2020-06-19 17:14:05 +08:00
|
|
|
%{!?_httpd_modconfdir: %{expand: %%global _httpd_modconfdir %%{_sysconfdir}/httpd/conf.d}}
|
|
|
|
|
%{!?_httpd_confdir: %{expand: %%global _httpd_confdir %{_sysconfdir}/httpd/conf.d}}
|
|
|
|
|
%{!?_httpd_moddir: %{expand: %%global _httpd_moddir %%{_libdir}/httpd/modules}}
|
|
|
|
|
%{!?_httpd_mmn: %{expand: %%global _httpd_mmn %%(cat %{_includedir}/httpd/.mmn || echo 0-0)}}
|
|
|
|
|
|
|
|
|
|
%global httpd_pkg_cache_dir /var/cache/httpd/mod_auth_openidc
|
|
|
|
|
|
|
|
|
|
Name: mod_auth_openidc
|
2025-04-10 09:33:24 +08:00
|
|
|
Version: 2.4.16.11
|
2024-02-17 10:00:29 +08:00
|
|
|
Release: 1
|
2020-06-19 17:14:05 +08:00
|
|
|
Summary: OpenID Connect Relying Party module for Apache 2.x HTTP Server
|
2025-04-10 09:33:24 +08:00
|
|
|
License: Apache-2.0
|
2024-02-17 10:00:29 +08:00
|
|
|
URL: https://github.com/OpenIDC/mod_auth_openidc
|
|
|
|
|
Source0: %{url}/releases/download/v%{version}/%{name}-%{version}.tar.gz
|
2020-06-19 17:14:05 +08:00
|
|
|
|
|
|
|
|
BuildRequires: gcc httpd-devel openssl-devel curl-devel jansson-devel
|
2024-01-17 17:19:01 +08:00
|
|
|
BuildRequires: pcre2-devel autoconf automake cjose-devel jq-devel
|
2023-04-12 17:50:47 +08:00
|
|
|
BuildRequires: libtool
|
2020-06-19 17:14:05 +08:00
|
|
|
Requires: httpd-mmn = %{_httpd_mmn}
|
|
|
|
|
|
|
|
|
|
%description
|
|
|
|
|
This module enables an Apache 2.x web server to operate as
|
|
|
|
|
an OpenID Connect Relying Party(RP) to an OpenID Connect Provider(OP).
|
|
|
|
|
|
|
|
|
|
%prep
|
|
|
|
|
%autosetup -p1
|
|
|
|
|
|
|
|
|
|
%build
|
|
|
|
|
export MODULES_DIR=%{_httpd_moddir}
|
|
|
|
|
export APXS2_OPTS='-S LIBEXECDIR=${MODULES_DIR}'
|
2023-04-12 17:50:47 +08:00
|
|
|
autoreconf -vfi
|
2020-06-19 17:14:05 +08:00
|
|
|
%configure --with-jq=/usr/lib64/ --without-hiredis
|
|
|
|
|
make %{?_smp_mflags}
|
|
|
|
|
|
|
|
|
|
%check
|
|
|
|
|
export MODULES_DIR=%{_httpd_moddir}
|
|
|
|
|
export APXS2_OPTS='-S LIBEXECDIR=${MODULES_DIR}'
|
2023-04-12 17:50:47 +08:00
|
|
|
make check
|
2020-06-19 17:14:05 +08:00
|
|
|
|
|
|
|
|
%install
|
|
|
|
|
install -d $RPM_BUILD_ROOT%{_httpd_moddir}
|
2023-04-12 17:50:47 +08:00
|
|
|
make install DESTDIR=$RPM_BUILD_ROOT MODULES_DIR=$RPM_BUILD_ROOT%{_httpd_moddir}
|
2020-06-19 17:14:05 +08:00
|
|
|
|
|
|
|
|
install -m 755 -d $RPM_BUILD_ROOT%{_httpd_modconfdir}
|
|
|
|
|
echo 'LoadModule auth_openidc_module modules/mod_auth_openidc.so' > \
|
|
|
|
|
$RPM_BUILD_ROOT%{_httpd_modconfdir}/10-auth_openidc.conf
|
|
|
|
|
|
|
|
|
|
install -m 755 -d $RPM_BUILD_ROOT%{_httpd_confdir}
|
|
|
|
|
install -m 644 auth_openidc.conf $RPM_BUILD_ROOT%{_httpd_confdir}
|
|
|
|
|
sed -i 's!/var/cache/apache2/!/var/cache/httpd/!' $RPM_BUILD_ROOT%{_httpd_confdir}/auth_openidc.conf
|
2023-04-12 17:50:47 +08:00
|
|
|
install -m 700 -d $RPM_BUILD_ROOT%{httpd_pkg_cache_dir}
|
2020-06-19 17:14:05 +08:00
|
|
|
install -m 700 -d $RPM_BUILD_ROOT%{httpd_pkg_cache_dir}/{metadata,cache}
|
|
|
|
|
|
|
|
|
|
%files
|
|
|
|
|
%doc ChangeLog AUTHORS README.md LICENSE.txt
|
|
|
|
|
%{_httpd_moddir}/mod_auth_openidc.so
|
|
|
|
|
%config(noreplace) %{_httpd_modconfdir}/10-auth_openidc.conf
|
|
|
|
|
%config(noreplace) %{_httpd_confdir}/auth_openidc.conf
|
|
|
|
|
%dir %attr(0700, apache, apache) %{httpd_pkg_cache_dir}
|
|
|
|
|
%dir %attr(0700, apache, apache) %{httpd_pkg_cache_dir}/{metadata,cache}
|
|
|
|
|
|
|
|
|
|
%changelog
|
2025-04-10 09:33:24 +08:00
|
|
|
* Wed Apr 09 2025 yaoxin <1024769339@qq.com> - 2.4.16.11-1
|
|
|
|
|
- Update to 2.4.16.11 for fix CVE-2025-31492
|
|
|
|
|
|
|
|
|
|
* Mon Jan 13 2025 yaoxin <1024769339@qq.com> - 2.4.16.6-1
|
|
|
|
|
- Update to 2.4.16.6:
|
|
|
|
|
* metadata: fix caching of JWKs from jwks_uri when using the default expiry setting
|
|
|
|
|
* info: fix requests to the info hook with extend_session=false
|
|
|
|
|
* cookie: OIDCCookieSameSite default behaviour Lax
|
|
|
|
|
* cookie: apply OIDCCookieSameSite Off/None properly to state cookies instead of always setting Lax
|
|
|
|
|
* cache: avoid segfault and improve error reporting in case apr_temp_dir_get fails when a temp directory
|
|
|
|
|
cannot be found on the system upon initaliizing cache mutexes and the file cache
|
|
|
|
|
* metadata: allow plain HTTP URLs in metadata elements jwks_uri and signed_jwks_uri to ensure backwards
|
|
|
|
|
compatibility with <=2.4.15.7 and to support private/test deployments
|
|
|
|
|
* code: address warnings from static code analysis tool CodeChecker
|
|
|
|
|
|
2024-02-17 10:00:29 +08:00
|
|
|
* Sat Feb 17 2024 yaoxin <yao_xin001@hoperun.com> - 2.4.15.3-1
|
|
|
|
|
- Upgrade to 2.4.15.3 for fix CVE-2024-24814
|
|
|
|
|
|
2024-01-17 17:19:01 +08:00
|
|
|
* Wed Jan 17 2024 yaoxin <yao_xin001@hoperun.com> - 2.4.15-2
|
|
|
|
|
- Port pcre dependency to pcre2
|
|
|
|
|
|
2024-01-16 10:19:44 +08:00
|
|
|
* Tue Jan 16 2024 zhangxingrong <zhangxingrong@uniontech.com> - 2.4.15-1
|
|
|
|
|
- upgrade to 2.4.15
|
|
|
|
|
|
2023-10-24 16:39:31 +08:00
|
|
|
* Tue Oct 24 2023 liyanan <liyanan61@h-parners.com> - 2.4.14.3-1
|
|
|
|
|
- Update to 2.4.14.3
|
|
|
|
|
|
2023-04-12 17:50:47 +08:00
|
|
|
* Wed Apr 12 2023 yaoxin <yao_xin001@hoperun.com> - 2.4.13.2-1
|
|
|
|
|
- Update to 2.4.13.2 to fix CVE-2023-28625
|
|
|
|
|
|
2021-09-15 10:33:50 +08:00
|
|
|
* Wed Sep 15 2021 houyingchao <houyingchao@huawei.com> 2.4.9.4-1
|
|
|
|
|
- Upgrade to 2.4.9.4
|
|
|
|
|
- Fix CVE-2021-39191
|
|
|
|
|
|
2021-06-10 17:01:55 +08:00
|
|
|
* Thu Jun 10 2021 wangyue <wangyue92@huawei.com> 2.4.0.3-4
|
|
|
|
|
- Fix CVE-2021-20718
|
|
|
|
|
|
2021-02-19 15:48:32 +08:00
|
|
|
* Fri Feb 19 2021 wangxiao <wangxiao65@huawei.com> 2.4.0.3-3
|
|
|
|
|
- Fix CVE-2019-20479
|
|
|
|
|
|
2020-06-19 17:14:05 +08:00
|
|
|
* Fri Apr 24 2020 Captain Wei <captain.a.wei@gmail.com> 2.4.0.3-2
|
|
|
|
|
- Package init
|
