SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for swtpm-selinux-0.8.1-2.4.noarch.rpm :

* Thu Oct 19 2023 William Brown - Add missing requires for certtool
* Sat Sep 16 2023 Marcus Meissner - Update to version 0.8.1: - swtpm: - Restore logging to stderr on log open failure - swtpm_setup: - Exit with \'0\' upon --version rather than \'1\'. - Initialized AATTargv in get_swtpm_capabilities() - swtpm_localca: - Add missing NULL option to end of array - SELinux: - Add rules for user_tpm_t:sockfile to allow unlink - Add rules for sock_file on user_tmp_t
* Fri Jun 16 2023 Manfred Hollstein - Make selinux optional to allow building this package for Leap, too.
* Tue May 02 2023 Marcus Meissner - remove python3 dependency, no longer needed after rewrite (bsc#1211010)
* Tue Mar 21 2023 Marcus Meissner - swtpm-fix-build.patch: disable -Wstack-protector, it fails on s390x bsc#1209117
* Mon Mar 06 2023 Alberto Planas Dominguez - Drop trousers requirement
* Mon Mar 06 2023 Alberto Planas Dominguez - Update to version 0.8.0:
* swtpm: + Implement release-lock-outgoing parameter for --migration option + Introduce --migration option and \'incoming\' parameter + Implement terminate parameter for ctrl channel loss + Add a chroot option + Introduce disable-auto-shutdown flag for --flags option + If necessary send TPM2_Shutdown() before TPMLIB_Terminate() + Add some more recent syscalls to seccomp profile + Disable OpenSSL FIPS mode to avoid libtpms failures + Avoid locking directory multiple times + Remove support for pre-v0.1 state files without header + Use uint64_t in tlv_data_append() to avoid integer overflows + Use uint64_t to avoid integer wrap-around when adding a uint32_t + Do not chdir(/) when using --daemon + Check header size indicator against expected size (CVE-2022-23645 bsc#1196240) + Fixes for gcc 12.2.1 -fanalyzer
* build-sys: + Fix configure script to support _FORTIFY_SOURCE=3 + Define __USE_LINUX_IOCTL_DEFS in header file (Cygwin)
* swtpm-localca: + Re-implement variable resolution for swtpm-localca.conf + Test for available issuercert before creating CA
* swtpm_setup: + Configure swtpm to log to stdout/err if needed (glib >=2.74)
* tests: + Use ${WORKDIR} in config files to test env. var replacement + Patch IBM TSS2 test suite for OpenSSL 3.x
* build-sys: + Add probing for -fstack-protector
* Fri Apr 29 2022 Marcus Meissner - Updated to version 0.7.3: - swtpm: - Use uint64_t in tlv_data_append() to avoid integer overflows - Use uint64_t to avoid integer wrap-around when adding a uint32_t- removed allow-FORTIFY_SOURCE=3.patch (upstreamed)
* Wed Apr 06 2022 Martin Liška - Cheery-pick upstream patch allow-FORTIFY_SOURCE=3.patch.
* Wed Mar 09 2022 Wolfgang Frisch - Update to version 0.7.2: - swtpm: - Do not chdir(/) when using --daemon - swtpm-localca: - Re-implement variable resolution for swtpm-localca.conf - tests: - Use ${WORKDIR} in config files to test env. var replacement - man pages: - Add missing .config directory to path description when using ${HOME} - build-sys: - Add probing for -fstack-protector
* Mon Feb 21 2022 Marcus Meissner - Update to version 0.7.1: - swtpm: - Check header size indicator against expected size (CVE-2022-23645 bsc#1196240) - swtpm_localca: - Test for available issuercert before creating CA
* Wed Nov 10 2021 Marcus Meissner - Update to version 0.7.0: - swtpm: - Support for linear file storage backend (file://) - Report \'tpm-1.2\' & \'tpm-2.0\' in --print-capabilities depending what libtpms supports - Add implementation of SWTPM_HMAC using OpenSSL 3.0 APIs - Wipe keys from stack and heap - Many other small changes - Make --daemon not racy - swtpm_setup: - Only activate SHA256 PCR bank, not SHA1 bank anymore by default - Support for linear file storage backend (file://) - Implement option --create-config-files to create config files - Use non-deprecated APIs to contruct RSA key (OSSL 3) - Report stderr as returned by external tool (swtpm-localcal) - Replace \'+\' and \',\' characters in VMId\'s to make work with common name in X509 subject - Add support for --reconfigure flag to change active PCR banks - swtpm_localca: - Created certificates for CAs and TPM that do not expire - swtpm_cert: - Allow passing -1 for days to get a non-expiring certificate - test: - ASAN-related test changes and skipping of tests if ASAN is used - Fix tests using tpm2-abrmd by preventing concurrency - Skip chardev related tests after checking for chardev support - exit with error code if mktemp fails - OSSL 3: Make TPM 1.2 test compile; skip IBM TSS 2 test - build-sys: - Introduce --enable-sanitizers to configure - Remove check for pip3 that was used by python swtpm_setup - Allow passing of aditional CFLAGS during build
* Wed Sep 22 2021 Marcus Meissner - Update to version 0.6.1: - swtpm: - Clear keys from stack and heap - swtpm-localca: - Add missing else branch for pkcs11 and PIN - swtpm_setup: - Initialize Gerror and free it - Replace \'\\\\s\' in regex with [[:space:]] to fix cygwin - tests: - Kill tpm2-abrmd with SIGKILL rather SIGTERM - build-sys: - Use -DOPENSSL_SUPPRESS_DEPRECATED to suppress deprecation warnings (OSSL 3) - Enable configuring with CFLAGS and passing additional CFLAGS on build
* Sat Aug 07 2021 Callum Farmer - Update to version 0.6.0: - Addressed potential symlink attack issue (CVE-2020-28407) - Rewritten in \'C\'; needs json-glib - Use timeouts for communicating with swtpm (Unix socket) - Fix --print-capabilities for \'swtpm chardev\' - Various cleanups and fixes (coverity)- Enable selinux support- Removed swtpm-rename_deprecated_libtasn1_types.patch: upstream- Fix rpmlint errors
* Thu May 20 2021 Pedro Monreal - swtpm_cert: rename deprecated libtasn1 types.
* https://github.com/stefanberger/swtpm/pull/443
* Add swtpm-rename_deprecated_libtasn1_types.patch
 
ICM