Package: libapache2-mod-auth-openid / 0.8-6

Metadata

Package Version Patches format
libapache2-mod-auth-openid 0.8-6 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
01 destdir 0.5.diff | (download)

src/Makefile.am | 7 4 + 3 - 0 !
1 file changed, 4 insertions(+), 3 deletions(-)

 destdir-0.5

0002 Avoid doubling GET params.patch | (download)

src/mod_auth_openid.cpp | 31 20 + 11 - 0 !
1 file changed, 20 insertions(+), 11 deletions(-)

 avoid doubling get params

Before this changeset:

 a) mod_authopenid_method_handler() extracts the current request's GET
    parameters into an opkele::params_t object named params(), and
    (based on the presence of the openid_identifier parameter), decides
    to start_authentication_session() with that params object.

 b) in start_authentication_session(), we extract the full URL
    (including all the non-openid GET parameters) of the current request
    into return_to via full_uri(), and then append the params to it.

This results in a doubling of every non-openid GET parameter into the
return_to variable.

I don't understand why it's done this way, or what is gained from it.

This changeset avoids keeping the params in the return_to extraction
in (b), and seems to resolve the issue under this configuration.

See https://bugs.debian.org/634800 for further discussion.

0003 ldadd ldflags.diff | (download)

src/Makefile.am | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

 fix ldadd and ldflags