Hi, app-crypt/trousers-0.3.2 is released. From changelog: * TROUSERS_0_3_2 - Added IMA log parser in conformance with format introduced in linux kernel 2.6.30 - Fixed memory handling issues in src/tspi/tspi_quote2.c and tspi_tick.c - Fixed memory handling issues in tcs/rpc/tcstp/rpc_tick.c - Fixed logic when releasing auth handles, now the TPM won't become out of resources due too many unreleased auth handles there. - Fixed compilation problems when building trousers in Fedora with -fstack-protector & gcc 4.4 - Fixed the legacy usage of a deprecated 1.1 TPM command, now auth sessions can be closed fine. - Fixed key memory cache when evicting keys, invalid key handles were evicted when shouldn't. - Fixed authsess_xsap_init call with wrong handle - Fixed authsess_callback_hmac return code - Fixed validateReturnAuth return value - Added consistency to avoid multiple double free() and bound checks to avoid SEGV - Moved from flock to fcntl since the first isn't supported in multi-thread applications - Added necessary free() and consistency necessary in tspi/tsp_delegate.c to avoid SEGV - Typecast added in trousers.c in the UNICODE conversion functions - Fixed wrong return code in Tspi_NV_ReleaseSpace - Fixed digest computation in Tspi_NV_ReleaseSpace - Fixed tpm_rsp_parse, it previously checked for an additional TPM_AUTH blob, resulting in a incorrect data blog unload. - Added #include <limits.h> to remove INT_MAX undeclared error during build. Files updated: trspi/crypto/openssl/symmetric.c, tspi/tspi_aik.c and tspi/tsp_ps.c - Added bounds checking in the data parsing routines of the TCSD's tcstp RPC code, preventing attacks from malicious clients. - Removed commented out code in src/tcs/rpc/tcstp/rpc.c - Commented out old OSAP code, its now unused - Fixed bug in tcsi_bind.c, one too few params were passed to the function parsing the TPM blob. - Fixed lots of erroneous TSPERR and TCSERR calls - Added support for logging all error return codes when debug is on - Check that parent auth is loaded in the load key path outside the mem_cache_lock, if a thread sleeps holding it, we deadlock - Added support for dynamically growing the table that holds sleeping threads inside the auth manager - In tcs_auth_mgr.c, fixed the release handle path, which didn't check if the handle was swapped out before calling to the TPM. - Updates throughout the code supporting the modular build. Attached is an ebuild which does the thing. Please consider adding it to the portage tree. Thanks. Reproducible: Always Steps to Reproduce:
Created attachment 200610 [details] Ebuild for trousers-0.3.2 This ebuild drops 2 patches (trousers-0.3.1-gcc43.patch and trousers-0.3.1-qa.patch) as these are no more needed.
thx for your testing, assigning to maintainers
It fails to build: ***** aclocal ***** ***** PWD: /var/tmp/portage/app-crypt/trousers-0.3.2/work/trousers-0.3.2 ***** aclocal /usr/bin/m4:configure.in:17: bad expression in eval: m4_Cursor + 2 + 1 /usr/bin/m4:configure.in:17: bad expression in eval: > (79) /usr/bin/m4:configure.in:17: bad expression in eval: 792 > () autom4te-2.64: /usr/bin/m4 failed with exit status: 1 aclocal-1.10: autom4te failed with exit status: 1
(In reply to comment #3) > It fails to build: Arfrever, sorry, I couldn't reproduce the failure however I tried. At mine (amd64 with sys-devel/autoconf-2.63) it builds with no problem. autoconf-2.64 which you used is masked by missing keyword, and I suppose this is for a reason.
Created attachment 200755 [details] A little more verbose version Added the following message as a post install note: * If you have problems starting tcsd, please check permissions and * ownership on /dev/tpm* and ~tss/system.data Those users who managed to start tcsd as root (see Bug #232190) will get failures because of improper permissions on ~tss/system.data. Also a udev rule must be created (manually, since not all users have linux and those who do might not have udev) for /dev/tpm*.
Fixed.
The manifest is off: ('Filesize does not match recorded size', 79407, 1205561) !!! Fetched file: trousers-0.3.2.tar.bz2 VERIFY FAILED! !!! Reason: Filesize does not match recorded size !!! Got: 79407 !!! Expected: 1205561
RB, this means your download was incomplete. The correct file size is 1205561, as is written in the manifest.
Unfortunately not - the 79k file being downloaded is 'index.html', and it's sf.net indicating the file doesn't exist. The TrouSerS project doesn't even distribute .bz2 tarballs, so I'm not sure where you got yours. The proper filename is: trousers-0.3.2-1.tar.gz (size: 1238691, md5: b824764fa87e36be27c0bc29f84dda55) None of the Gentoo mirrors are carrying the .bz2 file from SRC_URI - I've tried with curl & wget from three different [unproxied] ISPs in two different countries.
Please reopen the bug, the trousers-0.3.2.tar.bz2 file noted in the Manifest is not the one that the upstream project is distributing. As one indicator, the project has never even issued bzip2-compressed releases (just one set of docs).
