Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

mod_auth_openidc-2.4.9.4-7.module_el8.10.0+3978+e883c40d RPM for s390x

From AlmaLinux 8.10 AppStream for s390x

Name: mod_auth_openidc Distribution: AlmaLinux
Version: 2.4.9.4 Vendor: AlmaLinux
Release: 7.module_el8.10.0+3978+e883c40d Build date: Fri Apr 18 13:52:52 2025
Group: Unspecified Build host: s390x-builder02.almalinux.org
Size: 600692 Source RPM: mod_auth_openidc-2.4.9.4-7.module_el8.10.0+3978+e883c40d.src.rpm
Packager: AlmaLinux Packaging Team <packager@almalinux.org>
Url: https://github.com/zmartzone/mod_auth_openidc
Summary: OpenID Connect auth module for Apache HTTP Server
This module enables an Apache 2.x web server to operate as
an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.

Provides

Requires

License

ASL 2.0

Changelog

* Fri Apr 11 2025 Tomas Halman <thalman@redhat.com> - 2.4.9.4-7
  - Resolves: RHEL-86218 - mod_auth_openidc allows OIDCProviderAuthRequestMethod
              POSTs to leak protected data (CVE-2025-31492)
* Fri Apr 12 2024 Tomas Halman <thalman@redhat.com> - 2.4.9.4-6
  - Resolves: RHEL-36492 Race condition in mod_auth_openidc filecache
  - Resolves: RHEL-25421 mod_auth_openidc: DoS when using
      `OIDCSessionType client-cookie` and manipulating cookies
      (CVE-2024-24814)
* Tue Apr 25 2023 Tomas Halman <thalman@redhat.com> - 2.4.9.4-5
  Related: rhbz#2141850 - fix cjose version dependency
* Mon Apr 24 2023 Tomas Halman <thalman@redhat.com> - 2.4.9.4-4
  Resolves: rhbz#2141850 - auth_openidc.conf mode 0640 by default
* Tue Apr 11 2023 Tomas Halman <thalman@redhat.com> - 2.4.9.4-3
  - Resolves: rhbz#2184144 - CVE-2023-28625 NULL pointer dereference
        when OIDCStripCookies is set and a crafted Cookie header is supplied
* Tue Feb 21 2023 Tomas Halman <thalman@redhat.com> - 2.4.9.4-2
  - Resolves: rhbz#2153659 - CVE-2022-23527 - Open Redirect in
        oidc_validate_redirect_url() using tab character
* Fri Apr 08 2022 Tomas Halman <thalman@redhat.com> - 2.4.9.4-1
  - Resolves: rhbz#2025368 - Rebase to new version
* Fri Jan 28 2022 Tomas Halman <thalman@redhat.com> - 2.3.7-11
  - Resolves: rhbz#1987222 - CVE-2021-32792 XSS when using OIDCPreservePost On
* Fri Jan 28 2022 Tomas Halman <thalman@redhat.com> - 2.3.7-10
  - Resolves: rhbz#1987216 - CVE-2021-32791 hardcoded static IV and AAD with a
                             reused key in AES GCM encryption [rhel-8] (edit)
* Fri Oct 29 2021 Tomas Halman <thalman@redhat.com> - 2.3.7-9
  - Resolves: rhbz#2001853 - CVE-2021-39191 open redirect by supplying a crafted URL
                             in the target_link_uri parameter
* Tue Nov 17 2020 Jakub Hrozek <jhrozek@redhat.com> - 2.3.7-8
  - Resolves: rhbz#1823756 - Backport SameSite=None cookie from
                             mod_auth_openidc upstream to support latest browsers
* Tue Nov 17 2020 Jakub Hrozek <jhrozek@redhat.com> - 2.3.7-7
  - Resolves: rhbz#1897992 - OIDCStateInputHeaders &
                             OIDCStateMaxNumberOfCookies in existing
                             mod_auth_openidc version
  - Backport the OIDCStateMaxNumberOfCookies option
  - Configure which header value is used to calculate the fingerprint of
    the auth state
* Sun May 10 2020 Jakub Hrozek <jhrozek@redhat.com> - 2.3.7-6
  - Fix the previous backport
  - Related: rhbz#1805749 - CVE-2019-14857 mod_auth_openidc:2.3/mod_auth_openidc:
                            Open redirect in logout url when using URLs with
                            leading slashes
  - Related: rhbz#1805068 - CVE-2019-20479 mod_auth_openidc:2.3/mod_auth_openidc:
                            open redirect issue exists in URLs with slash and
                            backslash
* Sun May 10 2020 Jakub Hrozek <jhrozek@redhat.com> - 2.3.7-5
  - Resolves: rhbz#1805749 - CVE-2019-14857 mod_auth_openidc:2.3/mod_auth_openidc:
                             Open redirect in logout url when using URLs with
                             leading slashes
  - Resolves: rhbz#1805068 - CVE-2019-20479 mod_auth_openidc:2.3/mod_auth_openidc:
                             open redirect issue exists in URLs with slash and
                             backslash
* Thu Aug 16 2018 <jdennis@redhat.com> - 2.3.7-3
  - Resolves: rhbz# 1614977 - fix unit test segfault,
    the problem was not limited exclusively to s390x, but s390x provoked it.
* Fri Aug 10 2018 <jdennis@redhat.com> - 2.3.7-2
  - disable running check on s390x
* Wed Aug 01 2018 <jdennis@redhat.com> - 2.3.7-1
  - upgrade to upstream 2.3.7
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.5-2
  - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed May 23 2018 Patrick Uiterwijk <patrick@puiterwijk.org> - 2.3.5-1
  - Rebase to 2.3.5
* Fri Feb 09 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.8.10.1-7
  - Escape macros in %changelog
* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.10.1-6
  - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.10.1-5
  - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.10.1-4
  - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Sat Feb 18 2017 John Dennis <jdennis@redhat.com> - 1.8.10.1-3
  - Resolves: #1423956 fails to build with openssl 1.1.x
    Also rolls up all fixes to jose library before the change over to cjose
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.10.1-2
  - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Tue Jul 12 2016 John Dennis <jdennis@redhat.com> - 1.8.10.1-1
  - Upgrade to new upstream
    See /usr/share/doc/mod_auth_openidc/ChangeLog for details
* Tue Mar 29 2016 John Dennis <jdennis@redhat.com> - 1.8.8-4
  - Add %check to run test
* Wed Mar 23 2016 John Dennis <jdennis@redhat.com> - 1.8.8-3
  - Make building with redis support optional (defaults to without)
* Mon Mar 21 2016 John Dennis <jdennis@redhat.com> - 1.8.8-2
  - Add missing unpackaged files/directories
  
    Add to doc: README.md, DISCLAIMER, AUTHORS
    Add to httpd/conf.d: auth_openidc.conf
    Add to /var/cache: /var/cache/httpd/mod_auth_openidc/cache
                       /var/cache/httpd/mod_auth_openidc/metadata
* Thu Mar 10 2016 Jan Pazdziora <jpazdziora@redhat.com> 1.8.8-1
  - Update to 1.8.8 (#1316528)
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.7-2
  - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Sat Jan 09 2016 Fedora Release Monitoring <release-monitoring@fedoraproject.org> - 1.8.7-1
  - Update to 1.8.7 (#1297080)
* Sat Nov 07 2015 Jan Pazdziora <jpazdziora@redhat.com> 1.8.6-1
  - Initial packaging for Fedora 23.

Files

/etc/httpd/conf.d/auth_openidc.conf
/etc/httpd/conf.modules.d/10-auth_openidc.conf
/usr/lib/.build-id
/usr/lib/.build-id/7b
/usr/lib/.build-id/7b/c5f6676df94227afb6e955b7fb72b6676d9d57
/usr/lib64/httpd/modules/mod_auth_openidc.so
/usr/share/doc/mod_auth_openidc
/usr/share/doc/mod_auth_openidc/AUTHORS
/usr/share/doc/mod_auth_openidc/ChangeLog
/usr/share/doc/mod_auth_openidc/README.md
/usr/share/licenses/mod_auth_openidc
/usr/share/licenses/mod_auth_openidc/LICENSE.txt
/var/cache/httpd/mod_auth_openidc
/var/cache/httpd/mod_auth_openidc/cache
/var/cache/httpd/mod_auth_openidc/metadata


Generated by rpm2html 1.8.1

Fabrice Bellet, Fri Oct 24 06:02:06 2025