Accepting request 859201 from home:mnhauke

- Update to version 2.6.5
  * oathtool: Support for reading KEY and OTP from standard input
    or filename.
    KEY and OTP may now be given as '-' to mean stdin, or @FILE to
    read from a particular file.  This is recommended on multi-user
    systems, since secrets as command line parameters leak.
  * pam_oath: Fix unlikely logic fail on out of memory conditions.
  * Doc fixes.
- Update to version 2.6.4
  * libpskc: New --with-xmlsec-crypto-engine to hard-code crypto
    engine.  Use it like --with-xmlsec-crypto-engine=gnutls or
    --with-xmlsec-crypto-engine=openssl if the default dynamic
    loading fails because of runtime linker search path issues.
  * oathtool --totp --verbose now prints TOTP hash mode.
  * oathtool: Hash names (e.g., SHA256) for --totp are now upper
    case.  Lower/mixed case hash names are supported for
    compatibility.
  * pam_oath: Fail gracefully for missing users.
    This allows you to incrementally add support for OATH
    authentication instead of forcing it on all users.
  * Fix libpskc memory corruption bug.
  * Fix man pages.
  * Build fixes.
- Update to version 2.6.3
  * pam_oath: Fix self-tests.
- Drop not longer needed patches:
  * 0001-Fix-no-return-in-nonvoid-function-errors-reported-by.patch
  * 0003-pam_oath-assign-safe-default-to-alwaysok-config-memb.patch
  * 0002-update_gnulibs_files.patch
  * gnulib-libio.patch

OBS-URL: https://build.opensuse.org/request/show/859201
OBS-URL: https://build.opensuse.org/package/show/security/oath-toolkit?expand=0&rev=25
This commit is contained in:
Torsten Gruner 2020-12-30 14:07:02 +00:00 committed by Git OBS Bridge
parent 3760c6fe0b
commit 180aeeec77
10 changed files with 68 additions and 9258 deletions

View File

@ -1,39 +0,0 @@
From ff24ad44384433611fabaa9ae9ba8ac1418fb2df Mon Sep 17 00:00:00 2001
From: Martin Hauke <mardnh@gmx.de>
Date: Mon, 29 Aug 2016 22:26:43 +0200
Subject: [PATCH] Fix no-return-in-nonvoid-function errors reported by RPM
postbuild check
I: Program returns random data in a function
E: oath-toolkit no-return-in-nonvoid-function pskcverify.c:43
E: oath-toolkit no-return-in-nonvoid-function serialno.c:45
---
libpskc/examples/pskcverify.c | 2 ++
libpskc/examples/serialno.c | 2 ++
2 files changed, 4 insertions(+)
diff --git a/libpskc/examples/pskcverify.c b/libpskc/examples/pskcverify.c
index 76e1b4d..4e6a2cc 100644
--- a/libpskc/examples/pskcverify.c
+++ b/libpskc/examples/pskcverify.c
@@ -40,4 +40,6 @@ main (int argc, const char *argv[])
pskc_done (container);
pskc_global_done ();
+
+ return 0;
}
diff --git a/libpskc/examples/serialno.c b/libpskc/examples/serialno.c
index 7682adb..420cab5 100644
--- a/libpskc/examples/serialno.c
+++ b/libpskc/examples/serialno.c
@@ -42,4 +42,6 @@ main (int argc, const char *argv[])
pskc_done (container);
pskc_global_done ();
+
+ return 0;
}
--
2.6.6

File diff suppressed because it is too large Load Diff

View File

@ -1,32 +0,0 @@
From 70722be5a76d28df8ebbf8a706c6346c57cebb62 Mon Sep 17 00:00:00 2001
From: Matthias Gerstner <matthias.gerstner@suse.de>
Date: Thu, 5 Jul 2018 18:39:48 +0200
Subject: [PATCH] pam_oath: assign safe default to alwaysok config member
The way this was before allowed for the PAM authentication to
potentially succeed when the first `goto done` line is hit. If the
undefined data behind alwaysok is non-zero (which is quite probable)
this would happen.
In theory a local attacker could try to exhaust memory just enough to
hit this spot and get e.g. root access.
---
pam_oath/pam_oath.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/pam_oath/pam_oath.c b/pam_oath/pam_oath.c
index 57fd33c..cfc3331 100644
--- a/pam_oath/pam_oath.c
+++ b/pam_oath/pam_oath.c
@@ -146,6 +146,8 @@ pam_sm_authenticate (pam_handle_t * pamh,
char *query_prompt = NULL;
char *onlypasswd = strdup (""); /* empty passwords never match */
+ cfg.alwaysok = false; /* make sure this gets a safe default */
+
if (!onlypasswd)
{
retval = PAM_BUF_ERR;
--
2.16.4

View File

@ -1,119 +0,0 @@
2018-03-05 Paul Eggert <eggert@cs.ucla.edu>
fflush: adjust to glibc 2.28 libio.h removal
Problem reported by Daniel P. Berrangé in:
https://lists.gnu.org/r/bug-gnulib/2018-03/msg00000.html
* lib/fbufmode.c (fbufmode):
* lib/fflush.c (clear_ungetc_buffer_preserving_position)
(disable_seek_optimization, rpl_fflush):
* lib/fpending.c (__fpending):
* lib/fpurge.c (fpurge):
* lib/freadable.c (freadable):
* lib/freadahead.c (freadahead):
* lib/freading.c (freading):
* lib/freadptr.c (freadptr):
* lib/freadseek.c (freadptrinc):
* lib/fseeko.c (fseeko):
* lib/fseterr.c (fseterr):
* lib/fwritable.c (fwritable):
* lib/fwriting.c (fwriting):
Check _IO_EOF_SEEN instead of _IO_ftrylockfile.
* lib/stdio-impl.h (_IO_IN_BACKUP) [_IO_EOF_SEEN]:
Define if not already defined.
Index: oath-toolkit-2.6.2/liboath/gl/fflush.c
===================================================================
--- oath-toolkit-2.6.2.orig/liboath/gl/fflush.c
+++ oath-toolkit-2.6.2/liboath/gl/fflush.c
@@ -33,7 +33,7 @@
#undef fflush
-#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
+#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
/* Clear the stream's ungetc buffer, preserving the value of ftello (fp). */
static void
@@ -72,7 +72,7 @@ clear_ungetc_buffer (FILE *fp)
#endif
-#if ! (defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */)
+#if ! (defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */)
# if (defined __sferror || defined __DragonFly__ || defined __ANDROID__) && defined __SNPT
/* FreeBSD, NetBSD, OpenBSD, DragonFly, Mac OS X, Cygwin, Android */
@@ -148,7 +148,7 @@ rpl_fflush (FILE *stream)
if (stream == NULL || ! freading (stream))
return fflush (stream);
-#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
+#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
clear_ungetc_buffer_preserving_position (stream);
Index: oath-toolkit-2.6.2/liboath/gl/fpurge.c
===================================================================
--- oath-toolkit-2.6.2.orig/liboath/gl/fpurge.c
+++ oath-toolkit-2.6.2/liboath/gl/fpurge.c
@@ -62,7 +62,7 @@ fpurge (FILE *fp)
/* Most systems provide FILE as a struct and the necessary bitmask in
<stdio.h>, because they need it for implementing getc() and putc() as
fast macros. */
-# if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
+# if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
fp->_IO_read_end = fp->_IO_read_ptr;
fp->_IO_write_ptr = fp->_IO_write_base;
/* Avoid memory leak when there is an active ungetc buffer. */
Index: oath-toolkit-2.6.2/liboath/gl/freading.c
===================================================================
--- oath-toolkit-2.6.2.orig/liboath/gl/freading.c
+++ oath-toolkit-2.6.2/liboath/gl/freading.c
@@ -31,7 +31,7 @@ freading (FILE *fp)
/* Most systems provide FILE as a struct and the necessary bitmask in
<stdio.h>, because they need it for implementing getc() and putc() as
fast macros. */
-# if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
+# if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
return ((fp->_flags & _IO_NO_WRITES) != 0
|| ((fp->_flags & (_IO_NO_READS | _IO_CURRENTLY_PUTTING)) == 0
&& fp->_IO_read_base != NULL));
Index: oath-toolkit-2.6.2/liboath/gl/fseeko.c
===================================================================
--- oath-toolkit-2.6.2.orig/liboath/gl/fseeko.c
+++ oath-toolkit-2.6.2/liboath/gl/fseeko.c
@@ -47,7 +47,7 @@ fseeko (FILE *fp, off_t offset, int when
#endif
/* These tests are based on fpurge.c. */
-#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
+#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
if (fp->_IO_read_end == fp->_IO_read_ptr
&& fp->_IO_write_ptr == fp->_IO_write_base
&& fp->_IO_save_base == NULL)
@@ -123,7 +123,7 @@ fseeko (FILE *fp, off_t offset, int when
return -1;
}
-#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
+#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
fp->_flags &= ~_IO_EOF_SEEN;
fp->_offset = pos;
#elif defined __sferror || defined __DragonFly__ || defined __ANDROID__
Index: oath-toolkit-2.6.2/liboath/gl/stdio-impl.h
===================================================================
--- oath-toolkit-2.6.2.orig/liboath/gl/stdio-impl.h
+++ oath-toolkit-2.6.2/liboath/gl/stdio-impl.h
@@ -18,6 +18,12 @@
the same implementation of stdio extension API, except that some fields
have different naming conventions, or their access requires some casts. */
+/* Glibc 2.28 made _IO_IN_BACKUP private. For now, work around this
+ problem by defining it ourselves. FIXME: Do not rely on glibc
+ internals. */
+#if !defined _IO_IN_BACKUP && defined _IO_EOF_SEEN
+# define _IO_IN_BACKUP 0x100
+#endif
/* BSD stdio derived implementations. */

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:b03446fa4b549af5ebe4d35d7aba51163442d255660558cd861ebce536824aa0
size 4295786

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:d207120c7e7fdd540142d04ca06d83fb3277c8f2fb794a74535d04b2aa0ec219
size 5477292

Binary file not shown.

View File

@ -1,3 +1,39 @@
-------------------------------------------------------------------
Tue Dec 29 11:58:14 UTC 2020 - Martin Hauke <mardnh@gmx.de>
- Update to version 2.6.5
* oathtool: Support for reading KEY and OTP from standard input
or filename.
KEY and OTP may now be given as '-' to mean stdin, or @FILE to
read from a particular file. This is recommended on multi-user
systems, since secrets as command line parameters leak.
* pam_oath: Fix unlikely logic fail on out of memory conditions.
* Doc fixes.
- Update to version 2.6.4
* libpskc: New --with-xmlsec-crypto-engine to hard-code crypto
engine. Use it like --with-xmlsec-crypto-engine=gnutls or
--with-xmlsec-crypto-engine=openssl if the default dynamic
loading fails because of runtime linker search path issues.
* oathtool --totp --verbose now prints TOTP hash mode.
* oathtool: Hash names (e.g., SHA256) for --totp are now upper
case. Lower/mixed case hash names are supported for
compatibility.
* pam_oath: Fail gracefully for missing users.
This allows you to incrementally add support for OATH
authentication instead of forcing it on all users.
* Fix libpskc memory corruption bug.
* Fix man pages.
* Build fixes.
- Update to version 2.6.3
* pam_oath: Fix self-tests.
- Drop not longer needed patches:
* 0001-Fix-no-return-in-nonvoid-function-errors-reported-by.patch
* 0003-pam_oath-assign-safe-default-to-alwaysok-config-memb.patch
* 0002-update_gnulibs_files.patch
* gnulib-libio.patch
- Use source verification
- Use proper source URLs
-------------------------------------------------------------------
Mon Aug 6 07:59:16 UTC 2018 - schwab@suse.de

23
oath-toolkit.keyring Normal file
View File

@ -0,0 +1,23 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mDMEXJLOtBYJKwYBBAHaRw8BAQdACIcrZIvhrxDBkK9fV+QlTmXxo2naObDuGtw5
8YaxlOu0JVNpbW9uIEpvc2Vmc3NvbiA8c2ltb25Aam9zZWZzc29uLm9yZz6IlgQT
FggAPgIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgBYhBLHSvRN1vst4TPT4xNc8
9jjFPAa+BQJezg00BQkDekmAAAoJENc89jjFPAa+7QMBAKyq5ZypvFOXgcwlNtQd
f6F+SP9LnCNSreQRYo4RxSwAAQD7A+O56xFPB1DIM74lpvaExNJFHbJXCIfFGifJ
ycR0A7gzBFySz3UWCSsGAQQB2kcPAQEHQLzCFcHHrKzVSPDDarZPYqn89H5TPaxw
cORgRg+4DagEiH4EGBYIACYCGyAWIQSx0r0Tdb7LeEz0+MTXPPY4xTwGvgUCXs4N
RwUJA3pI0gAKCRDXPPY4xTwGvgxBAQCyHr8nGeaoOAmhPPOGDObOoa6/Dps+WBpm
vFw8J/Z5AAEAtE/pypHisMHmF4cy5S/kHVzLZvfxaTAlGqtoZGHShAa4MwRcks+B
FgkrBgEEAdpHDwEBB0DsUwiDmnlwMSNoSF+ByvW0E6TVXou9PKDa9SpZvKghioj1
BBgWCAAmAhsCFiEEsdK9E3W+y3hM9PjE1zz2OMU8Br4FAl7ODUwFCQN6SMsAgXYg
BBkWCAAdFiEEo8ychwudMQq61M8vUXIrCP5HRaIFAlySz4EACgkQUXIrCP5HRaKn
TAEAoB+OWrHmYCK8Cjr1DgPUH7JnhPBmR2DbhR5jPRREEugA+gOMeWmL6GOpaPfK
YLcNhzw4ZnAlxSLY1wq1eANBpiQOCRDXPPY4xTwGvuQiAPwKnKAbzegaSATxN1cd
Fia4m80uJNFHMQL679WSBG3FIAEA8uLgxGud6SqFgIaFR4wrzrIgzVWqHxDuu56f
JSf/iAe4OARcks9qEgorBgEEAZdVAQUBAQdAMZUbpg1up2WOwPlQn3pPVaRMejyZ
nScmD7d5TRzHehwDAQgHiH4EGBYIACYCGwwWIQSx0r0Tdb7LeEz0+MTXPPY4xTwG
vgUCXs4NQAUJA3pI1gAKCRDXPPY4xTwGvu8QAP9Ln136hLt/yLfx4KYjBxPAdfd9
oRYd3xqWFBxNZmn+BgD/XZrhNaY3MEBV4yIx4ts6JT7dJfXGcbNjxK1T2BlXdQE=
=moUA
-----END PGP PUBLIC KEY BLOCK-----

View File

@ -1,7 +1,7 @@
#
# spec file for package oath-toolkit
#
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -12,22 +12,20 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: oath-toolkit
Version: 2.6.2
Version: 2.6.5
Release: 0
Summary: Toolkit for one-time password authentication systems
License: GPL-3.0-or-later AND LGPL-2.1-or-later
Group: Productivity/Networking/Security
URL: http://www.nongnu.org/oath-toolkit/
Source: http://download.savannah.nongnu.org/releases/%{name}/%{name}-%{version}.tar.gz
Patch1: 0001-Fix-no-return-in-nonvoid-function-errors-reported-by.patch
Patch2: 0002-update_gnulibs_files.patch
Patch3: 0003-pam_oath-assign-safe-default-to-alwaysok-config-memb.patch
Patch4: gnulib-libio.patch
Source: https://download-mirror.savannah.gnu.org/releases/%{name}/%{name}-%{version}.tar.gz
Source1: https://download-mirror.savannah.gnu.org/releases/%{name}/%{name}-%{version}.tar.gz.sig
Source99: %{name}.keyring
BuildRequires: bison
BuildRequires: gengetopt
BuildRequires: libgcrypt-devel
@ -130,10 +128,6 @@ This subpackage contains the headers for this library.
%prep
%setup -q
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%build
autoreconf -fiv