swtpm (0.6.3-0ubuntu3) jammy; urgency=medium

  * d/usr.bin.swtpm: Add additional apparmor rules
    - allow full interaction with libvirt (LP: #1968187)
    - add qemu socket rules (LP: #1968335)

 -- Lena Voytek <lena.voytek@canonical.com>  Tue, 12 Apr 2022 07:49:45 -0700

swtpm (0.6.3-0ubuntu2) jammy; urgency=medium

  * d/p/openssl-not-certtool.patch: do not use rnd file (LP: #1968131)
    RANDFILE isn't needed anymore in openssl and furthermore breaks many
    use cases here as HOME isn't resolved and therefore it accessed $CWD/.rnd
    which often ends up in places it isn't able to access the file.
    Thanks to Simon Deziel for the suggested fix!

 -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 07 Apr 2022 16:07:21 +0200

swtpm (0.6.3-0ubuntu1) jammy; urgency=medium

  * Update to the stable release v0.6.3 (LP: 1948748)
    - swtpm:
      + Do not chdir(/) when using --daemon
      + Check header size indicator against expected size (CVE-2022-23645)
    - swtpm-localca:
      + Re-implement variable resolution for swtpm-localca.conf
      + Test for available issuercert before creating CA
    - tests:
      + Use ${WORKDIR} in config files to test env. var replacement
    - man:
      + Add missing .config directory to path description when using ${HOME}
    - build-sys:
      + Add probing for -fstack-protector
      + configure: Fix typo TPM2 -> TMP2
    - swtpm_setup:
      + Report stderr as returned by external tool (swtpm-localcal)
      + Fix exit code on error to be '1'.
  * d/usr.bin.swtpm: fix hang on unix sockets due to apparmor rules

 -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 22 Mar 2022 09:31:40 +0100

swtpm (0.6.1-0ubuntu6) jammy; urgency=medium

  * Add apparmor profile to swtpm (LP: #1950631)
    - d/usr.bin.swtpm: Create new apparmor profile
    - d/swtpm.install: Copy apparmor profile to /etc/apparmor.d/
    - d/rules: Deploy the swtpm apparmor profile
    - d/control: Add dh-apparmor as a dependency

 -- Lena Voytek <lena.voytek@canonical.com>  Fri, 18 Feb 2022 14:24:14 -0700

swtpm (0.6.1-0ubuntu5) jammy; urgency=medium

  * debian/patches/openssl-not-certtool.patch: Use traditional format
    output as expected by tests.
  * Set executable bit on debian/tests/run-tests.

 -- Dimitri John Ledkov <dimitri.ledkov@canonical.com>  Thu, 02 Dec 2021 17:54:13 +0000

swtpm (0.6.1-0ubuntu4) jammy; urgency=medium

  * debian/patches/openssl-not-certtool.patch: Use openssl at runtime,
    not certtool.

 -- Steve Langasek <steve.langasek@ubuntu.com>  Fri, 05 Nov 2021 13:16:42 -0700

swtpm (0.6.1-0ubuntu3) jammy; urgency=medium

  * Don't use the tss user for swtpm, this overloads a user already used for
    physical tpm ACLs.  LP: #1949060.
  * Add missing adduser dependency to swtpm-tools.
  * Add missing debhelper token to swtpm-tools.postinst.

 -- Steve Langasek <steve.langasek@ubuntu.com>  Thu, 28 Oct 2021 05:47:30 -0700

swtpm (0.6.1-0ubuntu2) jammy; urgency=medium

  * Include packaging fixes from upstream to the postinst.
  * Drop tpm-udev dependency, not needed because we create the tss user
    ourselves now as needed.
  * Add autopkgtests.

 -- Steve Langasek <steve.langasek@ubuntu.com>  Mon, 25 Oct 2021 20:52:45 -0700

swtpm (0.6.1-0ubuntu1) jammy; urgency=medium

  * Initial release, using packaging from upstream.
  * debian/patches/0001-Install-swtpm-localca-to-the-correct-path.patch:
    Install swtpm-localca to the correct path.
  * debian/patches/no-autoconf-in-debian.patch: don't modify debian
    directory from upstream configure script.

 -- Steve Langasek <steve.langasek@ubuntu.com>  Sun, 24 Oct 2021 01:04:51 +0000
