Merge branch 'v2.0'
This commit is contained in:
commit
781c9b0a8b
|
@ -31,7 +31,7 @@ Installation and configuration
|
|||
- `Version 2.0 </documentation/2.0/>`__ (stable)
|
||||
- `Version 1.9 </documentation/1.9/>`__ (oldstable)
|
||||
|
||||
- Archived versions (unmaintained by `LLNG Team </team>`__ )
|
||||
- Archived versions (unmaintained by LLNG Team )
|
||||
|
||||
- `Version 1.4 </documentation/1.4/>`__
|
||||
- `Version 1.3 </documentation/1.3/>`__
|
||||
|
@ -53,20 +53,22 @@ Debian
|
|||
Following Debian Policy, LLNG packages are never upgraded in published distributions. However, security patches are backported by maintenance teams *(except some inor ones)*.
|
||||
See `Security tracker <https://security-tracker.debian.org/tracker/source-package/lemonldap-ng>`__
|
||||
|
||||
=========== ======================== ======================================== ===================================================== ============================================================ =============================== =============================================================
|
||||
Debian dist LLNG version Secured Maintenance LTS Limit `Extended LTS <https://wiki.debian.org/LTS/Extended>`__ Limit
|
||||
=========== ======================== ======================================== ===================================================== ============================================================ =============================== =============================================================
|
||||
*6* *Squeeze* *0.9.4.1* |maybe| No known vulnerability *None* *February 2016* *April 2019*
|
||||
**7** Wheezy `1.1.2 </documentation/1.1/>`__ |maybe| No known vulnerability **None** [1]_ May 2018 Probably 2021
|
||||
**8** Jessie `1.3.3 </documentation/1.3/>`__ |clean| CVE-2019-19791 tagged as minor **None** [1]_ June 2020 Probably 2023
|
||||
**9** Stretch `1.9.7 </documentation/1.9/>`__ |clean| CVE-2019-19791 tagged as minor `Debian LTS Team <https://www.debian.org/lts/>`__ June 2022
|
||||
\ *Stretch-backports* `2.0.2 </documentation/2.0/>`__ |bad| CVE-2019-12046, CVE-2019-13031, CVE-2019-15941 *None* *June 2019*
|
||||
\ Stretch-backports-sloppy `2.0.11 </documentation/2.0/>`__ |maybe| *Maybe none*, "best effort" [3]_ Until Debian 11 release [4]_
|
||||
**10** Buster `2.0.2 </documentation/2.0/>`__ |clean| CVE-2019-19791 tagged as minor `Debian Security Team <https://security-team.debian.org/>`__ Probably July 2024
|
||||
\ Buster-backports `2.0.11 </documentation/2.0/>`__ |clean| `LLNG Team </team>`, "best effort" [3]_ Until Debian 11 release [4]_
|
||||
\ Bullseye `2.0.11 </documentation/2.0/>`__ |clean| `Debian Security Team <https://security-team.debian.org/>`__ Probably July 2026
|
||||
**Next** Testing Latest [5]_ |clean| `LLNG Team </team>`__
|
||||
=========== ======================== ======================================== ===================================================== ============================================================ =============================== =============================================================
|
||||
=========== ========================== ======================================== ===================================================== ============================================================ =============================== =============================================================
|
||||
Debian dist LLNG version Secured Maintenance LTS Limit `Extended LTS <https://wiki.debian.org/LTS/Extended>`__ Limit
|
||||
=========== ========================== ======================================== ===================================================== ============================================================ =============================== =============================================================
|
||||
*6* *Squeeze* *0.9.4.1* |maybe| No known vulnerability *None* *February 2016* *April 2019*
|
||||
*7* *Wheezy* `1.1.2 </documentation/1.1/>`__ |maybe| No known vulnerability *None* *May 2018* *June 2020*
|
||||
**8** Jessie `1.3.3 </documentation/1.3/>`__ |clean| CVE-2019-19791 tagged as minor **None** [1]_ June 2020 June 2022
|
||||
**9** Stretch `1.9.7 </documentation/1.9/>`__ |clean| CVE-2019-19791 tagged as minor `Debian LTS Team <https://www.debian.org/lts/>`__ June 2022 Probably 2024
|
||||
\ *Stretch-backports* `2.0.2 </documentation/2.0/>`__ |bad| CVE-2019-12046, CVE-2019-13031, CVE-2019-15941 *None* *June 2019*
|
||||
\ *Stretch-backports-sloppy* `2.0.11 </documentation/2.0/>`__ |maybe| *None* *August 2021*
|
||||
**10** Buster `2.0.2 </documentation/2.0/>`__ |clean| CVE-2019-19791 tagged as minor `Debian Security Team <https://security-team.debian.org/>`__ June 2024 Probably 2026
|
||||
\ *Buster-backports* `2.0.11 </documentation/2.0/>`__ |clean| *None* *August 2021*
|
||||
\ Buster-backports-sloppy `2.0.11 </documentation/2.0/>`__ |clean| LLNG Team, "best effort" [3]_ Until Debian 12 release [4]_
|
||||
**11** Bullseye `2.0.11 </documentation/2.0/>`__ |clean| `Debian Security Team <https://security-team.debian.org/>`__ July 2026 Probably 2028
|
||||
\ Bullseye-backports `2.0.11 </documentation/2.0/>`__ |clean| LLNG Team, "best effort" [3]_ Until Debian 12 release [4]_
|
||||
**Next** Testing/Unstable Latest [5]_ |clean| LLNG Team
|
||||
=========== ========================== ======================================== ===================================================== ============================================================ =============================== =============================================================
|
||||
|
||||
See `Debian Security
|
||||
Tracker <https://security-tracker.debian.org/tracker/source-package/lemonldap-ng>`__
|
||||
|
@ -142,7 +144,7 @@ Other
|
|||
backports are not covered by Debian Security Policy
|
||||
|
||||
.. [4]
|
||||
around September 2021
|
||||
around July 2023
|
||||
|
||||
.. [5]
|
||||
few days after release
|
||||
|
|
|
@ -43,19 +43,52 @@ Security
|
|||
Portal templates changes
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
If you customized the HTML mail content, you must update them to use HTML::Template variables (this was changed to fix XSS injections).
|
||||
Email templates
|
||||
^^^^^^^^^^^^^^^
|
||||
|
||||
For session variables, replace for example ``$cn`` by ``<TMPL_VAR NAME="session_cn" ESCAPE=HTML>``, and for other variables, replace for example ``$url`` by ``<TMPL_VAR NAME="url" ESCAPE=HTML>``.
|
||||
If you customized the HTML email templates, you must update them to use HTML::Template variables (this was changed to fix XSS injections).
|
||||
|
||||
Some changes have been made to include new plugins (FindUser and CheckDevOps), you need to report them only if you have a custom theme and you want to use these plugins
|
||||
In the following files: ``mail_2fcode.tpl`` ``mail_certificateReset.tpl`` ``mail_footer.tpl`` ``mail_password.tpl`` ``mail_register_done.tpl`` ``mail_certificateConfirm.tpl`` ``mail_confirm.tpl`` ``mail_header.tpl`` ``mail_register_confirm.tpl``
|
||||
|
||||
Replace the following variables:
|
||||
|
||||
|
||||
.. list-table::
|
||||
:header-rows: 1
|
||||
|
||||
* - Old syntax
|
||||
- New syntax
|
||||
* - ``$code``
|
||||
- ``<TMPL_VAR NAME="code" ESCAPE=HTML>``
|
||||
* - ``$url``
|
||||
- ``<TMPL_VAR NAME="url" ESCAPE=HTML>``
|
||||
* - ``$login``
|
||||
- ``<TMPL_VAR NAME="login" ESCAPE=HTML>``
|
||||
* - ``$password``
|
||||
- ``<TMPL_VAR NAME="password" ESCAPE=HTML>``
|
||||
* - ``$firstname``
|
||||
- ``<TMPL_VAR NAME="firstname" ESCAPE=HTML>``
|
||||
* - ``$lastname``
|
||||
- ``<TMPL_VAR NAME="lastname" ESCAPE=HTML>``
|
||||
|
||||
Replace all other variables such as ``$cn`` by ``<TMPL_VAR NAME="session_cn" ESCAPE=HTML>``.
|
||||
|
||||
Login form
|
||||
^^^^^^^^^^
|
||||
To benefit from the new feature allowing to show password on login form, adapt ``standardform.tpl`` (see `changes <https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/bdeb1e70d98ddc89316b0912d9d5ee6d11d0bee5#fbbcec1fdc36cc042eeaa83274a32ef2231fe977_23_23>`__)
|
||||
|
||||
To disable password store in browser when changing password (this was already possible for login form), adapt ``password.tpl`` (see `changes <https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/466b6a3241fff5013d27b3dd22982e5e26ed7dfb#0ae060b3d1e289f08f510c268ed72de5dcafe425_36_35>`__)
|
||||
|
||||
To fix placeholder display in password field when password store is disabled in browser, adapt ``password.tpl`` (see `changes <https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/547d80985290495d33ed72a388e9ddf482980354#fbbcec1fdc36cc042eeaa83274a32ef2231fe977_21_20>`__)
|
||||
|
||||
See also "Simplification of TOTP options" below.
|
||||
TOTP
|
||||
^^^^
|
||||
See also `Simplification of TOTP options`_ below.
|
||||
|
||||
FindUser, CheckDevOps templates
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
Some changes have been made to include new plugins (FindUser and CheckDevOps), you need to report them only if you have a custom theme and you want to use these plugins
|
||||
|
||||
Client Credential sessions missing expiration time
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
|
|
@ -144,8 +144,7 @@ for my $options (@backends) {
|
|||
next if ( $options->{backend} eq "Apache::Session::Memcached" );
|
||||
my @t;
|
||||
if ( $options->{backend}->can('deleteIfLowerThan') ) {
|
||||
next
|
||||
if $options->{backend}->deleteIfLowerThan(
|
||||
my ( $success, $rows ) = $options->{backend}->deleteIfLowerThan(
|
||||
$options,
|
||||
{
|
||||
not => { '_session_kind' => 'Persistent' },
|
||||
|
@ -158,7 +157,14 @@ for my $options (@backends) {
|
|||
)
|
||||
}
|
||||
}
|
||||
);
|
||||
);
|
||||
|
||||
if ($success) {
|
||||
if ($rows) {
|
||||
$nb_purged += $rows;
|
||||
}
|
||||
next;
|
||||
}
|
||||
}
|
||||
|
||||
# Get all expired sessions
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
<!-- //endif -->
|
||||
|
||||
<div class="form-group">
|
||||
<img class="renewcaptchaclick" src="<TMPL_VAR NAME="STATIC_PREFIX">common/icons/arrow_refresh.png" alt="Renew Captcha" title="Renew Captcha" class="img-thumbnail mb-3" />
|
||||
<img class="renewcaptchaclick" src="<TMPL_VAR NAME="STATIC_PREFIX">common/icons/arrow_refresh.png" alt="Renew Captcha" title="Renew Captcha" class="img-thumbnail mb-3" autocomplete="one-time-code" />
|
||||
<img id="captcha" src="<TMPL_VAR NAME=CAPTCHA_SRC>" class="img-thumbnail" />
|
||||
</div>
|
||||
<div class="input-group mb-3">
|
||||
|
|
|
@ -25,7 +25,7 @@
|
|||
<div class="input-group-prepend">
|
||||
<span class="input-group-text"><label for="mailfield" class="mb-0"><i class="fa fa-envelope"></i></label></span>
|
||||
</div>
|
||||
<input id="mailfield" name="mail" type="text" value="<TMPL_VAR NAME="MAIL">" class="form-control" trplaceholder="mail" required />
|
||||
<input id="mailfield" name="mail" type="text" value="<TMPL_VAR NAME="MAIL">" class="form-control" trplaceholder="mail" required />
|
||||
</div>
|
||||
|
||||
<TMPL_IF NAME=CAPTCHA_SRC>
|
||||
|
|
|
@ -33,7 +33,7 @@
|
|||
<input type="hidden" name="token" value="<TMPL_VAR NAME="TOKEN">" />
|
||||
</TMPL_IF>
|
||||
<TMPL_IF NAME="DOWNLOAD">
|
||||
<input id="urlfield" name="url" type="text" class="form-control" value="<TMPL_VAR NAME="URL">" trplaceholder="URL / DNS" aria-required="true"/>
|
||||
<input id="urlfield" name="url" type="text" class="form-control" value="<TMPL_VAR NAME="URL">" trplaceholder="URL / DNS" aria-required="true" autocomplete="url" />
|
||||
<pre><textarea id="checkDevOpsFile" name="checkDevOpsFile" class="form-control rounded-1" rows="6" trplaceholder="pasteHere"><TMPL_VAR NAME="FILE"></textarea></pre>
|
||||
<TMPL_ELSE>
|
||||
<pre><textarea id="checkDevOpsFile" name="checkDevOpsFile" class="form-control rounded-1" rows="6" trplaceholder="pasteHere" required><TMPL_VAR NAME="FILE"></textarea></pre>
|
||||
|
|
|
@ -17,7 +17,7 @@
|
|||
<div class="input-group-prepend">
|
||||
<span class="input-group-text"><label for="urlfield" class="mb-0"><i class="fa fa-link"></i></label></span>
|
||||
</div>
|
||||
<input id="urlfield" name="url" type="text" class="form-control" value="<TMPL_VAR NAME="URL">" trplaceholder="URL / DNS" aria-required="true"/>
|
||||
<input id="urlfield" name="url" type="text" class="form-control" value="<TMPL_VAR NAME="URL">" trplaceholder="URL / DNS" aria-required="true" autocomplete="url" />
|
||||
</div>
|
||||
<button type="submit" class="btn btn-success">
|
||||
<span class="fa fa-search"></span>
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
<div class="input-group-prepend">
|
||||
<span class="input-group-text"><label for="userfield" class="mb-0"><i class="fa fa-user"></i></label></span>
|
||||
</div>
|
||||
<input id="userfield" name="user" type="text" class="form-control" value="<TMPL_VAR NAME="LOGIN">" trplaceholder="mail" required aria-required="true"/>
|
||||
<input id="userfield" name="user" type="text" class="form-control" value="<TMPL_VAR NAME="LOGIN">" trplaceholder="mail" required aria-required="true" />
|
||||
</div>
|
||||
|
||||
<div class="input-group mb-3">
|
||||
|
|
|
@ -23,21 +23,21 @@
|
|||
<div class="input-group-prepend">
|
||||
<span class="input-group-text"><label for="firstnamefield" class="mb-0"><i class="fa fa-user"></i></label></span>
|
||||
</div>
|
||||
<input id="firstnamefield" name="firstname" type="text" value="<TMPL_VAR NAME="FIRSTNAME">" class="form-control" trplaceholder="firstName" required aria-required="true"/>
|
||||
<input id="firstnamefield" name="firstname" type="text" value="<TMPL_VAR NAME="FIRSTNAME">" class="form-control" trplaceholder="firstName" required aria-required="true" autocomplete="given-name" />
|
||||
</div>
|
||||
|
||||
<div class="input-group mb-3">
|
||||
<div class="input-group-prepend">
|
||||
<span class="input-group-text"><label for="lastnamefield" class="mb-0"><i class="fa fa-user"></i></label></span>
|
||||
</div>
|
||||
<input id="lastnamefield" name="lastname" type="text" value="<TMPL_VAR NAME="LASTNAME">" class="form-control" trplaceholder="lastName" required aria-required="true"/>
|
||||
<input id="lastnamefield" name="lastname" type="text" value="<TMPL_VAR NAME="LASTNAME">" class="form-control" autocomplete="family-name" trplaceholder="lastName" required aria-required="true"/>
|
||||
</div>
|
||||
|
||||
<div class="input-group mb-3">
|
||||
<div class="input-group-prepend">
|
||||
<span class="input-group-text"><label for="mailfield" class="mb-0"><i class="fa fa-envelope"></i></label></span>
|
||||
</div>
|
||||
<input id="mailfield" name="mail" type="text" value="<TMPL_VAR NAME="MAIL">" class="form-control" trplaceholder="mail" required aria-required="true"/>
|
||||
<input id="mailfield" name="mail" type="text" value="<TMPL_VAR NAME="MAIL">" class="form-control" trplaceholder="mail" required aria-required="true" />
|
||||
</div>
|
||||
|
||||
<TMPL_IF NAME=CAPTCHA_SRC>
|
||||
|
|
|
@ -41,7 +41,7 @@ SKIP: {
|
|||
' Captcha image inserted' );
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m#<img class="renewcaptchaclick" src="/static/common/icons/arrow_refresh.png" alt="Renew Captcha" title="Renew Captcha" class="img-thumbnail mb-3" />#,
|
||||
m#<img class="renewcaptchaclick" src="/static/common/icons/arrow_refresh.png"#,
|
||||
' Renew Captcha button found'
|
||||
) or explain( $res->[2]->[0], 'Renew captcha button not found' );
|
||||
ok( $res->[2]->[0] =~ /captcha\.(?:min\.)?js/, 'Get captcha javascript' );
|
||||
|
|
|
@ -134,7 +134,7 @@ m%<input[^>]*name="password"%,
|
|||
' New captcha image inserted' );
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m#<img class="renewcaptchaclick" src="/static/common/icons/arrow_refresh.png" alt="Renew Captcha" title="Renew Captcha" class="img-thumbnail mb-3" />#,
|
||||
m#<img class="renewcaptchaclick" src="/static/common/icons/arrow_refresh.png" alt="Renew Captcha" title="Renew Captcha" class="img-thumbnail mb-3" autocomplete="one-time-code" />#,
|
||||
' Renew Captcha button found'
|
||||
) or explain( $res->[2]->[0], 'Renew captcha button not found' );
|
||||
ok( $res->[2]->[0] =~ /captcha\.(?:min\.)?js/, 'Get captcha javascript' );
|
||||
|
|
|
@ -62,7 +62,7 @@ s/^.*token=([^&]+).*$/token=$1&firstname=who&lastname=doctor&mail=dwho%40badwolf
|
|||
) or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m#<img class="renewcaptchaclick" src="/static/common/icons/arrow_refresh.png" alt="Renew Captcha" title="Renew Captcha" class="img-thumbnail mb-3" />#,
|
||||
m#<img class="renewcaptchaclick" src="/static/common/icons/arrow_refresh.png"#,
|
||||
' Renew Captcha button found'
|
||||
) or explain( $res->[2]->[0], 'Renew captcha button not found' );
|
||||
ok( $res->[2]->[0] =~ /captcha\.(?:min\.)?js/, 'Get captcha javascript' );
|
||||
|
|
|
@ -69,7 +69,7 @@ m%<a class="btn btn-secondary" href="http://auth.example.com/resetpwd\?skin=boot
|
|||
) or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m#<img class="renewcaptchaclick" src="/static/common/icons/arrow_refresh.png" alt="Renew Captcha" title="Renew Captcha" class="img-thumbnail mb-3" />#,
|
||||
m#<img class="renewcaptchaclick" src="/static/common/icons/arrow_refresh.png"#,
|
||||
' Renew Captcha button found'
|
||||
) or explain( $res->[2]->[0], 'Renew captcha button not found' );
|
||||
ok( $res->[2]->[0] =~ /captcha\.(?:min\.)?js/, 'Get captcha javascript' );
|
||||
|
|
|
@ -124,7 +124,7 @@ count(1);
|
|||
expectForm( $res, undef, '/checkuser', 'user', 'url' );
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%<input id="urlfield" name="url" type="text" class="form-control" value="http://test1.example.com" trplaceholder="URL / DNS"%,
|
||||
m%<input id="urlfield" name="url" type="text" class="form-control" value="http://test1.example.com" trplaceholder="URL / DNS" aria-required="true" autocomplete="url" />%,
|
||||
'Found HTTP url'
|
||||
) or explain( $res->[2]->[0], 'HTTP url' );
|
||||
ok(
|
||||
|
@ -224,7 +224,7 @@ ok(
|
|||
expectForm( $res, undef, '/checkuser', 'user', 'url' );
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%<input id="urlfield" name="url" type="text" class="form-control" value="https://test2.example.com" trplaceholder="URL / DNS"%,
|
||||
m%<input id="urlfield" name="url" type="text" class="form-control" value="https://test2.example.com" trplaceholder="URL / DNS" aria-required="true" autocomplete="url" />%,
|
||||
'Found HTTPS url'
|
||||
) or explain( $res->[2]->[0], 'HTTP url' );
|
||||
count(2);
|
||||
|
|
|
@ -48,7 +48,7 @@ SKIP: {
|
|||
' Captcha image inserted' );
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m#<img class="renewcaptchaclick" src="/static/common/icons/arrow_refresh.png" alt="Renew Captcha" title="Renew Captcha" class="img-thumbnail mb-3" />#,
|
||||
m#<img class="renewcaptchaclick" src="/static/common/icons/arrow_refresh.png"#,
|
||||
' Renew Captcha button found'
|
||||
) or explain( $res->[2]->[0], 'Renew captcha button not found' );
|
||||
ok( $res->[2]->[0] =~ /captcha\.(?:min\.)?js/, 'Get captcha javascript' );
|
||||
|
|
Loading…
Reference in New Issue