Package: pass-otp Version: 1.2.0-7 Severity: important X-Debbugs-Cc: none, Dave Love <dave.l...@manchester.ac.uk> Tags: patch
With bookworm's version of bash, updating the HOTP counter after generating a code stores an invalid URI -- missing an "&" -- e.g. "&counter=1counter=2" as reported, but not fixed, upstream. I'm attaching a fix, hoping a diff of the packaging is a suitable form. -- System Information: Debian Release: 12.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-12-amd64 (SMP w/8 CPU threads; PREEMPT) Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages pass-otp depends on: ii pass 1.7.4-6 Versions of packages pass-otp recommends: ii oathtool 2.6.7-3.1 ii qrencode 4.1.1-1 Versions of packages pass-otp suggests: pn zbar-tools <none> -- no debconf information
diff -rN -u old-pass-otp-1.2.0-7/debian/changelog new-pass-otp-1.2.0-7/debian/changelog --- old-pass-otp-1.2.0-7/debian/changelog 2023-10-14 17:12:09.721677669 +0100 +++ new-pass-otp-1.2.0-7/debian/changelog 2023-10-14 17:12:09.721677669 +0100 @@ -1,3 +1,9 @@ +pass-otp (1.2.0-8) unstable; urgency=medium + + * Fix broken HOTP counter updating with bash 5.2 + + -- Dave Love <dave.l...@manchester.ac.uk> Sat, 14 Oct 2023 14:33:51 +0100 + pass-otp (1.2.0-7) unstable; urgency=medium * Bump Standards-Version to 4.6.2 (no changes necessary) diff -rN -u old-pass-otp-1.2.0-7/debian/patches/bash5.2.patch new-pass-otp-1.2.0-7/debian/patches/bash5.2.patch --- old-pass-otp-1.2.0-7/debian/patches/bash5.2.patch 1970-01-01 01:00:00.000000000 +0100 +++ new-pass-otp-1.2.0-7/debian/patches/bash5.2.patch 2023-10-14 17:12:09.721677669 +0100 @@ -0,0 +1,19 @@ +Description: Fix broken HOTP counter updating with bash 5.2 +Forwarded: no +Bug: https://github.com/tadfisher/pass-otp/issues/171 +Author: Dave Love <dave.l...@manchester.ac.uk> +Last-Update: 2023-10-14 + +Index: pass-otp-1.2.0/otp.bash +=================================================================== +--- pass-otp-1.2.0.orig/otp.bash ++++ pass-otp-1.2.0/otp.bash +@@ -357,7 +357,7 @@ cmd_otp_code() { + + if [[ "$otp_type" == "hotp" ]]; then + # Increment HOTP counter in-place +- local line replaced uri=${otp_uri/&counter=$otp_counter/&counter=$counter} ++ local line replaced uri=${otp_uri/&counter=$otp_counter/\&counter=$counter} + while IFS= read -r line; do + [[ "$line" == otpauth://* ]] && line="$uri" + [[ -n "$replaced" ]] && replaced+=$'\n' diff -rN -u old-pass-otp-1.2.0-7/debian/patches/mark_test_bash5.2.patch new-pass-otp-1.2.0-7/debian/patches/mark_test_bash5.2.patch --- old-pass-otp-1.2.0-7/debian/patches/mark_test_bash5.2.patch 2023-10-14 17:12:09.721677669 +0100 +++ new-pass-otp-1.2.0-7/debian/patches/mark_test_bash5.2.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,24 +0,0 @@ -Author: Philip Rinn <ri...@debian.org> -Description: Mark tests failing that are buggy with bash 5.2~rc2 -Forwarded: not-needed -Last-update: 2022-09-05 ---- a/test/code.t -+++ b/test/code.t -@@ -19,7 +19,7 @@ - [[ ${#code} -eq 6 ]] - ' - --test_expect_success 'Generates HOTP code and increments counter' ' -+test_expect_failure 'Generates HOTP code and increments counter' ' - uri="otpauth://hotp/Example:al...@google.com?secret=JBSWY3DPEHPK3PXP&counter=10&issuer=Example" - inc="otpauth://hotp/Example:al...@google.com?secret=JBSWY3DPEHPK3PXP&counter=11&issuer=Example" - -@@ -30,7 +30,7 @@ - [[ $("$PASS" otp uri passfile) == "$inc" ]] - ' - --test_expect_success 'HOTP counter increments and preserves multiline contents' ' -+test_expect_failure 'HOTP counter increments and preserves multiline contents' ' - uri="otpauth://hotp/Example:al...@google.com?secret=JBSWY3DPEHPK3PXP&counter=10&issuer=Example" - inc="otpauth://hotp/Example:al...@google.com?secret=JBSWY3DPEHPK3PXP&counter=11&issuer=Example" - diff -rN -u old-pass-otp-1.2.0-7/debian/patches/series new-pass-otp-1.2.0-7/debian/patches/series --- old-pass-otp-1.2.0-7/debian/patches/series 2023-10-14 17:12:09.721677669 +0100 +++ new-pass-otp-1.2.0-7/debian/patches/series 2023-10-14 17:12:09.721677669 +0100 @@ -1 +1 @@ -mark_test_bash5.2.patch +bash5.2.patch