aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGustavo B. Schenkel <gustavo.schenkel@gmail.com>2021-07-10 01:03:46 -0300
committerWilly Sudiarto Raharjo <willysr@slackbuilds.org>2021-07-12 21:45:06 +0700
commitb56677d039adc135740e5f3eee28eef06405d2cd (patch)
tree10204d419b5937d6b386dae49048ef9d87b67af2
parent9453e66b2cff3b29bc4760bfc6d87731457e76fb (diff)
libraries/libu2f-host: Updated for version 1.1.11 (unreleased)
Signed-off-by: Gustavo B. Schenkel <gustavo.schenkel@gmail.com> Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
-rw-r--r--libraries/libu2f-host/README2
-rw-r--r--libraries/libu2f-host/libu2f-host.SlackBuild13
-rw-r--r--libraries/libu2f-host/patches/0001-bump-versions-after-release.patch48
-rw-r--r--libraries/libu2f-host/patches/0002-README-add-FreeBSD-build-information.patch34
-rw-r--r--libraries/libu2f-host/patches/0003-add-note-about-maintenance-mode-and-libfido2.patch28
-rw-r--r--libraries/libu2f-host/patches/0004-libfido2-sync-add-Infineon-eWBM-SecureClick-typo.patch44
-rw-r--r--libraries/libu2f-host/patches/0005-add-two-new-eWBM-and-sort-device-IDs-numerically.patch40
-rw-r--r--libraries/libu2f-host/patches/0006-devs-init_device-Fix-typo-in-comment.patch26
-rw-r--r--libraries/libu2f-host/patches/0007-devs-init_device-Fix-misleading-comment-logical-inve.patch27
-rw-r--r--libraries/libu2f-host/patches/0008-Update-70-u2f.rules-to-include-product-id-0121.patch26
-rw-r--r--libraries/libu2f-host/patches/0009-Update-u2f.conf.sample.patch28
-rw-r--r--libraries/libu2f-host/patches/0010-fixed-the-duplication-typo.patch28
-rw-r--r--libraries/libu2f-host/patches/0011-Add-Onlykey-to-list.patch27
-rw-r--r--libraries/libu2f-host/patches/0012-udev-u2f.conf-add-Nitrokey-FIDO2.patch50
-rw-r--r--libraries/libu2f-host/patches/0013-udev-u2f.conf-add-Safetech-SafeKey.patch48
-rw-r--r--libraries/libu2f-host/patches/0014-udev-u2f.conf-group-to-one-line-as-per-request.patch62
-rw-r--r--libraries/libu2f-host/patches/0015-Adding-a-static-code-analysis-github-workflow.patch51
-rw-r--r--libraries/libu2f-host/patches/0016-Handle-the-case-when-new_device-returns-NULL-malloc-.patch30
-rw-r--r--libraries/libu2f-host/patches/0017-Schedule-scans-at-least-once-a-week.patch29
-rw-r--r--libraries/libu2f-host/patches/0018-Adding-GoTrust-Idem-Key-to-udev-rules.patch44
-rw-r--r--libraries/libu2f-host/patches/0019-Add-support-for-upcoming-json-c-0.14.0.patch39
-rw-r--r--libraries/libu2f-host/patches/0020-additional-Feitian-keys.patch42
-rw-r--r--libraries/libu2f-host/patches/0021-Github-Actions-do-not-run-scan-if-missing-credential.patch62
-rw-r--r--libraries/libu2f-host/patches/0022-Update-scan-action-with-correct-image-fqdn.patch35
-rw-r--r--libraries/libu2f-host/patches/0023-Added-udev-rules-for-MIRKey-devices.patch44
-rw-r--r--libraries/libu2f-host/patches/0024-Update-Ledger-s-productIDs-add-Ledger-Blue.patch34
-rw-r--r--libraries/libu2f-host/patches/0025-Add-deprecation-notice.patch26
27 files changed, 963 insertions, 4 deletions
diff --git a/libraries/libu2f-host/README b/libraries/libu2f-host/README
index 2673e9fda8e3e..93f786eb3f38e 100644
--- a/libraries/libu2f-host/README
+++ b/libraries/libu2f-host/README
@@ -2,3 +2,5 @@ Yubico Universal 2nd Factor (U2F) Host C Library
Libu2f-host provide a C library and command-line tool that implements
the host-side of the U2F protocol.
+
+NOTE: Upstream project is deprecated and no longer maintained.
diff --git a/libraries/libu2f-host/libu2f-host.SlackBuild b/libraries/libu2f-host/libu2f-host.SlackBuild
index 94103fd0ac0c3..314c3ddbfc34c 100644
--- a/libraries/libu2f-host/libu2f-host.SlackBuild
+++ b/libraries/libu2f-host/libu2f-host.SlackBuild
@@ -26,7 +26,8 @@ cd $(dirname $0) ; CWD=$(pwd)
PRGNAM=libu2f-host
SRCNAM=libu2f-host-libu2f-host
-VERSION=${VERSION:-1.1.10}
+VERSION=${VERSION:-1.1.11}
+SRCVERSION=${SRCVERSION:-1.1.10}
BUILD=${BUILD:-1}
TAG=${TAG:-_SBo}
@@ -61,9 +62,9 @@ set -e
rm -rf $PKG
mkdir -p $TMP $PKG $OUTPUT
cd $TMP
-rm -rf $SRCNAM-$VERSION
-tar xvf $CWD/$SRCNAM-$VERSION.tar.gz
-cd $SRCNAM-$VERSION
+rm -rf $SRCNAM-$SRCVERSION
+tar xvf $CWD/$SRCNAM-$SRCVERSION.tar.gz
+cd $SRCNAM-$SRCVERSION
chown -R root:root .
find -L . \
\( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \
@@ -71,6 +72,10 @@ find -L . \
\( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \
-o -perm 440 -o -perm 400 \) -exec chmod 644 {} \;
+for i in $(ls -1 $CWD/patches/); do
+ patch -p1 < $CWD/patches/$i
+done
+
autoreconf -fi
CFLAGS="$SLKCFLAGS" \
CXXFLAGS="$SLKCFLAGS" \
diff --git a/libraries/libu2f-host/patches/0001-bump-versions-after-release.patch b/libraries/libu2f-host/patches/0001-bump-versions-after-release.patch
new file mode 100644
index 0000000000000..87a6c4bab887b
--- /dev/null
+++ b/libraries/libu2f-host/patches/0001-bump-versions-after-release.patch
@@ -0,0 +1,48 @@
+From ef8b0c26df78f5bca48803fa350cf772eef351c8 Mon Sep 17 00:00:00 2001
+From: Klas Lindfors <klas@yubico.com>
+Date: Wed, 15 May 2019 13:57:11 +0200
+Subject: [PATCH 01/25] bump versions after release
+
+Signed-off-by: Gustavo B. Schenkel <gustavo.schenkel@gmail.com>
+---
+ NEWS | 2 ++
+ configure.ac | 4 ++--
+ 2 files changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/NEWS b/NEWS
+index a85d667..fc933b8 100644
+--- a/NEWS
++++ b/NEWS
+@@ -1,5 +1,7 @@
+ libu2f-host NEWS -- History of user visible changes.
+
++* Version 1.1.11 (unreleased)
++
+ * Version 1.1.10 (released 2019-05-15)
+
+ ** Add new devices to udev rules.
+diff --git a/configure.ac b/configure.ac
+index d5251d3..0031f76 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -13,7 +13,7 @@
+ # You should have received a copy of the GNU General Public License
+ # along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+-AC_INIT([libu2f-host], [1.1.10], [yubico-devel@googlegroups.com])
++AC_INIT([libu2f-host], [1.1.11], [yubico-devel@googlegroups.com])
+ AC_CONFIG_MACRO_DIR([m4])
+ AC_CONFIG_HEADERS([config.h])
+ AC_CONFIG_AUX_DIR([build-aux])
+@@ -21,7 +21,7 @@ AC_CONFIG_AUX_DIR([build-aux])
+ # http://www.gnu.org/s/libtool/manual/html_node/Updating-version-info.html
+ AC_SUBST(LT_CURRENT, 1) # Interfaces removed: CURRENT++, AGE=0, REVISION=0
+ AC_SUBST(LT_AGE, 1) # Interfaces added: CURRENT++, AGE++, REVISION=0
+-AC_SUBST(LT_REVISION, 10) # No interfaces changed: REVISION++
++AC_SUBST(LT_REVISION, 11) # No interfaces changed: REVISION++
+
+ AM_INIT_AUTOMAKE([gnits dist-xz no-dist-gzip std-options -Wall])
+ AM_SILENT_RULES([yes])
+--
+2.32.0
+
diff --git a/libraries/libu2f-host/patches/0002-README-add-FreeBSD-build-information.patch b/libraries/libu2f-host/patches/0002-README-add-FreeBSD-build-information.patch
new file mode 100644
index 0000000000000..b58608f06e439
--- /dev/null
+++ b/libraries/libu2f-host/patches/0002-README-add-FreeBSD-build-information.patch
@@ -0,0 +1,34 @@
+From 24c6b57d25ff574ade39bdcbeb5eed2169f4b532 Mon Sep 17 00:00:00 2001
+From: Ed Maste <emaste@freebsd.org>
+Date: Sat, 8 Jun 2019 01:36:29 -0400
+Subject: [PATCH 02/25] README: add FreeBSD build information
+
+Signed-off-by: Gustavo B. Schenkel <gustavo.schenkel@gmail.com>
+---
+ README | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/README b/README
+index e17d0e5..fefc96b 100644
+--- a/README
++++ b/README
+@@ -177,6 +177,16 @@ Both of these require that a release tarball of the project exists in the
+ current directory. The value of the VERSION variable must match the version
+ on that tarball.
+
++Building from Git works on FreeBSD (excluding documentation), using gmake.
++Dependencies may be installed via:
++
++ # pkg install gengetopt help2man hidapi json-c u2f-devd
++
++And then configure and build using:
++
++ $ ./configure --disable-gtk-doc
++ $ gmake
++
+ Namespaces
+ ----------
+
+--
+2.32.0
+
diff --git a/libraries/libu2f-host/patches/0003-add-note-about-maintenance-mode-and-libfido2.patch b/libraries/libu2f-host/patches/0003-add-note-about-maintenance-mode-and-libfido2.patch
new file mode 100644
index 0000000000000..18ef3adfb5d95
--- /dev/null
+++ b/libraries/libu2f-host/patches/0003-add-note-about-maintenance-mode-and-libfido2.patch
@@ -0,0 +1,28 @@
+From 08e32414f36b902127d679f55d439816e33dc0dc Mon Sep 17 00:00:00 2001
+From: Klas Lindfors <klas@yubico.com>
+Date: Mon, 10 Jun 2019 12:08:33 +0200
+Subject: [PATCH 03/25] add note about maintenance mode and libfido2
+
+Signed-off-by: Gustavo B. Schenkel <gustavo.schenkel@gmail.com>
+---
+ README | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/README b/README
+index e17d0e5..bc0c2fb 100644
+--- a/README
++++ b/README
+@@ -10,6 +10,10 @@ device and perform the U2F Register and U2F Authenticate operations.
+ For the server-side aspect, see our
+ https://developers.yubico.com/libu2f-server/[libu2f-server project].
+
++NOTE: This project is in maintenance mode,
++https://developers.yubico.com/libfido2/[libfido2] is a new project with
++support for U2F and FIDO2.
++
+ License
+ -------
+
+--
+2.32.0
+
diff --git a/libraries/libu2f-host/patches/0004-libfido2-sync-add-Infineon-eWBM-SecureClick-typo.patch b/libraries/libu2f-host/patches/0004-libfido2-sync-add-Infineon-eWBM-SecureClick-typo.patch
new file mode 100644
index 0000000000000..71c0947d765c2
--- /dev/null
+++ b/libraries/libu2f-host/patches/0004-libfido2-sync-add-Infineon-eWBM-SecureClick-typo.patch
@@ -0,0 +1,44 @@
+From 8c6c67da3a843e66a9149c7810bbc8f0b69099a1 Mon Sep 17 00:00:00 2001
+From: Royce Williams <royce@techsolvency.com>
+Date: Tue, 16 Jul 2019 06:12:44 -0800
+Subject: [PATCH 04/25] libfido2 sync: add Infineon, eWBM; SecureClick typo
+
+Signed-off-by: Gustavo B. Schenkel <gustavo.schenkel@gmail.com>
+---
+ 70-u2f.rules | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/70-u2f.rules b/70-u2f.rules
+index 8ab5bcf..10aa977 100644
+--- a/70-u2f.rules
++++ b/70-u2f.rules
+@@ -37,7 +37,7 @@ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="24dc", ATTRS{idProduct
+ # U2F Zero
+ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="8acf", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+
+-# VASCO SeccureClick
++# VASCO SecureClick
+ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1a44", ATTRS{idProduct}=="00bb", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+
+ # Bluink Key
+@@ -62,6 +62,9 @@ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1209", ATTRS{idProduct
+ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="534c", ATTRS{idProduct}=="0001", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="53c1", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+
++# Infineon FIDO
++KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="058b", ATTRS{idProduct}=="022d", TAG+="uaccess", GROUP="plugdev", MODE="0660"
++
+ # Ledger Nano S and Nano X
+ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="2c97", ATTRS{idProduct}=="0001|0004", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+
+@@ -71,4 +74,7 @@ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="06cb", ATTRS{idProduct
+ # Longmai mFIDO
+ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="4c4d", ATTRS{idProduct}=="f703", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+
++# eWBM FIDO2 - Goldengate 450, Goldengate 500 + biometric
++KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="311f", ATTRS{idProduct}=="f47c|5c2f", TAG+="uaccess", GROUP="plugdev", MODE="0660"
++
+ LABEL="u2f_end"
+--
+2.32.0
+
diff --git a/libraries/libu2f-host/patches/0005-add-two-new-eWBM-and-sort-device-IDs-numerically.patch b/libraries/libu2f-host/patches/0005-add-two-new-eWBM-and-sort-device-IDs-numerically.patch
new file mode 100644
index 0000000000000..489a2e445eaba
--- /dev/null
+++ b/libraries/libu2f-host/patches/0005-add-two-new-eWBM-and-sort-device-IDs-numerically.patch
@@ -0,0 +1,40 @@
+From 4218f6b8b974c954b54065591259a0c967f87570 Mon Sep 17 00:00:00 2001
+From: Royce Williams <royce@techsolvency.com>
+Date: Sat, 17 Aug 2019 14:23:40 -0800
+Subject: [PATCH 05/25] add two new eWBM, and sort device IDs numerically
+
+Signed-off-by: Gustavo B. Schenkel <gustavo.schenkel@gmail.com>
+---
+ 70-u2f.rules | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/70-u2f.rules b/70-u2f.rules
+index 10aa977..40506d8 100644
+--- a/70-u2f.rules
++++ b/70-u2f.rules
+@@ -25,10 +25,10 @@ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="2581", ATTRS{idProduct
+ # Neowave Keydo and Keydo AES
+ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1e0d", ATTRS{idProduct}=="f1d0|f1ae", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+
+-# HyperSecu HyperFIDO, KeyID U2F
++# HyperSecu HyperFIDO
+ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="096e|2ccf", ATTRS{idProduct}=="0880", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+
+-# Feitian ePass FIDO, BioPass FIDO2, KeyID U2F
++# Feitian ePass FIDO, BioPass FIDO2
+ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="096e", ATTRS{idProduct}=="0850|0852|0853|0854|0856|0858|085a|085b|085d", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+
+ # JaCarta U2F
+@@ -74,7 +74,7 @@ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="06cb", ATTRS{idProduct
+ # Longmai mFIDO
+ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="4c4d", ATTRS{idProduct}=="f703", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+
+-# eWBM FIDO2 - Goldengate 450, Goldengate 500 + biometric
+-KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="311f", ATTRS{idProduct}=="f47c|5c2f", TAG+="uaccess", GROUP="plugdev", MODE="0660"
++# eWBM FIDO2 - Goldengate 310, 320, 500, 450
++KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="311f", ATTRS{idProduct}=="4a1a|4c2a|5c2f|f47c", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+
+ LABEL="u2f_end"
+--
+2.32.0
+
diff --git a/libraries/libu2f-host/patches/0006-devs-init_device-Fix-typo-in-comment.patch b/libraries/libu2f-host/patches/0006-devs-init_device-Fix-typo-in-comment.patch
new file mode 100644
index 0000000000000..626ea52997161
--- /dev/null
+++ b/libraries/libu2f-host/patches/0006-devs-init_device-Fix-typo-in-comment.patch
@@ -0,0 +1,26 @@
+From aa981b17b84348e9421cae4b74527aad149c2017 Mon Sep 17 00:00:00 2001
+From: Nicolas Braud-Santoni <nicolas@braud-santoni.eu>
+Date: Fri, 30 Aug 2019 12:20:32 +0200
+Subject: [PATCH 06/25] devs/init_device: Fix typo in comment
+
+Signed-off-by: Gustavo B. Schenkel <gustavo.schenkel@gmail.com>
+---
+ u2f-host/devs.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/u2f-host/devs.c b/u2f-host/devs.c
+index fadd3ce..f10048f 100644
+--- a/u2f-host/devs.c
++++ b/u2f-host/devs.c
+@@ -303,7 +303,7 @@ init_device (u2fh_devs * devs, struct u2fdevice *dev)
+ &resplen) == U2FH_OK)
+ {
+ int offs = sizeof (nonce);
+- /* the response has to be atleast 17 bytes, if it's more we discard that */
++ /* the response has to be at least 17 bytes, if it's more we discard that */
+ if (resplen < 17)
+ {
+ return U2FH_SIZE_ERROR;
+--
+2.32.0
+
diff --git a/libraries/libu2f-host/patches/0007-devs-init_device-Fix-misleading-comment-logical-inve.patch b/libraries/libu2f-host/patches/0007-devs-init_device-Fix-misleading-comment-logical-inve.patch
new file mode 100644
index 0000000000000..060b405907e28
--- /dev/null
+++ b/libraries/libu2f-host/patches/0007-devs-init_device-Fix-misleading-comment-logical-inve.patch
@@ -0,0 +1,27 @@
+From 3b8cf649c04e484d9162ab9325a4aa064df1f2ee Mon Sep 17 00:00:00 2001
+From: Nicolas Braud-Santoni <nicolas@braud-santoni.eu>
+Date: Fri, 30 Aug 2019 12:21:13 +0200
+Subject: [PATCH 07/25] devs/init_device: Fix misleading comment (logical
+ inversion)
+
+Signed-off-by: Gustavo B. Schenkel <gustavo.schenkel@gmail.com>
+---
+ u2f-host/devs.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/u2f-host/devs.c b/u2f-host/devs.c
+index f10048f..aa76c9f 100644
+--- a/u2f-host/devs.c
++++ b/u2f-host/devs.c
+@@ -303,7 +303,7 @@ init_device (u2fh_devs * devs, struct u2fdevice *dev)
+ &resplen) == U2FH_OK)
+ {
+ int offs = sizeof (nonce);
+- /* the response has to be at least 17 bytes, if it's more we discard that */
++ /* the response has to be at least 17 bytes, if it's less we discard it */
+ if (resplen < 17)
+ {
+ return U2FH_SIZE_ERROR;
+--
+2.32.0
+
diff --git a/libraries/libu2f-host/patches/0008-Update-70-u2f.rules-to-include-product-id-0121.patch b/libraries/libu2f-host/patches/0008-Update-70-u2f.rules-to-include-product-id-0121.patch
new file mode 100644
index 0000000000000..cab5348a02613
--- /dev/null
+++ b/libraries/libu2f-host/patches/0008-Update-70-u2f.rules-to-include-product-id-0121.patch
@@ -0,0 +1,26 @@
+From bf3a625d846e22ff0ac3abac386781e0c09ffcab Mon Sep 17 00:00:00 2001
+From: Jason Cawood <jasoncawood@gmail.com>
+Date: Thu, 24 Oct 2019 16:14:27 -0700
+Subject: [PATCH 08/25] Update 70-u2f.rules to include product id 0121
+
+Signed-off-by: Gustavo B. Schenkel <gustavo.schenkel@gmail.com>
+---
+ 70-u2f.rules | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/70-u2f.rules b/70-u2f.rules
+index 40506d8..c2babc4 100644
+--- a/70-u2f.rules
++++ b/70-u2f.rules
+@@ -17,7 +17,7 @@
+ ACTION!="add|change", GOTO="u2f_end"
+
+ # Yubico YubiKey
+-KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0113|0114|0115|0116|0120|0200|0402|0403|0406|0407|0410", TAG+="uaccess", GROUP="plugdev", MODE="0660"
++KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0113|0114|0115|0116|0120|0121|0200|0402|0403|0406|0407|0410", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+
+ # Happlink (formerly Plug-Up) Security KEY
+ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="2581", ATTRS{idProduct}=="f1d0", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+--
+2.32.0
+
diff --git a/libraries/libu2f-host/patches/0009-Update-u2f.conf.sample.patch b/libraries/libu2f-host/patches/0009-Update-u2f.conf.sample.patch
new file mode 100644
index 0000000000000..62fbb2866dee6
--- /dev/null
+++ b/libraries/libu2f-host/patches/0009-Update-u2f.conf.sample.patch
@@ -0,0 +1,28 @@
+From 452c52b11a3a8e54b9e63397c9fcd645f3a3a6fb Mon Sep 17 00:00:00 2001
+From: Jason Cawood <jasoncawood@gmail.com>
+Date: Thu, 24 Oct 2019 16:22:55 -0700
+Subject: [PATCH 09/25] Update u2f.conf.sample
+
+This is to match the changes from commit bf3a625d846e22ff0ac3abac386781e0c09ffcab
+
+Signed-off-by: Gustavo B. Schenkel <gustavo.schenkel@gmail.com>
+---
+ u2f.conf.sample | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/u2f.conf.sample b/u2f.conf.sample
+index 7e685d0..040b5c2 100644
+--- a/u2f.conf.sample
++++ b/u2f.conf.sample
+@@ -6,7 +6,7 @@ notify 100 {
+ match "subsystem" "DEVICE";
+ match "type" "ATTACH";
+ match "vendor" "0x1050";
+- match "product" "(0x0113|0x0114|0x0115|0x0116|0x0120|0x0200|0x0402|0x0403|0x0406|0x0407|0x0410)";
++ match "product" "(0x0113|0x0114|0x0115|0x0116|0x0120|0x0120|0x0200|0x0402|0x0403|0x0406|0x0407|0x0410)";
+ action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev";
+ };
+
+--
+2.32.0
+
diff --git a/libraries/libu2f-host/patches/0010-fixed-the-duplication-typo.patch b/libraries/libu2f-host/patches/0010-fixed-the-duplication-typo.patch
new file mode 100644
index 0000000000000..d9fde6174f66e
--- /dev/null
+++ b/libraries/libu2f-host/patches/0010-fixed-the-duplication-typo.patch
@@ -0,0 +1,28 @@
+From ff8cfbe1e992cfd40c01541324c6f0155da26775 Mon Sep 17 00:00:00 2001
+From: Jason Cawood <jasoncawood@gmail.com>
+Date: Thu, 24 Oct 2019 21:08:44 -0700
+Subject: [PATCH 10/25] fixed the duplication typo.
+
+I meant to update the file to include the new product id, but hastily included the id 0120 twice. This corrects that error and includes 0121
+
+Signed-off-by: Gustavo B. Schenkel <gustavo.schenkel@gmail.com>
+---
+ u2f.conf.sample | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/u2f.conf.sample b/u2f.conf.sample
+index 040b5c2..6d89540 100644
+--- a/u2f.conf.sample
++++ b/u2f.conf.sample
+@@ -6,7 +6,7 @@ notify 100 {
+ match "subsystem" "DEVICE";
+ match "type" "ATTACH";
+ match "vendor" "0x1050";
+- match "product" "(0x0113|0x0114|0x0115|0x0116|0x0120|0x0120|0x0200|0x0402|0x0403|0x0406|0x0407|0x0410)";
++ match "product" "(0x0113|0x0114|0x0115|0x0116|0x0120|0x0121|0x0200|0x0402|0x0403|0x0406|0x0407|0x0410)";
+ action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev";
+ };
+
+--
+2.32.0
+
diff --git a/libraries/libu2f-host/patches/0011-Add-Onlykey-to-list.patch b/libraries/libu2f-host/patches/0011-Add-Onlykey-to-list.patch
new file mode 100644
index 0000000000000..ab90dd93cf0f9
--- /dev/null
+++ b/libraries/libu2f-host/patches/0011-Add-Onlykey-to-list.patch
@@ -0,0 +1,27 @@
+From 5804827db7040f6e26926cd04ac2960521ef489f Mon Sep 17 00:00:00 2001
+From: onlykey <onlykey@users.noreply.github.com>
+Date: Fri, 15 Nov 2019 15:43:18 -0500
+Subject: [PATCH 11/25] Add Onlykey to list
+
+Found a reference to these rules while adding OnlyKey to another set of rules here - https://github.com/snapcore/snapd/blob/master/interfaces/builtin/u2f_devices.go
+
+Signed-off-by: Gustavo B. Schenkel <gustavo.schenkel@gmail.com>
+---
+ 70-u2f.rules | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/70-u2f.rules b/70-u2f.rules
+index 40506d8..1479b9a 100644
+--- a/70-u2f.rules
++++ b/70-u2f.rules
+@@ -77,4 +77,7 @@ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="4c4d", ATTRS{idProduct
+ # eWBM FIDO2 - Goldengate 310, 320, 500, 450
+ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="311f", ATTRS{idProduct}=="4a1a|4c2a|5c2f|f47c", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+
++# OnlyKey (FIDO2 / U2F)
++KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1d50", ATTRS{idProduct}=="60fc", TAG+="uaccess", GROUP="plugdev", MODE="0660"
++
+ LABEL="u2f_end"
+--
+2.32.0
+
diff --git a/libraries/libu2f-host/patches/0012-udev-u2f.conf-add-Nitrokey-FIDO2.patch b/libraries/libu2f-host/patches/0012-udev-u2f.conf-add-Nitrokey-FIDO2.patch
new file mode 100644
index 0000000000000..39035464f0755
--- /dev/null
+++ b/libraries/libu2f-host/patches/0012-udev-u2f.conf-add-Nitrokey-FIDO2.patch
@@ -0,0 +1,50 @@
+From f6a895030fc38b311b336bbbf0a101b7055b2bf5 Mon Sep 17 00:00:00 2001
+From: Szczepan Zalega <szczepan@nitrokey.com>
+Date: Thu, 28 Nov 2019 18:06:07 +0100
+Subject: [PATCH 12/25] udev/u2f.conf: add Nitrokey FIDO2
+
+Signed-off-by: Gustavo B. Schenkel <gustavo.schenkel@gmail.com>
+---
+ 70-u2f.rules | 5 +++--
+ u2f.conf.sample | 4 ++--
+ 2 files changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/70-u2f.rules b/70-u2f.rules
+index c4d836e..2884456 100644
+--- a/70-u2f.rules
++++ b/70-u2f.rules
+@@ -46,8 +46,9 @@ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="2abe", ATTRS{idProduct
+ # Thetis Key
+ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1ea8", ATTRS{idProduct}=="f025", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+
+-# Nitrokey FIDO U2F
+-KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="20a0", ATTRS{idProduct}=="4287", TAG+="uaccess", GROUP="plugdev", MODE="0660"
++# Nitrokey FIDO U2F, Nitrokey FIDO2
++KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="20a0", ATTRS{idProduct}=="4287|42b1", TAG+="uaccess", GROUP="plugdev", MODE="0660"
++
+
+ # Google Titan U2F
+ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="18d1", ATTRS{idProduct}=="5026", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+diff --git a/u2f.conf.sample b/u2f.conf.sample
+index 6d89540..7c4e38b 100644
+--- a/u2f.conf.sample
++++ b/u2f.conf.sample
+@@ -100,13 +100,13 @@ notify 100 {
+ action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev";
+ };
+
+-# Nitrokey FIDO U2F
++# Nitrokey FIDO U2F, Nitrokey FIDO2
+ notify 100 {
+ match "system" "USB";
+ match "subsystem" "DEVICE";
+ match "type" "ATTACH";
+ match "vendor" "0x20a0";
+- match "product" "0x4287";
++ match "product" "(0x4287|0x42b1)";
+ action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev";
+ };
+
+--
+2.32.0
+
diff --git a/libraries/libu2f-host/patches/0013-udev-u2f.conf-add-Safetech-SafeKey.patch b/libraries/libu2f-host/patches/0013-udev-u2f.conf-add-Safetech-SafeKey.patch
new file mode 100644
index 0000000000000..ab82c3f0e77d1
--- /dev/null
+++ b/libraries/libu2f-host/patches/0013-udev-u2f.conf-add-Safetech-SafeKey.patch
@@ -0,0 +1,48 @@
+From db42c388554a4179c0a839722754c530096a8484 Mon Sep 17 00:00:00 2001
+From: Szczepan Zalega <szczepan@nitrokey.com>
+Date: Thu, 28 Nov 2019 18:06:26 +0100
+Subject: [PATCH 13/25] udev/u2f.conf: add Safetech SafeKey
+
+Signed-off-by: Gustavo B. Schenkel <gustavo.schenkel@gmail.com>
+---
+ 70-u2f.rules | 2 ++
+ u2f.conf.sample | 10 ++++++++++
+ 2 files changed, 12 insertions(+)
+
+diff --git a/70-u2f.rules b/70-u2f.rules
+index 2884456..3688c72 100644
+--- a/70-u2f.rules
++++ b/70-u2f.rules
+@@ -49,6 +49,8 @@ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1ea8", ATTRS{idProduct
+ # Nitrokey FIDO U2F, Nitrokey FIDO2
+ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="20a0", ATTRS{idProduct}=="4287|42b1", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+
++# Safetech SafeKey
++KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="20a0", ATTRS{idProduct}=="42b3", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+
+ # Google Titan U2F
+ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="18d1", ATTRS{idProduct}=="5026", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+diff --git a/u2f.conf.sample b/u2f.conf.sample
+index 7c4e38b..0955ba5 100644
+--- a/u2f.conf.sample
++++ b/u2f.conf.sample
+@@ -110,6 +110,16 @@ notify 100 {
+ action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev";
+ };
+
++# Safetech SafeKey
++notify 100 {
++ match "system" "USB";
++ match "subsystem" "DEVICE";
++ match "type" "ATTACH";
++ match "vendor" "0x20a0";
++ match "product" "0x42b3";
++ action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev";
++};
++
+ # Google Titan U2F
+ notify 100 {
+ match "system" "USB";
+--
+2.32.0
+
diff --git a/libraries/libu2f-host/patches/0014-udev-u2f.conf-group-to-one-line-as-per-request.patch b/libraries/libu2f-host/patches/0014-udev-u2f.conf-group-to-one-line-as-per-request.patch
new file mode 100644
index 0000000000000..92460be8d6ae0
--- /dev/null
+++ b/libraries/libu2f-host/patches/0014-udev-u2f.conf-group-to-one-line-as-per-request.patch
@@ -0,0 +1,62 @@
+From 003eabece00a9e5ff950af078500fa7a65d74943 Mon Sep 17 00:00:00 2001
+From: Szczepan Zalega <szczepan@nitrokey.com>
+Date: Fri, 29 Nov 2019 10:58:32 +0100
+Subject: [PATCH 14/25] udev/u2f.conf: group to one line as per request
+
+Signed-off-by: Gustavo B. Schenkel <gustavo.schenkel@gmail.com>
+---
+ 70-u2f.rules | 7 ++-----
+ u2f.conf.sample | 14 ++------------
+ 2 files changed, 4 insertions(+), 17 deletions(-)
+
+diff --git a/70-u2f.rules b/70-u2f.rules
+index 3688c72..32e2b93 100644
+--- a/70-u2f.rules
++++ b/70-u2f.rules
+@@ -46,11 +46,8 @@ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="2abe", ATTRS{idProduct
+ # Thetis Key
+ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1ea8", ATTRS{idProduct}=="f025", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+
+-# Nitrokey FIDO U2F, Nitrokey FIDO2
+-KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="20a0", ATTRS{idProduct}=="4287|42b1", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+-
+-# Safetech SafeKey
+-KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="20a0", ATTRS{idProduct}=="42b3", TAG+="uaccess", GROUP="plugdev", MODE="0660"
++# Nitrokey FIDO U2F, Nitrokey FIDO2, Safetech SafeKey
++KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="20a0", ATTRS{idProduct}=="4287|42b1|42b3", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+
+ # Google Titan U2F
+ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="18d1", ATTRS{idProduct}=="5026", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+diff --git a/u2f.conf.sample b/u2f.conf.sample
+index 0955ba5..9d91df7 100644
+--- a/u2f.conf.sample
++++ b/u2f.conf.sample
+@@ -100,23 +100,13 @@ notify 100 {
+ action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev";
+ };
+
+-# Nitrokey FIDO U2F, Nitrokey FIDO2
++# Nitrokey FIDO U2F, Nitrokey FIDO2, Safetech SafeKey
+ notify 100 {
+ match "system" "USB";
+ match "subsystem" "DEVICE";
+ match "type" "ATTACH";
+ match "vendor" "0x20a0";
+- match "product" "(0x4287|0x42b1)";
+- action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev";
+-};
+-
+-# Safetech SafeKey
+-notify 100 {
+- match "system" "USB";
+- match "subsystem" "DEVICE";
+- match "type" "ATTACH";
+- match "vendor" "0x20a0";
+- match "product" "0x42b3";
++ match "product" "(0x4287|0x42b1|0x42b3)";
+ action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev";
+ };
+
+--
+2.32.0
+
diff --git a/libraries/libu2f-host/patches/0015-Adding-a-static-code-analysis-github-workflow.patch b/libraries/libu2f-host/patches/0015-Adding-a-static-code-analysis-github-workflow.patch
new file mode 100644
index 0000000000000..0e33bc90f1e50
--- /dev/null
+++ b/libraries/libu2f-host/patches/0015-Adding-a-static-code-analysis-github-workflow.patch
@@ -0,0 +1,51 @@
+From ec539302876c4ab05ae0438ca4e575968270526b Mon Sep 17 00:00:00 2001
+From: Gabriel Kihlman <g.kihlman@yubico.com>
+Date: Tue, 17 Dec 2019 15:16:44 +0100
+Subject: [PATCH 15/25] Adding a static code analysis github workflow
+
+Signed-off-by: Gustavo B. Schenkel <gustavo.schenkel@gmail.com>
+---
+ .github/workflows/scan.yml | 31 +++++++++++++++++++++++++++++++
+ 1 file changed, 31 insertions(+)
+ create mode 100644 .github/workflows/scan.yml
+
+diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
+new file mode 100644
+index 0000000..f8e54a1
+--- /dev/null
++++ b/.github/workflows/scan.yml
+@@ -0,0 +1,31 @@
++name: static code analysis
++
++on: [push]
++env:
++ SCAN_IMG:
++ yes-docker-local.artifactory.in.yubico.org/static-code-analysis/c:v1
++
++jobs:
++ build:
++ runs-on: ubuntu-latest
++
++ steps:
++ - uses: actions/checkout@master
++
++ - name: Prep scan
++ run: |
++ docker login yes-docker-local.artifactory.in.yubico.org/ \
++ -u svc-static-code-analysis-reader \
++ -p ${{ secrets.ARTIFACTORY_READER_TOKEN }}
++ docker pull ${SCAN_IMG}
++
++ - name: Scan but do not fail on warnings
++ run: |
++ docker run -v${PWD}:/k -e COMPILE_DEPS="${COMPILE_DEPS}" \
++ -e PROJECT_NAME=${GITHUB_REPOSITORY#Yubico/} -t ${SCAN_IMG} || true
++
++ - uses: actions/upload-artifact@master
++ if: failure()
++ with:
++ name: suppression_files
++ path: suppression_files
+--
+2.32.0
+
diff --git a/libraries/libu2f-host/patches/0016-Handle-the-case-when-new_device-returns-NULL-malloc-.patch b/libraries/libu2f-host/patches/0016-Handle-the-case-when-new_device-returns-NULL-malloc-.patch
new file mode 100644
index 0000000000000..d85161cd25b28
--- /dev/null
+++ b/libraries/libu2f-host/patches/0016-Handle-the-case-when-new_device-returns-NULL-malloc-.patch
@@ -0,0 +1,30 @@
+From d944fafe8cee766e5c3c601a16797b890420802c Mon Sep 17 00:00:00 2001
+From: Gabriel Kihlman <g.kihlman@yubico.com>
+Date: Wed, 18 Dec 2019 12:34:30 +0100
+Subject: [PATCH 16/25] Handle the case when new_device() returns NULL (malloc
+ failure)
+
+Signed-off-by: Gustavo B. Schenkel <gustavo.schenkel@gmail.com>
+---
+ u2f-host/devs.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/u2f-host/devs.c b/u2f-host/devs.c
+index aa76c9f..7650743 100644
+--- a/u2f-host/devs.c
++++ b/u2f-host/devs.c
+@@ -435,6 +435,11 @@ u2fh_devs_discover (u2fh_devs * devs, unsigned *max_index)
+ if (usage_page == FIDO_USAGE_PAGE && usage == FIDO_USAGE_U2FHID)
+ {
+ dev = new_device (devs);
++ if (dev == NULL)
++ {
++ res = U2FH_MEMORY_ERROR;
++ goto out;
++ }
+ dev->devh = hid_open_path (cur_dev->path);
+ if (dev->devh != NULL)
+ {
+--
+2.32.0
+
diff --git a/libraries/libu2f-host/patches/0017-Schedule-scans-at-least-once-a-week.patch b/libraries/libu2f-host/patches/0017-Schedule-scans-at-least-once-a-week.patch
new file mode 100644
index 0000000000000..6af583f0f222b
--- /dev/null
+++ b/libraries/libu2f-host/patches/0017-Schedule-scans-at-least-once-a-week.patch
@@ -0,0 +1,29 @@
+From 03f474d741e654d7ca3f6753f7e9ed8132dacdd7 Mon Sep 17 00:00:00 2001
+From: Gabriel Kihlman <g.kihlman@yubico.com>
+Date: Fri, 10 Jan 2020 12:42:23 +0100
+Subject: [PATCH 17/25] Schedule scans at least once a week
+
+Signed-off-by: Gustavo B. Schenkel <gustavo.schenkel@gmail.com>
+---
+ .github/workflows/scan.yml | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
+index f8e54a1..ec6ba52 100644
+--- a/.github/workflows/scan.yml
++++ b/.github/workflows/scan.yml
+@@ -1,6 +1,10 @@
+ name: static code analysis
+
+-on: [push]
++on:
++ push:
++ schedule:
++ - cron: '0 0 * * 1'
++
+ env:
+ SCAN_IMG:
+ yes-docker-local.artifactory.in.yubico.org/static-code-analysis/c:v1
+--
+2.32.0
+
diff --git a/libraries/libu2f-host/patches/0018-Adding-GoTrust-Idem-Key-to-udev-rules.patch b/libraries/libu2f-host/patches/0018-Adding-GoTrust-Idem-Key-to-udev-rules.patch
new file mode 100644
index 0000000000000..61e16b0e8fdf5
--- /dev/null
+++ b/libraries/libu2f-host/patches/0018-Adding-GoTrust-Idem-Key-to-udev-rules.patch
@@ -0,0 +1,44 @@
+From cb2fc30b6f3622a4f35d84714bd89091809d7f7f Mon Sep 17 00:00:00 2001
+From: Brad Israel <bisrael8191@gmail.com>
+Date: Wed, 15 Jan 2020 22:27:53 -0500
+Subject: [PATCH 18/25] Adding GoTrust Idem Key to udev rules
+
+Signed-off-by: Gustavo B. Schenkel <gustavo.schenkel@gmail.com>
+---
+ 70-u2f.rules | 3 +++
+ u2f.conf.sample | 10 ++++++++++
+ 2 files changed, 13 insertions(+)
+
+diff --git a/70-u2f.rules b/70-u2f.rules
+index 32e2b93..4ef1096 100644
+--- a/70-u2f.rules
++++ b/70-u2f.rules
+@@ -80,4 +80,7 @@ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="311f", ATTRS{idProduct
+ # OnlyKey (FIDO2 / U2F)
+ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1d50", ATTRS{idProduct}=="60fc", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+
++# GoTrust Idem Key
++KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1fc9", ATTRS{idProduct}=="f143", TAG+="uaccess", GROUP="plugdev", MODE="0660"
++
+ LABEL="u2f_end"
+diff --git a/u2f.conf.sample b/u2f.conf.sample
+index 9d91df7..b796d3f 100644
+--- a/u2f.conf.sample
++++ b/u2f.conf.sample
+@@ -139,3 +139,13 @@ notify 100 {
+ match "product" "(0x5070|0x50b0)";
+ action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev";
+ };
++
++# GoTrust Idem Key
++notify 100 {
++ match "system" "USB";
++ match "subsystem" "DEVICE";
++ match "type" "ATTACH";
++ match "vendor" "0x1fc9";
++ match "product" "0xf143";
++ action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev";
++};
+--
+2.32.0
+
diff --git a/libraries/libu2f-host/patches/0019-Add-support-for-upcoming-json-c-0.14.0.patch b/libraries/libu2f-host/patches/0019-Add-support-for-upcoming-json-c-0.14.0.patch
new file mode 100644
index 0000000000000..bd1ec91551490
--- /dev/null
+++ b/libraries/libu2f-host/patches/0019-Add-support-for-upcoming-json-c-0.14.0.patch
@@ -0,0 +1,39 @@
+From 840f01135d2892f45e71b9e90405de587991bd03 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org>
+Date: Mon, 13 Apr 2020 14:12:25 +0200
+Subject: [PATCH 19/25] Add support for upcoming json-c 0.14.0.
+
+TRUE/FALSE are not defined anymore. 1 and 0 are used instead.
+
+Signed-off-by: Gustavo B. Schenkel <gustavo.schenkel@gmail.com>
+---
+ u2f-host/u2fmisc.c | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/u2f-host/u2fmisc.c b/u2f-host/u2fmisc.c
+index e40ca3d..5a032ce 100644
+--- a/u2f-host/u2fmisc.c
++++ b/u2f-host/u2fmisc.c
+@@ -33,6 +33,19 @@ typedef int json_bool;
+ #define u2fh_json_object_object_get(obj, key, value) (value = json_object_object_get(obj, key)) == NULL ? (json_bool)FALSE : (json_bool)TRUE
+ #endif
+
++/* json-c 0.13.99 does not define TRUE/FALSE anymore
++ * the json-c maintainers replaced them with pure 1/0
++ * https://github.com/json-c/json-c/commit/0992aac61f8b
++ */
++#if defined JSON_C_VERSION_NUM && JSON_C_VERSION_NUM >= ((13 << 8) | 99)
++#ifndef FALSE
++#define FALSE 0
++#endif
++#ifndef TRUE
++#define TRUE 1
++#endif
++#endif
++
+ static void
+ dumpHex (unsigned char *data, int offs, int len)
+ {
+--
+2.32.0
+
diff --git a/libraries/libu2f-host/patches/0020-additional-Feitian-keys.patch b/libraries/libu2f-host/patches/0020-additional-Feitian-keys.patch
new file mode 100644
index 0000000000000..43a2f3d29a46c
--- /dev/null
+++ b/libraries/libu2f-host/patches/0020-additional-Feitian-keys.patch
@@ -0,0 +1,42 @@
+From f9b2e731ae9f41f8cd1f98587dc4de620b7a9471 Mon Sep 17 00:00:00 2001
+From: Henrik Loeser <data-henrik@users.noreply.github.com>
+Date: Wed, 20 May 2020 20:41:20 +0200
+Subject: [PATCH 20/25] additional Feitian keys
+
+K33 and K43, see https://www.ftsafe.com/Products/FIDO/Bio
+
+Signed-off-by: Gustavo B. Schenkel <gustavo.schenkel@gmail.com>
+---
+ 70-u2f.rules | 2 +-
+ u2f.conf.sample | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/70-u2f.rules b/70-u2f.rules
+index 4ef1096..1427910 100644
+--- a/70-u2f.rules
++++ b/70-u2f.rules
+@@ -29,7 +29,7 @@ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1e0d", ATTRS{idProduct
+ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="096e|2ccf", ATTRS{idProduct}=="0880", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+
+ # Feitian ePass FIDO, BioPass FIDO2
+-KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="096e", ATTRS{idProduct}=="0850|0852|0853|0854|0856|0858|085a|085b|085d", TAG+="uaccess", GROUP="plugdev", MODE="0660"
++KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="096e", ATTRS{idProduct}=="0850|0852|0853|0854|0856|0858|085a|085b|085d|0866|0867", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+
+ # JaCarta U2F
+ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="24dc", ATTRS{idProduct}=="0101|0501", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+diff --git a/u2f.conf.sample b/u2f.conf.sample
+index b796d3f..d3ed491 100644
+--- a/u2f.conf.sample
++++ b/u2f.conf.sample
+@@ -46,7 +46,7 @@ notify 100 {
+ match "subsystem" "DEVICE";
+ match "type" "ATTACH";
+ match "vendor" "0x096e";
+- match "product" "(0x0850|0x0852|0x0853|0x0854|0x0856|0x0858|0x085a|0x085b|0x085d)";
++ match "product" "(0x0850|0x0852|0x0853|0x0854|0x0856|0x0858|0x085a|0x085b|0x085d|0x0866|0x0867)";
+ action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev";
+ };
+
+--
+2.32.0
+
diff --git a/libraries/libu2f-host/patches/0021-Github-Actions-do-not-run-scan-if-missing-credential.patch b/libraries/libu2f-host/patches/0021-Github-Actions-do-not-run-scan-if-missing-credential.patch
new file mode 100644
index 0000000000000..66ceb1d9b3d79
--- /dev/null
+++ b/libraries/libu2f-host/patches/0021-Github-Actions-do-not-run-scan-if-missing-credential.patch
@@ -0,0 +1,62 @@
+From 33cd26f945925d64e0ccef41d13be17e84f99f44 Mon Sep 17 00:00:00 2001
+From: Gabriel Kihlman <g.kihlman@yubico.com>
+Date: Tue, 23 Jun 2020 16:25:16 +0200
+Subject: [PATCH 21/25] Github Actions: do not run scan if missing credentials
+
+Also toggle workflow to fail if there are warnings.
+
+Signed-off-by: Gustavo B. Schenkel <gustavo.schenkel@gmail.com>
+---
+ .github/workflows/scan.yml | 23 +++++++++++++----------
+ 1 file changed, 13 insertions(+), 10 deletions(-)
+
+diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
+index ec6ba52..09f16ab 100644
+--- a/.github/workflows/scan.yml
++++ b/.github/workflows/scan.yml
+@@ -1,4 +1,5 @@
+ name: static code analysis
++# Documentation: https://github.com/Yubico/yes-static-code-analysis
+
+ on:
+ push:
+@@ -8,6 +9,7 @@ on:
+ env:
+ SCAN_IMG:
+ yes-docker-local.artifactory.in.yubico.org/static-code-analysis/c:v1
++ SECRET: ${{ secrets.ARTIFACTORY_READER_TOKEN }}
+
+ jobs:
+ build:
+@@ -16,17 +18,18 @@ jobs:
+ steps:
+ - uses: actions/checkout@master
+
+- - name: Prep scan
++ - name: Scan and fail on warnings
+ run: |
+- docker login yes-docker-local.artifactory.in.yubico.org/ \
+- -u svc-static-code-analysis-reader \
+- -p ${{ secrets.ARTIFACTORY_READER_TOKEN }}
+- docker pull ${SCAN_IMG}
+-
+- - name: Scan but do not fail on warnings
+- run: |
+- docker run -v${PWD}:/k -e COMPILE_DEPS="${COMPILE_DEPS}" \
+- -e PROJECT_NAME=${GITHUB_REPOSITORY#Yubico/} -t ${SCAN_IMG} || true
++ if [ "${SECRET}" != "" ]; then
++ docker login yes-docker-local.artifactory.in.yubico.org/ \
++ -u svc-static-code-analysis-reader -p ${SECRET}
++ docker pull ${SCAN_IMG}
++ docker run -v${PWD}:/k -e COMPILE_DEPS="${COMPILE_DEPS}" \
++ -e PROJECT_NAME=${GITHUB_REPOSITORY#Yubico/} \
++ -e PVS_IGNORE_WARNINGS=${PVS_IGNORE_WARNINGS} -t ${SCAN_IMG}
++ else
++ echo "No docker registry credentials, not scanning"
++ fi
+
+ - uses: actions/upload-artifact@master
+ if: failure()
+--
+2.32.0
+
diff --git a/libraries/libu2f-host/patches/0022-Update-scan-action-with-correct-image-fqdn.patch b/libraries/libu2f-host/patches/0022-Update-scan-action-with-correct-image-fqdn.patch
new file mode 100644
index 0000000000000..02559d6ac6770
--- /dev/null
+++ b/libraries/libu2f-host/patches/0022-Update-scan-action-with-correct-image-fqdn.patch
@@ -0,0 +1,35 @@
+From 4c1428647ea83acdd1d7780338d0ed3d993f61ba Mon Sep 17 00:00:00 2001
+From: Marissa Nishimoto <marissa.nishimoto@yubico.com>
+Date: Mon, 27 Jul 2020 15:52:06 -0700
+Subject: [PATCH 22/25] Update scan action with correct image fqdn
+
+Signed-off-by: Gustavo B. Schenkel <gustavo.schenkel@gmail.com>
+---
+ .github/workflows/scan.yml | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
+index 09f16ab..d40da2f 100644
+--- a/.github/workflows/scan.yml
++++ b/.github/workflows/scan.yml
+@@ -8,7 +8,7 @@ on:
+
+ env:
+ SCAN_IMG:
+- yes-docker-local.artifactory.in.yubico.org/static-code-analysis/c:v1
++ yubico-yes-docker-local.jfrog.io/static-code-analysis/c:v1
+ SECRET: ${{ secrets.ARTIFACTORY_READER_TOKEN }}
+
+ jobs:
+@@ -21,7 +21,7 @@ jobs:
+ - name: Scan and fail on warnings
+ run: |
+ if [ "${SECRET}" != "" ]; then
+- docker login yes-docker-local.artifactory.in.yubico.org/ \
++ docker login yubico-yes-docker-local.jfrog.io/ \
+ -u svc-static-code-analysis-reader -p ${SECRET}
+ docker pull ${SCAN_IMG}
+ docker run -v${PWD}:/k -e COMPILE_DEPS="${COMPILE_DEPS}" \
+--
+2.32.0
+
diff --git a/libraries/libu2f-host/patches/0023-Added-udev-rules-for-MIRKey-devices.patch b/libraries/libu2f-host/patches/0023-Added-udev-rules-for-MIRKey-devices.patch
new file mode 100644
index 0000000000000..aeaa5769ae294
--- /dev/null
+++ b/libraries/libu2f-host/patches/0023-Added-udev-rules-for-MIRKey-devices.patch
@@ -0,0 +1,44 @@
+From 929fda27c7453453ebc8d99c85208d82417009f6 Mon Sep 17 00:00:00 2001
+From: Kobus Grobler <kobus.grobler@gmail.com>
+Date: Wed, 26 Aug 2020 21:55:24 +0200
+Subject: [PATCH 23/25] Added udev rules for MIRKey devices
+
+Signed-off-by: Gustavo B. Schenkel <gustavo.schenkel@gmail.com>
+---
+ 70-u2f.rules | 3 +++
+ u2f.conf.sample | 10 ++++++++++
+ 2 files changed, 13 insertions(+)
+
+diff --git a/70-u2f.rules b/70-u2f.rules
+index 1427910..0c2bc69 100644
+--- a/70-u2f.rules
++++ b/70-u2f.rules
+@@ -83,4 +83,7 @@ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1d50", ATTRS{idProduct
+ # GoTrust Idem Key
+ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1fc9", ATTRS{idProduct}=="f143", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+
++# ellipticSecure MIRKey
++KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a2ac", TAG+="uaccess", GROUP="plugdev", MODE="0660"
++
+ LABEL="u2f_end"
+diff --git a/u2f.conf.sample b/u2f.conf.sample
+index d3ed491..36dead9 100644
+--- a/u2f.conf.sample
++++ b/u2f.conf.sample
+@@ -149,3 +149,13 @@ notify 100 {
+ match "product" "0xf143";
+ action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev";
+ };
++
++# ellipticSecure MIRKey
++notify 100 {
++ match "system" "USB";
++ match "subsystem" "DEVICE";
++ match "type" "ATTACH";
++ match "vendor" "0x0483";
++ match "product" "0xa2ac";
++ action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev";
++};
+--
+2.32.0
+
diff --git a/libraries/libu2f-host/patches/0024-Update-Ledger-s-productIDs-add-Ledger-Blue.patch b/libraries/libu2f-host/patches/0024-Update-Ledger-s-productIDs-add-Ledger-Blue.patch
new file mode 100644
index 0000000000000..791afdead6f96
--- /dev/null
+++ b/libraries/libu2f-host/patches/0024-Update-Ledger-s-productIDs-add-Ledger-Blue.patch
@@ -0,0 +1,34 @@
+From 443d2cea29fd4d9a9fa39b12d6556c85440cd8bc Mon Sep 17 00:00:00 2001
+From: TamtamHero <10632523+TamtamHero@users.noreply.github.com>
+Date: Wed, 30 Sep 2020 12:21:34 +0200
+Subject: [PATCH 24/25] Update Ledger's productIDs + add Ledger Blue
+
+Following https://www.ledger.com/windows-10-update-sunsetting-u2f-tunnel-transport-for-ledger-devices/, all Ledger products have changed the productID they advertise.
+There's now 2 different combinations commonly available per device:
+
+ HID + U2F -> xx05
+ HID + U2F + WebUSB-> xx15
+
+Signed-off-by: Gustavo B. Schenkel <gustavo.schenkel@gmail.com>
+---
+ 70-u2f.rules | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/70-u2f.rules b/70-u2f.rules
+index 0c2bc69..1f90ddf 100644
+--- a/70-u2f.rules
++++ b/70-u2f.rules
+@@ -65,8 +65,8 @@ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1209", ATTRS{idProduct
+ # Infineon FIDO
+ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="058b", ATTRS{idProduct}=="022d", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+
+-# Ledger Nano S and Nano X
+-KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="2c97", ATTRS{idProduct}=="0001|0004", TAG+="uaccess", GROUP="plugdev", MODE="0660"
++# Ledger Blue, Nano S and Nano X
++KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="2c97", ATTRS{idProduct}=="0000|0001|0004|0005|0015|1005|1015|4005|4015", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+
+ # Kensington VeriMark
+ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="06cb", ATTRS{idProduct}=="0088", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+--
+2.32.0
+
diff --git a/libraries/libu2f-host/patches/0025-Add-deprecation-notice.patch b/libraries/libu2f-host/patches/0025-Add-deprecation-notice.patch
new file mode 100644
index 0000000000000..99758317d0ecc
--- /dev/null
+++ b/libraries/libu2f-host/patches/0025-Add-deprecation-notice.patch
@@ -0,0 +1,26 @@
+From 420a18112a0aab09f19915cd7465e471e29717cd Mon Sep 17 00:00:00 2001
+From: Gabriel Kihlman <g.kihlman@yubico.com>
+Date: Wed, 14 Oct 2020 14:16:07 +0200
+Subject: [PATCH 25/25] Add deprecation notice
+
+Signed-off-by: Gustavo B. Schenkel <gustavo.schenkel@gmail.com>
+---
+ README | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/README b/README
+index bc920d6..4b5bc8c 100644
+--- a/README
++++ b/README
+@@ -10,7 +10,7 @@ device and perform the U2F Register and U2F Authenticate operations.
+ For the server-side aspect, see our
+ https://developers.yubico.com/libu2f-server/[libu2f-server project].
+
+-NOTE: This project is in maintenance mode,
++NOTE: This project is deprecated and is no longer being maintained.
+ https://developers.yubico.com/libfido2/[libfido2] is a new project with
+ support for U2F and FIDO2.
+
+--
+2.32.0
+