gentoo auto-resync : 28:11:2024 - 02:00:16

6 files changed, 549 insertions, 0 deletions

diff --git a/app-crypt/Manifest.gz b/app-crypt/Manifest.gz
index 5541efca3168..9519c4768bd8 100644
--- a/app-crypt/Manifest.gz
+++ b/app-crypt/Manifest.gz
diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest
index 7577be9fdb83..aa9debbd6b1d 100644
--- a/app-crypt/gnupg/Manifest
+++ b/app-crypt/gnupg/Manifest
@@ -23,6 +23,8 @@ DIST gnupg-2.4.5.tar.bz2 7889060 BLAKE2B a8b80cd4dfbb377066efb5c9f1b6cdc6d0cd1b1
 DIST gnupg-2.4.5.tar.bz2.sig 238 BLAKE2B b236e7d62f49c8385f4fb81389bf10715d9c0a0cb5c0b4c20fb6ff1465d05a3c3657061284db23af988a1ca16c9fa393af3ce5cbd27934501eb41a4f448fff0a SHA512 5a06970e499d1eb5213b142a8a182e46f5f21b7cb32785a9e5069378797c124e151ce74727382003820042d60fd7a2f909143f44aa9ef282605875e1cab04aef
 DIST gnupg-2.4.6.tar.bz2 8011304 BLAKE2B 3b0deb3da1ec404e8f0aa50c424c7072727f933228de732d661a17ca15785b7430700e7b88afba69538f9794863cb218c90ae3d43469541fb9152fbabd3bc909 SHA512 192ae6cb18547e9c5fc4263dc968b548c1ce563ceb8cc2e651b264d4e5afa1cd99a2c1cdd80906faf5e0b0ca99cef76e003b1f7e73238f311a74a1de6c35b5cb
 DIST gnupg-2.4.6.tar.bz2.sig 119 BLAKE2B f22b9488a46e585eaa4ed6434c37603756de2a0136a6e8a44d974304d31299f64dee5065a0c1f8ed6aff24555e369ffa213558027698a7e7b2244cef7c9eff76 SHA512 699f99d5aedbb1adef0fc46fbfb4184996ebaeb08e3c5a4d64195cd14e628a17a234ff9d990ad63c32119cbab24bcba802590eaf69f030a0a0addf9928172221
+DIST gnupg-2.4.7.tar.bz2 8010244 BLAKE2B 4cdc6be4330b0c8f150d9d1a9ce9c7d34232ecf9b980b15fbd20e96ff6fcd8665688456d66f1c862b816472034eaa0796444357b1f36e75e8520a603a0e6b298 SHA512 3e84f1679904bf0efb789df6466e468bd2be9149d52561f35e2380038133479bebf1c61ee7adf6d3564b370915f32111098c052be6e6acaf3083a807f9f36019
+DIST gnupg-2.4.7.tar.bz2.sig 119 BLAKE2B e97012f433c2818dda953ccaa2f5e8e94492b306a7815b16d7a9f8bf165f11972114d94a1aaba6156baed0ee3566ad998ed74a9521c71464268f4c6f8f14306c SHA512 d944a57b21fa7a4058fb4f00e3c164220be038037010a07a43e48c881dd66d901f8ea249f5df183a1c7de811ecc3aa9ed1591c18baf201e338129eb7e28bddc4
 DIST gnupg-2.5.1.tar.bz2 8126739 BLAKE2B 46955d2eebe14395adc0fdf81e89a32f3f9baaabfe1eee78f256a1fab25ce6fdb96b873678cfeb5e4abf4894c7ab4908359ed04cc6571ff442dcc5325b3ccd66 SHA512 733a11ff24145e23dd7d34d954a70c25bf70ecb1d517b8e15cc34bf690786c9f7007e4e99cde573500ac012852e91b29568fed00491f8c8254b3fb63ca5777cd
 DIST gnupg-2.5.1.tar.bz2.sig 238 BLAKE2B cd024a63ecb82a12e92444cbff8dbc9bef6a4e436d59957aae77927cce0baf9e282e63df7a5159a521c7c8694a0dbe96d6537ad3ec5f779c7c0dea8d02b5e70d SHA512 8ffd5cc72a2907972bf1854e804f6c215ff66ba2d6e91952700f49b2b5ba8bab035d0f42efdb0d3c3166301cda6e716394928bdd9c0d0d1e1789a02c7aa1a926
 EBUILD gnupg-2.2.42-r4.ebuild 5703 BLAKE2B e3b01ff2397a38d7062799195fc52c969d0ac117211eb385c13280211a5e0c7467fe158e1fcc958afda9745c0a9b9ef482d21d4d8809de14ebefddcd089fa6ba SHA512 80845654342a6f301d80e7c22e9efd8531fbdc3cb989c99421ccc2bdc532f79983b4d44088558cfbf2a941869f2bd83c587c262d141851be43b5e15e01ddb0d0
@@ -31,5 +33,6 @@ EBUILD gnupg-2.2.45.ebuild 5645 BLAKE2B 1ec23a834e5a336cd939be1f6c3eba1630b1882c
 EBUILD gnupg-2.4.5-r1.ebuild 5894 BLAKE2B a235df7b022acf9bc4d11fa566b7edf39f60dd865802685f5bf68e6df76913589691476a2d48a885816e8aecc2112de14508e44882e43dd3bbefdedd54385a14 SHA512 f621e0a6227862acdab31bb5902e235b8fd5c3e3908be747d5680957d0d55ad5b92ba6a7e2436d1902cd304a40a62fdca8236e67563624bce0b4d683c0364d9b
 EBUILD gnupg-2.4.5-r2.ebuild 6119 BLAKE2B 2f414a0dfe969c750e09ceacde25805ed8b04cb9ae9630b2731da6473796ca77dbb76bd555198350dd6b837f3cd14f7019a75b63ba05f1f0366dc544747f4ce4 SHA512 04ca8526ddc38c858f50c233568c28111f90c6ae222663eebc5ffcfa3852ee5397eca28fbf73324e771855060dd74792b97eac51c64d79edd2ccb3eb35c3c8f0
 EBUILD gnupg-2.4.6-r1.ebuild 6108 BLAKE2B 42df459e2600661c0f8927e9fc8fe70fc7aa226208aa9e4bb618d939d61207c9b5e1a9a08d9098fc51c2f5190e67ec8eea0fec827efec2db81d5361ff3f1811b SHA512 d6004160d9f7ecfa6d3712c12e12d7b1e606b945985a7696aa94e39466c1c8b5427dfc6455ad1e1da9e170b7b4580e1a4f7105c9e3cc468f48b0b9439386582f
+EBUILD gnupg-2.4.7.ebuild 6071 BLAKE2B 60a0f547d426102d9670adfa258aaedf439a5ef5fc1587200c4233df859174959631c964408780ca7791f4421e9a566c08fa18bef6038c76d321ac2f4a5e5082 SHA512 f0cfd30a7c16f40bd83b72d68578a51d578f62eae82b08d4bb7610663a2683ba535a30b7abc576770f5569700d48f5b275a19a4a1fe676c10c22367e5b748782
 EBUILD gnupg-2.5.1.ebuild 6087 BLAKE2B 489d00a348d323809439f838e90e344db63aa5185c089d2ef743469a5867ea06b5ba0ab97005bfef30f5957edb7f213501d2f692774bf9458c3afcbd167a8208 SHA512 e744fe7b322c16c4d842fb553a5129abc482bcb8846121c92be7d3bbc3139ee546dde281fc2645ec6413dd8b9fd0bbb77630f7fa6fe0cd6a2de524195517ac2b
 MISC metadata.xml 1189 BLAKE2B dae783678abfe0bae095970d96d952f591a569debad411708d29a2f128c6a291b73a33ee0b3491a6a5ec44c11f56d33c1531022e0ef9eaad3326c9cd0f79e3fb SHA512 bc7d6a9ceda213c134d9afc527fe0b0c87a4886a171b7a1e1f662f3978fec5e71323bae4c9f3882e1d763d5738446f161265070a8e513a59fa62ef0f792e9fa5
diff --git a/app-crypt/gnupg/gnupg-2.4.7.ebuild b/app-crypt/gnupg/gnupg-2.4.7.ebuild
new file mode 100644
index 000000000000..53572e307e0d
--- /dev/null
+++ b/app-crypt/gnupg/gnupg-2.4.7.ebuild
@@ -0,0 +1,198 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Maintainers should:
+# 1. Join the "Gentoo" project at https://dev.gnupg.org/project/view/27/
+# 2. Subscribe to release tasks like https://dev.gnupg.org/T6159
+# (find the one for the current release then subscribe to it +
+# any subsequent ones linked within so you're covered for a while.)
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/gnupg.asc
+# in-source builds are not supported: https://dev.gnupg.org/T6313#166339
+inherit flag-o-matic out-of-source multiprocessing systemd toolchain-funcs verify-sig
+
+MY_P="${P/_/-}"
+
+DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
+HOMEPAGE="https://gnupg.org/"
+SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
+SRC_URI+=" verify-sig? ( mirror://gnupg/gnupg/${P}.tar.bz2.sig )"
+S="${WORKDIR}/${MY_P}"
+
+LICENSE="GPL-3+"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl test +tofu tpm tools usb user-socket wks-server"
+RESTRICT="!test? ( test )"
+REQUIRED_USE="test? ( tofu )"
+
+# Existence of executables is checked during configuration.
+# Note: On each bump, update dep bounds on each version from configure.ac!
+DEPEND="
+	>=dev-libs/libassuan-2.5.0:=
+	>=dev-libs/libgcrypt-1.9.1:=
+	>=dev-libs/libgpg-error-1.46
+	>=dev-libs/libksba-1.6.3
+	>=dev-libs/npth-1.2
+	>=net-misc/curl-7.10
+	sys-libs/zlib
+	bzip2? ( app-arch/bzip2 )
+	ldap? ( net-nds/openldap:= )
+	readline? ( sys-libs/readline:0= )
+	smartcard? ( usb? ( virtual/libusb:1 ) )
+	tofu? ( >=dev-db/sqlite-3.27 )
+	tpm? ( >=app-crypt/tpm2-tss-2.4.0:= )
+	ssl? ( >=net-libs/gnutls-3.2:0= )
+"
+RDEPEND="
+	${DEPEND}
+	nls? ( virtual/libintl )
+	selinux? ( sec-policy/selinux-gpg )
+	wks-server? ( virtual/mta )
+"
+PDEPEND="
+	app-crypt/pinentry
+"
+BDEPEND="
+	virtual/pkgconfig
+	doc? ( sys-apps/texinfo )
+	nls? ( sys-devel/gettext )
+	verify-sig? ( sec-keys/openpgp-keys-gnupg )
+"
+
+DOCS=(
+	ChangeLog NEWS README THANKS TODO VERSION
+	doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
+)
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch
+	"${FILESDIR}"/${PN}-2.4.5-revert-rfc4880bis.patch # bug #926186
+)
+
+src_prepare() {
+	default
+
+	GNUPG_SYSTEMD_UNITS=(
+		dirmngr.service
+		dirmngr.socket
+		gpg-agent-browser.socket
+		gpg-agent-extra.socket
+		gpg-agent.service
+		gpg-agent.socket
+		gpg-agent-ssh.socket
+	)
+
+	cp "${GNUPG_SYSTEMD_UNITS[@]/#/${FILESDIR}/}" "${T}" || die
+
+	# Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode,
+	# idea borrowed from libdbus, see
+	#   https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6
+	#
+	# This cannot be upstreamed, as it requires determining the exact prefix of 'systemctl',
+	# which in turn requires discovery in Autoconf, something that upstream deeply resents.
+	sed -e "/DirectoryMode=/a ExecStartPost=-${EPREFIX}/bin/systemctl --user set-environment SSH_AUTH_SOCK=%t/gnupg/S.gpg-agent.ssh" \
+		-i "${T}"/gpg-agent-ssh.socket || die
+}
+
+my_src_configure() {
+	# Upstream don't support LTO, bug #854222.
+	filter-lto
+
+	local myconf=(
+		$(use_enable bzip2)
+		$(use_enable nls)
+		$(use_enable smartcard scdaemon)
+		$(use_enable ssl gnutls)
+		$(use_enable test all-tests)
+		$(use_enable test tests)
+		$(use_enable tofu)
+		$(use_enable tofu keyboxd)
+		$(use_enable tofu sqlite)
+		$(usex tpm '--with-tss=intel' '--disable-tpm2d')
+		$(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver')
+		$(use_enable wks-server wks-tools)
+		$(use_with ldap)
+		$(use_with readline)
+
+		# Hardcode mailprog to /usr/libexec/sendmail even if it does not exist.
+		# As of GnuPG 2.3, the mailprog substitution is used for the binary called
+		# by wks-client & wks-server; and if it's autodetected but not not exist at
+		# build time, then then 'gpg-wks-client --send' functionality will not
+		# work. This has an unwanted side-effect in stage3 builds: there was a
+		# [R]DEPEND on virtual/mta, which also brought in virtual/logger, bloating
+		# the build where the install guide previously make the user chose the
+		# logger & mta early in the install.
+		--with-mailprog=/usr/libexec/sendmail
+
+		--disable-ntbtls
+		--enable-gpgsm
+		--enable-large-secmem
+
+		CC_FOR_BUILD="$(tc-getBUILD_CC)"
+		GPGRT_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-gpgrt-config"
+
+		$("${S}/configure" --help | grep -o -- '--without-.*-prefix')
+	)
+
+	if use prefix && use usb; then
+		# bug #649598
+		append-cppflags -I"${ESYSROOT}/usr/include/libusb-1.0"
+	fi
+
+	if [[ ${CHOST} == *-solaris* ]] ; then
+		# https://dev.gnupg.org/T7368
+		append-cppflags -D_XOPEN_SOURCE=500
+	fi
+
+	# bug #663142
+	if use user-socket; then
+		myconf+=( --enable-run-gnupg-user-socket )
+	fi
+
+	# glib fails and picks up clang's internal stdint.h causing weird errors
+	tc-is-clang && export gl_cv_absolute_stdint_h="${ESYSROOT}"/usr/include/stdint.h
+
+	econf "${myconf[@]}"
+}
+
+my_src_compile() {
+	default
+
+	use doc && emake -C doc html
+}
+
+my_src_test() {
+	export TESTFLAGS="--parallel=$(makeopts_jobs)"
+
+	default
+}
+
+my_src_install() {
+	emake DESTDIR="${D}" install
+
+	use tools && dobin tools/{gpgconf,gpgsplit,gpg-check-pattern} tools/make-dns-cert
+
+	dosym gpg /usr/bin/gpg2
+	dosym gpgv /usr/bin/gpgv2
+	echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
+	echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
+
+	dodir /etc/env.d
+	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
+
+	use doc && dodoc doc/gnupg.html/*
+}
+
+my_src_install_all() {
+	einstalldocs
+
+	use tools && dobin tools/{convert-from-106,mail-signed-keys,lspgpot}
+	use doc && dodoc doc/*.png
+
+	# Dropped upstream in https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=eae28f1bd4a5632e8f8e85b7248d1c4d4a10a5ed.
+	dodoc "${FILESDIR}"/README-systemd
+	systemd_douserunit "${GNUPG_SYSTEMD_UNITS[@]/#/${T}/}"
+}
diff --git a/app-crypt/libscrypt/Manifest b/app-crypt/libscrypt/Manifest
index 54f19f96acb8..8380777cf565 100644
--- a/app-crypt/libscrypt/Manifest
+++ b/app-crypt/libscrypt/Manifest
@@ -1,6 +1,8 @@
+AUX libscrypt-1.22-aliasing.patch 8753 BLAKE2B 3bb7c36cee79fed3959e84fe9a35ed0f5952b6ba26385b1366d0f273327e932a068145a101256ef94d3faacc98972e9fdecbb5baddf082ed6724b1e242c04314 SHA512 886f33ff25892a7b72e3cb8497a423160f3d2087c21c99bace9268f758d9c74593616a767cb75f3f8b83b0dfcb22dbd6d2715e5c96dc4f75ea1b82f3e0383eb9
 AUX libscrypt-1.22-no-clobber-fortify-source.patch 438 BLAKE2B e5089a6532f054447cd5161a8b7dbdfb32a432527b7702ce265d8c1bac76b8549d6adfcc6157e890bde4e0c9551d78f2d0aff24ea7ab989423a3716e65fcb334 SHA512 cbb9c1d6608c562c298abe5989d31b6b49f63e4640e271b93031d35fd749427182bafae64a75b6effc4e7143ae9f2867f3772090ec503f7c8073a3c10b53949f
 DIST libscrypt-1.22.tar.gz 19495 BLAKE2B 2c04b91dc48e807223a3433739deb31186efc1b4066cb57e3db835b68de4d08b9586d0a686d5f0f4c119582e82823fbf0556944c190d586664cc4d6f014ad5ab SHA512 3c01fd76441bdf7c90fa17534bfdda9e279469676359172eda7f7683ca65a7aae576a87d07125ce38598ef3fd2755547d53417132b9159a2b211898f70c80f51
 EBUILD libscrypt-1.22-r1.ebuild 714 BLAKE2B 2059031221c9ace3a5fcb8e3f4632869078b1fbeba2101fcb68816434f43f1856edc073973ad3691aa17998c14c96ff84a29a794491fb60734c08004a2648a5b SHA512 d432ffdf0f3da3105c21de0de925169d60faf4af8ca760c2415b123241434758b7a47bd80b42e1bac53130386845401f5ffd88250786beb3926eb861f05999ea
 EBUILD libscrypt-1.22-r2.ebuild 810 BLAKE2B c293491b3d8f1088de1a7f243e3c15e79db72eff273fb0312eb1981fa97f5b872e3799355333a101f36aa5acaad62c427bcae4f9c20aed9ead93653268379fa4 SHA512 43352d147b73beb6b8edac61a6ea8aaf4162a35d0789cf7635ae404bfd72cd48035c419c6ae12e6f33f2e5b1fd85c41871fdc458d3471f9715ad7d97f6c0305f
+EBUILD libscrypt-1.22-r3.ebuild 851 BLAKE2B e05805ddac1283b3b6938570db46d5ed46614a08bd7c6be88fad4be992ee7ab56a85ce8291c6fce4fdfa517f6affecef2ccf8235d2b3ac5bb279161b005e0116 SHA512 8be7476ebc9e003e433564e65759ddea3f2af137d49348d2a8336730e38a35ff1d683207079bba0cf2b6d257105b2d5e518e4dfc04c7fbd1b05acbf4f0c7dc8f
 EBUILD libscrypt-1.22.ebuild 651 BLAKE2B 5450158a061a864f203f10da091136f0aaaab11eecb3fe6f0c9b94cecfda50e0549ad88b6f498309ed4e16d813822e6a326655964a2b965e44e3712c63bcd45a SHA512 8fd7aa25a3662c4fe46a03641636d5b1fc5afd1f81f533ea77ace70880e4c1ac3329d21b0ef452256a3fc75bd387310a832fa79caf96f38e2d9dce5a7f11fa6b
 MISC metadata.xml 256 BLAKE2B 0583a0f48ddab7dd1ff43587374095c077c0d5afc7134fda41a688d537250f7b9942cf538518c890f3cb175c8c8f7dd170bc3a54ff717129ac16c2531bd48d56 SHA512 db3da96ac2e1680073a199ced5f81dd8b9f17954fef1cfd5b52a626f90a02024f7fcb9eaf4433194d0b6596c22553d5aec1695234a23f3a9d6fcb3e12c6c128f
diff --git a/app-crypt/libscrypt/files/libscrypt-1.22-aliasing.patch b/app-crypt/libscrypt/files/libscrypt-1.22-aliasing.patch
new file mode 100644
index 000000000000..770358b90e6f
--- /dev/null
+++ b/app-crypt/libscrypt/files/libscrypt-1.22-aliasing.patch
@@ -0,0 +1,309 @@
+https://bugs.gentoo.org/931556
+https://gcc.gnu.org/PR117800
+https://github.com/technion/libscrypt/issues/60
+https://github.com/technion/libscrypt/pull/62
+
+From 1c20db581099de69d3f8ce8e06981e7c7e14f2e4 Mon Sep 17 00:00:00 2001
+From: Sam James <sam@gentoo.org>
+Date: Wed, 27 Nov 2024 03:07:57 +0000
+Subject: [PATCH 1/3] sysendian.h: fix aliasing violations
+
+Accessing a e.g. uint32_t as uint8_t is an aliasing violation. The
+helpers here are nearly idiomatic for avoiding that anyway, so fix
+them up accordingly.
+--- a/sysendian.h
++++ b/sysendian.h
+@@ -49,95 +49,77 @@
+ #endif
+ 
+ static INLINE uint32_t
+-be32dec(const void *pp)
++be32dec(const unsigned char* p)
+ {
+-	const uint8_t *p = (uint8_t const *)pp;
+-
+-	return ((uint32_t)(p[3]) + ((uint32_t)(p[2]) << 8) +
+-	    ((uint32_t)(p[1]) << 16) + ((uint32_t)(p[0]) << 24));
++	return ((uint32_t)p[0] << 24) | ((uint32_t)p[1] << 16) | ((uint32_t)p[2] << 8) |
++		((uint32_t)p[3] << 0);
+ }
+ 
+ static INLINE void
+-be32enc(void *pp, uint32_t x)
++be32enc(unsigned char* p, const uint32_t x)
+ {
+-	uint8_t * p = (uint8_t *)pp;
+-
+-	p[3] = x & 0xff;
+-	p[2] = (x >> 8) & 0xff;
+-	p[1] = (x >> 16) & 0xff;
+-	p[0] = (x >> 24) & 0xff;
++	p[0] = (x >> 24);
++	p[1] = (x >> 16);
++	p[2] = (x >> 8);
++	p[3] = (x >> 0);
+ }
+ 
+ static INLINE uint64_t
+-be64dec(const void *pp)
++be64dec(const unsigned char* p)
+ {
+-	const uint8_t *p = (uint8_t const *)pp;
+-
+-	return ((uint64_t)(p[7]) + ((uint64_t)(p[6]) << 8) +
+-	    ((uint64_t)(p[5]) << 16) + ((uint64_t)(p[4]) << 24) +
+-	    ((uint64_t)(p[3]) << 32) + ((uint64_t)(p[2]) << 40) +
+-	    ((uint64_t)(p[1]) << 48) + ((uint64_t)(p[0]) << 56));
++	return ((uint64_t)p[0] << 0) | ((uint64_t)p[1] << 8) | ((uint64_t)p[2] << 16) |
++		((uint64_t)p[3] << 24) | ((uint64_t)p[4] << 32) | ((uint64_t)p[5] << 40) |
++		((uint64_t)p[6] << 48) | ((uint64_t)p[7] << 56);
+ }
+ 
+ static INLINE void
+-be64enc(void *pp, uint64_t x)
++be64enc(unsigned char* p, const uint64_t x)
+ {
+-	uint8_t * p = (uint8_t *)pp;
+-
+-	p[7] = x & 0xff;
+-	p[6] = (x >> 8) & 0xff;
+-	p[5] = (x >> 16) & 0xff;
+-	p[4] = (x >> 24) & 0xff;
+-	p[3] = (x >> 32) & 0xff;
+-	p[2] = (x >> 40) & 0xff;
+-	p[1] = (x >> 48) & 0xff;
+-	p[0] = (x >> 56) & 0xff;
++	p[0] = (x >> 56);
++	p[1] = (x >> 48);
++	p[2] = (x >> 40);
++	p[3] = (x >> 32);
++	p[4] = (x >> 24);
++	p[5] = (x >> 16);
++	p[6] = (x >> 8);
++	p[7] = (x >> 0);
+ }
+ 
+ static INLINE uint32_t
+-le32dec(const void *pp)
++le32dec(const unsigned char* p)
+ {
+-	const uint8_t *p = (uint8_t const *)pp;
+-
+-	return ((uint32_t)(p[0]) + ((uint32_t)(p[1]) << 8) +
+-	    ((uint32_t)(p[2]) << 16) + ((uint32_t)(p[3]) << 24));
++	return ((uint32_t)p[0] << 0) | ((uint32_t)p[1] << 8) | ((uint32_t)p[2] << 16) |
++		((uint32_t)p[3] << 24);
+ }
+ 
+ static INLINE void
+-le32enc(void *pp, uint32_t x)
++le32enc(unsigned char* p, const uint32_t x)
+ {
+-	uint8_t * p = (uint8_t *)pp;
+-
+-	p[0] = x & 0xff;
+-	p[1] = (x >> 8) & 0xff;
+-	p[2] = (x >> 16) & 0xff;
+-	p[3] = (x >> 24) & 0xff;
++	p[0] = (x >> 0);
++	p[1] = (x >> 8);
++	p[2] = (x >> 16);
++	p[3] = (x >> 24);
+ }
+ 
+ static INLINE uint64_t
+-le64dec(const void *pp)
++le64dec(const unsigned char* p)
+ {
+-	const uint8_t *p = (uint8_t const *)pp;
+-
+-	return ((uint64_t)(p[0]) + ((uint64_t)(p[1]) << 8) +
+-	    ((uint64_t)(p[2]) << 16) + ((uint64_t)(p[3]) << 24) +
+-	    ((uint64_t)(p[4]) << 32) + ((uint64_t)(p[5]) << 40) +
+-	    ((uint64_t)(p[6]) << 48) + ((uint64_t)(p[7]) << 56));
++	return ((uint64_t)p[0] << 0) | ((uint64_t)p[1] << 8) | ((uint64_t)p[2] << 16) |
++		((uint64_t)p[3] << 24) | ((uint64_t)p[4] << 32) | ((uint64_t)p[5] << 40) |
++		((uint64_t)p[6] << 48) | ((uint64_t)p[7] << 56);
+ }
+ 
+ static INLINE void
+-le64enc(void *pp, uint64_t x)
++le64enc(unsigned char* p, const uint64_t x)
+ {
+-	uint8_t * p = (uint8_t *)pp;
+-
+-	p[0] = x & 0xff;
+-	p[1] = (x >> 8) & 0xff;
+-	p[2] = (x >> 16) & 0xff;
+-	p[3] = (x >> 24) & 0xff;
+-	p[4] = (x >> 32) & 0xff;
+-	p[5] = (x >> 40) & 0xff;
+-	p[6] = (x >> 48) & 0xff;
+-	p[7] = (x >> 56) & 0xff;
++	p[0] = (x >> 0);
++	p[1] = (x >> 8);
++	p[2] = (x >> 16);
++	p[3] = (x >> 24);
++	p[4] = (x >> 32);
++	p[5] = (x >> 40);
++	p[6] = (x >> 48);
++	p[7] = (x >> 56);
+ }
+ #endif /* !HAVE_SYS_ENDIAN_H */
+ 
+
+From da48d4408fb5364ab20ef98696bb5b0f0388f6f9 Mon Sep 17 00:00:00 2001
+From: Sam James <sam@gentoo.org>
+Date: Wed, 27 Nov 2024 03:09:46 +0000
+Subject: [PATCH 2/3] b64: fix -Wold-style-definition
+
+Drop K&R decls. Most of the codebase uses ISO decls anyway.
+--- a/b64.c
++++ b/b64.c
+@@ -120,11 +120,7 @@ static const char Pad64 = '=';
+ */
+ 
+ int
+-libscrypt_b64_encode(src, srclength, target, targsize)
+-	unsigned char const *src;
+-	size_t srclength;
+-	char *target;
+-	size_t targsize;
++libscrypt_b64_encode(unsigned char const *src, size_t srclength, char *target, size_t targsize)
+ {
+ 	size_t datalength = 0;
+ 	unsigned char input[3];
+@@ -184,10 +180,7 @@ libscrypt_b64_encode(src, srclength, target, targsize)
+  */
+ 
+ int
+-libscrypt_b64_decode(src, target, targsize)
+-	char const *src;
+-	unsigned char *target;
+-	size_t targsize;
++libscrypt_b64_decode(char const *src, unsigned char *target, size_t targsize)
+ {
+ 	int state, ch;
+     unsigned int tarindex;
+
+From 7b574b9c517a3d1f9bd0e265a5f287155293cb85 Mon Sep 17 00:00:00 2001
+From: Sam James <sam@gentoo.org>
+Date: Wed, 27 Nov 2024 03:48:29 +0000
+Subject: [PATCH 3/3] crypto_scrypt-nosse: fix aliasing violations
+
+blkcpy was accessing memory as size_t* where it started as uint32_t*
+which is an aliasing violation. But just replace it with memcpy rather
+than reinventing the wheel.
+
+It turns out this got fixed in scrypt a while ago, so let's do the same
+fix as they did: https://github.com/Tarsnap/scrypt/commit/209fd279c9357010d1dabd446c458dfeb9820e6c.
+
+Closes: https://github.com/technion/libscrypt/issues/60
+--- a/crypto_scrypt-nosse.c
++++ b/crypto_scrypt-nosse.c
+@@ -41,35 +41,19 @@
+ 
+ #include "libscrypt.h"
+ 
+-static void blkcpy(void *, void *, size_t);
+-static void blkxor(void *, void *, size_t);
++static void blkxor(uint32_t * dest, uint32_t * src, size_t len);
+ static void salsa20_8(uint32_t[16]);
+ static void blockmix_salsa8(uint32_t *, uint32_t *, uint32_t *, size_t);
+-static uint64_t integerify(void *, size_t);
++static uint64_t integerify(uint32_t * B, size_t r);
+ static void smix(uint8_t *, size_t, uint64_t, uint32_t *, uint32_t *);
+ 
+ static void
+-blkcpy(void * dest, void * src, size_t len)
++blkxor(uint32_t * dest, uint32_t * src, size_t len)
+ {
+-	size_t * D = dest;
+-	size_t * S = src;
+-	size_t L = len / sizeof(size_t);
+ 	size_t i;
+ 
+-	for (i = 0; i < L; i++)
+-		D[i] = S[i];
+-}
+-
+-static void
+-blkxor(void * dest, void * src, size_t len)
+-{
+-	size_t * D = dest;
+-	size_t * S = src;
+-	size_t L = len / sizeof(size_t);
+-	size_t i;
+-
+-	for (i = 0; i < L; i++)
+-		D[i] ^= S[i];
++	for (i = 0; i < len / 4; i++)
++		dest[i] ^= src[i];
+ }
+ 
+ /**
+@@ -82,7 +66,7 @@ salsa20_8(uint32_t B[16])
+ 	uint32_t x[16];
+ 	size_t i;
+ 
+-	blkcpy(x, B, 64);
++	memcpy(x, B, 64);
+ 	for (i = 0; i < 8; i += 2) {
+ #define R(a,b) (((a) << (b)) | ((a) >> (32 - (b))))
+ 		/* Operate on columns. */
+@@ -128,7 +112,7 @@ blockmix_salsa8(uint32_t * Bin, uint32_t * Bout, uint32_t * X, size_t r)
+ 	size_t i;
+ 
+ 	/* 1: X <-- B_{2r - 1} */
+-	blkcpy(X, &Bin[(2 * r - 1) * 16], 64);
++	memcpy(X, &Bin[(2 * r - 1) * 16], 64);
+ 
+ 	/* 2: for i = 0 to 2r - 1 do */
+ 	for (i = 0; i < 2 * r; i += 2) {
+@@ -138,7 +122,7 @@ blockmix_salsa8(uint32_t * Bin, uint32_t * Bout, uint32_t * X, size_t r)
+ 
+ 		/* 4: Y_i <-- X */
+ 		/* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */
+-		blkcpy(&Bout[i * 8], X, 64);
++		memcpy(&Bout[i * 8], X, 64);
+ 
+ 		/* 3: X <-- H(X \xor B_i) */
+ 		blkxor(X, &Bin[i * 16 + 16], 64);
+@@ -146,7 +130,7 @@ blockmix_salsa8(uint32_t * Bin, uint32_t * Bout, uint32_t * X, size_t r)
+ 
+ 		/* 4: Y_i <-- X */
+ 		/* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */
+-		blkcpy(&Bout[i * 8 + r * 16], X, 64);
++		memcpy(&Bout[i * 8 + r * 16], X, 64);
+ 	}
+ }
+ 
+@@ -155,10 +139,9 @@ blockmix_salsa8(uint32_t * Bin, uint32_t * Bout, uint32_t * X, size_t r)
+  * Return the result of parsing B_{2r-1} as a little-endian integer.
+  */
+ static uint64_t
+-integerify(void * B, size_t r)
++integerify(uint32_t * B, size_t r)
+ {
+-	uint32_t * X = (void *)((uintptr_t)(B) + (2 * r - 1) * 64);
+-
++	const uint32_t * X = B + (2 * r - 1) * 16;
+ 	return (((uint64_t)(X[1]) << 32) + X[0]);
+ }
+ 
+@@ -187,13 +170,13 @@ smix(uint8_t * B, size_t r, uint64_t N, uint32_t * V, uint32_t * XY)
+ 	/* 2: for i = 0 to N - 1 do */
+ 	for (i = 0; i < N; i += 2) {
+ 		/* 3: V_i <-- X */
+-		blkcpy(&V[i * (32 * r)], X, 128 * r);
++		memcpy(&V[i * (32 * r)], X, 128 * r);
+ 
+ 		/* 4: X <-- H(X) */
+ 		blockmix_salsa8(X, Y, Z, r);
+ 
+ 		/* 3: V_i <-- X */
+-		blkcpy(&V[(i + 1) * (32 * r)], Y, 128 * r);
++		memcpy(&V[(i + 1) * (32 * r)], Y, 128 * r);
+ 
+ 		/* 4: X <-- H(X) */
+ 		blockmix_salsa8(Y, X, Z, r);
diff --git a/app-crypt/libscrypt/libscrypt-1.22-r3.ebuild b/app-crypt/libscrypt/libscrypt-1.22-r3.ebuild
new file mode 100644
index 000000000000..14c7fa33ed18
--- /dev/null
+++ b/app-crypt/libscrypt/libscrypt-1.22-r3.ebuild
@@ -0,0 +1,37 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit toolchain-funcs
+
+DESCRIPTION="Shared library to implement the scrypt algorithm"
+HOMEPAGE="https://github.com/technion/libscrypt"
+SRC_URI="https://github.com/technion/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="BSD-2"
+SLOT="0"
+KEYWORDS="amd64 arm arm64 ~hppa ~mips ppc ppc64 ~riscv sparc x86"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-1.22-no-clobber-fortify-source.patch
+	"${FILESDIR}"/${PN}-1.22-aliasing.patch
+)
+
+src_prepare() {
+	sed -i -e "s|ar rcs|$(tc-getAR) rcs|g" Makefile || die
+	default
+}
+
+src_configure() {
+	export PREFIX="${EPREFIX}"/usr
+	export LIBDIR=${PREFIX}/$(get_libdir)
+	export CFLAGS_EXTRA="${CFLAGS}"
+	export LDFLAGS_EXTRA="${LDFLAGS}"
+	unset CFLAGS
+	unset LDFLAGS
+}
+
+src_compile() {
+	emake CC="$(tc-getCC)"
+}