From 0892d59dd01afe698917a1591df60e575d01e3ac Mon Sep 17 00:00:00 2001 From: Tomas Halman Date: Fri, 3 Dec 2021 14:32:55 +0100 Subject: [PATCH] Update to 2.4.9.4 Resolves: rhbz#2001647 - CVE-2021-39191 mod_auth_openidc: open redirect by supplying a crafted URL in the target_link_uri parameter (cherry picked from commit e24076b184a68f92e3e99c16750b82d0bd18fc89) --- .gitignore | 1 + mod_auth_openidc.spec | 9 +++++++-- sources | 2 +- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 7eb3720..ad24325 100644 --- a/.gitignore +++ b/.gitignore @@ -17,3 +17,4 @@ /v2.4.8.4.tar.gz /v2.4.9.tar.gz /v2.4.9.1.tar.gz +/v2.4.9.4.tar.gz diff --git a/mod_auth_openidc.spec b/mod_auth_openidc.spec index 2764d6e..395c92d 100644 --- a/mod_auth_openidc.spec +++ b/mod_auth_openidc.spec @@ -14,8 +14,8 @@ %global httpd_pkg_cache_dir /var/cache/httpd/mod_auth_openidc Name: mod_auth_openidc -Version: 2.4.9.1 -Release: 3%{?dist} +Version: 2.4.9.4 +Release: 1%{?dist} Summary: OpenID Connect auth module for Apache HTTP Server License: ASL 2.0 @@ -96,6 +96,11 @@ install -m 700 -d $RPM_BUILD_ROOT%{httpd_pkg_cache_dir}/cache %dir %attr(0700, apache, apache) %{httpd_pkg_cache_dir}/cache %changelog +* Thu Mar 31 2022 Tomas Halman - 2.4.9.4-1 +- Resolves: rhbz#2001647 - CVE-2021-39191 mod_auth_openidc: open redirect + by supplying a crafted URL in the target_link_uri + parameter + * Thu Jan 20 2022 Fedora Release Engineering - 2.4.9.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild diff --git a/sources b/sources index 6e67a52..ae42329 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.4.9.1.tar.gz) = 25ad23fa9ae39ed9ff6d7a9607ef2d92ab96c4898ba9dc548418ab80652e310424c41c76ec55dccd415d1d30c271fccf7dd9f5b65f0f0b9dfa2386d242c4b0b5 +SHA512 (v2.4.9.4.tar.gz) = cc4850cf88e5920fd944f5865f2bf0072f12d26a7f5aad38f378412dec01a9698c899616320a584a6e6d81f5dd50aaa1f5598cdc7cb50df6215dc516fa507d4e