FFe: Sync libapache2-mod-auth-openidc 1.5.5-1 (universe) from Debian testing (main)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libapache2-mod-auth-openidc (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Please sync libapache2-
Explanation of FeatureFreeze exception:
- fix builds/runs on big endian machines
- improved security:
- using HttpOnly on cookies
- prevent timing attacks
- check for open redirects
- fix cache initialization/
For more detail see: https:/
Changelog entries since current utopic version 1.5.3-1:
libapache2-
* use HttpOnly on cookies; set OIDCCookiePath to /
-- Hans Zandbelt <email address hidden> Tue, 26 Aug 2014 09:23:43 +0200
libapache2-
* changelog line was too long; correct/simplify watch file
-- Hans Zandbelt <email address hidden> Thu, 14 Aug 2014 15:51:02 +0200
libapache2-
* correct debian directory for wheezy/jessie; watch file check .orig.tar.gz
-- Hans Zandbelt <email address hidden> Thu, 14 Aug 2014 15:03:52 +0200
libapache2-
* fix big endian issue
-- Hans Zandbelt <email address hidden> Thu, 14 Aug 2014 12:59:11 +0200
libapache2-
* build/test on big endian arch
-- Hans Zandbelt <email address hidden> Sun, 3 Aug 2014 22:27:07 +0200
while we're at it: 1.6.0-1 that goes in to Debian testing now fixes an additional build dependency issue and some more security improvements