apache2-mod_auth_openidc-2.3.8-150600.16.8.1<>,Hg3Op9|`NtEZtۮ&LTpm1ep@`mTmo ̛)a%L`ܡJk8%Bփڿ NW܆gz9'h wjDnހoGႎgpbo:POih)iN֩1{[\JV6FmDNԤE|e.GJ#֮S+ 0P[T,yTl ?}xb fɆVE}P' *Q|Ŭf!U>>@?0d! / p>I _     $.8px(89:IFGHI XY\@]H^dbc-defluvwxy z,Capache2-mod_auth_openidc2.3.8150600.16.8.1Apache2.x module for an OpenID Connect enabled Identity ProviderThis module enables an Apache 2.x web server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.g3Onebbiolo SUSE Linux Enterprise 15SUSE LLC Apache-2.0https://www.suse.com/Productivity/Networking/Web/Servershttps://github.com/zmartzone/mod_auth_openidc/linuxppc64le Ag3Lg3L7d0703845d27e4b856b52aa0488844ab312d0db2f83514ca4a4d245b521640a5rootrootrootrootapache2-mod_auth_openidc-2.3.8-150600.16.8.1.src.rpmapache2-mod_auth_openidcapache2-mod_auth_openidc(ppc-64)@@@@@@@@@@    apache_mmn_20120211libc.so.6()(64bit)libc.so.6(GLIBC_2.17)(64bit)libc.so.6(GLIBC_2.38)(64bit)libcjose.so.0()(64bit)libcrypto.so.3()(64bit)libcrypto.so.3(OPENSSL_3.0.0)(64bit)libcurl.so.4()(64bit)libjansson.so.4()(64bit)libjansson.so.4(libjansson.so.4)(64bit)libpcre.so.1()(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)suse_maintenance_mmn_03.0.4-14.6.0-14.0-15.2-14.14.3g@f=@f}T@d,@c@bV@aF`@`e^_@]{@[v[GZZ1@pgajdos@suse.comdanilo.spinella@suse.comdanilo.spinella@suse.comdanilo.spinella@suse.comdanilo.spinella@suse.comdanilo.spinella@suse.comdanilo.spinella@suse.comdanilo.spinella@suse.compgajdos@suse.comkstreitova@suse.comkstreitova@suse.comkstreitova@suse.comkstreitova@suse.comvcizek@suse.comchristof.hanke@mpcdf.mpg.de- security update - added patches fix CVE-2025-31492 [bsc#1240893], OIDCProviderAuthRequestMethod POSTs can leak protected data + apache2-mod_auth_openidc-CVE-2025-31492.patch - enable the testsuite- Fix apxs2 binary location, which made the library file be installed in root folder, bsc#1227261- Fix CVE-2024-24814, DoS when `OIDCSessionType client-cookie` is set and a crafted Cookie header is supplied, bsc#1219911 * fix-CVE-2024-24814.patch- Fix CVE-2023-28625, NULL pointer dereference when OIDCStripCookies is set and a crafted Cookie header is supplied, bsc#1210073 * fix-CVE-2023-28625.patch- Fix CVE-2022-23527, Open Redirect in oidc_validate_redirect_url() using tab character (CVE-2022-23527, bsc#1206441) * fix-CVE-2022-23527-0.patch * fix-CVE-2022-23527-1.patch * fix-CVE-2022-23527-3.patch * fix-CVE-2022-23527-2.patch - Harden oidc_handle_refresh_token_request function * harden-refresh-token-request.patch - Fixes bsc#1199868, mod_auth_openidc not loading- Fix CVE-2021-39191 open redirect issue in target_link_uri parameter (CVE-2021-39191, bsc#1190223) * fix-CVE-2021-39191.patch- Fix CVE-2021-32791 Hardcoded static IV and AAD with a reused key in AES GCM encryption (CVE-2021-32791, bsc#1188849) * fix-CVE-2021-32791.patch - Fix CVE-2021-32792 XSS when using OIDCPreservePost On (CVE-2021-32792, bsc#1188848) * fix-CVE-2021-32792-1.patch * fix-CVE-2021-32792-2.patch- Fix CVE-2021-32785 format string bug via hiredis (CVE-2021-32785, bsc#1188638) * fix-CVE-2021-32785.patch - Fix CVE-2021-32786 open redirect in logout functionality (CVE-2021-32786, bsc#1188639) * fix-CVE-2021-32786.patch - Refresh apache2-mod_auth_openidc-2.3.8-CVE-2019-20479.patch- require hiredis only for newer distros than SLE-15 [jsc#SLE-11726]- add apache2-mod_auth_openidc-2.3.8-CVE-2019-20479.patch to fix open redirect issue that exists in URLs with a slash and backslash at the beginning [bsc#1164459], [CVE-2019-20479]- add apache2-mod_auth_openidc-2.3.8-CVE-2019-14857.patch to fix open redirect issue that exists in URLs with trailing slashes [bsc#1153666], [CVE-2019-14857]- submission to SLE15SP1 because of fate#324447 - build with hiredis only for openSUSE where hiredis is available - add a version for jansson BuildRequires- update to 2.3.8 - changes in 2.3.8 * fix return result FALSE when JWT payload parsing fails * add LGTM code quality badges * fix 3 LGTM alerts * improve auto-detection of XMLHttpRequests via Accept header * initialize test_proto_authorization_request properly * add sanity check on provider->auth_request_method * allow usage with LibreSSL * don't return content with 503 since it will turn the HTTP status code into a 200 * add option to set an upper limit to the number of concurrent state cookies via OIDCStateMaxNumberOfCookies * make the default maximum number of parallel state cookies 7 instead of unlimited * fix using access token as endpoint auth method in introspection calls * fix reading access_token form POST parameters when combined with `AuthType auth-openidc` - changes in 2.3.7 * abort when string length for remote user name substitution is larger than 255 characters * fix Redis concurrency issue when used with multiple vhosts * add support for authorization server metadata with OIDCOAuthServerMetadataURL as in RFC 8414 * refactor session object creation * clear session cookie and contents if cache corruption is detected * use apr_pstrdup when setting r->user * reserve 255 characters in remote username substition instead of 50 - changes in 2.3.6 * add check to detect session cache corruption for server-based caches and cached static metadata * avoid using pipelining for Redis * send Basic header in OAuth www-authenticate response if that's the only accepted method; thanks @puiterwijk * refactor Redis cache backend to solve issues on AUTH errors: a) memory leak and b) redisGetReply lagging behind * adjust copyright year/org * fix buffer overflow in shm cache key set strcpy * turn missing session_state from warning into a debug statement * fix missing "return" on error return from the OP * explicitly set encryption kid so we're compatible with cjose >= 0.6.0 - changes in 2.3.5 * fix encoding of preserved POST data * avoid buffer overflow in shm cache key construction * compile with with Libressl- update to 2.3.4 - requested in fate#323817- initial packagingnebbiolo 17443848472.3.8-150600.16.8.12.3.8-150600.16.8.1apache2mod_auth_openidc.so/usr/lib64//usr/lib64/apache2/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:38315/SUSE_SLE-15-SP6_Update/2ba48ed6ee7f6350d7f0a188b95fd233-apache2-mod_auth_openidc.SUSE_SLE-15-SP6_Updatedrpmxz5ppc64le-suse-linuxdirectoryELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, BuildID[sha1]=f34cdbfea2c34b7b54a2a1c28cef93ec748b7af4, stripped R RRRRRRRR Ro!f<utf-8da7039d1eed514ad26d6ba71a7be81235e040b709dd6dc09942eb333be73022f? 7zXZ !t/;)]"k%"5okw@_/.PS8;ot'O ~Mͱ6u &Cn~, j5:!&m5\ܮ ^$c].qiP͊,`cV@r=U6,Uz*Ǘ8L _Q́DTC /,Cˤ>?,Ě>?'̝/{ KXb@#b,BheDtM!,I+˺@9,͑}6< 7@5|ƁujaZnoi"| v>%SVQ$]~{[aAr0YQDB=<+WQy;qB^']ٌPK}g-t8vK ˜qnX~{Bxe;EA!})Xg| !j)~ exMაܶ}HjS{i׍wƫk{=mD>]n[Jn3[SVAh+gR0A?iA]8{- =eS#Y=hk>$oÌ=Ff]NT+h8{#jk졸8p{w!I@aCUC /nYG46Z^7Բ.KCb)w Y ^+qn23wW3W7 >مn^9 Y=X%e}FfJbƖ` > ЮO!ǏA#y0O0Zi;7S Lِ=b]Y}'-Fk1ڪo7mlCLr19dDc&,URɖlp:TIȣxP.O/%ul7+wE֖q 'gye.kxOtuF<,\qW lX@tMV;$ %EQ簃Gs]A.=AKf{0Q2(K>1 5a; GmBphZyc*~co=::#<`}o ]O  rda 𔺇,YRDȕ%D7ʑCM@Sv-\pzN18b+FWnh.@Ũ .fWxu瞤Tvo&w9>[t}?ϖ"?Mݱ׳\(#9}e&PXӢ^#fWf Q- 夆R:WxV|!81+W7 U2z |z͎Ot7Έ–YK*YIdp~nPhn|sCWWQ WH3a܅{$O2=d%T;!qulQ;>쩱ɋK*& k(³R[3VƢn ^mP_r]E{:Upao*)fY%HiS(] w\svi UanяC&6$w4 WA  GaV7>b7J`cmgy*p:4g.eH `\ՙ޸^2B,~eWeힱCUTGeԌbf5U!q 7A&jUHdxix1Šz?~&ٗYLjp 4WfrE]v.S3mp,K^)$z^`1\l.ܥllpV>SDzD"ĬZ|3蠜)􆱏vۤƦ'w(}*)v.z/nSS>l+Q:$!{9.[uxyoJG9fIƠHNƒ>X^t!QX̤c߬+r, FYeG+$4Y8x(ŧm?w"Y.-xyoEiY Wx-Pw-^~BI~ss6f+A0KuICh}+Q8G1)A y,ex zl4luWʯui^ ߾ZNZPbc2epgEt|IM7LP욱4RQ)iLg[~K=~4#}gigA. :)~XّPpKS;H:cgB'~1㷆wEH{[ߺw'myA0,N 2Ñ'|ZnF%%`kGo Y2j 5ijN2LӖ:f=ze S@p{s~oY. rLm\ͫ4cdEM}Lbütx?(皭>U¶쭦cG?&slglқ.G,xުYA2u*9)Clpz],hJ.Gq4*44Z;8+ 'U1cO-WWn_m 6ԉ9xގ._p-_[O;T}xX0r%=>,,W%$YW)G;"F9ښX>#Wgb%;87Q>}֥N! ou1o2^lǫeif-+|,wlXog>8y&T!,EpN5*ҕՈ a3_j隍%o8̠x=AqCrsyפ6ՠSM%{}eHan47!-ovzŎ60_qX3gc.^J*ѫוKqSb5l34d$:OfPl`JaLEF鰫CyF}$3g,fh 4ɡ#SىNRl@@^L2E/Ȩa R]k˶!H&#WRS1Fo`4 We[m-ɽ?CrBPJ=tFS2s0j7+@A󌄯t+&H^4i-Wc{nPrQʨ@nĽ*\|H_)2>[vڹ$Q}sB%菷\Dmy鞁" 0A7 10ҜAf,dCcv̆b|L0L?= 9j'rsoۭT־(0*nnFKpez]wJmœ/jEӇ`, HQ/z$5hlbSj D%Lٵ$#a_U6 !FkYp @ ^1!cjS$x‡g{ Hou>,m}xx5\Z})9+ ҆h~hN=4˻$jk++o{Er&\$ {pG?Lgl@_`~`&,:^ #L ~QEdJ|qw6 ~=ey!@\sVKWDp7(qPETw'R s:9% O ڑ#E9 Jt,c_#~^fj"*־7xLX*M4 {rRP$RaDڻ5gRCX!\(*H<74fB0o)B/}3U8؉KN.FrQ@]vrEЖ#_Fn)q;d7SՐ't^?6P}0R/`tY~Vq*l|nXjiv _cs7CDPr2#GE&y{سeSCH^M/y%AJ+]ŌrOַ=P.'UO-N1|=s+zaeIZpSM̋|)F6 8bau+^f{uSW4q mU9棖L> /"'wtVL@o\UYH"+":ku˷QG7r/Ӝ|z>TzHHQ\'f:bJCH" &fA@?s`/·p ]yAkkq8ўe (+i3ۂFkJUO;\e+P3 xwgjHy8> dؖZCR~ Vv~/GG4JYZ, M``ܬZ?Jb>z?b-m'$z oS J|#"T(q|N)'g&Bd^z"I<%4-y<<&.]CtdKG,Yn_I᰷Xs hvбtVޚ&3="ꖩ'{ PmRr'M?ْ3L'V^d;KE6. PAocvL~{~A^j_ߙ}T'OSvB;Rg(1`/5A XEnHϕY_XH+ps]J' ÈMJ CJa(DUYD-RV-x?cuc/"FaTN]nTi2TςO=ye/~E*|cg]uJ Qd v-*ȁ3~D|cu [K4=6rLhV{@{Vl];+vdYxr)J 1~{y/S}#%,æVxꢞtOĀ?\@)u2/\x\pY[)X߽!DCyuj+??(Nn27WWu pk?Zm8q|^E> HٖsJD!a+hbAbѭFyq e␛=BR`'7.*=fTl(Z}g:6de!C!Br&sjuydʦ#%@%vgחWc6GM{G[y].5AƽI :$+6LtQ|a,ar8סƦQanR|Ӱr Hӓ$SI&' {%wЇW-/q:ztUw L/ O\$?8ˏ06kE3M ?t3.'VGkZku#g'FɫfN5_TUኾe,2ț冀Fc &Həu@>UW_ԑ%Vg8 Y uz;%[_V0Ͼ`[KA7Iu[(Ⱦn|ie_7+$pV8&NA5g䪩tp1 x0tۼ_|,V@B1F':ᒲ[w ·wŢaA9Jc!*3` (=L'EHHЖeQpi-l?ߢ^^hȍx%){ N(A%kr/myD2op~ҫ{`4Piimx[&eE$\u'~ewtykENmN-JD[`RZT ohkr?베SkI%(R|Ҟzpd29ZU#-S|.va-J9B Pr%3ڠsL pilZw^PN;֛(twAzV:hnhM,it©:TvƬ'Ӈ{bFZUυYk A8~>DoX#87U1Ե~Y{8ZfԷ*DiޅR֗=oСMHby}NnGi%q3tA%$^Z}tȔb"B#aB{KEc5ۅ;2 Z)j- j*RddmeEy]#5Y$+vED ٠FC?#">袽x&AZrvO9)8JȦ1,N2-q͢,*LT!z3OAEc o-XtN ipe-Y)?VЖ.f0D^ $"% =,Ul4࠾/Y K:Ғ餋N{-(֎˜hM|N :83€al)◱usZ8+cyud7bjsLA>gj&ibWr&1H4,xe$d;rM~gru @x9?˯=7R*a0o2ҥF;72tio)jl7FT%w vQn}+ζ}'[[<8Pu,sOZKL4`C !TʵC=P\Fp?&5cOJ?@P!վWO OW|q`jrPn̫,iWBH?A76D*:c;@uMں_tt>V9f{8"8b߳ [tf8{DBUPͭPw4[2#ґٽړ_p2e7qr{+I [5tx%FS5?x߾^%}mަfO-byZ=K~rUVS# u3`)1 J\$՞8ua5ۣq>t=7́\8:>DXE]ݗd2gmFaU}+t:0J)h-Gþ%:DLr;(kbf=IR]a *11gQtZGe<7bk_k&Yϧ.wM%82~%9z}][?[)RwE YZ