From 9bbeceb75c9faac7e773e477ff658c1824dd79fc6331994c17ea1c5bd4122877 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Mon, 23 Nov 2020 03:28:09 +0000
Subject: [PATCH] Accepting request 850053 from home:kailiu:branches:security

Update to version 0.5.1.  Misc. spec file changes, fix rpmlint errors.

OBS-URL: https://build.opensuse.org/request/show/850053
OBS-URL: https://build.opensuse.org/package/show/security/swtpm?expand=0&rev=9
---
 swtpm.changes | 11 +++++++++++
 swtpm.spec    | 29 ++++++++++++++++++++++-------
 v0.5.0.tar.gz |  3 ---
 v0.5.1.tar.gz |  3 +++
 4 files changed, 36 insertions(+), 10 deletions(-)
 delete mode 100644 v0.5.0.tar.gz
 create mode 100644 v0.5.1.tar.gz

diff --git a/swtpm.changes b/swtpm.changes
index 2149211..131dd0c 100644
--- a/swtpm.changes
+++ b/swtpm.changes
@@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Sun Nov 22 03:16:13 UTC 2020 - Kai Liu <kai.liu@suse.com>
+
+- Update to version 0.5.1
+  * swtpm & swtpm_setup:
+    - Addressed potential symlink attack issue (CVE-2020-28407)
+  * build-sys:
+    - Fix configure python cryptography error message
+
+- Misc. spec file changes.
+
 -------------------------------------------------------------------
 Tue Oct 13 14:57:25 UTC 2020 - Kai Liu <kai.liu@suse.com>
 
diff --git a/swtpm.spec b/swtpm.spec
index 7025ad8..d4e450f 100644
--- a/swtpm.spec
+++ b/swtpm.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package swtpm
 #
-# Copyright (c) 2019 SUSE LLC
+# Copyright (c) 2020 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -12,21 +12,24 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
+
+# Scripts in this package are python3
+%define skip_python2 1
+
 Name:           swtpm
-Version:        0.5.0
+Version:        0.5.1
 Release:        0
 Summary:        Software TPM emulator
 License:        BSD-3-Clause
 Group:          System/Base
-Url:            https://github.com/stefanberger/swtpm
+URL:            https://github.com/stefanberger/swtpm
 Source:         https://github.com/stefanberger/swtpm/archive/v%{version}.tar.gz
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  expect
-BuildRequires:  libtool
 BuildRequires:  fuse-devel
 BuildRequires:  glib2-devel
 BuildRequires:  gnutls
@@ -34,6 +37,7 @@ BuildRequires:  libgnutls-devel
 BuildRequires:  libopenssl-devel
 BuildRequires:  libseccomp-devel
 BuildRequires:  libtasn1-devel
+BuildRequires:  libtool
 BuildRequires:  libtpms-devel
 BuildRequires:  python3-cryptography
 BuildRequires:  socat
@@ -58,9 +62,9 @@ Summary:        Development files for swtpm
 Group:          Development/Libraries/C and C++
 Requires:       %{name} = %{version}
 Requires:       glib2-devel
-Requires:       libtpms-devel
 Requires:       libopenssl-devel
 Requires:       libseccomp-devel
+Requires:       libtpms-devel
 
 %description    devel
 The development files for SWTPM
@@ -69,6 +73,16 @@ The development files for SWTPM
 %setup -q -n %{name}-%{version}
 
 %build
+
+# Fix rpmlint env-script-interpreter error
+sed -i -e "s|^#!/usr/bin/env |#!/usr/bin/|" \
+  %_builddir/%buildsubdir/src/swtpm_setup/swtpm_setup.in \
+  %_builddir/%buildsubdir/src/swtpm_setup/py_swtpm_setup/swtpm_setup.py \
+  %_builddir/%buildsubdir/samples/swtpm-create-tpmca \
+  %_builddir/%buildsubdir/samples/swtpm-create-user-config-files.in \
+  %_builddir/%buildsubdir/samples/swtpm-localca.in \
+  %_builddir/%buildsubdir/samples/py_swtpm_localca/swtpm_localca.py
+
 ./autogen.sh
 %configure --with-openssl --disable-static \
      --with-tss-user=root --with-tss-group=tss
@@ -82,7 +96,8 @@ make %{?_smp_mflags}
 
 %files
 %defattr(-,root,root)
-%doc README LICENSE
+%doc CHANGES README TODO
+%license LICENSE
 %{_bindir}/swtpm*
 %config %{_sysconfdir}/swtpm*
 %dir %{_datadir}/swtpm
diff --git a/v0.5.0.tar.gz b/v0.5.0.tar.gz
deleted file mode 100644
index c2653af..0000000
--- a/v0.5.0.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:55d93fc3ba6643b1ca1d11018f86b917cd36a7e57bfe103614aed0a0c0360a0f
-size 309011
diff --git a/v0.5.1.tar.gz b/v0.5.1.tar.gz
new file mode 100644
index 0000000..1fd7bdc
--- /dev/null
+++ b/v0.5.1.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9c0e82357f7d7513fbc4d5dc7d2abfc34932680aae4a91c62213fd1d3719f628
+size 309464