debian/changelog

   1 libpve-access-control (5.1-8) unstable; urgency=medium
   2
   3   * U2F: ensure we save correct public key on registration
   4
   5  -- Proxmox Support Team <support@proxmox.com>  Tue, 09 Apr 2019 12:47:12 +0200
   6
   7 libpve-access-control (5.1-7) unstable; urgency=medium
   8
   9   * verify_ticket: allow general non-challenge tfa to be run as two step
  10     call
  11
  12  -- Proxmox Support Team <support@proxmox.com>  Mon, 08 Apr 2019 16:56:14 +0200
  13
  14 libpve-access-control (5.1-6) unstable; urgency=medium
  15
  16   * more general 2FA configuration via priv/tfa.cfg
  17
  18   * add u2f api endpoints
  19
  20   * delete TFA entries when deleting a user
  21
  22   * allow users to change their TOTP settings
  23
  24  -- Proxmox Support Team <support@proxmox.com>  Wed, 03 Apr 2019 13:40:26 +0200
  25
  26 libpve-access-control (5.1-5) unstable; urgency=medium
  27
  28   * fix vnc ticket verification without authkey lifetime
  29
  30  -- Proxmox Support Team <support@proxmox.com>  Mon, 18 Mar 2019 10:43:17 +0100
  31
  32 libpve-access-control (5.1-4) unstable; urgency=medium
  33
  34   * fix #1891: Add zsh command completion for pveum
  35
  36   * ground work to fix #2079: add periodic auth key rotation. Not yet enabled
  37     to avoid issues on upgrade, will be enabled with 6.0
  38
  39  -- Proxmox Support Team <support@proxmox.com>  Mon, 18 Mar 2019 09:12:05 +0100
  40
  41 libpve-access-control (5.1-3) unstable; urgency=medium
  42
  43   * api/ticket: move getting cluster name into an eval
  44
  45  -- Proxmox Support Team <support@proxmox.com>  Thu, 29 Nov 2018 12:59:36 +0100
  46
  47 libpve-access-control (5.1-2) unstable; urgency=medium
  48
  49   * fix #1998: correct return properties for read_role
  50
  51  -- Proxmox Support Team <support@proxmox.com>  Fri, 23 Nov 2018 14:22:40 +0100
  52
  53 libpve-access-control (5.1-1) unstable; urgency=medium
  54
  55   * pveum: introduce sub-commands
  56
  57   * register userid with completion
  58
  59   * fix #233: return cluster name on successful login
  60
  61  -- Proxmox Support Team <support@proxmox.com>  Thu, 15 Nov 2018 09:34:47 +0100
  62
  63 libpve-access-control (5.0-8) unstable; urgency=medium
  64
  65   * fix #1612: ldap: make 2nd server work with bind domains again
  66
  67   * fix an error message where passing a bad pool id to an API function would
  68     make it complain about a wrong group name instead
  69
  70   * fix the API-returned permission list so that the GUI knows to show the
  71     'Permissions' tab for a storage to an administrator apart from root@pam
  72
  73  -- Proxmox Support Team <support@proxmox.com>  Thu, 18 Jan 2018 13:34:50 +0100
  74
  75 libpve-access-control (5.0-7) unstable; urgency=medium
  76
  77   * VM.Snapshot.Rollback privilege added
  78
  79   * api: check for special roles before locking the usercfg
  80
  81   * fix #1501: pveum: die when deleting special role
  82
  83   * API/ticket: rework coarse grained permission computation
  84
  85  -- Proxmox Support Team <support@proxmox.com>  Thu, 5 Oct 2017 11:27:48 +0200
  86
  87 libpve-access-control (5.0-6) unstable; urgency=medium
  88
  89   * Close #1470: Add server ceritifcate verification for AD and LDAP via the
  90     'verify' option. For compatibility reasons this defaults to off for now,
  91     but that might change with future updates.
  92
  93   * AD, LDAP: Add ability to specify a CA path or file, and a client
  94     certificate via the 'capath', 'cert' and 'certkey' options.
  95
  96  -- Proxmox Support Team <support@proxmox.com>  Tue, 08 Aug 2017 11:56:38 +0200
  97
  98 libpve-access-control (5.0-5) unstable; urgency=medium
  99
 100   * change from dpkg-deb to dpkg-buildpackage
 101
 102  -- Proxmox Support Team <support@proxmox.com>  Thu, 22 Jun 2017 09:12:37 +0200
 103
 104 libpve-access-control (5.0-4) unstable; urgency=medium
 105
 106   * PVE/CLI/pveum.pm: call setup_default_cli_env()
 107
 108   * PVE/Auth/PVE.pm: encode uft8 password before calling crypt
 109
 110   * check_api2_permissions: avoid warning about uninitialized value
 111
 112  -- Proxmox Support Team <support@proxmox.com>  Tue, 02 May 2017 11:58:15 +0200
 113
 114 libpve-access-control (5.0-3) unstable; urgency=medium
 115
 116   * use new PVE::OTP class from pve-common
 117
 118   * use new PVE::Tools::encrypt_pw from pve-common
 119
 120  -- Proxmox Support Team <support@proxmox.com>  Thu, 30 Mar 2017 17:45:55 +0200
 121
 122 libpve-access-control (5.0-2) unstable; urgency=medium
 123
 124   * encrypt_pw: avoid '+' for crypt salt
 125
 126  -- Proxmox Support Team <support@proxmox.com>  Thu, 30 Mar 2017 08:54:10 +0200
 127
 128 libpve-access-control (5.0-1) unstable; urgency=medium
 129
 130   * rebuild for PVE 5.0
 131
 132  -- Proxmox Support Team <support@proxmox.com>  Mon, 6 Mar 2017 13:42:01 +0100
 133
 134 libpve-access-control (4.0-23) unstable; urgency=medium
 135
 136   * use new PVE::Ticket class
 137
 138  -- Proxmox Support Team <support@proxmox.com>  Thu, 19 Jan 2017 13:42:06 +0100
 139
 140 libpve-access-control (4.0-22) unstable; urgency=medium
 141
 142   * RPCEnvironment: removed check_volume_access() to avoid cyclic dependency
 143     (moved to PVE::Storage)
 144
 145   * PVE::PCEnvironment: use new PVE::RESTEnvironment as base class
 146
 147  -- Proxmox Support Team <support@proxmox.com>  Thu, 19 Jan 2017 09:12:04 +0100
 148
 149 libpve-access-control (4.0-21) unstable; urgency=medium
 150
 151   * setup_default_cli_env: expect $class as first parameter
 152
 153  -- Proxmox Support Team <support@proxmox.com>  Thu, 12 Jan 2017 13:54:27 +0100
 154
 155 libpve-access-control (4.0-20) unstable; urgency=medium
 156
 157   * PVE/RPCEnvironment.pm: new function setup_default_cli_env
 158
 159   * PVE/API2/Domains.pm: fix property description
 160
 161   * use new repoman for upload target
 162
 163  -- Proxmox Support Team <support@proxmox.com>  Wed, 11 Jan 2017 12:13:26 +0100
 164
 165 libpve-access-control (4.0-19) unstable; urgency=medium
 166
 167   * Close #833: ldap: non-anonymous bind support
 168
 169   * don't import 'RFC' from MIME::Base32
 170
 171  -- Proxmox Support Team <support@proxmox.com>  Fri, 05 Aug 2016 13:09:08 +0200
 172
 173 libpve-access-control (4.0-18) unstable; urgency=medium
 174
 175   * fix #1062: recognize base32 otp keys again
 176
 177  -- Proxmox Support Team <support@proxmox.com>  Thu, 21 Jul 2016 08:43:18 +0200
 178
 179 libpve-access-control (4.0-17) unstable; urgency=medium
 180
 181   * drop oathtool and libdigest-hmac-perl dependencies
 182
 183  -- Proxmox Support Team <support@proxmox.com>  Mon, 11 Jul 2016 12:03:22 +0200
 184
 185 libpve-access-control (4.0-16) unstable; urgency=medium
 186
 187   * use pve-doc-generator to generate man pages
 188
 189  -- Proxmox Support Team <support@proxmox.com>  Fri, 08 Apr 2016 07:06:05 +0200
 190
 191 libpve-access-control (4.0-15) unstable; urgency=medium
 192
 193   * Fix uninitialized warning when shadow.cfg does not exist
 194
 195  -- Proxmox Support Team <support@proxmox.com>  Fri, 01 Apr 2016 07:10:57 +0200
 196
 197 libpve-access-control (4.0-14) unstable; urgency=medium
 198
 199   * Add is_worker to RPCEnvironment
 200
 201  -- Proxmox Support Team <support@proxmox.com>  Tue, 15 Mar 2016 16:47:34 +0100
 202
 203 libpve-access-control (4.0-13) unstable; urgency=medium
 204
 205   * fix #916: allow HTTPS to access custom yubico url
 206
 207  -- Proxmox Support Team <support@proxmox.com>  Mon, 14 Mar 2016 11:39:23 +0100
 208
 209 libpve-access-control (4.0-12) unstable; urgency=medium
 210
 211   * Catch certificate errors instead of segfaulting
 212
 213  -- Proxmox Support Team <support@proxmox.com>  Wed, 09 Mar 2016 14:41:01 +0100
 214
 215 libpve-access-control (4.0-11) unstable; urgency=medium
 216
 217   * Fix #861: use safer sprintf formatting
 218
 219  -- Proxmox Support Team <support@proxmox.com>  Fri, 08 Jan 2016 12:52:39 +0100
 220
 221 libpve-access-control (4.0-10) unstable; urgency=medium
 222
 223   *  Auth::LDAP, Auth::AD: ipv6 support
 224
 225  -- Proxmox Support Team <support@proxmox.com>  Thu, 03 Dec 2015 12:09:32 +0100
 226
 227 libpve-access-control (4.0-9) unstable; urgency=medium
 228
 229   * pveum: implement bash completion
 230
 231  -- Proxmox Support Team <support@proxmox.com>  Thu, 01 Oct 2015 17:22:52 +0200
 232
 233 libpve-access-control (4.0-8) unstable; urgency=medium
 234
 235   * remove_storage_access: cleanup of access permissions for removed storage
 236
 237  -- Proxmox Support Team <support@proxmox.com>  Wed, 19 Aug 2015 15:39:15 +0200
 238
 239 libpve-access-control (4.0-7) unstable; urgency=medium
 240
 241   * new helper to remove access permissions for removed VMs
 242
 243  -- Proxmox Support Team <support@proxmox.com>  Fri, 14 Aug 2015 07:57:02 +0200
 244
 245 libpve-access-control (4.0-6) unstable; urgency=medium
 246
 247   * improve parse_user_config, parse_shadow_config
 248
 249  -- Proxmox Support Team <support@proxmox.com>  Mon, 27 Jul 2015 13:14:33 +0200
 250
 251 libpve-access-control (4.0-5) unstable; urgency=medium
 252
 253   * pveum: check for $cmd being defined
 254
 255  -- Proxmox Support Team <support@proxmox.com>  Wed, 10 Jun 2015 10:40:15 +0200
 256
 257 libpve-access-control (4.0-4) unstable; urgency=medium
 258
 259   * use activate-noawait triggers
 260
 261  -- Proxmox Support Team <support@proxmox.com>  Mon, 01 Jun 2015 12:25:31 +0200
 262
 263 libpve-access-control (4.0-3) unstable; urgency=medium
 264
 265   * IPv6 fixes
 266
 267   * non-root buildfix
 268
 269  -- Proxmox Support Team <support@proxmox.com>  Wed, 27 May 2015 11:15:44 +0200
 270
 271 libpve-access-control (4.0-2) unstable; urgency=medium
 272
 273   * trigger pve-api-updates event
 274
 275  -- Proxmox Support Team <support@proxmox.com>  Tue, 05 May 2015 15:06:38 +0200
 276
 277 libpve-access-control (4.0-1) unstable; urgency=medium
 278
 279   * bump version for Debian Jessie
 280
 281  -- Proxmox Support Team <support@proxmox.com>  Thu, 26 Feb 2015 11:22:01 +0100
 282
 283 libpve-access-control (3.0-16) unstable; urgency=low
 284
 285   * root@pam can now be disabled in GUI.
 286
 287  -- Proxmox Support Team <support@proxmox.com>  Fri, 30 Jan 2015 06:20:22 +0100
 288
 289 libpve-access-control (3.0-15) unstable; urgency=low
 290
 291   * oath: add 'step' and 'digits' option
 292
 293  -- Proxmox Support Team <support@proxmox.com>  Wed, 23 Jul 2014 06:59:52 +0200
 294
 295 libpve-access-control (3.0-14) unstable; urgency=low
 296
 297   * add oath two factor auth
 298
 299   * add oathkeygen binary to generate keys for oath
 300
 301   * add yubico two factor auth
 302
 303   * dedend on oathtool
 304
 305   * depend on libmime-base32-perl
 306
 307   * allow to write builtin auth domains config (comment/tfa/default)
 308
 309  -- Proxmox Support Team <support@proxmox.com>  Thu, 17 Jul 2014 13:09:56 +0200
 310
 311 libpve-access-control (3.0-13) unstable; urgency=low
 312
 313   * use correct connection string for AD auth
 314
 315  -- Proxmox Support Team <support@proxmox.com>  Thu, 22 May 2014 07:16:09 +0200
 316
 317 libpve-access-control (3.0-12) unstable; urgency=low
 318
 319   * add dummy API for GET /access/ticket (useful to generate login pages)
 320
 321  -- Proxmox Support Team <support@proxmox.com>  Wed, 30 Apr 2014 14:47:56 +0200
 322
 323 libpve-access-control (3.0-11) unstable; urgency=low
 324
 325   * Sets common hot keys for spice client
 326
 327  -- Proxmox Support Team <support@proxmox.com>  Fri, 31 Jan 2014 10:24:28 +0100
 328
 329 libpve-access-control (3.0-10) unstable; urgency=low
 330
 331   * implement helper to generate SPICE remote-viewer configuration
 332
 333   * depend on libnet-ssleay-perl
 334
 335  -- Proxmox Support Team <support@proxmox.com>  Tue, 10 Dec 2013 10:45:08 +0100
 336
 337 libpve-access-control (3.0-9) unstable; urgency=low
 338
 339   * prevent user enumeration attacks
 340
 341   * allow dots in access paths
 342
 343  -- Proxmox Support Team <support@proxmox.com>  Mon, 18 Nov 2013 09:06:38 +0100
 344
 345 libpve-access-control (3.0-8) unstable; urgency=low
 346
 347   * spice: use lowercase hostname in ticktet signature
 348
 349  -- Proxmox Support Team <support@proxmox.com>  Mon, 28 Oct 2013 08:11:57 +0100
 350
 351 libpve-access-control (3.0-7) unstable; urgency=low
 352
 353   * check_volume_access : use parse_volname instead of path, and remove
 354     path related code.
 355
 356   * use warnings instead of global -w flag.
 357
 358  -- Proxmox Support Team <support@proxmox.com>  Tue, 01 Oct 2013 12:35:53 +0200
 359
 360 libpve-access-control (3.0-6) unstable; urgency=low
 361
 362   * use shorter spiceproxy tickets
 363
 364  -- Proxmox Support Team <support@proxmox.com>  Fri, 19 Jul 2013 12:39:09 +0200
 365
 366 libpve-access-control (3.0-5) unstable; urgency=low
 367
 368   * add code to generate tickets for SPICE
 369
 370  -- Proxmox Support Team <support@proxmox.com>  Wed, 26 Jun 2013 13:08:32 +0200
 371
 372 libpve-access-control (3.0-4) unstable; urgency=low
 373
 374   * moved add_vm_to_pool/remove_vm_from_pool from qemu-server
 375
 376  -- Proxmox Support Team <support@proxmox.com>  Tue, 14 May 2013 11:56:54 +0200
 377
 378 libpve-access-control (3.0-3) unstable; urgency=low
 379
 380   * Add new role PVETemplateUser (and VM.Clone priviledge)
 381
 382  -- Proxmox Support Team <support@proxmox.com>  Mon, 29 Apr 2013 11:42:15 +0200
 383
 384 libpve-access-control (3.0-2) unstable; urgency=low
 385
 386   * remove CGI.pm related code (pveproxy does not need that)
 387
 388  -- Proxmox Support Team <support@proxmox.com>  Mon, 15 Apr 2013 12:34:23 +0200
 389
 390 libpve-access-control (3.0-1) unstable; urgency=low
 391
 392   * bump version for wheezy release
 393
 394  -- Proxmox Support Team <support@proxmox.com>  Fri, 15 Mar 2013 08:07:06 +0100
 395
 396 libpve-access-control (1.0-26) unstable; urgency=low
 397
 398   * check_volume_access: fix access permissions for backup files
 399
 400  -- Proxmox Support Team <support@proxmox.com>  Thu, 28 Feb 2013 10:00:14 +0100
 401
 402 libpve-access-control (1.0-25) unstable; urgency=low
 403
 404   * add VM.Snapshot permission
 405
 406  -- Proxmox Support Team <support@proxmox.com>  Mon, 10 Sep 2012 09:23:32 +0200
 407
 408 libpve-access-control (1.0-24) unstable; urgency=low
 409
 410   * untaint path (allow root to restore arbitrary paths)
 411
 412  -- Proxmox Support Team <support@proxmox.com>  Wed, 06 Jun 2012 13:06:34 +0200
 413
 414 libpve-access-control (1.0-23) unstable; urgency=low
 415
 416   * correctly compute GUI capabilities (consider pools)
 417
 418  -- Proxmox Support Team <support@proxmox.com>  Wed, 30 May 2012 08:47:23 +0200
 419
 420 libpve-access-control (1.0-22) unstable; urgency=low
 421
 422   * new plugin architecture for Auth modules, minor API change for Auth
 423     domains (new 'delete' parameter)
 424
 425  -- Proxmox Support Team <support@proxmox.com>  Wed, 16 May 2012 07:21:44 +0200
 426
 427 libpve-access-control (1.0-21) unstable; urgency=low
 428
 429   * do not allow user names including slash
 430
 431  -- Proxmox Support Team <support@proxmox.com>  Tue, 24 Apr 2012 10:07:47 +0200
 432
 433 libpve-access-control (1.0-20) unstable; urgency=low
 434
 435   * add ability to fork cli workers in background
 436
 437  -- Proxmox Support Team <support@proxmox.com>  Wed, 18 Apr 2012 08:28:20 +0200
 438
 439 libpve-access-control (1.0-19) unstable; urgency=low
 440
 441   * return set of privileges on login - can be used to adopt GUI
 442
 443  -- Proxmox Support Team <support@proxmox.com>  Tue, 17 Apr 2012 10:25:10 +0200
 444
 445 libpve-access-control (1.0-18) unstable; urgency=low
 446
 447   * fix bug #151: corretly parse username inside ticket
 448
 449   * fix bug #152: allow user to change his own password
 450
 451  -- Proxmox Support Team <support@proxmox.com>  Wed, 11 Apr 2012 09:40:15 +0200
 452
 453 libpve-access-control (1.0-17) unstable; urgency=low
 454
 455   * set propagate flag by default
 456
 457  -- Proxmox Support Team <support@proxmox.com>  Thu, 01 Mar 2012 12:40:19 +0100
 458
 459 libpve-access-control (1.0-16) unstable; urgency=low
 460
 461   * add 'pveum passwd' method
 462
 463  -- Proxmox Support Team <support@proxmox.com>  Thu, 23 Feb 2012 12:05:25 +0100
 464
 465 libpve-access-control (1.0-15) unstable; urgency=low
 466
 467   * Add VM.Config.CDROM privilege to PVEVMUser rule
 468
 469  -- Proxmox Support Team <support@proxmox.com>  Wed, 22 Feb 2012 11:44:23 +0100
 470
 471 libpve-access-control (1.0-14) unstable; urgency=low
 472
 473   * fix buf in userid-param permission check
 474
 475  -- Proxmox Support Team <support@proxmox.com>  Wed, 22 Feb 2012 10:52:35 +0100
 476
 477 libpve-access-control (1.0-13) unstable; urgency=low
 478
 479   * allow more characters in ldap base_dn attribute
 480
 481  -- Proxmox Support Team <support@proxmox.com>  Wed, 22 Feb 2012 06:17:02 +0100
 482
 483 libpve-access-control (1.0-12) unstable; urgency=low
 484
 485   * allow more characters with realm IDs
 486
 487  -- Proxmox Support Team <support@proxmox.com>  Mon, 20 Feb 2012 08:50:33 +0100
 488
 489 libpve-access-control (1.0-11) unstable; urgency=low
 490
 491   * fix bug in exec_api2_perm_check
 492
 493  -- Proxmox Support Team <support@proxmox.com>  Wed, 15 Feb 2012 07:06:30 +0100
 494
 495 libpve-access-control (1.0-10) unstable; urgency=low
 496
 497   * fix ACL group name parser
 498
 499   * changed 'pveum aclmod' command line arguments
 500
 501  -- Proxmox Support Team <support@proxmox.com>  Tue, 14 Feb 2012 12:08:02 +0100
 502
 503 libpve-access-control (1.0-9) unstable; urgency=low
 504
 505   * fix bug in check_volume_access (fixes vzrestore)
 506
 507  -- Proxmox Support Team <support@proxmox.com>  Mon, 13 Feb 2012 09:56:37 +0100
 508
 509 libpve-access-control (1.0-8) unstable; urgency=low
 510
 511   * fix return value for empty ACL list.
 512
 513  -- Proxmox Support Team <support@proxmox.com>  Fri, 10 Feb 2012 11:25:04 +0100
 514
 515 libpve-access-control (1.0-7) unstable; urgency=low
 516
 517   * fix bug #85: allow root@pam to generate tickets for other users
 518
 519  -- Proxmox Support Team <support@proxmox.com>  Tue, 17 Jan 2012 06:40:18 +0100
 520
 521 libpve-access-control (1.0-6) unstable; urgency=low
 522
 523   * API change: allow to filter enabled/disabled users.
 524
 525  -- Proxmox Support Team <support@proxmox.com>  Wed, 11 Jan 2012 12:30:37 +0100
 526
 527 libpve-access-control (1.0-5) unstable; urgency=low
 528
 529   * add a way to return file changes (diffs): set_result_changes()
 530
 531  -- Proxmox Support Team <support@proxmox.com>  Tue, 20 Dec 2011 11:18:48 +0100
 532
 533 libpve-access-control (1.0-4) unstable; urgency=low
 534
 535   * new environment type for ha agents
 536
 537  -- Proxmox Support Team <support@proxmox.com>  Tue, 13 Dec 2011 10:08:53 +0100
 538
 539 libpve-access-control (1.0-3) unstable; urgency=low
 540
 541   * add support for delayed parameter parsing - We need that to disable
 542     file upload for normal API request (avoid DOS attacs)
 543
 544  -- Proxmox Support Team <support@proxmox.com>  Fri, 02 Dec 2011 09:56:10 +0100
 545
 546 libpve-access-control (1.0-2) unstable; urgency=low
 547
 548   * fix bug in fork_worker
 549
 550  -- Proxmox Support Team <support@proxmox.com>  Tue, 11 Oct 2011 08:37:05 +0200
 551
 552 libpve-access-control (1.0-1) unstable; urgency=low
 553
 554   * allow '-' in permission paths
 555
 556   * bump version to 1.0
 557
 558  -- Proxmox Support Team <support@proxmox.com>  Mon, 27 Jun 2011 13:51:48 +0200
 559
 560 libpve-access-control (0.1) unstable; urgency=low
 561
 562   * first dummy package - no functionality
 563
 564  -- Proxmox Support Team <support@proxmox.com>  Thu, 09 Jul 2009 16:03:00 +0200
 565