Recommended update for apache2-mod_auth_openidc, cjose, libjansson

Announcement ID: SUSE-RU-2019:2560-1
Rating: moderate
References:
Affected Products:
  • SUSE Linux Enterprise Desktop 12 SP4
  • SUSE Linux Enterprise High Performance Computing 12 SP4
  • SUSE Linux Enterprise Server 12 SP4
  • SUSE Linux Enterprise Server for SAP Applications 12 SP4
  • SUSE Linux Enterprise Software Development Kit 12 SP4

An update that contains one feature and has one fix can now be installed.

Description:

This update for apache2-mod_auth_openidc, cjose, libjansson fixes the following issues:

apache2-mod_auth_openidc is included in version 2.4.0.

It provides a OpenID connect provider module for Apache2.

Also cjose and libjansson were added or updated as dependencies.

cjose was included in version 0.6.1.

libjansson was updated to new upstream release 2.12 (bsc#1149232)

  • Bug fixes:

  • Fix error message in json_pack() for NULL object (#409).

  • Avoid invalid memory read in json_pack() (#421).
  • Call va_end after va_copy in json_vsprintf() (#427).
  • Improve handling of formats with '?' and '*' in json_pack() (#438).
  • Remove inappropriate jsonp_free() which caused segmentation fault in error handling (#444).

Update to new upstream release 2.11:

  • New features:

  • Add json_pack() format specifiers s, o and O* for values that can be omitted if null (#339).

  • Add json_error_code() to retrieve numeric error codes (#365, #380, #381).
  • Enable thread safety for json_dump() on all systems. Enable thread safe json_decref() and json_incref() for modern compilers (#389).
  • Add json_sprintf() and json_vsprintf() (#393).
  • Bug Fixes:
  • Fix incorrect report of success from json_dump_file() when an error is returned by fclose() (#359).
  • Make json_equal() const-correct (#344).
  • Fix incomplete stealing of references by json_pack() (#374)

Update to new upstream release 2.9:

  • New features:

  • Add JSON_EMBED encoding flag allowing arrays and objects to be encoded into existing streams (#329).

  • Add json_dumpb() function for dumping to a pre-allocated buffer (#328).
  • Add json_dumpfd() and json_loadfd() functions for dumping to streaming file descriptors (#328).
  • Add support for parsing buffers larger than 2GB (#309).

  • New features:

Add json_auto_t to automatically decref a value that goes out of scope. Available only on GCC and Clang. (#301)

Update to new upstream release 2.8:

  • New features:

  • Always preserve insertion order of object items. json_object_iter() and friends, json_object_foreach() and json_dumps() and friends now always work in the insertion order of object items (#293).

  • Add json_object_foreach_safe() macro that allows json_object_del() calls during iteration (#230).
  • Add json_get_alloc_funcs() to allow reading the allocation functions set by json_set_alloc_funcs() (#262, #264).
  • Add json_pack() format specifiers s?, o? and O? for values that can be null (#261, #270).

  • Bug fixes:

  • Fix a crash when parsing inputs consisting of very deeply nested arrays or objects (#282, #284).

  • Never convert numbers to integers in the parser when JSON_DECODE_INT_AS_REAL is set.
  • Fix a use-after-free in json_pack() error handling.
  • Fix subnormal number parsing on mingw32.
  • Handle out-of-memory situations gracefully in the hashtable implementation

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Software Development Kit 12 SP4
    zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2560=1
  • SUSE Linux Enterprise High Performance Computing 12 SP4
    zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2560=1
  • SUSE Linux Enterprise Server 12 SP4
    zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2560=1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP4
    zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2560=1

Package List:

  • SUSE Linux Enterprise Software Development Kit 12 SP4 (aarch64 ppc64le s390x x86_64)
    • libjansson-devel-2.12-3.5.1
    • libcjose-devel-0.6.1-3.6.1
    • libjansson-debugsource-2.12-3.5.1
  • SUSE Linux Enterprise High Performance Computing 12 SP4 (aarch64 x86_64)
    • libjansson4-2.12-3.5.1
    • libjansson-debugsource-2.12-3.5.1
    • libcjose0-debuginfo-0.6.1-3.6.1
    • apache2-mod_auth_openidc-2.4.0-3.4.2
    • libjansson4-debuginfo-2.12-3.5.1
    • libcjose0-0.6.1-3.6.1
    • apache2-mod_auth_openidc-debuginfo-2.4.0-3.4.2
    • apache2-mod_auth_openidc-debugsource-2.4.0-3.4.2
  • SUSE Linux Enterprise High Performance Computing 12 SP4 (aarch64)
    • cjose-debugsource-0.6.1-3.6.1
  • SUSE Linux Enterprise Server 12 SP4 (aarch64 ppc64le s390x x86_64)
    • libjansson4-2.12-3.5.1
    • libjansson-debugsource-2.12-3.5.1
    • libcjose0-debuginfo-0.6.1-3.6.1
    • apache2-mod_auth_openidc-2.4.0-3.4.2
    • libjansson4-debuginfo-2.12-3.5.1
    • libcjose0-0.6.1-3.6.1
    • apache2-mod_auth_openidc-debuginfo-2.4.0-3.4.2
    • apache2-mod_auth_openidc-debugsource-2.4.0-3.4.2
  • SUSE Linux Enterprise Server 12 SP4 (aarch64)
    • cjose-debugsource-0.6.1-3.6.1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64)
    • libjansson4-2.12-3.5.1
    • libjansson-debugsource-2.12-3.5.1
    • libcjose0-debuginfo-0.6.1-3.6.1
    • apache2-mod_auth_openidc-2.4.0-3.4.2
    • libjansson4-debuginfo-2.12-3.5.1
    • libcjose0-0.6.1-3.6.1
    • apache2-mod_auth_openidc-debuginfo-2.4.0-3.4.2
    • apache2-mod_auth_openidc-debugsource-2.4.0-3.4.2

References: