Your message dated Sat, 19 Jun 2021 10:56:39 +0100
with message-id
<5c65c3ad2ac9b1b1f78bf73b1cf073041e619b51.ca...@adam-barratt.org.uk>
and subject line Closing p-u requests for fixes included in 10.10 point release
has caused the Debian Bug report #989701,
regarding buster-pu: package clevis/11-2+deb10u2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
989701: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989701
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: buster
User: [email protected]
Usertags: pu
Hello stable release team,
for the upcoming stable point release, I've just uploaded src:clevis
("automated encryption framework") as version 11-2+deb10u2. There is
one change related to the TPM integration:
* Fix handling of TPM chips that support sha256 only
Type: upstream bug
Debian bug: https://bugs.debian.org/989648
Fixed in in stable and testing: 12-1 (February 2020)
Problem: Possibly due to a typo, the clevis-encrypt-tpm2 backend cannot
handle TPM chips that support sha256 only.
Regards,
Christoph
diff -Nru clevis-11/debian/changelog clevis-11/debian/changelog
--- clevis-11/debian/changelog 2021-01-25 20:03:26.000000000 +0100
+++ clevis-11/debian/changelog 2021-06-09 15:59:00.000000000 +0200
@@ -1,3 +1,10 @@
+clevis (11-2+deb10u2) buster; urgency=medium
+
+ * Cherry-pick "Bugfix: set pcr_bank from pcr_bank not pcr_hash
+ field". Closes: #989648
+
+ -- Christoph Biedl <[email protected]> Wed, 09 Jun 2021
19:58:50 +0200
+
clevis (11-2+deb10u1) buster; urgency=medium
* Cherry-pick two comments to fix initramfs creation: Closes: #969361
diff -Nru
clevis-11/debian/patches/cherry-pick/1551971881.v11-5-g67fc67c.bugfix-set-pcr-bank-from-pcr-bank-not-pcr-hash-field.patch
clevis-11/debian/patches/cherry-pick/1551971881.v11-5-g67fc67c.bugfix-set-pcr-bank-from-pcr-bank-not-pcr-hash-field.patch
---
clevis-11/debian/patches/cherry-pick/1551971881.v11-5-g67fc67c.bugfix-set-pcr-bank-from-pcr-bank-not-pcr-hash-field.patch
1970-01-01 01:00:00.000000000 +0100
+++
clevis-11/debian/patches/cherry-pick/1551971881.v11-5-g67fc67c.bugfix-set-pcr-bank-from-pcr-bank-not-pcr-hash-field.patch
2021-06-09 15:55:44.000000000 +0200
@@ -0,0 +1,16 @@
+Subject: Bugfix: set pcr_bank from pcr_bank not pcr_hash field
+Origin: v11-5-g67fc67c
<https://github.com/latchset/clevis/commit/v11-5-g67fc67c>
+Upstream-Author: Markus Linnala <[email protected]>
+Date: Thu Mar 7 17:18:01 2019 +0200
+
+--- a/src/pins/tpm2/clevis-encrypt-tpm2
++++ b/src/pins/tpm2/clevis-encrypt-tpm2
+@@ -88,7 +88,7 @@
+
+ key=`jose fmt -j- -Og key -u- <<< "$cfg"` || key="ecc"
+
+-pcr_bank=`jose fmt -j- -Og pcr_hash -u- <<< "$cfg"` || pcr_bank="sha1"
++pcr_bank=`jose fmt -j- -Og pcr_bank -u- <<< "$cfg"` || pcr_bank="sha1"
+
+ pcr_ids=`jose fmt -j- -Og pcr_ids -u- <<< "$cfg"` || true
+
diff -Nru clevis-11/debian/patches/series clevis-11/debian/patches/series
--- clevis-11/debian/patches/series 2021-01-25 20:03:26.000000000 +0100
+++ clevis-11/debian/patches/series 2021-06-09 15:55:55.000000000 +0200
@@ -2,6 +2,7 @@
# cherry-picked commits. Keep in upstream's chronological order
cherry-pick/1541598788.v11-1-g1e344db.delete-remaining-references-to-the-removed-http-pin.patch
cherry-pick/1541599937.v11-2-g3465859.install-cryptsetup-and-tpm2-pcrlist-in-the-initramfs.patch
+cherry-pick/1551971881.v11-5-g67fc67c.bugfix-set-pcr-bank-from-pcr-bank-not-pcr-hash-field.patch
# local modifications
debian.use-socat.patch
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Package: release.debian.org
Version: 10.10
Hi,
Each of the updates referenced in these bugs was included in the 10.10
point release today.
Regards,
Adam
--- End Message ---
