commit 8343d229c35419b6be0e17e20c655d001454ce7c Author: James Antill Date: Mon Aug 8 14:11:11 2022 -0400 Import rpm: fa86fe1793a70fb2ba2e7b33f169ba75193b6c85 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..3f1ad53 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/swtpm-b79fd91.tar.gz diff --git a/0001-swtpm-Check-header-size-indicator-against-expected-s.patch b/0001-swtpm-Check-header-size-indicator-against-expected-s.patch new file mode 100644 index 0000000..9a962c3 --- /dev/null +++ b/0001-swtpm-Check-header-size-indicator-against-expected-s.patch @@ -0,0 +1,54 @@ +From 9f740868fc36761de27df3935513bdebf8852d19 Mon Sep 17 00:00:00 2001 +From: Stefan Berger +Date: Wed, 16 Feb 2022 11:17:47 -0500 +Subject: [PATCH] swtpm: Check header size indicator against expected size (CID + 375869) + +This fix addresses Coverity issue CID 375869. + +Check the header size indicated in the header of the state against the +expected size and return an error code in case the header size indicator +is different. There was only one header size so far since blobheader was +introduced, so we don't need to deal with different sizes. + +Without this fix a specially craft header could have cause out-of-bounds +accesses on the byte array containing the swtpm's state. + +Signed-off-by: Stefan Berger +--- + src/swtpm/swtpm_nvstore.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +diff --git a/src/swtpm/swtpm_nvstore.c b/src/swtpm/swtpm_nvstore.c +index 437088370e11..144d8975ec54 100644 +--- a/src/swtpm/swtpm_nvstore.c ++++ b/src/swtpm/swtpm_nvstore.c +@@ -1075,6 +1075,7 @@ SWTPM_NVRAM_CheckHeader(unsigned char *data, uint32_t length, + uint8_t *hdrversion, bool quiet) + { + blobheader *bh = (blobheader *)data; ++ uint16_t hdrsize; + + if (length < sizeof(bh)) { + if (!quiet) +@@ -1100,8 +1101,16 @@ SWTPM_NVRAM_CheckHeader(unsigned char *data, uint32_t length, + return TPM_BAD_VERSION; + } + ++ hdrsize = ntohs(bh->hdrsize); ++ if (hdrsize != sizeof(blobheader)) { ++ logprintf(STDERR_FILENO, ++ "bad header size: %u != %zu\n", ++ hdrsize, sizeof(blobheader)); ++ return TPM_BAD_DATASIZE; ++ } ++ + *hdrversion = bh->version; +- *dataoffset = ntohs(bh->hdrsize); ++ *dataoffset = hdrsize; + *hdrflags = ntohs(bh->flags); + + return TPM_SUCCESS; +-- +2.34.1.428.gdcc0cd074f0c + diff --git a/0001-swtpm-Disable-OpenSSL-FIPS-mode-to-avoid-libtpms-fai.patch b/0001-swtpm-Disable-OpenSSL-FIPS-mode-to-avoid-libtpms-fai.patch new file mode 100644 index 0000000..815608d --- /dev/null +++ b/0001-swtpm-Disable-OpenSSL-FIPS-mode-to-avoid-libtpms-fai.patch @@ -0,0 +1,279 @@ +From a39c3792ba5677f25fea903b9f1a43740a5f2c0c Mon Sep 17 00:00:00 2001 +From: Stefan Berger +Date: Wed, 8 Jun 2022 09:19:07 -0400 +Subject: [PATCH] swtpm: Disable OpenSSL FIPS mode to avoid libtpms failures + +While libtpms does not provide any means to disable FIPS-disabled crypto +algorithms from being used, work around the issue by simply disabling the +FIPS mode of OpenSSL if it is enabled. If it cannot be disabled, exit +swtpm with a failure message that it cannot be disabled. If FIPS mode +was successfully disabled, print out a message as well. + +Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=2090219 +Signed-off-by: Stefan Berger +--- + configure.ac | 9 ++++ + src/swtpm/Makefile.am | 2 + + src/swtpm/cuse_tpm.c | 5 ++ + src/swtpm/fips.c | 100 ++++++++++++++++++++++++++++++++++++++ + src/swtpm/fips.h | 43 ++++++++++++++++ + src/swtpm/swtpm.c | 3 ++ + src/swtpm/swtpm_chardev.c | 3 ++ + src/swtpm/utils.h | 2 + + 8 files changed, 167 insertions(+) + create mode 100644 src/swtpm/fips.c + create mode 100644 src/swtpm/fips.h + +diff --git a/configure.ac b/configure.ac +index ad3054e..30288c7 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -156,6 +156,15 @@ openssl) + AC_MSG_RESULT([Building with openssl crypto library]) + LIBCRYPTO_LIBS=$(pkg-config --libs libcrypto) + AC_SUBST([LIBCRYPTO_LIBS]) ++ AC_CHECK_HEADERS([openssl/fips.h], ++ [AC_DEFINE_UNQUOTED([HAVE_OPENSSL_FIPS_H], 1, ++ [whether openssl/fips.h is available])] ++ ) ++ AC_CHECK_LIB(crypto, ++ [FIPS_mode_set], ++ [AC_DEFINE_UNQUOTED([HAVE_OPENSSL_FIPS_MODE_SET_API], 1, ++ [whether FIPS_mode_set API is available])] ++ ) + ;; + esac + +diff --git a/src/swtpm/Makefile.am b/src/swtpm/Makefile.am +index 5454a6f..2a65950 100644 +--- a/src/swtpm/Makefile.am ++++ b/src/swtpm/Makefile.am +@@ -11,6 +11,7 @@ noinst_HEADERS = \ + capabilities.h \ + common.h \ + ctrlchannel.h \ ++ fips.h \ + key.h \ + locality.h \ + logging.h \ +@@ -40,6 +41,7 @@ libswtpm_libtpms_la_SOURCES = \ + capabilities.c \ + common.c \ + ctrlchannel.c \ ++ fips.c \ + key.c \ + logging.c \ + mainloop.c \ +diff --git a/src/swtpm/cuse_tpm.c b/src/swtpm/cuse_tpm.c +index 9dbc00d..3026e26 100644 +--- a/src/swtpm/cuse_tpm.c ++++ b/src/swtpm/cuse_tpm.c +@@ -1695,6 +1695,11 @@ int swtpm_cuse_main(int argc, char **argv, const char *prgname, const char *ifac + goto exit; + } + ++ if (disable_fips_mode() < 0) { ++ ret = -1; ++ goto exit; ++ } ++ + if (tpmlib_register_callbacks(&cbs) != TPM_SUCCESS) { + ret = -1; + goto exit; +diff --git a/src/swtpm/fips.c b/src/swtpm/fips.c +new file mode 100644 +index 0000000..eeb2a0c +--- /dev/null ++++ b/src/swtpm/fips.c +@@ -0,0 +1,100 @@ ++/* ++ * fips.c -- FIPS mode related functions ++ * ++ * (c) Copyright IBM Corporation 2022. ++ * ++ * Author: Stefan Berger ++ * ++ * All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions are ++ * met: ++ * ++ * Redistributions of source code must retain the above copyright notice, ++ * this list of conditions and the following disclaimer. ++ * ++ * Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * ++ * Neither the names of the IBM Corporation nor the names of its ++ * contributors may be used to endorse or promote products derived from ++ * this software without specific prior written permission. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ++ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT ++ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR ++ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT ++ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT ++ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, ++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY ++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE ++ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ */ ++ ++#include "config.h" ++ ++#include "fips.h" ++#include "logging.h" ++ ++#if defined(HAVE_OPENSSL_FIPS_H) ++# include ++#elif defined(HAVE_OPENSSL_FIPS_MODE_SET_API) ++/* Cygwin has no fips.h but API exists */ ++extern int FIPS_mode(void); ++extern int FIPS_mode_set(int); ++#endif ++ ++#if OPENSSL_VERSION_NUMBER >= 0x30000000L ++# include ++#endif ++ ++#include ++ ++/* ++ * disable_fips_mode: If possible, disable FIPS mode to avoid libtpms failures ++ * ++ * While libtpms does not provide a solution to disable deactivated algorithms ++ * avoid libtpms failures due to FIPS mode enablement by disabling FIPS mode. ++ * ++ * Returns < 0 on error, 0 otherwise. ++ */ ++#if defined(HAVE_OPENSSL_FIPS_H) || defined(HAVE_OPENSSL_FIPS_MODE_SET_API) ++int disable_fips_mode(void) ++{ ++#if OPENSSL_VERSION_NUMBER >= 0x30000000L ++ int mode = EVP_default_properties_is_fips_enabled(NULL); ++#else ++ int mode = FIPS_mode(); ++#endif ++ int ret = 0; ++ ++ if (mode != 0) { ++#if OPENSSL_VERSION_NUMBER >= 0x30000000L ++ int rc = EVP_default_properties_enable_fips(NULL, 0); ++#else ++ int rc = FIPS_mode_set(0); ++#endif ++ if (rc == 1) { ++ logprintf(STDOUT_FILENO, ++ "Warning: Disabled OpenSSL FIPS mode\n"); ++ } else { ++ unsigned long err = ERR_get_error(); ++ logprintf(STDERR_FILENO, ++ "Failed to disable OpenSSL FIPS mode: %s\n", ++ ERR_error_string(err, NULL)); ++ ret = -1; ++ } ++ } ++ return ret; ++} ++#else ++/* OpenBSD & DragonFlyBSD case */ ++int disable_fips_mode(void) ++{ ++ return 0; ++} ++#endif +diff --git a/src/swtpm/fips.h b/src/swtpm/fips.h +new file mode 100644 +index 0000000..14d4e9f +--- /dev/null ++++ b/src/swtpm/fips.h +@@ -0,0 +1,43 @@ ++/* ++ * fips.h -- FIPS mode related functions ++ * ++ * (c) Copyright IBM Corporation 2015. ++ * ++ * Author: Stefan Berger ++ * ++ * All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions are ++ * met: ++ * ++ * Redistributions of source code must retain the above copyright notice, ++ * this list of conditions and the following disclaimer. ++ * ++ * Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * ++ * Neither the names of the IBM Corporation nor the names of its ++ * contributors may be used to endorse or promote products derived from ++ * this software without specific prior written permission. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ++ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT ++ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR ++ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT ++ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT ++ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, ++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY ++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE ++ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ */ ++ ++#ifndef _SWTPM_UTILS_H_ ++#define _SWTPM_UTILS_H_ ++ ++int disable_fips_mode(void); ++ ++#endif /* _SWTPM_UTILS_H_ */ +diff --git a/src/swtpm/swtpm.c b/src/swtpm/swtpm.c +index 722a743..e618c56 100644 +--- a/src/swtpm/swtpm.c ++++ b/src/swtpm/swtpm.c +@@ -521,6 +521,9 @@ int swtpm_main(int argc, char **argv, const char *prgname, const char *iface) + daemonize_finish(); + } + ++ if (disable_fips_mode() < 0) ++ goto error_seccomp_profile; ++ + rc = mainLoop(&mlp, notify_fd[0]); + + error_seccomp_profile: +diff --git a/src/swtpm/swtpm_chardev.c b/src/swtpm/swtpm_chardev.c +index 9710927..ab6d8fd 100644 +--- a/src/swtpm/swtpm_chardev.c ++++ b/src/swtpm/swtpm_chardev.c +@@ -573,6 +573,9 @@ int swtpm_chardev_main(int argc, char **argv, const char *prgname, const char *i + daemonize_finish(); + } + ++ if (disable_fips_mode() < 0) ++ goto error_seccomp_profile; ++ + rc = mainLoop(&mlp, notify_fd[0]); + + error_seccomp_profile: +diff --git a/src/swtpm/utils.h b/src/swtpm/utils.h +index 7502442..b8acd89 100644 +--- a/src/swtpm/utils.h ++++ b/src/swtpm/utils.h +@@ -71,4 +71,6 @@ ssize_t writev_full(int fd, const struct iovec *iov, int iovcnt); + + ssize_t read_eintr(int fd, void *buffer, size_t buflen); + ++int disable_fips_mode(void); ++ + #endif /* _SWTPM_UTILS_H_ */ +-- +2.36.1 + diff --git a/README.md b/README.md new file mode 100644 index 0000000..b023f31 --- /dev/null +++ b/README.md @@ -0,0 +1,3 @@ +# swtpm + +The swtpm package \ No newline at end of file diff --git a/gating.yaml b/gating.yaml new file mode 100644 index 0000000..86fa727 --- /dev/null +++ b/gating.yaml @@ -0,0 +1,8 @@ +# recipients: yanqzhan +--- !Policy +product_versions: + - rhel-9 +decision_context: osci_compose_gate +subject_type: brew-build +rules: + - !PassingTestCaseRule {test_case_name: libvirt-ci.swtpm.brew-build.gating.x86_64.tier1.functional} diff --git a/sources b/sources new file mode 100644 index 0000000..5c54e4d --- /dev/null +++ b/sources @@ -0,0 +1 @@ +SHA1 (swtpm-b79fd91.tar.gz) = b79a2d005663868139f0678cddeecf70278ec219 diff --git a/swtpm.spec b/swtpm.spec new file mode 100644 index 0000000..e3d10c6 --- /dev/null +++ b/swtpm.spec @@ -0,0 +1,247 @@ +%bcond_without gnutls + +%global gitdate 20211109 +%global gitcommit b79fd91c4b4a74c9c5027b517c5036952c5525db +%global gitshortcommit %(c=%{gitcommit}; echo ${c:0:7}) + +# Macros needed by SELinux +%global selinuxtype targeted +%global moduletype contrib +%global modulename swtpm + +Summary: TPM Emulator +Name: swtpm +Version: 0.7.0 +Release: 1.%{gitdate}git%{gitshortcommit}%{?dist} +License: BSD +Url: http://github.com/stefanberger/swtpm +Source0: %{url}/archive/%{gitcommit}/%{name}-%{gitshortcommit}.tar.gz +ExcludeArch: i686 + +BuildRequires: make +BuildRequires: git-core +BuildRequires: automake +BuildRequires: autoconf +BuildRequires: libtool +BuildRequires: libtpms-devel >= 0.6.0 +BuildRequires: expect +BuildRequires: net-tools +BuildRequires: openssl-devel +BuildRequires: socat +BuildRequires: softhsm +BuildRequires: json-glib-devel +%if %{with gnutls} +BuildRequires: gnutls >= 3.4.0 +BuildRequires: gnutls-devel +BuildRequires: gnutls-utils +BuildRequires: libtasn1-devel +BuildRequires: libtasn1 +%endif +BuildRequires: selinux-policy-devel +BuildRequires: gcc +BuildRequires: libseccomp-devel +BuildRequires: tpm2-tools tpm2-abrmd +BuildRequires: python3-devel + +Requires: %{name}-libs = %{version}-%{release} +Requires: libtpms >= 0.6.0 +%{?selinux_requires} + +%description +TPM emulator built on libtpms providing TPM functionality for QEMU VMs + +%package libs +Summary: Private libraries for swtpm TPM emulators +License: BSD + +%description libs +A private library with callback functions for libtpms based swtpm TPM emulator + +%package devel +Summary: Include files for the TPM emulator's CUSE interface for usage by clients +License: BSD +Requires: %{name}-libs%{?_isa} = %{version}-%{release} + +%description devel +Include files for the TPM emulator's CUSE interface. + +%package tools +Summary: Tools for the TPM emulator +License: BSD +Requires: swtpm = %{version}-%{release} +Requires: bash gnutls-utils + +%description tools +Tools for the TPM emulator from the swtpm package + +%package tools-pkcs11 +Summary: Tools for creating a local CA based on a TPM pkcs11 device +License: BSD +Requires: swtpm-tools = %{version}-%{release} +Requires: tpm2-tools tpm2-abrmd +Requires: expect gnutls-utils + +%description tools-pkcs11 +Tools for creating a local CA based on a pkcs11 device + +%prep +%autosetup -S git -n %{name}-%{gitcommit} -p1 + +%build + +NOCONFIGURE=1 ./autogen.sh +%configure \ +%if %{with gnutls} + --with-gnutls \ +%endif + --without-cuse \ + --without-tpm1 + +%make_build V=1 + +%check +make %{?_smp_mflags} check VERBOSE=1 + +%install + +%make_install +rm -f $RPM_BUILD_ROOT%{_libdir}/%{name}/*.{a,la,so} + +%post +for pp in /usr/share/selinux/packages/swtpm.pp \ + /usr/share/selinux/packages/swtpm_svirt.pp; do + %selinux_modules_install -s %{selinuxtype} ${pp} +done +restorecon %{_bindir}/swtpm + +%postun +if [ $1 -eq 0 ]; then + for p in swtpm swtpm_svirt; do + %selinux_modules_uninstall -s %{selinuxtype} $p + done +fi + +%posttrans +%selinux_relabel_post -s %{selinuxtype} + +%ldconfig_post libs +%ldconfig_postun libs + +%files +%license LICENSE +%doc README +%{_bindir}/swtpm +%{_mandir}/man8/swtpm.8* +%{_datadir}/selinux/packages/swtpm.pp +%{_datadir}/selinux/packages/swtpm_svirt.pp + +%files libs +%license LICENSE +%doc README + +%dir %{_libdir}/%{name} +%{_libdir}/%{name}/libswtpm_libtpms.so.0 +%{_libdir}/%{name}/libswtpm_libtpms.so.0.0.0 + +%files devel +%dir %{_includedir}/%{name} +%{_includedir}/%{name}/*.h +%{_mandir}/man3/swtpm_ioctls.3* + +%files tools +%doc README +%{_bindir}/swtpm_bios +%if %{with gnutls} +%{_bindir}/swtpm_cert +%endif +%{_bindir}/swtpm_setup +%{_bindir}/swtpm_ioctl +%{_bindir}/swtpm_localca +%{_mandir}/man8/swtpm_bios.8* +%{_mandir}/man8/swtpm_cert.8* +%{_mandir}/man8/swtpm_ioctl.8* +%{_mandir}/man8/swtpm-localca.conf.8* +%{_mandir}/man8/swtpm-localca.options.8* +%{_mandir}/man8/swtpm-localca.8* +%{_mandir}/man8/swtpm_localca.8* +%{_mandir}/man8/swtpm_setup.8* +%{_mandir}/man8/swtpm_setup.conf.8* +%config(noreplace) %{_sysconfdir}/swtpm_setup.conf +%config(noreplace) %{_sysconfdir}/swtpm-localca.options +%config(noreplace) %{_sysconfdir}/swtpm-localca.conf +%dir %{_datadir}/swtpm +%{_datadir}/swtpm/swtpm-localca +%{_datadir}/swtpm/swtpm-create-user-config-files +%attr( 750, tss, root) %{_localstatedir}/lib/swtpm-localca + +%files tools-pkcs11 +%{_mandir}/man8/swtpm-create-tpmca.8* +%{_datadir}/swtpm/swtpm-create-tpmca + +%changelog +* Tue Jan 04 2022 Marc-André Lureau - 0.7.0-1.20211109gitb79fd91 +- Rebase to 0.7.0, disable TPM 1.2. + Resovles: rhbz#2029612 + +* Thu Sep 16 2021 Marc-André Lureau - 0.6.0-2.20210607gitea627b3 +- rebuilt with missing CFLAGS fix. + +* Mon Jun 28 2021 Marc-André Lureau - 0.6.0-1.20210607gitea627b3 +- Update to 0.6.0. + Resolves: rhbz#1972783 + +* Tue Dec 1 20:40:07 +04 2020 Marc-André Lureau - 0.4.2-1.20201201git2df14e3 +- Update to 0.4.2, to address potential symlink vulnerabilities (CVE-2020-28407). + Resolves: rhbz#1906043 + +* Thu Sep 24 2020 Marc-André Lureau - 0.4.0-3.20200828git0c238a2 +- swtpm_setup: Add missing .config path when using ${HOME}. Resolves: rhbz#1881418 + +* Thu Sep 17 2020 Marc-André Lureau - 0.4.0-2.20200828git0c238a2 +- Backport fixes from 0.4.0 stable branch. Resolves: rhbz#1868375 + (fixes usage of swtpm-localca with passwords when signing keys) + +* Sat Sep 12 2020 Marc-André Lureau - 0.4.0-1.20200828git0c238a2 +- Update to v0.4.0. Resolves: rhbz#1868375 + +* Thu May 28 2020 Marc-André Lureau - 0.3.0-1.20200218git74ae43b +- Update to v0.3.0. Fixes rhbz#1809778 +- exclude i686 build + +* Mon Jan 27 2020 Marc-André Lureau - 0.2.0-2.20200127gitff5a83b +- Update to latest 0.2-stable branch, fix random test failure. rhbz#1782451 + +* Fri Oct 18 2019 Marc-André Lureau - 0.2.0-1.20191018git9227cf4 +- rebuilt + +* Tue Aug 13 2019 Marc-André Lureau - 0.1.0-1.20190425gitca85606.1 +- Fix SELinux labels on /usr/bin/swtpm installation rhbz#1739994 + +* Thu Apr 25 2019 Stefan Berger - 0.1.0-0.20190425gitca85606 +- pick up bug fixes + +* Mon Feb 04 2019 Stefan Berger - 0.1.0-0.20190204git2c25d13.1 +- v0.1.0 release of swtpm + +* Sun Feb 03 2019 Fedora Release Engineering - 0.1.0-0.20181212git8b9484a.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Wed Dec 12 2018 Stefan Berger - 0.1.0-0.20181212git8b9484a +- Follow improvements in swtpm repo primarily related to fixes for 'ubsan' + +* Tue Nov 06 2018 Stefan Berger - 0.1.0-0.20181106git05d8160 +- Follow improvements in swtpm repo +- Remove ownership change of swtpm_setup.sh; have root own the file as required + +* Wed Oct 31 2018 Stefan Berger - 0.1.0-0.20181031gitc782a85 +- Follow improvements and fixes in swtpm + +* Tue Oct 02 2018 Stefan Berger - 0.1.0-0.20181002git0143c41 +- Fixes to SELinux policy +- Improvements on various other parts +* Tue Sep 25 2018 Stefan Berger - 0.1.0-0.20180924gitce13edf +- Initial Fedora build +* Mon Sep 17 2018 Stefan Berger - 0.1.0-0.20180918git67d7ea3 +- Created initial version of rpm spec files +- Version is now 0.1.0 +- Bugzilla for this spec: https://bugzilla.redhat.com/show_bug.cgi?id=1611829