--- a/components/trousers/Makefile Fri May 06 13:33:40 2016 -0700
+++ b/components/trousers/Makefile Fri May 06 17:59:12 2016 -0700
@@ -26,14 +26,14 @@
include ../../make-rules/shared-macros.mk
COMPONENT_NAME= trousers
-COMPONENT_VERSION= 0.3.6
+COMPONENT_VERSION= 0.3.13
COMPONENT_PROJECT_URL= http://sourceforge.net/projects/trousers/files/trousers/
COMPONENT_ARCHIVE_HASH= \
- sha256:91025f60248af44df192e8df16fa6b0c0f1e48c54f6dc51626567ed95758b0d6
+ sha256:bb908e4a3c88a17b247a4fc8e0fff3419d8a13170fe7bdfbe0e2c5c082a276d3
COMPONENT_ARCHIVE_URL= $(COMPONENT_PROJECT_URL)$(COMPONENT_VERSION)/$(COMPONENT_ARCHIVE)
COMPONENT_BUGDB= utility/tss
-TPNO= 8341
+TPNO= 27256
TEST_TARGET= $(NO_TESTS)
include $(WS_MAKE_RULES)/common.mk
@@ -41,10 +41,18 @@
PATCH_LEVEL=0
ifeq ($(OS_VERSION),5.11)
+# These libraries are in libc for S12:
LIBS=-lnsl -lsocket
+# Use the "new" POSIX thread API (not the "draft" prototype):
CFLAGS += "-D_POSIX_PTHREAD_SEMANTICS"
endif
+# Trousers 0.3.13 requires automake/autoconf >= 1.13, but Userland default
+# is older than what is needed. So hard-coding to the next available, 1.15:
+# "--add-missing" needed to use default "compile" script.
+AUTOMAKE=/usr/bin/automake-1.15 --add-missing
+ACLOCAL=/usr/bin/aclocal-1.15
+
LIBS += -lgen
LDFLAGS += -lbsm -lscf -lresolv
@@ -72,21 +80,25 @@
$(AUTOCONF))
#
-# We had to use cc as the linker (see CONFIGURE_OPTIONS above) so the
-# .init and .fini sections get set correctly. Because we use cc, we
-# must pass the -m64 flag through cc to the linker when building 64 bit
-# libraries. We can't just add it to LDFLAGS because then it gets used
-# when creating executables and static libs and generates lots of noise
-# in the build logs. LDARCHFLAG is only recognized by the Makefile in
+# We had to use cc as the linker (see CONFIGURE_OPTIONS above) so the
+# .init and .fini sections get set correctly. Because we use cc, we
+# must pass the -m64 flag through cc to the linker when building 64 bit
+# libraries. We can't just add it to LDFLAGS because then it gets used
+# when creating executables and static libs and generates lots of noise
+# in the build logs. LDARCHFLAG is only recognized by the Makefile in
# the src/tspi directory.
#
COMPONENT_BUILD_ENV.64 += LDARCHFLAG="-Wl,$(CC_BITS)"
-COMPONENT_TEST_TARGETS =
+# For regression testing, use STC test suite "tss".
+# It requires a machine with TPM hardware that's enabled and initialized.
+COMPONENT_TEST_TARGETS =
COMPONENT_BUILD_TARGETS = all
-REQUIRED_PACKAGES += developer/build/automake-110
+# These are packages required for building, not for use:
+REQUIRED_PACKAGES += developer/build/automake-115
+REQUIRED_PACKAGES += developer/build/libtool
REQUIRED_PACKAGES += library/security/openssl
REQUIRED_PACKAGES += library/security/openssl/openssl-fips-140
REQUIRED_PACKAGES += shell/ksh93
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/trousers/patches/10-pie-for-solaris.patch Fri May 06 17:59:12 2016 -0700
@@ -0,0 +1,33 @@
+# Use PIC instead of PIE for Solaris.
+# The Solaris linker doesn't support the GNU '-z relro'.
+# This change was implemented in-house and is not suitable for use upstream.
+#
+--- src/tcs/Makefile.am 2014-04-24 11:05:44.000000000 -0700
++++ src/tcs/Makefile.am 2016-04-19 17:12:43.154159741 -0700
+@@ -2,7 +2,7 @@
+
+ CFLAGS+=-I${top_srcdir}/src/include
+ libtcs_a_LIBADD=${top_builddir}/src/tddl/libtddl.a
+-libtcs_a_CFLAGS=-DAPPID=\"TCSD\ TCS\" -DVAR_PREFIX=\"@localstatedir@\" -DETC_PREFIX=\"@sysconfdir@\" -fPIE -DPIE
++libtcs_a_CFLAGS=-DAPPID=\"TCSD\ TCS\" -DVAR_PREFIX=\"@localstatedir@\" -DETC_PREFIX=\"@sysconfdir@\" -fPIC
+
+ libtcs_a_SOURCES=log.c \
+ tcs_caps.c \
+--- src/tcsd/Makefile.am 2014-04-24 11:05:44.000000000 -0700
++++ src/tcsd/Makefile.am 2016-05-04 18:02:23.157205060 -0700
+@@ -2,5 +2,5 @@
+
+-tcsd_CFLAGS=-DAPPID=\"TCSD\" -DVAR_PREFIX=\"@localstatedir@\" -DETC_PREFIX=\"@sysconfdir@\" -I${top_srcdir}/src/include -fPIE -DPIE
++tcsd_CFLAGS=-DAPPID=\"TCSD\" -DVAR_PREFIX=\"@localstatedir@\" -DETC_PREFIX=\"@sysconfdir@\" -I${top_srcdir}/src/include -fPIC
+ tcsd_LDADD=${top_builddir}/src/tcs/libtcs.a ${top_builddir}/src/tddl/libtddl.a -lpthread @CRYPTOLIB@
+-tcsd_LDFLAGS=-pie -Wl,-z,relro -Wl,-z,now
++tcsd_LDFLAGS=-fPIC -Wl,-z,now
+
+--- src/tddl/Makefile.am 2014-04-24 11:05:44.000000000 -0700
++++ src/tddl/Makefile.am 2016-04-19 17:10:48.959752840 -0700
+@@ -1,4 +1,4 @@
+ lib_LIBRARIES=libtddl.a
+
+ libtddl_a_SOURCES=tddl.c
+-libtddl_a_CFLAGS=-DAPPID=\"TCSD\ TDDL\" -I${top_srcdir}/src/include -fPIE -DPIE
++libtddl_a_CFLAGS=-DAPPID=\"TCSD\ TDDL\" -I${top_srcdir}/src/include -fPIC
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/trousers/patches/20-configure.patch Fri May 06 17:59:12 2016 -0700
@@ -0,0 +1,57 @@
+# Change default port, and ensure endian.h is included when appropriate.
+# Specify automake/autoconfig version (automake ignores
+# "AM_INIT_AUTOMAKE([1.15])" in configure.in).
+# This change was implemented in-house and is not suitable for upstream use.
+#
+--- configure.in 2014-04-24 11:05:43.000000000 -0700
++++ configure.in 2016-04-18 16:34:42.645890750 -0700
+@@ -11,7 +11,10 @@
+
+ # compute $target
+ AC_CANONICAL_TARGET
+-AM_INIT_AUTOMAKE([foreign 1.6])
++# Make automake-1.15 shut up about "option 'subdir-objects' is disabled"
++AM_INIT_AUTOMAKE([foreign 1.15 subdir-objects])
++# Required by new autoconf 1.15:
++AC_CONFIG_MACRO_DIR([m4])
+
+ # Debugging support
+ AC_ARG_ENABLE([debug],
+@@ -147,7 +150,9 @@
+ #
+ # The default port that the TCS daemon listens on
+ #
+-AC_SUBST(TCSD_DEFAULT_PORT, 30003)
++#AC_SUBST(TCSD_DEFAULT_PORT, 30003)
++# 0 designates UNIX Domain socket. For TCP sockets, 30003 is the traditional TCP port.
++AC_SUBST(TCSD_DEFAULT_PORT, 0)
+ #
+ # The RPC mechanism to build into both libtspi and the tcsd
+ #
+@@ -355,6 +360,7 @@
+
+ AC_C_BIGENDIAN([AC_DEFINE(_BIG_ENDIAN, 1, [big-endian host])])
+ AC_CHECK_DECL(htole32, [AC_DEFINE(HTOLE_DEFINED, 1, [htole32 function is available])])
++AC_CHECK_HEADER(endian.h, [AC_DEFINE(HAVE_ENDIAN_H, 1, [endian.h header])])
+ AC_CHECK_HEADER(sys/byteorder.h, [AC_DEFINE(HAVE_BYTEORDER_H, 1, [sys/byteorder.h header])])
+ AC_CHECK_FUNC(daemon, [ AC_DEFINE(HAVE_DAEMON, 1, [daemon function is available]) ])
+
+--- configure 2014-04-24 11:05:49.000000000 -0700
++++ configure 2016-04-18 17:09:18.687255765 -0700
+@@ -2544,7 +2544,7 @@
+ test "$program_prefix$program_suffix$program_transform_name" = \
+ NONENONEs,x,x, &&
+ program_prefix=${target_alias}-
+-am__api_version='1.13'
++am__api_version='1.15'
+
+ # Find a good install program. We prefer a C program (faster),
+ # so one script is as good as another. But avoid the broken or
+--- Makefile.am 2014-04-24 11:05:44.000000000 -0700
++++ Makefile.am 2016-04-18 16:11:59.380522059 -0700
+@@ -4,3 +4,5 @@
+ doc/LTC-TSS_LLD_08_r2.pdf \
+ doc/LTC-TSS_LLD_08_r2.sxw \
+ doc/TSS_programming_SNAFUs.txt
++# Suggested by libtoolize:
++ACLOCAL_AMFLAGS = -I m4
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/trousers/patches/24-no-tss-user-group.patch Fri May 06 17:59:12 2016 -0700
@@ -0,0 +1,54 @@
+# Remove user/group tss, which is not used on Solaris.
+# This change is Solaris-specific and is not suitable for upstream use.
+# This change was implemented in-house.
+#
+--- dist/Makefile.am 2016-04-25 10:20:57.734329015 -0700
++++ dist/Makefile.am 2016-04-25 10:21:49.125800371 -0700
+@@ -4,23 +4,15 @@
+ install: install-exec-hook
+ if test ! -e ${DESTDIR}/@sysconfdir@/tcsd.conf; then mkdir -p ${DESTDIR}/@sysconfdir@ && cp tcsd.conf ${DESTDIR}/@sysconfdir@; fi
+ if !NOUSERCHECK
+- /bin/chown tss:tss ${DESTDIR}/@sysconfdir@/tcsd.conf || true
+ /bin/chmod 0600 ${DESTDIR}/@sysconfdir@/tcsd.conf
+ endif
+
+ install-exec-hook:
+ /bin/sh -c 'if [ ! -e ${DESTDIR}/@localstatedir@/lib/tpm ];then mkdir -p ${DESTDIR}/@localstatedir@/lib/tpm; fi'
+ if !NOUSERCHECK
+- /usr/sbin/groupadd tss || true
+- /usr/sbin/useradd -r tss -g tss || true
+- /bin/chown tss:tss ${DESTDIR}/@localstatedir@/lib/tpm || true
+ /bin/chmod 0700 ${DESTDIR}/@localstatedir@/lib/tpm
+ endif
+
+ uninstall-hook:
+ rm ${DESTDIR}/@sysconfdir@/tcsd.conf
+ rmdir ${DESTDIR}/@localstatedir@/lib/tpm
+-if !NOUSERCHECK
+- /usr/sbin/userdel tss || true
+- /usr/sbin/groupdel tss || true
+-endif
+--- dist/Makefile.in 2016-04-14 17:02:01.254097113 -0700
++++ dist/Makefile.in 2016-04-14 17:27:53.812377666 -0700
+@@ -438,21 +438,15 @@
+
+ install: install-exec-hook
+ if test ! -e ${DESTDIR}/@sysconfdir@/tcsd.conf; then mkdir -p ${DESTDIR}/@sysconfdir@ && cp tcsd.conf ${DESTDIR}/@sysconfdir@; fi
+-@NOUSERCHECK_FALSE@ /bin/chown tss:tss ${DESTDIR}/@sysconfdir@/tcsd.conf || true
+ @NOUSERCHECK_FALSE@ /bin/chmod 0600 ${DESTDIR}/@sysconfdir@/tcsd.conf
+
+ install-exec-hook:
+ /bin/sh -c 'if [ ! -e ${DESTDIR}/@localstatedir@/lib/tpm ];then mkdir -p ${DESTDIR}/@localstatedir@/lib/tpm; fi'
+-@NOUSERCHECK_FALSE@ /usr/sbin/groupadd tss || true
+-@NOUSERCHECK_FALSE@ /usr/sbin/useradd -r tss -g tss || true
+-@NOUSERCHECK_FALSE@ /bin/chown tss:tss ${DESTDIR}/@localstatedir@/lib/tpm || true
+ @NOUSERCHECK_FALSE@ /bin/chmod 0700 ${DESTDIR}/@localstatedir@/lib/tpm
+
+ uninstall-hook:
+ rm ${DESTDIR}/@sysconfdir@/tcsd.conf
+ rmdir ${DESTDIR}/@localstatedir@/lib/tpm
+-@NOUSERCHECK_FALSE@ /usr/sbin/userdel tss || true
+-@NOUSERCHECK_FALSE@ /usr/sbin/groupdel tss || true
+
+ # Tell versions [3.59,3.63) of GNU make to not export all variables.
+ # Otherwise a system limit (for SysV at least) may be exceeded.
--- a/components/trousers/patches/configure.in.patch Fri May 06 13:33:40 2016 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,37 +0,0 @@
-Fix pure 64-bit x86 builds on Solaris, change default port, and ensure endian.h
-is included when appropriate. No change is necessary for SPARC.
---- configure.in 2015-10-28 16:05:06.799975827 -0700
-+++ configure.in 2015-10-28 16:04:45.893833006 -0700
-@@ -38,6 +38,11 @@
- *ppc64* | *powerpc64* | *x86_64*)
- CFLAGS="$CFLAGS -m64"
- ;;
-+ *)
-+ ;;
-+esac
-+
-+case $target in
- *solaris*)
- CFLAGS="$CFLAGS -DSOLARIS"
- ;;
---- configure.in 2010-07-08 13:35:18.000000000 -0700
-+++ configure.in 2012-04-10 17:37:23.820532000 -0700
-@@ -143,7 +143,9 @@
- #
- # The default port that the TCS daemon listens on
- #
--AC_SUBST(TCSD_DEFAULT_PORT, 30003)
-+#AC_SUBST(TCSD_DEFAULT_PORT, 30003)
-+# 0 designates UNIX Domain socket. For TCP sockets, 30003 is the traditional TCP port.
-+AC_SUBST(TCSD_DEFAULT_PORT, 0)
- #
- # The RPC mechanism to build into both libtspi and the tcsd
- #
-@@ -351,6 +353,7 @@
-
- AC_C_BIGENDIAN([AC_DEFINE(_BIG_ENDIAN, 1, [big-endian host])])
- AC_CHECK_DECL(htole32, [AC_DEFINE(HTOLE_DEFINED, 1, [htole32 function is available])])
-+AC_CHECK_HEADER(endian.h, [AC_DEFINE(HAVE_ENDIAN_H, 1, [endian.h header])])
- AC_CHECK_HEADER(sys/byteorder.h, [AC_DEFINE(HAVE_BYTEORDER_H, 1, [sys/byteorder.h header])])
- AC_CHECK_FUNC(daemon, [ AC_DEFINE(HAVE_DAEMON, 1, [daemon function is available]) ])
-
--- a/components/trousers/patches/dist_Makefile.in.patch Fri May 06 13:33:40 2016 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,22 +0,0 @@
---- dist/Makefile.in.old 2010-07-08 13:35:29.000000000 -0700
-+++ dist/Makefile.in 2011-05-19 11:42:08.747116771 -0700
-@@ -364,19 +364,13 @@
-
- install: install-exec-hook
- if test ! -e ${DESTDIR}/@sysconfdir@/tcsd.conf; then mkdir -p ${DESTDIR}/@sysconfdir@ && cp tcsd.conf ${DESTDIR}/@sysconfdir@; fi
-- /bin/chown tss:tss ${DESTDIR}/@sysconfdir@/tcsd.conf || true
- /bin/chmod 0600 ${DESTDIR}/@sysconfdir@/tcsd.conf
-
- install-exec-hook:
-- /usr/sbin/groupadd tss || true
-- /usr/sbin/useradd -r tss -g tss || true
- /bin/sh -c 'if [ ! -e ${DESTDIR}/@localstatedir@/lib/tpm ];then mkdir -p ${DESTDIR}/@localstatedir@/lib/tpm; fi'
-- /bin/chown tss:tss ${DESTDIR}/@localstatedir@/lib/tpm || true
- /bin/chmod 0700 ${DESTDIR}/@localstatedir@/lib/tpm
-
- uninstall-hook:
-- /usr/sbin/userdel tss || true
-- /usr/sbin/groupdel tss || true
-
- # Tell versions [3.59,3.63) of GNU make to not export all variables.
- # Otherwise a system limit (for SysV at least) may be exceeded.
--- a/components/trousers/patches/include_tcsd.h.patch Fri May 06 13:33:40 2016 -0700
+++ b/components/trousers/patches/include_tcsd.h.patch Fri May 06 17:59:12 2016 -0700
@@ -1,14 +1,18 @@
---- src/include/tcsd.h 2010-05-02 19:54:15.000000000 -0700
-+++ src/include/tcsd.h 2012-04-11 12:43:21.508009000 -0700
-@@ -48,14 +48,24 @@
- of this TCS System */
+# Add or change Solaris-specific file and directory names.
+# This change was implemented in-house and is not suitable for upstream use.
+#
+--- src/include/tcsd.h 2014-04-24 11:05:44.000000000 -0700
++++ src/include/tcsd.h 2016-04-22 11:29:09.043084190 -0700
+@@ -50,15 +50,27 @@
+ int disable_ipv6;
};
+#ifdef SOLARIS
-+#define TCSD_CONFIG_FILE "/etc/security/tcsd.conf"
++#define TCSD_DEFAULT_CONFIG_FILE "/etc/security/tcsd.conf"
+#else
- #define TCSD_CONFIG_FILE ETC_PREFIX "/tcsd.conf"
+ #define TCSD_DEFAULT_CONFIG_FILE ETC_PREFIX "/tcsd.conf"
+#endif
+ extern char *tcsd_config_file;
#define TSS_USER_NAME "tss"
#define TSS_GROUP_NAME "tss"
@@ -21,7 +25,9 @@
+#else
#define TCSD_DEFAULT_SYSTEM_PS_FILE VAR_PREFIX "/lib/tpm/system.data"
#define TCSD_DEFAULT_SYSTEM_PS_DIR VAR_PREFIX "/lib/tpm"
-+#endif /* SOLARIS */
++#define TCSD_DEFAULT_SOCKET VAR_PREFIX "/run/tpm/tpmd_socket:0"
++
++#endif /* SOLARIS */
#define TCSD_DEFAULT_FIRMWARE_LOG_FILE "/sys/kernel/security/tpm0/binary_bios_measurements"
#define TCSD_DEFAULT_KERNEL_LOG_FILE "/sys/kernel/security/ima/binary_runtime_measurements"
#define TCSD_DEFAULT_FIRMWARE_PCRS 0x00000000
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/trousers/patches/include_trousers_types.h.patch Fri May 06 17:59:12 2016 -0700
@@ -0,0 +1,18 @@
+# Include Solaris as defining const keyword to remove compiler warnings.
+# Solaris-specific, but suitable for use upstream.
+# This change was implemented in-house.
+#
+--- src/include/trousers_types.h 2010-09-10 12:50:27.000000000 -0700
++++ src/include/trousers_types.h 2012-04-23 13:53:43.275840000 -0700
+@@ -118,9 +118,9 @@
+ BYTE *encData;
+ } TSS_KEY;
+
+-#if (defined (__linux) || defined (linux) || defined (SOLARIS) || defined (__GLIBC__))
++#if (defined (__linux) || defined (linux) || defined (__GLIBC__))
+ #define BSD_CONST
+-#elif (defined (__OpenBSD__) || defined (__FreeBSD__))
++#elif (defined (__OpenBSD__) || defined (__FreeBSD__) || defined (SOLARIS))
+ #define BSD_CONST const
+ #endif
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/trousers/patches/include_tsp_delegate.h.patch Fri May 06 17:59:12 2016 -0700
@@ -0,0 +1,13 @@
+# Add missing tspi_freeTable function signature to fix compiler warnings.
+# Suitable for use upstream.
+# This change was implemented in-house.
+#
+--- src/include/tsp_delegate.h 2010-03-11 12:26:51.000000000 -0800
++++ src/include/tsp_delegate.h 2012-04-23 14:37:24.040135000 -0700
+@@ -19,5 +19,6 @@
+ TSS_RESULT update_delfamily_object(TSS_HTPM, UINT32);
+ TSS_RESULT get_delegate_index(TSS_HCONTEXT, UINT32, TPM_DELEGATE_PUBLIC *);
+ TSS_RESULT __tspi_build_delegate_public_info(BYTE, TSS_HPCRS, TSS_HDELFAMILY, TSS_HPOLICY, UINT32 *, BYTE **);
++TSS_RESULT __tspi_freeTable(TSS_HCONTEXT tspContext);
+
+ #endif
--- a/components/trousers/patches/man_man8_tcsd.8.in.patch Fri May 06 13:33:40 2016 -0700
+++ b/components/trousers/patches/man_man8_tcsd.8.in.patch Fri May 06 17:59:12 2016 -0700
@@ -1,6 +1,9 @@
---- man/man8/tcsd.8.in 2010-01-28 08:27:51.000000000 -0800
-+++ man/man8/tcsd.8.in 2012-04-16 17:46:52.763527000 -0700
-@@ -51,10 +51,11 @@
+# Document the addition of UNIX sockets, which is now the default on Solaris.
+# This patch was developed in-house and is suitable for upstream use.
+#
+--- man/man8/tcsd.8.in 2014-04-24 11:05:44.000000000 -0700
++++ man/man8/tcsd.8.in 2016-04-14 17:53:56.097075543 -0700
+@@ -66,10 +66,11 @@
There are two types of access control for the \fBtcsd\fR, access to the
daemon's socket itself and access to specific commands internal to the
\fBtcsd\fR. Access to the \fBtcsd\fR's port should be controlled by the system
@@ -8,7 +11,7 @@
-will allow a specific host access to the tcsd:
-
-# iptables -A INPUT -s $IP_ADDRESS -p tcp --destination-port @TCSD_DEFAULT_PORT@ -j ACCEPT
-+administrator using firewall rules.
++administrator using firewall rules.
+If port = 0 in /etc/security/tcsd.conf, \fBtcsd\R uses a UNIX Domain socket.
+Otherwise, \fBtcsd\fR uses a TCP port.
+By default the TCP port, when enabled, is accessible only from localhost,
@@ -16,7 +19,7 @@
Access to individual commands internal to the tcsd is configured by the
\fBtcsd\fR configuration file's "remote_ops" directive. Each function call
-@@ -74,12 +75,32 @@
+@@ -89,12 +90,32 @@
the TCS and stays valid across application lifetimes, \fBtcsd\fR restarts and
system resets. Data registered in system PS stays valid until an application
requests that it be removed. User PS files are by default stored as
@@ -53,19 +56,17 @@
.SH "DEBUG OUTPUT"
If TrouSerS has been compiled with debugging enabled, the debugging output
-@@ -88,8 +109,9 @@
- .SH "DEVICE DRIVERS"
- .PP
- \fBtcsd\fR is compatible with the IBM Research TPM device driver available
--from http://www.research.ibm.com/gsal/tcpa and the TPM device driver available
--from http://sf.net/projects/tmpdd
-+from http://www.research.ibm.com/gsal/tcpa and the TPM device driver for
-+Linux available from http://sf.net/projects/tmpdd. It is also compatible
-+with the TPM device driver for Solaris which is available in the driver/crypto/tpm package.
+@@ -106,6 +127,9 @@
+ from http://ibmswtpm.sourceforge.net/ and the TPM device driver available
+ from http://sf.net/projects/tpmdd, which is also available in the upstream
+ Linux kernel and many Linux distros.
++It is also compatible with the TPM device driver for Oracle Solaris which is
++available in package driver/crypto/tpm.
++
.SH "CONFORMING TO"
.PP
-@@ -98,7 +120,23 @@
+@@ -114,10 +138,26 @@
.SH "SEE ALSO"
.PP
@@ -90,3 +91,7 @@
.SH "AUTHOR"
Kent Yoder
+
+ .SH "REPORTING BUGS"
+-Report bugs to <@PACKAGE_BUGREPORT@>
++Report bugs to <[email protected]>
--- a/components/trousers/patches/tcs_rpc_tcstp_rpc.c.patch Fri May 06 13:33:40 2016 -0700
+++ b/components/trousers/patches/tcs_rpc_tcstp_rpc.c.patch Fri May 06 17:59:12 2016 -0700
@@ -1,6 +1,10 @@
---- src/tcs/rpc/tcstp/rpc.c.orig Fri Jun 5 12:45:50 2009
-+++ src/tcs/rpc/tcstp/rpc.c Thu Sep 10 13:05:33 2009
-@@ -385,134 +385,134 @@
+# Add Solaris Auditing.
+# Patch not suitable for upstream use.
+# This change was implemented in-house.
+#
+--- src/tcs/rpc/tcstp/rpc.c 2014-04-24 11:05:44.000000000 -0700
++++ src/tcs/rpc/tcstp/rpc.c 2016-04-18 13:55:57.811658163 -0700
+@@ -387,134 +387,134 @@
typedef struct tdDispatchTable {
TSS_RESULT (*Func) (struct tcsd_thread_data *);
const char *name;
@@ -260,7 +264,7 @@
int
access_control(struct tcsd_thread_data *thread_data)
{
-@@ -562,11 +562,190 @@
+@@ -565,11 +565,190 @@
return 1;
}
@@ -451,7 +455,7 @@
/* First, check the ordinal bounds */
if (data->comm.hdr.u.ordinal >= TCSD_MAX_NUM_ORDS) {
-@@ -596,6 +775,9 @@
+@@ -600,6 +779,9 @@
}
/* Now, dispatch */
@@ -461,7 +465,7 @@
if ((result = tcs_func_table[data->comm.hdr.u.ordinal].Func(data)) == TSS_SUCCESS) {
/* set the comm buffer */
offset = 0;
-@@ -607,6 +789,9 @@
+@@ -611,6 +793,9 @@
LoadBlob_UINT32(&offset, data->comm.hdr.parm_size, data->comm.buf);
LoadBlob_UINT32(&offset, data->comm.hdr.parm_offset, data->comm.buf);
}
--- a/components/trousers/patches/tcs_rpc_tcstp_rpc_ps.c.patch Fri May 06 13:33:40 2016 -0700
+++ b/components/trousers/patches/tcs_rpc_tcstp_rpc_ps.c.patch Fri May 06 17:59:12 2016 -0700
@@ -1,5 +1,9 @@
---- src/tcs/rpc/tcstp/rpc_ps.c.orig 2011-03-23 11:01:54.707428173 -0700
-+++ src/tcs/rpc/tcstp/rpc_ps.c 2011-03-23 11:27:00.753845441 -0700
+# Add Solaris-specific code to verify the socket peer credential when
+# a key is registered.
+# This change was developed in-house and is not suitable for upstream use.
+#
+--- src/tcs/rpc/tcstp/rpc_ps.c 2014-04-24 11:05:44.000000000 -0700
++++ src/tcs/rpc/tcstp/rpc_ps.c 2016-04-18 13:55:57.830151412 -0700
@@ -26,6 +26,29 @@
#include "tcs_utils.h"
#include "rpc_tcstp_tcs.h"
@@ -41,7 +45,7 @@
if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm))
return TCSERR(TSS_E_INTERNAL_ERROR);
-@@ -99,6 +126,10 @@
+@@ -102,6 +129,10 @@
TCS_CONTEXT_HANDLE hContext;
TSS_UUID uuid;
TSS_RESULT result;
--- a/components/trousers/patches/tcsd_svrside.c.patch Fri May 06 13:33:40 2016 -0700
+++ b/components/trousers/patches/tcsd_svrside.c.patch Fri May 06 17:59:12 2016 -0700
@@ -1,9 +1,16 @@
---- src/tcsd/svrside.c 2010-06-09 13:19:00.000000000 -0700
-+++ src/tcsd/svrside.c 2014-07-10 14:53:38.347867637 -0700
-@@ -27,6 +27,15 @@
- #include <arpa/inet.h>
+# Add ability to connect to UNIX socket and make it the default.
+# Drop Solaris privileges for security.
+# Add -h and --help options.
+# Update the event log file during startup and shutdown.
+# This change was implemented in-house and is suitable for upstream use.
+#
+--- src/tcsd/svrside.c 2014-04-24 11:05:44.000000000 -0700
++++ src/tcsd/svrside.c 2016-04-26 15:49:54.940330002 -0700
+@@ -28,6 +28,16 @@
#include <errno.h>
#include <getopt.h>
+ #include <sys/select.h>
++
+#ifdef SOLARIS
+#include <priv.h>
+#include <fcntl.h>
@@ -16,34 +23,11 @@
#include "trousers/tss.h"
#include "trousers_types.h"
#include "tcs_tsp.h"
-@@ -44,6 +53,10 @@
- static volatile int hup = 0, term = 0;
- extern char *optarg;
+@@ -54,6 +64,204 @@
+ #define MAX_IP_PROTO 2
+ #define INVALID_ADDR_STR "<Invalid client address>"
+#ifdef SOLARIS
-+static int get_event_log_from_kernel(void);
-+#endif
-+
- static void
- tcsd_shutdown(void)
- {
-@@ -170,6 +183,10 @@
- (void)req_mgr_final();
- return result;
- }
-+#ifdef SOLARIS
-+ /* Not fatal if this fails */
-+ (void) get_event_log_from_kernel();
-+#endif
-
- result = owner_evict_init();
- if (result != TSS_SUCCESS) {
-@@ -208,13 +225,169 @@
- }
-
-
-+#ifdef SOLARIS
-+
+extern int get_device_fd(void);
+
+#define TPM_IOCTL_GETEVTABLE 1
@@ -56,7 +40,7 @@
+store_eventlog(char *filename, struct tpm_evtable_ioblk *evlog)
+{
+ int fd;
-+ int bytes = 0;
++ unsigned int bytes = 0;
+
+ fd = open(filename, O_WRONLY | O_TRUNC | O_CREAT, 0600);
+ if (fd == -1) {
@@ -181,163 +165,139 @@
+ if (!nochdir)
+ (void) chdir("/");
+ (void) umask(0);
-+ /* Redirect stdin, stdout, and stderr to /dev/null */
-+ if (!noclose && (fd = open("/dev/null", O_RDWR, 0)) != -1) {
-+ (void) dup2(fd, STDIN_FILENO);
-+ (void) dup2(fd, STDOUT_FILENO);
-+ (void) dup2(fd, STDERR_FILENO);
-+ if (fd > 2)
-+ (void)close (fd);
-+ }
+ return (0);
+}
+#endif /* !HAVE_DAEMON */
+
- int
- main(int argc, char **argv)
- {
-- struct sockaddr_in serv_addr, client_addr;
-+ typedef union {
-+ struct sockaddr_in in;
-+ struct sockaddr_un un;
-+ } sockaddr_un_in_t;
-+ sockaddr_un_in_t serv_addr, client_addr;
-+ int rv;
- TSS_RESULT result;
- int sd, newsd, c, option_index = 0;
-- unsigned client_len;
-+ unsigned client_len, serv_len;
- char *hostname = NULL;
- struct passwd *pwd;
- struct hostent *client_hostent = NULL;
-@@ -245,26 +418,50 @@
- if ((result = tcsd_startup()))
- return (int)result;
-
-- sd = socket(AF_INET, SOCK_STREAM, 0);
-- if (sd < 0) {
-- LogError("Failed socket: %s", strerror(errno));
-- return -1;
-- }
-+ if (tcsd_options.port == 0) { /* UNIX Domain socket */
-+ /* Use UNIX Domain socket instead of TCP/IP socket */
-+ sd = socket(AF_UNIX, SOCK_STREAM, 0);
-+ if (sd < 0) {
-+ LogError("Failed socket: %s", strerror(errno));
-+ return -1;
-+ }
++
++static int
++setup_unix_socket(struct srv_sock_info ssi[])
++{
++ struct sockaddr_un serv_addr;
++ int sd, opt;
++
++ ssi->sd = -1;
++
++ // Initialization of UNIX socket.
++ sd = socket(PF_UNIX, SOCK_STREAM, 0);
++ if (sd < 0) {
++ LogWarn("Failed UNIX socket: %s", strerror(errno));
++ goto err;
++ }
+
-+ memset(&serv_addr, 0, sizeof (serv_addr));
-+ serv_addr.un.sun_family = AF_UNIX;
-+ strncpy(serv_addr.un.sun_path, TCSD_DEFAULT_SOCKET,
-+ sizeof (serv_addr.un.sun_path));
-+ (void) unlink(TCSD_DEFAULT_SOCKET);
++ memset(&serv_addr, 0, sizeof (serv_addr));
++ serv_addr.sun_family = AF_UNIX;
++ strncpy(serv_addr.sun_path, TCSD_DEFAULT_SOCKET,
++ sizeof(serv_addr.sun_path));
++ /* Remove previous stale server socket, if any */
++ (void) unlink(TCSD_DEFAULT_SOCKET);
++
++ LogDebug("Connecting to UNIX Domain socket %s",
++ TCSD_DEFAULT_SOCKET);
++
+
-+ } else { /* TCP socket */
-+ sd = socket(AF_INET, SOCK_STREAM, 0);
-+ if (sd < 0) {
-+ LogError("Failed socket: %s", strerror(errno));
-+ return -1;
-+ }
-
-- memset(&serv_addr, 0, sizeof (serv_addr));
-- serv_addr.sin_family = AF_INET;
-- serv_addr.sin_port = htons(tcsd_options.port);
--
-- /* If no remote_ops are defined, restrict connections to localhost
-- * only at the socket. */
-- if (tcsd_options.remote_ops[0] == 0)
-- serv_addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
-- else
-- serv_addr.sin_addr.s_addr = htonl(INADDR_ANY);
--
-- c = 1;
-- setsockopt(sd, SOL_SOCKET, SO_REUSEADDR, &c, sizeof(c));
-- if (bind(sd, (struct sockaddr *) &serv_addr, sizeof (serv_addr)) < 0) {
-+ memset(&serv_addr, 0, sizeof (serv_addr));
-+ serv_addr.in.sin_family = AF_INET;
-+ serv_addr.in.sin_port = htons(tcsd_options.port);
++ if (bind(sd, (struct sockaddr *) &serv_addr, sizeof (serv_addr)) < 0) {
++ LogWarn("Failed UNIX socket bind: %s", strerror(errno));
++ goto err;
++ }
+
-+ /* If no remote_ops are defined, restrict connections to localhost
-+ * only at the socket. */
-+ if (tcsd_options.remote_ops[0] == 0)
-+ serv_addr.in.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
-+ else
-+ serv_addr.in.sin_addr.s_addr = htonl(INADDR_ANY);
++ if (listen(sd, TCSD_MAX_SOCKETS_QUEUED) < 0) {
++ LogWarn("Failed UNIX socket listen: %s", strerror(errno));
++ goto err;
++ }
+
-+ c = 1;
-+ setsockopt(sd, SOL_SOCKET, SO_REUSEADDR, &c, sizeof(c));
++ if (chmod(serv_addr.sun_path, 0666) < 0) {
++ LogError("Failed chmod %s: %s", serv_addr.sun_path,
++ strerror(errno));
++ return (-1);
+ }
+
-+ if (tcsd_options.port == 0) { /* UNIX Domain socket */
-+ serv_len = (unsigned)sizeof(serv_addr.un);
-+ client_len = (unsigned)sizeof(client_addr.un);
-+ } else { /* TCP socket */
-+ serv_len = (unsigned)sizeof(serv_addr.in);
-+ client_len = (unsigned)sizeof(client_addr.in);
-+ }
-+ if (bind(sd, (struct sockaddr *) &serv_addr, serv_len) < 0) {
- LogError("Failed bind: %s", strerror(errno));
- return -1;
++ ssi->domain = AF_UNIX;
++ ssi->sd = sd;
++ ssi->addr_len = sizeof (serv_addr);
++
++ return (0);
++
++ err:
++ if (sd != -1)
++ close(sd);
++
++ return (-1);
++}
++
+ static void close_server_socks(struct srv_sock_info *socks_info)
+ {
+ int i, rv;
+@@ -83,6 +291,10 @@
+ auth_mgr_final();
+ (void)req_mgr_final();
+ conf_file_final(&tcsd_options);
++#ifdef SOLARIS
++ /* Not fatal if this fails */
++ (void) get_event_log_from_kernel();
++#endif
+ EVENT_LOG_final();
+ }
+
+@@ -199,6 +411,10 @@
+ (void)req_mgr_final();
+ return result;
}
-@@ -285,7 +482,12 @@
- LogError("Failed listen: %s", strerror(errno));
- return -1;
- }
-- client_len = (unsigned)sizeof(client_addr);
++#ifdef SOLARIS
++ /* Not fatal if this fails */
++ (void) get_event_log_from_kernel();
++#endif
+
+ result = owner_evict_init();
+ if (result != TSS_SUCCESS) {
+@@ -352,6 +568,13 @@
+ int i=0;
+
+ ssi[0].sd = ssi[1].sd = -1;
++
++ // By default, use UNIX socket
++ if (tcsd_options.port == 0) {
++ return (setup_unix_socket(&ssi[0]));
++ }
+
-+ if (chmod(serv_addr.un.sun_path, 0666) < 0) {
-+ LogError("Failed chmod %s: %s", serv_addr.un.sun_path,
-+ strerror(errno));
-+ return -1;
-+ }
-
- if (getenv("TCSD_FOREGROUND") == NULL) {
- if (daemon(0, 0) == -1) {
-@@ -295,6 +497,12 @@
++ // Use TCP/IP socket
+ // Only enqueue sockets successfully bound or that weren't disabled.
+ if (tcsd_options.disable_ipv4) {
+ LogWarn("IPv4 support disabled by configuration option");
+@@ -380,11 +603,17 @@
+
+ if (getnameinfo((struct sockaddr *)client_addr, socklen, buf,
+ sizeof(buf), NULL, 0, 0) != 0) {
+- LogWarn("Could not retrieve client address info");
+- return NULL;
+- } else {
+- return strdup(buf);
++ if (tcsd_options.port == 0) { /* UNIX socket (always local) */
++ if (gethostname(buf, sizeof (buf)) != 0) {
++ strcpy(buf, "localhost");
++ }
++ } else {
++ LogWarn("Could not retrieve client address info");
++ return NULL;
++ }
+ }
++
++ return (strdup(buf));
+ }
+
+ void prepare_for_select(struct srv_sock_info *socks_info, int *num_fds,
+@@ -490,6 +719,14 @@
}
}
+#ifdef SOLARIS
+ /* For Solaris, drop privileges for security. */
-+ if ((rv = drop_privs()))
++ if ((rv = drop_privs())) {
++ LogError("drop_privs failed: %s", strerror(errno));
+ return (rv);
++ }
+#endif /* SOLARIS */
+
LogInfo("%s: TCSD up and running.", PACKAGE_STRING);
- do {
- newsd = accept(sd, (struct sockaddr *) &client_addr, &client_len);
-@@ -314,20 +522,22 @@
- }
- LogDebug("accepted socket %i", newsd);
-- if ((client_hostent = gethostbyaddr((char *) &client_addr.sin_addr,
-- sizeof(client_addr.sin_addr),
-+ if (tcsd_options.port != 0) { /* TCP socket */
-+ if ((client_hostent = gethostbyaddr((char *) &client_addr.in.sin_addr,
-+ sizeof(client_addr.in.sin_addr),
- AF_INET)) == NULL) {
-- char buf[16];
-- uint32_t addr = htonl(client_addr.sin_addr.s_addr);
-+ char buf[16];
-+ uint32_t addr = htonl(client_addr.in.sin_addr.s_addr);
-
-- snprintf(buf, 16, "%d.%d.%d.%d", (addr & 0xff000000) >> 24,
-- (addr & 0x00ff0000) >> 16, (addr & 0x0000ff00) >> 8,
-- addr & 0x000000ff);
-+ snprintf(buf, 16, "%d.%d.%d.%d", (addr & 0xff000000) >> 24,
-+ (addr & 0x00ff0000) >> 16, (addr & 0x0000ff00) >> 8,
-+ addr & 0x000000ff);
-
-- LogWarn("Host name for connecting IP %s could not be resolved", buf);
-- hostname = strdup(buf);
-- } else {
-- hostname = strdup(client_hostent->h_name);
-+ LogWarn("Host name for connecting IP %s could not be resolved", buf);
-+ hostname = strdup(buf);
-+ } else {
-+ hostname = strdup(client_hostent->h_name);
-+ }
- }
-
- tcsd_thread_create(newsd, hostname);
+ sigemptyset(&sigmask);
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/trousers/patches/tcsd_tcsd_threads.c.patch Fri May 06 17:59:12 2016 -0700
@@ -0,0 +1,22 @@
+# Fix compiler warnings with type casting.
+# Suitable for use upstream.
+# This change was implemented in-house.
+#
+--- src/tcsd/tcsd_threads.c 2010-09-10 12:50:27.000000000 -0700
++++ src/tcsd/tcsd_threads.c 2012-04-23 14:27:25.589107000 -0700
+@@ -185,13 +185,13 @@
+
+ if ((rc = sigfillset(&thread_sigmask))) {
+ LogError("sigfillset failed: error=%d: %s", rc, strerror(rc));
+- LogError("worker thread %ld is exiting prematurely", THREAD_ID);
++ LogError("worker thread %lu is exiting prematurely", (unsigned long)THREAD_ID);
+ THREAD_EXIT(NULL);
+ }
+
+ if ((rc = THREAD_SET_SIGNAL_MASK(SIG_BLOCK, &thread_sigmask, NULL))) {
+ LogError("Setting thread sigmask failed: error=%d: %s", rc, strerror(rc));
+- LogError("worker thread %ld is exiting prematurely", THREAD_ID);
++ LogError("worker thread %lu is exiting prematurely", (unsigned long)THREAD_ID);
+ THREAD_EXIT(NULL);
+ }
+ }
--- a/components/trousers/patches/tddl_tddl.c.patch Fri May 06 13:33:40 2016 -0700
+++ b/components/trousers/patches/tddl_tddl.c.patch Fri May 06 17:59:12 2016 -0700
@@ -1,5 +1,10 @@
---- src/tddl/tddl.c Mon Apr 12 22:24:21 2010
-+++ src/tddl/tddl.c.new Thu Sep 22 12:28:25 2011
+# Define Solaris-specific device paths.
+# Add error message if path can't be opened.
+# This change was implemented in-house.
+# Except for the open() error message, it is not suitable for upstream use.
+#
+--- src/tddl/tddl.c 2014-04-24 11:05:44.000000000 -0700
++++ src/tddl/tddl.c 2016-04-22 11:21:14.166497559 -0700
@@ -18,13 +18,17 @@
#include "trousers/tss.h"
@@ -32,6 +37,15 @@
int
open_device()
+@@ -55,7 +66,7 @@
+ if ((tcp_device_hostname = getenv("TCSD_TCP_DEVICE_HOSTNAME")) == NULL)
+ tcp_device_hostname = "localhost";
+ if ((un_socket_device_path = getenv("TCSD_UN_SOCKET_DEVICE_PATH")) == NULL)
+- un_socket_device_path = "/var/run/tpm/tpmd_socket:0";
++ un_socket_device_path = TCSD_DEFAULT_SOCKET;
+ if ((tcp_device_port_string = getenv("TCSD_TCP_DEVICE_PORT")) != NULL)
+ tcp_device_port = atoi(tcp_device_port_string);
+ else
@@ -63,7 +74,7 @@
--- a/components/trousers/patches/tspi_Makefile.am.patch Fri May 06 13:33:40 2016 -0700
+++ b/components/trousers/patches/tspi_Makefile.am.patch Fri May 06 17:59:12 2016 -0700
@@ -1,15 +1,20 @@
---- src/tspi/Makefile.am.old Thu Jan 28 13:45:54 2010
-+++ src/tspi/Makefile.am Fri May 28 14:00:42 2010
+# Fix 64-bit linking
+# LDARCHFLAG is passed from the top-level components/trousers/Makefile.
+# See the comments there. Not suitable for upstream use.
+# This change was implemented in-house.
+#
+--- src/tspi/Makefile.am 2014-04-24 11:05:44.000000000 -0700
++++ src/tspi/Makefile.am 2016-04-18 13:55:57.962261900 -0700
@@ -17,7 +17,7 @@
# 5. If any interfaces have been added since the last public release, then increment age.
# 6. If any interfaces have been removed since the last public release, then set age to 0.
--libtspi_la_LDFLAGS=-version-info 2:3:1 -lpthread @CRYPTOLIB@
-+libtspi_la_LDFLAGS=$(LDARCHFLAG) -version-info 2:3:1 @CRYPTOLIB@
+-libtspi_la_LDFLAGS=-version-info 3:0:2 -lpthread @CRYPTOLIB@
++libtspi_la_LDFLAGS=$(LDARCHFLAG) -version-info 3:0:2 @CRYPTOLIB@
libtspi_la_CFLAGS=-I$(top_srcdir)/src/include -DAPPID=\"TSPI\" -DVAR_PREFIX=\"@localstatedir@\" -DETC_PREFIX=\"@sysconfdir@\"
-@@ -217,7 +217,6 @@
+@@ -218,7 +218,6 @@
libtspi_la_SOURCES+=gtk/main.c gtk/support.c gtk/interface.c gtk/callbacks.c
endif
if OPENSSL_UI
--- a/components/trousers/patches/tspi_context.c.patch Fri May 06 13:33:40 2016 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,11 +0,0 @@
---- src/tspi/tspi_context.c.orig Wed Feb 3 07:39:06 2010
-+++ src/tspi/tspi_context.c Wed Feb 3 07:39:22 2010
-@@ -55,6 +55,8 @@
- /* Destroy all objects */
- obj_close_context(tspContext);
-
-+ __tspi_freeTable(tspContext);
-+
- /* close the ps file */
- PS_close();
-
--- a/components/trousers/patches/tspi_ps_tspps.c.patch Fri May 06 13:33:40 2016 -0700
+++ b/components/trousers/patches/tspi_ps_tspps.c.patch Fri May 06 17:59:12 2016 -0700
@@ -1,12 +1,26 @@
-#
# tspi_ps_tspps.c.patch
# This change implements Solaris-specific locations for the
# TSS PS (persistent storage), aka TPM keystore.
-# It is not suitable for upstream use. This change was implemented in-house.
+# It is not suitable for upstream use.
+#
+# The change to getpwuid_r() uses the "new" POSIX PTHREAD API (as opposed to
+# the old "Draft6" prototype). It requires -D_POSIX_PTHREAD_SEMANTICS
+# on S11 and older in order to use (and is the default on S12+).
+# This change was implemented in-house.
#
---- src/tspi/ps/tspps.c.orig 2011-03-24 13:06:14.607907754 -0700
-+++ src/tspi/ps/tspps.c 2011-03-24 13:07:30.668528209 -0700
-@@ -70,9 +70,12 @@
+--- src/tspi/ps/tspps.c 2014-04-24 11:05:44.000000000 -0700
++++ src/tspi/ps/tspps.c 2016-04-18 13:55:57.975454990 -0700
+@@ -22,6 +22,9 @@
+ #include <fcntl.h>
+ #include <limits.h>
+ #include <netdb.h>
++#ifdef SOLARIS
++#include <libgen.h> /* mkdirp() */
++#endif
+ #if defined (HAVE_BYTEORDER_H)
+ #include <sys/byteorder.h>
+ #elif defined(HTOLE_DEFINED)
+@@ -60,9 +63,12 @@
TSS_RESULT result;
char *file_name = NULL, *home_dir = NULL;
struct passwd *pwp;
@@ -20,7 +34,7 @@
struct stat stat_buf;
char buf[PASSWD_BUFSIZE];
uid_t euid;
-@@ -94,9 +97,15 @@
+@@ -84,9 +90,15 @@
* in the user's home directory, which may be shared
* by multiple systems.
*
@@ -38,7 +52,7 @@
#else
setpwent();
while (1) {
-@@ -142,7 +152,7 @@
+@@ -132,7 +144,7 @@
if (errno == ENOENT) {
errno = 0;
/* Create the user's ps directory if it is not there. */
@@ -47,7 +61,7 @@
LogDebugFn("USER PS: Error creating dir: %s: %s", buf,
strerror(errno));
result = TSPERR(TSS_E_INTERNAL_ERROR);
-@@ -157,8 +167,8 @@
+@@ -147,8 +159,8 @@
/* Directory exists or has been created, return the path to the file */
#if defined (SOLARIS)
--- a/components/trousers/patches/tspi_rpc_hosttable.c.patch Fri May 06 13:33:40 2016 -0700
+++ b/components/trousers/patches/tspi_rpc_hosttable.c.patch Fri May 06 17:59:12 2016 -0700
@@ -1,23 +1,31 @@
---- src/tspi/rpc/hosttable.c 2010-05-01 19:39:11.000000000 -0700
-+++ src/tspi/rpc/hosttable.c 2012-03-23 16:21:30.018582000 -0700
-@@ -22,7 +22,7 @@
- struct host_table *ht = NULL;
+# Add solaris-specific #pragma init and fini.
+# Add NULL pointer check.
+# Except for the #pragmas, this patch is suitable for upstream use.
+#
++++ src/tspi/rpc/hosttable.c 2014-04-24 11:05:44.000000000 -0700
+--- src/tspi/rpc/hosttable.c 2016-04-18 13:55:57.988441566 -0700
+@@ -21,8 +21,8 @@
- TSS_RESULT
+ static struct host_table *ht = NULL;
+
+-TSS_RESULT
-host_table_init()
-+static host_table_init(void)
++static TSS_RESULT
++host_table_init(void)
{
ht = calloc(1, sizeof(struct host_table));
if (ht == NULL) {
-@@ -36,8 +36,7 @@
+@@ -35,9 +35,8 @@
+ return TSS_SUCCESS;
}
- #ifdef SOLARIS
+-#ifdef SOLARIS
-#pragma init(_init)
-void _init(void)
++#ifdef SOLARIS && !defined(__GNUC__)
+static void my_init(void)
#else
- void __attribute__ ((constructor)) my_init(void)
+ static void __attribute__ ((constructor)) my_init(void)
#endif
@@ -46,11 +45,14 @@
__tspi_obj_list_init();
@@ -35,15 +43,17 @@
MUTEX_LOCK(ht->lock);
for (hte = ht->entries; hte; hte = next) {
-@@ -70,8 +72,7 @@
+@@ -69,9 +71,8 @@
+ ht = NULL;
}
- #ifdef SOLARIS
+-#ifdef SOLARIS
-#pragma fini(_fini)
-void _fini(void)
++#ifdef SOLARIS && !defined(__GNUC__)
+static void my_fini(void)
#else
- void __attribute__ ((destructor)) my_fini(void)
+ static void __attribute__ ((destructor)) my_fini(void)
#endif
@@ -79,6 +80,11 @@
host_table_final();
--- a/components/trousers/patches/tspi_rpc_tcstp_rpc.c.patch Fri May 06 13:33:40 2016 -0700
+++ b/components/trousers/patches/tspi_rpc_tcstp_rpc.c.patch Fri May 06 17:59:12 2016 -0700
@@ -1,98 +1,44 @@
---- src/tspi/rpc/tcstp/rpc.c 2010-03-11 12:26:51.000000000 -0800
-+++ src/tspi/rpc/tcstp/rpc.c 2012-04-11 14:28:08.181630000 -0700
-@@ -345,41 +345,67 @@
- BYTE *buffer;
- TSS_RESULT result;
-
-- struct sockaddr_in addr;
-- struct hostent *hEnt = NULL;
-+ if (get_port() == 0) { /* use UNIX Domain socket */
-+ struct sockaddr_un addr;
+# Add ability to connect to UNIX socket and make it the default.
+# Patch suitable for upstream use.
+# This change was implemented in-house.
+#
+--- src/tspi/rpc/tcstp/rpc.c 2014-04-24 11:05:44.000000000 -0700
++++ src/tspi/rpc/tcstp/rpc.c 2016-04-22 15:08:53.058153900 -0700
+@@ -477,6 +477,37 @@
+ goto exit;
+ }
-- sd = socket(PF_INET, SOCK_STREAM, 0);
-- if (sd == -1) {
-- LogError("socket: %s", strerror(errno));
-- result = TSPERR(TSS_E_COMM_FAILURE);
-- goto err_exit;
-- }
--
-- memset(&addr, 0, sizeof(addr));
-- addr.sin_family = AF_INET;
-- addr.sin_port = htons(get_port());
-+ sd = socket(PF_UNIX, SOCK_STREAM, 0);
-+ if (sd == -1) {
++ if ((port_str == NULL) || (strlen(port_str) == 0) ||
++ (strcmp(port_str, "0") == 0)) { /* use UNIX socket (default) */
++ struct sockaddr_un sock_addr;
++
++ *sd = socket(PF_UNIX, SOCK_STREAM, 0);
++ if (*sd == -1) {
+ LogError("socket(PF_UNIX): %s", strerror(errno));
+ result = TSPERR(TSS_E_COMM_FAILURE);
-+ goto err_exit;
++ return (result);
+ }
-
-- LogDebug("Sending TSP packet to host %s.", hte->hostname);
-+ memset(&addr, 0, sizeof(addr));
-+ addr.sun_family = AF_UNIX;
-+ strncpy(addr.sun_path, TCSD_DEFAULT_SOCKET,
-+ sizeof(addr.sun_path));
++
++ memset(&sock_addr, 0, sizeof(sock_addr));
++ sock_addr.sun_family = AF_UNIX;
++ strncpy(sock_addr.sun_path, TCSD_DEFAULT_SOCKET,
++ sizeof(sock_addr.sun_path));
+
+ LogDebug("Connecting to UNIX Domain socket %s",
-+ TCSD_DEFAULT_SOCKET);
++ TCSD_DEFAULT_SOCKET);
+
-+ if (connect(sd, (struct sockaddr *) &addr, sizeof (addr))) {
++ if (connect(*sd, (struct sockaddr *) &sock_addr,
++ sizeof (sock_addr))) {
+ LogError("connect: %s", strerror(errno));
+ result = TSPERR(TSS_E_COMM_FAILURE);
-+ goto err_exit;
++ return (result);
+ }
-
-- /* try to resolve by hostname first */
-- hEnt = gethostbyname((char *)hte->hostname);
-- if (hEnt == NULL) {
-- /* if by hostname fails, try by dot notation */
-- if (inet_aton((char *)hte->hostname, &addr.sin_addr) == 0) {
-- LogError("hostname %s does not resolve to a valid address.", hte->hostname);
-- result = TSPERR(TSS_E_CONNECTION_FAILED);
-+ } else { /* use TCP socket */
-+ struct sockaddr_in addr;
-+ struct hostent *hEnt = NULL;
+
-+ sd = socket(PF_INET, SOCK_STREAM, 0);
-+ if (sd == -1) {
-+ LogError("socket: %s", strerror(errno));
-+ result = TSPERR(TSS_E_COMM_FAILURE);
- goto err_exit;
- }
-- } else {
-- memcpy(&addr.sin_addr, hEnt->h_addr_list[0], 4);
-- }
-
-- LogDebug("Connecting to %s", inet_ntoa(addr.sin_addr));
-+ memset(&addr, 0, sizeof(addr));
-+ addr.sin_family = AF_INET;
-+ addr.sin_port = htons(get_port());
++ return (TSS_SUCCESS);
++ }
+
-+ LogDebug("Sending TSP packet to host %s.", hte->hostname);
++ /* Use TCP/IP socket */
+
-+ /* try to resolve by hostname first */
-+ hEnt = gethostbyname((char *)hte->hostname);
-+ if (hEnt == NULL) {
-+ /* if by hostname fails, try by dot notation */
-+ if (inet_aton((char *)hte->hostname, &addr.sin_addr) == 0) {
-+ LogError("hostname %s does not resolve to a valid address.", hte->hostname);
-+ result = TSPERR(TSS_E_CONNECTION_FAILED);
-+ goto err_exit;
-+ }
-+ } else {
-+ memcpy(&addr.sin_addr, hEnt->h_addr_list[0], 4);
-+ }
-
-- if (connect(sd, (struct sockaddr *) &addr, sizeof (addr))) {
-- LogError("connect: %s", strerror(errno));
-- result = TSPERR(TSS_E_COMM_FAILURE);
-- goto err_exit;
-+ LogDebug("Connecting to %s", inet_ntoa(addr.sin_addr));
-+
-+ if (connect(sd, (struct sockaddr *) &addr, sizeof (addr))) {
-+ LogError("connect: %s", strerror(errno));
-+ result = TSPERR(TSS_E_COMM_FAILURE);
-+ goto err_exit;
-+ }
- }
-
- if (send_to_socket(sd, hte->comm.buf, hte->comm.hdr.packet_size) < 0) {
+ LogDebug("Retrieving address information from host: %s", (char *)hte->hostname);
+ rv = getaddrinfo((char *)hte->hostname, port_str,
+ &hints, &res);
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/trousers/patches/tspi_tsp_tcsi_param.c.patch Fri May 06 17:59:12 2016 -0700
@@ -0,0 +1,22 @@
+# Fix an error from using a non-standard Linux header file.
+# This patch was developed in-house and is suitable for upstream use.
+#
+--- src/tspi/tsp_tcsi_param.c 2014-04-24 11:05:44.000000000 -0700
++++ src/tspi/tsp_tcsi_param.c 2016-04-19 08:32:30.267384276 -0700
+@@ -11,7 +11,16 @@
+ #include <stdlib.h>
+ #include <string.h>
+ #include <stdio.h>
++
++#if defined (__linux) || defined (linux) || defined (__GLIBC__)
+ #include <bits/local_lim.h>
++#elif defined (SOLARIS)
++#include <limits.h>
++#define HOST_NAME_MAX _POSIX_HOST_NAME_MAX
++#else
++#error "Define HOST_NAME_MAX on your system"
++#endif
++
+ #include "trousers/tss.h"
+ #include "trousers/trousers.h"
+ #include "trousers_types.h"
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/trousers/patches/tspi_tspi_context.c.patch Fri May 06 17:59:12 2016 -0700
@@ -0,0 +1,24 @@
+# Fix memory leak.
+# Suitable for upsteam use.
+# This change was implemented in-house.
+#
+--- src/tspi/tspi_context.c 2011-02-21 08:24:44.000000000 -0800
++++ src/tspi/tspi_context.c 2012-04-23 14:53:44.302505000 -0700
+@@ -16,7 +16,7 @@
+ #include "trousers/tss.h"
+ #include "trousers/trousers.h"
+ #include "trousers_types.h"
+-#include "trousers_types.h"
++#include "tsp_delegate.h"
+ #include "spi_utils.h"
+ #include "capabilities.h"
+ #include "tsplog.h"
+@@ -57,6 +57,8 @@
+
+ Tspi_Context_FreeMemory(tspContext, NULL);
+
++ __tspi_freeTable(tspContext);
++
+ /* close the ps file */
+ PS_close();
+
--- a/components/trousers/tcsd.sh Fri May 06 13:33:40 2016 -0700
+++ b/components/trousers/tcsd.sh Fri May 06 17:59:12 2016 -0700
@@ -19,7 +19,9 @@
#
# CDDL HEADER END
#
-# Copyright (c) 2008, 2013, Oracle and/or its affiliates. All rights reserved.
+
+#
+# Copyright (c) 2008, 2016, Oracle and/or its affiliates. All rights reserved.
#
. /lib/svc/share/smf_include.sh
@@ -40,7 +42,7 @@
fi
echo /usr/lib/tcsd
- /usr/lib/tcsd >/dev/null 2>&1 &
+ /usr/lib/tcsd &
;;
# Attribute exec=':kill' in manifest tcsd.xml stops the tcsd daemon.
--- a/components/trousers/tcsd.xml Fri May 06 13:33:40 2016 -0700
+++ b/components/trousers/tcsd.xml Fri May 06 17:59:12 2016 -0700
@@ -21,7 +21,7 @@
CDDL HEADER END
- Copyright (c) 2008, 2013, Oracle and/or its affiliates. All rights reserved.
+ Copyright (c) 2008, 2016, Oracle and/or its affiliates. All rights reserved.
NOTE: This service manifest is not editable; its contents will
be overwritten by package or patch operations, including
@@ -60,7 +60,7 @@
<exec_method
type='method'
name='start'
- exec='/lib/svc/method/tcsd.sh start'
+ exec='/lib/svc/method/tcsd start'
timeout_seconds='60'>
<method_context>
<method_credential user='root' group='sys' />
--- a/components/trousers/trousers.license Fri May 06 13:33:40 2016 -0700
+++ b/components/trousers/trousers.license Fri May 06 17:59:12 2016 -0700
@@ -1,88 +1,15 @@
-License: CPL
-
-THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF THIS COMMON PUBLIC LICENSE ("AGREEMENT"). ANY USE, REPRODUCTION OR DISTRIBUTION OF THE PROGRAM CONSTITUTES RECIPIENT'S ACCEPTANCE OF THIS AGREEMENT.
-
-1. DEFINITIONS
-
-"Contribution" means:
-
- a) in the case of the initial Contributor, the initial code and documentation distributed under this Agreement, and
-
- b) in the case of each subsequent Contributor:
-
- i) changes to the Program, and
-
- ii) additions to the Program;
-
- where such changes and/or additions to the Program originate from and are distributed by that particular Contributor. A Contribution 'originates' from a Contributor if it was added to the Program by such Contributor itself or anyone acting on such Contributor's behalf. Contributions do not include additions to the Program which: (i) are separate modules of software distributed in conjunction with the Program under their own license agreement, and (ii) are not derivative works of the Program.
-
-"Contributor" means any person or entity that distributes the Program.
-
-"Licensed Patents " mean patent claims licensable by a Contributor which are necessarily infringed by the use or sale of its Contribution alone or when combined with the Program.
+Copyright (c) 2013, TrouSerS Project
+All rights reserved.
-"Program" means the Contributions distributed in accordance with this Agreement.
-
-"Recipient" means anyone who receives the Program under this Agreement, including all Contributors.
-
-2. GRANT OF RIGHTS
-
- a) Subject to the terms of this Agreement, each Contributor hereby grants Recipient a non-exclusive, worldwide, royalty-free copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, distribute and sublicense the Contribution of such Contributor, if any, and such derivative works, in source code and object code form.
-
- b) Subject to the terms of this Agreement, each Contributor hereby grants Recipient a non-exclusive, worldwide, royalty-free patent license under Licensed Patents to make, use, sell, offer to sell, import and otherwise transfer the Contribution of such Contributor, if any, in source code and object code form. This patent license shall apply to the combination of the Contribution and the Program if, at the time the Contribution is added by the Contributor, such addition of the Contribution causes such combination to be covered by the Licensed Patents. The patent license shall not apply to any other combinations which include the Contribution. No hardware per se is licensed hereunder.
-
- c) Recipient understands that although each Contributor grants the licenses to its Contributions set forth herein, no assurances are provided by any Contributor that the Program does not infringe the patent or other intellectual property rights of any other entity. Each Contributor disclaims any liability to Recipient for claims brought by any other entity based on infringement of intellectual property rights or otherwise. As a condition to exercising the rights and licenses granted hereunder, each Recipient hereby assumes sole responsibility to secure any other intellectual property rights needed, if any. For example, if a third party patent license is required to allow Recipient to distribute the Program, it is Recipient's responsibility to acquire that license before distributing the Program.
-
- d) Each Contributor represents that to its knowledge it has sufficient copyright rights in its Contribution, if any, to grant the copyright license set forth in this Agreement.
-
-3. REQUIREMENTS
-
-A Contributor may choose to distribute the Program in object code form under its own license agreement, provided that:
-
- a) it complies with the terms and conditions of this Agreement; and
-
- b) its license agreement:
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
- i) effectively disclaims on behalf of all Contributors all warranties and conditions, express and implied, including warranties or conditions of title and non-infringement, and implied warranties or conditions of merchantability and fitness for a particular purpose;
-
- ii) effectively excludes on behalf of all Contributors all liability for damages, including direct, indirect, special, incidental and consequential damages, such as lost profits;
-
- iii) states that any provisions which differ from this Agreement are offered by that Contributor alone and not by any other party; and
-
- iv) states that source code for the Program is available from such Contributor, and informs licensees how to obtain it in a reasonable manner on or through a medium customarily used for software exchange.
-
-When the Program is made available in source code form:
-
- a) it must be made available under this Agreement; and
-
- b) a copy of this Agreement must be included with each copy of the Program.
-
-Contributors may not remove or alter any copyright notices contained within the Program.
-
-Each Contributor must identify itself as the originator of its Contribution, if any, in a manner that reasonably allows subsequent Recipients to identify the originator of the Contribution.
-
-4. COMMERCIAL DISTRIBUTION
-
-Commercial distributors of software may accept certain responsibilities with respect to end users, business partners and the like. While this license is intended to facilitate the commercial use of the Program, the Contributor who includes the Program in a commercial product offering should do so in a manner which does not create potential liability for other Contributors. Therefore, if a Contributor includes the Program in a commercial product offering, such Contributor ("Commercial Contributor") hereby agrees to defend and indemnify every other Contributor ("Indemnified Contributor") against any losses, damages and costs (collectively "Losses") arising from claims, lawsuits and other legal actions brought by a third party against the Indemnified Contributor to the extent caused by the acts or omissions of such Commercial Contributor in connection with its distribution of the Program in a commercial product offering. The obligations in this section do not apply to any claims or Losses relating to any actual or alleged intellectual property infringement. In order to qualify, an Indemnified Contributor must: a) promptly notify the Commercial Contributor in writing of such claim, and b) allow the Commercial Contributor to control, and cooperate with the Commercial Contributor in, the defense and any related settlement negotiations. The Indemnified Contributor may participate in any such claim at its own expense.
+ Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+ Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+ Neither the name of the TrouSerS Project nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
-For example, a Contributor might include the Program in a commercial product offering, Product X. That Contributor is then a Commercial Contributor. If that Commercial Contributor then makes performance claims, or offers warranties related to Product X, those performance claims and warranties are such Commercial Contributor's responsibility alone. Under this section, the Commercial Contributor would have to defend claims against the other Contributors related to those performance claims and warranties, and if a court requires any other Contributor to pay any damages as a result, the Commercial Contributor must pay those damages.
-
-5. NO WARRANTY
-
-EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, THE PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OR CONDITIONS OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Each Recipient is solely responsible for determining the appropriateness of using and distributing the Program and assumes all risks associated with its exercise of rights under this Agreement, including but not limited to the risks and costs of program errors, compliance with applicable laws, damage to or loss of data, programs or equipment, and unavailability or interruption of operations.
-
-6. DISCLAIMER OF LIABILITY
-
-EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, NEITHER RECIPIENT NOR ANY CONTRIBUTORS SHALL HAVE ANY LIABILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION LOST PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OR DISTRIBUTION OF THE PROGRAM OR THE EXERCISE OF ANY RIGHTS GRANTED HEREUNDER, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
-
-7. GENERAL
-
-If any provision of this Agreement is invalid or unenforceable under applicable law, it shall not affect the validity or enforceability of the remainder of the terms of this Agreement, and without further action by the parties hereto, such provision shall be reformed to the minimum extent necessary to make such provision valid and enforceable.
-
-If Recipient institutes patent litigation against a Contributor with respect to a patent applicable to software (including a cross-claim or counterclaim in a lawsuit), then any patent licenses granted by that Contributor to such Recipient under this Agreement shall terminate as of the date such litigation is filed. In addition, if Recipient institutes patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Program itself (excluding combinations of the Program with other software or hardware) infringes such Recipient's patent(s), then such Recipient's rights granted under Section 2(b) shall terminate as of the date such litigation is filed.
-
-All Recipient's rights under this Agreement shall terminate if it fails to comply with any of the material terms or conditions of this Agreement and does not cure such failure in a reasonable period of time after becoming aware of such noncompliance. If all Recipient's rights under this Agreement terminate, Recipient agrees to cease use and distribution of the Program as soon as reasonably practicable. However, Recipient's obligations under this Agreement and any licenses granted by Recipient relating to the Program shall continue and survive.
-
-Everyone is permitted to copy and distribute copies of this Agreement, but in order to avoid inconsistency the Agreement is copyrighted and may only be modified in the following manner. The Agreement Steward reserves the right to publish new versions (including revisions) of this Agreement from time to time. No one other than the Agreement Steward has the right to modify this Agreement. IBM is the initial Agreement Steward. IBM may assign the responsibility to serve as the Agreement Steward to a suitable separate entity. Each new version of the Agreement will be given a distinguishing version number. The Program (including Contributions) may always be distributed subject to the version of the Agreement under which it was received. In addition, after a new version of the Agreement is published, Contributor may elect to distribute the Program (including its Contributions) under the new version. Except as expressly stated in Sections 2(a) and 2(b) above, Recipient receives no rights or licenses to the intellectual property of any Contributor under this Agreement, whether expressly, by implication, estoppel or otherwise. All rights in the Program not expressly granted under this Agreement are reserved.
-
-This Agreement is governed by the laws of the State of New York and the intellectual property laws of the United States of America. No party to this Agreement will bring a legal action under this Agreement more than one year after the cause of action arose. Each party waives its rights to a jury trial in any resulting litigation.
-
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
--- a/components/trousers/trousers.p5m Fri May 06 13:33:40 2016 -0700
+++ b/components/trousers/trousers.p5m Fri May 06 17:59:12 2016 -0700
@@ -18,7 +18,9 @@
#
# CDDL HEADER END
#
-# Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
+
+#
+# Copyright (c) 2011, 2016, Oracle and/or its affiliates. All rights reserved.
#
<transform file path=usr.*/man/.+ -> default mangler.man.stability uncommitted>
@@ -39,7 +41,7 @@
file etc/tcsd.conf path=etc/security/tcsd.conf mode=0644 \
original_name=SUNWtss-root:etc/security/tcsd.conf preserve=true
file tcsd.xml path=lib/svc/manifest/application/security/tcsd.xml
-file tcsd.sh path=lib/svc/method/tcsd.sh mode=555
+file tcsd.sh path=lib/svc/method/tcsd mode=555
file path=usr/include/trousers/trousers.h
file path=usr/include/trousers/tss.h
file path=usr/include/tss/compat11b.h
@@ -65,13 +67,13 @@
file path=usr/include/tss/tss_error_basics.h
file path=usr/include/tss/tss_structs.h
file path=usr/include/tss/tss_typedef.h
-link path=usr/lib/$(MACH64)/libtspi.so target=libtspi.so.1.1.3
-link path=usr/lib/$(MACH64)/libtspi.so.1 target=libtspi.so.1.1.3
-file path=usr/lib/$(MACH64)/libtspi.so.1.1.3
+link path=usr/lib/$(MACH64)/libtspi.so target=libtspi.so.1.2.0
+link path=usr/lib/$(MACH64)/libtspi.so.1 target=libtspi.so.1.2.0
+file path=usr/lib/$(MACH64)/libtspi.so.1.2.0
file path=usr/lib/$(MACH64)/llib-ltspi.ln
-link path=usr/lib/libtspi.so target=libtspi.so.1.1.3
-link path=usr/lib/libtspi.so.1 target=libtspi.so.1.1.3
-file path=usr/lib/libtspi.so.1.1.3
+link path=usr/lib/libtspi.so target=libtspi.so.1.2.0
+link path=usr/lib/libtspi.so.1 target=libtspi.so.1.2.0
+file path=usr/lib/libtspi.so.1.2.0
file path=usr/lib/llib-ltspi
file path=usr/lib/llib-ltspi.ln
file path=usr/lib/tcsd owner=root mode=555
@@ -94,12 +96,6 @@
file path=usr/share/man/man3/Tspi_Context_LoadKeyByUUID.3
file path=usr/share/man/man3/Tspi_Context_RegisterKey.3
file path=usr/share/man/man3/Tspi_Context_UnregisterKey.3
-file path=usr/share/man/man3/Tspi_DAA_IssueCredential.3
-file path=usr/share/man/man3/Tspi_DAA_IssueInit.3
-file path=usr/share/man/man3/Tspi_DAA_IssueSetup.3
-file path=usr/share/man/man3/Tspi_DAA_IssuerKeyVerification.3
-file path=usr/share/man/man3/Tspi_DAA_VerifyInit.3
-file path=usr/share/man/man3/Tspi_DAA_VerifySignature.3
file path=usr/share/man/man3/Tspi_Data_Bind.3
file path=usr/share/man/man3/Tspi_Data_Seal.3
file path=usr/share/man/man3/Tspi_Data_Unbind.3
@@ -138,10 +134,6 @@
file path=usr/share/man/man3/Tspi_TPM_CollateIdentityRequest.3
file path=usr/share/man/man3/Tspi_TPM_CreateEndorsementKey.3
file path=usr/share/man/man3/Tspi_TPM_CreateMaintenanceArchive.3
-file path=usr/share/man/man3/Tspi_TPM_DAA_JoinCreateDaaPubKey.3
-file path=usr/share/man/man3/Tspi_TPM_DAA_JoinInit.3
-file path=usr/share/man/man3/Tspi_TPM_DAA_JoinStoreCredential.3
-file path=usr/share/man/man3/Tspi_TPM_DAA_Sign.3
file path=usr/share/man/man3/Tspi_TPM_DirRead.3
file path=usr/share/man/man3/Tspi_TPM_DirWrite.3
file path=usr/share/man/man3/Tspi_TPM_GetAuditDigest.3
@@ -173,7 +165,7 @@
file dist/system.data.noauth path=var/tpm/system/system.data.noauth owner=root \
group=sys mode=0400
dir path=var/tpm/userps owner=root group=sys mode=1777
-license trousers.license license=CPL
+license trousers.license license=BSD-like
#
# libtspi needs to convert between codesets 646 and UTF-16LE, which are covered
# by package iconv-core. This is for function Trspi_Native_To_UNICODE() which