Navigation:
Browse pkgsrc
(this page)| 2017-03-23 18:07:02 by Joerg Sonnenberger | Files touched by this commit (219) |
Log message: Extend SHA512 checksums to various files I have on my local distfile mirror. |
2017-01-01 17:06:40 by Adam Ciarcinski | Files touched by this commit (616) |  |
Log message: Revbump after boost update |
| 2016-10-27 14:53:13 by Emmanuel Dreyfus | Files touched by this commit (4) |
Log message: Fix pkglint complains |
| 2016-10-18 17:13:41 by Emmanuel Dreyfus | Files touched by this commit (3) |
Log message: Do not redirect unauthenticated AJAX request to the IdP When MellonEnable is "auth" and we get an unauthenticated AJAX request (identified by the X-Request-With: XMLHttpRequest HTTP header), fail with HTTP code 403 Forbidden instead of redirecting to the IdP. This saves resources, as the client has no opportunity to interract with the user to complete authentification. |
| 2016-10-07 20:26:14 by Adam Ciarcinski | Files touched by this commit (611) | |
Log message: Revbump post boost update |
| 2016-09-22 04:44:26 by Makoto Fujiwara | Files touched by this commit (1) |
Log message: Update HOMEPAGE, previous was 404 |
| 2016-03-14 10:58:57 by Emmanuel Dreyfus | Files touched by this commit (3) |
Log message:
Update mod_auth_mellon to 0.12.0
Fixes CVE-2016-2145 and CVE-2016-2146
Changes since 0.10.0 frome NEWS file and patches/patch-0274
patch-0274
---------------------------------------------------------------------------
* Return 500 Internal Server Error if probe discovery fails.
Version 0.12.0
---------------------------------------------------------------------------
Security fixes:
* [CVE-2016-2145] Fix DOS attack (Apache worker process crash) due to
incorrect error handling when reading POST data from client.
* [CVE-2016-2146] Fix DOS attack (Apache worker process crash /
resource exhaustion) due to missing size checks when reading
POST data.
In addition this release contains the following new features and fixes:
* Add MellonRedirecDomains option to limit the sites that
mod_auth_mellon can redirect to. This option is enabled by default.
* Add support for ECP service options in PAOS requests.
* Fix AssertionConsumerService lookup for PAOS requests.
Version 0.11.1
---------------------------------------------------------------------------
Security fixes:
* [CVE-2016-2145] Fix DOS attack (Apache worker process crash) due to
incorrect error handling when reading POST data from client.
* [CVE-2016-2146] Fix DOS attack (Apache worker process crash /
resource exhaustion) due to missing size checks when reading
POST data
Version 0.11.0
---------------------------------------------------------------------------
* Add SAML 2.0 ECP support.
* The MellonDecode option has been disabled. It was used to decode
attributes in a Feide-specific encoding that is no longer used.
* Set max-age=0 in Cache-Control header, to ensure that all browsers
verifies the data on each request.
* MellonMergeEnvVars On now accepts second optional parameter, the
separator to be used instead of the default ';'.
* Add option MellonEnvVarsSetCount to specify if the number of values
for any attribute should also be stored in environment variable
suffixed _N.
* Add option MellonEnvVarsIndexStart to specify if environment variables
for multi-valued attributes should start indexing with 0 (default) or
with 1.
* Bugfixes:
* Fix error about missing authentication with DirectoryIndex in
Apache 2.4.
|
| 2016-03-05 12:29:49 by Jonathan Perkin | Files touched by this commit (1813) |
Log message: Bump PKGREVISION for security/openssl ABI bump. |
| 2015-11-04 03:47:43 by Alistair G. Crooks | Files touched by this commit (758) |
Log message: Add SHA512 digests for distfiles for www category Problems found locating distfiles: Package haskell-cgi: missing distfile haskell-cgi-20001206.tar.gz Package nginx: missing distfile array-var-nginx-module-0.04.tar.gz Package nginx: missing distfile encrypted-session-nginx-module-0.04.tar.gz Package nginx: missing distfile headers-more-nginx-module-0.261.tar.gz Package nginx: missing distfile nginx_http_push_module-0.692.tar.gz Package nginx: missing distfile set-misc-nginx-module-0.29.tar.gz Package nginx-devel: missing distfile echo-nginx-module-0.58.tar.gz Package nginx-devel: missing distfile form-input-nginx-module-0.11.tar.gz Package nginx-devel: missing distfile lua-nginx-module-0.9.16.tar.gz Package nginx-devel: missing distfile nginx_http_push_module-0.692.tar.gz Package nginx-devel: missing distfile set-misc-nginx-module-0.29.tar.gz Package php-owncloud: missing distfile owncloud-8.2.0.tar.bz2 Otherwise, existing SHA1 digests verified and found to be the same on the machine holding the existing distfiles (morden). All existing SHA1 digests retained for now as an audit trail. |
| 2015-04-13 10:10:29 by Emmanuel Dreyfus | Files touched by this commit (1) |
Log message: Allow apache 2.4 ito be used with ap2-auth-mellon. |
New packages: