X-Git-Url: https://git.eyrie.org/?a=blobdiff_plain;f=debian%2Fchangelog;h=4ca0541f7c3e2b8774bdadf1844cfa3b441f37f2;hb=1a7e72fd5f9369edb13258eb8414902cbcf9e295;hp=c0427c311e4a710d15a2be719ed5a0876b7e7a05;hpb=8400931fc1b6155537ad7c207d793f5a36280ef8;p=kerberos%2Fkrb5-strength.git diff --git a/debian/changelog b/debian/changelog index c0427c3..4ca0541 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,13 +1,204 @@ -krb5-strength (1.1-1) UNRELEASED; urgency=low +krb5-strength (3.2-4) unstable; urgency=medium + + * Run make maintainer-clean during debian/rules clean, since + debian/rules build runs ./bootstrap and thus regenerates test files. + (Closes: #1048564) + * Update to standards version 4.6.2 (no changes required). + * Refresh upstream signing key. + + -- Russ Allbery Sun, 22 Oct 2023 12:37:47 -0700 + +krb5-strength (3.2-3) unstable; urgency=medium + + [ Helmut Grohne ] + * Fix FTBFS with nocheck profile. (Closes: #983701) + + -- Russ Allbery Sun, 28 Feb 2021 11:27:30 -0800 + +krb5-strength (3.2-2) unstable; urgency=medium + + * Mark build dependencies used only for the test suite with . + Thanks, Helmut Grohne. (Closes: #978723) + * Remove Build-Dependency on libfile-slurp-perl, which was not used. + * Add debian/upstream/metadata file. + * Change the Debian packaging branch to debian/unstable. + * Change canonical packaging repository to Salsa. + * Update to standards version 4.5.1 (no changes required). + * Refresh upstream signing key. + + -- Russ Allbery Wed, 30 Dec 2020 18:11:26 -0800 + +krb5-strength (3.2-1) unstable; urgency=medium + + * New upstream release. + - New --check-only option to heimdal-history. + - Increase hash iterations for heimdal-history for new hashes. + - Use explicit_bzero to overwrite copies of passwords. + * Drop upstream patch to modify the test suite, since the upstream test + suite now correctly handles a system CrackLib library. + * Include the full text of the license of the embedded copy of cracklib + (not used in the Debian build) in debian/copyright, since it's not + identical to the Artistic license included in common-licenses. + * Update to debhelper compatibility level V13. + * Update to standards version 4.5.0 (no changes required). + * Refresh upstream signing key. + + -- Russ Allbery Sun, 17 May 2020 10:27:44 -0700 + +krb5-strength (3.1-2) unstable; urgency=medium + + * Update standards version to 4.2.1. + - Enable verbose test output. + - Install the upstream release notes as NEWS.gz, not changelog.gz. + - Add Rules-Requires-Root: no. + - Use https for URLs in debian/copyright. + - Change priority to optional. + * Update to debhelper compatibility levl V11. + * Bump debian/watch version to 4 and use https. + * Add upstream-vcs-tag configuration to debian/gbp.conf. + * Remove obsolete debian/source/options that was forcing the compression + format to xz (now the default). + * Refresh upstream signing key. + + -- Russ Allbery Fri, 31 Aug 2018 17:07:43 -0700 + +krb5-strength (3.1-1) unstable; urgency=medium + + * New upstream release. + - New configuration option cracklib_maxlen. + - require_classes now supports requiring a minimum number of classes. + - Capitalize the first letter of error messages. + - Apply SuSE patch for a security vulnerability in the embedded + CrackLib. This didn't affect the way it was used in this package, + but best to be sure anyway. + - Configuration instructions are now provided in installed man pages, + including a new krb5-strength man page, to make them more accessible + after installation. + * Patch the upstream test suite to change the expected results for a few + passwords that are rejected by the embedded CrackLib but accepted by + the system CrackLib (which the Debian package is built with). + * Re-enable treating test suite failures as package build failures now + that bug #724570 in CrackLib was fixed in Debian. + * Switch to the DEP-14 branch layout and update debian/gbp.conf and + Vcs-Git accordingly. + * Prefer *.tar.xz in debian/watch to match packaging. + * Fix Upstream-Contact email address in debian/copyright. + * Switch to https for all package URLs. + * Run wrap-and-sort -ast. + * Refresh upstream signing key. + * Enable all hardening flags. + * Update to debhelper compatibility level V10. + - Remove explicit dh-autoreconf dependency and invocation. + - Remove explicit --parallel flags. + * Update standards version to 3.9.8 (no changes required). + + -- Russ Allbery Sun, 25 Dec 2016 12:40:41 -0800 + +krb5-strength (3.0-1) unstable; urgency=medium + + * New upstream release. + - SQLite password dictionaries are now supported and can be used to + reject passwords within edit distance one of any dictionary word. + - cdbmake-wordlist has been renamed to krb5-strength-wordlist and can + also generate SQLite databases compatible with this plugin and + Heimdal quality check program. + - heimdal-history, a password history implementation for Heimdal, has + been added and can be stacked with heimdal-strength to check both + history and password strength. + - New configuration option, minimum_different, which sets the minimum + number of different characters required in a password. + * Add the upstream signing key to debian/upstream/signing-key.asc and + configure uscan to do signature validation. Configure uscan to + download the xz tarball instead of the gz tarball. + * Create a _history user and group and a /var/lib/heimdal-history + directory on package installation for the use of heimdal-history, + remove the user and the standard database on purge, and remove the + directory if empty on package purge or removal. + + -- Russ Allbery Wed, 26 Mar 2014 00:04:13 -0700 + +krb5-strength (2.2-1) unstable; urgency=low + + * New upstream release. + - Support for more complex length-sensitive character class + restrictions using the new require_classes configuration setting. + - cdbmake-wordlist now supports filtering out words based on maximum + length and user-supplied regular expressions, and supports running + in filter mode to generate a new word list. + * Update to standards version 3.9.5 (no changes required). + + -- Russ Allbery Mon, 16 Dec 2013 15:36:29 -0800 + +krb5-strength (2.1-1) unstable; urgency=low + + * New upstream release. + - Improve some of the password rejection error messages. + + -- Russ Allbery Thu, 10 Oct 2013 17:09:37 -0700 + +krb5-strength (2.0-1) unstable; urgency=low + + * Initial upload to Debian. (Closes: #725753) + * New upstream release. + - Add native support for the MIT Kerberos password quality plugin + interface included in MIT Kerberos 1.9 and later. + - Stop building the Heimdal plugin. Heimdal prefers using an external + check program anyway. + - Add support for TinyCDB dictionaries with a simpler dictionary + lookup algorithm. This allows use of this package to check + passwords against a large, fast dictionary with a minimum of + permutations as an alternative or supplement to the extensive + permutations tested by CrackLib. + - Minimum password length can now be enforced directly through + configuration of this module without relying on CrackLib. + - New boolean settings require_ascii_printable and require_non_letter + to reject passwords with non-ASCII or non-printable characters and + to require passwords contain at least one non-letter (and + non-space). + - The plugin and external checking program will now run without a + dictionary configured so that they can be used only to check length + and the lighter character restrictions if so desired. + - When checking for passwords based on the principal, also check each + component of the principal to find passwords based on the realm. + * Eliminate the heimdal-strength package. krb5-strength now builds a + single binary package of the same name including the MIT plugin and + the Heimdal external password quality program. The Heimdal plugin is + not built by the Debian packaging because Heimdal prefers external + programs. The plugin can be added later as a separate package if + there is demand. + * Revise the package long description for the merger of krb5-strength + and heimdal-strength and the new capabilities in 2.0. + * Recommend cracklib-runtime and tinycdb since they are required to + build dictionaries. Downgrade krb5-admin-server to Enhances and add + heimdal-kdc. + * Update debhelper compatibility level to V9. + - Enable hardening flags, including bindnow and PIE. + - Enable parallel builds. + * Use dh-autoreconf to rebuild the build system during package builds. + * Use xz compression for the upstream and Debian tarballs. + * Add branch information to the Vcs-Git metadata. + * Update standards version to 3.9.4 (no changes required). + * Rewrite debian/copyright in copyright-format 1.0. + * Remove README.Debian. All of that information is now available in the + installed upstream README file. + * Remove Bugs header now that this package is in Debian proper. + + -- Russ Allbery Mon, 07 Oct 2013 18:56:49 -0700 + +krb5-strength (1.1-1) unstable; urgency=low * New upstream release. - Increase minimum password length to 8. - Reject passwords formed from the username with digits appended. - Reject duplicated dictionary words. - Fix variable sizes on 64-bit platforms. + * Add a Bugs header directing bug reports to me personally. * Update to debhelper compatibility level V8. + * Switch to Debian source package format 3.0 (quilt) with a custom local + patch header. + * Update standards version to 3.9.3 (no changes required). - -- Russ Allbery Fri, 11 May 2012 14:49:16 -0700 + -- Russ Allbery Fri, 11 May 2012 15:03:11 -0700 krb5-strength (1.0-1) unstable; urgency=low @@ -50,4 +241,3 @@ krb5-passwd-strength (0.2-1) unstable; urgency=low * Initial release. -- Russ Allbery Thu, 22 Jun 2006 15:07:03 -0700 -