Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

swtpm-devel-0.9.0-slfo.1.2.9 RPM for x86_64

From OpenSuSE Leap 16.0 for x86_64

Name: swtpm-devel Distribution: SUSE Linux Framework One
Version: 0.9.0 Vendor: SUSE LLC <https://www.suse.com/>
Release: slfo.1.2.9 Build date: Thu Sep 19 12:55:54 2024
Group: Development/Libraries/C and C++ Build host: reproducible
Size: 15342 Source RPM: swtpm-0.9.0-slfo.1.2.9.src.rpm
Packager: https://www.suse.com/
Url: https://github.com/stefanberger/swtpm
Summary: Development files for swtpm
The development files for SWTPM

Provides

Requires

License

BSD-3-Clause

Changelog

* Thu Sep 19 2024 cathy.hu@suse.com
  - Fix swtpm custom module (bsc#1229131)
    - Add patch: 1229131-fix-swtpm-selinux-policy-mismatch.patch
    - this can be removed once swtpm upstream sorts out their custom selinux module.
      see: https://github.com/stefanberger/swtpm/issues/885
      there were a couple changes in the selinux-policy libvirt handling
      which causes the logfile in /var/log/swtpm/libvirt/qemu/*.log to be labeled
      virt_log_t instead of var_log_t. this patch allows swtpm_t to open the virt_log_t
* Thu Aug 01 2024 rrahl0@opensuse.org
  - update to 0.9.0:
    - fixes: boo#1226398
    - swtpm:
    - Use umask() to create/truncated state file rather than fchmod()
    - Use fchmod to set mode bits provided by user
    - Replace mkstemp with g_mkstemp_full (Coverity)
    - fix typo in help message
    - cuse: Fix Coverity complaints regarding locks
    - Fix double free in error path
    - Close fd after main loop
    - Restore logging to stderr on log open failure
    - swtpm_setup:
    - Fail --pcr-banks without --tpm2
    - Fail --decryption or --allow-signing without --tpm2
    - Initialized argv in get_swtpm_capabilities()
    - Flush spk after persisting to create room for another key
    - Refactor duplicate code into swtpm_tpm2_write_cert_nvram
    - Move persisting of certificate into tpm2_persist_certificate
    - Pass key_type to function creating filename for key
    - Add scheme parameter before curveid to createprimary_ecc
    - Rename is_ek to preserve for future extension
    - Mask-out EK and plaform certificate flags and set cert_flags
    - Move common code into new function read_certificate_file()
    - Exit with '0' upon --version rather than '1'
    - Close file descriptors passed to swtpm process on parent side
    - Make stdout unbuffered
    - Use medium duration on TSC_PhysicalPresence to avoid timeouts
    - Add poll() after write() and before read() to detect errors
    - swtpm_localca:
    - Add support for up to 20 bytes serial numbers
    - Introduce --key as more generic alias for --ek
    - Add missing NULL option to end of array
    - Make stdout unbuffered
    - swtpm_cert:
    - Add support for serial numbers up to 20 bytes long
    - swtpm_ioctl:
    - Separate return code from flags
    - Repeatedly call PTM_GET_INFO for long responses
    - selinux:
    - Re-add rule for svirt_tcg_t and user_tmp_t:sock_file (virt-install)
    - New SELinux policy that requires Fedora 40 or later
    - tests:
    - Fixed occurrences of stray '' before '-'
    - Rearrange order of test cases to run some also as 'root'
    - Add tests for command line options and combinations of options
    - Add softhsm_setup to shellcheck'ed files and fix issues
    - Add missing 'exit 1' on unexpected file size on --reconfigure
    - Add test cases for swtpm_cert with max serial number
    - Fix spelling mistakes
    - reformat regexs for easier readability and extension
    - ibmtss2: Add patch to disable x509 test with older libtpms
    - Upgrade to ibmtss2 v2.0.1
    - Fixed several issues detected by shellcheck
    - build-sys:
    - Add support for --disable-tests to disable tests
    - Display GMP_LIBS and GMP_CFLAGS
    - Only display warning if pkg-config for gmp fails
    - Add gmp library and devel package as dependency
    - use PKG_CHECK_MODULES to check libtpms version
* Thu Oct 19 2023 william.brown@suse.com
  - Add missing requires for certtool
* Sat Sep 16 2023 meissner@suse.com
  - Update to version 0.8.1:
    - swtpm:
    - Restore logging to stderr on log open failure
    - swtpm_setup:
    - Exit with '0' upon --version rather than '1'.
    - Initialized @argv in get_swtpm_capabilities()
    - swtpm_localca:
    - Add missing NULL option to end of array
    - SELinux:
    - Add rules for user_tpm_t:sockfile to allow unlink
    - Add rules for sock_file on user_tmp_t
* Fri Jun 16 2023 manfred.h@gmx.net
  - Make selinux optional to allow building this package for Leap, too.
* Tue May 02 2023 meissner@suse.com
  - remove python3 dependency, no longer needed after rewrite (bsc#1211010)
* Tue Mar 21 2023 meissner@suse.com
  - swtpm-fix-build.patch: disable -Wstack-protector, it fails on s390x
    bsc#1209117
* Mon Mar 06 2023 aplanas@suse.com
  - Drop trousers requirement
* Mon Mar 06 2023 aplanas@suse.com
  - Update to version 0.8.0:
    * swtpm:
      + Implement release-lock-outgoing parameter for --migration option
      + Introduce --migration option and 'incoming' parameter
      + Implement terminate parameter for ctrl channel loss
      + Add a chroot option
      + Introduce disable-auto-shutdown flag for --flags option
      + If necessary send TPM2_Shutdown() before TPMLIB_Terminate()
      + Add some more recent syscalls to seccomp profile
      + Disable OpenSSL FIPS mode to avoid libtpms failures
      + Avoid locking directory multiple times
      + Remove support for pre-v0.1 state files without header
      + Use uint64_t in tlv_data_append() to avoid integer overflows
      + Use uint64_t to avoid integer wrap-around when adding a uint32_t
      + Do not chdir(/) when using --daemon
      + Check header size indicator against expected size (CVE-2022-23645 bsc#1196240)
      + Fixes for gcc 12.2.1 -fanalyzer
    * build-sys:
      + Fix configure script to support _FORTIFY_SOURCE=3
      + Define __USE_LINUX_IOCTL_DEFS in header file (Cygwin)
    * swtpm-localca:
      + Re-implement variable resolution for swtpm-localca.conf
      + Test for available issuercert before creating CA
    * swtpm_setup:
      + Configure swtpm to log to stdout/err if needed (glib >=2.74)
    * tests:
      + Use ${WORKDIR} in config files to test env. var replacement
      + Patch IBM TSS2 test suite for OpenSSL 3.x
    * build-sys:
      + Add probing for -fstack-protector
* Fri Apr 29 2022 meissner@suse.com
  - Updated to version 0.7.3:
    - swtpm:
    - Use uint64_t in tlv_data_append() to avoid integer overflows
    - Use uint64_t to avoid integer wrap-around when adding a uint32_t
  - removed allow-FORTIFY_SOURCE=3.patch (upstreamed)
* Wed Apr 06 2022 mliska@suse.cz
  - Cheery-pick upstream patch allow-FORTIFY_SOURCE=3.patch.
* Wed Mar 09 2022 wolfgang.frisch@suse.com
  - Update to version 0.7.2:
    - swtpm:
    - Do not chdir(/) when using --daemon
    - swtpm-localca:
    - Re-implement variable resolution for swtpm-localca.conf
    - tests:
    - Use ${WORKDIR} in config files to test env. var replacement
    - man pages:
    - Add missing .config directory to path description when using ${HOME}
    - build-sys:
    - Add probing for -fstack-protector
* Mon Feb 21 2022 meissner@suse.com
  - Update to version 0.7.1:
    - swtpm:
    - Check header size indicator against expected size (CVE-2022-23645 bsc#1196240)
    - swtpm_localca:
    - Test for available issuercert before creating CA
* Wed Nov 10 2021 meissner@suse.com
  - Update to version 0.7.0:
    - swtpm:
    - Support for linear file storage backend (file://)
    - Report 'tpm-1.2' & 'tpm-2.0' in --print-capabilities depending what
      libtpms supports
    - Add implementation of SWTPM_HMAC using OpenSSL 3.0 APIs
    - Wipe keys from stack and heap
    - Many other small changes
    - Make --daemon not racy
    - swtpm_setup:
    - Only activate SHA256 PCR bank, not SHA1 bank anymore by default
    - Support for linear file storage backend (file://)
    - Implement option --create-config-files to create config files
    - Use non-deprecated APIs to contruct RSA key (OSSL 3)
    - Report stderr as returned by external tool (swtpm-localcal)
    - Replace '+' and ',' characters in VMId's to make work with
      common name in X509 subject
    - Add support for --reconfigure flag to change active PCR banks
    - swtpm_localca:
    - Created certificates for CAs and TPM that do not expire
    - swtpm_cert:
    - Allow passing -1 for days to get a non-expiring certificate
    - test:
    - ASAN-related test changes and skipping of tests if ASAN is used
    - Fix tests using tpm2-abrmd by preventing concurrency
    - Skip chardev related tests after checking for chardev support
    - exit with error code if mktemp fails
    - OSSL 3: Make TPM 1.2 test compile; skip IBM TSS 2 test
    - build-sys:
    - Introduce --enable-sanitizers to configure
    - Remove check for pip3 that was used by python swtpm_setup
    - Allow passing of aditional CFLAGS during build
* Wed Sep 22 2021 meissner@suse.com
  - Update to version 0.6.1:
    - swtpm:
    - Clear keys from stack and heap
    - swtpm-localca:
    - Add missing else branch for pkcs11 and PIN
    - swtpm_setup:
    - Initialize Gerror and free it
    - Replace '\\s' in regex with [[:space:]] to fix cygwin
    - tests:
    - Kill tpm2-abrmd with SIGKILL rather SIGTERM
    - build-sys:
    - Use -DOPENSSL_SUPPRESS_DEPRECATED to suppress deprecation warnings (OSSL 3)
    - Enable configuring with CFLAGS and passing additional CFLAGS on build
* Sat Aug 07 2021 gmbr3@opensuse.org
  - Update to version 0.6.0:
    - Addressed potential symlink attack issue (CVE-2020-28407)
    - Rewritten in 'C'; needs json-glib
    - Use timeouts for communicating with swtpm (Unix socket)
    - Fix --print-capabilities for 'swtpm chardev'
    - Various cleanups and fixes (coverity)
  - Enable selinux support
  - Removed swtpm-rename_deprecated_libtasn1_types.patch: upstream
  - Fix rpmlint errors
* Thu May 20 2021 pmonreal@suse.com
  - swtpm_cert: rename deprecated libtasn1 types.
    * https://github.com/stefanberger/swtpm/pull/443
    * Add swtpm-rename_deprecated_libtasn1_types.patch
* Sun Dec 27 2020 meissner@suse.com
  - Update to version 0.5.2
    - swtpm:
    - Fix potential buffer overflow related to largely unused data hashing
      function in control channel
    - swtpm: Unconditionally close fd if writing of pidfile fails (coverity)
    - swtpm_setup:
    - Increase timeout from 10s to 30s for slower machines
    - Travis:
    - Not building on OS X anymore due to additional costs
* Tue Dec 22 2020 glin@suse.com
  - Use "Requires user(tss)" for the "tss" user and group
* Tue Dec 22 2020 glin@suse.com
  - Create /var/lib/swtpm-localca to store the keys created by
    swtpm-localca (bsc#1179811)
  - Replace net-tools-deprecated with iproute2 since the scripts in
    swtpm now can use 'ss' instead of 'netstat'
* Sun Nov 22 2020 kai.liu@suse.com
  - Update to version 0.5.1
    * swtpm & swtpm_setup:
    - Addressed potential symlink attack issue (CVE-2020-28407)
    * build-sys:
    - Fix configure python cryptography error message
  - Misc. spec file changes.
* Tue Oct 13 2020 kai.liu@suse.com
  - Update Requires and BuildRequires for changes since 0.4.0.
  - Remove patch files that are no longer needed:
    * swtpm-adjust-seccomp-path.patch
    * swtpm-setup-tcsd-path.patch
    * swtpm-tpm-tools-path.patch
  - Update to version 0.5.0
    * swtpm:
    - Write files atomically using a temp file and then renaming
    * swtpm_setup:
    - Removed remaining 'c' wrapper program
    - Do not truncate logfile when testing write-access (regression)
    - Remove TPM state file in case error occurred
    * swtpm-localca:
    - Rewrite in python
    - Allow passing pkcs11 PIN using signingkey_password
    - Allow passing environment variables needed for pkcs11 modules using
      swtpm-localca.conf and format 'env:VARNAME=VALUE'.
    * build-sys:
    - Add python-install and python-uninstall targets
    - Add configure option to disable installation of Python module
    - Use -Wl,-z,relro and -Wl,-z,now only when linking (clang)
    - Use AC_LINK_IFELSE to check whether support for hardening flags
  - Changes from version 0.4.1
    * swtpm_setup:
    - Do not hardcode '/etc' but use SYSCONFDIR
    - Fix support for -h and -? options
    - Add missing .config path when using ${HOME}
    * swtpm-localca:
    - Apply password for signing key when creating platform cert
    - Properly apply passwords for localca signing key
  - Changes from version 0.4.0
    * swtpm:
    - Invoke print capabilities after choosing TPM version
    - Add some recent syscalls to seccomp blacklist
    * swtpm_cert:
    - Support --ecc-curveid option to pass curve id
    * swtpm_setup & related scripts:
    - Rewrite swtpm_setup.sh in python with TPM 1.2 not requiring tcsd
      and TPM tools anymore; new dependencies:
    - python3: pip, cryptography, setuptools
      dropped dependencies for swtpm_setup:
    - tcsd, expect, tpm-tools (some still needed for pkcs11 tests)
    - Added support for RSA 3072 keys (for libtpms-0.8.0) and moved to
      ECC NIST P384 curve; default RSA key size is still 2048
    - Added support for --rsa-keysize option
    - Extend script to create a CA using a TPM 2 for signing
    * tests:
    - Use the IBM TSS2 v1.5.0's test suite
    - Add test case for loading of an NVRAM completely full with keys
    - Have softhsm_setup use temporary directory for softhsm config & state
    - various other improvements
    * man pages:
    - Improvements
    * build-sys:
    - clang: properly test for linker flag 'now' and 'relro'
    - Gentoo: explicitly link libswtpm_libtpms with -lcrypto
    - Ownership of /var/lib/swtpm-localca is now tss:root and
      mode flags 0750.
* Thu Aug 13 2020 kai.liu@suse.com
  - Update to version 0.3.4:
    * swtpm:
    - Fix compilation for cygwin
    * swtpm_setup & swtpm-localca:
    - Get rid of bash's eval when invoking external tools to avoid abuse.
      Only use eval for 'resolving' variables.
    * tests:
    - Various fixes of minor issues
* Thu Jul 30 2020 kai.liu@suse.com
  - Update to version 0.3.3:
    * swtpm_setup:
    - openSUSE: Support tcsd configuration where tss user != tss group,
      such as root/tss; Fedora & Ubuntu for example use tss/tss
    * build-sys:
    - Check whether tss user and group are available
  - Add tss user & group build flags per upstream instruction. This
    together with v0.3.3 fixed the bug with TPM 1.2 emulation.
    Related upstream bug:
      https://github.com/stefanberger/swtpm/issues/284
* Sat Jul 11 2020 kai.liu@suse.com
  - Update to 0.3.2:
    + swtpm:
      + Remove unnecessary #include <seccomp.h> (fixes SuSE build)
      + Make coverity happy by handling default case in case
      statement
    + swtpm_setup:
      + bugfix: Create ECC storage primary key in owner hierarchy
      + bugfix: remove tpm2_stirrandom and tpm2_changeeps
    + tests:
      + Adjusted pcrUpdateCounter in tests to succeed with PCR TCB
      group fixes in libtpms TPM 2 code
* Wed Apr 22 2020 glin@suse.com
  - Update to 0.3.1
    + swtpm: Fix vtpm proxy case without startup flags
    + swtpm: Only call memcpy if tocopy != 0 (coverity)
    + man: Document new startup options and capabilities
      advertisement
    + swtpm: Enable sending startup commands before processing
      commands
    + swtpm_cert: Accept serial numbers that use up to 64bits
    + swtpm_cert: Use getopt_long_only to parse options
    + swtpm_cert: Add support for --print-capabilities option
    + swtpm_cert: Allow passing signing key and parent key via new
      option
    + swtpm_setup: Enable spaces in paths and other variables
    + swtpm_ioctl: Calculate strlen(input) only once
    + swtpm_ioctl: Block SIGPIPE so we can get EPIPE on write()
    + swtpm_bios: Block SIGPIPE so we can get EPIPE on write()
    + swtpm: Only accept() new client ctrl connection if we have none
    + swtpm_setup: Do not fail on future PCR banks' hashes
    + swtpm_setup: Use 1st part of SWTPM_EXE/SWTPM_IOCTL to determine
      executable
    + swtpm_setup: Keep reserved range of file descriptors for
      swtpm_setup.sh
    + swtpm_setup: Log about encryption and fix c&p error in err msg
    + swtpm: Add --print-capabilities to help screen of
      'swtpm chardev'
    + swtpm_ioctl: Fix uninitialized variable 'pgi'
    + swtpm_cert: Use gnutls_x509_crt_get_subject_key_id API call for
      subj keyId
    + swtpm_cert: Fix OIDs for TPM 2 platforms data
    + swtpm: Fix typo in error report: HMAC instead of hash
    + swtpm: Use writev_full rather than writev; fixes --vtpm-proxy
      EIO error
  - Refresh swtpm-setup-tcsd-path.patch
* Fri Jan 03 2020 glin@suse.com
  - Amend swtpm-adjust-seccomp-path.patch to add the missing seccomp
    paths
  - Adjust the conditional check of net-tools-deprecated for SLE15
    and SLE15-SP1
* Thu Sep 05 2019 glin@suse.com
  - Update to 0.2.0
    +Linux: swtpm now runs with a seccomp profile (blacklist) if
      compiled with libseccomp support
    + Added subpport for passing key and passphrase via file
      descriptor
    + TPM 2 commands can now be prefixed by 'the TCG header' and
      responses will have a 4-byte prefix and 4-byte suffix.
    + Added --print-capabilities command line option
    + Proper handling on EINTR on read, poll, and write
  - Patches to adjust the pathes
    + swtpm-tpm-tools-path.patch
    + swtpm-setup-tcsd-path.patch
    + swtpm-adjust-seccomp-path.patch
* Tue May 15 2018 glin@suse.com
  - Initial import: 0.1.0-dev2

Files

/usr/include/swtpm
/usr/include/swtpm/tpm_ioctl.h
/usr/lib64/swtpm/libswtpm_libtpms.so
/usr/share/man/man3/swtpm_ioctls.3.gz


Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Nov 12 00:02:43 2024