Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package yubico-piv-tool
The latest upstream release contains security-critical changes (see #926551).
I apologise for the larger-than-necessary diff, which includes some packaging
changes that were pending upload :(
The debdiff is enclosed; it isn't authoritative, as the package still needs to
be uploaded to sid (I accidentally let my signing key expire while ill, so this
is waiting on a sponsored upload...)
Best,
nicoo
unblock yubico-piv-tool/1.7.0-1
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-2-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL
set to en_US.UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set
to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff -Nru yubico-piv-tool-1.6.2/ChangeLog yubico-piv-tool-1.7.0/ChangeLog
--- yubico-piv-tool-1.6.2/ChangeLog 2018-09-14 09:33:28.0 +0200
+++ yubico-piv-tool-1.7.0/ChangeLog 2019-04-03 09:53:53.0 +0200
@@ -1,3 +1,156 @@
+2019-04-03 Klas Lindfors
+
+ * NEWS, configure.ac: NEWS for 1.7.0
+
+2019-04-03 Klas Lindfors
+
+ * : commit 7b64528cf7ba87e803a3ed29c8ca877e88796e24 Author: Dave
+ Pate Date: Tue Jan 22 13:59:06 2019 -0800
+
+2019-01-22 Dave Pate
+
+ * lib/internal.h, lib/ykpiv.c: lib: tlv length buffer checks
+
+2019-01-22 Dave Pate
+
+ * lib/util.c: lib: handle realloc failures safely
+
+2019-01-22 Dave Pate
+
+ * lib/util.c: lib: clear secrets in set_protected_mgm
+
+2019-01-22 Dave Pate
+
+ * lib/ykpiv.c: lib: clear secrets in ykpiv_import_private_key
+
+2019-01-21 Dave Pate
+
+ * lib/internal.h, lib/util.c: lib: correct zero memory defines,
+ correct overflow checks in _write_certificate
+
+2019-01-17 Dave Pate
+
+ * lib/ykpiv.c: lib: clear secrets in auth api
+
+2019-01-17 Dave Pate
+
+ * lib/ykpiv.c: lib: check that serial/version checks occur during
+ select
+
+2019-01-07 Dave Pate
+
+ * lib/internal.c, lib/internal.h, lib/ykpiv.c: lib: define constant
+ for max pin len magic numbers lib: clear pin buffers when no longer
+ used
+
+2019-01-07 Dave Pate
+
+ * lib/ykpiv.c: lib: check internal authentication crypt errors
+
+2019-01-07 Dave Pate
+
+ * lib/internal.c, lib/ykpiv.c: lib: clear buffers containing key
+ material
+
+2019-01-07 Dave Pate
+
+ * lib/internal.h, lib/util.c: lib: use secure zero memory platform
+ functions
+
+2019-01-07 Dave Pate
+
+ * lib/util.c, lib/ykpiv.c: lib: resolves potential reads of
+ uninitialized data
+
+2019-03-06 pedro martelletto
+
+ * doc/YubiKey_PIV_introduction.adoc: doc: set LC_CTYPE=C; fixes
+ ef81d164 on MacOS
+
+2019-03-06 Alessio Di Mauro
+
+ * : Merge pull request #187 from Yubico/pvs_remove_warnings Remove some
warnings
+
+2019-03-06 Gabriel Kihlman
+
+ * ykcs11/ykcs11.c: Do not assign variable twice
+
+2019-03-06 Gabriel Kihlman
+
+ * ykcs11/ykcs11.c: Remove duplicate check on op_info.type !=
+ YKCS11_SIGN
+
+2019-03-05 Klas Lindfors
+
+ * : commit ef81d1646536d5d9f2056cdc78a4a1052e8851a7 Author: pedro
+ martelletto Date: Tue Mar 5 07:58:09 2019 +0100
+
+2019-02-20 Alessio Di Mauro
+
+ * : Merge PR#184
+
+2019-02-18 Klas Lindfors
+
+ * windows.mk: bump openssl version and don't include check binaries
+
+2019-02-15 Alessio Di Mauro
+
+ * : Merge PR#183
+
+2019-02-15 Alessio Di Mauro
+
+ * : Merge PR #182
+
+2019-01-07 Alessio Di Mauro
+
+ * ykcs11/ykcs11.c: ykcs11: use a large enough buffer when writing EC
+ signatures
+
+2019-01-02 Klas Lindfors
+
+ * : commit 811ddbb22d293aea6508d69bb7b98d8386fc8071 Author: Stacey
+ Sheldon Date: Tue Jan 1 01:43:51 2019
+ -0500
+
+2019-01-01 Stacey Sheldon
+
+ * tools/fasc.pl: FASC-N: correct encoding of the packed 4-bit
+ decimal format with odd parity The BCD digits in the FASC-N credential
are sent lsb first followed
+ by an odd parity. Since this perl script is simply packing the bits
+ in their expected order, the encodings should exactly match figure 7
+ in "Technical Implementation Guidance: Smart Card Enabled Physical
+ Access Control Systems Version 2.2".
+
+2018-12-18 Klas Lindfors
+
+ * tools/fasc.pl: fix fasc-n value of 1 relates #177
+
+2018-09-21 Klas Lindfors
+
+ * : commit 898b85821cbfa2c0b841e46d39a45b42e9891bfd Author: Klas
+ Lindfors Date: Tue Sep 18 08:38:57 2018 +0200
+
+