commit: 09cdc263c233c29925fa507de2b4cbc103447ccf Author: Christopher Byrne <salah.coronya <AT> gmail <DOT> com> AuthorDate: Fri Jan 2 20:28:56 2026 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Sun Jan 4 02:54:40 2026 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=09cdc263
dev-libs/libtpms: add 0.10.2 Fixes CVE-2026-21444. Bug: https://bugs.gentoo.org/968286 Signed-off-by: Christopher Byrne <salah.coronya <AT> gmail.com> Part-of: https://github.com/gentoo/gentoo/pull/45235 Closes: https://github.com/gentoo/gentoo/pull/45235 Signed-off-by: Sam James <sam <AT> gentoo.org> dev-libs/libtpms/Manifest | 1 + dev-libs/libtpms/libtpms-0.10.2.ebuild | 51 ++++++++++++++++++++++++++++++++++ 2 files changed, 52 insertions(+) diff --git a/dev-libs/libtpms/Manifest b/dev-libs/libtpms/Manifest index cefa6f859711..89fc3843d125 100644 --- a/dev-libs/libtpms/Manifest +++ b/dev-libs/libtpms/Manifest @@ -1,3 +1,4 @@ DIST libtpms-0.10.0.tar.gz 1397526 BLAKE2B 8d05023f5f0fc8dd20cbf5606fa7be391b7dfdc45710c76387c97cef6afb555bd5f0920f73e4578719bdad8e64ba239c14f8c63ed1232c4c3e1b4a80c247b8e0 SHA512 a728188c26447656f43298d1475ebccf0f074d9474780a71fc64baf1ac8b6f6569c90e5ad07098dddc711ba1080eef409c1ac5334d054e7f144e48fa21b66df9 DIST libtpms-0.10.1.tar.gz 1399253 BLAKE2B 39feead951a84b715e8e4db8cd6eab7f19728c00423df16150c99004230061691cde90fcf7aafc6a5748647ac58cb696b89a709368da4b8f0c684b22321ff1ea SHA512 a1087fb404d199755e38c0c45bd39d3b18686076ec12326e118a0d5c493339ef2a6e4092f451869aa468ff1b69ee024dfdbff9d5c4e0f874c70af3f36d293fe4 +DIST libtpms-0.10.2.tar.gz 1399529 BLAKE2B 19c881d60f8124b6ffe1622731cf73593a38a683cd0a593445ca93033e927c94e1ba75cd30e2847da2137155934f17f785e7dfb96731596361b7a77476cc5a94 SHA512 e30297289a03d4fefb2cdf44654d6f77719a021deb9b721f08d4a23e20706b903ef5e979ba05ad333d052cf35681ba5e143fb883bed0dc37626eca2807d0c01f DIST libtpms-0.9.6.tar.gz 1264338 BLAKE2B 7b127ef370a48214814bb9ad0e8461ed0af21f32ab84f243945980c5e36ba5e374b4de7a83bf9c67c29264609063d48eae2dae83832daed70170bb1ed39eafea SHA512 35f26e4849eb98cd73461aff439c19f77bbbcde9b7661402e3d419354c4dcddd057349c4f7178573f1ceea2e95326498eb9afea3bd48064bbff534fc7f6939c3 diff --git a/dev-libs/libtpms/libtpms-0.10.2.ebuild b/dev-libs/libtpms/libtpms-0.10.2.ebuild new file mode 100644 index 000000000000..01a609b453ff --- /dev/null +++ b/dev-libs/libtpms/libtpms-0.10.2.ebuild @@ -0,0 +1,51 @@ +# Copyright 1999-2026 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit autotools eapi9-ver + +DESCRIPTION="Library providing software emulation of a TPM" +HOMEPAGE="https://github.com/stefanberger/libtpms"; +SRC_URI="https://github.com/stefanberger/libtpms/archive/v${PV}.tar.gz -> ${P}.tar.gz" +LICENSE="BSD" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~x86" + +DEPEND="dev-libs/openssl:=" +RDEPEND="${DEPEND}" +BDEPEND="virtual/pkgconfig" + +PATCHES=( + "${FILESDIR}/${PN}-0.10.0-Remove-WError.patch" +) + +src_prepare() { + default + eautoreconf +} + +src_configure() { + # --disable-hardening because it just sets what our toolchain + # already does. If the user wants to disable that in their *FLAGS, + # or via USE on toolchain packages, honour that. + econf \ + --with-openssl \ + --disable-hardening +} + +src_install() { + default + find "${ED}" -name '*.la' -delete || die +} + +pkg_postinst() { + if ver_replacing -lt 0.8.0; then + elog "Versions of libtpms prior to 0.8.0 generate weaker than expected TPM 2.0 RSA" + elog "keys due to a flawed key creation algorithm. Because fixing this would render" + elog "existing sealed data inaccessible, to use the corrected algorithm, the old" + elog "TPM state file must be deleted and a new TPM state file created. Data still" + elog "sealed using the old state file will be permanently inaccessible. For the" + elog "details see https://github.com/stefanberger/libtpms/issues/183"; + fi +}
