Rebase to 2.4.9.4

Resolves: rhbz#2001852 CVE-2021-39191 mod_auth_openidc: open redirect by supplying a crafted URL in the target_link_uri parameter
2021-11-30 11:17:56 +01:00 · 2021-11-30 11:17:56 +01:00 · b2f5928aaf
commit b2f5928aaf
parent bb118db4de
3 changed files with 8 additions and 2 deletions
--- a/.gitignore
+++ b/.gitignore
@ -15,3 +15,4 @@
 /v2.4.8.2.tar.gz
 /v2.4.9.tar.gz
 /v2.4.9.1.tar.gz
+/v2.4.9.4.tar.gz
--- a/mod_auth_openidc.spec
+++ b/mod_auth_openidc.spec
@ -14,7 +14,7 @@
 %global httpd_pkg_cache_dir /var/cache/httpd/mod_auth_openidc

 Name:		mod_auth_openidc
-Version:	2.4.9.1
+Version:	2.4.9.4
 Release:	1%{?dist}
 Summary:	OpenID Connect auth module for Apache HTTP Server

@ -94,6 +94,11 @@ install -m 700 -d $RPM_BUILD_ROOT%{httpd_pkg_cache_dir}/cache
 %dir %attr(0700, apache, apache) %{httpd_pkg_cache_dir}/cache

 %changelog
+* Tue Nov 30 2021 Tomas Halman <thalman@redhat.com> - 2.4.9.4-1
+- Resolves: rhbz#2001852 - CVE-2021-39191 mod_auth_openidc: open redirect
+                           by supplying a crafted URL in the target_link_uri
+                           parameter
+
 * Fri Jul 30 2021 Jakub Hrozek <jhrozek@redhat.com> - 2.4.9.1-1
 - Resolves: rhbz#1987223 - CVE-2021-32792 mod_auth_openidc: XSS when using
                           OIDCPreservePost On [rhel-9.0]
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (v2.4.9.1.tar.gz) = 25ad23fa9ae39ed9ff6d7a9607ef2d92ab96c4898ba9dc548418ab80652e310424c41c76ec55dccd415d1d30c271fccf7dd9f5b65f0f0b9dfa2386d242c4b0b5
+SHA512 (v2.4.9.4.tar.gz) = cc4850cf88e5920fd944f5865f2bf0072f12d26a7f5aad38f378412dec01a9698c899616320a584a6e6d81f5dd50aaa1f5598cdc7cb50df6215dc516fa507d4e