| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| for-upstream/2018-08-11.use-asciidoctor-to-build-manpages.patch | Use asciidoctor to build the manpages | Christoph Biedl <debian.axhn@manchmal.in-ulm.de> | yes | upstream | 2018-08-11 | |
| for-upstream/2018-08-12.add-systemd-documentation-key.patch | Add documentation key to system unit file | Christoph Biedl <debian.axhn@manchmal.in-ulm.de> | yes | upstream | 2018-08-12 | |
| for-upstream/2021-09-30.run-as-tang-user.patch | Run tang as the _tang system user | Christoph Biedl <debian.axhn@manchmal.in-ulm.de> | yes | 2021-09-30 | ||
| debian/2021-04-19.non-usrmerged.patch | Install systemd unit files in /lib/ | Christoph Biedl <debian.axhn@manchmal.in-ulm.de> | not-needed | 2021-04-19 | ||
| debian/2021-09-30.use-var-lib.patch | Store the tang db in /var/lib/tang | Christoph Biedl <debian.axhn@manchmal.in-ulm.de> | not-needed | 2021-09-30 | ||
| debian/2021-09-30.xinetd-support.patch | Adjust upstream's xinetd support * Use a db path in /var/lib/ * Run as the _tang system user * Use ts(1) to prefix log messages with a timestamp |
Christoph Biedl <debian.axhn@manchmal.in-ulm.de> | not-needed | 2021-09-30 | ||
| bookworm/1686750800.v13-3-g8dbbed1.fix-race-condition-when-creating-rotating-keys-123.patch | Fix race condition when creating/rotating keys (#123) When we create/rotate keys using either the tangd-keygen and tangd-rotate-keys helpers, there is a small window between the keys being created and then the proper ownership permissions being set. This also happens when there are no keys and tang creates a pair of keys itself. In certain situations, such as the keys directory having wide open permissions, a user with local access could exploit this race condition and read the keys before they are set to more restrictive permissions. To prevent this issue, we now set the default umask to 0337 before creating the files, so that they are already created with restrictive permissions; afterwards, we set the proper ownership as usual. Issue reported by Brian McDermott of CENSUS labs. Fixes CVE-2023-1672 Reviewed-by: Sergio Arroutbi <sarroutb@redhat.com> Signed-off-by: Sergio Correia <scorreia@redhat.com> |
no | v13-3-g8dbbed1 <https://github.com/latchset/tang/commit/v13-3-g8dbbed1> | 2023-06-14 |