summaryrefslogtreecommitdiff
path: root/dev-libs
diff options
context:
space:
mode:
Diffstat (limited to 'dev-libs')
-rw-r--r--dev-libs/Manifest.gzbin97885 -> 97853 bytes
-rw-r--r--dev-libs/dqlite/Manifest2
-rw-r--r--dev-libs/dqlite/dqlite-1.15.0.ebuild49
-rw-r--r--dev-libs/icu-layoutex/Manifest3
-rw-r--r--dev-libs/icu-layoutex/icu-layoutex-73.2.ebuild135
-rw-r--r--dev-libs/icu/Manifest3
-rw-r--r--dev-libs/icu/icu-73.2.ebuild176
-rw-r--r--dev-libs/libclc/Manifest4
-rw-r--r--dev-libs/libclc/libclc-16.0.6.9999.ebuild (renamed from dev-libs/libclc/libclc-16.0.6.ebuild)2
-rw-r--r--dev-libs/libjcat/Manifest2
-rw-r--r--dev-libs/libjcat/libjcat-0.1.14.ebuild68
-rw-r--r--dev-libs/libzia/Manifest6
-rw-r--r--dev-libs/libzia/libzia-4.39.ebuild54
-rw-r--r--dev-libs/libzia/libzia-4.40.ebuild54
-rw-r--r--dev-libs/libzia/libzia-4.42.ebuild54
-rw-r--r--dev-libs/mpfr/Manifest2
-rw-r--r--dev-libs/mpfr/mpfr-4.2.0_p9.ebuild1
-rw-r--r--dev-libs/ntl/Manifest1
-rw-r--r--dev-libs/ntl/ntl-11.5.1-r4.ebuild91
-rw-r--r--dev-libs/openssl-compat/Manifest3
-rw-r--r--dev-libs/openssl-compat/openssl-compat-1.1.1t.ebuild221
-rw-r--r--dev-libs/openssl/Manifest22
-rw-r--r--dev-libs/openssl/files/openssl-1.1.1t-CVE-2023-0464.patch215
-rw-r--r--dev-libs/openssl/files/openssl-1.1.1t-CVE-2023-0465.patch48
-rw-r--r--dev-libs/openssl/files/openssl-1.1.1t-CVE-2023-0466.patch41
-rw-r--r--dev-libs/openssl/files/openssl-3.0.8-CVE-2023-0464.patch214
-rw-r--r--dev-libs/openssl/files/openssl-3.0.8-CVE-2023-0465.patch46
-rw-r--r--dev-libs/openssl/files/openssl-3.0.8-CVE-2023-0466.patch41
-rw-r--r--dev-libs/openssl/files/openssl-3.0.8-CVE-2023-1255.patch40
-rw-r--r--dev-libs/openssl/files/openssl-3.0.8-mips-cflags.patch30
-rw-r--r--dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0464.patch214
-rw-r--r--dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0465.patch46
-rw-r--r--dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0466.patch41
-rw-r--r--dev-libs/openssl/files/openssl-3.1.0-CVE-2023-1255.patch40
-rw-r--r--dev-libs/openssl/openssl-1.1.1t-r1.ebuild265
-rw-r--r--dev-libs/openssl/openssl-1.1.1t-r3.ebuild269
-rw-r--r--dev-libs/openssl/openssl-3.0.8-r4.ebuild281
-rw-r--r--dev-libs/openssl/openssl-3.1.0-r3.ebuild284
-rw-r--r--dev-libs/serdisplib/Manifest2
-rw-r--r--dev-libs/serdisplib/serdisplib-2.02-r2.ebuild6
-rw-r--r--dev-libs/weston/Manifest2
-rw-r--r--dev-libs/weston/weston-11.0.1.ebuild2
-rw-r--r--dev-libs/xmlsec/Manifest4
-rw-r--r--dev-libs/xmlsec/files/xmlsec-1.2.37-libressl.patch40
-rw-r--r--dev-libs/xmlsec/xmlsec-1.2.37-r1.ebuild66
-rw-r--r--dev-libs/xmlsec/xmlsec-1.3.1.ebuild93
46 files changed, 2538 insertions, 745 deletions
diff --git a/dev-libs/Manifest.gz b/dev-libs/Manifest.gz
index cef995e6e8d4..3bf6775c5d61 100644
--- a/dev-libs/Manifest.gz
+++ b/dev-libs/Manifest.gz
Binary files differ
diff --git a/dev-libs/dqlite/Manifest b/dev-libs/dqlite/Manifest
index ea5811e786bc..e98babe68b01 100644
--- a/dev-libs/dqlite/Manifest
+++ b/dev-libs/dqlite/Manifest
@@ -1,6 +1,4 @@
AUX dqlite-1.12.0-disable-werror.patch 515 BLAKE2B 3a2ed21d6d4b33f3f39789459754f3663ff03946c65a9660bb98a07bbc6b9b3bde7f800580f40b2e49f92744cbca719463226c60a8e98b8f41f689797b63a916 SHA512 af0a219f9ef5315fdb169f7f812059b6cadc251df5262de8d5574827afb23da64e9d0015ef38db0e5581dd9e6a992a72e3a54c2cbb5181ceddcc07082a98bfdb
DIST dqlite-1.14.0.tar.gz 190757 BLAKE2B 5304ff10134c7775c4475f77bbe60cc6892cc35c3f2a7b4813743cd27fc1176a1d513d66ebf22b47ed7e83fa833be1408f44f781fbd8200bfd3f4465ea1d6011 SHA512 4305b289903766f00c26e278cce3f761c778b67105a6d7e51e66cc1cbf85564fd41f27689b6895c6f182968d851e10a40d052570d55e22007e9eb5c2929dabd9
-DIST dqlite-1.15.0.tar.gz 208833 BLAKE2B 41d2fced65c787381300aed1d0ee2393dc9e7aa371acd7efbee0744e00fed8a6ee7175eb3041f9cd198c1f0beef8951984e2a34646cbc069ea9d35753ba7568c SHA512 413f5aa7ad9d990638c6ffbdf5706ec69635ead0ad21314603b3c997608c696bd294bd5d15c092d1619509fc4d51c4038deaec82bd82cbbd4070f4a4020f9cc4
EBUILD dqlite-1.14.0.ebuild 1030 BLAKE2B 6bab29603f06e7c77bfe3b4e8368025be5e3780d4bf7e7b0c9cbbbb963ad6fe2bbb5e522e8e8875eb1c26a367757132f45c268d9085bcffe057e2b502f8f7c14 SHA512 49d06af2574dc18cf68129813953fce654aca56329115b877b0dc58396d7c0b9dd4bbef9d87660943045b1b51e50b81297cfc978db5019006dae37ced408de71
-EBUILD dqlite-1.15.0.ebuild 1031 BLAKE2B 63c90dc64ce177796a67d7b233ae47e0ac8e68dd6b77344876f444d82373054cdabec9e2e97a4a2b0ed75ebada95d7aed3bece26890c6c505cdfcfa4f7009ce9 SHA512 80488218329881c0c2597b6ab3e04ad7195adebd6a42ebd61646350248c6947dfb9741d304f69fee37ae6f97296c30a203a0f9e0482cd392eaac2b959c23801f
MISC metadata.xml 950 BLAKE2B 26822e40a2c719e8e3a03db6e513d869eef038fcca973ef049da1b6eeec29aefd0867d6bced049ad1dd0465a4d942982565ff0436a7744ffb127879987ea626a SHA512 bb07a8a87ae66e5b5a2aca695e9d5cd1e5a1d725d1d9200099f9d5b46adad83c2ca9ebfedc172ad01fe31aecc1fbbe5a4de7255a2e04d4462c03a106127c7221
diff --git a/dev-libs/dqlite/dqlite-1.15.0.ebuild b/dev-libs/dqlite/dqlite-1.15.0.ebuild
deleted file mode 100644
index 7eae68fc19f4..000000000000
--- a/dev-libs/dqlite/dqlite-1.15.0.ebuild
+++ /dev/null
@@ -1,49 +0,0 @@
-# Copyright 2020-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit autotools
-
-DESCRIPTION="Embeddable, replicated and fault tolerant SQL engine"
-HOMEPAGE="https://dqlite.io/ https://github.com/canonical/dqlite"
-SRC_URI="https://github.com/canonical/dqlite/archive/v${PV}.tar.gz -> ${P}.tar.gz"
-
-LICENSE="LGPL-3-with-linking-exception"
-SLOT="0/1.15.0"
-KEYWORDS="~amd64 ~arm64 ~x86"
-IUSE="test"
-RESTRICT="!test? ( test )"
-
-RDEPEND="dev-db/sqlite:3
- dev-libs/libuv:=
- >=dev-libs/raft-0.17.1:="
-DEPEND="${RDEPEND}
- test? ( >=dev-libs/raft-0.13.0[lz4,test] )"
-BDEPEND="virtual/pkgconfig"
-
-PATCHES=( "${FILESDIR}"/dqlite-1.12.0-disable-werror.patch )
-
-src_prepare() {
- default
- eautoreconf
-}
-
-src_configure() {
- local myeconfargs=(
- --disable-backtrace
- --disable-debug
- --disable-sanitize
- --disable-static
-
- # Will build a bundled libsqlite3.so.
- --enable-build-sqlite=no
- )
-
- econf "${myeconfargs[@]}"
-}
-
-src_install() {
- default
- find "${ED}" -name '*.la' -delete || die
-}
diff --git a/dev-libs/icu-layoutex/Manifest b/dev-libs/icu-layoutex/Manifest
index 1d846a314660..d140cffcfaab 100644
--- a/dev-libs/icu-layoutex/Manifest
+++ b/dev-libs/icu-layoutex/Manifest
@@ -1,8 +1,5 @@
AUX icu-layoutex-65.1-remove-bashisms.patch 4963 BLAKE2B fb781741a7a908638876729d573a73e42b7b3f0f3e692b54799fed0dac006ecb731583d90d849ea06be47259a0a236933fa7a78a96b3a8107ee85f916dc2000a SHA512 67e60068c356ca8d93b137eadeef2562ff7d8f38153babc97edd92a2c38d7113396d63d4a09364dacefc612b4b3ea28872a4f767c4f38d3e725943b32f98c5bc
DIST icu4c-73_1-src.tgz 26512935 BLAKE2B 45de117efc4a49301c04a997963393967a70b8583abf1a9626331e275c5bc329cf2685de5c80b32f764c8ff2530b5594316d7119ce66503e5adba7842ca24424 SHA512 e788e372716eecebc39b56bbc88f3a458e21c3ef20631c2a3d7ef05794a678fe8dad482a03a40fdb9717109a613978c7146682e98ee16fade5668d641d5c48f8
DIST icu4c-73_1-src.tgz.asc 833 BLAKE2B 2c0a02a109280c7994f3c9404473119105ccbe051633dd8dc89c14ff65612d7a18deccff2a525752808f26f34d7c192f9346a8c3a0d34af9aa2110744d9f863d SHA512 b7042b0e39e1ebfcef8573d3000088b32a740106c7cfd4c18ebd52e7fd22e64e07b174d766373b1722520369e937fc56d439a0b290a3efeee287b2740388c3d3
-DIST icu4c-73_2-src.tgz 26519906 BLAKE2B 3f7dec9d527939d6d594c92844a400733e43af018bbc2f600edcb18299211a2f2285332188976d15e1ef672191416abac0b95a9d1a2ea6ababdaddf12708ccef SHA512 76dd782db6205833f289d7eb68b60860dddfa3f614f0ba03fe7ec13117077f82109f0dc1becabcdf4c8a9c628b94478ab0a46134bdb06f4302be55f74027ce62
-DIST icu4c-73_2-src.tgz.asc 659 BLAKE2B 83e082ba15ba7aeb366b6d97da15d076c200f9051e55bf00ba13265a3d87aade5a5b18c98a0c903d5015821c63e4b340ffbcc7940a654d169ad1948d6594ce63 SHA512 7598b8cc498ada8ca904b13f7aba27abd3f8f3013a0677d7ffab42d5413df9d2f0526107559301abc4049123b2e6d4d4f4cc589cbd943959d97b595dd57ea63c
EBUILD icu-layoutex-73.1.ebuild 3683 BLAKE2B bc4464b10ebeeb35785e0d9da547f68df2b0fc2c76c6e6ce003773b9a5c139b7f1d71c4bc9273b27ce053cbfd64bcdc0ac73040f9b207ffe0dd8c8188f3b87d5 SHA512 8e01c32f95b127470c9f09397f62fcc20e4de85179c85eba4847f1d5a8857ca3258d6cabacfdaee1a2cc01b65866bb0690f23e380f8d346298187560798fdc22
-EBUILD icu-layoutex-73.2.ebuild 3713 BLAKE2B a9b0eb2676be459bcbd8959730fb6ae4f9a50fd068827cbe592a951b4250b31da0ba3020c5123c761bda78c5b6dae735dfe3be77728f841d0c20580a1eaf34a1 SHA512 de19f0fdc0543b89ce480c56c265d95b28590eafca8dc1df1cf6c77f52e8093b97d5a89dbb22ba7b36a1e5d36f772dc8a7dc2c9a4646991658046c24d4ca53a1
MISC metadata.xml 336 BLAKE2B df52385ac9930c85fc8cb8799f5fd083e99bfe1bacd63519001f91b841cacdc50d6b7ed32f3520372cbab48d270bb05fd0896eaec55046ce1eac03af4502365e SHA512 80d8e03229a72e9acd1429f7ed697df59e98899b135bb40367e95d6eed63aa011efd2121601be68e685350b6eadd46e6f39c036f86ff18bc3c85410e88008c7e
diff --git a/dev-libs/icu-layoutex/icu-layoutex-73.2.ebuild b/dev-libs/icu-layoutex/icu-layoutex-73.2.ebuild
deleted file mode 100644
index 9be9fd5da51e..000000000000
--- a/dev-libs/icu-layoutex/icu-layoutex-73.2.ebuild
+++ /dev/null
@@ -1,135 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-# Please bump with dev-libs/icu
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/icu.asc
-inherit autotools flag-o-matic multilib-minimal toolchain-funcs verify-sig
-
-MY_PV=${PV/_rc/-rc}
-MY_PV=${MY_PV//./_}
-
-DESCRIPTION="External layout part of International Components for Unicode"
-HOMEPAGE="https://icu.unicode.org/"
-SRC_URI="https://github.com/unicode-org/icu/releases/download/release-${MY_PV/_/-}/icu4c-${MY_PV/-rc/rc}-src.tgz"
-SRC_URI+=" verify-sig? ( https://github.com/unicode-org/icu/releases/download/release-${MY_PV/_/-}/icu4c-${MY_PV/-rc/rc}-src.tgz.asc )"
-S="${WORKDIR}"/${PN/-layoutex}/source
-
-LICENSE="BSD"
-SLOT="0/${PV%.*}.1"
-if [[ ${PV} != *_rc* ]] ; then
- KEYWORDS="~alpha ~amd64 ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86"
-fi
-IUSE="debug static-libs test"
-RESTRICT="!test? ( test )"
-
-DEPEND="
- ~dev-libs/icu-${PV}[${MULTILIB_USEDEP}]
- dev-libs/icu-le-hb[${MULTILIB_USEDEP}]
-"
-RDEPEND="${DEPEND}"
-BDEPEND="
- virtual/pkgconfig
- verify-sig? ( >=sec-keys/openpgp-keys-icu-20221020 )
-"
-
-PATCHES=( "${FILESDIR}/${PN}-65.1-remove-bashisms.patch" )
-
-src_prepare() {
- default
-
- # Disable renaming as it assumes stable ABI and that consumers
- # won't use unofficial APIs. We need this despite the configure argument.
- sed -i \
- -e "s/#define U_DISABLE_RENAMING 0/#define U_DISABLE_RENAMING 1/" \
- common/unicode/uconfig.h || die
-
- # Fix linking of icudata
- sed -i \
- -e "s:LDFLAGSICUDT=-nodefaultlibs -nostdlib:LDFLAGSICUDT=:" \
- config/mh-linux || die
-
- eautoreconf
-}
-
-src_configure() {
- MAKEOPTS+=" VERBOSE=1"
-
- # ICU tries to append -std=c++11 without this, so as of 71.1,
- # despite GCC 9+ using c++14 (or gnu++14) and GCC 11+ using gnu++17,
- # we still need this.
- append-cxxflags -std=c++14
-
- if tc-is-cross-compiler; then
- mkdir "${WORKDIR}"/host || die
- pushd "${WORKDIR}"/host >/dev/null || die
-
- CFLAGS="" CXXFLAGS="" ASFLAGS="" LDFLAGS="" \
- CC="$(tc-getBUILD_CC)" CXX="$(tc-getBUILD_CXX)" AR="$(tc-getBUILD_AR)" \
- RANLIB="$(tc-getBUILD_RANLIB)" LD="$(tc-getBUILD_LD)" \
- "${S}"/configure --disable-renaming --disable-debug \
- --disable-samples --enable-static || die
- emake
-
- popd >/dev/null || die
- fi
-
- multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
- local myeconfargs=(
- --disable-renaming
- # We want a minimal build as this is just for layoutex
- # so we disable as much as possible
- --disable-samples
- --disable-extras
- --disable-icuio
-
- # This is icu-layoutex, so..
- --enable-layoutex
-
- $(use_enable debug)
- $(use_enable static-libs static)
-
- # Need tools for tests, otherwise get this in configure:
- # "## Note: you have disabled ICU's tools. This ICU cannot build its own data or tests.
- # ## Expect build failures in the 'data', 'test', and other directories."
- # ... although layoutex has no tests right now anyway, but let's keep this
- # for the future.
- $(use_enable test tools)
- $(use_enable test tests)
- )
-
- tc-is-cross-compiler && myeconfargs+=(
- --with-cross-build="${WORKDIR}"/host
- )
-
- # icu tries to use clang by default
- tc-export CC CXX
-
- ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
-}
-
-multilib_src_test() {
- # INTLTEST_OPTS: intltest options
- # -e: Exhaustive testing
- # -l: Reporting of memory leaks
- # -v: Increased verbosity
- # IOTEST_OPTS: iotest options
- # -e: Exhaustive testing
- # -v: Increased verbosity
- # CINTLTST_OPTS: cintltst options
- # -e: Exhaustive testing
- # -v: Increased verbosity
- pushd layoutex &>/dev/null || die
- emake VERBOSE="1" check
- popd &>/dev/null || die
-}
-
-multilib_src_install() {
- pushd layoutex &>/dev/null || die
- default
- popd &>/dev/null || die
-}
diff --git a/dev-libs/icu/Manifest b/dev-libs/icu/Manifest
index aa3da5e1ac9b..7d9d9c68ae72 100644
--- a/dev-libs/icu/Manifest
+++ b/dev-libs/icu/Manifest
@@ -4,8 +4,5 @@ AUX icu-68.1-nonunicode.patch 477 BLAKE2B 5e74142e5adbf8f3fffa23c8fb08657b5b75d1
AUX icu-73.1-fix-UChar-api-deux.patch 3383 BLAKE2B 7dde89d0936f9690d5065b6c1701ee9f139aed0a0e092c92a76eb45818c44f135f0ff3ab3fc4a641cc34246d13c278c7aeb499ce5d90280eb142b3407a3e055e SHA512 525948ac9e4203ed1c187d40439542a45736498ba5e04e0fb3cd9adbc58f17210246233b20ac615e742bb56a1ac49d5758255ae3e7b4e2b24b36f7683a769820
DIST icu4c-73_1-src.tgz 26512935 BLAKE2B 45de117efc4a49301c04a997963393967a70b8583abf1a9626331e275c5bc329cf2685de5c80b32f764c8ff2530b5594316d7119ce66503e5adba7842ca24424 SHA512 e788e372716eecebc39b56bbc88f3a458e21c3ef20631c2a3d7ef05794a678fe8dad482a03a40fdb9717109a613978c7146682e98ee16fade5668d641d5c48f8
DIST icu4c-73_1-src.tgz.asc 833 BLAKE2B 2c0a02a109280c7994f3c9404473119105ccbe051633dd8dc89c14ff65612d7a18deccff2a525752808f26f34d7c192f9346a8c3a0d34af9aa2110744d9f863d SHA512 b7042b0e39e1ebfcef8573d3000088b32a740106c7cfd4c18ebd52e7fd22e64e07b174d766373b1722520369e937fc56d439a0b290a3efeee287b2740388c3d3
-DIST icu4c-73_2-src.tgz 26519906 BLAKE2B 3f7dec9d527939d6d594c92844a400733e43af018bbc2f600edcb18299211a2f2285332188976d15e1ef672191416abac0b95a9d1a2ea6ababdaddf12708ccef SHA512 76dd782db6205833f289d7eb68b60860dddfa3f614f0ba03fe7ec13117077f82109f0dc1becabcdf4c8a9c628b94478ab0a46134bdb06f4302be55f74027ce62
-DIST icu4c-73_2-src.tgz.asc 659 BLAKE2B 83e082ba15ba7aeb366b6d97da15d076c200f9051e55bf00ba13265a3d87aade5a5b18c98a0c903d5015821c63e4b340ffbcc7940a654d169ad1948d6594ce63 SHA512 7598b8cc498ada8ca904b13f7aba27abd3f8f3013a0677d7ffab42d5413df9d2f0526107559301abc4049123b2e6d4d4f4cc589cbd943959d97b595dd57ea63c
EBUILD icu-73.1-r2.ebuild 4264 BLAKE2B 3c8d964bf391c1073e81d2adadcbe66f106b1dead12df1d5d2786fcc7611495dbf34b2a350193203d20984a240cd3590c8ef1f4b1df325ee6b98161e6f3433f0 SHA512 bf4e2d1b0263b7968e04faf1117407eba9ce4ad8777e71e6e61bcbf6d653f0bc6a280f82ce2f7c9c623ffadf0e3cdb03d0590aefee1fda1a48ed1be9a1a7d962
-EBUILD icu-73.2.ebuild 4530 BLAKE2B 4a972f975823df4cfc13ccf7dc11c909f0cca815b94b6851480fbf24c4da8883b874f4f47ffd43b78f842a448be35a8e38c436fa226ec59f04f37e970014dff1 SHA512 6458ba0298afc1052879d8ccd88d11cc4c4b1e6a927fcbd9480c8097924b2e8aeb0c119b5db7559f6512a6b494acdb14aa256ff6d0074fd6ee1a0d6110c3491b
MISC metadata.xml 336 BLAKE2B df52385ac9930c85fc8cb8799f5fd083e99bfe1bacd63519001f91b841cacdc50d6b7ed32f3520372cbab48d270bb05fd0896eaec55046ce1eac03af4502365e SHA512 80d8e03229a72e9acd1429f7ed697df59e98899b135bb40367e95d6eed63aa011efd2121601be68e685350b6eadd46e6f39c036f86ff18bc3c85410e88008c7e
diff --git a/dev-libs/icu/icu-73.2.ebuild b/dev-libs/icu/icu-73.2.ebuild
deleted file mode 100644
index f12fca293873..000000000000
--- a/dev-libs/icu/icu-73.2.ebuild
+++ /dev/null
@@ -1,176 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-# Please bump with dev-libs/icu-layoutex
-
-PYTHON_COMPAT=( python3_{10..11} )
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/icu.asc
-inherit autotools flag-o-matic multilib-minimal python-any-r1 toolchain-funcs verify-sig
-
-MY_PV=${PV/_rc/-rc}
-MY_PV=${MY_PV//./_}
-
-DESCRIPTION="International Components for Unicode"
-HOMEPAGE="https://icu.unicode.org/"
-SRC_URI="https://github.com/unicode-org/icu/releases/download/release-${MY_PV/_/-}/icu4c-${MY_PV/-rc/rc}-src.tgz"
-SRC_URI+=" verify-sig? ( https://github.com/unicode-org/icu/releases/download/release-${MY_PV/_/-}/icu4c-${MY_PV/-rc/rc}-src.tgz.asc )"
-S="${WORKDIR}"/${PN}/source
-
-if [[ ${PV} != *_rc* ]] ; then
- KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris"
-fi
-LICENSE="BSD"
-SLOT="0/${PV%.*}.1"
-IUSE="debug doc examples static-libs test"
-RESTRICT="!test? ( test )"
-
-BDEPEND="
- ${PYTHON_DEPS}
- sys-devel/autoconf-archive
- virtual/pkgconfig
- doc? ( app-doc/doxygen[dot] )
- verify-sig? ( >=sec-keys/openpgp-keys-icu-20221020 )
-"
-
-MULTILIB_CHOST_TOOLS=(
- /usr/bin/icu-config
-)
-
-PATCHES=(
- "${FILESDIR}/${PN}-65.1-remove-bashisms.patch"
- "${FILESDIR}/${PN}-64.2-darwin.patch"
- "${FILESDIR}/${PN}-68.1-nonunicode.patch"
-)
-
-src_prepare() {
- default
-
- # Disable renaming as it assumes stable ABI and that consumers
- # won't use unofficial APIs. We need this despite the configure argument.
- sed -i \
- -e "s/#define U_DISABLE_RENAMING 0/#define U_DISABLE_RENAMING 1/" \
- common/unicode/uconfig.h || die
-
- # Fix linking of icudata
- sed -i \
- -e "s:LDFLAGSICUDT=-nodefaultlibs -nostdlib:LDFLAGSICUDT=:" \
- config/mh-linux || die
-
- # Append doxygen configuration to configure
- sed -i \
- -e 's:icudefs.mk:icudefs.mk Doxyfile:' \
- configure.ac || die
-
- eautoreconf
-}
-
-src_configure() {
- MAKEOPTS+=" VERBOSE=1"
-
- # ICU tries to append -std=c++11 without this, so as of 71.1,
- # despite GCC 9+ using c++14 (or gnu++14) and GCC 11+ using gnu++17,
- # we still need this.
- append-cxxflags -std=c++14
-
- if tc-is-cross-compiler; then
- mkdir "${WORKDIR}"/host || die
- pushd "${WORKDIR}"/host >/dev/null || die
-
- CFLAGS="" CXXFLAGS="" ASFLAGS="" LDFLAGS="" \
- CC="$(tc-getBUILD_CC)" CXX="$(tc-getBUILD_CXX)" AR="$(tc-getBUILD_AR)" \
- RANLIB="$(tc-getBUILD_RANLIB)" LD="$(tc-getBUILD_LD)" \
- "${S}"/configure --disable-renaming --disable-debug \
- --disable-samples --enable-static || die
- emake
-
- popd >/dev/null || die
- fi
-
- multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
- local myeconfargs=(
- --disable-renaming
- --disable-samples
- # TODO: Merge with dev-libs/icu-layoutex
- # Planned to do this w/ 73.2 but seem to get test failures
- # only with --enable-layoutex.
- --disable-layoutex
- $(use_enable debug)
- $(use_enable static-libs static)
- $(use_enable test tests)
- $(multilib_native_use_enable examples samples)
- )
-
- #if use test ; then
- # myeconfargs+=(
- # --enable-extras
- # --enable-tools
- # )
- #else
- # myeconfargs+=(
- # $(multilib_native_enable extras)
- # $(multilib_native_enable tools)
- # )
- #fi
-
- tc-is-cross-compiler && myeconfargs+=(
- --with-cross-build="${WORKDIR}"/host
- )
-
- # Work around cross-endian testing failures with LTO, bug #757681
- if tc-is-cross-compiler && is-flagq '-flto*' ; then
- myeconfargs+=( --disable-strict )
- fi
-
- # ICU tries to use clang by default
- tc-export CC CXX
-
- # Make sure we configure with the same shell as we run icu-config
- # with, or ECHO_N, ECHO_T and ECHO_C will be wrongly defined
- export CONFIG_SHELL="${EPREFIX}/bin/sh"
- # Probably have no /bin/sh in prefix-chain
- [[ -x ${CONFIG_SHELL} ]] || CONFIG_SHELL="${BASH}"
-
- ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
-}
-
-multilib_src_compile() {
- default
-
- if multilib_is_native_abi && use doc; then
- doxygen -u Doxyfile || die
- doxygen Doxyfile || die
- fi
-}
-
-multilib_src_test() {
- # INTLTEST_OPTS: intltest options
- # -e: Exhaustive testing
- # -l: Reporting of memory leaks
- # -v: Increased verbosity
- # IOTEST_OPTS: iotest options
- # -e: Exhaustive testing
- # -v: Increased verbosity
- # CINTLTST_OPTS: cintltst options
- # -e: Exhaustive testing
- # -v: Increased verbosity
- emake check
-}
-
-multilib_src_install() {
- default
-
- if multilib_is_native_abi && use doc; then
- docinto html
- dodoc -r doc/html/*
- fi
-}
-
-multilib_src_install_all() {
- local HTML_DOCS=( ../readme.html )
- einstalldocs
-}
diff --git a/dev-libs/libclc/Manifest b/dev-libs/libclc/Manifest
index 7cc3af27e4b8..5771f236fa85 100644
--- a/dev-libs/libclc/Manifest
+++ b/dev-libs/libclc/Manifest
@@ -4,13 +4,11 @@ DIST llvm-project-15.0.7.src.tar.xz 110936452 BLAKE2B f3d277e2029157329e5be78b78
DIST llvm-project-15.0.7.src.tar.xz.sig 566 BLAKE2B 47dc8c82d86237b80c6d85f83a6c9a6e9e174cf8e7f367b071e0cd9481d7cd408e991337c5624e07f3f370f26387c814f212808575ed1c1b58404d3e3836b7df SHA512 fc6891b440dd1175eb8df3790590af8d36bc92301660f84744ae15123475aeb900a151e6a8e7998ded27ec4d86871903ad0b89cd61164943054c2e3bc8d8beb2
DIST llvm-project-16.0.5.src.tar.xz 118000368 BLAKE2B 9f84e6bab450dc8d6379771afbca5cddc6fbad6c9728726f7158f290ab87d464ff657e89e1c8fc3c474362cc865ff13c5d55ef758c848ea3e660d732cb2fdefa SHA512 7008e7e9c8c2246fe98ba3f0c0fa91e41c88c4da427bf1cfdcce7ef57e5ea838efe7c58c523a7d1708e70d64a4338afe16d06fba2fc7ac5a6c19ca3d6ee41e99
DIST llvm-project-16.0.5.src.tar.xz.sig 566 BLAKE2B 4c96f294f350e0086f8504a54c3387308c60efb573c8def40aec45b1918d43e36c44bafb0823625b6cefa5d99b3aacd7823d6c92c7a64a737653d5b51839a924 SHA512 4550c7c6a1b6ea603d1499aba5aca746f3948a00e7567604f5e7dc3b215a34357bad382a7ebea1f6cd7952841cb75a0dfbe2c278a8c6fcb630a5035b3e16e869
-DIST llvm-project-16.0.6.src.tar.xz 118013488 BLAKE2B 95192d39cbd2914e5609db365965f1c00bfea6c2d653b3996bd2acef8a2b37e37f6fc8a9d2b65711ad72657e0ef52c42f733053cf65051e7822f27396c30406d SHA512 89a67ebfbbc764cc456e8825ecfa90707741f8835b1b2adffae0b227ab1fe5ca9cce75b0efaffc9ca8431cae528dc54fd838867a56a2b645344d9e82d19ab1b7
-DIST llvm-project-16.0.6.src.tar.xz.sig 566 BLAKE2B 2060cebd5ed57cb8a86a44238c43dfd4b921649298b10c3d19da308374c1e49869174294e29943c2af459fe06428264e26881d6c1288ebbc48686cc2cf467c7a SHA512 ca249262c7102e0889ec1bdc6f71a3a6f0e7e5d5fbab8abcd6fccd2871e7955eff7af5b055a76006097baf0dfaf2f5069eff3035b3107fc552abdb2481b21447
DIST llvm-project-62c0bdabfa32f6e32b17b45425b15309db340dfb.tar.gz 190948645 BLAKE2B f41d8ea32e189ef4641e42628fb516e307c9a6fcf65af537eb9fc0d3186591b062c5e85c9e935511ef706f28c6994a774a4e3f36ff54d79aaac7b293a6168625 SHA512 55a4cbfec3a496c1918aa614e5bdee368e4d0b6641c946d8bf8b828ab4bf4d9b29dbe96401a172079d70f924f5e513428fe990c65b556a0a860802cb13f5e3a0
EBUILD libclc-14.0.6.ebuild 1390 BLAKE2B b355a93d63ee4beb5f3782cda8514aa02f16e71563f66bac6fc7a5e3beae40efa1bdbe098f3d83ce775d0458118f19fceb7225f2b5511823c8e56cabdae4f2d8 SHA512 488e5c278fe4b48ec8ce6ccd76d489cf08251ce6e8f8bd417048a80a10e4a5cf72f20462aa8115f72afe1a40dbee02d936680d516dd1c940fd52fe6f55402e69
EBUILD libclc-15.0.7.ebuild 1668 BLAKE2B ac2bd589fb3c29662799f97b1f649fd22b1b7ce5701879815bc01a05ae88421a830a6a3507b4dead181f24eb4e45c451e8ea1ebbdac2a2de51ddbc3cd9f53c66 SHA512 a3e39fbaddb322360f6362ef21713f375d04e02b2b9a3d43a3d47b26d5d43643a8c654181aef9518aee5f9805d09c446bbbf13342b74f09622e5e1b0c59470b1
EBUILD libclc-16.0.5.ebuild 1666 BLAKE2B 762d3a49fee878e2b6b8fe92579535eb884cb27f31bfb057e1d6f590edf59e36ed4d3ee9890a7d9f09d11f9ad99a60117e86797dfc6f5c0934f0695ecff6618e SHA512 df8d4b01080c168a79fda05bbd40d05fd5ff1a118848d68503032b1d11450d38f897d8f8e46a01c95d90585580f600558616d30ba90d79953df66500ee391e9a
-EBUILD libclc-16.0.6.ebuild 1666 BLAKE2B 762d3a49fee878e2b6b8fe92579535eb884cb27f31bfb057e1d6f590edf59e36ed4d3ee9890a7d9f09d11f9ad99a60117e86797dfc6f5c0934f0695ecff6618e SHA512 df8d4b01080c168a79fda05bbd40d05fd5ff1a118848d68503032b1d11450d38f897d8f8e46a01c95d90585580f600558616d30ba90d79953df66500ee391e9a
+EBUILD libclc-16.0.6.9999.ebuild 1648 BLAKE2B ef8120b2fed334092a18bc7f172ef6acac58e8a5a3fe69a7cdc624663d5c42165c9b00c21a86078ab797202f3f0c39f190141b9925e964219e2c277e2173e353 SHA512 f5373c4cee59d806edae0b1d10298dac8b5b7e6a1f05d0068cb454fdbbd4ad30978a3ccc287c67a67125d4ff8f91ed066d2579262ebdd2d7d6f6f11877b3b864
EBUILD libclc-17.0.0.9999.ebuild 1726 BLAKE2B 6078f1110dc77ec16b4dc2d84a987bca64ca7fed368d11c859b0b69e971e9d2d85e3150d70b3eaeaed94d44e273048ff8c618d7aba5ed9de31b53b042cef1afa SHA512 ce2a3aa916e236a001b7297953a8dc4073e6cce0b985467635b13560484205d8b15025f9c391954af1a7d64d2e12493bb16ba75ec29ae41cb55265489f86cd74
EBUILD libclc-17.0.0_pre20230609.ebuild 1726 BLAKE2B 6078f1110dc77ec16b4dc2d84a987bca64ca7fed368d11c859b0b69e971e9d2d85e3150d70b3eaeaed94d44e273048ff8c618d7aba5ed9de31b53b042cef1afa SHA512 ce2a3aa916e236a001b7297953a8dc4073e6cce0b985467635b13560484205d8b15025f9c391954af1a7d64d2e12493bb16ba75ec29ae41cb55265489f86cd74
MISC metadata.xml 362 BLAKE2B 768f93d0058e4da4b420569f3f1771dfa7385ad89540bbc18cf53b5a71e3f060a8afa1112ff37570d7fc9dc3e71619fa3fd8d0cf7b5d3954f5110b19e146df30 SHA512 e6335424da09f668953acd39dcd9b03a30e3b509b34b1de5c72644a3740a5b6b287f10e08405b79bafc8104cc4dc1324b7b9d7990c3b560b0235ae82da8c68a5
diff --git a/dev-libs/libclc/libclc-16.0.6.ebuild b/dev-libs/libclc/libclc-16.0.6.9999.ebuild
index da4aa04415e5..0c41ce89312c 100644
--- a/dev-libs/libclc/libclc-16.0.6.ebuild
+++ b/dev-libs/libclc/libclc-16.0.6.9999.ebuild
@@ -11,7 +11,7 @@ HOMEPAGE="https://libclc.llvm.org/"
LICENSE="Apache-2.0-with-LLVM-exceptions || ( MIT BSD )"
SLOT="0"
-KEYWORDS="~amd64 ~riscv ~x86"
+KEYWORDS=""
IUSE="+spirv video_cards_nvidia video_cards_r600 video_cards_radeonsi"
LLVM_MAX_SLOT=16
diff --git a/dev-libs/libjcat/Manifest b/dev-libs/libjcat/Manifest
index 555159559468..5957b111b5cc 100644
--- a/dev-libs/libjcat/Manifest
+++ b/dev-libs/libjcat/Manifest
@@ -1,6 +1,4 @@
AUX libjcat-0.1.11-disable_installed_tests.patch 1473 BLAKE2B 5b5705f44fcaf6f74126d4ee62c08966dc1d1816974f8fc82a57fa8f1d44ac32f0b813a669b0f638df0e5d3604864671b0a0cce47f966cce578dc0471489e794 SHA512 4bb721822d3b8965119e30f5d1b0854d5f6ec8caed04dc8fea8811fdce9847d553197ae8042ef9a39de3109a4c12564f7c3f1c56d5c0b64e7924865a58aaafa6
DIST libjcat-0.1.13.tar.gz 69950 BLAKE2B 5ff85feff37c5728c8cace5e2f38c179c65a82954a23fd26794a5483cdf29e07601cdaffe27c28a28f7d2b0d57aa3800589c20e19e0a512768f5f87176a56789 SHA512 a66082e3c1641b427af971843822a7893cd40dbb82a596737fd6445fe8e1b527a111dd8f48b9e25a563f0d13e77e22d4c2364ddf96cac38d3e2df5010b37708a
-DIST libjcat-0.1.14.tar.gz 70018 BLAKE2B 71329e6fc04ef37e5af215c88b4a5a03fbd65143604da57b0357d4bd07896a22a98b9028d8529234655adb37e5cefe226d09d987e798bce17b47fef1e1142d1f SHA512 837a50ad31a736a36bd9df26b151c198e18873df0e7444502b7a6e26a86df15f1df970112f2dd22658960389fdfb78a2c601274e2b5c46ec82fceef5aad778c1
EBUILD libjcat-0.1.13.ebuild 1486 BLAKE2B f9cb970aa18ea7bf66d967a4da3f4e021d2d58109a8210eb779bf5ccdde463da000dedf225a3def8272ba839c2767bea1a7f7599741e78cb919692f25d75e656 SHA512 cd124e7cc23ccab0b38e7e358c16761c3165e63bcd4763ddd9c00848f55b7dd83aaca9e54a6b0cd4f8eb52d7802020768362e9ca7a8ca39d295c079fcb0f7134
-EBUILD libjcat-0.1.14.ebuild 1489 BLAKE2B cfcbfea2f1b23f8f9608e9892a240c23243486ed99d7eac2064a65bf1b0cec053c2f303b17c9a2b40a272683c93ad5b86bf3d6144fe04df7823f1eaa7534c54b SHA512 08155d3a831850852f624eabad7c6023a664320033875ab89bb63833d7b254993b98dce349c78b4e0f98d2b615f3e3752fa7a649908b547cf6629d9a787122a0
MISC metadata.xml 938 BLAKE2B 3b6d63d78a61aabdc8e6b7316af5e682513a02ba64bc733c788d356d0d2cbcd0071506d20dfcf3fbad5da9303c69341d5c2839be7518415c2174466c081244d7 SHA512 acb07c600ec49121f27ebf0252913345fb4dacc6a003934c16deae3ea4c055abc0db73cca204b06ca1e4a415879a645690ffe26473cf646112ac7497ea842956
diff --git a/dev-libs/libjcat/libjcat-0.1.14.ebuild b/dev-libs/libjcat/libjcat-0.1.14.ebuild
deleted file mode 100644
index 45b6002047d2..000000000000
--- a/dev-libs/libjcat/libjcat-0.1.14.ebuild
+++ /dev/null
@@ -1,68 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-PYTHON_COMPAT=( python3_{10..12} )
-PYTHON_REQ_USE="xml(+)"
-
-inherit meson python-any-r1 vala xdg-utils
-
-DESCRIPTION="Library and tool for reading and writing Jcat files"
-HOMEPAGE="https://github.com/hughsie/libjcat"
-SRC_URI="https://github.com/hughsie/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz"
-
-LICENSE="LGPL-2.1+"
-SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc64 ~riscv ~x86"
-IUSE="+gpg gtk-doc +introspection +man +pkcs7 test vala"
-
-RDEPEND="dev-libs/glib:2
- dev-libs/json-glib:=
- gpg? (
- app-crypt/gpgme:=
- dev-libs/libgpg-error
- )
- introspection? ( dev-libs/gobject-introspection:= )
- pkcs7? ( net-libs/gnutls )
- vala? ( dev-lang/vala:= )"
-DEPEND="${RDEPEND}"
-BDEPEND="virtual/pkgconfig
- $(python_gen_any_dep '
- dev-python/setuptools[${PYTHON_USEDEP}]
- ')
- gtk-doc? ( dev-util/gtk-doc )
- man? ( sys-apps/help2man )
- test? ( net-libs/gnutls[tools] )"
-
-RESTRICT="!test? ( test )"
-
-PATCHES=(
- "${FILESDIR}"/${PN}-0.1.11-disable_installed_tests.patch
-)
-
-python_check_deps() {
- python_has_version -b "dev-python/setuptools[${PYTHON_USEDEP}]"
-}
-
-pkg_setup() {
- use vala && vala_setup
-}
-
-src_prepare() {
- xdg_environment_reset
- default
-}
-
-src_configure() {
- local emesonargs=(
- $(meson_use gtk-doc gtkdoc)
- $(meson_use gpg)
- $(meson_use introspection)
- $(meson_use man)
- $(meson_use pkcs7)
- $(meson_use test tests)
- $(meson_use vala vapi)
- )
- meson_src_configure
-}
diff --git a/dev-libs/libzia/Manifest b/dev-libs/libzia/Manifest
index aabf7bcd7b53..e9b44a559289 100644
--- a/dev-libs/libzia/Manifest
+++ b/dev-libs/libzia/Manifest
@@ -1,3 +1,9 @@
+DIST libzia-4.39.tar.gz 638203 BLAKE2B 0ff2bf9b404b1e554c3cab3145980b8db97345b2e4fd3f3aa94960c150f0da3efcc361306cd7476e839bc3f57868164181f2e3cb79e0dc3f3a7246841d723251 SHA512 61ae1e2aba9f096f7d6593cf7a72d12822bc30f77287bc36f1ea72c01e9669cbef72492adf017efc73bb507fe08b9939f6ca3e4d695388c642619450fc31c024
+DIST libzia-4.40.tar.gz 638193 BLAKE2B bbeee5f6ee699e09aa791c8b6acb39fed90bdf9a875499177c330d009407157e1ebc36aa432e94dcd78553f803c84fe0d00ce9d613abb657324a061588b77d06 SHA512 dd17a80dbcdf88f7617d439f6dde2af6d319c318e9ee55bc9b375ef1bef5ee708c1af7e133ed304d365b0d6d0c3d52f48ae01f44cb2a6e1285625d785f5f5126
+DIST libzia-4.42.tar.gz 642066 BLAKE2B 8bec7c3bafa68420adc08d7a70016138997fbd89e7e9ebae70f2a47da6216ac041907cb11c5391956895e5d0871c7c02ece28323253f1161e61f75a8ae6b05a6 SHA512 3e27ae0ddf46364f61a06fd85c6be6ee2bca829ef0d0e3a66f4b2ed8089a13e38332c4329a639f5f83120cf7bd9dad29b6e41022884513b3de69c7672d3316e5
DIST libzia-4.43.tar.gz 642097 BLAKE2B 34ab759fc8d4d83067df80d9d3f763717640df38f604222f3fc6b19876a9f5a5f5b79523857fa96d5badf047046b4786f100657ee0a41d0a7096a21c6006e5a0 SHA512 b6341ea6524b2040d63a7b21b9a4c12d26cb5ae30bc08dc37efd5fd7d71ecf7321511e09cc5745adc6f395f841d5e2bb4df827956204db4147ac11d204eaf8da
+EBUILD libzia-4.39.ebuild 1191 BLAKE2B fdedbbb747f79407c1697e883d89dab444cc8fb60065c5800f6593010444160dc555f9c7fdc99e8d336ef7cd3409ce828e3c9156dc627143139bb987d7a20c2b SHA512 57c194225792866b997c7c1e5ed386f87f0213f8eeb4837c44148d013df10a61c6c71ddb20409088bb2e236eb3da948fc5c08c574ffc5d5bf962ab6ccb04cf8d
+EBUILD libzia-4.40.ebuild 1193 BLAKE2B 14f99f1cbc754761e90212206e4d0d01a16071f07aee10c232bbfe66548432a576193bc83847a23bb7bd9d3eaa12e036c2e727e52eb2d5ac33c98b2c2f576856 SHA512 f0a68f7a6e158b889856683f2199c85cfdde1283a7b0d7b075adaa82a0859a9cabad1a731f0a13dddc2954e4084ed0c4d959584ca3c7aeb379befb71a366a2a5
+EBUILD libzia-4.42.ebuild 1193 BLAKE2B 14f99f1cbc754761e90212206e4d0d01a16071f07aee10c232bbfe66548432a576193bc83847a23bb7bd9d3eaa12e036c2e727e52eb2d5ac33c98b2c2f576856 SHA512 f0a68f7a6e158b889856683f2199c85cfdde1283a7b0d7b075adaa82a0859a9cabad1a731f0a13dddc2954e4084ed0c4d959584ca3c7aeb379befb71a366a2a5
EBUILD libzia-4.43.ebuild 1191 BLAKE2B fdedbbb747f79407c1697e883d89dab444cc8fb60065c5800f6593010444160dc555f9c7fdc99e8d336ef7cd3409ce828e3c9156dc627143139bb987d7a20c2b SHA512 57c194225792866b997c7c1e5ed386f87f0213f8eeb4837c44148d013df10a61c6c71ddb20409088bb2e236eb3da948fc5c08c574ffc5d5bf962ab6ccb04cf8d
MISC metadata.xml 326 BLAKE2B 1b8ed6c9d40252f3371cf9a1ec295f593c8898dd8e45173ca05cededf987c7e44e2fafca613f8ad3022e9fbb6886d6aec2d183fd47c3064f35038784f361ebc4 SHA512 0c8a48b1101aa184dc596581feaf47463688801cb0f342177ecfb6fade1d63520ca1b9dcb278279470c181b560f555de332e4d2583e8856eec9057cde34df48f
diff --git a/dev-libs/libzia/libzia-4.39.ebuild b/dev-libs/libzia/libzia-4.39.ebuild
new file mode 100644
index 000000000000..d2bf5df52022
--- /dev/null
+++ b/dev-libs/libzia/libzia-4.39.ebuild
@@ -0,0 +1,54 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit autotools flag-o-matic
+
+DESCRIPTION="Platform abstraction code for tucnak package"
+HOMEPAGE="http://tucnak.nagano.cz"
+SRC_URI="http://tucnak.nagano.cz/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="amd64 x86"
+IUSE="ftdi"
+
+RDEPEND="dev-libs/glib:2
+ x11-libs/gtk+:2
+ media-libs/libsdl2
+ media-libs/libpng:0
+ ftdi? ( dev-embedded/libftdi:1 )
+ elibc_musl? ( sys-libs/libunwind )"
+DEPEND="${RDEPEND}"
+BDEPEND="virtual/pkgconfig"
+
+MAKEOPTS+=" -j1"
+
+src_prepare() {
+ eapply_user
+ sed -i -e "s/docsdir/#docsdir/g" \
+ -e "s/docs_/#docs_/g" Makefile.am || die
+
+ # Fix QA-Warning "QA Notice: pkg-config files with wrong LDFLAGS detected"
+ sed -i -e 's/@LDFLAGS@//' libzia.pc.in || die
+
+ # fix build for MUSL (bug #832235)
+ if use elibc_musl ; then
+ sed -i -e "s/ backtrace(/ unw_backtrace(/" src/zbfd.c || die
+ fi
+ eautoreconf
+}
+
+src_configure() {
+ use elibc_musl && append-libs -lunwind
+ econf \
+ $(use_with ftdi) --with-sdl \
+ --with-png --without-bfd \
+ --disable-static
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+ find "${D}" -name '*.la' -type f -delete || die
+}
diff --git a/dev-libs/libzia/libzia-4.40.ebuild b/dev-libs/libzia/libzia-4.40.ebuild
new file mode 100644
index 000000000000..9c39a847c882
--- /dev/null
+++ b/dev-libs/libzia/libzia-4.40.ebuild
@@ -0,0 +1,54 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit autotools flag-o-matic
+
+DESCRIPTION="Platform abstraction code for tucnak package"
+HOMEPAGE="http://tucnak.nagano.cz"
+SRC_URI="http://tucnak.nagano.cz/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="ftdi"
+
+RDEPEND="dev-libs/glib:2
+ x11-libs/gtk+:2
+ media-libs/libsdl2
+ media-libs/libpng:0
+ ftdi? ( dev-embedded/libftdi:1 )
+ elibc_musl? ( sys-libs/libunwind )"
+DEPEND="${RDEPEND}"
+BDEPEND="virtual/pkgconfig"
+
+MAKEOPTS+=" -j1"
+
+src_prepare() {
+ eapply_user
+ sed -i -e "s/docsdir/#docsdir/g" \
+ -e "s/docs_/#docs_/g" Makefile.am || die
+
+ # Fix QA-Warning "QA Notice: pkg-config files with wrong LDFLAGS detected"
+ sed -i -e 's/@LDFLAGS@//' libzia.pc.in || die
+
+ # fix build for MUSL (bug #832235)
+ if use elibc_musl ; then
+ sed -i -e "s/ backtrace(/ unw_backtrace(/" src/zbfd.c || die
+ fi
+ eautoreconf
+}
+
+src_configure() {
+ use elibc_musl && append-libs -lunwind
+ econf \
+ $(use_with ftdi) --with-sdl \
+ --with-png --without-bfd \
+ --disable-static
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+ find "${D}" -name '*.la' -type f -delete || die
+}
diff --git a/dev-libs/libzia/libzia-4.42.ebuild b/dev-libs/libzia/libzia-4.42.ebuild
new file mode 100644
index 000000000000..9c39a847c882
--- /dev/null
+++ b/dev-libs/libzia/libzia-4.42.ebuild
@@ -0,0 +1,54 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit autotools flag-o-matic
+
+DESCRIPTION="Platform abstraction code for tucnak package"
+HOMEPAGE="http://tucnak.nagano.cz"
+SRC_URI="http://tucnak.nagano.cz/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="ftdi"
+
+RDEPEND="dev-libs/glib:2
+ x11-libs/gtk+:2
+ media-libs/libsdl2
+ media-libs/libpng:0
+ ftdi? ( dev-embedded/libftdi:1 )
+ elibc_musl? ( sys-libs/libunwind )"
+DEPEND="${RDEPEND}"
+BDEPEND="virtual/pkgconfig"
+
+MAKEOPTS+=" -j1"
+
+src_prepare() {
+ eapply_user
+ sed -i -e "s/docsdir/#docsdir/g" \
+ -e "s/docs_/#docs_/g" Makefile.am || die
+
+ # Fix QA-Warning "QA Notice: pkg-config files with wrong LDFLAGS detected"
+ sed -i -e 's/@LDFLAGS@//' libzia.pc.in || die
+
+ # fix build for MUSL (bug #832235)
+ if use elibc_musl ; then
+ sed -i -e "s/ backtrace(/ unw_backtrace(/" src/zbfd.c || die
+ fi
+ eautoreconf
+}
+
+src_configure() {
+ use elibc_musl && append-libs -lunwind
+ econf \
+ $(use_with ftdi) --with-sdl \
+ --with-png --without-bfd \
+ --disable-static
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+ find "${D}" -name '*.la' -type f -delete || die
+}
diff --git a/dev-libs/mpfr/Manifest b/dev-libs/mpfr/Manifest
index 83d0ee6c214d..ef80fb6e61be 100644
--- a/dev-libs/mpfr/Manifest
+++ b/dev-libs/mpfr/Manifest
@@ -28,5 +28,5 @@ DIST mpfr-4.2.0.tar.xz.asc 228 BLAKE2B b281a11528a69418739b0122b4130d9cf212569f9
EBUILD mpfr-4.1.0_p13-r1.ebuild 2783 BLAKE2B 748c9175b11db817c4d4a50879ffac9d2772b8c1aba67111bba8744264705547910b16667caa68eaac7b8d66e7cb331c54150b35fcbdbf47fee4d6c5cd8109a7 SHA512 b8161691727a74f31877dddec7e81e6c37791be74649ea4a96c770ad34661d0deebe27444a1872fb127b5fa191357a048cbc410a6db6bae16b0887d1c843f1ed
EBUILD mpfr-4.1.1_p1.ebuild 2783 BLAKE2B 69d40acad30c90bc0460c3ee4a96323a46ec2ea2d3a6ae96ef696502cd9af2623cd33cd9d1c8a1dc372ee3f643eb254d1e0e91e6289bfd8ce6e463c00c54cfe5 SHA512 12fb0937de94dcf6f04bfa26ff3a0ae1343d9d698777d652e20f734ef51965104a9aa60f8775b897e6b82f75e10e5568a7269ae3f446adbaa3036481a98362c2
EBUILD mpfr-4.2.0.ebuild 3158 BLAKE2B 86a7fcf91c203f87c62b039f609592e2f4ce0f199a89d35d30d5b143ce254938686339cbb0c1b45a17a56c8a159d95bb3517354dfcfb2458d441647e104ed269 SHA512 8c8dfb2424f043372ef058ac7fedea442b5de3733b56497cd96deeee52998247c6872096926c430b78ffc41542e986903d9d6972fbf676f9309f7d4757212f6c
-EBUILD mpfr-4.2.0_p9.ebuild 3166 BLAKE2B 7435f63692a319663ed64ff6ddb6c938f78ac0681a4d8b990825a50e3c4ea2c3b47a43fb0631b7e242438b77e07f2a2851879e72fb88b96a17b4899ad01c6d4f SHA512 b96d7c2bf7a37d235790017b92ddac9c990c4f4be40b3e5dac74bb96ec076ad010c8bd66f1473021263b25529743400e1b09df637df295c91f0851a09d811d86
+EBUILD mpfr-4.2.0_p9.ebuild 3167 BLAKE2B 481b82c925add26fcb119d40cc6d32671a7ad61e1faadb692ad7dcb6acc7238d65982b5d0ddf9aff75bd7742fe83c7fa64928b09dc06e6f62bf72dde16128be1 SHA512 e2b8ccf66b2bdc1d95be34e2f47360c33e0807af97fe90a500c760eff351b666ca45e68b26d5403ae8b5e64ab60ca8d601690d6babc14899580b4059eac2aacf
MISC metadata.xml 344 BLAKE2B b7a0bcfbcf945ce2b6d58a9a2078c823c12de5ef8261ec009612b58a833deecb7caaf864f0b55e0c46aac004c58feb7a1f88f6d78b584c2e25c403cfb1de96a0 SHA512 8b8b5ae00a4f9ba76c193c5d84f27cce973963f4db109219394efccba3a8e8bebb7f241658a0b682331e34c66ee99332f871d826abf6ec5a4ced4f3dce381fe9
diff --git a/dev-libs/mpfr/mpfr-4.2.0_p9.ebuild b/dev-libs/mpfr/mpfr-4.2.0_p9.ebuild
index 3436f7912a8f..bcbbe69004fc 100644
--- a/dev-libs/mpfr/mpfr-4.2.0_p9.ebuild
+++ b/dev-libs/mpfr/mpfr-4.2.0_p9.ebuild
@@ -39,6 +39,7 @@ if [[ ${PV} == *_p* ]] ; then
done
unset patch_url_base my_patch_index mangled_patch_ver
+
fi
S="${WORKDIR}/${MY_P}"
diff --git a/dev-libs/ntl/Manifest b/dev-libs/ntl/Manifest
index 50dfd9aed9cb..ef36d31bbcf1 100644
--- a/dev-libs/ntl/Manifest
+++ b/dev-libs/ntl/Manifest
@@ -1,5 +1,4 @@
DIST ntl-11.5.1.tar.gz 2304103 BLAKE2B 92284383451c7a810f7ee8d9a82836695d19d2a2e46b71c8c60b00acb77f4b4d3bad5497a309616a3e3188567d20203f5ad31295130ab0f3ace08417188c9fda SHA512 cf1f642b8a0f9cdc6dda888e07183817dc67ff494e56a852053aeb15b3d2a0e61fbc05824779c5d1f20b8115fba6f97266acf7e0b0b527c25df5989c86d5928f
EBUILD ntl-11.5.1-r1.ebuild 2071 BLAKE2B 63b41f8d75761d7d002238955c7c3a8f81af90cd3db436eec1e5a30017995f2ffa2456d912e3b103bdb25d3916e5d6f94b17f70ae5960b91fa83bb870f3201a3 SHA512 71a9d39b67f2144522090613a9143585ae17727d200958a89ae7317d6dacaadcdf09d5d10fcca2c00c77f507243fd7e56bfef9cbdc989c42a27f828a8be18dc6
EBUILD ntl-11.5.1-r3.ebuild 2558 BLAKE2B 18998bc75528ff91ee88c6932ae2982d898940fbf0d9e344bab1f445e81cd8899c854816222ed47409543b9d700bb5d0ebbd0dbba9d1dd6bf20af445e9bc2124 SHA512 e308a4c7739df1a8c52d7aa3714a81701afd2d7049c2ea9db4b9580ff51e267d3ac17016275b55b8bc51ed6a3e863bfb7fb42a1746011a500006c9322380e23b
-EBUILD ntl-11.5.1-r4.ebuild 2674 BLAKE2B abfbeaffe5f23d694d740536f7e9f998fac0ce60f205886f566c5eaca81a7ef41a67eb4612030553413b9c731a6c12704943a06c39b154186e459b4cf3ae167d SHA512 5aebc09655d7423161f42518bbdb0c3be8550e283598b6784a54c99a296233ec7f023ba264f0c0b332cd5889e50957ef6d95d57405791560de69c131d34a337f
MISC metadata.xml 628 BLAKE2B 12ef87b42f60ca7bd5f91708c96471378481bfdc911d638a550608f62928a40e879431028f6e578047b79749e0c8307a4075520434191099adece5a771e5c27f SHA512 724f4bc44918ec49f4bb30ef7c9cc6de8c4243845a2a4c7d8c73db6f1db8fa548ad0932f324deea2002ea35cb7b410120cb86a0743bb2d6765fcd987593fcd84
diff --git a/dev-libs/ntl/ntl-11.5.1-r4.ebuild b/dev-libs/ntl/ntl-11.5.1-r4.ebuild
deleted file mode 100644
index c8e07339e445..000000000000
--- a/dev-libs/ntl/ntl-11.5.1-r4.ebuild
+++ /dev/null
@@ -1,91 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit toolchain-funcs gnuconfig
-
-DESCRIPTION="High-performance and portable C++ number theory library"
-HOMEPAGE="https://www.shoup.net/ntl/ https://github.com/libntl/ntl"
-SRC_URI="https://www.shoup.net/ntl/${P}.tar.gz"
-
-LICENSE="LGPL-2.1+"
-SLOT="0/44"
-KEYWORDS="amd64 ~arm64 ~loong ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos"
-IUSE="doc threads"
-
-BDEPEND="dev-lang/perl"
-DEPEND="dev-libs/gmp:0=
- dev-libs/gf2x
- threads? ( >=dev-libs/gf2x-1.2 )"
-RDEPEND="${DEPEND}"
-
-S="${WORKDIR}/${P}/src"
-
-DOCS=( "${WORKDIR}/${P}"/README )
-
-src_unpack() {
- default
- gnuconfig_update "${S}/libtool-origin/"
-}
-
-src_configure() {
- # The DoConfig script builds its own libtool, but doesn't
- # really try to set up the build environment (bug 718892).
- export CC="$(tc-getCC)"
- export CXX="$(tc-getCXX)"
-
- # Currently the build system can build a static library or both
- # static and shared libraries, but not only shared libraries. The
- # name NTL_GMP_LIP is *not* a typo.
- #
- # We have left NTL_ENABLE_AVX_FFT unconditionally disabled: NTL's
- # AVX2 detection can fail even when the CPU supports it (bug
- # 815775), and moreover, can fail due to CXXFLAGS. When that
- # happens, and if we try to use the AVX FFT, the build fails.
- # Finally, doc/config.txt says, "this is experimental at moment, and
- # may lead to worse performance." So we are probably not missing out
- # on much.
- #
- # The NATIVE=on option adds "-march=native" to CXXFLAGS and should
- # not be enabled on Gentoo, but is currently necessary for NTL's CPU
- # feature detection to work (bug 815775). See the upstream issue,
- #
- # https://github.com/libntl/ntl/issues/22
- #
- perl DoConfig \
- PREFIX="${EPREFIX}"/usr \
- LIBDIR="${EPREFIX}"/usr/$(get_libdir) \
- CXXFLAGS="${CXXFLAGS}" \
- CPPFLAGS="${CPPFLAGS}" \
- LDFLAGS="${LDFLAGS}" \
- CXX="$(tc-getCXX)" \
- AR="$(tc-getAR)" \
- RANLIB="$(tc-getRANLIB)" \
- SHARED=on \
- NTL_GMP_LIP=on \
- NTL_GF2X_LIB=on \
- NTL_THREADS=$(usex threads on off) \
- NTL_ENABLE_AVX_FFT=off \
- NATIVE=on \
- || die "DoConfig failed"
-
- if use doc; then
- DOCS+=( "${WORKDIR}/${P}"/doc/*.txt )
- HTML_DOCS=( "${WORKDIR}/${P}"/doc/*.html "${WORKDIR}/${P}"/doc/*.gif )
- fi
-
- # 780534 - Required for rlibtool so it can find the generated libtool
- ln -sf libtool-build/libtool . || die
-}
-
-src_install() {
- default
- find "${ED}" -name '*.la' -delete || die
-
- # Use rm -f because the static archive may not be created when
- # using (for example) slibtool-shared.
- rm -f "${ED}/usr/$(get_libdir)"/libntl.a || die
-
- rm -r "${ED}"/usr/share/doc/NTL || die
-}
diff --git a/dev-libs/openssl-compat/Manifest b/dev-libs/openssl-compat/Manifest
index 9fa269ef9e30..d87bb3e8362c 100644
--- a/dev-libs/openssl-compat/Manifest
+++ b/dev-libs/openssl-compat/Manifest
@@ -5,9 +5,12 @@ AUX openssl-1.1.1i-riscv32.patch 2557 BLAKE2B 97e51303706ee96d3fae46959b91d1021d
DIST openssl-1.0.2-patches-1.5.tar.xz 12404 BLAKE2B 6c1b8c28f339f539b2ab8643379502a24cf62bffde00041dce54d5dd9e8d2620b181362ee5464b0ab32ba4948e209697bfabadbea2944a409a1009100d298f24 SHA512 5725e2d9d1ee8cc074bcef3bed61c71bdab2ff1c114362110c3fb8da11ad5bc8f2ff28e90a293f5f3a5cf96ecda54dffdb7ab3fb3f8b23ef6472250dc3037659
DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1c838de945903fcf959c62cc29ddcd1a0cb360fc5db234df86860a6a4c096f5ecc237611e4c2946b986a5500c24ba93c208ef4 SHA512 a48a7efb9b973b865bcc5009d450b428ed6b4b95e4cefe70c51056e47392c8a7bec58215168d8b07712419dc74646c2bd2fd23bcfbba2031376e292249a6b1b6
DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32
+DIST openssl-1.1.1t.tar.gz 9881866 BLAKE2B 66d76ea0c05a4afc3104e22602cffc2373e857728625d31ab3244881cafa91c099a817a09def7746bce4133585bfc90b769f43527e77a81ed13e60a8c2fb4d8d SHA512 628676c9c3bc1cf46083d64f61943079f97f0eefd0264042e40a85dbbd988f271bfe01cd1135d22cc3f67a298f1d078041f8f2e97b0da0d93fe172da573da18c
+DIST openssl-1.1.1t.tar.gz.asc 833 BLAKE2B fc5e7069268e987a20241dfc4f080529c6e95e217c198568b09c833e390e68b25a604a5d3ec29c6a64b9dee9d42199fd3647214e536ba2f7b8b4e57aa4cba680 SHA512 1232a94fce991d62f008ae6d3d9b6fe68cb6378fe07450feb17a58eb2417fb385ffcb7e6b74eb683134be9ff6ccf6efa183f37f4dd521614fd5aeaddf000b90b
DIST openssl-1.1.1u.tar.gz 9892176 BLAKE2B 5de9cb856e497596ecba008bad6515eefd093849b9c66dd7447031723996f3ba66ac37a323a5f7d01b1d42df4daaceb523372f5897d5c53b935ffab91c566594 SHA512 d00aeb0b4c4676deff06ff95af7ac33dd683b92f972b4a8ae55cf384bb37c7ec30ab83c6c0745daf87cf1743a745fced6a347fd11fed4c548aa0953610ed4919
DIST openssl-1.1.1u.tar.gz.asc 833 BLAKE2B 7a978a94264a14be04372fea39868e9177e8a0b0f24344267702022e19ee0f52e91ad141d7c54da870f7ec0df9b2e43b80939f1d274dd0b44d36da2670e3a468 SHA512 40245d65ace95b2002bf64bcba184c92fec3420b08d9f61f3a709c4842e9478595105d8adce33a08eb98d351d2a0989ec342b08cdd9104498ea0543b6e592d28
DIST openssl-compat-1.0.2u-versioned-symbols.patch.gz 24633 BLAKE2B 6bfad4ad27dbca0bd85bfd9521ffc844c3e93e6a1cca7c814edd49affc60ece1c706dd3aa7be2ce80857532531eac6f0f03f43c0be22a769d00d9241686eff71 SHA512 3d85aa34f2491e0e36eedc45829709e0fb552f6d558c2726b59dafa98c3e679b88497f3f7399d7565d88e727591e7d9b12f5b1e27116ba19b9a661d7f75b07a9
EBUILD openssl-compat-1.0.2u-r2.ebuild 7794 BLAKE2B 292aa0999be2c173b86b9324a8e1e73fd536b38af5106d09d776931c8a170808ddf976536d7f88398260e1cda58945fe747255a8f3c2d4432ab4e8ca139e83a4 SHA512 271767ff717c9324a34c3ae1964a6a428f83e97d002be6df797cadc809768a198ab090cb313e5aa3bc9fd22d029f2cf17c3612f51e154e140a552bfdf9cb55f2
+EBUILD openssl-compat-1.1.1t.ebuild 6556 BLAKE2B 8fc47dd1300fcb5558c7dce745700d7306893d817c83177598bfc3d5e80467359688e42688c4f0b29393058c264a7641e3cfe3e2e439ba55dd410d93346e8b7b SHA512 7ebac003cf144379663c92ad98a8d9fc362a564d4b6b2983dc855ce759f694c23c870e062fe6083c701251245248d2ff9d26dada83d214a42cda3050c5222749
EBUILD openssl-compat-1.1.1u.ebuild 6556 BLAKE2B 8fc47dd1300fcb5558c7dce745700d7306893d817c83177598bfc3d5e80467359688e42688c4f0b29393058c264a7641e3cfe3e2e439ba55dd410d93346e8b7b SHA512 7ebac003cf144379663c92ad98a8d9fc362a564d4b6b2983dc855ce759f694c23c870e062fe6083c701251245248d2ff9d26dada83d214a42cda3050c5222749
MISC metadata.xml 1223 BLAKE2B db6fe704a4a09590821cd011556759cfd60543fd531fef3bd233378f396ac5e67c7d834eee4e544995c3af02dc9f222ac787e0b8a1c48a6cadd06541c81372fb SHA512 3cd0b3d8ba2c2c31d3240a080c0edf61a3b090adb4bb14c3b79c9cd1f0c0ac332a9c9457b218a09fb9192cc82004dba57cd4cac404fdd5ddfe4f0c7780b596cd
diff --git a/dev-libs/openssl-compat/openssl-compat-1.1.1t.ebuild b/dev-libs/openssl-compat/openssl-compat-1.1.1t.ebuild
new file mode 100644
index 000000000000..f1ff4defc6a7
--- /dev/null
+++ b/dev-libs/openssl-compat/openssl-compat-1.1.1t.ebuild
@@ -0,0 +1,221 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
+inherit edo flag-o-matic toolchain-funcs multilib-minimal verify-sig
+
+MY_P=openssl-${PV/_/-}
+DESCRIPTION="Full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+ verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
+S="${WORKDIR}/${MY_P}"
+
+LICENSE="openssl"
+SLOT="$(ver_cut 1-3)"
+if [[ ${PV} != *_pre* ]] ; then
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris"
+fi
+IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
+RESTRICT="!test? ( test )"
+
+RDEPEND="
+ !=dev-libs/openssl-1.1.1*:0
+ tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+"
+DEPEND="${RDEPEND}"
+BDEPEND="
+ >=dev-lang/perl-5
+ sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+ test? (
+ sys-apps/diffutils
+ sys-devel/bc
+ kernel_linux? ( sys-process/procps )
+ )
+ verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )"
+
+# Do not install any docs
+DOCS=()
+
+PATCHES=(
+ # General patches which are suitable to always apply
+ # If they're Gentoo specific, add to USE=-vanilla logic in src_prepare!
+ "${FILESDIR}"/${PN/-compat}-1.1.0j-parallel_install_fix.patch # bug #671602
+ "${FILESDIR}"/${PN/-compat}-1.1.1i-riscv32.patch
+)
+
+pkg_setup() {
+ [[ ${MERGE_TYPE} == binary ]] && return
+
+ # must check in pkg_setup; sysctl doesn't work with userpriv!
+ if use test && use sctp; then
+ # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+ # if sctp.auth_enable is not enabled.
+ local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+ if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
+ die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+ fi
+ fi
+}
+
+src_prepare() {
+ # Allow openssl to be cross-compiled
+ cp "${FILESDIR}"/gentoo.config-1.0.4 gentoo.config || die
+ chmod a+rx gentoo.config || die
+
+ # Keep this in sync with app-misc/c_rehash
+ SSL_CNF_DIR="/etc/ssl"
+
+ # Make sure we only ever touch Makefile.org and avoid patching a file
+ # that gets blown away anyways by the Configure script in src_configure
+ rm -f Makefile
+
+ if ! use vanilla ; then
+ PATCHES+=(
+ # Add patches which are Gentoo-specific customisations here
+ )
+ fi
+
+ default
+
+ if use test && use sctp && has network-sandbox ${FEATURES}; then
+ einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
+ rm test/recipes/80-test_ssl_new.t || die
+ fi
+
+ # Quiet out unknown driver argument warnings since openssl
+ # doesn't have well-split CFLAGS and we're making it even worse
+ # and 'make depend' uses -Werror for added fun (bug #417795 again)
+ tc-is-clang && append-flags -Qunused-arguments
+
+ # We really, really need to build OpenSSL w/ strict aliasing disabled.
+ # It's filled with violations and it *will* result in miscompiled
+ # code. This has been in the ebuild for > 10 years but even in 2022,
+ # it's still relevant:
+ # - https://github.com/llvm/llvm-project/issues/55255
+ # - https://github.com/openssl/openssl/issues/18225
+ # - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
+ # Don't remove the no strict aliasing bits below!
+ filter-flags -fstrict-aliasing
+ append-flags -fno-strict-aliasing
+
+ append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+ append-flags $(test-flags-CC -Wa,--noexecstack)
+
+ # Remove test target when FEATURES=test isn't set
+ if ! use test ; then
+ sed \
+ -e '/^$config{dirs}/s@ "test",@@' \
+ -i Configure || die
+ fi
+
+ if use prefix && [[ ${CHOST} == *-solaris* ]] ; then
+ # use GNU ld full option, not to confuse it on Solaris
+ sed -i \
+ -e 's/-Wl,-M,/-Wl,--version-script=/' \
+ -e 's/-Wl,-h,/-Wl,--soname=/' \
+ Configurations/10-main.conf || die
+
+ # fix building on Solaris 10
+ # https://github.com/openssl/openssl/issues/6333
+ sed -i \
+ -e 's/-lsocket -lnsl -ldl/-lsocket -lnsl -ldl -lrt/' \
+ Configurations/10-main.conf || die
+ fi
+
+ local sslout=$(./gentoo.config)
+ einfo "Using configuration: ${sslout:-(openssl knows best)}"
+ local config="perl Configure"
+ [[ -z ${sslout} ]] && config="sh config -v"
+
+ # The config script does stupid stuff to prompt the user. Kill it.
+ sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+ edo ${config} ${sslout} --test-sanity
+
+ multilib_copy_sources
+}
+
+multilib_src_configure() {
+ # bug #197996
+ unset APPS
+ # bug #312551
+ unset SCRIPTS
+ # bug #311473
+ unset CROSS_COMPILE
+
+ tc-export AR CC CXX RANLIB RC
+
+ use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+
+ local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+ # See if our toolchain supports __uint128_t. If so, it's 64bit
+ # friendly and can use the nicely optimized code paths, bug #460790.
+ #local ec_nistp_64_gcc_128
+ #
+ # Disable it for now though (bug #469976)
+ # Do NOT re-enable without substantial discussion first!
+ #
+ #echo "__uint128_t i;" > "${T}"/128.c
+ #if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+ # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+ #fi
+
+ local sslout=$(./gentoo.config)
+ einfo "Use configuration ${sslout:-(openssl knows best)}"
+ local config="perl Configure"
+ [[ -z ${sslout} ]] && config="sh config -v"
+
+ # "disable-deprecated" option breaks too many consumers.
+ # Don't set it without thorough revdeps testing.
+ # Make sure user flags don't get added *yet* to avoid duplicated
+ # flags.
+ local myeconfargs=(
+ ${sslout}
+
+ $(use cpu_flags_x86_sse2 || echo "no-sse2")
+ enable-camellia
+ enable-ec
+ enable-ec2m
+ enable-sm2
+ enable-srp
+ $(use elibc_musl && echo "no-async")
+ ${ec_nistp_64_gcc_128}
+ enable-idea
+ enable-mdc2
+ enable-rc5
+ $(use_ssl sslv3 ssl3)
+ $(use_ssl sslv3 ssl3-method)
+ $(use_ssl asm)
+ $(use_ssl rfc3779)
+ $(use_ssl sctp)
+ $(use test || echo "no-tests")
+ $(use_ssl tls-compression zlib)
+ $(use_ssl tls-heartbeat heartbeats)
+ $(use_ssl weak-ssl-ciphers)
+
+ --prefix="${EPREFIX}"/usr
+ --openssldir="${EPREFIX}"${SSL_CNF_DIR}
+ --libdir=$(get_libdir)
+
+ shared
+ threads
+ )
+
+ edo ${config} "${myeconfargs[@]}"
+}
+
+multilib_src_compile() {
+ emake all
+}
+
+multilib_src_test() {
+ emake -j1 test
+}
+
+multilib_src_install() {
+ dolib.so lib{crypto,ssl}.so.$(ver_cut 1-2 "${SLOT}")
+}
diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 963efe7f3a94..08813ed42f4e 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -2,17 +2,39 @@ AUX gentoo.config-1.0.2 5302 BLAKE2B b699533ed86c48c0d033092b4d901de837a6a495113
AUX gentoo.config-1.0.4 5735 BLAKE2B 3ae435b60aa2c29dde9190c71e6cedf2a2c17ff8e7ae23c2a0c54904a6e06aa498b620979761a4d0f4a6e7331b49f684a952061e59d1d0a3e5bc27a68bed5800 SHA512 351e61a387e8e3890d03d3574926e82555223f9734e2f8365ee24ed7e064c30a6fdb75ad851a149f636803bdafb72b420127eef9cd7a9c1248e17e5317aca378
AUX openssl-1.1.0j-parallel_install_fix.patch 515 BLAKE2B a1bcffce4dc9e0566e21e753cf1a18ee6eac92aca5880c50b33966d8ecb391f7430e1db6ea5a30ee4e3a9d77fb9e5542e864508b01c325011e368165e079a96c SHA512 0badd29ec8cffd95b2b69a4b8f8eecfc9ea0c00a812b298a650ee353e3965147fd2da1f9058d2d51744838f38168257b89aaf317287c55a7b76f16a69c781828
AUX openssl-1.1.1i-riscv32.patch 2557 BLAKE2B 97e51303706ee96d3fae46959b91d1021dcbb3efa421866f6e09bbee6287aae95c6f5d9498bd9d8974b0de747ef696242691cfebec90b31dc9e2cc31b41b81ec SHA512 f75ae1034bb9dda7f4959e8a5d6d0dae21200723d82aebfbea58bd1d7775ef4042e49fdf49d5738771d79d764e44a1b6e0da341d210ea51d21516bb3874b626a
+AUX openssl-1.1.1t-CVE-2023-0464.patch 8500 BLAKE2B 6956aa4545d63337154e654d584eed1acbcc90eeeee60120fc567a24f839d8046b5d69d5d5de380a783580bf7c10590f45954018f2e26bdc1cd4a79e45bc1662 SHA512 5842316bf9cd38fb496adc6681542afbf7c2f8899f3952b61f1502da61b0c74f7aac3f27851be9d027642f3d2fcd1dc69fc11f14dcdb9af43f0e0d16c7de6736
+AUX openssl-1.1.1t-CVE-2023-0465.patch 1735 BLAKE2B add7bf0bda8802259b2fc3bb2c815b7e3bb04226d5effd3c98e60aae0b0aa140c26a05467eb7384147032f67ad9ef347b42012d1dfe05d2404f2feed692c6dd2 SHA512 a63883bc773faceded24c47d3246ce2c8e9ad10426a953e575ec0a6f315e0e9b789d31de912ed5015e7e97bf205870fb16b6f4353807dd00c4d1396586a35935
+AUX openssl-1.1.1t-CVE-2023-0466.patch 1719 BLAKE2B 77294d1820a935e653f254600eb219a1da1409d2e4a161fcce1fd44ce0bc96ca61516a929ee6dd9016ea07374a412ce8d6e65f570941e325e0f7fa79759dd364 SHA512 d6fc7d5a5420b6de96e0fec34175259a7f34acae0d34347980972bdc999b8d57ddb1aac6b4063a7eb4aab759b5afaeb7fa010133df8e1b57efeb23df56ac6b67
+AUX openssl-3.0.8-CVE-2023-0464.patch 8888 BLAKE2B 4a4c71e3dc3264ee2da59c9848bd79f700d9923cfc4d0fe26b740625263a1f47d0ad1a6dc3ecc060e6e7f94a3ddb90e80deb16850471d166b335107c48c3a7d0 SHA512 dd22e945312604f45bb55f2e8cfe485f4c7a47d7c07d746117baa580d61d25679d410043ff4243b62390176159ef4e3f40f0e2d28191329d3ad11f3bceb67294
+AUX openssl-3.0.8-CVE-2023-0465.patch 1725 BLAKE2B a226cc9f74188da651b910e6bbb56f9bfe445ecb09cb094dcfb182874470c5562a00959dc38ccbed2f0d48fd672491b4b423ce7252e2bc5d334c8c8ba999f655 SHA512 f7cdebce1af1cd89e8d1cc17834cf998f2b1a7587807b06887036abd5a134c79f25adacc94b9f2c5e4cda634fbdbdc7f76256e4653f5ef278fa18ea7c5023f8d
+AUX openssl-3.0.8-CVE-2023-0466.patch 1839 BLAKE2B e9a573317c92abe5e084a1c301f87443f54d47a96967f66e2dba103f8ff88f3452b5926254bbc4fdfb249b0dac530d6382504f77c0e81fea13e30398a3f8561a SHA512 35d64774eb784753ca90e55c72978e01e1b21b13255a51f27d4c8b34865a9509d24e9712abc42ef597b496a44a8ec6c17cd92768ebd335e721f4da0f7b40a45d
+AUX openssl-3.0.8-CVE-2023-1255.patch 1285 BLAKE2B 1394f50a82f01cd26e59ae241b4db60f73742e6d901a66e266772d0295eb2b7f3d7f53cbd2052fe9e81cfc251613cbc2394182b4813a5ca92e79c340c7f2b582 SHA512 df79750e82db172a1b0f61b7324442eb4b097f636854853d3229e3e970fbbdd73ac4094220d0745ecf00bdbb7fda09d7c0effceebbbd424df44af693aeb856a7
+AUX openssl-3.0.8-mips-cflags.patch 1104 BLAKE2B 39b3698ce27758504aa64b3059fdb51876971f085850719c4ece9e068c975624c04a39652cc77446de1241aa1d816eb282cd969efd70dd5c5d682c84f6a9224a SHA512 ec0a860ee504281fbbc33dbe35f9f31b3c8943a144ccbddc75c36c89260793760b42efd6b7c27c51fbab059588fc784dbad39c5b5f77202bf13a263441766216
+AUX openssl-3.1.0-CVE-2023-0464.patch 8888 BLAKE2B ef5c66bc6c06fd6e9d69ceff9f204e5944a1e73760e42bfc8550b197b674b34d273fcc9efa8a5f1b21577e8acc849548595a845a7f569a9ebce8ae0223ebb56a SHA512 e6b8f7f855ef880fcedba6e93971b1f894981e81e830d600446d560c2d83a8f8b2595a30ec0f7f0fdf1fc787b817d1d44700aa72203027a157beafdc0ec6ef19
+AUX openssl-3.1.0-CVE-2023-0465.patch 1725 BLAKE2B 7fbf508304c257ca5fc58c6b80b567326895d5b86a25fcfbdc058c6d21d9244b3a55150436084b15184fac267c001520664c02bb7f7151b61acd8da47113df27 SHA512 5e1525dff539eb06f3772166cbb6f20162b2c7de12633616663beeb75f5e8e5d964b66364b82dbf993d0622b741dba1930f27ca44f9563c0d1ff5915e6be93ca
+AUX openssl-3.1.0-CVE-2023-0466.patch 1839 BLAKE2B 166c660e40f3a7e6f7a87d673e1c94ff93494a6bfa9c061ed8e1ffc8d396d83043803c9ee4f277ffacab9132c9a941c5d51b7079cd07264d20724e2f83e54ed2 SHA512 e7cfb530fcec4712f076cf70b44d20576cd9a56e7904499f6f8d7413bf2565ba591317ee843c1ee074ae0eae61c26178689677dc3b0261af1426986812f9016e
+AUX openssl-3.1.0-CVE-2023-1255.patch 1285 BLAKE2B ca2749def80e8349db45260a397249229816ae226e7138d64a720bf43f81ac16b3a240b3f5e55e1878a05f5cb0ca2ffbdaa76030ea969e8e51d8b682008d9084 SHA512 cebf0c073d477556bdcafdd545bf39e2f4db2250c10b6db94628b9f46a6bcce877e281132693c3451766ce784629ad2f3863e02d42375d1de9afb72015512548
DIST openssl-1.0.2-patches-1.5.tar.xz 12404 BLAKE2B 6c1b8c28f339f539b2ab8643379502a24cf62bffde00041dce54d5dd9e8d2620b181362ee5464b0ab32ba4948e209697bfabadbea2944a409a1009100d298f24 SHA512 5725e2d9d1ee8cc074bcef3bed61c71bdab2ff1c114362110c3fb8da11ad5bc8f2ff28e90a293f5f3a5cf96ecda54dffdb7ab3fb3f8b23ef6472250dc3037659
DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1c838de945903fcf959c62cc29ddcd1a0cb360fc5db234df86860a6a4c096f5ecc237611e4c2946b986a5500c24ba93c208ef4 SHA512 a48a7efb9b973b865bcc5009d450b428ed6b4b95e4cefe70c51056e47392c8a7bec58215168d8b07712419dc74646c2bd2fd23bcfbba2031376e292249a6b1b6
DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32
+DIST openssl-1.1.1t.tar.gz 9881866 BLAKE2B 66d76ea0c05a4afc3104e22602cffc2373e857728625d31ab3244881cafa91c099a817a09def7746bce4133585bfc90b769f43527e77a81ed13e60a8c2fb4d8d SHA512 628676c9c3bc1cf46083d64f61943079f97f0eefd0264042e40a85dbbd988f271bfe01cd1135d22cc3f67a298f1d078041f8f2e97b0da0d93fe172da573da18c
+DIST openssl-1.1.1t.tar.gz.asc 833 BLAKE2B fc5e7069268e987a20241dfc4f080529c6e95e217c198568b09c833e390e68b25a604a5d3ec29c6a64b9dee9d42199fd3647214e536ba2f7b8b4e57aa4cba680 SHA512 1232a94fce991d62f008ae6d3d9b6fe68cb6378fe07450feb17a58eb2417fb385ffcb7e6b74eb683134be9ff6ccf6efa183f37f4dd521614fd5aeaddf000b90b
DIST openssl-1.1.1u.tar.gz 9892176 BLAKE2B 5de9cb856e497596ecba008bad6515eefd093849b9c66dd7447031723996f3ba66ac37a323a5f7d01b1d42df4daaceb523372f5897d5c53b935ffab91c566594 SHA512 d00aeb0b4c4676deff06ff95af7ac33dd683b92f972b4a8ae55cf384bb37c7ec30ab83c6c0745daf87cf1743a745fced6a347fd11fed4c548aa0953610ed4919
DIST openssl-1.1.1u.tar.gz.asc 833 BLAKE2B 7a978a94264a14be04372fea39868e9177e8a0b0f24344267702022e19ee0f52e91ad141d7c54da870f7ec0df9b2e43b80939f1d274dd0b44d36da2670e3a468 SHA512 40245d65ace95b2002bf64bcba184c92fec3420b08d9f61f3a709c4842e9478595105d8adce33a08eb98d351d2a0989ec342b08cdd9104498ea0543b6e592d28
+DIST openssl-3.0.8.tar.gz 15151328 BLAKE2B e163cc9b8b458f72405a2f1bde3811c8d0eb22e8b08ff5608ec64799975f1546dcdce31466b8a1d5ed29bc90d19aa6017d711987c81b71f4b20e279828cf753a SHA512 8ce10be000d7d4092c8efc5b96b1d2f7da04c1c3a624d3a7923899c6b1de06f369016be957e36e8ab6d4c9102eaeec5d1973295d547f7893a7f11f132ae42b0d
+DIST openssl-3.0.8.tar.gz.asc 833 BLAKE2B 1949801150e254e9be648f33014a4a16f803b42ca5a302c3942d377013e983e0ea0cca8aed594e3f9ecde26c6e31d222581e991af5fae6cd451d7ee83541f4bb SHA512 e1c04f1179aded228b39005fd9e9f6f75aedafb938b77ac58c97a00973eb412d93b92ad1c447332a5d96850b62b01093502928e6c190bdd0234a94c4e815d2a6
DIST openssl-3.0.9.tar.gz 15181285 BLAKE2B cc1df41fa12ba4443e15e94f6ebdc5e103b9dab5eab2e1c8f74e6a74fa2c38207817921b65d7293cb241c190a910191c7163600bb75243adde0e2f9ec31cc885 SHA512 86c99146b37236419b110db77dd3ac3992e6bed78c258f0cc3434ca233460b4e17c0ac81d7058547fe9cb72a9fd80ee56d4b4916bb731dbe2bbcf1c3d46bf31a
DIST openssl-3.0.9.tar.gz.asc 833 BLAKE2B 9943ac65f83f48465cae83b37a1d004f6be4622e53c3025166d42954abe9215f1a6c2af58d4aa2b45fa51182fee5019e740969f694655b6c592bb278c68aacef SHA512 9949de6b57d5aa21da1d4b68a29eb37e302403c983bd7d2d8769b320aac4268a9f9091c5fb182862a4f89a9099660939fe609df87c66991b75f7695faf357caf
+DIST openssl-3.1.0.tar.gz 15525381 BLAKE2B 9212a7fb13f6dee7746721ee406af56ae1b48ec58974c002465d2b0205839eb5ee0483383aa9924fc3e4168ebd34e1a5819480cf10aa318994d7171e54c07108 SHA512 71cc75c7700f445c616e382b76263ad2e4072beec0232458baf3d9891b8b64a7ad0cac4b4d24b727b2b7dcd100c78606fd48eba98a67eccd5f336e3d626ca713
+DIST openssl-3.1.0.tar.gz.asc 488 BLAKE2B f4a844e3db2c2bdf42b6f811d16cc2077cacf713d20474d94e2d0180a6f97eadf4f03522e9fed478d263d680d88091dc2bc48e7ebb15d049bc57ee7ed64c7fbb SHA512 8d542e6471b745822d6cd889c5b168841b4366ee9a96edc2ab5b44fa1bd1b75308422aed312f1bd6e6a3c3e306eceaa95ce9bb4d0aa3e8ff86cb0fd92a7e61ea
DIST openssl-3.1.1.tar.gz 15544757 BLAKE2B 094f7e28f16de6528016fcd21df1d7382b0dbdcd80ec469d37add9c37f638c059dda3ffb4415eba890a33d146ddc9016bcc7192df101c73be5e70faf6e3b1097 SHA512 8ba9dd6ab87451e126c19cc106ccd1643ca48667d6c37504d0ab98205fbccf855fd0db54474b4113c4c3a15215a4ef77a039fb897a69f71bcab2054b2effd1d9
DIST openssl-3.1.1.tar.gz.asc 833 BLAKE2B 5a2a9aeb475b843862e133d53bc5bb3c8e12e8e03b1e2da41d0eaa0eade1ae03c4318ad1f5c490c5e1ed7e6ac6275a6d7c881d99993911722b043b15d1622b25 SHA512 83349020c67e5b956f3ef37604a03a1970ea393f862691f5fd5d85930c01e559e25db17d397d8fd230c3862a8b2fba2d5c7df883d56d7472f4c01dab3a661cb2
EBUILD openssl-1.0.2u-r1.ebuild 9993 BLAKE2B 2128588b25f90830c4b9120a0e5aa079b127c28aaa590a65900d735999ce777bd8a5f04de75ba476cf5062f3d862021654a2e41a800a0f06359aaa9947269d5b SHA512 e37897b8262f7365aa6484252cbd6b56567552ec90fb299518479cb91f9b88490324c426716cc2ae4facb8d479753d8dacce56a6676adb3afd66558ce693543a
+EBUILD openssl-1.1.1t-r1.ebuild 7919 BLAKE2B 2cdf1786b0ec0f7efcb74e8636e2ca37a0e26cebe5db07914791ce9e612dca1ea5cb6f4a53f2c26936b0aff1141c264d328211af412e28be1a8e896de4af6e21 SHA512 364e2eab610cf6f57591956c5d52618fc103e24a55e5d0d1e73c691fffe4a4dae5189045cc892a703efccb0e981124d41e0822347f41934cf7674cf56e12145f
+EBUILD openssl-1.1.1t-r3.ebuild 8240 BLAKE2B 39fca6bb87a1e9ec112518fa01a2ce871daa44ff6536708ef03906dde1eadd8f53d480c69f3a6bcacbf541affeb9af3cc6719e94479c93d50c8fb2dcb565c40f SHA512 f793d361cb98ea89706ec4bd0442e30671f623efb815a846557f7ba514d25bede9ed8f7a7b62c5400ea2a8674de3659bbe276dd1138748116d9d651dd755308b
EBUILD openssl-1.1.1u.ebuild 8043 BLAKE2B 6c19ba4e37ff0942992c2fd639840301900ff3c68dfb8f3c0ce295e58aa1717c4ed68f620e7fb29ec4fdc8f05c3ae8ff36bdb4e41ad55a19d8ca1de018e7401f SHA512 db2d39ab22c9a2e35497b74cde43c656c78e3e8015eaff5598b2a56100d8ba236a05d98945253ebcdd90b56a93fd2895d96f205bfc66f3b7c89a6b26f4b16a28
+EBUILD openssl-3.0.8-r4.ebuild 8359 BLAKE2B bf0308b0c9a37d8cba6437cad2de049cb48482e856fc810a8cd195324561c883f31bdd3978c85e79cd08ff8dadc101946ecd020365fe4bdaa27e7131d2b91857 SHA512 92caeadf8e63479ca5a6789ac3bfdfd34359855e958644d341f4ec32ee027cd3000c938bf81d706a3ec00386e138ec2c88d1e8a98c6df3e47c2b4f0656c5ba15
EBUILD openssl-3.0.9.ebuild 8103 BLAKE2B 033ec46a6826fc50f581b50b08b7e6b655a50680caaf4fc8e0c3f18c1a2dd3fa8852d908e26e40c43e7b63b4e099a19ff74375257b8e13cb9e74e418dea526cd SHA512 1bc180f1ce3991b5b4eca175aa62592ff5eb6808933885f263e4343fd4b1b6edce3a0edfe3dc343a46ab04464a9a98299d02e4b9f7e66810d64add280e0b1656
+EBUILD openssl-3.1.0-r3.ebuild 8393 BLAKE2B 5a0b57a5272298a9d81c2f01a39e7a8cb429d4795bdc8b348c6112677085c15c14f3c7b52d55f0282b464dc60cff401d510dfad0178527eefe3fa8419ea54d46 SHA512 09d8a0db1d941bf1d20d0cf89509b1d827155089bbd4ca4d8bcf03a597c6959ecbe7a3c554bb33503588b323b28a199be908e231966241c565278a190df10f39
EBUILD openssl-3.1.1.ebuild 8137 BLAKE2B f903d9c357211ab49424fee06f1f5cf6e44d4b52e301af7fb8d369f4e4508fe64256d4200e48bbc16a59b4dfc23ce233e673e362745693cade8f5876bbe058aa SHA512 48e85eccc77acbff6ec91181f21881e3abbc85ac845fa5d18cb7cd1fa6b85aa4d9dcce17096804aec325e768d9247c86364c297a5e6510ce76b9319342970273
MISC metadata.xml 1664 BLAKE2B cf9d4613e5387e7ec0787b1a6c137baa71effb8458fa63b5dea0be4d5cf7c8607257262dbf89dcc0c3db7b17b10232d32902b7569827bd4f2717b3ef7dffaaa9 SHA512 01deef1de981201c14101630d2a4ae270abcac9a4b27b068359d76f63aeb6075aceb33db60175c105294cb7045aae389168f4cf1edf0f6e3656ccc2fe92e9c92
diff --git a/dev-libs/openssl/files/openssl-1.1.1t-CVE-2023-0464.patch b/dev-libs/openssl/files/openssl-1.1.1t-CVE-2023-0464.patch
new file mode 100644
index 000000000000..950e6572cd28
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.1.1t-CVE-2023-0464.patch
@@ -0,0 +1,215 @@
+commit 879f7080d7e141f415c79eaa3a8ac4a3dad0348b
+Author: Pauli <pauli@openssl.org>
+Date: Wed Mar 8 15:28:20 2023 +1100
+
+ x509: excessive resource use verifying policy constraints
+
+ A security vulnerability has been identified in all supported versions
+ of OpenSSL related to the verification of X.509 certificate chains
+ that include policy constraints. Attackers may be able to exploit this
+ vulnerability by creating a malicious certificate chain that triggers
+ exponential use of computational resources, leading to a denial-of-service
+ (DoS) attack on affected systems.
+
+ Fixes CVE-2023-0464
+
+ Reviewed-by: Tomas Mraz <tomas@openssl.org>
+ Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
+ (Merged from https://github.com/openssl/openssl/pull/20569)
+
+diff --git a/crypto/x509v3/pcy_local.h b/crypto/x509v3/pcy_local.h
+index 5daf78de45..344aa06765 100644
+--- a/crypto/x509v3/pcy_local.h
++++ b/crypto/x509v3/pcy_local.h
+@@ -111,6 +111,11 @@ struct X509_POLICY_LEVEL_st {
+ };
+
+ struct X509_POLICY_TREE_st {
++ /* The number of nodes in the tree */
++ size_t node_count;
++ /* The maximum number of nodes in the tree */
++ size_t node_maximum;
++
+ /* This is the tree 'level' data */
+ X509_POLICY_LEVEL *levels;
+ int nlevel;
+@@ -159,7 +164,8 @@ X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk,
+ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
+ X509_POLICY_DATA *data,
+ X509_POLICY_NODE *parent,
+- X509_POLICY_TREE *tree);
++ X509_POLICY_TREE *tree,
++ int extra_data);
+ void policy_node_free(X509_POLICY_NODE *node);
+ int policy_node_match(const X509_POLICY_LEVEL *lvl,
+ const X509_POLICY_NODE *node, const ASN1_OBJECT *oid);
+diff --git a/crypto/x509v3/pcy_node.c b/crypto/x509v3/pcy_node.c
+index e2d7b15322..d574fb9d66 100644
+--- a/crypto/x509v3/pcy_node.c
++++ b/crypto/x509v3/pcy_node.c
+@@ -59,10 +59,15 @@ X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level,
+ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
+ X509_POLICY_DATA *data,
+ X509_POLICY_NODE *parent,
+- X509_POLICY_TREE *tree)
++ X509_POLICY_TREE *tree,
++ int extra_data)
+ {
+ X509_POLICY_NODE *node;
+
++ /* Verify that the tree isn't too large. This mitigates CVE-2023-0464 */
++ if (tree->node_maximum > 0 && tree->node_count >= tree->node_maximum)
++ return NULL;
++
+ node = OPENSSL_zalloc(sizeof(*node));
+ if (node == NULL) {
+ X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE);
+@@ -70,7 +75,7 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
+ }
+ node->data = data;
+ node->parent = parent;
+- if (level) {
++ if (level != NULL) {
+ if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) {
+ if (level->anyPolicy)
+ goto node_error;
+@@ -90,7 +95,7 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
+ }
+ }
+
+- if (tree) {
++ if (extra_data) {
+ if (tree->extra_data == NULL)
+ tree->extra_data = sk_X509_POLICY_DATA_new_null();
+ if (tree->extra_data == NULL){
+@@ -103,6 +108,7 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
+ }
+ }
+
++ tree->node_count++;
+ if (parent)
+ parent->nchild++;
+
+diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c
+index 6e8322cbc5..6c7fd35405 100644
+--- a/crypto/x509v3/pcy_tree.c
++++ b/crypto/x509v3/pcy_tree.c
+@@ -13,6 +13,18 @@
+
+ #include "pcy_local.h"
+
++/*
++ * If the maximum number of nodes in the policy tree isn't defined, set it to
++ * a generous default of 1000 nodes.
++ *
++ * Defining this to be zero means unlimited policy tree growth which opens the
++ * door on CVE-2023-0464.
++ */
++
++#ifndef OPENSSL_POLICY_TREE_NODES_MAX
++# define OPENSSL_POLICY_TREE_NODES_MAX 1000
++#endif
++
+ /*
+ * Enable this to print out the complete policy tree at various point during
+ * evaluation.
+@@ -168,6 +180,9 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
+ return X509_PCY_TREE_INTERNAL;
+ }
+
++ /* Limit the growth of the tree to mitigate CVE-2023-0464 */
++ tree->node_maximum = OPENSSL_POLICY_TREE_NODES_MAX;
++
+ /*
+ * http://tools.ietf.org/html/rfc5280#section-6.1.2, figure 3.
+ *
+@@ -184,7 +199,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
+ level = tree->levels;
+ if ((data = policy_data_new(NULL, OBJ_nid2obj(NID_any_policy), 0)) == NULL)
+ goto bad_tree;
+- if (level_add_node(level, data, NULL, tree) == NULL) {
++ if (level_add_node(level, data, NULL, tree, 1) == NULL) {
+ policy_data_free(data);
+ goto bad_tree;
+ }
+@@ -243,7 +258,8 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
+ * Return value: 1 on success, 0 otherwise
+ */
+ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
+- X509_POLICY_DATA *data)
++ X509_POLICY_DATA *data,
++ X509_POLICY_TREE *tree)
+ {
+ X509_POLICY_LEVEL *last = curr - 1;
+ int i, matched = 0;
+@@ -253,13 +269,13 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
+ X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(last->nodes, i);
+
+ if (policy_node_match(last, node, data->valid_policy)) {
+- if (level_add_node(curr, data, node, NULL) == NULL)
++ if (level_add_node(curr, data, node, tree, 0) == NULL)
+ return 0;
+ matched = 1;
+ }
+ }
+ if (!matched && last->anyPolicy) {
+- if (level_add_node(curr, data, last->anyPolicy, NULL) == NULL)
++ if (level_add_node(curr, data, last->anyPolicy, tree, 0) == NULL)
+ return 0;
+ }
+ return 1;
+@@ -272,7 +288,8 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
+ * Return value: 1 on success, 0 otherwise.
+ */
+ static int tree_link_nodes(X509_POLICY_LEVEL *curr,
+- const X509_POLICY_CACHE *cache)
++ const X509_POLICY_CACHE *cache,
++ X509_POLICY_TREE *tree)
+ {
+ int i;
+
+@@ -280,7 +297,7 @@ static int tree_link_nodes(X509_POLICY_LEVEL *curr,
+ X509_POLICY_DATA *data = sk_X509_POLICY_DATA_value(cache->data, i);
+
+ /* Look for matching nodes in previous level */
+- if (!tree_link_matching_nodes(curr, data))
++ if (!tree_link_matching_nodes(curr, data, tree))
+ return 0;
+ }
+ return 1;
+@@ -311,7 +328,7 @@ static int tree_add_unmatched(X509_POLICY_LEVEL *curr,
+ /* Curr may not have anyPolicy */
+ data->qualifier_set = cache->anyPolicy->qualifier_set;
+ data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
+- if (level_add_node(curr, data, node, tree) == NULL) {
++ if (level_add_node(curr, data, node, tree, 1) == NULL) {
+ policy_data_free(data);
+ return 0;
+ }
+@@ -373,7 +390,7 @@ static int tree_link_any(X509_POLICY_LEVEL *curr,
+ }
+ /* Finally add link to anyPolicy */
+ if (last->anyPolicy &&
+- level_add_node(curr, cache->anyPolicy, last->anyPolicy, NULL) == NULL)
++ level_add_node(curr, cache->anyPolicy, last->anyPolicy, tree, 0) == NULL)
+ return 0;
+ return 1;
+ }
+@@ -555,7 +572,7 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree,
+ extra->qualifier_set = anyPolicy->data->qualifier_set;
+ extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS
+ | POLICY_DATA_FLAG_EXTRA_NODE;
+- node = level_add_node(NULL, extra, anyPolicy->parent, tree);
++ node = level_add_node(NULL, extra, anyPolicy->parent, tree, 1);
+ }
+ if (!tree->user_policies) {
+ tree->user_policies = sk_X509_POLICY_NODE_new_null();
+@@ -582,7 +599,7 @@ static int tree_evaluate(X509_POLICY_TREE *tree)
+
+ for (i = 1; i < tree->nlevel; i++, curr++) {
+ cache = policy_cache_set(curr->cert);
+- if (!tree_link_nodes(curr, cache))
++ if (!tree_link_nodes(curr, cache, tree))
+ return X509_PCY_TREE_INTERNAL;
+
+ if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY)
diff --git a/dev-libs/openssl/files/openssl-1.1.1t-CVE-2023-0465.patch b/dev-libs/openssl/files/openssl-1.1.1t-CVE-2023-0465.patch
new file mode 100644
index 000000000000..c332e0bd2c9f
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.1.1t-CVE-2023-0465.patch
@@ -0,0 +1,48 @@
+commit b013765abfa80036dc779dd0e50602c57bb3bf95
+Author: Matt Caswell <matt@openssl.org>
+Date: Tue Mar 7 16:52:55 2023 +0000
+
+ Ensure that EXFLAG_INVALID_POLICY is checked even in leaf certs
+
+ Even though we check the leaf cert to confirm it is valid, we
+ later ignored the invalid flag and did not notice that the leaf
+ cert was bad.
+
+ Fixes: CVE-2023-0465
+
+ Reviewed-by: Hugo Landau <hlandau@openssl.org>
+ Reviewed-by: Tomas Mraz <tomas@openssl.org>
+ (Merged from https://github.com/openssl/openssl/pull/20588)
+
+diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
+index 925fbb5412..1dfe4f9f31 100644
+--- a/crypto/x509/x509_vfy.c
++++ b/crypto/x509/x509_vfy.c
+@@ -1649,18 +1649,25 @@ static int check_policy(X509_STORE_CTX *ctx)
+ }
+ /* Invalid or inconsistent extensions */
+ if (ret == X509_PCY_TREE_INVALID) {
+- int i;
++ int i, cbcalled = 0;
+
+ /* Locate certificates with bad extensions and notify callback. */
+- for (i = 1; i < sk_X509_num(ctx->chain); i++) {
++ for (i = 0; i < sk_X509_num(ctx->chain); i++) {
+ X509 *x = sk_X509_value(ctx->chain, i);
+
+ if (!(x->ex_flags & EXFLAG_INVALID_POLICY))
+ continue;
++ cbcalled = 1;
+ if (!verify_cb_cert(ctx, x, i,
+ X509_V_ERR_INVALID_POLICY_EXTENSION))
+ return 0;
+ }
++ if (!cbcalled) {
++ /* Should not be able to get here */
++ X509err(X509_F_CHECK_POLICY, ERR_R_INTERNAL_ERROR);
++ return 0;
++ }
++ /* The callback ignored the error so we return success */
+ return 1;
+ }
+ if (ret == X509_PCY_TREE_FAILURE) {
diff --git a/dev-libs/openssl/files/openssl-1.1.1t-CVE-2023-0466.patch b/dev-libs/openssl/files/openssl-1.1.1t-CVE-2023-0466.patch
new file mode 100644
index 000000000000..9a59d2846a48
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.1.1t-CVE-2023-0466.patch
@@ -0,0 +1,41 @@
+commit 0d16b7e99aafc0b4a6d729eec65a411a7e025f0a
+Author: Tomas Mraz <tomas@openssl.org>
+Date: Tue Mar 21 16:15:47 2023 +0100
+
+ Fix documentation of X509_VERIFY_PARAM_add0_policy()
+
+ The function was incorrectly documented as enabling policy checking.
+
+ Fixes: CVE-2023-0466
+
+ Reviewed-by: Matt Caswell <matt@openssl.org>
+ Reviewed-by: Paul Dale <pauli@openssl.org>
+ (Merged from https://github.com/openssl/openssl/pull/20564)
+
+diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod
+index f6f304bf7b..aa292f9336 100644
+--- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod
++++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod
+@@ -92,8 +92,9 @@ B<trust>.
+ X509_VERIFY_PARAM_set_time() sets the verification time in B<param> to
+ B<t>. Normally the current time is used.
+
+-X509_VERIFY_PARAM_add0_policy() enables policy checking (it is disabled
+-by default) and adds B<policy> to the acceptable policy set.
++X509_VERIFY_PARAM_add0_policy() adds B<policy> to the acceptable policy set.
++Contrary to preexisting documentation of this function it does not enable
++policy checking.
+
+ X509_VERIFY_PARAM_set1_policies() enables policy checking (it is disabled
+ by default) and sets the acceptable policy set to B<policies>. Any existing
+@@ -377,6 +378,10 @@ and has no effect.
+
+ The X509_VERIFY_PARAM_get_hostflags() function was added in OpenSSL 1.1.0i.
+
++The function X509_VERIFY_PARAM_add0_policy() was historically documented as
++enabling policy checking however the implementation has never done this.
++The documentation was changed to align with the implementation.
++
+ =head1 COPYRIGHT
+
+ Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/dev-libs/openssl/files/openssl-3.0.8-CVE-2023-0464.patch b/dev-libs/openssl/files/openssl-3.0.8-CVE-2023-0464.patch
new file mode 100644
index 000000000000..3cf1d3b38ec9
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-3.0.8-CVE-2023-0464.patch
@@ -0,0 +1,214 @@
+commit 959c59c7a0164117e7f8366466a32bb1f8d77ff1
+Author: Pauli <pauli@openssl.org>
+Date: Wed Mar 8 15:28:20 2023 +1100
+
+ x509: excessive resource use verifying policy constraints
+
+ A security vulnerability has been identified in all supported versions
+ of OpenSSL related to the verification of X.509 certificate chains
+ that include policy constraints. Attackers may be able to exploit this
+ vulnerability by creating a malicious certificate chain that triggers
+ exponential use of computational resources, leading to a denial-of-service
+ (DoS) attack on affected systems.
+
+ Fixes CVE-2023-0464
+
+ Reviewed-by: Tomas Mraz <tomas@openssl.org>
+ Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
+ (Merged from https://github.com/openssl/openssl/pull/20568)
+
+diff --git a/crypto/x509/pcy_local.h b/crypto/x509/pcy_local.h
+index 18b53cc09e..cba107ca03 100644
+--- a/crypto/x509/pcy_local.h
++++ b/crypto/x509/pcy_local.h
+@@ -111,6 +111,11 @@ struct X509_POLICY_LEVEL_st {
+ };
+
+ struct X509_POLICY_TREE_st {
++ /* The number of nodes in the tree */
++ size_t node_count;
++ /* The maximum number of nodes in the tree */
++ size_t node_maximum;
++
+ /* This is the tree 'level' data */
+ X509_POLICY_LEVEL *levels;
+ int nlevel;
+@@ -157,7 +162,8 @@ X509_POLICY_NODE *ossl_policy_tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk,
+ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
+ X509_POLICY_DATA *data,
+ X509_POLICY_NODE *parent,
+- X509_POLICY_TREE *tree);
++ X509_POLICY_TREE *tree,
++ int extra_data);
+ void ossl_policy_node_free(X509_POLICY_NODE *node);
+ int ossl_policy_node_match(const X509_POLICY_LEVEL *lvl,
+ const X509_POLICY_NODE *node, const ASN1_OBJECT *oid);
+diff --git a/crypto/x509/pcy_node.c b/crypto/x509/pcy_node.c
+index 9d9a7ea179..450f95a655 100644
+--- a/crypto/x509/pcy_node.c
++++ b/crypto/x509/pcy_node.c
+@@ -59,10 +59,15 @@ X509_POLICY_NODE *ossl_policy_level_find_node(const X509_POLICY_LEVEL *level,
+ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
+ X509_POLICY_DATA *data,
+ X509_POLICY_NODE *parent,
+- X509_POLICY_TREE *tree)
++ X509_POLICY_TREE *tree,
++ int extra_data)
+ {
+ X509_POLICY_NODE *node;
+
++ /* Verify that the tree isn't too large. This mitigates CVE-2023-0464 */
++ if (tree->node_maximum > 0 && tree->node_count >= tree->node_maximum)
++ return NULL;
++
+ node = OPENSSL_zalloc(sizeof(*node));
+ if (node == NULL) {
+ ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
+@@ -70,7 +75,7 @@ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
+ }
+ node->data = data;
+ node->parent = parent;
+- if (level) {
++ if (level != NULL) {
+ if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) {
+ if (level->anyPolicy)
+ goto node_error;
+@@ -90,7 +95,7 @@ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
+ }
+ }
+
+- if (tree) {
++ if (extra_data) {
+ if (tree->extra_data == NULL)
+ tree->extra_data = sk_X509_POLICY_DATA_new_null();
+ if (tree->extra_data == NULL){
+@@ -103,6 +108,7 @@ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
+ }
+ }
+
++ tree->node_count++;
+ if (parent)
+ parent->nchild++;
+
+diff --git a/crypto/x509/pcy_tree.c b/crypto/x509/pcy_tree.c
+index fa45da5117..f953a05a41 100644
+--- a/crypto/x509/pcy_tree.c
++++ b/crypto/x509/pcy_tree.c
+@@ -14,6 +14,17 @@
+
+ #include "pcy_local.h"
+
++/*
++ * If the maximum number of nodes in the policy tree isn't defined, set it to
++ * a generous default of 1000 nodes.
++ *
++ * Defining this to be zero means unlimited policy tree growth which opens the
++ * door on CVE-2023-0464.
++ */
++#ifndef OPENSSL_POLICY_TREE_NODES_MAX
++# define OPENSSL_POLICY_TREE_NODES_MAX 1000
++#endif
++
+ static void expected_print(BIO *channel,
+ X509_POLICY_LEVEL *lev, X509_POLICY_NODE *node,
+ int indent)
+@@ -163,6 +174,9 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
+ return X509_PCY_TREE_INTERNAL;
+ }
+
++ /* Limit the growth of the tree to mitigate CVE-2023-0464 */
++ tree->node_maximum = OPENSSL_POLICY_TREE_NODES_MAX;
++
+ /*
+ * http://tools.ietf.org/html/rfc5280#section-6.1.2, figure 3.
+ *
+@@ -180,7 +194,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
+ if ((data = ossl_policy_data_new(NULL,
+ OBJ_nid2obj(NID_any_policy), 0)) == NULL)
+ goto bad_tree;
+- if (ossl_policy_level_add_node(level, data, NULL, tree) == NULL) {
++ if (ossl_policy_level_add_node(level, data, NULL, tree, 1) == NULL) {
+ ossl_policy_data_free(data);
+ goto bad_tree;
+ }
+@@ -239,7 +253,8 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
+ * Return value: 1 on success, 0 otherwise
+ */
+ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
+- X509_POLICY_DATA *data)
++ X509_POLICY_DATA *data,
++ X509_POLICY_TREE *tree)
+ {
+ X509_POLICY_LEVEL *last = curr - 1;
+ int i, matched = 0;
+@@ -249,13 +264,13 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
+ X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(last->nodes, i);
+
+ if (ossl_policy_node_match(last, node, data->valid_policy)) {
+- if (ossl_policy_level_add_node(curr, data, node, NULL) == NULL)
++ if (ossl_policy_level_add_node(curr, data, node, tree, 0) == NULL)
+ return 0;
+ matched = 1;
+ }
+ }
+ if (!matched && last->anyPolicy) {
+- if (ossl_policy_level_add_node(curr, data, last->anyPolicy, NULL) == NULL)
++ if (ossl_policy_level_add_node(curr, data, last->anyPolicy, tree, 0) == NULL)
+ return 0;
+ }
+ return 1;
+@@ -268,7 +283,8 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
+ * Return value: 1 on success, 0 otherwise.
+ */
+ static int tree_link_nodes(X509_POLICY_LEVEL *curr,
+- const X509_POLICY_CACHE *cache)
++ const X509_POLICY_CACHE *cache,
++ X509_POLICY_TREE *tree)
+ {
+ int i;
+
+@@ -276,7 +292,7 @@ static int tree_link_nodes(X509_POLICY_LEVEL *curr,
+ X509_POLICY_DATA *data = sk_X509_POLICY_DATA_value(cache->data, i);
+
+ /* Look for matching nodes in previous level */
+- if (!tree_link_matching_nodes(curr, data))
++ if (!tree_link_matching_nodes(curr, data, tree))
+ return 0;
+ }
+ return 1;
+@@ -307,7 +323,7 @@ static int tree_add_unmatched(X509_POLICY_LEVEL *curr,
+ /* Curr may not have anyPolicy */
+ data->qualifier_set = cache->anyPolicy->qualifier_set;
+ data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
+- if (ossl_policy_level_add_node(curr, data, node, tree) == NULL) {
++ if (ossl_policy_level_add_node(curr, data, node, tree, 1) == NULL) {
+ ossl_policy_data_free(data);
+ return 0;
+ }
+@@ -370,7 +386,7 @@ static int tree_link_any(X509_POLICY_LEVEL *curr,
+ /* Finally add link to anyPolicy */
+ if (last->anyPolicy &&
+ ossl_policy_level_add_node(curr, cache->anyPolicy,
+- last->anyPolicy, NULL) == NULL)
++ last->anyPolicy, tree, 0) == NULL)
+ return 0;
+ return 1;
+ }
+@@ -553,7 +569,7 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree,
+ extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS
+ | POLICY_DATA_FLAG_EXTRA_NODE;
+ node = ossl_policy_level_add_node(NULL, extra, anyPolicy->parent,
+- tree);
++ tree, 1);
+ }
+ if (!tree->user_policies) {
+ tree->user_policies = sk_X509_POLICY_NODE_new_null();
+@@ -580,7 +596,7 @@ static int tree_evaluate(X509_POLICY_TREE *tree)
+
+ for (i = 1; i < tree->nlevel; i++, curr++) {
+ cache = ossl_policy_cache_set(curr->cert);
+- if (!tree_link_nodes(curr, cache))
++ if (!tree_link_nodes(curr, cache, tree))
+ return X509_PCY_TREE_INTERNAL;
+
+ if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY)
diff --git a/dev-libs/openssl/files/openssl-3.0.8-CVE-2023-0465.patch b/dev-libs/openssl/files/openssl-3.0.8-CVE-2023-0465.patch
new file mode 100644
index 000000000000..852706d8aa92
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-3.0.8-CVE-2023-0465.patch
@@ -0,0 +1,46 @@
+commit 1dd43e0709fece299b15208f36cc7c76209ba0bb
+Author: Matt Caswell <matt@openssl.org>
+Date: Tue Mar 7 16:52:55 2023 +0000
+
+ Ensure that EXFLAG_INVALID_POLICY is checked even in leaf certs
+
+ Even though we check the leaf cert to confirm it is valid, we
+ later ignored the invalid flag and did not notice that the leaf
+ cert was bad.
+
+ Fixes: CVE-2023-0465
+
+ Reviewed-by: Hugo Landau <hlandau@openssl.org>
+ Reviewed-by: Tomas Mraz <tomas@openssl.org>
+ (Merged from https://github.com/openssl/openssl/pull/20587)
+
+diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
+index 9384f1da9b..a0282c3ef1 100644
+--- a/crypto/x509/x509_vfy.c
++++ b/crypto/x509/x509_vfy.c
+@@ -1654,15 +1654,23 @@ static int check_policy(X509_STORE_CTX *ctx)
+ goto memerr;
+ /* Invalid or inconsistent extensions */
+ if (ret == X509_PCY_TREE_INVALID) {
+- int i;
++ int i, cbcalled = 0;
+
+ /* Locate certificates with bad extensions and notify callback. */
+- for (i = 1; i < sk_X509_num(ctx->chain); i++) {
++ for (i = 0; i < sk_X509_num(ctx->chain); i++) {
+ X509 *x = sk_X509_value(ctx->chain, i);
+
++ if ((x->ex_flags & EXFLAG_INVALID_POLICY) != 0)
++ cbcalled = 1;
+ CB_FAIL_IF((x->ex_flags & EXFLAG_INVALID_POLICY) != 0,
+ ctx, x, i, X509_V_ERR_INVALID_POLICY_EXTENSION);
+ }
++ if (!cbcalled) {
++ /* Should not be able to get here */
++ ERR_raise(ERR_LIB_X509, ERR_R_INTERNAL_ERROR);
++ return 0;
++ }
++ /* The callback ignored the error so we return success */
+ return 1;
+ }
+ if (ret == X509_PCY_TREE_FAILURE) {
diff --git a/dev-libs/openssl/files/openssl-3.0.8-CVE-2023-0466.patch b/dev-libs/openssl/files/openssl-3.0.8-CVE-2023-0466.patch
new file mode 100644
index 000000000000..c71665d82e18
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-3.0.8-CVE-2023-0466.patch
@@ -0,0 +1,41 @@
+commit 51e8a84ce742db0f6c70510d0159dad8f7825908
+Author: Tomas Mraz <tomas@openssl.org>
+Date: Tue Mar 21 16:15:47 2023 +0100
+
+ Fix documentation of X509_VERIFY_PARAM_add0_policy()
+
+ The function was incorrectly documented as enabling policy checking.
+
+ Fixes: CVE-2023-0466
+
+ Reviewed-by: Matt Caswell <matt@openssl.org>
+ Reviewed-by: Paul Dale <pauli@openssl.org>
+ (Merged from https://github.com/openssl/openssl/pull/20563)
+
+diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod
+index 75a1677022..43c1900bca 100644
+--- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod
++++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod
+@@ -98,8 +98,9 @@ B<trust>.
+ X509_VERIFY_PARAM_set_time() sets the verification time in B<param> to
+ B<t>. Normally the current time is used.
+
+-X509_VERIFY_PARAM_add0_policy() enables policy checking (it is disabled
+-by default) and adds B<policy> to the acceptable policy set.
++X509_VERIFY_PARAM_add0_policy() adds B<policy> to the acceptable policy set.
++Contrary to preexisting documentation of this function it does not enable
++policy checking.
+
+ X509_VERIFY_PARAM_set1_policies() enables policy checking (it is disabled
+ by default) and sets the acceptable policy set to B<policies>. Any existing
+@@ -400,6 +401,10 @@ The X509_VERIFY_PARAM_get_hostflags() function was added in OpenSSL 1.1.0i.
+ The X509_VERIFY_PARAM_get0_host(), X509_VERIFY_PARAM_get0_email(),
+ and X509_VERIFY_PARAM_get1_ip_asc() functions were added in OpenSSL 3.0.
+
++The function X509_VERIFY_PARAM_add0_policy() was historically documented as
++enabling policy checking however the implementation has never done this.
++The documentation was changed to align with the implementation.
++
+ =head1 COPYRIGHT
+
+ Copyright 2009-2023 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/dev-libs/openssl/files/openssl-3.0.8-CVE-2023-1255.patch b/dev-libs/openssl/files/openssl-3.0.8-CVE-2023-1255.patch
new file mode 100644
index 000000000000..9b1a657d51be
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-3.0.8-CVE-2023-1255.patch
@@ -0,0 +1,40 @@
+commit 02ac9c9420275868472f33b01def01218742b8bb
+Author: Tomas Mraz <tomas@openssl.org>
+Date: Mon Apr 17 16:51:20 2023 +0200
+
+ aesv8-armx.pl: Avoid buffer overrread in AES-XTS decryption
+
+ Original author: Nevine Ebeid (Amazon)
+ Fixes: CVE-2023-1255
+
+ The buffer overread happens on decrypts of 4 mod 5 sizes.
+ Unless the memory just after the buffer is unmapped this is harmless.
+
+ Reviewed-by: Paul Dale <pauli@openssl.org>
+ Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
+ (Merged from https://github.com/openssl/openssl/pull/20759)
+
+ (cherry picked from commit 72dfe46550ee1f1bbfacd49f071419365bc23304)
+
+diff --git a/crypto/aes/asm/aesv8-armx.pl b/crypto/aes/asm/aesv8-armx.pl
+index 6a7bf05d1b..bd583e2c89 100755
+--- a/crypto/aes/asm/aesv8-armx.pl
++++ b/crypto/aes/asm/aesv8-armx.pl
+@@ -3353,7 +3353,7 @@ $code.=<<___ if ($flavour =~ /64/);
+ .align 4
+ .Lxts_dec_tail4x:
+ add $inp,$inp,#16
+- vld1.32 {$dat0},[$inp],#16
++ tst $tailcnt,#0xf
+ veor $tmp1,$dat1,$tmp0
+ vst1.8 {$tmp1},[$out],#16
+ veor $tmp2,$dat2,$tmp2
+@@ -3362,6 +3362,8 @@ $code.=<<___ if ($flavour =~ /64/);
+ veor $tmp4,$dat4,$tmp4
+ vst1.8 {$tmp3-$tmp4},[$out],#32
+
++ b.eq .Lxts_dec_abort
++ vld1.32 {$dat0},[$inp],#16
+ b .Lxts_done
+ .align 4
+ .Lxts_outer_dec_tail:
diff --git a/dev-libs/openssl/files/openssl-3.0.8-mips-cflags.patch b/dev-libs/openssl/files/openssl-3.0.8-mips-cflags.patch
new file mode 100644
index 000000000000..111681f27d07
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-3.0.8-mips-cflags.patch
@@ -0,0 +1,30 @@
+https://bugs.gentoo.org/894140
+https://github.com/openssl/openssl/issues/20214
+
+From d500b51791cd56e73065e3a7f4487fc33f31c91c Mon Sep 17 00:00:00 2001
+From: Mike Gilbert <floppym@gentoo.org>
+Date: Sun, 12 Feb 2023 17:56:58 -0500
+Subject: [PATCH] Fix Configure test for -mips in CFLAGS
+
+We want to add -mips2 or -mips3 only if the user hasn't already
+specified a mips version in CFLAGS. The existing test was a
+double-negative.
+
+Fixes: https://github.com/openssl/openssl/issues/20214
+---
+ Configure | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Configure b/Configure
+index b6bbec0a85c4..ec48614d6b99 100755
+--- a/Configure
++++ b/Configure
+@@ -1475,7 +1475,7 @@ if ($target =~ /^mingw/ && `$config{CC} --target-help 2>&1` =~ m/-mno-cygwin/m)
+ }
+
+ if ($target =~ /linux.*-mips/ && !$disabled{asm}
+- && !grep { $_ !~ /-m(ips|arch=)/ } (@{$config{CFLAGS}})) {
++ && !grep { $_ =~ /-m(ips|arch=)/ } (@{$config{CFLAGS}})) {
+ # minimally required architecture flags for assembly modules
+ my $value;
+ $value = '-mips2' if ($target =~ /mips32/);
diff --git a/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0464.patch b/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0464.patch
new file mode 100644
index 000000000000..dfe83e53d0ad
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0464.patch
@@ -0,0 +1,214 @@
+commit 2017771e2db3e2b96f89bbe8766c3209f6a99545
+Author: Pauli <pauli@openssl.org>
+Date: Wed Mar 8 15:28:20 2023 +1100
+
+ x509: excessive resource use verifying policy constraints
+
+ A security vulnerability has been identified in all supported versions
+ of OpenSSL related to the verification of X.509 certificate chains
+ that include policy constraints. Attackers may be able to exploit this
+ vulnerability by creating a malicious certificate chain that triggers
+ exponential use of computational resources, leading to a denial-of-service
+ (DoS) attack on affected systems.
+
+ Fixes CVE-2023-0464
+
+ Reviewed-by: Tomas Mraz <tomas@openssl.org>
+ Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
+ (Merged from https://github.com/openssl/openssl/pull/20570)
+
+diff --git a/crypto/x509/pcy_local.h b/crypto/x509/pcy_local.h
+index 18b53cc09e..cba107ca03 100644
+--- a/crypto/x509/pcy_local.h
++++ b/crypto/x509/pcy_local.h
+@@ -111,6 +111,11 @@ struct X509_POLICY_LEVEL_st {
+ };
+
+ struct X509_POLICY_TREE_st {
++ /* The number of nodes in the tree */
++ size_t node_count;
++ /* The maximum number of nodes in the tree */
++ size_t node_maximum;
++
+ /* This is the tree 'level' data */
+ X509_POLICY_LEVEL *levels;
+ int nlevel;
+@@ -157,7 +162,8 @@ X509_POLICY_NODE *ossl_policy_tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk,
+ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
+ X509_POLICY_DATA *data,
+ X509_POLICY_NODE *parent,
+- X509_POLICY_TREE *tree);
++ X509_POLICY_TREE *tree,
++ int extra_data);
+ void ossl_policy_node_free(X509_POLICY_NODE *node);
+ int ossl_policy_node_match(const X509_POLICY_LEVEL *lvl,
+ const X509_POLICY_NODE *node, const ASN1_OBJECT *oid);
+diff --git a/crypto/x509/pcy_node.c b/crypto/x509/pcy_node.c
+index 9d9a7ea179..450f95a655 100644
+--- a/crypto/x509/pcy_node.c
++++ b/crypto/x509/pcy_node.c
+@@ -59,10 +59,15 @@ X509_POLICY_NODE *ossl_policy_level_find_node(const X509_POLICY_LEVEL *level,
+ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
+ X509_POLICY_DATA *data,
+ X509_POLICY_NODE *parent,
+- X509_POLICY_TREE *tree)
++ X509_POLICY_TREE *tree,
++ int extra_data)
+ {
+ X509_POLICY_NODE *node;
+
++ /* Verify that the tree isn't too large. This mitigates CVE-2023-0464 */
++ if (tree->node_maximum > 0 && tree->node_count >= tree->node_maximum)
++ return NULL;
++
+ node = OPENSSL_zalloc(sizeof(*node));
+ if (node == NULL) {
+ ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
+@@ -70,7 +75,7 @@ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
+ }
+ node->data = data;
+ node->parent = parent;
+- if (level) {
++ if (level != NULL) {
+ if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) {
+ if (level->anyPolicy)
+ goto node_error;
+@@ -90,7 +95,7 @@ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
+ }
+ }
+
+- if (tree) {
++ if (extra_data) {
+ if (tree->extra_data == NULL)
+ tree->extra_data = sk_X509_POLICY_DATA_new_null();
+ if (tree->extra_data == NULL){
+@@ -103,6 +108,7 @@ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
+ }
+ }
+
++ tree->node_count++;
+ if (parent)
+ parent->nchild++;
+
+diff --git a/crypto/x509/pcy_tree.c b/crypto/x509/pcy_tree.c
+index fa45da5117..f953a05a41 100644
+--- a/crypto/x509/pcy_tree.c
++++ b/crypto/x509/pcy_tree.c
+@@ -14,6 +14,17 @@
+
+ #include "pcy_local.h"
+
++/*
++ * If the maximum number of nodes in the policy tree isn't defined, set it to
++ * a generous default of 1000 nodes.
++ *
++ * Defining this to be zero means unlimited policy tree growth which opens the
++ * door on CVE-2023-0464.
++ */
++#ifndef OPENSSL_POLICY_TREE_NODES_MAX
++# define OPENSSL_POLICY_TREE_NODES_MAX 1000
++#endif
++
+ static void expected_print(BIO *channel,
+ X509_POLICY_LEVEL *lev, X509_POLICY_NODE *node,
+ int indent)
+@@ -163,6 +174,9 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
+ return X509_PCY_TREE_INTERNAL;
+ }
+
++ /* Limit the growth of the tree to mitigate CVE-2023-0464 */
++ tree->node_maximum = OPENSSL_POLICY_TREE_NODES_MAX;
++
+ /*
+ * http://tools.ietf.org/html/rfc5280#section-6.1.2, figure 3.
+ *
+@@ -180,7 +194,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
+ if ((data = ossl_policy_data_new(NULL,
+ OBJ_nid2obj(NID_any_policy), 0)) == NULL)
+ goto bad_tree;
+- if (ossl_policy_level_add_node(level, data, NULL, tree) == NULL) {
++ if (ossl_policy_level_add_node(level, data, NULL, tree, 1) == NULL) {
+ ossl_policy_data_free(data);
+ goto bad_tree;
+ }
+@@ -239,7 +253,8 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
+ * Return value: 1 on success, 0 otherwise
+ */
+ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
+- X509_POLICY_DATA *data)
++ X509_POLICY_DATA *data,
++ X509_POLICY_TREE *tree)
+ {
+ X509_POLICY_LEVEL *last = curr - 1;
+ int i, matched = 0;
+@@ -249,13 +264,13 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
+ X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(last->nodes, i);
+
+ if (ossl_policy_node_match(last, node, data->valid_policy)) {
+- if (ossl_policy_level_add_node(curr, data, node, NULL) == NULL)
++ if (ossl_policy_level_add_node(curr, data, node, tree, 0) == NULL)
+ return 0;
+ matched = 1;
+ }
+ }
+ if (!matched && last->anyPolicy) {
+- if (ossl_policy_level_add_node(curr, data, last->anyPolicy, NULL) == NULL)
++ if (ossl_policy_level_add_node(curr, data, last->anyPolicy, tree, 0) == NULL)
+ return 0;
+ }
+ return 1;
+@@ -268,7 +283,8 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
+ * Return value: 1 on success, 0 otherwise.
+ */
+ static int tree_link_nodes(X509_POLICY_LEVEL *curr,
+- const X509_POLICY_CACHE *cache)
++ const X509_POLICY_CACHE *cache,
++ X509_POLICY_TREE *tree)
+ {
+ int i;
+
+@@ -276,7 +292,7 @@ static int tree_link_nodes(X509_POLICY_LEVEL *curr,
+ X509_POLICY_DATA *data = sk_X509_POLICY_DATA_value(cache->data, i);
+
+ /* Look for matching nodes in previous level */
+- if (!tree_link_matching_nodes(curr, data))
++ if (!tree_link_matching_nodes(curr, data, tree))
+ return 0;
+ }
+ return 1;
+@@ -307,7 +323,7 @@ static int tree_add_unmatched(X509_POLICY_LEVEL *curr,
+ /* Curr may not have anyPolicy */
+ data->qualifier_set = cache->anyPolicy->qualifier_set;
+ data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
+- if (ossl_policy_level_add_node(curr, data, node, tree) == NULL) {
++ if (ossl_policy_level_add_node(curr, data, node, tree, 1) == NULL) {
+ ossl_policy_data_free(data);
+ return 0;
+ }
+@@ -370,7 +386,7 @@ static int tree_link_any(X509_POLICY_LEVEL *curr,
+ /* Finally add link to anyPolicy */
+ if (last->anyPolicy &&
+ ossl_policy_level_add_node(curr, cache->anyPolicy,
+- last->anyPolicy, NULL) == NULL)
++ last->anyPolicy, tree, 0) == NULL)
+ return 0;
+ return 1;
+ }
+@@ -553,7 +569,7 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree,
+ extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS
+ | POLICY_DATA_FLAG_EXTRA_NODE;
+ node = ossl_policy_level_add_node(NULL, extra, anyPolicy->parent,
+- tree);
++ tree, 1);
+ }
+ if (!tree->user_policies) {
+ tree->user_policies = sk_X509_POLICY_NODE_new_null();
+@@ -580,7 +596,7 @@ static int tree_evaluate(X509_POLICY_TREE *tree)
+
+ for (i = 1; i < tree->nlevel; i++, curr++) {
+ cache = ossl_policy_cache_set(curr->cert);
+- if (!tree_link_nodes(curr, cache))
++ if (!tree_link_nodes(curr, cache, tree))
+ return X509_PCY_TREE_INTERNAL;
+
+ if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY)
diff --git a/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0465.patch b/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0465.patch
new file mode 100644
index 000000000000..a98f7cba13bd
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0465.patch
@@ -0,0 +1,46 @@
+commit facfb1ab745646e97a1920977ae4a9965ea61d5c
+Author: Matt Caswell <matt@openssl.org>
+Date: Tue Mar 7 16:52:55 2023 +0000
+
+ Ensure that EXFLAG_INVALID_POLICY is checked even in leaf certs
+
+ Even though we check the leaf cert to confirm it is valid, we
+ later ignored the invalid flag and did not notice that the leaf
+ cert was bad.
+
+ Fixes: CVE-2023-0465
+
+ Reviewed-by: Hugo Landau <hlandau@openssl.org>
+ Reviewed-by: Tomas Mraz <tomas@openssl.org>
+ (Merged from https://github.com/openssl/openssl/pull/20586)
+
+diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
+index 9384f1da9b..a0282c3ef1 100644
+--- a/crypto/x509/x509_vfy.c
++++ b/crypto/x509/x509_vfy.c
+@@ -1654,15 +1654,23 @@ static int check_policy(X509_STORE_CTX *ctx)
+ goto memerr;
+ /* Invalid or inconsistent extensions */
+ if (ret == X509_PCY_TREE_INVALID) {
+- int i;
++ int i, cbcalled = 0;
+
+ /* Locate certificates with bad extensions and notify callback. */
+- for (i = 1; i < sk_X509_num(ctx->chain); i++) {
++ for (i = 0; i < sk_X509_num(ctx->chain); i++) {
+ X509 *x = sk_X509_value(ctx->chain, i);
+
++ if ((x->ex_flags & EXFLAG_INVALID_POLICY) != 0)
++ cbcalled = 1;
+ CB_FAIL_IF((x->ex_flags & EXFLAG_INVALID_POLICY) != 0,
+ ctx, x, i, X509_V_ERR_INVALID_POLICY_EXTENSION);
+ }
++ if (!cbcalled) {
++ /* Should not be able to get here */
++ ERR_raise(ERR_LIB_X509, ERR_R_INTERNAL_ERROR);
++ return 0;
++ }
++ /* The callback ignored the error so we return success */
+ return 1;
+ }
+ if (ret == X509_PCY_TREE_FAILURE) {
diff --git a/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0466.patch b/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0466.patch
new file mode 100644
index 000000000000..9a315f4c00fd
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0466.patch
@@ -0,0 +1,41 @@
+commit fc814a30fc4f0bc54fcea7d9a7462f5457aab061
+Author: Tomas Mraz <tomas@openssl.org>
+Date: Tue Mar 21 16:15:47 2023 +0100
+
+ Fix documentation of X509_VERIFY_PARAM_add0_policy()
+
+ The function was incorrectly documented as enabling policy checking.
+
+ Fixes: CVE-2023-0466
+
+ Reviewed-by: Paul Dale <pauli@openssl.org>
+ Reviewed-by: Matt Caswell <matt@openssl.org>
+ (Merged from https://github.com/openssl/openssl/pull/20562)
+
+diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod
+index 20aea99b5b..fcbbfc4c30 100644
+--- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod
++++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod
+@@ -98,8 +98,9 @@ B<trust>.
+ X509_VERIFY_PARAM_set_time() sets the verification time in B<param> to
+ B<t>. Normally the current time is used.
+
+-X509_VERIFY_PARAM_add0_policy() enables policy checking (it is disabled
+-by default) and adds B<policy> to the acceptable policy set.
++X509_VERIFY_PARAM_add0_policy() adds B<policy> to the acceptable policy set.
++Contrary to preexisting documentation of this function it does not enable
++policy checking.
+
+ X509_VERIFY_PARAM_set1_policies() enables policy checking (it is disabled
+ by default) and sets the acceptable policy set to B<policies>. Any existing
+@@ -400,6 +401,10 @@ The X509_VERIFY_PARAM_get_hostflags() function was added in OpenSSL 1.1.0i.
+ The X509_VERIFY_PARAM_get0_host(), X509_VERIFY_PARAM_get0_email(),
+ and X509_VERIFY_PARAM_get1_ip_asc() functions were added in OpenSSL 3.0.
+
++The function X509_VERIFY_PARAM_add0_policy() was historically documented as
++enabling policy checking however the implementation has never done this.
++The documentation was changed to align with the implementation.
++
+ =head1 COPYRIGHT
+
+ Copyright 2009-2023 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-1255.patch b/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-1255.patch
new file mode 100644
index 000000000000..aea425f83556
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-1255.patch
@@ -0,0 +1,40 @@
+commit bc2f61ad70971869b242fc1cb445b98bad50074a
+Author: Tomas Mraz <tomas@openssl.org>
+Date: Mon Apr 17 16:51:20 2023 +0200
+
+ aesv8-armx.pl: Avoid buffer overrread in AES-XTS decryption
+
+ Original author: Nevine Ebeid (Amazon)
+ Fixes: CVE-2023-1255
+
+ The buffer overread happens on decrypts of 4 mod 5 sizes.
+ Unless the memory just after the buffer is unmapped this is harmless.
+
+ Reviewed-by: Paul Dale <pauli@openssl.org>
+ Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
+ (Merged from https://github.com/openssl/openssl/pull/20759)
+
+ (cherry picked from commit 72dfe46550ee1f1bbfacd49f071419365bc23304)
+
+diff --git a/crypto/aes/asm/aesv8-armx.pl b/crypto/aes/asm/aesv8-armx.pl
+index ea74217317..efd3ccd1a4 100755
+--- a/crypto/aes/asm/aesv8-armx.pl
++++ b/crypto/aes/asm/aesv8-armx.pl
+@@ -3367,7 +3367,7 @@ $code.=<<___ if ($flavour =~ /64/);
+ .align 4
+ .Lxts_dec_tail4x:
+ add $inp,$inp,#16
+- vld1.32 {$dat0},[$inp],#16
++ tst $tailcnt,#0xf
+ veor $tmp1,$dat1,$tmp0
+ vst1.8 {$tmp1},[$out],#16
+ veor $tmp2,$dat2,$tmp2
+@@ -3376,6 +3376,8 @@ $code.=<<___ if ($flavour =~ /64/);
+ veor $tmp4,$dat4,$tmp4
+ vst1.8 {$tmp3-$tmp4},[$out],#32
+
++ b.eq .Lxts_dec_abort
++ vld1.32 {$dat0},[$inp],#16
+ b .Lxts_done
+ .align 4
+ .Lxts_outer_dec_tail:
diff --git a/dev-libs/openssl/openssl-1.1.1t-r1.ebuild b/dev-libs/openssl/openssl-1.1.1t-r1.ebuild
new file mode 100644
index 000000000000..1d43a457c82a
--- /dev/null
+++ b/dev-libs/openssl/openssl-1.1.1t-r1.ebuild
@@ -0,0 +1,265 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
+inherit edo flag-o-matic toolchain-funcs multilib-minimal verify-sig
+
+MY_P=${P/_/-}
+DESCRIPTION="Full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+ verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
+S="${WORKDIR}/${MY_P}"
+
+LICENSE="openssl"
+SLOT="0/1.1" # .so version of libssl/libcrypto
+if [[ ${PV} != *_pre* ]] ; then
+ KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+fi
+IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
+RESTRICT="!test? ( test )"
+
+RDEPEND="
+ tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}"
+BDEPEND="
+ >=dev-lang/perl-5
+ sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+ test? (
+ sys-apps/diffutils
+ sys-devel/bc
+ kernel_linux? ( sys-process/procps )
+ )
+ verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )"
+PDEPEND="app-misc/ca-certificates"
+
+# force upgrade to prevent broken login, bug #696950
+RDEPEND+=" !<net-misc/openssh-8.0_p1-r3"
+
+MULTILIB_WRAPPED_HEADERS=(
+ usr/include/openssl/opensslconf.h
+)
+
+PATCHES=(
+ # General patches which are suitable to always apply
+ # If they're Gentoo specific, add to USE=-vanilla logic in src_prepare!
+ "${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch # bug #671602
+ "${FILESDIR}"/${PN}-1.1.1i-riscv32.patch
+ "${FILESDIR}"/openssl-3.0.8-mips-cflags.patch
+)
+
+pkg_setup() {
+ [[ ${MERGE_TYPE} == binary ]] && return
+
+ # must check in pkg_setup; sysctl doesn't work with userpriv!
+ if use test && use sctp; then
+ # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+ # if sctp.auth_enable is not enabled.
+ local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+ if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
+ die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+ fi
+ fi
+}
+
+src_unpack() {
+ # Can delete this once test fix patch is dropped
+ if use verify-sig ; then
+ # Needed for downloaded patch (which is unsigned, which is fine)
+ verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
+ fi
+
+ default
+}
+
+src_prepare() {
+ # Make sure we only ever touch Makefile.org and avoid patching a file
+ # that gets blown away anyways by the Configure script in src_configure
+ rm -f Makefile
+
+ if ! use vanilla ; then
+ PATCHES+=(
+ # Add patches which are Gentoo-specific customisations here
+ )
+ fi
+
+ default
+
+ if use test && use sctp && has network-sandbox ${FEATURES}; then
+ einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
+ rm test/recipes/80-test_ssl_new.t || die
+ fi
+
+ # Remove test target when FEATURES=test isn't set
+ if ! use test ; then
+ sed \
+ -e '/^$config{dirs}/s@ "test",@@' \
+ -i Configure || die
+ fi
+
+ if use prefix && [[ ${CHOST} == *-solaris* ]] ; then
+ # use GNU ld full option, not to confuse it on Solaris
+ sed -i \
+ -e 's/-Wl,-M,/-Wl,--version-script=/' \
+ -e 's/-Wl,-h,/-Wl,--soname=/' \
+ Configurations/10-main.conf || die
+
+ # fix building on Solaris 10
+ # https://github.com/openssl/openssl/issues/6333
+ sed -i \
+ -e 's/-lsocket -lnsl -ldl/-lsocket -lnsl -ldl -lrt/' \
+ Configurations/10-main.conf || die
+ fi
+
+ # The config script does stupid stuff to prompt the user. Kill it.
+ sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+}
+
+src_configure() {
+ # Keep this in sync with app-misc/c_rehash
+ SSL_CNF_DIR="/etc/ssl"
+
+ # Quiet out unknown driver argument warnings since openssl
+ # doesn't have well-split CFLAGS and we're making it even worse
+ # and 'make depend' uses -Werror for added fun (bug #417795 again)
+ tc-is-clang && append-flags -Qunused-arguments
+
+ # We really, really need to build OpenSSL w/ strict aliasing disabled.
+ # It's filled with violations and it *will* result in miscompiled
+ # code. This has been in the ebuild for > 10 years but even in 2022,
+ # it's still relevant:
+ # - https://github.com/llvm/llvm-project/issues/55255
+ # - https://github.com/openssl/openssl/issues/18225
+ # - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
+ # Don't remove the no strict aliasing bits below!
+ filter-flags -fstrict-aliasing
+ append-flags -fno-strict-aliasing
+
+ append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+ append-flags $(test-flags-CC -Wa,--noexecstack)
+
+ # bug #197996
+ unset APPS
+ # bug #312551
+ unset SCRIPTS
+ # bug #311473
+ unset CROSS_COMPILE
+
+ tc-export AR CC CXX RANLIB RC
+
+ multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+ use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+
+ local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+ # See if our toolchain supports __uint128_t. If so, it's 64bit
+ # friendly and can use the nicely optimized code paths, bug #460790.
+ #local ec_nistp_64_gcc_128
+ #
+ # Disable it for now though (bug #469976)
+ # Do NOT re-enable without substantial discussion first!
+ #
+ #echo "__uint128_t i;" > "${T}"/128.c
+ #if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+ # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+ #fi
+
+ local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
+ einfo "Use configuration ${sslout:-(openssl knows best)}"
+ local config=( perl "${S}/Configure" )
+ [[ -z ${sslout} ]] && config=( sh "${S}/config" -v )
+
+ # "disable-deprecated" option breaks too many consumers.
+ # Don't set it without thorough revdeps testing.
+ # Make sure user flags don't get added *yet* to avoid duplicated
+ # flags.
+ local myeconfargs=(
+ ${sslout}
+
+ $(use cpu_flags_x86_sse2 || echo "no-sse2")
+ enable-camellia
+ enable-ec
+ enable-ec2m
+ enable-sm2
+ enable-srp
+ $(use elibc_musl && echo "no-async")
+ ${ec_nistp_64_gcc_128}
+ enable-idea
+ enable-mdc2
+ enable-rc5
+ $(use_ssl sslv3 ssl3)
+ $(use_ssl sslv3 ssl3-method)
+ $(use_ssl asm)
+ $(use_ssl rfc3779)
+ $(use_ssl sctp)
+ $(use test || echo "no-tests")
+ $(use_ssl tls-compression zlib)
+ $(use_ssl tls-heartbeat heartbeats)
+ $(use_ssl weak-ssl-ciphers)
+
+ --prefix="${EPREFIX}"/usr
+ --openssldir="${EPREFIX}"${SSL_CNF_DIR}
+ --libdir=$(get_libdir)
+
+ shared
+ threads
+ )
+
+ edo "${config[@]}" "${myeconfargs[@]}"
+}
+
+multilib_src_compile() {
+ emake all
+}
+
+multilib_src_test() {
+ emake -j1 test
+}
+
+multilib_src_install() {
+ emake DESTDIR="${D}" install_sw
+
+ if multilib_is_native_abi; then
+ emake DESTDIR="${D}" install_ssldirs
+ emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} MANSUFFIX=ssl install_docs
+ fi
+
+ # This is crappy in that the static archives are still built even
+ # when USE=static-libs. But this is due to a failing in the openssl
+ # build system: the static archives are built as PIC all the time.
+ # Only way around this would be to manually configure+compile openssl
+ # twice; once with shared lib support enabled and once without.
+ if ! use static-libs; then
+ rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
+ fi
+}
+
+multilib_src_install_all() {
+ # openssl installs perl version of c_rehash by default, but
+ # we provide a shell version via app-misc/c_rehash
+ rm "${ED}"/usr/bin/c_rehash || die
+
+ dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
+
+ # Create the certs directory
+ keepdir ${SSL_CNF_DIR}/certs
+
+ # bug #254521
+ dodir /etc/sandbox.d
+ echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+ diropts -m0700
+ keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+ ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
+ openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
+ eend $?
+}
diff --git a/dev-libs/openssl/openssl-1.1.1t-r3.ebuild b/dev-libs/openssl/openssl-1.1.1t-r3.ebuild
new file mode 100644
index 000000000000..36d0d673d156
--- /dev/null
+++ b/dev-libs/openssl/openssl-1.1.1t-r3.ebuild
@@ -0,0 +1,269 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
+inherit edo flag-o-matic toolchain-funcs multilib-minimal verify-sig
+
+MY_P=${P/_/-}
+DESCRIPTION="Full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+ verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
+S="${WORKDIR}/${MY_P}"
+
+LICENSE="openssl"
+SLOT="0/1.1" # .so version of libssl/libcrypto
+if [[ ${PV} != *_pre* ]] ; then
+ KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+fi
+IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
+RESTRICT="!test? ( test )"
+
+RDEPEND="
+ tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}"
+BDEPEND="
+ >=dev-lang/perl-5
+ sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+ test? (
+ sys-apps/diffutils
+ sys-devel/bc
+ kernel_linux? ( sys-process/procps )
+ )
+ verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )"
+PDEPEND="app-misc/ca-certificates"
+
+# force upgrade to prevent broken login, bug #696950
+RDEPEND+=" !<net-misc/openssh-8.0_p1-r3"
+
+MULTILIB_WRAPPED_HEADERS=(
+ usr/include/openssl/opensslconf.h
+)
+
+PATCHES=(
+ # General patches which are suitable to always apply
+ # If they're Gentoo specific, add to USE=-vanilla logic in src_prepare!
+ "${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch # bug #671602
+ "${FILESDIR}"/${PN}-1.1.1i-riscv32.patch
+ "${FILESDIR}"/openssl-3.0.8-mips-cflags.patch
+ "${FILESDIR}"/openssl-1.1.1t-CVE-2023-0464.patch
+ "${FILESDIR}"/openssl-1.1.1t-CVE-2023-0465.patch
+ "${FILESDIR}"/openssl-1.1.1t-CVE-2023-0466.patch
+)
+
+pkg_setup() {
+ [[ ${MERGE_TYPE} == binary ]] && return
+
+ # must check in pkg_setup; sysctl doesn't work with userpriv!
+ if use test && use sctp; then
+ # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+ # if sctp.auth_enable is not enabled.
+ local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+ if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
+ die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+ fi
+ fi
+}
+
+src_unpack() {
+ # Can delete this once test fix patch is dropped
+ if use verify-sig ; then
+ # Needed for downloaded patch (which is unsigned, which is fine)
+ verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
+ fi
+
+ default
+}
+
+src_prepare() {
+ # Make sure we only ever touch Makefile.org and avoid patching a file
+ # that gets blown away anyways by the Configure script in src_configure
+ rm -f Makefile
+
+ if ! use vanilla ; then
+ PATCHES+=(
+ # Add patches which are Gentoo-specific customisations here
+ )
+ fi
+
+ default
+
+ if use test && use sctp && has network-sandbox ${FEATURES}; then
+ einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
+ rm test/recipes/80-test_ssl_new.t || die
+ fi
+
+ # Test fails depending on kernel configuration, bug #699134
+ rm test/recipes/30-test_afalg.t || die
+
+ # Remove test target when FEATURES=test isn't set
+ if ! use test ; then
+ sed \
+ -e '/^$config{dirs}/s@ "test",@@' \
+ -i Configure || die
+ fi
+
+ if use prefix && [[ ${CHOST} == *-solaris* ]] ; then
+ # use GNU ld full option, not to confuse it on Solaris
+ sed -i \
+ -e 's/-Wl,-M,/-Wl,--version-script=/' \
+ -e 's/-Wl,-h,/-Wl,--soname=/' \
+ Configurations/10-main.conf || die
+ fi
+
+ # The config script does stupid stuff to prompt the user. Kill it.
+ sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+}
+
+src_configure() {
+ # Keep this in sync with app-misc/c_rehash
+ SSL_CNF_DIR="/etc/ssl"
+
+ # Quiet out unknown driver argument warnings since openssl
+ # doesn't have well-split CFLAGS and we're making it even worse
+ # and 'make depend' uses -Werror for added fun (bug #417795 again)
+ tc-is-clang && append-flags -Qunused-arguments
+
+ # We really, really need to build OpenSSL w/ strict aliasing disabled.
+ # It's filled with violations and it *will* result in miscompiled
+ # code. This has been in the ebuild for > 10 years but even in 2022,
+ # it's still relevant:
+ # - https://github.com/llvm/llvm-project/issues/55255
+ # - https://github.com/openssl/openssl/issues/18225
+ # - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
+ # Don't remove the no strict aliasing bits below!
+ filter-flags -fstrict-aliasing
+ append-flags -fno-strict-aliasing
+ # The OpenSSL developers don't test with LTO right now, it leads to various
+ # warnings/errors (which may or may not be false positives), it's considered
+ # unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
+ filter-lto
+
+ append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+ append-flags $(test-flags-CC -Wa,--noexecstack)
+
+ # bug #197996
+ unset APPS
+ # bug #312551
+ unset SCRIPTS
+ # bug #311473
+ unset CROSS_COMPILE
+
+ tc-export AR CC CXX RANLIB RC
+
+ multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+ use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+
+ local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+ # See if our toolchain supports __uint128_t. If so, it's 64bit
+ # friendly and can use the nicely optimized code paths, bug #460790.
+ #local ec_nistp_64_gcc_128
+ #
+ # Disable it for now though (bug #469976)
+ # Do NOT re-enable without substantial discussion first!
+ #
+ #echo "__uint128_t i;" > "${T}"/128.c
+ #if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+ # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+ #fi
+
+ local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
+ einfo "Use configuration ${sslout:-(openssl knows best)}"
+ local config=( perl "${S}/Configure" )
+ [[ -z ${sslout} ]] && config=( sh "${S}/config" -v )
+
+ # "disable-deprecated" option breaks too many consumers.
+ # Don't set it without thorough revdeps testing.
+ # Make sure user flags don't get added *yet* to avoid duplicated
+ # flags.
+ local myeconfargs=(
+ ${sslout}
+
+ $(use cpu_flags_x86_sse2 || echo "no-sse2")
+ enable-camellia
+ enable-ec
+ enable-ec2m
+ enable-sm2
+ enable-srp
+ $(use elibc_musl && echo "no-async")
+ ${ec_nistp_64_gcc_128}
+ enable-idea
+ enable-mdc2
+ enable-rc5
+ $(use_ssl sslv3 ssl3)
+ $(use_ssl sslv3 ssl3-method)
+ $(use_ssl asm)
+ $(use_ssl rfc3779)
+ $(use_ssl sctp)
+ $(use test || echo "no-tests")
+ $(use_ssl tls-compression zlib)
+ $(use_ssl tls-heartbeat heartbeats)
+ $(use_ssl weak-ssl-ciphers)
+
+ --prefix="${EPREFIX}"/usr
+ --openssldir="${EPREFIX}"${SSL_CNF_DIR}
+ --libdir=$(get_libdir)
+
+ shared
+ threads
+ )
+
+ edo "${config[@]}" "${myeconfargs[@]}"
+}
+
+multilib_src_compile() {
+ emake all
+}
+
+multilib_src_test() {
+ emake -j1 test
+}
+
+multilib_src_install() {
+ emake DESTDIR="${D}" install_sw
+
+ if multilib_is_native_abi; then
+ emake DESTDIR="${D}" install_ssldirs
+ emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} MANSUFFIX=ssl install_docs
+ fi
+
+ # This is crappy in that the static archives are still built even
+ # when USE=static-libs. But this is due to a failing in the openssl
+ # build system: the static archives are built as PIC all the time.
+ # Only way around this would be to manually configure+compile openssl
+ # twice; once with shared lib support enabled and once without.
+ if ! use static-libs; then
+ rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
+ fi
+}
+
+multilib_src_install_all() {
+ # openssl installs perl version of c_rehash by default, but
+ # we provide a shell version via app-misc/c_rehash
+ rm "${ED}"/usr/bin/c_rehash || die
+
+ dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
+
+ # Create the certs directory
+ keepdir ${SSL_CNF_DIR}/certs
+
+ # bug #254521
+ dodir /etc/sandbox.d
+ echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+ diropts -m0700
+ keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+ ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
+ openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
+ eend $?
+}
diff --git a/dev-libs/openssl/openssl-3.0.8-r4.ebuild b/dev-libs/openssl/openssl-3.0.8-r4.ebuild
new file mode 100644
index 000000000000..e504eb575575
--- /dev/null
+++ b/dev-libs/openssl/openssl-3.0.8-r4.ebuild
@@ -0,0 +1,281 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
+inherit edo flag-o-matic linux-info toolchain-funcs multilib-minimal multiprocessing verify-sig
+
+DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
+HOMEPAGE="https://www.openssl.org/"
+
+MY_P=${P/_/-}
+
+if [[ ${PV} == 9999 ]] ; then
+ EGIT_REPO_URI="https://github.com/openssl/openssl.git"
+
+ inherit git-r3
+else
+ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+ verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos"
+fi
+
+S="${WORKDIR}"/${MY_P}
+
+LICENSE="Apache-2.0"
+SLOT="0/3" # .so version of libssl/libcrypto
+IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
+RESTRICT="!test? ( test )"
+
+COMMON_DEPEND="
+ tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+"
+BDEPEND="
+ >=dev-lang/perl-5
+ sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+ test? (
+ sys-apps/diffutils
+ sys-devel/bc
+ sys-process/procps
+ )
+ verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )"
+
+DEPEND="${COMMON_DEPEND}"
+RDEPEND="${COMMON_DEPEND}"
+PDEPEND="app-misc/ca-certificates"
+
+MULTILIB_WRAPPED_HEADERS=(
+ /usr/include/openssl/configuration.h
+)
+
+PATCHES=(
+ "${FILESDIR}"/openssl-3.0.8-mips-cflags.patch
+ "${FILESDIR}"/openssl-3.0.8-CVE-2023-0464.patch
+ "${FILESDIR}"/openssl-3.0.8-CVE-2023-0465.patch
+ "${FILESDIR}"/openssl-3.0.8-CVE-2023-0466.patch
+ "${FILESDIR}"/openssl-3.0.8-CVE-2023-1255.patch
+)
+
+pkg_setup() {
+ if use ktls ; then
+ if kernel_is -lt 4 18 ; then
+ ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
+ else
+ CONFIG_CHECK="~TLS ~TLS_DEVICE"
+ ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
+ ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
+ use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
+
+ linux-info_pkg_setup
+ fi
+ fi
+
+ [[ ${MERGE_TYPE} == binary ]] && return
+
+ # must check in pkg_setup; sysctl doesn't work with userpriv!
+ if use test && use sctp ; then
+ # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+ # if sctp.auth_enable is not enabled.
+ local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+ if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
+ die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+ fi
+ fi
+}
+
+src_unpack() {
+ # Can delete this once test fix patch is dropped
+ if use verify-sig ; then
+ # Needed for downloaded patch (which is unsigned, which is fine)
+ verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
+ fi
+
+ default
+}
+
+src_prepare() {
+ # Make sure we only ever touch Makefile.org and avoid patching a file
+ # that gets blown away anyways by the Configure script in src_configure
+ rm -f Makefile
+
+ if ! use vanilla ; then
+ PATCHES+=(
+ # Add patches which are Gentoo-specific customisations here
+ )
+ fi
+
+ default
+
+ if use test && use sctp && has network-sandbox ${FEATURES} ; then
+ einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
+ rm test/recipes/80-test_ssl_new.t || die
+ fi
+
+ # Test fails depending on kernel configuration, bug #699134
+ rm test/recipes/30-test_afalg.t || die
+}
+
+src_configure() {
+ # Keep this in sync with app-misc/c_rehash
+ SSL_CNF_DIR="/etc/ssl"
+
+ # Quiet out unknown driver argument warnings since openssl
+ # doesn't have well-split CFLAGS and we're making it even worse
+ # and 'make depend' uses -Werror for added fun (bug #417795 again)
+ tc-is-clang && append-flags -Qunused-arguments
+
+ # We really, really need to build OpenSSL w/ strict aliasing disabled.
+ # It's filled with violations and it *will* result in miscompiled
+ # code. This has been in the ebuild for > 10 years but even in 2022,
+ # it's still relevant:
+ # - https://github.com/llvm/llvm-project/issues/55255
+ # - https://github.com/openssl/openssl/issues/18225
+ # - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
+ # Don't remove the no strict aliasing bits below!
+ filter-flags -fstrict-aliasing
+ append-flags -fno-strict-aliasing
+ # The OpenSSL developers don't test with LTO right now, it leads to various
+ # warnings/errors (which may or may not be false positives), it's considered
+ # unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
+ filter-lto
+
+ append-flags $(test-flags-CC -Wa,--noexecstack)
+
+ # bug #197996
+ unset APPS
+ # bug #312551
+ unset SCRIPTS
+ # bug #311473
+ unset CROSS_COMPILE
+
+ tc-export AR CC CXX RANLIB RC
+
+ multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+ use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+
+ local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+ # See if our toolchain supports __uint128_t. If so, it's 64bit
+ # friendly and can use the nicely optimized code paths, bug #460790.
+ #local ec_nistp_64_gcc_128
+ #
+ # Disable it for now though (bug #469976)
+ # Do NOT re-enable without substantial discussion first!
+ #
+ #echo "__uint128_t i;" > "${T}"/128.c
+ #if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+ # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+ #fi
+
+ local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
+ einfo "Using configuration: ${sslout:-(openssl knows best)}"
+
+ # https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
+ local myeconfargs=(
+ ${sslout}
+
+ $(use cpu_flags_x86_sse2 || echo "no-sse2")
+ enable-camellia
+ enable-ec
+ enable-ec2m
+ enable-sm2
+ enable-srp
+ $(use elibc_musl && echo "no-async")
+ enable-idea
+ enable-mdc2
+ enable-rc5
+ $(use fips && echo "enable-fips")
+ $(use_ssl asm)
+ $(use_ssl ktls)
+ $(use_ssl rfc3779)
+ $(use_ssl sctp)
+ $(use test || echo "no-tests")
+ $(use_ssl tls-compression zlib)
+ $(use_ssl weak-ssl-ciphers)
+
+ --prefix="${EPREFIX}"/usr
+ --openssldir="${EPREFIX}"${SSL_CNF_DIR}
+ --libdir=$(get_libdir)
+
+ shared
+ threads
+ )
+
+ edo perl "${S}/Configure" "${myeconfargs[@]}"
+}
+
+multilib_src_compile() {
+ emake build_sw
+
+ if multilib_is_native_abi; then
+ emake build_docs
+ fi
+}
+
+multilib_src_test() {
+ # VFP = show subtests verbosely and show failed tests verbosely
+ # Normal V=1 would show everything verbosely but this slows things down.
+ emake HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test
+}
+
+multilib_src_install() {
+ emake DESTDIR="${D}" install_sw
+ if use fips; then
+ emake DESTDIR="${D}" install_fips
+ # Regen this in pkg_preinst, bug 900625
+ rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
+ fi
+
+ if multilib_is_native_abi; then
+ emake DESTDIR="${D}" install_ssldirs
+ emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} install_docs
+ fi
+
+ # This is crappy in that the static archives are still built even
+ # when USE=static-libs. But this is due to a failing in the openssl
+ # build system: the static archives are built as PIC all the time.
+ # Only way around this would be to manually configure+compile openssl
+ # twice; once with shared lib support enabled and once without.
+ if ! use static-libs ; then
+ rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
+ fi
+}
+
+multilib_src_install_all() {
+ # openssl installs perl version of c_rehash by default, but
+ # we provide a shell version via app-misc/c_rehash
+ rm "${ED}"/usr/bin/c_rehash || die
+
+ dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
+
+ # Create the certs directory
+ keepdir ${SSL_CNF_DIR}/certs
+
+ # bug #254521
+ dodir /etc/sandbox.d
+ echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+ diropts -m0700
+ keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_preinst() {
+ if use fips; then
+ # Regen fipsmodule.cnf, bug 900625
+ ebegin "Running openssl fipsinstall"
+ "${ED}/usr/bin/openssl" fipsinstall -quiet \
+ -out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
+ -module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
+ eend $?
+ fi
+}
+
+pkg_postinst() {
+ ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
+ openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
+ eend $?
+}
diff --git a/dev-libs/openssl/openssl-3.1.0-r3.ebuild b/dev-libs/openssl/openssl-3.1.0-r3.ebuild
new file mode 100644
index 000000000000..5f1ec4c39f0f
--- /dev/null
+++ b/dev-libs/openssl/openssl-3.1.0-r3.ebuild
@@ -0,0 +1,284 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
+inherit edo flag-o-matic linux-info toolchain-funcs multilib-minimal multiprocessing verify-sig
+
+DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
+HOMEPAGE="https://www.openssl.org/"
+
+MY_P=${P/_/-}
+
+if [[ ${PV} == 9999 ]] ; then
+ EGIT_REPO_URI="https://github.com/openssl/openssl.git"
+
+ inherit git-r3
+else
+ SRC_URI="
+ mirror://openssl/source/${MY_P}.tar.gz
+ verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )
+ "
+ #KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+fi
+
+S="${WORKDIR}"/${MY_P}
+
+LICENSE="Apache-2.0"
+SLOT="0/$(ver_cut 1)" # .so version of libssl/libcrypto
+IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
+RESTRICT="!test? ( test )"
+
+COMMON_DEPEND="
+ !<net-misc/openssh-9.2_p1-r3
+ tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+"
+BDEPEND="
+ >=dev-lang/perl-5
+ sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+ test? (
+ sys-apps/diffutils
+ sys-devel/bc
+ sys-process/procps
+ )
+ verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )"
+
+DEPEND="${COMMON_DEPEND}"
+RDEPEND="${COMMON_DEPEND}"
+PDEPEND="app-misc/ca-certificates"
+
+MULTILIB_WRAPPED_HEADERS=(
+ /usr/include/openssl/configuration.h
+)
+
+PATCHES=(
+ "${FILESDIR}"/openssl-3.0.8-mips-cflags.patch
+ "${FILESDIR}"/openssl-3.1.0-CVE-2023-0464.patch
+ "${FILESDIR}"/openssl-3.1.0-CVE-2023-0465.patch
+ "${FILESDIR}"/openssl-3.1.0-CVE-2023-0466.patch
+ "${FILESDIR}"/openssl-3.1.0-CVE-2023-1255.patch
+)
+
+pkg_setup() {
+ if use ktls ; then
+ if kernel_is -lt 4 18 ; then
+ ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
+ else
+ CONFIG_CHECK="~TLS ~TLS_DEVICE"
+ ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
+ ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
+ use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
+
+ linux-info_pkg_setup
+ fi
+ fi
+
+ [[ ${MERGE_TYPE} == binary ]] && return
+
+ # must check in pkg_setup; sysctl doesn't work with userpriv!
+ if use test && use sctp ; then
+ # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+ # if sctp.auth_enable is not enabled.
+ local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+ if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
+ die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+ fi
+ fi
+}
+
+src_unpack() {
+ # Can delete this once test fix patch is dropped
+ if use verify-sig ; then
+ # Needed for downloaded patch (which is unsigned, which is fine)
+ verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
+ fi
+
+ default
+}
+
+src_prepare() {
+ # Make sure we only ever touch Makefile.org and avoid patching a file
+ # that gets blown away anyways by the Configure script in src_configure
+ rm -f Makefile
+
+ if ! use vanilla ; then
+ PATCHES+=(
+ # Add patches which are Gentoo-specific customisations here
+ )
+ fi
+
+ default
+
+ if use test && use sctp && has network-sandbox ${FEATURES} ; then
+ einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
+ rm test/recipes/80-test_ssl_new.t || die
+ fi
+
+ # Test fails depending on kernel configuration, bug #699134
+ rm test/recipes/30-test_afalg.t || die
+}
+
+src_configure() {
+ # Keep this in sync with app-misc/c_rehash
+ SSL_CNF_DIR="/etc/ssl"
+
+ # Quiet out unknown driver argument warnings since openssl
+ # doesn't have well-split CFLAGS and we're making it even worse
+ # and 'make depend' uses -Werror for added fun (bug #417795 again)
+ tc-is-clang && append-flags -Qunused-arguments
+
+ # We really, really need to build OpenSSL w/ strict aliasing disabled.
+ # It's filled with violations and it *will* result in miscompiled
+ # code. This has been in the ebuild for > 10 years but even in 2022,
+ # it's still relevant:
+ # - https://github.com/llvm/llvm-project/issues/55255
+ # - https://github.com/openssl/openssl/issues/18225
+ # - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
+ # Don't remove the no strict aliasing bits below!
+ filter-flags -fstrict-aliasing
+ append-flags -fno-strict-aliasing
+ # The OpenSSL developers don't test with LTO right now, it leads to various
+ # warnings/errors (which may or may not be false positives), it's considered
+ # unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
+ filter-lto
+
+ append-flags $(test-flags-CC -Wa,--noexecstack)
+
+ # bug #197996
+ unset APPS
+ # bug #312551
+ unset SCRIPTS
+ # bug #311473
+ unset CROSS_COMPILE
+
+ tc-export AR CC CXX RANLIB RC
+
+ multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+ use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+
+ local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+ # See if our toolchain supports __uint128_t. If so, it's 64bit
+ # friendly and can use the nicely optimized code paths, bug #460790.
+ #local ec_nistp_64_gcc_128
+ #
+ # Disable it for now though (bug #469976)
+ # Do NOT re-enable without substantial discussion first!
+ #
+ #echo "__uint128_t i;" > "${T}"/128.c
+ #if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+ # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+ #fi
+
+ local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
+ einfo "Using configuration: ${sslout:-(openssl knows best)}"
+
+ # https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
+ local myeconfargs=(
+ ${sslout}
+
+ $(use cpu_flags_x86_sse2 || echo "no-sse2")
+ enable-camellia
+ enable-ec
+ enable-ec2m
+ enable-sm2
+ enable-srp
+ $(use elibc_musl && echo "no-async")
+ enable-idea
+ enable-mdc2
+ enable-rc5
+ $(use fips && echo "enable-fips")
+ $(use_ssl asm)
+ $(use_ssl ktls)
+ $(use_ssl rfc3779)
+ $(use_ssl sctp)
+ $(use test || echo "no-tests")
+ $(use_ssl tls-compression zlib)
+ $(use_ssl weak-ssl-ciphers)
+
+ --prefix="${EPREFIX}"/usr
+ --openssldir="${EPREFIX}"${SSL_CNF_DIR}
+ --libdir=$(get_libdir)
+
+ shared
+ threads
+ )
+
+ edo perl "${S}/Configure" "${myeconfargs[@]}"
+}
+
+multilib_src_compile() {
+ emake build_sw
+
+ if multilib_is_native_abi; then
+ emake build_docs
+ fi
+}
+
+multilib_src_test() {
+ # VFP = show subtests verbosely and show failed tests verbosely
+ # Normal V=1 would show everything verbosely but this slows things down.
+ emake HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test
+}
+
+multilib_src_install() {
+ emake DESTDIR="${D}" install_sw
+ if use fips; then
+ emake DESTDIR="${D}" install_fips
+ # Regen this in pkg_preinst, bug 900625
+ rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
+ fi
+
+ if multilib_is_native_abi; then
+ emake DESTDIR="${D}" install_ssldirs
+ emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} install_docs
+ fi
+
+ # This is crappy in that the static archives are still built even
+ # when USE=static-libs. But this is due to a failing in the openssl
+ # build system: the static archives are built as PIC all the time.
+ # Only way around this would be to manually configure+compile openssl
+ # twice; once with shared lib support enabled and once without.
+ if ! use static-libs ; then
+ rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
+ fi
+}
+
+multilib_src_install_all() {
+ # openssl installs perl version of c_rehash by default, but
+ # we provide a shell version via app-misc/c_rehash
+ rm "${ED}"/usr/bin/c_rehash || die
+
+ dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
+
+ # Create the certs directory
+ keepdir ${SSL_CNF_DIR}/certs
+
+ # bug #254521
+ dodir /etc/sandbox.d
+ echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+ diropts -m0700
+ keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_preinst() {
+ if use fips; then
+ # Regen fipsmodule.cnf, bug 900625
+ ebegin "Running openssl fipsinstall"
+ "${ED}/usr/bin/openssl" fipsinstall -quiet \
+ -out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
+ -module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
+ eend $?
+ fi
+}
+
+pkg_postinst() {
+ ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
+ openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
+ eend $?
+}
diff --git a/dev-libs/serdisplib/Manifest b/dev-libs/serdisplib/Manifest
index 5ce715474d1f..49c046734f99 100644
--- a/dev-libs/serdisplib/Manifest
+++ b/dev-libs/serdisplib/Manifest
@@ -2,5 +2,5 @@ AUX serdisplib-2.02-disable-static-build.patch 3327 BLAKE2B 677d3dcc121cbc42345e
AUX serdisplib-2.02-musl.patch 639 BLAKE2B 4428488881962784503b74d952aec573d512150d69117099f89972ed3ba020437708a472aa9017f3fbef826d40fad0c46b0a9641a256061e8d078ac2a4bb1c59 SHA512 b81a2e0de075e6d112f8131dd37f787dc3eb2652762a92d84b7a5260c42bb07b2b20c214fb12098ecb3fc6934beea8e11b811d7071185898f048e2ade0376560
AUX serdisplib-2.02-use-destdir.patch 3400 BLAKE2B 77d9adc8c9a44586cbe352c6273677704d7335fc75c82d50a681c361a10a45484ae0dfb3241bf9d99ba242f6548df9cb036992b46e157f9c4ec3ca098397be7e SHA512 370ace46b39ba5e67d7f728a3cb3980b75a2c7e6e5fb25273f9c3bfbe10f33479bfcff92e3074a2cb80985c114d161b78115410dd88330810f654875e57d7575
DIST serdisplib-2.02.tar.gz 497028 BLAKE2B f35b6df60303a288b2a279d821a510089802019f33b7ee36b9c2fd1d1d6bef0b3118793e6d965076c1665e1e2555a553186ef1a9210712ef9d2bc1e090ec0a98 SHA512 d9936c25dc14e24eb02876f203476752340e621d8ee5c87ee99862575e45199bf46ff8487dfdd80b16a89543958fdf5a16a2aaf78d5cade06811cfb1592c45eb
-EBUILD serdisplib-2.02-r2.ebuild 2902 BLAKE2B 23121f10c18c7bfaa47b7b4a68eb990b5d3f0a23d0027170beed974495a2a5502f35bd2231affbbf2d072e480a3e82d47b6eeddc31147eb9fd6ac6b63c089926 SHA512 3b153c2abda383c753b5ac1aa6a156da969d3af0b1aa97d441a3af0a96bb8e976a2afefa3e92b4961af1116c6a8c3e32b017ffba6264203a37ebe6ca24bcfd16
+EBUILD serdisplib-2.02-r2.ebuild 2887 BLAKE2B 05303419febab510c652f8667d30c7e6bfe6e2bbb4606af8bd4aeb56b4dbba6a5d5808b3918364825bf4037967945ec5ea82dbcfb367123f027b13b9ed68eace SHA512 e87cd535de6694e9caafede2561061d490451a145e93ffece217e666612e515446c3de0b552b6c7c1e24518a2406618a08bbece25ba28e19992e037bb59285ee
MISC metadata.xml 663 BLAKE2B 006db175fbd12bc996c0718a226bb2aabc967e0896dc78c351da1990246850a0a4fe67eb84281342d7fe02fd65f26e59a2a22323520a086192aa9f4922a92229 SHA512 539a6ee6568d6db434c5bf23548a116d72103e9efe878d4aec1563e3c3384b2e5012c45699357188f3003bcd81c29bb60b274a59f66648b65bc85359ba376d37
diff --git a/dev-libs/serdisplib/serdisplib-2.02-r2.ebuild b/dev-libs/serdisplib/serdisplib-2.02-r2.ebuild
index ba4565132b83..63f9e8620b12 100644
--- a/dev-libs/serdisplib/serdisplib-2.02-r2.ebuild
+++ b/dev-libs/serdisplib/serdisplib-2.02-r2.ebuild
@@ -21,14 +21,12 @@ IUSE_LCD_DEVICES=(
rs232 sed133x sed153x sed156x ssdoled stv8105 t6963 vssdcp
)
-printf -v mangled_lcd_devices 'lcd_devices_%s ' ${IUSE_LCD_DEVICES[@]}
-
# Add supported drivers from 'IUSE_LCD_DEVICES' to 'IUSE' and 'REQUIRED_USE'.
# Also enable 'lcd_devices_directgfx' as default.
-IUSE+=" ${mangled_lcd_devices}"
+IUSE+=" $(printf 'lcd_devices_%s ' ${IUSE_LCD_DEVICES[@]}) "
IUSE="${IUSE/lcd_devices_directgfx/+lcd_devices_directgfx}"
REQUIRED_USE+="
- || ( ${mangled_lcd_devices} )
+ || ( $(printf 'lcd_devices_%s ' ${IUSE_LCD_DEVICES[@]}) )
lcd_devices_framebuffer? ( threads )
"
diff --git a/dev-libs/weston/Manifest b/dev-libs/weston/Manifest
index c9bdba807942..c1186039a09e 100644
--- a/dev-libs/weston/Manifest
+++ b/dev-libs/weston/Manifest
@@ -5,7 +5,7 @@ DIST weston-10.0.0.tar.xz 1774600 BLAKE2B b2b8fa4f7542aba03970ca8abf504f340f8f8d
DIST weston-11.0.1.tar.xz 1900796 BLAKE2B 33d7d5b3340e7074265885bd54ee039e8b5d448fa9f58f4bf9f823efd2557da9b916d903119565a806ab698382fe185165c8ede8614e983c872dfe15b474b616 SHA512 d451230fc260b45aaaadb5cf0aa360629e45e72e3b3676c6ec040d6c6549dbb57d05683effd962c3b2d61482b47a6c990d12cc736c896b501d982c8c4d34834c
DIST weston-12.0.1.tar.xz 1969772 BLAKE2B d7a76ad6e11b76b73b91aeb9b3b49e823ecc8170bd1306f9a8ed90fa49d9bc7734e4c0595ca67f11421ecf5b4dbf04289cf803726c508e8c979a9850c0e94ccb SHA512 3dcfa1a2a6b9a605d3ecd597bf7ac0f87b0fd1971845b6e5c44b5e34296943ac146dae6e1cfea9be14ad7a9a8b6d30dc765f9289ef80920d7c516ebba1ba4688
EBUILD weston-10.0.0.ebuild 3934 BLAKE2B fd140a51aeceac3251a2f5f0878cb5f4e37b630c4ad7807873ac041c863f490bb7845d29086dc17d169856dc8e9dd9a1e87c042b94c6e46ef2b5ae0810412ef1 SHA512 f48f41f7fdf96d2b1a9842150d57e1fd394b7e86725318aabb8bc472d7fab2483e1e4654c37271f13dc92efc92139e58c12bf8972d250028d9f7dc7dfd469921
-EBUILD weston-11.0.1.ebuild 3659 BLAKE2B d6ccf7efb9880e015c927211109e65a55481846ef6c8bc4ebfadd29f63f3d41e802365e4f0002fc5e38cd13631285eb65b9eb0bc41fc1bca389a247e8c012cd6 SHA512 a009f70f667485aab2496a5947e944854b09620db09ce70b8aaa1e669a347d4384b89bef35d004e4697716c36a4262340a597a8869bacb2c3b0df5dd6fee9459
+EBUILD weston-11.0.1.ebuild 3660 BLAKE2B 7f5f839613133f8e0a91d84f38802c7c5003806e0e0eeb512e88eac3e30f7f938459f6378c30ffabe48433662886a673347d45b4c34dac2b1fc1a5d92d212ac9 SHA512 1fc628480db9cbae5f021c6cd5c82055d11032a01f569b2e9c57202dea7ff4eb00dbae8f20d231c4a8f3fbc9eb333bf44ec24818e0c0b0c1d67cd9a9e30c75bf
EBUILD weston-12.0.1.ebuild 3686 BLAKE2B e84ee5c700efe156412620f048e47b54bb015b4a107c71f9c85ae7d9eefce40bdeae59b6b8837fb7be20666c12f89ef5269c1c0c08e068f0d3ee381f22e00d64 SHA512 1c7478c575d616e544451ea20fd6d92f0eb933731c8365ac19c389bf9d346db2c6a9eae1c3f5755e79e793e7b2e190992d8d2d30ebba1834a9a32ab577528e0c
EBUILD weston-9999.ebuild 3705 BLAKE2B 80f5d38e267ea8e422b2bd6b9b935dac285573c761be1a4319c3c7e26687bf52d598f24a6aeab96dd5c6c7f8b6ed5b5467b60fc44232bcd2653e5476f76972fa SHA512 c1077cd94be525ee6c09c3871567eb4f1bd33e99c6aa8f33424ff779874839847efbb564eb3d698ea0a17e3ea6bbb1b5b9411ca521cd54d5e7636a812e6db708
MISC metadata.xml 1608 BLAKE2B 179aa99a3445aca06bee40c9794b2e932a81d5160a375a501631938d855db8d785de876b7c674dacb5295fe33a422a85f1cd8df8da1fc230a6ad5286e5606a3b SHA512 daf7602fb7efa103a79f029d2c40825156dd787694364f5da33e43eea297022da2df070a9b051d3bbb55da5663a1550dca39db31b6c4fd9d38eea465ada909a1
diff --git a/dev-libs/weston/weston-11.0.1.ebuild b/dev-libs/weston/weston-11.0.1.ebuild
index 83deecda3ef6..c5d8bf1ada2a 100644
--- a/dev-libs/weston/weston-11.0.1.ebuild
+++ b/dev-libs/weston/weston-11.0.1.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} = *9999* ]]; then
SRC_URI="${SRC_PATCHES}"
else
SRC_URI="https://gitlab.freedesktop.org/wayland/${PN}/uploads/f5648c818fba5432edc3ea63c4db4813/${P}.tar.xz"
- KEYWORDS="amd64 arm arm64 ~ia64 ~loong ~ppc ppc64 ~riscv ~sparc x86"
+ KEYWORDS="amd64 arm arm64 ~ia64 ~loong ~ppc ~ppc64 ~riscv ~sparc x86"
fi
LICENSE="MIT CC-BY-SA-3.0"
diff --git a/dev-libs/xmlsec/Manifest b/dev-libs/xmlsec/Manifest
index a64009b7b09f..9c1a24230066 100644
--- a/dev-libs/xmlsec/Manifest
+++ b/dev-libs/xmlsec/Manifest
@@ -1,12 +1,8 @@
-AUX xmlsec-1.2.37-libressl.patch 1614 BLAKE2B 5b9c2731018d3b371867d30318d55e5f48e4e91359e80abffac212abb35fa274ec35ed9510eb3c01422d8142698669a115f85e9776af8424458de41c66c93b13 SHA512 423997e32223fc45467f9857e709b5707c64aba01ac892253e0be588d767fbfd7c2205a312600910d9cb734b4945e36048292ad59d40de4d43d98af9abe8b1b9
AUX xmlsec-1.3.0-clang.patch 614 BLAKE2B 4f08a58e1e7f56d7ae0ec117d836251342ce95b2b8f7290ace8d617f49dbd3130dda8c16417f850268295bbfd24051680dc89ec4d110ed0d66dfcfdf3890ccef SHA512 fdf44de3dd7c1c72d0fceea7ae204a749339b5f022e3354dedcb08564c638567552ea83c434f7d4b82165c77de7a816cbf92dc2cc141c0958aa78420030a8a54
AUX xmlsec-1.3.0-optimisation.patch 583 BLAKE2B 9035391762150ffa82eef10bc1ba1bde08b04e9e968bf850673dae3e27650e85516e1da4dc3385cd7aafde4cab6270a84e5205a149bcb19dbbdca5ffae678ac8 SHA512 fac70c0e0761d1d8016fb597ed4c139628bfab9d3600eeff17c16b9414732076bea65bee5c778481ecf944053319e030dfb4a455c6d51ba3e758007c36f72323
AUX xmlsec-1.3.0-strict-prototypes.patch 637 BLAKE2B b6adffe488b5e69e0338e040b8be5c611b927935c2a0f19ee58a9b19731c53b0c8f97d1d42d4b6d5b96400b91d5d31628bfa98e91e3ab4ba68b945d06508eff9 SHA512 03d7ca70aac92b01c78a87f8731d0302b441547c36a274f577f2c31e313b37aa9292b803affb7bf052426e80250480c6bb598be0f9e35d08293025a2f673caad
DIST xmlsec1-1.2.37.tar.gz 2009175 BLAKE2B 19f43ba6bf6eb49428b9c5563baecbab21476f326cceee13785ae16769afa258f100732831c0f3f7d160543bd075cdcfdc5cbf11b7406637ee6c2f0e27c07f30 SHA512 99220cb28a346ffac0023f9f177d6a7be3ddcea04bea434b7dc926c1f0aaa5564d75f74f92896ac100179c04d77e001f688ddf46fed4e0a0b4f20b7b87c24900
DIST xmlsec1-1.3.0.tar.gz 2425729 BLAKE2B a83d0117aaf1824a8a8f597f73ab1b76bcd1a9f0bb5d160df6c775f70cd2485f8e09c250f4ddbb4d42ba35549f9617d06f5470a91306757b4d5d54fdc0684f3c SHA512 ac1b1b88336959f54ef7fcfd6b9ff0feb2ba00a966a8e5b4efb97e802a1f9bb7adf5f4524c7f169344a1b7258377b5a7e879a0ab5ce25cfae3b05eac9b54729d
-DIST xmlsec1-1.3.1.tar.gz 2432943 BLAKE2B 1dafdffd959579add5c579e3fa9c9f9ddc73ce4aadc6fc2139506e6e64ffcd1bbe7298786e414900eb9f33f93b0a47da64e686c499e48d4c80d81b256db6692e SHA512 7f30c15c3edcafe70fa5febaa0ba39f73f8d30525ee102b5961a658dd2842fbc58e63f7595f15b150d71bf735bfa7688c3694a191b0d475776ca26902d90d25f
-EBUILD xmlsec-1.2.37-r1.ebuild 1525 BLAKE2B 0624803cc515de782244cb180fae354fdb012e2635029929b36823171bf2ff97c4aea6330dbe79e7334152ea4e3366b21de2fe8dee23b90089c127926e48152a SHA512 f1b760047831e6596a507ffb88e87e64ca55de571b8db6f0fe85a8d789985daaa3c4a901acfff9c345037589a330b153e4dd6fcbebf840ffe3a2df972cdfcb2d
EBUILD xmlsec-1.2.37.ebuild 1463 BLAKE2B d7cd33b3533395b59f4971deae688336fc4b8f52b5e948d7064cb19d7bbd043c7c8d3b48f5b499e51ebc529982b34b1d12a148fd35cfa700270334d7fa555124 SHA512 e92545fd5b5bb5977757cf18c8726a9335403cdc83d2367337e95ed305871cc6279568c1abce800738eefb60a7b84e4f508536c44a5a6426d6268950db223437
EBUILD xmlsec-1.3.0-r1.ebuild 1910 BLAKE2B b845d3d31f138e13e3e21031af43b2d340f059579203c99e377d26c893516c12135dc9d800effae8ace72116c9f661e0b9aea8a2fe125ece04282faa2aa8a8d3 SHA512 885bd017019f1a4ed6f34a298b8fb4666bf0ea66d01fbefab7051548d2d3cbc96f84b6cf696a28e971de0f530fa8068851aa32eb02e2cbffe872dd2ef3ab55ce
-EBUILD xmlsec-1.3.1.ebuild 1847 BLAKE2B d5154e27cf933902e70fbdbd6b4f82dc43a3add1118f33d32f0ac35f0715629f29a392004edc1e0fbea3b945662676625c4fbb44b92404d2e1c255e51422c0a5 SHA512 07c09101f6b1138eb17b0d704750c2000d4d8e31b95d4efccf409b1ab871373f453eb279d82de612dd897e432e0a825997b23ef53be1bad22e3c49ab0a730b14
MISC metadata.xml 558 BLAKE2B e4517ffa3f034420139ee0fbb8ed51a3cb319b1400e52d6a1d2d3b5363aa64831fd9cc93f49ab25d36a5fcae63115d0ffd152540f176c25dc49f77fbf4dd6c9d SHA512 6aab5452478ba1f71018274b75761c3467868f271b3cf256d05645407fa9c3cc64823384094c8e9024f936dfdaea5be2b8e91573e9addb07c5dab5f142c6a70d
diff --git a/dev-libs/xmlsec/files/xmlsec-1.2.37-libressl.patch b/dev-libs/xmlsec/files/xmlsec-1.2.37-libressl.patch
deleted file mode 100644
index acdb535ba552..000000000000
--- a/dev-libs/xmlsec/files/xmlsec-1.2.37-libressl.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-https://github.com/lsh123/xmlsec/pull/456
-https://github.com/lsh123/xmlsec/commit/c5469cfc8443c57a25a8783f0bd669f71e29bb04
-https://github.com/lsh123/xmlsec/pull/654
-https://github.com/lsh123/xmlsec/commit/dfdf981f3522e4059170b504fb6fd40b37c9d70f
-
-From c5469cfc8443c57a25a8783f0bd669f71e29bb04 Mon Sep 17 00:00:00 2001
-From: lsh123 <aleksey@aleksey.com>
-Date: Mon, 12 Dec 2022 10:34:56 -0500
-Subject: [PATCH] fix libressl (#456)
-
----
- src/openssl/openssl_compat.h | 9 ++++++++-
- 1 file changed, 8 insertions(+), 1 deletion(-)
-
-From d113d1e6355c4841fd03c6aa797d33bde1d064f3 Mon Sep 17 00:00:00 2001
-From: orbea <orbea@riseup.net>
-Date: Mon, 29 May 2023 07:46:58 -0700
-Subject: [PATCH] openssl_compat.h: Update LibreSSL UI_null() compat
-
-LibreSSL added UI_null() in 3.7.1.
----
- src/openssl/openssl_compat.h | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
---- a/src/openssl/openssl_compat.h
-+++ b/src/openssl/openssl_compat.h
-@@ -123,6 +123,13 @@ static inline int xmlSecOpenSSLCompatRand(unsigned char *buf, xmlSecSize size) {
- * LibreSSL 2.7 compatibility (implements most of OpenSSL 1.1 API)
- *
- *****************************************************************************/
-+#if defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x3070200fL)
-+
-+/* Needed for Engine initialization */
-+#define UI_null() NULL
-+
-+#endif /* defined(LIBRESSL_VERSION_NUMBER) */
-+
- #if defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x30500000L) && defined(XMLSEC_OPENSSL_API_110)
- /* EVP_CIPHER_CTX stuff */
- #define EVP_CIPHER_CTX_encrypting(x) ((x)->encrypt)
diff --git a/dev-libs/xmlsec/xmlsec-1.2.37-r1.ebuild b/dev-libs/xmlsec/xmlsec-1.2.37-r1.ebuild
deleted file mode 100644
index f5ed4f8c1c07..000000000000
--- a/dev-libs/xmlsec/xmlsec-1.2.37-r1.ebuild
+++ /dev/null
@@ -1,66 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-DESCRIPTION="Command line tool for signing, verifying, encrypting and decrypting XML"
-HOMEPAGE="https://www.aleksey.com/xmlsec"
-SRC_URI="https://www.aleksey.com/xmlsec/download/${PN}1-${PV}.tar.gz"
-S="${WORKDIR}/${PN}1-${PV}"
-
-LICENSE="MIT"
-SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86"
-IUSE="doc gcrypt gnutls nss +openssl static-libs test"
-RESTRICT="!test? ( test )"
-REQUIRED_USE="|| ( gcrypt gnutls nss openssl )
- gnutls? ( gcrypt )"
-
-RDEPEND=">=dev-libs/libxml2-2.7.4[ftp(+)]
- >=dev-libs/libxslt-1.0.20
- dev-libs/libltdl
- gcrypt? ( >=dev-libs/libgcrypt-1.4.0:= )
- gnutls? ( >=net-libs/gnutls-2.8.0:= )
- nss? (
- >=dev-libs/nspr-4.4.1
- >=dev-libs/nss-3.9
- )
- openssl? (
- dev-libs/openssl:=
- )"
-DEPEND="${RDEPEND}"
-BDEPEND="virtual/pkgconfig
- test? (
- nss? (
- >=dev-libs/nss-3.9[utils]
- )
- )"
-
-PATCHES=(
- "${FILESDIR}"/${P}-libressl.patch #903001
-)
-
-src_configure() {
- # Bash because of bug #721128
- CONFIG_SHELL="${BROOT}"/bin/bash econf \
- $(use_enable doc docs) \
- $(use_enable static-libs static) \
- $(use_with gcrypt) \
- $(use_with gnutls) \
- $(use_with nss nspr) \
- $(use_with nss) \
- $(use_with openssl) \
- --enable-mans \
- --enable-pkgconfig
-}
-
-src_test() {
- # See https://github.com/lsh123/xmlsec/issues/280 for TZ=UTC
- TZ=UTC SHELL="${BROOT}"/bin/bash emake TMPFOLDER="${T}" check
-}
-
-src_install() {
- default
-
- find "${ED}" -name '*.la' -delete || die
-}
diff --git a/dev-libs/xmlsec/xmlsec-1.3.1.ebuild b/dev-libs/xmlsec/xmlsec-1.3.1.ebuild
deleted file mode 100644
index 008af3b95a28..000000000000
--- a/dev-libs/xmlsec/xmlsec-1.3.1.ebuild
+++ /dev/null
@@ -1,93 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit autotools
-
-DESCRIPTION="Command line tool for signing, verifying, encrypting and decrypting XML"
-HOMEPAGE="https://www.aleksey.com/xmlsec"
-SRC_URI="https://www.aleksey.com/xmlsec/download/${PN}1-${PV}.tar.gz"
-S="${WORKDIR}/${PN}1-${PV}"
-
-LICENSE="MIT"
-# Upstream consider major version bumps to be changes in either X or Y in X.Y.Z
-SLOT="0/$(ver_cut 1-2)"
-KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86"
-IUSE="doc gcrypt gnutls http nss +openssl static-libs test"
-RESTRICT="!test? ( test )"
-REQUIRED_USE="
- || ( gnutls nss openssl )
-"
-
-RDEPEND="
- >=dev-libs/libxml2-2.7.4
- >=dev-libs/libxslt-1.0.20
- dev-libs/libltdl
- gcrypt? ( >=dev-libs/libgcrypt-1.4.0:= )
- gnutls? ( >=net-libs/gnutls-3.6.13:= )
- nss? (
- >=dev-libs/nspr-4.4.1
- >=dev-libs/nss-3.9
- )
- openssl? ( dev-libs/openssl:= )
-"
-DEPEND="${RDEPEND}"
-BDEPEND="
- virtual/pkgconfig
- test? (
- nss? (
- >=dev-libs/nss-3.9[utils]
- )
- )
-"
-
-PATCHES=(
- "${FILESDIR}"/${PN}-1.3.0-optimisation.patch
-)
-
-src_prepare() {
- default
-
- eautoreconf
-}
-
-src_configure() {
- local myeconfargs=(
- $(use_enable doc docs)
- $(use_enable static-libs static)
- $(use_with gcrypt)
- $(use_with gnutls)
- $(use_with nss nspr)
- $(use_with nss)
- $(use_with openssl)
-
- --disable-werror
- --enable-mans
- --enable-pkgconfig
-
- --enable-concatkdf
- --enable-pbkdf2
- --enable-ec
- --enable-dh
- --enable-sha3
-
- --enable-files
- $(use_enable http)
- --disable-ftp
- )
-
- # Bash because of bug #721128
- CONFIG_SHELL="${BROOT}"/bin/bash econf "${myeconfargs[@]}"
-}
-
-src_test() {
- # See https://github.com/lsh123/xmlsec/issues/280 for TZ=UTC
- TZ=UTC SHELL="${BROOT}"/bin/bash emake TMPFOLDER="${T}" check
-}
-
-src_install() {
- default
-
- find "${ED}" -name '*.la' -delete || die
-}