lp:debian/squeeze/webauth

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

11. By Russ Allbery on 2010-08-12

* Apply upstream deltas:
  - [49ad22d2] Fix wa_keyring option parsing and verbose mode bugs
* Update standards version to 3.9.1 (no changes required).

10. By Russ Allbery on 2010-07-23

* New upstream release.
  - Password change in WebLogin now forces re-entry of the old password
    on the same screen as the new password even if the user had just
    authenticated, with a configuration option to disable this.
  - The default proxy token lifetime is now the lifetime of the
    underlying Kerberos credential, matching the documentation, instead
    of ten hours.
  - Improve error reporting in WebLogin for password change failures.

9. By Russ Allbery on 2010-07-08

* New upstream release.
  - WebAuthLdapAuthRule in mod_webauthldap now sets environment
    variables to the value "privgroup <privgroup>" rather than the
    previous behavior of just "<privgroup>".
  - New WebAuthLdapPrivgroup directive for mod_webauthldap which probes
    user's membership in multiple privgroups and sets an environment
    variable to the list of those they're in.
  - WebAuthLdapAttribute can now take multiple attributes on one line.
  - WebLogin includes a password change script and template.
  - WebLogin now supports password expiration handling.
  - WebLogin may be configured to warn users of expiring passwords.
  - WebLogin catches SIGTERM in login.fcgi and finishes the current
    request, fixing some problems with unclean shutdown when FastCGI
    restarts the running scripts.
  - WebLogin correctly encodes RT and ST in the URL when redirecting to
    an alternate URL when attempting REMOTE_USER authentication.
  - wa_keyring now uses ISO format for timestamps.
  - Various changes and cleanup to the WebAuth library API.
  - Link wa_keyring with libcrypto properly. (Closes: #556674)
  - Avoid importing isa from UNIVERSAL. (Closes: #578632)
  - Lower the log level of some mod_webauth diagnostics.
* The default help.html file is now installed into
  /usr/share/weblogin/generic/templates instead of one level higher.
* Upstream now no longer uses apxs to install modules, so upstream
  supports DESTDIR and debian/rules can use make install instead of
  rewriting all the installation rules.
* Drop the SONAME version from libwebauth-dev. We'll never need to
  maintain development packages for more than one version of the ABI in
  Debian at the same time. Add a transitional package to assist with
  upgrades.
* Move Perl module dependencies from webauth-weblogin to libwebkdc-perl
  since the supporting modules now load the other required Perl modules.
* Bump the versioned dependencies from webauth-weblogin and
  libwebkc-perl on libwebauth-perl and in webauth-weblogin on
  libwebkdc-perl.
* Add an explicit dependency on liburi-perl to libwebkdc-perl.
* Fix Perl dependencies in webauth-weblogin and webauth-tests.
* Add a Suggests of libapache2-mod-php5 to webauth-tests.
* Add Suggests of libtimedate-perl, libtime-duration-perl, and
  libnet-remctl-perl to libwebkdc-perl, required for now for expiring
  password warning support.
* Downgrade the libwebauth-dev dependency on libkrb5-dev to Suggests
  since it's only required for static linking.
* Update build dependency to libcurl4-openssl-dev.
* Add additional build dependencies so that the Perl module test suite
  can run.
* Force source format 1.0 for right now to make backporting easier.
* Update to debhelper compatibility level V7.
  - Add ${misc:Depends} to all dependencies.
  - Use dh_prep instead of dh_clean -k.
* Update standards version to 3.9.0 (no changes required).

8. By Russ Allbery on 2009-09-15

Set DESTDIR instead of PREFIX when installing the Perl modules. Perl
5.10.1 doesn't allow changing PREFIX at install time. Thanks, Niko
Tyni.

7. By Russ Allbery on 2009-09-08

* New upstream release.
  - CVE-2009-2945: When generating a redirect to test for cookie
    support, be sure not to include a password in the URL. Reject
    username/password logins via methods other than POST.
  - If the user submits the login form via POST without the test cookie,
    assume the browser supports cookies and don't probe.
  - New script (in /usr/share/doc/webauth-weblogin/weblogin-passcheck)
    to find passwords exposed by CVE-2009-2945.

6. By Russ Allbery on 2009-08-24

* Do not install the libwebauth.la file. Libtool *.la files force other
  packages using Libtool to declare excessive library dependencies.
* Update standards version to 3.8.3 (no changes required).

5. By Russ Allbery on 2009-07-14

* New upstream release.
  - $BYPASS_CONFIRM now suppresses the confirm page after POST for
    browsers that support this.
  - $BYPASS_CONFIRM can be set to "id" to only bypass the confirmation
    page if the WAS is not requesting a proxy token (and hence may
    request delegated credentials).
  - New variables for the WebLogin confirmation page containing
    delegated credential details.
  - Better WebLogin cookie handling with confirmation bypass.
* Remove -L and -l flags to dh_shlibdeps, which are no longer needed.
* Remove full paths to a2dismod in the package prerm scripts.
* Update standards version to 3.8.2.
  - Change sections of Apache modules.
  - Run test suite iff nocheck is not set in DEB_BUILD_OPTIONS.
* Add Vcs-Git and Vcs-Browser source control fields.
* Improve short description for libwebkdc-perl.
* Update debian/copyright to include a copy of the more thorough new
  upstream LICENSE file.

4. By Russ Allbery on 2008-03-21

* New upstream release.
  - Fix prematurely freed internal data in mod_webauth.
  - Work around a CGI Perl module bug in WebLogin that caused crashes
    for WebLogin URLs containing two slashes and two plus signs.
  - Add WebLogin support for delegated credentials. Based on work by
    Joachim Keltsch. (Closes: #466792)
  - New WebKdcLocalRealms and WebKdcPermittedRealms mod_webkdc options.
  - New WebKDC protocol error for a login rejected by policy.
  - New err_rejected variable in the weblogin login.tmpl template.
  - Several new WebLogin configuration options and hooks.
  - WebLogin REMOTE_USER variables have been renamed for consistency,
    but the old variables will continue to work.
* Add symbols support for libwebauth1.
* Bump shlibs for libwebauth1 for the introduction of a new interface.
* Minor debian/rules tweaking:
  - Use the right configure arguments for cross-compiles.
  - Use touch $@ to create stamp files.
  - Use install rather than cp and mkdir.
* Update the doc-base section for the WebAuth protocol specification.

3. By Russ Allbery on 2006-10-09

* Rebuild for Apache 2.2.
  - Add versioned build dependency.
  - Change module dependencies from apache2 to apache2.2-common.
  - Document the need to enable authz_user.
* Depend on apache2-threaded-dev rather than on the virtual apache2-dev
  package.

2. By Russ Allbery on 2005-06-02

* New upstream release.
  - mod_webauth now handles empty keyring files appropriately.
  - Significant improvements to the mod_webkdc manual.