Changelog for
libtspi1-0.3.15-3.13.x86_64.rpm :
* Mon Aug 22 2022 dimstarAATTopensuse.org- BuildRequire pkgconfig(udev) instead of udev: allow OBS to shortcut through the -mini flavors.
* Tue Apr 12 2022 meissnerAATTsuse.com- changed urls to https (except main URL which has no https)
* Thu Nov 25 2021 jsegitzAATTsuse.com- Added hardening to systemd service(s) (bsc#1181400). Modified:
* tcsd.service
* Tue Oct 05 2021 matthias.gerstnerAATTsuse.com- move libraries to /usr/lib (bsc#1191102)
* Thu Nov 05 2020 matthias.gerstnerAATTsuse.com- update to new upstream version 0.3.15: - Corrected mutliple security issues that existed if the tcsd is started by root instead of the tss user. CVE-2020-24332, CVE-2020-24330, CVE-2020-24331 - Replaced use of _no_optimize with asm memory barrier - Fixed multiple potential instances of use after free memory handling - Removed unused global variables which caused build issue on some distros- drop gcc-10.patch: now contained in upstream tarball- drop bsc1164472.patch: now contained in upstream tarball- adjusted %setup macro invocation which seemed to be wrong
* Mon Jul 27 2020 matthias.gerstnerAATTsuse.com- In a previous commit the Requires line for the tss user got accidentally dropped. This change reintroduces it.
* Tue Jun 02 2020 matthias.gerstnerAATTsuse.com- add gcc-10.patch: fixes the build on gcc 10 by removing unused global variables. This patch was posted on the TrouSerS mailing list [1]. [1]: https://sourceforge.net/p/trousers/mailman/message/36951419/
* Wed May 20 2020 matthias.gerstnerAATTsuse.com- get rid of %pre/%post logic that fixes the old packaging bug. Turns out %pretrans and %posttrans had their purpose before, because the logic needed to run before old files owned by the package got deleted. But I\'m not reimplementing this strange logic in Lua ... users that didn\'t get the fix yet will have to live with it.
* Wed May 20 2020 matthias.gerstnerAATTsuse.com- fix a potential tss user to root privilege escalation when running tcsd (bsc#1164472). To do this run tcsd as the \'tss\' user right away to prevent badly designed privilege drop and initialization code to run.- add bsc1164472.patch: additionally harden operation of tcsd when running as root. No longer follow symlinks in /var/lib/tpm. Drop gid to tss main group. require /etc/tcsd.conf to be owned by root:tss mode 0640.
* Wed May 13 2020 matthias.gerstnerAATTsuse.com- add correct Requires(pre) and change %pretrans and %posttrans into %pre and %post. %pretrans can\'t have any dependencies and therefore can only be %implemented in lua. This currently leads to build errors \"/bin/sh: no such file or directory\".
* Wed Feb 19 2020 matthias.gerstnerAATTsuse.com- leave creation of /var/lib/tpm to the new system-user-tss package. Otherwise we\'re getting conflicts in packages depending on trousers (bsc#1162360).
* Fri Jan 31 2020 msuchanekAATTsuse.com- Use system-users for tss user creation (boo#1162360).
* Tue Nov 26 2019 matthias.gerstnerAATTsuse.com- Fix a local symlink attack problem with the %posttrans scriptlet (bsc#1157651, CVE-2019-18898). A rogue tss user could have used this attack to gain ownership of arbitrary files in the system during installation/update of the trousers package.
* Mon Sep 09 2019 matthias.gerstnerAATTsuse.com- add fix-lto.patch: This fixes the rpmlint error: trousers-devel.x86_64: E: lto-no-text-in-archive (Badness: 10000) /usr/lib64/libtddl.a objcopy/strip seem not to support the LTO linking and discard the actual text section from libtddl.a. By passing -ffat-lto-objects the object format is kept compatible with unaware tools and fixes the error.
* Fri Apr 26 2019 mvetterAATTsuse.com- bsc#1130588: Require shadow instead of old pwdutils
* Fri Oct 26 2018 matthias.gerstnerAATTsuse.com- fix mode of /var/lib/tpm, was missing the execute bit in the previous version.- implement a backup and restore logic for /var/lib/tpm/system.data.
* to prevent removal of validly stored trousers state during update. See previous comment for the packaging error that leads to this requirement.
* Wed Oct 24 2018 matthias.gerstnerAATTsuse.com- fix wrong installation of system.data.{auth,noauth} into /var/lib/tpm. These files are only sample files that
*can
* be used to fake that ownership was already taken by trousers, when other TPM stacks did that already. These files should not be there by default. Therefore install them into /usr/share/trousers instead, to allow the user to use them at his own discretion (fixes bsc#1111381).
* Sun Jan 01 2017 mailaenderAATTopensuse.org- Update to version 0.3.14 (see ChangeLog) (FATE#321450)
* Fri May 06 2016 jengelhAATTinai.de- Check for user/group existence before attempting to add them, and remove error suppression from these calls.- Avoid runtime dependency on systemd, the macros can all deal with its absence.
* Fri Jun 19 2015 crrodriguezAATTopensuse.org- Force GNU inline semantics, fixes build with GCC5
* Thu Apr 02 2015 mpluskalAATTsuse.com- Cleanup spec-file with spec-cleaner- Update prerequires- Use systemd unit file
* replace tcsd.init with tcsd.service
* Tue Jun 03 2014 meissnerAATTsuse.com- updated to trousers 0.3.13 (bnc#881095 LTC#111124) - Changed exported functions which had a name too common, to avoid collision - Assessed daemon security using manual techniques and coverity - Fixed major security bugs and memory leaks - Added debug support to run tcsd with a different user/group - Daemon now properly closes sockets before shutting down
* TROUSERS_0_3_12 - Added new network code for RPC, which supports IPv6 - Users of client applications can configure the hostname of the tcsd server they want to connect through the TSS_TCSD_HOSTNAME env var (only works if application didn\'t set a hostname in the context) - Added disable_ipv4 and disable_ipv6 config options for server- removed trousers-wrap_large_key_overflow.patch: upstream- removed trousers-0.3.11.2.diff: solved upstream now
* Wed Mar 19 2014 meissnerAATTsuse.com- trousers-wrap_large_key_overflow.patch: Do not wrap keys larger than 2048 bit, as the space on the TPM is limited to that amount. (bnc#868933)
* Tue Jan 14 2014 meissnerAATTsuse.com- Updated to trousers 0.3.11.2 - license changed to BSD-3-Clause - various bug and manpage fixes- trousers-0.3.10.diff renamed and rebased to trousers-0.3.11.2.diff
* Fri Sep 28 2012 meissnerAATTsuse.com- updated to trousers 0.3.10 - bugfixes - context checking
* Fri May 18 2012 meissnerAATTsuse.de- Updated to trousers 0.3.9 - lots of bugfixes
* Wed Mar 28 2012 meissnerAATTsuse.de- Updated to TROUSERS_0_3_8 - Fix ssl_ui.c overflow - Handling of TPM_CERTIFY_INFO2 structure special case - Fix possible obfuscation of obj_migdata.c errors. - Make 1.2 keys respect the TPM_PCRIGNOREDONREAD flag. - PCRInfo member allocation in Trspi_Unload_CERTIFY_INFO. - Add functions for deserializing NVRAM related data structures - Add NVRAM specific error messages - Fix spec file so one can build an rpm - Initialize the tcsd_config_file with NULL. - support for -c
command line option - Establish a .gitignore file - ENDIAN_H and htole definition fix
* Tue Mar 13 2012 cfarrellAATTsuse.com- license update: CPL-1.0 SPDX format
* Sat Nov 19 2011 cooloAATTsuse.com- add libtool as buildrequire to avoid implicit dependency
* Mon Jun 20 2011 meissnerAATTsuse.de- Updated to TROUSERS_0_3_7 - bugfixes - obj_policy_is_secret_set added
* Sun Sep 26 2010 roAATTsuse.de- fix patch to apply
* Wed Aug 11 2010 meissnerAATTsuse.de- Updated to TROUNSERS_0_3_6 - Fixed a number of warnings during a build with --debug regarding THREAD ID definition - Removed htole() dependency, which was included only in glibc 2.9- Updated to TROUSERS_0_3_5 - Allowed TCD Daemon to run with reduced privileges In Solaris. - Fixing previous kfreebsd build patch conflict with the current tree. - TCSD error handling improvements. - mutex init inclusion. - pthread_t portability fix - Owner Evict keys load fix. - Big- endian issues. - Memory leak fix. - Adding missing #include . - kfreebsd build fixes. - Fixed usage of syslog(). - 64bits clean - Fixes the TCP UN and IN socket connection attempt handling - Fixes logic on opening a hardware TPM. - Added communication through TCP to software TPMs in TrouSerS. - Fixed conflicting defines - Adds missing free() - Fixed fread() return value check. - Made the previous fix cleaner and more robust. - Added missing check in order to avoid freeing buffer that\'s out of Tspi_Data_Seal() scope. - Fixed Tspi_TPM_GetRandom 4kb output limit.
* Mon Jun 21 2010 cristian.rodriguezAATTopensuse.org- move library to %/{_lib} fix build of rng-tools
* Thu Mar 18 2010 meissnerAATTsuse.de- Updated to TROUSERS_0_3_4 - Fixed TrouSerS mishandling of TPM auth sessions - Enabled hosttable.c \"_init\" and \"_fini\" functions to work on Solaris - Included Solaris in BSD_CONST definition conditional - Made the init script LSB compliant - make distcheck improved- TROUSERS_0_3_3_2 - Fixed logic when filling up RSA keys objects.- TROUSERS_0_3_3_1 - TCSD now runs as tss and has a better signal handling - Fixed many memory handling issues- TROUSERS_0_3_3 - Tspi_ChangeAuth fixed for popup secret use case. - Prefixed exported functions with common names. - Fixed issues with accessing the utmp database. - Migrated the bios parser file handler from open to fopen.
* Mon Feb 01 2010 jengelhAATTmedozas.de- package baselibs.conf
* Thu Aug 27 2009 meissnerAATTsuse.de- updated to 0.3.2. - Added IMA log parser in conformance with format introduced in linux kernel 2.6.30 - Fixed memory handling issues in src/tspi/tspi_quote2.c and tspi_tick.c - Fixed memory handling issues in tcs/rpc/tcstp/rpc_tick.c - Fixed logic when releasing auth handles, now the TPM won\'t become out of resources due too many unreleased auth handles there. - Fixed compilation problems when building trousers in Fedora with - fstack-protector & gcc 4.4 - Fixed the legacy usage of a deprecated 1.1 TPM command, now auth sessions can be closed fine. - Fixed key memory cache when evicting keys, invalid key handles were evicted when shouldn\'t. - Fixed authsess_xsap_init call with wrong handle - Fixed authsess_callback_hmac return code - Fixed validateReturnAuth return value - Added consistency to avoid multiple double free() and bound checks to avoid SEGV - Moved from flock to fcntl since the first isn\'t supported in multi-thread applications - Added necessary free() and consistency necessary in tspi/tsp_delegate.c to avoid SEGV - Typecast added in trousers.c in the UNICODE conversion functions - Fixed wrong return code in Tspi_NV_ReleaseSpace - Fixed digest computation in Tspi_NV_ReleaseSpace - Fixed tpm_rsp_parse, it previously checked for an additional TPM_AUTH blob, resulting in a incorrect data blog unload. - Added #include to remove INT_MAX undeclared error during build. Files updated: trspi/crypto/openssl/symmetric.c, tspi/tspi_aik.c and tspi/tsp_ps.c - Added bounds checking in the data parsing routines of the TCSD\'s tcstp RPC code, preventing attacks from malicious clients. - Removed commented out code in src/tcs/rpc/tcstp/rpc.c - Commented out old OSAP code, its now unused - Fixed bug in tcsi_bind.c, one too few params were passed to the function parsing the TPM blob. - Fixed lots of erroneous TSPERR and TCSERR calls - Added support for logging all error return codes when debug is on - Check that parent auth is loaded in the load key path outside the mem_cache_lock, if a thread sleeps holding it, we deadlock - Added support for dynamically growing the table that holds sleeping threads inside the auth manager - In tcs_auth_mgr.c, fixed the release handle path, which didn\'t check if the handle was swapped out before calling to the TPM. - Updates throughout the code supporting the modular build.
* Sun Jun 14 2009 meissnerAATTsuse.de- included to fix glibc 2.10 build issues
* Sat Apr 18 2009 crrodriguezAATTsuse.de- remove static libtspi
* Tue Sep 02 2008 meissnerAATTsuse.de- fixed 64bit build issue
* Fri Aug 22 2008 meissnerAATTsuse.de- upgraded to 0.3.1 - TPM 1.2 support throughout the code, see ChangeLog - lots of new features - lots of bugfixes- dropped secondary TPM support patches. is either already upstream (differently), or will be.
* Tue Apr 15 2008 roAATTsuse.de- added baselibs.conf file for multilib support
* Tue Apr 15 2008 meissnerAATTsuse.de- fixed glibc 2.8 build issues
* Fri Mar 28 2008 meissnerAATTsuse.de- merged from buildservice- lots of build cleanups for rpmlint warnings
* Thu Nov 29 2007 ramunnoAATTpolito.it- configured to remove dependencies from GTK
* Mon Nov 26 2007 drahtAATTsuse.de- manual mutual dependencies added: libtspi1 <-> trousers
* Mon Nov 26 2007 drahtAATTsuse.de- system.data.
*auth files added to /var/lib/tpm/. Note: tcsd expects /var/lib/tpm/system.data . RTFM...
* Mon Nov 26 2007 drahtAATTsuse.de- init file mode\'d 755 in %install.
* Thu Oct 25 2007 skhAATTsuse.de- added trousers_0.2.9-tpm_1.2_dual_v20070206 and its documentation
* Mon Aug 13 2007 skhAATTsuse.de- initial build service import with version 0.2.9.1- split off package libtspi1 to conform to shared library packaging policy
* Wed Jan 11 2006 drahtAATTsuse.de- #137913: Fix config file permissions and ownership to 0600 tss.tss
* Tue Nov 08 2005 drahtAATTsuse.de- file list changes, split into trousers and -devel.
* Tue Nov 01 2005 drahtAATTsuse.de- initial build of the package.