commit otpclient for openSUSE:Factory

Source-Sync Wed, 22 Mar 2023 14:32:06 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package otpclient for openSUSE:Factory 
checked in at 2023-03-22 22:31:05
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/otpclient (Old)
 and      /work/SRC/openSUSE:Factory/.otpclient.new.31432 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "otpclient"

Wed Mar 22 22:31:05 2023 rev:25 rq:1073715 version:3.1.6

Changes:
--------
--- /work/SRC/openSUSE:Factory/otpclient/otpclient.changes      2023-03-15 
18:56:33.645038642 +0100
+++ /work/SRC/openSUSE:Factory/.otpclient.new.31432/otpclient.changes   
2023-03-22 22:31:58.758596958 +0100
@@ -1,0 +2,8 @@
+Wed Mar 22 08:40:52 UTC 2023 - Paolo Stivanin <i...@paolostivanin.com>
+
+- Update to 3.1.6:
+  * Correctly quit the password dialog on export. This avoid dumping
+    the database in plaintext format if the user presses either the
+    cancel or close button. 
+
+-------------------------------------------------------------------

Old:
----
  v3.1.5.tar.gz
  v3.1.5.tar.gz.asc

New:
----
  v3.1.6.tar.gz
  v3.1.6.tar.gz.asc

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ otpclient.spec ++++++
--- /var/tmp/diff_new_pack.R8dSYE/_old  2023-03-22 22:31:59.394600158 +0100
+++ /var/tmp/diff_new_pack.R8dSYE/_new  2023-03-22 22:31:59.398600179 +0100
@@ -18,7 +18,7 @@
 
 %define uclname OTPClient
 Name:           otpclient
-Version:        3.1.5
+Version:        3.1.6
 Release:        0
 Summary:        Simple GTK+ client for managing TOTP and HOTP
 License:        GPL-3.0-or-later


++++++ v3.1.5.tar.gz -> v3.1.6.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/OTPClient-3.1.5/CMakeLists.txt 
new/OTPClient-3.1.6/CMakeLists.txt
--- old/OTPClient-3.1.5/CMakeLists.txt  2023-03-15 10:40:38.000000000 +0100
+++ new/OTPClient-3.1.6/CMakeLists.txt  2023-03-22 09:26:20.000000000 +0100
@@ -1,5 +1,5 @@
 cmake_minimum_required(VERSION 3.16)
-project(OTPClient VERSION "3.1.5" LANGUAGES "C")
+project(OTPClient VERSION "3.1.6" LANGUAGES "C")
 include(GNUInstallDirs)
 
 configure_file("src/common/version.h.in" "version.h")
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/OTPClient-3.1.5/SECURITY.md 
new/OTPClient-3.1.6/SECURITY.md
--- old/OTPClient-3.1.5/SECURITY.md     2023-03-15 10:40:38.000000000 +0100
+++ new/OTPClient-3.1.6/SECURITY.md     2023-03-22 09:26:20.000000000 +0100
@@ -20,7 +20,7 @@
 
 ## Reporting a Vulnerability
 
-In case you should find a vulnerability, please report it privately to me via 
[e-mail](mailto:paolostiva...@users.noreply.github.com).
+In case you should find a vulnerability, please report it privately to me via 
[e-mail](mailto:i...@paolostivanin.com).
 The following is the workflow:
 - security issue is found, an e-mail is sent to me
 - within 24 hours I will reply to your e-mail with some info like, for 
example, whether it actually is a security issue and how serious it is
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/OTPClient-3.1.5/data/com.github.paolostivanin.OTPClient.appdata.xml 
new/OTPClient-3.1.6/data/com.github.paolostivanin.OTPClient.appdata.xml
--- old/OTPClient-3.1.5/data/com.github.paolostivanin.OTPClient.appdata.xml     
2023-03-15 10:40:38.000000000 +0100
+++ new/OTPClient-3.1.6/data/com.github.paolostivanin.OTPClient.appdata.xml     
2023-03-22 09:26:20.000000000 +0100
@@ -75,6 +75,14 @@
   </content_rating>
 
   <releases>
+    <release version="3.1.6" date="2023-03-22">
+      <description>
+        <p>OTPClient 3.1.6 fixes a security issue.</p>
+        <ul>
+          <li>quit the password dialog when either the cancel or close button 
is pressed</li>
+        </ul>
+      </description>
+    </release>
     <release version="3.1.5" date="2023-03-15">
       <description>
         <p>OTPClient 3.1.5 fixes an issue when dealing with symlink</p>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/OTPClient-3.1.5/src/exports.c 
new/OTPClient-3.1.6/src/exports.c
--- old/OTPClient-3.1.5/src/exports.c   2023-03-15 10:40:38.000000000 +0100
+++ new/OTPClient-3.1.6/src/exports.c   2023-03-22 09:26:20.000000000 +0100
@@ -34,6 +34,9 @@
     if (g_strcmp0 (action_name, ANDOTP_EXPORT_ACTION_NAME) == 0 || g_strcmp0 
(action_name, ANDOTP_EXPORT_PLAIN_ACTION_NAME) == 0) {
         if (encrypted == TRUE) {
             password = prompt_for_password (app_data, NULL, NULL, TRUE);
+            if (password == NULL) {
+                return;
+            }
         }
         exported_file_path = g_build_filename (base_dir, encrypted == TRUE ? 
"andotp_exports.json.aes" : "andotp_exports.json", NULL);
         ret_msg = export_andotp (exported_file_path, password, 
app_data->db_data->json_data);
@@ -45,6 +48,9 @@
     } else if (g_strcmp0 (action_name, AEGIS_EXPORT_ACTION_NAME) == 0 || 
g_strcmp0 (action_name, AEGIS_EXPORT_PLAIN_ACTION_NAME) == 0) {
         if (encrypted == TRUE) {
             password = prompt_for_password (app_data, NULL, NULL, TRUE);
+            if (password == NULL) {
+                return;
+            }
         }
         exported_file_path = g_build_filename (base_dir, encrypted == TRUE ? 
"aegis_encrypted.json" : "aegis_export_plain.json", NULL);
         ret_msg = export_aegis (exported_file_path, 
app_data->db_data->json_data, password);

commit otpclient for openSUSE:Factory

Reply via email to