[pkgsrc/trunk]: pkgsrc/security/oath-toolkit Version 2.4.1 (released 2014-02-12)

[pettai <pettai%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/be92a3258819
branches:  trunk
changeset: 631550:be92a3258819
user:      pettai <pettai%pkgsrc.org@localhost>
date:      Mon Mar 10 00:58:51 2014 +0000

description:
Version 2.4.1 (released 2014-02-12)

* liboath: Fix usersfile bug that caused it to update the wrong line.
When an usersfile contain multiple lines for the same user but with an
unparseable token type (e.g., HOTP vs TOTP), the code would update the
wrong line of the file.  Since the then updated line could be a
commented out line, this can lead to the same OTP being accepted
multiple times which is a security vulnerability. CVE-2013-7322
CVs: ----------------------------------------------------------------------

diffstat:

 security/oath-toolkit/Makefile |  5 ++---
 security/oath-toolkit/distinfo |  8 ++++----
 2 files changed, 6 insertions(+), 7 deletions(-)

diffs (28 lines):

diff -r ec4f3d5d2bae -r be92a3258819 security/oath-toolkit/Makefile
--- a/security/oath-toolkit/Makefile    Sun Mar 09 19:17:06 2014 +0000
+++ b/security/oath-toolkit/Makefile    Mon Mar 10 00:58:51 2014 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.12 2014/02/12 23:18:34 tron Exp $
+# $NetBSD: Makefile,v 1.13 2014/03/10 00:58:51 pettai Exp $
 
-DISTNAME=      oath-toolkit-2.4.0
-PKGREVISION=   3
+DISTNAME=      oath-toolkit-2.4.1
 CATEGORIES=    security
 MASTER_SITES=  http://download.savannah.gnu.org/releases/oath-toolkit/
 
diff -r ec4f3d5d2bae -r be92a3258819 security/oath-toolkit/distinfo
--- a/security/oath-toolkit/distinfo    Sun Mar 09 19:17:06 2014 +0000
+++ b/security/oath-toolkit/distinfo    Mon Mar 10 00:58:51 2014 +0000
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.9 2013/09/14 07:46:33 pettai Exp $
+$NetBSD: distinfo,v 1.10 2014/03/10 00:58:51 pettai Exp $
 
-SHA1 (oath-toolkit-2.4.0.tar.gz) = 89d2cd30dd401a3f6973ec3c2b26f1cb737764a7
-RMD160 (oath-toolkit-2.4.0.tar.gz) = a0b4b48c861a4408232ad4f2784e83a5c57a939c
-Size (oath-toolkit-2.4.0.tar.gz) = 4137994 bytes
+SHA1 (oath-toolkit-2.4.1.tar.gz) = b0ca4c5f89c12c550f7227123c2f21f45b2bf969
+RMD160 (oath-toolkit-2.4.1.tar.gz) = d902ebef5b0468f383bcb15a9e8b0582011eb4ca
+Size (oath-toolkit-2.4.1.tar.gz) = 4136649 bytes
 SHA1 (patch-liboath_gl_fflush.c) = d957eed6c3e653ee53bbcf0b95b0c032f092b07d
 SHA1 (patch-liboath_gl_fseeko.c) = bd67a1af8c01a2dbf849f8612cbb18470cb3b248