- Drop trousers requirement
- Update to version 0.8.0:
* swtpm:
+ Implement release-lock-outgoing parameter for --migration option
+ Introduce --migration option and 'incoming' parameter
+ Implement terminate parameter for ctrl channel loss
+ Add a chroot option
+ Introduce disable-auto-shutdown flag for --flags option
+ If necessary send TPM2_Shutdown() before TPMLIB_Terminate()
+ Add some more recent syscalls to seccomp profile
+ Disable OpenSSL FIPS mode to avoid libtpms failures
+ Avoid locking directory multiple times
+ Remove support for pre-v0.1 state files without header
+ Use uint64_t in tlv_data_append() to avoid integer overflows
+ Use uint64_t to avoid integer wrap-around when adding a uint32_t
+ Do not chdir(/) when using --daemon
+ Check header size indicator against expected size (CVE-2022-23645)
+ Fixes for gcc 12.2.1 -fanalyzer
* build-sys:
+ Fix configure script to support _FORTIFY_SOURCE=3
+ Define __USE_LINUX_IOCTL_DEFS in header file (Cygwin)
* swtpm-localca:
+ Re-implement variable resolution for swtpm-localca.conf
+ Test for available issuercert before creating CA
* swtpm_setup:
+ Configure swtpm to log to stdout/err if needed (glib >=2.74)
* tests:
+ Use ${WORKDIR} in config files to test env. var replacement
+ Patch IBM TSS2 test suite for OpenSSL 3.x
OBS-URL: https://build.opensuse.org/request/show/1069732
OBS-URL: https://build.opensuse.org/package/show/security/swtpm?expand=0&rev=30
- Update to version 0.7.2:
- swtpm:
- Do not chdir(/) when using --daemon
- swtpm-localca:
- Re-implement variable resolution for swtpm-localca.conf
- tests:
- Use ${WORKDIR} in config files to test env. var replacement
- man pages:
- Add missing .config directory to path description when using ${HOME}
- build-sys:
- Add probing for -fstack-protector
OBS-URL: https://build.opensuse.org/request/show/960501
OBS-URL: https://build.opensuse.org/package/show/security/swtpm?expand=0&rev=24
- swtpm:
- Support for linear file storage backend (file://)
- Report 'tpm-1.2' & 'tpm-2.0' in --print-capabilities depending what
libtpms supports
- Add implementation of SWTPM_HMAC using OpenSSL 3.0 APIs
- Wipe keys from stack and heap
- Many other small changes
- Make --daemon not racy
- swtpm_setup:
- Only activate SHA256 PCR bank, not SHA1 bank anymore by default
- Support for linear file storage backend (file://)
- Implement option --create-config-files to create config files
- Use non-deprecated APIs to contruct RSA key (OSSL 3)
- Report stderr as returned by external tool (swtpm-localcal)
- Replace '+' and ',' characters in VMId's to make work with
common name in X509 subject
- Add support for --reconfigure flag to change active PCR banks
- swtpm_localca:
- Created certificates for CAs and TPM that do not expire
- swtpm_cert:
- Allow passing -1 for days to get a non-expiring certificate
- test:
- ASAN-related test changes and skipping of tests if ASAN is used
- Fix tests using tpm2-abrmd by preventing concurrency
- Skip chardev related tests after checking for chardev support
- exit with error code if mktemp fails
- OSSL 3: Make TPM 1.2 test compile; skip IBM TSS 2 test
- build-sys:
- Introduce --enable-sanitizers to configure
OBS-URL: https://build.opensuse.org/package/show/security/swtpm?expand=0&rev=22
- swtpm:
- Clear keys from stack and heap
- swtpm-localca:
- Add missing else branch for pkcs11 and PIN
- swtpm_setup:
- Initialize Gerror and free it
- Replace '\\s' in regex with [[:space:]] to fix cygwin
- tests:
- Kill tpm2-abrmd with SIGKILL rather SIGTERM
- build-sys:
- Use -DOPENSSL_SUPPRESS_DEPRECATED to suppress deprecation warnings (OSSL 3)
- Enable configuring with CFLAGS and passing additional CFLAGS on build
OBS-URL: https://build.opensuse.org/package/show/security/swtpm?expand=0&rev=21
- Update to version 0.5.2
- swtpm:
- Fix potential buffer overflow related to largely unused data hashing
function in control channel
- swtpm: Unconditionally close fd if writing of pidfile fails (coverity)
- swtpm_setup:
- Increase timeout from 10s to 30s for slower machines
- Travis:
- Not building on OS X anymore due to additional costs
OBS-URL: https://build.opensuse.org/request/show/858841
OBS-URL: https://build.opensuse.org/package/show/security/swtpm?expand=0&rev=14
