trousers-0.3.15-150400.3.3.19<>,afۨp9|G ˏl&3N$`4ɯS'eޢzAHh2lp򌠯SgOv?,52ԩabP@nirS(L6\(6䌱 4!fxdbB횗rӎjӧ\apO^ZzG!PseOPW-0Sei>H4?4d   V!BO e{ ! \    d  pIp`(8 9 : =(>(?(@(F(G(H)I)lX)Y)\)]*(^+8 b, c,d-5e-:f-=l-?u-Tv-w/4x/y/ z00(4I4T4X4^4Ctrousers0.3.15150400.3.3.19TSS (TCG Software Stack) access daemon for a TPM chipThe trousers package provides a TSS implementation through the help of a user-space daemon, the tcsd, and a library Trousers aims to be compliant to the 1.1b and 1.2 TSS specifications as available from the Trusted Computing website http://www.trustedcomputinggroup.org/. The package needs the /dev/tpm device file to be present on your system. It is a character device file major 10 minor 224, 0600 tss:tss.fۨh04-ch1b SUSE Linux Enterprise 15SUSE LLC BSD-3-Clausehttps://www.suse.com/Productivity/Securityhttp://trousers.sourceforge.net/linuxx86_64/usr/bin/getent group tss >/dev/null || /usr/sbin/groupadd -g 98 tss || : /usr/bin/getent passwd tss >/dev/null || \ /usr/sbin/useradd -u 98 -o -g tss -s /bin/false -c "TSS daemon" \ -d /var/lib/tpm tss || : if [ -x /usr/bin/systemctl ]; then test -n "$FIRST_ARG" || FIRST_ARG="$1" [ -d /var/lib/systemd/migrated ] || mkdir -p /var/lib/systemd/migrated || : for service in tcsd.service ; do sysv_service=${service%.*} if [ ! -e /usr/lib/systemd/system/$service ] && [ ! -e /etc/init.d/$sysv_service ]; then mkdir -p /run/systemd/rpm/needs-preset touch /run/systemd/rpm/needs-preset/$service elif [ -e /etc/init.d/$sysv_service ] && [ ! -e /var/lib/systemd/migrated/$sysv_service ]; then /usr/sbin/systemd-sysv-convert --save $sysv_service || : mkdir -p /run/systemd/rpm/needs-sysv-convert touch /run/systemd/rpm/needs-sysv-convert/$service fi done fi if [ -x /usr/bin/systemctl ]; then test -n "$FIRST_ARG" || FIRST_ARG="$1" [ -d /var/lib/systemd/migrated ] || mkdir -p /var/lib/systemd/migrated || : if [ "$YAST_IS_RUNNING" != "instsys" ]; then /usr/bin/systemctl daemon-reload || : fi for service in tcsd.service ; do sysv_service=${service%.*} if [ -e /run/systemd/rpm/needs-preset/$service ]; then /usr/bin/systemctl preset $service || : rm "/run/systemd/rpm/needs-preset/$service" || : elif [ -e /run/systemd/rpm/needs-sysv-convert/$service ]; then /usr/sbin/systemd-sysv-convert --apply $sysv_service || : rm "/run/systemd/rpm/needs-sysv-convert/$service" || : touch /var/lib/systemd/migrated/$sysv_service || : fi done fi /usr/bin/udevadm trigger -s tpm || : # bsc#1164472: adjust potential root ownership to allow tcsd to open the file # as unprivileged user. Be careful not to follow a symlink target. system_data=/var/lib/tpm/system.data if [ -e "${system_data}" ]; then chown --no-dereference tss:tss /var/lib/tpm/system.data fi test -n "$FIRST_ARG" || FIRST_ARG="$1" if [ "$FIRST_ARG" -eq 0 -a -x /usr/bin/systemctl ]; then # Package removal, not upgrade /usr/bin/systemctl --no-reload disable tcsd.service || : ( test "$YAST_IS_RUNNING" = instsys && exit 0 test -f /etc/sysconfig/services -a \ -z "$DISABLE_STOP_ON_REMOVAL" && . /etc/sysconfig/services test "$DISABLE_STOP_ON_REMOVAL" = yes -o \ "$DISABLE_STOP_ON_REMOVAL" = 1 && exit 0 /usr/bin/systemctl stop tcsd.service ) || : fi test -n "$FIRST_ARG" || FIRST_ARG="$1" if [ $1 -eq 0 ]; then # Package removal for service in tcsd.service ; do sysv_service="${service%.*}" rm -f "/var/lib/systemd/migrated/$sysv_service" || : done fi if [ -x /usr/bin/systemctl ]; then /usr/bin/systemctl daemon-reload || : fi if [ "$FIRST_ARG" -ge 1 ]; then # Package upgrade, not uninstall if [ -x /usr/bin/systemctl ]; then ( test "$YAST_IS_RUNNING" = instsys && exit 0 test -f /etc/sysconfig/services -a \ -z "$DISABLE_RESTART_ON_UPDATE" && . /etc/sysconfig/services test "$DISABLE_RESTART_ON_UPDATE" = yes -o \ "$DISABLE_RESTART_ON_UPDATE" = 1 && exit 0 /usr/bin/systemctl try-restart tcsd.service ) || : fi fi.\W"#]~^^A큤A큤Afۦfۦfۦfۧfۦfۧ^S_L^S^S^S^S^S^S^S^Sfۦfۦfۦ^S^Sfۦeb009b7d1132ac33411e8f838c7e272606c8dd1d8944bc8b82ee28f9114e82fcc56f762ff401646eae0b25769c79234e22cabea3e3b4f4c7bc581a23787b36f44b635e9ae00264cd370fc62921814265679e2a15fa6d6ebbd468e40f00af48f4e3421330853b5096836e0658fb9059e9db6c91ec1f48ca025c729d74270e1b51fa066fc32ac644d28c5ae56f62feae0e3b8639565dccad1cc4345dc71577970ffccf2c7a906ae571849fc1bacd98f3e070e4da85b2ec6e937aa45ca1323b55ef1ad596d12e7471549663c03e280b5b5d084a2e853fb86e4d766109818f9d7dae4a6bf595610b97b05728f4615d54faf290fac3f8bef836a5d919de070f3cecc4842cff0de213dbcbe03bdcc03c3dcfaa48e03bf45eea9d18e970cef4411f4458686e9d62dea2df5433d4a435602c3e0522b3bb68a2e75c39c80552d6bdddd948e10fd3096b3fca327b01803d91959817028371fe8d9e1970256bc56aeb1bdc1138547b7d669844a1d7d5b9075872b6f5117996c0a21d78e383e79ce7eaedb8c07ef598700d70a9cd14ba28950c7b048cf21ec2ac2297013e5789830b58ffe8baf09355ad0bc2e91d802c18654c2b9219ac1a26cab805879a784eb8a030e02c437cef9d8224b158378505c02b77fcdaa05a2f9ecc1552e95ad6d71b5ea96b690219a3b32565147e2a9d085f67d3c83fd4b93dad037fb966cb0cc5499d8fa6a568d7c26f86aeb0e601cd2358475047161b619bb46872f84569448031f3649619e35e3194d734c81d99d6cb679ed5c24ac97652b068ff12eed215e1ce382a4fb7dcservicerootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootroottsstssrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootroottsstrousers-0.3.15-150400.3.3.19.src.rpmconfig(trousers)trouserstrousers(x86-64) @@@@@@@@@@@@@    /bin/sh/bin/sh/bin/sh/bin/sh/bin/shconfig(trousers)coreutilscoreutilslibc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.15)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libc.so.6(GLIBC_2.7)(64bit)libcrypto.so.1.1()(64bit)libcrypto.so.1.1(OPENSSL_1_1_0)(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.2.5)(64bit)libpthread.so.0(GLIBC_2.3.2)(64bit)pwdutilsrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)udev0.3.15-150400.3.3.193.0.4-14.6.0-14.0-15.2-14.14.3f @a\>@^˳@][GXh@W,@U@U/@Smatthias.gerstner@suse.commatthias.gerstner@suse.commatthias.gerstner@suse.commatthias.gerstner@suse.commatthias.gerstner@suse.commailaender@opensuse.orgjengelh@inai.decrrodriguez@opensuse.orgmpluskal@suse.commeissner@suse.com- fix runtime requirements for stat and udevadm (bsc#1221770). On minimal systems this can cause the %pretrans or %post scriptlets to fail because of missing tools.- update to new upstream version 0.3.15 (jira#SLE-18269): - Corrected mutliple security issues that existed if the tcsd is started by root instead of the tss user. CVE-2020-24332, CVE-2020-24330, CVE-2020-24331 - Replaced use of _no_optimize with asm memory barrier - Fixed multiple potential instances of use after free memory handling - Removed unused global variables which caused build issue on some distros - drop bsc1164472.patch: now contained in upstream tarball - adjusted %setup macro invocation which seemed to be wrong- fix a potential tss user to root privilege escalation when running tcsd (bsc#1164472). To do this run tcsd as the 'tss' user right away to prevent badly designed privilege drop and initialization code to run. - add bsc1164472.patch: additionally harden operation of tcsd when running as root. No longer follow symlinks in /var/lib/tpm. Drop gid to tss main group. require /etc/tcsd.conf to be owned by root:tss mode 0640.- Fix a local symlink attack problem with the %posttrans scriptlet (bsc#1157651, CVE-2019-18898). A rogue tss user could have used this attack to gain ownership of arbitrary files in the system during installation/update of the trousers package.- fix wrong installation of system.data.{auth,noauth} into /var/lib/tpm. These files are only sample files that *can* be used to fake that ownership was already taken by trousers, when other TPM stacks did that already. These files should not be there by default. Therefore install them into /usr/share/trousers instead, to allow the user to use them at his own discretion (fixes bsc#1111381). - implement a backup and restore logic for /var/lib/tpm/system.data.* to prevent removal of validly stored trousers state during update.- Update to version 0.3.14 (see ChangeLog) (FATE#321450)- Check for user/group existence before attempting to add them, and remove error suppression from these calls. - Avoid runtime dependency on systemd, the macros can all deal with its absence.- Force GNU inline semantics, fixes build with GCC5- Cleanup spec-file with spec-cleaner - Update prerequires - Use systemd unit file * replace tcsd.init with tcsd.service- updated to trousers 0.3.13 (bnc#881095 LTC#111124) - Changed exported functions which had a name too common, to avoid collision - Assessed daemon security using manual techniques and coverity - Fixed major security bugs and memory leaks - Added debug support to run tcsd with a different user/group - Daemon now properly closes sockets before shutting down * TROUSERS_0_3_12 - Added new network code for RPC, which supports IPv6 - Users of client applications can configure the hostname of the tcsd server they want to connect through the TSS_TCSD_HOSTNAME env var (only works if application didn't set a hostname in the context) - Added disable_ipv4 and disable_ipv6 config options for server - removed trousers-wrap_large_key_overflow.patch: upstream - removed trousers-0.3.11.2.diff: solved upstream now/bin/sh/bin/sh/bin/sh/bin/shh04-ch1b 1721031592 0.3.15-150400.3.3.190.3.15-150400.3.3.190.3.15-150400.3.3.19 tcsd.conftcsd.service91-trousers.rulesrctcsdtcsdtrousersAUTHORSChangeLogLICENSELTC-TSS_LLD_08_r2.pdfLTC-TSS_LLD_08_r2.sxwNICETOHAVESREADMEREADME.selinuxTODOTSS_programming_SNAFUs.txttcsd.conf.5.gztcsd.8.gztrouserssystem.data.authsystem.data.noauthtpm/etc//usr/lib/systemd/system//usr/lib/udev/rules.d//usr/sbin//usr/share/doc/packages//usr/share/doc/packages/trousers//usr/share/man/man5//usr/share/man/man8//usr/share//usr/share/trousers//var/lib/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:33188/SUSE_SLE-15-SP4_Update/159c6189c2888e1f144b776f98e388d1-trousers.SUSE_SLE-15-SP4_Updatedrpmxz5x86_64-suse-linuxASCII textELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=3cee4a2ef703f54b2e7ef552ddcb956023e89aff, for GNU/Linux 3.2.0, strippeddirectoryASCII text, with no line terminators (OpenOffice.org 1.x Writer document)troff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix) RRRR R RRR R R RRRQÀI3˖~0# this scriplet and the counterpart in %posttrans work around a packaging bug # that was present in all trousers packages since around 2008 until 2018. # /var/lib/tpm/system.data.* was wrongly packaged as runtime state data # instead of package resource data in /usr/share. After removal of these files # from packaging, during updating they will be deleted. Since users could have # created their own versions of the files already (by taking ownership of a # TPM) we want to keep those files in place. # # to achieve this we use the ownership of /var/lib/tpm as an indicator. # Versions that still wrongly package those files also had the ownership of # the directory wrong. Therefore if the directory is not owned by the tss user # we apply a backup and restore logic. [ ! -d "/var/lib/tpm" ] && exit 0 OWNER=`/usr/bin/stat -c "%U" "/var/lib/tpm"` [ "$OWNER" = "tss" ] && exit 0 for data in system.data.auth system.data.noauth; do file="/var/lib/tpm/${data}" [ ! -e "$file" ] && continue cp -p $file ${file}.rpmsave echo "saving backup of $file" done/bin/shutf-81e564d6e0e2aee3c58a3412ad0187cf63624a91eb15be0f521ba2a39116d4ab8?7zXZ !t/X8(^]"k%{f60c>ͱ;jAmQ"ޭ56g ?p%_f5G,Lhe%ܶV&ܚA6JjSOQ慵Ll@bNP}:'p#찴f EeiZػqh}NA4C^ 23Z~p)9F@aSXS8ZVfDL|8/XLnvrh>i~Dq3+<]3WDXEP%L=x*|=*/VMۅpui b9Fro,5e}7eʲ'h$wzg A'dc5.␓ t}ssA3.Y9?ż]ٮ4h/~_+iecw9F`3JzN(Zg^zZ,j~;f0:a:ةy1O'}]<ZnPNc;P|R@Gp2+ɳ,*`q%~& 'I{ |↫~`*7jD8d_k=`hD CV"&]OlV\: Z,TF-j'zv ȾNrROt|Wnn#d1]yB/0nSFi\(.h0KB3tEE,'>@v ޖw\0тGM$ "Wz2ԕh;z"ogtII'8JZ?ln8u/Bh:vi+S n ]s#x̵kIJ6V{E<;KQeݭtjgRGLr/A-0פ1#.]{3&'ǖH İ_FC4ȎmͽbG3˃. 6CE˻L$0Xʀ[Ib72̡.,1zk |ed+ާ];K͵ͼyDr9⛤54 E_J&a^)GiJ<*&=>k~QLSSG5sw;>m!֌hkKW4B$C3% qX^tE[0s7ƀYQhUj[ [q^vNIԖq@"T"褭+JOx*m7 GKy~-*@#bfm_لX="kDe~ oM髤(&¿q@`m,ư"ky|cʒ{Yc=# *yON g̀fxk{ Ԟ0zpZΟ4@:?mRwZ.YxׅELcxbB7ҒnYҾ-_*LnX6QMLH8x 0w$ۣ ̊kCmVt1lH5eY/NN3HZB60(O}&>tӨz; B|ze仠,[w1ujY* u2>"Z(u>IrQ%jQ9)Ύ{J>_M)sl^0|Qs/'BJ(:[Z{W>RU%+1 gΕľ@MUuwIS(wJ4[D2q`eay5 @`Vy Oby6v)wSR<*b1# @A3>F4ɐ<+VWN&]G|ęсD;X/Ym*s'rDتfe,:MܠA-Z "CiCMԘ/ܓJ !Tlznn @2>x9H(JeU2ںPf|fQ7ucJzRI \[hPr ;Rt3kNEխr\?N⢄Y,Y!Me(u ӆkC@d , vWj|GvCc%Fq Ȧ 3Ҩ^[5o`φj'n7b0kSt8!Nj܄05_\WV>m6}H%dL</npDRIT)Tg[ִ>zB+ZKU)kJ9Z0ua$BLo}$b>$\5 n@ 5>9\o4sQj˃"Yh潆Ӌ׹}VF)!-тE/4@M#ϞJ.dH^f렴ͣ XJKj)d8 vVR1=~:q!+4١Vl7D00$ͺ>}kSGGhay {YGs/ om6WE(}z=QB_N: Dܲɂq,-y`Nieѧ#pV/ƥ@g<1BLD3/" cCMKٺi>,ElwAVM?zUٮu!0ϰ7JM{zڠ>uj[я5ᚵ0@wX^{ؑT Qa3r[˟L7L KSYe<ޠaUAX{YJY=uE%vTN /=)#L(c GRHAyӑfF\XUgL{-zٛᰧXӚF][hqϞl9D>ønzl}M3H^ȣ^m`=m0M 2,4Ll 5g՟>g\b/+$CZKߧWZC$P3x18BɯfwD %_ o= l8=60\Cy$u}B֌eR;\J+"L}Cq@p=w GhQ?n68v3w.-+w=8ܹ֝҉[iϲ<@l˴;PSfD5vLT酺#}o;iv.b%㯥Ub&,G7ƛ^l@LC-s9r[Tvfup}(oǎMV}Jʸ"EfA3GO(xRc3{;G!c$J噰CEСsu}ri,Ύ֊7+#4XZIHW8$nI;:AKYE˟.ܗ'y%o;gxm}m5Rk_x .6:g)8qIS-x, չLSmTP lQO[H`vz1mC[=뒫)/6yx6p@4=h]|fpZm㋒ A~Q7׸ND)A\p1PFIff)!dgYӐe Zσ^,XXTO1c[*,O;P%]z?TNM_fmp GJ.Az76C"yti Dc؁&yg~X1xG#_Azl %}2I|5)?!PFŠΦk4&*"᳸G tP  7+Ky4P.61WP̢u0m2V: qha}!Xۦ$jM eׅT[V)8JAL8=P\CQaU>$,vόlï|nYmJ@R2\9$iy{>8C(dDmJϒcIݬ#6;*(pN=4|nH_D=8)ϵ{ Pn)0hewV3i4XybGFOxmj =Kp3 eōK4AUى=y 2  $t0%NN[^h @% |ƂWaro.tOgST(E8΅%)Gro Ok8 n+^tILKCfm2õAm"LdJ?^mGM, rGNҪ8uzF:S'3f0v줬`( fA,:#]":xyObI]EmT%T7]5xC[ DLfZzWq#@bӬف(=HjE"{Oj /֞ǼLKfS/7/BxJ9c,W=TK-6g>c0Io_O](#J逸L2"wqDYv Lf#J#Cu1Z^R4eZ$M q <"̒0y"qO:^Y,ϫd罊q Aq~=`ykFVX(7*~0 t;ϟ)m]?nBнMqF @FQFʣ'h}KܖNdtL6,@8{>S(!7%rE`@pq3͠nsGoQ1GT~66oćT /G "o-'wD#y{sԅɴ0FcmmIk)wӁygdWk7zLzg2aÅ@-ɳwO7$xY011[ٰ:GGT]|5rr 6/4_Qd {?U#i 16f:ALDpFBɧZO.MX4iM"2(RQN[RH"X#|6p0^n/V%vOP9p& ]* yςl]h^lcZ`[18c>)[b ObZ3ii} yCV%YIњUV8&L* 8sťJ/M/\zj7K^\uMcTz.L7=iT(XUjQf -$):!J`?ęjwaY7q -uGey:SACL& Y3Q64ڲ]BKn*jno:uL}{&ztxJد󪶊Ya)=QfYIu\x{YEʕ!c.`N$3==}[!hFq8k Hc[IȢTfߵQ64|L tt Ii3=r:VR!J@U*QXq##Jף>{ػfGOJeS=A ǭZG<aqo.n/#K-=~ Ac F} \$māU1w5ȟ4֑ԧD:zu ,TLh̊O @<(ڹ N뉳;8xQ=kie?ߏH4jEM=Ǎxs-)*q2GƐ_]|+4nX_4gS`Kb{6M ##T;&4׈:&Yd"G%4Ubou܁ mx5EmqId݆v aܗt~tgP !_,Hg!mߋ aBx~aLëE]UΟ;Pˋ,_]A ϙua# WQsqb|ɸoerB$,oԁ2P%W!i>='S iާO-"RI뉏_PF#pK'6c#*g# CpoӎD' G-638Ř`CqE7z AݷyL`rO_g0e yoaezq+.L/[VURo3$6i9=L p`r~rۖ +N=hvzXw.f6%'NU/"Ę- *l%y?Vbȗ.5!$ B22Jh.;Iz\ߦzK%9:LfT 2#iF No% C< Y~XahoNGE9hi?ȸ)+ T򂵥Ic 0~# +FqtOC6dw:"0ZhEXB2{n PZtGpk{ndpJlEOY hArV,d#LʸcxZ@J> fn5S.LUm!-D<81ag 4nk5pO:fZ@s]w5:J6!;FN>/ű/:vQO.3aVKɾx-H;dgrHǶ=򵼦\n Ro&>Y3۞z6Ŀ Ǡvg+3{ {츏Pq'|^}.jԭOq9E#zPg9=/B*9yƴ6N+%L2/d$6־k +AS=t"pq?h )-5py ,%TD9Kbk9g2Ynr rFGcGND&4|:l41t*l(l#4d}aQ+mxY ؗ+jb; Х$_u"I{_QA#p+#ֿ7LyX5QE %ԼjLޠ#7 YM{L_|E_| B4FcW/Le}qk/*Ƅ׎2>)H›tYp"x&\