libu2f-host NEWS — History of user visible changes.
Version 1.1.11 (unreleased)
Version 1.1.10 (released 2019-05-15)
Add new devices to udev rules.
Fix a potentially uninitialized buffer.
Version 1.1.9 (released 2019-03-06)
Fix CID copying from the init response. This broke compatibility with some devices.
Version 1.1.8 (released 2019-03-05)
Add udev rules.
Drop 70-old-u2f.rules and use 70-u2f.rules for everything.
Use a random nonce for setting up CID to prevent fingerprinting.
Parse the response to init in a more stable way. The old parser could leak 4 bytes of uninitialized stack back to the device. Reported by Christian Reitter.
Version 1.1.7 (released 2019-01-08)
Fix for trusting length from deivce in device init. Reported by Christian Reitter.
Fix for buffer overflow when receiving data from device.
Add udev rules for some new devices.
Version 1.1.6 (released 2018-05-15)
Change waiting logic on authenticate to allow for faster feedback.
Version 1.1.5 (released 2018-03-07)
Fix refcount when adding json_objects.
Handle fido2 keepalive.
Add udev rules for more devices.
Version 1.1.4 (released 2017-09-01)
Added more u2f devices to the udev rulesets.
Increase buffer size, allowing for bigger certificates.
Add u2f.conf.sample for FreeBSD permission handling.
Version 1.1.3 (released 2016-10-04)
Added more u2f devices to the udev rulesets.
Fixup mac builds.
Version 1.1.2 (released 2016-06-22)
Make authenticate return U2FH_OK if touch is set to not needed. Also minor fixes to error output of authenticate.
Documentation fixes.
Compilation fixes on visual studio.
Add udev rules for Feitian devices.
Add optional cmake build.
Change license of the commandline tool to LGPL 2.1+
Version 1.1.1 (released 2016-03-14)
Use correct index in u2fh_devs_discover()
Fix an issue where we left the authenticate loop early.
Fix an issue where authenticate remembered which devices to skip.
Stop validating the scheme of the origin.
Fixup a crash in u2fh_devs_discover() with closing unplugged devices.
Documentation fixes.
Version 1.1.0 (released 2016-02-15)
Add udev rules for more devices.
Don’t return success when no data is received.
Fix typos.
Make send_apdu send data like chrome does.
Don’t release json object that we don’t own no more.
Don’t do memcmp on uninitialized memory.
Add u2fh_authenticate2() and u2fh_register2().
Remove base64 padding (required by spec).
Use unsigned ints to prevent buffer overflows.
Version 1.0.0 (released 2015-08-27)
Add udev rules for older version of udev.
Add pam:// as an allowed protocol.
Stop using sleep(), use Sleep() on windows and usleep() on others.
Fixup tool name in help and manpage.
Add a timeout to the register and authenticate actions.
Version 0.0.4 (released 2015-01-22)
Add an exponential growing timeout for slow devices (PlugUp).
Version 0.0.3 (released 2015-01-08)
Change license to LGPLv2+ for the library.
Some improvements to internal communication code.
Some debug mode improvements, from Bram Vandoren.
Version 0.0.2 (released 2014-11-28)
Add more devices to udev.
Version 0.0.1 (released 2014-10-29)
Use semantic versioning.
Correct json key for keyHandle in signResponse
Fix the udev rule
Add option to install udev rule
Version 0.0 (released 2014-09-16)
Initial release.