# # spec file for package libfido2 # # Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via https://bugs.opensuse.org/ # %define sover 1 Name: libfido2 Version: 1.9.0 Release: 1.3 Summary: FIDO U2F and FIDO 2.0 protocols License: BSD-2-Clause Group: Development/Libraries/C and C++ URL: https://developers.yubico.com/ Source0: https://developers.yubico.com/libfido2/Releases/%{name}-%{version}.tar.gz Source1: https://developers.yubico.com/libfido2/Releases/%{name}-%{version}.tar.gz.sig BuildRequires: cmake BuildRequires: gcc-c++ BuildRequires: libopenssl-1_1-devel BuildRequires: ninja BuildRequires: pkgconfig BuildRequires: pkgconfig(hidapi-hidraw) BuildRequires: pkgconfig(libcbor) BuildRequires: pkgconfig(libudev) BuildRequires: pkgconfig(zlib) %description Provides library functionality for communicating with a FIDO device over USB as well as verifying attestation and assertion signatures. %package -n %{name}-%{sover} Summary: FIDO U2F and FIDO 2.0 protocols Group: Development/Libraries/C and C++ Provides: %{name} = %{version} Obsoletes: %{name} < %{version} %description -n %{name}-%{sover} This library supports the FIDO U2F and FIDO 2.0 protocols for communicating with a USB authenticator via the Client-to-Authenticator Protocol (CTAP 1 and 2). %package -n %{name}-devel Summary: Development files for FIDO U2F and FIDO 2.0 protocols Group: Development/Libraries/C and C++ Requires: %{name}-%{sover} = %{version} Requires: libopenssl-1_1-devel Conflicts: libfido2-0_4_0 Conflicts: libfido2-1_0_0 %description -n %{name}-devel This package contains the header file needed to develop applications that use FIDO U2F and FIDO 2.0 protocols. %package -n %{name}-utils Summary: Utility programs making use of libfido2, a library for FIDO U2F and FIDO 2.0 Group: Hardware/Other Conflicts: libfido2-0_4_0 Conflicts: libfido2-1_0_0 %description -n %{name}-utils This package contains utilities to use FIDO U2F and FIDO 2.0 protocols. %package -n %{name}-udev Summary: Udev rules for libfido2 Group: Development/Libraries/C and C++ BuildArch: noarch %description -n %{name}-udev This package contains the udev rules for FIDO2 compatible devices. %prep %autosetup -p1 %build %define __builder ninja %cmake \ -DCBOR_LIBRARY_DIRS=%{_libdir} \ -DBUILD_EXAMPLES=OFF \ -DUSE_HIDAPI=ON \ -DNFC_LINUX=ON %cmake_build %install %cmake_install # Remove Debian specific plugdev setting from udev rules sed -i -e 's/, GROUP="plugdev"//g ; s/, MODE="0660"//g' udev/70-u2f.rules # u2f-host has the same udev rule, use a different name mkdir -p %{buildroot}%{_udevrulesdir} install -m 0644 udev/70-u2f.rules %{buildroot}%{_udevrulesdir}/70-fido2.rules find %{buildroot} -type f -name "*.a" -delete -print %post -n %{name}-%{sover} -p /sbin/ldconfig %postun -n %{name}-%{sover} -p /sbin/ldconfig %post udev %{udev_rules_update} %postun udev %{udev_rules_update} %files -n %{name}-%{sover} %license LICENSE %doc README.adoc %{_libdir}/%{name}.so.* %files -n %{name}-devel %{_includedir}/*.h %dir %{_includedir}/fido %{_includedir}/fido/*.h %{_libdir}/%{name}.so %{_mandir}/man3/* %{_libdir}/pkgconfig/* %files udev %{_udevrulesdir}/70-fido2.rules %files -n %{name}-utils %{_bindir}/fido2-* %{_mandir}/man1/* %changelog * Mon Nov 1 2021 Torsten Gruner - Version 1.9.0 (2021-10-27) * Enabled NFC support on Linux. * Added OpenSSL 3.0 compatibility. * Removed OpenSSL 1.0 compatibility. * Support for FIDO 2.1 "minPinLength" extension. * Support for COSE_EDDSA, COSE_ES256, and COSE_RS1 attestation. * Support for TPM 2.0 attestation. * Support for device timeouts; see fido_dev_set_timeout(). * New API calls: - es256_pk_from_EVP_PKEY; - fido_cred_attstmt_len; - fido_cred_attstmt_ptr; - fido_cred_pin_minlen; - fido_cred_set_attstmt; - fido_cred_set_pin_minlen; - fido_dev_set_pin_minlen_rpid; - fido_dev_set_timeout; - rs256_pk_from_EVP_PKEY. * Reliability and portability fixes. * Better handling of HID devices without identification strings; gh#381. * Fixed detection of Windows’s native webauthn API; gh#382. * Tue Sep 21 2021 Paolo Perego - Removed fix-cmake-linking.patch because no longer needed * Tue Sep 14 2021 Paolo Perego - Update to version 1.8.0: * Dropped 'Requires.private' entry from pkg-config file. * Better support for FIDO 2.1 authenticators. * Support for Windows's native webauthn API. * Support for attestation format 'none'. * New API calls: - fido_assert_set_clientdata; - fido_cbor_info_algorithm_cose; - fido_cbor_info_algorithm_count; - fido_cbor_info_algorithm_type; - fido_cbor_info_transports_len; - fido_cbor_info_transports_ptr; - fido_cred_set_clientdata; - fido_cred_set_id; - fido_credman_set_dev_rk; - fido_dev_is_winhello. * fido2-token: new -Sc option to update a resident credential. * Documentation and reliability fixes. * HID access serialisation on Linux. - disable fix-cmake-linking.patch, not needed currently * Sat Apr 17 2021 Ferdinand Thiessen - Update to version 1.7.0: * hid_win: detect devices with vendor or product IDs > 0x7fff * Support for FIDO 2.1 authenticator configuration. * Support for FIDO 2.1 UV token permissions. * Support for FIDO 2.1 "credBlobs" and "largeBlobs" extensions. * New API calls * New fido_init flag to disable fido_dev_open’s U2F fallback * Experimental NFC support on Linux. - Enabled hidapi again, issues related to hidapi are fixed upstream * Added fix-cmake-linking.patch to fix linking * Wed Jan 20 2021 Martin Pluskal - Update to version 1.6.0: * Fix OpenSSL 1.0 and Cygwin builds. * hid_linux: fix build on 32-bit systems. * hid_osx: allow reads from spawned threads. * Documentation and reliability fixes. * New API calls: + fido_cred_authdata_raw_len; + fido_cred_authdata_raw_ptr; + fido_cred_sigcount; + fido_dev_get_uv_retry_count; + fido_dev_supports_credman. * Hardened Windows build. * Native FreeBSD and NetBSD support. * Use CTAP2 canonical CBOR when combining hmac-secret and credProtect. - Drop 7a17a4e9127fb6df6278f19396760e7d60a5862c.patch - Do not build examples as their build fails * Tue Nov 17 2020 Hans Petter Jansson - Add Conflicts: to supersede version 1.0.0. This is needed for a clean upgrade path on SLE. * Wed Sep 9 2020 Ismail Dönmez - Add 7a17a4e9127fb6df6278f19396760e7d60a5862c.patch from upstream to fix 32bit compilation issues. * Tue Sep 1 2020 Ismail Dönmez - Update to version 1.5.0 * hid_linux: return FIDO_OK if no devices are found. * hid_osx: + repair communication with U2F tokens, gh#166; + reliability fixes. * fido2-{assert,cred}: new options to explicitly toggle UP, UV. * Support for configurable report lengths. * New API calls: + fido_cbor_info_maxcredcntlst + fido_cbor_info_maxcredidlen + fido_cred_aaguid_len + fido_cred_aaguid_ptr + fido_dev_get_touch_begin + fido_dev_get_touch_status * Use COSE_ECDH_ES256 with CTAP_CBOR_CLIENT_PIN; gh#154. * Allow CTAP messages up to 2048 bytes; gh#171. * Ensure we only list USB devices by default. * Fri Jul 24 2020 Stefan Brüns - Cleanup udev rules, trying to use the Debian specific plugdev group fills up the journal. - Make the udev rules package noarch, correct Summary * Fri Jul 3 2020 Ismail Dönmez - Create a udev subpackage and ship the udev rule * Thu Jul 2 2020 Ismail Dönmez - Don't build with hidapi support to fix issues with Yubikey 5Ci https://github.com/Yubico/libfido2/issues/190 * Mon May 25 2020 Ismail Dönmez - Update to version 1.4.0 * hid_hidapi: hidapi backend; enable with -DUSE_HIDAPI=1. * Fall back to U2F if the key claims to, but does not support FIDO2. * FIDO2 credential protection (credprot) support. * New API calls: + fido_cbor_info_fwversion; + fido_cred_prot; + fido_cred_set_prot; + fido_dev_set_transport_functions; + fido_set_log_handler. * Fixed EdDSA and RSA self-attestation. * Sun Mar 1 2020 Marcus Rueckert - Version 1.3.1 - fix zero-ing of le1 and le2 when talking to a U2F device. - dropping sk-libfido2 middleware, please find it in the openssh tree. * Sun Dec 8 2019 Karol Babioch - Version 1.3.0 (2019-11-28) * assert/hmac: encode public key as per spec, gh#60. * fido2-cred: fix creation of resident keys. * fido2-{assert,cred}: support for hmac-secret extension. * hid_osx: detect device removal, gh#56. * hid_osx: fix device detection in MacOS Catalina. * New API calls: - fido_assert_set_authdata_raw; - fido_assert_sigcount; - fido_cred_set_authdata_raw; - fido_dev_cancel. * Middleware library for use by OpenSSH. * Support for biometric enrollment. * Support for OpenBSD. * Support for self-attestation. * Mon Sep 16 2019 simmphonie@opensuse.org - Version 1.2.0 (released 2019-07-26) * Credential management support. * New API reflecting FIDO’s 3-state booleans (true, false, absent): - fido_assert_set_up; - fido_assert_set_uv; - fido_cred_set_rk; - fido_cred_set_uv. * Command-line tools for Windows. * Documentation and reliability fixes. * fido_{assert,cred}_set_options() are now marked as deprecated. * Tue May 28 2019 Karol Babioch - Version 1.1.0 (released 2019-05-08) * EdDSA (Ed25519) support. * fido_dev_make_cred: fix order of CBOR map keys. * fido_dev_get_assert: plug memory leak when operating on U2F devices. * Sat Apr 20 2019 Jan Engelhardt - Use automatic dependency discovery for libfido2-utils -> libfido2-1_0-0. * Tue Apr 16 2019 Karol Babioch - Added Conflicts to libfido2-0_4_0 to make sure upgrade goes smoothly as outline in sr#690566 * Tue Apr 2 2019 Karol Babioch - Split utilities into sub-package libfido2-utils and package man pages correctly (bsc#1131163) * Thu Mar 21 2019 Karol Babioch - Version 1.0.0 (released 2019-03-21) * Native HID support on Linux, MacOS, and Windows. * fido2-{assert,cred}: new -u option to force U2F on dual authenticators. * fido2-assert: support for multiple resident keys with the same RP. * Strict checks for CTAP2 compliance on received CBOR payloads. * Better fuzzing harnesses. * Documentation and reliability fixes. * Wed Jan 9 2019 Karol Babioch - Version 0.4.0 (released 2019-01-07) * fido2-assert: print the user id for resident credentials. * Fix encoding of COSE algorithms when making a credential. * Rework purpose of fido_cred_set_type; no ABI change. * Minor documentation and code fixes. - Dropped patch that is included upstream now: fix-release-build.patch * Mon Oct 1 2018 Karol Babioch - Added patch: * fix-release-build.patch: Disables regression tests as proposed by upstream * Mon Oct 1 2018 Karol Babioch - Applied spec-cleaner * Sun Sep 30 2018 t.gruner@katodev.de - Build package without regression tests - Version 0.3.0 (released 2018-09-11) - Various reliability fixes. - Merged fuzzing instrumentation. - Added regress tests. - Added support for FIDO 2’s hmac-secret extension. - New API calls: * fido_assert_hmac_secret_len; * fido_assert_hmac_secret_ptr; * fido_assert_set_extensions; * fido_assert_set_hmac_salt; * fido_cred_set_extensions; * fido_dev_force_fido2. - Support for native builds with Microsoft Visual Studio 17. * Fri Sep 28 2018 Jan Engelhardt - Fix RPM group. Wrap description. * Thu Jun 21 2018 t.gruner@katodev.de - Version 0.2.0 (released 2018-06-20) - Added command-line tools. - Added a couple of missing get functions. - Version 0.1.1 (released 2018-06-05) - Added documentation. - Added OpenSSL 1.0 support. - Minor fixes. * Sun May 27 2018 t.gruner@katodev.de - update to version 0.1.0 * Mon Apr 30 2018 t.gruner@katodev.de - Initial release version 0_git