Hello community, here is the log from the commit of package libu2f-host for openSUSE:Factory checked in at 2019-06-18 14:56:06 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libu2f-host (Old) and /work/SRC/openSUSE:Factory/.libu2f-host.new.4811 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libu2f-host" Tue Jun 18 14:56:06 2019 rev:13 rq:706137 version:1.1.10 Changes: -------- --- /work/SRC/openSUSE:Factory/libu2f-host/libu2f-host.changes 2019-03-07 10:51:15.489840190 +0100 +++ /work/SRC/openSUSE:Factory/.libu2f-host.new.4811/libu2f-host.changes 2019-06-18 14:56:10.201409954 +0200 @@ -1,0 +2,7 @@ +Tue May 28 20:06:37 UTC 2019 - Karol Babioch <kbabi...@suse.de> + +- Version 1.1.10 (released 2019-05-15) + - Add new devices to udev rules. + - Fix a potentially uninitialized buffer (CVE-2019-9578, bsc#1128140) + +------------------------------------------------------------------- Old: ---- libu2f-host-1.1.9.tar.xz libu2f-host-1.1.9.tar.xz.sig New: ---- libu2f-host-1.1.10.tar.xz libu2f-host-1.1.10.tar.xz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libu2f-host.spec ++++++ --- /var/tmp/diff_new_pack.rX1Mga/_old 2019-06-18 14:56:10.957409481 +0200 +++ /var/tmp/diff_new_pack.rX1Mga/_new 2019-06-18 14:56:10.961409479 +0200 @@ -18,7 +18,7 @@ %define sover 0 Name: libu2f-host -Version: 1.1.9 +Version: 1.1.10 Release: 0 Summary: Yubico Universal 2nd Factor (U2F) Host C Library License: LGPL-2.1-or-later @@ -106,7 +106,7 @@ %files -n %{name}%{sover} %{_libdir}/%{name}.so.%{sover} -%{_libdir}/%{name}.so.%{sover}.1.9 +%{_libdir}/%{name}.so.%{sover}.1.10 %files -n %{name}-devel %{_includedir}/u2f-host/ ++++++ libu2f-host-1.1.9.tar.xz -> libu2f-host-1.1.10.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libu2f-host-1.1.9/70-u2f.rules new/libu2f-host-1.1.10/70-u2f.rules --- old/libu2f-host-1.1.9/70-u2f.rules 2019-02-13 15:13:46.000000000 +0100 +++ new/libu2f-host-1.1.10/70-u2f.rules 2019-03-27 07:58:22.000000000 +0100 @@ -25,10 +25,10 @@ # Neowave Keydo and Keydo AES KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1e0d", ATTRS{idProduct}=="f1d0|f1ae", TAG+="uaccess", GROUP="plugdev", MODE="0660" -# HyperSecu HyperFIDO +# HyperSecu HyperFIDO, KeyID U2F KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="096e|2ccf", ATTRS{idProduct}=="0880", TAG+="uaccess", GROUP="plugdev", MODE="0660" -# Feitian ePass FIDO, BioPass FIDO2 +# Feitian ePass FIDO, BioPass FIDO2, KeyID U2F KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="096e", ATTRS{idProduct}=="0850|0852|0853|0854|0856|0858|085a|085b|085d", TAG+="uaccess", GROUP="plugdev", MODE="0660" # JaCarta U2F @@ -52,7 +52,23 @@ # Google Titan U2F KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="18d1", ATTRS{idProduct}=="5026", TAG+="uaccess", GROUP="plugdev", MODE="0660" -# Tomu board + chopstx U2F -KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="cdab", TAG+="uaccess", GROUP="plugdev", MODE="0660" +# Tomu board + chopstx U2F + SoloKeys +KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="cdab|a2ca", TAG+="uaccess", GROUP="plugdev", MODE="0660" + +# SoloKeys +KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="5070|50b0", TAG+="uaccess", GROUP="plugdev", MODE="0660" + +# Trezor +KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="534c", ATTRS{idProduct}=="0001", TAG+="uaccess", GROUP="plugdev", MODE="0660" +KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="53c1", TAG+="uaccess", GROUP="plugdev", MODE="0660" + +# Ledger Nano S and Nano X +KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="2c97", ATTRS{idProduct}=="0001|0004", TAG+="uaccess", GROUP="plugdev", MODE="0660" + +# Kensington VeriMark +KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="06cb", ATTRS{idProduct}=="0088", TAG+="uaccess", GROUP="plugdev", MODE="0660" + +# Longmai mFIDO +KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="4c4d", ATTRS{idProduct}=="f703", TAG+="uaccess", GROUP="plugdev", MODE="0660" LABEL="u2f_end" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libu2f-host-1.1.9/ChangeLog new/libu2f-host-1.1.10/ChangeLog --- old/libu2f-host-1.1.9/ChangeLog 2019-03-06 15:57:19.000000000 +0100 +++ new/libu2f-host-1.1.10/ChangeLog 2019-05-15 13:54:49.000000000 +0200 @@ -1,3 +1,57 @@ +2019-05-15 Klas Lindfors <k...@yubico.com> + + * NEWS: NEWS for 1.1.10 + +2019-03-27 Klas Lindfors <k...@yubico.com> + + * : commit 8d210b586dc8d698c7b612ca56f0c71b3d048453 Merge: b704a14 + 9bfe57f Author: Klas Lindfors <k...@yubico.com> Date: Wed Mar 27 + 07:56:39 2019 +0100 + +2019-03-27 Klas Lindfors <k...@yubico.com> + + * : commit 309025da7e912488d263798d07804d796edc1d12 Author: Royce + Williams <ro...@techsolvency.com> Date: Tue Mar 26 06:00:38 2019 + -0800 + +2019-03-26 Nicolas Stalder <n...@stalder.io> + + * u2f.conf.sample: Add SoloKeys to FreeBSD u2f.conf.sample + +2019-03-21 Klas Lindfors <k...@yubico.com> + + * : commit 17f266fa26f11b6c5e6c72bfed8c4657b4837fac Author: + Konstantinos Georgantas <kos...@yubico.com> Date: Thu Mar 21 + 10:07:12 2019 +0100 + +2019-03-20 Klas Lindfors <k...@yubico.com> + + * : commit 70a99880ae59647c0544629f1562d879fed47313 Author: Pavol + Rusnak <pa...@rusnak.io> Date: Wed Mar 20 07:36:44 2019 +0100 + +2019-03-18 Klas Lindfors <k...@yubico.com> + + * : commit 7f16739cb2075174e92c38ebd827141a48bba80a Author: Gabriel + Kihlman <g.kihl...@yubico.com> Date: Mon Mar 18 10:23:47 2019 + +0100 + +2019-03-14 Klas Lindfors <k...@yubico.com> + + * : commit 8d593512998a7df962d6dd0a7c4e641e5fe8b567 Author: Nicolas + Stalder <n...@stalder.io> Date: Thu Mar 14 14:12:59 2019 +0100 + +2019-03-14 Nathan Neulinger <nn...@neulinger.org> + + * 70-u2f.rules: Add note about additional vendor/product name. + +2019-03-13 Nicolas Stalder <n...@stalder.io> + + * 70-u2f.rules: Add udev rule for SoloKeys + +2019-03-06 Klas Lindfors <k...@yubico.com> + + * NEWS, configure.ac: bump versions after release + 2019-03-06 Klas Lindfors <k...@yubico.com> * NEWS: NEWS for 1.1.9 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libu2f-host-1.1.9/NEWS new/libu2f-host-1.1.10/NEWS --- old/libu2f-host-1.1.9/NEWS 2019-03-06 15:57:04.000000000 +0100 +++ new/libu2f-host-1.1.10/NEWS 2019-05-15 13:54:07.000000000 +0200 @@ -1,5 +1,11 @@ libu2f-host NEWS -- History of user visible changes. +* Version 1.1.10 (released 2019-05-15) + +** Add new devices to udev rules. + +** Fix a potentially uninitialized buffer. + * Version 1.1.9 (released 2019-03-06) ** Fix CID copying from the init response. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libu2f-host-1.1.9/configure new/libu2f-host-1.1.10/configure --- old/libu2f-host-1.1.9/configure 2019-03-06 09:44:54.000000000 +0100 +++ new/libu2f-host-1.1.10/configure 2019-05-15 13:54:45.000000000 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for libu2f-host 1.1.9. +# Generated by GNU Autoconf 2.69 for libu2f-host 1.1.10. # # Report bugs to <yubico-de...@googlegroups.com>. # @@ -590,8 +590,8 @@ # Identity of this package. PACKAGE_NAME='libu2f-host' PACKAGE_TARNAME='libu2f-host' -PACKAGE_VERSION='1.1.9' -PACKAGE_STRING='libu2f-host 1.1.9' +PACKAGE_VERSION='1.1.10' +PACKAGE_STRING='libu2f-host 1.1.10' PACKAGE_BUGREPORT='yubico-de...@googlegroups.com' PACKAGE_URL='' @@ -1518,7 +1518,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures libu2f-host 1.1.9 to adapt to many kinds of systems. +\`configure' configures libu2f-host 1.1.10 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1589,7 +1589,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of libu2f-host 1.1.9:";; + short | recursive ) echo "Configuration of libu2f-host 1.1.10:";; esac cat <<\_ACEOF @@ -1730,7 +1730,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -libu2f-host configure 1.1.9 +libu2f-host configure 1.1.10 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2336,7 +2336,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by libu2f-host $as_me 1.1.9, which was +It was created by libu2f-host $as_me 1.1.10, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2724,7 +2724,7 @@ # Interfaces removed: CURRENT++, AGE=0, REVISION=0 LT_AGE=1 # Interfaces added: CURRENT++, AGE++, REVISION=0 -LT_REVISION=9 +LT_REVISION=10 # No interfaces changed: REVISION++ am__api_version='1.15' @@ -3213,7 +3213,7 @@ # Define the identity of the package. PACKAGE='libu2f-host' - VERSION='1.1.9' + VERSION='1.1.10' cat >>confdefs.h <<_ACEOF @@ -17685,7 +17685,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by libu2f-host $as_me 1.1.9, which was +This file was extended by libu2f-host $as_me 1.1.10, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -17755,7 +17755,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -libu2f-host config.status 1.1.9 +libu2f-host config.status 1.1.10 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libu2f-host-1.1.9/configure.ac new/libu2f-host-1.1.10/configure.ac --- old/libu2f-host-1.1.9/configure.ac 2019-03-05 14:08:46.000000000 +0100 +++ new/libu2f-host-1.1.10/configure.ac 2019-03-06 16:32:29.000000000 +0100 @@ -13,7 +13,7 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -AC_INIT([libu2f-host], [1.1.9], [yubico-de...@googlegroups.com]) +AC_INIT([libu2f-host], [1.1.10], [yubico-de...@googlegroups.com]) AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_HEADERS([config.h]) AC_CONFIG_AUX_DIR([build-aux]) @@ -21,7 +21,7 @@ # http://www.gnu.org/s/libtool/manual/html_node/Updating-version-info.html AC_SUBST(LT_CURRENT, 1) # Interfaces removed: CURRENT++, AGE=0, REVISION=0 AC_SUBST(LT_AGE, 1) # Interfaces added: CURRENT++, AGE++, REVISION=0 -AC_SUBST(LT_REVISION, 9) # No interfaces changed: REVISION++ +AC_SUBST(LT_REVISION, 10) # No interfaces changed: REVISION++ AM_INIT_AUTOMAKE([gnits dist-xz no-dist-gzip std-options -Wall]) AM_SILENT_RULES([yes]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libu2f-host-1.1.9/gtk-doc/html/u2f-host-u2f-host-version.html new/libu2f-host-1.1.10/gtk-doc/html/u2f-host-u2f-host-version.html --- old/libu2f-host-1.1.9/gtk-doc/html/u2f-host-u2f-host-version.html 2019-03-06 15:57:26.000000000 +0100 +++ new/libu2f-host-1.1.10/gtk-doc/html/u2f-host-u2f-host-version.html 2019-05-15 13:54:52.000000000 +0200 @@ -118,7 +118,7 @@ <a name="u2f-host-u2f-host-version.other_details"></a><h2>Types and Values</h2> <div class="refsect2"> <a name="U2FH-VERSION-STRING:CAPS"></a><h3>U2FH_VERSION_STRING</h3> -<pre class="programlisting">#define U2FH_VERSION_STRING "1.1.9" +<pre class="programlisting">#define U2FH_VERSION_STRING "1.1.10" </pre> <p>Pre-processor symbol with a string that describe the header file version number. Used together with <a class="link" href="u2f-host-u2f-host-version.html#u2fh-check-version" title="u2fh_check_versionĀ ()"><code class="function">u2fh_check_version()</code></a> to verify @@ -127,7 +127,7 @@ <hr> <div class="refsect2"> <a name="U2FH-VERSION-NUMBER:CAPS"></a><h3>U2FH_VERSION_NUMBER</h3> -<pre class="programlisting">#define U2FH_VERSION_NUMBER 0x010109 +<pre class="programlisting">#define U2FH_VERSION_NUMBER 0x01010a </pre> <p>Pre-processor symbol with a hexadecimal value describing the header file version number. For example, when the header version is 1.2.3 @@ -155,7 +155,7 @@ <hr> <div class="refsect2"> <a name="U2FH-VERSION-PATCH:CAPS"></a><h3>U2FH_VERSION_PATCH</h3> -<pre class="programlisting">#define U2FH_VERSION_PATCH 9 +<pre class="programlisting">#define U2FH_VERSION_PATCH 10 </pre> <p>Pre-processor symbol with a decimal value that describe the patch level of the header file version number. For example, when the diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libu2f-host-1.1.9/src/u2f-host.1 new/libu2f-host-1.1.10/src/u2f-host.1 --- old/libu2f-host-1.1.9/src/u2f-host.1 2019-03-06 09:45:00.000000000 +0100 +++ new/libu2f-host-1.1.10/src/u2f-host.1 2019-05-15 13:54:51.000000000 +0200 @@ -1,12 +1,12 @@ .\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. -.TH U2F-HOST "1" "March 2019" "u2f-host 1.1.9" "User Commands" +.TH U2F-HOST "1" "May 2019" "u2f-host 1.1.10" "User Commands" .SH NAME u2f-host \- Yubico Universal 2nd Factor (U2F) Host Tool .SH SYNOPSIS .B u2f-host [\fI\,OPTIONS\/\fR]... .SH DESCRIPTION -u2f\-host 1.1.9 +u2f\-host 1.1.10 .PP Perform U2F host\-side operations on the command line. Reads challenge from standard input and writes a response to standard output. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libu2f-host-1.1.9/src/u2f-host.c new/libu2f-host-1.1.10/src/u2f-host.c --- old/libu2f-host-1.1.9/src/u2f-host.c 2019-02-22 12:31:45.000000000 +0100 +++ new/libu2f-host-1.1.10/src/u2f-host.c 2019-03-27 07:56:35.000000000 +0100 @@ -33,7 +33,7 @@ struct gengetopt_args_info args_info; char challenge[BUFSIZ]; size_t chal_len; - char response[2048]; + char response[2048] = {0}; size_t response_len = sizeof (response); u2fh_devs *devs = NULL; u2fh_cmdflags flags = 0; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libu2f-host-1.1.9/u2f-host/u2f-host-version.h new/libu2f-host-1.1.10/u2f-host/u2f-host-version.h --- old/libu2f-host-1.1.9/u2f-host/u2f-host-version.h 2019-03-06 09:44:57.000000000 +0100 +++ new/libu2f-host-1.1.10/u2f-host/u2f-host-version.h 2019-05-15 13:54:48.000000000 +0200 @@ -30,7 +30,7 @@ * version number. Used together with u2fh_check_version() to verify * header file and run-time library consistency. */ -#define U2FH_VERSION_STRING "1.1.9" +#define U2FH_VERSION_STRING "1.1.10" /** * U2FH_VERSION_NUMBER @@ -40,7 +40,7 @@ * this symbol will have the value 0x01020300. The last two digits * are only used between public releases, and will otherwise be 00. */ -#define U2FH_VERSION_NUMBER 0x010109 +#define U2FH_VERSION_NUMBER 0x01010a /** * U2FH_VERSION_MAJOR @@ -67,7 +67,7 @@ * level of the header file version number. For example, when the * header version is 1.2.3 this symbol will be 3. */ -#define U2FH_VERSION_PATCH 9 +#define U2FH_VERSION_PATCH 10 const char *u2fh_check_version (const char *req_version);