[Bug 1948748] Re: [MIR] swtpm

Christian Ehrhardt  1948748 at bugs.launchpad.net
Thu Oct 28 12:35:24 UTC 2021 

FYI - via discussion we found that swtpm-tools will be needed, that
either needs to get the dependencies adapted (to not depend on gnutls-
bin or have them not depend on libopts25) or to promote those as well.

I'll re-evaluate swtpm with that in mind and update my former post
(probably tomorrow).

@Steve as you are driving this case would you mind looking into the usage and dependencies for gnutls-bin if we will tackle this at the dependency level or if we need to MIR more?
I'll add further bug tasks in that regard and assign you to get this started.

** Also affects: autogen (Ubuntu)
   Importance: Undecided
       Status: New

** Also affects: gnutls28 (Ubuntu)
   Importance: Undecided
       Status: New

** Changed in: gnutls28 (Ubuntu)
       Status: New => Incomplete

** Changed in: autogen (Ubuntu)
       Status: New => Incomplete

** Changed in: autogen (Ubuntu)
     Assignee: (unassigned) => Steve Langasek (vorlon)

** Changed in: gnutls28 (Ubuntu)
     Assignee: (unassigned) => Steve Langasek (vorlon)

** Changed in: swtpm (Ubuntu)
     Assignee: Ubuntu Security Team (ubuntu-security) => Christian Ehrhardt  (paelzer)

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to swtpm in Ubuntu.
https://bugs.launchpad.net/bugs/1948748

Title:
  [MIR] swtpm

Status in autogen package in Ubuntu:
  Incomplete
Status in gnutls28 package in Ubuntu:
  Incomplete
Status in libtpms package in Ubuntu:
  New
Status in swtpm package in Ubuntu:
  New

Bug description:
  [Availability]
  Available in universe in jammy.

  [Rationale]
  Needed in order to provide TPM functionality to VMs through kvm/libvirt; should be a Recommends: of qemu-system-x86

  [Security]
  Several security bugs found and fixed in libtpms this year http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=libtpms

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3746 currently
  remains unfixed in the version present in jammy (DoS bug).

  [Quality assurance]
  Limited history: package not present in Debian, and only in Ubuntu since jammy.

  [UI standards]
  N/A

  [Dependencies]
  swtpm and libtpms; no further dependencies outside of main.

  [Standards compliance]
  OK

  [Maintenance]
  To be maintained by the Foundations Team.

  [Background information]
  N/A

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/autogen/+bug/1948748/+subscriptions

More information about the foundations-bugs mailing list