Marcus Meissner
44150de82d
Update to version 2.4.1 OBS-URL: https://build.opensuse.org/request/show/282639 OBS-URL: https://build.opensuse.org/package/show/security/oath-toolkit?expand=0&rev=8
60 lines
2.3 KiB
Plaintext
60 lines
2.3 KiB
Plaintext
-------------------------------------------------------------------
|
|
Sat Jan 24 10:29:53 UTC 2015 - mardnh@gmx.de
|
|
|
|
- Update to version 2.4.1:
|
|
+ liboath: Fix usersfile bug that caused it to update the wrong line.
|
|
When an usersfile contain multiple lines for the same user but with an
|
|
unparseable token type (e.g., HOTP vs TOTP), the code would update the
|
|
wrong line of the file. Since the then updated line could be a
|
|
commented out line, this can lead to the same OTP being accepted
|
|
multiple times which is a security vulnerability. Reported by Bas van
|
|
Schaik <bas@sj-vs.net> and patch provided by Ilkka Virta
|
|
<itvirta@iki.fi>. CVE-2013-7322
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jul 11 18:14:17 UTC 2014 - darin@darins.net
|
|
|
|
- Ran through spec-cleaner
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Oct 23 09:41:19 UTC 2013 - vuntz@opensuse.org
|
|
|
|
- Update to version 2.4.0:
|
|
+ liboath: Add new API methods for validating TOTP OTPs
|
|
- Changes from version 2.2.0:
|
|
+ libpskc: Add functions for setting PSKC data.
|
|
+ liboath: Permit different passwords for different tokens for
|
|
the same user.
|
|
+ liboath: Make header file usable from C++ (extern "C" guard).
|
|
+ build: Improve building from git with most recent automake and
|
|
gengetopt.
|
|
+ build: Valgrind is not enabled by default.
|
|
- Fix license: libraries are LGPL-2.1+ and everything else is
|
|
GPL-3.0+. Also properly package the COPYING files.
|
|
- Prepare build libpskc, hidden under a %{build_pskc} define:
|
|
+ Add libxml2-devel and pkgconfig(xmlsec1) BuildRequires.
|
|
+ Create libpskc0 and libpskc-devel subpackages.
|
|
+ Define %{build_pskc} to 0 since we don't have libxmlsec1 yet.
|
|
- Rework summaries and descriptions.
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Jun 15 18:46:27 UTC 2013 - bwiedemann@suse.com
|
|
|
|
- Update to version 2.0.2
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Feb 11 00:04:02 UTC 2011 - cristian.rodriguez@opensuse.org
|
|
|
|
- Update to version 1.4.6
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Feb 5 18:41:54 UTC 2011 - cristian.rodriguez@opensuse.org
|
|
|
|
- Use libgcrypt for crypto
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Feb 5 14:46:45 UTC 2011 - cristian.rodriguez@opensuse.org
|
|
|
|
- Initial version
|
|
|