commit apache2-mod_auth_openidc for openSUSE:Factory

Sat, 24 Aug 2019 09:45:30 -0700 

Hello community,

here is the log from the commit of package apache2-mod_auth_openidc for 
openSUSE:Factory checked in at 2019-08-24 18:45:07
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/apache2-mod_auth_openidc (Old)
 and      /work/SRC/openSUSE:Factory/.apache2-mod_auth_openidc.new.7948 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "apache2-mod_auth_openidc"

Sat Aug 24 18:45:07 2019 rev:6 rq:725544 version:2.4.0

Changes:
--------
--- 
/work/SRC/openSUSE:Factory/apache2-mod_auth_openidc/apache2-mod_auth_openidc.changes
        2019-03-20 13:19:57.609334102 +0100
+++ 
/work/SRC/openSUSE:Factory/.apache2-mod_auth_openidc.new.7948/apache2-mod_auth_openidc.changes
      2019-08-24 18:45:07.869764682 +0200
@@ -1,0 +2,56 @@
+Thu Aug 22 20:40:24 UTC 2019 - Michael Ströder <[email protected]>
+
+- Update to version 2.4.0
+
+Important
+  * version 2.4.0 carries quite a number of relatively small changes (see: 
+    Bugfixes and Features below) that are subtle but may impact runtime 
+    behavior nevertheless; you should verify an upgrade in a test environment 
+    before rolling out to production
+  * this release deprecates the OAuth 2.0 Resource Server functionality 
+    which is now implemented as a separate module mod_oauth2.
+
+Bugfixes
+  * URL-encode client_id/client_secret when using client_secret_basic 
according to:
+    https://tools.ietf.org/html/rfc6749#section-2.3.1
+  * fix parsing and caching of OIDCOAuthServerMetadataURL; thanks Lance Fannin
+  * fix oidc_proto_html_post auto-post-submit so it no longer results in
+    duplicate parentheses; closes #440; thanks @gobreak
+  * fix RSA JWK x5c parsing issue (e.g. when parsing n fails): explicitly set 
the kid into to JWK
+  * fix OIDCOAuthAcceptTokenAs post so POST data is propagated and not lost; 
see #443
+  * fix JWT decryption crashing on non-null terminated input
+  * fix not clearing claims in session when setting claims to null; closes 
#445; thanks @FilipVujicic
+
+Features
+  * support refresh and access tokens revocation from an RFC 7009 endpoint 
+    upon OIDC session logout
+  * make sure the content handler is called for every request to the 
+    configured Redirect URI so all Apache processing is executed (e.g. 
+    setting headers with mod_headers) before returning the response; thanks 
+    Don Sengpiehl (NB: this may affect browser behavior and backwards 
+    compatibility)
+  * add ability to view session info in HTML via the session info hook via 
<redirect_uri)?info=html
+  * enable per-provider signing and encryption keys in multi-provider setups 
(with limitations)
+  * no longer use the fixup handler for environment variable setting but do it 
as part of the authn handler
+  * add logout_on_error option to OIDCRefreshAccessTokenBeforeExpiry to 
+    kill the session when refreshing an access token fails; thanks 
@rickyepoderi
+  * be smart about picking the token endpoint authentication method when 
+    not configured explicitly: don't choose the first one published by the OP 
+    but prefer client_secret_basic if that is listed as well see: 
+    panva/node-oidc-provider#514; thanks @richard-drummond and @panva
+
+Other
+  * remove option OIDCScrubRequestHeaders that allows for skipping 
+    scrubbing request headers, thus avoiding potentially insecure setups
+  * log the original URL for expired state cookies, useful for debugging 
+    SPA/JS issues
+  * add debug logs in oidc_proto_generate_random_string to allow for 
+    spotting lack of entropy in the random number generator (on VM 
+    environments) more easily
+  * add USE_URANDOM compile time option to use /dev/urandom explicitly for 
+    non-blocking random number generation: configure with 
+    APXS2_OPTS="-DUSE_URANDOM"
+  * allow removing an access token from the cache ("remove_at_cache") when 
+    running in OAuth 2.0 RS mode only
+
+-------------------------------------------------------------------

Old:
----
  apache2-mod_auth_openidc-2.3.11.tar.gz

New:
----
  apache2-mod_auth_openidc-2.4.0.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ apache2-mod_auth_openidc.spec ++++++
--- /var/tmp/diff_new_pack.IEENFF/_old  2019-08-24 18:45:08.661764606 +0200
+++ /var/tmp/diff_new_pack.IEENFF/_new  2019-08-24 18:45:08.661764606 +0200
@@ -19,7 +19,7 @@
 %define apxs %{_sbindir}/apxs2
 %define apache_libexecdir %(%{apxs} -q LIBEXECDIR)
 Name:           apache2-mod_auth_openidc
-Version:        2.3.11
+Version:        2.4.0
 Release:        0
 Summary:        Apache2.x module for an OpenID Connect enabled Identity 
Provider
 License:        Apache-2.0

++++++ apache2-mod_auth_openidc-2.3.11.tar.gz -> 
apache2-mod_auth_openidc-2.4.0.tar.gz ++++++
++++ 3219 lines of diff (skipped)

Reply via email to