wallet (1.0-1) UNRELEASED; urgency=low
* New upstream release.
- New wallet-admin upgrade command to upgrade the schema to the latest
version. This should be run manually after upgrading the server.
- Owners of wallet objects are now allowed to destroy them by default.
- New ACL type ldap-attr to check whether the caller has an attribute
in an LDAP directory (needs libauthen-sasl-perl and libnet-ldap-perl
and only works with GSS-API binds).
- New acl check command that returns whether the named ACL exists.
- New comments field for objects and wallet commands to set and
retrieve it.
* Switch to xz compression for the upstream and Debian tarballs and
binary packages.
* Update debhelper compatibility level to V9.
- Enable all hardening build flags.
- Enable parallel builds.
* Tag all packages as Multi-Arch: foreign.
* Move single-debian-patch to local-options and patch-header to
local-patch-header so that they only apply to the packages I build and
NMUs get regular version-numbered patches.
* Convert debian/copyright to copyright-format 1.0.
* Update standards version to 3.9.4.
- Indicate the Debian packaging branch in the Vcs-Git header.
-- Russ Allbery <rra@debian.org> Wed, 27 Mar 2013 15:23:54 -0700
wallet (0.12-1) unstable; urgency=low
* New upstream release.
- New wallet-rekey client program to rekey a keytab.
- New ACL type krb5-regex for the server.
- New objects unused wallet-report report.
- New acls duplicate wallet-report report.
- Add a help command to wallet-report.
* Don't install wallet-summary in /usr/sbin in the wallet-server package
and instead install it in /usr/share/doc/wallet-server/examples. This
program is Stanford-specific and would require extensive changes for
other sites.
* Install the other contrib scripts except convert-srvtab-db to the
examples directory for wallet-server.
* Switch to 3.0 (quilt) source format. Force a single Debian patch and
include a custom patch header explaining that it is a rollup of any
fixes cherry-picked from upstream and breaking those patches out
separately would be work for no gain.
* Update standards version to 3.9.1 (no changes required).
-- Russ Allbery <rra@debian.org> Wed, 25 Aug 2010 18:49:48 -0700
wallet (0.11-1) unstable; urgency=low
* New upstream release.
- Verify that deleted ACLs are not referenced.
- Add Wallet::Config verify_acl_name function to check ACL names.
- Add audit command to wallet-report to check for naming violations.
- Add acl unused report to wallet-report.
-- Russ Allbery <rra@debian.org> Mon, 08 Mar 2010 10:59:00 -0800
wallet (0.10-1) unstable; urgency=low
* New upstream release.
- Add support for Heimdal KDCs as well as MIT Kerberos KDCs. New
mandatory configuration setting KEYTAB_KRBTYPE which must be set to
either MIT or Heimdal.
- Remove kaserver synchronization support and kasetkey.
- wallet -S now generates a srvtab based on the DES key of the keytab
and does not enable synchronization. No synchronization targets are
supported now.
- The wallet client and wallet-backend server can now handle store of
files containing nuls provided that the server uses remctl 2.14 and
the remctl configuration is updated to use stdin=last.
- Correctly store data that begins with a dash.
- Do not log the data passed to store.
- New wallet-report script and multiple additional database reports.
- Report ACL names as well as numbers in object history.
* Update debhelper compatibility level to V7.
- Use debhelper rule minimization with overrides.
- Add ${misc:Depends} to dependencies.
* Clarify in long description that keytab-backend is only needed for MIT
Kerberos.
* Move wallet-server's dependency on krb5-user to Recommends, since it's
only needed for keytab support, and allow libheimdal-kadm5-perl as an
alternative.
* Recommend remctl-server 2.14 or later for improved store support.
* Add Homepage, Vcs-Git, and Vcs-Browser control fields.
* Add a watch file.
* Update standards version to 3.8.4 (no changes required).
-- Russ Allbery <rra@debian.org> Sun, 21 Feb 2010 21:13:40 -0800
wallet (0.9-1) unstable; urgency=low
* New upstream release.
- The wallet client now supports -f and stdin for store.
- kasetkey supports enable, disable, and examine.
- Stop setting Stanford-specific server defaults.
* The test suite no longer needs libio-string-perl.
* Use a separate stamp file for configure and install and use touch $@
to create stamp files.
* Update debhelper compatibility level to V5 (no changes required).
-- Russ Allbery <rra@debian.org> Thu, 24 Apr 2008 16:09:19 -0700
wallet (0.8-1) unstable; urgency=low
* New upstream version.
- Fix protocol mismatch between client and server.
- Add file object support to the wallet server.
- Correctly handle empty objects in the wallet client.
- Add -q flag to wallet-backend to suppress syslog logging.
- Add class registration to the wallet-admin utility.
- Updated design documentation.
-- Russ Allbery <rra@debian.org> Wed, 13 Feb 2008 13:59:06 -0800
wallet (0.7-1) unstable; urgency=low
* New upstream version.
- Add exists and autocreate wallet server interfaces.
- Implement autocreation on the client instead of the server.
- Make create once again an ADMIN-only function.
- Always generate the srvtab from the newly downloaded keys.
- Pass kadmin.local ktadd its options in the correct order.
- Check naming policy before checking default ACLs.
- Work around a bug in Net::Remctl with explicit undef arguments.
- Correctly enable syslog logging in wallet-backend.
- Fix the remctl configuration for keytab-backend.
* Create /var/lib/keytabs in the keytab-backend package.
-- Russ Allbery <rra@debian.org> Fri, 08 Feb 2008 11:22:54 -0800
wallet (0.6-1) unstable; urgency=low
* New upstream version.
- Safer handling of file creation with -f in the client.
- The client can get configuration from krb5.conf.
- Support get in the client without -f.
- Client support for merging keys into an existing keytab.
- New client -u option to obtain new Kerberos credentials.
- New wallet-admin command-line utility for the server.
- The server supports enforcing a local object naming policy.
- New wallet-report script (currently Stanford-specific).
* Change hard-coded wallet server to wallet.stanford.edu.
* Add --enable-reduced-depends to configure to eliminate unnecessary
shared library dependencies.
-- Russ Allbery <rra@debian.org> Mon, 28 Jan 2008 15:17:25 -0800
wallet (0.5-2) unstable; urgency=low
* Hard-code lsdb-new.stanford.edu as the wallet server name for the time
being.
-- Russ Allbery <rra@debian.org> Mon, 17 Dec 2007 21:17:08 -0800
wallet (0.5-1) unstable; urgency=low
* New upstream release.
- Allow more valid arguments to wallet-backend.
- Load Perl modules for object types and ACL verifiers properly.
- Correctly implement clearing attribute values.
- Fix keytab principal validation to allow periods.
- When writing files from the client, remove old backup files.
- Check default creation ACLs before the ADMIN ACL.
-- Russ Allbery <rra@debian.org> Thu, 06 Dec 2007 22:26:55 -0800
wallet (0.4-1) unstable; urgency=low
* New upstream release.
- Globally cache ACL verifiers.
- Add the netdb-root ACL verifier, which requires root instances.
- Determine object and ACL scheme classes from the database.
- Coding style fixes and cleanup.
* Update debian/copyright using the information from LICENSE.
* Update standards version to 3.7.3 (no changes required).
-- Russ Allbery <rra@debian.org> Wed, 05 Dec 2007 17:01:20 -0800
wallet (0.3-1) unstable; urgency=low
* New upstream release.
* Initial packaging of all components of wallet.
-- Russ Allbery <rra@debian.org> Fri, 30 Nov 2007 20:30:30 -0800
wallet (0.1-1) unstable; urgency=low
* Initial release building only kasetkey.
-- Russ Allbery <rra@debian.org> Thu, 8 Mar 2007 16:07:05 -0800