diff options
| author |   Repository mirror & CI <repomirrorci@gentoo.org> | 2024-08-03 05:21:59 +0000 |
|---|---|---|
| committer | Repository mirror & CI <repomirrorci@gentoo.org> | 2024-08-03 05:21:59 +0000 |
| commit | e6e3822c24d2818cf1f407d3be47099f080f0399 (patch) | |
| tree | 1dd58b7430a30b4adf46f169088dc3c997b2a126 | |
| parent | 2024-08-03 04:54:04 UTC (diff) | |
| parent | dev-libs/openssl: fix exec_prefix absence in pkg-config file (diff) | |
| download | gentoo-e6e3822c24d2818cf1f407d3be47099f080f0399.tar.gz gentoo-e6e3822c24d2818cf1f407d3be47099f080f0399.tar.bz2 gentoo-e6e3822c24d2818cf1f407d3be47099f080f0399.zip | |
Merge updates from master
26 files changed, 730 insertions, 1182 deletions
diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest index 143561033212..962bb20fa95f 100644 --- a/dev-libs/openssl/Manifest +++ b/dev-libs/openssl/Manifest @@ -7,15 +7,9 @@ DIST openssl-3.0.13.tar.gz 15294843 BLAKE2B 869aa5f70a8c1d0cac6027e9261530df70ab DIST openssl-3.0.13.tar.gz.asc 833 BLAKE2B 519515b6faa505d68ff9acc30db9515fac494145086fa5ad9561c39385a6fabb39ad9de10fedd49c8fc716ec59ea1b13ec5e6b466e549ea9f29b8d0bb74ba7b3 SHA512 c52d97c93d16f3ca2a7026fb25890482b6d86c37b5ab686c56b0e08522743ec4ea3f84afa4deb64b0df0d9a16b557430c4d4139ab42ffcf97d769b61d1e6197c DIST openssl-3.0.14.tar.gz 15305497 BLAKE2B 7426aea63d5495775c4a0440658cc9c46c4aa31c31473cd5519c2b1ca158e122634e0bbc275237d3eb124fc8bed3d58808d8ac1d228f24f7281d2630ff7813e0 SHA512 1c59c01e60da902a20780d71f1fa5055d4037f38c4bc3fb27ed5b91f211b36a6018055409441ad4df58b5e9232b2528240d02067272c3c9ccb8c221449ca9ac0 DIST openssl-3.0.14.tar.gz.asc 833 BLAKE2B 8a700452f6f698fbfa206469888fd72706f1798be212e712fd8a4c1ae87f0d98d54820974c64a3db3b5ac69d7beda665f462e83182337391212c0e72e1feb72e SHA512 003d17a2b71176517f5bfba6699c18b271111e5fec3effc275b965286140d1281fa6f5f5e6bcf63feca89dfa035ab776bda8d2af4b71ae921ca9e7a936581fb4 -DIST openssl-3.1.5.tar.gz 15663524 BLAKE2B a12eb88b0a4f2d927123e0d3ca7d2f80f2bdc867c710d24700fe39b631b93d90c73c3deceff151a9fa818ac88026eb798f3253f22d03c839ab9574086fa61eee SHA512 82e2ac6b3d9b03f8fc66d2ec421246e989eb702eb94586515abfb5afb5300391a0beedf6a2602f61ac10896b41e5608feeeeb4d37714fa17ac0f2ce465249fa9 -DIST openssl-3.1.5.tar.gz.asc 833 BLAKE2B 633502ec0a87074136d7ea42d9ac5f3df53523560d2a97410b5b57d28d916336da95ab5521c10f94202e3a0995331f0e17bdcf8843135634a5d5a95cfafc7b21 SHA512 48187bb8a7bdbd8b76fdcca736d2b03e2a89330b304eefb4e9620f570c741c60f2023307d8619ba1fa101a99223f94895e7be57ced6547a4fb06bd4c3677533a DIST openssl-3.1.6.tar.gz 15672690 BLAKE2B 70112a7ece66bb6faf1a262c503c1df08924b8c1b9b08a1395856f903b1d1b4a38956b485e83415c29fafbf990ae8aced9b2fb0a2af84863b5c0a2a6581282cf SHA512 18ca07ee6a98d5fe46accfa0156e0354ad770d78bbbbe8e4bb92b316a0e4404f17a34eb700f17ed355d826a4b2166894aa46d8dd81fedbcb16aa1aad0926a390 DIST openssl-3.1.6.tar.gz.asc 833 BLAKE2B 24fbb26ccf60ede99b9ea6ef6a2a8f1ae89c7881c21eafafeae7a498332dbaf7e52c94b2c52247e34511cc4bd204e71a68aa1a6dab133376e1f15bf676ef58be SHA512 ef3ca59527ca7b00430c251df399ea2cbe47ef0deebf4158250baac8e575ea26582756228f12dd0f7009b55199b0134e77ec47ade9835f1785c74703aa84987e -DIST openssl-3.2.1.tar.gz 17733249 BLAKE2B 960222e0305166160e5ab000e29650b92063bf726551ee9ad46060166d99738d1e3a5b86fd28b14c8f4fb3a72f5aa70850defb87c02990acff3dbcbdac40b347 SHA512 bab2b2419319f1feffaba4692f03edbf13b44d1090c6e075a2d69dad67a2d51e64e6edbf83456a26c83900a726d20d2c4ee4ead9c94b322fd0b536f3b5a863c4 -DIST openssl-3.2.1.tar.gz.asc 833 BLAKE2B a1d25fe30bf1804d13a8b6b98edf56be5bf744d9e2706f4169455c24efe2e3a361487d00d0d4bac240c3f0170693d77a39dd0d4ee5c792d2247aa00c47e74ebf SHA512 de39516c7b77612f33cdc830a8d13ef6bcd91c03d24a6ed105480f140f9e1ad7049844e234c96a516d62e0e33ce90442ffd0f309ea674884c735f04d8562f372 DIST openssl-3.2.2.tar.gz 17744472 BLAKE2B f42d44f31dc9ccf26ffe1fdd4a0119506a211808f92e860a34118109eae2ee7bcb5b0f43cbdf9eb811cd185cb53e092e62d652f7c0c0ce55b13289f7489073c9 SHA512 ebc945065f62a8a2ea4e2f136a2afaea4d38a03bb07a148f7fb73c34a64475a4069de122ebee11a66e421dbd58756ad7ab2d3f905dc90acee72d62757d8c0a2d DIST openssl-3.2.2.tar.gz.asc 833 BLAKE2B 09ef1766e771e1d7aac675a09bd9588ee9d76a1fe39794826fd5d9057ae41366a7e92fe81a40bc2fe19a309be612687d8ff760da3f3c44115e3b21b0342b5f46 SHA512 7a798e9c02d25510f4ec49b8956ebf4288760e1272bf327f36b253045ab2f50ac8042071f78984d1b463f07aa2b027f26ad2fbc31deacaac5658fc35437ddc66 -DIST openssl-3.3.0.tar.gz 18038030 BLAKE2B c68efaf8aca87961f396e305acc767b56d651b9adf4fd2c9d9b5a3266e35da4b856c6ed34be47d656c782aade975f20317a6759913b33d29d7eb088e638fa501 SHA512 1f9daeee6542e1b831c65f1f87befaef98ccedc3abc958c9d17f064ef771924c30849e3ff880f94eed4aaa9d81ea105e3bc8815e6d2e4d6b60b5e890f14fc5da -DIST openssl-3.3.0.tar.gz.asc 833 BLAKE2B 207b9fd53de6f57fe24d6a6e5e9f735b7649258bb2873b6c1e29b7d2689c9a75774dbf09392be40f8a8ab240e4e6c745e2864155e8b0f2f3f5ca3b45051e869a SHA512 8750daa607e6bfd2326a4d4f04c9c04608d9fa852fc1515acf1fcf3d1ad33b8ba8435d9ef1ac3a032fecd09aa90446c53996045506bcfbddb7544bb61b26af24 DIST openssl-3.3.1.tar.gz 18055752 BLAKE2B b09bbe94f49c33015fbcee5f578a20c0da33c289791bf33292170d5d3de44ea2e22144ee11067947aef2733e979c0fded875a4ec92d81468285837053447e68e SHA512 d3682a5ae0721748c6b9ec2f1b74d2b1ba61ee6e4c0d42387b5037a56ef34312833b6abb522d19400b45d807dd65cc834156f5e891cb07fbaf69fcf67e1c595d DIST openssl-3.3.1.tar.gz.asc 833 BLAKE2B e22c068dfcd0205f1cd27f965b76dcaf59bed61181523f198e40d61a4867b20a7636c853c427497559362a92766f430807f02b693821ac38daaa898946f2dba2 SHA512 ae2db74829b71a68e1fc86229396d76f60a9a98e6bba9adc62bdcf2581b60fb0e29ecde2b53a5686c452e754801568e05d3c4f47e8faf02219ac1aae78283338 diff --git a/dev-libs/openssl/files/openssl-3.1.5-CVE-2024-2511.patch b/dev-libs/openssl/files/openssl-3.1.5-CVE-2024-2511.patch deleted file mode 100644 index c5b7dfe449f7..000000000000 --- a/dev-libs/openssl/files/openssl-3.1.5-CVE-2024-2511.patch +++ /dev/null @@ -1,137 +0,0 @@ -https://www.openssl.org/news/secadv/20240408.txt -https://bugs.gentoo.org/930047 -https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce -https://github.com/openssl/openssl/commit/c342f4b8bd2d0b375b0e22337057c2eab47d9b96 - -From 7e4d731b1c07201ad9374c1cd9ac5263bdf35bce Mon Sep 17 00:00:00 2001 -From: Matt Caswell <matt@openssl.org> -Date: Tue, 5 Mar 2024 15:43:53 +0000 -Subject: [PATCH] Fix unconstrained session cache growth in TLSv1.3 - -In TLSv1.3 we create a new session object for each ticket that we send. -We do this by duplicating the original session. If SSL_OP_NO_TICKET is in -use then the new session will be added to the session cache. However, if -early data is not in use (and therefore anti-replay protection is being -used), then multiple threads could be resuming from the same session -simultaneously. If this happens and a problem occurs on one of the threads, -then the original session object could be marked as not_resumable. When we -duplicate the session object this not_resumable status gets copied into the -new session object. The new session object is then added to the session -cache even though it is not_resumable. - -Subsequently, another bug means that the session_id_length is set to 0 for -sessions that are marked as not_resumable - even though that session is -still in the cache. Once this happens the session can never be removed from -the cache. When that object gets to be the session cache tail object the -cache never shrinks again and grows indefinitely. - -CVE-2024-2511 - -Reviewed-by: Neil Horman <nhorman@openssl.org> -Reviewed-by: Tomas Mraz <tomas@openssl.org> -(Merged from https://github.com/openssl/openssl/pull/24044) ---- a/ssl/ssl_lib.c -+++ b/ssl/ssl_lib.c -@@ -3737,9 +3737,10 @@ void ssl_update_cache(SSL *s, int mode) - - /* - * If the session_id_length is 0, we are not supposed to cache it, and it -- * would be rather hard to do anyway :-) -+ * would be rather hard to do anyway :-). Also if the session has already -+ * been marked as not_resumable we should not cache it for later reuse. - */ -- if (s->session->session_id_length == 0) -+ if (s->session->session_id_length == 0 || s->session->not_resumable) - return; - - /* ---- a/ssl/ssl_sess.c -+++ b/ssl/ssl_sess.c -@@ -154,16 +154,11 @@ SSL_SESSION *SSL_SESSION_new(void) - return ss; - } - --SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src) --{ -- return ssl_session_dup(src, 1); --} -- - /* - * Create a new SSL_SESSION and duplicate the contents of |src| into it. If - * ticket == 0 then no ticket information is duplicated, otherwise it is. - */ --SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket) -+static SSL_SESSION *ssl_session_dup_intern(const SSL_SESSION *src, int ticket) - { - SSL_SESSION *dest; - -@@ -287,6 +282,27 @@ SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket) - return NULL; - } - -+SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src) -+{ -+ return ssl_session_dup_intern(src, 1); -+} -+ -+/* -+ * Used internally when duplicating a session which might be already shared. -+ * We will have resumed the original session. Subsequently we might have marked -+ * it as non-resumable (e.g. in another thread) - but this copy should be ok to -+ * resume from. -+ */ -+SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket) -+{ -+ SSL_SESSION *sess = ssl_session_dup_intern(src, ticket); -+ -+ if (sess != NULL) -+ sess->not_resumable = 0; -+ -+ return sess; -+} -+ - const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len) - { - if (len) ---- a/ssl/statem/statem_srvr.c -+++ b/ssl/statem/statem_srvr.c -@@ -2338,9 +2338,8 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt) - * so the following won't overwrite an ID that we're supposed - * to send back. - */ -- if (s->session->not_resumable || -- (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER) -- && !s->hit)) -+ if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER) -+ && !s->hit) - s->session->session_id_length = 0; - - if (usetls13) { - -From c342f4b8bd2d0b375b0e22337057c2eab47d9b96 Mon Sep 17 00:00:00 2001 -From: Matt Caswell <matt@openssl.org> -Date: Fri, 15 Mar 2024 17:58:42 +0000 -Subject: [PATCH] Hardening around not_resumable sessions - -Make sure we can't inadvertently use a not_resumable session - -Related to CVE-2024-2511 - -Reviewed-by: Neil Horman <nhorman@openssl.org> -Reviewed-by: Tomas Mraz <tomas@openssl.org> -(Merged from https://github.com/openssl/openssl/pull/24044) ---- a/ssl/ssl_sess.c -+++ b/ssl/ssl_sess.c -@@ -533,6 +533,12 @@ SSL_SESSION *lookup_sess_in_cache(SSL *s, const unsigned char *sess_id, - ret = s->session_ctx->get_session_cb(s, sess_id, sess_id_len, ©); - - if (ret != NULL) { -+ if (ret->not_resumable) { -+ /* If its not resumable then ignore this session */ -+ if (!copy) -+ SSL_SESSION_free(ret); -+ return NULL; -+ } - ssl_tsan_counter(s->session_ctx, - &s->session_ctx->stats.sess_cb_hit); - diff --git a/dev-libs/openssl/files/openssl-3.1.5-p11-segfault.patch b/dev-libs/openssl/files/openssl-3.1.5-p11-segfault.patch deleted file mode 100644 index 50bc63ef2d14..000000000000 --- a/dev-libs/openssl/files/openssl-3.1.5-p11-segfault.patch +++ /dev/null @@ -1,78 +0,0 @@ -https://bugs.gentoo.org/916328 -https://github.com/opendnssec/SoftHSMv2/issues/729 -https://github.com/openssl/openssl/issues/22508 -https://github.com/openssl/openssl/commit/0058a55407d824d5b55ecc0a1cbf8931803dc238 - -From 0058a55407d824d5b55ecc0a1cbf8931803dc238 Mon Sep 17 00:00:00 2001 -From: Tomas Mraz <tomas@openssl.org> -Date: Fri, 15 Dec 2023 13:45:50 +0100 -Subject: [PATCH] Revert "Improved detection of engine-provided private - "classic" keys" - -This reverts commit 2b74e75331a27fc89cad9c8ea6a26c70019300b5. - -The commit was wrong. With 3.x versions the engines must be themselves -responsible for creating their EVP_PKEYs in a way that they are treated -as legacy - either by using the respective set1 calls or by setting -non-default EVP_PKEY_METHOD. - -The workaround has caused more problems than it solved. - -Fixes #22945 - -Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> -Reviewed-by: Neil Horman <nhorman@openssl.org> -(Merged from https://github.com/openssl/openssl/pull/23063) - -(cherry picked from commit 39ea78379826fa98e8dc8c0d2b07e2c17cd68380) ---- a/crypto/engine/eng_pkey.c -+++ b/crypto/engine/eng_pkey.c -@@ -79,48 +79,6 @@ EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_FAILED_LOADING_PRIVATE_KEY); - return NULL; - } -- /* We enforce check for legacy key */ -- switch (EVP_PKEY_get_id(pkey)) { -- case EVP_PKEY_RSA: -- { -- RSA *rsa = EVP_PKEY_get1_RSA(pkey); -- EVP_PKEY_set1_RSA(pkey, rsa); -- RSA_free(rsa); -- } -- break; --# ifndef OPENSSL_NO_EC -- case EVP_PKEY_SM2: -- case EVP_PKEY_EC: -- { -- EC_KEY *ec = EVP_PKEY_get1_EC_KEY(pkey); -- EVP_PKEY_set1_EC_KEY(pkey, ec); -- EC_KEY_free(ec); -- } -- break; --# endif --# ifndef OPENSSL_NO_DSA -- case EVP_PKEY_DSA: -- { -- DSA *dsa = EVP_PKEY_get1_DSA(pkey); -- EVP_PKEY_set1_DSA(pkey, dsa); -- DSA_free(dsa); -- } -- break; --#endif --# ifndef OPENSSL_NO_DH -- case EVP_PKEY_DH: -- { -- DH *dh = EVP_PKEY_get1_DH(pkey); -- EVP_PKEY_set1_DH(pkey, dh); -- DH_free(dh); -- } -- break; --#endif -- default: -- /*Do nothing */ -- break; -- } -- - return pkey; - } - diff --git a/dev-libs/openssl/files/openssl-3.2.1-CVE-2024-2511.patch b/dev-libs/openssl/files/openssl-3.2.1-CVE-2024-2511.patch deleted file mode 100644 index d5b40447d745..000000000000 --- a/dev-libs/openssl/files/openssl-3.2.1-CVE-2024-2511.patch +++ /dev/null @@ -1,137 +0,0 @@ -https://www.openssl.org/news/secadv/20240408.txt -https://bugs.gentoo.org/930047 -https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08 -https://github.com/openssl/openssl/commit/4d67109432646c113887b0aa8091fb0d1b3057e6 - -From e9d7083e241670332e0443da0f0d4ffb52829f08 Mon Sep 17 00:00:00 2001 -From: Matt Caswell <matt@openssl.org> -Date: Tue, 5 Mar 2024 15:43:53 +0000 -Subject: [PATCH] Fix unconstrained session cache growth in TLSv1.3 - -In TLSv1.3 we create a new session object for each ticket that we send. -We do this by duplicating the original session. If SSL_OP_NO_TICKET is in -use then the new session will be added to the session cache. However, if -early data is not in use (and therefore anti-replay protection is being -used), then multiple threads could be resuming from the same session -simultaneously. If this happens and a problem occurs on one of the threads, -then the original session object could be marked as not_resumable. When we -duplicate the session object this not_resumable status gets copied into the -new session object. The new session object is then added to the session -cache even though it is not_resumable. - -Subsequently, another bug means that the session_id_length is set to 0 for -sessions that are marked as not_resumable - even though that session is -still in the cache. Once this happens the session can never be removed from -the cache. When that object gets to be the session cache tail object the -cache never shrinks again and grows indefinitely. - -CVE-2024-2511 - -Reviewed-by: Neil Horman <nhorman@openssl.org> -Reviewed-by: Tomas Mraz <tomas@openssl.org> -(Merged from https://github.com/openssl/openssl/pull/24043) ---- a/ssl/ssl_lib.c -+++ b/ssl/ssl_lib.c -@@ -4457,9 +4457,10 @@ void ssl_update_cache(SSL_CONNECTION *s, int mode) - - /* - * If the session_id_length is 0, we are not supposed to cache it, and it -- * would be rather hard to do anyway :-) -+ * would be rather hard to do anyway :-). Also if the session has already -+ * been marked as not_resumable we should not cache it for later reuse. - */ -- if (s->session->session_id_length == 0) -+ if (s->session->session_id_length == 0 || s->session->not_resumable) - return; - - /* ---- a/ssl/ssl_sess.c -+++ b/ssl/ssl_sess.c -@@ -127,16 +127,11 @@ SSL_SESSION *SSL_SESSION_new(void) - return ss; - } - --SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src) --{ -- return ssl_session_dup(src, 1); --} -- - /* - * Create a new SSL_SESSION and duplicate the contents of |src| into it. If - * ticket == 0 then no ticket information is duplicated, otherwise it is. - */ --SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket) -+static SSL_SESSION *ssl_session_dup_intern(const SSL_SESSION *src, int ticket) - { - SSL_SESSION *dest; - -@@ -265,6 +260,27 @@ SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket) - return NULL; - } - -+SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src) -+{ -+ return ssl_session_dup_intern(src, 1); -+} -+ -+/* -+ * Used internally when duplicating a session which might be already shared. -+ * We will have resumed the original session. Subsequently we might have marked -+ * it as non-resumable (e.g. in another thread) - but this copy should be ok to -+ * resume from. -+ */ -+SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket) -+{ -+ SSL_SESSION *sess = ssl_session_dup_intern(src, ticket); -+ -+ if (sess != NULL) -+ sess->not_resumable = 0; -+ -+ return sess; -+} -+ - const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len) - { - if (len) ---- a/ssl/statem/statem_srvr.c -+++ b/ssl/statem/statem_srvr.c -@@ -2445,9 +2445,8 @@ CON_FUNC_RETURN tls_construct_server_hello(SSL_CONNECTION *s, WPACKET *pkt) - * so the following won't overwrite an ID that we're supposed - * to send back. - */ -- if (s->session->not_resumable || -- (!(SSL_CONNECTION_GET_CTX(s)->session_cache_mode & SSL_SESS_CACHE_SERVER) -- && !s->hit)) -+ if (!(SSL_CONNECTION_GET_CTX(s)->session_cache_mode & SSL_SESS_CACHE_SERVER) -+ && !s->hit) - s->session->session_id_length = 0; - - if (usetls13) { - -From 4d67109432646c113887b0aa8091fb0d1b3057e6 Mon Sep 17 00:00:00 2001 -From: Matt Caswell <matt@openssl.org> -Date: Fri, 15 Mar 2024 17:58:42 +0000 -Subject: [PATCH] Hardening around not_resumable sessions - -Make sure we can't inadvertently use a not_resumable session - -Related to CVE-2024-2511 - -Reviewed-by: Neil Horman <nhorman@openssl.org> -Reviewed-by: Tomas Mraz <tomas@openssl.org> -(Merged from https://github.com/openssl/openssl/pull/24043) ---- a/ssl/ssl_sess.c -+++ b/ssl/ssl_sess.c -@@ -519,6 +519,12 @@ SSL_SESSION *lookup_sess_in_cache(SSL_CONNECTION *s, - sess_id, sess_id_len, ©); - - if (ret != NULL) { -+ if (ret->not_resumable) { -+ /* If its not resumable then ignore this session */ -+ if (!copy) -+ SSL_SESSION_free(ret); -+ return NULL; -+ } - ssl_tsan_counter(s->session_ctx, - &s->session_ctx->stats.sess_cb_hit); - diff --git a/dev-libs/openssl/files/openssl-3.2.1-p11-segfault.patch b/dev-libs/openssl/files/openssl-3.2.1-p11-segfault.patch deleted file mode 100644 index 59e785caac7c..000000000000 --- a/dev-libs/openssl/files/openssl-3.2.1-p11-segfault.patch +++ /dev/null @@ -1,79 +0,0 @@ -https://bugs.gentoo.org/916328 -https://github.com/opendnssec/SoftHSMv2/issues/729 -https://github.com/openssl/openssl/issues/22508 -https://github.com/openssl/openssl/commit/934943281267259fa928f4a5814b176525461a65 - -From 934943281267259fa928f4a5814b176525461a65 Mon Sep 17 00:00:00 2001 -From: Tomas Mraz <tomas@openssl.org> -Date: Fri, 15 Dec 2023 13:45:50 +0100 -Subject: [PATCH] Revert "Improved detection of engine-provided private - "classic" keys" - -This reverts commit 2b74e75331a27fc89cad9c8ea6a26c70019300b5. - -The commit was wrong. With 3.x versions the engines must be themselves -responsible for creating their EVP_PKEYs in a way that they are treated -as legacy - either by using the respective set1 calls or by setting -non-default EVP_PKEY_METHOD. - -The workaround has caused more problems than it solved. - -Fixes #22945 - -Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> -Reviewed-by: Neil Horman <nhorman@openssl.org> -(Merged from https://github.com/openssl/openssl/pull/23063) - -(cherry picked from commit 39ea78379826fa98e8dc8c0d2b07e2c17cd68380) ---- a/crypto/engine/eng_pkey.c -+++ b/crypto/engine/eng_pkey.c -@@ -79,48 +79,6 @@ EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_FAILED_LOADING_PRIVATE_KEY); - return NULL; - } -- /* We enforce check for legacy key */ -- switch (EVP_PKEY_get_id(pkey)) { -- case EVP_PKEY_RSA: -- { -- RSA *rsa = EVP_PKEY_get1_RSA(pkey); -- EVP_PKEY_set1_RSA(pkey, rsa); -- RSA_free(rsa); -- } -- break; --# ifndef OPENSSL_NO_EC -- case EVP_PKEY_SM2: -- case EVP_PKEY_EC: -- { -- EC_KEY *ec = EVP_PKEY_get1_EC_KEY(pkey); -- EVP_PKEY_set1_EC_KEY(pkey, ec); -- EC_KEY_free(ec); -- } -- break; --# endif --# ifndef OPENSSL_NO_DSA -- case EVP_PKEY_DSA: -- { -- DSA *dsa = EVP_PKEY_get1_DSA(pkey); -- EVP_PKEY_set1_DSA(pkey, dsa); -- DSA_free(dsa); -- } -- break; --#endif --# ifndef OPENSSL_NO_DH -- case EVP_PKEY_DH: -- { -- DH *dh = EVP_PKEY_get1_DH(pkey); -- EVP_PKEY_set1_DH(pkey, dh); -- DH_free(dh); -- } -- break; --#endif -- default: -- /*Do nothing */ -- break; -- } -- - return pkey; - } - - diff --git a/dev-libs/openssl/files/openssl-3.2.1-riscv.patch b/dev-libs/openssl/files/openssl-3.2.1-riscv.patch deleted file mode 100644 index 51256cf434e2..000000000000 --- a/dev-libs/openssl/files/openssl-3.2.1-riscv.patch +++ /dev/null @@ -1,70 +0,0 @@ -# Bug: https://bugs.gentoo.org/923956 -# Upstream PR: https://github.com/openssl/openssl/pull/23752 ---- a/providers/implementations/ciphers/cipher_aes_gcm_hw.c -+++ b/providers/implementations/ciphers/cipher_aes_gcm_hw.c -@@ -142,9 +142,9 @@ static const PROV_GCM_HW aes_gcm = { - # include "cipher_aes_gcm_hw_armv8.inc" - #elif defined(PPC_AES_GCM_CAPABLE) && defined(_ARCH_PPC64) - # include "cipher_aes_gcm_hw_ppc.inc" --#elif defined(__riscv) && __riscv_xlen == 64 -+#elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 64 - # include "cipher_aes_gcm_hw_rv64i.inc" --#elif defined(__riscv) && __riscv_xlen == 32 -+#elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 32 - # include "cipher_aes_gcm_hw_rv32i.inc" - #else - const PROV_GCM_HW *ossl_prov_aes_hw_gcm(size_t keybits) ---- a/providers/implementations/ciphers/cipher_aes_hw.c -+++ b/providers/implementations/ciphers/cipher_aes_hw.c -@@ -142,9 +142,9 @@ const PROV_CIPHER_HW *ossl_prov_cipher_hw_aes_##mode(size_t keybits) \ - # include "cipher_aes_hw_t4.inc" - #elif defined(S390X_aes_128_CAPABLE) - # include "cipher_aes_hw_s390x.inc" --#elif defined(__riscv) && __riscv_xlen == 64 -+#elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 64 - # include "cipher_aes_hw_rv64i.inc" --#elif defined(__riscv) && __riscv_xlen == 32 -+#elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 32 - # include "cipher_aes_hw_rv32i.inc" - #else - /* The generic case */ ---- a/providers/implementations/ciphers/cipher_aes_ocb_hw.c -+++ b/providers/implementations/ciphers/cipher_aes_ocb_hw.c -@@ -104,7 +104,7 @@ static const PROV_CIPHER_HW aes_t4_ocb = { \ - if (SPARC_AES_CAPABLE) \ - return &aes_t4_ocb; - --#elif defined(__riscv) && __riscv_xlen == 64 -+#elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 64 - - static int cipher_hw_aes_ocb_rv64i_zknd_zkne_initkey(PROV_CIPHER_CTX *vctx, - const unsigned char *key, -@@ -126,7 +126,7 @@ static const PROV_CIPHER_HW aes_rv64i_zknd_zkne_ocb = { \ - if (RISCV_HAS_ZKND_AND_ZKNE()) \ - return &aes_rv64i_zknd_zkne_ocb; - --#elif defined(__riscv) && __riscv_xlen == 32 -+#elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 32 - - static int cipher_hw_aes_ocb_rv32i_zknd_zkne_initkey(PROV_CIPHER_CTX *vctx, - const unsigned char *key, ---- a/providers/implementations/ciphers/cipher_aes_xts_hw.c -+++ b/providers/implementations/ciphers/cipher_aes_xts_hw.c -@@ -159,7 +159,7 @@ static const PROV_CIPHER_HW aes_xts_t4 = { \ - if (SPARC_AES_CAPABLE) \ - return &aes_xts_t4; - --#elif defined(__riscv) && __riscv_xlen == 64 -+#elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 64 - - static int cipher_hw_aes_xts_rv64i_zknd_zkne_initkey(PROV_CIPHER_CTX *ctx, - const unsigned char *key, -@@ -185,7 +185,7 @@ static const PROV_CIPHER_HW aes_xts_rv64i_zknd_zkne = { \ - if (RISCV_HAS_ZKND_AND_ZKNE()) \ - return &aes_xts_rv64i_zknd_zkne; - --#elif defined(__riscv) && __riscv_xlen == 32 -+#elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 32 - - static int cipher_hw_aes_xts_rv32i_zknd_zkne_initkey(PROV_CIPHER_CTX *ctx, - const unsigned char *key, diff --git a/dev-libs/openssl/files/openssl-3.2.1-s390x.patch b/dev-libs/openssl/files/openssl-3.2.1-s390x.patch deleted file mode 100644 index 3cbf4854e12e..000000000000 --- a/dev-libs/openssl/files/openssl-3.2.1-s390x.patch +++ /dev/null @@ -1,31 +0,0 @@ -https://bugs.gentoo.org/923957 -https://github.com/openssl/openssl/pull/23458 -https://github.com/openssl/openssl/commit/5fa5d59750db9df00f4871949a66020ac44f4f9c - -From 5fa5d59750db9df00f4871949a66020ac44f4f9c Mon Sep 17 00:00:00 2001 -From: Ingo Franzki <ifranzki@linux.ibm.com> -Date: Fri, 2 Feb 2024 10:20:55 +0100 -Subject: [PATCH] s390x: Fix build on s390x with 'disable-asm' - -Do not define S390X_MOD_EXP for a NO_ASM build, this would result in -unresolved externals for s390x_mod_exp and s390x_crt. - -Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> - -Reviewed-by: Hugo Landau <hlandau@openssl.org> -Reviewed-by: Tomas Mraz <tomas@openssl.org> -(Merged from https://github.com/openssl/openssl/pull/23458) - -(cherry picked from commit a5b0c568dbefddd154f99011d7ce76cfbfadb67a) ---- a/include/crypto/bn.h -+++ b/include/crypto/bn.h -@@ -116,7 +116,8 @@ OSSL_LIB_CTX *ossl_bn_get_libctx(BN_CTX *ctx); - - extern const BIGNUM ossl_bn_inv_sqrt_2; - --#if defined(OPENSSL_SYS_LINUX) && !defined(FIPS_MODULE) && defined (__s390x__) -+#if defined(OPENSSL_SYS_LINUX) && !defined(FIPS_MODULE) && defined (__s390x__) \ -+ && !defined (OPENSSL_NO_ASM) - # define S390X_MOD_EXP - #endif - diff --git a/dev-libs/openssl/files/openssl-3.3.1-pkg-config-deux.patch b/dev-libs/openssl/files/openssl-3.3.1-pkg-config-deux.patch new file mode 100644 index 000000000000..a5ad9987eb57 --- /dev/null +++ b/dev-libs/openssl/files/openssl-3.3.1-pkg-config-deux.patch @@ -0,0 +1,303 @@ +https://github.com/openssl/openssl/pull/24687 +https://bugs.gentoo.org/936576 + +https://github.com/openssl/openssl/commit/aa099dba7c80c723cf4babf5adc0c801f1c28363 +https://github.com/openssl/openssl/commit/1c437b5704c9ee5f667bc2b11e5fdf176dfb714f + +From aa099dba7c80c723cf4babf5adc0c801f1c28363 Mon Sep 17 00:00:00 2001 +From: Richard Levitte <levitte@openssl.org> +Date: Thu, 20 Jun 2024 14:30:16 +0200 +Subject: [PATCH] Give util/mkinstallvars.pl more fine grained control over var + dependencies + +Essentially, we try to do what GNU does. 'prefix' is used to define the +defaults for 'exec_prefix' and 'libdir', and these are then used to define +further directory values. util/mkinstallvars.pl is changed to reflect that +to the best of our ability. + +Reviewed-by: Neil Horman <nhorman@openssl.org> +Reviewed-by: Tomas Mraz <tomas@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/24687) + +(cherry picked from commit 6e0fd246e7a6e51f92b2ef3520bfc4414b7773c0) +--- + exporters/build.info | 2 +- + util/mkinstallvars.pl | 133 ++++++++++++++++++++++++++---------------- + 2 files changed, 85 insertions(+), 50 deletions(-) + +diff --git a/exporters/build.info b/exporters/build.info +index 86acf2df9467c..9241dc9b0a658 100644 +--- a/exporters/build.info ++++ b/exporters/build.info +@@ -19,7 +19,7 @@ DEPEND[openssl.pc]=libcrypto.pc libssl.pc + DEPEND[""]=openssl.pc + + GENERATE[../installdata.pm]=../util/mkinstallvars.pl \ +- "PREFIX=$(INSTALLTOP)" BINDIR=bin "LIBDIR=$(LIBDIR)" \ ++ "PREFIX=$(INSTALLTOP)" BINDIR=bin "LIBDIR=$(LIBDIR)" "libdir=$(libdir)" \ + INCLUDEDIR=include APPLINKDIR=include/openssl \ + "ENGINESDIR=$(ENGINESDIR)" "MODULESDIR=$(MODULESDIR)" \ + "PKGCONFIGDIR=$(PKGCONFIGDIR)" "CMAKECONFIGDIR=$(CMAKECONFIGDIR)" \ +diff --git a/util/mkinstallvars.pl b/util/mkinstallvars.pl +index 59a432d28c601..5fadb708e1b77 100644 +--- a/util/mkinstallvars.pl ++++ b/util/mkinstallvars.pl +@@ -11,13 +11,25 @@ + # The result is a Perl module creating the package OpenSSL::safe::installdata. + + use File::Spec; ++use List::Util qw(pairs); + + # These are expected to be set up as absolute directories +-my @absolutes = qw(PREFIX); ++my @absolutes = qw(PREFIX libdir); + # These may be absolute directories, and if not, they are expected to be set up +-# as subdirectories to PREFIX +-my @subdirs = qw(BINDIR LIBDIR INCLUDEDIR APPLINKDIR ENGINESDIR MODULESDIR +- PKGCONFIGDIR CMAKECONFIGDIR); ++# as subdirectories to PREFIX or LIBDIR. The order of the pairs is important, ++# since the LIBDIR subdirectories depend on the calculation of LIBDIR from ++# PREFIX. ++my @subdirs = pairs (PREFIX => [ qw(BINDIR LIBDIR INCLUDEDIR APPLINKDIR) ], ++ LIBDIR => [ qw(ENGINESDIR MODULESDIR PKGCONFIGDIR ++ CMAKECONFIGDIR) ]); ++# For completeness, other expected variables ++my @others = qw(VERSION LDLIBS); ++ ++my %all = ( ); ++foreach (@absolutes) { $all{$_} = 1 } ++foreach (@subdirs) { foreach (@{$_->[1]}) { $all{$_} = 1 } } ++foreach (@others) { $all{$_} = 1 } ++print STDERR "DEBUG: all keys: ", join(", ", sort keys %all), "\n"; + + my %keys = (); + foreach (@ARGV) { +@@ -26,29 +38,47 @@ + $ENV{$k} = $v; + } + +-foreach my $k (sort keys %keys) { +- my $v = $ENV{$k}; +- $v = File::Spec->rel2abs($v) if $v && grep { $k eq $_ } @absolutes; +- $ENV{$k} = $v; ++# warn if there are missing values, and also if there are unexpected values ++foreach my $k (sort keys %all) { ++ warn "No value given for $k\n" unless $keys{$k}; + } + foreach my $k (sort keys %keys) { ++ warn "Unknown variable $k\n" unless $all{$k}; ++} ++ ++# This shouldn't be needed, but just in case we get relative paths that ++# should be absolute, make sure they actually are. ++foreach my $k (@absolutes) { + my $v = $ENV{$k} || '.'; ++ print STDERR "DEBUG: $k = $v => "; ++ $v = File::Spec->rel2abs($v) if $v; ++ $ENV{$k} = $v; ++ print STDERR "$k = $ENV{$k}\n"; ++} + +- # Absolute paths for the subdir variables are computed. This provides +- # the usual form of values for names that have become norm, known as GNU +- # installation paths. +- # For the benefit of those that need it, the subdirectories are preserved +- # as they are, using the same variable names, suffixed with '_REL', if they +- # are indeed subdirectories. +- if (grep { $k eq $_ } @subdirs) { ++# Absolute paths for the subdir variables are computed. This provides ++# the usual form of values for names that have become norm, known as GNU ++# installation paths. ++# For the benefit of those that need it, the subdirectories are preserved ++# as they are, using the same variable names, suffixed with '_REL_{var}', ++# if they are indeed subdirectories. The '{var}' part of the name tells ++# which other variable value they are relative to. ++foreach my $pair (@subdirs) { ++ my ($var, $subdir_vars) = @$pair; ++ foreach my $k (@$subdir_vars) { ++ my $v = $ENV{$k} || '.'; ++ print STDERR "DEBUG: $k = $v => "; + if (File::Spec->file_name_is_absolute($v)) { +- $ENV{"${k}_REL"} = File::Spec->abs2rel($v, $ENV{PREFIX}); ++ my $kr = "${k}_REL_${var}"; ++ $ENV{$kr} = File::Spec->abs2rel($v, $ENV{$var}); ++ print STDERR "$kr = $ENV{$kr}\n"; + } else { +- $ENV{"${k}_REL"} = $v; +- $v = File::Spec->rel2abs($v, $ENV{PREFIX}); ++ my $kr = "${k}_REL_${var}"; ++ $ENV{$kr} = $v; ++ $ENV{$k} = File::Spec->rel2abs($v, $ENV{$var}); ++ print STDERR "$k = $ENV{$k} , $kr = $v\n"; + } + } +- $ENV{$k} = $v; + } + + print <<_____; +@@ -58,36 +88,41 @@ package OpenSSL::safe::installdata; + use warnings; + use Exporter; + our \@ISA = qw(Exporter); +-our \@EXPORT = qw(\$PREFIX +- \$BINDIR \$BINDIR_REL +- \$LIBDIR \$LIBDIR_REL +- \$INCLUDEDIR \$INCLUDEDIR_REL +- \$APPLINKDIR \$APPLINKDIR_REL +- \$ENGINESDIR \$ENGINESDIR_REL +- \$MODULESDIR \$MODULESDIR_REL +- \$PKGCONFIGDIR \$PKGCONFIGDIR_REL +- \$CMAKECONFIGDIR \$CMAKECONFIGDIR_REL +- \$VERSION \@LDLIBS); +- +-our \$PREFIX = '$ENV{PREFIX}'; +-our \$BINDIR = '$ENV{BINDIR}'; +-our \$BINDIR_REL = '$ENV{BINDIR_REL}'; +-our \$LIBDIR = '$ENV{LIBDIR}'; +-our \$LIBDIR_REL = '$ENV{LIBDIR_REL}'; +-our \$INCLUDEDIR = '$ENV{INCLUDEDIR}'; +-our \$INCLUDEDIR_REL = '$ENV{INCLUDEDIR_REL}'; +-our \$APPLINKDIR = '$ENV{APPLINKDIR}'; +-our \$APPLINKDIR_REL = '$ENV{APPLINKDIR_REL}'; +-our \$ENGINESDIR = '$ENV{ENGINESDIR}'; +-our \$ENGINESDIR_REL = '$ENV{ENGINESDIR_REL}'; +-our \$MODULESDIR = '$ENV{MODULESDIR}'; +-our \$MODULESDIR_REL = '$ENV{MODULESDIR_REL}'; +-our \$PKGCONFIGDIR = '$ENV{PKGCONFIGDIR}'; +-our \$PKGCONFIGDIR_REL = '$ENV{PKGCONFIGDIR_REL}'; +-our \$CMAKECONFIGDIR = '$ENV{CMAKECONFIGDIR}'; +-our \$CMAKECONFIGDIR_REL = '$ENV{CMAKECONFIGDIR_REL}'; +-our \$VERSION = '$ENV{VERSION}'; +-our \@LDLIBS = ++our \@EXPORT = qw( ++_____ ++ ++foreach my $k (@absolutes) { ++ print " \$$k\n"; ++} ++foreach my $pair (@subdirs) { ++ my ($var, $subdir_vars) = @$pair; ++ foreach my $k (@$subdir_vars) { ++ my $k2 = "${k}_REL_${var}"; ++ print " \$$k \$$k2\n"; ++ } ++} ++ ++print <<_____; ++ \$VERSION \@LDLIBS ++); ++ ++_____ ++ ++foreach my $k (@absolutes) { ++ print "our \$$k" . ' ' x (27 - length($k)) . "= '$ENV{$k}';\n"; ++} ++foreach my $pair (@subdirs) { ++ my ($var, $subdir_vars) = @$pair; ++ foreach my $k (@$subdir_vars) { ++ my $k2 = "${k}_REL_${var}"; ++ print "our \$$k" . ' ' x (27 - length($k)) . "= '$ENV{$k}';\n"; ++ print "our \$$k2" . ' ' x (27 - length($k2)) . "= '$ENV{$k2}';\n"; ++ } ++} ++ ++print <<_____; ++our \$VERSION = '$ENV{VERSION}'; ++our \@LDLIBS = + # Unix and Windows use space separation, VMS uses comma separation + split(/ +| *, */, '$ENV{LDLIBS}'); + + +From 1c437b5704c9ee5f667bc2b11e5fdf176dfb714f Mon Sep 17 00:00:00 2001 +From: Richard Levitte <levitte@openssl.org> +Date: Thu, 20 Jun 2024 14:33:15 +0200 +Subject: [PATCH] Adapt all the exporter files to the new vars from + util/mkinstallvars.pl + +With this, the pkg-config files take better advantage of relative directory +values. + +Fixes #24298 + +Reviewed-by: Neil Horman <nhorman@openssl.org> +Reviewed-by: Tomas Mraz <tomas@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/24687) + +(cherry picked from commit 30dc37d798a0428fd477d3763086e7e97b3d596f) +--- + exporters/cmake/OpenSSLConfig.cmake.in | 7 ++++--- + exporters/pkg-config/libcrypto.pc.in | 12 ++++++++---- + exporters/pkg-config/libssl.pc.in | 8 ++++++-- + exporters/pkg-config/openssl.pc.in | 8 ++++++-- + 4 files changed, 24 insertions(+), 11 deletions(-) + +diff --git a/exporters/cmake/OpenSSLConfig.cmake.in b/exporters/cmake/OpenSSLConfig.cmake.in +index 2d2321931de1d..06f796158b2fa 100644 +--- a/exporters/cmake/OpenSSLConfig.cmake.in ++++ b/exporters/cmake/OpenSSLConfig.cmake.in +@@ -89,9 +89,10 @@ unset(_ossl_undefined_targets) + # Set up the import path, so all other import paths are made relative this file + get_filename_component(_ossl_prefix "${CMAKE_CURRENT_LIST_FILE}" PATH) + {- +- # For each component in $OpenSSL::safe::installdata::CMAKECONFIGDIR_REL, have CMake +- # out the parent directory. +- my $d = unixify($OpenSSL::safe::installdata::CMAKECONFIGDIR_REL); ++ # For each component in $OpenSSL::safe::installdata::CMAKECONFIGDIR relative to ++ # $OpenSSL::safe::installdata::PREFIX, have CMake figure out the parent directory. ++ my $d = join('/', unixify($OpenSSL::safe::installdata::LIBDIR_REL_PREFIX), ++ unixify($OpenSSL::safe::installdata::CMAKECONFIGDIR_REL_LIBDIR)); + $OUT = ''; + $OUT .= 'get_filename_component(_ossl_prefix "${_ossl_prefix}" PATH)' . "\n" + foreach (split '/', $d); +diff --git a/exporters/pkg-config/libcrypto.pc.in b/exporters/pkg-config/libcrypto.pc.in +index 14ed339f3c3a0..fbc8ea4c79b06 100644 +--- a/exporters/pkg-config/libcrypto.pc.in ++++ b/exporters/pkg-config/libcrypto.pc.in +@@ -1,7 +1,11 @@ +-libdir={- $OpenSSL::safe::installdata::LIBDIR -} +-includedir={- $OpenSSL::safe::installdata::INCLUDEDIR -} +-enginesdir={- $OpenSSL::safe::installdata::ENGINESDIR -} +-modulesdir={- $OpenSSL::safe::installdata::MODULESDIR -} ++prefix={- $OpenSSL::safe::installdata::PREFIX -} ++exec_prefix=${prefix} ++libdir={- $OpenSSL::safe::installdata::LIBDIR_REL_PREFIX ++ ? '${exec_prefix}/' . $OpenSSL::safe::installdata::LIBDIR_REL_PREFIX ++ : $OpenSSL::safe::installdata::libdir -} ++includedir=${prefix}/{- $OpenSSL::safe::installdata::INCLUDEDIR_REL_PREFIX -} ++enginesdir=${libdir}/{- $OpenSSL::safe::installdata::ENGINESDIR_REL_LIBDIR -} ++modulesdir=${libdir}/{- $OpenSSL::safe::installdata::MODULESDIR_REL_LIBDIR -} + + Name: OpenSSL-libcrypto + Description: OpenSSL cryptography library +diff --git a/exporters/pkg-config/libssl.pc.in b/exporters/pkg-config/libssl.pc.in +index a7828b3cc6a49..963538807bb2b 100644 +--- a/exporters/pkg-config/libssl.pc.in ++++ b/exporters/pkg-config/libssl.pc.in +@@ -1,5 +1,9 @@ +-libdir={- $OpenSSL::safe::installdata::LIBDIR -} +-includedir={- $OpenSSL::safe::installdata::INCLUDEDIR -} ++prefix={- $OpenSSL::safe::installdata::PREFIX -} ++exec_prefix=${prefix} ++libdir={- $OpenSSL::safe::installdata::LIBDIR_REL_PREFIX ++ ? '${exec_prefix}/' . $OpenSSL::safe::installdata::LIBDIR_REL_PREFIX ++ : $OpenSSL::safe::installdata::libdir -} ++includedir=${prefix}/{- $OpenSSL::safe::installdata::INCLUDEDIR_REL_PREFIX -} + + Name: OpenSSL-libssl + Description: Secure Sockets Layer and cryptography libraries +diff --git a/exporters/pkg-config/openssl.pc.in b/exporters/pkg-config/openssl.pc.in +index dbb77aa39add2..225bef9e2384d 100644 +--- a/exporters/pkg-config/openssl.pc.in ++++ b/exporters/pkg-config/openssl.pc.in +@@ -1,5 +1,9 @@ +-libdir={- $OpenSSL::safe::installdata::LIBDIR -} +-includedir={- $OpenSSL::safe::installdata::INCLUDEDIR -} ++prefix={- $OpenSSL::safe::installdata::PREFIX -} ++exec_prefix=${prefix} ++libdir={- $OpenSSL::safe::installdata::LIBDIR_REL_PREFIX ++ ? '${exec_prefix}/' . $OpenSSL::safe::installdata::LIBDIR_REL_PREFIX ++ : $OpenSSL::safe::installdata::libdir -} ++includedir=${prefix}/{- $OpenSSL::safe::installdata::INCLUDEDIR_REL_PREFIX -} + + Name: OpenSSL + Description: Secure Sockets Layer and cryptography libraries and tools diff --git a/dev-libs/openssl/openssl-3.1.5-r2.ebuild b/dev-libs/openssl/openssl-3.1.5-r2.ebuild deleted file mode 100644 index 7bb70dbf74f3..000000000000 --- a/dev-libs/openssl/openssl-3.1.5-r2.ebuild +++ /dev/null @@ -1,286 +0,0 @@ -# Copyright 1999-2024 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssl.org.asc -inherit edo flag-o-matic linux-info toolchain-funcs -inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig - -DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)" -HOMEPAGE="https://openssl-library.org/" - -MY_P=${P/_/-} - -if [[ ${PV} == 9999 ]] ; then - EGIT_REPO_URI="https://github.com/openssl/openssl.git" - - inherit git-r3 -else - SRC_URI=" - mirror://openssl/source/${MY_P}.tar.gz - verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc ) - " - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" -fi - -S="${WORKDIR}"/${MY_P} - -LICENSE="Apache-2.0" -SLOT="0/$(ver_cut 1)" # .so version of libssl/libcrypto -IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers" -RESTRICT="!test? ( test )" - -COMMON_DEPEND=" - !<net-misc/openssh-9.2_p1-r3 - tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) -" -BDEPEND=" - >=dev-lang/perl-5 - sctp? ( >=net-misc/lksctp-tools-1.0.12 ) - test? ( - sys-apps/diffutils - app-alternatives/bc - sys-process/procps - ) - verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230801 )" - -DEPEND="${COMMON_DEPEND}" -RDEPEND="${COMMON_DEPEND}" -PDEPEND="app-misc/ca-certificates" - -MULTILIB_WRAPPED_HEADERS=( - /usr/include/openssl/configuration.h -) - -PATCHES=( - "${FILESDIR}"/${P}-p11-segfault.patch - "${FILESDIR}"/${P}-CVE-2024-2511.patch -) - -pkg_setup() { - if use ktls ; then - if kernel_is -lt 4 18 ; then - ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!" - else - CONFIG_CHECK="~TLS ~TLS_DEVICE" - ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!" - ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!" - use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER" - - linux-info_pkg_setup - fi - fi - - [[ ${MERGE_TYPE} == binary ]] && return - - # must check in pkg_setup; sysctl doesn't work with userpriv! - if use test && use sctp ; then - # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel" - # if sctp.auth_enable is not enabled. - local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null) - if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then - die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!" - fi - fi -} - -src_prepare() { - # Make sure we only ever touch Makefile.org and avoid patching a file - # that gets blown away anyways by the Configure script in src_configure - rm -f Makefile - - if ! use vanilla ; then - PATCHES+=( - # Add patches which are Gentoo-specific customisations here - ) - fi - - default - - if use test && use sctp && has network-sandbox ${FEATURES} ; then - einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..." - rm test/recipes/80-test_ssl_new.t || die - fi - - # Test fails depending on kernel configuration, bug #699134 - rm test/recipes/30-test_afalg.t || die -} - -src_configure() { - # Keep this in sync with app-misc/c_rehash - SSL_CNF_DIR="/etc/ssl" - - # Quiet out unknown driver argument warnings since openssl - # doesn't have well-split CFLAGS and we're making it even worse - # and 'make depend' uses -Werror for added fun (bug #417795 again) - tc-is-clang && append-flags -Qunused-arguments - - # We really, really need to build OpenSSL w/ strict aliasing disabled. - # It's filled with violations and it *will* result in miscompiled - # code. This has been in the ebuild for > 10 years but even in 2022, - # it's still relevant: - # - https://github.com/llvm/llvm-project/issues/55255 - # - https://github.com/openssl/openssl/issues/12247 - # - https://github.com/openssl/openssl/issues/18225 - # - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057 - # Don't remove the no strict aliasing bits below! - filter-flags -fstrict-aliasing - append-flags -fno-strict-aliasing - # The OpenSSL developers don't test with LTO right now, it leads to various - # warnings/errors (which may or may not be false positives), it's considered - # unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663. - filter-lto - - append-flags $(test-flags-CC -Wa,--noexecstack) - - # bug #895308 - append-atomic-flags - # Configure doesn't respect LIBS - export LDLIBS="${LIBS}" - - # bug #197996 - unset APPS - # bug #312551 - unset SCRIPTS - # bug #311473 - unset CROSS_COMPILE - - tc-export AR CC CXX RANLIB RC - - multilib-minimal_src_configure -} - -multilib_src_configure() { - use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } - - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") - - # See if our toolchain supports __uint128_t. If so, it's 64bit - # friendly and can use the nicely optimized code paths, bug #460790. - #local ec_nistp_64_gcc_128 - # - # Disable it for now though (bug #469976) - # Do NOT re-enable without substantial discussion first! - # - #echo "__uint128_t i;" > "${T}"/128.c - #if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then - # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" - #fi - - local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4") - einfo "Using configuration: ${sslout:-(openssl knows best)}" - - # https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features - local myeconfargs=( - ${sslout} - - $(use cpu_flags_x86_sse2 || echo "no-sse2") - enable-camellia - enable-ec - enable-ec2m - enable-sm2 - enable-srp - $(use elibc_musl && echo "no-async") - enable-idea - enable-mdc2 - enable-rc5 - $(use fips && echo "enable-fips") - $(use_ssl asm) - $(use_ssl ktls) - $(use_ssl rfc3779) - $(use_ssl sctp) - $(use test || echo "no-tests") - $(use_ssl tls-compression zlib) - $(use_ssl weak-ssl-ciphers) - - --prefix="${EPREFIX}"/usr - --openssldir="${EPREFIX}"${SSL_CNF_DIR} - --libdir=$(get_libdir) - - shared - threads - ) - - edo perl "${S}/Configure" "${myeconfargs[@]}" -} - -multilib_src_compile() { - emake build_sw - - if multilib_is_native_abi; then - emake build_docs - fi -} - -multilib_src_test() { - # VFP = show subtests verbosely and show failed tests verbosely - # Normal V=1 would show everything verbosely but this slows things down. - emake HARNESS_JOBS="$(makeopts_jobs)" -Onone VFP=1 test -} - -multilib_src_install() { - # Only -j1 is supported for the install targets: - # https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305 - emake DESTDIR="${D}" -j1 install_sw - if use fips; then - emake DESTDIR="${D}" -j1 install_fips - # Regen this in pkg_preinst, bug 900625 - rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die - fi - - if multilib_is_native_abi; then - emake DESTDIR="${D}" -j1 install_ssldirs - emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs - fi - - # This is crappy in that the static archives are still built even - # when USE=static-libs. But this is due to a failing in the openssl - # build system: the static archives are built as PIC all the time. - # Only way around this would be to manually configure+compile openssl - # twice; once with shared lib support enabled and once without. - if ! use static-libs ; then - rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die - fi -} - -multilib_src_install_all() { - # openssl installs perl version of c_rehash by default, but - # we provide a shell version via app-misc/c_rehash - rm "${ED}"/usr/bin/c_rehash || die - - dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el - - # Create the certs directory - keepdir ${SSL_CNF_DIR}/certs - - # bug #254521 - dodir /etc/sandbox.d - echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl - - diropts -m0700 - keepdir ${SSL_CNF_DIR}/private -} - -pkg_preinst() { - if use fips; then - # Regen fipsmodule.cnf, bug 900625 - ebegin "Running openssl fipsinstall" - "${ED}/usr/bin/openssl" fipsinstall -quiet \ - -out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \ - -module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so" - eend $? - fi - - preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \ - /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1) -} - -pkg_postinst() { - ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)" - openssl rehash "${EROOT}${SSL_CNF_DIR}/certs" - eend $? - - preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \ - /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1) -} diff --git a/dev-libs/openssl/openssl-3.2.1-r2.ebuild b/dev-libs/openssl/openssl-3.2.1-r2.ebuild deleted file mode 100644 index a9374f5f25de..000000000000 --- a/dev-libs/openssl/openssl-3.2.1-r2.ebuild +++ /dev/null @@ -1,308 +0,0 @@ -# Copyright 1999-2024 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssl.org.asc -inherit edo flag-o-matic linux-info toolchain-funcs -inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig - -DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)" -HOMEPAGE="https://openssl-library.org/" - -MY_P=${P/_/-} - -if [[ ${PV} == 9999 ]] ; then - EGIT_REPO_URI="https://github.com/openssl/openssl.git" - - inherit git-r3 -else - SRC_URI=" - mirror://openssl/source/${MY_P}.tar.gz - verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc ) - " - - if [[ ${PV} != *_alpha* && ${PV} != *_beta* ]] ; then - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" - fi -fi - -S="${WORKDIR}"/${MY_P} - -LICENSE="Apache-2.0" -SLOT="0/$(ver_cut 1)" # .so version of libssl/libcrypto -IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers" -RESTRICT="!test? ( test )" - -COMMON_DEPEND=" - !<net-misc/openssh-9.2_p1-r3 - tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) -" -BDEPEND=" - >=dev-lang/perl-5 - sctp? ( >=net-misc/lksctp-tools-1.0.12 ) - test? ( - sys-apps/diffutils - app-alternatives/bc - sys-process/procps - ) - verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230801 )" - -DEPEND="${COMMON_DEPEND}" -RDEPEND="${COMMON_DEPEND}" -PDEPEND="app-misc/ca-certificates" - -MULTILIB_WRAPPED_HEADERS=( - /usr/include/openssl/configuration.h -) - -PATCHES=( - "${FILESDIR}"/${P}-p11-segfault.patch - # bug 923956 (drop on next version bump) - "${FILESDIR}"/${P}-riscv.patch - "${FILESDIR}"/${P}-CVE-2024-2511.patch - "${FILESDIR}"/${P}-s390x.patch -) - -pkg_setup() { - if use ktls ; then - if kernel_is -lt 4 18 ; then - ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!" - else - CONFIG_CHECK="~TLS ~TLS_DEVICE" - ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!" - ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!" - use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER" - - linux-info_pkg_setup - fi - fi - - [[ ${MERGE_TYPE} == binary ]] && return - - # must check in pkg_setup; sysctl doesn't work with userpriv! - if use test && use sctp ; then - # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel" - # if sctp.auth_enable is not enabled. - local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null) - if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then - die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!" - fi - fi -} - -src_unpack() { - # Can delete this once test fix patch is dropped - if use verify-sig ; then - # Needed for downloaded patch (which is unsigned, which is fine) - verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc} - fi - - default -} - -src_prepare() { - # Make sure we only ever touch Makefile.org and avoid patching a file - # that gets blown away anyways by the Configure script in src_configure - rm -f Makefile - - if ! use vanilla ; then - PATCHES+=( - # Add patches which are Gentoo-specific customisations here - ) - fi - - default - - if use test && use sctp && has network-sandbox ${FEATURES} ; then - einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..." - rm test/recipes/80-test_ssl_new.t || die - fi - - # Test fails depending on kernel configuration, bug #699134 - rm test/recipes/30-test_afalg.t || die -} - -src_configure() { - # Keep this in sync with app-misc/c_rehash - SSL_CNF_DIR="/etc/ssl" - - # Quiet out unknown driver argument warnings since openssl - # doesn't have well-split CFLAGS and we're making it even worse - # and 'make depend' uses -Werror for added fun (bug #417795 again) - tc-is-clang && append-flags -Qunused-arguments - - # We really, really need to build OpenSSL w/ strict aliasing disabled. - # It's filled with violations and it *will* result in miscompiled - # code. This has been in the ebuild for > 10 years but even in 2022, - # it's still relevant: - # - https://github.com/llvm/llvm-project/issues/55255 - # - https://github.com/openssl/openssl/issues/12247 - # - https://github.com/openssl/openssl/issues/18225 - # - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057 - # Don't remove the no strict aliasing bits below! - filter-flags -fstrict-aliasing - append-flags -fno-strict-aliasing - # The OpenSSL developers don't test with LTO right now, it leads to various - # warnings/errors (which may or may not be false positives), it's considered - # unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663. - filter-lto - - append-flags $(test-flags-CC -Wa,--noexecstack) - - # bug #895308 -- check inserts GNU ld-compatible arguments - [[ ${CHOST} == *-darwin* ]] || append-atomic-flags - # Configure doesn't respect LIBS - export LDLIBS="${LIBS}" - - # bug #197996 - unset APPS - # bug #312551 - unset SCRIPTS - # bug #311473 - unset CROSS_COMPILE - - tc-export AR CC CXX RANLIB RC - - multilib-minimal_src_configure -} - -multilib_src_configure() { - use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } - - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") - - # See if our toolchain supports __uint128_t. If so, it's 64bit - # friendly and can use the nicely optimized code paths, bug #460790. - #local ec_nistp_64_gcc_128 - # - # Disable it for now though (bug #469976) - # Do NOT re-enable without substantial discussion first! - # - #echo "__uint128_t i;" > "${T}"/128.c - #if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then - # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" - #fi - - local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4") - einfo "Using configuration: ${sslout:-(openssl knows best)}" - - # https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features - local myeconfargs=( - ${sslout} - - $(use cpu_flags_x86_sse2 || echo "no-sse2") - enable-camellia - enable-ec - enable-ec2m - enable-sm2 - enable-srp - $(use elibc_musl && echo "no-async") - enable-idea - enable-mdc2 - enable-rc5 - $(use fips && echo "enable-fips") - $(use_ssl asm) - $(use_ssl ktls) - $(use_ssl rfc3779) - $(use_ssl sctp) - $(use test || echo "no-tests") - $(use_ssl tls-compression zlib) - $(use_ssl weak-ssl-ciphers) - - --prefix="${EPREFIX}"/usr - --openssldir="${EPREFIX}"${SSL_CNF_DIR} - --libdir=$(get_libdir) - - shared - threads - ) - - edo perl "${S}/Configure" "${myeconfargs[@]}" -} - -multilib_src_compile() { - emake build_sw - - if multilib_is_native_abi; then - emake build_docs - fi -} - -multilib_src_test() { - # See https://github.com/openssl/openssl/blob/master/test/README.md for options. - # - # VFP = show subtests verbosely and show failed tests verbosely - # Normal V=1 would show everything verbosely but this slows things down. - # - # -j1 here for https://github.com/openssl/openssl/issues/21999, but it - # shouldn't matter as tests were already built earlier, and HARNESS_JOBS - # controls running the tests. - emake -Onone -j1 HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test -} - -multilib_src_install() { - # Only -j1 is supported for the install targets: - # https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305 - emake DESTDIR="${D}" -j1 install_sw - if use fips; then - emake DESTDIR="${D}" -j1 install_fips - # Regen this in pkg_preinst, bug 900625 - rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die - fi - - if multilib_is_native_abi; then - emake DESTDIR="${D}" -j1 install_ssldirs - emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs - fi - - # This is crappy in that the static archives are still built even - # when USE=static-libs. But this is due to a failing in the openssl - # build system: the static archives are built as PIC all the time. - # Only way around this would be to manually configure+compile openssl - # twice; once with shared lib support enabled and once without. - if ! use static-libs ; then - rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die - fi -} - -multilib_src_install_all() { - # openssl installs perl version of c_rehash by default, but - # we provide a shell version via app-misc/c_rehash - rm "${ED}"/usr/bin/c_rehash || die - - dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el - - # Create the certs directory - keepdir ${SSL_CNF_DIR}/certs - - # bug #254521 - dodir /etc/sandbox.d - echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl - - diropts -m0700 - keepdir ${SSL_CNF_DIR}/private -} - -pkg_preinst() { - if use fips; then - # Regen fipsmodule.cnf, bug 900625 - ebegin "Running openssl fipsinstall" - "${ED}/usr/bin/openssl" fipsinstall -quiet \ - -out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \ - -module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so" - eend $? - fi - - preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \ - /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1) -} - -pkg_postinst() { - ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)" - openssl rehash "${EROOT}${SSL_CNF_DIR}/certs" - eend $? - - preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \ - /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1) -} diff --git a/dev-libs/openssl/openssl-3.3.0.ebuild b/dev-libs/openssl/openssl-3.3.1-r2.ebuild index 1ec5e236d56b..a321e0cf5cc8 100644 --- a/dev-libs/openssl/openssl-3.3.0.ebuild +++ b/dev-libs/openssl/openssl-3.3.1-r2.ebuild @@ -18,20 +18,22 @@ if [[ ${PV} == 9999 ]] ; then inherit git-r3 else SRC_URI=" - mirror://openssl/source/${MY_P}.tar.gz - verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc ) + https://github.com/openssl/openssl/releases/download/${P}/${P}.tar.gz + verify-sig? ( + https://github.com/openssl/openssl/releases/download/${P}/${P}.tar.gz.asc + ) " - #if [[ ${PV} != *_alpha* && ${PV} != *_beta* ]] ; then - # KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" - #fi + if [[ ${PV} != *_alpha* && ${PV} != *_beta* ]] ; then + KEYWORDS="~amd64 ~arm ~m68k ~mips ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" + fi fi S="${WORKDIR}"/${MY_P} LICENSE="Apache-2.0" SLOT="0/$(ver_cut 1)" # .so version of libssl/libcrypto -IUSE="+asm cpu_flags_x86_sse2 fips ktls quic rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers" +IUSE="+asm cpu_flags_x86_sse2 fips ktls +quic rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers" RESTRICT="!test? ( test )" COMMON_DEPEND=" @@ -57,6 +59,12 @@ MULTILIB_WRAPPED_HEADERS=( ) PATCHES=( + # bug 936311, drop on next version bump + "${FILESDIR}"/${P}-riscv.patch + # https://bugs.gentoo.org/936793 + "${FILESDIR}"/openssl-3.3.1-pkg-config.patch + # https://bugs.gentoo.org/936576 + "${FILESDIR}"/openssl-3.3.1-pkg-config-deux.patch ) pkg_setup() { diff --git a/dev-python/autobahn/Manifest b/dev-python/autobahn/Manifest index 825092d6e43e..f9347ed7e59f 100644 --- a/dev-python/autobahn/Manifest +++ b/dev-python/autobahn/Manifest @@ -1 +1,2 @@ DIST autobahn-23.6.2.tar.gz 480814 BLAKE2B fb4a2e8510a51e2e70289d98eb54b3b06aba6e011eb8ad4ac2fb6e706d7be313f60a785a8366ff47500a6ad58f5645eedbeb4c831087ab531d8650129ec08c45 SHA512 5935203277d17aab3f80e6edf700ff173fe7e23622b9d2617f91e080f56b078f947f907289f008b5eb21b1346142274616baad4a36629f49dafe409d6fdb931a +DIST autobahn-24.4.2.tar.gz 482700 BLAKE2B e94026e0cfbb3a3ba2a494ac50e851ed1c35a842dd6b5ce2ac437a19fa0d30061d16b0965831ce57067d6682df256e5140d67e0e9b4d71cc1dbcc16287ffbed1 SHA512 2caffa9a49e3661e665a4e2641b96ff48581264654cb35ebc2e8a67620ce81bd330895bb12a098488676ab74c8275e601f45357840ca074c3c6a3d7247e563e9 diff --git a/dev-python/autobahn/autobahn-24.4.2.ebuild b/dev-python/autobahn/autobahn-24.4.2.ebuild new file mode 100644 index 000000000000..02db640a0eb7 --- /dev/null +++ b/dev-python/autobahn/autobahn-24.4.2.ebuild @@ -0,0 +1,122 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +DISTUTILS_EXT=1 +DISTUTILS_USE_PEP517=setuptools +PYTHON_COMPAT=( python3_{10..12} ) + +inherit distutils-r1 optfeature pypi + +DESCRIPTION="WebSocket and WAMP for Twisted and Asyncio" +HOMEPAGE=" + https://github.com/crossbario/autobahn-python/ + https://pypi.org/project/autobahn/ +" + +LICENSE="MIT" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~riscv ~sparc ~x86" +IUSE="test xbr" +RESTRICT="!test? ( test )" + +# The order of deps is based on their appearance in setup.py +# All extra deps should be included in test and in optfeature +RDEPEND=" + >=dev-python/zope-interface-5.2.0[${PYTHON_USEDEP}] + >=dev-python/twisted-24.3.0[${PYTHON_USEDEP}] + >=dev-python/attrs-20.3.0[${PYTHON_USEDEP}] + >=dev-python/txaio-21.2.1[${PYTHON_USEDEP}] + dev-python/cryptography[${PYTHON_USEDEP}] + >=dev-python/hyperlink-21.0.0[${PYTHON_USEDEP}] + dev-python/setuptools[${PYTHON_USEDEP}] +" +BDEPEND=" + test? ( + ${RDEPEND} + >=dev-python/wsaccel-0.6.3[${PYTHON_USEDEP}] + >=dev-python/python-snappy-0.6.0[${PYTHON_USEDEP}] + >=dev-python/msgpack-1.0.2[${PYTHON_USEDEP}] + >=dev-python/ujson-4.0.2[${PYTHON_USEDEP}] + >=dev-python/cbor2-5.2.0[${PYTHON_USEDEP}] + >=dev-python/py-ubjson-0.16.1[${PYTHON_USEDEP}] + >=dev-python/flatbuffers-22.12.06[${PYTHON_USEDEP}] + >=dev-python/pyopenssl-20.0.1[${PYTHON_USEDEP}] + >=dev-python/service-identity-18.1.0[${PYTHON_USEDEP}] + >=dev-python/pynacl-1.4.0[${PYTHON_USEDEP}] + >=dev-python/pytrie-0.4[${PYTHON_USEDEP}] + >=dev-python/cffi-1.14.5[${PYTHON_USEDEP}] + >=dev-python/argon2-cffi-20.1.0[${PYTHON_USEDEP}] + >=dev-python/passlib-1.7.4[${PYTHON_USEDEP}] + + dev-python/pytest[${PYTHON_USEDEP}] + dev-python/pytest-asyncio[${PYTHON_USEDEP}] + dev-python/pytest-aiohttp[${PYTHON_USEDEP}] + ) +" + +python_prepare_all() { + if use xbr ; then + eerror "***************" + eerror "Required xbr dependencies are incomplete in Gentoo." + eerror "So this functionality will not yet work" + eerror "Please file a bug if this feature is needed" + eerror "***************" + else + # remove xbr components + export AUTOBAHN_STRIP_XBR="True" + fi + + distutils-r1_python_prepare_all + + # avoid useless rust dependency + sed -i -e '/cryptography/s:>=3.4.6::' setup.py || die + + # remove twisted plugin cache regen in setup.py + # to fix tinderbox sandbox issue + sed -e '/import/s:reactor:__importmustfail__:' \ + -i setup.py || die + + # https://github.com/crossbario/autobahn-python/issues/1646 + sed -e 's:(forbid_global_loop=True)::' \ + -i autobahn/wamp/test/test_wamp_component_aio.py || die +} + +python_test() { + rm -rf autobahn || die + + einfo "Testing all, cryptosign using twisted" + local -x USE_TWISTED=true + "${EPYTHON}" -m twisted.trial autobahn || die "Tests failed with ${EPYTHON}" + unset USE_TWISTED + + einfo "RE-testing cryptosign and component_aio using asyncio" + local -x PYTEST_DISABLE_PLUGIN_AUTOLOAD=1 + local -x USE_ASYNCIO=true + epytest -p asyncio --pyargs \ + autobahn.asyncio.test.test_aio_{raw,web}socket \ + autobahn.wamp.test.test_wamp_{cryptosign,component_aio} + unset USE_ASYNCIO + + rm -f twisted/plugins/dropin.cache || die +} + +pkg_postinst() { + optfeature "C-based WebSocket acceleration" "dev-python/wsaccel" + optfeature "non-standard WebSocket compression support" \ + "dev-python/python-snappy" + optfeature "accelerated WAMP serialization support" \ + "dev-python/msgpack dev-python/ujson dev-python/cbor2 dev-python/flatbuffers dev-python/py-ubjson" + optfeature "TLS transport encryption" \ + "dev-python/pyopenssl dev-python/pynacl dev-python/pytrie dev-python/qrcode dev-python/service-identity" + optfeature "WAMP-SCRAM authentication" \ + "dev-python/cffi dev-python/argon2-cffi dev-python/passlib" + optfeature "native SIMD acceleration" "dev-python/cffi" + + python_foreach_impl twisted-regen-cache +} + +pkg_postrm() { + python_foreach_impl twisted-regen-cache +} diff --git a/dev-python/django-filter/Manifest b/dev-python/django-filter/Manifest index 4d76509c2647..fd4fa3856bd5 100644 --- a/dev-python/django-filter/Manifest +++ b/dev-python/django-filter/Manifest @@ -1,3 +1,2 @@ -DIST django-filter-23.5.gh.tar.gz 137866 BLAKE2B 8956441dc4425925ff8a121833fc59552709274a64d880aa5cadbae8063a67891969a712f79c9a5aa03fcd404ed288294e818e9f2e968c4d88761a847e35a3e9 SHA512 5534a4e8538b4ed0b5dbc168a7ba4eb51b0431d22874d1d4613b421ec830f45caed8faa71ecb144ba26704ff842742e8517d1599277b84480c4bf4282c19308c -DIST django-filter-24.1.gh.tar.gz 138579 BLAKE2B 86711bc2f0e2dbad59d445d2dd4456c409d18e5ca9403a2179a5f8f2721b206ebdf7de67965d7efb7bbda88b9ac41e94b51a205406f53345b57b602deba7ec98 SHA512 84751d67c03f9cb8e42b37efe16fe457eaa3dee8c2b385a95600e5e2efbd377405e7d827c740c9b7c182fe4e50cfc84244921ee3d83d62bebe4b0efae99a8a70 DIST django-filter-24.2.gh.tar.gz 139679 BLAKE2B a45793644668525aee58eeea4d9e02c34d822234ef300853f393419ade54a00a3ff2b077db7d299a3b9165b5c689bb4d0e5f7f5417b33a73dc92202fafd9eeb3 SHA512 8a2f67ed497ab3866edd1fe12dc819ecaf5c1508eb44df164621c818c8e5a4ef9a5f4c584981170fd98d432b9231fb732826880ad37f63db65875195d1b4e103 +DIST django-filter-24.3.gh.tar.gz 141027 BLAKE2B e0403f597f2edb46efd800babedc227ce55b8e9084b7c1fabbd28d9fef85d43b3bc78c453f8c0edeaadfd74d4d3cfb9435378e7b1a2c1581acbed5593c235171 SHA512 73455b44400a60e7c68655b4bf755afc66a4f8c28f1700dbd2970c7c36d5ed61d8b673d72c75219bec5414b850d7cb5ac0a55ee90291c4ac17a672a5202d2934 diff --git a/dev-python/django-filter/django-filter-23.5.ebuild b/dev-python/django-filter/django-filter-23.5.ebuild deleted file mode 100644 index fac2db6651c4..000000000000 --- a/dev-python/django-filter/django-filter-23.5.ebuild +++ /dev/null @@ -1,42 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -DISTUTILS_USE_PEP517=flit -PYTHON_COMPAT=( python3_{10..12} ) - -inherit distutils-r1 - -DESCRIPTION="Django app allowing declarative dynamic QuerySet filtering from URL parameters" -HOMEPAGE=" - https://github.com/carltongibson/django-filter/ - https://pypi.org/project/django-filter/ -" -SRC_URI=" - https://github.com/carltongibson/django-filter/archive/${PV}.tar.gz - -> ${P}.gh.tar.gz -" - -LICENSE="BSD" -SLOT="0" -KEYWORDS="~amd64 ~arm64 ~x86" -IUSE="test" -RESTRICT="!test? ( test )" - -RDEPEND=" - >=dev-python/django-3.2[${PYTHON_USEDEP}] -" -BDEPEND=" - test? ( - ${RDEPEND} - dev-python/djangorestframework[${PYTHON_USEDEP}] - dev-python/pytz[${PYTHON_USEDEP}] - !!dev-python/coreapi - ) -" - -python_test() { - local -x DJANGO_SETTINGS_MODULE=tests.settings - "${EPYTHON}" -m django test -v 2 || die -} diff --git a/dev-python/django-filter/django-filter-24.1.ebuild b/dev-python/django-filter/django-filter-24.3.ebuild index d8a17b109b61..d8a17b109b61 100644 --- a/dev-python/django-filter/django-filter-24.1.ebuild +++ b/dev-python/django-filter/django-filter-24.3.ebuild diff --git a/dev-python/keyring/Manifest b/dev-python/keyring/Manifest index e89f1ce3c0b2..12be6baa3e7c 100644 --- a/dev-python/keyring/Manifest +++ b/dev-python/keyring/Manifest @@ -1,2 +1,3 @@ DIST keyring-24.3.1.tar.gz 60454 BLAKE2B cb0a9b82163febbbd737f2f25353bf96cbb7b8a87c7db00523960b3fce5595c6af65bc02b7d070b0fa5a466fc53530975de8f7a44ab9a9f783d2db34b1a67901 SHA512 53f26763175c7f1de041d8805062696ef3ef6c79792cdc75ae72621da8e729ac4cbb6e76937db2a0a5ce4bc41ab92c164d62e4627f92edab8c0d0fc02ca4980e DIST keyring-25.2.1.tar.gz 60797 BLAKE2B 706eb0cb1cb5e7f22e603df3b2ab9c95421a389d5bec8034ac452d37e754564379d6133a195e7c7fcbb1f96a8f964e5de505a39dce1da72090daad01d144c213 SHA512 4512c79a1f0c05cd5d28919f55f19c142488d69d9bf7a27e9d7b3aace36535cf43a4522a4ea4b4738f21c82a6980932bd9d1c7ae62592242c333161e791cdb2e +DIST keyring-25.3.0.tar.gz 61495 BLAKE2B 3286c2de8a2113ccdace88c44f40adfebcd42d08cdcc314a2067ea9911e63a193b68947ccce106a521cf4e54b96887db4ba06a76dece536f72af608473ec5f1a SHA512 80f3be5990f18aced25d6f75a8ca2b2033930a6bc622d44ab8732dfdf17343bfc9a19e5818dd170ce5c8a528b87f911522ed94c0237ce8fb2f39f97b6ad2ceda diff --git a/dev-python/keyring/keyring-25.3.0.ebuild b/dev-python/keyring/keyring-25.3.0.ebuild new file mode 100644 index 000000000000..6253b57dcaf9 --- /dev/null +++ b/dev-python/keyring/keyring-25.3.0.ebuild @@ -0,0 +1,55 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +DISTUTILS_USE_PEP517=setuptools +PYTHON_COMPAT=( python3_{10..13} pypy3 ) + +inherit distutils-r1 pypi + +DESCRIPTION="Provides access to the system keyring service" +HOMEPAGE=" + https://github.com/jaraco/keyring/ + https://pypi.org/project/keyring/ +" + +LICENSE="PSF-2" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-macos" + +RDEPEND=" + >=dev-python/secretstorage-3.2[${PYTHON_USEDEP}] + dev-python/jaraco-classes[${PYTHON_USEDEP}] + dev-python/jaraco-context[${PYTHON_USEDEP}] + dev-python/jaraco-functools[${PYTHON_USEDEP}] + >=dev-python/jeepney-0.4.2[${PYTHON_USEDEP}] + $(python_gen_cond_dep ' + >=dev-python/importlib-metadata-4.11.4[${PYTHON_USEDEP}] + ' 3.10 3.11) +" +BDEPEND=" + dev-python/setuptools-scm[${PYTHON_USEDEP}] + test? ( + dev-python/pyfakefs[${PYTHON_USEDEP}] + ) +" + +distutils_enable_tests pytest + +python_test() { + local EPYTEST_DESELECT=( + # this test fails if importlib-metadata returns more than one + # entry, i.e. when keyring is installed already + tests/test_packaging.py::test_entry_point + ) + local EPYTEST_IGNORE=( + # apparently does not unlock the keyring properly + tests/backends/test_libsecret.py + # hangs + tests/backends/test_kwallet.py + ) + + local -x PYTEST_DISABLE_PLUGIN_AUTOLOAD=1 + epytest -o addopts= +} diff --git a/dev-python/mkdocs-material/Manifest b/dev-python/mkdocs-material/Manifest index 68bad461c5cd..278453c08d04 100644 --- a/dev-python/mkdocs-material/Manifest +++ b/dev-python/mkdocs-material/Manifest @@ -1,3 +1,4 @@ DIST mkdocs-material-9.5.28.gh.tar.gz 14934242 BLAKE2B 6f45fe353569623cb8c77f43cf372a5f62a48812b40aba5351c86cd941dee3e19f9af31ada73188bc3e8b5426a11041a10611761e7b5a12d7ffbcf64aa081b6d SHA512 34e3dc512c1d9a19406afb49aae38e7e4e2689cec6a9418b90271eff7ae1c4bc820e7ff51c6fa20639dda6d51ca1b70b97da0e4e3795b6cee1fb9bf756df6a68 DIST mkdocs-material-9.5.29.gh.tar.gz 14923128 BLAKE2B 646f58cab9d58d15f73e1b38bf165a819d70f3ebb39a75190fd03dc5baa04e92a0b73174c8ca9420602aabec00a4d1b51dadf2b8df57694365826d9b35387d14 SHA512 12b3c48c55f1fe32a6387cc18d9c102de8c1dc8a45ee28089236702ff0d0e7a3abb1032e4bdab206e45c24201f92a4c7aa8de10556d3034e953d2f57508398e6 DIST mkdocs-material-9.5.30.gh.tar.gz 14925913 BLAKE2B 291d9302e8c49724e31493176ad72f6ad7926f167ff1e761087b83158f6689cf081ab0155eeff29985ae5f4ca5bdf36e988515e128c86506fb742ff7e3105a14 SHA512 67afb9b558368922aaf585f797b054b7a1eb32d47653212723fa57fc6f6f52e540fadf0d90fdb9e1043e5f60e2210fe9225746caf53451163700ad0319caf522 +DIST mkdocs-material-9.5.31.gh.tar.gz 14926142 BLAKE2B ae47e54eaaea55885d5161c1e3435a2feb96f8495487ddb13c9bbb57c8ceb8d961c30d66a4ec51cf4212892724395b64d46d47c3e9547b8256d0fb17b4d1843a SHA512 ee74d6ab05d16fad3545c39efaed196242a68479a6a8286dcd96c1a61ec2d1fbd2a2678b7a3edea50bf8784d3c986060ce5abe5490f53a1d584c0954733134c2 diff --git a/dev-python/mkdocs-material/mkdocs-material-9.5.31.ebuild b/dev-python/mkdocs-material/mkdocs-material-9.5.31.ebuild new file mode 100644 index 000000000000..0aabdac3ae43 --- /dev/null +++ b/dev-python/mkdocs-material/mkdocs-material-9.5.31.ebuild @@ -0,0 +1,67 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +DISTUTILS_USE_PEP517=hatchling +PYTHON_COMPAT=( python3_{10..13} ) + +DOCS_BUILDER="mkdocs" +DOCS_DEPEND=" + dev-python/mkdocs-material-extensions + dev-python/mkdocs-minify-plugin + dev-python/mkdocs-redirects +" + +inherit distutils-r1 docs + +DESCRIPTION="A Material Design theme for MkDocs" +HOMEPAGE=" + https://github.com/squidfunk/mkdocs-material/ + https://pypi.org/project/mkdocs-material/ +" +SRC_URI=" + https://github.com/squidfunk/${PN}/archive/${PV}.tar.gz + -> ${P}.gh.tar.gz +" + +LICENSE="MIT" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~x86" +IUSE="social" + +RDEPEND=" + >=dev-python/Babel-2.10.3[${PYTHON_USEDEP}] + >=dev-python/colorama-0.4[${PYTHON_USEDEP}] + >=dev-python/jinja-3.0.2[${PYTHON_USEDEP}] + >=dev-python/lxml-4.6[${PYTHON_USEDEP}] + >=dev-python/markdown-3.2[${PYTHON_USEDEP}] + >=dev-python/mkdocs-1.5.3[${PYTHON_USEDEP}] + >=dev-python/paginate-0.5.6[${PYTHON_USEDEP}] + >=dev-python/pygments-2.16[${PYTHON_USEDEP}] + >=dev-python/pymdown-extensions-10.2[${PYTHON_USEDEP}] + >=dev-python/readtime-2.0[${PYTHON_USEDEP}] + >=dev-python/regex-2022.4.24[${PYTHON_USEDEP}] + >=dev-python/requests-2.26[${PYTHON_USEDEP}] + social? ( + >=dev-python/pillow-10.2[${PYTHON_USEDEP}] + >=media-gfx/cairosvg-2.5[${PYTHON_USEDEP}] + ) +" +BDEPEND=" + >=dev-python/trove-classifiers-2023.10.18[${PYTHON_USEDEP}] +" +# mkdocs-material-extensions depends on mkdocs-material creating a circular dep +PDEPEND=" + >=dev-python/mkdocs-material-extensions-1.2[${PYTHON_USEDEP}] +" + +PATCHES=( + # simplify pyproject to remove extra deps for metadata + "${FILESDIR}/${PN}-8.5.7-simplify-build.patch" +) + +src_prepare() { + echo "__version__ = '${PV}'" > gentoo_version.py || die + distutils-r1_src_prepare +} diff --git a/dev-python/patch-ng/Manifest b/dev-python/patch-ng/Manifest index c88444691fee..509614a0b5a4 100644 --- a/dev-python/patch-ng/Manifest +++ b/dev-python/patch-ng/Manifest @@ -1 +1,2 @@ DIST patch-ng-1.17.4.gh.tar.gz 168306 BLAKE2B 78067e3c3d296a21f8fd4155fe770245ba4457cb9e37003f5e7667c30827878a8c06d62c77bb1fdaf61b96a813612a7c39800d7040b13a9d18f0baeccbd86ba1 SHA512 919c04c3adfa36672f3db5f1761a12ccbb08ccfb890015bb0d27b1801c8c7dba99c4da01674b269703a7cbf39df5889f5c446551bb4cf7039dc383c23d8a5db3 +DIST patch-ng-1.18.0.gh.tar.gz 166380 BLAKE2B b3a53f2586763000c9a38d2acf25b4b1d236f34da8f0d0105a78d07bee46f30b5fb27ad0223cf274e83def6e66a1ec752f672d0a7e7df2f08280116ed26add30 SHA512 e4c271d5b8bfdcc756a8bb4f678de29f573190a4c1b3e9eb4b6c2564b008c38eb022c644c1bbee2412e7ee2e0ba08c161408303a3fbd223decd85bb6e63f24a9 diff --git a/dev-python/patch-ng/patch-ng-1.18.0.ebuild b/dev-python/patch-ng/patch-ng-1.18.0.ebuild new file mode 100644 index 000000000000..75b1ad3ff4fd --- /dev/null +++ b/dev-python/patch-ng/patch-ng-1.18.0.ebuild @@ -0,0 +1,24 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +DISTUTILS_USE_PEP517=setuptools +PYTHON_COMPAT=( python3_{10..13} ) + +inherit distutils-r1 + +DESCRIPTION="Library to parse and apply unified diffs, fork of dev-python/patch" +HOMEPAGE="https://github.com/conan-io/python-patch-ng https://pypi.org/project/patch-ng/" +SRC_URI="https://github.com/conan-io/python-patch-ng/archive/${PV}.tar.gz -> ${P}.gh.tar.gz" +S="${WORKDIR}/python-${P}" + +LICENSE="MIT" +SLOT="0" +KEYWORDS="~amd64 ~arm64 ~x86 ~amd64-linux ~x86-linux" + +distutils_enable_tests unittest + +python_test() { + "${EPYTHON}" -m unittest -v tests/run_tests.py || die "Tests failed under ${EPYTHON}" +} diff --git a/dev-python/scikit-build-core/Manifest b/dev-python/scikit-build-core/Manifest index ca4312e12ab9..e90638f2bbc4 100644 --- a/dev-python/scikit-build-core/Manifest +++ b/dev-python/scikit-build-core/Manifest @@ -1,2 +1,3 @@ +DIST scikit_build_core-0.9.10.tar.gz 230104 BLAKE2B e3c4605b4b33260d8deac2cedb7bbb20a08729a36214b13c6071fe9b12f9bddc882c18da0e1ee14d7f1b4845ca0dd02b1c2d5c30c43b96a420c35a8b5cbd2d5e SHA512 0e1cb649f9965f4b13093432a2e36ea9be532ba3b7447c36f898284571dcbcf266b7012a445b464ac9129ec2b91e4155016be1fbab52fc2a979e440b0ea73cac DIST scikit_build_core-0.9.8.tar.gz 229845 BLAKE2B 419d8891dd3f95bee7f8f7dcc1addb94d2698f8ff392eef19a67e851f57b58d09b9878705d0e8d728d3c6f2b316d538c76471164781fcd1fb5d02dfbfd9d7a85 SHA512 f1206715eef1bdeccddc5987cae4f455522c4ef4dbca305ad7d3772c61f5615c5742b109c5527a5ad5e25a2348abff69ea5ae7153ac18c43cca63783872aa3d5 DIST scikit_build_core-0.9.9.tar.gz 229971 BLAKE2B 2e41f59e053a44db07c84df4a03aab7c574b658d51f4b4517228ef0e12618f8de879e3ef704b7be398b5378e1f19b0a8c8dafcd20e3bd15dece9d387306427ac SHA512 c4b826353be3b34dc7f37f571088b7674f6ad8c984fd9985feb4e1b611c503dbf1a5c0e4e8ad1123c9f2e9538572da319f9104145abd598817ca3e29824cc61d diff --git a/dev-python/scikit-build-core/scikit-build-core-0.9.10.ebuild b/dev-python/scikit-build-core/scikit-build-core-0.9.10.ebuild new file mode 100644 index 000000000000..5998fa0264bf --- /dev/null +++ b/dev-python/scikit-build-core/scikit-build-core-0.9.10.ebuild @@ -0,0 +1,63 @@ +# Copyright 2023-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +DISTUTILS_USE_PEP517=hatchling +PYTHON_COMPAT=( pypy3 python3_{10..13} ) + +inherit distutils-r1 pypi + +DESCRIPTION="Build backend for CMake based projects" +HOMEPAGE=" + https://github.com/scikit-build/scikit-build-core/ + https://pypi.org/project/scikit-build-core/ +" + +LICENSE="Apache-2.0" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" + +# we always want [pyproject] extra +RDEPEND=" + app-alternatives/ninja + dev-build/cmake + >=dev-python/packaging-21.3[${PYTHON_USEDEP}] + >=dev-python/pathspec-0.10.1[${PYTHON_USEDEP}] + >=dev-python/pyproject-metadata-0.5[${PYTHON_USEDEP}] + $(python_gen_cond_dep ' + dev-python/exceptiongroup[${PYTHON_USEDEP}] + >=dev-python/tomli-1.2.2[${PYTHON_USEDEP}] + ' 3.10) +" +BDEPEND=" + dev-python/hatch-vcs[${PYTHON_USEDEP}] + test? ( + dev-python/build[${PYTHON_USEDEP}] + >=dev-python/cattrs-22.2.0[${PYTHON_USEDEP}] + dev-python/fastjsonschema[${PYTHON_USEDEP}] + dev-python/pybind11[${PYTHON_USEDEP}] + >=dev-python/pytest-subprocess-1.5[${PYTHON_USEDEP}] + dev-python/setuptools[${PYTHON_USEDEP}] + dev-python/virtualenv[${PYTHON_USEDEP}] + dev-python/wheel[${PYTHON_USEDEP}] + ) +" + +distutils_enable_tests pytest + +python_test() { + local _EPYTEST_DESELECT=( + # TODO / we don't package validate_pyproject anyway + tests/test_schema.py::test_compare_schemas + # setuptools now respects PEP 625 + tests/test_setuptools_pep517.py::test_pep517_sdist + ) + local EPYTEST_IGNORE=( + # needs unpackaged validate_pyproject + tests/test_schema.py + ) + + local -x PYTEST_DISABLE_PLUGIN_AUTOLOAD=1 + epytest -p pytest-subprocess -m "not isolated and not network" +} diff --git a/dev-python/uvicorn/Manifest b/dev-python/uvicorn/Manifest index beee4bcd7a18..4ea475931d2b 100644 --- a/dev-python/uvicorn/Manifest +++ b/dev-python/uvicorn/Manifest @@ -1,3 +1,4 @@ DIST uvicorn-0.30.1.gh.tar.gz 722580 BLAKE2B 33cb5683bf8d3f3bbc2a17a354356adee2be66259cd79413c9f1ef698485c46060a609a8f0a28cef05de71631569ac61c12aad6913a3243f45eb7e1691a481ea SHA512 ce705c1e99ca0feff3f82e067c0df9e21dea6ff3789541757edbc686718bcb0c80be392fd75f7c0962c5d7251e7e3e441e97633057dcb43e565c48a4d6b3d392 DIST uvicorn-0.30.3.gh.tar.gz 723748 BLAKE2B 8191491ebbccf8586e668bc6c14ce0a526d958ee1bf618cbf714bcb0932c36e14bfa4365a3ce88129180dcb0a2ac62b65fd977262f936b31a84267e3d41a971e SHA512 de6299c4b93bb14ea5ef466d2ebb91e24c2b9ae3e47158e924ae8c1f1e58a3fffd39e3e001e647afa47512f9481f5a3e2cce613427600200bcf27c4143c4e608 DIST uvicorn-0.30.4.gh.tar.gz 723888 BLAKE2B faa33e0bcb90f290e6119992cfa025b2b8dccc78fb19d5e008f667c571918701590910ec9dc0ae57475625c4d0958173d142661ffcdec493ba2cd217f24e61e5 SHA512 5082fafbd2f8ae00d81b00cba52e25725640ba87cbfbe96d6ec3b854be472235fe3865470a2478b95ebe449c10fa7580fb126bd3f413b59c49225e7850142262 +DIST uvicorn-0.30.5.gh.tar.gz 723960 BLAKE2B 462cdbe47f035a6b100908e5fa533a9afa7be3232ce79fda372686de54a14ca13771245a98c53b7ad729ba3119cd83b9d4acd5ab4069064f6c9fee3542f7b0be SHA512 9752b415159e152264d0d9a9a93cd82ec3b6ab08fe115698e54ecf5e2534c7c2368e05dfd21486c8711808482a85c563ecf1d5027c09587872aced4f7023a3dc diff --git a/dev-python/uvicorn/uvicorn-0.30.5.ebuild b/dev-python/uvicorn/uvicorn-0.30.5.ebuild new file mode 100644 index 000000000000..9511a7d54223 --- /dev/null +++ b/dev-python/uvicorn/uvicorn-0.30.5.ebuild @@ -0,0 +1,75 @@ +# Copyright 2021-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +DISTUTILS_USE_PEP517=hatchling +PYTHON_COMPAT=( pypy3 python3_{10..13} ) + +inherit distutils-r1 optfeature + +DESCRIPTION="Lightning-fast ASGI server implementation" +HOMEPAGE=" + https://www.uvicorn.org/ + https://github.com/encode/uvicorn/ + https://pypi.org/project/uvicorn/ +" +# as of 0.28.0, no tests in sdist +SRC_URI=" + https://github.com/encode/uvicorn/archive/${PV}.tar.gz + -> ${P}.gh.tar.gz +" + +LICENSE="BSD" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +IUSE="test-rust" + +RDEPEND=" + >=dev-python/asgiref-3.4.0[${PYTHON_USEDEP}] + >=dev-python/click-7.0[${PYTHON_USEDEP}] + >=dev-python/h11-0.8[${PYTHON_USEDEP}] + $(python_gen_cond_dep ' + >=dev-python/typing-extensions-4.0[${PYTHON_USEDEP}] + ' 3.10) +" +BDEPEND=" + test? ( + dev-python/a2wsgi[${PYTHON_USEDEP}] + dev-python/httpx[${PYTHON_USEDEP}] + dev-python/pytest-asyncio[${PYTHON_USEDEP}] + dev-python/pytest-mock[${PYTHON_USEDEP}] + dev-python/python-dotenv[${PYTHON_USEDEP}] + dev-python/pyyaml[${PYTHON_USEDEP}] + >=dev-python/websockets-10.4[${PYTHON_USEDEP}] + dev-python/wsproto[${PYTHON_USEDEP}] + test-rust? ( + dev-python/cryptography[${PYTHON_USEDEP}] + dev-python/trustme[${PYTHON_USEDEP}] + dev-python/watchfiles[${PYTHON_USEDEP}] + ) + ) +" + +distutils_enable_tests pytest + +python_test() { + local EPYTEST_DESELECT=( + # too long path for unix socket + tests/test_config.py::test_bind_unix_socket_works_with_reload_or_workers + ) + case ${EPYTHON} in + pypy3) + # TODO + EPYTEST_DESELECT+=( + tests/middleware/test_logging.py::test_running_log_using_fd + ) + ;; + esac + + epytest +} + +pkg_postinst() { + optfeature "auto reload on file changes" dev-python/watchfiles +} |