diff options
| author | V3n3RiX <venerix@koprulu.sector> | 2023-04-21 00:01:06 +0100 |
|---|---|---|
| committer | V3n3RiX <venerix@koprulu.sector> | 2023-04-21 00:01:06 +0100 |
| commit | d33b3cf6cff9fdbfc8362bf854c3c34b2c28d518 (patch) | |
| tree | 7fb87b3c81930bc74ab84958c42e07fde61f6b7f /dev-libs | |
| parent | 1e2d947ea35b8fd5d14d55f60265f9763fa70a72 (diff) | |
gentoo auto-resync : 21:04:2023 - 00:01:05
Diffstat (limited to 'dev-libs')
21 files changed, 128 insertions, 1715 deletions
diff --git a/dev-libs/Manifest.gz b/dev-libs/Manifest.gz Binary files differindex cf0a315afb6b..41dc3dc6ea6b 100644 --- a/dev-libs/Manifest.gz +++ b/dev-libs/Manifest.gz diff --git a/dev-libs/kirigami-addons/Manifest b/dev-libs/kirigami-addons/Manifest index 2a5944930525..0de40aa19576 100644 --- a/dev-libs/kirigami-addons/Manifest +++ b/dev-libs/kirigami-addons/Manifest @@ -1,5 +1,5 @@ DIST kirigami-addons-0.6.2.tar.xz 83620 BLAKE2B 36c8bd1c758d83aa45655f6323d65b7fed2394ddf066a4fc266d59e93d847cb1162a54f643fcee34235d58a9f919c532d87bed2901c075232100c486a54467bb SHA512 7e517a548c82e0a7a07da57950ce7f9bf3171e21b09cf041839af92e9602891e28d624cc55cf9660448a40669b6bbbdd05d050aa27e5f5547f1fdf4c9803ec2e DIST kirigami-addons-0.7.2.tar.xz 94568 BLAKE2B d0d82fe8e685f577ae2cd633b4567775a80ef08e99cd385ff90e747faa44709dab18850286f69c0037c4301a3f2bd0403bf4a7f65977b6f28031c3b1ca6d8d65 SHA512 ff03f12c4224998e643776b1e63cc9eae63e65961a6b9b36f033144cbe46bcd521464d00bc55117f42442a888522a0c85729b25a9870eeea50600063d6191fe7 EBUILD kirigami-addons-0.6.2.ebuild 1082 BLAKE2B 58420e935ed5061ed2721b7ea2d265af825639f3ac880bed5983bf7b1a37e3c74e68e86cb51fa9045d322dddc2932236f0ee9dac2cc9524c862da6d746c0e9fc SHA512 94bf385d76bcc7214b5a4fcfa8753e79e65cb5f05035b7c899657accc143469e86d99303c10cfcdd24becc567f52628f97fa4f88349df26ec36fa5dd03c28573 -EBUILD kirigami-addons-0.7.2.ebuild 1082 BLAKE2B 58420e935ed5061ed2721b7ea2d265af825639f3ac880bed5983bf7b1a37e3c74e68e86cb51fa9045d322dddc2932236f0ee9dac2cc9524c862da6d746c0e9fc SHA512 94bf385d76bcc7214b5a4fcfa8753e79e65cb5f05035b7c899657accc143469e86d99303c10cfcdd24becc567f52628f97fa4f88349df26ec36fa5dd03c28573 +EBUILD kirigami-addons-0.7.2.ebuild 1087 BLAKE2B a527f56363d27ef09ab510ee9338ff2305d946ef428c89706354a27be1f5eda92719cbe21838b4ff12a7b21063d5a8f2c5e75cdcb49351990eb54111ab2d0d23 SHA512 c25fecd5fce23900fe6c3bfdbee389e40ef2f2a3a8f01704fa5bd676230c03219452a55206fdb55d78437251dc1947dbfc5760d18149f322f896c5f570e7d1b3 MISC metadata.xml 318 BLAKE2B 922a5e32e706b2976c5f359a14194d268d3f499398576c80ce5fad8c0fcea0fbf048de4480a80a6a1889c88b8b6c14147654a3ab4d5ffbcc258c2290da63f6d1 SHA512 614cb8dda7ad2088e5d6ef39b449bb4be0ac72cd0231c320188d76d1816dce6490c5114bb4798112c4b11d99d30a9e82ff8fcf08ffa8c049589682a5e38208f6 diff --git a/dev-libs/kirigami-addons/kirigami-addons-0.7.2.ebuild b/dev-libs/kirigami-addons/kirigami-addons-0.7.2.ebuild index 1ea72b702da9..2d96f49216de 100644 --- a/dev-libs/kirigami-addons/kirigami-addons-0.7.2.ebuild +++ b/dev-libs/kirigami-addons/kirigami-addons-0.7.2.ebuild @@ -12,7 +12,7 @@ inherit ecm kde.org if [[ ${KDE_BUILD_TYPE} = release ]]; then SRC_URI="mirror://kde/stable/${PN}/${P}.tar.xz" - KEYWORDS="~amd64 ~arm64 ~ppc64" + KEYWORDS="~amd64 ~arm64 ~ppc64 ~x86" fi DESCRIPTION="Visual end user components for Kirigami-based applications" diff --git a/dev-libs/ktextaddons/Manifest b/dev-libs/ktextaddons/Manifest index c0c2075d8091..71e2c1b8129c 100644 --- a/dev-libs/ktextaddons/Manifest +++ b/dev-libs/ktextaddons/Manifest @@ -1,3 +1,3 @@ DIST ktextaddons-1.2.0.tar.xz 321812 BLAKE2B 14d97e7983fac52b5ea281933df5b237e570f8fbb1aeb963e0df58fcc05dce8c5c7486849316ec675547ed797f090d8a48a95d5ab21c4bc4d90511e8a6f8b613 SHA512 667ffe7408c2fbd0d47f4db964fcc5181de01d2bb4ee047949402baff4d0768e04cc62a316e07dfc8c015a9d2b976508fc27ac17864a903e99b4153855e8f367 -EBUILD ktextaddons-1.2.0.ebuild 1062 BLAKE2B 5a39d48b83ee750de5b96a3fb19c21644f5693490e87a224cb306f637565ddf136eb3c1b8bd1d62e7eeee85c7fcb36e23e9000ee5d248c34dcff14d4b282c8f2 SHA512 4dbd2092103c9ed4512f9972c4553c2cb12b858fc30836aaee51a4fe1f7fd598fb9847578d56df08d8d73319447025c548be6f7ba267308754fdd5549548c223 +EBUILD ktextaddons-1.2.0.ebuild 1081 BLAKE2B 0d52bab90c134d3bd282fac13d7cf5e60a8f7620ff2ed9a599b1b66dca0acc9b970c01bc5fe631c1827aea331b5b64ff1a7a73737b2cc86060a23a25e1a04087 SHA512 7bd7377ef7c7f3bc1a1932b16a7ec713fedaa9ddaf7186cdea4f3ef9284c2d2acadd72f84ba93f29412e1dd8daa8afe0b69a2307d38ecd72224e74c61acd29d8 MISC metadata.xml 533 BLAKE2B ad3c9ed5eb355091e9b1073118bf8cae793d17c12f0f1595660090834425d0cca01fdabc4ea868525e64051d35632de55caf8c0a10f1b413bf13baf55d2a7440 SHA512 36d4bfeff8d64f1455a8d3d8a5040913dd400ec2a469a03777e02b812a40806ec56d20a0e6dd4e05e5efde2342bb4007c027d562517929f07aeb6f713e895935 diff --git a/dev-libs/ktextaddons/ktextaddons-1.2.0.ebuild b/dev-libs/ktextaddons/ktextaddons-1.2.0.ebuild index f557b3280eaa..81da07c07478 100644 --- a/dev-libs/ktextaddons/ktextaddons-1.2.0.ebuild +++ b/dev-libs/ktextaddons/ktextaddons-1.2.0.ebuild @@ -16,7 +16,7 @@ HOMEPAGE="https://invent.kde.org/libraries/ktextaddons" if [[ ${KDE_BUILD_TYPE} = release ]]; then SRC_URI="mirror://kde/stable/${PN}/${P}.tar.xz" - KEYWORDS="~amd64" + KEYWORDS="~amd64 ~arm64 ~ppc64 ~x86" fi LICENSE="LGPL-2+" diff --git a/dev-libs/libmcrypt/Manifest b/dev-libs/libmcrypt/Manifest index c47646f2a9f5..0a9b8424c4c1 100644 --- a/dev-libs/libmcrypt/Manifest +++ b/dev-libs/libmcrypt/Manifest @@ -1,8 +1,9 @@ AUX libmcrypt-2.5.8-autoconf-2.70.patch 561 BLAKE2B 7781b257c87eb1f6d793fd5a0a2f017190728731f95dec00b25986fd97c36590db38f3670af6ef29c480ebab90405a1b2638601536102a6b62363226011c1199 SHA512 5aec87f49632a4e9d7cddabd5f661b813caa8558cb304374fda331a490a9f9f7a0bb753b2d4c81a17ca605246c18b9aaf24ee4d437af7f5e7a293e2fc9e37b79 +AUX libmcrypt-2.5.8-implicit-int.patch 2286 BLAKE2B 2e814a47d2b6c55ab8b13ab753e5227b09daa71703c2114857b971a8a683355751774d9399c2a5f4dc95c9249287eb212398108d75da91815acce655967b5ab1 SHA512 625252e7b6c5f0cf022f6e1cfcface0f0616b4c7c4ef4dca045f1108f17fd0ab3e01435606a7db513e2bed53e26860e7a14a342792ed86ad2cdcf37da01e1354 AUX libmcrypt-2.5.8-prototypes.patch 1435 BLAKE2B 6b4e85df1432e7766d5e678595b08b75a1592993d79f18373d28868566b4cbe271552d7e899719530677e4f2ad2b34d4308f01ff7808a0527507f23dc74dbf70 SHA512 c821c8c6bb42e50bb377c85042ff3127375b195ffa075d17a6ead6cedd01ff66dfe6e1fdf049a48d12b5285ee26e0a2208a86ab333294055c2df7723857c70d7 AUX libmcrypt-2.5.8-rotate-mask.patch 1060 BLAKE2B 1bce08c2fee92ddb2038b6de67d8ccc1c2d630506f4298926edf44147dcf9596d636204fb1d009f4affb00a1e84c503b162a41b5b02d5596996a8a1768ea2d96 SHA512 975d75e7b41ba18012a09ebf0bddec794ab8597d2515995ec55498437f237d8de917a2766e31da32e92ddbd40de6fe9ca78814eb55ff68da746037e064aaede8 AUX libmcrypt-2.5.8-uninitialized.patch 624 BLAKE2B d6c55091d0c159b5b04fb7cb68a239e45020de177271da7ac6b15c20f6d791399f5fb9c48970e66e6f43168408ce83c347fc8c1387308fee9d273726f268ed91 SHA512 d5bf3520f101a5edae1e165358c075be763ec1a76d721301b562476fe6495f4cfb0b991c71c24fe182885bf86903ef796b934fd9f5b2f026ad8a433579d70791 DIST libmcrypt-2.5.8.tar.gz 1335178 BLAKE2B caa970107382c1485267e68feebebe3ed1e2981d879b2bfaaa37f296528b77bf5e57e73e380f5ab02a1212fae1be5caeb376142920353fabdd8600746634780e SHA512 471a4e0dcbede836c975697a4edd5c3a53d555dde122a045d702e619d7e9768c7abc1ab541c79829f644b70241ac2e0cd274cf22499e47862983401566ca1fd1 EBUILD libmcrypt-2.5.8-r4.ebuild 992 BLAKE2B 8dd30536cd627150835cd6b4df96075410f5fc604d41d26298d84db8f7309016472c8fce6afcb8128fbd50ff349a19968ede8efce02bd3456df7dda563037eef SHA512 baa75457336aed9bb842e8150cc6fbe103c03cae6e78bf114620ac022d8c7ff496f826a83732998cb488004621fe9023b82803f3ba53d27b211c9c227102d2cf -EBUILD libmcrypt-2.5.8-r5.ebuild 1246 BLAKE2B ed3ca8781e3d736cc6c2739bab02e3f3a3466e5aa0b39f578adbaaa579f999b45f5a275090014be4e96e61a8d7f0be38734e975b9ba553cb2845c4c78e7be25d SHA512 daa81407b62afb3faa36782ef39093ad5c45a9777da435e8b1711821cd748b58de9e0a1a45060bf85700cc18fa5920baedf904b68a008494257b60a24a1cfece +EBUILD libmcrypt-2.5.8-r6.ebuild 1281 BLAKE2B 49e683f512e1626720dc1408dc5247f98ebf45f86484bb659fae46598a987cd0a9b36f4860a860efa31fb79951b5ffc3bd2a04d468952c977b42f943e8a9761a SHA512 92fc367a4cb15360329972ff3b5f83a237761a4853a98f1c7300b40f9a3d9369e8879f197ee042b0fdd02c5a5e24a733050cacd1635c7052bd49a3a0a1474ac0 MISC metadata.xml 249 BLAKE2B d6e11cf35a40f525ea7e1f78e0eb43ebde085e8f3a9ee2bd869a5acb43040d3490b84f7b916e5580163b217ca8e36910016199223a0d7f958d8d32e77fd6c92f SHA512 3976fd063b92b20de47f9a45410cf467b778d186a58eb13cd1dd6f46bbbd4fa1d0b8665e0a37f07e0f6b7a44343594d95bfa616c384be151982f0342ecdda7f3 diff --git a/dev-libs/libmcrypt/files/libmcrypt-2.5.8-implicit-int.patch b/dev-libs/libmcrypt/files/libmcrypt-2.5.8-implicit-int.patch new file mode 100644 index 000000000000..f504014011e3 --- /dev/null +++ b/dev-libs/libmcrypt/files/libmcrypt-2.5.8-implicit-int.patch @@ -0,0 +1,31 @@ +Add return and argument types to fake prototypes in mcrypt_symb.c. +This avoids build failures with future compilers that do not support +implicit function declarations. + +--- a/lib/Makefile.am ++++ b/lib/Makefile.am +@@ -23,8 +23,8 @@ mcrypt_symb.c: mcrypt_internal.h + @echo "/* This is automatically created. Don't touch... */" >> mcrypt_symb.c + @echo "" >> mcrypt_symb.c + -@for i in $(EXTRA_ALGOS); do \ +- if test -f ../modules/algorithms/$$i.c; then cat ../modules/algorithms/$$i.c 2>/dev/null|grep define|grep LTX|awk '{print "extern "$$3"();";}' >> mcrypt_symb.c 2>/dev/null; fi; \ +- if test -f ../modules/modes/$$i.c; then cat ../modules/modes/$$i.c 2>/dev/null|grep define|grep LTX|awk '{print "extern "$$3"();";}' >> mcrypt_symb.c 2>/dev/null; fi; \ ++ if test -f ../modules/algorithms/$$i.c; then cat ../modules/algorithms/$$i.c 2>/dev/null|grep define|grep LTX|awk '{print "extern void "$$3"(void);";}' >> mcrypt_symb.c 2>/dev/null; fi; \ ++ if test -f ../modules/modes/$$i.c; then cat ../modules/modes/$$i.c 2>/dev/null|grep define|grep LTX|awk '{print "extern void "$$3"(void);";}' >> mcrypt_symb.c 2>/dev/null; fi; \ + done + @echo "" >> mcrypt_symb.c + @echo "const mcrypt_preloaded mps[] = {" >> mcrypt_symb.c +--- a/lib/Makefile.in ++++ b/lib/Makefile.in +@@ -561,8 +561,8 @@ mcrypt_symb.c: mcrypt_internal.h + @echo "/* This is automatically created. Don't touch... */" >> mcrypt_symb.c + @echo "" >> mcrypt_symb.c + -@for i in $(EXTRA_ALGOS); do \ +- if test -f ../modules/algorithms/$$i.c; then cat ../modules/algorithms/$$i.c 2>/dev/null|grep define|grep LTX|awk '{print "extern "$$3"();";}' >> mcrypt_symb.c 2>/dev/null; fi; \ +- if test -f ../modules/modes/$$i.c; then cat ../modules/modes/$$i.c 2>/dev/null|grep define|grep LTX|awk '{print "extern "$$3"();";}' >> mcrypt_symb.c 2>/dev/null; fi; \ ++ if test -f ../modules/algorithms/$$i.c; then cat ../modules/algorithms/$$i.c 2>/dev/null|grep define|grep LTX|awk '{print "extern void "$$3"(void);";}' >> mcrypt_symb.c 2>/dev/null; fi; \ ++ if test -f ../modules/modes/$$i.c; then cat ../modules/modes/$$i.c 2>/dev/null|grep define|grep LTX|awk '{print "extern void "$$3"(void);";}' >> mcrypt_symb.c 2>/dev/null; fi; \ + done + @echo "" >> mcrypt_symb.c + @echo "const mcrypt_preloaded mps[] = {" >> mcrypt_symb.c + diff --git a/dev-libs/libmcrypt/libmcrypt-2.5.8-r5.ebuild b/dev-libs/libmcrypt/libmcrypt-2.5.8-r6.ebuild index 54637cd96a4f..ad764fba60fa 100644 --- a/dev-libs/libmcrypt/libmcrypt-2.5.8-r5.ebuild +++ b/dev-libs/libmcrypt/libmcrypt-2.5.8-r6.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -11,7 +11,7 @@ SRC_URI="mirror://sourceforge/mcrypt/${P}.tar.gz" LICENSE="GPL-2+ LGPL-2.1+" SLOT="0" -KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~x86-solaris" +KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~mips ppc ppc64 ~s390 sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~x86-solaris" DOCS=( AUTHORS NEWS README THANKS TODO ChangeLog @@ -25,6 +25,7 @@ PATCHES=( # http://sourceforge.net/tracker/index.php?func=detail&aid=1872801&group_id=87941&atid=584895 "${FILESDIR}/${P}-uninitialized.patch" "${FILESDIR}/${P}-prototypes.patch" + "${FILESDIR}/${P}-implicit-int.patch" ) src_prepare() { diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest index deda642911a5..3c657d92f3dd 100644 --- a/dev-libs/openssl/Manifest +++ b/dev-libs/openssl/Manifest @@ -8,15 +8,15 @@ AUX openssl-1.1.1t-CVE-2023-0466.patch 1719 BLAKE2B 77294d1820a935e653f254600eb2 AUX openssl-3.0.8-CVE-2023-0464.patch 8888 BLAKE2B 4a4c71e3dc3264ee2da59c9848bd79f700d9923cfc4d0fe26b740625263a1f47d0ad1a6dc3ecc060e6e7f94a3ddb90e80deb16850471d166b335107c48c3a7d0 SHA512 dd22e945312604f45bb55f2e8cfe485f4c7a47d7c07d746117baa580d61d25679d410043ff4243b62390176159ef4e3f40f0e2d28191329d3ad11f3bceb67294 AUX openssl-3.0.8-CVE-2023-0465.patch 1725 BLAKE2B a226cc9f74188da651b910e6bbb56f9bfe445ecb09cb094dcfb182874470c5562a00959dc38ccbed2f0d48fd672491b4b423ce7252e2bc5d334c8c8ba999f655 SHA512 f7cdebce1af1cd89e8d1cc17834cf998f2b1a7587807b06887036abd5a134c79f25adacc94b9f2c5e4cda634fbdbdc7f76256e4653f5ef278fa18ea7c5023f8d AUX openssl-3.0.8-CVE-2023-0466.patch 1839 BLAKE2B e9a573317c92abe5e084a1c301f87443f54d47a96967f66e2dba103f8ff88f3452b5926254bbc4fdfb249b0dac530d6382504f77c0e81fea13e30398a3f8561a SHA512 35d64774eb784753ca90e55c72978e01e1b21b13255a51f27d4c8b34865a9509d24e9712abc42ef597b496a44a8ec6c17cd92768ebd335e721f4da0f7b40a45d +AUX openssl-3.0.8-CVE-2023-1255.patch 1285 BLAKE2B 1394f50a82f01cd26e59ae241b4db60f73742e6d901a66e266772d0295eb2b7f3d7f53cbd2052fe9e81cfc251613cbc2394182b4813a5ca92e79c340c7f2b582 SHA512 df79750e82db172a1b0f61b7324442eb4b097f636854853d3229e3e970fbbdd73ac4094220d0745ecf00bdbb7fda09d7c0effceebbbd424df44af693aeb856a7 AUX openssl-3.0.8-mips-cflags.patch 1104 BLAKE2B 39b3698ce27758504aa64b3059fdb51876971f085850719c4ece9e068c975624c04a39652cc77446de1241aa1d816eb282cd969efd70dd5c5d682c84f6a9224a SHA512 ec0a860ee504281fbbc33dbe35f9f31b3c8943a144ccbddc75c36c89260793760b42efd6b7c27c51fbab059588fc784dbad39c5b5f77202bf13a263441766216 AUX openssl-3.1.0-CVE-2023-0464.patch 8888 BLAKE2B ef5c66bc6c06fd6e9d69ceff9f204e5944a1e73760e42bfc8550b197b674b34d273fcc9efa8a5f1b21577e8acc849548595a845a7f569a9ebce8ae0223ebb56a SHA512 e6b8f7f855ef880fcedba6e93971b1f894981e81e830d600446d560c2d83a8f8b2595a30ec0f7f0fdf1fc787b817d1d44700aa72203027a157beafdc0ec6ef19 AUX openssl-3.1.0-CVE-2023-0465.patch 1725 BLAKE2B 7fbf508304c257ca5fc58c6b80b567326895d5b86a25fcfbdc058c6d21d9244b3a55150436084b15184fac267c001520664c02bb7f7151b61acd8da47113df27 SHA512 5e1525dff539eb06f3772166cbb6f20162b2c7de12633616663beeb75f5e8e5d964b66364b82dbf993d0622b741dba1930f27ca44f9563c0d1ff5915e6be93ca AUX openssl-3.1.0-CVE-2023-0466.patch 1839 BLAKE2B 166c660e40f3a7e6f7a87d673e1c94ff93494a6bfa9c061ed8e1ffc8d396d83043803c9ee4f277ffacab9132c9a941c5d51b7079cd07264d20724e2f83e54ed2 SHA512 e7cfb530fcec4712f076cf70b44d20576cd9a56e7904499f6f8d7413bf2565ba591317ee843c1ee074ae0eae61c26178689677dc3b0261af1426986812f9016e +AUX openssl-3.1.0-CVE-2023-1255.patch 1285 BLAKE2B ca2749def80e8349db45260a397249229816ae226e7138d64a720bf43f81ac16b3a240b3f5e55e1878a05f5cb0ca2ffbdaa76030ea969e8e51d8b682008d9084 SHA512 cebf0c073d477556bdcafdd545bf39e2f4db2250c10b6db94628b9f46a6bcce877e281132693c3451766ce784629ad2f3863e02d42375d1de9afb72015512548 DIST openssl-1.0.2-patches-1.5.tar.xz 12404 BLAKE2B 6c1b8c28f339f539b2ab8643379502a24cf62bffde00041dce54d5dd9e8d2620b181362ee5464b0ab32ba4948e209697bfabadbea2944a409a1009100d298f24 SHA512 5725e2d9d1ee8cc074bcef3bed61c71bdab2ff1c114362110c3fb8da11ad5bc8f2ff28e90a293f5f3a5cf96ecda54dffdb7ab3fb3f8b23ef6472250dc3037659 DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1c838de945903fcf959c62cc29ddcd1a0cb360fc5db234df86860a6a4c096f5ecc237611e4c2946b986a5500c24ba93c208ef4 SHA512 a48a7efb9b973b865bcc5009d450b428ed6b4b95e4cefe70c51056e47392c8a7bec58215168d8b07712419dc74646c2bd2fd23bcfbba2031376e292249a6b1b6 DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32 -DIST openssl-1.1.1s.tar.gz 9868981 BLAKE2B ecd19eaf84dbc80448b51651abe52a89cc0052f024537959c4ebe61528988f235d661244fce6967159a876dd038c817bad19df742e828ca1cbae97ce6a4124bb SHA512 2ef983f166b5e1bf456ca37938e7e39d58d4cd85e9fc4b5174a05f5c37cc5ad89c3a9af97a6919bcaab128a8a92e4bdc8a045e5d9156d90768da8f73ac67c5b9 -DIST openssl-1.1.1s.tar.gz.asc 858 BLAKE2B d95f0f80d460feac737f84ed629c45aaf5e453103ef202ec7d33cf33b89ad83a9007429433b10754b725d7963b1960e350b64e8bdfe569ad149e26bef462eeca SHA512 aa6e5e940448297a90c46ba162f8e6ee324c2e202a9283328c31f996dc2259dd9f5f981d94d1cf1dd3cc73c44647b473602dacb857b9719bf066931b43b899e6 DIST openssl-1.1.1t.tar.gz 9881866 BLAKE2B 66d76ea0c05a4afc3104e22602cffc2373e857728625d31ab3244881cafa91c099a817a09def7746bce4133585bfc90b769f43527e77a81ed13e60a8c2fb4d8d SHA512 628676c9c3bc1cf46083d64f61943079f97f0eefd0264042e40a85dbbd988f271bfe01cd1135d22cc3f67a298f1d078041f8f2e97b0da0d93fe172da573da18c DIST openssl-1.1.1t.tar.gz.asc 833 BLAKE2B fc5e7069268e987a20241dfc4f080529c6e95e217c198568b09c833e390e68b25a604a5d3ec29c6a64b9dee9d42199fd3647214e536ba2f7b8b4e57aa4cba680 SHA512 1232a94fce991d62f008ae6d3d9b6fe68cb6378fe07450feb17a58eb2417fb385ffcb7e6b74eb683134be9ff6ccf6efa183f37f4dd521614fd5aeaddf000b90b DIST openssl-3.0.8.tar.gz 15151328 BLAKE2B e163cc9b8b458f72405a2f1bde3811c8d0eb22e8b08ff5608ec64799975f1546dcdce31466b8a1d5ed29bc90d19aa6017d711987c81b71f4b20e279828cf753a SHA512 8ce10be000d7d4092c8efc5b96b1d2f7da04c1c3a624d3a7923899c6b1de06f369016be957e36e8ab6d4c9102eaeec5d1973295d547f7893a7f11f132ae42b0d @@ -24,14 +24,8 @@ DIST openssl-3.0.8.tar.gz.asc 833 BLAKE2B 1949801150e254e9be648f33014a4a16f803b4 DIST openssl-3.1.0.tar.gz 15525381 BLAKE2B 9212a7fb13f6dee7746721ee406af56ae1b48ec58974c002465d2b0205839eb5ee0483383aa9924fc3e4168ebd34e1a5819480cf10aa318994d7171e54c07108 SHA512 71cc75c7700f445c616e382b76263ad2e4072beec0232458baf3d9891b8b64a7ad0cac4b4d24b727b2b7dcd100c78606fd48eba98a67eccd5f336e3d626ca713 DIST openssl-3.1.0.tar.gz.asc 488 BLAKE2B f4a844e3db2c2bdf42b6f811d16cc2077cacf713d20474d94e2d0180a6f97eadf4f03522e9fed478d263d680d88091dc2bc48e7ebb15d049bc57ee7ed64c7fbb SHA512 8d542e6471b745822d6cd889c5b168841b4366ee9a96edc2ab5b44fa1bd1b75308422aed312f1bd6e6a3c3e306eceaa95ce9bb4d0aa3e8ff86cb0fd92a7e61ea EBUILD openssl-1.0.2u-r1.ebuild 9980 BLAKE2B 0017b72acb2eb86f2927845903c93aacfc9c2812ecc5dd5daa23ffc6dd961a4258181ac2c085798b228df5aa23fff2faf476f880406a7c0eeecde3a8391d6a11 SHA512 7aadb788732ee4dbf32ba34567c8ffc897354ac4028f26ec60fab8f099a445c494825bcaad7a5bc053a1ca3f70bfc0f9e944cce5a4051708555cae24c6c5b9a9 -EBUILD openssl-1.1.1s.ebuild 10244 BLAKE2B d82db58beebd3eba272016b0484a148591c9d273b520dabd27c80e2f078a8a86beb0374ac2a19a6237fecd0e3e8d2a6d2a387edad4344865ead73869ae8f198b SHA512 3705eb236ead5c896ccb0e0165b48027bf6bd6bedcee148dc7d1ad53e2a787bad4e430c1d3868c05fb866628fb40675bef8bcf64e377e81ae601f3fa7ca4956b EBUILD openssl-1.1.1t-r1.ebuild 7974 BLAKE2B 1323ae4f56c9facb31f4487dced3c22c7c3f31dad6e420892dc6c5d21cc2d059f4ac5e6a4bf1e924b754bbf0e17dff96bb1ec3cf6a7f8e6992baed7a5c98ef05 SHA512 6b49ca3c7efeaa0230640bfea56eb1f038aaa0ed86b9e91bc7f67cee683e80d6bd6bf1016ad465e5720247056c8b1150d1aeb879f1485e1f0964b5ec5fd105a0 -EBUILD openssl-1.1.1t-r2.ebuild 8032 BLAKE2B 78af8d673a7ac80ca9ce186496f44b662696b72171888643ddd3cd7fdea94a9658f541c79cb26863207da395db9276a6bcbaa838867e20da5ea0602712b4edcd SHA512 085963d07dd99c4a10539b10cd212d39f2438c81a3337f10803094907c4f7197591e67eeb5962c54ab6055f5f3a6aecd90bd292b4965bd143bc1b242121c4d82 EBUILD openssl-1.1.1t-r3.ebuild 8385 BLAKE2B 7635320b4cda62933e0fa19dfa3bc6e15e2cc3cae31baf9485eab7762584fad4d145cf1f1039538e6435767aad40e1a61bec1de67886bb0bf6dcdfbe935f3004 SHA512 3a4a1768b1b048095b460abed409b131ccecebcb0d02616b943f0661886d368a63b7f7cf57814f540fbd270f11fcf1169bae68ce6a68b952e42390dafbf478eb -EBUILD openssl-3.0.8-r1.ebuild 7789 BLAKE2B a5a3eed08b0c4196e38849abd2f37c90f177f7c350f83064632934c379038e977e7519da2aadb62b7d15dc634cf26c8cf5bdae9aab0a4ddb6f4d1f0dbd693025 SHA512 b5e20150d2b93214303d70f73f7593f098bda3876e21d46e49c72000bd7161a29c3166908ae9f0e8af8efb4e127801dc0c7c962391499f9d46e74370ead17d2a -EBUILD openssl-3.0.8-r2.ebuild 7838 BLAKE2B 437496ddf1bf7d36c83e40f86e41d5ba5d0ce210f0162521c3df5d2011ccefb94c42021ba7d326824fc64f1b30fe0edc569f586552f43ce054a57aa82b9d4290 SHA512 2dc102202843d437fda0f2121ddfac2b15504129878bb40e2354638ad0b1b8c7e1fa81800491147961af6237022672f9ee47457cae0da0e62da3a6802f709398 -EBUILD openssl-3.0.8-r3.ebuild 8195 BLAKE2B e8510784cf26533644b19638eb112d4a9e9b54ef8b2c4e80673d85d7c750281e1449b263f428da7f080909355d017149a1920eaf1cfac15aa101f42ec4eeded4 SHA512 0b37b8ab4f25a1b846b87d825412c327a9fa08244325f8ee96567c366a004784cfb27764b3ffc06b5947c74416840263ea28a9f66bb095d376755ffdbac2afad -EBUILD openssl-3.1.0-r1.ebuild 7885 BLAKE2B bc101a34ee46f11314a0c55810c7d5444db5d2d2c18fce9ba9c78e3d68356f49c017aece7578f3a714fcc758288a427e989a93f2bf7f3c336c2b4b3a9d0a843e SHA512 f62450c598a35fe55a544ae9255fadd8f0376e40fe7a21f9f5cb9df47c3ef30297e77da50679841c47f69338e68ba52bbb97e9f5705fe54d9b5dea7f15fb2e2e -EBUILD openssl-3.1.0-r2.ebuild 8242 BLAKE2B 445ad673ee2d5ebbec8d190b9b11b22cf5dee880cd2faacc78b01bda36b0daba69dd2b66b605308b801bc3f3b254a5d8ad0b5c92075c69a3e4cb2de150d39e91 SHA512 a538c2533943a79199f7d76b70fa5581f519199a4798194695b0cd090acc495d7bb7ca56a14d20ca97598f5ad63df335520cc77213bf90410ce646015a10d075 -EBUILD openssl-3.1.0.ebuild 7836 BLAKE2B 98a3e069f68c4e67cc905021d0857f1d3ed487a71abae6705b38bea79285d78f298b5ce3e85cd4834d3d18158a7a47d9c44adb37c72bb5043a6228a66a9c01d1 SHA512 67d916b42bae7512cd2633fe473233fb7630089a26fcb203dff265a1afa7636f93e9fe5b152082f243bacec7833b12e0137c461ff07031700ac45916f828db1f +EBUILD openssl-3.0.8-r4.ebuild 8244 BLAKE2B 4765379bb4ae1295b4f89c2bfce5b72b9f6322400e0b76b7394286d544bdf3ce9162261455907e95deff15d36a835ca666a213a23996de8eccf054012593b9df SHA512 d67e71a6e828b210d70bf1d848167d6e73462e3965f47bb875908c1e95965eec5efcbbb880b791bfc7e2961ee970804210e7ac3deff6a408dece6583af1cf0d2 +EBUILD openssl-3.1.0-r3.ebuild 8291 BLAKE2B 6db8d1532f6615bff4a6d16ef8db0380d0d0e72f5d6adf62b8fc84bc424846b5a72f7cc23658c46ea9d81bb9d833195d1156e7b2154107ce23ff4493ee67b705 SHA512 c8bf2d0229fcd8463882c3463ea9939a795f4fdff56d9c92192cc4a09249366f1d017d41ba198bf24da9591af79896e67c9e05ddd63193b6b5abd7c05434f2a2 MISC metadata.xml 1664 BLAKE2B cf9d4613e5387e7ec0787b1a6c137baa71effb8458fa63b5dea0be4d5cf7c8607257262dbf89dcc0c3db7b17b10232d32902b7569827bd4f2717b3ef7dffaaa9 SHA512 01deef1de981201c14101630d2a4ae270abcac9a4b27b068359d76f63aeb6075aceb33db60175c105294cb7045aae389168f4cf1edf0f6e3656ccc2fe92e9c92 diff --git a/dev-libs/openssl/files/openssl-3.0.8-CVE-2023-1255.patch b/dev-libs/openssl/files/openssl-3.0.8-CVE-2023-1255.patch new file mode 100644 index 000000000000..9b1a657d51be --- /dev/null +++ b/dev-libs/openssl/files/openssl-3.0.8-CVE-2023-1255.patch @@ -0,0 +1,40 @@ +commit 02ac9c9420275868472f33b01def01218742b8bb +Author: Tomas Mraz <tomas@openssl.org> +Date: Mon Apr 17 16:51:20 2023 +0200 + + aesv8-armx.pl: Avoid buffer overrread in AES-XTS decryption + + Original author: Nevine Ebeid (Amazon) + Fixes: CVE-2023-1255 + + The buffer overread happens on decrypts of 4 mod 5 sizes. + Unless the memory just after the buffer is unmapped this is harmless. + + Reviewed-by: Paul Dale <pauli@openssl.org> + Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> + (Merged from https://github.com/openssl/openssl/pull/20759) + + (cherry picked from commit 72dfe46550ee1f1bbfacd49f071419365bc23304) + +diff --git a/crypto/aes/asm/aesv8-armx.pl b/crypto/aes/asm/aesv8-armx.pl +index 6a7bf05d1b..bd583e2c89 100755 +--- a/crypto/aes/asm/aesv8-armx.pl ++++ b/crypto/aes/asm/aesv8-armx.pl +@@ -3353,7 +3353,7 @@ $code.=<<___ if ($flavour =~ /64/); + .align 4 + .Lxts_dec_tail4x: + add $inp,$inp,#16 +- vld1.32 {$dat0},[$inp],#16 ++ tst $tailcnt,#0xf + veor $tmp1,$dat1,$tmp0 + vst1.8 {$tmp1},[$out],#16 + veor $tmp2,$dat2,$tmp2 +@@ -3362,6 +3362,8 @@ $code.=<<___ if ($flavour =~ /64/); + veor $tmp4,$dat4,$tmp4 + vst1.8 {$tmp3-$tmp4},[$out],#32 + ++ b.eq .Lxts_dec_abort ++ vld1.32 {$dat0},[$inp],#16 + b .Lxts_done + .align 4 + .Lxts_outer_dec_tail: diff --git a/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-1255.patch b/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-1255.patch new file mode 100644 index 000000000000..aea425f83556 --- /dev/null +++ b/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-1255.patch @@ -0,0 +1,40 @@ +commit bc2f61ad70971869b242fc1cb445b98bad50074a +Author: Tomas Mraz <tomas@openssl.org> +Date: Mon Apr 17 16:51:20 2023 +0200 + + aesv8-armx.pl: Avoid buffer overrread in AES-XTS decryption + + Original author: Nevine Ebeid (Amazon) + Fixes: CVE-2023-1255 + + The buffer overread happens on decrypts of 4 mod 5 sizes. + Unless the memory just after the buffer is unmapped this is harmless. + + Reviewed-by: Paul Dale <pauli@openssl.org> + Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> + (Merged from https://github.com/openssl/openssl/pull/20759) + + (cherry picked from commit 72dfe46550ee1f1bbfacd49f071419365bc23304) + +diff --git a/crypto/aes/asm/aesv8-armx.pl b/crypto/aes/asm/aesv8-armx.pl +index ea74217317..efd3ccd1a4 100755 +--- a/crypto/aes/asm/aesv8-armx.pl ++++ b/crypto/aes/asm/aesv8-armx.pl +@@ -3367,7 +3367,7 @@ $code.=<<___ if ($flavour =~ /64/); + .align 4 + .Lxts_dec_tail4x: + add $inp,$inp,#16 +- vld1.32 {$dat0},[$inp],#16 ++ tst $tailcnt,#0xf + veor $tmp1,$dat1,$tmp0 + vst1.8 {$tmp1},[$out],#16 + veor $tmp2,$dat2,$tmp2 +@@ -3376,6 +3376,8 @@ $code.=<<___ if ($flavour =~ /64/); + veor $tmp4,$dat4,$tmp4 + vst1.8 {$tmp3-$tmp4},[$out],#32 + ++ b.eq .Lxts_dec_abort ++ vld1.32 {$dat0},[$inp],#16 + b .Lxts_done + .align 4 + .Lxts_outer_dec_tail: diff --git a/dev-libs/openssl/openssl-1.1.1s.ebuild b/dev-libs/openssl/openssl-1.1.1s.ebuild deleted file mode 100644 index ae35bd52b8b8..000000000000 --- a/dev-libs/openssl/openssl-1.1.1s.ebuild +++ /dev/null @@ -1,342 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc -inherit edo flag-o-matic toolchain-funcs multilib-minimal verify-sig linux-info - -MY_P=${P/_/-} -DESCRIPTION="Full-strength general purpose cryptography library (including SSL and TLS)" -HOMEPAGE="https://www.openssl.org/" -SRC_URI="mirror://openssl/source/${MY_P}.tar.gz - verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )" -S="${WORKDIR}/${MY_P}" - -LICENSE="openssl" -SLOT="0/1.1" # .so version of libssl/libcrypto -if [[ ${PV} != *_pre* ]] ; then - KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" -fi -IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers" -RESTRICT="!test? ( test )" - -RDEPEND=">=app-misc/c_rehash-1.7-r1 - tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )" -DEPEND="${RDEPEND}" -BDEPEND=" - >=dev-lang/perl-5 - sctp? ( >=net-misc/lksctp-tools-1.0.12 ) - test? ( - sys-apps/diffutils - sys-devel/bc - kernel_linux? ( sys-process/procps ) - ) - verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )" -PDEPEND="app-misc/ca-certificates" - -# force upgrade to prevent broken login, bug #696950 -RDEPEND+=" !<net-misc/openssh-8.0_p1-r3" - -MULTILIB_WRAPPED_HEADERS=( - usr/include/openssl/opensslconf.h -) - -PATCHES=( - # General patches which are suitable to always apply - # If they're Gentoo specific, add to USE=-vanilla logic in src_prepare! - "${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch # bug #671602 - "${FILESDIR}"/${PN}-1.1.1i-riscv32.patch -) - -pkg_setup() { - [[ ${MERGE_TYPE} == binary ]] && return - - # must check in pkg_setup; sysctl doesn't work with userpriv! - if use test && use sctp; then - # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel" - # if sctp.auth_enable is not enabled. - local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null) - if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then - die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!" - fi - fi - - use test && CONFIG_CHECK="~CRYPTO_USER_API_SKCIPHER" - linux-info_pkg_setup -} - -src_unpack() { - # Can delete this once test fix patch is dropped - if use verify-sig ; then - # Needed for downloaded patch (which is unsigned, which is fine) - verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc} - fi - - default -} - -src_prepare() { - # Allow openssl to be cross-compiled - cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die - chmod a+rx gentoo.config || die - - # Keep this in sync with app-misc/c_rehash - SSL_CNF_DIR="/etc/ssl" - - # Make sure we only ever touch Makefile.org and avoid patching a file - # that gets blown away anyways by the Configure script in src_configure - rm -f Makefile - - if ! use vanilla ; then - PATCHES+=( - # Add patches which are Gentoo-specific customisations here - ) - fi - - default - - if use test && use sctp && has network-sandbox ${FEATURES}; then - einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..." - rm test/recipes/80-test_ssl_new.t || die - fi - - # - Make sure the man pages are suffixed (bug #302165) - # - Don't bother building man pages if they're disabled - # - Make DOCDIR Gentoo compliant - sed -i \ - -e '/^MANSUFFIX/s:=.*:=ssl:' \ - -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \ - -e $(has noman FEATURES \ - && echo '/^install:/s:install_docs::' \ - || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \ - -e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \ - Configurations/unix-Makefile.tmpl \ - || die - - # Quiet out unknown driver argument warnings since openssl - # doesn't have well-split CFLAGS and we're making it even worse - # and 'make depend' uses -Werror for added fun (bug #417795 again) - tc-is-clang && append-flags -Qunused-arguments - - # We really, really need to build OpenSSL w/ strict aliasing disabled. - # It's filled with violations and it *will* result in miscompiled - # code. This has been in the ebuild for > 10 years but even in 2022, - # it's still relevant: - # - https://github.com/llvm/llvm-project/issues/55255 - # - https://github.com/openssl/openssl/issues/18225 - # - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057 - # Don't remove the no strict aliasing bits below! - filter-flags -fstrict-aliasing - append-flags -fno-strict-aliasing - - append-cppflags -DOPENSSL_NO_BUF_FREELISTS - - append-flags $(test-flags-CC -Wa,--noexecstack) - - # Prefixify Configure shebang (bug #141906) - sed \ - -e "1s,/usr/bin/env,${BROOT}&," \ - -i Configure || die - - # Remove test target when FEATURES=test isn't set - if ! use test ; then - sed \ - -e '/^$config{dirs}/s@ "test",@@' \ - -i Configure || die - fi - - if use prefix && [[ ${CHOST} == *-solaris* ]] ; then - # use GNU ld full option, not to confuse it on Solaris - sed -i \ - -e 's/-Wl,-M,/-Wl,--version-script=/' \ - -e 's/-Wl,-h,/-Wl,--soname=/' \ - Configurations/10-main.conf || die - - # fix building on Solaris 10 - # https://github.com/openssl/openssl/issues/6333 - sed -i \ - -e 's/-lsocket -lnsl -ldl/-lsocket -lnsl -ldl -lrt/' \ - Configurations/10-main.conf || die - fi - - # The config script does stupid stuff to prompt the user. Kill it. - sed -i '/stty -icanon min 0 time 50; read waste/d' config || die - ./config --test-sanity || die "I AM NOT SANE" - - multilib_copy_sources -} - -multilib_src_configure() { - # bug #197996 - unset APPS - # bug #312551 - unset SCRIPTS - # bug #311473 - unset CROSS_COMPILE - - tc-export AR CC CXX RANLIB RC - - use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } - - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") - - # See if our toolchain supports __uint128_t. If so, it's 64bit - # friendly and can use the nicely optimized code paths, bug #460790. - #local ec_nistp_64_gcc_128 - # - # Disable it for now though (bug #469976) - # Do NOT re-enable without substantial discussion first! - # - #echo "__uint128_t i;" > "${T}"/128.c - #if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then - # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" - #fi - - local sslout=$(./gentoo.config) - einfo "Use configuration ${sslout:-(openssl knows best)}" - local config="Configure" - [[ -z ${sslout} ]] && config="config" - - # "disable-deprecated" option breaks too many consumers. - # Don't set it without thorough revdeps testing. - # Make sure user flags don't get added *yet* to avoid duplicated - # flags. - local myeconfargs=( - ${sslout} - - $(use cpu_flags_x86_sse2 || echo "no-sse2") - enable-camellia - enable-ec - enable-ec2m - enable-sm2 - enable-srp - $(use elibc_musl && echo "no-async") - ${ec_nistp_64_gcc_128} - enable-idea - enable-mdc2 - enable-rc5 - $(use_ssl sslv3 ssl3) - $(use_ssl sslv3 ssl3-method) - $(use_ssl asm) - $(use_ssl rfc3779) - $(use_ssl sctp) - $(use test || echo "no-tests") - $(use_ssl tls-compression zlib) - $(use_ssl tls-heartbeat heartbeats) - $(use_ssl weak-ssl-ciphers) - - --prefix="${EPREFIX}"/usr - --openssldir="${EPREFIX}"${SSL_CNF_DIR} - --libdir=$(get_libdir) - - shared - threads - ) - - CFLAGS= LDFLAGS= edo ./${config} "${myeconfargs[@]}" - - # Clean out hardcoded flags that openssl uses - local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \ - -e 's:^CFLAGS=::' \ - -e 's:\(^\| \)-fomit-frame-pointer::g' \ - -e 's:\(^\| \)-O[^ ]*::g' \ - -e 's:\(^\| \)-march=[^ ]*::g' \ - -e 's:\(^\| \)-mcpu=[^ ]*::g' \ - -e 's:\(^\| \)-m[^ ]*::g' \ - -e 's:^ *::' \ - -e 's: *$::' \ - -e 's: \+: :g' \ - -e 's:\\:\\\\:g' - ) - - # Now insert clean default flags with user flags - sed -i \ - -e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \ - -e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \ - Makefile || die -} - -multilib_src_compile() { - # depend is needed to use $confopts; it also doesn't matter - # that it's -j1 as the code itself serializes subdirs - emake -j1 depend - - emake all -} - -multilib_src_test() { - emake -j1 test -} - -multilib_src_install() { - # We need to create ${ED}/usr on our own to avoid a race condition (bug #665130) - dodir /usr - - emake DESTDIR="${D}" install - - # This is crappy in that the static archives are still built even - # when USE=static-libs. But this is due to a failing in the openssl - # build system: the static archives are built as PIC all the time. - # Only way around this would be to manually configure+compile openssl - # twice; once with shared lib support enabled and once without. - if ! use static-libs; then - rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die - fi -} - -multilib_src_install_all() { - # openssl installs perl version of c_rehash by default, but - # we provide a shell version via app-misc/c_rehash - rm "${ED}"/usr/bin/c_rehash || die - - dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el - - # Create the certs directory - keepdir ${SSL_CNF_DIR}/certs - - # Namespace openssl programs to prevent conflicts with other man pages - cd "${ED}"/usr/share/man || die - local m d s - for m in $(find . -type f | xargs grep -L '#include') ; do - d=${m%/*} - d=${d#./} - m=${m##*/} - - [[ ${m} == openssl.1* ]] && continue - - [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!" - - mv ${d}/{,ssl-}${m} || die - - # Fix up references to renamed man pages - sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} || die - ln -s ssl-${m} ${d}/openssl-${m} - - # Locate any symlinks that point to this man page - # We assume that any broken links are due to the above renaming - for s in $(find -L ${d} -type l) ; do - s=${s##*/} - - rm -f ${d}/${s} - - # We don't want to "|| die" here - ln -s ssl-${m} ${d}/ssl-${s} - ln -s ssl-${s} ${d}/openssl-${s} - done - done - [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :(" - - # bug #254521 - dodir /etc/sandbox.d - echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl - - diropts -m0700 - keepdir ${SSL_CNF_DIR}/private -} - -pkg_postinst() { - ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes (bug #333069)" - c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null - eend $? -} diff --git a/dev-libs/openssl/openssl-1.1.1t-r2.ebuild b/dev-libs/openssl/openssl-1.1.1t-r2.ebuild deleted file mode 100644 index ed79949dc698..000000000000 --- a/dev-libs/openssl/openssl-1.1.1t-r2.ebuild +++ /dev/null @@ -1,266 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc -inherit edo flag-o-matic toolchain-funcs multilib-minimal verify-sig - -MY_P=${P/_/-} -DESCRIPTION="Full-strength general purpose cryptography library (including SSL and TLS)" -HOMEPAGE="https://www.openssl.org/" -SRC_URI="mirror://openssl/source/${MY_P}.tar.gz - verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )" -S="${WORKDIR}/${MY_P}" - -LICENSE="openssl" -SLOT="0/1.1" # .so version of libssl/libcrypto -if [[ ${PV} != *_pre* ]] ; then - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" -fi -IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers" -RESTRICT="!test? ( test )" - -RDEPEND=" - tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )" -DEPEND="${RDEPEND}" -BDEPEND=" - >=dev-lang/perl-5 - sctp? ( >=net-misc/lksctp-tools-1.0.12 ) - test? ( - sys-apps/diffutils - sys-devel/bc - kernel_linux? ( sys-process/procps ) - ) - verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )" -PDEPEND="app-misc/ca-certificates" - -# force upgrade to prevent broken login, bug #696950 -RDEPEND+=" !<net-misc/openssh-8.0_p1-r3" - -MULTILIB_WRAPPED_HEADERS=( - usr/include/openssl/opensslconf.h -) - -PATCHES=( - # General patches which are suitable to always apply - # If they're Gentoo specific, add to USE=-vanilla logic in src_prepare! - "${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch # bug #671602 - "${FILESDIR}"/${PN}-1.1.1i-riscv32.patch - "${FILESDIR}"/openssl-3.0.8-mips-cflags.patch - "${FILESDIR}"/openssl-1.1.1t-CVE-2023-0464.patch -) - -pkg_setup() { - [[ ${MERGE_TYPE} == binary ]] && return - - # must check in pkg_setup; sysctl doesn't work with userpriv! - if use test && use sctp; then - # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel" - # if sctp.auth_enable is not enabled. - local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null) - if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then - die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!" - fi - fi -} - -src_unpack() { - # Can delete this once test fix patch is dropped - if use verify-sig ; then - # Needed for downloaded patch (which is unsigned, which is fine) - verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc} - fi - - default -} - -src_prepare() { - # Make sure we only ever touch Makefile.org and avoid patching a file - # that gets blown away anyways by the Configure script in src_configure - rm -f Makefile - - if ! use vanilla ; then - PATCHES+=( - # Add patches which are Gentoo-specific customisations here - ) - fi - - default - - if use test && use sctp && has network-sandbox ${FEATURES}; then - einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..." - rm test/recipes/80-test_ssl_new.t || die - fi - - # Remove test target when FEATURES=test isn't set - if ! use test ; then - sed \ - -e '/^$config{dirs}/s@ "test",@@' \ - -i Configure || die - fi - - if use prefix && [[ ${CHOST} == *-solaris* ]] ; then - # use GNU ld full option, not to confuse it on Solaris - sed -i \ - -e 's/-Wl,-M,/-Wl,--version-script=/' \ - -e 's/-Wl,-h,/-Wl,--soname=/' \ - Configurations/10-main.conf || die - - # fix building on Solaris 10 - # https://github.com/openssl/openssl/issues/6333 - sed -i \ - -e 's/-lsocket -lnsl -ldl/-lsocket -lnsl -ldl -lrt/' \ - Configurations/10-main.conf || die - fi - - # The config script does stupid stuff to prompt the user. Kill it. - sed -i '/stty -icanon min 0 time 50; read waste/d' config || die -} - -src_configure() { - # Keep this in sync with app-misc/c_rehash - SSL_CNF_DIR="/etc/ssl" - - # Quiet out unknown driver argument warnings since openssl - # doesn't have well-split CFLAGS and we're making it even worse - # and 'make depend' uses -Werror for added fun (bug #417795 again) - tc-is-clang && append-flags -Qunused-arguments - - # We really, really need to build OpenSSL w/ strict aliasing disabled. - # It's filled with violations and it *will* result in miscompiled - # code. This has been in the ebuild for > 10 years but even in 2022, - # it's still relevant: - # - https://github.com/llvm/llvm-project/issues/55255 - # - https://github.com/openssl/openssl/issues/18225 - # - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057 - # Don't remove the no strict aliasing bits below! - filter-flags -fstrict-aliasing - append-flags -fno-strict-aliasing - - append-cppflags -DOPENSSL_NO_BUF_FREELISTS - - append-flags $(test-flags-CC -Wa,--noexecstack) - - # bug #197996 - unset APPS - # bug #312551 - unset SCRIPTS - # bug #311473 - unset CROSS_COMPILE - - tc-export AR CC CXX RANLIB RC - - multilib-minimal_src_configure -} - -multilib_src_configure() { - use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } - - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") - - # See if our toolchain supports __uint128_t. If so, it's 64bit - # friendly and can use the nicely optimized code paths, bug #460790. - #local ec_nistp_64_gcc_128 - # - # Disable it for now though (bug #469976) - # Do NOT re-enable without substantial discussion first! - # - #echo "__uint128_t i;" > "${T}"/128.c - #if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then - # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" - #fi - - local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4") - einfo "Use configuration ${sslout:-(openssl knows best)}" - local config=( perl "${S}/Configure" ) - [[ -z ${sslout} ]] && config=( sh "${S}/config" -v ) - - # "disable-deprecated" option breaks too many consumers. - # Don't set it without thorough revdeps testing. - # Make sure user flags don't get added *yet* to avoid duplicated - # flags. - local myeconfargs=( - ${sslout} - - $(use cpu_flags_x86_sse2 || echo "no-sse2") - enable-camellia - enable-ec - enable-ec2m - enable-sm2 - enable-srp - $(use elibc_musl && echo "no-async") - ${ec_nistp_64_gcc_128} - enable-idea - enable-mdc2 - enable-rc5 - $(use_ssl sslv3 ssl3) - $(use_ssl sslv3 ssl3-method) - $(use_ssl asm) - $(use_ssl rfc3779) - $(use_ssl sctp) - $(use test || echo "no-tests") - $(use_ssl tls-compression zlib) - $(use_ssl tls-heartbeat heartbeats) - $(use_ssl weak-ssl-ciphers) - - --prefix="${EPREFIX}"/usr - --openssldir="${EPREFIX}"${SSL_CNF_DIR} - --libdir=$(get_libdir) - - shared - threads - ) - - edo "${config[@]}" "${myeconfargs[@]}" -} - -multilib_src_compile() { - emake all -} - -multilib_src_test() { - emake -j1 test -} - -multilib_src_install() { - emake DESTDIR="${D}" install_sw - - if multilib_is_native_abi; then - emake DESTDIR="${D}" install_ssldirs - emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} MANSUFFIX=ssl install_docs - fi - - # This is crappy in that the static archives are still built even - # when USE=static-libs. But this is due to a failing in the openssl - # build system: the static archives are built as PIC all the time. - # Only way around this would be to manually configure+compile openssl - # twice; once with shared lib support enabled and once without. - if ! use static-libs; then - rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die - fi -} - -multilib_src_install_all() { - # openssl installs perl version of c_rehash by default, but - # we provide a shell version via app-misc/c_rehash - rm "${ED}"/usr/bin/c_rehash || die - - dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el - - # Create the certs directory - keepdir ${SSL_CNF_DIR}/certs - - # bug #254521 - dodir /etc/sandbox.d - echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl - - diropts -m0700 - keepdir ${SSL_CNF_DIR}/private -} - -pkg_postinst() { - ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)" - openssl rehash "${EROOT}${SSL_CNF_DIR}/certs" - eend $? -} diff --git a/dev-libs/openssl/openssl-3.0.8-r1.ebuild b/dev-libs/openssl/openssl-3.0.8-r1.ebuild deleted file mode 100644 index ea11e22eb155..000000000000 --- a/dev-libs/openssl/openssl-3.0.8-r1.ebuild +++ /dev/null @@ -1,270 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc -inherit edo flag-o-matic linux-info toolchain-funcs multilib-minimal multiprocessing verify-sig - -DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)" -HOMEPAGE="https://www.openssl.org/" - -MY_P=${P/_/-} - -if [[ ${PV} == 9999 ]] ; then - EGIT_REPO_URI="https://github.com/openssl/openssl.git" - - inherit git-r3 -else - SRC_URI="mirror://openssl/source/${MY_P}.tar.gz - verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )" - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" -fi - -S="${WORKDIR}"/${MY_P} - -LICENSE="Apache-2.0" -SLOT="0/3" # .so version of libssl/libcrypto -IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers" -RESTRICT="!test? ( test )" - -COMMON_DEPEND=" - tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) -" -BDEPEND=" - >=dev-lang/perl-5 - sctp? ( >=net-misc/lksctp-tools-1.0.12 ) - test? ( - sys-apps/diffutils - sys-devel/bc - sys-process/procps - ) - verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )" - -DEPEND="${COMMON_DEPEND}" -RDEPEND="${COMMON_DEPEND}" -PDEPEND="app-misc/ca-certificates" - -MULTILIB_WRAPPED_HEADERS=( - /usr/include/openssl/configuration.h -) - -PATCHES=( - "${FILESDIR}"/openssl-3.0.8-mips-cflags.patch -) - -pkg_setup() { - if use ktls ; then - if kernel_is -lt 4 18 ; then - ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!" - else - CONFIG_CHECK="~TLS ~TLS_DEVICE" - ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!" - ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!" - use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER" - - linux-info_pkg_setup - fi - fi - - [[ ${MERGE_TYPE} == binary ]] && return - - # must check in pkg_setup; sysctl doesn't work with userpriv! - if use test && use sctp ; then - # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel" - # if sctp.auth_enable is not enabled. - local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null) - if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then - die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!" - fi - fi -} - -src_unpack() { - # Can delete this once test fix patch is dropped - if use verify-sig ; then - # Needed for downloaded patch (which is unsigned, which is fine) - verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc} - fi - - default -} - -src_prepare() { - # Make sure we only ever touch Makefile.org and avoid patching a file - # that gets blown away anyways by the Configure script in src_configure - rm -f Makefile - - if ! use vanilla ; then - PATCHES+=( - # Add patches which are Gentoo-specific customisations here - ) - fi - - default - - if use test && use sctp && has network-sandbox ${FEATURES} ; then - einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..." - rm test/recipes/80-test_ssl_new.t || die - fi -} - -src_configure() { - # Keep this in sync with app-misc/c_rehash - SSL_CNF_DIR="/etc/ssl" - - # Quiet out unknown driver argument warnings since openssl - # doesn't have well-split CFLAGS and we're making it even worse - # and 'make depend' uses -Werror for added fun (bug #417795 again) - tc-is-clang && append-flags -Qunused-arguments - - # We really, really need to build OpenSSL w/ strict aliasing disabled. - # It's filled with violations and it *will* result in miscompiled - # code. This has been in the ebuild for > 10 years but even in 2022, - # it's still relevant: - # - https://github.com/llvm/llvm-project/issues/55255 - # - https://github.com/openssl/openssl/issues/18225 - # - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057 - # Don't remove the no strict aliasing bits below! - filter-flags -fstrict-aliasing - append-flags -fno-strict-aliasing - - append-flags $(test-flags-CC -Wa,--noexecstack) - - # bug #197996 - unset APPS - # bug #312551 - unset SCRIPTS - # bug #311473 - unset CROSS_COMPILE - - tc-export AR CC CXX RANLIB RC - - multilib-minimal_src_configure -} - -multilib_src_configure() { - use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } - - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") - - # See if our toolchain supports __uint128_t. If so, it's 64bit - # friendly and can use the nicely optimized code paths, bug #460790. - #local ec_nistp_64_gcc_128 - # - # Disable it for now though (bug #469976) - # Do NOT re-enable without substantial discussion first! - # - #echo "__uint128_t i;" > "${T}"/128.c - #if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then - # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" - #fi - - local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4") - einfo "Using configuration: ${sslout:-(openssl knows best)}" - - # https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features - local myeconfargs=( - ${sslout} - - $(use cpu_flags_x86_sse2 || echo "no-sse2") - enable-camellia - enable-ec - enable-ec2m - enable-sm2 - enable-srp - $(use elibc_musl && echo "no-async") - enable-idea - enable-mdc2 - enable-rc5 - $(use fips && echo "enable-fips") - $(use_ssl asm) - $(use_ssl ktls) - $(use_ssl rfc3779) - $(use_ssl sctp) - $(use test || echo "no-tests") - $(use_ssl tls-compression zlib) - $(use_ssl weak-ssl-ciphers) - - --prefix="${EPREFIX}"/usr - --openssldir="${EPREFIX}"${SSL_CNF_DIR} - --libdir=$(get_libdir) - - shared - threads - ) - - edo perl "${S}/Configure" "${myeconfargs[@]}" -} - -multilib_src_compile() { - emake build_sw - - if multilib_is_native_abi; then - emake build_docs - fi -} - -multilib_src_test() { - # VFP = show subtests verbosely and show failed tests verbosely - # Normal V=1 would show everything verbosely but this slows things down. - emake HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test -} - -multilib_src_install() { - emake DESTDIR="${D}" install_sw - if use fips; then - emake DESTDIR="${D}" install_fips - # Regen this in pkg_preinst, bug 900625 - rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die - fi - - if multilib_is_native_abi; then - emake DESTDIR="${D}" install_ssldirs - emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} install_docs - fi - - # This is crappy in that the static archives are still built even - # when USE=static-libs. But this is due to a failing in the openssl - # build system: the static archives are built as PIC all the time. - # Only way around this would be to manually configure+compile openssl - # twice; once with shared lib support enabled and once without. - if ! use static-libs ; then - rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die - fi -} - -multilib_src_install_all() { - # openssl installs perl version of c_rehash by default, but - # we provide a shell version via app-misc/c_rehash - rm "${ED}"/usr/bin/c_rehash || die - - dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el - - # Create the certs directory - keepdir ${SSL_CNF_DIR}/certs - - # bug #254521 - dodir /etc/sandbox.d - echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl - - diropts -m0700 - keepdir ${SSL_CNF_DIR}/private -} - -pkg_preinst() { - if use fips; then - # Regen fipsmodule.cnf, bug 900625 - ebegin "Running openssl fipsinstall" - "${ED}/usr/bin/openssl" fipsinstall -quiet \ - -out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \ - -module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so" - eend $? - fi -} - -pkg_postinst() { - ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)" - openssl rehash "${EROOT}${SSL_CNF_DIR}/certs" - eend $? -} diff --git a/dev-libs/openssl/openssl-3.0.8-r2.ebuild b/dev-libs/openssl/openssl-3.0.8-r2.ebuild deleted file mode 100644 index bc44de5a3345..000000000000 --- a/dev-libs/openssl/openssl-3.0.8-r2.ebuild +++ /dev/null @@ -1,271 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc -inherit edo flag-o-matic linux-info toolchain-funcs multilib-minimal multiprocessing verify-sig - -DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)" -HOMEPAGE="https://www.openssl.org/" - -MY_P=${P/_/-} - -if [[ ${PV} == 9999 ]] ; then - EGIT_REPO_URI="https://github.com/openssl/openssl.git" - - inherit git-r3 -else - SRC_URI="mirror://openssl/source/${MY_P}.tar.gz - verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )" - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" -fi - -S="${WORKDIR}"/${MY_P} - -LICENSE="Apache-2.0" -SLOT="0/3" # .so version of libssl/libcrypto -IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers" -RESTRICT="!test? ( test )" - -COMMON_DEPEND=" - tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) -" -BDEPEND=" - >=dev-lang/perl-5 - sctp? ( >=net-misc/lksctp-tools-1.0.12 ) - test? ( - sys-apps/diffutils - sys-devel/bc - sys-process/procps - ) - verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )" - -DEPEND="${COMMON_DEPEND}" -RDEPEND="${COMMON_DEPEND}" -PDEPEND="app-misc/ca-certificates" - -MULTILIB_WRAPPED_HEADERS=( - /usr/include/openssl/configuration.h -) - -PATCHES=( - "${FILESDIR}"/openssl-3.0.8-mips-cflags.patch - "${FILESDIR}"/openssl-3.0.8-CVE-2023-0464.patch -) - -pkg_setup() { - if use ktls ; then - if kernel_is -lt 4 18 ; then - ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!" - else - CONFIG_CHECK="~TLS ~TLS_DEVICE" - ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!" - ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!" - use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER" - - linux-info_pkg_setup - fi - fi - - [[ ${MERGE_TYPE} == binary ]] && return - - # must check in pkg_setup; sysctl doesn't work with userpriv! - if use test && use sctp ; then - # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel" - # if sctp.auth_enable is not enabled. - local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null) - if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then - die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!" - fi - fi -} - -src_unpack() { - # Can delete this once test fix patch is dropped - if use verify-sig ; then - # Needed for downloaded patch (which is unsigned, which is fine) - verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc} - fi - - default -} - -src_prepare() { - # Make sure we only ever touch Makefile.org and avoid patching a file - # that gets blown away anyways by the Configure script in src_configure - rm -f Makefile - - if ! use vanilla ; then - PATCHES+=( - # Add patches which are Gentoo-specific customisations here - ) - fi - - default - - if use test && use sctp && has network-sandbox ${FEATURES} ; then - einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..." - rm test/recipes/80-test_ssl_new.t || die - fi -} - -src_configure() { - # Keep this in sync with app-misc/c_rehash - SSL_CNF_DIR="/etc/ssl" - - # Quiet out unknown driver argument warnings since openssl - # doesn't have well-split CFLAGS and we're making it even worse - # and 'make depend' uses -Werror for added fun (bug #417795 again) - tc-is-clang && append-flags -Qunused-arguments - - # We really, really need to build OpenSSL w/ strict aliasing disabled. - # It's filled with violations and it *will* result in miscompiled - # code. This has been in the ebuild for > 10 years but even in 2022, - # it's still relevant: - # - https://github.com/llvm/llvm-project/issues/55255 - # - https://github.com/openssl/openssl/issues/18225 - # - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057 - # Don't remove the no strict aliasing bits below! - filter-flags -fstrict-aliasing - append-flags -fno-strict-aliasing - - append-flags $(test-flags-CC -Wa,--noexecstack) - - # bug #197996 - unset APPS - # bug #312551 - unset SCRIPTS - # bug #311473 - unset CROSS_COMPILE - - tc-export AR CC CXX RANLIB RC - - multilib-minimal_src_configure -} - -multilib_src_configure() { - use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } - - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") - - # See if our toolchain supports __uint128_t. If so, it's 64bit - # friendly and can use the nicely optimized code paths, bug #460790. - #local ec_nistp_64_gcc_128 - # - # Disable it for now though (bug #469976) - # Do NOT re-enable without substantial discussion first! - # - #echo "__uint128_t i;" > "${T}"/128.c - #if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then - # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" - #fi - - local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4") - einfo "Using configuration: ${sslout:-(openssl knows best)}" - - # https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features - local myeconfargs=( - ${sslout} - - $(use cpu_flags_x86_sse2 || echo "no-sse2") - enable-camellia - enable-ec - enable-ec2m - enable-sm2 - enable-srp - $(use elibc_musl && echo "no-async") - enable-idea - enable-mdc2 - enable-rc5 - $(use fips && echo "enable-fips") - $(use_ssl asm) - $(use_ssl ktls) - $(use_ssl rfc3779) - $(use_ssl sctp) - $(use test || echo "no-tests") - $(use_ssl tls-compression zlib) - $(use_ssl weak-ssl-ciphers) - - --prefix="${EPREFIX}"/usr - --openssldir="${EPREFIX}"${SSL_CNF_DIR} - --libdir=$(get_libdir) - - shared - threads - ) - - edo perl "${S}/Configure" "${myeconfargs[@]}" -} - -multilib_src_compile() { - emake build_sw - - if multilib_is_native_abi; then - emake build_docs - fi -} - -multilib_src_test() { - # VFP = show subtests verbosely and show failed tests verbosely - # Normal V=1 would show everything verbosely but this slows things down. - emake HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test -} - -multilib_src_install() { - emake DESTDIR="${D}" install_sw - if use fips; then - emake DESTDIR="${D}" install_fips - # Regen this in pkg_preinst, bug 900625 - rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die - fi - - if multilib_is_native_abi; then - emake DESTDIR="${D}" install_ssldirs - emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} install_docs - fi - - # This is crappy in that the static archives are still built even - # when USE=static-libs. But this is due to a failing in the openssl - # build system: the static archives are built as PIC all the time. - # Only way around this would be to manually configure+compile openssl - # twice; once with shared lib support enabled and once without. - if ! use static-libs ; then - rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die - fi -} - -multilib_src_install_all() { - # openssl installs perl version of c_rehash by default, but - # we provide a shell version via app-misc/c_rehash - rm "${ED}"/usr/bin/c_rehash || die - - dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el - - # Create the certs directory - keepdir ${SSL_CNF_DIR}/certs - - # bug #254521 - dodir /etc/sandbox.d - echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl - - diropts -m0700 - keepdir ${SSL_CNF_DIR}/private -} - -pkg_preinst() { - if use fips; then - # Regen fipsmodule.cnf, bug 900625 - ebegin "Running openssl fipsinstall" - "${ED}/usr/bin/openssl" fipsinstall -quiet \ - -out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \ - -module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so" - eend $? - fi -} - -pkg_postinst() { - ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)" - openssl rehash "${EROOT}${SSL_CNF_DIR}/certs" - eend $? -} diff --git a/dev-libs/openssl/openssl-3.0.8-r3.ebuild b/dev-libs/openssl/openssl-3.0.8-r4.ebuild index 47c1bd2d6e83..e11cbae84179 100644 --- a/dev-libs/openssl/openssl-3.0.8-r3.ebuild +++ b/dev-libs/openssl/openssl-3.0.8-r4.ebuild @@ -54,6 +54,7 @@ PATCHES=( "${FILESDIR}"/openssl-3.0.8-CVE-2023-0464.patch "${FILESDIR}"/openssl-3.0.8-CVE-2023-0465.patch "${FILESDIR}"/openssl-3.0.8-CVE-2023-0466.patch + "${FILESDIR}"/openssl-3.0.8-CVE-2023-1255.patch ) pkg_setup() { diff --git a/dev-libs/openssl/openssl-3.1.0-r1.ebuild b/dev-libs/openssl/openssl-3.1.0-r1.ebuild deleted file mode 100644 index f50b53ac125a..000000000000 --- a/dev-libs/openssl/openssl-3.1.0-r1.ebuild +++ /dev/null @@ -1,274 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc -inherit edo flag-o-matic linux-info toolchain-funcs multilib-minimal multiprocessing verify-sig - -DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)" -HOMEPAGE="https://www.openssl.org/" - -MY_P=${P/_/-} - -if [[ ${PV} == 9999 ]] ; then - EGIT_REPO_URI="https://github.com/openssl/openssl.git" - - inherit git-r3 -else - SRC_URI=" - mirror://openssl/source/${MY_P}.tar.gz - verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc ) - " - #KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" -fi - -S="${WORKDIR}"/${MY_P} - -LICENSE="Apache-2.0" -SLOT="0/$(ver_cut 1)" # .so version of libssl/libcrypto -IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers" -RESTRICT="!test? ( test )" - -COMMON_DEPEND=" - !<net-misc/openssh-9.2_p1-r3 - tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) -" -BDEPEND=" - >=dev-lang/perl-5 - sctp? ( >=net-misc/lksctp-tools-1.0.12 ) - test? ( - sys-apps/diffutils - sys-devel/bc - sys-process/procps - ) - verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )" - -DEPEND="${COMMON_DEPEND}" -RDEPEND="${COMMON_DEPEND}" -PDEPEND="app-misc/ca-certificates" - -MULTILIB_WRAPPED_HEADERS=( - /usr/include/openssl/configuration.h -) - -PATCHES=( - "${FILESDIR}"/openssl-3.0.8-mips-cflags.patch - "${FILESDIR}"/openssl-3.1.0-CVE-2023-0464.patch -) - -pkg_setup() { - if use ktls ; then - if kernel_is -lt 4 18 ; then - ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!" - else - CONFIG_CHECK="~TLS ~TLS_DEVICE" - ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!" - ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!" - use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER" - - linux-info_pkg_setup - fi - fi - - [[ ${MERGE_TYPE} == binary ]] && return - - # must check in pkg_setup; sysctl doesn't work with userpriv! - if use test && use sctp ; then - # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel" - # if sctp.auth_enable is not enabled. - local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null) - if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then - die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!" - fi - fi -} - -src_unpack() { - # Can delete this once test fix patch is dropped - if use verify-sig ; then - # Needed for downloaded patch (which is unsigned, which is fine) - verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc} - fi - - default -} - -src_prepare() { - # Make sure we only ever touch Makefile.org and avoid patching a file - # that gets blown away anyways by the Configure script in src_configure - rm -f Makefile - - if ! use vanilla ; then - PATCHES+=( - # Add patches which are Gentoo-specific customisations here - ) - fi - - default - - if use test && use sctp && has network-sandbox ${FEATURES} ; then - einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..." - rm test/recipes/80-test_ssl_new.t || die - fi -} - -src_configure() { - # Keep this in sync with app-misc/c_rehash - SSL_CNF_DIR="/etc/ssl" - - # Quiet out unknown driver argument warnings since openssl - # doesn't have well-split CFLAGS and we're making it even worse - # and 'make depend' uses -Werror for added fun (bug #417795 again) - tc-is-clang && append-flags -Qunused-arguments - - # We really, really need to build OpenSSL w/ strict aliasing disabled. - # It's filled with violations and it *will* result in miscompiled - # code. This has been in the ebuild for > 10 years but even in 2022, - # it's still relevant: - # - https://github.com/llvm/llvm-project/issues/55255 - # - https://github.com/openssl/openssl/issues/18225 - # - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057 - # Don't remove the no strict aliasing bits below! - filter-flags -fstrict-aliasing - append-flags -fno-strict-aliasing - - append-flags $(test-flags-CC -Wa,--noexecstack) - - # bug #197996 - unset APPS - # bug #312551 - unset SCRIPTS - # bug #311473 - unset CROSS_COMPILE - - tc-export AR CC CXX RANLIB RC - - multilib-minimal_src_configure -} - -multilib_src_configure() { - use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } - - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") - - # See if our toolchain supports __uint128_t. If so, it's 64bit - # friendly and can use the nicely optimized code paths, bug #460790. - #local ec_nistp_64_gcc_128 - # - # Disable it for now though (bug #469976) - # Do NOT re-enable without substantial discussion first! - # - #echo "__uint128_t i;" > "${T}"/128.c - #if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then - # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" - #fi - - local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4") - einfo "Using configuration: ${sslout:-(openssl knows best)}" - - # https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features - local myeconfargs=( - ${sslout} - - $(use cpu_flags_x86_sse2 || echo "no-sse2") - enable-camellia - enable-ec - enable-ec2m - enable-sm2 - enable-srp - $(use elibc_musl && echo "no-async") - enable-idea - enable-mdc2 - enable-rc5 - $(use fips && echo "enable-fips") - $(use_ssl asm) - $(use_ssl ktls) - $(use_ssl rfc3779) - $(use_ssl sctp) - $(use test || echo "no-tests") - $(use_ssl tls-compression zlib) - $(use_ssl weak-ssl-ciphers) - - --prefix="${EPREFIX}"/usr - --openssldir="${EPREFIX}"${SSL_CNF_DIR} - --libdir=$(get_libdir) - - shared - threads - ) - - edo perl "${S}/Configure" "${myeconfargs[@]}" -} - -multilib_src_compile() { - emake build_sw - - if multilib_is_native_abi; then - emake build_docs - fi -} - -multilib_src_test() { - # VFP = show subtests verbosely and show failed tests verbosely - # Normal V=1 would show everything verbosely but this slows things down. - emake HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test -} - -multilib_src_install() { - emake DESTDIR="${D}" install_sw - if use fips; then - emake DESTDIR="${D}" install_fips - # Regen this in pkg_preinst, bug 900625 - rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die - fi - - if multilib_is_native_abi; then - emake DESTDIR="${D}" install_ssldirs - emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} install_docs - fi - - # This is crappy in that the static archives are still built even - # when USE=static-libs. But this is due to a failing in the openssl - # build system: the static archives are built as PIC all the time. - # Only way around this would be to manually configure+compile openssl - # twice; once with shared lib support enabled and once without. - if ! use static-libs ; then - rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die - fi -} - -multilib_src_install_all() { - # openssl installs perl version of c_rehash by default, but - # we provide a shell version via app-misc/c_rehash - rm "${ED}"/usr/bin/c_rehash || die - - dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el - - # Create the certs directory - keepdir ${SSL_CNF_DIR}/certs - - # bug #254521 - dodir /etc/sandbox.d - echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl - - diropts -m0700 - keepdir ${SSL_CNF_DIR}/private -} - -pkg_preinst() { - if use fips; then - # Regen fipsmodule.cnf, bug 900625 - ebegin "Running openssl fipsinstall" - "${ED}/usr/bin/openssl" fipsinstall -quiet \ - -out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \ - -module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so" - eend $? - fi -} - -pkg_postinst() { - ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)" - openssl rehash "${EROOT}${SSL_CNF_DIR}/certs" - eend $? -} diff --git a/dev-libs/openssl/openssl-3.1.0-r2.ebuild b/dev-libs/openssl/openssl-3.1.0-r3.ebuild index 82fbb55ebda8..e98ee05437c1 100644 --- a/dev-libs/openssl/openssl-3.1.0-r2.ebuild +++ b/dev-libs/openssl/openssl-3.1.0-r3.ebuild @@ -57,6 +57,7 @@ PATCHES=( "${FILESDIR}"/openssl-3.1.0-CVE-2023-0464.patch "${FILESDIR}"/openssl-3.1.0-CVE-2023-0465.patch "${FILESDIR}"/openssl-3.1.0-CVE-2023-0466.patch + "${FILESDIR}"/openssl-3.1.0-CVE-2023-1255.patch ) pkg_setup() { diff --git a/dev-libs/openssl/openssl-3.1.0.ebuild b/dev-libs/openssl/openssl-3.1.0.ebuild deleted file mode 100644 index d13af77736ea..000000000000 --- a/dev-libs/openssl/openssl-3.1.0.ebuild +++ /dev/null @@ -1,273 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc -inherit edo flag-o-matic linux-info toolchain-funcs multilib-minimal multiprocessing verify-sig - -DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)" -HOMEPAGE="https://www.openssl.org/" - -MY_P=${P/_/-} - -if [[ ${PV} == 9999 ]] ; then - EGIT_REPO_URI="https://github.com/openssl/openssl.git" - - inherit git-r3 -else - SRC_URI=" - mirror://openssl/source/${MY_P}.tar.gz - verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc ) - " - #KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" -fi - -S="${WORKDIR}"/${MY_P} - -LICENSE="Apache-2.0" -SLOT="0/$(ver_cut 1)" # .so version of libssl/libcrypto -IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers" -RESTRICT="!test? ( test )" - -COMMON_DEPEND=" - !<net-misc/openssh-9.2_p1-r3 - tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) -" -BDEPEND=" - >=dev-lang/perl-5 - sctp? ( >=net-misc/lksctp-tools-1.0.12 ) - test? ( - sys-apps/diffutils - sys-devel/bc - sys-process/procps - ) - verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )" - -DEPEND="${COMMON_DEPEND}" -RDEPEND="${COMMON_DEPEND}" -PDEPEND="app-misc/ca-certificates" - -MULTILIB_WRAPPED_HEADERS=( - /usr/include/openssl/configuration.h -) - -PATCHES=( - "${FILESDIR}"/openssl-3.0.8-mips-cflags.patch -) - -pkg_setup() { - if use ktls ; then - if kernel_is -lt 4 18 ; then - ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!" - else - CONFIG_CHECK="~TLS ~TLS_DEVICE" - ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!" - ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!" - use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER" - - linux-info_pkg_setup - fi - fi - - [[ ${MERGE_TYPE} == binary ]] && return - - # must check in pkg_setup; sysctl doesn't work with userpriv! - if use test && use sctp ; then - # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel" - # if sctp.auth_enable is not enabled. - local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null) - if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then - die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!" - fi - fi -} - -src_unpack() { - # Can delete this once test fix patch is dropped - if use verify-sig ; then - # Needed for downloaded patch (which is unsigned, which is fine) - verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc} - fi - - default -} - -src_prepare() { - # Make sure we only ever touch Makefile.org and avoid patching a file - # that gets blown away anyways by the Configure script in src_configure - rm -f Makefile - - if ! use vanilla ; then - PATCHES+=( - # Add patches which are Gentoo-specific customisations here - ) - fi - - default - - if use test && use sctp && has network-sandbox ${FEATURES} ; then - einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..." - rm test/recipes/80-test_ssl_new.t || die - fi -} - -src_configure() { - # Keep this in sync with app-misc/c_rehash - SSL_CNF_DIR="/etc/ssl" - - # Quiet out unknown driver argument warnings since openssl - # doesn't have well-split CFLAGS and we're making it even worse - # and 'make depend' uses -Werror for added fun (bug #417795 again) - tc-is-clang && append-flags -Qunused-arguments - - # We really, really need to build OpenSSL w/ strict aliasing disabled. - # It's filled with violations and it *will* result in miscompiled - # code. This has been in the ebuild for > 10 years but even in 2022, - # it's still relevant: - # - https://github.com/llvm/llvm-project/issues/55255 - # - https://github.com/openssl/openssl/issues/18225 - # - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057 - # Don't remove the no strict aliasing bits below! - filter-flags -fstrict-aliasing - append-flags -fno-strict-aliasing - - append-flags $(test-flags-CC -Wa,--noexecstack) - - # bug #197996 - unset APPS - # bug #312551 - unset SCRIPTS - # bug #311473 - unset CROSS_COMPILE - - tc-export AR CC CXX RANLIB RC - - multilib-minimal_src_configure -} - -multilib_src_configure() { - use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } - - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") - - # See if our toolchain supports __uint128_t. If so, it's 64bit - # friendly and can use the nicely optimized code paths, bug #460790. - #local ec_nistp_64_gcc_128 - # - # Disable it for now though (bug #469976) - # Do NOT re-enable without substantial discussion first! - # - #echo "__uint128_t i;" > "${T}"/128.c - #if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then - # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" - #fi - - local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4") - einfo "Using configuration: ${sslout:-(openssl knows best)}" - - # https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features - local myeconfargs=( - ${sslout} - - $(use cpu_flags_x86_sse2 || echo "no-sse2") - enable-camellia - enable-ec - enable-ec2m - enable-sm2 - enable-srp - $(use elibc_musl && echo "no-async") - enable-idea - enable-mdc2 - enable-rc5 - $(use fips && echo "enable-fips") - $(use_ssl asm) - $(use_ssl ktls) - $(use_ssl rfc3779) - $(use_ssl sctp) - $(use test || echo "no-tests") - $(use_ssl tls-compression zlib) - $(use_ssl weak-ssl-ciphers) - - --prefix="${EPREFIX}"/usr - --openssldir="${EPREFIX}"${SSL_CNF_DIR} - --libdir=$(get_libdir) - - shared - threads - ) - - edo perl "${S}/Configure" "${myeconfargs[@]}" -} - -multilib_src_compile() { - emake build_sw - - if multilib_is_native_abi; then - emake build_docs - fi -} - -multilib_src_test() { - # VFP = show subtests verbosely and show failed tests verbosely - # Normal V=1 would show everything verbosely but this slows things down. - emake HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test -} - -multilib_src_install() { - emake DESTDIR="${D}" install_sw - if use fips; then - emake DESTDIR="${D}" install_fips - # Regen this in pkg_preinst, bug 900625 - rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die - fi - - if multilib_is_native_abi; then - emake DESTDIR="${D}" install_ssldirs - emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} install_docs - fi - - # This is crappy in that the static archives are still built even - # when USE=static-libs. But this is due to a failing in the openssl - # build system: the static archives are built as PIC all the time. - # Only way around this would be to manually configure+compile openssl - # twice; once with shared lib support enabled and once without. - if ! use static-libs ; then - rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die - fi -} - -multilib_src_install_all() { - # openssl installs perl version of c_rehash by default, but - # we provide a shell version via app-misc/c_rehash - rm "${ED}"/usr/bin/c_rehash || die - - dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el - - # Create the certs directory - keepdir ${SSL_CNF_DIR}/certs - - # bug #254521 - dodir /etc/sandbox.d - echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl - - diropts -m0700 - keepdir ${SSL_CNF_DIR}/private -} - -pkg_preinst() { - if use fips; then - # Regen fipsmodule.cnf, bug 900625 - ebegin "Running openssl fipsinstall" - "${ED}/usr/bin/openssl" fipsinstall -quiet \ - -out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \ - -module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so" - eend $? - fi -} - -pkg_postinst() { - ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)" - openssl rehash "${EROOT}${SSL_CNF_DIR}/certs" - eend $? -} diff --git a/dev-libs/qcoro5/Manifest b/dev-libs/qcoro5/Manifest index ed9ec7fad95b..3d3d09a78432 100644 --- a/dev-libs/qcoro5/Manifest +++ b/dev-libs/qcoro5/Manifest @@ -1,5 +1,5 @@ DIST qcoro5-0.7.0.tar.gz 135419 BLAKE2B 8f593e76e960349090cea649848c6b3d422125f1bd292ec79026d0cdab7f7e7de77ec409d442c624efe2683a24dd7715ba108f400e154813b6b3da3eb0b8fc09 SHA512 cd49f957d30b63ee70080425c1ed8ffe05c09f7d5e3c6f043c2a9e66eee9a537c9bd6f12ea54fa9fa53871c5d6e5c4502e2c4a10c30eb3bf017505ba875838ba DIST qcoro5-0.8.0.tar.gz 139254 BLAKE2B 979e1744951742c7a3f5a70d291e0e63d6be1d73794c9af32ef48b8e440c1919ae487cf07d1896cc2a8e7bdf8a51cac14f81a6e17689b57a93cfb71db3500282 SHA512 bdcf6f9113e5dde57fb56abdeb5106dbba8892ecc6c11d9f4b8b653570ffb0e25f63ee0fe87cd9008e02b99b76f959b9af00b2875420517b13295d6b108db2cc EBUILD qcoro5-0.7.0.ebuild 1364 BLAKE2B e5a40a2aeedbd93580888a25c8f5c132a16c607ea3cfde1c5fa0370aba1122d3ea33e89edfb7d21bdb080d09b3dfb8ac38acb3e96c507944d21c4a703f8e118a SHA512 360d05819d51c5c18880196f844927b631de50b1f3dbfd7e0d8cf06fe56609c51366dd8cd24d6f9de07a0fd28ab0f610d4cab2afa5f438f4a80aa3cdbc738e70 -EBUILD qcoro5-0.8.0.ebuild 1364 BLAKE2B e88d6bd77b09278ed29ef744a55cc1fa46c958dab30c4f8527cbcbeb3bbe49e5a182e50fc08aa5c9296e25f88cf3f23ca73a32879b5092e34b8505a194be3218 SHA512 f9b7cfa77e972869ed61c6489e7fa756af339db756a39ad60e18f5c1e0154aef10fd7c5d0e6fb512595a1552ffdb961f4aa2b97f0de15308f7d5dd25e0cc280a +EBUILD qcoro5-0.8.0.ebuild 1369 BLAKE2B 89d28ddbf44566a0a017a7e1b985876f8b5a2ac248883829c14e826c9a29aa221912ea9ed4cd8d1456007628be6bfb1db213a4c10b3b425dec9729f07f15f800 SHA512 7c56d5ca2f0fb11689edb94d2231654c9e480b634354a32149fac908a32d6c9eacec3eebd51e334a50b2c7fe8d387d48bbee2998a1a5751c3b3f7bd4e9686d0f MISC metadata.xml 647 BLAKE2B 99bb798a9950348fa169dcd61f759a2e5f179a7ffe70037be3657e0d01174d75694878355baa40256293380511decd804e1a0ee5eaa136d7279b99c78be64269 SHA512 9936b38eba4cdd71221bd5eb370bf782d9aee4665d6be6784fe0ece893e0deaaff8aff978fce308264d956e813185dc16b4bd0b3a7b36ebdd674f5782e166585 diff --git a/dev-libs/qcoro5/qcoro5-0.8.0.ebuild b/dev-libs/qcoro5/qcoro5-0.8.0.ebuild index b7f45410f814..2e0b29d831f1 100644 --- a/dev-libs/qcoro5/qcoro5-0.8.0.ebuild +++ b/dev-libs/qcoro5/qcoro5-0.8.0.ebuild @@ -11,7 +11,7 @@ if [[ ${PV} == *9999* ]]; then else SRC_URI="https://github.com/danvratil/${PN/5/}/archive/refs/tags/v${PV}.tar.gz -> ${P}.tar.gz" S="${WORKDIR}/${P/5/}" - KEYWORDS="~amd64 ~arm64 ~ppc64" + KEYWORDS="~amd64 ~arm64 ~ppc64 ~x86" fi DESCRIPTION="C++ Coroutine Library for Qt5" |