From c8067123396994cf2a807f622bef43d48238de1a Mon Sep 17 00:00:00 2001
From: Tomas Halman <thalman@redhat.com>
Date: Tue, 26 Jul 2022 17:30:27 +0200
Subject: [PATCH] bad user/group ownership for /run/mod_auth_mellon

Resolves: rhbz#2047948
---
 mod_auth_mellon.spec | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/mod_auth_mellon.spec b/mod_auth_mellon.spec
index e5eb3dc..666e1f9 100644
--- a/mod_auth_mellon.spec
+++ b/mod_auth_mellon.spec
@@ -1,7 +1,7 @@
 Summary: A SAML 2.0 authentication module for the Apache Httpd Server
 Name: mod_auth_mellon
 Version: 0.17.0
-Release: 6%{?dist}
+Release: 7%{?dist}
 Source0: https://github.com/latchset/mod_auth_mellon/releases/download/v0.17.0/mod_auth_mellon-0.17.0.tar.gz
 Source1: auth_mellon.conf
 Source2: 10-auth_mellon.conf
@@ -100,9 +100,13 @@ in the doc directory for instructions on using the diagnostics build.
 %{_httpd_moddir}/mod_auth_mellon.so
 %{_tmpfilesdir}/mod_auth_mellon.conf
 %{_libexecdir}/%{name}
-%dir /run/%{name}/
+%dir %attr(-, apache, apache) /run/%{name}/
 
 %changelog
+* Tue Jul 26 2022 Tomas Halman <thalman@redhat.com> - 0.17.0-7
+- bad user/group ownership for /run/mod_auth_mellon
+  Resolves: rhbz#2047948
+
 * Fri Jul 30 2021 Jakub Hrozek <jhrozek@redhat.com> - 0.17.0-6
 - Related: rhbz#1986806 - CVE-2021-3639 mod_auth_mellon: Open Redirect
                           vulnerability in logout URLs