Commit graph

11 commits

Author SHA1 Message Date
agc
5293710fb4 Add SHA512 digests for distfiles for security category
Problems found locating distfiles:
	Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
	Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
	Package libidea: missing distfile libidea-0.8.2b.tar.gz
	Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
	Package uvscan: missing distfile vlp4510e.tar.Z

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
2015-11-04 01:17:40 +00:00
pettai
6bad46d81b Version 2.4.1 (released 2014-02-12)
* liboath: Fix usersfile bug that caused it to update the wrong line.
When an usersfile contain multiple lines for the same user but with an
unparseable token type (e.g., HOTP vs TOTP), the code would update the
wrong line of the file.  Since the then updated line could be a
commented out line, this can lead to the same OTP being accepted
multiple times which is a security vulnerability. CVE-2013-7322
CVs: ----------------------------------------------------------------------
2014-03-10 00:58:51 +00:00
pettai
ffd07fe27a Version 2.4.0 (released 2013-07-21)
* liboath: Add new API methods for validating TOTP OTPs
  The new methods (oath_totp_validate3 and oath_totp_validate3_callback)
  introduce a new parameter *otp_counter, which is set to the actual
  counter used to calculate the OTP (unless it is a NULL pointer). This
  allows for easier OTP replay detection in applications using liboath.
  Patch from Fabian Grünbichler <fabian.gruenbichler@tuwien.ac.at>.

Version 2.2.0 (released 2013-07-07)

* libpskc: Add functions for setting PSKC data.
  The new functions are pskc_add_keypackage and all pskc_set_* functions
  (see libpskc/include/pskc/keypackage.h).  This allow you to write
  programs that generate new PSKC structures.
* liboath: Permit different passwords for different tokens for the same user.
  Thanks to Christian Hesse <list@eworm.de>.
* build: Improve building from git with most recent automake and gengetopt.
  Thanks to Christian Hesse <list@eworm.de>.
* build: Valgrind is not enabled by default.
  It causes too much false positives.  For developers who want, use
  --enable-valgrind-tests.  It is still enabled by default when building
  from the version controlled sources (see cfg.mk).  Thanks to Christian
  Hesse <list@eworm.de>.
* liboath: Make header file usable from C++ (extern "C" guard).
  Reported by Alan Markus <alan.markus@gmail.com>.
2013-09-14 07:46:33 +00:00
pettai
42bf3c5037 Version 2.0.2 (released 2013-01-08)
* oathtool: Base32 decoding of keys are now more liberal in what accepts.
  It can now accept keys on the "gr6d 5br7 25s6 vnck v4vl hlao re"
  format, i.e., base32 data delimited using SPC and without padding.
  The old proper base32 format is still supported.
* liboath: oath_base32_decode now ignores SPC and adds pad characters.
* liboath: If password in usersfile is + then ignore supplied password.
  This enables the pam_oath module to be used with external password
  verification.  Based on patch from Ilkka Virta <itvirta@iki.fi>.
* tests: Fixed expiry date of some certificates used in the test suite.
  The last release would only complete 'make check' during a 30 day window.
* API and ABI is backwards compatible with the previous version.

Version 2.0.1 (released 2012-10-24)

* libpskc, pskctool: Support sign and verify of PSKC data using XML DigSig.
* libpskc: XML Schema validation modified.
  The entire PSKC schema is now supported (before the XML Digital
  Signatures and Encryption parts were removed).  The code now assumes
  that the schema is available in the local XML catalog.  Thanks to Liam
  Quin for hints about XML catalogs.
* pskctool: the --check (-c) parameter was renamed to --info (-i).
* API and ABI is backwards compatible with the previous version.

Version 2.0.0 (released 2012-10-10)

* libpskc, pskctool: New components.
  The OATH Toolkit now supports the Portable Symmetric Key Container
  (PSKC) data format specified in RFC 6030 for dealing with key
  provisioning.  There is a new low-level library libpskc for managing
  PSKC data for application developers and a new command line tool
  pskctool for interacting with PSKC data for users.  The PSKC
  functionality depends on Libxml2 <http://xmlsoft.org/>.  It can be
  disabled unconditionally using the ./configure-parameter
  --disable-pskc.
* liboath: Add manpages for library API.
* API and ABI is backwards compatible with the previous version.
2013-03-16 20:52:38 +00:00
pettai
31d5b7b05d Version 1.12.6 (released 2012-09-04)
* liboath: The usersfile is now fflush'ed and fsync'ed.
* liboath: A memory leak fixed.
* oathtool: The --counter parameter now works on 32-bit platforms.
* API and ABI is backwards compatible with the previous version.
  OATH_FILE_FLUSH_ERROR: Added.
  OATH_FILE_SYNC_ERROR: Added.
  OATH_FILE_CLOSE_ERROR: Added.
  OATH_LAST_ERROR: Added.

Version 1.12.5 (released 2012-08-19)

* oathtool: The --counter parameter now supports larger values.
  Before it used an 'int' type and now it uses a 'longlong' type.
  Needed for eSecuTech tokens as they use a 64-bit value for their
  initial counter. see <https://savannah.nongnu.org/support/?108114>.
* Added gnulib self-tests.
* API and ABI is backwards compatible with the previous version.

Version 1.12.4 (released 2012-06-17)

* liboath: Usersfile code handles multiple lines for a single user.
  This can be used when a single user carries multiple tokens (with
  different OATH secrets) and any of them should be permitted.
* API and ABI is backwards compatible with the previous version.

Version 1.12.3 (released 2012-05-31)

* pam_oath: Fix "try_first_pass".
* API and ABI is backwards compatible with the previous version.

Version 1.12.2 (released 2012-04-04)

* liboath: usersfile function now works on FreeBSD.
* tests: liboath usersfile self-test is skipped if there is no datefudge.
* API and ABI is backwards compatible with the previous version.

Version 1.12.1 (released 2012-04-01)

* liboath, oathtool: Base32 decoding now permit lowercase characters.
* API and ABI is backwards compatible with the previous version.

Version 1.12.0 (released 2012-04-01)

* oathtool: Added --base32 parameter to decode base32 keys.
* oathtool: Verbose output (-v) now print key data in base32 format too.
* liboath: Added base32 functions.  Added hex encoding function.
  The new APIs are oath_bin2hex, oath_base32_decode, and
  oath_base32_encode.
* liboath: Gnulib's snprintf is used for better portability.
  The system snprintf is known to have bugs on some systems, see the
  Gnulib manual for more information.
* API and ABI is backwards compatible with the previous version.
  oath_bin2hex: New function.
  oath_base32_decode: New function.
  oath_base32_encode: New function.
  OATH_INVALID_BASE32: New error code.
  OATH_BASE32_OVERFLOW: New error code.
  OATH_MALLOC_ERROR: New error code.
2012-11-10 18:07:44 +00:00
joerg
9a8404616b Revert. 2012-04-07 19:38:43 +00:00
dholland
31f59c0df8 Regen properly for patches in last commit. Hi Joerg... 2012-04-07 19:27:23 +00:00
joerg
4ebe40f2ae Fix build on NetBSD/current. 2012-04-07 13:16:23 +00:00
pettai
b233e7a308 Version 1.10.5
* Build fixes from Linus Nordberg and Arno Hautala.
* Update gnulib files.
2012-01-12 20:17:47 +00:00
pettai
14286565a6 Version 1.10.4
* liboath: Fix build so that OATH_VERSION_NUMBER is actually defined.
It was an empty value in the last release due to a bug in the build
scripts.

Version 1.10.3

* liboath: Allow strcmp callback to return negative to signal errors.
* Fix bugs in build scripts for generating version numbers.
* Update gnulib files.
2011-12-14 09:04:13 +00:00
pettai
60f8650f8a The OATH Toolkit contains a shared library, command line tool and a PAM module
that makes it possible to build one-time password authentication systems.
Supported technologies include the event-based HOTP algorithm and the
time-based TOTP algorithm.
OATH is the Open AuTHentication organization which specify the algorithms.
2011-12-05 09:51:20 +00:00