swtpm-0.7.3-150500.2.1 RPM for ppc64le

From OpenSuSE Leap 15.5 for ppc64le

The SWTPM package provides TPM emulators with different front-end interfaces
to libtpms. TPM emulators provide socket interfaces (TCP/IP) and the Linux
CUSE interface for the creation of multiple native /dev/vtpm* devices.
Those can be the targets of multiple QEMU cuse-tpm instances.

Provides

• swtpm
• config(swtpm)
• libswtpm_libtpms.so.0()(64bit)
• swtpm(ppc-64)

Requires

• /sbin/ldconfig
• /sbin/ldconfig
• /usr/bin/bash
• /usr/bin/env
• config(swtpm) = 0.7.3-150500.2.1
• iproute2
• libc.so.6()(64bit)
• libc.so.6(GLIBC_2.17)(64bit)
• libcrypto.so.1.1()(64bit)
• libcrypto.so.1.1(OPENSSL_1_1_0)(64bit)
• libcrypto.so.1.1(OPENSSL_1_1_1)(64bit)
• libfuse.so.2()(64bit)
• libfuse.so.2(FUSE_2.4)(64bit)
• libfuse.so.2(FUSE_2.5)(64bit)
• libfuse.so.2(FUSE_2.8)(64bit)
• libglib-2.0.so.0()(64bit)
• libgnutls.so.30()(64bit)
• libgnutls.so.30(GNUTLS_3_4)(64bit)
• libgobject-2.0.so.0()(64bit)
• libjson-glib-1.0.so.0()(64bit)
• libjson-glib-1.0.so.0(libjson-glib-1.0.so.0)(64bit)
• libpthread.so.0()(64bit)
• libpthread.so.0(GLIBC_2.17)(64bit)
• libseccomp.so.2()(64bit)
• libswtpm_libtpms.so.0()(64bit)
• libtasn1.so.6()(64bit)
• libtasn1.so.6(LIBTASN1_0_3)(64bit)
• libtpms.so.0()(64bit)
• libtpms.so.0(LIBTPMS_0.5.1)(64bit)
• libtpms.so.0(LIBTPMS_0.6.0)(64bit)
• rpmlib(CompressedFileNames) <= 3.0.4-1
• rpmlib(FileDigests) <= 4.6.0-1
• rpmlib(PayloadFilesHavePrefix) <= 4.0-1
• rpmlib(PayloadIsXz) <= 5.2-1
• trousers
• user(tss)

License

BSD-3-Clause

Changelog

* Tue May 02 2023 meissner@suse.com
  - remove python3 dependency, no longer needed after rewrite (bsc#1211010)
* Sat Oct 08 2022 meissner@suse.com
  - remove selinux support for now.
* Fri Apr 29 2022 meissner@suse.com
  - Updated to version 0.7.3:
    - swtpm:
    - Use uint64_t in tlv_data_append() to avoid integer overflows
    - Use uint64_t to avoid integer wrap-around when adding a uint32_t
  - removed allow-FORTIFY_SOURCE=3.patch (upstreamed)
* Wed Apr 06 2022 mliska@suse.cz
  - Cheery-pick upstream patch allow-FORTIFY_SOURCE=3.patch.
* Wed Mar 09 2022 wolfgang.frisch@suse.com
  - Update to version 0.7.2:
    - swtpm:
    - Do not chdir(/) when using --daemon
    - swtpm-localca:
    - Re-implement variable resolution for swtpm-localca.conf
    - tests:
    - Use ${WORKDIR} in config files to test env. var replacement
    - man pages:
    - Add missing .config directory to path description when using ${HOME}
    - build-sys:
    - Add probing for -fstack-protector
* Mon Feb 21 2022 meissner@suse.com
  - Update to version 0.7.1:
    - swtpm:
    - Check header size indicator against expected size (CVE-2022-23645 bsc#1196240)
    - swtpm_localca:
    - Test for available issuercert before creating CA
* Wed Nov 10 2021 meissner@suse.com
  - Update to version 0.7.0:
    - swtpm:
    - Support for linear file storage backend (file://)
    - Report 'tpm-1.2' & 'tpm-2.0' in --print-capabilities depending what
      libtpms supports
    - Add implementation of SWTPM_HMAC using OpenSSL 3.0 APIs
    - Wipe keys from stack and heap
    - Many other small changes
    - Make --daemon not racy
    - swtpm_setup:
    - Only activate SHA256 PCR bank, not SHA1 bank anymore by default
    - Support for linear file storage backend (file://)
    - Implement option --create-config-files to create config files
    - Use non-deprecated APIs to contruct RSA key (OSSL 3)
    - Report stderr as returned by external tool (swtpm-localcal)
    - Replace '+' and ',' characters in VMId's to make work with
      common name in X509 subject
    - Add support for --reconfigure flag to change active PCR banks
    - swtpm_localca:
    - Created certificates for CAs and TPM that do not expire
    - swtpm_cert:
    - Allow passing -1 for days to get a non-expiring certificate
    - test:
    - ASAN-related test changes and skipping of tests if ASAN is used
    - Fix tests using tpm2-abrmd by preventing concurrency
    - Skip chardev related tests after checking for chardev support
    - exit with error code if mktemp fails
    - OSSL 3: Make TPM 1.2 test compile; skip IBM TSS 2 test
    - build-sys:
    - Introduce --enable-sanitizers to configure
    - Remove check for pip3 that was used by python swtpm_setup
    - Allow passing of aditional CFLAGS during build
* Wed Sep 22 2021 meissner@suse.com
  - Update to version 0.6.1:
    - swtpm:
    - Clear keys from stack and heap
    - swtpm-localca:
    - Add missing else branch for pkcs11 and PIN
    - swtpm_setup:
    - Initialize Gerror and free it
    - Replace '\\s' in regex with [[:space:]] to fix cygwin
    - tests:
    - Kill tpm2-abrmd with SIGKILL rather SIGTERM
    - build-sys:
    - Use -DOPENSSL_SUPPRESS_DEPRECATED to suppress deprecation warnings (OSSL 3)
    - Enable configuring with CFLAGS and passing additional CFLAGS on build
* Sat Aug 07 2021 gmbr3@opensuse.org
  - Update to version 0.6.0:
    - Addressed potential symlink attack issue (CVE-2020-28407)
    - Rewritten in 'C'; needs json-glib
    - Use timeouts for communicating with swtpm (Unix socket)
    - Fix --print-capabilities for 'swtpm chardev'
    - Various cleanups and fixes (coverity)
  - Enable selinux support
  - Removed swtpm-rename_deprecated_libtasn1_types.patch: upstream
  - Fix rpmlint errors
* Thu May 20 2021 pmonreal@suse.com
  - swtpm_cert: rename deprecated libtasn1 types.
    * https://github.com/stefanberger/swtpm/pull/443
    * Add swtpm-rename_deprecated_libtasn1_types.patch
* Sun Dec 27 2020 meissner@suse.com
  - Update to version 0.5.2
    - swtpm:
    - Fix potential buffer overflow related to largely unused data hashing
      function in control channel
    - swtpm: Unconditionally close fd if writing of pidfile fails (coverity)
    - swtpm_setup:
    - Increase timeout from 10s to 30s for slower machines
    - Travis:
    - Not building on OS X anymore due to additional costs
* Tue Dec 22 2020 glin@suse.com
  - Use "Requires user(tss)" for the "tss" user and group
* Tue Dec 22 2020 glin@suse.com
  - Create /var/lib/swtpm-localca to store the keys created by
    swtpm-localca (bsc#1179811)
  - Replace net-tools-deprecated with iproute2 since the scripts in
    swtpm now can use 'ss' instead of 'netstat'
* Sun Nov 22 2020 kai.liu@suse.com
  - Update to version 0.5.1
    * swtpm & swtpm_setup:
    - Addressed potential symlink attack issue (CVE-2020-28407)
    * build-sys:
    - Fix configure python cryptography error message
  - Misc. spec file changes.
* Tue Oct 13 2020 kai.liu@suse.com
  - Update Requires and BuildRequires for changes since 0.4.0.
  - Remove patch files that are no longer needed:
    * swtpm-adjust-seccomp-path.patch
    * swtpm-setup-tcsd-path.patch
    * swtpm-tpm-tools-path.patch
  - Update to version 0.5.0
    * swtpm:
    - Write files atomically using a temp file and then renaming
    * swtpm_setup:
    - Removed remaining 'c' wrapper program
    - Do not truncate logfile when testing write-access (regression)
    - Remove TPM state file in case error occurred
    * swtpm-localca:
    - Rewrite in python
    - Allow passing pkcs11 PIN using signingkey_password
    - Allow passing environment variables needed for pkcs11 modules using
      swtpm-localca.conf and format 'env:VARNAME=VALUE'.
    * build-sys:
    - Add python-install and python-uninstall targets
    - Add configure option to disable installation of Python module
    - Use -Wl,-z,relro and -Wl,-z,now only when linking (clang)
    - Use AC_LINK_IFELSE to check whether support for hardening flags
  - Changes from version 0.4.1
    * swtpm_setup:
    - Do not hardcode '/etc' but use SYSCONFDIR
    - Fix support for -h and -? options
    - Add missing .config path when using ${HOME}
    * swtpm-localca:
    - Apply password for signing key when creating platform cert
    - Properly apply passwords for localca signing key
  - Changes from version 0.4.0
    * swtpm:
    - Invoke print capabilities after choosing TPM version
    - Add some recent syscalls to seccomp blacklist
    * swtpm_cert:
    - Support --ecc-curveid option to pass curve id
    * swtpm_setup & related scripts:
    - Rewrite swtpm_setup.sh in python with TPM 1.2 not requiring tcsd
      and TPM tools anymore; new dependencies:
    - python3: pip, cryptography, setuptools
      dropped dependencies for swtpm_setup:
    - tcsd, expect, tpm-tools (some still needed for pkcs11 tests)
    - Added support for RSA 3072 keys (for libtpms-0.8.0) and moved to
      ECC NIST P384 curve; default RSA key size is still 2048
    - Added support for --rsa-keysize option
    - Extend script to create a CA using a TPM 2 for signing
    * tests:
    - Use the IBM TSS2 v1.5.0's test suite
    - Add test case for loading of an NVRAM completely full with keys
    - Have softhsm_setup use temporary directory for softhsm config & state
    - various other improvements
    * man pages:
    - Improvements
    * build-sys:
    - clang: properly test for linker flag 'now' and 'relro'
    - Gentoo: explicitly link libswtpm_libtpms with -lcrypto
    - Ownership of /var/lib/swtpm-localca is now tss:root and
      mode flags 0750.
* Thu Aug 13 2020 kai.liu@suse.com
  - Update to version 0.3.4:
    * swtpm:
    - Fix compilation for cygwin
    * swtpm_setup & swtpm-localca:
    - Get rid of bash's eval when invoking external tools to avoid abuse.
      Only use eval for 'resolving' variables.
    * tests:
    - Various fixes of minor issues
* Thu Jul 30 2020 kai.liu@suse.com
  - Update to version 0.3.3:
    * swtpm_setup:
    - openSUSE: Support tcsd configuration where tss user != tss group,
      such as root/tss; Fedora & Ubuntu for example use tss/tss
    * build-sys:
    - Check whether tss user and group are available
  - Add tss user & group build flags per upstream instruction. This
    together with v0.3.3 fixed the bug with TPM 1.2 emulation.
    Related upstream bug:
      https://github.com/stefanberger/swtpm/issues/284
* Sat Jul 11 2020 kai.liu@suse.com
  - Update to 0.3.2:
    + swtpm:
      + Remove unnecessary #include <seccomp.h> (fixes SuSE build)
      + Make coverity happy by handling default case in case
      statement
    + swtpm_setup:
      + bugfix: Create ECC storage primary key in owner hierarchy
      + bugfix: remove tpm2_stirrandom and tpm2_changeeps
    + tests:
      + Adjusted pcrUpdateCounter in tests to succeed with PCR TCB
      group fixes in libtpms TPM 2 code
* Wed Apr 22 2020 glin@suse.com
  - Update to 0.3.1
    + swtpm: Fix vtpm proxy case without startup flags
    + swtpm: Only call memcpy if tocopy != 0 (coverity)
    + man: Document new startup options and capabilities
      advertisement
    + swtpm: Enable sending startup commands before processing
      commands
    + swtpm_cert: Accept serial numbers that use up to 64bits
    + swtpm_cert: Use getopt_long_only to parse options
    + swtpm_cert: Add support for --print-capabilities option
    + swtpm_cert: Allow passing signing key and parent key via new
      option
    + swtpm_setup: Enable spaces in paths and other variables
    + swtpm_ioctl: Calculate strlen(input) only once
    + swtpm_ioctl: Block SIGPIPE so we can get EPIPE on write()
    + swtpm_bios: Block SIGPIPE so we can get EPIPE on write()
    + swtpm: Only accept() new client ctrl connection if we have none
    + swtpm_setup: Do not fail on future PCR banks' hashes
    + swtpm_setup: Use 1st part of SWTPM_EXE/SWTPM_IOCTL to determine
      executable
    + swtpm_setup: Keep reserved range of file descriptors for
      swtpm_setup.sh
    + swtpm_setup: Log about encryption and fix c&p error in err msg
    + swtpm: Add --print-capabilities to help screen of
      'swtpm chardev'
    + swtpm_ioctl: Fix uninitialized variable 'pgi'
    + swtpm_cert: Use gnutls_x509_crt_get_subject_key_id API call for
      subj keyId
    + swtpm_cert: Fix OIDs for TPM 2 platforms data
    + swtpm: Fix typo in error report: HMAC instead of hash
    + swtpm: Use writev_full rather than writev; fixes --vtpm-proxy
      EIO error
  - Refresh swtpm-setup-tcsd-path.patch
* Fri Jan 03 2020 glin@suse.com
  - Amend swtpm-adjust-seccomp-path.patch to add the missing seccomp
    paths
  - Adjust the conditional check of net-tools-deprecated for SLE15
    and SLE15-SP1
* Thu Sep 05 2019 glin@suse.com
  - Update to 0.2.0
    +Linux: swtpm now runs with a seccomp profile (blacklist) if
      compiled with libseccomp support
    + Added subpport for passing key and passphrase via file
      descriptor
    + TPM 2 commands can now be prefixed by 'the TCG header' and
      responses will have a 4-byte prefix and 4-byte suffix.
    + Added --print-capabilities command line option
    + Proper handling on EINTR on read, poll, and write
  - Patches to adjust the pathes
    + swtpm-tpm-tools-path.patch
    + swtpm-setup-tcsd-path.patch
    + swtpm-adjust-seccomp-path.patch
* Tue May 15 2018 glin@suse.com
  - Initial import: 0.1.0-dev2

Files

/etc/swtpm-localca.conf
/etc/swtpm-localca.options
/etc/swtpm_setup.conf
/usr/bin/swtpm
/usr/bin/swtpm_bios
/usr/bin/swtpm_cert
/usr/bin/swtpm_cuse
/usr/bin/swtpm_ioctl
/usr/bin/swtpm_localca
/usr/bin/swtpm_setup
/usr/lib64/swtpm
/usr/lib64/swtpm/libswtpm_libtpms.so.0
/usr/lib64/swtpm/libswtpm_libtpms.so.0.0.0
/usr/share/doc/packages/swtpm
/usr/share/doc/packages/swtpm/CHANGES
/usr/share/doc/packages/swtpm/README
/usr/share/doc/packages/swtpm/TODO
/usr/share/licenses/swtpm
/usr/share/licenses/swtpm/LICENSE
/usr/share/man/man8/swtpm-create-tpmca.8.gz
/usr/share/man/man8/swtpm-localca.8.gz
/usr/share/man/man8/swtpm-localca.conf.8.gz
/usr/share/man/man8/swtpm-localca.options.8.gz
/usr/share/man/man8/swtpm.8.gz
/usr/share/man/man8/swtpm_bios.8.gz
/usr/share/man/man8/swtpm_cert.8.gz
/usr/share/man/man8/swtpm_cuse.8.gz
/usr/share/man/man8/swtpm_ioctl.8.gz
/usr/share/man/man8/swtpm_localca.8.gz
/usr/share/man/man8/swtpm_setup.8.gz
/usr/share/man/man8/swtpm_setup.conf.8.gz
/usr/share/swtpm
/usr/share/swtpm/swtpm-create-tpmca
/usr/share/swtpm/swtpm-create-user-config-files
/usr/share/swtpm/swtpm-localca
/var/lib/swtpm-localca

Generated by rpm2html 1.8.1

Fabrice Bellet, Mon Mar 9 15:33:22 2026