Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP2:Update
libu2f-host
libu2f-host.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File libu2f-host.changes of Package libu2f-host
------------------------------------------------------------------- Wed May 5 17:27:20 UTC 2021 - Paolo Perego <paolo.perego@suse.com> - Fix some compilation warnings about signedness in b64 routines - Fix some compilation warnings about unused variables - Using %autosetup macro ------------------------------------------------------------------- Fri Aug 21 13:54:14 UTC 2020 - Malte Kraus <malte.kraus@suse.com> - Add support for json-c 0.14.0 (json-c-update.patch) ------------------------------------------------------------------- Tue May 28 20:20:01 UTC 2019 - Karol Babioch <kbabioch@suse.de> - Added libu2f-host-CVE-2019-9578.patch: Fixed fix filling out of initresp (CVE-2019-9578 bsc#1128140) ------------------------------------------------------------------- Tue May 28 20:06:37 UTC 2019 - Karol Babioch <kbabioch@suse.de> - Version 1.1.10 (released 2019-05-15) - Add new devices to udev rules. - Fix a potentially uninitialized buffer (CVE-2019-9578, bsc#1128140) ------------------------------------------------------------------- Wed Mar 6 16:23:31 UTC 2019 - Karol Babioch <kbabioch@suse.de> - Version 1.1.9 (released 2019-03-06) - Fix CID copying from the init response, which broke compatibility with some devices. ------------------------------------------------------------------- Tue Mar 5 17:06:59 UTC 2019 - Karol Babioch <kbabioch@suse.de> - Version 1.1.8 (released 2019-03-05) - Add udev rules - Drop 70-old-u2f.rules and use 70-u2f.rules for everything - Use a random nonce for setting up CID to prevent fingerprinting - CVE-2019-9578: Parse the response to init in a more stable way to prevent leakage of uninitialized stack memory back to the device (bnc#1128140). - removed libu2f-host-CVE-2019-9578.patch (upstream) ------------------------------------------------------------------- Fri Feb 8 12:31:18 UTC 2019 - Karol Babioch <kbabioch@suse.de> - Added libu2f-host-CVE-2018-20340.patch: Fixed an unchecked buffer, which could allow a buffer overflow with a custom made malicious USB device (bsc#1124781 CVE-2018-20340). ------------------------------------------------------------------- Fri Feb 8 11:10:42 UTC 2019 - Karol Babioch <kbabioch@suse.de> - Version 1.1.7 (released 2019-01-08) - Fix for trusting length from deivce in device init. - Fix for buffer overflow when receiving data from device. (YSA-2019-01, CVE-2018-20340, bsc#1124781) - Add udev rules for some new devices. - removed libu2f-host-CVE-2018-20340.patch (upstream) - Using %license macro - Applied spec-cleaner ------------------------------------------------------------------- Tue May 15 12:05:12 UTC 2018 - kbabioch@suse.com - Version 1.1.6 (released 2018-05-15) - Change waiting logic on authenticate to allow for faster feedback. - Version 1.1.5 (released 2018-03-07) - Fix refcount when adding json_objects. - Handle fido2 keepalive. - Add udev rules for more devices. ------------------------------------------------------------------- Wed Sep 13 16:51:11 UTC 2017 - kkaempf@suse.com - Version 1.1.4 (released 2017-09-01) - Added more u2f devices to the udev rulesets. - Increase buffer size, allowing for bigger certificates. - Add u2f.conf.sample for FreeBSD permission handling. ------------------------------------------------------------------- Wed Oct 12 13:02:38 UTC 2016 - t.gruner@katodev.de - Version 1.1.3 (released 2016-10-04) - Added more u2f devices to the udev rulesets. - Fixup mac builds. - Version 1.1.2 (released 2016-06-22) - Make authenticate return U2FH_OK if touch is set to not needed. Also minor fixes to error output of authenticate. - Documentation fixes. - Compilation fixes on visual studio. - Add udev rules for Feitian devices. - Add optional cmake build. - Change license of the commandline tool to LGPL 2.1+ - remove udev.patch ------------------------------------------------------------------- Thu May 19 13:33:26 UTC 2016 - t.gruner@katodev.de - Add buildrequirement for libudev to select the rule for udev. - Add udev directories in %files - Add udev rule for Feitian ePass FIDO (udev.patch) - Change License for the library ------------------------------------------------------------------- Wed Mar 23 20:45:47 UTC 2016 - jengelh@inai.de - Avoid undesired blank lines at start of descriptions. Expand description. Trim filelist. ------------------------------------------------------------------- Mon Mar 21 12:21:54 UTC 2016 - t.gruner@katodev.de - Version 1.1.1 (released 2016-03-14) - Use correct index in u2fh_devs_discover() - Fix an issue where we left the authenticate loop early. - Fix an issue where authenticate remembered which devices to skip. - Stop validating the scheme of the origin. - Fixup a crash in u2fh_devs_discover() with closing unplugged devices. - Documentation fixes. ------------------------------------------------------------------- Thu Feb 18 11:57:06 UTC 2016 - t.gruner@katodev.de - Version 1.1.0 (released 2016-02-15) - Add udev rules for more devices. - Don’t return success when no data is received. - Fix typos. - Make send_apdu send data like chrome does. - Don’t release json object that we don’t own no more. - Don’t do memcmp on uninitialized memory. - Add u2fh_authenticate2() and u2fh_register2(). - Remove base64 padding (required by spec). - Use unsigned ints to prevent buffer overflows. ------------------------------------------------------------------- Tue Oct 6 11:16:30 UTC 2015 - t.gruner@katodev.de - Remove fix in u2f-host/u2f-host.h - Cleanup .spec file ------------------------------------------------------------------- Fri Sep 4 07:38:29 UTC 2015 - t.gruner@katodev.de - Fix path in u2f-host/u2f-host.h ------------------------------------------------------------------- Tue Sep 1 11:54:44 UTC 2015 - t.gruner@katodev.de - Version 1.0.0 (released 2015-08-27) - Add udev rules for older version of udev. - Add pam:// as an allowed protocol. - Stop using sleep(), use Sleep() on windows and usleep() on others. - Fixup tool name in help and manpage. - Add a timeout to the register and authenticate actions. ------------------------------------------------------------------- Fri Jan 23 11:52:04 UTC 2015 - t.gruner@katodev.de - Version 0.0.4 (released 2015-01-22) - Add an exponential growing timeout for slow devices (PlugUp). ------------------------------------------------------------------- Thu Jan 8 19:55:46 UTC 2015 - t.gruner@katodev.de - Version 0.0.3 (released 2015-01-08) - Change license to LGPLv2+ for the library. - Some improvements to internal communication code. - Some debug mode improvements, from Bram Vandoren. ------------------------------------------------------------------- Tue Dec 9 07:23:22 UTC 2014 - t.gruner@katodev.de - Version 0.0.2 (released 2014-11-28) - Add more devices to udev. ------------------------------------------------------------------- Tue Oct 28 13:07:01 UTC 2014 - t.gruner@katodev.de - Version 0.0 (released 2014-09-16) - Initial release.
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor