commit apache2-mod_auth_openidc for openSUSE:Factory

Tue, 20 Feb 2024 12:13:23 -0800 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package apache2-mod_auth_openidc for 
openSUSE:Factory checked in at 2024-02-20 21:13:07
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/apache2-mod_auth_openidc (Old)
 and      /work/SRC/openSUSE:Factory/.apache2-mod_auth_openidc.new.1706 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "apache2-mod_auth_openidc"

Tue Feb 20 21:13:07 2024 rev:30 rq:1147523 version:2.4.15.3

Changes:
--------
--- 
/work/SRC/openSUSE:Factory/apache2-mod_auth_openidc/apache2-mod_auth_openidc.changes
        2023-11-30 22:05:58.931542028 +0100
+++ 
/work/SRC/openSUSE:Factory/.apache2-mod_auth_openidc.new.1706/apache2-mod_auth_openidc.changes
      2024-02-20 21:13:07.539174609 +0100
@@ -1,0 +2,8 @@
+Fri Feb 16 16:57:57 UTC 2024 - Danilo Spinella <[email protected]>
+
+- Update to 2.4.15.3:
+  * for the complete list of changes, please have a look at ChangeLog
+- Fix CVE-2024-24814, DoS when `OIDCSessionType client-cookie` is set
+  and a crafted Cookie header is supplied, bsc#1219911 
+
+-------------------------------------------------------------------

Old:
----
  mod_auth_openidc-2.4.14.4.tar.gz

New:
----
  mod_auth_openidc-2.4.15.3.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ apache2-mod_auth_openidc.spec ++++++
--- /var/tmp/diff_new_pack.pZFK95/_old  2024-02-20 21:13:08.087194496 +0100
+++ /var/tmp/diff_new_pack.pZFK95/_new  2024-02-20 21:13:08.091194641 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package apache2-mod_auth_openidc
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
 
 
 Name:           apache2-mod_auth_openidc
-Version:        2.4.14.4
+Version:        2.4.15.3
 Release:        0
 Summary:        Apache2.x module for an OpenID Connect enabled Identity 
Provider
 License:        Apache-2.0

++++++ mod_auth_openidc-2.4.14.4.tar.gz -> mod_auth_openidc-2.4.15.3.tar.gz 
++++++
++++ 31307 lines of diff (skipped)

Reply via email to