From dc2e6c5a1fec5a3a19a1816bcf258180b4b47561 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jakub.hrozek@posteo.se>
Date: Mar 22 2019 20:28:22 +0000
Subject: Upgrade to 0.14.2


---

diff --git a/.gitignore b/.gitignore
index 7b0a11c..80a7920 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,3 +6,4 @@
 /mod_auth_mellon-0.12.0.tar.gz
 /mod_auth_mellon-0.13.1.tar.gz
 /mod_auth_mellon-0.14.0.tar.gz
+/mod_auth_mellon-0.14.2.tar.gz
diff --git a/mod_auth_mellon.spec b/mod_auth_mellon.spec
index 6e6f9de..4353d13 100644
--- a/mod_auth_mellon.spec
+++ b/mod_auth_mellon.spec
@@ -1,7 +1,7 @@
 Summary: A SAML 2.0 authentication module for the Apache Httpd Server
 Name: mod_auth_mellon
-Version: 0.14.0
-Release: 5%{?dist}
+Version: 0.14.2
+Release: 1%{?dist}
 Source0: https://github.com/UNINETT/mod_auth_mellon/releases/download/v%{version}/%{name}-%{version}.tar.gz
 Source1: auth_mellon.conf
 Source2: 10-auth_mellon.conf
@@ -101,6 +101,13 @@ in the doc directory for instructions on using the diagnostics build.
 %dir /run/%{name}/
 
 %changelog
+* Fri Mar 22 2019 Jakub Hrozek <jhrozek@redhat.com> - 0.14.2-1
+- Upgrade to 0.14.2
+- Related: rhbz#1691771 - CVE-2019-3877 mod_auth_mellon: open redirect in
+                          logout url when using URLs with backslashes
+- Related: rhbz#1691136 - CVE-2019-3878 mod_auth_mellon: authentication
+                          bypass in ECP flow
+
 * Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.14.0-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
 
diff --git a/sources b/sources
index 6fed013..2a1bf60 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (mod_auth_mellon-0.14.0.tar.gz) = db1bf70c234fe89914b1bb34fc6afb5b901193a8c8c7e9946485a3e20a7d129c36427717eab53764edf5a5cff5c45dfe412e400cb1f50c49ef24dbbfd6ecbf25
+SHA512 (mod_auth_mellon-0.14.2.tar.gz) = 9d14b1482a73ce7e86f5f7618454aab8759533649f34fa0088264b7b09dbd90db46011c629303b2f3ad969379937ff5adaa0d7b63a502cdfbba0cd1b762502a6