Index: branches/2020Q3/security/trousers/Makefile
===================================================================
--- branches/2020Q3/security/trousers/Makefile	(revision 545285)
+++ branches/2020Q3/security/trousers/Makefile	(revision 545286)
@@ -1,50 +1,50 @@
 # Created by: Sebastian Schuetz <sschuetz@fhm.edu>
 # $FreeBSD$
 
 PORTNAME=	trousers
 PORTVERSION=	0.3.14
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	security
 MASTER_SITES=	SF
 
 MAINTAINER=	hrs@FreeBSD.org
 COMMENT=	Open-source TCG Software Stack
 
 LICENSE=	BSD3CLAUSE
 LICENSE_FILE=	${WRKSRC}/LICENSE
 
 BUILD_DEPENDS=	tpm-emulator>=0.7.4_1:emulators/tpm-emulator
 RUN_DEPENDS:=	${BUILD_DEPENDS}
 
 USES=		dos2unix alias autoreconf gmake iconv libtool pkgconfig ssl
 DOS2UNIX_GLOB=	*.h *.c
 NO_WRKSUBDIR=	yes
 USE_LDCONFIG=	YES
 USE_RC_SUBR=	tcsd
 INSTALL_TARGET=	install-strip
 GNU_CONFIGURE=	YES
 CONFIGURE_ARGS=	--with-gui=none --enable-static \
 		--localstatedir=${PREFIX}/var \
 		--with-tssuser=${USERS} \
 		--with-tssgroup=${GROUPS} \
 		--with-openssl=${OPENSSLBASE} \
 		RANLIB=:
 MAKE_ENV=	ICONV_LIB=${ICONV_LIB} \
 		ICONV_PREFIX=${ICONV_PREFIX}
 CFLAGS+=	-I${OPENSSLINC}
 LDFLAGS+=	-L${OPENSSLLIB}
 SUB_FILES=	pkg-message
 SUB_LIST=	USERS="${USERS}" GROUPS="${GROUPS}"
 PLIST_SUB=	USERS="${USERS}" GROUPS="${GROUPS}"
 USERS=		_tss
 GROUPS=		_tss
 
 OPTIONS_DEFINE=	DEBUG
 DEBUG_CONFIGURE_ENABLE=	debug
 
 post-install:
 	${INSTALL_DATA} \
 	    ${WRKSRC}/dist/tcsd.conf ${STAGEDIR}${PREFIX}/etc/tcsd.conf.sample
 	@${MKDIR} ${STAGEDIR}${PREFIX}/var/lib/tpm
 
 .include <bsd.port.mk>
Index: branches/2020Q3/security/trousers/files/patch-0a14b979.c
===================================================================
--- branches/2020Q3/security/trousers/files/patch-0a14b979.c	(nonexistent)
+++ branches/2020Q3/security/trousers/files/patch-0a14b979.c	(revision 545286)
@@ -0,0 +1,25 @@
+commit 0a14b979064052d3263054488602fba3bf97883b
+Author: Jerry Snitselaar <jsnitsel@redhat.com>
+Date:   Wed Jan 16 14:00:43 2019 -0700
+
+    trousers: clean up use after free in Transport_TerminateHandle
+    
+    Clean up possible use after free. The value of the handles pointer
+    may change, but if it doesn't then free is being called twice on
+    the same address.
+    
+    Signed-off-by: Jerry Snitselaar <jsnitsel@redhat.com>
+    Signed-off-by: Debora Velarde Babb <debora@linux.ibm.com>
+
+diff --git src/tcs/tcs_evlog_imaem.c src/tcs/tcs_evlog_imaem.c
+index d158330..33af283 100644
+--- src/tcs/tcs_evlog_imaem.c
++++ src/tcs/tcs_evlog_imaem.c
+@@ -259,6 +259,7 @@ ima_get_entry(FILE *handle, UINT32 pcr_index, UINT32 *num, TSS_PCR_EVENT **ppEve
+ 				if (event->rgbPcrValue == NULL) {
+ 					LogError("malloc of %d bytes failed.", 20);
+ 					free(event);
++					event = NULL;
+ 					result = TCSERR(TSS_E_OUTOFMEMORY);
+ 					goto done;
+ 				}

Property changes on: branches/2020Q3/security/trousers/files/patch-0a14b979.c
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: branches/2020Q3/security/trousers/files/patch-10b33821.c
===================================================================
--- branches/2020Q3/security/trousers/files/patch-10b33821.c	(nonexistent)
+++ branches/2020Q3/security/trousers/files/patch-10b33821.c	(revision 545286)
@@ -0,0 +1,41 @@
+commit 10b33821cfd79375cfdbe05123b2f7f6329eac3e
+Author: Jerry Snitselaar <jsnitsel@redhat.com>
+Date:   Wed Jan 16 14:00:43 2019 -0700
+
+    trousers: clean up use after free in Transport_TerminateHandle
+    
+    Clean up possible use after free. The value of the handles pointer
+    may change, but if it doesn't then free is being called twice on
+    the same address.
+    
+    Signed-off-by: Jerry Snitselaar <jsnitsel@redhat.com>
+
+diff --git src/tspi/tsp_auth.c src/tspi/tsp_auth.c
+index d538079..5a97e6e 100755
+--- src/tspi/tsp_auth.c
++++ src/tspi/tsp_auth.c
+@@ -1221,17 +1221,17 @@ Transport_TerminateHandle(TSS_HCONTEXT tspContext, /* in */
+ 	}
+ 
+ 	*handles = handle;
+-    handles_track = handles;
++	handles_track = handles;
+ 
+-    // Since the call tree of this function can possibly alloc memory 
+-    // (check RPC_ExecuteTransport_TP function), its better to keep track of
+-    // the handle.
++	// Since the call tree of this function can possibly alloc memory
++	// (check RPC_ExecuteTransport_TP function), its better to keep track of
++	// the handle.
+ 	result = obj_context_transport_execute(tspContext, TPM_ORD_Terminate_Handle, 0, NULL,
+ 					       NULL, &handlesLen, &handles, NULL, NULL, NULL, NULL);
+ 
+-	free(handles);
+-    handles = NULL;
+-    free(handles_track);
++	if (handles != handles_track)
++		free(handles);
++	free(handles_track);
+ 
+ 	return result;
+ }

Property changes on: branches/2020Q3/security/trousers/files/patch-10b33821.c
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: branches/2020Q3/security/trousers/files/patch-c9b8c443.c
===================================================================
--- branches/2020Q3/security/trousers/files/patch-c9b8c443.c	(nonexistent)
+++ branches/2020Q3/security/trousers/files/patch-c9b8c443.c	(revision 545286)
@@ -0,0 +1,33 @@
+commit c9b8c4434f3b11bae4f7e72c3aec5b4f3459eecc
+Author: Jerry Snitselaar <jsnitsel@redhat.com>
+Date:   Wed Mar 18 14:10:35 2020 -0700
+
+    trousers: resolve build failure
+    
+    The global variables tcsd_sa_chld and tcsd_sa_int in tcsd.h are
+    causing build failures in latest Fedora release:
+    
+    /usr/bin/ld: ../../src/tcs/libtcs.a(libtcs_a-tcsi_changeauth.o):/builddir/build/BUILD/trousers-0.3.13/src/tcs/../include/tcsd.h:169: multiple definition of `tcsd_sa_chld'; tcsd-svrside.o:/builddir/build/BUILD/trousers-0.3.13/src/tcsd/../../src/include/tcsd.h:169: first defined here
+    /usr/bin/ld: ../../src/tcs/libtcs.a(libtcs_a-tcsi_changeauth.o):/builddir/build/BUILD/trousers-0.3.13/src/tcs/../include/tcsd.h:168: multiple definition of `tcsd_sa_int'; tcsd-svrside.o:/builddir/build/BUILD/trousers-0.3.13/src/tcsd/../../src/include/tcsd.h:168: first defined here
+    
+    They are no longer used since 9b40e581470b ("Improved daemon's signal
+    handling") so just remove them.
+    
+    Signed-off-by: Jerry Snitselaar <jsnitsel@redhat.com>
+    Signed-off-by: Debora Velarde Babb <debora@linux.ibm.com>
+
+diff --git src/include/tcsd.h src/include/tcsd.h
+index 5b9462b..f5c286e 100644
+--- src/include/tcsd.h
++++ src/include/tcsd.h
+@@ -164,10 +164,4 @@ TSS_RESULT tcsd_thread_create(int, char *);
+ void	   *tcsd_thread_run(void *);
+ void	   thread_signal_init();
+ 
+-/* signal handling */
+-#ifndef __APPLE__
+-struct sigaction tcsd_sa_int;
+-struct sigaction tcsd_sa_chld;
+-#endif
+-
+ #endif

Property changes on: branches/2020Q3/security/trousers/files/patch-c9b8c443.c
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: branches/2020Q3/security/trousers/files/patch-e74dd1d9.c
===================================================================
--- branches/2020Q3/security/trousers/files/patch-e74dd1d9.c	(nonexistent)
+++ branches/2020Q3/security/trousers/files/patch-e74dd1d9.c	(revision 545286)
@@ -0,0 +1,82 @@
+commit e74dd1d96753b0538192143adf58d04fcd3b242b
+Author: Matthias Gerstner <mgerstner@suse.de>
+Date:   Fri Aug 14 22:14:36 2020 -0700
+
+    Correct multiple security issues that are present if the tcsd
+    is started by root instead of the tss user.
+    
+    Patch fixes the following 3 CVEs:
+    
+    CVE-2020-24332
+    If the tcsd daemon is started with root privileges,
+    the creation of the system.data file is prone to symlink attacks
+    
+    CVE-2020-24330
+    If the tcsd daemon is started with root privileges,
+    it fails to drop the root gid after it is no longer needed
+    
+    CVE-2020-24331
+    If the tcsd daemon is started with root privileges,
+    the tss user has read and write access to the /etc/tcsd.conf file
+    
+    Authored-by: Matthias Gerstner <mgerstner@suse.de>
+    Signed-off-by: Debora Velarde Babb <debora@linux.ibm.com>
+
+diff --git src/tcs/ps/tcsps.c src/tcs/ps/tcsps.c
+index e47154b..85d45a9 100644
+--- src/tcs/ps/tcsps.c
++++ src/tcs/ps/tcsps.c
+@@ -72,7 +72,7 @@ get_file()
+ 	}
+ 
+ 	/* open and lock the file */
+-	system_ps_fd = open(tcsd_options.system_ps_file, O_CREAT|O_RDWR, 0600);
++	system_ps_fd = open(tcsd_options.system_ps_file, O_CREAT|O_RDWR|O_NOFOLLOW, 0600);
+ 	if (system_ps_fd < 0) {
+ 		LogError("system PS: open() of %s failed: %s",
+ 				tcsd_options.system_ps_file, strerror(errno));
+diff --git src/tcsd/svrside.c src/tcsd/svrside.c
+index 1ae1636..1c12ff3 100644
+--- src/tcsd/svrside.c
++++ src/tcsd/svrside.c
+@@ -473,6 +473,7 @@ main(int argc, char **argv)
+ 		}
+ 		return TCSERR(TSS_E_INTERNAL_ERROR);
+ 	}
++	setgid(pwd->pw_gid);
+ 	setuid(pwd->pw_uid);
+ #endif
+ #endif
+diff --git src/tcsd/tcsd_conf.c src/tcsd/tcsd_conf.c
+index a31503d..ea8ea13 100644
+--- src/tcsd/tcsd_conf.c
++++ src/tcsd/tcsd_conf.c
+@@ -743,7 +743,7 @@ conf_file_init(struct tcsd_config *conf)
+ #ifndef SOLARIS
+ 	struct group *grp;
+ 	struct passwd *pw;
+-	mode_t mode = (S_IRUSR|S_IWUSR);
++	mode_t mode = (S_IRUSR|S_IWUSR|S_IRGRP);
+ #endif /* SOLARIS */
+ 	TSS_RESULT result;
+ 
+@@ -798,15 +798,15 @@ conf_file_init(struct tcsd_config *conf)
+ 	}
+ 
+ 	/* make sure user/group TSS owns the conf file */
+-	if (pw->pw_uid != stat_buf.st_uid || grp->gr_gid != stat_buf.st_gid) {
++	if (stat_buf.st_uid != 0 || grp->gr_gid != stat_buf.st_gid) {
+ 		LogError("TCSD config file (%s) must be user/group %s/%s", tcsd_config_file,
+-				TSS_USER_NAME, TSS_GROUP_NAME);
++				"root", TSS_GROUP_NAME);
+ 		return TCSERR(TSS_E_INTERNAL_ERROR);
+ 	}
+ 
+-	/* make sure only the tss user can manipulate the config file */
++	/* make sure only the tss user can read (but not manipulate) the config file */
+ 	if (((stat_buf.st_mode & 0777) ^ mode) != 0) {
+-		LogError("TCSD config file (%s) must be mode 0600", tcsd_config_file);
++		LogError("TCSD config file (%s) must be mode 0640", tcsd_config_file);
+ 		return TCSERR(TSS_E_INTERNAL_ERROR);
+ 	}
+ #endif /* SOLARIS */

Property changes on: branches/2020Q3/security/trousers/files/patch-e74dd1d9.c
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: branches/2020Q3/security/trousers/files/patch-src_tcsd_svrside.c
===================================================================
--- branches/2020Q3/security/trousers/files/patch-src_tcsd_svrside.c	(revision 545285)
+++ branches/2020Q3/security/trousers/files/patch-src_tcsd_svrside.c	(revision 545286)
@@ -1,63 +1,62 @@
---- src/tcsd/svrside.c.orig	2016-11-19 03:09:49 UTC
+--- src/tcsd/svrside.c.orig	2014-12-20 02:37:46 UTC
 +++ src/tcsd/svrside.c
-@@ -92,12 +92,19 @@ tcsd_signal_term(int signal)
+@@ -92,20 +92,36 @@ tcsd_signal_term(int signal)
  	term = 1;
  }
  
 -void
 +static void
  tcsd_signal_hup(int signal)
  {
  	hup = 1;
  }
  
 +static void
 +tcsd_signal_chld(int signal)
 +{
 +
 +	wait3(NULL, WNOHANG, NULL);
 +}
 +
  static TSS_RESULT
  signals_init(void)
  {
-@@ -106,6 +113,14 @@ signals_init(void)
+ 	int rc;
+ 	sigset_t sigmask;
  	struct sigaction sa;
++	struct sigaction tcsd_sa_chld;
  
  	sigemptyset(&sigmask);
 +	if ((rc = sigaddset(&sigmask, SIGCHLD))) {
 +		LogError("sigaddset: %s", strerror(errno));
 +		return TCSERR(TSS_E_INTERNAL_ERROR);
 +	}
 +	if ((rc = sigaddset(&sigmask, SIGINT))) {
 +		LogError("sigaddset: %s", strerror(errno));
 +		return TCSERR(TSS_E_INTERNAL_ERROR);
 +	}
  	if ((rc = sigaddset(&sigmask, SIGTERM))) {
  		LogError("sigaddset: %s", strerror(errno));
  		return TCSERR(TSS_E_INTERNAL_ERROR);
-@@ -128,12 +143,24 @@ signals_init(void)
+@@ -128,9 +144,21 @@ signals_init(void)
  		return TCSERR(TSS_E_INTERNAL_ERROR);
  	}
  
 +	if ((rc = sigaction(SIGINT, &sa, NULL))) {
 +		LogError("signal SIGINT not registered: %s", strerror(errno));
 +		return TCSERR(TSS_E_INTERNAL_ERROR);
 +	}
 +
  	sa.sa_handler = tcsd_signal_hup;	
  	if ((rc = sigaction(SIGHUP, &sa, NULL))) {
  		LogError("signal SIGHUP not registered: %s", strerror(errno));
- 		return TCSERR(TSS_E_INTERNAL_ERROR);
- 	}
- 
-+	sa.sa_flags = SA_RESTART;
-+	sa.sa_handler = tcsd_signal_chld;
-+	if ((rc = sigaction(SIGCHLD, &tcsd_sa_chld, NULL))) {
-+		LogError("signal SIGCHLD not registered: %s", strerror(errno));
 +		return TCSERR(TSS_E_INTERNAL_ERROR);
 +	}
 +
- 	return TSS_SUCCESS;
- }
++	tcsd_sa_chld.sa_flags = SA_RESTART;
++	tcsd_sa_chld.sa_handler = tcsd_signal_chld;
++	if ((rc = sigaction(SIGCHLD, &tcsd_sa_chld, NULL))) {
++		LogError("signal SIGCHLD not registered: %s", strerror(errno));
+ 		return TCSERR(TSS_E_INTERNAL_ERROR);
+ 	}
  
Index: branches/2020Q3
===================================================================
--- branches/2020Q3	(revision 545285)
+++ branches/2020Q3	(revision 545286)

Property changes on: branches/2020Q3
___________________________________________________________________
Modified: svn:mergeinfo
## -0,0 +0,1 ##
   Merged /head:r545264