commit apache2-mod_auth_openidc for openSUSE:Factory

Thu, 28 Jul 2022 11:59:53 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package apache2-mod_auth_openidc for 
openSUSE:Factory checked in at 2022-07-28 20:59:11
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/apache2-mod_auth_openidc (Old)
 and      /work/SRC/openSUSE:Factory/.apache2-mod_auth_openidc.new.1533 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "apache2-mod_auth_openidc"

Thu Jul 28 20:59:11 2022 rev:24 rq:991565 version:2.4.11.2

Changes:
--------
--- 
/work/SRC/openSUSE:Factory/apache2-mod_auth_openidc/apache2-mod_auth_openidc.changes
        2021-09-06 15:58:23.277290249 +0200
+++ 
/work/SRC/openSUSE:Factory/.apache2-mod_auth_openidc.new.1533/apache2-mod_auth_openidc.changes
      2022-07-28 20:59:41.091760191 +0200
@@ -1,0 +2,63 @@
+Mon Jul 25 09:25:37 UTC 2022 - Michael Str??der <mich...@stroeder.com>
+
+- removed obsolete BuildRequires autoconf and automake
+- update to 2.4.11.2
+  + release 2.4.11.2
+    * Features
+      - add support for Apache expressions in OIDCPathAuthRequestParams and 
OIDCPathScope; see #594
+    * Bugfixes
+      - add Cache-Control headers to logout response; see #846; thanks 
@blackwhiser1
+    * Other
+      - don't strip the header from encrypted JWTs as future versions of cjose 
may use compact
+      - encoding for JWEs; this slightly increases state cookie size, by-value 
session cookies
+      - and encrypted cache contents again at the benefit of forward cjose 
compatibility
+  + release 2.4.11.1
+    * Bugfixes
+      - fix OIDCUnAuthAction pass not passing claims for authenticated users, 
see #790, thanks @cm0s
+      - fix race conditions in the file cache backend, see #777, thanks 
@dbakker and @blackwhiser1
+      - fix memory leaks over graceful restarts, see #823 and #824, thanks 
@smanolache
+      - avoid using %llu print formatter and switch to %lu for unsigned long 
so it works cross platform
+      - add a check to make sure URLs do not contain unencoded Unicode 
characters, see #796, thanks @cnico
+    * Features
+      - warn about mismatch between incoming X-Forwarded-* headers and 
OIDCXForwardedHeaders configuration
+      - add support for OpenSSL 3.0
+    * Other
+      - remove test-cmd jwk2cert command
+      - correct ap_hook_insert_filter function signature in stub.c, part 2, 
closes #784, thanks @stroeder
+      - add Valgrind Github action
+  + release 2.4.11
+    * Bugfixes
+      - fix use of regular expressions in Require statements
+      - no longer defer multi-OP Discovery to the content handler to allow 
RequireAll and Require not directives in multi-OP setups; closes #775; thanks 
@rajeevn1
+      - improve handling session duration expiry when combined with 
OIDCUnAuthAction pass or Discovery; see #778
+      - terminate on startup when the crypto passphrase generated by exec: is 
empty; see #767
+      - allow authorization on info requests, see #746
+      - avoid debug printout of payload as header when the latter is stripped
+      - fix race condition in file cache backend reading truncated files under 
load; see #777; thanks @dbakker
+    * Features
+      - make interpretation of X-Forwarded-* headers configurable, defaulting 
to none so mod_auth_openidc running behind a reverse proxy that sets 
X-Forwarded-* headers needs explicit configuration of OIDCXForwardedHeaders
+      - make X-Frame-Options header returned on OIDC front-channel logout 
requests configurable through OIDCLogoutXFrameOptions; closes #464
+      - add x5t to JWT header in private_key_jwt client assertions; for 
interop with Azure AD; see #762; thanks @juur
+      - improve detection of suspicious redirect URLs; add test list
+      - add administrative session revocation capability via 
<redirect_uri>?revoke_session=<sessionid>
+    * Packaging
+      - add support for libpcre2; see #740
+      - add AM_PROG_CC_C_O to configure.ac (at least for RHEL 7.7); see #765; 
thanks @bitmagewb
+      - include <openssl/bn.h> in jose.c to compile with OpenSSL 1.0.x
+      - install taking into account DESTDIR; see #674; thanks @alerque
+  + release 2.4.10
+    * Features
+      - add check for Sec-Fetch-Dest header != "document" value and 
Sec-Fetch-Mode header != "navigate" to auto-detect requests that are not 
capable of handling an authentication round trip to the Provider; see #714; 
thanks @studersi
+      - add redirect/text options to OIDCUnAutzAction; see #715; thanks 
@chrisinmtown
+      - log require claims failure on info level
+      - backport ap_get_exec_line, supporting the exec: option in 
OIDCCryptoPassphrase to Apache 2.2
+    * Bugfixes
+      - return HTTP 200 for OPTIONS requests in auth-openidc mixed mode
+      - don't apply claims based authorization for OPTIONS requests so paths 
protected with Require claim directives will now also return HTTP 200 for 
OPTIONS requests
+      - fix memory leak when parsing JWT access token fails (in RS mode)
+      - fix regexp substition crash using OIDCRemoteUserClaim; thanks @nneul; 
closes #720
+    * Packaging
+      - complete usage of autoconf/automake; see #674
+      - add .deb for Debian Bullseye
+
+-------------------------------------------------------------------

Old:
----
  mod_auth_openidc-2.4.9.4.tar.gz

New:
----
  mod_auth_openidc-2.4.11.2.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ apache2-mod_auth_openidc.spec ++++++
--- /var/tmp/diff_new_pack.z37imc/_old  2022-07-28 20:59:41.647763074 +0200
+++ /var/tmp/diff_new_pack.z37imc/_new  2022-07-28 20:59:41.651763094 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package apache2-mod_auth_openidc
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
 
 
 Name:           apache2-mod_auth_openidc
-Version:        2.4.9.4
+Version:        2.4.11.2
 Release:        0
 Summary:        Apache2.x module for an OpenID Connect enabled Identity 
Provider
 License:        Apache-2.0
@@ -26,8 +26,6 @@
 Source:         
https://github.com/zmartzone/mod_auth_openidc/releases/download/v%{version}/mod_auth_openidc-%{version}.tar.gz
 BuildRequires:  apache-rpm-macros
 BuildRequires:  apache2-devel
-BuildRequires:  autoconf
-BuildRequires:  automake
 BuildRequires:  pkgconfig
 BuildRequires:  pkgconfig(cjose) >= 0.5.1
 BuildRequires:  pkgconfig(jansson) >= 2.0
@@ -47,7 +45,6 @@
 %setup -q -n mod_auth_openidc-%{version}
 
 %build
-./autogen.sh
 %configure \
 %if 0%{?is_opensuse} > 0
   %{?_with_hiredis}    \
@@ -58,7 +55,7 @@
 %make_build
 
 %install
-install -D -m0755 src/.libs/mod_auth_openidc.so 
%{buildroot}%{apache_libexecdir}/mod_auth_openidc.so
+install -D -m0755 .libs/mod_auth_openidc.so 
%{buildroot}%{apache_libexecdir}/mod_auth_openidc.so
 
 %check
 make -j1 test

++++++ mod_auth_openidc-2.4.9.4.tar.gz -> mod_auth_openidc-2.4.11.2.tar.gz 
++++++
++++ 47679 lines of diff (skipped)

Reply via email to