commit bead0120d50a3ed7a8a0b85b6c0bf575e6a1f851 Author: CentOS Sources Date: Mon Jul 29 23:42:13 2019 -0400 import trousers-0.3.14-4.el8 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..8214f68 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/trousers-0.3.14.tar.gz diff --git a/.trousers.metadata b/.trousers.metadata new file mode 100644 index 0000000..b677878 --- /dev/null +++ b/.trousers.metadata @@ -0,0 +1 @@ +9ca2cc9e1179465f6c5d9055e2b855e25031b85a SOURCES/trousers-0.3.14.tar.gz diff --git a/SOURCES/tcsd.service b/SOURCES/tcsd.service new file mode 100644 index 0000000..dd76a33 --- /dev/null +++ b/SOURCES/tcsd.service @@ -0,0 +1,10 @@ +[Unit] +Description=TCG Core Services Daemon + +[Service] +Type=forking +ExecStart=/sbin/tcsd + +[Install] +WantedBy=multi-user.target + diff --git a/SOURCES/trousers-0.3.14-double-free.patch b/SOURCES/trousers-0.3.14-double-free.patch new file mode 100644 index 0000000..ef7a36a --- /dev/null +++ b/SOURCES/trousers-0.3.14-double-free.patch @@ -0,0 +1,27 @@ +diff -ur trousers-0.3.14/src/tspi/tsp_auth.c trousers-0.3.14-new/src/tspi/tsp_auth.c +--- trousers-0.3.14/src/tspi/tsp_auth.c 2014-07-23 12:42:45.000000000 -0700 ++++ trousers-0.3.14-new/src/tspi/tsp_auth.c 2019-05-27 13:41:57.316000945 -0700 +@@ -1221,7 +1221,7 @@ + } + + *handles = handle; +- handles_track = handles; ++ handles_track = handles; + + // Since the call tree of this function can possibly alloc memory + // (check RPC_ExecuteTransport_TP function), its better to keep track of +@@ -1229,9 +1229,11 @@ + result = obj_context_transport_execute(tspContext, TPM_ORD_Terminate_Handle, 0, NULL, + NULL, &handlesLen, &handles, NULL, NULL, NULL, NULL); + +- free(handles); +- handles = NULL; +- free(handles_track); ++ if (handles != handles_track) { ++ free(handles); ++ } ++ ++ free(handles_track); + + return result; + } diff --git a/SOURCES/trousers-0.3.14-fix-indent-obj_policy.patch b/SOURCES/trousers-0.3.14-fix-indent-obj_policy.patch new file mode 100644 index 0000000..af53ee4 --- /dev/null +++ b/SOURCES/trousers-0.3.14-fix-indent-obj_policy.patch @@ -0,0 +1,12 @@ +diff -ur trousers-0.3.14/src/tspi/obj_policy.c trousers-0.3.14-new/src/tspi/obj_policy.c +--- trousers-0.3.14/src/tspi/obj_policy.c 2014-07-23 12:42:44.000000000 -0700 ++++ trousers-0.3.14-new/src/tspi/obj_policy.c 2019-05-27 13:29:56.720899059 -0700 +@@ -984,7 +984,7 @@ + policy->popupString, + policy->Secret))) + goto done; +- policy->SecretSet = TRUE; ++ policy->SecretSet = TRUE; + } + memcpy(secret, policy->Secret, TPM_SHA1_160_HASH_LEN); + *mode = policy->SecretMode; diff --git a/SOURCES/trousers-0.3.14-fix-indent-tspi_key.patch b/SOURCES/trousers-0.3.14-fix-indent-tspi_key.patch new file mode 100644 index 0000000..9278fc8 --- /dev/null +++ b/SOURCES/trousers-0.3.14-fix-indent-tspi_key.patch @@ -0,0 +1,18 @@ +diff -ur trousers-0.3.14/src/tspi/tspi_key.c trousers-0.3.14-new/src/tspi/tspi_key.c +--- trousers-0.3.14/src/tspi/tspi_key.c 2014-07-23 12:42:45.000000000 -0700 ++++ trousers-0.3.14-new/src/tspi/tspi_key.c 2019-05-27 13:44:42.366735438 -0700 +@@ -370,10 +370,10 @@ + /* get the key to be wrapped's private key */ + if ((result = obj_rsakey_get_priv_blob(hKey, &keyPrivBlobLen, &keyPrivBlob))) + goto done; +- /* verify if its under the maximum size, according to the +- * TPM_STORE_ASYMKEY specification */ +- if (keyPrivBlobLen > TPM_STORE_PRIVKEY_LEN) +- return TSPERR(TSS_E_ENC_INVALID_LENGTH); ++ /* verify if its under the maximum size, according to the ++ * TPM_STORE_ASYMKEY specification */ ++ if (keyPrivBlobLen > TPM_STORE_PRIVKEY_LEN) ++ return TSPERR(TSS_E_ENC_INVALID_LENGTH); + + /* get the key to be wrapped's blob */ + if ((result = obj_rsakey_get_blob(hKey, &keyBlobLen, &keyBlob))) diff --git a/SOURCES/trousers-0.3.14-memset.patch b/SOURCES/trousers-0.3.14-memset.patch new file mode 100644 index 0000000..f8a2804 --- /dev/null +++ b/SOURCES/trousers-0.3.14-memset.patch @@ -0,0 +1,28 @@ +diff -ur trousers-0.3.14/src/include/spi_utils.h trousers-0.3.14-new/src/include/spi_utils.h +--- trousers-0.3.14/src/include/spi_utils.h 2014-07-23 12:42:44.000000000 -0700 ++++ trousers-0.3.14-new/src/include/spi_utils.h 2019-06-05 11:25:12.278782622 -0700 +@@ -53,7 +53,7 @@ + void *calloc_tspi(TSS_HCONTEXT, UINT32); + TSS_RESULT free_tspi(TSS_HCONTEXT, void *); + TSS_RESULT __tspi_add_mem_entry(TSS_HCONTEXT, void *); +-void * __no_optimize __tspi_memset(void *, int, size_t); ++void * __tspi_memset(void *, int, size_t); + + /* secrets.c */ + +diff -ur trousers-0.3.14/src/tspi/tsp_context_mem.c trousers-0.3.14-new/src/tspi/tsp_context_mem.c +--- trousers-0.3.14/src/tspi/tsp_context_mem.c 2014-07-23 12:42:45.000000000 -0700 ++++ trousers-0.3.14-new/src/tspi/tsp_context_mem.c 2019-06-05 11:27:23.585033966 -0700 +@@ -258,8 +258,10 @@ + } + + /* definition for a memset that cannot be optimized away */ +-void * __no_optimize ++void * + __tspi_memset(void *s, int c, size_t n) + { +- return memset(s, c, n); ++ memset(s, c, n); ++ asm volatile("" ::: "memory"); ++ return s; + } diff --git a/SOURCES/trousers-0.3.14-noinline.patch b/SOURCES/trousers-0.3.14-noinline.patch new file mode 100644 index 0000000..2880bb3 --- /dev/null +++ b/SOURCES/trousers-0.3.14-noinline.patch @@ -0,0 +1,14 @@ +diff -ur a/src/include/tspps.h b/src/include/tspps.h +--- a/src/include/tspps.h 2014-07-23 12:42:44.000000000 -0700 ++++ b/src/include/tspps.h 2018-08-01 19:33:42.454192873 -0700 +@@ -18,8 +18,8 @@ + + TSS_RESULT get_file(int *); + int put_file(int); +-inline TSS_RESULT read_data(int, void *, UINT32); +-inline TSS_RESULT write_data(int, void *, UINT32); ++TSS_RESULT read_data(int, void *, UINT32); ++TSS_RESULT write_data(int, void *, UINT32); + UINT32 psfile_get_num_keys(int); + TSS_RESULT psfile_get_parent_uuid_by_uuid(int, TSS_UUID *, TSS_UUID *); + TSS_RESULT psfile_remove_key_by_uuid(int, TSS_UUID *); diff --git a/SOURCES/trousers-0.3.14-unlock-in-err-path.patch b/SOURCES/trousers-0.3.14-unlock-in-err-path.patch new file mode 100644 index 0000000..d4f7540 --- /dev/null +++ b/SOURCES/trousers-0.3.14-unlock-in-err-path.patch @@ -0,0 +1,11 @@ +diff -ur a/src/tspi/obj_context.c b/src/tspi/obj_context.c +--- a/src/tspi/obj_context.c 2014-11-03 12:31:55.000000000 -0700 ++++ b/src/tspi/obj_context.c 2018-08-10 11:02:02.246962638 -0700 +@@ -276,6 +276,7 @@ + context->machineName = (BYTE *)calloc(1, len); + if (context->machineName == NULL) { + LogError("malloc of %u bytes failed.", len); ++ obj_list_put(&context_list); + return TSPERR(TSS_E_OUTOFMEMORY); + } + memcpy(context->machineName, name, len); diff --git a/SPECS/trousers.spec b/SPECS/trousers.spec new file mode 100644 index 0000000..9ced8b5 --- /dev/null +++ b/SPECS/trousers.spec @@ -0,0 +1,311 @@ +Name: trousers +Summary: TCG's Software Stack v1.2 +Version: 0.3.14 +Release: 4%{?dist} +License: BSD +Group: System Environment/Libraries +Url: http://trousers.sourceforge.net + +Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz +Source1: tcsd.service +Patch1: trousers-0.3.14-noinline.patch +# submitted upstream https://sourceforge.net/p/trousers/mailman/message/35766729/ +Patch2: trousers-0.3.14-unlock-in-err-path.patch +Patch3: trousers-0.3.14-fix-indent-obj_policy.patch +Patch4: trousers-0.3.14-double-free.patch +Patch5: trousers-0.3.14-fix-indent-tspi_key.patch +# submitted upstream +Patch6: trousers-0.3.14-memset.patch + +BuildRequires: libtool, openssl-devel +BuildRequires: systemd +Requires(pre): shadow-utils +Requires(post): systemd-units +Requires(preun): systemd-units +Requires(postun): systemd-units +Requires: %{name}-lib%{?_isa} = %{version}-%{release} + +%description +TrouSerS is an implementation of the Trusted Computing Group's Software Stack +(TSS) specification. You can use TrouSerS to write applications that make use +of your TPM hardware. TPM hardware can create, store and use RSA keys +securely (without ever being exposed in memory), verify a platform's software +state using cryptographic hashes and more. + +%package lib +Summary: TrouSerS libtspi library +Group: Development/Libraries +# Needed obsoletes due to the -lib subpackage split +Obsoletes: trousers < 0.3.13-4 + +%description lib +The libtspi library for use in Trusted Computing enabled applications. + +%package static +Summary: TrouSerS TCG Device Driver Library +Group: Development/Libraries +Requires: %{name}-devel%{?_isa} = %{version}-%{release} + +%description static +The TCG Device Driver Library (TDDL) used by the TrouSerS tcsd as the +interface to the TPM's device driver. For more information about writing +applications to the TDDL interface, see the latest TSS spec at +https://www.trustedcomputinggroup.org/specs/TSS. + +%package devel +Summary: TrouSerS header files and documentation +Group: Development/Libraries +Requires: %{name}-lib%{?_isa} = %{version}-%{release} + +%description devel +Header files and man pages for use in creating Trusted Computing enabled +applications. + +%prep +%setup -cq +%patch1 -p1 -b .noinline +%patch2 -p1 -b .unlock +%patch3 -p1 -b .indent_obj_policy +%patch4 -p1 -b .double_free +%patch5 -p1 -b .indent_tspi_key +%patch6 -p1 -b .memset +# fix man page paths +sed -i -e 's|/var/tpm|/var/lib/tpm|g' -e 's|/usr/local/var|/var|g' man/man5/tcsd.conf.5.in man/man8/tcsd.8.in + +%build +%configure --with-gui=openssl +make -k %{?_smp_mflags} + +%install +mkdir -p ${RPM_BUILD_ROOT}/%{_localstatedir}/lib/tpm +make install DESTDIR=${RPM_BUILD_ROOT} INSTALL="install -p" +rm -f ${RPM_BUILD_ROOT}/%{_libdir}/libtspi.la +mkdir -p $RPM_BUILD_ROOT%{_unitdir} +install -m 0644 %{SOURCE1} $RPM_BUILD_ROOT%{_unitdir}/ + +%pre +getent group tss >/dev/null || groupadd -g 59 -r tss +getent passwd tss >/dev/null || \ +useradd -r -u 59 -g tss -d /dev/null -s /sbin/nologin \ + -c "Account used by the trousers package to sandbox the tcsd daemon" tss +exit 0 + +%post +%systemd_post tcsd.service + +%preun +%systemd_preun tcsd.service + +%postun +%systemd_postun_with_restart tcsd.service + +%post lib -p /sbin/ldconfig + +%postun lib -p /sbin/ldconfig + +%files +%doc README ChangeLog +%{_sbindir}/tcsd +%config(noreplace) %attr(0600, tss, tss) %{_sysconfdir}/tcsd.conf +%{_mandir}/man5/* +%{_mandir}/man8/* +%attr(644,root,root) %{_unitdir}/tcsd.service +%attr(0700, tss, tss) %{_localstatedir}/lib/tpm/ + +%files lib +%license LICENSE +%{_libdir}/libtspi.so.? +%{_libdir}/libtspi.so.?.?.? + +%files devel +# The files to be used by developers, 'trousers-devel' +%doc doc/LTC-TSS_LLD_08_r2.pdf doc/TSS_programming_SNAFUs.txt +%attr(0755, root, root) %{_libdir}/libtspi.so +%{_includedir}/tss/ +%{_includedir}/trousers/ +%{_mandir}/man3/Tspi_* + +%files static +# The only static library shipped by trousers, the TDDL +%{_libdir}/libtddl.a + +%changelog +* Wed Jun 05 2019 Jerry Snitselaar - 0.3.14-4 +- Fix annocheck warnings +resolves: rhbz#1624181 + +* Mon May 27 2019 Jerry Snitselaar - 0.3.14-3 +- Add initial CI gating support +- Fix covscan reported issues +resolves: rhbz#1602719 + +* Fri Aug 10 2018 Jerry Snitselaar - 0.3.14-2 +- release mutex in error path for obj_context_set_machine_name +resolves: rhbz#1614915 + +* Wed Aug 01 2018 Jerry Snitselaar - 0.3.14-1 +- Rebase to 3.14 release +resolves: rhbz#1614915 + +* Mon Jul 23 2018 Jerry Snitselaar - 0.3.13-11 +- Rebuild with correct source checksum. + +* Fri Feb 09 2018 Fedora Release Engineering - 0.3.13-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Thu Aug 03 2017 Fedora Release Engineering - 0.3.13-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Thu Jul 27 2017 Fedora Release Engineering - 0.3.13-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Tue Feb 7 2017 Peter Robinson 0.3.13-7 +- Add patch for OpenSSL 1.1 + +* Fri Feb 05 2016 Fedora Release Engineering - 0.3.13-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Fri Jun 19 2015 Fedora Release Engineering - 0.3.13-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Tue May 26 2015 Tomáš Mráz 0.3.13-4 +- Split libtspi to a trousers-lib subpackage (#1225062) +- Fix FTBFS with current gcc (drop inline keyword when bogus) + +* Mon Aug 18 2014 Fedora Release Engineering - 0.3.13-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sun Jun 08 2014 Fedora Release Engineering - 0.3.13-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Thu May 15 2014 Steve Grubb 0.3.13-1 +- New upstream bug fix release + +* Tue Mar 18 2014 Steve Grubb 0.3.11.2-3 +- Fix crash when linking libgnutls and libmysqlclient (#1069079) +- Don't order tcsd after syslog.target (#1055198) + +* Thu Feb 13 2014 Peter Robinson 0.3.11.2-2 +- Minor spec cleanups + +* Mon Aug 19 2013 Steve Grubb 0.3.11.2-1 +- New upstream bug fix and license change release + +* Sun Aug 04 2013 Fedora Release Engineering - 0.3.10-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Sun Jun 02 2013 Steve Grubb 0.3.10-3 +- Remove +x bit from service file (#963916) + +* Fri Feb 15 2013 Fedora Release Engineering - 0.3.10-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Tue Sep 25 2012 Steve Grubb 0.3.10-1 +- New upstream bug fix release + +* Thu Aug 30 2012 Steve Grubb 0.3.9-4 +- Make daemon full RELRO + +* Mon Aug 27 2012 Steve Grubb 0.3.9-3 +- bz #836476 - Provide native systemd service + +* Sun Jul 22 2012 Fedora Release Engineering - 0.3.9-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Thu Jun 21 2012 Steve Grubb 0.3.9-1 +- New upstream bug fix release + +* Sat Jan 14 2012 Fedora Release Engineering - 0.3.6-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Fri Apr 08 2011 Steve Grubb 0.3.6-1 +- New upstream bug fix release + +* Thu Feb 10 2011 Miloš Jakubíček - 0.3.4-5 +- Fix paths in man pages, mark them as %%doc -- fix BZ#676394 + +* Wed Feb 09 2011 Fedora Release Engineering - 0.3.4-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Sat May 01 2010 Miloš Jakubíček - 0.3.4-3 +- Fix init script to conform to Fedora guidelines +- Do not overuse macros + +* Mon Feb 08 2010 Steve Grubb 0.3.4-2 +- Fix issue freeing a data structure + +* Fri Jan 29 2010 Steve Grubb 0.3.4-1 +- New upstream bug fix release +- Upstream requested the tpm-emulator patch be dropped + +* Fri Aug 21 2009 Tomas Mraz - 0.3.1-19 +- rebuilt with new openssl + +* Sun Jul 26 2009 Fedora Release Engineering - 0.3.1-18 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Thu May 14 2009 Milos Jakubicek - 0.3.1-17 +- Do not overuse macros. +- Removed unnecessary file requirements on chkconfig, ldconfig and service, + now requiring the initscripts and chkconfig packages. + +* Wed May 06 2009 Milos Jakubicek - 0.3.1-16 +- Fix a typo in groupadd causing the %%pre scriptlet to fail (resolves BZ#486155). + +* Mon Apr 27 2009 Milos Jakubicek - 0.3.1-15 +- Fix FTBFS: added trousers-0.3.1-gcc44.patch + +* Wed Feb 25 2009 Fedora Release Engineering - 0.3.1-14 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Sun Jan 18 2009 Tomas Mraz - 0.3.1-13 +- rebuild with new openssl + +* Tue Dec 16 2008 David Woodhouse - 0.3.1-12 +- Bump release to avoid wrong tag in rawhide + +* Tue Dec 16 2008 David Woodhouse - 0.3.1-11 +- Work around SELinux namespace pollution (#464037) +- Use SO_REUSEADDR +- Use TPM emulator if it's available and no hardware is + +* Fri Aug 08 2008 Emily Ratliff - 0.3.1-10 +- Use the uid/gid pair assigned to trousers from BZ#457593 + +* Fri Aug 01 2008 Emily Ratliff - 0.3.1-9 +- Incorporated changes from the RHEL package which were done by Steve Grubb + +* Wed Jun 04 2008 Emily Ratliff - 0.3.1-8 +- Fix cast issue preventing successful build on ppc64 and x86_64 + +* Tue Jun 03 2008 Emily Ratliff - 0.3.1-7 +- Fix for BZ #434267 and #440733. Patch authored by Debora Velarde + +* Tue Feb 19 2008 Fedora Release Engineering - 0.3.1-6 +- Autorebuild for GCC 4.3 + +* Mon Dec 17 2007 Kent Yoder - 0.3.1-5 +- Updated static rpm's comment line (too long) + +* Thu Dec 13 2007 Kent Yoder - 0.3.1-4 +- Updated specfile for RHBZ#323441 comment #28 + +* Wed Dec 12 2007 Kent Yoder - 0.3.1-3 +- Updated specfile for RHBZ#323441 comment #22 + +* Wed Nov 28 2007 Kent Yoder - 0.3.1-2 +- Updated to include the include dirs in the devel package; +added the no-install-hooks patch + +* Wed Nov 28 2007 Kent Yoder - 0.3.1-1 +- Updated specfile for RHBZ#323441 comment #13 + +* Mon Nov 12 2007 Kent Yoder - 0.3.1 +- Updated specfile for comments in RHBZ#323441 + +* Wed Jun 07 2006 Kent Yoder - 0.2.6-1 +- Updated build section to use smp_mflags +- Removed .la file from installed dest and files section + +* Tue Jun 06 2006 Kent Yoder - 0.2.6-1 +- Initial add of changelog tag for trousers CVS