Hi, Since master has 4.0.1 and CVE is impacting:
https://nvd.nist.gov/vuln/detail/CVE-2023-22745 "Up to (including) 4.0.0" then I guess master branch and 4.0.1 is not impacted. Would be nice to have this info in commit message though. Cheers, -Mikko On Mon, May 08, 2023 at 03:23:34PM +0200, Peter Marko via lists.yoctoproject.org wrote: > Changelog: > 3.2.2 > A buffer overflow in tss2-rc as CVE-2023-22745. > The drv layer in tss2-rc should have been the policy layer. > Spec deviation in Fapi_GetDescription caused description to be NULL when > it should be empty string. > This is API breaking but considered a bug since it deviated from the FAPI > spec. > FAPI: undefined reference to curl_url_strerror when using curl less than > 7.80.0. > 3.2.1 > Makefile.am: make all EXTRA_DIST includes unconditional to fix pristine > tars > Fix usage of NULL pointer if Esys_TR_SetAuth is calles with ESYS_TR_NONE. > Store VERSION into the release tarball. > fapi: fix usage of policy_nv with a TPM nv index. > Tss2_Sys_Flushcontext: flushHandle was encoded as a handleArea handle and > not as parameter one, this affected the contents of cpHash. > linking tcti for libtpms against tss2-tctildr. It should be linked > against tss2-mu. > build: Remove erroneous trailing comma in linker option. Bug #2391. > esys: fix allow usage of HMAC sessions for Esys_TR_FromTPMPublic. > test: build with opaque FILE structure like in musl libc. > Usage of a second profile in a path was not possible because the default > profile was always used. > FAPI: Fix provisioning if auth value for storage hierarchy was set. > FAPI: Fix recreation of EK. > FAPI: Fix usage of lockout auth value in Fapi_Provison. > FAPI: Fix loading of key in policy execution. > FAPI: Fix Fapi_ChangeAuth updates on hierarchy objects not being > reflected across profiles. > Esys_PCR_SetAuthValue: remembers the auth like other SetAutg ESAPI > functions. > tests: esys-pcr-auth-value.int moved to destructive tests. > FAPI: Fix double free if keystore is corrupted. > Spec deviation in Fapi_GetDescription caused description to be NULL when > it should be empty string. > This is API breaking but considered a bug since it deviated from the > FAPI spec. > > Signed-off-by: Peter Marko <peter.ma...@siemens.com> > --- > .../tpm2-tss/{tpm2-tss_3.2.0.bb => tpm2-tss_3.2.2.bb} | 7 +------ > 1 file changed, 1 insertion(+), 6 deletions(-) > rename meta-tpm/recipes-tpm2/tpm2-tss/{tpm2-tss_3.2.0.bb => > tpm2-tss_3.2.2.bb} (91%) > > diff --git a/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.2.0.bb > b/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.2.2.bb > similarity index 91% > rename from meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.2.0.bb > rename to meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.2.2.bb > index 8440bb9..9b76c2f 100644 > --- a/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.2.0.bb > +++ b/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.2.2.bb > @@ -10,7 +10,7 @@ SRC_URI = > "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN > file://fixup_hosttools.patch \ > " > > -SRC_URI[sha256sum] = > "48305e4144dcf6d10f3b25b7bccf0189fd2d1186feafd8cd68c6b17ecf0d7912" > +SRC_URI[sha256sum] = > "ba9e52117f254f357ff502e7d60fce652b3bfb26327d236bbf5ab634235e40f1" > > inherit autotools pkgconfig systemd useradd > > @@ -26,11 +26,6 @@ USERADD_PACKAGES = "${PN}" > GROUPADD_PARAM:${PN} = "--system tss" > USERADD_PARAM:${PN} = "--system -M -d /var/lib/tpm -s /bin/false -g tss tss" > > -do_configure:prepend() { > - # do not extract the version number from git > - sed -i -e 's/m4_esyscmd_s(\[git describe --tags --always > --dirty\])/${PV}/' ${S}/configure.ac > -} > - > do_install:append() { > # Remove /run as it is created on startup > rm -rf ${D}/run > -- > 2.30.2 > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#59904): https://lists.yoctoproject.org/g/yocto/message/59904 Mute This Topic: https://lists.yoctoproject.org/mt/98760863/21656 Group Owner: yocto+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
