rpms/mod_auth_openidc
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Import from CS git

Browse Source
This commit is contained in:
eabdullin 2025-05-07 15:13:21 +00:00
parent cc1d0aad42
commit 2b979650b5
3 changed files with 1590 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
SOURCES/0005-CVE-2024-24814.patch → SOURCES/0005-CVE-2025-31492.patch
View File

1584
SOURCES/0006-string-compare.patch Normal file
View File

File diff suppressed because it is too large Load Diff

8
SPECS/mod_auth_openidc.spec
View File

@ -15,7 +15,7 @@
Name: mod_auth_openidc
Version: 2.4.9.4
Release: 7%{?dist}
Release: 8%{?dist}
Summary: OpenID Connect auth module for Apache HTTP Server
License: ASL 2.0
@ -25,7 +25,8 @@ Patch1: 0001-CVE-2022-23527.patch
Patch2: 0002-CVE-2023-28625.patch
Patch3: 0003-CVE-2024-24814.patch
Patch4: 0004-race-condition.patch
Patch5: 0005-CVE-2024-24814.patch
Patch5: 0005-CVE-2025-31492.patch
Patch6: 0006-string-compare.patch
BuildRequires: gcc
BuildRequires: httpd-devel
@ -101,6 +102,9 @@ install -m 700 -d $RPM_BUILD_ROOT%{httpd_pkg_cache_dir}/cache
%dir %attr(0700, apache, apache) %{httpd_pkg_cache_dir}/cache
%changelog
* Fri Apr 25 2025 Tomas Halman <thalman@redhat.com> - 2.4.9.4-8
- Resolves: RHEL-87759 - Empty POST causes crash with OIDCPreservePost
* Fri Apr 11 2025 Tomas Halman <thalman@redhat.com> - 2.4.9.4-7
- Resolves: RHEL-86218 - mod_auth_openidc allows OIDCProviderAuthRequestMethod
POSTs to leak protected data (CVE-2025-31492)