commit libu2f-host for openSUSE:Factory

Tue, 18 Jun 2019 05:56:45 -0700 

Hello community,

here is the log from the commit of package libu2f-host for openSUSE:Factory 
checked in at 2019-06-18 14:56:06
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libu2f-host (Old)
 and      /work/SRC/openSUSE:Factory/.libu2f-host.new.4811 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "libu2f-host"

Tue Jun 18 14:56:06 2019 rev:13 rq:706137 version:1.1.10

Changes:
--------
--- /work/SRC/openSUSE:Factory/libu2f-host/libu2f-host.changes  2019-03-07 
10:51:15.489840190 +0100
+++ /work/SRC/openSUSE:Factory/.libu2f-host.new.4811/libu2f-host.changes        
2019-06-18 14:56:10.201409954 +0200
@@ -1,0 +2,7 @@
+Tue May 28 20:06:37 UTC 2019 - Karol Babioch <kbabi...@suse.de>
+
+- Version 1.1.10 (released 2019-05-15)
+  - Add new devices to udev rules.
+  - Fix a potentially uninitialized buffer (CVE-2019-9578, bsc#1128140)
+
+-------------------------------------------------------------------

Old:
----
  libu2f-host-1.1.9.tar.xz
  libu2f-host-1.1.9.tar.xz.sig

New:
----
  libu2f-host-1.1.10.tar.xz
  libu2f-host-1.1.10.tar.xz.sig

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ libu2f-host.spec ++++++
--- /var/tmp/diff_new_pack.rX1Mga/_old  2019-06-18 14:56:10.957409481 +0200
+++ /var/tmp/diff_new_pack.rX1Mga/_new  2019-06-18 14:56:10.961409479 +0200
@@ -18,7 +18,7 @@
 
 %define sover  0
 Name:           libu2f-host
-Version:        1.1.9
+Version:        1.1.10
 Release:        0
 Summary:        Yubico Universal 2nd Factor (U2F) Host C Library
 License:        LGPL-2.1-or-later
@@ -106,7 +106,7 @@
 
 %files -n %{name}%{sover}
 %{_libdir}/%{name}.so.%{sover}
-%{_libdir}/%{name}.so.%{sover}.1.9
+%{_libdir}/%{name}.so.%{sover}.1.10
 
 %files -n %{name}-devel
 %{_includedir}/u2f-host/

++++++ libu2f-host-1.1.9.tar.xz -> libu2f-host-1.1.10.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/libu2f-host-1.1.9/70-u2f.rules 
new/libu2f-host-1.1.10/70-u2f.rules
--- old/libu2f-host-1.1.9/70-u2f.rules  2019-02-13 15:13:46.000000000 +0100
+++ new/libu2f-host-1.1.10/70-u2f.rules 2019-03-27 07:58:22.000000000 +0100
@@ -25,10 +25,10 @@
 # Neowave Keydo and Keydo AES
 KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1e0d", 
ATTRS{idProduct}=="f1d0|f1ae", TAG+="uaccess", GROUP="plugdev", MODE="0660"
 
-# HyperSecu HyperFIDO
+# HyperSecu HyperFIDO, KeyID U2F
 KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="096e|2ccf", 
ATTRS{idProduct}=="0880", TAG+="uaccess", GROUP="plugdev", MODE="0660"
 
-# Feitian ePass FIDO, BioPass FIDO2
+# Feitian ePass FIDO, BioPass FIDO2, KeyID U2F
 KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="096e", 
ATTRS{idProduct}=="0850|0852|0853|0854|0856|0858|085a|085b|085d", 
TAG+="uaccess", GROUP="plugdev", MODE="0660"
 
 # JaCarta U2F
@@ -52,7 +52,23 @@
 # Google Titan U2F
 KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="18d1", 
ATTRS{idProduct}=="5026", TAG+="uaccess", GROUP="plugdev", MODE="0660"
 
-# Tomu board + chopstx U2F
-KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="0483", 
ATTRS{idProduct}=="cdab", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+# Tomu board + chopstx U2F + SoloKeys
+KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="0483", 
ATTRS{idProduct}=="cdab|a2ca", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+
+# SoloKeys
+KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1209", 
ATTRS{idProduct}=="5070|50b0", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+
+# Trezor
+KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="534c", 
ATTRS{idProduct}=="0001", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1209", 
ATTRS{idProduct}=="53c1", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+
+# Ledger Nano S and Nano X
+KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="2c97", 
ATTRS{idProduct}=="0001|0004", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+
+# Kensington VeriMark
+KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="06cb", 
ATTRS{idProduct}=="0088", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+
+# Longmai mFIDO
+KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="4c4d", 
ATTRS{idProduct}=="f703", TAG+="uaccess", GROUP="plugdev", MODE="0660"
 
 LABEL="u2f_end"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/libu2f-host-1.1.9/ChangeLog 
new/libu2f-host-1.1.10/ChangeLog
--- old/libu2f-host-1.1.9/ChangeLog     2019-03-06 15:57:19.000000000 +0100
+++ new/libu2f-host-1.1.10/ChangeLog    2019-05-15 13:54:49.000000000 +0200
@@ -1,3 +1,57 @@
+2019-05-15  Klas Lindfors <k...@yubico.com>
+
+       * NEWS: NEWS for 1.1.10
+
+2019-03-27  Klas Lindfors <k...@yubico.com>
+
+       * : commit 8d210b586dc8d698c7b612ca56f0c71b3d048453 Merge: b704a14
+       9bfe57f Author: Klas Lindfors <k...@yubico.com> Date:   Wed Mar 27
+       07:56:39 2019 +0100
+
+2019-03-27  Klas Lindfors <k...@yubico.com>
+
+       * : commit 309025da7e912488d263798d07804d796edc1d12 Author: Royce
+       Williams <ro...@techsolvency.com> Date:   Tue Mar 26 06:00:38 2019
+       -0800
+
+2019-03-26  Nicolas Stalder <n...@stalder.io>
+
+       * u2f.conf.sample: Add SoloKeys to FreeBSD u2f.conf.sample
+
+2019-03-21  Klas Lindfors <k...@yubico.com>
+
+       * : commit 17f266fa26f11b6c5e6c72bfed8c4657b4837fac Author:
+       Konstantinos Georgantas <kos...@yubico.com> Date:   Thu Mar 21
+       10:07:12 2019 +0100
+
+2019-03-20  Klas Lindfors <k...@yubico.com>
+
+       * : commit 70a99880ae59647c0544629f1562d879fed47313 Author: Pavol
+       Rusnak <pa...@rusnak.io> Date:   Wed Mar 20 07:36:44 2019 +0100
+
+2019-03-18  Klas Lindfors <k...@yubico.com>
+
+       * : commit 7f16739cb2075174e92c38ebd827141a48bba80a Author: Gabriel
+       Kihlman <g.kihl...@yubico.com> Date:   Mon Mar 18 10:23:47 2019
+       +0100
+
+2019-03-14  Klas Lindfors <k...@yubico.com>
+
+       * : commit 8d593512998a7df962d6dd0a7c4e641e5fe8b567 Author: Nicolas
+       Stalder <n...@stalder.io> Date:   Thu Mar 14 14:12:59 2019 +0100
+
+2019-03-14  Nathan Neulinger <nn...@neulinger.org>
+
+       * 70-u2f.rules: Add note about additional vendor/product name.
+
+2019-03-13  Nicolas Stalder <n...@stalder.io>
+
+       * 70-u2f.rules: Add udev rule for SoloKeys
+
+2019-03-06  Klas Lindfors <k...@yubico.com>
+
+       * NEWS, configure.ac: bump versions after release
+
 2019-03-06  Klas Lindfors <k...@yubico.com>
 
        * NEWS: NEWS for 1.1.9
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/libu2f-host-1.1.9/NEWS new/libu2f-host-1.1.10/NEWS
--- old/libu2f-host-1.1.9/NEWS  2019-03-06 15:57:04.000000000 +0100
+++ new/libu2f-host-1.1.10/NEWS 2019-05-15 13:54:07.000000000 +0200
@@ -1,5 +1,11 @@
 libu2f-host NEWS -- History of user visible changes.
 
+* Version 1.1.10 (released 2019-05-15)
+
+** Add new devices to udev rules.
+
+** Fix a potentially uninitialized buffer.
+
 * Version 1.1.9 (released 2019-03-06)
 
 ** Fix CID copying from the init response.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/libu2f-host-1.1.9/configure 
new/libu2f-host-1.1.10/configure
--- old/libu2f-host-1.1.9/configure     2019-03-06 09:44:54.000000000 +0100
+++ new/libu2f-host-1.1.10/configure    2019-05-15 13:54:45.000000000 +0200
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for libu2f-host 1.1.9.
+# Generated by GNU Autoconf 2.69 for libu2f-host 1.1.10.
 #
 # Report bugs to <yubico-de...@googlegroups.com>.
 #
@@ -590,8 +590,8 @@
 # Identity of this package.
 PACKAGE_NAME='libu2f-host'
 PACKAGE_TARNAME='libu2f-host'
-PACKAGE_VERSION='1.1.9'
-PACKAGE_STRING='libu2f-host 1.1.9'
+PACKAGE_VERSION='1.1.10'
+PACKAGE_STRING='libu2f-host 1.1.10'
 PACKAGE_BUGREPORT='yubico-de...@googlegroups.com'
 PACKAGE_URL=''
 
@@ -1518,7 +1518,7 @@
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures libu2f-host 1.1.9 to adapt to many kinds of systems.
+\`configure' configures libu2f-host 1.1.10 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1589,7 +1589,7 @@
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of libu2f-host 1.1.9:";;
+     short | recursive ) echo "Configuration of libu2f-host 1.1.10:";;
    esac
   cat <<\_ACEOF
 
@@ -1730,7 +1730,7 @@
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-libu2f-host configure 1.1.9
+libu2f-host configure 1.1.10
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2336,7 +2336,7 @@
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by libu2f-host $as_me 1.1.9, which was
+It was created by libu2f-host $as_me 1.1.10, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -2724,7 +2724,7 @@
   # Interfaces removed:    CURRENT++, AGE=0, REVISION=0
 LT_AGE=1
       # Interfaces added:      CURRENT++, AGE++, REVISION=0
-LT_REVISION=9
+LT_REVISION=10
  # No interfaces changed:                   REVISION++
 
 am__api_version='1.15'
@@ -3213,7 +3213,7 @@
 
 # Define the identity of the package.
  PACKAGE='libu2f-host'
- VERSION='1.1.9'
+ VERSION='1.1.10'
 
 
 cat >>confdefs.h <<_ACEOF
@@ -17685,7 +17685,7 @@
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by libu2f-host $as_me 1.1.9, which was
+This file was extended by libu2f-host $as_me 1.1.10, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -17755,7 +17755,7 @@
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; 
s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-libu2f-host config.status 1.1.9
+libu2f-host config.status 1.1.10
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/libu2f-host-1.1.9/configure.ac 
new/libu2f-host-1.1.10/configure.ac
--- old/libu2f-host-1.1.9/configure.ac  2019-03-05 14:08:46.000000000 +0100
+++ new/libu2f-host-1.1.10/configure.ac 2019-03-06 16:32:29.000000000 +0100
@@ -13,7 +13,7 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-AC_INIT([libu2f-host], [1.1.9], [yubico-de...@googlegroups.com])
+AC_INIT([libu2f-host], [1.1.10], [yubico-de...@googlegroups.com])
 AC_CONFIG_MACRO_DIR([m4])
 AC_CONFIG_HEADERS([config.h])
 AC_CONFIG_AUX_DIR([build-aux])
@@ -21,7 +21,7 @@
 # http://www.gnu.org/s/libtool/manual/html_node/Updating-version-info.html
 AC_SUBST(LT_CURRENT, 1)  # Interfaces removed:    CURRENT++, AGE=0, REVISION=0
 AC_SUBST(LT_AGE, 1)      # Interfaces added:      CURRENT++, AGE++, REVISION=0
-AC_SUBST(LT_REVISION, 9) # No interfaces changed:                   REVISION++
+AC_SUBST(LT_REVISION, 10) # No interfaces changed:                   REVISION++
 
 AM_INIT_AUTOMAKE([gnits dist-xz no-dist-gzip std-options -Wall])
 AM_SILENT_RULES([yes])
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/libu2f-host-1.1.9/gtk-doc/html/u2f-host-u2f-host-version.html 
new/libu2f-host-1.1.10/gtk-doc/html/u2f-host-u2f-host-version.html
--- old/libu2f-host-1.1.9/gtk-doc/html/u2f-host-u2f-host-version.html   
2019-03-06 15:57:26.000000000 +0100
+++ new/libu2f-host-1.1.10/gtk-doc/html/u2f-host-u2f-host-version.html  
2019-05-15 13:54:52.000000000 +0200
@@ -118,7 +118,7 @@
 <a name="u2f-host-u2f-host-version.other_details"></a><h2>Types and Values</h2>
 <div class="refsect2">
 <a name="U2FH-VERSION-STRING:CAPS"></a><h3>U2FH_VERSION_STRING</h3>
-<pre class="programlisting">#define U2FH_VERSION_STRING "1.1.9"
+<pre class="programlisting">#define U2FH_VERSION_STRING "1.1.10"
 </pre>
 <p>Pre-processor symbol with a string that describe the header file
 version number.  Used together with <a class="link" 
href="u2f-host-u2f-host-version.html#u2fh-check-version" 
title="u2fh_check_versionĀ ()"><code 
class="function">u2fh_check_version()</code></a> to verify
@@ -127,7 +127,7 @@
 <hr>
 <div class="refsect2">
 <a name="U2FH-VERSION-NUMBER:CAPS"></a><h3>U2FH_VERSION_NUMBER</h3>
-<pre class="programlisting">#define U2FH_VERSION_NUMBER 0x010109
+<pre class="programlisting">#define U2FH_VERSION_NUMBER 0x01010a
 </pre>
 <p>Pre-processor symbol with a hexadecimal value describing the header
 file version number.  For example, when the header version is 1.2.3
@@ -155,7 +155,7 @@
 <hr>
 <div class="refsect2">
 <a name="U2FH-VERSION-PATCH:CAPS"></a><h3>U2FH_VERSION_PATCH</h3>
-<pre class="programlisting">#define U2FH_VERSION_PATCH 9
+<pre class="programlisting">#define U2FH_VERSION_PATCH 10
 </pre>
 <p>Pre-processor symbol with a decimal value that describe the patch
 level of the header file version number.  For example, when the
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/libu2f-host-1.1.9/src/u2f-host.1 
new/libu2f-host-1.1.10/src/u2f-host.1
--- old/libu2f-host-1.1.9/src/u2f-host.1        2019-03-06 09:45:00.000000000 
+0100
+++ new/libu2f-host-1.1.10/src/u2f-host.1       2019-05-15 13:54:51.000000000 
+0200
@@ -1,12 +1,12 @@
 .\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
-.TH U2F-HOST "1" "March 2019" "u2f-host 1.1.9" "User Commands"
+.TH U2F-HOST "1" "May 2019" "u2f-host 1.1.10" "User Commands"
 .SH NAME
 u2f-host \- Yubico Universal 2nd Factor (U2F) Host Tool
 .SH SYNOPSIS
 .B u2f-host
 [\fI\,OPTIONS\/\fR]...
 .SH DESCRIPTION
-u2f\-host 1.1.9
+u2f\-host 1.1.10
 .PP
 Perform U2F host\-side operations on the command line. Reads challenge from
 standard input and writes a response to standard output.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/libu2f-host-1.1.9/src/u2f-host.c 
new/libu2f-host-1.1.10/src/u2f-host.c
--- old/libu2f-host-1.1.9/src/u2f-host.c        2019-02-22 12:31:45.000000000 
+0100
+++ new/libu2f-host-1.1.10/src/u2f-host.c       2019-03-27 07:56:35.000000000 
+0100
@@ -33,7 +33,7 @@
   struct gengetopt_args_info args_info;
   char challenge[BUFSIZ];
   size_t chal_len;
-  char response[2048];
+  char response[2048] = {0};
   size_t response_len = sizeof (response);
   u2fh_devs *devs = NULL;
   u2fh_cmdflags flags = 0;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/libu2f-host-1.1.9/u2f-host/u2f-host-version.h 
new/libu2f-host-1.1.10/u2f-host/u2f-host-version.h
--- old/libu2f-host-1.1.9/u2f-host/u2f-host-version.h   2019-03-06 
09:44:57.000000000 +0100
+++ new/libu2f-host-1.1.10/u2f-host/u2f-host-version.h  2019-05-15 
13:54:48.000000000 +0200
@@ -30,7 +30,7 @@
  * version number.  Used together with u2fh_check_version() to verify
  * header file and run-time library consistency.
  */
-#define U2FH_VERSION_STRING "1.1.9"
+#define U2FH_VERSION_STRING "1.1.10"
 
 /**
  * U2FH_VERSION_NUMBER
@@ -40,7 +40,7 @@
  * this symbol will have the value 0x01020300.  The last two digits
  * are only used between public releases, and will otherwise be 00.
  */
-#define U2FH_VERSION_NUMBER 0x010109
+#define U2FH_VERSION_NUMBER 0x01010a
 
 /**
  * U2FH_VERSION_MAJOR
@@ -67,7 +67,7 @@
  * level of the header file version number.  For example, when the
  * header version is 1.2.3 this symbol will be 3.
  */
-#define U2FH_VERSION_PATCH 9
+#define U2FH_VERSION_PATCH 10
 
   const char *u2fh_check_version (const char *req_version);

Reply via email to