From cc8a1f463e5cec3a0578f65215d65a7eb89c3f67 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 10 Nov 2020 06:10:26 +0000 Subject: [PATCH] import trousers-0.3.15-1.el8 --- .gitignore | 1 + .trousers.metadata | 1 + SOURCES/tcsd.service | 10 + ...rousers-0.3.14-fix-indent-obj_policy.patch | 12 + .../trousers-0.3.14-fix-indent-tspi_key.patch | 18 + SOURCES/trousers-0.3.14-noinline.patch | 14 + .../trousers-0.3.14-unlock-in-err-path.patch | 11 + SPECS/trousers.spec | 313 ++++++++++++++++++ 8 files changed, 380 insertions(+) create mode 100644 .gitignore create mode 100644 .trousers.metadata create mode 100644 SOURCES/tcsd.service create mode 100644 SOURCES/trousers-0.3.14-fix-indent-obj_policy.patch create mode 100644 SOURCES/trousers-0.3.14-fix-indent-tspi_key.patch create mode 100644 SOURCES/trousers-0.3.14-noinline.patch create mode 100644 SOURCES/trousers-0.3.14-unlock-in-err-path.patch create mode 100644 SPECS/trousers.spec diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..52d28fe --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/trousers-0.3.15.tar.gz diff --git a/.trousers.metadata b/.trousers.metadata new file mode 100644 index 0000000..253f73f --- /dev/null +++ b/.trousers.metadata @@ -0,0 +1 @@ +75cd40e17c9385299e50ff2099905865442b59f1 SOURCES/trousers-0.3.15.tar.gz diff --git a/SOURCES/tcsd.service b/SOURCES/tcsd.service new file mode 100644 index 0000000..dd76a33 --- /dev/null +++ b/SOURCES/tcsd.service @@ -0,0 +1,10 @@ +[Unit] +Description=TCG Core Services Daemon + +[Service] +Type=forking +ExecStart=/sbin/tcsd + +[Install] +WantedBy=multi-user.target + diff --git a/SOURCES/trousers-0.3.14-fix-indent-obj_policy.patch b/SOURCES/trousers-0.3.14-fix-indent-obj_policy.patch new file mode 100644 index 0000000..af53ee4 --- /dev/null +++ b/SOURCES/trousers-0.3.14-fix-indent-obj_policy.patch @@ -0,0 +1,12 @@ +diff -ur trousers-0.3.14/src/tspi/obj_policy.c trousers-0.3.14-new/src/tspi/obj_policy.c +--- trousers-0.3.14/src/tspi/obj_policy.c 2014-07-23 12:42:44.000000000 -0700 ++++ trousers-0.3.14-new/src/tspi/obj_policy.c 2019-05-27 13:29:56.720899059 -0700 +@@ -984,7 +984,7 @@ + policy->popupString, + policy->Secret))) + goto done; +- policy->SecretSet = TRUE; ++ policy->SecretSet = TRUE; + } + memcpy(secret, policy->Secret, TPM_SHA1_160_HASH_LEN); + *mode = policy->SecretMode; diff --git a/SOURCES/trousers-0.3.14-fix-indent-tspi_key.patch b/SOURCES/trousers-0.3.14-fix-indent-tspi_key.patch new file mode 100644 index 0000000..9278fc8 --- /dev/null +++ b/SOURCES/trousers-0.3.14-fix-indent-tspi_key.patch @@ -0,0 +1,18 @@ +diff -ur trousers-0.3.14/src/tspi/tspi_key.c trousers-0.3.14-new/src/tspi/tspi_key.c +--- trousers-0.3.14/src/tspi/tspi_key.c 2014-07-23 12:42:45.000000000 -0700 ++++ trousers-0.3.14-new/src/tspi/tspi_key.c 2019-05-27 13:44:42.366735438 -0700 +@@ -370,10 +370,10 @@ + /* get the key to be wrapped's private key */ + if ((result = obj_rsakey_get_priv_blob(hKey, &keyPrivBlobLen, &keyPrivBlob))) + goto done; +- /* verify if its under the maximum size, according to the +- * TPM_STORE_ASYMKEY specification */ +- if (keyPrivBlobLen > TPM_STORE_PRIVKEY_LEN) +- return TSPERR(TSS_E_ENC_INVALID_LENGTH); ++ /* verify if its under the maximum size, according to the ++ * TPM_STORE_ASYMKEY specification */ ++ if (keyPrivBlobLen > TPM_STORE_PRIVKEY_LEN) ++ return TSPERR(TSS_E_ENC_INVALID_LENGTH); + + /* get the key to be wrapped's blob */ + if ((result = obj_rsakey_get_blob(hKey, &keyBlobLen, &keyBlob))) diff --git a/SOURCES/trousers-0.3.14-noinline.patch b/SOURCES/trousers-0.3.14-noinline.patch new file mode 100644 index 0000000..856fd5d --- /dev/null +++ b/SOURCES/trousers-0.3.14-noinline.patch @@ -0,0 +1,14 @@ +diff -ur trousers-0.3.15/src/include/tspps.h trousers-0.3.15-new/src/include/tspps.h +--- trousers-0.3.15/src/include/tspps.h 2020-05-27 23:01:45.000000000 -0700 ++++ trousers-0.3.15-new/src/include/tspps.h 2020-11-06 17:46:53.796319788 -0700 +@@ -18,8 +18,8 @@ + + TSS_RESULT get_file(int *); + int put_file(int); +-inline TSS_RESULT read_data(int, void *, UINT32); +-inline TSS_RESULT write_data(int, void *, UINT32); ++TSS_RESULT read_data(int, void *, UINT32); ++TSS_RESULT write_data(int, void *, UINT32); + UINT32 psfile_get_num_keys(int); + TSS_RESULT psfile_get_parent_uuid_by_uuid(int, TSS_UUID *, TSS_UUID *); + TSS_RESULT psfile_remove_key_by_uuid(int, TSS_UUID *); diff --git a/SOURCES/trousers-0.3.14-unlock-in-err-path.patch b/SOURCES/trousers-0.3.14-unlock-in-err-path.patch new file mode 100644 index 0000000..d4f7540 --- /dev/null +++ b/SOURCES/trousers-0.3.14-unlock-in-err-path.patch @@ -0,0 +1,11 @@ +diff -ur a/src/tspi/obj_context.c b/src/tspi/obj_context.c +--- a/src/tspi/obj_context.c 2014-11-03 12:31:55.000000000 -0700 ++++ b/src/tspi/obj_context.c 2018-08-10 11:02:02.246962638 -0700 +@@ -276,6 +276,7 @@ + context->machineName = (BYTE *)calloc(1, len); + if (context->machineName == NULL) { + LogError("malloc of %u bytes failed.", len); ++ obj_list_put(&context_list); + return TSPERR(TSS_E_OUTOFMEMORY); + } + memcpy(context->machineName, name, len); diff --git a/SPECS/trousers.spec b/SPECS/trousers.spec new file mode 100644 index 0000000..f3502d4 --- /dev/null +++ b/SPECS/trousers.spec @@ -0,0 +1,313 @@ +Name: trousers +Summary: TCG's Software Stack v1.2 +Version: 0.3.15 +Release: 1%{?dist} +License: BSD +Group: System Environment/Libraries +Url: http://trousers.sourceforge.net + +Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz +Source1: tcsd.service +Patch1: trousers-0.3.14-noinline.patch +# submitted upstream https://sourceforge.net/p/trousers/mailman/message/35766729/ +Patch2: trousers-0.3.14-unlock-in-err-path.patch +Patch3: trousers-0.3.14-fix-indent-obj_policy.patch +Patch4: trousers-0.3.14-fix-indent-tspi_key.patch + +BuildRequires: libtool openssl-devel gettext-devel autoconf automake +BuildRequires: systemd +Requires(pre): shadow-utils +Requires(post): systemd-units +Requires(preun): systemd-units +Requires(postun): systemd-units +Requires: %{name}-lib%{?_isa} = %{version}-%{release} + +%description +TrouSerS is an implementation of the Trusted Computing Group's Software Stack +(TSS) specification. You can use TrouSerS to write applications that make use +of your TPM hardware. TPM hardware can create, store and use RSA keys +securely (without ever being exposed in memory), verify a platform's software +state using cryptographic hashes and more. + +%package lib +Summary: TrouSerS libtspi library +Group: Development/Libraries +# Needed obsoletes due to the -lib subpackage split +Obsoletes: trousers < 0.3.13-4 + +%description lib +The libtspi library for use in Trusted Computing enabled applications. + +%package static +Summary: TrouSerS TCG Device Driver Library +Group: Development/Libraries +Requires: %{name}-devel%{?_isa} = %{version}-%{release} + +%description static +The TCG Device Driver Library (TDDL) used by the TrouSerS tcsd as the +interface to the TPM's device driver. For more information about writing +applications to the TDDL interface, see the latest TSS spec at +https://www.trustedcomputinggroup.org/specs/TSS. + +%package devel +Summary: TrouSerS header files and documentation +Group: Development/Libraries +Requires: %{name}-lib%{?_isa} = %{version}-%{release} + +%description devel +Header files and man pages for use in creating Trusted Computing enabled +applications. + +%prep +%autosetup -p1 +# fix man page paths +sed -i -e 's|/var/tpm|/var/lib/tpm|g' -e 's|/usr/local/var|/var|g' man/man5/tcsd.conf.5.in man/man8/tcsd.8.in + +%build +chmod +x ./bootstrap.sh +./bootstrap.sh +%configure --with-gui=openssl +make -k %{?_smp_mflags} + +%install +mkdir -p ${RPM_BUILD_ROOT}/%{_localstatedir}/lib/tpm +make install DESTDIR=${RPM_BUILD_ROOT} INSTALL="install -p" +rm -f ${RPM_BUILD_ROOT}/%{_libdir}/libtspi.la +mkdir -p $RPM_BUILD_ROOT%{_unitdir} +install -m 0644 %{SOURCE1} $RPM_BUILD_ROOT%{_unitdir}/ + +%pre +getent group tss >/dev/null || groupadd -f -g 59 -r tss +if ! getent passwd tss >/dev/null ; then + if ! getent passwd 59 >/dev/null ; then + useradd -r -u 59 -g tss -d /dev/null -s /sbin/nologin -c "Account used for TPM access" tss + else + useradd -r -g tss -d /dev/null -s /sbin/nologin -c "Account used for TPM access" tss + fi +fi +exit 0 + +%post +%systemd_post tcsd.service + +%preun +%systemd_preun tcsd.service + +%postun +%systemd_postun_with_restart tcsd.service + +%post lib -p /sbin/ldconfig + +%postun lib -p /sbin/ldconfig + +%files +%doc README ChangeLog +%{_sbindir}/tcsd +%config(noreplace) %attr(0640, root, tss) %{_sysconfdir}/tcsd.conf +%{_mandir}/man5/* +%{_mandir}/man8/* +%attr(644,root,root) %{_unitdir}/tcsd.service +%attr(0700, tss, tss) %{_localstatedir}/lib/tpm/ + +%files lib +%license LICENSE +%{_libdir}/libtspi.so.? +%{_libdir}/libtspi.so.?.?.? + +%files devel +# The files to be used by developers, 'trousers-devel' +%doc doc/LTC-TSS_LLD_08_r2.pdf doc/TSS_programming_SNAFUs.txt +%attr(0755, root, root) %{_libdir}/libtspi.so +%{_includedir}/tss/ +%{_includedir}/trousers/ +%{_mandir}/man3/Tspi_* + +%files static +# The only static library shipped by trousers, the TDDL +%{_libdir}/libtddl.a + +%changelog +* Fri Nov 06 2020 Jerry Snitselaar - 0.3.15-1 +- Rebase to 0.3.15 +- Fix CVE-2020-24330 CVE-2020-24331 CVE-2020-24332 +resolves: rhbz#1725782 rhbz#1877517 rhbz#1882402 rhbz#1882414 + +* Wed Jun 05 2019 Jerry Snitselaar - 0.3.14-4 +- Fix annocheck warnings +resolves: rhbz#1624181 + +* Mon May 27 2019 Jerry Snitselaar - 0.3.14-3 +- Add initial CI gating support +- Fix covscan reported issues +resolves: rhbz#1602719 + +* Fri Aug 10 2018 Jerry Snitselaar - 0.3.14-2 +- release mutex in error path for obj_context_set_machine_name +resolves: rhbz#1614915 + +* Wed Aug 01 2018 Jerry Snitselaar - 0.3.14-1 +- Rebase to 3.14 release +resolves: rhbz#1614915 + +* Mon Jul 23 2018 Jerry Snitselaar - 0.3.13-11 +- Rebuild with correct source checksum. + +* Fri Feb 09 2018 Fedora Release Engineering - 0.3.13-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Thu Aug 03 2017 Fedora Release Engineering - 0.3.13-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Thu Jul 27 2017 Fedora Release Engineering - 0.3.13-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Tue Feb 7 2017 Peter Robinson 0.3.13-7 +- Add patch for OpenSSL 1.1 + +* Fri Feb 05 2016 Fedora Release Engineering - 0.3.13-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Fri Jun 19 2015 Fedora Release Engineering - 0.3.13-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Tue May 26 2015 Tomáš Mráz 0.3.13-4 +- Split libtspi to a trousers-lib subpackage (#1225062) +- Fix FTBFS with current gcc (drop inline keyword when bogus) + +* Mon Aug 18 2014 Fedora Release Engineering - 0.3.13-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sun Jun 08 2014 Fedora Release Engineering - 0.3.13-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Thu May 15 2014 Steve Grubb 0.3.13-1 +- New upstream bug fix release + +* Tue Mar 18 2014 Steve Grubb 0.3.11.2-3 +- Fix crash when linking libgnutls and libmysqlclient (#1069079) +- Don't order tcsd after syslog.target (#1055198) + +* Thu Feb 13 2014 Peter Robinson 0.3.11.2-2 +- Minor spec cleanups + +* Mon Aug 19 2013 Steve Grubb 0.3.11.2-1 +- New upstream bug fix and license change release + +* Sun Aug 04 2013 Fedora Release Engineering - 0.3.10-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Sun Jun 02 2013 Steve Grubb 0.3.10-3 +- Remove +x bit from service file (#963916) + +* Fri Feb 15 2013 Fedora Release Engineering - 0.3.10-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Tue Sep 25 2012 Steve Grubb 0.3.10-1 +- New upstream bug fix release + +* Thu Aug 30 2012 Steve Grubb 0.3.9-4 +- Make daemon full RELRO + +* Mon Aug 27 2012 Steve Grubb 0.3.9-3 +- bz #836476 - Provide native systemd service + +* Sun Jul 22 2012 Fedora Release Engineering - 0.3.9-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Thu Jun 21 2012 Steve Grubb 0.3.9-1 +- New upstream bug fix release + +* Sat Jan 14 2012 Fedora Release Engineering - 0.3.6-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Fri Apr 08 2011 Steve Grubb 0.3.6-1 +- New upstream bug fix release + +* Thu Feb 10 2011 Miloš Jakubíček - 0.3.4-5 +- Fix paths in man pages, mark them as %%doc -- fix BZ#676394 + +* Wed Feb 09 2011 Fedora Release Engineering - 0.3.4-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Sat May 01 2010 Miloš Jakubíček - 0.3.4-3 +- Fix init script to conform to Fedora guidelines +- Do not overuse macros + +* Mon Feb 08 2010 Steve Grubb 0.3.4-2 +- Fix issue freeing a data structure + +* Fri Jan 29 2010 Steve Grubb 0.3.4-1 +- New upstream bug fix release +- Upstream requested the tpm-emulator patch be dropped + +* Fri Aug 21 2009 Tomas Mraz - 0.3.1-19 +- rebuilt with new openssl + +* Sun Jul 26 2009 Fedora Release Engineering - 0.3.1-18 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Thu May 14 2009 Milos Jakubicek - 0.3.1-17 +- Do not overuse macros. +- Removed unnecessary file requirements on chkconfig, ldconfig and service, + now requiring the initscripts and chkconfig packages. + +* Wed May 06 2009 Milos Jakubicek - 0.3.1-16 +- Fix a typo in groupadd causing the %%pre scriptlet to fail (resolves BZ#486155). + +* Mon Apr 27 2009 Milos Jakubicek - 0.3.1-15 +- Fix FTBFS: added trousers-0.3.1-gcc44.patch + +* Wed Feb 25 2009 Fedora Release Engineering - 0.3.1-14 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Sun Jan 18 2009 Tomas Mraz - 0.3.1-13 +- rebuild with new openssl + +* Tue Dec 16 2008 David Woodhouse - 0.3.1-12 +- Bump release to avoid wrong tag in rawhide + +* Tue Dec 16 2008 David Woodhouse - 0.3.1-11 +- Work around SELinux namespace pollution (#464037) +- Use SO_REUSEADDR +- Use TPM emulator if it's available and no hardware is + +* Fri Aug 08 2008 Emily Ratliff - 0.3.1-10 +- Use the uid/gid pair assigned to trousers from BZ#457593 + +* Fri Aug 01 2008 Emily Ratliff - 0.3.1-9 +- Incorporated changes from the RHEL package which were done by Steve Grubb + +* Wed Jun 04 2008 Emily Ratliff - 0.3.1-8 +- Fix cast issue preventing successful build on ppc64 and x86_64 + +* Tue Jun 03 2008 Emily Ratliff - 0.3.1-7 +- Fix for BZ #434267 and #440733. Patch authored by Debora Velarde + +* Tue Feb 19 2008 Fedora Release Engineering - 0.3.1-6 +- Autorebuild for GCC 4.3 + +* Mon Dec 17 2007 Kent Yoder - 0.3.1-5 +- Updated static rpm's comment line (too long) + +* Thu Dec 13 2007 Kent Yoder - 0.3.1-4 +- Updated specfile for RHBZ#323441 comment #28 + +* Wed Dec 12 2007 Kent Yoder - 0.3.1-3 +- Updated specfile for RHBZ#323441 comment #22 + +* Wed Nov 28 2007 Kent Yoder - 0.3.1-2 +- Updated to include the include dirs in the devel package; +added the no-install-hooks patch + +* Wed Nov 28 2007 Kent Yoder - 0.3.1-1 +- Updated specfile for RHBZ#323441 comment #13 + +* Mon Nov 12 2007 Kent Yoder - 0.3.1 +- Updated specfile for comments in RHBZ#323441 + +* Wed Jun 07 2006 Kent Yoder - 0.2.6-1 +- Updated build section to use smp_mflags +- Removed .la file from installed dest and files section + +* Tue Jun 06 2006 Kent Yoder - 0.2.6-1 +- Initial add of changelog tag for trousers CVS