Accepting request 1191034 from security

OBS-URL: https://build.opensuse.org/request/show/1191034
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/swtpm?expand=0&rev=19

swtpm-0.8.1.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:7bba52aa41090f75087034fac5fe8daed10c3e7e7234df7c9558849318927f41
-size 364169

swtpm.changes

@@ -1,3 +1,66 @@
+-------------------------------------------------------------------
+Thu Aug  1 07:23:27 UTC 2024 - Richard Rahl <rrahl0@opensuse.org>
+
+- update to 0.9.0:
+  - fixes: boo#1226398
+  - swtpm:
+    - Use umask() to create/truncated state file rather than fchmod()
+    - Use fchmod to set mode bits provided by user
+    - Replace mkstemp with g_mkstemp_full (Coverity)
+    - fix typo in help message
+    - cuse: Fix Coverity complaints regarding locks
+    - Fix double free in error path
+    - Close fd after main loop
+    - Restore logging to stderr on log open failure
+  - swtpm_setup:
+    - Fail --pcr-banks without --tpm2
+    - Fail --decryption or --allow-signing without --tpm2
+    - Initialized argv in get_swtpm_capabilities()
+    - Flush spk after persisting to create room for another key
+    - Refactor duplicate code into swtpm_tpm2_write_cert_nvram
+    - Move persisting of certificate into tpm2_persist_certificate
+    - Pass key_type to function creating filename for key
+    - Add scheme parameter before curveid to createprimary_ecc
+    - Rename is_ek to preserve for future extension
+    - Mask-out EK and plaform certificate flags and set cert_flags
+    - Move common code into new function read_certificate_file()
+    - Exit with '0' upon --version rather than '1'
+    - Close file descriptors passed to swtpm process on parent side
+    - Make stdout unbuffered
+    - Use medium duration on TSC_PhysicalPresence to avoid timeouts
+    - Add poll() after write() and before read() to detect errors
+  - swtpm_localca:
+    - Add support for up to 20 bytes serial numbers
+    - Introduce --key as more generic alias for --ek
+    - Add missing NULL option to end of array
+    - Make stdout unbuffered
+  - swtpm_cert:
+    - Add support for serial numbers up to 20 bytes long
+  - swtpm_ioctl:
+    - Separate return code from flags
+    - Repeatedly call PTM_GET_INFO for long responses
+  - selinux:
+    - Re-add rule for svirt_tcg_t and user_tmp_t:sock_file (virt-install)
+    - New SELinux policy that requires Fedora 40 or later
+  - tests:
+    - Fixed occurrences of stray '' before '-'
+    - Rearrange order of test cases to run some also as 'root'
+    - Add tests for command line options and combinations of options
+    - Add softhsm_setup to shellcheck'ed files and fix issues
+    - Add missing 'exit 1' on unexpected file size on --reconfigure
+    - Add test cases for swtpm_cert with max serial number
+    - Fix spelling mistakes
+    - reformat regexs for easier readability and extension
+    - ibmtss2: Add patch to disable x509 test with older libtpms
+    - Upgrade to ibmtss2 v2.0.1
+    - Fixed several issues detected by shellcheck
+  - build-sys:
+    - Add support for --disable-tests to disable tests
+    - Display GMP_LIBS and GMP_CFLAGS
+    - Only display warning if pkg-config for gmp fails
+    - Add gmp library and devel package as dependency
+    - use PKG_CHECK_MODULES to check libtpms version
+
 -------------------------------------------------------------------
 Thu Oct 19 00:43:29 UTC 2023 - William Brown <william.brown@suse.com>
 

swtpm.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package swtpm
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -30,7 +30,7 @@
 %define modulename2 swtpm_svirt
 %define modulename3 swtpmcuse
 Name:           swtpm
-Version:        0.8.1
+Version:        0.9.0
 Release:        0
 Summary:        Software TPM emulator
 License:        BSD-3-Clause
@@ -44,6 +44,7 @@ BuildRequires:  automake
 BuildRequires:  expect
 BuildRequires:  fuse-devel
 BuildRequires:  glib2-devel
+BuildRequires:  gmp-devel
 BuildRequires:  gnutls
 BuildRequires:  iproute2
 BuildRequires:  libgnutls-devel