-
webauth (4.7.0-8) unstable; urgency=medium
* QA upload.
* Add patch to remove embedding of username, hostname and set date to
use SOURCE_DATE_EPOCH. (Closes: #977610)
* debian/rules: Run tests in C.UTF-8 locale.
* debian/source/options: Drop custom compression setting.
* debian/rules: Remove --parallel argument to dh, already the default.
* debian/control: Update Vcs headers.
* Remove obsolete lintian overrides.
* debian/control: Update to debhelper-compat 13.
* debian/copyright: Update "Format" to use https URL.
* debian/rules: Add override for dh_missing to pass --list-missing.
* debian/control: Update Standards-Version to 4.5.1.
* Add patch to convert document encodings to UTF-8.
-- Vagrant Cascadian <email address hidden> Sun, 20 Dec 2020 23:09:07 -0800
-
webauth (4.7.0-7) unstable; urgency=medium
* QA upload.
* Explicitly declare "Rules-Requires-Root: binary-targets" (due to
installing /var/cache/weblogin with ownership www-data:www-data).
-- Colin Watson <email address hidden> Sat, 05 Jan 2019 12:20:06 +0000
-
webauth (4.7.0-6) unstable; urgency=medium
* Orphan this package, since I no longer use it and cannot therefore
test or maintain it properly. It has also been orphaned upstream.
* Set Secure cookie flag properly with WebAuthSSLReturn.
* Correctly honor WebKdcTokenMaxTTL for request tokens.
* Suppress CGI warnings from using param in list context in WebLogin.
* Add missing word in default WebLogin help text. (Closes: #783289)
* Update debhelper compatibility level to V11.
- Remove now-unnecessary explicit dependency on dh-autoreconf.
* Switch to the DEP-14 branch layout and update debian/gbp.conf and
Vcs-Git accordingly.
* Update standards version to 4.1.3 (no changes required).
* Use https URL in debian/watch.
-- Russ Allbery <email address hidden> Thu, 28 Dec 2017 17:12:37 -0800
-
webauth (4.7.0-5) unstable; urgency=medium
* Update build dependency to libssl-dev (OpenSSL 1.1). (Closes: #859788)
* Remove old transitional packages for the Apache module renaming.
* Update standards version to 4.0.1.
- Change all extra priorities to optional.
-- Russ Allbery <email address hidden> Mon, 07 Aug 2017 07:54:47 -0700
-
webauth (4.7.0-4) unstable; urgency=medium
* Add a patch to change the function used to probe for the OpenSSL
library, allowing WebAuth to build against OpenSSL 1.1.
* Depend on libssl1.0-dev anyway, since Apache currently requires
libssl1.0-dev and otherwise build dependencies are not installable.
(Closes: #828597)
* Mark libwebauth-perl Multi-Arch: same, trusting the multiarch hinter
to be correct about this.
* Change Vcs-Git and Vcs-Browser to https URLs.
* Fix duplicate words in the documentation caught by Lintian.
* Run wrap-and-sort -ast.
* Update standards version to 3.9.8 (no changes required).
-- Russ Allbery <email address hidden> Sun, 13 Nov 2016 10:43:31 -0800
-
webauth (4.7.0-3) unstable; urgency=medium
* Explicitly Build-Depend on libmodule-build-perl, since it will be
removed from Perl core in the next release. (Closes: #7961560)
* Mention WebKDC in the description of libwebkc-perl in case someone is
searching for packages containing that module.
* Add overrides for apache2-module-depends-on-real-apache2-package,
which appears to be a bug in either lintian or dh_apache2.
-- Russ Allbery <email address hidden> Thu, 20 Aug 2015 19:24:05 -0700
-
webauth (4.7.0-2) unstable; urgency=medium
* Upload to unstable.
* Moved libtime-duration-perl to Depends from Suggests. This is now
used unconditionally upstream. (Closes: #783288)
* Add debian/gbp.conf reflecting the branch layout of the default
packaging repository.
* Fix upstream distribution signing key.
-- Russ Allbery <email address hidden> Sun, 26 Apr 2015 18:53:16 -0700
-
webauth (4.6.1-1) unstable; urgency=medium
* New upstream release.
- Fix legacy support for AuthType StanfordAuth.
- New mod_webkdc configuration directive, WebKdcFastArmorCache, that
tells the WebKDC to always use FAST armor when obtaining initial
credentials using a password.
- Fix parsing of the WebKdcKerberosFactors directive.
- New webauth_krb5_set_fast_armor_path API.
- Show expiring password warning in WebLogin after any POST.
- Translate KRB5_KDC_UNREACH into a user rejected error instead of an
internal failure.
- Translate an EINVAL error to an incorrect password error code.
- Verify the username field on multifactor authentication to avoid
warnings from later in the code.
- Allow newlines, CRs, and tabs in XML from the WebKDC to the WebLogin
server, fixing display of some user message elements.
- Force display of the confirmation page if authorization identity
switching is permitted.
- Diagnose empty RT and ST parameters to WebLogin.
- Add new factors mp (mobile push) and v (voice).
- Warn in the mod_webauth documentation that all members of a
load-balanced pool accepting credential delegation must use the same
Kerberos identity.
* Enable tests controlled with AUTOMATED_TESTING.
* Rename packages and change library symbols for upstream SONAME bump
and symbol versioning changes.
-- Russ Allbery <email address hidden> Wed, 23 Jul 2014 14:28:06 -0700
-
webauth (4.6.0-4) unstable; urgency=medium
* Use an executable debian/libwebauth-perl.install file and some Perl
code in debian/rules to pull the correct Perl arch-specific vendor
module path from Perl during the build. Should fix builds with Perl
5.20. Thanks, Niko Tyni and gregor herrmann. (Closes: #752903)
-- Russ Allbery <email address hidden> Wed, 02 Jul 2014 21:54:21 -0700
-
webauth (4.6.0-3) unstable; urgency=medium
* Handle ownership change of the mod_webauth keyring in the
libapache2-webauth transition package as well, since that's the
package that will see the versioned upgrade.
* Tighten dependency of libwebkdc-perl on libwebauth-perl to ensure that
the remctl password change API is available.
* Refresh debian/copyright with current upstream LICENSE file.
* Remove now-unneeded Lintian override for the upstream signing key.
* Add a Lintian override for the dual-licensed protocol specification.
-- Russ Allbery <email address hidden> Sun, 13 Apr 2014 13:46:27 -0700
-
webauth (4.6.0-2) unstable; urgency=medium
* Change ownership of the mod_webauth keyring to www-data on upgrade
from prior versions if it was owned by root. Versions prior to 4.6.0
created the keyring during Apache configuration parsing before Apache
dropped privileges, but keyring handling is now done by the Apache
child processes. Without this change, WebAuth actions would fail
because the keyring could not be initialized.
-- Russ Allbery <email address hidden> Wed, 19 Mar 2014 13:50:40 -0700
-
webauth (4.6.0-1) unstable; urgency=medium
* New upstream release.
- New mod_webauth configuration directive, WebAuthCookiePath, which
scopes all cookies set by mod_webauth within the directive scope to
the given path. Be sure that any WebAuthDoLogout URL is scoped with
the same path. When using this directive, ensure all protected
portions of the site are covered by a directive and none of the
scopes are overlapping.
- WebAuthOptional should now work properly with Apache 2.4.
- Do not delete mod_webauth notes after using them, which prevents
some double-redirects to WebLogin during subrequests.
- mod_webauth and mod_webkdc now maintain separate in-memory keyrings
for each virtual host, and WebAuthKeyring, WebKdcKeyring, and
related directives are now properly honored in virtual host
configuration. This fixes keyring leaks between virtual hosts when
using the ITK MPM.
- Be more thorough in telling browsers to not cache WebLogin
responses, redirects and logout pages, and WebAuthDontCache pages.
- All keyring writes are now locked with a separate lock file (the
keyring file name with ".lock" appended) in the same directory.
- Keyring updates now preserve ownership and permissions where
possible.
- Use the authenticated identity returned by the WebKDC for
multifactor authentication in WebLogin rather than preserving the
user's original entry. The WebKDC may have canonicalized.
- Support a remctl-based password change protocol in WebLogin and in
libwebauth via the new webauth_krb5_change_config API.
- Set the correct template variable when the code field is left blank
on the WebLogin multifactor form.
- Map unknown realm and invalid principal errors during Kerberos
authentication to WA_PEC_USER_REJECTED instead of a generic Kerberos
error so that WebLogin will present a more helpful error message.
- Fix a bug in the workaround for invalid XML from the WebKDC.
- Log a more detailed message during WebLogin password change
failures.
* Add the upstream signing key to debian/upstream/signing-key.asc and
configure uscan to do signature validation. Configure uscan to
download the xz tarball instead of the gz tarball.
* Remove now-unnecessary override of dh_builddeb to use xz compression.
* Update standards version to 3.9.5 (no changes required).
-- Russ Allbery <email address hidden> Tue, 18 Mar 2014 22:59:18 -0700
-
webauth (4.5.5-2) unstable; urgency=low
* Upload to unstable.
-- Russ Allbery <email address hidden> Sun, 08 Sep 2013 10:51:03 -0700
-
webauth (4.5.3-5) unstable; urgency=low
* Only remove /var/lib/webauth during purge if the directory exists.
Both libapache2-mod-webauth and libapache2-mod-webauthldap create and
use that directory, so it may have already been removed by the other
package. (Closes: #714602)
-- Russ Allbery <email address hidden> Mon, 01 Jul 2013 15:21:48 -0700
-
webauth (4.5.3-4) unstable; urgency=low
* Apply upstream patch to fix incorrect linkage of some of the test
programs. (Closes: #713452)
-- Russ Allbery <email address hidden> Sun, 23 Jun 2013 12:14:52 -0700
-
webauth (4.5.3-3) unstable; urgency=low
* Move mod_webauthldap into a separate libapache2-mod-webauthldap
package. This permits better dependencies, more closely conforms to
the Apache module naming convention, and allows users who aren't
interested in the LDAP module to easily remove it. Note that the
libapache2-mod-webauth package does not attempt to clean up
configuration files left behind from the mod_webauthldap module, since
nearly all users upgrading from an older version will end up with both
packages installed, and removal of libapache2-mod-webauthldap will do
the right thing. Additional cleanup would only be needed for people
upgrading from experimental versions of libapache2-mod-webauth who do
not install libapache2-mod-webauthldap and doesn't seem worth the
complexity.
* Add proper Breaks/Replaces for the Apache module package renaming.
* Pass LDFLAGS from the main build to the Perl module build so that the
hardening flags are set properly.
-- Russ Allbery <email address hidden> Sun, 02 Jun 2013 12:12:40 -0700
-
webauth (4.5.3-2) unstable; urgency=low
* Upload to unstable.
* Now that dh_apache2 has an option to not enable the modules by
default, let it handle all module setup for libapache2-mod-webauth
except for the Apache restart and remove the now-unnecessary prerm
script.
* Simplify libcgi-application-perl Depends and Build-Depends by dropping
the alternatives that were required for squeeze.
* Add build dependency on dh-apache2 per the dh_apache2 manual page.
-- Russ Allbery <email address hidden> Thu, 30 May 2013 19:43:23 -0700
-
webauth (4.1.1-2) unstable; urgency=low
* Add Breaks of libwebkdc-perl and webauth-weblogin << 4.0.0 to
libwebauth-perl and of webauth-weblogin << 4.0.0 to libwebkdc-perl.
The API of the Perl modules changed in 4.0.0. Thanks, Dameon Wagner.
(Closes: #691878)
-- Russ Allbery <email address hidden> Sun, 04 Nov 2012 13:57:09 -0800
-
webauth (4.1.1-1) unstable; urgency=low
* New upstream release (no Apache 2.4 support yet; that's next).
- Fix webauth_user_info bug in interpreting login history timestamps.
- Fix login history timestamp handling in sample confirm template.
- Suppress history and token rights in sample confirm template when
those data elements are empty. (Closes: #664735)
- Add explicit HTML filters to all sample template variable
interpolations as an additional security measure.
- Update the mod_webkdc manual for changes in 4.1.0.
* If Apache is running and has the module loaded, restart Apache on
configure of libapache2-webauth or libapache2-webkdc.
* Remove the conditional around the postinst actions for
libapache2-webauth and libapache2-webkdc and just always configure the
package. This is at least arguably more correct for the various abort
cases, is simpler, and shouldn't hurt.
-- Russ Allbery <email address hidden> Wed, 25 Apr 2012 14:41:39 -0700
-
webauth (4.1.0-1) unstable; urgency=low
* New upstream release.
- New mod_webkdc WebKdcUserInfoTimeout option to set a network timeout
for user information service queries. The new default is 30
seconds.
- New mod_webkdc WebKdcUserInfoIgnoreFail error to allow users to
authenticate with password and use pre-existing single sign-on
cookies even if the user information service is down. Be aware that
this can allow bypassing a centrally-mandated multifactor
requirement.
- Use remctl_set_ccache instead of setting KRB5CCNAME when available
to avoid memory leaks on calling the user information service and to
not leak settings across threads.
- Fix WebLogin error handling when the password field is left blank.
- Fix WebLogin error handling of empty usernames.
- Drop library support for base64-encoded token attributes (which was
never used by WebAuth).
- Drop webauth_info_{build,version} library APIs.
- Document Apache/Tomcat security interaction around URL parsing in
the mod_webauth manual. This affects any Apache security mechanism
used in conjunction with Tomcat.
* Bump libremctl-dev build dependency to >= 3.1 for consistent builds.
* Add Build-Depends-Package to the symbols file for better dependency
handling.
* Update standards version to 3.9.3 (no changes required).
-- Russ Allbery <email address hidden> Thu, 15 Mar 2012 16:18:41 -0700
-
webauth (4.0.2-1) unstable; urgency=low
* New upstream release.
- Fix setting of the REMOTE_USER preference cookie in WebLogin.
- Ignore undefined cookies in WebLogin to reduce error logs.
- Document factor codes in the mod_webauth manual.
* Remove ${shlibs:Depends} from libwebauth-dev dependencies to remove a
warning. This package won't contain compiled binaries.
-- Russ Allbery <email address hidden> Fri, 02 Dec 2011 21:01:09 -0800
-
webauth (4.0.1-1) unstable; urgency=low
* New upstream release.
- Change user information service and WebKDC to WebLogin protocols for
conveying suspicious login information to use the IP address as the
CDATA and put the hostname in an attribute.
- Display suspicious logins in WebLogin, forcing a confirmation page.
- Log the return URL of authentication requests to the WebKDC.
- Reduce mod_webauth log level when retrieving credentials.
-- Russ Allbery <email address hidden> Fri, 23 Sep 2011 13:42:17 -0700
-
webauth (4.0.0-2) unstable; urgency=low
* Fix a variety of uninitialized variables and memory leaks in the
libwebauth library and the test suite. Thanks, Christoph Egger and
Aaron M. Ucko. (Closes: #640259)
* Don't attempt to chown files in libwebkdc-perl when doing a
binary-only build. Thanks, Aaron M. Ucko. (Closes: #640268)
-- Russ Allbery <email address hidden> Sat, 03 Sep 2011 13:07:04 -0700
-
webauth (4.0.0-1) unstable; urgency=low
* New upstream release.
- Added support for multifactor, including new WebAuth directives
WebAuthRequireInitialFactor, WebAuthRequireSessionFactor, and
WebAuthRequireLOA and new WebKDC directives WebKdcUserInfoURL and
WebKdcUserInfoPrincipal. Currently requires a metadata service for
which there isn't a packaged implementation.
- mod_webauth now exposes the user's initial and session
authentication details and level of assurance (if known) in
environment variables WEBAUTH_FACTORS_INITIAL,
WEBAUTH_FACTORS_SESSION, and WEBAUTH_LOA.
- WebLogin now uses Template Toolkit for all templating. All
templates will have to be revised to use the new syntax.
- WebLogin can tell an external middleware service to send the user an
OTP code via some means, such as SMS. There are new configuration
variables for /etc/webkdc/webkdc.conf that control this.
- WebLogin now supports a site-specific callback to determine the
initial and session factors and level of assurance for a user who
has been authenticated via Apache authentication.
- The keyring functions of the WebAuth Perl module have been rewritten
to use an object-oriented style and new WebAuth::Keyring and
WebAuth::KeyringEntry objects. Perl code that used the keyring API
will need to be modified. Methods to remove a key from a keyring,
get the timestamps and keys associated with keyring entries, and
choose the best key have been added.
- The libwebauth API has been changed substantially and will be
changed further in subsequent releases.
- The proxy data attribute of webkdc-proxy tokens is now optional.
* Install /var/cache/weblogin, writable by www-data, as a directory to
use for Template Toolkit to cache compiled templates. Mention the new
$TEMPLATE_COMPILE_PATH directive in the libwebkdc-perl NEWS.Debian.
* Update the webauth-weblogin README.Debian to mention the Apache
FastCGI module now included in Debian and the alternative in
non-free.
-- Russ Allbery <email address hidden> Fri, 02 Sep 2011 15:57:56 -0700
-
webauth (3.7.4-1) unstable; urgency=low
* New upstream release. - New Apache directive WebAuthOptional, which does not force the user to authenticate if they're not already authenticated but adds the authentication information to the environment if they are. Intended for use with dynamic content that can manage optional authentication through an explicit login link. - Work around an MIT Kerberos library bug in error reporting from password change and remove the previous cruder workaround that mapped Kerberos errors to password strength warnings. - Suppress certificate validation for the WebKDC in WebLogin if the WebKDC URL is localhost, required by libwww-perl 5.837 or later. - More robust generation of the pkg-config configuration file. - Clearer warning from WebLogin when paired with an old WebKDC. - Document the pt and sa key/value pairs in WebKDC logging. * Drop the transitional libwebauth1-dev package, required to smooth upgrades from lenny. squeeze released with libwebauth-dev. * Update to debhelper compatibility level V8. - Use debhelper rule minimization with overrides. - Do more work in *.install files and less work in debian/rules. * Switch to 3.0 (quilt) source format. Force a single Debian patch and include a custom patch header explaining that it is a rollup of any fixes cherry-picked from upstream and breaking those patches out separately would be work for no gain. * Update standards version to 3.9.2 (no changes required). -- Russ Allbery <email address hidden> Wed, 11 May 2011 15:26:32 -0700
-
webauth (3.7.3-2) unstable; urgency=low
* Upload to unstable. -- Russ Allbery <email address hidden> Wed, 02 Mar 2011 16:48:17 -0800
-
webauth (3.7.1-2) unstable; urgency=low
* Apply upstream deltas:
- [49ad22d2] Fix wa_keyring option parsing and verbose mode bugs
* Update standards version to 3.9.1 (no changes required).
-- Russ Allbery <email address hidden> Thu, 12 Aug 2010 15:37:53 -0700
-
webauth (3.7.1-1) unstable; urgency=low
* New upstream release.
- Password change in WebLogin now forces re-entry of the old password
on the same screen as the new password even if the user had just
authenticated, with a configuration option to disable this.
- The default proxy token lifetime is now the lifetime of the
underlying Kerberos credential, matching the documentation, instead
of ten hours.
- Improve error reporting in WebLogin for password change failures.
-- Russ Allbery <email address hidden> Fri, 23 Jul 2010 12:51:43 -0700
-
webauth (3.7.0-1) unstable; urgency=low
* New upstream release.
- WebAuthLdapAuthRule in mod_webauthldap now sets environment
variables to the value "privgroup <privgroup>" rather than the
previous behavior of just "<privgroup>".
- New WebAuthLdapPrivgroup directive for mod_webauthldap which probes
user's membership in multiple privgroups and sets an environment
variable to the list of those they're in.
- WebAuthLdapAttribute can now take multiple attributes on one line.
- WebLogin includes a password change script and template.
- WebLogin now supports password expiration handling.
- WebLogin may be configured to warn users of expiring passwords.
- WebLogin catches SIGTERM in login.fcgi and finishes the current
request, fixing some problems with unclean shutdown when FastCGI
restarts the running scripts.
- WebLogin correctly encodes RT and ST in the URL when redirecting to
an alternate URL when attempting REMOTE_USER authentication.
- wa_keyring now uses ISO format for timestamps.
- Various changes and cleanup to the WebAuth library API.
- Link wa_keyring with libcrypto properly. (Closes: #556674)
- Avoid importing isa from UNIVERSAL. (Closes: #578632)
- Lower the log level of some mod_webauth diagnostics.
* The default help.html file is now installed into
/usr/share/weblogin/generic/templates instead of one level higher.
* Upstream now no longer uses apxs to install modules, so upstream
supports DESTDIR and debian/rules can use make install instead of
rewriting all the installation rules.
* Drop the SONAME version from libwebauth-dev. We'll never need to
maintain development packages for more than one version of the ABI in
Debian at the same time. Add a transitional package to assist with
upgrades.
* Move Perl module dependencies from webauth-weblogin to libwebkdc-perl
since the supporting modules now load the other required Perl modules.
* Bump the versioned dependencies from webauth-weblogin and
libwebkc-perl on libwebauth-perl and in webauth-weblogin on
libwebkdc-perl.
* Add an explicit dependency on liburi-perl to libwebkdc-perl.
* Fix Perl dependencies in webauth-weblogin and webauth-tests.
* Add a Suggests of libapache2-mod-php5 to webauth-tests.
* Add Suggests of libtimedate-perl, libtime-duration-perl, and
libnet-remctl-perl to libwebkdc-perl, required for now for expiring
password warning support.
* Downgrade the libwebauth-dev dependency on libkrb5-dev to Suggests
since it's only required for static linking.
* Update build dependency to libcurl4-openssl-dev.
* Add additional build dependencies so that the Perl module test suite
can run.
* Force source format 1.0 for right now to make backporting easier.
* Update to debhelper compatibility level V7.
- Add ${misc:Depends} to all dependencies.
- Use dh_prep instead of dh_clean -k.
* Update standards version to 3.9.0 (no changes required).
-- Russ Allbery <email address hidden> Thu, 08 Jul 2010 15:52:26 -0700
-
webauth (3.6.2-2) unstable; urgency=low
* Set DESTDIR instead of PREFIX when installing the Perl modules. Perl
5.10.1 doesn't allow changing PREFIX at install time. Thanks, Niko
Tyni.
-- Russ Allbery <email address hidden> Tue, 15 Sep 2009 20:33:12 -0700
-
webauth (3.6.2-1) unstable; urgency=high
* New upstream release.
- CVE-2009-2945: When generating a redirect to test for cookie
support, be sure not to include a password in the URL. Reject
username/password logins via methods other than POST.
- If the user submits the login form via POST without the test cookie,
assume the browser supports cookies and don't probe.
- New script (in /usr/share/doc/webauth-weblogin/weblogin-passcheck)
to find passwords exposed by CVE-2009-2945.
-- Russ Allbery <email address hidden> Tue, 08 Sep 2009 15:30:20 -0700
-
webauth (3.6.1-2) unstable; urgency=low
* Do not install the libwebauth.la file. Libtool *.la files force other
packages using Libtool to declare excessive library dependencies.
* Update standards version to 3.8.3 (no changes required).
-- Russ Allbery <email address hidden> Mon, 24 Aug 2009 16:24:26 -0700
-
webauth (3.6.1-1) unstable; urgency=low
* New upstream release.
- $BYPASS_CONFIRM now suppresses the confirm page after POST for
browsers that support this.
- $BYPASS_CONFIRM can be set to "id" to only bypass the confirmation
page if the WAS is not requesting a proxy token (and hence may
request delegated credentials).
- New variables for the WebLogin confirmation page containing
delegated credential details.
- Better WebLogin cookie handling with confirmation bypass.
* Remove -L and -l flags to dh_shlibdeps, which are no longer needed.
* Remove full paths to a2dismod in the package prerm scripts.
* Update standards version to 3.8.2.
- Change sections of Apache modules.
- Run test suite iff nocheck is not set in DEB_BUILD_OPTIONS.
* Add Vcs-Git and Vcs-Browser source control fields.
* Improve short description for libwebkdc-perl.
* Update debian/copyright to include a copy of the more thorough new
upstream LICENSE file.
-- Russ Allbery <email address hidden> Tue, 14 Jul 2009 19:32:01 -0700
-
webauth (3.6.0-1) unstable; urgency=low
* New upstream release.
- Fix prematurely freed internal data in mod_webauth.
- Work around a CGI Perl module bug in WebLogin that caused crashes
for WebLogin URLs containing two slashes and two plus signs.
- Add WebLogin support for delegated credentials. Based on work by
Joachim Keltsch. (Closes: #466792)
- New WebKdcLocalRealms and WebKdcPermittedRealms mod_webkdc options.
- New WebKDC protocol error for a login rejected by policy.
- New err_rejected variable in the weblogin login.tmpl template.
- Several new WebLogin configuration options and hooks.
- WebLogin REMOTE_USER variables have been renamed for consistency,
but the old variables will continue to work.
* Add symbols support for libwebauth1.
* Bump shlibs for libwebauth1 for the introduction of a new interface.
* Minor debian/rules tweaking:
- Use the right configure arguments for cross-compiles.
- Use touch $@ to create stamp files.
- Use install rather than cp and mkdir.
* Update the doc-base section for the WebAuth protocol specification.
-- Russ Allbery <email address hidden> Fri, 21 Mar 2008 22:10:09 -0700