Release Notes

Copyright (c) 2014-2022 Yubico AB - See COPYING

pam-u2f NEWS — History of user-visible changes. -- outline --

  • Version 1.2.2 (unreleased)

  • Version 1.2.1 (released 2022-05-11)

    • Fixed an issue where native credentials could be truncated, resulting in failure to authenticate or successful authentication with missing options.

    • Stricter parsing of sshformat credentials.

    • pamu2fcfg now allows a combination of the --username and --nouser options.

    • Improved documentation on FIDO2 options.

  • Version 1.2.0 (released 2021-09-22)

    • Added support for EdDSA keys.

    • Added support for SSH ed25519-sk keys.

    • Added authenticator filtering based on user verification options.

    • Fixed an issue with privilege restoration on MacOS.

    • Fixed an issue where credentials created with pamu2fcfg 1.0.8 or earlier were not handled correctly if their origin and appid differed.

    • Miscellaneous improvements to the documentation.

    • Miscellaneous minor bug fixes found by fuzzing.

  • Version 1.1.1 (released 2021-05-19)

    • Fix an issue where PIN authentication could be bypassed (CVE-2021-31924).

    • Fix an issue with nodetect and non-resident credentials.

    • Fix build issues with musl libc.

    • Add support for self-attestation in pamu2fcfg.

    • Fix minor bugs found by fuzzing.

  • Version 1.1.0 (released 2020-09-17)

    • Add support to FIDO2 (move from libu2f-host+libu2f-server to libfido2).

    • Add support to User Verification

    • Add support to PIN Verification

    • Add support to Resident Credentials

    • Add support to SSH credential format

  • Version 1.0.8 (released 2019-06-04)

    • Fix debug file descriptor leak CVE-2019-12210.

    • Fix insecure debug file handling CVE-2019-12209. Both reported by Matthias Gerstner of the SUSE Security Team.

    • Fix a non-critical buffer oob access.

  • Version 1.0.7 (released 2018-05-15)

    • Add authpending_file to signal authentication activity

    • Add nodetect to skip to avoid unnecessary cue messages

  • Version 1.0.6 (released 2018-04-18)

    • Fix an issue when using syslog as a debug facility.

    • Do not honor cue if no sutable device is found.

  • Version 1.0.5 (released 2018-04-16)

    • General bugfixes and quality-of-life improvements.

  • Version 1.0.4 (released 2016-01-07)

    • Fixed possible permission escalation when using XDG_CONFIG_HOME.

  • Version 1.0.3 (released 2015-11-02)

    • Bugfix in pamu2fcfg.

    • Minor improvements for verbose mode in pamu2fcfg.

  • Version 1.0.2 (released 2015-10-06)

    • Changes to automake flags.

    • Improve build on OS X.

  • Version 1.0.1 (released 2015-06-18)

    • Minor changes to man pages and install hooks.

  • Version 1.0.0 (released 2015-06-17)

    • Use XDG_CONFIG_HOME as default for config files.

    • Added manual and interactive mode.

    • Added verbose mode.

  • Version 0.0.1 (released 2015-01-16)

    • Changed failure mode after authentication error.

    • Added call to setcred.

  • Version 0.0.0 (released 2014-12-16)

    • Initial release.