[gentoo-commits] repo/gentoo:master commit in: net-libs/mbedtls/, net-libs/mbedtls/files/

[gentoo-commits] repo/gentoo:master commit in: net-libs/mbedtls/, net-libs/mbedtls/files/

[David Seifert]

commit:     a8e82823012ab43dd4e9da0b0aa88282e7c959dc
Author:     David Seifert <soap <AT> gentoo <DOT> org>
AuthorDate: Sat Aug 13 12:28:04 2016 +0000
Commit:     David Seifert <soap <AT> gentoo <DOT> org>
CommitDate: Sat Aug 13 23:13:31 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a8e82823

net-libs/mbedtls: Integrate upstream patches for bug 588818

Gentoo-bug: 588818
* EAPI=6

Package-Manager: portage-2.3.0
Closes: https://github.com/gentoo/gentoo/pull/2080

Signed-off-by: David Seifert <soap <AT> gentoo.org>

 .../files/mbedtls-2.3.0-include-guards.patch       |  34 +++
 .../files/mbedtls-2.3.0-move-to-header.patch       | 333 +++++++++++++++++++++
 net-libs/mbedtls/files/mbedtls-2.3.0-tests.patch   |  23 ++
 net-libs/mbedtls/mbedtls-2.3.0-r1.ebuild           | 101 +++++++
 4 files changed, 491 insertions(+)

diff --git a/net-libs/mbedtls/files/mbedtls-2.3.0-include-guards.patch b/net-libs/mbedtls/files/mbedtls-2.3.0-include-guards.patch
new file mode 100644
index 0000000..af12d4b
--- /dev/null
+++ b/net-libs/mbedtls/files/mbedtls-2.3.0-include-guards.patch
@@ -0,0 +1,34 @@
+From 23e9778684ba734dbfba1445e145b04dd6b59e76 Mon Sep 17 00:00:00 2001
+From: Simon Butcher <simon.butcher@arm.com>
+Date: Wed, 13 Jul 2016 13:31:08 +0100
+Subject: [PATCH] Adds missing conditions for platform time
+
+In platform.c, made the time functions dependent on the configuration
+MBEDTLS_HAVE_TIME to fix a build break where the functions could be
+built but the mbedtls_time_t was not defined.
+---
+ library/platform.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/library/platform.c b/library/platform.c
+index 68ca45d..2591c45 100644
+--- a/library/platform.c
++++ b/library/platform.c
+@@ -190,6 +190,8 @@ int mbedtls_platform_set_exit( void (*exit_func)( int status ) )
+ }
+ #endif /* MBEDTLS_PLATFORM_EXIT_ALT */
+ 
++#if defined(MBEDTLS_HAVE_TIME)
++
+ #if defined(MBEDTLS_PLATFORM_TIME_ALT)
+ #if !defined(MBEDTLS_PLATFORM_STD_TIME)
+ /*
+@@ -213,6 +215,8 @@ int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t* time
+ }
+ #endif /* MBEDTLS_PLATFORM_TIME_ALT */
+ 
++#endif /* MBEDTLS_HAVE_TIME */
++
+ #if defined(MBEDTLS_ENTROPY_NV_SEED)
+ #if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) && defined(MBEDTLS_FS_IO)
+ /* Default implementations for the platform independent seed functions use

diff --git a/net-libs/mbedtls/files/mbedtls-2.3.0-move-to-header.patch b/net-libs/mbedtls/files/mbedtls-2.3.0-move-to-header.patch
new file mode 100644
index 0000000..2c858bb
--- /dev/null
+++ b/net-libs/mbedtls/files/mbedtls-2.3.0-move-to-header.patch
@@ -0,0 +1,333 @@
+From b5b6af2663fdb7f57c30494607bade90810f6844 Mon Sep 17 00:00:00 2001
+From: Simon Butcher <simon.butcher@arm.com>
+Date: Wed, 13 Jul 2016 14:46:18 +0100
+Subject: [PATCH] Puts platform time abstraction into its own header
+
+Separates platform time abstraction into it's own header from the
+general platform abstraction as both depend on different build options.
+(MBEDTLS_PLATFORM_C vs MBEDTLS_HAVE_TIME)
+---
+ include/mbedtls/platform.h      | 37 ++-----------------
+ include/mbedtls/platform_time.h | 81 +++++++++++++++++++++++++++++++++++++++++
+ include/mbedtls/ssl.h           |  2 +-
+ library/net.c                   |  1 -
+ library/ssl_cache.c             |  2 -
+ library/ssl_ciphersuites.c      |  1 -
+ library/ssl_cli.c               |  4 +-
+ library/ssl_cookie.c            |  2 -
+ library/ssl_srv.c               |  4 +-
+ library/ssl_ticket.c            |  2 -
+ library/ssl_tls.c               |  1 -
+ library/x509.c                  |  7 +++-
+ programs/ssl/dtls_client.c      |  1 -
+ 13 files changed, 93 insertions(+), 52 deletions(-)
+ create mode 100644 include/mbedtls/platform_time.h
+
+diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h
+index caf8f25..b1b019e 100644
+--- a/include/mbedtls/platform.h
++++ b/include/mbedtls/platform.h
+@@ -29,6 +29,10 @@
+ #include MBEDTLS_CONFIG_FILE
+ #endif
+ 
++#if defined(MBEDTLS_HAVE_TIME)
++#include "mbedtls/platform_time.h"
++#endif
++
+ #ifdef __cplusplus
+ extern "C" {
+ #endif
+@@ -244,39 +248,6 @@ int mbedtls_platform_set_exit( void (*exit_func)( int status ) );
+ #endif
+ 
+ /*
+- * The time_t datatype
+- */
+-#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO)
+-typedef MBEDTLS_PLATFORM_TIME_TYPE_MACRO mbedtls_time_t;
+-#else
+-/* For time_t */
+-#include <time.h>
+-typedef time_t mbedtls_time_t;
+-#endif /* MBEDTLS_PLATFORM_TIME_TYPE_MACRO */
+-
+-/*
+- * The function pointers for time
+- */
+-#if defined(MBEDTLS_PLATFORM_TIME_ALT)
+-extern mbedtls_time_t (*mbedtls_time)( mbedtls_time_t* time );
+-
+-/**
+- * \brief   Set your own time function pointer
+- *
+- * \param   time_func   the time function implementation
+- *
+- * \return              0
+- */
+-int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t* time ) );
+-#else
+-#if defined(MBEDTLS_PLATFORM_TIME_MACRO)
+-#define mbedtls_time    MBEDTLS_PLATFORM_TIME_MACRO
+-#else
+-#define mbedtls_time   time
+-#endif /* MBEDTLS_PLATFORM_TIME_MACRO */
+-#endif /* MBEDTLS_PLATFORM_TIME_ALT */
+-
+-/*
+  * The function pointers for reading from and writing a seed file to
+  * Non-Volatile storage (NV) in a platform-independent way
+  *
+diff --git a/include/mbedtls/platform_time.h b/include/mbedtls/platform_time.h
+new file mode 100644
+index 0000000..abb3431
+--- /dev/null
++++ b/include/mbedtls/platform_time.h
+@@ -0,0 +1,81 @@
++/**
++ * \file platform_time.h
++ *
++ * \brief mbed TLS Platform time abstraction
++ *
++ *  Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
++ *  SPDX-License-Identifier: Apache-2.0
++ *
++ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
++ *  not use this file except in compliance with the License.
++ *  You may obtain a copy of the License at
++ *
++ *  http://www.apache.org/licenses/LICENSE-2.0
++ *
++ *  Unless required by applicable law or agreed to in writing, software
++ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
++ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++ *  See the License for the specific language governing permissions and
++ *  limitations under the License.
++ *
++ *  This file is part of mbed TLS (https://tls.mbed.org)
++ */
++#ifndef MBEDTLS_PLATFORM_TIME_H
++#define MBEDTLS_PLATFORM_TIME_H
++
++#if !defined(MBEDTLS_CONFIG_FILE)
++#include "config.h"
++#else
++#include MBEDTLS_CONFIG_FILE
++#endif
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++/**
++ * \name SECTION: Module settings
++ *
++ * The configuration options you can set for this module are in this section.
++ * Either change them in config.h or define them on the compiler command line.
++ * \{
++ */
++
++/*
++ * The time_t datatype
++ */
++#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO)
++typedef MBEDTLS_PLATFORM_TIME_TYPE_MACRO mbedtls_time_t;
++#else
++/* For time_t */
++#include <time.h>
++typedef time_t mbedtls_time_t;
++#endif /* MBEDTLS_PLATFORM_TIME_TYPE_MACRO */
++
++/*
++ * The function pointers for time
++ */
++#if defined(MBEDTLS_PLATFORM_TIME_ALT)
++extern mbedtls_time_t (*mbedtls_time)( mbedtls_time_t* time );
++
++/**
++ * \brief   Set your own time function pointer
++ *
++ * \param   time_func   the time function implementation
++ *
++ * \return              0
++ */
++int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t* time ) );
++#else
++#if defined(MBEDTLS_PLATFORM_TIME_MACRO)
++#define mbedtls_time    MBEDTLS_PLATFORM_TIME_MACRO
++#else
++#define mbedtls_time   time
++#endif /* MBEDTLS_PLATFORM_TIME_MACRO */
++#endif /* MBEDTLS_PLATFORM_TIME_ALT */
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* platform_time.h */
+diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
+index bc62336..c0bfd3e 100644
+--- a/include/mbedtls/ssl.h
++++ b/include/mbedtls/ssl.h
+@@ -52,7 +52,7 @@
+ #endif
+ 
+ #if defined(MBEDTLS_HAVE_TIME)
+-#include <time.h>
++#include "mbedtls/platform_time.h"
+ #endif
+ 
+ /*
+diff --git a/library/net.c b/library/net.c
+index 4142bc0..8b96321 100644
+--- a/library/net.c
++++ b/library/net.c
+@@ -36,7 +36,6 @@
+ #include "mbedtls/platform.h"
+ #else
+ #include <stdlib.h>
+-#define mbedtls_time_t    time_t
+ #endif
+ 
+ #include "mbedtls/net.h"
+diff --git a/library/ssl_cache.c b/library/ssl_cache.c
+index 01c66ae..9b62de2 100644
+--- a/library/ssl_cache.c
++++ b/library/ssl_cache.c
+@@ -37,8 +37,6 @@
+ #include <stdlib.h>
+ #define mbedtls_calloc    calloc
+ #define mbedtls_free      free
+-#define mbedtls_time      time
+-#define mbedtls_time_t    time_t
+ #endif
+ 
+ #include "mbedtls/ssl_cache.h"
+diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
+index 3546331..a762bf7 100644
+--- a/library/ssl_ciphersuites.c
++++ b/library/ssl_ciphersuites.c
+@@ -33,7 +33,6 @@
+ #include "mbedtls/platform.h"
+ #else
+ #include <stdlib.h>
+-#define mbedtls_time_t    time_t
+ #endif
+ 
+ #include "mbedtls/ssl_ciphersuites.h"
+diff --git a/library/ssl_cli.c b/library/ssl_cli.c
+index cd39db0..358dc46 100644
+--- a/library/ssl_cli.c
++++ b/library/ssl_cli.c
+@@ -33,8 +33,6 @@
+ #include <stdlib.h>
+ #define mbedtls_calloc    calloc
+ #define mbedtls_free      free
+-#define mbedtls_time      time
+-#define mbedtls_time_t    time_t
+ #endif
+ 
+ #include "mbedtls/debug.h"
+@@ -46,7 +44,7 @@
+ #include <stdint.h>
+ 
+ #if defined(MBEDTLS_HAVE_TIME)
+-#include <time.h>
++#include "mbedtls/platform_time.h"
+ #endif
+ 
+ #if defined(MBEDTLS_SSL_SESSION_TICKETS)
+diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c
+index f241c86..9fb32de 100644
+--- a/library/ssl_cookie.c
++++ b/library/ssl_cookie.c
+@@ -36,8 +36,6 @@
+ #else
+ #define mbedtls_calloc    calloc
+ #define mbedtls_free      free
+-#define mbedtls_time      time
+-#define mbedtls_time_t    time_t
+ #endif
+ 
+ #include "mbedtls/ssl_cookie.h"
+diff --git a/library/ssl_srv.c b/library/ssl_srv.c
+index 7271045..ec59cc1 100644
+--- a/library/ssl_srv.c
++++ b/library/ssl_srv.c
+@@ -33,8 +33,6 @@
+ #include <stdlib.h>
+ #define mbedtls_calloc    calloc
+ #define mbedtls_free      free
+-#define mbedtls_time      time
+-#define mbedtls_time_t    time_t
+ #endif
+ 
+ #include "mbedtls/debug.h"
+@@ -48,7 +46,7 @@
+ #endif
+ 
+ #if defined(MBEDTLS_HAVE_TIME)
+-#include <time.h>
++#include "mbedtls/platform_time.h"
+ #endif
+ 
+ #if defined(MBEDTLS_SSL_SESSION_TICKETS)
+diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c
+index 5d77403..4d9116d 100644
+--- a/library/ssl_ticket.c
++++ b/library/ssl_ticket.c
+@@ -33,8 +33,6 @@
+ #include <stdlib.h>
+ #define mbedtls_calloc    calloc
+ #define mbedtls_free      free
+-#define mbedtls_time      time
+-#define mbedtls_time_t    time_t
+ #endif
+ 
+ #include "mbedtls/ssl_ticket.h"
+diff --git a/library/ssl_tls.c b/library/ssl_tls.c
+index 80a908d..505bb6c 100644
+--- a/library/ssl_tls.c
++++ b/library/ssl_tls.c
+@@ -41,7 +41,6 @@
+ #include <stdlib.h>
+ #define mbedtls_calloc    calloc
+ #define mbedtls_free      free
+-#define mbedtls_time_t    time_t
+ #endif
+ 
+ #include "mbedtls/debug.h"
+diff --git a/library/x509.c b/library/x509.c
+index a0df817..bc3bfe0 100644
+--- a/library/x509.c
++++ b/library/x509.c
+@@ -55,12 +55,15 @@
+ #include <stdlib.h>
+ #define mbedtls_free      free
+ #define mbedtls_calloc    calloc
+-#define mbedtls_time      time
+-#define mbedtls_time_t    time_t
+ #define mbedtls_printf    printf
+ #define mbedtls_snprintf  snprintf
+ #endif
+ 
++
++#if defined(MBEDTLS_HAVE_TIME)
++#include "mbedtls/platform_time.h"
++#endif
++
+ #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
+ #include <windows.h>
+ #else
+diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c
+index 14fb612..b37eb83 100644
+--- a/programs/ssl/dtls_client.c
++++ b/programs/ssl/dtls_client.c
+@@ -31,7 +31,6 @@
+ #include <stdio.h>
+ #define mbedtls_printf     printf
+ #define mbedtls_fprintf    fprintf
+-#define mbedtls_time_t     time_t
+ #endif
+ 
+ #if !defined(MBEDTLS_SSL_CLI_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) ||    \

diff --git a/net-libs/mbedtls/files/mbedtls-2.3.0-tests.patch b/net-libs/mbedtls/files/mbedtls-2.3.0-tests.patch
new file mode 100644
index 0000000..69375b5
--- /dev/null
+++ b/net-libs/mbedtls/files/mbedtls-2.3.0-tests.patch
@@ -0,0 +1,23 @@
+From b92834324f29768a5bf39c58c674c5f3c09b6763 Mon Sep 17 00:00:00 2001
+From: Simon Butcher <simon.butcher@arm.com>
+Date: Wed, 13 Jul 2016 11:02:41 +0100
+Subject: [PATCH] Fixes all.sh for full config
+
+MBEDTLS_PLATFORM_TIME_ALT was accidentally left in the full config test
+leading to linker problems.
+---
+ tests/scripts/all.sh | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
+index 5262397..a2b0995 100755
+--- a/tests/scripts/all.sh
++++ b/tests/scripts/all.sh
+@@ -231,6 +231,7 @@ scripts/config.pl unset MBEDTLS_PLATFORM_MEMORY
+ scripts/config.pl unset MBEDTLS_PLATFORM_PRINTF_ALT
+ scripts/config.pl unset MBEDTLS_PLATFORM_FPRINTF_ALT
+ scripts/config.pl unset MBEDTLS_PLATFORM_SNPRINTF_ALT
++scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT
+ scripts/config.pl unset MBEDTLS_PLATFORM_EXIT_ALT
+ scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
+ scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C

diff --git a/net-libs/mbedtls/mbedtls-2.3.0-r1.ebuild b/net-libs/mbedtls/mbedtls-2.3.0-r1.ebuild
new file mode 100644
index 0000000..ef06753
--- /dev/null
+++ b/net-libs/mbedtls/mbedtls-2.3.0-r1.ebuild
@@ -0,0 +1,101 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+inherit cmake-utils multilib-minimal
+
+DESCRIPTION="Cryptographic library for embedded systems"
+HOMEPAGE="https://tls.mbed.org/"
+SRC_URI="https://github.com/ARMmbed/mbedtls/archive/mbedtls-${PV}.tar.gz"
+
+LICENSE="Apache-2.0"
+SLOT="0/10" # slot for libmbedtls.so
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd"
+IUSE="cpu_flags_x86_sse2 doc havege libressl programs test threads zlib"
+
+RDEPEND="
+	programs? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:0= )
+	)
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}
+	doc? ( app-doc/doxygen media-gfx/graphviz )
+	test? ( dev-lang/perl )"
+
+S=${WORKDIR}/${PN}-${P}
+
+PATCHES=(
+	"${FILESDIR}/${P}-include-guards.patch"
+	"${FILESDIR}/${P}-move-to-header.patch"
+	"${FILESDIR}/${P}-tests.patch"
+)
+
+enable_mbedtls_option() {
+	local myopt="$@"
+	# check that config.h syntax is the same at version bump
+	sed -i \
+		-e "s://#define ${myopt}:#define ${myopt}:" \
+		include/mbedtls/config.h || die
+}
+
+src_prepare() {
+	use cpu_flags_x86_sse2 && enable_mbedtls_option MBEDTLS_HAVE_SSE2
+	use zlib && enable_mbedtls_option MBEDTLS_ZLIB_SUPPORT
+	use havege && enable_mbedtls_option MBEDTLS_HAVEGE_C
+	use threads && enable_mbedtls_option MBEDTLS_THREADING_C
+	use threads && enable_mbedtls_option MBEDTLS_THREADING_PTHREAD
+
+	cmake-utils_src_prepare
+}
+
+multilib_src_configure() {
+	local mycmakeargs=(
+		-DENABLE_PROGRAMS=$(multilib_native_usex programs)
+		-DENABLE_ZLIB_SUPPORT=$(usex zlib)
+		-DUSE_STATIC_MBEDTLS_LIBRARY=OFF
+		-DENABLE_TESTING=$(usex test)
+		-DUSE_SHARED_MBEDTLS_LIBRARY=ON
+		-DINSTALL_MBEDTLS_HEADERS=ON
+		-DLIB_INSTALL_DIR="/usr/$(get_libdir)"
+	)
+
+	cmake-utils_src_configure
+}
+
+multilib_src_compile() {
+	cmake-utils_src_compile
+	use doc && multilib_is_native_abi && emake apidoc
+}
+
+multilib_src_test() {
+	LD_LIBRARY_PATH="${LD_LIBRARY_PATH}:${BUILD_DIR}/library" \
+		cmake-utils_src_test
+}
+
+multilib_src_install() {
+	cmake-utils_src_install
+}
+
+multilib_src_install_all() {
+	use doc && HTML_DOCS=( apidoc )
+
+	einstalldocs
+
+	if use programs ; then
+		# avoid file collisions with sys-apps/coreutils
+		local p e
+		for p in "${ED%/}"/usr/bin/* ; do
+			if [[ -x "${p}" && ! -d "${p}" ]] ; then
+				mv "${p}" "${ED%/}"/usr/bin/mbedtls_${p##*/} || die
+			fi
+		done
+		for e in aes hash pkey ssl test ; do
+			docinto "${e}"
+			dodoc programs/"${e}"/*.c
+			dodoc programs/"${e}"/*.txt
+		done
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: net-libs/mbedtls/, net-libs/mbedtls/files/

[Anthony G. Basile]

commit:     cb3d192572eb8381fdd0bae045034ee56917a8af
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 21 21:47:00 2020 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Tue Jan 21 21:47:00 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cb3d1925

net-libs/mbedtls: fix bug #705038

Package-Manager: Portage-2.3.79, Repoman-2.3.16
Signed-off-by: Anthony G. Basile <blueness <AT> gentoo.org>

 .../files/mbedtls-dont-overwrite-headers.patch     | 48 ++++++++++++++++++++++
 ...dtls-2.18.1.ebuild => mbedtls-2.18.1-r1.ebuild} |  6 ++-
 ...dtls-2.19.1.ebuild => mbedtls-2.19.1-r1.ebuild} |  6 ++-
 3 files changed, 58 insertions(+), 2 deletions(-)

diff --git a/net-libs/mbedtls/files/mbedtls-dont-overwrite-headers.patch b/net-libs/mbedtls/files/mbedtls-dont-overwrite-headers.patch
new file mode 100644
index 00000000000..4e39308ac5a
--- /dev/null
+++ b/net-libs/mbedtls/files/mbedtls-dont-overwrite-headers.patch
@@ -0,0 +1,48 @@
+From de35f31091b7e6cb20ebc8d8c0afc3b20bc57098 Mon Sep 17 00:00:00 2001
+From: Mihai Moldovan <ionic@ionic.de>
+Date: Thu, 16 Jan 2020 08:59:39 +0100
+Subject: [PATCH] Avoid overwriting tls headers in submodule mode
+
+When crypto is embedded as a submodule and the cmake build system is
+used, it would previously overwrite some header files installed by tls.
+Most of them are harmless (since they should be identical), but config.h
+is a special case.
+
+tls's and crypto's config.h files differ widely in scope and overwriting
+the more general, bigger config.h file from tls with crypto's smaller
+one will make a lot of features unavailable in programs using tls.
+
+Let's just avoid overwriting any tls header in submodule mode.
+
+Note that this will not fix the potential issue that crypto might be
+using a different configuration than tls in the submodule case.
+
+Fixes ARMmbed/mbedtls#2965
+---
+ include/CMakeLists.txt | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/include/CMakeLists.txt b/include/CMakeLists.txt
+index 02f924df4..92229a221 100644
+--- a/include/CMakeLists.txt
++++ b/include/CMakeLists.txt
+@@ -5,6 +5,19 @@ if(INSTALL_MBEDTLS_HEADERS)
+     file(GLOB headers "mbedtls/*.h")
+     file(GLOB psa_headers "psa/*.h")
+ 
++    if(USE_CRYPTO_SUBMODULE)
++        # Don't overwrite mbedtls's header files!
++        # config.h is supposed to be automatically checked for compatibility
++        # in automatic builds, while the other files should not just be
++        # compatible, but also identical in theory.
++        # Practically, we don't check that in crypto but just assume that the
++        # submodule configuration is sane and trust tls's headers.
++        list(REMOVE_ITEM headers    "${CMAKE_CURRENT_SOURCE_DIR}/mbedtls/compat-1.3.h"
++                                    "${CMAKE_CURRENT_SOURCE_DIR}/mbedtls/config.h"
++                                    "${CMAKE_CURRENT_SOURCE_DIR}/mbedtls/error.h"
++                                    "${CMAKE_CURRENT_SOURCE_DIR}/mbedtls/version.h")
++    endif(USE_CRYPTO_SUBMODULE)
++
+     install(FILES ${headers}
+         DESTINATION include/mbedtls
+         PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)

diff --git a/net-libs/mbedtls/mbedtls-2.18.1.ebuild b/net-libs/mbedtls/mbedtls-2.18.1-r1.ebuild
similarity index 96%
rename from net-libs/mbedtls/mbedtls-2.18.1.ebuild
rename to net-libs/mbedtls/mbedtls-2.18.1-r1.ebuild
index b94b7770c95..b11f2794a35 100644
--- a/net-libs/mbedtls/mbedtls-2.18.1.ebuild
+++ b/net-libs/mbedtls/mbedtls-2.18.1-r1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2019 Gentoo Authors
+# Copyright 1999-2020 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=7
@@ -36,6 +36,10 @@ enable_mbedtls_option() {
 		include/mbedtls/config.h || die
 }
 
+PATCHES=(
+	"${FILESDIR}"/${PN}-dont-overwrite-headers.patch
+)
+
 src_prepare() {
 	use cpu_flags_x86_sse2 && enable_mbedtls_option MBEDTLS_HAVE_SSE2
 	use zlib && enable_mbedtls_option MBEDTLS_ZLIB_SUPPORT

diff --git a/net-libs/mbedtls/mbedtls-2.19.1.ebuild b/net-libs/mbedtls/mbedtls-2.19.1-r1.ebuild
similarity index 96%
rename from net-libs/mbedtls/mbedtls-2.19.1.ebuild
rename to net-libs/mbedtls/mbedtls-2.19.1-r1.ebuild
index e7b65760fa8..1a73d20f220 100644
--- a/net-libs/mbedtls/mbedtls-2.19.1.ebuild
+++ b/net-libs/mbedtls/mbedtls-2.19.1-r1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2019 Gentoo Authors
+# Copyright 1999-2020 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=7
@@ -36,6 +36,10 @@ enable_mbedtls_option() {
 		include/mbedtls/config.h || die
 }
 
+PATCHES=(
+	"${FILESDIR}"/${PN}-dont-overwrite-headers.patch
+)
+
 src_prepare() {
 	use cpu_flags_x86_sse2 && enable_mbedtls_option MBEDTLS_HAVE_SSE2
 	use zlib && enable_mbedtls_option MBEDTLS_ZLIB_SUPPORT

[gentoo-commits] repo/gentoo:master commit in: net-libs/mbedtls/, net-libs/mbedtls/files/

[Anthony G. Basile]

commit:     9bdff0e5ea288b745e38ef08914fe141a127902c
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Wed Jan 29 14:21:46 2020 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Wed Jan 29 14:22:13 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9bdff0e5

net-libs/mbedtls: fix wrong headers, bug #705038

Closes: https://bugs.gentoo.org/705038
Package-Manager: Portage-2.3.84, Repoman-2.3.20
Signed-off-by: Anthony G. Basile <blueness <AT> gentoo.org>

 .../mbedtls-un-pebcak-705038-wrong-file.patch      | 50 ++++++++++++++++++++++
 net-libs/mbedtls/mbedtls-2.18.1-r1.ebuild          |  1 +
 net-libs/mbedtls/mbedtls-2.19.1-r1.ebuild          |  1 +
 3 files changed, 52 insertions(+)

diff --git a/net-libs/mbedtls/files/mbedtls-un-pebcak-705038-wrong-file.patch b/net-libs/mbedtls/files/mbedtls-un-pebcak-705038-wrong-file.patch
new file mode 100644
index 00000000000..73e870fa1e4
--- /dev/null
+++ b/net-libs/mbedtls/files/mbedtls-un-pebcak-705038-wrong-file.patch
@@ -0,0 +1,50 @@
+Fix https://bugs.gentoo.org/705038
+
+Thanks Greg Turner <gmt@be-evil.net>
+
+diff -urpN mbedtls-mbedtls-2.19.1.orig/crypto/include/CMakeLists.txt mbedtls-mbedtls-2.19.1/crypto/include/CMakeLists.txt
+--- mbedtls-mbedtls-2.19.1.orig/crypto/include/CMakeLists.txt	2020-01-26 09:01:50.324231295 -0800
++++ mbedtls-mbedtls-2.19.1/crypto/include/CMakeLists.txt	2020-01-26 09:04:26.498880873 -0800
+@@ -5,6 +5,19 @@ if(INSTALL_MBEDTLS_HEADERS)
+     file(GLOB headers "mbedtls/*.h")
+     file(GLOB psa_headers "psa/*.h")
+ 
++    if(USE_CRYPTO_SUBMODULE)
++        # Don't overwrite mbedtls's header files!
++        # config.h is supposed to be automatically checked for compatibility
++        # in automatic builds, while the other files should not just be
++        # compatible, but also identical in theory.
++        # Practically, we don't check that in crypto but just assume that the
++        # submodule configuration is sane and trust tls's headers.
++        list(REMOVE_ITEM headers    "${CMAKE_CURRENT_SOURCE_DIR}/mbedtls/compat-1.3.h"
++                                    "${CMAKE_CURRENT_SOURCE_DIR}/mbedtls/config.h"
++                                    "${CMAKE_CURRENT_SOURCE_DIR}/mbedtls/error.h"
++                                    "${CMAKE_CURRENT_SOURCE_DIR}/mbedtls/version.h")
++    endif(USE_CRYPTO_SUBMODULE)
++
+     install(FILES ${headers}
+         DESTINATION include/mbedtls
+         PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
+diff -urpN mbedtls-mbedtls-2.19.1.orig/include/CMakeLists.txt mbedtls-mbedtls-2.19.1/include/CMakeLists.txt
+--- mbedtls-mbedtls-2.19.1.orig/include/CMakeLists.txt	2020-01-26 09:01:50.320231227 -0800
++++ mbedtls-mbedtls-2.19.1/include/CMakeLists.txt	2020-01-26 09:03:45.761189288 -0800
+@@ -4,19 +4,6 @@ if(INSTALL_MBEDTLS_HEADERS)
+ 
+     file(GLOB headers "mbedtls/*.h")
+ 
+-    if(USE_CRYPTO_SUBMODULE)
+-        # Don't overwrite mbedtls's header files!
+-        # config.h is supposed to be automatically checked for compatibility
+-        # in automatic builds, while the other files should not just be
+-        # compatible, but also identical in theory.
+-        # Practically, we don't check that in crypto but just assume that the
+-        # submodule configuration is sane and trust tls's headers.
+-        list(REMOVE_ITEM headers    "${CMAKE_CURRENT_SOURCE_DIR}/mbedtls/compat-1.3.h"
+-                                    "${CMAKE_CURRENT_SOURCE_DIR}/mbedtls/config.h"
+-                                    "${CMAKE_CURRENT_SOURCE_DIR}/mbedtls/error.h"
+-                                    "${CMAKE_CURRENT_SOURCE_DIR}/mbedtls/version.h")
+-    endif(USE_CRYPTO_SUBMODULE)
+-
+     install(FILES ${headers}
+         DESTINATION include/mbedtls
+         PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)

diff --git a/net-libs/mbedtls/mbedtls-2.18.1-r1.ebuild b/net-libs/mbedtls/mbedtls-2.18.1-r1.ebuild
index b11f2794a35..dfb900ea4c6 100644
--- a/net-libs/mbedtls/mbedtls-2.18.1-r1.ebuild
+++ b/net-libs/mbedtls/mbedtls-2.18.1-r1.ebuild
@@ -38,6 +38,7 @@ enable_mbedtls_option() {
 
 PATCHES=(
 	"${FILESDIR}"/${PN}-dont-overwrite-headers.patch
+	"${FILESDIR}"/${PN}-un-pebcak-705038-wrong-file.patch
 )
 
 src_prepare() {

diff --git a/net-libs/mbedtls/mbedtls-2.19.1-r1.ebuild b/net-libs/mbedtls/mbedtls-2.19.1-r1.ebuild
index 1a73d20f220..a18fc891988 100644
--- a/net-libs/mbedtls/mbedtls-2.19.1-r1.ebuild
+++ b/net-libs/mbedtls/mbedtls-2.19.1-r1.ebuild
@@ -38,6 +38,7 @@ enable_mbedtls_option() {
 
 PATCHES=(
 	"${FILESDIR}"/${PN}-dont-overwrite-headers.patch
+	"${FILESDIR}"/${PN}-un-pebcak-705038-wrong-file.patch
 )
 
 src_prepare() {

[gentoo-commits] repo/gentoo:master commit in: net-libs/mbedtls/, net-libs/mbedtls/files/

[Lars Wendler]

commit:     5b410baabbda721370fef400b1d9a298760c7d04
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Tue Feb 11 11:18:21 2020 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Feb 11 11:19:34 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5b410baa

net-libs/mbedtls: Fixed compilation with USE="zlib"

Closes: https://bugs.gentoo.org/706112
Package-Manager: Portage-2.3.88, Repoman-2.3.20
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 net-libs/mbedtls/files/mbedtls-2.19.1-zlib.patch | 29 ++++++++++++++++++++++++
 net-libs/mbedtls/mbedtls-2.19.1-r2.ebuild        |  1 +
 2 files changed, 30 insertions(+)

diff --git a/net-libs/mbedtls/files/mbedtls-2.19.1-zlib.patch b/net-libs/mbedtls/files/mbedtls-2.19.1-zlib.patch
new file mode 100644
index 00000000000..ba4559cfc9b
--- /dev/null
+++ b/net-libs/mbedtls/files/mbedtls-2.19.1-zlib.patch
@@ -0,0 +1,29 @@
+From 9f25b8deff8e5b8fad8493db421b4639f14d2e5d Mon Sep 17 00:00:00 2001
+From: jiblime <47689567+jiblime@users.noreply.github.com>
+Date: Wed, 18 Dec 2019 21:40:01 -0800
+Subject: [PATCH] Fixes definition error when the deprecated
+ MBEDTLS_ZLIB_SUPPORT and ENABLE_ZLIB_SUPPORT macro are defined/enabled for
+ zlib support in mbedtls
+
+100% tests passed, 0 tests failed out of 85
+
+https://github.com/ARMmbed/mbedtls/blob/mbedtls-2.19.1/library/ssl_tls.c#L1842
+
+https://github.com/ARMmbed/mbedtls/blob/mbedtls-2.19.1/library/ssl_tls.c#L1862
+---
+ library/ssl_tls.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/library/ssl_tls.c b/library/ssl_tls.c
+index 6cf7781f2a..51ae9da3c6 100644
+--- a/library/ssl_tls.c
++++ b/library/ssl_tls.c
+@@ -1880,7 +1880,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
+ 
+     /* Allocate compression buffer */
+ #if defined(MBEDTLS_ZLIB_SUPPORT)
+-    if( session->compression == MBEDTLS_SSL_COMPRESS_DEFLATE &&
++    if( ssl->session_negotiate->compression == MBEDTLS_SSL_COMPRESS_DEFLATE &&
+         ssl->compress_buf == NULL )
+     {
+         MBEDTLS_SSL_DEBUG_MSG( 3, ( "Allocating compression buffer" ) );

diff --git a/net-libs/mbedtls/mbedtls-2.19.1-r2.ebuild b/net-libs/mbedtls/mbedtls-2.19.1-r2.ebuild
index a18fc891988..55ffc2164a7 100644
--- a/net-libs/mbedtls/mbedtls-2.19.1-r2.ebuild
+++ b/net-libs/mbedtls/mbedtls-2.19.1-r2.ebuild
@@ -39,6 +39,7 @@ enable_mbedtls_option() {
 PATCHES=(
 	"${FILESDIR}"/${PN}-dont-overwrite-headers.patch
 	"${FILESDIR}"/${PN}-un-pebcak-705038-wrong-file.patch
+	"${FILESDIR}"/${PN}-2.19.1-zlib.patch #706112
 )
 
 src_prepare() {

[gentoo-commits] repo/gentoo:master commit in: net-libs/mbedtls/, net-libs/mbedtls/files/

[Sam James]

commit:     59eca6456e672aa6e0ba39ee15a2fd449c80367d
Author:     Azamat H. Hackimov <azamat.hackimov <AT> gmail <DOT> com>
AuthorDate: Sat Nov 30 22:46:04 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Jan  5 20:26:24 2025 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=59eca645

net-libs/mbedtls: slotting version 3

MbedTLS breaks API compatibility between major versions, and some
packages are unable or not willing to migrate from slowly deprecating
mbedtls-2 branches, so we are forced to keep them both for a while.

Upstream PR: https://github.com/Mbed-TLS/mbedtls/pull/8800

[sam: Note that: a) upstream are fine with us doing this (per the
upstream PR), and b) consumers (almost?) always use CMake config files
so they automatically pick up the slotting.]

Bug: https://bugs.gentoo.org/805011
Signed-off-by: Azamat H. Hackimov <azamat.hackimov <AT> gmail.com>
Signed-off-by: Sam James <sam <AT> gentoo.org>

 ...ersion-suffix-for-all-installable-targets.patch |  79 +++++++++++++++
 ...2-add-version-suffix-for-pkg-config-files.patch |  71 ++++++++++++++
 ...low-install-headers-to-different-location.patch | 105 ++++++++++++++++++++
 .../mbedtls-3.6.2-exclude-static-3dparty.patch     |  22 +++++
 net-libs/mbedtls/mbedtls-3.6.2-r100.ebuild         | 109 +++++++++++++++++++++
 5 files changed, 386 insertions(+)

diff --git a/net-libs/mbedtls/files/mbedtls-3.6.2-add-version-suffix-for-all-installable-targets.patch b/net-libs/mbedtls/files/mbedtls-3.6.2-add-version-suffix-for-all-installable-targets.patch
new file mode 100644
index 000000000000..3aeea6060da7
--- /dev/null
+++ b/net-libs/mbedtls/files/mbedtls-3.6.2-add-version-suffix-for-all-installable-targets.patch
@@ -0,0 +1,79 @@
+https://github.com/Mbed-TLS/mbedtls/pull/9876
+From: "Azamat H. Hackimov" <azamat.hackimov@gmail.com>
+Date: Sun, 1 Dec 2024 00:49:15 +0300
+Subject: Add version suffix for all installable targets
+
+Convert main library targets to slottable versions. This allows to
+install major versions of MbedTLS simultaneously.
+
+Dependent packages should use `find_package(MbedTLS 3 [REQUIRED])` and
+`MbedTLS::<component>` in order to use requested libraries.
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -478,7 +478,7 @@ if(NOT DISABLE_PACKAGE_CONFIG_AND_INSTALL)
+     install(
+         FILES "${CMAKE_CURRENT_BINARY_DIR}/cmake/MbedTLSConfig.cmake"
+               "${CMAKE_CURRENT_BINARY_DIR}/cmake/MbedTLSConfigVersion.cmake"
+-        DESTINATION "${CMAKE_INSTALL_LIBDIR}/cmake/MbedTLS")
++        DESTINATION "${CMAKE_INSTALL_LIBDIR}/cmake/MbedTLS-${PROJECT_VERSION_MAJOR}")
+ 
+     export(
+         EXPORT MbedTLSTargets
+@@ -488,7 +488,7 @@ if(NOT DISABLE_PACKAGE_CONFIG_AND_INSTALL)
+     install(
+         EXPORT MbedTLSTargets
+         NAMESPACE MbedTLS::
+-        DESTINATION "${CMAKE_INSTALL_LIBDIR}/cmake/MbedTLS"
++        DESTINATION "${CMAKE_INSTALL_LIBDIR}/cmake/MbedTLS-${PROJECT_VERSION_MAJOR}"
+         FILE "MbedTLSTargets.cmake")
+ 
+     if(CMAKE_VERSION VERSION_GREATER 3.15 OR CMAKE_VERSION VERSION_EQUAL 3.15)
+--- a/library/CMakeLists.txt
++++ b/library/CMakeLists.txt
+@@ -277,7 +277,7 @@ set(everest_target "${MBEDTLS_TARGET_PREFIX}everest")
+ 
+ if(USE_STATIC_MBEDTLS_LIBRARY)
+     add_library(${mbedcrypto_static_target} STATIC ${src_crypto})
+-    set_target_properties(${mbedcrypto_static_target} PROPERTIES OUTPUT_NAME mbedcrypto)
++    set_target_properties(${mbedcrypto_static_target} PROPERTIES OUTPUT_NAME mbedcrypto${PROJECT_VERSION_MAJOR})
+     target_link_libraries(${mbedcrypto_static_target} PUBLIC ${libs})
+ 
+     if(TARGET ${everest_target})
+@@ -289,11 +289,11 @@ if(USE_STATIC_MBEDTLS_LIBRARY)
+     endif()
+ 
+     add_library(${mbedx509_static_target} STATIC ${src_x509})
+-    set_target_properties(${mbedx509_static_target} PROPERTIES OUTPUT_NAME mbedx509)
++    set_target_properties(${mbedx509_static_target} PROPERTIES OUTPUT_NAME mbedx509${PROJECT_VERSION_MAJOR})
+     target_link_libraries(${mbedx509_static_target} PUBLIC ${libs} ${mbedcrypto_static_target})
+ 
+     add_library(${mbedtls_static_target} STATIC ${src_tls})
+-    set_target_properties(${mbedtls_static_target} PROPERTIES OUTPUT_NAME mbedtls)
++    set_target_properties(${mbedtls_static_target} PROPERTIES OUTPUT_NAME mbedtls${PROJECT_VERSION_MAJOR})
+     target_link_libraries(${mbedtls_static_target} PUBLIC ${libs} ${mbedx509_static_target})
+ endif(USE_STATIC_MBEDTLS_LIBRARY)
+ 
+@@ -301,6 +301,7 @@ if(USE_SHARED_MBEDTLS_LIBRARY)
+     set(CMAKE_LIBRARY_PATH ${CMAKE_CURRENT_BINARY_DIR})
+     add_library(${mbedcrypto_target} SHARED ${src_crypto})
+     set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 3.6.2 SOVERSION 16)
++    set_target_properties(${mbedcrypto_target} PROPERTIES OUTPUT_NAME mbedcrypto${PROJECT_VERSION_MAJOR})
+     target_link_libraries(${mbedcrypto_target} PUBLIC ${libs})
+ 
+     if(TARGET ${everest_target})
+@@ -313,10 +314,12 @@ if(USE_SHARED_MBEDTLS_LIBRARY)
+ 
+     add_library(${mbedx509_target} SHARED ${src_x509})
+     set_target_properties(${mbedx509_target} PROPERTIES VERSION 3.6.2 SOVERSION 7)
++    set_target_properties(${mbedx509_target} PROPERTIES OUTPUT_NAME mbedx509${PROJECT_VERSION_MAJOR})
+     target_link_libraries(${mbedx509_target} PUBLIC ${libs} ${mbedcrypto_target})
+ 
+     add_library(${mbedtls_target} SHARED ${src_tls})
+     set_target_properties(${mbedtls_target} PROPERTIES VERSION 3.6.2 SOVERSION 21)
++    set_target_properties(${mbedtls_target} PROPERTIES OUTPUT_NAME mbedtls${PROJECT_VERSION_MAJOR})
+     target_link_libraries(${mbedtls_target} PUBLIC ${libs} ${mbedx509_target})
+ endif(USE_SHARED_MBEDTLS_LIBRARY)
+ 
+-- 
+2.45.2
+

diff --git a/net-libs/mbedtls/files/mbedtls-3.6.2-add-version-suffix-for-pkg-config-files.patch b/net-libs/mbedtls/files/mbedtls-3.6.2-add-version-suffix-for-pkg-config-files.patch
new file mode 100644
index 000000000000..4e3858b327cd
--- /dev/null
+++ b/net-libs/mbedtls/files/mbedtls-3.6.2-add-version-suffix-for-pkg-config-files.patch
@@ -0,0 +1,71 @@
+https://github.com/Mbed-TLS/mbedtls/pull/9876
+From: "Azamat H. Hackimov" <azamat.hackimov@gmail.com>
+Date: Sun, 1 Dec 2024 00:54:10 +0300
+Subject: Add version suffix for pkg-config files
+
+Convert main library targets to slottable versions. This allows to
+install major versions of MbedTLS simultaneously.
+
+Dependent packages should use
+`pkg-config --libs --cflags (mbedtls3|mbedx5093|mbedx5093)` in order to use
+requested libraries.
+--- a/pkgconfig/CMakeLists.txt
++++ b/pkgconfig/CMakeLists.txt
+@@ -8,18 +8,18 @@ if(NOT DISABLE_PACKAGE_CONFIG_AND_INSTALL)
+   set(PKGCONFIG_PROJECT_DESCRIPTION "Mbed TLS is a C library that implements cryptographic primitives, X.509 certificate manipulation and the SSL/TLS and DTLS protocols. Its small code footprint makes it suitable for embedded systems.")
+   set(PKGCONFIG_PROJECT_HOMEPAGE_URL "https://www.trustedfirmware.org/projects/mbed-tls/")
+ 
+-  configure_file(mbedcrypto.pc.in mbedcrypto.pc @ONLY)
++  configure_file(mbedcrypto.pc.in mbedcrypto${PROJECT_VERSION_MAJOR}.pc @ONLY)
+     install(FILES
+-    ${CMAKE_CURRENT_BINARY_DIR}/mbedcrypto.pc
++    ${CMAKE_CURRENT_BINARY_DIR}/mbedcrypto${PROJECT_VERSION_MAJOR}.pc
+     DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig)
+ 
+-  configure_file(mbedtls.pc.in mbedtls.pc @ONLY)
++  configure_file(mbedtls.pc.in mbedtls${PROJECT_VERSION_MAJOR}.pc @ONLY)
+     install(FILES
+-    ${CMAKE_CURRENT_BINARY_DIR}/mbedtls.pc
++    ${CMAKE_CURRENT_BINARY_DIR}/mbedtls${PROJECT_VERSION_MAJOR}.pc
+     DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig)
+ 
+-  configure_file(mbedx509.pc.in mbedx509.pc @ONLY)
++  configure_file(mbedx509.pc.in mbedx509${PROJECT_VERSION_MAJOR}.pc @ONLY)
+     install(FILES
+-    ${CMAKE_CURRENT_BINARY_DIR}/mbedx509.pc
++    ${CMAKE_CURRENT_BINARY_DIR}/mbedx509${PROJECT_VERSION_MAJOR}.pc
+     DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig)
+ endif()
+--- a/pkgconfig/mbedcrypto.pc.in
++++ b/pkgconfig/mbedcrypto.pc.in
+@@ -7,4 +7,4 @@ Description: @PKGCONFIG_PROJECT_DESCRIPTION@
+ URL: @PKGCONFIG_PROJECT_HOMEPAGE_URL@
+ Version: @PROJECT_VERSION@
+ Cflags: -I"${includedir}"
+-Libs: -L"${libdir}" -lmbedcrypto
++Libs: -L"${libdir}" -lmbedcrypto@PROJECT_VERSION_MAJOR@
+--- a/pkgconfig/mbedtls.pc.in
++++ b/pkgconfig/mbedtls.pc.in
+@@ -6,6 +6,6 @@ Name: @PROJECT_NAME@
+ Description: @PKGCONFIG_PROJECT_DESCRIPTION@
+ URL: @PKGCONFIG_PROJECT_HOMEPAGE_URL@
+ Version: @PROJECT_VERSION@
+-Requires.private: mbedcrypto mbedx509
++Requires.private: mbedcrypto@PROJECT_VERSION_MAJOR@ mbedx509@PROJECT_VERSION_MAJOR@
+ Cflags: -I"${includedir}"
+-Libs: -L"${libdir}" -lmbedtls
++Libs: -L"${libdir}" -lmbedtls@PROJECT_VERSION_MAJOR@
+--- a/pkgconfig/mbedx509.pc.in
++++ b/pkgconfig/mbedx509.pc.in
+@@ -6,6 +6,6 @@ Name: @PROJECT_NAME@
+ Description: @PKGCONFIG_PROJECT_DESCRIPTION@
+ URL: @PKGCONFIG_PROJECT_HOMEPAGE_URL@
+ Version: @PROJECT_VERSION@
+-Requires.private: mbedcrypto
++Requires.private: mbedcrypto@PROJECT_VERSION_MAJOR@
+ Cflags: -I"${includedir}"
+-Libs: -L"${libdir}" -lmbedx509
++Libs: -L"${libdir}" -lmbedx509@PROJECT_VERSION_MAJOR@
+-- 
+2.45.2
+

diff --git a/net-libs/mbedtls/files/mbedtls-3.6.2-allow-install-headers-to-different-location.patch b/net-libs/mbedtls/files/mbedtls-3.6.2-allow-install-headers-to-different-location.patch
new file mode 100644
index 000000000000..2b3ae9fb6999
--- /dev/null
+++ b/net-libs/mbedtls/files/mbedtls-3.6.2-allow-install-headers-to-different-location.patch
@@ -0,0 +1,105 @@
+https://github.com/Mbed-TLS/mbedtls/pull/9876
+From 6a0c205d86a96772b82c4d7e7dfce5ea362c7870 Mon Sep 17 00:00:00 2001
+From: "Azamat H. Hackimov" <azamat.hackimov@gmail.com>
+Date: Sat, 30 Nov 2024 02:17:17 +0300
+Subject: Allow install headers to different location
+
+Use standard `CMAKE_INSTALL_INCLUDEDIR` and `CMAKE_INSTALL_LIBDIR`
+location to define headers and library installation. This variable can be
+redefined on configuration phase to allow install headers and libraries to
+different location (like `include/mbedtls3`, #8723).
+
+Additionally removing explicit permission rules as they may broke proper
+permissions for system installation (like remove executable bit from
+libraries). By default CMake sets permissions correctly on all files and
+directories.
+
+See #8723 for rationale.
+--- a/3rdparty/everest/CMakeLists.txt
++++ b/3rdparty/everest/CMakeLists.txt
+@@ -27,16 +27,16 @@ if(MBEDTLS_USER_CONFIG_FILE)
+ endif()
+ 
+ if(INSTALL_MBEDTLS_HEADERS)
+-
+   install(DIRECTORY include/everest
+-    DESTINATION include
+-    FILE_PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ
+-    DIRECTORY_PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE
++    DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}
+     FILES_MATCHING PATTERN "*.h")
+ 
+ endif(INSTALL_MBEDTLS_HEADERS)
+ 
+ install(TARGETS ${everest_target}
+   EXPORT MbedTLSTargets
+-  DESTINATION ${CMAKE_INSTALL_LIBDIR}
+-  PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
++  LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}
++  ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR}
++  RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}
++  INCLUDES DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}
++)
+--- a/3rdparty/p256-m/CMakeLists.txt
++++ b/3rdparty/p256-m/CMakeLists.txt
+@@ -25,16 +25,16 @@ if(MBEDTLS_USER_CONFIG_FILE)
+ endif()
+ 
+ if(INSTALL_MBEDTLS_HEADERS)
+-
+-  install(DIRECTORY :${CMAKE_CURRENT_SOURCE_DIR}
+-    DESTINATION include
+-    FILE_PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ
+-    DIRECTORY_PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE
++  install(DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}
++    DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}
+     FILES_MATCHING PATTERN "*.h")
+ 
+ endif(INSTALL_MBEDTLS_HEADERS)
+ 
+ install(TARGETS ${p256m_target}
+-EXPORT MbedTLSTargets
+-DESTINATION ${CMAKE_INSTALL_LIBDIR}
+-PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
++  EXPORT MbedTLSTargets
++  LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}
++  ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR}
++  RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}
++  INCLUDES DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}
++)
+--- a/include/CMakeLists.txt
++++ b/include/CMakeLists.txt
+@@ -1,16 +1,15 @@
+ option(INSTALL_MBEDTLS_HEADERS "Install Mbed TLS headers." ON)
+ 
+ if(INSTALL_MBEDTLS_HEADERS)
+-
+     file(GLOB headers "mbedtls/*.h")
+     file(GLOB psa_headers "psa/*.h")
+ 
+     install(FILES ${headers}
+-        DESTINATION include/mbedtls
++        DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}/mbedtls
+         PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
+ 
+     install(FILES ${psa_headers}
+-        DESTINATION include/psa
++        DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}/psa
+         PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
+ 
+ endif(INSTALL_MBEDTLS_HEADERS)
+--- a/library/CMakeLists.txt
++++ b/library/CMakeLists.txt
+@@ -348,7 +348,8 @@ foreach(target IN LISTS target_libraries)
+         ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR}
+         LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}
+         RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}
+-        PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
++        INCLUDES DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}
++    )
+ endforeach(target)
+ 
+ set(lib_target "${MBEDTLS_TARGET_PREFIX}lib")
+-- 
+2.45.2
+

diff --git a/net-libs/mbedtls/files/mbedtls-3.6.2-exclude-static-3dparty.patch b/net-libs/mbedtls/files/mbedtls-3.6.2-exclude-static-3dparty.patch
new file mode 100644
index 000000000000..1df749854419
--- /dev/null
+++ b/net-libs/mbedtls/files/mbedtls-3.6.2-exclude-static-3dparty.patch
@@ -0,0 +1,22 @@
+https://github.com/Mbed-TLS/mbedtls/pull/8284#issuecomment-2030088495
+From: "Azamat H. Hackimov" <azamat.hackimov@gmail.com>
+Date: Sun, 1 Dec 2024 20:56:50 +0300
+Subject: Exclude 3rd party code from building
+
+Third party code is required only for limited features that not enabled by default.
+
+See: https://github.com/Mbed-TLS/mbedtls/pull/8284#issuecomment-2030088495
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -325,8 +325,6 @@ add_subdirectory(framework)
+ 
+ add_subdirectory(include)
+ 
+-add_subdirectory(3rdparty)
+-
+ add_subdirectory(library)
+ 
+ add_subdirectory(pkgconfig)
+-- 
+2.45.2
+

diff --git a/net-libs/mbedtls/mbedtls-3.6.2-r100.ebuild b/net-libs/mbedtls/mbedtls-3.6.2-r100.ebuild
new file mode 100644
index 000000000000..1b2705f0524e
--- /dev/null
+++ b/net-libs/mbedtls/mbedtls-3.6.2-r100.ebuild
@@ -0,0 +1,109 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10..13} )
+
+inherit cmake flag-o-matic multilib-minimal python-any-r1
+
+DESCRIPTION="Cryptographic library for embedded systems"
+HOMEPAGE="https://www.trustedfirmware.org/projects/mbed-tls/"
+SRC_URI="https://github.com/Mbed-TLS/mbedtls/releases/download/${P}/${P}.tar.bz2"
+
+LICENSE="|| ( Apache-2.0 GPL-2+ )"
+SLOT="3/16.21.7" # ffmpeg subslot naming: SONAME tuple of {libmbedcrypto.so,libmbedtls.so,libmbedx509.so}
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+IUSE="cpu_flags_x86_sse2 doc programs static-libs test threads"
+RESTRICT="!test? ( test )"
+
+RDEPEND="!>net-libs/mbedtls-3:0"
+BDEPEND="
+	${PYTHON_DEPS}
+	doc? (
+		app-text/doxygen
+		media-gfx/graphviz
+	)
+	test? ( dev-lang/perl )
+"
+
+PATCHES=(
+	"${FILESDIR}/mbedtls-3.6.2-allow-install-headers-to-different-location.patch"
+	"${FILESDIR}/mbedtls-3.6.2-add-version-suffix-for-all-installable-targets.patch"
+	"${FILESDIR}/mbedtls-3.6.2-add-version-suffix-for-pkg-config-files.patch"
+	"${FILESDIR}/mbedtls-3.6.2-exclude-static-3dparty.patch"
+)
+
+enable_mbedtls_option() {
+	local myopt="$@"
+	# check that config.h syntax is the same at version bump
+	sed -i \
+		-e "s://#define ${myopt}:#define ${myopt}:" \
+		include/mbedtls/mbedtls_config.h || die
+}
+
+src_prepare() {
+	use cpu_flags_x86_sse2 && enable_mbedtls_option MBEDTLS_HAVE_SSE2
+	use threads && enable_mbedtls_option MBEDTLS_THREADING_C
+	use threads && enable_mbedtls_option MBEDTLS_THREADING_PTHREAD
+
+	cmake_src_prepare
+}
+
+src_configure() {
+	# Workaround for https://github.com/Mbed-TLS/mbedtls/issues/9814 (bug #946544)
+	append-flags $(test-flags-CC -fzero-init-padding-bits=unions)
+	multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+	local mycmakeargs=(
+		-DENABLE_PROGRAMS=$(multilib_native_usex programs)
+		-DENABLE_TESTING=$(usex test)
+		-DINSTALL_MBEDTLS_HEADERS=ON
+		-DCMAKE_INSTALL_INCLUDEDIR="include/mbedtls3"
+		-DLINK_WITH_PTHREAD=$(usex threads)
+		-DMBEDTLS_FATAL_WARNINGS=OFF # Don't use -Werror, #744946
+		-DUSE_SHARED_MBEDTLS_LIBRARY=ON
+		-DUSE_STATIC_MBEDTLS_LIBRARY=$(usex static-libs)
+	)
+
+	cmake_src_configure
+}
+
+multilib_src_compile() {
+	cmake_src_compile
+	use doc && multilib_is_native_abi && emake -C "${S}" apidoc
+}
+
+multilib_src_test() {
+	# Disable parallel run, bug #718390
+	# https://github.com/Mbed-TLS/mbedtls/issues/4980
+	LD_LIBRARY_PATH="${LD_LIBRARY_PATH}:${BUILD_DIR}/library" \
+		cmake_src_test -j1
+}
+
+multilib_src_install() {
+	cmake_src_install
+}
+
+multilib_src_install_all() {
+	use doc && HTML_DOCS=( apidoc )
+
+	einstalldocs
+
+	if use programs ; then
+		# avoid file collisions with sys-apps/coreutils
+		local p e
+		for p in "${ED}"/usr/bin/* ; do
+			if [[ -x "${p}" && ! -d "${p}" ]] ; then
+				mv "${p}" "${ED}"/usr/bin/mbedtls_${p##*/} || die
+			fi
+		done
+		for e in aes hash pkey ssl test ; do
+			docinto "${e}"
+			dodoc programs/"${e}"/*.c
+			dodoc programs/"${e}"/*.txt
+		done
+	fi
+}