Overview Repositories Revisions Requests Users Attributes Meta

Revisions of pam_yubico

Frederic Crozat's avatar Frederic Crozat (fcrozat) committed (revision 4) 
- Version 2.26 (released 2018-04-20)
  - Make sure to close authfile (CVE-2018-9275 bsc#1088027).
  - Fix compiler warnings.
  - Open file descriptors with O_CLOEXEC.
  - Use mkostemp() instead of mkstemp().
- Dropped patches that are included upstream:
  - cloexec.patch
  - compiler-warnings-format-strings.patch
  - compiler-warnings-pointer.patch
  - leaking-file-descriptor.patch
  - util_test-mkdtemp.patch
Stefan Behlert's avatar Stefan Behlert (sbehlert) committed (revision 3) 
- Added patches:
  - cloexec.patch: Harden file descriptor handling (boo#1089517)
  - compiler-warnings-pointer.patch: Fix compiler warnings due to wrong pointer
    casts (boo#1089518)
  - compiler-warnings-format-strings.patch: Fix compiler warnings due to wrong
    format string specifiers (boo#1089519)
  - util_test-mkdtemp.patch: Use mkdtemp() instead of tempnam() (boo#1089520)

- leaking-file-descriptor.patch: Close the authfile before returning
  to make sure no file descriptors are leaked (bsc#1088027).

- Version 2.25 (released 2018-03-27):
  - Security: Storage of challenges in path with restricted permissions
  - Perform OTP validation only if token is authorized
  - Return early if the user has no authorized tokens
  - Compare OTP IDs against `yubi_attr` only
  - Add nullok support to challenge-response mode
  - Several improvements to the documentation
  - Improved debugging output and test cases
Stefan Behlert's avatar Stefan Behlert (sbehlert) committed (revision 2) 
Automatic request from openSUSE.org:openSUSE:Factory by UpdateCrawler
Stefan Behlert's avatar Stefan Behlert (sbehlert) committed (revision 1) 
FATE#323337
Displaying all 4 revisions
openSUSE Build Service is sponsored by
Places