meta-security: subtree update:9504d02694..775870980b
Armin Kuster (13):
libtpm: update to 0.8.2
ibmtpm2tss: update to 1.6.0
tpm2-abrmd: update to 2.4.0
tpm2-tools: update to 5.0
tpm2-tss: update to 3.0.3
tpm2-pkcs11: update to 1.5.0
tpm2-topt: update 0.3.0
trousers: update to 0.3.15
tpm-tools: update to 1.3.9.1
python3-fail2ban: fix building with ptest enabled
layer.conf: Add hardknott to LAYERSERIES_COMPAT
tpm2-tss-engine: update 1.1.0
swtpm: update to 0.5.2
Kai Kang (1):
samhain: fix compile error on powerpc
Ming Liu (1):
ima-evm-keys: add file-checksums to IMA_EVM_X509
lukasz plachno (1):
fscryptctl: Fix installation path
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: Id7215a394e0c10c60e0e2e4a43d4ce4fb622fa97
diff --git a/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.7.2.bb b/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.8.2.bb
similarity index 86%
rename from meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.7.2.bb
rename to meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.8.2.bb
index 0ade01d..9784aa1 100644
--- a/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.7.2.bb
+++ b/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.8.2.bb
@@ -2,8 +2,8 @@
LICENSE = "BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=e73f0786a936da3814896df06ad225a9"
-SRCREV = "7325acb4777f70419fe10a1d9621c2666e977e73"
-SRC_URI = "git://github.com/stefanberger/libtpms.git;branch=stable-0.7.0"
+SRCREV = "f66a719eda0b492ea3ec7852421a9d98db0a0621"
+SRC_URI = "git://github.com/stefanberger/libtpms.git;branch=stable-0.8"
PE = "1"
diff --git a/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.2.0.bb b/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.5.2.bb
similarity index 78%
rename from meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.2.0.bb
rename to meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.5.2.bb
index 35c77c8..b7ff2ad 100644
--- a/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.2.0.bb
+++ b/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.5.2.bb
@@ -3,22 +3,21 @@
LIC_FILES_CHKSUM = "file://LICENSE;md5=fe8092c832b71ef20dfe4c6d3decb3a8"
SECTION = "apps"
-DEPENDS = "libtasn1 expect socat glib-2.0 net-tools-native libtpm libtpm-native"
+DEPENDS = "libtasn1 coreutils-native expect socat glib-2.0 net-tools-native libtpm libtpm-native"
# configure checks for the tools already during compilation and
# then swtpm_setup needs them at runtime
DEPENDS += "tpm-tools-native expect-native socat-native"
-SRCREV = "39673a0139b0ee14a0109aba50a0635592c672c4"
-SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-${PV} \
- file://fix_fcntl_h.patch \
+SRCREV = "e59c0c1a7b4c8d652dbb280fd6126895a7057464"
+SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-0.5 \
file://ioctl_h.patch \
"
PE = "1"
S = "${WORKDIR}/git"
-inherit autotools pkgconfig
+inherit autotools pkgconfig python3-dir
PARALLEL_MAKE = ""
TSS_USER="tss"
@@ -35,18 +34,20 @@
EXTRA_OECONF += "--with-tss-user=${TSS_USER} --with-tss-group=${TSS_GROUP}"
-export SEARCH_DIR = "${STAGING_LIBDIR_NATIVE}"
-
USERADD_PACKAGES = "${PN}"
GROUPADD_PARAM_${PN} = "--system ${TSS_USER}"
USERADD_PARAM_${PN} = "--system -g ${TSS_GROUP} --home-dir \
--no-create-home --shell /bin/false ${BPN}"
+
+PACKAGES =+ "${PN}-python"
+FILES_${PN}-python = "${nonarch_libdir}/${PYTHON_PN}/dist-packages/* "
+
PACKAGE_BEFORE_PN = "${PN}-cuse"
FILES_${PN}-cuse = "${bindir}/swtpm_cuse"
INSANE_SKIP_${PN} += "dev-so"
-RDEPENDS_${PN} = "libtpm expect socat bash tpm-tools"
+RDEPENDS_${PN} = "libtpm expect socat bash tpm-tools python3 python3-cryptography python3-twisted"
BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-security/meta-tpm/recipes-tpm/tpm-tools/files/05-openssl1.1_fix_data_mgmt.patch b/meta-security/meta-tpm/recipes-tpm/tpm-tools/files/05-openssl1.1_fix_data_mgmt.patch
deleted file mode 100644
index c2a264b..0000000
--- a/meta-security/meta-tpm/recipes-tpm/tpm-tools/files/05-openssl1.1_fix_data_mgmt.patch
+++ /dev/null
@@ -1,110 +0,0 @@
-Author: Philipp Kern <pkern@debian.org>
-Subject: Fix openssl1.1 support in data_mgmt
-Date: Tue, 31 Jan 2017 22:40:10 +0100
-
-Upstream-Status: Backport
-tpm-tools_1.3.9.1-0.1.debian.tar
-
-Signed-off-by: Armin kuster <akuster808@gmail.com>
-
----
- src/data_mgmt/data_import.c | 60 ++++++++++++++++++++++++++++----------------
- 1 file changed, 39 insertions(+), 21 deletions(-)
-
---- a/src/data_mgmt/data_import.c
-+++ b/src/data_mgmt/data_import.c
-@@ -372,7 +372,7 @@ readX509Cert( const char *a_pszFile,
- goto out;
- }
-
-- if ( EVP_PKEY_type( pKey->type ) != EVP_PKEY_RSA ) {
-+ if ( EVP_PKEY_base_id( pKey ) != EVP_PKEY_RSA ) {
- logError( TOKEN_RSA_KEY_ERROR );
-
- X509_free( pX509 );
-@@ -691,8 +691,13 @@ createRsaPubKeyObject( RSA
-
- int rc = -1;
-
-- int nLen = BN_num_bytes( a_pRsa->n );
-- int eLen = BN_num_bytes( a_pRsa->e );
-+ const BIGNUM *bn;
-+ const BIGNUM *be;
-+
-+ RSA_get0_key( a_pRsa, &bn, &be, NULL );
-+
-+ int nLen = BN_num_bytes( bn );
-+ int eLen = BN_num_bytes( be );
-
- CK_RV rv;
-
-@@ -732,8 +737,8 @@ createRsaPubKeyObject( RSA
- }
-
- // Get binary representations of the RSA key information
-- BN_bn2bin( a_pRsa->n, n );
-- BN_bn2bin( a_pRsa->e, e );
-+ BN_bn2bin( bn, n );
-+ BN_bn2bin( be, e );
-
- // Create the RSA public key object
- rv = createObject( a_hSession, tAttr, ulAttrCount, a_hObject );
-@@ -760,14 +765,27 @@ createRsaPrivKeyObject( RSA
-
- int rc = -1;
-
-- int nLen = BN_num_bytes( a_pRsa->n );
-- int eLen = BN_num_bytes( a_pRsa->e );
-- int dLen = BN_num_bytes( a_pRsa->d );
-- int pLen = BN_num_bytes( a_pRsa->p );
-- int qLen = BN_num_bytes( a_pRsa->q );
-- int dmp1Len = BN_num_bytes( a_pRsa->dmp1 );
-- int dmq1Len = BN_num_bytes( a_pRsa->dmq1 );
-- int iqmpLen = BN_num_bytes( a_pRsa->iqmp );
-+ const BIGNUM *bn;
-+ const BIGNUM *be;
-+ const BIGNUM *bd;
-+ const BIGNUM *bp;
-+ const BIGNUM *bq;
-+ const BIGNUM *bdmp1;
-+ const BIGNUM *bdmq1;
-+ const BIGNUM *biqmp;
-+
-+ RSA_get0_key( a_pRsa, &bn, &be, &bd);
-+ RSA_get0_factors( a_pRsa, &bp, &bq);
-+ RSA_get0_crt_params( a_pRsa, &bdmp1, &bdmq1, &biqmp );
-+
-+ int nLen = BN_num_bytes( bn );
-+ int eLen = BN_num_bytes( be );
-+ int dLen = BN_num_bytes( bd );
-+ int pLen = BN_num_bytes( bp );
-+ int qLen = BN_num_bytes( bq );
-+ int dmp1Len = BN_num_bytes( bdmp1 );
-+ int dmq1Len = BN_num_bytes( bdmq1 );
-+ int iqmpLen = BN_num_bytes( biqmp );
-
- CK_RV rv;
-
-@@ -821,14 +839,14 @@ createRsaPrivKeyObject( RSA
- }
-
- // Get binary representations of the RSA key information
-- BN_bn2bin( a_pRsa->n, n );
-- BN_bn2bin( a_pRsa->e, e );
-- BN_bn2bin( a_pRsa->d, d );
-- BN_bn2bin( a_pRsa->p, p );
-- BN_bn2bin( a_pRsa->q, q );
-- BN_bn2bin( a_pRsa->dmp1, dmp1 );
-- BN_bn2bin( a_pRsa->dmq1, dmq1 );
-- BN_bn2bin( a_pRsa->iqmp, iqmp );
-+ BN_bn2bin( bn, n );
-+ BN_bn2bin( be, e );
-+ BN_bn2bin( bd, d );
-+ BN_bn2bin( bp, p );
-+ BN_bn2bin( bq, q );
-+ BN_bn2bin( bdmp1, dmp1 );
-+ BN_bn2bin( bdmq1, dmq1 );
-+ BN_bn2bin( biqmp, iqmp );
-
- // Create the RSA private key object
- rv = createObject( a_hSession, tAttr, ulAttrCount, a_hObject );
diff --git a/meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.1.bb b/meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb
similarity index 91%
rename from meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.1.bb
rename to meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb
index 88ef19f..8aeb8ac 100644
--- a/meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.1.bb
+++ b/meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb
@@ -12,12 +12,11 @@
DEPENDS = "libtspi openssl"
DEPENDS_class-native = "trousers-native"
-SRCREV = "bdf9f1bc8f63cd6fc370c2deb58d03ac55079e84"
+SRCREV = "bf43837575c5f7d31865562dce7778eae970052e"
SRC_URI = " \
git://git.code.sf.net/p/trousers/tpm-tools \
file://tpm-tools-extendpcr.patch \
file://04-fix-FTBFS-clang.patch \
- file://05-openssl1.1_fix_data_mgmt.patch \
file://openssl1.1_fix.patch \
"
diff --git a/meta-security/meta-tpm/recipes-tpm/trousers/trousers_git.bb b/meta-security/meta-tpm/recipes-tpm/trousers/trousers_git.bb
index 27b4e2f..32c9a49 100644
--- a/meta-security/meta-tpm/recipes-tpm/trousers/trousers_git.bb
+++ b/meta-security/meta-tpm/recipes-tpm/trousers/trousers_git.bb
@@ -6,8 +6,8 @@
DEPENDS = "openssl"
-SRCREV = "e74dd1d96753b0538192143adf58d04fcd3b242b"
-PV = "0.3.14+git${SRCPV}"
+SRCREV = "94144b0a1dcef6e31845d6c319e9bd7357208eb9"
+PV = "0.3.15+git${SRCPV}"
SRC_URI = " \
git://git.code.sf.net/p/trousers/trousers \