diff options
| author | V3n3RiX <venerix@koprulu.sector> | 2023-06-14 15:13:45 +0100 |
|---|---|---|
| committer | V3n3RiX <venerix@koprulu.sector> | 2023-06-14 15:13:45 +0100 |
| commit | b9e8f3cc44aed3b6da71c7510c6287bf7bbbc66b (patch) | |
| tree | 4b47f3026f10252cff69e7a4346215a4da4f0f1c /dev-libs | |
| parent | 3d952d0bfe7b386699eb32d1431deb0c538f044d (diff) | |
gentoo auto-resync : 14:06:2023 - 15:13:45
Diffstat (limited to 'dev-libs')
46 files changed, 745 insertions, 2538 deletions
diff --git a/dev-libs/Manifest.gz b/dev-libs/Manifest.gz Binary files differindex 3bf6775c5d61..cef995e6e8d4 100644 --- a/dev-libs/Manifest.gz +++ b/dev-libs/Manifest.gz diff --git a/dev-libs/dqlite/Manifest b/dev-libs/dqlite/Manifest index e98babe68b01..ea5811e786bc 100644 --- a/dev-libs/dqlite/Manifest +++ b/dev-libs/dqlite/Manifest @@ -1,4 +1,6 @@ AUX dqlite-1.12.0-disable-werror.patch 515 BLAKE2B 3a2ed21d6d4b33f3f39789459754f3663ff03946c65a9660bb98a07bbc6b9b3bde7f800580f40b2e49f92744cbca719463226c60a8e98b8f41f689797b63a916 SHA512 af0a219f9ef5315fdb169f7f812059b6cadc251df5262de8d5574827afb23da64e9d0015ef38db0e5581dd9e6a992a72e3a54c2cbb5181ceddcc07082a98bfdb DIST dqlite-1.14.0.tar.gz 190757 BLAKE2B 5304ff10134c7775c4475f77bbe60cc6892cc35c3f2a7b4813743cd27fc1176a1d513d66ebf22b47ed7e83fa833be1408f44f781fbd8200bfd3f4465ea1d6011 SHA512 4305b289903766f00c26e278cce3f761c778b67105a6d7e51e66cc1cbf85564fd41f27689b6895c6f182968d851e10a40d052570d55e22007e9eb5c2929dabd9 +DIST dqlite-1.15.0.tar.gz 208833 BLAKE2B 41d2fced65c787381300aed1d0ee2393dc9e7aa371acd7efbee0744e00fed8a6ee7175eb3041f9cd198c1f0beef8951984e2a34646cbc069ea9d35753ba7568c SHA512 413f5aa7ad9d990638c6ffbdf5706ec69635ead0ad21314603b3c997608c696bd294bd5d15c092d1619509fc4d51c4038deaec82bd82cbbd4070f4a4020f9cc4 EBUILD dqlite-1.14.0.ebuild 1030 BLAKE2B 6bab29603f06e7c77bfe3b4e8368025be5e3780d4bf7e7b0c9cbbbb963ad6fe2bbb5e522e8e8875eb1c26a367757132f45c268d9085bcffe057e2b502f8f7c14 SHA512 49d06af2574dc18cf68129813953fce654aca56329115b877b0dc58396d7c0b9dd4bbef9d87660943045b1b51e50b81297cfc978db5019006dae37ced408de71 +EBUILD dqlite-1.15.0.ebuild 1031 BLAKE2B 63c90dc64ce177796a67d7b233ae47e0ac8e68dd6b77344876f444d82373054cdabec9e2e97a4a2b0ed75ebada95d7aed3bece26890c6c505cdfcfa4f7009ce9 SHA512 80488218329881c0c2597b6ab3e04ad7195adebd6a42ebd61646350248c6947dfb9741d304f69fee37ae6f97296c30a203a0f9e0482cd392eaac2b959c23801f MISC metadata.xml 950 BLAKE2B 26822e40a2c719e8e3a03db6e513d869eef038fcca973ef049da1b6eeec29aefd0867d6bced049ad1dd0465a4d942982565ff0436a7744ffb127879987ea626a SHA512 bb07a8a87ae66e5b5a2aca695e9d5cd1e5a1d725d1d9200099f9d5b46adad83c2ca9ebfedc172ad01fe31aecc1fbbe5a4de7255a2e04d4462c03a106127c7221 diff --git a/dev-libs/dqlite/dqlite-1.15.0.ebuild b/dev-libs/dqlite/dqlite-1.15.0.ebuild new file mode 100644 index 000000000000..7eae68fc19f4 --- /dev/null +++ b/dev-libs/dqlite/dqlite-1.15.0.ebuild @@ -0,0 +1,49 @@ +# Copyright 2020-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit autotools + +DESCRIPTION="Embeddable, replicated and fault tolerant SQL engine" +HOMEPAGE="https://dqlite.io/ https://github.com/canonical/dqlite" +SRC_URI="https://github.com/canonical/dqlite/archive/v${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="LGPL-3-with-linking-exception" +SLOT="0/1.15.0" +KEYWORDS="~amd64 ~arm64 ~x86" +IUSE="test" +RESTRICT="!test? ( test )" + +RDEPEND="dev-db/sqlite:3 + dev-libs/libuv:= + >=dev-libs/raft-0.17.1:=" +DEPEND="${RDEPEND} + test? ( >=dev-libs/raft-0.13.0[lz4,test] )" +BDEPEND="virtual/pkgconfig" + +PATCHES=( "${FILESDIR}"/dqlite-1.12.0-disable-werror.patch ) + +src_prepare() { + default + eautoreconf +} + +src_configure() { + local myeconfargs=( + --disable-backtrace + --disable-debug + --disable-sanitize + --disable-static + + # Will build a bundled libsqlite3.so. + --enable-build-sqlite=no + ) + + econf "${myeconfargs[@]}" +} + +src_install() { + default + find "${ED}" -name '*.la' -delete || die +} diff --git a/dev-libs/icu-layoutex/Manifest b/dev-libs/icu-layoutex/Manifest index d140cffcfaab..1d846a314660 100644 --- a/dev-libs/icu-layoutex/Manifest +++ b/dev-libs/icu-layoutex/Manifest @@ -1,5 +1,8 @@ AUX icu-layoutex-65.1-remove-bashisms.patch 4963 BLAKE2B fb781741a7a908638876729d573a73e42b7b3f0f3e692b54799fed0dac006ecb731583d90d849ea06be47259a0a236933fa7a78a96b3a8107ee85f916dc2000a SHA512 67e60068c356ca8d93b137eadeef2562ff7d8f38153babc97edd92a2c38d7113396d63d4a09364dacefc612b4b3ea28872a4f767c4f38d3e725943b32f98c5bc DIST icu4c-73_1-src.tgz 26512935 BLAKE2B 45de117efc4a49301c04a997963393967a70b8583abf1a9626331e275c5bc329cf2685de5c80b32f764c8ff2530b5594316d7119ce66503e5adba7842ca24424 SHA512 e788e372716eecebc39b56bbc88f3a458e21c3ef20631c2a3d7ef05794a678fe8dad482a03a40fdb9717109a613978c7146682e98ee16fade5668d641d5c48f8 DIST icu4c-73_1-src.tgz.asc 833 BLAKE2B 2c0a02a109280c7994f3c9404473119105ccbe051633dd8dc89c14ff65612d7a18deccff2a525752808f26f34d7c192f9346a8c3a0d34af9aa2110744d9f863d SHA512 b7042b0e39e1ebfcef8573d3000088b32a740106c7cfd4c18ebd52e7fd22e64e07b174d766373b1722520369e937fc56d439a0b290a3efeee287b2740388c3d3 +DIST icu4c-73_2-src.tgz 26519906 BLAKE2B 3f7dec9d527939d6d594c92844a400733e43af018bbc2f600edcb18299211a2f2285332188976d15e1ef672191416abac0b95a9d1a2ea6ababdaddf12708ccef SHA512 76dd782db6205833f289d7eb68b60860dddfa3f614f0ba03fe7ec13117077f82109f0dc1becabcdf4c8a9c628b94478ab0a46134bdb06f4302be55f74027ce62 +DIST icu4c-73_2-src.tgz.asc 659 BLAKE2B 83e082ba15ba7aeb366b6d97da15d076c200f9051e55bf00ba13265a3d87aade5a5b18c98a0c903d5015821c63e4b340ffbcc7940a654d169ad1948d6594ce63 SHA512 7598b8cc498ada8ca904b13f7aba27abd3f8f3013a0677d7ffab42d5413df9d2f0526107559301abc4049123b2e6d4d4f4cc589cbd943959d97b595dd57ea63c EBUILD icu-layoutex-73.1.ebuild 3683 BLAKE2B bc4464b10ebeeb35785e0d9da547f68df2b0fc2c76c6e6ce003773b9a5c139b7f1d71c4bc9273b27ce053cbfd64bcdc0ac73040f9b207ffe0dd8c8188f3b87d5 SHA512 8e01c32f95b127470c9f09397f62fcc20e4de85179c85eba4847f1d5a8857ca3258d6cabacfdaee1a2cc01b65866bb0690f23e380f8d346298187560798fdc22 +EBUILD icu-layoutex-73.2.ebuild 3713 BLAKE2B a9b0eb2676be459bcbd8959730fb6ae4f9a50fd068827cbe592a951b4250b31da0ba3020c5123c761bda78c5b6dae735dfe3be77728f841d0c20580a1eaf34a1 SHA512 de19f0fdc0543b89ce480c56c265d95b28590eafca8dc1df1cf6c77f52e8093b97d5a89dbb22ba7b36a1e5d36f772dc8a7dc2c9a4646991658046c24d4ca53a1 MISC metadata.xml 336 BLAKE2B df52385ac9930c85fc8cb8799f5fd083e99bfe1bacd63519001f91b841cacdc50d6b7ed32f3520372cbab48d270bb05fd0896eaec55046ce1eac03af4502365e SHA512 80d8e03229a72e9acd1429f7ed697df59e98899b135bb40367e95d6eed63aa011efd2121601be68e685350b6eadd46e6f39c036f86ff18bc3c85410e88008c7e diff --git a/dev-libs/icu-layoutex/icu-layoutex-73.2.ebuild b/dev-libs/icu-layoutex/icu-layoutex-73.2.ebuild new file mode 100644 index 000000000000..9be9fd5da51e --- /dev/null +++ b/dev-libs/icu-layoutex/icu-layoutex-73.2.ebuild @@ -0,0 +1,135 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +# Please bump with dev-libs/icu +VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/icu.asc +inherit autotools flag-o-matic multilib-minimal toolchain-funcs verify-sig + +MY_PV=${PV/_rc/-rc} +MY_PV=${MY_PV//./_} + +DESCRIPTION="External layout part of International Components for Unicode" +HOMEPAGE="https://icu.unicode.org/" +SRC_URI="https://github.com/unicode-org/icu/releases/download/release-${MY_PV/_/-}/icu4c-${MY_PV/-rc/rc}-src.tgz" +SRC_URI+=" verify-sig? ( https://github.com/unicode-org/icu/releases/download/release-${MY_PV/_/-}/icu4c-${MY_PV/-rc/rc}-src.tgz.asc )" +S="${WORKDIR}"/${PN/-layoutex}/source + +LICENSE="BSD" +SLOT="0/${PV%.*}.1" +if [[ ${PV} != *_rc* ]] ; then + KEYWORDS="~alpha ~amd64 ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86" +fi +IUSE="debug static-libs test" +RESTRICT="!test? ( test )" + +DEPEND=" + ~dev-libs/icu-${PV}[${MULTILIB_USEDEP}] + dev-libs/icu-le-hb[${MULTILIB_USEDEP}] +" +RDEPEND="${DEPEND}" +BDEPEND=" + virtual/pkgconfig + verify-sig? ( >=sec-keys/openpgp-keys-icu-20221020 ) +" + +PATCHES=( "${FILESDIR}/${PN}-65.1-remove-bashisms.patch" ) + +src_prepare() { + default + + # Disable renaming as it assumes stable ABI and that consumers + # won't use unofficial APIs. We need this despite the configure argument. + sed -i \ + -e "s/#define U_DISABLE_RENAMING 0/#define U_DISABLE_RENAMING 1/" \ + common/unicode/uconfig.h || die + + # Fix linking of icudata + sed -i \ + -e "s:LDFLAGSICUDT=-nodefaultlibs -nostdlib:LDFLAGSICUDT=:" \ + config/mh-linux || die + + eautoreconf +} + +src_configure() { + MAKEOPTS+=" VERBOSE=1" + + # ICU tries to append -std=c++11 without this, so as of 71.1, + # despite GCC 9+ using c++14 (or gnu++14) and GCC 11+ using gnu++17, + # we still need this. + append-cxxflags -std=c++14 + + if tc-is-cross-compiler; then + mkdir "${WORKDIR}"/host || die + pushd "${WORKDIR}"/host >/dev/null || die + + CFLAGS="" CXXFLAGS="" ASFLAGS="" LDFLAGS="" \ + CC="$(tc-getBUILD_CC)" CXX="$(tc-getBUILD_CXX)" AR="$(tc-getBUILD_AR)" \ + RANLIB="$(tc-getBUILD_RANLIB)" LD="$(tc-getBUILD_LD)" \ + "${S}"/configure --disable-renaming --disable-debug \ + --disable-samples --enable-static || die + emake + + popd >/dev/null || die + fi + + multilib-minimal_src_configure +} + +multilib_src_configure() { + local myeconfargs=( + --disable-renaming + # We want a minimal build as this is just for layoutex + # so we disable as much as possible + --disable-samples + --disable-extras + --disable-icuio + + # This is icu-layoutex, so.. + --enable-layoutex + + $(use_enable debug) + $(use_enable static-libs static) + + # Need tools for tests, otherwise get this in configure: + # "## Note: you have disabled ICU's tools. This ICU cannot build its own data or tests. + # ## Expect build failures in the 'data', 'test', and other directories." + # ... although layoutex has no tests right now anyway, but let's keep this + # for the future. + $(use_enable test tools) + $(use_enable test tests) + ) + + tc-is-cross-compiler && myeconfargs+=( + --with-cross-build="${WORKDIR}"/host + ) + + # icu tries to use clang by default + tc-export CC CXX + + ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" +} + +multilib_src_test() { + # INTLTEST_OPTS: intltest options + # -e: Exhaustive testing + # -l: Reporting of memory leaks + # -v: Increased verbosity + # IOTEST_OPTS: iotest options + # -e: Exhaustive testing + # -v: Increased verbosity + # CINTLTST_OPTS: cintltst options + # -e: Exhaustive testing + # -v: Increased verbosity + pushd layoutex &>/dev/null || die + emake VERBOSE="1" check + popd &>/dev/null || die +} + +multilib_src_install() { + pushd layoutex &>/dev/null || die + default + popd &>/dev/null || die +} diff --git a/dev-libs/icu/Manifest b/dev-libs/icu/Manifest index 7d9d9c68ae72..aa3da5e1ac9b 100644 --- a/dev-libs/icu/Manifest +++ b/dev-libs/icu/Manifest @@ -4,5 +4,8 @@ AUX icu-68.1-nonunicode.patch 477 BLAKE2B 5e74142e5adbf8f3fffa23c8fb08657b5b75d1 AUX icu-73.1-fix-UChar-api-deux.patch 3383 BLAKE2B 7dde89d0936f9690d5065b6c1701ee9f139aed0a0e092c92a76eb45818c44f135f0ff3ab3fc4a641cc34246d13c278c7aeb499ce5d90280eb142b3407a3e055e SHA512 525948ac9e4203ed1c187d40439542a45736498ba5e04e0fb3cd9adbc58f17210246233b20ac615e742bb56a1ac49d5758255ae3e7b4e2b24b36f7683a769820 DIST icu4c-73_1-src.tgz 26512935 BLAKE2B 45de117efc4a49301c04a997963393967a70b8583abf1a9626331e275c5bc329cf2685de5c80b32f764c8ff2530b5594316d7119ce66503e5adba7842ca24424 SHA512 e788e372716eecebc39b56bbc88f3a458e21c3ef20631c2a3d7ef05794a678fe8dad482a03a40fdb9717109a613978c7146682e98ee16fade5668d641d5c48f8 DIST icu4c-73_1-src.tgz.asc 833 BLAKE2B 2c0a02a109280c7994f3c9404473119105ccbe051633dd8dc89c14ff65612d7a18deccff2a525752808f26f34d7c192f9346a8c3a0d34af9aa2110744d9f863d SHA512 b7042b0e39e1ebfcef8573d3000088b32a740106c7cfd4c18ebd52e7fd22e64e07b174d766373b1722520369e937fc56d439a0b290a3efeee287b2740388c3d3 +DIST icu4c-73_2-src.tgz 26519906 BLAKE2B 3f7dec9d527939d6d594c92844a400733e43af018bbc2f600edcb18299211a2f2285332188976d15e1ef672191416abac0b95a9d1a2ea6ababdaddf12708ccef SHA512 76dd782db6205833f289d7eb68b60860dddfa3f614f0ba03fe7ec13117077f82109f0dc1becabcdf4c8a9c628b94478ab0a46134bdb06f4302be55f74027ce62 +DIST icu4c-73_2-src.tgz.asc 659 BLAKE2B 83e082ba15ba7aeb366b6d97da15d076c200f9051e55bf00ba13265a3d87aade5a5b18c98a0c903d5015821c63e4b340ffbcc7940a654d169ad1948d6594ce63 SHA512 7598b8cc498ada8ca904b13f7aba27abd3f8f3013a0677d7ffab42d5413df9d2f0526107559301abc4049123b2e6d4d4f4cc589cbd943959d97b595dd57ea63c EBUILD icu-73.1-r2.ebuild 4264 BLAKE2B 3c8d964bf391c1073e81d2adadcbe66f106b1dead12df1d5d2786fcc7611495dbf34b2a350193203d20984a240cd3590c8ef1f4b1df325ee6b98161e6f3433f0 SHA512 bf4e2d1b0263b7968e04faf1117407eba9ce4ad8777e71e6e61bcbf6d653f0bc6a280f82ce2f7c9c623ffadf0e3cdb03d0590aefee1fda1a48ed1be9a1a7d962 +EBUILD icu-73.2.ebuild 4530 BLAKE2B 4a972f975823df4cfc13ccf7dc11c909f0cca815b94b6851480fbf24c4da8883b874f4f47ffd43b78f842a448be35a8e38c436fa226ec59f04f37e970014dff1 SHA512 6458ba0298afc1052879d8ccd88d11cc4c4b1e6a927fcbd9480c8097924b2e8aeb0c119b5db7559f6512a6b494acdb14aa256ff6d0074fd6ee1a0d6110c3491b MISC metadata.xml 336 BLAKE2B df52385ac9930c85fc8cb8799f5fd083e99bfe1bacd63519001f91b841cacdc50d6b7ed32f3520372cbab48d270bb05fd0896eaec55046ce1eac03af4502365e SHA512 80d8e03229a72e9acd1429f7ed697df59e98899b135bb40367e95d6eed63aa011efd2121601be68e685350b6eadd46e6f39c036f86ff18bc3c85410e88008c7e diff --git a/dev-libs/icu/icu-73.2.ebuild b/dev-libs/icu/icu-73.2.ebuild new file mode 100644 index 000000000000..f12fca293873 --- /dev/null +++ b/dev-libs/icu/icu-73.2.ebuild @@ -0,0 +1,176 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +# Please bump with dev-libs/icu-layoutex + +PYTHON_COMPAT=( python3_{10..11} ) +VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/icu.asc +inherit autotools flag-o-matic multilib-minimal python-any-r1 toolchain-funcs verify-sig + +MY_PV=${PV/_rc/-rc} +MY_PV=${MY_PV//./_} + +DESCRIPTION="International Components for Unicode" +HOMEPAGE="https://icu.unicode.org/" +SRC_URI="https://github.com/unicode-org/icu/releases/download/release-${MY_PV/_/-}/icu4c-${MY_PV/-rc/rc}-src.tgz" +SRC_URI+=" verify-sig? ( https://github.com/unicode-org/icu/releases/download/release-${MY_PV/_/-}/icu4c-${MY_PV/-rc/rc}-src.tgz.asc )" +S="${WORKDIR}"/${PN}/source + +if [[ ${PV} != *_rc* ]] ; then + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris" +fi +LICENSE="BSD" +SLOT="0/${PV%.*}.1" +IUSE="debug doc examples static-libs test" +RESTRICT="!test? ( test )" + +BDEPEND=" + ${PYTHON_DEPS} + sys-devel/autoconf-archive + virtual/pkgconfig + doc? ( app-doc/doxygen[dot] ) + verify-sig? ( >=sec-keys/openpgp-keys-icu-20221020 ) +" + +MULTILIB_CHOST_TOOLS=( + /usr/bin/icu-config +) + +PATCHES=( + "${FILESDIR}/${PN}-65.1-remove-bashisms.patch" + "${FILESDIR}/${PN}-64.2-darwin.patch" + "${FILESDIR}/${PN}-68.1-nonunicode.patch" +) + +src_prepare() { + default + + # Disable renaming as it assumes stable ABI and that consumers + # won't use unofficial APIs. We need this despite the configure argument. + sed -i \ + -e "s/#define U_DISABLE_RENAMING 0/#define U_DISABLE_RENAMING 1/" \ + common/unicode/uconfig.h || die + + # Fix linking of icudata + sed -i \ + -e "s:LDFLAGSICUDT=-nodefaultlibs -nostdlib:LDFLAGSICUDT=:" \ + config/mh-linux || die + + # Append doxygen configuration to configure + sed -i \ + -e 's:icudefs.mk:icudefs.mk Doxyfile:' \ + configure.ac || die + + eautoreconf +} + +src_configure() { + MAKEOPTS+=" VERBOSE=1" + + # ICU tries to append -std=c++11 without this, so as of 71.1, + # despite GCC 9+ using c++14 (or gnu++14) and GCC 11+ using gnu++17, + # we still need this. + append-cxxflags -std=c++14 + + if tc-is-cross-compiler; then + mkdir "${WORKDIR}"/host || die + pushd "${WORKDIR}"/host >/dev/null || die + + CFLAGS="" CXXFLAGS="" ASFLAGS="" LDFLAGS="" \ + CC="$(tc-getBUILD_CC)" CXX="$(tc-getBUILD_CXX)" AR="$(tc-getBUILD_AR)" \ + RANLIB="$(tc-getBUILD_RANLIB)" LD="$(tc-getBUILD_LD)" \ + "${S}"/configure --disable-renaming --disable-debug \ + --disable-samples --enable-static || die + emake + + popd >/dev/null || die + fi + + multilib-minimal_src_configure +} + +multilib_src_configure() { + local myeconfargs=( + --disable-renaming + --disable-samples + # TODO: Merge with dev-libs/icu-layoutex + # Planned to do this w/ 73.2 but seem to get test failures + # only with --enable-layoutex. + --disable-layoutex + $(use_enable debug) + $(use_enable static-libs static) + $(use_enable test tests) + $(multilib_native_use_enable examples samples) + ) + + #if use test ; then + # myeconfargs+=( + # --enable-extras + # --enable-tools + # ) + #else + # myeconfargs+=( + # $(multilib_native_enable extras) + # $(multilib_native_enable tools) + # ) + #fi + + tc-is-cross-compiler && myeconfargs+=( + --with-cross-build="${WORKDIR}"/host + ) + + # Work around cross-endian testing failures with LTO, bug #757681 + if tc-is-cross-compiler && is-flagq '-flto*' ; then + myeconfargs+=( --disable-strict ) + fi + + # ICU tries to use clang by default + tc-export CC CXX + + # Make sure we configure with the same shell as we run icu-config + # with, or ECHO_N, ECHO_T and ECHO_C will be wrongly defined + export CONFIG_SHELL="${EPREFIX}/bin/sh" + # Probably have no /bin/sh in prefix-chain + [[ -x ${CONFIG_SHELL} ]] || CONFIG_SHELL="${BASH}" + + ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" +} + +multilib_src_compile() { + default + + if multilib_is_native_abi && use doc; then + doxygen -u Doxyfile || die + doxygen Doxyfile || die + fi +} + +multilib_src_test() { + # INTLTEST_OPTS: intltest options + # -e: Exhaustive testing + # -l: Reporting of memory leaks + # -v: Increased verbosity + # IOTEST_OPTS: iotest options + # -e: Exhaustive testing + # -v: Increased verbosity + # CINTLTST_OPTS: cintltst options + # -e: Exhaustive testing + # -v: Increased verbosity + emake check +} + +multilib_src_install() { + default + + if multilib_is_native_abi && use doc; then + docinto html + dodoc -r doc/html/* + fi +} + +multilib_src_install_all() { + local HTML_DOCS=( ../readme.html ) + einstalldocs +} diff --git a/dev-libs/libclc/Manifest b/dev-libs/libclc/Manifest index 5771f236fa85..7cc3af27e4b8 100644 --- a/dev-libs/libclc/Manifest +++ b/dev-libs/libclc/Manifest @@ -4,11 +4,13 @@ DIST llvm-project-15.0.7.src.tar.xz 110936452 BLAKE2B f3d277e2029157329e5be78b78 DIST llvm-project-15.0.7.src.tar.xz.sig 566 BLAKE2B 47dc8c82d86237b80c6d85f83a6c9a6e9e174cf8e7f367b071e0cd9481d7cd408e991337c5624e07f3f370f26387c814f212808575ed1c1b58404d3e3836b7df SHA512 fc6891b440dd1175eb8df3790590af8d36bc92301660f84744ae15123475aeb900a151e6a8e7998ded27ec4d86871903ad0b89cd61164943054c2e3bc8d8beb2 DIST llvm-project-16.0.5.src.tar.xz 118000368 BLAKE2B 9f84e6bab450dc8d6379771afbca5cddc6fbad6c9728726f7158f290ab87d464ff657e89e1c8fc3c474362cc865ff13c5d55ef758c848ea3e660d732cb2fdefa SHA512 7008e7e9c8c2246fe98ba3f0c0fa91e41c88c4da427bf1cfdcce7ef57e5ea838efe7c58c523a7d1708e70d64a4338afe16d06fba2fc7ac5a6c19ca3d6ee41e99 DIST llvm-project-16.0.5.src.tar.xz.sig 566 BLAKE2B 4c96f294f350e0086f8504a54c3387308c60efb573c8def40aec45b1918d43e36c44bafb0823625b6cefa5d99b3aacd7823d6c92c7a64a737653d5b51839a924 SHA512 4550c7c6a1b6ea603d1499aba5aca746f3948a00e7567604f5e7dc3b215a34357bad382a7ebea1f6cd7952841cb75a0dfbe2c278a8c6fcb630a5035b3e16e869 +DIST llvm-project-16.0.6.src.tar.xz 118013488 BLAKE2B 95192d39cbd2914e5609db365965f1c00bfea6c2d653b3996bd2acef8a2b37e37f6fc8a9d2b65711ad72657e0ef52c42f733053cf65051e7822f27396c30406d SHA512 89a67ebfbbc764cc456e8825ecfa90707741f8835b1b2adffae0b227ab1fe5ca9cce75b0efaffc9ca8431cae528dc54fd838867a56a2b645344d9e82d19ab1b7 +DIST llvm-project-16.0.6.src.tar.xz.sig 566 BLAKE2B 2060cebd5ed57cb8a86a44238c43dfd4b921649298b10c3d19da308374c1e49869174294e29943c2af459fe06428264e26881d6c1288ebbc48686cc2cf467c7a SHA512 ca249262c7102e0889ec1bdc6f71a3a6f0e7e5d5fbab8abcd6fccd2871e7955eff7af5b055a76006097baf0dfaf2f5069eff3035b3107fc552abdb2481b21447 DIST llvm-project-62c0bdabfa32f6e32b17b45425b15309db340dfb.tar.gz 190948645 BLAKE2B f41d8ea32e189ef4641e42628fb516e307c9a6fcf65af537eb9fc0d3186591b062c5e85c9e935511ef706f28c6994a774a4e3f36ff54d79aaac7b293a6168625 SHA512 55a4cbfec3a496c1918aa614e5bdee368e4d0b6641c946d8bf8b828ab4bf4d9b29dbe96401a172079d70f924f5e513428fe990c65b556a0a860802cb13f5e3a0 EBUILD libclc-14.0.6.ebuild 1390 BLAKE2B b355a93d63ee4beb5f3782cda8514aa02f16e71563f66bac6fc7a5e3beae40efa1bdbe098f3d83ce775d0458118f19fceb7225f2b5511823c8e56cabdae4f2d8 SHA512 488e5c278fe4b48ec8ce6ccd76d489cf08251ce6e8f8bd417048a80a10e4a5cf72f20462aa8115f72afe1a40dbee02d936680d516dd1c940fd52fe6f55402e69 EBUILD libclc-15.0.7.ebuild 1668 BLAKE2B ac2bd589fb3c29662799f97b1f649fd22b1b7ce5701879815bc01a05ae88421a830a6a3507b4dead181f24eb4e45c451e8ea1ebbdac2a2de51ddbc3cd9f53c66 SHA512 a3e39fbaddb322360f6362ef21713f375d04e02b2b9a3d43a3d47b26d5d43643a8c654181aef9518aee5f9805d09c446bbbf13342b74f09622e5e1b0c59470b1 EBUILD libclc-16.0.5.ebuild 1666 BLAKE2B 762d3a49fee878e2b6b8fe92579535eb884cb27f31bfb057e1d6f590edf59e36ed4d3ee9890a7d9f09d11f9ad99a60117e86797dfc6f5c0934f0695ecff6618e SHA512 df8d4b01080c168a79fda05bbd40d05fd5ff1a118848d68503032b1d11450d38f897d8f8e46a01c95d90585580f600558616d30ba90d79953df66500ee391e9a -EBUILD libclc-16.0.6.9999.ebuild 1648 BLAKE2B ef8120b2fed334092a18bc7f172ef6acac58e8a5a3fe69a7cdc624663d5c42165c9b00c21a86078ab797202f3f0c39f190141b9925e964219e2c277e2173e353 SHA512 f5373c4cee59d806edae0b1d10298dac8b5b7e6a1f05d0068cb454fdbbd4ad30978a3ccc287c67a67125d4ff8f91ed066d2579262ebdd2d7d6f6f11877b3b864 +EBUILD libclc-16.0.6.ebuild 1666 BLAKE2B 762d3a49fee878e2b6b8fe92579535eb884cb27f31bfb057e1d6f590edf59e36ed4d3ee9890a7d9f09d11f9ad99a60117e86797dfc6f5c0934f0695ecff6618e SHA512 df8d4b01080c168a79fda05bbd40d05fd5ff1a118848d68503032b1d11450d38f897d8f8e46a01c95d90585580f600558616d30ba90d79953df66500ee391e9a EBUILD libclc-17.0.0.9999.ebuild 1726 BLAKE2B 6078f1110dc77ec16b4dc2d84a987bca64ca7fed368d11c859b0b69e971e9d2d85e3150d70b3eaeaed94d44e273048ff8c618d7aba5ed9de31b53b042cef1afa SHA512 ce2a3aa916e236a001b7297953a8dc4073e6cce0b985467635b13560484205d8b15025f9c391954af1a7d64d2e12493bb16ba75ec29ae41cb55265489f86cd74 EBUILD libclc-17.0.0_pre20230609.ebuild 1726 BLAKE2B 6078f1110dc77ec16b4dc2d84a987bca64ca7fed368d11c859b0b69e971e9d2d85e3150d70b3eaeaed94d44e273048ff8c618d7aba5ed9de31b53b042cef1afa SHA512 ce2a3aa916e236a001b7297953a8dc4073e6cce0b985467635b13560484205d8b15025f9c391954af1a7d64d2e12493bb16ba75ec29ae41cb55265489f86cd74 MISC metadata.xml 362 BLAKE2B 768f93d0058e4da4b420569f3f1771dfa7385ad89540bbc18cf53b5a71e3f060a8afa1112ff37570d7fc9dc3e71619fa3fd8d0cf7b5d3954f5110b19e146df30 SHA512 e6335424da09f668953acd39dcd9b03a30e3b509b34b1de5c72644a3740a5b6b287f10e08405b79bafc8104cc4dc1324b7b9d7990c3b560b0235ae82da8c68a5 diff --git a/dev-libs/libclc/libclc-16.0.6.9999.ebuild b/dev-libs/libclc/libclc-16.0.6.ebuild index 0c41ce89312c..da4aa04415e5 100644 --- a/dev-libs/libclc/libclc-16.0.6.9999.ebuild +++ b/dev-libs/libclc/libclc-16.0.6.ebuild @@ -11,7 +11,7 @@ HOMEPAGE="https://libclc.llvm.org/" LICENSE="Apache-2.0-with-LLVM-exceptions || ( MIT BSD )" SLOT="0" -KEYWORDS="" +KEYWORDS="~amd64 ~riscv ~x86" IUSE="+spirv video_cards_nvidia video_cards_r600 video_cards_radeonsi" LLVM_MAX_SLOT=16 diff --git a/dev-libs/libjcat/Manifest b/dev-libs/libjcat/Manifest index 5957b111b5cc..555159559468 100644 --- a/dev-libs/libjcat/Manifest +++ b/dev-libs/libjcat/Manifest @@ -1,4 +1,6 @@ AUX libjcat-0.1.11-disable_installed_tests.patch 1473 BLAKE2B 5b5705f44fcaf6f74126d4ee62c08966dc1d1816974f8fc82a57fa8f1d44ac32f0b813a669b0f638df0e5d3604864671b0a0cce47f966cce578dc0471489e794 SHA512 4bb721822d3b8965119e30f5d1b0854d5f6ec8caed04dc8fea8811fdce9847d553197ae8042ef9a39de3109a4c12564f7c3f1c56d5c0b64e7924865a58aaafa6 DIST libjcat-0.1.13.tar.gz 69950 BLAKE2B 5ff85feff37c5728c8cace5e2f38c179c65a82954a23fd26794a5483cdf29e07601cdaffe27c28a28f7d2b0d57aa3800589c20e19e0a512768f5f87176a56789 SHA512 a66082e3c1641b427af971843822a7893cd40dbb82a596737fd6445fe8e1b527a111dd8f48b9e25a563f0d13e77e22d4c2364ddf96cac38d3e2df5010b37708a +DIST libjcat-0.1.14.tar.gz 70018 BLAKE2B 71329e6fc04ef37e5af215c88b4a5a03fbd65143604da57b0357d4bd07896a22a98b9028d8529234655adb37e5cefe226d09d987e798bce17b47fef1e1142d1f SHA512 837a50ad31a736a36bd9df26b151c198e18873df0e7444502b7a6e26a86df15f1df970112f2dd22658960389fdfb78a2c601274e2b5c46ec82fceef5aad778c1 EBUILD libjcat-0.1.13.ebuild 1486 BLAKE2B f9cb970aa18ea7bf66d967a4da3f4e021d2d58109a8210eb779bf5ccdde463da000dedf225a3def8272ba839c2767bea1a7f7599741e78cb919692f25d75e656 SHA512 cd124e7cc23ccab0b38e7e358c16761c3165e63bcd4763ddd9c00848f55b7dd83aaca9e54a6b0cd4f8eb52d7802020768362e9ca7a8ca39d295c079fcb0f7134 +EBUILD libjcat-0.1.14.ebuild 1489 BLAKE2B cfcbfea2f1b23f8f9608e9892a240c23243486ed99d7eac2064a65bf1b0cec053c2f303b17c9a2b40a272683c93ad5b86bf3d6144fe04df7823f1eaa7534c54b SHA512 08155d3a831850852f624eabad7c6023a664320033875ab89bb63833d7b254993b98dce349c78b4e0f98d2b615f3e3752fa7a649908b547cf6629d9a787122a0 MISC metadata.xml 938 BLAKE2B 3b6d63d78a61aabdc8e6b7316af5e682513a02ba64bc733c788d356d0d2cbcd0071506d20dfcf3fbad5da9303c69341d5c2839be7518415c2174466c081244d7 SHA512 acb07c600ec49121f27ebf0252913345fb4dacc6a003934c16deae3ea4c055abc0db73cca204b06ca1e4a415879a645690ffe26473cf646112ac7497ea842956 diff --git a/dev-libs/libjcat/libjcat-0.1.14.ebuild b/dev-libs/libjcat/libjcat-0.1.14.ebuild new file mode 100644 index 000000000000..45b6002047d2 --- /dev/null +++ b/dev-libs/libjcat/libjcat-0.1.14.ebuild @@ -0,0 +1,68 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..12} ) +PYTHON_REQ_USE="xml(+)" + +inherit meson python-any-r1 vala xdg-utils + +DESCRIPTION="Library and tool for reading and writing Jcat files" +HOMEPAGE="https://github.com/hughsie/libjcat" +SRC_URI="https://github.com/hughsie/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="LGPL-2.1+" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc64 ~riscv ~x86" +IUSE="+gpg gtk-doc +introspection +man +pkcs7 test vala" + +RDEPEND="dev-libs/glib:2 + dev-libs/json-glib:= + gpg? ( + app-crypt/gpgme:= + dev-libs/libgpg-error + ) + introspection? ( dev-libs/gobject-introspection:= ) + pkcs7? ( net-libs/gnutls ) + vala? ( dev-lang/vala:= )" +DEPEND="${RDEPEND}" +BDEPEND="virtual/pkgconfig + $(python_gen_any_dep ' + dev-python/setuptools[${PYTHON_USEDEP}] + ') + gtk-doc? ( dev-util/gtk-doc ) + man? ( sys-apps/help2man ) + test? ( net-libs/gnutls[tools] )" + +RESTRICT="!test? ( test )" + +PATCHES=( + "${FILESDIR}"/${PN}-0.1.11-disable_installed_tests.patch +) + +python_check_deps() { + python_has_version -b "dev-python/setuptools[${PYTHON_USEDEP}]" +} + +pkg_setup() { + use vala && vala_setup +} + +src_prepare() { + xdg_environment_reset + default +} + +src_configure() { + local emesonargs=( + $(meson_use gtk-doc gtkdoc) + $(meson_use gpg) + $(meson_use introspection) + $(meson_use man) + $(meson_use pkcs7) + $(meson_use test tests) + $(meson_use vala vapi) + ) + meson_src_configure +} diff --git a/dev-libs/libzia/Manifest b/dev-libs/libzia/Manifest index e9b44a559289..aabf7bcd7b53 100644 --- a/dev-libs/libzia/Manifest +++ b/dev-libs/libzia/Manifest @@ -1,9 +1,3 @@ -DIST libzia-4.39.tar.gz 638203 BLAKE2B 0ff2bf9b404b1e554c3cab3145980b8db97345b2e4fd3f3aa94960c150f0da3efcc361306cd7476e839bc3f57868164181f2e3cb79e0dc3f3a7246841d723251 SHA512 61ae1e2aba9f096f7d6593cf7a72d12822bc30f77287bc36f1ea72c01e9669cbef72492adf017efc73bb507fe08b9939f6ca3e4d695388c642619450fc31c024 -DIST libzia-4.40.tar.gz 638193 BLAKE2B bbeee5f6ee699e09aa791c8b6acb39fed90bdf9a875499177c330d009407157e1ebc36aa432e94dcd78553f803c84fe0d00ce9d613abb657324a061588b77d06 SHA512 dd17a80dbcdf88f7617d439f6dde2af6d319c318e9ee55bc9b375ef1bef5ee708c1af7e133ed304d365b0d6d0c3d52f48ae01f44cb2a6e1285625d785f5f5126 -DIST libzia-4.42.tar.gz 642066 BLAKE2B 8bec7c3bafa68420adc08d7a70016138997fbd89e7e9ebae70f2a47da6216ac041907cb11c5391956895e5d0871c7c02ece28323253f1161e61f75a8ae6b05a6 SHA512 3e27ae0ddf46364f61a06fd85c6be6ee2bca829ef0d0e3a66f4b2ed8089a13e38332c4329a639f5f83120cf7bd9dad29b6e41022884513b3de69c7672d3316e5 DIST libzia-4.43.tar.gz 642097 BLAKE2B 34ab759fc8d4d83067df80d9d3f763717640df38f604222f3fc6b19876a9f5a5f5b79523857fa96d5badf047046b4786f100657ee0a41d0a7096a21c6006e5a0 SHA512 b6341ea6524b2040d63a7b21b9a4c12d26cb5ae30bc08dc37efd5fd7d71ecf7321511e09cc5745adc6f395f841d5e2bb4df827956204db4147ac11d204eaf8da -EBUILD libzia-4.39.ebuild 1191 BLAKE2B fdedbbb747f79407c1697e883d89dab444cc8fb60065c5800f6593010444160dc555f9c7fdc99e8d336ef7cd3409ce828e3c9156dc627143139bb987d7a20c2b SHA512 57c194225792866b997c7c1e5ed386f87f0213f8eeb4837c44148d013df10a61c6c71ddb20409088bb2e236eb3da948fc5c08c574ffc5d5bf962ab6ccb04cf8d -EBUILD libzia-4.40.ebuild 1193 BLAKE2B 14f99f1cbc754761e90212206e4d0d01a16071f07aee10c232bbfe66548432a576193bc83847a23bb7bd9d3eaa12e036c2e727e52eb2d5ac33c98b2c2f576856 SHA512 f0a68f7a6e158b889856683f2199c85cfdde1283a7b0d7b075adaa82a0859a9cabad1a731f0a13dddc2954e4084ed0c4d959584ca3c7aeb379befb71a366a2a5 -EBUILD libzia-4.42.ebuild 1193 BLAKE2B 14f99f1cbc754761e90212206e4d0d01a16071f07aee10c232bbfe66548432a576193bc83847a23bb7bd9d3eaa12e036c2e727e52eb2d5ac33c98b2c2f576856 SHA512 f0a68f7a6e158b889856683f2199c85cfdde1283a7b0d7b075adaa82a0859a9cabad1a731f0a13dddc2954e4084ed0c4d959584ca3c7aeb379befb71a366a2a5 EBUILD libzia-4.43.ebuild 1191 BLAKE2B fdedbbb747f79407c1697e883d89dab444cc8fb60065c5800f6593010444160dc555f9c7fdc99e8d336ef7cd3409ce828e3c9156dc627143139bb987d7a20c2b SHA512 57c194225792866b997c7c1e5ed386f87f0213f8eeb4837c44148d013df10a61c6c71ddb20409088bb2e236eb3da948fc5c08c574ffc5d5bf962ab6ccb04cf8d MISC metadata.xml 326 BLAKE2B 1b8ed6c9d40252f3371cf9a1ec295f593c8898dd8e45173ca05cededf987c7e44e2fafca613f8ad3022e9fbb6886d6aec2d183fd47c3064f35038784f361ebc4 SHA512 0c8a48b1101aa184dc596581feaf47463688801cb0f342177ecfb6fade1d63520ca1b9dcb278279470c181b560f555de332e4d2583e8856eec9057cde34df48f diff --git a/dev-libs/libzia/libzia-4.39.ebuild b/dev-libs/libzia/libzia-4.39.ebuild deleted file mode 100644 index d2bf5df52022..000000000000 --- a/dev-libs/libzia/libzia-4.39.ebuild +++ /dev/null @@ -1,54 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -inherit autotools flag-o-matic - -DESCRIPTION="Platform abstraction code for tucnak package" -HOMEPAGE="http://tucnak.nagano.cz" -SRC_URI="http://tucnak.nagano.cz/${P}.tar.gz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="amd64 x86" -IUSE="ftdi" - -RDEPEND="dev-libs/glib:2 - x11-libs/gtk+:2 - media-libs/libsdl2 - media-libs/libpng:0 - ftdi? ( dev-embedded/libftdi:1 ) - elibc_musl? ( sys-libs/libunwind )" -DEPEND="${RDEPEND}" -BDEPEND="virtual/pkgconfig" - -MAKEOPTS+=" -j1" - -src_prepare() { - eapply_user - sed -i -e "s/docsdir/#docsdir/g" \ - -e "s/docs_/#docs_/g" Makefile.am || die - - # Fix QA-Warning "QA Notice: pkg-config files with wrong LDFLAGS detected" - sed -i -e 's/@LDFLAGS@//' libzia.pc.in || die - - # fix build for MUSL (bug #832235) - if use elibc_musl ; then - sed -i -e "s/ backtrace(/ unw_backtrace(/" src/zbfd.c || die - fi - eautoreconf -} - -src_configure() { - use elibc_musl && append-libs -lunwind - econf \ - $(use_with ftdi) --with-sdl \ - --with-png --without-bfd \ - --disable-static -} - -src_install() { - emake DESTDIR="${D}" install - find "${D}" -name '*.la' -type f -delete || die -} diff --git a/dev-libs/libzia/libzia-4.40.ebuild b/dev-libs/libzia/libzia-4.40.ebuild deleted file mode 100644 index 9c39a847c882..000000000000 --- a/dev-libs/libzia/libzia-4.40.ebuild +++ /dev/null @@ -1,54 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -inherit autotools flag-o-matic - -DESCRIPTION="Platform abstraction code for tucnak package" -HOMEPAGE="http://tucnak.nagano.cz" -SRC_URI="http://tucnak.nagano.cz/${P}.tar.gz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~amd64 ~x86" -IUSE="ftdi" - -RDEPEND="dev-libs/glib:2 - x11-libs/gtk+:2 - media-libs/libsdl2 - media-libs/libpng:0 - ftdi? ( dev-embedded/libftdi:1 ) - elibc_musl? ( sys-libs/libunwind )" -DEPEND="${RDEPEND}" -BDEPEND="virtual/pkgconfig" - -MAKEOPTS+=" -j1" - -src_prepare() { - eapply_user - sed -i -e "s/docsdir/#docsdir/g" \ - -e "s/docs_/#docs_/g" Makefile.am || die - - # Fix QA-Warning "QA Notice: pkg-config files with wrong LDFLAGS detected" - sed -i -e 's/@LDFLAGS@//' libzia.pc.in || die - - # fix build for MUSL (bug #832235) - if use elibc_musl ; then - sed -i -e "s/ backtrace(/ unw_backtrace(/" src/zbfd.c || die - fi - eautoreconf -} - -src_configure() { - use elibc_musl && append-libs -lunwind - econf \ - $(use_with ftdi) --with-sdl \ - --with-png --without-bfd \ - --disable-static -} - -src_install() { - emake DESTDIR="${D}" install - find "${D}" -name '*.la' -type f -delete || die -} diff --git a/dev-libs/libzia/libzia-4.42.ebuild b/dev-libs/libzia/libzia-4.42.ebuild deleted file mode 100644 index 9c39a847c882..000000000000 --- a/dev-libs/libzia/libzia-4.42.ebuild +++ /dev/null @@ -1,54 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -inherit autotools flag-o-matic - -DESCRIPTION="Platform abstraction code for tucnak package" -HOMEPAGE="http://tucnak.nagano.cz" -SRC_URI="http://tucnak.nagano.cz/${P}.tar.gz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~amd64 ~x86" -IUSE="ftdi" - -RDEPEND="dev-libs/glib:2 - x11-libs/gtk+:2 - media-libs/libsdl2 - media-libs/libpng:0 - ftdi? ( dev-embedded/libftdi:1 ) - elibc_musl? ( sys-libs/libunwind )" -DEPEND="${RDEPEND}" -BDEPEND="virtual/pkgconfig" - -MAKEOPTS+=" -j1" - -src_prepare() { - eapply_user - sed -i -e "s/docsdir/#docsdir/g" \ - -e "s/docs_/#docs_/g" Makefile.am || die - - # Fix QA-Warning "QA Notice: pkg-config files with wrong LDFLAGS detected" - sed -i -e 's/@LDFLAGS@//' libzia.pc.in || die - - # fix build for MUSL (bug #832235) - if use elibc_musl ; then - sed -i -e "s/ backtrace(/ unw_backtrace(/" src/zbfd.c || die - fi - eautoreconf -} - -src_configure() { - use elibc_musl && append-libs -lunwind - econf \ - $(use_with ftdi) --with-sdl \ - --with-png --without-bfd \ - --disable-static -} - -src_install() { - emake DESTDIR="${D}" install - find "${D}" -name '*.la' -type f -delete || die -} diff --git a/dev-libs/mpfr/Manifest b/dev-libs/mpfr/Manifest index ef80fb6e61be..83d0ee6c214d 100644 --- a/dev-libs/mpfr/Manifest +++ b/dev-libs/mpfr/Manifest @@ -28,5 +28,5 @@ DIST mpfr-4.2.0.tar.xz.asc 228 BLAKE2B b281a11528a69418739b0122b4130d9cf212569f9 EBUILD mpfr-4.1.0_p13-r1.ebuild 2783 BLAKE2B 748c9175b11db817c4d4a50879ffac9d2772b8c1aba67111bba8744264705547910b16667caa68eaac7b8d66e7cb331c54150b35fcbdbf47fee4d6c5cd8109a7 SHA512 b8161691727a74f31877dddec7e81e6c37791be74649ea4a96c770ad34661d0deebe27444a1872fb127b5fa191357a048cbc410a6db6bae16b0887d1c843f1ed EBUILD mpfr-4.1.1_p1.ebuild 2783 BLAKE2B 69d40acad30c90bc0460c3ee4a96323a46ec2ea2d3a6ae96ef696502cd9af2623cd33cd9d1c8a1dc372ee3f643eb254d1e0e91e6289bfd8ce6e463c00c54cfe5 SHA512 12fb0937de94dcf6f04bfa26ff3a0ae1343d9d698777d652e20f734ef51965104a9aa60f8775b897e6b82f75e10e5568a7269ae3f446adbaa3036481a98362c2 EBUILD mpfr-4.2.0.ebuild 3158 BLAKE2B 86a7fcf91c203f87c62b039f609592e2f4ce0f199a89d35d30d5b143ce254938686339cbb0c1b45a17a56c8a159d95bb3517354dfcfb2458d441647e104ed269 SHA512 8c8dfb2424f043372ef058ac7fedea442b5de3733b56497cd96deeee52998247c6872096926c430b78ffc41542e986903d9d6972fbf676f9309f7d4757212f6c -EBUILD mpfr-4.2.0_p9.ebuild 3167 BLAKE2B 481b82c925add26fcb119d40cc6d32671a7ad61e1faadb692ad7dcb6acc7238d65982b5d0ddf9aff75bd7742fe83c7fa64928b09dc06e6f62bf72dde16128be1 SHA512 e2b8ccf66b2bdc1d95be34e2f47360c33e0807af97fe90a500c760eff351b666ca45e68b26d5403ae8b5e64ab60ca8d601690d6babc14899580b4059eac2aacf +EBUILD mpfr-4.2.0_p9.ebuild 3166 BLAKE2B 7435f63692a319663ed64ff6ddb6c938f78ac0681a4d8b990825a50e3c4ea2c3b47a43fb0631b7e242438b77e07f2a2851879e72fb88b96a17b4899ad01c6d4f SHA512 b96d7c2bf7a37d235790017b92ddac9c990c4f4be40b3e5dac74bb96ec076ad010c8bd66f1473021263b25529743400e1b09df637df295c91f0851a09d811d86 MISC metadata.xml 344 BLAKE2B b7a0bcfbcf945ce2b6d58a9a2078c823c12de5ef8261ec009612b58a833deecb7caaf864f0b55e0c46aac004c58feb7a1f88f6d78b584c2e25c403cfb1de96a0 SHA512 8b8b5ae00a4f9ba76c193c5d84f27cce973963f4db109219394efccba3a8e8bebb7f241658a0b682331e34c66ee99332f871d826abf6ec5a4ced4f3dce381fe9 diff --git a/dev-libs/mpfr/mpfr-4.2.0_p9.ebuild b/dev-libs/mpfr/mpfr-4.2.0_p9.ebuild index bcbbe69004fc..3436f7912a8f 100644 --- a/dev-libs/mpfr/mpfr-4.2.0_p9.ebuild +++ b/dev-libs/mpfr/mpfr-4.2.0_p9.ebuild @@ -39,7 +39,6 @@ if [[ ${PV} == *_p* ]] ; then done unset patch_url_base my_patch_index mangled_patch_ver - fi S="${WORKDIR}/${MY_P}" diff --git a/dev-libs/ntl/Manifest b/dev-libs/ntl/Manifest index ef36d31bbcf1..50dfd9aed9cb 100644 --- a/dev-libs/ntl/Manifest +++ b/dev-libs/ntl/Manifest @@ -1,4 +1,5 @@ DIST ntl-11.5.1.tar.gz 2304103 BLAKE2B 92284383451c7a810f7ee8d9a82836695d19d2a2e46b71c8c60b00acb77f4b4d3bad5497a309616a3e3188567d20203f5ad31295130ab0f3ace08417188c9fda SHA512 cf1f642b8a0f9cdc6dda888e07183817dc67ff494e56a852053aeb15b3d2a0e61fbc05824779c5d1f20b8115fba6f97266acf7e0b0b527c25df5989c86d5928f EBUILD ntl-11.5.1-r1.ebuild 2071 BLAKE2B 63b41f8d75761d7d002238955c7c3a8f81af90cd3db436eec1e5a30017995f2ffa2456d912e3b103bdb25d3916e5d6f94b17f70ae5960b91fa83bb870f3201a3 SHA512 71a9d39b67f2144522090613a9143585ae17727d200958a89ae7317d6dacaadcdf09d5d10fcca2c00c77f507243fd7e56bfef9cbdc989c42a27f828a8be18dc6 EBUILD ntl-11.5.1-r3.ebuild 2558 BLAKE2B 18998bc75528ff91ee88c6932ae2982d898940fbf0d9e344bab1f445e81cd8899c854816222ed47409543b9d700bb5d0ebbd0dbba9d1dd6bf20af445e9bc2124 SHA512 e308a4c7739df1a8c52d7aa3714a81701afd2d7049c2ea9db4b9580ff51e267d3ac17016275b55b8bc51ed6a3e863bfb7fb42a1746011a500006c9322380e23b +EBUILD ntl-11.5.1-r4.ebuild 2674 BLAKE2B abfbeaffe5f23d694d740536f7e9f998fac0ce60f205886f566c5eaca81a7ef41a67eb4612030553413b9c731a6c12704943a06c39b154186e459b4cf3ae167d SHA512 5aebc09655d7423161f42518bbdb0c3be8550e283598b6784a54c99a296233ec7f023ba264f0c0b332cd5889e50957ef6d95d57405791560de69c131d34a337f MISC metadata.xml 628 BLAKE2B 12ef87b42f60ca7bd5f91708c96471378481bfdc911d638a550608f62928a40e879431028f6e578047b79749e0c8307a4075520434191099adece5a771e5c27f SHA512 724f4bc44918ec49f4bb30ef7c9cc6de8c4243845a2a4c7d8c73db6f1db8fa548ad0932f324deea2002ea35cb7b410120cb86a0743bb2d6765fcd987593fcd84 diff --git a/dev-libs/ntl/ntl-11.5.1-r4.ebuild b/dev-libs/ntl/ntl-11.5.1-r4.ebuild new file mode 100644 index 000000000000..c8e07339e445 --- /dev/null +++ b/dev-libs/ntl/ntl-11.5.1-r4.ebuild @@ -0,0 +1,91 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit toolchain-funcs gnuconfig + +DESCRIPTION="High-performance and portable C++ number theory library" +HOMEPAGE="https://www.shoup.net/ntl/ https://github.com/libntl/ntl" +SRC_URI="https://www.shoup.net/ntl/${P}.tar.gz" + +LICENSE="LGPL-2.1+" +SLOT="0/44" +KEYWORDS="amd64 ~arm64 ~loong ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos" +IUSE="doc threads" + +BDEPEND="dev-lang/perl" +DEPEND="dev-libs/gmp:0= + dev-libs/gf2x + threads? ( >=dev-libs/gf2x-1.2 )" +RDEPEND="${DEPEND}" + +S="${WORKDIR}/${P}/src" + +DOCS=( "${WORKDIR}/${P}"/README ) + +src_unpack() { + default + gnuconfig_update "${S}/libtool-origin/" +} + +src_configure() { + # The DoConfig script builds its own libtool, but doesn't + # really try to set up the build environment (bug 718892). + export CC="$(tc-getCC)" + export CXX="$(tc-getCXX)" + + # Currently the build system can build a static library or both + # static and shared libraries, but not only shared libraries. The + # name NTL_GMP_LIP is *not* a typo. + # + # We have left NTL_ENABLE_AVX_FFT unconditionally disabled: NTL's + # AVX2 detection can fail even when the CPU supports it (bug + # 815775), and moreover, can fail due to CXXFLAGS. When that + # happens, and if we try to use the AVX FFT, the build fails. + # Finally, doc/config.txt says, "this is experimental at moment, and + # may lead to worse performance." So we are probably not missing out + # on much. + # + # The NATIVE=on option adds "-march=native" to CXXFLAGS and should + # not be enabled on Gentoo, but is currently necessary for NTL's CPU + # feature detection to work (bug 815775). See the upstream issue, + # + # https://github.com/libntl/ntl/issues/22 + # + perl DoConfig \ + PREFIX="${EPREFIX}"/usr \ + LIBDIR="${EPREFIX}"/usr/$(get_libdir) \ + CXXFLAGS="${CXXFLAGS}" \ + CPPFLAGS="${CPPFLAGS}" \ + LDFLAGS="${LDFLAGS}" \ + CXX="$(tc-getCXX)" \ + AR="$(tc-getAR)" \ + RANLIB="$(tc-getRANLIB)" \ + SHARED=on \ + NTL_GMP_LIP=on \ + NTL_GF2X_LIB=on \ + NTL_THREADS=$(usex threads on off) \ + NTL_ENABLE_AVX_FFT=off \ + NATIVE=on \ + || die "DoConfig failed" + + if use doc; then + DOCS+=( "${WORKDIR}/${P}"/doc/*.txt ) + HTML_DOCS=( "${WORKDIR}/${P}"/doc/*.html "${WORKDIR}/${P}"/doc/*.gif ) + fi + + # 780534 - Required for rlibtool so it can find the generated libtool + ln -sf libtool-build/libtool . || die +} + +src_install() { + default + find "${ED}" -name '*.la' -delete || die + + # Use rm -f because the static archive may not be created when + # using (for example) slibtool-shared. + rm -f "${ED}/usr/$(get_libdir)"/libntl.a || die + + rm -r "${ED}"/usr/share/doc/NTL || die +} diff --git a/dev-libs/openssl-compat/Manifest b/dev-libs/openssl-compat/Manifest index d87bb3e8362c..9fa269ef9e30 100644 --- a/dev-libs/openssl-compat/Manifest +++ b/dev-libs/openssl-compat/Manifest @@ -5,12 +5,9 @@ AUX openssl-1.1.1i-riscv32.patch 2557 BLAKE2B 97e51303706ee96d3fae46959b91d1021d DIST openssl-1.0.2-patches-1.5.tar.xz 12404 BLAKE2B 6c1b8c28f339f539b2ab8643379502a24cf62bffde00041dce54d5dd9e8d2620b181362ee5464b0ab32ba4948e209697bfabadbea2944a409a1009100d298f24 SHA512 5725e2d9d1ee8cc074bcef3bed61c71bdab2ff1c114362110c3fb8da11ad5bc8f2ff28e90a293f5f3a5cf96ecda54dffdb7ab3fb3f8b23ef6472250dc3037659 DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1c838de945903fcf959c62cc29ddcd1a0cb360fc5db234df86860a6a4c096f5ecc237611e4c2946b986a5500c24ba93c208ef4 SHA512 a48a7efb9b973b865bcc5009d450b428ed6b4b95e4cefe70c51056e47392c8a7bec58215168d8b07712419dc74646c2bd2fd23bcfbba2031376e292249a6b1b6 DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32 -DIST openssl-1.1.1t.tar.gz 9881866 BLAKE2B 66d76ea0c05a4afc3104e22602cffc2373e857728625d31ab3244881cafa91c099a817a09def7746bce4133585bfc90b769f43527e77a81ed13e60a8c2fb4d8d SHA512 628676c9c3bc1cf46083d64f61943079f97f0eefd0264042e40a85dbbd988f271bfe01cd1135d22cc3f67a298f1d078041f8f2e97b0da0d93fe172da573da18c -DIST openssl-1.1.1t.tar.gz.asc 833 BLAKE2B fc5e7069268e987a20241dfc4f080529c6e95e217c198568b09c833e390e68b25a604a5d3ec29c6a64b9dee9d42199fd3647214e536ba2f7b8b4e57aa4cba680 SHA512 1232a94fce991d62f008ae6d3d9b6fe68cb6378fe07450feb17a58eb2417fb385ffcb7e6b74eb683134be9ff6ccf6efa183f37f4dd521614fd5aeaddf000b90b DIST openssl-1.1.1u.tar.gz 9892176 BLAKE2B 5de9cb856e497596ecba008bad6515eefd093849b9c66dd7447031723996f3ba66ac37a323a5f7d01b1d42df4daaceb523372f5897d5c53b935ffab91c566594 SHA512 d00aeb0b4c4676deff06ff95af7ac33dd683b92f972b4a8ae55cf384bb37c7ec30ab83c6c0745daf87cf1743a745fced6a347fd11fed4c548aa0953610ed4919 DIST openssl-1.1.1u.tar.gz.asc 833 BLAKE2B 7a978a94264a14be04372fea39868e9177e8a0b0f24344267702022e19ee0f52e91ad141d7c54da870f7ec0df9b2e43b80939f1d274dd0b44d36da2670e3a468 SHA512 40245d65ace95b2002bf64bcba184c92fec3420b08d9f61f3a709c4842e9478595105d8adce33a08eb98d351d2a0989ec342b08cdd9104498ea0543b6e592d28 DIST openssl-compat-1.0.2u-versioned-symbols.patch.gz 24633 BLAKE2B 6bfad4ad27dbca0bd85bfd9521ffc844c3e93e6a1cca7c814edd49affc60ece1c706dd3aa7be2ce80857532531eac6f0f03f43c0be22a769d00d9241686eff71 SHA512 3d85aa34f2491e0e36eedc45829709e0fb552f6d558c2726b59dafa98c3e679b88497f3f7399d7565d88e727591e7d9b12f5b1e27116ba19b9a661d7f75b07a9 EBUILD openssl-compat-1.0.2u-r2.ebuild 7794 BLAKE2B 292aa0999be2c173b86b9324a8e1e73fd536b38af5106d09d776931c8a170808ddf976536d7f88398260e1cda58945fe747255a8f3c2d4432ab4e8ca139e83a4 SHA512 271767ff717c9324a34c3ae1964a6a428f83e97d002be6df797cadc809768a198ab090cb313e5aa3bc9fd22d029f2cf17c3612f51e154e140a552bfdf9cb55f2 -EBUILD openssl-compat-1.1.1t.ebuild 6556 BLAKE2B 8fc47dd1300fcb5558c7dce745700d7306893d817c83177598bfc3d5e80467359688e42688c4f0b29393058c264a7641e3cfe3e2e439ba55dd410d93346e8b7b SHA512 7ebac003cf144379663c92ad98a8d9fc362a564d4b6b2983dc855ce759f694c23c870e062fe6083c701251245248d2ff9d26dada83d214a42cda3050c5222749 EBUILD openssl-compat-1.1.1u.ebuild 6556 BLAKE2B 8fc47dd1300fcb5558c7dce745700d7306893d817c83177598bfc3d5e80467359688e42688c4f0b29393058c264a7641e3cfe3e2e439ba55dd410d93346e8b7b SHA512 7ebac003cf144379663c92ad98a8d9fc362a564d4b6b2983dc855ce759f694c23c870e062fe6083c701251245248d2ff9d26dada83d214a42cda3050c5222749 MISC metadata.xml 1223 BLAKE2B db6fe704a4a09590821cd011556759cfd60543fd531fef3bd233378f396ac5e67c7d834eee4e544995c3af02dc9f222ac787e0b8a1c48a6cadd06541c81372fb SHA512 3cd0b3d8ba2c2c31d3240a080c0edf61a3b090adb4bb14c3b79c9cd1f0c0ac332a9c9457b218a09fb9192cc82004dba57cd4cac404fdd5ddfe4f0c7780b596cd diff --git a/dev-libs/openssl-compat/openssl-compat-1.1.1t.ebuild b/dev-libs/openssl-compat/openssl-compat-1.1.1t.ebuild deleted file mode 100644 index f1ff4defc6a7..000000000000 --- a/dev-libs/openssl-compat/openssl-compat-1.1.1t.ebuild +++ /dev/null @@ -1,221 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc -inherit edo flag-o-matic toolchain-funcs multilib-minimal verify-sig - -MY_P=openssl-${PV/_/-} -DESCRIPTION="Full-strength general purpose cryptography library (including SSL and TLS)" -HOMEPAGE="https://www.openssl.org/" -SRC_URI="mirror://openssl/source/${MY_P}.tar.gz - verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )" -S="${WORKDIR}/${MY_P}" - -LICENSE="openssl" -SLOT="$(ver_cut 1-3)" -if [[ ${PV} != *_pre* ]] ; then - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris" -fi -IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers" -RESTRICT="!test? ( test )" - -RDEPEND=" - !=dev-libs/openssl-1.1.1*:0 - tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) -" -DEPEND="${RDEPEND}" -BDEPEND=" - >=dev-lang/perl-5 - sctp? ( >=net-misc/lksctp-tools-1.0.12 ) - test? ( - sys-apps/diffutils - sys-devel/bc - kernel_linux? ( sys-process/procps ) - ) - verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )" - -# Do not install any docs -DOCS=() - -PATCHES=( - # General patches which are suitable to always apply - # If they're Gentoo specific, add to USE=-vanilla logic in src_prepare! - "${FILESDIR}"/${PN/-compat}-1.1.0j-parallel_install_fix.patch # bug #671602 - "${FILESDIR}"/${PN/-compat}-1.1.1i-riscv32.patch -) - -pkg_setup() { - [[ ${MERGE_TYPE} == binary ]] && return - - # must check in pkg_setup; sysctl doesn't work with userpriv! - if use test && use sctp; then - # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel" - # if sctp.auth_enable is not enabled. - local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null) - if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then - die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!" - fi - fi -} - -src_prepare() { - # Allow openssl to be cross-compiled - cp "${FILESDIR}"/gentoo.config-1.0.4 gentoo.config || die - chmod a+rx gentoo.config || die - - # Keep this in sync with app-misc/c_rehash - SSL_CNF_DIR="/etc/ssl" - - # Make sure we only ever touch Makefile.org and avoid patching a file - # that gets blown away anyways by the Configure script in src_configure - rm -f Makefile - - if ! use vanilla ; then - PATCHES+=( - # Add patches which are Gentoo-specific customisations here - ) - fi - - default - - if use test && use sctp && has network-sandbox ${FEATURES}; then - einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..." - rm test/recipes/80-test_ssl_new.t || die - fi - - # Quiet out unknown driver argument warnings since openssl - # doesn't have well-split CFLAGS and we're making it even worse - # and 'make depend' uses -Werror for added fun (bug #417795 again) - tc-is-clang && append-flags -Qunused-arguments - - # We really, really need to build OpenSSL w/ strict aliasing disabled. - # It's filled with violations and it *will* result in miscompiled - # code. This has been in the ebuild for > 10 years but even in 2022, - # it's still relevant: - # - https://github.com/llvm/llvm-project/issues/55255 - # - https://github.com/openssl/openssl/issues/18225 - # - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057 - # Don't remove the no strict aliasing bits below! - filter-flags -fstrict-aliasing - append-flags -fno-strict-aliasing - - append-cppflags -DOPENSSL_NO_BUF_FREELISTS - - append-flags $(test-flags-CC -Wa,--noexecstack) - - # Remove test target when FEATURES=test isn't set - if ! use test ; then - sed \ - -e '/^$config{dirs}/s@ "test",@@' \ - -i Configure || die - fi - - if use prefix && [[ ${CHOST} == *-solaris* ]] ; then - # use GNU ld full option, not to confuse it on Solaris - sed -i \ - -e 's/-Wl,-M,/-Wl,--version-script=/' \ - -e 's/-Wl,-h,/-Wl,--soname=/' \ - Configurations/10-main.conf || die - - # fix building on Solaris 10 - # https://github.com/openssl/openssl/issues/6333 - sed -i \ - -e 's/-lsocket -lnsl -ldl/-lsocket -lnsl -ldl -lrt/' \ - Configurations/10-main.conf || die - fi - - local sslout=$(./gentoo.config) - einfo "Using configuration: ${sslout:-(openssl knows best)}" - local config="perl Configure" - [[ -z ${sslout} ]] && config="sh config -v" - - # The config script does stupid stuff to prompt the user. Kill it. - sed -i '/stty -icanon min 0 time 50; read waste/d' config || die - edo ${config} ${sslout} --test-sanity - - multilib_copy_sources -} - -multilib_src_configure() { - # bug #197996 - unset APPS - # bug #312551 - unset SCRIPTS - # bug #311473 - unset CROSS_COMPILE - - tc-export AR CC CXX RANLIB RC - - use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } - - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") - - # See if our toolchain supports __uint128_t. If so, it's 64bit - # friendly and can use the nicely optimized code paths, bug #460790. - #local ec_nistp_64_gcc_128 - # - # Disable it for now though (bug #469976) - # Do NOT re-enable without substantial discussion first! - # - #echo "__uint128_t i;" > "${T}"/128.c - #if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then - # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" - #fi - - local sslout=$(./gentoo.config) - einfo "Use configuration ${sslout:-(openssl knows best)}" - local config="perl Configure" - [[ -z ${sslout} ]] && config="sh config -v" - - # "disable-deprecated" option breaks too many consumers. - # Don't set it without thorough revdeps testing. - # Make sure user flags don't get added *yet* to avoid duplicated - # flags. - local myeconfargs=( - ${sslout} - - $(use cpu_flags_x86_sse2 || echo "no-sse2") - enable-camellia - enable-ec - enable-ec2m - enable-sm2 - enable-srp - $(use elibc_musl && echo "no-async") - ${ec_nistp_64_gcc_128} - enable-idea - enable-mdc2 - enable-rc5 - $(use_ssl sslv3 ssl3) - $(use_ssl sslv3 ssl3-method) - $(use_ssl asm) - $(use_ssl rfc3779) - $(use_ssl sctp) - $(use test || echo "no-tests") - $(use_ssl tls-compression zlib) - $(use_ssl tls-heartbeat heartbeats) - $(use_ssl weak-ssl-ciphers) - - --prefix="${EPREFIX}"/usr - --openssldir="${EPREFIX}"${SSL_CNF_DIR} - --libdir=$(get_libdir) - - shared - threads - ) - - edo ${config} "${myeconfargs[@]}" -} - -multilib_src_compile() { - emake all -} - -multilib_src_test() { - emake -j1 test -} - -multilib_src_install() { - dolib.so lib{crypto,ssl}.so.$(ver_cut 1-2 "${SLOT}") -} diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest index 08813ed42f4e..963efe7f3a94 100644 --- a/dev-libs/openssl/Manifest +++ b/dev-libs/openssl/Manifest @@ -2,39 +2,17 @@ AUX gentoo.config-1.0.2 5302 BLAKE2B b699533ed86c48c0d033092b4d901de837a6a495113 AUX gentoo.config-1.0.4 5735 BLAKE2B 3ae435b60aa2c29dde9190c71e6cedf2a2c17ff8e7ae23c2a0c54904a6e06aa498b620979761a4d0f4a6e7331b49f684a952061e59d1d0a3e5bc27a68bed5800 SHA512 351e61a387e8e3890d03d3574926e82555223f9734e2f8365ee24ed7e064c30a6fdb75ad851a149f636803bdafb72b420127eef9cd7a9c1248e17e5317aca378 AUX openssl-1.1.0j-parallel_install_fix.patch 515 BLAKE2B a1bcffce4dc9e0566e21e753cf1a18ee6eac92aca5880c50b33966d8ecb391f7430e1db6ea5a30ee4e3a9d77fb9e5542e864508b01c325011e368165e079a96c SHA512 0badd29ec8cffd95b2b69a4b8f8eecfc9ea0c00a812b298a650ee353e3965147fd2da1f9058d2d51744838f38168257b89aaf317287c55a7b76f16a69c781828 AUX openssl-1.1.1i-riscv32.patch 2557 BLAKE2B 97e51303706ee96d3fae46959b91d1021dcbb3efa421866f6e09bbee6287aae95c6f5d9498bd9d8974b0de747ef696242691cfebec90b31dc9e2cc31b41b81ec SHA512 f75ae1034bb9dda7f4959e8a5d6d0dae21200723d82aebfbea58bd1d7775ef4042e49fdf49d5738771d79d764e44a1b6e0da341d210ea51d21516bb3874b626a -AUX openssl-1.1.1t-CVE-2023-0464.patch 8500 BLAKE2B 6956aa4545d63337154e654d584eed1acbcc90eeeee60120fc567a24f839d8046b5d69d5d5de380a783580bf7c10590f45954018f2e26bdc1cd4a79e45bc1662 SHA512 5842316bf9cd38fb496adc6681542afbf7c2f8899f3952b61f1502da61b0c74f7aac3f27851be9d027642f3d2fcd1dc69fc11f14dcdb9af43f0e0d16c7de6736 -AUX openssl-1.1.1t-CVE-2023-0465.patch 1735 BLAKE2B add7bf0bda8802259b2fc3bb2c815b7e3bb04226d5effd3c98e60aae0b0aa140c26a05467eb7384147032f67ad9ef347b42012d1dfe05d2404f2feed692c6dd2 SHA512 a63883bc773faceded24c47d3246ce2c8e9ad10426a953e575ec0a6f315e0e9b789d31de912ed5015e7e97bf205870fb16b6f4353807dd00c4d1396586a35935 -AUX openssl-1.1.1t-CVE-2023-0466.patch 1719 BLAKE2B 77294d1820a935e653f254600eb219a1da1409d2e4a161fcce1fd44ce0bc96ca61516a929ee6dd9016ea07374a412ce8d6e65f570941e325e0f7fa79759dd364 SHA512 d6fc7d5a5420b6de96e0fec34175259a7f34acae0d34347980972bdc999b8d57ddb1aac6b4063a7eb4aab759b5afaeb7fa010133df8e1b57efeb23df56ac6b67 -AUX openssl-3.0.8-CVE-2023-0464.patch 8888 BLAKE2B 4a4c71e3dc3264ee2da59c9848bd79f700d9923cfc4d0fe26b740625263a1f47d0ad1a6dc3ecc060e6e7f94a3ddb90e80deb16850471d166b335107c48c3a7d0 SHA512 dd22e945312604f45bb55f2e8cfe485f4c7a47d7c07d746117baa580d61d25679d410043ff4243b62390176159ef4e3f40f0e2d28191329d3ad11f3bceb67294 -AUX openssl-3.0.8-CVE-2023-0465.patch 1725 BLAKE2B a226cc9f74188da651b910e6bbb56f9bfe445ecb09cb094dcfb182874470c5562a00959dc38ccbed2f0d48fd672491b4b423ce7252e2bc5d334c8c8ba999f655 SHA512 f7cdebce1af1cd89e8d1cc17834cf998f2b1a7587807b06887036abd5a134c79f25adacc94b9f2c5e4cda634fbdbdc7f76256e4653f5ef278fa18ea7c5023f8d -AUX openssl-3.0.8-CVE-2023-0466.patch 1839 BLAKE2B e9a573317c92abe5e084a1c301f87443f54d47a96967f66e2dba103f8ff88f3452b5926254bbc4fdfb249b0dac530d6382504f77c0e81fea13e30398a3f8561a SHA512 35d64774eb784753ca90e55c72978e01e1b21b13255a51f27d4c8b34865a9509d24e9712abc42ef597b496a44a8ec6c17cd92768ebd335e721f4da0f7b40a45d -AUX openssl-3.0.8-CVE-2023-1255.patch 1285 BLAKE2B 1394f50a82f01cd26e59ae241b4db60f73742e6d901a66e266772d0295eb2b7f3d7f53cbd2052fe9e81cfc251613cbc2394182b4813a5ca92e79c340c7f2b582 SHA512 df79750e82db172a1b0f61b7324442eb4b097f636854853d3229e3e970fbbdd73ac4094220d0745ecf00bdbb7fda09d7c0effceebbbd424df44af693aeb856a7 -AUX openssl-3.0.8-mips-cflags.patch 1104 BLAKE2B 39b3698ce27758504aa64b3059fdb51876971f085850719c4ece9e068c975624c04a39652cc77446de1241aa1d816eb282cd969efd70dd5c5d682c84f6a9224a SHA512 ec0a860ee504281fbbc33dbe35f9f31b3c8943a144ccbddc75c36c89260793760b42efd6b7c27c51fbab059588fc784dbad39c5b5f77202bf13a263441766216 -AUX openssl-3.1.0-CVE-2023-0464.patch 8888 BLAKE2B ef5c66bc6c06fd6e9d69ceff9f204e5944a1e73760e42bfc8550b197b674b34d273fcc9efa8a5f1b21577e8acc849548595a845a7f569a9ebce8ae0223ebb56a SHA512 e6b8f7f855ef880fcedba6e93971b1f894981e81e830d600446d560c2d83a8f8b2595a30ec0f7f0fdf1fc787b817d1d44700aa72203027a157beafdc0ec6ef19 -AUX openssl-3.1.0-CVE-2023-0465.patch 1725 BLAKE2B 7fbf508304c257ca5fc58c6b80b567326895d5b86a25fcfbdc058c6d21d9244b3a55150436084b15184fac267c001520664c02bb7f7151b61acd8da47113df27 SHA512 5e1525dff539eb06f3772166cbb6f20162b2c7de12633616663beeb75f5e8e5d964b66364b82dbf993d0622b741dba1930f27ca44f9563c0d1ff5915e6be93ca -AUX openssl-3.1.0-CVE-2023-0466.patch 1839 BLAKE2B 166c660e40f3a7e6f7a87d673e1c94ff93494a6bfa9c061ed8e1ffc8d396d83043803c9ee4f277ffacab9132c9a941c5d51b7079cd07264d20724e2f83e54ed2 SHA512 e7cfb530fcec4712f076cf70b44d20576cd9a56e7904499f6f8d7413bf2565ba591317ee843c1ee074ae0eae61c26178689677dc3b0261af1426986812f9016e -AUX openssl-3.1.0-CVE-2023-1255.patch 1285 BLAKE2B ca2749def80e8349db45260a397249229816ae226e7138d64a720bf43f81ac16b3a240b3f5e55e1878a05f5cb0ca2ffbdaa76030ea969e8e51d8b682008d9084 SHA512 cebf0c073d477556bdcafdd545bf39e2f4db2250c10b6db94628b9f46a6bcce877e281132693c3451766ce784629ad2f3863e02d42375d1de9afb72015512548 DIST openssl-1.0.2-patches-1.5.tar.xz 12404 BLAKE2B 6c1b8c28f339f539b2ab8643379502a24cf62bffde00041dce54d5dd9e8d2620b181362ee5464b0ab32ba4948e209697bfabadbea2944a409a1009100d298f24 SHA512 5725e2d9d1ee8cc074bcef3bed61c71bdab2ff1c114362110c3fb8da11ad5bc8f2ff28e90a293f5f3a5cf96ecda54dffdb7ab3fb3f8b23ef6472250dc3037659 DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1c838de945903fcf959c62cc29ddcd1a0cb360fc5db234df86860a6a4c096f5ecc237611e4c2946b986a5500c24ba93c208ef4 SHA512 a48a7efb9b973b865bcc5009d450b428ed6b4b95e4cefe70c51056e47392c8a7bec58215168d8b07712419dc74646c2bd2fd23bcfbba2031376e292249a6b1b6 DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32 -DIST openssl-1.1.1t.tar.gz 9881866 BLAKE2B 66d76ea0c05a4afc3104e22602cffc2373e857728625d31ab3244881cafa91c099a817a09def7746bce4133585bfc90b769f43527e77a81ed13e60a8c2fb4d8d SHA512 628676c9c3bc1cf46083d64f61943079f97f0eefd0264042e40a85dbbd988f271bfe01cd1135d22cc3f67a298f1d078041f8f2e97b0da0d93fe172da573da18c -DIST openssl-1.1.1t.tar.gz.asc 833 BLAKE2B fc5e7069268e987a20241dfc4f080529c6e95e217c198568b09c833e390e68b25a604a5d3ec29c6a64b9dee9d42199fd3647214e536ba2f7b8b4e57aa4cba680 SHA512 1232a94fce991d62f008ae6d3d9b6fe68cb6378fe07450feb17a58eb2417fb385ffcb7e6b74eb683134be9ff6ccf6efa183f37f4dd521614fd5aeaddf000b90b DIST openssl-1.1.1u.tar.gz 9892176 BLAKE2B 5de9cb856e497596ecba008bad6515eefd093849b9c66dd7447031723996f3ba66ac37a323a5f7d01b1d42df4daaceb523372f5897d5c53b935ffab91c566594 SHA512 d00aeb0b4c4676deff06ff95af7ac33dd683b92f972b4a8ae55cf384bb37c7ec30ab83c6c0745daf87cf1743a745fced6a347fd11fed4c548aa0953610ed4919 DIST openssl-1.1.1u.tar.gz.asc 833 BLAKE2B 7a978a94264a14be04372fea39868e9177e8a0b0f24344267702022e19ee0f52e91ad141d7c54da870f7ec0df9b2e43b80939f1d274dd0b44d36da2670e3a468 SHA512 40245d65ace95b2002bf64bcba184c92fec3420b08d9f61f3a709c4842e9478595105d8adce33a08eb98d351d2a0989ec342b08cdd9104498ea0543b6e592d28 -DIST openssl-3.0.8.tar.gz 15151328 BLAKE2B e163cc9b8b458f72405a2f1bde3811c8d0eb22e8b08ff5608ec64799975f1546dcdce31466b8a1d5ed29bc90d19aa6017d711987c81b71f4b20e279828cf753a SHA512 8ce10be000d7d4092c8efc5b96b1d2f7da04c1c3a624d3a7923899c6b1de06f369016be957e36e8ab6d4c9102eaeec5d1973295d547f7893a7f11f132ae42b0d -DIST openssl-3.0.8.tar.gz.asc 833 BLAKE2B 1949801150e254e9be648f33014a4a16f803b42ca5a302c3942d377013e983e0ea0cca8aed594e3f9ecde26c6e31d222581e991af5fae6cd451d7ee83541f4bb SHA512 e1c04f1179aded228b39005fd9e9f6f75aedafb938b77ac58c97a00973eb412d93b92ad1c447332a5d96850b62b01093502928e6c190bdd0234a94c4e815d2a6 DIST openssl-3.0.9.tar.gz 15181285 BLAKE2B cc1df41fa12ba4443e15e94f6ebdc5e103b9dab5eab2e1c8f74e6a74fa2c38207817921b65d7293cb241c190a910191c7163600bb75243adde0e2f9ec31cc885 SHA512 86c99146b37236419b110db77dd3ac3992e6bed78c258f0cc3434ca233460b4e17c0ac81d7058547fe9cb72a9fd80ee56d4b4916bb731dbe2bbcf1c3d46bf31a DIST openssl-3.0.9.tar.gz.asc 833 BLAKE2B 9943ac65f83f48465cae83b37a1d004f6be4622e53c3025166d42954abe9215f1a6c2af58d4aa2b45fa51182fee5019e740969f694655b6c592bb278c68aacef SHA512 9949de6b57d5aa21da1d4b68a29eb37e302403c983bd7d2d8769b320aac4268a9f9091c5fb182862a4f89a9099660939fe609df87c66991b75f7695faf357caf -DIST openssl-3.1.0.tar.gz 15525381 BLAKE2B 9212a7fb13f6dee7746721ee406af56ae1b48ec58974c002465d2b0205839eb5ee0483383aa9924fc3e4168ebd34e1a5819480cf10aa318994d7171e54c07108 SHA512 71cc75c7700f445c616e382b76263ad2e4072beec0232458baf3d9891b8b64a7ad0cac4b4d24b727b2b7dcd100c78606fd48eba98a67eccd5f336e3d626ca713 -DIST openssl-3.1.0.tar.gz.asc 488 BLAKE2B f4a844e3db2c2bdf42b6f811d16cc2077cacf713d20474d94e2d0180a6f97eadf4f03522e9fed478d263d680d88091dc2bc48e7ebb15d049bc57ee7ed64c7fbb SHA512 8d542e6471b745822d6cd889c5b168841b4366ee9a96edc2ab5b44fa1bd1b75308422aed312f1bd6e6a3c3e306eceaa95ce9bb4d0aa3e8ff86cb0fd92a7e61ea DIST openssl-3.1.1.tar.gz 15544757 BLAKE2B 094f7e28f16de6528016fcd21df1d7382b0dbdcd80ec469d37add9c37f638c059dda3ffb4415eba890a33d146ddc9016bcc7192df101c73be5e70faf6e3b1097 SHA512 8ba9dd6ab87451e126c19cc106ccd1643ca48667d6c37504d0ab98205fbccf855fd0db54474b4113c4c3a15215a4ef77a039fb897a69f71bcab2054b2effd1d9 DIST openssl-3.1.1.tar.gz.asc 833 BLAKE2B 5a2a9aeb475b843862e133d53bc5bb3c8e12e8e03b1e2da41d0eaa0eade1ae03c4318ad1f5c490c5e1ed7e6ac6275a6d7c881d99993911722b043b15d1622b25 SHA512 83349020c67e5b956f3ef37604a03a1970ea393f862691f5fd5d85930c01e559e25db17d397d8fd230c3862a8b2fba2d5c7df883d56d7472f4c01dab3a661cb2 EBUILD openssl-1.0.2u-r1.ebuild 9993 BLAKE2B 2128588b25f90830c4b9120a0e5aa079b127c28aaa590a65900d735999ce777bd8a5f04de75ba476cf5062f3d862021654a2e41a800a0f06359aaa9947269d5b SHA512 e37897b8262f7365aa6484252cbd6b56567552ec90fb299518479cb91f9b88490324c426716cc2ae4facb8d479753d8dacce56a6676adb3afd66558ce693543a -EBUILD openssl-1.1.1t-r1.ebuild 7919 BLAKE2B 2cdf1786b0ec0f7efcb74e8636e2ca37a0e26cebe5db07914791ce9e612dca1ea5cb6f4a53f2c26936b0aff1141c264d328211af412e28be1a8e896de4af6e21 SHA512 364e2eab610cf6f57591956c5d52618fc103e24a55e5d0d1e73c691fffe4a4dae5189045cc892a703efccb0e981124d41e0822347f41934cf7674cf56e12145f -EBUILD openssl-1.1.1t-r3.ebuild 8240 BLAKE2B 39fca6bb87a1e9ec112518fa01a2ce871daa44ff6536708ef03906dde1eadd8f53d480c69f3a6bcacbf541affeb9af3cc6719e94479c93d50c8fb2dcb565c40f SHA512 f793d361cb98ea89706ec4bd0442e30671f623efb815a846557f7ba514d25bede9ed8f7a7b62c5400ea2a8674de3659bbe276dd1138748116d9d651dd755308b EBUILD openssl-1.1.1u.ebuild 8043 BLAKE2B 6c19ba4e37ff0942992c2fd639840301900ff3c68dfb8f3c0ce295e58aa1717c4ed68f620e7fb29ec4fdc8f05c3ae8ff36bdb4e41ad55a19d8ca1de018e7401f SHA512 db2d39ab22c9a2e35497b74cde43c656c78e3e8015eaff5598b2a56100d8ba236a05d98945253ebcdd90b56a93fd2895d96f205bfc66f3b7c89a6b26f4b16a28 -EBUILD openssl-3.0.8-r4.ebuild 8359 BLAKE2B bf0308b0c9a37d8cba6437cad2de049cb48482e856fc810a8cd195324561c883f31bdd3978c85e79cd08ff8dadc101946ecd020365fe4bdaa27e7131d2b91857 SHA512 92caeadf8e63479ca5a6789ac3bfdfd34359855e958644d341f4ec32ee027cd3000c938bf81d706a3ec00386e138ec2c88d1e8a98c6df3e47c2b4f0656c5ba15 EBUILD openssl-3.0.9.ebuild 8103 BLAKE2B 033ec46a6826fc50f581b50b08b7e6b655a50680caaf4fc8e0c3f18c1a2dd3fa8852d908e26e40c43e7b63b4e099a19ff74375257b8e13cb9e74e418dea526cd SHA512 1bc180f1ce3991b5b4eca175aa62592ff5eb6808933885f263e4343fd4b1b6edce3a0edfe3dc343a46ab04464a9a98299d02e4b9f7e66810d64add280e0b1656 -EBUILD openssl-3.1.0-r3.ebuild 8393 BLAKE2B 5a0b57a5272298a9d81c2f01a39e7a8cb429d4795bdc8b348c6112677085c15c14f3c7b52d55f0282b464dc60cff401d510dfad0178527eefe3fa8419ea54d46 SHA512 09d8a0db1d941bf1d20d0cf89509b1d827155089bbd4ca4d8bcf03a597c6959ecbe7a3c554bb33503588b323b28a199be908e231966241c565278a190df10f39 EBUILD openssl-3.1.1.ebuild 8137 BLAKE2B f903d9c357211ab49424fee06f1f5cf6e44d4b52e301af7fb8d369f4e4508fe64256d4200e48bbc16a59b4dfc23ce233e673e362745693cade8f5876bbe058aa SHA512 48e85eccc77acbff6ec91181f21881e3abbc85ac845fa5d18cb7cd1fa6b85aa4d9dcce17096804aec325e768d9247c86364c297a5e6510ce76b9319342970273 MISC metadata.xml 1664 BLAKE2B cf9d4613e5387e7ec0787b1a6c137baa71effb8458fa63b5dea0be4d5cf7c8607257262dbf89dcc0c3db7b17b10232d32902b7569827bd4f2717b3ef7dffaaa9 SHA512 01deef1de981201c14101630d2a4ae270abcac9a4b27b068359d76f63aeb6075aceb33db60175c105294cb7045aae389168f4cf1edf0f6e3656ccc2fe92e9c92 diff --git a/dev-libs/openssl/files/openssl-1.1.1t-CVE-2023-0464.patch b/dev-libs/openssl/files/openssl-1.1.1t-CVE-2023-0464.patch deleted file mode 100644 index 950e6572cd28..000000000000 --- a/dev-libs/openssl/files/openssl-1.1.1t-CVE-2023-0464.patch +++ /dev/null @@ -1,215 +0,0 @@ -commit 879f7080d7e141f415c79eaa3a8ac4a3dad0348b -Author: Pauli <pauli@openssl.org> -Date: Wed Mar 8 15:28:20 2023 +1100 - - x509: excessive resource use verifying policy constraints - - A security vulnerability has been identified in all supported versions - of OpenSSL related to the verification of X.509 certificate chains - that include policy constraints. Attackers may be able to exploit this - vulnerability by creating a malicious certificate chain that triggers - exponential use of computational resources, leading to a denial-of-service - (DoS) attack on affected systems. - - Fixes CVE-2023-0464 - - Reviewed-by: Tomas Mraz <tomas@openssl.org> - Reviewed-by: Shane Lontis <shane.lontis@oracle.com> - (Merged from https://github.com/openssl/openssl/pull/20569) - -diff --git a/crypto/x509v3/pcy_local.h b/crypto/x509v3/pcy_local.h -index 5daf78de45..344aa06765 100644 ---- a/crypto/x509v3/pcy_local.h -+++ b/crypto/x509v3/pcy_local.h -@@ -111,6 +111,11 @@ struct X509_POLICY_LEVEL_st { - }; - - struct X509_POLICY_TREE_st { -+ /* The number of nodes in the tree */ -+ size_t node_count; -+ /* The maximum number of nodes in the tree */ -+ size_t node_maximum; -+ - /* This is the tree 'level' data */ - X509_POLICY_LEVEL *levels; - int nlevel; -@@ -159,7 +164,8 @@ X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk, - X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, - X509_POLICY_DATA *data, - X509_POLICY_NODE *parent, -- X509_POLICY_TREE *tree); -+ X509_POLICY_TREE *tree, -+ int extra_data); - void policy_node_free(X509_POLICY_NODE *node); - int policy_node_match(const X509_POLICY_LEVEL *lvl, - const X509_POLICY_NODE *node, const ASN1_OBJECT *oid); -diff --git a/crypto/x509v3/pcy_node.c b/crypto/x509v3/pcy_node.c -index e2d7b15322..d574fb9d66 100644 ---- a/crypto/x509v3/pcy_node.c -+++ b/crypto/x509v3/pcy_node.c -@@ -59,10 +59,15 @@ X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level, - X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, - X509_POLICY_DATA *data, - X509_POLICY_NODE *parent, -- X509_POLICY_TREE *tree) -+ X509_POLICY_TREE *tree, -+ int extra_data) - { - X509_POLICY_NODE *node; - -+ /* Verify that the tree isn't too large. This mitigates CVE-2023-0464 */ -+ if (tree->node_maximum > 0 && tree->node_count >= tree->node_maximum) -+ return NULL; -+ - node = OPENSSL_zalloc(sizeof(*node)); - if (node == NULL) { - X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE); -@@ -70,7 +75,7 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, - } - node->data = data; - node->parent = parent; -- if (level) { -+ if (level != NULL) { - if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) { - if (level->anyPolicy) - goto node_error; -@@ -90,7 +95,7 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, - } - } - -- if (tree) { -+ if (extra_data) { - if (tree->extra_data == NULL) - tree->extra_data = sk_X509_POLICY_DATA_new_null(); - if (tree->extra_data == NULL){ -@@ -103,6 +108,7 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, - } - } - -+ tree->node_count++; - if (parent) - parent->nchild++; - -diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c -index 6e8322cbc5..6c7fd35405 100644 ---- a/crypto/x509v3/pcy_tree.c -+++ b/crypto/x509v3/pcy_tree.c -@@ -13,6 +13,18 @@ - - #include "pcy_local.h" - -+/* -+ * If the maximum number of nodes in the policy tree isn't defined, set it to -+ * a generous default of 1000 nodes. -+ * -+ * Defining this to be zero means unlimited policy tree growth which opens the -+ * door on CVE-2023-0464. -+ */ -+ -+#ifndef OPENSSL_POLICY_TREE_NODES_MAX -+# define OPENSSL_POLICY_TREE_NODES_MAX 1000 -+#endif -+ - /* - * Enable this to print out the complete policy tree at various point during - * evaluation. -@@ -168,6 +180,9 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, - return X509_PCY_TREE_INTERNAL; - } - -+ /* Limit the growth of the tree to mitigate CVE-2023-0464 */ -+ tree->node_maximum = OPENSSL_POLICY_TREE_NODES_MAX; -+ - /* - * http://tools.ietf.org/html/rfc5280#section-6.1.2, figure 3. - * -@@ -184,7 +199,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, - level = tree->levels; - if ((data = policy_data_new(NULL, OBJ_nid2obj(NID_any_policy), 0)) == NULL) - goto bad_tree; -- if (level_add_node(level, data, NULL, tree) == NULL) { -+ if (level_add_node(level, data, NULL, tree, 1) == NULL) { - policy_data_free(data); - goto bad_tree; - } -@@ -243,7 +258,8 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, - * Return value: 1 on success, 0 otherwise - */ - static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr, -- X509_POLICY_DATA *data) -+ X509_POLICY_DATA *data, -+ X509_POLICY_TREE *tree) - { - X509_POLICY_LEVEL *last = curr - 1; - int i, matched = 0; -@@ -253,13 +269,13 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr, - X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(last->nodes, i); - - if (policy_node_match(last, node, data->valid_policy)) { -- if (level_add_node(curr, data, node, NULL) == NULL) -+ if (level_add_node(curr, data, node, tree, 0) == NULL) - return 0; - matched = 1; - } - } - if (!matched && last->anyPolicy) { -- if (level_add_node(curr, data, last->anyPolicy, NULL) == NULL) -+ if (level_add_node(curr, data, last->anyPolicy, tree, 0) == NULL) - return 0; - } - return 1; -@@ -272,7 +288,8 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr, - * Return value: 1 on success, 0 otherwise. - */ - static int tree_link_nodes(X509_POLICY_LEVEL *curr, -- const X509_POLICY_CACHE *cache) -+ const X509_POLICY_CACHE *cache, -+ X509_POLICY_TREE *tree) - { - int i; - -@@ -280,7 +297,7 @@ static int tree_link_nodes(X509_POLICY_LEVEL *curr, - X509_POLICY_DATA *data = sk_X509_POLICY_DATA_value(cache->data, i); - - /* Look for matching nodes in previous level */ -- if (!tree_link_matching_nodes(curr, data)) -+ if (!tree_link_matching_nodes(curr, data, tree)) - return 0; - } - return 1; -@@ -311,7 +328,7 @@ static int tree_add_unmatched(X509_POLICY_LEVEL *curr, - /* Curr may not have anyPolicy */ - data->qualifier_set = cache->anyPolicy->qualifier_set; - data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS; -- if (level_add_node(curr, data, node, tree) == NULL) { -+ if (level_add_node(curr, data, node, tree, 1) == NULL) { - policy_data_free(data); - return 0; - } -@@ -373,7 +390,7 @@ static int tree_link_any(X509_POLICY_LEVEL *curr, - } - /* Finally add link to anyPolicy */ - if (last->anyPolicy && -- level_add_node(curr, cache->anyPolicy, last->anyPolicy, NULL) == NULL) -+ level_add_node(curr, cache->anyPolicy, last->anyPolicy, tree, 0) == NULL) - return 0; - return 1; - } -@@ -555,7 +572,7 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree, - extra->qualifier_set = anyPolicy->data->qualifier_set; - extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS - | POLICY_DATA_FLAG_EXTRA_NODE; -- node = level_add_node(NULL, extra, anyPolicy->parent, tree); -+ node = level_add_node(NULL, extra, anyPolicy->parent, tree, 1); - } - if (!tree->user_policies) { - tree->user_policies = sk_X509_POLICY_NODE_new_null(); -@@ -582,7 +599,7 @@ static int tree_evaluate(X509_POLICY_TREE *tree) - - for (i = 1; i < tree->nlevel; i++, curr++) { - cache = policy_cache_set(curr->cert); -- if (!tree_link_nodes(curr, cache)) -+ if (!tree_link_nodes(curr, cache, tree)) - return X509_PCY_TREE_INTERNAL; - - if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY) diff --git a/dev-libs/openssl/files/openssl-1.1.1t-CVE-2023-0465.patch b/dev-libs/openssl/files/openssl-1.1.1t-CVE-2023-0465.patch deleted file mode 100644 index c332e0bd2c9f..000000000000 --- a/dev-libs/openssl/files/openssl-1.1.1t-CVE-2023-0465.patch +++ /dev/null @@ -1,48 +0,0 @@ -commit b013765abfa80036dc779dd0e50602c57bb3bf95 -Author: Matt Caswell <matt@openssl.org> -Date: Tue Mar 7 16:52:55 2023 +0000 - - Ensure that EXFLAG_INVALID_POLICY is checked even in leaf certs - - Even though we check the leaf cert to confirm it is valid, we - later ignored the invalid flag and did not notice that the leaf - cert was bad. - - Fixes: CVE-2023-0465 - - Reviewed-by: Hugo Landau <hlandau@openssl.org> - Reviewed-by: Tomas Mraz <tomas@openssl.org> - (Merged from https://github.com/openssl/openssl/pull/20588) - -diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c -index 925fbb5412..1dfe4f9f31 100644 ---- a/crypto/x509/x509_vfy.c -+++ b/crypto/x509/x509_vfy.c -@@ -1649,18 +1649,25 @@ static int check_policy(X509_STORE_CTX *ctx) - } - /* Invalid or inconsistent extensions */ - if (ret == X509_PCY_TREE_INVALID) { -- int i; -+ int i, cbcalled = 0; - - /* Locate certificates with bad extensions and notify callback. */ -- for (i = 1; i < sk_X509_num(ctx->chain); i++) { -+ for (i = 0; i < sk_X509_num(ctx->chain); i++) { - X509 *x = sk_X509_value(ctx->chain, i); - - if (!(x->ex_flags & EXFLAG_INVALID_POLICY)) - continue; -+ cbcalled = 1; - if (!verify_cb_cert(ctx, x, i, - X509_V_ERR_INVALID_POLICY_EXTENSION)) - return 0; - } -+ if (!cbcalled) { -+ /* Should not be able to get here */ -+ X509err(X509_F_CHECK_POLICY, ERR_R_INTERNAL_ERROR); -+ return 0; -+ } -+ /* The callback ignored the error so we return success */ - return 1; - } - if (ret == X509_PCY_TREE_FAILURE) { diff --git a/dev-libs/openssl/files/openssl-1.1.1t-CVE-2023-0466.patch b/dev-libs/openssl/files/openssl-1.1.1t-CVE-2023-0466.patch deleted file mode 100644 index 9a59d2846a48..000000000000 --- a/dev-libs/openssl/files/openssl-1.1.1t-CVE-2023-0466.patch +++ /dev/null @@ -1,41 +0,0 @@ -commit 0d16b7e99aafc0b4a6d729eec65a411a7e025f0a -Author: Tomas Mraz <tomas@openssl.org> -Date: Tue Mar 21 16:15:47 2023 +0100 - - Fix documentation of X509_VERIFY_PARAM_add0_policy() - - The function was incorrectly documented as enabling policy checking. - - Fixes: CVE-2023-0466 - - Reviewed-by: Matt Caswell <matt@openssl.org> - Reviewed-by: Paul Dale <pauli@openssl.org> - (Merged from https://github.com/openssl/openssl/pull/20564) - -diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod -index f6f304bf7b..aa292f9336 100644 ---- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod -+++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod -@@ -92,8 +92,9 @@ B<trust>. - X509_VERIFY_PARAM_set_time() sets the verification time in B<param> to - B<t>. Normally the current time is used. - --X509_VERIFY_PARAM_add0_policy() enables policy checking (it is disabled --by default) and adds B<policy> to the acceptable policy set. -+X509_VERIFY_PARAM_add0_policy() adds B<policy> to the acceptable policy set. -+Contrary to preexisting documentation of this function it does not enable -+policy checking. - - X509_VERIFY_PARAM_set1_policies() enables policy checking (it is disabled - by default) and sets the acceptable policy set to B<policies>. Any existing -@@ -377,6 +378,10 @@ and has no effect. - - The X509_VERIFY_PARAM_get_hostflags() function was added in OpenSSL 1.1.0i. - -+The function X509_VERIFY_PARAM_add0_policy() was historically documented as -+enabling policy checking however the implementation has never done this. -+The documentation was changed to align with the implementation. -+ - =head1 COPYRIGHT - - Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/dev-libs/openssl/files/openssl-3.0.8-CVE-2023-0464.patch b/dev-libs/openssl/files/openssl-3.0.8-CVE-2023-0464.patch deleted file mode 100644 index 3cf1d3b38ec9..000000000000 --- a/dev-libs/openssl/files/openssl-3.0.8-CVE-2023-0464.patch +++ /dev/null @@ -1,214 +0,0 @@ -commit 959c59c7a0164117e7f8366466a32bb1f8d77ff1 -Author: Pauli <pauli@openssl.org> -Date: Wed Mar 8 15:28:20 2023 +1100 - - x509: excessive resource use verifying policy constraints - - A security vulnerability has been identified in all supported versions - of OpenSSL related to the verification of X.509 certificate chains - that include policy constraints. Attackers may be able to exploit this - vulnerability by creating a malicious certificate chain that triggers - exponential use of computational resources, leading to a denial-of-service - (DoS) attack on affected systems. - - Fixes CVE-2023-0464 - - Reviewed-by: Tomas Mraz <tomas@openssl.org> - Reviewed-by: Shane Lontis <shane.lontis@oracle.com> - (Merged from https://github.com/openssl/openssl/pull/20568) - -diff --git a/crypto/x509/pcy_local.h b/crypto/x509/pcy_local.h -index 18b53cc09e..cba107ca03 100644 ---- a/crypto/x509/pcy_local.h -+++ b/crypto/x509/pcy_local.h -@@ -111,6 +111,11 @@ struct X509_POLICY_LEVEL_st { - }; - - struct X509_POLICY_TREE_st { -+ /* The number of nodes in the tree */ -+ size_t node_count; -+ /* The maximum number of nodes in the tree */ -+ size_t node_maximum; -+ - /* This is the tree 'level' data */ - X509_POLICY_LEVEL *levels; - int nlevel; -@@ -157,7 +162,8 @@ X509_POLICY_NODE *ossl_policy_tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk, - X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level, - X509_POLICY_DATA *data, - X509_POLICY_NODE *parent, -- X509_POLICY_TREE *tree); -+ X509_POLICY_TREE *tree, -+ int extra_data); - void ossl_policy_node_free(X509_POLICY_NODE *node); - int ossl_policy_node_match(const X509_POLICY_LEVEL *lvl, - const X509_POLICY_NODE *node, const ASN1_OBJECT *oid); -diff --git a/crypto/x509/pcy_node.c b/crypto/x509/pcy_node.c -index 9d9a7ea179..450f95a655 100644 ---- a/crypto/x509/pcy_node.c -+++ b/crypto/x509/pcy_node.c -@@ -59,10 +59,15 @@ X509_POLICY_NODE *ossl_policy_level_find_node(const X509_POLICY_LEVEL *level, - X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level, - X509_POLICY_DATA *data, - X509_POLICY_NODE *parent, -- X509_POLICY_TREE *tree) -+ X509_POLICY_TREE *tree, -+ int extra_data) - { - X509_POLICY_NODE *node; - -+ /* Verify that the tree isn't too large. This mitigates CVE-2023-0464 */ -+ if (tree->node_maximum > 0 && tree->node_count >= tree->node_maximum) -+ return NULL; -+ - node = OPENSSL_zalloc(sizeof(*node)); - if (node == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); -@@ -70,7 +75,7 @@ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level, - } - node->data = data; - node->parent = parent; -- if (level) { -+ if (level != NULL) { - if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) { - if (level->anyPolicy) - goto node_error; -@@ -90,7 +95,7 @@ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level, - } - } - -- if (tree) { -+ if (extra_data) { - if (tree->extra_data == NULL) - tree->extra_data = sk_X509_POLICY_DATA_new_null(); - if (tree->extra_data == NULL){ -@@ -103,6 +108,7 @@ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level, - } - } - -+ tree->node_count++; - if (parent) - parent->nchild++; - -diff --git a/crypto/x509/pcy_tree.c b/crypto/x509/pcy_tree.c -index fa45da5117..f953a05a41 100644 ---- a/crypto/x509/pcy_tree.c -+++ b/crypto/x509/pcy_tree.c -@@ -14,6 +14,17 @@ - - #include "pcy_local.h" - -+/* -+ * If the maximum number of nodes in the policy tree isn't defined, set it to -+ * a generous default of 1000 nodes. -+ * -+ * Defining this to be zero means unlimited policy tree growth which opens the -+ * door on CVE-2023-0464. -+ */ -+#ifndef OPENSSL_POLICY_TREE_NODES_MAX -+# define OPENSSL_POLICY_TREE_NODES_MAX 1000 -+#endif -+ - static void expected_print(BIO *channel, - X509_POLICY_LEVEL *lev, X509_POLICY_NODE *node, - int indent) -@@ -163,6 +174,9 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, - return X509_PCY_TREE_INTERNAL; - } - -+ /* Limit the growth of the tree to mitigate CVE-2023-0464 */ -+ tree->node_maximum = OPENSSL_POLICY_TREE_NODES_MAX; -+ - /* - * http://tools.ietf.org/html/rfc5280#section-6.1.2, figure 3. - * -@@ -180,7 +194,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, - if ((data = ossl_policy_data_new(NULL, - OBJ_nid2obj(NID_any_policy), 0)) == NULL) - goto bad_tree; -- if (ossl_policy_level_add_node(level, data, NULL, tree) == NULL) { -+ if (ossl_policy_level_add_node(level, data, NULL, tree, 1) == NULL) { - ossl_policy_data_free(data); - goto bad_tree; - } -@@ -239,7 +253,8 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, - * Return value: 1 on success, 0 otherwise - */ - static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr, -- X509_POLICY_DATA *data) -+ X509_POLICY_DATA *data, -+ X509_POLICY_TREE *tree) - { - X509_POLICY_LEVEL *last = curr - 1; - int i, matched = 0; -@@ -249,13 +264,13 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr, - X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(last->nodes, i); - - if (ossl_policy_node_match(last, node, data->valid_policy)) { -- if (ossl_policy_level_add_node(curr, data, node, NULL) == NULL) -+ if (ossl_policy_level_add_node(curr, data, node, tree, 0) == NULL) - return 0; - matched = 1; - } - } - if (!matched && last->anyPolicy) { -- if (ossl_policy_level_add_node(curr, data, last->anyPolicy, NULL) == NULL) -+ if (ossl_policy_level_add_node(curr, data, last->anyPolicy, tree, 0) == NULL) - return 0; - } - return 1; -@@ -268,7 +283,8 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr, - * Return value: 1 on success, 0 otherwise. - */ - static int tree_link_nodes(X509_POLICY_LEVEL *curr, -- const X509_POLICY_CACHE *cache) -+ const X509_POLICY_CACHE *cache, -+ X509_POLICY_TREE *tree) - { - int i; - -@@ -276,7 +292,7 @@ static int tree_link_nodes(X509_POLICY_LEVEL *curr, - X509_POLICY_DATA *data = sk_X509_POLICY_DATA_value(cache->data, i); - - /* Look for matching nodes in previous level */ -- if (!tree_link_matching_nodes(curr, data)) -+ if (!tree_link_matching_nodes(curr, data, tree)) - return 0; - } - return 1; -@@ -307,7 +323,7 @@ static int tree_add_unmatched(X509_POLICY_LEVEL *curr, - /* Curr may not have anyPolicy */ - data->qualifier_set = cache->anyPolicy->qualifier_set; - data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS; -- if (ossl_policy_level_add_node(curr, data, node, tree) == NULL) { -+ if (ossl_policy_level_add_node(curr, data, node, tree, 1) == NULL) { - ossl_policy_data_free(data); - return 0; - } -@@ -370,7 +386,7 @@ static int tree_link_any(X509_POLICY_LEVEL *curr, - /* Finally add link to anyPolicy */ - if (last->anyPolicy && - ossl_policy_level_add_node(curr, cache->anyPolicy, -- last->anyPolicy, NULL) == NULL) -+ last->anyPolicy, tree, 0) == NULL) - return 0; - return 1; - } -@@ -553,7 +569,7 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree, - extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS - | POLICY_DATA_FLAG_EXTRA_NODE; - node = ossl_policy_level_add_node(NULL, extra, anyPolicy->parent, -- tree); -+ tree, 1); - } - if (!tree->user_policies) { - tree->user_policies = sk_X509_POLICY_NODE_new_null(); -@@ -580,7 +596,7 @@ static int tree_evaluate(X509_POLICY_TREE *tree) - - for (i = 1; i < tree->nlevel; i++, curr++) { - cache = ossl_policy_cache_set(curr->cert); -- if (!tree_link_nodes(curr, cache)) -+ if (!tree_link_nodes(curr, cache, tree)) - return X509_PCY_TREE_INTERNAL; - - if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY) diff --git a/dev-libs/openssl/files/openssl-3.0.8-CVE-2023-0465.patch b/dev-libs/openssl/files/openssl-3.0.8-CVE-2023-0465.patch deleted file mode 100644 index 852706d8aa92..000000000000 --- a/dev-libs/openssl/files/openssl-3.0.8-CVE-2023-0465.patch +++ /dev/null @@ -1,46 +0,0 @@ -commit 1dd43e0709fece299b15208f36cc7c76209ba0bb -Author: Matt Caswell <matt@openssl.org> -Date: Tue Mar 7 16:52:55 2023 +0000 - - Ensure that EXFLAG_INVALID_POLICY is checked even in leaf certs - - Even though we check the leaf cert to confirm it is valid, we - later ignored the invalid flag and did not notice that the leaf - cert was bad. - - Fixes: CVE-2023-0465 - - Reviewed-by: Hugo Landau <hlandau@openssl.org> - Reviewed-by: Tomas Mraz <tomas@openssl.org> - (Merged from https://github.com/openssl/openssl/pull/20587) - -diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c -index 9384f1da9b..a0282c3ef1 100644 ---- a/crypto/x509/x509_vfy.c -+++ b/crypto/x509/x509_vfy.c -@@ -1654,15 +1654,23 @@ static int check_policy(X509_STORE_CTX *ctx) - goto memerr; - /* Invalid or inconsistent extensions */ - if (ret == X509_PCY_TREE_INVALID) { -- int i; -+ int i, cbcalled = 0; - - /* Locate certificates with bad extensions and notify callback. */ -- for (i = 1; i < sk_X509_num(ctx->chain); i++) { -+ for (i = 0; i < sk_X509_num(ctx->chain); i++) { - X509 *x = sk_X509_value(ctx->chain, i); - -+ if ((x->ex_flags & EXFLAG_INVALID_POLICY) != 0) -+ cbcalled = 1; - CB_FAIL_IF((x->ex_flags & EXFLAG_INVALID_POLICY) != 0, - ctx, x, i, X509_V_ERR_INVALID_POLICY_EXTENSION); - } -+ if (!cbcalled) { -+ /* Should not be able to get here */ -+ ERR_raise(ERR_LIB_X509, ERR_R_INTERNAL_ERROR); -+ return 0; -+ } -+ /* The callback ignored the error so we return success */ - return 1; - } - if (ret == X509_PCY_TREE_FAILURE) { diff --git a/dev-libs/openssl/files/openssl-3.0.8-CVE-2023-0466.patch b/dev-libs/openssl/files/openssl-3.0.8-CVE-2023-0466.patch deleted file mode 100644 index c71665d82e18..000000000000 --- a/dev-libs/openssl/files/openssl-3.0.8-CVE-2023-0466.patch +++ /dev/null @@ -1,41 +0,0 @@ -commit 51e8a84ce742db0f6c70510d0159dad8f7825908 -Author: Tomas Mraz <tomas@openssl.org> -Date: Tue Mar 21 16:15:47 2023 +0100 - - Fix documentation of X509_VERIFY_PARAM_add0_policy() - - The function was incorrectly documented as enabling policy checking. - - Fixes: CVE-2023-0466 - - Reviewed-by: Matt Caswell <matt@openssl.org> - Reviewed-by: Paul Dale <pauli@openssl.org> - (Merged from https://github.com/openssl/openssl/pull/20563) - -diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod -index 75a1677022..43c1900bca 100644 ---- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod -+++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod -@@ -98,8 +98,9 @@ B<trust>. - X509_VERIFY_PARAM_set_time() sets the verification time in B<param> to - B<t>. Normally the current time is used. - --X509_VERIFY_PARAM_add0_policy() enables policy checking (it is disabled --by default) and adds B<policy> to the acceptable policy set. -+X509_VERIFY_PARAM_add0_policy() adds B<policy> to the acceptable policy set. -+Contrary to preexisting documentation of this function it does not enable -+policy checking. - - X509_VERIFY_PARAM_set1_policies() enables policy checking (it is disabled - by default) and sets the acceptable policy set to B<policies>. Any existing -@@ -400,6 +401,10 @@ The X509_VERIFY_PARAM_get_hostflags() function was added in OpenSSL 1.1.0i. - The X509_VERIFY_PARAM_get0_host(), X509_VERIFY_PARAM_get0_email(), - and X509_VERIFY_PARAM_get1_ip_asc() functions were added in OpenSSL 3.0. - -+The function X509_VERIFY_PARAM_add0_policy() was historically documented as -+enabling policy checking however the implementation has never done this. -+The documentation was changed to align with the implementation. -+ - =head1 COPYRIGHT - - Copyright 2009-2023 The OpenSSL Project Authors. All Rights Reserved. diff --git a/dev-libs/openssl/files/openssl-3.0.8-CVE-2023-1255.patch b/dev-libs/openssl/files/openssl-3.0.8-CVE-2023-1255.patch deleted file mode 100644 index 9b1a657d51be..000000000000 --- a/dev-libs/openssl/files/openssl-3.0.8-CVE-2023-1255.patch +++ /dev/null @@ -1,40 +0,0 @@ -commit 02ac9c9420275868472f33b01def01218742b8bb -Author: Tomas Mraz <tomas@openssl.org> -Date: Mon Apr 17 16:51:20 2023 +0200 - - aesv8-armx.pl: Avoid buffer overrread in AES-XTS decryption - - Original author: Nevine Ebeid (Amazon) - Fixes: CVE-2023-1255 - - The buffer overread happens on decrypts of 4 mod 5 sizes. - Unless the memory just after the buffer is unmapped this is harmless. - - Reviewed-by: Paul Dale <pauli@openssl.org> - Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> - (Merged from https://github.com/openssl/openssl/pull/20759) - - (cherry picked from commit 72dfe46550ee1f1bbfacd49f071419365bc23304) - -diff --git a/crypto/aes/asm/aesv8-armx.pl b/crypto/aes/asm/aesv8-armx.pl -index 6a7bf05d1b..bd583e2c89 100755 ---- a/crypto/aes/asm/aesv8-armx.pl -+++ b/crypto/aes/asm/aesv8-armx.pl -@@ -3353,7 +3353,7 @@ $code.=<<___ if ($flavour =~ /64/); - .align 4 - .Lxts_dec_tail4x: - add $inp,$inp,#16 -- vld1.32 {$dat0},[$inp],#16 -+ tst $tailcnt,#0xf - veor $tmp1,$dat1,$tmp0 - vst1.8 {$tmp1},[$out],#16 - veor $tmp2,$dat2,$tmp2 -@@ -3362,6 +3362,8 @@ $code.=<<___ if ($flavour =~ /64/); - veor $tmp4,$dat4,$tmp4 - vst1.8 {$tmp3-$tmp4},[$out],#32 - -+ b.eq .Lxts_dec_abort -+ vld1.32 {$dat0},[$inp],#16 - b .Lxts_done - .align 4 - .Lxts_outer_dec_tail: diff --git a/dev-libs/openssl/files/openssl-3.0.8-mips-cflags.patch b/dev-libs/openssl/files/openssl-3.0.8-mips-cflags.patch deleted file mode 100644 index 111681f27d07..000000000000 --- a/dev-libs/openssl/files/openssl-3.0.8-mips-cflags.patch +++ /dev/null @@ -1,30 +0,0 @@ -https://bugs.gentoo.org/894140 -https://github.com/openssl/openssl/issues/20214 - -From d500b51791cd56e73065e3a7f4487fc33f31c91c Mon Sep 17 00:00:00 2001 -From: Mike Gilbert <floppym@gentoo.org> -Date: Sun, 12 Feb 2023 17:56:58 -0500 -Subject: [PATCH] Fix Configure test for -mips in CFLAGS - -We want to add -mips2 or -mips3 only if the user hasn't already -specified a mips version in CFLAGS. The existing test was a -double-negative. - -Fixes: https://github.com/openssl/openssl/issues/20214 ---- - Configure | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/Configure b/Configure -index b6bbec0a85c4..ec48614d6b99 100755 ---- a/Configure -+++ b/Configure -@@ -1475,7 +1475,7 @@ if ($target =~ /^mingw/ && `$config{CC} --target-help 2>&1` =~ m/-mno-cygwin/m) - } - - if ($target =~ /linux.*-mips/ && !$disabled{asm} -- && !grep { $_ !~ /-m(ips|arch=)/ } (@{$config{CFLAGS}})) { -+ && !grep { $_ =~ /-m(ips|arch=)/ } (@{$config{CFLAGS}})) { - # minimally required architecture flags for assembly modules - my $value; - $value = '-mips2' if ($target =~ /mips32/); diff --git a/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0464.patch b/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0464.patch deleted file mode 100644 index dfe83e53d0ad..000000000000 --- a/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0464.patch +++ /dev/null @@ -1,214 +0,0 @@ -commit 2017771e2db3e2b96f89bbe8766c3209f6a99545 -Author: Pauli <pauli@openssl.org> -Date: Wed Mar 8 15:28:20 2023 +1100 - - x509: excessive resource use verifying policy constraints - - A security vulnerability has been identified in all supported versions - of OpenSSL related to the verification of X.509 certificate chains - that include policy constraints. Attackers may be able to exploit this - vulnerability by creating a malicious certificate chain that triggers - exponential use of computational resources, leading to a denial-of-service - (DoS) attack on affected systems. - - Fixes CVE-2023-0464 - - Reviewed-by: Tomas Mraz <tomas@openssl.org> - Reviewed-by: Shane Lontis <shane.lontis@oracle.com> - (Merged from https://github.com/openssl/openssl/pull/20570) - -diff --git a/crypto/x509/pcy_local.h b/crypto/x509/pcy_local.h -index 18b53cc09e..cba107ca03 100644 ---- a/crypto/x509/pcy_local.h -+++ b/crypto/x509/pcy_local.h -@@ -111,6 +111,11 @@ struct X509_POLICY_LEVEL_st { - }; - - struct X509_POLICY_TREE_st { -+ /* The number of nodes in the tree */ -+ size_t node_count; -+ /* The maximum number of nodes in the tree */ -+ size_t node_maximum; -+ - /* This is the tree 'level' data */ - X509_POLICY_LEVEL *levels; - int nlevel; -@@ -157,7 +162,8 @@ X509_POLICY_NODE *ossl_policy_tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk, - X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level, - X509_POLICY_DATA *data, - X509_POLICY_NODE *parent, -- X509_POLICY_TREE *tree); -+ X509_POLICY_TREE *tree, -+ int extra_data); - void ossl_policy_node_free(X509_POLICY_NODE *node); - int ossl_policy_node_match(const X509_POLICY_LEVEL *lvl, - const X509_POLICY_NODE *node, const ASN1_OBJECT *oid); -diff --git a/crypto/x509/pcy_node.c b/crypto/x509/pcy_node.c -index 9d9a7ea179..450f95a655 100644 ---- a/crypto/x509/pcy_node.c -+++ b/crypto/x509/pcy_node.c -@@ -59,10 +59,15 @@ X509_POLICY_NODE *ossl_policy_level_find_node(const X509_POLICY_LEVEL *level, - X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level, - X509_POLICY_DATA *data, - X509_POLICY_NODE *parent, -- X509_POLICY_TREE *tree) -+ X509_POLICY_TREE *tree, -+ int extra_data) - { - X509_POLICY_NODE *node; - -+ /* Verify that the tree isn't too large. This mitigates CVE-2023-0464 */ -+ if (tree->node_maximum > 0 && tree->node_count >= tree->node_maximum) -+ return NULL; -+ - node = OPENSSL_zalloc(sizeof(*node)); - if (node == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); -@@ -70,7 +75,7 @@ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level, - } - node->data = data; - node->parent = parent; -- if (level) { -+ if (level != NULL) { - if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) { - if (level->anyPolicy) - goto node_error; -@@ -90,7 +95,7 @@ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level, - } - } - -- if (tree) { -+ if (extra_data) { - if (tree->extra_data == NULL) - tree->extra_data = sk_X509_POLICY_DATA_new_null(); - if (tree->extra_data == NULL){ -@@ -103,6 +108,7 @@ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level, - } - } - -+ tree->node_count++; - if (parent) - parent->nchild++; - -diff --git a/crypto/x509/pcy_tree.c b/crypto/x509/pcy_tree.c -index fa45da5117..f953a05a41 100644 ---- a/crypto/x509/pcy_tree.c -+++ b/crypto/x509/pcy_tree.c -@@ -14,6 +14,17 @@ - - #include "pcy_local.h" - -+/* -+ * If the maximum number of nodes in the policy tree isn't defined, set it to -+ * a generous default of 1000 nodes. -+ * -+ * Defining this to be zero means unlimited policy tree growth which opens the -+ * door on CVE-2023-0464. -+ */ -+#ifndef OPENSSL_POLICY_TREE_NODES_MAX -+# define OPENSSL_POLICY_TREE_NODES_MAX 1000 -+#endif -+ - static void expected_print(BIO *channel, - X509_POLICY_LEVEL *lev, X509_POLICY_NODE *node, - int indent) -@@ -163,6 +174,9 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, - return X509_PCY_TREE_INTERNAL; - } - -+ /* Limit the growth of the tree to mitigate CVE-2023-0464 */ -+ tree->node_maximum = OPENSSL_POLICY_TREE_NODES_MAX; -+ - /* - * http://tools.ietf.org/html/rfc5280#section-6.1.2, figure 3. - * -@@ -180,7 +194,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, - if ((data = ossl_policy_data_new(NULL, - OBJ_nid2obj(NID_any_policy), 0)) == NULL) - goto bad_tree; -- if (ossl_policy_level_add_node(level, data, NULL, tree) == NULL) { -+ if (ossl_policy_level_add_node(level, data, NULL, tree, 1) == NULL) { - ossl_policy_data_free(data); - goto bad_tree; - } -@@ -239,7 +253,8 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, - * Return value: 1 on success, 0 otherwise - */ - static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr, -- X509_POLICY_DATA *data) -+ X509_POLICY_DATA *data, -+ X509_POLICY_TREE *tree) - { - X509_POLICY_LEVEL *last = curr - 1; - int i, matched = 0; -@@ -249,13 +264,13 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr, - X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(last->nodes, i); - - if (ossl_policy_node_match(last, node, data->valid_policy)) { -- if (ossl_policy_level_add_node(curr, data, node, NULL) == NULL) -+ if (ossl_policy_level_add_node(curr, data, node, tree, 0) == NULL) - return 0; - matched = 1; - } - } - if (!matched && last->anyPolicy) { -- if (ossl_policy_level_add_node(curr, data, last->anyPolicy, NULL) == NULL) -+ if (ossl_policy_level_add_node(curr, data, last->anyPolicy, tree, 0) == NULL) - return 0; - } - return 1; -@@ -268,7 +283,8 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr, - * Return value: 1 on success, 0 otherwise. - */ - static int tree_link_nodes(X509_POLICY_LEVEL *curr, -- const X509_POLICY_CACHE *cache) -+ const X509_POLICY_CACHE *cache, -+ X509_POLICY_TREE *tree) - { - int i; - -@@ -276,7 +292,7 @@ static int tree_link_nodes(X509_POLICY_LEVEL *curr, - X509_POLICY_DATA *data = sk_X509_POLICY_DATA_value(cache->data, i); - - /* Look for matching nodes in previous level */ -- if (!tree_link_matching_nodes(curr, data)) -+ if (!tree_link_matching_nodes(curr, data, tree)) - return 0; - } - return 1; -@@ -307,7 +323,7 @@ static int tree_add_unmatched(X509_POLICY_LEVEL *curr, - /* Curr may not have anyPolicy */ - data->qualifier_set = cache->anyPolicy->qualifier_set; - data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS; -- if (ossl_policy_level_add_node(curr, data, node, tree) == NULL) { -+ if (ossl_policy_level_add_node(curr, data, node, tree, 1) == NULL) { - ossl_policy_data_free(data); - return 0; - } -@@ -370,7 +386,7 @@ static int tree_link_any(X509_POLICY_LEVEL *curr, - /* Finally add link to anyPolicy */ - if (last->anyPolicy && - ossl_policy_level_add_node(curr, cache->anyPolicy, -- last->anyPolicy, NULL) == NULL) -+ last->anyPolicy, tree, 0) == NULL) - return 0; - return 1; - } -@@ -553,7 +569,7 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree, - extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS - | POLICY_DATA_FLAG_EXTRA_NODE; - node = ossl_policy_level_add_node(NULL, extra, anyPolicy->parent, -- tree); -+ tree, 1); - } - if (!tree->user_policies) { - tree->user_policies = sk_X509_POLICY_NODE_new_null(); -@@ -580,7 +596,7 @@ static int tree_evaluate(X509_POLICY_TREE *tree) - - for (i = 1; i < tree->nlevel; i++, curr++) { - cache = ossl_policy_cache_set(curr->cert); -- if (!tree_link_nodes(curr, cache)) -+ if (!tree_link_nodes(curr, cache, tree)) - return X509_PCY_TREE_INTERNAL; - - if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY) diff --git a/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0465.patch b/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0465.patch deleted file mode 100644 index a98f7cba13bd..000000000000 --- a/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0465.patch +++ /dev/null @@ -1,46 +0,0 @@ -commit facfb1ab745646e97a1920977ae4a9965ea61d5c -Author: Matt Caswell <matt@openssl.org> -Date: Tue Mar 7 16:52:55 2023 +0000 - - Ensure that EXFLAG_INVALID_POLICY is checked even in leaf certs - - Even though we check the leaf cert to confirm it is valid, we - later ignored the invalid flag and did not notice that the leaf - cert was bad. - - Fixes: CVE-2023-0465 - - Reviewed-by: Hugo Landau <hlandau@openssl.org> - Reviewed-by: Tomas Mraz <tomas@openssl.org> - (Merged from https://github.com/openssl/openssl/pull/20586) - -diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c -index 9384f1da9b..a0282c3ef1 100644 ---- a/crypto/x509/x509_vfy.c -+++ b/crypto/x509/x509_vfy.c -@@ -1654,15 +1654,23 @@ static int check_policy(X509_STORE_CTX *ctx) - goto memerr; - /* Invalid or inconsistent extensions */ - if (ret == X509_PCY_TREE_INVALID) { -- int i; -+ int i, cbcalled = 0; - - /* Locate certificates with bad extensions and notify callback. */ -- for (i = 1; i < sk_X509_num(ctx->chain); i++) { -+ for (i = 0; i < sk_X509_num(ctx->chain); i++) { - X509 *x = sk_X509_value(ctx->chain, i); - -+ if ((x->ex_flags & EXFLAG_INVALID_POLICY) != 0) -+ cbcalled = 1; - CB_FAIL_IF((x->ex_flags & EXFLAG_INVALID_POLICY) != 0, - ctx, x, i, X509_V_ERR_INVALID_POLICY_EXTENSION); - } -+ if (!cbcalled) { -+ /* Should not be able to get here */ -+ ERR_raise(ERR_LIB_X509, ERR_R_INTERNAL_ERROR); -+ return 0; -+ } -+ /* The callback ignored the error so we return success */ - return 1; - } - if (ret == X509_PCY_TREE_FAILURE) { diff --git a/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0466.patch b/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0466.patch deleted file mode 100644 index 9a315f4c00fd..000000000000 --- a/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0466.patch +++ /dev/null @@ -1,41 +0,0 @@ -commit fc814a30fc4f0bc54fcea7d9a7462f5457aab061 -Author: Tomas Mraz <tomas@openssl.org> -Date: Tue Mar 21 16:15:47 2023 +0100 - - Fix documentation of X509_VERIFY_PARAM_add0_policy() - - The function was incorrectly documented as enabling policy checking. - - Fixes: CVE-2023-0466 - - Reviewed-by: Paul Dale <pauli@openssl.org> - Reviewed-by: Matt Caswell <matt@openssl.org> - (Merged from https://github.com/openssl/openssl/pull/20562) - -diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod -index 20aea99b5b..fcbbfc4c30 100644 ---- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod -+++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod -@@ -98,8 +98,9 @@ B<trust>. - X509_VERIFY_PARAM_set_time() sets the verification time in B<param> to - B<t>. Normally the current time is used. - --X509_VERIFY_PARAM_add0_policy() enables policy checking (it is disabled --by default) and adds B<policy> to the acceptable policy set. -+X509_VERIFY_PARAM_add0_policy() adds B<policy> to the acceptable policy set. -+Contrary to preexisting documentation of this function it does not enable -+policy checking. - - X509_VERIFY_PARAM_set1_policies() enables policy checking (it is disabled - by default) and sets the acceptable policy set to B<policies>. Any existing -@@ -400,6 +401,10 @@ The X509_VERIFY_PARAM_get_hostflags() function was added in OpenSSL 1.1.0i. - The X509_VERIFY_PARAM_get0_host(), X509_VERIFY_PARAM_get0_email(), - and X509_VERIFY_PARAM_get1_ip_asc() functions were added in OpenSSL 3.0. - -+The function X509_VERIFY_PARAM_add0_policy() was historically documented as -+enabling policy checking however the implementation has never done this. -+The documentation was changed to align with the implementation. -+ - =head1 COPYRIGHT - - Copyright 2009-2023 The OpenSSL Project Authors. All Rights Reserved. diff --git a/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-1255.patch b/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-1255.patch deleted file mode 100644 index aea425f83556..000000000000 --- a/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-1255.patch +++ /dev/null @@ -1,40 +0,0 @@ -commit bc2f61ad70971869b242fc1cb445b98bad50074a -Author: Tomas Mraz <tomas@openssl.org> -Date: Mon Apr 17 16:51:20 2023 +0200 - - aesv8-armx.pl: Avoid buffer overrread in AES-XTS decryption - - Original author: Nevine Ebeid (Amazon) - Fixes: CVE-2023-1255 - - The buffer overread happens on decrypts of 4 mod 5 sizes. - Unless the memory just after the buffer is unmapped this is harmless. - - Reviewed-by: Paul Dale <pauli@openssl.org> - Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> - (Merged from https://github.com/openssl/openssl/pull/20759) - - (cherry picked from commit 72dfe46550ee1f1bbfacd49f071419365bc23304) - -diff --git a/crypto/aes/asm/aesv8-armx.pl b/crypto/aes/asm/aesv8-armx.pl -index ea74217317..efd3ccd1a4 100755 ---- a/crypto/aes/asm/aesv8-armx.pl -+++ b/crypto/aes/asm/aesv8-armx.pl -@@ -3367,7 +3367,7 @@ $code.=<<___ if ($flavour =~ /64/); - .align 4 - .Lxts_dec_tail4x: - add $inp,$inp,#16 -- vld1.32 {$dat0},[$inp],#16 -+ tst $tailcnt,#0xf - veor $tmp1,$dat1,$tmp0 - vst1.8 {$tmp1},[$out],#16 - veor $tmp2,$dat2,$tmp2 -@@ -3376,6 +3376,8 @@ $code.=<<___ if ($flavour =~ /64/); - veor $tmp4,$dat4,$tmp4 - vst1.8 {$tmp3-$tmp4},[$out],#32 - -+ b.eq .Lxts_dec_abort -+ vld1.32 {$dat0},[$inp],#16 - b .Lxts_done - .align 4 - .Lxts_outer_dec_tail: diff --git a/dev-libs/openssl/openssl-1.1.1t-r1.ebuild b/dev-libs/openssl/openssl-1.1.1t-r1.ebuild deleted file mode 100644 index 1d43a457c82a..000000000000 --- a/dev-libs/openssl/openssl-1.1.1t-r1.ebuild +++ /dev/null @@ -1,265 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc -inherit edo flag-o-matic toolchain-funcs multilib-minimal verify-sig - -MY_P=${P/_/-} -DESCRIPTION="Full-strength general purpose cryptography library (including SSL and TLS)" -HOMEPAGE="https://www.openssl.org/" -SRC_URI="mirror://openssl/source/${MY_P}.tar.gz - verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )" -S="${WORKDIR}/${MY_P}" - -LICENSE="openssl" -SLOT="0/1.1" # .so version of libssl/libcrypto -if [[ ${PV} != *_pre* ]] ; then - KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" -fi -IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers" -RESTRICT="!test? ( test )" - -RDEPEND=" - tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )" -DEPEND="${RDEPEND}" -BDEPEND=" - >=dev-lang/perl-5 - sctp? ( >=net-misc/lksctp-tools-1.0.12 ) - test? ( - sys-apps/diffutils - sys-devel/bc - kernel_linux? ( sys-process/procps ) - ) - verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )" -PDEPEND="app-misc/ca-certificates" - -# force upgrade to prevent broken login, bug #696950 -RDEPEND+=" !<net-misc/openssh-8.0_p1-r3" - -MULTILIB_WRAPPED_HEADERS=( - usr/include/openssl/opensslconf.h -) - -PATCHES=( - # General patches which are suitable to always apply - # If they're Gentoo specific, add to USE=-vanilla logic in src_prepare! - "${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch # bug #671602 - "${FILESDIR}"/${PN}-1.1.1i-riscv32.patch - "${FILESDIR}"/openssl-3.0.8-mips-cflags.patch -) - -pkg_setup() { - [[ ${MERGE_TYPE} == binary ]] && return - - # must check in pkg_setup; sysctl doesn't work with userpriv! - if use test && use sctp; then - # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel" - # if sctp.auth_enable is not enabled. - local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null) - if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then - die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!" - fi - fi -} - -src_unpack() { - # Can delete this once test fix patch is dropped - if use verify-sig ; then - # Needed for downloaded patch (which is unsigned, which is fine) - verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc} - fi - - default -} - -src_prepare() { - # Make sure we only ever touch Makefile.org and avoid patching a file - # that gets blown away anyways by the Configure script in src_configure - rm -f Makefile - - if ! use vanilla ; then - PATCHES+=( - # Add patches which are Gentoo-specific customisations here - ) - fi - - default - - if use test && use sctp && has network-sandbox ${FEATURES}; then - einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..." - rm test/recipes/80-test_ssl_new.t || die - fi - - # Remove test target when FEATURES=test isn't set - if ! use test ; then - sed \ - -e '/^$config{dirs}/s@ "test",@@' \ - -i Configure || die - fi - - if use prefix && [[ ${CHOST} == *-solaris* ]] ; then - # use GNU ld full option, not to confuse it on Solaris - sed -i \ - -e 's/-Wl,-M,/-Wl,--version-script=/' \ - -e 's/-Wl,-h,/-Wl,--soname=/' \ - Configurations/10-main.conf || die - - # fix building on Solaris 10 - # https://github.com/openssl/openssl/issues/6333 - sed -i \ - -e 's/-lsocket -lnsl -ldl/-lsocket -lnsl -ldl -lrt/' \ - Configurations/10-main.conf || die - fi - - # The config script does stupid stuff to prompt the user. Kill it. - sed -i '/stty -icanon min 0 time 50; read waste/d' config || die -} - -src_configure() { - # Keep this in sync with app-misc/c_rehash - SSL_CNF_DIR="/etc/ssl" - - # Quiet out unknown driver argument warnings since openssl - # doesn't have well-split CFLAGS and we're making it even worse - # and 'make depend' uses -Werror for added fun (bug #417795 again) - tc-is-clang && append-flags -Qunused-arguments - - # We really, really need to build OpenSSL w/ strict aliasing disabled. - # It's filled with violations and it *will* result in miscompiled - # code. This has been in the ebuild for > 10 years but even in 2022, - # it's still relevant: - # - https://github.com/llvm/llvm-project/issues/55255 - # - https://github.com/openssl/openssl/issues/18225 - # - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057 - # Don't remove the no strict aliasing bits below! - filter-flags -fstrict-aliasing - append-flags -fno-strict-aliasing - - append-cppflags -DOPENSSL_NO_BUF_FREELISTS - - append-flags $(test-flags-CC -Wa,--noexecstack) - - # bug #197996 - unset APPS - # bug #312551 - unset SCRIPTS - # bug #311473 - unset CROSS_COMPILE - - tc-export AR CC CXX RANLIB RC - - multilib-minimal_src_configure -} - -multilib_src_configure() { - use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } - - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") - - # See if our toolchain supports __uint128_t. If so, it's 64bit - # friendly and can use the nicely optimized code paths, bug #460790. - #local ec_nistp_64_gcc_128 - # - # Disable it for now though (bug #469976) - # Do NOT re-enable without substantial discussion first! - # - #echo "__uint128_t i;" > "${T}"/128.c - #if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then - # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" - #fi - - local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4") - einfo "Use configuration ${sslout:-(openssl knows best)}" - local config=( perl "${S}/Configure" ) - [[ -z ${sslout} ]] && config=( sh "${S}/config" -v ) - - # "disable-deprecated" option breaks too many consumers. - # Don't set it without thorough revdeps testing. - # Make sure user flags don't get added *yet* to avoid duplicated - # flags. - local myeconfargs=( - ${sslout} - - $(use cpu_flags_x86_sse2 || echo "no-sse2") - enable-camellia - enable-ec - enable-ec2m - enable-sm2 - enable-srp - $(use elibc_musl && echo "no-async") - ${ec_nistp_64_gcc_128} - enable-idea - enable-mdc2 - enable-rc5 - $(use_ssl sslv3 ssl3) - $(use_ssl sslv3 ssl3-method) - $(use_ssl asm) - $(use_ssl rfc3779) - $(use_ssl sctp) - $(use test || echo "no-tests") - $(use_ssl tls-compression zlib) - $(use_ssl tls-heartbeat heartbeats) - $(use_ssl weak-ssl-ciphers) - - --prefix="${EPREFIX}"/usr - --openssldir="${EPREFIX}"${SSL_CNF_DIR} - --libdir=$(get_libdir) - - shared - threads - ) - - edo "${config[@]}" "${myeconfargs[@]}" -} - -multilib_src_compile() { - emake all -} - -multilib_src_test() { - emake -j1 test -} - -multilib_src_install() { - emake DESTDIR="${D}" install_sw - - if multilib_is_native_abi; then - emake DESTDIR="${D}" install_ssldirs - emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} MANSUFFIX=ssl install_docs - fi - - # This is crappy in that the static archives are still built even - # when USE=static-libs. But this is due to a failing in the openssl - # build system: the static archives are built as PIC all the time. - # Only way around this would be to manually configure+compile openssl - # twice; once with shared lib support enabled and once without. - if ! use static-libs; then - rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die - fi -} - -multilib_src_install_all() { - # openssl installs perl version of c_rehash by default, but - # we provide a shell version via app-misc/c_rehash - rm "${ED}"/usr/bin/c_rehash || die - - dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el - - # Create the certs directory - keepdir ${SSL_CNF_DIR}/certs - - # bug #254521 - dodir /etc/sandbox.d - echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl - - diropts -m0700 - keepdir ${SSL_CNF_DIR}/private -} - -pkg_postinst() { - ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)" - openssl rehash "${EROOT}${SSL_CNF_DIR}/certs" - eend $? -} diff --git a/dev-libs/openssl/openssl-1.1.1t-r3.ebuild b/dev-libs/openssl/openssl-1.1.1t-r3.ebuild deleted file mode 100644 index 36d0d673d156..000000000000 --- a/dev-libs/openssl/openssl-1.1.1t-r3.ebuild +++ /dev/null @@ -1,269 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc -inherit edo flag-o-matic toolchain-funcs multilib-minimal verify-sig - -MY_P=${P/_/-} -DESCRIPTION="Full-strength general purpose cryptography library (including SSL and TLS)" -HOMEPAGE="https://www.openssl.org/" -SRC_URI="mirror://openssl/source/${MY_P}.tar.gz - verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )" -S="${WORKDIR}/${MY_P}" - -LICENSE="openssl" -SLOT="0/1.1" # .so version of libssl/libcrypto -if [[ ${PV} != *_pre* ]] ; then - KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" -fi -IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers" -RESTRICT="!test? ( test )" - -RDEPEND=" - tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )" -DEPEND="${RDEPEND}" -BDEPEND=" - >=dev-lang/perl-5 - sctp? ( >=net-misc/lksctp-tools-1.0.12 ) - test? ( - sys-apps/diffutils - sys-devel/bc - kernel_linux? ( sys-process/procps ) - ) - verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )" -PDEPEND="app-misc/ca-certificates" - -# force upgrade to prevent broken login, bug #696950 -RDEPEND+=" !<net-misc/openssh-8.0_p1-r3" - -MULTILIB_WRAPPED_HEADERS=( - usr/include/openssl/opensslconf.h -) - -PATCHES=( - # General patches which are suitable to always apply - # If they're Gentoo specific, add to USE=-vanilla logic in src_prepare! - "${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch # bug #671602 - "${FILESDIR}"/${PN}-1.1.1i-riscv32.patch - "${FILESDIR}"/openssl-3.0.8-mips-cflags.patch - "${FILESDIR}"/openssl-1.1.1t-CVE-2023-0464.patch - "${FILESDIR}"/openssl-1.1.1t-CVE-2023-0465.patch - "${FILESDIR}"/openssl-1.1.1t-CVE-2023-0466.patch -) - -pkg_setup() { - [[ ${MERGE_TYPE} == binary ]] && return - - # must check in pkg_setup; sysctl doesn't work with userpriv! - if use test && use sctp; then - # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel" - # if sctp.auth_enable is not enabled. - local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null) - if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then - die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!" - fi - fi -} - -src_unpack() { - # Can delete this once test fix patch is dropped - if use verify-sig ; then - # Needed for downloaded patch (which is unsigned, which is fine) - verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc} - fi - - default -} - -src_prepare() { - # Make sure we only ever touch Makefile.org and avoid patching a file - # that gets blown away anyways by the Configure script in src_configure - rm -f Makefile - - if ! use vanilla ; then - PATCHES+=( - # Add patches which are Gentoo-specific customisations here - ) - fi - - default - - if use test && use sctp && has network-sandbox ${FEATURES}; then - einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..." - rm test/recipes/80-test_ssl_new.t || die - fi - - # Test fails depending on kernel configuration, bug #699134 - rm test/recipes/30-test_afalg.t || die - - # Remove test target when FEATURES=test isn't set - if ! use test ; then - sed \ - -e '/^$config{dirs}/s@ "test",@@' \ - -i Configure || die - fi - - if use prefix && [[ ${CHOST} == *-solaris* ]] ; then - # use GNU ld full option, not to confuse it on Solaris - sed -i \ - -e 's/-Wl,-M,/-Wl,--version-script=/' \ - -e 's/-Wl,-h,/-Wl,--soname=/' \ - Configurations/10-main.conf || die - fi - - # The config script does stupid stuff to prompt the user. Kill it. - sed -i '/stty -icanon min 0 time 50; read waste/d' config || die -} - -src_configure() { - # Keep this in sync with app-misc/c_rehash - SSL_CNF_DIR="/etc/ssl" - - # Quiet out unknown driver argument warnings since openssl - # doesn't have well-split CFLAGS and we're making it even worse - # and 'make depend' uses -Werror for added fun (bug #417795 again) - tc-is-clang && append-flags -Qunused-arguments - - # We really, really need to build OpenSSL w/ strict aliasing disabled. - # It's filled with violations and it *will* result in miscompiled - # code. This has been in the ebuild for > 10 years but even in 2022, - # it's still relevant: - # - https://github.com/llvm/llvm-project/issues/55255 - # - https://github.com/openssl/openssl/issues/18225 - # - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057 - # Don't remove the no strict aliasing bits below! - filter-flags -fstrict-aliasing - append-flags -fno-strict-aliasing - # The OpenSSL developers don't test with LTO right now, it leads to various - # warnings/errors (which may or may not be false positives), it's considered - # unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663. - filter-lto - - append-cppflags -DOPENSSL_NO_BUF_FREELISTS - - append-flags $(test-flags-CC -Wa,--noexecstack) - - # bug #197996 - unset APPS - # bug #312551 - unset SCRIPTS - # bug #311473 - unset CROSS_COMPILE - - tc-export AR CC CXX RANLIB RC - - multilib-minimal_src_configure -} - -multilib_src_configure() { - use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } - - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") - - # See if our toolchain supports __uint128_t. If so, it's 64bit - # friendly and can use the nicely optimized code paths, bug #460790. - #local ec_nistp_64_gcc_128 - # - # Disable it for now though (bug #469976) - # Do NOT re-enable without substantial discussion first! - # - #echo "__uint128_t i;" > "${T}"/128.c - #if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then - # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" - #fi - - local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4") - einfo "Use configuration ${sslout:-(openssl knows best)}" - local config=( perl "${S}/Configure" ) - [[ -z ${sslout} ]] && config=( sh "${S}/config" -v ) - - # "disable-deprecated" option breaks too many consumers. - # Don't set it without thorough revdeps testing. - # Make sure user flags don't get added *yet* to avoid duplicated - # flags. - local myeconfargs=( - ${sslout} - - $(use cpu_flags_x86_sse2 || echo "no-sse2") - enable-camellia - enable-ec - enable-ec2m - enable-sm2 - enable-srp - $(use elibc_musl && echo "no-async") - ${ec_nistp_64_gcc_128} - enable-idea - enable-mdc2 - enable-rc5 - $(use_ssl sslv3 ssl3) - $(use_ssl sslv3 ssl3-method) - $(use_ssl asm) - $(use_ssl rfc3779) - $(use_ssl sctp) - $(use test || echo "no-tests") - $(use_ssl tls-compression zlib) - $(use_ssl tls-heartbeat heartbeats) - $(use_ssl weak-ssl-ciphers) - - --prefix="${EPREFIX}"/usr - --openssldir="${EPREFIX}"${SSL_CNF_DIR} - --libdir=$(get_libdir) - - shared - threads - ) - - edo "${config[@]}" "${myeconfargs[@]}" -} - -multilib_src_compile() { - emake all -} - -multilib_src_test() { - emake -j1 test -} - -multilib_src_install() { - emake DESTDIR="${D}" install_sw - - if multilib_is_native_abi; then - emake DESTDIR="${D}" install_ssldirs - emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} MANSUFFIX=ssl install_docs - fi - - # This is crappy in that the static archives are still built even - # when USE=static-libs. But this is due to a failing in the openssl - # build system: the static archives are built as PIC all the time. - # Only way around this would be to manually configure+compile openssl - # twice; once with shared lib support enabled and once without. - if ! use static-libs; then - rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die - fi -} - -multilib_src_install_all() { - # openssl installs perl version of c_rehash by default, but - # we provide a shell version via app-misc/c_rehash - rm "${ED}"/usr/bin/c_rehash || die - - dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el - - # Create the certs directory - keepdir ${SSL_CNF_DIR}/certs - - # bug #254521 - dodir /etc/sandbox.d - echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl - - diropts -m0700 - keepdir ${SSL_CNF_DIR}/private -} - -pkg_postinst() { - ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)" - openssl rehash "${EROOT}${SSL_CNF_DIR}/certs" - eend $? -} diff --git a/dev-libs/openssl/openssl-3.0.8-r4.ebuild b/dev-libs/openssl/openssl-3.0.8-r4.ebuild deleted file mode 100644 index e504eb575575..000000000000 --- a/dev-libs/openssl/openssl-3.0.8-r4.ebuild +++ /dev/null @@ -1,281 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc -inherit edo flag-o-matic linux-info toolchain-funcs multilib-minimal multiprocessing verify-sig - -DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)" -HOMEPAGE="https://www.openssl.org/" - -MY_P=${P/_/-} - -if [[ ${PV} == 9999 ]] ; then - EGIT_REPO_URI="https://github.com/openssl/openssl.git" - - inherit git-r3 -else - SRC_URI="mirror://openssl/source/${MY_P}.tar.gz - verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )" - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos" -fi - -S="${WORKDIR}"/${MY_P} - -LICENSE="Apache-2.0" -SLOT="0/3" # .so version of libssl/libcrypto -IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers" -RESTRICT="!test? ( test )" - -COMMON_DEPEND=" - tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) -" -BDEPEND=" - >=dev-lang/perl-5 - sctp? ( >=net-misc/lksctp-tools-1.0.12 ) - test? ( - sys-apps/diffutils - sys-devel/bc - sys-process/procps - ) - verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )" - -DEPEND="${COMMON_DEPEND}" -RDEPEND="${COMMON_DEPEND}" -PDEPEND="app-misc/ca-certificates" - -MULTILIB_WRAPPED_HEADERS=( - /usr/include/openssl/configuration.h -) - -PATCHES=( - "${FILESDIR}"/openssl-3.0.8-mips-cflags.patch - "${FILESDIR}"/openssl-3.0.8-CVE-2023-0464.patch - "${FILESDIR}"/openssl-3.0.8-CVE-2023-0465.patch - "${FILESDIR}"/openssl-3.0.8-CVE-2023-0466.patch - "${FILESDIR}"/openssl-3.0.8-CVE-2023-1255.patch -) - -pkg_setup() { - if use ktls ; then - if kernel_is -lt 4 18 ; then - ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!" - else - CONFIG_CHECK="~TLS ~TLS_DEVICE" - ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!" - ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!" - use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER" - - linux-info_pkg_setup - fi - fi - - [[ ${MERGE_TYPE} == binary ]] && return - - # must check in pkg_setup; sysctl doesn't work with userpriv! - if use test && use sctp ; then - # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel" - # if sctp.auth_enable is not enabled. - local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null) - if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then - die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!" - fi - fi -} - -src_unpack() { - # Can delete this once test fix patch is dropped - if use verify-sig ; then - # Needed for downloaded patch (which is unsigned, which is fine) - verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc} - fi - - default -} - -src_prepare() { - # Make sure we only ever touch Makefile.org and avoid patching a file - # that gets blown away anyways by the Configure script in src_configure - rm -f Makefile - - if ! use vanilla ; then - PATCHES+=( - # Add patches which are Gentoo-specific customisations here - ) - fi - - default - - if use test && use sctp && has network-sandbox ${FEATURES} ; then - einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..." - rm test/recipes/80-test_ssl_new.t || die - fi - - # Test fails depending on kernel configuration, bug #699134 - rm test/recipes/30-test_afalg.t || die -} - -src_configure() { - # Keep this in sync with app-misc/c_rehash - SSL_CNF_DIR="/etc/ssl" - - # Quiet out unknown driver argument warnings since openssl - # doesn't have well-split CFLAGS and we're making it even worse - # and 'make depend' uses -Werror for added fun (bug #417795 again) - tc-is-clang && append-flags -Qunused-arguments - - # We really, really need to build OpenSSL w/ strict aliasing disabled. - # It's filled with violations and it *will* result in miscompiled - # code. This has been in the ebuild for > 10 years but even in 2022, - # it's still relevant: - # - https://github.com/llvm/llvm-project/issues/55255 - # - https://github.com/openssl/openssl/issues/18225 - # - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057 - # Don't remove the no strict aliasing bits below! - filter-flags -fstrict-aliasing - append-flags -fno-strict-aliasing - # The OpenSSL developers don't test with LTO right now, it leads to various - # warnings/errors (which may or may not be false positives), it's considered - # unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663. - filter-lto - - append-flags $(test-flags-CC -Wa,--noexecstack) - - # bug #197996 - unset APPS - # bug #312551 - unset SCRIPTS - # bug #311473 - unset CROSS_COMPILE - - tc-export AR CC CXX RANLIB RC - - multilib-minimal_src_configure -} - -multilib_src_configure() { - use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } - - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") - - # See if our toolchain supports __uint128_t. If so, it's 64bit - # friendly and can use the nicely optimized code paths, bug #460790. - #local ec_nistp_64_gcc_128 - # - # Disable it for now though (bug #469976) - # Do NOT re-enable without substantial discussion first! - # - #echo "__uint128_t i;" > "${T}"/128.c - #if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then - # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" - #fi - - local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4") - einfo "Using configuration: ${sslout:-(openssl knows best)}" - - # https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features - local myeconfargs=( - ${sslout} - - $(use cpu_flags_x86_sse2 || echo "no-sse2") - enable-camellia - enable-ec - enable-ec2m - enable-sm2 - enable-srp - $(use elibc_musl && echo "no-async") - enable-idea - enable-mdc2 - enable-rc5 - $(use fips && echo "enable-fips") - $(use_ssl asm) - $(use_ssl ktls) - $(use_ssl rfc3779) - $(use_ssl sctp) - $(use test || echo "no-tests") - $(use_ssl tls-compression zlib) - $(use_ssl weak-ssl-ciphers) - - --prefix="${EPREFIX}"/usr - --openssldir="${EPREFIX}"${SSL_CNF_DIR} - --libdir=$(get_libdir) - - shared - threads - ) - - edo perl "${S}/Configure" "${myeconfargs[@]}" -} - -multilib_src_compile() { - emake build_sw - - if multilib_is_native_abi; then - emake build_docs - fi -} - -multilib_src_test() { - # VFP = show subtests verbosely and show failed tests verbosely - # Normal V=1 would show everything verbosely but this slows things down. - emake HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test -} - -multilib_src_install() { - emake DESTDIR="${D}" install_sw - if use fips; then - emake DESTDIR="${D}" install_fips - # Regen this in pkg_preinst, bug 900625 - rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die - fi - - if multilib_is_native_abi; then - emake DESTDIR="${D}" install_ssldirs - emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} install_docs - fi - - # This is crappy in that the static archives are still built even - # when USE=static-libs. But this is due to a failing in the openssl - # build system: the static archives are built as PIC all the time. - # Only way around this would be to manually configure+compile openssl - # twice; once with shared lib support enabled and once without. - if ! use static-libs ; then - rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die - fi -} - -multilib_src_install_all() { - # openssl installs perl version of c_rehash by default, but - # we provide a shell version via app-misc/c_rehash - rm "${ED}"/usr/bin/c_rehash || die - - dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el - - # Create the certs directory - keepdir ${SSL_CNF_DIR}/certs - - # bug #254521 - dodir /etc/sandbox.d - echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl - - diropts -m0700 - keepdir ${SSL_CNF_DIR}/private -} - -pkg_preinst() { - if use fips; then - # Regen fipsmodule.cnf, bug 900625 - ebegin "Running openssl fipsinstall" - "${ED}/usr/bin/openssl" fipsinstall -quiet \ - -out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \ - -module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so" - eend $? - fi -} - -pkg_postinst() { - ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)" - openssl rehash "${EROOT}${SSL_CNF_DIR}/certs" - eend $? -} diff --git a/dev-libs/openssl/openssl-3.1.0-r3.ebuild b/dev-libs/openssl/openssl-3.1.0-r3.ebuild deleted file mode 100644 index 5f1ec4c39f0f..000000000000 --- a/dev-libs/openssl/openssl-3.1.0-r3.ebuild +++ /dev/null @@ -1,284 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc -inherit edo flag-o-matic linux-info toolchain-funcs multilib-minimal multiprocessing verify-sig - -DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)" -HOMEPAGE="https://www.openssl.org/" - -MY_P=${P/_/-} - -if [[ ${PV} == 9999 ]] ; then - EGIT_REPO_URI="https://github.com/openssl/openssl.git" - - inherit git-r3 -else - SRC_URI=" - mirror://openssl/source/${MY_P}.tar.gz - verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc ) - " - #KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" -fi - -S="${WORKDIR}"/${MY_P} - -LICENSE="Apache-2.0" -SLOT="0/$(ver_cut 1)" # .so version of libssl/libcrypto -IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers" -RESTRICT="!test? ( test )" - -COMMON_DEPEND=" - !<net-misc/openssh-9.2_p1-r3 - tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) -" -BDEPEND=" - >=dev-lang/perl-5 - sctp? ( >=net-misc/lksctp-tools-1.0.12 ) - test? ( - sys-apps/diffutils - sys-devel/bc - sys-process/procps - ) - verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )" - -DEPEND="${COMMON_DEPEND}" -RDEPEND="${COMMON_DEPEND}" -PDEPEND="app-misc/ca-certificates" - -MULTILIB_WRAPPED_HEADERS=( - /usr/include/openssl/configuration.h -) - -PATCHES=( - "${FILESDIR}"/openssl-3.0.8-mips-cflags.patch - "${FILESDIR}"/openssl-3.1.0-CVE-2023-0464.patch - "${FILESDIR}"/openssl-3.1.0-CVE-2023-0465.patch - "${FILESDIR}"/openssl-3.1.0-CVE-2023-0466.patch - "${FILESDIR}"/openssl-3.1.0-CVE-2023-1255.patch -) - -pkg_setup() { - if use ktls ; then - if kernel_is -lt 4 18 ; then - ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!" - else - CONFIG_CHECK="~TLS ~TLS_DEVICE" - ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!" - ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!" - use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER" - - linux-info_pkg_setup - fi - fi - - [[ ${MERGE_TYPE} == binary ]] && return - - # must check in pkg_setup; sysctl doesn't work with userpriv! - if use test && use sctp ; then - # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel" - # if sctp.auth_enable is not enabled. - local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null) - if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then - die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!" - fi - fi -} - -src_unpack() { - # Can delete this once test fix patch is dropped - if use verify-sig ; then - # Needed for downloaded patch (which is unsigned, which is fine) - verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc} - fi - - default -} - -src_prepare() { - # Make sure we only ever touch Makefile.org and avoid patching a file - # that gets blown away anyways by the Configure script in src_configure - rm -f Makefile - - if ! use vanilla ; then - PATCHES+=( - # Add patches which are Gentoo-specific customisations here - ) - fi - - default - - if use test && use sctp && has network-sandbox ${FEATURES} ; then - einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..." - rm test/recipes/80-test_ssl_new.t || die - fi - - # Test fails depending on kernel configuration, bug #699134 - rm test/recipes/30-test_afalg.t || die -} - -src_configure() { - # Keep this in sync with app-misc/c_rehash - SSL_CNF_DIR="/etc/ssl" - - # Quiet out unknown driver argument warnings since openssl - # doesn't have well-split CFLAGS and we're making it even worse - # and 'make depend' uses -Werror for added fun (bug #417795 again) - tc-is-clang && append-flags -Qunused-arguments - - # We really, really need to build OpenSSL w/ strict aliasing disabled. - # It's filled with violations and it *will* result in miscompiled - # code. This has been in the ebuild for > 10 years but even in 2022, - # it's still relevant: - # - https://github.com/llvm/llvm-project/issues/55255 - # - https://github.com/openssl/openssl/issues/18225 - # - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057 - # Don't remove the no strict aliasing bits below! - filter-flags -fstrict-aliasing - append-flags -fno-strict-aliasing - # The OpenSSL developers don't test with LTO right now, it leads to various - # warnings/errors (which may or may not be false positives), it's considered - # unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663. - filter-lto - - append-flags $(test-flags-CC -Wa,--noexecstack) - - # bug #197996 - unset APPS - # bug #312551 - unset SCRIPTS - # bug #311473 - unset CROSS_COMPILE - - tc-export AR CC CXX RANLIB RC - - multilib-minimal_src_configure -} - -multilib_src_configure() { - use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } - - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") - - # See if our toolchain supports __uint128_t. If so, it's 64bit - # friendly and can use the nicely optimized code paths, bug #460790. - #local ec_nistp_64_gcc_128 - # - # Disable it for now though (bug #469976) - # Do NOT re-enable without substantial discussion first! - # - #echo "__uint128_t i;" > "${T}"/128.c - #if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then - # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" - #fi - - local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4") - einfo "Using configuration: ${sslout:-(openssl knows best)}" - - # https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features - local myeconfargs=( - ${sslout} - - $(use cpu_flags_x86_sse2 || echo "no-sse2") - enable-camellia - enable-ec - enable-ec2m - enable-sm2 - enable-srp - $(use elibc_musl && echo "no-async") - enable-idea - enable-mdc2 - enable-rc5 - $(use fips && echo "enable-fips") - $(use_ssl asm) - $(use_ssl ktls) - $(use_ssl rfc3779) - $(use_ssl sctp) - $(use test || echo "no-tests") - $(use_ssl tls-compression zlib) - $(use_ssl weak-ssl-ciphers) - - --prefix="${EPREFIX}"/usr - --openssldir="${EPREFIX}"${SSL_CNF_DIR} - --libdir=$(get_libdir) - - shared - threads - ) - - edo perl "${S}/Configure" "${myeconfargs[@]}" -} - -multilib_src_compile() { - emake build_sw - - if multilib_is_native_abi; then - emake build_docs - fi -} - -multilib_src_test() { - # VFP = show subtests verbosely and show failed tests verbosely - # Normal V=1 would show everything verbosely but this slows things down. - emake HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test -} - -multilib_src_install() { - emake DESTDIR="${D}" install_sw - if use fips; then - emake DESTDIR="${D}" install_fips - # Regen this in pkg_preinst, bug 900625 - rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die - fi - - if multilib_is_native_abi; then - emake DESTDIR="${D}" install_ssldirs - emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} install_docs - fi - - # This is crappy in that the static archives are still built even - # when USE=static-libs. But this is due to a failing in the openssl - # build system: the static archives are built as PIC all the time. - # Only way around this would be to manually configure+compile openssl - # twice; once with shared lib support enabled and once without. - if ! use static-libs ; then - rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die - fi -} - -multilib_src_install_all() { - # openssl installs perl version of c_rehash by default, but - # we provide a shell version via app-misc/c_rehash - rm "${ED}"/usr/bin/c_rehash || die - - dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el - - # Create the certs directory - keepdir ${SSL_CNF_DIR}/certs - - # bug #254521 - dodir /etc/sandbox.d - echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl - - diropts -m0700 - keepdir ${SSL_CNF_DIR}/private -} - -pkg_preinst() { - if use fips; then - # Regen fipsmodule.cnf, bug 900625 - ebegin "Running openssl fipsinstall" - "${ED}/usr/bin/openssl" fipsinstall -quiet \ - -out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \ - -module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so" - eend $? - fi -} - -pkg_postinst() { - ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)" - openssl rehash "${EROOT}${SSL_CNF_DIR}/certs" - eend $? -} diff --git a/dev-libs/serdisplib/Manifest b/dev-libs/serdisplib/Manifest index 49c046734f99..5ce715474d1f 100644 --- a/dev-libs/serdisplib/Manifest +++ b/dev-libs/serdisplib/Manifest @@ -2,5 +2,5 @@ AUX serdisplib-2.02-disable-static-build.patch 3327 BLAKE2B 677d3dcc121cbc42345e AUX serdisplib-2.02-musl.patch 639 BLAKE2B 4428488881962784503b74d952aec573d512150d69117099f89972ed3ba020437708a472aa9017f3fbef826d40fad0c46b0a9641a256061e8d078ac2a4bb1c59 SHA512 b81a2e0de075e6d112f8131dd37f787dc3eb2652762a92d84b7a5260c42bb07b2b20c214fb12098ecb3fc6934beea8e11b811d7071185898f048e2ade0376560 AUX serdisplib-2.02-use-destdir.patch 3400 BLAKE2B 77d9adc8c9a44586cbe352c6273677704d7335fc75c82d50a681c361a10a45484ae0dfb3241bf9d99ba242f6548df9cb036992b46e157f9c4ec3ca098397be7e SHA512 370ace46b39ba5e67d7f728a3cb3980b75a2c7e6e5fb25273f9c3bfbe10f33479bfcff92e3074a2cb80985c114d161b78115410dd88330810f654875e57d7575 DIST serdisplib-2.02.tar.gz 497028 BLAKE2B f35b6df60303a288b2a279d821a510089802019f33b7ee36b9c2fd1d1d6bef0b3118793e6d965076c1665e1e2555a553186ef1a9210712ef9d2bc1e090ec0a98 SHA512 d9936c25dc14e24eb02876f203476752340e621d8ee5c87ee99862575e45199bf46ff8487dfdd80b16a89543958fdf5a16a2aaf78d5cade06811cfb1592c45eb -EBUILD serdisplib-2.02-r2.ebuild 2887 BLAKE2B 05303419febab510c652f8667d30c7e6bfe6e2bbb4606af8bd4aeb56b4dbba6a5d5808b3918364825bf4037967945ec5ea82dbcfb367123f027b13b9ed68eace SHA512 e87cd535de6694e9caafede2561061d490451a145e93ffece217e666612e515446c3de0b552b6c7c1e24518a2406618a08bbece25ba28e19992e037bb59285ee +EBUILD serdisplib-2.02-r2.ebuild 2902 BLAKE2B 23121f10c18c7bfaa47b7b4a68eb990b5d3f0a23d0027170beed974495a2a5502f35bd2231affbbf2d072e480a3e82d47b6eeddc31147eb9fd6ac6b63c089926 SHA512 3b153c2abda383c753b5ac1aa6a156da969d3af0b1aa97d441a3af0a96bb8e976a2afefa3e92b4961af1116c6a8c3e32b017ffba6264203a37ebe6ca24bcfd16 MISC metadata.xml 663 BLAKE2B 006db175fbd12bc996c0718a226bb2aabc967e0896dc78c351da1990246850a0a4fe67eb84281342d7fe02fd65f26e59a2a22323520a086192aa9f4922a92229 SHA512 539a6ee6568d6db434c5bf23548a116d72103e9efe878d4aec1563e3c3384b2e5012c45699357188f3003bcd81c29bb60b274a59f66648b65bc85359ba376d37 diff --git a/dev-libs/serdisplib/serdisplib-2.02-r2.ebuild b/dev-libs/serdisplib/serdisplib-2.02-r2.ebuild index 63f9e8620b12..ba4565132b83 100644 --- a/dev-libs/serdisplib/serdisplib-2.02-r2.ebuild +++ b/dev-libs/serdisplib/serdisplib-2.02-r2.ebuild @@ -21,12 +21,14 @@ IUSE_LCD_DEVICES=( rs232 sed133x sed153x sed156x ssdoled stv8105 t6963 vssdcp ) +printf -v mangled_lcd_devices 'lcd_devices_%s ' ${IUSE_LCD_DEVICES[@]} + # Add supported drivers from 'IUSE_LCD_DEVICES' to 'IUSE' and 'REQUIRED_USE'. # Also enable 'lcd_devices_directgfx' as default. -IUSE+=" $(printf 'lcd_devices_%s ' ${IUSE_LCD_DEVICES[@]}) " +IUSE+=" ${mangled_lcd_devices}" IUSE="${IUSE/lcd_devices_directgfx/+lcd_devices_directgfx}" REQUIRED_USE+=" - || ( $(printf 'lcd_devices_%s ' ${IUSE_LCD_DEVICES[@]}) ) + || ( ${mangled_lcd_devices} ) lcd_devices_framebuffer? ( threads ) " diff --git a/dev-libs/weston/Manifest b/dev-libs/weston/Manifest index c1186039a09e..c9bdba807942 100644 --- a/dev-libs/weston/Manifest +++ b/dev-libs/weston/Manifest @@ -5,7 +5,7 @@ DIST weston-10.0.0.tar.xz 1774600 BLAKE2B b2b8fa4f7542aba03970ca8abf504f340f8f8d DIST weston-11.0.1.tar.xz 1900796 BLAKE2B 33d7d5b3340e7074265885bd54ee039e8b5d448fa9f58f4bf9f823efd2557da9b916d903119565a806ab698382fe185165c8ede8614e983c872dfe15b474b616 SHA512 d451230fc260b45aaaadb5cf0aa360629e45e72e3b3676c6ec040d6c6549dbb57d05683effd962c3b2d61482b47a6c990d12cc736c896b501d982c8c4d34834c DIST weston-12.0.1.tar.xz 1969772 BLAKE2B d7a76ad6e11b76b73b91aeb9b3b49e823ecc8170bd1306f9a8ed90fa49d9bc7734e4c0595ca67f11421ecf5b4dbf04289cf803726c508e8c979a9850c0e94ccb SHA512 3dcfa1a2a6b9a605d3ecd597bf7ac0f87b0fd1971845b6e5c44b5e34296943ac146dae6e1cfea9be14ad7a9a8b6d30dc765f9289ef80920d7c516ebba1ba4688 EBUILD weston-10.0.0.ebuild 3934 BLAKE2B fd140a51aeceac3251a2f5f0878cb5f4e37b630c4ad7807873ac041c863f490bb7845d29086dc17d169856dc8e9dd9a1e87c042b94c6e46ef2b5ae0810412ef1 SHA512 f48f41f7fdf96d2b1a9842150d57e1fd394b7e86725318aabb8bc472d7fab2483e1e4654c37271f13dc92efc92139e58c12bf8972d250028d9f7dc7dfd469921 -EBUILD weston-11.0.1.ebuild 3660 BLAKE2B 7f5f839613133f8e0a91d84f38802c7c5003806e0e0eeb512e88eac3e30f7f938459f6378c30ffabe48433662886a673347d45b4c34dac2b1fc1a5d92d212ac9 SHA512 1fc628480db9cbae5f021c6cd5c82055d11032a01f569b2e9c57202dea7ff4eb00dbae8f20d231c4a8f3fbc9eb333bf44ec24818e0c0b0c1d67cd9a9e30c75bf +EBUILD weston-11.0.1.ebuild 3659 BLAKE2B d6ccf7efb9880e015c927211109e65a55481846ef6c8bc4ebfadd29f63f3d41e802365e4f0002fc5e38cd13631285eb65b9eb0bc41fc1bca389a247e8c012cd6 SHA512 a009f70f667485aab2496a5947e944854b09620db09ce70b8aaa1e669a347d4384b89bef35d004e4697716c36a4262340a597a8869bacb2c3b0df5dd6fee9459 EBUILD weston-12.0.1.ebuild 3686 BLAKE2B e84ee5c700efe156412620f048e47b54bb015b4a107c71f9c85ae7d9eefce40bdeae59b6b8837fb7be20666c12f89ef5269c1c0c08e068f0d3ee381f22e00d64 SHA512 1c7478c575d616e544451ea20fd6d92f0eb933731c8365ac19c389bf9d346db2c6a9eae1c3f5755e79e793e7b2e190992d8d2d30ebba1834a9a32ab577528e0c EBUILD weston-9999.ebuild 3705 BLAKE2B 80f5d38e267ea8e422b2bd6b9b935dac285573c761be1a4319c3c7e26687bf52d598f24a6aeab96dd5c6c7f8b6ed5b5467b60fc44232bcd2653e5476f76972fa SHA512 c1077cd94be525ee6c09c3871567eb4f1bd33e99c6aa8f33424ff779874839847efbb564eb3d698ea0a17e3ea6bbb1b5b9411ca521cd54d5e7636a812e6db708 MISC metadata.xml 1608 BLAKE2B 179aa99a3445aca06bee40c9794b2e932a81d5160a375a501631938d855db8d785de876b7c674dacb5295fe33a422a85f1cd8df8da1fc230a6ad5286e5606a3b SHA512 daf7602fb7efa103a79f029d2c40825156dd787694364f5da33e43eea297022da2df070a9b051d3bbb55da5663a1550dca39db31b6c4fd9d38eea465ada909a1 diff --git a/dev-libs/weston/weston-11.0.1.ebuild b/dev-libs/weston/weston-11.0.1.ebuild index c5d8bf1ada2a..83deecda3ef6 100644 --- a/dev-libs/weston/weston-11.0.1.ebuild +++ b/dev-libs/weston/weston-11.0.1.ebuild @@ -19,7 +19,7 @@ if [[ ${PV} = *9999* ]]; then SRC_URI="${SRC_PATCHES}" else SRC_URI="https://gitlab.freedesktop.org/wayland/${PN}/uploads/f5648c818fba5432edc3ea63c4db4813/${P}.tar.xz" - KEYWORDS="amd64 arm arm64 ~ia64 ~loong ~ppc ~ppc64 ~riscv ~sparc x86" + KEYWORDS="amd64 arm arm64 ~ia64 ~loong ~ppc ppc64 ~riscv ~sparc x86" fi LICENSE="MIT CC-BY-SA-3.0" diff --git a/dev-libs/xmlsec/Manifest b/dev-libs/xmlsec/Manifest index 9c1a24230066..a64009b7b09f 100644 --- a/dev-libs/xmlsec/Manifest +++ b/dev-libs/xmlsec/Manifest @@ -1,8 +1,12 @@ +AUX xmlsec-1.2.37-libressl.patch 1614 BLAKE2B 5b9c2731018d3b371867d30318d55e5f48e4e91359e80abffac212abb35fa274ec35ed9510eb3c01422d8142698669a115f85e9776af8424458de41c66c93b13 SHA512 423997e32223fc45467f9857e709b5707c64aba01ac892253e0be588d767fbfd7c2205a312600910d9cb734b4945e36048292ad59d40de4d43d98af9abe8b1b9 AUX xmlsec-1.3.0-clang.patch 614 BLAKE2B 4f08a58e1e7f56d7ae0ec117d836251342ce95b2b8f7290ace8d617f49dbd3130dda8c16417f850268295bbfd24051680dc89ec4d110ed0d66dfcfdf3890ccef SHA512 fdf44de3dd7c1c72d0fceea7ae204a749339b5f022e3354dedcb08564c638567552ea83c434f7d4b82165c77de7a816cbf92dc2cc141c0958aa78420030a8a54 AUX xmlsec-1.3.0-optimisation.patch 583 BLAKE2B 9035391762150ffa82eef10bc1ba1bde08b04e9e968bf850673dae3e27650e85516e1da4dc3385cd7aafde4cab6270a84e5205a149bcb19dbbdca5ffae678ac8 SHA512 fac70c0e0761d1d8016fb597ed4c139628bfab9d3600eeff17c16b9414732076bea65bee5c778481ecf944053319e030dfb4a455c6d51ba3e758007c36f72323 AUX xmlsec-1.3.0-strict-prototypes.patch 637 BLAKE2B b6adffe488b5e69e0338e040b8be5c611b927935c2a0f19ee58a9b19731c53b0c8f97d1d42d4b6d5b96400b91d5d31628bfa98e91e3ab4ba68b945d06508eff9 SHA512 03d7ca70aac92b01c78a87f8731d0302b441547c36a274f577f2c31e313b37aa9292b803affb7bf052426e80250480c6bb598be0f9e35d08293025a2f673caad DIST xmlsec1-1.2.37.tar.gz 2009175 BLAKE2B 19f43ba6bf6eb49428b9c5563baecbab21476f326cceee13785ae16769afa258f100732831c0f3f7d160543bd075cdcfdc5cbf11b7406637ee6c2f0e27c07f30 SHA512 99220cb28a346ffac0023f9f177d6a7be3ddcea04bea434b7dc926c1f0aaa5564d75f74f92896ac100179c04d77e001f688ddf46fed4e0a0b4f20b7b87c24900 DIST xmlsec1-1.3.0.tar.gz 2425729 BLAKE2B a83d0117aaf1824a8a8f597f73ab1b76bcd1a9f0bb5d160df6c775f70cd2485f8e09c250f4ddbb4d42ba35549f9617d06f5470a91306757b4d5d54fdc0684f3c SHA512 ac1b1b88336959f54ef7fcfd6b9ff0feb2ba00a966a8e5b4efb97e802a1f9bb7adf5f4524c7f169344a1b7258377b5a7e879a0ab5ce25cfae3b05eac9b54729d +DIST xmlsec1-1.3.1.tar.gz 2432943 BLAKE2B 1dafdffd959579add5c579e3fa9c9f9ddc73ce4aadc6fc2139506e6e64ffcd1bbe7298786e414900eb9f33f93b0a47da64e686c499e48d4c80d81b256db6692e SHA512 7f30c15c3edcafe70fa5febaa0ba39f73f8d30525ee102b5961a658dd2842fbc58e63f7595f15b150d71bf735bfa7688c3694a191b0d475776ca26902d90d25f +EBUILD xmlsec-1.2.37-r1.ebuild 1525 BLAKE2B 0624803cc515de782244cb180fae354fdb012e2635029929b36823171bf2ff97c4aea6330dbe79e7334152ea4e3366b21de2fe8dee23b90089c127926e48152a SHA512 f1b760047831e6596a507ffb88e87e64ca55de571b8db6f0fe85a8d789985daaa3c4a901acfff9c345037589a330b153e4dd6fcbebf840ffe3a2df972cdfcb2d EBUILD xmlsec-1.2.37.ebuild 1463 BLAKE2B d7cd33b3533395b59f4971deae688336fc4b8f52b5e948d7064cb19d7bbd043c7c8d3b48f5b499e51ebc529982b34b1d12a148fd35cfa700270334d7fa555124 SHA512 e92545fd5b5bb5977757cf18c8726a9335403cdc83d2367337e95ed305871cc6279568c1abce800738eefb60a7b84e4f508536c44a5a6426d6268950db223437 EBUILD xmlsec-1.3.0-r1.ebuild 1910 BLAKE2B b845d3d31f138e13e3e21031af43b2d340f059579203c99e377d26c893516c12135dc9d800effae8ace72116c9f661e0b9aea8a2fe125ece04282faa2aa8a8d3 SHA512 885bd017019f1a4ed6f34a298b8fb4666bf0ea66d01fbefab7051548d2d3cbc96f84b6cf696a28e971de0f530fa8068851aa32eb02e2cbffe872dd2ef3ab55ce +EBUILD xmlsec-1.3.1.ebuild 1847 BLAKE2B d5154e27cf933902e70fbdbd6b4f82dc43a3add1118f33d32f0ac35f0715629f29a392004edc1e0fbea3b945662676625c4fbb44b92404d2e1c255e51422c0a5 SHA512 07c09101f6b1138eb17b0d704750c2000d4d8e31b95d4efccf409b1ab871373f453eb279d82de612dd897e432e0a825997b23ef53be1bad22e3c49ab0a730b14 MISC metadata.xml 558 BLAKE2B e4517ffa3f034420139ee0fbb8ed51a3cb319b1400e52d6a1d2d3b5363aa64831fd9cc93f49ab25d36a5fcae63115d0ffd152540f176c25dc49f77fbf4dd6c9d SHA512 6aab5452478ba1f71018274b75761c3467868f271b3cf256d05645407fa9c3cc64823384094c8e9024f936dfdaea5be2b8e91573e9addb07c5dab5f142c6a70d diff --git a/dev-libs/xmlsec/files/xmlsec-1.2.37-libressl.patch b/dev-libs/xmlsec/files/xmlsec-1.2.37-libressl.patch new file mode 100644 index 000000000000..acdb535ba552 --- /dev/null +++ b/dev-libs/xmlsec/files/xmlsec-1.2.37-libressl.patch @@ -0,0 +1,40 @@ +https://github.com/lsh123/xmlsec/pull/456 +https://github.com/lsh123/xmlsec/commit/c5469cfc8443c57a25a8783f0bd669f71e29bb04 +https://github.com/lsh123/xmlsec/pull/654 +https://github.com/lsh123/xmlsec/commit/dfdf981f3522e4059170b504fb6fd40b37c9d70f + +From c5469cfc8443c57a25a8783f0bd669f71e29bb04 Mon Sep 17 00:00:00 2001 +From: lsh123 <aleksey@aleksey.com> +Date: Mon, 12 Dec 2022 10:34:56 -0500 +Subject: [PATCH] fix libressl (#456) + +--- + src/openssl/openssl_compat.h | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +From d113d1e6355c4841fd03c6aa797d33bde1d064f3 Mon Sep 17 00:00:00 2001 +From: orbea <orbea@riseup.net> +Date: Mon, 29 May 2023 07:46:58 -0700 +Subject: [PATCH] openssl_compat.h: Update LibreSSL UI_null() compat + +LibreSSL added UI_null() in 3.7.1. +--- + src/openssl/openssl_compat.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/src/openssl/openssl_compat.h ++++ b/src/openssl/openssl_compat.h +@@ -123,6 +123,13 @@ static inline int xmlSecOpenSSLCompatRand(unsigned char *buf, xmlSecSize size) { + * LibreSSL 2.7 compatibility (implements most of OpenSSL 1.1 API) + * + *****************************************************************************/ ++#if defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x3070200fL) ++ ++/* Needed for Engine initialization */ ++#define UI_null() NULL ++ ++#endif /* defined(LIBRESSL_VERSION_NUMBER) */ ++ + #if defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x30500000L) && defined(XMLSEC_OPENSSL_API_110) + /* EVP_CIPHER_CTX stuff */ + #define EVP_CIPHER_CTX_encrypting(x) ((x)->encrypt) diff --git a/dev-libs/xmlsec/xmlsec-1.2.37-r1.ebuild b/dev-libs/xmlsec/xmlsec-1.2.37-r1.ebuild new file mode 100644 index 000000000000..f5ed4f8c1c07 --- /dev/null +++ b/dev-libs/xmlsec/xmlsec-1.2.37-r1.ebuild @@ -0,0 +1,66 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +DESCRIPTION="Command line tool for signing, verifying, encrypting and decrypting XML" +HOMEPAGE="https://www.aleksey.com/xmlsec" +SRC_URI="https://www.aleksey.com/xmlsec/download/${PN}1-${PV}.tar.gz" +S="${WORKDIR}/${PN}1-${PV}" + +LICENSE="MIT" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86" +IUSE="doc gcrypt gnutls nss +openssl static-libs test" +RESTRICT="!test? ( test )" +REQUIRED_USE="|| ( gcrypt gnutls nss openssl ) + gnutls? ( gcrypt )" + +RDEPEND=">=dev-libs/libxml2-2.7.4[ftp(+)] + >=dev-libs/libxslt-1.0.20 + dev-libs/libltdl + gcrypt? ( >=dev-libs/libgcrypt-1.4.0:= ) + gnutls? ( >=net-libs/gnutls-2.8.0:= ) + nss? ( + >=dev-libs/nspr-4.4.1 + >=dev-libs/nss-3.9 + ) + openssl? ( + dev-libs/openssl:= + )" +DEPEND="${RDEPEND}" +BDEPEND="virtual/pkgconfig + test? ( + nss? ( + >=dev-libs/nss-3.9[utils] + ) + )" + +PATCHES=( + "${FILESDIR}"/${P}-libressl.patch #903001 +) + +src_configure() { + # Bash because of bug #721128 + CONFIG_SHELL="${BROOT}"/bin/bash econf \ + $(use_enable doc docs) \ + $(use_enable static-libs static) \ + $(use_with gcrypt) \ + $(use_with gnutls) \ + $(use_with nss nspr) \ + $(use_with nss) \ + $(use_with openssl) \ + --enable-mans \ + --enable-pkgconfig +} + +src_test() { + # See https://github.com/lsh123/xmlsec/issues/280 for TZ=UTC + TZ=UTC SHELL="${BROOT}"/bin/bash emake TMPFOLDER="${T}" check +} + +src_install() { + default + + find "${ED}" -name '*.la' -delete || die +} diff --git a/dev-libs/xmlsec/xmlsec-1.3.1.ebuild b/dev-libs/xmlsec/xmlsec-1.3.1.ebuild new file mode 100644 index 000000000000..008af3b95a28 --- /dev/null +++ b/dev-libs/xmlsec/xmlsec-1.3.1.ebuild @@ -0,0 +1,93 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit autotools + +DESCRIPTION="Command line tool for signing, verifying, encrypting and decrypting XML" +HOMEPAGE="https://www.aleksey.com/xmlsec" +SRC_URI="https://www.aleksey.com/xmlsec/download/${PN}1-${PV}.tar.gz" +S="${WORKDIR}/${PN}1-${PV}" + +LICENSE="MIT" +# Upstream consider major version bumps to be changes in either X or Y in X.Y.Z +SLOT="0/$(ver_cut 1-2)" +KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86" +IUSE="doc gcrypt gnutls http nss +openssl static-libs test" +RESTRICT="!test? ( test )" +REQUIRED_USE=" + || ( gnutls nss openssl ) +" + +RDEPEND=" + >=dev-libs/libxml2-2.7.4 + >=dev-libs/libxslt-1.0.20 + dev-libs/libltdl + gcrypt? ( >=dev-libs/libgcrypt-1.4.0:= ) + gnutls? ( >=net-libs/gnutls-3.6.13:= ) + nss? ( + >=dev-libs/nspr-4.4.1 + >=dev-libs/nss-3.9 + ) + openssl? ( dev-libs/openssl:= ) +" +DEPEND="${RDEPEND}" +BDEPEND=" + virtual/pkgconfig + test? ( + nss? ( + >=dev-libs/nss-3.9[utils] + ) + ) +" + +PATCHES=( + "${FILESDIR}"/${PN}-1.3.0-optimisation.patch +) + +src_prepare() { + default + + eautoreconf +} + +src_configure() { + local myeconfargs=( + $(use_enable doc docs) + $(use_enable static-libs static) + $(use_with gcrypt) + $(use_with gnutls) + $(use_with nss nspr) + $(use_with nss) + $(use_with openssl) + + --disable-werror + --enable-mans + --enable-pkgconfig + + --enable-concatkdf + --enable-pbkdf2 + --enable-ec + --enable-dh + --enable-sha3 + + --enable-files + $(use_enable http) + --disable-ftp + ) + + # Bash because of bug #721128 + CONFIG_SHELL="${BROOT}"/bin/bash econf "${myeconfargs[@]}" +} + +src_test() { + # See https://github.com/lsh123/xmlsec/issues/280 for TZ=UTC + TZ=UTC SHELL="${BROOT}"/bin/bash emake TMPFOLDER="${T}" check +} + +src_install() { + default + + find "${ED}" -name '*.la' -delete || die +} |