Skip to content

Commit 70b005c

Browse files
jonasbardinojonasbardino
authored
Point mod_auth_openidc to latest release if upgrade is requested (Rocky 8+9) (#95)
Point mod_auth_openidc to latest release if upgrade is requested with `UPGRADE_MOD_AUTH_OPENIDC`, in order to address a potential security issue (CVE-2025-31492) as described in the associated release notes at https://github.com/OpenIDC/mod_auth_openidc/releases/tag/v2.4.16.11 It does NOT sound like we are affected, since we don't adjust the mentioned `OIDCProviderAuthRequestMethod` setting in docker-migrid or migrid. Still, it may make sense to have the option to easily upgrade with the security fix and other recent bug fixes included. **NOTE**: we cannot generally upgrade on CentOS 7 as well, since upstream no longer provides the corresponding packages there without a commercial support contract.
2 parents 662415d + 5a1d042 commit 70b005c

File tree

2 files changed

+2
-2
lines changed

2 files changed

+2
-2
lines changed

Dockerfile.rocky8

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -579,7 +579,7 @@ RUN echo "UPGRADE_MOD_AUTH_OPENIDC: $UPGRADE_MOD_AUTH_OPENIDC"
579579
RUN if [ "$UPGRADE_MOD_AUTH_OPENIDC" = "True" ]; then \
580580
if [ -z "${UPGRADE_OIDC_AUTH_MOD_SRC}" ]; then \
581581
echo "upgrading mod_auth_openidc from upstream release package"; \
582-
UPGRADE_OIDC_AUTH_MOD_SRC="https://github.com/OpenIDC/mod_auth_openidc/releases/download/v2.4.16.5/mod_auth_openidc-2.4.16.5-1.el8.x86_64.rpm"; \
582+
UPGRADE_OIDC_AUTH_MOD_SRC="https://github.com/OpenIDC/mod_auth_openidc/releases/download/v2.4.16.11/mod_auth_openidc-2.4.16.11-1.el8.x86_64.rpm"; \
583583
else \
584584
echo "upgrading mod_auth_openidc from ${UPGRADE_OIDC_AUTH_MOD_SRC}"; \
585585
fi; \

Dockerfile.rocky9

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -538,7 +538,7 @@ RUN echo "UPGRADE_MOD_AUTH_OPENIDC: $UPGRADE_MOD_AUTH_OPENIDC"
538538
RUN if [ "$UPGRADE_MOD_AUTH_OPENIDC" = "True" ]; then \
539539
if [ -z "${UPGRADE_OIDC_AUTH_MOD_SRC}" ]; then \
540540
echo "upgrading mod_auth_openidc from upstream release package"; \
541-
UPGRADE_OIDC_AUTH_MOD_SRC="https://github.com/OpenIDC/mod_auth_openidc/releases/download/v2.4.16.5/mod_auth_openidc-2.4.16.5-1.el9.x86_64.rpm"; \
541+
UPGRADE_OIDC_AUTH_MOD_SRC="https://github.com/OpenIDC/mod_auth_openidc/releases/download/v2.4.16.11/mod_auth_openidc-2.4.16.11-1.el9.x86_64.rpm"; \
542542
else \
543543
echo "upgrading mod_auth_openidc from ${UPGRADE_OIDC_AUTH_MOD_SRC}"; \
544544
fi; \

0 commit comments

Comments
 (0)