Sync from SUSE:SLFO:Main oath-toolkit revision 4e8426bdfa7149349d4fede822b87f72

This commit is contained in:
Adrian Schröter 2024-05-03 17:12:42 +02:00
commit 58a660ff2c
6 changed files with 463 additions and 0 deletions

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

BIN
oath-toolkit-2.6.7.tar.gz (Stored with Git LFS) Normal file

Binary file not shown.

Binary file not shown.

215
oath-toolkit.changes Normal file
View File

@ -0,0 +1,215 @@
-------------------------------------------------------------------
Tue Aug 2 20:39:41 UTC 2022 - Torsten Gruner <simmphonie@opensuse.org>
- Use %_pam_moduledir instead of hardcoding %{_lib}/security
- Define macro _pam_moduledir if not set to fix builds for Leap and SLE
-------------------------------------------------------------------
Thu Apr 21 09:52:55 UTC 2022 - Marcus Meissner <meissner@suse.com>
- url -> https
-------------------------------------------------------------------
Sun May 2 14:36:13 UTC 2021 - Martin Hauke <mardnh@gmx.de>
- Update to version 2.6.7
* pam_oath: Support variables in usersfile string parameter.
These changes introduce the ${USER} and ${HOME} placeholder
values for the usersfile string in the pam_oath configuration
file. The placeholder values allow the user credentials file
to be stored in a file path that is relative to the user, and
mimics similar behavior found in google-authenticator-libpam.
The motivation for these changes is to allow for
non-privileged processes to use pam_oath (e.g., for 2FA with
xscreensaver). Non-privileged and non-suid programs are
unable to use pam_oath. These changes are a proposed
alternative to a suid helper binary as well.
* doc: Fix project URL in man pages.
* build: Drop use of libxml's AM_PATH_XML2 in favor of pkg-config.
* build: Modernize autotools usage.
Most importantly, no longer use -Werror with AM_INIT_AUTOMAKE
to make rebuilding from source more safe with future automake
versions.
* Updated gnulib files.
-------------------------------------------------------------------
Wed Jan 20 21:40:44 UTC 2021 - Martin Hauke <mardnh@gmx.de>
- Update to version 2.6.6
* oathtool: Support for reading KEY and OTP from standard input
or filename. KEY and OTP may now be given as '-' to mean
stdin, or @FILE to read from a particular file. This is
recommended on multi-user systems, since secrets as command
line parameters leak.
* pam_oath: Fix unlikely logic fail on out of memory conditions.
-------------------------------------------------------------------
Tue Dec 29 11:58:14 UTC 2020 - Martin Hauke <mardnh@gmx.de>
- Update to version 2.6.5
* oathtool: Support for reading KEY and OTP from standard input
or filename.
KEY and OTP may now be given as '-' to mean stdin, or @FILE to
read from a particular file. This is recommended on multi-user
systems, since secrets as command line parameters leak.
* pam_oath: Fix unlikely logic fail on out of memory conditions.
* Doc fixes.
- Update to version 2.6.4
* libpskc: New --with-xmlsec-crypto-engine to hard-code crypto
engine. Use it like --with-xmlsec-crypto-engine=gnutls or
--with-xmlsec-crypto-engine=openssl if the default dynamic
loading fails because of runtime linker search path issues.
* oathtool --totp --verbose now prints TOTP hash mode.
* oathtool: Hash names (e.g., SHA256) for --totp are now upper
case. Lower/mixed case hash names are supported for
compatibility.
* pam_oath: Fail gracefully for missing users.
This allows you to incrementally add support for OATH
authentication instead of forcing it on all users.
* Fix libpskc memory corruption bug.
* Fix man pages.
* Build fixes.
- Update to version 2.6.3
* pam_oath: Fix self-tests.
- Drop not longer needed patches:
* 0001-Fix-no-return-in-nonvoid-function-errors-reported-by.patch
* 0003-pam_oath-assign-safe-default-to-alwaysok-config-memb.patch
* 0002-update_gnulibs_files.patch
* gnulib-libio.patch
- Use source verification
- Use proper source URLs
-------------------------------------------------------------------
Mon Aug 6 07:59:16 UTC 2018 - schwab@suse.de
- gnulib-libio.patch: Update gnulib for libio.h removal
-------------------------------------------------------------------
Thu Jul 5 17:00:51 UTC 2018 - matthias.gerstner@suse.com
- Add patch 0003-pam_oath-assign-safe-default-to-alwaysok-config-memb.patch:
- fix potential security issue in low memory situation (bsc#1089114)
-------------------------------------------------------------------
Sun May 20 21:40:32 UTC 2018 - julio@juliogonzalez.es
- Fix build for openSUSE Leap 42.2 and 42.3
-------------------------------------------------------------------
Wed Apr 18 07:32:43 UTC 2018 - jengelh@inai.de
- Trim/update descriptions. Fix RPM groups. Remove useless
--with-pic.
-------------------------------------------------------------------
Fri Apr 13 13:26:47 UTC 2018 - mpluskal@suse.com
- Run spe-cleaner
- Drop useless conditions
-------------------------------------------------------------------
Wed Apr 11 12:18:59 UTC 2018 - ncutler@suse.com
- bring License line into closer accordance with actual licenses
mentioned in the tarball
- split off xml/pskc/ directory/files from liboath0 into a separate
"oath-toolkit-xml" subpackage to prevent conflicts if two versions of the
liboath library were ever installed at the same time
-------------------------------------------------------------------
Wed Apr 11 11:26:36 UTC 2018 - ncutler@suse.com
- use %license instead of %doc to package license-related files
-------------------------------------------------------------------
Tue Jan 16 11:18:53 UTC 2018 - dmarcoux@posteo.de
- Add patch (last commit which changed source, not released in 2.6.2):
- 0002-update_gnulibs_files.patch
-------------------------------------------------------------------
Mon Aug 29 20:03:11 UTC 2016 - mardnh@gmx.de
- Update to Version 2.6.2
- no changes in upstream code
- Fix RPM groups for -devel packages
- build with libpskc on supported suse-versions
- Add patch:
- 0001-Fix-no-return-in-nonvoid-function-errors-reported-by.patch
-------------------------------------------------------------------
Wed Sep 9 14:31:24 UTC 2015 - t.gruner@katodev.de
- Update to Version 2.6.1 (released 2015-07-31)
- liboath: Fix 'make check' on 32-bit systems.
- Version 2.6.0 (released 2015-05-19)
- liboath: Support TOTP with HMAC-SHA256 and HMAC-SHA512.
This adds new APIs oath_totp_generate2, oath_totp_validate4 and
oath_totp_validate4_callback.
- oathtool: The --totp parameter now take an optional argument to specify MAC.
For example use --totp=sha256 to use HMAC-SHA256. When --totp is used
the default HMAC-SHA1 is used, as before.
- pam_oath: Mention in README that you shouldn't use insecure keys.
- pam_oath: Check return value from strdup.
- The files 'gdoc' and 'expect.oath' are now included in the tarball.
-------------------------------------------------------------------
Sat Jan 24 10:29:53 UTC 2015 - mardnh@gmx.de
- Update to version 2.4.1:
+ liboath: Fix usersfile bug that caused it to update the wrong line.
When an usersfile contain multiple lines for the same user but with an
unparseable token type (e.g., HOTP vs TOTP), the code would update the
wrong line of the file. Since the then updated line could be a
commented out line, this can lead to the same OTP being accepted
multiple times which is a security vulnerability. Reported by Bas van
Schaik <bas@sj-vs.net> and patch provided by Ilkka Virta
<itvirta@iki.fi>. CVE-2013-7322
-------------------------------------------------------------------
Fri Jul 11 18:14:17 UTC 2014 - darin@darins.net
- Ran through spec-cleaner
-------------------------------------------------------------------
Wed Oct 23 09:41:19 UTC 2013 - vuntz@opensuse.org
- Update to version 2.4.0:
+ liboath: Add new API methods for validating TOTP OTPs
- Changes from version 2.2.0:
+ libpskc: Add functions for setting PSKC data.
+ liboath: Permit different passwords for different tokens for
the same user.
+ liboath: Make header file usable from C++ (extern "C" guard).
+ build: Improve building from git with most recent automake and
gengetopt.
+ build: Valgrind is not enabled by default.
- Fix license: libraries are LGPL-2.1+ and everything else is
GPL-3.0+. Also properly package the COPYING files.
- Prepare build libpskc, hidden under a %{build_pskc} define:
+ Add libxml2-devel and pkgconfig(xmlsec1) BuildRequires.
+ Create libpskc0 and libpskc-devel subpackages.
+ Define %{build_pskc} to 0 since we don't have libxmlsec1 yet.
- Rework summaries and descriptions.
-------------------------------------------------------------------
Sat Jun 15 18:46:27 UTC 2013 - bwiedemann@suse.com
- Update to version 2.0.2
-------------------------------------------------------------------
Fri Feb 11 00:04:02 UTC 2011 - cristian.rodriguez@opensuse.org
- Update to version 1.4.6
-------------------------------------------------------------------
Sat Feb 5 18:41:54 UTC 2011 - cristian.rodriguez@opensuse.org
- Use libgcrypt for crypto
-------------------------------------------------------------------
Sat Feb 5 14:46:45 UTC 2011 - cristian.rodriguez@opensuse.org
- Initial version

23
oath-toolkit.keyring Normal file
View File

@ -0,0 +1,23 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mDMEXJLOtBYJKwYBBAHaRw8BAQdACIcrZIvhrxDBkK9fV+QlTmXxo2naObDuGtw5
8YaxlOu0JVNpbW9uIEpvc2Vmc3NvbiA8c2ltb25Aam9zZWZzc29uLm9yZz6IlgQT
FggAPgIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgBYhBLHSvRN1vst4TPT4xNc8
9jjFPAa+BQJezg00BQkDekmAAAoJENc89jjFPAa+7QMBAKyq5ZypvFOXgcwlNtQd
f6F+SP9LnCNSreQRYo4RxSwAAQD7A+O56xFPB1DIM74lpvaExNJFHbJXCIfFGifJ
ycR0A7gzBFySz3UWCSsGAQQB2kcPAQEHQLzCFcHHrKzVSPDDarZPYqn89H5TPaxw
cORgRg+4DagEiH4EGBYIACYCGyAWIQSx0r0Tdb7LeEz0+MTXPPY4xTwGvgUCXs4N
RwUJA3pI0gAKCRDXPPY4xTwGvgxBAQCyHr8nGeaoOAmhPPOGDObOoa6/Dps+WBpm
vFw8J/Z5AAEAtE/pypHisMHmF4cy5S/kHVzLZvfxaTAlGqtoZGHShAa4MwRcks+B
FgkrBgEEAdpHDwEBB0DsUwiDmnlwMSNoSF+ByvW0E6TVXou9PKDa9SpZvKghioj1
BBgWCAAmAhsCFiEEsdK9E3W+y3hM9PjE1zz2OMU8Br4FAl7ODUwFCQN6SMsAgXYg
BBkWCAAdFiEEo8ychwudMQq61M8vUXIrCP5HRaIFAlySz4EACgkQUXIrCP5HRaKn
TAEAoB+OWrHmYCK8Cjr1DgPUH7JnhPBmR2DbhR5jPRREEugA+gOMeWmL6GOpaPfK
YLcNhzw4ZnAlxSLY1wq1eANBpiQOCRDXPPY4xTwGvuQiAPwKnKAbzegaSATxN1cd
Fia4m80uJNFHMQL679WSBG3FIAEA8uLgxGud6SqFgIaFR4wrzrIgzVWqHxDuu56f
JSf/iAe4OARcks9qEgorBgEEAZdVAQUBAQdAMZUbpg1up2WOwPlQn3pPVaRMejyZ
nScmD7d5TRzHehwDAQgHiH4EGBYIACYCGwwWIQSx0r0Tdb7LeEz0+MTXPPY4xTwG
vgUCXs4NQAUJA3pI1gAKCRDXPPY4xTwGvu8QAP9Ln136hLt/yLfx4KYjBxPAdfd9
oRYd3xqWFBxNZmn+BgD/XZrhNaY3MEBV4yIx4ts6JT7dJfXGcbNjxK1T2BlXdQE=
=moUA
-----END PGP PUBLIC KEY BLOCK-----

199
oath-toolkit.spec Normal file
View File

@ -0,0 +1,199 @@
#
# spec file for package oath-toolkit
#
# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%{!?_pam_moduledir: %define _pam_moduledir /%{_lib}/security}
Name: oath-toolkit
Version: 2.6.7
Release: 0
Summary: Toolkit for one-time password authentication systems
License: GPL-3.0-or-later AND LGPL-2.1-or-later
Group: Productivity/Networking/Security
URL: https://www.nongnu.org/oath-toolkit/
Source: https://download-mirror.savannah.gnu.org/releases/%{name}/%{name}-%{version}.tar.gz
Source1: https://download-mirror.savannah.gnu.org/releases/%{name}/%{name}-%{version}.tar.gz.sig
Source99: %{name}.keyring
BuildRequires: bison
BuildRequires: gengetopt
BuildRequires: libgcrypt-devel
BuildRequires: libtool
BuildRequires: pam-devel
BuildRequires: pkgconfig
BuildRequires: pkgconfig(gtk-doc)
BuildRequires: pkgconfig(libxml-2.0)
BuildRequires: pkgconfig(xmlsec1)
%description
The OATH Toolkit makes it possible to build one-time password
authentication systems. It contains shared libraries, command line
tools and a PAM module. Supported technologies include the
event-based HOTP algorithm (RFC4226) and the time-based TOTP algorithm
(RFC6238). OATH stands for Open AuTHentication, which is the
organization that specify the algorithms. For managing secret key
files, the Portable Symmetric Key Container (PSKC) format described in
RFC6030 is supported.
%package -n pam_oath
Summary: PAM module for pluggable login authentication for OATH
License: GPL-3.0-or-later
Group: Productivity/Networking/Security
%description -n pam_oath
The OATH Toolkit makes it possible to build one-time password
authentication systems.
This subpackage contains a module to integrate OATH into PAM.
%package -n liboath0
Summary: Library for Open AuTHentication (OATH) HOTP support
License: LGPL-2.1-or-later
Group: System/Libraries
Requires: %{name}-xml >= %{version}
%description -n liboath0
The OATH Toolkit makes it possible to build one-time password
authentication systems. Supported technologies include the
event-based HOTP algorithm (RFC4226) and the time-based TOTP algorithm
(RFC6238).
%package xml
Summary: XML data files needed by liboath
License: GPL-3.0-or-later AND LGPL-2.1-or-later
Group: Productivity/Networking/Security
BuildArch: noarch
%description xml
The OATH Toolkit makes it possible to build one-time password
authentication systems. It contains shared libraries, command line
tools and a PAM module. Supported technologies include the
event-based HOTP algorithm (RFC4226) and the time-based TOTP algorithm
(RFC6238). OATH stands for Open AuTHentication, which is the
organization that specify the algorithms. For managing secret key
files, the Portable Symmetric Key Container (PSKC) format described in
RFC6030 is supported.
%package -n liboath-devel
Summary: Development files for the Open AuTHentication (OATH) HOTP support library
License: LGPL-2.1-or-later
Group: Development/Libraries/C and C++
Requires: glibc-devel
Requires: liboath0 = %{version}
%description -n liboath-devel
The OATH Toolkit makes it possible to build one-time password
authentication systems.
This subpackage contains the header files for the HOTP/TOTP library.
%package -n libpskc0
Summary: Library for Portable Symmetric Key Container
License: LGPL-2.1-or-later
Group: System/Libraries
%description -n libpskc0
The OATH Toolkit makes it possible to build one-time password
authentication systems.
For managing secret key files, the Portable Symmetric Key Container
(PSKC) format described in RFC6030 is supported.
%package -n libpskc-devel
Summary: Development files for the Portable Symmetric Key Container library
License: LGPL-2.1-or-later
Group: Development/Libraries/C and C++
Requires: glibc-devel
Requires: libpskc0 = %{version}
%description -n libpskc-devel
The OATH Toolkit makes it possible to build one-time password
authentication systems.
For managing secret key files, the Portable Symmetric Key Container
(PSKC) format described in RFC6030 is supported.
This subpackage contains the headers for this library.
%prep
%setup -q
%build
autoreconf -fiv
%configure \
--with-pam-dir=%{_pam_moduledir} \
--with-libgcrypt \
--disable-silent-rules \
--disable-static
# Only SLE and openSUSE >= 15.0 are using rpm >= 4.12
# See https://en.opensuse.org/openSUSE:Build_system_recipes#automake
%if 0%{?sle_version} >= 150000
%make_build
%else
make %{?_smp_mflags}
%endif
%install
%make_install
mv COPYING COPYING.summary
find %{buildroot} -type f -name "*.la" -delete -print
%post -n liboath0 -p /sbin/ldconfig
%postun -n liboath0 -p /sbin/ldconfig
%post -n libpskc0 -p /sbin/ldconfig
%postun -n libpskc0 -p /sbin/ldconfig
%files
%license COPYING.summary
%doc ChangeLog NEWS README
%license oathtool/COPYING
%{_bindir}/oathtool
%{_mandir}/man1/oathtool.*
%{_bindir}/pskctool
%{_mandir}/man1/pskctool.*
%files -n pam_oath
%doc pam_oath/README
%license pam_oath/COPYING
%{_pam_moduledir}/pam_oath.so
%files -n liboath0
%license liboath/COPYING
%{_libdir}/liboath.so.*
%files xml
%{_datadir}/xml/pskc/
%files -n liboath-devel
%{_libdir}/liboath.so
%{_includedir}/liboath/
%{_libdir}/pkgconfig/liboath.pc
%doc %{_datadir}/gtk-doc/html/liboath
%{_mandir}/man3/oath_*
%files -n libpskc0
# there's no COPYING for libpskc, but it's LGPL, like liboath
%doc libpskc/README
%license liboath/COPYING
%{_libdir}/libpskc.so.*
%files -n libpskc-devel
%{_libdir}/libpskc.so
%{_includedir}/pskc/
%{_libdir}/pkgconfig/libpskc.pc
%doc %{_datadir}/gtk-doc/html/libpskc
%{_mandir}/man3/pskc_*
%changelog