From b56677d039adc135740e5f3eee28eef06405d2cd Mon Sep 17 00:00:00 2001 From: "Gustavo B. Schenkel" Date: Sat, 10 Jul 2021 01:03:46 -0300 Subject: libraries/libu2f-host: Updated for version 1.1.11 (unreleased) Signed-off-by: Gustavo B. Schenkel Signed-off-by: Willy Sudiarto Raharjo --- libraries/libu2f-host/README | 2 + libraries/libu2f-host/libu2f-host.SlackBuild | 13 +++-- .../patches/0001-bump-versions-after-release.patch | 48 +++++++++++++++++ ...0002-README-add-FreeBSD-build-information.patch | 34 ++++++++++++ ...-note-about-maintenance-mode-and-libfido2.patch | 28 ++++++++++ ...2-sync-add-Infineon-eWBM-SecureClick-typo.patch | 44 +++++++++++++++ ...-new-eWBM-and-sort-device-IDs-numerically.patch | 40 ++++++++++++++ ...0006-devs-init_device-Fix-typo-in-comment.patch | 26 +++++++++ ...evice-Fix-misleading-comment-logical-inve.patch | 27 ++++++++++ ...e-70-u2f.rules-to-include-product-id-0121.patch | 26 +++++++++ .../patches/0009-Update-u2f.conf.sample.patch | 28 ++++++++++ .../patches/0010-fixed-the-duplication-typo.patch | 28 ++++++++++ .../patches/0011-Add-Onlykey-to-list.patch | 27 ++++++++++ .../0012-udev-u2f.conf-add-Nitrokey-FIDO2.patch | 50 +++++++++++++++++ .../0013-udev-u2f.conf-add-Safetech-SafeKey.patch | 48 +++++++++++++++++ ...u2f.conf-group-to-one-line-as-per-request.patch | 62 ++++++++++++++++++++++ ...ng-a-static-code-analysis-github-workflow.patch | 51 ++++++++++++++++++ ...case-when-new_device-returns-NULL-malloc-.patch | 30 +++++++++++ .../0017-Schedule-scans-at-least-once-a-week.patch | 29 ++++++++++ ...018-Adding-GoTrust-Idem-Key-to-udev-rules.patch | 44 +++++++++++++++ ...19-Add-support-for-upcoming-json-c-0.14.0.patch | 39 ++++++++++++++ .../patches/0020-additional-Feitian-keys.patch | 42 +++++++++++++++ ...ons-do-not-run-scan-if-missing-credential.patch | 62 ++++++++++++++++++++++ ...pdate-scan-action-with-correct-image-fqdn.patch | 35 ++++++++++++ .../0023-Added-udev-rules-for-MIRKey-devices.patch | 44 +++++++++++++++ ...pdate-Ledger-s-productIDs-add-Ledger-Blue.patch | 34 ++++++++++++ .../patches/0025-Add-deprecation-notice.patch | 26 +++++++++ 27 files changed, 963 insertions(+), 4 deletions(-) create mode 100644 libraries/libu2f-host/patches/0001-bump-versions-after-release.patch create mode 100644 libraries/libu2f-host/patches/0002-README-add-FreeBSD-build-information.patch create mode 100644 libraries/libu2f-host/patches/0003-add-note-about-maintenance-mode-and-libfido2.patch create mode 100644 libraries/libu2f-host/patches/0004-libfido2-sync-add-Infineon-eWBM-SecureClick-typo.patch create mode 100644 libraries/libu2f-host/patches/0005-add-two-new-eWBM-and-sort-device-IDs-numerically.patch create mode 100644 libraries/libu2f-host/patches/0006-devs-init_device-Fix-typo-in-comment.patch create mode 100644 libraries/libu2f-host/patches/0007-devs-init_device-Fix-misleading-comment-logical-inve.patch create mode 100644 libraries/libu2f-host/patches/0008-Update-70-u2f.rules-to-include-product-id-0121.patch create mode 100644 libraries/libu2f-host/patches/0009-Update-u2f.conf.sample.patch create mode 100644 libraries/libu2f-host/patches/0010-fixed-the-duplication-typo.patch create mode 100644 libraries/libu2f-host/patches/0011-Add-Onlykey-to-list.patch create mode 100644 libraries/libu2f-host/patches/0012-udev-u2f.conf-add-Nitrokey-FIDO2.patch create mode 100644 libraries/libu2f-host/patches/0013-udev-u2f.conf-add-Safetech-SafeKey.patch create mode 100644 libraries/libu2f-host/patches/0014-udev-u2f.conf-group-to-one-line-as-per-request.patch create mode 100644 libraries/libu2f-host/patches/0015-Adding-a-static-code-analysis-github-workflow.patch create mode 100644 libraries/libu2f-host/patches/0016-Handle-the-case-when-new_device-returns-NULL-malloc-.patch create mode 100644 libraries/libu2f-host/patches/0017-Schedule-scans-at-least-once-a-week.patch create mode 100644 libraries/libu2f-host/patches/0018-Adding-GoTrust-Idem-Key-to-udev-rules.patch create mode 100644 libraries/libu2f-host/patches/0019-Add-support-for-upcoming-json-c-0.14.0.patch create mode 100644 libraries/libu2f-host/patches/0020-additional-Feitian-keys.patch create mode 100644 libraries/libu2f-host/patches/0021-Github-Actions-do-not-run-scan-if-missing-credential.patch create mode 100644 libraries/libu2f-host/patches/0022-Update-scan-action-with-correct-image-fqdn.patch create mode 100644 libraries/libu2f-host/patches/0023-Added-udev-rules-for-MIRKey-devices.patch create mode 100644 libraries/libu2f-host/patches/0024-Update-Ledger-s-productIDs-add-Ledger-Blue.patch create mode 100644 libraries/libu2f-host/patches/0025-Add-deprecation-notice.patch (limited to 'libraries/libu2f-host') diff --git a/libraries/libu2f-host/README b/libraries/libu2f-host/README index 2673e9fda8..93f786eb3f 100644 --- a/libraries/libu2f-host/README +++ b/libraries/libu2f-host/README @@ -2,3 +2,5 @@ Yubico Universal 2nd Factor (U2F) Host C Library Libu2f-host provide a C library and command-line tool that implements the host-side of the U2F protocol. + +NOTE: Upstream project is deprecated and no longer maintained. diff --git a/libraries/libu2f-host/libu2f-host.SlackBuild b/libraries/libu2f-host/libu2f-host.SlackBuild index 94103fd0ac..314c3ddbfc 100644 --- a/libraries/libu2f-host/libu2f-host.SlackBuild +++ b/libraries/libu2f-host/libu2f-host.SlackBuild @@ -26,7 +26,8 @@ cd $(dirname $0) ; CWD=$(pwd) PRGNAM=libu2f-host SRCNAM=libu2f-host-libu2f-host -VERSION=${VERSION:-1.1.10} +VERSION=${VERSION:-1.1.11} +SRCVERSION=${SRCVERSION:-1.1.10} BUILD=${BUILD:-1} TAG=${TAG:-_SBo} @@ -61,9 +62,9 @@ set -e rm -rf $PKG mkdir -p $TMP $PKG $OUTPUT cd $TMP -rm -rf $SRCNAM-$VERSION -tar xvf $CWD/$SRCNAM-$VERSION.tar.gz -cd $SRCNAM-$VERSION +rm -rf $SRCNAM-$SRCVERSION +tar xvf $CWD/$SRCNAM-$SRCVERSION.tar.gz +cd $SRCNAM-$SRCVERSION chown -R root:root . find -L . \ \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \ @@ -71,6 +72,10 @@ find -L . \ \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \ -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \; +for i in $(ls -1 $CWD/patches/); do + patch -p1 < $CWD/patches/$i +done + autoreconf -fi CFLAGS="$SLKCFLAGS" \ CXXFLAGS="$SLKCFLAGS" \ diff --git a/libraries/libu2f-host/patches/0001-bump-versions-after-release.patch b/libraries/libu2f-host/patches/0001-bump-versions-after-release.patch new file mode 100644 index 0000000000..87a6c4bab8 --- /dev/null +++ b/libraries/libu2f-host/patches/0001-bump-versions-after-release.patch @@ -0,0 +1,48 @@ +From ef8b0c26df78f5bca48803fa350cf772eef351c8 Mon Sep 17 00:00:00 2001 +From: Klas Lindfors +Date: Wed, 15 May 2019 13:57:11 +0200 +Subject: [PATCH 01/25] bump versions after release + +Signed-off-by: Gustavo B. Schenkel +--- + NEWS | 2 ++ + configure.ac | 4 ++-- + 2 files changed, 4 insertions(+), 2 deletions(-) + +diff --git a/NEWS b/NEWS +index a85d667..fc933b8 100644 +--- a/NEWS ++++ b/NEWS +@@ -1,5 +1,7 @@ + libu2f-host NEWS -- History of user visible changes. + ++* Version 1.1.11 (unreleased) ++ + * Version 1.1.10 (released 2019-05-15) + + ** Add new devices to udev rules. +diff --git a/configure.ac b/configure.ac +index d5251d3..0031f76 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -13,7 +13,7 @@ + # You should have received a copy of the GNU General Public License + # along with this program. If not, see . + +-AC_INIT([libu2f-host], [1.1.10], [yubico-devel@googlegroups.com]) ++AC_INIT([libu2f-host], [1.1.11], [yubico-devel@googlegroups.com]) + AC_CONFIG_MACRO_DIR([m4]) + AC_CONFIG_HEADERS([config.h]) + AC_CONFIG_AUX_DIR([build-aux]) +@@ -21,7 +21,7 @@ AC_CONFIG_AUX_DIR([build-aux]) + # http://www.gnu.org/s/libtool/manual/html_node/Updating-version-info.html + AC_SUBST(LT_CURRENT, 1) # Interfaces removed: CURRENT++, AGE=0, REVISION=0 + AC_SUBST(LT_AGE, 1) # Interfaces added: CURRENT++, AGE++, REVISION=0 +-AC_SUBST(LT_REVISION, 10) # No interfaces changed: REVISION++ ++AC_SUBST(LT_REVISION, 11) # No interfaces changed: REVISION++ + + AM_INIT_AUTOMAKE([gnits dist-xz no-dist-gzip std-options -Wall]) + AM_SILENT_RULES([yes]) +-- +2.32.0 + diff --git a/libraries/libu2f-host/patches/0002-README-add-FreeBSD-build-information.patch b/libraries/libu2f-host/patches/0002-README-add-FreeBSD-build-information.patch new file mode 100644 index 0000000000..b58608f06e --- /dev/null +++ b/libraries/libu2f-host/patches/0002-README-add-FreeBSD-build-information.patch @@ -0,0 +1,34 @@ +From 24c6b57d25ff574ade39bdcbeb5eed2169f4b532 Mon Sep 17 00:00:00 2001 +From: Ed Maste +Date: Sat, 8 Jun 2019 01:36:29 -0400 +Subject: [PATCH 02/25] README: add FreeBSD build information + +Signed-off-by: Gustavo B. Schenkel +--- + README | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/README b/README +index e17d0e5..fefc96b 100644 +--- a/README ++++ b/README +@@ -177,6 +177,16 @@ Both of these require that a release tarball of the project exists in the + current directory. The value of the VERSION variable must match the version + on that tarball. + ++Building from Git works on FreeBSD (excluding documentation), using gmake. ++Dependencies may be installed via: ++ ++ # pkg install gengetopt help2man hidapi json-c u2f-devd ++ ++And then configure and build using: ++ ++ $ ./configure --disable-gtk-doc ++ $ gmake ++ + Namespaces + ---------- + +-- +2.32.0 + diff --git a/libraries/libu2f-host/patches/0003-add-note-about-maintenance-mode-and-libfido2.patch b/libraries/libu2f-host/patches/0003-add-note-about-maintenance-mode-and-libfido2.patch new file mode 100644 index 0000000000..18ef3adfb5 --- /dev/null +++ b/libraries/libu2f-host/patches/0003-add-note-about-maintenance-mode-and-libfido2.patch @@ -0,0 +1,28 @@ +From 08e32414f36b902127d679f55d439816e33dc0dc Mon Sep 17 00:00:00 2001 +From: Klas Lindfors +Date: Mon, 10 Jun 2019 12:08:33 +0200 +Subject: [PATCH 03/25] add note about maintenance mode and libfido2 + +Signed-off-by: Gustavo B. Schenkel +--- + README | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/README b/README +index e17d0e5..bc0c2fb 100644 +--- a/README ++++ b/README +@@ -10,6 +10,10 @@ device and perform the U2F Register and U2F Authenticate operations. + For the server-side aspect, see our + https://developers.yubico.com/libu2f-server/[libu2f-server project]. + ++NOTE: This project is in maintenance mode, ++https://developers.yubico.com/libfido2/[libfido2] is a new project with ++support for U2F and FIDO2. ++ + License + ------- + +-- +2.32.0 + diff --git a/libraries/libu2f-host/patches/0004-libfido2-sync-add-Infineon-eWBM-SecureClick-typo.patch b/libraries/libu2f-host/patches/0004-libfido2-sync-add-Infineon-eWBM-SecureClick-typo.patch new file mode 100644 index 0000000000..71c0947d76 --- /dev/null +++ b/libraries/libu2f-host/patches/0004-libfido2-sync-add-Infineon-eWBM-SecureClick-typo.patch @@ -0,0 +1,44 @@ +From 8c6c67da3a843e66a9149c7810bbc8f0b69099a1 Mon Sep 17 00:00:00 2001 +From: Royce Williams +Date: Tue, 16 Jul 2019 06:12:44 -0800 +Subject: [PATCH 04/25] libfido2 sync: add Infineon, eWBM; SecureClick typo + +Signed-off-by: Gustavo B. Schenkel +--- + 70-u2f.rules | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/70-u2f.rules b/70-u2f.rules +index 8ab5bcf..10aa977 100644 +--- a/70-u2f.rules ++++ b/70-u2f.rules +@@ -37,7 +37,7 @@ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="24dc", ATTRS{idProduct + # U2F Zero + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="8acf", TAG+="uaccess", GROUP="plugdev", MODE="0660" + +-# VASCO SeccureClick ++# VASCO SecureClick + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1a44", ATTRS{idProduct}=="00bb", TAG+="uaccess", GROUP="plugdev", MODE="0660" + + # Bluink Key +@@ -62,6 +62,9 @@ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1209", ATTRS{idProduct + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="534c", ATTRS{idProduct}=="0001", TAG+="uaccess", GROUP="plugdev", MODE="0660" + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="53c1", TAG+="uaccess", GROUP="plugdev", MODE="0660" + ++# Infineon FIDO ++KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="058b", ATTRS{idProduct}=="022d", TAG+="uaccess", GROUP="plugdev", MODE="0660" ++ + # Ledger Nano S and Nano X + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="2c97", ATTRS{idProduct}=="0001|0004", TAG+="uaccess", GROUP="plugdev", MODE="0660" + +@@ -71,4 +74,7 @@ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="06cb", ATTRS{idProduct + # Longmai mFIDO + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="4c4d", ATTRS{idProduct}=="f703", TAG+="uaccess", GROUP="plugdev", MODE="0660" + ++# eWBM FIDO2 - Goldengate 450, Goldengate 500 + biometric ++KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="311f", ATTRS{idProduct}=="f47c|5c2f", TAG+="uaccess", GROUP="plugdev", MODE="0660" ++ + LABEL="u2f_end" +-- +2.32.0 + diff --git a/libraries/libu2f-host/patches/0005-add-two-new-eWBM-and-sort-device-IDs-numerically.patch b/libraries/libu2f-host/patches/0005-add-two-new-eWBM-and-sort-device-IDs-numerically.patch new file mode 100644 index 0000000000..489a2e445e --- /dev/null +++ b/libraries/libu2f-host/patches/0005-add-two-new-eWBM-and-sort-device-IDs-numerically.patch @@ -0,0 +1,40 @@ +From 4218f6b8b974c954b54065591259a0c967f87570 Mon Sep 17 00:00:00 2001 +From: Royce Williams +Date: Sat, 17 Aug 2019 14:23:40 -0800 +Subject: [PATCH 05/25] add two new eWBM, and sort device IDs numerically + +Signed-off-by: Gustavo B. Schenkel +--- + 70-u2f.rules | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/70-u2f.rules b/70-u2f.rules +index 10aa977..40506d8 100644 +--- a/70-u2f.rules ++++ b/70-u2f.rules +@@ -25,10 +25,10 @@ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="2581", ATTRS{idProduct + # Neowave Keydo and Keydo AES + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1e0d", ATTRS{idProduct}=="f1d0|f1ae", TAG+="uaccess", GROUP="plugdev", MODE="0660" + +-# HyperSecu HyperFIDO, KeyID U2F ++# HyperSecu HyperFIDO + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="096e|2ccf", ATTRS{idProduct}=="0880", TAG+="uaccess", GROUP="plugdev", MODE="0660" + +-# Feitian ePass FIDO, BioPass FIDO2, KeyID U2F ++# Feitian ePass FIDO, BioPass FIDO2 + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="096e", ATTRS{idProduct}=="0850|0852|0853|0854|0856|0858|085a|085b|085d", TAG+="uaccess", GROUP="plugdev", MODE="0660" + + # JaCarta U2F +@@ -74,7 +74,7 @@ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="06cb", ATTRS{idProduct + # Longmai mFIDO + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="4c4d", ATTRS{idProduct}=="f703", TAG+="uaccess", GROUP="plugdev", MODE="0660" + +-# eWBM FIDO2 - Goldengate 450, Goldengate 500 + biometric +-KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="311f", ATTRS{idProduct}=="f47c|5c2f", TAG+="uaccess", GROUP="plugdev", MODE="0660" ++# eWBM FIDO2 - Goldengate 310, 320, 500, 450 ++KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="311f", ATTRS{idProduct}=="4a1a|4c2a|5c2f|f47c", TAG+="uaccess", GROUP="plugdev", MODE="0660" + + LABEL="u2f_end" +-- +2.32.0 + diff --git a/libraries/libu2f-host/patches/0006-devs-init_device-Fix-typo-in-comment.patch b/libraries/libu2f-host/patches/0006-devs-init_device-Fix-typo-in-comment.patch new file mode 100644 index 0000000000..626ea52997 --- /dev/null +++ b/libraries/libu2f-host/patches/0006-devs-init_device-Fix-typo-in-comment.patch @@ -0,0 +1,26 @@ +From aa981b17b84348e9421cae4b74527aad149c2017 Mon Sep 17 00:00:00 2001 +From: Nicolas Braud-Santoni +Date: Fri, 30 Aug 2019 12:20:32 +0200 +Subject: [PATCH 06/25] devs/init_device: Fix typo in comment + +Signed-off-by: Gustavo B. Schenkel +--- + u2f-host/devs.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/u2f-host/devs.c b/u2f-host/devs.c +index fadd3ce..f10048f 100644 +--- a/u2f-host/devs.c ++++ b/u2f-host/devs.c +@@ -303,7 +303,7 @@ init_device (u2fh_devs * devs, struct u2fdevice *dev) + &resplen) == U2FH_OK) + { + int offs = sizeof (nonce); +- /* the response has to be atleast 17 bytes, if it's more we discard that */ ++ /* the response has to be at least 17 bytes, if it's more we discard that */ + if (resplen < 17) + { + return U2FH_SIZE_ERROR; +-- +2.32.0 + diff --git a/libraries/libu2f-host/patches/0007-devs-init_device-Fix-misleading-comment-logical-inve.patch b/libraries/libu2f-host/patches/0007-devs-init_device-Fix-misleading-comment-logical-inve.patch new file mode 100644 index 0000000000..060b405907 --- /dev/null +++ b/libraries/libu2f-host/patches/0007-devs-init_device-Fix-misleading-comment-logical-inve.patch @@ -0,0 +1,27 @@ +From 3b8cf649c04e484d9162ab9325a4aa064df1f2ee Mon Sep 17 00:00:00 2001 +From: Nicolas Braud-Santoni +Date: Fri, 30 Aug 2019 12:21:13 +0200 +Subject: [PATCH 07/25] devs/init_device: Fix misleading comment (logical + inversion) + +Signed-off-by: Gustavo B. Schenkel +--- + u2f-host/devs.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/u2f-host/devs.c b/u2f-host/devs.c +index f10048f..aa76c9f 100644 +--- a/u2f-host/devs.c ++++ b/u2f-host/devs.c +@@ -303,7 +303,7 @@ init_device (u2fh_devs * devs, struct u2fdevice *dev) + &resplen) == U2FH_OK) + { + int offs = sizeof (nonce); +- /* the response has to be at least 17 bytes, if it's more we discard that */ ++ /* the response has to be at least 17 bytes, if it's less we discard it */ + if (resplen < 17) + { + return U2FH_SIZE_ERROR; +-- +2.32.0 + diff --git a/libraries/libu2f-host/patches/0008-Update-70-u2f.rules-to-include-product-id-0121.patch b/libraries/libu2f-host/patches/0008-Update-70-u2f.rules-to-include-product-id-0121.patch new file mode 100644 index 0000000000..cab5348a02 --- /dev/null +++ b/libraries/libu2f-host/patches/0008-Update-70-u2f.rules-to-include-product-id-0121.patch @@ -0,0 +1,26 @@ +From bf3a625d846e22ff0ac3abac386781e0c09ffcab Mon Sep 17 00:00:00 2001 +From: Jason Cawood +Date: Thu, 24 Oct 2019 16:14:27 -0700 +Subject: [PATCH 08/25] Update 70-u2f.rules to include product id 0121 + +Signed-off-by: Gustavo B. Schenkel +--- + 70-u2f.rules | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/70-u2f.rules b/70-u2f.rules +index 40506d8..c2babc4 100644 +--- a/70-u2f.rules ++++ b/70-u2f.rules +@@ -17,7 +17,7 @@ + ACTION!="add|change", GOTO="u2f_end" + + # Yubico YubiKey +-KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0113|0114|0115|0116|0120|0200|0402|0403|0406|0407|0410", TAG+="uaccess", GROUP="plugdev", MODE="0660" ++KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0113|0114|0115|0116|0120|0121|0200|0402|0403|0406|0407|0410", TAG+="uaccess", GROUP="plugdev", MODE="0660" + + # Happlink (formerly Plug-Up) Security KEY + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="2581", ATTRS{idProduct}=="f1d0", TAG+="uaccess", GROUP="plugdev", MODE="0660" +-- +2.32.0 + diff --git a/libraries/libu2f-host/patches/0009-Update-u2f.conf.sample.patch b/libraries/libu2f-host/patches/0009-Update-u2f.conf.sample.patch new file mode 100644 index 0000000000..62fbb2866d --- /dev/null +++ b/libraries/libu2f-host/patches/0009-Update-u2f.conf.sample.patch @@ -0,0 +1,28 @@ +From 452c52b11a3a8e54b9e63397c9fcd645f3a3a6fb Mon Sep 17 00:00:00 2001 +From: Jason Cawood +Date: Thu, 24 Oct 2019 16:22:55 -0700 +Subject: [PATCH 09/25] Update u2f.conf.sample + +This is to match the changes from commit bf3a625d846e22ff0ac3abac386781e0c09ffcab + +Signed-off-by: Gustavo B. Schenkel +--- + u2f.conf.sample | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/u2f.conf.sample b/u2f.conf.sample +index 7e685d0..040b5c2 100644 +--- a/u2f.conf.sample ++++ b/u2f.conf.sample +@@ -6,7 +6,7 @@ notify 100 { + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x1050"; +- match "product" "(0x0113|0x0114|0x0115|0x0116|0x0120|0x0200|0x0402|0x0403|0x0406|0x0407|0x0410)"; ++ match "product" "(0x0113|0x0114|0x0115|0x0116|0x0120|0x0120|0x0200|0x0402|0x0403|0x0406|0x0407|0x0410)"; + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; + }; + +-- +2.32.0 + diff --git a/libraries/libu2f-host/patches/0010-fixed-the-duplication-typo.patch b/libraries/libu2f-host/patches/0010-fixed-the-duplication-typo.patch new file mode 100644 index 0000000000..d9fde6174f --- /dev/null +++ b/libraries/libu2f-host/patches/0010-fixed-the-duplication-typo.patch @@ -0,0 +1,28 @@ +From ff8cfbe1e992cfd40c01541324c6f0155da26775 Mon Sep 17 00:00:00 2001 +From: Jason Cawood +Date: Thu, 24 Oct 2019 21:08:44 -0700 +Subject: [PATCH 10/25] fixed the duplication typo. + +I meant to update the file to include the new product id, but hastily included the id 0120 twice. This corrects that error and includes 0121 + +Signed-off-by: Gustavo B. Schenkel +--- + u2f.conf.sample | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/u2f.conf.sample b/u2f.conf.sample +index 040b5c2..6d89540 100644 +--- a/u2f.conf.sample ++++ b/u2f.conf.sample +@@ -6,7 +6,7 @@ notify 100 { + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x1050"; +- match "product" "(0x0113|0x0114|0x0115|0x0116|0x0120|0x0120|0x0200|0x0402|0x0403|0x0406|0x0407|0x0410)"; ++ match "product" "(0x0113|0x0114|0x0115|0x0116|0x0120|0x0121|0x0200|0x0402|0x0403|0x0406|0x0407|0x0410)"; + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; + }; + +-- +2.32.0 + diff --git a/libraries/libu2f-host/patches/0011-Add-Onlykey-to-list.patch b/libraries/libu2f-host/patches/0011-Add-Onlykey-to-list.patch new file mode 100644 index 0000000000..ab90dd93cf --- /dev/null +++ b/libraries/libu2f-host/patches/0011-Add-Onlykey-to-list.patch @@ -0,0 +1,27 @@ +From 5804827db7040f6e26926cd04ac2960521ef489f Mon Sep 17 00:00:00 2001 +From: onlykey +Date: Fri, 15 Nov 2019 15:43:18 -0500 +Subject: [PATCH 11/25] Add Onlykey to list + +Found a reference to these rules while adding OnlyKey to another set of rules here - https://github.com/snapcore/snapd/blob/master/interfaces/builtin/u2f_devices.go + +Signed-off-by: Gustavo B. Schenkel +--- + 70-u2f.rules | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/70-u2f.rules b/70-u2f.rules +index 40506d8..1479b9a 100644 +--- a/70-u2f.rules ++++ b/70-u2f.rules +@@ -77,4 +77,7 @@ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="4c4d", ATTRS{idProduct + # eWBM FIDO2 - Goldengate 310, 320, 500, 450 + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="311f", ATTRS{idProduct}=="4a1a|4c2a|5c2f|f47c", TAG+="uaccess", GROUP="plugdev", MODE="0660" + ++# OnlyKey (FIDO2 / U2F) ++KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1d50", ATTRS{idProduct}=="60fc", TAG+="uaccess", GROUP="plugdev", MODE="0660" ++ + LABEL="u2f_end" +-- +2.32.0 + diff --git a/libraries/libu2f-host/patches/0012-udev-u2f.conf-add-Nitrokey-FIDO2.patch b/libraries/libu2f-host/patches/0012-udev-u2f.conf-add-Nitrokey-FIDO2.patch new file mode 100644 index 0000000000..39035464f0 --- /dev/null +++ b/libraries/libu2f-host/patches/0012-udev-u2f.conf-add-Nitrokey-FIDO2.patch @@ -0,0 +1,50 @@ +From f6a895030fc38b311b336bbbf0a101b7055b2bf5 Mon Sep 17 00:00:00 2001 +From: Szczepan Zalega +Date: Thu, 28 Nov 2019 18:06:07 +0100 +Subject: [PATCH 12/25] udev/u2f.conf: add Nitrokey FIDO2 + +Signed-off-by: Gustavo B. Schenkel +--- + 70-u2f.rules | 5 +++-- + u2f.conf.sample | 4 ++-- + 2 files changed, 5 insertions(+), 4 deletions(-) + +diff --git a/70-u2f.rules b/70-u2f.rules +index c4d836e..2884456 100644 +--- a/70-u2f.rules ++++ b/70-u2f.rules +@@ -46,8 +46,9 @@ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="2abe", ATTRS{idProduct + # Thetis Key + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1ea8", ATTRS{idProduct}=="f025", TAG+="uaccess", GROUP="plugdev", MODE="0660" + +-# Nitrokey FIDO U2F +-KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="20a0", ATTRS{idProduct}=="4287", TAG+="uaccess", GROUP="plugdev", MODE="0660" ++# Nitrokey FIDO U2F, Nitrokey FIDO2 ++KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="20a0", ATTRS{idProduct}=="4287|42b1", TAG+="uaccess", GROUP="plugdev", MODE="0660" ++ + + # Google Titan U2F + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="18d1", ATTRS{idProduct}=="5026", TAG+="uaccess", GROUP="plugdev", MODE="0660" +diff --git a/u2f.conf.sample b/u2f.conf.sample +index 6d89540..7c4e38b 100644 +--- a/u2f.conf.sample ++++ b/u2f.conf.sample +@@ -100,13 +100,13 @@ notify 100 { + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; + }; + +-# Nitrokey FIDO U2F ++# Nitrokey FIDO U2F, Nitrokey FIDO2 + notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x20a0"; +- match "product" "0x4287"; ++ match "product" "(0x4287|0x42b1)"; + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; + }; + +-- +2.32.0 + diff --git a/libraries/libu2f-host/patches/0013-udev-u2f.conf-add-Safetech-SafeKey.patch b/libraries/libu2f-host/patches/0013-udev-u2f.conf-add-Safetech-SafeKey.patch new file mode 100644 index 0000000000..ab82c3f0e7 --- /dev/null +++ b/libraries/libu2f-host/patches/0013-udev-u2f.conf-add-Safetech-SafeKey.patch @@ -0,0 +1,48 @@ +From db42c388554a4179c0a839722754c530096a8484 Mon Sep 17 00:00:00 2001 +From: Szczepan Zalega +Date: Thu, 28 Nov 2019 18:06:26 +0100 +Subject: [PATCH 13/25] udev/u2f.conf: add Safetech SafeKey + +Signed-off-by: Gustavo B. Schenkel +--- + 70-u2f.rules | 2 ++ + u2f.conf.sample | 10 ++++++++++ + 2 files changed, 12 insertions(+) + +diff --git a/70-u2f.rules b/70-u2f.rules +index 2884456..3688c72 100644 +--- a/70-u2f.rules ++++ b/70-u2f.rules +@@ -49,6 +49,8 @@ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1ea8", ATTRS{idProduct + # Nitrokey FIDO U2F, Nitrokey FIDO2 + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="20a0", ATTRS{idProduct}=="4287|42b1", TAG+="uaccess", GROUP="plugdev", MODE="0660" + ++# Safetech SafeKey ++KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="20a0", ATTRS{idProduct}=="42b3", TAG+="uaccess", GROUP="plugdev", MODE="0660" + + # Google Titan U2F + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="18d1", ATTRS{idProduct}=="5026", TAG+="uaccess", GROUP="plugdev", MODE="0660" +diff --git a/u2f.conf.sample b/u2f.conf.sample +index 7c4e38b..0955ba5 100644 +--- a/u2f.conf.sample ++++ b/u2f.conf.sample +@@ -110,6 +110,16 @@ notify 100 { + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; + }; + ++# Safetech SafeKey ++notify 100 { ++ match "system" "USB"; ++ match "subsystem" "DEVICE"; ++ match "type" "ATTACH"; ++ match "vendor" "0x20a0"; ++ match "product" "0x42b3"; ++ action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; ++}; ++ + # Google Titan U2F + notify 100 { + match "system" "USB"; +-- +2.32.0 + diff --git a/libraries/libu2f-host/patches/0014-udev-u2f.conf-group-to-one-line-as-per-request.patch b/libraries/libu2f-host/patches/0014-udev-u2f.conf-group-to-one-line-as-per-request.patch new file mode 100644 index 0000000000..92460be8d6 --- /dev/null +++ b/libraries/libu2f-host/patches/0014-udev-u2f.conf-group-to-one-line-as-per-request.patch @@ -0,0 +1,62 @@ +From 003eabece00a9e5ff950af078500fa7a65d74943 Mon Sep 17 00:00:00 2001 +From: Szczepan Zalega +Date: Fri, 29 Nov 2019 10:58:32 +0100 +Subject: [PATCH 14/25] udev/u2f.conf: group to one line as per request + +Signed-off-by: Gustavo B. Schenkel +--- + 70-u2f.rules | 7 ++----- + u2f.conf.sample | 14 ++------------ + 2 files changed, 4 insertions(+), 17 deletions(-) + +diff --git a/70-u2f.rules b/70-u2f.rules +index 3688c72..32e2b93 100644 +--- a/70-u2f.rules ++++ b/70-u2f.rules +@@ -46,11 +46,8 @@ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="2abe", ATTRS{idProduct + # Thetis Key + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1ea8", ATTRS{idProduct}=="f025", TAG+="uaccess", GROUP="plugdev", MODE="0660" + +-# Nitrokey FIDO U2F, Nitrokey FIDO2 +-KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="20a0", ATTRS{idProduct}=="4287|42b1", TAG+="uaccess", GROUP="plugdev", MODE="0660" +- +-# Safetech SafeKey +-KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="20a0", ATTRS{idProduct}=="42b3", TAG+="uaccess", GROUP="plugdev", MODE="0660" ++# Nitrokey FIDO U2F, Nitrokey FIDO2, Safetech SafeKey ++KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="20a0", ATTRS{idProduct}=="4287|42b1|42b3", TAG+="uaccess", GROUP="plugdev", MODE="0660" + + # Google Titan U2F + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="18d1", ATTRS{idProduct}=="5026", TAG+="uaccess", GROUP="plugdev", MODE="0660" +diff --git a/u2f.conf.sample b/u2f.conf.sample +index 0955ba5..9d91df7 100644 +--- a/u2f.conf.sample ++++ b/u2f.conf.sample +@@ -100,23 +100,13 @@ notify 100 { + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; + }; + +-# Nitrokey FIDO U2F, Nitrokey FIDO2 ++# Nitrokey FIDO U2F, Nitrokey FIDO2, Safetech SafeKey + notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x20a0"; +- match "product" "(0x4287|0x42b1)"; +- action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; +-}; +- +-# Safetech SafeKey +-notify 100 { +- match "system" "USB"; +- match "subsystem" "DEVICE"; +- match "type" "ATTACH"; +- match "vendor" "0x20a0"; +- match "product" "0x42b3"; ++ match "product" "(0x4287|0x42b1|0x42b3)"; + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; + }; + +-- +2.32.0 + diff --git a/libraries/libu2f-host/patches/0015-Adding-a-static-code-analysis-github-workflow.patch b/libraries/libu2f-host/patches/0015-Adding-a-static-code-analysis-github-workflow.patch new file mode 100644 index 0000000000..0e33bc90f1 --- /dev/null +++ b/libraries/libu2f-host/patches/0015-Adding-a-static-code-analysis-github-workflow.patch @@ -0,0 +1,51 @@ +From ec539302876c4ab05ae0438ca4e575968270526b Mon Sep 17 00:00:00 2001 +From: Gabriel Kihlman +Date: Tue, 17 Dec 2019 15:16:44 +0100 +Subject: [PATCH 15/25] Adding a static code analysis github workflow + +Signed-off-by: Gustavo B. Schenkel +--- + .github/workflows/scan.yml | 31 +++++++++++++++++++++++++++++++ + 1 file changed, 31 insertions(+) + create mode 100644 .github/workflows/scan.yml + +diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml +new file mode 100644 +index 0000000..f8e54a1 +--- /dev/null ++++ b/.github/workflows/scan.yml +@@ -0,0 +1,31 @@ ++name: static code analysis ++ ++on: [push] ++env: ++ SCAN_IMG: ++ yes-docker-local.artifactory.in.yubico.org/static-code-analysis/c:v1 ++ ++jobs: ++ build: ++ runs-on: ubuntu-latest ++ ++ steps: ++ - uses: actions/checkout@master ++ ++ - name: Prep scan ++ run: | ++ docker login yes-docker-local.artifactory.in.yubico.org/ \ ++ -u svc-static-code-analysis-reader \ ++ -p ${{ secrets.ARTIFACTORY_READER_TOKEN }} ++ docker pull ${SCAN_IMG} ++ ++ - name: Scan but do not fail on warnings ++ run: | ++ docker run -v${PWD}:/k -e COMPILE_DEPS="${COMPILE_DEPS}" \ ++ -e PROJECT_NAME=${GITHUB_REPOSITORY#Yubico/} -t ${SCAN_IMG} || true ++ ++ - uses: actions/upload-artifact@master ++ if: failure() ++ with: ++ name: suppression_files ++ path: suppression_files +-- +2.32.0 + diff --git a/libraries/libu2f-host/patches/0016-Handle-the-case-when-new_device-returns-NULL-malloc-.patch b/libraries/libu2f-host/patches/0016-Handle-the-case-when-new_device-returns-NULL-malloc-.patch new file mode 100644 index 0000000000..d85161cd25 --- /dev/null +++ b/libraries/libu2f-host/patches/0016-Handle-the-case-when-new_device-returns-NULL-malloc-.patch @@ -0,0 +1,30 @@ +From d944fafe8cee766e5c3c601a16797b890420802c Mon Sep 17 00:00:00 2001 +From: Gabriel Kihlman +Date: Wed, 18 Dec 2019 12:34:30 +0100 +Subject: [PATCH 16/25] Handle the case when new_device() returns NULL (malloc + failure) + +Signed-off-by: Gustavo B. Schenkel +--- + u2f-host/devs.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/u2f-host/devs.c b/u2f-host/devs.c +index aa76c9f..7650743 100644 +--- a/u2f-host/devs.c ++++ b/u2f-host/devs.c +@@ -435,6 +435,11 @@ u2fh_devs_discover (u2fh_devs * devs, unsigned *max_index) + if (usage_page == FIDO_USAGE_PAGE && usage == FIDO_USAGE_U2FHID) + { + dev = new_device (devs); ++ if (dev == NULL) ++ { ++ res = U2FH_MEMORY_ERROR; ++ goto out; ++ } + dev->devh = hid_open_path (cur_dev->path); + if (dev->devh != NULL) + { +-- +2.32.0 + diff --git a/libraries/libu2f-host/patches/0017-Schedule-scans-at-least-once-a-week.patch b/libraries/libu2f-host/patches/0017-Schedule-scans-at-least-once-a-week.patch new file mode 100644 index 0000000000..6af583f0f2 --- /dev/null +++ b/libraries/libu2f-host/patches/0017-Schedule-scans-at-least-once-a-week.patch @@ -0,0 +1,29 @@ +From 03f474d741e654d7ca3f6753f7e9ed8132dacdd7 Mon Sep 17 00:00:00 2001 +From: Gabriel Kihlman +Date: Fri, 10 Jan 2020 12:42:23 +0100 +Subject: [PATCH 17/25] Schedule scans at least once a week + +Signed-off-by: Gustavo B. Schenkel +--- + .github/workflows/scan.yml | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml +index f8e54a1..ec6ba52 100644 +--- a/.github/workflows/scan.yml ++++ b/.github/workflows/scan.yml +@@ -1,6 +1,10 @@ + name: static code analysis + +-on: [push] ++on: ++ push: ++ schedule: ++ - cron: '0 0 * * 1' ++ + env: + SCAN_IMG: + yes-docker-local.artifactory.in.yubico.org/static-code-analysis/c:v1 +-- +2.32.0 + diff --git a/libraries/libu2f-host/patches/0018-Adding-GoTrust-Idem-Key-to-udev-rules.patch b/libraries/libu2f-host/patches/0018-Adding-GoTrust-Idem-Key-to-udev-rules.patch new file mode 100644 index 0000000000..61e16b0e8f --- /dev/null +++ b/libraries/libu2f-host/patches/0018-Adding-GoTrust-Idem-Key-to-udev-rules.patch @@ -0,0 +1,44 @@ +From cb2fc30b6f3622a4f35d84714bd89091809d7f7f Mon Sep 17 00:00:00 2001 +From: Brad Israel +Date: Wed, 15 Jan 2020 22:27:53 -0500 +Subject: [PATCH 18/25] Adding GoTrust Idem Key to udev rules + +Signed-off-by: Gustavo B. Schenkel +--- + 70-u2f.rules | 3 +++ + u2f.conf.sample | 10 ++++++++++ + 2 files changed, 13 insertions(+) + +diff --git a/70-u2f.rules b/70-u2f.rules +index 32e2b93..4ef1096 100644 +--- a/70-u2f.rules ++++ b/70-u2f.rules +@@ -80,4 +80,7 @@ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="311f", ATTRS{idProduct + # OnlyKey (FIDO2 / U2F) + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1d50", ATTRS{idProduct}=="60fc", TAG+="uaccess", GROUP="plugdev", MODE="0660" + ++# GoTrust Idem Key ++KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1fc9", ATTRS{idProduct}=="f143", TAG+="uaccess", GROUP="plugdev", MODE="0660" ++ + LABEL="u2f_end" +diff --git a/u2f.conf.sample b/u2f.conf.sample +index 9d91df7..b796d3f 100644 +--- a/u2f.conf.sample ++++ b/u2f.conf.sample +@@ -139,3 +139,13 @@ notify 100 { + match "product" "(0x5070|0x50b0)"; + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; + }; ++ ++# GoTrust Idem Key ++notify 100 { ++ match "system" "USB"; ++ match "subsystem" "DEVICE"; ++ match "type" "ATTACH"; ++ match "vendor" "0x1fc9"; ++ match "product" "0xf143"; ++ action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; ++}; +-- +2.32.0 + diff --git a/libraries/libu2f-host/patches/0019-Add-support-for-upcoming-json-c-0.14.0.patch b/libraries/libu2f-host/patches/0019-Add-support-for-upcoming-json-c-0.14.0.patch new file mode 100644 index 0000000000..bd1ec91551 --- /dev/null +++ b/libraries/libu2f-host/patches/0019-Add-support-for-upcoming-json-c-0.14.0.patch @@ -0,0 +1,39 @@ +From 840f01135d2892f45e71b9e90405de587991bd03 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= +Date: Mon, 13 Apr 2020 14:12:25 +0200 +Subject: [PATCH 19/25] Add support for upcoming json-c 0.14.0. + +TRUE/FALSE are not defined anymore. 1 and 0 are used instead. + +Signed-off-by: Gustavo B. Schenkel +--- + u2f-host/u2fmisc.c | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/u2f-host/u2fmisc.c b/u2f-host/u2fmisc.c +index e40ca3d..5a032ce 100644 +--- a/u2f-host/u2fmisc.c ++++ b/u2f-host/u2fmisc.c +@@ -33,6 +33,19 @@ typedef int json_bool; + #define u2fh_json_object_object_get(obj, key, value) (value = json_object_object_get(obj, key)) == NULL ? (json_bool)FALSE : (json_bool)TRUE + #endif + ++/* json-c 0.13.99 does not define TRUE/FALSE anymore ++ * the json-c maintainers replaced them with pure 1/0 ++ * https://github.com/json-c/json-c/commit/0992aac61f8b ++ */ ++#if defined JSON_C_VERSION_NUM && JSON_C_VERSION_NUM >= ((13 << 8) | 99) ++#ifndef FALSE ++#define FALSE 0 ++#endif ++#ifndef TRUE ++#define TRUE 1 ++#endif ++#endif ++ + static void + dumpHex (unsigned char *data, int offs, int len) + { +-- +2.32.0 + diff --git a/libraries/libu2f-host/patches/0020-additional-Feitian-keys.patch b/libraries/libu2f-host/patches/0020-additional-Feitian-keys.patch new file mode 100644 index 0000000000..43a2f3d29a --- /dev/null +++ b/libraries/libu2f-host/patches/0020-additional-Feitian-keys.patch @@ -0,0 +1,42 @@ +From f9b2e731ae9f41f8cd1f98587dc4de620b7a9471 Mon Sep 17 00:00:00 2001 +From: Henrik Loeser +Date: Wed, 20 May 2020 20:41:20 +0200 +Subject: [PATCH 20/25] additional Feitian keys + +K33 and K43, see https://www.ftsafe.com/Products/FIDO/Bio + +Signed-off-by: Gustavo B. Schenkel +--- + 70-u2f.rules | 2 +- + u2f.conf.sample | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/70-u2f.rules b/70-u2f.rules +index 4ef1096..1427910 100644 +--- a/70-u2f.rules ++++ b/70-u2f.rules +@@ -29,7 +29,7 @@ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1e0d", ATTRS{idProduct + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="096e|2ccf", ATTRS{idProduct}=="0880", TAG+="uaccess", GROUP="plugdev", MODE="0660" + + # Feitian ePass FIDO, BioPass FIDO2 +-KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="096e", ATTRS{idProduct}=="0850|0852|0853|0854|0856|0858|085a|085b|085d", TAG+="uaccess", GROUP="plugdev", MODE="0660" ++KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="096e", ATTRS{idProduct}=="0850|0852|0853|0854|0856|0858|085a|085b|085d|0866|0867", TAG+="uaccess", GROUP="plugdev", MODE="0660" + + # JaCarta U2F + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="24dc", ATTRS{idProduct}=="0101|0501", TAG+="uaccess", GROUP="plugdev", MODE="0660" +diff --git a/u2f.conf.sample b/u2f.conf.sample +index b796d3f..d3ed491 100644 +--- a/u2f.conf.sample ++++ b/u2f.conf.sample +@@ -46,7 +46,7 @@ notify 100 { + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x096e"; +- match "product" "(0x0850|0x0852|0x0853|0x0854|0x0856|0x0858|0x085a|0x085b|0x085d)"; ++ match "product" "(0x0850|0x0852|0x0853|0x0854|0x0856|0x0858|0x085a|0x085b|0x085d|0x0866|0x0867)"; + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; + }; + +-- +2.32.0 + diff --git a/libraries/libu2f-host/patches/0021-Github-Actions-do-not-run-scan-if-missing-credential.patch b/libraries/libu2f-host/patches/0021-Github-Actions-do-not-run-scan-if-missing-credential.patch new file mode 100644 index 0000000000..66ceb1d9b3 --- /dev/null +++ b/libraries/libu2f-host/patches/0021-Github-Actions-do-not-run-scan-if-missing-credential.patch @@ -0,0 +1,62 @@ +From 33cd26f945925d64e0ccef41d13be17e84f99f44 Mon Sep 17 00:00:00 2001 +From: Gabriel Kihlman +Date: Tue, 23 Jun 2020 16:25:16 +0200 +Subject: [PATCH 21/25] Github Actions: do not run scan if missing credentials + +Also toggle workflow to fail if there are warnings. + +Signed-off-by: Gustavo B. Schenkel +--- + .github/workflows/scan.yml | 23 +++++++++++++---------- + 1 file changed, 13 insertions(+), 10 deletions(-) + +diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml +index ec6ba52..09f16ab 100644 +--- a/.github/workflows/scan.yml ++++ b/.github/workflows/scan.yml +@@ -1,4 +1,5 @@ + name: static code analysis ++# Documentation: https://github.com/Yubico/yes-static-code-analysis + + on: + push: +@@ -8,6 +9,7 @@ on: + env: + SCAN_IMG: + yes-docker-local.artifactory.in.yubico.org/static-code-analysis/c:v1 ++ SECRET: ${{ secrets.ARTIFACTORY_READER_TOKEN }} + + jobs: + build: +@@ -16,17 +18,18 @@ jobs: + steps: + - uses: actions/checkout@master + +- - name: Prep scan ++ - name: Scan and fail on warnings + run: | +- docker login yes-docker-local.artifactory.in.yubico.org/ \ +- -u svc-static-code-analysis-reader \ +- -p ${{ secrets.ARTIFACTORY_READER_TOKEN }} +- docker pull ${SCAN_IMG} +- +- - name: Scan but do not fail on warnings +- run: | +- docker run -v${PWD}:/k -e COMPILE_DEPS="${COMPILE_DEPS}" \ +- -e PROJECT_NAME=${GITHUB_REPOSITORY#Yubico/} -t ${SCAN_IMG} || true ++ if [ "${SECRET}" != "" ]; then ++ docker login yes-docker-local.artifactory.in.yubico.org/ \ ++ -u svc-static-code-analysis-reader -p ${SECRET} ++ docker pull ${SCAN_IMG} ++ docker run -v${PWD}:/k -e COMPILE_DEPS="${COMPILE_DEPS}" \ ++ -e PROJECT_NAME=${GITHUB_REPOSITORY#Yubico/} \ ++ -e PVS_IGNORE_WARNINGS=${PVS_IGNORE_WARNINGS} -t ${SCAN_IMG} ++ else ++ echo "No docker registry credentials, not scanning" ++ fi + + - uses: actions/upload-artifact@master + if: failure() +-- +2.32.0 + diff --git a/libraries/libu2f-host/patches/0022-Update-scan-action-with-correct-image-fqdn.patch b/libraries/libu2f-host/patches/0022-Update-scan-action-with-correct-image-fqdn.patch new file mode 100644 index 0000000000..02559d6ac6 --- /dev/null +++ b/libraries/libu2f-host/patches/0022-Update-scan-action-with-correct-image-fqdn.patch @@ -0,0 +1,35 @@ +From 4c1428647ea83acdd1d7780338d0ed3d993f61ba Mon Sep 17 00:00:00 2001 +From: Marissa Nishimoto +Date: Mon, 27 Jul 2020 15:52:06 -0700 +Subject: [PATCH 22/25] Update scan action with correct image fqdn + +Signed-off-by: Gustavo B. Schenkel +--- + .github/workflows/scan.yml | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml +index 09f16ab..d40da2f 100644 +--- a/.github/workflows/scan.yml ++++ b/.github/workflows/scan.yml +@@ -8,7 +8,7 @@ on: + + env: + SCAN_IMG: +- yes-docker-local.artifactory.in.yubico.org/static-code-analysis/c:v1 ++ yubico-yes-docker-local.jfrog.io/static-code-analysis/c:v1 + SECRET: ${{ secrets.ARTIFACTORY_READER_TOKEN }} + + jobs: +@@ -21,7 +21,7 @@ jobs: + - name: Scan and fail on warnings + run: | + if [ "${SECRET}" != "" ]; then +- docker login yes-docker-local.artifactory.in.yubico.org/ \ ++ docker login yubico-yes-docker-local.jfrog.io/ \ + -u svc-static-code-analysis-reader -p ${SECRET} + docker pull ${SCAN_IMG} + docker run -v${PWD}:/k -e COMPILE_DEPS="${COMPILE_DEPS}" \ +-- +2.32.0 + diff --git a/libraries/libu2f-host/patches/0023-Added-udev-rules-for-MIRKey-devices.patch b/libraries/libu2f-host/patches/0023-Added-udev-rules-for-MIRKey-devices.patch new file mode 100644 index 0000000000..aeaa5769ae --- /dev/null +++ b/libraries/libu2f-host/patches/0023-Added-udev-rules-for-MIRKey-devices.patch @@ -0,0 +1,44 @@ +From 929fda27c7453453ebc8d99c85208d82417009f6 Mon Sep 17 00:00:00 2001 +From: Kobus Grobler +Date: Wed, 26 Aug 2020 21:55:24 +0200 +Subject: [PATCH 23/25] Added udev rules for MIRKey devices + +Signed-off-by: Gustavo B. Schenkel +--- + 70-u2f.rules | 3 +++ + u2f.conf.sample | 10 ++++++++++ + 2 files changed, 13 insertions(+) + +diff --git a/70-u2f.rules b/70-u2f.rules +index 1427910..0c2bc69 100644 +--- a/70-u2f.rules ++++ b/70-u2f.rules +@@ -83,4 +83,7 @@ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1d50", ATTRS{idProduct + # GoTrust Idem Key + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1fc9", ATTRS{idProduct}=="f143", TAG+="uaccess", GROUP="plugdev", MODE="0660" + ++# ellipticSecure MIRKey ++KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a2ac", TAG+="uaccess", GROUP="plugdev", MODE="0660" ++ + LABEL="u2f_end" +diff --git a/u2f.conf.sample b/u2f.conf.sample +index d3ed491..36dead9 100644 +--- a/u2f.conf.sample ++++ b/u2f.conf.sample +@@ -149,3 +149,13 @@ notify 100 { + match "product" "0xf143"; + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; + }; ++ ++# ellipticSecure MIRKey ++notify 100 { ++ match "system" "USB"; ++ match "subsystem" "DEVICE"; ++ match "type" "ATTACH"; ++ match "vendor" "0x0483"; ++ match "product" "0xa2ac"; ++ action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; ++}; +-- +2.32.0 + diff --git a/libraries/libu2f-host/patches/0024-Update-Ledger-s-productIDs-add-Ledger-Blue.patch b/libraries/libu2f-host/patches/0024-Update-Ledger-s-productIDs-add-Ledger-Blue.patch new file mode 100644 index 0000000000..791afdead6 --- /dev/null +++ b/libraries/libu2f-host/patches/0024-Update-Ledger-s-productIDs-add-Ledger-Blue.patch @@ -0,0 +1,34 @@ +From 443d2cea29fd4d9a9fa39b12d6556c85440cd8bc Mon Sep 17 00:00:00 2001 +From: TamtamHero <10632523+TamtamHero@users.noreply.github.com> +Date: Wed, 30 Sep 2020 12:21:34 +0200 +Subject: [PATCH 24/25] Update Ledger's productIDs + add Ledger Blue + +Following https://www.ledger.com/windows-10-update-sunsetting-u2f-tunnel-transport-for-ledger-devices/, all Ledger products have changed the productID they advertise. +There's now 2 different combinations commonly available per device: + + HID + U2F -> xx05 + HID + U2F + WebUSB-> xx15 + +Signed-off-by: Gustavo B. Schenkel +--- + 70-u2f.rules | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/70-u2f.rules b/70-u2f.rules +index 0c2bc69..1f90ddf 100644 +--- a/70-u2f.rules ++++ b/70-u2f.rules +@@ -65,8 +65,8 @@ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1209", ATTRS{idProduct + # Infineon FIDO + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="058b", ATTRS{idProduct}=="022d", TAG+="uaccess", GROUP="plugdev", MODE="0660" + +-# Ledger Nano S and Nano X +-KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="2c97", ATTRS{idProduct}=="0001|0004", TAG+="uaccess", GROUP="plugdev", MODE="0660" ++# Ledger Blue, Nano S and Nano X ++KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="2c97", ATTRS{idProduct}=="0000|0001|0004|0005|0015|1005|1015|4005|4015", TAG+="uaccess", GROUP="plugdev", MODE="0660" + + # Kensington VeriMark + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="06cb", ATTRS{idProduct}=="0088", TAG+="uaccess", GROUP="plugdev", MODE="0660" +-- +2.32.0 + diff --git a/libraries/libu2f-host/patches/0025-Add-deprecation-notice.patch b/libraries/libu2f-host/patches/0025-Add-deprecation-notice.patch new file mode 100644 index 0000000000..99758317d0 --- /dev/null +++ b/libraries/libu2f-host/patches/0025-Add-deprecation-notice.patch @@ -0,0 +1,26 @@ +From 420a18112a0aab09f19915cd7465e471e29717cd Mon Sep 17 00:00:00 2001 +From: Gabriel Kihlman +Date: Wed, 14 Oct 2020 14:16:07 +0200 +Subject: [PATCH 25/25] Add deprecation notice + +Signed-off-by: Gustavo B. Schenkel +--- + README | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/README b/README +index bc920d6..4b5bc8c 100644 +--- a/README ++++ b/README +@@ -10,7 +10,7 @@ device and perform the U2F Register and U2F Authenticate operations. + For the server-side aspect, see our + https://developers.yubico.com/libu2f-server/[libu2f-server project]. + +-NOTE: This project is in maintenance mode, ++NOTE: This project is deprecated and is no longer being maintained. + https://developers.yubico.com/libfido2/[libfido2] is a new project with + support for U2F and FIDO2. + +-- +2.32.0 + -- cgit v1.2.3-65-gdbad