Bug#855591: marked as done (unblock libapache2-mod-auth-openidc/2.1.5-1)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Tue, 21 Feb 2017 22:56:12 +0000
with message-id <E1cgJLw-0004sz-RX@respighi.debian.org>
and subject line unblock libapache2-mod-auth-openidc
has caused the Debian Bug report #855591,
regarding unblock libapache2-mod-auth-openidc/2.1.5-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
855591: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855591
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: unblock libapache2-mod-auth-openidc/2.1.5-1
• From: Christoph Martin <martin@uni-mainz.de>
• Date: Mon, 20 Feb 2017 16:28:31 +0100
• Message-id: <[🔎] c7f5e804-1b62-d9cc-bdd4-2d215d907b71@uni-mainz.de>

Package: release.debian.org
Severity: important
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package libapache2-mod-auth-openidc

New upstream releases 2.1.4 and 2.1.5 are bugfix releases which mainly
fix the two security holes CVE-2017-6059 and CVE-2017-6062.

See attached debdiff

Christoph

-- 
============================================================================
Christoph Martin, Leiter Unix-Systeme
Zentrum für Datenverarbeitung, Uni-Mainz, Germany
 Anselm Franz von Bentzel-Weg 12, 55128 Mainz
 Telefon: +49(6131)3926337
 Instant-Messaging: Jabber: martin@jabber.uni-mainz.de
  (Siehe http://www.zdv.uni-mainz.de/4010.php)

diff -Nru libapache2-mod-auth-openidc-2.1.3/AUTHORS libapache2-mod-auth-openidc-2.1.5/AUTHORS
--- libapache2-mod-auth-openidc-2.1.3/AUTHORS	2016-10-27 16:23:12.000000000 +0200
+++ libapache2-mod-auth-openidc-2.1.5/AUTHORS	2017-01-30 20:26:39.000000000 +0100
@@ -31,3 +31,5 @@
 	Andy Curtis <https://github.com/asc1>
 	solsson	<https://github.com/solsson>
 	drdivano <https://github.com/drdivano>
+	AliceWonderMiscreations <https://github.com/AliceWonderMiscreations>
+	Wouter Hund <https://github.com/wouterhund>
diff -Nru libapache2-mod-auth-openidc-2.1.3/ChangeLog libapache2-mod-auth-openidc-2.1.5/ChangeLog
--- libapache2-mod-auth-openidc-2.1.3/ChangeLog	2016-12-13 18:25:06.000000000 +0100
+++ libapache2-mod-auth-openidc-2.1.5/ChangeLog	2017-01-30 20:06:45.000000000 +0100
@@ -1,3 +1,33 @@
+01/30/2017
+- security fix: scrub headers when `OIDCUnAuthAction pass` is used for an unauthenticated user
+- release 2.1.5
+
+01/29/2017
+- fix error message about passing id_token with session type client-cookie; mentioned in #220
+- bump to 2.1.5rc0
+
+01/25/2017
+- release 2.1.4
+
+01/18/2017
+- don't echo the query parameters on the error page when an invalid request is made to the Redirect URI; closes #212; thanks @LukasReschke
+
+01/14/2017
+- use dynamic memory buffer for writing HTTP call responses; solves curl/mpm-event interference; see #207
+- bump to 2.1.4rc1
+
+01/10/2017
+- don't crash when data is POST-ed to the redirect URL, it has just 1 POST parameter and it is not "response_mode"
+
+01/2/2017
+- remove trailing linebreaks from input in test-cmd tool
+- bump copyright year to 2017
+
+12/14/2016
+- support Libre SSL, see #205, thanks @AliceWonderMiscreations
+- update OIDC logout support to Front-Channel Logout 1.0 draft 01: http://openid.net/specs/openid-connect-frontchannel-1_0.html
+- bump to 2.1.4rc0
+
 12/13/2016
 - release 2.1.3
 
diff -Nru libapache2-mod-auth-openidc-2.1.3/configure libapache2-mod-auth-openidc-2.1.5/configure
--- libapache2-mod-auth-openidc-2.1.3/configure	2016-12-13 18:25:23.000000000 +0100
+++ libapache2-mod-auth-openidc-2.1.5/configure	2017-01-30 20:28:17.000000000 +0100
@@ -1,8 +1,8 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for mod_auth_openidc 2.1.3.
+# Generated by GNU Autoconf 2.69 for mod_auth_openidc 2.1.5.
 #
-# Report bugs to <hzandbelt@pingidentity.com>.
+# Report bugs to <hans.zandbelt@zmartzone.eu>.
 #
 #
 # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
@@ -266,7 +266,7 @@
     $as_echo "$0: be upgraded to zsh 4.3.4 or later."
   else
     $as_echo "$0: Please tell bug-autoconf@gnu.org and
-$0: hzandbelt@pingidentity.com about your system, including
+$0: hans.zandbelt@zmartzone.eu about your system, including
 $0: any error possibly output before this message. Then
 $0: install a modern shell, or manually run the script
 $0: under such a shell if you do have one."
@@ -579,9 +579,9 @@
 # Identity of this package.
 PACKAGE_NAME='mod_auth_openidc'
 PACKAGE_TARNAME='mod_auth_openidc'
-PACKAGE_VERSION='2.1.3'
-PACKAGE_STRING='mod_auth_openidc 2.1.3'
-PACKAGE_BUGREPORT='hzandbelt@pingidentity.com'
+PACKAGE_VERSION='2.1.5'
+PACKAGE_STRING='mod_auth_openidc 2.1.5'
+PACKAGE_BUGREPORT='hans.zandbelt@zmartzone.eu'
 PACKAGE_URL=''
 
 ac_subst_vars='LTLIBOBJS
@@ -626,7 +626,6 @@
 docdir
 oldincludedir
 includedir
-runstatedir
 localstatedir
 sharedstatedir
 sysconfdir
@@ -711,7 +710,6 @@
 sysconfdir='${prefix}/etc'
 sharedstatedir='${prefix}/com'
 localstatedir='${prefix}/var'
-runstatedir='${localstatedir}/run'
 includedir='${prefix}/include'
 oldincludedir='/usr/include'
 docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
@@ -964,15 +962,6 @@
   | -silent | --silent | --silen | --sile | --sil)
     silent=yes ;;
 
-  -runstatedir | --runstatedir | --runstatedi | --runstated \
-  | --runstate | --runstat | --runsta | --runst | --runs \
-  | --run | --ru | --r)
-    ac_prev=runstatedir ;;
-  -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
-  | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
-  | --run=* | --ru=* | --r=*)
-    runstatedir=$ac_optarg ;;
-
   -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
     ac_prev=sbindir ;;
   -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
@@ -1110,7 +1099,7 @@
 for ac_var in	exec_prefix prefix bindir sbindir libexecdir datarootdir \
 		datadir sysconfdir sharedstatedir localstatedir includedir \
 		oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
-		libdir localedir mandir runstatedir
+		libdir localedir mandir
 do
   eval ac_val=\$$ac_var
   # Remove trailing slashes.
@@ -1223,7 +1212,7 @@
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures mod_auth_openidc 2.1.3 to adapt to many kinds of systems.
+\`configure' configures mod_auth_openidc 2.1.5 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1263,7 +1252,6 @@
   --sysconfdir=DIR        read-only single-machine data [PREFIX/etc]
   --sharedstatedir=DIR    modifiable architecture-independent data [PREFIX/com]
   --localstatedir=DIR     modifiable single-machine data [PREFIX/var]
-  --runstatedir=DIR       modifiable per-process data [LOCALSTATEDIR/run]
   --libdir=DIR            object code libraries [EPREFIX/lib]
   --includedir=DIR        C header files [PREFIX/include]
   --oldincludedir=DIR     C header files for non-gcc [/usr/include]
@@ -1286,7 +1274,7 @@
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of mod_auth_openidc 2.1.3:";;
+     short | recursive ) echo "Configuration of mod_auth_openidc 2.1.5:";;
    esac
   cat <<\_ACEOF
 
@@ -1328,7 +1316,7 @@
 Use these variables to override the choices made by `configure' or to help
 it to find libraries and programs with nonstandard names/locations.
 
-Report bugs to <hzandbelt@pingidentity.com>.
+Report bugs to <hans.zandbelt@zmartzone.eu>.
 _ACEOF
 ac_status=$?
 fi
@@ -1391,7 +1379,7 @@
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-mod_auth_openidc configure 2.1.3
+mod_auth_openidc configure 2.1.5
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -1408,7 +1396,7 @@
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by mod_auth_openidc $as_me 2.1.3, which was
+It was created by mod_auth_openidc $as_me 2.1.5, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -1757,7 +1745,7 @@
 
 
 
-NAMEVER=mod_auth_openidc-2.1.3
+NAMEVER=mod_auth_openidc-2.1.5
 
 
 # This section defines the --with-apxs2 option.
@@ -3276,7 +3264,7 @@
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by mod_auth_openidc $as_me 2.1.3, which was
+This file was extended by mod_auth_openidc $as_me 2.1.5, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -3323,13 +3311,13 @@
 Configuration files:
 $config_files
 
-Report bugs to <hzandbelt@pingidentity.com>."
+Report bugs to <hans.zandbelt@zmartzone.eu>."
 
 _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-mod_auth_openidc config.status 2.1.3
+mod_auth_openidc config.status 2.1.5
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 
diff -Nru libapache2-mod-auth-openidc-2.1.3/configure.ac libapache2-mod-auth-openidc-2.1.5/configure.ac
--- libapache2-mod-auth-openidc-2.1.3/configure.ac	2016-12-13 18:25:06.000000000 +0100
+++ libapache2-mod-auth-openidc-2.1.5/configure.ac	2017-01-30 20:05:16.000000000 +0100
@@ -1,4 +1,4 @@
-AC_INIT([mod_auth_openidc],[2.1.3],[hzandbelt@pingidentity.com])
+AC_INIT([mod_auth_openidc],[2.1.5],[hans.zandbelt@zmartzone.eu])
 
 AC_SUBST(NAMEVER, AC_PACKAGE_TARNAME()-AC_PACKAGE_VERSION())
 
diff -Nru libapache2-mod-auth-openidc-2.1.3/debian/changelog libapache2-mod-auth-openidc-2.1.5/debian/changelog
--- libapache2-mod-auth-openidc-2.1.3/debian/changelog	2017-01-13 15:52:26.000000000 +0100
+++ libapache2-mod-auth-openidc-2.1.5/debian/changelog	2017-02-06 10:56:03.000000000 +0100
@@ -1,3 +1,12 @@
+libapache2-mod-auth-openidc (2.1.5-1) unstable; urgency=high
+
+  * Imported Upstream version 2.1.5
+    fixes two security issues:
+    https://github.com/pingidentity/mod_auth_openidc/issues/212
+    https://github.com/pingidentity/mod_auth_openidc/issues/222
+
+ -- Christoph Martin <martin@uni-mainz.de>  Mon, 06 Feb 2017 10:56:03 +0100
+
 libapache2-mod-auth-openidc (2.1.3-1) unstable; urgency=medium
 
   * Fix watch file
diff -Nru libapache2-mod-auth-openidc-2.1.3/DISCLAIMER libapache2-mod-auth-openidc-2.1.5/DISCLAIMER
--- libapache2-mod-auth-openidc-2.1.3/DISCLAIMER	2016-01-08 21:50:18.000000000 +0100
+++ libapache2-mod-auth-openidc-2.1.5/DISCLAIMER	2017-01-28 14:28:49.000000000 +0100
@@ -1,5 +1,5 @@
 /***************************************************************************
- * Copyright (C) 2014-2016 Ping Identity Corporation
+ * Copyright (C) 2014-2017 Ping Identity Corporation
  * All rights reserved.
  *
  *      Ping Identity Corporation
diff -Nru libapache2-mod-auth-openidc-2.1.3/README.md libapache2-mod-auth-openidc-2.1.5/README.md
--- libapache2-mod-auth-openidc-2.1.3/README.md	2016-11-19 13:46:48.000000000 +0100
+++ libapache2-mod-auth-openidc-2.1.5/README.md	2017-01-28 14:28:49.000000000 +0100
@@ -271,13 +271,16 @@
 There is a Google Group/mailing list at:  
   [mod_auth_openidc@googlegroups.com](mailto:mod_auth_openidc@googlegroups.com)  
 The corresponding forum/archive is at:  
-  https://groups.google.com/forum/#!forum/mod_auth_openidc
+  https://groups.google.com/forum/#!forum/mod_auth_openidc  
+For commercial support and consultancy you can contact:  
+  [info@zmartzone.eu](mailto:info@zmartzone.eu)  
+
+Any questions/issues should go to the mailing list, the Github issues tracker or the
+primary author [hans.zandbelt@zmartzone.eu](mailto:hans.zandbelt@zmartzone.eu)
 
 Disclaimer
 ----------
 
 *This software is open sourced by Ping Identity but not supported commercially
-as such. Any questions/issues should go to the mailing list, the Github issues
-tracker or the author [hzandbelt@pingidentity.com](mailto:hzandbelt@pingidentity.com)
-directly See also the DISCLAIMER file in this directory.*
-    
+by Ping Identity, see also the DISCLAIMER file in this directory. For commercial support
+you can contact [ZmartZone IAM](https://www.zmartzone.eu) as described above.*
diff -Nru libapache2-mod-auth-openidc-2.1.3/src/authz.c libapache2-mod-auth-openidc-2.1.5/src/authz.c
--- libapache2-mod-auth-openidc-2.1.3/src/authz.c	2016-09-05 22:16:39.000000000 +0200
+++ libapache2-mod-auth-openidc-2.1.5/src/authz.c	2017-01-28 14:28:49.000000000 +0100
@@ -18,7 +18,7 @@
  */
 
 /***************************************************************************
- * Copyright (C) 2013-2016 Ping Identity Corporation
+ * Copyright (C) 2013-2017 Ping Identity Corporation
  * All rights reserved.
  *
  * For further information please contact:
@@ -47,7 +47,7 @@
  *
  * mostly copied from mod_auth_cas
  *
- * @Author: Hans Zandbelt - hzandbelt@pingidentity.com
+ * @Author: Hans Zandbelt - hans.zandbelt@zmartzone.eu
  */
 
 #include <http_core.h>
diff -Nru libapache2-mod-auth-openidc-2.1.3/src/cache/cache.h libapache2-mod-auth-openidc-2.1.5/src/cache/cache.h
--- libapache2-mod-auth-openidc-2.1.3/src/cache/cache.h	2016-09-09 16:18:11.000000000 +0200
+++ libapache2-mod-auth-openidc-2.1.5/src/cache/cache.h	2017-01-28 14:28:49.000000000 +0100
@@ -18,7 +18,7 @@
  */
 
 /***************************************************************************
- * Copyright (C) 2013-2016 Ping Identity Corporation
+ * Copyright (C) 2013-2017 Ping Identity Corporation
  * All rights reserved.
  *
  * For further information please contact:
@@ -47,7 +47,7 @@
  *
  * mem_cache-like interface and semantics (string keys/values) using a storage backend
  *
- * @Author: Hans Zandbelt - hzandbelt@pingidentity.com
+ * @Author: Hans Zandbelt - hans.zandbelt@zmartzone.eu
  */
 
 #ifndef _MOD_AUTH_OPENIDC_CACHE_H_
diff -Nru libapache2-mod-auth-openidc-2.1.3/src/cache/file.c libapache2-mod-auth-openidc-2.1.5/src/cache/file.c
--- libapache2-mod-auth-openidc-2.1.3/src/cache/file.c	2016-10-27 16:23:12.000000000 +0200
+++ libapache2-mod-auth-openidc-2.1.5/src/cache/file.c	2017-01-28 14:28:49.000000000 +0100
@@ -18,7 +18,7 @@
  */
 
 /***************************************************************************
- * Copyright (C) 2013-2016 Ping Identity Corporation
+ * Copyright (C) 2013-2017 Ping Identity Corporation
  * All rights reserved.
  *
  * For further information please contact:
@@ -47,7 +47,7 @@
  *
  * caching using a file storage backend
  *
- * @Author: Hans Zandbelt - hzandbelt@pingidentity.com
+ * @Author: Hans Zandbelt - hans.zandbelt@zmartzone.eu
  */
 
 #include <apr_hash.h>
diff -Nru libapache2-mod-auth-openidc-2.1.3/src/cache/lock.c libapache2-mod-auth-openidc-2.1.5/src/cache/lock.c
--- libapache2-mod-auth-openidc-2.1.3/src/cache/lock.c	2016-01-08 21:50:18.000000000 +0100
+++ libapache2-mod-auth-openidc-2.1.5/src/cache/lock.c	2017-01-28 14:28:49.000000000 +0100
@@ -18,7 +18,7 @@
  */
 
 /***************************************************************************
- * Copyright (C) 2013-2016 Ping Identity Corporation
+ * Copyright (C) 2013-2017 Ping Identity Corporation
  * All rights reserved.
  *
  * For further information please contact:
@@ -47,7 +47,7 @@
  *
  * global lock implementation
  *
- * @Author: Hans Zandbelt - hzandbelt@pingidentity.com
+ * @Author: Hans Zandbelt - hans.zandbelt@zmartzone.eu
  */
 
 #ifndef WIN32
diff -Nru libapache2-mod-auth-openidc-2.1.3/src/cache/memcache.c libapache2-mod-auth-openidc-2.1.5/src/cache/memcache.c
--- libapache2-mod-auth-openidc-2.1.3/src/cache/memcache.c	2016-11-09 19:14:02.000000000 +0100
+++ libapache2-mod-auth-openidc-2.1.5/src/cache/memcache.c	2017-01-28 14:28:49.000000000 +0100
@@ -18,7 +18,7 @@
  */
 
 /***************************************************************************
- * Copyright (C) 2013-2016 Ping Identity Corporation
+ * Copyright (C) 2013-2017 Ping Identity Corporation
  * All rights reserved.
  *
  * For further information please contact:
@@ -47,7 +47,7 @@
  *
  * caching using a memcache backend
  *
- * @Author: Hans Zandbelt - hzandbelt@pingidentity.com
+ * @Author: Hans Zandbelt - hans.zandbelt@zmartzone.eu
  */
 
 #include "apr_general.h"
diff -Nru libapache2-mod-auth-openidc-2.1.3/src/cache/redis.c libapache2-mod-auth-openidc-2.1.5/src/cache/redis.c
--- libapache2-mod-auth-openidc-2.1.3/src/cache/redis.c	2016-09-09 16:18:11.000000000 +0200
+++ libapache2-mod-auth-openidc-2.1.5/src/cache/redis.c	2017-01-28 14:28:49.000000000 +0100
@@ -18,7 +18,7 @@
  */
 
 /***************************************************************************
- * Copyright (C) 2013-2016 Ping Identity Corporation
+ * Copyright (C) 2013-2017 Ping Identity Corporation
  * All rights reserved.
  *
  * For further information please contact:
@@ -47,7 +47,7 @@
  *
  * caching using a Redis backend
  *
- * @Author: Hans Zandbelt - hzandbelt@pingidentity.com
+ * @Author: Hans Zandbelt - hans.zandbelt@zmartzone.eu
  */
 
 #include "apr_general.h"
diff -Nru libapache2-mod-auth-openidc-2.1.3/src/cache/shm.c libapache2-mod-auth-openidc-2.1.5/src/cache/shm.c
--- libapache2-mod-auth-openidc-2.1.3/src/cache/shm.c	2016-09-09 16:18:11.000000000 +0200
+++ libapache2-mod-auth-openidc-2.1.5/src/cache/shm.c	2017-01-28 14:28:49.000000000 +0100
@@ -18,7 +18,7 @@
  */
 
 /***************************************************************************
- * Copyright (C) 2013-2016 Ping Identity Corporation
+ * Copyright (C) 2013-2017 Ping Identity Corporation
  * All rights reserved.
  *
  * For further information please contact:
@@ -48,7 +48,7 @@
  * caching using a shared memory backend, FIFO-style
  * based on mod_auth_mellon code
  *
- * @Author: Hans Zandbelt - hzandbelt@pingidentity.com
+ * @Author: Hans Zandbelt - hans.zandbelt@zmartzone.eu
  */
 
 #include <httpd.h>
diff -Nru libapache2-mod-auth-openidc-2.1.3/src/config.c libapache2-mod-auth-openidc-2.1.5/src/config.c
--- libapache2-mod-auth-openidc-2.1.3/src/config.c	2016-10-27 16:23:12.000000000 +0200
+++ libapache2-mod-auth-openidc-2.1.5/src/config.c	2017-01-28 14:28:49.000000000 +0100
@@ -18,7 +18,7 @@
  */
 
 /***************************************************************************
- * Copyright (C) 2013-2016 Ping Identity Corporation
+ * Copyright (C) 2013-2017 Ping Identity Corporation
  * All rights reserved.
  *
  * For further information please contact:
@@ -45,7 +45,7 @@
  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
- * @Author: Hans Zandbelt - hzandbelt@pingidentity.com
+ * @Author: Hans Zandbelt - hans.zandbelt@zmartzone.eu
  */
 
 #include <apr.h>
diff -Nru libapache2-mod-auth-openidc-2.1.3/src/jose.c libapache2-mod-auth-openidc-2.1.5/src/jose.c
--- libapache2-mod-auth-openidc-2.1.3/src/jose.c	2016-10-27 16:23:12.000000000 +0200
+++ libapache2-mod-auth-openidc-2.1.5/src/jose.c	2017-01-28 14:28:49.000000000 +0100
@@ -18,7 +18,7 @@
  */
 
 /***************************************************************************
- * Copyright (C) 2013-2016 Ping Identity Corporation
+ * Copyright (C) 2013-2017 Ping Identity Corporation
  * All rights reserved.
  *
  * For further information please contact:
@@ -47,7 +47,7 @@
  *
  * JSON Web Token handling
  *
- * @Author: Hans Zandbelt - hzandbelt@pingidentity.com
+ * @Author: Hans Zandbelt - hans.zandbelt@zmartzone.eu
  */
 
 #include <apr_base64.h>
@@ -1061,7 +1061,7 @@
 	}
 
 	const BIGNUM *rsa_n, *rsa_e, *rsa_d;
-#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L && !defined (LIBRESSL_VERSION_NUMBER)
 	RSA_get0_key(rsa, &rsa_n, &rsa_e, &rsa_d);
 #else
 	rsa_n = rsa->n;
diff -Nru libapache2-mod-auth-openidc-2.1.3/src/jose.h libapache2-mod-auth-openidc-2.1.5/src/jose.h
--- libapache2-mod-auth-openidc-2.1.3/src/jose.h	2016-10-27 16:23:12.000000000 +0200
+++ libapache2-mod-auth-openidc-2.1.5/src/jose.h	2017-01-28 14:28:49.000000000 +0100
@@ -18,7 +18,7 @@
  */
 
 /***************************************************************************
- * Copyright (C) 2013-2016 Ping Identity Corporation
+ * Copyright (C) 2013-2017 Ping Identity Corporation
  * All rights reserved.
  *
  * For further information please contact:
@@ -47,7 +47,7 @@
  *
  * JSON Object Signing and Encryption
  *
- * @Author: Hans Zandbelt - hzandbelt@pingidentity.com
+ * @Author: Hans Zandbelt - hans.zandbelt@zmartzone.eu
  */
 
 #ifndef MOD_AUTH_OPENIDC_JOSE_H_
diff -Nru libapache2-mod-auth-openidc-2.1.3/src/metadata.c libapache2-mod-auth-openidc-2.1.5/src/metadata.c
--- libapache2-mod-auth-openidc-2.1.3/src/metadata.c	2016-10-27 16:23:12.000000000 +0200
+++ libapache2-mod-auth-openidc-2.1.5/src/metadata.c	2017-01-28 14:28:49.000000000 +0100
@@ -18,7 +18,7 @@
  */
 
 /***************************************************************************
- * Copyright (C) 2013-2016 Ping Identity Corporation
+ * Copyright (C) 2013-2017 Ping Identity Corporation
  * All rights reserved.
  *
  * For further information please contact:
@@ -47,7 +47,7 @@
  *
  * OpenID Connect metadata handling routines, for both OP discovery and client registration
  *
- * @Author: Hans Zandbelt - hzandbelt@pingidentity.com
+ * @Author: Hans Zandbelt - hans.zandbelt@zmartzone.eu
  */
 
 #include <apr_hash.h>
@@ -535,7 +535,7 @@
 	json_object_set_new(data, "initiate_login_uri",
 			json_string(cfg->redirect_uri));
 
-	json_object_set_new(data, "logout_uri",
+	json_object_set_new(data, "frontchannel_logout_uri",
 			json_string(apr_psprintf(r->pool, "%s?logout=%s", cfg->redirect_uri,
 					OIDC_GET_STYLE_LOGOUT_PARAM_VALUE)));
 
diff -Nru libapache2-mod-auth-openidc-2.1.3/src/mod_auth_openidc.c libapache2-mod-auth-openidc-2.1.5/src/mod_auth_openidc.c
--- libapache2-mod-auth-openidc-2.1.3/src/mod_auth_openidc.c	2016-11-09 19:14:02.000000000 +0100
+++ libapache2-mod-auth-openidc-2.1.5/src/mod_auth_openidc.c	2017-01-30 20:01:47.000000000 +0100
@@ -18,7 +18,7 @@
  */
 
 /***************************************************************************
- * Copyright (C) 2013-2016 Ping Identity Corporation
+ * Copyright (C) 2013-2017 Ping Identity Corporation
  * All rights reserved.
  *
  * For further information please contact:
@@ -51,7 +51,7 @@
  * Other code copied/borrowed/adapted:
  * shared memory caching: mod_auth_mellon
  *
- * @Author: Hans Zandbelt - hzandbelt@pingidentity.com
+ * @Author: Hans Zandbelt - hans.zandbelt@zmartzone.eu
  *
  **************************************************************************/
 
@@ -130,6 +130,30 @@
 }
 
 /*
+ * scrub all mod_auth_openidc related headers
+ */
+static void oidc_scrub_headers(request_rec *r) {
+	oidc_cfg *cfg = ap_get_module_config(r->server->module_config,
+			&auth_openidc_module);
+
+	if (cfg->scrub_request_headers != 0) {
+
+		/* scrub all headers starting with OIDC_ first */
+		oidc_scrub_request_headers(r, OIDC_DEFAULT_HEADER_PREFIX,
+				oidc_cfg_dir_authn_header(r));
+
+		/*
+		 * then see if the claim headers need to be removed on top of that
+		 * (i.e. the prefix does not start with the default OIDC_)
+		 */
+		if ((strstr(cfg->claim_prefix, OIDC_DEFAULT_HEADER_PREFIX)
+				!= cfg->claim_prefix)) {
+			oidc_scrub_request_headers(r, cfg->claim_prefix, NULL);
+		}
+	}
+}
+
+/*
  * strip the session cookie from the headers sent to the application/backend
  */
 static void oidc_strip_cookies(request_rec *r) {
@@ -1260,21 +1284,7 @@
 	 * we're going to pass the information that we have to the application,
 	 * but first we need to scrub the headers that we're going to use for security reasons
 	 */
-	if (cfg->scrub_request_headers != 0) {
-
-		/* scrub all headers starting with OIDC_ first */
-		oidc_scrub_request_headers(r, OIDC_DEFAULT_HEADER_PREFIX,
-				oidc_cfg_dir_authn_header(r));
-
-		/*
-		 * then see if the claim headers need to be removed on top of that
-		 * (i.e. the prefix does not start with the default OIDC_)
-		 */
-		if ((strstr(cfg->claim_prefix, OIDC_DEFAULT_HEADER_PREFIX)
-				!= cfg->claim_prefix)) {
-			oidc_scrub_request_headers(r, cfg->claim_prefix, NULL);
-		}
-	}
+	oidc_scrub_headers(r);
 
 	/* set the user authentication HTTP header if set and required */
 	if ((r->user != NULL) && (authn_header != NULL))
@@ -1302,18 +1312,18 @@
 				OIDC_DEFAULT_HEADER_PREFIX, pass_headers, pass_envvars);
 	}
 
-	if (cfg->session_type != OIDC_SESSION_TYPE_CLIENT_COOKIE) {
-		if ((cfg->pass_idtoken_as & OIDC_PASS_IDTOKEN_AS_SERIALIZED)) {
+	if ((cfg->pass_idtoken_as & OIDC_PASS_IDTOKEN_AS_SERIALIZED)) {
+		if (cfg->session_type != OIDC_SESSION_TYPE_CLIENT_COOKIE) {
 			const char *s_id_token = NULL;
 			/* get the compact serialized JWT from the session */
 			oidc_session_get(r, session, OIDC_IDTOKEN_SESSION_KEY, &s_id_token);
 			/* pass the compact serialized JWT to the app in a header or environment variable */
 			oidc_util_set_app_info(r, "id_token", s_id_token,
 					OIDC_DEFAULT_HEADER_PREFIX, pass_headers, pass_envvars);
+		} else {
+			oidc_error(r,
+					"session type \"client-cookie\" does not allow storing/passing the id_token; use \"OIDCSessionType server-cache\" for that");
 		}
-	} else {
-		oidc_error(r,
-				"session type \"client-cookie\" does not allow storing/passing the id_token; use \"OIDCSessionType server-cache\" for that");
 	}
 
 	/* set the refresh_token in the app headers/variables, if enabled for this location/directory */
@@ -1846,6 +1856,7 @@
 	/* see if we've got any POST-ed data at all */
 	if ((apr_table_elts(params)->nelts < 1)
 			|| ((apr_table_elts(params)->nelts == 1)
+					&& apr_table_get(params, "response_mode")
 					&& (apr_strnatcmp(apr_table_get(params, "response_mode"),
 							"fragment") == 0))) {
 		return oidc_util_html_send_error(r, c->error_template,
@@ -2841,11 +2852,15 @@
 		oidc_handle_redirect_authorization_response(r, c, session);
 	}
 
+	oidc_error(r,
+			"The OpenID Connect callback URL received an invalid request: %s; returning HTTP_INTERNAL_SERVER_ERROR",
+			r->args);
+
 	/* something went wrong */
 	return oidc_util_html_send_error(r, c->error_template, "Invalid Request",
 			apr_psprintf(r->pool,
-					"The OpenID Connect callback URL received an invalid request: %s",
-					r->args), HTTP_INTERNAL_SERVER_ERROR);
+					"The OpenID Connect callback URL received an invalid request"),
+					HTTP_INTERNAL_SERVER_ERROR);
 }
 
 /*
@@ -2955,6 +2970,13 @@
 			return HTTP_UNAUTHORIZED;
 		case OIDC_UNAUTH_PASS:
 			r->user = "";
+
+			/*
+			 * we're not going to pass information about an authenticated user to the application,
+			 * but we do need to scrub the headers that mod_auth_openidc would set for security reasons
+			 */
+			oidc_scrub_headers(r);
+
 			return OK;
 		case OIDC_UNAUTH_AUTHENTICATE:
 			/* if this is a Javascript path we won't redirect the user and create a state cookie */
diff -Nru libapache2-mod-auth-openidc-2.1.3/src/mod_auth_openidc.h libapache2-mod-auth-openidc-2.1.5/src/mod_auth_openidc.h
--- libapache2-mod-auth-openidc-2.1.3/src/mod_auth_openidc.h	2016-12-13 18:25:06.000000000 +0100
+++ libapache2-mod-auth-openidc-2.1.5/src/mod_auth_openidc.h	2017-01-29 15:05:57.000000000 +0100
@@ -18,7 +18,7 @@
  */
 
 /***************************************************************************
- * Copyright (C) 2013-2016 Ping Identity Corporation
+ * Copyright (C) 2013-2017 Ping Identity Corporation
  * All rights reserved.
  *
  * For further information please contact:
@@ -45,7 +45,7 @@
  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
- * @Author: Hans Zandbelt - hzandbelt@pingidentity.com
+ * @Author: Hans Zandbelt - hans.zandbelt@zmartzone.eu
  */
 
 #ifndef MOD_AUTH_OPENIDC_H_
diff -Nru libapache2-mod-auth-openidc-2.1.3/src/oauth.c libapache2-mod-auth-openidc-2.1.5/src/oauth.c
--- libapache2-mod-auth-openidc-2.1.3/src/oauth.c	2016-10-20 14:09:24.000000000 +0200
+++ libapache2-mod-auth-openidc-2.1.5/src/oauth.c	2017-01-28 14:28:49.000000000 +0100
@@ -18,7 +18,7 @@
  */
 
 /***************************************************************************
- * Copyright (C) 2013-2016 Ping Identity Corporation
+ * Copyright (C) 2013-2017 Ping Identity Corporation
  * All rights reserved.
  *
  * For further information please contact:
@@ -45,7 +45,7 @@
  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
- * @Author: Hans Zandbelt - hzandbelt@pingidentity.com
+ * @Author: Hans Zandbelt - hans.zandbelt@zmartzone.eu
  */
 
 #include <apr_lib.h>
diff -Nru libapache2-mod-auth-openidc-2.1.3/src/parse.c libapache2-mod-auth-openidc-2.1.5/src/parse.c
--- libapache2-mod-auth-openidc-2.1.3/src/parse.c	2016-10-27 16:23:12.000000000 +0200
+++ libapache2-mod-auth-openidc-2.1.5/src/parse.c	2017-01-28 14:28:49.000000000 +0100
@@ -18,7 +18,7 @@
  */
 
 /***************************************************************************
- * Copyright (C) 2013-2016 Ping Identity Corporation
+ * Copyright (C) 2013-2017 Ping Identity Corporation
  * All rights reserved.
  *
  * For further information please contact:
@@ -47,7 +47,7 @@
  *
  * Validation and parsing of configuration values.
  *
- * @Author: Hans Zandbelt - hzandbelt@pingidentity.com
+ * @Author: Hans Zandbelt - hans.zandbelt@zmartzone.eu
  */
 
 #include <apr_base64.h>
diff -Nru libapache2-mod-auth-openidc-2.1.3/src/parse.h libapache2-mod-auth-openidc-2.1.5/src/parse.h
--- libapache2-mod-auth-openidc-2.1.3/src/parse.h	2016-10-27 16:23:12.000000000 +0200
+++ libapache2-mod-auth-openidc-2.1.5/src/parse.h	2017-01-28 14:28:49.000000000 +0100
@@ -18,7 +18,7 @@
  */
 
 /***************************************************************************
- * Copyright (C) 2013-2016 Ping Identity Corporation
+ * Copyright (C) 2013-2017 Ping Identity Corporation
  * All rights reserved.
  *
  * For further information please contact:
@@ -47,7 +47,7 @@
  *
  * Validation and parsing of configuration values.
  *
- * @Author: Hans Zandbelt - hzandbelt@pingidentity.com
+ * @Author: Hans Zandbelt - hans.zandbelt@zmartzone.eu
  */
 
 #ifndef MOD_AUTH_OPENIDC_PARSE_H_
diff -Nru libapache2-mod-auth-openidc-2.1.3/src/proto.c libapache2-mod-auth-openidc-2.1.5/src/proto.c
--- libapache2-mod-auth-openidc-2.1.3/src/proto.c	2016-11-19 13:46:48.000000000 +0100
+++ libapache2-mod-auth-openidc-2.1.5/src/proto.c	2017-01-28 14:28:49.000000000 +0100
@@ -18,7 +18,7 @@
  */
 
 /***************************************************************************
- * Copyright (C) 2013-2016 Ping Identity Corporation
+ * Copyright (C) 2013-2017 Ping Identity Corporation
  * All rights reserved.
  *
  * For further information please contact:
@@ -45,7 +45,7 @@
  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
- * @Author: Hans Zandbelt - hzandbelt@pingidentity.com
+ * @Author: Hans Zandbelt - hans.zandbelt@zmartzone.eu
  */
 
 #include <httpd.h>
diff -Nru libapache2-mod-auth-openidc-2.1.3/src/session.c libapache2-mod-auth-openidc-2.1.5/src/session.c
--- libapache2-mod-auth-openidc-2.1.3/src/session.c	2016-12-13 18:25:06.000000000 +0100
+++ libapache2-mod-auth-openidc-2.1.5/src/session.c	2017-01-28 14:28:49.000000000 +0100
@@ -18,7 +18,7 @@
  */
 
 /***************************************************************************
- * Copyright (C) 2013-2016 Ping Identity Corporation
+ * Copyright (C) 2013-2017 Ping Identity Corporation
  * All rights reserved.
  *
  * For further information please contact:
@@ -45,7 +45,7 @@
  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
- * @Author: Hans Zandbelt - hzandbelt@pingidentity.com
+ * @Author: Hans Zandbelt - hans.zandbelt@zmartzone.eu
  */
 
 #include <apr_base64.h>
diff -Nru libapache2-mod-auth-openidc-2.1.3/src/util.c libapache2-mod-auth-openidc-2.1.5/src/util.c
--- libapache2-mod-auth-openidc-2.1.3/src/util.c	2016-10-20 14:09:24.000000000 +0200
+++ libapache2-mod-auth-openidc-2.1.5/src/util.c	2017-01-28 14:28:49.000000000 +0100
@@ -18,7 +18,7 @@
  */
 
 /***************************************************************************
- * Copyright (C) 2013-2016 Ping Identity Corporation
+ * Copyright (C) 2013-2017 Ping Identity Corporation
  * All rights reserved.
  *
  * For further information please contact:
@@ -45,7 +45,7 @@
  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
- * @Author: Hans Zandbelt - hzandbelt@pingidentity.com
+ * @Author: Hans Zandbelt - hans.zandbelt@zmartzone.eu
  */
 
 #include <apr_strings.h>
@@ -449,28 +449,48 @@
 	return url;
 }
 
-/* maximum size of any response returned in HTTP calls */
-#define OIDC_CURL_MAX_RESPONSE_SIZE 65536
-
 /* buffer to hold HTTP call responses */
 typedef struct oidc_curl_buffer {
-	char buf[OIDC_CURL_MAX_RESPONSE_SIZE];
-	size_t written;
+	request_rec *r;
+	char *memory;
+	size_t size;
 } oidc_curl_buffer;
 
+/* maximum acceptable size of HTTP responses: 1 Mb */
+#define OIDC_CURL_MAX_RESPONSE_SIZE 1024 * 1024
+
 /*
  * callback for CURL to write bytes that come back from an HTTP call
  */
-size_t oidc_curl_write(const void *ptr, size_t size, size_t nmemb, void *stream) {
-	oidc_curl_buffer *curlBuffer = (oidc_curl_buffer *) stream;
+size_t oidc_curl_write(void *contents, size_t size, size_t nmemb, void *userp) {
+	size_t realsize = size * nmemb;
+	oidc_curl_buffer *mem = (oidc_curl_buffer *) userp;
+
+	/* check if we don't run over the maximum buffer/memory size for HTTP responses */
+	if (mem->size + realsize > OIDC_CURL_MAX_RESPONSE_SIZE) {
+		oidc_error(mem->r,
+				"HTTP response larger than maximum allowed size: current size=%ld, additional size=%ld, max=%d",
+				mem->size, realsize, OIDC_CURL_MAX_RESPONSE_SIZE);
+		return 0;
+	}
 
-	if ((nmemb * size) + curlBuffer->written >= OIDC_CURL_MAX_RESPONSE_SIZE)
+	/* allocate the new buffer for the current + new response bytes */
+	char *newptr = apr_palloc(mem->r->pool, mem->size + realsize + 1);
+	if (newptr == NULL) {
+		oidc_error(mem->r,
+				"memory allocation for new buffer of %ld bytes failed",
+				mem->size + realsize + 1);
 		return 0;
+	}
 
-	memcpy((curlBuffer->buf + curlBuffer->written), ptr, (nmemb * size));
-	curlBuffer->written += (nmemb * size);
+	/* copy over the data from current memory plus the cURL buffer */
+	memcpy(newptr, mem->memory, mem->size);
+	memcpy(&(newptr[mem->size]), contents, realsize);
+	mem->size += realsize;
+	mem->memory = newptr;
+	mem->memory[mem->size] = 0;
 
-	return (nmemb * size);
+	return realsize;
 }
 
 /* context structure for encoding parameters */
@@ -519,6 +539,9 @@
 		return FALSE;
 	}
 
+	/* set the error buffer as empty before performing a request */
+	curlError[0] = 0;
+
 	/* some of these are not really required */
 	curl_easy_setopt(curl, CURLOPT_HEADER, 0L);
 	curl_easy_setopt(curl, CURLOPT_NOPROGRESS, 1L);
@@ -531,10 +554,11 @@
 	curl_easy_setopt(curl, CURLOPT_TIMEOUT, timeout);
 
 	/* setup the buffer where the response will be written to */
-	curlBuffer.written = 0;
-	memset(curlBuffer.buf, '\0', sizeof(curlBuffer.buf));
-	curl_easy_setopt(curl, CURLOPT_WRITEDATA, &curlBuffer);
+	curlBuffer.r = r;
+	curlBuffer.memory = NULL;
+	curlBuffer.size = 0;
 	curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, oidc_curl_write);
+	curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void * )&curlBuffer);
 
 #ifndef LIBCURL_NO_CURLPROTO
 	curl_easy_setopt(curl, CURLOPT_REDIR_PROTOCOLS,
@@ -635,7 +659,8 @@
 	/* call it and record the result */
 	int rv = TRUE;
 	if (curl_easy_perform(curl) != CURLE_OK) {
-		oidc_error(r, "curl_easy_perform() failed on: %s (%s)", url, curlError);
+		oidc_error(r, "curl_easy_perform() failed on: %s (%s)", url,
+				curlError[0] ? curlError : "");
 		rv = FALSE;
 		goto out;
 	}
@@ -644,10 +669,10 @@
 	curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &response_code);
 	oidc_debug(r, "HTTP response code=%ld", response_code);
 
-	*response = apr_pstrndup(r->pool, curlBuffer.buf, curlBuffer.written);
+	*response = apr_pstrndup(r->pool, curlBuffer.memory, curlBuffer.size);
 
 	/* set and log the response */
-	oidc_debug(r, "response=%s", *response);
+	oidc_debug(r, "response=%s", *response ? *response : "");
 
 out:
 
diff -Nru libapache2-mod-auth-openidc-2.1.3/test/test.c libapache2-mod-auth-openidc-2.1.5/test/test.c
--- libapache2-mod-auth-openidc-2.1.3/test/test.c	2016-10-20 14:09:24.000000000 +0200
+++ libapache2-mod-auth-openidc-2.1.5/test/test.c	2017-01-28 14:28:49.000000000 +0100
@@ -18,7 +18,7 @@
  */
 
 /***************************************************************************
- * Copyright (C) 2013-2016 Ping Identity Corporation
+ * Copyright (C) 2013-2017 Ping Identity Corporation
  * All rights reserved.
  *
  * For further information please contact:
@@ -45,7 +45,7 @@
  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
- * @Author: Hans Zandbelt - hzandbelt@pingidentity.com
+ * @Author: Hans Zandbelt - hans.zandbelt@zmartzone.eu
  *
  **************************************************************************/
 
diff -Nru libapache2-mod-auth-openidc-2.1.3/test/test-cmd.c libapache2-mod-auth-openidc-2.1.5/test/test-cmd.c
--- libapache2-mod-auth-openidc-2.1.3/test/test-cmd.c	2016-11-09 19:14:02.000000000 +0100
+++ libapache2-mod-auth-openidc-2.1.5/test/test-cmd.c	2017-01-28 14:28:49.000000000 +0100
@@ -1,3 +1,54 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+/***************************************************************************
+ * Copyright (C) 2013-2017 Ping Identity Corporation
+ * All rights reserved.
+ *
+ * For further information please contact:
+ *
+ *      Ping Identity Corporation
+ *      1099 18th St Suite 2950
+ *      Denver, CO 80202
+ *      303.468.2900
+ *      http://www.pingidentity.com
+ *
+ * DISCLAIMER OF WARRANTIES:
+ *
+ * THE SOFTWARE PROVIDED HEREUNDER IS PROVIDED ON AN "AS IS" BASIS, WITHOUT
+ * ANY WARRANTIES OR REPRESENTATIONS EXPRESS, IMPLIED OR STATUTORY; INCLUDING,
+ * WITHOUT LIMITATION, WARRANTIES OF QUALITY, PERFORMANCE, NONINFRINGEMENT,
+ * MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.  NOR ARE THERE ANY
+ * WARRANTIES CREATED BY A COURSE OR DEALING, COURSE OF PERFORMANCE OR TRADE
+ * USAGE.  FURTHERMORE, THERE ARE NO WARRANTIES THAT THE SOFTWARE WILL MEET
+ * YOUR NEEDS OR BE FREE FROM ERRORS, OR THAT THE OPERATION OF THE SOFTWARE
+ * WILL BE UNINTERRUPTED.  IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * @Author: Hans Zandbelt - hans.zandbelt@zmartzone.eu
+ *
+ **************************************************************************/
+
 #include <stdio.h>
 #include <string.h>
 
@@ -47,6 +98,12 @@
 
 	(*rbuf)[bytes_read] = '\0';
 
+	bytes_read--;
+	while ((*rbuf)[bytes_read] == '\n') {
+		(*rbuf)[bytes_read] = '\0';
+		bytes_read --;
+	}
+
 	apr_file_close(fd);
 
 	return 0;

begin:vcard
fn:Christoph Martin
n:Martin;Christoph
org;quoted-printable;quoted-printable:Johannes Gutenberg-Universit=C3=A4t Mainz;Zentrum f=C3=BCr Datenverarbeitung
adr:;;Anselm Franz von Bentzel-Weg 12;Mainz;Rheinland-Pfalz;55128;Germany
email;internet:martin@uni-mainz.de
title:Leiter Unix-Systeme
tel;work:+49-6131-3926337
tel;fax:+49-6131-3926407
tel;cell:+49-179-7952652
x-mozilla-html:FALSE
version:2.1
end:vcard

Attachment: signature.asc
Description: OpenPGP digital signature

--- End Message ---

--- Begin Message ---

• To: 855591-done@bugs.debian.org
• Subject: unblock libapache2-mod-auth-openidc
• From: Emilio Pozuelo Monfort <pochu@respighi.debian.org>
• Date: Tue, 21 Feb 2017 22:56:12 +0000
• Message-id: <E1cgJLw-0004sz-RX@respighi.debian.org>

Unblocked.

--- End Message ---