Description of problem: The ~ (tilde) operator used to authorize based on a regex no longer works after the update from 1.1.3 to 1.2-4 at the end of March 2023. Version-Release number of selected component (if applicable): 1.2-4 How reproducible: Easily. A syntax like "require cas-attribute affil~^(?!ALUMNI).*$" will fail "no access" even when the attribute should be allowing access. Steps to Reproduce: 1. Create an .htaccess file using the tilde syntax 2. Try to load the page 3. Will fail regardless of the attributes returned by the session validation call. Actual results: Access denied. Expected results: Access granted. Additional info: Building from source tarball in the src.rpm without the "0002-Update-to-pcre2.patch" patch works fine so something in that seems almost certain to be the cause.
Note: EL8 is also affected by this.Probably all versions, but I've only checked 7 and 8.
Thanks for reporting this. This regression might have been caused by a patch I had submitted upstream (https://github.com/apereo/mod_auth_cas/pull/209) and it looks like there was a proposed fix for this that dropped off my radar. I'll get a build together shortly for you to test.
I pushed an update to the PR upstream that I think will fix this. If they don't reply soon, I'll update the patch on our end so you can test it out.
Thanks, sounds good. I'll keep an eye out for whichever.
I have good news! The PRs were just approved and merged upstream. We'll get an update for you to test shortly.
FEDORA-EPEL-2024-1ed4ab5b96 (mod_auth_cas-1.2-8.el8) has been submitted as an update to Fedora EPEL 8. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-1ed4ab5b96
FEDORA-2024-3526208a79 (mod_auth_cas-1.2-8.fc38) has been submitted as an update to Fedora 38. https://bodhi.fedoraproject.org/updates/FEDORA-2024-3526208a79
FEDORA-2024-6dcbbc60c8 (mod_auth_cas-1.2-8.fc39) has been submitted as an update to Fedora 39. https://bodhi.fedoraproject.org/updates/FEDORA-2024-6dcbbc60c8
FEDORA-EPEL-2024-6adb140981 (mod_auth_cas-1.2-8.el9) has been submitted as an update to Fedora EPEL 9. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-6adb140981
It should be fixed for EL8 and EL9 (and Fedora). Unfortunately, EL7 no longer builds against the current mod_auth_cas as it's missing the apr_escape.h header that isn't currently available in EL7.
FEDORA-2024-6dcbbc60c8 has been pushed to the Fedora 39 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-6dcbbc60c8` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-6dcbbc60c8 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-EPEL-2024-6adb140981 has been pushed to the Fedora EPEL 9 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-6adb140981 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-EPEL-2024-1ed4ab5b96 has been pushed to the Fedora EPEL 8 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-1ed4ab5b96 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2024-3526208a79 has been pushed to the Fedora 38 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-3526208a79` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-3526208a79 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Excellent - thank you! I probably can't get to it this week, but we will test it and follow up here.
FEDORA-EPEL-2024-6adb140981 (mod_auth_cas-1.2-8.el9) has been pushed to the Fedora EPEL 9 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2024-6dcbbc60c8 (mod_auth_cas-1.2-8.fc39) has been pushed to the Fedora 39 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-EPEL-2024-1ed4ab5b96 (mod_auth_cas-1.2-8.el8) has been pushed to the Fedora EPEL 8 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2024-3526208a79 (mod_auth_cas-1.2-8.fc38) has been pushed to the Fedora 38 stable repository. If problem still persists, please make note of it in this bug report.