Package: release.debian.org Severity: normal Tags: buster User: release.debian.org@packages.debian.org Usertags: pu Hello stable release team, for the upcoming stable point release, I've just uploaded src:clevis ("automated encryption framework") as version 11-2+deb10u2. There is one change related to the TPM integration: * Fix handling of TPM chips that support sha256 only Type: upstream bug Debian bug: https://bugs.debian.org/989648 Fixed in in stable and testing: 12-1 (February 2020) Problem: Possibly due to a typo, the clevis-encrypt-tpm2 backend cannot handle TPM chips that support sha256 only. Regards, Christoph
diff -Nru clevis-11/debian/changelog clevis-11/debian/changelog --- clevis-11/debian/changelog 2021-01-25 20:03:26.000000000 +0100 +++ clevis-11/debian/changelog 2021-06-09 15:59:00.000000000 +0200 @@ -1,3 +1,10 @@ +clevis (11-2+deb10u2) buster; urgency=medium + + * Cherry-pick "Bugfix: set pcr_bank from pcr_bank not pcr_hash + field". Closes: #989648 + + -- Christoph Biedl <debian.axhn@manchmal.in-ulm.de> Wed, 09 Jun 2021 19:58:50 +0200 + clevis (11-2+deb10u1) buster; urgency=medium * Cherry-pick two comments to fix initramfs creation: Closes: #969361 diff -Nru clevis-11/debian/patches/cherry-pick/1551971881.v11-5-g67fc67c.bugfix-set-pcr-bank-from-pcr-bank-not-pcr-hash-field.patch clevis-11/debian/patches/cherry-pick/1551971881.v11-5-g67fc67c.bugfix-set-pcr-bank-from-pcr-bank-not-pcr-hash-field.patch --- clevis-11/debian/patches/cherry-pick/1551971881.v11-5-g67fc67c.bugfix-set-pcr-bank-from-pcr-bank-not-pcr-hash-field.patch 1970-01-01 01:00:00.000000000 +0100 +++ clevis-11/debian/patches/cherry-pick/1551971881.v11-5-g67fc67c.bugfix-set-pcr-bank-from-pcr-bank-not-pcr-hash-field.patch 2021-06-09 15:55:44.000000000 +0200 @@ -0,0 +1,16 @@ +Subject: Bugfix: set pcr_bank from pcr_bank not pcr_hash field +Origin: v11-5-g67fc67c <https://github.com/latchset/clevis/commit/v11-5-g67fc67c> +Upstream-Author: Markus Linnala <markus.linnala@gmail.com> +Date: Thu Mar 7 17:18:01 2019 +0200 + +--- a/src/pins/tpm2/clevis-encrypt-tpm2 ++++ b/src/pins/tpm2/clevis-encrypt-tpm2 +@@ -88,7 +88,7 @@ + + key=`jose fmt -j- -Og key -u- <<< "$cfg"` || key="ecc" + +-pcr_bank=`jose fmt -j- -Og pcr_hash -u- <<< "$cfg"` || pcr_bank="sha1" ++pcr_bank=`jose fmt -j- -Og pcr_bank -u- <<< "$cfg"` || pcr_bank="sha1" + + pcr_ids=`jose fmt -j- -Og pcr_ids -u- <<< "$cfg"` || true + diff -Nru clevis-11/debian/patches/series clevis-11/debian/patches/series --- clevis-11/debian/patches/series 2021-01-25 20:03:26.000000000 +0100 +++ clevis-11/debian/patches/series 2021-06-09 15:55:55.000000000 +0200 @@ -2,6 +2,7 @@ # cherry-picked commits. Keep in upstream's chronological order cherry-pick/1541598788.v11-1-g1e344db.delete-remaining-references-to-the-removed-http-pin.patch cherry-pick/1541599937.v11-2-g3465859.install-cryptsetup-and-tpm2-pcrlist-in-the-initramfs.patch +cherry-pick/1551971881.v11-5-g67fc67c.bugfix-set-pcr-bank-from-pcr-bank-not-pcr-hash-field.patch # local modifications debian.use-socat.patch
Attachment:
signature.asc
Description: PGP signature