Skip to content

Changelog libapache2-mod-auth-openidc (2.4.11-1)

2022

libapache2-mod-auth-openidc (2.4.11-1) unstable; urgency=medium

   * Set upstream metadata fields: Security-Contact.
   * New upstream version 2.4.11

2021

libapache2-mod-auth-openidc (2.4.10-1) unstable; urgency=medium

   * Drop patches (included upstream)
   * Update module path to built library

libapache2-mod-auth-openidc (2.4.9.4-1) unstable; urgency=medium

   * New upstream version 2.4.9.4
   * Fix "CVE-2021-39191" (Closes: #993648)
   * 2.4.9.2 fixed a regression regarding segfault at reload/restart
     (Closes: #883616, #891224, #868949)

libapache2-mod-auth-openidc (2.4.9-1) unstable; urgency=medium

   * New upstream version 2.4.9
   * Fix for CVE-2021-32792 (closes: #991580)
   * Fix for CVE-2021-32791 (closes: #991581)
   * Fix for CVE-2021-32786 (closes: #991582)
   * Fix for CVE-2021-32785 (closes: #991583)

libapache2-mod-auth-openidc (2.4.4.1-2) unstable; urgency=medium

   * fix CVE-2021-20718 using commit
     5ef1b0a74208fcb43a16795d0afc94c3d54cd120 from version 2.4.8 (closes:
     #989055)

2020

libapache2-mod-auth-openidc (2.4.4.1-1) unstable; urgency=medium

   [ Debian Janitor ]
   * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository,
     Repository-Browse.
 
   [ Moritz Schlarb ]
   * Move upstream URLs to new name
   * New upstream version 2.4.4.1
   * Bump dh-compat
   * Fix d/copyright
   * Remove removed lintian override
     apache2-module-depends-on-real-apache2-package

libapache2-mod-auth-openidc (2.4.3-1) unstable; urgency=medium

   * New upstream version 2.4.3

libapache2-mod-auth-openidc (2.4.1-1) unstable; urgency=medium

   * New upstream version 2.4.1
   * Bump Standards-Version and use declarative debhelper

2019

libapache2-mod-auth-openidc (2.4.0.4-1) unstable; urgency=medium

   * New upstream version 2.4.0.4
   * Update Standards-Version

libapache2-mod-auth-openidc (2.4.0.3-1) unstable; urgency=high

   * Update watch file to use Github tag archives
   * New upstream version 2.4.0.3
     (Closes: #942165)

libapache2-mod-auth-openidc (2.4.0-1) unstable; urgency=medium

   * New upstream version 2.4.0
   * Refresh patch

libapache2-mod-auth-openidc (2.3.10.2-1) unstable; urgency=medium

   * New upstream version 2.3.10.2

libapache2-mod-auth-openidc (2.3.10-1) unstable; urgency=medium

   [ Frédéric Bonnard ]
   * Fix parallel build (Closes: #913631)
 
   [ Moritz Schlarb ]
   * Update Maintainer and Standards-Version fields
   * New upstream version 2.3.10

2018

libapache2-mod-auth-openidc (2.3.8-1) unstable; urgency=medium

   [ Ondřej Nový ]
   * d/copyright: Use https protocol in Format field
   * d/changelog: Remove trailing whitespaces
 
   [ Moritz Schlarb ]
   * Update Standards-Version
   * New upstream version 2.3.8

libapache2-mod-auth-openidc (2.3.7-1) unstable; urgency=medium

   * New upstream version 2.3.7
   * Move Vcs-* to Salsa

libapache2-mod-auth-openidc (2.3.3-1) unstable; urgency=medium

   * New upstream version 2.3.3
   * Update debian/control

2017

libapache2-mod-auth-openidc (2.3.2-1) unstable; urgency=medium

   * New upstream version 2.3.2
   * link against openssl 1.1 (closes: #858993)

libapache2-mod-auth-openidc (2.3.1-2) unstable; urgency=medium

   * Fix maintainer script generation to enable/disable the module on
     installation and removal. This is safe to do because the example
     configuration does not do anything.
     This also closes: #868949 since it actually restarts Apache2 after
     enabling the module.

libapache2-mod-auth-openidc (2.3.1-1) unstable; urgency=medium

   * New upstream version 2.3.1

libapache2-mod-auth-openidc (2.1.6-1) unstable; urgency=high

   * New upstream version 2.1.6
     "This is a security release:
     Those using AuthType oauth20 together with applications that interpret
     headers set by mod_auth_openidc on paths that disclose sensitive
     information are affected and should upgrade."

libapache2-mod-auth-openidc (2.1.5-1) unstable; urgency=high

   * Imported Upstream version 2.1.5
     fixes two security issues:
     https://github.com/pingidentity/mod_auth_openidc/issues/212
     https://github.com/pingidentity/mod_auth_openidc/issues/222

libapache2-mod-auth-openidc (2.1.3-1) unstable; urgency=medium

   * Fix watch file
   * New upstream version 2.1.3
   * Fix lintian warning:
     apache2-module-depends-on-real-apache2-package

libapache2-mod-auth-openidc (2.1.2-2) unstable; urgency=medium

   * new upload excluding archs which don't build

2016

libapache2-mod-auth-openidc (2.1.2-1) unstable; urgency=medium

   * add Vcs Tags to control
   * Imported Upstream version 2.1.2

libapache2-mod-auth-openidc (1.8.10.1-1.2) unstable; urgency=medium

   * NMU: change depends to libssl1.0 to make it build again with apache
     (closes: # 844803)

libapache2-mod-auth-openidc (1.8.10.1-1.1) unstable; urgency=medium

   * NMU: fix watch file
   * fix openssl 1.1 FTBS (closes: #828380)
     patch from https://github.com/pingidentity/mod_auth_openidc/commit/82ee7cf68811662e93f9aea9b9a10beb095ee3df

libapache2-mod-auth-openidc (1.8.10.1-1) unstable; urgency=medium

   * fix Elliptic Curve signature verification

libapache2-mod-auth-openidc (1.8.10-1) unstable; urgency=medium

   * build with OpenSSL 1.1.0

libapache2-mod-auth-openidc (1.8.9-1) unstable; urgency=medium

   * improve X-Forwarded-Host handling over Host

libapache2-mod-auth-openidc (1.8.8-1) unstable; urgency=medium

   * pass bearer token in alternative ways

libapache2-mod-auth-openidc (1.8.7-1) unstable; urgency=medium

   * tighten up protocol checks

2015

libapache2-mod-auth-openidc (1.8.6-1) unstable; urgency=medium

   * add cookie-domain check

libapache2-mod-auth-openidc (1.8.5-1) unstable; urgency=medium

   * HTTP-based logout

libapache2-mod-auth-openidc (1.8.4-1) unstable; urgency=medium

   * allow for compilation on MS Windows

libapache2-mod-auth-openidc (1.8.3-1) unstable; urgency=medium

   * remove accounts.google.com exceptions

libapache2-mod-auth-openidc (1.8.2-1) unstable; urgency=medium

   * Elliptic Curve fixes

libapache2-mod-auth-openidc (1.8.1-1) unstable; urgency=medium

   * avoid timing attacks; build with OpenSSL < 1.0

libapache2-mod-auth-openidc (1.8.0-1) unstable; urgency=medium

   * enable local JWT validation

libapache2-mod-auth-openidc (1.7.3-1) unstable; urgency=medium

   * fix symmetric key decryption of JWTs

libapache2-mod-auth-openidc (1.7.2-1) unstable; urgency=medium

   * add support for OIDCOAuthIntrospectionTokenParamName

2014

libapache2-mod-auth-openidc (1.7.1-1) unstable; urgency=medium

   * Redis reconnect, OIDCCacheShmEntrySizeMax, OIDCReturn401, OIDCPassCookies

libapache2-mod-auth-openidc (1.7.0-1) unstable; urgency=medium

   * Redis caching, refresh flow, token introspection

libapache2-mod-auth-openidc (1.6.0-1) unstable; urgency=medium

   * new upstream release; add libssl-dev dependency

libapache2-mod-auth-openidc (1.5.5-1) unstable; urgency=medium

   * use HttpOnly on cookies; set OIDCCookiePath to /

libapache2-mod-auth-openidc (1.5.4-3) unstable; urgency=medium

   * changelog line was too long; correct/simplify watch file

libapache2-mod-auth-openidc (1.5.4-2) unstable; urgency=medium

   * correct debian directory for wheezy/jessie; watch file check .orig.tar.gz

libapache2-mod-auth-openidc (1.5.4-1) unstable; urgency=medium

   * fix big endian issue

libapache2-mod-auth-openidc (1.5.3-2) unstable; urgency=medium

   * build/test on big endian arch

libapache2-mod-auth-openidc (1.5.3-1) unstable; urgency=medium

   * fix initialization leak

libapache2-mod-auth-openidc (1.5.2-1) unstable; urgency=medium

   * fix OAuth 2.0 authorization and passes JSON claims in HTTP headers

libapache2-mod-auth-openidc (1.5.1-1) unstable; urgency=medium

   * add pkg-config to Build-Depends

libapache2-mod-auth-openidc (1.5-6) unstable; urgency=medium

   * drop lintian-overrides

libapache2-mod-auth-openidc (1.5-5) unstable; urgency=medium

   * support both Apache 2.2 and 2.4 config layouts

libapache2-mod-auth-openidc (1.5-4) unstable; urgency=medium

   * include .postinst script for setting permissions

libapache2-mod-auth-openidc (1.5-3) unstable; urgency=medium

   * more Debian packaging fixes

libapache2-mod-auth-openidc (1.5-2) unstable; urgency=medium

   * include original source

libapache2-mod-auth-openidc (1.5-1) unstable; urgency=medium

   * use Debian non-native packaging

libapache2-mod-auth-openidc (1.5) unstable; urgency=medium

   * switch to JSON parser jansson

libapache2-mod-auth-openidc (1.4) unstable; urgency=medium

   * OpenSSL fixes

libapache2-mod-auth-openidc (1.3) unstable; urgency=medium

   * fix running on non-standard port

libapache2-mod-auth-openidc (1.2) unstable; urgency=medium

   * session timeout handling, use shared memory as cache by default

libapache2-mod-auth-openidc (1.1) unstable; urgency=low

   * add issuer to REMOTE_USER; included INSTALL

libapache2-mod-auth-openidc (1.0.1) unstable; urgency=low

   * fix Require keyword issue for Apache 2.4

libapache2-mod-auth-openidc (1.0) unstable; urgency=low

   * Initial release under new name and flag.