Releases: stefanberger/swtpm
Releases · stefanberger/swtpm
Release of v0.6.3
v0.6.3
This tag was signed with the committer’s verified signature.
stefanberger
Stefan Berger
version 0.6.3:
- swtpm:
- Do not chdir(/) when using --daemon
- swtpm-localca:
- Re-implement variable resolution for swtpm-localca.conf
- tests:
- Use ${WORKDIR} in config files to test env. var replacement
- man:
- Add missing .config directory to path description when using ${HOME}
- build-sys:
- Add probing for -fstack-protector
- configure: Fix typo TPM2 -> TMP2
Release of v0.7.1
v0.7.1
This tag was signed with the committer’s verified signature.
stefanberger
Stefan Berger
version 0.7.1:
- swtpm:
- Check header size indicator against expected size (CVE-2022-23645)
- swtpm_localca:
- Test for available issuercert before creating CA
Release of v0.6.2
v0.6.2
This tag was signed with the committer’s verified signature.
stefanberger
Stefan Berger
version 0.6.2:
- swtpm:
- Check header size indicator against expected size (CVE-2022-23645)
- swtpm-localca:
- Test for available issuercert before creating CA
- swtpm_setup:
- Report stderr as returned by external tool (swtpm-localcal)
- Fix exit code on error to be '1'.
Release of v0.5.3
v0.5.3
This tag was signed with the committer’s verified signature.
stefanberger
Stefan Berger
version 0.5.3:
- swtpm:
- Check header size indicator against expected size (CVE-2022-23645)
- Fix --print-capabilities for 'swtpm chardev'
- swtpm_localca:
- Test for available issuercert before creating CA
- swtpm_cert:
- Rename deprecated libtasn1 types
- man pages:
- Update the doc of the flag to connect to TPM via UnixIO socket
- build-sys:
- Use -DOPENSSL_SUPPRESS_DEPRECATED to suppress deprecated API warnings
(OSSL 3) - Fix Makefile issue with multiple .PHONY
- Use -DOPENSSL_SUPPRESS_DEPRECATED to suppress deprecated API warnings
- tests:
- Allow volatile state file >= 9000 bytes in test_tpm2_migration_key
- Travis:
- Stop using ASAN for swtpm since one test case fails (with 0.5.x)
Release of v0.7.0
v0.7.0
This tag was signed with the committer’s verified signature.
stefanberger
Stefan Berger
version 0.7.0:
- swtpm:
- Support for linear file storage backend (file://)
- Report 'tpm-1.2' & 'tpm-2.0' in --print-capabilities depending what
libtpms supports - Add implementation of SWTPM_HMAC using OpenSSL 3.0 APIs
- Wipe keys from stack and heap
- Many other small changes
- Make --daemon not racy
- swtpm_setup:
- Only activate SHA256 PCR bank, not SHA1 bank anymore by default
- Support for linear file storage backend (file://)
- Implement option --create-config-files to create config files
- Use non-deprecated APIs to contruct RSA key (OSSL 3)
- Report stderr as returned by external tool (swtpm-localcal)
- Replace '+' and ',' characters in VMId's to make work with
common name in X509 subject - Add support for --reconfigure flag to change active PCR banks
- swtpm_localca:
- Created certificates for CAs and TPM that do not expire
- swtpm_cert:
- Allow passing -1 for days to get a non-expiring certificate
- test:
- ASAN-related test changes and skipping of tests if ASAN is used
- Fix tests using tpm2-abrmd by preventing concurrency
- Skip chardev related tests after checking for chardev support
- exit with error code if mktemp fails
- OSSL 3: Make TPM 1.2 test compile; skip IBM TSS 2 test
- build-sys:
- Introduce --enable-sanitizers to configure
- Remove check for pip3 that was used by python swtpm_setup
- Allow passing of aditional CFLAGS during build
Release of v0.6.1
v0.6.1
This tag was signed with the committer’s verified signature.
stefanberger
Stefan Berger
version 0.6.1:
- swtpm:
- Clear keys from stack and heap
- swtpm-localca:
- Add missing else branch for pkcs11 and PIN
- swtpm_setup:
- Initialize Gerror and free it
- Replace '\s' in regex with [[:space:]] to fix cygwin
- tests:
- Kill tpm2-abrmd with SIGKILL rather SIGTERM
- build-sys:
- Use -DOPENSSL_SUPPRESS_DEPRECATED to suppress deprecation warnings (OSSL 3)
- Enable configuring with CFLAGS and passing additional CFLAGS on build
Release of v0.6.0
v0.6.0
This tag was signed with the committer’s verified signature.
stefanberger
Stefan Berger
version 0.6.0:
- swtpm:
- Fix --print-capabilities for 'swtpm chardev'
- Various cleanups and fixes (coverity)
- Addressed potential symlink attack issue (CVE-2020-28407)
- swtpm_setup:
- Rewritten in 'C'; needs json-glib
- Addressed potential symlink attack issue (CVE-2020-28407)
- swtpm_ioctl:
- Use timeouts for communicating with swtpm (Unix socket)
- swtpm-localca:
- Rewritten in 'C'
- tests:
- Use the IBM TSS2 v1.6.0's test suite
- Store and also restore the volatile state at every step when running
IBM TSS2 test suite - Various cleanup
- build-sys:
- Add HARDENING_CFLAGS and _LDFLAGS to all C programs
Release of v0.5.2
v0.5.2
This tag was signed with the committer’s verified signature.
stefanberger
Stefan Berger
version 0.5.2:
- swtpm:
- Fix potential buffer overflow related to largely unused data hashing
function in control channel - swtpm: Unconditionally close fd if writing of pidfile fails (coverity)
- Fix potential buffer overflow related to largely unused data hashing
- swtpm_setup:
- Increase timeout from 10s to 30s for slower machines
- Travis:
- Not building on OS X anymore due to additional costs
Release of v0.5.1
v0.5.1
This tag was signed with the committer’s verified signature.
stefanberger
Stefan Berger
version 0.5.1:
- swtpm & swtpm_setup:
- Addressed potential symlink attack issue (CVE-2020-28407)
- build-sys:
- Fix configure python cryptography error message
Release of v0.4.2
v0.4.2
This tag was signed with the committer’s verified signature.
stefanberger
Stefan Berger
version 0.4.2:
- swtpm & swtpm_setup:
- Addressed potential symlink attack issue (CVE-2020-28407)