Changelog:
3.2.2
A buffer overflow in tss2-rc as CVE-2023-22745.
The drv layer in tss2-rc should have been the policy layer.
Spec deviation in Fapi_GetDescription caused description to be NULL when it
should be empty string.
This is API breaking but considered a bug since it deviated from the FAPI
spec.
FAPI: undefined reference to curl_url_strerror when using curl less than
7.80.0.
3.2.1
Makefile.am: make all EXTRA_DIST includes unconditional to fix pristine tars
Fix usage of NULL pointer if Esys_TR_SetAuth is calles with ESYS_TR_NONE.
Store VERSION into the release tarball.
fapi: fix usage of policy_nv with a TPM nv index.
Tss2_Sys_Flushcontext: flushHandle was encoded as a handleArea handle and
not as parameter one, this affected the contents of cpHash.
linking tcti for libtpms against tss2-tctildr. It should be linked against
tss2-mu.
build: Remove erroneous trailing comma in linker option. Bug #2391.
esys: fix allow usage of HMAC sessions for Esys_TR_FromTPMPublic.
test: build with opaque FILE structure like in musl libc.
Usage of a second profile in a path was not possible because the default
profile was always used.
FAPI: Fix provisioning if auth value for storage hierarchy was set.
FAPI: Fix recreation of EK.
FAPI: Fix usage of lockout auth value in Fapi_Provison.
FAPI: Fix loading of key in policy execution.
FAPI: Fix Fapi_ChangeAuth updates on hierarchy objects not being reflected
across profiles.
Esys_PCR_SetAuthValue: remembers the auth like other SetAutg ESAPI
functions.
tests: esys-pcr-auth-value.int moved to destructive tests.
FAPI: Fix double free if keystore is corrupted.
Spec deviation in Fapi_GetDescription caused description to be NULL when it
should be empty string.
This is API breaking but considered a bug since it deviated from the
FAPI spec.
Signed-off-by: Peter Marko <peter.ma...@siemens.com>
---
.../tpm2-tss/{tpm2-tss_3.2.0.bb => tpm2-tss_3.2.2.bb} | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
rename meta-tpm/recipes-tpm2/tpm2-tss/{tpm2-tss_3.2.0.bb => tpm2-tss_3.2.2.bb}
(91%)
diff --git a/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.2.0.bb
b/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.2.2.bb
similarity index 91%
rename from meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.2.0.bb
rename to meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.2.2.bb
index 8440bb9..bb48ea0 100644
--- a/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.2.0.bb
+++ b/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.2.2.bb
@@ -10,7 +10,7 @@ SRC_URI =
"https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN
file://fixup_hosttools.patch \
"
-SRC_URI[sha256sum] =
"48305e4144dcf6d10f3b25b7bccf0189fd2d1186feafd8cd68c6b17ecf0d7912"
+SRC_URI[sha256sum] =
"ba9e52117f254f357ff502e7d60fce652b3bfb26327d236bbf5ab634235e40f1"
inherit autotools pkgconfig systemd useradd
@@ -26,11 +26,6 @@ USERADD_PACKAGES = "${PN}"
GROUPADD_PARAM:${PN} = "--system tss"
USERADD_PARAM:${PN} = "--system -M -d /var/lib/tpm -s /bin/false -g tss tss"
-do_configure:prepend() {
- # do not extract the version number from git
- sed -i -e 's/m4_esyscmd_s(\[git describe --tags --always
--dirty\])/${PV}/' ${S}/configure.ac
-}
-
do_install:append() {
# Remove /run as it is created on startup
rm -rf ${D}/run
@@ -93,3 +88,6 @@ FILES:${PN} = "\
${sysconfdir}/sysusers.d"
RDEPENDS:libtss2 = "libgcrypt"
+
+# This is patched in 3.2.2 although NVD DB says "Up to (including) 4.0.0"
+CVE_CHECK_IGNORE += "CVE-2023-22745"
--
2.30.2
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#59905): https://lists.yoctoproject.org/g/yocto/message/59905
Mute This Topic: https://lists.yoctoproject.org/mt/98762712/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
