rpms/mod_auth_openidc
5
0
Fork 0
Code Issues Pull Requests Releases Activity
18 Commits 9 Branches 25 Tags 177 KiB
c9s
Commit Graph

12 Commits

Author SHA1 Message Date
Tomas Halman
44608630dc Rebase to 2.4.10 version 
Improves: `state cookies piling up` problem

Resolves: RHEL-32450 Race condition in mod_auth_openidc filecache
Resolves: RHEL-25422 mod_auth_openidc: DoS when using
          `OIDCSessionType client-cookie` and manipulating cookies
          (CVE-2024-24814)
 2024-05-15 13:19:39 +02:00
Tomas Halman
72bec876c1 The access mode and ownership of auth_openidc.conf 
Resolves: rhbz#2189268 - auth_openidc.conf mode 0640 by default
 2023-04-24 21:10:45 +02:00
Tomas Halman
d3c3826f5b NULL pointer dereference 
Resolves: rhbz#2184145 - CVE-2023-28625 NULL pointer dereference
                         when OIDCStripCookies is set and a crafted
                         Cookie header is supplied
 2023-04-11 11:57:17 +02:00
Tomas Halman
e2c71eebbd Open Redirect using tab character 
Resolves: rhbz#2153656 - CVE-2022-23527 - Open Redirect in
          oidc_validate_redirect_url() using tab character
 2023-03-10 11:01:26 +01:00
Tomas Halman
b2f5928aaf Rebase to 2.4.9.4 
Resolves: rhbz#2001852 CVE-2021-39191 mod_auth_openidc: open redirect
                       by supplying a crafted URL in the target_link_uri
                       parameter
 2021-11-30 11:17:56 +01:00
Jakub Hrozek
bb118db4de Rebase to 2.4.9 
Resolves: rhbz#1987223 - CVE-2021-32792 mod_auth_openidc: XSS when using
                           OIDCPreservePost On [rhel-9.0]
Resolves: rhbz#1987217 - CVE-2021-32791 mod_auth_openidc: hardcoded
                           static IV and AAD with a reused key in AES GCM
                           encryption [rhel-9.0]
Resolves: rhbz#1987204 - CVE-2021-32786 mod_auth_openidc: open redirect in
                           oidc_validate_redirect_url() [rhel-9.0]
 2021-08-18 13:53:34 +02:00
Mohan Boddu
2471b534cd Rebuilt for IMA sigs, glibc 2.34, aarch64 flags 
Related: rhbz#1991688
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
 2021-08-09 22:20:05 +00:00
Mohan Boddu
b3ee543e1b Rebuilt for RHEL 9 BETA for openssl 3.0 
Related: rhbz#1971065
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
 2021-06-16 03:31:08 +00:00
Jakub Hrozek
2b73a00d38 New upstream release 
mod_auth_openidc-2.4.8.2 is available
Resolves: rhbz#1961213
 2021-05-17 17:09:30 +02:00
Tomas Halman
15f15a0efa Remove the unnecessary LTO patch 
Resolves: rhbz#1951277
 2021-05-04 11:38:03 +02:00
Mohan Boddu
41024c12ac - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
 2021-04-16 02:13:52 +00:00
Petr Šabata
66a7041a6e RHEL 9.0.0 Alpha bootstrap 
The content of this branch was automatically imported from Fedora ELN
with the following as its source:
https://src.fedoraproject.org/rpms/mod_auth_openidc#5f2d016252774bc0efe44f7de9ea1366142f3f9c
 2020-10-15 19:52:44 +02:00