apache2-mod_auth_openidc-2.3.8-150600.16.5.1<>,A\fjp9|}au =Gj0 6,Sd=gY&IQh%# ~a!&^3q\A%x G!/6xEpۮIY6IZ湚6C緍7O11̏Daw]5Z~hMsCc|ނ̈́%!Q#\i"oQ_lvx ! cc <7}HiBND4>>?d! / p>I _     $.8px( 89L:F[GtH|IXY\]^bcd8e=f@lBuXv`wxy z<LPVCapache2-mod_auth_openidc2.3.8150600.16.5.1Apache2.x module for an OpenID Connect enabled Identity ProviderThis module enables an Apache 2.x web server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.fjh02-armsrv1 @SUSE Linux Enterprise 15SUSE LLC Apache-2.0https://www.suse.com/Productivity/Networking/Web/Servershttps://github.com/zmartzone/mod_auth_openidc/linuxaarch64 @Afjfj73c7147b8401d77d2c62a9d92c68e05be8399f31e0663c09d6839fb15c2141f8rootrootrootrootapache2-mod_auth_openidc-2.3.8-150600.16.5.1.src.rpmapache2-mod_auth_openidcapache2-mod_auth_openidc(aarch-64)@@@@@@@@@@@@    apache_mmn_20120211ld-linux-aarch64.so.1()(64bit)ld-linux-aarch64.so.1(GLIBC_2.17)(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.17)(64bit)libc.so.6(GLIBC_2.38)(64bit)libcjose.so.0()(64bit)libcrypto.so.3()(64bit)libcrypto.so.3(OPENSSL_3.0.0)(64bit)libcurl.so.4()(64bit)libjansson.so.4()(64bit)libjansson.so.4(libjansson.so.4)(64bit)libpcre.so.1()(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)suse_maintenance_mmn_03.0.4-14.6.0-14.0-15.2-14.14.3f=@f}T@d,@c@bV@aF`@`e^_@]{@[v[GZZ1@danilo.spinella@suse.comdanilo.spinella@suse.comdanilo.spinella@suse.comdanilo.spinella@suse.comdanilo.spinella@suse.comdanilo.spinella@suse.comdanilo.spinella@suse.compgajdos@suse.comkstreitova@suse.comkstreitova@suse.comkstreitova@suse.comkstreitova@suse.comvcizek@suse.comchristof.hanke@mpcdf.mpg.de- Fix apxs2 binary location, which made the library file be installed in root folder, bsc#1227261- Fix CVE-2024-24814, DoS when `OIDCSessionType client-cookie` is set and a crafted Cookie header is supplied, bsc#1219911 * fix-CVE-2024-24814.patch- Fix CVE-2023-28625, NULL pointer dereference when OIDCStripCookies is set and a crafted Cookie header is supplied, bsc#1210073 * fix-CVE-2023-28625.patch- Fix CVE-2022-23527, Open Redirect in oidc_validate_redirect_url() using tab character (CVE-2022-23527, bsc#1206441) * fix-CVE-2022-23527-0.patch * fix-CVE-2022-23527-1.patch * fix-CVE-2022-23527-3.patch * fix-CVE-2022-23527-2.patch - Harden oidc_handle_refresh_token_request function * harden-refresh-token-request.patch - Fixes bsc#1199868, mod_auth_openidc not loading- Fix CVE-2021-39191 open redirect issue in target_link_uri parameter (CVE-2021-39191, bsc#1190223) * fix-CVE-2021-39191.patch- Fix CVE-2021-32791 Hardcoded static IV and AAD with a reused key in AES GCM encryption (CVE-2021-32791, bsc#1188849) * fix-CVE-2021-32791.patch - Fix CVE-2021-32792 XSS when using OIDCPreservePost On (CVE-2021-32792, bsc#1188848) * fix-CVE-2021-32792-1.patch * fix-CVE-2021-32792-2.patch- Fix CVE-2021-32785 format string bug via hiredis (CVE-2021-32785, bsc#1188638) * fix-CVE-2021-32785.patch - Fix CVE-2021-32786 open redirect in logout functionality (CVE-2021-32786, bsc#1188639) * fix-CVE-2021-32786.patch - Refresh apache2-mod_auth_openidc-2.3.8-CVE-2019-20479.patch- require hiredis only for newer distros than SLE-15 [jsc#SLE-11726]- add apache2-mod_auth_openidc-2.3.8-CVE-2019-20479.patch to fix open redirect issue that exists in URLs with a slash and backslash at the beginning [bsc#1164459], [CVE-2019-20479]- add apache2-mod_auth_openidc-2.3.8-CVE-2019-14857.patch to fix open redirect issue that exists in URLs with trailing slashes [bsc#1153666], [CVE-2019-14857]- submission to SLE15SP1 because of fate#324447 - build with hiredis only for openSUSE where hiredis is available - add a version for jansson BuildRequires- update to 2.3.8 - changes in 2.3.8 * fix return result FALSE when JWT payload parsing fails * add LGTM code quality badges * fix 3 LGTM alerts * improve auto-detection of XMLHttpRequests via Accept header * initialize test_proto_authorization_request properly * add sanity check on provider->auth_request_method * allow usage with LibreSSL * don't return content with 503 since it will turn the HTTP status code into a 200 * add option to set an upper limit to the number of concurrent state cookies via OIDCStateMaxNumberOfCookies * make the default maximum number of parallel state cookies 7 instead of unlimited * fix using access token as endpoint auth method in introspection calls * fix reading access_token form POST parameters when combined with `AuthType auth-openidc` - changes in 2.3.7 * abort when string length for remote user name substitution is larger than 255 characters * fix Redis concurrency issue when used with multiple vhosts * add support for authorization server metadata with OIDCOAuthServerMetadataURL as in RFC 8414 * refactor session object creation * clear session cookie and contents if cache corruption is detected * use apr_pstrdup when setting r->user * reserve 255 characters in remote username substition instead of 50 - changes in 2.3.6 * add check to detect session cache corruption for server-based caches and cached static metadata * avoid using pipelining for Redis * send Basic header in OAuth www-authenticate response if that's the only accepted method; thanks @puiterwijk * refactor Redis cache backend to solve issues on AUTH errors: a) memory leak and b) redisGetReply lagging behind * adjust copyright year/org * fix buffer overflow in shm cache key set strcpy * turn missing session_state from warning into a debug statement * fix missing "return" on error return from the OP * explicitly set encryption kid so we're compatible with cjose >= 0.6.0 - changes in 2.3.5 * fix encoding of preserved POST data * avoid buffer overflow in shm cache key construction * compile with with Libressl- update to 2.3.4 - requested in fate#323817- initial packagingh02-armsrv1 17200196532.3.8-150600.16.5.12.3.8-150600.16.5.1apache2mod_auth_openidc.so/usr/lib64//usr/lib64/apache2/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:34510/SUSE_SLE-15-SP6_Update/382b0a534047544238be3cf036b8922b-apache2-mod_auth_openidc.SUSE_SLE-15-SP6_Updatedrpmxz5aarch64-suse-linuxdirectoryELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=a58a55aa3a45d3e225d5f73e0d557fd8358ae98a, stripped RR RRRR RR RR RRl姀 >n^utf-837d8579791b20adee7af6facb0707097d8f02dd3a7a63a503dc116b8f1d13a0d? 7zXZ !t/20"h]"k%"5okw@_/.PS8;ot'O ~Mܾ$<{/Xs|"]S4X+(ܕyZQ@q6D̆fVPT])|*ZÂio/ݓxK׵DR<%(̩&ϖ/SNȝ)"+l)qz.=O q[]'7bJ ؟kw bw8n+Xq+m|eɥ;]\< -o%>ʻY a`  ZJds,kZjK눤\ ĘsFnmIp=;ފs(J; )jrnCwGx}c!r 5`Ee ^Ü؞+'j:nnZ/Y,c-2~e2)Qds`-7zugX,MwNoՠNc%v7=)^a@1T%U4w)YDΫ>ڙݱI|0K͖!:ThI/7<^FkR2VeDlz b86[(/% RofM]3 V7N2Yf%Pԭv=;i>TVg[G_tU&F,FpHmFv^aWo25z0%CGM(xgh̝,LiG[GS m K2Y`vtnu}`oU;:Ɍ)yMy!q4^sT5 y!Q&IH>_;'=| rS:{gݹpE|"<)XlwV096aL}p3+;KhAVɁgǞT#:5^^p%:xws2 q,s!׻Xͩ7*hsZH` i-✻5)vwR0o~Ed%R 5" .XRE~N;dm"'kنc,Z11kDp]rnh OB1?n kCZ L.Fȏne4@%Z&0 Cﻷ3J Pu#&+(rԒ\W ?]vg^*%u;8(";ݠZ,`4)l m*0dO_-*L𰾪|93 ipKu(HΞ`Y3$md:l %|hKY.  ,(B«h'oBL FL QID$jK_Q;{?p~[ 2qnR:@n auMHC\q3ܷ|t(ʙ={>Dca#R 0%!hB)3Ĺlj-W#)zbh9zb~d$^Dn` h,SfR.OAqJn:ZŚ'Kk]좰yf2M*Gw®,*VwJ.*q檕̽F:i-Eˈm8%hr(F,<3wV:]4n,NNgOQ^'?A#oߩ&URV}uFF]*S|ʅ,ﵑcwOqH.7"c3jb >V3#"Cт^0lt EfԊo e[ur͖ݗ aD:l6܍M fI"JW=S 3i/?M?`Q9mrXu`yOüg]_ҵ#w f? Ofa>?uzݤrDlr5 =C]WB .ewM#&PK| fx d0!V%L-&R,S%r#wKkںOE(%ՃI௛/^ )Uв]+/e  yCOkBԟ&C3~ܥE2oJ;GتQ*UzNב-՝ɖVGÊƴo4(?XT/R@BnE\~Rm<7)t]ӢHNĦ*u}AШd:>_F񞦴(:l5K>跙 D!v3>}&(t-l5/(?hb09bnuہMz:?&vO!})DGgG)%r|'dV[ 5@R,ɢqꀵyv!S,,ઃ9-ǎXtoѠu3%,8/PsM\߬a&n AKs'b3'/5^'Ii,Ⱥ(]o( iX:K!]&lzWXX$6<@@dLRҿ2lȿ~;gq[4|1;K8')064Д'e-/Z1d\Eשv@Y϶){ rՉ?^ѡ,]ש{ Fl+L̋{5D ,'͕"A}[J ~10:XHNz{Fۑ n*S,Hrׅ+5@ E'?.iZ ΋Gc)|Y{΀BuDv44_ *~GqPz ̄tJ פ5|5Jԯ|%yg:jpq1z k~ձ]Ld%tyƵNxjz^ͳ%;S'oY!ٶ"~$i!!-, b62a+C?JD``J%`M썘i!MYP;\-nLUl؜@3.Cl=\oxϤ(}޻İc!rρZl2mh4Bh *1N$Ⱥ7Xe@л( " i׻c.| sYD/Դ^#<*fv=\ SC o:+d, ދWp =@VO+`TgvAp߻ƘnzψeChTԒʋ5mP,8#_ '4K:VS7 ':ͷ#MzַF0>^nU;;o ACssW,oyYka+ͪܬԫBԫmi$oo^K5g%fkK'ߜUV_G1C^E[8٧3,% uW>]N >.JAW \~"+}\+%DJEp ˝රf~k6Mapy=4f..I-NӟpWD1^(Q T@DH1*}K7o̅v];fOs[dJ3LydLsx nSy":Jb7 4$W:έM #Y]pÞBt{H$n] Ϭ8gúY&et8E8Cguy|:ݝ:viumMOP +@t1;1I-S>~z4\އ(]߼E:toZKW֐  e,OqKg71U2%hN!׎1…;RI9 k 5Pţge0Q`eU/c 1d.*Z13&8ӈ&K [|c:̎2ǃf=qE{nḛ\ie'l`ٔ_mx \a2 YhMxaS=NG9^SKE"bE~¶tKOF6㢡ֿK##v_ y! /v9az;T$R||4F/,ˊ{3j(mӘ[KgKofc5<#TJ,uhҀ$'S b7Ʋ~ $EV;@1|1Y%U .[3̧Z+N:9+Sڶ;xj"xُ<]ѿ\2l< s;r" êN/t4;%\ѿ2IM xdg5F'pS@@!0B:*y8+QlAfAԬXV #Gxg$%焭dT<4Q#MPÅ-,F޷"7'=}2'_< rv7il 7l Wz@EoIiW10 W>>މey鴯XNjh?fQ˜3$K= Hb35xP|PE ɋ/Kv "(FWdYw숌d%XK_'c&%]&$n,jy3Ű!!Z@ Ƙ 1%.⛫AiꯎHTd7Ǯ60A? el/ؤFO@$]RAqK@F '99w|YS>R͑@-mP4VpBwLs 1>Uʗ%DQaի9j,(8:jDjOZQB~OR# :4@)6{,܊j$?R@53d$;E=;/s}2yǟ(d-67<6DYFA\ǕJ\h+o\3P|=M} Fӱ%WsQtzkr< /LΨZ.%r װk.0{ F)k] Q0/7Q%L=ٵ\4:)^'kWTc]K`ŮG6 Ft .h(2](;#0YqlIɕ5#AaU%pMYq>E6Ql1 T^WC^U- [ҩ)Spe2l$[;QsPe*om1^HAGD=i77 # zG>W6ԹTf4H瑬axCqx{Io!w[L ' C7#;+nORٖ/bBqrBΏtL50%py~Gf.*Q@j2҃k>r(3Xg](daeJp\H8w27_t:,L钔Ŧ8ѫ]vU_Unx@:V[qX ׳z` 淆epS!{ox6ƶĚ7vhUhd\ _3 Y@S밋~.bPMmmɑNL.eG{_򗙧IO7z}[RlQedRdY*њb1A`~;QKmNE\?SqR0%?7znGHcbqP޵7(^1q[W6*{DX8uΜDHȷq56BF9u@*$xh3YrRpr_KDoJ&EˎGdS|lT9)敨EΒdIuOOѓWUK ˱A$@ LDUɆxW"5\sXwb)^VTS(n j)'Ѿ|ԗYE}/yqK{ڮ^*zofn讍ₗyC¼eŒns4k}t 6]?Wig(u2}C$R3 d=hoX^W|`"GFP]F6M\5>~Qy:;L<_`ǝD?12 ~rsjze!N3.31@%gYt ي~<Ja_At 3ܩ^)j0Z&͍EnԒ_h_4 9:X$ѩON}4n6D_1|90{ƿt fd-حxQ1U|_S9(}pyHQU5 Ag(r^IZWGD>]N 3Yb[*vvhKV`+k5NfZ⨅3"s6x@ k*H\ծD՘Mn]yD=F9z³#ֳwaȾ_bw$A@ۛojH-;g*ߴj!PnP