From b2f5928aaf0aa52df0dc84c0dbbf6acc90a95555 Mon Sep 17 00:00:00 2001 From: Tomas Halman Date: Tue, 30 Nov 2021 11:17:56 +0100 Subject: [PATCH] Rebase to 2.4.9.4 Resolves: rhbz#2001852 CVE-2021-39191 mod_auth_openidc: open redirect by supplying a crafted URL in the target_link_uri parameter --- .gitignore | 1 + mod_auth_openidc.spec | 7 ++++++- sources | 2 +- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 0eea3a6..1c44443 100644 --- a/.gitignore +++ b/.gitignore @@ -15,3 +15,4 @@ /v2.4.8.2.tar.gz /v2.4.9.tar.gz /v2.4.9.1.tar.gz +/v2.4.9.4.tar.gz diff --git a/mod_auth_openidc.spec b/mod_auth_openidc.spec index 5f2d4a6..7c2cf34 100644 --- a/mod_auth_openidc.spec +++ b/mod_auth_openidc.spec @@ -14,7 +14,7 @@ %global httpd_pkg_cache_dir /var/cache/httpd/mod_auth_openidc Name: mod_auth_openidc -Version: 2.4.9.1 +Version: 2.4.9.4 Release: 1%{?dist} Summary: OpenID Connect auth module for Apache HTTP Server @@ -94,6 +94,11 @@ install -m 700 -d $RPM_BUILD_ROOT%{httpd_pkg_cache_dir}/cache %dir %attr(0700, apache, apache) %{httpd_pkg_cache_dir}/cache %changelog +* Tue Nov 30 2021 Tomas Halman - 2.4.9.4-1 +- Resolves: rhbz#2001852 - CVE-2021-39191 mod_auth_openidc: open redirect + by supplying a crafted URL in the target_link_uri + parameter + * Fri Jul 30 2021 Jakub Hrozek - 2.4.9.1-1 - Resolves: rhbz#1987223 - CVE-2021-32792 mod_auth_openidc: XSS when using OIDCPreservePost On [rhel-9.0] diff --git a/sources b/sources index 6e67a52..ae42329 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.4.9.1.tar.gz) = 25ad23fa9ae39ed9ff6d7a9607ef2d92ab96c4898ba9dc548418ab80652e310424c41c76ec55dccd415d1d30c271fccf7dd9f5b65f0f0b9dfa2386d242c4b0b5 +SHA512 (v2.4.9.4.tar.gz) = cc4850cf88e5920fd944f5865f2bf0072f12d26a7f5aad38f378412dec01a9698c899616320a584a6e6d81f5dd50aaa1f5598cdc7cb50df6215dc516fa507d4e