pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc
Module Name: pkgsrc
Committed By: manu
Date: Tue Jun 8 07:26:52 UTC 2021
Modified Files:
pkgsrc/doc: CHANGES-2021
pkgsrc/www/ap2-auth-mellon: Makefile distinfo
Log Message:
Updated www/ap2-auth-mellon to 0.17.0
Switch to Latchset distribution now that Uninett version is abandonware.
Changes since 0.14.2 from the NEWS file:
Version 0.17.0
---------------------------------------------------------------------------
Enhancements:
* New option MellonSendExpectHeader (default On) which allows to disable
sending the Expect header in the HTTP-Artifact binding to improve
performance when the remote party does not support this header.
* Set SameSite attribute to None on on the cookietest cookie.
* Bump default generated keysize to 3072 bits in mellon_create_metadata.
Bug fixes:
* Validate if the assertion ID has not been used earlier before creating
a new session.
* Release session cache after calling invalidate endpoint.
* In MellonCond directives, fix a bug that setting the NC option would
also activate substring match and that REG would activate REF.
* Fix MellonCond substring match to actually match the substring on
the attribute value.
Version 0.16.0
---------------------------------------------------------------------------
Enhancements:
* The MellonCookieSameSite option accepts a new valid "None". This is intended
to be used together with "MellonSecureCookie On". With some newer browsers,
only cookies with "SameSite=None; Secure" would be available for cross-site
access.
* A new option MellonEnabledInvalidateSessionEndpoint was added. When this
option is enabled, then a user can invalidate their session locally by
calling the "/invalidate" endpoint.
Version 0.15.0
---------------------------------------------------------------------------
Security fixes:
* [CVE-2019-13038] Redirect URL validation bypass
Version 0.14.1 and older of mod_auth_mellon allows the redirect URL
validation to be bypassed by specifying an URL formatted as
"http:www.hostname.com". In this case, the APR parsing utility
would parse the scheme as http, host as NULL and path as www.hostname.com.
Browsers, however, interpret the URL differently and redirect to
www.hostname.com. This could be reproduced with:
https://application.com/mellon/login?ReturnTo=http:www.hostname.com
This version fixes that issue by rejecting all URLs with
scheme, but no host name.
Enhancements:
* A XSLT script that allows converting attribute maps from Shibboleth
to a set of MellonSetEnvNoPrefix entries was added. The script can
be found at doc/mellon-attribute-map.xsl
* A new configuration option MellonEnvPrefix was added. This option allows
you to configure the variable prefix, which normally defaults to MELLON_
* A new configuration option MellonAuthnContextComparisonType was added.
This option allows you to set the "Comparison" attribute within
the AuthnRequest
Notable bug fixes:
* Compilation issues on Solaris were fixed
To generate a diff of this commit:
cvs rdiff -u -r1.3308 -r1.3309 pkgsrc/doc/CHANGES-2021
cvs rdiff -u -r1.63 -r1.64 pkgsrc/www/ap2-auth-mellon/Makefile
cvs rdiff -u -r1.20 -r1.21 pkgsrc/www/ap2-auth-mellon/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/doc/CHANGES-2021
diff -u pkgsrc/doc/CHANGES-2021:1.3308 pkgsrc/doc/CHANGES-2021:1.3309
--- pkgsrc/doc/CHANGES-2021:1.3308 Tue Jun 8 01:58:06 2021
+++ pkgsrc/doc/CHANGES-2021 Tue Jun 8 07:26:52 2021
@@ -1,4 +1,4 @@
-$NetBSD: CHANGES-2021,v 1.3308 2021/06/08 01:58:06 mef Exp $
+$NetBSD: CHANGES-2021,v 1.3309 2021/06/08 07:26:52 manu Exp $
Changes to the packages collection and infrastructure in 2021:
@@ -5316,3 +5316,4 @@ Changes to the packages collection and i
Added devel/ruby-approvaltests version 0.0.25 [schmonz 2021-06-07]
Added graphics/R-thematic version 0.1.2 [mef 2021-06-08]
Added www/R-bslib version 0.2.5.1 [mef 2021-06-08]
+ Updated www/ap2-auth-mellon to 0.17.0 [manu 2021-06-08]
Index: pkgsrc/www/ap2-auth-mellon/Makefile
diff -u pkgsrc/www/ap2-auth-mellon/Makefile:1.63 pkgsrc/www/ap2-auth-mellon/Makefile:1.64
--- pkgsrc/www/ap2-auth-mellon/Makefile:1.63 Wed Apr 21 13:25:28 2021
+++ pkgsrc/www/ap2-auth-mellon/Makefile Tue Jun 8 07:26:52 2021
@@ -1,16 +1,15 @@
-# $NetBSD: Makefile,v 1.63 2021/04/21 13:25:28 adam Exp $
+# $NetBSD: Makefile,v 1.64 2021/06/08 07:26:52 manu Exp $
-DISTNAME= mod_auth_mellon-0.14.2
+DISTNAME= mod_auth_mellon-0.17.0
PKGNAME= ${APACHE_PKG_PREFIX}-${DISTNAME:S/mod_//:S/_/-/g}
-PKGREVISION= 12
#PKGREVISION= 1
CATEGORIES= www security
-MASTER_SITES= ${MASTER_SITE_GITHUB:=UNINETT/}
+MASTER_SITES= ${MASTER_SITE_GITHUB:=latchset/}
GITHUB_PROJECT= mod_auth_mellon
GITHUB_RELEASE= v${PKGVERSION_NOREV}
MAINTAINER= manu%NetBSD.org@localhost
-HOMEPAGE= https://github.com/UNINETT/mod_auth_mellon
+HOMEPAGE= https://github.com/latchset/mod_auth_mellon
COMMENT= SAML 2.0 authentication for Apache
LICENSE= gnu-gpl-v2 # or later
Index: pkgsrc/www/ap2-auth-mellon/distinfo
diff -u pkgsrc/www/ap2-auth-mellon/distinfo:1.20 pkgsrc/www/ap2-auth-mellon/distinfo:1.21
--- pkgsrc/www/ap2-auth-mellon/distinfo:1.20 Sat Mar 23 02:37:42 2019
+++ pkgsrc/www/ap2-auth-mellon/distinfo Tue Jun 8 07:26:52 2021
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.20 2019/03/23 02:37:42 manu Exp $
+$NetBSD: distinfo,v 1.21 2021/06/08 07:26:52 manu Exp $
-SHA1 (mod_auth_mellon-0.14.2.tar.gz) = 35d4359487fb97e9982b501ef3581b49bf985888
-RMD160 (mod_auth_mellon-0.14.2.tar.gz) = 412ecf6e1a616ca7c1caa6470976d1f66c8c76e6
-SHA512 (mod_auth_mellon-0.14.2.tar.gz) = 9d14b1482a73ce7e86f5f7618454aab8759533649f34fa0088264b7b09dbd90db46011c629303b2f3ad969379937ff5adaa0d7b63a502cdfbba0cd1b762502a6
-Size (mod_auth_mellon-0.14.2.tar.gz) = 950737 bytes
+SHA1 (mod_auth_mellon-0.17.0.tar.gz) = df4039cca9d706b10c49ea3435af0382da2b959a
+RMD160 (mod_auth_mellon-0.17.0.tar.gz) = 80454ec3823ec80af73bd5f58f3a051848f1bb90
+SHA512 (mod_auth_mellon-0.17.0.tar.gz) = 93919b46e5966d16b334f8f633345d8566f6873a68d1e619835a52a12a70fa7068fe036c69a43ca7b46e51b4c49354d51df13ffd64c60b82747eec86fe357d2e
+Size (mod_auth_mellon-0.17.0.tar.gz) = 955298 bytes
Home |
Main Index |
Thread Index |
Old Index