path: root/debian/changelog

wallet (1.3-1) unstable; urgency=medium

  * New upstream release.
    - Initial experimental support for Active Directory as the KDC by
      setting KEYTAB_KRBTYPE to AD.
    - New nested ACL scheme to group other ACLs.
    - New external ACL scheme that runs an external command.
    - New variation on the ldap-attr ACL scheme, ldap-attr-root, that
      requires the principal end in /root and removes that part of the
      principal name when checking LDAP.
    - New password object type that generates a new, random password if no
      password was previously stored.
    - New update wallet command that always updates the contents of an
      object before returning it, even if it is marked unchanging.  In the
      long term, the unchanging flag will be replaced by this distinction
      between get and update.
    - New acl replace wallet command that changes all objects owned by one
      ACL to be owned by a different ACL.  This currently only handles
      owner, not the more specific ACLs.
    - All ACL operations now refer to the ACL by name instead of ID.
    - New report for unstored objects.
    - New report to list all object types and ACL schemes.
    - New report to list all ACLs that nest another ACL.
    - New report that dumps all object history.
    - Displays of ACLs and ACL entries are now sorted correctly.
  * Add explicit build dependency on libmodule-build-perl, since it is no
    no longer provided by the perl package.
  * Change the branch layout to follow DEP-14.
  * Run wrap-and-sort -ast on the package.
  * Remove explicit setting of xz as the Debian source package compression
    type.  This is now the default.
  * Refresh upstream signing key.

 -- Russ Allbery <rra@debian.org>  Sun, 17 Jan 2016 20:25:41 -0800

wallet (1.2-1) unstable; urgency=medium

  * New upstream release.
    - New object types duo-radius, duo-ldap, and duo-rdp.
    - New rename command for file objects.
  * Add a gbp.conf file to reflect the branch layout and settings of the
    normal packaging repository.
  * Update standards version to 3.9.6 (no changes required).

 -- Russ Allbery <rra@debian.org>  Mon, 08 Dec 2014 21:13:21 -0800

wallet (1.1-1) unstable; urgency=medium

  * New upstream release.
    - New object type, duo, which creates a UNIX integration with the Duo
      Security cloud multifactor authentication service.
    - The owner and getacl commands now return the name of the ACL.
    - The date passed to expires can be any date format understood by
      Date::Parse.
    - wallet-rekey now works properly with keytabs containing multiple
      principals and does not store new principals in a separate file
      first.
    - Fix setting enctype restrictions on keytab objects and populate the
      reference table for valid enctypes on database creation.
    - Fix Wallet::Config documentation of ldap_map_principal.
    - Generate a long, random password when creating new principals in the
      Heimdal KDC to avoid problems with password quality checks.
    - Remove erroneous foreign key constraints between the object history
      and objects table, an incorrect linkage in the ACL history table,
      and add indices for object type, name, and ACL.
    - Use DateTime objects uniformly in the database layer.
    - ACL renames are now recorded in the ACL history.
    - Fix wallet-backend parsing of the expires command to expect only one
      argument.
    - Fix ordering of table drops during wallet-admin destroy to honor
      foreign key reference constraints.
    - The initial ADMIN ACL creation is no longer documented in history.
  * Document in the wallet-server package description that a DBD::* module
    and corresponding DateTime::Format::* module are required.  (There
    isn't a way to fully represent the required dependency.)
  * Rebuild Autoconf and Automake files during the build.
  * Define AUTOMATED_TESTING to enable some additional Perl tests.
  * Adjust debian/rules for the new Module::Build Perl build system.
  * Drop now-unneeded dh_builddeb override for xz compression.
  * Enable uscan verification of the GnuPG signatures on upstream
    releases in debian/watch.
  * Update standards version to 3.9.5 (no changes required).

 -- Russ Allbery <rra@debian.org>  Wed, 16 Jul 2014 17:08:35 -0700

wallet (1.0-5) unstable; urgency=low

  * Cherry-pick upstream commit to randomize the password used for initial
    Kerberos principal creation when talking to a Heimdal KDC.

 -- Russ Allbery <rra@debian.org>  Thu, 09 Jan 2014 14:05:19 -0800

wallet (1.0-4) unstable; urgency=low

  * Cherry-pick upstream commit to fix wallet-rekey when used with keytabs
    that contain multiple principals.
  * Cherry-pick upstream commit to fix the skipped test count for the
    ldap-attr verifier test.
  * Add libauthen-sasl-perl and libnet-ldap-perl to Build-Depends for the
    test suite.

 -- Russ Allbery <rra@debian.org>  Mon, 06 Jan 2014 21:27:50 -0800

wallet (1.0-3) unstable; urgency=low

  * Cherry-pick upstream commits to fix ACL history entries with
    PostgreSQL, an incorrect foreign key constraint for the object
    history, and bugs in handling of enctype restrictions for keytabs.
  * Move the DateTime::Format::* Perl modules for various databases to
    Depends from Recommends and add the Pg and MySQL versions as
    alternatives.

 -- Russ Allbery <rra@debian.org>  Tue, 05 Nov 2013 13:17:51 -0800

wallet (1.0-2) unstable; urgency=low

  * Cherry-pick upstream commits to fix the t/admin.t test with the
    squeeze version of DBIx::Class.

 -- Russ Allbery <rra@debian.org>  Fri, 29 Mar 2013 13:58:42 -0700

wallet (1.0-1) unstable; urgency=low

  * New upstream release.
    - New wallet-admin upgrade command to upgrade the schema to the latest
      version.  This should be run manually after upgrading the server.
    - Owners of wallet objects are now allowed to destroy them by default.
    - New ACL type ldap-attr to check whether the caller has an attribute
      in an LDAP directory (needs libauthen-sasl-perl and libnet-ldap-perl
      and only works with GSS-API binds).
    - New object type wa-keyring to store WebAuth keyrings (needs
      libwebauth-perl).
    - New acl check command that returns whether the named ACL exists.
    - New comments field for objects and wallet commands to set and
      retrieve it.
  * Switch to xz compression for the upstream and Debian tarballs and
    binary packages.
  * Update debhelper compatibility level to V9.
    - Enable all hardening build flags.
    - Enable parallel builds.
  * Check for any files left uninstalled by dh_install.
  * Tag all packages as Multi-Arch: foreign.
  * Move single-debian-patch to local-options and patch-header to
    local-patch-header so that they only apply to the packages I build and
    NMUs get regular version-numbered patches.
  * Convert debian/copyright to copyright-format 1.0.
  * Update standards version to 3.9.4.
    - Indicate the Debian packaging branch in the Vcs-Git header.

 -- Russ Allbery <rra@debian.org>  Wed, 27 Mar 2013 20:06:21 -0700

wallet (0.12-1) unstable; urgency=low

  * New upstream release.
    - New wallet-rekey client program to rekey a keytab.
    - New ACL type krb5-regex for the server.
    - New objects unused wallet-report report.
    - New acls duplicate wallet-report report.
    - Add a help command to wallet-report.
  * Don't install wallet-summary in /usr/sbin in the wallet-server package
    and instead install it in /usr/share/doc/wallet-server/examples.  This
    program is Stanford-specific and would require extensive changes for
    other sites.
  * Install the other contrib scripts except convert-srvtab-db to the
    examples directory for wallet-server.
  * Switch to 3.0 (quilt) source format.  Force a single Debian patch and
    include a custom patch header explaining that it is a rollup of any
    fixes cherry-picked from upstream and breaking those patches out
    separately would be work for no gain.
  * Update standards version to 3.9.1 (no changes required).

 -- Russ Allbery <rra@debian.org>  Wed, 25 Aug 2010 18:49:48 -0700

wallet (0.11-1) unstable; urgency=low

  * New upstream release.
    - Verify that deleted ACLs are not referenced.
    - Add Wallet::Config verify_acl_name function to check ACL names.
    - Add audit command to wallet-report to check for naming violations.
    - Add acl unused report to wallet-report.

 -- Russ Allbery <rra@debian.org>  Mon, 08 Mar 2010 10:59:00 -0800

wallet (0.10-1) unstable; urgency=low

  * New upstream release.
    - Add support for Heimdal KDCs as well as MIT Kerberos KDCs.  New
      mandatory configuration setting KEYTAB_KRBTYPE which must be set to
      either MIT or Heimdal.
    - Remove kaserver synchronization support and kasetkey.
    - wallet -S now generates a srvtab based on the DES key of the keytab
      and does not enable synchronization.  No synchronization targets are
      supported now.
    - The wallet client and wallet-backend server can now handle store of
      files containing nuls provided that the server uses remctl 2.14 and
      the remctl configuration is updated to use stdin=last.
    - Correctly store data that begins with a dash.
    - Do not log the data passed to store.
    - New wallet-report script and multiple additional database reports.
    - Report ACL names as well as numbers in object history.
  * Update debhelper compatibility level to V7.
    - Use debhelper rule minimization with overrides.
    - Add ${misc:Depends} to dependencies.
  * Clarify in long description that keytab-backend is only needed for MIT
    Kerberos.
  * Move wallet-server's dependency on krb5-user to Recommends, since it's
    only needed for keytab support, and allow libheimdal-kadm5-perl as an
    alternative.
  * Recommend remctl-server 2.14 or later for improved store support.
  * Add Homepage, Vcs-Git, and Vcs-Browser control fields.
  * Add a watch file.
  * Update standards version to 3.8.4 (no changes required).

 -- Russ Allbery <rra@debian.org>  Sun, 21 Feb 2010 21:13:40 -0800

wallet (0.9-1) unstable; urgency=low

  * New upstream release.
    - The wallet client now supports -f and stdin for store.
    - kasetkey supports enable, disable, and examine.
    - Stop setting Stanford-specific server defaults.
  * The test suite no longer needs libio-string-perl.
  * Use a separate stamp file for configure and install and use touch $@
    to create stamp files.
  * Update debhelper compatibility level to V5 (no changes required).

 -- Russ Allbery <rra@debian.org>  Thu, 24 Apr 2008 16:09:19 -0700

wallet (0.8-1) unstable; urgency=low

  * New upstream version.
    - Fix protocol mismatch between client and server.
    - Add file object support to the wallet server.
    - Correctly handle empty objects in the wallet client.
    - Add -q flag to wallet-backend to suppress syslog logging.
    - Add class registration to the wallet-admin utility.
    - Updated design documentation.

 -- Russ Allbery <rra@debian.org>  Wed, 13 Feb 2008 13:59:06 -0800

wallet (0.7-1) unstable; urgency=low

  * New upstream version.
    - Add exists and autocreate wallet server interfaces.
    - Implement autocreation on the client instead of the server.
    - Make create once again an ADMIN-only function.
    - Always generate the srvtab from the newly downloaded keys.
    - Pass kadmin.local ktadd its options in the correct order.
    - Check naming policy before checking default ACLs.
    - Work around a bug in Net::Remctl with explicit undef arguments.
    - Correctly enable syslog logging in wallet-backend.
    - Fix the remctl configuration for keytab-backend.
  * Create /var/lib/keytabs in the keytab-backend package.

 -- Russ Allbery <rra@debian.org>  Fri, 08 Feb 2008 11:22:54 -0800

wallet (0.6-1) unstable; urgency=low

  * New upstream version.
    - Safer handling of file creation with -f in the client.
    - The client can get configuration from krb5.conf.
    - Support get in the client without -f.
    - Client support for merging keys into an existing keytab.
    - New client -u option to obtain new Kerberos credentials.
    - New wallet-admin command-line utility for the server.
    - The server supports enforcing a local object naming policy.
    - New wallet-report script (currently Stanford-specific).
  * Change hard-coded wallet server to wallet.stanford.edu.
  * Add --enable-reduced-depends to configure to eliminate unnecessary
    shared library dependencies.

 -- Russ Allbery <rra@debian.org>  Mon, 28 Jan 2008 15:17:25 -0800

wallet (0.5-2) unstable; urgency=low

  * Hard-code lsdb-new.stanford.edu as the wallet server name for the time
    being.

 -- Russ Allbery <rra@debian.org>  Mon, 17 Dec 2007 21:17:08 -0800

wallet (0.5-1) unstable; urgency=low

  * New upstream release.
    - Allow more valid arguments to wallet-backend.
    - Load Perl modules for object types and ACL verifiers properly.
    - Correctly implement clearing attribute values.
    - Fix keytab principal validation to allow periods.
    - When writing files from the client, remove old backup files.
    - Check default creation ACLs before the ADMIN ACL.

 -- Russ Allbery <rra@debian.org>  Thu, 06 Dec 2007 22:26:55 -0800

wallet (0.4-1) unstable; urgency=low

  * New upstream release.
    - Globally cache ACL verifiers.
    - Add the netdb-root ACL verifier, which requires root instances.
    - Determine object and ACL scheme classes from the database.
    - Coding style fixes and cleanup.
  * Update debian/copyright using the information from LICENSE.
  * Update standards version to 3.7.3 (no changes required).

 -- Russ Allbery <rra@debian.org>  Wed, 05 Dec 2007 17:01:20 -0800

wallet (0.3-1) unstable; urgency=low

  * New upstream release.
  * Initial packaging of all components of wallet.

 -- Russ Allbery <rra@debian.org>  Fri, 30 Nov 2007 20:30:30 -0800

wallet (0.1-1) unstable; urgency=low

  * Initial release building only kasetkey.

 -- Russ Allbery <rra@debian.org>  Thu,  8 Mar 2007 16:07:05 -0800