#1 update to 1.13.1
Opened 6 years ago by fkooman. Modified 6 years ago
Unknown source master  into  rawhide

file modified
+1
@@ -4,3 +4,4 @@

  /mod_auth_mellon-0.10.0.tar.gz

  /mod_auth_mellon-0.11.0.tar.gz

  /mod_auth_mellon-0.12.0.tar.gz

+ /mod_auth_mellon-0.13.1.tar.gz

file removed
-33
@@ -1,33 +0,0 @@

- commit 5ba9bb72707a90503cd4d042083ea074a0cb6b8a

- Author: John Dennis <jdennis@redhat.com>

- Date:   Fri Oct 30 15:46:33 2015 -0400

- 

-     Role maybe unknown when assertion consumer url is looked up

-     

-     Replace the call to lasso_provider_get_metadata_one() with

-     lasso_provider_get_metadata_one_for_role() so that we can exlicitly

-     pass the LASSO_PROVIDER_ROLE_SP role. The former call obtains the

-     role from the provider object and then calls

-     lasso_provider_get_metadata_one_for_role() using that role. However

-     the role will not have been set in the provider until the first request is

-     processed. This means the first time we call this routine it won't

-     work correctly because the role will not have been set yet, by

-     explicitly passing the role we avoid this problem.

-     

-     Signed-off-by: John Dennis <jdennis@redhat.com>

- 

- diff --git a/auth_mellon_util.c b/auth_mellon_util.c

- index 155bb1a..6c694b7 100644

- --- a/auth_mellon_util.c

- +++ b/auth_mellon_util.c

- @@ -1827,7 +1827,9 @@ char *am_get_assertion_consumer_service_by_binding(LassoProvider *provider, cons

-      }

-  

-      if (selected_descriptor) {

- -        url = lasso_provider_get_metadata_one(provider, selected_descriptor);

- +        url = lasso_provider_get_metadata_one_for_role(provider,

- +                                                       LASSO_PROVIDER_ROLE_SP,

- +                                                       selected_descriptor);

-      }

-  

-      lasso_release_list_of_strings(descriptors);

file removed
-36
@@ -1,36 +0,0 @@

- commit 040a1ae5cb2aab38b2bc716cc3d0d6fa7b998a7a

- Author: John Dennis <jdennis@redhat.com>

- Date:   Mon Jan 16 09:02:06 2017 -0500

- 

-     Use ap_set_content_type() to set "Content-Type" header

-     

-     Formerly we were setting the response header "Content-Type" in

-     r->headers_out directly via the apr_table_setn() call. Although using

-     apr_table_setn() is appropriate for many HTTP headers Apache actively

-     manages a small set of headers in

-     http_filters.c:ap_http_header_filter(). These managed headers are

-     derived from values maintained in the request_rec. "Content-Type" is

-     one of the managed headers.

-     

-     Because we didn't set r->content_type field via the

-     ap_set_content_type() call and instead directly updated the

-     r->headers_out table our value for "Content-Type" was overwriten when

-     the ap_http_header_filter() was run just prior to emitting the

-     response with the result the "Content-Type" header returned to the

-     client was incorrect.

-     

-     Signed-off-by: John Dennis <jdennis@redhat.com>

- 

- diff --git a/auth_mellon_handler.c b/auth_mellon_handler.c

- index a55828a..25365de 100644

- --- a/auth_mellon_handler.c

- +++ b/auth_mellon_handler.c

- @@ -2655,7 +2655,7 @@ static int am_set_authn_request_post_content(request_rec *r, LassoLogin *login)

-   */

-  static int am_set_authn_request_paos_content(request_rec *r, LassoLogin *login)

-  {

- -    apr_table_setn(r->headers_out, "Content-Type", MEDIA_TYPE_PAOS);

- +    ap_set_content_type(r, MEDIA_TYPE_PAOS);

-      ap_rputs(LASSO_PROFILE(login)->msg_body, r);

-  

-      return OK;

@@ -1,34 +0,0 @@

- commit 912aa852ebd78577f59cf7958c709acea98ace4c

- Author: John Dennis <jdennis@redhat.com>

- Date:   Fri Apr 8 09:01:22 2016 -0400

- 

-     am_check_uid() should be no-op if mellon not enabled

-     

-     mod_auth_mellon was interferring with other Apache authentication

-     modules (e.g. mod_auth_kerb) because when the Apache check_user_id

-     hook ran the logic in am_check_uid would execute even if mellon was

-     not enabled for the location. This short circuited the hook execution

-     and never allowed the authentication enabled for the location to

-     execute. It resulted in HTTP_UNAUTHORIZED being returned with the

-     client then expecting a WWW-Authenticate header field causing the

-     client to attempt to authenticate again.

-     

-     Signed-off-by: John Dennis <jdennis@redhat.com>

- 

- diff --git a/auth_mellon_handler.c b/auth_mellon_handler.c

- index a72e1ca..864396f 100644

- --- a/auth_mellon_handler.c

- +++ b/auth_mellon_handler.c

- @@ -3625,6 +3625,12 @@ int am_check_uid(request_rec *r)

-          return OK;

-      }

-  

- +    /* Check that the user has enabled authentication for this directory. */

- +    if(dir->enable_mellon == am_enable_off

- +       || dir->enable_mellon == am_enable_default) {

- +	return DECLINED;

- +    }

- +

-  #ifdef HAVE_ECP

-      am_req_cfg_rec *req_cfg = am_get_req_cfg(r);

-      if (req_cfg->ecp_authn_req) {

file modified
+6 -6
@@ -1,7 +1,7 @@

  Summary: A SAML 2.0 authentication module for the Apache Httpd Server

  Name: mod_auth_mellon

- Version: 0.12.0

- Release: 7%{?dist}

+ Version: 0.13.1

+ Release: 1%{?dist}

  Group: System Environment/Daemons

  Source0: https://github.com/UNINETT/mod_auth_mellon/releases/download/v%{version}/%{name}-%{version}.tar.gz

  Source1: auth_mellon.conf
@@ -19,8 +19,6 @@

  Requires: lasso >= 2.5.0

  Url: https://github.com/UNINETT/mod_auth_mellon

  

- Patch1: enabled_in_check_uid.patch

- Patch2: content-type.patch

  

  

  %description
@@ -30,8 +28,6 @@

  

  %prep

  %setup -q -n %{name}-%{version}

- %patch1 -p1

- %patch2 -p1

  

  %build

  export APXS=%{_httpd_apxs}
@@ -73,6 +69,10 @@

  %dir /run/%{name}/

  

  %changelog

+ * Sat Sep 30 2017 François Kooman <fkooman@tuxed.net> - 0.13.1-1

+ - update to 0.13.1

+ - drop all patches as they are upstream now

+ 

  * Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.12.0-7

  - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild

  

file modified
+1 -1
@@ -1,1 +1,1 @@

- 6c1057847c06d433d4d4a4f55cca1740  mod_auth_mellon-0.12.0.tar.gz

+ da9bc765d3a8cfafa8366f46ac821f25  mod_auth_mellon-0.13.1.tar.gz