From 72bec876c107514f2adcb49aecc84e29e0a11944 Mon Sep 17 00:00:00 2001
From: Tomas Halman <thalman@redhat.com>
Date: Mon, 24 Apr 2023 21:10:45 +0200
Subject: [PATCH] The access mode and ownership of auth_openidc.conf

Resolves: rhbz#2189268 - auth_openidc.conf mode 0640 by default
---
 mod_auth_openidc.spec | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/mod_auth_openidc.spec b/mod_auth_openidc.spec
index 08bf26b..7aba426 100644
--- a/mod_auth_openidc.spec
+++ b/mod_auth_openidc.spec
@@ -15,7 +15,7 @@
 
 Name:		mod_auth_openidc
 Version:	2.4.9.4
-Release:	3%{?dist}
+Release:	4%{?dist}
 Summary:	OpenID Connect auth module for Apache HTTP Server
 
 License:	ASL 2.0
@@ -90,12 +90,15 @@ install -m 700 -d $RPM_BUILD_ROOT%{httpd_pkg_cache_dir}/cache
 %doc README.md
 %{_httpd_moddir}/mod_auth_openidc.so
 %config(noreplace) %{_httpd_modconfdir}/10-auth_openidc.conf
-%config(noreplace) %{_httpd_confdir}/auth_openidc.conf
+%config(noreplace) %attr(0640, root, apache) %{_httpd_confdir}/auth_openidc.conf
 %dir %attr(0700, apache, apache) %{httpd_pkg_cache_dir}
 %dir %attr(0700, apache, apache) %{httpd_pkg_cache_dir}/metadata
 %dir %attr(0700, apache, apache) %{httpd_pkg_cache_dir}/cache
 
 %changelog
+* Mon Apr 24 2023 Tomas Halman <thalman@redhat.com> - 2.4.9.4-4
+  Resolves: rhbz#2189268 - auth_openidc.conf mode 0640 by default
+
 * Tue Apr 11 2023  Tomas Halman <thalman@redhat.com> - 2.4.9.4-3
 - Resolves: rhbz#2184145 - CVE-2023-28625 NULL pointer dereference
   when OIDCStripCookies is set and a crafted Cookie header is supplied