freeipa (3.1.2-0ubuntu1) raring; urgency=low

  * Merge from unreleased debian git.
    - new upstream release
    - doesn't use chkconfig anymore (LP: #1025018, #1124093)
    - drop -U from the ntpdate options (LP: #1149468)

 -- Timo Aaltonen <tjaalton@ubuntu.com>  Thu, 07 Mar 2013 14:10:03 +0200

freeipa (3.1.2-1) UNRELEASED; urgency=low

  [ Michele Baldessari ]
  * Initial release (Closes: #12345)
  * New upstream
  * Dropped 10_ipa_kpasswd patch, applied upstream

  [ Timo Aaltonen ]
  * New upstream release.
  * Remove radius subpackages.
  * Migrate to source format 3.0 (quilt).
  * Migrate to dh.
  * Fix dependencies.
  * Add no-testcert.patch to not fail make-testcert.
  * Bump compat and debhelper build-depends to 9.
  * Add missing files to freeipa.install.
  * Add --list-missing for dh_install.
  * copyright: Updated, with OpenSSL exception.
  * control: Add python-libipa-hbac to build-depends.
  * control: Add ${shlibs:Depends} to python-freeipa depends.
  * rules: Strip the executable bit from translation files.
  * fix-format-string.diff: Fix build errors, thanks Krzysztof Klimonda!
  * Use dh_python2.
  * Add DEP-3 compliant headers to the patches.
  * control: client; Move libpam-krb5 to Suggests.
  * control: Update the maintainer address and repo location.
  * control: Fix package descriptions.
  * control: Add python-krbv, python-dnspython, keyutils to client depends.
  * Add fix-nss-include.diff, fix nss include path.
  * Add no-test-lang.diff, test_lang is gone.
  * correct-python-path.diff: Fallback on the correct path if rpm query
    fails.
  * dont-search-platform-path.diff: Don't use Python.h from the
    platform specific path.
  * fix-install-layout.diff: Pass an option to setup-client.py to
    install the python bits to the correct path.
  * fix-ntpdate-opts.diff: Drop -U from nptdate opts, we don't have
    that.
  * Add support for Debian platform.

  [ Nick Hatch ]
  * Added three patches
    - fix-symlink-exclusion.diff: Don't exclude symlinks when loading
      plugins
    - fix-ldap-conf-path.diff: Patch client installer to use correct LDAP
      conf path.
    - check-dbus-before-starting.diff: Check to see if dbus is running
      before attempting to start it

 -- Timo Aaltonen <tjaalton@ubuntu.com>  Tue, 01 Nov 2011 10:52:25 -0400

freeipa (2.1.4-0ubuntu2) raring; urgency=low

  * 0110-Upload-CA-cert-in-the-directory-on-install.patch
    0111-Update-plugin-to-upload-CA-certificate-to-LDAP.patch
    0112-Do-SSL-CA-verification-and-hostname-validation.patch
    0113-Use-secure-method-to-acquire-IPA-CA-certificate.patch:
    - CVE-2012-5484 - The client in FreeIPA 2.x and 3.x before 3.1.2 does
      not properly obtain the Certification Authority (CA) certificate
      from the server, which allows man-in-the-middle attackers to spoof
      a join procedure via a crafted certificate. (LP: #1104954)
  * check-through-all-ldap-servers.patch: Check through all LDAP servers
    in the domain during IPA discovery (ticket #1827). Patch from 2.2
    to aid in porting patch 0113.

 -- Timo Aaltonen <tjaalton@ubuntu.com>  Mon, 11 Feb 2013 00:32:12 +0200

freeipa (2.1.4-0ubuntu1) precise; urgency=low

  * Merge from unreleased debian git (LP: #259547, #958599).
  * Build only the client package.

 -- Timo Aaltonen <tjaalton@ubuntu.com>  Thu, 22 Mar 2012 00:17:10 +0200
