<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/meta-security.git, branch dunfell-next</title>
<subtitle>Mirror of git.yoctoproject.org/meta-security.git</subtitle>
<id>https://git.enea.com/cgit/linux/meta-security.git/atom?h=dunfell-next</id>
<link rel='self' href='https://git.enea.com/cgit/linux/meta-security.git/atom?h=dunfell-next'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/'/>
<updated>2022-03-17T15:05:50+00:00</updated>
<entry>
<title>tpm2-tools: update to 4.1.3</title>
<updated>2022-03-17T15:05:50+00:00</updated>
<author>
<name>Ralph Siemsen</name>
<email>ralph.siemsen@linaro.org</email>
</author>
<published>2022-03-15T16:23:41+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=91730c85bb99417053f78a123be7591109499666'/>
<id>urn:sha1:91730c85bb99417053f78a123be7591109499666</id>
<content type='text'>
Minor version bump from 4.1.1 to 4.1.3, containing two fixes:

4.1.3 - 2020-06-02
* tpm2_create: Fix issue with userauth attribute being cleared if
policy is specified.

4.1.2 - 2020-05-18
* Fix missing handle maps for ESY3 handle breaks. See #1994.
  https://github.com/tpm2-software/tpm2-tools/pull/1994

Details of changes
https://github.com/tpm2-software/tpm2-tools/commits/4.1.X

Signed-off-by: Ralph Siemsen &lt;ralph.siemsen@linaro.org&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>tpm2-tools: backport fix for CVE-2021-3565</title>
<updated>2022-03-17T15:05:36+00:00</updated>
<author>
<name>Ralph Siemsen</name>
<email>ralph.siemsen@linaro.org</email>
</author>
<published>2022-03-15T16:08:27+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=de4e7fced9f735f3c25277de38cde8454b97b28e'/>
<id>urn:sha1:de4e7fced9f735f3c25277de38cde8454b97b28e</id>
<content type='text'>
tpm2_import used a fixed AES key for the inner wrapper, which means that
a MITM attack would be able to unwrap the imported key. Even the
use of an encrypted session will not prevent this. The TPM only
encrypts the first parameter which is the fixed symmetric key.

To fix this, ensure the key size is 16 bytes or bigger and use
OpenSSL to generate a secure random AES key.

Upstream commit (with offset adjusted)
https://github.com/tpm2-software/tpm2-tools/commit/c069e4f179d5e6653a84fb236816c375dca82515

Signed-off-by: Ralph Siemsen &lt;ralph.siemsen@linaro.org&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>apparmor: fix QA warning with systemd enabled</title>
<updated>2020-10-17T15:54:49+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster808@gmail.com</email>
</author>
<published>2020-10-17T15:54:49+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=c74cc97641fd93e0e7a4383255e9a0ab3deaf9d7'/>
<id>urn:sha1:c74cc97641fd93e0e7a4383255e9a0ab3deaf9d7</id>
<content type='text'>
ERROR: apparmor-2.13.4-r0 do_package: QA Issue: apparmor: Files/directories were installed but not shipped in any package:
  /usr/lib/systemd
  /usr/lib/systemd/system
  /usr/lib/systemd/system/apparmor.service

Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>apparmor: fix issue with older use of shell in make</title>
<updated>2020-10-17T15:24:04+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster808@gmail.com</email>
</author>
<published>2020-10-17T15:24:04+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=71fb4e16b33b139b5ec1ce38e8cfc5b383efa714'/>
<id>urn:sha1:71fb4e16b33b139b5ec1ce38e8cfc5b383efa714</id>
<content type='text'>
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>README: updated branch for Dunfell</title>
<updated>2020-10-17T14:16:48+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster808@gmail.com</email>
</author>
<published>2020-10-02T04:41:09+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=a8340f10ead7d36d2dd06e0e17a9025bd4d4cc7d'/>
<id>urn:sha1:a8340f10ead7d36d2dd06e0e17a9025bd4d4cc7d</id>
<content type='text'>
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>ibmswtpm2: fix QA warning</title>
<updated>2020-10-17T01:47:51+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster808@gmail.com</email>
</author>
<published>2020-10-17T01:47:51+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=16b5bdec29cdb1f281007ad7e087b88235a4e1a9'/>
<id>urn:sha1:16b5bdec29cdb1f281007ad7e087b88235a4e1a9</id>
<content type='text'>
ibmswtpm2 doesn't have GNU_HASH (didn't pass LDFLAGS?) [ldflags

Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>layer.conf: use += instead of := to update BBFILES</title>
<updated>2020-10-16T14:25:01+00:00</updated>
<author>
<name>Sajjad Ahmed</name>
<email>sajjad_ahmed@mentor.com</email>
</author>
<published>2020-10-15T09:41:39+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=4963043a05da763f5a92b21911c0b8940deb28f9'/>
<id>urn:sha1:4963043a05da763f5a92b21911c0b8940deb28f9</id>
<content type='text'>
Updating BBFILES with := isn't the standard way and can break
parsing under certain conditions, instead use += which is widely used.

Signed-off-by: Sajjad Ahmed &lt;sajjad_ahmed@mentor.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
(cherry picked from commit 63e1cf3ffa26a4e820ec8d882e67e438aa0d23ee)
</content>
</entry>
<entry>
<title>scap-security-guide: add expat-native to DEPENDS</title>
<updated>2020-10-16T14:24:41+00:00</updated>
<author>
<name>Mingli Yu</name>
<email>mingli.yu@windriver.com</email>
</author>
<published>2020-10-14T09:44:20+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=717a38a8e475876286bcb788d24e868cb8308737'/>
<id>urn:sha1:717a38a8e475876286bcb788d24e868cb8308737</id>
<content type='text'>
Add expat-native to DEPENDS to fix the below do_configure error:
| CMake Error at CMakeLists.txt:165 (message):
|  xmlwf is required!

Signed-off-by: Mingli Yu &lt;mingli.yu@windriver.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
(cherry picked from commit 4c2f7ffd492c7083273aca7cc718802279f05ce2)
</content>
</entry>
<entry>
<title>packagegroup-core-security: remove clamav from musl image</title>
<updated>2020-10-16T14:24:06+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster808@gmail.com</email>
</author>
<published>2020-10-08T14:13:52+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=d2b9de25cbd9fa1a93205b9ef3ef57129c87ee33'/>
<id>urn:sha1:d2b9de25cbd9fa1a93205b9ef3ef57129c87ee33</id>
<content type='text'>
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
(cherry picked from commit 496a734c14fc72250979a4e7eb69c5d541ffd870)
</content>
</entry>
<entry>
<title>apparmor: fix build issue with ptest enabled.</title>
<updated>2020-10-16T14:23:21+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster808@gmail.com</email>
</author>
<published>2020-10-02T04:41:09+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=f01129b22ef61843e91524afbee3198fcd003e9b'/>
<id>urn:sha1:f01129b22ef61843e91524afbee3198fcd003e9b</id>
<content type='text'>
minor spacing cleanup

Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
(cherry picked from commit 2a7963df18e7f43c6209387b6e1a1e75ff74b6ca)
</content>
</entry>
</feed>
