Next | Query returned 78 messages, browsing 41 to 50 | Previous

History of commit frequency

CVS Commit History:


   2017-03-23 18:07:02 by Joerg Sonnenberger | Files touched by this commit (219)
Log message:
Extend SHA512 checksums to various files I have on my local distfile
mirror.
   2017-01-01 17:06:40 by Adam Ciarcinski | Files touched by this commit (616) | Package updated
Log message:
Revbump after boost update
   2016-10-27 14:53:13 by Emmanuel Dreyfus | Files touched by this commit (4)
Log message:
Fix pkglint complains
   2016-10-18 17:13:41 by Emmanuel Dreyfus | Files touched by this commit (3)
Log message:
Do not redirect unauthenticated AJAX request to the IdP

When MellonEnable is "auth" and we get an unauthenticated AJAX
request (identified by the X-Request-With: XMLHttpRequest HTTP
header), fail with HTTP code 403 Forbidden instead of redirecting
to the IdP. This saves resources, as the client has no opportunity
to interract with the user to complete authentification.
   2016-10-07 20:26:14 by Adam Ciarcinski | Files touched by this commit (611) | Package updated
Log message:
Revbump post boost update
   2016-09-22 04:44:26 by Makoto Fujiwara | Files touched by this commit (1)
Log message:
Update HOMEPAGE, previous was 404
   2016-03-14 10:58:57 by Emmanuel Dreyfus | Files touched by this commit (3)
Log message:
Update mod_auth_mellon to 0.12.0

Fixes CVE-2016-2145 and CVE-2016-2146

Changes since 0.10.0 frome NEWS file and patches/patch-0274

patch-0274
---------------------------------------------------------------------------
* Return 500 Internal Server Error if probe discovery fails.

Version 0.12.0
---------------------------------------------------------------------------

Security fixes:

* [CVE-2016-2145] Fix DOS attack (Apache worker process crash) due to
  incorrect error handling when reading POST data from client.

* [CVE-2016-2146] Fix DOS attack (Apache worker process crash /
  resource exhaustion) due to missing size checks when reading
  POST data.

In addition this release contains the following new features and fixes:

* Add MellonRedirecDomains option to limit the sites that
  mod_auth_mellon can redirect to. This option is enabled by default.

* Add support for ECP service options in PAOS requests.

* Fix AssertionConsumerService lookup for PAOS requests.

Version 0.11.1
---------------------------------------------------------------------------

Security fixes:

* [CVE-2016-2145] Fix DOS attack (Apache worker process crash) due to
  incorrect error handling when reading POST data from client.

* [CVE-2016-2146] Fix DOS attack (Apache worker process crash /
  resource exhaustion) due to missing size checks when reading
  POST data

Version 0.11.0
---------------------------------------------------------------------------

* Add SAML 2.0 ECP support.

* The MellonDecode option has been disabled. It was used to decode
  attributes in a Feide-specific encoding that is no longer used.

* Set max-age=0 in Cache-Control header, to ensure that all browsers
  verifies the data on each request.

* MellonMergeEnvVars On now accepts second optional parameter, the
  separator to be used instead of the default ';'.

* Add option MellonEnvVarsSetCount to specify if the number of values
  for any attribute should also be stored in environment variable
  suffixed _N.

* Add option MellonEnvVarsIndexStart to specify if environment variables
  for multi-valued attributes should start indexing with 0 (default) or
  with 1.

* Bugfixes:

  * Fix error about missing authentication with DirectoryIndex in
    Apache 2.4.
   2016-03-05 12:29:49 by Jonathan Perkin | Files touched by this commit (1813)
Log message:
Bump PKGREVISION for security/openssl ABI bump.
   2015-11-04 03:47:43 by Alistair G. Crooks | Files touched by this commit (758)
Log message:
Add SHA512 digests for distfiles for www category

Problems found locating distfiles:
	Package haskell-cgi: missing distfile haskell-cgi-20001206.tar.gz
	Package nginx: missing distfile array-var-nginx-module-0.04.tar.gz
	Package nginx: missing distfile encrypted-session-nginx-module-0.04.tar.gz
	Package nginx: missing distfile headers-more-nginx-module-0.261.tar.gz
	Package nginx: missing distfile nginx_http_push_module-0.692.tar.gz
	Package nginx: missing distfile set-misc-nginx-module-0.29.tar.gz
	Package nginx-devel: missing distfile echo-nginx-module-0.58.tar.gz
	Package nginx-devel: missing distfile form-input-nginx-module-0.11.tar.gz
	Package nginx-devel: missing distfile lua-nginx-module-0.9.16.tar.gz
	Package nginx-devel: missing distfile nginx_http_push_module-0.692.tar.gz
	Package nginx-devel: missing distfile set-misc-nginx-module-0.29.tar.gz
	Package php-owncloud: missing distfile owncloud-8.2.0.tar.bz2

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
   2015-04-13 10:10:29 by Emmanuel Dreyfus | Files touched by this commit (1)
Log message:
Allow apache 2.4 ito be used with ap2-auth-mellon.

Next | Query returned 78 messages, browsing 41 to 50 | Previous