Hello community,
here is the log from the commit of package libu2f-host for openSUSE:Factory
checked in at 2019-03-06 15:52:06
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libu2f-host (Old)
and /work/SRC/openSUSE:Factory/.libu2f-host.new.28833 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libu2f-host"
Wed Mar 6 15:52:06 2019 rev:11 rq:682123 version:1.1.8
Changes:
--------
--- /work/SRC/openSUSE:Factory/libu2f-host/libu2f-host.changes 2019-02-11
21:23:40.959135507 +0100
+++ /work/SRC/openSUSE:Factory/.libu2f-host.new.28833/libu2f-host.changes
2019-03-06 15:52:14.492425718 +0100
@@ -1,0 +2,10 @@
+Tue Mar 5 17:06:59 UTC 2019 - Karol Babioch <kbabi...@suse.de>
+
+- Version 1.1.8 (released 2019-03-05)
+ - Add udev rules
+ - Drop 70-old-u2f.rules and use 70-u2f.rules for everything
+ - Use a random nonce for setting up CID to prevent fingerprinting
+ - CVE-2019-9578: Parse the response to init in a more stable way to prevent
+ leakage of uninitialized stack memory back to the device (bnc#1128140).
+
+-------------------------------------------------------------------
Old:
----
libu2f-host-1.1.7.tar.xz
libu2f-host-1.1.7.tar.xz.sig
New:
----
libu2f-host-1.1.8.tar.xz
libu2f-host-1.1.8.tar.xz.sig
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libu2f-host.spec ++++++
--- /var/tmp/diff_new_pack.boA2qH/_old 2019-03-06 15:52:15.176425580 +0100
+++ /var/tmp/diff_new_pack.boA2qH/_new 2019-03-06 15:52:15.180425580 +0100
@@ -18,7 +18,7 @@
%define sover 0
Name: libu2f-host
-Version: 1.1.7
+Version: 1.1.8
Release: 0
Summary: Yubico Universal 2nd Factor (U2F) Host C Library
License: LGPL-2.1-or-later
@@ -106,7 +106,7 @@
%files -n %{name}%{sover}
%{_libdir}/%{name}.so.%{sover}
-%{_libdir}/%{name}.so.%{sover}.1.7
+%{_libdir}/%{name}.so.%{sover}.1.8
%files -n %{name}-devel
%{_includedir}/u2f-host/
++++++ libu2f-host-1.1.7.tar.xz -> libu2f-host-1.1.8.tar.xz ++++++
++++ 3811 lines of diff (skipped)
++++ retrying with extended exclude list
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libu2f-host-1.1.7/70-old-u2f.rules new/libu2f-host-1.1.8/70-old-u2f.rules
--- old/libu2f-host-1.1.7/70-old-u2f.rules 2019-01-08 09:59:03.000000000
+0100
+++ new/libu2f-host-1.1.8/70-old-u2f.rules 1970-01-01 01:00:00.000000000
+0100
@@ -1,58 +0,0 @@
-# Copyright (C) 2013-2015 Yubico AB
-#
-# This program is free software; you can redistribute it and/or modify it
-# under the terms of the GNU Lesser General Public License as published by
-# the Free Software Foundation; either version 2.1, or (at your option)
-# any later version.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
-# General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public License
-# along with this program; if not, see <http://www.gnu.org/licenses/>.
-
-# this udev file should be used with udev older than 188
-ACTION!="add|change", GOTO="u2f_end"
-
-# Yubico YubiKey
-KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050",
ATTRS{idProduct}=="0113|0114|0115|0116|0120|0200|0402|0403|0406|0407|0410",
GROUP="plugdev", MODE="0660"
-
-# Happlink (formerly Plug-Up) Security KEY
-KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="2581",
ATTRS{idProduct}=="f1d0", GROUP="plugdev", MODE="0660"
-
-# Neowave Keydo and Keydo AES
-KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1e0d",
ATTRS{idProduct}=="f1d0|f1ae", GROUP="plugdev", MODE="0660"
-
-# HyperSecu HyperFIDO
-KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="096e|2ccf",
ATTRS{idProduct}=="0880", GROUP="plugdev", MODE="0660"
-
-# Feitian ePass FIDO, BioPass FIDO2
-KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="096e",
ATTRS{idProduct}=="0850|0852|0853|0854|0856|0858|085a|085b|085d",
GROUP="plugdev", MODE="0660"
-
-# JaCarta U2F
-KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="24dc",
ATTRS{idProduct}=="0101", GROUP="plugdev", MODE="0660"
-
-# U2F Zero
-KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="10c4",
ATTRS{idProduct}=="8acf", GROUP="plugdev", MODE="0660"
-
-# VASCO SeccureClick
-KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1a44",
ATTRS{idProduct}=="00bb", GROUP="plugdev", MODE="0660"
-
-# Bluink Key
-KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="2abe",
ATTRS{idProduct}=="1002", GROUP="plugdev", MODE="0660"
-
-# Thetis Key
-KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1ea8",
ATTRS{idProduct}=="f025", GROUP="plugdev", MODE="0660"
-
-# Nitrokey FIDO U2F
-KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="20a0",
ATTRS{idProduct}=="4287", GROUP="plugdev", MODE="0660"
-
-# Google Titan U2F
-KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="18d1",
ATTRS{idProduct}=="5026", GROUP="plugdev", MODE="0660"
-
-# Tomu board + chopstx U2F
-KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="0483",
ATTRS{idProduct}=="cdab", GROUP="plugdev", MODE="0660"
-
-LABEL="u2f_end"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libu2f-host-1.1.7/70-u2f.rules new/libu2f-host-1.1.8/70-u2f.rules
--- old/libu2f-host-1.1.7/70-u2f.rules 2019-01-08 09:59:03.000000000 +0100
+++ new/libu2f-host-1.1.8/70-u2f.rules 2019-02-13 15:13:46.000000000 +0100
@@ -17,42 +17,42 @@
ACTION!="add|change", GOTO="u2f_end"
# Yubico YubiKey
-KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050",
ATTRS{idProduct}=="0113|0114|0115|0116|0120|0200|0402|0403|0406|0407|0410",
TAG+="uaccess"
+KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050",
ATTRS{idProduct}=="0113|0114|0115|0116|0120|0200|0402|0403|0406|0407|0410",
TAG+="uaccess", GROUP="plugdev", MODE="0660"
# Happlink (formerly Plug-Up) Security KEY
-KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="2581",
ATTRS{idProduct}=="f1d0", TAG+="uaccess"
+KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="2581",
ATTRS{idProduct}=="f1d0", TAG+="uaccess", GROUP="plugdev", MODE="0660"
# Neowave Keydo and Keydo AES
-KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1e0d",
ATTRS{idProduct}=="f1d0|f1ae", TAG+="uaccess"
+KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1e0d",
ATTRS{idProduct}=="f1d0|f1ae", TAG+="uaccess", GROUP="plugdev", MODE="0660"
# HyperSecu HyperFIDO
-KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="096e|2ccf",
ATTRS{idProduct}=="0880", TAG+="uaccess"
+KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="096e|2ccf",
ATTRS{idProduct}=="0880", TAG+="uaccess", GROUP="plugdev", MODE="0660"
# Feitian ePass FIDO, BioPass FIDO2
-KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="096e",
ATTRS{idProduct}=="0850|0852|0853|0854|0856|0858|085a|085b|085d", TAG+="uaccess"
+KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="096e",
ATTRS{idProduct}=="0850|0852|0853|0854|0856|0858|085a|085b|085d",
TAG+="uaccess", GROUP="plugdev", MODE="0660"
# JaCarta U2F
-KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="24dc",
ATTRS{idProduct}=="0101", TAG+="uaccess"
+KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="24dc",
ATTRS{idProduct}=="0101|0501", TAG+="uaccess", GROUP="plugdev", MODE="0660"
# U2F Zero
-KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="10c4",
ATTRS{idProduct}=="8acf", TAG+="uaccess"
+KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="10c4",
ATTRS{idProduct}=="8acf", TAG+="uaccess", GROUP="plugdev", MODE="0660"
# VASCO SeccureClick
-KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1a44",
ATTRS{idProduct}=="00bb", TAG+="uaccess"
+KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1a44",
ATTRS{idProduct}=="00bb", TAG+="uaccess", GROUP="plugdev", MODE="0660"
# Bluink Key
-KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="2abe",
ATTRS{idProduct}=="1002", TAG+="uaccess"
+KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="2abe",
ATTRS{idProduct}=="1002", TAG+="uaccess", GROUP="plugdev", MODE="0660"
# Thetis Key
-KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1ea8",
ATTRS{idProduct}=="f025", TAG+="uaccess"
+KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1ea8",
ATTRS{idProduct}=="f025", TAG+="uaccess", GROUP="plugdev", MODE="0660"
# Nitrokey FIDO U2F
-KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="20a0",
ATTRS{idProduct}=="4287", TAG+="uaccess"
+KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="20a0",
ATTRS{idProduct}=="4287", TAG+="uaccess", GROUP="plugdev", MODE="0660"
# Google Titan U2F
-KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="18d1",
ATTRS{idProduct}=="5026", TAG+="uaccess"
+KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="18d1",
ATTRS{idProduct}=="5026", TAG+="uaccess", GROUP="plugdev", MODE="0660"
# Tomu board + chopstx U2F
-KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="0483",
ATTRS{idProduct}=="cdab", TAG+="uaccess"
+KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="0483",
ATTRS{idProduct}=="cdab", TAG+="uaccess", GROUP="plugdev", MODE="0660"
LABEL="u2f_end"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libu2f-host-1.1.7/ChangeLog new/libu2f-host-1.1.8/ChangeLog
--- old/libu2f-host-1.1.7/ChangeLog 2019-01-08 10:14:02.000000000 +0100
+++ new/libu2f-host-1.1.8/ChangeLog 2019-03-05 14:05:55.000000000 +0100
@@ -1,3 +1,55 @@
+2019-03-05 Klas Lindfors <k...@yubico.com>
+
+ * NEWS: NEWS for 1.1.8
+
+2019-03-05 Klas Lindfors <k...@yubico.com>
+
+ * u2f-host/devs.c: use #ifdef rather than #if defined () make
syntax-check complained about the latter
+
+2019-02-22 Klas Lindfors <k...@yubico.com>
+
+ * u2f-host/devs.c: fix filling out of initresp
+
+2019-02-13 Klas Lindfors <k...@yubico.com>
+
+ * : commit 5a941ed0726f7efd23ebd613b4207ac335820dc5 Author: Klas
+ Lindfors <k...@yubico.com> Date: Wed Feb 13 15:12:12 2019 +0100
+
+2019-02-13 Klas Lindfors <k...@yubico.com>
+
+ * : commit 2892b9c15f7c1c84691013bdcb388001298391b3 Author: Gabriel
+ Kihlman <g.kihl...@yubico.com> Date: Wed Feb 13 10:24:14 2019
+ +0100
+
+2019-02-08 Nicolas Braud-Santoni <nico...@braud-santoni.eu>
+
+ * 70-u2f.rules: 70-u2f.rules: Support group plugdev Made with: sed
-i 's|^\(K.*\)$|\0, GROUP="plugdev"|g'
+ 70-u2f.rules Checked with: diff <(sed 's/TAG+="uaccess", //g'
+ 70-u2f.rules) 70-old-u2f.rules Closes #96
+
+2018-05-06 Nicolas Braud-Santoni <nico...@braud-santoni.eu>
+
+ * 70-old-u2f.rules: 70-old-u2f.rules: Remove extraneous space
+
+2019-02-08 Klas Lindfors <k...@yubico.com>
+
+ * : commit 5253a8c32a0b19b2f8e2b6ee4966548ddb206f22 Merge: 7b045e2
+ a47148a Author: Klas Lindfors <k...@yubico.com> Date: Wed Jan 30
+ 12:10:41 2019 +0100
+
+2019-01-30 Oleg <qmor.q...@gmail.com>
+
+ * 70-old-u2f.rules, u2f.conf.sample: Sync files u2f.conf.sample
+ 70-old-u2f.rules with 70-u2f.rules
+
+2019-01-30 Oleg <qmor.q...@gmail.com>
+
+ * 70-u2f.rules: Adding support for JaCarta2 U2F
+
+2019-01-08 Klas Lindfors <k...@yubico.com>
+
+ * NEWS, configure.ac: bump versions after release
+
2018-12-27 Klas Lindfors <k...@yubico.com>
* NEWS: NEWS for 1.1.7
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libu2f-host-1.1.7/INSTALL new/libu2f-host-1.1.8/INSTALL
--- old/libu2f-host-1.1.7/INSTALL 2017-06-30 15:40:10.000000000 +0200
+++ new/libu2f-host-1.1.8/INSTALL 2019-02-13 15:11:50.000000000 +0100
@@ -1,8 +1,8 @@
Installation Instructions
*************************
-Copyright (C) 1994-1996, 1999-2002, 2004-2013 Free Software Foundation,
-Inc.
+ Copyright (C) 1994-1996, 1999-2002, 2004-2016 Free Software
+Foundation, Inc.
Copying and distribution of this file, with or without modification,
are permitted in any medium without royalty provided the copyright
@@ -12,97 +12,96 @@
Basic Installation
==================
- Briefly, the shell command `./configure && make && make install'
+ Briefly, the shell command './configure && make && make install'
should configure, build, and install this package. The following
-more-detailed instructions are generic; see the `README' file for
+more-detailed instructions are generic; see the 'README' file for
instructions specific to this package. Some packages provide this
-`INSTALL' file but do not implement all of the features documented
+'INSTALL' file but do not implement all of the features documented
below. The lack of an optional feature in a given package is not
necessarily a bug. More recommendations for GNU packages can be found
in *note Makefile Conventions: (standards)Makefile Conventions.
- The `configure' shell script attempts to guess correct values for
+ The 'configure' shell script attempts to guess correct values for
various system-dependent variables used during compilation. It uses
-those values to create a `Makefile' in each directory of the package.
-It may also create one or more `.h' files containing system-dependent
-definitions. Finally, it creates a shell script `config.status' that
+those values to create a 'Makefile' in each directory of the package.
+It may also create one or more '.h' files containing system-dependent
+definitions. Finally, it creates a shell script 'config.status' that
you can run in the future to recreate the current configuration, and a
-file `config.log' containing compiler output (useful mainly for
-debugging `configure').
+file 'config.log' containing compiler output (useful mainly for
+debugging 'configure').
- It can also use an optional file (typically called `config.cache'
-and enabled with `--cache-file=config.cache' or simply `-C') that saves
-the results of its tests to speed up reconfiguring. Caching is
-disabled by default to prevent problems with accidental use of stale
-cache files.
+ It can also use an optional file (typically called 'config.cache' and
+enabled with '--cache-file=config.cache' or simply '-C') that saves the
+results of its tests to speed up reconfiguring. Caching is disabled by
+default to prevent problems with accidental use of stale cache files.
If you need to do unusual things to compile the package, please try
-to figure out how `configure' could check whether to do them, and mail
-diffs or instructions to the address given in the `README' so they can
+to figure out how 'configure' could check whether to do them, and mail
+diffs or instructions to the address given in the 'README' so they can
be considered for the next release. If you are using the cache, and at
-some point `config.cache' contains results you don't want to keep, you
+some point 'config.cache' contains results you don't want to keep, you
may remove or edit it.
- The file `configure.ac' (or `configure.in') is used to create
-`configure' by a program called `autoconf'. You need `configure.ac' if
-you want to change it or regenerate `configure' using a newer version
-of `autoconf'.
+ The file 'configure.ac' (or 'configure.in') is used to create
+'configure' by a program called 'autoconf'. You need 'configure.ac' if
+you want to change it or regenerate 'configure' using a newer version of
+'autoconf'.
The simplest way to compile this package is:
- 1. `cd' to the directory containing the package's source code and type
- `./configure' to configure the package for your system.
+ 1. 'cd' to the directory containing the package's source code and type
+ './configure' to configure the package for your system.
- Running `configure' might take a while. While running, it prints
+ Running 'configure' might take a while. While running, it prints
some messages telling which features it is checking for.
- 2. Type `make' to compile the package.
+ 2. Type 'make' to compile the package.
- 3. Optionally, type `make check' to run any self-tests that come with
+ 3. Optionally, type 'make check' to run any self-tests that come with
the package, generally using the just-built uninstalled binaries.
- 4. Type `make install' to install the programs and any data files and
+ 4. Type 'make install' to install the programs and any data files and
documentation. When installing into a prefix owned by root, it is
recommended that the package be configured and built as a regular
- user, and only the `make install' phase executed with root
+ user, and only the 'make install' phase executed with root
privileges.
- 5. Optionally, type `make installcheck' to repeat any self-tests, but
+ 5. Optionally, type 'make installcheck' to repeat any self-tests, but
this time using the binaries in their final installed location.
This target does not install anything. Running this target as a
- regular user, particularly if the prior `make install' required
+ regular user, particularly if the prior 'make install' required
root privileges, verifies that the installation completed
correctly.
6. You can remove the program binaries and object files from the
- source code directory by typing `make clean'. To also remove the
- files that `configure' created (so you can compile the package for
- a different kind of computer), type `make distclean'. There is
- also a `make maintainer-clean' target, but that is intended mainly
+ source code directory by typing 'make clean'. To also remove the
+ files that 'configure' created (so you can compile the package for
+ a different kind of computer), type 'make distclean'. There is
+ also a 'make maintainer-clean' target, but that is intended mainly
for the package's developers. If you use it, you may have to get
all sorts of other programs in order to regenerate files that came
with the distribution.
- 7. Often, you can also type `make uninstall' to remove the installed
+ 7. Often, you can also type 'make uninstall' to remove the installed
files again. In practice, not all packages have tested that
uninstallation works correctly, even though it is required by the
GNU Coding Standards.
- 8. Some packages, particularly those that use Automake, provide `make
+ 8. Some packages, particularly those that use Automake, provide 'make
distcheck', which can by used by developers to test that all other
- targets like `make install' and `make uninstall' work correctly.
+ targets like 'make install' and 'make uninstall' work correctly.
This target is generally not run by end users.
Compilers and Options
=====================
Some systems require unusual options for compilation or linking that
-the `configure' script does not know about. Run `./configure --help'
+the 'configure' script does not know about. Run './configure --help'
for details on some of the pertinent environment variables.
- You can give `configure' initial values for configuration parameters
-by setting variables in the command line or in the environment. Here
-is an example:
+ You can give 'configure' initial values for configuration parameters
+by setting variables in the command line or in the environment. Here is
+an example:
./configure CC=c99 CFLAGS=-g LIBS=-lposix
@@ -113,21 +112,21 @@
You can compile the package for more than one kind of computer at the
same time, by placing the object files for each architecture in their
-own directory. To do this, you can use GNU `make'. `cd' to the
+own directory. To do this, you can use GNU 'make'. 'cd' to the
directory where you want the object files and executables to go and run
-the `configure' script. `configure' automatically checks for the
-source code in the directory that `configure' is in and in `..'. This
-is known as a "VPATH" build.
+the 'configure' script. 'configure' automatically checks for the source
+code in the directory that 'configure' is in and in '..'. This is known
+as a "VPATH" build.
- With a non-GNU `make', it is safer to compile the package for one
+ With a non-GNU 'make', it is safer to compile the package for one
architecture at a time in the source code directory. After you have
-installed the package for one architecture, use `make distclean' before
+installed the package for one architecture, use 'make distclean' before
reconfiguring for another architecture.
On MacOS X 10.5 and later systems, you can create libraries and
executables that work on multiple system types--known as "fat" or
-"universal" binaries--by specifying multiple `-arch' options to the
-compiler but only a single `-arch' option to the preprocessor. Like
+"universal" binaries--by specifying multiple '-arch' options to the
+compiler but only a single '-arch' option to the preprocessor. Like
this:
./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
@@ -136,105 +135,104 @@
This is not guaranteed to produce working output in all cases, you
may have to build one architecture at a time and combine the results
-using the `lipo' tool if you have problems.
+using the 'lipo' tool if you have problems.
Installation Names
==================
- By default, `make install' installs the package's commands under
-`/usr/local/bin', include files under `/usr/local/include', etc. You
-can specify an installation prefix other than `/usr/local' by giving
-`configure' the option `--prefix=PREFIX', where PREFIX must be an
+ By default, 'make install' installs the package's commands under
+'/usr/local/bin', include files under '/usr/local/include', etc. You
+can specify an installation prefix other than '/usr/local' by giving
+'configure' the option '--prefix=PREFIX', where PREFIX must be an
absolute file name.
You can specify separate installation prefixes for
architecture-specific files and architecture-independent files. If you
-pass the option `--exec-prefix=PREFIX' to `configure', the package uses
+pass the option '--exec-prefix=PREFIX' to 'configure', the package uses
PREFIX as the prefix for installing programs and libraries.
Documentation and other data files still use the regular prefix.
In addition, if you use an unusual directory layout you can give
-options like `--bindir=DIR' to specify different values for particular
-kinds of files. Run `configure --help' for a list of the directories
-you can set and what kinds of files go in them. In general, the
-default for these options is expressed in terms of `${prefix}', so that
-specifying just `--prefix' will affect all of the other directory
+options like '--bindir=DIR' to specify different values for particular
+kinds of files. Run 'configure --help' for a list of the directories
+you can set and what kinds of files go in them. In general, the default
+for these options is expressed in terms of '${prefix}', so that
+specifying just '--prefix' will affect all of the other directory
specifications that were not explicitly provided.
The most portable way to affect installation locations is to pass the
-correct locations to `configure'; however, many packages provide one or
+correct locations to 'configure'; however, many packages provide one or
both of the following shortcuts of passing variable assignments to the
-`make install' command line to change installation locations without
+'make install' command line to change installation locations without
having to reconfigure or recompile.
The first method involves providing an override variable for each
-affected directory. For example, `make install
+affected directory. For example, 'make install
prefix=/alternate/directory' will choose an alternate location for all
directory configuration variables that were expressed in terms of
-`${prefix}'. Any directories that were specified during `configure',
-but not in terms of `${prefix}', must each be overridden at install
-time for the entire installation to be relocated. The approach of
-makefile variable overrides for each directory variable is required by
-the GNU Coding Standards, and ideally causes no recompilation.
-However, some platforms have known limitations with the semantics of
-shared libraries that end up requiring recompilation when using this
-method, particularly noticeable in packages that use GNU Libtool.
-
- The second method involves providing the `DESTDIR' variable. For
-example, `make install DESTDIR=/alternate/directory' will prepend
-`/alternate/directory' before all installation names. The approach of
-`DESTDIR' overrides is not required by the GNU Coding Standards, and
+'${prefix}'. Any directories that were specified during 'configure',
+but not in terms of '${prefix}', must each be overridden at install time
+for the entire installation to be relocated. The approach of makefile
+variable overrides for each directory variable is required by the GNU
+Coding Standards, and ideally causes no recompilation. However, some
+platforms have known limitations with the semantics of shared libraries
+that end up requiring recompilation when using this method, particularly
+noticeable in packages that use GNU Libtool.
+
+ The second method involves providing the 'DESTDIR' variable. For
+example, 'make install DESTDIR=/alternate/directory' will prepend
+'/alternate/directory' before all installation names. The approach of
+'DESTDIR' overrides is not required by the GNU Coding Standards, and
does not work on platforms that have drive letters. On the other hand,
it does better at avoiding recompilation issues, and works well even
-when some directory options were not specified in terms of `${prefix}'
-at `configure' time.
+when some directory options were not specified in terms of '${prefix}'
+at 'configure' time.
Optional Features
=================
If the package supports it, you can cause programs to be installed
-with an extra prefix or suffix on their names by giving `configure' the
-option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
+with an extra prefix or suffix on their names by giving 'configure' the
+option '--program-prefix=PREFIX' or '--program-suffix=SUFFIX'.
- Some packages pay attention to `--enable-FEATURE' options to
-`configure', where FEATURE indicates an optional part of the package.
-They may also pay attention to `--with-PACKAGE' options, where PACKAGE
-is something like `gnu-as' or `x' (for the X Window System). The
-`README' should mention any `--enable-' and `--with-' options that the
+ Some packages pay attention to '--enable-FEATURE' options to
+'configure', where FEATURE indicates an optional part of the package.
+They may also pay attention to '--with-PACKAGE' options, where PACKAGE
+is something like 'gnu-as' or 'x' (for the X Window System). The
+'README' should mention any '--enable-' and '--with-' options that the
package recognizes.
- For packages that use the X Window System, `configure' can usually
+ For packages that use the X Window System, 'configure' can usually
find the X include and library files automatically, but if it doesn't,
-you can use the `configure' options `--x-includes=DIR' and
-`--x-libraries=DIR' to specify their locations.
+you can use the 'configure' options '--x-includes=DIR' and
+'--x-libraries=DIR' to specify their locations.
Some packages offer the ability to configure how verbose the
-execution of `make' will be. For these packages, running `./configure
+execution of 'make' will be. For these packages, running './configure
--enable-silent-rules' sets the default to minimal output, which can be
-overridden with `make V=1'; while running `./configure
+overridden with 'make V=1'; while running './configure
--disable-silent-rules' sets the default to verbose, which can be
-overridden with `make V=0'.
+overridden with 'make V=0'.
Particular systems
==================
- On HP-UX, the default C compiler is not ANSI C compatible. If GNU
-CC is not installed, it is recommended to use the following options in
+ On HP-UX, the default C compiler is not ANSI C compatible. If GNU CC
+is not installed, it is recommended to use the following options in
order to use an ANSI C compiler:
./configure CC="cc -Ae -D_XOPEN_SOURCE=500"
and if that doesn't work, install pre-built binaries of GCC for HP-UX.
- HP-UX `make' updates targets which have the same time stamps as
-their prerequisites, which makes it generally unusable when shipped
-generated files such as `configure' are involved. Use GNU `make'
-instead.
+ HP-UX 'make' updates targets which have the same time stamps as their
+prerequisites, which makes it generally unusable when shipped generated
+files such as 'configure' are involved. Use GNU 'make' instead.
On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot
-parse its `<wchar.h>' header file. The option `-nodtk' can be used as
-a workaround. If GNU CC is not installed, it is therefore recommended
-to try
+parse its '<wchar.h>' header file. The option '-nodtk' can be used as a
+workaround. If GNU CC is not installed, it is therefore recommended to
+try
./configure CC="cc"
@@ -242,26 +240,26 @@
./configure CC="cc -nodtk"
- On Solaris, don't put `/usr/ucb' early in your `PATH'. This
+ On Solaris, don't put '/usr/ucb' early in your 'PATH'. This
directory contains several dysfunctional programs; working variants of
-these programs are available in `/usr/bin'. So, if you need `/usr/ucb'
-in your `PATH', put it _after_ `/usr/bin'.
+these programs are available in '/usr/bin'. So, if you need '/usr/ucb'
+in your 'PATH', put it _after_ '/usr/bin'.
- On Haiku, software installed for all users goes in `/boot/common',
-not `/usr/local'. It is recommended to use the following options:
+ On Haiku, software installed for all users goes in '/boot/common',
+not '/usr/local'. It is recommended to use the following options:
./configure --prefix=/boot/common
Specifying the System Type
==========================
- There may be some features `configure' cannot figure out
+ There may be some features 'configure' cannot figure out
automatically, but needs to determine by the type of machine the package
will run on. Usually, assuming the package is built to be run on the
-_same_ architectures, `configure' can figure that out, but if it prints
+_same_ architectures, 'configure' can figure that out, but if it prints
a message saying it cannot guess the machine type, give it the
-`--build=TYPE' option. TYPE can either be a short name for the system
-type, such as `sun4', or a canonical name which has the form:
+'--build=TYPE' option. TYPE can either be a short name for the system
+type, such as 'sun4', or a canonical name which has the form:
CPU-COMPANY-SYSTEM
@@ -270,101 +268,101 @@
OS
KERNEL-OS
- See the file `config.sub' for the possible values of each field. If
-`config.sub' isn't included in this package, then this package doesn't
+ See the file 'config.sub' for the possible values of each field. If
+'config.sub' isn't included in this package, then this package doesn't
need to know the machine type.
If you are _building_ compiler tools for cross-compiling, you should
-use the option `--target=TYPE' to select the type of system they will
+use the option '--target=TYPE' to select the type of system they will
produce code for.
If you want to _use_ a cross compiler, that generates code for a
platform different from the build platform, you should specify the
"host" platform (i.e., that on which the generated programs will
-eventually be run) with `--host=TYPE'.
+eventually be run) with '--host=TYPE'.
Sharing Defaults
================
- If you want to set default values for `configure' scripts to share,
-you can create a site shell script called `config.site' that gives
-default values for variables like `CC', `cache_file', and `prefix'.
-`configure' looks for `PREFIX/share/config.site' if it exists, then
-`PREFIX/etc/config.site' if it exists. Or, you can set the
-`CONFIG_SITE' environment variable to the location of the site script.
-A warning: not all `configure' scripts look for a site script.
+ If you want to set default values for 'configure' scripts to share,
+you can create a site shell script called 'config.site' that gives
+default values for variables like 'CC', 'cache_file', and 'prefix'.
+'configure' looks for 'PREFIX/share/config.site' if it exists, then
+'PREFIX/etc/config.site' if it exists. Or, you can set the
+'CONFIG_SITE' environment variable to the location of the site script.
+A warning: not all 'configure' scripts look for a site script.
Defining Variables
==================
Variables not defined in a site shell script can be set in the
-environment passed to `configure'. However, some packages may run
+environment passed to 'configure'. However, some packages may run
configure again during the build, and the customized values of these
variables may be lost. In order to avoid this problem, you should set
-them in the `configure' command line, using `VAR=value'. For example:
+them in the 'configure' command line, using 'VAR=value'. For example:
./configure CC=/usr/local2/bin/gcc
-causes the specified `gcc' to be used as the C compiler (unless it is
+causes the specified 'gcc' to be used as the C compiler (unless it is
overridden in the site shell script).
-Unfortunately, this technique does not work for `CONFIG_SHELL' due to
-an Autoconf limitation. Until the limitation is lifted, you can use
-this workaround:
+Unfortunately, this technique does not work for 'CONFIG_SHELL' due to an
+Autoconf limitation. Until the limitation is lifted, you can use this
+workaround:
CONFIG_SHELL=/bin/bash ./configure CONFIG_SHELL=/bin/bash
-`configure' Invocation
+'configure' Invocation
======================
- `configure' recognizes the following options to control how it
+ 'configure' recognizes the following options to control how it
operates.
-`--help'
-`-h'
- Print a summary of all of the options to `configure', and exit.
+'--help'
+'-h'
+ Print a summary of all of the options to 'configure', and exit.
-`--help=short'
-`--help=recursive'
+'--help=short'
+'--help=recursive'
Print a summary of the options unique to this package's
- `configure', and exit. The `short' variant lists options used
- only in the top level, while the `recursive' variant lists options
- also present in any nested packages.
-
-`--version'
-`-V'
- Print the version of Autoconf used to generate the `configure'
+ 'configure', and exit. The 'short' variant lists options used only
+ in the top level, while the 'recursive' variant lists options also
+ present in any nested packages.
+
+'--version'
+'-V'
+ Print the version of Autoconf used to generate the 'configure'
script, and exit.
-`--cache-file=FILE'
+'--cache-file=FILE'
Enable the cache: use and save the results of the tests in FILE,
- traditionally `config.cache'. FILE defaults to `/dev/null' to
+ traditionally 'config.cache'. FILE defaults to '/dev/null' to
disable caching.
-`--config-cache'
-`-C'
- Alias for `--cache-file=config.cache'.
-
-`--quiet'
-`--silent'
-`-q'
+'--config-cache'
+'-C'
+ Alias for '--cache-file=config.cache'.
+
+'--quiet'
+'--silent'
+'-q'
Do not print messages saying which checks are being made. To
- suppress all normal output, redirect it to `/dev/null' (any error
+ suppress all normal output, redirect it to '/dev/null' (any error
messages will still be shown).
-`--srcdir=DIR'
+'--srcdir=DIR'
Look for the package's source code in directory DIR. Usually
- `configure' can determine that directory automatically.
+ 'configure' can determine that directory automatically.
-`--prefix=DIR'
- Use DIR as the installation prefix. *note Installation Names::
- for more details, including other options available for fine-tuning
- the installation locations.
+'--prefix=DIR'
+ Use DIR as the installation prefix. *note Installation Names:: for
+ more details, including other options available for fine-tuning the
+ installation locations.
-`--no-create'
-`-n'
+'--no-create'
+'-n'
Run the configure checks, but stop before creating any output
files.
-`configure' also accepts some other, not widely useful, options. Run
-`configure --help' for more details.
+'configure' also accepts some other, not widely useful, options. Run
+'configure --help' for more details.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libu2f-host-1.1.7/Makefile.am new/libu2f-host-1.1.8/Makefile.am
--- old/libu2f-host-1.1.7/Makefile.am 2019-01-08 10:13:57.000000000 +0100
+++ new/libu2f-host-1.1.8/Makefile.am 2019-02-13 15:13:46.000000000 +0100
@@ -23,7 +23,7 @@
EXTRA_DIST += doc/Mode_switch_YubiKey.adoc
-EXTRA_DIST += 70-u2f.rules 70-old-u2f.rules
+EXTRA_DIST += 70-u2f.rules
udevrulesdir = @udevrulesdir@
dist_udevrules_DATA = $(udevrulesfile)
@@ -51,3 +51,11 @@
gpg --verify $(PACKAGE)-$(VERSION).tar.xz.sig
gpg --verify $(PACKAGE)-$(VERSION)-win32.zip.sig
gpg --verify $(PACKAGE)-$(VERSION)-win64.zip.sig
+ cd $(srcdir) && git push
+ cd $(srcdir) && git tag -s -m "$(PACKAGE) $(VERSION)"
$(PACKAGE)-$(VERSION)
+ cd $(srcdir) && git push --tags
+ $(YUBICO_WWW_REPO)/publish $(PACKAGE) $(VERSION)
$(PACKAGE)-$(VERSION).tar.xz*
+ $(YUBICO_WWW_REPO)/publish $(PACKAGE) $(VERSION)
$(PACKAGE)-$(VERSION)-win32.zip*
+ $(YUBICO_WWW_REPO)/publish $(PACKAGE) $(VERSION)
$(PACKAGE)-$(VERSION)-win64.zip*
+ $(HELP2ADOC) -e src/u2f-host -n "Yubico Universal 2nd Factor (U2F) Host
Tool" > u2f-host.1.txt
+ $(YUBICO_WWW_REPO)/save-mans $(PACKAGE) u2f-host.1.txt
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libu2f-host-1.1.7/NEWS new/libu2f-host-1.1.8/NEWS
--- old/libu2f-host-1.1.7/NEWS 2019-01-08 10:12:12.000000000 +0100
+++ new/libu2f-host-1.1.8/NEWS 2019-03-05 14:02:14.000000000 +0100
@@ -1,5 +1,17 @@
libu2f-host NEWS -- History of user visible changes.
+* Version 1.1.8 (released 2019-03-05)
+
+** Add udev rules.
+
+** Drop 70-old-u2f.rules and use 70-u2f.rules for everything.
+
+** Use a random nonce for setting up CID to prevent fingerprinting.
+
+** Parse the response to init in a more stable way.
+The old parser could leak 4 bytes of uninitialized stack back to the device.
+Reported by Christian Reitter.
+
* Version 1.1.7 (released 2019-01-08)
** Fix for trusting length from deivce in device init.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libu2f-host-1.1.7/build-aux/ar-lib new/libu2f-host-1.1.8/build-aux/ar-lib
--- old/libu2f-host-1.1.7/build-aux/ar-lib 2017-06-30 15:40:10.000000000
+0200
+++ new/libu2f-host-1.1.8/build-aux/ar-lib 2019-02-13 15:11:50.000000000
+0100
@@ -4,7 +4,7 @@
me=ar-lib
scriptversion=2012-03-01.08; # UTC
-# Copyright (C) 2010-2014 Free Software Foundation, Inc.
+# Copyright (C) 2010-2017 Free Software Foundation, Inc.
# Written by Peter Rosin <p...@lysator.liu.se>.
#
# This program is free software; you can redistribute it and/or modify
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libu2f-host-1.1.7/config.h.in new/libu2f-host-1.1.8/config.h.in
--- old/libu2f-host-1.1.7/config.h.in 2019-01-08 10:14:03.000000000 +0100
+++ new/libu2f-host-1.1.8/config.h.in 2019-02-22 12:31:44.000000000 +0100
@@ -21,6 +21,9 @@
/* Define to 1 when the gnulib module strverscmp should be tested. */
#undef GNULIB_TEST_STRVERSCMP
+/* Discovered a random device */
+#undef HAVE_DEV_URANDOM
+
/* Define to 1 if you have the <dlfcn.h> header file. */
#undef HAVE_DLFCN_H
@@ -191,37 +194,37 @@
/* Enable extensions on AIX 3, Interix. */
#ifndef _ALL_SOURCE
-# undef _ALL_SOURCE
+#undef _ALL_SOURCE
#endif
/* Enable general extensions on OS X. */
#ifndef _DARWIN_C_SOURCE
-# undef _DARWIN_C_SOURCE
+#undef _DARWIN_C_SOURCE
#endif
/* Enable GNU extensions on systems that have them. */
#ifndef _GNU_SOURCE
-# undef _GNU_SOURCE
+#undef _GNU_SOURCE
#endif
/* Use GNU style printf and scanf. */
#ifndef __USE_MINGW_ANSI_STDIO
-# undef __USE_MINGW_ANSI_STDIO
+#undef __USE_MINGW_ANSI_STDIO
#endif
/* Enable threading extensions on Solaris. */
#ifndef _POSIX_PTHREAD_SEMANTICS
-# undef _POSIX_PTHREAD_SEMANTICS
+#undef _POSIX_PTHREAD_SEMANTICS
#endif
/* Enable extensions on HP NonStop. */
#ifndef _TANDEM_SOURCE
-# undef _TANDEM_SOURCE
+#undef _TANDEM_SOURCE
#endif
/* Enable X/Open extensions if necessary. HP-UX 11.11 defines
mbstate_t only if _XOPEN_SOURCE is defined to 500, regardless of
whether compiling with -Ae or -D_HPUX_SOURCE=1. */
#ifndef _XOPEN_SOURCE
-# undef _XOPEN_SOURCE
+#undef _XOPEN_SOURCE
#endif
/* Enable general extensions on Solaris. */
#ifndef __EXTENSIONS__
-# undef __EXTENSIONS__
+#undef __EXTENSIONS__
#endif
@@ -239,13 +242,13 @@
/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
significant byte first (like Motorola and SPARC, unlike Intel). */
#if defined AC_APPLE_UNIVERSAL_BUILD
-# if defined __BIG_ENDIAN__
-# define WORDS_BIGENDIAN 1
-# endif
+#if defined __BIG_ENDIAN__
+#define WORDS_BIGENDIAN 1
+#endif
#else
-# ifndef WORDS_BIGENDIAN
-# undef WORDS_BIGENDIAN
-# endif
+#ifndef WORDS_BIGENDIAN
+#undef WORDS_BIGENDIAN
+#endif
#endif
/* Define to 1 if on MINIX. */
@@ -257,14 +260,14 @@
/* The _Noreturn keyword of C11. */
#if ! (defined _Noreturn \
|| (defined __STDC_VERSION__ && 201112 <= __STDC_VERSION__))
-# if (3 <= __GNUC__ || (__GNUC__ == 2 && 8 <= __GNUC_MINOR__) \
+#if (3 <= __GNUC__ || (__GNUC__ == 2 && 8 <= __GNUC_MINOR__) \
|| 0x5110 <= __SUNPRO_C)
-# define _Noreturn __attribute__ ((__noreturn__))
-# elif defined _MSC_VER && 1200 <= _MSC_VER
-# define _Noreturn __declspec (noreturn)
-# else
-# define _Noreturn
-# endif
+#define _Noreturn __attribute__ ((__noreturn__))
+#elif defined _MSC_VER && 1200 <= _MSC_VER
+#define _Noreturn __declspec (noreturn)
+#else
+#define _Noreturn
+#endif
#endif
@@ -315,7 +318,7 @@
&& (defined __GNUC__ || defined __cplusplus)) \
|| (defined _FORTIFY_SOURCE && 0 < _FORTIFY_SOURCE \
&& defined __GNUC__ && ! defined __cplusplus))))
-# define _GL_EXTERN_INLINE_STDHEADER_BUG
+#define _GL_EXTERN_INLINE_STDHEADER_BUG
#endif
#if ((__GNUC__ \
? defined __GNUC_STDC_INLINE__ && __GNUC_STDC_INLINE__ \
@@ -323,22 +326,22 @@
&& !defined __HP_cc \
&& !(defined __SUNPRO_C && __STDC__))) \
&& !defined _GL_EXTERN_INLINE_STDHEADER_BUG)
-# define _GL_INLINE inline
-# define _GL_EXTERN_INLINE extern inline
-# define _GL_EXTERN_INLINE_IN_USE
+#define _GL_INLINE inline
+#define _GL_EXTERN_INLINE extern inline
+#define _GL_EXTERN_INLINE_IN_USE
#elif (2 < __GNUC__ + (7 <= __GNUC_MINOR__) && !defined __STRICT_ANSI__ \
&& !defined _GL_EXTERN_INLINE_STDHEADER_BUG)
-# if defined __GNUC_GNU_INLINE__ && __GNUC_GNU_INLINE__
+#if defined __GNUC_GNU_INLINE__ && __GNUC_GNU_INLINE__
/* __gnu_inline__ suppresses a GCC 4.2 diagnostic. */
-# define _GL_INLINE extern inline __attribute__ ((__gnu_inline__))
-# else
-# define _GL_INLINE extern inline
-# endif
-# define _GL_EXTERN_INLINE extern
-# define _GL_EXTERN_INLINE_IN_USE
+#define _GL_INLINE extern inline __attribute__ ((__gnu_inline__))
#else
-# define _GL_INLINE static _GL_UNUSED
-# define _GL_EXTERN_INLINE static _GL_UNUSED
+#define _GL_INLINE extern inline
+#endif
+#define _GL_EXTERN_INLINE extern
+#define _GL_EXTERN_INLINE_IN_USE
+#else
+#define _GL_INLINE static _GL_UNUSED
+#define _GL_EXTERN_INLINE static _GL_UNUSED
#endif
/* In GCC, suppress bogus "no previous prototype for 'FOO'"
@@ -347,22 +350,22 @@
<https://gcc.gnu.org/bugzilla/show_bug.cgi?id=54113> and
<https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63877>. */
#if 4 < __GNUC__ + (6 <= __GNUC_MINOR__)
-# if defined __GNUC_STDC_INLINE__ && __GNUC_STDC_INLINE__
-# define _GL_INLINE_HEADER_CONST_PRAGMA
-# else
-# define _GL_INLINE_HEADER_CONST_PRAGMA \
+#if defined __GNUC_STDC_INLINE__ && __GNUC_STDC_INLINE__
+#define _GL_INLINE_HEADER_CONST_PRAGMA
+#else
+#define _GL_INLINE_HEADER_CONST_PRAGMA \
_Pragma ("GCC diagnostic ignored \"-Wsuggest-attribute=const\"")
-# endif
-# define _GL_INLINE_HEADER_BEGIN \
+#endif
+#define _GL_INLINE_HEADER_BEGIN \
_Pragma ("GCC diagnostic push") \
_Pragma ("GCC diagnostic ignored \"-Wmissing-prototypes\"") \
_Pragma ("GCC diagnostic ignored \"-Wmissing-declarations\"") \
_GL_INLINE_HEADER_CONST_PRAGMA
-# define _GL_INLINE_HEADER_END \
+#define _GL_INLINE_HEADER_END \
_Pragma ("GCC diagnostic pop")
#else
-# define _GL_INLINE_HEADER_BEGIN
-# define _GL_INLINE_HEADER_END
+#define _GL_INLINE_HEADER_BEGIN
+#define _GL_INLINE_HEADER_END
#endif
/* Work around a bug in Apple GCC 4.0.1 build 5465: In C99 mode, it supports
@@ -372,7 +375,7 @@
__APPLE_CC__ tests for the Apple compiler and its version.
__STDC_VERSION__ tests for the C99 mode. */
#if defined __APPLE__ && defined __MACH__ && __APPLE_CC__ >= 5465 && !defined
__cplusplus && __STDC_VERSION__ >= 199901L && !defined __GNUC_STDC_INLINE__
-# define __GNUC_STDC_INLINE__ 1
+#define __GNUC_STDC_INLINE__ 1
#endif
/* Define to `int' if <sys/types.h> does not define. */
@@ -391,8 +394,8 @@
previous line. Perhaps some future version of Sun C++ will work with
restrict; if so, hopefully it defines __RESTRICT like Sun C does. */
#if defined __SUNPRO_CC && !defined __RESTRICT
-# define _Restrict
-# define __restrict__
+#define _Restrict
+#define __restrict__
#endif
/* Define as a signed type of the same size as size_t. */
@@ -402,9 +405,9 @@
be used. This helps to reduce warnings, such as from
GCC -Wunused-parameter. */
#if __GNUC__ >= 3 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 7)
-# define _GL_UNUSED __attribute__ ((__unused__))
+#define _GL_UNUSED __attribute__ ((__unused__))
#else
-# define _GL_UNUSED
+#define _GL_UNUSED
#endif
/* The name _UNUSED_PARAMETER_ is an earlier spelling, although the name
is a misnomer outside of parameter lists. */
@@ -415,22 +418,21 @@
_GL_UNUSED_LABEL should be used with a trailing ; */
#if !defined __cplusplus || __GNUC__ > 4 \
|| (__GNUC__ == 4 && __GNUC_MINOR__ >= 5)
-# define _GL_UNUSED_LABEL _GL_UNUSED
+#define _GL_UNUSED_LABEL _GL_UNUSED
#else
-# define _GL_UNUSED_LABEL
+#define _GL_UNUSED_LABEL
#endif
/* The __pure__ attribute was added in gcc 2.96. */
#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 96)
-# define _GL_ATTRIBUTE_PURE __attribute__ ((__pure__))
+#define _GL_ATTRIBUTE_PURE __attribute__ ((__pure__))
#else
-# define _GL_ATTRIBUTE_PURE /* empty */
+#define _GL_ATTRIBUTE_PURE /* empty */
#endif
/* The __const__ attribute was added in gcc 2.95. */
#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 95)
-# define _GL_ATTRIBUTE_CONST __attribute__ ((__const__))
+#define _GL_ATTRIBUTE_CONST __attribute__ ((__const__))
#else
-# define _GL_ATTRIBUTE_CONST /* empty */
+#define _GL_ATTRIBUTE_CONST /* empty */
#endif
-
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libu2f-host-1.1.7/configure.ac new/libu2f-host-1.1.8/configure.ac
--- old/libu2f-host-1.1.7/configure.ac 2019-01-08 10:10:32.000000000 +0100
+++ new/libu2f-host-1.1.8/configure.ac 2019-02-13 15:14:13.000000000 +0100
@@ -13,7 +13,7 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-AC_INIT([libu2f-host], [1.1.7], [yubico-de...@googlegroups.com])
+AC_INIT([libu2f-host], [1.1.8], [yubico-de...@googlegroups.com])
AC_CONFIG_MACRO_DIR([m4])
AC_CONFIG_HEADERS([config.h])
AC_CONFIG_AUX_DIR([build-aux])
@@ -21,7 +21,7 @@
# http://www.gnu.org/s/libtool/manual/html_node/Updating-version-info.html
AC_SUBST(LT_CURRENT, 1) # Interfaces removed: CURRENT++, AGE=0, REVISION=0
AC_SUBST(LT_AGE, 1) # Interfaces added: CURRENT++, AGE++, REVISION=0
-AC_SUBST(LT_REVISION, 7) # No interfaces changed: REVISION++
+AC_SUBST(LT_REVISION, 8) # No interfaces changed: REVISION++
AM_INIT_AUTOMAKE([gnits dist-xz no-dist-gzip std-options -Wall])
AM_SILENT_RULES([yes])
@@ -98,9 +98,17 @@
[], [])
AC_SUBST([udevrulesdir], [$with_udevrulesdir])
-PKG_CHECK_MODULES([UDEV], [udev >= 188],
+dnl check for random device
+AC_CACHE_CHECK(for random device, ac_cv_have_dev_random,
+[if test -r "/dev/urandom" ; then
+ ac_cv_have_dev_random=yes; else ac_cv_have_dev_random=no; fi])
+if test "$ac_cv_have_dev_random" = yes; then
+ AC_DEFINE([HAVE_DEV_URANDOM], 1, [Discovered a random device])
+fi
+
+PKG_CHECK_MODULES([UDEV], [udev],
udevrulesfile=70-u2f.rules,
- udevrulesfile=70-old-u2f.rules,
+ udevrulesfile=""
)
AC_SUBST([udevrulesfile], [$udevrulesfile])
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libu2f-host-1.1.7/gtk-doc/html/u2f-host-u2f-host-version.html
new/libu2f-host-1.1.8/gtk-doc/html/u2f-host-u2f-host-version.html
--- old/libu2f-host-1.1.7/gtk-doc/html/u2f-host-u2f-host-version.html
2019-01-08 10:14:04.000000000 +0100
+++ new/libu2f-host-1.1.8/gtk-doc/html/u2f-host-u2f-host-version.html
2019-03-05 14:05:58.000000000 +0100
@@ -118,7 +118,7 @@
<a name="u2f-host-u2f-host-version.other_details"></a><h2>Types and Values</h2>
<div class="refsect2">
<a name="U2FH-VERSION-STRING:CAPS"></a><h3>U2FH_VERSION_STRING</h3>
-<pre class="programlisting">#define U2FH_VERSION_STRING "1.1.7"
+<pre class="programlisting">#define U2FH_VERSION_STRING "1.1.8"
</pre>
<p>Pre-processor symbol with a string that describe the header file
version number. Used together with <a class="link"
href="u2f-host-u2f-host-version.html#u2fh-check-version"
title="u2fh_check_versionĀ ()"><code
class="function">u2fh_check_version()</code></a> to verify
@@ -127,7 +127,7 @@
<hr>
<div class="refsect2">
<a name="U2FH-VERSION-NUMBER:CAPS"></a><h3>U2FH_VERSION_NUMBER</h3>
-<pre class="programlisting">#define U2FH_VERSION_NUMBER 0x010107
+<pre class="programlisting">#define U2FH_VERSION_NUMBER 0x010108
</pre>
<p>Pre-processor symbol with a hexadecimal value describing the header
file version number. For example, when the header version is 1.2.3
@@ -155,7 +155,7 @@
<hr>
<div class="refsect2">
<a name="U2FH-VERSION-PATCH:CAPS"></a><h3>U2FH_VERSION_PATCH</h3>
-<pre class="programlisting">#define U2FH_VERSION_PATCH 7
+<pre class="programlisting">#define U2FH_VERSION_PATCH 8
</pre>
<p>Pre-processor symbol with a decimal value that describe the patch
level of the header file version number. For example, when the
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libu2f-host-1.1.7/m4/libtool.m4 new/libu2f-host-1.1.8/m4/libtool.m4
--- old/libu2f-host-1.1.7/m4/libtool.m4 2017-06-30 15:40:05.000000000 +0200
+++ new/libu2f-host-1.1.8/m4/libtool.m4 2019-02-13 15:11:48.000000000 +0100
@@ -728,7 +728,6 @@
cat <<_LT_EOF >> "$cfgfile"
#! $SHELL
# Generated automatically by $as_me ($PACKAGE) $VERSION
-# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
# NOTE: Changes made to this file will be lost: look at ltmain.sh.
# Provide generalized library-building support services.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libu2f-host-1.1.7/src/u2f-host.1 new/libu2f-host-1.1.8/src/u2f-host.1
--- old/libu2f-host-1.1.7/src/u2f-host.1 2019-01-08 10:14:04.000000000
+0100
+++ new/libu2f-host-1.1.8/src/u2f-host.1 2019-03-05 13:59:52.000000000
+0100
@@ -1,12 +1,12 @@
.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6.
-.TH U2F-HOST "1" "January 2019" "u2f-host 1.1.7" "User Commands"
+.TH U2F-HOST "1" "March 2019" "u2f-host 1.1.8" "User Commands"
.SH NAME
u2f-host \- Yubico Universal 2nd Factor (U2F) Host Tool
.SH SYNOPSIS
.B u2f-host
[\fI\,OPTIONS\/\fR]...
.SH DESCRIPTION
-u2f\-host 1.1.7
+u2f\-host 1.1.8
.PP
Perform U2F host\-side operations on the command line. Reads challenge from
standard input and writes a response to standard output.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libu2f-host-1.1.7/u2f-host/devs.c new/libu2f-host-1.1.8/u2f-host/devs.c
--- old/libu2f-host-1.1.7/u2f-host/devs.c 2019-01-08 10:12:10.000000000
+0100
+++ new/libu2f-host-1.1.8/u2f-host/devs.c 2019-03-05 14:02:12.000000000
+0100
@@ -19,10 +19,25 @@
#include "internal.h"
#include <stdlib.h>
-#ifdef __linux
+
+#ifdef _WIN32
+#include <windows.h>
+#include <winternl.h>
+#include <winerror.h>
+#include <stdio.h>
+#include <bcrypt.h>
+#include <sal.h>
+
+#pragma comment(lib, "bcrypt.lib")
+
+#else
+#include <unistd.h>
#include <string.h>
#include <sys/ioctl.h>
-#include <sys/fcntl.h>
+#include <fcntl.h>
+#endif
+
+#ifdef __linux
#include <linux/hidraw.h>
#endif
@@ -233,12 +248,53 @@
}
}
+#ifdef _WIN32
+static int
+obtain_nonce(unsigned char* nonce)
+{
+ NTSTATUS status;
+
+ status = BCryptGenRandom(NULL, nonce, 8,
+ BCRYPT_USE_SYSTEM_PREFERRED_RNG);
+
+ if (!NT_SUCCESS(status))
+ return (-1);
+
+ return (0);
+}
+#elif defined(HAVE_DEV_URANDOM)
+static int
+obtain_nonce(unsigned char* nonce)
+{
+ int fd = -1;
+ int ok = -1;
+ ssize_t r;
+
+ if ((fd = open("/dev/urandom", O_RDONLY)) < 0)
+ goto fail;
+ if ((r = read(fd, nonce, 8)) < 0 || r != 8)
+ goto fail;
+
+ ok = 0;
+ fail:
+ if (fd != -1)
+ close(fd);
+
+ return (ok);
+}
+#else
+#error "please provide an implementation of obtain_nonce() for your platform"
+#endif /* _WIN32 */
+
static int
init_device (u2fh_devs * devs, struct u2fdevice *dev)
{
unsigned char resp[1024];
- /* FIXME: use something slightly more random as nonce */
- unsigned char nonce[] = { 0x8, 0x7, 0x6, 0x5, 0x4, 0x3, 0x2, 0x1 };
+ unsigned char nonce[8];
+ if (obtain_nonce(nonce) != 0)
+ {
+ return U2FH_TRANSPORT_ERROR;
+ }
size_t resplen = sizeof (resp);
dev->cid = CID_BROADCAST;
@@ -246,17 +302,29 @@
(devs, dev->id, U2FHID_INIT, nonce, sizeof (nonce), resp,
&resplen) == U2FH_OK)
{
- U2FHID_INIT_RESP initresp;
- if (resplen > sizeof (initresp))
+ int offs = sizeof (nonce);
+ /* the response has to be atleast 17 bytes, if it's more we discard that
*/
+ if (resplen < 17)
+ {
+ return U2FH_SIZE_ERROR;
+ }
+
+ /* incoming and outgoing nonce has to match */
+ if (memcmp (nonce, resp, sizeof (nonce)) != 0)
{
- return U2FH_MEMORY_ERROR;
+ return U2FH_TRANSPORT_ERROR;
}
- memcpy (&initresp, resp, resplen);
- dev->cid = initresp.cid;
- dev->versionInterface = initresp.versionInterface;
- dev->versionMajor = initresp.versionMajor;
- dev->versionMinor = initresp.versionMinor;
- dev->capFlags = initresp.capFlags;
+
+ dev->cid =
+ resp[offs] << 24 | resp[offs + 1] << 16 | resp[offs +
+ 2] << 8 | resp[offs +
+ 3];
+ offs += 4;
+ dev->versionInterface = resp[offs++];
+ dev->versionMajor = resp[offs++];
+ dev->versionMinor = resp[offs++];
+ dev->versionBuild = resp[offs++];
+ dev->capFlags = resp[offs++];
}
else
{
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libu2f-host-1.1.7/u2f-host/u2f-host-version.h
new/libu2f-host-1.1.8/u2f-host/u2f-host-version.h
--- old/libu2f-host-1.1.7/u2f-host/u2f-host-version.h 2019-01-08
10:14:02.000000000 +0100
+++ new/libu2f-host-1.1.8/u2f-host/u2f-host-version.h 2019-02-22
12:31:45.000000000 +0100
@@ -30,7 +30,7 @@
* version number. Used together with u2fh_check_version() to verify
* header file and run-time library consistency.
*/
-#define U2FH_VERSION_STRING "1.1.7"
+#define U2FH_VERSION_STRING "1.1.8"
/**
* U2FH_VERSION_NUMBER
@@ -40,7 +40,7 @@
* this symbol will have the value 0x01020300. The last two digits
* are only used between public releases, and will otherwise be 00.
*/
-#define U2FH_VERSION_NUMBER 0x010107
+#define U2FH_VERSION_NUMBER 0x010108
/**
* U2FH_VERSION_MAJOR
@@ -67,7 +67,7 @@
* level of the header file version number. For example, when the
* header version is 1.2.3 this symbol will be 3.
*/
-#define U2FH_VERSION_PATCH 7
+#define U2FH_VERSION_PATCH 8
const char *u2fh_check_version (const char *req_version);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libu2f-host-1.1.7/windows.mk new/libu2f-host-1.1.8/windows.mk
--- old/libu2f-host-1.1.7/windows.mk 2019-01-08 09:59:03.000000000 +0100
+++ new/libu2f-host-1.1.8/windows.mk 2019-02-13 15:13:50.000000000 +0100
@@ -51,7 +51,7 @@
cp ../$(PACKAGE)-$(VERSION).tar.xz . && \
tar xfa $(PACKAGE)-$(VERSION).tar.xz && \
cd $(PACKAGE)-$(VERSION)/ && \
- CC="$(HOST)-gcc -static-libgcc"
PKG_CONFIG_PATH=$(PWD)/tmp$(ARCH)/root/lib/pkgconfig
lt_cv_deplibs_check_method=pass_all ./configure --host=$(HOST)
--build=x86_64-unknown-linux-gnu --prefix=$(PWD)/tmp$(ARCH)/root
LDFLAGS=-L$(PWD)/tmp$(ARCH)/root/lib
CPPFLAGS="-I$(PWD)/tmp$(ARCH)/root/include" && \
+ CC="$(HOST)-gcc -static-libgcc -lbcrypt"
PKG_CONFIG_PATH=$(PWD)/tmp$(ARCH)/root/lib/pkgconfig
lt_cv_deplibs_check_method=pass_all ./configure --host=$(HOST)
--build=x86_64-unknown-linux-gnu --prefix=$(PWD)/tmp$(ARCH)/root
LDFLAGS=-L$(PWD)/tmp$(ARCH)/root/lib
CPPFLAGS="-I$(PWD)/tmp$(ARCH)/root/include" && \
make install $(CHECK) && \
cp COPYING $(PWD)/tmp$(ARCH)/root/licenses/$(PACKAGE).txt && \
cd .. && \
