Bump required minimum version of libfido2 to 1.5.0

Major distributions already have libfido2 >= 1.12.0.
Let's bump the required minimum version to 1.5.0, which provides
FIDO_ERR_UV_BLOCKED.

Note, libfido2 1.5.0 was released on 2020-09-01.

See also #38608.

diff --git a/README b/README
index eea3a55fbb8d1b5161f102adc4a3e56d0785b8a8..979807cda6e366b7cea006b344f60dd3429e30d5 100644 (file)
--- a/README
+++ b/README
@@ -245,7 +245,7 @@ REQUIREMENTS:
         gnutls >= 3.1.4 (optional)
         openssl >= 1.1.0 (optional, required to support DNS-over-TLS)
         p11-kit >= 0.23.3 (optional)
-        libfido2 (optional)
+        libfido2 >= 1.5.0 (optional)
         tpm2-tss (optional)
         elfutils >= 158 (optional)
         polkit (optional)

diff --git a/meson.build b/meson.build
index 2e76d44aeb2d76425fc7d5ebfeafd4943fc4de27..b926681eb6b96787b87b482a6e1c3b8aaaba8431 100644 (file)
--- a/meson.build
+++ b/meson.build
@@ -1351,6 +1351,7 @@ feature = get_option('libfido2').require(
         conf.get('HAVE_OPENSSL') == 1,
         error_message : 'openssl required')
 libfido2 = dependency('libfido2',
+                      version : '>=1.5.0',
                       required : feature)
 conf.set10('HAVE_LIBFIDO2', libfido2.found())
 

diff --git a/src/shared/libfido2-util.c b/src/shared/libfido2-util.c
index a4317971e194e16fdc97eca1070fadfe055a1623..bbca00ceeb87df5434b2e78a33498ba39973c340 100644 (file)
--- a/src/shared/libfido2-util.c
+++ b/src/shared/libfido2-util.c
@@ -271,11 +271,9 @@ static int fido2_common_assert_error_handle(int r) {
         case FIDO_ERR_PIN_AUTH_BLOCKED:
                 return log_error_errno(SYNTHETIC_ERRNO(EOWNERDEAD),
                                        "PIN of security token is blocked, please remove/reinsert token.");
-#ifdef FIDO_ERR_UV_BLOCKED
         case FIDO_ERR_UV_BLOCKED:
                 return log_error_errno(SYNTHETIC_ERRNO(EOWNERDEAD),
                                        "Verification of security token is blocked, please remove/reinsert token.");
-#endif
         case FIDO_ERR_PIN_INVALID:
                 return log_error_errno(SYNTHETIC_ERRNO(ENOLCK),
                                        "PIN of security token incorrect.");
@@ -937,11 +935,9 @@ int fido2_generate_hmac_hash(
         if (r == FIDO_ERR_PIN_AUTH_BLOCKED)
                 return log_notice_errno(SYNTHETIC_ERRNO(EPERM),
                                         "Token PIN is currently blocked, please remove and reinsert token.");
-#ifdef FIDO_ERR_UV_BLOCKED
         if (r == FIDO_ERR_UV_BLOCKED)
                 return log_notice_errno(SYNTHETIC_ERRNO(EPERM),
                                         "Token verification is currently blocked, please remove and reinsert token.");
-#endif
         if (r == FIDO_ERR_ACTION_TIMEOUT)
                 return log_error_errno(SYNTHETIC_ERRNO(ENOSTR),
                                        "Token action timeout. (User didn't interact with token quickly enough.)");