SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for mod_auth_openidc-2.4.9.4-5.module+el8.9.0+1384+4b58c166.x86_64.rpm :

* Tue Apr 25 2023 Tomas Halman - 2.4.9.4-5Related: rhbz#2141850 - fix cjose version dependency
* Mon Apr 24 2023 Tomas Halman - 2.4.9.4-4Resolves: rhbz#2141850 - auth_openidc.conf mode 0640 by default
* Tue Apr 11 2023 Tomas Halman - 2.4.9.4-3- Resolves: rhbz#2184144 - CVE-2023-28625 NULL pointer dereference when OIDCStripCookies is set and a crafted Cookie header is supplied
* Tue Feb 21 2023 Tomas Halman - 2.4.9.4-2- Resolves: rhbz#2153659 - CVE-2022-23527 - Open Redirect in oidc_validate_redirect_url() using tab character
* Fri Apr 08 2022 Tomas Halman - 2.4.9.4-1- Resolves: rhbz#2025368 - Rebase to new version
* Fri Jan 28 2022 Tomas Halman - 2.3.7-11- Resolves: rhbz#1987222 - CVE-2021-32792 XSS when using OIDCPreservePost On
* Fri Jan 28 2022 Tomas Halman - 2.3.7-10- Resolves: rhbz#1987216 - CVE-2021-32791 hardcoded static IV and AAD with a reused key in AES GCM encryption [rhel-8] (edit)
* Fri Oct 29 2021 Tomas Halman - 2.3.7-9- Resolves: rhbz#2001853 - CVE-2021-39191 open redirect by supplying a crafted URL in the target_link_uri parameter
* Tue Nov 17 2020 Jakub Hrozek - 2.3.7-8- Resolves: rhbz#1823756 - Backport SameSite=None cookie from mod_auth_openidc upstream to support latest browsers
* Tue Nov 17 2020 Jakub Hrozek - 2.3.7-7- Resolves: rhbz#1897992 - OIDCStateInputHeaders & OIDCStateMaxNumberOfCookies in existing mod_auth_openidc version- Backport the OIDCStateMaxNumberOfCookies option- Configure which header value is used to calculate the fingerprint of the auth state
* Sun May 10 2020 Jakub Hrozek - 2.3.7-6- Fix the previous backport- Related: rhbz#1805749 - CVE-2019-14857 mod_auth_openidc:2.3/mod_auth_openidc: Open redirect in logout url when using URLs with leading slashes- Related: rhbz#1805068 - CVE-2019-20479 mod_auth_openidc:2.3/mod_auth_openidc: open redirect issue exists in URLs with slash and backslash
* Sun May 10 2020 Jakub Hrozek - 2.3.7-5- Resolves: rhbz#1805749 - CVE-2019-14857 mod_auth_openidc:2.3/mod_auth_openidc: Open redirect in logout url when using URLs with leading slashes- Resolves: rhbz#1805068 - CVE-2019-20479 mod_auth_openidc:2.3/mod_auth_openidc: open redirect issue exists in URLs with slash and backslash
* Thu Aug 16 2018 - 2.3.7-3- Resolves: rhbz# 1614977 - fix unit test segfault, the problem was not limited exclusively to s390x, but s390x provoked it.
* Fri Aug 10 2018 - 2.3.7-2- disable running check on s390x
* Wed Aug 01 2018 - 2.3.7-1- upgrade to upstream 2.3.7
* Fri Jul 13 2018 Fedora Release Engineering - 2.3.5-2- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed May 23 2018 Patrick Uiterwijk - 2.3.5-1- Rebase to 2.3.5
* Fri Feb 09 2018 Igor Gnatenko - 1.8.10.1-7- Escape macros in %changelog
* Thu Feb 08 2018 Fedora Release Engineering - 1.8.10.1-6- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Thu Aug 03 2017 Fedora Release Engineering - 1.8.10.1-5- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Wed Jul 26 2017 Fedora Release Engineering - 1.8.10.1-4- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Sat Feb 18 2017 John Dennis - 1.8.10.1-3- Resolves: #1423956 fails to build with openssl 1.1.x Also rolls up all fixes to jose library before the change over to cjose
* Fri Feb 10 2017 Fedora Release Engineering - 1.8.10.1-2- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Tue Jul 12 2016 John Dennis - 1.8.10.1-1- Upgrade to new upstream See /usr/share/doc/mod_auth_openidc/ChangeLog for details
* Tue Mar 29 2016 John Dennis - 1.8.8-4- Add %check to run test
* Wed Mar 23 2016 John Dennis - 1.8.8-3- Make building with redis support optional (defaults to without)
* Mon Mar 21 2016 John Dennis - 1.8.8-2- Add missing unpackaged files/directories Add to doc: README.md, DISCLAIMER, AUTHORS Add to httpd/conf.d: auth_openidc.conf Add to /var/cache: /var/cache/httpd/mod_auth_openidc/cache /var/cache/httpd/mod_auth_openidc/metadata
* Thu Mar 10 2016 Jan Pazdziora 1.8.8-1- Update to 1.8.8 (#1316528)
* Thu Feb 04 2016 Fedora Release Engineering - 1.8.7-2- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Sat Jan 09 2016 Fedora Release Monitoring - 1.8.7-1- Update to 1.8.7 (#1297080)
* Sat Nov 07 2015 Jan Pazdziora 1.8.6-1- Initial packaging for Fedora 23.
  
ICM