Public bug reported: Scheduled-For: ubuntu-25.11 Ubuntu: 0.9.3-0ubuntu5 Debian Unstable: 0.10.1-2
The current version in Ubuntu went ahead of Debian in the past, so this package may be diverged from Debian and require more review than usual to get back to mergeability. If this package should not be considered for merges or syncs in the future, you may wish to consider adding it to the `sync-blocklist` at: https://code.launchpad.net/~ubuntu-archive/+git/sync-blocklist A new release of libtpms is available for merging from Debian Unstable. If it turns out this needs a sync rather than a merge, please change the tagging from ['dcr-merge'] to ['dcr-sync'], and (optionally) update the title as desired. ### New Debian Changes ### libtpms (0.10.1-2) unstable; urgency=medium * d/t/control: allow-stderr -- Luca Boccassi <[email protected]> Wed, 01 Oct 2025 09:05:28 +0200 libtpms (0.10.1-1) unstable; urgency=medium * Implement package salvaging protocol (Closes: #1113720) * Import autopkgtest from Ubuntu (Closes: #998654) * d/control: bump Standards-Version to 4.7.2, no changes * New upstream version 0.10.1 (Closes: #1032182) * Drop CVE patches, merged upstream * Refresh do_not_inline_makeiv.patch for new upstream release * Run wrap-and-sort for build deps * Switch from pkg-config to pkgconf * Build with package-notes ELF stamping * Mark libtpms-dev as MA: same * Update symbols file for 0.10.1 * d/rules: drop unused dh_usrlocal override * Enable hardening options * Drop 0004-fix-ftbfs-bug.patch, no longer needed * Drop do_not_inline_makeiv.patch, no longer needed * Rework no_local_check.patch * Set forwarded tag in 0003-set-man-page-date-to-last-changelog.patch * Add d/salsa-ci.yml * Backport patch to fix dist-clean (Closes: #1046479) -- Luca Boccassi <[email protected]> Mon, 22 Sep 2025 12:44:18 +0100 ### Old Ubuntu Delta ### libtpms (0.9.3-0ubuntu5) questing; urgency=medium * SECURITY UPDATE: Out of bounds access, denial of service - debian/patches/CVE-2025-49133.patch: Fix potential out-of- bound access & abort due to HMAC signing issue in tpm2/CryptUtil.c - CVE-2025-49133 * debian/patches/do_not_inline_makeiv.patch: updated patch to set noinline attribute for all arch's instead of just ppc64 to fix compiler warning causing ftbfs in tpm2/AlgorithmTests.c * debian/patches/fix_ftbfs_crpytomacend.patch: add assertions to quiet compiler warning causing ftbfs in tpm2/crypto/openssl/CryptCmacEnd.c -- Elise Hlady <[email protected]> Wed, 25 Jun 2025 11:54:50 -0700 libtpms (0.9.3-0ubuntu4) noble; urgency=medium * No-change rebuild for CVE-2024-3094 -- Steve Langasek <[email protected]> Sun, 31 Mar 2024 19:48:06 +0000 libtpms (0.9.3-0ubuntu3) noble; urgency=medium * No-change rebuild against libssl3t64 -- Steve Langasek <[email protected]> Mon, 04 Mar 2024 18:29:28 +0000 libtpms (0.9.3-0ubuntu2) lunar; urgency=medium * SECURITY UPDATE: out-of-bounds read/write - debian/patches/CVE-2023-1017_1018.patch: add a buffer size check and properly reduce bufferSize variable by the number of bytes that make up the cipherSize in CryptParameterDecryption() in src/tpm2/CryptUtil.c - CVE-2023-1017 - CVE-2023-1018 * SECURITY UPDATE: out-of-bounds read - debian/patches/tpm2-Check-size-of-TPM2B_NAME.patch: add a buffer size check in TPM2_PolicyAuthorize() in src/tpm2/EACommands.c. - No CVE number -- Rodrigo Figueiredo Zaiden <[email protected]> Wed, 01 Mar 2023 18:23:14 -0300 libtpms (0.9.3-0ubuntu1) jammy; urgency=medium * merge 0.9.3 from upstram to stabilize libtpms in jammy; related to but not fixing (LP: 1948748) - d/p/lp-1948748-tpm2-Address-Coverity-Issue-by-casting-1-before-shif.patch: avoid bad shift - drop d/p/fix-openssl3-compat.patch: part of 0.9.3 - drop d/p/uninitialized-variable.patch: no more needed - ppc64 fixes from upstream as identified and added to debian 0.9.2-3 + d/p/do_not_inline_makeiv.patch + d/p/no_local_check.patch - d/p/lp-1948748-tpm2-Check-return-code-of-BN_div.patch: fix coverity finding -- Christian Ehrhardt <[email protected]> Wed, 30 Mar 2022 09:04:10 +0200 libtpms (0.9.0-0ubuntu4) jammy; urgency=medium * d/p/fix-openssl3-compat.patch: Cherry-picked from upstream (LP: #1962601) -- Simon Chopin <[email protected]> Thu, 24 Mar 2022 19:11:59 +0100 libtpms (0.9.0-0ubuntu3) jammy; urgency=medium * No-change rebuild against openssl3 -- Simon Chopin <[email protected]> Wed, 24 Nov 2021 13:54:17 +0000 libtpms (0.9.0-0ubuntu2) jammy; urgency=medium * Add autopkgtest. -- Steve Langasek <[email protected]> Fri, 05 Nov 2021 16:10:38 +0000 libtpms (0.9.0-0ubuntu1) jammy; urgency=medium * New upstream release. -- Steve Langasek <[email protected]> Thu, 04 Nov 2021 14:46:26 -0700 libtpms (0.8.2-1ubuntu1) impish; urgency=low * Merge from Debian unstable. Remaining changes: - debian/patches/uninitialized-variable.patch: fix issues of variables that may be used before initialization. -- Steve Langasek <[email protected]> Tue, 27 Apr 2021 23:55:31 -0700 ** Affects: libtpms (Ubuntu) Importance: Undecided Status: New ** Tags: dcr-merge ** Changed in: libtpms (Ubuntu) Milestone: None => ubuntu-25.11 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2130092 Title: Merge libtpms from Debian Unstable for resolute To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libtpms/+bug/2130092/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
