diff options
Diffstat (limited to 'dev-libs')
24 files changed, 38 insertions, 2649 deletions
diff --git a/dev-libs/Manifest.gz b/dev-libs/Manifest.gz Binary files differindex 1c7bb12a2386..3a24871d79ab 100644 --- a/dev-libs/Manifest.gz +++ b/dev-libs/Manifest.gz diff --git a/dev-libs/apache-arrow/Manifest b/dev-libs/apache-arrow/Manifest index 886e4d0dec83..6d86f9bb71a2 100644 --- a/dev-libs/apache-arrow/Manifest +++ b/dev-libs/apache-arrow/Manifest @@ -4,5 +4,5 @@ DIST apache-arrow-16.1.0.tar.gz 21707079 BLAKE2B 5541c364351e59e8164f2461546bce3 DIST apache-arrow-arrow-data-25d16511e8d42c2744a1d94d90169e3a36e92631.tar.gz 3571960 BLAKE2B c1c076bb3ff6427a45d1a157c60fb13c37786f97d213768c0bbe1ae073b5fb8d23cd402bdcfee303061df56bf3421ea8376f7c4ba9fec04c5cb35a85a32280f2 SHA512 abbc18da8f03b123a2d97eee709e929bbb5d567bf23219bbc63508c0e82ef99d7c0d71ca2d952566b63e968cffd96c5e1c62be9cb658323c949f229ff03234a8 DIST apache-arrow-parquet-data-74278bc4a1122d74945969e6dec405abd1533ec3.tar.gz 1037654 BLAKE2B c9bb725a16f6706a3859bb36a60b700af62cb5f96546483ef1de0b65900b02b4f9013841d7b3dc70fd0f2fd8969b4d5c72d0fb68972568f61b4a6863a0df6f60 SHA512 18f8e2480079a0fd29eec2b8e5f753af1ee80255f6fc80af4acbf5c56e6dec08e2f9f54d8c5734c929ef901c63e4009c5d830325333fa6cc947d40ff5dcddfa3 EBUILD apache-arrow-16.0.0.ebuild 3049 BLAKE2B f438fd6983f16626a4f62132345bc4c768c1349f43cec81a7a501bdc6b20b905a1602b961ca9b3ef6c975608b7d0a9af512da2416867f227252017c27b083f17 SHA512 c6164b633e0ea7b2fcdd95cb69b0e09ae031d323bafda63d6f5d5238a4528d59b94aff70361a964ae92f7a1557a3ec948798d3afa26870b52d42f3ee9290038e -EBUILD apache-arrow-16.1.0.ebuild 3050 BLAKE2B be7e8330ac83642281621755bfd0d247b0b37c6552d91574fa6be1958284632e0a7b69d65f4d3da029b6b6ea4db777f2b47ddebac39dfd6b77c8b9e700aea215 SHA512 fa7fe4fd25c3dd2c475891970eb38c75cafa6ad2fd4d6828bbd3f69b180b83d35eaa94f97ddf1c8c643f61994874ab14df36d8d55773f3cd7ce4a4b02a276232 +EBUILD apache-arrow-16.1.0.ebuild 3049 BLAKE2B f438fd6983f16626a4f62132345bc4c768c1349f43cec81a7a501bdc6b20b905a1602b961ca9b3ef6c975608b7d0a9af512da2416867f227252017c27b083f17 SHA512 c6164b633e0ea7b2fcdd95cb69b0e09ae031d323bafda63d6f5d5238a4528d59b94aff70361a964ae92f7a1557a3ec948798d3afa26870b52d42f3ee9290038e MISC metadata.xml 912 BLAKE2B bffeb1e6d52455313e89396d9b1821fd7d5064e887213d13ae933ef8185318a40095c1623f3793f62d296ecb1afed591614fadc2ca3f75332df1e5a2f5a28d84 SHA512 11fb4dfe0e8c938e6bf3e7e53d1dccee08d80ba32396ac454226827e7c4ed2db70c53812060a9478e359fb2c48c221a05b3632409d73f2659b2117b7c56e8e51 diff --git a/dev-libs/apache-arrow/apache-arrow-16.1.0.ebuild b/dev-libs/apache-arrow/apache-arrow-16.1.0.ebuild index 9be18f6b6223..8b1d7dc7296d 100644 --- a/dev-libs/apache-arrow/apache-arrow-16.1.0.ebuild +++ b/dev-libs/apache-arrow/apache-arrow-16.1.0.ebuild @@ -28,7 +28,7 @@ S="${WORKDIR}/${P}/cpp" LICENSE="Apache-2.0" SLOT="0/$(ver_cut 1)" -KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~loong ~riscv ~s390 ~x86" +KEYWORDS="amd64 ~arm ~arm64 ~hppa ~loong ~riscv ~s390 ~x86" IUSE=" +brotli bzip2 compute dataset +json lz4 +parquet re2 +snappy ssl test zlib zstd diff --git a/dev-libs/boehm-gc/Manifest b/dev-libs/boehm-gc/Manifest index d1807026afb8..7dfb46dec28a 100644 --- a/dev-libs/boehm-gc/Manifest +++ b/dev-libs/boehm-gc/Manifest @@ -1,5 +1,5 @@ DIST gc-8.2.4.tar.gz 1210929 BLAKE2B 48f058b3f6f9f708d4335a7a0b077aab4ea5df32be73038bb8c20c12483d7ec8798b16db85afed5aa270f0f818de08abf9407036f662c757f361a929f99d951f SHA512 27d014378000f25fb2f5598904be85604822d5ed4553f8b3d1c279122300d3958b4432ec08f951cfd842d92121ea8a030dda34bf2475ec53d4fded551fdd3a98 DIST gc-8.2.6.tar.gz 1216440 BLAKE2B fb1a51ed90ecd2e81a5d398593717ece3079d3d6f265521dd48ee7e1038700272bfccb6788f4e9915fb3fafd6f1be3775a3b69f38912eae0f6578822d168398a SHA512 48afcc1d8570d6b5d62addf8b7b947a3836717e71c073f6dff8982744c06f5973a02e890d17e8dd93f7f997d029b49c652929e6efa0e32aefbcdf7ab0910eda5 EBUILD boehm-gc-8.2.4.ebuild 1447 BLAKE2B 0219afd9bdb00017e8c2e0b763ee48155ddc77059285be61cf5c37dbc30a95e652e99b10bcc23f7e6a7b21bde3993c04ab6785794ba9314c288e327436ba1161 SHA512 65e89ed9a992c4121fb4e56c6edf399760968747efcccae510f6b5bc562513ab91bbf22de195fccd3f91c449ecd02573bdde54c7627d859ea773b916897af2f4 -EBUILD boehm-gc-8.2.6.ebuild 1463 BLAKE2B 184722f20ea243a1477265bde11a8d315f5a73648421e98c4cce42963e2ea5b5eb6f521afaf4aa0efa7fb4fb161c9d934f41a9cdbb3fdbd2700fb91c9c08688a SHA512 6ec42926627a44a64cfd87a15659a4af702ec8ca60bd45641e93d853da41901497a57c67d10efd85a63eb5db9b168977884e651a599190b5c6c80357d4a3ab0a +EBUILD boehm-gc-8.2.6.ebuild 1462 BLAKE2B fdedd13ce69eb75819b3dc356014a5753d4651fc3ea81a7545d065c33ae5bcc4d76e36baaf3f1b60bb2f054682629f801ec759f316500910735eff4cde245ef9 SHA512 64a699e7471f33957befd8befd6ee71b2c8e1acae67445890149c698753372e0ff6a862fd9cd8c70d2356442e604f4fd396e50b6938e7d681eb36a8b1efc9a22 MISC metadata.xml 441 BLAKE2B 1a5b60a047e52ee63b74e85d8f04fb905a9d7f562054d12286d9bc14d654e6875550186cca2c8c9f149f5fe950b5337cbab510f98c49faeb7c983b07b97726e6 SHA512 c4e4af95746b4270a64e5238999c4ab44568d22350a60118e6e798cfab9a3e4dbd0012c56fa809a1ca115cb8772faa3f161f29afe70770fba8e7cdcd364b83c4 diff --git a/dev-libs/boehm-gc/boehm-gc-8.2.6.ebuild b/dev-libs/boehm-gc/boehm-gc-8.2.6.ebuild index cbd54c7969a0..e42c17128546 100644 --- a/dev-libs/boehm-gc/boehm-gc-8.2.6.ebuild +++ b/dev-libs/boehm-gc/boehm-gc-8.2.6.ebuild @@ -17,7 +17,7 @@ LICENSE="boehm-gc" # We've been using subslot 0 for these instead of "1.1". SLOT="0" # Don't keyword versions if upstream mark them as pre-release. -KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" +KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" IUSE="cxx +large static-libs +threads" RDEPEND=">=dev-libs/libatomic_ops-7.4[${MULTILIB_USEDEP}]" diff --git a/dev-libs/boost/Manifest b/dev-libs/boost/Manifest index 332622108793..9f57ad68f816 100644 --- a/dev-libs/boost/Manifest +++ b/dev-libs/boost/Manifest @@ -5,8 +5,9 @@ AUX boost-1.83.0-math-gcc14.patch 936 BLAKE2B 8cf731affa3684692b773ed4941240616a AUX boost-1.84.0-signals2-patch1.patch 5250 BLAKE2B 6e620d8e9fe1dbd4b2dbf7aec8c1cc4bdd36935027e1648a3e51f3c11e31ebe13d8100dcdcc40009a4c356e87f0df01ad1ca38327b8926b5de230d81c322f4a8 SHA512 8ab253eb562587b7d796bc559934a1044b475698986f71d2a3c80d19758fd53eea213356a43dcb87861e198dfb0178f86ab7bbfc54d4e6e44092c1502dfec595 AUX boost-1.84.0-signals2-patch2.patch 783 BLAKE2B 76e989e7df011ecce99e5747ca73997f001d0e76e3453fe952f03b9b8adbcc1f5adbda2935c2a2761eef783e0317d56d36ab3bf63e11875466afa28507a09518 SHA512 4dc438ac7b19edb9640599add2859bd3dfdb58fa53e846c292e1c550e5737daa256d46e14d97ba8dc1e6ea01b0ad0d3075320211d4aba0a48048f0158004378f AUX boost-1.85.0-bcp-filesystem.patch 7299 BLAKE2B d2792ee52008955a6f4d233c0a130fe698df7d1e060e9a25a2c058fd7a1ba4c8f6b7a92af773183fa73b0511d7f85f5473d5f9cea1cd71ec08f2db92fa7bd09d SHA512 501f71fa1451af7699689c3befc477e6612612f11a3c33d350d680ce8c511ba9e6765e05aefa9608fe98eca0413a43755cf61fea1a4cd2d03ea0962f7884b452 +AUX boost-1.85.0-python-numpy-2.patch 986 BLAKE2B 5f4cd317c75f8eb3183f720ac76afeffeb4f1e2617f32a795a94d9db56c7c27cba7a1b2591f2f851223b85ce962293bf54733e0d3f830340d2ef174a869284ed SHA512 46b3831acbd89980abc8312d8ba0a991d9c8531f0f8b63f5218ef8920fcf18b1ff207748abef2f3753baf6ea0932dc0c4ef524daec7fb265f64e35c5335f7a96 DIST boost_1_84_0.tar.bz2 123110547 BLAKE2B a872ee00402be0383726020f4d13a7df6c2765c52eac2e09aab1604432931d26dd597503f5dcbbf788d7e7528d13c6d1dbfff1e85d22bf92c7828ef74cf2405d SHA512 5dfeb35198bb096e46cf9e131ef0334cb95bc0bf09f343f291b860b112598b3c36111bd8c232439c401a2b2fb832fa0c399a8d5b96afc60bd359dff070154497 DIST boost_1_85_0.tar.bz2 124015250 BLAKE2B dd72a9299cd78d2c260e1c94e28ba04daaa352f5bd023d99e43caa3540b1e0f8c09fc04b91f68db0ef8532e4a91fdef0b66a80bf0f9f838303bccaf0729bf581 SHA512 b4489813a4192b57626589457932338cfc47c4ec05c19b3a58b2d8df9e95f022ff2f5f452811ff82d1cec4fb0a490e991c8825bad0fb5a81318d07a8788d8ca0 EBUILD boost-1.84.0-r3.ebuild 11406 BLAKE2B d0534d67b863800cf37d7e848c69e8b360554dffa8b009959b5b91c85ff69c73e671ac94c07f1e03ae2d52b4ccf6d577526e7402d4f0c95ea93e9e2578444382 SHA512 415ad4e0844fa377fbdfaff5100c44889f30080507a4aa747c866d79bf7aed8b96224c1608cc896c24fe89b6d8c6ba3003adf7789dfb06567465a03254e46ca9 -EBUILD boost-1.85.0.ebuild 11257 BLAKE2B 18f618fc025c4185cb3044a9b9ae7e1a6792aa33523fca975f0a2967aebd8846a40f36b2d8a83dc2bd2d9d0d9694cda546675b494327fd78f5720211adccc840 SHA512 b101dc7141418951015a5617b16cd11a4d5e75b8fb829e9a94e11eb4a259c97b075ba367a8172756c038b543bf5d4983e63f02e858a9f2d16cad5e82017dc850 +EBUILD boost-1.85.0.ebuild 11308 BLAKE2B d5875b770c73c6066343d2ea46d59c5645b0bf2ec14ce99a76b8682075f1f123fe71e9c79616a71faade44f81ea119accc3b6d1f9dae40201a9d52a9b61864ad SHA512 c46b9978b98604a9a670d269f5fc86f3c587db721fd44fe39c8097c5d7182034bc3140a2d3863dc86744b5ad2ecde4a5885de717bc33d7ada90fb7f73113d459 MISC metadata.xml 9162 BLAKE2B c8df087c7fe1e4af3a59f21763777d3f1318aebcd524e077b6a93c374e0910ff31b1e73b8b4908130d63c2bb7d060348602cffd215648f09afd8015c782e2340 SHA512 3c45d74e046e0fd09f152fcfa7af942c9097e3ed91a0915a2541caad14a8b94b9faceccdbc74bf8aa7c8f7b383db7e91e09babba9c2c28fd7855a7b809616839 diff --git a/dev-libs/boost/boost-1.85.0.ebuild b/dev-libs/boost/boost-1.85.0.ebuild index 30577a1da191..ef6dcf165f8c 100644 --- a/dev-libs/boost/boost-1.85.0.ebuild +++ b/dev-libs/boost/boost-1.85.0.ebuild @@ -40,7 +40,7 @@ RDEPEND=" mpi? ( virtual/mpi[${MULTILIB_USEDEP},cxx,threads] ) python? ( ${PYTHON_DEPS} - numpy? ( dev-python/numpy[${PYTHON_USEDEP}] ) + numpy? ( dev-python/numpy:=[${PYTHON_USEDEP}] ) ) zlib? ( sys-libs/zlib:=[${MULTILIB_USEDEP}] ) zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )" @@ -51,6 +51,7 @@ PATCHES=( "${FILESDIR}"/${PN}-1.81.0-disable_icu_rpath.patch "${FILESDIR}"/${PN}-1.79.0-build-auto_index-tool.patch "${FILESDIR}"/${PN}-1.85.0-bcp-filesystem.patch + "${FILESDIR}"/${PN}-1.85.0-python-numpy-2.patch ) create_user-config.jam() { diff --git a/dev-libs/boost/files/boost-1.85.0-python-numpy-2.patch b/dev-libs/boost/files/boost-1.85.0-python-numpy-2.patch new file mode 100644 index 000000000000..e7a7d98b8573 --- /dev/null +++ b/dev-libs/boost/files/boost-1.85.0-python-numpy-2.patch @@ -0,0 +1,26 @@ +https://bugs.gentoo.org/932459 +https://github.com/boostorg/python/issues/431 +https://github.com/boostorg/python/pull/432 + +From 33ac06ca59a68266d3d26edf08205d31ddab4a6c Mon Sep 17 00:00:00 2001 +From: Alexis DUBURCQ <alexis.duburcq@gmail.com> +Date: Fri, 15 Mar 2024 14:10:16 +0100 +Subject: [PATCH] Support numpy 2.0.0b1 + +--- a/libs/python/src/numpy/dtype.cpp ++++ b/libs/python/src/numpy/dtype.cpp +@@ -98,7 +98,13 @@ python::detail::new_reference dtype::convert(object const & arg, bool align) + return python::detail::new_reference(reinterpret_cast<PyObject*>(obj)); + } + +-int dtype::get_itemsize() const { return reinterpret_cast<PyArray_Descr*>(ptr())->elsize;} ++int dtype::get_itemsize() const { ++#if NPY_ABI_VERSION < 0x02000000 ++ return reinterpret_cast<PyArray_Descr*>(ptr())->elsize; ++#else ++ return PyDataType_ELSIZE(reinterpret_cast<PyArray_Descr*>(ptr())); ++#endif ++} + + bool equivalent(dtype const & a, dtype const & b) { + // On Windows x64, the behaviour described on diff --git a/dev-libs/libassuan/Manifest b/dev-libs/libassuan/Manifest index d8360459ffdb..069519c751b2 100644 --- a/dev-libs/libassuan/Manifest +++ b/dev-libs/libassuan/Manifest @@ -3,5 +3,5 @@ DIST libassuan-2.5.6.tar.bz2.sig 119 BLAKE2B 379c6566b2369550bfc4b4616fb71ebdbd9 DIST libassuan-2.5.7.tar.bz2 605076 BLAKE2B 67cb01b7ed9be13a52a37db439666bb8eb709cc63204fe250ff57854459aa8b36655479e887b285fe9ad799c49e66f176f971ab3a871e114cfb217a1f2968d16 SHA512 ca33bd0325bbebccb63b6a84cc0aa5c85b25c6275a68df83aeb3f3729b2cd38220198a941c3479bd461f16b7ddb6b558c0664697ca3153c7fb430544303d773f DIST libassuan-2.5.7.tar.bz2.sig 238 BLAKE2B c30005d67cac32857a0dd59dc8a2b9d0d166c6cd6a413742a1d3117c050e9b1b2b96cc4c470fc3e5693ce4c5a422e2cb008b40ef7883a7d039dc9a2234229265 SHA512 b7a798da0e1252acecf8b58b9cc30a5f10fa432d2581c190e4fb064fcf10e9a1b9e07e86c73ee16f0f25ad0e782fac21142875a06487f612268be7f1a09cc1a9 EBUILD libassuan-2.5.6.ebuild 1719 BLAKE2B 2572ec877ae597485ef373ffb9bf6f6e4dc57b0b16a11b931fa864c862cc796d5fe6e04ec303156175fbbc341007c84a6e10591be8705acf37707c1ee3efac94 SHA512 2be0385bd99aae8a4bf97e9f6a05d19ffcfa2e0542badc9930e3d1414d8f8d20d69afa69c370f4604bdac3ac5953f031d13a36f83f7680f6ab2fd505dad9b7ff -EBUILD libassuan-2.5.7.ebuild 1720 BLAKE2B a8d48b00be8006baafac4387eb8d005ea78627b2d7ea787c332db3829a44e36461b5a3b8e5645bbdee0c46581539f4879709b2c1632bfa3b7a3d49ffafa638f9 SHA512 d3db6d6e5870aceab4d1b018cc41c49c46497a11b1568764520e923ff02ffc59bc6dc50493725152a802b3c12c3af3c0a0cf850d15e2abf869bf6f460819bac4 +EBUILD libassuan-2.5.7.ebuild 1719 BLAKE2B 589dcf64e927789f2b347bfb38fb2c3b92ac620b32d5428700a4afb9da8f1750fdc867253b7e910027832f8f75ee49e571eea6b252dabb8171801841aa91ea3f SHA512 71f07ceaa22df17586252f59007feac3ac8294decc86860d8ff881ca8102c1c30f1604821c6b3e17f710fc7e8fb307d1df4df5f39be106e74688a43818f885a8 MISC metadata.xml 882 BLAKE2B ca08da3ad8be4a39e30e8e28f58bd5c4c9e70147a29bc55c9b71b45921141326ccd86d9086b6ae8652465c51fabfe4e024a00be0656042011a27423ac2146f01 SHA512 603d947fcaa43d364136558cd158610edfc2349fe0227259992209894f34fcd21f393fe81aa9f2d40ecb41377c8f7c1d6f8528d6a678709d28820d3b6f253b62 diff --git a/dev-libs/libassuan/libassuan-2.5.7.ebuild b/dev-libs/libassuan/libassuan-2.5.7.ebuild index 3ed1f248fe89..563357cfc0cd 100644 --- a/dev-libs/libassuan/libassuan-2.5.7.ebuild +++ b/dev-libs/libassuan/libassuan-2.5.7.ebuild @@ -19,7 +19,7 @@ SRC_URI+=" verify-sig? ( mirror://gnupg/${PN}/${P}.tar.bz2.sig )" LICENSE="GPL-3 LGPL-2.1" SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" +KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" # Note: On each bump, update dep bounds on each version from configure.ac! RDEPEND=">=dev-libs/libgpg-error-1.33" diff --git a/dev-libs/libsodium/Manifest b/dev-libs/libsodium/Manifest index 5834517622e9..b4555ff65b41 100644 --- a/dev-libs/libsodium/Manifest +++ b/dev-libs/libsodium/Manifest @@ -9,5 +9,5 @@ DIST libsodium-1.0.19_p20240117.tar.gz.minisig 318 BLAKE2B f951b547f53b2569ed149 EBUILD libsodium-1.0.18_p20220618.ebuild 1998 BLAKE2B c0971b1d0f9e13ee2365093c311cd6a7186de26a557461b66111a8e9f75691e8ce4318a285074cd873d3e122b15be2f646bd341b261220f94e0fe170ddc21b0b SHA512 1c0e04a0540c2bb0fc9e6f141c370c28a5c20e086f32cf5548cb6d73937ab2bcc4305d973d248b476a4c932b8450f4462e25185c1f82cefa6aff091abd538221 EBUILD libsodium-1.0.19-r1.ebuild 1998 BLAKE2B 50b3fc86c63c7721fd3a3d3bda38648fed17127558c34b6e08e3e025fb47550748aaffe614d8393833c6cc4d433079b854411ae0000029fb79fdeb2876744071 SHA512 165a6d4bfba97d9049af1f9a06160a7d92aec6bc7d23205d2ab1c860a17b3310d305cf8bc16919935503a4ee67ba3cffe347c374b0c1f842909a3b50826100a2 EBUILD libsodium-1.0.19-r2.ebuild 1966 BLAKE2B 575da13973413adc01e6fb9ecdb58e554275b817e5064ec94b7f801274a30ac0a15c6ed4e542ac8d387268d31a0279a291f2d2d5c054d59e9ee06f2dbe8bc4b5 SHA512 1b2a79ea96928e63f0c0194f01626c7a75c264e34640a41417a56e4cbf08a9723d11dfd6890d7b348917dd9d81b38bd07975999d30396d51182dc5ca545f149e -EBUILD libsodium-1.0.19_p20240117.ebuild 2046 BLAKE2B 3ac0d60bcae397130afb085fef10363148e4dc5b0df92f6d9f04fdda62c61a8aea328f573369cfab211e3ee5422bbde4761bcda221f5e1257a3b0fec54ece050 SHA512 585c988826fb5541a88186c70e3fe42a22bf5acf543cf78b4a106601384fb6a771a385b4fbede2f1c2aa3e1b9441c6a68bbd93597695433803161036bae857aa +EBUILD libsodium-1.0.19_p20240117.ebuild 2045 BLAKE2B ccf03b49b0495cdf89159644672763a013aae0de1609025c18e00b152b11fd23fa57b885dd1c3e2dea2b54dee1374fc1b45f744fe2350a2adc130671e94df5f2 SHA512 e2c9033937ab8b0bf2ad721f9d59fc8b7059f597edd7ad99ed29c3fd10ccf508f05b5a67498824e7fafd11d5a522440ba735b81d8c4a1ee8e33428b03629300e MISC metadata.xml 806 BLAKE2B 069f36bae588b263d664f00b50c9a0f4c2348b1a1f0ff2e5c5902217ccf14a81e648997fae2f789220d5b9fa5aef440a7c0526918a7d7f402870dd80067e3744 SHA512 1902268ec9dbb312b9740f9bc9b2df5e66f50dc066ba281b438fbf6d2b5317c589c587305c400c929c068af95c30918fde7a6324ab53b76503ef183aab034886 diff --git a/dev-libs/libsodium/libsodium-1.0.19_p20240117.ebuild b/dev-libs/libsodium/libsodium-1.0.19_p20240117.ebuild index 18460987441c..3654a117b23e 100644 --- a/dev-libs/libsodium/libsodium-1.0.19_p20240117.ebuild +++ b/dev-libs/libsodium/libsodium-1.0.19_p20240117.ebuild @@ -31,7 +31,7 @@ S="${WORKDIR}"/${PN}-stable LICENSE="ISC" SLOT="0/26" -KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~arm64-macos ~x64-macos" +KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~arm64-macos ~x64-macos" IUSE="+asm static-libs +urandom" CPU_USE=( cpu_flags_x86_{aes,sse4_1} ) diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest index 9cdece7bc0bc..824281b148be 100644 --- a/dev-libs/nss/Manifest +++ b/dev-libs/nss/Manifest @@ -6,10 +6,7 @@ AUX nss-3.90.2-backport-D180718.patch 1225 BLAKE2B f18e406371c6f3f9aedc1676344b7 AUX nss-3.90.2-bmo-1885749-disable-ASM-C25519-on-non-X86_64.patch 1325 BLAKE2B c128966b1ea2a73c6957cf53b447a20ff142c277337a74421065e1f77c1de74cac5cbed7c192064fc6c45205e562003a7152e39df7438a1583418625607fc2bc SHA512 5625e3e78e7700bcbb589c734d47b91ebe39315994bd422766ad9100405c36d930ad031be5cf80de6bb4d9914db5fe553ee658daf5a2e66e79d517c0a6d9ad32 DIST nss-3.100.tar.gz 76746058 BLAKE2B 3e114ff7ae5b06a05af9cd62315cbc8d56bf3153126be857b935c5f8db52defcfc2ef13820a896127172a5cb3628c0773965d29a928f41cb5c43630e64095344 SHA512 725c10ffc02fc17347a213b42fabad789aec2c6352fe803b4ad166695ab59495849e9a69684578eb274faf818ec2277f2d433167cdd27997dcf8d8e94dd4df34 DIST nss-3.90.2.tar.gz 72215444 BLAKE2B 74b8eebf5f053dcebd9c6e6ef17c6113ac42a01f910f4ba621dadb09739d5a6090d022800d2c3a4bc0c58413f03512ca611ead1098488d303f1ee1e4bca5c222 SHA512 048a0c0a06fef8cd9c363ac511b9d6125ec131a306c5e093525a937f9e8740f1a2163f274c9a3907ed38331b2fb99b22b528b5e89da1e186c9ba9473d959ef4a -DIST nss-3.99.tar.gz 76753982 BLAKE2B b6ce605232934644b6d80682615eac2fa171078fcdd75316ab2accc55caeaed5b548f16c2cef5cefcfb37b96a4d6eb918785be3aa195a561e46d2d3fd8fa217b SHA512 8ae032f3cb8eadfe524505d20e430b90ed25af2b4732b2cf286c435b0fcd5701d2f5c48bd2cfb3f9aa0bfdf503c1f3d5394cf34f860f51a1141cc4a7586bba32 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4 EBUILD nss-3.100.ebuild 11571 BLAKE2B e37869cece7d551303ca4ba14392eee4f4d48b49225d2658590e7c11f705ff061ef1c76312a50edf480d586f3ab6c429c8693536c6c946f11b15404c81032e6a SHA512 a95608d5046cbdb462faf421f7f9d3a84ec0fe18dbb429a3db66a327bf2e0cad300bf840e4fe5ec967869c0b2cd83a939c0641e4a6d533cbaf340e086e611e0f EBUILD nss-3.90.2-r1.ebuild 11751 BLAKE2B 1913a65dbe4906361b47280cfc5e456cc675b3ea10eaf074d74851e15a6c0bf515b1e7f1084a4e5947e2e8cee9c54e9be70d7ff7fe0277ae31d741e3f6c88e75 SHA512 02ad0fd006e7b404d3049568cafd6aafb20011a2e1b353e4a013f5d05dac796e9d808f5ebd4917ceecdb82614c404b1626c9deee35ab3c9e23e1a173065a31fb -EBUILD nss-3.90.2.ebuild 11641 BLAKE2B acd00f630641008af848c854f7868fa4a0496bdaa6afd438cdcc9dd67b6baa44479132a6ffdb387cf5585d272ef4b4f850b0043a2104f17a624463e6ecaeb8db SHA512 1577699e91a6dbf0e3c3887647b0a2677471d2b6efbc3b3a095f6959c24551f2b785d375fd8f04342d8ac07f0ca541fd6f050097c3a4386054a3514c4a970376 -EBUILD nss-3.99.ebuild 11571 BLAKE2B e37869cece7d551303ca4ba14392eee4f4d48b49225d2658590e7c11f705ff061ef1c76312a50edf480d586f3ab6c429c8693536c6c946f11b15404c81032e6a SHA512 a95608d5046cbdb462faf421f7f9d3a84ec0fe18dbb429a3db66a327bf2e0cad300bf840e4fe5ec967869c0b2cd83a939c0641e4a6d533cbaf340e086e611e0f MISC metadata.xml 603 BLAKE2B 74c5a84f8a860b6a43731ed83cd40373187236de7add14ca33f3417eb0cfc165aa5df5308dca14b4664bcfe453e0f328988df4459af5781da4cbcb7bfc00e93d SHA512 9d7fb0be71d18ad1da440de047f4430bd3b50a8584d8dccd43e5e4cdf050f5c5cfeb34cd82ea617f2419ff092908becd1508eb7efcf54f3cca8c7f36af9517bb diff --git a/dev-libs/nss/nss-3.90.2.ebuild b/dev-libs/nss/nss-3.90.2.ebuild deleted file mode 100644 index 930fe521611a..000000000000 --- a/dev-libs/nss/nss-3.90.2.ebuild +++ /dev/null @@ -1,419 +0,0 @@ -# Copyright 1999-2024 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -inherit flag-o-matic multilib toolchain-funcs multilib-minimal - -NSPR_VER="4.35" -RTM_NAME="NSS_${PV//./_}_RTM" - -DESCRIPTION="Mozilla's Network Security Services library that implements PKI support" -HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS" -SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz - cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )" - -LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )" -SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~x64-solaris" -IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx" -RESTRICT="!test? ( test )" -# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND -RDEPEND=" - >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}] - >=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}] - >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] - virtual/pkgconfig -" -DEPEND="${RDEPEND}" -BDEPEND="dev-lang/perl" - -S="${WORKDIR}/${P}/${PN}" - -MULTILIB_CHOST_TOOLS=( - /usr/bin/nss-config -) - -PATCHES=( - "${FILESDIR}/${PN}-3.53-gentoo-fixups.patch" - "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch" - "${FILESDIR}"/nss-3.87-use-clang-as-bgo892686.patch - "${FILESDIR}"/nss-3.90.2-bmo-1885749-disable-ASM-C25519-on-non-X86_64.patch -) - -src_prepare() { - default - - if use cacert ; then - eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch - fi - - pushd coreconf >/dev/null || die - # hack nspr paths - echo 'INCLUDES += -I$(DIST)/include/dbm' \ - >> headers.mk || die "failed to append include" - - # modify install path - sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \ - -i source.mk || die - - # Respect LDFLAGS - sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk - - # Workaround make-4.4's change to sub-make, bmo#1800237, bgo#882069 - sed -i -e "s/^CPU_TAG = _.*/CPU_TAG = _$(nssarch)/" Linux.mk || die - - popd >/dev/null || die - - # Fix pkgconfig file for Prefix - sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \ - config/Makefile || die - - # use host shlibsign if need be #436216 - if tc-is-cross-compiler ; then - sed -i \ - -e 's:"${2}"/shlibsign:shlibsign:' \ - cmd/shlibsign/sign.sh || die - fi - - # dirty hack - sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \ - lib/ssl/config.mk || die - sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \ - cmd/platlibs.mk || die - - multilib_copy_sources - - strip-flags -} - -multilib_src_configure() { - # Ensure we stay multilib aware - sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die -} - -nssarch() { - # Most of the arches are the same as $ARCH - local t=${1:-${CHOST}} - case ${t} in - *86*-pc-solaris2*) echo "i86pc" ;; - aarch64*) echo "aarch64" ;; - hppa*) echo "parisc" ;; - i?86*) echo "i686" ;; - x86_64*) echo "x86_64" ;; - *) tc-arch ${t} ;; - esac -} - -nssbits() { - local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS" - if [[ ${1} == BUILD_ ]]; then - cc=$(tc-getBUILD_CC) - else - cc=$(tc-getCC) - fi - # TODO: Port this to toolchain-funcs tc-get-ptr-size/tc-get-build-ptr-size - echo > "${T}"/test.c || die - ${cc} ${!cppflags} ${!cflags} -fno-lto -c "${T}"/test.c -o "${T}/${1}test.o" || die - case $(file -S "${T}/${1}test.o") in - *32-bit*x86-64*) echo USE_X32=1;; - *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;; - *32-bit*|*ppc*|*i386*) ;; - *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";; - esac -} - -multilib_src_compile() { - # use ABI to determine bit'ness, or fallback if unset - local buildbits mybits - case "${ABI}" in - n32) mybits="USE_N32=1";; - x32) mybits="USE_X32=1";; - s390x|*64) mybits="USE_64=1";; - ${DEFAULT_ABI}) - einfo "Running compilation test to determine bit'ness" - mybits=$(nssbits) - ;; - esac - # bitness of host may differ from target - if tc-is-cross-compiler; then - buildbits=$(nssbits BUILD_) - fi - - local makeargs=( - CC="$(tc-getCC)" - CCC="$(tc-getCXX)" - AR="$(tc-getAR) rc \$@" - RANLIB="$(tc-getRANLIB)" - OPTIMIZER= - ${mybits} - disable_ckbi=0 - ) - - # Take care of nspr settings #436216 - local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)" - unset NSPR_INCLUDE_DIR - - export NSS_ALLOW_SSLKEYLOGFILE=1 - export NSS_ENABLE_WERROR=0 #567158 - export BUILD_OPT=1 - export NSS_USE_SYSTEM_SQLITE=1 - export NSDISTMODE=copy - export FREEBL_NO_DEPEND=1 - export FREEBL_LOWHASH=1 - export NSS_SEED_ONLY_DEV_URANDOM=1 - export USE_SYSTEM_ZLIB=1 - export ZLIB_LIBS=-lz - export ASFLAGS="" - # Fix build failure on arm64 - export NS_USE_GCC=1 - # Detect compiler type and set proper environment value - if tc-is-gcc; then - export CC_IS_GCC=1 - elif tc-is-clang; then - export CC_IS_CLANG=1 - fi - - export NSS_DISABLE_GTESTS=$(usex !test 1 0) - - # Include exportable custom settings defined by users, #900915 - # Two examples uses: - # EXTRA_NSSCONF="MYONESWITCH=1" - # EXTRA_NSSCONF="MYVALUE=0 MYOTHERVALUE=1 MYTHIRDVALUE=1" - # e.g. - # EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0" - # or - # EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0 NSS_ENABLE_WERROR=1" - # etc. - if [[ -n "${EXTRA_NSSCONF}" ]]; then - ewarn "EXTRA_NSSCONF applied, please disable custom settings before reporting bugs." - read -a myextranssconf <<< "${EXTRA_NSSCONF}" - - for (( i=0; i<${#myextranssconf[@]}; i++ )); do - export "${myextranssconf[$i]}" - echo "exported ${myextranssconf[$i]}" - done - fi - - # explicitly disable altivec/vsx if not requested - # https://bugs.gentoo.org/789114 - case ${ARCH} in - ppc*) - use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1 - use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1 - ;; - esac - - use cpu_flags_x86_avx2 || export NSS_DISABLE_AVX2=1 - use cpu_flags_x86_sse3 || export NSS_DISABLE_SSE3=1 - - local d - - # Build the host tools first. - LDFLAGS="${BUILD_LDFLAGS}" \ - XCFLAGS="${BUILD_CFLAGS}" \ - NSPR_LIB_DIR="${T}/fakedir" \ - emake -C coreconf \ - CC="$(tc-getBUILD_CC)" \ - ${buildbits-${mybits}} - makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" ) - - # Then build the target tools. - for d in . lib/dbm ; do - CPPFLAGS="${myCPPFLAGS}" \ - XCFLAGS="${CFLAGS} ${CPPFLAGS}" \ - NSPR_LIB_DIR="${T}/fakedir" \ - emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)" - done -} - -multilib_src_test() { - einfo "Tests can take a *long* time, especially on a multilib system." - einfo "30-45+ minutes per lib configuration. Bug #852755" - - # https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html - # https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite - # https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older) - export BUILD_OPT=1 - export HOST="localhost" - export DOMSUF="localdomain" - export USE_IP=TRUE - export IP_ADDRESS="127.0.0.1" - - # Only run the standard cycle instead of full, reducing testing time from 45 minutes to 15 - # per lib implementation. - export NSS_CYCLES=standard - - NSINSTALL="${PWD}/$(find -type f -name nsinstall)" - - cd "${BUILD_DIR}"/tests || die - # Hack to get current objdir (prefixed dir where built binaries are) - # Without this, at least multilib tests go wrong when building the amd64 variant - # after x86. - local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev) - - # Can tweak to a subset of tests in future if we need to, but would prefer not - OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die -} - -# Altering these 3 libraries breaks the CHK verification. -# All of the following cause it to break: -# - stripping -# - prelink -# - ELF signing -# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html -# Either we have to NOT strip them, or we have to forcibly resign after -# stripping. -#local_libdir="$(get_libdir)" -#export STRIP_MASK=" -# */${local_libdir}/libfreebl3.so* -# */${local_libdir}/libnssdbm3.so* -# */${local_libdir}/libsoftokn3.so*" - -export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3" - -generate_chk() { - local shlibsign="$1" - local libdir="$2" - einfo "Resigning core NSS libraries for FIPS validation" - shift 2 - local i - for i in ${NSS_CHK_SIGN_LIBS} ; do - local libname=lib${i}.so - local chkname=lib${i}.chk - "${shlibsign}" \ - -i "${libdir}"/${libname} \ - -o "${libdir}"/${chkname}.tmp \ - && mv -f \ - "${libdir}"/${chkname}.tmp \ - "${libdir}"/${chkname} \ - || die "Failed to sign ${libname}" - done -} - -cleanup_chk() { - local libdir="$1" - shift 1 - local i - for i in ${NSS_CHK_SIGN_LIBS} ; do - local libfname="${libdir}/lib${i}.so" - # If the major version has changed, then we have old chk files. - [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \ - && rm -f "${libfname}.chk" - done -} - -multilib_src_install() { - pushd dist >/dev/null || die - - dodir /usr/$(get_libdir) - cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed" - local i - for i in crmf freebl nssb nssckfw ; do - cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed" - done - - # Install nss-config and pkgconfig file - dodir /usr/bin - cp -L */bin/nss-config "${ED}"/usr/bin || die - dodir /usr/$(get_libdir)/pkgconfig - cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die - - # create an nss-softokn.pc from nss.pc for libfreebl and some private headers - # bug 517266 - sed -e 's#Libs:#Libs: -lfreebl#' \ - -e 's#Cflags:#Cflags: -I${includedir}/private#' \ - */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \ - || die "could not create nss-softokn.pc" - - # all the include files - insinto /usr/include/nss - doins public/nss/*.{h,api} - insinto /usr/include/nss/private - doins private/nss/{blapi,alghmac,cmac}.h - - popd >/dev/null || die - - local f nssutils - # Always enabled because we need it for chk generation. - nssutils=( shlibsign ) - - if multilib_is_native_abi ; then - if use utils; then - # The tests we do not need to install. - #nssutils_test="bltest crmftest dbtest dertimetest - #fipstest remtest sdrtest" - # checkcert utils has been removed in nss-3.22: - # https://bugzilla.mozilla.org/show_bug.cgi?id=1187545 - # https://hg.mozilla.org/projects/nss/rev/df1729d37870 - # certcgi has been removed in nss-3.36: - # https://bugzilla.mozilla.org/show_bug.cgi?id=1426602 - nssutils+=( - addbuiltin - atob - baddbdir - btoa - certutil - cmsutil - conflict - crlutil - derdump - digest - makepqg - mangle - modutil - multinit - nonspr10 - ocspclnt - oidcalc - p7content - p7env - p7sign - p7verify - pk11mode - pk12util - pp - rsaperf - selfserv - signtool - signver - ssltap - strsclnt - symkeyutil - tstclnt - vfychain - vfyserv - ) - # install man-pages for utils (bug #516810) - doman doc/nroff/*.1 - fi - pushd dist/*/bin >/dev/null || die - for f in ${nssutils[@]}; do - dobin ${f} - done - popd >/dev/null || die - fi -} - -pkg_postinst() { - multilib_pkg_postinst() { - # We must re-sign the libraries AFTER they are stripped. - local shlibsign="${EROOT}/usr/bin/shlibsign" - # See if we can execute it (cross-compiling & such). #436216 - "${shlibsign}" -h >&/dev/null - if [[ $? -gt 1 ]] ; then - shlibsign="shlibsign" - fi - generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir) - } - - multilib_foreach_abi multilib_pkg_postinst -} - -pkg_postrm() { - multilib_pkg_postrm() { - cleanup_chk "${EROOT}"/usr/$(get_libdir) - } - - multilib_foreach_abi multilib_pkg_postrm -} diff --git a/dev-libs/nss/nss-3.99.ebuild b/dev-libs/nss/nss-3.99.ebuild deleted file mode 100644 index 0977ca4223fb..000000000000 --- a/dev-libs/nss/nss-3.99.ebuild +++ /dev/null @@ -1,418 +0,0 @@ -# Copyright 1999-2024 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -inherit flag-o-matic multilib toolchain-funcs multilib-minimal - -NSPR_VER="4.35" -RTM_NAME="NSS_${PV//./_}_RTM" - -DESCRIPTION="Mozilla's Network Security Services library that implements PKI support" -HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS" -SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz - cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )" - -LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris" -IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx" -RESTRICT="!test? ( test )" -# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND -RDEPEND=" - >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}] - >=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}] - >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] - virtual/pkgconfig -" -DEPEND="${RDEPEND}" -BDEPEND="dev-lang/perl" - -S="${WORKDIR}/${P}/${PN}" - -MULTILIB_CHOST_TOOLS=( - /usr/bin/nss-config -) - -PATCHES=( - "${FILESDIR}/${PN}-3.53-gentoo-fixups.patch" - "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch" - "${FILESDIR}"/nss-3.87-use-clang-as-bgo892686.patch -) - -src_prepare() { - default - - if use cacert ; then - eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch - fi - - pushd coreconf >/dev/null || die - # hack nspr paths - echo 'INCLUDES += -I$(DIST)/include/dbm' \ - >> headers.mk || die "failed to append include" - - # modify install path - sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \ - -i source.mk || die - - # Respect LDFLAGS - sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk - - # Workaround make-4.4's change to sub-make, bmo#1800237, bgo#882069 - sed -i -e "s/^CPU_TAG = _.*/CPU_TAG = _$(nssarch)/" Linux.mk || die - - popd >/dev/null || die - - # Fix pkgconfig file for Prefix - sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \ - config/Makefile || die - - # use host shlibsign if need be #436216 - if tc-is-cross-compiler ; then - sed -i \ - -e 's:"${2}"/shlibsign:shlibsign:' \ - cmd/shlibsign/sign.sh || die - fi - - # dirty hack - sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \ - lib/ssl/config.mk || die - sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \ - cmd/platlibs.mk || die - - multilib_copy_sources - - strip-flags -} - -multilib_src_configure() { - # Ensure we stay multilib aware - sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die -} - -nssarch() { - # Most of the arches are the same as $ARCH - local t=${1:-${CHOST}} - case ${t} in - *86*-pc-solaris2*) echo "i86pc" ;; - aarch64*) echo "aarch64" ;; - hppa*) echo "parisc" ;; - i?86*) echo "i686" ;; - x86_64*) echo "x86_64" ;; - *) tc-arch ${t} ;; - esac -} - -nssbits() { - local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS" - if [[ ${1} == BUILD_ ]]; then - cc=$(tc-getBUILD_CC) - else - cc=$(tc-getCC) - fi - # TODO: Port this to toolchain-funcs tc-get-ptr-size/tc-get-build-ptr-size - echo > "${T}"/test.c || die - ${cc} ${!cppflags} ${!cflags} -fno-lto -c "${T}"/test.c -o "${T}/${1}test.o" || die - case $(file -S "${T}/${1}test.o") in - *32-bit*x86-64*) echo USE_X32=1;; - *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;; - *32-bit*|*ppc*|*i386*) ;; - *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";; - esac -} - -multilib_src_compile() { - # use ABI to determine bit'ness, or fallback if unset - local buildbits mybits - case "${ABI}" in - n32) mybits="USE_N32=1";; - x32) mybits="USE_X32=1";; - s390x|*64) mybits="USE_64=1";; - ${DEFAULT_ABI}) - einfo "Running compilation test to determine bit'ness" - mybits=$(nssbits) - ;; - esac - # bitness of host may differ from target - if tc-is-cross-compiler; then - buildbits=$(nssbits BUILD_) - fi - - local makeargs=( - CC="$(tc-getCC)" - CCC="$(tc-getCXX)" - AR="$(tc-getAR) rc \$@" - RANLIB="$(tc-getRANLIB)" - OPTIMIZER= - ${mybits} - disable_ckbi=0 - ) - - # Take care of nspr settings #436216 - local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)" - unset NSPR_INCLUDE_DIR - - export NSS_ALLOW_SSLKEYLOGFILE=1 - export NSS_ENABLE_WERROR=0 #567158 - export BUILD_OPT=1 - export NSS_USE_SYSTEM_SQLITE=1 - export NSDISTMODE=copy - export FREEBL_NO_DEPEND=1 - export FREEBL_LOWHASH=1 - export NSS_SEED_ONLY_DEV_URANDOM=1 - export USE_SYSTEM_ZLIB=1 - export ZLIB_LIBS=-lz - export ASFLAGS="" - # Fix build failure on arm64 - export NS_USE_GCC=1 - # Detect compiler type and set proper environment value - if tc-is-gcc; then - export CC_IS_GCC=1 - elif tc-is-clang; then - export CC_IS_CLANG=1 - fi - - export NSS_DISABLE_GTESTS=$(usex !test 1 0) - - # Include exportable custom settings defined by users, #900915 - # Two examples uses: - # EXTRA_NSSCONF="MYONESWITCH=1" - # EXTRA_NSSCONF="MYVALUE=0 MYOTHERVALUE=1 MYTHIRDVALUE=1" - # e.g. - # EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0" - # or - # EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0 NSS_ENABLE_WERROR=1" - # etc. - if [[ -n "${EXTRA_NSSCONF}" ]]; then - ewarn "EXTRA_NSSCONF applied, please disable custom settings before reporting bugs." - read -a myextranssconf <<< "${EXTRA_NSSCONF}" - - for (( i=0; i<${#myextranssconf[@]}; i++ )); do - export "${myextranssconf[$i]}" - echo "exported ${myextranssconf[$i]}" - done - fi - - # explicitly disable altivec/vsx if not requested - # https://bugs.gentoo.org/789114 - case ${ARCH} in - ppc*) - use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1 - use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1 - ;; - esac - - use cpu_flags_x86_avx2 || export NSS_DISABLE_AVX2=1 - use cpu_flags_x86_sse3 || export NSS_DISABLE_SSE3=1 - - local d - - # Build the host tools first. - LDFLAGS="${BUILD_LDFLAGS}" \ - XCFLAGS="${BUILD_CFLAGS}" \ - NSPR_LIB_DIR="${T}/fakedir" \ - emake -C coreconf \ - CC="$(tc-getBUILD_CC)" \ - ${buildbits-${mybits}} - makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" ) - - # Then build the target tools. - for d in . lib/dbm ; do - CPPFLAGS="${myCPPFLAGS}" \ - XCFLAGS="${CFLAGS} ${CPPFLAGS}" \ - NSPR_LIB_DIR="${T}/fakedir" \ - emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)" - done -} - -multilib_src_test() { - einfo "Tests can take a *long* time, especially on a multilib system." - einfo "30-45+ minutes per lib configuration. Bug #852755" - - # https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html - # https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite - # https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older) - export BUILD_OPT=1 - export HOST="localhost" - export DOMSUF="localdomain" - export USE_IP=TRUE - export IP_ADDRESS="127.0.0.1" - - # Only run the standard cycle instead of full, reducing testing time from 45 minutes to 15 - # per lib implementation. - export NSS_CYCLES=standard - - NSINSTALL="${PWD}/$(find -type f -name nsinstall)" - - cd "${BUILD_DIR}"/tests || die - # Hack to get current objdir (prefixed dir where built binaries are) - # Without this, at least multilib tests go wrong when building the amd64 variant - # after x86. - local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev) - - # Can tweak to a subset of tests in future if we need to, but would prefer not - OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die -} - -# Altering these 3 libraries breaks the CHK verification. -# All of the following cause it to break: -# - stripping -# - prelink -# - ELF signing -# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html -# Either we have to NOT strip them, or we have to forcibly resign after -# stripping. -#local_libdir="$(get_libdir)" -#export STRIP_MASK=" -# */${local_libdir}/libfreebl3.so* -# */${local_libdir}/libnssdbm3.so* -# */${local_libdir}/libsoftokn3.so*" - -export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3" - -generate_chk() { - local shlibsign="$1" - local libdir="$2" - einfo "Resigning core NSS libraries for FIPS validation" - shift 2 - local i - for i in ${NSS_CHK_SIGN_LIBS} ; do - local libname=lib${i}.so - local chkname=lib${i}.chk - "${shlibsign}" \ - -i "${libdir}"/${libname} \ - -o "${libdir}"/${chkname}.tmp \ - && mv -f \ - "${libdir}"/${chkname}.tmp \ - "${libdir}"/${chkname} \ - || die "Failed to sign ${libname}" - done -} - -cleanup_chk() { - local libdir="$1" - shift 1 - local i - for i in ${NSS_CHK_SIGN_LIBS} ; do - local libfname="${libdir}/lib${i}.so" - # If the major version has changed, then we have old chk files. - [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \ - && rm -f "${libfname}.chk" - done -} - -multilib_src_install() { - pushd dist >/dev/null || die - - dodir /usr/$(get_libdir) - cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed" - local i - for i in crmf freebl nssb nssckfw ; do - cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed" - done - - # Install nss-config and pkgconfig file - dodir /usr/bin - cp -L */bin/nss-config "${ED}"/usr/bin || die - dodir /usr/$(get_libdir)/pkgconfig - cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die - - # create an nss-softokn.pc from nss.pc for libfreebl and some private headers - # bug 517266 - sed -e 's#Libs:#Libs: -lfreebl#' \ - -e 's#Cflags:#Cflags: -I${includedir}/private#' \ - */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \ - || die "could not create nss-softokn.pc" - - # all the include files - insinto /usr/include/nss - doins public/nss/*.{h,api} - insinto /usr/include/nss/private - doins private/nss/{blapi,alghmac,cmac}.h - - popd >/dev/null || die - - local f nssutils - # Always enabled because we need it for chk generation. - nssutils=( shlibsign ) - - if multilib_is_native_abi ; then - if use utils; then - # The tests we do not need to install. - #nssutils_test="bltest crmftest dbtest dertimetest - #fipstest remtest sdrtest" - # checkcert utils has been removed in nss-3.22: - # https://bugzilla.mozilla.org/show_bug.cgi?id=1187545 - # https://hg.mozilla.org/projects/nss/rev/df1729d37870 - # certcgi has been removed in nss-3.36: - # https://bugzilla.mozilla.org/show_bug.cgi?id=1426602 - nssutils+=( - addbuiltin - atob - baddbdir - btoa - certutil - cmsutil - conflict - crlutil - derdump - digest - makepqg - mangle - modutil - multinit - nonspr10 - ocspclnt - oidcalc - p7content - p7env - p7sign - p7verify - pk11mode - pk12util - pp - rsaperf - selfserv - signtool - signver - ssltap - strsclnt - symkeyutil - tstclnt - vfychain - vfyserv - ) - # install man-pages for utils (bug #516810) - doman doc/nroff/*.1 - fi - pushd dist/*/bin >/dev/null || die - for f in ${nssutils[@]}; do - dobin ${f} - done - popd >/dev/null || die - fi -} - -pkg_postinst() { - multilib_pkg_postinst() { - # We must re-sign the libraries AFTER they are stripped. - local shlibsign="${EROOT}/usr/bin/shlibsign" - # See if we can execute it (cross-compiling & such). #436216 - "${shlibsign}" -h >&/dev/null - if [[ $? -gt 1 ]] ; then - shlibsign="shlibsign" - fi - generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir) - } - - multilib_foreach_abi multilib_pkg_postinst -} - -pkg_postrm() { - multilib_pkg_postrm() { - cleanup_chk "${EROOT}"/usr/$(get_libdir) - } - - multilib_foreach_abi multilib_pkg_postrm -} diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest index 2df241b55656..9d04efec04e2 100644 --- a/dev-libs/openssl/Manifest +++ b/dev-libs/openssl/Manifest @@ -15,10 +15,6 @@ DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1 DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32 DIST openssl-1.1.1w.tar.gz 9893384 BLAKE2B 2fdba6ca0188928ab2f74e606136afca66cfa0467170fa6298ef160b64ac6fdcad1e81e5dd14013ce0e9921d0f7417edec531cd0beaf1196fec704c2c6d48395 SHA512 b4c625fe56a4e690b57b6a011a225ad0cb3af54bd8fb67af77b5eceac55cc7191291d96a660c5b568a08a2fbf62b4612818e7cca1bb95b2b6b4fc649b0552b6d DIST openssl-1.1.1w.tar.gz.asc 833 BLAKE2B d990be69ed913509d52b78e7473668429d4485adb29ef03e4612dd0cadbac4f04c7289d8e5baf6f397bcedeaac9f802f18fc719964d882ae0514ed1ca16ae277 SHA512 0f3d7aa48b1cabf8dd43e8108aeed10a4dffb4f5a244d4da9c86ea358b0c8b90c46da561d21e01c567c2f5035d824ed82ec104aad1776b7f33a1be85990e98ef -DIST openssl-3.0.11.tar.gz 15198318 BLAKE2B e522573aa72c8f6ffef82f20de36178fc6f97a8fee8443df4bf1bd9a6448b315742e9cb698717c1b7d9a91d0768d7ce08d55956ddc415b9dc6cb33fe3a98131b SHA512 393e7262cce0e7980d1cbba861291c8791f6c2a290e9867895c4310ab6e16b449067d8b780ae6081dc8d42529a4f32d545c66e8b1e69d301281d92f1882c85b7 -DIST openssl-3.0.11.tar.gz.asc 833 BLAKE2B e6e2636d5bb5fffb86833e64437fb440bbfd1c4e2bfbfdd72280cf1ce388b70d30eeea56ef6f3bb673e7dcd12020d993ef95f96bf099ded38e8cde4b549b38fa SHA512 3c1fe94fc46861870d99d1edcfe3c151272f7864dde36b66e87a0c79d2289e9ed5cfc48bfa65ba0e88eadcb3cc8307d702e01155f48af8ffc2d4f8fbbf3aa03c -DIST openssl-3.0.12.tar.gz 15204575 BLAKE2B 1f00e33a5ed64a51cf28f0dbe7d53a9197c1edae7538dea9573394ee4dc03a885483d74b0b47a78b9067e87b4f420b9d7103f351bfec91710c168051cb7148df SHA512 63e003653dd1126c66e278969a626cdf0801b97da8b7076824d661e4a77e1572c3171cf7f006c972b95bcfa284889ee0362d8a46a851f7d8e743e2a1fe593b24 -DIST openssl-3.0.12.tar.gz.asc 833 BLAKE2B 5c7914e0449a1f2fad433544fa637263b237c2637b86960f904a7840ef6bd627728dfa45373e03a6ce7a0a4570d03e1dcd0188059bd5dbcc83d49d10be64dd39 SHA512 072d1572e6cc5240fed69c01b1f7f74958ceba33cec3b0a7f0db5929dc884381320fb737ec6b38f95ef81c855e2d382d7ecd19431a328b08efad70288ec4a964 DIST openssl-3.0.13.tar.gz 15294843 BLAKE2B 869aa5f70a8c1d0cac6027e9261530df70ab5a8b448c785f5f8ff3f206e742c5364424132d0e109a6449af9b4082c4c179c7103dccb16a4539f776ca834c8ccc SHA512 22f4096781f0b075f5bf81bd39a0f97e111760dfa73b6f858f6bb54968a7847944d74969ae10f9a51cc21a2f4af20d9a4c463649dc824f5e439e196d6764c4f9 DIST openssl-3.0.13.tar.gz.asc 833 BLAKE2B 519515b6faa505d68ff9acc30db9515fac494145086fa5ad9561c39385a6fabb39ad9de10fedd49c8fc716ec59ea1b13ec5e6b466e549ea9f29b8d0bb74ba7b3 SHA512 c52d97c93d16f3ca2a7026fb25890482b6d86c37b5ab686c56b0e08522743ec4ea3f84afa4deb64b0df0d9a16b557430c4d4139ab42ffcf97d769b61d1e6197c DIST openssl-3.1.5.tar.gz 15663524 BLAKE2B a12eb88b0a4f2d927123e0d3ca7d2f80f2bdc867c710d24700fe39b631b93d90c73c3deceff151a9fa818ac88026eb798f3253f22d03c839ab9574086fa61eee SHA512 82e2ac6b3d9b03f8fc66d2ec421246e989eb702eb94586515abfb5afb5300391a0beedf6a2602f61ac10896b41e5608feeeeb4d37714fa17ac0f2ce465249fa9 @@ -29,14 +25,8 @@ DIST openssl-3.3.0.tar.gz 18038030 BLAKE2B c68efaf8aca87961f396e305acc767b56d651 DIST openssl-3.3.0.tar.gz.asc 833 BLAKE2B 207b9fd53de6f57fe24d6a6e5e9f735b7649258bb2873b6c1e29b7d2689c9a75774dbf09392be40f8a8ab240e4e6c745e2864155e8b0f2f3f5ca3b45051e869a SHA512 8750daa607e6bfd2326a4d4f04c9c04608d9fa852fc1515acf1fcf3d1ad33b8ba8435d9ef1ac3a032fecd09aa90446c53996045506bcfbddb7544bb61b26af24 EBUILD openssl-1.0.2u-r1.ebuild 10129 BLAKE2B fe03657452c1218e9ed6fff4b939ae5a1b648b20495690c8cc5f8668b6985c860176733080b4f0265d4bae6bc060bf432995a404be24733735ede3f5440f793a SHA512 e843699fac5b1bdf348fb13cd7de96af09af709e6b9dd5d0ca20d867a38ad870504ac58e7bf21efc01f8303520938031f36f0f5e5d1e76458c6e954ee464f364 EBUILD openssl-1.1.1w.ebuild 8233 BLAKE2B 4657e3e413f25f4503dbc5484e3d06e63c25c64f9132e3ce64629601f729380b6e1918d34f19e9269ac8ed066b2014d2163d54808e67476d033b2af1603cf609 SHA512 122f5d3e3577d9da17d0a49b38925d3fbbaab4117c116f37d0430463d5dcaa3803089cacbc5fddbc5466506eb6a59f1b5fef130dec200c5951f67d9d6c5b160b -EBUILD openssl-3.0.11.ebuild 8719 BLAKE2B fa28b31cc2f72147114cdc89b4253603855bd6cdf93b62a124caaff88f927412fdd1811e50ca35adb9885fa3fccb53203a46f231479373047fbd0fe709c8e228 SHA512 b5a46310bc8a5e842cca20c7755494fa6ff1d63eab24efbad516362cd68dce74380790050143beee437808fd724a41f323e04f4815833f6ea535c8022bc12162 -EBUILD openssl-3.0.12.ebuild 8719 BLAKE2B fa28b31cc2f72147114cdc89b4253603855bd6cdf93b62a124caaff88f927412fdd1811e50ca35adb9885fa3fccb53203a46f231479373047fbd0fe709c8e228 SHA512 b5a46310bc8a5e842cca20c7755494fa6ff1d63eab24efbad516362cd68dce74380790050143beee437808fd724a41f323e04f4815833f6ea535c8022bc12162 -EBUILD openssl-3.0.13-r1.ebuild 8556 BLAKE2B 5e6b7dd5cd4a4ddba9e894281d5aab747360774fc2f588d9c026bc01fa850b8ae682f867d32484c206d35e67b19744accc2f090845e586088e106139df3cff02 SHA512 865c22ec6db34e4f7249828bcdfe1cb677ae435fcd50a4007905f4f72b84a4dc0dfd4a039d2d0d1945cd1e8220613b8e4946135f8e918a2619eb9209b5b911ec EBUILD openssl-3.0.13-r2.ebuild 8579 BLAKE2B 98d8a2d6365a80150fb3f4a061162f8c18d6195a8585a27ee6f1d71ee217f159d8699f485d1191305409f3dc44344758228d9f751c7f12aaa5efd9484fbf48e3 SHA512 94a298c01fcd5e48ea00079b2a039efb2165ff71153a6d1cf810555ab977e820754fd504a4d7dfe32f2e8764c0ac05696b57155531ec8dcdb158612efd7f2a8f -EBUILD openssl-3.0.13.ebuild 8487 BLAKE2B f59e012d00584a3d17b51dd8ce6a1e0e77071fbc9a4144f604314e19e8cc57addcc32d12f2d4c03eda2b1e9c8023ad629ca27369f0d7b6d9983d092d53dbf6d7 SHA512 7ccae792fdaae34aec986e59630d64e5dc4ba2916b37093c95dc4649a2d314e701f38018f79c4e10af7eab5a809fa7dbfd1b35ae49bef74327804c6d00170267 -EBUILD openssl-3.1.5-r1.ebuild 8586 BLAKE2B c22d038b5af42c19389048b43618e3aad090062a8b5ca78eccf3572714d5d2469c1535ea3c4801241d313bf508191448dfa7e8bb52efc24f82523d1fc5273f85 SHA512 fa711d41776c086f9b31001143730e7f8524a41f6272d9df11fe7315c666113b8ba817fbaed7cd85482275014112e8f6a95213f0078531b2bd6a9f503c3f96a1 EBUILD openssl-3.1.5-r2.ebuild 8626 BLAKE2B ae09c41b277f416c8ad0180384fc3fbe7cee002e180ebb4817b6b4b2562a3b4782fe2e9240a275aff8c1a34d22160485dc1e6bac4a03546a3859d454a20b7cae SHA512 d7d687dd36f5839ac75c616f454fb8192d9826057638db17b6ea63dee11da6b5449d89d1a0cf47e0e67a98f51a5a46ca368770e0f03e3d77ce0642b1627d8d5b -EBUILD openssl-3.2.1-r1.ebuild 9305 BLAKE2B 9be044f9fd88230cf5bcfaca16458bcdbb9abc2ad6d66f56ebbc1dd74a2bfcf17dd43d1ca713be1e07bc99f775f620b214fcee5f46ab7a1d2bc1b80778bddb50 SHA512 829c77aecfa5acc0949fd481be6297ec0ecf1d12d2e65846ca75436bef359cb96b1617ed8acb60b2a665da80de31b971614221a9000a3e8e5c8954c50c89d22c EBUILD openssl-3.2.1-r2.ebuild 9377 BLAKE2B d8a1bd16284002ec39c926bbe9da25c371e2b54f668146d68f72e8f210e1e0073c1bbeb243f9e24ae970023c207906141e7232e925be718ca244e71dc2f604e9 SHA512 9c6f800d565a7c615ce77e04501b0d9f78c4047465242b9bd6f2c64dc0e0b68a6ff0f3effbf70aba0fe0339455d40095609b4a0df33b07e5afbc7543fe9aef58 EBUILD openssl-3.3.0.ebuild 9191 BLAKE2B c32b7a3f223a748f05baae1c885a3f96c7d2626499efd5d349f54dbf3c4a65fd32d794b2f1dc162917517103590f584e8cf6bee7cce4d864fbfc439dfa7e42ce SHA512 c2b3b14b43a738a49c29bfb3ee34c0307ce607a0b0b8c1b7bbdf4224f7c6deda2fdf09ca2f941cc860beff7ab97d022d00cbc8e4fc791700d8b71767c453c72c MISC metadata.xml 1566 BLAKE2B ae4515c90356b8a2d3e2df8e0cea43c587f73bd2e08f696c065c2254639009b6806806df8a84c63d00781b0cbf906a0d11e94b715749ab1292e77afa9cd5bcc2 SHA512 4a5e6b894476e74f1f93f00c326139eadf1afd498f4508fb723322539f29e53aec6dd198da878db714d2da61ab266089c2dd2f91b9fc66a34375ceb6f68ca394 diff --git a/dev-libs/openssl/openssl-3.0.11.ebuild b/dev-libs/openssl/openssl-3.0.11.ebuild deleted file mode 100644 index 9437bff8e937..000000000000 --- a/dev-libs/openssl/openssl-3.0.11.ebuild +++ /dev/null @@ -1,288 +0,0 @@ -# Copyright 1999-2024 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssl.org.asc -inherit edo flag-o-matic linux-info toolchain-funcs -inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig - -DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)" -HOMEPAGE="https://www.openssl.org/" - -MY_P=${P/_/-} - -if [[ ${PV} == 9999 ]] ; then - EGIT_REPO_URI="https://github.com/openssl/openssl.git" - - inherit git-r3 -else - SRC_URI="mirror://openssl/source/${MY_P}.tar.gz - verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )" - KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" -fi - -S="${WORKDIR}"/${MY_P} - -LICENSE="Apache-2.0" -SLOT="0/3" # .so version of libssl/libcrypto -IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers" -RESTRICT="!test? ( test )" - -COMMON_DEPEND=" - tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) -" -BDEPEND=" - >=dev-lang/perl-5 - sctp? ( >=net-misc/lksctp-tools-1.0.12 ) - test? ( - sys-apps/diffutils - app-alternatives/bc - sys-process/procps - ) - verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230801 )" - -DEPEND="${COMMON_DEPEND}" -RDEPEND="${COMMON_DEPEND}" -PDEPEND="app-misc/ca-certificates" - -MULTILIB_WRAPPED_HEADERS=( - /usr/include/openssl/configuration.h -) - -pkg_setup() { - if use ktls ; then - if kernel_is -lt 4 18 ; then - ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!" - else - CONFIG_CHECK="~TLS ~TLS_DEVICE" - ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!" - ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!" - use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER" - - linux-info_pkg_setup - fi - fi - - [[ ${MERGE_TYPE} == binary ]] && return - - # must check in pkg_setup; sysctl doesn't work with userpriv! - if use test && use sctp ; then - # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel" - # if sctp.auth_enable is not enabled. - local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null) - if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then - die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!" - fi - fi -} - -src_unpack() { - # Can delete this once test fix patch is dropped - if use verify-sig ; then - # Needed for downloaded patch (which is unsigned, which is fine) - verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc} - fi - - default -} - -src_prepare() { - # Make sure we only ever touch Makefile.org and avoid patching a file - # that gets blown away anyways by the Configure script in src_configure - rm -f Makefile - - if ! use vanilla ; then - PATCHES+=( - # Add patches which are Gentoo-specific customisations here - ) - fi - - default - - if use test && use sctp && has network-sandbox ${FEATURES} ; then - einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..." - rm test/recipes/80-test_ssl_new.t || die - fi - - # Test fails depending on kernel configuration, bug #699134 - rm test/recipes/30-test_afalg.t || die -} - -src_configure() { - # Keep this in sync with app-misc/c_rehash - SSL_CNF_DIR="/etc/ssl" - - # Quiet out unknown driver argument warnings since openssl - # doesn't have well-split CFLAGS and we're making it even worse - # and 'make depend' uses -Werror for added fun (bug #417795 again) - tc-is-clang && append-flags -Qunused-arguments - - # We really, really need to build OpenSSL w/ strict aliasing disabled. - # It's filled with violations and it *will* result in miscompiled - # code. This has been in the ebuild for > 10 years but even in 2022, - # it's still relevant: - # - https://github.com/llvm/llvm-project/issues/55255 - # - https://github.com/openssl/openssl/issues/12247 - # - https://github.com/openssl/openssl/issues/18225 - # - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057 - # Don't remove the no strict aliasing bits below! - filter-flags -fstrict-aliasing - append-flags -fno-strict-aliasing - # The OpenSSL developers don't test with LTO right now, it leads to various - # warnings/errors (which may or may not be false positives), it's considered - # unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663. - filter-lto - - append-flags $(test-flags-CC -Wa,--noexecstack) - - # bug #895308 - append-atomic-flags - # Configure doesn't respect LIBS - export LDLIBS="${LIBS}" - - # bug #197996 - unset APPS - # bug #312551 - unset SCRIPTS - # bug #311473 - unset CROSS_COMPILE - - tc-export AR CC CXX RANLIB RC - - multilib-minimal_src_configure -} - -multilib_src_configure() { - use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } - - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") - - # See if our toolchain supports __uint128_t. If so, it's 64bit - # friendly and can use the nicely optimized code paths, bug #460790. - #local ec_nistp_64_gcc_128 - # - # Disable it for now though (bug #469976) - # Do NOT re-enable without substantial discussion first! - # - #echo "__uint128_t i;" > "${T}"/128.c - #if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then - # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" - #fi - - local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4") - einfo "Using configuration: ${sslout:-(openssl knows best)}" - - # https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features - local myeconfargs=( - ${sslout} - - $(use cpu_flags_x86_sse2 || echo "no-sse2") - enable-camellia - enable-ec - enable-ec2m - enable-sm2 - enable-srp - $(use elibc_musl && echo "no-async") - enable-idea - enable-mdc2 - enable-rc5 - $(use fips && echo "enable-fips") - $(use_ssl asm) - $(use_ssl ktls) - $(use_ssl rfc3779) - $(use_ssl sctp) - $(use test || echo "no-tests") - $(use_ssl tls-compression zlib) - $(use_ssl weak-ssl-ciphers) - - --prefix="${EPREFIX}"/usr - --openssldir="${EPREFIX}"${SSL_CNF_DIR} - --libdir=$(get_libdir) - - shared - threads - ) - - edo perl "${S}/Configure" "${myeconfargs[@]}" -} - -multilib_src_compile() { - emake build_sw - - if multilib_is_native_abi; then - emake build_docs - fi -} - -multilib_src_test() { - # VFP = show subtests verbosely and show failed tests verbosely - # Normal V=1 would show everything verbosely but this slows things down. - emake HARNESS_JOBS="$(makeopts_jobs)" -Onone VFP=1 test -} - -multilib_src_install() { - # Only -j1 is supported for the install targets: - # https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305 - emake DESTDIR="${D}" -j1 install_sw - if use fips; then - emake DESTDIR="${D}" -j1 install_fips - # Regen this in pkg_preinst, bug 900625 - rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die - fi - - if multilib_is_native_abi; then - emake DESTDIR="${D}" -j1 install_ssldirs - emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs - fi - - # This is crappy in that the static archives are still built even - # when USE=static-libs. But this is due to a failing in the openssl - # build system: the static archives are built as PIC all the time. - # Only way around this would be to manually configure+compile openssl - # twice; once with shared lib support enabled and once without. - if ! use static-libs ; then - rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die - fi -} - -multilib_src_install_all() { - # openssl installs perl version of c_rehash by default, but - # we provide a shell version via app-misc/c_rehash - rm "${ED}"/usr/bin/c_rehash || die - - dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el - - # Create the certs directory - keepdir ${SSL_CNF_DIR}/certs - - # bug #254521 - dodir /etc/sandbox.d - echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl - - diropts -m0700 - keepdir ${SSL_CNF_DIR}/private -} - -pkg_preinst() { - if use fips; then - # Regen fipsmodule.cnf, bug 900625 - ebegin "Running openssl fipsinstall" - "${ED}/usr/bin/openssl" fipsinstall -quiet \ - -out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \ - -module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so" - eend $? - fi - - preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \ - /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1) -} - -pkg_postinst() { - ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)" - openssl rehash "${EROOT}${SSL_CNF_DIR}/certs" - eend $? - - preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \ - /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1) -} diff --git a/dev-libs/openssl/openssl-3.0.12.ebuild b/dev-libs/openssl/openssl-3.0.12.ebuild deleted file mode 100644 index 9437bff8e937..000000000000 --- a/dev-libs/openssl/openssl-3.0.12.ebuild +++ /dev/null @@ -1,288 +0,0 @@ -# Copyright 1999-2024 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssl.org.asc -inherit edo flag-o-matic linux-info toolchain-funcs -inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig - -DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)" -HOMEPAGE="https://www.openssl.org/" - -MY_P=${P/_/-} - -if [[ ${PV} == 9999 ]] ; then - EGIT_REPO_URI="https://github.com/openssl/openssl.git" - - inherit git-r3 -else - SRC_URI="mirror://openssl/source/${MY_P}.tar.gz - verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )" - KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" -fi - -S="${WORKDIR}"/${MY_P} - -LICENSE="Apache-2.0" -SLOT="0/3" # .so version of libssl/libcrypto -IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers" -RESTRICT="!test? ( test )" - -COMMON_DEPEND=" - tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) -" -BDEPEND=" - >=dev-lang/perl-5 - sctp? ( >=net-misc/lksctp-tools-1.0.12 ) - test? ( - sys-apps/diffutils - app-alternatives/bc - sys-process/procps - ) - verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230801 )" - -DEPEND="${COMMON_DEPEND}" -RDEPEND="${COMMON_DEPEND}" -PDEPEND="app-misc/ca-certificates" - -MULTILIB_WRAPPED_HEADERS=( - /usr/include/openssl/configuration.h -) - -pkg_setup() { - if use ktls ; then - if kernel_is -lt 4 18 ; then - ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!" - else - CONFIG_CHECK="~TLS ~TLS_DEVICE" - ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!" - ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!" - use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER" - - linux-info_pkg_setup - fi - fi - - [[ ${MERGE_TYPE} == binary ]] && return - - # must check in pkg_setup; sysctl doesn't work with userpriv! - if use test && use sctp ; then - # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel" - # if sctp.auth_enable is not enabled. - local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null) - if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then - die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!" - fi - fi -} - -src_unpack() { - # Can delete this once test fix patch is dropped - if use verify-sig ; then - # Needed for downloaded patch (which is unsigned, which is fine) - verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc} - fi - - default -} - -src_prepare() { - # Make sure we only ever touch Makefile.org and avoid patching a file - # that gets blown away anyways by the Configure script in src_configure - rm -f Makefile - - if ! use vanilla ; then - PATCHES+=( - # Add patches which are Gentoo-specific customisations here - ) - fi - - default - - if use test && use sctp && has network-sandbox ${FEATURES} ; then - einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..." - rm test/recipes/80-test_ssl_new.t || die - fi - - # Test fails depending on kernel configuration, bug #699134 - rm test/recipes/30-test_afalg.t || die -} - -src_configure() { - # Keep this in sync with app-misc/c_rehash - SSL_CNF_DIR="/etc/ssl" - - # Quiet out unknown driver argument warnings since openssl - # doesn't have well-split CFLAGS and we're making it even worse - # and 'make depend' uses -Werror for added fun (bug #417795 again) - tc-is-clang && append-flags -Qunused-arguments - - # We really, really need to build OpenSSL w/ strict aliasing disabled. - # It's filled with violations and it *will* result in miscompiled - # code. This has been in the ebuild for > 10 years but even in 2022, - # it's still relevant: - # - https://github.com/llvm/llvm-project/issues/55255 - # - https://github.com/openssl/openssl/issues/12247 - # - https://github.com/openssl/openssl/issues/18225 - # - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057 - # Don't remove the no strict aliasing bits below! - filter-flags -fstrict-aliasing - append-flags -fno-strict-aliasing - # The OpenSSL developers don't test with LTO right now, it leads to various - # warnings/errors (which may or may not be false positives), it's considered - # unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663. - filter-lto - - append-flags $(test-flags-CC -Wa,--noexecstack) - - # bug #895308 - append-atomic-flags - # Configure doesn't respect LIBS - export LDLIBS="${LIBS}" - - # bug #197996 - unset APPS - # bug #312551 - unset SCRIPTS - # bug #311473 - unset CROSS_COMPILE - - tc-export AR CC CXX RANLIB RC - - multilib-minimal_src_configure -} - -multilib_src_configure() { - use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } - - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") - - # See if our toolchain supports __uint128_t. If so, it's 64bit - # friendly and can use the nicely optimized code paths, bug #460790. - #local ec_nistp_64_gcc_128 - # - # Disable it for now though (bug #469976) - # Do NOT re-enable without substantial discussion first! - # - #echo "__uint128_t i;" > "${T}"/128.c - #if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then - # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" - #fi - - local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4") - einfo "Using configuration: ${sslout:-(openssl knows best)}" - - # https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features - local myeconfargs=( - ${sslout} - - $(use cpu_flags_x86_sse2 || echo "no-sse2") - enable-camellia - enable-ec - enable-ec2m - enable-sm2 - enable-srp - $(use elibc_musl && echo "no-async") - enable-idea - enable-mdc2 - enable-rc5 - $(use fips && echo "enable-fips") - $(use_ssl asm) - $(use_ssl ktls) - $(use_ssl rfc3779) - $(use_ssl sctp) - $(use test || echo "no-tests") - $(use_ssl tls-compression zlib) - $(use_ssl weak-ssl-ciphers) - - --prefix="${EPREFIX}"/usr - --openssldir="${EPREFIX}"${SSL_CNF_DIR} - --libdir=$(get_libdir) - - shared - threads - ) - - edo perl "${S}/Configure" "${myeconfargs[@]}" -} - -multilib_src_compile() { - emake build_sw - - if multilib_is_native_abi; then - emake build_docs - fi -} - -multilib_src_test() { - # VFP = show subtests verbosely and show failed tests verbosely - # Normal V=1 would show everything verbosely but this slows things down. - emake HARNESS_JOBS="$(makeopts_jobs)" -Onone VFP=1 test -} - -multilib_src_install() { - # Only -j1 is supported for the install targets: - # https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305 - emake DESTDIR="${D}" -j1 install_sw - if use fips; then - emake DESTDIR="${D}" -j1 install_fips - # Regen this in pkg_preinst, bug 900625 - rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die - fi - - if multilib_is_native_abi; then - emake DESTDIR="${D}" -j1 install_ssldirs - emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs - fi - - # This is crappy in that the static archives are still built even - # when USE=static-libs. But this is due to a failing in the openssl - # build system: the static archives are built as PIC all the time. - # Only way around this would be to manually configure+compile openssl - # twice; once with shared lib support enabled and once without. - if ! use static-libs ; then - rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die - fi -} - -multilib_src_install_all() { - # openssl installs perl version of c_rehash by default, but - # we provide a shell version via app-misc/c_rehash - rm "${ED}"/usr/bin/c_rehash || die - - dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el - - # Create the certs directory - keepdir ${SSL_CNF_DIR}/certs - - # bug #254521 - dodir /etc/sandbox.d - echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl - - diropts -m0700 - keepdir ${SSL_CNF_DIR}/private -} - -pkg_preinst() { - if use fips; then - # Regen fipsmodule.cnf, bug 900625 - ebegin "Running openssl fipsinstall" - "${ED}/usr/bin/openssl" fipsinstall -quiet \ - -out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \ - -module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so" - eend $? - fi - - preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \ - /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1) -} - -pkg_postinst() { - ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)" - openssl rehash "${EROOT}${SSL_CNF_DIR}/certs" - eend $? - - preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \ - /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1) -} diff --git a/dev-libs/openssl/openssl-3.0.13-r1.ebuild b/dev-libs/openssl/openssl-3.0.13-r1.ebuild deleted file mode 100644 index 4241ad7f72ed..000000000000 --- a/dev-libs/openssl/openssl-3.0.13-r1.ebuild +++ /dev/null @@ -1,282 +0,0 @@ -# Copyright 1999-2024 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssl.org.asc -inherit edo flag-o-matic linux-info toolchain-funcs -inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig - -DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)" -HOMEPAGE="https://www.openssl.org/" - -MY_P=${P/_/-} - -if [[ ${PV} == 9999 ]] ; then - EGIT_REPO_URI="https://github.com/openssl/openssl.git" - - inherit git-r3 -else - SRC_URI="mirror://openssl/source/${MY_P}.tar.gz - verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )" - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" -fi - -S="${WORKDIR}"/${MY_P} - -LICENSE="Apache-2.0" -SLOT="0/3" # .so version of libssl/libcrypto -IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers" -RESTRICT="!test? ( test )" - -COMMON_DEPEND=" - tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) -" -BDEPEND=" - >=dev-lang/perl-5 - sctp? ( >=net-misc/lksctp-tools-1.0.12 ) - test? ( - sys-apps/diffutils - app-alternatives/bc - sys-process/procps - ) - verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230801 )" - -DEPEND="${COMMON_DEPEND}" -RDEPEND="${COMMON_DEPEND}" -PDEPEND="app-misc/ca-certificates" - -MULTILIB_WRAPPED_HEADERS=( - /usr/include/openssl/configuration.h -) - -PATCHES=( - "${FILESDIR}"/${PN}-3.0.13-CVE-2024-2511.patch -) - -pkg_setup() { - if use ktls ; then - if kernel_is -lt 4 18 ; then - ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!" - else - CONFIG_CHECK="~TLS ~TLS_DEVICE" - ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!" - ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!" - use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER" - - linux-info_pkg_setup - fi - fi - - [[ ${MERGE_TYPE} == binary ]] && return - - # must check in pkg_setup; sysctl doesn't work with userpriv! - if use test && use sctp ; then - # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel" - # if sctp.auth_enable is not enabled. - local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null) - if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then - die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!" - fi - fi -} - -src_prepare() { - # Make sure we only ever touch Makefile.org and avoid patching a file - # that gets blown away anyways by the Configure script in src_configure - rm -f Makefile || die - - if ! use vanilla ; then - PATCHES+=( - # Add patches which are Gentoo-specific customisations here - ) - fi - - default - - if use test && use sctp && has network-sandbox ${FEATURES} ; then - einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..." - rm test/recipes/80-test_ssl_new.t || die - fi - - # Test fails depending on kernel configuration, bug #699134 - rm test/recipes/30-test_afalg.t || die -} - -src_configure() { - # Keep this in sync with app-misc/c_rehash - SSL_CNF_DIR="/etc/ssl" - - # Quiet out unknown driver argument warnings since openssl - # doesn't have well-split CFLAGS and we're making it even worse - # and 'make depend' uses -Werror for added fun (bug #417795 again) - tc-is-clang && append-flags -Qunused-arguments - - # We really, really need to build OpenSSL w/ strict aliasing disabled. - # It's filled with violations and it *will* result in miscompiled - # code. This has been in the ebuild for > 10 years but even in 2022, - # it's still relevant: - # - https://github.com/llvm/llvm-project/issues/55255 - # - https://github.com/openssl/openssl/issues/12247 - # - https://github.com/openssl/openssl/issues/18225 - # - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057 - # Don't remove the no strict aliasing bits below! - filter-flags -fstrict-aliasing - append-flags -fno-strict-aliasing - # The OpenSSL developers don't test with LTO right now, it leads to various - # warnings/errors (which may or may not be false positives), it's considered - # unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663. - filter-lto - - append-flags $(test-flags-CC -Wa,--noexecstack) - - # bug #895308 - append-atomic-flags - # Configure doesn't respect LIBS - export LDLIBS="${LIBS}" - - # bug #197996 - unset APPS - # bug #312551 - unset SCRIPTS - # bug #311473 - unset CROSS_COMPILE - - tc-export AR CC CXX RANLIB RC - - multilib-minimal_src_configure -} - -multilib_src_configure() { - use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } - - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") - - # See if our toolchain supports __uint128_t. If so, it's 64bit - # friendly and can use the nicely optimized code paths, bug #460790. - #local ec_nistp_64_gcc_128 - # - # Disable it for now though (bug #469976) - # Do NOT re-enable without substantial discussion first! - # - #echo "__uint128_t i;" > "${T}"/128.c - #if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then - # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" - #fi - - local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4") - einfo "Using configuration: ${sslout:-(openssl knows best)}" - - # https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features - local myeconfargs=( - ${sslout} - - $(use cpu_flags_x86_sse2 || echo "no-sse2") - enable-camellia - enable-ec - enable-ec2m - enable-sm2 - enable-srp - $(use elibc_musl && echo "no-async") - enable-idea - enable-mdc2 - enable-rc5 - $(use fips && echo "enable-fips") - $(use_ssl asm) - $(use_ssl ktls) - $(use_ssl rfc3779) - $(use_ssl sctp) - $(use test || echo "no-tests") - $(use_ssl tls-compression zlib) - $(use_ssl weak-ssl-ciphers) - - --prefix="${EPREFIX}"/usr - --openssldir="${EPREFIX}"${SSL_CNF_DIR} - --libdir=$(get_libdir) - - shared - threads - ) - - edo perl "${S}/Configure" "${myeconfargs[@]}" -} - -multilib_src_compile() { - emake build_sw - - if multilib_is_native_abi; then - emake build_docs - fi -} - -multilib_src_test() { - # VFP = show subtests verbosely and show failed tests verbosely - # Normal V=1 would show everything verbosely but this slows things down. - emake HARNESS_JOBS="$(makeopts_jobs)" -Onone VFP=1 test -} - -multilib_src_install() { - # Only -j1 is supported for the install targets: - # https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305 - emake DESTDIR="${D}" -j1 install_sw - if use fips; then - emake DESTDIR="${D}" -j1 install_fips - # Regen this in pkg_preinst, bug 900625 - rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die - fi - - if multilib_is_native_abi; then - emake DESTDIR="${D}" -j1 install_ssldirs - emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs - fi - - # This is crappy in that the static archives are still built even - # when USE=static-libs. But this is due to a failing in the openssl - # build system: the static archives are built as PIC all the time. - # Only way around this would be to manually configure+compile openssl - # twice; once with shared lib support enabled and once without. - if ! use static-libs ; then - rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die - fi -} - -multilib_src_install_all() { - # openssl installs perl version of c_rehash by default, but - # we provide a shell version via app-misc/c_rehash - rm "${ED}"/usr/bin/c_rehash || die - - dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el - - # Create the certs directory - keepdir ${SSL_CNF_DIR}/certs - - # bug #254521 - dodir /etc/sandbox.d - echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl - - diropts -m0700 - keepdir ${SSL_CNF_DIR}/private -} - -pkg_preinst() { - if use fips; then - # Regen fipsmodule.cnf, bug 900625 - ebegin "Running openssl fipsinstall" - "${ED}/usr/bin/openssl" fipsinstall -quiet \ - -out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \ - -module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so" - eend $? - fi - - preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \ - /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1) -} - -pkg_postinst() { - ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)" - openssl rehash "${EROOT}${SSL_CNF_DIR}/certs" - eend $? - - preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \ - /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1) -} diff --git a/dev-libs/openssl/openssl-3.0.13.ebuild b/dev-libs/openssl/openssl-3.0.13.ebuild deleted file mode 100644 index a709a5ecde4a..000000000000 --- a/dev-libs/openssl/openssl-3.0.13.ebuild +++ /dev/null @@ -1,278 +0,0 @@ -# Copyright 1999-2024 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssl.org.asc -inherit edo flag-o-matic linux-info toolchain-funcs -inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig - -DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)" -HOMEPAGE="https://www.openssl.org/" - -MY_P=${P/_/-} - -if [[ ${PV} == 9999 ]] ; then - EGIT_REPO_URI="https://github.com/openssl/openssl.git" - - inherit git-r3 -else - SRC_URI="mirror://openssl/source/${MY_P}.tar.gz - verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )" - KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" -fi - -S="${WORKDIR}"/${MY_P} - -LICENSE="Apache-2.0" -SLOT="0/3" # .so version of libssl/libcrypto -IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers" -RESTRICT="!test? ( test )" - -COMMON_DEPEND=" - tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) -" -BDEPEND=" - >=dev-lang/perl-5 - sctp? ( >=net-misc/lksctp-tools-1.0.12 ) - test? ( - sys-apps/diffutils - app-alternatives/bc - sys-process/procps - ) - verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230801 )" - -DEPEND="${COMMON_DEPEND}" -RDEPEND="${COMMON_DEPEND}" -PDEPEND="app-misc/ca-certificates" - -MULTILIB_WRAPPED_HEADERS=( - /usr/include/openssl/configuration.h -) - -pkg_setup() { - if use ktls ; then - if kernel_is -lt 4 18 ; then - ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!" - else - CONFIG_CHECK="~TLS ~TLS_DEVICE" - ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!" - ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!" - use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER" - - linux-info_pkg_setup - fi - fi - - [[ ${MERGE_TYPE} == binary ]] && return - - # must check in pkg_setup; sysctl doesn't work with userpriv! - if use test && use sctp ; then - # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel" - # if sctp.auth_enable is not enabled. - local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null) - if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then - die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!" - fi - fi -} - -src_prepare() { - # Make sure we only ever touch Makefile.org and avoid patching a file - # that gets blown away anyways by the Configure script in src_configure - rm -f Makefile || die - - if ! use vanilla ; then - PATCHES+=( - # Add patches which are Gentoo-specific customisations here - ) - fi - - default - - if use test && use sctp && has network-sandbox ${FEATURES} ; then - einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..." - rm test/recipes/80-test_ssl_new.t || die - fi - - # Test fails depending on kernel configuration, bug #699134 - rm test/recipes/30-test_afalg.t || die -} - -src_configure() { - # Keep this in sync with app-misc/c_rehash - SSL_CNF_DIR="/etc/ssl" - - # Quiet out unknown driver argument warnings since openssl - # doesn't have well-split CFLAGS and we're making it even worse - # and 'make depend' uses -Werror for added fun (bug #417795 again) - tc-is-clang && append-flags -Qunused-arguments - - # We really, really need to build OpenSSL w/ strict aliasing disabled. - # It's filled with violations and it *will* result in miscompiled - # code. This has been in the ebuild for > 10 years but even in 2022, - # it's still relevant: - # - https://github.com/llvm/llvm-project/issues/55255 - # - https://github.com/openssl/openssl/issues/12247 - # - https://github.com/openssl/openssl/issues/18225 - # - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057 - # Don't remove the no strict aliasing bits below! - filter-flags -fstrict-aliasing - append-flags -fno-strict-aliasing - # The OpenSSL developers don't test with LTO right now, it leads to various - # warnings/errors (which may or may not be false positives), it's considered - # unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663. - filter-lto - - append-flags $(test-flags-CC -Wa,--noexecstack) - - # bug #895308 - append-atomic-flags - # Configure doesn't respect LIBS - export LDLIBS="${LIBS}" - - # bug #197996 - unset APPS - # bug #312551 - unset SCRIPTS - # bug #311473 - unset CROSS_COMPILE - - tc-export AR CC CXX RANLIB RC - - multilib-minimal_src_configure -} - -multilib_src_configure() { - use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } - - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") - - # See if our toolchain supports __uint128_t. If so, it's 64bit - # friendly and can use the nicely optimized code paths, bug #460790. - #local ec_nistp_64_gcc_128 - # - # Disable it for now though (bug #469976) - # Do NOT re-enable without substantial discussion first! - # - #echo "__uint128_t i;" > "${T}"/128.c - #if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then - # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" - #fi - - local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4") - einfo "Using configuration: ${sslout:-(openssl knows best)}" - - # https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features - local myeconfargs=( - ${sslout} - - $(use cpu_flags_x86_sse2 || echo "no-sse2") - enable-camellia - enable-ec - enable-ec2m - enable-sm2 - enable-srp - $(use elibc_musl && echo "no-async") - enable-idea - enable-mdc2 - enable-rc5 - $(use fips && echo "enable-fips") - $(use_ssl asm) - $(use_ssl ktls) - $(use_ssl rfc3779) - $(use_ssl sctp) - $(use test || echo "no-tests") - $(use_ssl tls-compression zlib) - $(use_ssl weak-ssl-ciphers) - - --prefix="${EPREFIX}"/usr - --openssldir="${EPREFIX}"${SSL_CNF_DIR} - --libdir=$(get_libdir) - - shared - threads - ) - - edo perl "${S}/Configure" "${myeconfargs[@]}" -} - -multilib_src_compile() { - emake build_sw - - if multilib_is_native_abi; then - emake build_docs - fi -} - -multilib_src_test() { - # VFP = show subtests verbosely and show failed tests verbosely - # Normal V=1 would show everything verbosely but this slows things down. - emake HARNESS_JOBS="$(makeopts_jobs)" -Onone VFP=1 test -} - -multilib_src_install() { - # Only -j1 is supported for the install targets: - # https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305 - emake DESTDIR="${D}" -j1 install_sw - if use fips; then - emake DESTDIR="${D}" -j1 install_fips - # Regen this in pkg_preinst, bug 900625 - rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die - fi - - if multilib_is_native_abi; then - emake DESTDIR="${D}" -j1 install_ssldirs - emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs - fi - - # This is crappy in that the static archives are still built even - # when USE=static-libs. But this is due to a failing in the openssl - # build system: the static archives are built as PIC all the time. - # Only way around this would be to manually configure+compile openssl - # twice; once with shared lib support enabled and once without. - if ! use static-libs ; then - rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die - fi -} - -multilib_src_install_all() { - # openssl installs perl version of c_rehash by default, but - # we provide a shell version via app-misc/c_rehash - rm "${ED}"/usr/bin/c_rehash || die - - dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el - - # Create the certs directory - keepdir ${SSL_CNF_DIR}/certs - - # bug #254521 - dodir /etc/sandbox.d - echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl - - diropts -m0700 - keepdir ${SSL_CNF_DIR}/private -} - -pkg_preinst() { - if use fips; then - # Regen fipsmodule.cnf, bug 900625 - ebegin "Running openssl fipsinstall" - "${ED}/usr/bin/openssl" fipsinstall -quiet \ - -out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \ - -module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so" - eend $? - fi - - preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \ - /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1) -} - -pkg_postinst() { - ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)" - openssl rehash "${EROOT}${SSL_CNF_DIR}/certs" - eend $? - - preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \ - /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1) -} diff --git a/dev-libs/openssl/openssl-3.1.5-r1.ebuild b/dev-libs/openssl/openssl-3.1.5-r1.ebuild deleted file mode 100644 index 23a3463ec688..000000000000 --- a/dev-libs/openssl/openssl-3.1.5-r1.ebuild +++ /dev/null @@ -1,285 +0,0 @@ -# Copyright 1999-2024 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssl.org.asc -inherit edo flag-o-matic linux-info toolchain-funcs -inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig - -DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)" -HOMEPAGE="https://www.openssl.org/" - -MY_P=${P/_/-} - -if [[ ${PV} == 9999 ]] ; then - EGIT_REPO_URI="https://github.com/openssl/openssl.git" - - inherit git-r3 -else - SRC_URI=" - mirror://openssl/source/${MY_P}.tar.gz - verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc ) - " - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" -fi - -S="${WORKDIR}"/${MY_P} - -LICENSE="Apache-2.0" -SLOT="0/$(ver_cut 1)" # .so version of libssl/libcrypto -IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers" -RESTRICT="!test? ( test )" - -COMMON_DEPEND=" - !<net-misc/openssh-9.2_p1-r3 - tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) -" -BDEPEND=" - >=dev-lang/perl-5 - sctp? ( >=net-misc/lksctp-tools-1.0.12 ) - test? ( - sys-apps/diffutils - app-alternatives/bc - sys-process/procps - ) - verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230801 )" - -DEPEND="${COMMON_DEPEND}" -RDEPEND="${COMMON_DEPEND}" -PDEPEND="app-misc/ca-certificates" - -MULTILIB_WRAPPED_HEADERS=( - /usr/include/openssl/configuration.h -) - -PATCHES=( - "${FILESDIR}"/${P}-p11-segfault.patch -) - -pkg_setup() { - if use ktls ; then - if kernel_is -lt 4 18 ; then - ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!" - else - CONFIG_CHECK="~TLS ~TLS_DEVICE" - ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!" - ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!" - use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER" - - linux-info_pkg_setup - fi - fi - - [[ ${MERGE_TYPE} == binary ]] && return - - # must check in pkg_setup; sysctl doesn't work with userpriv! - if use test && use sctp ; then - # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel" - # if sctp.auth_enable is not enabled. - local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null) - if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then - die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!" - fi - fi -} - -src_prepare() { - # Make sure we only ever touch Makefile.org and avoid patching a file - # that gets blown away anyways by the Configure script in src_configure - rm -f Makefile - - if ! use vanilla ; then - PATCHES+=( - # Add patches which are Gentoo-specific customisations here - ) - fi - - default - - if use test && use sctp && has network-sandbox ${FEATURES} ; then - einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..." - rm test/recipes/80-test_ssl_new.t || die - fi - - # Test fails depending on kernel configuration, bug #699134 - rm test/recipes/30-test_afalg.t || die -} - -src_configure() { - # Keep this in sync with app-misc/c_rehash - SSL_CNF_DIR="/etc/ssl" - - # Quiet out unknown driver argument warnings since openssl - # doesn't have well-split CFLAGS and we're making it even worse - # and 'make depend' uses -Werror for added fun (bug #417795 again) - tc-is-clang && append-flags -Qunused-arguments - - # We really, really need to build OpenSSL w/ strict aliasing disabled. - # It's filled with violations and it *will* result in miscompiled - # code. This has been in the ebuild for > 10 years but even in 2022, - # it's still relevant: - # - https://github.com/llvm/llvm-project/issues/55255 - # - https://github.com/openssl/openssl/issues/12247 - # - https://github.com/openssl/openssl/issues/18225 - # - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057 - # Don't remove the no strict aliasing bits below! - filter-flags -fstrict-aliasing - append-flags -fno-strict-aliasing - # The OpenSSL developers don't test with LTO right now, it leads to various - # warnings/errors (which may or may not be false positives), it's considered - # unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663. - filter-lto - - append-flags $(test-flags-CC -Wa,--noexecstack) - - # bug #895308 - append-atomic-flags - # Configure doesn't respect LIBS - export LDLIBS="${LIBS}" - - # bug #197996 - unset APPS - # bug #312551 - unset SCRIPTS - # bug #311473 - unset CROSS_COMPILE - - tc-export AR CC CXX RANLIB RC - - multilib-minimal_src_configure -} - -multilib_src_configure() { - use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } - - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") - - # See if our toolchain supports __uint128_t. If so, it's 64bit - # friendly and can use the nicely optimized code paths, bug #460790. - #local ec_nistp_64_gcc_128 - # - # Disable it for now though (bug #469976) - # Do NOT re-enable without substantial discussion first! - # - #echo "__uint128_t i;" > "${T}"/128.c - #if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then - # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" - #fi - - local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4") - einfo "Using configuration: ${sslout:-(openssl knows best)}" - - # https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features - local myeconfargs=( - ${sslout} - - $(use cpu_flags_x86_sse2 || echo "no-sse2") - enable-camellia - enable-ec - enable-ec2m - enable-sm2 - enable-srp - $(use elibc_musl && echo "no-async") - enable-idea - enable-mdc2 - enable-rc5 - $(use fips && echo "enable-fips") - $(use_ssl asm) - $(use_ssl ktls) - $(use_ssl rfc3779) - $(use_ssl sctp) - $(use test || echo "no-tests") - $(use_ssl tls-compression zlib) - $(use_ssl weak-ssl-ciphers) - - --prefix="${EPREFIX}"/usr - --openssldir="${EPREFIX}"${SSL_CNF_DIR} - --libdir=$(get_libdir) - - shared - threads - ) - - edo perl "${S}/Configure" "${myeconfargs[@]}" -} - -multilib_src_compile() { - emake build_sw - - if multilib_is_native_abi; then - emake build_docs - fi -} - -multilib_src_test() { - # VFP = show subtests verbosely and show failed tests verbosely - # Normal V=1 would show everything verbosely but this slows things down. - emake HARNESS_JOBS="$(makeopts_jobs)" -Onone VFP=1 test -} - -multilib_src_install() { - # Only -j1 is supported for the install targets: - # https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305 - emake DESTDIR="${D}" -j1 install_sw - if use fips; then - emake DESTDIR="${D}" -j1 install_fips - # Regen this in pkg_preinst, bug 900625 - rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die - fi - - if multilib_is_native_abi; then - emake DESTDIR="${D}" -j1 install_ssldirs - emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs - fi - - # This is crappy in that the static archives are still built even - # when USE=static-libs. But this is due to a failing in the openssl - # build system: the static archives are built as PIC all the time. - # Only way around this would be to manually configure+compile openssl - # twice; once with shared lib support enabled and once without. - if ! use static-libs ; then - rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die - fi -} - -multilib_src_install_all() { - # openssl installs perl version of c_rehash by default, but - # we provide a shell version via app-misc/c_rehash - rm "${ED}"/usr/bin/c_rehash || die - - dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el - - # Create the certs directory - keepdir ${SSL_CNF_DIR}/certs - - # bug #254521 - dodir /etc/sandbox.d - echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl - - diropts -m0700 - keepdir ${SSL_CNF_DIR}/private -} - -pkg_preinst() { - if use fips; then - # Regen fipsmodule.cnf, bug 900625 - ebegin "Running openssl fipsinstall" - "${ED}/usr/bin/openssl" fipsinstall -quiet \ - -out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \ - -module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so" - eend $? - fi - - preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \ - /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1) -} - -pkg_postinst() { - ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)" - openssl rehash "${EROOT}${SSL_CNF_DIR}/certs" - eend $? - - preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \ - /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1) -} diff --git a/dev-libs/openssl/openssl-3.2.1-r1.ebuild b/dev-libs/openssl/openssl-3.2.1-r1.ebuild deleted file mode 100644 index ee2e112cd6f0..000000000000 --- a/dev-libs/openssl/openssl-3.2.1-r1.ebuild +++ /dev/null @@ -1,306 +0,0 @@ -# Copyright 1999-2024 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssl.org.asc -inherit edo flag-o-matic linux-info toolchain-funcs -inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig - -DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)" -HOMEPAGE="https://www.openssl.org/" - -MY_P=${P/_/-} - -if [[ ${PV} == 9999 ]] ; then - EGIT_REPO_URI="https://github.com/openssl/openssl.git" - - inherit git-r3 -else - SRC_URI=" - mirror://openssl/source/${MY_P}.tar.gz - verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc ) - " - - if [[ ${PV} != *_alpha* && ${PV} != *_beta* ]] ; then - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" - fi -fi - -S="${WORKDIR}"/${MY_P} - -LICENSE="Apache-2.0" -SLOT="0/$(ver_cut 1)" # .so version of libssl/libcrypto -IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers" -RESTRICT="!test? ( test )" - -COMMON_DEPEND=" - !<net-misc/openssh-9.2_p1-r3 - tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) -" -BDEPEND=" - >=dev-lang/perl-5 - sctp? ( >=net-misc/lksctp-tools-1.0.12 ) - test? ( - sys-apps/diffutils - app-alternatives/bc - sys-process/procps - ) - verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230801 )" - -DEPEND="${COMMON_DEPEND}" -RDEPEND="${COMMON_DEPEND}" -PDEPEND="app-misc/ca-certificates" - -MULTILIB_WRAPPED_HEADERS=( - /usr/include/openssl/configuration.h -) - -PATCHES=( - "${FILESDIR}"/${P}-p11-segfault.patch - # bug 923956 (drop on next version bump) - "${FILESDIR}"/${P}-riscv.patch -) - -pkg_setup() { - if use ktls ; then - if kernel_is -lt 4 18 ; then - ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!" - else - CONFIG_CHECK="~TLS ~TLS_DEVICE" - ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!" - ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!" - use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER" - - linux-info_pkg_setup - fi - fi - - [[ ${MERGE_TYPE} == binary ]] && return - - # must check in pkg_setup; sysctl doesn't work with userpriv! - if use test && use sctp ; then - # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel" - # if sctp.auth_enable is not enabled. - local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null) - if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then - die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!" - fi - fi -} - -src_unpack() { - # Can delete this once test fix patch is dropped - if use verify-sig ; then - # Needed for downloaded patch (which is unsigned, which is fine) - verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc} - fi - - default -} - -src_prepare() { - # Make sure we only ever touch Makefile.org and avoid patching a file - # that gets blown away anyways by the Configure script in src_configure - rm -f Makefile - - if ! use vanilla ; then - PATCHES+=( - # Add patches which are Gentoo-specific customisations here - ) - fi - - default - - if use test && use sctp && has network-sandbox ${FEATURES} ; then - einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..." - rm test/recipes/80-test_ssl_new.t || die - fi - - # Test fails depending on kernel configuration, bug #699134 - rm test/recipes/30-test_afalg.t || die -} - -src_configure() { - # Keep this in sync with app-misc/c_rehash - SSL_CNF_DIR="/etc/ssl" - - # Quiet out unknown driver argument warnings since openssl - # doesn't have well-split CFLAGS and we're making it even worse - # and 'make depend' uses -Werror for added fun (bug #417795 again) - tc-is-clang && append-flags -Qunused-arguments - - # We really, really need to build OpenSSL w/ strict aliasing disabled. - # It's filled with violations and it *will* result in miscompiled - # code. This has been in the ebuild for > 10 years but even in 2022, - # it's still relevant: - # - https://github.com/llvm/llvm-project/issues/55255 - # - https://github.com/openssl/openssl/issues/12247 - # - https://github.com/openssl/openssl/issues/18225 - # - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057 - # Don't remove the no strict aliasing bits below! - filter-flags -fstrict-aliasing - append-flags -fno-strict-aliasing - # The OpenSSL developers don't test with LTO right now, it leads to various - # warnings/errors (which may or may not be false positives), it's considered - # unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663. - filter-lto - - append-flags $(test-flags-CC -Wa,--noexecstack) - - # bug #895308 -- check inserts GNU ld-compatible arguments - [[ ${CHOST} == *-darwin* ]] || append-atomic-flags - # Configure doesn't respect LIBS - export LDLIBS="${LIBS}" - - # bug #197996 - unset APPS - # bug #312551 - unset SCRIPTS - # bug #311473 - unset CROSS_COMPILE - - tc-export AR CC CXX RANLIB RC - - multilib-minimal_src_configure -} - -multilib_src_configure() { - use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } - - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") - - # See if our toolchain supports __uint128_t. If so, it's 64bit - # friendly and can use the nicely optimized code paths, bug #460790. - #local ec_nistp_64_gcc_128 - # - # Disable it for now though (bug #469976) - # Do NOT re-enable without substantial discussion first! - # - #echo "__uint128_t i;" > "${T}"/128.c - #if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then - # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" - #fi - - local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4") - einfo "Using configuration: ${sslout:-(openssl knows best)}" - - # https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features - local myeconfargs=( - ${sslout} - - $(use cpu_flags_x86_sse2 || echo "no-sse2") - enable-camellia - enable-ec - enable-ec2m - enable-sm2 - enable-srp - $(use elibc_musl && echo "no-async") - enable-idea - enable-mdc2 - enable-rc5 - $(use fips && echo "enable-fips") - $(use_ssl asm) - $(use_ssl ktls) - $(use_ssl rfc3779) - $(use_ssl sctp) - $(use test || echo "no-tests") - $(use_ssl tls-compression zlib) - $(use_ssl weak-ssl-ciphers) - - --prefix="${EPREFIX}"/usr - --openssldir="${EPREFIX}"${SSL_CNF_DIR} - --libdir=$(get_libdir) - - shared - threads - ) - - edo perl "${S}/Configure" "${myeconfargs[@]}" -} - -multilib_src_compile() { - emake build_sw - - if multilib_is_native_abi; then - emake build_docs - fi -} - -multilib_src_test() { - # See https://github.com/openssl/openssl/blob/master/test/README.md for options. - # - # VFP = show subtests verbosely and show failed tests verbosely - # Normal V=1 would show everything verbosely but this slows things down. - # - # -j1 here for https://github.com/openssl/openssl/issues/21999, but it - # shouldn't matter as tests were already built earlier, and HARNESS_JOBS - # controls running the tests. - emake -Onone -j1 HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test -} - -multilib_src_install() { - # Only -j1 is supported for the install targets: - # https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305 - emake DESTDIR="${D}" -j1 install_sw - if use fips; then - emake DESTDIR="${D}" -j1 install_fips - # Regen this in pkg_preinst, bug 900625 - rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die - fi - - if multilib_is_native_abi; then - emake DESTDIR="${D}" -j1 install_ssldirs - emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs - fi - - # This is crappy in that the static archives are still built even - # when USE=static-libs. But this is due to a failing in the openssl - # build system: the static archives are built as PIC all the time. - # Only way around this would be to manually configure+compile openssl - # twice; once with shared lib support enabled and once without. - if ! use static-libs ; then - rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die - fi -} - -multilib_src_install_all() { - # openssl installs perl version of c_rehash by default, but - # we provide a shell version via app-misc/c_rehash - rm "${ED}"/usr/bin/c_rehash || die - - dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el - - # Create the certs directory - keepdir ${SSL_CNF_DIR}/certs - - # bug #254521 - dodir /etc/sandbox.d - echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl - - diropts -m0700 - keepdir ${SSL_CNF_DIR}/private -} - -pkg_preinst() { - if use fips; then - # Regen fipsmodule.cnf, bug 900625 - ebegin "Running openssl fipsinstall" - "${ED}/usr/bin/openssl" fipsinstall -quiet \ - -out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \ - -module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so" - eend $? - fi - - preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \ - /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1) -} - -pkg_postinst() { - ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)" - openssl rehash "${EROOT}${SSL_CNF_DIR}/certs" - eend $? - - preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \ - /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1) -} diff --git a/dev-libs/raft/Manifest b/dev-libs/raft/Manifest index f75a07489c8e..6ca9dbda03ae 100644 --- a/dev-libs/raft/Manifest +++ b/dev-libs/raft/Manifest @@ -1,6 +1,4 @@ AUX raft-0.10.0-toggle-zfs.patch 955 BLAKE2B bb9f351a6b7d0b7d95b7cdb6cf89db8963d46c44bd2613c69c7f3bd2c910cc185c8409cd80d218cab1569fe4729f649ac922ad1eb2b5652e5eeba441642e9588 SHA512 907f50fd1dc907d2a9aa1a89601064205c26d48956ddf56389a843e8c81b00acbc461125cbea5caef315be4a4a1d3a8f9bfd0a45ff0dedbeef1e0851e899b277 -DIST raft-0.22.0.tar.gz 365710 BLAKE2B b5084867ebd7e80f59edebcf5feb83cc7ffbf798deecbf96d3b31c0de7213c8fc1e3e5f558602f5864fb04f8de0326ee2f70d2f6164a08dd444a8db95593c328 SHA512 0ebda5764c866443ee2749c0c8fe798f111ed500b9d59bc9536d01e01ee82a8ed72125fb02e6a0c3bf51e4004520d4c5fdb583220599cb22bb9a8e6dd9d1a54b DIST raft-0.22.1.tar.gz 362393 BLAKE2B b6fc8f8e9dc6801ac8ad1b9d94f984b249b83def00a08776292500b079bb777330e8a83cf40153bfb1baae921105788d758c9f61a021d5519d5c27048b6be8b9 SHA512 fb4ea98321336daaa605e1c3cd55f672860fc8894d479fdff4e1862a4eb5622dbaf7a943e030dd2bcdaa14cc639e7e11ac43d71f00bdbd27f12c6b67653b70e4 -EBUILD raft-0.22.0.ebuild 1185 BLAKE2B 5851712e61e7472ee2ba68381cedb569a7cc71732a17bfdc393705992877ccbaa4009618823344157b8b4ab70c7366af9e74805722feca4c918bd40d4d81ea24 SHA512 03d2e13ce831d6bf59afc538e70370b342d22223d844dc3707dcc2ef96841dbf8798ed1aaf1834d522f482410cf6a65d180909bca15735e31ba54086f271563a EBUILD raft-0.22.1.ebuild 1185 BLAKE2B 5851712e61e7472ee2ba68381cedb569a7cc71732a17bfdc393705992877ccbaa4009618823344157b8b4ab70c7366af9e74805722feca4c918bd40d4d81ea24 SHA512 03d2e13ce831d6bf59afc538e70370b342d22223d844dc3707dcc2ef96841dbf8798ed1aaf1834d522f482410cf6a65d180909bca15735e31ba54086f271563a MISC metadata.xml 894 BLAKE2B f5f18621f9238af58d307f4e7ab675efc2da37172c395362c0a15f4595fcd67bb67eaedbdb789396e5bd515ca1d10ef466bc80b5f5d07d8835d83700ec451930 SHA512 8a8b1021d4b9d3007c47d20471a90fbf9fc25a4fe7123717bc6a74742b3eae54bc779326776f0fd6e2126bf05d7be0d2d47e458b0bd99adc87298c51deeea8cc diff --git a/dev-libs/raft/raft-0.22.0.ebuild b/dev-libs/raft/raft-0.22.0.ebuild deleted file mode 100644 index 39daa1268bef..000000000000 --- a/dev-libs/raft/raft-0.22.0.ebuild +++ /dev/null @@ -1,60 +0,0 @@ -# Copyright 2020-2024 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -inherit autotools - -DESCRIPTION="C implementation of the Raft consensus protocol" -HOMEPAGE="https://github.com/cowsql/raft" -SRC_URI="https://github.com/cowsql/raft/archive/v${PV}.tar.gz -> ${P}.tar.gz" - -LICENSE="LGPL-3-with-linking-exception" - -# Upstream change from canonical to cowsql resetted SONAME, 3 -> 0. bgo#915960 -SLOT="0/0" -KEYWORDS="amd64 ~arm64 ~x86" -IUSE="lz4 test zfs" -RESTRICT="!test? ( test )" - -DEPEND="dev-libs/libuv:= - lz4? ( app-arch/lz4:= )" -RDEPEND="${DEPEND}" -BDEPEND="virtual/pkgconfig" - -PATCHES=( - "${FILESDIR}"/raft-0.10.0-toggle-zfs.patch -) - -src_prepare() { - default - eautoreconf -} - -src_configure() { - # --disable-hardening: most of these are covered on non-hardened Gentoo already. - local myeconfargs=( - --enable-uv - --enable-v0 - - --disable-backtrace - --disable-benchmark - --disable-debug - --disable-example - --disable-hardening - --disable-sanitize - --disable-static - - $(use_enable test fixture) - - $(use_with lz4) - $(use_with zfs) - ) - - econf "${myeconfargs[@]}" -} - -src_install() { - default - find "${ED}" -name '*.la' -delete || die -} |