import mod_auth_openidc-2.4.9.4-1.el9

2022-01-11 11:45:39 -05:00 · 2022-01-11 11:45:39 -05:00 · 68eff349eb
commit 68eff349eb
parent d8d59f6a1f
3 changed files with 8 additions and 3 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/v2.4.9.1.tar.gz
+SOURCES/v2.4.9.4.tar.gz
--- a/.mod_auth_openidc.metadata
+++ b/.mod_auth_openidc.metadata
@ -1 +1 @@
-c0278298ef5541193c13eb297f721e3db1a68cd9 SOURCES/v2.4.9.1.tar.gz
+47f8b949552c3d32f019c5cf785c4672dc0f8aae SOURCES/v2.4.9.4.tar.gz
--- a/SPECS/mod_auth_openidc.spec
+++ b/SPECS/mod_auth_openidc.spec
@ -14,7 +14,7 @@
 %global httpd_pkg_cache_dir /var/cache/httpd/mod_auth_openidc

 Name:		mod_auth_openidc
-Version:	2.4.9.1
+Version:	2.4.9.4
 Release:	1%{?dist}
 Summary:	OpenID Connect auth module for Apache HTTP Server

@ -94,6 +94,11 @@ install -m 700 -d $RPM_BUILD_ROOT%{httpd_pkg_cache_dir}/cache
 %dir %attr(0700, apache, apache) %{httpd_pkg_cache_dir}/cache

 %changelog
+* Tue Nov 30 2021 Tomas Halman <thalman@redhat.com> - 2.4.9.4-1
+- Resolves: rhbz#2001852 - CVE-2021-39191 mod_auth_openidc: open redirect
+                           by supplying a crafted URL in the target_link_uri
+                           parameter
+
 * Fri Jul 30 2021 Jakub Hrozek <jhrozek@redhat.com> - 2.4.9.1-1
 - Resolves: rhbz#1987223 - CVE-2021-32792 mod_auth_openidc: XSS when using
                           OIDCPreservePost On [rhel-9.0]