Skip to content

1.10.0 - April 2024 Release
Compare
Choose a tag to compare
@DennisDyallo DennisDyallo released this 10 Apr 14:29
· 922 commits to main since this release
1.10.0
10b5901
This commit was signed with the committer’s verified signature.
DennisDyallo Dennis Dyallo
GPG key ID: 89A6930F443556F5
Verified
Learn about vigilant mode.

Release date: April 10th, 2024

This release improves our native dependencies exposed through the Yubico.NativeShims package. We have also worked to improve the build and test experience of this repository by improving our automation and build files.

Changes:

  • Yubico.NativeShims targets OpenSSL version 3.x on all platforms - OpenSSL v1.1.x has reached end-of-life. The SDK now removes this dependency on all platforms, now upgrading to the supported 3.x version.
  • Dropped support for 32-bit Linux - Yubico.NativeShims no longer builds for 32-bit (x86) Linux. We now depend on Ubuntu releases that contain OpenSSL 3.x by default. These newer releases no longer have mainstream support for this platform.
  • Compilation hardening of Yubico.NativeShims - Added commonly used compiler flags to increase security and code quality
    MacOS / Linux:
    -Wformat: Warn about format string issues in printf-like functions.
    -Wformat-nonliteral: Warn about format strings that are not string literals.
    -Wformat-security: Warn about potential security issues related to format strings.
    -Wall: Enable most warning messages
    -Wextra: Enable some additional warning messages not included in -Wall
    -Werror: Treat all warnings as errors
    -Wcast-qual: Warn when casting away const-ness
    -Wshadow: Warn when a local variable shadows another variable
    -pedantic: Issue warnings for language features beyond the C standard
    -pedantic-errors: Treat pedantic warnings as errors
    -Wbad-function-cast: Warn about dubious function pointer casts
    -O2: Optimize code for performance
    -fpic: Generate position-independent code
    -fstack-protector-all: Enable stack protection for all functions
    -D_FORTIFY_SOURCE=2: Enable runtime and compile-time checks for certain security-critical functions
    Windows flags:
    /guard:cf: Enable control flow guard security feature
    /GS: Enable buffer security check
    /Gs: Control stack security check
  • Addressed compiler warning concerning Runtime Identifiers (RID)
  • Enabled dotnet format - The repository now uses dotnet format to ensure that pull requests adhere to the repository's coding standards. A pass of the tool has been run against the entire repository and a new baseline has been checked in.
Assets 2
Loading