SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for swtpm-0.10.0-2.2.i586.rpm :

* Sat Dec 07 2024 Bernhard Wiedemann - Fix build without %check (boo#1227364)
* Wed Dec 04 2024 Alberto Planas Dominguez - Update to 0.10.0: + swtpm:
* Requires libtpms v0.10.0
* Display tpmstate-opt-lock as a new capability
* Add support for lock option parameter to tpmstate option
* nvstore_linear: Add support for file-backend locking
* Remove broken logic to check for neither dir nor file backend
* Use ptm_cap_n to build PTM_GET_CAPABILITY response
* Define a structure to return PTM_GET_CAPABILITY result
* Implement --print-info to run TPMLIB_GetInfo with flags
* Support --profile fd= to read profile from file descriptor
* Support --profile file= to read profile from file
* Ignore remove-disabled parameter on non-\'custom\' profile
* Check for good entropy source in chroot environment
* Implement a check for HMAC+sha1 for testing future restriction
* Implement function to check whether a crypto algorithm is disabled
* Print cmdarg-print-profiles as part of capabilities
* Check whether SHA1 signature support is disabled in profile
* Use TPMLIB_WasManufactured to check whether profile was applied
* Determine whether OpenSSL needs to be configured (FIPs, SHA1 signature)
* Add support for --print-profiles option
* Print profile names as part of capabilities JSON
* Display new capability to allow setting a profile
* Add support for --profile option to set a profile on TPM 2 + swtpm_setup:
* Comment flags for storage primary key and deprecate --create-spk
* Implement --print-profiles to display all profile
* Add profile entries to swtpm_setup.conf written by swtpm_setup
* Add support for --profile-name option
* Accept profiles with name starting with \'custom:\'
* Support default profile from file in swtpm_setup.conf
* Support --profile-file-fd to read profile from file descriptor
* Support --profile-file to read profile from file
* Always log the active profile
* Implement --profile-remove-fips-disabled option
* Read default profile from swtpm_setup.conf
* Print profile names as part of capabilities JSON
* Add support for --profile parameter
* Get default rsa keysize from setup_setup.conf if not given + swtpm_ioctl:
* Use ptm_cap_n for non-CUSE PTM_GET_CAPABILITY response + selinux:
* Change write to append for appending to log
* Add rule for logging to svirt_image_t labeled files from swtpm_t + tests:
* Update IBMTSS2 test suite to v2.4.0
* Test activation of PCR banks when not all are available
* Enable SWTPM_TEST_PROFILE for running test_tpm2_ibmtss2 with profile
* Add a check for OPENSSL_ENABLE_SHA1_SIGNATURES in log file
* Consolidate custom profile test cases and check for StateFormatLevel
* Convert test_samples_create_tpmca to run installed
* Mention test_tpm2_libtpms_versions_profiles requiring env. variables
* allow running ibmtss2 tests against installed version
* Derive support for CUSE from SWTPM_EXE help screen
* Set OPENSSL_ENABLE_SHA1_SIGNATURES=1 for IBMTSS2 test
* Extend test case testing across libtpms versions
* Add test case for testing profiles across libtpms versions
* Test the --profile option of swtpm_setup and swtpm
* teach them to run installed
* add installed-runner.sh
* install tests on the system
* lookup system binaries if INSTALLED is set + build-sys:
* enable 64-bit file API on 32-bit systems
* Add -Wshadow to the CFLAGS
* Require that libtpms v0.10 is available for TPMLIB_SetProfile
* Thu Sep 19 2024 Cathy Hu - Fix swtpm custom module (bsc#1229131) - Add patch: 1229131-fix-swtpm-selinux-policy-mismatch.patch - this can be removed once swtpm upstream sorts out their custom selinux module. see: https://github.com/stefanberger/swtpm/issues/885 there were a couple changes in the selinux-policy libvirt handling which causes the logfile in /var/log/swtpm/libvirt/qemu/
*.log to be labeled virt_log_t instead of var_log_t. this patch allows swtpm_t to open the virt_log_t
* Thu Aug 01 2024 Richard Rahl - update to 0.9.0: - fixes: boo#1226398 - swtpm: - Use umask() to create/truncated state file rather than fchmod() - Use fchmod to set mode bits provided by user - Replace mkstemp with g_mkstemp_full (Coverity) - fix typo in help message - cuse: Fix Coverity complaints regarding locks - Fix double free in error path - Close fd after main loop - Restore logging to stderr on log open failure - swtpm_setup: - Fail --pcr-banks without --tpm2 - Fail --decryption or --allow-signing without --tpm2 - Initialized argv in get_swtpm_capabilities() - Flush spk after persisting to create room for another key - Refactor duplicate code into swtpm_tpm2_write_cert_nvram - Move persisting of certificate into tpm2_persist_certificate - Pass key_type to function creating filename for key - Add scheme parameter before curveid to createprimary_ecc - Rename is_ek to preserve for future extension - Mask-out EK and plaform certificate flags and set cert_flags - Move common code into new function read_certificate_file() - Exit with \'0\' upon --version rather than \'1\' - Close file descriptors passed to swtpm process on parent side - Make stdout unbuffered - Use medium duration on TSC_PhysicalPresence to avoid timeouts - Add poll() after write() and before read() to detect errors - swtpm_localca: - Add support for up to 20 bytes serial numbers - Introduce --key as more generic alias for --ek - Add missing NULL option to end of array - Make stdout unbuffered - swtpm_cert: - Add support for serial numbers up to 20 bytes long - swtpm_ioctl: - Separate return code from flags - Repeatedly call PTM_GET_INFO for long responses - selinux: - Re-add rule for svirt_tcg_t and user_tmp_t:sock_file (virt-install) - New SELinux policy that requires Fedora 40 or later - tests: - Fixed occurrences of stray \'\' before \'-\' - Rearrange order of test cases to run some also as \'root\' - Add tests for command line options and combinations of options - Add softhsm_setup to shellcheck\'ed files and fix issues - Add missing \'exit 1\' on unexpected file size on --reconfigure - Add test cases for swtpm_cert with max serial number - Fix spelling mistakes - reformat regexs for easier readability and extension - ibmtss2: Add patch to disable x509 test with older libtpms - Upgrade to ibmtss2 v2.0.1 - Fixed several issues detected by shellcheck - build-sys: - Add support for --disable-tests to disable tests - Display GMP_LIBS and GMP_CFLAGS - Only display warning if pkg-config for gmp fails - Add gmp library and devel package as dependency - use PKG_CHECK_MODULES to check libtpms version
* Thu Oct 19 2023 William Brown - Add missing requires for certtool
* Sat Sep 16 2023 Marcus Meissner - Update to version 0.8.1: - swtpm: - Restore logging to stderr on log open failure - swtpm_setup: - Exit with \'0\' upon --version rather than \'1\'. - Initialized AATTargv in get_swtpm_capabilities() - swtpm_localca: - Add missing NULL option to end of array - SELinux: - Add rules for user_tpm_t:sockfile to allow unlink - Add rules for sock_file on user_tmp_t
* Fri Jun 16 2023 Manfred Hollstein - Make selinux optional to allow building this package for Leap, too.
* Tue May 02 2023 Marcus Meissner - remove python3 dependency, no longer needed after rewrite (bsc#1211010)
* Tue Mar 21 2023 Marcus Meissner - swtpm-fix-build.patch: disable -Wstack-protector, it fails on s390x bsc#1209117
* Mon Mar 06 2023 Alberto Planas Dominguez - Drop trousers requirement
* Mon Mar 06 2023 Alberto Planas Dominguez - Update to version 0.8.0:
* swtpm: + Implement release-lock-outgoing parameter for --migration option + Introduce --migration option and \'incoming\' parameter + Implement terminate parameter for ctrl channel loss + Add a chroot option + Introduce disable-auto-shutdown flag for --flags option + If necessary send TPM2_Shutdown() before TPMLIB_Terminate() + Add some more recent syscalls to seccomp profile + Disable OpenSSL FIPS mode to avoid libtpms failures + Avoid locking directory multiple times + Remove support for pre-v0.1 state files without header + Use uint64_t in tlv_data_append() to avoid integer overflows + Use uint64_t to avoid integer wrap-around when adding a uint32_t + Do not chdir(/) when using --daemon + Check header size indicator against expected size (CVE-2022-23645 bsc#1196240) + Fixes for gcc 12.2.1 -fanalyzer
* build-sys: + Fix configure script to support _FORTIFY_SOURCE=3 + Define __USE_LINUX_IOCTL_DEFS in header file (Cygwin)
* swtpm-localca: + Re-implement variable resolution for swtpm-localca.conf + Test for available issuercert before creating CA
* swtpm_setup: + Configure swtpm to log to stdout/err if needed (glib >=2.74)
* tests: + Use ${WORKDIR} in config files to test env. var replacement + Patch IBM TSS2 test suite for OpenSSL 3.x
* build-sys: + Add probing for -fstack-protector
* Fri Apr 29 2022 Marcus Meissner - Updated to version 0.7.3: - swtpm: - Use uint64_t in tlv_data_append() to avoid integer overflows - Use uint64_t to avoid integer wrap-around when adding a uint32_t- removed allow-FORTIFY_SOURCE=3.patch (upstreamed)
* Wed Apr 06 2022 Martin Liška - Cheery-pick upstream patch allow-FORTIFY_SOURCE=3.patch.
* Wed Mar 09 2022 Wolfgang Frisch - Update to version 0.7.2: - swtpm: - Do not chdir(/) when using --daemon - swtpm-localca: - Re-implement variable resolution for swtpm-localca.conf - tests: - Use ${WORKDIR} in config files to test env. var replacement - man pages: - Add missing .config directory to path description when using ${HOME} - build-sys: - Add probing for -fstack-protector
* Mon Feb 21 2022 Marcus Meissner - Update to version 0.7.1: - swtpm: - Check header size indicator against expected size (CVE-2022-23645 bsc#1196240) - swtpm_localca: - Test for available issuercert before creating CA
  
ICM