apache2-mod_auth_openidc-2.3.8-3.15.1<>,z܉aOp9|TN'g{6SohȲ+A<QB?4^)Ȗ.weƑ2`ڥ5Db+``b.{74`I-WS=_NJ!$ks꽘Eg@ ZTz-/ʎ[Rv(e^AC2U7m9]ۈB8v tVs8앗=*Ce!T+Lְ\ܵ$whk45c2KTMt/-\i6vG@F %|X>>?d! ( i6A W{     &0`h(8 9 : FGHIXY\]$^@b`c defluvw`xhyp zCapache2-mod_auth_openidc2.3.83.15.1Apache2.x module for an OpenID Connect enabled Identity ProviderThis module enables an Apache 2.x web server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.aOibs-arm-4 SUSE Linux Enterprise 15SUSE LLC Apache-2.0https://www.suse.com/Productivity/Networking/Web/Servershttps://github.com/zmartzone/mod_auth_openidc/linuxaarch64 AaNaNf8a5d638ae59d2eb7ad2b2437ee9be23f294885748a2fcbc162fb134b9968966rootrootrootrootapache2-mod_auth_openidc-2.3.8-3.15.1.src.rpmapache2-mod_auth_openidcapache2-mod_auth_openidc(aarch-64)@@@@@@@@@@    apache_mmn_20120211ld-linux-aarch64.so.1()(64bit)ld-linux-aarch64.so.1(GLIBC_2.17)(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.17)(64bit)libcjose.so.0()(64bit)libcrypto.so.1.1()(64bit)libcrypto.so.1.1(OPENSSL_1_1_0)(64bit)libcurl.so.4()(64bit)libjansson.so.4()(64bit)libpcre.so.1()(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)suse_maintenance_mmn_03.0.4-14.6.0-14.0-15.2-14.14.1aF`@`e^_@]{@[v[GZZ1@danilo.spinella@suse.comdanilo.spinella@suse.compgajdos@suse.comkstreitova@suse.comkstreitova@suse.comkstreitova@suse.comkstreitova@suse.comvcizek@suse.comchristof.hanke@mpcdf.mpg.de- Fix CVE-2021-32791 Hardcoded static IV and AAD with a reused key in AES GCM encryption (CVE-2021-32791, bsc#1188849) * fix-CVE-2021-32791.patch - Fix CVE-2021-32792 XSS when using OIDCPreservePost On (CVE-2021-32792, bsc#1188848) * fix-CVE-2021-32792-1.patch * fix-CVE-2021-32792-2.patch- Fix CVE-2021-32785 format string bug via hiredis (CVE-2021-32785, bsc#1188638) * fix-CVE-2021-32785.patch - Fix CVE-2021-32786 open redirect in logout functionality (CVE-2021-32786, bsc#1188639) * fix-CVE-2021-32786.patch - Refresh apache2-mod_auth_openidc-2.3.8-CVE-2019-20479.patch- require hiredis only for newer distros than SLE-15 [jsc#SLE-11726]- add apache2-mod_auth_openidc-2.3.8-CVE-2019-20479.patch to fix open redirect issue that exists in URLs with a slash and backslash at the beginning [bsc#1164459], [CVE-2019-20479]- add apache2-mod_auth_openidc-2.3.8-CVE-2019-14857.patch to fix open redirect issue that exists in URLs with trailing slashes [bsc#1153666], [CVE-2019-14857]- submission to SLE15SP1 because of fate#324447 - build with hiredis only for openSUSE where hiredis is available - add a version for jansson BuildRequires- update to 2.3.8 - changes in 2.3.8 * fix return result FALSE when JWT payload parsing fails * add LGTM code quality badges * fix 3 LGTM alerts * improve auto-detection of XMLHttpRequests via Accept header * initialize test_proto_authorization_request properly * add sanity check on provider->auth_request_method * allow usage with LibreSSL * don't return content with 503 since it will turn the HTTP status code into a 200 * add option to set an upper limit to the number of concurrent state cookies via OIDCStateMaxNumberOfCookies * make the default maximum number of parallel state cookies 7 instead of unlimited * fix using access token as endpoint auth method in introspection calls * fix reading access_token form POST parameters when combined with `AuthType auth-openidc` - changes in 2.3.7 * abort when string length for remote user name substitution is larger than 255 characters * fix Redis concurrency issue when used with multiple vhosts * add support for authorization server metadata with OIDCOAuthServerMetadataURL as in RFC 8414 * refactor session object creation * clear session cookie and contents if cache corruption is detected * use apr_pstrdup when setting r->user * reserve 255 characters in remote username substition instead of 50 - changes in 2.3.6 * add check to detect session cache corruption for server-based caches and cached static metadata * avoid using pipelining for Redis * send Basic header in OAuth www-authenticate response if that's the only accepted method; thanks @puiterwijk * refactor Redis cache backend to solve issues on AUTH errors: a) memory leak and b) redisGetReply lagging behind * adjust copyright year/org * fix buffer overflow in shm cache key set strcpy * turn missing session_state from warning into a debug statement * fix missing "return" on error return from the OP * explicitly set encryption kid so we're compatible with cjose >= 0.6.0 - changes in 2.3.5 * fix encoding of preserved POST data * avoid buffer overflow in shm cache key construction * compile with with Libressl- update to 2.3.4 - requested in fate#323817- initial packagingibs-arm-4 16275538712.3.8-3.15.12.3.8-3.15.1apache2mod_auth_openidc.so/usr/lib64//usr/lib64/apache2/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:20618/SUSE_SLE-15-SP1_Update/d21d965f2abc12f57a2d6db3de022f23-apache2-mod_auth_openidc.SUSE_SLE-15-SP1_Updatedrpmxz5aarch64-suse-linuxdirectoryELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=eddb97e18573e8812b993f5003a4d3673c1fee18, stripped RRRRRR RR RRwU!M,1ݿjXutf-89fe32a0026c587ee4cf2c27523409b505f5217a3ec04427d909f1b01bd7ca4be? 7zXZ !t/`]"k%"5okw@_/.PS8;o]"P ꅡƛŴ 5S1Z2 _9Y8y=>aش?Rr"$OAyq$ \U+_/3HGf)i_iR*;ZN686rvVe /xw&MFR_PUpNWMBzU(߀xFE}0g<&FM JsaND" IuQm8{J31K@kw( xFPyY|T, &~#%0O`5$F`/ee1s_9.QocS9,{}ht `v%K̓S_Uo9V!I,5C^jMEeyխl!y-~[u/ּ %z'[*K"!,;jI'#2Dx _!\PjdGN ۍuJYZ%/=h߰xfrПnx|2LLhYsg嚏m'ʘN%QUaV;)0Fj-72f!fʹʌhUDo)w{VHg{Gݬ½xa%oge&[YK9bt 0ƫG|9%E : KaP `2#Ā}ݼKw!s~pyFQ cE F@ӂj ,smXrmsgRx wČ :7$+p!33l]E 2 {xQb2P ~;wmU3ǚ!ځn? 3zo}5$ҝ84g݋95On?bxDu@&90 (߉$Đ%$!(7?=XmNԤIR@ {/{qja@lwl _vh!aELiK֗7n2pz\]8Oݕ k%qx@ wj Jƅ NT~(RG&VZ Sh|> yΕjwʽh}yqASU2VSBǤˆb;rY #d.{-˩-+iQc`ah6Y vɎݪ > ┟dek#*4p$_d"\lhkJCL Wkucez/JFY19Wv)/1奭]EШ7堍_.վG"}{wB-ffBdAda IV8.1ux0a3U7SHKz+ fP=llqY DMeeIEGblHg N8{69 ?q_">t%2g#vP~x k׆/tIk/xyz o/k~t$'w˼[|'<,$&8&whjhPHcz$ȘQ_p 5u"5U0VҲ#?$1[jin VхC\P'헅%v$mc2suA(;A|J2Y7jhhSEPPf֪VY\לsP Ӵ>dJKpAt]dİEY[ xjt[e\5u QFA#7٭e.V|E⣳AIοog&t>m|wѷ)$s|IfP Ős.s95'XL߯zb\b 64$.# 2Ty_0@`vRKht)Hgi3gQ;̈$qoe}H!CA26F۬kX e۝e#sLCbJPD*/x  _(,&܊A~Jt& u+YUMw@z},-rEmn`$1UKIj1;Ε 3lP*y_h5OV,m {(äSBR9Ǒe?V{zi176|>@(;/zHAP"8:IF;ƒq*MgIriq ̹kڔVXV'D$dW_Ƕ>ȳge`-OTS_rvvohmXҥ*D%?$rOBh15MG?7PF^LQ|u tMtlifH IbQ* ɣ'zc,xzCTޠoۘi)V\8J'd-rk.wFg14n$/+;(gM6i[s3j`d9R>6C$UpCJ!p*vۚu |SqUN-,8m{/銷P DE-۔QC3;m`Y[mrC^d S bpI![:|ƽ-mŒJKZ뼣ds#heΨ&_3yK&P[p/)k 3=.*1^\~^Q8ӆ5X ;AcR_O_a~C7qjI%eֆ2ApBbIx NusmV\ڨx>p,TEh|蝆BJYsCϝ0$ht'"gUlNMGaѝJgVBA&g"Z=fL%UM?FsD| r$@d/uEldL$'+L6]'3cV8ڜ^ ²FUٍ٨!|X_o^<[DALNbzCShz@9ؔLHTpn9Ⱥf5д[1~vrލ{>켙0Lˈ >kxtZk({fR4cQfٍ_w4 7>? wMSBo ?$PIO!4}\=s2Dfqxk&0~OV;iB{"9g@~m[ǁ d@3Q[q(ysA&[t Y(G94GK81{ٹ2CZ¯9tLhQ kD ܨ'|t-mf;Vi7ʷ^D"kUnlIMG%VI K6t;|%.f@#K].v]ވ"d-"[ˤ9HgU#d=Z?Ll; wNM]HI<2%[Q2 8QDQGGM`^^:`SoeR@,ro! #CБżD +sXGFQ7Eiϔ>2@R+T&I:+  2X^[kF9qC\lgsن݊Ogcx.q]ԥb[&=d4v=FIfBo Y->-iMte@ϊULߊP2.;E'%Vھslm˱} *viiu0 3ąRf0BORۊbBդ¢UC~Y77]FC2hHtJ@`)ؗ&"xyqD%6ndYw{;mt:c+Cm1d5Ur(@˒HpqS';СG5?$"mUOZ6z?0[ap-֞f-D]"@X#,QzI99:[reOxBIP@/JV~=S?w.HxV>;Cx*aP3ݔz"{-{uy]VM^jYmfm|2Qf$"5 ˉtF(;8k8VE_P6f7"VX!,sTQwSo]$TY0%Bu|f@0n oϖsǜ`JNmb\w,~α]cPl-Ay#4)=ldI3' 4%E 뼋6>o3ַ-Bϥ]@7R.0t'᎐zCHUͫzk*GL:߭MۏHk:-"dm*4=ygG:.q:Ȉ ߉"ؚ3]˞o2QN)EHRC Sn񘦣OvLgVaa҆M"S:14FAKِB$rp%]qK9/4}UK[j\vȥ.9r2VmThƒc[w~wtͨt+KS‡RSa3QS |Mwn4[.ZL~-0ZFG^8b/'le*c*LynDeY4d1CR5U.4yէb~Цť_Zh=}᠈(acQZJZMKNiQ9>G{Tޱ}>QgCq0UVOZ0rghWҠ1XSgv+J@B 寁d wOl,uu2gp-x(C'Ƞ6k'_Z$ْOi%e%4ӌpkċv8DW>Ԕ׌L0nPF?"~Kn)`fo9'$fͲBN!;`_nD[&xZnV5Τ 1S~қM_$BNTU~3_x?z%&ŏ$yҔ,KI`(O(J1ߞc?%L SFa"ȊHg5wI&cwb=^X4 ۆ"TFq"Z|(N>A-J,&2gb\aO-޵<# 6vS+c$XVr9ٸ3\!A7u%3K'EM0\Pc!CI\D޲jxtwQ7SC"\O'P~І( %|ePq+4bHVE KSA+}gHerF ZVW+t1~#?bY&.@dLgE8,.: /vJI|UI ZJY &p3,DwsXo h-,yg/ӗQW!j4у>kUY篭_I?./jx:, SC 2u!^]||%J ƒy*xԈku]b/Z L \ژ-E z&tCnWA_AWX%C-TW \kU &cJ A/|ڶG +%!FGAh4X ^:]0{eZqR{ܔl$L W{SQ@ C Vogd{y{y x#AbO.FUooڸ_Ikk~{'2M|եF9W#lIQAo @I0h߽*)8~_o {\h~-<cc65 A;}jQzJG]fc!^-DY2K=锘 r*6($܌ UF¯i'ʄE.43er@ !J("F0*b@_HyJR41ZǂZ)HYY vT>K_!4&OwC6p4Ql{CIf[1_k̽lT祀M=XE͍oQ+0>nq0*ʧ#׾jՍDjGgXPB>%-ImbΦc||[4',O6y\e0kAc"Xksx~;n΢R/\B5++1~2DQCإّOM8őDYU}ܝޚBq)X lb8-{y tSjbhz z$FDv(~'qrrc$v,3.r81ԭ/\m/ϻz),g!(i!TZ삽^!KGI)1OȬT zk.y#Ъ|1FSwfV5~7Ot4ˊi{`(魊/yG|W:FR|م=`>hdPnt7k7c3tӅx㓵7Bl2ǙtUnal4nU5iF61el l$GfjkAM4(fi<MNxlRT!D .dRH u;O.|KMmٯf)ޜAq2/Did D2OkCT/P av(W54UuOԤDBM2@ץ ]pHa:ʖ&_iMKe+92ZN&$rؼ$o*F M*1ڒAN YqCq [$q3 i߯5@3FUp8+ "%N(04#ҵ뒳7g;ßqT5^n]_ʩ`ku?\|߆x4 U0Of) sGscT}/(u:Uplkn{ET4HL}3Vʗة \&j+'žRo\g7T2 3m/0y 9T@]9jAe)`,c5[v9ĕ.՘"vE` wR@gl?rw#"C0p Z⤑VɹPPgdX*?c2حBQpb{a0 7-!!\ ]V-SAtpjHϒ@Sr ]6O(h5rV}3[esya`lNu6~qpEsgK&B~E&0hPl\Ia3,2[ {욍WB.Cّ `(pSW*\P]>@oMygD-ԳAc?V-H8I~J 6oj:sϺWMHl"qtg5$L0^C\0"v;_2c-&N+-Mz>-կ /X4>w[p{qt8t (++H`FCO]+o(X̶1 Ky{UkWxZD10)m&9;3 > o*7mZ{/f^h (Aކ34J츱 UdxWkc#l O:Pe"nU!x(H7b?vA-bT}wet8ϻǛC{FCO'yD`ANշ*+0ݬ)b KuWؘAB`~,VўFî ʏ&]gd֌g*.H~Ba7 Nri]" agyschdK+e~v,;Օw鈓B,AY2Rk<V<  W{rWx=}k͛P1++]Mn"/8eB-L=cܭ3!-qsܻi‰I56{<%-^ V62VJYXNcReښ3RvUr|ǝּg~vő=UMUp.M!{QW 9o $3dcyð!ٽK]kr B@kAټRq\:U-D3mfe#{KX=}}uG9h2Fg_H-&DDlT3^&/oPBoXW[Mt`kH4q#{=9 q],& '_>tQ~)Is+{zU5׸>ཏ_.i7X12XI¾&q4v $wJCv;?1 ̸[gT 1=ROk jjE&@Ж†'l"}[k Pb IlR#`O-LV/O:2,s"ĉ6#2pjȚI~kP I~rB|悋o$sf 7{OzUz]_t󥨖ӹ /cT7kBaRufL>OVђ`wGE;JEP8וnı#_!PE$ mH5z3}uedG!,g=߲ wկ-'lZW0p9{ψ3w.z7cƌo_]!) 4*O> X}7:0/,O* Q&=/U|7IɪӠ(6M.gׁKR]E.'M(]ݝ%֔CaԫT߲xu^_>/"Hqj +Y5-4UυrR2FY qEh6 SX .3*Qz_3Pj}u9 k_}آQktobQ@qn6~N2XQ'\ChZ=W .i\AAd`DWhu' UBf Ptzu㩃 Wf Rp-7{ z${Kt[  K3d/v@uh)'eŭnfe2)F >vIƒqʈ?:@X0LxS0~9akH^ h 6\ 쪇_26+0D!a&G5"AOC(Y* #|R|&6?H',Ru2F>pCg @ ̡n ``9ɩdY+̳9?*rYR:\`ֳ;;TKjGuLeGXKɧnY1}uWɡDk7g΢rdt",}-(=OȠ,UEޅnJޅ :eqʰ$[tߋ<Z4j*>â'hQ:ńM#Y;l AJ2ȩ;^7/8ͻ5u!d]3 -N'.z{=juB,#Y{SBH` 6fZ傈1JW4:2s?5=:n:hIFⳤ-_1d˶$RȢ%th]<[rT]V`=&@QBÐsPn\'L* wV-CX3= +,$wkK;cPU +A7/Y 7|,iQF-Ƨ$]d?~'OtB QlI2rv(q˸ւ, `.ʺi`oݗc@ԕ]ntv$⟲ QB3B 1'k{A4T>E^Mg~R[8(A~Km]\d/(}eO^ x:ExuBNZ0 h)ϩ Ţ u;Uߪ}O[aZA{o=TDL1DX= s )wyX؀KuSڦvM}M|a][%N"b'c8# p3nx´=;Xhz# J/+cϳY rPwKP{glΉcUȐX_9F.K|%?;z8 ɁbUǞo`L,hADh,`Fqi$+wV*B4GC'tvY0BIfY.>ǒ38ZN$b{Pգ ^ @Ԡ2s=uno,PJ|E^O3 /[ce.e; xup?ɬ7 8SABO \2D᳘ΰ9CrjQ4L2oys֟h ]Ocve_YE\8Pe7_O):f&CE`yFu~*aM+G6Cބp.v[@.[R7z^ Pڝs`v.QF&H53Y>y|x9pV PbWLBKX?#+¿+},=9ha9VILVr-ԚO_ؙ A%KUbGL\a/ٸxuM(:榥y5)Ti O@uN=xFngj w{XwӜ\=|/_36 LSzi uX߶Ŗ&ю苨2i|a!1CHv^b{ُDI^'q'|F=vȿȰy`c̬Wˀ--} Z+Q .iq 6:H$8iV W^F, ,j,=PH9T\7MsƝc r%ꗀRZq!hu6wEuG4aO;Ab23t\bsIqp|"ڋ`>`ʜs\K轥Հ=BlQF^=oT4l޽j:ޯ]0oOy _ ٭JvL޹KsO0 ^ҡs  TDI$Yt`w /JmX6D*^Ki n2 nq;EY#wK*ILdkBۂ3 [^h-[mijGJxeiVG~@q3%(C+L6 *:5E-y%ёlۃҘi;% #μcDz:JP;bS ДYW;y(eM7"6<8Lw]!?dʿj.1r2lblpm 1MIͣ,^wW /b qy]g\CxleqvHkAt!hC[V<êw5ɮIw7euϾ=`) vڵY&>3pHWI LLMtpUVfw =,ϴ`X|M2R]Pۦ&uFSzע2fa?i?ڮ낃c)tIJG) >~ {E *?.N^ƹ# aL(}@ͺq Qi4l;aƎ"gE:kV'ֿˋd8a `9Z([dw,r)\H6221ķa +&p' ɴ)Җ.P9-7$C6LXl`;tȹ >LD[k~9ҫM93oI#h wr&R#21ٔ5 n/M2179{ʷ &|3\8ϫE~ܝFO~%_Zso֚-vwцq9*U]ⷑ6c3 ø,xC~g ɓb& JD$@kXa\CuhaF{|+Wp!Ouyhi((͗7#5M׍ɖ'EaFAb2}rQiYQ`Y-˩sG@G,&LNo)d]RG ٰTMfjI!w(=~8.9VEC@4~GQxa$+(`sRҫChߕxCJee|pPK15$ڝ? ᜭ12x] 5'*qK::<~TdQ~XusD r{fxF{Ysf;% L{6Xd54tLMmrO*[(%Zv}Mq~VAcCo4VA Ͻncmn^s9xk+%rV[DO(ĩy|Ncx'q*a^z> ϛ_˾::K^'`wqڠ|U#㕏kvyS# /h($NMNȄGAt:P۱O$z6 R cTW]K2L^v''UƆ]>rm=iMx6 PU>% $T5+Y)2+aocld0l(΅b5yeudBG^uxU6[-W̳)Zf:X7i΅8mL[#$/E@8XTaf'GoNGqȬ&ꍑE4s! 嬅</!T]$a?Kz pD綉j. q,)|jS;֢ѪMl(Lke6 ԡҁX ۏubXFnq⇑kVfE()E|RX7dM85Pqz "0CΥ0pdUɤ]|~1C9DkϦ7 FJH4djns^~r6y9_sy iנ+ooVD-]8il }0(/:&J!/ўEPx\~/x(;IG"6Ce21#k(6vT^֢7?VAϿÓdt1\LvRĕQsJ &m*Iނ"! 6`#I7 lmܤ/9z"|C24m/+L0)J B!R0Mw %<I\ԋYz?Z`zrR] «?e)Y7;rÙ&2w˸:pE{=lܷb$E=VWV}oDMcob #nآM<ż?Z{* DH&20 v5]3ߌGU{@h0 k;.:@㲵<fJ3-! 'J1kj'Xʭ($T1&ӛ /*S;fzB%`u`1#IPo8@A7>ТepGc,CVET"{ /r yюr/w^yIUS:󼳃sm GfX *am(SL{ =LCB]LH,wuƕNǰ祀D`4x- !W WرUrT_ 2!} I< S1gw*ǐ{#j᜸K.qFGe$lM>fk*rWXOV2Zm"hoȘ⢶/lr>[m$qW *@V)4%߱]ΈSd8_Ǹ,WsBU*ﵸO!H;S@c< 3t ", U3G^W !|+ ]heARӐ̯O8#)}{~Gύje=.s3.,JjwUSz1;խaX.xiikL]MjoQkII`],~^L+[41>f 2yLm(2W槿jk|U{Bi XK]i3b~}}f#ؔl[gBa7:y+NGJ:q ᖽרN ^.\4pl ]^c!kjXc!l*2Y`9AF씤ojIkR5<[Z@n>MVk..6]8A0@ Ң#2#Uފ.\VH$ߚ1H`wC6WmECzބ(Zovrg~*0]݃H]QqYhJH 0l#^r˵ X ̧.WjJ=^h &'g4GZ.UnƬF#3>sKOԨ.6"c*c^Ms&2UUA4 :uf{ivT0TSnAQVnfxyyz#7[#*. _) H-'ޟK$VSKe,ptVF[=IZY'X/ Aءچo$%VAm_lu#Ec;Q?TpXPJb! 6Xr}0i JQ/0.V'L,q"*J&O}4kNPC YZ