Last listoff of Space Shuttle Columbia release (1.5.0)

.gitignore

@@ -9,3 +9,4 @@
 /mod_auth_gssapi-1.3.2.tar.gz
 /mod_auth_gssapi-1.4.0.tar.gz
 /mod_auth_gssapi-1.4.1.tar.gz
+/mod_auth_gssapi-1.5.0.tar.gz

0001-Fix-checks-on-allowed-mechs.patch

@@ -1,62 +0,0 @@
-From 4e7967e797e5c8912a67c0de8f172bb95b5172ff Mon Sep 17 00:00:00 2001
-From: Simo Sorce <simo@redhat.com>
-Date: Tue, 7 Jul 2015 13:23:57 -0400
-Subject: [PATCH] Fix checks on allowed mechs
-
-We need to check if a mech is allowed against the desired_mechs set.
-Otherwise in case the admin does not explicitly specify an allowed set
-then all mechs are allowed, including NTLM. This causes annoying issues
-with browsers like Firefox and Chrome/ium which end up popping up an
-authentication dialog if they see NTLM is supported and they have no
-Kerberos tickets around.
-Authentication will then simply fail because NTLM is not actually supported.
-By using desired_mechs we use a list of mechanism the machine actually
-has a chance to support in the default case.
-
-Signed-off-by: Simo Sorce <simo@redhat.com>
----
- src/mod_auth_gssapi.c | 12 ++++++------
- 1 file changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/src/mod_auth_gssapi.c b/src/mod_auth_gssapi.c
-index 6cb8d3a532370212f8fc2e708b066511575fbd7e..763b625cef106923afca753e4c3e192df24bb49e 100644
---- a/src/mod_auth_gssapi.c
-+++ b/src/mod_auth_gssapi.c
-@@ -292,12 +292,12 @@ static bool parse_auth_header(apr_pool_t *pool, const char **auth_header,
-     return true;
- }
- 
--static bool is_mech_allowed(struct mag_config *cfg, gss_const_OID mech)
-+static bool is_mech_allowed(gss_OID_set allowed_mechs, gss_const_OID mech)
- {
--    if (cfg->allowed_mechs == GSS_C_NO_OID_SET) return true;
-+    if (allowed_mechs == GSS_C_NO_OID_SET) return true;
- 
--    for (int i = 0; i < cfg->allowed_mechs->count; i++) {
--        if (gss_oid_equal(&cfg->allowed_mechs->elements[i], mech)) {
-+    for (int i = 0; i < allowed_mechs->count; i++) {
-+        if (gss_oid_equal(&allowed_mechs->elements[i], mech)) {
-             return true;
-         }
-     }
-@@ -785,7 +785,7 @@ static int mag_auth(request_rec *req)
-         break;
- 
-     case AUTH_TYPE_RAW_NTLM:
--        if (!is_mech_allowed(cfg, &gss_mech_ntlmssp)) {
-+        if (!is_mech_allowed(desired_mechs, &gss_mech_ntlmssp)) {
-             ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, req,
-                           "NTLM Authentication is not allowed!");
-             goto done;
-@@ -945,7 +945,7 @@ done:
-         }
-     } else if (ret == HTTP_UNAUTHORIZED) {
-         apr_table_add(req->err_headers_out, "WWW-Authenticate", "Negotiate");
--        if (is_mech_allowed(cfg, &gss_mech_ntlmssp)) {
-+        if (is_mech_allowed(desired_mechs, &gss_mech_ntlmssp)) {
-             apr_table_add(req->err_headers_out, "WWW-Authenticate", "NTLM");
-         }
-         if (cfg->use_basic_auth) {
--- 
-2.4.2
-

mod_auth_gssapi.spec

@@ -1,6 +1,6 @@
 Name:           mod_auth_gssapi
-Version:        1.4.1
+Version:        1.5.0
-Release:        2%{?dist}
+Release:        1%{?dist}
 Summary:        A GSSAPI Authentication module for Apache
 
 Group:          System Environment/Daemons
@@ -43,6 +43,9 @@ install -m 644 10-auth_gssapi.conf %{buildroot}%{_httpd_modconfdir}
 %{_httpd_moddir}/mod_auth_gssapi.so
 
 %changelog
+* Mon Jan 16 2017 Simo Sorce <simo@redhat.com> - 1.5.0-1
+- Last listoff of Space Shuttle Columbia release (1.5.0)
+
 * Mon Nov 14 2016 Joe Orton <jorton@redhat.com> - 1.4.1-2
 - rebuild for new OpenSSL
 

sources

@@ -1 +1 @@
-37153d9ad19613bcdf105d55e2b303e0  mod_auth_gssapi-1.4.1.tar.gz
+SHA512 (mod_auth_gssapi-1.5.0.tar.gz) = 1f9dfb210c5b1022837a0b4806aad6ed6721f916eaf40d25e9a18cd38015ac6dc90671736299aaef508b28f985256b242a1897e507dc53602762c99dd64fccc2