Accepting request 519625 from security

- update to upstream version 1.1.1 which fixes some local denial-of-service security issues among other things: - Replace use of sigaction with g_unix_signal_* stuff from glib. - Rewrite of INSTALL.md including info on custom configure script options. - Default value for --with-simulatorbin configure option has been removed. New default behavior is to disable integration tests. - CommandSource will no longer reject commands without parameters. - Unit tests updated to use cmocka v1.0.0 API. - Integration tests now run daemon under valgrind memcheck and fail when errors are found. - CommandSource now tracks max FD in set of client FDs to prevent unnecessary iterations over FD_SETSIZE fds. - no longer call bootstrap and switch to the release upstream tarball which has now been fixed to contain all necessary files OBS-URL: https://build.opensuse.org/request/show/519625 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-abrmd?expand=0&rev=2
2017-08-30 14:24:39 +00:00 · 2017-08-30 14:24:39 +00:00 · 63717e6b31
commit 63717e6b31
parent 278b33d980 209831ef3d
4 changed files with 34 additions and 17 deletions
--- a/1.1.0.tar.gz
+++ b/1.1.0.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:06d7c3f4cdade756515cb130b7e67ebbcbc9c4a283601307908400b6ea9ce3a0
-size 151233
--- a/tpm2-abrmd-1.1.1.tar.gz
+++ b/tpm2-abrmd-1.1.1.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:3f5d1d3fa3077a0a187cd13b87bab3916e411fdbe37a0ceb170249017cccd52c
+size 499802
--- a/tpm2.0-abrmd.changes
+++ b/tpm2.0-abrmd.changes
@ -1,3 +1,23 @@
+-------------------------------------------------------------------
+Wed Aug 30 08:29:07 UTC 2017 - matthias.gerstner@suse.com
+
+- update to upstream version 1.1.1 which fixes some local denial-of-service
+  security issues among other things:
+
+  - Replace use of sigaction with g_unix_signal_* stuff from glib.
+  - Rewrite of INSTALL.md including info on custom configure script options.
+  - Default value for --with-simulatorbin configure option has been removed.
+  New default behavior is to disable integration tests.
+  - CommandSource will no longer reject commands without parameters.
+  - Unit tests updated to use cmocka v1.0.0 API.
+  - Integration tests now run daemon under valgrind memcheck and fail when
+  errors are found.
+  - CommandSource now tracks max FD in set of client FDs to prevent unnecessary
+  iterations over FD_SETSIZE fds.
+
+- no longer call bootstrap and switch to the release upstream tarball which
+  has now been fixed to contain all necessary files
+
 -------------------------------------------------------------------
 Thu Jul 20 13:04:41 UTC 2017 - matthias.gerstner@suse.com

--- a/tpm2.0-abrmd.spec
+++ b/tpm2.0-abrmd.spec
@ -1,5 +1,5 @@
 #
-# spec file for package tpm2-0-tss
+# spec file for package tpm2.0-abrmd
 #
 # Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
 #
@ -17,22 +17,22 @@


 Name:           tpm2.0-abrmd
-Version:        1.1.0
+Version:        1.1.1
 Release:        0
 Summary:        Intel's TCG Software Stack Access Broker & Resource Manager for TPM 2.0 chips
 License:        BSD-2-Clause
 Group:          Productivity/Security
 Url:            https://github.com/01org/tpm2-abrmd
-Source0:        https://github.com/01org/tpm2-abrmd/archive/%{version}.tar.gz
+Source0:        https://github.com/01org/tpm2-abrmd/releases/download/1.1.1/tpm2-abrmd-%{version}.tar.gz
 BuildRequires:  autoconf-archive
 BuildRequires:  automake
 BuildRequires:  gcc-c++
 BuildRequires:  libtool
 BuildRequires:  pkg-config
+BuildRequires:  systemd-rpm-macros
 BuildRequires:  pkgconfig(dbus-1)
 BuildRequires:  pkgconfig(gio-unix-2.0)
 BuildRequires:  pkgconfig(sapi)
-BuildRequires:  systemd-rpm-macros
 Requires(pre):  pwdutils
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build

@ -44,17 +44,17 @@ Intel's TPM 2.0 software stack.
 %package devel
 Summary:        Development headers the Access Broker & Resource Manager for TPM 2.0 chips
 Group:          Development/Libraries/C and C++
-Requires:       tpm2.0-abrmd = %{version}
 Requires:       glibc-devel
-Requires:	libtcti-tabrmd0 = %{version}
+Requires:       libtcti-tabrmd0 = %{version}
+Requires:       tpm2.0-abrmd = %{version}

 %description devel
 This package provides the development files for the Access Broker & Resource
 Manager for coordinating access to TPM 2.0 chips.

 %package -n libtcti-tabrmd0
-Summary:    Client interface library for tpm2-abrmd
-Group:      System/Libraries
+Summary:        Client interface library for tpm2-abrmd
+Group:          System/Libraries

 %description -n libtcti-tabrmd0
 This library allows to interact with the tpm2-abrmd daemon. It is intended for
@ -68,12 +68,6 @@ use with the SAPI library (libsapi) like any other TCTI.
 # %%patch0 -p1

 %build
-# TODO: we shouldn't bootstrap, but there is currently upstream issue #102
-# we are using the source tarball which doesn't ship generated configure
-# scripts, but it ships README and LICENSE files which are missing from the
-# distribution tarball. When we get an updated distribution tarball we should
-# remove the bootstrap and switch to the distribution tarball.
-bash bootstrap
 export CFLAGS="%optflags -fPIE"
 export LDFLAGS="-pie -fPIE"
 %configure --disable-static --with-udevrulesdir=%{_udevrulesdir} --with-systemdsystemunitdir=%{_unitdir}
@ -88,6 +82,9 @@ find %{buildroot} -type f -name "*.la" -delete -print
 %define udev_rule_file 90-tpm.rules
 mv %{buildroot}%{_udevrulesdir}/tpm-udev.rules %{buildroot}%{_udevrulesdir}/%{udev_rule_file}
 ln -sv %{_sbindir}/service %{buildroot}%{_sbindir}/rctpm2-abrmd
+# don't install the systemd preset, our presets are handled by
+# systemd-presets-* packages
+rm %{buildroot}/usr/lib*/systemd/system-preset/tpm2-abrmd.preset

 %pre
 # the same user is employed by trousers (and was employed by the old