https://developers.yubico.com/yubico-piv-tool/Release_Notes.html
Version 2.7.1 (released 2024-12-19)
ykpiv: Fix type casting issues affecting systems using Big-endian architecture
Version 2.7.0 (released 2024-12-19)
ykpiv: cmd: Add support for communication over a secure channel according to SCP11b specifications
ykpiv: cmd: Add support for device global reset
Version 2.6.1 (released 2024-09-12)
cmd: Fix performing bio verification
ykcs11: Fix handling ED25519 and X25519 keys
Version 2.6.0 (released 2024-08-21)
cmd: Add support for biometric verification and match policy
ykcs11: Add support for PKCS11 3.0
ykpiv: cmd: ykcs11: Improve error traceability
ykpiv: cmd: ykcs11: Fix minor bugs
build: Make building with zlib optional
Doesn't help with the crash, though, which is the only thing I've used/tested.
100% tests passed, 0 tests failed out of 9
For tests the shared lib instead of just programs needs to link pthread now,
otherwise I didn't change/fix anything.
Tests?
Index: Makefile
===================================================================
RCS file: /cvs/ports/security/yubico/yubico-piv-tool/Makefile,v
diff -u -p -r1.11 Makefile
--- Makefile 25 Jul 2024 15:11:51 -0000 1.11
+++ Makefile 3 Jan 2025 23:29:53 -0000
@@ -3,10 +3,10 @@ COMMENT= Yubico Personal Identity Verifi
HOMEPAGE= https://developers.yubico.com/yubico-piv-tool/
YK_PROJECT= yubico-piv-tool
-DISTNAME= yubico-piv-tool-2.5.2
+DISTNAME= yubico-piv-tool-2.7.1
-SHARED_LIBS += ykcs11 1.0
-SHARED_LIBS += ykpiv 2.0
+SHARED_LIBS += ykcs11 1.1
+SHARED_LIBS += ykpiv 3.0
CATEGORIES= sysutils
Index: distinfo
===================================================================
RCS file: /cvs/ports/security/yubico/yubico-piv-tool/distinfo,v
diff -u -p -r1.5 distinfo
--- distinfo 25 Jul 2024 15:11:51 -0000 1.5
+++ distinfo 3 Jan 2025 23:16:32 -0000
@@ -1,2 +1,2 @@
-SHA256 (yubico-piv-tool-2.5.2.tar.gz) = kY52utmUY9wKhYpHcexnSlefrShNmdkMV/uc9E+wWbg=
-SIZE (yubico-piv-tool-2.5.2.tar.gz) = 1324642
+SHA256 (yubico-piv-tool-2.7.1.tar.gz) = mBMZClwlYO9/6AGMA2FAkekR4FlsWFPvJcgs2Sg6REs=
+SIZE (yubico-piv-tool-2.7.1.tar.gz) = 1361900
Index: patches/patch-common_util_c
===================================================================
RCS file: /cvs/ports/security/yubico/yubico-piv-tool/patches/patch-common_util_c,v
diff -u -p -r1.2 patch-common_util_c
--- patches/patch-common_util_c 25 Jul 2024 15:11:51 -0000 1.2
+++ patches/patch-common_util_c 3 Jan 2025 23:20:07 -0000
@@ -3,7 +3,7 @@ Do not reach into X509_ALGOR.
Index: common/util.c
--- common/util.c.orig
+++ common/util.c
-@@ -383,6 +383,7 @@ bool set_component(unsigned char *in_ptr, const BIGNUM
+@@ -391,6 +391,7 @@ bool set_component(unsigned char *in_ptr, const BIGNUM
bool prepare_rsa_signature(const unsigned char *in, unsigned int in_len, unsigned char *out, unsigned int *out_len, int nid) {
X509_SIG *digestInfo;
X509_ALGOR *algor;
@@ -11,7 +11,7 @@ Index: common/util.c
ASN1_OCTET_STRING *digest;
unsigned char data[1024] = {0};
-@@ -393,8 +394,8 @@ bool prepare_rsa_signature(const unsigned char *in, un
+@@ -401,8 +402,8 @@ bool prepare_rsa_signature(const unsigned char *in, un
digestInfo = X509_SIG_new();
X509_SIG_getm(digestInfo, &algor, &digest);
Index: patches/patch-tool_yubico-piv-tool_c
===================================================================
RCS file: /cvs/ports/security/yubico/yubico-piv-tool/patches/patch-tool_yubico-piv-tool_c,v
diff -u -p -r1.6 patch-tool_yubico-piv-tool_c
--- patches/patch-tool_yubico-piv-tool_c 25 Jul 2024 15:11:51 -0000 1.6
+++ patches/patch-tool_yubico-piv-tool_c 3 Jan 2025 23:20:07 -0000
@@ -10,7 +10,7 @@ Index: tool/yubico-piv-tool.c
static int ec_key_ex_data_idx = -1;
struct internal_key {
-@@ -872,7 +872,7 @@ static bool request_certificate(ykpiv_state *state, en
+@@ -891,7 +891,7 @@ static bool request_certificate(ykpiv_state *state, en
int key = 0;
size_t oid_len = 0;
const unsigned char *oid = NULL;
@@ -19,7 +19,7 @@ Index: tool/yubico-piv-tool.c
unsigned char digest[EVP_MAX_MD_SIZE + MAX_OID_LEN] = {0};
unsigned int md_len;
unsigned int digest_len;
-@@ -983,7 +983,7 @@ static bool request_certificate(ykpiv_state *state, en
+@@ -1002,7 +1002,7 @@ static bool request_certificate(ykpiv_state *state, en
goto request_out;
}
@@ -28,7 +28,7 @@ Index: tool/yubico-piv-tool.c
null_parameter.type = V_ASN1_NULL;
null_parameter.value.ptr = NULL;
-@@ -1108,7 +1108,7 @@ request_out:
+@@ -1127,7 +1127,7 @@ request_out:
fclose(output_file);
}
EVP_PKEY_free(public_key);
@@ -37,7 +37,7 @@ Index: tool/yubico-piv-tool.c
if(req) {
if(req->sig_alg->parameter) {
req->sig_alg->parameter = NULL;
-@@ -1341,7 +1341,7 @@ static bool selfsign_certificate(ykpiv_state *state, e
+@@ -1360,7 +1360,7 @@ static bool selfsign_certificate(ykpiv_state *state, e
}
}
@@ -46,7 +46,7 @@ Index: tool/yubico-piv-tool.c
unsigned char digest[EVP_MAX_MD_SIZE + MAX_OID_LEN] = {0};
unsigned char *signinput;
size_t len = 0;
-@@ -1466,7 +1466,7 @@ selfsign_out:
+@@ -1485,7 +1485,7 @@ selfsign_out:
if(output_file && output_file != stdout) {
fclose(output_file);
}
Index: patches/patch-ykcs11_CMakeLists_txt
===================================================================
RCS file: patches/patch-ykcs11_CMakeLists_txt
diff -N patches/patch-ykcs11_CMakeLists_txt
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-ykcs11_CMakeLists_txt 3 Jan 2025 23:26:36 -0000
@@ -0,0 +1,12 @@
+Index: ykcs11/CMakeLists.txt
+--- ykcs11/CMakeLists.txt.orig
++++ ykcs11/CMakeLists.txt
+@@ -73,7 +73,7 @@ endif(BUILD_STATIC_LIB)
+
+ # dynamic library
+ add_library(ykcs11_shared SHARED ${SOURCE})
+-target_link_libraries(ykcs11_shared ${LIBCRYPTO_LDFLAGS} ykpiv_shared)
++target_link_libraries(ykcs11_shared ${LIBCRYPTO_LDFLAGS} ykpiv_shared pthread)
+ set_target_properties(ykcs11_shared PROPERTIES SOVERSION ${SO_VERSION} VERSION ${VERSION})
+ if (${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
+ set_target_properties(ykcs11_shared PROPERTIES INSTALL_RPATH "${YKPIV_INSTALL_LIB_DIR}")
Index: patches/patch-ykcs11_tests_CMakeLists_txt
===================================================================
RCS file: patches/patch-ykcs11_tests_CMakeLists_txt
diff -N patches/patch-ykcs11_tests_CMakeLists_txt
--- patches/patch-ykcs11_tests_CMakeLists_txt 9 Mar 2023 12:31:05 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,12 +0,0 @@
-Index: ykcs11/tests/CMakeLists.txt
---- ykcs11/tests/CMakeLists.txt.orig
-+++ ykcs11/tests/CMakeLists.txt
-@@ -50,7 +50,7 @@ if(NOT DEFINED SKIP_TESTS)
- )
-
- add_executable(test_ykcs11 ${SOURCE_YKCS11_TESTS})
-- target_link_libraries(test_ykcs11 ykcs11_shared ${LIBCRYPTO_LDFLAGS})
-+ target_link_libraries(test_ykcs11 ykcs11_shared ${LIBCRYPTO_LDFLAGS} pthread)
-
- add_test(
- NAME test_ykcs11
No comments:
Post a Comment