Bump required minimum version of libfido2 to 1.5.0 (#38975)

Major distributions already have libfido2 >= 1.12.0. Let's bump the required minimum version to 1.5.0, which provides FIDO_ERR_UV_BLOCKED. Note, libfido2 1.5.0 was released on 2020-09-01. See also #38608.
2026-04-14 00:14:32 +09:00 · 2025-09-18 17:59:44 +02:00
parent 265b3fbd52 d8b60944f5
commit b0d63f6059
3 changed files with 2 additions and 5 deletions
--- a/2
+++ b/2
@@ -245,7 +245,7 @@ REQUIREMENTS:
        gnutls >= 3.1.4 (optional)
        openssl >= 1.1.0 (optional, required to support DNS-over-TLS)
        p11-kit >= 0.23.3 (optional)
-        libfido2 (optional)
+        libfido2 >= 1.5.0 (optional)
        tpm2-tss (optional)
        elfutils >= 158 (optional)
        polkit (optional)
--- a/meson.build
+++ b/meson.build
@@ -1352,6 +1352,7 @@ feature = get_option('libfido2').require(
        conf.get('HAVE_OPENSSL') == 1,
        error_message : 'openssl required')
 libfido2 = dependency('libfido2',
+                      version : '>=1.5.0',
                      required : feature)
 conf.set10('HAVE_LIBFIDO2', libfido2.found())

--- a/src/shared/libfido2-util.c
+++ b/src/shared/libfido2-util.c
@@ -271,11 +271,9 @@ static int fido2_common_assert_error_handle(int r) {
        case FIDO_ERR_PIN_AUTH_BLOCKED:
                return log_error_errno(SYNTHETIC_ERRNO(EOWNERDEAD),
                                       "PIN of security token is blocked, please remove/reinsert token.");
-#ifdef FIDO_ERR_UV_BLOCKED
        case FIDO_ERR_UV_BLOCKED:
                return log_error_errno(SYNTHETIC_ERRNO(EOWNERDEAD),
                                       "Verification of security token is blocked, please remove/reinsert token.");
-#endif
        case FIDO_ERR_PIN_INVALID:
                return log_error_errno(SYNTHETIC_ERRNO(ENOLCK),
                                       "PIN of security token incorrect.");
@@ -937,11 +935,9 @@ int fido2_generate_hmac_hash(
        if (r == FIDO_ERR_PIN_AUTH_BLOCKED)
                return log_notice_errno(SYNTHETIC_ERRNO(EPERM),
                                        "Token PIN is currently blocked, please remove and reinsert token.");
-#ifdef FIDO_ERR_UV_BLOCKED
        if (r == FIDO_ERR_UV_BLOCKED)
                return log_notice_errno(SYNTHETIC_ERRNO(EPERM),
                                        "Token verification is currently blocked, please remove and reinsert token.");
-#endif
        if (r == FIDO_ERR_ACTION_TIMEOUT)
                return log_error_errno(SYNTHETIC_ERRNO(ENOSTR),
                                       "Token action timeout. (User didn't interact with token quickly enough.)");