net-libs/mbedtls: fix bug #705038

Package-Manager: Portage-2.3.79, Repoman-2.3.16
Signed-off-by: Anthony G. Basile <blueness@gentoo.org>

3 files changed, 58 insertions, 2 deletions

diff --git a/net-libs/mbedtls/files/mbedtls-dont-overwrite-headers.patch b/net-libs/mbedtls/files/mbedtls-dont-overwrite-headers.patch
new file mode 100644
index 000000000000..4e39308ac5a7
--- /dev/null
+++ b/net-libs/mbedtls/files/mbedtls-dont-overwrite-headers.patch
@@ -0,0 +1,48 @@
+From de35f31091b7e6cb20ebc8d8c0afc3b20bc57098 Mon Sep 17 00:00:00 2001
+From: Mihai Moldovan <ionic@ionic.de>
+Date: Thu, 16 Jan 2020 08:59:39 +0100
+Subject: [PATCH] Avoid overwriting tls headers in submodule mode
+
+When crypto is embedded as a submodule and the cmake build system is
+used, it would previously overwrite some header files installed by tls.
+Most of them are harmless (since they should be identical), but config.h
+is a special case.
+
+tls's and crypto's config.h files differ widely in scope and overwriting
+the more general, bigger config.h file from tls with crypto's smaller
+one will make a lot of features unavailable in programs using tls.
+
+Let's just avoid overwriting any tls header in submodule mode.
+
+Note that this will not fix the potential issue that crypto might be
+using a different configuration than tls in the submodule case.
+
+Fixes ARMmbed/mbedtls#2965
+---
+ include/CMakeLists.txt | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/include/CMakeLists.txt b/include/CMakeLists.txt
+index 02f924df4..92229a221 100644
+--- a/include/CMakeLists.txt
++++ b/include/CMakeLists.txt
+@@ -5,6 +5,19 @@ if(INSTALL_MBEDTLS_HEADERS)
+     file(GLOB headers "mbedtls/*.h")
+     file(GLOB psa_headers "psa/*.h")
+ 
++    if(USE_CRYPTO_SUBMODULE)
++        # Don't overwrite mbedtls's header files!
++        # config.h is supposed to be automatically checked for compatibility
++        # in automatic builds, while the other files should not just be
++        # compatible, but also identical in theory.
++        # Practically, we don't check that in crypto but just assume that the
++        # submodule configuration is sane and trust tls's headers.
++        list(REMOVE_ITEM headers    "${CMAKE_CURRENT_SOURCE_DIR}/mbedtls/compat-1.3.h"
++                                    "${CMAKE_CURRENT_SOURCE_DIR}/mbedtls/config.h"
++                                    "${CMAKE_CURRENT_SOURCE_DIR}/mbedtls/error.h"
++                                    "${CMAKE_CURRENT_SOURCE_DIR}/mbedtls/version.h")
++    endif(USE_CRYPTO_SUBMODULE)
++
+     install(FILES ${headers}
+         DESTINATION include/mbedtls
+         PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
diff --git a/net-libs/mbedtls/mbedtls-2.18.1.ebuild b/net-libs/mbedtls/mbedtls-2.18.1-r1.ebuild
index b94b7770c958..b11f2794a352 100644
--- a/net-libs/mbedtls/mbedtls-2.18.1.ebuild
+++ b/net-libs/mbedtls/mbedtls-2.18.1-r1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2019 Gentoo Authors
+# Copyright 1999-2020 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=7
@@ -36,6 +36,10 @@ enable_mbedtls_option() {
 		include/mbedtls/config.h || die
 }
 
+PATCHES=(
+	"${FILESDIR}"/${PN}-dont-overwrite-headers.patch
+)
+
 src_prepare() {
 	use cpu_flags_x86_sse2 && enable_mbedtls_option MBEDTLS_HAVE_SSE2
 	use zlib && enable_mbedtls_option MBEDTLS_ZLIB_SUPPORT
diff --git a/net-libs/mbedtls/mbedtls-2.19.1.ebuild b/net-libs/mbedtls/mbedtls-2.19.1-r1.ebuild
index e7b65760fa85..1a73d20f220e 100644
--- a/net-libs/mbedtls/mbedtls-2.19.1.ebuild
+++ b/net-libs/mbedtls/mbedtls-2.19.1-r1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2019 Gentoo Authors
+# Copyright 1999-2020 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=7
@@ -36,6 +36,10 @@ enable_mbedtls_option() {
 		include/mbedtls/config.h || die
 }
 
+PATCHES=(
+	"${FILESDIR}"/${PN}-dont-overwrite-headers.patch
+)
+
 src_prepare() {
 	use cpu_flags_x86_sse2 && enable_mbedtls_option MBEDTLS_HAVE_SSE2
 	use zlib && enable_mbedtls_option MBEDTLS_ZLIB_SUPPORT