Sat, 23 Nov 2024 13:48:50 CST | login

Information for build mod_auth_openidc-2.4.9.4-6.module+el8.10.0+886+d4607099

ID30699
Package Namemod_auth_openidc
Version2.4.9.4
Release6.module+el8.10.0+886+d4607099
Epoch
DraftFalse
Sourcegit+https://git.cclinux.org/stage/rpms/mod_auth_openidc#da642e12c4bea34f4591aa4c97087ebc3ea41ce1
SummaryOpenID Connect auth module for Apache HTTP Server
DescriptionThis module enables an Apache 2.x web server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.
Built bymbs
State complete
Volume DEFAULT
StartedWed, 14 Aug 2024 22:10:29 CST
CompletedWed, 14 Aug 2024 22:18:50 CST
Taskbuild (module-d460709955ff53c2, /stage/rpms/mod_auth_openidc:da642e12c4bea34f4591aa4c97087ebc3ea41ce1)
Extra{'source': {'original_url': 'git+https://git.cclinux.org/stage/rpms/mod_auth_openidc?#da642e12c4bea34f4591aa4c97087ebc3ea41ce1'}}
Tags
module-mod_auth_openidc-2.3-8100020240814135850-e155f54d
module-mod_auth_openidc-2.3-8100020240814135850-e155f54d-build
RPMs
src
mod_auth_openidc-2.4.9.4-6.module+el8.10.0+886+d4607099.src.rpm (info) (download)
aarch64
mod_auth_openidc-2.4.9.4-6.module+el8.10.0+886+d4607099.aarch64.rpm (info) (download)
mod_auth_openidc-debuginfo-2.4.9.4-6.module+el8.10.0+886+d4607099.aarch64.rpm (info) (download)
mod_auth_openidc-debugsource-2.4.9.4-6.module+el8.10.0+886+d4607099.aarch64.rpm (info) (download)
i686
mod_auth_openidc-2.4.9.4-6.module+el8.10.0+886+d4607099.i686.rpm (info) (download)
mod_auth_openidc-debuginfo-2.4.9.4-6.module+el8.10.0+886+d4607099.i686.rpm (info) (download)
mod_auth_openidc-debugsource-2.4.9.4-6.module+el8.10.0+886+d4607099.i686.rpm (info) (download)
ppc64le
mod_auth_openidc-2.4.9.4-6.module+el8.10.0+886+d4607099.ppc64le.rpm (info) (download)
mod_auth_openidc-debuginfo-2.4.9.4-6.module+el8.10.0+886+d4607099.ppc64le.rpm (info) (download)
mod_auth_openidc-debugsource-2.4.9.4-6.module+el8.10.0+886+d4607099.ppc64le.rpm (info) (download)
x86_64
mod_auth_openidc-2.4.9.4-6.module+el8.10.0+886+d4607099.x86_64.rpm (info) (download)
mod_auth_openidc-debuginfo-2.4.9.4-6.module+el8.10.0+886+d4607099.x86_64.rpm (info) (download)
mod_auth_openidc-debugsource-2.4.9.4-6.module+el8.10.0+886+d4607099.x86_64.rpm (info) (download)
Logs
aarch64
build.log
hw_info.log
installed_pkgs.log
mock_output.log
root.log
state.log
i686
build.log
hw_info.log
installed_pkgs.log
mock_output.log
root.log
state.log
ppc64le
build.log
hw_info.log
installed_pkgs.log
mock_output.log
root.log
state.log
x86_64
build.log
hw_info.log
installed_pkgs.log
mock_output.log
root.log
state.log
Changelog * Fri Apr 12 2024 Tomas Halman <thalman@redhat.com> - 2.4.9.4-6 - Resolves: RHEL-36492 Race condition in mod_auth_openidc filecache - Resolves: RHEL-25421 mod_auth_openidc: DoS when using `OIDCSessionType client-cookie` and manipulating cookies (CVE-2024-24814) * Tue Apr 25 2023 Tomas Halman <thalman@redhat.com> - 2.4.9.4-5 Related: rhbz#2141850 - fix cjose version dependency * Mon Apr 24 2023 Tomas Halman <thalman@redhat.com> - 2.4.9.4-4 Resolves: rhbz#2141850 - auth_openidc.conf mode 0640 by default * Tue Apr 11 2023 Tomas Halman <thalman@redhat.com> - 2.4.9.4-3 - Resolves: rhbz#2184144 - CVE-2023-28625 NULL pointer dereference when OIDCStripCookies is set and a crafted Cookie header is supplied * Tue Feb 21 2023 Tomas Halman <thalman@redhat.com> - 2.4.9.4-2 - Resolves: rhbz#2153659 - CVE-2022-23527 - Open Redirect in oidc_validate_redirect_url() using tab character * Fri Apr 08 2022 Tomas Halman <thalman@redhat.com> - 2.4.9.4-1 - Resolves: rhbz#2025368 - Rebase to new version * Fri Jan 28 2022 Tomas Halman <thalman@redhat.com> - 2.3.7-11 - Resolves: rhbz#1987222 - CVE-2021-32792 XSS when using OIDCPreservePost On * Fri Jan 28 2022 Tomas Halman <thalman@redhat.com> - 2.3.7-10 - Resolves: rhbz#1987216 - CVE-2021-32791 hardcoded static IV and AAD with a reused key in AES GCM encryption [rhel-8] (edit) * Fri Oct 29 2021 Tomas Halman <thalman@redhat.com> - 2.3.7-9 - Resolves: rhbz#2001853 - CVE-2021-39191 open redirect by supplying a crafted URL in the target_link_uri parameter * Tue Nov 17 2020 Jakub Hrozek <jhrozek@redhat.com> - 2.3.7-8 - Resolves: rhbz#1823756 - Backport SameSite=None cookie from mod_auth_openidc upstream to support latest browsers * Tue Nov 17 2020 Jakub Hrozek <jhrozek@redhat.com> - 2.3.7-7 - Resolves: rhbz#1897992 - OIDCStateInputHeaders & OIDCStateMaxNumberOfCookies in existing mod_auth_openidc version - Backport the OIDCStateMaxNumberOfCookies option - Configure which header value is used to calculate the fingerprint of the auth state * Sun May 10 2020 Jakub Hrozek <jhrozek@redhat.com> - 2.3.7-6 - Fix the previous backport - Related: rhbz#1805749 - CVE-2019-14857 mod_auth_openidc:2.3/mod_auth_openidc: Open redirect in logout url when using URLs with leading slashes - Related: rhbz#1805068 - CVE-2019-20479 mod_auth_openidc:2.3/mod_auth_openidc: open redirect issue exists in URLs with slash and backslash * Sun May 10 2020 Jakub Hrozek <jhrozek@redhat.com> - 2.3.7-5 - Resolves: rhbz#1805749 - CVE-2019-14857 mod_auth_openidc:2.3/mod_auth_openidc: Open redirect in logout url when using URLs with leading slashes - Resolves: rhbz#1805068 - CVE-2019-20479 mod_auth_openidc:2.3/mod_auth_openidc: open redirect issue exists in URLs with slash and backslash * Thu Aug 16 2018 <jdennis@redhat.com> - 2.3.7-3 - Resolves: rhbz# 1614977 - fix unit test segfault, the problem was not limited exclusively to s390x, but s390x provoked it. * Fri Aug 10 2018 <jdennis@redhat.com> - 2.3.7-2 - disable running check on s390x * Wed Aug 01 2018 <jdennis@redhat.com> - 2.3.7-1 - upgrade to upstream 2.3.7 * Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Wed May 23 2018 Patrick Uiterwijk <patrick@puiterwijk.org> - 2.3.5-1 - Rebase to 2.3.5 * Fri Feb 09 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.8.10.1-7 - Escape macros in %changelog * Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.10.1-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.10.1-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild * Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.10.1-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild * Sat Feb 18 2017 John Dennis <jdennis@redhat.com> - 1.8.10.1-3 - Resolves: #1423956 fails to build with openssl 1.1.x Also rolls up all fixes to jose library before the change over to cjose * Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.10.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild * Tue Jul 12 2016 John Dennis <jdennis@redhat.com> - 1.8.10.1-1 - Upgrade to new upstream See /usr/share/doc/mod_auth_openidc/ChangeLog for details * Tue Mar 29 2016 John Dennis <jdennis@redhat.com> - 1.8.8-4 - Add %check to run test * Wed Mar 23 2016 John Dennis <jdennis@redhat.com> - 1.8.8-3 - Make building with redis support optional (defaults to without) * Mon Mar 21 2016 John Dennis <jdennis@redhat.com> - 1.8.8-2 - Add missing unpackaged files/directories Add to doc: README.md, DISCLAIMER, AUTHORS Add to httpd/conf.d: auth_openidc.conf Add to /var/cache: /var/cache/httpd/mod_auth_openidc/cache /var/cache/httpd/mod_auth_openidc/metadata * Thu Mar 10 2016 Jan Pazdziora <jpazdziora@redhat.com> 1.8.8-1 - Update to 1.8.8 (#1316528) * Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.7-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild * Sat Jan 09 2016 Fedora Release Monitoring <release-monitoring@fedoraproject.org> - 1.8.7-1 - Update to 1.8.7 (#1297080) * Sat Nov 07 2015 Jan Pazdziora <jpazdziora@redhat.com> 1.8.6-1 - Initial packaging for Fedora 23.