apache2-mod_auth_openidc-2.3.8-150600.16.8.1<>,Q\g3p9|d,'g]}F{qa *v<֒Ѽ((ˈ7`+nykʹdHț2` 5EV? )6rnjg>?d! / p>I _     $.8px(@8H9:FoGHIXY\]^b cdHeMfPlRudvlwx yzL\`fCapache2-mod_auth_openidc2.3.8150600.16.8.1Apache2.x module for an OpenID Connect enabled Identity ProviderThis module enables an Apache 2.x web server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.g3h03-ch2aXSUSE Linux Enterprise 15SUSE LLC Apache-2.0https://www.suse.com/Productivity/Networking/Web/Servershttps://github.com/zmartzone/mod_auth_openidc/linuxx86_64XAg3g37f86c848cf80276713652c15561f9ca91305e2dcfdb1c3a9bdf62da5dd67ab8brootrootrootrootapache2-mod_auth_openidc-2.3.8-150600.16.8.1.src.rpmapache2-mod_auth_openidcapache2-mod_auth_openidc(x86-64)@@@@@@@@@@@@@@    apache_mmn_20120211libc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.38)(64bit)libc.so.6(GLIBC_2.4)(64bit)libcjose.so.0()(64bit)libcrypto.so.3()(64bit)libcrypto.so.3(OPENSSL_3.0.0)(64bit)libcurl.so.4()(64bit)libjansson.so.4()(64bit)libjansson.so.4(libjansson.so.4)(64bit)libpcre.so.1()(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)suse_maintenance_mmn_03.0.4-14.6.0-14.0-15.2-14.14.3g@f=@f}T@d,@c@bV@aF`@`e^_@]{@[v[GZZ1@pgajdos@suse.comdanilo.spinella@suse.comdanilo.spinella@suse.comdanilo.spinella@suse.comdanilo.spinella@suse.comdanilo.spinella@suse.comdanilo.spinella@suse.comdanilo.spinella@suse.compgajdos@suse.comkstreitova@suse.comkstreitova@suse.comkstreitova@suse.comkstreitova@suse.comvcizek@suse.comchristof.hanke@mpcdf.mpg.de- security update - added patches fix CVE-2025-31492 [bsc#1240893], OIDCProviderAuthRequestMethod POSTs can leak protected data + apache2-mod_auth_openidc-CVE-2025-31492.patch - enable the testsuite- Fix apxs2 binary location, which made the library file be installed in root folder, bsc#1227261- Fix CVE-2024-24814, DoS when `OIDCSessionType client-cookie` is set and a crafted Cookie header is supplied, bsc#1219911 * fix-CVE-2024-24814.patch- Fix CVE-2023-28625, NULL pointer dereference when OIDCStripCookies is set and a crafted Cookie header is supplied, bsc#1210073 * fix-CVE-2023-28625.patch- Fix CVE-2022-23527, Open Redirect in oidc_validate_redirect_url() using tab character (CVE-2022-23527, bsc#1206441) * fix-CVE-2022-23527-0.patch * fix-CVE-2022-23527-1.patch * fix-CVE-2022-23527-3.patch * fix-CVE-2022-23527-2.patch - Harden oidc_handle_refresh_token_request function * harden-refresh-token-request.patch - Fixes bsc#1199868, mod_auth_openidc not loading- Fix CVE-2021-39191 open redirect issue in target_link_uri parameter (CVE-2021-39191, bsc#1190223) * fix-CVE-2021-39191.patch- Fix CVE-2021-32791 Hardcoded static IV and AAD with a reused key in AES GCM encryption (CVE-2021-32791, bsc#1188849) * fix-CVE-2021-32791.patch - Fix CVE-2021-32792 XSS when using OIDCPreservePost On (CVE-2021-32792, bsc#1188848) * fix-CVE-2021-32792-1.patch * fix-CVE-2021-32792-2.patch- Fix CVE-2021-32785 format string bug via hiredis (CVE-2021-32785, bsc#1188638) * fix-CVE-2021-32785.patch - Fix CVE-2021-32786 open redirect in logout functionality (CVE-2021-32786, bsc#1188639) * fix-CVE-2021-32786.patch - Refresh apache2-mod_auth_openidc-2.3.8-CVE-2019-20479.patch- require hiredis only for newer distros than SLE-15 [jsc#SLE-11726]- add apache2-mod_auth_openidc-2.3.8-CVE-2019-20479.patch to fix open redirect issue that exists in URLs with a slash and backslash at the beginning [bsc#1164459], [CVE-2019-20479]- add apache2-mod_auth_openidc-2.3.8-CVE-2019-14857.patch to fix open redirect issue that exists in URLs with trailing slashes [bsc#1153666], [CVE-2019-14857]- submission to SLE15SP1 because of fate#324447 - build with hiredis only for openSUSE where hiredis is available - add a version for jansson BuildRequires- update to 2.3.8 - changes in 2.3.8 * fix return result FALSE when JWT payload parsing fails * add LGTM code quality badges * fix 3 LGTM alerts * improve auto-detection of XMLHttpRequests via Accept header * initialize test_proto_authorization_request properly * add sanity check on provider->auth_request_method * allow usage with LibreSSL * don't return content with 503 since it will turn the HTTP status code into a 200 * add option to set an upper limit to the number of concurrent state cookies via OIDCStateMaxNumberOfCookies * make the default maximum number of parallel state cookies 7 instead of unlimited * fix using access token as endpoint auth method in introspection calls * fix reading access_token form POST parameters when combined with `AuthType auth-openidc` - changes in 2.3.7 * abort when string length for remote user name substitution is larger than 255 characters * fix Redis concurrency issue when used with multiple vhosts * add support for authorization server metadata with OIDCOAuthServerMetadataURL as in RFC 8414 * refactor session object creation * clear session cookie and contents if cache corruption is detected * use apr_pstrdup when setting r->user * reserve 255 characters in remote username substition instead of 50 - changes in 2.3.6 * add check to detect session cache corruption for server-based caches and cached static metadata * avoid using pipelining for Redis * send Basic header in OAuth www-authenticate response if that's the only accepted method; thanks @puiterwijk * refactor Redis cache backend to solve issues on AUTH errors: a) memory leak and b) redisGetReply lagging behind * adjust copyright year/org * fix buffer overflow in shm cache key set strcpy * turn missing session_state from warning into a debug statement * fix missing "return" on error return from the OP * explicitly set encryption kid so we're compatible with cjose >= 0.6.0 - changes in 2.3.5 * fix encoding of preserved POST data * avoid buffer overflow in shm cache key construction * compile with with Libressl- update to 2.3.4 - requested in fate#323817- initial packagingh03-ch2a 17443847942.3.8-150600.16.8.12.3.8-150600.16.8.1apache2mod_auth_openidc.so/usr/lib64//usr/lib64/apache2/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:38315/SUSE_SLE-15-SP6_Update/2ba48ed6ee7f6350d7f0a188b95fd233-apache2-mod_auth_openidc.SUSE_SLE-15-SP6_Updatedrpmxz5x86_64-suse-linuxdirectoryELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=6904d3b3a4ccdb3d7ff4b799e51d9e01782edd04, strippedR R RRRRRRR RR R RRp&ٍjÌ!utf-83be88859d26a647dcef4d881f448bf24d3d9776fb3085678e41574ec0ff14b11? 7zXZ !t/F71X]"k%"5okw@_/.PS8;ot'O ~N@9ϊ ڙPy d@W99â4B;5RA pTW G+*|K [AH.'-_ty?" (QOHZ0jw3,rwz :حQ0AsjOrHmGt(U*'-ؿI֋:7CG,f}١y473xݬaMZ%L.Vhނ0XV1Upo` c|{€Xxq֮q[-ڣΎYߡ[‚/mƉvGӭ%f%*\BI`_5|Eb[ 7O’LT8jZ*:\rۢ'zI١"ЪK#8cUNHqтvv4I#-{J{wYԌrSHHT؞F xw7s";$Sعx$PH,1 6E5'QB ZUkJ+_} d;Ե/RΎJXz~TblCڞ|sOb4~wn"Ÿi]PEa^3> Fz}uS+M:m^dƝp=iNnz=%Jz-KzTp;GU$%O$# 5gxWC0G籀$q+2VB o>28<N./쵀݈*Dժs@4d>0;ڧ:x[(Zλrvz;DٶkaVeE]ɠӠౣ8OScOLL'@&&]"ah#5J 0Rl 2޺ޖߏhpHRu;ޭo2lbDjR*5)0dC1R&y㨲ҨW>{W_b ~r^U$r/TXVhAtw| %x`Ypz`W#Ѿg.,bTfRK}a@V^6N0h Ѵ%NxbQ`;hޢ+h>ouX^W!Xe[3dސc~8bK!~Ip`ֆk划S+UI?"[0?gny7M67'[d o]n$!V\Gt!.Æ`RKzF'H*ִXRױ"0jy$ ԓ.ik‡|WNy`}7+Dz&J;+5wݺUoHv@ɻ_}+j}qWI&NOn~!4ŗ!K\|uA`%k8jX9{n.;1X/UҜ]Eg-Ufd2LYwVn7/ҳA*NyuC0U'w>< u %mTMCso;q饚)i4_e\wn^A8]ksߍYfj[*@U~=?Iaf>] hpUP'itpDE-/`ܒvjt?vÎQ]k7|pZg'Ԡmr'p8H!524 DA,͛#M!M~{Ds5LV!cmǯ(:}'QOC #jao)fҨݙ-_^bbL>=D3ܓĩUxa kt8\<^+GG9/\$ZUWJw "958Q+ 33$S9g}*0#k#luCHkw({[nۢOuϠ]kB<4w BE5ʿg5p,,*qs J6!XEc@v&,BbcxMnX3gQf,[wb}xtrq5++n9b!G/@NHCyL'WF}&aknW&Wi!Xv CLuf k7:{A)ďe!e' v[mI=ښlk9uO5!+FfHKRǿhq³ 1p&bZLBB9|X;9\>ߙ!N1vp|Oz#gO,4[SEcmi ?:qmI(tTx=r-L-"m24$ Ry\A_r>?XПL-{=L\y"v*g3:0㭷@usiqU\q8lTF睈CI>?{+Sbn}#Jkڥ kLF8Ą͟Pe}2$EktÇ|`CW%|I/PƝ %yfD8ǤO#, FTP!AyڏVC}W; s9[ri.yAoU3W1M<junj=xn*H]#Yُl˩{ p[^%PQW%jշ:pe'*ȥ4j)vw+ U FbFI0a_GqEF5:T;+Rvɉ&PL6tF8fzd'&̱8a53D 0bGqI׆[&aAa8>fQJGHG{ _LL1s 7jr,}~*So.wn`LQ(h֥|[3&^NkNmYZpk38m=VEхit[#E=*qΣ-TҵIJrZ+Z/TL}lUo@kA4pIBA3wf! zqiN}ۅQmDGulVN@s:aC'([WOnq1f^_"b0Q{<&N<a24(VTWL~>,N)r˾gC=wD0J|٥֕ĮD-ܑ 0\._ڜ|d9L!ӂ`_ʣ/:pǢ0k9.fcѭ*KFx^JsS$c6&; #/)΍A.D .f_.&`w5C*/ "7U6&ZLupÙпNde]=^)ErIk)ۧ]F͇=\4rX4#`735i {!/Bx2zs:°y{ZX; g̨PInK|+\$PO,/hH[uP,^7׆AHDrg{9.bSӝx{Ch\%y-fGdQ0L"j7t!&`vcijs}jA˸7F5NBphF #]qyeɷP(s9-)QӾ/'Y^ ekv IQCB=A'L +I f7Ȓ+ܤ6#?r)Ͳ9I߲NAgmֻU_h3VΜSϱ4x [\!pŭf`1-F_Grޕ;܁\Ej ruW,ʁ7iּx.v >+n |=SD6N]Bǎ@4g_díL"GR湻iӟAgɣ(oSlLpX) PP *}OD׍}Rq g­o,43eg8<ǧSܠPm23 (6 /^̘-|{3eroZTYGWevpkHIjA fe^W]7v| ^F4[Dvu^q+#obaowqH}MFQt޷1qU;…RbpD+g"jxa҂Ef&ryOTSM*h~ߺ̫O b0˛J__RĴvb+gq#$Tafc݂W%1{m|^NcC_k_I8z\|豰B^B6Q6JntRGu8M}ۤwC LJ~qbuhfO˕d'IXdy'(< ǘ>to4kv7 P["#=O:Y9_QJa*uyHɿ)eH! bWMs/ ו? [RfUrW6|`qx*W[3`|úL'(j.AϐO3j3ˡHÉ.x (`T%źl.;1I@uª=/E8 CP!*Sy0[jnbnؼYRw|:a țo>ޫ$42`1 c䙭v5 +kaq~Yrºj9+PfAǴATHP<]+gb!:gg>5- qoa41 }dG d|Ma<ѷ,<,o4G@|h?Z`\\a̅ۙXeb|_?ո94m*n[\@tx Pȵ`aDl~$O,^TR!mR>RI cSxyZ$X(} m9Mn"G 5=afWWu$l(7m+X@dy[42|]}O2&$}#`k_wM7l&#kCZwO8| .USU׺)i'mH \`P: Ҵ9qx'_O7[]Oq}?! . l˷EDdQ|0뱢K8Wb-fkJ, Od #WoV@N%=. S{ AR0m Hw)~be? pqmpj7LMhhqB+p:lK(v\qH;DAK])4p;)s7J]6az޹NRLJ ӼxD, 6'쪼NZ8! HHe@v/sC|ch~`noב__Tؖ"Ok&x̍JNiܒkNf7riW-X#H<421NY nyjp4/.M SCp;).`JAM!>p.Ʌ:@BM~o^tuY-maKgpǾς Y&i^:2>WXJHEzʠIT*|##IɚiiEE BC`pXxN/ʤǟcN3MO48\41(cikww_Dk~p@9qJM\|wnБ/Sb|[|dG8V%qTK_ \s R 1Lp<~paH(z&vPW8YMLU4+_B wحUi3XB Iy=rZs!:v<<5F/^Y!)1^|fQoڮf S۝sYŕ 7_sߠ4,:OLB?LFZLQ?dy6}j`zu4(.DS J0m ZSXm@%Xdkȏ i0pώHi&mA:PS6ZqLz4ژaHcz ]ERƣP* 2J6geg%FrmvxR[jk#UG8cN^)iOg2B`s4kBBZ$_zn1GaYyWk ^i?-!.6 (~eVԶ&ECsg,yvL3޵ " >qHR#>8(m(it+u)?ay{~{Z3Pn ;LBKbGYf9 |z)]5Tw IUAҬef ]0@$?a^Qm8}'Gl4 Yv4K#T@i:GR?_ U-FϨޚZjM~$-fI itĞ, kur渾u@*f*ke+ԨDm Rm݌( O0JkTgcS: xf_6C?]#(f(G=J|0YfCIm(蠸j2K0jMK"xK}8XrR_r rȉ"DNmkS3[h`Z')+>7#~},ȕLgݍKmuTnjb: \]QؒRJȤ+H_'a As4vTW#?\?}e’Bm3DX*vwE=h>pV`ĐEE'8)'[~WN, RbIED/L1 s{vFqXLЧ21$L}(_0 mlO1ᶛ{ >AYM&if@`w;!샃X#C#gf|<{N)ggZkl(T=X1c@[jHQ^ڕ&aﭨOLEF4EEsi\dBgB٣LKM~LA8sq?p<_;]; VehιyG$)o+_ { _^ҙ`e\hR5TA}!9KJ ^tB/ŝp%,/a&:eٺ| ,; qKL5x3V0A?bU? _ەc*d$<WT_rC+'!=1 7iW3]w=R2Cڃn'WR/3Z :1"r2z  rrxũ_"\\{lݺ^ޚh(!^ʛk#ZZ7*74K b<{N'6Vt9W?2`?uU&kI2Ĺ܃:F},P۴4l9X+J.2=tQf:0:mDѽEɄa(@Atq6>L6h@lhnjX)Pxvw&5DTU)·^Uu1zΕ") 7 _KhUU豪] { a͐KС5NhvGjn#6ӦYhi-~=wO*Γu2P|fz-\j޴IaCͯx*&B[8)𔉶PeQT M h1>8nX[Μz k$Nr<)ZmCQCB\0W2r[*ȧ= ϠbU4uG+pPrbD&!{$7 (p D:O-i;1HgChsfݨ.PF4{!IJ\"Y|W4@Aq>)V}Ɩ]S]Rut͆r"NT:E'_ 1 )˞x2-:J=C,тwԄh ߤ{[PTITBcU *쀤PAGJ،o<ݻ+3wq%9-VVA2g;dbY 9sS=ͽc46IlInApkiOQ+gR nwvnX8ca)~>*Zn82n }ZZ\ ~i+;D0pZS(uR+kW ! sxT'S\+5=k{5j9I0$psN&_aD'觭ʀ|z Ь4kKau͋!}Xw~ {%7xd* SǢ>Q/}2RHyRȿҪq&7pj o@l1V\O!.ė4T!=C" 7cFQN3+/w(,Mh!9G|ݏژˠ]Xmހ6+*$AaFpq.gVRSthJﭐCCBM# yl-\@{%Rjq<@ +:is䃦'$s=mt/'g. ;x~4 ZԓLZw<:{Tb_xJu$6ZIaWʯn0w hi)Ԗ~7wģƢ<&Hj<,\˚~%ߵ Y$9풄>I.tV({%sE9H._9Y;SZ 6T?|R27P3 zApL3+ڷ$CNpBBQ \UwϵifAvq8t sRc i {[86:`% Jc ݹjSUMYBFB@G,`F(;{*D&5]!{uf)!x?]*4" 1CH0i;l %BdHw5C.#X7 %ıiij@зVFxTx4Q@s|Scq.SNRg]칠Z#7QX_ ?0.Ѻ( vaa }%,2C!oY,RsoꑤwL+`il+2G|emE8]P }3]F'Z ;sA ̫T40<ڹNeLZ8ZZj^+Yhqȅx3uO$ d}gV'=m(TY6*7̏d #-=TkHVgvUBjPaՁ;x| S -~BhBinRD/:U{W )#C6{)TRس)^QfޯVɮ|I jR-F~*K1?UyBFRwR]!F7Rʹ5`I9sKFK,{j'bPQmc:{g/kѽ^9zEg/~VU`'m3'μq341c9 C  !}^ˆkI-]p!&b)OKjnTL|Չ$Bn,sr?&?u9@!wort$mmI^RӅp M#|׶BVIkx/DY%/[kG