Subject: CVS commit: pkgsrc/security/oath-toolkit
From: Stephen Borrill
Date: 2022-08-22 09:42:52
Message id: 20220822074252.B4FCCFB1A@cvs.NetBSD.org

Log Message:
oath-toolkit: update to 2.6.7

Changes since 2.4.1:

Version 2.6.7 (released 2021-05-01)

    pam_oath: Support variables in usersfile string parameter.  the
usersfile string in the pam_oath configuration file.  The placeholder values
allow the user credentials file to be stored in a file path that is relative
to the user, and mimics similar behavior found in
google-authenticator-libpam.

The motivation for these changes is to allow for non-privileged processes to
use pam_oath (e.g., for 2FA with xscreensaver).  Non-privileged and non-suid
programs are unable to use pam_oath.  These changes are a proposed
alternative to a suid helper binary as well.

Thanks to Jason Graham for the patch.  See
https://gitlab.com/oath-toolkit/oath-toolkit/-/merge_requests/12.

    doc: Fix project URL in man pages.  Thanks to Jason Graham
for the patch.  Fixes
https://gitlab.com/oath-toolkit/oath-toolkit/-/issues/19.

    build: Drop use of libxml's AM_PATH_XML2 in favor of pkg-config.

    build: Modernize autotools usage.  Most importantly, no longer use
-Werror with AM_INIT_AUTOMAKE to make rebuilding from source more safe with
future automake versions.

    Updated gnulib files.

Version 2.6.6 (released 2021-01-20)

    oathtool: Handle HOTP --counter values larger than 0x7FFFFFFFFFFFFFFF.
Thanks to Jason Lai for report.

    doc: GTK-DOC manual improvements.

    Updated gnulib files.  Fixes test-parse-datetime self-check.  Fixes
https://gitlab.com/oath-toolkit/oath-toolkit/-/issues/20.

Version 2.6.5 (released 2020-12-29)

    oathtool: Support for reading KEY and OTP from standard input or
filename.  KEY and OTP may now be given as - to mean stdin, or @FILE to read
from a particular file.  This is recommended on multi-user systems, since
secrets as command line parameters leak.  Based on a patch from Ian Jackson.
Fixes #6.

    pam_oath: Fix unlikely logic fail on out of memory conditions.  Patch
from Matthias Gerstner.

    Doc fixes.

Version 2.6.4 (released 2020-11-11)

    libpskc: New --with-xmlsec-crypto-engine to hard-code crypto engine.
Fixes https://gitlab.com/oath-toolkit/oath-toolkit/-/issues/16.  Use it like
--with-xmlsec-crypto-engine=gnutls or --with-xmlsec-crypto-engine=openssl if
the default dynamic loading fails because of runtime linker search path
issues.

    oathtool --totp --verbose now prints TOTP hash mode.  Fixes
https://gitlab.com/oath-toolkit/oath-toolkit/-/issues/4.

    oathtool: Hash names (e.g., SHA256) for --totp are now upper case.
Fixes https://gitlab.com/oath-toolkit/oath-toolkit/-/issues/3.  Lower/mixed
case hash names are supported for compatibility.

    pam_oath: Fail gracefully for missing users.  Fixes
https://savannah.nongnu.org/support/index.php?109111.  This allows you to
incrementally add support for OATH authentication instead of forcing it on
all users.  See updated pam_oath/README on the [user_unknown=ignore
success=ok] parameter that can now be supplied to PAM configuration.  Patch
by Antoine Beaupra

    Fix libpskc memory corruption bug.  Fixes
https://savannah.nongnu.org/support/?108736.  Thanks to David Woodhouse and
Jaroslav A karvada for report, self check and patch.

    Fix man pages.  Fixes https://savannah.nongnu.org/support/?108312.
Thanks to Jaroslav A karvada for the patch.

    Build fixes.

Version 2.6.3 (released 2020-11-07)

    pam_oath: Fix self-tests.

    build: Update gnulib. Fix compiler warnings.

    Doc fixes.

Version 2.6.2 (released 2016-08-27)

    doc: Version controlled source code repository moved to GitLab.

Version 2.6.1 (released 2015-07-31)

    liboath: Fix make check on 32-bit systems.  Report and patch by
Christian Hesse.

Version 2.6.0 (released 2015-05-19)

    liboath: Support TOTP with HMAC-SHA256 and HMAC-SHA512.  This adds new
APIs oath_totp_generate2, oath_totp_validate4 and
oath_totp_validate4_callback.

    oathtool: The --totp parameter now take an optional argument to specify
MAC.  For example use --totp=sha256 to use HMAC-SHA256.  When --totp is used
the default HMAC-SHA1 is used, as before.

    pam_oath: Mention in README that you shouldn???t use insecure keys.
Suggested by Robin.

    pam_oath: Check return value from strdup.  Patch by Eero Hakkinen.

    The files gdoc and expect.oath are now included in the tarball.
Suggested by Jaroslav A karvada.

Files:
RevisionActionfile
1.24modifypkgsrc/security/oath-toolkit/Makefile
1.6modifypkgsrc/security/oath-toolkit/PLIST
1.14modifypkgsrc/security/oath-toolkit/distinfo
1.4modifypkgsrc/security/oath-toolkit/patches/patch-liboath_gl_fflush.c
1.1addpkgsrc/security/oath-toolkit/options.mk
1.1addpkgsrc/security/oath-toolkit/patches/patch-pam__oath_Makefile.in
1.1addpkgsrc/security/oath-toolkit/patches/patch-pam__oath_configure.ac
1.1addpkgsrc/security/oath-toolkit/patches/patch-pam__oath_pam__modutil.c
1.1addpkgsrc/security/oath-toolkit/patches/patch-pam__oath_pam__modutil.h
1.1addpkgsrc/security/oath-toolkit/patches/patch-pam__oath_pam__oath.c
1.2removepkgsrc/security/oath-toolkit/patches/patch-liboath_gl_fseeko.c