Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package apache2-mod_auth_openidc for
openSUSE:Factory checked in at 2021-08-24 10:54:54
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/apache2-mod_auth_openidc (Old)
and /work/SRC/openSUSE:Factory/.apache2-mod_auth_openidc.new.1899 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apache2-mod_auth_openidc"
Tue Aug 24 10:54:54 2021 rev:21 rq:913945 version:2.4.9.2
Changes:
--------
---
/work/SRC/openSUSE:Factory/apache2-mod_auth_openidc/apache2-mod_auth_openidc.changes
2021-08-18 08:56:36.138926198 +0200
+++
/work/SRC/openSUSE:Factory/.apache2-mod_auth_openidc.new.1899/apache2-mod_auth_openidc.changes
2021-08-24 10:55:51.144243104 +0200
@@ -1,0 +2,16 @@
+Tue Aug 24 07:26:05 UTC 2021 - [email protected]
+
+- use declared tarball
+
+-------------------------------------------------------------------
+Mon Aug 23 19:39:44 UTC 2021 - Michael Str??der <[email protected]>
+
+- update to 2.4.9.2
+ * Bugfixes
+ - fix graceful restart (regression); see #458
+ * Features
+ - preserve session cookie in the event of a cache backend failure
+ - update the id_token in the session cache if one is provided while
+ refreshing the access token
+
+-------------------------------------------------------------------
Old:
----
mod_auth_openidc-2.4.9.1.tar.gz
New:
----
mod_auth_openidc-2.4.9.2.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ apache2-mod_auth_openidc.spec ++++++
--- /var/tmp/diff_new_pack.uH5QoG/_old 2021-08-24 10:55:51.600242500 +0200
+++ /var/tmp/diff_new_pack.uH5QoG/_new 2021-08-24 10:55:51.608242489 +0200
@@ -17,7 +17,7 @@
Name: apache2-mod_auth_openidc
-Version: 2.4.9.1
+Version: 2.4.9.2
Release: 0
Summary: Apache2.x module for an OpenID Connect enabled Identity
Provider
License: Apache-2.0
++++++ mod_auth_openidc-2.4.9.1.tar.gz -> mod_auth_openidc-2.4.9.2.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/mod_auth_openidc-2.4.9.1/AUTHORS
new/mod_auth_openidc-2.4.9.2/AUTHORS
--- old/mod_auth_openidc-2.4.9.1/AUTHORS 2021-07-22 19:00:19.000000000
+0200
+++ new/mod_auth_openidc-2.4.9.2/AUTHORS 2021-08-20 19:28:48.000000000
+0200
@@ -72,5 +72,6 @@
Adam Stadler <https://github.com/tzfx>
Steffen Greber <https://github.com/codemaker219>
Iain Heggie <https://github.com/iainh>
+ Dirk Kok <https://github.com/Foxite>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/mod_auth_openidc-2.4.9.1/ChangeLog
new/mod_auth_openidc-2.4.9.2/ChangeLog
--- old/mod_auth_openidc-2.4.9.1/ChangeLog 2021-08-13 10:42:48.000000000
+0200
+++ new/mod_auth_openidc-2.4.9.2/ChangeLog 2021-08-20 19:25:39.000000000
+0200
@@ -1,3 +1,11 @@
+08/20/2021
+- fix graceful restart (regression); see #458; thanks @Foxite
+- bump to 2.4.9.2
+
+08/18/2021
+- preserve session cookie in the event of a cache backend failure
+- update the id_token in the session cache if one is provided while refreshing
the access token
+
08/13/2021
- fix retried Redis commands after a reconnect; thanks @iainh
- release 2.4.9.1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/mod_auth_openidc-2.4.9.1/auth_openidc.conf
new/mod_auth_openidc-2.4.9.2/auth_openidc.conf
--- old/mod_auth_openidc-2.4.9.1/auth_openidc.conf 2021-08-09
17:20:32.000000000 +0200
+++ new/mod_auth_openidc-2.4.9.2/auth_openidc.conf 2021-08-19
20:04:51.000000000 +0200
@@ -744,6 +744,8 @@
# "claims" : the claims in the id_token are passed in individual
headers/environment variables
# "payload" : the payload of the id_token is passed as a JSON object in the
"OIDC_id_token_payload" header/environment variable
# "serialized" : the complete id_token is passed in compact serialized format
in the "OIDC_id_token" header/environment variable
+# Note that when OIDCSessionType client-cookie is set, the id_token itself is
not stored in the session/cookie and as such
+# the headers for the "payload" and "serialized" option will not be created.
# When not defined the default "claims" is used.
#OIDCPassIDTokenAs [claims|payload|serialized]+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/mod_auth_openidc-2.4.9.1/configure
new/mod_auth_openidc-2.4.9.2/configure
--- old/mod_auth_openidc-2.4.9.1/configure 2021-08-13 10:44:07.000000000
+0200
+++ new/mod_auth_openidc-2.4.9.2/configure 2021-08-23 15:33:22.000000000
+0200
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.71 for mod_auth_openidc 2.4.9.1.
+# Generated by GNU Autoconf 2.71 for mod_auth_openidc 2.4.9.2.
#
# Report bugs to <[email protected]>.
#
@@ -610,8 +610,8 @@
# Identity of this package.
PACKAGE_NAME='mod_auth_openidc'
PACKAGE_TARNAME='mod_auth_openidc'
-PACKAGE_VERSION='2.4.9.1'
-PACKAGE_STRING='mod_auth_openidc 2.4.9.1'
+PACKAGE_VERSION='2.4.9.2'
+PACKAGE_STRING='mod_auth_openidc 2.4.9.2'
PACKAGE_BUGREPORT='[email protected]'
PACKAGE_URL=''
@@ -1301,7 +1301,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures mod_auth_openidc 2.4.9.1 to adapt to many kinds of
systems.
+\`configure' configures mod_auth_openidc 2.4.9.2 to adapt to many kinds of
systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1364,7 +1364,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of mod_auth_openidc 2.4.9.1:";;
+ short | recursive ) echo "Configuration of mod_auth_openidc 2.4.9.2:";;
esac
cat <<\_ACEOF
@@ -1478,7 +1478,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-mod_auth_openidc configure 2.4.9.1
+mod_auth_openidc configure 2.4.9.2
generated by GNU Autoconf 2.71
Copyright (C) 2021 Free Software Foundation, Inc.
@@ -1634,7 +1634,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by mod_auth_openidc $as_me 2.4.9.1, which was
+It was created by mod_auth_openidc $as_me 2.4.9.2, which was
generated by GNU Autoconf 2.71. Invocation command line was
$ $0$ac_configure_args_raw
@@ -2292,7 +2292,7 @@
-NAMEVER=mod_auth_openidc-2.4.9.1
+NAMEVER=mod_auth_openidc-2.4.9.2
# This section defines the --with-apxs2 option.
@@ -4952,7 +4952,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by mod_auth_openidc $as_me 2.4.9.1, which was
+This file was extended by mod_auth_openidc $as_me 2.4.9.2, which was
generated by GNU Autoconf 2.71. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -5007,7 +5007,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config='$ac_cs_config_escaped'
ac_cs_version="\\
-mod_auth_openidc config.status 2.4.9.1
+mod_auth_openidc config.status 2.4.9.2
configured by $0, generated by GNU Autoconf 2.71,
with options \\"\$ac_cs_config\\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/mod_auth_openidc-2.4.9.1/configure.ac
new/mod_auth_openidc-2.4.9.2/configure.ac
--- old/mod_auth_openidc-2.4.9.1/configure.ac 2021-08-13 10:43:03.000000000
+0200
+++ new/mod_auth_openidc-2.4.9.2/configure.ac 2021-08-20 19:25:46.000000000
+0200
@@ -1,4 +1,4 @@
-AC_INIT([mod_auth_openidc],[2.4.9.1],[[email protected]])
+AC_INIT([mod_auth_openidc],[2.4.9.2],[[email protected]])
AC_SUBST(NAMEVER, AC_PACKAGE_TARNAME()-AC_PACKAGE_VERSION())
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/mod_auth_openidc-2.4.9.1/src/cache/common.c
new/mod_auth_openidc-2.4.9.2/src/cache/common.c
--- old/mod_auth_openidc-2.4.9.1/src/cache/common.c 2021-07-22
19:00:19.000000000 +0200
+++ new/mod_auth_openidc-2.4.9.2/src/cache/common.c 2021-08-20
19:24:21.000000000 +0200
@@ -220,7 +220,7 @@
// oidc_sdebug(s, "processing: %d (m=%pp,s=%pp, p=%d)", (m &&
m->sema) ? *m->sema : -1, m->mutex ? m->mutex : 0, s, m->is_parent);
- if ((m->shm != NULL) && (*m->sema == 0)) {
+ if ((m->shm != NULL) && (*m->sema == 0) && (m->is_parent ==
TRUE)) {
rv = apr_shm_destroy(m->shm);
oidc_sdebug(s, "apr_shm_destroy for semaphore returned:
%d", rv);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/mod_auth_openidc-2.4.9.1/src/mod_auth_openidc.c
new/mod_auth_openidc-2.4.9.2/src/mod_auth_openidc.c
--- old/mod_auth_openidc-2.4.9.1/src/mod_auth_openidc.c 2021-07-23
18:59:33.000000000 +0200
+++ new/mod_auth_openidc-2.4.9.2/src/mod_auth_openidc.c 2021-08-19
19:58:34.000000000 +0200
@@ -1093,6 +1093,33 @@
if (s_refresh_token != NULL)
oidc_session_set_refresh_token(r, session, s_refresh_token);
+ /* if we have a new id_token, store it in the session and update the
session max lifetime if required */
+ if (s_id_token != NULL) {
+ /* only store the serialized representation when client cookie
based session tracking is not in use */
+ if (c->session_type != OIDC_SESSION_TYPE_CLIENT_COOKIE)
+ oidc_session_set_idtoken(r, session, s_id_token);
+
+ oidc_jwt_t *id_token_jwt = NULL;
+ oidc_jose_error_t err;
+ if (oidc_jwt_parse(r->pool, s_id_token, &id_token_jwt, NULL,
&err) == TRUE) {
+
+ /* store the claims payload in the id_token for later
reference */
+ oidc_session_set_idtoken_claims(r, session,
+ id_token_jwt->payload.value.str);
+
+ if (provider->session_max_duration == 0) {
+ /* update the session expiry to match the
expiry of the id_token */
+ apr_time_t session_expires =
apr_time_from_sec(id_token_jwt->payload.exp);
+ oidc_session_set_session_expires(r, session,
session_expires);
+
+ /* log message about the updated max session
duration */
+ oidc_log_session_expires(r, "session max
lifetime", session_expires);
+ }
+ } else {
+ oidc_warn(r, "parsing of id_token failed");
+ }
+ }
+
return TRUE;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/mod_auth_openidc-2.4.9.1/src/session.c
new/mod_auth_openidc-2.4.9.2/src/session.c
--- old/mod_auth_openidc-2.4.9.1/src/session.c 2021-07-23 18:59:24.000000000
+0200
+++ new/mod_auth_openidc-2.4.9.2/src/session.c 2021-08-18 22:21:05.000000000
+0200
@@ -169,7 +169,14 @@
rc = oidc_session_load_cache_by_uuid(r, c, uuid, z);
- if (rc == FALSE || z->state == NULL) {
+ /* cache backend experienced an error while attempting lookup */
+ if (rc == FALSE) {
+ oidc_error(r, "cache backend failure for key %s", uuid);
+ return FALSE;
+ }
+
+ /* cache backend does not contain an entry for the given key */
+ if (z->state == NULL) {
/* delete the session cookie */
oidc_util_set_cookie(r, oidc_cfg_dir_cookie(r), "", 0,
OIDC_COOKIE_EXT_SAME_SITE_NONE(r));
