* Set upstream metadata fields: Security-Contact.
* New upstream version 2.4.11
* Drop patches (included upstream)
* Update module path to built library
* New upstream version 2.4.9.4
* Fix "CVE-2021-39191" (Closes: #993648)
* 2.4.9.2 fixed a regression regarding segfault at reload/restart
(Closes: #883616, #891224, #868949)
* New upstream version 2.4.9
* Fix for CVE-2021-32792 (closes: #991580)
* Fix for CVE-2021-32791 (closes: #991581)
* Fix for CVE-2021-32786 (closes: #991582)
* Fix for CVE-2021-32785 (closes: #991583)
* fix CVE-2021-20718 using commit
5ef1b0a74208fcb43a16795d0afc94c3d54cd120 from version 2.4.8 (closes:
#989055)
[ Debian Janitor ]
* Set upstream metadata fields: Bug-Database, Bug-Submit, Repository,
Repository-Browse.
[ Moritz Schlarb ]
* Move upstream URLs to new name
* New upstream version 2.4.4.1
* Bump dh-compat
* Fix d/copyright
* Remove removed lintian override
apache2-module-depends-on-real-apache2-package
* New upstream version 2.4.3
* New upstream version 2.4.1
* Bump Standards-Version and use declarative debhelper
* New upstream version 2.4.0.4
* Update Standards-Version
* Update watch file to use Github tag archives
* New upstream version 2.4.0.3
(Closes: #942165)
* New upstream version 2.4.0
* Refresh patch
* New upstream version 2.3.10.2
[ Frédéric Bonnard ]
* Fix parallel build (Closes: #913631)
[ Moritz Schlarb ]
* Update Maintainer and Standards-Version fields
* New upstream version 2.3.10
[ Ondřej Nový ]
* d/copyright: Use https protocol in Format field
* d/changelog: Remove trailing whitespaces
[ Moritz Schlarb ]
* Update Standards-Version
* New upstream version 2.3.8
* New upstream version 2.3.7
* Move Vcs-* to Salsa
* New upstream version 2.3.3
* Update debian/control
* New upstream version 2.3.2
* link against openssl 1.1 (closes: #858993)
* Fix maintainer script generation to enable/disable the module on
installation and removal. This is safe to do because the example
configuration does not do anything.
This also closes: #868949 since it actually restarts Apache2 after
enabling the module.
* New upstream version 2.3.1
* New upstream version 2.1.6
"This is a security release:
Those using AuthType oauth20 together with applications that interpret
headers set by mod_auth_openidc on paths that disclose sensitive
information are affected and should upgrade."
* Imported Upstream version 2.1.5
fixes two security issues:
https://github.com/pingidentity/mod_auth_openidc/issues/212
https://github.com/pingidentity/mod_auth_openidc/issues/222
* Fix watch file
* New upstream version 2.1.3
* Fix lintian warning:
apache2-module-depends-on-real-apache2-package
* new upload excluding archs which don't build
* add Vcs Tags to control
* Imported Upstream version 2.1.2
* NMU: change depends to libssl1.0 to make it build again with apache
(closes: # 844803)
* NMU: fix watch file
* fix openssl 1.1 FTBS (closes: #828380)
patch from https://github.com/pingidentity/mod_auth_openidc/commit/82ee7cf68811662e93f9aea9b9a10beb095ee3df
* fix Elliptic Curve signature verification
* build with OpenSSL 1.1.0
* improve X-Forwarded-Host handling over Host
* pass bearer token in alternative ways
* tighten up protocol checks
* add cookie-domain check
* HTTP-based logout
* allow for compilation on MS Windows
* remove accounts.google.com exceptions
* Elliptic Curve fixes
* avoid timing attacks; build with OpenSSL < 1.0
* enable local JWT validation
* fix symmetric key decryption of JWTs
* add support for OIDCOAuthIntrospectionTokenParamName
* Redis reconnect, OIDCCacheShmEntrySizeMax, OIDCReturn401, OIDCPassCookies
* Redis caching, refresh flow, token introspection
* new upstream release; add libssl-dev dependency
* use HttpOnly on cookies; set OIDCCookiePath to /
* changelog line was too long; correct/simplify watch file
* correct debian directory for wheezy/jessie; watch file check .orig.tar.gz
* fix big endian issue
* build/test on big endian arch
* fix initialization leak
* fix OAuth 2.0 authorization and passes JSON claims in HTTP headers
* add pkg-config to Build-Depends
* drop lintian-overrides
* support both Apache 2.2 and 2.4 config layouts
* include .postinst script for setting permissions
* more Debian packaging fixes
* include original source
* use Debian non-native packaging
* switch to JSON parser jansson
* OpenSSL fixes
* fix running on non-standard port
* session timeout handling, use shared memory as cache by default
* add issuer to REMOTE_USER; included INSTALL
* fix Require keyword issue for Apache 2.4
* Initial release under new name and flag.