oath-toolkit 2.6.11-2.1ubuntu0.1 source package in Ubuntu

Changelog

oath-toolkit (2.6.11-2.1ubuntu0.1) noble-security; urgency=medium

  * SECURITY UPDATE: root escalation in liboath-pam
    - debian/patches/use-fopen-gnu.patch: use gnulib's fopen-gnu
      for cross-platform fopen
    - debian/patches/improve-liboath-usersfile-writing.patch: improve
      liboath usersfile write handling
    - debian/patches/pam_oath-seteuid.patch: drop privs to user when
      usersfile contains ${HOME}
    - CVE-2024-47191
  * Add execute_before_dh_auto_build to debian/rules to prevent man
      pages regenerating

 -- Julia Sarris <email address hidden>  Tue, 08 Oct 2024 09:52:37 -0400

Upload details

Uploaded by:
Julia Sarris
Uploaded to:
Noble
Original maintainer:
Ubuntu Developers
Architectures:
any
Section:
devel
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Noble updates main devel
Noble security main devel

Downloads

File Size SHA-256 Checksum
oath-toolkit_2.6.11.orig.tar.gz 4.5 MiB fc512a4a5b46f4c43ab0586c3189fece4d54f7e649397d6fa1e23428431e2cb4
oath-toolkit_2.6.11.orig.tar.gz.asc 228 bytes 20b854d73872b9f91f63193b0bccce5dff40209032f46897eee065d9cdb41c73
oath-toolkit_2.6.11-2.1ubuntu0.1.debian.tar.xz 15.9 KiB ef399b8c5a7424615767cc8f3b8aac5abada7f9eb6bb61d66b909c7e6e30716a
oath-toolkit_2.6.11-2.1ubuntu0.1.dsc 2.4 KiB ce6678d4fb4e4bb8bbb7923b90e5bef885a991324b5d531fd35863bed9af2fcb

View changes file

Binary packages built by this source

liboath-dev: Development files for the OATH Toolkit Liboath library

 OATH Toolkit provide components to build one-time password
 authentication systems. It contains shared C libraries, command line
 tools and a PAM module. Supported technologies include the
 event-based HOTP algorithm (RFC 4226), the time-based TOTP algorithm
 (RFC 6238), and Portable Symmetric Key Container (PSKC, RFC 6030) to
 manage secret key data. OATH stands for Open AuTHentication, which is
 the organization that specify the algorithms.
 .
 This package contain all files necessary for developing programs that
 use Liboath.

liboath0t64: OATH Toolkit Liboath library

 OATH Toolkit provide components to build one-time password
 authentication systems. It contains shared C libraries, command line
 tools and a PAM module. Supported technologies include the
 event-based HOTP algorithm (RFC 4226), the time-based TOTP algorithm
 (RFC 6238), and Portable Symmetric Key Container (PSKC, RFC 6030) to
 manage secret key data. OATH stands for Open AuTHentication, which is
 the organization that specify the algorithms.
 .
 This package includes the Liboath shared library that is used by
 applications. You normally don't need to install it manually.

liboath0t64-dbgsym: debug symbols for liboath0t64
libpam-oath: OATH Toolkit libpam_oath PAM module

 OATH Toolkit provide components to build one-time password
 authentication systems. It contains shared C libraries, command line
 tools and a PAM module. Supported technologies include the
 event-based HOTP algorithm (RFC 4226), the time-based TOTP algorithm
 (RFC 6238), and Portable Symmetric Key Container (PSKC, RFC 6030) to
 manage secret key data. OATH stands for Open AuTHentication, which is
 the organization that specify the algorithms.
 .
 This package contain a PAM module to authenticate users against
 a local file-based OATH database.

libpam-oath-dbgsym: debug symbols for libpam-oath
libpskc-dev: Development files for the OATH Toolkit Libpskc library

 OATH Toolkit provide components to build one-time password
 authentication systems. It contains shared C libraries, command line
 tools and a PAM module. Supported technologies include the
 event-based HOTP algorithm (RFC 4226), the time-based TOTP algorithm
 (RFC 6238), and Portable Symmetric Key Container (PSKC, RFC 6030) to
 manage secret key data. OATH stands for Open AuTHentication, which is
 the organization that specify the algorithms.
 .
 This package contain all files necessary for developing programs that
 use Libpskc.

libpskc0t64: OATH Toolkit Libpskc library

 OATH Toolkit provide components to build one-time password
 authentication systems. It contains shared C libraries, command line
 tools and a PAM module. Supported technologies include the
 event-based HOTP algorithm (RFC 4226), the time-based TOTP algorithm
 (RFC 6238), and Portable Symmetric Key Container (PSKC, RFC 6030) to
 manage secret key data. OATH stands for Open AuTHentication, which is
 the organization that specify the algorithms.
 .
 This package includes the Libpskc shared library that is used by
 applications. You normally don't need to install it manually.

libpskc0t64-dbgsym: debug symbols for libpskc0t64
oathtool: OATH Toolkit oathtool command line tool

 OATH Toolkit provide components to build one-time password
 authentication systems. It contains shared C libraries, command line
 tools and a PAM module. Supported technologies include the
 event-based HOTP algorithm (RFC 4226), the time-based TOTP algorithm
 (RFC 6238), and Portable Symmetric Key Container (PSKC, RFC 6030) to
 manage secret key data. OATH stands for Open AuTHentication, which is
 the organization that specify the algorithms.
 .
 This package contains the OATH Toolkit "oathtool" command line tool.

oathtool-dbgsym: debug symbols for oathtool
pskctool: OATH Toolkit pskctool command line tool

 OATH Toolkit provide components to build one-time password
 authentication systems. It contains shared C libraries, command line
 tools and a PAM module. Supported technologies include the
 event-based HOTP algorithm (RFC 4226), the time-based TOTP algorithm
 (RFC 6238), and Portable Symmetric Key Container (PSKC, RFC 6030) to
 manage secret key data. OATH stands for Open AuTHentication, which is
 the organization that specify the algorithms.
 .
 This package contains the OATH Toolkit "pskctool" command line tool.

pskctool-dbgsym: debug symbols for pskctool