2019-03-15 13:09:04 |
Dmitrii Shcherbakov |
bug |
|
|
added bug |
2019-03-22 19:31:33 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~dmitriis/ubuntu/+source/libapache2-mod-auth-mellon/+git/libapache2-mod-auth-mellon/+merge/364984 |
|
2019-03-22 19:53:43 |
Dmitrii Shcherbakov |
description |
This change to mod_auth_mellon adds a very useful capability for enabling diagnostics output from the module:
https://github.com/Uninett/mod_auth_mellon/commit/e8579f6387d9841ce619d836110050fb18117753
It is available as of v0.14.0 (present in Cosmic):
git --no-pager tag --contains=e8579f6387d9841ce619d836110050fb18117753
v0.14.0
v0.14.1
It would be good to enable this in our builds as follows:
diff --git a/debian/rules b/debian/rules
index 5f81a8c..1c482e0 100755
--- a/debian/rules
+++ b/debian/rules
@@ -7,6 +7,8 @@ export DEB_BUILD_MAINT_OPTIONS = hardening=+all
override_dh_auto_install:
+override_dh_auto_configure:
+ dh_auto_configure -- --enable-diagnostics |
[Rationale]
This change to mod_auth_mellon adds a very useful capability for enabling diagnostics output from the module:
https://github.com/Uninett/mod_auth_mellon/commit/e8579f6387d9841ce619d836110050fb18117753
It is available as of v0.14.0 (present in Cosmic):
git --no-pager tag --contains=e8579f6387d9841ce619d836110050fb18117753
v0.14.0
v0.14.1
[Build Verification]
https://paste.ubuntu.com/p/2kt3BsxJKn/
[Installation]
https://paste.ubuntu.com/p/VcfcgyPHqH/
[Upgrades]
No impact |
|
2019-03-22 19:56:03 |
Dmitrii Shcherbakov |
summary |
consider building with --enable-diagnostics as of v0.14.0 (cosmic) to ease up SSO debugging |
[FFe] build mellon with --enable-diagnostics to ease up SSO debugging |
|
2019-03-22 20:20:12 |
Dmitrii Shcherbakov |
description |
[Rationale]
This change to mod_auth_mellon adds a very useful capability for enabling diagnostics output from the module:
https://github.com/Uninett/mod_auth_mellon/commit/e8579f6387d9841ce619d836110050fb18117753
It is available as of v0.14.0 (present in Cosmic):
git --no-pager tag --contains=e8579f6387d9841ce619d836110050fb18117753
v0.14.0
v0.14.1
[Build Verification]
https://paste.ubuntu.com/p/2kt3BsxJKn/
[Installation]
https://paste.ubuntu.com/p/VcfcgyPHqH/
[Upgrades]
No impact |
[Rationale]
This change to mod_auth_mellon adds a very useful capability for enabling diagnostics output from the module:
https://github.com/Uninett/mod_auth_mellon/commit/e8579f6387d9841ce619d836110050fb18117753
It is available as of v0.14.0 (present in Cosmic):
git --no-pager tag --contains=e8579f6387d9841ce619d836110050fb18117753
v0.14.0
v0.14.1
This is generally useful for field engineering and operations teams and other users as SAML exchanges are difficult to debug.
[Build Verification]
https://paste.ubuntu.com/p/2kt3BsxJKn/
[Installation]
https://paste.ubuntu.com/p/VcfcgyPHqH/
[Upgrades]
No impact |
|
2019-03-22 20:20:31 |
Dmitrii Shcherbakov |
bug |
|
|
added subscriber Ubuntu Release Team |
2019-03-22 21:30:42 |
Dmitrii Shcherbakov |
description |
[Rationale]
This change to mod_auth_mellon adds a very useful capability for enabling diagnostics output from the module:
https://github.com/Uninett/mod_auth_mellon/commit/e8579f6387d9841ce619d836110050fb18117753
It is available as of v0.14.0 (present in Cosmic):
git --no-pager tag --contains=e8579f6387d9841ce619d836110050fb18117753
v0.14.0
v0.14.1
This is generally useful for field engineering and operations teams and other users as SAML exchanges are difficult to debug.
[Build Verification]
https://paste.ubuntu.com/p/2kt3BsxJKn/
[Installation]
https://paste.ubuntu.com/p/VcfcgyPHqH/
[Upgrades]
No impact |
[Rationale]
This change to mod_auth_mellon adds a very useful capability for enabling diagnostics output from the module:
https://github.com/Uninett/mod_auth_mellon/commit/e8579f6387d9841ce619d836110050fb18117753
It is available as of v0.14.0 (present in Cosmic):
git --no-pager tag --contains=e8579f6387d9841ce619d836110050fb18117753
v0.14.0
v0.14.1
This is generally useful for field engineering and operations teams and other users as SAML exchanges are difficult to debug.
[Build Verification]
https://paste.ubuntu.com/p/2kt3BsxJKn/
[Installation]
https://paste.ubuntu.com/p/VcfcgyPHqH/
"MellonDiagnosticsEnable Off" is the default setting and it results in am_diag_open_log returning 1 which does NOT result in an error returned from am_diag_log_init. Also installed a package and verified that setting this to off explicitly or implicitly (default) does not result in errors on startup or page access.
https://git.launchpad.net/ubuntu/+source/libapache2-mod-auth-mellon/tree/auth_mellon_diagnostics.c?h=ubuntu/disco&id=49c8ccfedca2db17d76348573e6daa862e104f6d#n311
int am_diag_log_init(apr_pool_t *pc, apr_pool_t *p, apr_pool_t *pt, server_rec *s)
{
for ( ; s ; s = s->next) {
if (!am_diag_open_log(s, p)) {
return HTTP_INTERNAL_SERVER_ERROR;
}
}
// ...
static int am_diag_open_log(server_rec *s, apr_pool_t *p) {
// ...
if (!(diag_cfg->flags & AM_DIAG_FLAG_ENABLED)) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"mellon diagnostics disabled for %s", server_desc);
return 1;
// ...
[Upgrades]
No impact |
|
2019-03-29 17:11:22 |
Corey Bryant |
summary |
[FFe] build mellon with --enable-diagnostics to ease up SSO debugging |
[FFe] [SRU] build mellon with --enable-diagnostics to ease up SSO debugging |
|
2019-03-29 17:50:02 |
Corey Bryant |
description |
[Rationale]
This change to mod_auth_mellon adds a very useful capability for enabling diagnostics output from the module:
https://github.com/Uninett/mod_auth_mellon/commit/e8579f6387d9841ce619d836110050fb18117753
It is available as of v0.14.0 (present in Cosmic):
git --no-pager tag --contains=e8579f6387d9841ce619d836110050fb18117753
v0.14.0
v0.14.1
This is generally useful for field engineering and operations teams and other users as SAML exchanges are difficult to debug.
[Build Verification]
https://paste.ubuntu.com/p/2kt3BsxJKn/
[Installation]
https://paste.ubuntu.com/p/VcfcgyPHqH/
"MellonDiagnosticsEnable Off" is the default setting and it results in am_diag_open_log returning 1 which does NOT result in an error returned from am_diag_log_init. Also installed a package and verified that setting this to off explicitly or implicitly (default) does not result in errors on startup or page access.
https://git.launchpad.net/ubuntu/+source/libapache2-mod-auth-mellon/tree/auth_mellon_diagnostics.c?h=ubuntu/disco&id=49c8ccfedca2db17d76348573e6daa862e104f6d#n311
int am_diag_log_init(apr_pool_t *pc, apr_pool_t *p, apr_pool_t *pt, server_rec *s)
{
for ( ; s ; s = s->next) {
if (!am_diag_open_log(s, p)) {
return HTTP_INTERNAL_SERVER_ERROR;
}
}
// ...
static int am_diag_open_log(server_rec *s, apr_pool_t *p) {
// ...
if (!(diag_cfg->flags & AM_DIAG_FLAG_ENABLED)) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"mellon diagnostics disabled for %s", server_desc);
return 1;
// ...
[Upgrades]
No impact |
FFE Section
-----------
[Rationale]
This change to mod_auth_mellon adds a very useful capability for enabling diagnostics output from the module:
https://github.com/Uninett/mod_auth_mellon/commit/e8579f6387d9841ce619d836110050fb18117753
It is available as of v0.14.0 (present in Cosmic):
git --no-pager tag --contains=e8579f6387d9841ce619d836110050fb18117753
v0.14.0
v0.14.1
This is generally useful for field engineering and operations teams and other users as SAML exchanges are difficult to debug.
[Build Verification]
https://paste.ubuntu.com/p/2kt3BsxJKn/
[Installation]
https://paste.ubuntu.com/p/VcfcgyPHqH/
"MellonDiagnosticsEnable Off" is the default setting and it results in am_diag_open_log returning 1 which does NOT result in an error returned from am_diag_log_init. Also installed a package and verified that setting this to off explicitly or implicitly (default) does not result in errors on startup or page access.
https://git.launchpad.net/ubuntu/+source/libapache2-mod-auth-mellon/tree/auth_mellon_diagnostics.c?h=ubuntu/disco&id=49c8ccfedca2db17d76348573e6daa862e104f6d#n311
int am_diag_log_init(apr_pool_t *pc, apr_pool_t *p, apr_pool_t *pt, server_rec *s)
{
for ( ; s ; s = s->next) {
if (!am_diag_open_log(s, p)) {
return HTTP_INTERNAL_SERVER_ERROR;
}
}
// ...
static int am_diag_open_log(server_rec *s, apr_pool_t *p) {
// ...
if (!(diag_cfg->flags & AM_DIAG_FLAG_ENABLED)) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"mellon diagnostics disabled for %s", server_desc);
return 1;
// ...
[Upgrades]
No impact
SRU section
-----------
[Impact]
See FFE Rationale above.
[Test Case]
[Regression Potential]
As mentioned above in the FFE section, "MellonDiagnosticsEnable Off" can be set in the apache configuration to disable diagnostics. This is also the default setting, so regression potential is certainly limited by this. |
|
2019-03-29 17:50:22 |
Corey Bryant |
description |
FFE Section
-----------
[Rationale]
This change to mod_auth_mellon adds a very useful capability for enabling diagnostics output from the module:
https://github.com/Uninett/mod_auth_mellon/commit/e8579f6387d9841ce619d836110050fb18117753
It is available as of v0.14.0 (present in Cosmic):
git --no-pager tag --contains=e8579f6387d9841ce619d836110050fb18117753
v0.14.0
v0.14.1
This is generally useful for field engineering and operations teams and other users as SAML exchanges are difficult to debug.
[Build Verification]
https://paste.ubuntu.com/p/2kt3BsxJKn/
[Installation]
https://paste.ubuntu.com/p/VcfcgyPHqH/
"MellonDiagnosticsEnable Off" is the default setting and it results in am_diag_open_log returning 1 which does NOT result in an error returned from am_diag_log_init. Also installed a package and verified that setting this to off explicitly or implicitly (default) does not result in errors on startup or page access.
https://git.launchpad.net/ubuntu/+source/libapache2-mod-auth-mellon/tree/auth_mellon_diagnostics.c?h=ubuntu/disco&id=49c8ccfedca2db17d76348573e6daa862e104f6d#n311
int am_diag_log_init(apr_pool_t *pc, apr_pool_t *p, apr_pool_t *pt, server_rec *s)
{
for ( ; s ; s = s->next) {
if (!am_diag_open_log(s, p)) {
return HTTP_INTERNAL_SERVER_ERROR;
}
}
// ...
static int am_diag_open_log(server_rec *s, apr_pool_t *p) {
// ...
if (!(diag_cfg->flags & AM_DIAG_FLAG_ENABLED)) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"mellon diagnostics disabled for %s", server_desc);
return 1;
// ...
[Upgrades]
No impact
SRU section
-----------
[Impact]
See FFE Rationale above.
[Test Case]
[Regression Potential]
As mentioned above in the FFE section, "MellonDiagnosticsEnable Off" can be set in the apache configuration to disable diagnostics. This is also the default setting, so regression potential is certainly limited by this. |
FFE Section for disco
---------------------
[Rationale]
This change to mod_auth_mellon adds a very useful capability for enabling diagnostics output from the module:
https://github.com/Uninett/mod_auth_mellon/commit/e8579f6387d9841ce619d836110050fb18117753
It is available as of v0.14.0 (present in Cosmic):
git --no-pager tag --contains=e8579f6387d9841ce619d836110050fb18117753
v0.14.0
v0.14.1
This is generally useful for field engineering and operations teams and other users as SAML exchanges are difficult to debug.
[Build Verification]
https://paste.ubuntu.com/p/2kt3BsxJKn/
[Installation]
https://paste.ubuntu.com/p/VcfcgyPHqH/
"MellonDiagnosticsEnable Off" is the default setting and it results in am_diag_open_log returning 1 which does NOT result in an error returned from am_diag_log_init. Also installed a package and verified that setting this to off explicitly or implicitly (default) does not result in errors on startup or page access.
https://git.launchpad.net/ubuntu/+source/libapache2-mod-auth-mellon/tree/auth_mellon_diagnostics.c?h=ubuntu/disco&id=49c8ccfedca2db17d76348573e6daa862e104f6d#n311
int am_diag_log_init(apr_pool_t *pc, apr_pool_t *p, apr_pool_t *pt, server_rec *s)
{
for ( ; s ; s = s->next) {
if (!am_diag_open_log(s, p)) {
return HTTP_INTERNAL_SERVER_ERROR;
}
}
// ...
static int am_diag_open_log(server_rec *s, apr_pool_t *p) {
// ...
if (!(diag_cfg->flags & AM_DIAG_FLAG_ENABLED)) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"mellon diagnostics disabled for %s", server_desc);
return 1;
// ...
[Upgrades]
No impact
SRU section
-----------
[Impact]
See FFE Rationale above.
[Test Case]
[Regression Potential]
As mentioned above in the FFE section, "MellonDiagnosticsEnable Off" can be set in the apache configuration to disable diagnostics. This is also the default setting, so regression potential is certainly limited by this. |
|
2019-03-29 17:50:36 |
Corey Bryant |
nominated for series |
|
Ubuntu Bionic |
|
2019-03-29 17:50:36 |
Corey Bryant |
bug task added |
|
libapache2-mod-auth-mellon (Ubuntu Bionic) |
|
2019-03-29 17:50:36 |
Corey Bryant |
nominated for series |
|
Ubuntu Disco |
|
2019-03-29 17:50:36 |
Corey Bryant |
bug task added |
|
libapache2-mod-auth-mellon (Ubuntu Disco) |
|
2019-03-29 17:50:36 |
Corey Bryant |
nominated for series |
|
Ubuntu Cosmic |
|
2019-03-29 17:50:36 |
Corey Bryant |
bug task added |
|
libapache2-mod-auth-mellon (Ubuntu Cosmic) |
|
2019-03-29 17:57:59 |
Corey Bryant |
description |
FFE Section for disco
---------------------
[Rationale]
This change to mod_auth_mellon adds a very useful capability for enabling diagnostics output from the module:
https://github.com/Uninett/mod_auth_mellon/commit/e8579f6387d9841ce619d836110050fb18117753
It is available as of v0.14.0 (present in Cosmic):
git --no-pager tag --contains=e8579f6387d9841ce619d836110050fb18117753
v0.14.0
v0.14.1
This is generally useful for field engineering and operations teams and other users as SAML exchanges are difficult to debug.
[Build Verification]
https://paste.ubuntu.com/p/2kt3BsxJKn/
[Installation]
https://paste.ubuntu.com/p/VcfcgyPHqH/
"MellonDiagnosticsEnable Off" is the default setting and it results in am_diag_open_log returning 1 which does NOT result in an error returned from am_diag_log_init. Also installed a package and verified that setting this to off explicitly or implicitly (default) does not result in errors on startup or page access.
https://git.launchpad.net/ubuntu/+source/libapache2-mod-auth-mellon/tree/auth_mellon_diagnostics.c?h=ubuntu/disco&id=49c8ccfedca2db17d76348573e6daa862e104f6d#n311
int am_diag_log_init(apr_pool_t *pc, apr_pool_t *p, apr_pool_t *pt, server_rec *s)
{
for ( ; s ; s = s->next) {
if (!am_diag_open_log(s, p)) {
return HTTP_INTERNAL_SERVER_ERROR;
}
}
// ...
static int am_diag_open_log(server_rec *s, apr_pool_t *p) {
// ...
if (!(diag_cfg->flags & AM_DIAG_FLAG_ENABLED)) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"mellon diagnostics disabled for %s", server_desc);
return 1;
// ...
[Upgrades]
No impact
SRU section
-----------
[Impact]
See FFE Rationale above.
[Test Case]
[Regression Potential]
As mentioned above in the FFE section, "MellonDiagnosticsEnable Off" can be set in the apache configuration to disable diagnostics. This is also the default setting, so regression potential is certainly limited by this. |
FFE Section for disco
---------------------
[Rationale]
This change to mod_auth_mellon adds a very useful capability for enabling diagnostics output from the module:
https://github.com/Uninett/mod_auth_mellon/commit/e8579f6387d9841ce619d836110050fb18117753
It is available as of v0.14.0 (present in Cosmic):
git --no-pager tag --contains=e8579f6387d9841ce619d836110050fb18117753
v0.14.0
v0.14.1
This is generally useful for field engineering and operations teams and other users as SAML exchanges are difficult to debug.
[Build Verification]
https://paste.ubuntu.com/p/2kt3BsxJKn/
[Installation]
https://paste.ubuntu.com/p/VcfcgyPHqH/
"MellonDiagnosticsEnable Off" is the default setting and it results in am_diag_open_log returning 1 which does NOT result in an error returned from am_diag_log_init. Also installed a package and verified that setting this to off explicitly or implicitly (default) does not result in errors on startup or page access.
https://git.launchpad.net/ubuntu/+source/libapache2-mod-auth-mellon/tree/auth_mellon_diagnostics.c?h=ubuntu/disco&id=49c8ccfedca2db17d76348573e6daa862e104f6d#n311
int am_diag_log_init(apr_pool_t *pc, apr_pool_t *p, apr_pool_t *pt, server_rec *s)
{
for ( ; s ; s = s->next) {
if (!am_diag_open_log(s, p)) {
return HTTP_INTERNAL_SERVER_ERROR;
}
}
// ...
static int am_diag_open_log(server_rec *s, apr_pool_t *p) {
// ...
if (!(diag_cfg->flags & AM_DIAG_FLAG_ENABLED)) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"mellon diagnostics disabled for %s", server_desc);
return 1;
// ...
[Upgrades]
No impact
SRU section for cosmic and bionic
---------------------------------
[Impact]
See FFE Rationale above.
[Test Case]
[Regression Potential]
As mentioned above in the FFE section, "MellonDiagnosticsEnable Off" can be set in the apache configuration to disable diagnostics. This is also the default setting, so regression potential is certainly limited by this.
[Discussion]
For the cosmic SRU this will be a fairly straight forward and trivial update to the package to run configure with "--enable-diagnostics". Cosmic is already at version 0.14.0 which has the diagnostics support.
For the bionic SRU, things are more complicated as bionic is at version 0.13.1 which does not include diagnostics support. I've analyzed the delta between 0.13.1 and 0.14.0 and I'm seeing mostly bug fixes and 2 new features (1 for diagnostics support, and 1 for MellonSignatureMethod support). Here's the full commit summary between 0.13.1 and 0.14.0:
/tmp/mod_auth_mellon$ git remote -v
origin https://github.com/UNINETT/mod_auth_mellon (fetch)
origin https://github.com/UNINETT/mod_auth_mellon (push)
/tmp/mod_auth_mellon$ git log --no-merges --date-order --pretty=oneline --format=" - [%h] %s" v0.13.1..v0.14.0
- [29d2872] Bump version to 0.14.0.
- [21f78ab] Add release notes for version 0.14.0.
- [262768a] NEWS: Add consistent whitespace between releases.
- [7bb98cf] Fix config.h.in missing in .tar.gz.
- [aee068f] Fix typos in the user guide
- [8abbcf9] Update User Guide on error responses and ADFS issues
- [9b17e5c] Add MellonSignatureMethod to control signature algorithm
- [582f283] Log SAML status response information
- [524d558] convert README to README.md
- [0851045] Fix consistency, grammar, and usage in user guide
- [70e8abc] Give clear error if building with diagnostics support on old Apache
- [15fcbf7] Fix build error on Apache 2.2.
- [fe8b978] Add example for dual auth support.
- [f865919] Add clarification on using info vs auth
- [5927b5c] Fix Mellon user guide typos
- [86eb344] Fix conditional build of auth_mellon_diagnostics.c
- [89a3c81] Add NameID discussion to User Guide
- [93faba4] Update log msg for Invalid Destination and Invalid Audience to show both the expected and received values.
- [de853e1] Add user_guide to distribution, use AC_DEFINE instead of CFLAGS
- [8d49ab6] Replace ap_log_rerror with AM_LOG_RERROR
- [e8579f6] Add diagnostic logging
- [6d2ee84] Track file information
- [ee97812] Add Mellon User Guide
- [daa5d1e] If no IdP's are defined explicitly log that fact
- [119cbdd] modify cache functions to take request_rec parameter instead of server_rec
- [c291232] Make MellonUser case-insensitive.
- [2c2e19d] Fix incorrect error check for many `lasso_*`-functions.
- [5c5ed1d] Fix segmentation fault with POST field without a value.
- [4c924d9] Fix some log message typos
Of the commits above, those required for diagnostics support include:
- [582f283] Log SAML status response information
- [70e8abc] Give clear error if building with diagnostics support on old Apache
- [86eb344] Fix conditional build of auth_mellon_diagnostics.c
- [8d49ab6] Replace ap_log_rerror with AM_LOG_RERROR
- [e8579f6] Add diagnostic logging
- [6d2ee84] Track file information
And the MellonSignatureMethod support is provided in a single commit:
- [9b17e5c] Add MellonSignatureMethod to control signature algorithm |
|
2019-03-29 18:21:36 |
Corey Bryant |
description |
FFE Section for disco
---------------------
[Rationale]
This change to mod_auth_mellon adds a very useful capability for enabling diagnostics output from the module:
https://github.com/Uninett/mod_auth_mellon/commit/e8579f6387d9841ce619d836110050fb18117753
It is available as of v0.14.0 (present in Cosmic):
git --no-pager tag --contains=e8579f6387d9841ce619d836110050fb18117753
v0.14.0
v0.14.1
This is generally useful for field engineering and operations teams and other users as SAML exchanges are difficult to debug.
[Build Verification]
https://paste.ubuntu.com/p/2kt3BsxJKn/
[Installation]
https://paste.ubuntu.com/p/VcfcgyPHqH/
"MellonDiagnosticsEnable Off" is the default setting and it results in am_diag_open_log returning 1 which does NOT result in an error returned from am_diag_log_init. Also installed a package and verified that setting this to off explicitly or implicitly (default) does not result in errors on startup or page access.
https://git.launchpad.net/ubuntu/+source/libapache2-mod-auth-mellon/tree/auth_mellon_diagnostics.c?h=ubuntu/disco&id=49c8ccfedca2db17d76348573e6daa862e104f6d#n311
int am_diag_log_init(apr_pool_t *pc, apr_pool_t *p, apr_pool_t *pt, server_rec *s)
{
for ( ; s ; s = s->next) {
if (!am_diag_open_log(s, p)) {
return HTTP_INTERNAL_SERVER_ERROR;
}
}
// ...
static int am_diag_open_log(server_rec *s, apr_pool_t *p) {
// ...
if (!(diag_cfg->flags & AM_DIAG_FLAG_ENABLED)) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"mellon diagnostics disabled for %s", server_desc);
return 1;
// ...
[Upgrades]
No impact
SRU section for cosmic and bionic
---------------------------------
[Impact]
See FFE Rationale above.
[Test Case]
[Regression Potential]
As mentioned above in the FFE section, "MellonDiagnosticsEnable Off" can be set in the apache configuration to disable diagnostics. This is also the default setting, so regression potential is certainly limited by this.
[Discussion]
For the cosmic SRU this will be a fairly straight forward and trivial update to the package to run configure with "--enable-diagnostics". Cosmic is already at version 0.14.0 which has the diagnostics support.
For the bionic SRU, things are more complicated as bionic is at version 0.13.1 which does not include diagnostics support. I've analyzed the delta between 0.13.1 and 0.14.0 and I'm seeing mostly bug fixes and 2 new features (1 for diagnostics support, and 1 for MellonSignatureMethod support). Here's the full commit summary between 0.13.1 and 0.14.0:
/tmp/mod_auth_mellon$ git remote -v
origin https://github.com/UNINETT/mod_auth_mellon (fetch)
origin https://github.com/UNINETT/mod_auth_mellon (push)
/tmp/mod_auth_mellon$ git log --no-merges --date-order --pretty=oneline --format=" - [%h] %s" v0.13.1..v0.14.0
- [29d2872] Bump version to 0.14.0.
- [21f78ab] Add release notes for version 0.14.0.
- [262768a] NEWS: Add consistent whitespace between releases.
- [7bb98cf] Fix config.h.in missing in .tar.gz.
- [aee068f] Fix typos in the user guide
- [8abbcf9] Update User Guide on error responses and ADFS issues
- [9b17e5c] Add MellonSignatureMethod to control signature algorithm
- [582f283] Log SAML status response information
- [524d558] convert README to README.md
- [0851045] Fix consistency, grammar, and usage in user guide
- [70e8abc] Give clear error if building with diagnostics support on old Apache
- [15fcbf7] Fix build error on Apache 2.2.
- [fe8b978] Add example for dual auth support.
- [f865919] Add clarification on using info vs auth
- [5927b5c] Fix Mellon user guide typos
- [86eb344] Fix conditional build of auth_mellon_diagnostics.c
- [89a3c81] Add NameID discussion to User Guide
- [93faba4] Update log msg for Invalid Destination and Invalid Audience to show both the expected and received values.
- [de853e1] Add user_guide to distribution, use AC_DEFINE instead of CFLAGS
- [8d49ab6] Replace ap_log_rerror with AM_LOG_RERROR
- [e8579f6] Add diagnostic logging
- [6d2ee84] Track file information
- [ee97812] Add Mellon User Guide
- [daa5d1e] If no IdP's are defined explicitly log that fact
- [119cbdd] modify cache functions to take request_rec parameter instead of server_rec
- [c291232] Make MellonUser case-insensitive.
- [2c2e19d] Fix incorrect error check for many `lasso_*`-functions.
- [5c5ed1d] Fix segmentation fault with POST field without a value.
- [4c924d9] Fix some log message typos
Of the commits above, those required for diagnostics support include:
- [582f283] Log SAML status response information
- [70e8abc] Give clear error if building with diagnostics support on old Apache
- [86eb344] Fix conditional build of auth_mellon_diagnostics.c
- [8d49ab6] Replace ap_log_rerror with AM_LOG_RERROR
- [e8579f6] Add diagnostic logging
- [6d2ee84] Track file information
And the MellonSignatureMethod support is provided in a single commit:
- [9b17e5c] Add MellonSignatureMethod to control signature algorithm |
FFE Section for disco
---------------------
[Rationale]
This change to mod_auth_mellon adds a very useful capability for enabling diagnostics output from the module:
https://github.com/Uninett/mod_auth_mellon/commit/e8579f6387d9841ce619d836110050fb18117753
It is available as of v0.14.0 (present in Cosmic):
git --no-pager tag --contains=e8579f6387d9841ce619d836110050fb18117753
v0.14.0
v0.14.1
This is generally useful for field engineering and operations teams and other users as SAML exchanges are difficult to debug.
[Build Verification]
https://paste.ubuntu.com/p/2kt3BsxJKn/
[Installation]
https://paste.ubuntu.com/p/VcfcgyPHqH/
"MellonDiagnosticsEnable Off" is the default setting and it results in am_diag_open_log returning 1 which does NOT result in an error returned from am_diag_log_init. Also installed a package and verified that setting this to off explicitly or implicitly (default) does not result in errors on startup or page access.
https://git.launchpad.net/ubuntu/+source/libapache2-mod-auth-mellon/tree/auth_mellon_diagnostics.c?h=ubuntu/disco&id=49c8ccfedca2db17d76348573e6daa862e104f6d#n311
int am_diag_log_init(apr_pool_t *pc, apr_pool_t *p, apr_pool_t *pt, server_rec *s)
{
for ( ; s ; s = s->next) {
if (!am_diag_open_log(s, p)) {
return HTTP_INTERNAL_SERVER_ERROR;
}
}
// ...
static int am_diag_open_log(server_rec *s, apr_pool_t *p) {
// ...
if (!(diag_cfg->flags & AM_DIAG_FLAG_ENABLED)) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"mellon diagnostics disabled for %s", server_desc);
return 1;
// ...
[Upgrades]
No impact
SRU section for cosmic and bionic
---------------------------------
[Impact]
See FFE Rationale above.
[Test Case]
[Regression Potential]
As mentioned above in the FFE section, "MellonDiagnosticsEnable Off" can be set in the apache configuration to disable diagnostics. This is also the default setting, so regression potential is certainly limited by this.
[Discussion]
For the cosmic SRU this will be a fairly straight forward and trivial update to the package to run configure with "--enable-diagnostics". Cosmic is already at version 0.14.0 which has the diagnostics support.
For the bionic SRU, things are more complicated as bionic is at version 0.13.1 which does not include diagnostics support. What I'd like to do is to update the bionic package to 0.14.0. I know this is not business as usual but I think the regression potential is minimized by updating to 0.14.0 rather than risking any missed code when cherry-picking various patches.
For some analysis regarding updating bionic to 0.14.0, I've analyzed the delta between 0.13.1 and 0.14.0 and I'm seeing mostly bug fixes and 2 new features (1 for diagnostics support, and 1 for MellonSignatureMethod support). Here's the full commit summary between 0.13.1 and 0.14.0:
/tmp/mod_auth_mellon$ git remote -v
origin https://github.com/UNINETT/mod_auth_mellon (fetch)
origin https://github.com/UNINETT/mod_auth_mellon (push)
/tmp/mod_auth_mellon$ git log --no-merges --date-order --pretty=oneline --format=" - [%h] %s" v0.13.1..v0.14.0
- [29d2872] Bump version to 0.14.0.
- [21f78ab] Add release notes for version 0.14.0.
- [262768a] NEWS: Add consistent whitespace between releases.
- [7bb98cf] Fix config.h.in missing in .tar.gz.
- [aee068f] Fix typos in the user guide
- [8abbcf9] Update User Guide on error responses and ADFS issues
- [9b17e5c] Add MellonSignatureMethod to control signature algorithm
- [582f283] Log SAML status response information
- [524d558] convert README to README.md
- [0851045] Fix consistency, grammar, and usage in user guide
- [70e8abc] Give clear error if building with diagnostics support on old Apache
- [15fcbf7] Fix build error on Apache 2.2.
- [fe8b978] Add example for dual auth support.
- [f865919] Add clarification on using info vs auth
- [5927b5c] Fix Mellon user guide typos
- [86eb344] Fix conditional build of auth_mellon_diagnostics.c
- [89a3c81] Add NameID discussion to User Guide
- [93faba4] Update log msg for Invalid Destination and Invalid Audience to show both the expected and received values.
- [de853e1] Add user_guide to distribution, use AC_DEFINE instead of CFLAGS
- [8d49ab6] Replace ap_log_rerror with AM_LOG_RERROR
- [e8579f6] Add diagnostic logging
- [6d2ee84] Track file information
- [ee97812] Add Mellon User Guide
- [daa5d1e] If no IdP's are defined explicitly log that fact
- [119cbdd] modify cache functions to take request_rec parameter instead of server_rec
- [c291232] Make MellonUser case-insensitive.
- [2c2e19d] Fix incorrect error check for many `lasso_*`-functions.
- [5c5ed1d] Fix segmentation fault with POST field without a value.
- [4c924d9] Fix some log message typos
Of the commits above, those required for diagnostics support include:
- [582f283] Log SAML status response information
- [70e8abc] Give clear error if building with diagnostics support on old Apache
- [86eb344] Fix conditional build of auth_mellon_diagnostics.c
- [8d49ab6] Replace ap_log_rerror with AM_LOG_RERROR
- [e8579f6] Add diagnostic logging
- [6d2ee84] Track file information
And the MellonSignatureMethod support is provided in a single commit:
- [9b17e5c] Add MellonSignatureMethod to control signature algorithm
MellonSignatureMethod is also controlled by a config option in the apache configuration.
Following is the full commit message for 9b17e5c:
https://github.com/Uninett/mod_auth_mellon/commit/9b17e5c1078a9be90de1e9d03079b34ca4056e96
One upgrade consideration coming from this patch is that it changes the default sha algorithm used by Mellon from rsa-sha1 to rsa-sha256. And as the commit says, this was done because SHA1 is no longer considered safe, SHA256 is now the current recommendation. This would likely be a good update anyway. |
|
2019-03-29 18:22:54 |
Corey Bryant |
description |
FFE Section for disco
---------------------
[Rationale]
This change to mod_auth_mellon adds a very useful capability for enabling diagnostics output from the module:
https://github.com/Uninett/mod_auth_mellon/commit/e8579f6387d9841ce619d836110050fb18117753
It is available as of v0.14.0 (present in Cosmic):
git --no-pager tag --contains=e8579f6387d9841ce619d836110050fb18117753
v0.14.0
v0.14.1
This is generally useful for field engineering and operations teams and other users as SAML exchanges are difficult to debug.
[Build Verification]
https://paste.ubuntu.com/p/2kt3BsxJKn/
[Installation]
https://paste.ubuntu.com/p/VcfcgyPHqH/
"MellonDiagnosticsEnable Off" is the default setting and it results in am_diag_open_log returning 1 which does NOT result in an error returned from am_diag_log_init. Also installed a package and verified that setting this to off explicitly or implicitly (default) does not result in errors on startup or page access.
https://git.launchpad.net/ubuntu/+source/libapache2-mod-auth-mellon/tree/auth_mellon_diagnostics.c?h=ubuntu/disco&id=49c8ccfedca2db17d76348573e6daa862e104f6d#n311
int am_diag_log_init(apr_pool_t *pc, apr_pool_t *p, apr_pool_t *pt, server_rec *s)
{
for ( ; s ; s = s->next) {
if (!am_diag_open_log(s, p)) {
return HTTP_INTERNAL_SERVER_ERROR;
}
}
// ...
static int am_diag_open_log(server_rec *s, apr_pool_t *p) {
// ...
if (!(diag_cfg->flags & AM_DIAG_FLAG_ENABLED)) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"mellon diagnostics disabled for %s", server_desc);
return 1;
// ...
[Upgrades]
No impact
SRU section for cosmic and bionic
---------------------------------
[Impact]
See FFE Rationale above.
[Test Case]
[Regression Potential]
As mentioned above in the FFE section, "MellonDiagnosticsEnable Off" can be set in the apache configuration to disable diagnostics. This is also the default setting, so regression potential is certainly limited by this.
[Discussion]
For the cosmic SRU this will be a fairly straight forward and trivial update to the package to run configure with "--enable-diagnostics". Cosmic is already at version 0.14.0 which has the diagnostics support.
For the bionic SRU, things are more complicated as bionic is at version 0.13.1 which does not include diagnostics support. What I'd like to do is to update the bionic package to 0.14.0. I know this is not business as usual but I think the regression potential is minimized by updating to 0.14.0 rather than risking any missed code when cherry-picking various patches.
For some analysis regarding updating bionic to 0.14.0, I've analyzed the delta between 0.13.1 and 0.14.0 and I'm seeing mostly bug fixes and 2 new features (1 for diagnostics support, and 1 for MellonSignatureMethod support). Here's the full commit summary between 0.13.1 and 0.14.0:
/tmp/mod_auth_mellon$ git remote -v
origin https://github.com/UNINETT/mod_auth_mellon (fetch)
origin https://github.com/UNINETT/mod_auth_mellon (push)
/tmp/mod_auth_mellon$ git log --no-merges --date-order --pretty=oneline --format=" - [%h] %s" v0.13.1..v0.14.0
- [29d2872] Bump version to 0.14.0.
- [21f78ab] Add release notes for version 0.14.0.
- [262768a] NEWS: Add consistent whitespace between releases.
- [7bb98cf] Fix config.h.in missing in .tar.gz.
- [aee068f] Fix typos in the user guide
- [8abbcf9] Update User Guide on error responses and ADFS issues
- [9b17e5c] Add MellonSignatureMethod to control signature algorithm
- [582f283] Log SAML status response information
- [524d558] convert README to README.md
- [0851045] Fix consistency, grammar, and usage in user guide
- [70e8abc] Give clear error if building with diagnostics support on old Apache
- [15fcbf7] Fix build error on Apache 2.2.
- [fe8b978] Add example for dual auth support.
- [f865919] Add clarification on using info vs auth
- [5927b5c] Fix Mellon user guide typos
- [86eb344] Fix conditional build of auth_mellon_diagnostics.c
- [89a3c81] Add NameID discussion to User Guide
- [93faba4] Update log msg for Invalid Destination and Invalid Audience to show both the expected and received values.
- [de853e1] Add user_guide to distribution, use AC_DEFINE instead of CFLAGS
- [8d49ab6] Replace ap_log_rerror with AM_LOG_RERROR
- [e8579f6] Add diagnostic logging
- [6d2ee84] Track file information
- [ee97812] Add Mellon User Guide
- [daa5d1e] If no IdP's are defined explicitly log that fact
- [119cbdd] modify cache functions to take request_rec parameter instead of server_rec
- [c291232] Make MellonUser case-insensitive.
- [2c2e19d] Fix incorrect error check for many `lasso_*`-functions.
- [5c5ed1d] Fix segmentation fault with POST field without a value.
- [4c924d9] Fix some log message typos
Of the commits above, those required for diagnostics support include:
- [582f283] Log SAML status response information
- [70e8abc] Give clear error if building with diagnostics support on old Apache
- [86eb344] Fix conditional build of auth_mellon_diagnostics.c
- [8d49ab6] Replace ap_log_rerror with AM_LOG_RERROR
- [e8579f6] Add diagnostic logging
- [6d2ee84] Track file information
And the MellonSignatureMethod support is provided in a single commit:
- [9b17e5c] Add MellonSignatureMethod to control signature algorithm
MellonSignatureMethod is also controlled by a config option in the apache configuration.
Following is the full commit message for 9b17e5c:
https://github.com/Uninett/mod_auth_mellon/commit/9b17e5c1078a9be90de1e9d03079b34ca4056e96
One upgrade consideration coming from this patch is that it changes the default sha algorithm used by Mellon from rsa-sha1 to rsa-sha256. And as the commit says, this was done because SHA1 is no longer considered safe, SHA256 is now the current recommendation. This would likely be a good update anyway. |
FFE Section for disco
---------------------
[Rationale]
This change to mod_auth_mellon adds a very useful capability for enabling diagnostics output from the module:
https://github.com/Uninett/mod_auth_mellon/commit/e8579f6387d9841ce619d836110050fb18117753
It is available as of v0.14.0 (present in Cosmic):
git --no-pager tag --contains=e8579f6387d9841ce619d836110050fb18117753
v0.14.0
v0.14.1
This is generally useful for field engineering and operations teams and other users as SAML exchanges are difficult to debug.
[Build Verification]
https://paste.ubuntu.com/p/2kt3BsxJKn/
[Installation]
https://paste.ubuntu.com/p/VcfcgyPHqH/
"MellonDiagnosticsEnable Off" is the default setting and it results in am_diag_open_log returning 1 which does NOT result in an error returned from am_diag_log_init. Also installed a package and verified that setting this to off explicitly or implicitly (default) does not result in errors on startup or page access.
https://git.launchpad.net/ubuntu/+source/libapache2-mod-auth-mellon/tree/auth_mellon_diagnostics.c?h=ubuntu/disco&id=49c8ccfedca2db17d76348573e6daa862e104f6d#n311
int am_diag_log_init(apr_pool_t *pc, apr_pool_t *p, apr_pool_t *pt, server_rec *s)
{
for ( ; s ; s = s->next) {
if (!am_diag_open_log(s, p)) {
return HTTP_INTERNAL_SERVER_ERROR;
}
}
// ...
static int am_diag_open_log(server_rec *s, apr_pool_t *p) {
// ...
if (!(diag_cfg->flags & AM_DIAG_FLAG_ENABLED)) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"mellon diagnostics disabled for %s", server_desc);
return 1;
// ...
[Upgrades]
No impact
SRU section for cosmic and bionic
---------------------------------
[Impact]
See FFE Rationale above.
[Test Case]
[Regression Potential]
As mentioned above in the FFE section, "MellonDiagnosticsEnable Off" can be set in the apache configuration to disable diagnostics. This is also the default setting, so regression potential is certainly limited by this.
[Discussion]
** cosmic SRU **
For the cosmic SRU this will be a fairly straight forward and trivial update to the package to run configure with "--enable-diagnostics". Cosmic is already at version 0.14.0 which has the diagnostics support.
** bionic SRU **
For the bionic SRU, things are more complicated as bionic is at version 0.13.1 which does not include diagnostics support. What I'd like to do is to update the bionic package to 0.14.0. I know this is not business as usual but I think the regression potential is minimized by updating to 0.14.0 rather than risking any missed code when cherry-picking various patches.
For some analysis regarding updating bionic to 0.14.0, I've analyzed the delta between 0.13.1 and 0.14.0 and I'm seeing mostly bug fixes and 2 new features (1 for diagnostics support, and 1 for MellonSignatureMethod support). Here's the full commit summary between 0.13.1 and 0.14.0:
/tmp/mod_auth_mellon$ git remote -v
origin https://github.com/UNINETT/mod_auth_mellon (fetch)
origin https://github.com/UNINETT/mod_auth_mellon (push)
/tmp/mod_auth_mellon$ git log --no-merges --date-order --pretty=oneline --format=" - [%h] %s" v0.13.1..v0.14.0
- [29d2872] Bump version to 0.14.0.
- [21f78ab] Add release notes for version 0.14.0.
- [262768a] NEWS: Add consistent whitespace between releases.
- [7bb98cf] Fix config.h.in missing in .tar.gz.
- [aee068f] Fix typos in the user guide
- [8abbcf9] Update User Guide on error responses and ADFS issues
- [9b17e5c] Add MellonSignatureMethod to control signature algorithm
- [582f283] Log SAML status response information
- [524d558] convert README to README.md
- [0851045] Fix consistency, grammar, and usage in user guide
- [70e8abc] Give clear error if building with diagnostics support on old Apache
- [15fcbf7] Fix build error on Apache 2.2.
- [fe8b978] Add example for dual auth support.
- [f865919] Add clarification on using info vs auth
- [5927b5c] Fix Mellon user guide typos
- [86eb344] Fix conditional build of auth_mellon_diagnostics.c
- [89a3c81] Add NameID discussion to User Guide
- [93faba4] Update log msg for Invalid Destination and Invalid Audience to show both the expected and received values.
- [de853e1] Add user_guide to distribution, use AC_DEFINE instead of CFLAGS
- [8d49ab6] Replace ap_log_rerror with AM_LOG_RERROR
- [e8579f6] Add diagnostic logging
- [6d2ee84] Track file information
- [ee97812] Add Mellon User Guide
- [daa5d1e] If no IdP's are defined explicitly log that fact
- [119cbdd] modify cache functions to take request_rec parameter instead of server_rec
- [c291232] Make MellonUser case-insensitive.
- [2c2e19d] Fix incorrect error check for many `lasso_*`-functions.
- [5c5ed1d] Fix segmentation fault with POST field without a value.
- [4c924d9] Fix some log message typos
Of the commits above, those required for diagnostics support include:
- [582f283] Log SAML status response information
- [70e8abc] Give clear error if building with diagnostics support on old Apache
- [86eb344] Fix conditional build of auth_mellon_diagnostics.c
- [8d49ab6] Replace ap_log_rerror with AM_LOG_RERROR
- [e8579f6] Add diagnostic logging
- [6d2ee84] Track file information
And the MellonSignatureMethod support is provided in a single commit:
- [9b17e5c] Add MellonSignatureMethod to control signature algorithm
MellonSignatureMethod is also controlled by a config option in the apache configuration.
Following is the full commit message for 9b17e5c:
https://github.com/Uninett/mod_auth_mellon/commit/9b17e5c1078a9be90de1e9d03079b34ca4056e96
One upgrade consideration coming from this patch is that it changes the default sha algorithm used by Mellon from rsa-sha1 to rsa-sha256. And as the commit says, this was done because SHA1 is no longer considered safe, SHA256 is now the current recommendation. This would likely be a good update anyway. |
|
2019-03-29 18:23:02 |
Corey Bryant |
libapache2-mod-auth-mellon (Ubuntu Bionic): status |
New |
Triaged |
|
2019-03-29 18:23:04 |
Corey Bryant |
libapache2-mod-auth-mellon (Ubuntu Cosmic): status |
New |
Triaged |
|
2019-03-29 18:23:08 |
Corey Bryant |
libapache2-mod-auth-mellon (Ubuntu Bionic): importance |
Undecided |
High |
|
2019-03-29 18:23:09 |
Corey Bryant |
libapache2-mod-auth-mellon (Ubuntu Cosmic): importance |
Undecided |
High |
|
2019-03-29 18:23:10 |
Corey Bryant |
libapache2-mod-auth-mellon (Ubuntu Disco): status |
New |
Triaged |
|
2019-03-29 18:23:11 |
Corey Bryant |
libapache2-mod-auth-mellon (Ubuntu Disco): importance |
Undecided |
High |
|
2019-03-29 18:24:52 |
Corey Bryant |
description |
FFE Section for disco
---------------------
[Rationale]
This change to mod_auth_mellon adds a very useful capability for enabling diagnostics output from the module:
https://github.com/Uninett/mod_auth_mellon/commit/e8579f6387d9841ce619d836110050fb18117753
It is available as of v0.14.0 (present in Cosmic):
git --no-pager tag --contains=e8579f6387d9841ce619d836110050fb18117753
v0.14.0
v0.14.1
This is generally useful for field engineering and operations teams and other users as SAML exchanges are difficult to debug.
[Build Verification]
https://paste.ubuntu.com/p/2kt3BsxJKn/
[Installation]
https://paste.ubuntu.com/p/VcfcgyPHqH/
"MellonDiagnosticsEnable Off" is the default setting and it results in am_diag_open_log returning 1 which does NOT result in an error returned from am_diag_log_init. Also installed a package and verified that setting this to off explicitly or implicitly (default) does not result in errors on startup or page access.
https://git.launchpad.net/ubuntu/+source/libapache2-mod-auth-mellon/tree/auth_mellon_diagnostics.c?h=ubuntu/disco&id=49c8ccfedca2db17d76348573e6daa862e104f6d#n311
int am_diag_log_init(apr_pool_t *pc, apr_pool_t *p, apr_pool_t *pt, server_rec *s)
{
for ( ; s ; s = s->next) {
if (!am_diag_open_log(s, p)) {
return HTTP_INTERNAL_SERVER_ERROR;
}
}
// ...
static int am_diag_open_log(server_rec *s, apr_pool_t *p) {
// ...
if (!(diag_cfg->flags & AM_DIAG_FLAG_ENABLED)) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"mellon diagnostics disabled for %s", server_desc);
return 1;
// ...
[Upgrades]
No impact
SRU section for cosmic and bionic
---------------------------------
[Impact]
See FFE Rationale above.
[Test Case]
[Regression Potential]
As mentioned above in the FFE section, "MellonDiagnosticsEnable Off" can be set in the apache configuration to disable diagnostics. This is also the default setting, so regression potential is certainly limited by this.
[Discussion]
** cosmic SRU **
For the cosmic SRU this will be a fairly straight forward and trivial update to the package to run configure with "--enable-diagnostics". Cosmic is already at version 0.14.0 which has the diagnostics support.
** bionic SRU **
For the bionic SRU, things are more complicated as bionic is at version 0.13.1 which does not include diagnostics support. What I'd like to do is to update the bionic package to 0.14.0. I know this is not business as usual but I think the regression potential is minimized by updating to 0.14.0 rather than risking any missed code when cherry-picking various patches.
For some analysis regarding updating bionic to 0.14.0, I've analyzed the delta between 0.13.1 and 0.14.0 and I'm seeing mostly bug fixes and 2 new features (1 for diagnostics support, and 1 for MellonSignatureMethod support). Here's the full commit summary between 0.13.1 and 0.14.0:
/tmp/mod_auth_mellon$ git remote -v
origin https://github.com/UNINETT/mod_auth_mellon (fetch)
origin https://github.com/UNINETT/mod_auth_mellon (push)
/tmp/mod_auth_mellon$ git log --no-merges --date-order --pretty=oneline --format=" - [%h] %s" v0.13.1..v0.14.0
- [29d2872] Bump version to 0.14.0.
- [21f78ab] Add release notes for version 0.14.0.
- [262768a] NEWS: Add consistent whitespace between releases.
- [7bb98cf] Fix config.h.in missing in .tar.gz.
- [aee068f] Fix typos in the user guide
- [8abbcf9] Update User Guide on error responses and ADFS issues
- [9b17e5c] Add MellonSignatureMethod to control signature algorithm
- [582f283] Log SAML status response information
- [524d558] convert README to README.md
- [0851045] Fix consistency, grammar, and usage in user guide
- [70e8abc] Give clear error if building with diagnostics support on old Apache
- [15fcbf7] Fix build error on Apache 2.2.
- [fe8b978] Add example for dual auth support.
- [f865919] Add clarification on using info vs auth
- [5927b5c] Fix Mellon user guide typos
- [86eb344] Fix conditional build of auth_mellon_diagnostics.c
- [89a3c81] Add NameID discussion to User Guide
- [93faba4] Update log msg for Invalid Destination and Invalid Audience to show both the expected and received values.
- [de853e1] Add user_guide to distribution, use AC_DEFINE instead of CFLAGS
- [8d49ab6] Replace ap_log_rerror with AM_LOG_RERROR
- [e8579f6] Add diagnostic logging
- [6d2ee84] Track file information
- [ee97812] Add Mellon User Guide
- [daa5d1e] If no IdP's are defined explicitly log that fact
- [119cbdd] modify cache functions to take request_rec parameter instead of server_rec
- [c291232] Make MellonUser case-insensitive.
- [2c2e19d] Fix incorrect error check for many `lasso_*`-functions.
- [5c5ed1d] Fix segmentation fault with POST field without a value.
- [4c924d9] Fix some log message typos
Of the commits above, those required for diagnostics support include:
- [582f283] Log SAML status response information
- [70e8abc] Give clear error if building with diagnostics support on old Apache
- [86eb344] Fix conditional build of auth_mellon_diagnostics.c
- [8d49ab6] Replace ap_log_rerror with AM_LOG_RERROR
- [e8579f6] Add diagnostic logging
- [6d2ee84] Track file information
And the MellonSignatureMethod support is provided in a single commit:
- [9b17e5c] Add MellonSignatureMethod to control signature algorithm
MellonSignatureMethod is also controlled by a config option in the apache configuration.
Following is the full commit message for 9b17e5c:
https://github.com/Uninett/mod_auth_mellon/commit/9b17e5c1078a9be90de1e9d03079b34ca4056e96
One upgrade consideration coming from this patch is that it changes the default sha algorithm used by Mellon from rsa-sha1 to rsa-sha256. And as the commit says, this was done because SHA1 is no longer considered safe, SHA256 is now the current recommendation. This would likely be a good update anyway. |
FFE Section for disco
---------------------
[Rationale]
This change to mod_auth_mellon adds a very useful capability for enabling diagnostics output from the module:
https://github.com/Uninett/mod_auth_mellon/commit/e8579f6387d9841ce619d836110050fb18117753
It is available as of v0.14.0 (present in Cosmic):
git --no-pager tag --contains=e8579f6387d9841ce619d836110050fb18117753
v0.14.0
v0.14.1
This is generally useful for field engineering and operations teams and other users as SAML exchanges are difficult to debug.
[Build Verification]
https://paste.ubuntu.com/p/2kt3BsxJKn/
[Installation]
https://paste.ubuntu.com/p/VcfcgyPHqH/
"MellonDiagnosticsEnable Off" is the default setting and it results in am_diag_open_log returning 1 which does NOT result in an error returned from am_diag_log_init. Also installed a package and verified that setting this to off explicitly or implicitly (default) does not result in errors on startup or page access.
https://git.launchpad.net/ubuntu/+source/libapache2-mod-auth-mellon/tree/auth_mellon_diagnostics.c?h=ubuntu/disco&id=49c8ccfedca2db17d76348573e6daa862e104f6d#n311
int am_diag_log_init(apr_pool_t *pc, apr_pool_t *p, apr_pool_t *pt, server_rec *s)
{
for ( ; s ; s = s->next) {
if (!am_diag_open_log(s, p)) {
return HTTP_INTERNAL_SERVER_ERROR;
}
}
// ...
static int am_diag_open_log(server_rec *s, apr_pool_t *p) {
// ...
if (!(diag_cfg->flags & AM_DIAG_FLAG_ENABLED)) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"mellon diagnostics disabled for %s", server_desc);
return 1;
// ...
[Upgrades]
No impact
SRU section for cosmic and bionic
---------------------------------
[Impact]
See FFE Rationale above.
[Test Case]
[Regression Potential]
As mentioned above in the FFE section, "MellonDiagnosticsEnable Off" can be set in the apache configuration to disable diagnostics. This is also the default setting, so regression potential is certainly limited by this.
In particular the cosmic regression potential is much lower than the bionic potential since there is much less involved.
For bionic please see [Discussion] below.
[Discussion]
** cosmic SRU **
For the cosmic SRU this will be a fairly straight forward and trivial update to the package to run configure with "--enable-diagnostics". Cosmic is already at version 0.14.0 which has the diagnostics support.
** bionic SRU **
For the bionic SRU, things are more complicated as bionic is at version 0.13.1 which does not include diagnostics support. What I'd like to do is to update the bionic package to 0.14.0. I know this is not business as usual but I think the regression potential is minimized by updating to 0.14.0 rather than risking any missed code when cherry-picking various patches.
For some analysis regarding updating bionic to 0.14.0, I've analyzed the delta between 0.13.1 and 0.14.0 and I'm seeing mostly bug fixes and 2 new features (1 for diagnostics support, and 1 for MellonSignatureMethod support). Here's the full commit summary between 0.13.1 and 0.14.0:
/tmp/mod_auth_mellon$ git remote -v
origin https://github.com/UNINETT/mod_auth_mellon (fetch)
origin https://github.com/UNINETT/mod_auth_mellon (push)
/tmp/mod_auth_mellon$ git log --no-merges --date-order --pretty=oneline --format=" - [%h] %s" v0.13.1..v0.14.0
- [29d2872] Bump version to 0.14.0.
- [21f78ab] Add release notes for version 0.14.0.
- [262768a] NEWS: Add consistent whitespace between releases.
- [7bb98cf] Fix config.h.in missing in .tar.gz.
- [aee068f] Fix typos in the user guide
- [8abbcf9] Update User Guide on error responses and ADFS issues
- [9b17e5c] Add MellonSignatureMethod to control signature algorithm
- [582f283] Log SAML status response information
- [524d558] convert README to README.md
- [0851045] Fix consistency, grammar, and usage in user guide
- [70e8abc] Give clear error if building with diagnostics support on old Apache
- [15fcbf7] Fix build error on Apache 2.2.
- [fe8b978] Add example for dual auth support.
- [f865919] Add clarification on using info vs auth
- [5927b5c] Fix Mellon user guide typos
- [86eb344] Fix conditional build of auth_mellon_diagnostics.c
- [89a3c81] Add NameID discussion to User Guide
- [93faba4] Update log msg for Invalid Destination and Invalid Audience to show both the expected and received values.
- [de853e1] Add user_guide to distribution, use AC_DEFINE instead of CFLAGS
- [8d49ab6] Replace ap_log_rerror with AM_LOG_RERROR
- [e8579f6] Add diagnostic logging
- [6d2ee84] Track file information
- [ee97812] Add Mellon User Guide
- [daa5d1e] If no IdP's are defined explicitly log that fact
- [119cbdd] modify cache functions to take request_rec parameter instead of server_rec
- [c291232] Make MellonUser case-insensitive.
- [2c2e19d] Fix incorrect error check for many `lasso_*`-functions.
- [5c5ed1d] Fix segmentation fault with POST field without a value.
- [4c924d9] Fix some log message typos
Of the commits above, those required for diagnostics support include:
- [582f283] Log SAML status response information
- [70e8abc] Give clear error if building with diagnostics support on old Apache
- [86eb344] Fix conditional build of auth_mellon_diagnostics.c
- [8d49ab6] Replace ap_log_rerror with AM_LOG_RERROR
- [e8579f6] Add diagnostic logging
- [6d2ee84] Track file information
And the MellonSignatureMethod support is provided in a single commit:
- [9b17e5c] Add MellonSignatureMethod to control signature algorithm
MellonSignatureMethod is also controlled by a config option in the apache configuration.
Following is the full commit message for 9b17e5c:
https://github.com/Uninett/mod_auth_mellon/commit/9b17e5c1078a9be90de1e9d03079b34ca4056e96
One upgrade consideration coming from this patch is that it changes the default sha algorithm used by Mellon from rsa-sha1 to rsa-sha256. And as the commit says, this was done because SHA1 is no longer considered safe, SHA256 is now the current recommendation. This would likely be a good update anyway. |
|
2019-03-29 20:18:58 |
David Ames |
description |
FFE Section for disco
---------------------
[Rationale]
This change to mod_auth_mellon adds a very useful capability for enabling diagnostics output from the module:
https://github.com/Uninett/mod_auth_mellon/commit/e8579f6387d9841ce619d836110050fb18117753
It is available as of v0.14.0 (present in Cosmic):
git --no-pager tag --contains=e8579f6387d9841ce619d836110050fb18117753
v0.14.0
v0.14.1
This is generally useful for field engineering and operations teams and other users as SAML exchanges are difficult to debug.
[Build Verification]
https://paste.ubuntu.com/p/2kt3BsxJKn/
[Installation]
https://paste.ubuntu.com/p/VcfcgyPHqH/
"MellonDiagnosticsEnable Off" is the default setting and it results in am_diag_open_log returning 1 which does NOT result in an error returned from am_diag_log_init. Also installed a package and verified that setting this to off explicitly or implicitly (default) does not result in errors on startup or page access.
https://git.launchpad.net/ubuntu/+source/libapache2-mod-auth-mellon/tree/auth_mellon_diagnostics.c?h=ubuntu/disco&id=49c8ccfedca2db17d76348573e6daa862e104f6d#n311
int am_diag_log_init(apr_pool_t *pc, apr_pool_t *p, apr_pool_t *pt, server_rec *s)
{
for ( ; s ; s = s->next) {
if (!am_diag_open_log(s, p)) {
return HTTP_INTERNAL_SERVER_ERROR;
}
}
// ...
static int am_diag_open_log(server_rec *s, apr_pool_t *p) {
// ...
if (!(diag_cfg->flags & AM_DIAG_FLAG_ENABLED)) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"mellon diagnostics disabled for %s", server_desc);
return 1;
// ...
[Upgrades]
No impact
SRU section for cosmic and bionic
---------------------------------
[Impact]
See FFE Rationale above.
[Test Case]
[Regression Potential]
As mentioned above in the FFE section, "MellonDiagnosticsEnable Off" can be set in the apache configuration to disable diagnostics. This is also the default setting, so regression potential is certainly limited by this.
In particular the cosmic regression potential is much lower than the bionic potential since there is much less involved.
For bionic please see [Discussion] below.
[Discussion]
** cosmic SRU **
For the cosmic SRU this will be a fairly straight forward and trivial update to the package to run configure with "--enable-diagnostics". Cosmic is already at version 0.14.0 which has the diagnostics support.
** bionic SRU **
For the bionic SRU, things are more complicated as bionic is at version 0.13.1 which does not include diagnostics support. What I'd like to do is to update the bionic package to 0.14.0. I know this is not business as usual but I think the regression potential is minimized by updating to 0.14.0 rather than risking any missed code when cherry-picking various patches.
For some analysis regarding updating bionic to 0.14.0, I've analyzed the delta between 0.13.1 and 0.14.0 and I'm seeing mostly bug fixes and 2 new features (1 for diagnostics support, and 1 for MellonSignatureMethod support). Here's the full commit summary between 0.13.1 and 0.14.0:
/tmp/mod_auth_mellon$ git remote -v
origin https://github.com/UNINETT/mod_auth_mellon (fetch)
origin https://github.com/UNINETT/mod_auth_mellon (push)
/tmp/mod_auth_mellon$ git log --no-merges --date-order --pretty=oneline --format=" - [%h] %s" v0.13.1..v0.14.0
- [29d2872] Bump version to 0.14.0.
- [21f78ab] Add release notes for version 0.14.0.
- [262768a] NEWS: Add consistent whitespace between releases.
- [7bb98cf] Fix config.h.in missing in .tar.gz.
- [aee068f] Fix typos in the user guide
- [8abbcf9] Update User Guide on error responses and ADFS issues
- [9b17e5c] Add MellonSignatureMethod to control signature algorithm
- [582f283] Log SAML status response information
- [524d558] convert README to README.md
- [0851045] Fix consistency, grammar, and usage in user guide
- [70e8abc] Give clear error if building with diagnostics support on old Apache
- [15fcbf7] Fix build error on Apache 2.2.
- [fe8b978] Add example for dual auth support.
- [f865919] Add clarification on using info vs auth
- [5927b5c] Fix Mellon user guide typos
- [86eb344] Fix conditional build of auth_mellon_diagnostics.c
- [89a3c81] Add NameID discussion to User Guide
- [93faba4] Update log msg for Invalid Destination and Invalid Audience to show both the expected and received values.
- [de853e1] Add user_guide to distribution, use AC_DEFINE instead of CFLAGS
- [8d49ab6] Replace ap_log_rerror with AM_LOG_RERROR
- [e8579f6] Add diagnostic logging
- [6d2ee84] Track file information
- [ee97812] Add Mellon User Guide
- [daa5d1e] If no IdP's are defined explicitly log that fact
- [119cbdd] modify cache functions to take request_rec parameter instead of server_rec
- [c291232] Make MellonUser case-insensitive.
- [2c2e19d] Fix incorrect error check for many `lasso_*`-functions.
- [5c5ed1d] Fix segmentation fault with POST field without a value.
- [4c924d9] Fix some log message typos
Of the commits above, those required for diagnostics support include:
- [582f283] Log SAML status response information
- [70e8abc] Give clear error if building with diagnostics support on old Apache
- [86eb344] Fix conditional build of auth_mellon_diagnostics.c
- [8d49ab6] Replace ap_log_rerror with AM_LOG_RERROR
- [e8579f6] Add diagnostic logging
- [6d2ee84] Track file information
And the MellonSignatureMethod support is provided in a single commit:
- [9b17e5c] Add MellonSignatureMethod to control signature algorithm
MellonSignatureMethod is also controlled by a config option in the apache configuration.
Following is the full commit message for 9b17e5c:
https://github.com/Uninett/mod_auth_mellon/commit/9b17e5c1078a9be90de1e9d03079b34ca4056e96
One upgrade consideration coming from this patch is that it changes the default sha algorithm used by Mellon from rsa-sha1 to rsa-sha256. And as the commit says, this was done because SHA1 is no longer considered safe, SHA256 is now the current recommendation. This would likely be a good update anyway. |
FFE Section for disco
---------------------
[Rationale]
This change to mod_auth_mellon adds a very useful capability for enabling diagnostics output from the module:
https://github.com/Uninett/mod_auth_mellon/commit/e8579f6387d9841ce619d836110050fb18117753
It is available as of v0.14.0 (present in Cosmic):
git --no-pager tag --contains=e8579f6387d9841ce619d836110050fb18117753
v0.14.0
v0.14.1
This is generally useful for field engineering and operations teams and other users as SAML exchanges are difficult to debug.
[Build Verification]
https://paste.ubuntu.com/p/2kt3BsxJKn/
[Installation]
https://paste.ubuntu.com/p/VcfcgyPHqH/
"MellonDiagnosticsEnable Off" is the default setting and it results in am_diag_open_log returning 1 which does NOT result in an error returned from am_diag_log_init. Also installed a package and verified that setting this to off explicitly or implicitly (default) does not result in errors on startup or page access.
https://git.launchpad.net/ubuntu/+source/libapache2-mod-auth-mellon/tree/auth_mellon_diagnostics.c?h=ubuntu/disco&id=49c8ccfedca2db17d76348573e6daa862e104f6d#n311
int am_diag_log_init(apr_pool_t *pc, apr_pool_t *p, apr_pool_t *pt, server_rec *s)
{
for ( ; s ; s = s->next) {
if (!am_diag_open_log(s, p)) {
return HTTP_INTERNAL_SERVER_ERROR;
}
}
// ...
static int am_diag_open_log(server_rec *s, apr_pool_t *p) {
// ...
if (!(diag_cfg->flags & AM_DIAG_FLAG_ENABLED)) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"mellon diagnostics disabled for %s", server_desc);
return 1;
// ...
[Upgrades]
No impact
SRU section for cosmic and bionic
---------------------------------
[Impact]
See FFE Rationale above.
[Test Case]
To test
Add the following to /etc/apache2/conf-available/mellon.conf
MellonDiagnosticsFile /var/log/apache2/mellon_diagnostics.log
MellonDiagnosticsEnable On
a2enconf mellon
systemctl reload apache2
After browsing to a location that is mod_auth_mellon enabled (see the keystone-saml-mellon charm) logging from the mellon module including environment variables in the SAML messages will be found in /var/log/apache2/mellon_diagnostics.log.
Regression testing can be done using the keystone-saml-mellon charm's functional tests.
https://github.com/openstack-charmers/charm-keystone-saml-mellon
At the time of this writing the functional tests are not fully automated and still require some manual configuration:
https://github.com/openstack-charmers/charm-keystone-saml-mellon/blob/master/src/README.md#configuration
[Regression Potential]
As mentioned above in the FFE section, "MellonDiagnosticsEnable Off" can be set in the apache configuration to disable diagnostics. This is also the default setting, so regression potential is certainly limited by this.
In particular the cosmic regression potential is much lower than the bionic potential since there is much less involved.
For bionic please see [Discussion] below.
[Discussion]
** cosmic SRU **
For the cosmic SRU this will be a fairly straight forward and trivial update to the package to run configure with "--enable-diagnostics". Cosmic is already at version 0.14.0 which has the diagnostics support.
** bionic SRU **
For the bionic SRU, things are more complicated as bionic is at version 0.13.1 which does not include diagnostics support. What I'd like to do is to update the bionic package to 0.14.0. I know this is not business as usual but I think the regression potential is minimized by updating to 0.14.0 rather than risking any missed code when cherry-picking various patches.
For some analysis regarding updating bionic to 0.14.0, I've analyzed the delta between 0.13.1 and 0.14.0 and I'm seeing mostly bug fixes and 2 new features (1 for diagnostics support, and 1 for MellonSignatureMethod support). Here's the full commit summary between 0.13.1 and 0.14.0:
/tmp/mod_auth_mellon$ git remote -v
origin https://github.com/UNINETT/mod_auth_mellon (fetch)
origin https://github.com/UNINETT/mod_auth_mellon (push)
/tmp/mod_auth_mellon$ git log --no-merges --date-order --pretty=oneline --format=" - [%h] %s" v0.13.1..v0.14.0
- [29d2872] Bump version to 0.14.0.
- [21f78ab] Add release notes for version 0.14.0.
- [262768a] NEWS: Add consistent whitespace between releases.
- [7bb98cf] Fix config.h.in missing in .tar.gz.
- [aee068f] Fix typos in the user guide
- [8abbcf9] Update User Guide on error responses and ADFS issues
- [9b17e5c] Add MellonSignatureMethod to control signature algorithm
- [582f283] Log SAML status response information
- [524d558] convert README to README.md
- [0851045] Fix consistency, grammar, and usage in user guide
- [70e8abc] Give clear error if building with diagnostics support on old Apache
- [15fcbf7] Fix build error on Apache 2.2.
- [fe8b978] Add example for dual auth support.
- [f865919] Add clarification on using info vs auth
- [5927b5c] Fix Mellon user guide typos
- [86eb344] Fix conditional build of auth_mellon_diagnostics.c
- [89a3c81] Add NameID discussion to User Guide
- [93faba4] Update log msg for Invalid Destination and Invalid Audience to show both the expected and received values.
- [de853e1] Add user_guide to distribution, use AC_DEFINE instead of CFLAGS
- [8d49ab6] Replace ap_log_rerror with AM_LOG_RERROR
- [e8579f6] Add diagnostic logging
- [6d2ee84] Track file information
- [ee97812] Add Mellon User Guide
- [daa5d1e] If no IdP's are defined explicitly log that fact
- [119cbdd] modify cache functions to take request_rec parameter instead of server_rec
- [c291232] Make MellonUser case-insensitive.
- [2c2e19d] Fix incorrect error check for many `lasso_*`-functions.
- [5c5ed1d] Fix segmentation fault with POST field without a value.
- [4c924d9] Fix some log message typos
Of the commits above, those required for diagnostics support include:
- [582f283] Log SAML status response information
- [70e8abc] Give clear error if building with diagnostics support on old Apache
- [86eb344] Fix conditional build of auth_mellon_diagnostics.c
- [8d49ab6] Replace ap_log_rerror with AM_LOG_RERROR
- [e8579f6] Add diagnostic logging
- [6d2ee84] Track file information
And the MellonSignatureMethod support is provided in a single commit:
- [9b17e5c] Add MellonSignatureMethod to control signature algorithm
MellonSignatureMethod is also controlled by a config option in the apache configuration.
Following is the full commit message for 9b17e5c:
https://github.com/Uninett/mod_auth_mellon/commit/9b17e5c1078a9be90de1e9d03079b34ca4056e96
One upgrade consideration coming from this patch is that it changes the default sha algorithm used by Mellon from rsa-sha1 to rsa-sha256. And as the commit says, this was done because SHA1 is no longer considered safe, SHA256 is now the current recommendation. This would likely be a good update anyway. |
|
2019-03-31 21:07:26 |
Launchpad Janitor |
libapache2-mod-auth-mellon (Ubuntu Disco): status |
Triaged |
Fix Released |
|
2019-04-02 19:44:00 |
Corey Bryant |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2019-04-02 21:18:27 |
Brian Murray |
libapache2-mod-auth-mellon (Ubuntu Cosmic): status |
Triaged |
Fix Committed |
|
2019-04-02 21:18:30 |
Brian Murray |
bug |
|
|
added subscriber SRU Verification |
2019-04-02 21:18:33 |
Brian Murray |
tags |
cpe-onsite |
cpe-onsite verification-needed verification-needed-cosmic |
|
2019-05-04 15:58:09 |
Corey Bryant |
bug task added |
|
cloud-archive |
|
2019-05-04 15:58:51 |
Corey Bryant |
nominated for series |
|
cloud-archive/stein |
|
2019-05-04 15:58:51 |
Corey Bryant |
bug task added |
|
cloud-archive/stein |
|
2019-05-04 15:58:51 |
Corey Bryant |
nominated for series |
|
cloud-archive/rocky |
|
2019-05-04 15:58:51 |
Corey Bryant |
bug task added |
|
cloud-archive/rocky |
|
2019-05-04 15:58:58 |
Corey Bryant |
cloud-archive/rocky: status |
New |
Triaged |
|
2019-05-04 15:59:01 |
Corey Bryant |
cloud-archive/stein: status |
New |
Triaged |
|
2019-05-04 15:59:04 |
Corey Bryant |
cloud-archive/stein: importance |
Undecided |
High |
|
2019-05-04 15:59:06 |
Corey Bryant |
cloud-archive/rocky: importance |
Undecided |
High |
|
2019-05-04 16:01:01 |
Corey Bryant |
libapache2-mod-auth-mellon (Ubuntu Bionic): status |
Triaged |
Won't Fix |
|
2019-05-04 16:14:34 |
Corey Bryant |
cloud-archive: status |
Triaged |
Fix Committed |
|
2019-05-04 16:19:09 |
Corey Bryant |
cloud-archive/rocky: status |
Triaged |
Fix Committed |
|
2019-05-04 16:19:10 |
Corey Bryant |
tags |
cpe-onsite verification-needed verification-needed-cosmic |
cpe-onsite verification-needed verification-needed-cosmic verification-rocky-needed |
|
2019-05-04 16:20:50 |
Corey Bryant |
tags |
cpe-onsite verification-needed verification-needed-cosmic verification-rocky-needed |
cpe-onsite verification-needed verification-needed-cosmic verification-rocky-needed verification-stein-needed |
|
2019-06-18 13:39:27 |
Dmitrii Shcherbakov |
tags |
cpe-onsite verification-needed verification-needed-cosmic verification-rocky-needed verification-stein-needed |
cpe-onsite verification-needed verification-needed-cosmic verification-rocky-done verification-stein-needed |
|
2019-06-27 19:49:07 |
Dmitrii Shcherbakov |
tags |
cpe-onsite verification-needed verification-needed-cosmic verification-rocky-done verification-stein-needed |
cpe-onsite verification-done verification-needed-cosmic verification-rocky-done verification-stein-done |
|
2019-06-28 10:03:13 |
Dmitrii Shcherbakov |
tags |
cpe-onsite verification-done verification-needed-cosmic verification-rocky-done verification-stein-done |
cpe-onsite verification-done verification-done-cosmic verification-rocky-done verification-stein-done |
|
2019-07-01 08:02:52 |
Launchpad Janitor |
libapache2-mod-auth-mellon (Ubuntu Cosmic): status |
Fix Committed |
Fix Released |
|
2019-07-01 08:02:56 |
Łukasz Zemczak |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
2019-07-02 15:16:23 |
James Page |
cloud-archive/stein: status |
Fix Committed |
Fix Released |
|
2019-07-02 15:17:20 |
James Page |
cve linked |
|
2019-3877 |
|
2019-07-02 15:17:20 |
James Page |
cve linked |
|
2019-3878 |
|
2019-07-02 15:17:22 |
James Page |
cloud-archive/rocky: status |
Fix Committed |
Fix Released |
|