Your message dated Sat, 16 May 2026 11:07:43 +0000
with message-id <[email protected]>
and subject line Released with 12.14
has caused the Debian Bug report #1135214,
regarding bookworm-pu: package tpm2-pkcs11/1.9.0-0.1+deb12u1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1135214: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135214
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: [email protected]
Control: affects -1 + src:tpm2-pkcs11
User: [email protected]
Usertags: pu
[ Reason ]
#1135213 prevents database upgrades from bullseye to bookworm.
[ Impact ]
Cannot successfully upgrade a database.
[ Tests ]
Tested compilation.
[ Risks ]
Code is trivial.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in oldstable
[x] the issue is verified as fixed in unstable
[ Changes ]
Introduces a protective if clause for a possible null pointer.
[ Other info ]
This is a non-maintainer upload.
diff -Nru tpm2-pkcs11-1.9.0/debian/changelog tpm2-pkcs11-1.9.0/debian/changelog
--- tpm2-pkcs11-1.9.0/debian/changelog 2023-02-02 09:18:48.000000000 +0000
+++ tpm2-pkcs11-1.9.0/debian/changelog 2026-04-29 10:46:25.000000000 +0000
@@ -1,3 +1,10 @@
+tpm2-pkcs11 (1.9.0-0.1+deb12u1) bookworm; urgency=medium
+
+ * Non-maintainer upload
+ * Backport upstream db migration fix (Closes: #1135213)
+
+ -- Bastian Germann <[email protected]> Wed, 29 Apr 2026 12:46:25 +0200
+
tpm2-pkcs11 (1.9.0-0.1) unstable; urgency=medium
* Non-maintainer upload
diff -Nru tpm2-pkcs11-1.9.0/debian/patches/db-nullpointer-deref.patch
tpm2-pkcs11-1.9.0/debian/patches/db-nullpointer-deref.patch
--- tpm2-pkcs11-1.9.0/debian/patches/db-nullpointer-deref.patch 1970-01-01
00:00:00.000000000 +0000
+++ tpm2-pkcs11-1.9.0/debian/patches/db-nullpointer-deref.patch 2026-04-29
10:46:25.000000000 +0000
@@ -0,0 +1,34 @@
+Origin:
https://github.com/tpm2-software/tpm2-pkcs11/commit/18989a3f23aa885e81eee252593037f730d48772
+From: Victor Makarov <[email protected]>
+Date: Sat, 16 Mar 2024 22:25:44 +0300
+Subject: db: CKA_ALLOWED_MECHANISMS fix NULL pointer dereference.
+
+Fixes: #845
+
+Signed-off-by: Victor Makarov <[email protected]>
+---
+ src/lib/db.c | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/src/lib/db.c b/src/lib/db.c
+index b4bbd1bf..25965973 100644
+--- a/src/lib/db.c
++++ b/src/lib/db.c
+@@ -2169,9 +2169,14 @@ static CK_RV dbup_handler_from_7_to_8(sqlite3 *updb) {
+
+ /* for each tobject */
+ CK_ATTRIBUTE_PTR a = attr_get_attribute_by_type(tobj->attrs,
CKA_ALLOWED_MECHANISMS);
+- CK_BYTE type = type_from_ptr(a->pValue, a->ulValueLen);
+- if (type != TYPE_BYTE_INT_SEQ) {
+- rv = _db_update_tobject_attrs(updb, tobj->id, tobj->attrs);
++
++ if (a) {
++ CK_BYTE type = type_from_ptr(a->pValue, a->ulValueLen);
++ if (type != TYPE_BYTE_INT_SEQ) {
++ rv = _db_update_tobject_attrs(updb, tobj->id, tobj->attrs);
++ }
++ } else {
++ rv = CKR_OK;
+ }
+
+ tobject_free(tobj);
diff -Nru tpm2-pkcs11-1.9.0/debian/patches/series
tpm2-pkcs11-1.9.0/debian/patches/series
--- tpm2-pkcs11-1.9.0/debian/patches/series 2023-02-02 09:13:40.000000000
+0000
+++ tpm2-pkcs11-1.9.0/debian/patches/series 2026-04-29 10:46:25.000000000
+0000
@@ -1,2 +1,3 @@
+db-nullpointer-deref.patch
set-version-of-library.patch
fail-fapi-gracefully.patch
--- End Message ---
--- Begin Message ---
Package: release.debian.org
Version: 12.14
This update has been released as part of Debian 12.14.
--- End Message ---
