Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package apache2-mod_auth_openidc for
openSUSE:Factory checked in at 2026-02-10 21:13:08
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/apache2-mod_auth_openidc (Old)
and /work/SRC/openSUSE:Factory/.apache2-mod_auth_openidc.new.1670 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apache2-mod_auth_openidc"
Tue Feb 10 21:13:08 2026 rev:41 rq:1332219 version:2.4.19.1
Changes:
--------
---
/work/SRC/openSUSE:Factory/apache2-mod_auth_openidc/apache2-mod_auth_openidc.changes
2025-09-09 20:31:17.043853419 +0200
+++
/work/SRC/openSUSE:Factory/.apache2-mod_auth_openidc.new.1670/apache2-mod_auth_openidc.changes
2026-02-10 21:13:52.875230423 +0100
@@ -1,0 +2,29 @@
+Tue Feb 10 11:37:18 UTC 2026 - Petr Gajdos <[email protected]>
+
+- version update to 2.4.19.1
+ * backwards incompatible session format so existing sessions (created by
versions
+ <=2.4.18.x) are invalid
+ * oauth: fix segfault when using OIDCOAuthVerifySharedKeys, regression since
2.4.16; closes #1373
+ * jwk: fix parsing RSA JWKs with only an x5c parameter (i.e. no n and e
parameters)
+- version update to 2.4.19
+ * cookie: support individual SameSite cookie settings on the session cookie,
state cookie
+ and Discovery CSRF cookie by adding 2 more arguments to OIDCCookieSameSite
+ * id_token: add off option to OIDCPassIDTokenAs so no claims from the ID
token will be passed on
+ * passphrase: generate a crypto key when OIDCCryptoPassphrase is not set
+ * note that the OIDCCryptoPassphrase does need to be configured statically
if you want sessions
+ to survive server restarts, or for a cluster that shares a session storage
backend
+ * metadata: avoid double-free when validation of provider metadata fails
+ * response: avoid proto state memory leaks upon errors in response processing
+ * util/key.c: check for unsupported symmetric key hashing algorithms and
avoid a memory
+ leak in such cases
+ * session: remove expired session from cache with oidc_session_kill instead
of just clearing it
+ * memory: rewrite pconf pool memory allocation handling to avoid increasing
memory (pool)
+ consumption over graceful restarts
+ * drop support for Apache 2.2
+ * redis: use SET..EX %d when storing cached data instead of the deprecated
SETEX
+ * session/cookie: save 20-40 bytes on the session and client-cookie size
+ * request: set the OIDC_ERROR variables when PAR is configured but not
enabled by the Provider
+ * code: avoid compiler warnings on curl_easy_setopt in http.c
+ * test: add more unit tests in test/test_*.c and migrate proto tests from
test.c
+
+-------------------------------------------------------------------
Old:
----
mod_auth_openidc-2.4.18.tar.gz
New:
----
mod_auth_openidc-2.4.19.1.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ apache2-mod_auth_openidc.spec ++++++
--- /var/tmp/diff_new_pack.LkL2MK/_old 2026-02-10 21:13:53.535258080 +0100
+++ /var/tmp/diff_new_pack.LkL2MK/_new 2026-02-10 21:13:53.535258080 +0100
@@ -1,6 +1,7 @@
#
# spec file for package apache2-mod_auth_openidc
#
+# Copyright (c) 2026 SUSE LLC
# Copyright (c) 2025 SUSE LLC and contributors
# Copyright (c) 2025 Andreas Stieger <[email protected]>
#
@@ -18,7 +19,7 @@
Name: apache2-mod_auth_openidc
-Version: 2.4.18
+Version: 2.4.19.1
Release: 0
Summary: Apache2.x module for an OpenID Connect enabled Identity
Provider
License: Apache-2.0
++++++ mod_auth_openidc-2.4.18.tar.gz -> mod_auth_openidc-2.4.19.1.tar.gz ++++++
++++ 22105 lines of diff (skipped)
