apache2-mod_auth_openidc-2.3.8-150100.3.25.1<>,5d,Dp9|%Orfdʼn?L';mdzA j?X<ֺvُSu6LoBr*0!N &ŋ[ \&΀ D/Ry5P&ǥ4Ywg`~">gϚOpiXR S˜^a(:сP=l*ThLFmk[[0Qk,IVı5x`~\É`^j(W-]h-Id>/yRy),B>>? d! / p>I _     $.8px(8 9 : FGHIXY\0]8^Tbtcdefluvwtx|y zCapache2-mod_auth_openidc2.3.8150100.3.25.1Apache2.x module for an OpenID Connect enabled Identity ProviderThis module enables an Apache 2.x web server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.d,Dibs-arm-6@SUSE Linux Enterprise 15SUSE LLC Apache-2.0https://www.suse.com/Productivity/Networking/Web/Servershttps://github.com/zmartzone/mod_auth_openidc/linuxaarch64@Ad,Dd,D345cd877b5bbd1980b627b6413dcd36806e88931a02b9936d9149dfaffa25100rootrootrootrootapache2-mod_auth_openidc-2.3.8-150100.3.25.1.src.rpmapache2-mod_auth_openidcapache2-mod_auth_openidc(aarch-64)@@@@@@@@@@    apache_mmn_20120211ld-linux-aarch64.so.1()(64bit)ld-linux-aarch64.so.1(GLIBC_2.17)(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.17)(64bit)libcjose.so.0()(64bit)libcrypto.so.1.1()(64bit)libcrypto.so.1.1(OPENSSL_1_1_0)(64bit)libcurl.so.4()(64bit)libjansson.so.4()(64bit)libpcre.so.1()(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)suse_maintenance_mmn_03.0.4-14.6.0-14.0-15.2-14.14.1d,@c@bV@aF`@`e^_@]{@[v[GZZ1@danilo.spinella@suse.comdanilo.spinella@suse.comdanilo.spinella@suse.comdanilo.spinella@suse.comdanilo.spinella@suse.compgajdos@suse.comkstreitova@suse.comkstreitova@suse.comkstreitova@suse.comkstreitova@suse.comvcizek@suse.comchristof.hanke@mpcdf.mpg.de- Fix CVE-2023-28625, NULL pointer dereference when OIDCStripCookies is set and a crafted Cookie header is supplied, bsc#1210073 * fix-CVE-2023-28625.patch- Fix CVE-2022-23527, Open Redirect in oidc_validate_redirect_url() using tab character (CVE-2022-23527, bsc#1206441) * fix-CVE-2022-23527-0.patch * fix-CVE-2022-23527-1.patch * fix-CVE-2022-23527-3.patch * fix-CVE-2022-23527-2.patch - Harden oidc_handle_refresh_token_request function * harden-refresh-token-request.patch - Fixes bsc#1199868, mod_auth_openidc not loading- Fix CVE-2021-39191 open redirect issue in target_link_uri parameter (CVE-2021-39191, bsc#1190223) * fix-CVE-2021-39191.patch- Fix CVE-2021-32791 Hardcoded static IV and AAD with a reused key in AES GCM encryption (CVE-2021-32791, bsc#1188849) * fix-CVE-2021-32791.patch - Fix CVE-2021-32792 XSS when using OIDCPreservePost On (CVE-2021-32792, bsc#1188848) * fix-CVE-2021-32792-1.patch * fix-CVE-2021-32792-2.patch- Fix CVE-2021-32785 format string bug via hiredis (CVE-2021-32785, bsc#1188638) * fix-CVE-2021-32785.patch - Fix CVE-2021-32786 open redirect in logout functionality (CVE-2021-32786, bsc#1188639) * fix-CVE-2021-32786.patch - Refresh apache2-mod_auth_openidc-2.3.8-CVE-2019-20479.patch- require hiredis only for newer distros than SLE-15 [jsc#SLE-11726]- add apache2-mod_auth_openidc-2.3.8-CVE-2019-20479.patch to fix open redirect issue that exists in URLs with a slash and backslash at the beginning [bsc#1164459], [CVE-2019-20479]- add apache2-mod_auth_openidc-2.3.8-CVE-2019-14857.patch to fix open redirect issue that exists in URLs with trailing slashes [bsc#1153666], [CVE-2019-14857]- submission to SLE15SP1 because of fate#324447 - build with hiredis only for openSUSE where hiredis is available - add a version for jansson BuildRequires- update to 2.3.8 - changes in 2.3.8 * fix return result FALSE when JWT payload parsing fails * add LGTM code quality badges * fix 3 LGTM alerts * improve auto-detection of XMLHttpRequests via Accept header * initialize test_proto_authorization_request properly * add sanity check on provider->auth_request_method * allow usage with LibreSSL * don't return content with 503 since it will turn the HTTP status code into a 200 * add option to set an upper limit to the number of concurrent state cookies via OIDCStateMaxNumberOfCookies * make the default maximum number of parallel state cookies 7 instead of unlimited * fix using access token as endpoint auth method in introspection calls * fix reading access_token form POST parameters when combined with `AuthType auth-openidc` - changes in 2.3.7 * abort when string length for remote user name substitution is larger than 255 characters * fix Redis concurrency issue when used with multiple vhosts * add support for authorization server metadata with OIDCOAuthServerMetadataURL as in RFC 8414 * refactor session object creation * clear session cookie and contents if cache corruption is detected * use apr_pstrdup when setting r->user * reserve 255 characters in remote username substition instead of 50 - changes in 2.3.6 * add check to detect session cache corruption for server-based caches and cached static metadata * avoid using pipelining for Redis * send Basic header in OAuth www-authenticate response if that's the only accepted method; thanks @puiterwijk * refactor Redis cache backend to solve issues on AUTH errors: a) memory leak and b) redisGetReply lagging behind * adjust copyright year/org * fix buffer overflow in shm cache key set strcpy * turn missing session_state from warning into a debug statement * fix missing "return" on error return from the OP * explicitly set encryption kid so we're compatible with cjose >= 0.6.0 - changes in 2.3.5 * fix encoding of preserved POST data * avoid buffer overflow in shm cache key construction * compile with with Libressl- update to 2.3.4 - requested in fate#323817- initial packagingibs-arm-6 16806227882.3.8-150100.3.25.12.3.8-150100.3.25.1apache2mod_auth_openidc.so/usr/lib64//usr/lib64/apache2/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:28532/SUSE_SLE-15-SP1_Update/ab378ebf491528eba437f00e83b27b67-apache2-mod_auth_openidc.SUSE_SLE-15-SP1_Updatedrpmxz5aarch64-suse-linuxdirectoryELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=5e32ee8c04ad3f8746cb24b69cf6745bec110bee, stripped RRRRRR RR RRus67)HJEutf-845860ca5a491b50b05f521a1c21e5d736fdd236e95989e48b24aa424f5959211? 7zXZ !t/*H]"k%$6"5okw@_/.PS8;otyR i9*8}"0,p۞i&G[-I>uCP^H.=(p*|`Dvs3UF_#as> 7ԛ8YFg?Ì,)8q,(ŏb-fj%"κ+ L`q8B{E]w}T>z?4`<Ⱥ HsY@F6B2y=i4d'nǜ?HL0vv][w>W#S/~=ނ6 f%Ƥ0äbG>D蚏WgwK j46=3 Ye4I'hvg>@{ZߊP:❶&PZiVs_V ctٰWᱰ΀ knLQlGvާÙ0$<{pibj!ꢀN,Q&^d6)W!7cUv7;\~bD0Q8 VI^ς;tAg-r2vdy/N `{caNT鋼\DBIR~RP?H~'IcM0^^>pL3p(ijl"{$QľǒǵyTOLs܂W;!`t ')sutU'ڣ;2y,C Ԝ7s*V=§qU Me(>,rSܑm70K4G{SK/ J~,6u!m!&SQMUw_+]C)ʸVw\ȀEW! E53owa$)üYWm8C@MWYрnfbo>9dF‘Їx`q4wW꤈ s{,Vj9 2n?r>Jxpvё9؀=q%g=|t.! o5' #PN"LprR:0>/FSG HgCg- *%lx0֘^d_;g`yQyc3d3u{ fy`,Zߔ:UHDv7ۂ\yB Yمm)R%3Zd"U@pNww{{_e:R\`4{Sj!,g,f}8f!/cG&4C4u`uJR~JMDhG\Di\:Ha[')p\<@ JM^~3hw#ځ-U]JphoWi1Cb 8 L)VZM}`Ҵu -;&l䍉"㘸,ӟ>˲V]薱3un74F<P`2G7Oӎ}쥠[=\C~5fpl{D^[q #k0}qVuu@4Fg:9y7ŭ)jH*x? P($Lb<|8= C ^ ,}B/ ui8ɺ4 3}@ &>Gˀ޻? QvKj!fZoZ{WϾh ٣Qs@i|N85yAT0n7а 8wiL+ ^imڊӦH7p ԛ -^X6b| -̉FRU @`zB|>>m G<x,J^%sr0nG:.GW8ms6ߙJ1( ~4&=!tJb }Q^"خi@#u7l^oZHDD*?BPQ/R0`UkŞNSy?Gշ <Ԏ M7M!?lLȨI:\sEd؆A٠&a ܚtu.Q~aXٖiFͯG' <"+SIZ1N&:/R^+g濉>U,֛  2tU3mVI֡# c ժ/INDV(YPT\0`іCSM=KZƦg5Mx.+` XZ>o-ν9{-wȀY'~^݀QK2b̽ Hvu>Po~ޜ;쎜)N5VłiL$IɱEae/pf! nXȉt9g]  Ջ 7{(,LCPQٝeF oIN05i 8jBZe,\/:%U6u۰0ډ|~eOQ4gj+1Ěa^ 瘠i $i*?>\l龗 W>2L;^9:NN@" 3fM:=ajp čsш|`!z훧^ݖ97@KFC:%Sys.s= !2~MېlShTr][ ]I՜{<윱@I m7ԑY;Sp\HӴ#:@ 4"d4wwƌmԎn4;az;զk#UfŲ"}_0i>cA'ݬCAO??963s3ZӅ&\<I6S<ڣyOak}YzG בyA%Tslsϴ,Χ*Cj:d Uvhجc&ihHIk}Ÿi L("MۦkA%766$8L#98O&=W 'r0PU5%Proːߔsү_T6÷˧o)Ѥ{)ʣC!1zFnXn3IP8;>HЊT{cu*z6n%8{ۄ>Pg?1k$ ^&)W*8ޅ7g ni7P=sXaVlU ?|4+ S1Fy_ eUijU "aW>::-} u^~ @sگHO=bp3r#"XWT٭6s*c+@0^XjzO !miS0>槊Ā ,!ӁVT{v0.0T\u YZ