lp:debian/squeeze/webauth
- Get this branch:
- bzr branch lp:debian/squeeze/webauth
Branch information
- Owner:
- Ubuntu branches
- Status:
- Development
Recent revisions
- 11. By Russ Allbery
-
* Apply upstream deltas:
- [49ad22d2] Fix wa_keyring option parsing and verbose mode bugs
* Update standards version to 3.9.1 (no changes required). - 10. By Russ Allbery
-
* New upstream release.
- Password change in WebLogin now forces re-entry of the old password
on the same screen as the new password even if the user had just
authenticated, with a configuration option to disable this.
- The default proxy token lifetime is now the lifetime of the
underlying Kerberos credential, matching the documentation, instead
of ten hours.
- Improve error reporting in WebLogin for password change failures. - 9. By Russ Allbery
-
* New upstream release.
- WebAuthLdapAuthRule in mod_webauthldap now sets environment
variables to the value "privgroup <privgroup>" rather than the
previous behavior of just "<privgroup>".
- New WebAuthLdapPrivgroup directive for mod_webauthldap which probes
user's membership in multiple privgroups and sets an environment
variable to the list of those they're in.
- WebAuthLdapAttribute can now take multiple attributes on one line.
- WebLogin includes a password change script and template.
- WebLogin now supports password expiration handling.
- WebLogin may be configured to warn users of expiring passwords.
- WebLogin catches SIGTERM in login.fcgi and finishes the current
request, fixing some problems with unclean shutdown when FastCGI
restarts the running scripts.
- WebLogin correctly encodes RT and ST in the URL when redirecting to
an alternate URL when attempting REMOTE_USER authentication.
- wa_keyring now uses ISO format for timestamps.
- Various changes and cleanup to the WebAuth library API.
- Link wa_keyring with libcrypto properly. (Closes: #556674)
- Avoid importing isa from UNIVERSAL. (Closes: #578632)
- Lower the log level of some mod_webauth diagnostics.
* The default help.html file is now installed into
/usr/share/weblogin/ generic/ templates instead of one level higher.
* Upstream now no longer uses apxs to install modules, so upstream
supports DESTDIR and debian/rules can use make install instead of
rewriting all the installation rules.
* Drop the SONAME version from libwebauth-dev. We'll never need to
maintain development packages for more than one version of the ABI in
Debian at the same time. Add a transitional package to assist with
upgrades.
* Move Perl module dependencies from webauth-weblogin to libwebkdc-perl
since the supporting modules now load the other required Perl modules.
* Bump the versioned dependencies from webauth-weblogin and
libwebkc-perl on libwebauth-perl and in webauth-weblogin on
libwebkdc-perl.
* Add an explicit dependency on liburi-perl to libwebkdc-perl.
* Fix Perl dependencies in webauth-weblogin and webauth-tests.
* Add a Suggests of libapache2-mod-php5 to webauth-tests.
* Add Suggests of libtimedate-perl, libtime-duration- perl, and
libnet-remctl- perl to libwebkdc-perl, required for now for expiring
password warning support.
* Downgrade the libwebauth-dev dependency on libkrb5-dev to Suggests
since it's only required for static linking.
* Update build dependency to libcurl4-openssl- dev.
* Add additional build dependencies so that the Perl module test suite
can run.
* Force source format 1.0 for right now to make backporting easier.
* Update to debhelper compatibility level V7.
- Add ${misc:Depends} to all dependencies.
- Use dh_prep instead of dh_clean -k.
* Update standards version to 3.9.0 (no changes required). - 8. By Russ Allbery
-
Set DESTDIR instead of PREFIX when installing the Perl modules. Perl
5.10.1 doesn't allow changing PREFIX at install time. Thanks, Niko
Tyni. - 7. By Russ Allbery
-
* New upstream release.
- CVE-2009-2945: When generating a redirect to test for cookie
support, be sure not to include a password in the URL. Reject
username/password logins via methods other than POST.
- If the user submits the login form via POST without the test cookie,
assume the browser supports cookies and don't probe.
- New script (in /usr/share/doc/webauth- weblogin/ weblogin- passcheck)
to find passwords exposed by CVE-2009-2945. - 6. By Russ Allbery
-
* Do not install the libwebauth.la file. Libtool *.la files force other
packages using Libtool to declare excessive library dependencies.
* Update standards version to 3.8.3 (no changes required). - 5. By Russ Allbery
-
* New upstream release.
- $BYPASS_CONFIRM now suppresses the confirm page after POST for
browsers that support this.
- $BYPASS_CONFIRM can be set to "id" to only bypass the confirmation
page if the WAS is not requesting a proxy token (and hence may
request delegated credentials).
- New variables for the WebLogin confirmation page containing
delegated credential details.
- Better WebLogin cookie handling with confirmation bypass.
* Remove -L and -l flags to dh_shlibdeps, which are no longer needed.
* Remove full paths to a2dismod in the package prerm scripts.
* Update standards version to 3.8.2.
- Change sections of Apache modules.
- Run test suite iff nocheck is not set in DEB_BUILD_OPTIONS.
* Add Vcs-Git and Vcs-Browser source control fields.
* Improve short description for libwebkdc-perl.
* Update debian/copyright to include a copy of the more thorough new
upstream LICENSE file. - 4. By Russ Allbery
-
* New upstream release.
- Fix prematurely freed internal data in mod_webauth.
- Work around a CGI Perl module bug in WebLogin that caused crashes
for WebLogin URLs containing two slashes and two plus signs.
- Add WebLogin support for delegated credentials. Based on work by
Joachim Keltsch. (Closes: #466792)
- New WebKdcLocalRealms and WebKdcPermittedRealms mod_webkdc options.
- New WebKDC protocol error for a login rejected by policy.
- New err_rejected variable in the weblogin login.tmpl template.
- Several new WebLogin configuration options and hooks.
- WebLogin REMOTE_USER variables have been renamed for consistency,
but the old variables will continue to work.
* Add symbols support for libwebauth1.
* Bump shlibs for libwebauth1 for the introduction of a new interface.
* Minor debian/rules tweaking:
- Use the right configure arguments for cross-compiles.
- Use touch $@ to create stamp files.
- Use install rather than cp and mkdir.
* Update the doc-base section for the WebAuth protocol specification. - 3. By Russ Allbery
-
* Rebuild for Apache 2.2.
- Add versioned build dependency.
- Change module dependencies from apache2 to apache2.2-common.
- Document the need to enable authz_user.
* Depend on apache2-threaded- dev rather than on the virtual apache2-dev
package. - 2. By Russ Allbery
-
* New upstream release.
- mod_webauth now handles empty keyring files appropriately.
- Significant improvements to the mod_webkdc manual.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)