diff options
Diffstat (limited to 'debian/changelog')
| -rw-r--r-- | debian/changelog | 342 | 
1 files changed, 342 insertions, 0 deletions
| diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..ff67c9d --- /dev/null +++ b/debian/changelog @@ -0,0 +1,342 @@ +wallet (1.4-1) UNRELEASED; urgency=medium + +  * New upstream release. +    - Substantial improvements to the Active Directory support.  This +      includes several changes to configuration options and new behavior +      for principal naming and directory attributes.  Review the upstream +      documentation if you are using the experimental Active Directory +      support. +    - Install new contrib/ad-keytab script as /usr/bin/ad-keytab. +    - Retrieve krb5.conf settings using the correct default realm. +  * Update debhelper compatibility level to V11. +    - Remove explicit autoreconf sequence configuration. +    - Remove now-unnecessary --parallel flags. +  * Update standards version to 4.1.4. +    - Use https URLs for Vcs-* fields in debian/control. +    - Use https URL for debian/copyright Format field. +    - Change Priority: extra to optional since extra has been retired. +  * Set Rules-Requires-Root: no. +  * Set C_TAP_VERBOSE for better test output. +  * Bump watch file version to 4 and use an https URL. +  * Add upstream-vcs-tag pattern to debian/gbp.conf. +  * Refresh upstream signing key. + + -- Russ Allbery <rra@debian.org>  Sun, 03 Jun 2018 16:57:41 -0700 + +wallet (1.3-1) unstable; urgency=medium + +  * New upstream release. +    - Initial experimental support for Active Directory as the KDC by +      setting KEYTAB_KRBTYPE to AD. +    - New nested ACL scheme to group other ACLs. +    - New external ACL scheme that runs an external command. +    - New variation on the ldap-attr ACL scheme, ldap-attr-root, that +      requires the principal end in /root and removes that part of the +      principal name when checking LDAP. +    - New password object type that generates a new, random password if no +      password was previously stored. +    - New update wallet command that always updates the contents of an +      object before returning it, even if it is marked unchanging.  In the +      long term, the unchanging flag will be replaced by this distinction +      between get and update. +    - New acl replace wallet command that changes all objects owned by one +      ACL to be owned by a different ACL.  This currently only handles +      owner, not the more specific ACLs. +    - All ACL operations now refer to the ACL by name instead of ID. +    - New report for unstored objects. +    - New report to list all object types and ACL schemes. +    - New report to list all ACLs that nest another ACL. +    - New report that dumps all object history. +    - Displays of ACLs and ACL entries are now sorted correctly. +  * Add explicit build dependency on libmodule-build-perl, since it is no +    no longer provided by the perl package. +  * Change the branch layout to follow DEP-14. +  * Run wrap-and-sort -ast on the package. +  * Remove explicit setting of xz as the Debian source package compression +    type.  This is now the default. +  * Refresh upstream signing key. + + -- Russ Allbery <rra@debian.org>  Sun, 17 Jan 2016 20:25:41 -0800 + +wallet (1.2-1) unstable; urgency=medium + +  * New upstream release. +    - New object types duo-radius, duo-ldap, and duo-rdp. +    - New rename command for file objects. +  * Add a gbp.conf file to reflect the branch layout and settings of the +    normal packaging repository. +  * Update standards version to 3.9.6 (no changes required). + + -- Russ Allbery <rra@debian.org>  Mon, 08 Dec 2014 21:13:21 -0800 + +wallet (1.1-1) unstable; urgency=medium + +  * New upstream release. +    - New object type, duo, which creates a UNIX integration with the Duo +      Security cloud multifactor authentication service. +    - The owner and getacl commands now return the name of the ACL. +    - The date passed to expires can be any date format understood by +      Date::Parse. +    - wallet-rekey now works properly with keytabs containing multiple +      principals and does not store new principals in a separate file +      first. +    - Fix setting enctype restrictions on keytab objects and populate the +      reference table for valid enctypes on database creation. +    - Fix Wallet::Config documentation of ldap_map_principal. +    - Generate a long, random password when creating new principals in the +      Heimdal KDC to avoid problems with password quality checks. +    - Remove erroneous foreign key constraints between the object history +      and objects table, an incorrect linkage in the ACL history table, +      and add indices for object type, name, and ACL. +    - Use DateTime objects uniformly in the database layer. +    - ACL renames are now recorded in the ACL history. +    - Fix wallet-backend parsing of the expires command to expect only one +      argument. +    - Fix ordering of table drops during wallet-admin destroy to honor +      foreign key reference constraints. +    - The initial ADMIN ACL creation is no longer documented in history. +  * Document in the wallet-server package description that a DBD::* module +    and corresponding DateTime::Format::* module are required.  (There +    isn't a way to fully represent the required dependency.) +  * Rebuild Autoconf and Automake files during the build. +  * Define AUTOMATED_TESTING to enable some additional Perl tests. +  * Adjust debian/rules for the new Module::Build Perl build system. +  * Drop now-unneeded dh_builddeb override for xz compression. +  * Enable uscan verification of the GnuPG signatures on upstream +    releases in debian/watch. +  * Update standards version to 3.9.5 (no changes required). + + -- Russ Allbery <rra@debian.org>  Wed, 16 Jul 2014 17:08:35 -0700 + +wallet (1.0-5) unstable; urgency=low + +  * Cherry-pick upstream commit to randomize the password used for initial +    Kerberos principal creation when talking to a Heimdal KDC. + + -- Russ Allbery <rra@debian.org>  Thu, 09 Jan 2014 14:05:19 -0800 + +wallet (1.0-4) unstable; urgency=low + +  * Cherry-pick upstream commit to fix wallet-rekey when used with keytabs +    that contain multiple principals. +  * Cherry-pick upstream commit to fix the skipped test count for the +    ldap-attr verifier test. +  * Add libauthen-sasl-perl and libnet-ldap-perl to Build-Depends for the +    test suite. + + -- Russ Allbery <rra@debian.org>  Mon, 06 Jan 2014 21:27:50 -0800 + +wallet (1.0-3) unstable; urgency=low + +  * Cherry-pick upstream commits to fix ACL history entries with +    PostgreSQL, an incorrect foreign key constraint for the object +    history, and bugs in handling of enctype restrictions for keytabs. +  * Move the DateTime::Format::* Perl modules for various databases to +    Depends from Recommends and add the Pg and MySQL versions as +    alternatives. + + -- Russ Allbery <rra@debian.org>  Tue, 05 Nov 2013 13:17:51 -0800 + +wallet (1.0-2) unstable; urgency=low + +  * Cherry-pick upstream commits to fix the t/admin.t test with the +    squeeze version of DBIx::Class. + + -- Russ Allbery <rra@debian.org>  Fri, 29 Mar 2013 13:58:42 -0700 + +wallet (1.0-1) unstable; urgency=low + +  * New upstream release. +    - New wallet-admin upgrade command to upgrade the schema to the latest +      version.  This should be run manually after upgrading the server. +    - Owners of wallet objects are now allowed to destroy them by default. +    - New ACL type ldap-attr to check whether the caller has an attribute +      in an LDAP directory (needs libauthen-sasl-perl and libnet-ldap-perl +      and only works with GSS-API binds). +    - New object type wa-keyring to store WebAuth keyrings (needs +      libwebauth-perl). +    - New acl check command that returns whether the named ACL exists. +    - New comments field for objects and wallet commands to set and +      retrieve it. +  * Switch to xz compression for the upstream and Debian tarballs and +    binary packages. +  * Update debhelper compatibility level to V9. +    - Enable all hardening build flags. +    - Enable parallel builds. +  * Check for any files left uninstalled by dh_install. +  * Tag all packages as Multi-Arch: foreign. +  * Move single-debian-patch to local-options and patch-header to +    local-patch-header so that they only apply to the packages I build and +    NMUs get regular version-numbered patches. +  * Convert debian/copyright to copyright-format 1.0. +  * Update standards version to 3.9.4. +    - Indicate the Debian packaging branch in the Vcs-Git header. + + -- Russ Allbery <rra@debian.org>  Wed, 27 Mar 2013 20:06:21 -0700 + +wallet (0.12-1) unstable; urgency=low + +  * New upstream release. +    - New wallet-rekey client program to rekey a keytab. +    - New ACL type krb5-regex for the server. +    - New objects unused wallet-report report. +    - New acls duplicate wallet-report report. +    - Add a help command to wallet-report. +  * Don't install wallet-summary in /usr/sbin in the wallet-server package +    and instead install it in /usr/share/doc/wallet-server/examples.  This +    program is Stanford-specific and would require extensive changes for +    other sites. +  * Install the other contrib scripts except convert-srvtab-db to the +    examples directory for wallet-server. +  * Switch to 3.0 (quilt) source format.  Force a single Debian patch and +    include a custom patch header explaining that it is a rollup of any +    fixes cherry-picked from upstream and breaking those patches out +    separately would be work for no gain. +  * Update standards version to 3.9.1 (no changes required). + + -- Russ Allbery <rra@debian.org>  Wed, 25 Aug 2010 18:49:48 -0700 + +wallet (0.11-1) unstable; urgency=low + +  * New upstream release. +    - Verify that deleted ACLs are not referenced. +    - Add Wallet::Config verify_acl_name function to check ACL names. +    - Add audit command to wallet-report to check for naming violations. +    - Add acl unused report to wallet-report. + + -- Russ Allbery <rra@debian.org>  Mon, 08 Mar 2010 10:59:00 -0800 + +wallet (0.10-1) unstable; urgency=low + +  * New upstream release. +    - Add support for Heimdal KDCs as well as MIT Kerberos KDCs.  New +      mandatory configuration setting KEYTAB_KRBTYPE which must be set to +      either MIT or Heimdal. +    - Remove kaserver synchronization support and kasetkey. +    - wallet -S now generates a srvtab based on the DES key of the keytab +      and does not enable synchronization.  No synchronization targets are +      supported now. +    - The wallet client and wallet-backend server can now handle store of +      files containing nuls provided that the server uses remctl 2.14 and +      the remctl configuration is updated to use stdin=last. +    - Correctly store data that begins with a dash. +    - Do not log the data passed to store. +    - New wallet-report script and multiple additional database reports. +    - Report ACL names as well as numbers in object history. +  * Update debhelper compatibility level to V7. +    - Use debhelper rule minimization with overrides. +    - Add ${misc:Depends} to dependencies. +  * Clarify in long description that keytab-backend is only needed for MIT +    Kerberos. +  * Move wallet-server's dependency on krb5-user to Recommends, since it's +    only needed for keytab support, and allow libheimdal-kadm5-perl as an +    alternative. +  * Recommend remctl-server 2.14 or later for improved store support. +  * Add Homepage, Vcs-Git, and Vcs-Browser control fields. +  * Add a watch file. +  * Update standards version to 3.8.4 (no changes required). + + -- Russ Allbery <rra@debian.org>  Sun, 21 Feb 2010 21:13:40 -0800 + +wallet (0.9-1) unstable; urgency=low + +  * New upstream release. +    - The wallet client now supports -f and stdin for store. +    - kasetkey supports enable, disable, and examine. +    - Stop setting Stanford-specific server defaults. +  * The test suite no longer needs libio-string-perl. +  * Use a separate stamp file for configure and install and use touch $@ +    to create stamp files. +  * Update debhelper compatibility level to V5 (no changes required). + + -- Russ Allbery <rra@debian.org>  Thu, 24 Apr 2008 16:09:19 -0700 + +wallet (0.8-1) unstable; urgency=low + +  * New upstream version. +    - Fix protocol mismatch between client and server. +    - Add file object support to the wallet server. +    - Correctly handle empty objects in the wallet client. +    - Add -q flag to wallet-backend to suppress syslog logging. +    - Add class registration to the wallet-admin utility. +    - Updated design documentation. + + -- Russ Allbery <rra@debian.org>  Wed, 13 Feb 2008 13:59:06 -0800 + +wallet (0.7-1) unstable; urgency=low + +  * New upstream version. +    - Add exists and autocreate wallet server interfaces. +    - Implement autocreation on the client instead of the server. +    - Make create once again an ADMIN-only function. +    - Always generate the srvtab from the newly downloaded keys. +    - Pass kadmin.local ktadd its options in the correct order. +    - Check naming policy before checking default ACLs. +    - Work around a bug in Net::Remctl with explicit undef arguments. +    - Correctly enable syslog logging in wallet-backend. +    - Fix the remctl configuration for keytab-backend. +  * Create /var/lib/keytabs in the keytab-backend package. + + -- Russ Allbery <rra@debian.org>  Fri, 08 Feb 2008 11:22:54 -0800 + +wallet (0.6-1) unstable; urgency=low + +  * New upstream version. +    - Safer handling of file creation with -f in the client. +    - The client can get configuration from krb5.conf. +    - Support get in the client without -f. +    - Client support for merging keys into an existing keytab. +    - New client -u option to obtain new Kerberos credentials. +    - New wallet-admin command-line utility for the server. +    - The server supports enforcing a local object naming policy. +    - New wallet-report script (currently Stanford-specific). +  * Change hard-coded wallet server to wallet.stanford.edu. +  * Add --enable-reduced-depends to configure to eliminate unnecessary +    shared library dependencies. + + -- Russ Allbery <rra@debian.org>  Mon, 28 Jan 2008 15:17:25 -0800 + +wallet (0.5-2) unstable; urgency=low + +  * Hard-code lsdb-new.stanford.edu as the wallet server name for the time +    being. + + -- Russ Allbery <rra@debian.org>  Mon, 17 Dec 2007 21:17:08 -0800 + +wallet (0.5-1) unstable; urgency=low + +  * New upstream release. +    - Allow more valid arguments to wallet-backend. +    - Load Perl modules for object types and ACL verifiers properly. +    - Correctly implement clearing attribute values. +    - Fix keytab principal validation to allow periods. +    - When writing files from the client, remove old backup files. +    - Check default creation ACLs before the ADMIN ACL. + + -- Russ Allbery <rra@debian.org>  Thu, 06 Dec 2007 22:26:55 -0800 + +wallet (0.4-1) unstable; urgency=low + +  * New upstream release. +    - Globally cache ACL verifiers. +    - Add the netdb-root ACL verifier, which requires root instances. +    - Determine object and ACL scheme classes from the database. +    - Coding style fixes and cleanup. +  * Update debian/copyright using the information from LICENSE. +  * Update standards version to 3.7.3 (no changes required). + + -- Russ Allbery <rra@debian.org>  Wed, 05 Dec 2007 17:01:20 -0800 + +wallet (0.3-1) unstable; urgency=low + +  * New upstream release. +  * Initial packaging of all components of wallet. + + -- Russ Allbery <rra@debian.org>  Fri, 30 Nov 2007 20:30:30 -0800 + +wallet (0.1-1) unstable; urgency=low + +  * Initial release building only kasetkey. + + -- Russ Allbery <rra@debian.org>  Thu,  8 Mar 2007 16:07:05 -0800 + | 
