2018
libapache2-mod-auth-openidc (2.3.3-1build1) bionic; urgency=medium
* No-change rebuild against libcurl4
libapache2-mod-auth-openidc (2.3.3-1) unstable; urgency=medium
* New upstream version 2.3.3 * Update debian/control
2017
libapache2-mod-auth-openidc (2.3.2-1) unstable; urgency=medium
* New upstream version 2.3.2 * link against openssl 1.1 (closes: #858993)
libapache2-mod-auth-openidc (2.3.1-2) unstable; urgency=medium
* Fix maintainer script generation to enable/disable the module on installation and removal. This is safe to do because the example configuration does not do anything. This also closes: #868949 since it actually restarts Apache2 after enabling the module.
libapache2-mod-auth-openidc (2.3.1-1) unstable; urgency=medium
* New upstream version 2.3.1
libapache2-mod-auth-openidc (2.1.6-1) unstable; urgency=high
* New upstream version 2.1.6 "This is a security release: Those using AuthType oauth20 together with applications that interpret headers set by mod_auth_openidc on paths that disclose sensitive information are affected and should upgrade."
libapache2-mod-auth-openidc (2.1.5-1) unstable; urgency=high
* Imported Upstream version 2.1.5 fixes two security issues: https://github.com/pingidentity/mod_auth_openidc/issues/212 https://github.com/pingidentity/mod_auth_openidc/issues/222
libapache2-mod-auth-openidc (2.1.3-1) unstable; urgency=medium
* Fix watch file * New upstream version 2.1.3 * Fix lintian warning: apache2-module-depends-on-real-apache2-package
libapache2-mod-auth-openidc (2.1.2-2) unstable; urgency=medium
* new upload excluding archs which don't build
2016
libapache2-mod-auth-openidc (2.1.2-1) unstable; urgency=medium
* add Vcs Tags to control * Imported Upstream version 2.1.2
libapache2-mod-auth-openidc (1.8.10.1-1.2) unstable; urgency=medium
* NMU: change depends to libssl1.0 to make it build again with apache (closes: # 844803)
libapache2-mod-auth-openidc (1.8.10.1-1.1) unstable; urgency=medium
* NMU: fix watch file * fix openssl 1.1 FTBS (closes: #828380) patch from https://github.com/pingidentity/mod_auth_openidc/commit/82ee7cf68811662e93f9aea9b9a10beb095ee3df
libapache2-mod-auth-openidc (1.8.10.1-1) unstable; urgency=medium
* fix Elliptic Curve signature verification
libapache2-mod-auth-openidc (1.8.10-1) unstable; urgency=medium
* build with OpenSSL 1.1.0
libapache2-mod-auth-openidc (1.8.9-1) unstable; urgency=medium
* improve X-Forwarded-Host handling over Host
libapache2-mod-auth-openidc (1.8.8-1) unstable; urgency=medium
* pass bearer token in alternative ways
libapache2-mod-auth-openidc (1.8.7-1) unstable; urgency=medium
* tighten up protocol checks
2015
libapache2-mod-auth-openidc (1.8.6-1) unstable; urgency=medium
* add cookie-domain check
libapache2-mod-auth-openidc (1.8.5-1) unstable; urgency=medium
* HTTP-based logout
libapache2-mod-auth-openidc (1.8.4-1) unstable; urgency=medium
* allow for compilation on MS Windows
libapache2-mod-auth-openidc (1.8.3-1) unstable; urgency=medium
* remove accounts.google.com exceptions
libapache2-mod-auth-openidc (1.8.2-1) unstable; urgency=medium
* Elliptic Curve fixes
libapache2-mod-auth-openidc (1.8.1-1) unstable; urgency=medium
* avoid timing attacks; build with OpenSSL < 1.0
libapache2-mod-auth-openidc (1.8.0-1) unstable; urgency=medium
* enable local JWT validation
libapache2-mod-auth-openidc (1.7.3-1) unstable; urgency=medium
* fix symmetric key decryption of JWTs
libapache2-mod-auth-openidc (1.7.2-1) unstable; urgency=medium
* add support for OIDCOAuthIntrospectionTokenParamName
2014
libapache2-mod-auth-openidc (1.7.1-1) unstable; urgency=medium
* Redis reconnect, OIDCCacheShmEntrySizeMax, OIDCReturn401, OIDCPassCookies
libapache2-mod-auth-openidc (1.7.0-1) unstable; urgency=medium
* Redis caching, refresh flow, token introspection
libapache2-mod-auth-openidc (1.6.0-1) unstable; urgency=medium
* new upstream release; add libssl-dev dependency
libapache2-mod-auth-openidc (1.5.5-1) unstable; urgency=medium
* use HttpOnly on cookies; set OIDCCookiePath to /
libapache2-mod-auth-openidc (1.5.4-3) unstable; urgency=medium
* changelog line was too long; correct/simplify watch file
libapache2-mod-auth-openidc (1.5.4-2) unstable; urgency=medium
* correct debian directory for wheezy/jessie; watch file check .orig.tar.gz
libapache2-mod-auth-openidc (1.5.4-1) unstable; urgency=medium
* fix big endian issue
libapache2-mod-auth-openidc (1.5.3-2) unstable; urgency=medium
* build/test on big endian arch
libapache2-mod-auth-openidc (1.5.3-1) unstable; urgency=medium
* fix initialization leak
libapache2-mod-auth-openidc (1.5.2-1) unstable; urgency=medium
* fix OAuth 2.0 authorization and passes JSON claims in HTTP headers
libapache2-mod-auth-openidc (1.5.1-1) unstable; urgency=medium
* add pkg-config to Build-Depends
libapache2-mod-auth-openidc (1.5-6) unstable; urgency=medium
* drop lintian-overrides
libapache2-mod-auth-openidc (1.5-5) unstable; urgency=medium
* support both Apache 2.2 and 2.4 config layouts
libapache2-mod-auth-openidc (1.5-4) unstable; urgency=medium
* include .postinst script for setting permissions
libapache2-mod-auth-openidc (1.5-3) unstable; urgency=medium
* more Debian packaging fixes
libapache2-mod-auth-openidc (1.5-2) unstable; urgency=medium
* include original source
libapache2-mod-auth-openidc (1.5-1) unstable; urgency=medium
* use Debian non-native packaging
libapache2-mod-auth-openidc (1.5) unstable; urgency=medium
* switch to JSON parser jansson
libapache2-mod-auth-openidc (1.4) unstable; urgency=medium
* OpenSSL fixes
libapache2-mod-auth-openidc (1.3) unstable; urgency=medium
* fix running on non-standard port
libapache2-mod-auth-openidc (1.2) unstable; urgency=medium
* session timeout handling, use shared memory as cache by default
libapache2-mod-auth-openidc (1.1) unstable; urgency=low
* add issuer to REMOTE_USER; included INSTALL
libapache2-mod-auth-openidc (1.0.1) unstable; urgency=low
* fix Require keyword issue for Apache 2.4
libapache2-mod-auth-openidc (1.0) unstable; urgency=low
* Initial release under new name and flag.