[pkgsrc/trunk]: pkgsrc Updated www/ap2-auth-mellon to 0.18.0

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc Updated www/ap2-auth-mellon to 0.18.0
From: manu <manu%pkgsrc.org@localhost>
Date: Tue, 09 Nov 2021 02:56:39 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/ef8802a6fb7d
branches:  trunk
changeset: 769157:ef8802a6fb7d
user:      manu <manu%pkgsrc.org@localhost>
date:      Tue Nov 09 01:50:45 2021 +0000

description:
Updated www/ap2-auth-mellon to 0.18.0

Change sine 0.17 from NEWS file:

Version 0.18.0
---------------------------------------------------------------------------

Security fixes:

* [CVE-2019-13038] Redirect URL validation bypass

  Version 0.17.0 and older of mod_auth_mellon allows the redirect URL
  validation to be bypassed by specifying an URL formatted as
  "///fishing-site.example.com/logout.html". In this case, the browser
  would interpret the URL differently than the APR parsing utility
  mellon uses and redirect to fishing-site.example.com.
  This could be reproduced with:
     https://rp.example.co.jp/mellon/logout?ReturnTo=///fishing-site.example.com
/logout.html

  This version fixes that issue by rejecting all URLs that start with "///".

Enhancements:

* A new option MellonSessionIdleTimeout that represents the amount of time
  a user can be inactive before the user's session times out in seconds.

Bug fixes:

* Several build-time fixes

* The CookieTest SameSite attribute was only set to None if mellon configure
  option MellonCookieSameSite was set to something other than default.
  This is now fixed.

diffstat:

 doc/CHANGES-2021             |   3 ++-
 www/ap2-auth-mellon/Makefile |  12 ++++++++----
 www/ap2-auth-mellon/distinfo |   9 +++++----
 3 files changed, 15 insertions(+), 9 deletions(-)

diffs (68 lines):

diff -r 597417fa16cd -r ef8802a6fb7d doc/CHANGES-2021
--- a/doc/CHANGES-2021  Tue Nov 09 01:40:14 2021 +0000
+++ b/doc/CHANGES-2021  Tue Nov 09 01:50:45 2021 +0000
@@ -1,4 +1,4 @@
-$NetBSD: CHANGES-2021,v 1.5496 2021/11/09 01:40:14 manu Exp $
+$NetBSD: CHANGES-2021,v 1.5497 2021/11/09 01:50:45 manu Exp $
 
 Changes to the packages collection and infrastructure in 2021:
 
@@ -8307,3 +8307,4 @@
        Updated devel/py-curtsies to 0.3.10 [adam 2021-11-08]
        Updated devel/bpython to 0.22 [adam 2021-11-08]
        Updated net/nagios-plugin-dotpid to 0.6 [manu 2021-11-09]
+       Updated www/ap2-auth-mellon to 0.18.0 [manu 2021-11-09]
diff -r 597417fa16cd -r ef8802a6fb7d www/ap2-auth-mellon/Makefile
--- a/www/ap2-auth-mellon/Makefile      Tue Nov 09 01:40:14 2021 +0000
+++ b/www/ap2-auth-mellon/Makefile      Tue Nov 09 01:50:45 2021 +0000
@@ -1,13 +1,14 @@
-# $NetBSD: Makefile,v 1.65 2021/09/29 19:01:25 adam Exp $
+# $NetBSD: Makefile,v 1.66 2021/11/09 01:50:45 manu Exp $
 
-DISTNAME=      mod_auth_mellon-0.17.0
+DISTNAME=      mod_auth_mellon-0.18.0
 PKGNAME=       ${APACHE_PKG_PREFIX}-${DISTNAME:S/mod_//:S/_/-/g}
 PKGREVISION=   1
 #PKGREVISION=  1
 CATEGORIES=    www security
 MASTER_SITES=  ${MASTER_SITE_GITHUB:=latchset/}
 GITHUB_PROJECT=        mod_auth_mellon
-GITHUB_RELEASE=        v${PKGVERSION_NOREV}
+GITHUB_TAG=    refs/tags/v${PKGVERSION_NOREV}
+WRKSRC=                ${WRKDIR}/${DISTNAME}
 
 MAINTAINER=    manu%NetBSD.org@localhost
 HOMEPAGE=      https://github.com/latchset/mod_auth_mellon
@@ -16,7 +17,7 @@
 
 GNU_CONFIGURE= YES
 USE_LIBTOOL=   YES
-USE_TOOLS+=    pkg-config
+USE_TOOLS+=    pkg-config autoconf automake
 
 APACHE_MODULE= YES
 .include "../../mk/apache.mk"
@@ -29,6 +30,9 @@
 
 INSTALLATION_DIRS+=    lib/httpd
 
+pre-configure:
+       cd ${WRKSRC} && ./autogen.sh
+
 do-install:
        cd ${WRKSRC} &&                                                 \
            libexecdir=`${APXS} -q LIBEXECDIR` &&                       \
diff -r 597417fa16cd -r ef8802a6fb7d www/ap2-auth-mellon/distinfo
--- a/www/ap2-auth-mellon/distinfo      Tue Nov 09 01:40:14 2021 +0000
+++ b/www/ap2-auth-mellon/distinfo      Tue Nov 09 01:50:45 2021 +0000
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.23 2021/10/26 11:29:18 nia Exp $
+$NetBSD: distinfo,v 1.24 2021/11/09 01:50:45 manu Exp $
 
-BLAKE2s (mod_auth_mellon-0.17.0.tar.gz) = a616ec354f289e4ea985c9c59fbd341877a9dbf1eb778dbad44ea93a51956145
-SHA512 (mod_auth_mellon-0.17.0.tar.gz) = 93919b46e5966d16b334f8f633345d8566f6873a68d1e619835a52a12a70fa7068fe036c69a43ca7b46e51b4c49354d51df13ffd64c60b82747eec86fe357d2e
-Size (mod_auth_mellon-0.17.0.tar.gz) = 955298 bytes
+SHA1 (mod_auth_mellon-0.18.0.tar.gz) = 7103c5f2e50bcbba81710c4f26087d8ac98f1e65
+RMD160 (mod_auth_mellon-0.18.0.tar.gz) = 9ef0edbbfd11d326ceb88d3525e9a3b282b45001
+SHA512 (mod_auth_mellon-0.18.0.tar.gz) = 477ac302fda9ed33b2ca51e88379250a41cc85111e71cacc8ba9f16cd8a2b63af6393fb038fc8f5c211b97926ef368c5989c92570c2e3c9eae072c7b4d32d7d5
+Size (mod_auth_mellon-0.18.0.tar.gz) = 918471 bytes

Prev by Date: [pkgsrc/trunk]: pkgsrc Updated net/nagios-plugin-dotpid to 0.6
Next by Date: [pkgsrc/trunk]: pkgsrc/lang/openjdk11 openjdk11: Use sed- g for NetBSD 9.99.9...
Previous by Thread: [pkgsrc/trunk]: pkgsrc Updated net/nagios-plugin-dotpid to 0.6
Next by Thread: [pkgsrc/trunk]: pkgsrc/lang/openjdk11 openjdk11: Use sed- g for NetBSD 9.99.9...
Indexes:

Home | Main Index | Thread Index | Old Index