summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--debian/changelog84
-rw-r--r--debian/control26
-rw-r--r--debian/copyright412
-rw-r--r--debian/libtpms-dev.install5
-rw-r--r--debian/libtpms0.install1
-rw-r--r--debian/libtpms0.symbols30
-rw-r--r--debian/not-installed1
-rw-r--r--debian/patches/0003-set-man-page-date-to-last-changelog.patch20
-rw-r--r--debian/patches/0004-fix-ftbfs-bug.patch14
-rw-r--r--debian/patches/do_not_inline_makeiv.patch20
-rw-r--r--debian/patches/no_local_check.patch21
-rw-r--r--debian/patches/series5
-rw-r--r--debian/patches/tpm2-Check-size-of-buffer-before-accessing-it-CVE-20.patch55
-rwxr-xr-xdebian/rules11
-rw-r--r--debian/source/format1
-rw-r--r--debian/upstream/metadata2
-rw-r--r--debian/watch3
17 files changed, 711 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000..9f1b620
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,84 @@
+libtpms (0.9.2-3.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * tpm2: Check size of buffer before accessing it (CVE-2023-1017,
+ CVE-2023-1018) (Closes: #1032420)
+
+ -- Salvatore Bonaccorso <carnil@debian.org> Tue, 07 Mar 2023 22:32:00 +0100
+
+libtpms (0.9.2-3) unstable; urgency=medium
+
+ * Fix ppc64el build errors (Closes: #997969)
+ * debian/patches: Import upstream patches for fixing build errors
+
+ -- Seunghun Han <kkamagui@gmail.com> Tue, 08 Mar 2022 17:34:16 +0900
+
+libtpms (0.9.2-2) unstable; urgency=medium
+
+ * Upload source only for upstream version 0.9.2
+
+ -- Seunghun Han <kkamagui@gmail.com> Tue, 22 Feb 2022 17:29:00 +0900
+
+libtpms (0.9.2-1) unstable; urgency=medium
+
+ * New upstream version 0.9.2 (Closes: #1006213)
+
+ -- Seunghun Han <kkamagui@gmail.com> Tue, 22 Feb 2022 15:19:28 +0900
+
+libtpms (0.9.1-1) unstable; urgency=medium
+
+ * New upstream version 0.9.1
+ * Fix a security issue, CVE-2021-3623 (Closes: #990522)
+ * debian/patches: Remove some useless patches because of new upstream
+ version
+ * debian/control: Change Standards-Version to 4.6.0
+
+ -- Seunghun Han <kkamagui@gmail.com> Fri, 04 Feb 2022 15:03:03 +0900
+
+libtpms (0.8.2-1) unstable; urgency=medium
+
+ * New upstream version 0.8.2
+ * Fix a security issue, CVE-2021-3446 (Closes: #986799)
+ * debian/patches: Remove some useless patches because of new upstream
+ version
+ * debian/copyright: Fix lintian issues
+
+ -- Seunghun Han <kkamagui@gmail.com> Wed, 14 Apr 2021 13:49:01 +0900
+
+libtpms (0.8.0~dev1-1.2) unstable; urgency=medium
+
+ * Fix a non-reproducible bug caused by the invalid path (Closes: #964768)
+ * Fix a FTBFS bug caused by the incomplete condition (Closes: #966857)
+
+ -- Seunghun Han <kkamagui@gmail.com> Sun, 09 Aug 2020 02:31:09 +0900
+
+libtpms (0.8.0~dev1-1.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * debian/control: Set git packaging repo to be under Salsa Debian
+ group.
+ * Source-only upload to allow testing migration.
+ * debian/install: Also install static library for -dev package.
+
+ -- Boyuan Yang <byang@debian.org> Tue, 07 Jul 2020 10:58:58 -0400
+
+libtpms (0.8.0~dev1-1) unstable; urgency=medium
+
+ * New maintainer (Closes: #958071)
+ * Updated standards version to 4.5.0 in debian/control
+ * Updated debhelper version to 12 in debian/control
+ * Added Rules-Requires-Root to debian/control
+ * Added Vcs-Browser and Vcs-Git to debian/control
+ * Removed autotools-dev and dh-autoreconf from debian/control since enabled
+ by default
+ * Removed autotools-dev, parallel options from debian/rules since deprecated
+ and enabled by default
+ * Converted debian/copyright to dep5-copyright format
+ * Added debian/watch file
+ * Added debian/libtpms.symbols file
+ * Added debian/upstream/metadata file
+ * Changed section of man pages from 1 to 3
+ * Fixed typos and a long line warning in man pages
+ * Set date of man pages to last changelog entry
+
+ -- Seunghun Han <kkamagui@gmail.com> Sat, 18 Apr 2020 09:20:03 +0900
diff --git a/debian/control b/debian/control
new file mode 100644
index 0000000..111c915
--- /dev/null
+++ b/debian/control
@@ -0,0 +1,26 @@
+Source: libtpms
+Maintainer: Seunghun Han <kkamagui@gmail.com>
+Section: libs
+Priority: optional
+Standards-Version: 4.6.0
+Rules-Requires-Root: no
+Build-Depends: debhelper-compat (= 13), dh-exec, gawk, libssl-dev, libtool, pkg-config
+Homepage: https://github.com/stefanberger/libtpms
+Vcs-Git: https://salsa.debian.org/debian/libtpms.git
+Vcs-Browser: https://salsa.debian.org/debian/libtpms
+
+Package: libtpms-dev
+Architecture: any
+Section: libdevel
+Depends: libtpms0 (= ${binary:Version}), ${misc:Depends}
+Description: libtpms header files and man pages
+ The libtpms-dev package provides header files and man pages for the
+ functions provided by libtpms.
+
+Package: libtpms0
+Architecture: any
+Multi-Arch: same
+Depends: openssl, ${misc:Depends}, ${shlibs:Depends}
+Description: TPM emulation library
+ Libtpms is a library that provides TPM functionality. Libtpm is used
+ by swtpm package.
diff --git a/debian/copyright b/debian/copyright
new file mode 100644
index 0000000..52507d7
--- /dev/null
+++ b/debian/copyright
@@ -0,0 +1,412 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: libtpms
+Upstream-Contact: Stefan Berger <stefanb@linux.vnet.ibm.com>
+Source: https://github.com/stefanberger/libtpms
+
+Files: *
+Copyright:
+ 2006, 2011 IBM Corporation
+ 2012-2016 IBM Corp. and others
+License: BSD-3-clause and IBM-Custom
+
+Files: Makefile.am
+Copyright: 2005, 2011 IBM Corporation
+License: CPL-1.0
+
+Files: include/libtpms/*
+Copyright:
+ 2006, 2011 IBM Corporation
+ 2006, 2010 IBM Corporation
+License: BSD-3-clause
+
+Files: m4/ax_check_linker_flag.m4
+Copyright:
+ 2008 Guido U. Draheim <guidod@gmx.de>
+ 2011 Maarten Bosmans <mkbosmans@gmail.com>
+License: GPL-3
+
+Files:
+ src/*
+Copyright:
+ 2006, 2011 IBM Corporation
+ 2010 IBM Corporation
+ 2011 IBM Corporation
+ 2015 IBM Corporation
+ 2018 IBM Corporation
+License: BSD-3-clause
+
+Files:
+ src/tpm12/*
+Copyright:
+ 2006, 2010 IBM Corporation
+ 2006, 2011 IBM Corporation
+License: BSD-3-clause
+
+Files: src/tpm2/*
+Copyright:
+ 2012 IBM Corp. and others
+ 2012-2015, 2016 IBM Corp. and others
+ 2012-2018 IBM Corp. and others
+ 2012-2019 IBM Corp. and others
+ 2016 IBM Corp. and others
+ 2016, 2017 IBM Corp. and others
+ 2016-2018 IBM Corp. and others
+ 2016-2019 IBM Corp. and others
+ 2017, 2018 IBM Corp. and others
+ 2019 IBM Corp. and others
+License: IBM-CUSTOM
+
+Files:
+ src/tpm2/BackwardsCompatibility.h
+ src/tpm2/LibtpmsCallbacks.*
+ src/tpm2/NVMarshal.*
+ src/tpm2/StateMarshal.*
+ src/tpm2/Unmarshal.c
+ src/tpm2/Utils.h
+ src/tpm2/Volatile.*
+Copyright:
+ 2015-2018 IBM Corporation
+ 2017, 2018 IBM Corporation
+ 2018 IBM Corporation
+License: BSD-3-clause
+
+License: BSD-3-clause
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are
+ met:
+ .
+ Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+ .
+ Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+ .
+ Neither the names of the IBM Corporation nor the names of its
+ contributors may be used to endorse or promote products derived from
+ this software without specific prior written permission.
+ .
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+License: IBM-CUSTOM
+ Licenses and Notices
+ .
+ 1. Copyright Licenses:
+ .
+ - Trusted Computing Group (TCG) grants to the user of the source code in
+ this specification (the "Source Code") a worldwide, irrevocable,
+ nonexclusive, royalty free, copyright license to reproduce, create
+ derivative works, distribute, display and perform the Source Code and
+ derivative works thereof, and to grant others the rights granted herein.
+ .
+ - The TCG grants to the user of the other parts of the specification
+ (other than the Source Code) the rights to reproduce, distribute,
+ display, and perform the specification solely for the purpose of
+ developing products based on such documents.
+ .
+ 2. Source Code Distribution Conditions:
+ .
+ - Redistributions of Source Code must retain the above copyright licenses,
+ this list of conditions and the following disclaimers.
+ .
+ - Redistributions in binary form must reproduce the above copyright
+ licenses, this list of conditions and the following disclaimers in the
+ documentation and/or other materials provided with the distribution.
+ .
+ 3. Disclaimers:
+ .
+ - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF
+ LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH
+ RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)
+ THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.
+ Contact TCG Administration (admin@trustedcomputinggroup.org) for
+ information on specification licensing rights available through TCG
+ membership agreements.
+ .
+ - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED
+ WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR
+ FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR
+ NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY
+ OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.
+ .
+ - Without limitation, TCG and its members and licensors disclaim all
+ liability, including liability for infringement of any proprietary
+ rights, relating to use of information in this specification and to the
+ implementation of this specification, and TCG disclaims all liability for
+ cost of procurement of substitute goods or services, lost profits, loss
+ of use, loss of data or any incidental, consequential, direct, indirect,
+ or special damages, whether under contract, tort, warranty or otherwise,
+ arising in any way out of use or reliance upon this specification or any
+ information herein.
+
+License: GPL-3
+ This program is free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by the
+ Free Software Foundation, either version 3 of the License, or (at your
+ option) any later version.
+ .
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
+ Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License along
+ with this program. If not, see <https://www.gnu.org/licenses/>.
+ .
+ On Debian systems you will find a copy of the GPL (version 3) at
+ /usr/share/common-licenses/GPL-3.
+ .
+ As a special exception, the respective Autoconf Macro's copyright owner
+ gives unlimited permission to copy, distribute and modify the configure
+ scripts that are the output of Autoconf when processing the Macro. You
+ need not follow the terms of the GNU General Public License when using
+ or distributing such scripts, even though portions of the text of the
+ Macro appear in them. The GNU General Public License (GPL) does govern
+ all other use of the material that constitutes the Autoconf Macro.
+ .
+ This special exception to the GPL applies to versions of the Autoconf
+ Macro released by the Autoconf Archive. When you make and distribute a
+ modified version of the Autoconf Macro, you may extend this special
+ exception to the GPL to apply to your modified version as well.
+
+License: CPL-1.0
+ The Initial Developer of the Original Code is International
+ Business Machines Corporation. Portions created by IBM
+ Corporation are Copyright (C) 2005, 2011 International Business
+ Machines Corporation. All Rights Reserved.
+ .
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the Common Public License as published by
+ IBM Corporation; either version 1 of the License, or (at your option)
+ any later version.
+ .
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ Common Public License for more details.
+ .
+ You should have received a copy of the Common Public License
+ along with this program; if not, a copy can be viewed at
+ http://www.opensource.org/licenses/cpl1.0.php and below.
+ .
+ THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF THIS COMMON PUBLIC
+ LICENSE ("AGREEMENT"). ANY USE, REPRODUCTION OR DISTRIBUTION OF THE PROGRAM
+ CONSTITUTES RECIPIENT'S ACCEPTANCE OF THIS AGREEMENT.
+ .
+ 1. DEFINITIONS
+ .
+ "Contribution" means:
+ .
+ a) in the case of the initial Contributor, the initial code and
+ documentation distributed under this Agreement, and
+ .
+ b) in the case of each subsequent Contributor:
+ .
+ i) changes to the Program, and
+ .
+ ii) additions to the Program;
+ .
+ where such changes and/or additions to the Program originate from and are
+ distributed by that particular Contributor. A Contribution 'originates' from a
+ Contributor if it was added to the Program by such Contributor itself or anyone
+ acting on such Contributor's behalf. Contributions do not include additions to
+ the Program which: (i) are separate modules of software distributed in
+ conjunction with the Program under their own license agreement, and (ii) are not
+ derivative works of the Program.
+ .
+ "Contributor" means any person or entity that distributes the Program.
+ .
+ "Licensed Patents " mean patent claims licensable by a Contributor which are
+ necessarily infringed by the use or sale of its Contribution alone or when
+ combined with the Program.
+ .
+ "Program" means the Contributions distributed in accordance with this Agreement.
+ .
+ "Recipient" means anyone who receives the Program under this Agreement,
+ including all Contributors.
+ .
+ 2. GRANT OF RIGHTS
+ .
+ a) Subject to the terms of this Agreement, each Contributor hereby grants
+ Recipient a non-exclusive, worldwide, royalty-free copyright license to
+ reproduce, prepare derivative works of, publicly display, publicly perform,
+ distribute and sublicense the Contribution of such Contributor, if any, and such
+ derivative works, in source code and object code form.
+ .
+ b) Subject to the terms of this Agreement, each Contributor hereby grants
+ Recipient a non-exclusive, worldwide, royalty-free patent license under Licensed
+ Patents to make, use, sell, offer to sell, import and otherwise transfer the
+ Contribution of such Contributor, if any, in source code and object code form.
+ This patent license shall apply to the combination of the Contribution and the
+ Program if, at the time the Contribution is added by the Contributor, such
+ addition of the Contribution causes such combination to be covered by the
+ Licensed Patents. The patent license shall not apply to any other combinations
+ which include the Contribution. No hardware per se is licensed hereunder.
+ .
+ c) Recipient understands that although each Contributor grants the licenses
+ to its Contributions set forth herein, no assurances are provided by any
+ Contributor that the Program does not infringe the patent or other intellectual
+ property rights of any other entity. Each Contributor disclaims any liability to
+ Recipient for claims brought by any other entity based on infringement of
+ intellectual property rights or otherwise. As a condition to exercising the
+ rights and licenses granted hereunder, each Recipient hereby assumes sole
+ responsibility to secure any other intellectual property rights needed, if any.
+ For example, if a third party patent license is required to allow Recipient to
+ distribute the Program, it is Recipient's responsibility to acquire that license
+ before distributing the Program.
+ .
+ d) Each Contributor represents that to its knowledge it has sufficient
+ copyright rights in its Contribution, if any, to grant the copyright license set
+ forth in this Agreement.
+ .
+ 3. REQUIREMENTS
+ .
+ A Contributor may choose to distribute the Program in object code form under its
+ own license agreement, provided that:
+ .
+ a) it complies with the terms and conditions of this Agreement; and
+ .
+ b) its license agreement:
+ .
+ i) effectively disclaims on behalf of all Contributors all warranties and
+ conditions, express and implied, including warranties or conditions of title and
+ non-infringement, and implied warranties or conditions of merchantability and
+ fitness for a particular purpose;
+ .
+ ii) effectively excludes on behalf of all Contributors all liability for
+ damages, including direct, indirect, special, incidental and consequential
+ damages, such as lost profits;
+ .
+ iii) states that any provisions which differ from this Agreement are offered
+ by that Contributor alone and not by any other party; and
+ .
+ iv) states that source code for the Program is available from such
+ Contributor, and informs licensees how to obtain it in a reasonable manner on or
+ through a medium customarily used for software exchange.
+ .
+ When the Program is made available in source code form:
+ .
+ a) it must be made available under this Agreement; and
+ .
+ b) a copy of this Agreement must be included with each copy of the Program.
+ .
+ Contributors may not remove or alter any copyright notices contained within the
+ Program.
+ .
+ Each Contributor must identify itself as the originator of its Contribution, if
+ any, in a manner that reasonably allows subsequent Recipients to identify the
+ originator of the Contribution.
+ .
+ 4. COMMERCIAL DISTRIBUTION
+ .
+ Commercial distributors of software may accept certain responsibilities with
+ respect to end users, business partners and the like. While this license is
+ intended to facilitate the commercial use of the Program, the Contributor who
+ includes the Program in a commercial product offering should do so in a manner
+ which does not create potential liability for other Contributors. Therefore, if
+ a Contributor includes the Program in a commercial product offering, such
+ Contributor ("Commercial Contributor") hereby agrees to defend and indemnify
+ every other Contributor ("Indemnified Contributor") against any losses, damages
+ and costs (collectively "Losses") arising from claims, lawsuits and other legal
+ actions brought by a third party against the Indemnified Contributor to the
+ extent caused by the acts or omissions of such Commercial Contributor in
+ connection with its distribution of the Program in a commercial product
+ offering. The obligations in this section do not apply to any claims or Losses
+ relating to any actual or alleged intellectual property infringement. In order
+ to qualify, an Indemnified Contributor must: a) promptly notify the Commercial
+ Contributor in writing of such claim, and b) allow the Commercial Contributor to
+ control, and cooperate with the Commercial Contributor in, the defense and any
+ related settlement negotiations. The Indemnified Contributor may participate in
+ any such claim at its own expense.
+ .
+ For example, a Contributor might include the Program in a commercial product
+ offering, Product X. That Contributor is then a Commercial Contributor. If that
+ Commercial Contributor then makes performance claims, or offers warranties
+ related to Product X, those performance claims and warranties are such
+ Commercial Contributor's responsibility alone. Under this section, the
+ Commercial Contributor would have to defend claims against the other
+ Contributors related to those performance claims and warranties, and if a court
+ requires any other Contributor to pay any damages as a result, the Commercial
+ Contributor must pay those damages.
+ .
+ 5. NO WARRANTY
+ .
+ EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, THE PROGRAM IS PROVIDED ON AN
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR
+ IMPLIED INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OR CONDITIONS OF TITLE,
+ NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Each
+ Recipient is solely responsible for determining the appropriateness of using and
+ distributing the Program and assumes all risks associated with its exercise of
+ rights under this Agreement, including but not limited to the risks and costs of
+ program errors, compliance with applicable laws, damage to or loss of data,
+ programs or equipment, and unavailability or interruption of operations.
+ .
+ 6. DISCLAIMER OF LIABILITY
+ .
+ EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, NEITHER RECIPIENT NOR ANY
+ CONTRIBUTORS SHALL HAVE ANY LIABILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION LOST
+ PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ OUT OF THE USE OR DISTRIBUTION OF THE PROGRAM OR THE EXERCISE OF ANY RIGHTS
+ GRANTED HEREUNDER, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ .
+ 7. GENERAL
+ .
+ If any provision of this Agreement is invalid or unenforceable under applicable
+ law, it shall not affect the validity or enforceability of the remainder of the
+ terms of this Agreement, and without further action by the parties hereto, such
+ provision shall be reformed to the minimum extent necessary to make such
+ provision valid and enforceable.
+ .
+ If Recipient institutes patent litigation against a Contributor with respect to
+ a patent applicable to software (including a cross-claim or counterclaim in a
+ lawsuit), then any patent licenses granted by that Contributor to such Recipient
+ under this Agreement shall terminate as of the date such litigation is filed. In
+ addition, if Recipient institutes patent litigation against any entity
+ (including a cross-claim or counterclaim in a lawsuit) alleging that the Program
+ itself (excluding combinations of the Program with other software or hardware)
+ infringes such Recipient's patent(s), then such Recipient's rights granted under
+ Section 2(b) shall terminate as of the date such litigation is filed.
+ .
+ All Recipient's rights under this Agreement shall terminate if it fails to
+ comply with any of the material terms or conditions of this Agreement and does
+ not cure such failure in a reasonable period of time after becoming aware of
+ such noncompliance. If all Recipient's rights under this Agreement terminate,
+ Recipient agrees to cease use and distribution of the Program as soon as
+ reasonably practicable. However, Recipient's obligations under this Agreement
+ and any licenses granted by Recipient relating to the Program shall continue and
+ survive.
+ .
+ Everyone is permitted to copy and distribute copies of this Agreement, but in
+ order to avoid inconsistency the Agreement is copyrighted and may only be
+ modified in the following manner. The Agreement Steward reserves the right to
+ publish new versions (including revisions) of this Agreement from time to time.
+ No one other than the Agreement Steward has the right to modify this Agreement.
+ IBM is the initial Agreement Steward. IBM may assign the responsibility to serve
+ as the Agreement Steward to a suitable separate entity. Each new version of the
+ Agreement will be given a distinguishing version number. The Program (including
+ Contributions) may always be distributed subject to the version of the Agreement
+ under which it was received. In addition, after a new version of the Agreement
+ is published, Contributor may elect to distribute the Program (including its
+ Contributions) under the new version. Except as expressly stated in Sections
+ 2(a) and 2(b) above, Recipient receives no rights or licenses to the
+ intellectual property of any Contributor under this Agreement, whether
+ expressly, by implication, estoppel or otherwise. All rights in the Program not
+ expressly granted under this Agreement are reserved.
+ .
+ This Agreement is governed by the laws of the State of New York and the
+ intellectual property laws of the United States of America. No party to this
+ Agreement will bring a legal action under this Agreement more than one year
+ after the cause of action arose. Each party waives its rights to a jury trial in
+ any resulting litigation.
diff --git a/debian/libtpms-dev.install b/debian/libtpms-dev.install
new file mode 100644
index 0000000..6932eff
--- /dev/null
+++ b/debian/libtpms-dev.install
@@ -0,0 +1,5 @@
+/usr/include/libtpms/*.h
+/usr/share/man/man3/*.3
+usr/lib/*/*.a
+usr/lib/*/*.so
+usr/lib/*/pkgconfig/
diff --git a/debian/libtpms0.install b/debian/libtpms0.install
new file mode 100644
index 0000000..a451edd
--- /dev/null
+++ b/debian/libtpms0.install
@@ -0,0 +1 @@
+/usr/lib/*/*.so.*
diff --git a/debian/libtpms0.symbols b/debian/libtpms0.symbols
new file mode 100644
index 0000000..b7dcb1e
--- /dev/null
+++ b/debian/libtpms0.symbols
@@ -0,0 +1,30 @@
+libtpms.so.0 libtpms0 #MINVER#
+ LIBTPMS_0.5.1@LIBTPMS_0.5.1 0.8.0~dev1
+ LIBTPMS_0.6.0@LIBTPMS_0.6.0 0.8.0~dev1
+ TPMLIB_CancelCommand@LIBTPMS_0.6.0 0.8.0~dev1
+ TPMLIB_ChooseTPMVersion@LIBTPMS_0.6.0 0.8.0~dev1
+ TPMLIB_DecodeBlob@LIBTPMS_0.5.1 0.8.0~dev1
+ TPMLIB_GetInfo@LIBTPMS_0.6.0 0.8.0~dev1
+ TPMLIB_GetState@LIBTPMS_0.6.0 0.8.0~dev1
+ TPMLIB_GetTPMProperty@LIBTPMS_0.5.1 0.8.0~dev1
+ TPMLIB_GetVersion@LIBTPMS_0.5.1 0.8.0~dev1
+ TPMLIB_MainInit@LIBTPMS_0.5.1 0.8.0~dev1
+ TPMLIB_Process@LIBTPMS_0.5.1 0.8.0~dev1
+ TPMLIB_RegisterCallbacks@LIBTPMS_0.5.1 0.8.0~dev1
+ TPMLIB_SetBufferSize@LIBTPMS_0.6.0 0.8.0~dev1
+ TPMLIB_SetDebugFD@LIBTPMS_0.6.0 0.8.0~dev1
+ TPMLIB_SetDebugLevel@LIBTPMS_0.6.0 0.8.0~dev1
+ TPMLIB_SetDebugPrefix@LIBTPMS_0.6.0 0.8.0~dev1
+ TPMLIB_SetState@LIBTPMS_0.6.0 0.8.0~dev1
+ TPMLIB_Terminate@LIBTPMS_0.5.1 0.8.0~dev1
+ TPMLIB_ValidateState@LIBTPMS_0.6.0 0.8.0~dev1
+ TPMLIB_VolatileAll_Store@LIBTPMS_0.5.1 0.8.0~dev1
+ TPM_Free@LIBTPMS_0.5.1 0.8.0~dev1
+ TPM_IO_Hash_Data@LIBTPMS_0.5.1 0.8.0~dev1
+ TPM_IO_Hash_End@LIBTPMS_0.5.1 0.8.0~dev1
+ TPM_IO_Hash_Start@LIBTPMS_0.5.1 0.8.0~dev1
+ TPM_IO_TpmEstablished_Get@LIBTPMS_0.5.1 0.8.0~dev1
+ TPM_IO_TpmEstablished_Reset@LIBTPMS_0.6.0 0.8.0~dev1
+ TPM_Malloc@LIBTPMS_0.5.1 0.8.0~dev1
+ TPM_Realloc@LIBTPMS_0.5.1 0.8.0~dev1
+* Build-Depends-Package: libtpms-dev
diff --git a/debian/not-installed b/debian/not-installed
new file mode 100644
index 0000000..f403946
--- /dev/null
+++ b/debian/not-installed
@@ -0,0 +1 @@
+usr/lib/*/*.la
diff --git a/debian/patches/0003-set-man-page-date-to-last-changelog.patch b/debian/patches/0003-set-man-page-date-to-last-changelog.patch
new file mode 100644
index 0000000..39d4a19
--- /dev/null
+++ b/debian/patches/0003-set-man-page-date-to-last-changelog.patch
@@ -0,0 +1,20 @@
+Description: Set the date of man pages to the last changelog entry.
+Forwarded: not-needed
+
+--- a/man/man3/Makefile.am
++++ b/man/man3/Makefile.am
+@@ -55,11 +55,14 @@
+ TPM_Malloc.3
+
+ man3_MANS += $(man3_MANS_generated)
++BUILD_DATE ?= $$(dpkg-parsechangelog -S Date -l../../debian/changelog)
++PODDATE = $$(date -u "+%Y-%m-%d" -d "$(BUILD_DATE)")
+
+ %.3 : %.pod
+ @pod2man -r "libtpms" \
+ -c "" \
+ -n $(basename $@) \
++ --date="$(PODDATE)" \
+ --section=3 $< > $@
+
+ EXTRA_DIST = $(man3_MANS) $(man3_PODS)
diff --git a/debian/patches/0004-fix-ftbfs-bug.patch b/debian/patches/0004-fix-ftbfs-bug.patch
new file mode 100644
index 0000000..a8e456b
--- /dev/null
+++ b/debian/patches/0004-fix-ftbfs-bug.patch
@@ -0,0 +1,14 @@
+Description: Fix FTBFS caused by the incomplete condition.
+Forwarded: not-needed
+
+--- a/src/tpm2/NVDynamic.c
++++ b/src/tpm2/NVDynamic.c
+@@ -122,7 +122,7 @@
+ if(HandleGetType(nvHandle) == type)
+ break;
+ }
+- if(handle != NULL)
++ if((handle != NULL) && (addr != 0))
+ *handle = nvHandle;
+ return addr;
+ }
diff --git a/debian/patches/do_not_inline_makeiv.patch b/debian/patches/do_not_inline_makeiv.patch
new file mode 100644
index 0000000..393e2ac
--- /dev/null
+++ b/debian/patches/do_not_inline_makeiv.patch
@@ -0,0 +1,20 @@
+Do not inline MakeIV due toppc64 compiler issue
+
+The ppc64 gcc compiler has an issue with MakeIv.
+
+---
+ src/tpm2/AlgorithmTests.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/src/tpm2/AlgorithmTests.c
++++ b/src/tpm2/AlgorithmTests.c
+@@ -179,6 +179,9 @@
+ /* 10.2.1.4.1 MakeIv() */
+ /* Internal function to make the appropriate IV depending on the mode. */
+ static UINT32
++#if defined(__powerpc64__)
++__attribute__((noinline))
++#endif
+ MakeIv(
+ TPM_ALG_ID mode, // IN: symmetric mode
+ UINT32 size, // IN: block size of the algorithm
diff --git a/debian/patches/no_local_check.patch b/debian/patches/no_local_check.patch
new file mode 100644
index 0000000..c7f461e
--- /dev/null
+++ b/debian/patches/no_local_check.patch
@@ -0,0 +1,21 @@
+Do not run check-local due to bug in ppc64 gcc on Jammy
+
+ppc64 gcc has a bug causing issued in check-local.
+Therefore, do not run check-local while ppc64 gcc is broken
+on Ubuntu Jammy.
+
+---
+ src/Makefile.am | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -599,7 +599,7 @@
+ LDFLAGS_ARCH += $(findstring -m64, $(AM_LDFLAGS))
+
+ check-local: SHELL?="/usr/bin/env bash"
+-check-local:
++NO-check-local:
+ @case $(host_os) in \
+ openbsd*) ADDLIBS="-lc" ;; \
+ darwin*|freebsd*) LDFLAGS_OS="-shared" ;; \
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..1f4b815
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1,5 @@
+0003-set-man-page-date-to-last-changelog.patch
+0004-fix-ftbfs-bug.patch
+do_not_inline_makeiv.patch
+no_local_check.patch
+tpm2-Check-size-of-buffer-before-accessing-it-CVE-20.patch
diff --git a/debian/patches/tpm2-Check-size-of-buffer-before-accessing-it-CVE-20.patch b/debian/patches/tpm2-Check-size-of-buffer-before-accessing-it-CVE-20.patch
new file mode 100644
index 0000000..89fef6a
--- /dev/null
+++ b/debian/patches/tpm2-Check-size-of-buffer-before-accessing-it-CVE-20.patch
@@ -0,0 +1,55 @@
+From: Stefan Berger <stefanb@linux.ibm.com>
+Date: Mon, 20 Feb 2023 14:41:10 -0500
+Subject: tpm2: Check size of buffer before accessing it (CVE-2023-1017 &
+ -1018)
+Origin: https://github.com/stefanberger/libtpms/commit/324dbb4c27ae789c73b69dbf4611242267919dd4
+Bug-Debian: https://bugs.debian.org/1032420
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2023-1018
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2023-1017
+
+Check that there are sufficient bytes in the buffer before reading the
+cipherSize from it. Also, reduce the bufferSize variable by the number
+of bytes that make up the cipherSize to avoid reading and writing bytes
+beyond the buffer in subsequent steps that do in-place decryption.
+
+This fixes CVE-2023-1017 & CVE-2023-1018.
+
+Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
+---
+ src/tpm2/CryptUtil.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/tpm2/CryptUtil.c b/src/tpm2/CryptUtil.c
+index 002fde0987a9..8fae5b6903ca 100644
+--- a/src/tpm2/CryptUtil.c
++++ b/src/tpm2/CryptUtil.c
+@@ -830,6 +830,10 @@ CryptParameterDecryption(
+ + sizeof(session->sessionKey.t.buffer)));
+ TPM2B_HMAC_KEY key; // decryption key
+ UINT32 cipherSize = 0; // size of cipher text
++
++ if (leadingSizeInByte > bufferSize)
++ return TPM_RC_INSUFFICIENT;
++
+ // Retrieve encrypted data size.
+ if(leadingSizeInByte == 2)
+ {
+@@ -837,6 +841,7 @@ CryptParameterDecryption(
+ // data to be decrypted
+ cipherSize = (UINT32)BYTE_ARRAY_TO_UINT16(buffer);
+ buffer = &buffer[2]; // advance the buffer
++ bufferSize -= 2;
+ }
+ #ifdef TPM4B
+ else if(leadingSizeInByte == 4)
+@@ -844,6 +849,7 @@ CryptParameterDecryption(
+ // the leading size is four bytes so get the four byte size field
+ cipherSize = BYTE_ARRAY_TO_UINT32(buffer);
+ buffer = &buffer[4]; //advance pointer
++ bufferSize -= 4;
+ }
+ #endif
+ else
+--
+2.39.2
+
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 0000000..be292e4
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,11 @@
+#!/usr/bin/make -f
+
+include /usr/share/dpkg/architecture.mk
+
+%:
+ dh $@ --with autoreconf
+
+override_dh_auto_configure:
+ dh_auto_configure -- --with-openssl --with-tpm2
+
+override_dh_usrlocal:
diff --git a/debian/source/format b/debian/source/format
new file mode 100644
index 0000000..163aaf8
--- /dev/null
+++ b/debian/source/format
@@ -0,0 +1 @@
+3.0 (quilt)
diff --git a/debian/upstream/metadata b/debian/upstream/metadata
new file mode 100644
index 0000000..d09f126
--- /dev/null
+++ b/debian/upstream/metadata
@@ -0,0 +1,2 @@
+Bug-Database: https://github.com/stefanberger/libtpms/issues
+Repository: https://github.com/stefanberger/libtpms.git
diff --git a/debian/watch b/debian/watch
new file mode 100644
index 0000000..a382d46
--- /dev/null
+++ b/debian/watch
@@ -0,0 +1,3 @@
+version=4
+opts=filenamemangle=s/.+\/v?(\d\S+)\.tar\.gz/libtpms-$1\.tar\.gz/ \
+ https://github.com/stefanberger/libtpms/tags .*/v?(\d\S+)\.tar\.gz