Changelog for trousers-devel-0.3.15-150400.1.10.x86_64.rpm :

* Tue Oct 05 2021 matthias.gerstnerAATTsuse.com- update to new upstream version 0.3.15 (jira#SLE-18269): - Corrected mutliple security issues that existed if the tcsd is started by root instead of the tss user. CVE-2020-24332, CVE-2020-24330, CVE-2020-24331 - Replaced use of _no_optimize with asm memory barrier - Fixed multiple potential instances of use after free memory handling - Removed unused global variables which caused build issue on some distros- drop bsc1164472.patch: now contained in upstream tarball- adjusted %setup macro invocation which seemed to be wrong
* Mon May 25 2020 matthias.gerstnerAATTsuse.com- fix a potential tss user to root privilege escalation when running tcsd (bsc#1164472). To do this run tcsd as the \'tss\' user right away to prevent badly designed privilege drop and initialization code to run.- add bsc1164472.patch: additionally harden operation of tcsd when running as root. No longer follow symlinks in /var/lib/tpm. Drop gid to tss main group. require /etc/tcsd.conf to be owned by root:tss mode 0640.
* Tue Nov 26 2019 matthias.gerstnerAATTsuse.com- Fix a local symlink attack problem with the %posttrans scriptlet (bsc#1157651, CVE-2019-18898). A rogue tss user could have used this attack to gain ownership of arbitrary files in the system during installation/update of the trousers package.
* Tue Oct 30 2018 matthias.gerstnerAATTsuse.com- fix wrong installation of system.data.{auth,noauth} into /var/lib/tpm. These files are only sample files that
*can
* be used to fake that ownership was already taken by trousers, when other TPM stacks did that already. These files should not be there by default. Therefore install them into /usr/share/trousers instead, to allow the user to use them at his own discretion (fixes bsc#1111381).- implement a backup and restore logic for /var/lib/tpm/system.data.
* to prevent removal of validly stored trousers state during update.
* Sun Jan 01 2017 mailaenderAATTopensuse.org- Update to version 0.3.14 (see ChangeLog) (FATE#321450)
* Fri May 06 2016 jengelhAATTinai.de- Check for user/group existence before attempting to add them, and remove error suppression from these calls.- Avoid runtime dependency on systemd, the macros can all deal with its absence.
* Fri Jun 19 2015 crrodriguezAATTopensuse.org- Force GNU inline semantics, fixes build with GCC5
* Thu Apr 02 2015 mpluskalAATTsuse.com- Cleanup spec-file with spec-cleaner- Update prerequires- Use systemd unit file
* replace tcsd.init with tcsd.service
* Tue Jun 03 2014 meissnerAATTsuse.com- updated to trousers 0.3.13 (bnc#881095 LTC#111124) - Changed exported functions which had a name too common, to avoid collision - Assessed daemon security using manual techniques and coverity - Fixed major security bugs and memory leaks - Added debug support to run tcsd with a different user/group - Daemon now properly closes sockets before shutting down
* TROUSERS_0_3_12 - Added new network code for RPC, which supports IPv6 - Users of client applications can configure the hostname of the tcsd server they want to connect through the TSS_TCSD_HOSTNAME env var (only works if application didn\'t set a hostname in the context) - Added disable_ipv4 and disable_ipv6 config options for server- removed trousers-wrap_large_key_overflow.patch: upstream- removed trousers-0.3.11.2.diff: solved upstream now
* Wed Mar 19 2014 meissnerAATTsuse.com- trousers-wrap_large_key_overflow.patch: Do not wrap keys larger than 2048 bit, as the space on the TPM is limited to that amount. (bnc#868933)