Overview Repositories Revisions Requests Users Attributes Meta

Revisions of trousers

Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1088963 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 53) 
- BuildRequire pkgconfig(udev) instead of udev: allow OBS to (forwarded request 1088961 from jsrain)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 998773 from Matthias Gerstner's avatar Matthias Gerstner (mgerstner) (revision 52) 
- BuildRequire pkkconfig(udev) instead of udev: allow OBS to
  shortcut through the -mini flavors. (forwarded request 998581 from dimstar)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 970851 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 51) 
Automatic submission by obs-autosubmit
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 934587 from Matthias Gerstner's avatar Matthias Gerstner (mgerstner) (revision 50) 
Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort (forwarded request 933796 from jsegitz)
Richard Brown's avatar Richard Brown (RBrownSUSE) accepted request 923191 from Matthias Gerstner's avatar Matthias Gerstner (mgerstner) (revision 49) 
- move libraries to /usr/lib (bsc#1191102)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 846199 from Matthias Gerstner's avatar Matthias Gerstner (mgerstner) (revision 48) 
- update to new upstream version 0.3.15:
  - Corrected mutliple security issues that existed if the tcsd is started by
    root instead of the tss user. CVE-2020-24332, CVE-2020-24330, CVE-2020-24331
  - Replaced use of _no_optimize with asm memory barrier
  - Fixed multiple potential instances of use after free memory handling
  - Removed unused global variables which caused build issue on some distros
- drop gcc-10.patch: now contained in upstream tarball
- drop bsc1164472.patch: now contained in upstream tarball
- adjusted %setup macro invocation which seemed to be wrong
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 822938 from Matthias Gerstner's avatar Matthias Gerstner (mgerstner) (revision 47) 
- In a previous commit the Requires line for the tss user got accidentally
  dropped. This change reintroduces it.
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 810797 from Matthias Gerstner's avatar Matthias Gerstner (mgerstner) (revision 46) 
- add gcc-10.patch: fixes the build on gcc 10 by removing unused global
  variables. This patch was posted on the TrouSerS mailing list [1].
  [1]: https://sourceforge.net/p/trousers/mailman/message/36951419/
Yuchen Lin's avatar Yuchen Lin (maxlin_factory) accepted request 807580 from Matthias Gerstner's avatar Matthias Gerstner (mgerstner) (revision 45) 
- get rid of %pre/%post logic that fixes the old packaging bug. Turns out
  %pretrans and %posttrans had their purpose before, because the logic needed
  to run before old files owned by the package got deleted. But I'm not
  reimplementing this strange logic in Lua ... users that didn't get the fix
  yet will have to live with it.

- fix a potential tss user to root privilege escalation when running tcsd
  (bsc#1164472). To do this run tcsd as the 'tss' user right away to prevent
  badly designed privilege drop and initialization code to run.
- add bsc1164472.patch: additionally harden operation of tcsd when running as
  root. No longer follow symlinks in /var/lib/tpm. Drop gid to tss main group.
  require /etc/tcsd.conf to be owned by root:tss mode 0640.

- add correct Requires(pre) and change %pretrans and %posttrans into %pre and
  %post. %pretrans can't have any dependencies and therefore can only be
  %implemented in lua. This currently leads to build errors "/bin/sh: no such
  file or directory".
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 777248 from Matthias Gerstner's avatar Matthias Gerstner (mgerstner) (revision 44) 
- leave creation of /var/lib/tpm to the new system-user-tss package. Otherwise
  we're getting conflicts in packages depending on trousers (bsc#1162360).
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 769067 from Matthias Gerstner's avatar Matthias Gerstner (mgerstner) (revision 43) 
- Use system-users for tss user creation (boo#1162360).

Should be handled together with sr#769061
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 750985 from Matthias Gerstner's avatar Matthias Gerstner (mgerstner) (revision 42) 
- Fix a local symlink attack problem with the %posttrans scriptlet
  (bsc#1157651, CVE-2019-18898). A rogue tss user could have used this attack
  to gain ownership of arbitrary files in the system during
  installation/update of the trousers package.
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 729491 from Matthias Gerstner's avatar Matthias Gerstner (mgerstner) (revision 41) 
- add fix-lto.patch: This fixes the rpmlint error:
  trousers-devel.x86_64: E: lto-no-text-in-archive (Badness: 10000) /usr/lib64/libtddl.a
  objcopy/strip seem not to support the LTO linking and discard the actual
  text section from libtddl.a. By passing -ffat-lto-objects the object format
  is kept compatible with unaware tools and fixes the error.
Yuchen Lin's avatar Yuchen Lin (maxlin_factory) accepted request 698144 from Matthias Gerstner's avatar Matthias Gerstner (mgerstner) (revision 40) 
- bsc#1130588: Require shadow instead of old pwdutils (forwarded request 698138 from jubalh)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 644837 from Matthias Gerstner's avatar Matthias Gerstner (mgerstner) (revision 39) 
- fix mode of /var/lib/tpm, was missing the execute bit in the previous
  version.
- implement a backup and restore logic for /var/lib/tpm/system.data.* to
  prevent removal of validly stored trousers state during update. See previous
  comment for the packaging error that leads to this requirement.
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 644307 from Matthias Gerstner's avatar Matthias Gerstner (mgerstner) (revision 38) 
- fix wrong installation of system.data.{auth,noauth} into /var/lib/tpm. These
  files are only sample files that *can* be used to fake that ownership was
  already taken by trousers, when other TPM stacks did that already. These
  files should not be there by default. Therefore install them into
  /usr/share/trousers instead, to allow the user to use them at his own
  discretion (fixes bsc#1111381).
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 461328 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 37) 
- Update to version 0.3.14 (see ChangeLog) (FATE#321450)
- trousers-wrap_large_key_overflow.patch: Do not wrap keys larger than
  2048 bit, as the space on the TPM is limited to that amount. (bnc#868933)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 448375 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 36) 
new upstream release (forwarded request 448364 from Mailaender)
Displaying revisions 1 - 20 of 55
openSUSE Build Service is sponsored by
Places