swtpm: update to 0.7.1

fixes: CVE-2022-23645. Add implementation of SWTPM_HMAC using OpenSSL 3.0 APIs Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Armin Kuster <akuster808@gmail.com> 2022-03-04 16:12:30 -0800
committer: Armin Kuster <akuster808@gmail.com> 2022-03-11 21:08:22 -0800
commit: 6ea6a4982cb75b0dde96abeba520f305663b95c0 (patch)
tree: 6ebe8be099f06d8e8065d460d29a6358d2d372a6
parent: 6c3262f5bb662b44b6473551b0717ace853379e6 (diff)
download: meta-security-6ea6a4982cb75b0dde96abeba520f305663b95c0.tar.gz
2 files changed, 2 insertions, 68 deletions
diff --git a/meta-tpm/recipes-tpm/swtpm/files/oe_configure.patch b/meta-tpm/recipes-tpm/swtpm/files/oe_configure.patch
deleted file mode 100644
index 5aee933..0000000
--- a/meta-tpm/recipes-tpm/swtpm/files/oe_configure.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-Don't check for tscd deamon on host.
-Upstream-Status: OE Specific
-Signed-off-by: Armin Kuster <akuster808@gmail.com>
-Index: git/configure.ac
-===================================================================
--- git.orig/configure.ac
-+++ git/configure.ac
-@@ -179,15 +179,6 @@ AC_SUBST([LIBTPMS_LIBS])
- AC_CHECK_LIB(c, clock_gettime, LIBRT_LIBS="", LIBRT_LIBS="-lrt")
- AC_SUBST([LIBRT_LIBS])
- 
-AC_PATH_PROG([TCSD], tcsd)
-if test "x$TCSD" = "x"; then
-    have_tcsd=no
-    AC_MSG_WARN([tcsd could not be found; typically need it for tss user account and tests])
-else
-    have_tcsd=yes
-fi
-AM_CONDITIONAL([HAVE_TCSD], test "$have_tcsd" != "no")
-
- dnl We either need netstat (more common across systems) or 'ss' for test cases
- AC_PATH_PROG([NETSTAT], [netstat])
- if test "x$NETSTAT" = "x"; then
-@@ -440,23 +431,6 @@ AC_ARG_WITH([tss-group],
-             [TSS_GROUP="tss"]
- )
- 
-case $have_tcsd in
-yes)
-       AC_MSG_CHECKING([whether TSS_USER $TSS_USER is available])
-       if ! test $(id -u $TSS_USER); then
-               AC_MSG_ERROR(["$TSS_USER is not available"])
-       else
-               AC_MSG_RESULT([yes])
-       fi
-       AC_MSG_CHECKING([whether TSS_GROUP $TSS_GROUP is available])
-       if ! test $(id -g $TSS_GROUP); then
-               AC_MSG_ERROR(["$TSS_GROUP is not available"])
-       else
-               AC_MSG_RESULT([yes])
-       fi
-       ;;
-esac
-
- AC_SUBST([TSS_USER])
- AC_SUBST([TSS_GROUP])
- 
-Index: git/tests/Makefile.am
-===================================================================
--- git.orig/tests/Makefile.am
-+++ git/tests/Makefile.am
-@@ -83,10 +83,6 @@ TESTS += \
-        test_tpm2_swtpm_cert \
-        test_tpm2_swtpm_cert_ecc \
-        test_tpm2_swtpm_setup_create_cert
-if HAVE_TCSD
-TESTS += \
-       test_tpm2_samples_create_tpmca
-endif
- endif
- 
- EXTRA_DIST=$(TESTS) \
diff --git a/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb b/meta-tpm/recipes-tpm/swtpm/swtpm_0.7.1.bb
index 63734b9..85e4c5d 100644
--- a/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb
+++ b/meta-tpm/recipes-tpm/swtpm/swtpm_0.7.1.bb
@@ -6,10 +6,9 @@ SECTION = "apps"
 # expect-native, socat-native, coreutils-native and net-tools-native are reportedly only required for the tests
 DEPENDS = "libtasn1 coreutils-native expect-native socat-native glib-2.0 net-tools-native libtpm json-glib"
-SRCREV = "98187d24fe14851653a7c46eb16e9c5f0b9beaa1"
+SRCREV = "92a7035f45d9b08aa7c6b8bd6fa4c6916ef07a9e"
-SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-0.6;protocol=https \
+SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-0.7-next;protocol=https \
           file://ioctl_h.patch \
-           file://oe_configure.patch \
           "
 PE = "1"
author	Armin Kuster <akuster808@gmail.com>	2022-03-04 16:12:30 -0800
committer	Armin Kuster <akuster808@gmail.com>	2022-03-11 21:08:22 -0800
commit	6ea6a4982cb75b0dde96abeba520f305663b95c0 (patch)
tree	6ebe8be099f06d8e8065d460d29a6358d2d372a6
parent	6c3262f5bb662b44b6473551b0717ace853379e6 (diff)
download	meta-security-6ea6a4982cb75b0dde96abeba520f305663b95c0.tar.gz

diff --git a/meta-tpm/recipes-tpm/swtpm/files/oe_configure.patch b/meta-tpm/recipes-tpm/swtpm/files/oe_configure.patch deleted file mode 100644 index 5aee933..0000000 --- a/meta-tpm/recipes-tpm/swtpm/files/oe_configure.patch +++ /dev/null
@@ -1,65 +0,0 @@
1	Don't check for tscd deamon on host.
2
3	Upstream-Status: OE Specific
4
5	Signed-off-by: Armin Kuster <akuster808@gmail.com>
6
7	Index: git/configure.ac
8	===================================================================
9	--- git.orig/configure.ac
10	+++ git/configure.ac
11	@@ -179,15 +179,6 @@ AC_SUBST([LIBTPMS_LIBS])
12	AC_CHECK_LIB(c, clock_gettime, LIBRT_LIBS="", LIBRT_LIBS="-lrt")
13	AC_SUBST([LIBRT_LIBS])
14
15	-AC_PATH_PROG([TCSD], tcsd)
16	-if test "x$TCSD" = "x"; then
17	- have_tcsd=no
18	- AC_MSG_WARN([tcsd could not be found; typically need it for tss user account and tests])
19	-else
20	- have_tcsd=yes
21	-fi
22	-AM_CONDITIONAL([HAVE_TCSD], test "$have_tcsd" != "no")
23	-
24	dnl We either need netstat (more common across systems) or 'ss' for test cases
25	AC_PATH_PROG([NETSTAT], [netstat])
26	if test "x$NETSTAT" = "x"; then
27	@@ -440,23 +431,6 @@ AC_ARG_WITH([tss-group],
28	[TSS_GROUP="tss"]
29	)
30
31	-case $have_tcsd in
32	-yes)
33	- AC_MSG_CHECKING([whether TSS_USER $TSS_USER is available])
34	- if ! test $(id -u $TSS_USER); then
35	- AC_MSG_ERROR(["$TSS_USER is not available"])
36	- else
37	- AC_MSG_RESULT([yes])
38	- fi
39	- AC_MSG_CHECKING([whether TSS_GROUP $TSS_GROUP is available])
40	- if ! test $(id -g $TSS_GROUP); then
41	- AC_MSG_ERROR(["$TSS_GROUP is not available"])
42	- else
43	- AC_MSG_RESULT([yes])
44	- fi
45	- ;;
46	-esac
47	-
48	AC_SUBST([TSS_USER])
49	AC_SUBST([TSS_GROUP])
50
51	Index: git/tests/Makefile.am
52	===================================================================
53	--- git.orig/tests/Makefile.am
54	+++ git/tests/Makefile.am
55	@@ -83,10 +83,6 @@ TESTS += \
56	test_tpm2_swtpm_cert \
57	test_tpm2_swtpm_cert_ecc \
58	test_tpm2_swtpm_setup_create_cert
59	-if HAVE_TCSD
60	-TESTS += \
61	- test_tpm2_samples_create_tpmca
62	-endif
63	endif
64
65	EXTRA_DIST=$(TESTS) \


diff --git a/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb b/meta-tpm/recipes-tpm/swtpm/swtpm_0.7.1.bb index 63734b9..85e4c5d 100644 --- a/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb +++ b/meta-tpm/recipes-tpm/swtpm/swtpm_0.7.1.bb
@@ -6,10 +6,9 @@ SECTION = "apps"
6	# expect-native, socat-native, coreutils-native and net-tools-native are reportedly only required for the tests	6	# expect-native, socat-native, coreutils-native and net-tools-native are reportedly only required for the tests
7	DEPENDS = "libtasn1 coreutils-native expect-native socat-native glib-2.0 net-tools-native libtpm json-glib"	7	DEPENDS = "libtasn1 coreutils-native expect-native socat-native glib-2.0 net-tools-native libtpm json-glib"
8		8
9	SRCREV = "98187d24fe14851653a7c46eb16e9c5f0b9beaa1"	9	SRCREV = "92a7035f45d9b08aa7c6b8bd6fa4c6916ef07a9e"
10	SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-0.6;protocol=https \	10	SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-0.7-next;protocol=https \
11	file://ioctl_h.patch \	11	file://ioctl_h.patch \
12	file://oe_configure.patch \
13	"	12	"
14	PE = "1"	13	PE = "1"
15		14