debcrafters-packages team mailing list archive

[Hector CAO <2126004@xxxxxxxxxxxxxxxxxx>]

** Changed in: swtpm (Ubuntu)
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of
Debcrafters packages, which is subscribed to swtpm in Ubuntu.
https://bugs.launchpad.net/bugs/2126004

Title:
  Merge swtpm from Debian Unstable for r-series

Status in swtpm package in Ubuntu:
  New

Bug description:
  Scheduled-For: ubuntu-25.11
  Ubuntu: 0.7.3-0ubuntu8
  Debian Unstable: 0.10.1+ds-1

  The current version in Ubuntu went ahead of Debian in the past, so
  this package may be diverged from Debian and require more review than
  usual to get back to mergeability.

  If this package should not be considered for merges or syncs in the
  future, you may wish to consider adding it to the `sync-blocklist` at:
  https://code.launchpad.net/~ubuntu-archive/+git/sync-blocklist

  A new release of swtpm is available for merging from Debian Unstable.

  If it turns out this needs a sync rather than a merge, please change
  the tagging from ['needs-merge', 'upgrade-software-version'] to
  ['needs-sync', 'upgrade-software-version'], and (optionally) update
  the title as desired.

  ### New Debian Changes ###

  swtpm (0.10.1+ds-1) unstable; urgency=medium

    * Implement package salvaging protocol (Closes: #1113719)
    * Mark swtpm-dev as MA: same
    * d/control: bump Standards-Version to 4.7.2, no changes
    * Add d/salsa-ci.yml
    * d/rules: drop manual nocheck workaround
    * Build with package-notes ELF stamping
    * Add lintian overrides for spare-manual-page
    * Drop upstream machinery to make swtpm_cert optional to install
    * d/rules: drop manual autogen.sh
    * Exclude upstream debian/ directory from imports
    * New upstream version 0.10.1 (Closes: #1025738)
    * Drop fix-typos.patch, merged upstream
    * Drop move-conf-and-options-files-to-man5.patch, merged upstream
    * Bump dependency on libtpms-dev
    * d/not-installed: list upstream installed-tests
    * Drop build dependency on fuse (Closes: #1084403)
    * d/rules: explicitly disable selinux support
    * d/rules: avoid cleaning up checked in source file
    * Backport patches to fix make maintainer-clean (Closes: #1049074)
    * Backport patch to install sysusers.d and tmpfiles.d configs and use
      them
    * increase-poll-timeout.patch: update header and set forwarded tag
    * Backport patch to fix failing test
    * Add support for nocheck profile

   -- Luca Boccassi <bluca@xxxxxxxxxx>  Mon, 22 Sep 2025 19:31:08 +0100


  ### Old Ubuntu Delta ###

  swtpm (0.7.3-0ubuntu8) plucky; urgency=medium

    * d/usr.bin.swtpm: Allow additional tmp directory access through user-tmp
      abstraction, and remove the original full /tmp permissions (LP: #2086736)

   -- Lena Voytek <lena.voytek@xxxxxxxxxxxxx>  Fri, 08 Nov 2024 15:25:24
  -0700

  swtpm (0.7.3-0ubuntu7) oracular; urgency=medium

    * d/usr.bin.swtpm:
      - Add sys_admin capability to apparmor profile to allow access to kernel
        modules such as tpm_vtpm_proxy (LP: #2071478)
      - Allow non-owned lockfile write access in /var/lib/libvirt/swtpm/ to fix
        apparmor denials when working with TPM2 locks (LP: #2072524)

   -- Lena Voytek <lena.voytek@xxxxxxxxxxxxx>  Tue, 09 Jul 2024 06:06:00
  -0700

  swtpm (0.7.3-0ubuntu6) oracular; urgency=medium

    * Fix autopkgtests following dpkg changes (LP: #2071468)

   -- Gianfranco Costamagna <locutusofborg@xxxxxxxxxx>  Tue, 09 Jul 2024
  12:29:58 +0200

  swtpm (0.7.3-0ubuntu5) noble; urgency=medium

    * Add patch to force the buildsystem to build with
  -D_FORTIFY_SOURCE=3

   -- Jeremy Bícha <jbicha@xxxxxxxxxx>  Tue, 02 Apr 2024 15:18:02 -0400

  swtpm (0.7.3-0ubuntu4) noble; urgency=medium

    * No-change rebuild for CVE-2024-3094

   -- William Grant <wgrant@xxxxxxxxxx>  Mon, 01 Apr 2024 19:21:09 +1100

  swtpm (0.7.3-0ubuntu3) noble; urgency=medium

    * No-change rebuild against libssl3t64

   -- Steve Langasek <steve.langasek@xxxxxxxxxx>  Mon, 04 Mar 2024
  21:29:18 +0000

  swtpm (0.7.3-0ubuntu2) mantic; urgency=medium

    * d/usr.bin.swtpm: Configure apparmor to grant access to relevant files in
      /run/user/<UID>/libvirt/qemu/run/swtpm/ files when using the
      qemu:///session bus (LP: #2017874)

   -- Olivier Gayot <olivier.gayot@xxxxxxxxxxxxx>  Fri, 04 Aug 2023
  11:10:37 +0200

  swtpm (0.7.3-0ubuntu1) lunar; urgency=medium

    * New upstream release 0.7.3:
      - Bug fixes include:
        + Fix secure boot failure - TPM 2.0 not supported (LP: #2012028)
    * Add new debian/ files from upstream
      - d/clean: Clean man and gch files from source tree during build
      - d/not-installed: Do not install .la lib files with package
      - d/swtpm-libs.install: Install swtpm .so files with swtpm-libs package
    * d/rules: Add dh_clean and dh_makeshlibs overrides from upstream
    * d/swtpm-tools.install: Update installation of swtpm-tools files for 0.7
    * d/control: Remove unneeded dependencies for 0.7
    * Remove d/p/0001-Install-swtpm-localca-to-the-correct-path.patch as it is
      no longer needed to change swtpm-localca's path
    * d/p/no-autoconf-in-debian.patch: Refresh to clean fuzz
    * d/p/openssl-not-certtool.patch: Update and refresh to apply with 0.7

   -- Lena Voytek <lena.voytek@xxxxxxxxxxxxx>  Wed, 22 Mar 2023 14:03:19
  -0700

  swtpm (0.6.3-0ubuntu5) lunar; urgency=medium

    * d/usr.bin.swtpm: Allow swtpm to also access /run/libvirt/qemu/swtpm/*.pid
      files that it does not own (LP: #1989100)

   -- Lena Voytek <lena.voytek@xxxxxxxxxxxxx>  Mon, 24 Oct 2022 10:52:06
  -0700

  swtpm (0.6.3-0ubuntu4) kinetic; urgency=medium

    * d/usr.bin.swtpm: Update apparmor profile to match swtpm upstream
      In between adding the apparmor profile to Ubuntu and merging upstream
      additional rules were used to cover more common use cases. (LP: #1992377)
      - The six capability lines fix the broken upstream unit test cases:
        test_ctrlchannel, test_vtpm_proxy, test_tpm2_file_permissions,
        test_tpm2_save_load_state_2_block, and test_tpm2_ctrlchannel2
      - owner @{HOME}/** rwk was added as using a folder in one's home directory
        is common for managing tpm states
      - Access in the tmp directory is further generalized as this is where swtpm
        interacts with qemu and libvirt
      - The ability to read from /etc/nsswitch.conf was added for vtpm proxy to
        work

   -- Lena Voytek <lena.voytek@xxxxxxxxxxxxx>  Tue, 11 Oct 2022 10:54:21
  -0700

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/swtpm/+bug/2126004/+subscriptions