From 43eb6ce167475f730b9a18e6e55cf353ab794e78 Mon Sep 17 00:00:00 2001 From: Stefan Berger Date: Sat, 14 Nov 2020 09:21:39 -0500 Subject: [PATCH] Update to v0.5.1 addressing potential symlink attack issue (CVE-2020-28407) --- .gitignore | 1 + sources | 2 +- swtpm.spec | 11 +++++++---- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index 5a8f2b0..8df4b81 100644 --- a/.gitignore +++ b/.gitignore @@ -16,3 +16,4 @@ /swtpm-80f0418.tar.gz /swtpm-0c238a2.tar.gz /swtpm-b931e10.tar.gz +/swtpm-390f5bd.tar.gz diff --git a/sources b/sources index b3c53df..dcae9b0 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (swtpm-b931e10.tar.gz) = 33ff6edb06aa73f5f55dcabb753503877db4e656c91e5b22b4352b50ad386dff6f8c9a5e66e0f7f371f931379760bb108ccf2e704b7d1067e3b56ba472308f48 +SHA512 (swtpm-390f5bd.tar.gz) = 19f865ee3194e91c94d4d8795fe75f9e43e8237096a5c266d5b53b58642d7ca36e6857340b93e74266414f8c8817bbcc587feb0e555c00c5274a151a8682e34f diff --git a/swtpm.spec b/swtpm.spec index abbb96b..e2be0ab 100644 --- a/swtpm.spec +++ b/swtpm.spec @@ -1,7 +1,7 @@ %bcond_without gnutls -%global gitdate 20201007 -%global gitcommit b931e1098533319f67e789f03c13a767a1772f7b +%global gitdate 20201113 +%global gitcommit 390f5bd48983a644a87af8e640c6474461305608 %global gitshortcommit %(c=%{gitcommit}; echo ${c:0:7}) # Macros needed by SELinux @@ -11,7 +11,7 @@ Summary: TPM Emulator Name: swtpm -Version: 0.5.0 +Version: 0.5.1 Release: 1.%{gitdate}git%{gitshortcommit}%{?dist} License: BSD Url: http://github.com/stefanberger/swtpm @@ -185,7 +185,10 @@ fi %{_datadir}/swtpm/swtpm-create-tpmca %changelog -* Wed Oct 7 2020 Stefan Berger - 0.4.0-1.20201007gitb931e109 +* Fri Nov 13 2020 Stefan Berger - 0.5.1-1.20201007git390f5bd4 +- Update to v0.5.1 addressing potential symlink attack issue (CVE-2020-28407) + +* Wed Oct 7 2020 Stefan Berger - 0.5.0-1.20201007gitb931e109 - Update to v0.5.0 release * Fri Aug 28 2020 Stefan Berger - 0.4.0-1.20200828git0c238a2