import trousers-0.3.15-1.el8
This commit is contained in:
parent
4da0ca68f2
commit
6a9069b94d
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
|||||||
SOURCES/trousers-0.3.14.tar.gz
|
SOURCES/trousers-0.3.15.tar.gz
|
||||||
|
@ -1 +1 @@
|
|||||||
9ca2cc9e1179465f6c5d9055e2b855e25031b85a SOURCES/trousers-0.3.14.tar.gz
|
75cd40e17c9385299e50ff2099905865442b59f1 SOURCES/trousers-0.3.15.tar.gz
|
||||||
|
@ -1,27 +0,0 @@
|
|||||||
diff -ur trousers-0.3.14/src/tspi/tsp_auth.c trousers-0.3.14-new/src/tspi/tsp_auth.c
|
|
||||||
--- trousers-0.3.14/src/tspi/tsp_auth.c 2014-07-23 12:42:45.000000000 -0700
|
|
||||||
+++ trousers-0.3.14-new/src/tspi/tsp_auth.c 2019-05-27 13:41:57.316000945 -0700
|
|
||||||
@@ -1221,7 +1221,7 @@
|
|
||||||
}
|
|
||||||
|
|
||||||
*handles = handle;
|
|
||||||
- handles_track = handles;
|
|
||||||
+ handles_track = handles;
|
|
||||||
|
|
||||||
// Since the call tree of this function can possibly alloc memory
|
|
||||||
// (check RPC_ExecuteTransport_TP function), its better to keep track of
|
|
||||||
@@ -1229,9 +1229,11 @@
|
|
||||||
result = obj_context_transport_execute(tspContext, TPM_ORD_Terminate_Handle, 0, NULL,
|
|
||||||
NULL, &handlesLen, &handles, NULL, NULL, NULL, NULL);
|
|
||||||
|
|
||||||
- free(handles);
|
|
||||||
- handles = NULL;
|
|
||||||
- free(handles_track);
|
|
||||||
+ if (handles != handles_track) {
|
|
||||||
+ free(handles);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ free(handles_track);
|
|
||||||
|
|
||||||
return result;
|
|
||||||
}
|
|
@ -1,28 +0,0 @@
|
|||||||
diff -ur trousers-0.3.14/src/include/spi_utils.h trousers-0.3.14-new/src/include/spi_utils.h
|
|
||||||
--- trousers-0.3.14/src/include/spi_utils.h 2014-07-23 12:42:44.000000000 -0700
|
|
||||||
+++ trousers-0.3.14-new/src/include/spi_utils.h 2019-06-05 11:25:12.278782622 -0700
|
|
||||||
@@ -53,7 +53,7 @@
|
|
||||||
void *calloc_tspi(TSS_HCONTEXT, UINT32);
|
|
||||||
TSS_RESULT free_tspi(TSS_HCONTEXT, void *);
|
|
||||||
TSS_RESULT __tspi_add_mem_entry(TSS_HCONTEXT, void *);
|
|
||||||
-void * __no_optimize __tspi_memset(void *, int, size_t);
|
|
||||||
+void * __tspi_memset(void *, int, size_t);
|
|
||||||
|
|
||||||
/* secrets.c */
|
|
||||||
|
|
||||||
diff -ur trousers-0.3.14/src/tspi/tsp_context_mem.c trousers-0.3.14-new/src/tspi/tsp_context_mem.c
|
|
||||||
--- trousers-0.3.14/src/tspi/tsp_context_mem.c 2014-07-23 12:42:45.000000000 -0700
|
|
||||||
+++ trousers-0.3.14-new/src/tspi/tsp_context_mem.c 2019-06-05 11:27:23.585033966 -0700
|
|
||||||
@@ -258,8 +258,10 @@
|
|
||||||
}
|
|
||||||
|
|
||||||
/* definition for a memset that cannot be optimized away */
|
|
||||||
-void * __no_optimize
|
|
||||||
+void *
|
|
||||||
__tspi_memset(void *s, int c, size_t n)
|
|
||||||
{
|
|
||||||
- return memset(s, c, n);
|
|
||||||
+ memset(s, c, n);
|
|
||||||
+ asm volatile("" ::: "memory");
|
|
||||||
+ return s;
|
|
||||||
}
|
|
@ -1,6 +1,6 @@
|
|||||||
diff -ur a/src/include/tspps.h b/src/include/tspps.h
|
diff -ur trousers-0.3.15/src/include/tspps.h trousers-0.3.15-new/src/include/tspps.h
|
||||||
--- a/src/include/tspps.h 2014-07-23 12:42:44.000000000 -0700
|
--- trousers-0.3.15/src/include/tspps.h 2020-05-27 23:01:45.000000000 -0700
|
||||||
+++ b/src/include/tspps.h 2018-08-01 19:33:42.454192873 -0700
|
+++ trousers-0.3.15-new/src/include/tspps.h 2020-11-06 17:46:53.796319788 -0700
|
||||||
@@ -18,8 +18,8 @@
|
@@ -18,8 +18,8 @@
|
||||||
|
|
||||||
TSS_RESULT get_file(int *);
|
TSS_RESULT get_file(int *);
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
Name: trousers
|
Name: trousers
|
||||||
Summary: TCG's Software Stack v1.2
|
Summary: TCG's Software Stack v1.2
|
||||||
Version: 0.3.14
|
Version: 0.3.15
|
||||||
Release: 4%{?dist}
|
Release: 1%{?dist}
|
||||||
License: BSD
|
License: BSD
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
Url: http://trousers.sourceforge.net
|
Url: http://trousers.sourceforge.net
|
||||||
@ -12,12 +12,9 @@ Patch1: trousers-0.3.14-noinline.patch
|
|||||||
# submitted upstream https://sourceforge.net/p/trousers/mailman/message/35766729/
|
# submitted upstream https://sourceforge.net/p/trousers/mailman/message/35766729/
|
||||||
Patch2: trousers-0.3.14-unlock-in-err-path.patch
|
Patch2: trousers-0.3.14-unlock-in-err-path.patch
|
||||||
Patch3: trousers-0.3.14-fix-indent-obj_policy.patch
|
Patch3: trousers-0.3.14-fix-indent-obj_policy.patch
|
||||||
Patch4: trousers-0.3.14-double-free.patch
|
Patch4: trousers-0.3.14-fix-indent-tspi_key.patch
|
||||||
Patch5: trousers-0.3.14-fix-indent-tspi_key.patch
|
|
||||||
# submitted upstream
|
|
||||||
Patch6: trousers-0.3.14-memset.patch
|
|
||||||
|
|
||||||
BuildRequires: libtool, openssl-devel
|
BuildRequires: libtool openssl-devel gettext-devel autoconf automake
|
||||||
BuildRequires: systemd
|
BuildRequires: systemd
|
||||||
Requires(pre): shadow-utils
|
Requires(pre): shadow-utils
|
||||||
Requires(post): systemd-units
|
Requires(post): systemd-units
|
||||||
@ -62,17 +59,13 @@ Header files and man pages for use in creating Trusted Computing enabled
|
|||||||
applications.
|
applications.
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -cq
|
%autosetup -p1
|
||||||
%patch1 -p1 -b .noinline
|
|
||||||
%patch2 -p1 -b .unlock
|
|
||||||
%patch3 -p1 -b .indent_obj_policy
|
|
||||||
%patch4 -p1 -b .double_free
|
|
||||||
%patch5 -p1 -b .indent_tspi_key
|
|
||||||
%patch6 -p1 -b .memset
|
|
||||||
# fix man page paths
|
# fix man page paths
|
||||||
sed -i -e 's|/var/tpm|/var/lib/tpm|g' -e 's|/usr/local/var|/var|g' man/man5/tcsd.conf.5.in man/man8/tcsd.8.in
|
sed -i -e 's|/var/tpm|/var/lib/tpm|g' -e 's|/usr/local/var|/var|g' man/man5/tcsd.conf.5.in man/man8/tcsd.8.in
|
||||||
|
|
||||||
%build
|
%build
|
||||||
|
chmod +x ./bootstrap.sh
|
||||||
|
./bootstrap.sh
|
||||||
%configure --with-gui=openssl
|
%configure --with-gui=openssl
|
||||||
make -k %{?_smp_mflags}
|
make -k %{?_smp_mflags}
|
||||||
|
|
||||||
@ -84,10 +77,14 @@ mkdir -p $RPM_BUILD_ROOT%{_unitdir}
|
|||||||
install -m 0644 %{SOURCE1} $RPM_BUILD_ROOT%{_unitdir}/
|
install -m 0644 %{SOURCE1} $RPM_BUILD_ROOT%{_unitdir}/
|
||||||
|
|
||||||
%pre
|
%pre
|
||||||
getent group tss >/dev/null || groupadd -g 59 -r tss
|
getent group tss >/dev/null || groupadd -f -g 59 -r tss
|
||||||
getent passwd tss >/dev/null || \
|
if ! getent passwd tss >/dev/null ; then
|
||||||
useradd -r -u 59 -g tss -d /dev/null -s /sbin/nologin \
|
if ! getent passwd 59 >/dev/null ; then
|
||||||
-c "Account used by the trousers package to sandbox the tcsd daemon" tss
|
useradd -r -u 59 -g tss -d /dev/null -s /sbin/nologin -c "Account used for TPM access" tss
|
||||||
|
else
|
||||||
|
useradd -r -g tss -d /dev/null -s /sbin/nologin -c "Account used for TPM access" tss
|
||||||
|
fi
|
||||||
|
fi
|
||||||
exit 0
|
exit 0
|
||||||
|
|
||||||
%post
|
%post
|
||||||
@ -106,7 +103,7 @@ exit 0
|
|||||||
%files
|
%files
|
||||||
%doc README ChangeLog
|
%doc README ChangeLog
|
||||||
%{_sbindir}/tcsd
|
%{_sbindir}/tcsd
|
||||||
%config(noreplace) %attr(0600, tss, tss) %{_sysconfdir}/tcsd.conf
|
%config(noreplace) %attr(0640, root, tss) %{_sysconfdir}/tcsd.conf
|
||||||
%{_mandir}/man5/*
|
%{_mandir}/man5/*
|
||||||
%{_mandir}/man8/*
|
%{_mandir}/man8/*
|
||||||
%attr(644,root,root) %{_unitdir}/tcsd.service
|
%attr(644,root,root) %{_unitdir}/tcsd.service
|
||||||
@ -130,6 +127,11 @@ exit 0
|
|||||||
%{_libdir}/libtddl.a
|
%{_libdir}/libtddl.a
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Nov 06 2020 Jerry Snitselaar <jsnitsel@redhat.com> - 0.3.15-1
|
||||||
|
- Rebase to 0.3.15
|
||||||
|
- Fix CVE-2020-24330 CVE-2020-24331 CVE-2020-24332
|
||||||
|
resolves: rhbz#1725782 rhbz#1877517 rhbz#1882402 rhbz#1882414
|
||||||
|
|
||||||
* Wed Jun 05 2019 Jerry Snitselaar <jsnitsel@redhat.com> - 0.3.14-4
|
* Wed Jun 05 2019 Jerry Snitselaar <jsnitsel@redhat.com> - 0.3.14-4
|
||||||
- Fix annocheck warnings
|
- Fix annocheck warnings
|
||||||
resolves: rhbz#1624181
|
resolves: rhbz#1624181
|
||||||
|
Loading…
Reference in New Issue
Block a user