From 0faec830e5d5725f689e42ed668bbb8c2a7bddaa Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Fri, 30 Jul 2021 10:42:07 +0200
Subject: [PATCH] Resolves: rhbz#1985153 - mod_auth_openidc-2.4.9 is available

Resolves: rhbz#1986103 - CVE-2021-32786 mod_auth_openidc: open redirect
                           in oidc_validate_redirect_url()
Resolves: rhbz#1986396 - CVE-2021-32791 mod_auth_openidc: hardcoded
                           static IV and AAD with a reused key in AES GCM
                           encryption
Resolves: rhbz#1986398 - CVE-2021-32792 mod_auth_openidc: XSS when using
                           OIDCPreservePost On
---
 .gitignore            |  1 +
 mod_auth_openidc.spec | 14 ++++++++++++--
 sources               |  2 +-
 3 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/.gitignore b/.gitignore
index a41ef31..1440863 100644
--- a/.gitignore
+++ b/.gitignore
@@ -15,3 +15,4 @@
 /v2.4.7.2.tar.gz
 /v2.4.8.2.tar.gz
 /v2.4.8.4.tar.gz
+/v2.4.9.tar.gz
diff --git a/mod_auth_openidc.spec b/mod_auth_openidc.spec
index 4579182..8e19ceb 100644
--- a/mod_auth_openidc.spec
+++ b/mod_auth_openidc.spec
@@ -14,8 +14,8 @@
 %global httpd_pkg_cache_dir /var/cache/httpd/mod_auth_openidc
 
 Name:		mod_auth_openidc
-Version:	2.4.8.4
-Release:	2%{?dist}
+Version:	2.4.9
+Release:	1%{?dist}
 Summary:	OpenID Connect auth module for Apache HTTP Server
 
 License:	ASL 2.0
@@ -96,6 +96,16 @@ install -m 700 -d $RPM_BUILD_ROOT%{httpd_pkg_cache_dir}/cache
 %dir %attr(0700, apache, apache) %{httpd_pkg_cache_dir}/cache
 
 %changelog
+* Fri Jul 30 2021 Jakub Hrozek <jhrozek@redhat.com> - 2.4.9-1
+- Resolves: rhbz#1985153 - mod_auth_openidc-2.4.9 is available
+- Resolves: rhbz#1986103 - CVE-2021-32786 mod_auth_openidc: open redirect
+                           in oidc_validate_redirect_url()
+- Resolves: rhbz#1986396 - CVE-2021-32791 mod_auth_openidc: hardcoded
+                           static IV and AAD with a reused key in AES GCM
+                           encryption
+- Resolves: rhbz#1986398 - CVE-2021-32792 mod_auth_openidc: XSS when using
+                           OIDCPreservePost On
+
 * Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.8.4-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
 
diff --git a/sources b/sources
index b456d49..f0dd912 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (v2.4.8.4.tar.gz) = 2967e7d4e4fb440f4e144de2fd43df21907813ba6f935248245ac372734bfd4ae36b10c894f57090188aa66d850c6b656370a81b598cb905d7681a60b16f5748
+SHA512 (v2.4.9.tar.gz) = 21033971fedcfa1b8042aba53b17c2dba8f5c633006a40a01ae56d347eff5d772f380d0f2d0b7b8284e45796c25dd4aff96b8bf9299c283d0b40ff742d3a933c