-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2012-4119 2012-03-17 23:02:58 --------------------------------------------------------------------------------
Name : php-pear-CAS Product : Fedora 16 Version : 1.3.0 Release : 2.fc16 URL : https://wiki.jasig.org/display/CASC/phpCAS Summary : Central Authentication Service client library in php Description : This package is a PEAR library for using a Central Authentication Service. -------------------------------------------------------------------------------- Update Information: Upstream changelog Changes in version 1.3.0 Bug Fixes: * the saml logout url should be parsed urlencoded [#24] (dlineate) * fix a proxy mode bug introduced in a previous comitt [#16] (Adam Franco) * Fix include_path order so that the phpCAS path takes precedence [#13] (Adam Franco) * fix invalid characters in the php session naming [#17] (Joachim Fritschi) * fix an initialisation problem introduced in the PGT storage [18] (Daniel Frett) * make sure the PGTStorage object is initialized if a user is utilizing the createTable method [#4] (Daniel Frett) * Fix error message in phpCAS::setCacheTimesForAuthRecheck() [PHPCAS-132/#1] (Bradley Froehle) * Always return attributes in utf8 [PHPCAS-102] * Fix warning during debugging if debug is set to false [PHPCAS-123] (Sean Watkins) New Features: * Add a script to create the PGT db table in proxy mode [#11] (Joachim Fritschi) * Switch to the Apache License [#5] (Adam Franco, Joachim Fritschi) * Move to github and add all necessary file to package [#12] (Adam Franco) * New build process for github [#12] (Adam Franco) * Update unit tests to work with the lastest phpunit version [PHPCAS-128] (Adam Franco) * Refacatoring of the protocol decision making to allow validation of proxied usage [PHPCAS-69] (Joachim Fritschi, Adam Franco) * Rebroadcast of logout and pgtiou to support clustered phpcas [PHPCAS-100] (Matthew Selwood, Adam Franco) Improvements: * Improved cookie handling [] (Adam Franco * Indent, format and user name guidelines of PEAR [#14] (Joachim Fritschi) * Add a class autoloading feature [PHPCAS-125/#8] (Joachim Fritschi) * Remove global variables [PHPCAS-126] (Adam Franco) * Implementation of an exception framework to allow gracefull termination [PHPCAS-109] (Joachim Fritschi) * enable single sign-out when session has already started [#29] (Benvii) Security Fixes: * CVE-2012-1104 validate proxied usage of a service [PHPCAS-69] (Joachim Fritschi, Adam Franco) * CVE-2012-1105 change the default PGT save path to the session storage path and set proper permissions [#22] (Joachim Fritschi) -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 14 2012 Remi Collet <[email protected]> - 1.3.0-2 - License is ASL 2.0, https://github.com/Jasig/phpCAS/issues/32 - New sources, https://github.com/Jasig/phpCAS/issues/31 - update to Version 1.3.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #801343 - CVE-2012-1104 php-pear-CAS: Improper management of service proxying https://bugzilla.redhat.com/show_bug.cgi?id=801343 [ 2 ] Bug #801347 - CVE-2012-1105 php-pear-CAS: Debug log and proxy configuration session data stored in /tmp without proper protection https://bugzilla.redhat.com/show_bug.cgi?id=801347 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update php-pear-CAS' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/package-announce
