Changelog for
oath-toolkit-2.6.11.12-2.2.x86_64.rpm :
* Fri Sep 13 2024 Jan Zerebecki
- Fix security issue CVE-2024-47191 by adding 0001-usersfile-fix-potential-security-issues-in-PAM-modul.patch .- Add patch to implement new null_usersfile_okay argument 42-null_usersfile_okay.patch .- Makes this version 2.6.11.12 to be able to depend on it.
* Wed Apr 03 2024 pgajdosAATTsuse.com- version update to 2.6.11
* liboath: Handle invalid base32 encoded secrets. Fixes: #41.
* Various build fixes including updated gnulib files.
* Improve compatibility with recent libxmlsec.
* Sun Jul 09 2023 Martin Hauke - Update to version 2.6.8
* libpskc: Fixes for recent libxmlsec releases.
* pam_oath: Provide fallback pam_modutil_getpwnam implementation.
* pam_oath: Don\'t fail authentication when pam_modutil_getpwnam doesn\'t
*
* know the user when usersfile don\'t include ${USER} or ${HOME}.
* pam_oath: Self-test improvements.
* Tue Aug 02 2022 Torsten Gruner - Use %_pam_moduledir instead of hardcoding %{_lib}/security- Define macro _pam_moduledir if not set to fix builds for Leap and SLE
* Thu Apr 21 2022 Marcus Meissner - url -> https
* Sun May 02 2021 Martin Hauke - Update to version 2.6.7
* pam_oath: Support variables in usersfile string parameter. These changes introduce the ${USER} and ${HOME} placeholder values for the usersfile string in the pam_oath configuration file. The placeholder values allow the user credentials file to be stored in a file path that is relative to the user, and mimics similar behavior found in google-authenticator-libpam. The motivation for these changes is to allow for non-privileged processes to use pam_oath (e.g., for 2FA with xscreensaver). Non-privileged and non-suid programs are unable to use pam_oath. These changes are a proposed alternative to a suid helper binary as well.
* doc: Fix project URL in man pages.
* build: Drop use of libxml\'s AM_PATH_XML2 in favor of pkg-config.
* build: Modernize autotools usage. Most importantly, no longer use -Werror with AM_INIT_AUTOMAKE to make rebuilding from source more safe with future automake versions.
* Updated gnulib files.
* Wed Jan 20 2021 Martin Hauke - Update to version 2.6.6
* oathtool: Support for reading KEY and OTP from standard input or filename. KEY and OTP may now be given as \'-\' to mean stdin, or AATTFILE to read from a particular file. This is recommended on multi-user systems, since secrets as command line parameters leak.
* pam_oath: Fix unlikely logic fail on out of memory conditions.
* Tue Dec 29 2020 Martin Hauke - Update to version 2.6.5
* oathtool: Support for reading KEY and OTP from standard input or filename. KEY and OTP may now be given as \'-\' to mean stdin, or AATTFILE to read from a particular file. This is recommended on multi-user systems, since secrets as command line parameters leak.
* pam_oath: Fix unlikely logic fail on out of memory conditions.
* Doc fixes.- Update to version 2.6.4
* libpskc: New --with-xmlsec-crypto-engine to hard-code crypto engine. Use it like --with-xmlsec-crypto-engine=gnutls or - -with-xmlsec-crypto-engine=openssl if the default dynamic loading fails because of runtime linker search path issues.
* oathtool --totp --verbose now prints TOTP hash mode.
* oathtool: Hash names (e.g., SHA256) for --totp are now upper case. Lower/mixed case hash names are supported for compatibility.
* pam_oath: Fail gracefully for missing users. This allows you to incrementally add support for OATH authentication instead of forcing it on all users.
* Fix libpskc memory corruption bug.
* Fix man pages.
* Build fixes.- Update to version 2.6.3
* pam_oath: Fix self-tests.- Drop not longer needed patches:
* 0001-Fix-no-return-in-nonvoid-function-errors-reported-by.patch
* 0003-pam_oath-assign-safe-default-to-alwaysok-config-memb.patch
* 0002-update_gnulibs_files.patch
* gnulib-libio.patch- Use source verification- Use proper source URLs
* Mon Aug 06 2018 schwabAATTsuse.de- gnulib-libio.patch: Update gnulib for libio.h removal
* Thu Jul 05 2018 matthias.gerstnerAATTsuse.com- Add patch 0003-pam_oath-assign-safe-default-to-alwaysok-config-memb.patch: - fix potential security issue in low memory situation (bsc#1089114)