c7dbd984022a9208f6485e0b8f5c58fd036bffe3
[pve-access-control.git] / debian / changelog
1 libpve-access-control (5.0-8) unstable; urgency=medium
2
3 * fix #1612: ldap: make 2nd server work with bind domains again
4
5 * fix an error message where passing a bad pool id to an API function would
6 make it complain about a wrong group name instead
7
8 * fix the API-returned permission list so that the GUI knows to show the
9 'Permissions' tab for a storage to an administrator apart from root@pam
10
11 -- Proxmox Support Team <support@proxmox.com> Thu, 18 Jan 2018 13:34:50 +0100
12
13 libpve-access-control (5.0-7) unstable; urgency=medium
14
15 * VM.Snapshot.Rollback privilege added
16
17 * api: check for special roles before locking the usercfg
18
19 * fix #1501: pveum: die when deleting special role
20
21 * API/ticket: rework coarse grained permission computation
22
23 -- Proxmox Support Team <support@proxmox.com> Thu, 5 Oct 2017 11:27:48 +0200
24
25 libpve-access-control (5.0-6) unstable; urgency=medium
26
27 * Close #1470: Add server ceritifcate verification for AD and LDAP via the
28 'verify' option. For compatibility reasons this defaults to off for now,
29 but that might change with future updates.
30
31 * AD, LDAP: Add ability to specify a CA path or file, and a client
32 certificate via the 'capath', 'cert' and 'certkey' options.
33
34 -- Proxmox Support Team <support@proxmox.com> Tue, 08 Aug 2017 11:56:38 +0200
35
36 libpve-access-control (5.0-5) unstable; urgency=medium
37
38 * change from dpkg-deb to dpkg-buildpackage
39
40 -- Proxmox Support Team <support@proxmox.com> Thu, 22 Jun 2017 09:12:37 +0200
41
42 libpve-access-control (5.0-4) unstable; urgency=medium
43
44 * PVE/CLI/pveum.pm: call setup_default_cli_env()
45
46 * PVE/Auth/PVE.pm: encode uft8 password before calling crypt
47
48 * check_api2_permissions: avoid warning about uninitialized value
49
50 -- Proxmox Support Team <support@proxmox.com> Tue, 02 May 2017 11:58:15 +0200
51
52 libpve-access-control (5.0-3) unstable; urgency=medium
53
54 * use new PVE::OTP class from pve-common
55
56 * use new PVE::Tools::encrypt_pw from pve-common
57
58 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 17:45:55 +0200
59
60 libpve-access-control (5.0-2) unstable; urgency=medium
61
62 * encrypt_pw: avoid '+' for crypt salt
63
64 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 08:54:10 +0200
65
66 libpve-access-control (5.0-1) unstable; urgency=medium
67
68 * rebuild for PVE 5.0
69
70 -- Proxmox Support Team <support@proxmox.com> Mon, 6 Mar 2017 13:42:01 +0100
71
72 libpve-access-control (4.0-23) unstable; urgency=medium
73
74 * use new PVE::Ticket class
75
76 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 13:42:06 +0100
77
78 libpve-access-control (4.0-22) unstable; urgency=medium
79
80 * RPCEnvironment: removed check_volume_access() to avoid cyclic dependency
81 (moved to PVE::Storage)
82
83 * PVE::PCEnvironment: use new PVE::RESTEnvironment as base class
84
85 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 09:12:04 +0100
86
87 libpve-access-control (4.0-21) unstable; urgency=medium
88
89 * setup_default_cli_env: expect $class as first parameter
90
91 -- Proxmox Support Team <support@proxmox.com> Thu, 12 Jan 2017 13:54:27 +0100
92
93 libpve-access-control (4.0-20) unstable; urgency=medium
94
95 * PVE/RPCEnvironment.pm: new function setup_default_cli_env
96
97 * PVE/API2/Domains.pm: fix property description
98
99 * use new repoman for upload target
100
101 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2017 12:13:26 +0100
102
103 libpve-access-control (4.0-19) unstable; urgency=medium
104
105 * Close #833: ldap: non-anonymous bind support
106
107 * don't import 'RFC' from MIME::Base32
108
109 -- Proxmox Support Team <support@proxmox.com> Fri, 05 Aug 2016 13:09:08 +0200
110
111 libpve-access-control (4.0-18) unstable; urgency=medium
112
113 * fix #1062: recognize base32 otp keys again
114
115 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Jul 2016 08:43:18 +0200
116
117 libpve-access-control (4.0-17) unstable; urgency=medium
118
119 * drop oathtool and libdigest-hmac-perl dependencies
120
121 -- Proxmox Support Team <support@proxmox.com> Mon, 11 Jul 2016 12:03:22 +0200
122
123 libpve-access-control (4.0-16) unstable; urgency=medium
124
125 * use pve-doc-generator to generate man pages
126
127 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Apr 2016 07:06:05 +0200
128
129 libpve-access-control (4.0-15) unstable; urgency=medium
130
131 * Fix uninitialized warning when shadow.cfg does not exist
132
133 -- Proxmox Support Team <support@proxmox.com> Fri, 01 Apr 2016 07:10:57 +0200
134
135 libpve-access-control (4.0-14) unstable; urgency=medium
136
137 * Add is_worker to RPCEnvironment
138
139 -- Proxmox Support Team <support@proxmox.com> Tue, 15 Mar 2016 16:47:34 +0100
140
141 libpve-access-control (4.0-13) unstable; urgency=medium
142
143 * fix #916: allow HTTPS to access custom yubico url
144
145 -- Proxmox Support Team <support@proxmox.com> Mon, 14 Mar 2016 11:39:23 +0100
146
147 libpve-access-control (4.0-12) unstable; urgency=medium
148
149 * Catch certificate errors instead of segfaulting
150
151 -- Proxmox Support Team <support@proxmox.com> Wed, 09 Mar 2016 14:41:01 +0100
152
153 libpve-access-control (4.0-11) unstable; urgency=medium
154
155 * Fix #861: use safer sprintf formatting
156
157 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Jan 2016 12:52:39 +0100
158
159 libpve-access-control (4.0-10) unstable; urgency=medium
160
161 * Auth::LDAP, Auth::AD: ipv6 support
162
163 -- Proxmox Support Team <support@proxmox.com> Thu, 03 Dec 2015 12:09:32 +0100
164
165 libpve-access-control (4.0-9) unstable; urgency=medium
166
167 * pveum: implement bash completion
168
169 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Oct 2015 17:22:52 +0200
170
171 libpve-access-control (4.0-8) unstable; urgency=medium
172
173 * remove_storage_access: cleanup of access permissions for removed storage
174
175 -- Proxmox Support Team <support@proxmox.com> Wed, 19 Aug 2015 15:39:15 +0200
176
177 libpve-access-control (4.0-7) unstable; urgency=medium
178
179 * new helper to remove access permissions for removed VMs
180
181 -- Proxmox Support Team <support@proxmox.com> Fri, 14 Aug 2015 07:57:02 +0200
182
183 libpve-access-control (4.0-6) unstable; urgency=medium
184
185 * improve parse_user_config, parse_shadow_config
186
187 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jul 2015 13:14:33 +0200
188
189 libpve-access-control (4.0-5) unstable; urgency=medium
190
191 * pveum: check for $cmd being defined
192
193 -- Proxmox Support Team <support@proxmox.com> Wed, 10 Jun 2015 10:40:15 +0200
194
195 libpve-access-control (4.0-4) unstable; urgency=medium
196
197 * use activate-noawait triggers
198
199 -- Proxmox Support Team <support@proxmox.com> Mon, 01 Jun 2015 12:25:31 +0200
200
201 libpve-access-control (4.0-3) unstable; urgency=medium
202
203 * IPv6 fixes
204
205 * non-root buildfix
206
207 -- Proxmox Support Team <support@proxmox.com> Wed, 27 May 2015 11:15:44 +0200
208
209 libpve-access-control (4.0-2) unstable; urgency=medium
210
211 * trigger pve-api-updates event
212
213 -- Proxmox Support Team <support@proxmox.com> Tue, 05 May 2015 15:06:38 +0200
214
215 libpve-access-control (4.0-1) unstable; urgency=medium
216
217 * bump version for Debian Jessie
218
219 -- Proxmox Support Team <support@proxmox.com> Thu, 26 Feb 2015 11:22:01 +0100
220
221 libpve-access-control (3.0-16) unstable; urgency=low
222
223 * root@pam can now be disabled in GUI.
224
225 -- Proxmox Support Team <support@proxmox.com> Fri, 30 Jan 2015 06:20:22 +0100
226
227 libpve-access-control (3.0-15) unstable; urgency=low
228
229 * oath: add 'step' and 'digits' option
230
231 -- Proxmox Support Team <support@proxmox.com> Wed, 23 Jul 2014 06:59:52 +0200
232
233 libpve-access-control (3.0-14) unstable; urgency=low
234
235 * add oath two factor auth
236
237 * add oathkeygen binary to generate keys for oath
238
239 * add yubico two factor auth
240
241 * dedend on oathtool
242
243 * depend on libmime-base32-perl
244
245 * allow to write builtin auth domains config (comment/tfa/default)
246
247 -- Proxmox Support Team <support@proxmox.com> Thu, 17 Jul 2014 13:09:56 +0200
248
249 libpve-access-control (3.0-13) unstable; urgency=low
250
251 * use correct connection string for AD auth
252
253 -- Proxmox Support Team <support@proxmox.com> Thu, 22 May 2014 07:16:09 +0200
254
255 libpve-access-control (3.0-12) unstable; urgency=low
256
257 * add dummy API for GET /access/ticket (useful to generate login pages)
258
259 -- Proxmox Support Team <support@proxmox.com> Wed, 30 Apr 2014 14:47:56 +0200
260
261 libpve-access-control (3.0-11) unstable; urgency=low
262
263 * Sets common hot keys for spice client
264
265 -- Proxmox Support Team <support@proxmox.com> Fri, 31 Jan 2014 10:24:28 +0100
266
267 libpve-access-control (3.0-10) unstable; urgency=low
268
269 * implement helper to generate SPICE remote-viewer configuration
270
271 * depend on libnet-ssleay-perl
272
273 -- Proxmox Support Team <support@proxmox.com> Tue, 10 Dec 2013 10:45:08 +0100
274
275 libpve-access-control (3.0-9) unstable; urgency=low
276
277 * prevent user enumeration attacks
278
279 * allow dots in access paths
280
281 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2013 09:06:38 +0100
282
283 libpve-access-control (3.0-8) unstable; urgency=low
284
285 * spice: use lowercase hostname in ticktet signature
286
287 -- Proxmox Support Team <support@proxmox.com> Mon, 28 Oct 2013 08:11:57 +0100
288
289 libpve-access-control (3.0-7) unstable; urgency=low
290
291 * check_volume_access : use parse_volname instead of path, and remove
292 path related code.
293
294 * use warnings instead of global -w flag.
295
296 -- Proxmox Support Team <support@proxmox.com> Tue, 01 Oct 2013 12:35:53 +0200
297
298 libpve-access-control (3.0-6) unstable; urgency=low
299
300 * use shorter spiceproxy tickets
301
302 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Jul 2013 12:39:09 +0200
303
304 libpve-access-control (3.0-5) unstable; urgency=low
305
306 * add code to generate tickets for SPICE
307
308 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2013 13:08:32 +0200
309
310 libpve-access-control (3.0-4) unstable; urgency=low
311
312 * moved add_vm_to_pool/remove_vm_from_pool from qemu-server
313
314 -- Proxmox Support Team <support@proxmox.com> Tue, 14 May 2013 11:56:54 +0200
315
316 libpve-access-control (3.0-3) unstable; urgency=low
317
318 * Add new role PVETemplateUser (and VM.Clone priviledge)
319
320 -- Proxmox Support Team <support@proxmox.com> Mon, 29 Apr 2013 11:42:15 +0200
321
322 libpve-access-control (3.0-2) unstable; urgency=low
323
324 * remove CGI.pm related code (pveproxy does not need that)
325
326 -- Proxmox Support Team <support@proxmox.com> Mon, 15 Apr 2013 12:34:23 +0200
327
328 libpve-access-control (3.0-1) unstable; urgency=low
329
330 * bump version for wheezy release
331
332 -- Proxmox Support Team <support@proxmox.com> Fri, 15 Mar 2013 08:07:06 +0100
333
334 libpve-access-control (1.0-26) unstable; urgency=low
335
336 * check_volume_access: fix access permissions for backup files
337
338 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Feb 2013 10:00:14 +0100
339
340 libpve-access-control (1.0-25) unstable; urgency=low
341
342 * add VM.Snapshot permission
343
344 -- Proxmox Support Team <support@proxmox.com> Mon, 10 Sep 2012 09:23:32 +0200
345
346 libpve-access-control (1.0-24) unstable; urgency=low
347
348 * untaint path (allow root to restore arbitrary paths)
349
350 -- Proxmox Support Team <support@proxmox.com> Wed, 06 Jun 2012 13:06:34 +0200
351
352 libpve-access-control (1.0-23) unstable; urgency=low
353
354 * correctly compute GUI capabilities (consider pools)
355
356 -- Proxmox Support Team <support@proxmox.com> Wed, 30 May 2012 08:47:23 +0200
357
358 libpve-access-control (1.0-22) unstable; urgency=low
359
360 * new plugin architecture for Auth modules, minor API change for Auth
361 domains (new 'delete' parameter)
362
363 -- Proxmox Support Team <support@proxmox.com> Wed, 16 May 2012 07:21:44 +0200
364
365 libpve-access-control (1.0-21) unstable; urgency=low
366
367 * do not allow user names including slash
368
369 -- Proxmox Support Team <support@proxmox.com> Tue, 24 Apr 2012 10:07:47 +0200
370
371 libpve-access-control (1.0-20) unstable; urgency=low
372
373 * add ability to fork cli workers in background
374
375 -- Proxmox Support Team <support@proxmox.com> Wed, 18 Apr 2012 08:28:20 +0200
376
377 libpve-access-control (1.0-19) unstable; urgency=low
378
379 * return set of privileges on login - can be used to adopt GUI
380
381 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Apr 2012 10:25:10 +0200
382
383 libpve-access-control (1.0-18) unstable; urgency=low
384
385 * fix bug #151: corretly parse username inside ticket
386
387 * fix bug #152: allow user to change his own password
388
389 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Apr 2012 09:40:15 +0200
390
391 libpve-access-control (1.0-17) unstable; urgency=low
392
393 * set propagate flag by default
394
395 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Mar 2012 12:40:19 +0100
396
397 libpve-access-control (1.0-16) unstable; urgency=low
398
399 * add 'pveum passwd' method
400
401 -- Proxmox Support Team <support@proxmox.com> Thu, 23 Feb 2012 12:05:25 +0100
402
403 libpve-access-control (1.0-15) unstable; urgency=low
404
405 * Add VM.Config.CDROM privilege to PVEVMUser rule
406
407 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 11:44:23 +0100
408
409 libpve-access-control (1.0-14) unstable; urgency=low
410
411 * fix buf in userid-param permission check
412
413 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 10:52:35 +0100
414
415 libpve-access-control (1.0-13) unstable; urgency=low
416
417 * allow more characters in ldap base_dn attribute
418
419 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 06:17:02 +0100
420
421 libpve-access-control (1.0-12) unstable; urgency=low
422
423 * allow more characters with realm IDs
424
425 -- Proxmox Support Team <support@proxmox.com> Mon, 20 Feb 2012 08:50:33 +0100
426
427 libpve-access-control (1.0-11) unstable; urgency=low
428
429 * fix bug in exec_api2_perm_check
430
431 -- Proxmox Support Team <support@proxmox.com> Wed, 15 Feb 2012 07:06:30 +0100
432
433 libpve-access-control (1.0-10) unstable; urgency=low
434
435 * fix ACL group name parser
436
437 * changed 'pveum aclmod' command line arguments
438
439 -- Proxmox Support Team <support@proxmox.com> Tue, 14 Feb 2012 12:08:02 +0100
440
441 libpve-access-control (1.0-9) unstable; urgency=low
442
443 * fix bug in check_volume_access (fixes vzrestore)
444
445 -- Proxmox Support Team <support@proxmox.com> Mon, 13 Feb 2012 09:56:37 +0100
446
447 libpve-access-control (1.0-8) unstable; urgency=low
448
449 * fix return value for empty ACL list.
450
451 -- Proxmox Support Team <support@proxmox.com> Fri, 10 Feb 2012 11:25:04 +0100
452
453 libpve-access-control (1.0-7) unstable; urgency=low
454
455 * fix bug #85: allow root@pam to generate tickets for other users
456
457 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Jan 2012 06:40:18 +0100
458
459 libpve-access-control (1.0-6) unstable; urgency=low
460
461 * API change: allow to filter enabled/disabled users.
462
463 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2012 12:30:37 +0100
464
465 libpve-access-control (1.0-5) unstable; urgency=low
466
467 * add a way to return file changes (diffs): set_result_changes()
468
469 -- Proxmox Support Team <support@proxmox.com> Tue, 20 Dec 2011 11:18:48 +0100
470
471 libpve-access-control (1.0-4) unstable; urgency=low
472
473 * new environment type for ha agents
474
475 -- Proxmox Support Team <support@proxmox.com> Tue, 13 Dec 2011 10:08:53 +0100
476
477 libpve-access-control (1.0-3) unstable; urgency=low
478
479 * add support for delayed parameter parsing - We need that to disable
480 file upload for normal API request (avoid DOS attacs)
481
482 -- Proxmox Support Team <support@proxmox.com> Fri, 02 Dec 2011 09:56:10 +0100
483
484 libpve-access-control (1.0-2) unstable; urgency=low
485
486 * fix bug in fork_worker
487
488 -- Proxmox Support Team <support@proxmox.com> Tue, 11 Oct 2011 08:37:05 +0200
489
490 libpve-access-control (1.0-1) unstable; urgency=low
491
492 * allow '-' in permission paths
493
494 * bump version to 1.0
495
496 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jun 2011 13:51:48 +0200
497
498 libpve-access-control (0.1) unstable; urgency=low
499
500 * first dummy package - no functionality
501
502 -- Proxmox Support Team <support@proxmox.com> Thu, 09 Jul 2009 16:03:00 +0200
503