From bd02283430f674058a70637747a80fd1581c5405 Mon Sep 17 00:00:00 2001 From: Armin Kuster Date: Wed, 26 Apr 2023 10:05:44 -0400 Subject: swtpm: update to 0.8.0 includes CVE-2022-23645 Signed-off-by: Armin Kuster --- meta-tpm/recipes-tpm/swtpm/swtpm_0.7.3.bb | 50 ------------------------------- meta-tpm/recipes-tpm/swtpm/swtpm_0.8.0.bb | 50 +++++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+), 50 deletions(-) delete mode 100644 meta-tpm/recipes-tpm/swtpm/swtpm_0.7.3.bb create mode 100644 meta-tpm/recipes-tpm/swtpm/swtpm_0.8.0.bb diff --git a/meta-tpm/recipes-tpm/swtpm/swtpm_0.7.3.bb b/meta-tpm/recipes-tpm/swtpm/swtpm_0.7.3.bb deleted file mode 100644 index 55d83f9..0000000 --- a/meta-tpm/recipes-tpm/swtpm/swtpm_0.7.3.bb +++ /dev/null @@ -1,50 +0,0 @@ -SUMMARY = "SWTPM - Software TPM Emulator" -LICENSE = "BSD-3-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=fe8092c832b71ef20dfe4c6d3decb3a8" -SECTION = "apps" - -# expect-native, socat-native, coreutils-native and net-tools-native are reportedly only required for the tests -DEPENDS = "libtasn1 coreutils-native expect-native socat-native glib-2.0 net-tools-native libtpm json-glib" - -SRCREV = "f2268eebb0d1adf89bad83fa4cf91e37b4e3fa53" -SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-0.7-next;protocol=https \ - " -PE = "1" - -S = "${WORKDIR}/git" - -PARALLEL_MAKE = "" -inherit autotools pkgconfig perlnative - -TSS_USER="tss" -TSS_GROUP="tss" - -PACKAGECONFIG ?= "openssl gnutls" -PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)}" -PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'seccomp', 'seccomp', '', d)}" -PACKAGECONFIG += "${@bb.utils.contains('BBFILE_COLLECTIONS', 'filesystems-layer', 'cuse', '', d)}" -PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl, openssl" -# expect, bash, tpm2-pkcs11-tools (tpm2_ptool), tpmtool and certtool is -# used by swtpm-create-tpmca (the last two is provided by gnutls) -# gnutls is required by: swtpm-create-tpmca, swtpm-localca and swtpm_cert -PACKAGECONFIG[gnutls] = "--with-gnutls, --without-gnutls, gnutls-native gnutls, gnutls-bin expect bash tpm2-pkcs11-tools" -PACKAGECONFIG[selinux] = "--with-selinux, --without-selinux, libselinux" -PACKAGECONFIG[cuse] = "--with-cuse, --without-cuse, fuse" -PACKAGECONFIG[seccomp] = "--with-seccomp, --without-seccomp, libseccomp" - -EXTRA_OECONF += "--with-tss-user=${TSS_USER} --with-tss-group=${TSS_GROUP}" - -USERADD_PACKAGES = "${PN}" -GROUPADD_PARAM:${PN} = "--system ${TSS_USER}" -USERADD_PARAM:${PN} = "--system -g ${TSS_GROUP} --home-dir \ - --no-create-home --shell /bin/false ${BPN}" - - -PACKAGE_BEFORE_PN = "${PN}-cuse" -FILES:${PN}-cuse = "${bindir}/swtpm_cuse" - -INSANE_SKIP:${PN} += "dev-so" - -RDEPENDS:${PN} = "libtpm" - -BBCLASSEXTEND = "native nativesdk" diff --git a/meta-tpm/recipes-tpm/swtpm/swtpm_0.8.0.bb b/meta-tpm/recipes-tpm/swtpm/swtpm_0.8.0.bb new file mode 100644 index 0000000..614b07f --- /dev/null +++ b/meta-tpm/recipes-tpm/swtpm/swtpm_0.8.0.bb @@ -0,0 +1,50 @@ +SUMMARY = "SWTPM - Software TPM Emulator" +LICENSE = "BSD-3-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=fe8092c832b71ef20dfe4c6d3decb3a8" +SECTION = "apps" + +# expect-native, socat-native, coreutils-native and net-tools-native are reportedly only required for the tests +DEPENDS = "libtasn1 coreutils-native expect-native socat-native glib-2.0 net-tools-native libtpm json-glib" + +SRCREV = "2ae7b019370760e17f4f2675195a91ca53950eda" +SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=master;protocol=https \ + " +PE = "1" + +S = "${WORKDIR}/git" + +PARALLEL_MAKE = "" +inherit autotools pkgconfig perlnative + +TSS_USER="tss" +TSS_GROUP="tss" + +PACKAGECONFIG ?= "openssl gnutls" +PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)}" +PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'seccomp', 'seccomp', '', d)}" +PACKAGECONFIG += "${@bb.utils.contains('BBFILE_COLLECTIONS', 'filesystems-layer', 'cuse', '', d)}" +PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl, openssl" +# expect, bash, tpm2-pkcs11-tools (tpm2_ptool), tpmtool and certtool is +# used by swtpm-create-tpmca (the last two is provided by gnutls) +# gnutls is required by: swtpm-create-tpmca, swtpm-localca and swtpm_cert +PACKAGECONFIG[gnutls] = "--with-gnutls, --without-gnutls, gnutls-native gnutls, gnutls-bin expect bash tpm2-pkcs11-tools" +PACKAGECONFIG[selinux] = "--with-selinux, --without-selinux, libselinux" +PACKAGECONFIG[cuse] = "--with-cuse, --without-cuse, fuse" +PACKAGECONFIG[seccomp] = "--with-seccomp, --without-seccomp, libseccomp" + +EXTRA_OECONF += "--with-tss-user=${TSS_USER} --with-tss-group=${TSS_GROUP}" + +USERADD_PACKAGES = "${PN}" +GROUPADD_PARAM:${PN} = "--system ${TSS_USER}" +USERADD_PARAM:${PN} = "--system -g ${TSS_GROUP} --home-dir \ + --no-create-home --shell /bin/false ${BPN}" + + +PACKAGE_BEFORE_PN = "${PN}-cuse" +FILES:${PN}-cuse = "${bindir}/swtpm_cuse" + +INSANE_SKIP:${PN} += "dev-so" + +RDEPENDS:${PN} = "libtpm" + +BBCLASSEXTEND = "native nativesdk" -- cgit v1.2.3-54-g00ecf