From 198568f39c91f6b406b63003144ed42a794a91df Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: May 03 2018 03:16:36 +0000 Subject: import httpd24-mod_auth_mellon-0.13.1-2.el7 --- diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..d419d98 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +SOURCES/mod_auth_mellon-0.13.1.tar.gz +SOURCES/user_guide.tar.gz diff --git a/.httpd24-mod_auth_mellon.metadata b/.httpd24-mod_auth_mellon.metadata new file mode 100644 index 0000000..56de7c2 --- /dev/null +++ b/.httpd24-mod_auth_mellon.metadata @@ -0,0 +1,2 @@ +a0e8edcb4ecbbc2b37b98ce394ed17bee1b622a3 SOURCES/mod_auth_mellon-0.13.1.tar.gz +f1ecf8e6e809edcb5b595be206b745fe1dcfc5be SOURCES/user_guide.tar.gz diff --git a/README.md b/README.md deleted file mode 100644 index 98f42b4..0000000 --- a/README.md +++ /dev/null @@ -1,4 +0,0 @@ -The master branch has no content - -Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6 -If you find this file in a distro specific branch, it means that no content has been checked in yet diff --git a/SOURCES/10-auth_mellon.conf b/SOURCES/10-auth_mellon.conf new file mode 100644 index 0000000..b605132 --- /dev/null +++ b/SOURCES/10-auth_mellon.conf @@ -0,0 +1 @@ +LoadModule auth_mellon_module modules/mod_auth_mellon.so diff --git a/SOURCES/auth_mellon.conf b/SOURCES/auth_mellon.conf new file mode 100644 index 0000000..ad86d39 --- /dev/null +++ b/SOURCES/auth_mellon.conf @@ -0,0 +1,2 @@ +MellonCacheSize 100 +MellonLockFile "/run/mod_auth_mellon/lock" diff --git a/SOURCES/lasso_error_check.patch b/SOURCES/lasso_error_check.patch new file mode 100644 index 0000000..f9cc4ca --- /dev/null +++ b/SOURCES/lasso_error_check.patch @@ -0,0 +1,70 @@ +commit 2c2e19d96069f2d94d6c68f50e3ef2175a412cfb +Author: Olav Morken +Date: Tue Aug 8 14:34:24 2017 +0200 + + Fix incorrect error check for many `lasso_*`-functions. + + Several places in the code we assumed that Lasso error codes were + negative, however some of them are positive integers. This patch + ensures that we do direct check for a zero return code in all cases. + + Fixes issue #128. + +diff --git a/auth_mellon_handler.c b/auth_mellon_handler.c +index 70462a7..5661083 100644 +--- a/auth_mellon_handler.c ++++ b/auth_mellon_handler.c +@@ -640,7 +640,7 @@ static void am_restore_lasso_profile_state(request_rec *r, + identity_dump = am_cache_get_lasso_identity(am_session); + if(identity_dump != NULL) { + rc = lasso_profile_set_identity_from_dump(profile, identity_dump); +- if(rc < 0) { ++ if(rc != 0) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "Could not restore identity from dump." + " Lasso error: [%i] %s", rc, lasso_strerror(rc)); +@@ -651,7 +651,7 @@ static void am_restore_lasso_profile_state(request_rec *r, + session_dump = am_cache_get_lasso_session(am_session); + if(session_dump != NULL) { + rc = lasso_profile_set_session_from_dump(profile, session_dump); +- if(rc < 0) { ++ if(rc != 0) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "Could not restore session from dump." + " Lasso error: [%i] %s", rc, lasso_strerror(rc)); +@@ -1842,7 +1842,7 @@ static int am_handle_reply_common(request_rec *r, LassoLogin *login, + } + + rc = lasso_login_accept_sso(login); +- if(rc < 0) { ++ if(rc != 0) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "Unable to accept SSO message." + " Lasso error: [%i] %s", rc, lasso_strerror(rc)); +@@ -2157,7 +2157,7 @@ static int am_handle_artifact_reply(request_rec *r) + rc = lasso_login_init_request(login, r->args, + LASSO_HTTP_METHOD_ARTIFACT_GET); + +- if(rc < 0) { ++ if(rc != 0) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "Failed to handle login response." + " Lasso error: [%i] %s", rc, lasso_strerror(rc)); +@@ -2181,7 +2181,7 @@ static int am_handle_artifact_reply(request_rec *r) + ap_unescape_url(saml_art); + + rc = lasso_login_init_request(login, saml_art, LASSO_HTTP_METHOD_ARTIFACT_POST); +- if(rc < 0) { ++ if(rc != 0) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "Failed to handle login response." + " Lasso error: [%i] %s", rc, lasso_strerror(rc)); +@@ -2192,7 +2192,7 @@ static int am_handle_artifact_reply(request_rec *r) + + /* Prepare SOAP request. */ + rc = lasso_login_build_request_msg(login); +- if(rc < 0) { ++ if(rc != 0) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "Failed to prepare SOAP message for HTTP-Artifact" + " resolution." diff --git a/SOURCES/log_no_idp.patch b/SOURCES/log_no_idp.patch new file mode 100644 index 0000000..c51f30b --- /dev/null +++ b/SOURCES/log_no_idp.patch @@ -0,0 +1,42 @@ +commit daa5d1e66791a155dc74b220f16422ba206b8788 +Author: John Dennis +Date: Tue Jun 13 09:34:36 2017 -0400 + + If no IdP's are defined explicitly log that fact + + Sometimes configuration errors are made and a location does have any + IdP's defined for it. Previosly the error message in this case was: + + "Error adding IdP to lasso server object. Please verify the following + configuration directives: MellonIdPMetadataFile and + MellonIdPPublicKeyFile." + + But this message is misleading, it suggests an attempt was made to add + the IdP but somehow it failed, this will often cause folks to try to + determine what is wrong with the IdP metadata file, which may in fact + be defined in the mellon config but because of location inheritance is + not being included in the per directory config. + + It would be much more helpful to indicate no IdP's were defined for + this config location which is clearly a different problem than + suggesting an attempt was made to add an IdP but it failed. + + Signed-off-by: John Dennis + +diff --git a/auth_mellon_handler.c b/auth_mellon_handler.c +index 44a5ee9..2004752 100644 +--- a/auth_mellon_handler.c ++++ b/auth_mellon_handler.c +@@ -242,6 +242,12 @@ static guint am_server_add_providers(am_dir_cfg_rec *cfg, request_rec *r) + idp_public_key_file = NULL; + #endif /* ! HAVE_lasso_server_load_metadata */ + ++ if (cfg->idp_metadata->nelts == 0) { ++ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, ++ "Error, URI \"%s\" has no IdP's defined", r->uri); ++ return 0; ++ } ++ + for (index = 0; index < cfg->idp_metadata->nelts; index++) { + const am_metadata_t *idp_metadata; + int error; diff --git a/SOURCES/log_typo.patch b/SOURCES/log_typo.patch new file mode 100644 index 0000000..ff0cf6a --- /dev/null +++ b/SOURCES/log_typo.patch @@ -0,0 +1,52 @@ +commit 4c924d9062406762c44ce95bdee14dadf4bfeed2 +Author: Thijs Kinkhorst +Date: Sun Jul 9 14:42:29 2017 +0000 + + Fix some log message typos + +diff --git a/auth_mellon_cache.c b/auth_mellon_cache.c +index 9a5bb0e..cd3b9b0 100644 +--- a/auth_mellon_cache.c ++++ b/auth_mellon_cache.c +@@ -740,7 +740,7 @@ int am_cache_set_lasso_state(am_cache_entry_t *session, + lasso_identity); + if (status != 0) { + ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL, +- "Lasso identity is to big for storage. Size of lasso" ++ "Lasso identity is too big for storage. Size of lasso" + " identity is %" APR_SIZE_T_FMT ".", + (apr_size_t)strlen(lasso_identity)); + return HTTP_INTERNAL_SERVER_ERROR; +@@ -751,7 +751,7 @@ int am_cache_set_lasso_state(am_cache_entry_t *session, + lasso_session); + if (status != 0) { + ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL, +- "Lasso session is to big for storage. Size of lasso" ++ "Lasso session is too big for storage. Size of lasso" + " session is %" APR_SIZE_T_FMT ".", + (apr_size_t)strlen(lasso_session)); + return HTTP_INTERNAL_SERVER_ERROR; +@@ -762,8 +762,8 @@ int am_cache_set_lasso_state(am_cache_entry_t *session, + lasso_saml_response); + if (status != 0) { + ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL, +- "Lasso SAML response is to big for storage. Size of " +- "lasso SAML Reponse is %" APR_SIZE_T_FMT ".", ++ "Lasso SAML response is too big for storage. Size of " ++ "lasso SAML Response is %" APR_SIZE_T_FMT ".", + (apr_size_t)strlen(lasso_saml_response)); + return HTTP_INTERNAL_SERVER_ERROR; + } +diff --git a/auth_mellon_util.c b/auth_mellon_util.c +index 34cf88d..19bfb41 100644 +--- a/auth_mellon_util.c ++++ b/auth_mellon_util.c +@@ -1823,7 +1823,7 @@ tokenize(apr_pool_t *pool, const char *str, bool ignore_whitespace, + } + if (*p != '\"') { + *error = apr_psprintf(pool, +- "unterminated string begining at " ++ "unterminated string beginning at " + "position %" APR_SIZE_T_FMT " in \"%s\"", + start-str, str); + break; diff --git a/SOURCES/mellon_create_metadata.sh b/SOURCES/mellon_create_metadata.sh new file mode 100644 index 0000000..4009f1d --- /dev/null +++ b/SOURCES/mellon_create_metadata.sh @@ -0,0 +1,126 @@ +#!/usr/bin/env bash +set -e + +PROG="$(basename "$0")" + +printUsage() { + echo "Usage: $PROG ENTITY-ID ENDPOINT-URL" + echo "" + echo "Example:" + echo " $PROG urn:someservice https://sp.example.org/mellon" + echo "" +} + +if [ "$#" -lt 2 ]; then + printUsage + exit 1 +fi + +ENTITYID="$1" +if [ -z "$ENTITYID" ]; then + echo "$PROG: An entity ID is required." >&2 + exit 1 +fi + +BASEURL="$2" +if [ -z "$BASEURL" ]; then + echo "$PROG: The URL to the MellonEndpointPath is required." >&2 + exit 1 +fi + +if ! echo "$BASEURL" | grep -q '^https\?://'; then + echo "$PROG: The URL must start with \"http://\" or \"https://\"." >&2 + exit 1 +fi + +HOST="$(echo "$BASEURL" | sed 's#^[a-z]*://\([^/]*\).*#\1#')" +BASEURL="$(echo "$BASEURL" | sed 's#/$##')" + +OUTFILE="$(echo "$ENTITYID" | sed 's/[^A-Za-z.]/_/g' | sed 's/__*/_/g')" +echo "Output files:" +echo "Private key: $OUTFILE.key" +echo "Certificate: $OUTFILE.cert" +echo "Metadata: $OUTFILE.xml" +echo "Host: $HOST" +echo +echo "Endpoints:" +echo "SingleLogoutService (SOAP): $BASEURL/logout" +echo "SingleLogoutService (HTTP-Redirect): $BASEURL/logout" +echo "AssertionConsumerService (HTTP-POST): $BASEURL/postResponse" +echo "AssertionConsumerService (HTTP-Artifact): $BASEURL/artifactResponse" +echo "AssertionConsumerService (PAOS): $BASEURL/paosResponse" +echo + +# No files should not be readable by the rest of the world. +umask 0077 + +TEMPLATEFILE="$(mktemp -t mellon_create_sp.XXXXXXXXXX)" + +cat >"$TEMPLATEFILE" </dev/null + +rm -f "$TEMPLATEFILE" + +CERT="$(grep -v '^-----' "$OUTFILE.cert")" + +cat >"$OUTFILE.xml" < + + + + + + $CERT + + + + + + + $CERT + + + + + + urn:oasis:names:tc:SAML:2.0:nameid-format:transient + + + + + +EOF + +umask 0777 +chmod go+r "$OUTFILE.xml" +chmod go+r "$OUTFILE.cert" diff --git a/SOURCES/mellon_user_case_insensitive.patch b/SOURCES/mellon_user_case_insensitive.patch new file mode 100644 index 0000000..5dad36b --- /dev/null +++ b/SOURCES/mellon_user_case_insensitive.patch @@ -0,0 +1,41 @@ +commit c29123244e546986ff3c9e6fe94772c4411adf2b +Author: Olav Morken +Date: Wed Aug 16 17:28:16 2017 +0200 + + Make MellonUser case-insensitive. + + MellonUser used to perform its attribute match in a case-sesnsitive + manner, while environment variables are stored in a case-insensitive + table in Apache. + + The result is a bit of inconsistency between the way mod_auth_mellon + handles the attribute names and the way they are accessed other places + in Apache. + + This patch changes the code to use a case-insensitive match when + processing the MellonUser directive. + + Fixes issue #131. + +diff --git a/auth_mellon_cache.c b/auth_mellon_cache.c +index cd3b9b0..7d51589 100644 +--- a/auth_mellon_cache.c ++++ b/auth_mellon_cache.c +@@ -552,7 +552,7 @@ void am_cache_env_populate(request_rec *r, am_cache_entry_t *t) + if (am_cache_entry_slot_is_empty(&t->user)) { + for(i = 0; i < t->size; ++i) { + varname = am_cache_entry_get_string(t, &t->env[i].varname); +- if (strcmp(varname, d->userattr) == 0) { ++ if (strcasecmp(varname, d->userattr) == 0) { + value = am_cache_entry_get_string(t, &t->env[i].value); + status = am_cache_entry_store_string(t, &t->user, value); + if (status != 0) { +@@ -592,7 +592,7 @@ void am_cache_env_populate(request_rec *r, am_cache_entry_t *t) + * If we find a variable remapping to MellonUser, use it. + */ + if (am_cache_entry_slot_is_empty(&t->user) && +- (strcmp(varname, d->userattr) == 0)) { ++ (strcasecmp(varname, d->userattr) == 0)) { + status = am_cache_entry_store_string(t, &t->user, value); + if (status != 0) { + ap_log_rerror(APLOG_MARK, APLOG_NOTICE, 0, r, diff --git a/SOURCES/mod_auth_mellon.conf b/SOURCES/mod_auth_mellon.conf new file mode 100644 index 0000000..5e653bc --- /dev/null +++ b/SOURCES/mod_auth_mellon.conf @@ -0,0 +1,2 @@ +# mod_auth_mellon lock file is created in this directory +d /run/mod_auth_mellon 0755 apache apache diff --git a/SOURCES/post_segfault.patch b/SOURCES/post_segfault.patch new file mode 100644 index 0000000..2d20e16 --- /dev/null +++ b/SOURCES/post_segfault.patch @@ -0,0 +1,38 @@ +commit 5c5ed1d6ab2798b4833a12b81f77aca3f82e86f0 +Author: Olav Morken +Date: Tue Aug 8 09:45:10 2017 +0200 + + Fix segmentation fault with POST field without a value. + + This patch fixes a segmentation fault that can occur after the user + has logged in if the server is configured to replay POST data from + before login. If the POST data contained a field without a value we + would attempt to pass a constant string to the + am_urldecode()-function, which would crash with a segmentation fault. + + This patch fixes that by using an empty string allocated on the stack + instead of a constant string. + + Fixes #115. + +diff --git a/auth_mellon_handler.c b/auth_mellon_handler.c +index f073721..70462a7 100644 +--- a/auth_mellon_handler.c ++++ b/auth_mellon_handler.c +@@ -2329,6 +2329,7 @@ const char *am_post_mkform_urlencoded(request_rec *r, const char *post_data) + const char *item; + char *last; + char *post_form = ""; ++ char empty_value[] = ""; + + for (item = am_xstrtok(r, post_data, "&", &last); item; + item = am_xstrtok(r, NULL, "&", &last)) { +@@ -2344,7 +2345,7 @@ const char *am_post_mkform_urlencoded(request_rec *r, const char *post_data) + continue; + + if (value == NULL) +- value = (char *)""; ++ value = empty_value; + + if (am_urldecode(name) != OK) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, diff --git a/SOURCES/update_log_invalid_dst.patch b/SOURCES/update_log_invalid_dst.patch new file mode 100644 index 0000000..17c328d --- /dev/null +++ b/SOURCES/update_log_invalid_dst.patch @@ -0,0 +1,32 @@ +commit 93faba4505b2c02c4885d33f785db97efd6f9c1b +Author: nneul at neulinger.org +Date: Fri Oct 6 12:08:58 2017 +0000 + + Update log msg for Invalid Destination and Invalid Audience to show both the expected and received values. + +diff --git a/auth_mellon_handler.c b/auth_mellon_handler.c +index afb3195..030abe7 100644 +--- a/auth_mellon_handler.c ++++ b/auth_mellon_handler.c +@@ -1461,8 +1461,8 @@ static int am_validate_conditions(request_rec *r, + + if (ar->Audience == NULL || strcmp(ar->Audience, providerID)) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, +- "Invalid Audience in Conditions. Should be: %s", +- providerID); ++ "Invalid Audience in Conditions. Should be '%s', but was '%s'", ++ providerID, ar->Audience ? ar->Audience : ""); + return HTTP_BAD_REQUEST; + } + } +@@ -1791,8 +1791,8 @@ static int am_handle_reply_common(request_rec *r, LassoLogin *login, + if (response->parent.Destination) { + if (strcmp(response->parent.Destination, url)) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, +- "Invalid Destination on Response. Should be: %s", +- url); ++ "Invalid Destination on Response. Should be '%s', but was '%s'", ++ url, response->parent.Destination); + lasso_login_destroy(login); + return HTTP_BAD_REQUEST; + } diff --git a/SPECS/mod_auth_mellon.spec b/SPECS/mod_auth_mellon.spec new file mode 100644 index 0000000..d9ce847 --- /dev/null +++ b/SPECS/mod_auth_mellon.spec @@ -0,0 +1,218 @@ +%{?scl:%scl_package mod_auth_mellon} + +Summary: A SAML 2.0 authentication module for the Apache Httpd Server +Name: %{?scl:%scl_prefix}mod_auth_mellon +Version: 0.13.1 +Release: 2%{?dist} +Group: System Environment/Daemons +Source0: https://github.com/UNINETT/mod_auth_mellon/releases/download/v%{version}/mod_auth_mellon-%{version}.tar.gz +Source1: auth_mellon.conf +Source2: 10-auth_mellon.conf +Source3: mod_auth_mellon.conf +Source4: mellon_create_metadata.sh +Source5: user_guide.tar.gz +License: GPLv2+ + +BuildRequires: curl-devel +BuildRequires: glib2-devel +BuildRequires: %{?scl:%scl_prefix}httpd-devel +BuildRequires: lasso-devel >= 2.5.0 +BuildRequires: openssl-devel +BuildRequires: xmlsec1-devel +%if 0%{?scl:1} +Requires: %{?scl:%scl_prefix}httpd-mmn = %{_httpd24_mmn} +%else +Requires: httpd-mmn = %{_httpd_mmn} +%endif +Requires: lasso >= 2.5.0 +%{?scl:Requires:%scl_runtime} + +Url: https://github.com/UNINETT/mod_auth_mellon + +Patch1: log_typo.patch +Patch2: post_segfault.patch +Patch3: lasso_error_check.patch +Patch4: mellon_user_case_insensitive.patch +Patch5: log_no_idp.patch +Patch6: update_log_invalid_dst.patch + +%description +The mod_auth_mellon module is an authentication service that implements the +SAML 2.0 federation protocol. It grants access based on the attributes +received in assertions generated by a IdP server. + +%prep +%setup -q -n mod_auth_mellon-%{version} +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 + +%build +%if 0%{?scl:1} +export APXS=%{_httpd24_apxs} +%else +export APXS=%{_httpd_apxs} +%endif +%configure --with-apxs2=$APXS +make %{?_smp_mflags} + +%install +# install module +%if 0%{?scl:1} +install -Dm 755 .libs/mod_auth_mellon.so \ + %{buildroot}%{_httpd24_moddir}/mod_auth_mellon.so +%else +install -Dm 755 .libs/mod_auth_mellon.so \ + %{buildroot}%{_httpd_moddir}/mod_auth_mellon.so +%endif + +# install module configuration +%if 0%{?scl:1} +mkdir -p %{buildroot}%{_httpd24_confdir} +install -m 644 %{SOURCE1} %{buildroot}%{_httpd24_confdir} +mkdir -p %{buildroot}%{_httpd24_modconfdir} +install -m 644 %{SOURCE2} %{buildroot}%{_httpd24_modconfdir} +%else +mkdir -p %{buildroot}%{_httpd_confdir} +install -m 644 %{SOURCE1} %{buildroot}%{_httpd_confdir} +mkdir -p %{buildroot}%{_httpd_modconfdir} +install -m 644 %{SOURCE2} %{buildroot}%{_httpd_modconfdir} +%endif + +mkdir -p %{buildroot}%{_tmpfilesdir} +install -m 644 %{SOURCE3} %{buildroot}%{_tmpfilesdir} +mkdir -p %{buildroot}%{_localstatedir}/run/mod_auth_mellon + +# install script to generate metadata +mkdir -p %{buildroot}%{_libexecdir}/mod_auth_mellon +install -m 755 %{SOURCE4} %{buildroot}%{_libexecdir}/mod_auth_mellon + +# install user guide +mkdir -p %{buildroot}%{_pkgdocdir} +tar -C %{buildroot}%{_pkgdocdir} -xf %{SOURCE5} + +%files +%defattr(-,root,root) +%if 0%{?rhel} && 0%{?rhel} < 7 +%doc COPYING +%else +%license COPYING +%endif +%doc README NEWS ECP.rst +%doc %{_pkgdocdir}/user_guide + +%if 0%{?scl:1} +%config(noreplace) %{_httpd24_modconfdir}/10-auth_mellon.conf +%config(noreplace) %{_httpd24_confdir}/auth_mellon.conf +%{_httpd24_moddir}/mod_auth_mellon.so +%else +%config(noreplace) %{_httpd_modconfdir}/10-auth_mellon.conf +%config(noreplace) %{_httpd_confdir}/auth_mellon.conf +%{_httpd_moddir}/mod_auth_mellon.so +%endif +%{_tmpfilesdir}/mod_auth_mellon.conf +%{_libexecdir}/mod_auth_mellon +%dir %{_localstatedir}/run/mod_auth_mellon/ + +%changelog +* Fri Jan 05 2018 Luboš Uhliarik - 0.13.1-2 +- Resolves: #1514391 - [RFE] Include mod_auth_mellon for RHSCL httpd24 +- Merged with RHEL-7.5 branch, SCLized spec + +* Fri Oct 20 2017 John Dennis - 0.13.1-1 +- Resolves: rhbz#1481332 Upgrade to current upstream 0.13.1 +- Adds the following upstream bug fixes on top of 0.13.1: + * ee97812 Add Mellon User Guide + * daa5d1e If no IdP's are defined explicitly log that fact + * c291232 Make MellonUser case-insensitive. + * 2c2e19d Fix incorrect error check for many `lasso_*`-functions. + * 5c5ed1d Fix segmentation fault with POST field without a value. + * 4c924d9 Fix some log message typos + * 93faba4 Update log msg for Invalid Destination and Invalid Audience to + show both the expected and received values. +- Add new mellon user guide to installed docdir + +* Mon Jan 30 2017 John Dennis - 0.11.0-4 +- Resolves: rhbz#1414021 - Incorrect Content-Type header in ECP PAOS + Rebuilding due to missing comment in Changelog + +* Mon Jan 30 2017 John Dennis - 0.11.0-3 +- Resolves: rhbz#1414021 - Incorrect Content-Type header in ECP PAOS + +* Fri Apr 8 2016 John Dennis - 0.11.0-2 +- Resolves: bug #1296286 + mod_auth_mellon emits CRITICAL warning message in Apache log when doing ECP +- Resolves: bug #1324536 + Installing mod_auth_mellon causes working Kerberos authentication + to start failing +- Add ECP.rst documentation file that was erroneously omitted + +* Fri Sep 18 2015 John Dennis - 0.11.0-1 +- Upgrade to upstream 0.11.0 release. +- Includes ECP support, see NEWS for all changes. +- Update mellon_create_metadata.sh to match internally generated metadata, + includes AssertionConsumerService for postResponse, artifactResponse & + paosResponse. +- Add lasso 2.5.0 version dependency +- Resolves: #1205345 + +* Mon Aug 24 2015 John Dennis - 0.10.0-3 +- Rebase to upstream 0.10.0 release +- Apply upstream commits post 0.10.0 release +- Apply revised ECP pending patches, + fix patch to pickup change in configure script that causes + HAVE_ECP to be defined +- Resolves: #1205345 + +* Wed Aug 19 2015 John Dennis - 0.10.0-2 +- Rebase to upstream 0.10.0 release +- Apply upstream commits post 0.10.0 release +- Apply revised ECP pending patches +- Resolves: #1205345 + +* Mon Jun 22 2015 John Dennis - 0.10.0-1 +- Rebase to upstream 0.10.0 release +- Apply upstream commits post 0.10.0 release +- Apply ECP pending patches +- Resolves: #1205345 + +* Mon Dec 8 2014 Simo Sorce 0.9.1-4 +- Large scale intreop patches +- Resolves: #1167844 + +* Wed Sep 10 2014 Simo Sorce 0.9.1-3 +- Fix upstream sources URL +- Related: #1120353 + +* Fri Sep 5 2014 Simo Sorce 0.9.1-2 +- Import package in RHEL7 +- Resolves: #1120353 + +* Tue Sep 2 2014 Simo Sorce 0.9.1-1 +- New upstream release + +* Sun Aug 17 2014 Fedora Release Engineering - 0.8.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Tue Jun 24 2014 Simo Sorce 0.8.0-1 +- New upstream realease version 0.8.0 +- Upstream moved to github +- Drops patches as they have been all included upstream + +* Fri Jun 20 2014 Simo Sorce 0.7.0-3 +- Backport of useful patches from upstream + - Better handling of IDP reported errors + - Better handling of session data storage size + +* Sat Jun 07 2014 Fedora Release Engineering - 0.7.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Tue Dec 10 2013 Simo Sorce 0.7.0-1 +- Fix ownership of /run files + +* Wed Nov 27 2013 Simo Sorce 0.7.0-0 +- Initial Fedora release based on version 0.7.0 +- Based on an old spec file by Jean-Marc Liger