Overview Repositories Revisions Requests Users Attributes Meta

Revisions of swtpm

Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1202016 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 20) 
- Fix swtpm custom module (bsc#1229131)
  - Add patch: 1229131-fix-swtpm-selinux-policy-mismatch.patch
  - this can be removed once swtpm upstream sorts out their custom selinux module.
    see: https://github.com/stefanberger/swtpm/issues/885
    there were a couple changes in the selinux-policy libvirt handling
    which causes the logfile in /var/log/swtpm/libvirt/qemu/*.log to be labeled
    virt_log_t instead of var_log_t. this patch allows swtpm_t to open the virt_log_t (forwarded request 1202015 from cahu)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1118837 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 18) 
- Add missing requires for certtool (forwarded request 1118747 from firstyear)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1111638 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 17) 
- Update to version 0.8.1:
  - swtpm:
    -   Restore logging to stderr on log open failure
  - swtpm_setup:
    -   Exit with '0' upon --version rather than '1'.
    -   Initialized @argv in get_swtpm_capabilities()
  - swtpm_localca:
    -   Add missing NULL option to end of array
  - SELinux:
    -   Add rules for user_tpm_t:sockfile to allow unlink
    -   Add rules for sock_file on user_tmp_t (forwarded request 1111637 from msmeissn)
Fabian Vogt's avatar Fabian Vogt (favogt_factory) accepted request 1096892 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 16) 
- Make selinux optional to allow building this package for Leap, too. (forwarded request 1093513 from manfred-h)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1084024 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 15) 
- remove python3 dependency, no longer needed after rewrite (bsc#1211010) (forwarded request 1084023 from msmeissn)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1073549 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 14) 
bsc#1209117 (forwarded request 1073548 from msmeissn)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1069861 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 13) 
- Drop trousers requirement

- Update to version 0.8.0:
  * swtpm:
    + Implement release-lock-outgoing parameter for --migration option
    + Introduce --migration option and 'incoming' parameter
    + Implement terminate parameter for ctrl channel loss
    + Add a chroot option
    + Introduce disable-auto-shutdown flag for --flags option
    + If necessary send TPM2_Shutdown() before TPMLIB_Terminate()
    + Add some more recent syscalls to seccomp profile
    + Disable OpenSSL FIPS mode to avoid libtpms failures
    + Avoid locking directory multiple times
    + Remove support for pre-v0.1 state files without header
    + Use uint64_t in tlv_data_append() to avoid integer overflows
    + Use uint64_t to avoid integer wrap-around when adding a uint32_t
    + Do not chdir(/) when using --daemon
    + Check header size indicator against expected size (CVE-2022-23645 bsc#1196240)
    + Fixes for gcc 12.2.1 -fanalyzer
  * build-sys:
    + Fix configure script to support _FORTIFY_SOURCE=3
    + Define __USE_LINUX_IOCTL_DEFS in header file (Cygwin)
  * swtpm-localca:
    + Re-implement variable resolution for swtpm-localca.conf
    + Test for available issuercert before creating CA
  * swtpm_setup:
    + Configure swtpm to log to stdout/err if needed (glib >=2.74)
  * tests:
    + Use ${WORKDIR} in config files to test env. var replacement
    + Patch IBM TSS2 test suite for OpenSSL 3.x
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 974426 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 12) 
- Updated to version 0.7.3:
  - swtpm:
    - Use uint64_t in tlv_data_append() to avoid integer overflows
    - Use uint64_t to avoid integer wrap-around when adding a uint32_t
- removed allow-FORTIFY_SOURCE=3.patch (upstreamed) (forwarded request 973850 from msmeissn)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 967242 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 11) 
- Cheery-pick upstream patch allow-FORTIFY_SOURCE=3.patch. (forwarded request 967210 from marxin)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 960503 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 10) 
- Update to version 0.7.2:
  - swtpm:
    - Do not chdir(/) when using --daemon
  - swtpm-localca:
    - Re-implement variable resolution for swtpm-localca.conf
  - tests:
    - Use ${WORKDIR} in config files to test env. var replacement
  - man pages:
    - Add missing .config directory to path description when using ${HOME}
  - build-sys:
    - Add probing for -fstack-protector (forwarded request 960501 from wfrisch)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 930649 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 8) 
- Update to version 0.7.0:
  - swtpm:
    - Support for linear file storage backend (file://)
    - Report 'tpm-1.2' & 'tpm-2.0' in --print-capabilities depending what
      libtpms supports
    - Add implementation of SWTPM_HMAC using OpenSSL 3.0 APIs
    - Wipe keys from stack and heap
    - Many other small changes
    - Make --daemon not racy
  - swtpm_setup:
    - Only activate SHA256 PCR bank, not SHA1 bank anymore by default
    - Support for linear file storage backend (file://)
    - Implement option --create-config-files to create config files
    - Use non-deprecated APIs to contruct RSA key (OSSL 3)
    - Report stderr as returned by external tool (swtpm-localcal)
    - Replace '+' and ',' characters in VMId's to make work with
      common name in X509 subject
    - Add support for --reconfigure flag to change active PCR banks
  - swtpm_localca:
    - Created certificates for CAs and TPM that do not expire
  - swtpm_cert:
    - Allow passing -1 for days to get a non-expiring certificate
  - test:
    - ASAN-related test changes and skipping of tests if ASAN is used
    - Fix tests using tpm2-abrmd by preventing concurrency
    - Skip chardev related tests after checking for chardev support
    - exit with error code if mktemp fails
    - OSSL 3: Make TPM 1.2 test compile; skip IBM TSS 2 test
  - build-sys:
    - Introduce --enable-sanitizers to configure
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 920852 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 7) 
- Update to version 0.6.1:
  - swtpm:
    - Clear keys from stack and heap
  - swtpm-localca:
    - Add missing else branch for pkcs11 and PIN
  - swtpm_setup:
    - Initialize Gerror and free it
    - Replace '\\s' in regex with [[:space:]] to fix cygwin
  - tests:
    - Kill tpm2-abrmd with SIGKILL rather SIGTERM
  - build-sys:
    - Use -DOPENSSL_SUPPRESS_DEPRECATED to suppress deprecation warnings (OSSL 3)
    - Enable configuring with CFLAGS and passing additional CFLAGS on build
Richard Brown's avatar Richard Brown (RBrownSUSE) accepted request 912783 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 6) 
Automatic submission by obs-autosubmit
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 858005 from Gary Ching-Pang Lin's avatar Gary Ching-Pang Lin (gary_lin) (revision 3) 
- Create /var/lib/swtpm-localca to store the keys created by swtpm-localca (bsc#1179811)
- Replace net-tools-deprecated with iproute2 since the scripts in swtpm now can use 'ss' instead of 'netstat'
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 844896 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 1) 
add to factory please
Displaying all 20 revisions
openSUSE Build Service is sponsored by
Places