| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
Remove or update S definitions as required to work with oe-core
S/UNPACKDIR changes.
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
|
|
|
|
|
|
|
|
|
| |
Using vendor "libtpms_project" and product "libtpms"
as in https://nvd.nist.gov/vuln/detail/CVE-2021-3446
Matches CVEs better when analyzing with cve_check.bbclass.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
|
| |
Upstream and other distros like Debian use package name
libtpms so use this name for recipe too to match CVEs etc.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Needed by newer swtpm. Improves error messages etc.
Changes:
https://github.com/stefanberger/libtpms/releases/tag/v0.10.0
version 0.10.0:
tpm2: Support for profiles: default-v1 & custom
tpm2: Add new API call TPMLIB_SetProfile to enable user to set a profile
tpm2: Extende TPMLIB_GetInfo to return profiles-related info
tpm2: Implemented crypto tests and restrictions on crypto related to
FIPS-140-3; can be enabled with profiles
tpm2: Enable Camellia-192 and AES-192
tpm2: Implement TPMLIB_WasManufactured API call
tpm2: Fixes for issues detected by static analyzers
tpm2: Use OpenSSL-based KDFe implementation if possible
tpm2: Update to TPM 2 spec rev 183 (many changes)
tpm2: Better support for OpenSSL 3.x
tpm2: Use Carmichael function for RSA priv. exponent D (>= 2048 bits)
tpm2: Fixes for CVE-2023-1017 and CVE-2023-1018
tpm2: Fix of SignedCompareB().
NOTE: This fix may result in backwards compatibility issues with
PCR policies used by TPM2_PolicyCounterTimer and TPM2_PolicyNV
when upgrading from v0.9 to v0.10.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
| |
nativesdk-swtpm needs nativesdk-libtpm
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There could be some false possitives (the script is far from perfect), so please
test it on your QA, I've only double checked with "git grep" (the script looks
only in parent directory).
@ ~/layers/meta-security $ /OE/extra-layers/meta-ros/scripts/check-patch-files.sh .
./recipes-ids/tripwire/files/add_armeb_arch.patch: not used in any recipe
./dynamic-layers/meta-python/recipes-security/fail2ban/files/0001-To-fix-build-error-of-xrang.patch: not used in any recipe
./recipes-scanners/clamav/files/fix2_libcurl_check.patch: not used in any recipe
./recipes-scanners/arpwatch/files/postfix_workaround.patch: not used in any recipe
./meta-tpm/recipes-tpm/libtpm/files/Use-format-s-for-call-to-dprintf.patch: not used in any recipe
./meta-tpm/recipes-tpm/libtpm/files/fix_signed_issue.patch: not used in any recipe
./meta-tpm/recipes-tpm/libtpm/files/Convert-another-vdprintf-to-dprintf.patch: not used in any recipe
./meta-tpm/recipes-tpm/swtpm/files/fix_lib_search_path.patch: not used in any recipe
./meta-tpm/recipes-tpm/swtpm/files/fix_fcntl_h.patch: not used in any recipe
./recipes-mac/AppArmor/files/disable_perl_h_check.patch: not used in any recipe
@ ~/layers/meta-security $ git grep add_armeb_arch.patch
@ ~/layers/meta-security $ git grep 0001-To-fix-build-error-of-xrang.patch
@ ~/layers/meta-security $ git grep fix2_libcurl_check.patch
@ ~/layers/meta-security $ git grep postfix_workaround.patch
@ ~/layers/meta-security $ git grep Use-format-s-for-call-to-dprintf.patch
@ ~/layers/meta-security $ git grep fix_signed_issue.patch
@ ~/layers/meta-security $ git grep Convert-another-vdprintf-to-dprintf.patch
@ ~/layers/meta-security $ git grep fix_lib_search_path.patch
@ ~/layers/meta-security $ git grep fix_fcntl_h.patch
@ ~/layers/meta-security $ git grep disable_perl_h_check.patch
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
| |
include: CVE-2023-1017 & CVE-2023-1018
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
| |
a bit of re-org
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
| |
a bit of re-org.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
includes: CVE-2021-3623
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
|
| |
This patch updates SRC_URIs using git to include branch=master if no branch is set
and also to use protocol=https for github urls as generated by the conversion script
in OE-Core.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
| |
Signed-off-by: Kristian Klausen <kristian@klausen.dk>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
--
V2]
let include the updated changes
|
|
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
|
|
| |
/bin/bash: pod2man: command not found
| Makefile:585: recipe for target 'TPMLIB_CancelCommand.3' failed
inherit perlnative to fix
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
|
| |
Add PE
This update include support for tpm2.0
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
| |
LIC_FILES_CHKSUM changed do to "Extend license texts with TPM 2 specifics"
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
|
|
| |
This allows dropping some patches for issues that were addressed
upstream. It also brings in support for connecting swtpm to qemu
without relying on CUSE.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|