apache2-mod_auth_openidc-2.3.8-150600.16.8.1<>,Ng3Vp9|îI #f^E;q,2g7_S%܃gͰT $̋6Z. G/TcT0#JlI YU(Jq;x%PzZIs={aM5fxx  q~aջp#{͵6DoS4Qp^2+9~{?./2So|nD&Q`}*c3ú zReS)I-£Ahh(PկpZ,>>?d! / p>I _     $.8px(8$9`:FKG`HhIpXtY|\]^bcd$e)f,l.u@vHwxy z(8<BCapache2-mod_auth_openidc2.3.8150600.16.8.1Apache2.x module for an OpenID Connect enabled Identity ProviderThis module enables an Apache 2.x web server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.g3Vs390zl34\8SUSE Linux Enterprise 15SUSE LLC Apache-2.0https://www.suse.com/Productivity/Networking/Web/Servershttps://github.com/zmartzone/mod_auth_openidc/linuxs390x\8Ag3Rg3S9ccdaf152fd573fa3da13a36ca597a18905c86555dc09a41cac181c38047dc83rootrootrootrootapache2-mod_auth_openidc-2.3.8-150600.16.8.1.src.rpmapache2-mod_auth_openidcapache2-mod_auth_openidc(s390-64)@@@@@@@@@@@@@    apache_mmn_20120211libc.so.6()(64bit)libc.so.6(GLIBC_2.2)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.38)(64bit)libc.so.6(GLIBC_2.4)(64bit)libcjose.so.0()(64bit)libcrypto.so.3()(64bit)libcrypto.so.3(OPENSSL_3.0.0)(64bit)libcurl.so.4()(64bit)libjansson.so.4()(64bit)libjansson.so.4(libjansson.so.4)(64bit)libpcre.so.1()(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)suse_maintenance_mmn_03.0.4-14.6.0-14.0-15.2-14.14.3g@f=@f}T@d,@c@bV@aF`@`e^_@]{@[v[GZZ1@pgajdos@suse.comdanilo.spinella@suse.comdanilo.spinella@suse.comdanilo.spinella@suse.comdanilo.spinella@suse.comdanilo.spinella@suse.comdanilo.spinella@suse.comdanilo.spinella@suse.compgajdos@suse.comkstreitova@suse.comkstreitova@suse.comkstreitova@suse.comkstreitova@suse.comvcizek@suse.comchristof.hanke@mpcdf.mpg.de- security update - added patches fix CVE-2025-31492 [bsc#1240893], OIDCProviderAuthRequestMethod POSTs can leak protected data + apache2-mod_auth_openidc-CVE-2025-31492.patch - enable the testsuite- Fix apxs2 binary location, which made the library file be installed in root folder, bsc#1227261- Fix CVE-2024-24814, DoS when `OIDCSessionType client-cookie` is set and a crafted Cookie header is supplied, bsc#1219911 * fix-CVE-2024-24814.patch- Fix CVE-2023-28625, NULL pointer dereference when OIDCStripCookies is set and a crafted Cookie header is supplied, bsc#1210073 * fix-CVE-2023-28625.patch- Fix CVE-2022-23527, Open Redirect in oidc_validate_redirect_url() using tab character (CVE-2022-23527, bsc#1206441) * fix-CVE-2022-23527-0.patch * fix-CVE-2022-23527-1.patch * fix-CVE-2022-23527-3.patch * fix-CVE-2022-23527-2.patch - Harden oidc_handle_refresh_token_request function * harden-refresh-token-request.patch - Fixes bsc#1199868, mod_auth_openidc not loading- Fix CVE-2021-39191 open redirect issue in target_link_uri parameter (CVE-2021-39191, bsc#1190223) * fix-CVE-2021-39191.patch- Fix CVE-2021-32791 Hardcoded static IV and AAD with a reused key in AES GCM encryption (CVE-2021-32791, bsc#1188849) * fix-CVE-2021-32791.patch - Fix CVE-2021-32792 XSS when using OIDCPreservePost On (CVE-2021-32792, bsc#1188848) * fix-CVE-2021-32792-1.patch * fix-CVE-2021-32792-2.patch- Fix CVE-2021-32785 format string bug via hiredis (CVE-2021-32785, bsc#1188638) * fix-CVE-2021-32785.patch - Fix CVE-2021-32786 open redirect in logout functionality (CVE-2021-32786, bsc#1188639) * fix-CVE-2021-32786.patch - Refresh apache2-mod_auth_openidc-2.3.8-CVE-2019-20479.patch- require hiredis only for newer distros than SLE-15 [jsc#SLE-11726]- add apache2-mod_auth_openidc-2.3.8-CVE-2019-20479.patch to fix open redirect issue that exists in URLs with a slash and backslash at the beginning [bsc#1164459], [CVE-2019-20479]- add apache2-mod_auth_openidc-2.3.8-CVE-2019-14857.patch to fix open redirect issue that exists in URLs with trailing slashes [bsc#1153666], [CVE-2019-14857]- submission to SLE15SP1 because of fate#324447 - build with hiredis only for openSUSE where hiredis is available - add a version for jansson BuildRequires- update to 2.3.8 - changes in 2.3.8 * fix return result FALSE when JWT payload parsing fails * add LGTM code quality badges * fix 3 LGTM alerts * improve auto-detection of XMLHttpRequests via Accept header * initialize test_proto_authorization_request properly * add sanity check on provider->auth_request_method * allow usage with LibreSSL * don't return content with 503 since it will turn the HTTP status code into a 200 * add option to set an upper limit to the number of concurrent state cookies via OIDCStateMaxNumberOfCookies * make the default maximum number of parallel state cookies 7 instead of unlimited * fix using access token as endpoint auth method in introspection calls * fix reading access_token form POST parameters when combined with `AuthType auth-openidc` - changes in 2.3.7 * abort when string length for remote user name substitution is larger than 255 characters * fix Redis concurrency issue when used with multiple vhosts * add support for authorization server metadata with OIDCOAuthServerMetadataURL as in RFC 8414 * refactor session object creation * clear session cookie and contents if cache corruption is detected * use apr_pstrdup when setting r->user * reserve 255 characters in remote username substition instead of 50 - changes in 2.3.6 * add check to detect session cache corruption for server-based caches and cached static metadata * avoid using pipelining for Redis * send Basic header in OAuth www-authenticate response if that's the only accepted method; thanks @puiterwijk * refactor Redis cache backend to solve issues on AUTH errors: a) memory leak and b) redisGetReply lagging behind * adjust copyright year/org * fix buffer overflow in shm cache key set strcpy * turn missing session_state from warning into a debug statement * fix missing "return" on error return from the OP * explicitly set encryption kid so we're compatible with cjose >= 0.6.0 - changes in 2.3.5 * fix encoding of preserved POST data * avoid buffer overflow in shm cache key construction * compile with with Libressl- update to 2.3.4 - requested in fate#323817- initial packagings390zl34 17443848542.3.8-150600.16.8.12.3.8-150600.16.8.1apache2mod_auth_openidc.so/usr/lib64//usr/lib64/apache2/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:38315/SUSE_SLE-15-SP6_Update/2ba48ed6ee7f6350d7f0a188b95fd233-apache2-mod_auth_openidc.SUSE_SLE-15-SP6_Updatedrpmxz5s390x-suse-linuxdirectoryELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=099c357d98ed6324534e91ffa312bcd0807f37c7, stripped R R RRRRRR RR RR R|Z=YFutf-8ab82f68e5a4b6e64d7e7fc22b8700923d4f1333a0c1c6cc8a3e9f7cb14f7cdae? 7zXZ !t/C."]"k%"5okw@_/.PS8;ot'O ~Mbؚ+!v[*RbNWs,4XΖhpҼ -M?BY6)=wץhnw~PKcϷ"Kse8Xr47Ah.)J_1X:onc-$Tl#$=J_ڧ/Yv}_zd"[ ̎eA xMc_F Q<q#ii~ێk820CD09GW-%Y۾&=Tw->*@y1ODA:ZH(,gcET0؊KT!0xPo@ &8j%!b8{)'ڇ?\NȎola-6ιNꈍ%W3W+&TF֣:B0|<um `ʫ9bts&xE(tdb̀hX2ϔE'iǯOoe`O>g]iC5 <9g(? q;8y6ZL##Z>uf/HZLL /r*_=g9t.?*n &S:OvnSnS:ж-L9YyH*.$< Q=HK+Ͽ@A4ʂ9P:B2Uݕ3h03D8/R?6rpD|͈8 " LGTWWӹ$i^-6r=VmE,ɼo(w8/#VA^It:b ꟻd ZtT!G:WByH:,1K(9-lݥ# 7BC, /`dIV'so3UTf[߾&V[^T&>5 ZƫLJ=[z`}[fQ2[ ,Jō_g5[عR`o%8@SYOld|nX~kC>G:mQ7/R`8Z4{tU|,/lV.UIDطX^iVMx9E|`5}T)qilxR 1KDCWmJž\58l*ܸBގO_MDJ7u ӳaLD[GnQ(ȵ-Aۣb1DvXq\:/ƈ.h^sBV؄tKvEKXZ1y@wt~+5 .a|cAX_cQMށodX@~JIHm^ayRρB\ 1V6s3=H0I<'A׮ 4PNLX\'Uf?"YI* ~AR> wvrMU1J6J_5oӲ0&iAjQTjluY{??UT9Rj|WWp<B$LDj& }ObxMO2,SGAÆag kV߄!S}c6Ye \Uϗ8isZ!'"o9;!u@<TCtg1Q$6 '8|xqXT5<t2*QQ4-}9&3\AW8橩 A +y3BSRVsw hNM.YI^jLhي&_Ɠj~H۠č,1TO9x(34=?chV^i 0M FC`," #Daj\կmRl!wОP Z+<A\7(6DU\t!nV~ {ي]lqf@EZK`Yq~՚!ag\u·њdӶ|*tv,tkSnld򶄀;N<:|zT!I%Rf!Lu$)F|Enn[e!̓3 4.tҼ誱)qATf 'YdINBW/t~T"Op;gI0K[|F'2]Z!n W Ļ> bBYN^,RNhq2u+^}[Am Y*HbfaVQ3ſ,CqY@КWӼ8vN)J;:"Tdg [N"cônHKʠ2'\edVAS@Sܿ|m~b1OXwbvî7"PRGNHS[ʩD MvT(LՊRqӿfu>4Xt+Tg lk |"}ǔ4|0`4X݂B d**6BZ*`+\l*b5wli=ʒUЏ1.+*mZXFVKVeZԅ?okD8AZ]jnOON^UvPgji`VO5A5r6q,ZI"~2N2߄%+Zj ?Iq=b .usE< lk~Ls*o&9܇ba1m|̃6{?> d|[҂gڑ zHēu$3;EsmRoZpq &)a+wN*K.XO>#J}=,´f#l=xˣN j EIcI Ʈfkǐ{=8eK@AKߌ 7B E h4)Fi5({* R0Agk s]laX+/׺z9C!#6\3zpY{{FHVDGޞ|.͹jL`ĝjTokkD`q)-ƠhEa j01U=2x6hL-n<VaIy0VL&A] ^A; (Dx \f#^JK;~l/6WI1o26o';br΋L鰎$9؈j?}aAR󹽋wiSJx! 5|^GpF]J|Yлp9~}ȉhuGa vigu@ ŕI6w>z?a x˸u<-H$ڎ~U96і^PnҢ~X<= {1v$WWxLKY4}U':Dv7Λ%RѵkHIa0,h۸5Ae)Nؓ@O.K-J3V:i $6sݯZ$ H`F:b,x$߆/E@;K* $:rVAd)@P*C߀h#j"¹>i^=&^mS9`fD?=kGcm@ʃJ㦍1d<|Wq'\sHrsSF ` n%D.TCOb~KcH:o?1lqJGa+cIPrkz&ZoK&Ĉ nHupk |O-c[*s&mL[U^־!\O*X ڞ!ݔƱSs,wX*ٜk_e K &8&I3"!35']"VTp{P^1{!P"j$[Jw:~U~AjP3`-˓88d,wXUcwՕ.30%ϛ^_ݍ_9_R HB6DsB3$FkݷӸqk\q-WǤr (5 [~$E\䳓;1qu( '0#\Az8{&JĒz&\EΘNH26Ä>wASa'(R|OXXbG)?4cP8i4$gYM ?_oPU^׹&ԼىUfi;/e60LmdT:@sLvN3*1Eat3YLEhBfڋ,MPMFv"{'7ɢS LmBWTKWG9u qlޮju9 G旽Z9:=:!l_],f䇬iR${Hb $a?'-N=oh>oͦa:6 vѹ ~g~֝9&r.a`IK㏫ԥQ$*i3WG#^~؂ f- 6GY͊'}v3NwW90OZUS}#"Tѱ* n:)2]3x"a\UvXgkXZ Dţ$My_Gydl Xn`~.Kʧ,F ?n%v2YKQ]>+b/I7EѨ"@{RB>rCE/&W0hK wqҊ^L/O},z6Zُ{;ÉYee,t -]:p'j.~9OgywnCf6b'S;'!@ƝO)ye k4ﴍ$JaHȐ@"{#.7^jokk0樅JA(6dn{V\ӘS9M1: l#[:ж8Ȼ.eNT5ZEwt YU;iwvIk#*@a9AG9urBskG KdB2zkS_f &W»`-@ O9! Ybvht% a4). #zRv}(pB:3\DwШt;^1pȵOH]K& go[F.\hl6&A`U s\(`Hl>LN$[j q(?HR_)%ǧP' 4\H|VG!wϡ6"P? gi`6V\]F#Y{{}>;H923(UZ_ ^AY ~ S ToXqS?X(k VֺңkoL0HEv_FyneX=DiNYĀ&ܑ!6tt-`V t5P՞{VӼs\1ʟ\ ulB4u]U{-X(]ܧiFGLZq=+7?vwVDf3_mJVYCt4޲QuT*^6q*$_ O'y, KND2 Ft @+s-weYJtc0I%\ֳڄZA^="2~6>0ڕSD5jό,3[FU]?`wCG2KK%$"HȱrC42]z sˇ $M.FIJL]SHZxFX.8=sWZ(ڀM` 48{:s$۱qlO!p)Ґa"By\/$wԦ.!j[ "XbXjoͅƎSb/{D9DFyEfJzpbj7]ɓ%rڔDw$dMuĥaq6żjd]sdkRJxjf d͑j,<{ (7k0&GM5l˟ff[0X EcI%^8(]t'՝q"`E=dfGw?LEtQbJ#}Hh Cav*nrAL 6Yŏ!>;K.D+Fazzieߐ!{_G$Dy_uC ~@к٠Ԅ1( U~ubQTBp16BtbDYXuŎeV}Qp
    BdWoZk&ܳ7 w9cx<܄΅bajh>юSSMMZ*Vޭ *'Dǘ%|{ZAG&~ӤU[IG6T]7i^{21ZH.Y@?I0A_WqOn##>wI2앬ҍ& sxenm?K@ x3D9)]&)?b%f˵ZKXIH6,Mlĥ&V)d6'95x)+Pդ<Ӷ6?t6b)#X13yQr{BJ?=VwS toc7@5vaHhJ #">c$27fYŃcnM U,&Tu&>32kVYŅ-&sIW)#yG̒/fO-Վ!lS=( * ̡x3V wsYȪwd/",[qd #'4<׮1G=G̵#Zbuf/Tc~Hm a@7rɏ^7ϰ2?(HHh/z9u~@MZ2-v ^ ]5!^paYhn hJ2kp}B{܋N= d(=҄+`SMx_X#t7r;w3dJZiYۓS6}B4i}%@:+ ky&>H4OQT`?̞啺F|mYDN0u^i^zK [AeDW|ii[kodPRǝXDi_ ܼ)apr? ߣ~&`qKHt蒯| '.Cfl<(D7UJd/@%aFMXCY ite|^TFu}õ@tōK3bI[lBYR7D' ^V2^vl0Zw b^,q lI9kҠc!>?ÄwG'$I%9}x {=<GVk/ \jL8 5o`#?l#O4qIu-r {G1TPq23\*~k' @ &'&pC!^ʻ(Prh)^ji4 [q.KI;p.QYP6AU[Z"UGۢKMa5.+0ōvhXTթp30R]9B4'ktA5#7f{*0LMkyNn[ƨVD6iMIcl6 JExX\P]|BJ=^`{4N#& ?#V$at)¿tǚnfT'{bFBPva'wE 6.ٱ! Qkf+&߄ 񛘐 3-jRC6ֺzdN}ˆ(sE) m2`ij\P:8hxmvg$k:7U2a0U0 4Q )*b~ŸTu҆ec)S &ǰў