rpms/mod_auth_mellon
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Update to new upstream 0.12.0

Browse Source 
- [CVE-2016-2145] Fix DOS attack (Apache worker process crash) due to
  incorrect error handling when reading POST data from client.

- [CVE-2016-2146] Fix DOS attack (Apache worker process crash /
  resource exhaustion) due to missing size checks when reading
  POST data.

In addition this release contains the following new features and fixes:

- Add MellonRedirectDomains option to limit the sites that
  mod_auth_mellon can redirect to. This option is enabled by default.

- Add support for ECP service options in PAOS requests.

- Fix AssertionConsumerService lookup for PAOS requests.
This commit is contained in:
John Dennis 2016-03-09 09:40:05 -05:00
parent f86b32bd38
commit d61f453f45
3 changed files with 22 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -3,3 +3,4 @@
/mod_auth_mellon-0.9.1.tar.gz
/mod_auth_mellon-0.10.0.tar.gz
/mod_auth_mellon-0.11.0.tar.gz
/mod_auth_mellon-0.12.0.tar.gz

25
mod_auth_mellon.spec
View File

@ -1,7 +1,7 @@
Summary: A SAML 2.0 authentication module for the Apache Httpd Server
Name: mod_auth_mellon
Version: 0.11.0
Release: 4%{?dist}
Version: 0.12.0
Release: 1%{?dist}
Group: System Environment/Daemons
Source0: https://github.com/UNINETT/mod_auth_mellon/releases/download/v%{version}/%{name}-%{version}.tar.gz
Source1: auth_mellon.conf
@ -19,8 +19,6 @@ Requires: httpd-mmn = %{_httpd_mmn}
Requires: lasso >= 2.5.0
Url: https://github.com/UNINETT/mod_auth_mellon
Patch1: acs-warning.patch
%description
The mod_auth_mellon module is an authentication service that implements the
SAML 2.0 federation protocol. It grants access based on the attributes
@ -28,7 +26,6 @@ received in assertions generated by a IdP server.
%prep
%setup -q -n %{name}-%{version}
%patch1 -p1 -b .acs-warning
%build
export APXS=%{_httpd_apxs}
@ -65,6 +62,24 @@ install -m 755 %{SOURCE4} %{buildroot}/%{_libexecdir}/%{name}
%dir /run/%{name}/
%changelog
* Wed Mar 9 2016 John Dennis <jdennis@redhat.com> - 0.12.0-1
- Update to new upstream 0.12.0
- [CVE-2016-2145] Fix DOS attack (Apache worker process crash) due to
incorrect error handling when reading POST data from client.
- [CVE-2016-2146] Fix DOS attack (Apache worker process crash /
resource exhaustion) due to missing size checks when reading
POST data.
In addition this release contains the following new features and fixes:
- Add MellonRedirectDomains option to limit the sites that
mod_auth_mellon can redirect to. This option is enabled by default.
- Add support for ECP service options in PAOS requests.
- Fix AssertionConsumerService lookup for PAOS requests.
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.11.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild

2
sources
View File

@ -1 +1 @@
d24347881f1c60f26cf686d22cf419de mod_auth_mellon-0.11.0.tar.gz
6c1057847c06d433d4d4a4f55cca1740 mod_auth_mellon-0.12.0.tar.gz