Commit graph

21 commits

Author SHA1 Message Date
nia
3df0f20e22 security: Replace RMD160 checksums with BLAKE2s checksums
All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Unfetchable distfiles (fetched conditionally?):
./security/cyrus-sasl/distinfo cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2
2021-10-26 11:16:56 +00:00
nia
fa4b2904a6 security: Remove SHA1 hashes for distfiles 2021-10-07 14:53:40 +00:00
tnn
081de482e4 ykpers: needs asciidoc 2019-09-14 13:17:59 +00:00
tnn
d98511cf82 ykpers: update to 1.20.0
* Version 1.20.0 (released 2019-07-03)
** Add yk_open_key_vid_pid() allowing vid and pid to be specified.
** Documentation fixes.
** Clear potentially sensitive material from buffers.
** Fix potential buffer overwrite.

* Version 1.19.3 (released 2019-02-22)
** Fix capability read.

* Version 1.19.2 (released 2019-02-19)
** Fix test on mac.
** Fix serial read and challenge response.

* Version 1.19.1 (released 2019-02-19)
** Error out on json output with randomSeed.
** Validate more length fields.
** Use correct FormatMessage function on windows.
** Overflow, bounds and error condition checks.
** Try to zero sensitive memory better.

* Version 1.19.0 (released 2018-04-24)
** Add yk_write_device_info().
** Add ykpersonalize cli switch -D for device info.
** Add code for handling personalization interface of major version 5.

* Version 1.18.1 (released 2018-01-16)
** Support reading accesscode and private ID from stdin.
** Parse optional arguments correctly.
** Documentation fixes.
** Fix for ykinfo modhex serial output when it ends with c.
** Treat all firmware versions as supported.

* Version 1.18.0 (released 2017-01-27)
** Let ykchalresp read challenge from a file.
** Add support of working with a numbered key when many connected
Thanks to Thomas Habets <habets@google.com>
** Documentation clarifications.
** Fixup argument parsing of flags with optional arguments on BSD platforms.
** Fix a file descriptor leak on windows.

* Version 1.17.3 (released 2015-12-28)
** Dont read to much if we don't find a key.
** Text updates to make options clearer.
** Correct logic for question when mode switching to non-otp mode.
** Add 4.3 as supported firmware.

* Version 1.17.2 (released 2015-09-22)
** Let _yk_write() return an error if yk_wait_for_key_status() fails.
** Fix a mistake in help, fixed is up to 16 bytes, 32 characters.
** Add 4.2 as supported firmware.

* Version 1.17.1 (released 2015-04-01)
** Fixup of 1.17.0

* Version 1.17.0 (released 2015-04-01)
** add yk_get_capabilities() to fetch capabilities.
** add -c to ykinfo to fetch capabilities.
** whitelist firmware 4.1.x

* Version 1.16.4 (released 2015-03-23)
** change the tool to accept autoeject time as a short instead of a byte

* Version 1.16.3 (released 2015-03-10)
** whitelist YubiKey version 3.4.x
** only try to set libusb configuration if it's unset on the device

* Version 1.16.2 (released 2014-11-28)
** ykinfo: fix modhex printout when serial is an odd number of hex digits.
** whitelist yubikey version 4.0.x
** try to open more PIDs and add for udev.
2019-09-12 22:54:23 +00:00
sevan
f5b14bdecc Need strnlen(3), make sure we obtain it from libnbcompat if host OS doesn't
include it.
2019-07-10 17:53:38 +00:00
agc
5293710fb4 Add SHA512 digests for distfiles for security category
Problems found locating distfiles:
	Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
	Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
	Package libidea: missing distfile libidea-0.8.2b.tar.gz
	Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
	Package uvscan: missing distfile vlp4510e.tar.Z

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
2015-11-04 01:17:40 +00:00
tnn
01d86e060d wants to link with pthreads 2015-03-15 14:17:00 +00:00
pettai
6f4223eb31 Version 1.16.1 (released 2014-10-30)
* Fix udev rules so they contain four digits.
* Only try to detach the kernel driver if it's attached. For libusb-1.0
* Let import config report errors properly.
2014-11-14 21:19:16 +00:00
pettai
15a33f1b8c Version 1.16.0 (released 2014-09-26)
* Add yk_get_key_vid_pid() to get the vendor and product id of a key.
* Add flags for ykinfo to print vendor and product id.
* Fix a bug in the osx backend where it would return an error opening
a composite device with two hid interfaces.
2014-11-10 22:36:26 +00:00
pettai
f95403a118 Version 1.15.3 (released 2014-09-04)
* Fix URLs for opensource.y.com -> developers.y.com move.
* Whitelist firmware version 3.3 and detect new PIDs.

Version 1.15.2 (released 2014-07-30)

* Whitelist firmware version 2.5
* Read key when importing configuration.
* Fix formatting error in information about what is written to key.
* Check return codes when doinf NDEF writes.
2014-09-27 19:46:51 +00:00
pettai
430469d281 Version 1.15.1 (released 2014-03-12)
* Add -6 and -8 flags to ykchalresp to output the response as a truncated
OATH code.
* Add -t to ykchalresp to use current time / 30 as challenge in TOTP
fashion.
* Fix for a crash in the libusb-0.1 backend.

Version 1.15.0 (released 2014-01-10)

* add new Neo version 3.2 as supported.
* let ykp_AES_key_from_password() return error if it can't get a random
  salt.
* let -a without option mean ask for raw key on STDIN.
* let no -a given mean generate a random key
* add ykp_AES_key_from_raw() and ykp_HMAC_key_from_raw() that sets the
key from a byte array.
* remove -osalt= and possibility to generate key from password.
* add YK_ENODATA that's returned when no data is returned from
  the device and no other underlying error is set.
2014-03-13 22:17:59 +00:00
pettai
ceb37c80a1 Version 1.14.1 (released 2013-09-16)
* Fix breakage with latest automake.
2013-12-05 13:05:31 +00:00
pettai
7c9683c670 Version 1.14.0 (released 2013-07-04)
* Fixups of import/export.
  Add targetConfig to show in which slot a configuration is intended.
  Possible memory leaks on error conditions.
* Add -d switch to ykpersonalize for dry-run.
* Add ykp_clear_config() for clearing configuration flags.
* Add getter functions for all configuration flags.
* Add -V to all tools to output version.
* Add ykp_get_acccode_type() and ykp_set_acccode_type()
  Only to do with export, showing where the access code came from
  in the ycfg.
* Add -1 and -2 options to ykinfo to show programming state.
2013-09-14 07:06:29 +00:00
pettai
581714b5da Version 1.13.0 (released 2013-04-22)
* Added import/export of ycfg-json format.
  Invoke with -fjson to -s or -i
  Add exported functions ykp_export_config() and ykp_import_config()
* Fixup output of flags when using ykp_write_config()
* Add binary builds for mac.
* Minor cleanups noticed during debian packaging.

Version 1.12.0 (released 2013-03-14)

* Recognize firmwares 2.4 and 3.1.
* Add support for setting the new extflag LED_INV
  When set the behaviour of the led on the YubiKey is inversed.

(Moved HOMEPAGE and MASTER_SITES to the new GitHub project URLs)
2013-06-16 09:39:07 +00:00
pettai
7fc4e03950 Version 1.11.3 (released 2013-01-09)
* Fixup of broken release.

Version 1.11.2 (released 2013-01-09)

* Fix a bug where writing a NDEF with unknown prefix ended up writing invalid
  data to the YubiKey NEO. Wrote prefix as 0x24 instead of 0x00.
* Don't allow opening a YubiKey if there's more than one present in the system.
* Fix shared linking of ykinfo and ykchalresp.

Version 1.11.1 (released 2012-12-21)

* Implement ykusb_strerror() on windows.
* Fix a bug where a YubiKey would fail to be recognized if there was
  another device from Yubico (vendor id 1050) inserted and looked at
  before in the device chain.
* Fix a bug where you could only set 8 bytes of the public id with
  the command line tool, now all 16 bytes can be set.
* Documentation updates and fixes.

Version 1.11.0 (released 2012-12-12)

* Added version symbols and functions.
  The header file is "ykpers-version.h" and it contains the following
  symbols and functions: YKPERS_VERSION_STRING, YKPERS_VERSION_NUMBER,
  YKPERS_VERSION_MAJOR, YKPERS_VERSION_MINOR, YKPERS_VERSION_PATCH,
  ykpers_check_version.

Version 1.10.0 (released 2012-12-11)

* Support for the new productId of the production Neo.
  Has ProducId 0x110, 0x111 or 0x112 depending on mode (see the notes about
  -m and device_config).
* Add support for SLOT_NDEF2.
  Use SLOT_NDEF to emit slot 1 as NDEF or SLOT_NDEF2 to emit slot 2.
  This also adds the function yk_write_ndef2() that takes a slot parameter.
* Add -m flag for ykpersonalize, set usb mode of YubiKey NEO.
  0 means pure YubiKey mode, 1 means pure CCID mode and 2 means YubiKey/CCID
  composite mode. Add 80 to set EJECT_FLAG.
  To use this with the api, see the functions:
  ykp_alloc_device_config(), ykp_free_device_config(), ykp_set_device_mode(),
  ykp_set_device_chalresp_timeout(), ykp_set_device_autoeject_time() and
  yk_write_device_config().
* Add -S flag for ykpersonalize, set the scanmap of the YubiKey NEO.
  Take an 90 character string describing 45 scancodes. See man page for more
  info. To use this with the api see yk_write_scan_map().
* In the api add ykp_ndef_as_text() to export the text from a YK_NDEF structure.
* Higher timeout for configuration writes as in particular swap can take
  longer than 600 ms.
2013-03-16 20:07:29 +00:00
pettai
7582a13fae Version 1.9.0 (released 2012-11-08)
* ykinfo: New tool to print information about YubiKey.
* ykpersonalize: Add -z flag to zap configuration on YubiKey.
* Fix PBKDF2 implementation.
2012-11-19 11:40:27 +00:00
pettai
c31c20c66d Version 1.8.2 (released 2012-10-17)
* Add udev rules files to packed distribution.

Version 1.8.1 (released 2012-10-17)

* Memory leak fixes and potential crash fixes in osx backend.
* Error reporting fixes in osx backend, reporting correct errors and
  better errors.
* Provide new another udev permissions file that works on udev version
  greater than 188. Autodetects from configure which to use.
* Add new binary ykinfo, can be used to get serial number, version and
  touch level from a YubiKey.

Version 1.8.0 (released 2012-09-28)

* Added ./configure --enable-gcc-warnings to enable a lot of warnings.
* Added Continuous integration at travis-ci
  (http://travis-ci.org/#!/Yubico/yubikey-personalization)
* Added yk_challenge_response() function for doing challenge response
  with a key.
* Fixed functions for NDEF writing, adding:
  ykp_ndef_alloc(), ykp_ndef_free() and ykp_set_ndef_access_code()
  also providing compatible name YK_NDEF in ykcore.h and exporting
  yk_write_ndef() there.
  Change return values from ndef_construct_*() functions to make them
  consistent with the rest of the library.
* Fixed a crash bug when the library was called from different threads.
* Check return code from libusb_init() so we avoid crashing there.
  Also use a usb context instead of relying on default.
* Fix numerous warnings.
* Fix compilation in MSVC2010.

Version 1.7.0 (released 2012-06-07)

* Add support for new features in YubiKey 2.3:
  ALLOW_UPDATE flag that allows updating of configuration in slots.
  Update command (-u) to do update of existing config.
  Swap command (-x) to swap contents of two updatable slots
  DORMANT flag that's settable/removable if ALLOW_UPDATE is set
  USE_NUMERIC_KEYPAD flag for sending the OATH OTP using keypad scan codes
  instead
  FAST_TRIG flag for faster triggering of slot one if slot two is empty
* Change the library around some to make the 2.3 features available.
  Use ykp_alloc() instead of ykp_create_config().
  Use ykp_configure_version() instead of ykp_configure_for() to set the version.
  Use ykp_configure_command() instead of ykp_configure_for() to set slot.
  Use yk_write_command() instead of yk_write_config().
  The new commands doesn't set any default configuration at all.
* Add library support for the YubiKey NEO beta
  ykp_construct_ndef_uri() for preparing a URI to write.
  ykp_construct_ndef_text() for preparing a text to write.
  yk_write_ndef() to write the constructed NDEF.
* Add support for the YubiKey NEO beta
  Writing NDEF URI with -n http://example.com/foo/
  Writing NDEF Text record with -t example
2012-11-10 20:53:43 +00:00
asau
1a433eae91 Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-23 18:16:19 +00:00
pettai
eac69ed19e Version 1.6.4 (released 2012-05-24)
* Implement option -ooath-id to easily set OATH token identifier.

 * Fix numerous compiler warnings from clang. Thanks to
   Clemens Lang <neverpanic@gmail.com>.
2012-06-16 20:38:51 +00:00
dholland
c341067e40 Makefile is not MAKE_JOBS_SAFE as shipped. Patch it up, since it doesn't
appear to require or be using gmake.
2012-03-19 03:07:45 +00:00
pettai
eda68f4360 The YubiKey Personalization package contains a library and
command line tool used to personalize (i.e., set a AES key) YubiKeys.

Imported from pkgsrc-wip
2012-03-13 15:30:07 +00:00