gentoo auto-resync : 31:12:2023 - 05:49:48

6 files changed, 0 insertions, 267 deletions

diff --git a/dev-libs/Manifest.gz b/dev-libs/Manifest.gz
index ce2c42d84fbd..b90af1b1ac76 100644
--- a/dev-libs/Manifest.gz
+++ b/dev-libs/Manifest.gz
diff --git a/dev-libs/libxml2/Manifest b/dev-libs/libxml2/Manifest
index 9cc10241274d..8ef16547b2f7 100644
--- a/dev-libs/libxml2/Manifest
+++ b/dev-libs/libxml2/Manifest
@@ -1,4 +1,3 @@
-AUX libxml2-2.10.3-python3-unicode-errors.patch 1208 BLAKE2B 8515db0c9d79c4397c3ef4147660ddf395b863de3658a8db27db20d2274949962172a42637bf9555d3d7bf63ead8f695d19f28ddb5e957b5302c8aed466058c7 SHA512 f2ab7934687ba14bf7541a381317d88c20d9912b424d1b206f8feb60224482f12e03c79ff4e8637025ee8d1bddd870183db932380990eafca833eea1c1373a06
 AUX libxml2-2.11.5-CVE-2023-45322.patch 2030 BLAKE2B 2262b1c532b0b59c4982fdea12946294e58754aaca8b7cf3e1f3fdd912e900735b642362629e63ceb16b469f5a1146387030838ecc7b97d4227ceff089a72a43 SHA512 3e76d8b2608d523f659cbc3f7faf6565a83f8b77dcae0a2c1986c66df25b9baf8a4382d7bde612f7eafb0967e199c84621ec70898481a5b369e6f3818832f9bc
 DIST libxml2-2.11.5.tar.xz 2628132 BLAKE2B 4af53ef7c19cfcddcf3de5c694a1b03cf4212f8e4c4cb3d873a897fddd8a89d7a52d049a8b85e96c6cdb471689aa385512d87b9710074e90583bf7ad46319172 SHA512 8f087cdaf61957567f04280facc70211c09ca131a532fd13ed4bfc38ddec50e44b1f842b108e635bd4205232036a3e1097904ac016f1fd135bacd17aebb04272
 DIST libxml2-2.11.6.tar.xz 2628652 BLAKE2B 0a1776ca44b21143c538665b6cf7a50962bb1bda6c85f45e4fd4fb7c36ecb4d592d1f5a8d38015bac06a3acb6f7adb1d4afa10fe95987197509f4c1f45b15962 SHA512 43d244450b494c7dbd3521287b87cba0c11267be8d7940a1ecd49dbf0ebefdd052c4c3472c3f267b0d8c431d9b5b964b05067af9e38bc4b0e4f46bc0445b6201
diff --git a/dev-libs/libxml2/files/libxml2-2.10.3-python3-unicode-errors.patch b/dev-libs/libxml2/files/libxml2-2.10.3-python3-unicode-errors.patch
deleted file mode 100644
index 525e1fe36c0b..000000000000
--- a/dev-libs/libxml2/files/libxml2-2.10.3-python3-unicode-errors.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-https://bugs.gentoo.org/745162
-https://gitlab.gnome.org/GNOME/libxml2/-/issues/64
-
---- a/python/libxml.c
-+++ b/python/libxml.c
-@@ -1620,6 +1620,7 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNU
-     PyObject *message;
-     PyObject *result;
-     char str[1000];
-+    unsigned char *ptr = (unsigned char *)str;
- 
- #ifdef DEBUG_ERROR
-     printf("libxml_xmlErrorFuncHandler(%p, %s, ...) called\n", ctx, msg);
-@@ -1636,12 +1637,20 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNU
- 	    str[999] = 0;
-         va_end(ap);
- 
-+#if PY_MAJOR_VERSION >= 3
-+        /* Ensure the error string doesn't start at UTF8 continuation. */
-+        while (*ptr && (*ptr & 0xc0) == 0x80)
-+            ptr++;
-+#endif
-+
-         list = PyTuple_New(2);
-         PyTuple_SetItem(list, 0, libxml_xmlPythonErrorFuncCtxt);
-         Py_XINCREF(libxml_xmlPythonErrorFuncCtxt);
--        message = libxml_charPtrConstWrap(str);
-+        message = libxml_charPtrConstWrap(ptr);
-         PyTuple_SetItem(list, 1, message);
-         result = PyEval_CallObject(libxml_xmlPythonErrorFuncHandler, list);
-+        /* Forget any errors caused in the error handler. */
-+        PyErr_Clear();
-         Py_XDECREF(list);
-         Py_XDECREF(result);
-     }
diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 6f377bf6487a..8cf906d4f6d3 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -2,8 +2,6 @@ AUX gentoo.config-1.0.2 5302 BLAKE2B b699533ed86c48c0d033092b4d901de837a6a495113
 AUX gentoo.config-1.0.4 5931 BLAKE2B 9c0d515204feefbfc5c579a43c3ec5a09c28dd915781a8d5d26e96f5b4f65cf6a5d74d48e5911bfcbace1a825e94338d40482bc642a391374016bd6af9308f81 SHA512 a4e673b1ce2f16aa5bfc127ecd6f5de9dc40a1ddda66ab4fa06694f85bf6184621f131502e01771f0fc97c42dc7009b46fdae82fd58509a4ab20b9ee79d8d5bc
 AUX openssl-1.1.0j-parallel_install_fix.patch 515 BLAKE2B a1bcffce4dc9e0566e21e753cf1a18ee6eac92aca5880c50b33966d8ecb391f7430e1db6ea5a30ee4e3a9d77fb9e5542e864508b01c325011e368165e079a96c SHA512 0badd29ec8cffd95b2b69a4b8f8eecfc9ea0c00a812b298a650ee353e3965147fd2da1f9058d2d51744838f38168257b89aaf317287c55a7b76f16a69c781828
 AUX openssl-1.1.1i-riscv32.patch 2557 BLAKE2B 97e51303706ee96d3fae46959b91d1021dcbb3efa421866f6e09bbee6287aae95c6f5d9498bd9d8974b0de747ef696242691cfebec90b31dc9e2cc31b41b81ec SHA512 f75ae1034bb9dda7f4959e8a5d6d0dae21200723d82aebfbea58bd1d7775ef4042e49fdf49d5738771d79d764e44a1b6e0da341d210ea51d21516bb3874b626a
-AUX openssl-3.0.9-CVE-2023-2975.patch 4607 BLAKE2B 6f668ab581573b4092a2e1b65f55288a77d48aa62053d6ce088f5e587cdc3ef6687522c36c21016f1095e8b1c036d28e54f1121eab2f13c821a08866930c7b0a SHA512 f070adb3722fa7561039efb149756571ba87d03094ff009a2fec433d5c3f24e99ca26bd67f73fd219c95a8117ca522ced9e501da7657f3e5a43a14727c34c889
-AUX openssl-3.0.9-CVE-2023-3446.patch 4406 BLAKE2B 2ec4d353197bfcdfd953001228e9946436e4fced5d554d3e3b7fe9fc4a64d2f54fc2abbf294b47c37a1fc3a10a313c200d8bf8f100052103080b83144cab927d SHA512 e2e7ff2cddba0fb7bb3909c897aac8403de2accdfef23222371196bbf9d5c608a1b8505ef7ef2f15cb0bd9223d05e7195af4d66f96671c41c07dae0b5454b752
 DIST openssl-1.0.2-patches-1.5.tar.xz 12404 BLAKE2B 6c1b8c28f339f539b2ab8643379502a24cf62bffde00041dce54d5dd9e8d2620b181362ee5464b0ab32ba4948e209697bfabadbea2944a409a1009100d298f24 SHA512 5725e2d9d1ee8cc074bcef3bed61c71bdab2ff1c114362110c3fb8da11ad5bc8f2ff28e90a293f5f3a5cf96ecda54dffdb7ab3fb3f8b23ef6472250dc3037659
 DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1c838de945903fcf959c62cc29ddcd1a0cb360fc5db234df86860a6a4c096f5ecc237611e4c2946b986a5500c24ba93c208ef4 SHA512 a48a7efb9b973b865bcc5009d450b428ed6b4b95e4cefe70c51056e47392c8a7bec58215168d8b07712419dc74646c2bd2fd23bcfbba2031376e292249a6b1b6
 DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32
diff --git a/dev-libs/openssl/files/openssl-3.0.9-CVE-2023-2975.patch b/dev-libs/openssl/files/openssl-3.0.9-CVE-2023-2975.patch
deleted file mode 100644
index 908e57251cb9..000000000000
--- a/dev-libs/openssl/files/openssl-3.0.9-CVE-2023-2975.patch
+++ /dev/null
@@ -1,109 +0,0 @@
-https://github.com/openssl/openssl/commit/00e2f5eea29994d19293ec4e8c8775ba73678598
-https://github.com/openssl/openssl/commit/96318a8d21bed334d78797eca5b32790775d5f05
-
-From 00e2f5eea29994d19293ec4e8c8775ba73678598 Mon Sep 17 00:00:00 2001
-From: Tomas Mraz <tomas@openssl.org>
-Date: Tue, 4 Jul 2023 17:30:35 +0200
-Subject: [PATCH] Do not ignore empty associated data with AES-SIV mode
-
-The AES-SIV mode allows for multiple associated data items
-authenticated separately with any of these being 0 length.
-
-The provided implementation ignores such empty associated data
-which is incorrect in regards to the RFC 5297 and is also
-a security issue because such empty associated data then become
-unauthenticated if an application expects to authenticate them.
-
-Fixes CVE-2023-2975
-
-Reviewed-by: Matt Caswell <matt@openssl.org>
-Reviewed-by: Paul Dale <pauli@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/21384)
-
-(cherry picked from commit c426c281cfc23ab182f7d7d7a35229e7db1494d9)
---- a/providers/implementations/ciphers/cipher_aes_siv.c
-+++ b/providers/implementations/ciphers/cipher_aes_siv.c
-@@ -120,14 +120,18 @@ static int siv_cipher(void *vctx, unsigned char *out, size_t *outl,
-     if (!ossl_prov_is_running())
-         return 0;
- 
--    if (inl == 0) {
--        *outl = 0;
--        return 1;
--    }
-+    /* Ignore just empty encryption/decryption call and not AAD. */
-+    if (out != NULL) {
-+        if (inl == 0) {
-+            if (outl != NULL)
-+                *outl = 0;
-+            return 1;
-+        }
- 
--    if (outsize < inl) {
--        ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
--        return 0;
-+        if (outsize < inl) {
-+            ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
-+            return 0;
-+        }
-     }
- 
-     if (ctx->hw->cipher(ctx, out, in, inl) <= 0)
-
-From 96318a8d21bed334d78797eca5b32790775d5f05 Mon Sep 17 00:00:00 2001
-From: Tomas Mraz <tomas@openssl.org>
-Date: Tue, 4 Jul 2023 17:50:37 +0200
-Subject: [PATCH] Add testcases for empty associated data entries with AES-SIV
-
-Reviewed-by: Matt Caswell <matt@openssl.org>
-Reviewed-by: Paul Dale <pauli@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/21384)
-
-(cherry picked from commit 3993bb0c0c87e3ed0ab4274e4688aa814e164cfc)
---- a/test/recipes/30-test_evp_data/evpciph_aes_siv.txt
-+++ b/test/recipes/30-test_evp_data/evpciph_aes_siv.txt
-@@ -20,6 +20,19 @@ Tag = 85632d07c6e8f37f950acd320a2ecc93
- Plaintext =  112233445566778899aabbccddee
- Ciphertext = 40c02b9690c4dc04daef7f6afe5c
- 
-+Cipher = aes-128-siv
-+Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
-+Tag = f1c5fdeac1f15a26779c1501f9fb7588
-+Plaintext =  112233445566778899aabbccddee
-+Ciphertext = 27e946c669088ab06da58c5c831c
-+
-+Cipher = aes-128-siv
-+Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
-+AAD =
-+Tag = d1022f5b3664e5a4dfaf90f85be6f28a
-+Plaintext =  112233445566778899aabbccddee
-+Ciphertext = b66cff6b8eca0b79f083b39a0901
-+
- Cipher = aes-128-siv
- Key = 7f7e7d7c7b7a79787776757473727170404142434445464748494a4b4c4d4e4f
- AAD = 00112233445566778899aabbccddeeffdeaddadadeaddadaffeeddccbbaa99887766554433221100
-@@ -29,6 +42,24 @@ Tag = 7bdb6e3b432667eb06f4d14bff2fbd0f
- Plaintext =  7468697320697320736f6d6520706c61696e7465787420746f20656e6372797074207573696e67205349562d414553
- Ciphertext = cb900f2fddbe404326601965c889bf17dba77ceb094fa663b7a3f748ba8af829ea64ad544a272e9c485b62a3fd5c0d
- 
-+Cipher = aes-128-siv
-+Key = 7f7e7d7c7b7a79787776757473727170404142434445464748494a4b4c4d4e4f
-+AAD = 00112233445566778899aabbccddeeffdeaddadadeaddadaffeeddccbbaa99887766554433221100
-+AAD =
-+AAD = 09f911029d74e35bd84156c5635688c0
-+Tag = 83ce6593a8fa67eb6fcd2819cedfc011
-+Plaintext =  7468697320697320736f6d6520706c61696e7465787420746f20656e6372797074207573696e67205349562d414553
-+Ciphertext = 30d937b42f71f71f93fc2d8d702d3eac8dc7651eefcd81120081ff29d626f97f3de17f2969b691c91b69b652bf3a6d
-+
-+Cipher = aes-128-siv
-+Key = 7f7e7d7c7b7a79787776757473727170404142434445464748494a4b4c4d4e4f
-+AAD =
-+AAD = 00112233445566778899aabbccddeeffdeaddadadeaddadaffeeddccbbaa99887766554433221100
-+AAD = 09f911029d74e35bd84156c5635688c0
-+Tag = 77dd4a44f5a6b41302121ee7f378de25
-+Plaintext =  7468697320697320736f6d6520706c61696e7465787420746f20656e6372797074207573696e67205349562d414553
-+Ciphertext = 0fcd664c922464c88939d71fad7aefb864e501b0848a07d39201c1067a7288f3dadf0131a823a0bc3d588e8564a5fe
-+
- Cipher = aes-192-siv
- Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0f0f1f2f3f4f5f6f7f8f9fafbfcfdfefffffefdfcfbfaf9f8f7f6f5f4f3f2f1f0
- AAD = 101112131415161718191a1b1c1d1e1f2021222324252627
diff --git a/dev-libs/openssl/files/openssl-3.0.9-CVE-2023-3446.patch b/dev-libs/openssl/files/openssl-3.0.9-CVE-2023-3446.patch
deleted file mode 100644
index 1a1be6a8af51..000000000000
--- a/dev-libs/openssl/files/openssl-3.0.9-CVE-2023-3446.patch
+++ /dev/null
@@ -1,120 +0,0 @@
-https://github.com/openssl/openssl/commit/1fa20cf2f506113c761777127a38bce5068740eb
-https://github.com/openssl/openssl/commit/8a62fd996cb1c22383ec75b4155d54dec4a1b0ee
-
-From 1fa20cf2f506113c761777127a38bce5068740eb Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt@openssl.org>
-Date: Thu, 6 Jul 2023 16:36:35 +0100
-Subject: [PATCH] Fix DH_check() excessive time with over sized modulus
-
-The DH_check() function checks numerous aspects of the key or parameters
-that have been supplied. Some of those checks use the supplied modulus
-value even if it is excessively large.
-
-There is already a maximum DH modulus size (10,000 bits) over which
-OpenSSL will not generate or derive keys. DH_check() will however still
-perform various tests for validity on such a large modulus. We introduce a
-new maximum (32,768) over which DH_check() will just fail.
-
-An application that calls DH_check() and supplies a key or parameters
-obtained from an untrusted source could be vulnerable to a Denial of
-Service attack.
-
-The function DH_check() is itself called by a number of other OpenSSL
-functions. An application calling any of those other functions may
-similarly be affected. The other functions affected by this are
-DH_check_ex() and EVP_PKEY_param_check().
-
-CVE-2023-3446
-
-Reviewed-by: Paul Dale <pauli@openssl.org>
-Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
-Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/21451)
-
-(cherry picked from commit 9e0094e2aa1b3428a12d5095132f133c078d3c3d)
---- a/crypto/dh/dh_check.c
-+++ b/crypto/dh/dh_check.c
-@@ -152,6 +152,12 @@ int DH_check(const DH *dh, int *ret)
-     if (nid != NID_undef)
-         return 1;
- 
-+    /* Don't do any checks at all with an excessively large modulus */
-+    if (BN_num_bits(dh->params.p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) {
-+        ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE);
-+        return 0;
-+    }
-+
-     if (!DH_check_params(dh, ret))
-         return 0;
- 
---- a/include/openssl/dh.h
-+++ b/include/openssl/dh.h
-@@ -89,7 +89,11 @@ int EVP_PKEY_CTX_get0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm);
- #  include <openssl/dherr.h>
- 
- #  ifndef OPENSSL_DH_MAX_MODULUS_BITS
--#   define OPENSSL_DH_MAX_MODULUS_BITS    10000
-+#   define OPENSSL_DH_MAX_MODULUS_BITS        10000
-+#  endif
-+
-+#  ifndef OPENSSL_DH_CHECK_MAX_MODULUS_BITS
-+#   define OPENSSL_DH_CHECK_MAX_MODULUS_BITS  32768
- #  endif
- 
- #  define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
-
-From 8a62fd996cb1c22383ec75b4155d54dec4a1b0ee Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt@openssl.org>
-Date: Fri, 7 Jul 2023 14:39:48 +0100
-Subject: [PATCH] Add a test for CVE-2023-3446
-
-Confirm that the only errors DH_check() finds with DH parameters with an
-excessively long modulus is that the modulus is too large. We should not
-be performing time consuming checks using that modulus.
-
-Reviewed-by: Paul Dale <pauli@openssl.org>
-Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
-Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/21451)
-
-(cherry picked from commit ede782b4c8868d1f09c9cd237f82b6f35b7dba8b)
---- a/test/dhtest.c
-+++ b/test/dhtest.c
-@@ -73,7 +73,7 @@ static int dh_test(void)
-         goto err1;
- 
-     /* check fails, because p is way too small */
--    if (!DH_check(dh, &i))
-+    if (!TEST_true(DH_check(dh, &i)))
-         goto err2;
-     i ^= DH_MODULUS_TOO_SMALL;
-     if (!TEST_false(i & DH_CHECK_P_NOT_PRIME)
-@@ -124,6 +124,17 @@ static int dh_test(void)
-     /* We'll have a stale error on the queue from the above test so clear it */
-     ERR_clear_error();
- 
-+    /* Modulus of size: dh check max modulus bits + 1 */
-+    if (!TEST_true(BN_set_word(p, 1))
-+            || !TEST_true(BN_lshift(p, p, OPENSSL_DH_CHECK_MAX_MODULUS_BITS)))
-+        goto err3;
-+
-+    /*
-+     * We expect no checks at all for an excessively large modulus
-+     */
-+    if (!TEST_false(DH_check(dh, &i)))
-+        goto err3;
-+
-     /*
-      * II) key generation
-      */
-@@ -138,7 +149,7 @@ static int dh_test(void)
-         goto err3;
- 
-     /* ... and check whether it is valid */
--    if (!DH_check(a, &i))
-+    if (!TEST_true(DH_check(a, &i)))
-         goto err3;
-     if (!TEST_false(i & DH_CHECK_P_NOT_PRIME)
-             || !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME)