í«îÛ    apache2-mod_auth_openidc-2.4.17.1-150600.16.17.1                                    Ž­è         <   >     ,     è            ê          ì          *„‰ i¨ >p¯ž9Û|‚ñnþ-Ü“è`Ž—;Æë±©C û<Øúl(³9uWÊ¬‡ÂÎTáPì÷Ýñ`ºóGÊ-	Ÿ©ÌßÎ,}7‰9Ò ™Áv4yÅË©“;g´G¾)‡Ù²<îD½Ï–ªe0†‹/f|·Czrµ†B>–C¨^zÌEBZTuæûª‚þ‹5á¥è}>/B:l¦ÐQhO¬Ð<Ø	2øÑ?å•þšâ •DÖ­?§Æ&&€é±å)H+xh–FÑ×ôíéHF~ ©VÉ?­a<b¡ëGÈ¸D[_•fAÍ¬£.ß@»‰U-ìÕCë¿]q`{.º¯a®¢Î$f¢ìôÔGr.R”3´æ‰¹sÅ²   >   ÿÿÿÀ       Ž­è       >   $   ?            d            è           é           ê      $     ì   	   3     í   	   t     î      ô     ï      ø     ñ          ò          ó     !     ö     B     ÷     M     ø   	  c     ü     ‡     ý     ¶     þ     ¼          Ä          Ì     	     Ð     
     Ô          Ü                               (          2          <          x          €          ¼                    m     (     œ     8     ¤     9     ì     :     u     F     Ä     G     Ø     H     à     I     è     X     ì     Y     ô     \     $     ]     ,     ^     H     b     h     c          d     ¤     e     ©     f     ¬     l     ®     u     À     v     È     w     `     x     h     y     p     z     ´     “     Ä     Æ     È     ä     Î     å         C apache2-mod_auth_openidc 2.4.17.1 150600.16.17.1 Apache2.x module for an OpenID Connect enabled Identity Provider This module enables an Apache 2.x web server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.    i¨ >h01-ch3a     	¼HSUSE Linux Enterprise 15 SUSE LLC <https://www.suse.com/> Apache-2.0 https://www.suse.com/ Productivity/Networking/Web/Servers https://github.com/zmartzone/mod_auth_openidc/ linux x86_64       	¼HAíí    i¨ =i¨ = 544f07151c03079da0af8a404d747bd65356d58aa92c1d0f577d6f7cf511d89f           root root root root apache2-mod_auth_openidc-2.4.17.1-150600.16.17.1.src.rpm    ÿÿÿÿÿÿÿÿapache2-mod_auth_openidc apache2-mod_auth_openidc(x86-64)         @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   
  
  
  
    apache_mmn_20120211 libapr-1.so.0()(64bit) libaprutil-1.so.0()(64bit) libc.so.6()(64bit) libc.so.6(GLIBC_2.14)(64bit) libc.so.6(GLIBC_2.2.5)(64bit) libc.so.6(GLIBC_2.3)(64bit) libc.so.6(GLIBC_2.3.4)(64bit) libc.so.6(GLIBC_2.38)(64bit) libc.so.6(GLIBC_2.4)(64bit) libcjose.so.0()(64bit) libcrypto.so.3()(64bit) libcrypto.so.3(OPENSSL_3.0.0)(64bit) libcurl.so.4()(64bit) libjansson.so.4()(64bit) libjansson.so.4(libjansson.so.4)(64bit) libpcre.so.1()(64bit) libz.so.1()(64bit) rpmlib(CompressedFileNames) rpmlib(FileDigests) rpmlib(PayloadFilesHavePrefix) rpmlib(PayloadIsXz) suse_maintenance_mmn_0                   3.0.4-1 4.6.0-1 4.0-1 5.2-1  4.14.3  i”X@i@h>ãÀgù@f…=@f}T@d,@c¥˜@bV»@aFÀ`ú¯@`eµÀ^_˜@]¹{@[åvÀ[ØGÀZãÀZ1@pgajdos@suse.com martin.schreiner@suse.com pgajdos@suse.com pgajdos@suse.com danilo.spinella@suse.com danilo.spinella@suse.com danilo.spinella@suse.com danilo.spinella@suse.com danilo.spinella@suse.com danilo.spinella@suse.com danilo.spinella@suse.com pgajdos@suse.com kstreitova@suse.com kstreitova@suse.com kstreitova@suse.com kstreitova@suse.com vcizek@suse.com christof.hanke@mpcdf.mpg.de - actually run the testsuite [jsc#PED-14130] - Update to 2.4.17.1 (bsc#1248806 / PED-14130).
- Remove patches, as they've been merged upstream:
  * apache2-mod_auth_openidc-2.3.8-CVE-2019-14857.patch
  * apache2-mod_auth_openidc-2.3.8-CVE-2019-20479.patch
  * apache2-mod_auth_openidc-CVE-2025-31492.patch
  * apache2-mod_auth_openidc-CVE-2025-3891.patch
  * fix-CVE-2021-32785.patch
  * fix-CVE-2021-32786.patch
  * fix-CVE-2021-32791.patch
  * fix-CVE-2021-32792-1.patch
  * fix-CVE-2021-32792-2.patch
  * fix-CVE-2021-39191.patch
  * fix-CVE-2022-23527-0.patch
  * fix-CVE-2022-23527-1.patch
  * fix-CVE-2022-23527-2.patch
  * fix-CVE-2022-23527-3.patch
  * fix-CVE-2023-28625.patch
  * fix-CVE-2024-24814.patch
  * harden-refresh-token-request.patch - security update
- added patches
  CVE-2025-3891 [bsc#1242015], denial of service via an empty POST request when OIDCPreservePost is enabled
  + apache2-mod_auth_openidc-CVE-2025-3891.patch - security update
- added patches
  fix CVE-2025-31492 [bsc#1240893], OIDCProviderAuthRequestMethod POSTs can leak protected data
  + apache2-mod_auth_openidc-CVE-2025-31492.patch
- enable the testsuite - Fix apxs2 binary location, which made the library file be installed in root folder,
  bsc#1227261 - Fix CVE-2024-24814, DoS when `OIDCSessionType client-cookie` is set
  and a crafted Cookie header is supplied, bsc#1219911
  * fix-CVE-2024-24814.patch - Fix CVE-2023-28625, NULL pointer dereference when OIDCStripCookies is
  set and a crafted Cookie header is supplied, bsc#1210073
  * fix-CVE-2023-28625.patch - Fix CVE-2022-23527, Open Redirect in oidc_validate_redirect_url() using tab character
  (CVE-2022-23527, bsc#1206441)
  * fix-CVE-2022-23527-0.patch
  * fix-CVE-2022-23527-1.patch
  * fix-CVE-2022-23527-3.patch
  * fix-CVE-2022-23527-2.patch
- Harden oidc_handle_refresh_token_request function
  * harden-refresh-token-request.patch
- Fixes bsc#1199868, mod_auth_openidc not loading - Fix CVE-2021-39191 open redirect issue in target_link_uri parameter
  (CVE-2021-39191, bsc#1190223)
  * fix-CVE-2021-39191.patch - Fix CVE-2021-32791 Hardcoded static IV and AAD with a reused key in AES GCM encryption
  (CVE-2021-32791, bsc#1188849)
  * fix-CVE-2021-32791.patch
- Fix CVE-2021-32792 XSS when using OIDCPreservePost On
  (CVE-2021-32792, bsc#1188848)
  * fix-CVE-2021-32792-1.patch
  * fix-CVE-2021-32792-2.patch - Fix CVE-2021-32785 format string bug via hiredis
  (CVE-2021-32785, bsc#1188638)
  * fix-CVE-2021-32785.patch
- Fix CVE-2021-32786 open redirect in logout functionality
  (CVE-2021-32786, bsc#1188639)
  * fix-CVE-2021-32786.patch
- Refresh apache2-mod_auth_openidc-2.3.8-CVE-2019-20479.patch - require hiredis only for newer distros than SLE-15 [jsc#SLE-11726] - add apache2-mod_auth_openidc-2.3.8-CVE-2019-20479.patch to fix
  open redirect issue that exists in URLs with a slash and
  backslash at the beginning [bsc#1164459], [CVE-2019-20479] - add apache2-mod_auth_openidc-2.3.8-CVE-2019-14857.patch to fix
  open redirect issue that exists in URLs with trailing slashes
  [bsc#1153666], [CVE-2019-14857] - submission to SLE15SP1 because of fate#324447
- build with hiredis only for openSUSE where hiredis is available
- add a version for jansson BuildRequires - update to 2.3.8
- changes in 2.3.8
  * fix return result FALSE when JWT payload parsing fails
  * add LGTM code quality badges
  * fix 3 LGTM alerts
  * improve auto-detection of XMLHttpRequests via Accept header
  * initialize test_proto_authorization_request properly
  * add sanity check on provider->auth_request_method
  * allow usage with LibreSSL
  * don't return content with 503 since it will turn the HTTP
    status code into a 200
  * add option to set an upper limit to the number of concurrent
    state cookies via OIDCStateMaxNumberOfCookies
  * make the default maximum number of parallel state cookies
    7 instead of unlimited
  * fix using access token as endpoint auth method in
    introspection calls
  * fix reading access_token form POST parameters when combined
    with `AuthType auth-openidc`
- changes in 2.3.7
  * abort when string length for remote user name substitution
    is larger than 255 characters
  * fix Redis concurrency issue when used with multiple vhosts
  * add support for authorization server metadata with
    OIDCOAuthServerMetadataURL as in RFC 8414
  * refactor session object creation
  * clear session cookie and contents if cache corruption is detected
  * use apr_pstrdup when setting r->user
  * reserve 255 characters in remote username substition instead of 50
- changes in 2.3.6
  * add check to detect session cache corruption for server-based
    caches and cached static metadata
  * avoid using pipelining for Redis
  * send Basic header in OAuth www-authenticate response if that's
    the only accepted method; thanks @puiterwijk
  * refactor Redis cache backend to solve issues on AUTH errors:
    a) memory leak and b) redisGetReply lagging behind
  * adjust copyright year/org
  * fix buffer overflow in shm cache key set strcpy
  * turn missing session_state from warning into a debug statement
  * fix missing "return" on error return from the OP
  * explicitly set encryption kid so we're compatible with
    cjose >= 0.6.0
- changes in 2.3.5
  * fix encoding of preserved POST data
  * avoid buffer overflow in shm cache key construction
  * compile with with Libressl - update to 2.3.4
- requested in fate#323817 - initial packaging h01-ch3a 1772617790                       2.4.17.1-150600.16.17.1 2.4.17.1-150600.16.17.1        apache2 mod_auth_openidc.so /usr/lib64/ /usr/lib64/apache2/ -fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -g obs://build.suse.de/SUSE:Maintenance:43029/SUSE_SLE-15-SP6_Update/b089199f0ec789a81bda0170079de920-apache2-mod_auth_openidc.SUSE_SLE-15-SP6_Update drpm xz 5 x86_64-suse-linux        directory ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=7f2794c7a6b91d4d3be7b33016464930971f7d8b, stripped                 R  R  	R  R  R  R  R  R  R  R  R  R  
R  R  R  R  R  ÄîýŽ÷…wøuuÚâ¨   utf-8 303c5e9ce16078375cb4549feaf6dc16f5153c7eca8a9f63d69d6b7b180f7890        ?   ÿÿü    ý7zXZ  
áû¡ !   t/å£àÄ] "ÌkÀ%Ô¶"ùÍâ5oÒkw@_/.ž “üP©£°ï¹S8=€TöæXÛe+_­dªµÜÕÛsØ‘£‚3‰×]1:ùŠ|9¥$kV.ùÐ„7P«“ûäÑ¼®Ô9ÜÎ8<o2u;zêÿ0«]áüé•´Èü3wÌå;€âæ¿kí <†Án‚ò$ä\“¨ÅÚßW-TÔÇ-r‡…“KPÕn=Xšù÷Ÿ™ïF´è•.\<\¼èÄ[„…6Šê×ŒSL©}¬ûbd«§;ß‡¦pT†^o—?ÅIþ,¸åÈi"óÑ jÎZ¸ <bÞã½¿k:zÞMÎ8-ÃQ§êëYGýÄ‹	Ôçæl×ú›†Übº@d©
1·i^É·v9>!Q~}ÓÕZqÆúvâ’\4Q˜‡¸:r<Ü¥²j&Æ2ü4[±4B5xË[@L«ÜaÃZ:SJ_òžÝ'ô¬T§3A*OÖY3žXQóåi–2š}}.eVHJ‰b¢¤æ2%Õ“câ±îo•ým”Q}ªè€Ð”á)_Q­éüX©¬%@m¥óÙÒç1‘ŽIéxíi™Gi·e«Ü§2¿tÃüáÊéozdéIr?è,ñt§<È}>F¬›w›âû!ô·“¡|#û¯(`<$ì9èkžq¢o'T0«Ëï«¬¸ŸµÂÏÍvÝ&¸ÔD3 FððmbS'uæø"¿_ÈMM	·>AßYÏZ˜žXCJ[Æötaè2ôÜfïŸ1s}EÏ°òÕ¾&z)PÔ(À¹Õ:š$qÛZïŸÚÖkÝd¿î²~ÇÕ¶µ¿ÉÖÞ>¼¯{ø4T Ý†–©û>!ä8"ž·EòŽc²GÚr)*í’K™k5ŽH²˜2D‰NÍ@i¦uJzIÿ7ÑëŽí’Ý —âÈ·æÏ!)ŽˆA¢¤ÔóûÌàµ‘8@}ùäüçö/"ÛWhÓH1iPÈöqÆ’Øõt/ÀÊ(÷!ÐsIð‚†|,—«rÛX&u²Ü¯
øð£úM4%þ†A¼i8b/C"VÜKYyšEfX¨ºTTœðUJ¡ùËgifUüã§"lsüÞŸ¨§ÃJÎíIú8W[•òsXæFnýƒ§¹´F‘’}íµøŽ¯K¼¹¸|A#BðF\zcC{×jX8¤Îq_K6øÑð¿_BÓøJæúÕù¾«³(˜(>AŸ¹@×Ès^{
±Nð–$Ãã¡w‰J´£c.ÕêX×­ëHhìóâçE˜¶ÓFÈÚoaäõGMÄ¶Ýó¸lŒzëÕÉ‹šßë‹´ Üçî¥µ¹ÝÜ29F3°Ó‹L†«ƒÆ(™J‰å´eáàïV±ÿ?’&Àl@ÏA»*cžàd™÷é²‰‰ˆµñû{3išÜ…R¬çz,4	Òö –|Æáj«18{÷¤qA0÷A…ÀB	 þÇëpJ×’¼ä¹ØB58Í™_+²õ­ÔÛ9Ók¦ÅøU…ó¿ìâ„ppõé^d(ÃÛ»ÏigdŸìWr¾ññ'šég½3ñ1[GœRöIçCú¢5ÏñÊuÄü3öŠñÇ7üßhÌÈ5–5“r&­Í,Ô‡3º'îP*;¤É¾µÏ„Uv'V‚TÎ»ŸX§ˆWô
‰BQz”«¼ìŒ,EÕ/Hí¬ü}î69S:´ª´ôªOL2‹Y²¦£ëðû‹‚²£ŒÄ—œMÕøSRà§EvìiÙãhßoûéxîDÜ°§ùEµÒf¸ t¨eØž¬Ø·Öãþãcåg$;ù]l!—Ùâû0‰cæ8Âƒ£ O¤‚[ƒ>j€c3ŽÉ”™‘<¹Í‚<cF|óÈE¿‘²M±`W<NFBþý*¥ICAh½éº.¹1Ä¤7VÜ&ÿ›]$ç!ŠgO¯âåý`¿wç;@mº¸'³®$=7%B¦üa¡©|óJel;ÆåO"`ê	ÉÓLZñÂ»D©½ÃpiçºÎDŠ]  šìõßÃ…=Ö¸ÜŽ3ï¸Õánÿ“tA³÷uÃ“cDî0 ËÅ%  ”MŸ¶éß    
YZ