Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

swtpm-selinux-0.8.1-2.3 RPM for noarch

From OpenSuSE Tumbleweed for noarch

Name: swtpm-selinux Distribution: openSUSE Tumbleweed
Version: 0.8.1 Vendor: openSUSE
Release: 2.3 Build date: Sun Feb 4 23:06:46 2024
Group: System/Management Build host: i03-ch2a
Size: 256687 Source RPM: swtpm-0.8.1-2.3.src.rpm
Packager: https://bugs.opensuse.org
Url: https://github.com/stefanberger/swtpm
Summary: SELinux module for the Software TPM emulator
 
This package provides the SELinux module for the Software TPM emulator.

Provides

Requires

License

BSD-3-Clause

Changelog

* Thu Oct 19 2023 William Brown <william.brown@suse.com>
  - Add missing requires for certtool
* Sat Sep 16 2023 Marcus Meissner <meissner@suse.com>
  - Update to version 0.8.1:
    - swtpm:
    - Restore logging to stderr on log open failure
    - swtpm_setup:
    - Exit with '0' upon --version rather than '1'.
    - Initialized @argv in get_swtpm_capabilities()
    - swtpm_localca:
    - Add missing NULL option to end of array
    - SELinux:
    - Add rules for user_tpm_t:sockfile to allow unlink
    - Add rules for sock_file on user_tmp_t
* Fri Jun 16 2023 Manfred Hollstein <manfred.h@gmx.net>
  - Make selinux optional to allow building this package for Leap, too.
* Tue May 02 2023 Marcus Meissner <meissner@suse.com>
  - remove python3 dependency, no longer needed after rewrite (bsc#1211010)
* Tue Mar 21 2023 Marcus Meissner <meissner@suse.com>
  - swtpm-fix-build.patch: disable -Wstack-protector, it fails on s390x
    bsc#1209117
* Mon Mar 06 2023 Alberto Planas Dominguez <aplanas@suse.com>
  - Drop trousers requirement
* Mon Mar 06 2023 Alberto Planas Dominguez <aplanas@suse.com>
  - Update to version 0.8.0:
    * swtpm:
      + Implement release-lock-outgoing parameter for --migration option
      + Introduce --migration option and 'incoming' parameter
      + Implement terminate parameter for ctrl channel loss
      + Add a chroot option
      + Introduce disable-auto-shutdown flag for --flags option
      + If necessary send TPM2_Shutdown() before TPMLIB_Terminate()
      + Add some more recent syscalls to seccomp profile
      + Disable OpenSSL FIPS mode to avoid libtpms failures
      + Avoid locking directory multiple times
      + Remove support for pre-v0.1 state files without header
      + Use uint64_t in tlv_data_append() to avoid integer overflows
      + Use uint64_t to avoid integer wrap-around when adding a uint32_t
      + Do not chdir(/) when using --daemon
      + Check header size indicator against expected size (CVE-2022-23645 bsc#1196240)
      + Fixes for gcc 12.2.1 -fanalyzer
    * build-sys:
      + Fix configure script to support _FORTIFY_SOURCE=3
      + Define __USE_LINUX_IOCTL_DEFS in header file (Cygwin)
    * swtpm-localca:
      + Re-implement variable resolution for swtpm-localca.conf
      + Test for available issuercert before creating CA
    * swtpm_setup:
      + Configure swtpm to log to stdout/err if needed (glib >=2.74)
    * tests:
      + Use ${WORKDIR} in config files to test env. var replacement
      + Patch IBM TSS2 test suite for OpenSSL 3.x
    * build-sys:
      + Add probing for -fstack-protector
* Fri Apr 29 2022 Marcus Meissner <meissner@suse.com>
  - Updated to version 0.7.3:
    - swtpm:
    - Use uint64_t in tlv_data_append() to avoid integer overflows
    - Use uint64_t to avoid integer wrap-around when adding a uint32_t
  - removed allow-FORTIFY_SOURCE=3.patch (upstreamed)
* Wed Apr 06 2022 Martin Liška <mliska@suse.cz>
  - Cheery-pick upstream patch allow-FORTIFY_SOURCE=3.patch.
* Wed Mar 09 2022 Wolfgang Frisch <wolfgang.frisch@suse.com>
  - Update to version 0.7.2:
    - swtpm:
    - Do not chdir(/) when using --daemon
    - swtpm-localca:
    - Re-implement variable resolution for swtpm-localca.conf
    - tests:
    - Use ${WORKDIR} in config files to test env. var replacement
    - man pages:
    - Add missing .config directory to path description when using ${HOME}
    - build-sys:
    - Add probing for -fstack-protector
* Mon Feb 21 2022 Marcus Meissner <meissner@suse.com>
  - Update to version 0.7.1:
    - swtpm:
    - Check header size indicator against expected size (CVE-2022-23645 bsc#1196240)
    - swtpm_localca:
    - Test for available issuercert before creating CA
* Wed Nov 10 2021 Marcus Meissner <meissner@suse.com>
  - Update to version 0.7.0:
    - swtpm:
    - Support for linear file storage backend (file://)
    - Report 'tpm-1.2' & 'tpm-2.0' in --print-capabilities depending what
      libtpms supports
    - Add implementation of SWTPM_HMAC using OpenSSL 3.0 APIs
    - Wipe keys from stack and heap
    - Many other small changes
    - Make --daemon not racy
    - swtpm_setup:
    - Only activate SHA256 PCR bank, not SHA1 bank anymore by default
    - Support for linear file storage backend (file://)
    - Implement option --create-config-files to create config files
    - Use non-deprecated APIs to contruct RSA key (OSSL 3)
    - Report stderr as returned by external tool (swtpm-localcal)
    - Replace '+' and ',' characters in VMId's to make work with
      common name in X509 subject
    - Add support for --reconfigure flag to change active PCR banks
    - swtpm_localca:
    - Created certificates for CAs and TPM that do not expire
    - swtpm_cert:
    - Allow passing -1 for days to get a non-expiring certificate
    - test:
    - ASAN-related test changes and skipping of tests if ASAN is used
    - Fix tests using tpm2-abrmd by preventing concurrency
    - Skip chardev related tests after checking for chardev support
    - exit with error code if mktemp fails
    - OSSL 3: Make TPM 1.2 test compile; skip IBM TSS 2 test
    - build-sys:
    - Introduce --enable-sanitizers to configure
    - Remove check for pip3 that was used by python swtpm_setup
    - Allow passing of aditional CFLAGS during build
* Wed Sep 22 2021 Marcus Meissner <meissner@suse.com>
  - Update to version 0.6.1:
    - swtpm:
    - Clear keys from stack and heap
    - swtpm-localca:
    - Add missing else branch for pkcs11 and PIN
    - swtpm_setup:
    - Initialize Gerror and free it
    - Replace '\\s' in regex with [[:space:]] to fix cygwin
    - tests:
    - Kill tpm2-abrmd with SIGKILL rather SIGTERM
    - build-sys:
    - Use -DOPENSSL_SUPPRESS_DEPRECATED to suppress deprecation warnings (OSSL 3)
    - Enable configuring with CFLAGS and passing additional CFLAGS on build
* Sat Aug 07 2021 Callum Farmer <gmbr3@opensuse.org>
  - Update to version 0.6.0:
    - Addressed potential symlink attack issue (CVE-2020-28407)
    - Rewritten in 'C'; needs json-glib
    - Use timeouts for communicating with swtpm (Unix socket)
    - Fix --print-capabilities for 'swtpm chardev'
    - Various cleanups and fixes (coverity)
  - Enable selinux support
  - Removed swtpm-rename_deprecated_libtasn1_types.patch: upstream
  - Fix rpmlint errors
* Thu May 20 2021 Pedro Monreal <pmonreal@suse.com>
  - swtpm_cert: rename deprecated libtasn1 types.
    * https://github.com/stefanberger/swtpm/pull/443
    * Add swtpm-rename_deprecated_libtasn1_types.patch

Files

/usr/share/selinux/packages/targeted/swtpm.pp
/usr/share/selinux/packages/targeted/swtpm_svirt.pp
/usr/share/selinux/packages/targeted/swtpmcuse.pp
/var/lib/selinux/targeted/active/modules/200/swtpm
/var/lib/selinux/targeted/active/modules/200/swtpm_svirt
/var/lib/selinux/targeted/active/modules/200/swtpmcuse

Generated by rpm2html 1.8.1

Fabrice Bellet, Sat Mar 30 23:40:51 2024