diff options
-rw-r--r-- | debian/changelog | 84 | ||||
-rw-r--r-- | debian/control | 26 | ||||
-rw-r--r-- | debian/copyright | 412 | ||||
-rw-r--r-- | debian/libtpms-dev.install | 5 | ||||
-rw-r--r-- | debian/libtpms0.install | 1 | ||||
-rw-r--r-- | debian/libtpms0.symbols | 30 | ||||
-rw-r--r-- | debian/not-installed | 1 | ||||
-rw-r--r-- | debian/patches/0003-set-man-page-date-to-last-changelog.patch | 20 | ||||
-rw-r--r-- | debian/patches/0004-fix-ftbfs-bug.patch | 14 | ||||
-rw-r--r-- | debian/patches/do_not_inline_makeiv.patch | 20 | ||||
-rw-r--r-- | debian/patches/no_local_check.patch | 21 | ||||
-rw-r--r-- | debian/patches/series | 5 | ||||
-rw-r--r-- | debian/patches/tpm2-Check-size-of-buffer-before-accessing-it-CVE-20.patch | 55 | ||||
-rwxr-xr-x | debian/rules | 11 | ||||
-rw-r--r-- | debian/source/format | 1 | ||||
-rw-r--r-- | debian/upstream/metadata | 2 | ||||
-rw-r--r-- | debian/watch | 3 |
17 files changed, 711 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..9f1b620 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,84 @@ +libtpms (0.9.2-3.1) unstable; urgency=medium + + * Non-maintainer upload. + * tpm2: Check size of buffer before accessing it (CVE-2023-1017, + CVE-2023-1018) (Closes: #1032420) + + -- Salvatore Bonaccorso <carnil@debian.org> Tue, 07 Mar 2023 22:32:00 +0100 + +libtpms (0.9.2-3) unstable; urgency=medium + + * Fix ppc64el build errors (Closes: #997969) + * debian/patches: Import upstream patches for fixing build errors + + -- Seunghun Han <kkamagui@gmail.com> Tue, 08 Mar 2022 17:34:16 +0900 + +libtpms (0.9.2-2) unstable; urgency=medium + + * Upload source only for upstream version 0.9.2 + + -- Seunghun Han <kkamagui@gmail.com> Tue, 22 Feb 2022 17:29:00 +0900 + +libtpms (0.9.2-1) unstable; urgency=medium + + * New upstream version 0.9.2 (Closes: #1006213) + + -- Seunghun Han <kkamagui@gmail.com> Tue, 22 Feb 2022 15:19:28 +0900 + +libtpms (0.9.1-1) unstable; urgency=medium + + * New upstream version 0.9.1 + * Fix a security issue, CVE-2021-3623 (Closes: #990522) + * debian/patches: Remove some useless patches because of new upstream + version + * debian/control: Change Standards-Version to 4.6.0 + + -- Seunghun Han <kkamagui@gmail.com> Fri, 04 Feb 2022 15:03:03 +0900 + +libtpms (0.8.2-1) unstable; urgency=medium + + * New upstream version 0.8.2 + * Fix a security issue, CVE-2021-3446 (Closes: #986799) + * debian/patches: Remove some useless patches because of new upstream + version + * debian/copyright: Fix lintian issues + + -- Seunghun Han <kkamagui@gmail.com> Wed, 14 Apr 2021 13:49:01 +0900 + +libtpms (0.8.0~dev1-1.2) unstable; urgency=medium + + * Fix a non-reproducible bug caused by the invalid path (Closes: #964768) + * Fix a FTBFS bug caused by the incomplete condition (Closes: #966857) + + -- Seunghun Han <kkamagui@gmail.com> Sun, 09 Aug 2020 02:31:09 +0900 + +libtpms (0.8.0~dev1-1.1) unstable; urgency=medium + + * Non-maintainer upload. + * debian/control: Set git packaging repo to be under Salsa Debian + group. + * Source-only upload to allow testing migration. + * debian/install: Also install static library for -dev package. + + -- Boyuan Yang <byang@debian.org> Tue, 07 Jul 2020 10:58:58 -0400 + +libtpms (0.8.0~dev1-1) unstable; urgency=medium + + * New maintainer (Closes: #958071) + * Updated standards version to 4.5.0 in debian/control + * Updated debhelper version to 12 in debian/control + * Added Rules-Requires-Root to debian/control + * Added Vcs-Browser and Vcs-Git to debian/control + * Removed autotools-dev and dh-autoreconf from debian/control since enabled + by default + * Removed autotools-dev, parallel options from debian/rules since deprecated + and enabled by default + * Converted debian/copyright to dep5-copyright format + * Added debian/watch file + * Added debian/libtpms.symbols file + * Added debian/upstream/metadata file + * Changed section of man pages from 1 to 3 + * Fixed typos and a long line warning in man pages + * Set date of man pages to last changelog entry + + -- Seunghun Han <kkamagui@gmail.com> Sat, 18 Apr 2020 09:20:03 +0900 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..111c915 --- /dev/null +++ b/debian/control @@ -0,0 +1,26 @@ +Source: libtpms +Maintainer: Seunghun Han <kkamagui@gmail.com> +Section: libs +Priority: optional +Standards-Version: 4.6.0 +Rules-Requires-Root: no +Build-Depends: debhelper-compat (= 13), dh-exec, gawk, libssl-dev, libtool, pkg-config +Homepage: https://github.com/stefanberger/libtpms +Vcs-Git: https://salsa.debian.org/debian/libtpms.git +Vcs-Browser: https://salsa.debian.org/debian/libtpms + +Package: libtpms-dev +Architecture: any +Section: libdevel +Depends: libtpms0 (= ${binary:Version}), ${misc:Depends} +Description: libtpms header files and man pages + The libtpms-dev package provides header files and man pages for the + functions provided by libtpms. + +Package: libtpms0 +Architecture: any +Multi-Arch: same +Depends: openssl, ${misc:Depends}, ${shlibs:Depends} +Description: TPM emulation library + Libtpms is a library that provides TPM functionality. Libtpm is used + by swtpm package. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..52507d7 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,412 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: libtpms +Upstream-Contact: Stefan Berger <stefanb@linux.vnet.ibm.com> +Source: https://github.com/stefanberger/libtpms + +Files: * +Copyright: + 2006, 2011 IBM Corporation + 2012-2016 IBM Corp. and others +License: BSD-3-clause and IBM-Custom + +Files: Makefile.am +Copyright: 2005, 2011 IBM Corporation +License: CPL-1.0 + +Files: include/libtpms/* +Copyright: + 2006, 2011 IBM Corporation + 2006, 2010 IBM Corporation +License: BSD-3-clause + +Files: m4/ax_check_linker_flag.m4 +Copyright: + 2008 Guido U. Draheim <guidod@gmx.de> + 2011 Maarten Bosmans <mkbosmans@gmail.com> +License: GPL-3 + +Files: + src/* +Copyright: + 2006, 2011 IBM Corporation + 2010 IBM Corporation + 2011 IBM Corporation + 2015 IBM Corporation + 2018 IBM Corporation +License: BSD-3-clause + +Files: + src/tpm12/* +Copyright: + 2006, 2010 IBM Corporation + 2006, 2011 IBM Corporation +License: BSD-3-clause + +Files: src/tpm2/* +Copyright: + 2012 IBM Corp. and others + 2012-2015, 2016 IBM Corp. and others + 2012-2018 IBM Corp. and others + 2012-2019 IBM Corp. and others + 2016 IBM Corp. and others + 2016, 2017 IBM Corp. and others + 2016-2018 IBM Corp. and others + 2016-2019 IBM Corp. and others + 2017, 2018 IBM Corp. and others + 2019 IBM Corp. and others +License: IBM-CUSTOM + +Files: + src/tpm2/BackwardsCompatibility.h + src/tpm2/LibtpmsCallbacks.* + src/tpm2/NVMarshal.* + src/tpm2/StateMarshal.* + src/tpm2/Unmarshal.c + src/tpm2/Utils.h + src/tpm2/Volatile.* +Copyright: + 2015-2018 IBM Corporation + 2017, 2018 IBM Corporation + 2018 IBM Corporation +License: BSD-3-clause + +License: BSD-3-clause + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are + met: + . + Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + . + Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + . + Neither the names of the IBM Corporation nor the names of its + contributors may be used to endorse or promote products derived from + this software without specific prior written permission. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +License: IBM-CUSTOM + Licenses and Notices + . + 1. Copyright Licenses: + . + - Trusted Computing Group (TCG) grants to the user of the source code in + this specification (the "Source Code") a worldwide, irrevocable, + nonexclusive, royalty free, copyright license to reproduce, create + derivative works, distribute, display and perform the Source Code and + derivative works thereof, and to grant others the rights granted herein. + . + - The TCG grants to the user of the other parts of the specification + (other than the Source Code) the rights to reproduce, distribute, + display, and perform the specification solely for the purpose of + developing products based on such documents. + . + 2. Source Code Distribution Conditions: + . + - Redistributions of Source Code must retain the above copyright licenses, + this list of conditions and the following disclaimers. + . + - Redistributions in binary form must reproduce the above copyright + licenses, this list of conditions and the following disclaimers in the + documentation and/or other materials provided with the distribution. + . + 3. Disclaimers: + . + - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF + LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH + RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) + THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. + Contact TCG Administration (admin@trustedcomputinggroup.org) for + information on specification licensing rights available through TCG + membership agreements. + . + - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED + WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR + FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR + NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY + OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. + . + - Without limitation, TCG and its members and licensors disclaim all + liability, including liability for infringement of any proprietary + rights, relating to use of information in this specification and to the + implementation of this specification, and TCG disclaims all liability for + cost of procurement of substitute goods or services, lost profits, loss + of use, loss of data or any incidental, consequential, direct, indirect, + or special damages, whether under contract, tort, warranty or otherwise, + arising in any way out of use or reliance upon this specification or any + information herein. + +License: GPL-3 + This program is free software: you can redistribute it and/or modify it + under the terms of the GNU General Public License as published by the + Free Software Foundation, either version 3 of the License, or (at your + option) any later version. + . + This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General + Public License for more details. + . + You should have received a copy of the GNU General Public License along + with this program. If not, see <https://www.gnu.org/licenses/>. + . + On Debian systems you will find a copy of the GPL (version 3) at + /usr/share/common-licenses/GPL-3. + . + As a special exception, the respective Autoconf Macro's copyright owner + gives unlimited permission to copy, distribute and modify the configure + scripts that are the output of Autoconf when processing the Macro. You + need not follow the terms of the GNU General Public License when using + or distributing such scripts, even though portions of the text of the + Macro appear in them. The GNU General Public License (GPL) does govern + all other use of the material that constitutes the Autoconf Macro. + . + This special exception to the GPL applies to versions of the Autoconf + Macro released by the Autoconf Archive. When you make and distribute a + modified version of the Autoconf Macro, you may extend this special + exception to the GPL to apply to your modified version as well. + +License: CPL-1.0 + The Initial Developer of the Original Code is International + Business Machines Corporation. Portions created by IBM + Corporation are Copyright (C) 2005, 2011 International Business + Machines Corporation. All Rights Reserved. + . + This program is free software; you can redistribute it and/or modify + it under the terms of the Common Public License as published by + IBM Corporation; either version 1 of the License, or (at your option) + any later version. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + Common Public License for more details. + . + You should have received a copy of the Common Public License + along with this program; if not, a copy can be viewed at + http://www.opensource.org/licenses/cpl1.0.php and below. + . + THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF THIS COMMON PUBLIC + LICENSE ("AGREEMENT"). ANY USE, REPRODUCTION OR DISTRIBUTION OF THE PROGRAM + CONSTITUTES RECIPIENT'S ACCEPTANCE OF THIS AGREEMENT. + . + 1. DEFINITIONS + . + "Contribution" means: + . + a) in the case of the initial Contributor, the initial code and + documentation distributed under this Agreement, and + . + b) in the case of each subsequent Contributor: + . + i) changes to the Program, and + . + ii) additions to the Program; + . + where such changes and/or additions to the Program originate from and are + distributed by that particular Contributor. A Contribution 'originates' from a + Contributor if it was added to the Program by such Contributor itself or anyone + acting on such Contributor's behalf. Contributions do not include additions to + the Program which: (i) are separate modules of software distributed in + conjunction with the Program under their own license agreement, and (ii) are not + derivative works of the Program. + . + "Contributor" means any person or entity that distributes the Program. + . + "Licensed Patents " mean patent claims licensable by a Contributor which are + necessarily infringed by the use or sale of its Contribution alone or when + combined with the Program. + . + "Program" means the Contributions distributed in accordance with this Agreement. + . + "Recipient" means anyone who receives the Program under this Agreement, + including all Contributors. + . + 2. GRANT OF RIGHTS + . + a) Subject to the terms of this Agreement, each Contributor hereby grants + Recipient a non-exclusive, worldwide, royalty-free copyright license to + reproduce, prepare derivative works of, publicly display, publicly perform, + distribute and sublicense the Contribution of such Contributor, if any, and such + derivative works, in source code and object code form. + . + b) Subject to the terms of this Agreement, each Contributor hereby grants + Recipient a non-exclusive, worldwide, royalty-free patent license under Licensed + Patents to make, use, sell, offer to sell, import and otherwise transfer the + Contribution of such Contributor, if any, in source code and object code form. + This patent license shall apply to the combination of the Contribution and the + Program if, at the time the Contribution is added by the Contributor, such + addition of the Contribution causes such combination to be covered by the + Licensed Patents. The patent license shall not apply to any other combinations + which include the Contribution. No hardware per se is licensed hereunder. + . + c) Recipient understands that although each Contributor grants the licenses + to its Contributions set forth herein, no assurances are provided by any + Contributor that the Program does not infringe the patent or other intellectual + property rights of any other entity. Each Contributor disclaims any liability to + Recipient for claims brought by any other entity based on infringement of + intellectual property rights or otherwise. As a condition to exercising the + rights and licenses granted hereunder, each Recipient hereby assumes sole + responsibility to secure any other intellectual property rights needed, if any. + For example, if a third party patent license is required to allow Recipient to + distribute the Program, it is Recipient's responsibility to acquire that license + before distributing the Program. + . + d) Each Contributor represents that to its knowledge it has sufficient + copyright rights in its Contribution, if any, to grant the copyright license set + forth in this Agreement. + . + 3. REQUIREMENTS + . + A Contributor may choose to distribute the Program in object code form under its + own license agreement, provided that: + . + a) it complies with the terms and conditions of this Agreement; and + . + b) its license agreement: + . + i) effectively disclaims on behalf of all Contributors all warranties and + conditions, express and implied, including warranties or conditions of title and + non-infringement, and implied warranties or conditions of merchantability and + fitness for a particular purpose; + . + ii) effectively excludes on behalf of all Contributors all liability for + damages, including direct, indirect, special, incidental and consequential + damages, such as lost profits; + . + iii) states that any provisions which differ from this Agreement are offered + by that Contributor alone and not by any other party; and + . + iv) states that source code for the Program is available from such + Contributor, and informs licensees how to obtain it in a reasonable manner on or + through a medium customarily used for software exchange. + . + When the Program is made available in source code form: + . + a) it must be made available under this Agreement; and + . + b) a copy of this Agreement must be included with each copy of the Program. + . + Contributors may not remove or alter any copyright notices contained within the + Program. + . + Each Contributor must identify itself as the originator of its Contribution, if + any, in a manner that reasonably allows subsequent Recipients to identify the + originator of the Contribution. + . + 4. COMMERCIAL DISTRIBUTION + . + Commercial distributors of software may accept certain responsibilities with + respect to end users, business partners and the like. While this license is + intended to facilitate the commercial use of the Program, the Contributor who + includes the Program in a commercial product offering should do so in a manner + which does not create potential liability for other Contributors. Therefore, if + a Contributor includes the Program in a commercial product offering, such + Contributor ("Commercial Contributor") hereby agrees to defend and indemnify + every other Contributor ("Indemnified Contributor") against any losses, damages + and costs (collectively "Losses") arising from claims, lawsuits and other legal + actions brought by a third party against the Indemnified Contributor to the + extent caused by the acts or omissions of such Commercial Contributor in + connection with its distribution of the Program in a commercial product + offering. The obligations in this section do not apply to any claims or Losses + relating to any actual or alleged intellectual property infringement. In order + to qualify, an Indemnified Contributor must: a) promptly notify the Commercial + Contributor in writing of such claim, and b) allow the Commercial Contributor to + control, and cooperate with the Commercial Contributor in, the defense and any + related settlement negotiations. The Indemnified Contributor may participate in + any such claim at its own expense. + . + For example, a Contributor might include the Program in a commercial product + offering, Product X. That Contributor is then a Commercial Contributor. If that + Commercial Contributor then makes performance claims, or offers warranties + related to Product X, those performance claims and warranties are such + Commercial Contributor's responsibility alone. Under this section, the + Commercial Contributor would have to defend claims against the other + Contributors related to those performance claims and warranties, and if a court + requires any other Contributor to pay any damages as a result, the Commercial + Contributor must pay those damages. + . + 5. NO WARRANTY + . + EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, THE PROGRAM IS PROVIDED ON AN + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR + IMPLIED INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OR CONDITIONS OF TITLE, + NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Each + Recipient is solely responsible for determining the appropriateness of using and + distributing the Program and assumes all risks associated with its exercise of + rights under this Agreement, including but not limited to the risks and costs of + program errors, compliance with applicable laws, damage to or loss of data, + programs or equipment, and unavailability or interruption of operations. + . + 6. DISCLAIMER OF LIABILITY + . + EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, NEITHER RECIPIENT NOR ANY + CONTRIBUTORS SHALL HAVE ANY LIABILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION LOST + PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OR DISTRIBUTION OF THE PROGRAM OR THE EXERCISE OF ANY RIGHTS + GRANTED HEREUNDER, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + . + 7. GENERAL + . + If any provision of this Agreement is invalid or unenforceable under applicable + law, it shall not affect the validity or enforceability of the remainder of the + terms of this Agreement, and without further action by the parties hereto, such + provision shall be reformed to the minimum extent necessary to make such + provision valid and enforceable. + . + If Recipient institutes patent litigation against a Contributor with respect to + a patent applicable to software (including a cross-claim or counterclaim in a + lawsuit), then any patent licenses granted by that Contributor to such Recipient + under this Agreement shall terminate as of the date such litigation is filed. In + addition, if Recipient institutes patent litigation against any entity + (including a cross-claim or counterclaim in a lawsuit) alleging that the Program + itself (excluding combinations of the Program with other software or hardware) + infringes such Recipient's patent(s), then such Recipient's rights granted under + Section 2(b) shall terminate as of the date such litigation is filed. + . + All Recipient's rights under this Agreement shall terminate if it fails to + comply with any of the material terms or conditions of this Agreement and does + not cure such failure in a reasonable period of time after becoming aware of + such noncompliance. If all Recipient's rights under this Agreement terminate, + Recipient agrees to cease use and distribution of the Program as soon as + reasonably practicable. However, Recipient's obligations under this Agreement + and any licenses granted by Recipient relating to the Program shall continue and + survive. + . + Everyone is permitted to copy and distribute copies of this Agreement, but in + order to avoid inconsistency the Agreement is copyrighted and may only be + modified in the following manner. The Agreement Steward reserves the right to + publish new versions (including revisions) of this Agreement from time to time. + No one other than the Agreement Steward has the right to modify this Agreement. + IBM is the initial Agreement Steward. IBM may assign the responsibility to serve + as the Agreement Steward to a suitable separate entity. Each new version of the + Agreement will be given a distinguishing version number. The Program (including + Contributions) may always be distributed subject to the version of the Agreement + under which it was received. In addition, after a new version of the Agreement + is published, Contributor may elect to distribute the Program (including its + Contributions) under the new version. Except as expressly stated in Sections + 2(a) and 2(b) above, Recipient receives no rights or licenses to the + intellectual property of any Contributor under this Agreement, whether + expressly, by implication, estoppel or otherwise. All rights in the Program not + expressly granted under this Agreement are reserved. + . + This Agreement is governed by the laws of the State of New York and the + intellectual property laws of the United States of America. No party to this + Agreement will bring a legal action under this Agreement more than one year + after the cause of action arose. Each party waives its rights to a jury trial in + any resulting litigation. diff --git a/debian/libtpms-dev.install b/debian/libtpms-dev.install new file mode 100644 index 0000000..6932eff --- /dev/null +++ b/debian/libtpms-dev.install @@ -0,0 +1,5 @@ +/usr/include/libtpms/*.h +/usr/share/man/man3/*.3 +usr/lib/*/*.a +usr/lib/*/*.so +usr/lib/*/pkgconfig/ diff --git a/debian/libtpms0.install b/debian/libtpms0.install new file mode 100644 index 0000000..a451edd --- /dev/null +++ b/debian/libtpms0.install @@ -0,0 +1 @@ +/usr/lib/*/*.so.* diff --git a/debian/libtpms0.symbols b/debian/libtpms0.symbols new file mode 100644 index 0000000..b7dcb1e --- /dev/null +++ b/debian/libtpms0.symbols @@ -0,0 +1,30 @@ +libtpms.so.0 libtpms0 #MINVER# + LIBTPMS_0.5.1@LIBTPMS_0.5.1 0.8.0~dev1 + LIBTPMS_0.6.0@LIBTPMS_0.6.0 0.8.0~dev1 + TPMLIB_CancelCommand@LIBTPMS_0.6.0 0.8.0~dev1 + TPMLIB_ChooseTPMVersion@LIBTPMS_0.6.0 0.8.0~dev1 + TPMLIB_DecodeBlob@LIBTPMS_0.5.1 0.8.0~dev1 + TPMLIB_GetInfo@LIBTPMS_0.6.0 0.8.0~dev1 + TPMLIB_GetState@LIBTPMS_0.6.0 0.8.0~dev1 + TPMLIB_GetTPMProperty@LIBTPMS_0.5.1 0.8.0~dev1 + TPMLIB_GetVersion@LIBTPMS_0.5.1 0.8.0~dev1 + TPMLIB_MainInit@LIBTPMS_0.5.1 0.8.0~dev1 + TPMLIB_Process@LIBTPMS_0.5.1 0.8.0~dev1 + TPMLIB_RegisterCallbacks@LIBTPMS_0.5.1 0.8.0~dev1 + TPMLIB_SetBufferSize@LIBTPMS_0.6.0 0.8.0~dev1 + TPMLIB_SetDebugFD@LIBTPMS_0.6.0 0.8.0~dev1 + TPMLIB_SetDebugLevel@LIBTPMS_0.6.0 0.8.0~dev1 + TPMLIB_SetDebugPrefix@LIBTPMS_0.6.0 0.8.0~dev1 + TPMLIB_SetState@LIBTPMS_0.6.0 0.8.0~dev1 + TPMLIB_Terminate@LIBTPMS_0.5.1 0.8.0~dev1 + TPMLIB_ValidateState@LIBTPMS_0.6.0 0.8.0~dev1 + TPMLIB_VolatileAll_Store@LIBTPMS_0.5.1 0.8.0~dev1 + TPM_Free@LIBTPMS_0.5.1 0.8.0~dev1 + TPM_IO_Hash_Data@LIBTPMS_0.5.1 0.8.0~dev1 + TPM_IO_Hash_End@LIBTPMS_0.5.1 0.8.0~dev1 + TPM_IO_Hash_Start@LIBTPMS_0.5.1 0.8.0~dev1 + TPM_IO_TpmEstablished_Get@LIBTPMS_0.5.1 0.8.0~dev1 + TPM_IO_TpmEstablished_Reset@LIBTPMS_0.6.0 0.8.0~dev1 + TPM_Malloc@LIBTPMS_0.5.1 0.8.0~dev1 + TPM_Realloc@LIBTPMS_0.5.1 0.8.0~dev1 +* Build-Depends-Package: libtpms-dev diff --git a/debian/not-installed b/debian/not-installed new file mode 100644 index 0000000..f403946 --- /dev/null +++ b/debian/not-installed @@ -0,0 +1 @@ +usr/lib/*/*.la diff --git a/debian/patches/0003-set-man-page-date-to-last-changelog.patch b/debian/patches/0003-set-man-page-date-to-last-changelog.patch new file mode 100644 index 0000000..39d4a19 --- /dev/null +++ b/debian/patches/0003-set-man-page-date-to-last-changelog.patch @@ -0,0 +1,20 @@ +Description: Set the date of man pages to the last changelog entry. +Forwarded: not-needed + +--- a/man/man3/Makefile.am ++++ b/man/man3/Makefile.am +@@ -55,11 +55,14 @@ + TPM_Malloc.3 + + man3_MANS += $(man3_MANS_generated) ++BUILD_DATE ?= $$(dpkg-parsechangelog -S Date -l../../debian/changelog) ++PODDATE = $$(date -u "+%Y-%m-%d" -d "$(BUILD_DATE)") + + %.3 : %.pod + @pod2man -r "libtpms" \ + -c "" \ + -n $(basename $@) \ ++ --date="$(PODDATE)" \ + --section=3 $< > $@ + + EXTRA_DIST = $(man3_MANS) $(man3_PODS) diff --git a/debian/patches/0004-fix-ftbfs-bug.patch b/debian/patches/0004-fix-ftbfs-bug.patch new file mode 100644 index 0000000..a8e456b --- /dev/null +++ b/debian/patches/0004-fix-ftbfs-bug.patch @@ -0,0 +1,14 @@ +Description: Fix FTBFS caused by the incomplete condition. +Forwarded: not-needed + +--- a/src/tpm2/NVDynamic.c ++++ b/src/tpm2/NVDynamic.c +@@ -122,7 +122,7 @@ + if(HandleGetType(nvHandle) == type) + break; + } +- if(handle != NULL) ++ if((handle != NULL) && (addr != 0)) + *handle = nvHandle; + return addr; + } diff --git a/debian/patches/do_not_inline_makeiv.patch b/debian/patches/do_not_inline_makeiv.patch new file mode 100644 index 0000000..393e2ac --- /dev/null +++ b/debian/patches/do_not_inline_makeiv.patch @@ -0,0 +1,20 @@ +Do not inline MakeIV due toppc64 compiler issue + +The ppc64 gcc compiler has an issue with MakeIv. + +--- + src/tpm2/AlgorithmTests.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/src/tpm2/AlgorithmTests.c ++++ b/src/tpm2/AlgorithmTests.c +@@ -179,6 +179,9 @@ + /* 10.2.1.4.1 MakeIv() */ + /* Internal function to make the appropriate IV depending on the mode. */ + static UINT32 ++#if defined(__powerpc64__) ++__attribute__((noinline)) ++#endif + MakeIv( + TPM_ALG_ID mode, // IN: symmetric mode + UINT32 size, // IN: block size of the algorithm diff --git a/debian/patches/no_local_check.patch b/debian/patches/no_local_check.patch new file mode 100644 index 0000000..c7f461e --- /dev/null +++ b/debian/patches/no_local_check.patch @@ -0,0 +1,21 @@ +Do not run check-local due to bug in ppc64 gcc on Jammy + +ppc64 gcc has a bug causing issued in check-local. +Therefore, do not run check-local while ppc64 gcc is broken +on Ubuntu Jammy. + +--- + src/Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -599,7 +599,7 @@ + LDFLAGS_ARCH += $(findstring -m64, $(AM_LDFLAGS)) + + check-local: SHELL?="/usr/bin/env bash" +-check-local: ++NO-check-local: + @case $(host_os) in \ + openbsd*) ADDLIBS="-lc" ;; \ + darwin*|freebsd*) LDFLAGS_OS="-shared" ;; \ diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..1f4b815 --- /dev/null +++ b/debian/patches/series @@ -0,0 +1,5 @@ +0003-set-man-page-date-to-last-changelog.patch +0004-fix-ftbfs-bug.patch +do_not_inline_makeiv.patch +no_local_check.patch +tpm2-Check-size-of-buffer-before-accessing-it-CVE-20.patch diff --git a/debian/patches/tpm2-Check-size-of-buffer-before-accessing-it-CVE-20.patch b/debian/patches/tpm2-Check-size-of-buffer-before-accessing-it-CVE-20.patch new file mode 100644 index 0000000..89fef6a --- /dev/null +++ b/debian/patches/tpm2-Check-size-of-buffer-before-accessing-it-CVE-20.patch @@ -0,0 +1,55 @@ +From: Stefan Berger <stefanb@linux.ibm.com> +Date: Mon, 20 Feb 2023 14:41:10 -0500 +Subject: tpm2: Check size of buffer before accessing it (CVE-2023-1017 & + -1018) +Origin: https://github.com/stefanberger/libtpms/commit/324dbb4c27ae789c73b69dbf4611242267919dd4 +Bug-Debian: https://bugs.debian.org/1032420 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2023-1018 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2023-1017 + +Check that there are sufficient bytes in the buffer before reading the +cipherSize from it. Also, reduce the bufferSize variable by the number +of bytes that make up the cipherSize to avoid reading and writing bytes +beyond the buffer in subsequent steps that do in-place decryption. + +This fixes CVE-2023-1017 & CVE-2023-1018. + +Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> +--- + src/tpm2/CryptUtil.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/tpm2/CryptUtil.c b/src/tpm2/CryptUtil.c +index 002fde0987a9..8fae5b6903ca 100644 +--- a/src/tpm2/CryptUtil.c ++++ b/src/tpm2/CryptUtil.c +@@ -830,6 +830,10 @@ CryptParameterDecryption( + + sizeof(session->sessionKey.t.buffer))); + TPM2B_HMAC_KEY key; // decryption key + UINT32 cipherSize = 0; // size of cipher text ++ ++ if (leadingSizeInByte > bufferSize) ++ return TPM_RC_INSUFFICIENT; ++ + // Retrieve encrypted data size. + if(leadingSizeInByte == 2) + { +@@ -837,6 +841,7 @@ CryptParameterDecryption( + // data to be decrypted + cipherSize = (UINT32)BYTE_ARRAY_TO_UINT16(buffer); + buffer = &buffer[2]; // advance the buffer ++ bufferSize -= 2; + } + #ifdef TPM4B + else if(leadingSizeInByte == 4) +@@ -844,6 +849,7 @@ CryptParameterDecryption( + // the leading size is four bytes so get the four byte size field + cipherSize = BYTE_ARRAY_TO_UINT32(buffer); + buffer = &buffer[4]; //advance pointer ++ bufferSize -= 4; + } + #endif + else +-- +2.39.2 + diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..be292e4 --- /dev/null +++ b/debian/rules @@ -0,0 +1,11 @@ +#!/usr/bin/make -f + +include /usr/share/dpkg/architecture.mk + +%: + dh $@ --with autoreconf + +override_dh_auto_configure: + dh_auto_configure -- --with-openssl --with-tpm2 + +override_dh_usrlocal: diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/debian/upstream/metadata b/debian/upstream/metadata new file mode 100644 index 0000000..d09f126 --- /dev/null +++ b/debian/upstream/metadata @@ -0,0 +1,2 @@ +Bug-Database: https://github.com/stefanberger/libtpms/issues +Repository: https://github.com/stefanberger/libtpms.git diff --git a/debian/watch b/debian/watch new file mode 100644 index 0000000..a382d46 --- /dev/null +++ b/debian/watch @@ -0,0 +1,3 @@ +version=4 +opts=filenamemangle=s/.+\/v?(\d\S+)\.tar\.gz/libtpms-$1\.tar\.gz/ \ + https://github.com/stefanberger/libtpms/tags .*/v?(\d\S+)\.tar\.gz |