All checksums have been double-checked against existing RMD160 and
SHA512 hashes
Unfetchable distfiles (fetched conditionally?):
./security/cyrus-sasl/distinfo cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2
* Version 1.20.0 (released 2019-07-03)
** Add yk_open_key_vid_pid() allowing vid and pid to be specified.
** Documentation fixes.
** Clear potentially sensitive material from buffers.
** Fix potential buffer overwrite.
* Version 1.19.3 (released 2019-02-22)
** Fix capability read.
* Version 1.19.2 (released 2019-02-19)
** Fix test on mac.
** Fix serial read and challenge response.
* Version 1.19.1 (released 2019-02-19)
** Error out on json output with randomSeed.
** Validate more length fields.
** Use correct FormatMessage function on windows.
** Overflow, bounds and error condition checks.
** Try to zero sensitive memory better.
* Version 1.19.0 (released 2018-04-24)
** Add yk_write_device_info().
** Add ykpersonalize cli switch -D for device info.
** Add code for handling personalization interface of major version 5.
* Version 1.18.1 (released 2018-01-16)
** Support reading accesscode and private ID from stdin.
** Parse optional arguments correctly.
** Documentation fixes.
** Fix for ykinfo modhex serial output when it ends with c.
** Treat all firmware versions as supported.
* Version 1.18.0 (released 2017-01-27)
** Let ykchalresp read challenge from a file.
** Add support of working with a numbered key when many connected
Thanks to Thomas Habets <habets@google.com>
** Documentation clarifications.
** Fixup argument parsing of flags with optional arguments on BSD platforms.
** Fix a file descriptor leak on windows.
* Version 1.17.3 (released 2015-12-28)
** Dont read to much if we don't find a key.
** Text updates to make options clearer.
** Correct logic for question when mode switching to non-otp mode.
** Add 4.3 as supported firmware.
* Version 1.17.2 (released 2015-09-22)
** Let _yk_write() return an error if yk_wait_for_key_status() fails.
** Fix a mistake in help, fixed is up to 16 bytes, 32 characters.
** Add 4.2 as supported firmware.
* Version 1.17.1 (released 2015-04-01)
** Fixup of 1.17.0
* Version 1.17.0 (released 2015-04-01)
** add yk_get_capabilities() to fetch capabilities.
** add -c to ykinfo to fetch capabilities.
** whitelist firmware 4.1.x
* Version 1.16.4 (released 2015-03-23)
** change the tool to accept autoeject time as a short instead of a byte
* Version 1.16.3 (released 2015-03-10)
** whitelist YubiKey version 3.4.x
** only try to set libusb configuration if it's unset on the device
* Version 1.16.2 (released 2014-11-28)
** ykinfo: fix modhex printout when serial is an odd number of hex digits.
** whitelist yubikey version 4.0.x
** try to open more PIDs and add for udev.
Problems found locating distfiles:
Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
Package libidea: missing distfile libidea-0.8.2b.tar.gz
Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
Package uvscan: missing distfile vlp4510e.tar.Z
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
* Fix udev rules so they contain four digits.
* Only try to detach the kernel driver if it's attached. For libusb-1.0
* Let import config report errors properly.
* Add yk_get_key_vid_pid() to get the vendor and product id of a key.
* Add flags for ykinfo to print vendor and product id.
* Fix a bug in the osx backend where it would return an error opening
a composite device with two hid interfaces.
* Fix URLs for opensource.y.com -> developers.y.com move.
* Whitelist firmware version 3.3 and detect new PIDs.
Version 1.15.2 (released 2014-07-30)
* Whitelist firmware version 2.5
* Read key when importing configuration.
* Fix formatting error in information about what is written to key.
* Check return codes when doinf NDEF writes.
* Add -6 and -8 flags to ykchalresp to output the response as a truncated
OATH code.
* Add -t to ykchalresp to use current time / 30 as challenge in TOTP
fashion.
* Fix for a crash in the libusb-0.1 backend.
Version 1.15.0 (released 2014-01-10)
* add new Neo version 3.2 as supported.
* let ykp_AES_key_from_password() return error if it can't get a random
salt.
* let -a without option mean ask for raw key on STDIN.
* let no -a given mean generate a random key
* add ykp_AES_key_from_raw() and ykp_HMAC_key_from_raw() that sets the
key from a byte array.
* remove -osalt= and possibility to generate key from password.
* add YK_ENODATA that's returned when no data is returned from
the device and no other underlying error is set.
* Fixups of import/export.
Add targetConfig to show in which slot a configuration is intended.
Possible memory leaks on error conditions.
* Add -d switch to ykpersonalize for dry-run.
* Add ykp_clear_config() for clearing configuration flags.
* Add getter functions for all configuration flags.
* Add -V to all tools to output version.
* Add ykp_get_acccode_type() and ykp_set_acccode_type()
Only to do with export, showing where the access code came from
in the ycfg.
* Add -1 and -2 options to ykinfo to show programming state.
* Added import/export of ycfg-json format.
Invoke with -fjson to -s or -i
Add exported functions ykp_export_config() and ykp_import_config()
* Fixup output of flags when using ykp_write_config()
* Add binary builds for mac.
* Minor cleanups noticed during debian packaging.
Version 1.12.0 (released 2013-03-14)
* Recognize firmwares 2.4 and 3.1.
* Add support for setting the new extflag LED_INV
When set the behaviour of the led on the YubiKey is inversed.
(Moved HOMEPAGE and MASTER_SITES to the new GitHub project URLs)
* Fixup of broken release.
Version 1.11.2 (released 2013-01-09)
* Fix a bug where writing a NDEF with unknown prefix ended up writing invalid
data to the YubiKey NEO. Wrote prefix as 0x24 instead of 0x00.
* Don't allow opening a YubiKey if there's more than one present in the system.
* Fix shared linking of ykinfo and ykchalresp.
Version 1.11.1 (released 2012-12-21)
* Implement ykusb_strerror() on windows.
* Fix a bug where a YubiKey would fail to be recognized if there was
another device from Yubico (vendor id 1050) inserted and looked at
before in the device chain.
* Fix a bug where you could only set 8 bytes of the public id with
the command line tool, now all 16 bytes can be set.
* Documentation updates and fixes.
Version 1.11.0 (released 2012-12-12)
* Added version symbols and functions.
The header file is "ykpers-version.h" and it contains the following
symbols and functions: YKPERS_VERSION_STRING, YKPERS_VERSION_NUMBER,
YKPERS_VERSION_MAJOR, YKPERS_VERSION_MINOR, YKPERS_VERSION_PATCH,
ykpers_check_version.
Version 1.10.0 (released 2012-12-11)
* Support for the new productId of the production Neo.
Has ProducId 0x110, 0x111 or 0x112 depending on mode (see the notes about
-m and device_config).
* Add support for SLOT_NDEF2.
Use SLOT_NDEF to emit slot 1 as NDEF or SLOT_NDEF2 to emit slot 2.
This also adds the function yk_write_ndef2() that takes a slot parameter.
* Add -m flag for ykpersonalize, set usb mode of YubiKey NEO.
0 means pure YubiKey mode, 1 means pure CCID mode and 2 means YubiKey/CCID
composite mode. Add 80 to set EJECT_FLAG.
To use this with the api, see the functions:
ykp_alloc_device_config(), ykp_free_device_config(), ykp_set_device_mode(),
ykp_set_device_chalresp_timeout(), ykp_set_device_autoeject_time() and
yk_write_device_config().
* Add -S flag for ykpersonalize, set the scanmap of the YubiKey NEO.
Take an 90 character string describing 45 scancodes. See man page for more
info. To use this with the api see yk_write_scan_map().
* In the api add ykp_ndef_as_text() to export the text from a YK_NDEF structure.
* Higher timeout for configuration writes as in particular swap can take
longer than 600 ms.
* Add udev rules files to packed distribution.
Version 1.8.1 (released 2012-10-17)
* Memory leak fixes and potential crash fixes in osx backend.
* Error reporting fixes in osx backend, reporting correct errors and
better errors.
* Provide new another udev permissions file that works on udev version
greater than 188. Autodetects from configure which to use.
* Add new binary ykinfo, can be used to get serial number, version and
touch level from a YubiKey.
Version 1.8.0 (released 2012-09-28)
* Added ./configure --enable-gcc-warnings to enable a lot of warnings.
* Added Continuous integration at travis-ci
(http://travis-ci.org/#!/Yubico/yubikey-personalization)
* Added yk_challenge_response() function for doing challenge response
with a key.
* Fixed functions for NDEF writing, adding:
ykp_ndef_alloc(), ykp_ndef_free() and ykp_set_ndef_access_code()
also providing compatible name YK_NDEF in ykcore.h and exporting
yk_write_ndef() there.
Change return values from ndef_construct_*() functions to make them
consistent with the rest of the library.
* Fixed a crash bug when the library was called from different threads.
* Check return code from libusb_init() so we avoid crashing there.
Also use a usb context instead of relying on default.
* Fix numerous warnings.
* Fix compilation in MSVC2010.
Version 1.7.0 (released 2012-06-07)
* Add support for new features in YubiKey 2.3:
ALLOW_UPDATE flag that allows updating of configuration in slots.
Update command (-u) to do update of existing config.
Swap command (-x) to swap contents of two updatable slots
DORMANT flag that's settable/removable if ALLOW_UPDATE is set
USE_NUMERIC_KEYPAD flag for sending the OATH OTP using keypad scan codes
instead
FAST_TRIG flag for faster triggering of slot one if slot two is empty
* Change the library around some to make the 2.3 features available.
Use ykp_alloc() instead of ykp_create_config().
Use ykp_configure_version() instead of ykp_configure_for() to set the version.
Use ykp_configure_command() instead of ykp_configure_for() to set slot.
Use yk_write_command() instead of yk_write_config().
The new commands doesn't set any default configuration at all.
* Add library support for the YubiKey NEO beta
ykp_construct_ndef_uri() for preparing a URI to write.
ykp_construct_ndef_text() for preparing a text to write.
yk_write_ndef() to write the constructed NDEF.
* Add support for the YubiKey NEO beta
Writing NDEF URI with -n http://example.com/foo/
Writing NDEF Text record with -t example
* Implement option -ooath-id to easily set OATH token identifier.
* Fix numerous compiler warnings from clang. Thanks to
Clemens Lang <neverpanic@gmail.com>.