<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/meta-security.git/meta-tpm, branch dunfell</title>
<subtitle>Mirror of git.yoctoproject.org/meta-security.git</subtitle>
<id>https://git.enea.com/cgit/linux/meta-security.git/atom?h=dunfell</id>
<link rel='self' href='https://git.enea.com/cgit/linux/meta-security.git/atom?h=dunfell'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/'/>
<updated>2022-03-20T21:51:06+00:00</updated>
<entry>
<title>tpm2-tools: update to 4.1.3</title>
<updated>2022-03-20T21:51:06+00:00</updated>
<author>
<name>Ralph Siemsen</name>
<email>ralph.siemsen@linaro.org</email>
</author>
<published>2022-03-15T16:23:41+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=e95a877981f5d71ce33aee469b6b7ad710758287'/>
<id>urn:sha1:e95a877981f5d71ce33aee469b6b7ad710758287</id>
<content type='text'>
Minor version bump from 4.1.1 to 4.1.3, containing two fixes:

4.1.3 - 2020-06-02
* tpm2_create: Fix issue with userauth attribute being cleared if
policy is specified.

4.1.2 - 2020-05-18
* Fix missing handle maps for ESY3 handle breaks. See #1994.
  https://github.com/tpm2-software/tpm2-tools/pull/1994

Details of changes
https://github.com/tpm2-software/tpm2-tools/commits/4.1.X

Signed-off-by: Ralph Siemsen &lt;ralph.siemsen@linaro.org&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>tpm2-tools: backport fix for CVE-2021-3565</title>
<updated>2022-03-20T21:50:58+00:00</updated>
<author>
<name>Ralph Siemsen</name>
<email>ralph.siemsen@linaro.org</email>
</author>
<published>2022-03-15T16:08:27+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=dc2c75e98134b131ac375eab34fea4c01a032c1c'/>
<id>urn:sha1:dc2c75e98134b131ac375eab34fea4c01a032c1c</id>
<content type='text'>
tpm2_import used a fixed AES key for the inner wrapper, which means that
a MITM attack would be able to unwrap the imported key. Even the
use of an encrypted session will not prevent this. The TPM only
encrypts the first parameter which is the fixed symmetric key.

To fix this, ensure the key size is 16 bytes or bigger and use
OpenSSL to generate a secure random AES key.

Upstream commit (with offset adjusted)
https://github.com/tpm2-software/tpm2-tools/commit/c069e4f179d5e6653a84fb236816c375dca82515

Signed-off-by: Ralph Siemsen &lt;ralph.siemsen@linaro.org&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>tpm-tools: fix build issue</title>
<updated>2021-07-10T12:25:40+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster808@gmail.com</email>
</author>
<published>2021-07-09T13:55:00+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=6466c6fb02f36f459b06d434484df26e083f3489'/>
<id>urn:sha1:6466c6fb02f36f459b06d434484df26e083f3489</id>
<content type='text'>
This error occurs randomly.
/bin/bash: pod2man: command not found

[Yocto #14304]

minor space/tab cleanup

Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
Cc: Ben &lt;koncept1@gmail.com&gt;
</content>
</entry>
<entry>
<title>README: updated branch for Dunfell</title>
<updated>2020-10-17T14:16:48+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster808@gmail.com</email>
</author>
<published>2020-10-02T04:41:09+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=a8340f10ead7d36d2dd06e0e17a9025bd4d4cc7d'/>
<id>urn:sha1:a8340f10ead7d36d2dd06e0e17a9025bd4d4cc7d</id>
<content type='text'>
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>ibmswtpm2: fix QA warning</title>
<updated>2020-10-17T01:47:51+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster808@gmail.com</email>
</author>
<published>2020-10-17T01:47:51+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=16b5bdec29cdb1f281007ad7e087b88235a4e1a9'/>
<id>urn:sha1:16b5bdec29cdb1f281007ad7e087b88235a4e1a9</id>
<content type='text'>
ibmswtpm2 doesn't have GNU_HASH (didn't pass LDFLAGS?) [ldflags

Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>trousers: Several Security fixes</title>
<updated>2020-08-24T19:18:49+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster@mvista.com</email>
</author>
<published>2020-08-17T21:50:28+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=ef4bfb5b71e617f3bb53001a4fd32e202e74200e'/>
<id>urn:sha1:ef4bfb5b71e617f3bb53001a4fd32e202e74200e</id>
<content type='text'>
Source:  meta-security
MR: 105088
Type: Security Fix
Disposition: Backport from http://git.yoctoproject.org/cgit/cgit.cgi/meta-security/commit/?id=787ba6faeaa8823a4d87e5edd15581cb4e12fa70
ChangeID: b55bccb002b9eb2c49dfe380406e2597bb1ade90
Description:

Fixes:
CVE-2020-24332
CVE-2020-24330
CVE-2020-24331

Signed-off-by: Armin Kuster &lt;akuster@mvista.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
(cherry picked from commit 787ba6faeaa8823a4d87e5edd15581cb4e12fa70)
Signed-off-by: Armin Kuster &lt;akuster@mvista.com&gt;
</content>
</entry>
<entry>
<title>packagegroup-security-tpm2: Depend on preferred provider for cryptsetup</title>
<updated>2020-07-15T04:27:35+00:00</updated>
<author>
<name>Jeremy Puhlman</name>
<email>jpuhlman@mvista.com</email>
</author>
<published>2020-07-14T04:00:01+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=982a29bbb7ef32475aea7c4bb56c620065a50927'/>
<id>urn:sha1:982a29bbb7ef32475aea7c4bb56c620065a50927</id>
<content type='text'>
Signed-off-by: Jeremy Puhlman &lt;jpuhlman@mvista.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>cryptsetup-tpm-incubator: RPROVIDES cryptsetup and cryptsetup-dev</title>
<updated>2020-07-15T04:27:35+00:00</updated>
<author>
<name>Jeremy Puhlman</name>
<email>jpuhlman@mvista.com</email>
</author>
<published>2020-07-14T04:00:00+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=b3a2f0016a4ec28292d18cc599591a8f89180ab6'/>
<id>urn:sha1:b3a2f0016a4ec28292d18cc599591a8f89180ab6</id>
<content type='text'>
Without this we get weird conflict when you include dev packages:
rror: Transaction check error:
  file /usr/include/libcryptsetup.h conflicts between attempted installs of
cryptsetup-tpm-incubator-dev-0.9.9-r0.corei7_64 and
lib32-cryptsetup-dev-2.3.2-r0.1.i586
  file /usr/lib64/libcryptsetup.so conflicts between attempted installs of
cryptsetup-tpm-incubator-dev-0.9.9-r0.corei7_64 and
cryptsetup-dev-2.3.2-r0.1.corei7_64
  file /usr/lib64/pkgconfig/libcryptsetup.pc conflicts between attempted
installs of cryptsetup-tpm-incubator-dev-0.9.9-r0.corei7_64 and
cryptsetup-dev-2.3.2-r0.1.corei7_64
  file /usr/lib/libcryptsetup.so conflicts between attempted installs of
lib32-cryptsetup-tpm-incubator-dev-0.9.9-r0.i586 and
lib32-cryptsetup-dev-2.3.2-r0.1.i586
  file /usr/lib/pkgconfig/libcryptsetup.pc conflicts between attempted installs
of lib32-cryptsetup-tpm-incubator-dev-0.9.9-r0.i586 and
lib32-cryptsetup-dev-2.3.2-r0.1.i586

Signed-off-by: Jeremy Puhlman &lt;jpuhlman@mvista.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>layer.conf: update LAYERSERIES_COMPAT for dunfell</title>
<updated>2020-03-27T23:53:25+00:00</updated>
<author>
<name>Martin Jansa</name>
<email>martin.jansa@gmail.com</email>
</author>
<published>2020-03-25T13:01:58+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=7f7897590c74d0979748397a655fd3b4b49de7f4'/>
<id>urn:sha1:7f7897590c74d0979748397a655fd3b4b49de7f4</id>
<content type='text'>
Signed-off-by: Martin Jansa &lt;Martin.Jansa@gmail.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>linux-yocto: update the bbappend to 5.x</title>
<updated>2020-03-08T21:13:07+00:00</updated>
<author>
<name>André Draszik</name>
<email>git@andred.net</email>
</author>
<published>2020-03-05T20:12:44+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=d7ca573c36706f3b5423fabcc1d5e652f513d0bc'/>
<id>urn:sha1:d7ca573c36706f3b5423fabcc1d5e652f513d0bc</id>
<content type='text'>
As linux-yocto upgraded to 5.x in oe-core, update
the bbappend to 5.x to remove the warning

ERROR: No recipes available for:
  .../meta-security/meta-tpm/recipes-kernel/linux/linux-yocto_4.%.bbappend

This patch hasn't been verified any further than allowing bitbake
to complete with a non-linux-yocto kernel. In particular options could
be different, or new ones needed / desired.

Signed-off-by: André Draszik &lt;git@andred.net&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
</feed>
