commit apache2-mod_auth_openidc for openSUSE:Factory

Thu, 19 Dec 2024 12:42:34 -0800 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package apache2-mod_auth_openidc for 
openSUSE:Factory checked in at 2024-12-19 21:41:52
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/apache2-mod_auth_openidc (Old)
 and      /work/SRC/openSUSE:Factory/.apache2-mod_auth_openidc.new.29675 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "apache2-mod_auth_openidc"

Thu Dec 19 21:41:52 2024 rev:33 rq:1232177 version:2.4.16.6

Changes:
--------
--- 
/work/SRC/openSUSE:Factory/apache2-mod_auth_openidc/apache2-mod_auth_openidc.changes
        2024-09-20 17:13:35.367674676 +0200
+++ 
/work/SRC/openSUSE:Factory/.apache2-mod_auth_openidc.new.29675/apache2-mod_auth_openidc.changes
     2024-12-19 21:42:03.716241084 +0100
@@ -1,0 +2,57 @@
+Wed Dec 11 13:55:46 UTC 2024 - [email protected]
+
+- version update to 2.4.16.6
+  12/05/2024
+  - metadata: fix caching of JWKs from jwks_uri when using the default expiry 
setting (i.e. not using OIDCJWKSRefreshInterval)
+    and avoid fetching JWKs from the jwks_uri for each user login; also 
addresses Redis cache
+    error entries the log [ERR invalid expire time in 'setex' command]
+  - avoid segfault and improve error reporting in case apr_temp_dir_get fails 
when a temp directory cannot be found
+    on the system upon initalizing cache mutexes and file cache; see #1288; 
thanks @ErmakovDmitriy
+  11/21/2024
+  - add option to set local address for outgoing HTTP requests; see #1283; 
thanks @studersi
+    using e.g. SetEnvIfExpr true OIDC_CURL_INTERFACE=192.168.10.2
+  - try and address metris cleanup segmentation fault on shutdown; see #1207
+    by not flushing metrics to the shared memory segment upon exit
+  11/14/2024
+  - allow specific settings Strict|Lax|None|Disabled for OIDCCookieSameSite in 
addition to On(=Lax)|Off(=None)
+  - fix: default behaviour Lax
+  - fix: apply OIDCCookieSameSite Off/None properly to state cookies instead 
of always setting Lax
+  - re-introduces the option to configure a Strict SameSite session cookie 
policy, which will turn the initial
+    Lax session cookie - set upon receving the response to the Redirect URI - 
into a Strict session cookie
+    immediately after the first application request
+  - allows for a "Disabled" value that does not set any SameSite flag on the 
cookies, in which case a browser
+    falls back to its default browser behaviour (which should be Lax by spec)
+  11/07/2024
+  - info: fix requests to the info hook with extend_session=false; see #1279; 
thanks @fnieri-cdp
+  - properly reflect the (unmodified) inactivity timeout in the response 
("timeout")
+  - avoid refreshing an access token (since the session is not saved)
+  - avoid refreshing claims from the user info endpoint, and possibly 
refreshing the access token
+  10/23/2024
+  - metadata: allow plain HTTP URLs in metadata elements `jwks_uri` and 
`signed_jwks_uri`
+    to ensure backwards compatibility with <=2.4.15.7 and to support 
private/test deployments
+  10/22/2024
+  - address warnings from static code analysis tool CodeChecker
+  10/04/2024
+  - ensure backwards compatibility with versions <2.4.16.x when a JSON array 
of string values
+    is provided in the "aud" claim of the ID token; required by (at least) 
Oracle IDCS
+    see #1272 and #1273; thanks @lufik and @tydalforce
+  - add OIDCIDTokenAudValues configuration primitive that allows for explicit 
(and exhaustive)
+    configuration of the list of accepted values in the "aud" claim of the ID 
token
+    e.g. as required for passing FAPI 2 conformance testing
+  09/27/2024
+  - correct usage of free() for json_dumps return values instead of 
cjose_get_dealloc()()
+  - use compact encoding and preserve order where appropriate for most calls 
to json_dumps
+  - replace json_dumps/free combos with oidc_util_encode_json
+  - refactor oidc_jwk_to_json
+  09/26/2024
+  - fix oidc_jwk_copy wrt. "x5t", which broke private_key_jwt authentication 
to Azure AD since 2.4.13
+    see #1269; thanks @uoe-pjackson
+  09/21/2024
+  - refactor state and userinfo
+  09/11/2024
+  - change warnings about not passing unknown claim types into debug messages; 
see #1263; thanks @nclarkau
+  09/09/2024
+  - fix accepting custom cookie names in OIDCOAuthAcceptTokenAs cookie:<name>; 
see #1261; thanks @bbartke
+  - improve basic authentication parsing when using OIDCOAuthAcceptTokenAs 
basic
+
+-------------------------------------------------------------------

Old:
----
  mod_auth_openidc-2.4.16.3.tar.gz

New:
----
  mod_auth_openidc-2.4.16.6.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ apache2-mod_auth_openidc.spec ++++++
--- /var/tmp/diff_new_pack.YFg5GT/_old  2024-12-19 21:42:04.492273249 +0100
+++ /var/tmp/diff_new_pack.YFg5GT/_new  2024-12-19 21:42:04.492273249 +0100
@@ -17,7 +17,7 @@
 
 
 Name:           apache2-mod_auth_openidc
-Version:        2.4.16.3
+Version:        2.4.16.6
 Release:        0
 Summary:        Apache2.x module for an OpenID Connect enabled Identity 
Provider
 License:        Apache-2.0

++++++ mod_auth_openidc-2.4.16.3.tar.gz -> mod_auth_openidc-2.4.16.6.tar.gz 
++++++
++++ 7417 lines of diff (skipped)

Reply via email to