apache2-mod_auth_openidc-2.3.8-150600.16.8.1<>,Gg3p9|45\)",ࢂJՈӘe'Ө5 R;O1nʴ-3r+W9[ o/rC|':X6g&w7*}ܔB2{cfcbWLh&؏BHu&j [m*x[/+*U:QL{Q_. 8rFf|h;%>w(gIozƇ{HVZ9bs1%D<&4A+ȗP>>?d! / p>I _     $.8px(@8H9:FoGHIXY\]^b cdHeMfPlRudvlwx yzL\`fCapache2-mod_auth_openidc2.3.8150600.16.8.1Apache2.x module for an OpenID Connect enabled Identity ProviderThis module enables an Apache 2.x web server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.g3h03-ch2aXSUSE Linux Enterprise 15SUSE LLC Apache-2.0https://www.suse.com/Productivity/Networking/Web/Servershttps://github.com/zmartzone/mod_auth_openidc/linuxx86_64XAg3g37f86c848cf80276713652c15561f9ca91305e2dcfdb1c3a9bdf62da5dd67ab8brootrootrootrootapache2-mod_auth_openidc-2.3.8-150600.16.8.1.src.rpmapache2-mod_auth_openidcapache2-mod_auth_openidc(x86-64)@@@@@@@@@@@@@@    apache_mmn_20120211libc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.38)(64bit)libc.so.6(GLIBC_2.4)(64bit)libcjose.so.0()(64bit)libcrypto.so.3()(64bit)libcrypto.so.3(OPENSSL_3.0.0)(64bit)libcurl.so.4()(64bit)libjansson.so.4()(64bit)libjansson.so.4(libjansson.so.4)(64bit)libpcre.so.1()(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)suse_maintenance_mmn_03.0.4-14.6.0-14.0-15.2-14.14.3g@f=@f}T@d,@c@bV@aF`@`e^_@]{@[v[GZZ1@pgajdos@suse.comdanilo.spinella@suse.comdanilo.spinella@suse.comdanilo.spinella@suse.comdanilo.spinella@suse.comdanilo.spinella@suse.comdanilo.spinella@suse.comdanilo.spinella@suse.compgajdos@suse.comkstreitova@suse.comkstreitova@suse.comkstreitova@suse.comkstreitova@suse.comvcizek@suse.comchristof.hanke@mpcdf.mpg.de- security update - added patches fix CVE-2025-31492 [bsc#1240893], OIDCProviderAuthRequestMethod POSTs can leak protected data + apache2-mod_auth_openidc-CVE-2025-31492.patch - enable the testsuite- Fix apxs2 binary location, which made the library file be installed in root folder, bsc#1227261- Fix CVE-2024-24814, DoS when `OIDCSessionType client-cookie` is set and a crafted Cookie header is supplied, bsc#1219911 * fix-CVE-2024-24814.patch- Fix CVE-2023-28625, NULL pointer dereference when OIDCStripCookies is set and a crafted Cookie header is supplied, bsc#1210073 * fix-CVE-2023-28625.patch- Fix CVE-2022-23527, Open Redirect in oidc_validate_redirect_url() using tab character (CVE-2022-23527, bsc#1206441) * fix-CVE-2022-23527-0.patch * fix-CVE-2022-23527-1.patch * fix-CVE-2022-23527-3.patch * fix-CVE-2022-23527-2.patch - Harden oidc_handle_refresh_token_request function * harden-refresh-token-request.patch - Fixes bsc#1199868, mod_auth_openidc not loading- Fix CVE-2021-39191 open redirect issue in target_link_uri parameter (CVE-2021-39191, bsc#1190223) * fix-CVE-2021-39191.patch- Fix CVE-2021-32791 Hardcoded static IV and AAD with a reused key in AES GCM encryption (CVE-2021-32791, bsc#1188849) * fix-CVE-2021-32791.patch - Fix CVE-2021-32792 XSS when using OIDCPreservePost On (CVE-2021-32792, bsc#1188848) * fix-CVE-2021-32792-1.patch * fix-CVE-2021-32792-2.patch- Fix CVE-2021-32785 format string bug via hiredis (CVE-2021-32785, bsc#1188638) * fix-CVE-2021-32785.patch - Fix CVE-2021-32786 open redirect in logout functionality (CVE-2021-32786, bsc#1188639) * fix-CVE-2021-32786.patch - Refresh apache2-mod_auth_openidc-2.3.8-CVE-2019-20479.patch- require hiredis only for newer distros than SLE-15 [jsc#SLE-11726]- add apache2-mod_auth_openidc-2.3.8-CVE-2019-20479.patch to fix open redirect issue that exists in URLs with a slash and backslash at the beginning [bsc#1164459], [CVE-2019-20479]- add apache2-mod_auth_openidc-2.3.8-CVE-2019-14857.patch to fix open redirect issue that exists in URLs with trailing slashes [bsc#1153666], [CVE-2019-14857]- submission to SLE15SP1 because of fate#324447 - build with hiredis only for openSUSE where hiredis is available - add a version for jansson BuildRequires- update to 2.3.8 - changes in 2.3.8 * fix return result FALSE when JWT payload parsing fails * add LGTM code quality badges * fix 3 LGTM alerts * improve auto-detection of XMLHttpRequests via Accept header * initialize test_proto_authorization_request properly * add sanity check on provider->auth_request_method * allow usage with LibreSSL * don't return content with 503 since it will turn the HTTP status code into a 200 * add option to set an upper limit to the number of concurrent state cookies via OIDCStateMaxNumberOfCookies * make the default maximum number of parallel state cookies 7 instead of unlimited * fix using access token as endpoint auth method in introspection calls * fix reading access_token form POST parameters when combined with `AuthType auth-openidc` - changes in 2.3.7 * abort when string length for remote user name substitution is larger than 255 characters * fix Redis concurrency issue when used with multiple vhosts * add support for authorization server metadata with OIDCOAuthServerMetadataURL as in RFC 8414 * refactor session object creation * clear session cookie and contents if cache corruption is detected * use apr_pstrdup when setting r->user * reserve 255 characters in remote username substition instead of 50 - changes in 2.3.6 * add check to detect session cache corruption for server-based caches and cached static metadata * avoid using pipelining for Redis * send Basic header in OAuth www-authenticate response if that's the only accepted method; thanks @puiterwijk * refactor Redis cache backend to solve issues on AUTH errors: a) memory leak and b) redisGetReply lagging behind * adjust copyright year/org * fix buffer overflow in shm cache key set strcpy * turn missing session_state from warning into a debug statement * fix missing "return" on error return from the OP * explicitly set encryption kid so we're compatible with cjose >= 0.6.0 - changes in 2.3.5 * fix encoding of preserved POST data * avoid buffer overflow in shm cache key construction * compile with with Libressl- update to 2.3.4 - requested in fate#323817- initial packagingh03-ch2a 17443847942.3.8-150600.16.8.12.3.8-150600.16.8.1apache2mod_auth_openidc.so/usr/lib64//usr/lib64/apache2/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:38315/SUSE_SLE-15-SP6_Update/2ba48ed6ee7f6350d7f0a188b95fd233-apache2-mod_auth_openidc.SUSE_SLE-15-SP6_Updatedrpmxz5x86_64-suse-linuxdirectoryELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=6904d3b3a4ccdb3d7ff4b799e51d9e01782edd04, strippedR R RRRRRRR RR R RRp&ٍjÌ!utf-83be88859d26a647dcef4d881f448bf24d3d9776fb3085678e41574ec0ff14b11? 7zXZ !t/:&]"k%$6"5okw@_/.PS8;ot'O %ZyL Ak $5kgePFX.һ+r6c{14Fl5x,ϝJfdo˶[MvUm&7 sV{<4nN92)SB/UNb}gfu4Uw gS{(,v lTR9܌v@9RyHGG<^̒:ljQmuf]Ss~ r90|0Xc_tgo_8K|nKDO!wĂTH [Ae#k|rD)K~hwྭj アrmFR2%_O2x~4t @/&L xמsz{.88YUY)-k{v<8g81tWDP7c˺7)FdNhL $cD3+Y#X|&!|P'E wK>PDQhCѱ*,Χ!gƸ:NJ Դ|s2boiZ iI֋TL,D,yLcJ+>H]Dz}3Ij1ƙzĸid~* (~5= US!LL}`QRcF Whm iH+ %Q%ty3A[;@, #%<0y^)$z6s,B+.m @yA+e¤lH1YMZ%z¬CaȆ%֟&*@gGECP@%;ZZBDhQRXΧxPسg4ߟ;( ؎Oƨ[K2(=e 86vOۇzuR9.un`vdh+D7d+][ Gyh]" .(šR-U8ӻOyyQ| R.Qy2LW>дO&u1xu5ۄ@*triI`B[]]ܾpbžj$Or>z+&q/v«L.$'O:/6\W.x1mt/IWj[6e)oz >C2jC(f)T 1U2\!urjݏc:a_ejy;3ڮ ,g/z(+ᘈ=! 9A 眳"GG Z>f.Jt F8UQz R{!l̚ ̝oΚ|N|垦XBuq%a hGSVlp73%sdDvk@=J毅rD1Q򒽝Z@fᗗ ߕYShTMߞ0ů.B>U-yFRZ啦+2Ν  !Y K2Z6H-p͹!*Ll %Bb_ͮlȽEXEQg,SXjv XIO;i$JnoIa\䨴5iEPy1*iCstk{b+I m-v$)y!`Z걃6ᶔ B{h[W3\~ق$x{X !`K ~@n|;yͅmL<`$V@1!I"'ܲ,Mۉ6sM[J^Б &u0ka"M9ɕHm-ؠ̿8m?Kw)pu}@)EA1aT%U϶OYH>6*w\Yk%@iѴU(XEdo'G/'لj"HXGNޟi[Bsm6cR>>/Q_a< $_*oϫ4 PI+b|3l=}׀4j~ 37W} s?-Be^A% iVmF!]瑎遱:^62KCd\B~48ZR,YA')UyG@QN 8x_qA`Xbswa< [NV;34 AQSch`mRԅr\% * +PNճ9 ]@F7|H`0䤳vg) \ةnfZ)$М9 hO5(^ { o: X,yR{5bf/4Ũ Bgut>&_)S}|FDdTldr-)\cpH*#=(ō%&G,oi2  `hqW**ֲ+=$]VEj۟Ujg"Gf:XA??29ZwD+AȜYoJdfۅjב~(_|i4х@8PQidêyEl%¥H?J{zir$pM062 $JdnPʭ{u_V-P /`ٚ] 'рW6jb_7z2o#:*J%#@OR3;nw'FT-B|Ed\|܂wfˉ:Ɔ"%P6<cVrFG&Se a4. Z;0RLW i(Q\D*{σTf&ffTeC;8dm֙r%Dq [ː tGdkBt6"wod ~~M;5>i#rAhJF,f4rs (8÷j@'G-z@#$0j Nx±}~q|z$1(f$5 ,H! L$nlp )%d.W5 c"uݯ -wR|x8 tB,rL8} Il' :)'γZq8 SYVϖmA`́|~}JKd <رvn;:kG8n܊0pQjGv6Ք̥˗mIE*?!߲-~E/zDF ڏGhV}#cb[AFY`C(]{4pQLe@3&d0crև[fA[O΁9;k3'_vĂ$.c8d d<H}i0_DGc8e'Css}a+ |lDqU ^$/GuG ܞ{t" }v-%kI8$ۼXIh ]Qߚ)K$R8Cg Q=t9iHX[H|iu&3ξtbQ*ߎ/QK[(UKOYwc'xq<[C3:Dal(9E5-͊|lISv X좰-4~h\wn!5QG˘Ғ6vT^@q1lwX.qfhv4/ҍmtim6;Ү)R^` ,RMPAZ"`װ?͏O515f9$f,nGsAetS{u_ @0&Qx\v,xA(O~9ڞTt\mJlDhL#{ 0yS^,;/H*F]x*ݳYT԰wϳq$7To /wRtS;_֎(A=Cmpէ-mc?i/q֬AǾrxsyV:}$fhMBPͽ3xWۂ#NK_i@8CbqP k P~ϰ#bwr_N ,g&K7e+9*F֙׮ 3zqߢ1ih 0Y66)wUXYZ P_BYDVu 'נU(x'~O|X)M nqR57DX#@Jۨ[qzӀߖLMGwqj#l?ʁ$E{-6v9B^L;%aOA=ʅ' Ct]/(9{@U^f>:֗4;(oULpb|bxDpQ"J?m:bƴgJNMam]ܭ3TVppN\.L^ {͸C諥 fl-/\\w4I|_IqۘRf0%:'܄1dRSR2Lk@sBn#}͵] @;MpGVF[{8#ŌxW3-3,E)_o~;BlzEeO_]"Jk_)?Tw!CyX\Se2e!kK5XI|QP1qÞ(Hܷ;8 X9ʖA@(+ءcS{ =?PvDž1=m%Dz`P \'/}tc=p̷tln-sQ7 btA1.opZN.'v)M Nk/EsEŘ0=?6{_Cj%ZõTr>X5ɧ8*pX޴*k`n޻sjʴ{D#L\RRPlh_p蚈Y-L-KshgQ{Sv:}"ptN;'=$R;ݱb`Wp aɊۢ?bZ_˦ǰA8QL NѮQI;6 kL9L[TYε/hA 5x\W+}{ 8*!kшNC˓z?Q% _t@)z0jė-HuIbC4N4ObMqj~8sd͏VsNnWoO}/O9Ef{߽x0$-+ѥ_8݌U@%H4?[$ N6nImks`}zW+$9;Ov9yHLj3H 7aTkEu(aomZlt8ǘ 8Kd4fN:E>p@iaϢ_%QnD KC({:MFO_/duaj`l%m;L:lڐgz-Gif_&*M,*jdi=1/J%ZL=  b!2~ObR\4_NuS*5 YZ