Update to v0.6.0 release

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>

.gitignore

@@ -13,3 +13,10 @@
 /swtpm-8dae4b3.tar.gz
 /swtpm-0.3.0.tar.gz
 /swtpm-74ae43b.tar.gz
+/swtpm-80f0418.tar.gz
+/swtpm-0c238a2.tar.gz
+/swtpm-b931e10.tar.gz
+/swtpm-390f5bd.tar.gz
+/swtpm-96f5a04.tar.gz
+/swtpm-e59c0c1.tar.gz
+/swtpm-ea627b3.tar.gz

0001-tests-Modify-sample-key-to-be-2048-bit-rather-than-o.patch

@@ -1,56 +0,0 @@
-From f5bd8ba14f5165bc5b7cd3b20a7ba07f6acbfffe Mon Sep 17 00:00:00 2001
-From: Stefan Berger <stefanb@linux.ibm.com>
-Date: Fri, 31 Jul 2020 10:47:27 -0400
-Subject: [PATCH] tests: Modify sample key to be 2048 bit rather than only 2033
- bit
-
-The generated sample keys started with 00010203, thus leaving the upper
-15 bits of the key as '0', which in turn causes gnutls to think that the
-key is only 2033 bit long, thus rejecting certificate verification once
-the min-verification-profile is set to 'medium' in gnutls's config file
-in /etc/crypto-policies/back-ends/gnutls.config.
-
-We now create sample keys starting with 800102, which sets the highest bit.
-
-This fixes test errors on Fedora Rawhide due to the change in the
-min-verification-profile setting in gnutls.config.
-
-Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
----
- tests/test_tpm2_samples_swtpm_localca        | 4 ++--
- tests/test_tpm2_samples_swtpm_localca_pkcs11 | 4 ++--
- 2 files changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/tests/test_tpm2_samples_swtpm_localca b/tests/test_tpm2_samples_swtpm_localca
-index 3611b9d2..11ad10ba 100755
---- a/tests/test_tpm2_samples_swtpm_localca
-+++ b/tests/test_tpm2_samples_swtpm_localca
-@@ -11,8 +11,8 @@ SWTPM_LOCALCA=${TOPSRC}/samples/swtpm-localca
- 
- workdir=$(mktemp -d "/tmp/path with spaces.XXXXXX")
- 
--ek=""
--for ((i = 0; i < 256; i++)); do
-+ek="80" # 2048 bit key must have highest bit set
-+for ((i = 1; i < 256; i++)); do
-   ek="${ek}$(printf "%02x" $i)"
- done
- 
-diff --git a/tests/test_tpm2_samples_swtpm_localca_pkcs11 b/tests/test_tpm2_samples_swtpm_localca_pkcs11
-index 5d0d1d45..372a6391 100755
---- a/tests/test_tpm2_samples_swtpm_localca_pkcs11
-+++ b/tests/test_tpm2_samples_swtpm_localca_pkcs11
-@@ -11,8 +11,8 @@ SWTPM_LOCALCA=${TOPSRC}/samples/swtpm-localca
- 
- workdir=$(mktemp -d)
- 
--ek=""
--for ((i = 0; i < 256; i++)); do
-+ek="80" # 2048 bit key must have highest bit set
-+for ((i = 1; i < 256; i++)); do
-   ek="${ek}$(printf "%02x" $i)"
- done
- 
--- 
-2.25.4
-

0001-tests-Skip-test-4-of-derived-keys-in-case-an-allowed.patch

@@ -1,96 +0,0 @@
-From e6d81c0281900c8222022d66272254f97919cf4b Mon Sep 17 00:00:00 2001
-From: Stefan Berger <stefanb@linux.vnet.ibm.com>
-Date: Tue, 25 Feb 2020 21:34:21 -0500
-Subject: [PATCH] tests: Skip test 4 of derived keys in case an allowed error
- is encounterd
-
-libtpms may not support TDES, so we have to skip test case 4 in
-case we encounter an allowed error message.
-
-Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
----
- tests/_test_tpm2_derived_keys | 34 +++++++++++++++++++++-------------
- 1 file changed, 21 insertions(+), 13 deletions(-)
-
-diff --git a/tests/_test_tpm2_derived_keys b/tests/_test_tpm2_derived_keys
-index 773da39..87b9940 100755
---- a/tests/_test_tpm2_derived_keys
-+++ b/tests/_test_tpm2_derived_keys
-@@ -51,12 +51,14 @@ fi
- # @param2: whether to send TPM2_Startup
- # @param3: command to send
- # @param4: expected return value
-+# @param5: allowed failure return value to skip test
- function tx_cmd()
- {
- 	local reset="$1"
- 	local startup="$2"
- 	local cmd="$3"
- 	local exp="$4"
-+	local allowed_error="$5"
- 
- 	local RES tmp
- 
-@@ -82,7 +84,9 @@ function tx_cmd()
- 
- 	swtpm_open_cmddev ${SWTPM_INTERFACE} 100
- 	RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} ${cmd})
--	if [ "$RES" != "$exp" ]; then
-+	if [ "$RES" == "$allowed_error" ]; then
-+		echo "Skip: Encountered allowed error response ($allowed_error)"
-+	elif [ "$RES" != "$exp" ]; then
- 		echo "Error: Did not get expected return from creating key"
- 		echo "expected: $exp"
- 		echo "received: $RES"
-@@ -93,6 +97,10 @@ function tx_cmd()
- 	return 0
- }
- 
-+# Older versions of libtpms do not support TDES
-+# So we may skip the test in case we hit this error
-+error_unsupt_algo=' 80 01 00 00 00 0a 00 00 02 d6'
-+
- # Create a primary RSA key and expect a predictable return value
- # tsscreateprimary -hi e -v
- # -> creates key with handle 0x80 00 00 00
-@@ -245,12 +253,12 @@ test5_exp2+=' 00 00 01 00 00'
- case "$(uname -p)" in
- ppc64le|x86_64)
- 	echo "[Assuming ${SWTPM_EXE} is 64bit]"
--	tx_cmd 1 0 "$test1_cmd" "$test1_exp" || exit 1 && echo "Test 1: OK"
--	tx_cmd 1 1 "$test2_cmd" "$test2_exp" || exit 1 && echo "Test 2: OK"
--	tx_cmd 1 1 "$test3_cmd" "$test3_exp" || exit 1 && echo "Test 3: OK"
--	tx_cmd 1 1 "$test4_cmd" "$test4_exp" || exit 1 && echo "Test 4: OK"
--	tx_cmd 1 1 "$test5_cmd1" "$test5_exp1" || exit 1
--	tx_cmd 0 0 "$test5_cmd2" "$test5_exp2" || exit 1 && echo "Test 5: OK"
-+	tx_cmd 1 0 "$test1_cmd" "$test1_exp" "" || exit 1 && echo "Test 1: OK"
-+	tx_cmd 1 1 "$test2_cmd" "$test2_exp" "" || exit 1 && echo "Test 2: OK"
-+	tx_cmd 1 1 "$test3_cmd" "$test3_exp" "" || exit 1 && echo "Test 3: OK"
-+	tx_cmd 1 1 "$test4_cmd" "$test4_exp" "$error_unsupt_algo" || exit 1 && echo "Test 4: OK"
-+	tx_cmd 1 1 "$test5_cmd1" "$test5_exp1" "" || exit 1
-+	tx_cmd 0 0 "$test5_cmd2" "$test5_exp2" "" || exit 1 && echo "Test 5: OK"
- 	;;
- *)
- 	echo "This test currently only works with 64bit TPMs"
-@@ -301,12 +309,12 @@ test4_exp=' 80 02 00 00 00 71 00 00 00 00 80 00 00 00 00 00 00 5a 00 00 00 32 00
- test5_exp1=' 80 02 00 00 01 12 00 00 00 00 80 00 00 00 00 00 00 fb 00 32 00 08 00 0b 00 03 04 72 00 00 00 0a 00 0b 00 22 00 20 60 5c 90 40 d5 ef 80 59 70 f4 90 3e 43 7a ce 49 1e 06 06 f0 e9 79 39 e4 a0 a1 8b d5 12 ca 86 9a 00 37 00 00 00 00 00 20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55 01 00 10 00 04 40 00 00 0b 00 04 40 00 00 0b 00 00 00 20 28 d0 26 fa fd 74 91 06 74 3e 27 c4 28 05 51 58 5e 5d 17 66 8e b5 21 83 5e d6 01 27 ef fc 05 d4 80 21 40 00 00 0b 00 40 5a 84 8d d0 73 da 49 f6 76 84 6e d1 56 13 39 4d 4b 67 0a 68 97 71 c9 a4 92 a6 aa 6d 30 4b 19 6c 69 fc a7 d5 b9 5c 8f 5a af 0c f6 72 b9 85 c5 d4 0a 09 f8 f7 16 4d 11 bc 5d ec cc 48 02 15 ce 79 00 22 00 0b 04 13 09 39 42 b3 86 80 67 68 2a d7 27 e3 c7 44 1d 1c b6 65 23 c3 ee f0 b8 b8 b5 ff ee 49 1d 4b 00 00 01 00 00'
- test5_exp2=' 80 02 00 00 00 95 00 00 00 00 80 00 00 01 00 00 00 7e 00 00 00 56 00 23 00 0b 00 02 04 52 00 00 00 10 00 10 00 10 00 10 00 20 af 9f be fc c8 95 21 71 04 2d 7d db 3f 42 aa 54 cc 2f a0 cf 55 82 78 f4 3f 01 88 27 46 53 2c 88 00 20 dc ad 67 2f d1 ea 89 01 f5 27 1f 58 3f a5 da 52 85 50 98 d5 06 81 10 13 86 12 d7 23 55 12 ea 0c 00 22 00 0b 72 c2 60 3f c8 bb 79 ea 92 86 7e a3 df 57 8d 15 e3 f1 10 a2 f9 1c a6 80 41 c3 cf e1 fa 43 83 2f 00 00 01 00 00'
- 
--tx_cmd 1 0 "$test1_cmd" "$test1_exp" || exit 1 && echo "Test 1: OK"
--tx_cmd 1 1 "$test2_cmd" "$test2_exp" || exit 1 && echo "Test 2: OK"
--tx_cmd 1 1 "$test3_cmd" "$test3_exp" || exit 1 && echo "Test 3: OK"
--tx_cmd 1 1 "$test4_cmd" "$test4_exp" || exit 1 && echo "Test 4: OK"
--tx_cmd 1 1 "$test5_cmd1" "$test5_exp1" || exit 1
--tx_cmd 0 0 "$test5_cmd2" "$test5_exp2" || exit 1 && echo "Test 5: OK"
-+tx_cmd 1 0 "$test1_cmd" "$test1_exp" "" || exit 1 && echo "Test 1: OK"
-+tx_cmd 1 1 "$test2_cmd" "$test2_exp" "" || exit 1 && echo "Test 2: OK"
-+tx_cmd 1 1 "$test3_cmd" "$test3_exp" "" || exit 1 && echo "Test 3: OK"
-+tx_cmd 1 1 "$test4_cmd" "$test4_exp" "" || exit 1 && echo "Test 4: OK"
-+tx_cmd 1 1 "$test5_cmd1" "$test5_exp1" "" || exit 1
-+tx_cmd 0 0 "$test5_cmd2" "$test5_exp2" "" || exit 1 && echo "Test 5: OK"
- 
- run_swtpm_ioctl ${SWTPM_INTERFACE} -s
- if [ $? -ne 0 ]; then
--- 
-2.25.0.rc2.1.g09a9a1a997
-

sources

@@ -1 +1 @@
-SHA512 (swtpm-74ae43b.tar.gz) = 59be7ab2406105ba808b1dc3656bff1c5f533dccca6acb0bb618b6dea2851d0c5c19527487748ff8d3503ea395f1ec8f07a3766f2ac6fff204b964c111c6e311
+SHA512 (swtpm-ea627b3.tar.gz) = 7396eaa295c59cb05e8c0525b34ae2c39dfa49b9f1c1a8086c9d71a907892d9cc083dd5061635e33a56e9c6e3aa93a9c6378f91c788aec56d46e586ef67aaa4a

swtpm.spec

@@ -1,7 +1,7 @@
 %bcond_without gnutls
 
-%global gitdate     20200218
-%global gitcommit   74ae43bd8e4fca809d1cbc398efcb2f7f968b59f
+%global gitdate     20210607
+%global gitcommit   ea627b3b5e847f9141fcf25de0c03004d35fb375
 %global gitshortcommit  %(c=%{gitcommit}; echo ${c:0:7})
 
 # Macros needed by SELinux
@@ -11,33 +11,26 @@
 
 Summary: TPM Emulator
 Name:           swtpm
-Version:        0.3.0
-Release:        4.%{gitdate}git%{gitshortcommit}%{?dist}
+Version:        0.6.0
+Release:        1.%{gitdate}git%{gitshortcommit}%{?dist}
 License:        BSD
 Url:            http://github.com/stefanberger/swtpm
 Source0:        %{url}/archive/%{gitcommit}/%{name}-%{gitshortcommit}.tar.gz
 
-Patch0001:      0001-tests-Skip-test-4-of-derived-keys-in-case-an-allowed.patch
-Patch0002:      0001-tests-Modify-sample-key-to-be-2048-bit-rather-than-o.patch
-
 BuildRequires:  git-core
 BuildRequires:  automake
 BuildRequires:  autoconf
 BuildRequires:  libtool
 BuildRequires:  libtpms-devel >= 0.6.0
-BuildRequires:  glib2-devel
-BuildRequires:  gmp-devel
 BuildRequires:  expect
 BuildRequires:  net-tools
 BuildRequires:  openssl-devel
 BuildRequires:  socat
-BuildRequires:  python3
-BuildRequires:  python3-twisted
 BuildRequires:  trousers >= 0.3.9
-BuildRequires:  tpm-tools >= 1.3.8-6
 BuildRequires:  softhsm
+BuildRequires:  json-glib-devel
 %if %{with gnutls}
-BuildRequires:  gnutls >= 3.1.0
+BuildRequires:  gnutls >= 3.4.0
 BuildRequires:  gnutls-devel
 BuildRequires:  gnutls-utils
 BuildRequires:  libtasn1-devel
@@ -73,7 +66,7 @@ Include files for the TPM emulator's CUSE interface.
 Summary:        Tools for the TPM emulator
 License:        BSD
 Requires:       swtpm = %{version}-%{release}
-Requires:       trousers >= 0.3.9 tpm-tools >= 1.3.8-6 expect bash net-tools gnutls-utils
+Requires:       trousers >= 0.3.9 bash gnutls-utils
 
 %description    tools
 Tools for the TPM emulator from the swtpm package
@@ -150,7 +143,6 @@ fi
 %{_bindir}/swtpm_cert
 %endif
 %{_bindir}/swtpm_setup
-%{_bindir}/swtpm_setup.sh
 %{_bindir}/swtpm_ioctl
 %{_mandir}/man8/swtpm_bios.8*
 %{_mandir}/man8/swtpm_cert.8*
@@ -166,9 +158,35 @@ fi
 %config(noreplace) %{_sysconfdir}/swtpm-localca.conf
 %dir %{_datadir}/swtpm
 %{_datadir}/swtpm/swtpm-localca
-%attr( 755, tss, tss) %{_localstatedir}/lib/swtpm-localca
+%{_datadir}/swtpm/swtpm-create-user-config-files
+%attr( 750, tss, root) %{_localstatedir}/lib/swtpm-localca
 
 %changelog
+* Mon Jun 07 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.6.0-1.20210706gitea627b
+- Update to v0.6.0 release
+
+* Sat Dec 26 2020 Stefan Berger <stefanb@linux.ibm.com> - 0.5.2-1.20201226gite59c0c1a
+- Bugfixes for stable release
+
+* Fri Nov 13 2020 Stefan Berger <stefanb@linux.ibm.com> - 0.5.1-2.20201117git96f5a04c
+- Another build of v0.5.1 after more fixes
+
+* Fri Nov 13 2020 Stefan Berger <stefanb@linux.ibm.com> - 0.5.1-1.20201113git390f5bd4
+- Update to v0.5.1 addressing potential symlink attack issue (CVE-2020-28407)
+
+* Wed Oct 7 2020 Stefan Berger <stefanb@linux.ibm.com> - 0.5.0-1.20201007gitb931e109
+- Update to v0.5.0 release
+
+* Fri Aug 28 2020 Stefan Berger <stefanb@linux.ibm.com> - 0.4.0-1.20200828git0c238a2
+- Update to v0.4.0 release
+- Fixed /var/lib/swtpm-localca mode flags and ownership
+
+* Thu Aug 27 2020 Stefan Berger <stefanb@linux.ibm.com> - 0.3.4-2.20200711git80f0418
+- Disable pkcs11 related test case running into GnuTLS locking bug
+
+* Tue Aug 11 2020 Stefan Berger <stefanb@linux.ibm.com> - 0.3.4-1.20200711git80f0418
+- Update to v0.3.4 release
+
 * Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.0-3.20200218git74ae43b
 - Second attempt - Rebuilt for
   https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild