From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Sun, 28 Apr 2024 18:39:18 +0200 Received: from metis.whiteo.stw.pengutronix.de ([2a0a:edc0:2:b01:1d::104]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1s17Yc-005M4B-1H for lore@lore.pengutronix.de; Sun, 28 Apr 2024 18:39:18 +0200 Received: from localhost ([127.0.0.1] helo=metis.whiteo.stw.pengutronix.de) by metis.whiteo.stw.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1s17Yc-0003iu-3A; Sun, 28 Apr 2024 18:39:18 +0200 Received: from mail-db5eur02on2102.outbound.protection.outlook.com ([40.107.249.102] helo=EUR02-DB5-obe.outbound.protection.outlook.com) by metis.whiteo.stw.pengutronix.de with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1s17YE-0003ii-IO for ptxdist@pengutronix.de; Sun, 28 Apr 2024 18:38:55 +0200 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=oTdRTJ80BJp3EfSdzFawuvF8ekYoeyDc6GD8RxP81iyfa+bylXMga34IpA7p126TAiImmRJ+nf+KVgMbGqfDmIsqLsEUR+NGlYPDu/58Lv2+l/B9Z444CH77AFeoMIZTVSrujbgAYUBIi9rX0wlMgzy/JiLH1Q9IMHzD8iDwI4L/zNKY8T/HXHhwCCy9zDoqJGx5JpcE/q16tZ0A957CUon4iKalaSI9E6jMtyCc3AmomJEtpX7vhKT25FxJXEoprZdFYxsFI36+ElVX/bfX7/m7eZAyY+GQ5Vme/7Gm5ZOa770Knr3o8ecPUum8teLks+gG1VYaIwiTBiKEFy8Zmw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=27QfH8hcfeC9ua82UXb20vUN5tLPYzsXacowmmRIyl0=; b=hxVR/P1CS59EPz7w7YIYBahvkUfOZs56E0EzE6RJrKlEiJUMLfXDHqkZb7+C1zVqiDLHKaWeMBBokc7/RhCa+wTFrDWiR1GlttPjw+Obtn9dE55OtGWpzJEZrx+WggUd85nFFG5Txy8G1HlO07A6UMmERiMT3yQCOIuw9rRXkoIoy5Q2Ud0rBoc5NVyvdhGvtgxJEA2mCoVFRO54HGnlQUkiuaBr9bHS3BWhPuTr5iUvt6F5bClCbyE/Bbjn5ArYlV7B8F6C9CNjOXq8Sh1XflAkl2ElVnF22Cf5Dx3FPrAhNge8vvuvKro9OIxZv/fLIJ5iqmtzvdjQ2vhX9+LKbQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=t2data.com; dmarc=pass action=none header.from=t2data.com; dkim=pass header.d=t2data.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=t2datacom.onmicrosoft.com; s=selector1-t2datacom-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=27QfH8hcfeC9ua82UXb20vUN5tLPYzsXacowmmRIyl0=; b=IefgFEMjvd3hkdlIG/m8UMsfs0qofuCaPAoEvpaQG8FLzbcGzCh/vgsGPXitt4Kr9QWwqEaCTrxyPtgSURjDVM8RaAZACwsORqDG1T4h9anigCLFcubjc8KyTQ3M2C6g9QW4oSEvOXdNrLFTj43fzilX+EMxfDGStJx0WxuH5P4= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=t2data.com; Received: from DB9P251MB0618.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:334::22) by GV2P251MB0972.EURP251.PROD.OUTLOOK.COM (2603:10a6:150:ad::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7519.34; Sun, 28 Apr 2024 16:38:50 +0000 Received: from DB9P251MB0618.EURP251.PROD.OUTLOOK.COM ([fe80::ba8c:3db:3a02:7ce4]) by DB9P251MB0618.EURP251.PROD.OUTLOOK.COM ([fe80::ba8c:3db:3a02:7ce4%6]) with mapi id 15.20.7519.031; Sun, 28 Apr 2024 16:38:50 +0000 From: Christian Melki To: ptxdist@pengutronix.de Date: Sun, 28 Apr 2024 18:38:37 +0200 Message-Id: <20240428163837.824589-1-christian.melki@t2data.com> X-Mailer: git-send-email 2.34.1 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-ClientProxiedBy: GVX0EPF0000ED85.SWEP280.PROD.OUTLOOK.COM (2603:10a6:144:1:0:3:0:b) To DB9P251MB0618.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:334::22) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DB9P251MB0618:EE_|GV2P251MB0972:EE_ X-MS-Office365-Filtering-Correlation-Id: 28712a3e-ecf8-4844-9e0e-08dc67a1aef1 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; ARA:13230031|1800799015|376005|52116005|366007|38350700005; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?/UmvanMWsvlQWNdEkM31bPhg5IlWzbGn9nDXvSb+59Y8lGLFnC4elbFJDlKr?= =?us-ascii?Q?smUwdatPNybG9D9zHUlgIZR0Wv7P2Eu2lnDBnxMqBt/dPNdyJv1vKozIdX0j?= =?us-ascii?Q?ny0u8KBQF3NtR3NEGVJFHZOm43jIEMHJDVv3ayLQX7I0sBc7Yj8JYBxm0BS8?= =?us-ascii?Q?TcqekRwCKUiOKaSDX9QN04elmcigeHMzEzUQXAxA/a7B1KN3VUkDN1iFdmdc?= =?us-ascii?Q?A75g+G5YgdGrqPA1+OCL2dC4KjijpNI57nBUmmK4QuW3bbHOkxUAqkpGroPz?= =?us-ascii?Q?bHMdABqLJgvC//WEusRWANe97sDJQMfAL6nl3yL/R9F/b9TCuoXN0UiUeojP?= =?us-ascii?Q?ZMU6dMMuM+FFrQsc7IqBHVanqfTZK4JDtnLO3Nfq4fN8ugk50xbkwzw/ApBV?= =?us-ascii?Q?1PyGuah62v11ltFcOs4RFMEVlB6vDyN/JbqN9FwAAzw+35jasDfX6ze0x/cI?= =?us-ascii?Q?a7zCGomkTjhpBk6O7q0lqRGWIHlhlTTBOFURafKx25hb0L08kE2VjEvhuuoP?= =?us-ascii?Q?NLJ3oEYAbEz+G9u10AghDJxQ7vzo7wngmptvezz/Ap0GSw/UU2dMDrD1ojmA?= =?us-ascii?Q?g93lj5zhfgtxzbCgdK0F/RSVrDFv+gnI8jeD3mTt+vBMx1Soaz90J3H/wIFU?= =?us-ascii?Q?ne/rpAYhNGEkzflip6KI1NEqc3ZMKdXHoZ2zNlVFhwo9PP/RDnYRkxK39RUa?= =?us-ascii?Q?qlRIkH8dpO4hfiJWp2YapxMEkRhrgQ0g2LBVDh/ik/WZGXRF/gIsK8oYFz4e?= =?us-ascii?Q?MvzWG32K3v7ECjTUnox3xsSaDABjyFbqDfmsSyuns187qYaG+Ih7gxLKmJ76?= =?us-ascii?Q?n6eL1vduPW8qsCkcGzIn3Tq1j5upxiIPmMzlTodi763P7k19rCo2Qf0USqNt?= =?us-ascii?Q?UIuWkgN1FGB/ZJxcf6FNH5yCrCmoxbsTuNdpC/DgVMw5R72w+hCaebKIjV1p?= =?us-ascii?Q?M0cFOUHPVF+UxpkDzsk82sbLNa9Soq+SGb72kPODM/IvujX+T0EB7x3s8F3p?= =?us-ascii?Q?an1K3OQMQfQfougjH/FDXEpcCF4UX85iPy8KjgC97+azoP7ML3/EvqYgRv8A?= =?us-ascii?Q?RoqoQArQLgs59qkZ/rr8H0tTzqc6rC8a6j5MC/vYqM/R3omud9pzOTD62RLA?= =?us-ascii?Q?pEX48gkobQK+s3kxFJUSX2FPSyyPwFG8jty1Nwn9G/JKWsYuyp/MCTX1skGv?= =?us-ascii?Q?LFboVeWUbQPG5r1DauiIoPpudHT2+9VNke6TougGyqdl2LzWiYR8QkQ2k5QG?= =?us-ascii?Q?xitiRZIRIhx1+Gu1qO/Qw5pahSLoaHjPkNPPzljAE7zjGuJzb2ULhVG47rV4?= =?us-ascii?Q?d2PZa7BMVnGJC7FhJgeLBP/772RrrxpJ3oR9m7+b4uG+/g=3D=3D?= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB9P251MB0618.EURP251.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230031)(1800799015)(376005)(52116005)(366007)(38350700005); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?hNb7DxShWeDEw9gcldD/FQaLQ3ayz4FN/0iGV2F+bPOSo16gU+s/hjoKuIya?= =?us-ascii?Q?ppz2n//GUtfxSWgpxpcbaSmP71sYe8nvANriMgevqXk/yNrG3V3sVKZDK+W+?= =?us-ascii?Q?xpbkVLuu35C0qSmuNmdtTTthlOoAvWNWTRzol6skMWVFmOXd/CkyQHwqoT3R?= =?us-ascii?Q?sB5oFTe2pyAXN/F/rE+uX1Re+BAMTFzepDIVznQePP0Okl9IoQMHy8JCTJ+d?= =?us-ascii?Q?PG6sriswuupC5MKit5CVE+TGTjAYp8gaFSNXlDpa1J/lhXgiLFBlss2YLyn4?= =?us-ascii?Q?DtKxIvIkgnTIjf/QSpwqYUyms5DuGYWVkZz6RAi6R29qrFV+WdYBzwBJTPoE?= =?us-ascii?Q?/PzxtRJydOIFLgneJ+RLsZMXdW7h201Wq4C1QirrNuY6Y1BHv04FVX/nod40?= =?us-ascii?Q?W4UQZNpWmnv7tS1S/wRPPWlQOPs9L9Ut+sT1gE8VjwWJc29z1FvdZVBUDyxG?= =?us-ascii?Q?/siNf11SxVLeNOMGRpeWXnA7NwGDPXQPalnv+cmpLPMdAV9P6xvUrZAhsa6c?= =?us-ascii?Q?aB842UzRbG+Ntt0eVCQQbkaiKQCzA8eJdwQvsz0jJtZOrmrTdV3TPaICL55/?= =?us-ascii?Q?ejA7B1P18x93fw8OK041DPXB4vy2AQplU2CsLWwA3iLXNP8dOwnujcf4LGIY?= =?us-ascii?Q?p5blta775iN/8vwKZjARap1YID1oy5BIb/PJ0JwIvNxjzQwrw9cdVHVBAyez?= =?us-ascii?Q?Rbjx8++0wyek/6EGZBjfmhoyzWawBD86rUlaEGYodfoWtV4VQY95JnQwVrCK?= =?us-ascii?Q?Daz35kYwBWEltkh2NUJMNM4hN8ftWySgZk7pY3GLcE88g/mkcI3Pv+NsJo8t?= =?us-ascii?Q?3AuzhClj7lK+1tAahtRWc85zYFr7DA+q3DOJFQfxABEKyGCB5E7Lec7idvAs?= =?us-ascii?Q?yPkDWNlGJ7H+pWBT6/KvM3q9CCnNnwLgUInc6V8TBNXwWkLsqN+g/6/N6Jr4?= =?us-ascii?Q?+Leax1SlWv6GO5rzd+tkYlu9l3wuEgSvfE7sS5BuwriH0Sof9sS5LB+Pxlbi?= =?us-ascii?Q?uwCDYYri1VTdHqTPlb/g8gmCNdmbLJODUdSJmGVMXt03eyZ/URpXvGHB6xNd?= =?us-ascii?Q?OlM3cX4RXJ4u3WE99qctaffgL4VYjP0zjyNo6cVLIaEMChSdO774MB1qTucu?= =?us-ascii?Q?wSe2TcrX0QyH/Z/mbkewcgKZFNg2ld7B2PCIVjnVC7DHfwzH1O9Ay95Er+6g?= =?us-ascii?Q?haGLRASWHflxOKrAyPahJRS8azi3xZKvfev0ExQ/QaipIP0ZYhfNtbOMZ+nW?= =?us-ascii?Q?3j+R4xo/XxUZPzj+70CF1FqFPPQZ9dlEJCkn4kDjqTyJoR7iGMenusV0YG/W?= =?us-ascii?Q?8xpPhaG7cUwV6MyqsdGWyxlG8m754209KLtjwrPBV91JuSXiqLZizbWVgU8x?= =?us-ascii?Q?Rkk0WbervbD7YSFWARbYeXy1KRGsVGUztllQliC4P+5v4LnM7Purzle7WzfK?= =?us-ascii?Q?BC6wvj4n3VFL9bShEzYoi8qxbiclKeMeZSSHEBU6Qf32jmxQ4dovJVLAxCPF?= =?us-ascii?Q?g1WwMHx/jB4AjuIxcRxmxBFWQHNwsdtH8tztHGNe2K64TYmcfydb/1pHpPXA?= =?us-ascii?Q?f2mzi9qow3TTvPuiLkWvIthHC7qizRuhqWkn5E8VgpstgE3xafqjpDq13ugX?= =?us-ascii?Q?8g=3D=3D?= X-OriginatorOrg: t2data.com X-MS-Exchange-CrossTenant-Network-Message-Id: 28712a3e-ecf8-4844-9e0e-08dc67a1aef1 X-MS-Exchange-CrossTenant-AuthSource: DB9P251MB0618.EURP251.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Apr 2024 16:38:50.4307 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 27928da5-aacd-4ba1-9566-c748a6863e6c X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: WR9EZm58/2uH6LivkVLtqQj6OF5x3ZliAp8kBY+CS7AnvGnCBz5Hjrw/Fpm6dmpwLgm+G6sowWUWsLUv4Znk0vNrhtdpOyXSfVzqs8jqju0= X-MS-Exchange-Transport-CrossTenantHeadersStamped: GV2P251MB0972 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on metis.whiteo.stw.pengutronix.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=4.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Subject: [ptxdist] [PATCH] tpm2-tss: Version bump. 4.0.1 -> 4.1.0 X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.whiteo.stw.pengutronix.de); SAEximRunCond expanded to false https://github.com/tpm2-software/tpm2-tss/releases/tag/4.1.0 Nothing fancy, a bunch of fixes mostly. Plugs CVE: CVE-2024-29040 - In tmu_set_table of tmu.c, there is a possible out of bounds write due to a missing bounds check. Signed-off-by: Christian Melki --- rules/tpm2-tss.make | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rules/tpm2-tss.make b/rules/tpm2-tss.make index 729172b4c..cf37742c4 100644 --- a/rules/tpm2-tss.make +++ b/rules/tpm2-tss.make @@ -14,8 +14,8 @@ PACKAGES-$(PTXCONF_TPM2_TSS) += tpm2-tss # # Paths and names # -TPM2_TSS_VERSION := 4.0.1 -TPM2_TSS_MD5 := fff676c669519097906bd8ce28fc4238 +TPM2_TSS_VERSION := 4.1.0 +TPM2_TSS_MD5 := 97e91ce0c77d361409502badb1023e80 TPM2_TSS := tpm2-tss-$(TPM2_TSS_VERSION) TPM2_TSS_SUFFIX := tar.gz TPM2_TSS_URL := https://github.com/tpm2-software/tpm2-tss/releases/download/$(TPM2_TSS_VERSION)/$(TPM2_TSS).$(TPM2_TSS_SUFFIX) -- 2.34.1