Path to this page:
Subject: CVS commit: pkgsrc/security/oath-toolkit
From: Stephen Borrill
Date: 2022-08-22 09:42:52
Message id: 20220822074252.B4FCCFB1A@cvs.NetBSD.org
Log Message:
oath-toolkit: update to 2.6.7
Changes since 2.4.1:
Version 2.6.7 (released 2021-05-01)
pam_oath: Support variables in usersfile string parameter. the
usersfile string in the pam_oath configuration file. The placeholder values
allow the user credentials file to be stored in a file path that is relative
to the user, and mimics similar behavior found in
google-authenticator-libpam.
The motivation for these changes is to allow for non-privileged processes to
use pam_oath (e.g., for 2FA with xscreensaver). Non-privileged and non-suid
programs are unable to use pam_oath. These changes are a proposed
alternative to a suid helper binary as well.
Thanks to Jason Graham for the patch. See
https://gitlab.com/oath-toolkit/oath-toolkit/-/merge_requests/12.
doc: Fix project URL in man pages. Thanks to Jason Graham
for the patch. Fixes
https://gitlab.com/oath-toolkit/oath-toolkit/-/issues/19.
build: Drop use of libxml's AM_PATH_XML2 in favor of pkg-config.
build: Modernize autotools usage. Most importantly, no longer use
-Werror with AM_INIT_AUTOMAKE to make rebuilding from source more safe with
future automake versions.
Updated gnulib files.
Version 2.6.6 (released 2021-01-20)
oathtool: Handle HOTP --counter values larger than 0x7FFFFFFFFFFFFFFF.
Thanks to Jason Lai for report.
doc: GTK-DOC manual improvements.
Updated gnulib files. Fixes test-parse-datetime self-check. Fixes
https://gitlab.com/oath-toolkit/oath-toolkit/-/issues/20.
Version 2.6.5 (released 2020-12-29)
oathtool: Support for reading KEY and OTP from standard input or
filename. KEY and OTP may now be given as - to mean stdin, or @FILE to read
from a particular file. This is recommended on multi-user systems, since
secrets as command line parameters leak. Based on a patch from Ian Jackson.
Fixes #6.
pam_oath: Fix unlikely logic fail on out of memory conditions. Patch
from Matthias Gerstner.
Doc fixes.
Version 2.6.4 (released 2020-11-11)
libpskc: New --with-xmlsec-crypto-engine to hard-code crypto engine.
Fixes https://gitlab.com/oath-toolkit/oath-toolkit/-/issues/16. Use it like
--with-xmlsec-crypto-engine=gnutls or --with-xmlsec-crypto-engine=openssl if
the default dynamic loading fails because of runtime linker search path
issues.
oathtool --totp --verbose now prints TOTP hash mode. Fixes
https://gitlab.com/oath-toolkit/oath-toolkit/-/issues/4.
oathtool: Hash names (e.g., SHA256) for --totp are now upper case.
Fixes https://gitlab.com/oath-toolkit/oath-toolkit/-/issues/3. Lower/mixed
case hash names are supported for compatibility.
pam_oath: Fail gracefully for missing users. Fixes
https://savannah.nongnu.org/support/index.php?109111. This allows you to
incrementally add support for OATH authentication instead of forcing it on
all users. See updated pam_oath/README on the [user_unknown=ignore
success=ok] parameter that can now be supplied to PAM configuration. Patch
by Antoine Beaupra
Fix libpskc memory corruption bug. Fixes
https://savannah.nongnu.org/support/?108736. Thanks to David Woodhouse and
Jaroslav A karvada for report, self check and patch.
Fix man pages. Fixes https://savannah.nongnu.org/support/?108312.
Thanks to Jaroslav A karvada for the patch.
Build fixes.
Version 2.6.3 (released 2020-11-07)
pam_oath: Fix self-tests.
build: Update gnulib. Fix compiler warnings.
Doc fixes.
Version 2.6.2 (released 2016-08-27)
doc: Version controlled source code repository moved to GitLab.
Version 2.6.1 (released 2015-07-31)
liboath: Fix make check on 32-bit systems. Report and patch by
Christian Hesse.
Version 2.6.0 (released 2015-05-19)
liboath: Support TOTP with HMAC-SHA256 and HMAC-SHA512. This adds new
APIs oath_totp_generate2, oath_totp_validate4 and
oath_totp_validate4_callback.
oathtool: The --totp parameter now take an optional argument to specify
MAC. For example use --totp=sha256 to use HMAC-SHA256. When --totp is used
the default HMAC-SHA1 is used, as before.
pam_oath: Mention in README that you shouldn???t use insecure keys.
Suggested by Robin.
pam_oath: Check return value from strdup. Patch by Eero Hakkinen.
The files gdoc and expect.oath are now included in the tarball.
Suggested by Jaroslav A karvada.
Files: