I am uploading a NMU to DELAYED/10 fix this. The changes are in git and
attached.
diff -Nru tpm2-pkcs11-1.9.0/debian/changelog tpm2-pkcs11-1.9.0/debian/changelog
--- tpm2-pkcs11-1.9.0/debian/changelog 2023-02-02 10:18:48.000000000 +0100
+++ tpm2-pkcs11-1.9.0/debian/changelog 2023-06-28 11:45:56.000000000 +0200
@@ -1,3 +1,12 @@
+tpm2-pkcs11 (1.9.0-0.2) unstable; urgency=medium
+
+ * Non-maintainer upload
+
+ [ Andrew Brown ]
+ * Do not expose symbols that are not meant to be exposed (Closes: #1035402)
+
+ -- Bastian Germann <b...@debian.org> Wed, 28 Jun 2023 11:45:56 +0200
+
tpm2-pkcs11 (1.9.0-0.1) unstable; urgency=medium
* Non-maintainer upload
diff -Nru tpm2-pkcs11-1.9.0/debian/libtpm2-pkcs11-1.symbols
tpm2-pkcs11-1.9.0/debian/libtpm2-pkcs11-1.symbols
--- tpm2-pkcs11-1.9.0/debian/libtpm2-pkcs11-1.symbols 2023-02-02
10:13:40.000000000 +0100
+++ tpm2-pkcs11-1.9.0/debian/libtpm2-pkcs11-1.symbols 2023-06-28
11:41:36.000000000 +0200
@@ -68,379 +68,3 @@
C_VerifyUpdate@Base 1.2.0
C_WaitForSlotEvent@Base 1.2.0
C_WrapKey@Base 1.2.0
- __real_db_tobject_new@Base 1.5.0
- __real_init_pobject@Base 1.5.0
- __real_init_sealobjects@Base 1.5.0
- __real_init_tobjects@Base 1.5.0
- __real_tobject_new@Base 1.5.0
- __real_twistbin_new@Base 1.5.0
- _db_update_tobject_attrs@Base 1.6.0
- _g_ecc_curve_nids_templ@Base 1.5.0
- _g_rsa_keysizes_templ@Base 1.5.0
- _session_ctx_opdata_get@Base 1.2.0
- _tobject_user_decrement@Base 1.6.0
- _tobject_user_increment@Base 1.6.0
- aes256_gcm_decrypt@Base 1.2.0
- aes256_gcm_encrypt@Base 1.2.0
- apply_pkcs7_pad@Base 1.6.0
- attr_CK_BBOOL@Base 1.2.0
- attr_CK_KEY_TYPE@Base 1.2.0
- attr_CK_OBJECT_CLASS@Base 1.2.0
- attr_CK_ULONG@Base 1.2.0
- attr_add_missing_attrs@Base 1.2.0
- attr_common_add_RSA_publickey@Base 1.2.0
- attr_common_add_data@Base 1.3.2
- attr_common_add_storage@Base 1.5.0
- attr_get_attribute_by_type@Base 1.2.0
- attr_get_attribute_by_type_raw@Base 1.2.0
- attr_get_name@Base 1.7.0
- attr_list_add_bool@Base 1.2.0
- attr_list_add_buf@Base 1.2.0
- attr_list_add_int@Base 1.2.0
- attr_list_add_int_seq@Base 1.9.0
- attr_list_append_attrs@Base 1.2.0
- attr_list_append_entry@Base 1.3.2
- attr_list_dup@Base 1.5.0
- attr_list_free@Base 1.2.0
- attr_list_get_CKA_CLASS@Base 1.3.2
- attr_list_get_CKA_KEY_TYPE@Base 1.6.0
- attr_list_get_CKA_PRIVATE@Base 1.3.2
- attr_list_get_CKA_TOKEN@Base 1.5.0
- attr_list_get_count@Base 1.2.0
- attr_list_get_ptr@Base 1.2.0
- attr_list_invoke_handlers@Base 1.2.0
- attr_list_new@Base 1.2.0
- attr_list_raw_invoke_handlers@Base 1.2.0
- attr_list_update_entry@Base 1.3.2
- attr_pfree_cleanse@Base 1.3.2
- attr_typify@Base 1.2.0
- backend_add_object@Base 1.5.0
- backend_create_token_seal@Base 1.5.0
- backend_ctx_free@Base 1.5.0
- backend_ctx_new@Base 1.5.0
- backend_ctx_reset@Base 1.5.0
- backend_destroy@Base 1.5.0
- backend_esysdb_add_object@Base 1.5.0
- backend_esysdb_create_token_seal@Base 1.5.0
- backend_esysdb_ctx_free@Base 1.5.0
- backend_esysdb_ctx_new@Base 1.5.0
- backend_esysdb_ctx_reset@Base 1.5.0
- backend_esysdb_destroy@Base 1.5.0
- backend_esysdb_get_tokens@Base 1.5.0
- backend_esysdb_init@Base 1.5.0
- backend_esysdb_init_user@Base 1.5.0
- backend_esysdb_rm_tobject@Base 1.5.0
- backend_esysdb_token_changeauth@Base 1.5.0
- backend_esysdb_token_unseal_wrapping_key@Base 1.5.0
- backend_esysdb_update_tobject_attrs@Base 1.5.0
- backend_esysdb_update_token_config@Base 1.5.0
- backend_fapi_add_object@Base 1.5.0
- backend_fapi_add_tokens@Base 1.5.0
- backend_fapi_create_token_seal@Base 1.5.0
- backend_fapi_ctx_free@Base 1.5.0
- backend_fapi_ctx_new@Base 1.5.0
- backend_fapi_destroy@Base 1.5.0
- backend_fapi_init@Base 1.5.0
- backend_fapi_init_user@Base 1.5.0
- backend_fapi_rm_tobject@Base 1.5.0
- backend_fapi_token_changeauth@Base 1.5.0
- backend_fapi_token_unseal_wrapping_key@Base 1.5.0
- backend_fapi_update_tobject_attrs@Base 1.5.0
- backend_get_tokens@Base 1.5.0
- backend_init@Base 1.5.0
- backend_init_user@Base 1.5.0
- backend_rm_tobject@Base 1.5.0
- backend_token_changeauth@Base 1.5.0
- backend_token_unseal_wrapping_key@Base 1.5.0
- backend_update_tobject_attrs@Base 1.5.0
- backend_update_token_config@Base 1.5.0
- check_common_attrs@Base 1.2.0
- convert_pobject_v3_to_v4@Base 1.5.0
- db_add_new_object@Base 1.2.0
- db_add_pobject_v4@Base 1.5.0
- db_add_primary@Base 1.2.0
- db_add_token@Base 1.2.0
- db_debug_set_db@Base 1.5.0
- db_delete_object@Base 1.2.0
- db_destroy@Base 1.2.0
- db_get_first_pid@Base 1.2.0
- db_get_label@Base 1.5.0
- db_get_tokens@Base 1.2.0
- db_init@Base 1.2.0
- db_init_new@Base 1.5.0
- db_init_pobject@Base 1.2.0
- db_new@Base 1.5.0
- db_tobject_new@Base 1.5.0
- db_update_for_pinchange@Base 1.2.0
- db_update_tobject_attrs@Base 1.5.0
- db_update_token_config@Base 1.5.0
- decrypt_final_ex@Base 1.8.0
- decrypt_init_op@Base 1.2.0
- decrypt_oneshot_op@Base 1.2.0
- decrypt_update_op@Base 1.2.0
- digest_final_op@Base 1.2.0
- digest_init_op@Base 1.2.0
- digest_oneshot@Base 1.2.0
- digest_op_data_free@Base 1.2.0
- digest_op_data_new@Base 1.2.0
- digest_update_op@Base 1.2.0
- emit_attributes_to_string@Base 1.2.0
- emit_config_to_string@Base 1.2.0
- emit_pobject_to_conf_string@Base 1.5.0
- encrypt_final_ex@Base 1.8.0
- encrypt_init_op@Base 1.2.0
- encrypt_oneshot_op@Base 1.2.0
- encrypt_op_data_free@Base 1.2.0
- encrypt_op_data_new@Base 1.2.0
- encrypt_update_op@Base 1.2.0
- general_finalize@Base 1.2.0
- general_get_func_list@Base 1.2.0
- general_get_info@Base 1.2.0
- general_init@Base 1.2.0
- general_is_init@Base 1.2.0
- get_blob@Base 1.5.0
- get_blob_null@Base 1.5.0
- handle_attr_event@Base 1.2.0
- handle_token_config_event@Base 1.5.0
- init_pobject@Base 1.5.0
- init_pobject_from_stmt@Base 1.5.0
- init_pobject_v3_from_stmt@Base 1.5.0
- init_sealobjects@Base 1.5.0
- init_tobjects@Base 1.5.0
- key_gen@Base 1.2.0
- mdetail_free@Base 1.5.0
- mdetail_new@Base 1.5.0
- mdetail_set_pss_status@Base 1.5.0
- mech_get_digest_alg@Base 1.2.0
- mech_get_digester@Base 1.2.0
- mech_get_info@Base 1.2.0
- mech_get_label@Base 1.5.0
- mech_get_padding@Base 1.5.0
- mech_get_supported@Base 1.2.0
- mech_get_tpm_opdata@Base 1.2.0
- mech_is_HMAC@Base 1.7.0
- mech_is_ecc@Base 1.7.0
- mech_is_hashing_knowledge_needed@Base 1.5.0
- mech_is_hashing_needed@Base 1.2.0
- mech_is_synthetic@Base 1.2.0
- mech_synthesize@Base 1.2.0
- mech_unsynthesize@Base 1.5.0
- mech_validate@Base 1.2.0
- mutex_create@Base 1.2.0
- mutex_destroy@Base 1.2.0
- mutex_lock@Base 1.2.0
- mutex_set_handlers@Base 1.2.0
- mutex_unlock@Base 1.2.0
- object_attr_filter@Base 1.2.0
- object_create@Base 1.2.0
- object_destroy@Base 1.2.0
- object_find@Base 1.2.0
- object_find_data_free@Base 1.2.0
- object_find_final@Base 1.2.0
- object_find_init@Base 1.2.0
- object_get_attributes@Base 1.2.0
- object_init_from_attrs@Base 1.3.2
- object_mech_is_supported@Base 1.2.0
- object_set_attributes@Base 1.5.0
- on_map_scalar_event@Base 1.2.0
- on_seq_scalar_event@Base 1.2.0
- parse_attributes@Base 1.2.0
- parse_attributes_from_string@Base 1.2.0
- parse_lib_version@Base 1.7.0
- parse_pobject_config_from_string@Base 1.5.0
- parse_token_config_from_string@Base 1.2.0
- pobject_config_free@Base 1.5.0
- pobject_free@Base 1.5.0
- pop_handler@Base 1.2.0
- push_handler@Base 1.2.0
- random_get@Base 1.2.0
- remove_pkcs7_pad@Base 1.6.0
- rsa_gen_mechs@Base 1.2.0
- seed_random@Base 1.2.0
- session_close@Base 1.2.0
- session_closeall@Base 1.2.0
- session_ctx_flags_get@Base 1.2.0
- session_ctx_free@Base 1.2.0
- session_ctx_get_info@Base 1.2.0
- session_ctx_get_token@Base 1.2.0
- session_ctx_login@Base 1.2.0
- session_ctx_login_event@Base 1.2.0
- session_ctx_logout@Base 1.2.0
- session_ctx_logout_event@Base 1.2.0
- session_ctx_new@Base 1.2.0
- session_ctx_opdata_clear@Base 1.2.0
- session_ctx_opdata_get_tobject@Base 1.2.0
- session_ctx_opdata_is_active@Base 1.2.0
- session_ctx_opdata_set@Base 1.2.0
- session_ctx_state_get@Base 1.2.0
- session_ctx_tobject_authenticated@Base 1.2.0
- session_lookup@Base 1.2.0
- session_open@Base 1.2.0
- session_table_free@Base 1.2.0
- session_table_free_ctx@Base 1.2.0
- session_table_free_ctx_all@Base 1.2.0
- session_table_free_ctx_by_handle@Base 1.2.0
- session_table_get_cnt@Base 1.2.0
- session_table_login_event@Base 1.2.0
- session_table_lookup@Base 1.2.0
- session_table_new@Base 1.2.0
- session_table_new_entry@Base 1.2.0
- sign@Base 1.2.0
- sign_final_ex@Base 1.2.0
- sign_init@Base 1.2.0
- sign_update@Base 1.2.0
- slot_add_uninit_token@Base 1.2.0
- slot_destroy@Base 1.2.0
- slot_get_info@Base 1.2.0
- slot_get_list@Base 1.2.0
- slot_get_token@Base 1.2.0
- slot_init@Base 1.2.0
- slot_mechanism_info_get@Base 1.2.0
- slot_mechanism_list_get@Base 1.2.0
- ssl_util_add_PKCS1_PSS@Base 1.8.0
- ssl_util_add_PKCS1_TYPE_1@Base 1.8.0
- ssl_util_attrs_to_evp@Base 1.8.0
- ssl_util_check_PKCS1_TYPE_2@Base 1.8.0
- ssl_util_encrypt@Base 1.5.0
- ssl_util_hash_pass@Base 1.8.0
- ssl_util_params_to_nid@Base 1.8.0
- ssl_util_setup_evp_pkey_ctx@Base 1.5.0
- ssl_util_sig_verify@Base 1.5.0
- ssl_util_verify_recover@Base 1.5.0
- str_to_ul@Base 1.2.0
- sw_encrypt_data_init@Base 1.5.0
- take_lock@Base 1.9.0
- tobject_free@Base 1.2.0
- tobject_get_attrs@Base 1.2.0
- tobject_get_min_buf_size@Base 1.7.0
- tobject_new@Base 1.2.0
- tobject_set_auth@Base 1.2.0
- tobject_set_blob_data@Base 1.2.0
- tobject_set_handle@Base 1.2.0
- tobject_set_id@Base 1.2.0
- token_add_tobject@Base 1.2.0
- token_add_tobject_last@Base 1.2.0
- token_config_free@Base 1.5.0
- token_find_tobject@Base 1.2.0
- token_free@Base 1.2.0
- token_free_list@Base 1.2.0
- token_get_info@Base 1.2.0
- token_init@Base 1.2.0
- token_initpin@Base 1.2.0
- token_is_any_user_logged_in@Base 1.2.0
- token_is_so_logged_in@Base 1.2.0
- token_is_user_logged_in@Base 1.2.0
- token_load_object@Base 1.2.0
- token_lock@Base 1.2.0
- token_logout_all_sessions@Base 1.2.0
- token_min_init@Base 1.2.0
- token_reset@Base 1.3.2
- token_rm_tobject@Base 1.2.0
- token_setpin@Base 1.2.0
- token_unlock@Base 1.2.0
- tpm2_create_seal_obj@Base 1.2.0
- tpm2_generate_key@Base 1.2.0
- tpm2_getmechanisms@Base 1.2.0
- tpm_aes_cbc_get_opdata@Base 1.2.0
- tpm_aes_cfb_get_opdata@Base 1.2.0
- tpm_aes_ctr_get_opdata@Base 1.6.0
- tpm_aes_ecb_get_opdata@Base 1.2.0
- tpm_changeauth@Base 1.2.0
- tpm_contextload_handle@Base 1.5.0
- tpm_create_persistent_primary@Base 1.5.0
- tpm_create_transient_primary_from_template@Base 1.5.0
- tpm_ctx_free@Base 1.2.0
- tpm_ctx_new@Base 1.2.0
- tpm_ctx_new_fromtcti@Base 1.5.0
- tpm_decrypt@Base 1.2.0
- tpm_deserialize_handle@Base 1.2.0
- tpm_destroy@Base 1.2.0
- tpm_ec_ecdsa_get_opdata@Base 1.2.0
- tpm_ec_ecdsa_sha1_get_opdata@Base 1.2.0
- tpm_ec_ecdsa_sha256_get_opdata@Base 1.7.0
- tpm_ec_ecdsa_sha384_get_opdata@Base 1.7.0
- tpm_ec_ecdsa_sha512_get_opdata@Base 1.7.0
- tpm_encrypt@Base 1.2.0
- tpm_final_decrypt@Base 1.6.0
- tpm_final_encrypt@Base 1.6.0
- tpm_find_aes_keysizes@Base 1.2.0
- tpm_find_ecc_keysizes@Base 1.2.0
- tpm_find_max_rsa_keysize@Base 1.2.0
- tpm_flushcontext@Base 1.2.0
- tpm_get_algorithms@Base 1.2.0
- tpm_get_existing_primary@Base 1.2.0
- tpm_get_name@Base 1.6.0
- tpm_get_pss_sig_state@Base 1.5.0
- tpm_get_token_info@Base 1.2.0
- tpm_getrandom@Base 1.2.0
- tpm_hmac_sha1_get_opdata@Base 1.7.0
- tpm_hmac_sha256_get_opdata@Base 1.7.0
- tpm_hmac_sha384_get_opdata@Base 1.7.0
- tpm_hmac_sha512_get_opdata@Base 1.7.0
- tpm_init@Base 1.2.0
- tpm_is_ecc_curve_supported@Base 1.2.0
- tpm_is_rsa_keysize_supported@Base 1.2.0
- tpm_loadobj@Base 1.2.0
- tpm_objdata_free@Base 1.2.0
- tpm_opdata_free@Base 1.2.0
- tpm_opdata_reset@Base 1.8.0
- tpm_readpub@Base 1.2.0
- tpm_rsa_decrypt@Base 1.2.0
- tpm_rsa_oaep_get_opdata@Base 1.2.0
- tpm_rsa_pkcs_get_opdata@Base 1.2.0
- tpm_rsa_pkcs_sha1_get_opdata@Base 1.2.0
- tpm_rsa_pkcs_sha256_get_opdata@Base 1.2.0
- tpm_rsa_pkcs_sha384_get_opdata@Base 1.2.0
- tpm_rsa_pkcs_sha512_get_opdata@Base 1.2.0
- tpm_rsa_pss_get_opdata@Base 1.5.0
- tpm_rsa_pss_sha1_get_opdata@Base 1.2.0
- tpm_rsa_pss_sha256_get_opdata@Base 1.2.0
- tpm_rsa_pss_sha384_get_opdata@Base 1.2.0
- tpm_rsa_pss_sha512_get_opdata@Base 1.2.0
- tpm_serialize_handle@Base 1.2.0
- tpm_session_active@Base 1.5.0
- tpm_session_start@Base 1.2.0
- tpm_session_stop@Base 1.2.0
- tpm_sign@Base 1.2.0
- tpm_stirrandom@Base 1.2.0
- tpm_unseal@Base 1.2.0
- tpm_verify@Base 1.7.0
- twist_append@Base 1.2.0
- twist_append_twist@Base 1.2.0
- twist_calloc@Base 1.2.0
- twist_concat@Base 1.2.0
- twist_concat_twist@Base 1.2.0
- twist_create@Base 1.2.0
- twist_dup@Base 1.2.0
- twist_end@Base 1.2.0
- twist_eq@Base 1.2.0
- twist_free@Base 1.2.0
- twist_hex_new@Base 1.2.0
- twist_hexlify@Base 1.2.0
- twist_len@Base 1.2.0
- twist_new@Base 1.2.0
- twist_next_alloc_fails@Base 1.2.0
- twist_truncate@Base 1.2.0
- twistbin_aappend@Base 1.2.0
- twistbin_append@Base 1.2.0
- twistbin_concat@Base 1.2.0
- twistbin_create@Base 1.2.0
- twistbin_new@Base 1.2.0
- twistbin_unhexlify@Base 1.2.0
- type_calloc@Base 1.2.0
- type_from_ptr@Base 1.2.0
- type_mem_cpy@Base 1.2.0
- type_mem_dup@Base 1.2.0
- type_to_str@Base 1.3.2
- type_zrealloc@Base 1.3.2
- utils_ctx_unwrap_objauth@Base 1.2.0
- utils_ctx_wrap_objauth@Base 1.2.0
- utils_get_halg_size@Base 1.2.0
- utils_get_rand_hex_str@Base 1.2.0
- utils_setup_new_object_auth@Base 1.2.0
- verify@Base 1.2.0
- verify_final@Base 1.2.0
- verify_init@Base 1.2.0
- verify_recover@Base 1.5.0
- verify_recover_init@Base 1.5.0
- verify_update@Base 1.2.0
diff -Nru tpm2-pkcs11-1.9.0/debian/patches/set-version-of-library.patch
tpm2-pkcs11-1.9.0/debian/patches/set-version-of-library.patch
--- tpm2-pkcs11-1.9.0/debian/patches/set-version-of-library.patch
2023-02-02 10:13:40.000000000 +0100
+++ tpm2-pkcs11-1.9.0/debian/patches/set-version-of-library.patch
2023-06-28 11:41:36.000000000 +0200
@@ -18,3 +18,12 @@
INCLUDE_DIRS = -I$(srcdir)/src -I$(top_srcdir)/src/lib
ACLOCAL_AMFLAGS = -I m4 --install
AM_CFLAGS = $(INCLUDE_DIRS) $(EXTRA_CFLAGS) $(CODE_COVERAGE_CFLAGS) \
+@@ -52,7 +52,7 @@
+ EXTRA_DIST += lib/tpm2-pkcs11.map
+
+ if HAVE_LD_VERSION_SCRIPT
+-src_libtpm2_pkcs11_la_LDFLAGS =
-Wl,--version-script=$(srcdir)/lib/tpm2-pkcs11.map
++src_libtpm2_pkcs11_la_LDFLAGS +=
-Wl,--version-script=$(srcdir)/lib/tpm2-pkcs11.map
+ endif # HAVE_LD_VERSION_SCRIPT
+ src_libtpm2_pkcs11_la_LIBADD = $(AM_LDFLAGS)
+ src_libtpm2_pkcs11_la_SOURCES = $(LIB_PKCS11_SRC)
$(LIB_PKCS11_INTERNAL_LIB_SRC)
