diff --git a/.gitignore b/.gitignore index 8214f68..52d28fe 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/trousers-0.3.14.tar.gz +SOURCES/trousers-0.3.15.tar.gz diff --git a/.trousers.metadata b/.trousers.metadata index b677878..253f73f 100644 --- a/.trousers.metadata +++ b/.trousers.metadata @@ -1 +1 @@ -9ca2cc9e1179465f6c5d9055e2b855e25031b85a SOURCES/trousers-0.3.14.tar.gz +75cd40e17c9385299e50ff2099905865442b59f1 SOURCES/trousers-0.3.15.tar.gz diff --git a/SOURCES/trousers-0.3.14-double-free.patch b/SOURCES/trousers-0.3.14-double-free.patch deleted file mode 100644 index ef7a36a..0000000 --- a/SOURCES/trousers-0.3.14-double-free.patch +++ /dev/null @@ -1,27 +0,0 @@ -diff -ur trousers-0.3.14/src/tspi/tsp_auth.c trousers-0.3.14-new/src/tspi/tsp_auth.c ---- trousers-0.3.14/src/tspi/tsp_auth.c 2014-07-23 12:42:45.000000000 -0700 -+++ trousers-0.3.14-new/src/tspi/tsp_auth.c 2019-05-27 13:41:57.316000945 -0700 -@@ -1221,7 +1221,7 @@ - } - - *handles = handle; -- handles_track = handles; -+ handles_track = handles; - - // Since the call tree of this function can possibly alloc memory - // (check RPC_ExecuteTransport_TP function), its better to keep track of -@@ -1229,9 +1229,11 @@ - result = obj_context_transport_execute(tspContext, TPM_ORD_Terminate_Handle, 0, NULL, - NULL, &handlesLen, &handles, NULL, NULL, NULL, NULL); - -- free(handles); -- handles = NULL; -- free(handles_track); -+ if (handles != handles_track) { -+ free(handles); -+ } -+ -+ free(handles_track); - - return result; - } diff --git a/SOURCES/trousers-0.3.14-memset.patch b/SOURCES/trousers-0.3.14-memset.patch deleted file mode 100644 index f8a2804..0000000 --- a/SOURCES/trousers-0.3.14-memset.patch +++ /dev/null @@ -1,28 +0,0 @@ -diff -ur trousers-0.3.14/src/include/spi_utils.h trousers-0.3.14-new/src/include/spi_utils.h ---- trousers-0.3.14/src/include/spi_utils.h 2014-07-23 12:42:44.000000000 -0700 -+++ trousers-0.3.14-new/src/include/spi_utils.h 2019-06-05 11:25:12.278782622 -0700 -@@ -53,7 +53,7 @@ - void *calloc_tspi(TSS_HCONTEXT, UINT32); - TSS_RESULT free_tspi(TSS_HCONTEXT, void *); - TSS_RESULT __tspi_add_mem_entry(TSS_HCONTEXT, void *); --void * __no_optimize __tspi_memset(void *, int, size_t); -+void * __tspi_memset(void *, int, size_t); - - /* secrets.c */ - -diff -ur trousers-0.3.14/src/tspi/tsp_context_mem.c trousers-0.3.14-new/src/tspi/tsp_context_mem.c ---- trousers-0.3.14/src/tspi/tsp_context_mem.c 2014-07-23 12:42:45.000000000 -0700 -+++ trousers-0.3.14-new/src/tspi/tsp_context_mem.c 2019-06-05 11:27:23.585033966 -0700 -@@ -258,8 +258,10 @@ - } - - /* definition for a memset that cannot be optimized away */ --void * __no_optimize -+void * - __tspi_memset(void *s, int c, size_t n) - { -- return memset(s, c, n); -+ memset(s, c, n); -+ asm volatile("" ::: "memory"); -+ return s; - } diff --git a/SOURCES/trousers-0.3.14-noinline.patch b/SOURCES/trousers-0.3.14-noinline.patch index 2880bb3..856fd5d 100644 --- a/SOURCES/trousers-0.3.14-noinline.patch +++ b/SOURCES/trousers-0.3.14-noinline.patch @@ -1,14 +1,14 @@ -diff -ur a/src/include/tspps.h b/src/include/tspps.h ---- a/src/include/tspps.h 2014-07-23 12:42:44.000000000 -0700 -+++ b/src/include/tspps.h 2018-08-01 19:33:42.454192873 -0700 +diff -ur trousers-0.3.15/src/include/tspps.h trousers-0.3.15-new/src/include/tspps.h +--- trousers-0.3.15/src/include/tspps.h 2020-05-27 23:01:45.000000000 -0700 ++++ trousers-0.3.15-new/src/include/tspps.h 2020-11-06 17:46:53.796319788 -0700 @@ -18,8 +18,8 @@ TSS_RESULT get_file(int *); int put_file(int); -inline TSS_RESULT read_data(int, void *, UINT32); -inline TSS_RESULT write_data(int, void *, UINT32); -+TSS_RESULT read_data(int, void *, UINT32); -+TSS_RESULT write_data(int, void *, UINT32); ++TSS_RESULT read_data(int, void *, UINT32); ++TSS_RESULT write_data(int, void *, UINT32); UINT32 psfile_get_num_keys(int); TSS_RESULT psfile_get_parent_uuid_by_uuid(int, TSS_UUID *, TSS_UUID *); TSS_RESULT psfile_remove_key_by_uuid(int, TSS_UUID *); diff --git a/SPECS/trousers.spec b/SPECS/trousers.spec index 9ced8b5..f3502d4 100644 --- a/SPECS/trousers.spec +++ b/SPECS/trousers.spec @@ -1,7 +1,7 @@ Name: trousers Summary: TCG's Software Stack v1.2 -Version: 0.3.14 -Release: 4%{?dist} +Version: 0.3.15 +Release: 1%{?dist} License: BSD Group: System Environment/Libraries Url: http://trousers.sourceforge.net @@ -12,12 +12,9 @@ Patch1: trousers-0.3.14-noinline.patch # submitted upstream https://sourceforge.net/p/trousers/mailman/message/35766729/ Patch2: trousers-0.3.14-unlock-in-err-path.patch Patch3: trousers-0.3.14-fix-indent-obj_policy.patch -Patch4: trousers-0.3.14-double-free.patch -Patch5: trousers-0.3.14-fix-indent-tspi_key.patch -# submitted upstream -Patch6: trousers-0.3.14-memset.patch +Patch4: trousers-0.3.14-fix-indent-tspi_key.patch -BuildRequires: libtool, openssl-devel +BuildRequires: libtool openssl-devel gettext-devel autoconf automake BuildRequires: systemd Requires(pre): shadow-utils Requires(post): systemd-units @@ -62,17 +59,13 @@ Header files and man pages for use in creating Trusted Computing enabled applications. %prep -%setup -cq -%patch1 -p1 -b .noinline -%patch2 -p1 -b .unlock -%patch3 -p1 -b .indent_obj_policy -%patch4 -p1 -b .double_free -%patch5 -p1 -b .indent_tspi_key -%patch6 -p1 -b .memset +%autosetup -p1 # fix man page paths sed -i -e 's|/var/tpm|/var/lib/tpm|g' -e 's|/usr/local/var|/var|g' man/man5/tcsd.conf.5.in man/man8/tcsd.8.in %build +chmod +x ./bootstrap.sh +./bootstrap.sh %configure --with-gui=openssl make -k %{?_smp_mflags} @@ -84,10 +77,14 @@ mkdir -p $RPM_BUILD_ROOT%{_unitdir} install -m 0644 %{SOURCE1} $RPM_BUILD_ROOT%{_unitdir}/ %pre -getent group tss >/dev/null || groupadd -g 59 -r tss -getent passwd tss >/dev/null || \ -useradd -r -u 59 -g tss -d /dev/null -s /sbin/nologin \ - -c "Account used by the trousers package to sandbox the tcsd daemon" tss +getent group tss >/dev/null || groupadd -f -g 59 -r tss +if ! getent passwd tss >/dev/null ; then + if ! getent passwd 59 >/dev/null ; then + useradd -r -u 59 -g tss -d /dev/null -s /sbin/nologin -c "Account used for TPM access" tss + else + useradd -r -g tss -d /dev/null -s /sbin/nologin -c "Account used for TPM access" tss + fi +fi exit 0 %post @@ -106,7 +103,7 @@ exit 0 %files %doc README ChangeLog %{_sbindir}/tcsd -%config(noreplace) %attr(0600, tss, tss) %{_sysconfdir}/tcsd.conf +%config(noreplace) %attr(0640, root, tss) %{_sysconfdir}/tcsd.conf %{_mandir}/man5/* %{_mandir}/man8/* %attr(644,root,root) %{_unitdir}/tcsd.service @@ -130,6 +127,11 @@ exit 0 %{_libdir}/libtddl.a %changelog +* Fri Nov 06 2020 Jerry Snitselaar - 0.3.15-1 +- Rebase to 0.3.15 +- Fix CVE-2020-24330 CVE-2020-24331 CVE-2020-24332 +resolves: rhbz#1725782 rhbz#1877517 rhbz#1882402 rhbz#1882414 + * Wed Jun 05 2019 Jerry Snitselaar - 0.3.14-4 - Fix annocheck warnings resolves: rhbz#1624181