diff --git a/gpgkey-01F3D14D.gpg b/gpgkey-01F3D14D.gpg new file mode 100644 index 0000000..98da9e7 Binary files /dev/null and b/gpgkey-01F3D14D.gpg differ diff --git a/libu2f-server-1.0.1.tar.xz b/libu2f-server-1.0.1.tar.xz new file mode 100644 index 0000000..fe64254 --- /dev/null +++ b/libu2f-server-1.0.1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a618f59051209d6d70c24cf42d64c9b67bd7dd5946b6dbd2c649181d7e8f1f6e +size 268648 diff --git a/libu2f-server-1.0.1.tar.xz.sig b/libu2f-server-1.0.1.tar.xz.sig new file mode 100644 index 0000000..c1bad36 Binary files /dev/null and b/libu2f-server-1.0.1.tar.xz.sig differ diff --git a/libu2f-server-1.0.1_add_support_for_upcoming_json_c_0_14_0.patch b/libu2f-server-1.0.1_add_support_for_upcoming_json_c_0_14_0.patch new file mode 100644 index 0000000..f3610a4 --- /dev/null +++ b/libu2f-server-1.0.1_add_support_for_upcoming_json_c_0_14_0.patch @@ -0,0 +1,37 @@ +From f7c4983b31909299c47bf9b2627c84b6bfe225de Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= +Date: Mon, 13 Apr 2020 14:16:20 +0200 +Subject: [PATCH] Add support for upcoming json-c 0.14.0. + +TRUE/FALSE are not defined anymore. 1 and 0 are used instead. +--- + u2f-server/core.c | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/u2f-server/core.c b/u2f-server/core.c +index 2fb325e..895c004 100644 +--- a/u2f-server/core.c ++++ b/u2f-server/core.c +@@ -44,6 +44,19 @@ typedef int json_bool; + #define u2fs_json_object_object_get(obj, key, value) (value = json_object_object_get(obj, key)) == NULL ? (json_bool)FALSE : (json_bool)TRUE + #endif + ++/* json-c 0.13.99 does not define TRUE/FALSE anymore ++ * the json-c maintainers replaced them with pure 1/0 ++ * https://github.com/json-c/json-c/commit/0992aac61f8b ++ */ ++#if defined JSON_C_VERSION_NUM && JSON_C_VERSION_NUM >= ((13 << 8) | 99) ++#ifndef FALSE ++#define FALSE 0 ++#endif ++#ifndef TRUE ++#define TRUE 1 ++#endif ++#endif ++ + static u2fs_rc encode_b64u(const char *data, size_t data_len, char *output) + { + base64_encodestate b64; +-- +2.26.0 + diff --git a/libu2f-server-1.0.1_check_result_json_object.patch b/libu2f-server-1.0.1_check_result_json_object.patch new file mode 100644 index 0000000..7ff0779 --- /dev/null +++ b/libu2f-server-1.0.1_check_result_json_object.patch @@ -0,0 +1,58 @@ +From 72997944d5ee7f165fe04f1ac451d115e97d75e9 Mon Sep 17 00:00:00 2001 +From: Joe Watkins +Date: Sat, 10 Dec 2016 13:34:08 +0000 +Subject: [PATCH] Check the result of the call to serialize json object before + calling strdup + +--- + u2f-server/core.c | 16 ++++++++++++---- + 1 file changed, 12 insertions(+), 4 deletions(-) + +Index: libu2f-server-1.0.1/u2f-server/core.c +=================================================================== +--- libu2f-server-1.0.1.orig/u2f-server/core.c ++++ libu2f-server-1.0.1/u2f-server/core.c +@@ -381,6 +381,7 @@ static int registration_challenge_json(c + struct json_object *json_version = NULL; + struct json_object *json_appid = NULL; + struct json_object *json_output = NULL; ++ const char *json_string = NULL; + + rc = U2FS_JSON_ERROR; + +@@ -402,8 +403,11 @@ static int registration_challenge_json(c + json_object_object_add(json_output, "version", json_version); + json_object_object_add(json_output, "appId", json_appid); + +- *output = strdup(json_object_to_json_string(json_output)); +- if (*output == NULL) ++ json_string = json_object_to_json_string(json_output); ++ ++ if (json_string == NULL) ++ rc = U2FS_JSON_ERROR; ++ else if ((*output = strdup(json_string)) == NULL) + rc = U2FS_MEMORY_ERROR; + else + rc = U2FS_OK; +@@ -951,6 +955,7 @@ static int authentication_challenge_json + struct json_object *json_version = NULL; + struct json_object *json_appid = NULL; + struct json_object *json_output = NULL; ++ const char *json_string = NULL; + + rc = U2FS_JSON_ERROR; + +@@ -976,8 +981,11 @@ static int authentication_challenge_json + json_object_object_add(json_output, "challenge", json_challenge); + json_object_object_add(json_output, "appId", json_appid); + +- *output = strdup(json_object_to_json_string(json_output)); +- if (*output == NULL) ++ json_string = json_object_to_json_string(json_output); ++ ++ if (json_string == NULL) ++ rc = U2FS_JSON_ERROR; ++ else if ((*output = strdup(json_string)) == NULL) + rc = U2FS_MEMORY_ERROR; + else + rc = U2FS_OK; diff --git a/libu2f-server-1.0.1_fix_memory_errors.patch b/libu2f-server-1.0.1_fix_memory_errors.patch new file mode 100644 index 0000000..225b7fb --- /dev/null +++ b/libu2f-server-1.0.1_fix_memory_errors.patch @@ -0,0 +1,52 @@ +From 5d74f88b278ca1df6c69d7328be2a8035ca7976c Mon Sep 17 00:00:00 2001 +From: Joe Watkins +Date: Fri, 9 Dec 2016 14:26:51 +0000 +Subject: [PATCH] valgrind shows memory errors around this code, because the + reference counts of objects are not managed properly + +--- + u2f-server/core.c | 24 +++++++++++++++--------- + 1 file changed, 15 insertions(+), 9 deletions(-) + +Index: libu2f-server-1.0.1/u2f-server/core.c +=================================================================== +--- libu2f-server-1.0.1.orig/u2f-server/core.c ++++ libu2f-server-1.0.1/u2f-server/core.c +@@ -409,10 +409,13 @@ static int registration_challenge_json(c + rc = U2FS_OK; + + done: +- json_object_put(json_challenge); +- json_object_put(json_version); +- json_object_put(json_appid); +- json_object_put(json_output); ++ if (json_output) { ++ json_object_put(json_output); ++ } else { ++ json_object_put(json_challenge); ++ json_object_put(json_version); ++ json_object_put(json_appid); ++ } + + return rc; + } +@@ -980,11 +983,14 @@ static int authentication_challenge_json + rc = U2FS_OK; + + done: +- json_object_put(json_challenge); +- json_object_put(json_key); +- json_object_put(json_version); +- json_object_put(json_appid); +- json_object_put(json_output); ++ if (json_output) { ++ json_object_put(json_output); ++ } else { ++ json_object_put(json_challenge); ++ json_object_put(json_key); ++ json_object_put(json_version); ++ json_object_put(json_appid); ++ } + + return rc; + } diff --git a/libu2f-server-1.0.1_fix_refcount_json_object.patch b/libu2f-server-1.0.1_fix_refcount_json_object.patch new file mode 100644 index 0000000..7e6a976 --- /dev/null +++ b/libu2f-server-1.0.1_fix_refcount_json_object.patch @@ -0,0 +1,61 @@ +diff --git a/u2f-server/core.c b/u2f-server/core.c +index 41af808..da1b286 100644 +--- a/u2f-server/core.c ++++ b/u2f-server/core.c +@@ -399,9 +399,9 @@ static int registration_challenge_json(const char *challenge, + if (json_output == NULL) + goto done; + +- json_object_object_add(json_output, "challenge", json_challenge); +- json_object_object_add(json_output, "version", json_version); +- json_object_object_add(json_output, "appId", json_appid); ++ json_object_object_add(json_output, "challenge", json_object_get(json_challenge)); ++ json_object_object_add(json_output, "version", json_object_get(json_version)); ++ json_object_object_add(json_output, "appId", json_object_get(json_appid)); + + json_string = json_object_to_json_string(json_output); + +@@ -413,13 +413,10 @@ static int registration_challenge_json(const char *challenge, + rc = U2FS_OK; + + done: +- if (json_output) { + json_object_put(json_output); +- } else { + json_object_put(json_challenge); + json_object_put(json_version); + json_object_put(json_appid); +- } + + return rc; + } +@@ -976,10 +973,10 @@ static int authentication_challenge_json(const char *challenge, + if (json_output == NULL) + goto done; + +- json_object_object_add(json_output, "keyHandle", json_key); +- json_object_object_add(json_output, "version", json_version); +- json_object_object_add(json_output, "challenge", json_challenge); +- json_object_object_add(json_output, "appId", json_appid); ++ json_object_object_add(json_output, "keyHandle", json_object_get(json_key)); ++ json_object_object_add(json_output, "version", json_object_get(json_version)); ++ json_object_object_add(json_output, "challenge", json_object_get(json_challenge)); ++ json_object_object_add(json_output, "appId", json_object_get(json_appid)); + + json_string = json_object_to_json_string(json_output); + +@@ -991,14 +988,11 @@ static int authentication_challenge_json(const char *challenge, + rc = U2FS_OK; + + done: +- if (json_output) { + json_object_put(json_output); +- } else { + json_object_put(json_challenge); + json_object_put(json_key); + json_object_put(json_version); + json_object_put(json_appid); +- } + + return rc; + } diff --git a/libu2f-server.spec b/libu2f-server.spec new file mode 100644 index 0000000..79a389a --- /dev/null +++ b/libu2f-server.spec @@ -0,0 +1,167 @@ +Name: libu2f-server +Version: 1.0.1 +Release: 24%{?dist} +Summary: Yubico Universal 2nd Factor (U2F) Server C Library + +License: BSD +URL: https://developers.yubico.com/%{name} +Source0: https://developers.yubico.com/%{name}/Releases/%{name}-%{version}.tar.xz +Source1: https://developers.yubico.com/%{name}/Releases/%{name}-%{version}.tar.xz.sig +Source2: gpgkey-01F3D14D.gpg + +# Picked from upstream +# https://github.com/Yubico/libu2f-server/commit/5d74f88b278ca1df6c69d7328be2a8035ca7976c +Patch0: %{name}-1.0.1_fix_memory_errors.patch +# https://github.com/Yubico/libu2f-server/commit/72997944d5ee7f165fe04f1ac451d115e97d75e9 +Patch1: %{name}-1.0.1_check_result_json_object.patch +# https://github.com/Yubico/libu2f-server/pull/31 +Patch2: %{name}-1.0.1_fix_refcount_json_object.patch +# https://github.com/Yubico/libu2f-server/pull/42 +Patch3: %{name}-1.0.1_add_support_for_upcoming_json_c_0_14_0.patch + +#BuildRequires: json-c-devel openssl-devel check-devel gnupg2 systemd +BuildRequires: gcc +BuildRequires: json-c-devel openssl-devel check-devel systemd +BuildRequires: make + +# Bundled gnulib https://fedorahosted.org/fpc/ticket/174 +Provides: bundled(gnulib) + +%description +This is a C library that implements the server-side of the U2F protocol. More +precisely, it provides an API for generating the JSON blobs required by U2F +devices to perform the U2F Registration and U2F Authentication operations, and +functionality for verifying the cryptographic operations. + +%package -n u2f-server +Summary: Server-side command-line tool for U2F devices +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description -n u2f-server +u2f-server provides a command line tool that implements the server-side of the +U2F protocol. + + +%package devel +Summary: Development files for %{name} +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description devel +This package contains the header files needed to develop applications that +use libu2f-server. + +%global _hardened_build 1 + +%prep +# disable signature verficiation due to gpgv2 bug +# https://bugzilla.redhat.com/show_bug.cgi?id=1292687 +#gpgv2 --quiet --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0} +%autosetup -p 1 + +%build +%configure --disable-rpath --disable-static + +# --disable-rpath doesn't work. +sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool +sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool + +%make_build + +%check +LD_LIBRARY_PATH="$(pwd)/u2f-server/.libs" make check + +%install +%make_install +find %{buildroot} -name '*.la' -exec rm -f {} ';' + +%ldconfig_scriptlets + +%files +%license COPYING +%doc README AUTHORS NEWS THANKS +%{_libdir}/*.so.* + +%files -n u2f-server +%{_bindir}/u2f-server +%{_mandir}/man1/u2f-server.1* + +%files devel +%doc %{_datadir}/gtk-doc/html/u2f-server +%{_libdir}/pkgconfig/*.pc +%{_libdir}/*.so +%{_includedir}/* + +%changelog +* Thu Jan 20 2022 Fedora Release Engineering - 1.0.1-24 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Tue Sep 14 2021 Sahana Prasad - 1.0.1-23 +- Rebuilt with OpenSSL 3.0.0 + +* Thu Jul 22 2021 Fedora Release Engineering - 1.0.1-22 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Sat Jul 10 2021 Björn Esser - 1.0.1-21 +- Rebuild for versioned symbols in json-c + +* Tue Jan 26 2021 Fedora Release Engineering - 1.0.1-20 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Tue Jul 28 2020 Fedora Release Engineering - 1.0.1-19 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Tue Apr 21 2020 Björn Esser - 1.0.1-18 +- Rebuild (json-c) + +* Mon Apr 13 2020 Björn Esser - 1.0.1-17 +- Add support for upcoming json-c 0.14.0 + +* Wed Jan 29 2020 Fedora Release Engineering - 1.0.1-16 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Thu Jul 25 2019 Fedora Release Engineering - 1.0.1-15 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Fri Feb 01 2019 Fedora Release Engineering - 1.0.1-14 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Fri Jul 13 2018 Fedora Release Engineering - 1.0.1-13 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Tue Mar 06 2018 Björn Esser - 1.0.1-12 +- Rebuilt for libjson-c.so.4 (json-c v0.13.1) + +* Wed Feb 07 2018 Fedora Release Engineering - 1.0.1-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Fri Dec 15 2017 Björn Esser - 1.0.1-10 +- Add upstreamed patch for proper refcount on json_objects + +* Wed Dec 13 2017 Björn Esser - 1.0.1-9 +- Add two cherry-picked patches from upstream + +* Sun Dec 10 2017 Björn Esser - 1.0.1-8 +- Rebuilt for libjson-c.so.3 + +* Thu Aug 03 2017 Fedora Release Engineering - 1.0.1-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 1.0.1-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Fri Feb 10 2017 Fedora Release Engineering - 1.0.1-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Thu Feb 4 2016 Seth Jennings - 1.0.1-4 +- disable signature verficiation due to gpgv2 bug + +* Thu Feb 04 2016 Fedora Release Engineering - 1.0.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Tue Oct 27 2015 Seth Jennings - 1.0.1-2 +- Enable _hardened_build +- Remove redundant license from u2f-server package +- More specific path for gtk-doc files + +* Sat Aug 1 2015 Seth Jennings - 1.0.1-1 +- Initial package release.