diff --git a/oath-toolkit-2.0.2.tar.gz b/oath-toolkit-2.0.2.tar.gz
deleted file mode 100644
index efb847d..0000000
--- a/oath-toolkit-2.0.2.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:2951ebc2a3e9a03333618ceda7fe2c00e16f880255d3d4f48068cd8164715944
-size 3946021
diff --git a/oath-toolkit-2.4.0.tar.gz b/oath-toolkit-2.4.0.tar.gz
new file mode 100644
index 0000000..49c8e4b
--- /dev/null
+++ b/oath-toolkit-2.4.0.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:66ebf924304409356b35a3423e4b7255996c5a42503c3188bf08c6446f436ddc
+size 4137994
diff --git a/oath-toolkit.changes b/oath-toolkit.changes
index 1ee7523..4b590f1 100644
--- a/oath-toolkit.changes
+++ b/oath-toolkit.changes
@@ -1,3 +1,24 @@
+-------------------------------------------------------------------
+Wed Oct 23 09:41:19 UTC 2013 - vuntz@opensuse.org
+
+- Update to version 2.4.0:
+  + liboath: Add new API methods for validating TOTP OTPs
+- Changes from version 2.2.0:
+  + libpskc: Add functions for setting PSKC data.
+  + liboath: Permit different passwords for different tokens for
+    the same user.
+  + liboath: Make header file usable from C++ (extern "C" guard).
+  + build: Improve building from git with most recent automake and
+    gengetopt.
+  + build: Valgrind is not enabled by default.
+- Fix license: libraries are LGPL-2.1+ and everything else is
+  GPL-3.0+. Also properly package the COPYING files.
+- Prepare build libpskc, hidden under a %{build_pskc} define:
+  + Add libxml2-devel and pkgconfig(xmlsec1) BuildRequires.
+  + Create libpskc0 and libpskc-devel subpackages.
+  + Define %{build_pskc} to 0 since we don't have libxmlsec1 yet.
+- Rework summaries and descriptions.
+
 -------------------------------------------------------------------
 Sat Jun 15 18:46:27 UTC 2013 - bwiedemann@suse.com
 
diff --git a/oath-toolkit.spec b/oath-toolkit.spec
index a118db0..efce700 100644
--- a/oath-toolkit.spec
+++ b/oath-toolkit.spec
@@ -17,48 +17,120 @@
 
 # norootforbuild
 
+%define build_pskc 0
+
 Name:           oath-toolkit
-Version:        2.0.2
+Version:        2.4.0
 Release:        0
-License:        GPLv3
-Summary:       Makes it possible to build one-time password authentication systems
+License:        GPL-3.0+
+Summary:        Toolkit for one-time password authentication systems
 Url:            http://www.nongnu.org/oath-toolkit/
 Group:          Productivity/Networking/Security
 Source:         http://download.savannah.nongnu.org/releases/oath-toolkit/oath-toolkit-%{version}.tar.gz
-BuildRequires:   pam-devel libgcrypt-devel gtk-doc pkgconfig gengetopt bison
+BuildRequires:  bison
+BuildRequires:  gengetopt
+BuildRequires:  gtk-doc
+BuildRequires:  libgcrypt-devel
+BuildRequires:  pam-devel
+BuildRequires:  pkgconfig
+%if %{build_pskc}
+BuildRequires:  libxml2-devel
+BuildRequires:  pkgconfig(xmlsec1)
+%endif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
-
-Makes it possible to build one-time password authentication systems·
-Supported technologies include the event-based HOTP algorithm (RFC4226) and the time-based TOTP algorithm (RFC6238).
+The OATH Toolkit makes it easy to build one-time password
+authentication systems. It contains shared libraries, command line
+tools and a PAM module. Supported technologies include the
+event-based HOTP algorithm (RFC4226) and the time-based TOTP algorithm
+(RFC6238). OATH stands for Open AuTHentication, which is the
+organization that specify the algorithms. For managing secret key
+files, the Portable Symmetric Key Container (PSKC) format described in
+RFC6030 is supported.
 
 %package -n pam_oath
-Summary:       Makes it possible to build one-time password authentication systems
-Group:         Productivity/Networking/Security
+Summary:        PAM module for pluggable login authentication for OATH
+License:        GPL-3.0+
+Group:          Productivity/Networking/Security
 
 %description -n pam_oath
-
-Makes it possible to build one-time password authentication systems·
+The OATH Toolkit makes it easy to build one-time password
+authentication systems. It contains shared libraries, command line
+tools and a PAM module. Supported technologies include the
+event-based HOTP algorithm (RFC4226) and the time-based TOTP algorithm
+(RFC6238). OATH stands for Open AuTHentication, which is the
+organization that specify the algorithms. For managing secret key
+files, the Portable Symmetric Key Container (PSKC) format described in
+RFC6030 is supported.
 
 %package -n     liboath0
-Summary:       Makes it possible to build one-time password authentication systems
-Group:         Productivity/Networking/Security
+Summary:        Library for Open AuTHentication (OATH) HOTP support
+License:        LGPL-2.1+
+Group:          Productivity/Networking/Security
 
 %description -n liboath0
-
-Makes it possible to build one-time password authentication systems
+The OATH Toolkit makes it easy to build one-time password
+authentication systems. It contains shared libraries, command line
+tools and a PAM module. Supported technologies include the
+event-based HOTP algorithm (RFC4226) and the time-based TOTP algorithm
+(RFC6238). OATH stands for Open AuTHentication, which is the
+organization that specify the algorithms. For managing secret key
+files, the Portable Symmetric Key Container (PSKC) format described in
+RFC6030 is supported.
 
 
 %package -n     liboath-devel
-Summary:       Makes it possible to build one-time password authentication systems
-Group:         Productivity/Networking/Security
+Summary:        Library for Open AuTHentication (OATH) HOTP support -- Development Files
+License:        LGPL-2.1+
+Group:          Productivity/Networking/Security
 Requires:       liboath0 = %{version}
 Requires:       glibc-devel
 
 %description -n liboath-devel
+The OATH Toolkit makes it easy to build one-time password
+authentication systems. It contains shared libraries, command line
+tools and a PAM module. Supported technologies include the
+event-based HOTP algorithm (RFC4226) and the time-based TOTP algorithm
+(RFC6238). OATH stands for Open AuTHentication, which is the
+organization that specify the algorithms. For managing secret key
+files, the Portable Symmetric Key Container (PSKC) format described in
+RFC6030 is supported.
 
-Makes it possible to build one-time password authentication systems
+%if %{build_pskc}
+%package -n     libpskc0
+Summary:        Library for Portable Symmetric Key Container
+License:        LGPL-2.1+
+Group:          Productivity/Networking/Security
+
+%description -n libpskc0
+The OATH Toolkit makes it easy to build one-time password
+authentication systems. It contains shared libraries, command line
+tools and a PAM module. Supported technologies include the
+event-based HOTP algorithm (RFC4226) and the time-based TOTP algorithm
+(RFC6238). OATH stands for Open AuTHentication, which is the
+organization that specify the algorithms. For managing secret key
+files, the Portable Symmetric Key Container (PSKC) format described in
+RFC6030 is supported.
+
+
+%package -n     libpskc-devel
+Summary:        Library for Portable Symmetric Key Container -- Development Files
+License:        LGPL-2.1+
+Group:          Productivity/Networking/Security
+Requires:       libpskc0 = %{version}
+Requires:       glibc-devel
+
+%description -n libpskc-devel
+The OATH Toolkit makes it easy to build one-time password
+authentication systems. It contains shared libraries, command line
+tools and a PAM module. Supported technologies include the
+event-based HOTP algorithm (RFC4226) and the time-based TOTP algorithm
+(RFC6238). OATH stands for Open AuTHentication, which is the
+organization that specify the algorithms. For managing secret key
+files, the Portable Symmetric Key Container (PSKC) format described in
+RFC6030 is supported.
+%endif
 
 %prep
 %setup -q
@@ -74,6 +146,7 @@ make %{?_smp_mflags}
 
 %install
 %makeinstall
+mv COPYING COPYING.summary
 find %{buildroot} -type f -name "*.la" -print -delete
 
 %clean
@@ -83,27 +156,54 @@ find %{buildroot} -type f -name "*.la" -print -delete
 
 %postun -n liboath0 -p /sbin/ldconfig
 
+%if %{build_pskc}
+%post -n libpskc0 -p /sbin/ldconfig
+
+%postun -n libpskc0 -p /sbin/ldconfig
+%endif
+
 %files
 %defattr(-,root,root)
-%doc ChangeLog README COPYING
+%doc ChangeLog NEWS README COPYING.summary oathtool/COPYING
 %{_bindir}/oathtool
 %{_mandir}/man1/oathtool.*
+%if %{build_pskc}
+%{_bindir}/pskctool
+%{_mandir}/man1/pskctool.*
+%endif
 
 %files -n pam_oath
 %defattr(-,root,root)
+%doc pam_oath/COPYING pam_oath/README
 /%{_lib}/security/pam_oath.so
 
 %files -n liboath0
 %defattr(-,root,root)
+%doc liboath/COPYING
 %{_libdir}/liboath.so.*
 
 %files -n liboath-devel
 %defattr(-,root,root)
 %{_libdir}/liboath.so
-%dir %{_includedir}/liboath
-%{_includedir}/liboath/oath.h
+%{_includedir}/liboath/
 %{_libdir}/pkgconfig/liboath.pc
 %doc %{_datadir}/gtk-doc/html/liboath
 %{_mandir}/man3/oath_*
 
+%if %{build_pskc}
+%files -n libpskc0
+%defattr(-,root,root)
+# there's no COPYING for libpskc, but it's LGPL, like liboath
+%doc libpskc/README liboath/COPYING
+%{_libdir}/libpskc.so.*
+
+%files -n libpskc-devel
+%defattr(-,root,root)
+%{_libdir}/libpskc.so
+%{_includedir}/libpskc/
+%{_libdir}/pkgconfig/libpskc.pc
+%doc %{_datadir}/gtk-doc/html/libpskc
+%{_mandir}/man3/pskc_*
+%endif
+
 %changelog