apache2-mod_auth_openidc-2.3.8-150100.3.25.1<>,5Hd,Dp9|@;/"E@szpjTrvcw۪;4Nſk8?qd鰽w+{[S,v.o]*$ó9@΅$b\Ơ,|cWLVO:iλ&T,<>RZI+8RKvڲ1s|b n&6S}q((scӂKNH<&|UF2d8cQ%Z[+ .LzY7wڇ(0T>>?d! / p>I _     $.8pxG(m8t 9 : FGHIXY\]^b$cd`eefhljuvw8x@yHzhx|Capache2-mod_auth_openidc2.3.8150100.3.25.1Apache2.x module for an OpenID Connect enabled Identity ProviderThis module enables an Apache 2.x web server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.d,DsangiovesehSUSE Linux Enterprise 15SUSE LLC Apache-2.0https://www.suse.com/Productivity/Networking/Web/Servershttps://github.com/zmartzone/mod_auth_openidc/linuxppc64lehAd,Dd,Df8f787271f09593700876472ee6e764bc092b18127cefa734fa3b4ccaaecee94rootrootrootrootapache2-mod_auth_openidc-2.3.8-150100.3.25.1.src.rpmapache2-mod_auth_openidcapache2-mod_auth_openidc(ppc-64)@@@@@@@@    apache_mmn_20120211libc.so.6()(64bit)libc.so.6(GLIBC_2.17)(64bit)libcjose.so.0()(64bit)libcrypto.so.1.1()(64bit)libcrypto.so.1.1(OPENSSL_1_1_0)(64bit)libcurl.so.4()(64bit)libjansson.so.4()(64bit)libpcre.so.1()(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)suse_maintenance_mmn_03.0.4-14.6.0-14.0-15.2-14.14.1d,@c@bV@aF`@`e^_@]{@[v[GZZ1@danilo.spinella@suse.comdanilo.spinella@suse.comdanilo.spinella@suse.comdanilo.spinella@suse.comdanilo.spinella@suse.compgajdos@suse.comkstreitova@suse.comkstreitova@suse.comkstreitova@suse.comkstreitova@suse.comvcizek@suse.comchristof.hanke@mpcdf.mpg.de- Fix CVE-2023-28625, NULL pointer dereference when OIDCStripCookies is set and a crafted Cookie header is supplied, bsc#1210073 * fix-CVE-2023-28625.patch- Fix CVE-2022-23527, Open Redirect in oidc_validate_redirect_url() using tab character (CVE-2022-23527, bsc#1206441) * fix-CVE-2022-23527-0.patch * fix-CVE-2022-23527-1.patch * fix-CVE-2022-23527-3.patch * fix-CVE-2022-23527-2.patch - Harden oidc_handle_refresh_token_request function * harden-refresh-token-request.patch - Fixes bsc#1199868, mod_auth_openidc not loading- Fix CVE-2021-39191 open redirect issue in target_link_uri parameter (CVE-2021-39191, bsc#1190223) * fix-CVE-2021-39191.patch- Fix CVE-2021-32791 Hardcoded static IV and AAD with a reused key in AES GCM encryption (CVE-2021-32791, bsc#1188849) * fix-CVE-2021-32791.patch - Fix CVE-2021-32792 XSS when using OIDCPreservePost On (CVE-2021-32792, bsc#1188848) * fix-CVE-2021-32792-1.patch * fix-CVE-2021-32792-2.patch- Fix CVE-2021-32785 format string bug via hiredis (CVE-2021-32785, bsc#1188638) * fix-CVE-2021-32785.patch - Fix CVE-2021-32786 open redirect in logout functionality (CVE-2021-32786, bsc#1188639) * fix-CVE-2021-32786.patch - Refresh apache2-mod_auth_openidc-2.3.8-CVE-2019-20479.patch- require hiredis only for newer distros than SLE-15 [jsc#SLE-11726]- add apache2-mod_auth_openidc-2.3.8-CVE-2019-20479.patch to fix open redirect issue that exists in URLs with a slash and backslash at the beginning [bsc#1164459], [CVE-2019-20479]- add apache2-mod_auth_openidc-2.3.8-CVE-2019-14857.patch to fix open redirect issue that exists in URLs with trailing slashes [bsc#1153666], [CVE-2019-14857]- submission to SLE15SP1 because of fate#324447 - build with hiredis only for openSUSE where hiredis is available - add a version for jansson BuildRequires- update to 2.3.8 - changes in 2.3.8 * fix return result FALSE when JWT payload parsing fails * add LGTM code quality badges * fix 3 LGTM alerts * improve auto-detection of XMLHttpRequests via Accept header * initialize test_proto_authorization_request properly * add sanity check on provider->auth_request_method * allow usage with LibreSSL * don't return content with 503 since it will turn the HTTP status code into a 200 * add option to set an upper limit to the number of concurrent state cookies via OIDCStateMaxNumberOfCookies * make the default maximum number of parallel state cookies 7 instead of unlimited * fix using access token as endpoint auth method in introspection calls * fix reading access_token form POST parameters when combined with `AuthType auth-openidc` - changes in 2.3.7 * abort when string length for remote user name substitution is larger than 255 characters * fix Redis concurrency issue when used with multiple vhosts * add support for authorization server metadata with OIDCOAuthServerMetadataURL as in RFC 8414 * refactor session object creation * clear session cookie and contents if cache corruption is detected * use apr_pstrdup when setting r->user * reserve 255 characters in remote username substition instead of 50 - changes in 2.3.6 * add check to detect session cache corruption for server-based caches and cached static metadata * avoid using pipelining for Redis * send Basic header in OAuth www-authenticate response if that's the only accepted method; thanks @puiterwijk * refactor Redis cache backend to solve issues on AUTH errors: a) memory leak and b) redisGetReply lagging behind * adjust copyright year/org * fix buffer overflow in shm cache key set strcpy * turn missing session_state from warning into a debug statement * fix missing "return" on error return from the OP * explicitly set encryption kid so we're compatible with cjose >= 0.6.0 - changes in 2.3.5 * fix encoding of preserved POST data * avoid buffer overflow in shm cache key construction * compile with with Libressl- update to 2.3.4 - requested in fate#323817- initial packagingsangiovese 16806227482.3.8-150100.3.25.12.3.8-150100.3.25.1apache2mod_auth_openidc.so/usr/lib64//usr/lib64/apache2/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:28532/SUSE_SLE-15-SP1_Update/ab378ebf491528eba437f00e83b27b67-apache2-mod_auth_openidc.SUSE_SLE-15-SP1_Updatedrpmxz5ppc64le-suse-linuxdirectoryELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, BuildID[sha1]=b8b3f0f480dde77afd603e013088c10e99e432f6, strippedRRRRRRRR201kpM_utf-84e9ae935340e9b5562cb1bfdd10ee6d3b89271d57592c82c1da7b1306b957b77? 7zXZ !t/* &]"k%$6"5okw@_/.PS8;otyR i9*8īǕy!|wِVBRy6@hϳ-DnC;>{pOc0oLmKG{z[/"зO7Bˌn)P:2&Rn6tOjbm1I(H >8^P>-A Lv$S^O^i=e'{qL9Kj+/ &)g`x\zBZfnZ/7OAA{ F(aoIը!Cq*&i{gG@XVC0 arPG7sܫvǝv_ dU vY].姄o3Yե0h9 d2e=|%|˫{z,YXb:{:e w$4THNxXϻKEWY,pctAVkĹb~$lɜO 3vU骼[5\A[6l5;RШqu!q{EϷ%ΣtELJ"{٥'z-G\'CvQH/H[ -s>,H(L œAj-OtI^Z0S9vPU1g 7 Noj/#v `*ZL'y;nNt\IއIe1 5|Et'sבVKA )@Qem*m|{qr峦#|ΠLZuY1li-)(fK4 čcy8|vɏY{L(Wl,.W\*nKpC^EP|6cS+x>#ۓ`;㘎W/Vfq?+*+~:Ш KaCAN*@ TZJkR/OU㧾>!p3c 퍳9&>^OiESE9HC̄^F[Cԋ\TK }W׽<i0gZ)g:+8,ѬaPup|QE4҅[R̎Ph:"CO\" :ʂ^!ی1E),c͂-9z]jO4]#rL_t׮X荚.Ϣ a G ;{dx9wJ3ttkKjxN0*5{+/hպbPc,M`Jnh%G7Jyi*# b56!4`R4!m* :n"ᜄ䘮A{ ߣvL{Hm ' * TN[{J6 c;e#%دTdWF0~YqLϡ = =;x\џvd%>⅔0H^QmAfUUC`TSma9d# 5ʸ.wp6o{fᠡtCkcyQhC˧ smABm]7BVJTR˲]߯rhHǃS !56ִǺwbMK96yWdߋvTT7yUߎΉCE%ZO \8khZ@n;m_' &V3\ .ޢ`"4  5W쇑_` l8(ڝ6Na^lLN1mH`/ yS@3VR?MvW6}5{iDq$!ә{=9-B: i_7H1^&sw]r;,Ln$_X&쨊ώt \CpTζ{R!ѲVWv1iTF-!uWW~rبҭB-xga7TG=7hAfC4<1ƈg!3as)MݥfR-Q*{"a!1Qk y|ؠ_2TOmPnf(O yN DBc^Y-$!(L IcGH8l%Sۤ EUt*>Ц11jj@ |WL3#:4oXZCe7" dHwX%hbԻ 1O$rXlq9/a`X|Jv":(| AshN-VZ <*f!^xA'1չs Sk>r•8!^^8>LoF[3 f_w:<,j7`1."]5$jC!t2gz( ѳnP}!\ㇾφla9v>e<3(\ʃ| f,B%p@O}}#*נ#oYb7T#[#µ6RmZ;f}K)}d(sҩw_(>C R;ck2|`GbwuWMcI!JB.qÀsjpȣ0h2bj!.U>#{3$^b ?B/XoghLh[zelFыV2Nᅜ)}B%`;r)vRd0#+.%*NuJpC{S#oN.:"WϸrqZW`k$L)V T=zD?^IL)BN#wLbkWwub9 ƿe96I˳"91`E$ǀJ~`7#Id!Uc}浃N>? @pZF+,)){*Y a#Foq܀vDŽU>!Y* )^ Ԅ~/0IKc\qן*[e'1C;x(QPw7@vE4s5&U]^=8z݇Sz߿r= +:OXXL"@ד|^LZk s8Bv7R.n"zT#S~#؎hp}ۿ8%RYlBf N)@ڜWTCO Nv|a8q#%7[1օ#| [AơަS9]3Kkߒ$uo(Gop1R3h v6kf/ ]{Qn ehTCO^&4w{g{D?pqu-eTw*7Xmғ$S1GI9#ly_ %K4),Z 3GqFjSvfմdbѲq^⵩dz\Fqzn_q,/H< d9YHbQL .\FYw~O5g%0HU_|a*;%yۇO^8X5D@5dp[YTq!+6Iᡞ>MX :oSnoy:HfӤ=O7BXFc P ̞iIiI89{W3:ߑgq͚nNwLUJQN em4{ƥؙ1]0e.e-I7^wsy4lt4:TsOG&n-o9Z'eP휘`]{ Ti~hi$ Gq $05(  s'a:w-c:#כ['N (ܲ{i?Rё-9Lt4Df]lPI)R:Ul~E/_ #WU:!ມ{`Av}\+݃xe}w,0xD ID@_$V8V>&vJהLbXEvV:L#k#*V.V˫2r.G)+oʪ({@Z2u٩_Zxq˹vˤx/i x(L;k ga<~As8z ,[o*& {"mw !ۿ iCϵz$}"V, kq1"`D_GƿX1cAp跠N섌.n#F9& 9ΟhčqH'D[~ϗJAa6UT hڲ;[yMXϠv> !rK6Ccsc4 F}l=PG0d!-OJ+_9/DT]kڭ%=X'3q]ΈY[ ,4-ź̮'9c{{O| XCqp.ZV.uzOc@F0T!8 YZ