Update to 2.4.9.4

Resolves: rhbz#2001647 - CVE-2021-39191 mod_auth_openidc: open redirect by supplying a crafted URL in the target_link_uri parameter (cherry picked from commit e24076b184a68f92e3e99c16750b82d0bd18fc89)
2021-12-03 14:32:55 +01:00 · 2021-12-03 14:32:55 +01:00 · 0892d59dd0
commit 0892d59dd0
parent a4c7d36373
3 changed files with 9 additions and 3 deletions
--- a/.gitignore
+++ b/.gitignore
@ -17,3 +17,4 @@
 /v2.4.8.4.tar.gz
 /v2.4.9.tar.gz
 /v2.4.9.1.tar.gz
+/v2.4.9.4.tar.gz
--- a/mod_auth_openidc.spec
+++ b/mod_auth_openidc.spec
@ -14,8 +14,8 @@
 %global httpd_pkg_cache_dir /var/cache/httpd/mod_auth_openidc

 Name:		mod_auth_openidc
-Version:	2.4.9.1
-Release:	3%{?dist}
+Version:	2.4.9.4
+Release:	1%{?dist}
 Summary:	OpenID Connect auth module for Apache HTTP Server

 License:	ASL 2.0
@ -96,6 +96,11 @@ install -m 700 -d $RPM_BUILD_ROOT%{httpd_pkg_cache_dir}/cache
 %dir %attr(0700, apache, apache) %{httpd_pkg_cache_dir}/cache

 %changelog
+* Thu Mar 31 2022 Tomas Halman <thalman@redhat.com> - 2.4.9.4-1
+- Resolves: rhbz#2001647 - CVE-2021-39191 mod_auth_openidc: open redirect
+                           by supplying a crafted URL in the target_link_uri
+                           parameter
+
 * Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.9.1-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild

--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (v2.4.9.1.tar.gz) = 25ad23fa9ae39ed9ff6d7a9607ef2d92ab96c4898ba9dc548418ab80652e310424c41c76ec55dccd415d1d30c271fccf7dd9f5b65f0f0b9dfa2386d242c4b0b5
+SHA512 (v2.4.9.4.tar.gz) = cc4850cf88e5920fd944f5865f2bf0072f12d26a7f5aad38f378412dec01a9698c899616320a584a6e6d81f5dd50aaa1f5598cdc7cb50df6215dc516fa507d4e