yubico-piv-tool/yubico-piv-tool.changes

-------------------------------------------------------------------
Tue Aug 28 09:37:34 UTC 2018 - kbabioch@suse.com

- Version 1.6.1 (released 2018-08-17)
  - Compilation warning fixes for OpenSSL 1.1 builds
  - Fix length when encoding exactly 0xff bytes
  - Check length of objects correctly before storing in buffer
  - Check length of certificate correctly when storing
- Version 1.6.0 (released 2018-08-08)
  - Security release to mitigate YSA-2018-03 (YSA-2018-03, CVE-2018-14779,
    CVE-2018-14780, bsc#1104809, bsc#1104811)
  - Allow building against LibreSSL
  - Bugfixes in OpenSSL 1.1 code
  - Fix compilation warnings
  - Fix ykcs11 key generation to work with OpenSSL 1.1
  - Ykcs11 compatibility fixes
- Make use of %license macro instead of %doc for COPYING
- Applied spec-cleaner

-------------------------------------------------------------------
Thu Nov 30 15:14:13 UTC 2017 - t.gruner@katodev.de

- Version 1.5.0 (released 2017-11-29)
  - API additions: Higher-level "util" API added to libykpiv.
  - Added ykpiv_attest(), ykpiv_get_pin_retries(), ykpiv_set_pin_retries()
  - Added functions for using existing PCSC card handle.
  - Support using custom memory allocator.
  - Documentation updates. make doxygen for HTML format.
  - Expanded automated tests for hardware devices, moved to make hwcheck.
  - OpenSSL 1.1 support
  - Moderate internal refactoring. Many small bugs fixed.

-------------------------------------------------------------------
Wed Nov 15 19:19:15 UTC 2017 - t.gruner@katodev.de

- Version 1.4.4 (released 2017-10-17)
  - Documentation updates.
  - Add pin caching to work around disconnect problems.
  - Disable RSA key generation on YubiKey 4 before 4.3.5. See https://yubi.co/ysa201701/ for details.

-------------------------------------------------------------------
Mon May 29 14:46:53 UTC 2017 - t.gruner@katodev.de

- Version 1.4.3 (released 2017-04-18)
  - Encode RSA x509 certificates correctly.
  - Documentation updates.
  - In ykcs11 return CKA_MODULUS correctly for private keys.
  - In ykcs11 fix for signature size approximation.
  - Fix PSS signatures in ykcs11.
  - Add a CLI flag --stdin-input to make batch execution easier.

-------------------------------------------------------------------
Wed Aug 17 14:03:58 UTC 2016 - t.gruner@katodev.de

- Version 1.4.2 (released 2016-08-12)
  - Clarify license headers and clean up YKCS11 licensing. Now uses pkcs11.h from the Scute project.
  - Don’t install ykcs11-version.h.
  - No cflags in ykcs11.pc.
  - Unimplemented YKCS11 functions now return CKR_FUNCTION_FAILED.

- Version 1.4.1 (released 2016-08-11)
  - Documentation updates
  - Add possibility to export certificates in SSH format.
  - Make certificate serial number random by default.

-------------------------------------------------------------------
Tue May 17 14:55:42 UTC 2016 - t.gruner@katodev.de

- Version 1.4.0 (released 2016-05-03)
  - Add attest action When used on a slot with a generated key, 
    outputs a signed x509 certificate for that slot showing that
    the key was generated in hardware. Available in firmware 4.3.0 and newer.
  - Add cached parameter for touch-policy With cached, the touch is valid
    for an additional 15s. Available in firmware 4.3.0 and newer.
  - Enforce a minimum PIN length of 6 characters.
  - Fix a bug with list-readers action where it fell through processing into write-object.

-------------------------------------------------------------------
Mon Apr 25 20:04:14 UTC 2016 - t.gruner@katodev.de

- Version 1.3.1 (released 2016-04-19)
  - Fix a bug where unblock pin would instead change puk, introduced in 1.3.0.
  - Clarifications with help texts.

- Version 1.3.0 (released 2016-02-19)
  - Fixed extraction of RSA modulus and exponent for pkcs11.
  - Implemented C_SetPIN for pkcs11.
  - Add generic write and read object actions for the tool. Supports hex/binary/base64 formats
  - Add ykpiv_change_pin(), ykpiv_change_puk() and ykpiv_unblock_pin()
  - Print CCC with status action.
  - Address bugs with pkcs11 on windows.
  - Add --valid-days and --serial to tool for selfsign-certificate action.
  - Ask for password for pkcs12 if none is given.

-------------------------------------------------------------------
Fri Dec 11 08:12:48 UTC 2015 - t.gruner@katodev.de

- Version 1.2.2 (released 2015-12-08)
  - Fix old buffer overflow in change-pin functionality.

- Version 1.2.1 (released 2015-12-08)
   -Fix issue with big certificates and status.

- Version 1.2.0 (released 2015-12-07)
  - On OSX use @loader_path instead of @executable_path for ykcs11.
  - Add ykpiv_import_private_key to libykpiv.
  - Raise buffer sizes to support bigger objects.
  - Change behavior of action status, only list populated slots.
  - Add retired keys to ykcs11.
  - In ykcs11 support login with non null terminated pin.
  - Add a new action set-ccc to yubico-piv-tool to set the CCC.

-------------------------------------------------------------------
Wed Nov 18 20:57:56 UTC 2015 - t.gruner@katodev.de

- Version 1.1.2 (released 2015-11-13)
  - Properly handle DER encoding in ECDSA signatures. 

-------------------------------------------------------------------
Thu Nov 12 14:30:09 UTC 2015 - t.gruner@katodev.de

- Version 1.1.1 (released 2015-11-11)
  - Make sure SCardContext is properly acquired and released.

-------------------------------------------------------------------
Fri Nov  6 21:05:07 UTC 2015 - t.gruner@katodev.de

- Version 1.1.0 (released 2015-11-06)
  - Add support for new YubiKey 4.
  - Add ykcs11. 

-------------------------------------------------------------------
Tue Oct 13 07:47:50 UTC 2015 - t.gruner@katodev.de

- Add dependencive in .spec file

-------------------------------------------------------------------
Thu Oct  1 21:18:34 UTC 2015 - t.gruner@katodev.de

- Version 1.0.3 (released 2015-10-01)
  - Correct wording on unblock-pin action.
  - Show pin retries correctly.
  - Use a bigger buffer for receiving data.

-------------------------------------------------------------------
Tue Sep 15 13:32:27 UTC 2015 - t.gruner@katodev.de

- Version 1.0.2 (released 2015-09-04)
  - Query for different passwords/pins on stdin if they’re not supplied.
  - If a reader fails continue trying matching readers.
  - Authentication failed is supposed to be 0x63cX not 0x630X.

-------------------------------------------------------------------
Sat Jul 11 14:49:43 UTC 2015 - t.gruner@katodev.de

- Version 1.0.1 (released 2015-07-10)
  - Project relicensed to 2-clause BSD license
  - Minor fixes found with clang scan-build

-------------------------------------------------------------------
Wed Jul  8 21:14:24 UTC 2015 - t.gruner@katodev.de

- Version 1.0.0 (released 2015-06-23)
  - Add a test-decipher action.
  - Check that e is 0x10001 on importing rsa keys
  - Use PCSC transactions when sending and receiving data 

-------------------------------------------------------------------
Mon Apr 27 16:22:36 UTC 2015 - cdenicolo@suse.com

- license update: GPL-3.0+
  COPYING files says package is under GPL-3.0+. 

-------------------------------------------------------------------
Thu Mar 26 12:47:38 UTC 2015 - t.gruner@katodev.de

- Version 0.1.6 (released 2015-03-23)
    Add a read-certificate action to the tool.
    Add a status action to the tool.
    Fix a library bug so NULL can be passed to ykpiv_verify()
    Add a test-signature action to the tool.

-------------------------------------------------------------------
Mon Feb  9 14:54:37 UTC 2015 - t.gruner@katodev.de

- Version 0.1.5 (released 2015-02-04)
    Revert the check for parity and just set parity before the weak check. 

-------------------------------------------------------------------
Tue Feb  3 13:43:10 UTC 2015 - t.gruner@katodev.de

- Version 0.1.4 (released 2015-02-02)
    Prompt for input if input is stdin.
    Mark all bits of the signature as used is certs and requests.
    Correct error for unblock-pin.
    Fix hex decode to decode capital letters and return error.
    Check parity of new management keys.

-------------------------------------------------------------------
Fri Jan 23 07:47:58 UTC 2015 - t.gruner@katodev.de

- Version 0.1.3 (released 2014-12-18)
    Add format DER for importing certificates.
    Make sure diagnostic feedback ends up on stderr.
    Add positive feedback for a couple of actions.

- Version 0.1.2 (released 2014-11-14)
    Fix an issue where shorter component of RSA keys where not packed correctly.

- Version 0.1.1 (released 2014-11-10)
    Correct broken CHUID that made windows work inconsistently.
    Add support for compressed certificates.
    Fix broken unblock-pin action.
    Don’t try to accept to short keys for mgm key.
    Only do applet authentication if needed.
    Add --hash for selecting what hash to use for signatures.
    Add hidden --sign command. Should probably not be used.
    Fix for signature algorithm in selfsigned cert.

- Version 0.1.0 (released 2014-08-25)
    Break out functionality into a library.
    More testing.

- Version 0.0.3 (released 2014-05-26)
   Add delete-certificate action.
   Fix minor bugs.

- Version 0.0.2 (released 2014-02-19)
    Fix an offset bug with CHUID.
    Do full mutual auth with the applet.

- Version 0.0.1 (released 2014-02-11)
    Initial release.