pkgsrc

Automatic conversion of the NetBSD pkgsrc CVS module, use with care

Find a file

manu 40026700bc Update mod_auth_mellon to 0.12.0 Fixes CVE-2016-2145 and CVE-2016-2146 Changes since 0.10.0 frome NEWS file and patches/patch-0274 patch-0274 --------------------------------------------------------------------------- * Return 500 Internal Server Error if probe discovery fails. Version 0.12.0 --------------------------------------------------------------------------- Security fixes: * [CVE-2016-2145] Fix DOS attack (Apache worker process crash) due to incorrect error handling when reading POST data from client. * [CVE-2016-2146] Fix DOS attack (Apache worker process crash / resource exhaustion) due to missing size checks when reading POST data. In addition this release contains the following new features and fixes: * Add MellonRedirecDomains option to limit the sites that mod_auth_mellon can redirect to. This option is enabled by default. * Add support for ECP service options in PAOS requests. * Fix AssertionConsumerService lookup for PAOS requests. Version 0.11.1 --------------------------------------------------------------------------- Security fixes: * [CVE-2016-2145] Fix DOS attack (Apache worker process crash) due to incorrect error handling when reading POST data from client. * [CVE-2016-2146] Fix DOS attack (Apache worker process crash / resource exhaustion) due to missing size checks when reading POST data Version 0.11.0 --------------------------------------------------------------------------- * Add SAML 2.0 ECP support. * The MellonDecode option has been disabled. It was used to decode attributes in a Feide-specific encoding that is no longer used. * Set max-age=0 in Cache-Control header, to ensure that all browsers verifies the data on each request. * MellonMergeEnvVars On now accepts second optional parameter, the separator to be used instead of the default ';'. * Add option MellonEnvVarsSetCount to specify if the number of values for any attribute should also be stored in environment variable suffixed _N. * Add option MellonEnvVarsIndexStart to specify if environment variables for multi-valued attributes should start indexing with 0 (default) or with 1. * Bugfixes: * Fix error about missing authentication with DirectoryIndex in Apache 2.4.		2016-03-14 09:58:57 +00:00
archivers	MAKEFLAGS -> MAKE_FLAGS (pkgsrc guide 22.1)	2016-03-12 21:53:39 +00:00
audio	export libxml2 dependency, pkg-config says so	2016-03-13 08:10:29 +00:00
benchmarks	Bump PKGREVISION for security/openssl ABI bump.	2016-03-05 11:27:40 +00:00
biology	Use OPSYSVARS.	2016-02-25 11:21:11 +00:00
bootstrap	Fix --quiet. The output is far from quiet, but at least it now works.	2016-02-08 14:53:43 +00:00
cad	Correct RCSID to NetBSD, and update distinfo to match the file.	2016-03-07 23:40:47 +00:00
chat	Update to 4.1.1.	2016-03-09 18:04:17 +00:00
comms	Upstream: Update to 8.2.1	2016-03-13 18:31:11 +00:00
converters	MAKEFLAGS -> MAKE_FLAGS (pkgsrc guide 22.1)	2016-03-12 21:53:39 +00:00
cross	Use OPSYSVARS.	2016-02-25 11:32:19 +00:00
databases	remove references to ruby200	2016-03-14 00:59:05 +00:00
devel	remove references to ruby200	2016-03-14 00:59:05 +00:00
distfiles
doc	Updated security/lasso to 2.5.1	2016-03-14 09:45:08 +00:00
editors	add editors/hexcurse	2016-03-12 12:05:37 +00:00
emulators	Update xnp2 to 0.86.	2016-03-11 13:33:22 +00:00
filesystems	Update to 0.084	2016-03-09 12:25:01 +00:00
finance	Bump PKGREVISION for security/openssl ABI bump.	2016-03-05 11:27:40 +00:00
fonts	Add hack for build failure with native X11 on NetBSD 7.x and -current,	2016-03-07 04:43:55 +00:00
games	Update lgogdownloader to 2.27:	2016-03-13 08:49:31 +00:00
geography	Bump PKGREVISION for security/openssl ABI bump.	2016-03-05 11:27:40 +00:00
graphics	set CHECK_BUILTIN.zlib:=yes so that zlib's builtin.mk won't create a fake zlib.pc	2016-03-14 06:08:10 +00:00
ham	(pkgsrc)	2016-03-07 13:14:31 +00:00
inputmethod	Recursive revbump from libxklavier-5.4	2016-03-12 11:28:36 +00:00
lang	add libiconv buildlink3 dependency, bump PKGREVISION	2016-03-14 05:49:51 +00:00
licenses	Generalize year with <year> and authors with <copyright holders>.	2016-03-08 18:24:22 +00:00
mail	Bump PKGREVISION by chaging default version of Ruby.	2016-03-13 09:36:58 +00:00
math	Update to FriCAS 1.2.7	2016-03-12 20:54:23 +00:00
mbone	Remove redundant if statement to handle linker flags on amd64.	2016-01-03 22:48:52 +00:00
meta-pkgs	drop ruby200-base	2016-03-14 00:54:43 +00:00
misc	remove references to ruby200	2016-03-14 00:59:05 +00:00
mk	Also determine when compiling from source files	2016-03-13 15:32:06 +00:00
multimedia	Bump PKGREVISION by chaging default version of Ruby.	2016-03-13 09:36:58 +00:00
net	Update net/haproxy to 1.6.4. Throw in example config files.	2016-03-14 09:23:31 +00:00
news	Bump PKGREVISION for security/openssl ABI bump.	2016-03-05 11:27:40 +00:00
packages
parallel	Bump PKGREVISION for security/openssl ABI bump.	2016-03-05 11:27:40 +00:00
pkgtools	Updated pkglint to 5.3.6.	2016-03-13 13:40:10 +00:00
print	Update to 6.0.0	2016-03-11 15:37:02 +00:00
regress	Recursive PKGREVISION bump for all packages mentioning 'perl',	2015-06-12 10:50:58 +00:00
security	Update lasso to 2.5.1	2016-03-14 09:43:42 +00:00
shells	Use OPSYSVARS.	2016-02-26 09:41:05 +00:00
sysutils	remove references to ruby200	2016-03-14 00:59:05 +00:00
templates	Add a list of options to generated README.html files. Patch from	2015-10-03 13:17:57 +00:00
textproc	remove references to ruby200	2016-03-14 00:59:05 +00:00
time	Update p5-DateTime to 1.25:	2016-03-09 11:26:43 +00:00
wm	Bump PKGREVISION for security/openssl ABI bump.	2016-03-05 11:27:40 +00:00
www	Update mod_auth_mellon to 0.12.0	2016-03-14 09:58:57 +00:00
x11	don't use xcrun checking for xcrun on osx	2016-03-14 06:12:17 +00:00
Makefile
pkglocate
README

README

$NetBSD: README,v 1.18 2005/05/07 22:18:28 wiz Exp $

Please see doc/pkgsrc.txt for information.