[ol8_appstream] mod_auth_openidc-2.3.7-11.module+el8.6.0+20572+b6f23e95.x86_64

Name:	mod_auth_openidc
Version:	2.3.7
Release:	11.module+el8.6.0+20572+b6f23e95
Architecture:	x86_64
Module:	mod_auth_openidc:2.3:8060020220131105504:d63f516d
Group:	System Environment/Daemons
Size:	529544
License:	ASL 2.0
RPM:	mod_auth_openidc-2.3.7-11.module+el8.6.0+20572+b6f23e95.x86_64.rpm
Source RPM:	mod_auth_openidc-2.3.7-11.module+el8.6.0+20572+b6f23e95.src.rpm
Build Date:	Wed Apr 06 2022
Build Host:	build-ol8-x86_64.oracle.com
Vendor:	Oracle America
URL:	https://github.com/zmartzone/mod_auth_openidc
Summary:	OpenID Connect auth module for Apache HTTP Server
Description:	This module enables an Apache 2.x web server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.

Changelog (Show File list) (Show related packages)

Fri Jan 28 2022 Tomas Halman <thalman@redhat.com> - 2.3.7-11

- Resolves: rhbz#1987222 - CVE-2021-32792 XSS when using OIDCPreservePost On

Fri Jan 28 2022 Tomas Halman <thalman@redhat.com> - 2.3.7-10

- Resolves: rhbz#1987216 - CVE-2021-32791 hardcoded static IV and AAD with a
                           reused key in AES GCM encryption [rhel-8] (edit)

Fri Oct 29 2021 Tomas Halman <thalman@redhat.com> - 2.3.7-9

- Resolves: rhbz#2001853 - CVE-2021-39191 open redirect by supplying a crafted URL
                           in the target_link_uri parameter

Tue Nov 17 2020 Jakub Hrozek <jhrozek@redhat.com> - 2.3.7-8

- Resolves: rhbz#1823756 - Backport SameSite=None cookie from
                           mod_auth_openidc upstream to support latest browsers

Tue Nov 17 2020 Jakub Hrozek <jhrozek@redhat.com> - 2.3.7-7

- Resolves: rhbz#1897992 - OIDCStateInputHeaders &
                           OIDCStateMaxNumberOfCookies in existing
                           mod_auth_openidc version
- Backport the OIDCStateMaxNumberOfCookies option
- Configure which header value is used to calculate the fingerprint of
  the auth state

Sun May 10 2020 Jakub Hrozek <jhrozek@redhat.com> - 2.3.7-6

- Fix the previous backport
- Related: rhbz#1805749 - CVE-2019-14857 mod_auth_openidc:2.3/mod_auth_openidc:
                          Open redirect in logout url when using URLs with
                          leading slashes
- Related: rhbz#1805068 - CVE-2019-20479 mod_auth_openidc:2.3/mod_auth_openidc:
                          open redirect issue exists in URLs with slash and
                          backslash

Sun May 10 2020 Jakub Hrozek <jhrozek@redhat.com> - 2.3.7-5

- Resolves: rhbz#1805749 - CVE-2019-14857 mod_auth_openidc:2.3/mod_auth_openidc:
                           Open redirect in logout url when using URLs with
                           leading slashes
- Resolves: rhbz#1805068 - CVE-2019-20479 mod_auth_openidc:2.3/mod_auth_openidc:
                           open redirect issue exists in URLs with slash and
                           backslash

Thu Aug 16 2018 <jdennis@redhat.com> - 2.3.7-3

- Resolves: rhbz# 1614977 - fix unit test segfault,
  the problem was not limited exclusively to s390x, but s390x provoked it.

Fri Aug 10 2018 <jdennis@redhat.com> - 2.3.7-2
```
- disable running check on s390x
```
Wed Aug 01 2018 <jdennis@redhat.com> - 2.3.7-1
```
- upgrade to upstream 2.3.7
```