apache2-mod_auth_openidc-2.3.8-150600.16.5.1<>,Efjp9|Ek(_shgܴP#Q+Da@y|B,fIeh/:I\ǸC%] ! Qs!4U/ŐPA2/0 B"pU뒑ӆ9 0pu/Q'4a33~t,$ǰl $Y9*|‹V1jv'"+cR+$t9&[8~V{^^Jq7r?=<\K49ar3ͷCWtoY>>?d! / p>I _     $.8px(@8H9:FGHIXY\]^ b,cdhemfplruvw$x,y4zl|Capache2-mod_auth_openidc2.3.8150600.16.5.1Apache2.x module for an OpenID Connect enabled Identity ProviderThis module enables an Apache 2.x web server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.fjh01-ch2cXSUSE Linux Enterprise 15SUSE LLC Apache-2.0https://www.suse.com/Productivity/Networking/Web/Servershttps://github.com/zmartzone/mod_auth_openidc/linuxx86_64XAfjfje80973dea41c5f9a87e8ee982d65b9bb8508d4165cdc9203dfdca48ba0e30cb4rootrootrootrootapache2-mod_auth_openidc-2.3.8-150600.16.5.1.src.rpmapache2-mod_auth_openidcapache2-mod_auth_openidc(x86-64)@@@@@@@@@@@@@@    apache_mmn_20120211libc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.38)(64bit)libc.so.6(GLIBC_2.4)(64bit)libcjose.so.0()(64bit)libcrypto.so.3()(64bit)libcrypto.so.3(OPENSSL_3.0.0)(64bit)libcurl.so.4()(64bit)libjansson.so.4()(64bit)libjansson.so.4(libjansson.so.4)(64bit)libpcre.so.1()(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)suse_maintenance_mmn_03.0.4-14.6.0-14.0-15.2-14.14.3f=@f}T@d,@c@bV@aF`@`e^_@]{@[v[GZZ1@danilo.spinella@suse.comdanilo.spinella@suse.comdanilo.spinella@suse.comdanilo.spinella@suse.comdanilo.spinella@suse.comdanilo.spinella@suse.comdanilo.spinella@suse.compgajdos@suse.comkstreitova@suse.comkstreitova@suse.comkstreitova@suse.comkstreitova@suse.comvcizek@suse.comchristof.hanke@mpcdf.mpg.de- Fix apxs2 binary location, which made the library file be installed in root folder, bsc#1227261- Fix CVE-2024-24814, DoS when `OIDCSessionType client-cookie` is set and a crafted Cookie header is supplied, bsc#1219911 * fix-CVE-2024-24814.patch- Fix CVE-2023-28625, NULL pointer dereference when OIDCStripCookies is set and a crafted Cookie header is supplied, bsc#1210073 * fix-CVE-2023-28625.patch- Fix CVE-2022-23527, Open Redirect in oidc_validate_redirect_url() using tab character (CVE-2022-23527, bsc#1206441) * fix-CVE-2022-23527-0.patch * fix-CVE-2022-23527-1.patch * fix-CVE-2022-23527-3.patch * fix-CVE-2022-23527-2.patch - Harden oidc_handle_refresh_token_request function * harden-refresh-token-request.patch - Fixes bsc#1199868, mod_auth_openidc not loading- Fix CVE-2021-39191 open redirect issue in target_link_uri parameter (CVE-2021-39191, bsc#1190223) * fix-CVE-2021-39191.patch- Fix CVE-2021-32791 Hardcoded static IV and AAD with a reused key in AES GCM encryption (CVE-2021-32791, bsc#1188849) * fix-CVE-2021-32791.patch - Fix CVE-2021-32792 XSS when using OIDCPreservePost On (CVE-2021-32792, bsc#1188848) * fix-CVE-2021-32792-1.patch * fix-CVE-2021-32792-2.patch- Fix CVE-2021-32785 format string bug via hiredis (CVE-2021-32785, bsc#1188638) * fix-CVE-2021-32785.patch - Fix CVE-2021-32786 open redirect in logout functionality (CVE-2021-32786, bsc#1188639) * fix-CVE-2021-32786.patch - Refresh apache2-mod_auth_openidc-2.3.8-CVE-2019-20479.patch- require hiredis only for newer distros than SLE-15 [jsc#SLE-11726]- add apache2-mod_auth_openidc-2.3.8-CVE-2019-20479.patch to fix open redirect issue that exists in URLs with a slash and backslash at the beginning [bsc#1164459], [CVE-2019-20479]- add apache2-mod_auth_openidc-2.3.8-CVE-2019-14857.patch to fix open redirect issue that exists in URLs with trailing slashes [bsc#1153666], [CVE-2019-14857]- submission to SLE15SP1 because of fate#324447 - build with hiredis only for openSUSE where hiredis is available - add a version for jansson BuildRequires- update to 2.3.8 - changes in 2.3.8 * fix return result FALSE when JWT payload parsing fails * add LGTM code quality badges * fix 3 LGTM alerts * improve auto-detection of XMLHttpRequests via Accept header * initialize test_proto_authorization_request properly * add sanity check on provider->auth_request_method * allow usage with LibreSSL * don't return content with 503 since it will turn the HTTP status code into a 200 * add option to set an upper limit to the number of concurrent state cookies via OIDCStateMaxNumberOfCookies * make the default maximum number of parallel state cookies 7 instead of unlimited * fix using access token as endpoint auth method in introspection calls * fix reading access_token form POST parameters when combined with `AuthType auth-openidc` - changes in 2.3.7 * abort when string length for remote user name substitution is larger than 255 characters * fix Redis concurrency issue when used with multiple vhosts * add support for authorization server metadata with OIDCOAuthServerMetadataURL as in RFC 8414 * refactor session object creation * clear session cookie and contents if cache corruption is detected * use apr_pstrdup when setting r->user * reserve 255 characters in remote username substition instead of 50 - changes in 2.3.6 * add check to detect session cache corruption for server-based caches and cached static metadata * avoid using pipelining for Redis * send Basic header in OAuth www-authenticate response if that's the only accepted method; thanks @puiterwijk * refactor Redis cache backend to solve issues on AUTH errors: a) memory leak and b) redisGetReply lagging behind * adjust copyright year/org * fix buffer overflow in shm cache key set strcpy * turn missing session_state from warning into a debug statement * fix missing "return" on error return from the OP * explicitly set encryption kid so we're compatible with cjose >= 0.6.0 - changes in 2.3.5 * fix encoding of preserved POST data * avoid buffer overflow in shm cache key construction * compile with with Libressl- update to 2.3.4 - requested in fate#323817- initial packagingh01-ch2c 17200196492.3.8-150600.16.5.12.3.8-150600.16.5.1apache2mod_auth_openidc.so/usr/lib64//usr/lib64/apache2/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:34510/SUSE_SLE-15-SP6_Update/382b0a534047544238be3cf036b8922b-apache2-mod_auth_openidc.SUSE_SLE-15-SP6_Updatedrpmxz5x86_64-suse-linuxdirectoryELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=88490adf83003a99e5ff40874a06a7f9e7619f76, strippedR R RRRRRRR RR R RR?_YRqButf-8694ade3eff7fefa5e161db0f3c8c3fd201c7d8815e993eef817df49a7e08e726? 7zXZ !t/6&]"k%"5okw@_/.PS8;ot'O ~N@9ϊ ڙPmG/2=ߌ[ruLԵ09 Ki<; ;(3ל]t*]ɄR%I;/Ҡ,uM6 ȱ2iH#_x-,2'oPW"aVOb^f<RÁ{U4ZEtԺ3>x(ZJb*Ԃ bSC/`3sFZT; @ 2Fq<'=COtı'%ˉVl'JSJV:=0A0 `O:[ī8ʥhDu"Ĩ|ERȎ,Ժbkc,%&5apv Ÿ\-lNY41jzou~X@)Al0ܷ QjqPkCbqA"WH2*&{\)6 iRkF8B`v s+Mi&B-cLܖ2 `τ (;˿s2upLpFzqup[a|~HY lE&ԹQxF@_^WcD57Z>,ұ] ȥu^6*'ŰAp$Wc0sm4F*޸f!mӗrd8(nDJl\rf,-W~6_ Æy 0[,۷.\Odԓ &1=#mu&|Ү Bf8=u=t&dRV።S}=b"$Y&v?2Tk`!XHS|Sd%ZaKdSIA%f3;ti>LC3H_6kx~X -5$|:Ck'uq4Wj+Z 4OHY6VK kX2⏴B¤=H$0IQ2[b 1;覾О>s+EFef+_X$)Aд NZ4OiH쯊\<|aK=ݳf^Z[Lr ߭L]W#55Ð9ވb~Wy /)KlKJmn2h.wmD4Ģz-/44HbɺL4>x,ܾX")F_e"kW PX}ېLH[ a]_Dl7+>-ls̨.6~ @1ej~ܥ[i:JL)+u AJMm7I#-Q,(u0Am/Ib\|KDoL<9Ā>Gf¼o+{ Ƕi`/YY+,^o9ֳRݼ bM@ GE $0F}E%TCy2 0J/M-KAHn>M;[1%i.n,@0'm (IWBˀ9I@ ` e w0@6H]L{?|G) k!R]i?v VDqe@isM3q z͹-( g@j@ʇهpv2i*PkmO&W:m\ȶU[SDz~IA>+5׵)uGt# anewE)n wS `j#)d9e#X,/_t+Z:Dk 5{` L7;k Ih%Agyb-UhJVnC7r}n+;j)֢is0fW0[pZo.>%&(lEf">\UE èfG D@:NzL>jsS.q>'w$C ЄVߟUVGibw:lmA\LѲXݦ}]Vb?ylJuͭl srv{/>B=~m"&MGdGJٍ$&`UܓLȠxԴN%}3dhiK0X89rkuBVQN& :tSs|OJLt^vjÐᎈ&Q f ƺôoB&H;^AA>#h43Ko6y xub~?%ʇXܡ_:f:>L;~zwLZ"O?oJߛ]|m]X4&q*_HfkǨ ȍuE ]T8Cmh{``%q@d^{ ?;>;\dMphbvvLfX693 Yڏf`qPpT^ȍO}VtǠAa]}"7BB1_[0^x/.2X8R*4[7 Ef`ad߄raU#@tI K{ȟl#b<6CS&#EH )׋etOZJ [z, 䰸 8,1h)q9&aZ@а4h@M⒂ 63;LHk?Ki[5RXGBC"DV/AW-SXr'#`G$SH"u-\PwU҃mfI` ґc)iʉEч3M3O2% uġz rNֹ?e@PNLb9ڛdpsw܊q/a%k."W; 4oYm3@60ٱAhx Ђ4,DICvfOWc~w+>\=B#kLo Bpԋ#zcH2<<5QgϔjRw*p5$4!Kg\gOOJJZ?YYG"&rܰX,$KDdLغUIJlGꮂZA}**L8A5X=t兦I]Ņ%VR.݇:x`2)sA{,4B+̷#mk #@V2xhr(%bd>**pZ9lSpބ9ҙwO%YkS!Cy·Hͦk5I$XFoBZnEU~+-BQ2u0/7sδaz0Rcd>C㇩8E 4v?:CtNkNT^ēܖ_3VJ[ AL}hCr}^sf$[}HcMYxΤ[h24 rx[M@pΕ7KI>5q"?aix5+?q?-?Hu8Pj} mR=qn%jUKҏX+% Bg U)ĠUOc6ȼ!5ԴgϪ<U?>˒-S`>E<)Q%މ01?Z( +C.CF2uy'W6mYN7񗘮x +憛JwB<>(auBq̥ t܅Gq&ͣjآm xV>pw;eS+R&sŹCK36T7D^X TOyGD£`KgPNN/=Fd#أ}{o1i͊)5{<-㧇 VS;N0j;:5B)?JyE=Bw& KT%{!>j@]Lpg>qָJ]FRX./۞ @ј$Uk7{s<(lp9gLml zR)CEiYLނ$q{ӣ3CM+4Z/>% q}%N[tEoG G갆%QdQ|Gԯ"a14X<)o"`D !-?t963T 55HsRM)VCea:`h v\'K7`mABv,p ^^?,S#ŘMjex;oGM\ZTNޝC/䚙·e7Mk0xj5bl 1Q8ҜHSR+k6ͻmgz":Xy} 6`V`L啬y.Z[A$acdjI^ee!֥o9T3a>z?Gy2Y!2GW3P0k$1@$|b0iYg-7J"c o?U=Z ߆i0X'Yg؇4y?#p}hI u>W+ThJχ2: ?=œ@@ZTQ4PB%c+ҕASfup /z.gNvS{$|ɕQК:c3*q~1j5;/n*F׭Cж1: (yJ.KbDHk&|+co>Jm'4-} bxY4 @|9excZWت!xoO $!s1M`x,WnHg mXgу+Lǘ1f4>xEmtG0GVၧ 6?؏wp[Y@ԃlNYFݗE1YD(&ZQ2%C!jvD(Bm]7-ÑU Ř~rFehgf:+14%@/2 @{<!2[\gDgPn3e3n@g=DFE+`#{jÃN\ iǹOe5IyQ\ ҇1NG 0Do (ը̧!L}`OruFC_`;;X.e^`d51r|h,"ަ1$#բ4h*Şm&OJGkWe[:l:x4}B3*|T%Px PF. əw&VޮeB^!a^R#CX&=|a :o29x`CTiR$8\^!&~?2鷯KYt [!|DS0|smy)7 92ѓnh9P[X.9ZCc H̢mC,Ds%(sv]ݜ}d_ `V bJrU^YB}Qwk)VM:WH$e*=Xr?C6%y2KFu!8n8C``&At`jRH|ba@ R|gqt%06oݓXk8Ȝ2[]n-rv֠@&m9fk2% n)p gWbVES]?L{C4;3At&,A: '_P_skL&&H1" bP=s-o+:k1e^fҎ}SxQg^D.hJU