Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

trousers-0.3.15-150400.1.10 RPM for x86_64

From OpenSuSE Leap 15.5 for x86_64

Name: trousers Distribution: SUSE Linux Enterprise 15
Version: 0.3.15 Vendor: SUSE LLC <https://www.suse.com/>
Release: 150400.1.10 Build date: Sun May 8 08:22:32 2022
Group: Productivity/Security Build host: sheep65
Size: 899504 Source RPM: trousers-0.3.15-150400.1.10.src.rpm
Packager: https://www.suse.com/
Url: http://trousers.sourceforge.net/
Summary: TSS (TCG Software Stack) access daemon for a TPM chip
The trousers package provides a TSS implementation through the help of
a user-space daemon, the tcsd, and a library  Trousers aims to be
compliant to the 1.1b and 1.2 TSS specifications as available from the
Trusted Computing website http://www.trustedcomputinggroup.org/.

The package needs the /dev/tpm device file to be present on your
system. It is a character device file major 10 minor 224, 0600 tss:tss.

Provides

Requires

License

BSD-3-Clause

Changelog

* Tue Oct 05 2021 matthias.gerstner@suse.com
  - update to new upstream version 0.3.15 (jira#SLE-18269):
    - Corrected mutliple security issues that existed if the tcsd is started by
      root instead of the tss user. CVE-2020-24332, CVE-2020-24330, CVE-2020-24331
    - Replaced use of _no_optimize with asm memory barrier
    - Fixed multiple potential instances of use after free memory handling
    - Removed unused global variables which caused build issue on some distros
  - drop bsc1164472.patch: now contained in upstream tarball
  - adjusted %setup macro invocation which seemed to be wrong
* Mon May 25 2020 matthias.gerstner@suse.com
  - fix a potential tss user to root privilege escalation when running tcsd
    (bsc#1164472). To do this run tcsd as the 'tss' user right away to prevent
    badly designed privilege drop and initialization code to run.
  - add bsc1164472.patch: additionally harden operation of tcsd when running as
    root. No longer follow symlinks in /var/lib/tpm. Drop gid to tss main group.
    require /etc/tcsd.conf to be owned by root:tss mode 0640.
* Tue Nov 26 2019 matthias.gerstner@suse.com
  - Fix a local symlink attack problem with the %posttrans scriptlet
    (bsc#1157651, CVE-2019-18898). A rogue tss user could have used this attack
    to gain ownership of arbitrary files in the system during
    installation/update of the trousers package.
* Tue Oct 30 2018 matthias.gerstner@suse.com
  - fix wrong installation of system.data.{auth,noauth} into /var/lib/tpm. These
    files are only sample files that *can* be used to fake that ownership was
    already taken by trousers, when other TPM stacks did that already. These
    files should not be there by default. Therefore install them into
    /usr/share/trousers instead, to allow the user to use them at his own
    discretion (fixes bsc#1111381).
  - implement a backup and restore logic for /var/lib/tpm/system.data.* to
    prevent removal of validly stored trousers state during update.
* Sun Jan 01 2017 mailaender@opensuse.org
  - Update to version 0.3.14 (see ChangeLog) (FATE#321450)
* Fri May 06 2016 jengelh@inai.de
  - Check for user/group existence before attempting to add them,
    and remove error suppression from these calls.
  - Avoid runtime dependency on systemd, the macros can all deal with
    its absence.
* Fri Jun 19 2015 crrodriguez@opensuse.org
  - Force GNU inline semantics, fixes build with GCC5
* Thu Apr 02 2015 mpluskal@suse.com
  - Cleanup spec-file with spec-cleaner
  - Update prerequires
  - Use systemd unit file
    * replace tcsd.init with tcsd.service
* Tue Jun 03 2014 meissner@suse.com
  - updated to trousers 0.3.13 (bnc#881095 LTC#111124)
    - Changed exported functions which had a name too common, to avoid
      collision
    - Assessed daemon security using manual techniques and coverity
    - Fixed major security bugs and memory leaks
    - Added debug support to run tcsd with a different user/group
    - Daemon now properly closes sockets before shutting down
    * TROUSERS_0_3_12
    - Added new network code for RPC, which supports IPv6
    - Users of client applications can configure the hostname of the tcsd
      server they want to connect through the TSS_TCSD_HOSTNAME env var
      (only works if application didn't set a hostname in the context)
    - Added disable_ipv4 and disable_ipv6 config options for server
  - removed trousers-wrap_large_key_overflow.patch: upstream
  - removed trousers-0.3.11.2.diff: solved upstream now
* Wed Mar 19 2014 meissner@suse.com
  - trousers-wrap_large_key_overflow.patch: Do not wrap keys larger than
    2048 bit, as the space on the TPM is limited to that amount. (bnc#868933)

Files

/etc/tcsd.conf
/usr/lib/systemd/system/tcsd.service
/usr/lib/udev/rules.d/91-trousers.rules
/usr/sbin/rctcsd
/usr/sbin/tcsd
/usr/share/doc/packages/trousers
/usr/share/doc/packages/trousers/AUTHORS
/usr/share/doc/packages/trousers/ChangeLog
/usr/share/doc/packages/trousers/LICENSE
/usr/share/doc/packages/trousers/LTC-TSS_LLD_08_r2.pdf
/usr/share/doc/packages/trousers/LTC-TSS_LLD_08_r2.sxw
/usr/share/doc/packages/trousers/NICETOHAVES
/usr/share/doc/packages/trousers/README
/usr/share/doc/packages/trousers/README.selinux
/usr/share/doc/packages/trousers/TODO
/usr/share/doc/packages/trousers/TSS_programming_SNAFUs.txt
/usr/share/man/man5/tcsd.conf.5.gz
/usr/share/man/man8/tcsd.8.gz
/usr/share/trousers
/usr/share/trousers/system.data.auth
/usr/share/trousers/system.data.noauth
/var/lib/tpm


Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Jul 9 18:11:13 2024