commit apache2-mod_auth_openidc for openSUSE:Factory

[Source-Sync]

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package apache2-mod_auth_openidc for 
openSUSE:Factory checked in at 2024-09-20 17:12:24
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/apache2-mod_auth_openidc (Old)
 and      /work/SRC/openSUSE:Factory/.apache2-mod_auth_openidc.new.29891 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "apache2-mod_auth_openidc"

Fri Sep 20 17:12:24 2024 rev:32 rq:1202153 version:2.4.16.3

Changes:
--------
--- 
/work/SRC/openSUSE:Factory/apache2-mod_auth_openidc/apache2-mod_auth_openidc.changes
        2024-04-10 17:51:30.586945310 +0200
+++ 
/work/SRC/openSUSE:Factory/.apache2-mod_auth_openidc.new.29891/apache2-mod_auth_openidc.changes
     2024-09-20 17:13:35.367674676 +0200
@@ -1,0 +2,63 @@
+Tue Sep 17 08:52:12 UTC 2024 - pgaj...@suse.com
+
+- version update to 2.4.16.3
+  09/06/2024
+  - allow overriding globally set OIDCCacheType back to shm in vhosts
+  - correct typo in child initialization routines when using multiple vhosts; 
closes #1208; thanks @studersi
+    this fixes possible segmentation faults when using Redis and Metrics 
settings in vhosts
+  09/05/2024
+  - fix OIDCCacheShmMax min/max settings; see #1260; thanks @bbartke
+  08/29/2024
+  - fix setting OIDCPKCEMethod none; closes #1256; thanks @eoliphan
+  08/28/2024
+  - re-introduce OIDCSessionMaxDuration 0; see #1252
+  - add some resilience when both Forwarded and X-Forwarded-* are configured
+  - fix disabled OIDCStateCookiePrefix command; closes #1254; thanks @damisanet
+  - remove support for OIDCHTMLErrorTemplate, deprecated since 2.4.14
+  08/26/2024
+  - fix parsing OIDCXForwardedHeaders; closes #1250; thanks @maltesmann
+  07/03/2024
+  - cfg/provider: use oidc_jwk_list_copy when merging client_keys
+  06/18/2024
+  - memcache: correct dead server check on APR_NOTFOUND; see #1230; thanks 
@rpluem-vf
+  06/08/2024
+  - support DPoP nonces to the userinfo endpoint
+  06/06/2024
+  - add OIDCDPoPMode [off|optional|required] primitive
+  - store the token_type in the session
+  06/05/2024
+  - add "nbf" claim in the Request Object as per 
https://openid.net/specs/openid-financial-api-part-2-1_0-final.html#rfc.section.5.2.2
+  06/04/2024
+  - add (client) support for RFC 9449 OAuth 2.0 Demonstrating Proof of 
Possession (DPoP)
+  - replace multi-provider .conf "issuer_specific_redirect_uri" boolean with 
"response_require_iss" boolean
+  - tighten up the "aud" claim validation in ID tokens
+  - add support for the FAPI 2.0 Security Profile 
https://openid.net/specs/fapi-2_0-security-profile-ID2.html
+  05/30/2024
+  - add support for RFC 9126 OAuth 2.0 Pushed Authorization Requests
+  04/23/2024
+  - disable support for the RSA PKCS v1.5 JWE encryption algorithm as it is 
deemed unsafe
+    due to the Marvin attack and is removed from libcjose as well
+  04/05/2024
+  - add debug printout for OIDCUnAuthAction expression evaluation
+  04/03/2024
+  - when an expression is configured for OIDCUnAuthAction (i.e. in the 2nd 
argument), also apply
+    it to OIDCUnAutzAction so that it can be used to enable step-up 
authentication for SPAs with
+    non-conformant browsers (some versions of Safari) and in (potentially 
insecure) iframes
+    see #1205; thanks @ryanwilliamnicholls
+  04/02/2024
+  - major rewrite of config primitive handling:
+    - split out over different files, use header files consistently
+    - encapsulate config record with getters/setters
+    - allow overriding defined global configuration primitives to their 
default value on the individual vhost level
+    - apply input/boundary checking on all configuration values, shared with 
provider metadata parsing
+    - various fixes to applying default config values and allowing primitives 
in vhost/directory scopes
+  - return HTTTP 502 when refreshing acces token or userinfo fails (default: 
"502_on_error")
+  - use a singleton token refresh mutex
+  - add support for OIDCOAuthIntrospectionEndpointKeyPassword
+  - bump to 2.4.16dev
+  04/01/2024
+  - release 2.4.15.7
+  03/29/2024
+- fix OIDCUserInfoRefreshInterval, interval seconds would be interpreted as 
microseconds
+
+-------------------------------------------------------------------

Old:
----
  mod_auth_openidc-2.4.15.6.tar.gz

New:
----
  mod_auth_openidc-2.4.16.3.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ apache2-mod_auth_openidc.spec ++++++
--- /var/tmp/diff_new_pack.vi7LsI/_old  2024-09-20 17:13:35.923697835 +0200
+++ /var/tmp/diff_new_pack.vi7LsI/_new  2024-09-20 17:13:35.923697835 +0200
@@ -17,7 +17,7 @@
 
 
 Name:           apache2-mod_auth_openidc
-Version:        2.4.15.6
+Version:        2.4.16.3
 Release:        0
 Summary:        Apache2.x module for an OpenID Connect enabled Identity 
Provider
 License:        Apache-2.0

++++++ mod_auth_openidc-2.4.15.6.tar.gz -> mod_auth_openidc-2.4.16.3.tar.gz 
++++++
++++ 32729 lines of diff (skipped)