debian/changelog

   1 libpve-access-control (5.0-7) unstable; urgency=medium
   2
   3   * VM.Snapshot.Rollback privilege added
   4
   5   * api: check for special roles before locking the usercfg
   6
   7   * fix #1501: pveum: die when deleting special role
   8
   9   * API/ticket: rework coarse grained permission computation
  10
  11  -- Proxmox Support Team <support@proxmox.com>  Thu, 5 Oct 2017 11:27:48 +0200
  12
  13 libpve-access-control (5.0-6) unstable; urgency=medium
  14
  15   * Close #1470: Add server ceritifcate verification for AD and LDAP via the
  16     'verify' option. For compatibility reasons this defaults to off for now,
  17     but that might change with future updates.
  18
  19   * AD, LDAP: Add ability to specify a CA path or file, and a client
  20     certificate via the 'capath', 'cert' and 'certkey' options.
  21
  22  -- Proxmox Support Team <support@proxmox.com>  Tue, 08 Aug 2017 11:56:38 +0200
  23
  24 libpve-access-control (5.0-5) unstable; urgency=medium
  25
  26   * change from dpkg-deb to dpkg-buildpackage
  27
  28  -- Proxmox Support Team <support@proxmox.com>  Thu, 22 Jun 2017 09:12:37 +0200
  29
  30 libpve-access-control (5.0-4) unstable; urgency=medium
  31
  32   * PVE/CLI/pveum.pm: call setup_default_cli_env()
  33
  34   * PVE/Auth/PVE.pm: encode uft8 password before calling crypt
  35
  36   * check_api2_permissions: avoid warning about uninitialized value
  37
  38  -- Proxmox Support Team <support@proxmox.com>  Tue, 02 May 2017 11:58:15 +0200
  39
  40 libpve-access-control (5.0-3) unstable; urgency=medium
  41
  42   * use new PVE::OTP class from pve-common
  43
  44   * use new PVE::Tools::encrypt_pw from pve-common
  45
  46  -- Proxmox Support Team <support@proxmox.com>  Thu, 30 Mar 2017 17:45:55 +0200
  47
  48 libpve-access-control (5.0-2) unstable; urgency=medium
  49
  50   * encrypt_pw: avoid '+' for crypt salt
  51
  52  -- Proxmox Support Team <support@proxmox.com>  Thu, 30 Mar 2017 08:54:10 +0200
  53
  54 libpve-access-control (5.0-1) unstable; urgency=medium
  55
  56   * rebuild for PVE 5.0
  57
  58  -- Proxmox Support Team <support@proxmox.com>  Mon, 6 Mar 2017 13:42:01 +0100
  59
  60 libpve-access-control (4.0-23) unstable; urgency=medium
  61
  62   * use new PVE::Ticket class
  63
  64  -- Proxmox Support Team <support@proxmox.com>  Thu, 19 Jan 2017 13:42:06 +0100
  65
  66 libpve-access-control (4.0-22) unstable; urgency=medium
  67
  68   * RPCEnvironment: removed check_volume_access() to avoid cyclic dependency
  69     (moved to PVE::Storage)
  70
  71   * PVE::PCEnvironment: use new PVE::RESTEnvironment as base class
  72
  73  -- Proxmox Support Team <support@proxmox.com>  Thu, 19 Jan 2017 09:12:04 +0100
  74
  75 libpve-access-control (4.0-21) unstable; urgency=medium
  76
  77   * setup_default_cli_env: expect $class as first parameter
  78
  79  -- Proxmox Support Team <support@proxmox.com>  Thu, 12 Jan 2017 13:54:27 +0100
  80
  81 libpve-access-control (4.0-20) unstable; urgency=medium
  82
  83   * PVE/RPCEnvironment.pm: new function setup_default_cli_env
  84
  85   * PVE/API2/Domains.pm: fix property description
  86
  87   * use new repoman for upload target
  88
  89  -- Proxmox Support Team <support@proxmox.com>  Wed, 11 Jan 2017 12:13:26 +0100
  90
  91 libpve-access-control (4.0-19) unstable; urgency=medium
  92
  93   * Close #833: ldap: non-anonymous bind support
  94
  95   * don't import 'RFC' from MIME::Base32
  96
  97  -- Proxmox Support Team <support@proxmox.com>  Fri, 05 Aug 2016 13:09:08 +0200
  98
  99 libpve-access-control (4.0-18) unstable; urgency=medium
 100
 101   * fix #1062: recognize base32 otp keys again
 102
 103  -- Proxmox Support Team <support@proxmox.com>  Thu, 21 Jul 2016 08:43:18 +0200
 104
 105 libpve-access-control (4.0-17) unstable; urgency=medium
 106
 107   * drop oathtool and libdigest-hmac-perl dependencies
 108
 109  -- Proxmox Support Team <support@proxmox.com>  Mon, 11 Jul 2016 12:03:22 +0200
 110
 111 libpve-access-control (4.0-16) unstable; urgency=medium
 112
 113   * use pve-doc-generator to generate man pages
 114
 115  -- Proxmox Support Team <support@proxmox.com>  Fri, 08 Apr 2016 07:06:05 +0200
 116
 117 libpve-access-control (4.0-15) unstable; urgency=medium
 118
 119   * Fix uninitialized warning when shadow.cfg does not exist
 120
 121  -- Proxmox Support Team <support@proxmox.com>  Fri, 01 Apr 2016 07:10:57 +0200
 122
 123 libpve-access-control (4.0-14) unstable; urgency=medium
 124
 125   * Add is_worker to RPCEnvironment
 126
 127  -- Proxmox Support Team <support@proxmox.com>  Tue, 15 Mar 2016 16:47:34 +0100
 128
 129 libpve-access-control (4.0-13) unstable; urgency=medium
 130
 131   * fix #916: allow HTTPS to access custom yubico url
 132
 133  -- Proxmox Support Team <support@proxmox.com>  Mon, 14 Mar 2016 11:39:23 +0100
 134
 135 libpve-access-control (4.0-12) unstable; urgency=medium
 136
 137   * Catch certificate errors instead of segfaulting
 138
 139  -- Proxmox Support Team <support@proxmox.com>  Wed, 09 Mar 2016 14:41:01 +0100
 140
 141 libpve-access-control (4.0-11) unstable; urgency=medium
 142
 143   * Fix #861: use safer sprintf formatting
 144
 145  -- Proxmox Support Team <support@proxmox.com>  Fri, 08 Jan 2016 12:52:39 +0100
 146
 147 libpve-access-control (4.0-10) unstable; urgency=medium
 148
 149   *  Auth::LDAP, Auth::AD: ipv6 support
 150
 151  -- Proxmox Support Team <support@proxmox.com>  Thu, 03 Dec 2015 12:09:32 +0100
 152
 153 libpve-access-control (4.0-9) unstable; urgency=medium
 154
 155   * pveum: implement bash completion
 156
 157  -- Proxmox Support Team <support@proxmox.com>  Thu, 01 Oct 2015 17:22:52 +0200
 158
 159 libpve-access-control (4.0-8) unstable; urgency=medium
 160
 161   * remove_storage_access: cleanup of access permissions for removed storage
 162
 163  -- Proxmox Support Team <support@proxmox.com>  Wed, 19 Aug 2015 15:39:15 +0200
 164
 165 libpve-access-control (4.0-7) unstable; urgency=medium
 166
 167   * new helper to remove access permissions for removed VMs
 168
 169  -- Proxmox Support Team <support@proxmox.com>  Fri, 14 Aug 2015 07:57:02 +0200
 170
 171 libpve-access-control (4.0-6) unstable; urgency=medium
 172
 173   * improve parse_user_config, parse_shadow_config
 174
 175  -- Proxmox Support Team <support@proxmox.com>  Mon, 27 Jul 2015 13:14:33 +0200
 176
 177 libpve-access-control (4.0-5) unstable; urgency=medium
 178
 179   * pveum: check for $cmd being defined
 180
 181  -- Proxmox Support Team <support@proxmox.com>  Wed, 10 Jun 2015 10:40:15 +0200
 182
 183 libpve-access-control (4.0-4) unstable; urgency=medium
 184
 185   * use activate-noawait triggers
 186
 187  -- Proxmox Support Team <support@proxmox.com>  Mon, 01 Jun 2015 12:25:31 +0200
 188
 189 libpve-access-control (4.0-3) unstable; urgency=medium
 190
 191   * IPv6 fixes
 192
 193   * non-root buildfix
 194
 195  -- Proxmox Support Team <support@proxmox.com>  Wed, 27 May 2015 11:15:44 +0200
 196
 197 libpve-access-control (4.0-2) unstable; urgency=medium
 198
 199   * trigger pve-api-updates event
 200
 201  -- Proxmox Support Team <support@proxmox.com>  Tue, 05 May 2015 15:06:38 +0200
 202
 203 libpve-access-control (4.0-1) unstable; urgency=medium
 204
 205   * bump version for Debian Jessie
 206
 207  -- Proxmox Support Team <support@proxmox.com>  Thu, 26 Feb 2015 11:22:01 +0100
 208
 209 libpve-access-control (3.0-16) unstable; urgency=low
 210
 211   * root@pam can now be disabled in GUI.
 212
 213  -- Proxmox Support Team <support@proxmox.com>  Fri, 30 Jan 2015 06:20:22 +0100
 214
 215 libpve-access-control (3.0-15) unstable; urgency=low
 216
 217   * oath: add 'step' and 'digits' option
 218
 219  -- Proxmox Support Team <support@proxmox.com>  Wed, 23 Jul 2014 06:59:52 +0200
 220
 221 libpve-access-control (3.0-14) unstable; urgency=low
 222
 223   * add oath two factor auth
 224
 225   * add oathkeygen binary to generate keys for oath
 226
 227   * add yubico two factor auth
 228
 229   * dedend on oathtool
 230
 231   * depend on libmime-base32-perl
 232
 233   * allow to write builtin auth domains config (comment/tfa/default)
 234
 235  -- Proxmox Support Team <support@proxmox.com>  Thu, 17 Jul 2014 13:09:56 +0200
 236
 237 libpve-access-control (3.0-13) unstable; urgency=low
 238
 239   * use correct connection string for AD auth
 240
 241  -- Proxmox Support Team <support@proxmox.com>  Thu, 22 May 2014 07:16:09 +0200
 242
 243 libpve-access-control (3.0-12) unstable; urgency=low
 244
 245   * add dummy API for GET /access/ticket (useful to generate login pages)
 246
 247  -- Proxmox Support Team <support@proxmox.com>  Wed, 30 Apr 2014 14:47:56 +0200
 248
 249 libpve-access-control (3.0-11) unstable; urgency=low
 250
 251   * Sets common hot keys for spice client
 252
 253  -- Proxmox Support Team <support@proxmox.com>  Fri, 31 Jan 2014 10:24:28 +0100
 254
 255 libpve-access-control (3.0-10) unstable; urgency=low
 256
 257   * implement helper to generate SPICE remote-viewer configuration
 258
 259   * depend on libnet-ssleay-perl
 260
 261  -- Proxmox Support Team <support@proxmox.com>  Tue, 10 Dec 2013 10:45:08 +0100
 262
 263 libpve-access-control (3.0-9) unstable; urgency=low
 264
 265   * prevent user enumeration attacks
 266
 267   * allow dots in access paths
 268
 269  -- Proxmox Support Team <support@proxmox.com>  Mon, 18 Nov 2013 09:06:38 +0100
 270
 271 libpve-access-control (3.0-8) unstable; urgency=low
 272
 273   * spice: use lowercase hostname in ticktet signature
 274
 275  -- Proxmox Support Team <support@proxmox.com>  Mon, 28 Oct 2013 08:11:57 +0100
 276
 277 libpve-access-control (3.0-7) unstable; urgency=low
 278
 279   * check_volume_access : use parse_volname instead of path, and remove
 280     path related code.
 281
 282   * use warnings instead of global -w flag.
 283
 284  -- Proxmox Support Team <support@proxmox.com>  Tue, 01 Oct 2013 12:35:53 +0200
 285
 286 libpve-access-control (3.0-6) unstable; urgency=low
 287
 288   * use shorter spiceproxy tickets
 289
 290  -- Proxmox Support Team <support@proxmox.com>  Fri, 19 Jul 2013 12:39:09 +0200
 291
 292 libpve-access-control (3.0-5) unstable; urgency=low
 293
 294   * add code to generate tickets for SPICE
 295
 296  -- Proxmox Support Team <support@proxmox.com>  Wed, 26 Jun 2013 13:08:32 +0200
 297
 298 libpve-access-control (3.0-4) unstable; urgency=low
 299
 300   * moved add_vm_to_pool/remove_vm_from_pool from qemu-server
 301
 302  -- Proxmox Support Team <support@proxmox.com>  Tue, 14 May 2013 11:56:54 +0200
 303
 304 libpve-access-control (3.0-3) unstable; urgency=low
 305
 306   * Add new role PVETemplateUser (and VM.Clone priviledge)
 307
 308  -- Proxmox Support Team <support@proxmox.com>  Mon, 29 Apr 2013 11:42:15 +0200
 309
 310 libpve-access-control (3.0-2) unstable; urgency=low
 311
 312   * remove CGI.pm related code (pveproxy does not need that)
 313
 314  -- Proxmox Support Team <support@proxmox.com>  Mon, 15 Apr 2013 12:34:23 +0200
 315
 316 libpve-access-control (3.0-1) unstable; urgency=low
 317
 318   * bump version for wheezy release
 319
 320  -- Proxmox Support Team <support@proxmox.com>  Fri, 15 Mar 2013 08:07:06 +0100
 321
 322 libpve-access-control (1.0-26) unstable; urgency=low
 323
 324   * check_volume_access: fix access permissions for backup files
 325
 326  -- Proxmox Support Team <support@proxmox.com>  Thu, 28 Feb 2013 10:00:14 +0100
 327
 328 libpve-access-control (1.0-25) unstable; urgency=low
 329
 330   * add VM.Snapshot permission
 331
 332  -- Proxmox Support Team <support@proxmox.com>  Mon, 10 Sep 2012 09:23:32 +0200
 333
 334 libpve-access-control (1.0-24) unstable; urgency=low
 335
 336   * untaint path (allow root to restore arbitrary paths)
 337
 338  -- Proxmox Support Team <support@proxmox.com>  Wed, 06 Jun 2012 13:06:34 +0200
 339
 340 libpve-access-control (1.0-23) unstable; urgency=low
 341
 342   * correctly compute GUI capabilities (consider pools)
 343
 344  -- Proxmox Support Team <support@proxmox.com>  Wed, 30 May 2012 08:47:23 +0200
 345
 346 libpve-access-control (1.0-22) unstable; urgency=low
 347
 348   * new plugin architecture for Auth modules, minor API change for Auth
 349     domains (new 'delete' parameter)
 350
 351  -- Proxmox Support Team <support@proxmox.com>  Wed, 16 May 2012 07:21:44 +0200
 352
 353 libpve-access-control (1.0-21) unstable; urgency=low
 354
 355   * do not allow user names including slash
 356
 357  -- Proxmox Support Team <support@proxmox.com>  Tue, 24 Apr 2012 10:07:47 +0200
 358
 359 libpve-access-control (1.0-20) unstable; urgency=low
 360
 361   * add ability to fork cli workers in background
 362
 363  -- Proxmox Support Team <support@proxmox.com>  Wed, 18 Apr 2012 08:28:20 +0200
 364
 365 libpve-access-control (1.0-19) unstable; urgency=low
 366
 367   * return set of privileges on login - can be used to adopt GUI
 368
 369  -- Proxmox Support Team <support@proxmox.com>  Tue, 17 Apr 2012 10:25:10 +0200
 370
 371 libpve-access-control (1.0-18) unstable; urgency=low
 372
 373   * fix bug #151: corretly parse username inside ticket
 374
 375   * fix bug #152: allow user to change his own password
 376
 377  -- Proxmox Support Team <support@proxmox.com>  Wed, 11 Apr 2012 09:40:15 +0200
 378
 379 libpve-access-control (1.0-17) unstable; urgency=low
 380
 381   * set propagate flag by default
 382
 383  -- Proxmox Support Team <support@proxmox.com>  Thu, 01 Mar 2012 12:40:19 +0100
 384
 385 libpve-access-control (1.0-16) unstable; urgency=low
 386
 387   * add 'pveum passwd' method
 388
 389  -- Proxmox Support Team <support@proxmox.com>  Thu, 23 Feb 2012 12:05:25 +0100
 390
 391 libpve-access-control (1.0-15) unstable; urgency=low
 392
 393   * Add VM.Config.CDROM privilege to PVEVMUser rule
 394
 395  -- Proxmox Support Team <support@proxmox.com>  Wed, 22 Feb 2012 11:44:23 +0100
 396
 397 libpve-access-control (1.0-14) unstable; urgency=low
 398
 399   * fix buf in userid-param permission check
 400
 401  -- Proxmox Support Team <support@proxmox.com>  Wed, 22 Feb 2012 10:52:35 +0100
 402
 403 libpve-access-control (1.0-13) unstable; urgency=low
 404
 405   * allow more characters in ldap base_dn attribute
 406
 407  -- Proxmox Support Team <support@proxmox.com>  Wed, 22 Feb 2012 06:17:02 +0100
 408
 409 libpve-access-control (1.0-12) unstable; urgency=low
 410
 411   * allow more characters with realm IDs
 412
 413  -- Proxmox Support Team <support@proxmox.com>  Mon, 20 Feb 2012 08:50:33 +0100
 414
 415 libpve-access-control (1.0-11) unstable; urgency=low
 416
 417   * fix bug in exec_api2_perm_check
 418
 419  -- Proxmox Support Team <support@proxmox.com>  Wed, 15 Feb 2012 07:06:30 +0100
 420
 421 libpve-access-control (1.0-10) unstable; urgency=low
 422
 423   * fix ACL group name parser
 424
 425   * changed 'pveum aclmod' command line arguments
 426
 427  -- Proxmox Support Team <support@proxmox.com>  Tue, 14 Feb 2012 12:08:02 +0100
 428
 429 libpve-access-control (1.0-9) unstable; urgency=low
 430
 431   * fix bug in check_volume_access (fixes vzrestore)
 432
 433  -- Proxmox Support Team <support@proxmox.com>  Mon, 13 Feb 2012 09:56:37 +0100
 434
 435 libpve-access-control (1.0-8) unstable; urgency=low
 436
 437   * fix return value for empty ACL list.
 438
 439  -- Proxmox Support Team <support@proxmox.com>  Fri, 10 Feb 2012 11:25:04 +0100
 440
 441 libpve-access-control (1.0-7) unstable; urgency=low
 442
 443   * fix bug #85: allow root@pam to generate tickets for other users
 444
 445  -- Proxmox Support Team <support@proxmox.com>  Tue, 17 Jan 2012 06:40:18 +0100
 446
 447 libpve-access-control (1.0-6) unstable; urgency=low
 448
 449   * API change: allow to filter enabled/disabled users.
 450
 451  -- Proxmox Support Team <support@proxmox.com>  Wed, 11 Jan 2012 12:30:37 +0100
 452
 453 libpve-access-control (1.0-5) unstable; urgency=low
 454
 455   * add a way to return file changes (diffs): set_result_changes()
 456
 457  -- Proxmox Support Team <support@proxmox.com>  Tue, 20 Dec 2011 11:18:48 +0100
 458
 459 libpve-access-control (1.0-4) unstable; urgency=low
 460
 461   * new environment type for ha agents
 462
 463  -- Proxmox Support Team <support@proxmox.com>  Tue, 13 Dec 2011 10:08:53 +0100
 464
 465 libpve-access-control (1.0-3) unstable; urgency=low
 466
 467   * add support for delayed parameter parsing - We need that to disable
 468     file upload for normal API request (avoid DOS attacs)
 469
 470  -- Proxmox Support Team <support@proxmox.com>  Fri, 02 Dec 2011 09:56:10 +0100
 471
 472 libpve-access-control (1.0-2) unstable; urgency=low
 473
 474   * fix bug in fork_worker
 475
 476  -- Proxmox Support Team <support@proxmox.com>  Tue, 11 Oct 2011 08:37:05 +0200
 477
 478 libpve-access-control (1.0-1) unstable; urgency=low
 479
 480   * allow '-' in permission paths
 481
 482   * bump version to 1.0
 483
 484  -- Proxmox Support Team <support@proxmox.com>  Mon, 27 Jun 2011 13:51:48 +0200
 485
 486 libpve-access-control (0.1) unstable; urgency=low
 487
 488   * first dummy package - no functionality
 489
 490  -- Proxmox Support Team <support@proxmox.com>  Thu, 09 Jul 2009 16:03:00 +0200
 491