-
Wed Oct 09 2019 Jakub Hrozek <jhrozek@redhat.com> - 0.14.0-8
- Resolves: rhbz#1731052 - CVE-2019-13038 mod_auth_mellon: an Open Redirect via
the login?ReturnTo= substring which could facilitate
information theft [rhel-7]
-
Tue Aug 06 2019 Jakub Hrozek <jhrozek@redhat.com> - 0.14.0-7
- Resolves: rhbz#1727789 - mod_auth_mellon fix for AJAX header name
X-Requested-With
-
Tue Apr 02 2019 Jakub Hrozek <jhrozek@redhat.com> - 0.14.0-6
- Apply the patch from the previous commit
- Resolves: rhbz#1692470 - CVE-2019-3877 mod_auth_mellon: open redirect
in logout url when using URLs with backslashes
[rhel-7]
-
Tue Apr 02 2019 Jakub Hrozek <jhrozek@redhat.com> - 0.14.0-5
- Resolves: rhbz#1692470 - CVE-2019-3877 mod_auth_mellon: open redirect
in logout url when using URLs with backslashes
[rhel-7]
-
Fri Mar 22 2019 Jakub Hrozek <jhrozek@redhat.com> - 0.14.0-4
- Resolves: rhbz#1576719 - ECP flow not triggering, instead client access
secured resources without ECP authentication
-
Tue Mar 05 2019 Jakub Hrozek <jhrozek@redhat.com> - 0.14.0-3
- Resolves: rhbz#1652980 - mod_auth_mellon Cert files name wrong when
hostname contains a number
-
Fri Jun 01 2018 <jdennis@redhat.com> - 0.14.0-2
- Resolves: rhbz#1553885
- fix file permissions on doc files
-
Fri Jun 01 2018 <jdennis@redhat.com> - 0.14.0-1
- Resolves: rhbz#1553885
- Rebase to current upstream release
-
Thu Mar 29 2018 John Dennis <jdennis@redhat.com> - 0.13.1-2
- Resolves: rhbz#1481330 Add diagnostic logging
- Resolves: rhbz#1295472 Add MellonSignatureMethod config option to set
signature method used to sign SAML messages sent by Mellon.
Defaults to original sha1.
-
Fri Oct 20 2017 John Dennis <jdennis@redhat.com> - 0.13.1-1
- Resolves: rhbz#1481332 Upgrade to current upstream 0.13.1
- Adds the following upstream bug fixes on top of 0.13.1:
* ee97812 Add Mellon User Guide
* daa5d1e If no IdP's are defined explicitly log that fact
* c291232 Make MellonUser case-insensitive.
* 2c2e19d Fix incorrect error check for many `lasso_*`-functions.
* 5c5ed1d Fix segmentation fault with POST field without a value.
* 4c924d9 Fix some log message typos
* 93faba4 Update log msg for Invalid Destination and Invalid Audience to
show both the expected and received values.
- Add new mellon user guide to installed docdir
-
Mon Jan 30 2017 John Dennis <jdennis@redhat.com> - 0.11.0-4
- Resolves: rhbz#1414021 - Incorrect Content-Type header in ECP PAOS
Rebuilding due to missing comment in Changelog
-
Mon Jan 30 2017 John Dennis <jdennis@redhat.com> - 0.11.0-3
- Resolves: rhbz#1414021 - Incorrect Content-Type header in ECP PAOS
-
Fri Apr 08 2016 John Dennis <jdennis@redhat.com> - 0.11.0-2
- Resolves: bug #1296286
mod_auth_mellon emits CRITICAL warning message in Apache log when doing ECP
- Resolves: bug #1324536
Installing mod_auth_mellon causes working Kerberos authentication
to start failing
- Add ECP.rst documentation file that was erroneously omitted
-
Fri Sep 18 2015 John Dennis <jdennis@redhat.com> - 0.11.0-1
- Upgrade to upstream 0.11.0 release.
- Includes ECP support, see NEWS for all changes.
- Update mellon_create_metadata.sh to match internally generated metadata,
includes AssertionConsumerService for postResponse, artifactResponse &
paosResponse.
- Add lasso 2.5.0 version dependency
- Resolves: #1205345
-
Mon Aug 24 2015 John Dennis <jdennis@redhat.com> - 0.10.0-3
- Rebase to upstream 0.10.0 release
- Apply upstream commits post 0.10.0 release
- Apply revised ECP pending patches,
fix patch to pickup change in configure script that causes
HAVE_ECP to be defined
- Resolves: #1205345
-
Wed Aug 19 2015 John Dennis <jdennis@redhat.com> - 0.10.0-2
- Rebase to upstream 0.10.0 release
- Apply upstream commits post 0.10.0 release
- Apply revised ECP pending patches
- Resolves: #1205345
-
Mon Jun 22 2015 John Dennis <jdennis@redhat.com> - 0.10.0-1
- Rebase to upstream 0.10.0 release
- Apply upstream commits post 0.10.0 release
- Apply ECP pending patches
- Resolves: #1205345
-
Mon Dec 08 2014 Simo Sorce <simo@redhat.com> 0.9.1-4
- Large scale intreop patches
- Resolves: #1167844
-
Wed Sep 10 2014 Simo Sorce <simo@redhat.com> 0.9.1-3
- Fix upstream sources URL
- Related: #1120353
-
Fri Sep 05 2014 Simo Sorce <simo@redhat.com> 0.9.1-2
- Import package in RHEL7
- Resolves: #1120353
-
Tue Sep 02 2014 Simo Sorce <simo@redhat.com> 0.9.1-1
- New upstream release
-
Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
-
Tue Jun 24 2014 Simo Sorce <simo@redhat.com> 0.8.0-1
- New upstream realease version 0.8.0
- Upstream moved to github
- Drops patches as they have been all included upstream
-
Fri Jun 20 2014 Simo Sorce <simo@redhat.com> 0.7.0-3
- Backport of useful patches from upstream
- Better handling of IDP reported errors
- Better handling of session data storage size
-
Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.7.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
-
Tue Dec 10 2013 Simo Sorce <simo@redhat.com> 0.7.0-1
- Fix ownership of /run files
-
Wed Nov 27 2013 Simo Sorce <simo@redhat.com> 0.7.0-0
- Initial Fedora release based on version 0.7.0
- Based on an old spec file by Jean-Marc Liger <jmliger@siris.sorbonne.fr>