confusa (0.8.0-1) unstable; urgency=low

  * Code cleanup (remove unused files, references)
  * DB schema/vies cleanup
  * Change DB schema for NRENAccount
  * Handle auth-redirects to SSP and to idp_select without triggering
    AntiCSRF machinery
  * Improve tests
  * Improve error-reporting in stylist

 -- Henrik Austad <henrik@austad.us>  Fri, 01 Feb 2013 01:02:50 +0100

confusa (0.7.4.0-1) unstable; urgency=low

  * Fix some HTML-validation-issues

 -- Henrik Austad <henrik@austad.us>  Fri, 21 Dec 2012 08:14:44 +0100

confusa (0.7.4~rc0-3) unstable; urgency=low

  * Add updated files (-2 was built with old .orig)

 -- Henrik Austad <henrik@austad.us>  Thu, 20 Dec 2012 10:15:00 +0100

confusa (0.7.4~rc0-2) unstable; urgency=low

  * Update with correct naming, some validation-fixes
  * Fix truncating and broken js for privacy-text at aup

 -- Henrik Austad <henrik@austad.us>  Thu, 20 Dec 2012 00:32:29 +0100

confusa (0.7.4~rc0-1) unstable; urgency=low

  * Harden against clickjacks
  * Major test-suite overhaul (move to simpletest.org (phpunit))
  * Improve translation
  * Improve logging
  * Add better help/about/privacy-text, handle empty case better
  * New IdP Select Map, move to jvector.

 -- Henrik Austad <henrik@austad.us>  Tue, 18 Dec 2012 23:19:08 +0100

confusa (0.7.3.2-1) unstable; urgency=low

  * Update browser-generation, only strip commas in CN, not throughout the
    entire DN

 -- Henrik Austad <henrik@austad.us>  Fri, 17 Feb 2012 00:47:39 +0100

confusa (0.7.3.1-1) unstable; urgency=low

  * Do not include commas in DN for IE X509Enrollment (Ticket #323)
  * Improve CSR validation (Ticket #322)
  * Fix PHP syntax error and LOG_WARNING constants

 -- Henrik Austad <henrik@austad.us>  Thu, 09 Feb 2012 21:48:45 +0100

confusa (0.7.3-1) unstable; urgency=low

  * Fix minor issues with updated jquery-version
  * Update CSS-publish
  * Add more logging to CA_Comodo

 -- Henrik Austad <henrik@austad.us>  Mon, 30 Jan 2012 23:08:47 +0100

confusa (0.7.3~rc4-1) unstable; urgency=low

  * Fix jquery-version typo so jquery actually loads
  * Update/fix changelog numberings.
  * Fix index-faq so they slide properly.

 -- Henrik Austad <henrik@austad.us>  Sat, 28 Jan 2012 21:25:39 +0100

confusa (0.7.3~rc3-1) unstable; urgency=low

  * Fix null-reference for NREN in NRENAccount
  * Remove url-encoding of username, password and commonName for CA-accounts (Comodo)
  * Fix typos (portal config)
  * Add logging when we cannot approve a CSR for signing (CA_Comodo)
  * Enable 'add subscriber' (forgotten to change to form_data array)

 -- Henrik Austad <henrik@austad.us>  Thu, 26 Jan 2012 22:07:06 +0100

confusa (0.7.3~rc2-1) unstable; urgency=low

  * Only show NREN-maint-mode to authN users
  * Only create cert-sign string for logging for authN users
  * Do not explode if nren-maint msg is not set

 -- Henrik Austad <henrik@austad.us>  Wed, 04 Jan 2012 23:33:19 +0100

confusa (0.7.3~rc1-1) unstable; urgency=low

  * Retain (valid) form-data when some of the fields are invalid
  * Check CA-account credentials upon update
  * General bugfixing
  * There are no reasons for forcing the MySQL-server to reside on the
    same server as the web frontend.
  * Drop versioned dependencies; no support for anything older than
    lenny. This also allows the package to be installed on squeeze, since
    the unversioned php5-mhash is satisfied by php5-common's (>= 5.3)
    Provides.
  * Use dh_install instead of manually copying in the files
  * Update copyright to make it more complete
  * Adjust short description to not include an article, according to
    description guidelines.
  * Add sql-upgrade script for 0.7.3 (NREN-maintenance mode)

 -- Henrik Austad <henrik@austad.us>  Wed, 04 Jan 2012 22:40:43 +0100

confusa (0.7.2-1) unstable; urgency=medium

  * Fix DN-ordering issue
  * Fix Silent dropping of '-' in subscriber-name

 -- Henrik Austad <henrik@austad.us>  Tue, 15 June 2011 22:45:00 +0200

confusa (0.7.1-1) unstable; urgency=medium

  * Fix single-IdP bug in disco (patch by Thijs Kinkhorst)
  * Allow UTF-8 characters in organization name in personal mode
    (thanks to Leif Johansson for reporting)
  * Display better instruction texts in e-mail selection form
    (thanks to Thijs Kinkhorst for reporting)
  * Hint user about certificate installation after browser request

 -- Thomas Zangerl <tzangerl@pdc.kth.se>  Mon, 06 Dec 2010 14:19:00 +0100

confusa (0.7.0-1) unstable; urgency=low

  * Update INSTALL documentation
  * Restructure IdP-discovery, POST IdP-scoping parameter instead of
    sending it in a GET (thanks to Mehdi Hached for reporting)
  * RI: Fix revocation result listing (thanks to Per-Olov Gustafsson for
    reporting)
  * Show warning if admin entitlement found, but not user entitlement
    (thanks to Thijs Kinkhorst for reporting)
  * Receive-CSR: Disable "next" button if no CSR selected
  * Fix display issue of e-mail step skip notification
  * Fix bugs in the backend of the robotic interface
  * Fix smaller glitches in the UI

 -- Thomas Zangerl <tzangerl@pdc.kth.se>  Wed, 01 Dec 2010 14:11:00 +0100

confusa (0.7.0~rc1-1) unstable; urgency=low

  * Disable certificate request for unentitled users
  * Restructure single certificate revocation
  * Disable mail selection step if number mail addresses equal
    number configured mail addresses
  * Fix bug in selection of 0 mail addresses in NREN setting

 -- Thomas Zangerl <tzangerl@pdc.kth.se>  Tue, 23 Nov 2010 10:57:00 +0100

confusa (0.7.0~rc0-1) unstable; urgency=low

  * Refactor the certificate/CSR codebase to make the code more
    readable and more maintainable
  * Move certificate issuance UI to a clearer, wizard-based structure
  * Some minor improvements (use of jQuery, better CA certificate
    download; not all individually listed)

 -- Thomas Zangerl <tzangerl@pdc.kth.se>  Mon, 15 Nov 2010 14:25:00 +0100

confusa (0.6.10-1) unstable; urgency=low

  * Add an additional configuration option for the default key length
    (used for browser generation)
  * Fix problems with translated strings containing "'" in browser
    generation

 -- Thomas Zangerl <tzangerl@pdc.kth.se>  Fri, 29 Oct 2010 16:10:00 +0200

confusa (0.6.9-1) unstable; urgency=low

  * Less restrictive CN input sanitation. E.g. allow "'" (O'Leary,...)
  * Contact-info: Use "virtual host name" instead of URL on branding field
    label
  * WAYF-URL validation: Allow empty URL (to reset the WAYF-URL to none)
  * Attributes: Check format of AJAX attribute value before displaying it
  * CA settings: Display more descriptive error when CA incorrectly
    configured
  * Subscriber management: Display clearer error message if admin's
    organization can not be found

 -- Thomas Zangerl <tzangerl@pdc.kth.se>  Mon, 11 Oct 2010 15:02:00 +0200

confusa (0.6.8-1) unstable; urgency=low

  * Input-sanitation: Allow ',' in cn attributes

 -- Thomas Zangerl <tzangerl@pdc.kth.se>  Fri, 01 Oct 2010 15:52:00 +0200

confusa (0.6.7-1) unstable; urgency=medium

  * Fix: Remove error-prone HTTP-REFERER check in the Anti-CSRF checks

 -- Thomas Zangerl <tzangerl@pdc.kth.se>  Thu, 22 Jul 2010 16:38:00 +0200

confusa (0.6.6-1) unstable; urgency=low

  * Fix: make sure WAYF-URL is proper

 -- Henrik Austad <henrik@austad.us>  Tue, 22 June 2010 15:10:00 +0200

confusa (0.6.5-1) unstable; urgency=low

  * Fix: add language translation to consent-buttons
  * Fix: remove translations from package (provided by confusa-lang)

 -- Henrik Austad <henrik@austad.us>  Tue, 22 June 2010 15:10:00 +0200

confusa (0.6.4-1) unstable; urgency=low

  * Security: Anti-CSRF security mechanisms
  * Fix: DN-name component bugfix (allow '-')
  * Fix: Warn user when name is altered via sanitizing
  * Fix: IdP-disco preselect single IdP

 -- Henrik Austad <henrik@austad.us>  Fri, 18 June 2010 09:10:10 +0200

confusa (0.6.3-1) unstable; urgency=low

  * Enable subadmins (disabled by mistake)
  * Adapt to number of NRENs' IdPs in the DB
  * Seet multiple IdP-url as a valid db-result

 -- Henrik Austad <henrik@austad.us>  Mon, 03 May 2010 13:10:10 +0200

confusa (0.6.2-1) unstable; urgency=low

  * Fix Improve error-handling of fault Subscriber maps
  * Fix Improve logging
  * Fix Correct faulty use of PHP's ternary operator

 -- Henrik Austad <henrik@austad.us>  Mon, 03 May 2010 13:10:10 +0200

confusa (0.6.1-1) unstable; urgency=low

  * Fix Do not follow empty subscriber references.
  * Fix Make sure db-password is included when using db_lib.sh

 -- Henrik Austad <henrik@austad.us>  Mon, 03 May 2010 13:10:10 +0200

confusa (0.6.0-1) unstable; urgency=low

  * Fix path to default mail notification template
  * Fix install.sh server configuration resulting in an endless loop
  * Fix bugs in XML_Client, refer to UID not eppn
  * Improve output for robotic interface

 -- Thomas Zangerl <tzangerl@pdc.kth.se>  Fri, 23 Apr 2010 15:44:10 +0200

confusa (0.6.0~rc1-1) unstable; urgency=low

  * Fix errors in the bootstrap-nren script
  * Fix errors in the db_lib script
  * Use person's UID instead of common-name to retrieve certificate-list
  
 -- Thomas Zangerl <tzangerl@pdc.kth.se>  Mon, 19 Apr 2010 16:18:10 +0200

confusa (0.6.0~rc0-1) unstable; urgency=low

  * Improve the auth-handling, create OAuth authentication
  * Robotic interface: Handle error conditions
  * Branding: Support NREN WAYF URLs
  * Branding: Present branded page based on portal URL
  * Make UID mappable (was fixed to ePPN)
  * Move UIDs uniqueness constraint down to subscriber/IdP level
  * Include a REST API for third party integration

 -- Thomas Zangerl <tzangerl@pdc.kth.se>  Fri, 16 Apr 2010 17:43:12 +0200

confusa (0.5.3-1) unstable; urgency=low

  * Loosen the sanitation on Input::sanitizeIdP(), accept URNs
  * Make the DB field for the subscriber-name longer

 -- Thomas Zangerl <tzangerl@pdc.kth.se>  Thu, 25 Mar 2010 14:43:43 +0100

confusa (0.5.2-1) unstable; urgency=low

  * Fix the entityID fix from 0.5.1

 -- Thomas Zangerl <tzangerl@pdc.kth.se>  Fri, 19 Mar 2010 10:12:09 +0100

confusa (0.5.1-2) unstable; urgency=low

  * Make package lintian clean(er)

 -- Thomas Zangerl <tzangerl@pdc.kth.se>  Tue, 16 Mar 2010 11:18:11 +0100

confusa (0.5.1-1) unstable; urgency=low

  * Fix null pointer dereferencing that occured for non-bootstrapped
    NRENs (the no NREN set issue)
  * Add the identity provider's entityID to the set of attributes in
    IdP-based authentication
  * Improve the bootstrap_idp script, add a sync-flag to synchronize the
    idp_map in the DB against a metadata file

 -- Thomas Zangerl <tzangerl@pdc.kth.se>  Tue, 16 Mar 2010 10:08:10 +0100

confusa (0.5.0-1) unstable; urgency=low

  * Add possibility to query for unstructuredName in revocation of personal
    certificates
  * Improve robotic interface (XML parsing and certificate lookup)
  * HTML cleanups (standard conformity, rendering)
  * Fix browser-signing for IE on XP
  * Include Norwegian translation
  * Add switch to bootstrap_idp to include all IdPs from a metadata file

 -- Thomas Zangerl <tzangerl@pdc.kth.se>  Fri, 26 Feb 2010 11:42:33 +0100

confusa (0.5.0~rc2-1) unstable; urgency=low

  * Remove the tools section
  * Fix the subject-DN of personal certificates to match the CPS
  * Show a privacy notice to the user before they can request a certificate
  * Add more messages, user hints
  * Bugfixes (thanks to Thijs and UvT for the invaluable feedback again!)

 -- Thomas Zangerl <tzangerl@pdc.kth.se>  Mon, 08 Feb 2010 15:29:03 +0100

confusa (0.5.0~rc1-1) unstable; urgency=low

  * Add e-mail addresses to the SubjectAltNames (SANs) of certificates
    (configurable by NRENs)
  * Add more and more freely positionable logos to the NREN branding
    possibilities
  * Add an acceptable use policy (AUP) mask to the certificate request
    process
  * Add a NREN-configurable privacy notice
  * Add a configuration switch between "Personal" and "eScience" use of
    Confusa, with different constants and POST parameters to be used in each
  * Make most parts of Confusa localizeable, using the Feide translation
    portal
  * Bugfixes and minor improvements

 -- Thomas Zangerl <tzangerl@pdc.kth.se>  Mon, 01 Feb 2010 14:58:09 +0100

confusa (0.4.0-1) unstable; urgency=low

  * Rework the layout of the menu (again)
  * Improve cross-browser compatibility
  * Fix smaller bugs
  * Include scripts for uploading robot-certs to the RI
  * Big improvements in the robotic interface 
  * Limit the certlist in online-mode to a configurable time period
    to improve average UI responsiveness

 -- Thomas Zangerl <tzangerl@pdc.kth.se>  Fri, 18 Dec 2009 15:36:12 +0100

confusa (0.4.0~rc1-1) unstable; urgency=low

  * Input sanitation made more targeted towards the type of the data
  * Rework the layout of the revocation UI
  * Rework the layout of the menu
  * Rework the flow of applying for a CSR
  * Move robotic interface into normal Confusa space
  * Fix bugs found in rc0

 -- Thomas Zangerl <tzangerl@pdc.kth.se>  Fri, 11 Dec 2009 15:57:20 +0100

confusa (0.4.0~rc0-1) unstable; urgency=low

  * Major improvements in usability and configurability
  * Remove the remaining mapping files
  * Refactor the authentication process to use class objects
  * Fixes in the HTML-syntax
  * Include Nagios reporting functionality
  * Change mailer to use libphp-phpmailer
  * Add report-mail customization
  * Add custom error handler (should avoid Quirks-mode in browsers)
  * Add configurability of helpdesk URL/mail to subscribers
  * AJAX hints in the map and when showing the certificate
  * Lots of small visual, code and behaviour improvements

 -- Thomas Zangerl <tzangerl@pdc.kth.se>  Fri, 04 Dec 2009 15:42:31 +0100

confusa (0.3.2) unstable; urgency=low

  * Bugfix release
  * Fix XSS vulnerabilities
  * Fix problems with the mail-manager
  * Match only pubkey in checking for known public key, not entire CSR
  * Use dbconfig-common

 -- Thomas Zangerl <tzangerl@pdc.kth.se>  Fri, 13 Nov 2009 16:14:24 +0100

confusa (0.3.1) unstable; urgency=low

  * Bugfix release
  * Unsubscribed and suspended subscriber-users can not issue certificates any
    more
  * Adapt authentication to new simplesamlphp SAML:SP Auth module
  * NREN admin now able to initially set his/her subscriber

 -- Thomas Zangerl <tzangerl@pdc.kth.se>  Wed, 28 Oct 2009 15:59:59 +0100


confusa (0.3) unstable; urgency=low

  * Initial release.
  * Based upon Confusa tag v0.3
  * Changed lib_include.php to include /etc/confusa

 -- Thomas Zangerl <tzangerl@pdc.kth.se>  Sun, 18 Oct 2009 15:35:09 +0200

