Accepting request 912783 from security
Automatic submission by obs-autosubmit OBS-URL: https://build.opensuse.org/request/show/912783 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/swtpm?expand=0&rev=6
This commit is contained in:
commit
3a4505e5ba
3
swtpm-0.6.0.tar.gz
Normal file
3
swtpm-0.6.0.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:d05098d6879a44f02cb0225290f2edeea083ea9a322f5acf98c7a6ddb5f46d29
|
||||
size 326049
|
@ -1,114 +0,0 @@
|
||||
From 0b0041bda9df8bf704d7aff8c32da0d18cd9eb28 Mon Sep 17 00:00:00 2001
|
||||
From: Jonas Witschel <diabonas@archlinux.org>
|
||||
Date: Wed, 19 May 2021 10:30:41 +0200
|
||||
Subject: [PATCH] swtpm_cert: rename deprecated libtasn1 types
|
||||
|
||||
These types have been renamed in libtasn1 version 3.0 (released 2012-10-28).
|
||||
The most recent libtasn1 version 4.17.0 (released 2021-05-13) now prints
|
||||
deprecation warnings that are made fatal by -Werror:
|
||||
|
||||
ek-cert.c:76:13: error: 'ASN1_ARRAY_TYPE' macro is deprecated, use 'asn1_static_node' instead. [-Werror]
|
||||
76 | extern const ASN1_ARRAY_TYPE tpm_asn1_tab[];
|
||||
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
[...]
|
||||
|
||||
The new types were introduced almost ten years ago, so they should be pretty
|
||||
universally available by now.
|
||||
|
||||
Signed-off-by: Jonas Witschel <diabonas@archlinux.org>
|
||||
---
|
||||
src/swtpm_cert/ek-cert.c | 24 ++++++++++++------------
|
||||
1 file changed, 12 insertions(+), 12 deletions(-)
|
||||
|
||||
diff --git a/src/swtpm_cert/ek-cert.c b/src/swtpm_cert/ek-cert.c
|
||||
index c991559c..c8074614 100644
|
||||
--- a/src/swtpm_cert/ek-cert.c
|
||||
+++ b/src/swtpm_cert/ek-cert.c
|
||||
@@ -73,9 +73,9 @@ enum cert_type_t {
|
||||
#define ALLOW_SIGNING_F 2 /* EK can be used for signing */
|
||||
#define DECRYPTION_F 4 /* EK can be used for decryption; default */
|
||||
|
||||
-extern const ASN1_ARRAY_TYPE tpm_asn1_tab[];
|
||||
+extern const asn1_static_node tpm_asn1_tab[];
|
||||
|
||||
-ASN1_TYPE _tpm_asn;
|
||||
+asn1_node _tpm_asn;
|
||||
|
||||
typedef struct tdTCG_PCCLIENT_STORED_CERT {
|
||||
uint16_t tag;
|
||||
@@ -333,7 +333,7 @@ asn_free(void)
|
||||
}
|
||||
|
||||
static int
|
||||
-encode_asn1(gnutls_datum_t *asn1, ASN1_TYPE at)
|
||||
+encode_asn1(gnutls_datum_t *asn1, asn1_node at)
|
||||
{
|
||||
int err;
|
||||
|
||||
@@ -361,7 +361,7 @@ encode_asn1(gnutls_datum_t *asn1, ASN1_TYPE at)
|
||||
}
|
||||
|
||||
static int
|
||||
-build_tpm_manufacturer_info(ASN1_TYPE *at,
|
||||
+build_tpm_manufacturer_info(asn1_node *at,
|
||||
const char *manufacturer,
|
||||
const char *tpm_model,
|
||||
const char *tpm_version)
|
||||
@@ -443,7 +443,7 @@ create_tpm_manufacturer_info(const char *manufacturer,
|
||||
const char *tpm_version,
|
||||
gnutls_datum_t *asn1)
|
||||
{
|
||||
- ASN1_TYPE at = ASN1_TYPE_EMPTY;
|
||||
+ asn1_node at = NULL;
|
||||
int err;
|
||||
|
||||
err = asn_init();
|
||||
@@ -475,7 +475,7 @@ create_tpm_manufacturer_info(const char *manufacturer,
|
||||
}
|
||||
|
||||
static int
|
||||
-build_platf_manufacturer_info(ASN1_TYPE *at,
|
||||
+build_platf_manufacturer_info(asn1_node *at,
|
||||
const char *manufacturer,
|
||||
const char *platf_model,
|
||||
const char *platf_version,
|
||||
@@ -569,7 +569,7 @@ create_platf_manufacturer_info(const char *manufacturer,
|
||||
gnutls_datum_t *asn1,
|
||||
bool forTPM2)
|
||||
{
|
||||
- ASN1_TYPE at = ASN1_TYPE_EMPTY;
|
||||
+ asn1_node at = NULL;
|
||||
int err;
|
||||
|
||||
err = asn_init();
|
||||
@@ -612,9 +612,9 @@ create_tpm_and_platform_manuf_info(
|
||||
gnutls_datum_t *asn1,
|
||||
bool forTPM2)
|
||||
{
|
||||
- ASN1_TYPE at = ASN1_TYPE_EMPTY;
|
||||
- ASN1_TYPE tpm_at = ASN1_TYPE_EMPTY;
|
||||
- ASN1_TYPE platf_at = ASN1_TYPE_EMPTY;
|
||||
+ asn1_node at = NULL;
|
||||
+ asn1_node tpm_at = NULL;
|
||||
+ asn1_node platf_at = NULL;
|
||||
int err;
|
||||
gnutls_datum_t datum = {
|
||||
.data = NULL,
|
||||
@@ -725,7 +725,7 @@ create_tpm_specification_info(const char *spec_family,
|
||||
unsigned int spec_revision,
|
||||
gnutls_datum_t *asn1)
|
||||
{
|
||||
- ASN1_TYPE at = ASN1_TYPE_EMPTY;
|
||||
+ asn1_node at = NULL;
|
||||
int err;
|
||||
unsigned int bigendian;
|
||||
unsigned char twoscomp[1 + sizeof(bigendian)] = { 0, };
|
||||
@@ -797,7 +797,7 @@ create_tpm_specification_info(const char *spec_family,
|
||||
static int
|
||||
create_cert_extended_key_usage(const char *oid, gnutls_datum_t *asn1)
|
||||
{
|
||||
- ASN1_TYPE at = ASN1_TYPE_EMPTY;
|
||||
+ asn1_node at = NULL;
|
||||
int err;
|
||||
|
||||
err = asn_init();
|
2
swtpm-rpmlintrc
Normal file
2
swtpm-rpmlintrc
Normal file
@ -0,0 +1,2 @@
|
||||
# This is the correct location
|
||||
addFilter(r'arch-dependent-file-in-usr-share .* /usr/share/swtpm/swtpm-localca')
|
@ -1,3 +1,16 @@
|
||||
-------------------------------------------------------------------
|
||||
Sat Aug 7 15:02:40 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
|
||||
|
||||
- Update to version 0.6.0:
|
||||
- Addressed potential symlink attack issue (CVE-2020-28407)
|
||||
- Rewritten in 'C'; needs json-glib
|
||||
- Use timeouts for communicating with swtpm (Unix socket)
|
||||
- Fix --print-capabilities for 'swtpm chardev'
|
||||
- Various cleanups and fixes (coverity)
|
||||
- Enable selinux support
|
||||
- Removed swtpm-rename_deprecated_libtasn1_types.patch: upstream
|
||||
- Fix rpmlint errors
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu May 20 06:56:39 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
|
||||
|
||||
|
104
swtpm.spec
104
swtpm.spec
@ -18,16 +18,20 @@
|
||||
|
||||
# Scripts in this package are python3
|
||||
%define skip_python2 1
|
||||
|
||||
# SELinux
|
||||
%define selinuxtype targeted
|
||||
%define modulename1 swtpm
|
||||
%define modulename2 swtpm_svirt
|
||||
%define modulename3 swtpmcuse
|
||||
Name: swtpm
|
||||
Version: 0.5.2
|
||||
Version: 0.6.0
|
||||
Release: 0
|
||||
Summary: Software TPM emulator
|
||||
License: BSD-3-Clause
|
||||
Group: System/Base
|
||||
URL: https://github.com/stefanberger/swtpm
|
||||
Source: https://github.com/stefanberger/swtpm/archive/v%{version}.tar.gz
|
||||
Patch0: swtpm-rename_deprecated_libtasn1_types.patch
|
||||
Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
|
||||
Source100: swtpm-rpmlintrc
|
||||
BuildRequires: autoconf
|
||||
BuildRequires: automake
|
||||
BuildRequires: expect
|
||||
@ -41,13 +45,18 @@ BuildRequires: libseccomp-devel
|
||||
BuildRequires: libtasn1-devel
|
||||
BuildRequires: libtool
|
||||
BuildRequires: libtpms-devel
|
||||
BuildRequires: pkgconfig
|
||||
BuildRequires: python3-cryptography
|
||||
BuildRequires: selinux-policy-devel
|
||||
BuildRequires: selinux-policy-targeted
|
||||
BuildRequires: socat
|
||||
BuildRequires: pkgconfig(json-glib-1.0)
|
||||
BuildRequires: pkgconfig(systemd)
|
||||
Requires: iproute2
|
||||
Requires: python3-cryptography
|
||||
Requires: trousers
|
||||
Requires: user(tss)
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
Requires: (%{name}-selinux if selinux-policy-base)
|
||||
Requires(pre): user(tss)
|
||||
|
||||
%description
|
||||
The SWTPM package provides TPM emulators with different front-end interfaces
|
||||
@ -67,60 +76,79 @@ Requires: libtpms-devel
|
||||
%description devel
|
||||
The development files for SWTPM
|
||||
|
||||
%package selinux
|
||||
Summary: SELinux module for the Software TPM emulator
|
||||
Group: System/Management
|
||||
Requires: %{name} = %{version}
|
||||
BuildArch: noarch
|
||||
%{selinux_requires}
|
||||
|
||||
%description selinux
|
||||
This package provides the SELinux module for the Software TPM emulator.
|
||||
|
||||
%prep
|
||||
%setup -q -n %{name}-%{version}
|
||||
%patch0 -p1
|
||||
%autosetup
|
||||
|
||||
%build
|
||||
|
||||
# Fix rpmlint env-script-interpreter error
|
||||
sed -i -e "s|^#!/usr/bin/env |#!/usr/bin/|" \
|
||||
%_builddir/%buildsubdir/src/swtpm_setup/swtpm_setup.in \
|
||||
%_builddir/%buildsubdir/src/swtpm_setup/py_swtpm_setup/swtpm_setup.py \
|
||||
%_builddir/%buildsubdir/samples/swtpm-create-tpmca \
|
||||
%_builddir/%buildsubdir/samples/swtpm-create-user-config-files.in \
|
||||
%_builddir/%buildsubdir/samples/swtpm-localca.in \
|
||||
%_builddir/%buildsubdir/samples/py_swtpm_localca/swtpm_localca.py
|
||||
|
||||
./autogen.sh
|
||||
mkdir m4
|
||||
autoreconf -fiv
|
||||
# configure looks for semodule on PATH
|
||||
export PATH="$PATH:%{_sbindir}"
|
||||
%configure --with-openssl --disable-static \
|
||||
--with-tss-user=root --with-tss-group=tss
|
||||
make %{?_smp_mflags}
|
||||
--with-tss-user=root --with-tss-group=tss \
|
||||
--with-selinux
|
||||
%make_build
|
||||
|
||||
%install
|
||||
%make_install
|
||||
|
||||
find %{buildroot} -type f -name "*.la" -delete -print
|
||||
mkdir %{buildroot}%{_datadir}/selinux/packages/targeted
|
||||
mv %{buildroot}%{_datadir}/selinux/packages/*.pp %{buildroot}%{_datadir}/selinux/packages/targeted
|
||||
mkdir -p %{buildroot}%{_localstatedir}/lib/swtpm-localca
|
||||
sed -e 's|#!/usr/bin/env |#!/usr/bin/|g' -i %{buildroot}%{_datadir}/swtpm/swtpm-create-tpmca
|
||||
sed -e 's|#!/usr/bin/env |#!/usr/bin/|g' -i %{buildroot}%{_datadir}/swtpm/swtpm-create-user-config-files
|
||||
|
||||
%post -p /sbin/ldconfig
|
||||
%postun -p /sbin/ldconfig
|
||||
|
||||
%pre selinux
|
||||
%selinux_relabel_pre -s %{selinuxtype}
|
||||
|
||||
%post selinux
|
||||
%selinux_modules_install -s %{selinuxtype} -p 200 %{_datadir}/selinux/packages/targeted/%{modulename1}.pp
|
||||
%selinux_modules_install -s %{selinuxtype} -p 200 %{_datadir}/selinux/packages/targeted/%{modulename2}.pp
|
||||
%selinux_modules_install -s %{selinuxtype} -p 200 %{_datadir}/selinux/packages/targeted/%{modulename3}.pp
|
||||
|
||||
%postun selinux
|
||||
if [ $1 -eq 0 ]; then
|
||||
%selinux_modules_uninstall -s %{selinuxtype} -p 200 %{modulename1}
|
||||
%selinux_modules_uninstall -s %{selinuxtype} -p 200 %{modulename2}
|
||||
%selinux_modules_uninstall -s %{selinuxtype} -p 200 %{modulename3}
|
||||
fi
|
||||
|
||||
%posttrans selinux
|
||||
%selinux_relabel_post -s %{selinuxtype}
|
||||
|
||||
%files
|
||||
%defattr(-,root,root)
|
||||
%doc CHANGES README TODO
|
||||
%license LICENSE
|
||||
%{_bindir}/swtpm*
|
||||
%config %{_sysconfdir}/swtpm*
|
||||
%dir %{_datadir}/swtpm
|
||||
%{_datadir}/swtpm/*
|
||||
%{_datadir}/swtpm
|
||||
%dir %{_libdir}/swtpm
|
||||
%{_libdir}/swtpm/*.so.*
|
||||
%{_mandir}/man8/swtpm*
|
||||
%dir %{python_sitelib}/py_swtpm_localca
|
||||
%dir %{python_sitelib}/py_swtpm_setup
|
||||
%pycache_only %{python_sitelib}/py_swtpm_localca/__pycache__
|
||||
%pycache_only %{python_sitelib}/py_swtpm_setup/__pycache__
|
||||
%{python_sitelib}/py_swtpm_localca/*.py
|
||||
%{python_sitelib}/py_swtpm_setup/*.py
|
||||
%{python_sitelib}/swtpm_localca*
|
||||
%{python_sitelib}/swtpm_setup*
|
||||
%{_mandir}/man8/swtpm*%{?ext_man}
|
||||
%dir %attr(0750,tss,root) %{_localstatedir}/lib/swtpm-localca
|
||||
|
||||
%files devel
|
||||
%{_libdir}/swtpm/*.so
|
||||
%{_libdir}/swtpm/*.la
|
||||
%dir %{_includedir}/swtpm/
|
||||
%{_includedir}/swtpm/*
|
||||
%{_mandir}/man3/swtpm*
|
||||
%{_includedir}/swtpm
|
||||
%{_mandir}/man3/swtpm*%{?ext_man}
|
||||
|
||||
%files selinux
|
||||
%{_datadir}/selinux/packages/targeted/*.pp
|
||||
%ghost %verify(not md5 size mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename1}
|
||||
%ghost %verify(not md5 size mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename2}
|
||||
%ghost %verify(not md5 size mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename3}
|
||||
|
||||
%changelog
|
||||
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:2e5ccf591e34c25bd9ae78a0aff9ff1d037dacd90b5e05b9fdc9bcece239f0af
|
||||
size 309436
|
Loading…
Reference in New Issue
Block a user