security/yubico-piv-tool: update to 2.7.1

Fri, 03 Jan 2025 16:15:26 -0800 

https://developers.yubico.com/yubico-piv-tool/Release_Notes.html

Version 2.7.1 (released 2024-12-19)
    ykpiv: Fix type casting issues affecting systems using Big-endian 
architecture
Version 2.7.0 (released 2024-12-19)
    ykpiv: cmd: Add support for communication over a secure channel according 
to SCP11b specifications
    ykpiv: cmd: Add support for device global reset
Version 2.6.1 (released 2024-09-12)
    cmd: Fix performing bio verification
    ykcs11: Fix handling ED25519 and X25519 keys
Version 2.6.0 (released 2024-08-21)
    cmd: Add support for biometric verification and match policy
    ykcs11: Add support for PKCS11 3.0
    ykpiv: cmd: ykcs11: Improve error traceability
    ykpiv: cmd: ykcs11: Fix minor bugs
    build: Make building with zlib optional

Doesn't help with the crash, though, which is the only thing I've used/tested.

100% tests passed, 0 tests failed out of 9

For tests the shared lib instead of just programs needs to link pthread now,
otherwise I didn't change/fix anything.

Tests?

Index: Makefile
===================================================================
RCS file: /cvs/ports/security/yubico/yubico-piv-tool/Makefile,v
diff -u -p -r1.11 Makefile
--- Makefile    25 Jul 2024 15:11:51 -0000      1.11
+++ Makefile    3 Jan 2025 23:29:53 -0000
@@ -3,10 +3,10 @@ COMMENT=      Yubico Personal Identity Verifi
 HOMEPAGE=      https://developers.yubico.com/yubico-piv-tool/
 
 YK_PROJECT=    yubico-piv-tool
-DISTNAME=      yubico-piv-tool-2.5.2
+DISTNAME=      yubico-piv-tool-2.7.1
 
-SHARED_LIBS +=  ykcs11                    1.0
-SHARED_LIBS +=  ykpiv                     2.0
+SHARED_LIBS +=  ykcs11                    1.1
+SHARED_LIBS +=  ykpiv                     3.0
 
 CATEGORIES=    sysutils
 
Index: distinfo
===================================================================
RCS file: /cvs/ports/security/yubico/yubico-piv-tool/distinfo,v
diff -u -p -r1.5 distinfo
--- distinfo    25 Jul 2024 15:11:51 -0000      1.5
+++ distinfo    3 Jan 2025 23:16:32 -0000
@@ -1,2 +1,2 @@
-SHA256 (yubico-piv-tool-2.5.2.tar.gz) = 
kY52utmUY9wKhYpHcexnSlefrShNmdkMV/uc9E+wWbg=
-SIZE (yubico-piv-tool-2.5.2.tar.gz) = 1324642
+SHA256 (yubico-piv-tool-2.7.1.tar.gz) = 
mBMZClwlYO9/6AGMA2FAkekR4FlsWFPvJcgs2Sg6REs=
+SIZE (yubico-piv-tool-2.7.1.tar.gz) = 1361900
Index: patches/patch-common_util_c
===================================================================
RCS file: 
/cvs/ports/security/yubico/yubico-piv-tool/patches/patch-common_util_c,v
diff -u -p -r1.2 patch-common_util_c
--- patches/patch-common_util_c 25 Jul 2024 15:11:51 -0000      1.2
+++ patches/patch-common_util_c 3 Jan 2025 23:20:07 -0000
@@ -3,7 +3,7 @@ Do not reach into X509_ALGOR.
 Index: common/util.c
 --- common/util.c.orig
 +++ common/util.c
-@@ -383,6 +383,7 @@ bool set_component(unsigned char *in_ptr, const BIGNUM
+@@ -391,6 +391,7 @@ bool set_component(unsigned char *in_ptr, const BIGNUM
  bool prepare_rsa_signature(const unsigned char *in, unsigned int in_len, 
unsigned char *out, unsigned int *out_len, int nid) {
    X509_SIG *digestInfo;
    X509_ALGOR *algor;
@@ -11,7 +11,7 @@ Index: common/util.c
    ASN1_OCTET_STRING *digest;
    unsigned char data[1024] = {0};
  
-@@ -393,8 +394,8 @@ bool prepare_rsa_signature(const unsigned char *in, un
+@@ -401,8 +402,8 @@ bool prepare_rsa_signature(const unsigned char *in, un
  
    digestInfo = X509_SIG_new();
    X509_SIG_getm(digestInfo, &algor, &digest);
Index: patches/patch-tool_yubico-piv-tool_c
===================================================================
RCS file: 
/cvs/ports/security/yubico/yubico-piv-tool/patches/patch-tool_yubico-piv-tool_c,v
diff -u -p -r1.6 patch-tool_yubico-piv-tool_c
--- patches/patch-tool_yubico-piv-tool_c        25 Jul 2024 15:11:51 -0000      
1.6
+++ patches/patch-tool_yubico-piv-tool_c        3 Jan 2025 23:20:07 -0000
@@ -10,7 +10,7 @@ Index: tool/yubico-piv-tool.c
  static int ec_key_ex_data_idx = -1;
  
  struct internal_key {
-@@ -872,7 +872,7 @@ static bool request_certificate(ykpiv_state *state, en
+@@ -891,7 +891,7 @@ static bool request_certificate(ykpiv_state *state, en
    int key = 0;
    size_t oid_len = 0;
    const unsigned char *oid = NULL;
@@ -19,7 +19,7 @@ Index: tool/yubico-piv-tool.c
    unsigned char digest[EVP_MAX_MD_SIZE + MAX_OID_LEN] = {0};
    unsigned int md_len;
    unsigned int digest_len;
-@@ -983,7 +983,7 @@ static bool request_certificate(ykpiv_state *state, en
+@@ -1002,7 +1002,7 @@ static bool request_certificate(ykpiv_state *state, en
      goto request_out;
    }
  
@@ -28,7 +28,7 @@ Index: tool/yubico-piv-tool.c
    null_parameter.type = V_ASN1_NULL;
    null_parameter.value.ptr = NULL;
  
-@@ -1108,7 +1108,7 @@ request_out:
+@@ -1127,7 +1127,7 @@ request_out:
      fclose(output_file);
    }
    EVP_PKEY_free(public_key);
@@ -37,7 +37,7 @@ Index: tool/yubico-piv-tool.c
    if(req) {
      if(req->sig_alg->parameter) {
        req->sig_alg->parameter = NULL;
-@@ -1341,7 +1341,7 @@ static bool selfsign_certificate(ykpiv_state *state, e
+@@ -1360,7 +1360,7 @@ static bool selfsign_certificate(ykpiv_state *state, e
      }
    }
  
@@ -46,7 +46,7 @@ Index: tool/yubico-piv-tool.c
    unsigned char digest[EVP_MAX_MD_SIZE + MAX_OID_LEN] = {0};
    unsigned char *signinput;
    size_t len = 0;
-@@ -1466,7 +1466,7 @@ selfsign_out:
+@@ -1485,7 +1485,7 @@ selfsign_out:
    if(output_file && output_file != stdout) {
      fclose(output_file);
    }
Index: patches/patch-ykcs11_CMakeLists_txt
===================================================================
RCS file: patches/patch-ykcs11_CMakeLists_txt
diff -N patches/patch-ykcs11_CMakeLists_txt
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ patches/patch-ykcs11_CMakeLists_txt 3 Jan 2025 23:26:36 -0000
@@ -0,0 +1,12 @@
+Index: ykcs11/CMakeLists.txt
+--- ykcs11/CMakeLists.txt.orig
++++ ykcs11/CMakeLists.txt
+@@ -73,7 +73,7 @@ endif(BUILD_STATIC_LIB)
+ 
+ # dynamic library
+ add_library(ykcs11_shared SHARED ${SOURCE})
+-target_link_libraries(ykcs11_shared ${LIBCRYPTO_LDFLAGS} ykpiv_shared)
++target_link_libraries(ykcs11_shared ${LIBCRYPTO_LDFLAGS} ykpiv_shared pthread)
+ set_target_properties(ykcs11_shared PROPERTIES SOVERSION ${SO_VERSION} 
VERSION ${VERSION})
+ if (${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
+     set_target_properties(ykcs11_shared PROPERTIES INSTALL_RPATH 
"${YKPIV_INSTALL_LIB_DIR}")
Index: patches/patch-ykcs11_tests_CMakeLists_txt
===================================================================
RCS file: patches/patch-ykcs11_tests_CMakeLists_txt
diff -N patches/patch-ykcs11_tests_CMakeLists_txt
--- patches/patch-ykcs11_tests_CMakeLists_txt   9 Mar 2023 12:31:05 -0000       
1.1
+++ /dev/null   1 Jan 1970 00:00:00 -0000
@@ -1,12 +0,0 @@
-Index: ykcs11/tests/CMakeLists.txt
---- ykcs11/tests/CMakeLists.txt.orig
-+++ ykcs11/tests/CMakeLists.txt
-@@ -50,7 +50,7 @@ if(NOT DEFINED SKIP_TESTS)
-     )
- 
-     add_executable(test_ykcs11 ${SOURCE_YKCS11_TESTS})
--    target_link_libraries(test_ykcs11 ykcs11_shared ${LIBCRYPTO_LDFLAGS})
-+    target_link_libraries(test_ykcs11 ykcs11_shared ${LIBCRYPTO_LDFLAGS} 
pthread)
- 
-     add_test(
-         NAME test_ykcs11

Reply via email to