|
 |
cd021e |
Summary: A SAML 2.0 authentication module for the Apache Httpd Server
|
|
|
cd021e |
Name: mod_auth_mellon
|
|
|
cd021e |
Version: 0.17.0
|
|
|
d488b0 |
Release: 7%{?dist}
|
|
|
cd021e |
Source0: https://github.com/latchset/mod_auth_mellon/releases/download/v0.17.0/mod_auth_mellon-0.17.0.tar.gz
|
|
|
cd021e |
Source1: auth_mellon.conf
|
|
|
cd021e |
Source2: 10-auth_mellon.conf
|
|
|
cd021e |
Source3: mod_auth_mellon.conf
|
|
|
cd021e |
Source4: mellon_create_metadata.sh
|
|
|
cd021e |
Source5: README.redhat.rst
|
|
|
cd021e |
License: GPLv2+
|
|
|
cd021e |
BuildRequires: make
|
|
|
cd021e |
BuildRequires: gcc
|
|
|
cd021e |
BuildRequires: curl-devel
|
|
|
cd021e |
BuildRequires: glib2-devel
|
|
|
cd021e |
BuildRequires: httpd-devel
|
|
|
cd021e |
BuildRequires: lasso-devel >= 2.5.1-13
|
|
|
cd021e |
BuildRequires: openssl-devel
|
|
|
cd021e |
BuildRequires: xmlsec1-devel
|
|
|
cd021e |
BuildRequires: rubygem-asciidoctor
|
|
|
cd021e |
Requires: httpd-mmn = %{_httpd_mmn}
|
|
|
cd021e |
Requires: lasso >= 2.5.1-13
|
|
|
cd021e |
Url: https://github.com/latchset/mod_auth_mellon
|
|
|
cd021e |
|
|
|
cd021e |
Patch0001: 0001-Prevent-redirect-to-URLs-that-begin-with.patch
|
|
|
cd021e |
|
|
|
cd021e |
%description
|
|
|
cd021e |
The mod_auth_mellon module is an authentication service that implements the
|
|
|
cd021e |
SAML 2.0 federation protocol. It grants access based on the attributes
|
|
|
cd021e |
received in assertions generated by a IdP server.
|
|
|
cd021e |
|
|
|
cd021e |
%prep
|
|
|
cd021e |
%autosetup -n %{name}-%{version}
|
|
|
cd021e |
|
|
|
cd021e |
%build
|
|
|
cd021e |
export APXS=%{_httpd_apxs}
|
|
|
cd021e |
%configure --enable-diagnostics
|
|
|
cd021e |
make clean
|
|
|
cd021e |
%{make_build}
|
|
|
cd021e |
cp .libs/%{name}.so %{name}-diagnostics.so
|
|
|
cd021e |
|
|
|
cd021e |
%configure
|
|
|
cd021e |
make clean
|
|
|
cd021e |
%{make_build}
|
|
|
cd021e |
pushd doc/user_guide
|
|
|
cd021e |
asciidoctor -a data-uri mellon_user_guide.adoc
|
|
|
cd021e |
popd
|
|
|
cd021e |
|
|
|
cd021e |
%install
|
|
|
cd021e |
# install module
|
|
|
cd021e |
mkdir -p %{buildroot}%{_httpd_moddir}
|
|
|
cd021e |
install -m 755 .libs/%{name}.so %{buildroot}%{_httpd_moddir}
|
|
|
cd021e |
install -m 755 %{name}-diagnostics.so %{buildroot}%{_httpd_moddir}
|
|
|
cd021e |
|
|
|
cd021e |
# install module configuration
|
|
|
cd021e |
mkdir -p %{buildroot}%{_httpd_confdir}
|
|
|
cd021e |
install -m 644 %{SOURCE1} %{buildroot}%{_httpd_confdir}
|
|
|
cd021e |
mkdir -p %{buildroot}%{_httpd_modconfdir}
|
|
|
cd021e |
install -m 644 %{SOURCE2} %{buildroot}%{_httpd_modconfdir}
|
|
|
cd021e |
|
|
|
cd021e |
mkdir -p %{buildroot}%{_tmpfilesdir}
|
|
|
cd021e |
install -m 644 %{SOURCE3} %{buildroot}%{_tmpfilesdir}
|
|
|
cd021e |
mkdir -p %{buildroot}/run/%{name}
|
|
|
cd021e |
|
|
|
cd021e |
# install script to generate metadata
|
|
|
cd021e |
mkdir -p %{buildroot}/%{_libexecdir}/%{name}
|
|
|
cd021e |
install -m 755 %{SOURCE4} %{buildroot}/%{_libexecdir}/%{name}
|
|
|
cd021e |
|
|
|
cd021e |
#install documentation
|
|
|
cd021e |
mkdir -p %{buildroot}/%{_pkgdocdir}
|
|
|
cd021e |
|
|
|
cd021e |
# install Red Hat README
|
|
|
cd021e |
install %{SOURCE5} %{buildroot}/%{_pkgdocdir}
|
|
|
cd021e |
|
|
|
cd021e |
# install user guide
|
|
|
cd021e |
cp -r doc/user_guide %{buildroot}/%{_pkgdocdir}
|
|
|
cd021e |
|
|
|
cd021e |
%package diagnostics
|
|
|
cd021e |
Summary: Build of mod_auth_mellon with diagnostic logging
|
|
|
cd021e |
Requires: %{name} = %{version}-%{release}
|
|
|
cd021e |
|
|
|
cd021e |
%description diagnostics
|
|
|
cd021e |
Build of mod_auth_mellon with diagnostic logging. See README.redhat.rst
|
|
|
cd021e |
in the doc directory for instructions on using the diagnostics build.
|
|
|
cd021e |
|
|
|
cd021e |
%files diagnostics
|
|
|
cd021e |
%{_httpd_moddir}/%{name}-diagnostics.so
|
|
|
cd021e |
|
|
|
cd021e |
%files
|
|
|
cd021e |
%if 0%{?rhel} && 0%{?rhel} < 7
|
|
|
cd021e |
%doc COPYING
|
|
|
cd021e |
%else
|
|
|
cd021e |
%license COPYING
|
|
|
cd021e |
%endif
|
|
|
cd021e |
%doc README.md NEWS ECP.rst
|
|
|
cd021e |
%doc %{_pkgdocdir}/README.redhat.rst
|
|
|
cd021e |
%doc %{_pkgdocdir}/user_guide
|
|
|
cd021e |
%config(noreplace) %{_httpd_modconfdir}/10-auth_mellon.conf
|
|
|
cd021e |
%config(noreplace) %{_httpd_confdir}/auth_mellon.conf
|
|
|
cd021e |
%{_httpd_moddir}/mod_auth_mellon.so
|
|
|
cd021e |
%{_tmpfilesdir}/mod_auth_mellon.conf
|
|
|
cd021e |
%{_libexecdir}/%{name}
|
|
|
d488b0 |
%dir %attr(-, apache, apache) /run/%{name}/
|
|
|
cd021e |
|
|
|
cd021e |
%changelog
|
|
|
d488b0 |
* Tue Jul 26 2022 Tomas Halman <thalman@redhat.com> - 0.17.0-7
|
|
|
d488b0 |
- bad user/group ownership for /run/mod_auth_mellon
|
|
|
d488b0 |
Resolves: rhbz#2047948
|
|
|
d488b0 |
|
|
|
cd021e |
* Fri Jul 30 2021 Jakub Hrozek <jhrozek@redhat.com> - 0.17.0-6
|
|
|
cd021e |
- Related: rhbz#1986806 - CVE-2021-3639 mod_auth_mellon: Open Redirect
|
|
|
cd021e |
vulnerability in logout URLs
|
|
|
cd021e |
|
|
|
cd021e |
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.17.0-5
|
|
|
cd021e |
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
|
|
cd021e |
Related: rhbz#1991688
|
|
|
cd021e |
|
|
|
cd021e |
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.17.0-4
|
|
|
cd021e |
- Rebuilt for RHEL 9 BETA for openssl 3.0
|
|
|
cd021e |
Related: rhbz#1971065
|
|
|
cd021e |
|
|
|
cd021e |
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.17.0-3
|
|
|
cd021e |
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
|
|
cd021e |
|
|
|
cd021e |
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.17.0-2
|
|
|
cd021e |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
|
|
cd021e |
|
|
|
cd021e |
* Wed Sep 16 2020 Jakub Hrozek <jhrozek@redhat.com> - 0.17.0-1
|
|
|
cd021e |
- New upstream version 0.17.0
|
|
|
cd021e |
|
|
|
cd021e |
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.16.0-3
|
|
|
cd021e |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
|
|
cd021e |
|
|
|
cd021e |
* Thu Feb 13 2020 Tom Stellard <tstellar@redhat.com> - 0.16.0-2
|
|
|
cd021e |
- Use make_build macro instead of just make
|
|
|
cd021e |
- https://docs.fedoraproject.org/en-US/packaging-guidelines/#_parallel_make
|
|
|
cd021e |
|
|
|
cd021e |
* Mon Feb 3 2020 Jakub Hrozek <jhrozek@redhat.com> - 0.16.0-1
|
|
|
cd021e |
- New upstream version 0.16.0
|
|
|
cd021e |
|
|
|
cd021e |
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.15.0-2
|
|
|
cd021e |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
|
|
cd021e |
|
|
|
cd021e |
* Tue Nov 19 2019 Jakub Hrozek <jhrozek@redhat.com> - 0.15.0-1
|
|
|
cd021e |
- New upstream version 0.15.0
|
|
|
cd021e |
- Resolves: rhbz#1725742 - CVE-2019-13038 mod_auth_mellon: an Open Redirect
|
|
|
cd021e |
via the login?ReturnTo= substring which could
|
|
|
cd021e |
facilitate information theft [fedora-all]
|
|
|
cd021e |
|
|
|
cd021e |
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.14.2-2
|
|
|
cd021e |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
|
|
cd021e |
|
|
|
cd021e |
* Fri Mar 22 2019 Jakub Hrozek <jhrozek@redhat.com> - 0.14.2-1
|
|
|
cd021e |
- Upgrade to 0.14.2
|
|
|
cd021e |
- Related: rhbz#1691771 - CVE-2019-3877 mod_auth_mellon: open redirect in
|
|
|
cd021e |
logout url when using URLs with backslashes
|
|
|
cd021e |
- Related: rhbz#1691136 - CVE-2019-3878 mod_auth_mellon: authentication
|
|
|
cd021e |
bypass in ECP flow
|
|
|
cd021e |
|
|
|
cd021e |
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.14.0-5
|
|
|
cd021e |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
|
|
cd021e |
|
|
|
cd021e |
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.14.0-4
|
|
|
cd021e |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
|
|
cd021e |
|
|
|
cd021e |
* Wed May 2 2018 John Dennis <jdennis@redhat.com> - 0.14.0-3
|
|
|
cd021e |
- update lasso version dependency
|
|
|
cd021e |
|
|
|
cd021e |
* Tue May 1 2018 John Dennis <jdennis@redhat.com> - 0.14.0-2
|
|
|
cd021e |
- clean diagnostics build prior to normal build
|
|
|
cd021e |
|
|
|
cd021e |
* Thu Apr 19 2018 John Dennis <jdennis@redhat.com> - 0.14.0-1
|
|
|
cd021e |
- Upgrade to new upstream release
|
|
|
cd021e |
- Add README.redhat.rst doc explaining packaging of this module.
|
|
|
cd021e |
|
|
|
cd021e |
* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.13.1-2
|
|
|
cd021e |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
|
|
cd021e |
|
|
|
cd021e |
* Sun Oct 1 2017 John Dennis <jdennis@redhat.com> - 0.13.1-1
|
|
|
cd021e |
- upgrade to new upstream release
|
|
|
cd021e |
|
|
|
cd021e |
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.12.0-7
|
|
|
cd021e |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
|
|
cd021e |
|
|
|
cd021e |
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.12.0-6
|
|
|
cd021e |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
|
|
cd021e |
|
|
|
cd021e |
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.12.0-5
|
|
|
cd021e |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
|
|
cd021e |
|
|
|
cd021e |
* Tue Jan 17 2017 John Dennis <jdennis@redhat.com> - 0.12.0-4
|
|
|
cd021e |
- Resolves: bug #1414019 Incorrect PAOS Content-Type header
|
|
|
cd021e |
|
|
|
cd021e |
* Mon Jan 9 2017 John Dennis <jdennis@redhat.com> - 0.12.0-3
|
|
|
cd021e |
- bump release for rebuild
|
|
|
cd021e |
|
|
|
cd021e |
* Tue May 3 2016 John Dennis <jdennis@redhat.com> - 0.12.0-2
|
|
|
cd021e |
- Resolves: bug #1332729, mellon conflicts with mod_auth_openidc
|
|
|
cd021e |
- am_check_uid() should be no-op if mellon not enabled
|
|
|
cd021e |
|
|
|
cd021e |
* Wed Mar 9 2016 John Dennis <jdennis@redhat.com> - 0.12.0-1
|
|
|
cd021e |
- Update to new upstream 0.12.0
|
|
|
cd021e |
- [CVE-2016-2145] Fix DOS attack (Apache worker process crash) due to
|
|
|
cd021e |
incorrect error handling when reading POST data from client.
|
|
|
cd021e |
|
|
|
cd021e |
- [CVE-2016-2146] Fix DOS attack (Apache worker process crash /
|
|
|
cd021e |
resource exhaustion) due to missing size checks when reading
|
|
|
cd021e |
POST data.
|
|
|
cd021e |
|
|
|
cd021e |
In addition this release contains the following new features and fixes:
|
|
|
cd021e |
|
|
|
cd021e |
- Add MellonRedirectDomains option to limit the sites that
|
|
|
cd021e |
mod_auth_mellon can redirect to. This option is enabled by default.
|
|
|
cd021e |
|
|
|
cd021e |
- Add support for ECP service options in PAOS requests.
|
|
|
cd021e |
|
|
|
cd021e |
- Fix AssertionConsumerService lookup for PAOS requests.
|
|
|
cd021e |
|
|
|
cd021e |
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.11.0-4
|
|
|
cd021e |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
|
|
cd021e |
|
|
|
cd021e |
* Wed Dec 23 2015 John Dennis <jdennis@redhat.com> - 0.11.0-3
|
|
|
cd021e |
- Fix the following warning that appears in the Apache log
|
|
|
cd021e |
lasso-CRITICAL **: lasso_provider_get_metadata_list_for_role: assertion '_lasso_provider_get_role_index(role)' failed
|
|
|
cd021e |
|
|
|
cd021e |
* Fri Sep 18 2015 John Dennis <jdennis@redhat.com> - 0.11.0-2
|
|
|
cd021e |
- Add lasso 2.5.0 version dependency
|
|
|
cd021e |
|
|
|
cd021e |
* Fri Sep 18 2015 John Dennis <jdennis@redhat.com> - 0.11.0-1
|
|
|
cd021e |
- Upgrade to upstream 0.11.0 release.
|
|
|
cd021e |
- Includes ECP support, see NEWS for all changes.
|
|
|
cd021e |
- Update mellon_create_metadata.sh to match internally generated metadata,
|
|
|
cd021e |
includes AssertionConsumerService for postResponse, artifactResponse &
|
|
|
cd021e |
paosResponse.
|
|
|
cd021e |
|
|
|
cd021e |
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.10.0-2
|
|
|
cd021e |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
|
|
cd021e |
|
|
|
cd021e |
* Wed Jan 7 2015 Simo Sorce <simo@redhat.com> 0.10.0-1
|
|
|
cd021e |
- New upstream release
|
|
|
cd021e |
|
|
|
cd021e |
* Tue Sep 2 2014 Simo Sorce <simo@redhat.com> 0.9.1-1
|
|
|
cd021e |
- New upstream release
|
|
|
cd021e |
|
|
|
cd021e |
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.0-2
|
|
|
cd021e |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
|
|
|
cd021e |
|
|
|
cd021e |
* Tue Jun 24 2014 Simo Sorce <simo@redhat.com> 0.8.0-1
|
|
|
cd021e |
- New upstream realease version 0.8.0
|
|
|
cd021e |
- Upstream moved to github
|
|
|
cd021e |
- Drops patches as they have been all included upstream
|
|
|
cd021e |
|
|
|
cd021e |
* Fri Jun 20 2014 Simo Sorce <simo@redhat.com> 0.7.0-3
|
|
|
cd021e |
- Backport of useful patches from upstream
|
|
|
cd021e |
- Better handling of IDP reported errors
|
|
|
cd021e |
- Better handling of session data storage size
|
|
|
cd021e |
|
|
|
cd021e |
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.7.0-2
|
|
|
cd021e |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
|
|
|
cd021e |
|
|
|
cd021e |
* Tue Dec 10 2013 Simo Sorce <simo@redhat.com> 0.7.0-1
|
|
|
cd021e |
- Fix ownership of /run files
|
|
|
cd021e |
|
|
|
cd021e |
* Wed Nov 27 2013 Simo Sorce <simo@redhat.com> 0.7.0-0
|
|
|
cd021e |
- Initial Fedora release based on version 0.7.0
|
|
|
cd021e |
- Based on an old spec file by Jean-Marc Liger <jmliger@siris.sorbonne.fr>
|