Compare commits
No commits in common. "c8-stream-2.3" and "c9-beta" have entirely different histories.
c8-stream-
...
c9-beta
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
|||||||
SOURCES/v2.4.9.4.tar.gz
|
SOURCES/mod_auth_openidc-2.4.10.tar.gz
|
||||||
|
@ -1 +1 @@
|
|||||||
47f8b949552c3d32f019c5cf785c4672dc0f8aae SOURCES/v2.4.9.4.tar.gz
|
d909f783d719ffd86b3d919ca6590b0eed4d8a51 SOURCES/mod_auth_openidc-2.4.10.tar.gz
|
||||||
|
15
SOURCES/0000-destdir.patch
Normal file
15
SOURCES/0000-destdir.patch
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
diff --git a/Makefile.am b/Makefile.am
|
||||||
|
index e5d0a4d..e5bfa67 100644
|
||||||
|
--- a/Makefile.am
|
||||||
|
+++ b/Makefile.am
|
||||||
|
@@ -69,8 +69,8 @@ mod_auth_openidc.la: libauth_openidc.la
|
||||||
|
${APXS} -c -o $@ $< ${AM_CFLAGS} ${LIBADD}
|
||||||
|
|
||||||
|
install-exec-local:
|
||||||
|
- @APXS@ -i -a -n auth_openidc mod_auth_openidc.la
|
||||||
|
-# ${INSTALL} -p -m 755 -D .libs/mod_auth_openidc.so @APACHE_MODULEDIR@/mod_auth_openidc.so
|
||||||
|
+# @APXS@ -i -a -n auth_openidc mod_auth_openidc.la
|
||||||
|
+ ${INSTALL} -p -m 755 -D .libs/mod_auth_openidc.so $(DESTDIR)@APACHE_MODULEDIR@/mod_auth_openidc.so
|
||||||
|
|
||||||
|
LDADD = libauth_openidc.la ${LIBADD}
|
||||||
|
|
@ -1,19 +1,7 @@
|
|||||||
commit 4c494e4a59a15580e3226dcd6c02b24076b73421
|
diff -up mod_auth_openidc-2.4.10/src/mod_auth_openidc.c.orig mod_auth_openidc-2.4.10/src/mod_auth_openidc.c
|
||||||
Author: Tomas Halman <thalman@redhat.com>
|
--- mod_auth_openidc-2.4.10/src/mod_auth_openidc.c.orig 2021-11-05 11:55:03.000000000 +0100
|
||||||
Date: Mon Feb 27 13:18:55 2023 +0100
|
+++ mod_auth_openidc-2.4.10/src/mod_auth_openidc.c 2024-04-15 17:53:49.601539683 +0200
|
||||||
|
@@ -2537,6 +2537,20 @@ static apr_byte_t oidc_validate_redirect
|
||||||
Backport of fixes for CVE-2022-23527
|
|
||||||
|
|
||||||
CVE-2022-23527 prevent open redirect in default setup
|
|
||||||
|
|
||||||
This patch is based on 87119f44, f38af0e2, 1a394a86 and
|
|
||||||
1c808c58 updates.
|
|
||||||
|
|
||||||
diff --git a/src/mod_auth_openidc.c b/src/mod_auth_openidc.c
|
|
||||||
index b36f6c1..099c716 100644
|
|
||||||
--- a/src/mod_auth_openidc.c
|
|
||||||
+++ b/src/mod_auth_openidc.c
|
|
||||||
@@ -2543,6 +2543,20 @@ static apr_byte_t oidc_validate_redirect_url(request_rec *r, oidc_cfg *c,
|
|
||||||
oidc_error(r, "%s: %s", *err_str, *err_desc);
|
oidc_error(r, "%s: %s", *err_str, *err_desc);
|
||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
@ -34,23 +22,21 @@ index b36f6c1..099c716 100644
|
|||||||
|
|
||||||
return TRUE;
|
return TRUE;
|
||||||
}
|
}
|
||||||
diff --git a/src/mod_auth_openidc.h b/src/mod_auth_openidc.h
|
diff -up mod_auth_openidc-2.4.10/src/mod_auth_openidc.h.orig mod_auth_openidc-2.4.10/src/mod_auth_openidc.h
|
||||||
index 2218d76..8757411 100644
|
--- mod_auth_openidc-2.4.10/src/mod_auth_openidc.h.orig 2021-11-09 10:00:40.000000000 +0100
|
||||||
--- a/src/mod_auth_openidc.h
|
+++ mod_auth_openidc-2.4.10/src/mod_auth_openidc.h 2024-04-15 17:53:49.601539683 +0200
|
||||||
+++ b/src/mod_auth_openidc.h
|
@@ -819,6 +819,7 @@ char *oidc_util_http_query_encoded_url(r
|
||||||
@@ -800,6 +800,7 @@ char *oidc_util_http_query_encoded_url(request_rec *r, const char *url, const ap
|
|
||||||
char *oidc_util_get_full_path(apr_pool_t *pool, const char *abs_or_rel_filename);
|
char *oidc_util_get_full_path(apr_pool_t *pool, const char *abs_or_rel_filename);
|
||||||
apr_byte_t oidc_enabled(request_rec *r);
|
apr_byte_t oidc_enabled(request_rec *r);
|
||||||
char *oidc_util_http_form_encoded_data(request_rec *r, const apr_table_t *params);
|
char *oidc_util_http_form_encoded_data(request_rec *r, const apr_table_t *params);
|
||||||
+char* oidc_util_strcasestr(const char *s1, const char *s2);
|
+char* oidc_util_strcasestr(const char *s1, const char *s2);
|
||||||
|
|
||||||
/* HTTP header constants */
|
/* HTTP header constants */
|
||||||
#define OIDC_HTTP_HDR_COOKIE "Cookie"
|
#define OIDC_HTTP_HDR_COOKIE "Cookie"
|
||||||
diff --git a/src/util.c b/src/util.c
|
diff -up mod_auth_openidc-2.4.10/src/util.c.orig mod_auth_openidc-2.4.10/src/util.c
|
||||||
index 4c46156..c6453d0 100644
|
--- mod_auth_openidc-2.4.10/src/util.c.orig 2021-11-05 11:55:03.000000000 +0100
|
||||||
--- a/src/util.c
|
+++ mod_auth_openidc-2.4.10/src/util.c 2024-04-15 17:53:49.602539684 +0200
|
||||||
+++ b/src/util.c
|
@@ -435,6 +435,24 @@ char* oidc_util_javascript_escape(apr_po
|
||||||
@@ -446,6 +446,24 @@ char* oidc_util_javascript_escape(apr_pool_t *pool, const char *s) {
|
|
||||||
return output;
|
return output;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1,19 +1,7 @@
|
|||||||
commit 1a24e08ce506c2c19dd92a1bc9c2b9a1d9354934
|
diff -up mod_auth_openidc-2.4.10/src/mod_auth_openidc.c.orig mod_auth_openidc-2.4.10/src/mod_auth_openidc.c
|
||||||
Author: Tomas Halman <thalman@redhat.com>
|
--- mod_auth_openidc-2.4.10/src/mod_auth_openidc.c.orig 2024-04-15 17:56:53.022820648 +0200
|
||||||
Date: Tue Apr 11 11:39:55 2023 +0200
|
+++ mod_auth_openidc-2.4.10/src/mod_auth_openidc.c 2024-04-15 17:57:23.325867066 +0200
|
||||||
|
@@ -175,6 +175,8 @@ void oidc_strip_cookies(request_rec *r)
|
||||||
Backport fixe of CVE-2023-28625
|
|
||||||
|
|
||||||
CVE-2023-28625 mod_auth_openidc: NULL pointer dereference when
|
|
||||||
OIDCStripCookies is set and a crafted Cookie header is supplied
|
|
||||||
|
|
||||||
This patch is based on commit c0e1edac3c4c19988ccdc7713d7aebfce6ff916a
|
|
||||||
|
|
||||||
diff --git a/src/mod_auth_openidc.c b/src/mod_auth_openidc.c
|
|
||||||
index 099c716..51eb53e 100644
|
|
||||||
--- a/src/mod_auth_openidc.c
|
|
||||||
+++ b/src/mod_auth_openidc.c
|
|
||||||
@@ -191,6 +191,8 @@ void oidc_strip_cookies(request_rec *r) {
|
|
||||||
do {
|
do {
|
||||||
while (cookie != NULL && *cookie == OIDC_CHAR_SPACE)
|
while (cookie != NULL && *cookie == OIDC_CHAR_SPACE)
|
||||||
cookie++;
|
cookie++;
|
||||||
|
@ -1,83 +0,0 @@
|
|||||||
diff -up mod_auth_openidc-2.4.9.4/src/mod_auth_openidc.c.orig mod_auth_openidc-2.4.9.4/src/mod_auth_openidc.c
|
|
||||||
--- mod_auth_openidc-2.4.9.4/src/mod_auth_openidc.c.orig 2025-04-11 10:49:32.095915197 +0200
|
|
||||||
+++ mod_auth_openidc-2.4.9.4/src/mod_auth_openidc.c 2025-04-11 10:51:12.493949688 +0200
|
|
||||||
@@ -4258,7 +4258,11 @@ int oidc_content_handler(request_rec *r)
|
|
||||||
|
|
||||||
rc = oidc_discovery(r, c);
|
|
||||||
|
|
||||||
- } else if (oidc_request_state_get(r, OIDC_REQUEST_STATE_KEY_AUTHN) != NULL) {
|
|
||||||
+ } else if (oidc_request_state_get(r, OIDC_REQUEST_STATE_KEY_AUTHN_POST) != NULL) {
|
|
||||||
+
|
|
||||||
+ rc = OK;
|
|
||||||
+
|
|
||||||
+ } else if (oidc_request_state_get(r, OIDC_REQUEST_STATE_KEY_AUTHN_PRESERVE) != NULL) {
|
|
||||||
|
|
||||||
rc = OK;
|
|
||||||
|
|
||||||
diff -up mod_auth_openidc-2.4.9.4/src/mod_auth_openidc.h.orig mod_auth_openidc-2.4.9.4/src/mod_auth_openidc.h
|
|
||||||
--- mod_auth_openidc-2.4.9.4/src/mod_auth_openidc.h.orig 2025-04-11 10:49:32.081518446 +0200
|
|
||||||
+++ mod_auth_openidc-2.4.9.4/src/mod_auth_openidc.h 2025-04-11 10:51:12.495521138 +0200
|
|
||||||
@@ -88,7 +88,8 @@ APLOG_USE_MODULE(auth_openidc);
|
|
||||||
#define OIDC_REQUEST_STATE_KEY_IDTOKEN "i"
|
|
||||||
#define OIDC_REQUEST_STATE_KEY_CLAIMS "c"
|
|
||||||
#define OIDC_REQUEST_STATE_KEY_DISCOVERY "d"
|
|
||||||
-#define OIDC_REQUEST_STATE_KEY_AUTHN "a"
|
|
||||||
+#define OIDC_REQUEST_STATE_KEY_AUTHN_POST "a"
|
|
||||||
+#define OIDC_REQUEST_STATE_KEY_AUTHN_PRESERVE "p"
|
|
||||||
|
|
||||||
/* parameter name of the callback URL in the discovery response */
|
|
||||||
#define OIDC_DISC_CB_PARAM "oidc_callback"
|
|
||||||
diff -up mod_auth_openidc-2.4.9.4/src/proto.c.orig mod_auth_openidc-2.4.9.4/src/proto.c
|
|
||||||
--- mod_auth_openidc-2.4.9.4/src/proto.c.orig 2021-09-03 10:41:21.000000000 +0200
|
|
||||||
+++ mod_auth_openidc-2.4.9.4/src/proto.c 2025-04-11 10:51:12.495927318 +0200
|
|
||||||
@@ -591,7 +591,7 @@ static int oidc_proto_add_form_post_para
|
|
||||||
/*
|
|
||||||
* make the browser POST parameters through Javascript auto-submit
|
|
||||||
*/
|
|
||||||
-static int oidc_proto_html_post(request_rec *r, const char *url,
|
|
||||||
+static void oidc_proto_html_post(request_rec *r, const char *url,
|
|
||||||
apr_table_t *params) {
|
|
||||||
|
|
||||||
oidc_debug(r, "enter");
|
|
||||||
@@ -607,8 +607,7 @@ static int oidc_proto_html_post(request_
|
|
||||||
html_body = apr_psprintf(r->pool, "%s%s", data.html_body, " </p>\n"
|
|
||||||
" </form>\n");
|
|
||||||
|
|
||||||
- return oidc_util_html_send(r, "Submitting...", NULL,
|
|
||||||
- "document.forms[0].submit", html_body, OK);
|
|
||||||
+ oidc_util_html_send(r, "Submitting...", NULL, "document.forms[0].submit", html_body, OK);
|
|
||||||
}
|
|
||||||
|
|
||||||
void add_auth_request_params(request_rec *r, apr_table_t *params,
|
|
||||||
@@ -739,8 +738,12 @@ int oidc_proto_authorization_request(req
|
|
||||||
if (provider->auth_request_method == OIDC_AUTH_REQUEST_METHOD_POST) {
|
|
||||||
|
|
||||||
/* construct a HTML POST auto-submit page with the authorization request parameters */
|
|
||||||
- rv = oidc_proto_html_post(r, provider->authorization_endpoint_url,
|
|
||||||
- params);
|
|
||||||
+ oidc_proto_html_post(r, provider->authorization_endpoint_url, params);
|
|
||||||
+
|
|
||||||
+ /* signal this to the content handler */
|
|
||||||
+ oidc_request_state_set(r, OIDC_REQUEST_STATE_KEY_AUTHN_POST, "");
|
|
||||||
+ r->user = "";
|
|
||||||
+ rv = OK;
|
|
||||||
|
|
||||||
} else if (provider->auth_request_method == OIDC_AUTH_REQUEST_METHOD_GET) {
|
|
||||||
|
|
||||||
@@ -748,7 +751,6 @@ int oidc_proto_authorization_request(req
|
|
||||||
authorization_request = oidc_util_http_query_encoded_url(r,
|
|
||||||
provider->authorization_endpoint_url, params);
|
|
||||||
|
|
||||||
- // TODO: should also enable this when using the POST binding for the auth request
|
|
||||||
/* see if we need to preserve POST parameters through Javascript/HTML5 storage */
|
|
||||||
if (oidc_post_preserve_javascript(r, authorization_request, NULL,
|
|
||||||
NULL) == FALSE) {
|
|
||||||
@@ -762,7 +764,7 @@ int oidc_proto_authorization_request(req
|
|
||||||
} else {
|
|
||||||
|
|
||||||
/* signal this to the content handler */
|
|
||||||
- oidc_request_state_set(r, OIDC_REQUEST_STATE_KEY_AUTHN, "");
|
|
||||||
+ oidc_request_state_set(r, OIDC_REQUEST_STATE_KEY_AUTHN_PRESERVE, "");
|
|
||||||
r->user = "";
|
|
||||||
rv = OK;
|
|
||||||
|
|
@ -14,18 +14,18 @@
|
|||||||
%global httpd_pkg_cache_dir /var/cache/httpd/mod_auth_openidc
|
%global httpd_pkg_cache_dir /var/cache/httpd/mod_auth_openidc
|
||||||
|
|
||||||
Name: mod_auth_openidc
|
Name: mod_auth_openidc
|
||||||
Version: 2.4.9.4
|
Version: 2.4.10
|
||||||
Release: 7%{?dist}
|
Release: 1%{?dist}
|
||||||
Summary: OpenID Connect auth module for Apache HTTP Server
|
Summary: OpenID Connect auth module for Apache HTTP Server
|
||||||
|
|
||||||
License: ASL 2.0
|
License: ASL 2.0
|
||||||
URL: https://github.com/zmartzone/mod_auth_openidc
|
URL: https://github.com/OpenIDC/mod_auth_openidc
|
||||||
Source0: https://github.com/zmartzone/mod_auth_openidc/archive/v%{version}.tar.gz
|
Source0: https://github.com/OpenIDC/mod_auth_openidc/releases/download/v%{version}/mod_auth_openidc-%{version}.tar.gz
|
||||||
|
Patch0: 0000-destdir.patch
|
||||||
Patch1: 0001-CVE-2022-23527.patch
|
Patch1: 0001-CVE-2022-23527.patch
|
||||||
Patch2: 0002-CVE-2023-28625.patch
|
Patch2: 0002-CVE-2023-28625.patch
|
||||||
Patch3: 0003-CVE-2024-24814.patch
|
Patch3: 0003-CVE-2024-24814.patch
|
||||||
Patch4: 0004-race-condition.patch
|
Patch4: 0004-race-condition.patch
|
||||||
Patch5: 0005-CVE-2024-24814.patch
|
|
||||||
|
|
||||||
BuildRequires: gcc
|
BuildRequires: gcc
|
||||||
BuildRequires: httpd-devel
|
BuildRequires: httpd-devel
|
||||||
@ -39,7 +39,6 @@ BuildRequires: cjose-devel
|
|||||||
BuildRequires: jq-devel
|
BuildRequires: jq-devel
|
||||||
%{?_with_hiredis:BuildRequires: hiredis-devel}
|
%{?_with_hiredis:BuildRequires: hiredis-devel}
|
||||||
Requires: httpd-mmn = %{_httpd_mmn}
|
Requires: httpd-mmn = %{_httpd_mmn}
|
||||||
Requires: cjose >= 0.6.1
|
|
||||||
|
|
||||||
%description
|
%description
|
||||||
This module enables an Apache 2.x web server to operate as
|
This module enables an Apache 2.x web server to operate as
|
||||||
@ -59,7 +58,6 @@ autoreconf
|
|||||||
%{?_without_hiredis} \
|
%{?_without_hiredis} \
|
||||||
--with-apxs2=%{_httpd_apxs}
|
--with-apxs2=%{_httpd_apxs}
|
||||||
|
|
||||||
|
|
||||||
%{make_build}
|
%{make_build}
|
||||||
|
|
||||||
%check
|
%check
|
||||||
@ -69,7 +67,7 @@ make test
|
|||||||
|
|
||||||
%install
|
%install
|
||||||
mkdir -p $RPM_BUILD_ROOT%{_httpd_moddir}
|
mkdir -p $RPM_BUILD_ROOT%{_httpd_moddir}
|
||||||
make install MODULES_DIR=$RPM_BUILD_ROOT%{_httpd_moddir}
|
make DESTDIR=$RPM_BUILD_ROOT MODULES_DIR=%{_httpd_moddir} install
|
||||||
|
|
||||||
install -m 755 -d $RPM_BUILD_ROOT%{_httpd_modconfdir}
|
install -m 755 -d $RPM_BUILD_ROOT%{_httpd_modconfdir}
|
||||||
echo 'LoadModule auth_openidc_module modules/mod_auth_openidc.so' > \
|
echo 'LoadModule auth_openidc_module modules/mod_auth_openidc.so' > \
|
||||||
@ -101,80 +99,122 @@ install -m 700 -d $RPM_BUILD_ROOT%{httpd_pkg_cache_dir}/cache
|
|||||||
%dir %attr(0700, apache, apache) %{httpd_pkg_cache_dir}/cache
|
%dir %attr(0700, apache, apache) %{httpd_pkg_cache_dir}/cache
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Fri Apr 11 2025 Tomas Halman <thalman@redhat.com> - 2.4.9.4-7
|
* Fri Apr 12 2024 Tomas Halman <thalman@redhat.com> - 2.4.10-1
|
||||||
- Resolves: RHEL-86218 - mod_auth_openidc allows OIDCProviderAuthRequestMethod
|
Rebase to 2.4.10 version improves `state cookies piling up` problem
|
||||||
POSTs to leak protected data (CVE-2025-31492)
|
Resolves: RHEL-32450 Race condition in mod_auth_openidc filecache
|
||||||
|
Resolves: RHEL-25422 mod_auth_openidc: DoS when using
|
||||||
* Fri Apr 12 2024 Tomas Halman <thalman@redhat.com> - 2.4.9.4-6
|
`OIDCSessionType client-cookie` and manipulating cookies
|
||||||
- Resolves: RHEL-36492 Race condition in mod_auth_openidc filecache
|
(CVE-2024-24814)
|
||||||
- Resolves: RHEL-25421 mod_auth_openidc: DoS when using
|
|
||||||
`OIDCSessionType client-cookie` and manipulating cookies
|
|
||||||
(CVE-2024-24814)
|
|
||||||
|
|
||||||
* Tue Apr 25 2023 Tomas Halman <thalman@redhat.com> - 2.4.9.4-5
|
|
||||||
Related: rhbz#2141850 - fix cjose version dependency
|
|
||||||
|
|
||||||
* Mon Apr 24 2023 Tomas Halman <thalman@redhat.com> - 2.4.9.4-4
|
* Mon Apr 24 2023 Tomas Halman <thalman@redhat.com> - 2.4.9.4-4
|
||||||
Resolves: rhbz#2141850 - auth_openidc.conf mode 0640 by default
|
Resolves: rhbz#2189268 - auth_openidc.conf mode 0640 by default
|
||||||
|
|
||||||
* Tue Apr 11 2023 Tomas Halman <thalman@redhat.com> - 2.4.9.4-3
|
* Tue Apr 11 2023 Tomas Halman <thalman@redhat.com> - 2.4.9.4-3
|
||||||
- Resolves: rhbz#2184144 - CVE-2023-28625 NULL pointer dereference
|
- Resolves: rhbz#2184145 - CVE-2023-28625 NULL pointer dereference
|
||||||
when OIDCStripCookies is set and a crafted Cookie header is supplied
|
when OIDCStripCookies is set and a crafted Cookie header is supplied
|
||||||
|
|
||||||
* Tue Feb 21 2023 Tomas Halman <thalman@redhat.com> - 2.4.9.4-2
|
* Tue Feb 21 2023 Tomas Halman <thalman@redhat.com> - 2.4.9.4-2
|
||||||
- Resolves: rhbz#2153659 - CVE-2022-23527 - Open Redirect in
|
- Resolves: rhbz#2153656 - CVE-2022-23527 - Open Redirect in
|
||||||
oidc_validate_redirect_url() using tab character
|
oidc_validate_redirect_url() using tab character
|
||||||
|
|
||||||
* Fri Apr 8 2022 Tomas Halman <thalman@redhat.com> - 2.4.9.4-1
|
* Tue Nov 30 2021 Tomas Halman <thalman@redhat.com> - 2.4.9.4-1
|
||||||
- Resolves: rhbz#2025368 - Rebase to new version
|
- Resolves: rhbz#2001852 - CVE-2021-39191 mod_auth_openidc: open redirect
|
||||||
|
by supplying a crafted URL in the target_link_uri
|
||||||
|
parameter
|
||||||
|
|
||||||
* Fri Jan 28 2022 Tomas Halman <thalman@redhat.com> - 2.3.7-11
|
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.4.8.2-3
|
||||||
- Resolves: rhbz#1987222 - CVE-2021-32792 XSS when using OIDCPreservePost On
|
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||||
|
Related: rhbz#1991688
|
||||||
|
|
||||||
* Fri Jan 28 2022 Tomas Halman <thalman@redhat.com> - 2.3.7-10
|
* Fri Jul 30 2021 Jakub Hrozek <jhrozek@redhat.com> - 2.4.9.1-1
|
||||||
- Resolves: rhbz#1987216 - CVE-2021-32791 hardcoded static IV and AAD with a
|
- Resolves: rhbz#1987223 - CVE-2021-32792 mod_auth_openidc: XSS when using
|
||||||
reused key in AES GCM encryption [rhel-8] (edit)
|
OIDCPreservePost On [rhel-9.0]
|
||||||
|
- Resolves: rhbz#1987217 - CVE-2021-32791 mod_auth_openidc: hardcoded
|
||||||
|
static IV and AAD with a reused key in AES GCM
|
||||||
|
encryption [rhel-9.0]
|
||||||
|
- Resolves: rhbz#1987204 - CVE-2021-32786 mod_auth_openidc: open redirect in
|
||||||
|
oidc_validate_redirect_url() [rhel-9.0]
|
||||||
|
|
||||||
* Fri Oct 29 2021 Tomas Halman <thalman@redhat.com> - 2.3.7-9
|
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.4.8.2-2
|
||||||
- Resolves: rhbz#2001853 - CVE-2021-39191 open redirect by supplying a crafted URL
|
- Rebuilt for RHEL 9 BETA for openssl 3.0
|
||||||
in the target_link_uri parameter
|
Related: rhbz#1971065
|
||||||
|
|
||||||
* Tue Nov 17 2020 Jakub Hrozek <jhrozek@redhat.com> - 2.3.7-8
|
* Mon May 10 2021 Jakub Hrozek <jhrozek@redhat.com> - 2.4.8.2-1
|
||||||
- Resolves: rhbz#1823756 - Backport SameSite=None cookie from
|
- New upstream release
|
||||||
mod_auth_openidc upstream to support latest browsers
|
- Resolves: rhbz#1958466 - mod_auth_openidc-2.4.8.2 is available
|
||||||
|
|
||||||
* Tue Nov 17 2020 Jakub Hrozek <jhrozek@redhat.com> - 2.3.7-7
|
* Thu May 6 2021 Jakub Hrozek <jhrozek@redhat.com> - 2.4.7.2-1
|
||||||
- Resolves: rhbz#1897992 - OIDCStateInputHeaders &
|
- New upstream release
|
||||||
OIDCStateMaxNumberOfCookies in existing
|
- Resolves: rhbz#1900913 - mod_auth_openidc-2.4.7.2 is available
|
||||||
mod_auth_openidc version
|
|
||||||
- Backport the OIDCStateMaxNumberOfCookies option
|
|
||||||
- Configure which header value is used to calculate the fingerprint of
|
|
||||||
the auth state
|
|
||||||
|
|
||||||
* Sun May 10 2020 Jakub Hrozek <jhrozek@redhat.com> - 2.3.7-6
|
* Fri Apr 30 2021 Tomas Halman <thalman@redhat.com> - 2.4.4.1-3
|
||||||
- Fix the previous backport
|
- Resolves: rhbz#1951277 - Remove unnecessary LTO patch
|
||||||
- Related: rhbz#1805749 - CVE-2019-14857 mod_auth_openidc:2.3/mod_auth_openidc:
|
|
||||||
Open redirect in logout url when using URLs with
|
|
||||||
leading slashes
|
|
||||||
- Related: rhbz#1805068 - CVE-2019-20479 mod_auth_openidc:2.3/mod_auth_openidc:
|
|
||||||
open redirect issue exists in URLs with slash and
|
|
||||||
backslash
|
|
||||||
|
|
||||||
* Sun May 10 2020 Jakub Hrozek <jhrozek@redhat.com> - 2.3.7-5
|
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.4.4.1-2
|
||||||
- Resolves: rhbz#1805749 - CVE-2019-14857 mod_auth_openidc:2.3/mod_auth_openidc:
|
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
||||||
Open redirect in logout url when using URLs with
|
|
||||||
leading slashes
|
* Fri Sep 4 2020 Jakub Hrozek <jhrozek@redhat.com> - 2.4.4.1-1
|
||||||
- Resolves: rhbz#1805068 - CVE-2019-20479 mod_auth_openidc:2.3/mod_auth_openidc:
|
- New upstream version 2.4.4.1
|
||||||
open redirect issue exists in URLs with slash and
|
|
||||||
backslash
|
* Tue Sep 1 2020 Jakub Hrozek <jhrozek@redhat.com> - 2.4.4-1
|
||||||
|
- New upstream version 2.4.4
|
||||||
|
|
||||||
|
* Thu Aug 27 2020 Joe Orton <jorton@redhat.com> - 2.4.3-5
|
||||||
|
- update to use correct apxs via _httpd_apxs macro
|
||||||
|
|
||||||
|
* Thu Aug 27 2020 Joe Orton <jorton@redhat.com> - 2.4.3-4
|
||||||
|
- work around LTO build failure
|
||||||
|
|
||||||
|
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.3-3
|
||||||
|
- Second attempt - Rebuilt for
|
||||||
|
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.3-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Jul 14 2020 Jakub Hrozek <jhrozek@redhat.com> - 2.4.3
|
||||||
|
- New upstream version 2.4.3
|
||||||
|
|
||||||
|
* Sun May 10 2020 Jakub Hrozek <jhrozek@redhat.com> - 2.4.2.1-1
|
||||||
|
- New upstream version 2.4.2.1
|
||||||
|
- Resolves: rhbz#1805104 - CVE-2019-20479 mod_auth_openidc: open redirect
|
||||||
|
issue exists in URLs with slash and backslash
|
||||||
|
[fedora-all]
|
||||||
|
- Resolves: rhbz#1816883 - mod_auth_openidc-2.4.2.1 is available
|
||||||
|
|
||||||
|
* Thu Feb 13 2020 Tom Stellard <tstellar@redhat.com> - 2.4.1-2
|
||||||
|
- Use make_build macro instead of just make
|
||||||
|
- https://docs.fedoraproject.org/en-US/packaging-guidelines/#_parallel_make
|
||||||
|
|
||||||
|
* Mon Feb 3 2020 Jakub Hrozek <jhrozek@redhat.com> - 2.4.1-1
|
||||||
|
- New upstream version 2.4.1
|
||||||
|
|
||||||
|
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.0.4-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||||
|
|
||||||
|
* Thu Nov 21 2019 Jakub Hrozek <jhrozek@redhat.com> - 2.4.0.4-1
|
||||||
|
- New upstream version 2.4.0.4
|
||||||
|
|
||||||
|
* Fri Oct 4 2019 Jakub Hrozek <jhrozek@redhat.com> - 2.4.0.3-1
|
||||||
|
- New upstream version 2.4.0.3
|
||||||
|
|
||||||
|
* Fri Aug 23 2019 Jakub Hrozek <jhrozek@redhat.com> - 2.4.0
|
||||||
|
- New upstream version 2.4.0
|
||||||
|
- Resolves: rhbz#1374884 - mod_auth_openidc-2.4.0 is available
|
||||||
|
|
||||||
|
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.7-5
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||||
|
|
||||||
|
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.7-4
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||||
|
|
||||||
* Thu Aug 16 2018 <jdennis@redhat.com> - 2.3.7-3
|
* Thu Aug 16 2018 <jdennis@redhat.com> - 2.3.7-3
|
||||||
|
- update test-segfault.patch to match upstream
|
||||||
|
|
||||||
|
* Tue Aug 14 2018 <jdennis@redhat.com> - 2.3.7-2
|
||||||
- Resolves: rhbz# 1614977 - fix unit test segfault,
|
- Resolves: rhbz# 1614977 - fix unit test segfault,
|
||||||
the problem was not limited exclusively to s390x, but s390x provoked it.
|
the problem was not limited exclusively to s390x, but s390x provoked it.
|
||||||
|
|
||||||
* Fri Aug 10 2018 <jdennis@redhat.com> - 2.3.7-2
|
|
||||||
- disable running check on s390x
|
|
||||||
|
|
||||||
* Wed Aug 1 2018 <jdennis@redhat.com> - 2.3.7-1
|
* Wed Aug 1 2018 <jdennis@redhat.com> - 2.3.7-1
|
||||||
- upgrade to upstream 2.3.7
|
- upgrade to upstream 2.3.7
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user