From 3c49220310ef665ef610517039cdb51638094aef Mon Sep 17 00:00:00 2001 From: Tomas Halman Date: Mon, 24 Apr 2023 22:32:50 +0200 Subject: [PATCH] The access mode and ownership of auth_openidc.conf Resolves: rhbz#2141850 - auth_openidc.conf mode 0640 by default --- mod_auth_openidc.spec | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/mod_auth_openidc.spec b/mod_auth_openidc.spec index 8a2cc6a..f2286ef 100644 --- a/mod_auth_openidc.spec +++ b/mod_auth_openidc.spec @@ -15,7 +15,7 @@ Name: mod_auth_openidc Version: 2.4.9.4 -Release: 3%{?dist} +Release: 4%{?dist} Summary: OpenID Connect auth module for Apache HTTP Server License: ASL 2.0 @@ -36,6 +36,7 @@ BuildRequires: cjose-devel BuildRequires: jq-devel %{?_with_hiredis:BuildRequires: hiredis-devel} Requires: httpd-mmn = %{_httpd_mmn} +Requires: cjose = 0.6.1-2 %description This module enables an Apache 2.x web server to operate as @@ -91,12 +92,15 @@ install -m 700 -d $RPM_BUILD_ROOT%{httpd_pkg_cache_dir}/cache %doc README.md %{_httpd_moddir}/mod_auth_openidc.so %config(noreplace) %{_httpd_modconfdir}/10-auth_openidc.conf -%config(noreplace) %{_httpd_confdir}/auth_openidc.conf +%config(noreplace) %attr(0640, root, apache) %{_httpd_confdir}/auth_openidc.conf %dir %attr(0700, apache, apache) %{httpd_pkg_cache_dir} %dir %attr(0700, apache, apache) %{httpd_pkg_cache_dir}/metadata %dir %attr(0700, apache, apache) %{httpd_pkg_cache_dir}/cache %changelog +* Mon Apr 24 2023 Tomas Halman - 2.4.9.4-4 + Resolves: rhbz#2141850 - auth_openidc.conf mode 0640 by default + * Tue Apr 11 2023 Tomas Halman - 2.4.9.4-3 - Resolves: rhbz#2184144 - CVE-2023-28625 NULL pointer dereference when OIDCStripCookies is set and a crafted Cookie header is supplied