self-service-password (1.4.3-2) groovy; urgency=medium

  * Rename sourcer project 

 -- Chris <dpkg@chris-nz.com>  Sat, 10 Jul 2021 17:15:09 +1200

ltb-project-self-service-password (1.4.3-1) unstable; urgency=high

    * gh#516: Docker image does not have sendmail in it
    * gh#517: fix(mail): add sendmail to Docker image
    * gh#520: [Security:high] Reset by SMS can be used to change any account password
    * gh#521: If token was provided by SMS, check initial SMS code before changing password
    * gh#522: [Security:low] Dismiss captcha once it is used

 -- Clement Oudot <clem@ltb-project.org>  Wed, 12 May 2021 12:00:00 +0200

ltb-project-self-service-password (1.4.2-1) unstable; urgency=low

    * gh#504: Cannot use docker get gregwar/captcha----use docker
    * gh#505: fix(captcha): missing gd library
    * gh#506: I have a little problem - I can't use SMS for the next step
    * gh#507: fix(reset)
    * gh#508: fix(undefined)
    * gh#511: Bump phpmailer/phpmailer from 6.3.0 to 6.4.1 in /lib

 -- Clement Oudot <clem@ltb-project.org>  Tue, 04 May 2021 12:00:00 +0200

ltb-project-self-service-password (1.4.1-1) unstable; urgency=low

    * gh#501: Remove extra semicolon from setquestions template
    * gh#502: Remove alt text so empty logo doesn't show 'msg_title' twice

 -- Clement Oudot <clem@ltb-project.org>  Tue, 27 Apr 2021 12:00:00 +0200

ltb-project-self-service-password (1.4-1) unstable; urgency=low

    * gh#52: Docker image
    * gh#109: Use Smarty framework
    * gh#133: Get extended ldap error in case of  "passworderror" from LDAP directory
    * gh#155: Use password modify extended operation
    * gh#156: Use password policy control
    * gh#157: Using ldap_exop_passwd if available (PHP>=7.2)
    * gh#183: Reset questions and answers (Questions/suggestion?)
    * gh#220: Pre Hook script
    * gh#224: SMS OVH provider
    * gh#225: rate-limiting with json files
    * gh#226: Remove annoying warnings
    * gh#229: Add php-curl to prerequisite
    * gh#233: Translated some lines on file pt-BR.inc.php to Brazilian Portuguese
    * gh#238: Provide a way to know the installed version
    * gh#239: Fix in_array() error
    * gh#250: Web Autocomplete
    * gh#251: Add autocomplete settings on form fields (#250)
    * gh#263: phpunit test fail
    * gh#264: add support for password files (aka pathway to docker secrets)
    * gh#270: Added initial Norwegian (nb-NO) translation
    * gh#272: Allowing Email as URL-Parameter
    * gh#273: Non-english characters are being stipped in posthook call
    * gh#274: Add base64 encoding option to passwords in posthook commands
    * gh#275: Create unit test for posthook_command (ltb-project#273)
    * gh#276: Add a configuration option to force locale (ltb-project#273)
    * gh#279: Traditional Chinese Support
    * gh#281: Change password line in conf to single quotes
    * gh#296: add policy: disallow special character at beginning or end
    * gh#299: New policy: Forbidden words
    * gh#300: add specialatends and show policy criticity check, fix german translation
    * gh#301: New policy: Forbidden ldap fields
    * gh#303: add support for setting multiple question/answers.
    * gh#306: feature request: add another password quality check
    * gh#311: Another Captcha than Google Captcha
    * gh#315: Fixed few pronomous
    * gh#318: Improve multiple answers
    * gh#322: add config.inc.local.php in .gitignore
    * gh#327: Configure several LDAP servers and select one depending on context
    * gh#328: Configure several LDAP servers and select one depending on context
    * gh#329: Prefill user login fields with an HTTP header value
    * gh#330: Prefill user login fields with an HTTP header value
    * gh#331: SMS Twilio Integration
    * gh#332: Docker file
    * gh#333: SMS Twilio Integration
    * gh#334: Missing support for sambaKickofftime
    * gh#335: support for sambaKickofftime, issue 334
    * gh#336: Translate Pwned, specialatends and logic
    * gh#340: Update sl.inc.php
    * gh#342: Hide token URLs unless debug mode is on
    * gh#350: address CVE-2019-11043
    * gh#353: prevent variable interpretation when $ in password
    * gh#354: default_action set to sendtoken with use_change set to true, can not use change form
    * gh#355: ltb-project#354 : Can use change tab when default_action not set to
    * gh#356: ltb-project#322 : Add .gitignore for config files
    * gh#359: Show extended LDAP error message after password change was denied
    * gh#360: Improved pt-BR.inc.php with more colloquial form
    * gh#364: obscure_failure_messages configuration parameter broken
    * gh#365: Revert "Fix in_array() error"
    * gh#367: Show LDAP extended error message (ltb-project#359)
    * gh#371: I added a new translation (basque, "eu") and translated 2 lines of span
    * gh#372: Use Smarty framework
    * gh#377: [DOC] php-filter as dependencie
    * gh#381: create centos 8 package
    * gh#382: Expose more PHPMail parameters
    * gh#383: Set SMTPOptions from local configuration
    * gh#389: ADD: Samba synchronization via call to smbpasswd
    * gh#395: Feature enhancements to security question functionality
    * gh#404: consider to move inline resources
    * gh#405: Update jquery to latest, 3.5.1 currently
    * gh#406: Move inline javascript to its own file fixes (#404)
    * gh#407: Upgrade jquery to 3.5.1
    * gh#408: documentation for docker
    * gh#409: LDAP exop password modify
    * gh#410: More work on smarty migration
    * gh#411: Allowing Email as URL-Parameter
    * gh#412: Move documentation in sources
    * gh#413: Update Polish localization
    * gh#415: Fixes units tests
    * gh#416: Prehook - ltb-project/self-service-password#220
    * gh#417: documentation
    * gh#419: Update config_ldap.rst
    * gh#424: Configure cache dir and template cache dir
    * gh#428: Added best practices of autocomplete for password managers
    * gh#429: I18n fr
    * gh#430: feat(diff-check): #306
    * gh#433: fix(branding): logo in menubar
    * gh#439: Invalid Mail Header, Double To: Field / Outdated PHPMailer Version
    * gh#441: typo in show policies dutch
    * gh#447: Provide WebServices / REST API
    * gh#449: sms_partially_hide_number not working after migration to smarty
    * gh#451: session and token lifetime
    * gh#453: Can't disable tokens?
    * gh#454: fix typo in nl translation
    * gh#456: Mtkraai master
    * gh#457: Link to github page added to README.md
    * gh#460: update from PHP-7.2
    * gh#466: Fix recaptcha on curent master
    * gh#468: updating php to 7.4
    * gh#469: docs(docker)
    * gh#470: Added Serbian language
    * gh#471: Added Serbian language
    * gh#474: Language selection issue
    * gh#475: Option for ppolicy control
    * gh#476: fix(lang): re-include allowed_lang check
    * gh#477: docs(keyphrase): update comments/docs, when should keyphrase be set
    * gh#478: fix(pebkac)
    * gh#479: Update Serbian translation
    * gh#481: New captcha to replace reCAPTCHA
    * gh#482: Upgrade to PHPMailer 6.3.0
    * gh#483: add hook in rest api and a script for multi ldap change password
    * gh#491: do not override config.inc.local.php vars
    * gh#499: Update multi ldap script

 -- Clement Oudot <clem@ltb-project.org>  Tue, 20 Apr 2021 12:00:00 +0200

ltb-project-self-service-password (1.3-1) unstable; urgency=low

    * gh#182: Message incorrect when resetting using email but not supplying
      email (minor)
    * gh#187: Security assessment issues
    * gh#191: Minor changes to Spanish translation
    * gh#196: reduce info released in error messages
    * gh#197: Please wrap mail debug ouput in <pre> tags.
    * gh#198: Create ee.inc.php
    * gh#201: Added some translations
    * gh#202: include config.inc.local.php + warning
    * gh#204: Index includes .swp files and crashes sites with error 500
    * gh#206: Encrypt answers in directory
    * gh#209: Check ldap_bind return code instead of relying on ldap_errno
    * gh#210: SSH key change should not be permitted for expired or must
      change passwords
    * gh#211: Force string conversion of input values
    * gh#215: added support for pwned-passwords api v2
    * gh#217: take into account post-hook exit status

 -- Clement Oudot <clem@ltb-project.org>  Tue, 10 Jul 2018 12:00:00 +0200

ltb-project-self-service-password (1.2-1) unstable; urgency=low

    * gh#149: Remove obsolete stripslashes_if_gpc_magic_quotes
    * gh#154: Translated the hungarian keys left in english.
    * gh#162: Resolve send token web page issue when E-Mail To: set from LDAP
    * gh#166: Opportunistic TLS problem
    * gh#174: Improved nl.lang.php
    * gh#175: reCAPTCHA not working on master
    * gh#176: Dutch translation update by AlbertPluton
    * gh#177: Fix "SSH Key required" message wrong color when ssh key is not
      submitted
    * gh#178: Fix pattern matching in reset by questions
    * gh#179: Revert Twig because of multiple regressions, work still needed,
      and lack of testing

 -- Clement Oudot <clem@ltb-project.org>  Fri, 12 Jan 2018 12:00:00 +0200

ltb-project-self-service-password (1.1-1) unstable; urgency=low

    * gh#33: Posthook does not work with apostrophes
    * gh#38: Add Japanese translation
    * gh#40: Add missing variable $mail_wordwrap in config.inc.php
    * gh#41: Show all missing dependencies instead of one and fix color of message
    * gh#42: Fix $mail_sendmailpath in config was ignored because of a typo
    * gh#43: Fix bad link in hungarian translation
    * gh#47: Allow for longer salts
    * gh#48: Corrections proposed to index.php and pages/* files
    * gh#49: Fix the usage of rand instead of mt_rand
    * gh#50: Use fixed width icons
    * gh#51: Apache configuration in RPM package
    * gh#54: Reset password layout
    * gh#55: shadowExpire in LDAP
    * gh#58: Escape shell args with escapeshellarg for posthook command (fixes #33)
    * gh#59: Weak entropy for password generation
    * gh#60: Encryption without authentication
    * gh#61: Greek translation
    * gh#63: German translation
    * gh#64: Mail from ldap
    * gh#65: Mail signature
    * gh#66: Get Mail from LDAP
    * gh#67: Mail signature
    * gh#68: Swedish translation
    * gh#73: Dependency check for function ldap_modify_batch()
    * gh#74: session token with nginx
    * gh#75: SHA512 in password encryption
    * gh#76: Fixing Czech translation
    * gh#77: Improved IT translation
    * gh#78: Allow sending SMS through web-based API instead of Email2SMS Gateway
    * gh#79: Improved ES translation
    * gh#81: Allow self service of sshPublicKey attribute in LDAP
    * gh#82: PHPMailer security update
    * gh#85: mcrypt is outdated
    * gh#87: Get Travis tests working again on PHP 7
    * gh#89: Erreurs de Francais
    * gh#90: Update fr.inc.php
    * gh#91: Can email reset use AD user's FirstName, instead of login ID?
    * gh#92: Implements strong cryptography with defuse-crypto 2.0.3
    * gh#93: Add SHA512 password hashing
    * gh#94: Update phpmailer from v5.2.16 to v5.5.23
    * gh#95: Dependency check for function ldap_modify_batch()
    * gh#97: Add an easy way to override messages
    * gh#98: Bug in resetbytoken.php
    * gh#99: Force use of phpunit 5.7 if php >= 7.0 for travis testing
    * gh#100: Fixes for things pointed out after #81 was merged
    * gh#102: Fix for base64 encoded strings that contain '+'
    * gh#104: Fix invalid html in sendsms.php
    * gh#105: SSHKey update  Insufficient access
    * gh#106: Update zh-CN translation
    * gh#107: Sanitize Mobile Number retrieved from LDAP
    * gh#111: "Email" name in menu is confusing
    * gh#115: Force specific language?
    * gh#116: Add possibility to force use of a specific set of languages
    * gh#117: SSHA-256 support for ldap user password
    * gh#118: Fix hhvm on travis, update travis config
    * gh#120: Fix debian packages/repository for debian stretch
    * gh#121: Add popovers to explain menu links (cf. issue #111)
    * gh#126: proxy support for ReCaptcha
    * gh#128: Reset token validation issue
    * gh#130: recaptcha uses file_get_contents to retrive data
    * gh#131: Allow override of reCAPTCHA request method (cf. issue #130)
    * gh#132: Fix travis builds for php 7.0 and 7.1
    * gh#138: sendtoken.php send http instead of https
    * gh#142: Move $debug config to the top of the file
    * gh#143: Warn when key phrase is not set
    * gh#144: Invalid Token error
    * gh#148: Change key feature never notifies

 -- Clement Oudot <clem@ltb-project.org>  Fri, 01 Sep 2017 12:00:00 +0200

ltb-project-self-service-password (1.0-2) unstable; urgency=low

    * Fix packaging of lib/ directory

 -- Clement Oudot <clem@ltb-project.org>  Mon, 17 Oct 2016 12:00:00 +0200

ltb-project-self-service-password (1.0-1) unstable; urgency=low

    * gh#1: Use bootstrap CSS framework
    * gh#2: Typos in german language
    * gh#3: Czech language
    * gh#4: Case in-sensitive lookup e-mail address (When used with ldap/Windows AD)
    * gh#5: CRLF Issue when sending mail
    * gh#6: Hungarian translation
    * gh#7: Create tr.inc.php
    * gh#8: Add Ukrainian language support
    * gh#9: Full Spanish and Catalan translations
    * gh#10: Allow to define a custom reset URL
    * gh#11: Possibility to set a background image
    * gh#12: Add a menu
    * gh#13: NL language file addition (typos and duplicates removed)
    * gh#14: Update it.inc.php
    * gh#17: fix german translation of message nophpmbstring
    * gh#19: add prerequisite to readme
    * gh#20: Call to undefined function utf8_decode()
    * gh#21: Bad call to change_password in resetbytoken.php
    * gh#22: Remove dependency on php5 in Debian package
    * gh#23: SMS token always valid
    * gh#24: Reset by SMS token can be used to change another account password
    * gh#25: Update reCAPTCHA code
    * gh#26: request: facilitate by-email when SMTP auth is required
    * gh#28: Updated make_ad_password
    * gh#29: Use .conf extension for Apache configuration
    * gh#31: request: disable password change?
    * gh#32: Password policy - same as login
    * gh#34: Handle LDAP bind extended error format incompatibility with Samba4
    * gh#35: All empty forms display a warning message

 -- Clement Oudot <clem@ltb-project.org>  Fri, 14 Oct 2016 12:00:00 +0200

ltb-project-self-service-password (0.9-1) unstable; urgency=low

    * Bug #351: Allow binddn to be one that is not a manager
    * Bug #393: Warning in logs if no forbidden caracters defined
    * Bug #556: If password in Active Directory is expired, user cannot change their password
    * Bug #557: Duplicate index in spanish translation file
    * Bug #563: PHP Fatal error: Call to undefined function mb_internal_encoding()
    * Bug #571: Show policy above in resetByToken
    * Bug #611: Small typo in lang/en.inc.php
    * Bug #719: Add option for algorythm selection for crypt hashes
    * Bug #767: Adresse email with a + don’t match
    * Bug #776: self-service-password may fail to detect a samba account
    * Bug #787: Bug on password policy display in "resetbytoken"
    * Feature #381: Check mb_string extension
    * Feature #587: Slovak translation
    * Feature #595: Self Service Password translation for Portuguese (Portugal) pt-PT
    * Feature #627: Move supported languages to the config file
    * Feature #628: Corrections for german language
    * Feature #632: Simplified Chinese translation for self-service-password
    * Feature #640: New german translation
    * Feature #659: Partially hide mobile phone number, to prevent username to phone number lookups (privacy)
    * Feature #699: set hash type based on stored password
    * Feature #705: starttls functionality
    * Feature #714: Add some attibutes sambaSamAccount/shadowAccount
    * Feature #724: Self Service Password: custom hooks / external scripts
    * Feature #728: Slovenian translation
    * Feature #798: Change password as user in AD

 -- Clement Oudot <clem@ltb-project.org>  Thu, 8 Oct 2015 12:00:00 +0200

ltb-project-self-service-password (0.8-1) unstable; urgency=low

    * Bug #399: Mistakes in the English translation
    * Bug #479: Self-Service-Password in Sapnish
    * Bug #503: Typo in german language file "phpmhash"
    * Bug #515: reCaptcha does not use HTTPS
    * Feature #354: Send random generated password by SMS
    * Feature #359: Use hash() function instead of mhash() when possible
    * Feature #379: I'd like to add SSP to FreeBSD ports
    * Feature #452: Change samba password only if there is an
      objectClass=sambaSamAccount in the users profile
    * Feature #463: Set default action from configuration file
    * Feature #491: Group local password policy configs in an array to pass
      around
    * Feature #492: Add config to choose where show password policy
    * Feature #493: Brazilian portuguese translation/improvements
    * Feature #499: Add extra messages
    * Feature #504: Use CSS3 variable name
    * Feature #516: Russian translation
    * Feature #522: Italian translation
    * Feature #537: Detect all missing translation
    * Feature #538: Check login input string to prevent LDAP injection

 -- Clement Oudot <clem@ltb-project.org>  Sat, 20 Oct 2012 12:00:00 +0200

ltb-project-self-service-password (0.7-1) unstable; urgency=low

    * Bug #343: Crypt tokens needs php5-mcrypt
    * Bug #346: DIsabled accounts
    * Bug #347: PHP libraries test are bypassed
    * Bug #361: Self Service Password - wrong link in mail notification
    * Bug #362: Self Service Password - register an answer, error with date
    * Bug #378: Wrong mb_encode_mimeheader in send_mail function - SSP
    * Feature #329: automatic Language detection
    * Feature #330: Configuration for reCAPTCHA
    * Feature #340: Catalan translation
    * Feature #345: Account unlock
    * Feature #352: Add shadowLastChange configuration
    * Feature #358: Option to force password change in AD
    * Feature #376: Polish translation

 -- Clement Oudot <clem@ltb-project.org>  Wed, 21 Dec 2011 12:00:00 +0200

ltb-project-self-service-password (0.6-1) unstable; urgency=low

    * Bug #320: Token crypt function does not wotk with PHP 5.2 and inferior
    * Bug #322: Several PHP bugs and logging feature added (PATCH included)
    * Feature #310: Add a password complexity points check
    * Feature #311: Notify user by mail after password change
    * Feature #317: Set content-type header for mail
    * Feature #319: Change password with a mail challenge - add oprions -f to
      see correct FROM header
    * Feature #323: Added support for reCAPTCHA (patches included)

 -- Clement Oudot <clem@ltb-project.org>  Sat, 09 Apr 2011 12:00:00 +0200

ltb-project-self-service-password (0.5-1) unstable; urgency=low

    * Bug #273: Canoot change password on Active Directory
    * Bug #274: Cannot change password on Active Directory as user
    * Bug #276: Canot change AD Password as User or Manager
    * Bug #288: Problems with 'Reset your password with a mail challenge'
    * Bug #298: security issue in email password reset
    * Bug #300: Warning Ldap_get_dn
    * Bug #304: LDAP Tool Box
    * Bug #305: LDAP Tool Box
    * Bug #309: Password reset via email token fails to send in a parameter
    * Feature #272: Dutch translation
    * Feature #275: Added a couple of features
    * Feature #289: Delete token if password change is ok
    * Feature #290: Configure token lifetime
    * Feature #307: Token reset form should be hidden if token is missing or

 -- Clement Oudot <clem@ltb-project.org>  Sat, 09 Apr 2011 12:00:00 +0200

ltb-project-self-service-password (0.4-1) unstable; urgency=low

    * Bug #183: Corrected german translations
    * Bug #189: Accentued characters in passwords are not well managed
    * Bug #258: LTB advertises features even if not configured
    * Bug #269: Bad link to token page
    * Feature #146: Lost Password
    * Feature #178: Reject some special characters from passwords
    * Feature #181: Secret Question feature to reset/set your own password
    * Feature #185: Provide packages for SSP
    * Feature #186: Check special characters in password
    * Feature #207: Use separate files for language strings
    * Feature #233: Rewrite documentation
    * Feature #256: Display password policy details only on failures for authenticated users
    * Feature #259: Check that user doesn't reuse the same password
    * Feature #266: Add pt-BR lang

 -- Clement Oudot <clem@ltb-project.org>  Fri, 30 Jul 2010 12:00:00 +0200

