File pam_yubico.changes of Package pam_yubico

-------------------------------------------------------------------
Mon Oct  5 12:50:06 UTC 2015 - t.gruner@katodev.de

- Version 2.20 (released 2015-09-22)
  - Add cainfo option to allow usage of a cabundle instead of path.
  - Support comments in authfile.
  - For challenge response with system-wide directory, write the files as root instead of the user.
- add baselib.conf

-------------------------------------------------------------------
Thu Mar 26 12:56:50 UTC 2015 - t.gruner@katodev.de

- Version 2.19 (released 2015-03-23)
  - Add new ldap functionality ldap_bind_user and ldap_bind_password
    for authenticated binds ldap_filter for using subtree search and
    a filter ldap_cacertfile to use a specific cacert for ldaps

-------------------------------------------------------------------
Mon Feb 16 14:36:32 UTC 2015 - t.gruner@katodev.de

- Version 2.18 (released 2015-02-12)
  - Fix a memory leak of the pam response data.
  - Add more tests.
  - Add version flag to ykpamcfg.
- Remove "make check" in spec-file. ( BuildRequires: perl(Net::LDAP::Server) )

-------------------------------------------------------------------
Wed Jan 21 09:09:06 UTC 2015 - t.gruner@katodev.de

- Move ykpamcfg from /usr/sbin to /usr/bin

-------------------------------------------------------------------
Wed Jan  7 20:55:40 UTC 2015 - mrueckert@suse.de

- Version 2.17 (released 2014-08-26)
  - Fix a bug with the 'urllist' parameter where urls would be
    forgotten.
  - Manpages converted to asciidoc.
- Version 2.16 (released 2014-06-10)
  - Fix a crashbug with the new parameter 'urllist'
- Version 2.15 (released 2014-04-30)
  - Added new parameter 'urllist'
  - Added pam_yubico(8) man page.
  - Fix memory leak.
  - Bump yubico-c-client version requirement to 2.12.
- Version 2.14 (released 2013-09-27)
  - Don't install internal header files.
  - Don't print debug info when the "debug" parameter is not given.
  - Use PBKDF2 to process expected reply for challenge-response
    mode.
  - Fixup memory leaks and leaks of privilege.
  - Let return values reflect whether the user wasn't found or
    other error.
- Version 2.13 (released 2013-03-01)
  - Fix a bug in the version check to support major version > 2
    (neo).  Patch from https://github.com/wwest4
  - Give ykpamcfg an option for specifying path.
- Version 2.12 (released 2012-06-15)
  - Only use libyubikey when --with-cr is used.
  - Set correct permissions on tempfile.
  - YubiKey 2.2 contains a bug in challenge-response that makes it
    output the same response to all challenges unless HMAC_LT64 is
    set. Add warnings to ykpamcfg and a warning through conversate
    in the pam module. Keys programmed like this should be
    reprogrammed with the HMAC_LT64 flag set.
- Version 2.11 (released 2012-02-10)
  - Fix crash-bug with challenge-response mode when button press is
    required, but button is never pressed. Reported and fixed by
    Lingzhu Xiang <xianglingzhu@gmail.com>.
  - Fix a memset() with wrong size as reported by clang, as well as
    some other problems/warnings when building on Mac OS X, thanks
    to Clemens Lang <neverpanic@gmail.com>.
  - Add prefix-matching of LDAP fetched values, so you can store
    the token-to-user mapping in a multi-value attribute with
    values like "yubikey:publicid", "other-token:something" etc.
    Patch by Remi Mollon <remi.mollon@cern.ch>.
- Version 2.10 (released 2011-12-14)
  - Drop permissions (to the user that is trying to authenticate)
    before accessing files in the users home directory. Largely
    based on a patch by Ricky Zhou <ricky@fedoraproject.org>.
    Thanks!
  - Restore challenge-response support - version 2.7 was supposed
    to make the dependency on libykpers optional, but in reality
    accidentally disabled challenge-response for all
    configurations. As before, use --without-cr to compile
    pam_yubico without the ykpers dependency.
- Version 2.9 (released 2011-11-17)
  - Security: Explicitly request ykclient to verify server
    signature.  ykclient <= 2.5 strangely enough defaults to
    signing requests, but not verifying signatures in responses
    when it is supplied with a client key.  Reported and patched by
    Dominic Rutherford <dominic@rutherfordfamily.co.uk>.
- Version 2.8 (released 2011-08-26)
  - Fix big security hole: Authentication succeeded when no
    password was given, unless use_first_pass was being used.  This
    is fatal if pam_yubico is considered 'sufficient' in the PAM
    configuration.  Reported and patched by Nanakos Chrysostomos
    <nanakos@wired-net.gr>.
- Version 2.7 (released 2011-06-07)
  - Make dependency on libykpers optional.  Use --without-cr to
    force it.  Reported by Jussi Sallinen <jussi@jus.si>.
- Version 2.6 (released 2011-04-11)
  - This release includes lots of patches by members of our open
    source community. Thank you all!
  - Add Challenge-Response mode for offline validation (requires
    YubiKey 2.2). Patch by Tollef Fog Heen.
  - Eliminate all problems with pam_get_data by simply getting rid
    of that code completely. This seems to have caused problems for
    a lot of people.
  - Numerous LDAP bug fixes and improvements, including community
    patches by judas.iscariote and maxsanna81@gmail.com. Change to
    LDAPv3, since v2 has been declared historic for a looong time.
  - Support passing capath parameter to Yubico validation client.
    Patch by Remi Mollon.
  - Support public id's longer/shorter than 6 bytes. Patch by
    fraser.scott@gmail.com.
  - Convert documentation to Asciidoc format used in Github wiki.
  - Try to never log passwords in debug logs.
- new build requires:
  pkg-config
  libyubikey-devel
  libykpers-devel
- use correct license string: BSD-2-Clause
- remove autoreconf call: no longer needed with release tarball
- package more documentation

-------------------------------------------------------------------
Thu Mar 17 15:40:54 UTC 2011 - crrodriguez@opensuse.org

- Update GIT snapshot 

-------------------------------------------------------------------
Sat Mar 12 14:12:28 UTC 2011 - crrodriguez@opensuse.org

- Update git snapshot 

-------------------------------------------------------------------
Thu Mar  3 21:02:33 UTC 2011 - crrodriguez@opensuse.org

- Use an slightly newer git snapshot 

-------------------------------------------------------------------
Sun Jan 30 21:39:14 UTC 2011 - cristian.rodriguez@opensuse.org

- run make check 

-------------------------------------------------------------------
Sun Jan 30 18:19:29 UTC 2011 - cristian.rodriguez@opensuse.org

- fix some wrong ldap calls 

-------------------------------------------------------------------
Sun Jan 30 16:25:26 UTC 2011 - cristian.rodriguez@opensuse.org

- Initial version