X-Git-Url: https://git.adam-barratt.org.uk/?p=mirror%2Fuserdir-ldap.git;a=blobdiff_plain;f=debian%2Fchangelog;h=310305400da17bf58d81687f2ce940be13f1cfd0;hp=2c059ca324150c1e6d503fc5db13833e936d2401;hb=871ab5f2e8bda25130c70834052fa8fb020a5373;hpb=12870181b2d5922f9774f88cb808f509a8e94704 diff --git a/debian/changelog b/debian/changelog index 2c059ca..3103054 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,5 +1,207 @@ -userdir-ldap (0.3.7X) Xnstable; urgency=low +userdir-ldap (0.3.87) UNRELEASED; urgency=medium + [ Peter Palfrader ] + * remove dnsZoneEntry from restricted attributes to match config on db.d.o + * ssh keys: Also accept ed25519 keys. RSA keys must be at least 2k. + * ud-useradd: now does usergroups by default. + * ud-guest-upgrade: add. + + [ Paul Wise ] + * Update ud-ldapshow and cleanup cruft around the usergroups changes + + -- Peter Palfrader Wed, 28 Oct 2015 22:03:42 +0100 + +userdir-ldap (0.3.86) unstable; urgency=medium + + * ud-generate: support ssh-ed25519 keys for SSHFP records. + * ud-replicated: only restore TERM if it was set before. If it wasn't leave + it at dumb. + + -- Peter Palfrader Sun, 07 Dec 2014 16:25:22 +0100 + +userdir-ldap (0.3.85) unstable; urgency=low + + [ Stephen Gran ] + * ud-generate: + + Correct thinkos + + notification is now the default + + [ Peter Palfrader ] + * ud-mailgate: + - fix sudopassword confirm handling. + - sudopassword: allow dashes in hostnames. + * ud-generate: update gitolite authkeys generation + - skip ssh keys with non-local allowed_hosts + - skip all keys with other restrictions + - make including keys for hosts optional (on by default) + - support overriding the command we restrict to + - sudopassword: allow dashes in hostnames. + * ud-replicated: + - only use /var/run/log if it's a socket. + * High version number to supersede locally built, non-tracked versions. + + -- Peter Palfrader Sat, 06 Dec 2014 09:59:12 +0100 + +userdir-ldap (0.3.82) unstable; urgency=low + + [ Stephen Gran ] + * KFreeBSD uses a different syslog socket just because + * Change cron job to weekly + + [ Peter Palfrader ] + * sigcheck: Import userdir_ldap so CheckLDAP() can find connectLDAP(). + + -- Peter Palfrader Mon, 20 Jan 2014 23:18:17 +0100 + +userdir-ldap (0.3.81) unstable; urgency=low + + * Gratuitous version bump + + -- Stephen Gran Sat, 18 Jan 2014 10:37:40 +0000 + +userdir-ldap (0.3.80) unstable; urgency=low + + [ Peter Palfrader ] + * some ud-echelon fixes, + * userdir_gpg.py: GetClearSig: add lax_multipart to deal + with random multipart mails. + * naming your variable like a module is unsmart. + * ud-generate: + - filter on shadowAccount. + - fix breaking old ud-generate locks. + * ud-mailgate: only run ldapmodfiy if we actually have attributes to modify. + * ud-replicate: + - do not hard-code 'debian.org' in the 'write-zonefile debian.org' call, + but instead re-use the domain from email-append. + - now preserve server side modifcation times when rsyncing data. + * userdir_ldap.py: read auth password from environment if set. + * Introduce BaseBaseDN which is the real base dn. BaseDN itself + has historically been used as the root of the user tree. + * Allow a set of users to be ignored for picking UIDs. + * When picking uid/gid numbers try to pick the same number for both. + * Merge from torproject.org: + - Allow sshRSAAuthKey for role accounts. + - Support ssh key attributes for gitolite export. + - Add ssh-gitolite support. + * debianGroups may have cn attribute (helpful when putting samba stuff into + ldap). + * ud-mailgate: Do not try to do an ldap modify with no changes - now show + command to changes@ should work again. + * ud-generate: No longer expand $ in dnsZoneEntry data to a \n\t. + * ud-generate: Move code into getLastBuildTime() and getLastLDAPChangeTime() + functions. + * ud-generate: Add -f option to build even if cache is current. + * ud-generate: Move main code into a ud_generate() + * ud-generate: speed improvements: + - cut down on calls to IsInGroup by doing it once in generate_host() + and not having the individual generators run it. + o side effect: Up until now we exported empty groups to a host, if + that group had a user with that group as their primary group - even + if that particular user was not exported to this this. No we no + longer export empty groups. + - speed up ssh tarball generation: No longer write indidividual user's ssh + authorized_keys to disk, only to read them later. Directly create a + TarInfo object without referring to any on-disk files. + - get rid of global state variable CurrentHost. This will enable upcoming + changes. + - UDLdap.py: make a cache for __getitem__() decisions. + - wrap cdbmake calls in eatmydata. Nothing else does any fsync stuff, + so doing it here just costs a lot. + * ud-generate: Use a flock() lock instead of python's lockfile class. + * ud-generate: The ssh authorized_keys file for the sshdist user now wraps + the rsync call in an flock wrapper that acquires a shared lock on + ud-generate's lock. This prevents syncing while ud-generate runs. + * ud-lock: support supplying a status to set instead of 'retiring'. + * ud-generate: Also rebuild if one of our keyrings has changed, even if + ldap has not. + * userdir-ldap-slapd.conf.in: explicitly list readable attributes. + End with 'by * none'. + * ud-generate: Allow more than one email address in userForward. Quite + useful for role accounts. + * ud-generate: Support writing gitolite config for just one user-group. + * ud-generate: Support MX remapping. + * ud-generate: Fix ipv6 check. + * ud-generate: Fix unix mtime triggers. + + [ Stephen Gran ] + * Fix deprecation warnings for sha module by using hashlib module instead + * ud-fingerserv: update Net::LDAP import + * Implement audit logging for ldap + * stop running ud-generate if nothing has changed, based on audit logs + * Change to trigger based replication + + [ Martin Zobel-Helas ] + * ud-generate: generate webPasswords + * ud-generate: generate voipPasswords + * ud-replicate: set correct permissions for web-passwords + * ud-replicate: set correct permissions for voip-passwords + * add freecdb to depends + * userdir-ldap.schema + - add webPasswords + - add mailPreserveSuffixSeperator + - add voipPasswords + + [ Tollef Fog Heen ] + * Export SSH host keys for gitolite, subject to a regex filter. + + [ Luca Filipozzi ] + * rename voipPassword to rtcPassword in schema + * update code to match + + -- Luca Filipozzi Thu, 16 Jan 2014 22:52:47 +0000 + +userdir-ldap (0.3.79) unstable; urgency=low + + * Add ud-sync-accounts-to-afs, a script to sync accounts to an + AFS protection database. + * ud-generate: + - support host ACLs that expire. + - lock output directory when generating. + - support sync keyring dirs now too. + * ud-useradd: A new -g switch for adding guest accounts, with + proper setting hostacls and shadowexpire and picking the + right keyring. + * Remove .pgp (v3 pgp key) keyrings from config. + * Update guest welcome template. + * ud-gpgimport: handle guest keyrings. + * ud-mailgate: + - Make updating of gender actually work. + - Do not mess with sudo passwords if nothing changed. + * templates/change-reply: say a word about subjects in mail to admin@db. + * move gpgwrapper to unmaintained/ - it is now using obsolete interfaces. + * try to properly handle some more mime stuff. + - use email module instead of deprecated mimetools and multifile modules + - changes: sigcheck ud-echelon ud-mailgate userdir_gpg.py + * move ud-echelon and sigcheck to GPGCheckSig2 interface. + + -- Peter Palfrader Sat, 21 May 2011 14:53:18 +0200 + +userdir-ldap (0.3.78) unstable; urgency=low + + * Start refactoring ud-generate: + - If environment variables UD_CREDENTIALS, UD_GENERATEDIR, UD_HMAC_KEY + are set, use their respective value instead of the default. This + makes it possible to run ud-generate as a non-privileged user for + testing purposes. + - Start wrapping ldap search results in classes. For now we have done + this with just an ldap account. + - Also got rid of the global PasswdAttrs variable. Now functions + get the account list (now a list of Account classes instead of + ldap result array of tuples of hashes) passed to them like well-behaved + functions. + * userdir-ldap-slapd.conf: Fix ACL rule for keyring maintainers + (we want group=..., not dn=...). + * Add ud-krb-reset, and make ud-mailgate call it when + receiving a mail at chpasswd@ saying + 'Please change my Kerberos password'. + * ud-generate: Add an extra output file called all-users.json that + can be used on one of the AFS hosts to create afs users. + + -- Peter Palfrader Mon, 13 Sep 2010 19:08:34 +0200 + +userdir-ldap (0.3.77) unstable; urgency=low + + [ Peter Palfrader ] * ud-mailgate: Remove a global declaration after a variable has already been assigned globally. * ud-mailgate: We use the result of the pgp check for quite a long @@ -9,8 +211,19 @@ userdir-ldap (0.3.7X) Xnstable; urgency=low signature check in a saner way. * ud-gpgimport: Get rid of "0x" when printing keyids/fingerprints. * Add ud-lock. + * Fix a typo in welcome-message-800 noticed by Tommi Vainikainen. + * Refactor the LDAP acls to be easier to manage. + Effective changes: + - Keyring Maintainers ldap group gets to write to the keyFingerPrint + attribute. + - sshrsaauthkey is no longer compareable by *. + * ud-generate: refuse to run as root. + + [ Stephen Gran ] + * Add txt record support to ud-mailgate + * Clean up addition of identifying txt records to debian.net slightly - -- Peter Palfrader Thu, 11 Mar 2010 22:18:51 +0100 + -- Peter Palfrader Fri, 30 Jul 2010 19:46:48 +0200 userdir-ldap (0.3.76) unstable; urgency=low