summaryrefslogtreecommitdiff
path: root/dev-libs
diff options
context:
space:
mode:
Diffstat (limited to 'dev-libs')
-rw-r--r--dev-libs/Manifest.gzbin97853 -> 97890 bytes
-rw-r--r--dev-libs/dqlite/Manifest2
-rw-r--r--dev-libs/dqlite/dqlite-1.15.0.ebuild49
-rw-r--r--dev-libs/icu-layoutex/Manifest3
-rw-r--r--dev-libs/icu-layoutex/icu-layoutex-73.2.ebuild135
-rw-r--r--dev-libs/icu/Manifest3
-rw-r--r--dev-libs/icu/icu-73.2.ebuild176
-rw-r--r--dev-libs/libclc/Manifest4
-rw-r--r--dev-libs/libclc/libclc-16.0.6.ebuild (renamed from dev-libs/libclc/libclc-16.0.6.9999.ebuild)2
-rw-r--r--dev-libs/libjcat/Manifest2
-rw-r--r--dev-libs/libjcat/libjcat-0.1.14.ebuild68
-rw-r--r--dev-libs/libmacaroons/Manifest3
-rw-r--r--dev-libs/libmacaroons/files/libmacaroons-0.3.0-no-python.patch91
-rw-r--r--dev-libs/libmacaroons/libmacaroons-0.3.0-r1.ebuild (renamed from dev-libs/libmacaroons/libmacaroons-0.3.0.ebuild)7
-rw-r--r--dev-libs/libvterm/Manifest2
-rw-r--r--dev-libs/libvterm/libvterm-0.3.2.ebuild28
-rw-r--r--dev-libs/libzia/Manifest6
-rw-r--r--dev-libs/libzia/libzia-4.39.ebuild54
-rw-r--r--dev-libs/libzia/libzia-4.40.ebuild54
-rw-r--r--dev-libs/libzia/libzia-4.42.ebuild54
-rw-r--r--dev-libs/mpfr/Manifest2
-rw-r--r--dev-libs/mpfr/mpfr-4.2.0_p9.ebuild1
-rw-r--r--dev-libs/ntl/Manifest1
-rw-r--r--dev-libs/ntl/ntl-11.5.1-r4.ebuild85
-rw-r--r--dev-libs/openssl-compat/Manifest3
-rw-r--r--dev-libs/openssl-compat/openssl-compat-1.1.1t.ebuild221
-rw-r--r--dev-libs/openssl/Manifest22
-rw-r--r--dev-libs/openssl/files/openssl-1.1.1t-CVE-2023-0464.patch215
-rw-r--r--dev-libs/openssl/files/openssl-1.1.1t-CVE-2023-0465.patch48
-rw-r--r--dev-libs/openssl/files/openssl-1.1.1t-CVE-2023-0466.patch41
-rw-r--r--dev-libs/openssl/files/openssl-3.0.8-CVE-2023-0464.patch214
-rw-r--r--dev-libs/openssl/files/openssl-3.0.8-CVE-2023-0465.patch46
-rw-r--r--dev-libs/openssl/files/openssl-3.0.8-CVE-2023-0466.patch41
-rw-r--r--dev-libs/openssl/files/openssl-3.0.8-CVE-2023-1255.patch40
-rw-r--r--dev-libs/openssl/files/openssl-3.0.8-mips-cflags.patch30
-rw-r--r--dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0464.patch214
-rw-r--r--dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0465.patch46
-rw-r--r--dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0466.patch41
-rw-r--r--dev-libs/openssl/files/openssl-3.1.0-CVE-2023-1255.patch40
-rw-r--r--dev-libs/openssl/openssl-1.1.1t-r1.ebuild265
-rw-r--r--dev-libs/openssl/openssl-1.1.1t-r3.ebuild269
-rw-r--r--dev-libs/openssl/openssl-3.0.8-r4.ebuild281
-rw-r--r--dev-libs/openssl/openssl-3.1.0-r3.ebuild284
-rw-r--r--dev-libs/serdisplib/Manifest2
-rw-r--r--dev-libs/serdisplib/serdisplib-2.02-r2.ebuild6
-rw-r--r--dev-libs/weston/Manifest2
-rw-r--r--dev-libs/weston/weston-11.0.1.ebuild2
-rw-r--r--dev-libs/xmlsec/Manifest4
-rw-r--r--dev-libs/xmlsec/files/xmlsec-1.2.37-libressl.patch40
-rw-r--r--dev-libs/xmlsec/xmlsec-1.2.37-r1.ebuild66
-rw-r--r--dev-libs/xmlsec/xmlsec-1.3.1.ebuild93
51 files changed, 867 insertions, 2541 deletions
diff --git a/dev-libs/Manifest.gz b/dev-libs/Manifest.gz
index 3bf6775c5d61..e8ba3b2046b4 100644
--- a/dev-libs/Manifest.gz
+++ b/dev-libs/Manifest.gz
Binary files differ
diff --git a/dev-libs/dqlite/Manifest b/dev-libs/dqlite/Manifest
index e98babe68b01..ea5811e786bc 100644
--- a/dev-libs/dqlite/Manifest
+++ b/dev-libs/dqlite/Manifest
@@ -1,4 +1,6 @@
AUX dqlite-1.12.0-disable-werror.patch 515 BLAKE2B 3a2ed21d6d4b33f3f39789459754f3663ff03946c65a9660bb98a07bbc6b9b3bde7f800580f40b2e49f92744cbca719463226c60a8e98b8f41f689797b63a916 SHA512 af0a219f9ef5315fdb169f7f812059b6cadc251df5262de8d5574827afb23da64e9d0015ef38db0e5581dd9e6a992a72e3a54c2cbb5181ceddcc07082a98bfdb
DIST dqlite-1.14.0.tar.gz 190757 BLAKE2B 5304ff10134c7775c4475f77bbe60cc6892cc35c3f2a7b4813743cd27fc1176a1d513d66ebf22b47ed7e83fa833be1408f44f781fbd8200bfd3f4465ea1d6011 SHA512 4305b289903766f00c26e278cce3f761c778b67105a6d7e51e66cc1cbf85564fd41f27689b6895c6f182968d851e10a40d052570d55e22007e9eb5c2929dabd9
+DIST dqlite-1.15.0.tar.gz 208833 BLAKE2B 41d2fced65c787381300aed1d0ee2393dc9e7aa371acd7efbee0744e00fed8a6ee7175eb3041f9cd198c1f0beef8951984e2a34646cbc069ea9d35753ba7568c SHA512 413f5aa7ad9d990638c6ffbdf5706ec69635ead0ad21314603b3c997608c696bd294bd5d15c092d1619509fc4d51c4038deaec82bd82cbbd4070f4a4020f9cc4
EBUILD dqlite-1.14.0.ebuild 1030 BLAKE2B 6bab29603f06e7c77bfe3b4e8368025be5e3780d4bf7e7b0c9cbbbb963ad6fe2bbb5e522e8e8875eb1c26a367757132f45c268d9085bcffe057e2b502f8f7c14 SHA512 49d06af2574dc18cf68129813953fce654aca56329115b877b0dc58396d7c0b9dd4bbef9d87660943045b1b51e50b81297cfc978db5019006dae37ced408de71
+EBUILD dqlite-1.15.0.ebuild 1031 BLAKE2B 63c90dc64ce177796a67d7b233ae47e0ac8e68dd6b77344876f444d82373054cdabec9e2e97a4a2b0ed75ebada95d7aed3bece26890c6c505cdfcfa4f7009ce9 SHA512 80488218329881c0c2597b6ab3e04ad7195adebd6a42ebd61646350248c6947dfb9741d304f69fee37ae6f97296c30a203a0f9e0482cd392eaac2b959c23801f
MISC metadata.xml 950 BLAKE2B 26822e40a2c719e8e3a03db6e513d869eef038fcca973ef049da1b6eeec29aefd0867d6bced049ad1dd0465a4d942982565ff0436a7744ffb127879987ea626a SHA512 bb07a8a87ae66e5b5a2aca695e9d5cd1e5a1d725d1d9200099f9d5b46adad83c2ca9ebfedc172ad01fe31aecc1fbbe5a4de7255a2e04d4462c03a106127c7221
diff --git a/dev-libs/dqlite/dqlite-1.15.0.ebuild b/dev-libs/dqlite/dqlite-1.15.0.ebuild
new file mode 100644
index 000000000000..7eae68fc19f4
--- /dev/null
+++ b/dev-libs/dqlite/dqlite-1.15.0.ebuild
@@ -0,0 +1,49 @@
+# Copyright 2020-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit autotools
+
+DESCRIPTION="Embeddable, replicated and fault tolerant SQL engine"
+HOMEPAGE="https://dqlite.io/ https://github.com/canonical/dqlite"
+SRC_URI="https://github.com/canonical/dqlite/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="LGPL-3-with-linking-exception"
+SLOT="0/1.15.0"
+KEYWORDS="~amd64 ~arm64 ~x86"
+IUSE="test"
+RESTRICT="!test? ( test )"
+
+RDEPEND="dev-db/sqlite:3
+ dev-libs/libuv:=
+ >=dev-libs/raft-0.17.1:="
+DEPEND="${RDEPEND}
+ test? ( >=dev-libs/raft-0.13.0[lz4,test] )"
+BDEPEND="virtual/pkgconfig"
+
+PATCHES=( "${FILESDIR}"/dqlite-1.12.0-disable-werror.patch )
+
+src_prepare() {
+ default
+ eautoreconf
+}
+
+src_configure() {
+ local myeconfargs=(
+ --disable-backtrace
+ --disable-debug
+ --disable-sanitize
+ --disable-static
+
+ # Will build a bundled libsqlite3.so.
+ --enable-build-sqlite=no
+ )
+
+ econf "${myeconfargs[@]}"
+}
+
+src_install() {
+ default
+ find "${ED}" -name '*.la' -delete || die
+}
diff --git a/dev-libs/icu-layoutex/Manifest b/dev-libs/icu-layoutex/Manifest
index d140cffcfaab..1d846a314660 100644
--- a/dev-libs/icu-layoutex/Manifest
+++ b/dev-libs/icu-layoutex/Manifest
@@ -1,5 +1,8 @@
AUX icu-layoutex-65.1-remove-bashisms.patch 4963 BLAKE2B fb781741a7a908638876729d573a73e42b7b3f0f3e692b54799fed0dac006ecb731583d90d849ea06be47259a0a236933fa7a78a96b3a8107ee85f916dc2000a SHA512 67e60068c356ca8d93b137eadeef2562ff7d8f38153babc97edd92a2c38d7113396d63d4a09364dacefc612b4b3ea28872a4f767c4f38d3e725943b32f98c5bc
DIST icu4c-73_1-src.tgz 26512935 BLAKE2B 45de117efc4a49301c04a997963393967a70b8583abf1a9626331e275c5bc329cf2685de5c80b32f764c8ff2530b5594316d7119ce66503e5adba7842ca24424 SHA512 e788e372716eecebc39b56bbc88f3a458e21c3ef20631c2a3d7ef05794a678fe8dad482a03a40fdb9717109a613978c7146682e98ee16fade5668d641d5c48f8
DIST icu4c-73_1-src.tgz.asc 833 BLAKE2B 2c0a02a109280c7994f3c9404473119105ccbe051633dd8dc89c14ff65612d7a18deccff2a525752808f26f34d7c192f9346a8c3a0d34af9aa2110744d9f863d SHA512 b7042b0e39e1ebfcef8573d3000088b32a740106c7cfd4c18ebd52e7fd22e64e07b174d766373b1722520369e937fc56d439a0b290a3efeee287b2740388c3d3
+DIST icu4c-73_2-src.tgz 26519906 BLAKE2B 3f7dec9d527939d6d594c92844a400733e43af018bbc2f600edcb18299211a2f2285332188976d15e1ef672191416abac0b95a9d1a2ea6ababdaddf12708ccef SHA512 76dd782db6205833f289d7eb68b60860dddfa3f614f0ba03fe7ec13117077f82109f0dc1becabcdf4c8a9c628b94478ab0a46134bdb06f4302be55f74027ce62
+DIST icu4c-73_2-src.tgz.asc 659 BLAKE2B 83e082ba15ba7aeb366b6d97da15d076c200f9051e55bf00ba13265a3d87aade5a5b18c98a0c903d5015821c63e4b340ffbcc7940a654d169ad1948d6594ce63 SHA512 7598b8cc498ada8ca904b13f7aba27abd3f8f3013a0677d7ffab42d5413df9d2f0526107559301abc4049123b2e6d4d4f4cc589cbd943959d97b595dd57ea63c
EBUILD icu-layoutex-73.1.ebuild 3683 BLAKE2B bc4464b10ebeeb35785e0d9da547f68df2b0fc2c76c6e6ce003773b9a5c139b7f1d71c4bc9273b27ce053cbfd64bcdc0ac73040f9b207ffe0dd8c8188f3b87d5 SHA512 8e01c32f95b127470c9f09397f62fcc20e4de85179c85eba4847f1d5a8857ca3258d6cabacfdaee1a2cc01b65866bb0690f23e380f8d346298187560798fdc22
+EBUILD icu-layoutex-73.2.ebuild 3713 BLAKE2B a9b0eb2676be459bcbd8959730fb6ae4f9a50fd068827cbe592a951b4250b31da0ba3020c5123c761bda78c5b6dae735dfe3be77728f841d0c20580a1eaf34a1 SHA512 de19f0fdc0543b89ce480c56c265d95b28590eafca8dc1df1cf6c77f52e8093b97d5a89dbb22ba7b36a1e5d36f772dc8a7dc2c9a4646991658046c24d4ca53a1
MISC metadata.xml 336 BLAKE2B df52385ac9930c85fc8cb8799f5fd083e99bfe1bacd63519001f91b841cacdc50d6b7ed32f3520372cbab48d270bb05fd0896eaec55046ce1eac03af4502365e SHA512 80d8e03229a72e9acd1429f7ed697df59e98899b135bb40367e95d6eed63aa011efd2121601be68e685350b6eadd46e6f39c036f86ff18bc3c85410e88008c7e
diff --git a/dev-libs/icu-layoutex/icu-layoutex-73.2.ebuild b/dev-libs/icu-layoutex/icu-layoutex-73.2.ebuild
new file mode 100644
index 000000000000..9be9fd5da51e
--- /dev/null
+++ b/dev-libs/icu-layoutex/icu-layoutex-73.2.ebuild
@@ -0,0 +1,135 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Please bump with dev-libs/icu
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/icu.asc
+inherit autotools flag-o-matic multilib-minimal toolchain-funcs verify-sig
+
+MY_PV=${PV/_rc/-rc}
+MY_PV=${MY_PV//./_}
+
+DESCRIPTION="External layout part of International Components for Unicode"
+HOMEPAGE="https://icu.unicode.org/"
+SRC_URI="https://github.com/unicode-org/icu/releases/download/release-${MY_PV/_/-}/icu4c-${MY_PV/-rc/rc}-src.tgz"
+SRC_URI+=" verify-sig? ( https://github.com/unicode-org/icu/releases/download/release-${MY_PV/_/-}/icu4c-${MY_PV/-rc/rc}-src.tgz.asc )"
+S="${WORKDIR}"/${PN/-layoutex}/source
+
+LICENSE="BSD"
+SLOT="0/${PV%.*}.1"
+if [[ ${PV} != *_rc* ]] ; then
+ KEYWORDS="~alpha ~amd64 ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86"
+fi
+IUSE="debug static-libs test"
+RESTRICT="!test? ( test )"
+
+DEPEND="
+ ~dev-libs/icu-${PV}[${MULTILIB_USEDEP}]
+ dev-libs/icu-le-hb[${MULTILIB_USEDEP}]
+"
+RDEPEND="${DEPEND}"
+BDEPEND="
+ virtual/pkgconfig
+ verify-sig? ( >=sec-keys/openpgp-keys-icu-20221020 )
+"
+
+PATCHES=( "${FILESDIR}/${PN}-65.1-remove-bashisms.patch" )
+
+src_prepare() {
+ default
+
+ # Disable renaming as it assumes stable ABI and that consumers
+ # won't use unofficial APIs. We need this despite the configure argument.
+ sed -i \
+ -e "s/#define U_DISABLE_RENAMING 0/#define U_DISABLE_RENAMING 1/" \
+ common/unicode/uconfig.h || die
+
+ # Fix linking of icudata
+ sed -i \
+ -e "s:LDFLAGSICUDT=-nodefaultlibs -nostdlib:LDFLAGSICUDT=:" \
+ config/mh-linux || die
+
+ eautoreconf
+}
+
+src_configure() {
+ MAKEOPTS+=" VERBOSE=1"
+
+ # ICU tries to append -std=c++11 without this, so as of 71.1,
+ # despite GCC 9+ using c++14 (or gnu++14) and GCC 11+ using gnu++17,
+ # we still need this.
+ append-cxxflags -std=c++14
+
+ if tc-is-cross-compiler; then
+ mkdir "${WORKDIR}"/host || die
+ pushd "${WORKDIR}"/host >/dev/null || die
+
+ CFLAGS="" CXXFLAGS="" ASFLAGS="" LDFLAGS="" \
+ CC="$(tc-getBUILD_CC)" CXX="$(tc-getBUILD_CXX)" AR="$(tc-getBUILD_AR)" \
+ RANLIB="$(tc-getBUILD_RANLIB)" LD="$(tc-getBUILD_LD)" \
+ "${S}"/configure --disable-renaming --disable-debug \
+ --disable-samples --enable-static || die
+ emake
+
+ popd >/dev/null || die
+ fi
+
+ multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+ local myeconfargs=(
+ --disable-renaming
+ # We want a minimal build as this is just for layoutex
+ # so we disable as much as possible
+ --disable-samples
+ --disable-extras
+ --disable-icuio
+
+ # This is icu-layoutex, so..
+ --enable-layoutex
+
+ $(use_enable debug)
+ $(use_enable static-libs static)
+
+ # Need tools for tests, otherwise get this in configure:
+ # "## Note: you have disabled ICU's tools. This ICU cannot build its own data or tests.
+ # ## Expect build failures in the 'data', 'test', and other directories."
+ # ... although layoutex has no tests right now anyway, but let's keep this
+ # for the future.
+ $(use_enable test tools)
+ $(use_enable test tests)
+ )
+
+ tc-is-cross-compiler && myeconfargs+=(
+ --with-cross-build="${WORKDIR}"/host
+ )
+
+ # icu tries to use clang by default
+ tc-export CC CXX
+
+ ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
+}
+
+multilib_src_test() {
+ # INTLTEST_OPTS: intltest options
+ # -e: Exhaustive testing
+ # -l: Reporting of memory leaks
+ # -v: Increased verbosity
+ # IOTEST_OPTS: iotest options
+ # -e: Exhaustive testing
+ # -v: Increased verbosity
+ # CINTLTST_OPTS: cintltst options
+ # -e: Exhaustive testing
+ # -v: Increased verbosity
+ pushd layoutex &>/dev/null || die
+ emake VERBOSE="1" check
+ popd &>/dev/null || die
+}
+
+multilib_src_install() {
+ pushd layoutex &>/dev/null || die
+ default
+ popd &>/dev/null || die
+}
diff --git a/dev-libs/icu/Manifest b/dev-libs/icu/Manifest
index 7d9d9c68ae72..aa3da5e1ac9b 100644
--- a/dev-libs/icu/Manifest
+++ b/dev-libs/icu/Manifest
@@ -4,5 +4,8 @@ AUX icu-68.1-nonunicode.patch 477 BLAKE2B 5e74142e5adbf8f3fffa23c8fb08657b5b75d1
AUX icu-73.1-fix-UChar-api-deux.patch 3383 BLAKE2B 7dde89d0936f9690d5065b6c1701ee9f139aed0a0e092c92a76eb45818c44f135f0ff3ab3fc4a641cc34246d13c278c7aeb499ce5d90280eb142b3407a3e055e SHA512 525948ac9e4203ed1c187d40439542a45736498ba5e04e0fb3cd9adbc58f17210246233b20ac615e742bb56a1ac49d5758255ae3e7b4e2b24b36f7683a769820
DIST icu4c-73_1-src.tgz 26512935 BLAKE2B 45de117efc4a49301c04a997963393967a70b8583abf1a9626331e275c5bc329cf2685de5c80b32f764c8ff2530b5594316d7119ce66503e5adba7842ca24424 SHA512 e788e372716eecebc39b56bbc88f3a458e21c3ef20631c2a3d7ef05794a678fe8dad482a03a40fdb9717109a613978c7146682e98ee16fade5668d641d5c48f8
DIST icu4c-73_1-src.tgz.asc 833 BLAKE2B 2c0a02a109280c7994f3c9404473119105ccbe051633dd8dc89c14ff65612d7a18deccff2a525752808f26f34d7c192f9346a8c3a0d34af9aa2110744d9f863d SHA512 b7042b0e39e1ebfcef8573d3000088b32a740106c7cfd4c18ebd52e7fd22e64e07b174d766373b1722520369e937fc56d439a0b290a3efeee287b2740388c3d3
+DIST icu4c-73_2-src.tgz 26519906 BLAKE2B 3f7dec9d527939d6d594c92844a400733e43af018bbc2f600edcb18299211a2f2285332188976d15e1ef672191416abac0b95a9d1a2ea6ababdaddf12708ccef SHA512 76dd782db6205833f289d7eb68b60860dddfa3f614f0ba03fe7ec13117077f82109f0dc1becabcdf4c8a9c628b94478ab0a46134bdb06f4302be55f74027ce62
+DIST icu4c-73_2-src.tgz.asc 659 BLAKE2B 83e082ba15ba7aeb366b6d97da15d076c200f9051e55bf00ba13265a3d87aade5a5b18c98a0c903d5015821c63e4b340ffbcc7940a654d169ad1948d6594ce63 SHA512 7598b8cc498ada8ca904b13f7aba27abd3f8f3013a0677d7ffab42d5413df9d2f0526107559301abc4049123b2e6d4d4f4cc589cbd943959d97b595dd57ea63c
EBUILD icu-73.1-r2.ebuild 4264 BLAKE2B 3c8d964bf391c1073e81d2adadcbe66f106b1dead12df1d5d2786fcc7611495dbf34b2a350193203d20984a240cd3590c8ef1f4b1df325ee6b98161e6f3433f0 SHA512 bf4e2d1b0263b7968e04faf1117407eba9ce4ad8777e71e6e61bcbf6d653f0bc6a280f82ce2f7c9c623ffadf0e3cdb03d0590aefee1fda1a48ed1be9a1a7d962
+EBUILD icu-73.2.ebuild 4530 BLAKE2B 4a972f975823df4cfc13ccf7dc11c909f0cca815b94b6851480fbf24c4da8883b874f4f47ffd43b78f842a448be35a8e38c436fa226ec59f04f37e970014dff1 SHA512 6458ba0298afc1052879d8ccd88d11cc4c4b1e6a927fcbd9480c8097924b2e8aeb0c119b5db7559f6512a6b494acdb14aa256ff6d0074fd6ee1a0d6110c3491b
MISC metadata.xml 336 BLAKE2B df52385ac9930c85fc8cb8799f5fd083e99bfe1bacd63519001f91b841cacdc50d6b7ed32f3520372cbab48d270bb05fd0896eaec55046ce1eac03af4502365e SHA512 80d8e03229a72e9acd1429f7ed697df59e98899b135bb40367e95d6eed63aa011efd2121601be68e685350b6eadd46e6f39c036f86ff18bc3c85410e88008c7e
diff --git a/dev-libs/icu/icu-73.2.ebuild b/dev-libs/icu/icu-73.2.ebuild
new file mode 100644
index 000000000000..f12fca293873
--- /dev/null
+++ b/dev-libs/icu/icu-73.2.ebuild
@@ -0,0 +1,176 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Please bump with dev-libs/icu-layoutex
+
+PYTHON_COMPAT=( python3_{10..11} )
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/icu.asc
+inherit autotools flag-o-matic multilib-minimal python-any-r1 toolchain-funcs verify-sig
+
+MY_PV=${PV/_rc/-rc}
+MY_PV=${MY_PV//./_}
+
+DESCRIPTION="International Components for Unicode"
+HOMEPAGE="https://icu.unicode.org/"
+SRC_URI="https://github.com/unicode-org/icu/releases/download/release-${MY_PV/_/-}/icu4c-${MY_PV/-rc/rc}-src.tgz"
+SRC_URI+=" verify-sig? ( https://github.com/unicode-org/icu/releases/download/release-${MY_PV/_/-}/icu4c-${MY_PV/-rc/rc}-src.tgz.asc )"
+S="${WORKDIR}"/${PN}/source
+
+if [[ ${PV} != *_rc* ]] ; then
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris"
+fi
+LICENSE="BSD"
+SLOT="0/${PV%.*}.1"
+IUSE="debug doc examples static-libs test"
+RESTRICT="!test? ( test )"
+
+BDEPEND="
+ ${PYTHON_DEPS}
+ sys-devel/autoconf-archive
+ virtual/pkgconfig
+ doc? ( app-doc/doxygen[dot] )
+ verify-sig? ( >=sec-keys/openpgp-keys-icu-20221020 )
+"
+
+MULTILIB_CHOST_TOOLS=(
+ /usr/bin/icu-config
+)
+
+PATCHES=(
+ "${FILESDIR}/${PN}-65.1-remove-bashisms.patch"
+ "${FILESDIR}/${PN}-64.2-darwin.patch"
+ "${FILESDIR}/${PN}-68.1-nonunicode.patch"
+)
+
+src_prepare() {
+ default
+
+ # Disable renaming as it assumes stable ABI and that consumers
+ # won't use unofficial APIs. We need this despite the configure argument.
+ sed -i \
+ -e "s/#define U_DISABLE_RENAMING 0/#define U_DISABLE_RENAMING 1/" \
+ common/unicode/uconfig.h || die
+
+ # Fix linking of icudata
+ sed -i \
+ -e "s:LDFLAGSICUDT=-nodefaultlibs -nostdlib:LDFLAGSICUDT=:" \
+ config/mh-linux || die
+
+ # Append doxygen configuration to configure
+ sed -i \
+ -e 's:icudefs.mk:icudefs.mk Doxyfile:' \
+ configure.ac || die
+
+ eautoreconf
+}
+
+src_configure() {
+ MAKEOPTS+=" VERBOSE=1"
+
+ # ICU tries to append -std=c++11 without this, so as of 71.1,
+ # despite GCC 9+ using c++14 (or gnu++14) and GCC 11+ using gnu++17,
+ # we still need this.
+ append-cxxflags -std=c++14
+
+ if tc-is-cross-compiler; then
+ mkdir "${WORKDIR}"/host || die
+ pushd "${WORKDIR}"/host >/dev/null || die
+
+ CFLAGS="" CXXFLAGS="" ASFLAGS="" LDFLAGS="" \
+ CC="$(tc-getBUILD_CC)" CXX="$(tc-getBUILD_CXX)" AR="$(tc-getBUILD_AR)" \
+ RANLIB="$(tc-getBUILD_RANLIB)" LD="$(tc-getBUILD_LD)" \
+ "${S}"/configure --disable-renaming --disable-debug \
+ --disable-samples --enable-static || die
+ emake
+
+ popd >/dev/null || die
+ fi
+
+ multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+ local myeconfargs=(
+ --disable-renaming
+ --disable-samples
+ # TODO: Merge with dev-libs/icu-layoutex
+ # Planned to do this w/ 73.2 but seem to get test failures
+ # only with --enable-layoutex.
+ --disable-layoutex
+ $(use_enable debug)
+ $(use_enable static-libs static)
+ $(use_enable test tests)
+ $(multilib_native_use_enable examples samples)
+ )
+
+ #if use test ; then
+ # myeconfargs+=(
+ # --enable-extras
+ # --enable-tools
+ # )
+ #else
+ # myeconfargs+=(
+ # $(multilib_native_enable extras)
+ # $(multilib_native_enable tools)
+ # )
+ #fi
+
+ tc-is-cross-compiler && myeconfargs+=(
+ --with-cross-build="${WORKDIR}"/host
+ )
+
+ # Work around cross-endian testing failures with LTO, bug #757681
+ if tc-is-cross-compiler && is-flagq '-flto*' ; then
+ myeconfargs+=( --disable-strict )
+ fi
+
+ # ICU tries to use clang by default
+ tc-export CC CXX
+
+ # Make sure we configure with the same shell as we run icu-config
+ # with, or ECHO_N, ECHO_T and ECHO_C will be wrongly defined
+ export CONFIG_SHELL="${EPREFIX}/bin/sh"
+ # Probably have no /bin/sh in prefix-chain
+ [[ -x ${CONFIG_SHELL} ]] || CONFIG_SHELL="${BASH}"
+
+ ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
+}
+
+multilib_src_compile() {
+ default
+
+ if multilib_is_native_abi && use doc; then
+ doxygen -u Doxyfile || die
+ doxygen Doxyfile || die
+ fi
+}
+
+multilib_src_test() {
+ # INTLTEST_OPTS: intltest options
+ # -e: Exhaustive testing
+ # -l: Reporting of memory leaks
+ # -v: Increased verbosity
+ # IOTEST_OPTS: iotest options
+ # -e: Exhaustive testing
+ # -v: Increased verbosity
+ # CINTLTST_OPTS: cintltst options
+ # -e: Exhaustive testing
+ # -v: Increased verbosity
+ emake check
+}
+
+multilib_src_install() {
+ default
+
+ if multilib_is_native_abi && use doc; then
+ docinto html
+ dodoc -r doc/html/*
+ fi
+}
+
+multilib_src_install_all() {
+ local HTML_DOCS=( ../readme.html )
+ einstalldocs
+}
diff --git a/dev-libs/libclc/Manifest b/dev-libs/libclc/Manifest
index 5771f236fa85..7cc3af27e4b8 100644
--- a/dev-libs/libclc/Manifest
+++ b/dev-libs/libclc/Manifest
@@ -4,11 +4,13 @@ DIST llvm-project-15.0.7.src.tar.xz 110936452 BLAKE2B f3d277e2029157329e5be78b78
DIST llvm-project-15.0.7.src.tar.xz.sig 566 BLAKE2B 47dc8c82d86237b80c6d85f83a6c9a6e9e174cf8e7f367b071e0cd9481d7cd408e991337c5624e07f3f370f26387c814f212808575ed1c1b58404d3e3836b7df SHA512 fc6891b440dd1175eb8df3790590af8d36bc92301660f84744ae15123475aeb900a151e6a8e7998ded27ec4d86871903ad0b89cd61164943054c2e3bc8d8beb2
DIST llvm-project-16.0.5.src.tar.xz 118000368 BLAKE2B 9f84e6bab450dc8d6379771afbca5cddc6fbad6c9728726f7158f290ab87d464ff657e89e1c8fc3c474362cc865ff13c5d55ef758c848ea3e660d732cb2fdefa SHA512 7008e7e9c8c2246fe98ba3f0c0fa91e41c88c4da427bf1cfdcce7ef57e5ea838efe7c58c523a7d1708e70d64a4338afe16d06fba2fc7ac5a6c19ca3d6ee41e99
DIST llvm-project-16.0.5.src.tar.xz.sig 566 BLAKE2B 4c96f294f350e0086f8504a54c3387308c60efb573c8def40aec45b1918d43e36c44bafb0823625b6cefa5d99b3aacd7823d6c92c7a64a737653d5b51839a924 SHA512 4550c7c6a1b6ea603d1499aba5aca746f3948a00e7567604f5e7dc3b215a34357bad382a7ebea1f6cd7952841cb75a0dfbe2c278a8c6fcb630a5035b3e16e869
+DIST llvm-project-16.0.6.src.tar.xz 118013488 BLAKE2B 95192d39cbd2914e5609db365965f1c00bfea6c2d653b3996bd2acef8a2b37e37f6fc8a9d2b65711ad72657e0ef52c42f733053cf65051e7822f27396c30406d SHA512 89a67ebfbbc764cc456e8825ecfa90707741f8835b1b2adffae0b227ab1fe5ca9cce75b0efaffc9ca8431cae528dc54fd838867a56a2b645344d9e82d19ab1b7
+DIST llvm-project-16.0.6.src.tar.xz.sig 566 BLAKE2B 2060cebd5ed57cb8a86a44238c43dfd4b921649298b10c3d19da308374c1e49869174294e29943c2af459fe06428264e26881d6c1288ebbc48686cc2cf467c7a SHA512 ca249262c7102e0889ec1bdc6f71a3a6f0e7e5d5fbab8abcd6fccd2871e7955eff7af5b055a76006097baf0dfaf2f5069eff3035b3107fc552abdb2481b21447
DIST llvm-project-62c0bdabfa32f6e32b17b45425b15309db340dfb.tar.gz 190948645 BLAKE2B f41d8ea32e189ef4641e42628fb516e307c9a6fcf65af537eb9fc0d3186591b062c5e85c9e935511ef706f28c6994a774a4e3f36ff54d79aaac7b293a6168625 SHA512 55a4cbfec3a496c1918aa614e5bdee368e4d0b6641c946d8bf8b828ab4bf4d9b29dbe96401a172079d70f924f5e513428fe990c65b556a0a860802cb13f5e3a0
EBUILD libclc-14.0.6.ebuild 1390 BLAKE2B b355a93d63ee4beb5f3782cda8514aa02f16e71563f66bac6fc7a5e3beae40efa1bdbe098f3d83ce775d0458118f19fceb7225f2b5511823c8e56cabdae4f2d8 SHA512 488e5c278fe4b48ec8ce6ccd76d489cf08251ce6e8f8bd417048a80a10e4a5cf72f20462aa8115f72afe1a40dbee02d936680d516dd1c940fd52fe6f55402e69
EBUILD libclc-15.0.7.ebuild 1668 BLAKE2B ac2bd589fb3c29662799f97b1f649fd22b1b7ce5701879815bc01a05ae88421a830a6a3507b4dead181f24eb4e45c451e8ea1ebbdac2a2de51ddbc3cd9f53c66 SHA512 a3e39fbaddb322360f6362ef21713f375d04e02b2b9a3d43a3d47b26d5d43643a8c654181aef9518aee5f9805d09c446bbbf13342b74f09622e5e1b0c59470b1
EBUILD libclc-16.0.5.ebuild 1666 BLAKE2B 762d3a49fee878e2b6b8fe92579535eb884cb27f31bfb057e1d6f590edf59e36ed4d3ee9890a7d9f09d11f9ad99a60117e86797dfc6f5c0934f0695ecff6618e SHA512 df8d4b01080c168a79fda05bbd40d05fd5ff1a118848d68503032b1d11450d38f897d8f8e46a01c95d90585580f600558616d30ba90d79953df66500ee391e9a
-EBUILD libclc-16.0.6.9999.ebuild 1648 BLAKE2B ef8120b2fed334092a18bc7f172ef6acac58e8a5a3fe69a7cdc624663d5c42165c9b00c21a86078ab797202f3f0c39f190141b9925e964219e2c277e2173e353 SHA512 f5373c4cee59d806edae0b1d10298dac8b5b7e6a1f05d0068cb454fdbbd4ad30978a3ccc287c67a67125d4ff8f91ed066d2579262ebdd2d7d6f6f11877b3b864
+EBUILD libclc-16.0.6.ebuild 1666 BLAKE2B 762d3a49fee878e2b6b8fe92579535eb884cb27f31bfb057e1d6f590edf59e36ed4d3ee9890a7d9f09d11f9ad99a60117e86797dfc6f5c0934f0695ecff6618e SHA512 df8d4b01080c168a79fda05bbd40d05fd5ff1a118848d68503032b1d11450d38f897d8f8e46a01c95d90585580f600558616d30ba90d79953df66500ee391e9a
EBUILD libclc-17.0.0.9999.ebuild 1726 BLAKE2B 6078f1110dc77ec16b4dc2d84a987bca64ca7fed368d11c859b0b69e971e9d2d85e3150d70b3eaeaed94d44e273048ff8c618d7aba5ed9de31b53b042cef1afa SHA512 ce2a3aa916e236a001b7297953a8dc4073e6cce0b985467635b13560484205d8b15025f9c391954af1a7d64d2e12493bb16ba75ec29ae41cb55265489f86cd74
EBUILD libclc-17.0.0_pre20230609.ebuild 1726 BLAKE2B 6078f1110dc77ec16b4dc2d84a987bca64ca7fed368d11c859b0b69e971e9d2d85e3150d70b3eaeaed94d44e273048ff8c618d7aba5ed9de31b53b042cef1afa SHA512 ce2a3aa916e236a001b7297953a8dc4073e6cce0b985467635b13560484205d8b15025f9c391954af1a7d64d2e12493bb16ba75ec29ae41cb55265489f86cd74
MISC metadata.xml 362 BLAKE2B 768f93d0058e4da4b420569f3f1771dfa7385ad89540bbc18cf53b5a71e3f060a8afa1112ff37570d7fc9dc3e71619fa3fd8d0cf7b5d3954f5110b19e146df30 SHA512 e6335424da09f668953acd39dcd9b03a30e3b509b34b1de5c72644a3740a5b6b287f10e08405b79bafc8104cc4dc1324b7b9d7990c3b560b0235ae82da8c68a5
diff --git a/dev-libs/libclc/libclc-16.0.6.9999.ebuild b/dev-libs/libclc/libclc-16.0.6.ebuild
index 0c41ce89312c..da4aa04415e5 100644
--- a/dev-libs/libclc/libclc-16.0.6.9999.ebuild
+++ b/dev-libs/libclc/libclc-16.0.6.ebuild
@@ -11,7 +11,7 @@ HOMEPAGE="https://libclc.llvm.org/"
LICENSE="Apache-2.0-with-LLVM-exceptions || ( MIT BSD )"
SLOT="0"
-KEYWORDS=""
+KEYWORDS="~amd64 ~riscv ~x86"
IUSE="+spirv video_cards_nvidia video_cards_r600 video_cards_radeonsi"
LLVM_MAX_SLOT=16
diff --git a/dev-libs/libjcat/Manifest b/dev-libs/libjcat/Manifest
index 5957b111b5cc..555159559468 100644
--- a/dev-libs/libjcat/Manifest
+++ b/dev-libs/libjcat/Manifest
@@ -1,4 +1,6 @@
AUX libjcat-0.1.11-disable_installed_tests.patch 1473 BLAKE2B 5b5705f44fcaf6f74126d4ee62c08966dc1d1816974f8fc82a57fa8f1d44ac32f0b813a669b0f638df0e5d3604864671b0a0cce47f966cce578dc0471489e794 SHA512 4bb721822d3b8965119e30f5d1b0854d5f6ec8caed04dc8fea8811fdce9847d553197ae8042ef9a39de3109a4c12564f7c3f1c56d5c0b64e7924865a58aaafa6
DIST libjcat-0.1.13.tar.gz 69950 BLAKE2B 5ff85feff37c5728c8cace5e2f38c179c65a82954a23fd26794a5483cdf29e07601cdaffe27c28a28f7d2b0d57aa3800589c20e19e0a512768f5f87176a56789 SHA512 a66082e3c1641b427af971843822a7893cd40dbb82a596737fd6445fe8e1b527a111dd8f48b9e25a563f0d13e77e22d4c2364ddf96cac38d3e2df5010b37708a
+DIST libjcat-0.1.14.tar.gz 70018 BLAKE2B 71329e6fc04ef37e5af215c88b4a5a03fbd65143604da57b0357d4bd07896a22a98b9028d8529234655adb37e5cefe226d09d987e798bce17b47fef1e1142d1f SHA512 837a50ad31a736a36bd9df26b151c198e18873df0e7444502b7a6e26a86df15f1df970112f2dd22658960389fdfb78a2c601274e2b5c46ec82fceef5aad778c1
EBUILD libjcat-0.1.13.ebuild 1486 BLAKE2B f9cb970aa18ea7bf66d967a4da3f4e021d2d58109a8210eb779bf5ccdde463da000dedf225a3def8272ba839c2767bea1a7f7599741e78cb919692f25d75e656 SHA512 cd124e7cc23ccab0b38e7e358c16761c3165e63bcd4763ddd9c00848f55b7dd83aaca9e54a6b0cd4f8eb52d7802020768362e9ca7a8ca39d295c079fcb0f7134
+EBUILD libjcat-0.1.14.ebuild 1489 BLAKE2B cfcbfea2f1b23f8f9608e9892a240c23243486ed99d7eac2064a65bf1b0cec053c2f303b17c9a2b40a272683c93ad5b86bf3d6144fe04df7823f1eaa7534c54b SHA512 08155d3a831850852f624eabad7c6023a664320033875ab89bb63833d7b254993b98dce349c78b4e0f98d2b615f3e3752fa7a649908b547cf6629d9a787122a0
MISC metadata.xml 938 BLAKE2B 3b6d63d78a61aabdc8e6b7316af5e682513a02ba64bc733c788d356d0d2cbcd0071506d20dfcf3fbad5da9303c69341d5c2839be7518415c2174466c081244d7 SHA512 acb07c600ec49121f27ebf0252913345fb4dacc6a003934c16deae3ea4c055abc0db73cca204b06ca1e4a415879a645690ffe26473cf646112ac7497ea842956
diff --git a/dev-libs/libjcat/libjcat-0.1.14.ebuild b/dev-libs/libjcat/libjcat-0.1.14.ebuild
new file mode 100644
index 000000000000..45b6002047d2
--- /dev/null
+++ b/dev-libs/libjcat/libjcat-0.1.14.ebuild
@@ -0,0 +1,68 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10..12} )
+PYTHON_REQ_USE="xml(+)"
+
+inherit meson python-any-r1 vala xdg-utils
+
+DESCRIPTION="Library and tool for reading and writing Jcat files"
+HOMEPAGE="https://github.com/hughsie/libjcat"
+SRC_URI="https://github.com/hughsie/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="LGPL-2.1+"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc64 ~riscv ~x86"
+IUSE="+gpg gtk-doc +introspection +man +pkcs7 test vala"
+
+RDEPEND="dev-libs/glib:2
+ dev-libs/json-glib:=
+ gpg? (
+ app-crypt/gpgme:=
+ dev-libs/libgpg-error
+ )
+ introspection? ( dev-libs/gobject-introspection:= )
+ pkcs7? ( net-libs/gnutls )
+ vala? ( dev-lang/vala:= )"
+DEPEND="${RDEPEND}"
+BDEPEND="virtual/pkgconfig
+ $(python_gen_any_dep '
+ dev-python/setuptools[${PYTHON_USEDEP}]
+ ')
+ gtk-doc? ( dev-util/gtk-doc )
+ man? ( sys-apps/help2man )
+ test? ( net-libs/gnutls[tools] )"
+
+RESTRICT="!test? ( test )"
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-0.1.11-disable_installed_tests.patch
+)
+
+python_check_deps() {
+ python_has_version -b "dev-python/setuptools[${PYTHON_USEDEP}]"
+}
+
+pkg_setup() {
+ use vala && vala_setup
+}
+
+src_prepare() {
+ xdg_environment_reset
+ default
+}
+
+src_configure() {
+ local emesonargs=(
+ $(meson_use gtk-doc gtkdoc)
+ $(meson_use gpg)
+ $(meson_use introspection)
+ $(meson_use man)
+ $(meson_use pkcs7)
+ $(meson_use test tests)
+ $(meson_use vala vapi)
+ )
+ meson_src_configure
+}
diff --git a/dev-libs/libmacaroons/Manifest b/dev-libs/libmacaroons/Manifest
index 2ecd389cb1f9..a2a72d46887b 100644
--- a/dev-libs/libmacaroons/Manifest
+++ b/dev-libs/libmacaroons/Manifest
@@ -1,4 +1,5 @@
AUX libmacaroons-0.3.0-json-c.patch 832 BLAKE2B dce0d7ef4be20972a1da7b218d7f66372e25b77d307cd18bc7d70a2893ae0fac8d97e3d71ea83882ce408b642244deb78a92a86035e81047dab07e4e3057e18c SHA512 c258effe1bd9eed548350a066352f358795de16a6dd04be32422874b602226f18114e91a51d803309433bb08d404ece9022dfe68c73de719264aa9665688b6f7
+AUX libmacaroons-0.3.0-no-python.patch 3435 BLAKE2B d1a437bf274db13a04dc73599bebb24c0e8d9d99ea2eec90edd8130a02ccd9efcb2a4c9900b0fa76c9920a6dbb183f8290166ad4de7a921530aec39dd4f2523d SHA512 216c127c1dd7030f42524b2850058f37e73b5ee10a1a19bb82ae032a321684cf77b97e816e1032fa96ec890361dda5256720a314063ffb91fcf7f58931fa75f0
DIST libmacaroons-0.3.0.tar.gz 47762 BLAKE2B 69371bb69262a88c736121861d9b136fa444b912d2c3a5d603c5897c8af85e9f4af6a6733e35c126ea44c97cfdd1359e1f41ee97452fa7275850769f2134d825 SHA512 79ae2e515bd673949bc1338f06f5f811a0e853ca61ff995bb4cddaf95e5297e77b012c9975b0bb0dba96520b9a24619a4593e3722e64610f1147e131f8c96de0
-EBUILD libmacaroons-0.3.0.ebuild 763 BLAKE2B efb054789e066ef5d665cb3915ae819be3dc1ee6f8e8d01c18d985b27418f2db35810d395534211a241155f52078fa4aa4f74fc8f59c4e5aa4faa0208b4b9313 SHA512 10140b22704e0ad6e8fc3dac49a7e87d64ac295473a4d060dbf5463ca5fd0ddf81942af100068c628804c66abfcba97efa9382dc0bc64a2b0b4055033e7490f1
+EBUILD libmacaroons-0.3.0-r1.ebuild 776 BLAKE2B 71efa358508ca0a3195ac48e4c2ef85144396fedda1aa5553589d437f02378637fde8d79535af9c264044f9957c258686b87536c5baf057c67bad9b57de4401f SHA512 5e2d826ebc923f5298e09ce8503208f84f28434b91ff7f9db5e62b1dabee59a71a6cd48cb151dad567285a542baddb111c99fbb270a7f1426e144bf7d760e797
MISC metadata.xml 664 BLAKE2B 94ec73791cac9442622243a129d918336340e74768e7c7342cfed73227236fb3a05ad3051b2d76c0daeac5928d3b7a87ddf3b43bdb856ed069609ab3ae0a9129 SHA512 4ddd1a7e9981d50de6737734d7f0708450c4f36949bc3ec43c5c3b0b7da56b2e3f40d3e15edd489f347ad7599d232549904268e8b4a87ff9f4826d948ca1c295
diff --git a/dev-libs/libmacaroons/files/libmacaroons-0.3.0-no-python.patch b/dev-libs/libmacaroons/files/libmacaroons-0.3.0-no-python.patch
new file mode 100644
index 000000000000..89293b707bd0
--- /dev/null
+++ b/dev-libs/libmacaroons/files/libmacaroons-0.3.0-no-python.patch
@@ -0,0 +1,91 @@
+
+ Disable Python by force (works only with Python 2.x).
+
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -30,13 +30,8 @@ AM_CPPFLAGS = $(SODIUM_CFLAGS)
+ AM_CFLAGS = -fvisibility=hidden $(SODIUM_CFLAGS) $(WANAL_CFLAGS)
+ AM_CXXFLAGS = -fvisibility=hidden -fvisibility-inlines-hidden $(SODIUM_CFLAGS) $(WANAL_CXXFLAGS)
+
+-AM_DISTCHECK_CONFIGURE_FLAGS = --enable-python-bindings
+ TESTS_ENVIRONMENT = . $(abs_top_srcdir)/test/env.sh "${abs_top_srcdir}" "${abs_top_builddir}" "${VERSION}";
+
+-pyx_verbose = $(pyx_verbose_$(V))
+-pyx_verbose_ = $(pyx_verbose_$(AM_DEFAULT_VERBOSITY))
+-pyx_verbose_0 = @echo " PYX " $@;
+-
+ EXTRA_DIST =
+ EXTRA_DIST += README
+ EXTRA_DIST += LICENSE
+@@ -57,39 +52,3 @@ libmacaroons_la_LDFLAGS = -version-info 0:1:0
+
+ pkgconfigdir = $(libdir)/pkgconfig
+ pkgconfig_DATA = libmacaroons.pc
+-
+-##################################### Tests ####################################
+-
+-EXTRA_DIST += test/env.sh
+-EXTRA_DIST += test/python-hmac-sanity-check
+-EXTRA_DIST += test/python-hmac-sanity-check.sh
+-EXTRA_DIST += test/readme.sh
+-
+-TESTS =
+-TESTS += test/python-hmac-sanity-check.sh
+-#TESTS += test/readme.sh
+-
+-#################################### Python ####################################
+-
+-pyexec_LTLIBRARIES =
+-if ENABLE_PYTHON_BINDINGS
+-pyexec_LTLIBRARIES += bindings/python/macaroons.la
+-endif
+-
+-EXTRA_DIST += bindings/python/macaroons.pyx
+-
+-bindings_python_macaroons_la_SOURCES = bindings/python/macaroons.c
+-bindings_python_macaroons_la_CPPFLAGS =
+-bindings_python_macaroons_la_CPPFLAGS += $(PYTHON_CPPFLAGS)
+-bindings_python_macaroons_la_CPPFLAGS += $(AM_CPPFLAGS)
+-bindings_python_macaroons_la_CPPFLAGS += $(CPPFLAGS)
+-bindings_python_macaroons_la_CFLAGS =
+-bindings_python_macaroons_la_CFLAGS += -fvisibility=default
+-bindings_python_macaroons_la_CFLAGS += -fno-strict-aliasing
+-bindings_python_macaroons_la_CFLAGS += $(CFLAGS)
+-bindings_python_macaroons_la_LIBADD =
+-bindings_python_macaroons_la_LIBADD += libmacaroons.la
+-bindings_python_macaroons_la_LIBADD += $(PYTHON_LDFLAGS)
+-bindings_python_macaroons_la_LDFLAGS = -module -avoid-version -export-symbols-regex initmacaroons $(AM_LDFLAGS) $(LDFLAGS)
+-bindings/python/macaroons.c: bindings/python/macaroons.pyx
+- $(pyx_verbose)cython bindings/python/macaroons.pyx
+--- a/configure.ac
++++ b/configure.ac
+@@ -11,7 +11,6 @@ m4_define([serial_tests], [
+ ])
+ AM_INIT_AUTOMAKE(foreign serial_tests subdir-objects dist-bzip2)
+ m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
+-AM_PATH_PYTHON([2.6])
+ LT_PREREQ([2.2])
+ LT_INIT
+ AC_CONFIG_SRCDIR([macaroons.h])
+@@ -35,13 +34,6 @@ AC_TYPE_SIZE_T
+ # Checks for library functions.
+
+ # Optional components
+-AC_ARG_ENABLE([python_bindings], [AS_HELP_STRING([--enable-python-bindings],
+- [build Python bindings @<:@default: no@:>@])],
+- [python_bindings=${enableval}], [python_bindings=no])
+-if test x"${python_bindings}" = xyes; then
+- AC_PYTHON_DEVEL([>= '2.6'])
+-fi
+-
+ AC_ARG_ENABLE([json_support], [AS_HELP_STRING([--enable-json-support],
+ [enable support for JSON macaroons @<:@default: no@:>@])],
+ [json_support=${enableval}], [json_support=no])
+@@ -69,7 +61,6 @@ Please install libjson to continue.
+ ----------------------------------------])])
+ fi
+
+-AM_CONDITIONAL([ENABLE_PYTHON_BINDINGS], [test x"${python_bindings}" = xyes])
+ AM_CONDITIONAL([ENABLE_JSON_SUPPORT], [test x"${json_support}" = xyes])
+
+ AH_BOTTOM([#include <custom-config.h>])
diff --git a/dev-libs/libmacaroons/libmacaroons-0.3.0.ebuild b/dev-libs/libmacaroons/libmacaroons-0.3.0-r1.ebuild
index a5e65f40f211..71fbf928561c 100644
--- a/dev-libs/libmacaroons/libmacaroons-0.3.0.ebuild
+++ b/dev-libs/libmacaroons/libmacaroons-0.3.0-r1.ebuild
@@ -22,7 +22,10 @@ BDEPEND=""
S="${WORKDIR}"/${PN}-releases-${PV}
-PATCHES=( "${FILESDIR}"/${P}-json-c.patch )
+PATCHES=(
+ "${FILESDIR}"/${P}-json-c.patch
+ "${FILESDIR}"/${P}-no-python.patch
+)
src_prepare() {
default
@@ -30,7 +33,7 @@ src_prepare() {
}
src_configure() {
- econf --disable-python-bindings --enable-json-support
+ econf --enable-json-support
}
src_install() {
diff --git a/dev-libs/libvterm/Manifest b/dev-libs/libvterm/Manifest
index 483c15a829ef..306b712d0c5c 100644
--- a/dev-libs/libvterm/Manifest
+++ b/dev-libs/libvterm/Manifest
@@ -1,9 +1,11 @@
AUX libvterm-0.1.4-slibtool.patch 2251 BLAKE2B d8484447c8a7e352514b298634d3e39bf606a5669cda67ef906f29b4a411737d81277e060fdd01cb14d1d04d329af1207dbeee475baff5cabc7afe9b5573ac78 SHA512 dd8d3b8c192bd6f6b357f7c5849a0b2a94661410e7f3cf5f6301a3cd34884362a54dc3ac593895f186ce3ce3628c2a8804f555107fb57d9a82a91ddd8cdca39e
DIST libvterm-0.1.4.tar.gz 69122 BLAKE2B 4f0acc9ec6755c4a840e5df6c32c44e12c5316b5c5918d0e8eada19d819736c3e5b9090b468e32b3141a7fbb5ba226e365be27d6d1d9ca22f9f5e365fc3971c2 SHA512 90b5d47417e3f469df5c6574a27d12bd6bd1571d17cab7c4ac0ee61b1dbcb6361987f6fdfd11e314ea32f8958ec165c319a34d0f77288947c7cbc11de697d524
DIST libvterm-0.3.1.tar.gz 79344 BLAKE2B 2732bc477fb339945c1a9242a8265d182891d507c0dec71371a9e7010434dad0d35152fdeaa32bbf50fdd4bd138bb42e8d95a9771c704d693032e32d37a87452 SHA512 1f4bbee8847a9c8cfab3831a3512b866eb0f90f7d3600c4583d2e1eac18458f21bf5ca4fe4b067b27920a04aa7eac5dd2d4a62f6b7ebd56a417fed60d421853d
+DIST libvterm-0.3.2.tar.gz 79471 BLAKE2B c7347257c6cf6bd7b5203a43004eb9fd2c00660f113788fc15f4b29f9224e30017bb24cfe2bc35a7890ca0131ffad37dcfa88104404e8fdce8bbe8cfb8296222 SHA512 aaff71a1c43eff1842cfc1bfd47936ea2c51e75a41506bb0e36860f8f497d198539c10f86c7febc86b3dea8c0de54b03580d59b170176a4207dc411ae59cb035
DIST libvterm-0.3.tar.gz 83861 BLAKE2B a2e8e9d80698880d87f9d26977a4e3dec7b520c3096d0ca6f7823254eeebe51666380ed2a5c05c923dd8b138f15c87e671fdfb03e5511c01711e112cdda9867a SHA512 2a7b6831476465d6a9f7c792406f4e3c4eca0c3dbce4b7031f2646c87e33692128a3d3ce27e1541403772cc0b5eface7bd41325e1e5300c3915bfc0bac97a896
EBUILD libvterm-0.1.4-r1.ebuild 728 BLAKE2B 463cd2bf20ef1c8eba98789969bb2dab24599a2923c13e204d73ddbe407cd957ed37938f388603b4a542b71b369eed2aab249f3061c0c7b417f1e365b4fd5085 SHA512 45bdbde642172c252b94375f44207a1a011cdc5fd36a2330ced3434c9059dcb27277f076ba5d82542b7851f4699f3f673da3c85295c0e4c2ef1cfd77050f3f05
EBUILD libvterm-0.1.4.ebuild 882 BLAKE2B e4f2e22e191ce35883e9fa2700222e55b8c5d482251aa5dd9f35d982fa18d20371ff3781a5962a07aeade487ee0c0e4df474023894c035154aa79425e477dc81 SHA512 70201223cdcad83064d87b949525040294d925002e4b12faf318353a211171a596d3992413731c8d71b377bc866095d9811a4bb110d03b414022b1bcf64b33e3
EBUILD libvterm-0.3.1.ebuild 784 BLAKE2B 6386264c52295290847282f278913f16d28e997086b4f3b71aeff79fe0119e45abf1ba18ebf484ad36d2feb7de5002eeff470b5c5109b3f3b8e4a0e2b1895916 SHA512 7280f10d4d6639ddb83479c405aa752dbd0d9c3a875f77c2615d6f5142bda1ce4688f1032ac1124c9131500994959deac3b34e3395dc2c6855ea1e4fb04560ae
+EBUILD libvterm-0.3.2.ebuild 784 BLAKE2B 6386264c52295290847282f278913f16d28e997086b4f3b71aeff79fe0119e45abf1ba18ebf484ad36d2feb7de5002eeff470b5c5109b3f3b8e4a0e2b1895916 SHA512 7280f10d4d6639ddb83479c405aa752dbd0d9c3a875f77c2615d6f5142bda1ce4688f1032ac1124c9131500994959deac3b34e3395dc2c6855ea1e4fb04560ae
EBUILD libvterm-0.3.ebuild 781 BLAKE2B e682022ece50942097978bc495d829f08f4ab90f7db260a248e5d66320793d9c518baceeb7cd25bb8aaf09c472c6a045788ca5151c9e4f34afe55a74f452ecd8 SHA512 5e4fe08cc4a84591aaf4c417de03f270ab727e5955e36b80f5aa85cb3bc3e29c76cfda6ecd9dccd85f886e153ab9efc24dcd3340630d3b37b0c009108c0bd75b
MISC metadata.xml 326 BLAKE2B 1ede96c6ed5288e9f8603f2c1fd2daad8bf48384c09b01de355628fd970e3f252b6d064cff58d70fb5838cdf0edaa71c6d83e65f240e0ce48559ef74cbff43b3 SHA512 951e8795d8482cd230a256c4084f5d0e28d9cfb7fdae75f239f72b7d67d900c9545b47bdafc8260eec393c302eed4fdd70912e965521312705fcb4ddb281d814
diff --git a/dev-libs/libvterm/libvterm-0.3.2.ebuild b/dev-libs/libvterm/libvterm-0.3.2.ebuild
new file mode 100644
index 000000000000..25cc462c9ff5
--- /dev/null
+++ b/dev-libs/libvterm/libvterm-0.3.2.ebuild
@@ -0,0 +1,28 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+DESCRIPTION="An abstract library implementation of a VT220/xterm/ECMA-48 terminal emulator"
+HOMEPAGE="https://www.leonerd.org.uk/code/libvterm/"
+SRC_URI="https://www.leonerd.org.uk/code/${PN}/${P}.tar.gz"
+
+LICENSE="MIT"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86 ~x64-macos"
+
+BDEPEND="
+ dev-lang/perl
+ sys-devel/libtool
+"
+
+src_compile() {
+ emake VERBOSE=1 PREFIX="${EPREFIX}"/usr LIBDIR="${EPREFIX}/usr/$(get_libdir)"
+}
+
+src_install() {
+ emake VERBOSE=1 DESTDIR="${D}" PREFIX="${EPREFIX}"/usr LIBDIR="${EPREFIX}/usr/$(get_libdir)" install
+
+ find "${ED}" -name '*.la' -delete || die "Failed to prune libtool files"
+ find "${ED}" -name '*.a' -delete || die
+}
diff --git a/dev-libs/libzia/Manifest b/dev-libs/libzia/Manifest
index e9b44a559289..aabf7bcd7b53 100644
--- a/dev-libs/libzia/Manifest
+++ b/dev-libs/libzia/Manifest
@@ -1,9 +1,3 @@
-DIST libzia-4.39.tar.gz 638203 BLAKE2B 0ff2bf9b404b1e554c3cab3145980b8db97345b2e4fd3f3aa94960c150f0da3efcc361306cd7476e839bc3f57868164181f2e3cb79e0dc3f3a7246841d723251 SHA512 61ae1e2aba9f096f7d6593cf7a72d12822bc30f77287bc36f1ea72c01e9669cbef72492adf017efc73bb507fe08b9939f6ca3e4d695388c642619450fc31c024
-DIST libzia-4.40.tar.gz 638193 BLAKE2B bbeee5f6ee699e09aa791c8b6acb39fed90bdf9a875499177c330d009407157e1ebc36aa432e94dcd78553f803c84fe0d00ce9d613abb657324a061588b77d06 SHA512 dd17a80dbcdf88f7617d439f6dde2af6d319c318e9ee55bc9b375ef1bef5ee708c1af7e133ed304d365b0d6d0c3d52f48ae01f44cb2a6e1285625d785f5f5126
-DIST libzia-4.42.tar.gz 642066 BLAKE2B 8bec7c3bafa68420adc08d7a70016138997fbd89e7e9ebae70f2a47da6216ac041907cb11c5391956895e5d0871c7c02ece28323253f1161e61f75a8ae6b05a6 SHA512 3e27ae0ddf46364f61a06fd85c6be6ee2bca829ef0d0e3a66f4b2ed8089a13e38332c4329a639f5f83120cf7bd9dad29b6e41022884513b3de69c7672d3316e5
DIST libzia-4.43.tar.gz 642097 BLAKE2B 34ab759fc8d4d83067df80d9d3f763717640df38f604222f3fc6b19876a9f5a5f5b79523857fa96d5badf047046b4786f100657ee0a41d0a7096a21c6006e5a0 SHA512 b6341ea6524b2040d63a7b21b9a4c12d26cb5ae30bc08dc37efd5fd7d71ecf7321511e09cc5745adc6f395f841d5e2bb4df827956204db4147ac11d204eaf8da
-EBUILD libzia-4.39.ebuild 1191 BLAKE2B fdedbbb747f79407c1697e883d89dab444cc8fb60065c5800f6593010444160dc555f9c7fdc99e8d336ef7cd3409ce828e3c9156dc627143139bb987d7a20c2b SHA512 57c194225792866b997c7c1e5ed386f87f0213f8eeb4837c44148d013df10a61c6c71ddb20409088bb2e236eb3da948fc5c08c574ffc5d5bf962ab6ccb04cf8d
-EBUILD libzia-4.40.ebuild 1193 BLAKE2B 14f99f1cbc754761e90212206e4d0d01a16071f07aee10c232bbfe66548432a576193bc83847a23bb7bd9d3eaa12e036c2e727e52eb2d5ac33c98b2c2f576856 SHA512 f0a68f7a6e158b889856683f2199c85cfdde1283a7b0d7b075adaa82a0859a9cabad1a731f0a13dddc2954e4084ed0c4d959584ca3c7aeb379befb71a366a2a5
-EBUILD libzia-4.42.ebuild 1193 BLAKE2B 14f99f1cbc754761e90212206e4d0d01a16071f07aee10c232bbfe66548432a576193bc83847a23bb7bd9d3eaa12e036c2e727e52eb2d5ac33c98b2c2f576856 SHA512 f0a68f7a6e158b889856683f2199c85cfdde1283a7b0d7b075adaa82a0859a9cabad1a731f0a13dddc2954e4084ed0c4d959584ca3c7aeb379befb71a366a2a5
EBUILD libzia-4.43.ebuild 1191 BLAKE2B fdedbbb747f79407c1697e883d89dab444cc8fb60065c5800f6593010444160dc555f9c7fdc99e8d336ef7cd3409ce828e3c9156dc627143139bb987d7a20c2b SHA512 57c194225792866b997c7c1e5ed386f87f0213f8eeb4837c44148d013df10a61c6c71ddb20409088bb2e236eb3da948fc5c08c574ffc5d5bf962ab6ccb04cf8d
MISC metadata.xml 326 BLAKE2B 1b8ed6c9d40252f3371cf9a1ec295f593c8898dd8e45173ca05cededf987c7e44e2fafca613f8ad3022e9fbb6886d6aec2d183fd47c3064f35038784f361ebc4 SHA512 0c8a48b1101aa184dc596581feaf47463688801cb0f342177ecfb6fade1d63520ca1b9dcb278279470c181b560f555de332e4d2583e8856eec9057cde34df48f
diff --git a/dev-libs/libzia/libzia-4.39.ebuild b/dev-libs/libzia/libzia-4.39.ebuild
deleted file mode 100644
index d2bf5df52022..000000000000
--- a/dev-libs/libzia/libzia-4.39.ebuild
+++ /dev/null
@@ -1,54 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit autotools flag-o-matic
-
-DESCRIPTION="Platform abstraction code for tucnak package"
-HOMEPAGE="http://tucnak.nagano.cz"
-SRC_URI="http://tucnak.nagano.cz/${P}.tar.gz"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="amd64 x86"
-IUSE="ftdi"
-
-RDEPEND="dev-libs/glib:2
- x11-libs/gtk+:2
- media-libs/libsdl2
- media-libs/libpng:0
- ftdi? ( dev-embedded/libftdi:1 )
- elibc_musl? ( sys-libs/libunwind )"
-DEPEND="${RDEPEND}"
-BDEPEND="virtual/pkgconfig"
-
-MAKEOPTS+=" -j1"
-
-src_prepare() {
- eapply_user
- sed -i -e "s/docsdir/#docsdir/g" \
- -e "s/docs_/#docs_/g" Makefile.am || die
-
- # Fix QA-Warning "QA Notice: pkg-config files with wrong LDFLAGS detected"
- sed -i -e 's/@LDFLAGS@//' libzia.pc.in || die
-
- # fix build for MUSL (bug #832235)
- if use elibc_musl ; then
- sed -i -e "s/ backtrace(/ unw_backtrace(/" src/zbfd.c || die
- fi
- eautoreconf
-}
-
-src_configure() {
- use elibc_musl && append-libs -lunwind
- econf \
- $(use_with ftdi) --with-sdl \
- --with-png --without-bfd \
- --disable-static
-}
-
-src_install() {
- emake DESTDIR="${D}" install
- find "${D}" -name '*.la' -type f -delete || die
-}
diff --git a/dev-libs/libzia/libzia-4.40.ebuild b/dev-libs/libzia/libzia-4.40.ebuild
deleted file mode 100644
index 9c39a847c882..000000000000
--- a/dev-libs/libzia/libzia-4.40.ebuild
+++ /dev/null
@@ -1,54 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit autotools flag-o-matic
-
-DESCRIPTION="Platform abstraction code for tucnak package"
-HOMEPAGE="http://tucnak.nagano.cz"
-SRC_URI="http://tucnak.nagano.cz/${P}.tar.gz"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~amd64 ~x86"
-IUSE="ftdi"
-
-RDEPEND="dev-libs/glib:2
- x11-libs/gtk+:2
- media-libs/libsdl2
- media-libs/libpng:0
- ftdi? ( dev-embedded/libftdi:1 )
- elibc_musl? ( sys-libs/libunwind )"
-DEPEND="${RDEPEND}"
-BDEPEND="virtual/pkgconfig"
-
-MAKEOPTS+=" -j1"
-
-src_prepare() {
- eapply_user
- sed -i -e "s/docsdir/#docsdir/g" \
- -e "s/docs_/#docs_/g" Makefile.am || die
-
- # Fix QA-Warning "QA Notice: pkg-config files with wrong LDFLAGS detected"
- sed -i -e 's/@LDFLAGS@//' libzia.pc.in || die
-
- # fix build for MUSL (bug #832235)
- if use elibc_musl ; then
- sed -i -e "s/ backtrace(/ unw_backtrace(/" src/zbfd.c || die
- fi
- eautoreconf
-}
-
-src_configure() {
- use elibc_musl && append-libs -lunwind
- econf \
- $(use_with ftdi) --with-sdl \
- --with-png --without-bfd \
- --disable-static
-}
-
-src_install() {
- emake DESTDIR="${D}" install
- find "${D}" -name '*.la' -type f -delete || die
-}
diff --git a/dev-libs/libzia/libzia-4.42.ebuild b/dev-libs/libzia/libzia-4.42.ebuild
deleted file mode 100644
index 9c39a847c882..000000000000
--- a/dev-libs/libzia/libzia-4.42.ebuild
+++ /dev/null
@@ -1,54 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit autotools flag-o-matic
-
-DESCRIPTION="Platform abstraction code for tucnak package"
-HOMEPAGE="http://tucnak.nagano.cz"
-SRC_URI="http://tucnak.nagano.cz/${P}.tar.gz"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~amd64 ~x86"
-IUSE="ftdi"
-
-RDEPEND="dev-libs/glib:2
- x11-libs/gtk+:2
- media-libs/libsdl2
- media-libs/libpng:0
- ftdi? ( dev-embedded/libftdi:1 )
- elibc_musl? ( sys-libs/libunwind )"
-DEPEND="${RDEPEND}"
-BDEPEND="virtual/pkgconfig"
-
-MAKEOPTS+=" -j1"
-
-src_prepare() {
- eapply_user
- sed -i -e "s/docsdir/#docsdir/g" \
- -e "s/docs_/#docs_/g" Makefile.am || die
-
- # Fix QA-Warning "QA Notice: pkg-config files with wrong LDFLAGS detected"
- sed -i -e 's/@LDFLAGS@//' libzia.pc.in || die
-
- # fix build for MUSL (bug #832235)
- if use elibc_musl ; then
- sed -i -e "s/ backtrace(/ unw_backtrace(/" src/zbfd.c || die
- fi
- eautoreconf
-}
-
-src_configure() {
- use elibc_musl && append-libs -lunwind
- econf \
- $(use_with ftdi) --with-sdl \
- --with-png --without-bfd \
- --disable-static
-}
-
-src_install() {
- emake DESTDIR="${D}" install
- find "${D}" -name '*.la' -type f -delete || die
-}
diff --git a/dev-libs/mpfr/Manifest b/dev-libs/mpfr/Manifest
index ef80fb6e61be..83d0ee6c214d 100644
--- a/dev-libs/mpfr/Manifest
+++ b/dev-libs/mpfr/Manifest
@@ -28,5 +28,5 @@ DIST mpfr-4.2.0.tar.xz.asc 228 BLAKE2B b281a11528a69418739b0122b4130d9cf212569f9
EBUILD mpfr-4.1.0_p13-r1.ebuild 2783 BLAKE2B 748c9175b11db817c4d4a50879ffac9d2772b8c1aba67111bba8744264705547910b16667caa68eaac7b8d66e7cb331c54150b35fcbdbf47fee4d6c5cd8109a7 SHA512 b8161691727a74f31877dddec7e81e6c37791be74649ea4a96c770ad34661d0deebe27444a1872fb127b5fa191357a048cbc410a6db6bae16b0887d1c843f1ed
EBUILD mpfr-4.1.1_p1.ebuild 2783 BLAKE2B 69d40acad30c90bc0460c3ee4a96323a46ec2ea2d3a6ae96ef696502cd9af2623cd33cd9d1c8a1dc372ee3f643eb254d1e0e91e6289bfd8ce6e463c00c54cfe5 SHA512 12fb0937de94dcf6f04bfa26ff3a0ae1343d9d698777d652e20f734ef51965104a9aa60f8775b897e6b82f75e10e5568a7269ae3f446adbaa3036481a98362c2
EBUILD mpfr-4.2.0.ebuild 3158 BLAKE2B 86a7fcf91c203f87c62b039f609592e2f4ce0f199a89d35d30d5b143ce254938686339cbb0c1b45a17a56c8a159d95bb3517354dfcfb2458d441647e104ed269 SHA512 8c8dfb2424f043372ef058ac7fedea442b5de3733b56497cd96deeee52998247c6872096926c430b78ffc41542e986903d9d6972fbf676f9309f7d4757212f6c
-EBUILD mpfr-4.2.0_p9.ebuild 3167 BLAKE2B 481b82c925add26fcb119d40cc6d32671a7ad61e1faadb692ad7dcb6acc7238d65982b5d0ddf9aff75bd7742fe83c7fa64928b09dc06e6f62bf72dde16128be1 SHA512 e2b8ccf66b2bdc1d95be34e2f47360c33e0807af97fe90a500c760eff351b666ca45e68b26d5403ae8b5e64ab60ca8d601690d6babc14899580b4059eac2aacf
+EBUILD mpfr-4.2.0_p9.ebuild 3166 BLAKE2B 7435f63692a319663ed64ff6ddb6c938f78ac0681a4d8b990825a50e3c4ea2c3b47a43fb0631b7e242438b77e07f2a2851879e72fb88b96a17b4899ad01c6d4f SHA512 b96d7c2bf7a37d235790017b92ddac9c990c4f4be40b3e5dac74bb96ec076ad010c8bd66f1473021263b25529743400e1b09df637df295c91f0851a09d811d86
MISC metadata.xml 344 BLAKE2B b7a0bcfbcf945ce2b6d58a9a2078c823c12de5ef8261ec009612b58a833deecb7caaf864f0b55e0c46aac004c58feb7a1f88f6d78b584c2e25c403cfb1de96a0 SHA512 8b8b5ae00a4f9ba76c193c5d84f27cce973963f4db109219394efccba3a8e8bebb7f241658a0b682331e34c66ee99332f871d826abf6ec5a4ced4f3dce381fe9
diff --git a/dev-libs/mpfr/mpfr-4.2.0_p9.ebuild b/dev-libs/mpfr/mpfr-4.2.0_p9.ebuild
index bcbbe69004fc..3436f7912a8f 100644
--- a/dev-libs/mpfr/mpfr-4.2.0_p9.ebuild
+++ b/dev-libs/mpfr/mpfr-4.2.0_p9.ebuild
@@ -39,7 +39,6 @@ if [[ ${PV} == *_p* ]] ; then
done
unset patch_url_base my_patch_index mangled_patch_ver
-
fi
S="${WORKDIR}/${MY_P}"
diff --git a/dev-libs/ntl/Manifest b/dev-libs/ntl/Manifest
index ef36d31bbcf1..6e29816e92f3 100644
--- a/dev-libs/ntl/Manifest
+++ b/dev-libs/ntl/Manifest
@@ -1,4 +1,5 @@
DIST ntl-11.5.1.tar.gz 2304103 BLAKE2B 92284383451c7a810f7ee8d9a82836695d19d2a2e46b71c8c60b00acb77f4b4d3bad5497a309616a3e3188567d20203f5ad31295130ab0f3ace08417188c9fda SHA512 cf1f642b8a0f9cdc6dda888e07183817dc67ff494e56a852053aeb15b3d2a0e61fbc05824779c5d1f20b8115fba6f97266acf7e0b0b527c25df5989c86d5928f
EBUILD ntl-11.5.1-r1.ebuild 2071 BLAKE2B 63b41f8d75761d7d002238955c7c3a8f81af90cd3db436eec1e5a30017995f2ffa2456d912e3b103bdb25d3916e5d6f94b17f70ae5960b91fa83bb870f3201a3 SHA512 71a9d39b67f2144522090613a9143585ae17727d200958a89ae7317d6dacaadcdf09d5d10fcca2c00c77f507243fd7e56bfef9cbdc989c42a27f828a8be18dc6
EBUILD ntl-11.5.1-r3.ebuild 2558 BLAKE2B 18998bc75528ff91ee88c6932ae2982d898940fbf0d9e344bab1f445e81cd8899c854816222ed47409543b9d700bb5d0ebbd0dbba9d1dd6bf20af445e9bc2124 SHA512 e308a4c7739df1a8c52d7aa3714a81701afd2d7049c2ea9db4b9580ff51e267d3ac17016275b55b8bc51ed6a3e863bfb7fb42a1746011a500006c9322380e23b
+EBUILD ntl-11.5.1-r4.ebuild 2419 BLAKE2B 28f178b724027983f1e73eb1b317beb85308cbe628b780ea7373eb6d572b9358fdd2ae451019eafcaff56e626b4bffd74f0f1f7666db1b7849ad4bca0c4477ac SHA512 8ffc71bc10d4b01cff0f682df9870dbe7a4e2b1c051188e258a867302d7fb4ac5f949afc682ecc969799c0fb677d7d78febbc1f381a68c783438c1146d9ac147
MISC metadata.xml 628 BLAKE2B 12ef87b42f60ca7bd5f91708c96471378481bfdc911d638a550608f62928a40e879431028f6e578047b79749e0c8307a4075520434191099adece5a771e5c27f SHA512 724f4bc44918ec49f4bb30ef7c9cc6de8c4243845a2a4c7d8c73db6f1db8fa548ad0932f324deea2002ea35cb7b410120cb86a0743bb2d6765fcd987593fcd84
diff --git a/dev-libs/ntl/ntl-11.5.1-r4.ebuild b/dev-libs/ntl/ntl-11.5.1-r4.ebuild
new file mode 100644
index 000000000000..58472e5629a3
--- /dev/null
+++ b/dev-libs/ntl/ntl-11.5.1-r4.ebuild
@@ -0,0 +1,85 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit toolchain-funcs gnuconfig
+
+DESCRIPTION="High-performance and portable C++ number theory library"
+HOMEPAGE="https://www.shoup.net/ntl/ https://github.com/libntl/ntl"
+SRC_URI="https://www.shoup.net/ntl/${P}.tar.gz"
+
+LICENSE="LGPL-2.1+"
+SLOT="0/44"
+KEYWORDS="amd64 ~arm64 ~loong ~ppc ~ppc64 ~riscv x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos"
+IUSE="doc threads"
+
+BDEPEND="dev-lang/perl"
+DEPEND="dev-libs/gmp:0=
+ dev-libs/gf2x
+ threads? ( >=dev-libs/gf2x-1.2 )"
+RDEPEND="${DEPEND}"
+
+S="${WORKDIR}/${P}/src"
+
+DOCS=( "${WORKDIR}/${P}"/README )
+
+src_unpack() {
+ default
+ gnuconfig_update "${S}/libtool-origin/"
+}
+
+src_configure() {
+ # The DoConfig script builds its own libtool, but doesn't
+ # really try to set up the build environment (bug 718892).
+ export CC="$(tc-getCC)"
+ export CXX="$(tc-getCXX)"
+
+ # Currently the build system can build a static library or both
+ # static and shared libraries, but not only shared libraries. The
+ # name NTL_GMP_LIP is *not* a typo.
+ #
+ # We have left NTL_ENABLE_AVX_FFT unconditionally disabled: NTL's
+ # AVX2 detection can fail even when the CPU supports it (bug
+ # 815775), and moreover, can fail due to CXXFLAGS. When that
+ # happens, and if we try to use the AVX FFT, the build fails.
+ # Finally, doc/config.txt says, "this is experimental at moment, and
+ # may lead to worse performance." So we are probably not missing out
+ # on much.
+ #
+ perl DoConfig \
+ PREFIX="${EPREFIX}"/usr \
+ LIBDIR="${EPREFIX}"/usr/$(get_libdir) \
+ CXXFLAGS="${CXXFLAGS}" \
+ CPPFLAGS="${CPPFLAGS}" \
+ LDFLAGS="${LDFLAGS}" \
+ CXX="$(tc-getCXX)" \
+ AR="$(tc-getAR)" \
+ RANLIB="$(tc-getRANLIB)" \
+ SHARED=on \
+ NTL_GMP_LIP=on \
+ NTL_GF2X_LIB=on \
+ NTL_THREADS=$(usex threads on off) \
+ NTL_ENABLE_AVX_FFT=off \
+ NATIVE=off \
+ || die "DoConfig failed"
+
+ if use doc; then
+ DOCS+=( "${WORKDIR}/${P}"/doc/*.txt )
+ HTML_DOCS=( "${WORKDIR}/${P}"/doc/*.html "${WORKDIR}/${P}"/doc/*.gif )
+ fi
+
+ # 780534 - Required for rlibtool so it can find the generated libtool
+ ln -sf libtool-build/libtool . || die
+}
+
+src_install() {
+ default
+ find "${ED}" -name '*.la' -delete || die
+
+ # Use rm -f because the static archive may not be created when
+ # using (for example) slibtool-shared.
+ rm -f "${ED}/usr/$(get_libdir)"/libntl.a || die
+
+ rm -r "${ED}"/usr/share/doc/NTL || die
+}
diff --git a/dev-libs/openssl-compat/Manifest b/dev-libs/openssl-compat/Manifest
index d87bb3e8362c..9fa269ef9e30 100644
--- a/dev-libs/openssl-compat/Manifest
+++ b/dev-libs/openssl-compat/Manifest
@@ -5,12 +5,9 @@ AUX openssl-1.1.1i-riscv32.patch 2557 BLAKE2B 97e51303706ee96d3fae46959b91d1021d
DIST openssl-1.0.2-patches-1.5.tar.xz 12404 BLAKE2B 6c1b8c28f339f539b2ab8643379502a24cf62bffde00041dce54d5dd9e8d2620b181362ee5464b0ab32ba4948e209697bfabadbea2944a409a1009100d298f24 SHA512 5725e2d9d1ee8cc074bcef3bed61c71bdab2ff1c114362110c3fb8da11ad5bc8f2ff28e90a293f5f3a5cf96ecda54dffdb7ab3fb3f8b23ef6472250dc3037659
DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1c838de945903fcf959c62cc29ddcd1a0cb360fc5db234df86860a6a4c096f5ecc237611e4c2946b986a5500c24ba93c208ef4 SHA512 a48a7efb9b973b865bcc5009d450b428ed6b4b95e4cefe70c51056e47392c8a7bec58215168d8b07712419dc74646c2bd2fd23bcfbba2031376e292249a6b1b6
DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32
-DIST openssl-1.1.1t.tar.gz 9881866 BLAKE2B 66d76ea0c05a4afc3104e22602cffc2373e857728625d31ab3244881cafa91c099a817a09def7746bce4133585bfc90b769f43527e77a81ed13e60a8c2fb4d8d SHA512 628676c9c3bc1cf46083d64f61943079f97f0eefd0264042e40a85dbbd988f271bfe01cd1135d22cc3f67a298f1d078041f8f2e97b0da0d93fe172da573da18c
-DIST openssl-1.1.1t.tar.gz.asc 833 BLAKE2B fc5e7069268e987a20241dfc4f080529c6e95e217c198568b09c833e390e68b25a604a5d3ec29c6a64b9dee9d42199fd3647214e536ba2f7b8b4e57aa4cba680 SHA512 1232a94fce991d62f008ae6d3d9b6fe68cb6378fe07450feb17a58eb2417fb385ffcb7e6b74eb683134be9ff6ccf6efa183f37f4dd521614fd5aeaddf000b90b
DIST openssl-1.1.1u.tar.gz 9892176 BLAKE2B 5de9cb856e497596ecba008bad6515eefd093849b9c66dd7447031723996f3ba66ac37a323a5f7d01b1d42df4daaceb523372f5897d5c53b935ffab91c566594 SHA512 d00aeb0b4c4676deff06ff95af7ac33dd683b92f972b4a8ae55cf384bb37c7ec30ab83c6c0745daf87cf1743a745fced6a347fd11fed4c548aa0953610ed4919
DIST openssl-1.1.1u.tar.gz.asc 833 BLAKE2B 7a978a94264a14be04372fea39868e9177e8a0b0f24344267702022e19ee0f52e91ad141d7c54da870f7ec0df9b2e43b80939f1d274dd0b44d36da2670e3a468 SHA512 40245d65ace95b2002bf64bcba184c92fec3420b08d9f61f3a709c4842e9478595105d8adce33a08eb98d351d2a0989ec342b08cdd9104498ea0543b6e592d28
DIST openssl-compat-1.0.2u-versioned-symbols.patch.gz 24633 BLAKE2B 6bfad4ad27dbca0bd85bfd9521ffc844c3e93e6a1cca7c814edd49affc60ece1c706dd3aa7be2ce80857532531eac6f0f03f43c0be22a769d00d9241686eff71 SHA512 3d85aa34f2491e0e36eedc45829709e0fb552f6d558c2726b59dafa98c3e679b88497f3f7399d7565d88e727591e7d9b12f5b1e27116ba19b9a661d7f75b07a9
EBUILD openssl-compat-1.0.2u-r2.ebuild 7794 BLAKE2B 292aa0999be2c173b86b9324a8e1e73fd536b38af5106d09d776931c8a170808ddf976536d7f88398260e1cda58945fe747255a8f3c2d4432ab4e8ca139e83a4 SHA512 271767ff717c9324a34c3ae1964a6a428f83e97d002be6df797cadc809768a198ab090cb313e5aa3bc9fd22d029f2cf17c3612f51e154e140a552bfdf9cb55f2
-EBUILD openssl-compat-1.1.1t.ebuild 6556 BLAKE2B 8fc47dd1300fcb5558c7dce745700d7306893d817c83177598bfc3d5e80467359688e42688c4f0b29393058c264a7641e3cfe3e2e439ba55dd410d93346e8b7b SHA512 7ebac003cf144379663c92ad98a8d9fc362a564d4b6b2983dc855ce759f694c23c870e062fe6083c701251245248d2ff9d26dada83d214a42cda3050c5222749
EBUILD openssl-compat-1.1.1u.ebuild 6556 BLAKE2B 8fc47dd1300fcb5558c7dce745700d7306893d817c83177598bfc3d5e80467359688e42688c4f0b29393058c264a7641e3cfe3e2e439ba55dd410d93346e8b7b SHA512 7ebac003cf144379663c92ad98a8d9fc362a564d4b6b2983dc855ce759f694c23c870e062fe6083c701251245248d2ff9d26dada83d214a42cda3050c5222749
MISC metadata.xml 1223 BLAKE2B db6fe704a4a09590821cd011556759cfd60543fd531fef3bd233378f396ac5e67c7d834eee4e544995c3af02dc9f222ac787e0b8a1c48a6cadd06541c81372fb SHA512 3cd0b3d8ba2c2c31d3240a080c0edf61a3b090adb4bb14c3b79c9cd1f0c0ac332a9c9457b218a09fb9192cc82004dba57cd4cac404fdd5ddfe4f0c7780b596cd
diff --git a/dev-libs/openssl-compat/openssl-compat-1.1.1t.ebuild b/dev-libs/openssl-compat/openssl-compat-1.1.1t.ebuild
deleted file mode 100644
index f1ff4defc6a7..000000000000
--- a/dev-libs/openssl-compat/openssl-compat-1.1.1t.ebuild
+++ /dev/null
@@ -1,221 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic toolchain-funcs multilib-minimal verify-sig
-
-MY_P=openssl-${PV/_/-}
-DESCRIPTION="Full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
- verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-S="${WORKDIR}/${MY_P}"
-
-LICENSE="openssl"
-SLOT="$(ver_cut 1-3)"
-if [[ ${PV} != *_pre* ]] ; then
- KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris"
-fi
-IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-RDEPEND="
- !=dev-libs/openssl-1.1.1*:0
- tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-"
-DEPEND="${RDEPEND}"
-BDEPEND="
- >=dev-lang/perl-5
- sctp? ( >=net-misc/lksctp-tools-1.0.12 )
- test? (
- sys-apps/diffutils
- sys-devel/bc
- kernel_linux? ( sys-process/procps )
- )
- verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )"
-
-# Do not install any docs
-DOCS=()
-
-PATCHES=(
- # General patches which are suitable to always apply
- # If they're Gentoo specific, add to USE=-vanilla logic in src_prepare!
- "${FILESDIR}"/${PN/-compat}-1.1.0j-parallel_install_fix.patch # bug #671602
- "${FILESDIR}"/${PN/-compat}-1.1.1i-riscv32.patch
-)
-
-pkg_setup() {
- [[ ${MERGE_TYPE} == binary ]] && return
-
- # must check in pkg_setup; sysctl doesn't work with userpriv!
- if use test && use sctp; then
- # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
- # if sctp.auth_enable is not enabled.
- local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
- if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
- die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
- fi
- fi
-}
-
-src_prepare() {
- # Allow openssl to be cross-compiled
- cp "${FILESDIR}"/gentoo.config-1.0.4 gentoo.config || die
- chmod a+rx gentoo.config || die
-
- # Keep this in sync with app-misc/c_rehash
- SSL_CNF_DIR="/etc/ssl"
-
- # Make sure we only ever touch Makefile.org and avoid patching a file
- # that gets blown away anyways by the Configure script in src_configure
- rm -f Makefile
-
- if ! use vanilla ; then
- PATCHES+=(
- # Add patches which are Gentoo-specific customisations here
- )
- fi
-
- default
-
- if use test && use sctp && has network-sandbox ${FEATURES}; then
- einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
- rm test/recipes/80-test_ssl_new.t || die
- fi
-
- # Quiet out unknown driver argument warnings since openssl
- # doesn't have well-split CFLAGS and we're making it even worse
- # and 'make depend' uses -Werror for added fun (bug #417795 again)
- tc-is-clang && append-flags -Qunused-arguments
-
- # We really, really need to build OpenSSL w/ strict aliasing disabled.
- # It's filled with violations and it *will* result in miscompiled
- # code. This has been in the ebuild for > 10 years but even in 2022,
- # it's still relevant:
- # - https://github.com/llvm/llvm-project/issues/55255
- # - https://github.com/openssl/openssl/issues/18225
- # - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
- # Don't remove the no strict aliasing bits below!
- filter-flags -fstrict-aliasing
- append-flags -fno-strict-aliasing
-
- append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
- append-flags $(test-flags-CC -Wa,--noexecstack)
-
- # Remove test target when FEATURES=test isn't set
- if ! use test ; then
- sed \
- -e '/^$config{dirs}/s@ "test",@@' \
- -i Configure || die
- fi
-
- if use prefix && [[ ${CHOST} == *-solaris* ]] ; then
- # use GNU ld full option, not to confuse it on Solaris
- sed -i \
- -e 's/-Wl,-M,/-Wl,--version-script=/' \
- -e 's/-Wl,-h,/-Wl,--soname=/' \
- Configurations/10-main.conf || die
-
- # fix building on Solaris 10
- # https://github.com/openssl/openssl/issues/6333
- sed -i \
- -e 's/-lsocket -lnsl -ldl/-lsocket -lnsl -ldl -lrt/' \
- Configurations/10-main.conf || die
- fi
-
- local sslout=$(./gentoo.config)
- einfo "Using configuration: ${sslout:-(openssl knows best)}"
- local config="perl Configure"
- [[ -z ${sslout} ]] && config="sh config -v"
-
- # The config script does stupid stuff to prompt the user. Kill it.
- sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
- edo ${config} ${sslout} --test-sanity
-
- multilib_copy_sources
-}
-
-multilib_src_configure() {
- # bug #197996
- unset APPS
- # bug #312551
- unset SCRIPTS
- # bug #311473
- unset CROSS_COMPILE
-
- tc-export AR CC CXX RANLIB RC
-
- use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
- local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
- # See if our toolchain supports __uint128_t. If so, it's 64bit
- # friendly and can use the nicely optimized code paths, bug #460790.
- #local ec_nistp_64_gcc_128
- #
- # Disable it for now though (bug #469976)
- # Do NOT re-enable without substantial discussion first!
- #
- #echo "__uint128_t i;" > "${T}"/128.c
- #if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
- # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
- #fi
-
- local sslout=$(./gentoo.config)
- einfo "Use configuration ${sslout:-(openssl knows best)}"
- local config="perl Configure"
- [[ -z ${sslout} ]] && config="sh config -v"
-
- # "disable-deprecated" option breaks too many consumers.
- # Don't set it without thorough revdeps testing.
- # Make sure user flags don't get added *yet* to avoid duplicated
- # flags.
- local myeconfargs=(
- ${sslout}
-
- $(use cpu_flags_x86_sse2 || echo "no-sse2")
- enable-camellia
- enable-ec
- enable-ec2m
- enable-sm2
- enable-srp
- $(use elibc_musl && echo "no-async")
- ${ec_nistp_64_gcc_128}
- enable-idea
- enable-mdc2
- enable-rc5
- $(use_ssl sslv3 ssl3)
- $(use_ssl sslv3 ssl3-method)
- $(use_ssl asm)
- $(use_ssl rfc3779)
- $(use_ssl sctp)
- $(use test || echo "no-tests")
- $(use_ssl tls-compression zlib)
- $(use_ssl tls-heartbeat heartbeats)
- $(use_ssl weak-ssl-ciphers)
-
- --prefix="${EPREFIX}"/usr
- --openssldir="${EPREFIX}"${SSL_CNF_DIR}
- --libdir=$(get_libdir)
-
- shared
- threads
- )
-
- edo ${config} "${myeconfargs[@]}"
-}
-
-multilib_src_compile() {
- emake all
-}
-
-multilib_src_test() {
- emake -j1 test
-}
-
-multilib_src_install() {
- dolib.so lib{crypto,ssl}.so.$(ver_cut 1-2 "${SLOT}")
-}
diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 08813ed42f4e..963efe7f3a94 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -2,39 +2,17 @@ AUX gentoo.config-1.0.2 5302 BLAKE2B b699533ed86c48c0d033092b4d901de837a6a495113
AUX gentoo.config-1.0.4 5735 BLAKE2B 3ae435b60aa2c29dde9190c71e6cedf2a2c17ff8e7ae23c2a0c54904a6e06aa498b620979761a4d0f4a6e7331b49f684a952061e59d1d0a3e5bc27a68bed5800 SHA512 351e61a387e8e3890d03d3574926e82555223f9734e2f8365ee24ed7e064c30a6fdb75ad851a149f636803bdafb72b420127eef9cd7a9c1248e17e5317aca378
AUX openssl-1.1.0j-parallel_install_fix.patch 515 BLAKE2B a1bcffce4dc9e0566e21e753cf1a18ee6eac92aca5880c50b33966d8ecb391f7430e1db6ea5a30ee4e3a9d77fb9e5542e864508b01c325011e368165e079a96c SHA512 0badd29ec8cffd95b2b69a4b8f8eecfc9ea0c00a812b298a650ee353e3965147fd2da1f9058d2d51744838f38168257b89aaf317287c55a7b76f16a69c781828
AUX openssl-1.1.1i-riscv32.patch 2557 BLAKE2B 97e51303706ee96d3fae46959b91d1021dcbb3efa421866f6e09bbee6287aae95c6f5d9498bd9d8974b0de747ef696242691cfebec90b31dc9e2cc31b41b81ec SHA512 f75ae1034bb9dda7f4959e8a5d6d0dae21200723d82aebfbea58bd1d7775ef4042e49fdf49d5738771d79d764e44a1b6e0da341d210ea51d21516bb3874b626a
-AUX openssl-1.1.1t-CVE-2023-0464.patch 8500 BLAKE2B 6956aa4545d63337154e654d584eed1acbcc90eeeee60120fc567a24f839d8046b5d69d5d5de380a783580bf7c10590f45954018f2e26bdc1cd4a79e45bc1662 SHA512 5842316bf9cd38fb496adc6681542afbf7c2f8899f3952b61f1502da61b0c74f7aac3f27851be9d027642f3d2fcd1dc69fc11f14dcdb9af43f0e0d16c7de6736
-AUX openssl-1.1.1t-CVE-2023-0465.patch 1735 BLAKE2B add7bf0bda8802259b2fc3bb2c815b7e3bb04226d5effd3c98e60aae0b0aa140c26a05467eb7384147032f67ad9ef347b42012d1dfe05d2404f2feed692c6dd2 SHA512 a63883bc773faceded24c47d3246ce2c8e9ad10426a953e575ec0a6f315e0e9b789d31de912ed5015e7e97bf205870fb16b6f4353807dd00c4d1396586a35935
-AUX openssl-1.1.1t-CVE-2023-0466.patch 1719 BLAKE2B 77294d1820a935e653f254600eb219a1da1409d2e4a161fcce1fd44ce0bc96ca61516a929ee6dd9016ea07374a412ce8d6e65f570941e325e0f7fa79759dd364 SHA512 d6fc7d5a5420b6de96e0fec34175259a7f34acae0d34347980972bdc999b8d57ddb1aac6b4063a7eb4aab759b5afaeb7fa010133df8e1b57efeb23df56ac6b67
-AUX openssl-3.0.8-CVE-2023-0464.patch 8888 BLAKE2B 4a4c71e3dc3264ee2da59c9848bd79f700d9923cfc4d0fe26b740625263a1f47d0ad1a6dc3ecc060e6e7f94a3ddb90e80deb16850471d166b335107c48c3a7d0 SHA512 dd22e945312604f45bb55f2e8cfe485f4c7a47d7c07d746117baa580d61d25679d410043ff4243b62390176159ef4e3f40f0e2d28191329d3ad11f3bceb67294
-AUX openssl-3.0.8-CVE-2023-0465.patch 1725 BLAKE2B a226cc9f74188da651b910e6bbb56f9bfe445ecb09cb094dcfb182874470c5562a00959dc38ccbed2f0d48fd672491b4b423ce7252e2bc5d334c8c8ba999f655 SHA512 f7cdebce1af1cd89e8d1cc17834cf998f2b1a7587807b06887036abd5a134c79f25adacc94b9f2c5e4cda634fbdbdc7f76256e4653f5ef278fa18ea7c5023f8d
-AUX openssl-3.0.8-CVE-2023-0466.patch 1839 BLAKE2B e9a573317c92abe5e084a1c301f87443f54d47a96967f66e2dba103f8ff88f3452b5926254bbc4fdfb249b0dac530d6382504f77c0e81fea13e30398a3f8561a SHA512 35d64774eb784753ca90e55c72978e01e1b21b13255a51f27d4c8b34865a9509d24e9712abc42ef597b496a44a8ec6c17cd92768ebd335e721f4da0f7b40a45d
-AUX openssl-3.0.8-CVE-2023-1255.patch 1285 BLAKE2B 1394f50a82f01cd26e59ae241b4db60f73742e6d901a66e266772d0295eb2b7f3d7f53cbd2052fe9e81cfc251613cbc2394182b4813a5ca92e79c340c7f2b582 SHA512 df79750e82db172a1b0f61b7324442eb4b097f636854853d3229e3e970fbbdd73ac4094220d0745ecf00bdbb7fda09d7c0effceebbbd424df44af693aeb856a7
-AUX openssl-3.0.8-mips-cflags.patch 1104 BLAKE2B 39b3698ce27758504aa64b3059fdb51876971f085850719c4ece9e068c975624c04a39652cc77446de1241aa1d816eb282cd969efd70dd5c5d682c84f6a9224a SHA512 ec0a860ee504281fbbc33dbe35f9f31b3c8943a144ccbddc75c36c89260793760b42efd6b7c27c51fbab059588fc784dbad39c5b5f77202bf13a263441766216
-AUX openssl-3.1.0-CVE-2023-0464.patch 8888 BLAKE2B ef5c66bc6c06fd6e9d69ceff9f204e5944a1e73760e42bfc8550b197b674b34d273fcc9efa8a5f1b21577e8acc849548595a845a7f569a9ebce8ae0223ebb56a SHA512 e6b8f7f855ef880fcedba6e93971b1f894981e81e830d600446d560c2d83a8f8b2595a30ec0f7f0fdf1fc787b817d1d44700aa72203027a157beafdc0ec6ef19
-AUX openssl-3.1.0-CVE-2023-0465.patch 1725 BLAKE2B 7fbf508304c257ca5fc58c6b80b567326895d5b86a25fcfbdc058c6d21d9244b3a55150436084b15184fac267c001520664c02bb7f7151b61acd8da47113df27 SHA512 5e1525dff539eb06f3772166cbb6f20162b2c7de12633616663beeb75f5e8e5d964b66364b82dbf993d0622b741dba1930f27ca44f9563c0d1ff5915e6be93ca
-AUX openssl-3.1.0-CVE-2023-0466.patch 1839 BLAKE2B 166c660e40f3a7e6f7a87d673e1c94ff93494a6bfa9c061ed8e1ffc8d396d83043803c9ee4f277ffacab9132c9a941c5d51b7079cd07264d20724e2f83e54ed2 SHA512 e7cfb530fcec4712f076cf70b44d20576cd9a56e7904499f6f8d7413bf2565ba591317ee843c1ee074ae0eae61c26178689677dc3b0261af1426986812f9016e
-AUX openssl-3.1.0-CVE-2023-1255.patch 1285 BLAKE2B ca2749def80e8349db45260a397249229816ae226e7138d64a720bf43f81ac16b3a240b3f5e55e1878a05f5cb0ca2ffbdaa76030ea969e8e51d8b682008d9084 SHA512 cebf0c073d477556bdcafdd545bf39e2f4db2250c10b6db94628b9f46a6bcce877e281132693c3451766ce784629ad2f3863e02d42375d1de9afb72015512548
DIST openssl-1.0.2-patches-1.5.tar.xz 12404 BLAKE2B 6c1b8c28f339f539b2ab8643379502a24cf62bffde00041dce54d5dd9e8d2620b181362ee5464b0ab32ba4948e209697bfabadbea2944a409a1009100d298f24 SHA512 5725e2d9d1ee8cc074bcef3bed61c71bdab2ff1c114362110c3fb8da11ad5bc8f2ff28e90a293f5f3a5cf96ecda54dffdb7ab3fb3f8b23ef6472250dc3037659
DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1c838de945903fcf959c62cc29ddcd1a0cb360fc5db234df86860a6a4c096f5ecc237611e4c2946b986a5500c24ba93c208ef4 SHA512 a48a7efb9b973b865bcc5009d450b428ed6b4b95e4cefe70c51056e47392c8a7bec58215168d8b07712419dc74646c2bd2fd23bcfbba2031376e292249a6b1b6
DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32
-DIST openssl-1.1.1t.tar.gz 9881866 BLAKE2B 66d76ea0c05a4afc3104e22602cffc2373e857728625d31ab3244881cafa91c099a817a09def7746bce4133585bfc90b769f43527e77a81ed13e60a8c2fb4d8d SHA512 628676c9c3bc1cf46083d64f61943079f97f0eefd0264042e40a85dbbd988f271bfe01cd1135d22cc3f67a298f1d078041f8f2e97b0da0d93fe172da573da18c
-DIST openssl-1.1.1t.tar.gz.asc 833 BLAKE2B fc5e7069268e987a20241dfc4f080529c6e95e217c198568b09c833e390e68b25a604a5d3ec29c6a64b9dee9d42199fd3647214e536ba2f7b8b4e57aa4cba680 SHA512 1232a94fce991d62f008ae6d3d9b6fe68cb6378fe07450feb17a58eb2417fb385ffcb7e6b74eb683134be9ff6ccf6efa183f37f4dd521614fd5aeaddf000b90b
DIST openssl-1.1.1u.tar.gz 9892176 BLAKE2B 5de9cb856e497596ecba008bad6515eefd093849b9c66dd7447031723996f3ba66ac37a323a5f7d01b1d42df4daaceb523372f5897d5c53b935ffab91c566594 SHA512 d00aeb0b4c4676deff06ff95af7ac33dd683b92f972b4a8ae55cf384bb37c7ec30ab83c6c0745daf87cf1743a745fced6a347fd11fed4c548aa0953610ed4919
DIST openssl-1.1.1u.tar.gz.asc 833 BLAKE2B 7a978a94264a14be04372fea39868e9177e8a0b0f24344267702022e19ee0f52e91ad141d7c54da870f7ec0df9b2e43b80939f1d274dd0b44d36da2670e3a468 SHA512 40245d65ace95b2002bf64bcba184c92fec3420b08d9f61f3a709c4842e9478595105d8adce33a08eb98d351d2a0989ec342b08cdd9104498ea0543b6e592d28
-DIST openssl-3.0.8.tar.gz 15151328 BLAKE2B e163cc9b8b458f72405a2f1bde3811c8d0eb22e8b08ff5608ec64799975f1546dcdce31466b8a1d5ed29bc90d19aa6017d711987c81b71f4b20e279828cf753a SHA512 8ce10be000d7d4092c8efc5b96b1d2f7da04c1c3a624d3a7923899c6b1de06f369016be957e36e8ab6d4c9102eaeec5d1973295d547f7893a7f11f132ae42b0d
-DIST openssl-3.0.8.tar.gz.asc 833 BLAKE2B 1949801150e254e9be648f33014a4a16f803b42ca5a302c3942d377013e983e0ea0cca8aed594e3f9ecde26c6e31d222581e991af5fae6cd451d7ee83541f4bb SHA512 e1c04f1179aded228b39005fd9e9f6f75aedafb938b77ac58c97a00973eb412d93b92ad1c447332a5d96850b62b01093502928e6c190bdd0234a94c4e815d2a6
DIST openssl-3.0.9.tar.gz 15181285 BLAKE2B cc1df41fa12ba4443e15e94f6ebdc5e103b9dab5eab2e1c8f74e6a74fa2c38207817921b65d7293cb241c190a910191c7163600bb75243adde0e2f9ec31cc885 SHA512 86c99146b37236419b110db77dd3ac3992e6bed78c258f0cc3434ca233460b4e17c0ac81d7058547fe9cb72a9fd80ee56d4b4916bb731dbe2bbcf1c3d46bf31a
DIST openssl-3.0.9.tar.gz.asc 833 BLAKE2B 9943ac65f83f48465cae83b37a1d004f6be4622e53c3025166d42954abe9215f1a6c2af58d4aa2b45fa51182fee5019e740969f694655b6c592bb278c68aacef SHA512 9949de6b57d5aa21da1d4b68a29eb37e302403c983bd7d2d8769b320aac4268a9f9091c5fb182862a4f89a9099660939fe609df87c66991b75f7695faf357caf
-DIST openssl-3.1.0.tar.gz 15525381 BLAKE2B 9212a7fb13f6dee7746721ee406af56ae1b48ec58974c002465d2b0205839eb5ee0483383aa9924fc3e4168ebd34e1a5819480cf10aa318994d7171e54c07108 SHA512 71cc75c7700f445c616e382b76263ad2e4072beec0232458baf3d9891b8b64a7ad0cac4b4d24b727b2b7dcd100c78606fd48eba98a67eccd5f336e3d626ca713
-DIST openssl-3.1.0.tar.gz.asc 488 BLAKE2B f4a844e3db2c2bdf42b6f811d16cc2077cacf713d20474d94e2d0180a6f97eadf4f03522e9fed478d263d680d88091dc2bc48e7ebb15d049bc57ee7ed64c7fbb SHA512 8d542e6471b745822d6cd889c5b168841b4366ee9a96edc2ab5b44fa1bd1b75308422aed312f1bd6e6a3c3e306eceaa95ce9bb4d0aa3e8ff86cb0fd92a7e61ea
DIST openssl-3.1.1.tar.gz 15544757 BLAKE2B 094f7e28f16de6528016fcd21df1d7382b0dbdcd80ec469d37add9c37f638c059dda3ffb4415eba890a33d146ddc9016bcc7192df101c73be5e70faf6e3b1097 SHA512 8ba9dd6ab87451e126c19cc106ccd1643ca48667d6c37504d0ab98205fbccf855fd0db54474b4113c4c3a15215a4ef77a039fb897a69f71bcab2054b2effd1d9
DIST openssl-3.1.1.tar.gz.asc 833 BLAKE2B 5a2a9aeb475b843862e133d53bc5bb3c8e12e8e03b1e2da41d0eaa0eade1ae03c4318ad1f5c490c5e1ed7e6ac6275a6d7c881d99993911722b043b15d1622b25 SHA512 83349020c67e5b956f3ef37604a03a1970ea393f862691f5fd5d85930c01e559e25db17d397d8fd230c3862a8b2fba2d5c7df883d56d7472f4c01dab3a661cb2
EBUILD openssl-1.0.2u-r1.ebuild 9993 BLAKE2B 2128588b25f90830c4b9120a0e5aa079b127c28aaa590a65900d735999ce777bd8a5f04de75ba476cf5062f3d862021654a2e41a800a0f06359aaa9947269d5b SHA512 e37897b8262f7365aa6484252cbd6b56567552ec90fb299518479cb91f9b88490324c426716cc2ae4facb8d479753d8dacce56a6676adb3afd66558ce693543a
-EBUILD openssl-1.1.1t-r1.ebuild 7919 BLAKE2B 2cdf1786b0ec0f7efcb74e8636e2ca37a0e26cebe5db07914791ce9e612dca1ea5cb6f4a53f2c26936b0aff1141c264d328211af412e28be1a8e896de4af6e21 SHA512 364e2eab610cf6f57591956c5d52618fc103e24a55e5d0d1e73c691fffe4a4dae5189045cc892a703efccb0e981124d41e0822347f41934cf7674cf56e12145f
-EBUILD openssl-1.1.1t-r3.ebuild 8240 BLAKE2B 39fca6bb87a1e9ec112518fa01a2ce871daa44ff6536708ef03906dde1eadd8f53d480c69f3a6bcacbf541affeb9af3cc6719e94479c93d50c8fb2dcb565c40f SHA512 f793d361cb98ea89706ec4bd0442e30671f623efb815a846557f7ba514d25bede9ed8f7a7b62c5400ea2a8674de3659bbe276dd1138748116d9d651dd755308b
EBUILD openssl-1.1.1u.ebuild 8043 BLAKE2B 6c19ba4e37ff0942992c2fd639840301900ff3c68dfb8f3c0ce295e58aa1717c4ed68f620e7fb29ec4fdc8f05c3ae8ff36bdb4e41ad55a19d8ca1de018e7401f SHA512 db2d39ab22c9a2e35497b74cde43c656c78e3e8015eaff5598b2a56100d8ba236a05d98945253ebcdd90b56a93fd2895d96f205bfc66f3b7c89a6b26f4b16a28
-EBUILD openssl-3.0.8-r4.ebuild 8359 BLAKE2B bf0308b0c9a37d8cba6437cad2de049cb48482e856fc810a8cd195324561c883f31bdd3978c85e79cd08ff8dadc101946ecd020365fe4bdaa27e7131d2b91857 SHA512 92caeadf8e63479ca5a6789ac3bfdfd34359855e958644d341f4ec32ee027cd3000c938bf81d706a3ec00386e138ec2c88d1e8a98c6df3e47c2b4f0656c5ba15
EBUILD openssl-3.0.9.ebuild 8103 BLAKE2B 033ec46a6826fc50f581b50b08b7e6b655a50680caaf4fc8e0c3f18c1a2dd3fa8852d908e26e40c43e7b63b4e099a19ff74375257b8e13cb9e74e418dea526cd SHA512 1bc180f1ce3991b5b4eca175aa62592ff5eb6808933885f263e4343fd4b1b6edce3a0edfe3dc343a46ab04464a9a98299d02e4b9f7e66810d64add280e0b1656
-EBUILD openssl-3.1.0-r3.ebuild 8393 BLAKE2B 5a0b57a5272298a9d81c2f01a39e7a8cb429d4795bdc8b348c6112677085c15c14f3c7b52d55f0282b464dc60cff401d510dfad0178527eefe3fa8419ea54d46 SHA512 09d8a0db1d941bf1d20d0cf89509b1d827155089bbd4ca4d8bcf03a597c6959ecbe7a3c554bb33503588b323b28a199be908e231966241c565278a190df10f39
EBUILD openssl-3.1.1.ebuild 8137 BLAKE2B f903d9c357211ab49424fee06f1f5cf6e44d4b52e301af7fb8d369f4e4508fe64256d4200e48bbc16a59b4dfc23ce233e673e362745693cade8f5876bbe058aa SHA512 48e85eccc77acbff6ec91181f21881e3abbc85ac845fa5d18cb7cd1fa6b85aa4d9dcce17096804aec325e768d9247c86364c297a5e6510ce76b9319342970273
MISC metadata.xml 1664 BLAKE2B cf9d4613e5387e7ec0787b1a6c137baa71effb8458fa63b5dea0be4d5cf7c8607257262dbf89dcc0c3db7b17b10232d32902b7569827bd4f2717b3ef7dffaaa9 SHA512 01deef1de981201c14101630d2a4ae270abcac9a4b27b068359d76f63aeb6075aceb33db60175c105294cb7045aae389168f4cf1edf0f6e3656ccc2fe92e9c92
diff --git a/dev-libs/openssl/files/openssl-1.1.1t-CVE-2023-0464.patch b/dev-libs/openssl/files/openssl-1.1.1t-CVE-2023-0464.patch
deleted file mode 100644
index 950e6572cd28..000000000000
--- a/dev-libs/openssl/files/openssl-1.1.1t-CVE-2023-0464.patch
+++ /dev/null
@@ -1,215 +0,0 @@
-commit 879f7080d7e141f415c79eaa3a8ac4a3dad0348b
-Author: Pauli <pauli@openssl.org>
-Date: Wed Mar 8 15:28:20 2023 +1100
-
- x509: excessive resource use verifying policy constraints
-
- A security vulnerability has been identified in all supported versions
- of OpenSSL related to the verification of X.509 certificate chains
- that include policy constraints. Attackers may be able to exploit this
- vulnerability by creating a malicious certificate chain that triggers
- exponential use of computational resources, leading to a denial-of-service
- (DoS) attack on affected systems.
-
- Fixes CVE-2023-0464
-
- Reviewed-by: Tomas Mraz <tomas@openssl.org>
- Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
- (Merged from https://github.com/openssl/openssl/pull/20569)
-
-diff --git a/crypto/x509v3/pcy_local.h b/crypto/x509v3/pcy_local.h
-index 5daf78de45..344aa06765 100644
---- a/crypto/x509v3/pcy_local.h
-+++ b/crypto/x509v3/pcy_local.h
-@@ -111,6 +111,11 @@ struct X509_POLICY_LEVEL_st {
- };
-
- struct X509_POLICY_TREE_st {
-+ /* The number of nodes in the tree */
-+ size_t node_count;
-+ /* The maximum number of nodes in the tree */
-+ size_t node_maximum;
-+
- /* This is the tree 'level' data */
- X509_POLICY_LEVEL *levels;
- int nlevel;
-@@ -159,7 +164,8 @@ X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk,
- X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
- X509_POLICY_DATA *data,
- X509_POLICY_NODE *parent,
-- X509_POLICY_TREE *tree);
-+ X509_POLICY_TREE *tree,
-+ int extra_data);
- void policy_node_free(X509_POLICY_NODE *node);
- int policy_node_match(const X509_POLICY_LEVEL *lvl,
- const X509_POLICY_NODE *node, const ASN1_OBJECT *oid);
-diff --git a/crypto/x509v3/pcy_node.c b/crypto/x509v3/pcy_node.c
-index e2d7b15322..d574fb9d66 100644
---- a/crypto/x509v3/pcy_node.c
-+++ b/crypto/x509v3/pcy_node.c
-@@ -59,10 +59,15 @@ X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level,
- X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
- X509_POLICY_DATA *data,
- X509_POLICY_NODE *parent,
-- X509_POLICY_TREE *tree)
-+ X509_POLICY_TREE *tree,
-+ int extra_data)
- {
- X509_POLICY_NODE *node;
-
-+ /* Verify that the tree isn't too large. This mitigates CVE-2023-0464 */
-+ if (tree->node_maximum > 0 && tree->node_count >= tree->node_maximum)
-+ return NULL;
-+
- node = OPENSSL_zalloc(sizeof(*node));
- if (node == NULL) {
- X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE);
-@@ -70,7 +75,7 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
- }
- node->data = data;
- node->parent = parent;
-- if (level) {
-+ if (level != NULL) {
- if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) {
- if (level->anyPolicy)
- goto node_error;
-@@ -90,7 +95,7 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
- }
- }
-
-- if (tree) {
-+ if (extra_data) {
- if (tree->extra_data == NULL)
- tree->extra_data = sk_X509_POLICY_DATA_new_null();
- if (tree->extra_data == NULL){
-@@ -103,6 +108,7 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
- }
- }
-
-+ tree->node_count++;
- if (parent)
- parent->nchild++;
-
-diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c
-index 6e8322cbc5..6c7fd35405 100644
---- a/crypto/x509v3/pcy_tree.c
-+++ b/crypto/x509v3/pcy_tree.c
-@@ -13,6 +13,18 @@
-
- #include "pcy_local.h"
-
-+/*
-+ * If the maximum number of nodes in the policy tree isn't defined, set it to
-+ * a generous default of 1000 nodes.
-+ *
-+ * Defining this to be zero means unlimited policy tree growth which opens the
-+ * door on CVE-2023-0464.
-+ */
-+
-+#ifndef OPENSSL_POLICY_TREE_NODES_MAX
-+# define OPENSSL_POLICY_TREE_NODES_MAX 1000
-+#endif
-+
- /*
- * Enable this to print out the complete policy tree at various point during
- * evaluation.
-@@ -168,6 +180,9 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
- return X509_PCY_TREE_INTERNAL;
- }
-
-+ /* Limit the growth of the tree to mitigate CVE-2023-0464 */
-+ tree->node_maximum = OPENSSL_POLICY_TREE_NODES_MAX;
-+
- /*
- * http://tools.ietf.org/html/rfc5280#section-6.1.2, figure 3.
- *
-@@ -184,7 +199,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
- level = tree->levels;
- if ((data = policy_data_new(NULL, OBJ_nid2obj(NID_any_policy), 0)) == NULL)
- goto bad_tree;
-- if (level_add_node(level, data, NULL, tree) == NULL) {
-+ if (level_add_node(level, data, NULL, tree, 1) == NULL) {
- policy_data_free(data);
- goto bad_tree;
- }
-@@ -243,7 +258,8 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
- * Return value: 1 on success, 0 otherwise
- */
- static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
-- X509_POLICY_DATA *data)
-+ X509_POLICY_DATA *data,
-+ X509_POLICY_TREE *tree)
- {
- X509_POLICY_LEVEL *last = curr - 1;
- int i, matched = 0;
-@@ -253,13 +269,13 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
- X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(last->nodes, i);
-
- if (policy_node_match(last, node, data->valid_policy)) {
-- if (level_add_node(curr, data, node, NULL) == NULL)
-+ if (level_add_node(curr, data, node, tree, 0) == NULL)
- return 0;
- matched = 1;
- }
- }
- if (!matched && last->anyPolicy) {
-- if (level_add_node(curr, data, last->anyPolicy, NULL) == NULL)
-+ if (level_add_node(curr, data, last->anyPolicy, tree, 0) == NULL)
- return 0;
- }
- return 1;
-@@ -272,7 +288,8 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
- * Return value: 1 on success, 0 otherwise.
- */
- static int tree_link_nodes(X509_POLICY_LEVEL *curr,
-- const X509_POLICY_CACHE *cache)
-+ const X509_POLICY_CACHE *cache,
-+ X509_POLICY_TREE *tree)
- {
- int i;
-
-@@ -280,7 +297,7 @@ static int tree_link_nodes(X509_POLICY_LEVEL *curr,
- X509_POLICY_DATA *data = sk_X509_POLICY_DATA_value(cache->data, i);
-
- /* Look for matching nodes in previous level */
-- if (!tree_link_matching_nodes(curr, data))
-+ if (!tree_link_matching_nodes(curr, data, tree))
- return 0;
- }
- return 1;
-@@ -311,7 +328,7 @@ static int tree_add_unmatched(X509_POLICY_LEVEL *curr,
- /* Curr may not have anyPolicy */
- data->qualifier_set = cache->anyPolicy->qualifier_set;
- data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
-- if (level_add_node(curr, data, node, tree) == NULL) {
-+ if (level_add_node(curr, data, node, tree, 1) == NULL) {
- policy_data_free(data);
- return 0;
- }
-@@ -373,7 +390,7 @@ static int tree_link_any(X509_POLICY_LEVEL *curr,
- }
- /* Finally add link to anyPolicy */
- if (last->anyPolicy &&
-- level_add_node(curr, cache->anyPolicy, last->anyPolicy, NULL) == NULL)
-+ level_add_node(curr, cache->anyPolicy, last->anyPolicy, tree, 0) == NULL)
- return 0;
- return 1;
- }
-@@ -555,7 +572,7 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree,
- extra->qualifier_set = anyPolicy->data->qualifier_set;
- extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS
- | POLICY_DATA_FLAG_EXTRA_NODE;
-- node = level_add_node(NULL, extra, anyPolicy->parent, tree);
-+ node = level_add_node(NULL, extra, anyPolicy->parent, tree, 1);
- }
- if (!tree->user_policies) {
- tree->user_policies = sk_X509_POLICY_NODE_new_null();
-@@ -582,7 +599,7 @@ static int tree_evaluate(X509_POLICY_TREE *tree)
-
- for (i = 1; i < tree->nlevel; i++, curr++) {
- cache = policy_cache_set(curr->cert);
-- if (!tree_link_nodes(curr, cache))
-+ if (!tree_link_nodes(curr, cache, tree))
- return X509_PCY_TREE_INTERNAL;
-
- if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY)
diff --git a/dev-libs/openssl/files/openssl-1.1.1t-CVE-2023-0465.patch b/dev-libs/openssl/files/openssl-1.1.1t-CVE-2023-0465.patch
deleted file mode 100644
index c332e0bd2c9f..000000000000
--- a/dev-libs/openssl/files/openssl-1.1.1t-CVE-2023-0465.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-commit b013765abfa80036dc779dd0e50602c57bb3bf95
-Author: Matt Caswell <matt@openssl.org>
-Date: Tue Mar 7 16:52:55 2023 +0000
-
- Ensure that EXFLAG_INVALID_POLICY is checked even in leaf certs
-
- Even though we check the leaf cert to confirm it is valid, we
- later ignored the invalid flag and did not notice that the leaf
- cert was bad.
-
- Fixes: CVE-2023-0465
-
- Reviewed-by: Hugo Landau <hlandau@openssl.org>
- Reviewed-by: Tomas Mraz <tomas@openssl.org>
- (Merged from https://github.com/openssl/openssl/pull/20588)
-
-diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
-index 925fbb5412..1dfe4f9f31 100644
---- a/crypto/x509/x509_vfy.c
-+++ b/crypto/x509/x509_vfy.c
-@@ -1649,18 +1649,25 @@ static int check_policy(X509_STORE_CTX *ctx)
- }
- /* Invalid or inconsistent extensions */
- if (ret == X509_PCY_TREE_INVALID) {
-- int i;
-+ int i, cbcalled = 0;
-
- /* Locate certificates with bad extensions and notify callback. */
-- for (i = 1; i < sk_X509_num(ctx->chain); i++) {
-+ for (i = 0; i < sk_X509_num(ctx->chain); i++) {
- X509 *x = sk_X509_value(ctx->chain, i);
-
- if (!(x->ex_flags & EXFLAG_INVALID_POLICY))
- continue;
-+ cbcalled = 1;
- if (!verify_cb_cert(ctx, x, i,
- X509_V_ERR_INVALID_POLICY_EXTENSION))
- return 0;
- }
-+ if (!cbcalled) {
-+ /* Should not be able to get here */
-+ X509err(X509_F_CHECK_POLICY, ERR_R_INTERNAL_ERROR);
-+ return 0;
-+ }
-+ /* The callback ignored the error so we return success */
- return 1;
- }
- if (ret == X509_PCY_TREE_FAILURE) {
diff --git a/dev-libs/openssl/files/openssl-1.1.1t-CVE-2023-0466.patch b/dev-libs/openssl/files/openssl-1.1.1t-CVE-2023-0466.patch
deleted file mode 100644
index 9a59d2846a48..000000000000
--- a/dev-libs/openssl/files/openssl-1.1.1t-CVE-2023-0466.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-commit 0d16b7e99aafc0b4a6d729eec65a411a7e025f0a
-Author: Tomas Mraz <tomas@openssl.org>
-Date: Tue Mar 21 16:15:47 2023 +0100
-
- Fix documentation of X509_VERIFY_PARAM_add0_policy()
-
- The function was incorrectly documented as enabling policy checking.
-
- Fixes: CVE-2023-0466
-
- Reviewed-by: Matt Caswell <matt@openssl.org>
- Reviewed-by: Paul Dale <pauli@openssl.org>
- (Merged from https://github.com/openssl/openssl/pull/20564)
-
-diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod
-index f6f304bf7b..aa292f9336 100644
---- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod
-+++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod
-@@ -92,8 +92,9 @@ B<trust>.
- X509_VERIFY_PARAM_set_time() sets the verification time in B<param> to
- B<t>. Normally the current time is used.
-
--X509_VERIFY_PARAM_add0_policy() enables policy checking (it is disabled
--by default) and adds B<policy> to the acceptable policy set.
-+X509_VERIFY_PARAM_add0_policy() adds B<policy> to the acceptable policy set.
-+Contrary to preexisting documentation of this function it does not enable
-+policy checking.
-
- X509_VERIFY_PARAM_set1_policies() enables policy checking (it is disabled
- by default) and sets the acceptable policy set to B<policies>. Any existing
-@@ -377,6 +378,10 @@ and has no effect.
-
- The X509_VERIFY_PARAM_get_hostflags() function was added in OpenSSL 1.1.0i.
-
-+The function X509_VERIFY_PARAM_add0_policy() was historically documented as
-+enabling policy checking however the implementation has never done this.
-+The documentation was changed to align with the implementation.
-+
- =head1 COPYRIGHT
-
- Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/dev-libs/openssl/files/openssl-3.0.8-CVE-2023-0464.patch b/dev-libs/openssl/files/openssl-3.0.8-CVE-2023-0464.patch
deleted file mode 100644
index 3cf1d3b38ec9..000000000000
--- a/dev-libs/openssl/files/openssl-3.0.8-CVE-2023-0464.patch
+++ /dev/null
@@ -1,214 +0,0 @@
-commit 959c59c7a0164117e7f8366466a32bb1f8d77ff1
-Author: Pauli <pauli@openssl.org>
-Date: Wed Mar 8 15:28:20 2023 +1100
-
- x509: excessive resource use verifying policy constraints
-
- A security vulnerability has been identified in all supported versions
- of OpenSSL related to the verification of X.509 certificate chains
- that include policy constraints. Attackers may be able to exploit this
- vulnerability by creating a malicious certificate chain that triggers
- exponential use of computational resources, leading to a denial-of-service
- (DoS) attack on affected systems.
-
- Fixes CVE-2023-0464
-
- Reviewed-by: Tomas Mraz <tomas@openssl.org>
- Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
- (Merged from https://github.com/openssl/openssl/pull/20568)
-
-diff --git a/crypto/x509/pcy_local.h b/crypto/x509/pcy_local.h
-index 18b53cc09e..cba107ca03 100644
---- a/crypto/x509/pcy_local.h
-+++ b/crypto/x509/pcy_local.h
-@@ -111,6 +111,11 @@ struct X509_POLICY_LEVEL_st {
- };
-
- struct X509_POLICY_TREE_st {
-+ /* The number of nodes in the tree */
-+ size_t node_count;
-+ /* The maximum number of nodes in the tree */
-+ size_t node_maximum;
-+
- /* This is the tree 'level' data */
- X509_POLICY_LEVEL *levels;
- int nlevel;
-@@ -157,7 +162,8 @@ X509_POLICY_NODE *ossl_policy_tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk,
- X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
- X509_POLICY_DATA *data,
- X509_POLICY_NODE *parent,
-- X509_POLICY_TREE *tree);
-+ X509_POLICY_TREE *tree,
-+ int extra_data);
- void ossl_policy_node_free(X509_POLICY_NODE *node);
- int ossl_policy_node_match(const X509_POLICY_LEVEL *lvl,
- const X509_POLICY_NODE *node, const ASN1_OBJECT *oid);
-diff --git a/crypto/x509/pcy_node.c b/crypto/x509/pcy_node.c
-index 9d9a7ea179..450f95a655 100644
---- a/crypto/x509/pcy_node.c
-+++ b/crypto/x509/pcy_node.c
-@@ -59,10 +59,15 @@ X509_POLICY_NODE *ossl_policy_level_find_node(const X509_POLICY_LEVEL *level,
- X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
- X509_POLICY_DATA *data,
- X509_POLICY_NODE *parent,
-- X509_POLICY_TREE *tree)
-+ X509_POLICY_TREE *tree,
-+ int extra_data)
- {
- X509_POLICY_NODE *node;
-
-+ /* Verify that the tree isn't too large. This mitigates CVE-2023-0464 */
-+ if (tree->node_maximum > 0 && tree->node_count >= tree->node_maximum)
-+ return NULL;
-+
- node = OPENSSL_zalloc(sizeof(*node));
- if (node == NULL) {
- ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
-@@ -70,7 +75,7 @@ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
- }
- node->data = data;
- node->parent = parent;
-- if (level) {
-+ if (level != NULL) {
- if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) {
- if (level->anyPolicy)
- goto node_error;
-@@ -90,7 +95,7 @@ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
- }
- }
-
-- if (tree) {
-+ if (extra_data) {
- if (tree->extra_data == NULL)
- tree->extra_data = sk_X509_POLICY_DATA_new_null();
- if (tree->extra_data == NULL){
-@@ -103,6 +108,7 @@ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
- }
- }
-
-+ tree->node_count++;
- if (parent)
- parent->nchild++;
-
-diff --git a/crypto/x509/pcy_tree.c b/crypto/x509/pcy_tree.c
-index fa45da5117..f953a05a41 100644
---- a/crypto/x509/pcy_tree.c
-+++ b/crypto/x509/pcy_tree.c
-@@ -14,6 +14,17 @@
-
- #include "pcy_local.h"
-
-+/*
-+ * If the maximum number of nodes in the policy tree isn't defined, set it to
-+ * a generous default of 1000 nodes.
-+ *
-+ * Defining this to be zero means unlimited policy tree growth which opens the
-+ * door on CVE-2023-0464.
-+ */
-+#ifndef OPENSSL_POLICY_TREE_NODES_MAX
-+# define OPENSSL_POLICY_TREE_NODES_MAX 1000
-+#endif
-+
- static void expected_print(BIO *channel,
- X509_POLICY_LEVEL *lev, X509_POLICY_NODE *node,
- int indent)
-@@ -163,6 +174,9 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
- return X509_PCY_TREE_INTERNAL;
- }
-
-+ /* Limit the growth of the tree to mitigate CVE-2023-0464 */
-+ tree->node_maximum = OPENSSL_POLICY_TREE_NODES_MAX;
-+
- /*
- * http://tools.ietf.org/html/rfc5280#section-6.1.2, figure 3.
- *
-@@ -180,7 +194,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
- if ((data = ossl_policy_data_new(NULL,
- OBJ_nid2obj(NID_any_policy), 0)) == NULL)
- goto bad_tree;
-- if (ossl_policy_level_add_node(level, data, NULL, tree) == NULL) {
-+ if (ossl_policy_level_add_node(level, data, NULL, tree, 1) == NULL) {
- ossl_policy_data_free(data);
- goto bad_tree;
- }
-@@ -239,7 +253,8 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
- * Return value: 1 on success, 0 otherwise
- */
- static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
-- X509_POLICY_DATA *data)
-+ X509_POLICY_DATA *data,
-+ X509_POLICY_TREE *tree)
- {
- X509_POLICY_LEVEL *last = curr - 1;
- int i, matched = 0;
-@@ -249,13 +264,13 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
- X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(last->nodes, i);
-
- if (ossl_policy_node_match(last, node, data->valid_policy)) {
-- if (ossl_policy_level_add_node(curr, data, node, NULL) == NULL)
-+ if (ossl_policy_level_add_node(curr, data, node, tree, 0) == NULL)
- return 0;
- matched = 1;
- }
- }
- if (!matched && last->anyPolicy) {
-- if (ossl_policy_level_add_node(curr, data, last->anyPolicy, NULL) == NULL)
-+ if (ossl_policy_level_add_node(curr, data, last->anyPolicy, tree, 0) == NULL)
- return 0;
- }
- return 1;
-@@ -268,7 +283,8 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
- * Return value: 1 on success, 0 otherwise.
- */
- static int tree_link_nodes(X509_POLICY_LEVEL *curr,
-- const X509_POLICY_CACHE *cache)
-+ const X509_POLICY_CACHE *cache,
-+ X509_POLICY_TREE *tree)
- {
- int i;
-
-@@ -276,7 +292,7 @@ static int tree_link_nodes(X509_POLICY_LEVEL *curr,
- X509_POLICY_DATA *data = sk_X509_POLICY_DATA_value(cache->data, i);
-
- /* Look for matching nodes in previous level */
-- if (!tree_link_matching_nodes(curr, data))
-+ if (!tree_link_matching_nodes(curr, data, tree))
- return 0;
- }
- return 1;
-@@ -307,7 +323,7 @@ static int tree_add_unmatched(X509_POLICY_LEVEL *curr,
- /* Curr may not have anyPolicy */
- data->qualifier_set = cache->anyPolicy->qualifier_set;
- data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
-- if (ossl_policy_level_add_node(curr, data, node, tree) == NULL) {
-+ if (ossl_policy_level_add_node(curr, data, node, tree, 1) == NULL) {
- ossl_policy_data_free(data);
- return 0;
- }
-@@ -370,7 +386,7 @@ static int tree_link_any(X509_POLICY_LEVEL *curr,
- /* Finally add link to anyPolicy */
- if (last->anyPolicy &&
- ossl_policy_level_add_node(curr, cache->anyPolicy,
-- last->anyPolicy, NULL) == NULL)
-+ last->anyPolicy, tree, 0) == NULL)
- return 0;
- return 1;
- }
-@@ -553,7 +569,7 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree,
- extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS
- | POLICY_DATA_FLAG_EXTRA_NODE;
- node = ossl_policy_level_add_node(NULL, extra, anyPolicy->parent,
-- tree);
-+ tree, 1);
- }
- if (!tree->user_policies) {
- tree->user_policies = sk_X509_POLICY_NODE_new_null();
-@@ -580,7 +596,7 @@ static int tree_evaluate(X509_POLICY_TREE *tree)
-
- for (i = 1; i < tree->nlevel; i++, curr++) {
- cache = ossl_policy_cache_set(curr->cert);
-- if (!tree_link_nodes(curr, cache))
-+ if (!tree_link_nodes(curr, cache, tree))
- return X509_PCY_TREE_INTERNAL;
-
- if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY)
diff --git a/dev-libs/openssl/files/openssl-3.0.8-CVE-2023-0465.patch b/dev-libs/openssl/files/openssl-3.0.8-CVE-2023-0465.patch
deleted file mode 100644
index 852706d8aa92..000000000000
--- a/dev-libs/openssl/files/openssl-3.0.8-CVE-2023-0465.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-commit 1dd43e0709fece299b15208f36cc7c76209ba0bb
-Author: Matt Caswell <matt@openssl.org>
-Date: Tue Mar 7 16:52:55 2023 +0000
-
- Ensure that EXFLAG_INVALID_POLICY is checked even in leaf certs
-
- Even though we check the leaf cert to confirm it is valid, we
- later ignored the invalid flag and did not notice that the leaf
- cert was bad.
-
- Fixes: CVE-2023-0465
-
- Reviewed-by: Hugo Landau <hlandau@openssl.org>
- Reviewed-by: Tomas Mraz <tomas@openssl.org>
- (Merged from https://github.com/openssl/openssl/pull/20587)
-
-diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
-index 9384f1da9b..a0282c3ef1 100644
---- a/crypto/x509/x509_vfy.c
-+++ b/crypto/x509/x509_vfy.c
-@@ -1654,15 +1654,23 @@ static int check_policy(X509_STORE_CTX *ctx)
- goto memerr;
- /* Invalid or inconsistent extensions */
- if (ret == X509_PCY_TREE_INVALID) {
-- int i;
-+ int i, cbcalled = 0;
-
- /* Locate certificates with bad extensions and notify callback. */
-- for (i = 1; i < sk_X509_num(ctx->chain); i++) {
-+ for (i = 0; i < sk_X509_num(ctx->chain); i++) {
- X509 *x = sk_X509_value(ctx->chain, i);
-
-+ if ((x->ex_flags & EXFLAG_INVALID_POLICY) != 0)
-+ cbcalled = 1;
- CB_FAIL_IF((x->ex_flags & EXFLAG_INVALID_POLICY) != 0,
- ctx, x, i, X509_V_ERR_INVALID_POLICY_EXTENSION);
- }
-+ if (!cbcalled) {
-+ /* Should not be able to get here */
-+ ERR_raise(ERR_LIB_X509, ERR_R_INTERNAL_ERROR);
-+ return 0;
-+ }
-+ /* The callback ignored the error so we return success */
- return 1;
- }
- if (ret == X509_PCY_TREE_FAILURE) {
diff --git a/dev-libs/openssl/files/openssl-3.0.8-CVE-2023-0466.patch b/dev-libs/openssl/files/openssl-3.0.8-CVE-2023-0466.patch
deleted file mode 100644
index c71665d82e18..000000000000
--- a/dev-libs/openssl/files/openssl-3.0.8-CVE-2023-0466.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-commit 51e8a84ce742db0f6c70510d0159dad8f7825908
-Author: Tomas Mraz <tomas@openssl.org>
-Date: Tue Mar 21 16:15:47 2023 +0100
-
- Fix documentation of X509_VERIFY_PARAM_add0_policy()
-
- The function was incorrectly documented as enabling policy checking.
-
- Fixes: CVE-2023-0466
-
- Reviewed-by: Matt Caswell <matt@openssl.org>
- Reviewed-by: Paul Dale <pauli@openssl.org>
- (Merged from https://github.com/openssl/openssl/pull/20563)
-
-diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod
-index 75a1677022..43c1900bca 100644
---- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod
-+++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod
-@@ -98,8 +98,9 @@ B<trust>.
- X509_VERIFY_PARAM_set_time() sets the verification time in B<param> to
- B<t>. Normally the current time is used.
-
--X509_VERIFY_PARAM_add0_policy() enables policy checking (it is disabled
--by default) and adds B<policy> to the acceptable policy set.
-+X509_VERIFY_PARAM_add0_policy() adds B<policy> to the acceptable policy set.
-+Contrary to preexisting documentation of this function it does not enable
-+policy checking.
-
- X509_VERIFY_PARAM_set1_policies() enables policy checking (it is disabled
- by default) and sets the acceptable policy set to B<policies>. Any existing
-@@ -400,6 +401,10 @@ The X509_VERIFY_PARAM_get_hostflags() function was added in OpenSSL 1.1.0i.
- The X509_VERIFY_PARAM_get0_host(), X509_VERIFY_PARAM_get0_email(),
- and X509_VERIFY_PARAM_get1_ip_asc() functions were added in OpenSSL 3.0.
-
-+The function X509_VERIFY_PARAM_add0_policy() was historically documented as
-+enabling policy checking however the implementation has never done this.
-+The documentation was changed to align with the implementation.
-+
- =head1 COPYRIGHT
-
- Copyright 2009-2023 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/dev-libs/openssl/files/openssl-3.0.8-CVE-2023-1255.patch b/dev-libs/openssl/files/openssl-3.0.8-CVE-2023-1255.patch
deleted file mode 100644
index 9b1a657d51be..000000000000
--- a/dev-libs/openssl/files/openssl-3.0.8-CVE-2023-1255.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-commit 02ac9c9420275868472f33b01def01218742b8bb
-Author: Tomas Mraz <tomas@openssl.org>
-Date: Mon Apr 17 16:51:20 2023 +0200
-
- aesv8-armx.pl: Avoid buffer overrread in AES-XTS decryption
-
- Original author: Nevine Ebeid (Amazon)
- Fixes: CVE-2023-1255
-
- The buffer overread happens on decrypts of 4 mod 5 sizes.
- Unless the memory just after the buffer is unmapped this is harmless.
-
- Reviewed-by: Paul Dale <pauli@openssl.org>
- Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
- (Merged from https://github.com/openssl/openssl/pull/20759)
-
- (cherry picked from commit 72dfe46550ee1f1bbfacd49f071419365bc23304)
-
-diff --git a/crypto/aes/asm/aesv8-armx.pl b/crypto/aes/asm/aesv8-armx.pl
-index 6a7bf05d1b..bd583e2c89 100755
---- a/crypto/aes/asm/aesv8-armx.pl
-+++ b/crypto/aes/asm/aesv8-armx.pl
-@@ -3353,7 +3353,7 @@ $code.=<<___ if ($flavour =~ /64/);
- .align 4
- .Lxts_dec_tail4x:
- add $inp,$inp,#16
-- vld1.32 {$dat0},[$inp],#16
-+ tst $tailcnt,#0xf
- veor $tmp1,$dat1,$tmp0
- vst1.8 {$tmp1},[$out],#16
- veor $tmp2,$dat2,$tmp2
-@@ -3362,6 +3362,8 @@ $code.=<<___ if ($flavour =~ /64/);
- veor $tmp4,$dat4,$tmp4
- vst1.8 {$tmp3-$tmp4},[$out],#32
-
-+ b.eq .Lxts_dec_abort
-+ vld1.32 {$dat0},[$inp],#16
- b .Lxts_done
- .align 4
- .Lxts_outer_dec_tail:
diff --git a/dev-libs/openssl/files/openssl-3.0.8-mips-cflags.patch b/dev-libs/openssl/files/openssl-3.0.8-mips-cflags.patch
deleted file mode 100644
index 111681f27d07..000000000000
--- a/dev-libs/openssl/files/openssl-3.0.8-mips-cflags.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-https://bugs.gentoo.org/894140
-https://github.com/openssl/openssl/issues/20214
-
-From d500b51791cd56e73065e3a7f4487fc33f31c91c Mon Sep 17 00:00:00 2001
-From: Mike Gilbert <floppym@gentoo.org>
-Date: Sun, 12 Feb 2023 17:56:58 -0500
-Subject: [PATCH] Fix Configure test for -mips in CFLAGS
-
-We want to add -mips2 or -mips3 only if the user hasn't already
-specified a mips version in CFLAGS. The existing test was a
-double-negative.
-
-Fixes: https://github.com/openssl/openssl/issues/20214
----
- Configure | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/Configure b/Configure
-index b6bbec0a85c4..ec48614d6b99 100755
---- a/Configure
-+++ b/Configure
-@@ -1475,7 +1475,7 @@ if ($target =~ /^mingw/ && `$config{CC} --target-help 2>&1` =~ m/-mno-cygwin/m)
- }
-
- if ($target =~ /linux.*-mips/ && !$disabled{asm}
-- && !grep { $_ !~ /-m(ips|arch=)/ } (@{$config{CFLAGS}})) {
-+ && !grep { $_ =~ /-m(ips|arch=)/ } (@{$config{CFLAGS}})) {
- # minimally required architecture flags for assembly modules
- my $value;
- $value = '-mips2' if ($target =~ /mips32/);
diff --git a/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0464.patch b/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0464.patch
deleted file mode 100644
index dfe83e53d0ad..000000000000
--- a/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0464.patch
+++ /dev/null
@@ -1,214 +0,0 @@
-commit 2017771e2db3e2b96f89bbe8766c3209f6a99545
-Author: Pauli <pauli@openssl.org>
-Date: Wed Mar 8 15:28:20 2023 +1100
-
- x509: excessive resource use verifying policy constraints
-
- A security vulnerability has been identified in all supported versions
- of OpenSSL related to the verification of X.509 certificate chains
- that include policy constraints. Attackers may be able to exploit this
- vulnerability by creating a malicious certificate chain that triggers
- exponential use of computational resources, leading to a denial-of-service
- (DoS) attack on affected systems.
-
- Fixes CVE-2023-0464
-
- Reviewed-by: Tomas Mraz <tomas@openssl.org>
- Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
- (Merged from https://github.com/openssl/openssl/pull/20570)
-
-diff --git a/crypto/x509/pcy_local.h b/crypto/x509/pcy_local.h
-index 18b53cc09e..cba107ca03 100644
---- a/crypto/x509/pcy_local.h
-+++ b/crypto/x509/pcy_local.h
-@@ -111,6 +111,11 @@ struct X509_POLICY_LEVEL_st {
- };
-
- struct X509_POLICY_TREE_st {
-+ /* The number of nodes in the tree */
-+ size_t node_count;
-+ /* The maximum number of nodes in the tree */
-+ size_t node_maximum;
-+
- /* This is the tree 'level' data */
- X509_POLICY_LEVEL *levels;
- int nlevel;
-@@ -157,7 +162,8 @@ X509_POLICY_NODE *ossl_policy_tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk,
- X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
- X509_POLICY_DATA *data,
- X509_POLICY_NODE *parent,
-- X509_POLICY_TREE *tree);
-+ X509_POLICY_TREE *tree,
-+ int extra_data);
- void ossl_policy_node_free(X509_POLICY_NODE *node);
- int ossl_policy_node_match(const X509_POLICY_LEVEL *lvl,
- const X509_POLICY_NODE *node, const ASN1_OBJECT *oid);
-diff --git a/crypto/x509/pcy_node.c b/crypto/x509/pcy_node.c
-index 9d9a7ea179..450f95a655 100644
---- a/crypto/x509/pcy_node.c
-+++ b/crypto/x509/pcy_node.c
-@@ -59,10 +59,15 @@ X509_POLICY_NODE *ossl_policy_level_find_node(const X509_POLICY_LEVEL *level,
- X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
- X509_POLICY_DATA *data,
- X509_POLICY_NODE *parent,
-- X509_POLICY_TREE *tree)
-+ X509_POLICY_TREE *tree,
-+ int extra_data)
- {
- X509_POLICY_NODE *node;
-
-+ /* Verify that the tree isn't too large. This mitigates CVE-2023-0464 */
-+ if (tree->node_maximum > 0 && tree->node_count >= tree->node_maximum)
-+ return NULL;
-+
- node = OPENSSL_zalloc(sizeof(*node));
- if (node == NULL) {
- ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
-@@ -70,7 +75,7 @@ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
- }
- node->data = data;
- node->parent = parent;
-- if (level) {
-+ if (level != NULL) {
- if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) {
- if (level->anyPolicy)
- goto node_error;
-@@ -90,7 +95,7 @@ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
- }
- }
-
-- if (tree) {
-+ if (extra_data) {
- if (tree->extra_data == NULL)
- tree->extra_data = sk_X509_POLICY_DATA_new_null();
- if (tree->extra_data == NULL){
-@@ -103,6 +108,7 @@ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
- }
- }
-
-+ tree->node_count++;
- if (parent)
- parent->nchild++;
-
-diff --git a/crypto/x509/pcy_tree.c b/crypto/x509/pcy_tree.c
-index fa45da5117..f953a05a41 100644
---- a/crypto/x509/pcy_tree.c
-+++ b/crypto/x509/pcy_tree.c
-@@ -14,6 +14,17 @@
-
- #include "pcy_local.h"
-
-+/*
-+ * If the maximum number of nodes in the policy tree isn't defined, set it to
-+ * a generous default of 1000 nodes.
-+ *
-+ * Defining this to be zero means unlimited policy tree growth which opens the
-+ * door on CVE-2023-0464.
-+ */
-+#ifndef OPENSSL_POLICY_TREE_NODES_MAX
-+# define OPENSSL_POLICY_TREE_NODES_MAX 1000
-+#endif
-+
- static void expected_print(BIO *channel,
- X509_POLICY_LEVEL *lev, X509_POLICY_NODE *node,
- int indent)
-@@ -163,6 +174,9 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
- return X509_PCY_TREE_INTERNAL;
- }
-
-+ /* Limit the growth of the tree to mitigate CVE-2023-0464 */
-+ tree->node_maximum = OPENSSL_POLICY_TREE_NODES_MAX;
-+
- /*
- * http://tools.ietf.org/html/rfc5280#section-6.1.2, figure 3.
- *
-@@ -180,7 +194,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
- if ((data = ossl_policy_data_new(NULL,
- OBJ_nid2obj(NID_any_policy), 0)) == NULL)
- goto bad_tree;
-- if (ossl_policy_level_add_node(level, data, NULL, tree) == NULL) {
-+ if (ossl_policy_level_add_node(level, data, NULL, tree, 1) == NULL) {
- ossl_policy_data_free(data);
- goto bad_tree;
- }
-@@ -239,7 +253,8 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
- * Return value: 1 on success, 0 otherwise
- */
- static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
-- X509_POLICY_DATA *data)
-+ X509_POLICY_DATA *data,
-+ X509_POLICY_TREE *tree)
- {
- X509_POLICY_LEVEL *last = curr - 1;
- int i, matched = 0;
-@@ -249,13 +264,13 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
- X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(last->nodes, i);
-
- if (ossl_policy_node_match(last, node, data->valid_policy)) {
-- if (ossl_policy_level_add_node(curr, data, node, NULL) == NULL)
-+ if (ossl_policy_level_add_node(curr, data, node, tree, 0) == NULL)
- return 0;
- matched = 1;
- }
- }
- if (!matched && last->anyPolicy) {
-- if (ossl_policy_level_add_node(curr, data, last->anyPolicy, NULL) == NULL)
-+ if (ossl_policy_level_add_node(curr, data, last->anyPolicy, tree, 0) == NULL)
- return 0;
- }
- return 1;
-@@ -268,7 +283,8 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
- * Return value: 1 on success, 0 otherwise.
- */
- static int tree_link_nodes(X509_POLICY_LEVEL *curr,
-- const X509_POLICY_CACHE *cache)
-+ const X509_POLICY_CACHE *cache,
-+ X509_POLICY_TREE *tree)
- {
- int i;
-
-@@ -276,7 +292,7 @@ static int tree_link_nodes(X509_POLICY_LEVEL *curr,
- X509_POLICY_DATA *data = sk_X509_POLICY_DATA_value(cache->data, i);
-
- /* Look for matching nodes in previous level */
-- if (!tree_link_matching_nodes(curr, data))
-+ if (!tree_link_matching_nodes(curr, data, tree))
- return 0;
- }
- return 1;
-@@ -307,7 +323,7 @@ static int tree_add_unmatched(X509_POLICY_LEVEL *curr,
- /* Curr may not have anyPolicy */
- data->qualifier_set = cache->anyPolicy->qualifier_set;
- data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
-- if (ossl_policy_level_add_node(curr, data, node, tree) == NULL) {
-+ if (ossl_policy_level_add_node(curr, data, node, tree, 1) == NULL) {
- ossl_policy_data_free(data);
- return 0;
- }
-@@ -370,7 +386,7 @@ static int tree_link_any(X509_POLICY_LEVEL *curr,
- /* Finally add link to anyPolicy */
- if (last->anyPolicy &&
- ossl_policy_level_add_node(curr, cache->anyPolicy,
-- last->anyPolicy, NULL) == NULL)
-+ last->anyPolicy, tree, 0) == NULL)
- return 0;
- return 1;
- }
-@@ -553,7 +569,7 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree,
- extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS
- | POLICY_DATA_FLAG_EXTRA_NODE;
- node = ossl_policy_level_add_node(NULL, extra, anyPolicy->parent,
-- tree);
-+ tree, 1);
- }
- if (!tree->user_policies) {
- tree->user_policies = sk_X509_POLICY_NODE_new_null();
-@@ -580,7 +596,7 @@ static int tree_evaluate(X509_POLICY_TREE *tree)
-
- for (i = 1; i < tree->nlevel; i++, curr++) {
- cache = ossl_policy_cache_set(curr->cert);
-- if (!tree_link_nodes(curr, cache))
-+ if (!tree_link_nodes(curr, cache, tree))
- return X509_PCY_TREE_INTERNAL;
-
- if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY)
diff --git a/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0465.patch b/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0465.patch
deleted file mode 100644
index a98f7cba13bd..000000000000
--- a/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0465.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-commit facfb1ab745646e97a1920977ae4a9965ea61d5c
-Author: Matt Caswell <matt@openssl.org>
-Date: Tue Mar 7 16:52:55 2023 +0000
-
- Ensure that EXFLAG_INVALID_POLICY is checked even in leaf certs
-
- Even though we check the leaf cert to confirm it is valid, we
- later ignored the invalid flag and did not notice that the leaf
- cert was bad.
-
- Fixes: CVE-2023-0465
-
- Reviewed-by: Hugo Landau <hlandau@openssl.org>
- Reviewed-by: Tomas Mraz <tomas@openssl.org>
- (Merged from https://github.com/openssl/openssl/pull/20586)
-
-diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
-index 9384f1da9b..a0282c3ef1 100644
---- a/crypto/x509/x509_vfy.c
-+++ b/crypto/x509/x509_vfy.c
-@@ -1654,15 +1654,23 @@ static int check_policy(X509_STORE_CTX *ctx)
- goto memerr;
- /* Invalid or inconsistent extensions */
- if (ret == X509_PCY_TREE_INVALID) {
-- int i;
-+ int i, cbcalled = 0;
-
- /* Locate certificates with bad extensions and notify callback. */
-- for (i = 1; i < sk_X509_num(ctx->chain); i++) {
-+ for (i = 0; i < sk_X509_num(ctx->chain); i++) {
- X509 *x = sk_X509_value(ctx->chain, i);
-
-+ if ((x->ex_flags & EXFLAG_INVALID_POLICY) != 0)
-+ cbcalled = 1;
- CB_FAIL_IF((x->ex_flags & EXFLAG_INVALID_POLICY) != 0,
- ctx, x, i, X509_V_ERR_INVALID_POLICY_EXTENSION);
- }
-+ if (!cbcalled) {
-+ /* Should not be able to get here */
-+ ERR_raise(ERR_LIB_X509, ERR_R_INTERNAL_ERROR);
-+ return 0;
-+ }
-+ /* The callback ignored the error so we return success */
- return 1;
- }
- if (ret == X509_PCY_TREE_FAILURE) {
diff --git a/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0466.patch b/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0466.patch
deleted file mode 100644
index 9a315f4c00fd..000000000000
--- a/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0466.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-commit fc814a30fc4f0bc54fcea7d9a7462f5457aab061
-Author: Tomas Mraz <tomas@openssl.org>
-Date: Tue Mar 21 16:15:47 2023 +0100
-
- Fix documentation of X509_VERIFY_PARAM_add0_policy()
-
- The function was incorrectly documented as enabling policy checking.
-
- Fixes: CVE-2023-0466
-
- Reviewed-by: Paul Dale <pauli@openssl.org>
- Reviewed-by: Matt Caswell <matt@openssl.org>
- (Merged from https://github.com/openssl/openssl/pull/20562)
-
-diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod
-index 20aea99b5b..fcbbfc4c30 100644
---- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod
-+++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod
-@@ -98,8 +98,9 @@ B<trust>.
- X509_VERIFY_PARAM_set_time() sets the verification time in B<param> to
- B<t>. Normally the current time is used.
-
--X509_VERIFY_PARAM_add0_policy() enables policy checking (it is disabled
--by default) and adds B<policy> to the acceptable policy set.
-+X509_VERIFY_PARAM_add0_policy() adds B<policy> to the acceptable policy set.
-+Contrary to preexisting documentation of this function it does not enable
-+policy checking.
-
- X509_VERIFY_PARAM_set1_policies() enables policy checking (it is disabled
- by default) and sets the acceptable policy set to B<policies>. Any existing
-@@ -400,6 +401,10 @@ The X509_VERIFY_PARAM_get_hostflags() function was added in OpenSSL 1.1.0i.
- The X509_VERIFY_PARAM_get0_host(), X509_VERIFY_PARAM_get0_email(),
- and X509_VERIFY_PARAM_get1_ip_asc() functions were added in OpenSSL 3.0.
-
-+The function X509_VERIFY_PARAM_add0_policy() was historically documented as
-+enabling policy checking however the implementation has never done this.
-+The documentation was changed to align with the implementation.
-+
- =head1 COPYRIGHT
-
- Copyright 2009-2023 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-1255.patch b/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-1255.patch
deleted file mode 100644
index aea425f83556..000000000000
--- a/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-1255.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-commit bc2f61ad70971869b242fc1cb445b98bad50074a
-Author: Tomas Mraz <tomas@openssl.org>
-Date: Mon Apr 17 16:51:20 2023 +0200
-
- aesv8-armx.pl: Avoid buffer overrread in AES-XTS decryption
-
- Original author: Nevine Ebeid (Amazon)
- Fixes: CVE-2023-1255
-
- The buffer overread happens on decrypts of 4 mod 5 sizes.
- Unless the memory just after the buffer is unmapped this is harmless.
-
- Reviewed-by: Paul Dale <pauli@openssl.org>
- Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
- (Merged from https://github.com/openssl/openssl/pull/20759)
-
- (cherry picked from commit 72dfe46550ee1f1bbfacd49f071419365bc23304)
-
-diff --git a/crypto/aes/asm/aesv8-armx.pl b/crypto/aes/asm/aesv8-armx.pl
-index ea74217317..efd3ccd1a4 100755
---- a/crypto/aes/asm/aesv8-armx.pl
-+++ b/crypto/aes/asm/aesv8-armx.pl
-@@ -3367,7 +3367,7 @@ $code.=<<___ if ($flavour =~ /64/);
- .align 4
- .Lxts_dec_tail4x:
- add $inp,$inp,#16
-- vld1.32 {$dat0},[$inp],#16
-+ tst $tailcnt,#0xf
- veor $tmp1,$dat1,$tmp0
- vst1.8 {$tmp1},[$out],#16
- veor $tmp2,$dat2,$tmp2
-@@ -3376,6 +3376,8 @@ $code.=<<___ if ($flavour =~ /64/);
- veor $tmp4,$dat4,$tmp4
- vst1.8 {$tmp3-$tmp4},[$out],#32
-
-+ b.eq .Lxts_dec_abort
-+ vld1.32 {$dat0},[$inp],#16
- b .Lxts_done
- .align 4
- .Lxts_outer_dec_tail:
diff --git a/dev-libs/openssl/openssl-1.1.1t-r1.ebuild b/dev-libs/openssl/openssl-1.1.1t-r1.ebuild
deleted file mode 100644
index 1d43a457c82a..000000000000
--- a/dev-libs/openssl/openssl-1.1.1t-r1.ebuild
+++ /dev/null
@@ -1,265 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic toolchain-funcs multilib-minimal verify-sig
-
-MY_P=${P/_/-}
-DESCRIPTION="Full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
- verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-S="${WORKDIR}/${MY_P}"
-
-LICENSE="openssl"
-SLOT="0/1.1" # .so version of libssl/libcrypto
-if [[ ${PV} != *_pre* ]] ; then
- KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
-fi
-IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-RDEPEND="
- tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}"
-BDEPEND="
- >=dev-lang/perl-5
- sctp? ( >=net-misc/lksctp-tools-1.0.12 )
- test? (
- sys-apps/diffutils
- sys-devel/bc
- kernel_linux? ( sys-process/procps )
- )
- verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )"
-PDEPEND="app-misc/ca-certificates"
-
-# force upgrade to prevent broken login, bug #696950
-RDEPEND+=" !<net-misc/openssh-8.0_p1-r3"
-
-MULTILIB_WRAPPED_HEADERS=(
- usr/include/openssl/opensslconf.h
-)
-
-PATCHES=(
- # General patches which are suitable to always apply
- # If they're Gentoo specific, add to USE=-vanilla logic in src_prepare!
- "${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch # bug #671602
- "${FILESDIR}"/${PN}-1.1.1i-riscv32.patch
- "${FILESDIR}"/openssl-3.0.8-mips-cflags.patch
-)
-
-pkg_setup() {
- [[ ${MERGE_TYPE} == binary ]] && return
-
- # must check in pkg_setup; sysctl doesn't work with userpriv!
- if use test && use sctp; then
- # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
- # if sctp.auth_enable is not enabled.
- local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
- if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
- die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
- fi
- fi
-}
-
-src_unpack() {
- # Can delete this once test fix patch is dropped
- if use verify-sig ; then
- # Needed for downloaded patch (which is unsigned, which is fine)
- verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
- fi
-
- default
-}
-
-src_prepare() {
- # Make sure we only ever touch Makefile.org and avoid patching a file
- # that gets blown away anyways by the Configure script in src_configure
- rm -f Makefile
-
- if ! use vanilla ; then
- PATCHES+=(
- # Add patches which are Gentoo-specific customisations here
- )
- fi
-
- default
-
- if use test && use sctp && has network-sandbox ${FEATURES}; then
- einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
- rm test/recipes/80-test_ssl_new.t || die
- fi
-
- # Remove test target when FEATURES=test isn't set
- if ! use test ; then
- sed \
- -e '/^$config{dirs}/s@ "test",@@' \
- -i Configure || die
- fi
-
- if use prefix && [[ ${CHOST} == *-solaris* ]] ; then
- # use GNU ld full option, not to confuse it on Solaris
- sed -i \
- -e 's/-Wl,-M,/-Wl,--version-script=/' \
- -e 's/-Wl,-h,/-Wl,--soname=/' \
- Configurations/10-main.conf || die
-
- # fix building on Solaris 10
- # https://github.com/openssl/openssl/issues/6333
- sed -i \
- -e 's/-lsocket -lnsl -ldl/-lsocket -lnsl -ldl -lrt/' \
- Configurations/10-main.conf || die
- fi
-
- # The config script does stupid stuff to prompt the user. Kill it.
- sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-}
-
-src_configure() {
- # Keep this in sync with app-misc/c_rehash
- SSL_CNF_DIR="/etc/ssl"
-
- # Quiet out unknown driver argument warnings since openssl
- # doesn't have well-split CFLAGS and we're making it even worse
- # and 'make depend' uses -Werror for added fun (bug #417795 again)
- tc-is-clang && append-flags -Qunused-arguments
-
- # We really, really need to build OpenSSL w/ strict aliasing disabled.
- # It's filled with violations and it *will* result in miscompiled
- # code. This has been in the ebuild for > 10 years but even in 2022,
- # it's still relevant:
- # - https://github.com/llvm/llvm-project/issues/55255
- # - https://github.com/openssl/openssl/issues/18225
- # - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
- # Don't remove the no strict aliasing bits below!
- filter-flags -fstrict-aliasing
- append-flags -fno-strict-aliasing
-
- append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
- append-flags $(test-flags-CC -Wa,--noexecstack)
-
- # bug #197996
- unset APPS
- # bug #312551
- unset SCRIPTS
- # bug #311473
- unset CROSS_COMPILE
-
- tc-export AR CC CXX RANLIB RC
-
- multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
- use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
- local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
- # See if our toolchain supports __uint128_t. If so, it's 64bit
- # friendly and can use the nicely optimized code paths, bug #460790.
- #local ec_nistp_64_gcc_128
- #
- # Disable it for now though (bug #469976)
- # Do NOT re-enable without substantial discussion first!
- #
- #echo "__uint128_t i;" > "${T}"/128.c
- #if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
- # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
- #fi
-
- local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
- einfo "Use configuration ${sslout:-(openssl knows best)}"
- local config=( perl "${S}/Configure" )
- [[ -z ${sslout} ]] && config=( sh "${S}/config" -v )
-
- # "disable-deprecated" option breaks too many consumers.
- # Don't set it without thorough revdeps testing.
- # Make sure user flags don't get added *yet* to avoid duplicated
- # flags.
- local myeconfargs=(
- ${sslout}
-
- $(use cpu_flags_x86_sse2 || echo "no-sse2")
- enable-camellia
- enable-ec
- enable-ec2m
- enable-sm2
- enable-srp
- $(use elibc_musl && echo "no-async")
- ${ec_nistp_64_gcc_128}
- enable-idea
- enable-mdc2
- enable-rc5
- $(use_ssl sslv3 ssl3)
- $(use_ssl sslv3 ssl3-method)
- $(use_ssl asm)
- $(use_ssl rfc3779)
- $(use_ssl sctp)
- $(use test || echo "no-tests")
- $(use_ssl tls-compression zlib)
- $(use_ssl tls-heartbeat heartbeats)
- $(use_ssl weak-ssl-ciphers)
-
- --prefix="${EPREFIX}"/usr
- --openssldir="${EPREFIX}"${SSL_CNF_DIR}
- --libdir=$(get_libdir)
-
- shared
- threads
- )
-
- edo "${config[@]}" "${myeconfargs[@]}"
-}
-
-multilib_src_compile() {
- emake all
-}
-
-multilib_src_test() {
- emake -j1 test
-}
-
-multilib_src_install() {
- emake DESTDIR="${D}" install_sw
-
- if multilib_is_native_abi; then
- emake DESTDIR="${D}" install_ssldirs
- emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} MANSUFFIX=ssl install_docs
- fi
-
- # This is crappy in that the static archives are still built even
- # when USE=static-libs. But this is due to a failing in the openssl
- # build system: the static archives are built as PIC all the time.
- # Only way around this would be to manually configure+compile openssl
- # twice; once with shared lib support enabled and once without.
- if ! use static-libs; then
- rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
- fi
-}
-
-multilib_src_install_all() {
- # openssl installs perl version of c_rehash by default, but
- # we provide a shell version via app-misc/c_rehash
- rm "${ED}"/usr/bin/c_rehash || die
-
- dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
-
- # Create the certs directory
- keepdir ${SSL_CNF_DIR}/certs
-
- # bug #254521
- dodir /etc/sandbox.d
- echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
- diropts -m0700
- keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
- ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
- openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
- eend $?
-}
diff --git a/dev-libs/openssl/openssl-1.1.1t-r3.ebuild b/dev-libs/openssl/openssl-1.1.1t-r3.ebuild
deleted file mode 100644
index 36d0d673d156..000000000000
--- a/dev-libs/openssl/openssl-1.1.1t-r3.ebuild
+++ /dev/null
@@ -1,269 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic toolchain-funcs multilib-minimal verify-sig
-
-MY_P=${P/_/-}
-DESCRIPTION="Full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
- verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-S="${WORKDIR}/${MY_P}"
-
-LICENSE="openssl"
-SLOT="0/1.1" # .so version of libssl/libcrypto
-if [[ ${PV} != *_pre* ]] ; then
- KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
-fi
-IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-RDEPEND="
- tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}"
-BDEPEND="
- >=dev-lang/perl-5
- sctp? ( >=net-misc/lksctp-tools-1.0.12 )
- test? (
- sys-apps/diffutils
- sys-devel/bc
- kernel_linux? ( sys-process/procps )
- )
- verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )"
-PDEPEND="app-misc/ca-certificates"
-
-# force upgrade to prevent broken login, bug #696950
-RDEPEND+=" !<net-misc/openssh-8.0_p1-r3"
-
-MULTILIB_WRAPPED_HEADERS=(
- usr/include/openssl/opensslconf.h
-)
-
-PATCHES=(
- # General patches which are suitable to always apply
- # If they're Gentoo specific, add to USE=-vanilla logic in src_prepare!
- "${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch # bug #671602
- "${FILESDIR}"/${PN}-1.1.1i-riscv32.patch
- "${FILESDIR}"/openssl-3.0.8-mips-cflags.patch
- "${FILESDIR}"/openssl-1.1.1t-CVE-2023-0464.patch
- "${FILESDIR}"/openssl-1.1.1t-CVE-2023-0465.patch
- "${FILESDIR}"/openssl-1.1.1t-CVE-2023-0466.patch
-)
-
-pkg_setup() {
- [[ ${MERGE_TYPE} == binary ]] && return
-
- # must check in pkg_setup; sysctl doesn't work with userpriv!
- if use test && use sctp; then
- # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
- # if sctp.auth_enable is not enabled.
- local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
- if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
- die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
- fi
- fi
-}
-
-src_unpack() {
- # Can delete this once test fix patch is dropped
- if use verify-sig ; then
- # Needed for downloaded patch (which is unsigned, which is fine)
- verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
- fi
-
- default
-}
-
-src_prepare() {
- # Make sure we only ever touch Makefile.org and avoid patching a file
- # that gets blown away anyways by the Configure script in src_configure
- rm -f Makefile
-
- if ! use vanilla ; then
- PATCHES+=(
- # Add patches which are Gentoo-specific customisations here
- )
- fi
-
- default
-
- if use test && use sctp && has network-sandbox ${FEATURES}; then
- einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
- rm test/recipes/80-test_ssl_new.t || die
- fi
-
- # Test fails depending on kernel configuration, bug #699134
- rm test/recipes/30-test_afalg.t || die
-
- # Remove test target when FEATURES=test isn't set
- if ! use test ; then
- sed \
- -e '/^$config{dirs}/s@ "test",@@' \
- -i Configure || die
- fi
-
- if use prefix && [[ ${CHOST} == *-solaris* ]] ; then
- # use GNU ld full option, not to confuse it on Solaris
- sed -i \
- -e 's/-Wl,-M,/-Wl,--version-script=/' \
- -e 's/-Wl,-h,/-Wl,--soname=/' \
- Configurations/10-main.conf || die
- fi
-
- # The config script does stupid stuff to prompt the user. Kill it.
- sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-}
-
-src_configure() {
- # Keep this in sync with app-misc/c_rehash
- SSL_CNF_DIR="/etc/ssl"
-
- # Quiet out unknown driver argument warnings since openssl
- # doesn't have well-split CFLAGS and we're making it even worse
- # and 'make depend' uses -Werror for added fun (bug #417795 again)
- tc-is-clang && append-flags -Qunused-arguments
-
- # We really, really need to build OpenSSL w/ strict aliasing disabled.
- # It's filled with violations and it *will* result in miscompiled
- # code. This has been in the ebuild for > 10 years but even in 2022,
- # it's still relevant:
- # - https://github.com/llvm/llvm-project/issues/55255
- # - https://github.com/openssl/openssl/issues/18225
- # - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
- # Don't remove the no strict aliasing bits below!
- filter-flags -fstrict-aliasing
- append-flags -fno-strict-aliasing
- # The OpenSSL developers don't test with LTO right now, it leads to various
- # warnings/errors (which may or may not be false positives), it's considered
- # unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
- filter-lto
-
- append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
- append-flags $(test-flags-CC -Wa,--noexecstack)
-
- # bug #197996
- unset APPS
- # bug #312551
- unset SCRIPTS
- # bug #311473
- unset CROSS_COMPILE
-
- tc-export AR CC CXX RANLIB RC
-
- multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
- use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
- local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
- # See if our toolchain supports __uint128_t. If so, it's 64bit
- # friendly and can use the nicely optimized code paths, bug #460790.
- #local ec_nistp_64_gcc_128
- #
- # Disable it for now though (bug #469976)
- # Do NOT re-enable without substantial discussion first!
- #
- #echo "__uint128_t i;" > "${T}"/128.c
- #if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
- # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
- #fi
-
- local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
- einfo "Use configuration ${sslout:-(openssl knows best)}"
- local config=( perl "${S}/Configure" )
- [[ -z ${sslout} ]] && config=( sh "${S}/config" -v )
-
- # "disable-deprecated" option breaks too many consumers.
- # Don't set it without thorough revdeps testing.
- # Make sure user flags don't get added *yet* to avoid duplicated
- # flags.
- local myeconfargs=(
- ${sslout}
-
- $(use cpu_flags_x86_sse2 || echo "no-sse2")
- enable-camellia
- enable-ec
- enable-ec2m
- enable-sm2
- enable-srp
- $(use elibc_musl && echo "no-async")
- ${ec_nistp_64_gcc_128}
- enable-idea
- enable-mdc2
- enable-rc5
- $(use_ssl sslv3 ssl3)
- $(use_ssl sslv3 ssl3-method)
- $(use_ssl asm)
- $(use_ssl rfc3779)
- $(use_ssl sctp)
- $(use test || echo "no-tests")
- $(use_ssl tls-compression zlib)
- $(use_ssl tls-heartbeat heartbeats)
- $(use_ssl weak-ssl-ciphers)
-
- --prefix="${EPREFIX}"/usr
- --openssldir="${EPREFIX}"${SSL_CNF_DIR}
- --libdir=$(get_libdir)
-
- shared
- threads
- )
-
- edo "${config[@]}" "${myeconfargs[@]}"
-}
-
-multilib_src_compile() {
- emake all
-}
-
-multilib_src_test() {
- emake -j1 test
-}
-
-multilib_src_install() {
- emake DESTDIR="${D}" install_sw
-
- if multilib_is_native_abi; then
- emake DESTDIR="${D}" install_ssldirs
- emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} MANSUFFIX=ssl install_docs
- fi
-
- # This is crappy in that the static archives are still built even
- # when USE=static-libs. But this is due to a failing in the openssl
- # build system: the static archives are built as PIC all the time.
- # Only way around this would be to manually configure+compile openssl
- # twice; once with shared lib support enabled and once without.
- if ! use static-libs; then
- rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
- fi
-}
-
-multilib_src_install_all() {
- # openssl installs perl version of c_rehash by default, but
- # we provide a shell version via app-misc/c_rehash
- rm "${ED}"/usr/bin/c_rehash || die
-
- dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
-
- # Create the certs directory
- keepdir ${SSL_CNF_DIR}/certs
-
- # bug #254521
- dodir /etc/sandbox.d
- echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
- diropts -m0700
- keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
- ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
- openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
- eend $?
-}
diff --git a/dev-libs/openssl/openssl-3.0.8-r4.ebuild b/dev-libs/openssl/openssl-3.0.8-r4.ebuild
deleted file mode 100644
index e504eb575575..000000000000
--- a/dev-libs/openssl/openssl-3.0.8-r4.ebuild
+++ /dev/null
@@ -1,281 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic linux-info toolchain-funcs multilib-minimal multiprocessing verify-sig
-
-DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
-HOMEPAGE="https://www.openssl.org/"
-
-MY_P=${P/_/-}
-
-if [[ ${PV} == 9999 ]] ; then
- EGIT_REPO_URI="https://github.com/openssl/openssl.git"
-
- inherit git-r3
-else
- SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
- verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
- KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos"
-fi
-
-S="${WORKDIR}"/${MY_P}
-
-LICENSE="Apache-2.0"
-SLOT="0/3" # .so version of libssl/libcrypto
-IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-COMMON_DEPEND="
- tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-"
-BDEPEND="
- >=dev-lang/perl-5
- sctp? ( >=net-misc/lksctp-tools-1.0.12 )
- test? (
- sys-apps/diffutils
- sys-devel/bc
- sys-process/procps
- )
- verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )"
-
-DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}"
-PDEPEND="app-misc/ca-certificates"
-
-MULTILIB_WRAPPED_HEADERS=(
- /usr/include/openssl/configuration.h
-)
-
-PATCHES=(
- "${FILESDIR}"/openssl-3.0.8-mips-cflags.patch
- "${FILESDIR}"/openssl-3.0.8-CVE-2023-0464.patch
- "${FILESDIR}"/openssl-3.0.8-CVE-2023-0465.patch
- "${FILESDIR}"/openssl-3.0.8-CVE-2023-0466.patch
- "${FILESDIR}"/openssl-3.0.8-CVE-2023-1255.patch
-)
-
-pkg_setup() {
- if use ktls ; then
- if kernel_is -lt 4 18 ; then
- ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
- else
- CONFIG_CHECK="~TLS ~TLS_DEVICE"
- ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
- ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
- use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
-
- linux-info_pkg_setup
- fi
- fi
-
- [[ ${MERGE_TYPE} == binary ]] && return
-
- # must check in pkg_setup; sysctl doesn't work with userpriv!
- if use test && use sctp ; then
- # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
- # if sctp.auth_enable is not enabled.
- local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
- if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
- die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
- fi
- fi
-}
-
-src_unpack() {
- # Can delete this once test fix patch is dropped
- if use verify-sig ; then
- # Needed for downloaded patch (which is unsigned, which is fine)
- verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
- fi
-
- default
-}
-
-src_prepare() {
- # Make sure we only ever touch Makefile.org and avoid patching a file
- # that gets blown away anyways by the Configure script in src_configure
- rm -f Makefile
-
- if ! use vanilla ; then
- PATCHES+=(
- # Add patches which are Gentoo-specific customisations here
- )
- fi
-
- default
-
- if use test && use sctp && has network-sandbox ${FEATURES} ; then
- einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
- rm test/recipes/80-test_ssl_new.t || die
- fi
-
- # Test fails depending on kernel configuration, bug #699134
- rm test/recipes/30-test_afalg.t || die
-}
-
-src_configure() {
- # Keep this in sync with app-misc/c_rehash
- SSL_CNF_DIR="/etc/ssl"
-
- # Quiet out unknown driver argument warnings since openssl
- # doesn't have well-split CFLAGS and we're making it even worse
- # and 'make depend' uses -Werror for added fun (bug #417795 again)
- tc-is-clang && append-flags -Qunused-arguments
-
- # We really, really need to build OpenSSL w/ strict aliasing disabled.
- # It's filled with violations and it *will* result in miscompiled
- # code. This has been in the ebuild for > 10 years but even in 2022,
- # it's still relevant:
- # - https://github.com/llvm/llvm-project/issues/55255
- # - https://github.com/openssl/openssl/issues/18225
- # - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
- # Don't remove the no strict aliasing bits below!
- filter-flags -fstrict-aliasing
- append-flags -fno-strict-aliasing
- # The OpenSSL developers don't test with LTO right now, it leads to various
- # warnings/errors (which may or may not be false positives), it's considered
- # unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
- filter-lto
-
- append-flags $(test-flags-CC -Wa,--noexecstack)
-
- # bug #197996
- unset APPS
- # bug #312551
- unset SCRIPTS
- # bug #311473
- unset CROSS_COMPILE
-
- tc-export AR CC CXX RANLIB RC
-
- multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
- use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
- local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
- # See if our toolchain supports __uint128_t. If so, it's 64bit
- # friendly and can use the nicely optimized code paths, bug #460790.
- #local ec_nistp_64_gcc_128
- #
- # Disable it for now though (bug #469976)
- # Do NOT re-enable without substantial discussion first!
- #
- #echo "__uint128_t i;" > "${T}"/128.c
- #if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
- # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
- #fi
-
- local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
- einfo "Using configuration: ${sslout:-(openssl knows best)}"
-
- # https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
- local myeconfargs=(
- ${sslout}
-
- $(use cpu_flags_x86_sse2 || echo "no-sse2")
- enable-camellia
- enable-ec
- enable-ec2m
- enable-sm2
- enable-srp
- $(use elibc_musl && echo "no-async")
- enable-idea
- enable-mdc2
- enable-rc5
- $(use fips && echo "enable-fips")
- $(use_ssl asm)
- $(use_ssl ktls)
- $(use_ssl rfc3779)
- $(use_ssl sctp)
- $(use test || echo "no-tests")
- $(use_ssl tls-compression zlib)
- $(use_ssl weak-ssl-ciphers)
-
- --prefix="${EPREFIX}"/usr
- --openssldir="${EPREFIX}"${SSL_CNF_DIR}
- --libdir=$(get_libdir)
-
- shared
- threads
- )
-
- edo perl "${S}/Configure" "${myeconfargs[@]}"
-}
-
-multilib_src_compile() {
- emake build_sw
-
- if multilib_is_native_abi; then
- emake build_docs
- fi
-}
-
-multilib_src_test() {
- # VFP = show subtests verbosely and show failed tests verbosely
- # Normal V=1 would show everything verbosely but this slows things down.
- emake HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test
-}
-
-multilib_src_install() {
- emake DESTDIR="${D}" install_sw
- if use fips; then
- emake DESTDIR="${D}" install_fips
- # Regen this in pkg_preinst, bug 900625
- rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
- fi
-
- if multilib_is_native_abi; then
- emake DESTDIR="${D}" install_ssldirs
- emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} install_docs
- fi
-
- # This is crappy in that the static archives are still built even
- # when USE=static-libs. But this is due to a failing in the openssl
- # build system: the static archives are built as PIC all the time.
- # Only way around this would be to manually configure+compile openssl
- # twice; once with shared lib support enabled and once without.
- if ! use static-libs ; then
- rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
- fi
-}
-
-multilib_src_install_all() {
- # openssl installs perl version of c_rehash by default, but
- # we provide a shell version via app-misc/c_rehash
- rm "${ED}"/usr/bin/c_rehash || die
-
- dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
-
- # Create the certs directory
- keepdir ${SSL_CNF_DIR}/certs
-
- # bug #254521
- dodir /etc/sandbox.d
- echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
- diropts -m0700
- keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_preinst() {
- if use fips; then
- # Regen fipsmodule.cnf, bug 900625
- ebegin "Running openssl fipsinstall"
- "${ED}/usr/bin/openssl" fipsinstall -quiet \
- -out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
- -module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
- eend $?
- fi
-}
-
-pkg_postinst() {
- ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
- openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
- eend $?
-}
diff --git a/dev-libs/openssl/openssl-3.1.0-r3.ebuild b/dev-libs/openssl/openssl-3.1.0-r3.ebuild
deleted file mode 100644
index 5f1ec4c39f0f..000000000000
--- a/dev-libs/openssl/openssl-3.1.0-r3.ebuild
+++ /dev/null
@@ -1,284 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic linux-info toolchain-funcs multilib-minimal multiprocessing verify-sig
-
-DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
-HOMEPAGE="https://www.openssl.org/"
-
-MY_P=${P/_/-}
-
-if [[ ${PV} == 9999 ]] ; then
- EGIT_REPO_URI="https://github.com/openssl/openssl.git"
-
- inherit git-r3
-else
- SRC_URI="
- mirror://openssl/source/${MY_P}.tar.gz
- verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )
- "
- #KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
-fi
-
-S="${WORKDIR}"/${MY_P}
-
-LICENSE="Apache-2.0"
-SLOT="0/$(ver_cut 1)" # .so version of libssl/libcrypto
-IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-COMMON_DEPEND="
- !<net-misc/openssh-9.2_p1-r3
- tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-"
-BDEPEND="
- >=dev-lang/perl-5
- sctp? ( >=net-misc/lksctp-tools-1.0.12 )
- test? (
- sys-apps/diffutils
- sys-devel/bc
- sys-process/procps
- )
- verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )"
-
-DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}"
-PDEPEND="app-misc/ca-certificates"
-
-MULTILIB_WRAPPED_HEADERS=(
- /usr/include/openssl/configuration.h
-)
-
-PATCHES=(
- "${FILESDIR}"/openssl-3.0.8-mips-cflags.patch
- "${FILESDIR}"/openssl-3.1.0-CVE-2023-0464.patch
- "${FILESDIR}"/openssl-3.1.0-CVE-2023-0465.patch
- "${FILESDIR}"/openssl-3.1.0-CVE-2023-0466.patch
- "${FILESDIR}"/openssl-3.1.0-CVE-2023-1255.patch
-)
-
-pkg_setup() {
- if use ktls ; then
- if kernel_is -lt 4 18 ; then
- ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
- else
- CONFIG_CHECK="~TLS ~TLS_DEVICE"
- ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
- ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
- use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
-
- linux-info_pkg_setup
- fi
- fi
-
- [[ ${MERGE_TYPE} == binary ]] && return
-
- # must check in pkg_setup; sysctl doesn't work with userpriv!
- if use test && use sctp ; then
- # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
- # if sctp.auth_enable is not enabled.
- local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
- if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
- die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
- fi
- fi
-}
-
-src_unpack() {
- # Can delete this once test fix patch is dropped
- if use verify-sig ; then
- # Needed for downloaded patch (which is unsigned, which is fine)
- verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
- fi
-
- default
-}
-
-src_prepare() {
- # Make sure we only ever touch Makefile.org and avoid patching a file
- # that gets blown away anyways by the Configure script in src_configure
- rm -f Makefile
-
- if ! use vanilla ; then
- PATCHES+=(
- # Add patches which are Gentoo-specific customisations here
- )
- fi
-
- default
-
- if use test && use sctp && has network-sandbox ${FEATURES} ; then
- einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
- rm test/recipes/80-test_ssl_new.t || die
- fi
-
- # Test fails depending on kernel configuration, bug #699134
- rm test/recipes/30-test_afalg.t || die
-}
-
-src_configure() {
- # Keep this in sync with app-misc/c_rehash
- SSL_CNF_DIR="/etc/ssl"
-
- # Quiet out unknown driver argument warnings since openssl
- # doesn't have well-split CFLAGS and we're making it even worse
- # and 'make depend' uses -Werror for added fun (bug #417795 again)
- tc-is-clang && append-flags -Qunused-arguments
-
- # We really, really need to build OpenSSL w/ strict aliasing disabled.
- # It's filled with violations and it *will* result in miscompiled
- # code. This has been in the ebuild for > 10 years but even in 2022,
- # it's still relevant:
- # - https://github.com/llvm/llvm-project/issues/55255
- # - https://github.com/openssl/openssl/issues/18225
- # - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
- # Don't remove the no strict aliasing bits below!
- filter-flags -fstrict-aliasing
- append-flags -fno-strict-aliasing
- # The OpenSSL developers don't test with LTO right now, it leads to various
- # warnings/errors (which may or may not be false positives), it's considered
- # unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
- filter-lto
-
- append-flags $(test-flags-CC -Wa,--noexecstack)
-
- # bug #197996
- unset APPS
- # bug #312551
- unset SCRIPTS
- # bug #311473
- unset CROSS_COMPILE
-
- tc-export AR CC CXX RANLIB RC
-
- multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
- use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
- local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
- # See if our toolchain supports __uint128_t. If so, it's 64bit
- # friendly and can use the nicely optimized code paths, bug #460790.
- #local ec_nistp_64_gcc_128
- #
- # Disable it for now though (bug #469976)
- # Do NOT re-enable without substantial discussion first!
- #
- #echo "__uint128_t i;" > "${T}"/128.c
- #if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
- # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
- #fi
-
- local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
- einfo "Using configuration: ${sslout:-(openssl knows best)}"
-
- # https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
- local myeconfargs=(
- ${sslout}
-
- $(use cpu_flags_x86_sse2 || echo "no-sse2")
- enable-camellia
- enable-ec
- enable-ec2m
- enable-sm2
- enable-srp
- $(use elibc_musl && echo "no-async")
- enable-idea
- enable-mdc2
- enable-rc5
- $(use fips && echo "enable-fips")
- $(use_ssl asm)
- $(use_ssl ktls)
- $(use_ssl rfc3779)
- $(use_ssl sctp)
- $(use test || echo "no-tests")
- $(use_ssl tls-compression zlib)
- $(use_ssl weak-ssl-ciphers)
-
- --prefix="${EPREFIX}"/usr
- --openssldir="${EPREFIX}"${SSL_CNF_DIR}
- --libdir=$(get_libdir)
-
- shared
- threads
- )
-
- edo perl "${S}/Configure" "${myeconfargs[@]}"
-}
-
-multilib_src_compile() {
- emake build_sw
-
- if multilib_is_native_abi; then
- emake build_docs
- fi
-}
-
-multilib_src_test() {
- # VFP = show subtests verbosely and show failed tests verbosely
- # Normal V=1 would show everything verbosely but this slows things down.
- emake HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test
-}
-
-multilib_src_install() {
- emake DESTDIR="${D}" install_sw
- if use fips; then
- emake DESTDIR="${D}" install_fips
- # Regen this in pkg_preinst, bug 900625
- rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
- fi
-
- if multilib_is_native_abi; then
- emake DESTDIR="${D}" install_ssldirs
- emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} install_docs
- fi
-
- # This is crappy in that the static archives are still built even
- # when USE=static-libs. But this is due to a failing in the openssl
- # build system: the static archives are built as PIC all the time.
- # Only way around this would be to manually configure+compile openssl
- # twice; once with shared lib support enabled and once without.
- if ! use static-libs ; then
- rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
- fi
-}
-
-multilib_src_install_all() {
- # openssl installs perl version of c_rehash by default, but
- # we provide a shell version via app-misc/c_rehash
- rm "${ED}"/usr/bin/c_rehash || die
-
- dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
-
- # Create the certs directory
- keepdir ${SSL_CNF_DIR}/certs
-
- # bug #254521
- dodir /etc/sandbox.d
- echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
- diropts -m0700
- keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_preinst() {
- if use fips; then
- # Regen fipsmodule.cnf, bug 900625
- ebegin "Running openssl fipsinstall"
- "${ED}/usr/bin/openssl" fipsinstall -quiet \
- -out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
- -module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
- eend $?
- fi
-}
-
-pkg_postinst() {
- ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
- openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
- eend $?
-}
diff --git a/dev-libs/serdisplib/Manifest b/dev-libs/serdisplib/Manifest
index 49c046734f99..5ce715474d1f 100644
--- a/dev-libs/serdisplib/Manifest
+++ b/dev-libs/serdisplib/Manifest
@@ -2,5 +2,5 @@ AUX serdisplib-2.02-disable-static-build.patch 3327 BLAKE2B 677d3dcc121cbc42345e
AUX serdisplib-2.02-musl.patch 639 BLAKE2B 4428488881962784503b74d952aec573d512150d69117099f89972ed3ba020437708a472aa9017f3fbef826d40fad0c46b0a9641a256061e8d078ac2a4bb1c59 SHA512 b81a2e0de075e6d112f8131dd37f787dc3eb2652762a92d84b7a5260c42bb07b2b20c214fb12098ecb3fc6934beea8e11b811d7071185898f048e2ade0376560
AUX serdisplib-2.02-use-destdir.patch 3400 BLAKE2B 77d9adc8c9a44586cbe352c6273677704d7335fc75c82d50a681c361a10a45484ae0dfb3241bf9d99ba242f6548df9cb036992b46e157f9c4ec3ca098397be7e SHA512 370ace46b39ba5e67d7f728a3cb3980b75a2c7e6e5fb25273f9c3bfbe10f33479bfcff92e3074a2cb80985c114d161b78115410dd88330810f654875e57d7575
DIST serdisplib-2.02.tar.gz 497028 BLAKE2B f35b6df60303a288b2a279d821a510089802019f33b7ee36b9c2fd1d1d6bef0b3118793e6d965076c1665e1e2555a553186ef1a9210712ef9d2bc1e090ec0a98 SHA512 d9936c25dc14e24eb02876f203476752340e621d8ee5c87ee99862575e45199bf46ff8487dfdd80b16a89543958fdf5a16a2aaf78d5cade06811cfb1592c45eb
-EBUILD serdisplib-2.02-r2.ebuild 2887 BLAKE2B 05303419febab510c652f8667d30c7e6bfe6e2bbb4606af8bd4aeb56b4dbba6a5d5808b3918364825bf4037967945ec5ea82dbcfb367123f027b13b9ed68eace SHA512 e87cd535de6694e9caafede2561061d490451a145e93ffece217e666612e515446c3de0b552b6c7c1e24518a2406618a08bbece25ba28e19992e037bb59285ee
+EBUILD serdisplib-2.02-r2.ebuild 2902 BLAKE2B 23121f10c18c7bfaa47b7b4a68eb990b5d3f0a23d0027170beed974495a2a5502f35bd2231affbbf2d072e480a3e82d47b6eeddc31147eb9fd6ac6b63c089926 SHA512 3b153c2abda383c753b5ac1aa6a156da969d3af0b1aa97d441a3af0a96bb8e976a2afefa3e92b4961af1116c6a8c3e32b017ffba6264203a37ebe6ca24bcfd16
MISC metadata.xml 663 BLAKE2B 006db175fbd12bc996c0718a226bb2aabc967e0896dc78c351da1990246850a0a4fe67eb84281342d7fe02fd65f26e59a2a22323520a086192aa9f4922a92229 SHA512 539a6ee6568d6db434c5bf23548a116d72103e9efe878d4aec1563e3c3384b2e5012c45699357188f3003bcd81c29bb60b274a59f66648b65bc85359ba376d37
diff --git a/dev-libs/serdisplib/serdisplib-2.02-r2.ebuild b/dev-libs/serdisplib/serdisplib-2.02-r2.ebuild
index 63f9e8620b12..ba4565132b83 100644
--- a/dev-libs/serdisplib/serdisplib-2.02-r2.ebuild
+++ b/dev-libs/serdisplib/serdisplib-2.02-r2.ebuild
@@ -21,12 +21,14 @@ IUSE_LCD_DEVICES=(
rs232 sed133x sed153x sed156x ssdoled stv8105 t6963 vssdcp
)
+printf -v mangled_lcd_devices 'lcd_devices_%s ' ${IUSE_LCD_DEVICES[@]}
+
# Add supported drivers from 'IUSE_LCD_DEVICES' to 'IUSE' and 'REQUIRED_USE'.
# Also enable 'lcd_devices_directgfx' as default.
-IUSE+=" $(printf 'lcd_devices_%s ' ${IUSE_LCD_DEVICES[@]}) "
+IUSE+=" ${mangled_lcd_devices}"
IUSE="${IUSE/lcd_devices_directgfx/+lcd_devices_directgfx}"
REQUIRED_USE+="
- || ( $(printf 'lcd_devices_%s ' ${IUSE_LCD_DEVICES[@]}) )
+ || ( ${mangled_lcd_devices} )
lcd_devices_framebuffer? ( threads )
"
diff --git a/dev-libs/weston/Manifest b/dev-libs/weston/Manifest
index c1186039a09e..c9bdba807942 100644
--- a/dev-libs/weston/Manifest
+++ b/dev-libs/weston/Manifest
@@ -5,7 +5,7 @@ DIST weston-10.0.0.tar.xz 1774600 BLAKE2B b2b8fa4f7542aba03970ca8abf504f340f8f8d
DIST weston-11.0.1.tar.xz 1900796 BLAKE2B 33d7d5b3340e7074265885bd54ee039e8b5d448fa9f58f4bf9f823efd2557da9b916d903119565a806ab698382fe185165c8ede8614e983c872dfe15b474b616 SHA512 d451230fc260b45aaaadb5cf0aa360629e45e72e3b3676c6ec040d6c6549dbb57d05683effd962c3b2d61482b47a6c990d12cc736c896b501d982c8c4d34834c
DIST weston-12.0.1.tar.xz 1969772 BLAKE2B d7a76ad6e11b76b73b91aeb9b3b49e823ecc8170bd1306f9a8ed90fa49d9bc7734e4c0595ca67f11421ecf5b4dbf04289cf803726c508e8c979a9850c0e94ccb SHA512 3dcfa1a2a6b9a605d3ecd597bf7ac0f87b0fd1971845b6e5c44b5e34296943ac146dae6e1cfea9be14ad7a9a8b6d30dc765f9289ef80920d7c516ebba1ba4688
EBUILD weston-10.0.0.ebuild 3934 BLAKE2B fd140a51aeceac3251a2f5f0878cb5f4e37b630c4ad7807873ac041c863f490bb7845d29086dc17d169856dc8e9dd9a1e87c042b94c6e46ef2b5ae0810412ef1 SHA512 f48f41f7fdf96d2b1a9842150d57e1fd394b7e86725318aabb8bc472d7fab2483e1e4654c37271f13dc92efc92139e58c12bf8972d250028d9f7dc7dfd469921
-EBUILD weston-11.0.1.ebuild 3660 BLAKE2B 7f5f839613133f8e0a91d84f38802c7c5003806e0e0eeb512e88eac3e30f7f938459f6378c30ffabe48433662886a673347d45b4c34dac2b1fc1a5d92d212ac9 SHA512 1fc628480db9cbae5f021c6cd5c82055d11032a01f569b2e9c57202dea7ff4eb00dbae8f20d231c4a8f3fbc9eb333bf44ec24818e0c0b0c1d67cd9a9e30c75bf
+EBUILD weston-11.0.1.ebuild 3659 BLAKE2B d6ccf7efb9880e015c927211109e65a55481846ef6c8bc4ebfadd29f63f3d41e802365e4f0002fc5e38cd13631285eb65b9eb0bc41fc1bca389a247e8c012cd6 SHA512 a009f70f667485aab2496a5947e944854b09620db09ce70b8aaa1e669a347d4384b89bef35d004e4697716c36a4262340a597a8869bacb2c3b0df5dd6fee9459
EBUILD weston-12.0.1.ebuild 3686 BLAKE2B e84ee5c700efe156412620f048e47b54bb015b4a107c71f9c85ae7d9eefce40bdeae59b6b8837fb7be20666c12f89ef5269c1c0c08e068f0d3ee381f22e00d64 SHA512 1c7478c575d616e544451ea20fd6d92f0eb933731c8365ac19c389bf9d346db2c6a9eae1c3f5755e79e793e7b2e190992d8d2d30ebba1834a9a32ab577528e0c
EBUILD weston-9999.ebuild 3705 BLAKE2B 80f5d38e267ea8e422b2bd6b9b935dac285573c761be1a4319c3c7e26687bf52d598f24a6aeab96dd5c6c7f8b6ed5b5467b60fc44232bcd2653e5476f76972fa SHA512 c1077cd94be525ee6c09c3871567eb4f1bd33e99c6aa8f33424ff779874839847efbb564eb3d698ea0a17e3ea6bbb1b5b9411ca521cd54d5e7636a812e6db708
MISC metadata.xml 1608 BLAKE2B 179aa99a3445aca06bee40c9794b2e932a81d5160a375a501631938d855db8d785de876b7c674dacb5295fe33a422a85f1cd8df8da1fc230a6ad5286e5606a3b SHA512 daf7602fb7efa103a79f029d2c40825156dd787694364f5da33e43eea297022da2df070a9b051d3bbb55da5663a1550dca39db31b6c4fd9d38eea465ada909a1
diff --git a/dev-libs/weston/weston-11.0.1.ebuild b/dev-libs/weston/weston-11.0.1.ebuild
index c5d8bf1ada2a..83deecda3ef6 100644
--- a/dev-libs/weston/weston-11.0.1.ebuild
+++ b/dev-libs/weston/weston-11.0.1.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} = *9999* ]]; then
SRC_URI="${SRC_PATCHES}"
else
SRC_URI="https://gitlab.freedesktop.org/wayland/${PN}/uploads/f5648c818fba5432edc3ea63c4db4813/${P}.tar.xz"
- KEYWORDS="amd64 arm arm64 ~ia64 ~loong ~ppc ~ppc64 ~riscv ~sparc x86"
+ KEYWORDS="amd64 arm arm64 ~ia64 ~loong ~ppc ppc64 ~riscv ~sparc x86"
fi
LICENSE="MIT CC-BY-SA-3.0"
diff --git a/dev-libs/xmlsec/Manifest b/dev-libs/xmlsec/Manifest
index 9c1a24230066..a64009b7b09f 100644
--- a/dev-libs/xmlsec/Manifest
+++ b/dev-libs/xmlsec/Manifest
@@ -1,8 +1,12 @@
+AUX xmlsec-1.2.37-libressl.patch 1614 BLAKE2B 5b9c2731018d3b371867d30318d55e5f48e4e91359e80abffac212abb35fa274ec35ed9510eb3c01422d8142698669a115f85e9776af8424458de41c66c93b13 SHA512 423997e32223fc45467f9857e709b5707c64aba01ac892253e0be588d767fbfd7c2205a312600910d9cb734b4945e36048292ad59d40de4d43d98af9abe8b1b9
AUX xmlsec-1.3.0-clang.patch 614 BLAKE2B 4f08a58e1e7f56d7ae0ec117d836251342ce95b2b8f7290ace8d617f49dbd3130dda8c16417f850268295bbfd24051680dc89ec4d110ed0d66dfcfdf3890ccef SHA512 fdf44de3dd7c1c72d0fceea7ae204a749339b5f022e3354dedcb08564c638567552ea83c434f7d4b82165c77de7a816cbf92dc2cc141c0958aa78420030a8a54
AUX xmlsec-1.3.0-optimisation.patch 583 BLAKE2B 9035391762150ffa82eef10bc1ba1bde08b04e9e968bf850673dae3e27650e85516e1da4dc3385cd7aafde4cab6270a84e5205a149bcb19dbbdca5ffae678ac8 SHA512 fac70c0e0761d1d8016fb597ed4c139628bfab9d3600eeff17c16b9414732076bea65bee5c778481ecf944053319e030dfb4a455c6d51ba3e758007c36f72323
AUX xmlsec-1.3.0-strict-prototypes.patch 637 BLAKE2B b6adffe488b5e69e0338e040b8be5c611b927935c2a0f19ee58a9b19731c53b0c8f97d1d42d4b6d5b96400b91d5d31628bfa98e91e3ab4ba68b945d06508eff9 SHA512 03d7ca70aac92b01c78a87f8731d0302b441547c36a274f577f2c31e313b37aa9292b803affb7bf052426e80250480c6bb598be0f9e35d08293025a2f673caad
DIST xmlsec1-1.2.37.tar.gz 2009175 BLAKE2B 19f43ba6bf6eb49428b9c5563baecbab21476f326cceee13785ae16769afa258f100732831c0f3f7d160543bd075cdcfdc5cbf11b7406637ee6c2f0e27c07f30 SHA512 99220cb28a346ffac0023f9f177d6a7be3ddcea04bea434b7dc926c1f0aaa5564d75f74f92896ac100179c04d77e001f688ddf46fed4e0a0b4f20b7b87c24900
DIST xmlsec1-1.3.0.tar.gz 2425729 BLAKE2B a83d0117aaf1824a8a8f597f73ab1b76bcd1a9f0bb5d160df6c775f70cd2485f8e09c250f4ddbb4d42ba35549f9617d06f5470a91306757b4d5d54fdc0684f3c SHA512 ac1b1b88336959f54ef7fcfd6b9ff0feb2ba00a966a8e5b4efb97e802a1f9bb7adf5f4524c7f169344a1b7258377b5a7e879a0ab5ce25cfae3b05eac9b54729d
+DIST xmlsec1-1.3.1.tar.gz 2432943 BLAKE2B 1dafdffd959579add5c579e3fa9c9f9ddc73ce4aadc6fc2139506e6e64ffcd1bbe7298786e414900eb9f33f93b0a47da64e686c499e48d4c80d81b256db6692e SHA512 7f30c15c3edcafe70fa5febaa0ba39f73f8d30525ee102b5961a658dd2842fbc58e63f7595f15b150d71bf735bfa7688c3694a191b0d475776ca26902d90d25f
+EBUILD xmlsec-1.2.37-r1.ebuild 1525 BLAKE2B 0624803cc515de782244cb180fae354fdb012e2635029929b36823171bf2ff97c4aea6330dbe79e7334152ea4e3366b21de2fe8dee23b90089c127926e48152a SHA512 f1b760047831e6596a507ffb88e87e64ca55de571b8db6f0fe85a8d789985daaa3c4a901acfff9c345037589a330b153e4dd6fcbebf840ffe3a2df972cdfcb2d
EBUILD xmlsec-1.2.37.ebuild 1463 BLAKE2B d7cd33b3533395b59f4971deae688336fc4b8f52b5e948d7064cb19d7bbd043c7c8d3b48f5b499e51ebc529982b34b1d12a148fd35cfa700270334d7fa555124 SHA512 e92545fd5b5bb5977757cf18c8726a9335403cdc83d2367337e95ed305871cc6279568c1abce800738eefb60a7b84e4f508536c44a5a6426d6268950db223437
EBUILD xmlsec-1.3.0-r1.ebuild 1910 BLAKE2B b845d3d31f138e13e3e21031af43b2d340f059579203c99e377d26c893516c12135dc9d800effae8ace72116c9f661e0b9aea8a2fe125ece04282faa2aa8a8d3 SHA512 885bd017019f1a4ed6f34a298b8fb4666bf0ea66d01fbefab7051548d2d3cbc96f84b6cf696a28e971de0f530fa8068851aa32eb02e2cbffe872dd2ef3ab55ce
+EBUILD xmlsec-1.3.1.ebuild 1847 BLAKE2B d5154e27cf933902e70fbdbd6b4f82dc43a3add1118f33d32f0ac35f0715629f29a392004edc1e0fbea3b945662676625c4fbb44b92404d2e1c255e51422c0a5 SHA512 07c09101f6b1138eb17b0d704750c2000d4d8e31b95d4efccf409b1ab871373f453eb279d82de612dd897e432e0a825997b23ef53be1bad22e3c49ab0a730b14
MISC metadata.xml 558 BLAKE2B e4517ffa3f034420139ee0fbb8ed51a3cb319b1400e52d6a1d2d3b5363aa64831fd9cc93f49ab25d36a5fcae63115d0ffd152540f176c25dc49f77fbf4dd6c9d SHA512 6aab5452478ba1f71018274b75761c3467868f271b3cf256d05645407fa9c3cc64823384094c8e9024f936dfdaea5be2b8e91573e9addb07c5dab5f142c6a70d
diff --git a/dev-libs/xmlsec/files/xmlsec-1.2.37-libressl.patch b/dev-libs/xmlsec/files/xmlsec-1.2.37-libressl.patch
new file mode 100644
index 000000000000..acdb535ba552
--- /dev/null
+++ b/dev-libs/xmlsec/files/xmlsec-1.2.37-libressl.patch
@@ -0,0 +1,40 @@
+https://github.com/lsh123/xmlsec/pull/456
+https://github.com/lsh123/xmlsec/commit/c5469cfc8443c57a25a8783f0bd669f71e29bb04
+https://github.com/lsh123/xmlsec/pull/654
+https://github.com/lsh123/xmlsec/commit/dfdf981f3522e4059170b504fb6fd40b37c9d70f
+
+From c5469cfc8443c57a25a8783f0bd669f71e29bb04 Mon Sep 17 00:00:00 2001
+From: lsh123 <aleksey@aleksey.com>
+Date: Mon, 12 Dec 2022 10:34:56 -0500
+Subject: [PATCH] fix libressl (#456)
+
+---
+ src/openssl/openssl_compat.h | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+From d113d1e6355c4841fd03c6aa797d33bde1d064f3 Mon Sep 17 00:00:00 2001
+From: orbea <orbea@riseup.net>
+Date: Mon, 29 May 2023 07:46:58 -0700
+Subject: [PATCH] openssl_compat.h: Update LibreSSL UI_null() compat
+
+LibreSSL added UI_null() in 3.7.1.
+---
+ src/openssl/openssl_compat.h | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/src/openssl/openssl_compat.h
++++ b/src/openssl/openssl_compat.h
+@@ -123,6 +123,13 @@ static inline int xmlSecOpenSSLCompatRand(unsigned char *buf, xmlSecSize size) {
+ * LibreSSL 2.7 compatibility (implements most of OpenSSL 1.1 API)
+ *
+ *****************************************************************************/
++#if defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x3070200fL)
++
++/* Needed for Engine initialization */
++#define UI_null() NULL
++
++#endif /* defined(LIBRESSL_VERSION_NUMBER) */
++
+ #if defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x30500000L) && defined(XMLSEC_OPENSSL_API_110)
+ /* EVP_CIPHER_CTX stuff */
+ #define EVP_CIPHER_CTX_encrypting(x) ((x)->encrypt)
diff --git a/dev-libs/xmlsec/xmlsec-1.2.37-r1.ebuild b/dev-libs/xmlsec/xmlsec-1.2.37-r1.ebuild
new file mode 100644
index 000000000000..f5ed4f8c1c07
--- /dev/null
+++ b/dev-libs/xmlsec/xmlsec-1.2.37-r1.ebuild
@@ -0,0 +1,66 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+DESCRIPTION="Command line tool for signing, verifying, encrypting and decrypting XML"
+HOMEPAGE="https://www.aleksey.com/xmlsec"
+SRC_URI="https://www.aleksey.com/xmlsec/download/${PN}1-${PV}.tar.gz"
+S="${WORKDIR}/${PN}1-${PV}"
+
+LICENSE="MIT"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86"
+IUSE="doc gcrypt gnutls nss +openssl static-libs test"
+RESTRICT="!test? ( test )"
+REQUIRED_USE="|| ( gcrypt gnutls nss openssl )
+ gnutls? ( gcrypt )"
+
+RDEPEND=">=dev-libs/libxml2-2.7.4[ftp(+)]
+ >=dev-libs/libxslt-1.0.20
+ dev-libs/libltdl
+ gcrypt? ( >=dev-libs/libgcrypt-1.4.0:= )
+ gnutls? ( >=net-libs/gnutls-2.8.0:= )
+ nss? (
+ >=dev-libs/nspr-4.4.1
+ >=dev-libs/nss-3.9
+ )
+ openssl? (
+ dev-libs/openssl:=
+ )"
+DEPEND="${RDEPEND}"
+BDEPEND="virtual/pkgconfig
+ test? (
+ nss? (
+ >=dev-libs/nss-3.9[utils]
+ )
+ )"
+
+PATCHES=(
+ "${FILESDIR}"/${P}-libressl.patch #903001
+)
+
+src_configure() {
+ # Bash because of bug #721128
+ CONFIG_SHELL="${BROOT}"/bin/bash econf \
+ $(use_enable doc docs) \
+ $(use_enable static-libs static) \
+ $(use_with gcrypt) \
+ $(use_with gnutls) \
+ $(use_with nss nspr) \
+ $(use_with nss) \
+ $(use_with openssl) \
+ --enable-mans \
+ --enable-pkgconfig
+}
+
+src_test() {
+ # See https://github.com/lsh123/xmlsec/issues/280 for TZ=UTC
+ TZ=UTC SHELL="${BROOT}"/bin/bash emake TMPFOLDER="${T}" check
+}
+
+src_install() {
+ default
+
+ find "${ED}" -name '*.la' -delete || die
+}
diff --git a/dev-libs/xmlsec/xmlsec-1.3.1.ebuild b/dev-libs/xmlsec/xmlsec-1.3.1.ebuild
new file mode 100644
index 000000000000..008af3b95a28
--- /dev/null
+++ b/dev-libs/xmlsec/xmlsec-1.3.1.ebuild
@@ -0,0 +1,93 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit autotools
+
+DESCRIPTION="Command line tool for signing, verifying, encrypting and decrypting XML"
+HOMEPAGE="https://www.aleksey.com/xmlsec"
+SRC_URI="https://www.aleksey.com/xmlsec/download/${PN}1-${PV}.tar.gz"
+S="${WORKDIR}/${PN}1-${PV}"
+
+LICENSE="MIT"
+# Upstream consider major version bumps to be changes in either X or Y in X.Y.Z
+SLOT="0/$(ver_cut 1-2)"
+KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86"
+IUSE="doc gcrypt gnutls http nss +openssl static-libs test"
+RESTRICT="!test? ( test )"
+REQUIRED_USE="
+ || ( gnutls nss openssl )
+"
+
+RDEPEND="
+ >=dev-libs/libxml2-2.7.4
+ >=dev-libs/libxslt-1.0.20
+ dev-libs/libltdl
+ gcrypt? ( >=dev-libs/libgcrypt-1.4.0:= )
+ gnutls? ( >=net-libs/gnutls-3.6.13:= )
+ nss? (
+ >=dev-libs/nspr-4.4.1
+ >=dev-libs/nss-3.9
+ )
+ openssl? ( dev-libs/openssl:= )
+"
+DEPEND="${RDEPEND}"
+BDEPEND="
+ virtual/pkgconfig
+ test? (
+ nss? (
+ >=dev-libs/nss-3.9[utils]
+ )
+ )
+"
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-1.3.0-optimisation.patch
+)
+
+src_prepare() {
+ default
+
+ eautoreconf
+}
+
+src_configure() {
+ local myeconfargs=(
+ $(use_enable doc docs)
+ $(use_enable static-libs static)
+ $(use_with gcrypt)
+ $(use_with gnutls)
+ $(use_with nss nspr)
+ $(use_with nss)
+ $(use_with openssl)
+
+ --disable-werror
+ --enable-mans
+ --enable-pkgconfig
+
+ --enable-concatkdf
+ --enable-pbkdf2
+ --enable-ec
+ --enable-dh
+ --enable-sha3
+
+ --enable-files
+ $(use_enable http)
+ --disable-ftp
+ )
+
+ # Bash because of bug #721128
+ CONFIG_SHELL="${BROOT}"/bin/bash econf "${myeconfargs[@]}"
+}
+
+src_test() {
+ # See https://github.com/lsh123/xmlsec/issues/280 for TZ=UTC
+ TZ=UTC SHELL="${BROOT}"/bin/bash emake TMPFOLDER="${T}" check
+}
+
+src_install() {
+ default
+
+ find "${ED}" -name '*.la' -delete || die
+}