diff options
author | V3n3RiX <venerix@koprulu.sector> | 2023-06-14 15:21:15 +0100 |
---|---|---|
committer | V3n3RiX <venerix@koprulu.sector> | 2023-06-14 15:21:15 +0100 |
commit | 1c382dc5dbc52576ac2300fee0498af8af44e7b4 (patch) | |
tree | 45d2492f5c659cbb01120d4192c9be34841362bd /dev-libs | |
parent | b9e8f3cc44aed3b6da71c7510c6287bf7bbbc66b (diff) |
Revert "gentoo auto-resync : 14:06:2023 - 15:13:45"
This reverts commit b9e8f3cc44aed3b6da71c7510c6287bf7bbbc66b.
Diffstat (limited to 'dev-libs')
46 files changed, 2538 insertions, 745 deletions
diff --git a/dev-libs/Manifest.gz b/dev-libs/Manifest.gz Binary files differindex cef995e6e8d4..3bf6775c5d61 100644 --- a/dev-libs/Manifest.gz +++ b/dev-libs/Manifest.gz diff --git a/dev-libs/dqlite/Manifest b/dev-libs/dqlite/Manifest index ea5811e786bc..e98babe68b01 100644 --- a/dev-libs/dqlite/Manifest +++ b/dev-libs/dqlite/Manifest @@ -1,6 +1,4 @@ AUX dqlite-1.12.0-disable-werror.patch 515 BLAKE2B 3a2ed21d6d4b33f3f39789459754f3663ff03946c65a9660bb98a07bbc6b9b3bde7f800580f40b2e49f92744cbca719463226c60a8e98b8f41f689797b63a916 SHA512 af0a219f9ef5315fdb169f7f812059b6cadc251df5262de8d5574827afb23da64e9d0015ef38db0e5581dd9e6a992a72e3a54c2cbb5181ceddcc07082a98bfdb DIST dqlite-1.14.0.tar.gz 190757 BLAKE2B 5304ff10134c7775c4475f77bbe60cc6892cc35c3f2a7b4813743cd27fc1176a1d513d66ebf22b47ed7e83fa833be1408f44f781fbd8200bfd3f4465ea1d6011 SHA512 4305b289903766f00c26e278cce3f761c778b67105a6d7e51e66cc1cbf85564fd41f27689b6895c6f182968d851e10a40d052570d55e22007e9eb5c2929dabd9 -DIST dqlite-1.15.0.tar.gz 208833 BLAKE2B 41d2fced65c787381300aed1d0ee2393dc9e7aa371acd7efbee0744e00fed8a6ee7175eb3041f9cd198c1f0beef8951984e2a34646cbc069ea9d35753ba7568c SHA512 413f5aa7ad9d990638c6ffbdf5706ec69635ead0ad21314603b3c997608c696bd294bd5d15c092d1619509fc4d51c4038deaec82bd82cbbd4070f4a4020f9cc4 EBUILD dqlite-1.14.0.ebuild 1030 BLAKE2B 6bab29603f06e7c77bfe3b4e8368025be5e3780d4bf7e7b0c9cbbbb963ad6fe2bbb5e522e8e8875eb1c26a367757132f45c268d9085bcffe057e2b502f8f7c14 SHA512 49d06af2574dc18cf68129813953fce654aca56329115b877b0dc58396d7c0b9dd4bbef9d87660943045b1b51e50b81297cfc978db5019006dae37ced408de71 -EBUILD dqlite-1.15.0.ebuild 1031 BLAKE2B 63c90dc64ce177796a67d7b233ae47e0ac8e68dd6b77344876f444d82373054cdabec9e2e97a4a2b0ed75ebada95d7aed3bece26890c6c505cdfcfa4f7009ce9 SHA512 80488218329881c0c2597b6ab3e04ad7195adebd6a42ebd61646350248c6947dfb9741d304f69fee37ae6f97296c30a203a0f9e0482cd392eaac2b959c23801f MISC metadata.xml 950 BLAKE2B 26822e40a2c719e8e3a03db6e513d869eef038fcca973ef049da1b6eeec29aefd0867d6bced049ad1dd0465a4d942982565ff0436a7744ffb127879987ea626a SHA512 bb07a8a87ae66e5b5a2aca695e9d5cd1e5a1d725d1d9200099f9d5b46adad83c2ca9ebfedc172ad01fe31aecc1fbbe5a4de7255a2e04d4462c03a106127c7221 diff --git a/dev-libs/dqlite/dqlite-1.15.0.ebuild b/dev-libs/dqlite/dqlite-1.15.0.ebuild deleted file mode 100644 index 7eae68fc19f4..000000000000 --- a/dev-libs/dqlite/dqlite-1.15.0.ebuild +++ /dev/null @@ -1,49 +0,0 @@ -# Copyright 2020-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -inherit autotools - -DESCRIPTION="Embeddable, replicated and fault tolerant SQL engine" -HOMEPAGE="https://dqlite.io/ https://github.com/canonical/dqlite" -SRC_URI="https://github.com/canonical/dqlite/archive/v${PV}.tar.gz -> ${P}.tar.gz" - -LICENSE="LGPL-3-with-linking-exception" -SLOT="0/1.15.0" -KEYWORDS="~amd64 ~arm64 ~x86" -IUSE="test" -RESTRICT="!test? ( test )" - -RDEPEND="dev-db/sqlite:3 - dev-libs/libuv:= - >=dev-libs/raft-0.17.1:=" -DEPEND="${RDEPEND} - test? ( >=dev-libs/raft-0.13.0[lz4,test] )" -BDEPEND="virtual/pkgconfig" - -PATCHES=( "${FILESDIR}"/dqlite-1.12.0-disable-werror.patch ) - -src_prepare() { - default - eautoreconf -} - -src_configure() { - local myeconfargs=( - --disable-backtrace - --disable-debug - --disable-sanitize - --disable-static - - # Will build a bundled libsqlite3.so. - --enable-build-sqlite=no - ) - - econf "${myeconfargs[@]}" -} - -src_install() { - default - find "${ED}" -name '*.la' -delete || die -} diff --git a/dev-libs/icu-layoutex/Manifest b/dev-libs/icu-layoutex/Manifest index 1d846a314660..d140cffcfaab 100644 --- a/dev-libs/icu-layoutex/Manifest +++ b/dev-libs/icu-layoutex/Manifest @@ -1,8 +1,5 @@ AUX icu-layoutex-65.1-remove-bashisms.patch 4963 BLAKE2B fb781741a7a908638876729d573a73e42b7b3f0f3e692b54799fed0dac006ecb731583d90d849ea06be47259a0a236933fa7a78a96b3a8107ee85f916dc2000a SHA512 67e60068c356ca8d93b137eadeef2562ff7d8f38153babc97edd92a2c38d7113396d63d4a09364dacefc612b4b3ea28872a4f767c4f38d3e725943b32f98c5bc DIST icu4c-73_1-src.tgz 26512935 BLAKE2B 45de117efc4a49301c04a997963393967a70b8583abf1a9626331e275c5bc329cf2685de5c80b32f764c8ff2530b5594316d7119ce66503e5adba7842ca24424 SHA512 e788e372716eecebc39b56bbc88f3a458e21c3ef20631c2a3d7ef05794a678fe8dad482a03a40fdb9717109a613978c7146682e98ee16fade5668d641d5c48f8 DIST icu4c-73_1-src.tgz.asc 833 BLAKE2B 2c0a02a109280c7994f3c9404473119105ccbe051633dd8dc89c14ff65612d7a18deccff2a525752808f26f34d7c192f9346a8c3a0d34af9aa2110744d9f863d SHA512 b7042b0e39e1ebfcef8573d3000088b32a740106c7cfd4c18ebd52e7fd22e64e07b174d766373b1722520369e937fc56d439a0b290a3efeee287b2740388c3d3 -DIST icu4c-73_2-src.tgz 26519906 BLAKE2B 3f7dec9d527939d6d594c92844a400733e43af018bbc2f600edcb18299211a2f2285332188976d15e1ef672191416abac0b95a9d1a2ea6ababdaddf12708ccef SHA512 76dd782db6205833f289d7eb68b60860dddfa3f614f0ba03fe7ec13117077f82109f0dc1becabcdf4c8a9c628b94478ab0a46134bdb06f4302be55f74027ce62 -DIST icu4c-73_2-src.tgz.asc 659 BLAKE2B 83e082ba15ba7aeb366b6d97da15d076c200f9051e55bf00ba13265a3d87aade5a5b18c98a0c903d5015821c63e4b340ffbcc7940a654d169ad1948d6594ce63 SHA512 7598b8cc498ada8ca904b13f7aba27abd3f8f3013a0677d7ffab42d5413df9d2f0526107559301abc4049123b2e6d4d4f4cc589cbd943959d97b595dd57ea63c EBUILD icu-layoutex-73.1.ebuild 3683 BLAKE2B bc4464b10ebeeb35785e0d9da547f68df2b0fc2c76c6e6ce003773b9a5c139b7f1d71c4bc9273b27ce053cbfd64bcdc0ac73040f9b207ffe0dd8c8188f3b87d5 SHA512 8e01c32f95b127470c9f09397f62fcc20e4de85179c85eba4847f1d5a8857ca3258d6cabacfdaee1a2cc01b65866bb0690f23e380f8d346298187560798fdc22 -EBUILD icu-layoutex-73.2.ebuild 3713 BLAKE2B a9b0eb2676be459bcbd8959730fb6ae4f9a50fd068827cbe592a951b4250b31da0ba3020c5123c761bda78c5b6dae735dfe3be77728f841d0c20580a1eaf34a1 SHA512 de19f0fdc0543b89ce480c56c265d95b28590eafca8dc1df1cf6c77f52e8093b97d5a89dbb22ba7b36a1e5d36f772dc8a7dc2c9a4646991658046c24d4ca53a1 MISC metadata.xml 336 BLAKE2B df52385ac9930c85fc8cb8799f5fd083e99bfe1bacd63519001f91b841cacdc50d6b7ed32f3520372cbab48d270bb05fd0896eaec55046ce1eac03af4502365e SHA512 80d8e03229a72e9acd1429f7ed697df59e98899b135bb40367e95d6eed63aa011efd2121601be68e685350b6eadd46e6f39c036f86ff18bc3c85410e88008c7e diff --git a/dev-libs/icu-layoutex/icu-layoutex-73.2.ebuild b/dev-libs/icu-layoutex/icu-layoutex-73.2.ebuild deleted file mode 100644 index 9be9fd5da51e..000000000000 --- a/dev-libs/icu-layoutex/icu-layoutex-73.2.ebuild +++ /dev/null @@ -1,135 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -# Please bump with dev-libs/icu -VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/icu.asc -inherit autotools flag-o-matic multilib-minimal toolchain-funcs verify-sig - -MY_PV=${PV/_rc/-rc} -MY_PV=${MY_PV//./_} - -DESCRIPTION="External layout part of International Components for Unicode" -HOMEPAGE="https://icu.unicode.org/" -SRC_URI="https://github.com/unicode-org/icu/releases/download/release-${MY_PV/_/-}/icu4c-${MY_PV/-rc/rc}-src.tgz" -SRC_URI+=" verify-sig? ( https://github.com/unicode-org/icu/releases/download/release-${MY_PV/_/-}/icu4c-${MY_PV/-rc/rc}-src.tgz.asc )" -S="${WORKDIR}"/${PN/-layoutex}/source - -LICENSE="BSD" -SLOT="0/${PV%.*}.1" -if [[ ${PV} != *_rc* ]] ; then - KEYWORDS="~alpha ~amd64 ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86" -fi -IUSE="debug static-libs test" -RESTRICT="!test? ( test )" - -DEPEND=" - ~dev-libs/icu-${PV}[${MULTILIB_USEDEP}] - dev-libs/icu-le-hb[${MULTILIB_USEDEP}] -" -RDEPEND="${DEPEND}" -BDEPEND=" - virtual/pkgconfig - verify-sig? ( >=sec-keys/openpgp-keys-icu-20221020 ) -" - -PATCHES=( "${FILESDIR}/${PN}-65.1-remove-bashisms.patch" ) - -src_prepare() { - default - - # Disable renaming as it assumes stable ABI and that consumers - # won't use unofficial APIs. We need this despite the configure argument. - sed -i \ - -e "s/#define U_DISABLE_RENAMING 0/#define U_DISABLE_RENAMING 1/" \ - common/unicode/uconfig.h || die - - # Fix linking of icudata - sed -i \ - -e "s:LDFLAGSICUDT=-nodefaultlibs -nostdlib:LDFLAGSICUDT=:" \ - config/mh-linux || die - - eautoreconf -} - -src_configure() { - MAKEOPTS+=" VERBOSE=1" - - # ICU tries to append -std=c++11 without this, so as of 71.1, - # despite GCC 9+ using c++14 (or gnu++14) and GCC 11+ using gnu++17, - # we still need this. - append-cxxflags -std=c++14 - - if tc-is-cross-compiler; then - mkdir "${WORKDIR}"/host || die - pushd "${WORKDIR}"/host >/dev/null || die - - CFLAGS="" CXXFLAGS="" ASFLAGS="" LDFLAGS="" \ - CC="$(tc-getBUILD_CC)" CXX="$(tc-getBUILD_CXX)" AR="$(tc-getBUILD_AR)" \ - RANLIB="$(tc-getBUILD_RANLIB)" LD="$(tc-getBUILD_LD)" \ - "${S}"/configure --disable-renaming --disable-debug \ - --disable-samples --enable-static || die - emake - - popd >/dev/null || die - fi - - multilib-minimal_src_configure -} - -multilib_src_configure() { - local myeconfargs=( - --disable-renaming - # We want a minimal build as this is just for layoutex - # so we disable as much as possible - --disable-samples - --disable-extras - --disable-icuio - - # This is icu-layoutex, so.. - --enable-layoutex - - $(use_enable debug) - $(use_enable static-libs static) - - # Need tools for tests, otherwise get this in configure: - # "## Note: you have disabled ICU's tools. This ICU cannot build its own data or tests. - # ## Expect build failures in the 'data', 'test', and other directories." - # ... although layoutex has no tests right now anyway, but let's keep this - # for the future. - $(use_enable test tools) - $(use_enable test tests) - ) - - tc-is-cross-compiler && myeconfargs+=( - --with-cross-build="${WORKDIR}"/host - ) - - # icu tries to use clang by default - tc-export CC CXX - - ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" -} - -multilib_src_test() { - # INTLTEST_OPTS: intltest options - # -e: Exhaustive testing - # -l: Reporting of memory leaks - # -v: Increased verbosity - # IOTEST_OPTS: iotest options - # -e: Exhaustive testing - # -v: Increased verbosity - # CINTLTST_OPTS: cintltst options - # -e: Exhaustive testing - # -v: Increased verbosity - pushd layoutex &>/dev/null || die - emake VERBOSE="1" check - popd &>/dev/null || die -} - -multilib_src_install() { - pushd layoutex &>/dev/null || die - default - popd &>/dev/null || die -} diff --git a/dev-libs/icu/Manifest b/dev-libs/icu/Manifest index aa3da5e1ac9b..7d9d9c68ae72 100644 --- a/dev-libs/icu/Manifest +++ b/dev-libs/icu/Manifest @@ -4,8 +4,5 @@ AUX icu-68.1-nonunicode.patch 477 BLAKE2B 5e74142e5adbf8f3fffa23c8fb08657b5b75d1 AUX icu-73.1-fix-UChar-api-deux.patch 3383 BLAKE2B 7dde89d0936f9690d5065b6c1701ee9f139aed0a0e092c92a76eb45818c44f135f0ff3ab3fc4a641cc34246d13c278c7aeb499ce5d90280eb142b3407a3e055e SHA512 525948ac9e4203ed1c187d40439542a45736498ba5e04e0fb3cd9adbc58f17210246233b20ac615e742bb56a1ac49d5758255ae3e7b4e2b24b36f7683a769820 DIST icu4c-73_1-src.tgz 26512935 BLAKE2B 45de117efc4a49301c04a997963393967a70b8583abf1a9626331e275c5bc329cf2685de5c80b32f764c8ff2530b5594316d7119ce66503e5adba7842ca24424 SHA512 e788e372716eecebc39b56bbc88f3a458e21c3ef20631c2a3d7ef05794a678fe8dad482a03a40fdb9717109a613978c7146682e98ee16fade5668d641d5c48f8 DIST icu4c-73_1-src.tgz.asc 833 BLAKE2B 2c0a02a109280c7994f3c9404473119105ccbe051633dd8dc89c14ff65612d7a18deccff2a525752808f26f34d7c192f9346a8c3a0d34af9aa2110744d9f863d SHA512 b7042b0e39e1ebfcef8573d3000088b32a740106c7cfd4c18ebd52e7fd22e64e07b174d766373b1722520369e937fc56d439a0b290a3efeee287b2740388c3d3 -DIST icu4c-73_2-src.tgz 26519906 BLAKE2B 3f7dec9d527939d6d594c92844a400733e43af018bbc2f600edcb18299211a2f2285332188976d15e1ef672191416abac0b95a9d1a2ea6ababdaddf12708ccef SHA512 76dd782db6205833f289d7eb68b60860dddfa3f614f0ba03fe7ec13117077f82109f0dc1becabcdf4c8a9c628b94478ab0a46134bdb06f4302be55f74027ce62 -DIST icu4c-73_2-src.tgz.asc 659 BLAKE2B 83e082ba15ba7aeb366b6d97da15d076c200f9051e55bf00ba13265a3d87aade5a5b18c98a0c903d5015821c63e4b340ffbcc7940a654d169ad1948d6594ce63 SHA512 7598b8cc498ada8ca904b13f7aba27abd3f8f3013a0677d7ffab42d5413df9d2f0526107559301abc4049123b2e6d4d4f4cc589cbd943959d97b595dd57ea63c EBUILD icu-73.1-r2.ebuild 4264 BLAKE2B 3c8d964bf391c1073e81d2adadcbe66f106b1dead12df1d5d2786fcc7611495dbf34b2a350193203d20984a240cd3590c8ef1f4b1df325ee6b98161e6f3433f0 SHA512 bf4e2d1b0263b7968e04faf1117407eba9ce4ad8777e71e6e61bcbf6d653f0bc6a280f82ce2f7c9c623ffadf0e3cdb03d0590aefee1fda1a48ed1be9a1a7d962 -EBUILD icu-73.2.ebuild 4530 BLAKE2B 4a972f975823df4cfc13ccf7dc11c909f0cca815b94b6851480fbf24c4da8883b874f4f47ffd43b78f842a448be35a8e38c436fa226ec59f04f37e970014dff1 SHA512 6458ba0298afc1052879d8ccd88d11cc4c4b1e6a927fcbd9480c8097924b2e8aeb0c119b5db7559f6512a6b494acdb14aa256ff6d0074fd6ee1a0d6110c3491b MISC metadata.xml 336 BLAKE2B df52385ac9930c85fc8cb8799f5fd083e99bfe1bacd63519001f91b841cacdc50d6b7ed32f3520372cbab48d270bb05fd0896eaec55046ce1eac03af4502365e SHA512 80d8e03229a72e9acd1429f7ed697df59e98899b135bb40367e95d6eed63aa011efd2121601be68e685350b6eadd46e6f39c036f86ff18bc3c85410e88008c7e diff --git a/dev-libs/icu/icu-73.2.ebuild b/dev-libs/icu/icu-73.2.ebuild deleted file mode 100644 index f12fca293873..000000000000 --- a/dev-libs/icu/icu-73.2.ebuild +++ /dev/null @@ -1,176 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -# Please bump with dev-libs/icu-layoutex - -PYTHON_COMPAT=( python3_{10..11} ) -VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/icu.asc -inherit autotools flag-o-matic multilib-minimal python-any-r1 toolchain-funcs verify-sig - -MY_PV=${PV/_rc/-rc} -MY_PV=${MY_PV//./_} - -DESCRIPTION="International Components for Unicode" -HOMEPAGE="https://icu.unicode.org/" -SRC_URI="https://github.com/unicode-org/icu/releases/download/release-${MY_PV/_/-}/icu4c-${MY_PV/-rc/rc}-src.tgz" -SRC_URI+=" verify-sig? ( https://github.com/unicode-org/icu/releases/download/release-${MY_PV/_/-}/icu4c-${MY_PV/-rc/rc}-src.tgz.asc )" -S="${WORKDIR}"/${PN}/source - -if [[ ${PV} != *_rc* ]] ; then - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris" -fi -LICENSE="BSD" -SLOT="0/${PV%.*}.1" -IUSE="debug doc examples static-libs test" -RESTRICT="!test? ( test )" - -BDEPEND=" - ${PYTHON_DEPS} - sys-devel/autoconf-archive - virtual/pkgconfig - doc? ( app-doc/doxygen[dot] ) - verify-sig? ( >=sec-keys/openpgp-keys-icu-20221020 ) -" - -MULTILIB_CHOST_TOOLS=( - /usr/bin/icu-config -) - -PATCHES=( - "${FILESDIR}/${PN}-65.1-remove-bashisms.patch" - "${FILESDIR}/${PN}-64.2-darwin.patch" - "${FILESDIR}/${PN}-68.1-nonunicode.patch" -) - -src_prepare() { - default - - # Disable renaming as it assumes stable ABI and that consumers - # won't use unofficial APIs. We need this despite the configure argument. - sed -i \ - -e "s/#define U_DISABLE_RENAMING 0/#define U_DISABLE_RENAMING 1/" \ - common/unicode/uconfig.h || die - - # Fix linking of icudata - sed -i \ - -e "s:LDFLAGSICUDT=-nodefaultlibs -nostdlib:LDFLAGSICUDT=:" \ - config/mh-linux || die - - # Append doxygen configuration to configure - sed -i \ - -e 's:icudefs.mk:icudefs.mk Doxyfile:' \ - configure.ac || die - - eautoreconf -} - -src_configure() { - MAKEOPTS+=" VERBOSE=1" - - # ICU tries to append -std=c++11 without this, so as of 71.1, - # despite GCC 9+ using c++14 (or gnu++14) and GCC 11+ using gnu++17, - # we still need this. - append-cxxflags -std=c++14 - - if tc-is-cross-compiler; then - mkdir "${WORKDIR}"/host || die - pushd "${WORKDIR}"/host >/dev/null || die - - CFLAGS="" CXXFLAGS="" ASFLAGS="" LDFLAGS="" \ - CC="$(tc-getBUILD_CC)" CXX="$(tc-getBUILD_CXX)" AR="$(tc-getBUILD_AR)" \ - RANLIB="$(tc-getBUILD_RANLIB)" LD="$(tc-getBUILD_LD)" \ - "${S}"/configure --disable-renaming --disable-debug \ - --disable-samples --enable-static || die - emake - - popd >/dev/null || die - fi - - multilib-minimal_src_configure -} - -multilib_src_configure() { - local myeconfargs=( - --disable-renaming - --disable-samples - # TODO: Merge with dev-libs/icu-layoutex - # Planned to do this w/ 73.2 but seem to get test failures - # only with --enable-layoutex. - --disable-layoutex - $(use_enable debug) - $(use_enable static-libs static) - $(use_enable test tests) - $(multilib_native_use_enable examples samples) - ) - - #if use test ; then - # myeconfargs+=( - # --enable-extras - # --enable-tools - # ) - #else - # myeconfargs+=( - # $(multilib_native_enable extras) - # $(multilib_native_enable tools) - # ) - #fi - - tc-is-cross-compiler && myeconfargs+=( - --with-cross-build="${WORKDIR}"/host - ) - - # Work around cross-endian testing failures with LTO, bug #757681 - if tc-is-cross-compiler && is-flagq '-flto*' ; then - myeconfargs+=( --disable-strict ) - fi - - # ICU tries to use clang by default - tc-export CC CXX - - # Make sure we configure with the same shell as we run icu-config - # with, or ECHO_N, ECHO_T and ECHO_C will be wrongly defined - export CONFIG_SHELL="${EPREFIX}/bin/sh" - # Probably have no /bin/sh in prefix-chain - [[ -x ${CONFIG_SHELL} ]] || CONFIG_SHELL="${BASH}" - - ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" -} - -multilib_src_compile() { - default - - if multilib_is_native_abi && use doc; then - doxygen -u Doxyfile || die - doxygen Doxyfile || die - fi -} - -multilib_src_test() { - # INTLTEST_OPTS: intltest options - # -e: Exhaustive testing - # -l: Reporting of memory leaks - # -v: Increased verbosity - # IOTEST_OPTS: iotest options - # -e: Exhaustive testing - # -v: Increased verbosity - # CINTLTST_OPTS: cintltst options - # -e: Exhaustive testing - # -v: Increased verbosity - emake check -} - -multilib_src_install() { - default - - if multilib_is_native_abi && use doc; then - docinto html - dodoc -r doc/html/* - fi -} - -multilib_src_install_all() { - local HTML_DOCS=( ../readme.html ) - einstalldocs -} diff --git a/dev-libs/libclc/Manifest b/dev-libs/libclc/Manifest index 7cc3af27e4b8..5771f236fa85 100644 --- a/dev-libs/libclc/Manifest +++ b/dev-libs/libclc/Manifest @@ -4,13 +4,11 @@ DIST llvm-project-15.0.7.src.tar.xz 110936452 BLAKE2B f3d277e2029157329e5be78b78 DIST llvm-project-15.0.7.src.tar.xz.sig 566 BLAKE2B 47dc8c82d86237b80c6d85f83a6c9a6e9e174cf8e7f367b071e0cd9481d7cd408e991337c5624e07f3f370f26387c814f212808575ed1c1b58404d3e3836b7df SHA512 fc6891b440dd1175eb8df3790590af8d36bc92301660f84744ae15123475aeb900a151e6a8e7998ded27ec4d86871903ad0b89cd61164943054c2e3bc8d8beb2 DIST llvm-project-16.0.5.src.tar.xz 118000368 BLAKE2B 9f84e6bab450dc8d6379771afbca5cddc6fbad6c9728726f7158f290ab87d464ff657e89e1c8fc3c474362cc865ff13c5d55ef758c848ea3e660d732cb2fdefa SHA512 7008e7e9c8c2246fe98ba3f0c0fa91e41c88c4da427bf1cfdcce7ef57e5ea838efe7c58c523a7d1708e70d64a4338afe16d06fba2fc7ac5a6c19ca3d6ee41e99 DIST llvm-project-16.0.5.src.tar.xz.sig 566 BLAKE2B 4c96f294f350e0086f8504a54c3387308c60efb573c8def40aec45b1918d43e36c44bafb0823625b6cefa5d99b3aacd7823d6c92c7a64a737653d5b51839a924 SHA512 4550c7c6a1b6ea603d1499aba5aca746f3948a00e7567604f5e7dc3b215a34357bad382a7ebea1f6cd7952841cb75a0dfbe2c278a8c6fcb630a5035b3e16e869 -DIST llvm-project-16.0.6.src.tar.xz 118013488 BLAKE2B 95192d39cbd2914e5609db365965f1c00bfea6c2d653b3996bd2acef8a2b37e37f6fc8a9d2b65711ad72657e0ef52c42f733053cf65051e7822f27396c30406d SHA512 89a67ebfbbc764cc456e8825ecfa90707741f8835b1b2adffae0b227ab1fe5ca9cce75b0efaffc9ca8431cae528dc54fd838867a56a2b645344d9e82d19ab1b7 -DIST llvm-project-16.0.6.src.tar.xz.sig 566 BLAKE2B 2060cebd5ed57cb8a86a44238c43dfd4b921649298b10c3d19da308374c1e49869174294e29943c2af459fe06428264e26881d6c1288ebbc48686cc2cf467c7a SHA512 ca249262c7102e0889ec1bdc6f71a3a6f0e7e5d5fbab8abcd6fccd2871e7955eff7af5b055a76006097baf0dfaf2f5069eff3035b3107fc552abdb2481b21447 DIST llvm-project-62c0bdabfa32f6e32b17b45425b15309db340dfb.tar.gz 190948645 BLAKE2B f41d8ea32e189ef4641e42628fb516e307c9a6fcf65af537eb9fc0d3186591b062c5e85c9e935511ef706f28c6994a774a4e3f36ff54d79aaac7b293a6168625 SHA512 55a4cbfec3a496c1918aa614e5bdee368e4d0b6641c946d8bf8b828ab4bf4d9b29dbe96401a172079d70f924f5e513428fe990c65b556a0a860802cb13f5e3a0 EBUILD libclc-14.0.6.ebuild 1390 BLAKE2B b355a93d63ee4beb5f3782cda8514aa02f16e71563f66bac6fc7a5e3beae40efa1bdbe098f3d83ce775d0458118f19fceb7225f2b5511823c8e56cabdae4f2d8 SHA512 488e5c278fe4b48ec8ce6ccd76d489cf08251ce6e8f8bd417048a80a10e4a5cf72f20462aa8115f72afe1a40dbee02d936680d516dd1c940fd52fe6f55402e69 EBUILD libclc-15.0.7.ebuild 1668 BLAKE2B ac2bd589fb3c29662799f97b1f649fd22b1b7ce5701879815bc01a05ae88421a830a6a3507b4dead181f24eb4e45c451e8ea1ebbdac2a2de51ddbc3cd9f53c66 SHA512 a3e39fbaddb322360f6362ef21713f375d04e02b2b9a3d43a3d47b26d5d43643a8c654181aef9518aee5f9805d09c446bbbf13342b74f09622e5e1b0c59470b1 EBUILD libclc-16.0.5.ebuild 1666 BLAKE2B 762d3a49fee878e2b6b8fe92579535eb884cb27f31bfb057e1d6f590edf59e36ed4d3ee9890a7d9f09d11f9ad99a60117e86797dfc6f5c0934f0695ecff6618e SHA512 df8d4b01080c168a79fda05bbd40d05fd5ff1a118848d68503032b1d11450d38f897d8f8e46a01c95d90585580f600558616d30ba90d79953df66500ee391e9a -EBUILD libclc-16.0.6.ebuild 1666 BLAKE2B 762d3a49fee878e2b6b8fe92579535eb884cb27f31bfb057e1d6f590edf59e36ed4d3ee9890a7d9f09d11f9ad99a60117e86797dfc6f5c0934f0695ecff6618e SHA512 df8d4b01080c168a79fda05bbd40d05fd5ff1a118848d68503032b1d11450d38f897d8f8e46a01c95d90585580f600558616d30ba90d79953df66500ee391e9a +EBUILD libclc-16.0.6.9999.ebuild 1648 BLAKE2B ef8120b2fed334092a18bc7f172ef6acac58e8a5a3fe69a7cdc624663d5c42165c9b00c21a86078ab797202f3f0c39f190141b9925e964219e2c277e2173e353 SHA512 f5373c4cee59d806edae0b1d10298dac8b5b7e6a1f05d0068cb454fdbbd4ad30978a3ccc287c67a67125d4ff8f91ed066d2579262ebdd2d7d6f6f11877b3b864 EBUILD libclc-17.0.0.9999.ebuild 1726 BLAKE2B 6078f1110dc77ec16b4dc2d84a987bca64ca7fed368d11c859b0b69e971e9d2d85e3150d70b3eaeaed94d44e273048ff8c618d7aba5ed9de31b53b042cef1afa SHA512 ce2a3aa916e236a001b7297953a8dc4073e6cce0b985467635b13560484205d8b15025f9c391954af1a7d64d2e12493bb16ba75ec29ae41cb55265489f86cd74 EBUILD libclc-17.0.0_pre20230609.ebuild 1726 BLAKE2B 6078f1110dc77ec16b4dc2d84a987bca64ca7fed368d11c859b0b69e971e9d2d85e3150d70b3eaeaed94d44e273048ff8c618d7aba5ed9de31b53b042cef1afa SHA512 ce2a3aa916e236a001b7297953a8dc4073e6cce0b985467635b13560484205d8b15025f9c391954af1a7d64d2e12493bb16ba75ec29ae41cb55265489f86cd74 MISC metadata.xml 362 BLAKE2B 768f93d0058e4da4b420569f3f1771dfa7385ad89540bbc18cf53b5a71e3f060a8afa1112ff37570d7fc9dc3e71619fa3fd8d0cf7b5d3954f5110b19e146df30 SHA512 e6335424da09f668953acd39dcd9b03a30e3b509b34b1de5c72644a3740a5b6b287f10e08405b79bafc8104cc4dc1324b7b9d7990c3b560b0235ae82da8c68a5 diff --git a/dev-libs/libclc/libclc-16.0.6.ebuild b/dev-libs/libclc/libclc-16.0.6.9999.ebuild index da4aa04415e5..0c41ce89312c 100644 --- a/dev-libs/libclc/libclc-16.0.6.ebuild +++ b/dev-libs/libclc/libclc-16.0.6.9999.ebuild @@ -11,7 +11,7 @@ HOMEPAGE="https://libclc.llvm.org/" LICENSE="Apache-2.0-with-LLVM-exceptions || ( MIT BSD )" SLOT="0" -KEYWORDS="~amd64 ~riscv ~x86" +KEYWORDS="" IUSE="+spirv video_cards_nvidia video_cards_r600 video_cards_radeonsi" LLVM_MAX_SLOT=16 diff --git a/dev-libs/libjcat/Manifest b/dev-libs/libjcat/Manifest index 555159559468..5957b111b5cc 100644 --- a/dev-libs/libjcat/Manifest +++ b/dev-libs/libjcat/Manifest @@ -1,6 +1,4 @@ AUX libjcat-0.1.11-disable_installed_tests.patch 1473 BLAKE2B 5b5705f44fcaf6f74126d4ee62c08966dc1d1816974f8fc82a57fa8f1d44ac32f0b813a669b0f638df0e5d3604864671b0a0cce47f966cce578dc0471489e794 SHA512 4bb721822d3b8965119e30f5d1b0854d5f6ec8caed04dc8fea8811fdce9847d553197ae8042ef9a39de3109a4c12564f7c3f1c56d5c0b64e7924865a58aaafa6 DIST libjcat-0.1.13.tar.gz 69950 BLAKE2B 5ff85feff37c5728c8cace5e2f38c179c65a82954a23fd26794a5483cdf29e07601cdaffe27c28a28f7d2b0d57aa3800589c20e19e0a512768f5f87176a56789 SHA512 a66082e3c1641b427af971843822a7893cd40dbb82a596737fd6445fe8e1b527a111dd8f48b9e25a563f0d13e77e22d4c2364ddf96cac38d3e2df5010b37708a -DIST libjcat-0.1.14.tar.gz 70018 BLAKE2B 71329e6fc04ef37e5af215c88b4a5a03fbd65143604da57b0357d4bd07896a22a98b9028d8529234655adb37e5cefe226d09d987e798bce17b47fef1e1142d1f SHA512 837a50ad31a736a36bd9df26b151c198e18873df0e7444502b7a6e26a86df15f1df970112f2dd22658960389fdfb78a2c601274e2b5c46ec82fceef5aad778c1 EBUILD libjcat-0.1.13.ebuild 1486 BLAKE2B f9cb970aa18ea7bf66d967a4da3f4e021d2d58109a8210eb779bf5ccdde463da000dedf225a3def8272ba839c2767bea1a7f7599741e78cb919692f25d75e656 SHA512 cd124e7cc23ccab0b38e7e358c16761c3165e63bcd4763ddd9c00848f55b7dd83aaca9e54a6b0cd4f8eb52d7802020768362e9ca7a8ca39d295c079fcb0f7134 -EBUILD libjcat-0.1.14.ebuild 1489 BLAKE2B cfcbfea2f1b23f8f9608e9892a240c23243486ed99d7eac2064a65bf1b0cec053c2f303b17c9a2b40a272683c93ad5b86bf3d6144fe04df7823f1eaa7534c54b SHA512 08155d3a831850852f624eabad7c6023a664320033875ab89bb63833d7b254993b98dce349c78b4e0f98d2b615f3e3752fa7a649908b547cf6629d9a787122a0 MISC metadata.xml 938 BLAKE2B 3b6d63d78a61aabdc8e6b7316af5e682513a02ba64bc733c788d356d0d2cbcd0071506d20dfcf3fbad5da9303c69341d5c2839be7518415c2174466c081244d7 SHA512 acb07c600ec49121f27ebf0252913345fb4dacc6a003934c16deae3ea4c055abc0db73cca204b06ca1e4a415879a645690ffe26473cf646112ac7497ea842956 diff --git a/dev-libs/libjcat/libjcat-0.1.14.ebuild b/dev-libs/libjcat/libjcat-0.1.14.ebuild deleted file mode 100644 index 45b6002047d2..000000000000 --- a/dev-libs/libjcat/libjcat-0.1.14.ebuild +++ /dev/null @@ -1,68 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -PYTHON_COMPAT=( python3_{10..12} ) -PYTHON_REQ_USE="xml(+)" - -inherit meson python-any-r1 vala xdg-utils - -DESCRIPTION="Library and tool for reading and writing Jcat files" -HOMEPAGE="https://github.com/hughsie/libjcat" -SRC_URI="https://github.com/hughsie/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz" - -LICENSE="LGPL-2.1+" -SLOT="0" -KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc64 ~riscv ~x86" -IUSE="+gpg gtk-doc +introspection +man +pkcs7 test vala" - -RDEPEND="dev-libs/glib:2 - dev-libs/json-glib:= - gpg? ( - app-crypt/gpgme:= - dev-libs/libgpg-error - ) - introspection? ( dev-libs/gobject-introspection:= ) - pkcs7? ( net-libs/gnutls ) - vala? ( dev-lang/vala:= )" -DEPEND="${RDEPEND}" -BDEPEND="virtual/pkgconfig - $(python_gen_any_dep ' - dev-python/setuptools[${PYTHON_USEDEP}] - ') - gtk-doc? ( dev-util/gtk-doc ) - man? ( sys-apps/help2man ) - test? ( net-libs/gnutls[tools] )" - -RESTRICT="!test? ( test )" - -PATCHES=( - "${FILESDIR}"/${PN}-0.1.11-disable_installed_tests.patch -) - -python_check_deps() { - python_has_version -b "dev-python/setuptools[${PYTHON_USEDEP}]" -} - -pkg_setup() { - use vala && vala_setup -} - -src_prepare() { - xdg_environment_reset - default -} - -src_configure() { - local emesonargs=( - $(meson_use gtk-doc gtkdoc) - $(meson_use gpg) - $(meson_use introspection) - $(meson_use man) - $(meson_use pkcs7) - $(meson_use test tests) - $(meson_use vala vapi) - ) - meson_src_configure -} diff --git a/dev-libs/libzia/Manifest b/dev-libs/libzia/Manifest index aabf7bcd7b53..e9b44a559289 100644 --- a/dev-libs/libzia/Manifest +++ b/dev-libs/libzia/Manifest @@ -1,3 +1,9 @@ +DIST libzia-4.39.tar.gz 638203 BLAKE2B 0ff2bf9b404b1e554c3cab3145980b8db97345b2e4fd3f3aa94960c150f0da3efcc361306cd7476e839bc3f57868164181f2e3cb79e0dc3f3a7246841d723251 SHA512 61ae1e2aba9f096f7d6593cf7a72d12822bc30f77287bc36f1ea72c01e9669cbef72492adf017efc73bb507fe08b9939f6ca3e4d695388c642619450fc31c024 +DIST libzia-4.40.tar.gz 638193 BLAKE2B bbeee5f6ee699e09aa791c8b6acb39fed90bdf9a875499177c330d009407157e1ebc36aa432e94dcd78553f803c84fe0d00ce9d613abb657324a061588b77d06 SHA512 dd17a80dbcdf88f7617d439f6dde2af6d319c318e9ee55bc9b375ef1bef5ee708c1af7e133ed304d365b0d6d0c3d52f48ae01f44cb2a6e1285625d785f5f5126 +DIST libzia-4.42.tar.gz 642066 BLAKE2B 8bec7c3bafa68420adc08d7a70016138997fbd89e7e9ebae70f2a47da6216ac041907cb11c5391956895e5d0871c7c02ece28323253f1161e61f75a8ae6b05a6 SHA512 3e27ae0ddf46364f61a06fd85c6be6ee2bca829ef0d0e3a66f4b2ed8089a13e38332c4329a639f5f83120cf7bd9dad29b6e41022884513b3de69c7672d3316e5 DIST libzia-4.43.tar.gz 642097 BLAKE2B 34ab759fc8d4d83067df80d9d3f763717640df38f604222f3fc6b19876a9f5a5f5b79523857fa96d5badf047046b4786f100657ee0a41d0a7096a21c6006e5a0 SHA512 b6341ea6524b2040d63a7b21b9a4c12d26cb5ae30bc08dc37efd5fd7d71ecf7321511e09cc5745adc6f395f841d5e2bb4df827956204db4147ac11d204eaf8da +EBUILD libzia-4.39.ebuild 1191 BLAKE2B fdedbbb747f79407c1697e883d89dab444cc8fb60065c5800f6593010444160dc555f9c7fdc99e8d336ef7cd3409ce828e3c9156dc627143139bb987d7a20c2b SHA512 57c194225792866b997c7c1e5ed386f87f0213f8eeb4837c44148d013df10a61c6c71ddb20409088bb2e236eb3da948fc5c08c574ffc5d5bf962ab6ccb04cf8d +EBUILD libzia-4.40.ebuild 1193 BLAKE2B 14f99f1cbc754761e90212206e4d0d01a16071f07aee10c232bbfe66548432a576193bc83847a23bb7bd9d3eaa12e036c2e727e52eb2d5ac33c98b2c2f576856 SHA512 f0a68f7a6e158b889856683f2199c85cfdde1283a7b0d7b075adaa82a0859a9cabad1a731f0a13dddc2954e4084ed0c4d959584ca3c7aeb379befb71a366a2a5 +EBUILD libzia-4.42.ebuild 1193 BLAKE2B 14f99f1cbc754761e90212206e4d0d01a16071f07aee10c232bbfe66548432a576193bc83847a23bb7bd9d3eaa12e036c2e727e52eb2d5ac33c98b2c2f576856 SHA512 f0a68f7a6e158b889856683f2199c85cfdde1283a7b0d7b075adaa82a0859a9cabad1a731f0a13dddc2954e4084ed0c4d959584ca3c7aeb379befb71a366a2a5 EBUILD libzia-4.43.ebuild 1191 BLAKE2B fdedbbb747f79407c1697e883d89dab444cc8fb60065c5800f6593010444160dc555f9c7fdc99e8d336ef7cd3409ce828e3c9156dc627143139bb987d7a20c2b SHA512 57c194225792866b997c7c1e5ed386f87f0213f8eeb4837c44148d013df10a61c6c71ddb20409088bb2e236eb3da948fc5c08c574ffc5d5bf962ab6ccb04cf8d MISC metadata.xml 326 BLAKE2B 1b8ed6c9d40252f3371cf9a1ec295f593c8898dd8e45173ca05cededf987c7e44e2fafca613f8ad3022e9fbb6886d6aec2d183fd47c3064f35038784f361ebc4 SHA512 0c8a48b1101aa184dc596581feaf47463688801cb0f342177ecfb6fade1d63520ca1b9dcb278279470c181b560f555de332e4d2583e8856eec9057cde34df48f diff --git a/dev-libs/libzia/libzia-4.39.ebuild b/dev-libs/libzia/libzia-4.39.ebuild new file mode 100644 index 000000000000..d2bf5df52022 --- /dev/null +++ b/dev-libs/libzia/libzia-4.39.ebuild @@ -0,0 +1,54 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit autotools flag-o-matic + +DESCRIPTION="Platform abstraction code for tucnak package" +HOMEPAGE="http://tucnak.nagano.cz" +SRC_URI="http://tucnak.nagano.cz/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 x86" +IUSE="ftdi" + +RDEPEND="dev-libs/glib:2 + x11-libs/gtk+:2 + media-libs/libsdl2 + media-libs/libpng:0 + ftdi? ( dev-embedded/libftdi:1 ) + elibc_musl? ( sys-libs/libunwind )" +DEPEND="${RDEPEND}" +BDEPEND="virtual/pkgconfig" + +MAKEOPTS+=" -j1" + +src_prepare() { + eapply_user + sed -i -e "s/docsdir/#docsdir/g" \ + -e "s/docs_/#docs_/g" Makefile.am || die + + # Fix QA-Warning "QA Notice: pkg-config files with wrong LDFLAGS detected" + sed -i -e 's/@LDFLAGS@//' libzia.pc.in || die + + # fix build for MUSL (bug #832235) + if use elibc_musl ; then + sed -i -e "s/ backtrace(/ unw_backtrace(/" src/zbfd.c || die + fi + eautoreconf +} + +src_configure() { + use elibc_musl && append-libs -lunwind + econf \ + $(use_with ftdi) --with-sdl \ + --with-png --without-bfd \ + --disable-static +} + +src_install() { + emake DESTDIR="${D}" install + find "${D}" -name '*.la' -type f -delete || die +} diff --git a/dev-libs/libzia/libzia-4.40.ebuild b/dev-libs/libzia/libzia-4.40.ebuild new file mode 100644 index 000000000000..9c39a847c882 --- /dev/null +++ b/dev-libs/libzia/libzia-4.40.ebuild @@ -0,0 +1,54 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit autotools flag-o-matic + +DESCRIPTION="Platform abstraction code for tucnak package" +HOMEPAGE="http://tucnak.nagano.cz" +SRC_URI="http://tucnak.nagano.cz/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="ftdi" + +RDEPEND="dev-libs/glib:2 + x11-libs/gtk+:2 + media-libs/libsdl2 + media-libs/libpng:0 + ftdi? ( dev-embedded/libftdi:1 ) + elibc_musl? ( sys-libs/libunwind )" +DEPEND="${RDEPEND}" +BDEPEND="virtual/pkgconfig" + +MAKEOPTS+=" -j1" + +src_prepare() { + eapply_user + sed -i -e "s/docsdir/#docsdir/g" \ + -e "s/docs_/#docs_/g" Makefile.am || die + + # Fix QA-Warning "QA Notice: pkg-config files with wrong LDFLAGS detected" + sed -i -e 's/@LDFLAGS@//' libzia.pc.in || die + + # fix build for MUSL (bug #832235) + if use elibc_musl ; then + sed -i -e "s/ backtrace(/ unw_backtrace(/" src/zbfd.c || die + fi + eautoreconf +} + +src_configure() { + use elibc_musl && append-libs -lunwind + econf \ + $(use_with ftdi) --with-sdl \ + --with-png --without-bfd \ + --disable-static +} + +src_install() { + emake DESTDIR="${D}" install + find "${D}" -name '*.la' -type f -delete || die +} diff --git a/dev-libs/libzia/libzia-4.42.ebuild b/dev-libs/libzia/libzia-4.42.ebuild new file mode 100644 index 000000000000..9c39a847c882 --- /dev/null +++ b/dev-libs/libzia/libzia-4.42.ebuild @@ -0,0 +1,54 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit autotools flag-o-matic + +DESCRIPTION="Platform abstraction code for tucnak package" +HOMEPAGE="http://tucnak.nagano.cz" +SRC_URI="http://tucnak.nagano.cz/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="ftdi" + +RDEPEND="dev-libs/glib:2 + x11-libs/gtk+:2 + media-libs/libsdl2 + media-libs/libpng:0 + ftdi? ( dev-embedded/libftdi:1 ) + elibc_musl? ( sys-libs/libunwind )" +DEPEND="${RDEPEND}" +BDEPEND="virtual/pkgconfig" + +MAKEOPTS+=" -j1" + +src_prepare() { + eapply_user + sed -i -e "s/docsdir/#docsdir/g" \ + -e "s/docs_/#docs_/g" Makefile.am || die + + # Fix QA-Warning "QA Notice: pkg-config files with wrong LDFLAGS detected" + sed -i -e 's/@LDFLAGS@//' libzia.pc.in || die + + # fix build for MUSL (bug #832235) + if use elibc_musl ; then + sed -i -e "s/ backtrace(/ unw_backtrace(/" src/zbfd.c || die + fi + eautoreconf +} + +src_configure() { + use elibc_musl && append-libs -lunwind + econf \ + $(use_with ftdi) --with-sdl \ + --with-png --without-bfd \ + --disable-static +} + +src_install() { + emake DESTDIR="${D}" install + find "${D}" -name '*.la' -type f -delete || die +} diff --git a/dev-libs/mpfr/Manifest b/dev-libs/mpfr/Manifest index 83d0ee6c214d..ef80fb6e61be 100644 --- a/dev-libs/mpfr/Manifest +++ b/dev-libs/mpfr/Manifest @@ -28,5 +28,5 @@ DIST mpfr-4.2.0.tar.xz.asc 228 BLAKE2B b281a11528a69418739b0122b4130d9cf212569f9 EBUILD mpfr-4.1.0_p13-r1.ebuild 2783 BLAKE2B 748c9175b11db817c4d4a50879ffac9d2772b8c1aba67111bba8744264705547910b16667caa68eaac7b8d66e7cb331c54150b35fcbdbf47fee4d6c5cd8109a7 SHA512 b8161691727a74f31877dddec7e81e6c37791be74649ea4a96c770ad34661d0deebe27444a1872fb127b5fa191357a048cbc410a6db6bae16b0887d1c843f1ed EBUILD mpfr-4.1.1_p1.ebuild 2783 BLAKE2B 69d40acad30c90bc0460c3ee4a96323a46ec2ea2d3a6ae96ef696502cd9af2623cd33cd9d1c8a1dc372ee3f643eb254d1e0e91e6289bfd8ce6e463c00c54cfe5 SHA512 12fb0937de94dcf6f04bfa26ff3a0ae1343d9d698777d652e20f734ef51965104a9aa60f8775b897e6b82f75e10e5568a7269ae3f446adbaa3036481a98362c2 EBUILD mpfr-4.2.0.ebuild 3158 BLAKE2B 86a7fcf91c203f87c62b039f609592e2f4ce0f199a89d35d30d5b143ce254938686339cbb0c1b45a17a56c8a159d95bb3517354dfcfb2458d441647e104ed269 SHA512 8c8dfb2424f043372ef058ac7fedea442b5de3733b56497cd96deeee52998247c6872096926c430b78ffc41542e986903d9d6972fbf676f9309f7d4757212f6c -EBUILD mpfr-4.2.0_p9.ebuild 3166 BLAKE2B 7435f63692a319663ed64ff6ddb6c938f78ac0681a4d8b990825a50e3c4ea2c3b47a43fb0631b7e242438b77e07f2a2851879e72fb88b96a17b4899ad01c6d4f SHA512 b96d7c2bf7a37d235790017b92ddac9c990c4f4be40b3e5dac74bb96ec076ad010c8bd66f1473021263b25529743400e1b09df637df295c91f0851a09d811d86 +EBUILD mpfr-4.2.0_p9.ebuild 3167 BLAKE2B 481b82c925add26fcb119d40cc6d32671a7ad61e1faadb692ad7dcb6acc7238d65982b5d0ddf9aff75bd7742fe83c7fa64928b09dc06e6f62bf72dde16128be1 SHA512 e2b8ccf66b2bdc1d95be34e2f47360c33e0807af97fe90a500c760eff351b666ca45e68b26d5403ae8b5e64ab60ca8d601690d6babc14899580b4059eac2aacf MISC metadata.xml 344 BLAKE2B b7a0bcfbcf945ce2b6d58a9a2078c823c12de5ef8261ec009612b58a833deecb7caaf864f0b55e0c46aac004c58feb7a1f88f6d78b584c2e25c403cfb1de96a0 SHA512 8b8b5ae00a4f9ba76c193c5d84f27cce973963f4db109219394efccba3a8e8bebb7f241658a0b682331e34c66ee99332f871d826abf6ec5a4ced4f3dce381fe9 diff --git a/dev-libs/mpfr/mpfr-4.2.0_p9.ebuild b/dev-libs/mpfr/mpfr-4.2.0_p9.ebuild index 3436f7912a8f..bcbbe69004fc 100644 --- a/dev-libs/mpfr/mpfr-4.2.0_p9.ebuild +++ b/dev-libs/mpfr/mpfr-4.2.0_p9.ebuild @@ -39,6 +39,7 @@ if [[ ${PV} == *_p* ]] ; then done unset patch_url_base my_patch_index mangled_patch_ver + fi S="${WORKDIR}/${MY_P}" diff --git a/dev-libs/ntl/Manifest b/dev-libs/ntl/Manifest index 50dfd9aed9cb..ef36d31bbcf1 100644 --- a/dev-libs/ntl/Manifest +++ b/dev-libs/ntl/Manifest @@ -1,5 +1,4 @@ DIST ntl-11.5.1.tar.gz 2304103 BLAKE2B 92284383451c7a810f7ee8d9a82836695d19d2a2e46b71c8c60b00acb77f4b4d3bad5497a309616a3e3188567d20203f5ad31295130ab0f3ace08417188c9fda SHA512 cf1f642b8a0f9cdc6dda888e07183817dc67ff494e56a852053aeb15b3d2a0e61fbc05824779c5d1f20b8115fba6f97266acf7e0b0b527c25df5989c86d5928f EBUILD ntl-11.5.1-r1.ebuild 2071 BLAKE2B 63b41f8d75761d7d002238955c7c3a8f81af90cd3db436eec1e5a30017995f2ffa2456d912e3b103bdb25d3916e5d6f94b17f70ae5960b91fa83bb870f3201a3 SHA512 71a9d39b67f2144522090613a9143585ae17727d200958a89ae7317d6dacaadcdf09d5d10fcca2c00c77f507243fd7e56bfef9cbdc989c42a27f828a8be18dc6 EBUILD ntl-11.5.1-r3.ebuild 2558 BLAKE2B 18998bc75528ff91ee88c6932ae2982d898940fbf0d9e344bab1f445e81cd8899c854816222ed47409543b9d700bb5d0ebbd0dbba9d1dd6bf20af445e9bc2124 SHA512 e308a4c7739df1a8c52d7aa3714a81701afd2d7049c2ea9db4b9580ff51e267d3ac17016275b55b8bc51ed6a3e863bfb7fb42a1746011a500006c9322380e23b -EBUILD ntl-11.5.1-r4.ebuild 2674 BLAKE2B abfbeaffe5f23d694d740536f7e9f998fac0ce60f205886f566c5eaca81a7ef41a67eb4612030553413b9c731a6c12704943a06c39b154186e459b4cf3ae167d SHA512 5aebc09655d7423161f42518bbdb0c3be8550e283598b6784a54c99a296233ec7f023ba264f0c0b332cd5889e50957ef6d95d57405791560de69c131d34a337f MISC metadata.xml 628 BLAKE2B 12ef87b42f60ca7bd5f91708c96471378481bfdc911d638a550608f62928a40e879431028f6e578047b79749e0c8307a4075520434191099adece5a771e5c27f SHA512 724f4bc44918ec49f4bb30ef7c9cc6de8c4243845a2a4c7d8c73db6f1db8fa548ad0932f324deea2002ea35cb7b410120cb86a0743bb2d6765fcd987593fcd84 diff --git a/dev-libs/ntl/ntl-11.5.1-r4.ebuild b/dev-libs/ntl/ntl-11.5.1-r4.ebuild deleted file mode 100644 index c8e07339e445..000000000000 --- a/dev-libs/ntl/ntl-11.5.1-r4.ebuild +++ /dev/null @@ -1,91 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -inherit toolchain-funcs gnuconfig - -DESCRIPTION="High-performance and portable C++ number theory library" -HOMEPAGE="https://www.shoup.net/ntl/ https://github.com/libntl/ntl" -SRC_URI="https://www.shoup.net/ntl/${P}.tar.gz" - -LICENSE="LGPL-2.1+" -SLOT="0/44" -KEYWORDS="amd64 ~arm64 ~loong ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos" -IUSE="doc threads" - -BDEPEND="dev-lang/perl" -DEPEND="dev-libs/gmp:0= - dev-libs/gf2x - threads? ( >=dev-libs/gf2x-1.2 )" -RDEPEND="${DEPEND}" - -S="${WORKDIR}/${P}/src" - -DOCS=( "${WORKDIR}/${P}"/README ) - -src_unpack() { - default - gnuconfig_update "${S}/libtool-origin/" -} - -src_configure() { - # The DoConfig script builds its own libtool, but doesn't - # really try to set up the build environment (bug 718892). - export CC="$(tc-getCC)" - export CXX="$(tc-getCXX)" - - # Currently the build system can build a static library or both - # static and shared libraries, but not only shared libraries. The - # name NTL_GMP_LIP is *not* a typo. - # - # We have left NTL_ENABLE_AVX_FFT unconditionally disabled: NTL's - # AVX2 detection can fail even when the CPU supports it (bug - # 815775), and moreover, can fail due to CXXFLAGS. When that - # happens, and if we try to use the AVX FFT, the build fails. - # Finally, doc/config.txt says, "this is experimental at moment, and - # may lead to worse performance." So we are probably not missing out - # on much. - # - # The NATIVE=on option adds "-march=native" to CXXFLAGS and should - # not be enabled on Gentoo, but is currently necessary for NTL's CPU - # feature detection to work (bug 815775). See the upstream issue, - # - # https://github.com/libntl/ntl/issues/22 - # - perl DoConfig \ - PREFIX="${EPREFIX}"/usr \ - LIBDIR="${EPREFIX}"/usr/$(get_libdir) \ - CXXFLAGS="${CXXFLAGS}" \ - CPPFLAGS="${CPPFLAGS}" \ - LDFLAGS="${LDFLAGS}" \ - CXX="$(tc-getCXX)" \ - AR="$(tc-getAR)" \ - RANLIB="$(tc-getRANLIB)" \ - SHARED=on \ - NTL_GMP_LIP=on \ - NTL_GF2X_LIB=on \ - NTL_THREADS=$(usex threads on off) \ - NTL_ENABLE_AVX_FFT=off \ - NATIVE=on \ - || die "DoConfig failed" - - if use doc; then - DOCS+=( "${WORKDIR}/${P}"/doc/*.txt ) - HTML_DOCS=( "${WORKDIR}/${P}"/doc/*.html "${WORKDIR}/${P}"/doc/*.gif ) - fi - - # 780534 - Required for rlibtool so it can find the generated libtool - ln -sf libtool-build/libtool . || die -} - -src_install() { - default - find "${ED}" -name '*.la' -delete || die - - # Use rm -f because the static archive may not be created when - # using (for example) slibtool-shared. - rm -f "${ED}/usr/$(get_libdir)"/libntl.a || die - - rm -r "${ED}"/usr/share/doc/NTL || die -} diff --git a/dev-libs/openssl-compat/Manifest b/dev-libs/openssl-compat/Manifest index 9fa269ef9e30..d87bb3e8362c 100644 --- a/dev-libs/openssl-compat/Manifest +++ b/dev-libs/openssl-compat/Manifest @@ -5,9 +5,12 @@ AUX openssl-1.1.1i-riscv32.patch 2557 BLAKE2B 97e51303706ee96d3fae46959b91d1021d DIST openssl-1.0.2-patches-1.5.tar.xz 12404 BLAKE2B 6c1b8c28f339f539b2ab8643379502a24cf62bffde00041dce54d5dd9e8d2620b181362ee5464b0ab32ba4948e209697bfabadbea2944a409a1009100d298f24 SHA512 5725e2d9d1ee8cc074bcef3bed61c71bdab2ff1c114362110c3fb8da11ad5bc8f2ff28e90a293f5f3a5cf96ecda54dffdb7ab3fb3f8b23ef6472250dc3037659 DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1c838de945903fcf959c62cc29ddcd1a0cb360fc5db234df86860a6a4c096f5ecc237611e4c2946b986a5500c24ba93c208ef4 SHA512 a48a7efb9b973b865bcc5009d450b428ed6b4b95e4cefe70c51056e47392c8a7bec58215168d8b07712419dc74646c2bd2fd23bcfbba2031376e292249a6b1b6 DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32 +DIST openssl-1.1.1t.tar.gz 9881866 BLAKE2B 66d76ea0c05a4afc3104e22602cffc2373e857728625d31ab3244881cafa91c099a817a09def7746bce4133585bfc90b769f43527e77a81ed13e60a8c2fb4d8d SHA512 628676c9c3bc1cf46083d64f61943079f97f0eefd0264042e40a85dbbd988f271bfe01cd1135d22cc3f67a298f1d078041f8f2e97b0da0d93fe172da573da18c +DIST openssl-1.1.1t.tar.gz.asc 833 BLAKE2B fc5e7069268e987a20241dfc4f080529c6e95e217c198568b09c833e390e68b25a604a5d3ec29c6a64b9dee9d42199fd3647214e536ba2f7b8b4e57aa4cba680 SHA512 1232a94fce991d62f008ae6d3d9b6fe68cb6378fe07450feb17a58eb2417fb385ffcb7e6b74eb683134be9ff6ccf6efa183f37f4dd521614fd5aeaddf000b90b DIST openssl-1.1.1u.tar.gz 9892176 BLAKE2B 5de9cb856e497596ecba008bad6515eefd093849b9c66dd7447031723996f3ba66ac37a323a5f7d01b1d42df4daaceb523372f5897d5c53b935ffab91c566594 SHA512 d00aeb0b4c4676deff06ff95af7ac33dd683b92f972b4a8ae55cf384bb37c7ec30ab83c6c0745daf87cf1743a745fced6a347fd11fed4c548aa0953610ed4919 DIST openssl-1.1.1u.tar.gz.asc 833 BLAKE2B 7a978a94264a14be04372fea39868e9177e8a0b0f24344267702022e19ee0f52e91ad141d7c54da870f7ec0df9b2e43b80939f1d274dd0b44d36da2670e3a468 SHA512 40245d65ace95b2002bf64bcba184c92fec3420b08d9f61f3a709c4842e9478595105d8adce33a08eb98d351d2a0989ec342b08cdd9104498ea0543b6e592d28 DIST openssl-compat-1.0.2u-versioned-symbols.patch.gz 24633 BLAKE2B 6bfad4ad27dbca0bd85bfd9521ffc844c3e93e6a1cca7c814edd49affc60ece1c706dd3aa7be2ce80857532531eac6f0f03f43c0be22a769d00d9241686eff71 SHA512 3d85aa34f2491e0e36eedc45829709e0fb552f6d558c2726b59dafa98c3e679b88497f3f7399d7565d88e727591e7d9b12f5b1e27116ba19b9a661d7f75b07a9 EBUILD openssl-compat-1.0.2u-r2.ebuild 7794 BLAKE2B 292aa0999be2c173b86b9324a8e1e73fd536b38af5106d09d776931c8a170808ddf976536d7f88398260e1cda58945fe747255a8f3c2d4432ab4e8ca139e83a4 SHA512 271767ff717c9324a34c3ae1964a6a428f83e97d002be6df797cadc809768a198ab090cb313e5aa3bc9fd22d029f2cf17c3612f51e154e140a552bfdf9cb55f2 +EBUILD openssl-compat-1.1.1t.ebuild 6556 BLAKE2B 8fc47dd1300fcb5558c7dce745700d7306893d817c83177598bfc3d5e80467359688e42688c4f0b29393058c264a7641e3cfe3e2e439ba55dd410d93346e8b7b SHA512 7ebac003cf144379663c92ad98a8d9fc362a564d4b6b2983dc855ce759f694c23c870e062fe6083c701251245248d2ff9d26dada83d214a42cda3050c5222749 EBUILD openssl-compat-1.1.1u.ebuild 6556 BLAKE2B 8fc47dd1300fcb5558c7dce745700d7306893d817c83177598bfc3d5e80467359688e42688c4f0b29393058c264a7641e3cfe3e2e439ba55dd410d93346e8b7b SHA512 7ebac003cf144379663c92ad98a8d9fc362a564d4b6b2983dc855ce759f694c23c870e062fe6083c701251245248d2ff9d26dada83d214a42cda3050c5222749 MISC metadata.xml 1223 BLAKE2B db6fe704a4a09590821cd011556759cfd60543fd531fef3bd233378f396ac5e67c7d834eee4e544995c3af02dc9f222ac787e0b8a1c48a6cadd06541c81372fb SHA512 3cd0b3d8ba2c2c31d3240a080c0edf61a3b090adb4bb14c3b79c9cd1f0c0ac332a9c9457b218a09fb9192cc82004dba57cd4cac404fdd5ddfe4f0c7780b596cd diff --git a/dev-libs/openssl-compat/openssl-compat-1.1.1t.ebuild b/dev-libs/openssl-compat/openssl-compat-1.1.1t.ebuild new file mode 100644 index 000000000000..f1ff4defc6a7 --- /dev/null +++ b/dev-libs/openssl-compat/openssl-compat-1.1.1t.ebuild @@ -0,0 +1,221 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc +inherit edo flag-o-matic toolchain-funcs multilib-minimal verify-sig + +MY_P=openssl-${PV/_/-} +DESCRIPTION="Full-strength general purpose cryptography library (including SSL and TLS)" +HOMEPAGE="https://www.openssl.org/" +SRC_URI="mirror://openssl/source/${MY_P}.tar.gz + verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )" +S="${WORKDIR}/${MY_P}" + +LICENSE="openssl" +SLOT="$(ver_cut 1-3)" +if [[ ${PV} != *_pre* ]] ; then + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris" +fi +IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers" +RESTRICT="!test? ( test )" + +RDEPEND=" + !=dev-libs/openssl-1.1.1*:0 + tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) +" +DEPEND="${RDEPEND}" +BDEPEND=" + >=dev-lang/perl-5 + sctp? ( >=net-misc/lksctp-tools-1.0.12 ) + test? ( + sys-apps/diffutils + sys-devel/bc + kernel_linux? ( sys-process/procps ) + ) + verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )" + +# Do not install any docs +DOCS=() + +PATCHES=( + # General patches which are suitable to always apply + # If they're Gentoo specific, add to USE=-vanilla logic in src_prepare! + "${FILESDIR}"/${PN/-compat}-1.1.0j-parallel_install_fix.patch # bug #671602 + "${FILESDIR}"/${PN/-compat}-1.1.1i-riscv32.patch +) + +pkg_setup() { + [[ ${MERGE_TYPE} == binary ]] && return + + # must check in pkg_setup; sysctl doesn't work with userpriv! + if use test && use sctp; then + # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel" + # if sctp.auth_enable is not enabled. + local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null) + if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then + die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!" + fi + fi +} + +src_prepare() { + # Allow openssl to be cross-compiled + cp "${FILESDIR}"/gentoo.config-1.0.4 gentoo.config || die + chmod a+rx gentoo.config || die + + # Keep this in sync with app-misc/c_rehash + SSL_CNF_DIR="/etc/ssl" + + # Make sure we only ever touch Makefile.org and avoid patching a file + # that gets blown away anyways by the Configure script in src_configure + rm -f Makefile + + if ! use vanilla ; then + PATCHES+=( + # Add patches which are Gentoo-specific customisations here + ) + fi + + default + + if use test && use sctp && has network-sandbox ${FEATURES}; then + einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..." + rm test/recipes/80-test_ssl_new.t || die + fi + + # Quiet out unknown driver argument warnings since openssl + # doesn't have well-split CFLAGS and we're making it even worse + # and 'make depend' uses -Werror for added fun (bug #417795 again) + tc-is-clang && append-flags -Qunused-arguments + + # We really, really need to build OpenSSL w/ strict aliasing disabled. + # It's filled with violations and it *will* result in miscompiled + # code. This has been in the ebuild for > 10 years but even in 2022, + # it's still relevant: + # - https://github.com/llvm/llvm-project/issues/55255 + # - https://github.com/openssl/openssl/issues/18225 + # - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057 + # Don't remove the no strict aliasing bits below! + filter-flags -fstrict-aliasing + append-flags -fno-strict-aliasing + + append-cppflags -DOPENSSL_NO_BUF_FREELISTS + + append-flags $(test-flags-CC -Wa,--noexecstack) + + # Remove test target when FEATURES=test isn't set + if ! use test ; then + sed \ + -e '/^$config{dirs}/s@ "test",@@' \ + -i Configure || die + fi + + if use prefix && [[ ${CHOST} == *-solaris* ]] ; then + # use GNU ld full option, not to confuse it on Solaris + sed -i \ + -e 's/-Wl,-M,/-Wl,--version-script=/' \ + -e 's/-Wl,-h,/-Wl,--soname=/' \ + Configurations/10-main.conf || die + + # fix building on Solaris 10 + # https://github.com/openssl/openssl/issues/6333 + sed -i \ + -e 's/-lsocket -lnsl -ldl/-lsocket -lnsl -ldl -lrt/' \ + Configurations/10-main.conf || die + fi + + local sslout=$(./gentoo.config) + einfo "Using configuration: ${sslout:-(openssl knows best)}" + local config="perl Configure" + [[ -z ${sslout} ]] && config="sh config -v" + + # The config script does stupid stuff to prompt the user. Kill it. + sed -i '/stty -icanon min 0 time 50; read waste/d' config || die + edo ${config} ${sslout} --test-sanity + + multilib_copy_sources +} + +multilib_src_configure() { + # bug #197996 + unset APPS + # bug #312551 + unset SCRIPTS + # bug #311473 + unset CROSS_COMPILE + + tc-export AR CC CXX RANLIB RC + + use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } + + local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") + + # See if our toolchain supports __uint128_t. If so, it's 64bit + # friendly and can use the nicely optimized code paths, bug #460790. + #local ec_nistp_64_gcc_128 + # + # Disable it for now though (bug #469976) + # Do NOT re-enable without substantial discussion first! + # + #echo "__uint128_t i;" > "${T}"/128.c + #if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then + # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" + #fi + + local sslout=$(./gentoo.config) + einfo "Use configuration ${sslout:-(openssl knows best)}" + local config="perl Configure" + [[ -z ${sslout} ]] && config="sh config -v" + + # "disable-deprecated" option breaks too many consumers. + # Don't set it without thorough revdeps testing. + # Make sure user flags don't get added *yet* to avoid duplicated + # flags. + local myeconfargs=( + ${sslout} + + $(use cpu_flags_x86_sse2 || echo "no-sse2") + enable-camellia + enable-ec + enable-ec2m + enable-sm2 + enable-srp + $(use elibc_musl && echo "no-async") + ${ec_nistp_64_gcc_128} + enable-idea + enable-mdc2 + enable-rc5 + $(use_ssl sslv3 ssl3) + $(use_ssl sslv3 ssl3-method) + $(use_ssl asm) + $(use_ssl rfc3779) + $(use_ssl sctp) + $(use test || echo "no-tests") + $(use_ssl tls-compression zlib) + $(use_ssl tls-heartbeat heartbeats) + $(use_ssl weak-ssl-ciphers) + + --prefix="${EPREFIX}"/usr + --openssldir="${EPREFIX}"${SSL_CNF_DIR} + --libdir=$(get_libdir) + + shared + threads + ) + + edo ${config} "${myeconfargs[@]}" +} + +multilib_src_compile() { + emake all +} + +multilib_src_test() { + emake -j1 test +} + +multilib_src_install() { + dolib.so lib{crypto,ssl}.so.$(ver_cut 1-2 "${SLOT}") +} diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest index 963efe7f3a94..08813ed42f4e 100644 --- a/dev-libs/openssl/Manifest +++ b/dev-libs/openssl/Manifest @@ -2,17 +2,39 @@ AUX gentoo.config-1.0.2 5302 BLAKE2B b699533ed86c48c0d033092b4d901de837a6a495113 AUX gentoo.config-1.0.4 5735 BLAKE2B 3ae435b60aa2c29dde9190c71e6cedf2a2c17ff8e7ae23c2a0c54904a6e06aa498b620979761a4d0f4a6e7331b49f684a952061e59d1d0a3e5bc27a68bed5800 SHA512 351e61a387e8e3890d03d3574926e82555223f9734e2f8365ee24ed7e064c30a6fdb75ad851a149f636803bdafb72b420127eef9cd7a9c1248e17e5317aca378 AUX openssl-1.1.0j-parallel_install_fix.patch 515 BLAKE2B a1bcffce4dc9e0566e21e753cf1a18ee6eac92aca5880c50b33966d8ecb391f7430e1db6ea5a30ee4e3a9d77fb9e5542e864508b01c325011e368165e079a96c SHA512 0badd29ec8cffd95b2b69a4b8f8eecfc9ea0c00a812b298a650ee353e3965147fd2da1f9058d2d51744838f38168257b89aaf317287c55a7b76f16a69c781828 AUX openssl-1.1.1i-riscv32.patch 2557 BLAKE2B 97e51303706ee96d3fae46959b91d1021dcbb3efa421866f6e09bbee6287aae95c6f5d9498bd9d8974b0de747ef696242691cfebec90b31dc9e2cc31b41b81ec SHA512 f75ae1034bb9dda7f4959e8a5d6d0dae21200723d82aebfbea58bd1d7775ef4042e49fdf49d5738771d79d764e44a1b6e0da341d210ea51d21516bb3874b626a +AUX openssl-1.1.1t-CVE-2023-0464.patch 8500 BLAKE2B 6956aa4545d63337154e654d584eed1acbcc90eeeee60120fc567a24f839d8046b5d69d5d5de380a783580bf7c10590f45954018f2e26bdc1cd4a79e45bc1662 SHA512 5842316bf9cd38fb496adc6681542afbf7c2f8899f3952b61f1502da61b0c74f7aac3f27851be9d027642f3d2fcd1dc69fc11f14dcdb9af43f0e0d16c7de6736 +AUX openssl-1.1.1t-CVE-2023-0465.patch 1735 BLAKE2B add7bf0bda8802259b2fc3bb2c815b7e3bb04226d5effd3c98e60aae0b0aa140c26a05467eb7384147032f67ad9ef347b42012d1dfe05d2404f2feed692c6dd2 SHA512 a63883bc773faceded24c47d3246ce2c8e9ad10426a953e575ec0a6f315e0e9b789d31de912ed5015e7e97bf205870fb16b6f4353807dd00c4d1396586a35935 +AUX openssl-1.1.1t-CVE-2023-0466.patch 1719 BLAKE2B 77294d1820a935e653f254600eb219a1da1409d2e4a161fcce1fd44ce0bc96ca61516a929ee6dd9016ea07374a412ce8d6e65f570941e325e0f7fa79759dd364 SHA512 d6fc7d5a5420b6de96e0fec34175259a7f34acae0d34347980972bdc999b8d57ddb1aac6b4063a7eb4aab759b5afaeb7fa010133df8e1b57efeb23df56ac6b67 +AUX openssl-3.0.8-CVE-2023-0464.patch 8888 BLAKE2B 4a4c71e3dc3264ee2da59c9848bd79f700d9923cfc4d0fe26b740625263a1f47d0ad1a6dc3ecc060e6e7f94a3ddb90e80deb16850471d166b335107c48c3a7d0 SHA512 dd22e945312604f45bb55f2e8cfe485f4c7a47d7c07d746117baa580d61d25679d410043ff4243b62390176159ef4e3f40f0e2d28191329d3ad11f3bceb67294 +AUX openssl-3.0.8-CVE-2023-0465.patch 1725 BLAKE2B a226cc9f74188da651b910e6bbb56f9bfe445ecb09cb094dcfb182874470c5562a00959dc38ccbed2f0d48fd672491b4b423ce7252e2bc5d334c8c8ba999f655 SHA512 f7cdebce1af1cd89e8d1cc17834cf998f2b1a7587807b06887036abd5a134c79f25adacc94b9f2c5e4cda634fbdbdc7f76256e4653f5ef278fa18ea7c5023f8d +AUX openssl-3.0.8-CVE-2023-0466.patch 1839 BLAKE2B e9a573317c92abe5e084a1c301f87443f54d47a96967f66e2dba103f8ff88f3452b5926254bbc4fdfb249b0dac530d6382504f77c0e81fea13e30398a3f8561a SHA512 35d64774eb784753ca90e55c72978e01e1b21b13255a51f27d4c8b34865a9509d24e9712abc42ef597b496a44a8ec6c17cd92768ebd335e721f4da0f7b40a45d +AUX openssl-3.0.8-CVE-2023-1255.patch 1285 BLAKE2B 1394f50a82f01cd26e59ae241b4db60f73742e6d901a66e266772d0295eb2b7f3d7f53cbd2052fe9e81cfc251613cbc2394182b4813a5ca92e79c340c7f2b582 SHA512 df79750e82db172a1b0f61b7324442eb4b097f636854853d3229e3e970fbbdd73ac4094220d0745ecf00bdbb7fda09d7c0effceebbbd424df44af693aeb856a7 +AUX openssl-3.0.8-mips-cflags.patch 1104 BLAKE2B 39b3698ce27758504aa64b3059fdb51876971f085850719c4ece9e068c975624c04a39652cc77446de1241aa1d816eb282cd969efd70dd5c5d682c84f6a9224a SHA512 ec0a860ee504281fbbc33dbe35f9f31b3c8943a144ccbddc75c36c89260793760b42efd6b7c27c51fbab059588fc784dbad39c5b5f77202bf13a263441766216 +AUX openssl-3.1.0-CVE-2023-0464.patch 8888 BLAKE2B ef5c66bc6c06fd6e9d69ceff9f204e5944a1e73760e42bfc8550b197b674b34d273fcc9efa8a5f1b21577e8acc849548595a845a7f569a9ebce8ae0223ebb56a SHA512 e6b8f7f855ef880fcedba6e93971b1f894981e81e830d600446d560c2d83a8f8b2595a30ec0f7f0fdf1fc787b817d1d44700aa72203027a157beafdc0ec6ef19 +AUX openssl-3.1.0-CVE-2023-0465.patch 1725 BLAKE2B 7fbf508304c257ca5fc58c6b80b567326895d5b86a25fcfbdc058c6d21d9244b3a55150436084b15184fac267c001520664c02bb7f7151b61acd8da47113df27 SHA512 5e1525dff539eb06f3772166cbb6f20162b2c7de12633616663beeb75f5e8e5d964b66364b82dbf993d0622b741dba1930f27ca44f9563c0d1ff5915e6be93ca +AUX openssl-3.1.0-CVE-2023-0466.patch 1839 BLAKE2B 166c660e40f3a7e6f7a87d673e1c94ff93494a6bfa9c061ed8e1ffc8d396d83043803c9ee4f277ffacab9132c9a941c5d51b7079cd07264d20724e2f83e54ed2 SHA512 e7cfb530fcec4712f076cf70b44d20576cd9a56e7904499f6f8d7413bf2565ba591317ee843c1ee074ae0eae61c26178689677dc3b0261af1426986812f9016e +AUX openssl-3.1.0-CVE-2023-1255.patch 1285 BLAKE2B ca2749def80e8349db45260a397249229816ae226e7138d64a720bf43f81ac16b3a240b3f5e55e1878a05f5cb0ca2ffbdaa76030ea969e8e51d8b682008d9084 SHA512 cebf0c073d477556bdcafdd545bf39e2f4db2250c10b6db94628b9f46a6bcce877e281132693c3451766ce784629ad2f3863e02d42375d1de9afb72015512548 DIST openssl-1.0.2-patches-1.5.tar.xz 12404 BLAKE2B 6c1b8c28f339f539b2ab8643379502a24cf62bffde00041dce54d5dd9e8d2620b181362ee5464b0ab32ba4948e209697bfabadbea2944a409a1009100d298f24 SHA512 5725e2d9d1ee8cc074bcef3bed61c71bdab2ff1c114362110c3fb8da11ad5bc8f2ff28e90a293f5f3a5cf96ecda54dffdb7ab3fb3f8b23ef6472250dc3037659 DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1c838de945903fcf959c62cc29ddcd1a0cb360fc5db234df86860a6a4c096f5ecc237611e4c2946b986a5500c24ba93c208ef4 SHA512 a48a7efb9b973b865bcc5009d450b428ed6b4b95e4cefe70c51056e47392c8a7bec58215168d8b07712419dc74646c2bd2fd23bcfbba2031376e292249a6b1b6 DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32 +DIST openssl-1.1.1t.tar.gz 9881866 BLAKE2B 66d76ea0c05a4afc3104e22602cffc2373e857728625d31ab3244881cafa91c099a817a09def7746bce4133585bfc90b769f43527e77a81ed13e60a8c2fb4d8d SHA512 628676c9c3bc1cf46083d64f61943079f97f0eefd0264042e40a85dbbd988f271bfe01cd1135d22cc3f67a298f1d078041f8f2e97b0da0d93fe172da573da18c +DIST openssl-1.1.1t.tar.gz.asc 833 BLAKE2B fc5e7069268e987a20241dfc4f080529c6e95e217c198568b09c833e390e68b25a604a5d3ec29c6a64b9dee9d42199fd3647214e536ba2f7b8b4e57aa4cba680 SHA512 1232a94fce991d62f008ae6d3d9b6fe68cb6378fe07450feb17a58eb2417fb385ffcb7e6b74eb683134be9ff6ccf6efa183f37f4dd521614fd5aeaddf000b90b DIST openssl-1.1.1u.tar.gz 9892176 BLAKE2B 5de9cb856e497596ecba008bad6515eefd093849b9c66dd7447031723996f3ba66ac37a323a5f7d01b1d42df4daaceb523372f5897d5c53b935ffab91c566594 SHA512 d00aeb0b4c4676deff06ff95af7ac33dd683b92f972b4a8ae55cf384bb37c7ec30ab83c6c0745daf87cf1743a745fced6a347fd11fed4c548aa0953610ed4919 DIST openssl-1.1.1u.tar.gz.asc 833 BLAKE2B 7a978a94264a14be04372fea39868e9177e8a0b0f24344267702022e19ee0f52e91ad141d7c54da870f7ec0df9b2e43b80939f1d274dd0b44d36da2670e3a468 SHA512 40245d65ace95b2002bf64bcba184c92fec3420b08d9f61f3a709c4842e9478595105d8adce33a08eb98d351d2a0989ec342b08cdd9104498ea0543b6e592d28 +DIST openssl-3.0.8.tar.gz 15151328 BLAKE2B e163cc9b8b458f72405a2f1bde3811c8d0eb22e8b08ff5608ec64799975f1546dcdce31466b8a1d5ed29bc90d19aa6017d711987c81b71f4b20e279828cf753a SHA512 8ce10be000d7d4092c8efc5b96b1d2f7da04c1c3a624d3a7923899c6b1de06f369016be957e36e8ab6d4c9102eaeec5d1973295d547f7893a7f11f132ae42b0d +DIST openssl-3.0.8.tar.gz.asc 833 BLAKE2B 1949801150e254e9be648f33014a4a16f803b42ca5a302c3942d377013e983e0ea0cca8aed594e3f9ecde26c6e31d222581e991af5fae6cd451d7ee83541f4bb SHA512 e1c04f1179aded228b39005fd9e9f6f75aedafb938b77ac58c97a00973eb412d93b92ad1c447332a5d96850b62b01093502928e6c190bdd0234a94c4e815d2a6 DIST openssl-3.0.9.tar.gz 15181285 BLAKE2B cc1df41fa12ba4443e15e94f6ebdc5e103b9dab5eab2e1c8f74e6a74fa2c38207817921b65d7293cb241c190a910191c7163600bb75243adde0e2f9ec31cc885 SHA512 86c99146b37236419b110db77dd3ac3992e6bed78c258f0cc3434ca233460b4e17c0ac81d7058547fe9cb72a9fd80ee56d4b4916bb731dbe2bbcf1c3d46bf31a DIST openssl-3.0.9.tar.gz.asc 833 BLAKE2B 9943ac65f83f48465cae83b37a1d004f6be4622e53c3025166d42954abe9215f1a6c2af58d4aa2b45fa51182fee5019e740969f694655b6c592bb278c68aacef SHA512 9949de6b57d5aa21da1d4b68a29eb37e302403c983bd7d2d8769b320aac4268a9f9091c5fb182862a4f89a9099660939fe609df87c66991b75f7695faf357caf +DIST openssl-3.1.0.tar.gz 15525381 BLAKE2B 9212a7fb13f6dee7746721ee406af56ae1b48ec58974c002465d2b0205839eb5ee0483383aa9924fc3e4168ebd34e1a5819480cf10aa318994d7171e54c07108 SHA512 71cc75c7700f445c616e382b76263ad2e4072beec0232458baf3d9891b8b64a7ad0cac4b4d24b727b2b7dcd100c78606fd48eba98a67eccd5f336e3d626ca713 +DIST openssl-3.1.0.tar.gz.asc 488 BLAKE2B f4a844e3db2c2bdf42b6f811d16cc2077cacf713d20474d94e2d0180a6f97eadf4f03522e9fed478d263d680d88091dc2bc48e7ebb15d049bc57ee7ed64c7fbb SHA512 8d542e6471b745822d6cd889c5b168841b4366ee9a96edc2ab5b44fa1bd1b75308422aed312f1bd6e6a3c3e306eceaa95ce9bb4d0aa3e8ff86cb0fd92a7e61ea DIST openssl-3.1.1.tar.gz 15544757 BLAKE2B 094f7e28f16de6528016fcd21df1d7382b0dbdcd80ec469d37add9c37f638c059dda3ffb4415eba890a33d146ddc9016bcc7192df101c73be5e70faf6e3b1097 SHA512 8ba9dd6ab87451e126c19cc106ccd1643ca48667d6c37504d0ab98205fbccf855fd0db54474b4113c4c3a15215a4ef77a039fb897a69f71bcab2054b2effd1d9 DIST openssl-3.1.1.tar.gz.asc 833 BLAKE2B 5a2a9aeb475b843862e133d53bc5bb3c8e12e8e03b1e2da41d0eaa0eade1ae03c4318ad1f5c490c5e1ed7e6ac6275a6d7c881d99993911722b043b15d1622b25 SHA512 83349020c67e5b956f3ef37604a03a1970ea393f862691f5fd5d85930c01e559e25db17d397d8fd230c3862a8b2fba2d5c7df883d56d7472f4c01dab3a661cb2 EBUILD openssl-1.0.2u-r1.ebuild 9993 BLAKE2B 2128588b25f90830c4b9120a0e5aa079b127c28aaa590a65900d735999ce777bd8a5f04de75ba476cf5062f3d862021654a2e41a800a0f06359aaa9947269d5b SHA512 e37897b8262f7365aa6484252cbd6b56567552ec90fb299518479cb91f9b88490324c426716cc2ae4facb8d479753d8dacce56a6676adb3afd66558ce693543a +EBUILD openssl-1.1.1t-r1.ebuild 7919 BLAKE2B 2cdf1786b0ec0f7efcb74e8636e2ca37a0e26cebe5db07914791ce9e612dca1ea5cb6f4a53f2c26936b0aff1141c264d328211af412e28be1a8e896de4af6e21 SHA512 364e2eab610cf6f57591956c5d52618fc103e24a55e5d0d1e73c691fffe4a4dae5189045cc892a703efccb0e981124d41e0822347f41934cf7674cf56e12145f +EBUILD openssl-1.1.1t-r3.ebuild 8240 BLAKE2B 39fca6bb87a1e9ec112518fa01a2ce871daa44ff6536708ef03906dde1eadd8f53d480c69f3a6bcacbf541affeb9af3cc6719e94479c93d50c8fb2dcb565c40f SHA512 f793d361cb98ea89706ec4bd0442e30671f623efb815a846557f7ba514d25bede9ed8f7a7b62c5400ea2a8674de3659bbe276dd1138748116d9d651dd755308b EBUILD openssl-1.1.1u.ebuild 8043 BLAKE2B 6c19ba4e37ff0942992c2fd639840301900ff3c68dfb8f3c0ce295e58aa1717c4ed68f620e7fb29ec4fdc8f05c3ae8ff36bdb4e41ad55a19d8ca1de018e7401f SHA512 db2d39ab22c9a2e35497b74cde43c656c78e3e8015eaff5598b2a56100d8ba236a05d98945253ebcdd90b56a93fd2895d96f205bfc66f3b7c89a6b26f4b16a28 +EBUILD openssl-3.0.8-r4.ebuild 8359 BLAKE2B bf0308b0c9a37d8cba6437cad2de049cb48482e856fc810a8cd195324561c883f31bdd3978c85e79cd08ff8dadc101946ecd020365fe4bdaa27e7131d2b91857 SHA512 92caeadf8e63479ca5a6789ac3bfdfd34359855e958644d341f4ec32ee027cd3000c938bf81d706a3ec00386e138ec2c88d1e8a98c6df3e47c2b4f0656c5ba15 EBUILD openssl-3.0.9.ebuild 8103 BLAKE2B 033ec46a6826fc50f581b50b08b7e6b655a50680caaf4fc8e0c3f18c1a2dd3fa8852d908e26e40c43e7b63b4e099a19ff74375257b8e13cb9e74e418dea526cd SHA512 1bc180f1ce3991b5b4eca175aa62592ff5eb6808933885f263e4343fd4b1b6edce3a0edfe3dc343a46ab04464a9a98299d02e4b9f7e66810d64add280e0b1656 +EBUILD openssl-3.1.0-r3.ebuild 8393 BLAKE2B 5a0b57a5272298a9d81c2f01a39e7a8cb429d4795bdc8b348c6112677085c15c14f3c7b52d55f0282b464dc60cff401d510dfad0178527eefe3fa8419ea54d46 SHA512 09d8a0db1d941bf1d20d0cf89509b1d827155089bbd4ca4d8bcf03a597c6959ecbe7a3c554bb33503588b323b28a199be908e231966241c565278a190df10f39 EBUILD openssl-3.1.1.ebuild 8137 BLAKE2B f903d9c357211ab49424fee06f1f5cf6e44d4b52e301af7fb8d369f4e4508fe64256d4200e48bbc16a59b4dfc23ce233e673e362745693cade8f5876bbe058aa SHA512 48e85eccc77acbff6ec91181f21881e3abbc85ac845fa5d18cb7cd1fa6b85aa4d9dcce17096804aec325e768d9247c86364c297a5e6510ce76b9319342970273 MISC metadata.xml 1664 BLAKE2B cf9d4613e5387e7ec0787b1a6c137baa71effb8458fa63b5dea0be4d5cf7c8607257262dbf89dcc0c3db7b17b10232d32902b7569827bd4f2717b3ef7dffaaa9 SHA512 01deef1de981201c14101630d2a4ae270abcac9a4b27b068359d76f63aeb6075aceb33db60175c105294cb7045aae389168f4cf1edf0f6e3656ccc2fe92e9c92 diff --git a/dev-libs/openssl/files/openssl-1.1.1t-CVE-2023-0464.patch b/dev-libs/openssl/files/openssl-1.1.1t-CVE-2023-0464.patch new file mode 100644 index 000000000000..950e6572cd28 --- /dev/null +++ b/dev-libs/openssl/files/openssl-1.1.1t-CVE-2023-0464.patch @@ -0,0 +1,215 @@ +commit 879f7080d7e141f415c79eaa3a8ac4a3dad0348b +Author: Pauli <pauli@openssl.org> +Date: Wed Mar 8 15:28:20 2023 +1100 + + x509: excessive resource use verifying policy constraints + + A security vulnerability has been identified in all supported versions + of OpenSSL related to the verification of X.509 certificate chains + that include policy constraints. Attackers may be able to exploit this + vulnerability by creating a malicious certificate chain that triggers + exponential use of computational resources, leading to a denial-of-service + (DoS) attack on affected systems. + + Fixes CVE-2023-0464 + + Reviewed-by: Tomas Mraz <tomas@openssl.org> + Reviewed-by: Shane Lontis <shane.lontis@oracle.com> + (Merged from https://github.com/openssl/openssl/pull/20569) + +diff --git a/crypto/x509v3/pcy_local.h b/crypto/x509v3/pcy_local.h +index 5daf78de45..344aa06765 100644 +--- a/crypto/x509v3/pcy_local.h ++++ b/crypto/x509v3/pcy_local.h +@@ -111,6 +111,11 @@ struct X509_POLICY_LEVEL_st { + }; + + struct X509_POLICY_TREE_st { ++ /* The number of nodes in the tree */ ++ size_t node_count; ++ /* The maximum number of nodes in the tree */ ++ size_t node_maximum; ++ + /* This is the tree 'level' data */ + X509_POLICY_LEVEL *levels; + int nlevel; +@@ -159,7 +164,8 @@ X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk, + X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, + X509_POLICY_DATA *data, + X509_POLICY_NODE *parent, +- X509_POLICY_TREE *tree); ++ X509_POLICY_TREE *tree, ++ int extra_data); + void policy_node_free(X509_POLICY_NODE *node); + int policy_node_match(const X509_POLICY_LEVEL *lvl, + const X509_POLICY_NODE *node, const ASN1_OBJECT *oid); +diff --git a/crypto/x509v3/pcy_node.c b/crypto/x509v3/pcy_node.c +index e2d7b15322..d574fb9d66 100644 +--- a/crypto/x509v3/pcy_node.c ++++ b/crypto/x509v3/pcy_node.c +@@ -59,10 +59,15 @@ X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level, + X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, + X509_POLICY_DATA *data, + X509_POLICY_NODE *parent, +- X509_POLICY_TREE *tree) ++ X509_POLICY_TREE *tree, ++ int extra_data) + { + X509_POLICY_NODE *node; + ++ /* Verify that the tree isn't too large. This mitigates CVE-2023-0464 */ ++ if (tree->node_maximum > 0 && tree->node_count >= tree->node_maximum) ++ return NULL; ++ + node = OPENSSL_zalloc(sizeof(*node)); + if (node == NULL) { + X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE); +@@ -70,7 +75,7 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, + } + node->data = data; + node->parent = parent; +- if (level) { ++ if (level != NULL) { + if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) { + if (level->anyPolicy) + goto node_error; +@@ -90,7 +95,7 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, + } + } + +- if (tree) { ++ if (extra_data) { + if (tree->extra_data == NULL) + tree->extra_data = sk_X509_POLICY_DATA_new_null(); + if (tree->extra_data == NULL){ +@@ -103,6 +108,7 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, + } + } + ++ tree->node_count++; + if (parent) + parent->nchild++; + +diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c +index 6e8322cbc5..6c7fd35405 100644 +--- a/crypto/x509v3/pcy_tree.c ++++ b/crypto/x509v3/pcy_tree.c +@@ -13,6 +13,18 @@ + + #include "pcy_local.h" + ++/* ++ * If the maximum number of nodes in the policy tree isn't defined, set it to ++ * a generous default of 1000 nodes. ++ * ++ * Defining this to be zero means unlimited policy tree growth which opens the ++ * door on CVE-2023-0464. ++ */ ++ ++#ifndef OPENSSL_POLICY_TREE_NODES_MAX ++# define OPENSSL_POLICY_TREE_NODES_MAX 1000 ++#endif ++ + /* + * Enable this to print out the complete policy tree at various point during + * evaluation. +@@ -168,6 +180,9 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, + return X509_PCY_TREE_INTERNAL; + } + ++ /* Limit the growth of the tree to mitigate CVE-2023-0464 */ ++ tree->node_maximum = OPENSSL_POLICY_TREE_NODES_MAX; ++ + /* + * http://tools.ietf.org/html/rfc5280#section-6.1.2, figure 3. + * +@@ -184,7 +199,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, + level = tree->levels; + if ((data = policy_data_new(NULL, OBJ_nid2obj(NID_any_policy), 0)) == NULL) + goto bad_tree; +- if (level_add_node(level, data, NULL, tree) == NULL) { ++ if (level_add_node(level, data, NULL, tree, 1) == NULL) { + policy_data_free(data); + goto bad_tree; + } +@@ -243,7 +258,8 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, + * Return value: 1 on success, 0 otherwise + */ + static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr, +- X509_POLICY_DATA *data) ++ X509_POLICY_DATA *data, ++ X509_POLICY_TREE *tree) + { + X509_POLICY_LEVEL *last = curr - 1; + int i, matched = 0; +@@ -253,13 +269,13 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr, + X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(last->nodes, i); + + if (policy_node_match(last, node, data->valid_policy)) { +- if (level_add_node(curr, data, node, NULL) == NULL) ++ if (level_add_node(curr, data, node, tree, 0) == NULL) + return 0; + matched = 1; + } + } + if (!matched && last->anyPolicy) { +- if (level_add_node(curr, data, last->anyPolicy, NULL) == NULL) ++ if (level_add_node(curr, data, last->anyPolicy, tree, 0) == NULL) + return 0; + } + return 1; +@@ -272,7 +288,8 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr, + * Return value: 1 on success, 0 otherwise. + */ + static int tree_link_nodes(X509_POLICY_LEVEL *curr, +- const X509_POLICY_CACHE *cache) ++ const X509_POLICY_CACHE *cache, ++ X509_POLICY_TREE *tree) + { + int i; + +@@ -280,7 +297,7 @@ static int tree_link_nodes(X509_POLICY_LEVEL *curr, + X509_POLICY_DATA *data = sk_X509_POLICY_DATA_value(cache->data, i); + + /* Look for matching nodes in previous level */ +- if (!tree_link_matching_nodes(curr, data)) ++ if (!tree_link_matching_nodes(curr, data, tree)) + return 0; + } + return 1; +@@ -311,7 +328,7 @@ static int tree_add_unmatched(X509_POLICY_LEVEL *curr, + /* Curr may not have anyPolicy */ + data->qualifier_set = cache->anyPolicy->qualifier_set; + data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS; +- if (level_add_node(curr, data, node, tree) == NULL) { ++ if (level_add_node(curr, data, node, tree, 1) == NULL) { + policy_data_free(data); + return 0; + } +@@ -373,7 +390,7 @@ static int tree_link_any(X509_POLICY_LEVEL *curr, + } + /* Finally add link to anyPolicy */ + if (last->anyPolicy && +- level_add_node(curr, cache->anyPolicy, last->anyPolicy, NULL) == NULL) ++ level_add_node(curr, cache->anyPolicy, last->anyPolicy, tree, 0) == NULL) + return 0; + return 1; + } +@@ -555,7 +572,7 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree, + extra->qualifier_set = anyPolicy->data->qualifier_set; + extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS + | POLICY_DATA_FLAG_EXTRA_NODE; +- node = level_add_node(NULL, extra, anyPolicy->parent, tree); ++ node = level_add_node(NULL, extra, anyPolicy->parent, tree, 1); + } + if (!tree->user_policies) { + tree->user_policies = sk_X509_POLICY_NODE_new_null(); +@@ -582,7 +599,7 @@ static int tree_evaluate(X509_POLICY_TREE *tree) + + for (i = 1; i < tree->nlevel; i++, curr++) { + cache = policy_cache_set(curr->cert); +- if (!tree_link_nodes(curr, cache)) ++ if (!tree_link_nodes(curr, cache, tree)) + return X509_PCY_TREE_INTERNAL; + + if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY) diff --git a/dev-libs/openssl/files/openssl-1.1.1t-CVE-2023-0465.patch b/dev-libs/openssl/files/openssl-1.1.1t-CVE-2023-0465.patch new file mode 100644 index 000000000000..c332e0bd2c9f --- /dev/null +++ b/dev-libs/openssl/files/openssl-1.1.1t-CVE-2023-0465.patch @@ -0,0 +1,48 @@ +commit b013765abfa80036dc779dd0e50602c57bb3bf95 +Author: Matt Caswell <matt@openssl.org> +Date: Tue Mar 7 16:52:55 2023 +0000 + + Ensure that EXFLAG_INVALID_POLICY is checked even in leaf certs + + Even though we check the leaf cert to confirm it is valid, we + later ignored the invalid flag and did not notice that the leaf + cert was bad. + + Fixes: CVE-2023-0465 + + Reviewed-by: Hugo Landau <hlandau@openssl.org> + Reviewed-by: Tomas Mraz <tomas@openssl.org> + (Merged from https://github.com/openssl/openssl/pull/20588) + +diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c +index 925fbb5412..1dfe4f9f31 100644 +--- a/crypto/x509/x509_vfy.c ++++ b/crypto/x509/x509_vfy.c +@@ -1649,18 +1649,25 @@ static int check_policy(X509_STORE_CTX *ctx) + } + /* Invalid or inconsistent extensions */ + if (ret == X509_PCY_TREE_INVALID) { +- int i; ++ int i, cbcalled = 0; + + /* Locate certificates with bad extensions and notify callback. */ +- for (i = 1; i < sk_X509_num(ctx->chain); i++) { ++ for (i = 0; i < sk_X509_num(ctx->chain); i++) { + X509 *x = sk_X509_value(ctx->chain, i); + + if (!(x->ex_flags & EXFLAG_INVALID_POLICY)) + continue; ++ cbcalled = 1; + if (!verify_cb_cert(ctx, x, i, + X509_V_ERR_INVALID_POLICY_EXTENSION)) + return 0; + } ++ if (!cbcalled) { ++ /* Should not be able to get here */ ++ X509err(X509_F_CHECK_POLICY, ERR_R_INTERNAL_ERROR); ++ return 0; ++ } ++ /* The callback ignored the error so we return success */ + return 1; + } + if (ret == X509_PCY_TREE_FAILURE) { diff --git a/dev-libs/openssl/files/openssl-1.1.1t-CVE-2023-0466.patch b/dev-libs/openssl/files/openssl-1.1.1t-CVE-2023-0466.patch new file mode 100644 index 000000000000..9a59d2846a48 --- /dev/null +++ b/dev-libs/openssl/files/openssl-1.1.1t-CVE-2023-0466.patch @@ -0,0 +1,41 @@ +commit 0d16b7e99aafc0b4a6d729eec65a411a7e025f0a +Author: Tomas Mraz <tomas@openssl.org> +Date: Tue Mar 21 16:15:47 2023 +0100 + + Fix documentation of X509_VERIFY_PARAM_add0_policy() + + The function was incorrectly documented as enabling policy checking. + + Fixes: CVE-2023-0466 + + Reviewed-by: Matt Caswell <matt@openssl.org> + Reviewed-by: Paul Dale <pauli@openssl.org> + (Merged from https://github.com/openssl/openssl/pull/20564) + +diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod +index f6f304bf7b..aa292f9336 100644 +--- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod ++++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod +@@ -92,8 +92,9 @@ B<trust>. + X509_VERIFY_PARAM_set_time() sets the verification time in B<param> to + B<t>. Normally the current time is used. + +-X509_VERIFY_PARAM_add0_policy() enables policy checking (it is disabled +-by default) and adds B<policy> to the acceptable policy set. ++X509_VERIFY_PARAM_add0_policy() adds B<policy> to the acceptable policy set. ++Contrary to preexisting documentation of this function it does not enable ++policy checking. + + X509_VERIFY_PARAM_set1_policies() enables policy checking (it is disabled + by default) and sets the acceptable policy set to B<policies>. Any existing +@@ -377,6 +378,10 @@ and has no effect. + + The X509_VERIFY_PARAM_get_hostflags() function was added in OpenSSL 1.1.0i. + ++The function X509_VERIFY_PARAM_add0_policy() was historically documented as ++enabling policy checking however the implementation has never done this. ++The documentation was changed to align with the implementation. ++ + =head1 COPYRIGHT + + Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/dev-libs/openssl/files/openssl-3.0.8-CVE-2023-0464.patch b/dev-libs/openssl/files/openssl-3.0.8-CVE-2023-0464.patch new file mode 100644 index 000000000000..3cf1d3b38ec9 --- /dev/null +++ b/dev-libs/openssl/files/openssl-3.0.8-CVE-2023-0464.patch @@ -0,0 +1,214 @@ +commit 959c59c7a0164117e7f8366466a32bb1f8d77ff1 +Author: Pauli <pauli@openssl.org> +Date: Wed Mar 8 15:28:20 2023 +1100 + + x509: excessive resource use verifying policy constraints + + A security vulnerability has been identified in all supported versions + of OpenSSL related to the verification of X.509 certificate chains + that include policy constraints. Attackers may be able to exploit this + vulnerability by creating a malicious certificate chain that triggers + exponential use of computational resources, leading to a denial-of-service + (DoS) attack on affected systems. + + Fixes CVE-2023-0464 + + Reviewed-by: Tomas Mraz <tomas@openssl.org> + Reviewed-by: Shane Lontis <shane.lontis@oracle.com> + (Merged from https://github.com/openssl/openssl/pull/20568) + +diff --git a/crypto/x509/pcy_local.h b/crypto/x509/pcy_local.h +index 18b53cc09e..cba107ca03 100644 +--- a/crypto/x509/pcy_local.h ++++ b/crypto/x509/pcy_local.h +@@ -111,6 +111,11 @@ struct X509_POLICY_LEVEL_st { + }; + + struct X509_POLICY_TREE_st { ++ /* The number of nodes in the tree */ ++ size_t node_count; ++ /* The maximum number of nodes in the tree */ ++ size_t node_maximum; ++ + /* This is the tree 'level' data */ + X509_POLICY_LEVEL *levels; + int nlevel; +@@ -157,7 +162,8 @@ X509_POLICY_NODE *ossl_policy_tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk, + X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level, + X509_POLICY_DATA *data, + X509_POLICY_NODE *parent, +- X509_POLICY_TREE *tree); ++ X509_POLICY_TREE *tree, ++ int extra_data); + void ossl_policy_node_free(X509_POLICY_NODE *node); + int ossl_policy_node_match(const X509_POLICY_LEVEL *lvl, + const X509_POLICY_NODE *node, const ASN1_OBJECT *oid); +diff --git a/crypto/x509/pcy_node.c b/crypto/x509/pcy_node.c +index 9d9a7ea179..450f95a655 100644 +--- a/crypto/x509/pcy_node.c ++++ b/crypto/x509/pcy_node.c +@@ -59,10 +59,15 @@ X509_POLICY_NODE *ossl_policy_level_find_node(const X509_POLICY_LEVEL *level, + X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level, + X509_POLICY_DATA *data, + X509_POLICY_NODE *parent, +- X509_POLICY_TREE *tree) ++ X509_POLICY_TREE *tree, ++ int extra_data) + { + X509_POLICY_NODE *node; + ++ /* Verify that the tree isn't too large. This mitigates CVE-2023-0464 */ ++ if (tree->node_maximum > 0 && tree->node_count >= tree->node_maximum) ++ return NULL; ++ + node = OPENSSL_zalloc(sizeof(*node)); + if (node == NULL) { + ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); +@@ -70,7 +75,7 @@ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level, + } + node->data = data; + node->parent = parent; +- if (level) { ++ if (level != NULL) { + if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) { + if (level->anyPolicy) + goto node_error; +@@ -90,7 +95,7 @@ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level, + } + } + +- if (tree) { ++ if (extra_data) { + if (tree->extra_data == NULL) + tree->extra_data = sk_X509_POLICY_DATA_new_null(); + if (tree->extra_data == NULL){ +@@ -103,6 +108,7 @@ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level, + } + } + ++ tree->node_count++; + if (parent) + parent->nchild++; + +diff --git a/crypto/x509/pcy_tree.c b/crypto/x509/pcy_tree.c +index fa45da5117..f953a05a41 100644 +--- a/crypto/x509/pcy_tree.c ++++ b/crypto/x509/pcy_tree.c +@@ -14,6 +14,17 @@ + + #include "pcy_local.h" + ++/* ++ * If the maximum number of nodes in the policy tree isn't defined, set it to ++ * a generous default of 1000 nodes. ++ * ++ * Defining this to be zero means unlimited policy tree growth which opens the ++ * door on CVE-2023-0464. ++ */ ++#ifndef OPENSSL_POLICY_TREE_NODES_MAX ++# define OPENSSL_POLICY_TREE_NODES_MAX 1000 ++#endif ++ + static void expected_print(BIO *channel, + X509_POLICY_LEVEL *lev, X509_POLICY_NODE *node, + int indent) +@@ -163,6 +174,9 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, + return X509_PCY_TREE_INTERNAL; + } + ++ /* Limit the growth of the tree to mitigate CVE-2023-0464 */ ++ tree->node_maximum = OPENSSL_POLICY_TREE_NODES_MAX; ++ + /* + * http://tools.ietf.org/html/rfc5280#section-6.1.2, figure 3. + * +@@ -180,7 +194,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, + if ((data = ossl_policy_data_new(NULL, + OBJ_nid2obj(NID_any_policy), 0)) == NULL) + goto bad_tree; +- if (ossl_policy_level_add_node(level, data, NULL, tree) == NULL) { ++ if (ossl_policy_level_add_node(level, data, NULL, tree, 1) == NULL) { + ossl_policy_data_free(data); + goto bad_tree; + } +@@ -239,7 +253,8 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, + * Return value: 1 on success, 0 otherwise + */ + static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr, +- X509_POLICY_DATA *data) ++ X509_POLICY_DATA *data, ++ X509_POLICY_TREE *tree) + { + X509_POLICY_LEVEL *last = curr - 1; + int i, matched = 0; +@@ -249,13 +264,13 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr, + X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(last->nodes, i); + + if (ossl_policy_node_match(last, node, data->valid_policy)) { +- if (ossl_policy_level_add_node(curr, data, node, NULL) == NULL) ++ if (ossl_policy_level_add_node(curr, data, node, tree, 0) == NULL) + return 0; + matched = 1; + } + } + if (!matched && last->anyPolicy) { +- if (ossl_policy_level_add_node(curr, data, last->anyPolicy, NULL) == NULL) ++ if (ossl_policy_level_add_node(curr, data, last->anyPolicy, tree, 0) == NULL) + return 0; + } + return 1; +@@ -268,7 +283,8 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr, + * Return value: 1 on success, 0 otherwise. + */ + static int tree_link_nodes(X509_POLICY_LEVEL *curr, +- const X509_POLICY_CACHE *cache) ++ const X509_POLICY_CACHE *cache, ++ X509_POLICY_TREE *tree) + { + int i; + +@@ -276,7 +292,7 @@ static int tree_link_nodes(X509_POLICY_LEVEL *curr, + X509_POLICY_DATA *data = sk_X509_POLICY_DATA_value(cache->data, i); + + /* Look for matching nodes in previous level */ +- if (!tree_link_matching_nodes(curr, data)) ++ if (!tree_link_matching_nodes(curr, data, tree)) + return 0; + } + return 1; +@@ -307,7 +323,7 @@ static int tree_add_unmatched(X509_POLICY_LEVEL *curr, + /* Curr may not have anyPolicy */ + data->qualifier_set = cache->anyPolicy->qualifier_set; + data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS; +- if (ossl_policy_level_add_node(curr, data, node, tree) == NULL) { ++ if (ossl_policy_level_add_node(curr, data, node, tree, 1) == NULL) { + ossl_policy_data_free(data); + return 0; + } +@@ -370,7 +386,7 @@ static int tree_link_any(X509_POLICY_LEVEL *curr, + /* Finally add link to anyPolicy */ + if (last->anyPolicy && + ossl_policy_level_add_node(curr, cache->anyPolicy, +- last->anyPolicy, NULL) == NULL) ++ last->anyPolicy, tree, 0) == NULL) + return 0; + return 1; + } +@@ -553,7 +569,7 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree, + extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS + | POLICY_DATA_FLAG_EXTRA_NODE; + node = ossl_policy_level_add_node(NULL, extra, anyPolicy->parent, +- tree); ++ tree, 1); + } + if (!tree->user_policies) { + tree->user_policies = sk_X509_POLICY_NODE_new_null(); +@@ -580,7 +596,7 @@ static int tree_evaluate(X509_POLICY_TREE *tree) + + for (i = 1; i < tree->nlevel; i++, curr++) { + cache = ossl_policy_cache_set(curr->cert); +- if (!tree_link_nodes(curr, cache)) ++ if (!tree_link_nodes(curr, cache, tree)) + return X509_PCY_TREE_INTERNAL; + + if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY) diff --git a/dev-libs/openssl/files/openssl-3.0.8-CVE-2023-0465.patch b/dev-libs/openssl/files/openssl-3.0.8-CVE-2023-0465.patch new file mode 100644 index 000000000000..852706d8aa92 --- /dev/null +++ b/dev-libs/openssl/files/openssl-3.0.8-CVE-2023-0465.patch @@ -0,0 +1,46 @@ +commit 1dd43e0709fece299b15208f36cc7c76209ba0bb +Author: Matt Caswell <matt@openssl.org> +Date: Tue Mar 7 16:52:55 2023 +0000 + + Ensure that EXFLAG_INVALID_POLICY is checked even in leaf certs + + Even though we check the leaf cert to confirm it is valid, we + later ignored the invalid flag and did not notice that the leaf + cert was bad. + + Fixes: CVE-2023-0465 + + Reviewed-by: Hugo Landau <hlandau@openssl.org> + Reviewed-by: Tomas Mraz <tomas@openssl.org> + (Merged from https://github.com/openssl/openssl/pull/20587) + +diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c +index 9384f1da9b..a0282c3ef1 100644 +--- a/crypto/x509/x509_vfy.c ++++ b/crypto/x509/x509_vfy.c +@@ -1654,15 +1654,23 @@ static int check_policy(X509_STORE_CTX *ctx) + goto memerr; + /* Invalid or inconsistent extensions */ + if (ret == X509_PCY_TREE_INVALID) { +- int i; ++ int i, cbcalled = 0; + + /* Locate certificates with bad extensions and notify callback. */ +- for (i = 1; i < sk_X509_num(ctx->chain); i++) { ++ for (i = 0; i < sk_X509_num(ctx->chain); i++) { + X509 *x = sk_X509_value(ctx->chain, i); + ++ if ((x->ex_flags & EXFLAG_INVALID_POLICY) != 0) ++ cbcalled = 1; + CB_FAIL_IF((x->ex_flags & EXFLAG_INVALID_POLICY) != 0, + ctx, x, i, X509_V_ERR_INVALID_POLICY_EXTENSION); + } ++ if (!cbcalled) { ++ /* Should not be able to get here */ ++ ERR_raise(ERR_LIB_X509, ERR_R_INTERNAL_ERROR); ++ return 0; ++ } ++ /* The callback ignored the error so we return success */ + return 1; + } + if (ret == X509_PCY_TREE_FAILURE) { diff --git a/dev-libs/openssl/files/openssl-3.0.8-CVE-2023-0466.patch b/dev-libs/openssl/files/openssl-3.0.8-CVE-2023-0466.patch new file mode 100644 index 000000000000..c71665d82e18 --- /dev/null +++ b/dev-libs/openssl/files/openssl-3.0.8-CVE-2023-0466.patch @@ -0,0 +1,41 @@ +commit 51e8a84ce742db0f6c70510d0159dad8f7825908 +Author: Tomas Mraz <tomas@openssl.org> +Date: Tue Mar 21 16:15:47 2023 +0100 + + Fix documentation of X509_VERIFY_PARAM_add0_policy() + + The function was incorrectly documented as enabling policy checking. + + Fixes: CVE-2023-0466 + + Reviewed-by: Matt Caswell <matt@openssl.org> + Reviewed-by: Paul Dale <pauli@openssl.org> + (Merged from https://github.com/openssl/openssl/pull/20563) + +diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod +index 75a1677022..43c1900bca 100644 +--- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod ++++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod +@@ -98,8 +98,9 @@ B<trust>. + X509_VERIFY_PARAM_set_time() sets the verification time in B<param> to + B<t>. Normally the current time is used. + +-X509_VERIFY_PARAM_add0_policy() enables policy checking (it is disabled +-by default) and adds B<policy> to the acceptable policy set. ++X509_VERIFY_PARAM_add0_policy() adds B<policy> to the acceptable policy set. ++Contrary to preexisting documentation of this function it does not enable ++policy checking. + + X509_VERIFY_PARAM_set1_policies() enables policy checking (it is disabled + by default) and sets the acceptable policy set to B<policies>. Any existing +@@ -400,6 +401,10 @@ The X509_VERIFY_PARAM_get_hostflags() function was added in OpenSSL 1.1.0i. + The X509_VERIFY_PARAM_get0_host(), X509_VERIFY_PARAM_get0_email(), + and X509_VERIFY_PARAM_get1_ip_asc() functions were added in OpenSSL 3.0. + ++The function X509_VERIFY_PARAM_add0_policy() was historically documented as ++enabling policy checking however the implementation has never done this. ++The documentation was changed to align with the implementation. ++ + =head1 COPYRIGHT + + Copyright 2009-2023 The OpenSSL Project Authors. All Rights Reserved. diff --git a/dev-libs/openssl/files/openssl-3.0.8-CVE-2023-1255.patch b/dev-libs/openssl/files/openssl-3.0.8-CVE-2023-1255.patch new file mode 100644 index 000000000000..9b1a657d51be --- /dev/null +++ b/dev-libs/openssl/files/openssl-3.0.8-CVE-2023-1255.patch @@ -0,0 +1,40 @@ +commit 02ac9c9420275868472f33b01def01218742b8bb +Author: Tomas Mraz <tomas@openssl.org> +Date: Mon Apr 17 16:51:20 2023 +0200 + + aesv8-armx.pl: Avoid buffer overrread in AES-XTS decryption + + Original author: Nevine Ebeid (Amazon) + Fixes: CVE-2023-1255 + + The buffer overread happens on decrypts of 4 mod 5 sizes. + Unless the memory just after the buffer is unmapped this is harmless. + + Reviewed-by: Paul Dale <pauli@openssl.org> + Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> + (Merged from https://github.com/openssl/openssl/pull/20759) + + (cherry picked from commit 72dfe46550ee1f1bbfacd49f071419365bc23304) + +diff --git a/crypto/aes/asm/aesv8-armx.pl b/crypto/aes/asm/aesv8-armx.pl +index 6a7bf05d1b..bd583e2c89 100755 +--- a/crypto/aes/asm/aesv8-armx.pl ++++ b/crypto/aes/asm/aesv8-armx.pl +@@ -3353,7 +3353,7 @@ $code.=<<___ if ($flavour =~ /64/); + .align 4 + .Lxts_dec_tail4x: + add $inp,$inp,#16 +- vld1.32 {$dat0},[$inp],#16 ++ tst $tailcnt,#0xf + veor $tmp1,$dat1,$tmp0 + vst1.8 {$tmp1},[$out],#16 + veor $tmp2,$dat2,$tmp2 +@@ -3362,6 +3362,8 @@ $code.=<<___ if ($flavour =~ /64/); + veor $tmp4,$dat4,$tmp4 + vst1.8 {$tmp3-$tmp4},[$out],#32 + ++ b.eq .Lxts_dec_abort ++ vld1.32 {$dat0},[$inp],#16 + b .Lxts_done + .align 4 + .Lxts_outer_dec_tail: diff --git a/dev-libs/openssl/files/openssl-3.0.8-mips-cflags.patch b/dev-libs/openssl/files/openssl-3.0.8-mips-cflags.patch new file mode 100644 index 000000000000..111681f27d07 --- /dev/null +++ b/dev-libs/openssl/files/openssl-3.0.8-mips-cflags.patch @@ -0,0 +1,30 @@ +https://bugs.gentoo.org/894140 +https://github.com/openssl/openssl/issues/20214 + +From d500b51791cd56e73065e3a7f4487fc33f31c91c Mon Sep 17 00:00:00 2001 +From: Mike Gilbert <floppym@gentoo.org> +Date: Sun, 12 Feb 2023 17:56:58 -0500 +Subject: [PATCH] Fix Configure test for -mips in CFLAGS + +We want to add -mips2 or -mips3 only if the user hasn't already +specified a mips version in CFLAGS. The existing test was a +double-negative. + +Fixes: https://github.com/openssl/openssl/issues/20214 +--- + Configure | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Configure b/Configure +index b6bbec0a85c4..ec48614d6b99 100755 +--- a/Configure ++++ b/Configure +@@ -1475,7 +1475,7 @@ if ($target =~ /^mingw/ && `$config{CC} --target-help 2>&1` =~ m/-mno-cygwin/m) + } + + if ($target =~ /linux.*-mips/ && !$disabled{asm} +- && !grep { $_ !~ /-m(ips|arch=)/ } (@{$config{CFLAGS}})) { ++ && !grep { $_ =~ /-m(ips|arch=)/ } (@{$config{CFLAGS}})) { + # minimally required architecture flags for assembly modules + my $value; + $value = '-mips2' if ($target =~ /mips32/); diff --git a/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0464.patch b/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0464.patch new file mode 100644 index 000000000000..dfe83e53d0ad --- /dev/null +++ b/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0464.patch @@ -0,0 +1,214 @@ +commit 2017771e2db3e2b96f89bbe8766c3209f6a99545 +Author: Pauli <pauli@openssl.org> +Date: Wed Mar 8 15:28:20 2023 +1100 + + x509: excessive resource use verifying policy constraints + + A security vulnerability has been identified in all supported versions + of OpenSSL related to the verification of X.509 certificate chains + that include policy constraints. Attackers may be able to exploit this + vulnerability by creating a malicious certificate chain that triggers + exponential use of computational resources, leading to a denial-of-service + (DoS) attack on affected systems. + + Fixes CVE-2023-0464 + + Reviewed-by: Tomas Mraz <tomas@openssl.org> + Reviewed-by: Shane Lontis <shane.lontis@oracle.com> + (Merged from https://github.com/openssl/openssl/pull/20570) + +diff --git a/crypto/x509/pcy_local.h b/crypto/x509/pcy_local.h +index 18b53cc09e..cba107ca03 100644 +--- a/crypto/x509/pcy_local.h ++++ b/crypto/x509/pcy_local.h +@@ -111,6 +111,11 @@ struct X509_POLICY_LEVEL_st { + }; + + struct X509_POLICY_TREE_st { ++ /* The number of nodes in the tree */ ++ size_t node_count; ++ /* The maximum number of nodes in the tree */ ++ size_t node_maximum; ++ + /* This is the tree 'level' data */ + X509_POLICY_LEVEL *levels; + int nlevel; +@@ -157,7 +162,8 @@ X509_POLICY_NODE *ossl_policy_tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk, + X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level, + X509_POLICY_DATA *data, + X509_POLICY_NODE *parent, +- X509_POLICY_TREE *tree); ++ X509_POLICY_TREE *tree, ++ int extra_data); + void ossl_policy_node_free(X509_POLICY_NODE *node); + int ossl_policy_node_match(const X509_POLICY_LEVEL *lvl, + const X509_POLICY_NODE *node, const ASN1_OBJECT *oid); +diff --git a/crypto/x509/pcy_node.c b/crypto/x509/pcy_node.c +index 9d9a7ea179..450f95a655 100644 +--- a/crypto/x509/pcy_node.c ++++ b/crypto/x509/pcy_node.c +@@ -59,10 +59,15 @@ X509_POLICY_NODE *ossl_policy_level_find_node(const X509_POLICY_LEVEL *level, + X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level, + X509_POLICY_DATA *data, + X509_POLICY_NODE *parent, +- X509_POLICY_TREE *tree) ++ X509_POLICY_TREE *tree, ++ int extra_data) + { + X509_POLICY_NODE *node; + ++ /* Verify that the tree isn't too large. This mitigates CVE-2023-0464 */ ++ if (tree->node_maximum > 0 && tree->node_count >= tree->node_maximum) ++ return NULL; ++ + node = OPENSSL_zalloc(sizeof(*node)); + if (node == NULL) { + ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); +@@ -70,7 +75,7 @@ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level, + } + node->data = data; + node->parent = parent; +- if (level) { ++ if (level != NULL) { + if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) { + if (level->anyPolicy) + goto node_error; +@@ -90,7 +95,7 @@ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level, + } + } + +- if (tree) { ++ if (extra_data) { + if (tree->extra_data == NULL) + tree->extra_data = sk_X509_POLICY_DATA_new_null(); + if (tree->extra_data == NULL){ +@@ -103,6 +108,7 @@ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level, + } + } + ++ tree->node_count++; + if (parent) + parent->nchild++; + +diff --git a/crypto/x509/pcy_tree.c b/crypto/x509/pcy_tree.c +index fa45da5117..f953a05a41 100644 +--- a/crypto/x509/pcy_tree.c ++++ b/crypto/x509/pcy_tree.c +@@ -14,6 +14,17 @@ + + #include "pcy_local.h" + ++/* ++ * If the maximum number of nodes in the policy tree isn't defined, set it to ++ * a generous default of 1000 nodes. ++ * ++ * Defining this to be zero means unlimited policy tree growth which opens the ++ * door on CVE-2023-0464. ++ */ ++#ifndef OPENSSL_POLICY_TREE_NODES_MAX ++# define OPENSSL_POLICY_TREE_NODES_MAX 1000 ++#endif ++ + static void expected_print(BIO *channel, + X509_POLICY_LEVEL *lev, X509_POLICY_NODE *node, + int indent) +@@ -163,6 +174,9 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, + return X509_PCY_TREE_INTERNAL; + } + ++ /* Limit the growth of the tree to mitigate CVE-2023-0464 */ ++ tree->node_maximum = OPENSSL_POLICY_TREE_NODES_MAX; ++ + /* + * http://tools.ietf.org/html/rfc5280#section-6.1.2, figure 3. + * +@@ -180,7 +194,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, + if ((data = ossl_policy_data_new(NULL, + OBJ_nid2obj(NID_any_policy), 0)) == NULL) + goto bad_tree; +- if (ossl_policy_level_add_node(level, data, NULL, tree) == NULL) { ++ if (ossl_policy_level_add_node(level, data, NULL, tree, 1) == NULL) { + ossl_policy_data_free(data); + goto bad_tree; + } +@@ -239,7 +253,8 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, + * Return value: 1 on success, 0 otherwise + */ + static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr, +- X509_POLICY_DATA *data) ++ X509_POLICY_DATA *data, ++ X509_POLICY_TREE *tree) + { + X509_POLICY_LEVEL *last = curr - 1; + int i, matched = 0; +@@ -249,13 +264,13 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr, + X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(last->nodes, i); + + if (ossl_policy_node_match(last, node, data->valid_policy)) { +- if (ossl_policy_level_add_node(curr, data, node, NULL) == NULL) ++ if (ossl_policy_level_add_node(curr, data, node, tree, 0) == NULL) + return 0; + matched = 1; + } + } + if (!matched && last->anyPolicy) { +- if (ossl_policy_level_add_node(curr, data, last->anyPolicy, NULL) == NULL) ++ if (ossl_policy_level_add_node(curr, data, last->anyPolicy, tree, 0) == NULL) + return 0; + } + return 1; +@@ -268,7 +283,8 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr, + * Return value: 1 on success, 0 otherwise. + */ + static int tree_link_nodes(X509_POLICY_LEVEL *curr, +- const X509_POLICY_CACHE *cache) ++ const X509_POLICY_CACHE *cache, ++ X509_POLICY_TREE *tree) + { + int i; + +@@ -276,7 +292,7 @@ static int tree_link_nodes(X509_POLICY_LEVEL *curr, + X509_POLICY_DATA *data = sk_X509_POLICY_DATA_value(cache->data, i); + + /* Look for matching nodes in previous level */ +- if (!tree_link_matching_nodes(curr, data)) ++ if (!tree_link_matching_nodes(curr, data, tree)) + return 0; + } + return 1; +@@ -307,7 +323,7 @@ static int tree_add_unmatched(X509_POLICY_LEVEL *curr, + /* Curr may not have anyPolicy */ + data->qualifier_set = cache->anyPolicy->qualifier_set; + data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS; +- if (ossl_policy_level_add_node(curr, data, node, tree) == NULL) { ++ if (ossl_policy_level_add_node(curr, data, node, tree, 1) == NULL) { + ossl_policy_data_free(data); + return 0; + } +@@ -370,7 +386,7 @@ static int tree_link_any(X509_POLICY_LEVEL *curr, + /* Finally add link to anyPolicy */ + if (last->anyPolicy && + ossl_policy_level_add_node(curr, cache->anyPolicy, +- last->anyPolicy, NULL) == NULL) ++ last->anyPolicy, tree, 0) == NULL) + return 0; + return 1; + } +@@ -553,7 +569,7 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree, + extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS + | POLICY_DATA_FLAG_EXTRA_NODE; + node = ossl_policy_level_add_node(NULL, extra, anyPolicy->parent, +- tree); ++ tree, 1); + } + if (!tree->user_policies) { + tree->user_policies = sk_X509_POLICY_NODE_new_null(); +@@ -580,7 +596,7 @@ static int tree_evaluate(X509_POLICY_TREE *tree) + + for (i = 1; i < tree->nlevel; i++, curr++) { + cache = ossl_policy_cache_set(curr->cert); +- if (!tree_link_nodes(curr, cache)) ++ if (!tree_link_nodes(curr, cache, tree)) + return X509_PCY_TREE_INTERNAL; + + if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY) diff --git a/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0465.patch b/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0465.patch new file mode 100644 index 000000000000..a98f7cba13bd --- /dev/null +++ b/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0465.patch @@ -0,0 +1,46 @@ +commit facfb1ab745646e97a1920977ae4a9965ea61d5c +Author: Matt Caswell <matt@openssl.org> +Date: Tue Mar 7 16:52:55 2023 +0000 + + Ensure that EXFLAG_INVALID_POLICY is checked even in leaf certs + + Even though we check the leaf cert to confirm it is valid, we + later ignored the invalid flag and did not notice that the leaf + cert was bad. + + Fixes: CVE-2023-0465 + + Reviewed-by: Hugo Landau <hlandau@openssl.org> + Reviewed-by: Tomas Mraz <tomas@openssl.org> + (Merged from https://github.com/openssl/openssl/pull/20586) + +diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c +index 9384f1da9b..a0282c3ef1 100644 +--- a/crypto/x509/x509_vfy.c ++++ b/crypto/x509/x509_vfy.c +@@ -1654,15 +1654,23 @@ static int check_policy(X509_STORE_CTX *ctx) + goto memerr; + /* Invalid or inconsistent extensions */ + if (ret == X509_PCY_TREE_INVALID) { +- int i; ++ int i, cbcalled = 0; + + /* Locate certificates with bad extensions and notify callback. */ +- for (i = 1; i < sk_X509_num(ctx->chain); i++) { ++ for (i = 0; i < sk_X509_num(ctx->chain); i++) { + X509 *x = sk_X509_value(ctx->chain, i); + ++ if ((x->ex_flags & EXFLAG_INVALID_POLICY) != 0) ++ cbcalled = 1; + CB_FAIL_IF((x->ex_flags & EXFLAG_INVALID_POLICY) != 0, + ctx, x, i, X509_V_ERR_INVALID_POLICY_EXTENSION); + } ++ if (!cbcalled) { ++ /* Should not be able to get here */ ++ ERR_raise(ERR_LIB_X509, ERR_R_INTERNAL_ERROR); ++ return 0; ++ } ++ /* The callback ignored the error so we return success */ + return 1; + } + if (ret == X509_PCY_TREE_FAILURE) { diff --git a/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0466.patch b/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0466.patch new file mode 100644 index 000000000000..9a315f4c00fd --- /dev/null +++ b/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0466.patch @@ -0,0 +1,41 @@ +commit fc814a30fc4f0bc54fcea7d9a7462f5457aab061 +Author: Tomas Mraz <tomas@openssl.org> +Date: Tue Mar 21 16:15:47 2023 +0100 + + Fix documentation of X509_VERIFY_PARAM_add0_policy() + + The function was incorrectly documented as enabling policy checking. + + Fixes: CVE-2023-0466 + + Reviewed-by: Paul Dale <pauli@openssl.org> + Reviewed-by: Matt Caswell <matt@openssl.org> + (Merged from https://github.com/openssl/openssl/pull/20562) + +diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod +index 20aea99b5b..fcbbfc4c30 100644 +--- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod ++++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod +@@ -98,8 +98,9 @@ B<trust>. + X509_VERIFY_PARAM_set_time() sets the verification time in B<param> to + B<t>. Normally the current time is used. + +-X509_VERIFY_PARAM_add0_policy() enables policy checking (it is disabled +-by default) and adds B<policy> to the acceptable policy set. ++X509_VERIFY_PARAM_add0_policy() adds B<policy> to the acceptable policy set. ++Contrary to preexisting documentation of this function it does not enable ++policy checking. + + X509_VERIFY_PARAM_set1_policies() enables policy checking (it is disabled + by default) and sets the acceptable policy set to B<policies>. Any existing +@@ -400,6 +401,10 @@ The X509_VERIFY_PARAM_get_hostflags() function was added in OpenSSL 1.1.0i. + The X509_VERIFY_PARAM_get0_host(), X509_VERIFY_PARAM_get0_email(), + and X509_VERIFY_PARAM_get1_ip_asc() functions were added in OpenSSL 3.0. + ++The function X509_VERIFY_PARAM_add0_policy() was historically documented as ++enabling policy checking however the implementation has never done this. ++The documentation was changed to align with the implementation. ++ + =head1 COPYRIGHT + + Copyright 2009-2023 The OpenSSL Project Authors. All Rights Reserved. diff --git a/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-1255.patch b/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-1255.patch new file mode 100644 index 000000000000..aea425f83556 --- /dev/null +++ b/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-1255.patch @@ -0,0 +1,40 @@ +commit bc2f61ad70971869b242fc1cb445b98bad50074a +Author: Tomas Mraz <tomas@openssl.org> +Date: Mon Apr 17 16:51:20 2023 +0200 + + aesv8-armx.pl: Avoid buffer overrread in AES-XTS decryption + + Original author: Nevine Ebeid (Amazon) + Fixes: CVE-2023-1255 + + The buffer overread happens on decrypts of 4 mod 5 sizes. + Unless the memory just after the buffer is unmapped this is harmless. + + Reviewed-by: Paul Dale <pauli@openssl.org> + Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> + (Merged from https://github.com/openssl/openssl/pull/20759) + + (cherry picked from commit 72dfe46550ee1f1bbfacd49f071419365bc23304) + +diff --git a/crypto/aes/asm/aesv8-armx.pl b/crypto/aes/asm/aesv8-armx.pl +index ea74217317..efd3ccd1a4 100755 +--- a/crypto/aes/asm/aesv8-armx.pl ++++ b/crypto/aes/asm/aesv8-armx.pl +@@ -3367,7 +3367,7 @@ $code.=<<___ if ($flavour =~ /64/); + .align 4 + .Lxts_dec_tail4x: + add $inp,$inp,#16 +- vld1.32 {$dat0},[$inp],#16 ++ tst $tailcnt,#0xf + veor $tmp1,$dat1,$tmp0 + vst1.8 {$tmp1},[$out],#16 + veor $tmp2,$dat2,$tmp2 +@@ -3376,6 +3376,8 @@ $code.=<<___ if ($flavour =~ /64/); + veor $tmp4,$dat4,$tmp4 + vst1.8 {$tmp3-$tmp4},[$out],#32 + ++ b.eq .Lxts_dec_abort ++ vld1.32 {$dat0},[$inp],#16 + b .Lxts_done + .align 4 + .Lxts_outer_dec_tail: diff --git a/dev-libs/openssl/openssl-1.1.1t-r1.ebuild b/dev-libs/openssl/openssl-1.1.1t-r1.ebuild new file mode 100644 index 000000000000..1d43a457c82a --- /dev/null +++ b/dev-libs/openssl/openssl-1.1.1t-r1.ebuild @@ -0,0 +1,265 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc +inherit edo flag-o-matic toolchain-funcs multilib-minimal verify-sig + +MY_P=${P/_/-} +DESCRIPTION="Full-strength general purpose cryptography library (including SSL and TLS)" +HOMEPAGE="https://www.openssl.org/" +SRC_URI="mirror://openssl/source/${MY_P}.tar.gz + verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )" +S="${WORKDIR}/${MY_P}" + +LICENSE="openssl" +SLOT="0/1.1" # .so version of libssl/libcrypto +if [[ ${PV} != *_pre* ]] ; then + KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" +fi +IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers" +RESTRICT="!test? ( test )" + +RDEPEND=" + tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )" +DEPEND="${RDEPEND}" +BDEPEND=" + >=dev-lang/perl-5 + sctp? ( >=net-misc/lksctp-tools-1.0.12 ) + test? ( + sys-apps/diffutils + sys-devel/bc + kernel_linux? ( sys-process/procps ) + ) + verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )" +PDEPEND="app-misc/ca-certificates" + +# force upgrade to prevent broken login, bug #696950 +RDEPEND+=" !<net-misc/openssh-8.0_p1-r3" + +MULTILIB_WRAPPED_HEADERS=( + usr/include/openssl/opensslconf.h +) + +PATCHES=( + # General patches which are suitable to always apply + # If they're Gentoo specific, add to USE=-vanilla logic in src_prepare! + "${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch # bug #671602 + "${FILESDIR}"/${PN}-1.1.1i-riscv32.patch + "${FILESDIR}"/openssl-3.0.8-mips-cflags.patch +) + +pkg_setup() { + [[ ${MERGE_TYPE} == binary ]] && return + + # must check in pkg_setup; sysctl doesn't work with userpriv! + if use test && use sctp; then + # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel" + # if sctp.auth_enable is not enabled. + local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null) + if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then + die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!" + fi + fi +} + +src_unpack() { + # Can delete this once test fix patch is dropped + if use verify-sig ; then + # Needed for downloaded patch (which is unsigned, which is fine) + verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc} + fi + + default +} + +src_prepare() { + # Make sure we only ever touch Makefile.org and avoid patching a file + # that gets blown away anyways by the Configure script in src_configure + rm -f Makefile + + if ! use vanilla ; then + PATCHES+=( + # Add patches which are Gentoo-specific customisations here + ) + fi + + default + + if use test && use sctp && has network-sandbox ${FEATURES}; then + einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..." + rm test/recipes/80-test_ssl_new.t || die + fi + + # Remove test target when FEATURES=test isn't set + if ! use test ; then + sed \ + -e '/^$config{dirs}/s@ "test",@@' \ + -i Configure || die + fi + + if use prefix && [[ ${CHOST} == *-solaris* ]] ; then + # use GNU ld full option, not to confuse it on Solaris + sed -i \ + -e 's/-Wl,-M,/-Wl,--version-script=/' \ + -e 's/-Wl,-h,/-Wl,--soname=/' \ + Configurations/10-main.conf || die + + # fix building on Solaris 10 + # https://github.com/openssl/openssl/issues/6333 + sed -i \ + -e 's/-lsocket -lnsl -ldl/-lsocket -lnsl -ldl -lrt/' \ + Configurations/10-main.conf || die + fi + + # The config script does stupid stuff to prompt the user. Kill it. + sed -i '/stty -icanon min 0 time 50; read waste/d' config || die +} + +src_configure() { + # Keep this in sync with app-misc/c_rehash + SSL_CNF_DIR="/etc/ssl" + + # Quiet out unknown driver argument warnings since openssl + # doesn't have well-split CFLAGS and we're making it even worse + # and 'make depend' uses -Werror for added fun (bug #417795 again) + tc-is-clang && append-flags -Qunused-arguments + + # We really, really need to build OpenSSL w/ strict aliasing disabled. + # It's filled with violations and it *will* result in miscompiled + # code. This has been in the ebuild for > 10 years but even in 2022, + # it's still relevant: + # - https://github.com/llvm/llvm-project/issues/55255 + # - https://github.com/openssl/openssl/issues/18225 + # - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057 + # Don't remove the no strict aliasing bits below! + filter-flags -fstrict-aliasing + append-flags -fno-strict-aliasing + + append-cppflags -DOPENSSL_NO_BUF_FREELISTS + + append-flags $(test-flags-CC -Wa,--noexecstack) + + # bug #197996 + unset APPS + # bug #312551 + unset SCRIPTS + # bug #311473 + unset CROSS_COMPILE + + tc-export AR CC CXX RANLIB RC + + multilib-minimal_src_configure +} + +multilib_src_configure() { + use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } + + local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") + + # See if our toolchain supports __uint128_t. If so, it's 64bit + # friendly and can use the nicely optimized code paths, bug #460790. + #local ec_nistp_64_gcc_128 + # + # Disable it for now though (bug #469976) + # Do NOT re-enable without substantial discussion first! + # + #echo "__uint128_t i;" > "${T}"/128.c + #if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then + # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" + #fi + + local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4") + einfo "Use configuration ${sslout:-(openssl knows best)}" + local config=( perl "${S}/Configure" ) + [[ -z ${sslout} ]] && config=( sh "${S}/config" -v ) + + # "disable-deprecated" option breaks too many consumers. + # Don't set it without thorough revdeps testing. + # Make sure user flags don't get added *yet* to avoid duplicated + # flags. + local myeconfargs=( + ${sslout} + + $(use cpu_flags_x86_sse2 || echo "no-sse2") + enable-camellia + enable-ec + enable-ec2m + enable-sm2 + enable-srp + $(use elibc_musl && echo "no-async") + ${ec_nistp_64_gcc_128} + enable-idea + enable-mdc2 + enable-rc5 + $(use_ssl sslv3 ssl3) + $(use_ssl sslv3 ssl3-method) + $(use_ssl asm) + $(use_ssl rfc3779) + $(use_ssl sctp) + $(use test || echo "no-tests") + $(use_ssl tls-compression zlib) + $(use_ssl tls-heartbeat heartbeats) + $(use_ssl weak-ssl-ciphers) + + --prefix="${EPREFIX}"/usr + --openssldir="${EPREFIX}"${SSL_CNF_DIR} + --libdir=$(get_libdir) + + shared + threads + ) + + edo "${config[@]}" "${myeconfargs[@]}" +} + +multilib_src_compile() { + emake all +} + +multilib_src_test() { + emake -j1 test +} + +multilib_src_install() { + emake DESTDIR="${D}" install_sw + + if multilib_is_native_abi; then + emake DESTDIR="${D}" install_ssldirs + emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} MANSUFFIX=ssl install_docs + fi + + # This is crappy in that the static archives are still built even + # when USE=static-libs. But this is due to a failing in the openssl + # build system: the static archives are built as PIC all the time. + # Only way around this would be to manually configure+compile openssl + # twice; once with shared lib support enabled and once without. + if ! use static-libs; then + rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die + fi +} + +multilib_src_install_all() { + # openssl installs perl version of c_rehash by default, but + # we provide a shell version via app-misc/c_rehash + rm "${ED}"/usr/bin/c_rehash || die + + dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el + + # Create the certs directory + keepdir ${SSL_CNF_DIR}/certs + + # bug #254521 + dodir /etc/sandbox.d + echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl + + diropts -m0700 + keepdir ${SSL_CNF_DIR}/private +} + +pkg_postinst() { + ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)" + openssl rehash "${EROOT}${SSL_CNF_DIR}/certs" + eend $? +} diff --git a/dev-libs/openssl/openssl-1.1.1t-r3.ebuild b/dev-libs/openssl/openssl-1.1.1t-r3.ebuild new file mode 100644 index 000000000000..36d0d673d156 --- /dev/null +++ b/dev-libs/openssl/openssl-1.1.1t-r3.ebuild @@ -0,0 +1,269 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc +inherit edo flag-o-matic toolchain-funcs multilib-minimal verify-sig + +MY_P=${P/_/-} +DESCRIPTION="Full-strength general purpose cryptography library (including SSL and TLS)" +HOMEPAGE="https://www.openssl.org/" +SRC_URI="mirror://openssl/source/${MY_P}.tar.gz + verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )" +S="${WORKDIR}/${MY_P}" + +LICENSE="openssl" +SLOT="0/1.1" # .so version of libssl/libcrypto +if [[ ${PV} != *_pre* ]] ; then + KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" +fi +IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers" +RESTRICT="!test? ( test )" + +RDEPEND=" + tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )" +DEPEND="${RDEPEND}" +BDEPEND=" + >=dev-lang/perl-5 + sctp? ( >=net-misc/lksctp-tools-1.0.12 ) + test? ( + sys-apps/diffutils + sys-devel/bc + kernel_linux? ( sys-process/procps ) + ) + verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )" +PDEPEND="app-misc/ca-certificates" + +# force upgrade to prevent broken login, bug #696950 +RDEPEND+=" !<net-misc/openssh-8.0_p1-r3" + +MULTILIB_WRAPPED_HEADERS=( + usr/include/openssl/opensslconf.h +) + +PATCHES=( + # General patches which are suitable to always apply + # If they're Gentoo specific, add to USE=-vanilla logic in src_prepare! + "${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch # bug #671602 + "${FILESDIR}"/${PN}-1.1.1i-riscv32.patch + "${FILESDIR}"/openssl-3.0.8-mips-cflags.patch + "${FILESDIR}"/openssl-1.1.1t-CVE-2023-0464.patch + "${FILESDIR}"/openssl-1.1.1t-CVE-2023-0465.patch + "${FILESDIR}"/openssl-1.1.1t-CVE-2023-0466.patch +) + +pkg_setup() { + [[ ${MERGE_TYPE} == binary ]] && return + + # must check in pkg_setup; sysctl doesn't work with userpriv! + if use test && use sctp; then + # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel" + # if sctp.auth_enable is not enabled. + local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null) + if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then + die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!" + fi + fi +} + +src_unpack() { + # Can delete this once test fix patch is dropped + if use verify-sig ; then + # Needed for downloaded patch (which is unsigned, which is fine) + verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc} + fi + + default +} + +src_prepare() { + # Make sure we only ever touch Makefile.org and avoid patching a file + # that gets blown away anyways by the Configure script in src_configure + rm -f Makefile + + if ! use vanilla ; then + PATCHES+=( + # Add patches which are Gentoo-specific customisations here + ) + fi + + default + + if use test && use sctp && has network-sandbox ${FEATURES}; then + einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..." + rm test/recipes/80-test_ssl_new.t || die + fi + + # Test fails depending on kernel configuration, bug #699134 + rm test/recipes/30-test_afalg.t || die + + # Remove test target when FEATURES=test isn't set + if ! use test ; then + sed \ + -e '/^$config{dirs}/s@ "test",@@' \ + -i Configure || die + fi + + if use prefix && [[ ${CHOST} == *-solaris* ]] ; then + # use GNU ld full option, not to confuse it on Solaris + sed -i \ + -e 's/-Wl,-M,/-Wl,--version-script=/' \ + -e 's/-Wl,-h,/-Wl,--soname=/' \ + Configurations/10-main.conf || die + fi + + # The config script does stupid stuff to prompt the user. Kill it. + sed -i '/stty -icanon min 0 time 50; read waste/d' config || die +} + +src_configure() { + # Keep this in sync with app-misc/c_rehash + SSL_CNF_DIR="/etc/ssl" + + # Quiet out unknown driver argument warnings since openssl + # doesn't have well-split CFLAGS and we're making it even worse + # and 'make depend' uses -Werror for added fun (bug #417795 again) + tc-is-clang && append-flags -Qunused-arguments + + # We really, really need to build OpenSSL w/ strict aliasing disabled. + # It's filled with violations and it *will* result in miscompiled + # code. This has been in the ebuild for > 10 years but even in 2022, + # it's still relevant: + # - https://github.com/llvm/llvm-project/issues/55255 + # - https://github.com/openssl/openssl/issues/18225 + # - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057 + # Don't remove the no strict aliasing bits below! + filter-flags -fstrict-aliasing + append-flags -fno-strict-aliasing + # The OpenSSL developers don't test with LTO right now, it leads to various + # warnings/errors (which may or may not be false positives), it's considered + # unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663. + filter-lto + + append-cppflags -DOPENSSL_NO_BUF_FREELISTS + + append-flags $(test-flags-CC -Wa,--noexecstack) + + # bug #197996 + unset APPS + # bug #312551 + unset SCRIPTS + # bug #311473 + unset CROSS_COMPILE + + tc-export AR CC CXX RANLIB RC + + multilib-minimal_src_configure +} + +multilib_src_configure() { + use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } + + local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") + + # See if our toolchain supports __uint128_t. If so, it's 64bit + # friendly and can use the nicely optimized code paths, bug #460790. + #local ec_nistp_64_gcc_128 + # + # Disable it for now though (bug #469976) + # Do NOT re-enable without substantial discussion first! + # + #echo "__uint128_t i;" > "${T}"/128.c + #if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then + # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" + #fi + + local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4") + einfo "Use configuration ${sslout:-(openssl knows best)}" + local config=( perl "${S}/Configure" ) + [[ -z ${sslout} ]] && config=( sh "${S}/config" -v ) + + # "disable-deprecated" option breaks too many consumers. + # Don't set it without thorough revdeps testing. + # Make sure user flags don't get added *yet* to avoid duplicated + # flags. + local myeconfargs=( + ${sslout} + + $(use cpu_flags_x86_sse2 || echo "no-sse2") + enable-camellia + enable-ec + enable-ec2m + enable-sm2 + enable-srp + $(use elibc_musl && echo "no-async") + ${ec_nistp_64_gcc_128} + enable-idea + enable-mdc2 + enable-rc5 + $(use_ssl sslv3 ssl3) + $(use_ssl sslv3 ssl3-method) + $(use_ssl asm) + $(use_ssl rfc3779) + $(use_ssl sctp) + $(use test || echo "no-tests") + $(use_ssl tls-compression zlib) + $(use_ssl tls-heartbeat heartbeats) + $(use_ssl weak-ssl-ciphers) + + --prefix="${EPREFIX}"/usr + --openssldir="${EPREFIX}"${SSL_CNF_DIR} + --libdir=$(get_libdir) + + shared + threads + ) + + edo "${config[@]}" "${myeconfargs[@]}" +} + +multilib_src_compile() { + emake all +} + +multilib_src_test() { + emake -j1 test +} + +multilib_src_install() { + emake DESTDIR="${D}" install_sw + + if multilib_is_native_abi; then + emake DESTDIR="${D}" install_ssldirs + emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} MANSUFFIX=ssl install_docs + fi + + # This is crappy in that the static archives are still built even + # when USE=static-libs. But this is due to a failing in the openssl + # build system: the static archives are built as PIC all the time. + # Only way around this would be to manually configure+compile openssl + # twice; once with shared lib support enabled and once without. + if ! use static-libs; then + rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die + fi +} + +multilib_src_install_all() { + # openssl installs perl version of c_rehash by default, but + # we provide a shell version via app-misc/c_rehash + rm "${ED}"/usr/bin/c_rehash || die + + dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el + + # Create the certs directory + keepdir ${SSL_CNF_DIR}/certs + + # bug #254521 + dodir /etc/sandbox.d + echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl + + diropts -m0700 + keepdir ${SSL_CNF_DIR}/private +} + +pkg_postinst() { + ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)" + openssl rehash "${EROOT}${SSL_CNF_DIR}/certs" + eend $? +} diff --git a/dev-libs/openssl/openssl-3.0.8-r4.ebuild b/dev-libs/openssl/openssl-3.0.8-r4.ebuild new file mode 100644 index 000000000000..e504eb575575 --- /dev/null +++ b/dev-libs/openssl/openssl-3.0.8-r4.ebuild @@ -0,0 +1,281 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc +inherit edo flag-o-matic linux-info toolchain-funcs multilib-minimal multiprocessing verify-sig + +DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)" +HOMEPAGE="https://www.openssl.org/" + +MY_P=${P/_/-} + +if [[ ${PV} == 9999 ]] ; then + EGIT_REPO_URI="https://github.com/openssl/openssl.git" + + inherit git-r3 +else + SRC_URI="mirror://openssl/source/${MY_P}.tar.gz + verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos" +fi + +S="${WORKDIR}"/${MY_P} + +LICENSE="Apache-2.0" +SLOT="0/3" # .so version of libssl/libcrypto +IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers" +RESTRICT="!test? ( test )" + +COMMON_DEPEND=" + tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) +" +BDEPEND=" + >=dev-lang/perl-5 + sctp? ( >=net-misc/lksctp-tools-1.0.12 ) + test? ( + sys-apps/diffutils + sys-devel/bc + sys-process/procps + ) + verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )" + +DEPEND="${COMMON_DEPEND}" +RDEPEND="${COMMON_DEPEND}" +PDEPEND="app-misc/ca-certificates" + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/openssl/configuration.h +) + +PATCHES=( + "${FILESDIR}"/openssl-3.0.8-mips-cflags.patch + "${FILESDIR}"/openssl-3.0.8-CVE-2023-0464.patch + "${FILESDIR}"/openssl-3.0.8-CVE-2023-0465.patch + "${FILESDIR}"/openssl-3.0.8-CVE-2023-0466.patch + "${FILESDIR}"/openssl-3.0.8-CVE-2023-1255.patch +) + +pkg_setup() { + if use ktls ; then + if kernel_is -lt 4 18 ; then + ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!" + else + CONFIG_CHECK="~TLS ~TLS_DEVICE" + ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!" + ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!" + use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER" + + linux-info_pkg_setup + fi + fi + + [[ ${MERGE_TYPE} == binary ]] && return + + # must check in pkg_setup; sysctl doesn't work with userpriv! + if use test && use sctp ; then + # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel" + # if sctp.auth_enable is not enabled. + local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null) + if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then + die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!" + fi + fi +} + +src_unpack() { + # Can delete this once test fix patch is dropped + if use verify-sig ; then + # Needed for downloaded patch (which is unsigned, which is fine) + verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc} + fi + + default +} + +src_prepare() { + # Make sure we only ever touch Makefile.org and avoid patching a file + # that gets blown away anyways by the Configure script in src_configure + rm -f Makefile + + if ! use vanilla ; then + PATCHES+=( + # Add patches which are Gentoo-specific customisations here + ) + fi + + default + + if use test && use sctp && has network-sandbox ${FEATURES} ; then + einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..." + rm test/recipes/80-test_ssl_new.t || die + fi + + # Test fails depending on kernel configuration, bug #699134 + rm test/recipes/30-test_afalg.t || die +} + +src_configure() { + # Keep this in sync with app-misc/c_rehash + SSL_CNF_DIR="/etc/ssl" + + # Quiet out unknown driver argument warnings since openssl + # doesn't have well-split CFLAGS and we're making it even worse + # and 'make depend' uses -Werror for added fun (bug #417795 again) + tc-is-clang && append-flags -Qunused-arguments + + # We really, really need to build OpenSSL w/ strict aliasing disabled. + # It's filled with violations and it *will* result in miscompiled + # code. This has been in the ebuild for > 10 years but even in 2022, + # it's still relevant: + # - https://github.com/llvm/llvm-project/issues/55255 + # - https://github.com/openssl/openssl/issues/18225 + # - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057 + # Don't remove the no strict aliasing bits below! + filter-flags -fstrict-aliasing + append-flags -fno-strict-aliasing + # The OpenSSL developers don't test with LTO right now, it leads to various + # warnings/errors (which may or may not be false positives), it's considered + # unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663. + filter-lto + + append-flags $(test-flags-CC -Wa,--noexecstack) + + # bug #197996 + unset APPS + # bug #312551 + unset SCRIPTS + # bug #311473 + unset CROSS_COMPILE + + tc-export AR CC CXX RANLIB RC + + multilib-minimal_src_configure +} + +multilib_src_configure() { + use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } + + local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") + + # See if our toolchain supports __uint128_t. If so, it's 64bit + # friendly and can use the nicely optimized code paths, bug #460790. + #local ec_nistp_64_gcc_128 + # + # Disable it for now though (bug #469976) + # Do NOT re-enable without substantial discussion first! + # + #echo "__uint128_t i;" > "${T}"/128.c + #if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then + # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" + #fi + + local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4") + einfo "Using configuration: ${sslout:-(openssl knows best)}" + + # https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features + local myeconfargs=( + ${sslout} + + $(use cpu_flags_x86_sse2 || echo "no-sse2") + enable-camellia + enable-ec + enable-ec2m + enable-sm2 + enable-srp + $(use elibc_musl && echo "no-async") + enable-idea + enable-mdc2 + enable-rc5 + $(use fips && echo "enable-fips") + $(use_ssl asm) + $(use_ssl ktls) + $(use_ssl rfc3779) + $(use_ssl sctp) + $(use test || echo "no-tests") + $(use_ssl tls-compression zlib) + $(use_ssl weak-ssl-ciphers) + + --prefix="${EPREFIX}"/usr + --openssldir="${EPREFIX}"${SSL_CNF_DIR} + --libdir=$(get_libdir) + + shared + threads + ) + + edo perl "${S}/Configure" "${myeconfargs[@]}" +} + +multilib_src_compile() { + emake build_sw + + if multilib_is_native_abi; then + emake build_docs + fi +} + +multilib_src_test() { + # VFP = show subtests verbosely and show failed tests verbosely + # Normal V=1 would show everything verbosely but this slows things down. + emake HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test +} + +multilib_src_install() { + emake DESTDIR="${D}" install_sw + if use fips; then + emake DESTDIR="${D}" install_fips + # Regen this in pkg_preinst, bug 900625 + rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die + fi + + if multilib_is_native_abi; then + emake DESTDIR="${D}" install_ssldirs + emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} install_docs + fi + + # This is crappy in that the static archives are still built even + # when USE=static-libs. But this is due to a failing in the openssl + # build system: the static archives are built as PIC all the time. + # Only way around this would be to manually configure+compile openssl + # twice; once with shared lib support enabled and once without. + if ! use static-libs ; then + rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die + fi +} + +multilib_src_install_all() { + # openssl installs perl version of c_rehash by default, but + # we provide a shell version via app-misc/c_rehash + rm "${ED}"/usr/bin/c_rehash || die + + dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el + + # Create the certs directory + keepdir ${SSL_CNF_DIR}/certs + + # bug #254521 + dodir /etc/sandbox.d + echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl + + diropts -m0700 + keepdir ${SSL_CNF_DIR}/private +} + +pkg_preinst() { + if use fips; then + # Regen fipsmodule.cnf, bug 900625 + ebegin "Running openssl fipsinstall" + "${ED}/usr/bin/openssl" fipsinstall -quiet \ + -out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \ + -module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so" + eend $? + fi +} + +pkg_postinst() { + ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)" + openssl rehash "${EROOT}${SSL_CNF_DIR}/certs" + eend $? +} diff --git a/dev-libs/openssl/openssl-3.1.0-r3.ebuild b/dev-libs/openssl/openssl-3.1.0-r3.ebuild new file mode 100644 index 000000000000..5f1ec4c39f0f --- /dev/null +++ b/dev-libs/openssl/openssl-3.1.0-r3.ebuild @@ -0,0 +1,284 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc +inherit edo flag-o-matic linux-info toolchain-funcs multilib-minimal multiprocessing verify-sig + +DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)" +HOMEPAGE="https://www.openssl.org/" + +MY_P=${P/_/-} + +if [[ ${PV} == 9999 ]] ; then + EGIT_REPO_URI="https://github.com/openssl/openssl.git" + + inherit git-r3 +else + SRC_URI=" + mirror://openssl/source/${MY_P}.tar.gz + verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc ) + " + #KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +fi + +S="${WORKDIR}"/${MY_P} + +LICENSE="Apache-2.0" +SLOT="0/$(ver_cut 1)" # .so version of libssl/libcrypto +IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers" +RESTRICT="!test? ( test )" + +COMMON_DEPEND=" + !<net-misc/openssh-9.2_p1-r3 + tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) +" +BDEPEND=" + >=dev-lang/perl-5 + sctp? ( >=net-misc/lksctp-tools-1.0.12 ) + test? ( + sys-apps/diffutils + sys-devel/bc + sys-process/procps + ) + verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )" + +DEPEND="${COMMON_DEPEND}" +RDEPEND="${COMMON_DEPEND}" +PDEPEND="app-misc/ca-certificates" + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/openssl/configuration.h +) + +PATCHES=( + "${FILESDIR}"/openssl-3.0.8-mips-cflags.patch + "${FILESDIR}"/openssl-3.1.0-CVE-2023-0464.patch + "${FILESDIR}"/openssl-3.1.0-CVE-2023-0465.patch + "${FILESDIR}"/openssl-3.1.0-CVE-2023-0466.patch + "${FILESDIR}"/openssl-3.1.0-CVE-2023-1255.patch +) + +pkg_setup() { + if use ktls ; then + if kernel_is -lt 4 18 ; then + ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!" + else + CONFIG_CHECK="~TLS ~TLS_DEVICE" + ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!" + ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!" + use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER" + + linux-info_pkg_setup + fi + fi + + [[ ${MERGE_TYPE} == binary ]] && return + + # must check in pkg_setup; sysctl doesn't work with userpriv! + if use test && use sctp ; then + # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel" + # if sctp.auth_enable is not enabled. + local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null) + if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then + die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!" + fi + fi +} + +src_unpack() { + # Can delete this once test fix patch is dropped + if use verify-sig ; then + # Needed for downloaded patch (which is unsigned, which is fine) + verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc} + fi + + default +} + +src_prepare() { + # Make sure we only ever touch Makefile.org and avoid patching a file + # that gets blown away anyways by the Configure script in src_configure + rm -f Makefile + + if ! use vanilla ; then + PATCHES+=( + # Add patches which are Gentoo-specific customisations here + ) + fi + + default + + if use test && use sctp && has network-sandbox ${FEATURES} ; then + einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..." + rm test/recipes/80-test_ssl_new.t || die + fi + + # Test fails depending on kernel configuration, bug #699134 + rm test/recipes/30-test_afalg.t || die +} + +src_configure() { + # Keep this in sync with app-misc/c_rehash + SSL_CNF_DIR="/etc/ssl" + + # Quiet out unknown driver argument warnings since openssl + # doesn't have well-split CFLAGS and we're making it even worse + # and 'make depend' uses -Werror for added fun (bug #417795 again) + tc-is-clang && append-flags -Qunused-arguments + + # We really, really need to build OpenSSL w/ strict aliasing disabled. + # It's filled with violations and it *will* result in miscompiled + # code. This has been in the ebuild for > 10 years but even in 2022, + # it's still relevant: + # - https://github.com/llvm/llvm-project/issues/55255 + # - https://github.com/openssl/openssl/issues/18225 + # - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057 + # Don't remove the no strict aliasing bits below! + filter-flags -fstrict-aliasing + append-flags -fno-strict-aliasing + # The OpenSSL developers don't test with LTO right now, it leads to various + # warnings/errors (which may or may not be false positives), it's considered + # unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663. + filter-lto + + append-flags $(test-flags-CC -Wa,--noexecstack) + + # bug #197996 + unset APPS + # bug #312551 + unset SCRIPTS + # bug #311473 + unset CROSS_COMPILE + + tc-export AR CC CXX RANLIB RC + + multilib-minimal_src_configure +} + +multilib_src_configure() { + use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } + + local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") + + # See if our toolchain supports __uint128_t. If so, it's 64bit + # friendly and can use the nicely optimized code paths, bug #460790. + #local ec_nistp_64_gcc_128 + # + # Disable it for now though (bug #469976) + # Do NOT re-enable without substantial discussion first! + # + #echo "__uint128_t i;" > "${T}"/128.c + #if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then + # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" + #fi + + local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4") + einfo "Using configuration: ${sslout:-(openssl knows best)}" + + # https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features + local myeconfargs=( + ${sslout} + + $(use cpu_flags_x86_sse2 || echo "no-sse2") + enable-camellia + enable-ec + enable-ec2m + enable-sm2 + enable-srp + $(use elibc_musl && echo "no-async") + enable-idea + enable-mdc2 + enable-rc5 + $(use fips && echo "enable-fips") + $(use_ssl asm) + $(use_ssl ktls) + $(use_ssl rfc3779) + $(use_ssl sctp) + $(use test || echo "no-tests") + $(use_ssl tls-compression zlib) + $(use_ssl weak-ssl-ciphers) + + --prefix="${EPREFIX}"/usr + --openssldir="${EPREFIX}"${SSL_CNF_DIR} + --libdir=$(get_libdir) + + shared + threads + ) + + edo perl "${S}/Configure" "${myeconfargs[@]}" +} + +multilib_src_compile() { + emake build_sw + + if multilib_is_native_abi; then + emake build_docs + fi +} + +multilib_src_test() { + # VFP = show subtests verbosely and show failed tests verbosely + # Normal V=1 would show everything verbosely but this slows things down. + emake HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test +} + +multilib_src_install() { + emake DESTDIR="${D}" install_sw + if use fips; then + emake DESTDIR="${D}" install_fips + # Regen this in pkg_preinst, bug 900625 + rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die + fi + + if multilib_is_native_abi; then + emake DESTDIR="${D}" install_ssldirs + emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} install_docs + fi + + # This is crappy in that the static archives are still built even + # when USE=static-libs. But this is due to a failing in the openssl + # build system: the static archives are built as PIC all the time. + # Only way around this would be to manually configure+compile openssl + # twice; once with shared lib support enabled and once without. + if ! use static-libs ; then + rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die + fi +} + +multilib_src_install_all() { + # openssl installs perl version of c_rehash by default, but + # we provide a shell version via app-misc/c_rehash + rm "${ED}"/usr/bin/c_rehash || die + + dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el + + # Create the certs directory + keepdir ${SSL_CNF_DIR}/certs + + # bug #254521 + dodir /etc/sandbox.d + echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl + + diropts -m0700 + keepdir ${SSL_CNF_DIR}/private +} + +pkg_preinst() { + if use fips; then + # Regen fipsmodule.cnf, bug 900625 + ebegin "Running openssl fipsinstall" + "${ED}/usr/bin/openssl" fipsinstall -quiet \ + -out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \ + -module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so" + eend $? + fi +} + +pkg_postinst() { + ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)" + openssl rehash "${EROOT}${SSL_CNF_DIR}/certs" + eend $? +} diff --git a/dev-libs/serdisplib/Manifest b/dev-libs/serdisplib/Manifest index 5ce715474d1f..49c046734f99 100644 --- a/dev-libs/serdisplib/Manifest +++ b/dev-libs/serdisplib/Manifest @@ -2,5 +2,5 @@ AUX serdisplib-2.02-disable-static-build.patch 3327 BLAKE2B 677d3dcc121cbc42345e AUX serdisplib-2.02-musl.patch 639 BLAKE2B 4428488881962784503b74d952aec573d512150d69117099f89972ed3ba020437708a472aa9017f3fbef826d40fad0c46b0a9641a256061e8d078ac2a4bb1c59 SHA512 b81a2e0de075e6d112f8131dd37f787dc3eb2652762a92d84b7a5260c42bb07b2b20c214fb12098ecb3fc6934beea8e11b811d7071185898f048e2ade0376560 AUX serdisplib-2.02-use-destdir.patch 3400 BLAKE2B 77d9adc8c9a44586cbe352c6273677704d7335fc75c82d50a681c361a10a45484ae0dfb3241bf9d99ba242f6548df9cb036992b46e157f9c4ec3ca098397be7e SHA512 370ace46b39ba5e67d7f728a3cb3980b75a2c7e6e5fb25273f9c3bfbe10f33479bfcff92e3074a2cb80985c114d161b78115410dd88330810f654875e57d7575 DIST serdisplib-2.02.tar.gz 497028 BLAKE2B f35b6df60303a288b2a279d821a510089802019f33b7ee36b9c2fd1d1d6bef0b3118793e6d965076c1665e1e2555a553186ef1a9210712ef9d2bc1e090ec0a98 SHA512 d9936c25dc14e24eb02876f203476752340e621d8ee5c87ee99862575e45199bf46ff8487dfdd80b16a89543958fdf5a16a2aaf78d5cade06811cfb1592c45eb -EBUILD serdisplib-2.02-r2.ebuild 2902 BLAKE2B 23121f10c18c7bfaa47b7b4a68eb990b5d3f0a23d0027170beed974495a2a5502f35bd2231affbbf2d072e480a3e82d47b6eeddc31147eb9fd6ac6b63c089926 SHA512 3b153c2abda383c753b5ac1aa6a156da969d3af0b1aa97d441a3af0a96bb8e976a2afefa3e92b4961af1116c6a8c3e32b017ffba6264203a37ebe6ca24bcfd16 +EBUILD serdisplib-2.02-r2.ebuild 2887 BLAKE2B 05303419febab510c652f8667d30c7e6bfe6e2bbb4606af8bd4aeb56b4dbba6a5d5808b3918364825bf4037967945ec5ea82dbcfb367123f027b13b9ed68eace SHA512 e87cd535de6694e9caafede2561061d490451a145e93ffece217e666612e515446c3de0b552b6c7c1e24518a2406618a08bbece25ba28e19992e037bb59285ee MISC metadata.xml 663 BLAKE2B 006db175fbd12bc996c0718a226bb2aabc967e0896dc78c351da1990246850a0a4fe67eb84281342d7fe02fd65f26e59a2a22323520a086192aa9f4922a92229 SHA512 539a6ee6568d6db434c5bf23548a116d72103e9efe878d4aec1563e3c3384b2e5012c45699357188f3003bcd81c29bb60b274a59f66648b65bc85359ba376d37 diff --git a/dev-libs/serdisplib/serdisplib-2.02-r2.ebuild b/dev-libs/serdisplib/serdisplib-2.02-r2.ebuild index ba4565132b83..63f9e8620b12 100644 --- a/dev-libs/serdisplib/serdisplib-2.02-r2.ebuild +++ b/dev-libs/serdisplib/serdisplib-2.02-r2.ebuild @@ -21,14 +21,12 @@ IUSE_LCD_DEVICES=( rs232 sed133x sed153x sed156x ssdoled stv8105 t6963 vssdcp ) -printf -v mangled_lcd_devices 'lcd_devices_%s ' ${IUSE_LCD_DEVICES[@]} - # Add supported drivers from 'IUSE_LCD_DEVICES' to 'IUSE' and 'REQUIRED_USE'. # Also enable 'lcd_devices_directgfx' as default. -IUSE+=" ${mangled_lcd_devices}" +IUSE+=" $(printf 'lcd_devices_%s ' ${IUSE_LCD_DEVICES[@]}) " IUSE="${IUSE/lcd_devices_directgfx/+lcd_devices_directgfx}" REQUIRED_USE+=" - || ( ${mangled_lcd_devices} ) + || ( $(printf 'lcd_devices_%s ' ${IUSE_LCD_DEVICES[@]}) ) lcd_devices_framebuffer? ( threads ) " diff --git a/dev-libs/weston/Manifest b/dev-libs/weston/Manifest index c9bdba807942..c1186039a09e 100644 --- a/dev-libs/weston/Manifest +++ b/dev-libs/weston/Manifest @@ -5,7 +5,7 @@ DIST weston-10.0.0.tar.xz 1774600 BLAKE2B b2b8fa4f7542aba03970ca8abf504f340f8f8d DIST weston-11.0.1.tar.xz 1900796 BLAKE2B 33d7d5b3340e7074265885bd54ee039e8b5d448fa9f58f4bf9f823efd2557da9b916d903119565a806ab698382fe185165c8ede8614e983c872dfe15b474b616 SHA512 d451230fc260b45aaaadb5cf0aa360629e45e72e3b3676c6ec040d6c6549dbb57d05683effd962c3b2d61482b47a6c990d12cc736c896b501d982c8c4d34834c DIST weston-12.0.1.tar.xz 1969772 BLAKE2B d7a76ad6e11b76b73b91aeb9b3b49e823ecc8170bd1306f9a8ed90fa49d9bc7734e4c0595ca67f11421ecf5b4dbf04289cf803726c508e8c979a9850c0e94ccb SHA512 3dcfa1a2a6b9a605d3ecd597bf7ac0f87b0fd1971845b6e5c44b5e34296943ac146dae6e1cfea9be14ad7a9a8b6d30dc765f9289ef80920d7c516ebba1ba4688 EBUILD weston-10.0.0.ebuild 3934 BLAKE2B fd140a51aeceac3251a2f5f0878cb5f4e37b630c4ad7807873ac041c863f490bb7845d29086dc17d169856dc8e9dd9a1e87c042b94c6e46ef2b5ae0810412ef1 SHA512 f48f41f7fdf96d2b1a9842150d57e1fd394b7e86725318aabb8bc472d7fab2483e1e4654c37271f13dc92efc92139e58c12bf8972d250028d9f7dc7dfd469921 -EBUILD weston-11.0.1.ebuild 3659 BLAKE2B d6ccf7efb9880e015c927211109e65a55481846ef6c8bc4ebfadd29f63f3d41e802365e4f0002fc5e38cd13631285eb65b9eb0bc41fc1bca389a247e8c012cd6 SHA512 a009f70f667485aab2496a5947e944854b09620db09ce70b8aaa1e669a347d4384b89bef35d004e4697716c36a4262340a597a8869bacb2c3b0df5dd6fee9459 +EBUILD weston-11.0.1.ebuild 3660 BLAKE2B 7f5f839613133f8e0a91d84f38802c7c5003806e0e0eeb512e88eac3e30f7f938459f6378c30ffabe48433662886a673347d45b4c34dac2b1fc1a5d92d212ac9 SHA512 1fc628480db9cbae5f021c6cd5c82055d11032a01f569b2e9c57202dea7ff4eb00dbae8f20d231c4a8f3fbc9eb333bf44ec24818e0c0b0c1d67cd9a9e30c75bf EBUILD weston-12.0.1.ebuild 3686 BLAKE2B e84ee5c700efe156412620f048e47b54bb015b4a107c71f9c85ae7d9eefce40bdeae59b6b8837fb7be20666c12f89ef5269c1c0c08e068f0d3ee381f22e00d64 SHA512 1c7478c575d616e544451ea20fd6d92f0eb933731c8365ac19c389bf9d346db2c6a9eae1c3f5755e79e793e7b2e190992d8d2d30ebba1834a9a32ab577528e0c EBUILD weston-9999.ebuild 3705 BLAKE2B 80f5d38e267ea8e422b2bd6b9b935dac285573c761be1a4319c3c7e26687bf52d598f24a6aeab96dd5c6c7f8b6ed5b5467b60fc44232bcd2653e5476f76972fa SHA512 c1077cd94be525ee6c09c3871567eb4f1bd33e99c6aa8f33424ff779874839847efbb564eb3d698ea0a17e3ea6bbb1b5b9411ca521cd54d5e7636a812e6db708 MISC metadata.xml 1608 BLAKE2B 179aa99a3445aca06bee40c9794b2e932a81d5160a375a501631938d855db8d785de876b7c674dacb5295fe33a422a85f1cd8df8da1fc230a6ad5286e5606a3b SHA512 daf7602fb7efa103a79f029d2c40825156dd787694364f5da33e43eea297022da2df070a9b051d3bbb55da5663a1550dca39db31b6c4fd9d38eea465ada909a1 diff --git a/dev-libs/weston/weston-11.0.1.ebuild b/dev-libs/weston/weston-11.0.1.ebuild index 83deecda3ef6..c5d8bf1ada2a 100644 --- a/dev-libs/weston/weston-11.0.1.ebuild +++ b/dev-libs/weston/weston-11.0.1.ebuild @@ -19,7 +19,7 @@ if [[ ${PV} = *9999* ]]; then SRC_URI="${SRC_PATCHES}" else SRC_URI="https://gitlab.freedesktop.org/wayland/${PN}/uploads/f5648c818fba5432edc3ea63c4db4813/${P}.tar.xz" - KEYWORDS="amd64 arm arm64 ~ia64 ~loong ~ppc ppc64 ~riscv ~sparc x86" + KEYWORDS="amd64 arm arm64 ~ia64 ~loong ~ppc ~ppc64 ~riscv ~sparc x86" fi LICENSE="MIT CC-BY-SA-3.0" diff --git a/dev-libs/xmlsec/Manifest b/dev-libs/xmlsec/Manifest index a64009b7b09f..9c1a24230066 100644 --- a/dev-libs/xmlsec/Manifest +++ b/dev-libs/xmlsec/Manifest @@ -1,12 +1,8 @@ -AUX xmlsec-1.2.37-libressl.patch 1614 BLAKE2B 5b9c2731018d3b371867d30318d55e5f48e4e91359e80abffac212abb35fa274ec35ed9510eb3c01422d8142698669a115f85e9776af8424458de41c66c93b13 SHA512 423997e32223fc45467f9857e709b5707c64aba01ac892253e0be588d767fbfd7c2205a312600910d9cb734b4945e36048292ad59d40de4d43d98af9abe8b1b9 AUX xmlsec-1.3.0-clang.patch 614 BLAKE2B 4f08a58e1e7f56d7ae0ec117d836251342ce95b2b8f7290ace8d617f49dbd3130dda8c16417f850268295bbfd24051680dc89ec4d110ed0d66dfcfdf3890ccef SHA512 fdf44de3dd7c1c72d0fceea7ae204a749339b5f022e3354dedcb08564c638567552ea83c434f7d4b82165c77de7a816cbf92dc2cc141c0958aa78420030a8a54 AUX xmlsec-1.3.0-optimisation.patch 583 BLAKE2B 9035391762150ffa82eef10bc1ba1bde08b04e9e968bf850673dae3e27650e85516e1da4dc3385cd7aafde4cab6270a84e5205a149bcb19dbbdca5ffae678ac8 SHA512 fac70c0e0761d1d8016fb597ed4c139628bfab9d3600eeff17c16b9414732076bea65bee5c778481ecf944053319e030dfb4a455c6d51ba3e758007c36f72323 AUX xmlsec-1.3.0-strict-prototypes.patch 637 BLAKE2B b6adffe488b5e69e0338e040b8be5c611b927935c2a0f19ee58a9b19731c53b0c8f97d1d42d4b6d5b96400b91d5d31628bfa98e91e3ab4ba68b945d06508eff9 SHA512 03d7ca70aac92b01c78a87f8731d0302b441547c36a274f577f2c31e313b37aa9292b803affb7bf052426e80250480c6bb598be0f9e35d08293025a2f673caad DIST xmlsec1-1.2.37.tar.gz 2009175 BLAKE2B 19f43ba6bf6eb49428b9c5563baecbab21476f326cceee13785ae16769afa258f100732831c0f3f7d160543bd075cdcfdc5cbf11b7406637ee6c2f0e27c07f30 SHA512 99220cb28a346ffac0023f9f177d6a7be3ddcea04bea434b7dc926c1f0aaa5564d75f74f92896ac100179c04d77e001f688ddf46fed4e0a0b4f20b7b87c24900 DIST xmlsec1-1.3.0.tar.gz 2425729 BLAKE2B a83d0117aaf1824a8a8f597f73ab1b76bcd1a9f0bb5d160df6c775f70cd2485f8e09c250f4ddbb4d42ba35549f9617d06f5470a91306757b4d5d54fdc0684f3c SHA512 ac1b1b88336959f54ef7fcfd6b9ff0feb2ba00a966a8e5b4efb97e802a1f9bb7adf5f4524c7f169344a1b7258377b5a7e879a0ab5ce25cfae3b05eac9b54729d -DIST xmlsec1-1.3.1.tar.gz 2432943 BLAKE2B 1dafdffd959579add5c579e3fa9c9f9ddc73ce4aadc6fc2139506e6e64ffcd1bbe7298786e414900eb9f33f93b0a47da64e686c499e48d4c80d81b256db6692e SHA512 7f30c15c3edcafe70fa5febaa0ba39f73f8d30525ee102b5961a658dd2842fbc58e63f7595f15b150d71bf735bfa7688c3694a191b0d475776ca26902d90d25f -EBUILD xmlsec-1.2.37-r1.ebuild 1525 BLAKE2B 0624803cc515de782244cb180fae354fdb012e2635029929b36823171bf2ff97c4aea6330dbe79e7334152ea4e3366b21de2fe8dee23b90089c127926e48152a SHA512 f1b760047831e6596a507ffb88e87e64ca55de571b8db6f0fe85a8d789985daaa3c4a901acfff9c345037589a330b153e4dd6fcbebf840ffe3a2df972cdfcb2d EBUILD xmlsec-1.2.37.ebuild 1463 BLAKE2B d7cd33b3533395b59f4971deae688336fc4b8f52b5e948d7064cb19d7bbd043c7c8d3b48f5b499e51ebc529982b34b1d12a148fd35cfa700270334d7fa555124 SHA512 e92545fd5b5bb5977757cf18c8726a9335403cdc83d2367337e95ed305871cc6279568c1abce800738eefb60a7b84e4f508536c44a5a6426d6268950db223437 EBUILD xmlsec-1.3.0-r1.ebuild 1910 BLAKE2B b845d3d31f138e13e3e21031af43b2d340f059579203c99e377d26c893516c12135dc9d800effae8ace72116c9f661e0b9aea8a2fe125ece04282faa2aa8a8d3 SHA512 885bd017019f1a4ed6f34a298b8fb4666bf0ea66d01fbefab7051548d2d3cbc96f84b6cf696a28e971de0f530fa8068851aa32eb02e2cbffe872dd2ef3ab55ce -EBUILD xmlsec-1.3.1.ebuild 1847 BLAKE2B d5154e27cf933902e70fbdbd6b4f82dc43a3add1118f33d32f0ac35f0715629f29a392004edc1e0fbea3b945662676625c4fbb44b92404d2e1c255e51422c0a5 SHA512 07c09101f6b1138eb17b0d704750c2000d4d8e31b95d4efccf409b1ab871373f453eb279d82de612dd897e432e0a825997b23ef53be1bad22e3c49ab0a730b14 MISC metadata.xml 558 BLAKE2B e4517ffa3f034420139ee0fbb8ed51a3cb319b1400e52d6a1d2d3b5363aa64831fd9cc93f49ab25d36a5fcae63115d0ffd152540f176c25dc49f77fbf4dd6c9d SHA512 6aab5452478ba1f71018274b75761c3467868f271b3cf256d05645407fa9c3cc64823384094c8e9024f936dfdaea5be2b8e91573e9addb07c5dab5f142c6a70d diff --git a/dev-libs/xmlsec/files/xmlsec-1.2.37-libressl.patch b/dev-libs/xmlsec/files/xmlsec-1.2.37-libressl.patch deleted file mode 100644 index acdb535ba552..000000000000 --- a/dev-libs/xmlsec/files/xmlsec-1.2.37-libressl.patch +++ /dev/null @@ -1,40 +0,0 @@ -https://github.com/lsh123/xmlsec/pull/456 -https://github.com/lsh123/xmlsec/commit/c5469cfc8443c57a25a8783f0bd669f71e29bb04 -https://github.com/lsh123/xmlsec/pull/654 -https://github.com/lsh123/xmlsec/commit/dfdf981f3522e4059170b504fb6fd40b37c9d70f - -From c5469cfc8443c57a25a8783f0bd669f71e29bb04 Mon Sep 17 00:00:00 2001 -From: lsh123 <aleksey@aleksey.com> -Date: Mon, 12 Dec 2022 10:34:56 -0500 -Subject: [PATCH] fix libressl (#456) - ---- - src/openssl/openssl_compat.h | 9 ++++++++- - 1 file changed, 8 insertions(+), 1 deletion(-) - -From d113d1e6355c4841fd03c6aa797d33bde1d064f3 Mon Sep 17 00:00:00 2001 -From: orbea <orbea@riseup.net> -Date: Mon, 29 May 2023 07:46:58 -0700 -Subject: [PATCH] openssl_compat.h: Update LibreSSL UI_null() compat - -LibreSSL added UI_null() in 3.7.1. ---- - src/openssl/openssl_compat.h | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - ---- a/src/openssl/openssl_compat.h -+++ b/src/openssl/openssl_compat.h -@@ -123,6 +123,13 @@ static inline int xmlSecOpenSSLCompatRand(unsigned char *buf, xmlSecSize size) { - * LibreSSL 2.7 compatibility (implements most of OpenSSL 1.1 API) - * - *****************************************************************************/ -+#if defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x3070200fL) -+ -+/* Needed for Engine initialization */ -+#define UI_null() NULL -+ -+#endif /* defined(LIBRESSL_VERSION_NUMBER) */ -+ - #if defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x30500000L) && defined(XMLSEC_OPENSSL_API_110) - /* EVP_CIPHER_CTX stuff */ - #define EVP_CIPHER_CTX_encrypting(x) ((x)->encrypt) diff --git a/dev-libs/xmlsec/xmlsec-1.2.37-r1.ebuild b/dev-libs/xmlsec/xmlsec-1.2.37-r1.ebuild deleted file mode 100644 index f5ed4f8c1c07..000000000000 --- a/dev-libs/xmlsec/xmlsec-1.2.37-r1.ebuild +++ /dev/null @@ -1,66 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -DESCRIPTION="Command line tool for signing, verifying, encrypting and decrypting XML" -HOMEPAGE="https://www.aleksey.com/xmlsec" -SRC_URI="https://www.aleksey.com/xmlsec/download/${PN}1-${PV}.tar.gz" -S="${WORKDIR}/${PN}1-${PV}" - -LICENSE="MIT" -SLOT="0" -KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86" -IUSE="doc gcrypt gnutls nss +openssl static-libs test" -RESTRICT="!test? ( test )" -REQUIRED_USE="|| ( gcrypt gnutls nss openssl ) - gnutls? ( gcrypt )" - -RDEPEND=">=dev-libs/libxml2-2.7.4[ftp(+)] - >=dev-libs/libxslt-1.0.20 - dev-libs/libltdl - gcrypt? ( >=dev-libs/libgcrypt-1.4.0:= ) - gnutls? ( >=net-libs/gnutls-2.8.0:= ) - nss? ( - >=dev-libs/nspr-4.4.1 - >=dev-libs/nss-3.9 - ) - openssl? ( - dev-libs/openssl:= - )" -DEPEND="${RDEPEND}" -BDEPEND="virtual/pkgconfig - test? ( - nss? ( - >=dev-libs/nss-3.9[utils] - ) - )" - -PATCHES=( - "${FILESDIR}"/${P}-libressl.patch #903001 -) - -src_configure() { - # Bash because of bug #721128 - CONFIG_SHELL="${BROOT}"/bin/bash econf \ - $(use_enable doc docs) \ - $(use_enable static-libs static) \ - $(use_with gcrypt) \ - $(use_with gnutls) \ - $(use_with nss nspr) \ - $(use_with nss) \ - $(use_with openssl) \ - --enable-mans \ - --enable-pkgconfig -} - -src_test() { - # See https://github.com/lsh123/xmlsec/issues/280 for TZ=UTC - TZ=UTC SHELL="${BROOT}"/bin/bash emake TMPFOLDER="${T}" check -} - -src_install() { - default - - find "${ED}" -name '*.la' -delete || die -} diff --git a/dev-libs/xmlsec/xmlsec-1.3.1.ebuild b/dev-libs/xmlsec/xmlsec-1.3.1.ebuild deleted file mode 100644 index 008af3b95a28..000000000000 --- a/dev-libs/xmlsec/xmlsec-1.3.1.ebuild +++ /dev/null @@ -1,93 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -inherit autotools - -DESCRIPTION="Command line tool for signing, verifying, encrypting and decrypting XML" -HOMEPAGE="https://www.aleksey.com/xmlsec" -SRC_URI="https://www.aleksey.com/xmlsec/download/${PN}1-${PV}.tar.gz" -S="${WORKDIR}/${PN}1-${PV}" - -LICENSE="MIT" -# Upstream consider major version bumps to be changes in either X or Y in X.Y.Z -SLOT="0/$(ver_cut 1-2)" -KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86" -IUSE="doc gcrypt gnutls http nss +openssl static-libs test" -RESTRICT="!test? ( test )" -REQUIRED_USE=" - || ( gnutls nss openssl ) -" - -RDEPEND=" - >=dev-libs/libxml2-2.7.4 - >=dev-libs/libxslt-1.0.20 - dev-libs/libltdl - gcrypt? ( >=dev-libs/libgcrypt-1.4.0:= ) - gnutls? ( >=net-libs/gnutls-3.6.13:= ) - nss? ( - >=dev-libs/nspr-4.4.1 - >=dev-libs/nss-3.9 - ) - openssl? ( dev-libs/openssl:= ) -" -DEPEND="${RDEPEND}" -BDEPEND=" - virtual/pkgconfig - test? ( - nss? ( - >=dev-libs/nss-3.9[utils] - ) - ) -" - -PATCHES=( - "${FILESDIR}"/${PN}-1.3.0-optimisation.patch -) - -src_prepare() { - default - - eautoreconf -} - -src_configure() { - local myeconfargs=( - $(use_enable doc docs) - $(use_enable static-libs static) - $(use_with gcrypt) - $(use_with gnutls) - $(use_with nss nspr) - $(use_with nss) - $(use_with openssl) - - --disable-werror - --enable-mans - --enable-pkgconfig - - --enable-concatkdf - --enable-pbkdf2 - --enable-ec - --enable-dh - --enable-sha3 - - --enable-files - $(use_enable http) - --disable-ftp - ) - - # Bash because of bug #721128 - CONFIG_SHELL="${BROOT}"/bin/bash econf "${myeconfargs[@]}" -} - -src_test() { - # See https://github.com/lsh123/xmlsec/issues/280 for TZ=UTC - TZ=UTC SHELL="${BROOT}"/bin/bash emake TMPFOLDER="${T}" check -} - -src_install() { - default - - find "${ED}" -name '*.la' -delete || die -} |