1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
|
lacme (0.8.0-2+deb11u2) bullseye; urgency=medium
* Backport upstream patches to fix fix post-issuance validation logic.
We avoid pining the intermediate certificates in the bundle and instead
validate the leaf certificate with intermediates supplied during issuance
as untrusted (used for chain building only). Only the root certificates
are used as trust anchor. Not pining intermediate certificates is in line
with Let's Encrypt's latest recommendations.
Closes: #1072847
* Adjust test suite against current Let's Encrypt staging environment.
-- Guilhem Moulin <guilhem@debian.org> Thu, 13 Jun 2024 19:19:07 +0200
lacme (0.8.0-2+deb11u1) bullseye; urgency=medium
* client: Handle "ready" → "processing" → "valid" status change during
newOrder, instead of just "ready" → "valid". The latter may be what we
observe when the server is fast enough, but according to RFC 8555 sec.
7.1.6 the state actually transitions via "processing" and we need to
account for that (closes: #1034834).
* d/gbp.conf: Set 'debian-branch = debian/bullseye'.
-- Guilhem Moulin <guilhem@debian.org> Fri, 28 Apr 2023 10:25:54 +0200
lacme (0.8.0-2) unstable; urgency=medium
* d/lacme.postrm: Don't delete system users on purge. There might be files
on disk owned by _lacme-client when 'challenge-directory' is set in the
configuration (closes: #988032).
-- Guilhem Moulin <guilhem@debian.org> Tue, 04 May 2021 01:37:13 +0200
lacme (0.8.0-1) unstable; urgency=low
* New upstream release (closes: #970458, #970800, #972456).
* The internal webserver now runs as a dedicated system user _lacme-www
(and group nogroup) instead of www-data:www-data. This is configurable
in the [webserver] section of the lacme(8) configuration file.
* The internal ACME client now runs as a dedicated system user _lacme-client
(and group nogroup) instead of nobody:nogroup. This is configurable in
the [client] section of the lacme(8) configuration file.
* The _lacme-www and _lacme-client system users are created automatically by
lacme.postinst (hence a new Depends: adduser), and deleted on purge. (So
make sure not to chown any file to these internal users.)
* d/control: New lacme-accountd Suggests: openssl, gpg (for account key
generation and decryption).
* Add d/upstream/signing-key.asc, the OpenPGP used to signed upstream tags.
* d/control: Bump Standards-Version to 4.5.1 (no changes necessary).
* Add d/watch pointing to the upstream repository.
* d/gbp.conf: Update upstream tag template.
* d/gbp.conf: Update debian and upstream branches in compliance with DEP-14.
* d/control: Point Vcs-* to salsa.
* Add debian/salsa-ci.yml file.
* d/.gitattributes: New file to merge d/changelog with dpkg-mergechangelogs.
* Add d/upstream/metadata with Repository and Repository-Browse.
* d/control: Remove libtypes-serialiser-perl from lacme's Depends.
* d/control: lacme now require openssl 1.1.0 or later.
* d/copyright: Bump copyright years.
* d/copyright: Point Source: to the upstream repository.
* d/control: lacme recommends lacme-accountd 0.8.0-1 or later.
* d/lacme.links: Remove /etc/apache2/conf-available/lacme.conf, now part of
the upstream build system.
* d/lacme.install: include new configuration files and snippets.
-- Guilhem Moulin <guilhem@debian.org> Mon, 22 Feb 2021 03:31:23 +0100
lacme (0.7-1) unstable; urgency=high
* New upstream release. Closes: #975862.
-- Guilhem Moulin <guilhem@debian.org> Thu, 26 Nov 2020 00:05:55 +0100
lacme (0.6.1-1) unstable; urgency=medium
* New upstream release. Closes: #955767, #966958.
+ Default listening socket for the webserver component is now
/run/lacme-www.socket. (It was previously under the legacy directory
/var/run.)
* debian/*: Adapt to new build system.
* debian/control: Bump debhelper compatibility level to 13.
-- Guilhem Moulin <guilhem@debian.org> Tue, 04 Aug 2020 01:43:05 +0200
lacme (0.6-3) unstable; urgency=medium
* New symlink /etc/apache2/conf-available/lacme.conf pointing to
/etc/lacme/apache2.conf for use with the a2enconf/a2disconf interface.
(Closes: #955859.)
* debian/*.{install,manpages}: Copy files from $DESTDIR (debian/tmp) not
from the source tree.
* debian/control:
+ Add "Rules-Requires-Root: no".
+ Add "debhelper-compat (= 12)" to Build-Depends.
+ Bump Standards-Version to 4.5.0 (no changes necessary).
* Rename debian/source.lintian-overrides to debian/source/lintian-overrides.
-- Guilhem Moulin <guilhem@debian.org> Sun, 05 Apr 2020 18:26:36 +0200
lacme (0.6-2) unstable; urgency=medium
* d/control: new dependency for lacme: libtimedate-perl. (It's currently a
reverse dependency of LWP, but we use it explicitly.)
-- Guilhem Moulin <guilhem@debian.org> Wed, 18 Sep 2019 15:41:03 +0200
lacme (0.6-1) unstable; urgency=medium
* New upstream release.
* d/control: Bump Standards-Version to 4.4.0 (no changes necessary).
* d/compat, d/control: Bump debhelper compatibility level to 12.
-- Guilhem Moulin <guilhem@debian.org> Wed, 21 Aug 2019 23:50:15 +0200
lacme (0.5-1) unstable; urgency=medium
* New upstream release, adding support for v2 ACME endpoints.
* Fix manpage generation with pandoc >=2.1. (Closes: #896982.)
* debian/control:
+ Bump Standards-Version to 4.1.4. No changes.
+ Build-depends: bump minimum pandoc version to 2.1.
+ Depends (lacme): add libtypes-serialiser-perl
-- Guilhem Moulin <guilhem@debian.org> Wed, 09 May 2018 14:17:19 +0200
lacme (0.4-1) unstable; urgency=medium
* Fix manpage generation with pandoc >=1.18. (Closes: #869885.)
-- Guilhem Moulin <guilhem@debian.org> Fri, 28 Jul 2017 00:24:06 +0200
lacme (0.3-1) unstable; urgency=low
* New upstream release.
* Provide apache2 and nginx configuration snippet in /etc/lacme.
* debian/control: Bump Standards-Version to 4.0.0. No changes.
-- Guilhem Moulin <guilhem@debian.org> Sun, 09 Jul 2017 00:41:23 +0200
lacme (0.2-1) unstable; urgency=low
* New upstream release.
* debian/control:
+ Promote lacme-accountd from lacme's Suggests to Recommends.
+ Bump Standards-Version to 3.9.8. No changes.
-- Guilhem Moulin <guilhem@guilhem.org> Mon, 05 Dec 2016 16:35:59 +0100
lacme (0.1-1) unstable; urgency=low
* Initial release. (Closes: #827357, #827358.)
-- Guilhem Moulin <guilhem@guilhem.org> Tue, 08 Dec 2015 18:58:20 +0100
|