mod_auth_openidc-2.4.9.4-4.el9 RPM for x86_64

From CentOS Stream 9 AppStream for x86_64

This module enables an Apache 2.x web server to operate as
an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.

Provides

• mod_auth_openidc
• config(mod_auth_openidc)
• mod_auth_openidc(x86-64)

Requires

• config(mod_auth_openidc) = 2.4.9.4-4.el9
• httpd-mmn = 20120211x8664
• libc.so.6()(64bit)
• libc.so.6(GLIBC_2.14)(64bit)
• libc.so.6(GLIBC_2.2.5)(64bit)
• libc.so.6(GLIBC_2.3)(64bit)
• libc.so.6(GLIBC_2.3.4)(64bit)
• libc.so.6(GLIBC_2.4)(64bit)
• libc.so.6(GLIBC_2.7)(64bit)
• libcjose.so.0()(64bit)
• libcrypto.so.3()(64bit)
• libcrypto.so.3(OPENSSL_3.0.0)(64bit)
• libcurl.so.4()(64bit)
• libjansson.so.4()(64bit)
• libjansson.so.4(libjansson.so.4)(64bit)
• libjq.so.1()(64bit)
• libpcre.so.1()(64bit)
• libssl.so.3()(64bit)
• rpmlib(CompressedFileNames) <= 3.0.4-1
• rpmlib(FileDigests) <= 4.6.0-1
• rpmlib(PayloadFilesHavePrefix) <= 4.0-1
• rpmlib(PayloadIsZstd) <= 5.4.18-1
• rtld(GNU_HASH)

License

ASL 2.0

Changelog

* Mon Apr 24 2023 Tomas Halman <thalman@redhat.com> - 2.4.9.4-4
  Resolves: rhbz#2189268 - auth_openidc.conf mode 0640 by default
* Tue Apr 11 2023 Tomas Halman <thalman@redhat.com> - 2.4.9.4-3
  - Resolves: rhbz#2184145 - CVE-2023-28625 NULL pointer dereference
    when OIDCStripCookies is set and a crafted Cookie header is supplied
* Tue Feb 21 2023 Tomas Halman <thalman@redhat.com> - 2.4.9.4-2
  - Resolves: rhbz#2153656 - CVE-2022-23527 - Open Redirect in
    oidc_validate_redirect_url() using tab character
* Tue Nov 30 2021 Tomas Halman <thalman@redhat.com> - 2.4.9.4-1
  - Resolves: rhbz#2001852 - CVE-2021-39191 mod_auth_openidc: open redirect
                             by supplying a crafted URL in the target_link_uri
                             parameter
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.4.8.2-3
  - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
    Related: rhbz#1991688
* Fri Jul 30 2021 Jakub Hrozek <jhrozek@redhat.com> - 2.4.9.1-1
  - Resolves: rhbz#1987223 - CVE-2021-32792 mod_auth_openidc: XSS when using
                             OIDCPreservePost On [rhel-9.0]
  - Resolves: rhbz#1987217 - CVE-2021-32791 mod_auth_openidc: hardcoded
                             static IV and AAD with a reused key in AES GCM
                             encryption [rhel-9.0]
  - Resolves: rhbz#1987204 - CVE-2021-32786 mod_auth_openidc: open redirect in
                             oidc_validate_redirect_url() [rhel-9.0]
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.4.8.2-2
  - Rebuilt for RHEL 9 BETA for openssl 3.0
    Related: rhbz#1971065
* Mon May 10 2021 Jakub Hrozek <jhrozek@redhat.com> - 2.4.8.2-1
  - New upstream release
  - Resolves: rhbz#1958466 - mod_auth_openidc-2.4.8.2 is available
* Thu May 06 2021 Jakub Hrozek <jhrozek@redhat.com> - 2.4.7.2-1
  - New upstream release
  - Resolves: rhbz#1900913 - mod_auth_openidc-2.4.7.2 is available
* Fri Apr 30 2021 Tomas Halman <thalman@redhat.com> - 2.4.4.1-3
  - Resolves: rhbz#1951277 - Remove unnecessary LTO patch

Files

/etc/httpd/conf.d/auth_openidc.conf
/etc/httpd/conf.modules.d/10-auth_openidc.conf
/usr/lib/.build-id
/usr/lib/.build-id/a7
/usr/lib/.build-id/a7/65e46130ff598f02fd19842686b0542adbf150
/usr/lib64/httpd/modules/mod_auth_openidc.so
/usr/share/doc/mod_auth_openidc
/usr/share/doc/mod_auth_openidc/AUTHORS
/usr/share/doc/mod_auth_openidc/ChangeLog
/usr/share/doc/mod_auth_openidc/README.md
/usr/share/licenses/mod_auth_openidc
/usr/share/licenses/mod_auth_openidc/LICENSE.txt
/var/cache/httpd/mod_auth_openidc
/var/cache/httpd/mod_auth_openidc/cache
/var/cache/httpd/mod_auth_openidc/metadata

Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Apr 30 03:31:50 2024