[ol8_appstream] mod_auth_openidc-2.4.9.4-1.module+el8.7.0+20769+fca4d9d0.x86_64

Name:	mod_auth_openidc
Version:	2.4.9.4
Release:	1.module+el8.7.0+20769+fca4d9d0
Architecture:	x86_64
Module:	mod_auth_openidc:2.3:8070020220413132751:3b9f49c4 mod_auth_openidc:2.3:8080020230720161126:63b34585
Group:	Unspecified
Size:	589412
License:	ASL 2.0
RPM:	mod_auth_openidc-2.4.9.4-1.module+el8.7.0+20769+fca4d9d0.x86_64.rpm
Source RPM:	mod_auth_openidc-2.4.9.4-1.module+el8.7.0+20769+fca4d9d0.src.rpm
Build Date:	Mon Oct 03 2022
Build Host:	build-ol8-x86_64.oracle.com
Vendor:	Oracle America
URL:	https://github.com/zmartzone/mod_auth_openidc
Summary:	OpenID Connect auth module for Apache HTTP Server
Description:	This module enables an Apache 2.x web server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.

Changelog (Show File list) (Show related packages)

Fri Apr 08 2022 Tomas Halman <thalman@redhat.com> - 2.4.9.4-1
```
- Resolves: rhbz#2025368 - Rebase to new version
```

Fri Jan 28 2022 Tomas Halman <thalman@redhat.com> - 2.3.7-11

- Resolves: rhbz#1987222 - CVE-2021-32792 XSS when using OIDCPreservePost On

Fri Jan 28 2022 Tomas Halman <thalman@redhat.com> - 2.3.7-10

- Resolves: rhbz#1987216 - CVE-2021-32791 hardcoded static IV and AAD with a
                           reused key in AES GCM encryption [rhel-8] (edit)

Fri Oct 29 2021 Tomas Halman <thalman@redhat.com> - 2.3.7-9

- Resolves: rhbz#2001853 - CVE-2021-39191 open redirect by supplying a crafted URL
                           in the target_link_uri parameter

Tue Nov 17 2020 Jakub Hrozek <jhrozek@redhat.com> - 2.3.7-8

- Resolves: rhbz#1823756 - Backport SameSite=None cookie from
                           mod_auth_openidc upstream to support latest browsers

Tue Nov 17 2020 Jakub Hrozek <jhrozek@redhat.com> - 2.3.7-7

- Resolves: rhbz#1897992 - OIDCStateInputHeaders &
                           OIDCStateMaxNumberOfCookies in existing
                           mod_auth_openidc version
- Backport the OIDCStateMaxNumberOfCookies option
- Configure which header value is used to calculate the fingerprint of
  the auth state

Sun May 10 2020 Jakub Hrozek <jhrozek@redhat.com> - 2.3.7-6

- Fix the previous backport
- Related: rhbz#1805749 - CVE-2019-14857 mod_auth_openidc:2.3/mod_auth_openidc:
                          Open redirect in logout url when using URLs with
                          leading slashes
- Related: rhbz#1805068 - CVE-2019-20479 mod_auth_openidc:2.3/mod_auth_openidc:
                          open redirect issue exists in URLs with slash and
                          backslash

Sun May 10 2020 Jakub Hrozek <jhrozek@redhat.com> - 2.3.7-5

- Resolves: rhbz#1805749 - CVE-2019-14857 mod_auth_openidc:2.3/mod_auth_openidc:
                           Open redirect in logout url when using URLs with
                           leading slashes
- Resolves: rhbz#1805068 - CVE-2019-20479 mod_auth_openidc:2.3/mod_auth_openidc:
                           open redirect issue exists in URLs with slash and
                           backslash

Thu Aug 16 2018 <jdennis@redhat.com> - 2.3.7-3

- Resolves: rhbz# 1614977 - fix unit test segfault,
  the problem was not limited exclusively to s390x, but s390x provoked it.

Fri Aug 10 2018 <jdennis@redhat.com> - 2.3.7-2
```
- disable running check on s390x
```