path: root/debian/changelog

wallet (1.2-1~ebp12.04+1) precise; urgency=medium

  * Backport to precise.
  * Drop build dependency on libnet-duo-perl, not available in precise.
  * Drop build dependency on libwebauth-perl, which is much too old in
    precise for the functionality wallet needs.
  * Add explicit build dependency on libjson-perl, which wasn't part of
    Perl core yet in precise.
  * Disable the strictness test on the Perl libraries, since we don't have
    all the dependencies to install.

 -- Russ Allbery <rra@debian.org>  Tue, 18 Aug 2015 09:41:24 -0700

wallet (1.2-1) unstable; urgency=medium

  * New upstream release.
    - New object types duo-radius, duo-ldap, and duo-rdp.
    - New rename command for file objects.
  * Add a gbp.conf file to reflect the branch layout and settings of the
    normal packaging repository.
  * Update standards version to 3.9.6 (no changes required).

 -- Russ Allbery <rra@debian.org>  Mon, 08 Dec 2014 21:13:21 -0800

wallet (1.1-1) unstable; urgency=medium

  * New upstream release.
    - New object type, duo, which creates a UNIX integration with the Duo
      Security cloud multifactor authentication service.
    - The owner and getacl commands now return the name of the ACL.
    - The date passed to expires can be any date format understood by
      Date::Parse.
    - wallet-rekey now works properly with keytabs containing multiple
      principals and does not store new principals in a separate file
      first.
    - Fix setting enctype restrictions on keytab objects and populate the
      reference table for valid enctypes on database creation.
    - Fix Wallet::Config documentation of ldap_map_principal.
    - Generate a long, random password when creating new principals in the
      Heimdal KDC to avoid problems with password quality checks.
    - Remove erroneous foreign key constraints between the object history
      and objects table, an incorrect linkage in the ACL history table,
      and add indices for object type, name, and ACL.
    - Use DateTime objects uniformly in the database layer.
    - ACL renames are now recorded in the ACL history.
    - Fix wallet-backend parsing of the expires command to expect only one
      argument.
    - Fix ordering of table drops during wallet-admin destroy to honor
      foreign key reference constraints.
    - The initial ADMIN ACL creation is no longer documented in history.
  * Document in the wallet-server package description that a DBD::* module
    and corresponding DateTime::Format::* module are required.  (There
    isn't a way to fully represent the required dependency.)
  * Rebuild Autoconf and Automake files during the build.
  * Define AUTOMATED_TESTING to enable some additional Perl tests.
  * Adjust debian/rules for the new Module::Build Perl build system.
  * Drop now-unneeded dh_builddeb override for xz compression.
  * Enable uscan verification of the GnuPG signatures on upstream
    releases in debian/watch.
  * Update standards version to 3.9.5 (no changes required).

 -- Russ Allbery <rra@debian.org>  Wed, 16 Jul 2014 17:08:35 -0700

wallet (1.0-5) unstable; urgency=low

  * Cherry-pick upstream commit to randomize the password used for initial
    Kerberos principal creation when talking to a Heimdal KDC.

 -- Russ Allbery <rra@debian.org>  Thu, 09 Jan 2014 14:05:19 -0800

wallet (1.0-4) unstable; urgency=low

  * Cherry-pick upstream commit to fix wallet-rekey when used with keytabs
    that contain multiple principals.
  * Cherry-pick upstream commit to fix the skipped test count for the
    ldap-attr verifier test.
  * Add libauthen-sasl-perl and libnet-ldap-perl to Build-Depends for the
    test suite.

 -- Russ Allbery <rra@debian.org>  Mon, 06 Jan 2014 21:27:50 -0800

wallet (1.0-3) unstable; urgency=low

  * Cherry-pick upstream commits to fix ACL history entries with
    PostgreSQL, an incorrect foreign key constraint for the object
    history, and bugs in handling of enctype restrictions for keytabs.
  * Move the DateTime::Format::* Perl modules for various databases to
    Depends from Recommends and add the Pg and MySQL versions as
    alternatives.

 -- Russ Allbery <rra@debian.org>  Tue, 05 Nov 2013 13:17:51 -0800

wallet (1.0-2) unstable; urgency=low

  * Cherry-pick upstream commits to fix the t/admin.t test with the
    squeeze version of DBIx::Class.

 -- Russ Allbery <rra@debian.org>  Fri, 29 Mar 2013 13:58:42 -0700

wallet (1.0-1) unstable; urgency=low

  * New upstream release.
    - New wallet-admin upgrade command to upgrade the schema to the latest
      version.  This should be run manually after upgrading the server.
    - Owners of wallet objects are now allowed to destroy them by default.
    - New ACL type ldap-attr to check whether the caller has an attribute
      in an LDAP directory (needs libauthen-sasl-perl and libnet-ldap-perl
      and only works with GSS-API binds).
    - New object type wa-keyring to store WebAuth keyrings (needs
      libwebauth-perl).
    - New acl check command that returns whether the named ACL exists.
    - New comments field for objects and wallet commands to set and
      retrieve it.
  * Switch to xz compression for the upstream and Debian tarballs and
    binary packages.
  * Update debhelper compatibility level to V9.
    - Enable all hardening build flags.
    - Enable parallel builds.
  * Check for any files left uninstalled by dh_install.
  * Tag all packages as Multi-Arch: foreign.
  * Move single-debian-patch to local-options and patch-header to
    local-patch-header so that they only apply to the packages I build and
    NMUs get regular version-numbered patches.
  * Convert debian/copyright to copyright-format 1.0.
  * Update standards version to 3.9.4.
    - Indicate the Debian packaging branch in the Vcs-Git header.

 -- Russ Allbery <rra@debian.org>  Wed, 27 Mar 2013 20:06:21 -0700

wallet (0.12-1) unstable; urgency=low

  * New upstream release.
    - New wallet-rekey client program to rekey a keytab.
    - New ACL type krb5-regex for the server.
    - New objects unused wallet-report report.
    - New acls duplicate wallet-report report.
    - Add a help command to wallet-report.
  * Don't install wallet-summary in /usr/sbin in the wallet-server package
    and instead install it in /usr/share/doc/wallet-server/examples.  This
    program is Stanford-specific and would require extensive changes for
    other sites.
  * Install the other contrib scripts except convert-srvtab-db to the
    examples directory for wallet-server.
  * Switch to 3.0 (quilt) source format.  Force a single Debian patch and
    include a custom patch header explaining that it is a rollup of any
    fixes cherry-picked from upstream and breaking those patches out
    separately would be work for no gain.
  * Update standards version to 3.9.1 (no changes required).

 -- Russ Allbery <rra@debian.org>  Wed, 25 Aug 2010 18:49:48 -0700

wallet (0.11-1) unstable; urgency=low

  * New upstream release.
    - Verify that deleted ACLs are not referenced.
    - Add Wallet::Config verify_acl_name function to check ACL names.
    - Add audit command to wallet-report to check for naming violations.
    - Add acl unused report to wallet-report.

 -- Russ Allbery <rra@debian.org>  Mon, 08 Mar 2010 10:59:00 -0800

wallet (0.10-1) unstable; urgency=low

  * New upstream release.
    - Add support for Heimdal KDCs as well as MIT Kerberos KDCs.  New
      mandatory configuration setting KEYTAB_KRBTYPE which must be set to
      either MIT or Heimdal.
    - Remove kaserver synchronization support and kasetkey.
    - wallet -S now generates a srvtab based on the DES key of the keytab
      and does not enable synchronization.  No synchronization targets are
      supported now.
    - The wallet client and wallet-backend server can now handle store of
      files containing nuls provided that the server uses remctl 2.14 and
      the remctl configuration is updated to use stdin=last.
    - Correctly store data that begins with a dash.
    - Do not log the data passed to store.
    - New wallet-report script and multiple additional database reports.
    - Report ACL names as well as numbers in object history.
  * Update debhelper compatibility level to V7.
    - Use debhelper rule minimization with overrides.
    - Add ${misc:Depends} to dependencies.
  * Clarify in long description that keytab-backend is only needed for MIT
    Kerberos.
  * Move wallet-server's dependency on krb5-user to Recommends, since it's
    only needed for keytab support, and allow libheimdal-kadm5-perl as an
    alternative.
  * Recommend remctl-server 2.14 or later for improved store support.
  * Add Homepage, Vcs-Git, and Vcs-Browser control fields.
  * Add a watch file.
  * Update standards version to 3.8.4 (no changes required).

 -- Russ Allbery <rra@debian.org>  Sun, 21 Feb 2010 21:13:40 -0800

wallet (0.9-1) unstable; urgency=low

  * New upstream release.
    - The wallet client now supports -f and stdin for store.
    - kasetkey supports enable, disable, and examine.
    - Stop setting Stanford-specific server defaults.
  * The test suite no longer needs libio-string-perl.
  * Use a separate stamp file for configure and install and use touch $@
    to create stamp files.
  * Update debhelper compatibility level to V5 (no changes required).

 -- Russ Allbery <rra@debian.org>  Thu, 24 Apr 2008 16:09:19 -0700

wallet (0.8-1) unstable; urgency=low

  * New upstream version.
    - Fix protocol mismatch between client and server.
    - Add file object support to the wallet server.
    - Correctly handle empty objects in the wallet client.
    - Add -q flag to wallet-backend to suppress syslog logging.
    - Add class registration to the wallet-admin utility.
    - Updated design documentation.

 -- Russ Allbery <rra@debian.org>  Wed, 13 Feb 2008 13:59:06 -0800

wallet (0.7-1) unstable; urgency=low

  * New upstream version.
    - Add exists and autocreate wallet server interfaces.
    - Implement autocreation on the client instead of the server.
    - Make create once again an ADMIN-only function.
    - Always generate the srvtab from the newly downloaded keys.
    - Pass kadmin.local ktadd its options in the correct order.
    - Check naming policy before checking default ACLs.
    - Work around a bug in Net::Remctl with explicit undef arguments.
    - Correctly enable syslog logging in wallet-backend.
    - Fix the remctl configuration for keytab-backend.
  * Create /var/lib/keytabs in the keytab-backend package.

 -- Russ Allbery <rra@debian.org>  Fri, 08 Feb 2008 11:22:54 -0800

wallet (0.6-1) unstable; urgency=low

  * New upstream version.
    - Safer handling of file creation with -f in the client.
    - The client can get configuration from krb5.conf.
    - Support get in the client without -f.
    - Client support for merging keys into an existing keytab.
    - New client -u option to obtain new Kerberos credentials.
    - New wallet-admin command-line utility for the server.
    - The server supports enforcing a local object naming policy.
    - New wallet-report script (currently Stanford-specific).
  * Change hard-coded wallet server to wallet.stanford.edu.
  * Add --enable-reduced-depends to configure to eliminate unnecessary
    shared library dependencies.

 -- Russ Allbery <rra@debian.org>  Mon, 28 Jan 2008 15:17:25 -0800

wallet (0.5-2) unstable; urgency=low

  * Hard-code lsdb-new.stanford.edu as the wallet server name for the time
    being.

 -- Russ Allbery <rra@debian.org>  Mon, 17 Dec 2007 21:17:08 -0800

wallet (0.5-1) unstable; urgency=low

  * New upstream release.
    - Allow more valid arguments to wallet-backend.
    - Load Perl modules for object types and ACL verifiers properly.
    - Correctly implement clearing attribute values.
    - Fix keytab principal validation to allow periods.
    - When writing files from the client, remove old backup files.
    - Check default creation ACLs before the ADMIN ACL.

 -- Russ Allbery <rra@debian.org>  Thu, 06 Dec 2007 22:26:55 -0800

wallet (0.4-1) unstable; urgency=low

  * New upstream release.
    - Globally cache ACL verifiers.
    - Add the netdb-root ACL verifier, which requires root instances.
    - Determine object and ACL scheme classes from the database.
    - Coding style fixes and cleanup.
  * Update debian/copyright using the information from LICENSE.
  * Update standards version to 3.7.3 (no changes required).

 -- Russ Allbery <rra@debian.org>  Wed, 05 Dec 2007 17:01:20 -0800

wallet (0.3-1) unstable; urgency=low

  * New upstream release.
  * Initial packaging of all components of wallet.

 -- Russ Allbery <rra@debian.org>  Fri, 30 Nov 2007 20:30:30 -0800

wallet (0.1-1) unstable; urgency=low

  * Initial release building only kasetkey.

 -- Russ Allbery <rra@debian.org>  Thu,  8 Mar 2007 16:07:05 -0800