debian/changelog

   1 libpve-access-control (5.1-4) unstable; urgency=medium
   2
   3   * fix #1891: Add zsh command completion for pveum
   4
   5   * ground work to fix #2079: add periodic auth key rotation. Not yet enabled
   6     to avoid issues on upgrade, will be enabled with 6.0
   7
   8  -- Proxmox Support Team <support@proxmox.com>  Mon, 18 Mar 2019 09:12:05 +0100
   9
  10 libpve-access-control (5.1-3) unstable; urgency=medium
  11
  12   * api/ticket: move getting cluster name into an eval
  13
  14  -- Proxmox Support Team <support@proxmox.com>  Thu, 29 Nov 2018 12:59:36 +0100
  15
  16 libpve-access-control (5.1-2) unstable; urgency=medium
  17
  18   * fix #1998: correct return properties for read_role
  19
  20  -- Proxmox Support Team <support@proxmox.com>  Fri, 23 Nov 2018 14:22:40 +0100
  21
  22 libpve-access-control (5.1-1) unstable; urgency=medium
  23
  24   * pveum: introduce sub-commands
  25
  26   * register userid with completion
  27
  28   * fix #233: return cluster name on successful login
  29
  30  -- Proxmox Support Team <support@proxmox.com>  Thu, 15 Nov 2018 09:34:47 +0100
  31
  32 libpve-access-control (5.0-8) unstable; urgency=medium
  33
  34   * fix #1612: ldap: make 2nd server work with bind domains again
  35
  36   * fix an error message where passing a bad pool id to an API function would
  37     make it complain about a wrong group name instead
  38
  39   * fix the API-returned permission list so that the GUI knows to show the
  40     'Permissions' tab for a storage to an administrator apart from root@pam
  41
  42  -- Proxmox Support Team <support@proxmox.com>  Thu, 18 Jan 2018 13:34:50 +0100
  43
  44 libpve-access-control (5.0-7) unstable; urgency=medium
  45
  46   * VM.Snapshot.Rollback privilege added
  47
  48   * api: check for special roles before locking the usercfg
  49
  50   * fix #1501: pveum: die when deleting special role
  51
  52   * API/ticket: rework coarse grained permission computation
  53
  54  -- Proxmox Support Team <support@proxmox.com>  Thu, 5 Oct 2017 11:27:48 +0200
  55
  56 libpve-access-control (5.0-6) unstable; urgency=medium
  57
  58   * Close #1470: Add server ceritifcate verification for AD and LDAP via the
  59     'verify' option. For compatibility reasons this defaults to off for now,
  60     but that might change with future updates.
  61
  62   * AD, LDAP: Add ability to specify a CA path or file, and a client
  63     certificate via the 'capath', 'cert' and 'certkey' options.
  64
  65  -- Proxmox Support Team <support@proxmox.com>  Tue, 08 Aug 2017 11:56:38 +0200
  66
  67 libpve-access-control (5.0-5) unstable; urgency=medium
  68
  69   * change from dpkg-deb to dpkg-buildpackage
  70
  71  -- Proxmox Support Team <support@proxmox.com>  Thu, 22 Jun 2017 09:12:37 +0200
  72
  73 libpve-access-control (5.0-4) unstable; urgency=medium
  74
  75   * PVE/CLI/pveum.pm: call setup_default_cli_env()
  76
  77   * PVE/Auth/PVE.pm: encode uft8 password before calling crypt
  78
  79   * check_api2_permissions: avoid warning about uninitialized value
  80
  81  -- Proxmox Support Team <support@proxmox.com>  Tue, 02 May 2017 11:58:15 +0200
  82
  83 libpve-access-control (5.0-3) unstable; urgency=medium
  84
  85   * use new PVE::OTP class from pve-common
  86
  87   * use new PVE::Tools::encrypt_pw from pve-common
  88
  89  -- Proxmox Support Team <support@proxmox.com>  Thu, 30 Mar 2017 17:45:55 +0200
  90
  91 libpve-access-control (5.0-2) unstable; urgency=medium
  92
  93   * encrypt_pw: avoid '+' for crypt salt
  94
  95  -- Proxmox Support Team <support@proxmox.com>  Thu, 30 Mar 2017 08:54:10 +0200
  96
  97 libpve-access-control (5.0-1) unstable; urgency=medium
  98
  99   * rebuild for PVE 5.0
 100
 101  -- Proxmox Support Team <support@proxmox.com>  Mon, 6 Mar 2017 13:42:01 +0100
 102
 103 libpve-access-control (4.0-23) unstable; urgency=medium
 104
 105   * use new PVE::Ticket class
 106
 107  -- Proxmox Support Team <support@proxmox.com>  Thu, 19 Jan 2017 13:42:06 +0100
 108
 109 libpve-access-control (4.0-22) unstable; urgency=medium
 110
 111   * RPCEnvironment: removed check_volume_access() to avoid cyclic dependency
 112     (moved to PVE::Storage)
 113
 114   * PVE::PCEnvironment: use new PVE::RESTEnvironment as base class
 115
 116  -- Proxmox Support Team <support@proxmox.com>  Thu, 19 Jan 2017 09:12:04 +0100
 117
 118 libpve-access-control (4.0-21) unstable; urgency=medium
 119
 120   * setup_default_cli_env: expect $class as first parameter
 121
 122  -- Proxmox Support Team <support@proxmox.com>  Thu, 12 Jan 2017 13:54:27 +0100
 123
 124 libpve-access-control (4.0-20) unstable; urgency=medium
 125
 126   * PVE/RPCEnvironment.pm: new function setup_default_cli_env
 127
 128   * PVE/API2/Domains.pm: fix property description
 129
 130   * use new repoman for upload target
 131
 132  -- Proxmox Support Team <support@proxmox.com>  Wed, 11 Jan 2017 12:13:26 +0100
 133
 134 libpve-access-control (4.0-19) unstable; urgency=medium
 135
 136   * Close #833: ldap: non-anonymous bind support
 137
 138   * don't import 'RFC' from MIME::Base32
 139
 140  -- Proxmox Support Team <support@proxmox.com>  Fri, 05 Aug 2016 13:09:08 +0200
 141
 142 libpve-access-control (4.0-18) unstable; urgency=medium
 143
 144   * fix #1062: recognize base32 otp keys again
 145
 146  -- Proxmox Support Team <support@proxmox.com>  Thu, 21 Jul 2016 08:43:18 +0200
 147
 148 libpve-access-control (4.0-17) unstable; urgency=medium
 149
 150   * drop oathtool and libdigest-hmac-perl dependencies
 151
 152  -- Proxmox Support Team <support@proxmox.com>  Mon, 11 Jul 2016 12:03:22 +0200
 153
 154 libpve-access-control (4.0-16) unstable; urgency=medium
 155
 156   * use pve-doc-generator to generate man pages
 157
 158  -- Proxmox Support Team <support@proxmox.com>  Fri, 08 Apr 2016 07:06:05 +0200
 159
 160 libpve-access-control (4.0-15) unstable; urgency=medium
 161
 162   * Fix uninitialized warning when shadow.cfg does not exist
 163
 164  -- Proxmox Support Team <support@proxmox.com>  Fri, 01 Apr 2016 07:10:57 +0200
 165
 166 libpve-access-control (4.0-14) unstable; urgency=medium
 167
 168   * Add is_worker to RPCEnvironment
 169
 170  -- Proxmox Support Team <support@proxmox.com>  Tue, 15 Mar 2016 16:47:34 +0100
 171
 172 libpve-access-control (4.0-13) unstable; urgency=medium
 173
 174   * fix #916: allow HTTPS to access custom yubico url
 175
 176  -- Proxmox Support Team <support@proxmox.com>  Mon, 14 Mar 2016 11:39:23 +0100
 177
 178 libpve-access-control (4.0-12) unstable; urgency=medium
 179
 180   * Catch certificate errors instead of segfaulting
 181
 182  -- Proxmox Support Team <support@proxmox.com>  Wed, 09 Mar 2016 14:41:01 +0100
 183
 184 libpve-access-control (4.0-11) unstable; urgency=medium
 185
 186   * Fix #861: use safer sprintf formatting
 187
 188  -- Proxmox Support Team <support@proxmox.com>  Fri, 08 Jan 2016 12:52:39 +0100
 189
 190 libpve-access-control (4.0-10) unstable; urgency=medium
 191
 192   *  Auth::LDAP, Auth::AD: ipv6 support
 193
 194  -- Proxmox Support Team <support@proxmox.com>  Thu, 03 Dec 2015 12:09:32 +0100
 195
 196 libpve-access-control (4.0-9) unstable; urgency=medium
 197
 198   * pveum: implement bash completion
 199
 200  -- Proxmox Support Team <support@proxmox.com>  Thu, 01 Oct 2015 17:22:52 +0200
 201
 202 libpve-access-control (4.0-8) unstable; urgency=medium
 203
 204   * remove_storage_access: cleanup of access permissions for removed storage
 205
 206  -- Proxmox Support Team <support@proxmox.com>  Wed, 19 Aug 2015 15:39:15 +0200
 207
 208 libpve-access-control (4.0-7) unstable; urgency=medium
 209
 210   * new helper to remove access permissions for removed VMs
 211
 212  -- Proxmox Support Team <support@proxmox.com>  Fri, 14 Aug 2015 07:57:02 +0200
 213
 214 libpve-access-control (4.0-6) unstable; urgency=medium
 215
 216   * improve parse_user_config, parse_shadow_config
 217
 218  -- Proxmox Support Team <support@proxmox.com>  Mon, 27 Jul 2015 13:14:33 +0200
 219
 220 libpve-access-control (4.0-5) unstable; urgency=medium
 221
 222   * pveum: check for $cmd being defined
 223
 224  -- Proxmox Support Team <support@proxmox.com>  Wed, 10 Jun 2015 10:40:15 +0200
 225
 226 libpve-access-control (4.0-4) unstable; urgency=medium
 227
 228   * use activate-noawait triggers
 229
 230  -- Proxmox Support Team <support@proxmox.com>  Mon, 01 Jun 2015 12:25:31 +0200
 231
 232 libpve-access-control (4.0-3) unstable; urgency=medium
 233
 234   * IPv6 fixes
 235
 236   * non-root buildfix
 237
 238  -- Proxmox Support Team <support@proxmox.com>  Wed, 27 May 2015 11:15:44 +0200
 239
 240 libpve-access-control (4.0-2) unstable; urgency=medium
 241
 242   * trigger pve-api-updates event
 243
 244  -- Proxmox Support Team <support@proxmox.com>  Tue, 05 May 2015 15:06:38 +0200
 245
 246 libpve-access-control (4.0-1) unstable; urgency=medium
 247
 248   * bump version for Debian Jessie
 249
 250  -- Proxmox Support Team <support@proxmox.com>  Thu, 26 Feb 2015 11:22:01 +0100
 251
 252 libpve-access-control (3.0-16) unstable; urgency=low
 253
 254   * root@pam can now be disabled in GUI.
 255
 256  -- Proxmox Support Team <support@proxmox.com>  Fri, 30 Jan 2015 06:20:22 +0100
 257
 258 libpve-access-control (3.0-15) unstable; urgency=low
 259
 260   * oath: add 'step' and 'digits' option
 261
 262  -- Proxmox Support Team <support@proxmox.com>  Wed, 23 Jul 2014 06:59:52 +0200
 263
 264 libpve-access-control (3.0-14) unstable; urgency=low
 265
 266   * add oath two factor auth
 267
 268   * add oathkeygen binary to generate keys for oath
 269
 270   * add yubico two factor auth
 271
 272   * dedend on oathtool
 273
 274   * depend on libmime-base32-perl
 275
 276   * allow to write builtin auth domains config (comment/tfa/default)
 277
 278  -- Proxmox Support Team <support@proxmox.com>  Thu, 17 Jul 2014 13:09:56 +0200
 279
 280 libpve-access-control (3.0-13) unstable; urgency=low
 281
 282   * use correct connection string for AD auth
 283
 284  -- Proxmox Support Team <support@proxmox.com>  Thu, 22 May 2014 07:16:09 +0200
 285
 286 libpve-access-control (3.0-12) unstable; urgency=low
 287
 288   * add dummy API for GET /access/ticket (useful to generate login pages)
 289
 290  -- Proxmox Support Team <support@proxmox.com>  Wed, 30 Apr 2014 14:47:56 +0200
 291
 292 libpve-access-control (3.0-11) unstable; urgency=low
 293
 294   * Sets common hot keys for spice client
 295
 296  -- Proxmox Support Team <support@proxmox.com>  Fri, 31 Jan 2014 10:24:28 +0100
 297
 298 libpve-access-control (3.0-10) unstable; urgency=low
 299
 300   * implement helper to generate SPICE remote-viewer configuration
 301
 302   * depend on libnet-ssleay-perl
 303
 304  -- Proxmox Support Team <support@proxmox.com>  Tue, 10 Dec 2013 10:45:08 +0100
 305
 306 libpve-access-control (3.0-9) unstable; urgency=low
 307
 308   * prevent user enumeration attacks
 309
 310   * allow dots in access paths
 311
 312  -- Proxmox Support Team <support@proxmox.com>  Mon, 18 Nov 2013 09:06:38 +0100
 313
 314 libpve-access-control (3.0-8) unstable; urgency=low
 315
 316   * spice: use lowercase hostname in ticktet signature
 317
 318  -- Proxmox Support Team <support@proxmox.com>  Mon, 28 Oct 2013 08:11:57 +0100
 319
 320 libpve-access-control (3.0-7) unstable; urgency=low
 321
 322   * check_volume_access : use parse_volname instead of path, and remove
 323     path related code.
 324
 325   * use warnings instead of global -w flag.
 326
 327  -- Proxmox Support Team <support@proxmox.com>  Tue, 01 Oct 2013 12:35:53 +0200
 328
 329 libpve-access-control (3.0-6) unstable; urgency=low
 330
 331   * use shorter spiceproxy tickets
 332
 333  -- Proxmox Support Team <support@proxmox.com>  Fri, 19 Jul 2013 12:39:09 +0200
 334
 335 libpve-access-control (3.0-5) unstable; urgency=low
 336
 337   * add code to generate tickets for SPICE
 338
 339  -- Proxmox Support Team <support@proxmox.com>  Wed, 26 Jun 2013 13:08:32 +0200
 340
 341 libpve-access-control (3.0-4) unstable; urgency=low
 342
 343   * moved add_vm_to_pool/remove_vm_from_pool from qemu-server
 344
 345  -- Proxmox Support Team <support@proxmox.com>  Tue, 14 May 2013 11:56:54 +0200
 346
 347 libpve-access-control (3.0-3) unstable; urgency=low
 348
 349   * Add new role PVETemplateUser (and VM.Clone priviledge)
 350
 351  -- Proxmox Support Team <support@proxmox.com>  Mon, 29 Apr 2013 11:42:15 +0200
 352
 353 libpve-access-control (3.0-2) unstable; urgency=low
 354
 355   * remove CGI.pm related code (pveproxy does not need that)
 356
 357  -- Proxmox Support Team <support@proxmox.com>  Mon, 15 Apr 2013 12:34:23 +0200
 358
 359 libpve-access-control (3.0-1) unstable; urgency=low
 360
 361   * bump version for wheezy release
 362
 363  -- Proxmox Support Team <support@proxmox.com>  Fri, 15 Mar 2013 08:07:06 +0100
 364
 365 libpve-access-control (1.0-26) unstable; urgency=low
 366
 367   * check_volume_access: fix access permissions for backup files
 368
 369  -- Proxmox Support Team <support@proxmox.com>  Thu, 28 Feb 2013 10:00:14 +0100
 370
 371 libpve-access-control (1.0-25) unstable; urgency=low
 372
 373   * add VM.Snapshot permission
 374
 375  -- Proxmox Support Team <support@proxmox.com>  Mon, 10 Sep 2012 09:23:32 +0200
 376
 377 libpve-access-control (1.0-24) unstable; urgency=low
 378
 379   * untaint path (allow root to restore arbitrary paths)
 380
 381  -- Proxmox Support Team <support@proxmox.com>  Wed, 06 Jun 2012 13:06:34 +0200
 382
 383 libpve-access-control (1.0-23) unstable; urgency=low
 384
 385   * correctly compute GUI capabilities (consider pools)
 386
 387  -- Proxmox Support Team <support@proxmox.com>  Wed, 30 May 2012 08:47:23 +0200
 388
 389 libpve-access-control (1.0-22) unstable; urgency=low
 390
 391   * new plugin architecture for Auth modules, minor API change for Auth
 392     domains (new 'delete' parameter)
 393
 394  -- Proxmox Support Team <support@proxmox.com>  Wed, 16 May 2012 07:21:44 +0200
 395
 396 libpve-access-control (1.0-21) unstable; urgency=low
 397
 398   * do not allow user names including slash
 399
 400  -- Proxmox Support Team <support@proxmox.com>  Tue, 24 Apr 2012 10:07:47 +0200
 401
 402 libpve-access-control (1.0-20) unstable; urgency=low
 403
 404   * add ability to fork cli workers in background
 405
 406  -- Proxmox Support Team <support@proxmox.com>  Wed, 18 Apr 2012 08:28:20 +0200
 407
 408 libpve-access-control (1.0-19) unstable; urgency=low
 409
 410   * return set of privileges on login - can be used to adopt GUI
 411
 412  -- Proxmox Support Team <support@proxmox.com>  Tue, 17 Apr 2012 10:25:10 +0200
 413
 414 libpve-access-control (1.0-18) unstable; urgency=low
 415
 416   * fix bug #151: corretly parse username inside ticket
 417
 418   * fix bug #152: allow user to change his own password
 419
 420  -- Proxmox Support Team <support@proxmox.com>  Wed, 11 Apr 2012 09:40:15 +0200
 421
 422 libpve-access-control (1.0-17) unstable; urgency=low
 423
 424   * set propagate flag by default
 425
 426  -- Proxmox Support Team <support@proxmox.com>  Thu, 01 Mar 2012 12:40:19 +0100
 427
 428 libpve-access-control (1.0-16) unstable; urgency=low
 429
 430   * add 'pveum passwd' method
 431
 432  -- Proxmox Support Team <support@proxmox.com>  Thu, 23 Feb 2012 12:05:25 +0100
 433
 434 libpve-access-control (1.0-15) unstable; urgency=low
 435
 436   * Add VM.Config.CDROM privilege to PVEVMUser rule
 437
 438  -- Proxmox Support Team <support@proxmox.com>  Wed, 22 Feb 2012 11:44:23 +0100
 439
 440 libpve-access-control (1.0-14) unstable; urgency=low
 441
 442   * fix buf in userid-param permission check
 443
 444  -- Proxmox Support Team <support@proxmox.com>  Wed, 22 Feb 2012 10:52:35 +0100
 445
 446 libpve-access-control (1.0-13) unstable; urgency=low
 447
 448   * allow more characters in ldap base_dn attribute
 449
 450  -- Proxmox Support Team <support@proxmox.com>  Wed, 22 Feb 2012 06:17:02 +0100
 451
 452 libpve-access-control (1.0-12) unstable; urgency=low
 453
 454   * allow more characters with realm IDs
 455
 456  -- Proxmox Support Team <support@proxmox.com>  Mon, 20 Feb 2012 08:50:33 +0100
 457
 458 libpve-access-control (1.0-11) unstable; urgency=low
 459
 460   * fix bug in exec_api2_perm_check
 461
 462  -- Proxmox Support Team <support@proxmox.com>  Wed, 15 Feb 2012 07:06:30 +0100
 463
 464 libpve-access-control (1.0-10) unstable; urgency=low
 465
 466   * fix ACL group name parser
 467
 468   * changed 'pveum aclmod' command line arguments
 469
 470  -- Proxmox Support Team <support@proxmox.com>  Tue, 14 Feb 2012 12:08:02 +0100
 471
 472 libpve-access-control (1.0-9) unstable; urgency=low
 473
 474   * fix bug in check_volume_access (fixes vzrestore)
 475
 476  -- Proxmox Support Team <support@proxmox.com>  Mon, 13 Feb 2012 09:56:37 +0100
 477
 478 libpve-access-control (1.0-8) unstable; urgency=low
 479
 480   * fix return value for empty ACL list.
 481
 482  -- Proxmox Support Team <support@proxmox.com>  Fri, 10 Feb 2012 11:25:04 +0100
 483
 484 libpve-access-control (1.0-7) unstable; urgency=low
 485
 486   * fix bug #85: allow root@pam to generate tickets for other users
 487
 488  -- Proxmox Support Team <support@proxmox.com>  Tue, 17 Jan 2012 06:40:18 +0100
 489
 490 libpve-access-control (1.0-6) unstable; urgency=low
 491
 492   * API change: allow to filter enabled/disabled users.
 493
 494  -- Proxmox Support Team <support@proxmox.com>  Wed, 11 Jan 2012 12:30:37 +0100
 495
 496 libpve-access-control (1.0-5) unstable; urgency=low
 497
 498   * add a way to return file changes (diffs): set_result_changes()
 499
 500  -- Proxmox Support Team <support@proxmox.com>  Tue, 20 Dec 2011 11:18:48 +0100
 501
 502 libpve-access-control (1.0-4) unstable; urgency=low
 503
 504   * new environment type for ha agents
 505
 506  -- Proxmox Support Team <support@proxmox.com>  Tue, 13 Dec 2011 10:08:53 +0100
 507
 508 libpve-access-control (1.0-3) unstable; urgency=low
 509
 510   * add support for delayed parameter parsing - We need that to disable
 511     file upload for normal API request (avoid DOS attacs)
 512
 513  -- Proxmox Support Team <support@proxmox.com>  Fri, 02 Dec 2011 09:56:10 +0100
 514
 515 libpve-access-control (1.0-2) unstable; urgency=low
 516
 517   * fix bug in fork_worker
 518
 519  -- Proxmox Support Team <support@proxmox.com>  Tue, 11 Oct 2011 08:37:05 +0200
 520
 521 libpve-access-control (1.0-1) unstable; urgency=low
 522
 523   * allow '-' in permission paths
 524
 525   * bump version to 1.0
 526
 527  -- Proxmox Support Team <support@proxmox.com>  Mon, 27 Jun 2011 13:51:48 +0200
 528
 529 libpve-access-control (0.1) unstable; urgency=low
 530
 531   * first dummy package - no functionality
 532
 533  -- Proxmox Support Team <support@proxmox.com>  Thu, 09 Jul 2009 16:03:00 +0200
 534