rpms
/
tang
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

import tang-7-8.el8

Browse Source
c8 imports/c8/tang-7-8.el8
MSVSphere Packaging Team 1 year ago
parent 4a5fcc6681
commit 49c59a18b7
3 changed files with 69 additions and 1 deletions
Show Stats Download Patch File Download Diff File

31
SOURCES/0003-Fix-permissions-race-condition.patch
Unescape View File

@ -0,0 +1,31 @@
--- tang-7.ori/src/tangd-keygen 2017-06-10 15:29:39.000000000 +0200
+++ tang-7/src/tangd-keygen 2023-06-28 11:40:01.700819479 +0200
@@ -27,6 +27,8 @@
[ $# -eq 3 ] && sig=$2 && exc=$3
+# Set default umask for file creation.
+umask 0337
jwe=`jose jwk gen -i '{"alg":"ES512"}'`
[ -z "$sig" ] && sig=`echo "$jwe" | jose jwk thp -i-`
echo "$jwe" > $1/$sig.jwk
--- tang-7.ori/src/keys.c 2023-06-28 09:57:08.706712410 +0200
+++ tang-7/src/keys.c 2023-06-28 11:43:41.742247417 +0200
@@ -23,6 +23,7 @@
#include <jose/io.h>
#include <jansson.h>
#include <string.h>
+#include <sys/stat.h>
#include "util.h"
#include "keys.h"
@@ -557,6 +558,9 @@
/* At this point, there are no keys, so let's create them. */
const char *alg[] = {"ES512", "ECMR", NULL};
char path[PATH_MAX];
+
+ /* Set default umask for file creation. */
+ umask(0337);
for (int i = 0; alg[i] != NULL; i++) {
struct tang_jwk *jwk __attribute__((cleanup(cleanup_tang_jwk))) = generate_new_tang_jwk(alg[i]);
if (!jwk) {

26
SOURCES/0004-Set-tang-owner-group.patch
Unescape View File

@ -0,0 +1,26 @@
--- tang-7.ori/src/tangd-keygen 2023-07-21 11:45:39.091100369 +0200
+++ tang-7/src/tangd-keygen 2023-07-21 11:47:58.813612221 +0200
@@ -20,6 +20,13 @@
trap 'exit' ERR
+set_perms() {
+ chmod -- 0440 "${1}"
+ if ! chown -- "tang:tang" "${1}" 2>/dev/null; then
+ echo "Unable to change owner/group for ${1} to tang:tang" >&2
+ fi
+}
+
if [ $# -ne 1 -a $# -ne 3 ] || [ ! -d "$1" ]; then
echo "Usage: $0 <jwkdir> [<sig> <exc>]" >&2
exit 1
@@ -32,7 +39,9 @@
jwe=`jose jwk gen -i '{"alg":"ES512"}'`
[ -z "$sig" ] && sig=`echo "$jwe" | jose jwk thp -i-`
echo "$jwe" > $1/$sig.jwk
+set_perms "$1/$sig.jwk"
jwe=`jose jwk gen -i '{"alg":"ECMR"}'`
[ -z "$exc" ] && exc=`echo "$jwe" | jose jwk thp -i-`
echo "$jwe" > $1/$exc.jwk
+set_perms "$1/$exc.jwk"

13
SPECS/tang.spec
Unescape View File

@ -1,6 +1,6 @@
Name: tang Name: tang
Version: 7 Version: 7
Release: 6%{?dist} Release: 8%{?dist}
Summary: Network Presence Binding Daemon Summary: Network Presence Binding Daemon
License: GPLv3+ License: GPLv3+
@ -8,6 +8,8 @@ URL: https://github.com/latchset/%{name}
Source0: https://github.com/latchset/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.bz2 Source0: https://github.com/latchset/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.bz2
Patch1: 0001-Move-key-generation-to-tang.patch Patch1: 0001-Move-key-generation-to-tang.patch
Patch2: 0002-Exit-with-success-unless-the-issue-was-with-with-tan.patch Patch2: 0002-Exit-with-success-unless-the-issue-was-with-with-tan.patch
Patch3: 0003-Fix-permissions-race-condition.patch
Patch4: 0004-Set-tang-owner-group.patch
BuildRequires: gcc BuildRequires: gcc
BuildRequires: autoconf BuildRequires: autoconf
@ -89,6 +91,15 @@ exit 0
%{_mandir}/man1/tang-show-keys.1* %{_mandir}/man1/tang-show-keys.1*
%changelog %changelog
* Fri Jul 21 2023 Sergio Arroutbi <sarroutb@redhat.com> - 7-8
- Set correct user/group (tang/tang) in tangd-keygen
Resolves: rhbz#2188743
* Wed Jun 28 2023 Sergio Arroutbi <sarroutb@redhat.com> - 7-7
- Fix race condition when creating/rotating keys
Resolves: rhbz#2182410
Resolves: CVE-2023-1672
* Wed Jan 13 2021 Sergio Correia <scorreia@redhat.com> - 7-6 * Wed Jan 13 2021 Sergio Correia <scorreia@redhat.com> - 7-6
- Exit with success unless the issue was with with tangd itself - Exit with success unless the issue was with with tangd itself
Resolves: rhbz#1828558 Resolves: rhbz#1828558

Write Preview
Loading…
Cancel
Save