1 krb5-strength (3.1-1) unstable; urgency=medium
3 * New upstream release.
4 - New configuration option cracklib_maxlen.
5 - require_classes now supports requiring a minimum number of classes.
6 - Capitalize the first letter of error messages.
7 - Apply SuSE patch for a security vulnerability in the embedded
8 CrackLib. This didn't affect the way it was used in this package,
9 but best to be sure anyway.
10 - Configuration instructions are now provided in installed man pages,
11 including a new krb5-strength man page, to make them more accessible
13 * Patch the upstream test suite to change the expected results for a few
14 passwords that are rejected by the embedded CrackLib but accepted by
15 the system CrackLib (which the Debian package is built with).
16 * Re-enable treating test suite failures as package build failures now
17 that bug #724570 in CrackLib was fixed in Debian.
18 * Switch to the DEP-14 branch layout and update debian/gbp.conf and
20 * Prefer *.tar.xz in debian/watch to match packaging.
21 * Fix Upstream-Contact email address in debian/copyright.
22 * Switch to https for all package URLs.
23 * Run wrap-and-sort -ast.
24 * Refresh upstream signing key.
25 * Enable all hardening flags.
26 * Update to debhelper compatibility level V10.
27 - Remove explicit dh-autoreconf dependency and invocation.
28 - Remove explicit --parallel flags.
29 * Update standards version to 3.9.8 (no changes required).
31 -- Russ Allbery <rra@debian.org> Sun, 25 Dec 2016 12:40:41 -0800
33 krb5-strength (3.0-1) unstable; urgency=medium
35 * New upstream release.
36 - SQLite password dictionaries are now supported and can be used to
37 reject passwords within edit distance one of any dictionary word.
38 - cdbmake-wordlist has been renamed to krb5-strength-wordlist and can
39 also generate SQLite databases compatible with this plugin and
40 Heimdal quality check program.
41 - heimdal-history, a password history implementation for Heimdal, has
42 been added and can be stacked with heimdal-strength to check both
43 history and password strength.
44 - New configuration option, minimum_different, which sets the minimum
45 number of different characters required in a password.
46 * Add the upstream signing key to debian/upstream/signing-key.asc and
47 configure uscan to do signature validation. Configure uscan to
48 download the xz tarball instead of the gz tarball.
49 * Create a _history user and group and a /var/lib/heimdal-history
50 directory on package installation for the use of heimdal-history,
51 remove the user and the standard database on purge, and remove the
52 directory if empty on package purge or removal.
54 -- Russ Allbery <rra@debian.org> Wed, 26 Mar 2014 00:04:13 -0700
56 krb5-strength (2.2-1) unstable; urgency=low
58 * New upstream release.
59 - Support for more complex length-sensitive character class
60 restrictions using the new require_classes configuration setting.
61 - cdbmake-wordlist now supports filtering out words based on maximum
62 length and user-supplied regular expressions, and supports running
63 in filter mode to generate a new word list.
64 * Update to standards version 3.9.5 (no changes required).
66 -- Russ Allbery <rra@debian.org> Mon, 16 Dec 2013 15:36:29 -0800
68 krb5-strength (2.1-1) unstable; urgency=low
70 * New upstream release.
71 - Improve some of the password rejection error messages.
73 -- Russ Allbery <rra@debian.org> Thu, 10 Oct 2013 17:09:37 -0700
75 krb5-strength (2.0-1) unstable; urgency=low
77 * Initial upload to Debian. (Closes: #725753)
78 * New upstream release.
79 - Add native support for the MIT Kerberos password quality plugin
80 interface included in MIT Kerberos 1.9 and later.
81 - Stop building the Heimdal plugin. Heimdal prefers using an external
83 - Add support for TinyCDB dictionaries with a simpler dictionary
84 lookup algorithm. This allows use of this package to check
85 passwords against a large, fast dictionary with a minimum of
86 permutations as an alternative or supplement to the extensive
87 permutations tested by CrackLib.
88 - Minimum password length can now be enforced directly through
89 configuration of this module without relying on CrackLib.
90 - New boolean settings require_ascii_printable and require_non_letter
91 to reject passwords with non-ASCII or non-printable characters and
92 to require passwords contain at least one non-letter (and
94 - The plugin and external checking program will now run without a
95 dictionary configured so that they can be used only to check length
96 and the lighter character restrictions if so desired.
97 - When checking for passwords based on the principal, also check each
98 component of the principal to find passwords based on the realm.
99 * Eliminate the heimdal-strength package. krb5-strength now builds a
100 single binary package of the same name including the MIT plugin and
101 the Heimdal external password quality program. The Heimdal plugin is
102 not built by the Debian packaging because Heimdal prefers external
103 programs. The plugin can be added later as a separate package if
105 * Revise the package long description for the merger of krb5-strength
106 and heimdal-strength and the new capabilities in 2.0.
107 * Recommend cracklib-runtime and tinycdb since they are required to
108 build dictionaries. Downgrade krb5-admin-server to Enhances and add
110 * Update debhelper compatibility level to V9.
111 - Enable hardening flags, including bindnow and PIE.
112 - Enable parallel builds.
113 * Use dh-autoreconf to rebuild the build system during package builds.
114 * Use xz compression for the upstream and Debian tarballs.
115 * Add branch information to the Vcs-Git metadata.
116 * Update standards version to 3.9.4 (no changes required).
117 * Rewrite debian/copyright in copyright-format 1.0.
118 * Remove README.Debian. All of that information is now available in the
119 installed upstream README file.
120 * Remove Bugs header now that this package is in Debian proper.
122 -- Russ Allbery <rra@debian.org> Mon, 07 Oct 2013 18:56:49 -0700
124 krb5-strength (1.1-1) unstable; urgency=low
126 * New upstream release.
127 - Increase minimum password length to 8.
128 - Reject passwords formed from the username with digits appended.
129 - Reject duplicated dictionary words.
130 - Fix variable sizes on 64-bit platforms.
131 * Add a Bugs header directing bug reports to me personally.
132 * Update to debhelper compatibility level V8.
133 * Switch to Debian source package format 3.0 (quilt) with a custom local
135 * Update standards version to 3.9.3 (no changes required).
137 -- Russ Allbery <rra@debian.org> Fri, 11 May 2012 15:03:11 -0700
139 krb5-strength (1.0-1) unstable; urgency=low
141 * New upstream release.
142 - Add an external password strength program for Heimdal.
143 - Add a plugin for the Heimdal password strength support.
144 * Create a separate heimdal-strength package containing only the
145 external password check program for Heimdal. The Heimdal version of
146 the libkadm5srv plugin isn't packaged for the time being.
147 * Update debhelper compatibility mode to V7.
148 - Use debhelper rule minimization with overrides.
149 - Add ${misc:Depends} to dependencies.
150 * Add Homepage, Vcs-Git, and Vcs-Browser control fields.
152 * Update standards version to 3.8.4 (no changes required).
154 -- Russ Allbery <rra@debian.org> Tue, 16 Feb 2010 22:47:35 -0800
156 krb5-strength (0.5-1) unstable; urgency=low
158 * New upstream release.
159 - More checks for passwords based on the principal.
161 -- Russ Allbery <rra@debian.org> Wed, 18 Jul 2007 23:16:37 -0700
163 krb5-strength (0.3-1) unstable; urgency=low
165 * New upstream release with a different name.
166 - Many cleanups to the code and build system.
167 - Unnecessary differences from CrackLib removed.
168 - Some Debian CrackLib patches applied for robustness.
169 * Updated README.Debian with a better example kdc.conf entry.
170 * No longer install the packer binary. We can use the one from
173 -- Russ Allbery <rra@debian.org> Fri, 23 Mar 2007 15:27:50 -0700
175 krb5-passwd-strength (0.2-1) unstable; urgency=low
179 -- Russ Allbery <rra@debian.org> Thu, 22 Jun 2006 15:07:03 -0700