meta-security: subtree update:9504d02694..775870980b
Armin Kuster (13):
libtpm: update to 0.8.2
ibmtpm2tss: update to 1.6.0
tpm2-abrmd: update to 2.4.0
tpm2-tools: update to 5.0
tpm2-tss: update to 3.0.3
tpm2-pkcs11: update to 1.5.0
tpm2-topt: update 0.3.0
trousers: update to 0.3.15
tpm-tools: update to 1.3.9.1
python3-fail2ban: fix building with ptest enabled
layer.conf: Add hardknott to LAYERSERIES_COMPAT
tpm2-tss-engine: update 1.1.0
swtpm: update to 0.5.2
Kai Kang (1):
samhain: fix compile error on powerpc
Ming Liu (1):
ima-evm-keys: add file-checksums to IMA_EVM_X509
lukasz plachno (1):
fscryptctl: Fix installation path
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: Id7215a394e0c10c60e0e2e4a43d4ce4fb622fa97
diff --git a/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss/0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch b/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss/0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch
index 8b13fb6..cfda80f 100644
--- a/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss/0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch
+++ b/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss/0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch
@@ -15,17 +15,15 @@
utils12/Makefile.am | 8 ++++-
2 files changed, 79 insertions(+), 4 deletions(-)
-diff --git a/utils/Makefile.am b/utils/Makefile.am
-index 1e51fe3..170a26e 100644
---- a/utils/Makefile.am
-+++ b/utils/Makefile.am
-@@ -81,9 +81,78 @@ libibmtssutils_la_LIBADD = libibmtss.la $(LIBCRYPTO_LIBS)
+Index: git/utils/Makefile.am
+===================================================================
+--- git.orig/utils/Makefile.am
++++ git/utils/Makefile.am
+@@ -85,9 +85,78 @@ libibmtssutils_la_LIBADD = libibmtss.la
- noinst_HEADERS = CommandAttributes.h imalib.h tssdev.h ntc2lib.h tssntc.h Commands_fp.h objecttemplates.h tssproperties.h cryptoutils.h Platform.h tssauth.h tsssocket.h ekutils.h eventlib.h tssccattributes.h
+ noinst_HEADERS = CommandAttributes.h imalib.h tssdev.h ntc2lib.h tssntc.h Commands_fp.h objecttemplates.h tssproperties.h cryptoutils.h Platform.h tssauth.h tsssocket.h ekutils.h eventlib.h efilib.h tssccattributes.h
# install every header in ibmtss
-nobase_include_HEADERS = ibmtss/*.h
--
--notrans_man_MANS = man/man1/*.1
+nobase_include_HEADERS = ibmtss/ActivateCredential_fp.h ibmtss/ActivateIdentity_fp.h ibmtss/BaseTypes.h \
+ ibmtss/CertifyCreation_fp.h ibmtss/Certify_fp.h ibmtss/CertifyX509_fp.h ibmtss/ChangeEPS_fp.h \
+ ibmtss/ChangePPS_fp.h ibmtss/ClearControl_fp.h ibmtss/Clear_fp.h ibmtss/ClockRateAdjust_fp.h \
@@ -65,7 +63,8 @@
+ ibmtss/tssmarshal.h ibmtss/tssprintcmd.h ibmtss/tssprint.h ibmtss/tssresponsecode.h ibmtss/tsstransmit.h \
+ ibmtss/tssutils.h ibmtss/Unmarshal12_fp.h ibmtss/Unmarshal_fp.h ibmtss/Unseal_fp.h ibmtss/VerifySignature_fp.h \
+ ibmtss/ZGen_2Phase_fp.h
-+
+
+-notrans_man_MANS = man/man1/*.1
+notrans_man_MANS = man/man1/tssactivatecredential.1 man/man1/tsscertify.1 man/man1/tsscertifycreation.1 \
+ man/man1/tsscertifyx509.1 man/man1/tsschangeeps.1 man/man1/tsschangepps.1 man/man1/tssclear.1 \
+ man/man1/tssclearcontrol.1 man/man1/tssclockrateadjust.1 man/man1/tssclockset.1 man/man1/tsscommit.1 \
@@ -101,11 +100,11 @@
if CONFIG_TPM20
noinst_HEADERS += tss20.h tssauth20.h ibmtss/tssprintcmd.h
-diff --git a/utils12/Makefile.am b/utils12/Makefile.am
-index a01f47c..e9fe61e 100644
---- a/utils12/Makefile.am
-+++ b/utils12/Makefile.am
-@@ -9,7 +9,13 @@ libibmtssutils12_la_CFLAGS = -I$(top_srcdir)/utils
+Index: git/utils12/Makefile.am
+===================================================================
+--- git.orig/utils12/Makefile.am
++++ git/utils12/Makefile.am
+@@ -9,7 +9,13 @@ libibmtssutils12_la_CFLAGS = -I$(top_src
# result: [current-age].age.revision
libibmtssutils12_la_LDFLAGS = -version-info @TSSLIB_VERSION_INFO@ ../utils/libibmtss.la
@@ -120,6 +119,3 @@
noinst_HEADERS = ekutils12.h
bin_PROGRAMS = activateidentity createendorsementkeypair createwrapkey extend flushspecific getcapability loadkey2 makeidentity nvdefinespace nvreadvalueauth nvreadvalue nvwritevalueauth nvwritevalue oiap osap ownerreadinternalpub ownersetdisable pcrread quote2 sign startup takeownership tpminit createekcert makeekblob eventextend imaextend
---
-2.17.1
-
diff --git a/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.5.0.bb b/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.6.0.bb
similarity index 94%
rename from meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.5.0.bb
rename to meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.6.0.bb
index 18ad7eb..4d9b554 100644
--- a/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.5.0.bb
+++ b/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.6.0.bb
@@ -17,7 +17,7 @@
inherit autotools pkgconfig
-SRCREV = "aa6c6ec83793ba21782033c03439977c26d3cc87"
+SRCREV = "3e736f712ba53c8f06e66751f60fae428fd2e20f"
SRC_URI = " git://git.code.sf.net/p/ibmtpm20tss/tss;nobranch=1 \
file://0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch \
"
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.3.3.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.0.bb
similarity index 96%
rename from meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.3.3.bb
rename to meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.0.bb
index d2a1c47..edfcce9 100644
--- a/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.3.3.bb
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.0.bb
@@ -18,7 +18,7 @@
file://tpm2-abrmd.default \
"
-SRCREV = "4cdda466010a3699ebe967d990ac715ae3de7d35"
+SRCREV = "4f332013a02c422e186c4aaf127ab6a40b996028"
S = "${WORKDIR}/git"
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.4.0.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.5.0.bb
similarity index 96%
rename from meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.4.0.bb
rename to meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.5.0.bb
index 6beb67a..d53d4fa 100644
--- a/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.4.0.bb
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.5.0.bb
@@ -10,7 +10,7 @@
file://bootstrap_fixup.patch \
file://0001-remove-local-binary-checkes.patch"
-SRCREV = "78bbf6a0237351830d0c3923b25ba0b57ae0b7e9"
+SRCREV = "5d583351028eebd470f50ec35db5dcf00533df31"
S = "${WORKDIR}/git"
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.3.0.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.0.bb
similarity index 80%
rename from meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.3.0.bb
rename to meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.0.bb
index 5bd26ab..dbd324a 100644
--- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.3.0.bb
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.0.bb
@@ -8,6 +8,6 @@
SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz"
-SRC_URI[sha256sum] = "ae009b3495b44a16faa3d94d41ac9c9d99c71723482efad53c5eea17eeed80fc"
+SRC_URI[sha256sum] = "e1b907fe29877628052e08ad84eebc6c3f7646d29505ed4862e96162a8c91ba1"
inherit autotools pkgconfig bash-completion
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.2.1.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb
similarity index 73%
rename from meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.2.1.bb
rename to meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb
index 264484f..dfebc07 100644
--- a/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.2.1.bb
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb
@@ -9,8 +9,8 @@
PE = "1"
-SRCREV = "bfd581986353edc1058604e77cac804bd8b0d30a"
-SRC_URI = "git://github.com/tpm2-software/tpm2-totp.git;branch=v0.2.x"
+SRCREV = "96a1448753a48974149003bc90ea3990ae8e8d0b"
+SRC_URI = "git://github.com/tpm2-software/tpm2-totp.git"
inherit autotools-brokensep pkgconfig
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.0.1.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb
similarity index 88%
rename from meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.0.1.bb
rename to meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb
index ebd6d53..5395695 100644
--- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.0.1.bb
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb
@@ -2,14 +2,14 @@
DESCRIPTION = "The tpm2-tss-engine project implements a cryptographic engine for OpenSSL for Trusted Platform Module (TPM 2.0) using the tpm2-tss software stack that follows the Trusted Computing Groups (TCG) TPM Software Stack (TSS 2.0). It uses the Enhanced System API (ESAPI) interface of the TSS 2.0 for downwards communication. It supports RSA decryption and signatures as well as ECDSA signatures."
LICENSE = "BSD-3-Clause"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=3fb0047fd29391478a71e8e6101c76eb"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=7b3ab643b9ce041de515d1ed092a36d4"
SECTION = "security/tpm"
DEPENDS = "autoconf-archive-native bash-completion libtss2 libgcrypt openssl"
-SRCREV = "24f1383cc6befde44d6f01a51ea653304d844ffd"
-SRC_URI = "git://github.com/tpm2-software/tpm2-tss-engine.git;branch=v1.0.x"
+SRCREV = "6f387a4efe2049f1b4833e8f621c77231bc1eef4"
+SRC_URI = "git://github.com/tpm2-software/tpm2-tss-engine.git;branch=v1.1.x"
inherit autotools-brokensep pkgconfig systemd
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/0001-configure.ac-fix-compatibility-with-autoconf-2.70.patch b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/0001-configure.ac-fix-compatibility-with-autoconf-2.70.patch
new file mode 100644
index 0000000..cae2e76
--- /dev/null
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/0001-configure.ac-fix-compatibility-with-autoconf-2.70.patch
@@ -0,0 +1,48 @@
+From 03cca78d24d716eec792f86f5b0bc69886fad981 Mon Sep 17 00:00:00 2001
+From: Patrick McCarty <patrick.mccarty@intel.com>
+Date: Fri, 18 Dec 2020 01:54:05 +0000
+Subject: [PATCH] configure.ac: fix compatibility with autoconf 2.70
+
+With autoconf 2.70, not quoting the second argument to one of the AS_IF
+macro expansions leads to generation of invalid shell code affecting the
+first nested ERROR_IF_NO_PROG expansion.
+
+The invalid shell code leads to an error resembling:
+
+ ./configure: line 18826: syntax error near unexpected token `newline'
+ ./configure: line 18826: ` '''
+
+Fix the issue by quoting the second argument to the affected AS_IF,
+similar to the quoting found elsewhere in configure.ac.
+
+Signed-off-by: Patrick McCarty <patrick.mccarty@intel.com>
+
+Upstream-Status: Backport
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+---
+ configure.ac | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+Index: tpm2-tss-3.0.3/configure.ac
+===================================================================
+--- tpm2-tss-3.0.3.orig/configure.ac
++++ tpm2-tss-3.0.3/configure.ac
+@@ -279,7 +279,7 @@ AC_ARG_ENABLE([integration],
+ [build and execute integration tests])],,
+ [enable_integration=no])
+ AS_IF([test "x$enable_integration" = "xyes"],
+- AS_IF([test "$HOSTOS" = "Linux"],
++ [AS_IF([test "$HOSTOS" = "Linux"],
+ [ERROR_IF_NO_PROG([ss])],
+ [ERROR_IF_NO_PROG([sockstat])])
+ ERROR_IF_NO_PROG([echo])
+@@ -328,7 +328,7 @@ AS_IF([test "x$enable_integration" = "xy
+ [AC_MSG_ERROR([No simulator executable found in PATH for testing TCTI.])])
+ AC_SUBST([INTEGRATION_TCTI], [$integration_tcti])
+ AC_SUBST([INTEGRATION_ARGS], [$integration_args])
+- AC_SUBST([ENABLE_INTEGRATION], [$enable_integration]))
++ AC_SUBST([ENABLE_INTEGRATION], [$enable_integration])])
+ AM_CONDITIONAL([ENABLE_INTEGRATION],[test "x$enable_integration" = "xyes"])
+ #
+ # sanitizer compiler flags
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.4.3.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.0.3.bb
similarity index 90%
rename from meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.4.3.bb
rename to meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.0.3.bb
index 78be513..b2486e5 100644
--- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.4.3.bb
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.0.3.bb
@@ -6,8 +6,10 @@
DEPENDS = "autoconf-archive-native libgcrypt openssl"
-SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz"
-SRC_URI[sha256sum] = "e294677f8993234d0adfa191a5cbf9c5b83cc60c724c233e3d631c26712abea0"
+SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz \
+ file://0001-configure.ac-fix-compatibility-with-autoconf-2.70.patch \
+ "
+SRC_URI[sha256sum] = "78392be7309baf47f51b122f566ac915fd4d1760ea78571cba2e1484f9b5be17"
inherit autotools pkgconfig systemd extrausers