Public bug reported:
[Availability]
Available in Ubuntu universe for Focal and Groovy.
Synced from Debian unstable.
[Rationale]
fwupd 1.4.x and later have removed GPG and PKCS7 functionality in favor of the
functionality being provided by the library "libjcat". This library adds
additional features and a new file format that can encaspulate content and
signatures together.
Right now Ubuntu is limited in advancing to the 1.4.x or 1.5.x releases
until libjcat is available in main.
[Security]
The recently released CVE-2020-10759 affected libjcat.
No other CVE's have been released.
[Quality assurance]
* No configuration necessary.
* No debconf questions
* No long outstanding bugs
* No bugs open in Debian or Ubuntu.
* Upstream only has feature request bugs.
* Test suite is part of packaging
* Doesn't rely upon demoted packages
[Dependencies]
All dependencies for the library package are in main.
[Standards compliance]
Adheres to major Debian standards.
[Maintenance]
Maintained by debian-efi team in Debian.
Propose to be maintained by foundations team in Ubuntu.
In general, plan to sync from Debian however.
[Background information]
Fwupd 1.4.0 split out the GPG/PKCS7 handling to this separate library to
support a change in how the client would interact with the LVFS backend. This
change fixes race conditions that clients can encounter when metadata and
detached signatures are momentarily out of sync on LVFS CDN during the signing
process.
** Affects: libjcat (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1884003
Title:
[MIR] libjcat
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libjcat/+bug/1884003/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
