5258da8497
- adjusted %setup macro invocation which seemed to be wrong
Matthias Gerstner2020-11-05 10:55:21 +00:00
f7274415fe
- update to new upstream version 0.3.15: - Corrected mutliple security issues that existed if the tcsd is started by root instead of the tss user. CVE-2020-24332, CVE-2020-24330, CVE-2020-24331 - Replaced use of _no_optimize with asm memory barrier - Fixed multiple potential instances of use after free memory handling - Removed unused global variables which caused build issue on some distros - drop gcc-10.patch: now contained in upstream tarball - drop bsc1164472.patch: now contained in upstream tarball
Matthias Gerstner2020-11-05 10:36:08 +00:00
d563a9dd49
- In a previous commit the Requires line for the tss user got accidentally dropped. This change reintroduces it.
Matthias Gerstner2020-07-27 08:14:38 +00:00
2af8e2ea3a
Accepting request 810796 from home:mgerstner:branches:security
Matthias Gerstner2020-06-02 10:30:48 +00:00
af1b67abea
Accepting request 807580 from security
Yuchen Lin2020-05-23 15:26:43 +00:00
f9db7cbc97
require /etc/tcsd.conf to be owned by root:tss mode 0640.
Matthias Gerstner2020-05-20 10:29:52 +00:00
5000c171fa
- get rid of %pre/%post logic that fixes the old packaging bug. Turns out %pretrans and %posttrans had their purpose before, because the logic needed to run before old files owned by the package got deleted. But I'm not reimplementing this strange logic in Lua ... users that didn't get the fix yet will have to live with it.
Matthias Gerstner2020-05-20 10:07:53 +00:00
8baf3baff8
- fix a potential tss user to root privilege escalation when running tcsd (bsc#1164472). To do this run tcsd as the 'tss' user right away to prevent badly designed privilege drop and initialization code to run. - add bsc1164472.patch: additionally harden operation of tcsd when running as root. No longer follow symlinks in /var/lib/tpm. Drop gid to tss main group.
Matthias Gerstner2020-05-20 09:50:09 +00:00
cc956f2894
- add correct Requires(pre) and change %pretrans and %posttrans into %pre and %post. %pretrans can't have any dependencies and therefore can only be %implemented in lua. This currently leads to build errors "/bin/sh: no such file or directory".
Matthias Gerstner2020-05-15 10:04:12 +00:00
5432fa5a15
- add explicit dependency to bash to try to workaround recent build errors failing to execute %pretrans: error: failed to exec scriptlet interpreter /bin/sh: No such file or directory error: %pretrans(trousers-0.3.14-82.3.aarch64) scriptlet failed, exit status 127
Matthias Gerstner2020-05-13 12:21:08 +00:00
ce94032d0a
- leave creation of /var/lib/tpm to the new system-user-tss package. Otherwise we're getting conflicts in packages depending on trousers (bsc#1162360).
Matthias Gerstner2020-02-19 12:49:22 +00:00
7555ca7f4f
- Fix a local symlink attack problem with the %posttrans scriptlet (bsc#1157651, CVE-2019-18898). A rogue tss user could have used this attack to gain ownership of arbitrary files in the system during installation/update of the trousers package.
Matthias Gerstner2019-11-26 09:26:21 +00:00
faf8c811fd
- add fix-lto.patch: This fixes the rpmlint error: trousers-devel.x86_64: E: lto-no-text-in-archive (Badness: 10000) /usr/lib64/libtddl.a objcopy/strip seem not to support the LTO linking and discard the actual text section from libtddl.a. By passing -ffat-lto-objects the object format is kept compatible with unaware tools and fixes the error.
Matthias Gerstner2019-09-09 14:15:02 +00:00
eb14ad4d31
Accepting request 698144 from security
Yuchen Lin2019-04-26 20:55:00 +00:00
eecd206a1e
Accepting request 698138 from home:jubalh:branches:security
Matthias Gerstner2019-04-26 10:41:50 +00:00
934b16a264
- fix mode of /var/lib/tpm, was missing the execute bit in the previous version. - implement a backup and restore logic for /var/lib/tpm/system.data.* to prevent removal of validly stored trousers state during update. See previous comment for the packaging error that leads to this requirement.
Matthias Gerstner2018-10-26 11:22:47 +00:00
d457a441b3
- fix wrong installation of system.data.{auth,noauth} into /var/lib/tpm. These files are only sample files that *can* be used to fake that ownership was already taken by trousers, when other TPM stacks did that already. These files should not be there by default. Therefore install them into /usr/share/trousers instead, to allow the user to use them at his own discretion (fixes bsc#1111381).
Matthias Gerstner2018-10-24 12:44:49 +00:00
9d0298a56b
- trousers-wrap_large_key_overflow.patch: Do not wrap keys larger than
Marcus Meissner2017-03-01 11:06:43 +00:00
396c095a23
2048 bit, as the space on the TPM is limited to that amount. (bnc#868933)
Marcus Meissner2017-03-01 11:06:27 +00:00
4daa43bcec
- trousers-wrap_large_key_overflow.patch: do not wrap keys larger than 2048 bit, as there is not more space. (bnc#868933)
Marcus Meissner2017-03-01 11:06:03 +00:00
c7e24a8808
Accepting request 294163 from home:pluskalm:branches:security
Marcus Meissner2015-04-07 09:49:50 +00:00
0b9895ddc2
Accepting request 236160 from security
Stephan Kulow
2014-06-05 08:49:57 +00:00
4cad349ee8
- updated to trousers 0.3.13 (bnc#881095 LTC#111124) - Changed exported functions which had a name too common, to avoid collision - Assessed daemon security using manual techniques and coverity - Fixed major security bugs and memory leaks - Added debug support to run tcsd with a different user/group - Daemon now properly closes sockets before shutting down * TROUSERS_0_3_12 - Added new network code for RPC, which supports IPv6 - Users of client applications can configure the hostname of the tcsd server they want to connect through the TSS_TCSD_HOSTNAME env var (only works if application didn't set a hostname in the context) - Added disable_ipv4 and disable_ipv6 config options for server - removed trousers-wrap_large_key_overflow.patch: upstream - removed trousers-0.3.11.2.diff: solved upstream now
Marcus Meissner2014-06-03 15:37:04 +00:00
a9eab335e8
Accepting request 226744 from security
Stephan Kulow
2014-03-21 13:06:49 +00:00
ac8240d1b9
- trousers-wrap_large_key_overflow.patch: do not wrap keys larger than 2048 bit, as there is not more space. (bnc#868933)
Marcus Meissner2014-03-19 13:00:26 +00:00
f58aa1f0e7
Accepting request 213873 from security
Stephan Kulow
2014-01-20 15:24:52 +00:00
b12d4d8d01
- Updated to trousers 0.3.11.2 - license changed to BSD-3-Clause - various bug and manpage fixes - trousers-0.3.10.diff renamed and rebased to trousers-0.3.11.2.diff
Marcus Meissner2014-01-14 10:47:36 +00:00
fc2b68170b
Accepting request 137388 from security
Stephan Kulow
2012-10-07 18:05:06 +00:00
0f523cef57
- updated to trousers 0.3.10 - bugfixes - context checking
Marcus Meissner2012-09-28 14:52:23 +00:00
bbbd3c5f8b
Accepting request 122685 from security
Stephan Kulow
2012-05-31 15:11:08 +00:00
043c3e24fd
Accepting request 111595 from security
Stephan Kulow
2012-03-29 05:49:01 +00:00
9edf21a48e
- Updated to TROUSERS_0_3_8 - Fix ssl_ui.c overflow - Handling of TPM_CERTIFY_INFO2 structure special case - Fix possible obfuscation of obj_migdata.c errors. - Make 1.2 keys respect the TPM_PCRIGNOREDONREAD flag. - PCRInfo member allocation in Trspi_Unload_CERTIFY_INFO. - Add functions for deserializing NVRAM related data structures - Add NVRAM specific error messages - Fix spec file so one can build an rpm - Initialize the tcsd_config_file with NULL. - support for -c <configfile> command line option - Establish a .gitignore file - ENDIAN_H and htole definition fix
Marcus Meissner2012-03-28 15:05:17 +00:00
883de7ed0b
Accepting request 109093 from security
Stephan Kulow
2012-03-17 12:23:26 +00:00
6fb4b0d1ad
Accepting request 109060 from home:babelworx:ldig:branches:security
Marcus Meissner2012-03-13 12:13:09 +00:00
7f0e0ba281
Accepting request 92910 from security
Stephan Kulow
2011-11-22 16:49:45 +00:00
c35f4d6670
Accepting request 92562 from home:coolo:removelibtool
Pavol Rusnak
2011-11-21 17:12:46 +00:00
07f628b33f
Autobuild autoformatter for 74198
Sascha Peilicke
2011-06-30 14:24:44 +00:00
0b395bf07e
Accepting request 46629 from security
OBS User autobuild
2010-08-30 10:24:37 +00:00
d7263c793d
Updating link to change in openSUSE:Factory/trousers revision 15.0
OBS User buildservice-autocommit
2010-08-30 10:24:37 +00:00
c5913cebee
Accepting request 46629 from security
OBS User autobuild
2010-08-30 10:24:36 +00:00
e0d9d82cac
- Updated to TROUNSERS_0_3_6 - Fixed a number of warnings during a build with --debug regarding THREAD ID definition - Removed htole() dependency, which was included only in glibc 2.9 - Updated to TROUSERS_0_3_5 - Allowed TCD Daemon to run with reduced privileges In Solaris. - Fixing previous kfreebsd build patch conflict with the current tree. - TCSD error handling improvements. - mutex init inclusion. - pthread_t portability fix - Owner Evict keys load fix. - Big- endian issues. - Memory leak fix. - Adding missing #include <limits.h>. - kfreebsd build fixes. - Fixed usage of syslog(). - 64bits clean - Fixes the TCP UN and IN socket connection attempt handling - Fixes logic on opening a hardware TPM. - Added communication through TCP to software TPMs in TrouSerS. - Fixed conflicting defines - Adds missing free() - Fixed fread() return value check. - Made the previous fix cleaner and more robust. - Added missing check in order to avoid freeing buffer that's out of Tspi_Data_Seal() scope. - Fixed Tspi_TPM_GetRandom 4kb output limit.
Marcus Meissner2010-08-11 08:59:03 +00:00
2724c92e4b
Accepting request 42074 from security
OBS User autobuild
2010-06-28 09:41:40 +00:00
681bc5bf89
Accepting request 42074 from security
OBS User autobuild
2010-06-28 09:41:39 +00:00
0c6b66567e
Accepting request 41850 from home:elvigia:branches:security
Pavol Rusnak
2010-06-25 15:54:12 +00:00
f132b225ce
Accepting request 35169 from security
OBS User autobuild
2010-03-19 08:33:53 +00:00
a7b8277a67
Accepting request 35169 from security
OBS User autobuild
2010-03-19 08:33:53 +00:00
ad6ab2150a
- Updated to TROUSERS_0_3_4 - Fixed TrouSerS mishandling of TPM auth sessions - Enabled hosttable.c "_init" and "_fini" functions to work on Solaris - Included Solaris in BSD_CONST definition conditional - Made the init script LSB compliant - make distcheck improved - TROUSERS_0_3_3_2 - Fixed logic when filling up RSA keys objects. - TROUSERS_0_3_3_1 - TCSD now runs as tss and has a better signal handling - Fixed many memory handling issues - TROUSERS_0_3_3 - Tspi_ChangeAuth fixed for popup secret use case. - Prefixed exported functions with common names. - Fixed issues with accessing the utmp database. - Migrated the bios parser file handler from open to fopen.
Marcus Meissner2010-03-18 10:30:21 +00:00
b7ffe2d466
Accepting request 31038 from home:jengelh:baselibs
Marcus Meissner2010-02-02 10:09:32 +00:00
Ana Guerrero
Wolfgang Frisch
Dominique Leuenberger
Marcus Meissner
Matthias Gerstner
Richard Brown
Yuchen Lin
Stephan Kulow
Pavol Rusnak
Sascha Peilicke
Cristian Rodríguez