Information for build mod_auth_mellon-0.14.0-12.oc8.1

ID7931
Package Namemod_auth_mellon
Version0.14.0
Release12.oc8.1
Epoch
Sourcemod_auth_mellon-0.14.0-12.oc8.1.src.rpm
SummaryA SAML 2.0 authentication module for the Apache Httpd Server
DescriptionThe mod_auth_mellon module is an authentication service that implements the SAML 2.0 federation protocol. It grants access based on the attributes received in assertions generated by a IdP server.
Built byopencloudkoji
State complete
Volume DEFAULT
StartedWed, 03 Aug 2022 15:36:37 CST
CompletedWed, 03 Aug 2022 15:39:10 CST
Taskbuild (dist-oc8, mod_auth_mellon-0.14.0-12.el8.1.src.rpm)
Extra{'source': {'original_url': 'mod_auth_mellon-0.14.0-12.oc8.1.src.rpm'}}
Tags
dist-oc8
dist-oc8-compose
RPMs
src
mod_auth_mellon-0.14.0-12.oc8.1.src.rpm (info) (download)
aarch64
mod_auth_mellon-0.14.0-12.oc8.1.aarch64.rpm (info) (download)
mod_auth_mellon-diagnostics-0.14.0-12.oc8.1.aarch64.rpm (info) (download)
mod_auth_mellon-debuginfo-0.14.0-12.oc8.1.aarch64.rpm (info) (download)
mod_auth_mellon-debugsource-0.14.0-12.oc8.1.aarch64.rpm (info) (download)
mod_auth_mellon-diagnostics-debuginfo-0.14.0-12.oc8.1.aarch64.rpm (info) (download)
x86_64
mod_auth_mellon-0.14.0-12.oc8.1.x86_64.rpm (info) (download)
mod_auth_mellon-diagnostics-0.14.0-12.oc8.1.x86_64.rpm (info) (download)
mod_auth_mellon-debuginfo-0.14.0-12.oc8.1.x86_64.rpm (info) (download)
mod_auth_mellon-debugsource-0.14.0-12.oc8.1.x86_64.rpm (info) (download)
mod_auth_mellon-diagnostics-debuginfo-0.14.0-12.oc8.1.x86_64.rpm (info) (download)
Logs
aarch64
build.log
hw_info.log
installed_pkgs.log
mock_output.log
root.log
state.log
x86_64
build.log
hw_info.log
installed_pkgs.log
mock_output.log
root.log
state.log
Changelog * Wed Dec 15 2021 Jakub Hrozek <jhrozek@redhat.com> - 0.14.0-12.1 - Resolves: rhbz#1986805 - CVE-2021-3639 mod_auth_mellon: Open Redirect vulnerability in logout URLs [rhel-8] * Mon Jan 25 2021 Jakub Hrozek <jhrozek@redhat.com> - 0.14.0-12 - Resolves: rhbz#1791262 - Backport SameSite=None cookie from upstream to support latest browsers * Fri Oct 18 2019 Jakub Hrozek <jhrozek@redhat.com> - 0.14.0-11 - Resolves: rhbz#1731053 - CVE-2019-13038 mod_auth_mellon: an Open Redirect via the login?ReturnTo= substring which could facilitate information theft [rhel-8] * Fri Oct 18 2019 Jakub Hrozek <jhrozek@redhat.com> - 0.14.0-10 - Resolves: rhbz#1761774 - mod_auth_mellon fix for AJAX header name X-Requested-With * Thu Jun 13 2019 Jakub Hrozek <jhrozek@redhat.com> - 0.14.0-9 - Just bump the release number - Related: rhbz#1718238 - mod_auth_mellon-diagnostics RPM not in product listings * Fri Jun 07 2019 Jakub Hrozek <jhrozek@redhat.com> - 0.14.0-8 - Resolves: rhbz#1691894 - [RFE] Config option to change mod_auth_mellon prefix * Fri Jun 07 2019 Jakub Hrozek <jhrozek@redhat.com> - 0.14.0-7 - Apply the patch from the previous commit - Resolves: rhbz#1692471 - CVE-2019-3877 appstream/mod_auth_mellon: open redirect in logout url when using URLs with backslashes [rhel-8] * Fri Jun 07 2019 Jakub Hrozek <jhrozek@redhat.com> - 0.14.0-6 - Resolves: rhbz#1692471 - CVE-2019-3877 appstream/mod_auth_mellon: open redirect in logout url when using URLs with backslashes [rhel-8] * Fri Jun 07 2019 Jakub Hrozek <jhrozek@redhat.com> - 0.14.0-5 - Resolves: rhbz#1692457 - CVE-2019-3878 mod_auth_mellon: authentication bypass in ECP flow [rhel-8.1.0] * Wed Apr 24 2019 Jakub Hrozek <jhrozek@redhat.com> - 0.14.0-4 - Resolves: rhbz#1702695 - fresh install of mod_auth_mellon shows rpm verification warnings * Mon Jul 30 2018 Florian Weimer <fweimer@redhat.com> - 0.14.0-3 - Rebuild with fixed binutils * Fri Jun 01 2018 <jdennis@redhat.com> - 0.14.0-2 - Resolves: rhbz#1553885 - fix file permissions on doc files * Fri Jun 01 2018 <jdennis@redhat.com> - 0.14.0-1 - Resolves: rhbz#1553885 - Rebase to current upstream release * Thu Mar 29 2018 John Dennis <jdennis@redhat.com> - 0.13.1-2 - Resolves: rhbz#1481330 Add diagnostic logging - Resolves: rhbz#1295472 Add MellonSignatureMethod config option to set signature method used to sign SAML messages sent by Mellon. Defaults to original sha1. * Sun Oct 01 2017 John Dennis <jdennis@redhat.com> - 0.13.1-1 - upgrade to new upstream release * Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.12.0-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild * Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.12.0-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild * Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.12.0-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild * Tue Jan 17 2017 John Dennis <jdennis@redhat.com> - 0.12.0-4 - Resolves: bug #1414019 Incorrect PAOS Content-Type header * Mon Jan 09 2017 John Dennis <jdennis@redhat.com> - 0.12.0-3 - bump release for rebuild * Tue May 03 2016 John Dennis <jdennis@redhat.com> - 0.12.0-2 - Resolves: bug #1332729, mellon conflicts with mod_auth_openidc - am_check_uid() should be no-op if mellon not enabled * Wed Mar 09 2016 John Dennis <jdennis@redhat.com> - 0.12.0-1 - Update to new upstream 0.12.0 - [CVE-2016-2145] Fix DOS attack (Apache worker process crash) due to incorrect error handling when reading POST data from client. - [CVE-2016-2146] Fix DOS attack (Apache worker process crash / resource exhaustion) due to missing size checks when reading POST data. In addition this release contains the following new features and fixes: - Add MellonRedirectDomains option to limit the sites that mod_auth_mellon can redirect to. This option is enabled by default. - Add support for ECP service options in PAOS requests. - Fix AssertionConsumerService lookup for PAOS requests. * Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.11.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild * Wed Dec 23 2015 John Dennis <jdennis@redhat.com> - 0.11.0-3 - Fix the following warning that appears in the Apache log lasso-CRITICAL **: lasso_provider_get_metadata_list_for_role: assertion '_lasso_provider_get_role_index(role)' failed * Fri Sep 18 2015 John Dennis <jdennis@redhat.com> - 0.11.0-2 - Add lasso 2.5.0 version dependency * Fri Sep 18 2015 John Dennis <jdennis@redhat.com> - 0.11.0-1 - Upgrade to upstream 0.11.0 release. - Includes ECP support, see NEWS for all changes. - Update mellon_create_metadata.sh to match internally generated metadata, includes AssertionConsumerService for postResponse, artifactResponse & paosResponse. * Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.10.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild * Wed Jan 07 2015 Simo Sorce <simo@redhat.com> 0.10.0-1 - New upstream release * Tue Sep 02 2014 Simo Sorce <simo@redhat.com> 0.9.1-1 - New upstream release * Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Tue Jun 24 2014 Simo Sorce <simo@redhat.com> 0.8.0-1 - New upstream realease version 0.8.0 - Upstream moved to github - Drops patches as they have been all included upstream * Fri Jun 20 2014 Simo Sorce <simo@redhat.com> 0.7.0-3 - Backport of useful patches from upstream - Better handling of IDP reported errors - Better handling of session data storage size * Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.7.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Tue Dec 10 2013 Simo Sorce <simo@redhat.com> 0.7.0-1 - Fix ownership of /run files * Wed Nov 27 2013 Simo Sorce <simo@redhat.com> 0.7.0-0 - Initial Fedora release based on version 0.7.0 - Based on an old spec file by Jean-Marc Liger <jmliger@siris.sorbonne.fr>