fix(libtpms): CVE-2025-49133

[deepin-ci-robot]

CVE 修复

CVE ID: CVE-2025-49133

漏洞描述: Fix potential out-of-bound access & abort due to HMAC signing issue. The vulnerability occurs in the CryptHmacSign function with an inconsistent pairing of the signKey and signScheme parameters.

修复方案: Backport upstream fix from v0.9.7

受影响版本: libtpms 0.7.11, 0.8.9, 0.9.6 (fixed in 0.7.12, 0.8.10, 0.9.7, 0.10.1)

当前版本: 0.9.2-3.1deepin2

验证状态: ✅ quilt 验证通过，Guard 验证通过

---

Fix-Approach: backport
Generated by: CVE-Fixer Agent
Co-Authored-By: hudeng hudeng@deepin.org

[github-actions]

TAG Bot

TAG: 0.9.2-3.1deepin2
EXISTED: no
DISTRIBUTION: unstable

[deepin-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign xzl01 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• https:/raw.githubusercontent.com/deepin-community/template-repository/master/debian/deepin/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[hudeng-go]

/integrate

[github-actions]

AutoIntegrationPr Bot
auto integrate with pr url: deepin-community/Repository-Integration#3968
PrNumber: 3968
PrBranch: auto-integration-25545821154