Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package otpclient for openSUSE:Factory checked in at 2023-03-22 22:31:05 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/otpclient (Old) and /work/SRC/openSUSE:Factory/.otpclient.new.31432 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "otpclient" Wed Mar 22 22:31:05 2023 rev:25 rq:1073715 version:3.1.6 Changes: -------- --- /work/SRC/openSUSE:Factory/otpclient/otpclient.changes 2023-03-15 18:56:33.645038642 +0100 +++ /work/SRC/openSUSE:Factory/.otpclient.new.31432/otpclient.changes 2023-03-22 22:31:58.758596958 +0100 @@ -1,0 +2,8 @@ +Wed Mar 22 08:40:52 UTC 2023 - Paolo Stivanin <i...@paolostivanin.com> + +- Update to 3.1.6: + * Correctly quit the password dialog on export. This avoid dumping + the database in plaintext format if the user presses either the + cancel or close button. + +------------------------------------------------------------------- Old: ---- v3.1.5.tar.gz v3.1.5.tar.gz.asc New: ---- v3.1.6.tar.gz v3.1.6.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ otpclient.spec ++++++ --- /var/tmp/diff_new_pack.R8dSYE/_old 2023-03-22 22:31:59.394600158 +0100 +++ /var/tmp/diff_new_pack.R8dSYE/_new 2023-03-22 22:31:59.398600179 +0100 @@ -18,7 +18,7 @@ %define uclname OTPClient Name: otpclient -Version: 3.1.5 +Version: 3.1.6 Release: 0 Summary: Simple GTK+ client for managing TOTP and HOTP License: GPL-3.0-or-later ++++++ v3.1.5.tar.gz -> v3.1.6.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/OTPClient-3.1.5/CMakeLists.txt new/OTPClient-3.1.6/CMakeLists.txt --- old/OTPClient-3.1.5/CMakeLists.txt 2023-03-15 10:40:38.000000000 +0100 +++ new/OTPClient-3.1.6/CMakeLists.txt 2023-03-22 09:26:20.000000000 +0100 @@ -1,5 +1,5 @@ cmake_minimum_required(VERSION 3.16) -project(OTPClient VERSION "3.1.5" LANGUAGES "C") +project(OTPClient VERSION "3.1.6" LANGUAGES "C") include(GNUInstallDirs) configure_file("src/common/version.h.in" "version.h") diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/OTPClient-3.1.5/SECURITY.md new/OTPClient-3.1.6/SECURITY.md --- old/OTPClient-3.1.5/SECURITY.md 2023-03-15 10:40:38.000000000 +0100 +++ new/OTPClient-3.1.6/SECURITY.md 2023-03-22 09:26:20.000000000 +0100 @@ -20,7 +20,7 @@ ## Reporting a Vulnerability -In case you should find a vulnerability, please report it privately to me via [e-mail](mailto:paolostiva...@users.noreply.github.com). +In case you should find a vulnerability, please report it privately to me via [e-mail](mailto:i...@paolostivanin.com). The following is the workflow: - security issue is found, an e-mail is sent to me - within 24 hours I will reply to your e-mail with some info like, for example, whether it actually is a security issue and how serious it is diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/OTPClient-3.1.5/data/com.github.paolostivanin.OTPClient.appdata.xml new/OTPClient-3.1.6/data/com.github.paolostivanin.OTPClient.appdata.xml --- old/OTPClient-3.1.5/data/com.github.paolostivanin.OTPClient.appdata.xml 2023-03-15 10:40:38.000000000 +0100 +++ new/OTPClient-3.1.6/data/com.github.paolostivanin.OTPClient.appdata.xml 2023-03-22 09:26:20.000000000 +0100 @@ -75,6 +75,14 @@ </content_rating> <releases> + <release version="3.1.6" date="2023-03-22"> + <description> + <p>OTPClient 3.1.6 fixes a security issue.</p> + <ul> + <li>quit the password dialog when either the cancel or close button is pressed</li> + </ul> + </description> + </release> <release version="3.1.5" date="2023-03-15"> <description> <p>OTPClient 3.1.5 fixes an issue when dealing with symlink</p> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/OTPClient-3.1.5/src/exports.c new/OTPClient-3.1.6/src/exports.c --- old/OTPClient-3.1.5/src/exports.c 2023-03-15 10:40:38.000000000 +0100 +++ new/OTPClient-3.1.6/src/exports.c 2023-03-22 09:26:20.000000000 +0100 @@ -34,6 +34,9 @@ if (g_strcmp0 (action_name, ANDOTP_EXPORT_ACTION_NAME) == 0 || g_strcmp0 (action_name, ANDOTP_EXPORT_PLAIN_ACTION_NAME) == 0) { if (encrypted == TRUE) { password = prompt_for_password (app_data, NULL, NULL, TRUE); + if (password == NULL) { + return; + } } exported_file_path = g_build_filename (base_dir, encrypted == TRUE ? "andotp_exports.json.aes" : "andotp_exports.json", NULL); ret_msg = export_andotp (exported_file_path, password, app_data->db_data->json_data); @@ -45,6 +48,9 @@ } else if (g_strcmp0 (action_name, AEGIS_EXPORT_ACTION_NAME) == 0 || g_strcmp0 (action_name, AEGIS_EXPORT_PLAIN_ACTION_NAME) == 0) { if (encrypted == TRUE) { password = prompt_for_password (app_data, NULL, NULL, TRUE); + if (password == NULL) { + return; + } } exported_file_path = g_build_filename (base_dir, encrypted == TRUE ? "aegis_encrypted.json" : "aegis_export_plain.json", NULL); ret_msg = export_aegis (exported_file_path, app_data->db_data->json_data, password);