Version in base suite: 1.9.0-0.1

Base version: tpm2-pkcs11_1.9.0-0.1
Target version: tpm2-pkcs11_1.9.0-0.1+deb12u1
Base file: /srv/ftp-master.debian.org/ftp/pool/main/t/tpm2-pkcs11/tpm2-pkcs11_1.9.0-0.1.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/t/tpm2-pkcs11/tpm2-pkcs11_1.9.0-0.1+deb12u1.dsc

 changelog                          |    7 +++++++
 patches/db-nullpointer-deref.patch |   34 ++++++++++++++++++++++++++++++++++
 patches/series                     |    1 +
 3 files changed, 42 insertions(+)

dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpptqsamce/tpm2-pkcs11_1.9.0-0.1.dsc: no acceptable signature found
dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpptqsamce/tpm2-pkcs11_1.9.0-0.1+deb12u1.dsc: no acceptable signature found
diff -Nru tpm2-pkcs11-1.9.0/debian/changelog tpm2-pkcs11-1.9.0/debian/changelog
--- tpm2-pkcs11-1.9.0/debian/changelog	2023-02-02 09:18:48.000000000 +0000
+++ tpm2-pkcs11-1.9.0/debian/changelog	2026-04-29 10:46:25.000000000 +0000
@@ -1,3 +1,10 @@
+tpm2-pkcs11 (1.9.0-0.1+deb12u1) bookworm; urgency=medium
+
+  * Non-maintainer upload
+  * Backport upstream db migration fix (Closes: #1135213)
+
+ -- Bastian Germann <bage@debian.org>  Wed, 29 Apr 2026 12:46:25 +0200
+
 tpm2-pkcs11 (1.9.0-0.1) unstable; urgency=medium
 
   * Non-maintainer upload
diff -Nru tpm2-pkcs11-1.9.0/debian/patches/db-nullpointer-deref.patch tpm2-pkcs11-1.9.0/debian/patches/db-nullpointer-deref.patch
--- tpm2-pkcs11-1.9.0/debian/patches/db-nullpointer-deref.patch	1970-01-01 00:00:00.000000000 +0000
+++ tpm2-pkcs11-1.9.0/debian/patches/db-nullpointer-deref.patch	2026-04-29 10:46:25.000000000 +0000
@@ -0,0 +1,34 @@
+Origin: https://github.com/tpm2-software/tpm2-pkcs11/commit/18989a3f23aa885e81eee252593037f730d48772
+From: Victor Makarov <vitja.makarov@gmail.com>
+Date: Sat, 16 Mar 2024 22:25:44 +0300
+Subject: db: CKA_ALLOWED_MECHANISMS fix NULL pointer dereference.
+
+Fixes: #845
+
+Signed-off-by: Victor Makarov <vitja.makarov@gmail.com>
+---
+ src/lib/db.c | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/src/lib/db.c b/src/lib/db.c
+index b4bbd1bf..25965973 100644
+--- a/src/lib/db.c
++++ b/src/lib/db.c
+@@ -2169,9 +2169,14 @@ static CK_RV dbup_handler_from_7_to_8(sqlite3 *updb) {
+ 
+         /* for each tobject */
+         CK_ATTRIBUTE_PTR a = attr_get_attribute_by_type(tobj->attrs, CKA_ALLOWED_MECHANISMS);
+-        CK_BYTE type = type_from_ptr(a->pValue, a->ulValueLen);
+-        if (type != TYPE_BYTE_INT_SEQ) {
+-            rv = _db_update_tobject_attrs(updb, tobj->id, tobj->attrs);
++
++        if (a) {
++            CK_BYTE type = type_from_ptr(a->pValue, a->ulValueLen);
++            if (type != TYPE_BYTE_INT_SEQ) {
++                rv = _db_update_tobject_attrs(updb, tobj->id, tobj->attrs);
++            }
++        } else {
++            rv = CKR_OK;
+         }
+ 
+         tobject_free(tobj);
diff -Nru tpm2-pkcs11-1.9.0/debian/patches/series tpm2-pkcs11-1.9.0/debian/patches/series
--- tpm2-pkcs11-1.9.0/debian/patches/series	2023-02-02 09:13:40.000000000 +0000
+++ tpm2-pkcs11-1.9.0/debian/patches/series	2026-04-29 10:46:25.000000000 +0000
@@ -1,2 +1,3 @@
+db-nullpointer-deref.patch
 set-version-of-library.patch
 fail-fapi-gracefully.patch