X-Git-Url: https://git.adam-barratt.org.uk/?p=mirror%2Fuserdir-ldap.git;a=blobdiff_plain;f=debian%2Fchangelog;h=310305400da17bf58d81687f2ce940be13f1cfd0;hp=8ad08cdab581dbbe58a929a47d4f0c22481580ee;hb=871ab5f2e8bda25130c70834052fa8fb020a5373;hpb=dffc6f09d8ff5cd29d9a61737a6c240ff7d0777e diff --git a/debian/changelog b/debian/changelog index 8ad08cd..3103054 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,156 @@ -userdir-ldap (0.3.7X) Xnstable; urgency=low +userdir-ldap (0.3.87) UNRELEASED; urgency=medium + + [ Peter Palfrader ] + * remove dnsZoneEntry from restricted attributes to match config on db.d.o + * ssh keys: Also accept ed25519 keys. RSA keys must be at least 2k. + * ud-useradd: now does usergroups by default. + * ud-guest-upgrade: add. + + [ Paul Wise ] + * Update ud-ldapshow and cleanup cruft around the usergroups changes + + -- Peter Palfrader Wed, 28 Oct 2015 22:03:42 +0100 + +userdir-ldap (0.3.86) unstable; urgency=medium + + * ud-generate: support ssh-ed25519 keys for SSHFP records. + * ud-replicated: only restore TERM if it was set before. If it wasn't leave + it at dumb. + + -- Peter Palfrader Sun, 07 Dec 2014 16:25:22 +0100 + +userdir-ldap (0.3.85) unstable; urgency=low + + [ Stephen Gran ] + * ud-generate: + + Correct thinkos + + notification is now the default + + [ Peter Palfrader ] + * ud-mailgate: + - fix sudopassword confirm handling. + - sudopassword: allow dashes in hostnames. + * ud-generate: update gitolite authkeys generation + - skip ssh keys with non-local allowed_hosts + - skip all keys with other restrictions + - make including keys for hosts optional (on by default) + - support overriding the command we restrict to + - sudopassword: allow dashes in hostnames. + * ud-replicated: + - only use /var/run/log if it's a socket. + * High version number to supersede locally built, non-tracked versions. + + -- Peter Palfrader Sat, 06 Dec 2014 09:59:12 +0100 + +userdir-ldap (0.3.82) unstable; urgency=low + + [ Stephen Gran ] + * KFreeBSD uses a different syslog socket just because + * Change cron job to weekly + + [ Peter Palfrader ] + * sigcheck: Import userdir_ldap so CheckLDAP() can find connectLDAP(). + + -- Peter Palfrader Mon, 20 Jan 2014 23:18:17 +0100 + +userdir-ldap (0.3.81) unstable; urgency=low + + * Gratuitous version bump + + -- Stephen Gran Sat, 18 Jan 2014 10:37:40 +0000 + +userdir-ldap (0.3.80) unstable; urgency=low + + [ Peter Palfrader ] + * some ud-echelon fixes, + * userdir_gpg.py: GetClearSig: add lax_multipart to deal + with random multipart mails. + * naming your variable like a module is unsmart. + * ud-generate: + - filter on shadowAccount. + - fix breaking old ud-generate locks. + * ud-mailgate: only run ldapmodfiy if we actually have attributes to modify. + * ud-replicate: + - do not hard-code 'debian.org' in the 'write-zonefile debian.org' call, + but instead re-use the domain from email-append. + - now preserve server side modifcation times when rsyncing data. + * userdir_ldap.py: read auth password from environment if set. + * Introduce BaseBaseDN which is the real base dn. BaseDN itself + has historically been used as the root of the user tree. + * Allow a set of users to be ignored for picking UIDs. + * When picking uid/gid numbers try to pick the same number for both. + * Merge from torproject.org: + - Allow sshRSAAuthKey for role accounts. + - Support ssh key attributes for gitolite export. + - Add ssh-gitolite support. + * debianGroups may have cn attribute (helpful when putting samba stuff into + ldap). + * ud-mailgate: Do not try to do an ldap modify with no changes - now show + command to changes@ should work again. + * ud-generate: No longer expand $ in dnsZoneEntry data to a \n\t. + * ud-generate: Move code into getLastBuildTime() and getLastLDAPChangeTime() + functions. + * ud-generate: Add -f option to build even if cache is current. + * ud-generate: Move main code into a ud_generate() + * ud-generate: speed improvements: + - cut down on calls to IsInGroup by doing it once in generate_host() + and not having the individual generators run it. + o side effect: Up until now we exported empty groups to a host, if + that group had a user with that group as their primary group - even + if that particular user was not exported to this this. No we no + longer export empty groups. + - speed up ssh tarball generation: No longer write indidividual user's ssh + authorized_keys to disk, only to read them later. Directly create a + TarInfo object without referring to any on-disk files. + - get rid of global state variable CurrentHost. This will enable upcoming + changes. + - UDLdap.py: make a cache for __getitem__() decisions. + - wrap cdbmake calls in eatmydata. Nothing else does any fsync stuff, + so doing it here just costs a lot. + * ud-generate: Use a flock() lock instead of python's lockfile class. + * ud-generate: The ssh authorized_keys file for the sshdist user now wraps + the rsync call in an flock wrapper that acquires a shared lock on + ud-generate's lock. This prevents syncing while ud-generate runs. + * ud-lock: support supplying a status to set instead of 'retiring'. + * ud-generate: Also rebuild if one of our keyrings has changed, even if + ldap has not. + * userdir-ldap-slapd.conf.in: explicitly list readable attributes. + End with 'by * none'. + * ud-generate: Allow more than one email address in userForward. Quite + useful for role accounts. + * ud-generate: Support writing gitolite config for just one user-group. + * ud-generate: Support MX remapping. + * ud-generate: Fix ipv6 check. + * ud-generate: Fix unix mtime triggers. + + [ Stephen Gran ] + * Fix deprecation warnings for sha module by using hashlib module instead + * ud-fingerserv: update Net::LDAP import + * Implement audit logging for ldap + * stop running ud-generate if nothing has changed, based on audit logs + * Change to trigger based replication + + [ Martin Zobel-Helas ] + * ud-generate: generate webPasswords + * ud-generate: generate voipPasswords + * ud-replicate: set correct permissions for web-passwords + * ud-replicate: set correct permissions for voip-passwords + * add freecdb to depends + * userdir-ldap.schema + - add webPasswords + - add mailPreserveSuffixSeperator + - add voipPasswords + + [ Tollef Fog Heen ] + * Export SSH host keys for gitolite, subject to a regex filter. + + [ Luca Filipozzi ] + * rename voipPassword to rtcPassword in schema + * update code to match + + -- Luca Filipozzi Thu, 16 Jan 2014 22:52:47 +0000 + +userdir-ldap (0.3.79) unstable; urgency=low * Add ud-sync-accounts-to-afs, a script to sync accounts to an AFS protection database. @@ -17,8 +169,12 @@ userdir-ldap (0.3.7X) Xnstable; urgency=low - Do not mess with sudo passwords if nothing changed. * templates/change-reply: say a word about subjects in mail to admin@db. * move gpgwrapper to unmaintained/ - it is now using obsolete interfaces. + * try to properly handle some more mime stuff. + - use email module instead of deprecated mimetools and multifile modules + - changes: sigcheck ud-echelon ud-mailgate userdir_gpg.py + * move ud-echelon and sigcheck to GPGCheckSig2 interface. - -- Peter Palfrader Sat, 21 May 2011 14:49:52 +0200 + -- Peter Palfrader Sat, 21 May 2011 14:53:18 +0200 userdir-ldap (0.3.78) unstable; urgency=low