Upgrade to 0.14.2

2019-03-22 21:25:03 +01:00 · 2019-03-22 21:25:03 +01:00 · dc2e6c5a1f
commit dc2e6c5a1f
parent d47343a603
3 changed files with 11 additions and 3 deletions
--- a/.gitignore
+++ b/.gitignore
@ -6,3 +6,4 @@
 /mod_auth_mellon-0.12.0.tar.gz
 /mod_auth_mellon-0.13.1.tar.gz
 /mod_auth_mellon-0.14.0.tar.gz
+/mod_auth_mellon-0.14.2.tar.gz
--- a/mod_auth_mellon.spec
+++ b/mod_auth_mellon.spec
@ -1,7 +1,7 @@
 Summary: A SAML 2.0 authentication module for the Apache Httpd Server
 Name: mod_auth_mellon
-Version: 0.14.0
-Release: 5%{?dist}
+Version: 0.14.2
+Release: 1%{?dist}
 Source0: https://github.com/UNINETT/mod_auth_mellon/releases/download/v%{version}/%{name}-%{version}.tar.gz
 Source1: auth_mellon.conf
 Source2: 10-auth_mellon.conf
@ -101,6 +101,13 @@ in the doc directory for instructions on using the diagnostics build.
 %dir /run/%{name}/

 %changelog
+* Fri Mar 22 2019 Jakub Hrozek <jhrozek@redhat.com> - 0.14.2-1
+- Upgrade to 0.14.2
+- Related: rhbz#1691771 - CVE-2019-3877 mod_auth_mellon: open redirect in
+                          logout url when using URLs with backslashes
+- Related: rhbz#1691136 - CVE-2019-3878 mod_auth_mellon: authentication
+                          bypass in ECP flow
+
 * Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.14.0-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild

--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (mod_auth_mellon-0.14.0.tar.gz) = db1bf70c234fe89914b1bb34fc6afb5b901193a8c8c7e9946485a3e20a7d129c36427717eab53764edf5a5cff5c45dfe412e400cb1f50c49ef24dbbfd6ecbf25
+SHA512 (mod_auth_mellon-0.14.2.tar.gz) = 9d14b1482a73ce7e86f5f7618454aab8759533649f34fa0088264b7b09dbd90db46011c629303b2f3ad969379937ff5adaa0d7b63a502cdfbba0cd1b762502a6