commit: 5fe4d21bad106b44dc1cb67113a630bd242ab21c
Author: Salah Coronya <salah.coronya <AT> gmail <DOT> com>
AuthorDate: Wed Nov 18 23:44:37 2020 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Nov 20 15:10:26 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5fe4d21b
app-crypt/swtpm: Bump to 0.5.1 to fix CVE-2020-28407
Package-Manager: Portage-3.0.8, Repoman-3.0.2
Signed-off-by: Salah Coronya <salah.coronya <AT> gmail.com>
Signed-off-by: Sam James <sam <AT> gentoo.org>
app-crypt/swtpm/Manifest | 1 +
app-crypt/swtpm/swtpm-0.5.1.ebuild | 94 ++++++++++++++++++++++++++++++++++++++
2 files changed, 95 insertions(+)
diff --git a/app-crypt/swtpm/Manifest b/app-crypt/swtpm/Manifest
index 3a8b2fa15a3..eeda254b690 100644
--- a/app-crypt/swtpm/Manifest
+++ b/app-crypt/swtpm/Manifest
@@ -1 +1,2 @@
DIST swtpm-0.5.0.tar.gz 309011 BLAKE2B
3977acef1e68adca82ed5b51adb5f8787f6eb874ee16768b5b4bbbb13b043f8a39f534b2aa99ef92fb1608f0c4c805b51bb8fbc83297b71afcec2d99faff03d9
SHA512
ba7dafc9a9ddd28252615028a45fe3e68efd12df948c1e8ec938caabb840406a7a1935e1e4a6e1b6b8848bee08450673138dc5a0d63f0447f5e0e07350e4aed7
+DIST swtpm-0.5.1.tar.gz 309464 BLAKE2B
630a9add9a17e016f0158666bd3f4eafa773b7a2645820346d5f2847023310f8df4c2491184c5f5d02a83aa2bb53f8c266e5f2a6b07ab92502f08c7f1fa697ea
SHA512
8a034b1da916797b9869a4ff478a4c7093b1343ce2556054d2228214520f0e2a63a1d69709bf2cc62fe45710dd9a41c0eee488af9396e8baf8099e697593638c
diff --git a/app-crypt/swtpm/swtpm-0.5.1.ebuild
b/app-crypt/swtpm/swtpm-0.5.1.ebuild
new file mode 100644
index 00000000000..afdecc396ec
--- /dev/null
+++ b/app-crypt/swtpm/swtpm-0.5.1.ebuild
@@ -0,0 +1,94 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{7,8,9} )
+
+inherit autotools distutils-r1
+
+DESCRIPTION="Libtpms-based TPM emulator"
+HOMEPAGE="https://github.com/stefanberger/swtpm";
+SRC_URI="https://github.com/stefanberger/swtpm/archive/v${PV}.tar.gz ->
${P}.tar.gz"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~amd64"
+IUSE="fuse gnutls libressl seccomp test"
+
+RESTRICT="!test? ( test )"
+
+COMMON_DEPEND="
+ fuse? (
+ dev-libs/glib:2
+ sys-fs/fuse:0
+ )
+ gnutls? (
+ dev-libs/libtasn1:=
+ >=net-libs/gnutls-3.1.0[tools]
+ )
+ !libressl? (
+ dev-libs/openssl:0=
+ dev-libs/libtpms[-libressl]
+ )
+ libressl? (
+ dev-libs/libressl:0=
+ dev-libs/libtpms[libressl]
+ )
+ seccomp? ( sys-libs/libseccomp )
+"
+
+DEPEND="${COMMON_DEPEND}
+ test? (
+ net-misc/socat
+ dev-tcltk/expect
+ ${PYTHON_DEPS}
+ )
+"
+
+RDEPEND="${COMMON_DEPEND}
+ acct-group/tss
+ acct-user/tss
+ dev-python/cryptography[${PYTHON_USEDEP}]
+"
+
+PATCHES=(
+ "${FILESDIR}/${PN}-0.5.0-fix-localca-path.patch"
+ "${FILESDIR}/${PN}-0.5.0-build-sys-Remove-WError.patch"
+)
+
+src_prepare() {
+ use test || eapply
"${FILESDIR}/${PN}-0.5.0-disable-test-dependencies.patch"
+ default
+ eautoreconf
+ eautomake
+}
+
+src_configure() {
+ econf \
+ --disable-static \
+ --with-openssl \
+ --without-selinux \
+ $(use_with fuse cuse) \
+ $(use_with gnutls) \
+ $(use_with seccomp)
+}
+
+src_compile() {
+# We want the default src_compile, not the version distutils-r1 exports
+ default
+}
+
+src_install() {
+ default
+ python_foreach_impl python_optimize
+ fowners -R tss:root /var/lib/swtpm-localca
+ fperms 750 /var/lib/swtpm-localca
+ keepdir /var/lib/swtpm-localca
+ find "${D}" -name '*.la' -delete || die
+}
+
+src_test() {
+# We want the default src_test, not the version distutils-r1 exports
+ default
+}
