[fprint] Recent series of 1.90.x updates and regressions

[Benjamin Berg]

Hi,

as you may have noticed, there were a number of fprintd and libfprint
releases in a row. The mess should be over with now, but let me explain
a bit what and why it happened.

The main regressions triggering new releases were:
 * libfprint auto-suspending a USB hub
   -> This was caused by a user reporting an incorrect USB ID for an
      unsupported device.
 * fprintd shipped an incorrect DBus configuration
   -> This one was an incorrect fix, ugly mistake.
 * fprintd had a few issues with the new authorization handling
   -> A major rewrite was required to fix the security issues. It is
      not totally unexpected that some issues would sneak in.
 * pam_fprintd had a crash bug
   -> This was an ugly mistake in a cleanup patch. And neither
      automated nor manual testing did catch the corner cases where
      the system has no fingerprint readers.
      The automated tests have been extended.
 * pam_fprintd did not work if fprintd was just activated by DBus
   -> This was a regression introduced by an important fix for a race
      condition that could trigger an authentication bypass.

On the positive side, the code and test quality has been improved
considerably. And, we have fixed a lot of problems (not just the listed
ones) a number of them with security implications.

I hope this did not cause too many issues for people,
Benjamin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <https://lists.freedesktop.org/archives/fprint/attachments/20201211/a6e7258a/attachment.sig>