Various fixes for XSS and bad crypto. No claim to completeness.

[mirror/userdir-ldap-cgi.git] / debian / changelog

userdir-ldap-cgi (0.3.39) unstable; urgency=medium

  [ Peter Palfrader ]
  * Fix changelog entries.  The previos "UNRELEASED" version
    was actually released.
  * Use new CA root cert in Util.pm.
  * Fix a XSS reported in
    https://trac.torproject.org/projects/tor/ticket/14037
  * Fix horrible use of crypto primitives.
  * Add HMAC authentication to authtoken.
  * Verify that the uid passed as a get parameters matches the
    one stored in authtoken.

  [ Hector Oron ]
  * machines.cgi: add description field, more informative.

 -- Peter Palfrader <weasel@debian.org>  Sat, 03 Jan 2015 13:30:18 +0100

userdir-ldap-cgi (0.3.38~20130906+1+nmu1) UNRELEASED; urgency=low

  [ Moritz Naumann ]
  * Fix XSS bug in search.cgi

  [ Luca Filipozzi ]
  * rename voipPassword to rtcPassword 
  * store as HA1 hash rather than as plaintext

  [ Tollef Fog Heen ]
  * Exclude users with accountStatus set from the search.

  [ Paul Wise ]
  * Fix the type and location of the VCS repository.
  * Joey is no longer involved in the debian-admin team.
  * Fix typo in doctype
  * Switch from http to https links where possible.
  * Slightly nicer attribute list output

 -- Luca Filipozzi <lfilipoz@emyr.net>  Thu, 16 Jan 2014 23:22:03 +0000

userdir-ldap-cgi (0.3.37) unstable; urgency=low

  [ Martin Zobel-Helas ]
  * use libjs-jquery-tablesorter to sort machines.cgi
  * promote documentation on searchform.wml
  * auto-generate html/domains.tab

  [ Ramakrishnan Muthukrishnan ]
  * typo: mail default handling incorrectly pointing to the greylist option.

  [ Nick Mathewson ]
  * Use the changes@ address consistently in preference to change@.

 -- Martin Zobel-Helas <zobel@debian.org>  Sun, 25 Aug 2013 13:47:23 +0200

userdir-ldap-cgi (0.3.36) unstable; urgency=low

  * use Crypt::PasswdMD5 to ship apache passwords for webPassword 

 -- Martin Zobel-Helas <zobel@debian.org>  Fri, 09 Mar 2012 10:01:15 +0100

userdir-ldap-cgi (0.3.35) unstable; urgency=low

  * add webPassword handling

 -- Martin Zobel-Helas <zobel@debian.org>  Thu, 08 Mar 2012 19:24:05 +0100

userdir-ldap-cgi (0.3.34) unstable; urgency=low

  * fix quoting in machines.cgi

 -- Martin Zobel-Helas <zobel@debian.org>  Fri, 06 Jan 2012 12:47:09 +0100

userdir-ldap-cgi (0.3.33) unstable; urgency=low

  [ Peter Palfrader ]
  * Change import of Net::LDAP to work on squeeze.
  * cracklib-packer does not like '*' as input.  Filter it out in
    password-qualify-check.
  * Util.pm:UpgradeConnection(): properly concatenate strings.
  * machines.cgi: generate fingerprints for ecdsa-sha2-nistp256 ssh keys.

  [ Martin Zobel-Helas ]
  * correct mail address in password.wml
  * adopt to spacefun theme

 -- Martin Zobel-Helas <zobel@debian.org>  Wed, 04 Jan 2012 23:22:06 +0100

userdir-ldap-cgi (0.3.32) unstable; urgency=low

  [ Luca Filipozzi ]
  * fix link to SPI CA; add link to Debian CA

  [ Peter Palfrader ]
  * password-qualify-check: Only import cracklib (do not fallback to crack).
    Also makes setting cracklib.min_length actually work

  [ Martin Zobel-Helas ]
  * Replace the sentence fragment at the beginning of the documentation on
    DNS records with a complete sentence that uses the actual field name, making
    the documentation more searchable. (Patch by Steve Langasek 
    <vorlon@debian.org>)

 -- Luca Filipozzi <lfilipoz@debian.org>  Mon, 01 Jan 2011 15:03:18 -0700

userdir-ldap-cgi (0.3.31) unstable; urgency=low

  [ Stephen Gran ]
  * Actually install new doc.

  [ Martin Zobel-Helas ]
  * Fix typo in update.wml spotted by Sylvain Beucler

 -- Martin Zobel-Helas <zobel@debian.org>  Tue, 01 Jun 2010 22:25:49 +0200

userdir-ldap-cgi (0.3.30) unstable; urgency=low

  [ Peter Palfrader ]
  * Fix building of wml things [Erinn Clark (helix)].

  [ Martin Zobel-Helas ]
  * Move navbar move to CSS (as suggested by Simon Paillard).
  * Download debian.css and debian-en.css while building, as we run on https
  * Add documentation about allowed_hosts feature.

 -- Martin Zobel-Helas <zobel@debian.org>  Sun, 31 Jan 2010 12:25:51 +0100

userdir-ldap-cgi (0.3.29) unstable; urgency=low

  * Move html into the cgi
  * Support for defaultMailOptions attribute
  * Doc fixups

 -- Stephen Gran <sgran@debian.org>  Mon, 16 Nov 2009 00:18:15 +0000

userdir-ldap-cgi (0.3.28) unstable; urgency=low

  * Add myself to uploaders
  * Remove Ryan and Joey from Uploaders: thanks for all the fish!
  * Initial BATV token support

 -- Stephen Gran <sgran@debian.org>  Sun, 15 Nov 2009 12:31:38 +0000

userdir-ldap-cgi (0.3.27) unstable; urgency=low

  * Fix showing echelon information.  It needs unescaped input.

 -- Peter Palfrader <weasel@debian.org>  Wed, 13 May 2009 00:11:34 +0200

userdir-ldap-cgi (0.3.26) unstable; urgency=low

  * In machines.cgi: do not skip [[- purposes. "[[-<hostname>]]" gets
    stuff added to ssh_known_hosts but not http linked.

 -- Peter Palfrader <weasel@debian.org>  Sat, 09 May 2009 01:29:52 +0200

userdir-ldap-cgi (0.3.25) unstable; urgency=low

  * Util.pm: change capath /etc/ssl/certs to
    cafile /etc/ssl/certs/spi-cacert-2008.pem because the libldap
    folks thought it was a good idea to remove that feature for lenny.
    I hate you ldap and gnutls.

 -- Peter Palfrader <weasel@debian.org>  Fri, 27 Feb 2009 11:34:59 +0100

userdir-ldap-cgi (0.3.24) unstable; urgency=low

  * Ignore the * in [[*host]] links, and ignore [[- ]] in [[-hostname]]
    entries.  Both are special to the ssh_known_hosts generation.
    [Thomas Viehmann]

 -- Peter Palfrader <weasel@debian.org>  Sun, 23 Nov 2008 21:42:09 +0100

userdir-ldap-cgi (0.3.23) unstable; urgency=low

  * New hmac scheme for sudo passwords.

 -- Peter Palfrader <weasel@debian.org>  Fri, 14 Nov 2008 20:01:38 +0100

userdir-ldap-cgi (0.3.22) unstable; urgency=low

  * Verify confirmed hmac in web display, showing status as either 'confirmed'
    (which now means also verified, i.e. it will make it to the host), or
    'invalid'.

 -- Peter Palfrader <weasel@debian.org>  Tue, 16 Sep 2008 22:10:27 +0200

userdir-ldap-cgi (0.3.21) unstable; urgency=low

  * Slightly change find call in cronjob.

 -- Peter Palfrader <weasel@debian.org>  Tue, 16 Sep 2008 16:41:50 +0200

userdir-ldap-cgi (0.3.20) unstable; urgency=low

  * Install a cron job to get rid of old sessions.

 -- Peter Palfrader <weasel@debian.org>  Tue, 16 Sep 2008 16:39:48 +0200

userdir-ldap-cgi (0.3.19) unstable; urgency=low

  * Do not HTML escape stuff we just got from the user before
    writing it to LDAP, set it as passwords, etc.  Instead
    escape stuff we did read from LDAP.

 -- Peter Palfrader <weasel@debian.org>  Tue, 16 Sep 2008 16:21:32 +0200

userdir-ldap-cgi (0.3.18) unstable; urgency=low

  * Add password checking via a python wrapper.
  * Add myself to uploaders.

 -- Peter Palfrader <weasel@debian.org>  Mon, 15 Sep 2008 14:25:51 +0200

userdir-ldap-cgi (0.3.17) unstable; urgency=low

  * Comment out uuid - nobody will get it's just an identifier.

 -- Peter Palfrader <weasel@debian.org>  Mon, 15 Sep 2008 00:47:52 +0200

userdir-ldap-cgi (0.3.16) unstable; urgency=low

  * Switch host and hostname in update cgi for sudopasswd (so "gluck" gets
    displayed and "gluck.debian.org" stored).

 -- Peter Palfrader <weasel@debian.org>  Mon, 15 Sep 2008 00:43:55 +0200

userdir-ldap-cgi (0.3.15) unstable; urgency=low

  * Allow setting of userpassword.

 -- Peter Palfrader <weasel@debian.org>  Sun, 14 Sep 2008 23:42:20 +0200

userdir-ldap-cgi (0.3.14) unstable; urgency=low

  * Hide hosts on website whose status starts with unlisted.

 -- Peter Palfrader <weasel@debian.org>  Tue, 15 Jul 2008 21:46:07 +0200

userdir-ldap-cgi (0.3.13) unstable; urgency=low

  * Remove distribution from summary, add purpose and sponsor

 -- Peter Palfrader <weasel@debian.org>  Tue, 15 Jul 2008 16:34:10 +0200

userdir-ldap-cgi (0.3.12) unstable; urgency=low

  * Also support [[link|wiki links with alternate link text]].
  * Use wikilink format for sponsors too - requires changing ldap.

 -- Peter Palfrader <weasel@debian.org>  Tue, 15 Jul 2008 16:00:50 +0200

userdir-ldap-cgi (0.3.11) unstable; urgency=low

  * Show purposes as a bullet list
  * support [[wikistylelinks]] in purpose

 -- Peter Palfrader <weasel@debian.org>  Tue, 15 Jul 2008 15:26:57 +0200

userdir-ldap-cgi (0.3.10) unstable; urgency=low

  * Make machines.cgi display the purpose attribute from LDAP [HE].
  * Add VoIP field to CGI [zobel].
  * make summaryattrs sortable [zobel].
  * Use SSL/TLS when configured to do so, and Depend on libio-socket-ssl-perl
    for that.

 -- Peter Palfrader <weasel@debian.org>  Sun, 25 May 2008 18:21:45 +0200

userdir-ldap-cgi (0.3.9) unstable; urgency=low

  * machines.cgi
    - Reimplement ssh fingerprint without using temp files and external
    programs.
    - Remove access-restricted date fields.
  * update.cgi
    - Add support for mailGreylisting and mailCallout

 -- Ryan Murray <rmurray@debian.org>  Wed, 27 Dec 2006 19:42:28 -0700

userdir-ldap-cgi (0.3.8) unstable; urgency=low

  Changes by Martin Schulze:
  * search.cgi
    - Added support for displaying the Jabber ID
    - Ignore the vacation request when the user hasn't logged in
  * update.cgi
    - Added support for updating the Jabber ID

  Changes by Ryan Murray:
    - change charset to utf-8, as our LDAP schema is utf-8
    - Add support for gender, birthDate, and mailDisableMessage
    - Other misc. output cleanups and fixes.

 -- Ryan Murray <rmurray@debian.org>  Fri, 22 Dec 2006 02:05:18 -0700

userdir-ldap-cgi (0.3.7) stable; urgency=low

  * Forked package to only contain web scripts

 -- Martin Schulze <joey@infodrom.org>  Thu, 18 Nov 2004 13:06:14 +0100

userdir-ldap (0.3.6) unstable; urgency=low

  * Specify full path to postmap

 -- Ryan Murray <rmurray@debian.org>  Fri, 26 Sep 2003 11:48:25 -0600

userdir-ldap (0.3.5) unstable; urgency=low

  * Add depends on rsync
  * Generate db of debian.org on postfix systems

 -- Ryan Murray <rmurray@debian.org>  Sat, 30 Aug 2003 18:41:29 -0600

userdir-ldap (0.3.4) unstable; urgency=low

  * Use the right python version in the maintainer scripts

 -- Ryan Murray <rmurray@debian.org>  Tue, 18 Mar 2003 19:26:31 -0700

userdir-ldap (0.3.3) unstable; urgency=low

  * Rebuild for python2.1 and woody

 -- Ryan Murray <rmurray@debian.org>  Wed, 12 Mar 2003 21:30:12 -0700

userdir-ldap (0.3.2) unstable; urgency=low

  * Seperation of bsmtp and zoneupdate

 -- Ryan Murray <rmurray@debian.org>  Thu,  8 Aug 2002 12:07:00 -0700

userdir-ldap (0.3.1) unstable; urgency=low

  * Add ud-zoneupdate from klecker's /usr/local/bin

 -- Ryan Murray <rmurray@debian.org>  Tue,  6 Aug 2002 22:42:05 -0700

userdir-ldap (0.3) unstable; urgency=low

  * Only use sshrsa{host,}key variable, and store all three types of keys
    in that attribute.

 -- Jason Gunthrope <jgg@debian.org>  Sun,  2 Dec 2001 20:21:26 -0800

userdir-ldap (0.2) unstable; urgency=low

  * What the hey, a new version number.

 -- Jason Gunthrope <jgg@debian.org>  Sun, 11 Feb 2001 18:37:27 -0800 

userdir-ldap (0.1) unstable; urgency=low

  * Initial Packaging

 -- Jason Gunthrope <jgg@debian.org>  Fri, 30 Apr 1999 00:39:31 -0600