diff options
| author | manu <manu@pkgsrc.org> | 2016-03-14 09:58:57 +0000 |
|---|---|---|
| committer | manu <manu@pkgsrc.org> | 2016-03-14 09:58:57 +0000 |
| commit | 6ee3620ec66961c29c0a6516132f34db2362e43c (patch) | |
| tree | 98cc05f6a08201de06aaef2897c7f36cfc17b476 /www/ap2-auth-mellon/Makefile | |
| parent | 4bd2ff4c1c78b713cd349d6ba78dda90b9943e4b (diff) | |
| download | pkgsrc-6ee3620ec66961c29c0a6516132f34db2362e43c.tar.gz | |
Update mod_auth_mellon to 0.12.0
Fixes CVE-2016-2145 and CVE-2016-2146
Changes since 0.10.0 frome NEWS file and patches/patch-0274
patch-0274
---------------------------------------------------------------------------
* Return 500 Internal Server Error if probe discovery fails.
Version 0.12.0
---------------------------------------------------------------------------
Security fixes:
* [CVE-2016-2145] Fix DOS attack (Apache worker process crash) due to
incorrect error handling when reading POST data from client.
* [CVE-2016-2146] Fix DOS attack (Apache worker process crash /
resource exhaustion) due to missing size checks when reading
POST data.
In addition this release contains the following new features and fixes:
* Add MellonRedirecDomains option to limit the sites that
mod_auth_mellon can redirect to. This option is enabled by default.
* Add support for ECP service options in PAOS requests.
* Fix AssertionConsumerService lookup for PAOS requests.
Version 0.11.1
---------------------------------------------------------------------------
Security fixes:
* [CVE-2016-2145] Fix DOS attack (Apache worker process crash) due to
incorrect error handling when reading POST data from client.
* [CVE-2016-2146] Fix DOS attack (Apache worker process crash /
resource exhaustion) due to missing size checks when reading
POST data
Version 0.11.0
---------------------------------------------------------------------------
* Add SAML 2.0 ECP support.
* The MellonDecode option has been disabled. It was used to decode
attributes in a Feide-specific encoding that is no longer used.
* Set max-age=0 in Cache-Control header, to ensure that all browsers
verifies the data on each request.
* MellonMergeEnvVars On now accepts second optional parameter, the
separator to be used instead of the default ';'.
* Add option MellonEnvVarsSetCount to specify if the number of values
for any attribute should also be stored in environment variable
suffixed _N.
* Add option MellonEnvVarsIndexStart to specify if environment variables
for multi-valued attributes should start indexing with 0 (default) or
with 1.
* Bugfixes:
* Fix error about missing authentication with DirectoryIndex in
Apache 2.4.
Diffstat (limited to 'www/ap2-auth-mellon/Makefile')
| -rw-r--r-- | www/ap2-auth-mellon/Makefile | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/www/ap2-auth-mellon/Makefile b/www/ap2-auth-mellon/Makefile index 28f62f1c1b2..d1c84e02de1 100644 --- a/www/ap2-auth-mellon/Makefile +++ b/www/ap2-auth-mellon/Makefile @@ -1,10 +1,9 @@ -# $NetBSD: Makefile,v 1.32 2016/03/05 11:29:34 jperkin Exp $ +# $NetBSD: Makefile,v 1.33 2016/03/14 09:58:57 manu Exp $ # -DISTNAME= mod_auth_mellon-0.10.0 +DISTNAME= mod_auth_mellon-0.12.0 PKGNAME= ${APACHE_PKG_PREFIX}-${DISTNAME:S/mod_//:S/_/-/g} PKGREVISION= 1 -#PKGREVISION= 1 CATEGORIES= www security MASTER_SITES= https://github.com/UNINETT/mod_auth_mellon/releases/download/v${DISTNAME:C/.*-//}/ @@ -16,7 +15,6 @@ LICENSE= gnu-gpl-v2 # or later GNU_CONFIGURE= YES USE_LIBTOOL= YES USE_TOOLS+= pkg-config -CFLAGS+= -DLASSO_SERVER_LOAD_METADATA_FLAG_DEFAULT=0 APACHE_MODULE= YES PKG_APACHE_ACCEPTED= apache22 apache24 @@ -36,6 +34,8 @@ do-install: ${APXS} -i -S LIBEXECDIR=${DESTDIR}"$${libexecdir}" \ -n auth_mellon mod_auth_mellon.la +BUILDLINK_ABI_DEPENDS.lasso+= lasso>=2.1.0 + .include "../../security/lasso/buildlink3.mk" .include "../../mk/pthread.buildlink3.mk" .include "../../www/curl/buildlink3.mk" |