5 changed files with 102 additions and 161 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/swtpm-0.9.0.tar.gz
+SOURCES/swtpm-0.8.0.tar.gz
--- a/.swtpm.metadata
+++ b/.swtpm.metadata
@ -1 +1 @@
-5488a09e1a93da4d6535fc5654894259c7a794d5 SOURCES/swtpm-0.9.0.tar.gz
+742e598ae731d3aa7283b104153cfabdc3b73643 SOURCES/swtpm-0.8.0.tar.gz
--- a/SOURCES/0001-swtpm_setup-fix-Werror-maybe-uninitialized.patch
+++ b/SOURCES/0001-swtpm_setup-fix-Werror-maybe-uninitialized.patch
@ -0,0 +1,37 @@
 From 95cd8db3dc822d8f741b90d560e50f44841f9d29 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
 Date: Tue, 22 Nov 2022 11:24:57 +0400
 Subject: [PATCH] swtpm_setup: fix -Werror=maybe-uninitialized
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 /usr/include/glib-2.0/glib/glib-autocleanups.h:30:3: error: ‘argv’ may be used uninitialized [-Werror=maybe-uninitialized]
   30 |   g_free (*pp);
      |   ^~~~~~~~~~~~
 swtpm_setup.c: In function ‘get_swtpm_capabilities.constprop.0’:
 swtpm_setup.c:940:24: note: ‘argv’ was declared here
  940 |     g_autofree gchar **argv;
      |                        ^~~~
 Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
 ---
 src/swtpm_setup/swtpm_setup.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/src/swtpm_setup/swtpm_setup.c b/src/swtpm_setup/swtpm_setup.c
 index 1b528c8..3570235 100644
 --- a/src/swtpm_setup/swtpm_setup.c
 +++ b/src/swtpm_setup/swtpm_setup.c
@@ -937,7 +937,7 @@ static int get_swtpm_capabilities(gchar **swtpm_prg_l, gboolean is_tpm2,
     gchar *my_argv[] = { "--print-capabilities", is_tpm2 ? "--tpm2" : NULL, NULL };
     g_autofree gchar *logop = NULL;
     g_autoptr(GError) error = NULL;
 -    g_autofree gchar **argv;
 +    g_autofree gchar **argv = NULL;
     int exit_status = 0;
     gboolean success;
     int ret = 1;
 -- 
 2.38.1
--- a/SOURCES/selinux.patch
+++ b/SOURCES/selinux.patch
@ -1,34 +0,0 @@
 From 1eab90cc323509eda1b43ef81fccb4bcf28056f0 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
 Date: Sat, 13 Jul 2024 13:37:29 +0400
 Subject: [PATCH] selinux
 ---
 src/selinux/swtpm_svirt.te | 4 ++++
 1 file changed, 4 insertions(+)
 diff --git a/src/selinux/swtpm_svirt.te b/src/selinux/swtpm_svirt.te
 index f7b886c..424efa7 100644
 --- a/src/selinux/swtpm_svirt.te
 +++ b/src/selinux/swtpm_svirt.te
@@ -13,6 +13,7 @@ require {
 	type user_tmp_t;
 	type virtd_t;
 	type virtqemud_t;
 +	type virt_var_run_t;
 }
 swtpm_domtrans(svirt_t)
@@ -27,6 +28,9 @@ allow svirt_t user_tmp_t:sock_file { create setattr unlink };
 allow svirt_t virtd_t:dir search;
 allow svirt_t virtd_t:fifo_file write;
 allow svirt_t virtqemud_t:fifo_file write;
 +allow svirt_t virt_var_run_t:dir { write add_name remove_name };
 +allow svirt_t virt_var_run_t:file { create write setattr unlink };
 +allow svirt_t virt_var_run_t:sock_file { create write setattr unlink };
 # For virt-install (see https://bugzilla.redhat.com/show_bug.cgi?id=2283878 )
 allow svirt_tcg_t user_tmp_t:sock_file { create setattr unlink };
 -- 
 2.41.0.28.gd7d8841f67
--- a/SPECS/swtpm.spec
+++ b/SPECS/swtpm.spec
@ -7,17 +7,17 @@
 Summary: TPM Emulator
 Name:           swtpm
-Version:        0.9.0
+Version:        0.8.0
 Release:        2%{?dist}
-License:        BSD-3-Clause
+License:        BSD
 Url:            https://github.com/stefanberger/swtpm
-Source0:        https://github.com/stefanberger/swtpm/archive/v%{version}/%{name}-%{version}.tar.gz
+Source0:        %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
-Source1:        openssl-swtpm.cnf
+Patch0001:      0001-swtpm_setup-fix-Werror-maybe-uninitialized.patch
 # Prevent crypto policies disabling SHA-1.
 # swtpm algorithm list is unconditional. Since it advertizes
 # SHA-1, we MUST always provide a working SHA-1 impl
 Source1:        openssl-swtpm.cnf
 Patch0002:      swtpm-custom-openssl.patch
 Patch0003:      selinux.patch
 BuildRequires:  make
 BuildRequires:  git-core
@ -25,13 +25,13 @@ BuildRequires:  automake
 BuildRequires:  autoconf
 BuildRequires:  libtool
 BuildRequires:  libtpms-devel >= 0.6.0
 BuildRequires:  glib2-devel
 BuildRequires:  json-glib-devel
 BuildRequires:  expect
 BuildRequires:  net-tools
 BuildRequires:  openssl-devel
 BuildRequires:  socat
 BuildRequires:  tpm2-tss
 BuildRequires:  softhsm
 BuildRequires:  json-glib-devel
 %if %{with gnutls}
 BuildRequires:  gnutls >= 3.4.0
 BuildRequires:  gnutls-devel
@ -43,25 +43,24 @@ BuildRequires:  selinux-policy-devel
 BuildRequires:  gcc
 BuildRequires:  libseccomp-devel
 BuildRequires:  tpm2-pkcs11 tpm2-pkcs11-tools tpm2-tools tpm2-abrmd
 BuildRequires:  python3-devel
 Requires:       %{name}-libs = %{version}-%{release}
 Requires:       libtpms >= 0.6.0
-Requires:       (%{name}-selinux if selinux-policy-targeted)
+%{?selinux_requires}
 %description
 TPM emulator built on libtpms providing TPM functionality for QEMU VMs
 %package        libs
 Summary:        Private libraries for swtpm TPM emulators
-License:        BSD-3-Clause
+License:        BSD
 %description    libs
 A private library with callback functions for libtpms based swtpm TPM emulator
 %package        devel
 Summary:        Include files for the TPM emulator's CUSE interface for usage by clients
-License:        BSD-3-Clause
+License:        BSD
 Requires:       %{name}-libs%{?_isa} = %{version}-%{release}
 %description    devel
@ -69,17 +68,16 @@ Include files for the TPM emulator's CUSE interface.
 %package        tools
 Summary:        Tools for the TPM emulator
-License:        BSD-3-Clause
+License:        BSD
 Requires:       swtpm = %{version}-%{release}
-# tpm2-tss for tss account
+Requires:       bash gnutls-utils
 Requires:       tpm2-tss bash gnutls-utils
 %description    tools
 Tools for the TPM emulator from the swtpm package
 %package       tools-pkcs11
-Summary:        Tools for creating a local CA based on a TPM pkcs11 device
+Summary:       Tools for creating a local CA based on a pkcs11 device
-License:        BSD-3-Clause
+License:       BSD
 Requires:      swtpm-tools = %{version}-%{release}
 Requires:      tpm2-pkcs11 tpm2-pkcs11-tools tpm2-tools tpm2-abrmd
 Requires:      expect gnutls-utils
@ -87,19 +85,8 @@ Requires:       expect gnutls-utils
 %description   tools-pkcs11
 Tools for creating a local CA based on a pkcs11 device
 %package        selinux
 Summary:        SELinux security policy for swtpm
 Requires(post): swtpm = %{version}-%{release}
 BuildArch:      noarch
 %if ! 0%{?flatpak}
 %{?selinux_requires}
 %endif
 %description    selinux
 SELinux security policy for swtpm.
 %prep
-%autosetup -S git -n %{name}-%{version} -p1
+%autosetup -S git -p1
 %build
@ -119,26 +106,26 @@ make %{?_smp_mflags} check VERBOSE=1
 %make_install
 rm -f $RPM_BUILD_ROOT%{_libdir}/%{name}/*.{a,la,so}
 rm $RPM_BUILD_ROOT%{_mandir}/man8/swtpm_cuse.8*
 %__install -d %{buildroot}%{_sysconfdir}/ssl
 cp %{SOURCE1} %{buildroot}/%{_sysconfdir}/ssl/
-%post selinux
+%post
 for pp in /usr/share/selinux/packages/swtpm.pp \
-          /usr/share/selinux/packages/swtpm_svirt.pp \
+          /usr/share/selinux/packages/swtpm_svirt.pp; do
          /usr/share/selinux/packages/swtpm_libvirt.pp; do
  %selinux_modules_install -s %{selinuxtype} ${pp}
 done
 restorecon %{_bindir}/swtpm
-%postun selinux
+%postun
 if [ $1 -eq  0 ]; then
-  for p in swtpm_libvirt swtpm swtpm_svirt; do
+  for p in swtpm swtpm_svirt; do
    %selinux_modules_uninstall -s %{selinuxtype} $p
  done
 fi
-%posttrans selinux
+%posttrans
 %selinux_relabel_post -s %{selinuxtype}
 %ldconfig_post libs
@ -149,10 +136,7 @@ fi
 %doc README
 %{_bindir}/swtpm
 %{_mandir}/man8/swtpm.8*
 %files selinux
 %{_datadir}/selinux/packages/swtpm.pp
 %{_datadir}/selinux/packages/swtpm_libvirt.pp
 %{_datadir}/selinux/packages/swtpm_svirt.pp
 %{_sysconfdir}/ssl/openssl-swtpm.cnf
@ -178,16 +162,15 @@ fi
 %{_bindir}/swtpm_setup
 %{_bindir}/swtpm_ioctl
 %{_bindir}/swtpm_localca
 %{_mandir}/man5/swtpm-localca.conf.5*
 %{_mandir}/man5/swtpm-localca.options.5*
 %{_mandir}/man5/swtpm_setup.conf.5*
 %{_mandir}/man8/swtpm_bios.8*
 %{_mandir}/man8/swtpm_cert.8*
 %{_mandir}/man8/swtpm_ioctl.8*
 %{_mandir}/man5/swtpm-localca.conf.5*
 %{_mandir}/man5/swtpm-localca.options.5*
 %{_mandir}/man8/swtpm-localca.8*
 %{_mandir}/man8/swtpm_localca.8*
 %{_mandir}/man8/swtpm_setup.8*
-%exclude %{_mandir}/man8/swtpm_cuse.8.gz
+%{_mandir}/man5/swtpm_setup.conf.5*
 %config(noreplace) %{_sysconfdir}/swtpm_setup.conf
 %config(noreplace) %{_sysconfdir}/swtpm-localca.options
 %config(noreplace) %{_sysconfdir}/swtpm-localca.conf
@ -201,100 +184,55 @@ fi
 %{_datadir}/swtpm/swtpm-create-tpmca
 %changelog
-* Wed Jul 17 2024 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.0-2
+* Mon Jul 08 2024 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.8.0-2
 - Add extra SELinux policies.
  Resolves: RHEL-47273
 * Tue Jul 09 2024 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.0-1
 - Update to v0.9.0 release
  Resolves: RHEL-42590
 - Fix SHA-1 algorithm availability
-  Resolves: RHEL-46754
+  Resolves: RHEL-46788
-* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 0.8.1-6
+* Tue Nov 22 2022 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.8.0-1
 - Bump release for June 2024 mass rebuild
 * Sun Jan 28 2024 Peter Robinson <pbrobinson@fedoraproject.org> - 0.8.1-5
 - Use tpm2-tss to provide tss account
 * Sat Jan 27 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.1-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
 * Wed Aug 16 2023 Stefan Berger <stefanb@linux.ibm.com> - 0.8.1-3
 - Build for i686 again since dependency issue resolved
 * Tue Aug 15 2023 Stefan Berger <stefanb@linux.ibm.com> - 0.8.1-2
 - Don't build tools-pkcs11 for i686 since python-tpm2-pytss is not built for it
 - Set license to BSD-3-Clause for all packages
 * Tue Aug 15 2023 Stefan Berger <stefanb@linux.ibm.com> - 0.8.1-1
 - Update to v0.8.1 release
 * Sat Jul 22 2023 Adam Williamson <awilliam@redhat.com> - 0.8.0-7
 - Make swtpm-selinux Requires(post) swtpm (#2223276)
 * Thu Jul 20 2023 Stefan Berger <stefanb@linux.ibm.com> - 0.8.0-6
 - Added a 'Requires' on swtpm for swtpm-selinux package
 * Wed Jul 19 2023 Stefan Berger <stefanb@linux.ibm.com> - 0.8.0-4
 - Split off SELinux policy into swtpm-selinux
 * Mon May 15 2023 Yaakov Selkowitz <yselkowi@redhat.com> - 0.8.0-4
 - Remove trousers dependency from RHEL builds
 * Sat Jan 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.0-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
 * Thu Nov 10 2022 Stefan Berger <stefanb@linux.ibm.com> - 0.8.0-2
 - Adding patch needed on Rawhide build servers only
 * Thu Nov 10 2022 Stefan Berger <stefanb@linux.ibm.com> - 0.8.0-1
 - Update to v0.8.0 release
  Resolves: rhbz#2092944
-* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.3-2.20220427gitf2268ee
+* Fri Jun 17 2022 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.0-3.20211109gitb79fd91
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+- Disable OpenSSL FIPS mode to avoid libtpms failures
  Resolves: rhbz#2090219
-* Wed Apr 27 2022 Stefan Berger <stefanb@linux.ibm.com> - 0.7.3-1.20220427gitf2268ee
+* Mon Feb 21 2022 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.0-2.20211109gitb79fd91
- Update to v0.7.3 release
+- Add fix for CVE-2022-23645.
  Resolves: rhbz#2056518
-* Mon Mar 07 2022 Stefan Berger <stefanb@linux.ibm.com> - 0.7.2-1.20220307git21c90c1
+* Fri Nov 12 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.0-1.20211109gitb79fd91
 - Update to v0.7.2 release
 * Fri Feb 18 2022 Stefan Berger <stefanb@linux.ibm.com> - 0.7.1-1.20220218git92a7035
 - Update to v0.7.1 release
 * Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.0-2.20211109gitb79fd91
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
 * Tue Nov 09 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.7.0-1.20211109gitb79fd91
 - Update to v0.7.0 release
  Resolves: rhbz#2021580 & rhbz#1990153
-* Tue Sep 21 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.6.1-1.20210921git98187d2
+* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 0.6.0-3.20210607gitea627b3
- Update to v0.6.1 release
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
-
+  Related: rhbz#1991688
 * Thu Sep 16 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.6.1-0.20210916gita0ca7c3
 - Build upcoming v0.6.1 that has patch to build with OpenSSL 3.0.0
-* Thu Sep 16 2021 Stefan Berger <stefanb@linux.ibm.com.> - 0.6.0-5.20210607gitea627b3
+* Mon Jul 12 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.6.0-2.20210607gitea627b3
- Applied patch with -Wno-deprecated-declarations for build with OpenSSL 3.0.0
+- rebuilt with AM_* flags patch 
-* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 0.6.0-4.20210607gitea627b3
+* Wed Jun 16 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.6.0-1.20210607gitea627b3
- Rebuilt with OpenSSL 3.0.0
+- new version
 - Fixes: rhbz#1972785
-* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.0-3.20210607gitea627b3
+* Wed Jun 16 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.5.2-7.20201226gite59c0c1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+- Removed trouser dependency (used for vTPM 1.2, unsupported)
 - Fixes: rhbz#1967919
-* Tue Jul 13 2021 Davide Cavalca <dcavalca@fedoraproject.org> - 0.6.0-2.20210706gitea627b
+* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.5.2-6.20201226gite59c0c1
- Add an explicit BuildRequires for python3-devel
+- Rebuilt for RHEL 9 BETA for openssl 3.0
  Related: rhbz#1971065
-* Mon Jun 07 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.6.0-1.20210706gitea627b
+* Tue May 18 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.5.2-5.20201226gite59c0c1
- Update to v0.6.0 release
+- Add -Wno-error=deprecated-declarations to fix build with OpenSSL 3.0.
 - Fixes: rhbz#1958033
-* Fri Jun 04 2021 Python Maint <python-maint@redhat.com> - 0.5.2-4.20201226gite59c0c1
+* Tue Apr 20 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.5.2-4.20201226gite59c0c1
- Rebuilt for Python 3.10
+- Remove unnecessary twisted dependency.
 - Fixes: rhbz#1935825
-* Wed Apr 07 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.5.2-3.20201226gite59c0c1
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.5.2-3.20201226gite59c0c1
- Remove unnecessary python3-twisted dependency
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
 * Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.2-2.20201226gite59c0c1
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
`@ -1 +1 @@`
	`SOURCES/swtpm-0.9.0.tar.gz`	`SOURCES/swtpm-0.8.0.tar.gz`
`@ -1 +1 @@`
	`5488a09e1a93da4d6535fc5654894259c7a794d5 SOURCES/swtpm-0.9.0.tar.gz`	`742e598ae731d3aa7283b104153cfabdc3b73643 SOURCES/swtpm-0.8.0.tar.gz`