microsoft · aninda-al · Jan 31, 2025
@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "mod_auth_openidc-2.4.14.2.tar.gz": "b0440d2e22f7532a5833bffd8ac64d8a77c439628f081649faaf7e7a01c6d3e9"
+  "mod_auth_openidc-2.4.15.7.tar.gz": "a9f8b6f18ef4ccba20a802eb87af482a68153cb360cbf1010ce93855e127ccd0"
  }
 }
@@ -1,37 +1,43 @@
-%{!?_httpd_mmn: %{expand: %%global _httpd_mmn %%(cat %{_includedir}/httpd/.mmn || echo 0-0)}}
+%{!?_httpd_mmn: %{expand: %%global _httpd_mmn %%(cat %{_includedir}/httpd/.mmn 2>/dev/null || echo 0-0)}}
 %{!?_httpd_moddir: %{expand: %%global _httpd_moddir %%{_libdir}/httpd/modules}}
 %{!?_httpd_confdir: %{expand: %%global _httpd_confdir %{_sysconfdir}/httpd/conf.d}}
+
 # Optionally build with hiredis if --with hiredis is passed
 %{!?_with_hiredis: %{!?_without_hiredis: %global _without_hiredis --without-hiredis}}
 # It is an error if both or neither required options exist.
 %{?_with_hiredis: %{?_without_hiredis: %{error: both _with_hiredis and _without_hiredis}}}
 %{!?_with_hiredis: %{!?_without_hiredis: %{error: neither _with_hiredis nor _without_hiredis}}}
+
 # /etc/httpd/conf.d with httpd < 2.4 and defined as /etc/httpd/conf.modules.d with httpd >= 2.4
 %{!?_httpd_modconfdir: %{expand: %%global _httpd_modconfdir %%{_sysconfdir}/httpd/conf.d}}
-%global httpd_pkg_cache_dir %{_var}/cache/httpd/mod_auth_openidc
 
-Summary:        OpenID Connect auth module for Apache HTTP Server
-Name:           mod_auth_openidc
-Version:        2.4.14.2
-Release:        1%{?dist}
-License:        ASL 2.0
+%global httpd_pkg_cache_dir /var/cache/httpd/mod_auth_openidc
+
+Name:		mod_auth_openidc
+Version:	2.4.15.7
+Release:	3%{?dist}
+Summary:	OpenID Connect auth module for Apache HTTP Server
+
+License:	Apache-2.0
+
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
-URL:            https://github.com/OpenIDC/mod_auth_openidc
-Source0:        https://github.com/OpenIDC/mod_auth_openidc/releases/download/v%{version}/%{name}-%{version}.tar.gz
 
-%{?_with_hiredis:BuildRequires: hiredis-devel}
-BuildRequires:  autoconf
-BuildRequires:  automake
-BuildRequires:  cjose-devel
-BuildRequires:  curl-devel
+URL:		https://github.com/OpenIDC/mod_auth_openidc
+Source0:	https://github.com/OpenIDC/mod_auth_openidc/releases/download/v%{version}/mod_auth_openidc-%{version}.tar.gz
+
+BuildRequires: make
 BuildRequires:  gcc
-BuildRequires:  httpd-devel
-BuildRequires:  jansson-devel
-BuildRequires:  jq-devel
-BuildRequires:  openssl-devel
-BuildRequires:  pcre-devel
-Requires:       httpd-mmn
+BuildRequires:	httpd-devel
+BuildRequires:	openssl-devel
+BuildRequires:	curl-devel
+BuildRequires:	jansson-devel
+BuildRequires:	pcre2-devel
+BuildRequires:	autoconf
+BuildRequires:	automake
+BuildRequires:	cjose-devel
+BuildRequires:	jq-devel
+%{?_with_hiredis:BuildRequires: hiredis-devel}
 
 %description
 This module enables an Apache 2.x web server to operate as
@@ -44,34 +50,36 @@ an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.
 # workaround rpm-buildroot-usage
 export MODULES_DIR=%{_httpd_moddir}
 export APXS2_OPTS='-S LIBEXECDIR=${MODULES_DIR}'
-autoreconf
+autoreconf -vfi
 %configure \
   --with-jq=/usr/lib64/ \
   %{?_with_hiredis} \
-  %{?_without_hiredis}
+  %{?_without_hiredis} \
+  --with-apxs2=%{_httpd_apxs}
 
-%make_build
+%{make_build}
 
+# (jhrozek): temporarily disable make check to work around a FTBFS issue
 %check
 export MODULES_DIR=%{_httpd_moddir}
 export APXS2_OPTS='-S LIBEXECDIR=${MODULES_DIR}'
-%make_build test
+%{make_build} test
 
 %install
-mkdir -p %{buildroot}%{_httpd_moddir}
-make install DESTDIR=%{buildroot} MODULES_DIR=%{buildroot}%{_httpd_moddir}
+mkdir -p $RPM_BUILD_ROOT%{_httpd_moddir}
+make install DESTDIR=$RPM_BUILD_ROOT MODULES_DIR=$RPM_BUILD_ROOT%{_httpd_moddir}
 
-install -m 755 -d %{buildroot}%{_httpd_modconfdir}
+install -m 755 -d $RPM_BUILD_ROOT%{_httpd_modconfdir}
 echo 'LoadModule auth_openidc_module modules/mod_auth_openidc.so' > \
-	%{buildroot}%{_httpd_modconfdir}/10-auth_openidc.conf
+	$RPM_BUILD_ROOT%{_httpd_modconfdir}/10-auth_openidc.conf
 
-install -m 755 -d %{buildroot}%{_httpd_confdir}
-install -m 644 auth_openidc.conf %{buildroot}%{_httpd_confdir}
+install -m 755 -d $RPM_BUILD_ROOT%{_httpd_confdir}
+install -m 644 auth_openidc.conf $RPM_BUILD_ROOT%{_httpd_confdir}
 # Adjust httpd cache location in install config file
-sed -i 's!%{_var}/cache/apache2/!%{_var}/cache/httpd/!' %{buildroot}%{_httpd_confdir}/auth_openidc.conf
-install -m 700 -d %{buildroot}%{httpd_pkg_cache_dir}
-install -m 700 -d %{buildroot}%{httpd_pkg_cache_dir}/metadata
-install -m 700 -d %{buildroot}%{httpd_pkg_cache_dir}/cache
+sed -i 's!/var/cache/apache2/!/var/cache/httpd/!' $RPM_BUILD_ROOT%{_httpd_confdir}/auth_openidc.conf
+install -m 700 -d $RPM_BUILD_ROOT%{httpd_pkg_cache_dir}
+install -m 700 -d $RPM_BUILD_ROOT%{httpd_pkg_cache_dir}/metadata
+install -m 700 -d $RPM_BUILD_ROOT%{httpd_pkg_cache_dir}/cache
 
 
 %files
@@ -87,14 +95,147 @@ install -m 700 -d %{buildroot}%{httpd_pkg_cache_dir}/cache
 %dir %attr(0700, apache, apache) %{httpd_pkg_cache_dir}/cache
 
 %changelog
-* Tue Sep 05 2023 Archana Choudhary <[email protected]> - 2.4.14.2-1
-- Upgrade to 2.4.14.2 - CVE-2021-20718, CVE-2021-39191, CVE-2022-23527, CVE-2023-28625
-- Add DESTDIR to resolve mod_auth_openidc.so filepath
-- Update source URL
-- Verified license
+* Fri Jan 31 2025 Aninda Pradhan <[email protected]> - 2.4.15.7-3
+- Initial Azure Linux import from Fedora 41 (license: MIT)
+- License verified.
+
+* Thu Jul 18 2024 Fedora Release Engineering <[email protected]> - 2.4.15.7-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
+
+* Fri Mar 15 2024 Tomas Halman <[email protected]> - 2.4.15.7-1
+  Rebase to version 2.4.15.7
+- Resolves: rhbz#2272582 - mod_auth_openidc-2.4.15.7 is available
+
+* Fri Mar 15 2024 Tomas Halman <[email protected]> - 2.4.15.6-1
+  Rebase to version 2.4.15.6
+- Resolves: rhbz#2269234 - mod_auth_openidc-2.4.15.4 is available
+
+* Thu Feb 22 2024 Tomas Halman <[email protected]> - 2.4.15.3-1
+  Rebase to version 2.4.15.3
+- Resolves: rhbz#2262055 - mod_auth_openidc-2.4.15.3 is available
+
+* Thu Jan 25 2024 Tomas Halman <[email protected]> - 2.4.15-1
+  Rebase to version 2.4.15
+- Resolves: rhbz#2244098 - mod_auth_openidc-2.4.15 is available
+
+* Thu Jan 25 2024 Fedora Release Engineering <[email protected]> - 2.4.14.3-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Sun Jan 21 2024 Fedora Release Engineering <[email protected]> - 2.4.14.3-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Thu Oct 5 2023 Tomas Halman <[email protected]> - 2.4.14.3-1
+  Rebase to 2.4.14.3 version
+- Resolves: rhbz#2204524 - mod_auth_openidc-2.4.14.3 is available
+
+* Thu Jul 20 2023 Fedora Release Engineering <[email protected]> - 2.4.13.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Wed Apr 5 2023 Tomas Halman <[email protected]> - 2.4.13.2-1
+  Rebase to 2.4.13.2 version
+- Resolves: rhbz#2184157 - mod_auth_openidc-2.4.13.2 is available
+
+* Tue Mar 21 2023 Tomas Halman <[email protected]> - 2.4.13.1-1
+  Rebase to 2.4.13.1 version
+- Resolves: rhbz#2177413 - mod_auth_openidc-2.4.13.1 is available
+
+* Tue Mar 7 2023 Tomas Halman <[email protected]> - 2.4.12.3-2
+  migrated to SPDX license
+
+* Tue Feb 28 2023 Tomas Halman <[email protected]> - 2.4.12.3-1
+  Rebase to 2.4.12.3 version
+- Resolves: rhbz#2164064 - mod_auth_openidc-2.4.12.3 is available
+
+* Thu Jan 19 2023 Fedora Release Engineering <[email protected]> - 2.4.12.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Fri Dec 16 2022 Tomas Halman <[email protected]> - 2.4.12.2-1
+  Rebase to 2.4.12.2 version
+- Resolves: rhbz#2153658 - CVE-2022-23527 mod_auth_openidc: Open Redirect in
+  oidc_validate_redirect_url() using tab character
 
-* Fri Oct 15 2021 Pawel Winogrodzki <[email protected]> - 2.4.2.1-2
-- Initial CBL-Mariner import from Fedora 32 (license: MIT).
+* Thu Sep 22 2022 Tomas Halman <[email protected]> - 2.4.11.2-3
+- Resolves: rhbz#2128328 - Port pcre dependency to pcre2
+
+* Thu Jul 21 2022 Fedora Release Engineering <[email protected]> - 2.4.11.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Thu Jun 23 2022 Tomas Halman <[email protected]> - 2.4.11.2-1
+- Resolves: rhbz#2082376 - New version 2.4.11.2 available
+
+* Mon Apr 11 2022 Tomas Halman <[email protected]> - 2.4.11.1-1
+- Resolves: rhbz#1996926 - New version 2.4.11.1 available
+
+* Thu Mar 31 2022 Tomas Halman <[email protected]> - 2.4.9.4-1
+- Resolves: rhbz#2001647 - CVE-2021-39191 mod_auth_openidc: open redirect
+                           by supplying a crafted URL in the target_link_uri
+                           parameter
+
+* Thu Jan 20 2022 Fedora Release Engineering <[email protected]> - 2.4.9.1-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Tue Sep 14 2021 Sahana Prasad <[email protected]> - 2.4.9.1-2
+- Rebuilt with OpenSSL 3.0.0
+
+* Wed Aug 18 2021 Jakub Hrozek <[email protected]> - 2.4.9.1-1
+- New upstream release
+- Resolves: rhbz#1993566 - mod_auth_openidc-2.4.9.1 is available
+
+* Fri Jul 30 2021 Jakub Hrozek <[email protected]> - 2.4.9-1
+- Resolves: rhbz#1985153 - mod_auth_openidc-2.4.9 is available
+- Resolves: rhbz#1986103 - CVE-2021-32786 mod_auth_openidc: open redirect
+                           in oidc_validate_redirect_url()
+- Resolves: rhbz#1986396 - CVE-2021-32791 mod_auth_openidc: hardcoded
+                           static IV and AAD with a reused key in AES GCM
+                           encryption
+- Resolves: rhbz#1986398 - CVE-2021-32792 mod_auth_openidc: XSS when using
+                           OIDCPreservePost On
+
+* Thu Jul 22 2021 Fedora Release Engineering <[email protected]> - 2.4.8.4-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Wed Jun  2 2021 Jakub Hrozek <[email protected]> - 2.4.8.3-1
+- New upstream release
+- Resolves: rhbz#1966756 - mod_auth_openidc-2.4.8.3 is available
+
+* Mon May 10 2021 Jakub Hrozek <[email protected]> - 2.4.8.2-1
+- New upstream release
+- Resolves: rhbz#1958466 - mod_auth_openidc-2.4.8.2 is available
+
+* Thu May  6 2021 Jakub Hrozek <[email protected]> - 2.4.7.2-1
+- New upstream release
+- Resolves: rhbz#1900913 - mod_auth_openidc-2.4.7.2 is available
+
+* Fri Apr 30 2021 Tomas Halman <[email protected]> - 2.4.4.1-3
+- Remove unnecessary LTO patch
+
+* Fri Feb 26 2021 Jakub Hrozek <[email protected]> - 2.4.4.1-1
+- Temporarily disable check to get around a FTBFS issue (#1923374)
+
+* Tue Jan 26 2021 Fedora Release Engineering <[email protected]> - 2.4.4.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Fri Sep  4 2020 Jakub Hrozek <[email protected]> - 2.4.4.1-1
+- New upstream version 2.4.4.1
+
+* Tue Sep  1 2020 Jakub Hrozek <[email protected]> - 2.4.4-1
+- New upstream version 2.4.4
+
+* Thu Aug 27 2020 Joe Orton <[email protected]> - 2.4.3-5
+- update to use correct apxs via _httpd_apxs macro
+
+* Thu Aug 27 2020 Joe Orton <[email protected]> - 2.4.3-4
+- work around LTO build failure
+
+* Sat Aug 01 2020 Fedora Release Engineering <[email protected]> - 2.4.3-3
+- Second attempt - Rebuilt for
+  https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Tue Jul 28 2020 Fedora Release Engineering <[email protected]> - 2.4.3-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Tue Jul 14 2020 Jakub Hrozek <[email protected]> - 2.4.3
+- New upstream version 2.4.3
 
 * Sun May 10 2020 Jakub Hrozek <[email protected]> - 2.4.2.1-1
 - New upstream version 2.4.2.1
@@ -176,6 +317,7 @@ install -m 700 -d %{buildroot}%{httpd_pkg_cache_dir}/cache
 
 * Mon Mar 21 2016 John Dennis <[email protected]> - 1.8.8-2
 - Add missing unpackaged files/directories
+
   Add to doc: README.md, DISCLAIMER, AUTHORS
   Add to httpd/conf.d: auth_openidc.conf
   Add to /var/cache: /var/cache/httpd/mod_auth_openidc/cache

@@ -13362,8 +13362,8 @@
         "type": "other",
         "other": {
           "name": "mod_auth_openidc",
-          "version": "2.4.14.2",
-          "downloadUrl": "https://github.com/OpenIDC/mod_auth_openidc/releases/download/v2.4.14.2/mod_auth_openidc-2.4.14.2.tar.gz"
+          "version": "2.4.15.7",
+          "downloadUrl": "https://github.com/OpenIDC/mod_auth_openidc/releases/download/v2.4.15.7/mod_auth_openidc-2.4.15.7.tar.gz"
         }
       }
     },