./security/oath-toolkit, OATH (Open AuTHentication) Toolkit

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 2.4.1nb2, Package name: oath-toolkit-2.4.1nb2, Maintainer: pettai

The OATH Toolkit contains a shared library, command line tool and a PAM module
that makes it possible to build one-time password authentication systems.
Supported technologies include the event-based HOTP algorithm and the
time-based TOTP algorithm.
OATH is the Open AuTHentication organization which specify the algorithms.

Required to run:

Required to build:
[devel/automake] [pkgtools/cwrappers]

Master sites:

SHA1: b0ca4c5f89c12c550f7227123c2f21f45b2bf969
RMD160: d902ebef5b0468f383bcb15a9e8b0582011eb4ca
Filesize: 4039.696 KB

Version history: (Expand)

CVS history: (Expand)

   2016-03-05 12:29:49 by Jonathan Perkin | Files touched by this commit (1813) | Package updated
Log message:
Bump PKGREVISION for security/openssl ABI bump.
   2015-11-04 02:18:12 by Alistair G. Crooks | Files touched by this commit (434)
Log message:
Add SHA512 digests for distfiles for security category

Problems found locating distfiles:
	Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
	Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
	Package libidea: missing distfile libidea-0.8.2b.tar.gz
	Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
	Package uvscan: missing distfile vlp4510e.tar.Z

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
   2014-09-23 21:39:50 by Joerg Sonnenberger | Files touched by this commit (2)
Log message:
Sync PLIST with reality adding various man pages. Bump revision.
   2014-03-10 01:58:51 by Fredrik Pettai | Files touched by this commit (2) | Package updated
Log message:
Version 2.4.1 (released 2014-02-12)

* liboath: Fix usersfile bug that caused it to update the wrong line.
When an usersfile contain multiple lines for the same user but with an
unparseable token type (e.g., HOTP vs TOTP), the code would update the
wrong line of the file.  Since the then updated line could be a
commented out line, this can lead to the same OTP being accepted
multiple times which is a security vulnerability. CVE-2013-7322
CVs: ----------------------------------------------------------------------
   2014-02-13 00:18:57 by Matthias Scheler | Files touched by this commit (1568)
Log message:
Recursive PKGREVISION bump for OpenSSL API version bump.
   2014-01-05 22:41:37 by Thomas Klausner | Files touched by this commit (1) | Package updated
Log message:
Run autoreconf to avoid issues with automake version number mismatches.
Fixes build after automake-1.14.1 update.

Make automake a build dependency. Bump PKGREVISION.
   2014-01-01 12:52:43 by Thomas Klausner | Files touched by this commit (776)
Log message:
Recursive PKGREVISION bump for libgcrypt-1.6.0 shlib major bump.
   2013-09-14 09:46:33 by Fredrik Pettai | Files touched by this commit (3)
Log message:
Version 2.4.0 (released 2013-07-21)

* liboath: Add new API methods for validating TOTP OTPs
  The new methods (oath_totp_validate3 and oath_totp_validate3_callback)
  introduce a new parameter *otp_counter, which is set to the actual
  counter used to calculate the OTP (unless it is a NULL pointer). This
  allows for easier OTP replay detection in applications using liboath.
  Patch from Fabian Grünbichler <fabian.gruenbichler@tuwien.ac.at>.

Version 2.2.0 (released 2013-07-07)

* libpskc: Add functions for setting PSKC data.
  The new functions are pskc_add_keypackage and all pskc_set_* functions
  (see libpskc/include/pskc/keypackage.h).  This allow you to write
  programs that generate new PSKC structures.
* liboath: Permit different passwords for different tokens for the same user.
  Thanks to Christian Hesse <list@eworm.de>.
* build: Improve building from git with most recent automake and gengetopt.
  Thanks to Christian Hesse <list@eworm.de>.
* build: Valgrind is not enabled by default.
  It causes too much false positives.  For developers who want, use
  --enable-valgrind-tests.  It is still enabled by default when building
  from the version controlled sources (see cfg.mk).  Thanks to Christian
  Hesse <list@eworm.de>.
* liboath: Make header file usable from C++ (extern "C" guard).
  Reported by Alan Markus <alan.markus@gmail.com>.