diff -pruN 2.0.1+ds-2/changelog 2.0.2+ds-1/changelog --- 2.0.1+ds-2/changelog 2018-12-21 14:12:36.000000000 +0000 +++ 2.0.2+ds-1/changelog 2019-02-12 11:10:53.000000000 +0000 @@ -1,3 +1,47 @@ +lemonldap-ng (2.0.2) bionic; urgency=medium + + * Bugs: + * #1574: "Manager is unprotected" message when whatToTrace value is not the default + * #1603: Warnings with confirmation required don't work + * #1604: Manager unit tests randomly failed + * #1607: Safe errors when saving configuration with lmConfigEditor + * #1610: Unable to save empty value for cookie expiration time in Manager + * #1613: handler https redirection does not work + * #1614: Accents not well displayed in Portal + * #1618: Version in server signature is wrong + * #1623: ADPwdExpireWarning and ADPwdMaxAge parameters are missing in Manager + * #1627: Display issue with GrantSession plugin + * #1628: GrantSession plugin discloses its message to unlogged users + * #1630: SSO cookie is sent to protected applications with Nginx-based ReverseProxy + * #1636: SSL and Kerberos Auth Modules don t work with choice + * #1639: User must change password on AD is broken + * #1642: Unable to select skin from URL + * #1643: Portal CSS is sent with empty background when portalSkinBackground is not defined + * #1644: error while reseting password with ppolicy enabled + * #1648: ldapAuthnLevel and dbiAuthnLevel are ignored + * #1649: Error about Handler when saving configuration in lmConfigEditor + + * New features: + * #1569: GPG authentication module + * #1629: Email-based two-factor module + * #1631: Allow to display "env" as template variables + + * Improvements: + * #1486: Portal starts even if init() has failed + * #1600: Improve e2e tests + * #1601: Create LDAP option to decode DN value + * #1608: Date and comment not updated with lemonldap-ng-cli + * #1609: add autocomplete="off" to 2F form fields + * #1611: Improve apache configuration + * #1622: Display delete button in 2FAManager only if action is allowed + * #1625: "Use rule" option in issuer modules seem not to be used anymore + * #1633: Better random generation + * #1634: Improve management of template parameters + * #1635: SAML attribut default value is not set + * #1637: Add display options for SAML IDP like OIDC and CAS providers + + -- Clément Tue, 12 Feb 2019 08:57:14 +0100 + lemonldap-ng (2.0.1) artful; urgency=medium * Bugs: diff -pruN 2.0.1+ds-2/COPYING 2.0.2+ds-1/COPYING --- 2.0.1+ds-2/COPYING 2018-12-17 09:02:43.000000000 +0000 +++ 2.0.2+ds-1/COPYING 2019-02-04 09:52:16.000000000 +0000 @@ -109,7 +109,7 @@ License: CC-BY-NC-ND-3.0 or GFDL-1.3 Comment: downloaded from https://commons.wikimedia.org Files: lemonldap-ng-manager/site/htdocs/static/bwr/angular* -Copyright: 2010-2017, Google, Inc. https://angularjs.org +Copyright: 2010-2018, Google, Inc. https://angularjs.org License: Expat Files: lemonldap-ng-manager/site/htdocs/static/bwr/angular-bootstrap/* @@ -121,7 +121,7 @@ Copyright: 2014, unspecified License: Expat Files: lemonldap-ng-*/site/htdocs/static/bwr/bootstrap/* -Copyright: 2011-2016, Twitter Inc. +Copyright: 2011-2018, Twitter Inc. License: Expat Files: lemonldap-ng-portal/site/htdocs/static/bwr/crypto-js/* @@ -130,7 +130,7 @@ Copyright: 2009-2013 Jeff Mott License: Expat Files: lemonldap-ng-manager/site/htdocs/static/bwr/es5-shim/* -Copyright: 2009-2015, Kristopher Michael Kowal and contributors +Copyright: 2009-2015, contributors License: Expat Files: lemonldap-ng-manager/site/htdocs/static/bwr/file-saver.js/* diff -pruN 2.0.1+ds-2/debian/changelog 2.0.2+ds-1/debian/changelog --- 2.0.1+ds-2/debian/changelog 2019-01-19 11:32:57.000000000 +0000 +++ 2.0.2+ds-1/debian/changelog 2019-02-12 20:30:35.000000000 +0000 @@ -1,3 +1,12 @@ +lemonldap-ng (2.0.2+ds-1) unstable; urgency=medium + + * New upstream version 2.0.2+ds + * Refresh patches + * Update copyrights using upstream files + * Add libcrypt-urandom-perl and libipc-run-perl in dependencies + + -- Xavier Guimard Tue, 12 Feb 2019 21:30:35 +0100 + lemonldap-ng (2.0.1+ds-2) unstable; urgency=medium * Remove useless test (Closes: #919730) diff -pruN 2.0.1+ds-2/debian/control 2.0.2+ds-1/debian/control --- 2.0.1+ds-2/debian/control 2019-01-19 09:13:04.000000000 +0000 +++ 2.0.2+ds-1/debian/control 2019-02-12 20:22:09.000000000 +0000 @@ -15,6 +15,7 @@ Build-Depends-Indep: libapache-session-p libconvert-pem-perl, libcrypt-openssl-rsa-perl, libcrypt-openssl-x509-perl, + libcrypt-urandom-perl, libcrypt-rijndael-perl, libcrypt-u2f-server-perl, libdbd-sqlite3-perl, @@ -27,6 +28,7 @@ Build-Depends-Indep: libapache-session-p libhtml-template-perl, libimage-magick-perl, libio-string-perl, + libipc-run-perl, libjson-perl, liblasso-perl, libmime-tools-perl, @@ -200,6 +202,7 @@ Depends: ${misc:Depends}, libconfig-inifiles-perl, libcrypt-openssl-rsa-perl, libcrypt-openssl-x509-perl, + libcrypt-urandom-perl, libcrypt-rijndael-perl, libhtml-template-perl, libjson-perl, @@ -282,6 +285,7 @@ Depends: ${misc:Depends}, Recommends: libcrypt-openssl-bignum-perl, libconvert-base32-perl, libemail-sender-perl (>=1.300027) | libemail-sender-transport-smtps-perl, + libipc-run-perl, libgd-securityimage-perl, libmime-tools-perl, libnet-ldap-perl, diff -pruN 2.0.1+ds-2/debian/copyright 2.0.2+ds-1/debian/copyright --- 2.0.1+ds-2/debian/copyright 2018-12-06 19:30:00.000000000 +0000 +++ 2.0.2+ds-1/debian/copyright 2019-02-12 20:22:09.000000000 +0000 @@ -114,6 +114,8 @@ Copyright: Public Domain License: Simple-Geo Comment: downloaded from https://commons.wikimedia.org/wiki/File:LinkedIn_logo_initials.png + . + Author is unknown and license may be W3C or public-domain Files: lemonldap-ng-portal/site/htdocs/static/bootstrap/u2f.png Copyright: Bautsch diff -pruN 2.0.1+ds-2/debian/patches/Avoid-developer-tests.patch 2.0.2+ds-1/debian/patches/Avoid-developer-tests.patch --- 2.0.1+ds-2/debian/patches/Avoid-developer-tests.patch 2018-12-02 13:36:54.000000000 +0000 +++ 2.0.2+ds-1/debian/patches/Avoid-developer-tests.patch 2019-02-12 20:22:09.000000000 +0000 @@ -11,7 +11,7 @@ Last-Update: 2016-12-26 +use Test::More skip_all => 'Heavy developer tests'; use JSON; use MIME::Base64; - + use Data::Dumper; --- a/lemonldap-ng-handler/t/61-Lemonldap-NG-Handler-PSGI-Server.t +++ b/lemonldap-ng-handler/t/61-Lemonldap-NG-Handler-PSGI-Server.t @@ -1,4 +1,4 @@ diff -pruN 2.0.1+ds-2/debian/patches/javascript-path.patch 2.0.2+ds-1/debian/patches/javascript-path.patch --- 2.0.1+ds-2/debian/patches/javascript-path.patch 2018-12-02 13:36:54.000000000 +0000 +++ 2.0.2+ds-1/debian/patches/javascript-path.patch 2019-02-12 20:22:09.000000000 +0000 @@ -5,7 +5,7 @@ Last-Update: 2018-10-30 --- a/_example/etc/manager-nginx.conf +++ b/_example/etc/manager-nginx.conf -@@ -50,8 +50,8 @@ +@@ -59,8 +59,8 @@ # DEBIAN # If install was made with USEDEBIANLIBS (official releases), uncomment this @@ -19,7 +19,7 @@ Last-Update: 2018-10-30 } --- a/_example/etc/portal-nginx.conf +++ b/_example/etc/portal-nginx.conf -@@ -69,7 +69,7 @@ +@@ -78,7 +78,7 @@ # DEBIAN # If install was made with USEDEBIANLIBS (official releases), uncomment this diff -pruN 2.0.1+ds-2/debian/patches/remove-useless-test.patch 2.0.2+ds-1/debian/patches/remove-useless-test.patch --- 2.0.1+ds-2/debian/patches/remove-useless-test.patch 2019-01-19 09:02:18.000000000 +0000 +++ 2.0.2+ds-1/debian/patches/remove-useless-test.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,27 +0,0 @@ -Description: remove useless test - `file` output has changed, tis test fails now -Author: Xavier Guimard -Origin: upstream, https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/commit/774137e5fd85d3c1cdeca842e28e4687f14dc670 -Bug-Debian: https://bugs.debian.org/919730 -Forwarded: not-needed -Last-Update: 2019-01-19 - ---- a/lemonldap-ng-common/t/02-Common-Conf-File.t -+++ b/lemonldap-ng-common/t/02-Common-Conf-File.t -@@ -43,16 +43,6 @@ - ok( $h->store( $test[$i] ) == 1, "Test $i is stored" ) - or print STDERR "$Lemonldap::NG::Common::Conf::msg $!"; - $count++; -- if ( -x '/usr/bin/file' ) { -- eval { -- open F, 'file t/lmConf-1.json |'; -- $_ = join( '', ); -- close F; -- ok( /(ascii|utf-?8)/si, "File is $1 encoded" ) -- or print STDERR "Result: $_\n"; -- $count++; -- }; -- } - my $cfg; - ok( $cfg = $h->load(1), "Test $i can be read" ) - or print STDERR $Lemonldap::NG::Common::Conf::msg; diff -pruN 2.0.1+ds-2/debian/patches/series 2.0.2+ds-1/debian/patches/series --- 2.0.1+ds-2/debian/patches/series 2019-01-19 08:59:52.000000000 +0000 +++ 2.0.2+ds-1/debian/patches/series 2019-02-12 20:22:09.000000000 +0000 @@ -1,3 +1,2 @@ javascript-path.patch Avoid-developer-tests.patch -remove-useless-test.patch diff -pruN 2.0.1+ds-2/doc/pages/documentation/current/applications/alfresco.html 2.0.2+ds-1/doc/pages/documentation/current/applications/alfresco.html --- 2.0.1+ds-2/doc/pages/documentation/current/applications/alfresco.html 2018-12-21 14:21:11.000000000 +0000 +++ 2.0.2+ds-1/doc/pages/documentation/current/applications/alfresco.html 2019-02-12 16:28:08.000000000 +0000 @@ -210,9 +210,9 @@ Set the default rule to what you need. Other rules:

    -
  • Unprotect access to some resources: ^/share/res ⇒ unprotect
    +
  • Unprotect access to some resources: ^/share/res => unprotect
    • -
  • Catch logout: ^/share/page/dologout ⇒ logout_app_sso
    +
  • Catch logout: ^/share/page/dologout => logout_app_sso
diff -pruN 2.0.1+ds-2/doc/pages/documentation/current/applications/aws.html 2.0.2+ds-1/doc/pages/documentation/current/applications/aws.html --- 2.0.1+ds-2/doc/pages/documentation/current/applications/aws.html 2018-12-21 14:21:11.000000000 +0000 +++ 2.0.2+ds-1/doc/pages/documentation/current/applications/aws.html 2019-02-12 16:28:08.000000000 +0000 @@ -60,13 +60,13 @@
  • Go to https://your.portal.com/saml/metadata and save the resulting file locally.
    • -
  • In each AWS account, go to IAM → Identity providers → Create Provider.
    +
  • In each AWS account, go to IAM -> Identity providers -> Create Provider.
  • Select SAML as the provider type
  • Choose a name (best if kept consistent between accounts), and then choose the metadata file you saved above.
    • -
  • Looking again at the links on the left side of the page, go to Roles → Create role
    +
  • Looking again at the links on the left side of the page, go to Roles -> Create role
  • Choose SAML / Saml 2.0 federation
    • @@ -92,15 +92,15 @@ similar, using whatever attribute makes ou: root
      -
    • Assuming you use the web interface to manage lemonldap, go to General Parameters → Authentication parameters → LDAP parameters → Exported variables. Here set the key to the LDAP attribute and the value to something sensible. I keep them the same to make it easy.
      +
    • Assuming you use the web interface to manage lemonldap, go to General Parameters -> Authentication parameters -> LDAP parameters -> Exported variables. Here set the key to the LDAP attribute and the value to something sensible. I keep them the same to make it easy.
      • -
    • Now go to *Variables → Macros*. Here set up variables which will be computed based on the attributes you exported above. You will need to emit strings in this format arn:aws:iam::account-number:role/role-name1,arn:aws:iam::account-number:saml-provider/provider-name. The parts you need to change are account-number, role-name1 and provier-name. The last two will be the provider name and role names you just set up in AWS.
      +
    • Now go to *Variables -> Macros*. Here set up variables which will be computed based on the attributes you exported above. You will need to emit strings in this format arn:aws:iam::account-number:role/role-name1,arn:aws:iam::account-number:saml-provider/provider-name. The parts you need to change are account-number, role-name1 and provier-name. The last two will be the provider name and role names you just set up in AWS.
      • -
    • Perl works in here, so something like this is valid: aws_eu_role$ou =~ sysadmin ? “arn:aws…” : “arn:…”
      +
    • Perl works in here, so something like this is valid: aws_eu_role -> $ou =~ sysadmin ? “arn:aws...” : “arn:...”
      • -
    • If it easier, split multiple roles into different macros. Then tie all the variables you define together into one string concatenating them with whatever is in General Parameters → Advanced Parameters → Separator. Actually click into this field and move around with the arrow keys to see if there is a space, since spaces can be part of the separator.
      +
    • If it easier, split multiple roles into different macros. Then tie all the variables you define together into one string concatenating them with whatever is in General Parameters -> Advanced Parameters -> Separator. Actually click into this field and move around with the arrow keys to see if there is a space, since spaces can be part of the separator.
      • -
    • Remember macros are defined alphanumerically, so you want one right at the end, like z_aws_rolesjoin(“; ”, $role_name1, $role_name2, …)
      +
    • Remember macros are defined alphanumerically, so you want one right at the end, like z_aws_roles -> join(“; ”, $role_name1, $role_name2, ...)
    • On the left again, click SAML service providers, then Add SAML SP.
      • @@ -108,15 +108,15 @@ similar, using whatever attribute makes
    • Click Exported attributes on the left, then Add attribute twice to add two attributes. The first field is the name of a variable set in the user's session:
      • -
    • On the left, select Options → Security → Enable use of IDP initiated URL → On
      +
    • On the left, select Options -> Security -> Enable use of IDP initiated URL -> On
      • -
    • Select General Parameters → Portal → Menu → Categories and applications
      +
    • Select General Parameters -> Portal -> Menu -> Categories and applications
    • Select a category or create a new one if you need to. Then click New application.
      • diff -pruN 2.0.1+ds-2/doc/pages/documentation/current/applications/gitlab.html 2.0.2+ds-1/doc/pages/documentation/current/applications/gitlab.html --- 2.0.1+ds-2/doc/pages/documentation/current/applications/gitlab.html 2018-12-21 14:21:11.000000000 +0000 +++ 2.0.2+ds-1/doc/pages/documentation/current/applications/gitlab.html 2019-02-12 16:28:08.000000000 +0000 @@ -154,11 +154,11 @@ You can get Gitlab LL::NG and send these SAML attributes:

        -
      • mail ⇒ email
        +
      • mail => email
        • -
      • uid ⇒ uid
        +
      • uid => uid
        • -
      • cn ⇒ name
        +
      • cn => name
      The value from LL::NG mail session attribute must be the email of the user in Gitlab database, in order to associate accounts. @@ -182,7 +182,7 @@ You can pass groups to Gitlab. For this, And in LL::NG, export the groups attribute:

        -
      • groups ⇒ groups
        +
      • groups => groups
      diff -pruN 2.0.1+ds-2/doc/pages/documentation/current/applications/glpi.html 2.0.2+ds-1/doc/pages/documentation/current/applications/glpi.html --- 2.0.1+ds-2/doc/pages/documentation/current/applications/glpi.html 2018-12-21 14:21:11.000000000 +0000 +++ 2.0.2+ds-1/doc/pages/documentation/current/applications/glpi.html 2019-02-12 16:28:08.000000000 +0000 @@ -57,7 +57,7 @@

      -GLPI is the Information Resource-Manager with an additional Administration- Interface. You can use it to build up a database with an inventory for your company (computer, software, printers…). It has enhanced functions to make the daily life for the administrators easier, like a job-tracking-system with mail-notification and methods to build a database with basic information about your network-topology. +GLPI is the Information Resource-Manager with an additional Administration- Interface. You can use it to build up a database with an inventory for your company (computer, software, printers...). It has enhanced functions to make the daily life for the administrators easier, like a job-tracking-system with mail-notification and methods to build a database with basic information about your network-topology.

      diff -pruN 2.0.1+ds-2/doc/pages/documentation/current/applications/grr.html 2.0.2+ds-1/doc/pages/documentation/current/applications/grr.html --- 2.0.1+ds-2/doc/pages/documentation/current/applications/grr.html 2018-12-21 14:21:11.000000000 +0000 +++ 2.0.2+ds-1/doc/pages/documentation/current/applications/grr.html 2019-02-12 16:28:08.000000000 +0000 @@ -115,9 +115,9 @@ GRR will check the username in REMOTE_US Access rules:

        -
      • ^/index.php ⇒ accept
        +
      • ^/index.php => accept
        • -
      • default ⇒ unprotect
        +
      • default => unprotect
      diff -pruN 2.0.1+ds-2/doc/pages/documentation/current/applications/img/icons.png 2.0.2+ds-1/doc/pages/documentation/current/applications/img/icons.png --- 2.0.1+ds-2/doc/pages/documentation/current/applications/img/icons.png 2018-12-21 14:20:06.000000000 +0000 +++ 2.0.2+ds-1/doc/pages/documentation/current/applications/img/icons.png 2019-02-12 16:27:00.000000000 +0000 @@ -23,10 +23,10 @@ - + - +