Hello community,
here is the log from the commit of package apache2-mod_auth_openidc for
openSUSE:Factory checked in at 2019-02-20 14:15:12
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/apache2-mod_auth_openidc (Old)
and /work/SRC/openSUSE:Factory/.apache2-mod_auth_openidc.new.28833 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apache2-mod_auth_openidc"
Wed Feb 20 14:15:12 2019 rev:4 rq:677627 version:2.3.10.2
Changes:
--------
---
/work/SRC/openSUSE:Factory/apache2-mod_auth_openidc/apache2-mod_auth_openidc.changes
2019-02-01 11:48:30.260364010 +0100
+++
/work/SRC/openSUSE:Factory/.apache2-mod_auth_openidc.new.28833/apache2-mod_auth_openidc.changes
2019-02-20 14:15:16.686860154 +0100
@@ -0,0 +1,39 @@
+------------------------------------------------------------------
+Wed Feb 20 08:16:59 UTC 2019 - Martin Hauke <[email protected]>
+
+- Update to version 2.3.10.2
+ * fix XSS vulnerability CSNC-2019-001 wrt. poll parameter in
+ OIDC Session Management RP iframe
+ * fix bug in current URL detection where query parameters would
+ be duplicated
+ * fix warning printout in oidc_delete_oldest_state_cookies
+ * fix encryption buffer tag length mismatch
+ * retain the unparsed URL path in current/original URL determination,
+ and thereby preserve and support URL-encoded characters in paths
+ when redirecting back to the original URL
+ * add state to code exchange token requests only in multi-provider
+ setups
+ * optionally delete the oldest state cookie(s)
+ * add support for refreshing an access token associated with an
+ OIDC session using OIDCRefreshAccessTokenBeforeExpiry
+ * fix parsing of cookie name in OIDCOAuthAcceptTokenAs when the cookie
+ option is not listed last
+ * fix OAuth 2.0 RS config check when OIDCOAuthServerMetadataURL is set
+ * add support for draft https://www.ietf.org/id/draft-ietf-oauth-mtls-12.txt
+ OAuth 2.0 Mutual TLS Client Certificate Bound Access Tokens when
+ running as an OAuth 2.0 RS, validating cnf["x5t#S256"] claims.
+ * ignore/trim spaces in X-Forwarded-* headers
+ * deal with forwarding proxy setups
+ * improve OIDC backchannel logout based on config/Discover
+ * add OIDCProviderBackChannelLogoutSupported config primitive
+ * parse/interpret `backchannel_logout_supported` in Discovery document
+ * add `id_token_token_binding_cnf`: `tbh` to dynamic client registration
+ metadata
+ * support backchannel logout according to:
+ https://openid.net/specs/openid-connect-backchannel-1_0.html
+ * add test-cmd command to generate hashes base64urlencoded inputs
+ (cnf/tbh claims)
+ * support Token Binding for Access Tokens according to:
+ https://tools.ietf.org/html/draft-ietf-oauth-token-binding
+ * support nested arrays in Require claim authorization evaluation
+
Old:
----
v2.3.8.tar.gz
New:
----
apache2-mod_auth_openidc-2.3.10.2.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ apache2-mod_auth_openidc.spec ++++++
--- /var/tmp/diff_new_pack.0haJ3C/_old 2019-02-20 14:15:18.654859492 +0100
+++ /var/tmp/diff_new_pack.0haJ3C/_new 2019-02-20 14:15:18.654859492 +0100
@@ -12,20 +12,20 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define apxs %{_sbindir}/apxs2
%define apache_libexecdir %(%{apxs} -q LIBEXECDIR)
Name: apache2-mod_auth_openidc
-Version: 2.3.8
+Version: 2.3.10.2
Release: 0
Summary: Apache2.x module for an OpenID Connect enabled Identity
Provider
License: Apache-2.0
Group: Productivity/Networking/Web/Servers
URL: https://github.com/zmartzone/mod_auth_openidc/
-Source:
https://github.com/zmartzone/mod_auth_openidc/archive/v%{version}.tar.gz
+Source:
https://github.com/zmartzone/mod_auth_openidc/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
BuildRequires: apache-rpm-macros
BuildRequires: apache2-devel
BuildRequires: autoconf
