projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1b4aa64) | patch
package/tpm2-tools: security bump to version 4.3.2
authorFabrice Fontaine <fontaine.fabrice@gmail.com>
Mon, 21 Jun 2021 20:22:18 +0000 (22:22 +0200)
committerThomas Petazzoni <thomas.petazzoni@bootlin.com>
Sat, 3 Jul 2021 20:32:33 +0000 (22:32 +0200)
commit91aa6efa8588bf7617cc4a640eb55052b524ceb7
tree2edaf6fa3a8870ed41c8b295b014507d50a75891tree
parent1b4aa6442abc299d19829670eaf69420f5e119cfcommit | diff
package/tpm2-tools: security bump to version 4.3.2

- Fix CVE-2021-3565: A flaw was found in tpm2-tools in versions before
  5.1.1 and before 4.3.2. tpm2_import used a fixed AES key for the inner
  wrapper, potentially allowing a MITM attacker to unwrap the inner
  portion and reveal the key being imported. The highest threat from
  this vulnerability is to data confidentiality.
- LICENSE moved in doc directory since
  https://github.com/tpm2-software/tpm2-tools/commit/23aa5dca660f596b2ad89542d5100bd4ef0c871a
  and hash updated due to the following line added with
  https://github.com/tpm2-software/tpm2-tools/commit/305011b2a7d091740fa01dbfbd27a48a76f670f7
  Copyright 2019      Fraunhofer SIT sponsored by Infineon Technologies AG
- libuuid and wchar (for mbstate_t) are mandatory since version 4.2 and
  https://github.com/tpm2-software/tpm2-tools/commit/eca77c1419617a8e2d6d8008bac716878b0c27ca

https://github.com/tpm2-software/tpm2-tools/blob/4.3.2/doc/CHANGELOG.md

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
package/tpm2-tools/Config.in diff | blob | history
package/tpm2-tools/tpm2-tools.hash diff | blob | history
package/tpm2-tools/tpm2-tools.mk diff | blob | history