* [gentoo-commits] repo/gentoo:master commit in: net-libs/gnutls/, net-libs/gnutls/files/
@ 2015-12-19 11:27 Alon Bar-Lev
0 siblings, 0 replies; 13+ messages in thread
From: Alon Bar-Lev @ 2015-12-19 11:27 UTC (permalink / raw
To: gentoo-commits
commit: 0aa72a1fa56ba00946438ae38fba467fcc277e36
Author: Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
AuthorDate: Sat Dec 19 11:13:01 2015 +0000
Commit: Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
CommitDate: Sat Dec 19 11:26:28 2015 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0aa72a1f
net-libs/gnutls - install man(1)
Bug: 568534
Package-Manager: portage-2.2.24
...ow-installing-man-1-even-with-disable-doc.patch | 94 +++++++++++
...ow-installing-man-1-even-with-disable-doc.patch | 96 +++++++++++
net-libs/gnutls/gnutls-3.3.19-r1.ebuild | 177 +++++++++++++++++++++
net-libs/gnutls/gnutls-3.4.7-r1.ebuild | 135 ++++++++++++++++
4 files changed, 502 insertions(+)
diff --git a/net-libs/gnutls/files/gnutls-3.3.19-build-allow-installing-man-1-even-with-disable-doc.patch b/net-libs/gnutls/files/gnutls-3.3.19-build-allow-installing-man-1-even-with-disable-doc.patch
new file mode 100644
index 0000000..dda8bfc
--- /dev/null
+++ b/net-libs/gnutls/files/gnutls-3.3.19-build-allow-installing-man-1-even-with-disable-doc.patch
@@ -0,0 +1,94 @@
+From 0f230c6375fd3680837d98f20ee3862e9041af3d Mon Sep 17 00:00:00 2001
+From: Alon Bar-Lev <alon.barlev@gmail.com>
+Date: Fri, 18 Dec 2015 12:14:08 +0200
+Subject: [PATCH] build: allow installing man(1) even with --disable-doc
+
+Currently these man pages are installed only if --enable-doc
+is provided, while these are not actually docs, do not require any
+special dependency, nor consume large space.
+
+This adds --enable-manpages to enable/disable manpages installation, and
+install the man(1) regardless of --disable-doc.
+
+Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
+Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+---
+ Makefile.am | 3 +++
+ configure.ac | 10 ++++++++++
+ doc/Makefile.am | 2 +-
+ doc/manpages/Makefile.am | 2 ++
+ 5 files changed, 17 insertions(+), 1 deletion(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index d446711..6e19f26 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -28,6 +28,9 @@ SUBDIRS += libdane
+ endif
+
+ SUBDIRS += po src
++if ENABLE_MANPAGES
++SUBDIRS += doc/manpages
++endif
+ if ENABLE_DOC
+ SUBDIRS += doc
+ endif
+diff --git a/configure.ac b/configure.ac
+index c7a83b8..d161c05 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -152,6 +152,15 @@ AC_ARG_ENABLE(doc,
+ enable_doc=$enableval, enable_doc=yes)
+ AM_CONDITIONAL(ENABLE_DOC, test "$enable_doc" != "no")
+
++AC_ARG_ENABLE(manpages,
++ AS_HELP_STRING([--enable-manpages], [install manpages even if disable-doc is given]),
++ enable_manpages=$enableval,enable_manpages=auto)
++
++if test "${enable_manpages}" = "auto";then
++ enable_manpages="${enable_doc}"
++fi
++AM_CONDITIONAL(ENABLE_MANPAGES, test "$enable_manpages" != "no")
++
+ AC_ARG_ENABLE(tests,
+ AS_HELP_STRING([--disable-tests], [don't compile or run any tests]),
+ enable_tests=$enableval, enable_tests=yes)
+@@ -838,6 +847,7 @@ AC_MSG_NOTICE([summary of build options:
+ Local libtasn1: ${included_libtasn1}
+ Use nettle-mini: ${mini_nettle}
+ nettle-version: ${nettle_version}
++ Documentation: ${enable_doc} (manpages: ${enable_manpages})
+ ])
+
+ AC_MSG_NOTICE([External hardware support:
+diff --git a/doc/Makefile.am b/doc/Makefile.am
+index d9b4022..492a74a 100644
+--- a/doc/Makefile.am
++++ b/doc/Makefile.am
+@@ -24,7 +24,7 @@ EXTRA_DIST = TODO certtool.cfg gnutls.pdf gnutls.html \
+ gnutls-guile.pdf gnutls-guile.html stamp_enums stamp_functions \
+ doc.mk
+
+-SUBDIRS = examples cyclo scripts manpages credentials latex
++SUBDIRS = examples cyclo scripts credentials latex
+ if ENABLE_GTK_DOC
+ SUBDIRS += reference
+ endif
+diff --git a/doc/manpages/Makefile.am b/doc/manpages/Makefile.am
+index 6d16787..2840197 100644
+--- a/doc/manpages/Makefile.am
++++ b/doc/manpages/Makefile.am
+@@ -1053,7 +1053,9 @@ APIMANS += gnutls_x509_trust_list_verify_crt.3
+ APIMANS += gnutls_x509_trust_list_verify_crt2.3
+ APIMANS += gnutls_x509_trust_list_verify_named_crt.3
+
++if ENABLE_DOC
+ dist_man_MANS += $(APIMANS)
++endif
+
+ $(APIMANS): stamp_mans
+
+--
+2.4.10
+
diff --git a/net-libs/gnutls/files/gnutls-3.4.7-build-allow-installing-man-1-even-with-disable-doc.patch b/net-libs/gnutls/files/gnutls-3.4.7-build-allow-installing-man-1-even-with-disable-doc.patch
new file mode 100644
index 0000000..cf108f0
--- /dev/null
+++ b/net-libs/gnutls/files/gnutls-3.4.7-build-allow-installing-man-1-even-with-disable-doc.patch
@@ -0,0 +1,96 @@
+From 86f039f8c78f87edd6346265010abc679d9283a9 Mon Sep 17 00:00:00 2001
+From: Alon Bar-Lev <alon.barlev@gmail.com>
+Date: Fri, 18 Dec 2015 12:14:08 +0200
+Subject: [PATCH] build: allow installing man(1) even with --disable-doc
+
+Currently these man pages are installed only if --enable-doc
+is provided, while these are not actually docs, do not require any
+special dependency, nor consume large space.
+
+This adds --enable-manpages to enable/disable manpages installation, and
+install the man(1) regardless of --disable-doc.
+
+Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
+Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+---
+ Makefile.am | 4 ++++
+ configure.ac | 11 +++++++++++
+ doc/Makefile.am | 2 +-
+ doc/manpages/Makefile.am | 2 ++
+ 5 files changed, 19 insertions(+), 1 deletion(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index 19fcb90..b94af06 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -42,6 +42,10 @@ if HAVE_GUILE
+ SUBDIRS += guile
+ endif
+
++if ENABLE_MANPAGES
++SUBDIRS += doc/manpages
++endif
++
+ if ENABLE_DOC
+ SUBDIRS += doc
+ endif
+diff --git a/configure.ac b/configure.ac
+index e634236..0b1625b 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -51,6 +51,16 @@ AC_ARG_ENABLE(doc,
+ enable_doc=$enableval, enable_doc=yes)
+ AM_CONDITIONAL(ENABLE_DOC, test "$enable_doc" != "no")
+
++AC_ARG_ENABLE(manpages,
++ AS_HELP_STRING([--enable-manpages], [install manpages even if disable-doc is given]),
++ enable_manpages=$enableval,enable_manpages=auto)
++
++if test "${enable_manpages}" = "auto";then
++ enable_manpages="${enable_doc}"
++fi
++
++AM_CONDITIONAL(ENABLE_MANPAGES, test "$enable_manpages" != "no")
++
+ AC_ARG_ENABLE(tools,
+ AS_HELP_STRING([--disable-tools], [don't compile any tools]),
+ enable_tools=$enableval, enable_tools=yes)
+@@ -920,6 +930,7 @@ AC_MSG_NOTICE([summary of build options:
+ Local libopts: ${included_libopts}
+ Local libtasn1: ${included_libtasn1}
+ Use nettle-mini: ${mini_nettle}
++ Documentation: ${enable_doc} (manpages: ${enable_manpages})
+ ])
+
+ AC_MSG_NOTICE([External hardware support:
+diff --git a/doc/Makefile.am b/doc/Makefile.am
+index 1e99dd0..05c2188 100644
+--- a/doc/Makefile.am
++++ b/doc/Makefile.am
+@@ -24,7 +24,7 @@ EXTRA_DIST = TODO certtool.cfg gnutls.pdf gnutls.html \
+ gnutls-guile.pdf gnutls-guile.html stamp_enums stamp_functions \
+ doc.mk
+
+-SUBDIRS = examples cyclo scripts manpages credentials latex
++SUBDIRS = examples cyclo scripts credentials latex
+ if ENABLE_GTK_DOC
+ SUBDIRS += reference
+ endif
+diff --git a/doc/manpages/Makefile.am b/doc/manpages/Makefile.am
+index 8a1613d..10365a9 100644
+--- a/doc/manpages/Makefile.am
++++ b/doc/manpages/Makefile.am
+@@ -1127,7 +1127,9 @@ APIMANS += gnutls_x509_trust_list_verify_crt.3
+ APIMANS += gnutls_x509_trust_list_verify_crt2.3
+ APIMANS += gnutls_x509_trust_list_verify_named_crt.3
+
++if ENABLE_DOC
+ dist_man_MANS += $(APIMANS)
++endif
+
+ $(APIMANS): stamp_mans
+
+--
+2.4.10
+
diff --git a/net-libs/gnutls/gnutls-3.3.19-r1.ebuild b/net-libs/gnutls/gnutls-3.3.19-r1.ebuild
new file mode 100644
index 0000000..c26d74c
--- /dev/null
+++ b/net-libs/gnutls/gnutls-3.3.19-r1.ebuild
@@ -0,0 +1,177 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit autotools libtool eutils multilib-minimal versionator
+
+DESCRIPTION="A TLS 1.2 and SSL 3.0 implementation for the GNU project"
+HOMEPAGE="http://www.gnutls.org/"
+SRC_URI="mirror://gnupg/gnutls/v$(get_version_component_range 1-2)/${P}.tar.xz"
+
+# LGPL-3 for libgnutls library and GPL-3 for libgnutls-extra library.
+# soon to be relicensed as LGPL-2.1 unless heartbeat extension enabled.
+LICENSE="GPL-3 LGPL-3"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x86-interix ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x86-solaris"
+IUSE_LINGUAS=" en cs de fi fr it ms nl pl sv uk vi zh_CN"
+IUSE="+cxx +crywrap dane doc examples guile nls +openssl pkcs11 static-libs test zlib ${IUSE_LINGUAS// / linguas_}"
+# heartbeat support is not disabled until re-licensing happens fullyf
+
+# NOTICE: sys-devel/autogen is required at runtime as we
+# use system libopts
+RDEPEND=">=dev-libs/libtasn1-4.3[${MULTILIB_USEDEP}]
+ >=dev-libs/nettle-2.7:=[gmp,${MULTILIB_USEDEP}]
+ >=dev-libs/gmp-5.1.3-r1[${MULTILIB_USEDEP}]
+ sys-devel/autogen
+ crywrap? ( net-dns/libidn )
+ dane? ( >=net-dns/unbound-1.4.20[${MULTILIB_USEDEP}] )
+ guile? ( >=dev-scheme/guile-1.8:*[networking] )
+ nls? ( >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] )
+ pkcs11? ( >=app-crypt/p11-kit-0.20.7[${MULTILIB_USEDEP}] )
+ zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
+ abi_x86_32? (
+ !<=app-emulation/emul-linux-x86-baselibs-20140508
+ !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+ )"
+DEPEND="${RDEPEND}
+ >=sys-devel/automake-1.11.6
+ >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+ doc? (
+ sys-apps/texinfo
+ dev-util/gtk-doc
+ )
+ nls? ( sys-devel/gettext )
+ test? ( app-misc/datefudge )"
+
+DOCS=( AUTHORS ChangeLog NEWS README THANKS doc/TODO )
+
+pkg_setup() {
+ # bug#520818
+ export TZ=UTC
+}
+
+src_prepare() {
+ epatch "${FILESDIR}/${P}-build-allow-installing-man-1-even-with-disable-doc.patch"
+
+ sed -i \
+ -e 's/imagesdir = $(infodir)/imagesdir = $(htmldir)/' \
+ doc/Makefile.am || die
+
+ # force regeneration of autogen-ed files
+ local file
+ for file in $(grep -l AutoGen-ed src/*.c) ; do
+ rm src/$(basename ${file} .c).{c,h} || die
+ done
+
+ # force regeneration of makeinfo files
+ # have no idea why on some system these files are not
+ # accepted as-is, see bug#520818
+ for file in $(grep -l "produced by makeinfo" doc/*.info) ; do
+ rm "${file}" || die
+ done
+
+ # support user patches
+ epatch_user
+
+ eautoreconf
+
+ # Use sane .so versioning on FreeBSD.
+ elibtoolize
+
+ # bug 497472
+ use cxx || epunt_cxx
+}
+
+multilib_src_configure() {
+ LINGUAS="${LINGUAS//en/en@boldquot en@quot}"
+
+ # TPM needs to be tested before being enabled
+ # hardware-accell is disabled on OSX because the asm files force
+ # GNU-stack (as doesn't support that) and when that's removed ld
+ # complains about duplicate symbols
+ ECONF_SOURCE=${S} \
+ econf \
+ --htmldir="${EPREFIX}/usr/share/doc/${PF}/html" \
+ --disable-valgrind-tests \
+ --without-included-libtasn1 \
+ --enable-heartbeat-support \
+ $(use_enable cxx) \
+ $(use_enable dane libdane) \
+ $(multilib_native_enable manpages) \
+ $(multilib_native_use_enable doc) \
+ $(multilib_native_use_enable doc gtk-doc) \
+ $(multilib_native_use_enable guile) \
+ $(multilib_native_use_enable crywrap) \
+ $(use_enable nls) \
+ $(use_enable openssl openssl-compatibility) \
+ $(use_enable static-libs static) \
+ $(use_with pkcs11 p11-kit) \
+ $(use_with zlib) \
+ --without-tpm \
+ --with-unbound-root-key-file=/etc/dnssec/root-anchors.txt \
+ $([[ ${CHOST} == *-darwin* ]] && echo --disable-hardware-acceleration)
+
+ if multilib_is_native_abi; then
+ ln -s "${S}"/doc/reference/html doc/reference/html || die
+ fi
+}
+
+multilib_src_compile() {
+ if multilib_is_native_abi; then
+ default
+
+ # symlink certtool for use in other ABIs
+ if use test; then
+ ln -s "${BUILD_DIR}"/src "${T}"/native-tools || die
+ fi
+ else
+ emake -C gl
+ emake -C lib
+ emake -C extra
+ use dane && emake -C libdane
+ fi
+}
+
+multilib_src_test() {
+ if multilib_is_native_abi; then
+ # parallel testing often fails
+ emake -j1 check
+ else
+ # use native ABI tools
+ ln -s "${T}"/native-tools/{certtool,gnutls-{serv,cli}} \
+ "${BUILD_DIR}"/src/ || die
+
+ emake -C gl -j1 check
+ emake -C tests -j1 check
+ fi
+}
+
+multilib_src_install() {
+ if multilib_is_native_abi; then
+ emake DESTDIR="${D}" install
+ else
+ emake -C lib DESTDIR="${D}" install
+ emake -C extra DESTDIR="${D}" install
+ use dane && emake -C libdane DESTDIR="${D}" install
+ fi
+}
+
+multilib_src_install_all() {
+ einstalldocs
+ prune_libtool_files --all
+
+ dodoc doc/certtool.cfg
+
+ if use doc; then
+ dohtml doc/gnutls.html
+ else
+ rm -fr "${ED}/usr/share/doc/${PF}/html"
+ fi
+
+ if use examples; then
+ docinto examples
+ dodoc doc/examples/*.c
+ fi
+}
diff --git a/net-libs/gnutls/gnutls-3.4.7-r1.ebuild b/net-libs/gnutls/gnutls-3.4.7-r1.ebuild
new file mode 100644
index 0000000..89d3fc4
--- /dev/null
+++ b/net-libs/gnutls/gnutls-3.4.7-r1.ebuild
@@ -0,0 +1,135 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit autotools libtool eutils multilib-minimal versionator
+
+DESCRIPTION="A TLS 1.2 and SSL 3.0 implementation for the GNU project"
+HOMEPAGE="http://www.gnutls.org/"
+SRC_URI="mirror://gnupg/gnutls/v$(get_version_component_range 1-2)/${P}.tar.xz"
+
+# LGPL-3 for libgnutls library and GPL-3 for libgnutls-extra library.
+# soon to be relicensed as LGPL-2.1 unless heartbeat extension enabled.
+LICENSE="GPL-3 LGPL-3"
+SLOT="0/30" # libgnutls.so number
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x86-interix ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x86-solaris"
+IUSE_LINGUAS=" en cs de fi fr it ms nl pl sv uk vi zh_CN"
+IUSE="+cxx +crywrap dane doc examples guile nls +openssl pkcs11 static-libs test +tools zlib ${IUSE_LINGUAS// / linguas_}"
+# heartbeat support is not disabled until re-licensing happens fullyf
+
+# NOTICE: sys-devel/autogen is required at runtime as we
+# use system libopts
+RDEPEND=">=dev-libs/libtasn1-4.3[${MULTILIB_USEDEP}]
+ >=dev-libs/nettle-3.1:=[gmp,${MULTILIB_USEDEP}]
+ >=dev-libs/gmp-5.1.3-r1[${MULTILIB_USEDEP}]
+ tools? ( sys-devel/autogen )
+ crywrap? ( net-dns/libidn )
+ dane? ( >=net-dns/unbound-1.4.20[${MULTILIB_USEDEP}] )
+ guile? ( >=dev-scheme/guile-1.8:*[networking] )
+ nls? ( >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] )
+ pkcs11? ( >=app-crypt/p11-kit-0.23.1[${MULTILIB_USEDEP}] )
+ zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
+ abi_x86_32? (
+ !<=app-emulation/emul-linux-x86-baselibs-20140508
+ !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+ )"
+DEPEND="${RDEPEND}
+ >=sys-devel/automake-1.11.6
+ >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+ doc? (
+ sys-apps/texinfo
+ dev-util/gtk-doc
+ )
+ nls? ( sys-devel/gettext )
+ test? ( app-misc/datefudge )"
+
+DOCS=( AUTHORS ChangeLog NEWS README THANKS doc/TODO )
+
+pkg_setup() {
+ # bug#520818
+ export TZ=UTC
+}
+
+src_prepare() {
+ epatch "${FILESDIR}/${P}-build-allow-installing-man-1-even-with-disable-doc.patch"
+
+ sed -i \
+ -e 's/imagesdir = $(infodir)/imagesdir = $(htmldir)/' \
+ doc/Makefile.am || die
+
+ # force regeneration of autogen-ed files
+ local file
+ for file in $(grep -l AutoGen-ed src/*.c) ; do
+ rm src/$(basename ${file} .c).{c,h} || die
+ done
+
+ # force regeneration of makeinfo files
+ # have no idea why on some system these files are not
+ # accepted as-is, see bug#520818
+ for file in $(grep -l "produced by makeinfo" doc/*.info) ; do
+ rm "${file}" || die
+ done
+
+ # support user patches
+ epatch_user
+
+ eautoreconf
+
+ # Use sane .so versioning on FreeBSD.
+ elibtoolize
+
+ # bug 497472
+ use cxx || epunt_cxx
+}
+
+multilib_src_configure() {
+ LINGUAS="${LINGUAS//en/en@boldquot en@quot}"
+
+ # TPM needs to be tested before being enabled
+ # hardware-accell is disabled on OSX because the asm files force
+ # GNU-stack (as doesn't support that) and when that's removed ld
+ # complains about duplicate symbols
+ ECONF_SOURCE=${S} \
+ econf \
+ --htmldir="${EPREFIX}/usr/share/doc/${PF}/html" \
+ --disable-valgrind-tests \
+ --without-included-libtasn1 \
+ --enable-heartbeat-support \
+ $(use_enable cxx) \
+ $(use_enable dane libdane) \
+ $(multilib_native_enable manpages) \
+ $(multilib_native_use_enable tools) \
+ $(multilib_native_use_enable doc) \
+ $(multilib_native_use_enable doc gtk-doc) \
+ $(multilib_native_use_enable guile) \
+ $(multilib_native_use_enable crywrap) \
+ $(multilib_native_use_enable test tests) \
+ $(use_enable nls) \
+ $(use_enable openssl openssl-compatibility) \
+ $(use_enable static-libs static) \
+ $(use_with pkcs11 p11-kit) \
+ $(use_with zlib) \
+ --without-tpm \
+ --with-unbound-root-key-file=/etc/dnssec/root-anchors.txt \
+ $([[ ${CHOST} == *-darwin* ]] && echo --disable-hardware-acceleration)
+}
+
+multilib_src_install_all() {
+ einstalldocs
+ prune_libtool_files --all
+
+ dodoc doc/certtool.cfg
+
+ if use doc; then
+ dohtml doc/gnutls.html
+ else
+ rm -fr "${ED}/usr/share/doc/${PF}/html"
+ fi
+
+ if use examples; then
+ docinto examples
+ dodoc doc/examples/*.c
+ fi
+}
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-libs/gnutls/, net-libs/gnutls/files/
@ 2016-08-12 16:43 Alon Bar-Lev
0 siblings, 0 replies; 13+ messages in thread
From: Alon Bar-Lev @ 2016-08-12 16:43 UTC (permalink / raw
To: gentoo-commits
commit: 7151cfbeaec4f1c8cfae0491ffece7be694269af
Author: Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
AuthorDate: Fri Aug 12 16:42:12 2016 +0000
Commit: Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
CommitDate: Fri Aug 12 16:42:32 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7151cfbe
net-libs/gnutls: fix parallel build
Bug: 590918
Thanks: Oleg
Package-Manager: portage-2.2.28
net-libs/gnutls/files/gnutls-3.4.14-build.patch | 25 +++++
net-libs/gnutls/gnutls-3.4.14-r1.ebuild | 133 ++++++++++++++++++++++++
2 files changed, 158 insertions(+)
diff --git a/net-libs/gnutls/files/gnutls-3.4.14-build.patch b/net-libs/gnutls/files/gnutls-3.4.14-build.patch
new file mode 100644
index 0000000..5803bf5
--- /dev/null
+++ b/net-libs/gnutls/files/gnutls-3.4.14-build.patch
@@ -0,0 +1,25 @@
+From 107e1df19715ffd4701bfcd3325c5cc80e5174b0 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@redhat.com>
+Date: Thu, 18 Feb 2016 09:17:17 +0100
+Subject: [PATCH] src: added systemkey-args to BUILT_SOURCES
+
+---
+ src/Makefile.am | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/Makefile.am b/src/Makefile.am
+index 1901a76..fda8b9e 100644
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -25,7 +25,7 @@ BUILT_SOURCES = srptool-args.c srptool-args.h \
+ serv-args.c serv-args.h cli-args.c cli-args.h \
+ cli-debug-args.c cli-debug-args.h certtool-args.c certtool-args.h \
+ danetool-args.c danetool-args.h p11tool-args.c p11tool-args.h \
+- tpmtool-args.c tpmtool-args.h
++ tpmtool-args.c tpmtool-args.h systemkey-args.c systemkey-args.h
+
+ if ENABLE_CRYWRAP
+ SUBDIRS += crywrap
+--
+2.7.3
+
diff --git a/net-libs/gnutls/gnutls-3.4.14-r1.ebuild b/net-libs/gnutls/gnutls-3.4.14-r1.ebuild
new file mode 100644
index 0000000..5656755
--- /dev/null
+++ b/net-libs/gnutls/gnutls-3.4.14-r1.ebuild
@@ -0,0 +1,133 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+inherit autotools libtool eutils multilib-minimal versionator
+
+DESCRIPTION="A TLS 1.2 and SSL 3.0 implementation for the GNU project"
+HOMEPAGE="http://www.gnutls.org/"
+SRC_URI="mirror://gnupg/gnutls/v$(get_version_component_range 1-2)/${P}.tar.xz"
+
+LICENSE="GPL-3 LGPL-2.1"
+SLOT="0/30" # libgnutls.so number
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x86-interix ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x86-solaris"
+IUSE_LINGUAS=" en cs de fi fr it ms nl pl sv uk vi zh_CN"
+IUSE="+cxx +crywrap dane doc examples guile nls +openssl pkcs11 static-libs test +tls-heartbeat +tools zlib ${IUSE_LINGUAS// / linguas_}"
+
+# NOTICE: sys-devel/autogen is required at runtime as we
+# use system libopts
+RDEPEND=">=dev-libs/libtasn1-4.3[${MULTILIB_USEDEP}]
+ >=dev-libs/nettle-3.1:=[gmp,${MULTILIB_USEDEP}]
+ >=dev-libs/gmp-5.1.3-r1[${MULTILIB_USEDEP}]
+ tools? ( sys-devel/autogen )
+ crywrap? ( net-dns/libidn )
+ dane? ( >=net-dns/unbound-1.4.20[${MULTILIB_USEDEP}] )
+ guile? ( >=dev-scheme/guile-1.8:*[networking] )
+ nls? ( >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] )
+ pkcs11? ( >=app-crypt/p11-kit-0.23.1[${MULTILIB_USEDEP}] )
+ zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
+ abi_x86_32? (
+ !<=app-emulation/emul-linux-x86-baselibs-20140508
+ !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+ )"
+DEPEND="${RDEPEND}
+ >=sys-devel/automake-1.11.6
+ >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+ doc? (
+ sys-apps/texinfo
+ dev-util/gtk-doc
+ )
+ nls? ( sys-devel/gettext )
+ test? ( app-misc/datefudge )"
+
+DOCS=( AUTHORS ChangeLog NEWS README THANKS doc/TODO )
+
+PATCHES=(
+ "${FILESDIR}/${PN}-3.4.7-build-allow-installing-man-1-even-with-disable-doc.patch"
+ "${FILESDIR}/${PN}-3.4.14-build.patch"
+)
+
+pkg_setup() {
+ # bug#520818
+ export TZ=UTC
+}
+
+src_prepare() {
+ default
+
+ sed -i \
+ -e 's/imagesdir = $(infodir)/imagesdir = $(htmldir)/' \
+ doc/Makefile.am || die
+
+ # force regeneration of autogen-ed files
+ local file
+ for file in $(grep -l AutoGen-ed src/*.c) ; do
+ rm src/$(basename ${file} .c).{c,h} || die
+ done
+
+ # force regeneration of makeinfo files
+ # have no idea why on some system these files are not
+ # accepted as-is, see bug#520818
+ for file in $(grep -l "produced by makeinfo" doc/*.info) ; do
+ rm "${file}" || die
+ done
+
+ eautoreconf
+
+ # Use sane .so versioning on FreeBSD.
+ elibtoolize
+
+ # bug 497472
+ use cxx || epunt_cxx
+}
+
+multilib_src_configure() {
+ LINGUAS="${LINGUAS//en/en@boldquot en@quot}"
+
+ # TPM needs to be tested before being enabled
+ # hardware-accell is disabled on OSX because the asm files force
+ # GNU-stack (as doesn't support that) and when that's removed ld
+ # complains about duplicate symbols
+ ECONF_SOURCE=${S} \
+ econf \
+ --disable-valgrind-tests \
+ --without-included-libtasn1 \
+ $(use_enable cxx) \
+ $(use_enable dane libdane) \
+ $(multilib_native_enable manpages) \
+ $(multilib_native_use_enable tools) \
+ $(multilib_native_use_enable doc) \
+ $(multilib_native_use_enable doc gtk-doc) \
+ $(multilib_native_use_enable guile) \
+ $(multilib_native_use_enable crywrap) \
+ $(multilib_native_use_enable test tests) \
+ $(use_enable nls) \
+ $(use_enable openssl openssl-compatibility) \
+ $(use_enable tls-heartbeat heartbeat-support) \
+ $(use_enable static-libs static) \
+ $(use_with pkcs11 p11-kit) \
+ $(use_with zlib) \
+ --without-tpm \
+ --with-unbound-root-key-file=/etc/dnssec/root-anchors.txt \
+ $([[ ${CHOST} == *-darwin* ]] && echo --disable-hardware-acceleration)
+}
+
+multilib_src_install_all() {
+ einstalldocs
+ prune_libtool_files --all
+
+ dodoc doc/certtool.cfg
+
+ if use doc; then
+ dohtml doc/gnutls.html
+ else
+ rm -fr "${ED}/usr/share/doc/${PF}/html"
+ fi
+
+ if use examples; then
+ docinto examples
+ dodoc doc/examples/*.c
+ fi
+}
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-libs/gnutls/, net-libs/gnutls/files/
@ 2017-05-19 15:50 Alon Bar-Lev
0 siblings, 0 replies; 13+ messages in thread
From: Alon Bar-Lev @ 2017-05-19 15:50 UTC (permalink / raw
To: gentoo-commits
commit: 3782a23cc43e7c22e50ce524761f2385ddb25543
Author: Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
AuthorDate: Fri May 19 15:50:15 2017 +0000
Commit: Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
CommitDate: Fri May 19 15:50:15 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3782a23c
net-libs/gnutls: cleanup
Package-Manager: Portage-2.3.5, Repoman-2.3.1
net-libs/gnutls/Manifest | 1 -
net-libs/gnutls/files/gnutls-3.5.11-tests.patch | 166 ------------------------
net-libs/gnutls/gnutls-3.5.11.ebuild | 138 --------------------
3 files changed, 305 deletions(-)
diff --git a/net-libs/gnutls/Manifest b/net-libs/gnutls/Manifest
index 3fd74bfe2f3..10fcfed1f5f 100644
--- a/net-libs/gnutls/Manifest
+++ b/net-libs/gnutls/Manifest
@@ -1,4 +1,3 @@
DIST gnutls-3.3.26.tar.xz 6361068 SHA256 6a7d882b6b581d684883fde195abf930dab37dfbe6aaea88ab164252bec720d9 SHA512 41259f760f5ed9b87d4203de567efb1a2087e01a025f2ea0f14167f146ecd640fbddeab390fbae6acc262507229894774db883d0892d448068ee73abb110738f WHIRLPOOL afca5aabebf36064847933662736c7713b837375db2c91c416d43a980407d912edf8fb64f53615c0bed770f46a9d2e0a3eb309f6a66281f5377e50a02863c8e7
DIST gnutls-3.3.27.tar.xz 6364824 SHA256 8dfda16c158ef5c134010d51d1a91d02aa5d43b8cb711b1572650a7ffb56b17f SHA512 2cc5706b502a500375f706d1a7321af4c55554d3052f35cf24cbb288f9568ce891999d0f401119d04f594e9bc79e2e68d3c008648604032222ad2a6d8224bbdf WHIRLPOOL 508ac8939e471155bd5d49510111fca4eb5b5362f0bae8ec16f98eb16aeaa44ff06448fd7793398e56f9713b344b0b27a32e66c24cbdc062d33bc74dd6b83f57
-DIST gnutls-3.5.11.tar.xz 7208068 SHA256 51765cc5579e250da77fbd7871507c517d01b15353cc40af7b67e9ec7b6fe28f SHA512 ce7e68bae417c114dcd8d2d8f84a69c233e41aa0591cb35f3872db29164031b53e1688553eb1c829602512954066aef6b0894ce50deb556723b93fd8e5817ac5 WHIRLPOOL 0c237b924148aef3fdee82567962c379293054f2b73e7740fc73aef9dc70f19007992a3d69bd2b3b0939c5ef4b34350fe69c99e94f46f3784d326eb6ddce9c01
DIST gnutls-3.5.12.tar.xz 7212652 SHA256 63cb39a5eaa029381df2e49a74cfb7be89fc4a592445191818ffe1e66bde57cb SHA512 8fec23e7e494a2e15e0f938115cae1ba3fee952d634db387f983b01096f68ca4313b23bc4c439d3c7fdd07c861eac4913a7c2343c8704961588ae195886ec90c WHIRLPOOL f7309aa89e75ed75371893ba4e4ac89f9f8bc7a61ef10ae4c4986aec290ae2dc5108cd3cc6463af6700ddab3754c6fcbd10ac95d3c40c4549cfdf6b3289f8a72
diff --git a/net-libs/gnutls/files/gnutls-3.5.11-tests.patch b/net-libs/gnutls/files/gnutls-3.5.11-tests.patch
deleted file mode 100644
index e81ecedbc34..00000000000
--- a/net-libs/gnutls/files/gnutls-3.5.11-tests.patch
+++ /dev/null
@@ -1,166 +0,0 @@
-From e03782b6ce2f5b909ebb65ff1682126302200c80 Mon Sep 17 00:00:00 2001
-From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
-Date: Tue, 7 Mar 2017 22:39:20 +0100
-Subject: [PATCH] tests: do not run tests which require openpgp when it is
- disabled
-
-Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
----
- tests/openpgp-callback.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/tests/openpgp-callback.c b/tests/openpgp-callback.c
-index c3f2c4c..3df10ac 100644
---- a/tests/openpgp-callback.c
-+++ b/tests/openpgp-callback.c
-@@ -27,7 +27,7 @@
- #include <stdio.h>
- #include <stdlib.h>
-
--#if defined(_WIN32)
-+#if defined(_WIN32) || !defined(ENABLED_OPENPGP)
-
- /* socketpair isn't supported on Win32. */
- int main(int argc, char **argv)
---
-2.10.2
-
-From 72e9bc6f807924ae563f247272ebd8437f7fd5db Mon Sep 17 00:00:00 2001
-From: Nikos Mavrogiannopoulos <nmav@redhat.com>
-Date: Wed, 8 Mar 2017 16:00:02 +0100
-Subject: [PATCH] tests: dtls-stress: use X.509 certificates instead of openpgp
-
-This will allow the test tool to operate even after openpgp certificates
-are deprecated.
-
-Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
----
- tests/dtls/Makefile.am | 1 +
- tests/dtls/dtls-stress.c | 67 ++++++------------------------------------------
- 2 files changed, 9 insertions(+), 59 deletions(-)
-
-diff --git a/tests/dtls/Makefile.am b/tests/dtls/Makefile.am
-index 8f56408..6c8f411 100644
---- a/tests/dtls/Makefile.am
-+++ b/tests/dtls/Makefile.am
-@@ -30,6 +30,7 @@ AM_CPPFLAGS = \
- -I$(top_srcdir)/extra/includes \
- -I$(top_builddir)/extra/includes \
- -I$(top_srcdir)/lib \
-+ -I$(top_srcdir)/tests \
- -I$(top_srcdir)/doc/examples
-
- AM_LDFLAGS = -no-install
-diff --git a/tests/dtls/dtls-stress.c b/tests/dtls/dtls-stress.c
-index c9493af..01e5eca 100644
---- a/tests/dtls/dtls-stress.c
-+++ b/tests/dtls/dtls-stress.c
-@@ -101,6 +101,7 @@
- #include <errno.h>
- #include <poll.h>
- #include <time.h>
-+#include <assert.h>
- #include <sys/wait.h>
-
- #if _POSIX_TIMERS && (_POSIX_TIMERS - 200112L) >= 0
-@@ -232,56 +233,7 @@ static const char *filter_names_full[12]
- "SFinished"
- };
-
--static const unsigned char PUBKEY[] =
-- "-----BEGIN PGP PUBLIC KEY BLOCK-----\n"
-- "\n"
-- "mI0ETz0XRAEEAKXSU/tg2yGvoKf/r1pdzj7dnfPHeS+BRiT34763uUhibAbTgMkp\n"
-- "v44OlBPiAaZ54uuXVkz8e4pgvrBgQwIRtNp3xPaWF1CfC4F+V4LdZV8l8IG+AfES\n"
-- "K0GbfUS4q8vjnPJ0TyxnXE2KtbcRdzZzWBshJ8KChKwbH2vvrMrlmEeZABEBAAG0\n"
-- "CHRlc3Qga2V5iLgEEwECACIFAk89F0QCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4B\n"
-- "AheAAAoJEMNjhmkfkLY9J/YD+wYZ2BD/0/c5gkkDP2NlVvrLGyFmEwQcR7DcaQYB\n"
-- "P3/Teq2gnscZ5Xm/z1qgGEpwmaVfVHY8mfEj8bYI8jAu0v1C1jCtJPUTmxf9tmkZ\n"
-- "QYFNR8T+F5Xae2XseOH70lSN/AEiW02BEBFlGBx0a3T30muFfqi/KawaE7KKn2e4\n"
-- "uNWvuI0ETz0XRAEEAKgZExsb7Lf9P3DmwJSvNVdkGVny7wr4/M1s0CDX20NkO7Y1\n"
-- "Ao9g+qFo5MlCOEuzjVaEYmM+rro7qyxmDKsaNIzZF1VN5UeYgPFyLcBK7C+QwUqw\n"
-- "1PUl/w4dFq8neQyqIPUVGRwQPlwpkkabRPNT3t/7KgDJvYzV9uu+cXCyfqErABEB\n"
-- "AAGInwQYAQIACQUCTz0XRAIbDAAKCRDDY4ZpH5C2PTBtBACVsR6l4HtuzQb5WFQt\n"
-- "sD/lQEk6BEY9aVfK957Oj+A4alGEGObToqVJFo/nq+P7aWExIXucJQRL8lYnC7u+\n"
-- "GjPVCun5TYzKMiryxHPkQr9NBx4hh8JjkDCc8nAgI3il49uPYkmsv70CgqJFFtT8\n"
-- "NfM+8fS537I+XA+hfjt20NUFIA==\n"
-- "=oD3a\n" "-----END PGP PUBLIC KEY BLOCK-----\n";
--
--static const unsigned char PRIVKEY[] =
-- "-----BEGIN PGP PRIVATE KEY BLOCK-----\n"
-- "\n"
-- "lQHYBE89F0QBBACl0lP7YNshr6Cn/69aXc4+3Z3zx3kvgUYk9+O+t7lIYmwG04DJ\n"
-- "Kb+ODpQT4gGmeeLrl1ZM/HuKYL6wYEMCEbTad8T2lhdQnwuBfleC3WVfJfCBvgHx\n"
-- "EitBm31EuKvL45zydE8sZ1xNirW3EXc2c1gbISfCgoSsGx9r76zK5ZhHmQARAQAB\n"
-- "AAP6A6VhRVi22MHE1YzQrTr8yvMSgwayynGcOjndHxdpEodferLx1Pp/BL+bT+ib\n"
-- "Qq7RZ363Xg/7I2rHJpenQYdkI5SI4KrXIV57p8G+isyTtsxU38SY84WoB5os8sfT\n"
-- "YhxG+edoTfDzXkRSWFB8EUjRaLa2b//nvLpxNRyqDSzzUxECAMtEnL5H/8gHbpZf\n"
-- "D98TSJVxdAl9rBAQaVMgrFgcU/IlmxCyVEh9eh/P261tefgOnyVcGFYHxdZvJ3td\n"
-- "miM+DNUCANDW1S9t7IiqflDpQIS2wGTZ/rLKPoE1F3285EaYAd0FQUq0O4/Nu31D\n"
-- "5pz/S7D+PfXn9oEZH3Dvl3EVIDyq4bUB+QEzFc3BsH2uueD3g42RoBfMGl6m3LI9\n"
-- "yWOnrUmIW+h9Fu8W9mcU6y82Q1G7OPIxA1me/Qtzo20lGQa8jAyzLhuit7QIdGVz\n"
-- "dCBrZXmIuAQTAQIAIgUCTz0XRAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AA\n"
-- "CgkQw2OGaR+Qtj0n9gP7BhnYEP/T9zmCSQM/Y2VW+ssbIWYTBBxHsNxpBgE/f9N6\n"
-- "raCexxnleb/PWqAYSnCZpV9UdjyZ8SPxtgjyMC7S/ULWMK0k9RObF/22aRlBgU1H\n"
-- "xP4Xldp7Zex44fvSVI38ASJbTYEQEWUYHHRrdPfSa4V+qL8prBoTsoqfZ7i41a+d\n"
-- "AdgETz0XRAEEAKgZExsb7Lf9P3DmwJSvNVdkGVny7wr4/M1s0CDX20NkO7Y1Ao9g\n"
-- "+qFo5MlCOEuzjVaEYmM+rro7qyxmDKsaNIzZF1VN5UeYgPFyLcBK7C+QwUqw1PUl\n"
-- "/w4dFq8neQyqIPUVGRwQPlwpkkabRPNT3t/7KgDJvYzV9uu+cXCyfqErABEBAAEA\n"
-- "A/4wX+brqkGZQTv8lateHn3PRHM3O34nPjgiNeo/SV9EKZg1e1PdRx9ZTAJrGK9y\n"
-- "uZ03BKn7vZIy7fD4ufVzV/s/BaypVmvwjZud8fdMgsMQAJYtoMhozbOtUelCFpja\n"
-- "I1xAbDBx1PAAbS8Sh022/0jvOGnZhvkgZMG90z7AEANUYQIAwzywU087TcJk8Bzd\n"
-- "37JGWyE4f3iYFGA+r8BoIOrxvvgfUHKxdhG0gaT8SDeRAwNY6D43dCBZkG7Uel1F\n"
-- "x9MlLQIA3Goaz58hEN0fdm4TM7A8crtMB+f8/h87EneBgMl+Yj/3sklhyahR6Itm\n"
-- "lGuAAGTAOmD7i8OmS/a1ac5MtHAGtwH6A0B5GjaL8VnLQo4vFnuR7JuCQaLqGadV\n"
-- "mBmKxVHElduLf/VauBQPD5KZA+egpg+laJ4JLVXMmKIZGqRzopcIWZnKiJ8EGAEC\n"
-- "AAkFAk89F0QCGwwACgkQw2OGaR+Qtj0wbQQAlbEepeB7bs0G+VhULbA/5UBJOgRG\n"
-- "PWlXyveezo/gOGpRhBjm06KlSRaP56vj+2lhMSF7nCUES/JWJwu7vhoz1Qrp+U2M\n"
-- "yjIq8sRz5EK/TQceIYfCY5AwnPJwICN4pePbj2JJrL+9AoKiRRbU/DXzPvH0ud+y\n"
-- "PlwPoX47dtDVBSA=\n" "=EVlv\n" "-----END PGP PRIVATE KEY BLOCK-----\n";
-+#include "cert-common.h"
-
- // }}}
-
-@@ -736,13 +688,10 @@ static void await(int fd, int timeout)
-
- static void cred_init(void)
- {
-- gnutls_datum_t key = { (unsigned char *)PUBKEY, sizeof(PUBKEY) };
-- gnutls_datum_t sec = { (unsigned char *)PRIVKEY, sizeof(PRIVKEY) };
-+ assert(gnutls_certificate_allocate_credentials(&cred)>=0);
-
-- gnutls_certificate_allocate_credentials(&cred);
--
-- gnutls_certificate_set_openpgp_key_mem(cred, &key, &sec,
-- GNUTLS_OPENPGP_FMT_BASE64);
-+ gnutls_certificate_set_x509_key_mem(cred, &cli_ca3_cert, &cli_ca3_key,
-+ GNUTLS_X509_FMT_PEM);
- }
-
- static void session_init(int sock, int server)
-@@ -751,7 +700,7 @@ static void session_init(int sock, int server)
- GNUTLS_DATAGRAM | (server ? GNUTLS_SERVER : GNUTLS_CLIENT)
- | GNUTLS_NONBLOCK * nonblock);
- gnutls_priority_set_direct(session,
-- "+CTYPE-OPENPGP:+CIPHER-ALL:+MAC-ALL:+ECDHE-RSA:+ANON-ECDH",
-+ "NORMAL:+ECDHE-RSA:+ANON-ECDH",
- 0);
- gnutls_transport_set_int(session, sock);
-
-@@ -763,11 +712,11 @@ static void session_init(int sock, int server)
- }
- } else if (server) {
- gnutls_anon_server_credentials_t acred;
-- gnutls_anon_allocate_server_credentials(&acred);
-+ assert(gnutls_anon_allocate_server_credentials(&acred)>=0);
- gnutls_credentials_set(session, GNUTLS_CRD_ANON, acred);
- } else {
- gnutls_anon_client_credentials_t acred;
-- gnutls_anon_allocate_client_credentials(&acred);
-+ assert(gnutls_anon_allocate_client_credentials(&acred)>=0);
- gnutls_credentials_set(session, GNUTLS_CRD_ANON, acred);
- }
-
---
-2.10.2
-
diff --git a/net-libs/gnutls/gnutls-3.5.11.ebuild b/net-libs/gnutls/gnutls-3.5.11.ebuild
deleted file mode 100644
index 21820c477a1..00000000000
--- a/net-libs/gnutls/gnutls-3.5.11.ebuild
+++ /dev/null
@@ -1,138 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit libtool ltprune multilib-minimal versionator
-
-DESCRIPTION="A TLS 1.2 and SSL 3.0 implementation for the GNU project"
-HOMEPAGE="http://www.gnutls.org/"
-SRC_URI="mirror://gnupg/gnutls/v$(get_version_component_range 1-2)/${P}.tar.xz"
-
-LICENSE="GPL-3 LGPL-2.1"
-SLOT="0/30" # libgnutls.so number
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE_LINGUAS=" en cs de fi fr it ms nl pl sv uk vi zh_CN"
-IUSE="+cxx dane doc examples guile +idn nls openpgp +openssl pkcs11 sslv2 +sslv3 seccomp static-libs test test-full +tls-heartbeat tools valgrind zlib ${IUSE_LINGUAS// / linguas_}"
-
-REQUIRED_USE="
- test-full? ( guile pkcs11 openpgp openssl idn seccomp tools zlib )"
-
-# NOTICE: sys-devel/autogen is required at runtime as we
-# use system libopts
-RDEPEND=">=dev-libs/libtasn1-4.9:=[${MULTILIB_USEDEP}]
- dev-libs/libunistring:=[${MULTILIB_USEDEP}]
- >=dev-libs/nettle-3.1:=[gmp,${MULTILIB_USEDEP}]
- >=dev-libs/gmp-5.1.3-r1:=[${MULTILIB_USEDEP}]
- tools? ( sys-devel/autogen )
- dane? ( >=net-dns/unbound-1.4.20[${MULTILIB_USEDEP}] )
- guile? ( >=dev-scheme/guile-1.8:=[networking] )
- nls? ( >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] )
- pkcs11? ( >=app-crypt/p11-kit-0.23.1[${MULTILIB_USEDEP}] )
- zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
- idn? ( >=net-dns/libidn2-0.16-r1[${MULTILIB_USEDEP}] )
- abi_x86_32? (
- !<=app-emulation/emul-linux-x86-baselibs-20140508
- !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
- )"
-DEPEND="${RDEPEND}
- >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
- doc? ( dev-util/gtk-doc )
- nls? ( sys-devel/gettext )
- valgrind? ( dev-util/valgrind )
- test? (
- seccomp? ( sys-libs/libseccomp )
- )
- test-full? (
- guile? ( >=dev-scheme/guile-2 )
- app-crypt/dieharder
- app-misc/datefudge
- dev-libs/softhsm:2[-bindist]
- net-dialup/ppp
- net-misc/socat
- )"
-
-DOCS=(
- README.md
- doc/certtool.cfg
-)
-
-HTML_DOCS=()
-
-PATCHES=(
- "${FILESDIR}/${P}-tests.patch"
-)
-
-pkg_setup() {
- # bug#520818
- export TZ=UTC
-
- use doc && HTML_DOCS+=(
- doc/gnutls.html
- )
-}
-
-src_prepare() {
- default
-
- # force regeneration of autogen-ed files
- local file
- for file in $(grep -l AutoGen-ed src/*.c) ; do
- rm src/$(basename ${file} .c).{c,h} || die
- done
-
- # Use sane .so versioning on FreeBSD.
- elibtoolize
-}
-
-multilib_src_configure() {
- LINGUAS="${LINGUAS//en/en@boldquot en@quot}"
-
- # remove magic of library detection
- # bug#438222
- local libconf=($("${S}/configure" --help | grep -- '--without-.*-prefix' | sed -e 's/^ *\([^ ]*\) .*/\1/g'))
-
- # TPM needs to be tested before being enabled
- # hardware-accell is disabled on OSX because the asm files force
- # GNU-stack (as doesn't support that) and when that's removed ld
- # complains about duplicate symbols
- ECONF_SOURCE=${S} econf \
- --without-included-libtasn1 \
- $(use_enable cxx) \
- $(use_enable dane libdane) \
- $(multilib_native_enable manpages) \
- $(multilib_native_use_enable tools) \
- $(multilib_native_use_enable doc) \
- $(multilib_native_use_enable doc gtk-doc) \
- $(multilib_native_use_enable guile) \
- $(multilib_native_use_enable test tests) \
- $(multilib_native_use_enable seccomp seccomp-tests) \
- $(multilib_native_use_enable valgrind valgrind-tests) \
- $(multilib_native_use_enable test-full full-test-suite) \
- $(use_enable nls) \
- $(use_enable openpgp openpgp-authentication) \
- $(use_enable openssl openssl-compatibility) \
- $(use_enable openssl openssl-compatibility) \
- $(use_enable tls-heartbeat heartbeat-support) \
- $(use_enable sslv2 ssl2-support) \
- $(use_enable sslv3 ssl3-support) \
- $(use_enable static-libs static) \
- $(use_with pkcs11 p11-kit) \
- $(use_with zlib) \
- $(use_with idn) \
- $(use_with idn libidn2) \
- --without-tpm \
- --with-unbound-root-key-file="${EPREFIX}/etc/dnssec/root-anchors.txt" \
- "${libconf[@]}" \
- $([[ ${CHOST} == *-darwin* ]] && echo --disable-hardware-acceleration)
-}
-
-multilib_src_install_all() {
- einstalldocs
- prune_libtool_files --all
-
- if use examples; then
- docinto examples
- dodoc doc/examples/*.c
- fi
-}
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-libs/gnutls/, net-libs/gnutls/files/
@ 2017-09-09 19:34 Alon Bar-Lev
0 siblings, 0 replies; 13+ messages in thread
From: Alon Bar-Lev @ 2017-09-09 19:34 UTC (permalink / raw
To: gentoo-commits
commit: 0d72ce7cbd61355efa88da7369d37b1849ec2f4a
Author: Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
AuthorDate: Sat Sep 9 19:31:23 2017 +0000
Commit: Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
CommitDate: Sat Sep 9 19:34:22 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0d72ce7c
net-libs/gnutls: cleanup 3.3 series
Gentoo-Bug: 612340
Package-Manager: Portage-2.3.6, Repoman-2.3.1
net-libs/gnutls/Manifest | 3 -
...ow-installing-man-1-even-with-disable-doc.patch | 94 -----------
net-libs/gnutls/gnutls-3.3.26.ebuild | 181 ---------------------
net-libs/gnutls/gnutls-3.3.27.ebuild | 181 ---------------------
net-libs/gnutls/gnutls-3.3.28.ebuild | 181 ---------------------
net-libs/gnutls/metadata.xml | 5 +-
6 files changed, 1 insertion(+), 644 deletions(-)
diff --git a/net-libs/gnutls/Manifest b/net-libs/gnutls/Manifest
index 9fc72d07f4d..c0a68df90fb 100644
--- a/net-libs/gnutls/Manifest
+++ b/net-libs/gnutls/Manifest
@@ -1,6 +1,3 @@
-DIST gnutls-3.3.26.tar.xz 6361068 SHA256 6a7d882b6b581d684883fde195abf930dab37dfbe6aaea88ab164252bec720d9 SHA512 41259f760f5ed9b87d4203de567efb1a2087e01a025f2ea0f14167f146ecd640fbddeab390fbae6acc262507229894774db883d0892d448068ee73abb110738f WHIRLPOOL afca5aabebf36064847933662736c7713b837375db2c91c416d43a980407d912edf8fb64f53615c0bed770f46a9d2e0a3eb309f6a66281f5377e50a02863c8e7
-DIST gnutls-3.3.27.tar.xz 6364824 SHA256 8dfda16c158ef5c134010d51d1a91d02aa5d43b8cb711b1572650a7ffb56b17f SHA512 2cc5706b502a500375f706d1a7321af4c55554d3052f35cf24cbb288f9568ce891999d0f401119d04f594e9bc79e2e68d3c008648604032222ad2a6d8224bbdf WHIRLPOOL 508ac8939e471155bd5d49510111fca4eb5b5362f0bae8ec16f98eb16aeaa44ff06448fd7793398e56f9713b344b0b27a32e66c24cbdc062d33bc74dd6b83f57
-DIST gnutls-3.3.28.tar.xz 6369560 SHA256 608f63441abc209c5bd5f61e35f2b6128c22e06fa2ad6248a08d8a643feeb807 SHA512 c88c8dca22446f1eda0bd06b57402a9d67c866b87836963cba66ff3209c0781c3106f8d4355c50ed15bd11b3208c029652cd7f00450de68f01651aad7c8e562f WHIRLPOOL cb6c6a796a0c75f0b70bce617ddcde2c34c21626d6ac351cb9c6df585e84a63d4dbe15d0b70a5ad901be4ff914f83f8a7fbb477624ca3e16e25b81c8afbc3f4e
DIST gnutls-3.5.12.tar.xz 7212652 SHA256 63cb39a5eaa029381df2e49a74cfb7be89fc4a592445191818ffe1e66bde57cb SHA512 8fec23e7e494a2e15e0f938115cae1ba3fee952d634db387f983b01096f68ca4313b23bc4c439d3c7fdd07c861eac4913a7c2343c8704961588ae195886ec90c WHIRLPOOL f7309aa89e75ed75371893ba4e4ac89f9f8bc7a61ef10ae4c4986aec290ae2dc5108cd3cc6463af6700ddab3754c6fcbd10ac95d3c40c4549cfdf6b3289f8a72
DIST gnutls-3.5.13.tar.xz 7226468 SHA256 79f5480ad198dad5bc78e075f4a40c4a315a1b2072666919d2d05a08aec13096 SHA512 e98f23a589042f879936c3f8b474535e695fb7dd68a9e81323668c013241f765c2d3af6c6a072ecf867acc1e551ec46e15bb842144d3a06bdd5d2f4fc3d828a7 WHIRLPOOL 89439e7adba634698642a247c418569c0ea6ca6155bfb5dce17c8ed69d2506a37d9ad793122aaaec92adffefa75cb23a857c49ef722c5cf506700fe0c34b6028
DIST gnutls-3.5.14.tar.xz 7228200 SHA256 4aa12dec92f42a0434df794aca3d02f6f2a35b47b48c01252de65f355c051bda SHA512 c55384bdf835c0f7715bfb10b7fa0ac30d26d53ffa5f32af78844cf27985407eed034af77413fb2e94e3a0c0a5fb0597d66f5dbbbe72e5e0658bfeeafa6f7829 WHIRLPOOL c6ae68898983184d00dde78a38a3398b677541ae6316a25544668f183423da1f6c3c7f3709f896f6c135e6907d832d6980f102d77b40758f9cf81c25f68cb086
diff --git a/net-libs/gnutls/files/gnutls-3.3.19-build-allow-installing-man-1-even-with-disable-doc.patch b/net-libs/gnutls/files/gnutls-3.3.19-build-allow-installing-man-1-even-with-disable-doc.patch
deleted file mode 100644
index dda8bfced64..00000000000
--- a/net-libs/gnutls/files/gnutls-3.3.19-build-allow-installing-man-1-even-with-disable-doc.patch
+++ /dev/null
@@ -1,94 +0,0 @@
-From 0f230c6375fd3680837d98f20ee3862e9041af3d Mon Sep 17 00:00:00 2001
-From: Alon Bar-Lev <alon.barlev@gmail.com>
-Date: Fri, 18 Dec 2015 12:14:08 +0200
-Subject: [PATCH] build: allow installing man(1) even with --disable-doc
-
-Currently these man pages are installed only if --enable-doc
-is provided, while these are not actually docs, do not require any
-special dependency, nor consume large space.
-
-This adds --enable-manpages to enable/disable manpages installation, and
-install the man(1) regardless of --disable-doc.
-
-Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
-Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-
----
- Makefile.am | 3 +++
- configure.ac | 10 ++++++++++
- doc/Makefile.am | 2 +-
- doc/manpages/Makefile.am | 2 ++
- 5 files changed, 17 insertions(+), 1 deletion(-)
-
-diff --git a/Makefile.am b/Makefile.am
-index d446711..6e19f26 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -28,6 +28,9 @@ SUBDIRS += libdane
- endif
-
- SUBDIRS += po src
-+if ENABLE_MANPAGES
-+SUBDIRS += doc/manpages
-+endif
- if ENABLE_DOC
- SUBDIRS += doc
- endif
-diff --git a/configure.ac b/configure.ac
-index c7a83b8..d161c05 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -152,6 +152,15 @@ AC_ARG_ENABLE(doc,
- enable_doc=$enableval, enable_doc=yes)
- AM_CONDITIONAL(ENABLE_DOC, test "$enable_doc" != "no")
-
-+AC_ARG_ENABLE(manpages,
-+ AS_HELP_STRING([--enable-manpages], [install manpages even if disable-doc is given]),
-+ enable_manpages=$enableval,enable_manpages=auto)
-+
-+if test "${enable_manpages}" = "auto";then
-+ enable_manpages="${enable_doc}"
-+fi
-+AM_CONDITIONAL(ENABLE_MANPAGES, test "$enable_manpages" != "no")
-+
- AC_ARG_ENABLE(tests,
- AS_HELP_STRING([--disable-tests], [don't compile or run any tests]),
- enable_tests=$enableval, enable_tests=yes)
-@@ -838,6 +847,7 @@ AC_MSG_NOTICE([summary of build options:
- Local libtasn1: ${included_libtasn1}
- Use nettle-mini: ${mini_nettle}
- nettle-version: ${nettle_version}
-+ Documentation: ${enable_doc} (manpages: ${enable_manpages})
- ])
-
- AC_MSG_NOTICE([External hardware support:
-diff --git a/doc/Makefile.am b/doc/Makefile.am
-index d9b4022..492a74a 100644
---- a/doc/Makefile.am
-+++ b/doc/Makefile.am
-@@ -24,7 +24,7 @@ EXTRA_DIST = TODO certtool.cfg gnutls.pdf gnutls.html \
- gnutls-guile.pdf gnutls-guile.html stamp_enums stamp_functions \
- doc.mk
-
--SUBDIRS = examples cyclo scripts manpages credentials latex
-+SUBDIRS = examples cyclo scripts credentials latex
- if ENABLE_GTK_DOC
- SUBDIRS += reference
- endif
-diff --git a/doc/manpages/Makefile.am b/doc/manpages/Makefile.am
-index 6d16787..2840197 100644
---- a/doc/manpages/Makefile.am
-+++ b/doc/manpages/Makefile.am
-@@ -1053,7 +1053,9 @@ APIMANS += gnutls_x509_trust_list_verify_crt.3
- APIMANS += gnutls_x509_trust_list_verify_crt2.3
- APIMANS += gnutls_x509_trust_list_verify_named_crt.3
-
-+if ENABLE_DOC
- dist_man_MANS += $(APIMANS)
-+endif
-
- $(APIMANS): stamp_mans
-
---
-2.4.10
-
diff --git a/net-libs/gnutls/gnutls-3.3.26.ebuild b/net-libs/gnutls/gnutls-3.3.26.ebuild
deleted file mode 100644
index cd9ee855600..00000000000
--- a/net-libs/gnutls/gnutls-3.3.26.ebuild
+++ /dev/null
@@ -1,181 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit autotools epunt-cxx libtool ltprune multilib-minimal versionator
-
-DESCRIPTION="A TLS 1.2 and SSL 3.0 implementation for the GNU project"
-HOMEPAGE="http://www.gnutls.org/"
-SRC_URI="mirror://gnupg/gnutls/v$(get_version_component_range 1-2)/${P}.tar.xz"
-
-# LGPL-3 for libgnutls library and GPL-3 for libgnutls-extra library.
-# soon to be relicensed as LGPL-2.1 unless heartbeat extension enabled.
-LICENSE="GPL-3 LGPL-3"
-SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x86-solaris"
-IUSE_LINGUAS=" en cs de fi fr it ms nl pl sv uk vi zh_CN"
-IUSE="+cxx +crywrap dane doc examples guile nls +openssl pkcs11 static-libs test zlib ${IUSE_LINGUAS// / linguas_}"
-# heartbeat support is not disabled until re-licensing happens fullyf
-
-# NOTICE: sys-devel/autogen is required at runtime as we
-# use system libopts
-RDEPEND=">=dev-libs/libtasn1-4.3:=[${MULTILIB_USEDEP}]
- >=dev-libs/nettle-2.7:=[gmp,${MULTILIB_USEDEP}]
- >=dev-libs/gmp-5.1.3-r1:=[${MULTILIB_USEDEP}]
- sys-devel/autogen
- crywrap? ( net-dns/libidn )
- dane? ( >=net-dns/unbound-1.4.20[${MULTILIB_USEDEP}] )
- guile? ( >=dev-scheme/guile-1.8:=[networking] )
- nls? ( >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] )
- pkcs11? ( >=app-crypt/p11-kit-0.20.7[${MULTILIB_USEDEP}] )
- zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
- abi_x86_32? (
- !<=app-emulation/emul-linux-x86-baselibs-20140508
- !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
- )"
-DEPEND="${RDEPEND}
- >=sys-devel/automake-1.11.6
- >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
- doc? (
- sys-apps/texinfo
- dev-util/gtk-doc
- )
- nls? ( sys-devel/gettext )
- test? ( app-misc/datefudge )"
-
-DOCS=( AUTHORS ChangeLog NEWS README THANKS doc/TODO )
-
-PATCHES=(
- "${FILESDIR}/${PN}-3.3.19-build-allow-installing-man-1-even-with-disable-doc.patch"
-)
-
-pkg_setup() {
- # bug#520818
- export TZ=UTC
-}
-
-src_prepare() {
- default
-
- sed -i \
- -e 's/imagesdir = $(infodir)/imagesdir = $(htmldir)/' \
- doc/Makefile.am || die
-
- # force regeneration of autogen-ed files
- local file
- for file in $(grep -l AutoGen-ed src/*.c) ; do
- rm src/$(basename ${file} .c).{c,h} || die
- done
-
- # force regeneration of makeinfo files
- # have no idea why on some system these files are not
- # accepted as-is, see bug#520818
- for file in $(grep -l "produced by makeinfo" doc/*.info) ; do
- rm "${file}" || die
- done
-
- eautoreconf
-
- # Use sane .so versioning on FreeBSD.
- elibtoolize
-
- # bug 497472
- use cxx || epunt_cxx
-}
-
-multilib_src_configure() {
- LINGUAS="${LINGUAS//en/en@boldquot en@quot}"
-
- # remove magic of library detection
- # bug#438222
- libconf=($("${S}/configure" --help | grep -- '--without-.*-prefix' | sed -e 's/^ *\([^ ]*\) .*/\1/g'))
-
- # TPM needs to be tested before being enabled
- # hardware-accell is disabled on OSX because the asm files force
- # GNU-stack (as doesn't support that) and when that's removed ld
- # complains about duplicate symbols
- ECONF_SOURCE=${S} \
- econf \
- --disable-valgrind-tests \
- --without-included-libtasn1 \
- --enable-heartbeat-support \
- $(use_enable cxx) \
- $(use_enable dane libdane) \
- $(multilib_native_enable manpages) \
- $(multilib_native_use_enable doc) \
- $(multilib_native_use_enable doc gtk-doc) \
- $(multilib_native_use_enable guile) \
- $(multilib_native_use_enable crywrap) \
- $(use_enable nls) \
- $(use_enable openssl openssl-compatibility) \
- $(use_enable static-libs static) \
- $(use_with pkcs11 p11-kit) \
- $(use_with zlib) \
- --without-tpm \
- --with-unbound-root-key-file=/etc/dnssec/root-anchors.txt \
- "${libconf[@]}" \
- $([[ ${CHOST} == *-darwin* ]] && echo --disable-hardware-acceleration)
-
- if multilib_is_native_abi; then
- ln -s "${S}"/doc/reference/html doc/reference/html || die
- fi
-}
-
-multilib_src_compile() {
- if multilib_is_native_abi; then
- default
-
- # symlink certtool for use in other ABIs
- if use test; then
- ln -s "${BUILD_DIR}"/src "${T}"/native-tools || die
- fi
- else
- emake -C gl
- emake -C lib
- emake -C extra
- use dane && emake -C libdane
- fi
-}
-
-multilib_src_test() {
- if multilib_is_native_abi; then
- # parallel testing often fails
- emake -j1 check
- else
- # use native ABI tools
- ln -s "${T}"/native-tools/{certtool,gnutls-{serv,cli}} \
- "${BUILD_DIR}"/src/ || die
-
- emake -C gl -j1 check
- emake -C tests -j1 check
- fi
-}
-
-multilib_src_install() {
- if multilib_is_native_abi; then
- emake DESTDIR="${D}" install
- else
- emake -C lib DESTDIR="${D}" install
- emake -C extra DESTDIR="${D}" install
- use dane && emake -C libdane DESTDIR="${D}" install
- fi
-}
-
-multilib_src_install_all() {
- einstalldocs
- prune_libtool_files --all
-
- dodoc doc/certtool.cfg
-
- if use doc; then
- dohtml doc/gnutls.html
- else
- rm -fr "${ED}/usr/share/doc/${PF}/html"
- fi
-
- if use examples; then
- docinto examples
- dodoc doc/examples/*.c
- fi
-}
diff --git a/net-libs/gnutls/gnutls-3.3.27.ebuild b/net-libs/gnutls/gnutls-3.3.27.ebuild
deleted file mode 100644
index 434bd0c5af9..00000000000
--- a/net-libs/gnutls/gnutls-3.3.27.ebuild
+++ /dev/null
@@ -1,181 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit autotools epunt-cxx libtool ltprune multilib-minimal versionator
-
-DESCRIPTION="A TLS 1.2 and SSL 3.0 implementation for the GNU project"
-HOMEPAGE="http://www.gnutls.org/"
-SRC_URI="mirror://gnupg/gnutls/v$(get_version_component_range 1-2)/${P}.tar.xz"
-
-# LGPL-3 for libgnutls library and GPL-3 for libgnutls-extra library.
-# soon to be relicensed as LGPL-2.1 unless heartbeat extension enabled.
-LICENSE="GPL-3 LGPL-3"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x86-solaris"
-IUSE_LINGUAS=" en cs de fi fr it ms nl pl sv uk vi zh_CN"
-IUSE="+cxx +crywrap dane doc examples guile nls +openssl pkcs11 static-libs test zlib ${IUSE_LINGUAS// / linguas_}"
-# heartbeat support is not disabled until re-licensing happens fullyf
-
-# NOTICE: sys-devel/autogen is required at runtime as we
-# use system libopts
-RDEPEND=">=dev-libs/libtasn1-4.3:=[${MULTILIB_USEDEP}]
- >=dev-libs/nettle-2.7:=[gmp,${MULTILIB_USEDEP}]
- >=dev-libs/gmp-5.1.3-r1:=[${MULTILIB_USEDEP}]
- sys-devel/autogen
- crywrap? ( net-dns/libidn )
- dane? ( >=net-dns/unbound-1.4.20[${MULTILIB_USEDEP}] )
- guile? ( >=dev-scheme/guile-1.8:=[networking] )
- nls? ( >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] )
- pkcs11? ( >=app-crypt/p11-kit-0.20.7[${MULTILIB_USEDEP}] )
- zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
- abi_x86_32? (
- !<=app-emulation/emul-linux-x86-baselibs-20140508
- !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
- )"
-DEPEND="${RDEPEND}
- >=sys-devel/automake-1.11.6
- >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
- doc? (
- sys-apps/texinfo
- dev-util/gtk-doc
- )
- nls? ( sys-devel/gettext )
- test? ( app-misc/datefudge )"
-
-DOCS=( AUTHORS ChangeLog NEWS README THANKS doc/TODO )
-
-PATCHES=(
- "${FILESDIR}/${PN}-3.3.19-build-allow-installing-man-1-even-with-disable-doc.patch"
-)
-
-pkg_setup() {
- # bug#520818
- export TZ=UTC
-}
-
-src_prepare() {
- default
-
- sed -i \
- -e 's/imagesdir = $(infodir)/imagesdir = $(htmldir)/' \
- doc/Makefile.am || die
-
- # force regeneration of autogen-ed files
- local file
- for file in $(grep -l AutoGen-ed src/*.c) ; do
- rm src/$(basename ${file} .c).{c,h} || die
- done
-
- # force regeneration of makeinfo files
- # have no idea why on some system these files are not
- # accepted as-is, see bug#520818
- for file in $(grep -l "produced by makeinfo" doc/*.info) ; do
- rm "${file}" || die
- done
-
- eautoreconf
-
- # Use sane .so versioning on FreeBSD.
- elibtoolize
-
- # bug 497472
- use cxx || epunt_cxx
-}
-
-multilib_src_configure() {
- LINGUAS="${LINGUAS//en/en@boldquot en@quot}"
-
- # remove magic of library detection
- # bug#438222
- libconf=($("${S}/configure" --help | grep -- '--without-.*-prefix' | sed -e 's/^ *\([^ ]*\) .*/\1/g'))
-
- # TPM needs to be tested before being enabled
- # hardware-accell is disabled on OSX because the asm files force
- # GNU-stack (as doesn't support that) and when that's removed ld
- # complains about duplicate symbols
- ECONF_SOURCE=${S} \
- econf \
- --disable-valgrind-tests \
- --without-included-libtasn1 \
- --enable-heartbeat-support \
- $(use_enable cxx) \
- $(use_enable dane libdane) \
- $(multilib_native_enable manpages) \
- $(multilib_native_use_enable doc) \
- $(multilib_native_use_enable doc gtk-doc) \
- $(multilib_native_use_enable guile) \
- $(multilib_native_use_enable crywrap) \
- $(use_enable nls) \
- $(use_enable openssl openssl-compatibility) \
- $(use_enable static-libs static) \
- $(use_with pkcs11 p11-kit) \
- $(use_with zlib) \
- --without-tpm \
- --with-unbound-root-key-file=/etc/dnssec/root-anchors.txt \
- "${libconf[@]}" \
- $([[ ${CHOST} == *-darwin* ]] && echo --disable-hardware-acceleration)
-
- if multilib_is_native_abi; then
- ln -s "${S}"/doc/reference/html doc/reference/html || die
- fi
-}
-
-multilib_src_compile() {
- if multilib_is_native_abi; then
- default
-
- # symlink certtool for use in other ABIs
- if use test; then
- ln -s "${BUILD_DIR}"/src "${T}"/native-tools || die
- fi
- else
- emake -C gl
- emake -C lib
- emake -C extra
- use dane && emake -C libdane
- fi
-}
-
-multilib_src_test() {
- if multilib_is_native_abi; then
- # parallel testing often fails
- emake -j1 check
- else
- # use native ABI tools
- ln -s "${T}"/native-tools/{certtool,gnutls-{serv,cli}} \
- "${BUILD_DIR}"/src/ || die
-
- emake -C gl -j1 check
- emake -C tests -j1 check
- fi
-}
-
-multilib_src_install() {
- if multilib_is_native_abi; then
- emake DESTDIR="${D}" install
- else
- emake -C lib DESTDIR="${D}" install
- emake -C extra DESTDIR="${D}" install
- use dane && emake -C libdane DESTDIR="${D}" install
- fi
-}
-
-multilib_src_install_all() {
- einstalldocs
- prune_libtool_files --all
-
- dodoc doc/certtool.cfg
-
- if use doc; then
- dohtml doc/gnutls.html
- else
- rm -fr "${ED}/usr/share/doc/${PF}/html"
- fi
-
- if use examples; then
- docinto examples
- dodoc doc/examples/*.c
- fi
-}
diff --git a/net-libs/gnutls/gnutls-3.3.28.ebuild b/net-libs/gnutls/gnutls-3.3.28.ebuild
deleted file mode 100644
index 434bd0c5af9..00000000000
--- a/net-libs/gnutls/gnutls-3.3.28.ebuild
+++ /dev/null
@@ -1,181 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit autotools epunt-cxx libtool ltprune multilib-minimal versionator
-
-DESCRIPTION="A TLS 1.2 and SSL 3.0 implementation for the GNU project"
-HOMEPAGE="http://www.gnutls.org/"
-SRC_URI="mirror://gnupg/gnutls/v$(get_version_component_range 1-2)/${P}.tar.xz"
-
-# LGPL-3 for libgnutls library and GPL-3 for libgnutls-extra library.
-# soon to be relicensed as LGPL-2.1 unless heartbeat extension enabled.
-LICENSE="GPL-3 LGPL-3"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x86-solaris"
-IUSE_LINGUAS=" en cs de fi fr it ms nl pl sv uk vi zh_CN"
-IUSE="+cxx +crywrap dane doc examples guile nls +openssl pkcs11 static-libs test zlib ${IUSE_LINGUAS// / linguas_}"
-# heartbeat support is not disabled until re-licensing happens fullyf
-
-# NOTICE: sys-devel/autogen is required at runtime as we
-# use system libopts
-RDEPEND=">=dev-libs/libtasn1-4.3:=[${MULTILIB_USEDEP}]
- >=dev-libs/nettle-2.7:=[gmp,${MULTILIB_USEDEP}]
- >=dev-libs/gmp-5.1.3-r1:=[${MULTILIB_USEDEP}]
- sys-devel/autogen
- crywrap? ( net-dns/libidn )
- dane? ( >=net-dns/unbound-1.4.20[${MULTILIB_USEDEP}] )
- guile? ( >=dev-scheme/guile-1.8:=[networking] )
- nls? ( >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] )
- pkcs11? ( >=app-crypt/p11-kit-0.20.7[${MULTILIB_USEDEP}] )
- zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
- abi_x86_32? (
- !<=app-emulation/emul-linux-x86-baselibs-20140508
- !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
- )"
-DEPEND="${RDEPEND}
- >=sys-devel/automake-1.11.6
- >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
- doc? (
- sys-apps/texinfo
- dev-util/gtk-doc
- )
- nls? ( sys-devel/gettext )
- test? ( app-misc/datefudge )"
-
-DOCS=( AUTHORS ChangeLog NEWS README THANKS doc/TODO )
-
-PATCHES=(
- "${FILESDIR}/${PN}-3.3.19-build-allow-installing-man-1-even-with-disable-doc.patch"
-)
-
-pkg_setup() {
- # bug#520818
- export TZ=UTC
-}
-
-src_prepare() {
- default
-
- sed -i \
- -e 's/imagesdir = $(infodir)/imagesdir = $(htmldir)/' \
- doc/Makefile.am || die
-
- # force regeneration of autogen-ed files
- local file
- for file in $(grep -l AutoGen-ed src/*.c) ; do
- rm src/$(basename ${file} .c).{c,h} || die
- done
-
- # force regeneration of makeinfo files
- # have no idea why on some system these files are not
- # accepted as-is, see bug#520818
- for file in $(grep -l "produced by makeinfo" doc/*.info) ; do
- rm "${file}" || die
- done
-
- eautoreconf
-
- # Use sane .so versioning on FreeBSD.
- elibtoolize
-
- # bug 497472
- use cxx || epunt_cxx
-}
-
-multilib_src_configure() {
- LINGUAS="${LINGUAS//en/en@boldquot en@quot}"
-
- # remove magic of library detection
- # bug#438222
- libconf=($("${S}/configure" --help | grep -- '--without-.*-prefix' | sed -e 's/^ *\([^ ]*\) .*/\1/g'))
-
- # TPM needs to be tested before being enabled
- # hardware-accell is disabled on OSX because the asm files force
- # GNU-stack (as doesn't support that) and when that's removed ld
- # complains about duplicate symbols
- ECONF_SOURCE=${S} \
- econf \
- --disable-valgrind-tests \
- --without-included-libtasn1 \
- --enable-heartbeat-support \
- $(use_enable cxx) \
- $(use_enable dane libdane) \
- $(multilib_native_enable manpages) \
- $(multilib_native_use_enable doc) \
- $(multilib_native_use_enable doc gtk-doc) \
- $(multilib_native_use_enable guile) \
- $(multilib_native_use_enable crywrap) \
- $(use_enable nls) \
- $(use_enable openssl openssl-compatibility) \
- $(use_enable static-libs static) \
- $(use_with pkcs11 p11-kit) \
- $(use_with zlib) \
- --without-tpm \
- --with-unbound-root-key-file=/etc/dnssec/root-anchors.txt \
- "${libconf[@]}" \
- $([[ ${CHOST} == *-darwin* ]] && echo --disable-hardware-acceleration)
-
- if multilib_is_native_abi; then
- ln -s "${S}"/doc/reference/html doc/reference/html || die
- fi
-}
-
-multilib_src_compile() {
- if multilib_is_native_abi; then
- default
-
- # symlink certtool for use in other ABIs
- if use test; then
- ln -s "${BUILD_DIR}"/src "${T}"/native-tools || die
- fi
- else
- emake -C gl
- emake -C lib
- emake -C extra
- use dane && emake -C libdane
- fi
-}
-
-multilib_src_test() {
- if multilib_is_native_abi; then
- # parallel testing often fails
- emake -j1 check
- else
- # use native ABI tools
- ln -s "${T}"/native-tools/{certtool,gnutls-{serv,cli}} \
- "${BUILD_DIR}"/src/ || die
-
- emake -C gl -j1 check
- emake -C tests -j1 check
- fi
-}
-
-multilib_src_install() {
- if multilib_is_native_abi; then
- emake DESTDIR="${D}" install
- else
- emake -C lib DESTDIR="${D}" install
- emake -C extra DESTDIR="${D}" install
- use dane && emake -C libdane DESTDIR="${D}" install
- fi
-}
-
-multilib_src_install_all() {
- einstalldocs
- prune_libtool_files --all
-
- dodoc doc/certtool.cfg
-
- if use doc; then
- dohtml doc/gnutls.html
- else
- rm -fr "${ED}/usr/share/doc/${PF}/html"
- fi
-
- if use examples; then
- docinto examples
- dodoc doc/examples/*.c
- fi
-}
diff --git a/net-libs/gnutls/metadata.xml b/net-libs/gnutls/metadata.xml
index 536d49f0da3..9f796b4b07f 100644
--- a/net-libs/gnutls/metadata.xml
+++ b/net-libs/gnutls/metadata.xml
@@ -6,10 +6,7 @@
<name>Crypto</name>
</maintainer>
<use>
- <flag name="crywrap" restrict=">=net-libs/gnutls-3.2.10">
- Build the crywrap TLS proxy service
- </flag>
- <flag name="dane" restrict=">=net-libs/gnutls-3.1.3">
+ <flag name="dane">
Build libgnutls-dane, implementing DNS-based Authentication of
Named Entities. Requires <pkg>net-dns/unbound</pkg>
</flag>
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-libs/gnutls/, net-libs/gnutls/files/
@ 2019-01-06 19:27 Alon Bar-Lev
0 siblings, 0 replies; 13+ messages in thread
From: Alon Bar-Lev @ 2019-01-06 19:27 UTC (permalink / raw
To: gentoo-commits
commit: bd171538ea6c76c689150c983ad4069b4b5a2549
Author: Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
AuthorDate: Sun Jan 6 19:24:53 2019 +0000
Commit: Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
CommitDate: Sun Jan 6 19:26:26 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bd171538
net-libs/gnutls: build with libidn2-2.1.0
Closes: https://bugs.gentoo.org/show_bug.cgi?id=674690
Signed-off-by: Alon Bar-Lev <alonbl <AT> gentoo.org>
Package-Manager: Portage-2.3.51, Repoman-2.3.11
net-libs/gnutls/files/gnutls-3.5.19-idn2.patch | 47 ++++++++++++++++++++++++++
net-libs/gnutls/gnutls-3.5.19-r1.ebuild | 6 +++-
net-libs/gnutls/gnutls-3.5.19.ebuild | 6 +++-
3 files changed, 57 insertions(+), 2 deletions(-)
diff --git a/net-libs/gnutls/files/gnutls-3.5.19-idn2.patch b/net-libs/gnutls/files/gnutls-3.5.19-idn2.patch
new file mode 100644
index 00000000000..1f16302c81b
--- /dev/null
+++ b/net-libs/gnutls/files/gnutls-3.5.19-idn2.patch
@@ -0,0 +1,47 @@
+From b0dfccd2149086cf5d2db44c329664a56b126216 Mon Sep 17 00:00:00 2001
+From: Alon Bar-Lev <alon.barlev@gmail.com>
+Date: Sun, 6 Jan 2019 20:02:50 +0200
+Subject: [PATCH] idn2: do not use deprecated idn2_to_unicode_8z8z in
+ idn2-2.1.0
+
+Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
+---
+ lib/str-idna.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+https://gitlab.com/gnutls/gnutls/merge_requests/864
+
+diff --git a/lib/str-idna.c b/lib/str-idna.c
+index 3bf2db877..95ca9b769 100644
+--- a/lib/str-idna.c
++++ b/lib/str-idna.c
+@@ -145,7 +145,7 @@ int gnutls_idna_map(const char *input, unsigned ilen, gnutls_datum_t *out, unsig
+ return ret;
+ }
+
+-#ifdef HAVE_LIBIDN2
++#if defined(HAVE_LIBIDN2) && IDN2_VERSION_NUMBER < 0x02000000
+ int _idn2_punycode_decode(
+ size_t input_length,
+ const char input[],
+@@ -153,7 +153,7 @@ int _idn2_punycode_decode(
+ uint32_t output[],
+ unsigned char case_flags[]);
+
+-static int _idn2_to_unicode_8z8z(const char *src, char **dst)
++static int idn2_to_unicode_8z8z(const char *src, char **dst, int flags)
+ {
+ int rc, run;
+ size_t out_len = 0;
+@@ -253,7 +253,7 @@ int gnutls_idna_reverse_map(const char *input, unsigned ilen, gnutls_datum_t *ou
+
+ #ifdef HAVE_LIBIDN2
+ /* currently libidn2 just converts single labels, thus a wrapper function */
+- rc = _idn2_to_unicode_8z8z((char*)istr.data, &u8);
++ rc = idn2_to_unicode_8z8z((char*)istr.data, &u8, 0);
+ if (rc != IDN2_OK) {
+ gnutls_assert();
+ _gnutls_debug_log("unable to convert ACE name '%s' to UTF-8 format: %s\n", istr.data, idn2_strerror(rc));
+--
+2.19.2
+
diff --git a/net-libs/gnutls/gnutls-3.5.19-r1.ebuild b/net-libs/gnutls/gnutls-3.5.19-r1.ebuild
index 9fc06eac7ed..379e758cd88 100644
--- a/net-libs/gnutls/gnutls-3.5.19-r1.ebuild
+++ b/net-libs/gnutls/gnutls-3.5.19-r1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2018 Gentoo Foundation
+# Copyright 1999-2019 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
@@ -54,6 +54,10 @@ DOCS=(
HTML_DOCS=()
+PATCHES=(
+ "${FILESDIR}/${P}-idn2.patch"
+)
+
pkg_setup() {
# bug#520818
export TZ=UTC
diff --git a/net-libs/gnutls/gnutls-3.5.19.ebuild b/net-libs/gnutls/gnutls-3.5.19.ebuild
index 39244f5c2a3..77cc3480387 100644
--- a/net-libs/gnutls/gnutls-3.5.19.ebuild
+++ b/net-libs/gnutls/gnutls-3.5.19.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2018 Gentoo Foundation
+# Copyright 1999-2019 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=6
@@ -54,6 +54,10 @@ DOCS=(
HTML_DOCS=()
+PATCHES=(
+ "${FILESDIR}/${P}-idn2.patch"
+)
+
pkg_setup() {
# bug#520818
export TZ=UTC
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-libs/gnutls/, net-libs/gnutls/files/
@ 2020-06-09 14:58 Thomas Deutschmann
0 siblings, 0 replies; 13+ messages in thread
From: Thomas Deutschmann @ 2020-06-09 14:58 UTC (permalink / raw
To: gentoo-commits
commit: 4254290cbaff26d7530a273eb9d307317f7f5f45
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Jun 9 14:58:22 2020 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Jun 9 14:58:22 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4254290c
net-libs/gnutls: security cleanup
Bug: https://bugs.gentoo.org/727108
Package-Manager: Portage-2.3.100, Repoman-2.3.22
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
net-libs/gnutls/Manifest | 1 -
...s-3.6.13-handle-expired-root-certificates.patch | 391 ---------------------
net-libs/gnutls/gnutls-3.6.13-r1.ebuild | 134 -------
3 files changed, 526 deletions(-)
diff --git a/net-libs/gnutls/Manifest b/net-libs/gnutls/Manifest
index b64da79d7df..a6db64d03c0 100644
--- a/net-libs/gnutls/Manifest
+++ b/net-libs/gnutls/Manifest
@@ -1,2 +1 @@
-DIST gnutls-3.6.13.tar.xz 5958956 BLAKE2B de67f96198b6456f397bf203f13bf1f906b69c7ce632dd96b72539fea12f2bd8ee8b2c608d1ed8b06d3b189023fa81e9a2cfcdd6c9bbd174e5bd2b0673f6ca47 SHA512 23581952cb72c9a34f378c002bb62413d5a1243b74b48ad8dc49eaea4020d33c550f8dc1dd374cf7fbfa4187b0ca1c5698c8a0430398268a8b8a863f8633305c
DIST gnutls-3.6.14.tar.xz 6069088 BLAKE2B a1cd88a7c977f3a94a49e4187878560a8d9589a6fd32d8ad41b84c33534597fb85a88cf6b260a4a5e8b1a100790a7ba701acac2368f1ad42dcaba7e5c90b6758 SHA512 b2d427b5542a4679117c011dffa8efb0e0bffa3ce9cebc319f8998d03f80f4168d08f9fda35df18dbeaaada59e479d325a6c1c77d5ca7f8ce221b44e42bfe604
diff --git a/net-libs/gnutls/files/gnutls-3.6.13-handle-expired-root-certificates.patch b/net-libs/gnutls/files/gnutls-3.6.13-handle-expired-root-certificates.patch
deleted file mode 100644
index 91986cf449c..00000000000
--- a/net-libs/gnutls/files/gnutls-3.6.13-handle-expired-root-certificates.patch
+++ /dev/null
@@ -1,391 +0,0 @@
-From 299bd4f113d0bd39fa1577a671a04ed7899eff3c Mon Sep 17 00:00:00 2001
-From: Daiki Ueno <ueno@gnu.org>
-Date: Sun, 31 May 2020 12:39:14 +0200
-Subject: [PATCH 1/3] _gnutls_pkcs11_verify_crt_status: check validity against
- system cert
-
-To verify a certificate chain, this function replaces known
-certificates with the ones in the system trust store if possible.
-
-However, if it is found, the function checks the validity of the
-original certificate rather than the certificate found in the trust
-store. That reveals a problem in a scenario that (1) a certificate is
-signed by multiple issuers and (2) one of the issuers' certificate has
-expired and included in the input chain.
-
-This patch makes it a little robuster by actually retrieving the
-certificate from the trust store and perform check against it.
-
-Signed-off-by: Daiki Ueno <ueno@gnu.org>
----
- lib/pkcs11.c | 98 +++++++++++++++++++++++++++++++++--------------
- lib/pkcs11_int.h | 5 +++
- lib/x509/verify.c | 7 +++-
- 3 files changed, 80 insertions(+), 30 deletions(-)
-
-diff --git a/lib/pkcs11.c b/lib/pkcs11.c
-index fad16aaf4f..d8d4a65114 100644
---- a/lib/pkcs11.c
-+++ b/lib/pkcs11.c
-@@ -4547,34 +4547,10 @@ int gnutls_pkcs11_get_raw_issuer_by_subject_key_id (const char *url,
- return ret;
- }
-
--/**
-- * gnutls_pkcs11_crt_is_known:
-- * @url: A PKCS 11 url identifying a token
-- * @cert: is the certificate to find issuer for
-- * @issuer: Will hold the issuer if any in an allocated buffer.
-- * @fmt: The format of the exported issuer.
-- * @flags: Use zero or flags from %GNUTLS_PKCS11_OBJ_FLAG.
-- *
-- * This function will check whether the provided certificate is stored
-- * in the specified token. This is useful in combination with
-- * %GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED or
-- * %GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED,
-- * to check whether a CA is present or a certificate is blacklisted in
-- * a trust PKCS #11 module.
-- *
-- * This function can be used with a @url of "pkcs11:", and in that case all modules
-- * will be searched. To restrict the modules to the marked as trusted in p11-kit
-- * use the %GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE flag.
-- *
-- * Note that the flag %GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED is
-- * specific to p11-kit trust modules.
-- *
-- * Returns: If the certificate exists non-zero is returned, otherwise zero.
-- *
-- * Since: 3.3.0
-- **/
--unsigned gnutls_pkcs11_crt_is_known(const char *url, gnutls_x509_crt_t cert,
-- unsigned int flags)
-+unsigned
-+_gnutls_pkcs11_crt_is_known(const char *url, gnutls_x509_crt_t cert,
-+ unsigned int flags,
-+ gnutls_x509_crt_t *trusted_cert)
- {
- int ret;
- struct find_cert_st priv;
-@@ -4586,6 +4562,15 @@ unsigned gnutls_pkcs11_crt_is_known(const char *url, gnutls_x509_crt_t cert,
-
- memset(&priv, 0, sizeof(priv));
-
-+ if (trusted_cert) {
-+ ret = gnutls_pkcs11_obj_init(&priv.obj);
-+ if (ret < 0) {
-+ gnutls_assert();
-+ goto cleanup;
-+ }
-+ priv.need_import = 1;
-+ }
-+
- if (url == NULL || url[0] == 0) {
- url = "pkcs11:";
- }
-@@ -4632,8 +4617,18 @@ unsigned gnutls_pkcs11_crt_is_known(const char *url, gnutls_x509_crt_t cert,
- _gnutls_debug_log("crt_is_known: did not find cert, using issuer DN + serial, using DN only\n");
- /* attempt searching with the subject DN only */
- gnutls_assert();
-+ if (priv.obj)
-+ gnutls_pkcs11_obj_deinit(priv.obj);
- gnutls_free(priv.serial.data);
- memset(&priv, 0, sizeof(priv));
-+ if (trusted_cert) {
-+ ret = gnutls_pkcs11_obj_init(&priv.obj);
-+ if (ret < 0) {
-+ gnutls_assert();
-+ goto cleanup;
-+ }
-+ priv.need_import = 1;
-+ }
- priv.crt = cert;
- priv.flags = flags;
-
-@@ -4650,9 +4645,26 @@ unsigned gnutls_pkcs11_crt_is_known(const char *url, gnutls_x509_crt_t cert,
- goto cleanup;
- }
-
-+ if (trusted_cert) {
-+ ret = gnutls_x509_crt_init(trusted_cert);
-+ if (ret < 0) {
-+ gnutls_assert();
-+ ret = 0;
-+ goto cleanup;
-+ }
-+ ret = gnutls_x509_crt_import_pkcs11(*trusted_cert, priv.obj);
-+ if (ret < 0) {
-+ gnutls_assert();
-+ gnutls_x509_crt_deinit(*trusted_cert);
-+ ret = 0;
-+ goto cleanup;
-+ }
-+ }
- ret = 1;
-
- cleanup:
-+ if (priv.obj)
-+ gnutls_pkcs11_obj_deinit(priv.obj);
- if (info)
- p11_kit_uri_free(info);
- gnutls_free(priv.serial.data);
-@@ -4660,6 +4672,36 @@ unsigned gnutls_pkcs11_crt_is_known(const char *url, gnutls_x509_crt_t cert,
- return ret;
- }
-
-+/**
-+ * gnutls_pkcs11_crt_is_known:
-+ * @url: A PKCS 11 url identifying a token
-+ * @cert: is the certificate to find issuer for
-+ * @flags: Use zero or flags from %GNUTLS_PKCS11_OBJ_FLAG.
-+ *
-+ * This function will check whether the provided certificate is stored
-+ * in the specified token. This is useful in combination with
-+ * %GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED or
-+ * %GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED,
-+ * to check whether a CA is present or a certificate is blacklisted in
-+ * a trust PKCS #11 module.
-+ *
-+ * This function can be used with a @url of "pkcs11:", and in that case all modules
-+ * will be searched. To restrict the modules to the marked as trusted in p11-kit
-+ * use the %GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE flag.
-+ *
-+ * Note that the flag %GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED is
-+ * specific to p11-kit trust modules.
-+ *
-+ * Returns: If the certificate exists non-zero is returned, otherwise zero.
-+ *
-+ * Since: 3.3.0
-+ **/
-+unsigned gnutls_pkcs11_crt_is_known(const char *url, gnutls_x509_crt_t cert,
-+ unsigned int flags)
-+{
-+ return _gnutls_pkcs11_crt_is_known(url, cert, flags, NULL);
-+}
-+
- /**
- * gnutls_pkcs11_obj_get_flags:
- * @obj: The pkcs11 object
-diff --git a/lib/pkcs11_int.h b/lib/pkcs11_int.h
-index 9d88807098..86cce0dee5 100644
---- a/lib/pkcs11_int.h
-+++ b/lib/pkcs11_int.h
-@@ -460,6 +460,11 @@ inline static bool is_pkcs11_url_object(const char *url)
- return 0;
- }
-
-+unsigned
-+_gnutls_pkcs11_crt_is_known(const char *url, gnutls_x509_crt_t cert,
-+ unsigned int flags,
-+ gnutls_x509_crt_t *trusted_cert);
-+
- #endif /* ENABLE_PKCS11 */
-
- #endif /* GNUTLS_LIB_PKCS11_INT_H */
-diff --git a/lib/x509/verify.c b/lib/x509/verify.c
-index d202670198..fd7c6a1642 100644
---- a/lib/x509/verify.c
-+++ b/lib/x509/verify.c
-@@ -34,6 +34,7 @@
- #include <tls-sig.h>
- #include <str.h>
- #include <datum.h>
-+#include <pkcs11_int.h>
- #include <x509_int.h>
- #include <common.h>
- #include <pk.h>
-@@ -1188,6 +1189,7 @@ _gnutls_pkcs11_verify_crt_status(const char* url,
-
- for (; i < clist_size; i++) {
- unsigned vflags;
-+ gnutls_x509_crt_t trusted_cert;
-
- if (i == 0) /* in the end certificate do full comparison */
- vflags = GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE|
-@@ -1196,9 +1198,10 @@ _gnutls_pkcs11_verify_crt_status(const char* url,
- vflags = GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE|
- GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY|GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED;
-
-- if (gnutls_pkcs11_crt_is_known (url, certificate_list[i], vflags) != 0) {
-+ if (_gnutls_pkcs11_crt_is_known (url, certificate_list[i], vflags, &trusted_cert) != 0) {
-
-- status |= check_ca_sanity(certificate_list[i], now, flags);
-+ status |= check_ca_sanity(trusted_cert, now, flags);
-+ gnutls_x509_crt_deinit(trusted_cert);
-
- if (func)
- func(certificate_list[i],
---
-2.26.2
-
-
-From cdf075e7f54cb77f046ef3e7c2147f159941faca Mon Sep 17 00:00:00 2001
-From: Daiki Ueno <ueno@gnu.org>
-Date: Sun, 31 May 2020 13:59:53 +0200
-Subject: [PATCH 2/3] x509: trigger fallback verification path when cert is
- expired
-
-gnutls_x509_trust_list_verify_crt2 use the macro SIGNER_OLD_OR_UNKNOWN
-to trigger the fallback verification path if the signer of the last
-certificate is not in the trust store. Previously, it doesn't take
-into account of the condition where the certificate is expired.
-
-Signed-off-by: Daiki Ueno <ueno@gnu.org>
----
- lib/x509/verify-high.c | 12 +++++++-----
- 1 file changed, 7 insertions(+), 5 deletions(-)
-
-diff --git a/lib/x509/verify-high.c b/lib/x509/verify-high.c
-index b1421ef17a..40638ad3aa 100644
---- a/lib/x509/verify-high.c
-+++ b/lib/x509/verify-high.c
-@@ -1192,11 +1192,13 @@ gnutls_x509_trust_list_verify_crt(gnutls_x509_trust_list_t list,
-
- #define LAST_DN cert_list[cert_list_size-1]->raw_dn
- #define LAST_IDN cert_list[cert_list_size-1]->raw_issuer_dn
--/* This macro is introduced to detect a verification output
-- * which indicates an unknown signer, or a signer which uses
-- * an insecure algorithm (e.g., sha1), something that indicates
-- * a superseded signer */
--#define SIGNER_OLD_OR_UNKNOWN(output) ((output & GNUTLS_CERT_SIGNER_NOT_FOUND) || (output & GNUTLS_CERT_INSECURE_ALGORITHM))
-+/* This macro is introduced to detect a verification output which
-+ * indicates an unknown signer, a signer which uses an insecure
-+ * algorithm (e.g., sha1), a signer has expired, or something that
-+ * indicates a superseded signer */
-+#define SIGNER_OLD_OR_UNKNOWN(output) ((output & GNUTLS_CERT_SIGNER_NOT_FOUND) || \
-+ (output & GNUTLS_CERT_EXPIRED) || \
-+ (output & GNUTLS_CERT_INSECURE_ALGORITHM))
- #define SIGNER_WAS_KNOWN(output) (!(output & GNUTLS_CERT_SIGNER_NOT_FOUND))
-
- /**
---
-2.26.2
-
-
-From 9067bcbee8ff18badff1e829d22e63590dbd7a5c Mon Sep 17 00:00:00 2001
-From: Daiki Ueno <ueno@gnu.org>
-Date: Sun, 31 May 2020 14:28:48 +0200
-Subject: [PATCH 3/3] tests: add test case for certificate chain superseding
-
-Signed-off-by: Daiki Ueno <ueno@gnu.org>
----
- tests/test-chains.h | 97 +++++++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 97 insertions(+)
-
-diff --git a/tests/test-chains.h b/tests/test-chains.h
-index dd19e6a815..9b06b85f5f 100644
---- a/tests/test-chains.h
-+++ b/tests/test-chains.h
-@@ -4010,6 +4010,102 @@ static const char *ed448[] = {
- NULL
- };
-
-+/* This contains an expired intermediate CA, which should be superseded. */
-+static const char *superseding[] = {
-+ "-----BEGIN CERTIFICATE-----"
-+ "MIIDrzCCAmegAwIBAgIUcozIBhMJvM/rd1PVI7LOq7Kscs8wDQYJKoZIhvcNAQEL"
-+ "BQAwJjEkMCIGA1UEAxMbR251VExTIHRlc3QgaW50ZXJtZWRpYXRlIENBMCAXDTIw"
-+ "MDUzMTEyMTczN1oYDzk5OTkxMjMxMjM1OTU5WjA3MRgwFgYDVQQDEw90ZXN0Lmdu"
-+ "dXRscy5vcmcxGzAZBgNVBAoTEkdudVRMUyB0ZXN0IHNlcnZlcjCCASAwCwYJKoZI"
-+ "hvcNAQEKA4IBDwAwggEKAoIBAQCd2PBnWn+b0FsIMbG+f/K+og2iK/BoLCsJD3j9"
-+ "yRNSHD6wTifYwNTbe1LF/8BzxcwVRCD0zpbpFQawbjxbmBSzrXqQlUFFG11DvNBa"
-+ "w58rgHGo3TYCrtFIBfLbziyB1w/vWeX0xHvv8MMJ1iRSdY+7Y36a2cV+s85PdO4B"
-+ "TpZlLfy8LPP6p6+dgVoC+9tTu2H1wARYOVog+jt9A3Hx0L1xxVWTedFoiK2sVouz"
-+ "fLRjfp5cOwuRHSD2qbpGOAeNVVaOE88Bv3pIGPguMw0qAdEDo20hRYH23LIyvBwB"
-+ "oCnyFNnAViMtLa2QlXSliV9a9BKOXYjWzAeso2SF4pdHcvd5AgMBAAGjgZMwgZAw"
-+ "DAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg90ZXN0LmdudXRscy5vcmcwEwYDVR0l"
-+ "BAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUDAweAADAdBgNVHQ4EFgQUan6mlccq"
-+ "Uy1Z64wvRv3xxg4h2ykwHwYDVR0jBBgwFoAUSCM0UwqJMThKWurKttKm3s4dKxgw"
-+ "DQYJKoZIhvcNAQELBQADggExAKAOMyMLpk0u2UTwwFWtr1hfx7evo2J7dgco410I"
-+ "DN/QWoe2Xlcxcp1h5R9rX1I3KU2WGFtdXqiMsllCLnrDEKZmlks0uz76bCpKmM99"
-+ "/1MDlY7mGCr/2PPx53USK5J5JTiqgp6r7qAcDAnpYvrPH45kk7iqwh02DhAxRnGR"
-+ "CW7KWK8h7uu0Az9iBT2YfV372g4fRDK3fqYzJofQwbhSiUuJ7wyZCRhGOoxMMmDb"
-+ "KBbc1wAYXW+tlv2cSbfzRvSxMR+CzkyH2tGDxeN//aZUfGmQ8IzWUQ7UtK5z+Q0E"
-+ "fL6fZtm2SdGabGpV1UYoGpwOtOngK+m0i9SqrMD7g5+SMhc1VuvVuTtxjr5Cha8l"
-+ "X0HEZtxgFrkdfMD4yLAqiguaCBngtbRmELF5VpebmJbiLVU="
-+ "-----END CERTIFICATE-----",
-+ "-----BEGIN CERTIFICATE-----"
-+ "MIIDkTCCAkmgAwIBAgIUY9cJ4NLNFEaojJHdP1I4Q7OHNJwwDQYJKoZIhvcNAQEL"
-+ "BQAwGTEXMBUGA1UEAxMOR251VExTIHRlc3QgQ0EwHhcNMTgxMjMxMjMwMDAwWhcN"
-+ "MjAwNTMwMjIwMDAwWjAmMSQwIgYDVQQDExtHbnVUTFMgdGVzdCBpbnRlcm1lZGlh"
-+ "dGUgQ0EwggFSMA0GCSqGSIb3DQEBAQUAA4IBPwAwggE6AoIBMQC0ayeYJa/B/x7K"
-+ "sH702LztQ4ZnVF3atB7CkF+DPAIR/BNyhbKIpGVBC3ZfI76Kn/55S3M7LsdLPL8W"
-+ "yZdVNRfzoXJLMMLgJ5QS81YA5s6CSxFdpB6b+vq5GypNGLW6peYMx6iooW2qiITc"
-+ "lg6ybBw1qufHlD351cfCog1Ls2569whfxQnNFZMa95jfKkxmiSTtH9AWY4FlpVg7"
-+ "oc0lYpuZgVQIFxjsfC8IojsoVzKdF0cKhvtisUGZ5vveqOogfvMb7rrqmiFkKZLy"
-+ "rXPlGQWdN1PiEZ8YXyK64osNAIyeL6eHPUC+SqKlkggMLmHAWHyameHWrIM5Jc8+"
-+ "G+3ro22dy8U43sHHbps0FL4wPoKQHrlKmnbk7zMMRqIxcvbDYQv4qmeJ9KXldjeh"
-+ "KZ+Aeap1AgMBAAGjZDBiMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcE"
-+ "ADAdBgNVHQ4EFgQUSCM0UwqJMThKWurKttKm3s4dKxgwHwYDVR0jBBgwFoAUHncj"
-+ "bWcxH5EHm5Yv7PzIRv6M4QMwDQYJKoZIhvcNAQELBQADggExAHP1UAQ/nvuQtRZF"
-+ "Q4b96yxVwCjMjn7knLyLNtyYGE3466xvE/ofvx5lgaR06ez/G17XP+Ok5SLJNUVc"
-+ "mplTERCv5CgnX7R5VdGJkkD1repaYxaTtwyJz0AfYEMRUj3jfaeLaiUKJvEW5RRs"
-+ "I3solY18sy/m/xGrH2X0GTNfKM9BURENABsppt07jxH719nF9m9SynV/Z2hE5hlv"
-+ "5e5vyPt4wyRPIJLUI3TKAlvb1s40zz3ua7ZTgQL/cOxfY4f9pRKW9CMB3uF69OP9"
-+ "COAxrmHVZsImmDZ6qO1qQrbY1KN/cX5kG4pKg7Ium723aOlwcWzEDXKumD960fN1"
-+ "5g+HrjNs6kW+r9Q5QS8qV5s8maZNcxTrMvQ1fF2AKBNI3Z3U7vmtrSeqxIXp3rGH"
-+ "iJwOKIk="
-+ "-----END CERTIFICATE-----",
-+ NULL
-+};
-+
-+static const char *superseding_ca[] = {
-+ "-----BEGIN CERTIFICATE-----"
-+ "MIIDkzCCAkugAwIBAgIUIs7jB4Q4sFcdCmzWVHbJLESC3T4wDQYJKoZIhvcNAQEL"
-+ "BQAwGTEXMBUGA1UEAxMOR251VExTIHRlc3QgQ0EwIBcNMjAwNTMxMTIxMzEwWhgP"
-+ "OTk5OTEyMzEyMzU5NTlaMCYxJDAiBgNVBAMTG0dudVRMUyB0ZXN0IGludGVybWVk"
-+ "aWF0ZSBDQTCCAVIwDQYJKoZIhvcNAQEBBQADggE/ADCCAToCggExALRrJ5glr8H/"
-+ "HsqwfvTYvO1DhmdUXdq0HsKQX4M8AhH8E3KFsoikZUELdl8jvoqf/nlLczsux0s8"
-+ "vxbJl1U1F/OhckswwuAnlBLzVgDmzoJLEV2kHpv6+rkbKk0Ytbql5gzHqKihbaqI"
-+ "hNyWDrJsHDWq58eUPfnVx8KiDUuzbnr3CF/FCc0Vkxr3mN8qTGaJJO0f0BZjgWWl"
-+ "WDuhzSVim5mBVAgXGOx8LwiiOyhXMp0XRwqG+2KxQZnm+96o6iB+8xvuuuqaIWQp"
-+ "kvKtc+UZBZ03U+IRnxhfIrriiw0AjJ4vp4c9QL5KoqWSCAwuYcBYfJqZ4dasgzkl"
-+ "zz4b7eujbZ3LxTjewcdumzQUvjA+gpAeuUqaduTvMwxGojFy9sNhC/iqZ4n0peV2"
-+ "N6Epn4B5qnUCAwEAAaNkMGIwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMD"
-+ "BwQAMB0GA1UdDgQWBBRIIzRTCokxOEpa6sq20qbezh0rGDAfBgNVHSMEGDAWgBQe"
-+ "dyNtZzEfkQebli/s/MhG/ozhAzANBgkqhkiG9w0BAQsFAAOCATEAcF9R9VGQxTwW"
-+ "aOjeIeQ9ZJxybaj0BaXC8xR4b9uZloS9d/RBFTjgRbQ82yqaj7f80mgUtabKRfTA"
-+ "ltV2MgTbJdOjwGzEDtKGhClBbovnEGrYTbPBT9rgfYPt0q7SMBr6AzGAPt+ltwI7"
-+ "9yntV81qvTxvW5MEEo0j2MuA3NT3oqe+w1rUKNQCWhnN2TUhJGkTlaaMozcgNFaE"
-+ "Dplop4dtvCGtupxOjC3Nf6FWq1k7iZQxX70AFBYVMpuF7qGh6qDp+T1hmTCSVzxP"
-+ "SfDQIBjhKgy4clhkuR5SRxhN74RX+/5eiQyVLxzr+eIhqzJhPqUCmVnCLcqYdNRi"
-+ "hpHic4uJm0wGOKYTI7EG8rb4ZP4Jz6k4iN9CnL/+kiiW5otSl3YyCAuao5VKdDq9"
-+ "izchzb9eow=="
-+ "-----END CERTIFICATE-----",
-+ "-----BEGIN CERTIFICATE-----"
-+ "MIIDZTCCAh2gAwIBAgIULcrECQOBgPaePBfBHXcyZiU0IiYwDQYJKoZIhvcNAQEL"
-+ "BQAwGTEXMBUGA1UEAxMOR251VExTIHRlc3QgQ0EwIBcNMjAwNTMxMTIxMTQzWhgP"
-+ "OTk5OTEyMzEyMzU5NTlaMBkxFzAVBgNVBAMTDkdudVRMUyB0ZXN0IENBMIIBUjAN"
-+ "BgkqhkiG9w0BAQEFAAOCAT8AMIIBOgKCATEAnORCsX1unl//fy2d1054XduIg/3C"
-+ "qVBaT3Hca65SEoDwh0KiPtQoOgZLdKY2cobGs/ojYtOjcs0KnlPYdmtjEh6WEhuJ"
-+ "U95v4TQdC4OLMiE56eIGq252hZAbHoTL84Q14DxQWGuzQK830iml7fbw2WcIcRQ8"
-+ "vFGs8SzfXw63+MI6Fq6iMAQIqP08WzGmRRzL5wvCiPhCVkrPmwbXoABub6AAsYwW"
-+ "PJB91M9/lx5gFH5k9/iPfi3s2Kg3F8MOcppqFYjxDSnsfiz6eMh1+bYVIAo367vG"
-+ "VYHigXMEZC2FezlwIHaZzpEoFlY3a7LFJ00yrjQ910r8UE+CEMTYzE40D0olCMo7"
-+ "FA9RCjeO3bUIoYaIdVTUGWEGHWSeoxGei9Gkm6u+ASj8f+i0jxdD2qXsewIDAQAB"
-+ "o0MwQTAPBgNVHRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMHBAAwHQYDVR0OBBYE"
-+ "FB53I21nMR+RB5uWL+z8yEb+jOEDMA0GCSqGSIb3DQEBCwUAA4IBMQAeMSzMyuTy"
-+ "FjXTjxAUv010bsr6e6fI9txq/S1tXmWWJV/8aeARthuOFZO5Jjy3C5aMbac2HDV4"
-+ "Otu0+JLaoEMSXvorAhValVuq06i5cmaPzvJBcxMWzlEAXfavSwHv5Q+kqNU3z81S"
-+ "WnjEpMHcl9OyER7o9IhF55Xom2BXY5XL83QOzQ4C3bpKrNevZC7i7zS8NoYRGP+8"
-+ "w21JseXkWQW4o2hkFqbCcRE1dlMW02iJE28RZ5aBFDIm2Y6zuLaXZIkaO7E41CAw"
-+ "IUyhowm/S1HcmQnhruAGKJvQtB6jvnhZb7pgnuSkhIvAQgw93CLE985KEua1ifY2"
-+ "p1d/6ho2TWotHHqDnDkB8pC0Wzai8R+63z18Kt0gROX2QItCyFksjNJqYPbgwZgt"
-+ "eh1COrLsOJo+"
-+ "-----END CERTIFICATE-----",
-+ NULL
-+};
-+
- #if defined __clang__ || __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 5)
- # pragma GCC diagnostic push
- # pragma GCC diagnostic ignored "-Wunused-variable"
-@@ -4178,6 +4274,7 @@ static struct
- GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID, NULL, 1576759855, 1},
- { "ed448 - ok", ed448, &ed448[0], GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_ULTRA),
- 0, NULL, 1584352960, 1},
-+ { "superseding - ok", superseding, superseding_ca, 0, 0, 0, 1590928011 },
- { NULL, NULL, NULL, 0, 0}
- };
-
---
-2.26.2
-
diff --git a/net-libs/gnutls/gnutls-3.6.13-r1.ebuild b/net-libs/gnutls/gnutls-3.6.13-r1.ebuild
deleted file mode 100644
index 0f8de4605eb..00000000000
--- a/net-libs/gnutls/gnutls-3.6.13-r1.ebuild
+++ /dev/null
@@ -1,134 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit libtool multilib-minimal
-
-DESCRIPTION="A TLS 1.2 and SSL 3.0 implementation for the GNU project"
-HOMEPAGE="http://www.gnutls.org/"
-SRC_URI="mirror://gnupg/gnutls/v$(ver_cut 1-2)/${P}.tar.xz"
-
-LICENSE="GPL-3 LGPL-2.1+"
-SLOT="0/30" # libgnutls.so number
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="+cxx dane doc examples guile +idn nls +openssl pkcs11 seccomp sslv2 sslv3 static-libs test test-full +tls-heartbeat tools valgrind"
-
-REQUIRED_USE="
- test-full? ( cxx dane doc examples guile idn nls openssl pkcs11 seccomp tls-heartbeat tools )"
-RESTRICT="!test? ( test )"
-
-# NOTICE: sys-devel/autogen is required at runtime as we
-# use system libopts
-RDEPEND=">=dev-libs/libtasn1-4.9:=[${MULTILIB_USEDEP}]
- dev-libs/libunistring:=[${MULTILIB_USEDEP}]
- >=dev-libs/nettle-3.4.1:=[gmp,${MULTILIB_USEDEP}]
- >=dev-libs/gmp-5.1.3-r1:=[${MULTILIB_USEDEP}]
- tools? ( sys-devel/autogen:= )
- dane? ( >=net-dns/unbound-1.4.20:=[${MULTILIB_USEDEP}] )
- guile? ( >=dev-scheme/guile-2:=[networking] )
- nls? ( >=virtual/libintl-0-r1:=[${MULTILIB_USEDEP}] )
- pkcs11? ( >=app-crypt/p11-kit-0.23.1:=[${MULTILIB_USEDEP}] )
- idn? ( >=net-dns/libidn2-0.16-r1:=[${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}
- test? (
- seccomp? ( sys-libs/libseccomp )
- )"
-BDEPEND=">=virtual/pkgconfig-0-r1
- doc? ( dev-util/gtk-doc )
- nls? ( sys-devel/gettext )
- tools? ( sys-devel/autogen )
- valgrind? ( dev-util/valgrind )
- test-full? (
- app-crypt/dieharder
- >=app-misc/datefudge-1.22
- dev-libs/softhsm:2[-bindist]
- net-dialup/ppp
- net-misc/socat
- )"
-
-DOCS=(
- README.md
- doc/certtool.cfg
-)
-
-HTML_DOCS=()
-
-PATCHES=( "${FILESDIR}"/${P}-handle-expired-root-certificates.patch )
-
-pkg_setup() {
- # bug#520818
- export TZ=UTC
-
- use doc && HTML_DOCS+=(
- doc/gnutls.html
- )
-}
-
-src_prepare() {
- default
-
- # force regeneration of autogen-ed files
- local file
- for file in $(grep -l AutoGen-ed src/*.c) ; do
- rm src/$(basename ${file} .c).{c,h} || die
- done
-
- # Use sane .so versioning on FreeBSD.
- elibtoolize
-}
-
-multilib_src_configure() {
- LINGUAS="${LINGUAS//en/en@boldquot en@quot}"
-
- local libconf=()
-
- # TPM needs to be tested before being enabled
- libconf+=( --without-tpm )
-
- # hardware-accell is disabled on OSX because the asm files force
- # GNU-stack (as doesn't support that) and when that's removed ld
- # complains about duplicate symbols
- [[ ${CHOST} == *-darwin* ]] && libconf+=( --disable-hardware-acceleration )
-
- # Cygwin as does not understand these asm files at all
- [[ ${CHOST} == *-cygwin* ]] && libconf+=( --disable-hardware-acceleration )
-
- local myeconfargs=(
- $(multilib_native_enable manpages)
- $(multilib_native_use_enable doc gtk-doc)
- $(multilib_native_use_enable doc)
- $(multilib_native_use_enable guile)
- $(multilib_native_use_enable seccomp seccomp-tests)
- $(multilib_native_use_enable test tests)
- $(multilib_native_use_enable test-full full-test-suite)
- $(multilib_native_use_enable tools)
- $(multilib_native_use_enable valgrind valgrind-tests)
- $(use_enable cxx)
- $(use_enable dane libdane)
- $(use_enable nls)
- $(use_enable openssl openssl-compatibility)
- $(use_enable sslv2 ssl2-support)
- $(use_enable sslv3 ssl3-support)
- $(use_enable static-libs static)
- $(use_enable tls-heartbeat heartbeat-support)
- $(use_with idn)
- $(use_with pkcs11 p11-kit)
- --disable-rpath
- --with-default-trust-store-file="${EPREFIX}/etc/ssl/certs/ca-certificates.crt"
- --with-unbound-root-key-file="${EPREFIX}/etc/dnssec/root-anchors.txt"
- --without-included-libtasn1
- $("${S}/configure" --help | grep -o -- '--without-.*-prefix')
- )
- ECONF_SOURCE="${S}" econf "${libconf[@]}" "${myeconfargs[@]}"
-}
-
-multilib_src_install_all() {
- einstalldocs
- find "${ED}" -type f -name '*.la' -delete || die
-
- if use examples; then
- docinto examples
- dodoc doc/examples/*.c
- fi
-}
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-libs/gnutls/, net-libs/gnutls/files/
@ 2020-09-04 16:14 Thomas Deutschmann
0 siblings, 0 replies; 13+ messages in thread
From: Thomas Deutschmann @ 2020-09-04 16:14 UTC (permalink / raw
To: gentoo-commits
commit: 807088725f04adee3a1e0ed9a8b41d8d647262b3
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri Sep 4 15:28:14 2020 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri Sep 4 16:13:47 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=80708872
net-libs/gnutls: bump to v3.6.15
Bug: https://bugs.gentoo.org/649396
Bug: https://bugs.gentoo.org/711104
Bug: https://bugs.gentoo.org/740390
Package-Manager: Portage-3.0.4, Repoman-3.0.1
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
net-libs/gnutls/Manifest | 1 +
.../gnutls-3.6.15-skip-dtls-seccomp-tests.patch | 26 ++++
net-libs/gnutls/gnutls-3.6.15.ebuild | 134 +++++++++++++++++++++
3 files changed, 161 insertions(+)
diff --git a/net-libs/gnutls/Manifest b/net-libs/gnutls/Manifest
index a6db64d03c0..580a7c962dd 100644
--- a/net-libs/gnutls/Manifest
+++ b/net-libs/gnutls/Manifest
@@ -1 +1,2 @@
DIST gnutls-3.6.14.tar.xz 6069088 BLAKE2B a1cd88a7c977f3a94a49e4187878560a8d9589a6fd32d8ad41b84c33534597fb85a88cf6b260a4a5e8b1a100790a7ba701acac2368f1ad42dcaba7e5c90b6758 SHA512 b2d427b5542a4679117c011dffa8efb0e0bffa3ce9cebc319f8998d03f80f4168d08f9fda35df18dbeaaada59e479d325a6c1c77d5ca7f8ce221b44e42bfe604
+DIST gnutls-3.6.15.tar.xz 6081656 BLAKE2B 6c52419037e41e817087a2577a6b73969cf065453ecf88e2f87152f544a177e4ad0ef825ae9dab243312e0223a953ab28e532bd2dbf96cb9498618415bc7f654 SHA512 f757d1532198f44bcad7b73856ce6a05bab43f6fb77fcc81c59607f146202f73023d0796d3e1e7471709cf792c8ee7d436e19407e0601bc0bda2f21512b3b01c
diff --git a/net-libs/gnutls/files/gnutls-3.6.15-skip-dtls-seccomp-tests.patch b/net-libs/gnutls/files/gnutls-3.6.15-skip-dtls-seccomp-tests.patch
new file mode 100644
index 00000000000..dad6cec8d3d
--- /dev/null
+++ b/net-libs/gnutls/files/gnutls-3.6.15-skip-dtls-seccomp-tests.patch
@@ -0,0 +1,26 @@
+https://bugs.gentoo.org/649396
+https://bugs.gentoo.org/711104
+
+--- a/tests/dtls-client-with-seccomp.c
++++ b/tests/dtls-client-with-seccomp.c
+@@ -27,7 +27,7 @@
+ #include <stdio.h>
+ #include <stdlib.h>
+
+-#if defined(_WIN32) || !defined(HAVE_LIBSECCOMP)
++#if 1
+
+ int main()
+ {
+--- a/tests/dtls-with-seccomp.c
++++ b/tests/dtls-with-seccomp.c
+@@ -27,7 +27,7 @@
+ #include <stdio.h>
+ #include <stdlib.h>
+
+-#if defined(_WIN32) || !defined(HAVE_LIBSECCOMP)
++#if 1
+
+ int main()
+ {
+
diff --git a/net-libs/gnutls/gnutls-3.6.15.ebuild b/net-libs/gnutls/gnutls-3.6.15.ebuild
new file mode 100644
index 00000000000..2aaf56d8ded
--- /dev/null
+++ b/net-libs/gnutls/gnutls-3.6.15.ebuild
@@ -0,0 +1,134 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit libtool multilib-minimal
+
+DESCRIPTION="A TLS 1.2 and SSL 3.0 implementation for the GNU project"
+HOMEPAGE="http://www.gnutls.org/"
+SRC_URI="mirror://gnupg/gnutls/v$(ver_cut 1-2)/${P}.tar.xz"
+
+LICENSE="GPL-3 LGPL-2.1+"
+SLOT="0/30" # libgnutls.so number
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="+cxx dane doc examples guile +idn nls +openssl pkcs11 seccomp sslv2 sslv3 static-libs test test-full +tls-heartbeat tools valgrind"
+
+REQUIRED_USE="
+ test-full? ( cxx dane doc examples guile idn nls openssl pkcs11 seccomp tls-heartbeat tools )"
+RESTRICT="!test? ( test )"
+
+# NOTICE: sys-devel/autogen is required at runtime as we
+# use system libopts
+RDEPEND=">=dev-libs/libtasn1-4.9:=[${MULTILIB_USEDEP}]
+ dev-libs/libunistring:=[${MULTILIB_USEDEP}]
+ >=dev-libs/nettle-3.4.1:=[gmp,${MULTILIB_USEDEP}]
+ >=dev-libs/gmp-5.1.3-r1:=[${MULTILIB_USEDEP}]
+ tools? ( sys-devel/autogen:= )
+ dane? ( >=net-dns/unbound-1.4.20:=[${MULTILIB_USEDEP}] )
+ guile? ( >=dev-scheme/guile-2:=[networking] )
+ nls? ( >=virtual/libintl-0-r1:=[${MULTILIB_USEDEP}] )
+ pkcs11? ( >=app-crypt/p11-kit-0.23.1:=[${MULTILIB_USEDEP}] )
+ idn? ( >=net-dns/libidn2-0.16-r1:=[${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}
+ test? (
+ seccomp? ( sys-libs/libseccomp )
+ )"
+BDEPEND=">=virtual/pkgconfig-0-r1
+ doc? ( dev-util/gtk-doc )
+ nls? ( sys-devel/gettext )
+ tools? ( sys-devel/autogen )
+ valgrind? ( dev-util/valgrind )
+ test-full? (
+ app-crypt/dieharder
+ >=app-misc/datefudge-1.22
+ dev-libs/softhsm:2[-bindist]
+ net-dialup/ppp
+ net-misc/socat
+ )"
+
+DOCS=(
+ README.md
+ doc/certtool.cfg
+)
+
+HTML_DOCS=()
+
+PATCHES=( "${FILESDIR}"/${PN}-3.6.15-skip-dtls-seccomp-tests.patch )
+
+pkg_setup() {
+ # bug#520818
+ export TZ=UTC
+
+ use doc && HTML_DOCS+=(
+ doc/gnutls.html
+ )
+}
+
+src_prepare() {
+ default
+
+ # force regeneration of autogen-ed files
+ local file
+ for file in $(grep -l AutoGen-ed src/*.c) ; do
+ rm src/$(basename ${file} .c).{c,h} || die
+ done
+
+ # Use sane .so versioning on FreeBSD.
+ elibtoolize
+}
+
+multilib_src_configure() {
+ LINGUAS="${LINGUAS//en/en@boldquot en@quot}"
+
+ local libconf=()
+
+ # TPM needs to be tested before being enabled
+ libconf+=( --without-tpm )
+
+ # hardware-accell is disabled on OSX because the asm files force
+ # GNU-stack (as doesn't support that) and when that's removed ld
+ # complains about duplicate symbols
+ [[ ${CHOST} == *-darwin* ]] && libconf+=( --disable-hardware-acceleration )
+
+ # Cygwin as does not understand these asm files at all
+ [[ ${CHOST} == *-cygwin* ]] && libconf+=( --disable-hardware-acceleration )
+
+ local myeconfargs=(
+ $(multilib_native_enable manpages)
+ $(multilib_native_use_enable doc gtk-doc)
+ $(multilib_native_use_enable doc)
+ $(multilib_native_use_enable guile)
+ $(multilib_native_use_enable seccomp seccomp-tests)
+ $(multilib_native_use_enable test tests)
+ $(multilib_native_use_enable test-full full-test-suite)
+ $(multilib_native_use_enable tools)
+ $(multilib_native_use_enable valgrind valgrind-tests)
+ $(use_enable cxx)
+ $(use_enable dane libdane)
+ $(use_enable nls)
+ $(use_enable openssl openssl-compatibility)
+ $(use_enable sslv2 ssl2-support)
+ $(use_enable sslv3 ssl3-support)
+ $(use_enable static-libs static)
+ $(use_enable tls-heartbeat heartbeat-support)
+ $(use_with idn)
+ $(use_with pkcs11 p11-kit)
+ --disable-rpath
+ --with-default-trust-store-file="${EPREFIX}/etc/ssl/certs/ca-certificates.crt"
+ --with-unbound-root-key-file="${EPREFIX}/etc/dnssec/root-anchors.txt"
+ --without-included-libtasn1
+ $("${S}/configure" --help | grep -o -- '--without-.*-prefix')
+ )
+ ECONF_SOURCE="${S}" econf "${libconf[@]}" "${myeconfargs[@]}"
+}
+
+multilib_src_install_all() {
+ einstalldocs
+ find "${ED}" -type f -name '*.la' -delete || die
+
+ if use examples; then
+ docinto examples
+ dodoc doc/examples/*.c
+ fi
+}
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-libs/gnutls/, net-libs/gnutls/files/
@ 2021-03-28 6:08 Thomas Deutschmann
0 siblings, 0 replies; 13+ messages in thread
From: Thomas Deutschmann @ 2021-03-28 6:08 UTC (permalink / raw
To: gentoo-commits
commit: 42cb2c95be07553ccb6c28c1634e8b64602c3fe1
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Mar 28 06:07:24 2021 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun Mar 28 06:08:22 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=42cb2c95
net-libs/gnutls: drop vulnerable version
Bug: https://bugs.gentoo.org/775338
Package-Manager: Portage-3.0.17, Repoman-3.0.2
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
net-libs/gnutls/Manifest | 1 -
...nutls-3.7.0-ignore-duplicate-certificates.patch | 403 ---------------------
net-libs/gnutls/gnutls-3.7.0-r1.ebuild | 139 -------
3 files changed, 543 deletions(-)
diff --git a/net-libs/gnutls/Manifest b/net-libs/gnutls/Manifest
index 5c0d91491fa..1ab16ed845f 100644
--- a/net-libs/gnutls/Manifest
+++ b/net-libs/gnutls/Manifest
@@ -1,3 +1,2 @@
DIST gnutls-3.6.15.tar.xz 6081656 BLAKE2B 6c52419037e41e817087a2577a6b73969cf065453ecf88e2f87152f544a177e4ad0ef825ae9dab243312e0223a953ab28e532bd2dbf96cb9498618415bc7f654 SHA512 f757d1532198f44bcad7b73856ce6a05bab43f6fb77fcc81c59607f146202f73023d0796d3e1e7471709cf792c8ee7d436e19407e0601bc0bda2f21512b3b01c
-DIST gnutls-3.7.0.tar.xz 6129176 BLAKE2B 3b03e7017ac1d715c740f8f09b0690dd1c983dcfd5faef0740cf66ac785c1a84e959f85808aa10a6eebd745d96ca0293681049911ea663aeff85fedfa2567aad SHA512 5cf1025f2d0a0cbf5a83dd7f3b22dafd1769f7c3349096c0272d08573bb5ff87f510e0e69b4bbb47dad1b64476aa5479804b2f4ceb2216cd747bbc53bf42d885
DIST gnutls-3.7.1.tar.xz 6038388 BLAKE2B 1d55eb441827c7148d63bcad37bf7bc62d539ee9bc7e14c2fe5ec1d0bdcadd75e2cbc98ba104523b24c8dfd9526b4595475a818d206971cc012fac509cd33a6f SHA512 0fe801f03676c3bd970387f94578c8be7ba6030904989e7d21dffdc726209bab44c8096fbcb6d51fed2de239537bd00df2338ee9c8d984a1c386826b91062a95
diff --git a/net-libs/gnutls/files/gnutls-3.7.0-ignore-duplicate-certificates.patch b/net-libs/gnutls/files/gnutls-3.7.0-ignore-duplicate-certificates.patch
deleted file mode 100644
index b0143818b46..00000000000
--- a/net-libs/gnutls/files/gnutls-3.7.0-ignore-duplicate-certificates.patch
+++ /dev/null
@@ -1,403 +0,0 @@
-From 09b40be6e0e0a59ba4bd764067eb353241043a70 Mon Sep 17 00:00:00 2001
-From: Daiki Ueno <ueno@gnu.org>
-Date: Mon, 28 Dec 2020 12:14:13 +0100
-Subject: [PATCH] gnutls_x509_trust_list_verify_crt2: ignore duplicate
- certificates
-
-The commit ebb19db9165fed30d73c83bab1b1b8740c132dfd caused a
-regression, where duplicate certificates in a certificate chain are no
-longer ignored but treated as a non-contiguous segment and that
-results in calling the issuer callback, or a verification failure.
-
-This adds a mechanism to record certificates already seen in the
-chain, and skip them while still allow the caller to inject missing
-certificates.
-
-Signed-off-by: Daiki Ueno <ueno@gnu.org>
-Co-authored-by: Andreas Metzler <ametzler@debian.org>
----
- lib/x509/common.c | 8 ++
- lib/x509/verify-high.c | 157 +++++++++++++++++++++++++++++++------
- tests/missingissuer.c | 2 +
- tests/test-chains-issuer.h | 101 +++++++++++++++++++++++-
- 4 files changed, 245 insertions(+), 23 deletions(-)
-
-diff --git a/lib/x509/common.c b/lib/x509/common.c
-index 3301aaad0c..10c8db53c0 100644
---- a/lib/x509/common.c
-+++ b/lib/x509/common.c
-@@ -1758,6 +1758,14 @@ unsigned int _gnutls_sort_clist(gnutls_x509_crt_t *clist,
- * increasing DEFAULT_MAX_VERIFY_DEPTH.
- */
- for (i = 0; i < clist_size; i++) {
-+ /* Self-signed certificate found in the chain; skip it
-+ * as it should only appear in the trusted set.
-+ */
-+ if (gnutls_x509_crt_check_issuer(clist[i], clist[i])) {
-+ _gnutls_cert_log("self-signed cert found", clist[i]);
-+ continue;
-+ }
-+
- for (j = 1; j < clist_size; j++) {
- if (i == j)
- continue;
-diff --git a/lib/x509/verify-high.c b/lib/x509/verify-high.c
-index 588e7ee0dc..9a16e6b42a 100644
---- a/lib/x509/verify-high.c
-+++ b/lib/x509/verify-high.c
-@@ -67,6 +67,80 @@ struct gnutls_x509_trust_list_iter {
-
- #define DEFAULT_SIZE 127
-
-+struct cert_set_node_st {
-+ gnutls_x509_crt_t *certs;
-+ unsigned int size;
-+};
-+
-+struct cert_set_st {
-+ struct cert_set_node_st *node;
-+ unsigned int size;
-+};
-+
-+static int
-+cert_set_init(struct cert_set_st *set, unsigned int size)
-+{
-+ memset(set, 0, sizeof(*set));
-+
-+ set->size = size;
-+ set->node = gnutls_calloc(size, sizeof(*set->node));
-+ if (!set->node) {
-+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-+ }
-+
-+ return 0;
-+}
-+
-+static void
-+cert_set_deinit(struct cert_set_st *set)
-+{
-+ size_t i;
-+
-+ for (i = 0; i < set->size; i++) {
-+ gnutls_free(set->node[i].certs);
-+ }
-+
-+ gnutls_free(set->node);
-+}
-+
-+static bool
-+cert_set_contains(struct cert_set_st *set, const gnutls_x509_crt_t cert)
-+{
-+ size_t hash, i;
-+
-+ hash = hash_pjw_bare(cert->raw_dn.data, cert->raw_dn.size);
-+ hash %= set->size;
-+
-+ for (i = 0; i < set->node[hash].size; i++) {
-+ if (unlikely(gnutls_x509_crt_equals(set->node[hash].certs[i], cert))) {
-+ return true;
-+ }
-+ }
-+
-+ return false;
-+}
-+
-+static int
-+cert_set_add(struct cert_set_st *set, const gnutls_x509_crt_t cert)
-+{
-+ size_t hash;
-+
-+ hash = hash_pjw_bare(cert->raw_dn.data, cert->raw_dn.size);
-+ hash %= set->size;
-+
-+ set->node[hash].certs =
-+ gnutls_realloc_fast(set->node[hash].certs,
-+ (set->node[hash].size + 1) *
-+ sizeof(*set->node[hash].certs));
-+ if (!set->node[hash].certs) {
-+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-+ }
-+ set->node[hash].certs[set->node[hash].size] = cert;
-+ set->node[hash].size++;
-+
-+ return 0;
-+}
-+
- /**
- * gnutls_x509_trust_list_init:
- * @list: A pointer to the type to be initialized
-@@ -1328,6 +1402,7 @@ gnutls_x509_trust_list_verify_crt2(gnutls_x509_trust_list_t list,
- unsigned have_set_name = 0;
- unsigned saved_output;
- gnutls_datum_t ip = {NULL, 0};
-+ struct cert_set_st cert_set = { NULL, 0 };
-
- if (cert_list == NULL || cert_list_size < 1)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-@@ -1376,36 +1451,68 @@ gnutls_x509_trust_list_verify_crt2(gnutls_x509_trust_list_t list,
- memcpy(sorted, cert_list, cert_list_size * sizeof(gnutls_x509_crt_t));
- cert_list = sorted;
-
-+ ret = cert_set_init(&cert_set, DEFAULT_MAX_VERIFY_DEPTH);
-+ if (ret < 0) {
-+ return ret;
-+ }
-+
- for (i = 0; i < cert_list_size &&
-- cert_list_size <= DEFAULT_MAX_VERIFY_DEPTH; i++) {
-- if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN)) {
-- unsigned int sorted_size;
-+ cert_list_size <= DEFAULT_MAX_VERIFY_DEPTH; ) {
-+ unsigned int sorted_size = 1;
-+ unsigned int j;
-+ gnutls_x509_crt_t issuer;
-
-+ if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN)) {
- sorted_size = _gnutls_sort_clist(&cert_list[i],
- cert_list_size - i);
-- i += sorted_size - 1;
- }
-
-- if (i == cert_list_size - 1) {
-- gnutls_x509_crt_t issuer;
--
-- /* If it is the last certificate and its issuer is
-- * known, don't need to run issuer callback. */
-- if (_gnutls_trust_list_get_issuer(list,
-- cert_list[i],
-- &issuer,
-- 0) == 0) {
-+ /* Remove duplicates. Start with index 1, as the first element
-+ * may be re-checked after issuer retrieval. */
-+ for (j = 1; j < sorted_size; j++) {
-+ if (cert_set_contains(&cert_set, cert_list[i + j])) {
-+ if (i + j < cert_list_size - 1) {
-+ memmove(&cert_list[i + j],
-+ &cert_list[i + j + 1],
-+ sizeof(cert_list[i]));
-+ }
-+ cert_list_size--;
- break;
- }
-- } else if (gnutls_x509_crt_check_issuer(cert_list[i],
-- cert_list[i + 1])) {
-- /* There is no gap between this and the next
-- * certificate. */
-+ }
-+ /* Found a duplicate, try again with the same index. */
-+ if (j < sorted_size) {
-+ continue;
-+ }
-+
-+ /* Record the certificates seen. */
-+ for (j = 0; j < sorted_size; j++, i++) {
-+ ret = cert_set_add(&cert_set, cert_list[i]);
-+ if (ret < 0) {
-+ goto cleanup;
-+ }
-+ }
-+
-+ /* If the issuer of the certificate is known, no need
-+ * for further processing. */
-+ if (_gnutls_trust_list_get_issuer(list,
-+ cert_list[i - 1],
-+ &issuer,
-+ 0) == 0) {
-+ cert_list_size = i;
-+ break;
-+ }
-+
-+ /* If there is no gap between this and the next certificate,
-+ * proceed with the next certificate. */
-+ if (i < cert_list_size &&
-+ gnutls_x509_crt_check_issuer(cert_list[i - 1],
-+ cert_list[i])) {
- continue;
- }
-
- ret = retrieve_issuers(list,
-- cert_list[i],
-+ cert_list[i - 1],
- &retrieved[retrieved_size],
- DEFAULT_MAX_VERIFY_DEPTH -
- MAX(retrieved_size,
-@@ -1413,15 +1520,20 @@ gnutls_x509_trust_list_verify_crt2(gnutls_x509_trust_list_t list,
- if (ret < 0) {
- break;
- } else if (ret > 0) {
-- memmove(&cert_list[i + 1 + ret],
-- &cert_list[i + 1],
-- (cert_list_size - i - 1) *
-+ assert((unsigned int)ret <=
-+ DEFAULT_MAX_VERIFY_DEPTH - cert_list_size);
-+ memmove(&cert_list[i + ret],
-+ &cert_list[i],
-+ (cert_list_size - i) *
- sizeof(gnutls_x509_crt_t));
-- memcpy(&cert_list[i + 1],
-+ memcpy(&cert_list[i],
- &retrieved[retrieved_size],
- ret * sizeof(gnutls_x509_crt_t));
- retrieved_size += ret;
- cert_list_size += ret;
-+
-+ /* Start again from the end of the previous segment. */
-+ i--;
- }
- }
-
-@@ -1581,6 +1693,7 @@ gnutls_x509_trust_list_verify_crt2(gnutls_x509_trust_list_t list,
- for (i = 0; i < retrieved_size; i++) {
- gnutls_x509_crt_deinit(retrieved[i]);
- }
-+ cert_set_deinit(&cert_set);
- return ret;
- }
-
-diff --git a/tests/missingissuer.c b/tests/missingissuer.c
-index f21e2b6b0c..226d095929 100644
---- a/tests/missingissuer.c
-+++ b/tests/missingissuer.c
-@@ -145,6 +145,8 @@ void doit(void)
- printf("[%d]: Chain '%s'...\n", (int)i, chains[i].name);
-
- for (j = 0; chains[i].chain[j]; j++) {
-+ assert(j < MAX_CHAIN);
-+
- if (debug > 2)
- printf("\tAdding certificate %d...", (int)j);
-
-diff --git a/tests/test-chains-issuer.h b/tests/test-chains-issuer.h
-index 543e2d71fb..bf1e65c956 100644
---- a/tests/test-chains-issuer.h
-+++ b/tests/test-chains-issuer.h
-@@ -24,7 +24,7 @@
- #ifndef GNUTLS_TESTS_TEST_CHAINS_ISSUER_H
- #define GNUTLS_TESTS_TEST_CHAINS_ISSUER_H
-
--#define MAX_CHAIN 6
-+#define MAX_CHAIN 15
-
- #define SERVER_CERT "-----BEGIN CERTIFICATE-----\n" \
- "MIIDATCCAbmgAwIBAgIUQdvdegP8JFszFHLfV4+lrEdafzAwPQYJKoZIhvcNAQEK\n" \
-@@ -338,11 +338,102 @@ static const char *missing_middle_unrelated_extra_insert[] = {
- NULL,
- };
-
-+static const char *missing_middle_single_duplicate[] = {
-+ SERVER_CERT,
-+ SERVER_CERT,
-+ CA_CERT_5,
-+ CA_CERT_5,
-+ CA_CERT_4,
-+ CA_CERT_4,
-+ CA_CERT_2,
-+ CA_CERT_2,
-+ CA_CERT_1,
-+ CA_CERT_1,
-+ NULL,
-+};
-+
-+static const char *missing_middle_multiple_duplicate[] = {
-+ SERVER_CERT,
-+ SERVER_CERT,
-+ CA_CERT_5,
-+ CA_CERT_5,
-+ CA_CERT_4,
-+ CA_CERT_4,
-+ CA_CERT_1,
-+ CA_CERT_1,
-+ NULL,
-+};
-+
-+static const char *missing_last_single_duplicate[] = {
-+ SERVER_CERT,
-+ SERVER_CERT,
-+ CA_CERT_5,
-+ CA_CERT_5,
-+ CA_CERT_4,
-+ CA_CERT_4,
-+ CA_CERT_3,
-+ CA_CERT_3,
-+ CA_CERT_2,
-+ CA_CERT_2,
-+ NULL,
-+};
-+
-+static const char *missing_last_multiple_duplicate[] = {
-+ SERVER_CERT,
-+ SERVER_CERT,
-+ CA_CERT_5,
-+ CA_CERT_5,
-+ CA_CERT_4,
-+ CA_CERT_4,
-+ CA_CERT_3,
-+ CA_CERT_3,
-+ NULL,
-+};
-+
-+static const char *missing_skip_single_duplicate[] = {
-+ SERVER_CERT,
-+ SERVER_CERT,
-+ CA_CERT_5,
-+ CA_CERT_5,
-+ CA_CERT_3,
-+ CA_CERT_3,
-+ CA_CERT_1,
-+ CA_CERT_1,
-+ NULL,
-+};
-+
-+static const char *missing_skip_multiple_duplicate[] = {
-+ SERVER_CERT,
-+ SERVER_CERT,
-+ CA_CERT_5,
-+ CA_CERT_5,
-+ CA_CERT_3,
-+ CA_CERT_3,
-+ NULL,
-+};
-+
- static const char *missing_ca[] = {
- CA_CERT_0,
- NULL,
- };
-
-+static const char *middle_single_duplicate_ca[] = {
-+ SERVER_CERT,
-+ CA_CERT_5,
-+ CA_CERT_0,
-+ CA_CERT_4,
-+ CA_CERT_0,
-+ CA_CERT_2,
-+ CA_CERT_0,
-+ CA_CERT_1,
-+ NULL,
-+};
-+
-+static const char *missing_middle_single_duplicate_ca_unrelated_insert[] = {
-+ CA_CERT_0,
-+ NULL,
-+};
-+
- static struct chains {
- const char *name;
- const char **chain;
-@@ -377,6 +468,14 @@ static struct chains {
- { "skip multiple unsorted", missing_skip_multiple_unsorted, missing_skip_multiple_insert, missing_ca, 0, 0 },
- { "unrelated", missing_middle_single, missing_middle_unrelated_insert, missing_ca, 0, GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNER_NOT_FOUND },
- { "unrelated extra", missing_middle_single, missing_middle_unrelated_extra_insert, missing_ca, 0, 0 },
-+ { "middle single duplicate", missing_middle_single_duplicate, missing_middle_single_insert, missing_ca, 0, 0 },
-+ { "middle multiple duplicate", missing_middle_multiple_duplicate, missing_middle_multiple_insert, missing_ca, 0, 0 },
-+ { "last single duplicate", missing_last_single_duplicate, missing_last_single_insert, missing_ca, 0, 0 },
-+ { "last multiple duplicate", missing_last_multiple_duplicate, missing_last_multiple_insert, missing_ca, 0, 0 },
-+ { "skip single duplicate", missing_skip_single_duplicate, missing_skip_single_insert, missing_ca, 0, 0 },
-+ { "skip multiple duplicate", missing_skip_multiple_duplicate, missing_skip_multiple_insert, missing_ca, 0, 0 },
-+ { "middle single duplicate ca", middle_single_duplicate_ca, missing_middle_single_insert, missing_ca, 0, 0 },
-+ { "middle single duplicate ca - insert unrelated", middle_single_duplicate_ca, missing_middle_single_duplicate_ca_unrelated_insert, missing_ca, 0, GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNER_NOT_FOUND },
- { NULL, NULL, NULL, NULL },
- };
-
---
-GitLab
-
diff --git a/net-libs/gnutls/gnutls-3.7.0-r1.ebuild b/net-libs/gnutls/gnutls-3.7.0-r1.ebuild
deleted file mode 100644
index 643a1c4d8ad..00000000000
--- a/net-libs/gnutls/gnutls-3.7.0-r1.ebuild
+++ /dev/null
@@ -1,139 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit libtool multilib-minimal
-
-DESCRIPTION="A secure communications library implementing the SSL, TLS and DTLS protocols"
-HOMEPAGE="https://www.gnutls.org/"
-SRC_URI="mirror://gnupg/gnutls/v$(ver_cut 1-2)/${P}.tar.xz"
-
-LICENSE="GPL-3 LGPL-2.1+"
-SLOT="0/30" # libgnutls.so number
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="+cxx dane doc examples guile +idn nls +openssl pkcs11 seccomp sslv2 sslv3 static-libs test test-full +tls-heartbeat tools valgrind"
-
-REQUIRED_USE="
- test-full? ( cxx dane doc examples guile idn nls openssl pkcs11 seccomp tls-heartbeat tools )"
-RESTRICT="!test? ( test )"
-
-# NOTICE: sys-devel/autogen is required at runtime as we
-# use system libopts
-RDEPEND=">=dev-libs/libtasn1-4.9:=[${MULTILIB_USEDEP}]
- dev-libs/libunistring:=[${MULTILIB_USEDEP}]
- >=dev-libs/nettle-3.6:=[gmp,${MULTILIB_USEDEP}]
- >=dev-libs/gmp-5.1.3-r1:=[${MULTILIB_USEDEP}]
- tools? ( sys-devel/autogen:= )
- dane? ( >=net-dns/unbound-1.4.20:=[${MULTILIB_USEDEP}] )
- guile? ( >=dev-scheme/guile-2:=[networking] )
- nls? ( >=virtual/libintl-0-r1:=[${MULTILIB_USEDEP}] )
- pkcs11? ( >=app-crypt/p11-kit-0.23.1:=[${MULTILIB_USEDEP}] )
- idn? ( >=net-dns/libidn2-0.16-r1:=[${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}
- test? (
- seccomp? ( sys-libs/libseccomp )
- )"
-BDEPEND=">=virtual/pkgconfig-0-r1
- doc? ( dev-util/gtk-doc )
- nls? ( sys-devel/gettext )
- tools? ( sys-devel/autogen )
- valgrind? ( dev-util/valgrind )
- test-full? (
- app-crypt/dieharder
- >=app-misc/datefudge-1.22
- dev-libs/softhsm:2[-bindist]
- net-dialup/ppp
- net-misc/socat
- )"
-
-DOCS=(
- README.md
- doc/certtool.cfg
-)
-
-HTML_DOCS=()
-
-PATCHES=( "${FILESDIR}"/${P}-ignore-duplicate-certificates.patch )
-
-pkg_setup() {
- # bug#520818
- export TZ=UTC
-
- use doc && HTML_DOCS+=(
- doc/gnutls.html
- )
-}
-
-src_prepare() {
- default
-
- # force regeneration of autogen-ed files
- local file
- for file in $(grep -l AutoGen-ed src/*.c) ; do
- rm src/$(basename ${file} .c).{c,h} || die
- done
-
- # don't try to use system certificate store on macOS, it is
- # confusingly ignoring our ca-certificates and more importantly
- # fails to compile in certain configurations
- sed -i -e 's/__APPLE__/__NO_APPLE__/' lib/system/certs.c || die
-
- # Use sane .so versioning on FreeBSD.
- elibtoolize
-}
-
-multilib_src_configure() {
- LINGUAS="${LINGUAS//en/en@boldquot en@quot}"
-
- local libconf=()
-
- # TPM needs to be tested before being enabled
- libconf+=( --without-tpm )
-
- # hardware-accell is disabled on OSX because the asm files force
- # GNU-stack (as doesn't support that) and when that's removed ld
- # complains about duplicate symbols
- [[ ${CHOST} == *-darwin* ]] && libconf+=( --disable-hardware-acceleration )
-
- # Cygwin as does not understand these asm files at all
- [[ ${CHOST} == *-cygwin* ]] && libconf+=( --disable-hardware-acceleration )
-
- local myeconfargs=(
- $(multilib_native_enable manpages)
- $(multilib_native_use_enable doc gtk-doc)
- $(multilib_native_use_enable doc)
- $(multilib_native_use_enable guile)
- $(multilib_native_use_enable seccomp seccomp-tests)
- $(multilib_native_use_enable test tests)
- $(multilib_native_use_enable test-full full-test-suite)
- $(multilib_native_use_enable tools)
- $(multilib_native_use_enable valgrind valgrind-tests)
- $(use_enable cxx)
- $(use_enable dane libdane)
- $(use_enable nls)
- $(use_enable openssl openssl-compatibility)
- $(use_enable sslv2 ssl2-support)
- $(use_enable sslv3 ssl3-support)
- $(use_enable static-libs static)
- $(use_enable tls-heartbeat heartbeat-support)
- $(use_with idn)
- $(use_with pkcs11 p11-kit)
- --disable-rpath
- --with-default-trust-store-file="${EPREFIX}/etc/ssl/certs/ca-certificates.crt"
- --with-unbound-root-key-file="${EPREFIX}/etc/dnssec/root-anchors.txt"
- --without-included-libtasn1
- $("${S}/configure" --help | grep -o -- '--without-.*-prefix')
- )
- ECONF_SOURCE="${S}" econf "${libconf[@]}" "${myeconfargs[@]}"
-}
-
-multilib_src_install_all() {
- einstalldocs
- find "${ED}" -type f -name '*.la' -delete || die
-
- if use examples; then
- docinto examples
- dodoc doc/examples/*.c
- fi
-}
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-libs/gnutls/, net-libs/gnutls/files/
@ 2021-05-23 11:48 David Seifert
0 siblings, 0 replies; 13+ messages in thread
From: David Seifert @ 2021-05-23 11:48 UTC (permalink / raw
To: gentoo-commits
commit: 1080e719f546c07009f81a320917ff96bf4e8f26
Author: David Seifert <soap <AT> gentoo <DOT> org>
AuthorDate: Sun May 23 11:48:05 2021 +0000
Commit: David Seifert <soap <AT> gentoo <DOT> org>
CommitDate: Sun May 23 11:48:05 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1080e719
net-libs/gnutls: drop 3.6.15
Signed-off-by: David Seifert <soap <AT> gentoo.org>
net-libs/gnutls/Manifest | 1 -
.../gnutls-3.6.15-skip-dtls-seccomp-tests.patch | 26 ----
net-libs/gnutls/gnutls-3.6.15.ebuild | 139 ---------------------
3 files changed, 166 deletions(-)
diff --git a/net-libs/gnutls/Manifest b/net-libs/gnutls/Manifest
index 1ab16ed845f..94f3fc8017f 100644
--- a/net-libs/gnutls/Manifest
+++ b/net-libs/gnutls/Manifest
@@ -1,2 +1 @@
-DIST gnutls-3.6.15.tar.xz 6081656 BLAKE2B 6c52419037e41e817087a2577a6b73969cf065453ecf88e2f87152f544a177e4ad0ef825ae9dab243312e0223a953ab28e532bd2dbf96cb9498618415bc7f654 SHA512 f757d1532198f44bcad7b73856ce6a05bab43f6fb77fcc81c59607f146202f73023d0796d3e1e7471709cf792c8ee7d436e19407e0601bc0bda2f21512b3b01c
DIST gnutls-3.7.1.tar.xz 6038388 BLAKE2B 1d55eb441827c7148d63bcad37bf7bc62d539ee9bc7e14c2fe5ec1d0bdcadd75e2cbc98ba104523b24c8dfd9526b4595475a818d206971cc012fac509cd33a6f SHA512 0fe801f03676c3bd970387f94578c8be7ba6030904989e7d21dffdc726209bab44c8096fbcb6d51fed2de239537bd00df2338ee9c8d984a1c386826b91062a95
diff --git a/net-libs/gnutls/files/gnutls-3.6.15-skip-dtls-seccomp-tests.patch b/net-libs/gnutls/files/gnutls-3.6.15-skip-dtls-seccomp-tests.patch
deleted file mode 100644
index dad6cec8d3d..00000000000
--- a/net-libs/gnutls/files/gnutls-3.6.15-skip-dtls-seccomp-tests.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-https://bugs.gentoo.org/649396
-https://bugs.gentoo.org/711104
-
---- a/tests/dtls-client-with-seccomp.c
-+++ b/tests/dtls-client-with-seccomp.c
-@@ -27,7 +27,7 @@
- #include <stdio.h>
- #include <stdlib.h>
-
--#if defined(_WIN32) || !defined(HAVE_LIBSECCOMP)
-+#if 1
-
- int main()
- {
---- a/tests/dtls-with-seccomp.c
-+++ b/tests/dtls-with-seccomp.c
-@@ -27,7 +27,7 @@
- #include <stdio.h>
- #include <stdlib.h>
-
--#if defined(_WIN32) || !defined(HAVE_LIBSECCOMP)
-+#if 1
-
- int main()
- {
-
diff --git a/net-libs/gnutls/gnutls-3.6.15.ebuild b/net-libs/gnutls/gnutls-3.6.15.ebuild
deleted file mode 100644
index b5557dc3ffc..00000000000
--- a/net-libs/gnutls/gnutls-3.6.15.ebuild
+++ /dev/null
@@ -1,139 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit libtool multilib-minimal
-
-DESCRIPTION="A secure communications library implementing the SSL, TLS and DTLS protocols"
-HOMEPAGE="https://www.gnutls.org/"
-SRC_URI="mirror://gnupg/gnutls/v$(ver_cut 1-2)/${P}.tar.xz"
-
-LICENSE="GPL-3 LGPL-2.1+"
-SLOT="0/30" # libgnutls.so number
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="+cxx dane doc examples guile +idn nls +openssl pkcs11 seccomp sslv2 sslv3 static-libs test test-full +tls-heartbeat tools valgrind"
-
-REQUIRED_USE="
- test-full? ( cxx dane doc examples guile idn nls openssl pkcs11 seccomp tls-heartbeat tools )"
-RESTRICT="!test? ( test )"
-
-# NOTICE: sys-devel/autogen is required at runtime as we
-# use system libopts
-RDEPEND=">=dev-libs/libtasn1-4.9:=[${MULTILIB_USEDEP}]
- dev-libs/libunistring:=[${MULTILIB_USEDEP}]
- >=dev-libs/nettle-3.4.1:=[gmp,${MULTILIB_USEDEP}]
- >=dev-libs/gmp-5.1.3-r1:=[${MULTILIB_USEDEP}]
- tools? ( sys-devel/autogen:= )
- dane? ( >=net-dns/unbound-1.4.20:=[${MULTILIB_USEDEP}] )
- guile? ( >=dev-scheme/guile-2:=[networking] )
- nls? ( >=virtual/libintl-0-r1:=[${MULTILIB_USEDEP}] )
- pkcs11? ( >=app-crypt/p11-kit-0.23.1:=[${MULTILIB_USEDEP}] )
- idn? ( >=net-dns/libidn2-0.16-r1:=[${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}
- test? (
- seccomp? ( sys-libs/libseccomp )
- )"
-BDEPEND=">=virtual/pkgconfig-0-r1
- doc? ( dev-util/gtk-doc )
- nls? ( sys-devel/gettext )
- tools? ( sys-devel/autogen )
- valgrind? ( dev-util/valgrind )
- test-full? (
- app-crypt/dieharder
- >=app-misc/datefudge-1.22
- dev-libs/softhsm:2[-bindist]
- net-dialup/ppp
- net-misc/socat
- )"
-
-DOCS=(
- README.md
- doc/certtool.cfg
-)
-
-HTML_DOCS=()
-
-PATCHES=( "${FILESDIR}"/${PN}-3.6.15-skip-dtls-seccomp-tests.patch )
-
-pkg_setup() {
- # bug#520818
- export TZ=UTC
-
- use doc && HTML_DOCS+=(
- doc/gnutls.html
- )
-}
-
-src_prepare() {
- default
-
- # force regeneration of autogen-ed files
- local file
- for file in $(grep -l AutoGen-ed src/*.c) ; do
- rm src/$(basename ${file} .c).{c,h} || die
- done
-
- # don't try to use system certificate store on macOS, it is
- # confusingly ignoring our ca-certificates and more importantly
- # fails to compile in certain configurations
- sed -i -e 's/__APPLE__/__NO_APPLE__/' lib/system/certs.c || die
-
- # Use sane .so versioning on FreeBSD.
- elibtoolize
-}
-
-multilib_src_configure() {
- LINGUAS="${LINGUAS//en/en@boldquot en@quot}"
-
- local libconf=()
-
- # TPM needs to be tested before being enabled
- libconf+=( --without-tpm )
-
- # hardware-accell is disabled on OSX because the asm files force
- # GNU-stack (as doesn't support that) and when that's removed ld
- # complains about duplicate symbols
- [[ ${CHOST} == *-darwin* ]] && libconf+=( --disable-hardware-acceleration )
-
- # Cygwin as does not understand these asm files at all
- [[ ${CHOST} == *-cygwin* ]] && libconf+=( --disable-hardware-acceleration )
-
- local myeconfargs=(
- $(multilib_native_enable manpages)
- $(multilib_native_use_enable doc gtk-doc)
- $(multilib_native_use_enable doc)
- $(multilib_native_use_enable guile)
- $(multilib_native_use_enable seccomp seccomp-tests)
- $(multilib_native_use_enable test tests)
- $(multilib_native_use_enable test-full full-test-suite)
- $(multilib_native_use_enable tools)
- $(multilib_native_use_enable valgrind valgrind-tests)
- $(use_enable cxx)
- $(use_enable dane libdane)
- $(use_enable nls)
- $(use_enable openssl openssl-compatibility)
- $(use_enable sslv2 ssl2-support)
- $(use_enable sslv3 ssl3-support)
- $(use_enable static-libs static)
- $(use_enable tls-heartbeat heartbeat-support)
- $(use_with idn)
- $(use_with pkcs11 p11-kit)
- --disable-rpath
- --with-default-trust-store-file="${EPREFIX}/etc/ssl/certs/ca-certificates.crt"
- --with-unbound-root-key-file="${EPREFIX}/etc/dnssec/root-anchors.txt"
- --without-included-libtasn1
- $("${S}/configure" --help | grep -o -- '--without-.*-prefix')
- )
- ECONF_SOURCE="${S}" econf "${libconf[@]}" "${myeconfargs[@]}"
-}
-
-multilib_src_install_all() {
- einstalldocs
- find "${ED}" -type f -name '*.la' -delete || die
-
- if use examples; then
- docinto examples
- dodoc doc/examples/*.c
- fi
-}
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-libs/gnutls/, net-libs/gnutls/files/
@ 2022-03-18 6:16 Sam James
0 siblings, 0 replies; 13+ messages in thread
From: Sam James @ 2022-03-18 6:16 UTC (permalink / raw
To: gentoo-commits
commit: 82957f19c28749d0004fef905c949a39aced93b2
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Mar 18 06:10:47 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Mar 18 06:16:18 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=82957f19
net-libs/gnutls: add 3.7.4
More of an exciting release than I anticipated when I started looking at it,
but for unexpected reasons!
- verify-sig support is stubbed out in the ebuild (commented out); couldn't
enable yet because website doesn't list key from new maintainer(?) but
distfile *does* have a valid signature from a known maintainer. gemato/gpg/
verify-sig currently rejects a distfile if it has *any* unrecognised signatuers,
not if *all* are.
See https://gitlab.com/gnutls/web-pages/-/issues/3.
- Noticed `--{enable,disable}-gtk-doc` was suddenly unrecognised by `./configure`.
The macro is used automagically upstream rather than being a hard dependency
so if it's not available at point of `make dist`, it'll just be dropped. It looks
like that's what happened as a new person made the release => new env.
Temporarily unconditionally BDEPENDing on gtk-doc-am (harmless, tiny dep)
for now.
See https://gitlab.com/gnutls/gnutls/-/issues/1341.
- Needed to fix brotli & zstd configure arguments to be consistent with
`./configure --help` output.
Bug: https://gitlab.com/gnutls/gnutls/-/issues/1342
- Discovered brotli & zstd were both automagic dependencies, but it turns out
that the zstd check was broken anyway (would always fail).
See: https://gitlab.com/gnutls/gnutls/-/issues/1343.
Bug: https://gitlab.com/gnutls/gnutls/-/issues/1341
Bug: https://gitlab.com/gnutls/gnutls/-/issues/1342
Bug: https://gitlab.com/gnutls/gnutls/-/issues/1343
Bug: https://gitlab.com/gnutls/web-pages/-/issues/3
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-libs/gnutls/Manifest | 1 +
.../files/gnutls-3.7.4-configure-compression.patch | 63 +++++++++
net-libs/gnutls/gnutls-3.7.4.ebuild | 157 +++++++++++++++++++++
3 files changed, 221 insertions(+)
diff --git a/net-libs/gnutls/Manifest b/net-libs/gnutls/Manifest
index b3e46a868aac..3158b68efb68 100644
--- a/net-libs/gnutls/Manifest
+++ b/net-libs/gnutls/Manifest
@@ -1,2 +1,3 @@
DIST gnutls-3.7.2.tar.xz 6091508 BLAKE2B f408ff65f2e08cf294b449dfac64a272a8ba40e987618960f57ee36c167a25974711ab8d11bdbd6335fbf18ac902a79b5c6b40bb6a37f4ee07549832d0611df2 SHA512 5d01d561a05379da71e4847e30ba13c2abe09f7a5c4359fd539d8bd19abad0ce87120f82ee7b6264e787bd3edbc5ae16beffa892983cbc3d59f11a1811c10329
DIST gnutls-3.7.3.tar.xz 6119292 BLAKE2B 811e6fbb62fbd35fa63e66cfcbfc3bf899cea5cece1d2a68bc650f507df0f7be9f59c707c90fa19b7ef5a52455a663da49682704e0884af06075c566afbfc0bf SHA512 3ace744affe23e284342658d6d2d2de49dd50065489cbc8be18fc7d38187253e5268ca54027ce5cd517056c249ac039a7481e4548cec04325de37ae85617d077
+DIST gnutls-3.7.4.tar.xz 6131772 BLAKE2B 1c44528952275f48e4e458558c4e03c5b90dfb267482d6815f6c836f9530abb486a23ae5ea70ba2db7e272eee8e2066b259374f02a9bb9e714487466fd5994c9 SHA512 38b488ca1223d9aa8fc25756df08db6f29aaf76fb5816fdeaa14bd89fb431a2e1c495fefc64094f726337d5b89e198146ec7dc22e9a1bca6841a9d881b0d99e6
diff --git a/net-libs/gnutls/files/gnutls-3.7.4-configure-compression.patch b/net-libs/gnutls/files/gnutls-3.7.4-configure-compression.patch
new file mode 100644
index 000000000000..edd688d9b58a
--- /dev/null
+++ b/net-libs/gnutls/files/gnutls-3.7.4-configure-compression.patch
@@ -0,0 +1,63 @@
+https://gitlab.com/gnutls/gnutls/-/merge_requests/1557
+
+From: Sam James <sam@gentoo.org>
+Date: Fri, 18 Mar 2022 05:40:28 +0000
+Subject: [PATCH 1/2] configure.ac: fix brotli/zstd configure argument name
+
+The old `./configure` arguments for brotli and zstd respectively
+were inconsistent with the `./configure --help` output.
+
+Old: --without-libbrotli --without-libzstd (also --with-*)
+New: --without-brotli --without-zstd (also --with-*)
+
+Fixes: https://gitlab.com/gnutls/gnutls/-/issues/1342
+Signed-off-by: Sam James <sam@gentoo.org>
+--- a/configure.ac
++++ b/configure.ac
+@@ -1010,7 +1010,7 @@ if test x$ac_zlib != xno; then
+ fi
+ AC_SUBST(LIBZ_PC)
+
+-AC_ARG_WITH(libbrotli,
++AC_ARG_WITH(brotli,
+ AS_HELP_STRING([--without-brotli], [disable brotli compression support]),
+ ac_brotli=$withval, ac_brotli=yes)
+ AC_MSG_CHECKING([whether to include brotli compression support])
+@@ -1033,7 +1033,7 @@ else
+ fi
+ AM_CONDITIONAL(HAVE_LIBBROTLI, test "$with_libbrotlienc" != "no" && test "$with_libbrotlidec" != "no")
+
+-AC_ARG_WITH(libzstd,
++AC_ARG_WITH(zstd,
+ AS_HELP_STRING([--without-zstd], [disable zstd compression support]),
+ ac_zstd=$withval, ac_zstd=yes)
+ AC_MSG_CHECKING([whether to include zstd compression support])
+GitLab
+
+From: Sam James <sam@gentoo.org>
+Date: Fri, 18 Mar 2022 05:51:29 +0000
+Subject: [PATCH 2/2] configure.ac: fix zstd detection
+
+Fixes typo in zstd detection.
+
+None of the used autoconf macros will define `has_zstd_h` so
+configure will (AFAICT) always fail to find zstd, even if it succeeded
+via pkg-config moments before.
+
+Drop it and rely solely on pkg-config as that's the only search
+we're actually doing.
+
+Fixes: https://gitlab.com/gnutls/gnutls/-/issues/1343
+Signed-off-by: Sam James <sam@gentoo.org>
+--- a/configure.ac
++++ b/configure.ac
+@@ -1040,7 +1040,7 @@ AC_MSG_CHECKING([whether to include zstd compression support])
+ if test x$ac_zstd != xno; then
+ AC_MSG_RESULT(yes)
+ PKG_CHECK_MODULES(LIBZSTD, [libzstd >= 1.3.0], [with_libzstd=yes], [with_libzstd=no])
+- if test "${with_libzstd}" = "yes" && test "${has_zstd_h}" = "yes"; then
++ if test "${with_libzstd}" = "yes"; then
+ AC_DEFINE([HAVE_LIBZSTD], 1, [Define if ZSTD compression is enabled.])
+ if test "x$GNUTLS_REQUIRES_PRIVATE" = "x"; then
+ GNUTLS_REQUIRES_PRIVATE="Requires.private: libzstd"
+GitLab
diff --git a/net-libs/gnutls/gnutls-3.7.4.ebuild b/net-libs/gnutls/gnutls-3.7.4.ebuild
new file mode 100644
index 000000000000..aa86f0ac1050
--- /dev/null
+++ b/net-libs/gnutls/gnutls-3.7.4.ebuild
@@ -0,0 +1,157 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+# 3.7.4 has an additional signature from a non-listed maintainer on gnutls.org
+# and verify-sig.eclass dies on it. It does have a legitimate signature from
+# a listed maintainer though, it's just that the eclass dislikes an extra signature
+# from someone it doesn't recognise.
+# https://gitlab.com/gnutls/web-pages/-/issues/3
+#VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/gnutls.asc
+
+inherit autotools libtool multilib-minimal
+
+DESCRIPTION="A secure communications library implementing the SSL, TLS and DTLS protocols"
+HOMEPAGE="https://www.gnutls.org/"
+SRC_URI="mirror://gnupg/gnutls/v$(ver_cut 1-2)/${P}.tar.xz"
+#SRC_URI+=" verify-sig? ( mirror://gnupg/gnutls/v$(ver_cut 1-2)/${P}.tar.xz.sig )"
+
+LICENSE="GPL-3 LGPL-2.1+"
+SLOT="0/30" # libgnutls.so number
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="brotli +cxx dane doc examples guile +idn nls +openssl pkcs11 seccomp sslv2 sslv3 static-libs test test-full +tls-heartbeat tools valgrind zlib zstd"
+
+REQUIRED_USE="test-full? ( cxx dane doc examples guile idn nls openssl pkcs11 seccomp tls-heartbeat tools )"
+RESTRICT="!test? ( test )"
+
+RDEPEND=">=dev-libs/libtasn1-4.9:=[${MULTILIB_USEDEP}]
+ dev-libs/libunistring:=[${MULTILIB_USEDEP}]
+ >=dev-libs/nettle-3.6:=[gmp,${MULTILIB_USEDEP}]
+ >=dev-libs/gmp-5.1.3-r1:=[${MULTILIB_USEDEP}]
+ brotli? ( >=app-arch/brotli-1.0.0:=[${MULTILIB_USEDEP}] )
+ dane? ( >=net-dns/unbound-1.4.20:=[${MULTILIB_USEDEP}] )
+ guile? ( >=dev-scheme/guile-2:=[networking] )
+ nls? ( >=virtual/libintl-0-r1:=[${MULTILIB_USEDEP}] )
+ pkcs11? ( >=app-crypt/p11-kit-0.23.1[${MULTILIB_USEDEP}] )
+ idn? ( >=net-dns/libidn2-0.16-r1:=[${MULTILIB_USEDEP}] )
+ zlib? ( sys-libs/zlib[${MULTILIB_USEDEP}] )
+ zstd? ( >=app-arch/zstd-1.3.0:=[${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}
+ test? (
+ seccomp? ( sys-libs/libseccomp )
+ )"
+BDEPEND="
+ dev-util/gtk-doc-am
+ >=virtual/pkgconfig-0-r1
+ doc? ( dev-util/gtk-doc )
+ nls? ( sys-devel/gettext )
+ valgrind? ( dev-util/valgrind )
+ test-full? (
+ app-crypt/dieharder
+ >=app-misc/datefudge-1.22
+ dev-libs/softhsm:2[-bindist(-)]
+ net-dialup/ppp
+ net-misc/socat
+ )"
+# verify-sig? ( sec-keys/openpgp-keys-gnutls )"
+
+DOCS=( README.md doc/certtool.cfg )
+
+HTML_DOCS=()
+
+PATCHES=(
+ "${FILESDIR}"/${P}-configure-compression.patch
+)
+
+pkg_setup() {
+ # bug #520818
+ export TZ=UTC
+
+ use doc && HTML_DOCS+=(
+ doc/gnutls.html
+ )
+}
+
+src_prepare() {
+ default
+
+ # don't try to use system certificate store on macOS, it is
+ # confusingly ignoring our ca-certificates and more importantly
+ # fails to compile in certain configurations
+ sed -i -e 's/__APPLE__/__NO_APPLE__/' lib/system/certs.c || die
+
+ # Use sane .so versioning on FreeBSD.
+ #elibtoolize
+
+ # Need eautoreconf for:
+ # 1) gtk-doc macro fix
+ # (once fixed, we can drop unconditional gtk-doc-am BDEPEND too)
+ # see https://gitlab.com/gnutls/gnutls/-/issues/1341
+ #
+ # 2) configure fixes for brotli, zstd
+ # see https://gitlab.com/gnutls/gnutls/-/issues/1343
+ eautoreconf
+}
+
+multilib_src_configure() {
+ LINGUAS="${LINGUAS//en/en@boldquot en@quot}"
+
+ local libconf=()
+
+ # TPM needs to be tested before being enabled
+ # Note that this may add a libltdl dep when enabled. Check configure.ac.
+ libconf+=(
+ --without-tpm
+ --without-tpm2
+ )
+
+ # hardware-accel is disabled on OSX because the asm files force
+ # GNU-stack (as doesn't support that) and when that's removed ld
+ # complains about duplicate symbols
+ [[ ${CHOST} == *-darwin* ]] && libconf+=( --disable-hardware-acceleration )
+
+ # Cygwin as does not understand these asm files at all
+ [[ ${CHOST} == *-cygwin* ]] && libconf+=( --disable-hardware-acceleration )
+
+ local myeconfargs=(
+ $(multilib_native_enable manpages)
+ $(multilib_native_use_enable doc gtk-doc)
+ $(multilib_native_use_enable doc)
+ $(multilib_native_use_enable guile)
+ $(multilib_native_use_enable seccomp seccomp-tests)
+ $(multilib_native_use_enable test tests)
+ $(multilib_native_use_enable test-full full-test-suite)
+ $(multilib_native_use_enable tools)
+ $(multilib_native_use_enable valgrind valgrind-tests)
+ $(use_enable cxx)
+ $(use_enable dane libdane)
+ $(use_enable nls)
+ $(use_enable openssl openssl-compatibility)
+ $(use_enable sslv2 ssl2-support)
+ $(use_enable sslv3 ssl3-support)
+ $(use_enable static-libs static)
+ $(use_enable tls-heartbeat heartbeat-support)
+ $(use_with brotli)
+ $(use_with idn)
+ $(use_with pkcs11 p11-kit)
+ $(use_with zlib)
+ $(use_with zstd)
+ --disable-rpath
+ --with-default-trust-store-file="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt
+ --with-unbound-root-key-file="${EPREFIX}"/etc/dnssec/root-anchors.txt
+ --without-included-libtasn1
+ $("${S}/configure" --help | grep -o -- '--without-.*-prefix')
+ )
+ ECONF_SOURCE="${S}" econf "${libconf[@]}" "${myeconfargs[@]}"
+}
+
+multilib_src_install_all() {
+ einstalldocs
+ find "${ED}" -type f -name '*.la' -delete || die
+
+ if use examples; then
+ docinto examples
+ dodoc doc/examples/*.c
+ fi
+}
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-libs/gnutls/, net-libs/gnutls/files/
@ 2022-05-14 21:24 Sam James
0 siblings, 0 replies; 13+ messages in thread
From: Sam James @ 2022-05-14 21:24 UTC (permalink / raw
To: gentoo-commits
commit: 7ac241549034d7ca490acb1ea8321daf25b4fd21
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat May 14 04:03:23 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat May 14 21:22:25 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7ac24154
net-libs/gnutls: drop 3.7.4
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-libs/gnutls/Manifest | 2 -
.../files/gnutls-3.7.4-configure-compression.patch | 63 ---------
net-libs/gnutls/gnutls-3.7.4.ebuild | 153 ---------------------
3 files changed, 218 deletions(-)
diff --git a/net-libs/gnutls/Manifest b/net-libs/gnutls/Manifest
index b80bc56323a2..cdc465872bb4 100644
--- a/net-libs/gnutls/Manifest
+++ b/net-libs/gnutls/Manifest
@@ -1,6 +1,4 @@
DIST gnutls-3.7.2.tar.xz 6091508 BLAKE2B f408ff65f2e08cf294b449dfac64a272a8ba40e987618960f57ee36c167a25974711ab8d11bdbd6335fbf18ac902a79b5c6b40bb6a37f4ee07549832d0611df2 SHA512 5d01d561a05379da71e4847e30ba13c2abe09f7a5c4359fd539d8bd19abad0ce87120f82ee7b6264e787bd3edbc5ae16beffa892983cbc3d59f11a1811c10329
DIST gnutls-3.7.3.tar.xz 6119292 BLAKE2B 811e6fbb62fbd35fa63e66cfcbfc3bf899cea5cece1d2a68bc650f507df0f7be9f59c707c90fa19b7ef5a52455a663da49682704e0884af06075c566afbfc0bf SHA512 3ace744affe23e284342658d6d2d2de49dd50065489cbc8be18fc7d38187253e5268ca54027ce5cd517056c249ac039a7481e4548cec04325de37ae85617d077
-DIST gnutls-3.7.4.tar.xz 6131772 BLAKE2B 1c44528952275f48e4e458558c4e03c5b90dfb267482d6815f6c836f9530abb486a23ae5ea70ba2db7e272eee8e2066b259374f02a9bb9e714487466fd5994c9 SHA512 38b488ca1223d9aa8fc25756df08db6f29aaf76fb5816fdeaa14bd89fb431a2e1c495fefc64094f726337d5b89e198146ec7dc22e9a1bca6841a9d881b0d99e6
-DIST gnutls-3.7.4.tar.xz.sig 685 BLAKE2B ad485450abb916a229984f8f0d74fe7c46a0a87627f9d739f8121dccf36f4ca454007178f2a4e9bd5fffa2813363481bf80eaeee40f86e1b9c23b1f25dff7b4c SHA512 74b8badd67e215313583bd25c7b639207860af45d6f5cbcb81f1aaf46dacf0992b6d06876979594688e13dac5b8b27ba39935626374b4ddaa3e48118bbc2e7de
DIST gnutls-3.7.5.tar.xz 6321392 BLAKE2B e7b2da643dc8d5160d1872655ed6771b89587d62132eccfe0b7ce0cc9e81daa27b3608608df3301787d89148a27d321266ac52c1fde06afd2e821575e8805403 SHA512 2e4898e6aeff4f82abd48e6a442f5c9ebe4ecaeb0c038b76e2da8e468f6a7ae37fef5e8de17d90346f29aa0b56a08abf67fe8b81ba09dcf4612cc3b97b830bec
DIST gnutls-3.7.5.tar.xz.sig 685 BLAKE2B 0a7fdeae9b10382e962c5ea7b49fbb2c0829203bded123597b7718b0cd9483204498a05556da82518f40a4775c90a9b275afdbb4d6a65e7a9396bd0c40ca522a SHA512 1110b859299d13c5121f9c68d6faf099a62b13500cd1c994ac6dea49d69c29a351fd4de42bb66fe01d2e6feef9c3fbd344e8eec0a409c804699d3f7956fe28ff
diff --git a/net-libs/gnutls/files/gnutls-3.7.4-configure-compression.patch b/net-libs/gnutls/files/gnutls-3.7.4-configure-compression.patch
deleted file mode 100644
index edd688d9b58a..000000000000
--- a/net-libs/gnutls/files/gnutls-3.7.4-configure-compression.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-https://gitlab.com/gnutls/gnutls/-/merge_requests/1557
-
-From: Sam James <sam@gentoo.org>
-Date: Fri, 18 Mar 2022 05:40:28 +0000
-Subject: [PATCH 1/2] configure.ac: fix brotli/zstd configure argument name
-
-The old `./configure` arguments for brotli and zstd respectively
-were inconsistent with the `./configure --help` output.
-
-Old: --without-libbrotli --without-libzstd (also --with-*)
-New: --without-brotli --without-zstd (also --with-*)
-
-Fixes: https://gitlab.com/gnutls/gnutls/-/issues/1342
-Signed-off-by: Sam James <sam@gentoo.org>
---- a/configure.ac
-+++ b/configure.ac
-@@ -1010,7 +1010,7 @@ if test x$ac_zlib != xno; then
- fi
- AC_SUBST(LIBZ_PC)
-
--AC_ARG_WITH(libbrotli,
-+AC_ARG_WITH(brotli,
- AS_HELP_STRING([--without-brotli], [disable brotli compression support]),
- ac_brotli=$withval, ac_brotli=yes)
- AC_MSG_CHECKING([whether to include brotli compression support])
-@@ -1033,7 +1033,7 @@ else
- fi
- AM_CONDITIONAL(HAVE_LIBBROTLI, test "$with_libbrotlienc" != "no" && test "$with_libbrotlidec" != "no")
-
--AC_ARG_WITH(libzstd,
-+AC_ARG_WITH(zstd,
- AS_HELP_STRING([--without-zstd], [disable zstd compression support]),
- ac_zstd=$withval, ac_zstd=yes)
- AC_MSG_CHECKING([whether to include zstd compression support])
-GitLab
-
-From: Sam James <sam@gentoo.org>
-Date: Fri, 18 Mar 2022 05:51:29 +0000
-Subject: [PATCH 2/2] configure.ac: fix zstd detection
-
-Fixes typo in zstd detection.
-
-None of the used autoconf macros will define `has_zstd_h` so
-configure will (AFAICT) always fail to find zstd, even if it succeeded
-via pkg-config moments before.
-
-Drop it and rely solely on pkg-config as that's the only search
-we're actually doing.
-
-Fixes: https://gitlab.com/gnutls/gnutls/-/issues/1343
-Signed-off-by: Sam James <sam@gentoo.org>
---- a/configure.ac
-+++ b/configure.ac
-@@ -1040,7 +1040,7 @@ AC_MSG_CHECKING([whether to include zstd compression support])
- if test x$ac_zstd != xno; then
- AC_MSG_RESULT(yes)
- PKG_CHECK_MODULES(LIBZSTD, [libzstd >= 1.3.0], [with_libzstd=yes], [with_libzstd=no])
-- if test "${with_libzstd}" = "yes" && test "${has_zstd_h}" = "yes"; then
-+ if test "${with_libzstd}" = "yes"; then
- AC_DEFINE([HAVE_LIBZSTD], 1, [Define if ZSTD compression is enabled.])
- if test "x$GNUTLS_REQUIRES_PRIVATE" = "x"; then
- GNUTLS_REQUIRES_PRIVATE="Requires.private: libzstd"
-GitLab
diff --git a/net-libs/gnutls/gnutls-3.7.4.ebuild b/net-libs/gnutls/gnutls-3.7.4.ebuild
deleted file mode 100644
index 6eaf9997a965..000000000000
--- a/net-libs/gnutls/gnutls-3.7.4.ebuild
+++ /dev/null
@@ -1,153 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/gnutls.asc
-inherit autotools multilib-minimal verify-sig
-
-DESCRIPTION="A secure communications library implementing the SSL, TLS and DTLS protocols"
-HOMEPAGE="https://www.gnutls.org/"
-SRC_URI="mirror://gnupg/gnutls/v$(ver_cut 1-2)/${P}.tar.xz"
-SRC_URI+=" verify-sig? ( mirror://gnupg/gnutls/v$(ver_cut 1-2)/${P}.tar.xz.sig )"
-
-LICENSE="GPL-3 LGPL-2.1+"
-SLOT="0/30" # libgnutls.so number
-# Drop keywords while figuring out what to do (if anything) about USE=cxx ABI break
-# https://gitlab.com/gnutls/gnutls/-/commit/f746f7d4be0070395834bef8e7f7b6f9c8d3158b
-#KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="brotli +cxx dane doc examples guile +idn nls +openssl pkcs11 seccomp sslv2 sslv3 static-libs test test-full +tls-heartbeat tools valgrind zlib zstd"
-
-REQUIRED_USE="test-full? ( cxx dane doc examples guile idn nls openssl pkcs11 seccomp tls-heartbeat tools )"
-RESTRICT="!test? ( test )"
-
-RDEPEND=">=dev-libs/libtasn1-4.9:=[${MULTILIB_USEDEP}]
- dev-libs/libunistring:=[${MULTILIB_USEDEP}]
- >=dev-libs/nettle-3.6:=[gmp,${MULTILIB_USEDEP}]
- >=dev-libs/gmp-5.1.3-r1:=[${MULTILIB_USEDEP}]
- brotli? ( >=app-arch/brotli-1.0.0:=[${MULTILIB_USEDEP}] )
- dane? ( >=net-dns/unbound-1.4.20:=[${MULTILIB_USEDEP}] )
- guile? ( >=dev-scheme/guile-2:=[networking] )
- nls? ( >=virtual/libintl-0-r1:=[${MULTILIB_USEDEP}] )
- pkcs11? ( >=app-crypt/p11-kit-0.23.1[${MULTILIB_USEDEP}] )
- idn? ( >=net-dns/libidn2-0.16-r1:=[${MULTILIB_USEDEP}] )
- zlib? ( sys-libs/zlib[${MULTILIB_USEDEP}] )
- zstd? ( >=app-arch/zstd-1.3.0:=[${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}
- test? (
- seccomp? ( sys-libs/libseccomp )
- )"
-BDEPEND="
- dev-util/gtk-doc-am
- >=virtual/pkgconfig-0-r1
- doc? ( dev-util/gtk-doc )
- nls? ( sys-devel/gettext )
- valgrind? ( dev-util/valgrind )
- test-full? (
- app-crypt/dieharder
- >=app-misc/datefudge-1.22
- dev-libs/softhsm:2[-bindist(-)]
- net-dialup/ppp
- net-misc/socat
- )
- verify-sig? ( >=sec-keys/openpgp-keys-gnutls-20220320 )"
-
-DOCS=( README.md doc/certtool.cfg )
-
-HTML_DOCS=()
-
-PATCHES=(
- "${FILESDIR}"/${P}-configure-compression.patch
-)
-
-pkg_setup() {
- # bug #520818
- export TZ=UTC
-
- use doc && HTML_DOCS+=(
- doc/gnutls.html
- )
-}
-
-src_prepare() {
- default
-
- # don't try to use system certificate store on macOS, it is
- # confusingly ignoring our ca-certificates and more importantly
- # fails to compile in certain configurations
- sed -i -e 's/__APPLE__/__NO_APPLE__/' lib/system/certs.c || die
-
- # Use sane .so versioning on FreeBSD.
- #elibtoolize
-
- # Need eautoreconf for:
- # 1) gtk-doc macro fix
- # (once fixed, we can drop unconditional gtk-doc-am BDEPEND too)
- # see https://gitlab.com/gnutls/gnutls/-/issues/1341
- #
- # 2) configure fixes for brotli, zstd
- # see https://gitlab.com/gnutls/gnutls/-/issues/1343
- eautoreconf
-}
-
-multilib_src_configure() {
- LINGUAS="${LINGUAS//en/en@boldquot en@quot}"
-
- local libconf=()
-
- # TPM needs to be tested before being enabled
- # Note that this may add a libltdl dep when enabled. Check configure.ac.
- libconf+=(
- --without-tpm
- --without-tpm2
- )
-
- # hardware-accel is disabled on OSX because the asm files force
- # GNU-stack (as doesn't support that) and when that's removed ld
- # complains about duplicate symbols
- [[ ${CHOST} == *-darwin* ]] && libconf+=( --disable-hardware-acceleration )
-
- # Cygwin as does not understand these asm files at all
- [[ ${CHOST} == *-cygwin* ]] && libconf+=( --disable-hardware-acceleration )
-
- local myeconfargs=(
- $(multilib_native_enable manpages)
- $(multilib_native_use_enable doc gtk-doc)
- $(multilib_native_use_enable doc)
- $(multilib_native_use_enable guile)
- $(multilib_native_use_enable seccomp seccomp-tests)
- $(multilib_native_use_enable test tests)
- $(multilib_native_use_enable test-full full-test-suite)
- $(multilib_native_use_enable tools)
- $(multilib_native_use_enable valgrind valgrind-tests)
- $(use_enable cxx)
- $(use_enable dane libdane)
- $(use_enable nls)
- $(use_enable openssl openssl-compatibility)
- $(use_enable sslv2 ssl2-support)
- $(use_enable sslv3 ssl3-support)
- $(use_enable static-libs static)
- $(use_enable tls-heartbeat heartbeat-support)
- $(use_with brotli)
- $(use_with idn)
- $(use_with pkcs11 p11-kit)
- $(use_with zlib)
- $(use_with zstd)
- --disable-rpath
- --with-default-trust-store-file="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt
- --with-unbound-root-key-file="${EPREFIX}"/etc/dnssec/root-anchors.txt
- --without-included-libtasn1
- $("${S}/configure" --help | grep -o -- '--without-.*-prefix')
- )
- ECONF_SOURCE="${S}" econf "${libconf[@]}" "${myeconfargs[@]}"
-}
-
-multilib_src_install_all() {
- einstalldocs
- find "${ED}" -type f -name '*.la' -delete || die
-
- if use examples; then
- docinto examples
- dodoc doc/examples/*.c
- fi
-}
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-libs/gnutls/, net-libs/gnutls/files/
@ 2024-04-27 22:11 Sam James
0 siblings, 0 replies; 13+ messages in thread
From: Sam James @ 2024-04-27 22:11 UTC (permalink / raw
To: gentoo-commits
commit: 3e414999ed5919555adceb25d8abf547f001f034
Author: Christopher Fore <csfore <AT> posteo <DOT> net>
AuthorDate: Tue Apr 23 22:59:04 2024 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Apr 27 22:10:27 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3e414999
net-libs/gnutls: Add patch to fix Wireshark tests
- GnuTLS tests pass
- Wireshark tests pass now with this
[sam: add more references to patch]
Closes: https://bugs.gentoo.org/930529
Closes: https://bugs.gentoo.org/930752
Signed-off-by: Christopher Fore <csfore <AT> posteo.net>
Closes: https://github.com/gentoo/gentoo/pull/36392
Signed-off-by: Sam James <sam <AT> gentoo.org>
...3.8.5-fix-rsaes-pkcs1-systemd-wide-config.patch | 261 +++++++++++++++++++++
net-libs/gnutls/gnutls-3.8.5-r1.ebuild | 155 ++++++++++++
2 files changed, 416 insertions(+)
diff --git a/net-libs/gnutls/files/gnutls-3.8.5-fix-rsaes-pkcs1-systemd-wide-config.patch b/net-libs/gnutls/files/gnutls-3.8.5-fix-rsaes-pkcs1-systemd-wide-config.patch
new file mode 100644
index 000000000000..6905f793ab4f
--- /dev/null
+++ b/net-libs/gnutls/files/gnutls-3.8.5-fix-rsaes-pkcs1-systemd-wide-config.patch
@@ -0,0 +1,261 @@
+https://bugs.gentoo.org/930752
+https://bugs.gentoo.org/930529
+https://gitlab.com/gnutls/gnutls/-/issues/1540
+https://gitlab.com/gnutls/gnutls/-/merge_requests/1830
+https://gitlab.com/gnutls/gnutls/-/commit/2d73d945c4b1dfcf8d2328c4d23187d62ffaab2d
+
+From 2d73d945c4b1dfcf8d2328c4d23187d62ffaab2d Mon Sep 17 00:00:00 2001
+From: Zoltan Fridrich <zfridric@redhat.com>
+Date: Wed, 10 Apr 2024 12:51:33 +0200
+Subject: [PATCH] Fix RSAES-PKCS1-v1_5 system-wide configuration
+
+Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
+--- a/lib/priority.c
++++ b/lib/priority.c
+@@ -1018,6 +1018,12 @@ struct cfg {
+ bool force_ext_master_secret_set;
+ };
+
++static inline void cfg_init(struct cfg *cfg)
++{
++ memset(cfg, 0, sizeof(*cfg));
++ cfg->allow_rsa_pkcs1_encrypt = true;
++}
++
+ static inline void cfg_deinit(struct cfg *cfg)
+ {
+ if (cfg->priority_strings) {
+@@ -1095,6 +1101,12 @@ struct ini_ctx {
+ size_t curves_size;
+ };
+
++static inline void ini_ctx_init(struct ini_ctx *ctx)
++{
++ memset(ctx, 0, sizeof(*ctx));
++ cfg_init(&ctx->cfg);
++}
++
+ static inline void ini_ctx_deinit(struct ini_ctx *ctx)
+ {
+ cfg_deinit(&ctx->cfg);
+@@ -1423,9 +1435,6 @@ static inline int cfg_apply(struct cfg *cfg, struct ini_ctx *ctx)
+ _gnutls_default_priority_string = cfg->default_priority_string;
+ }
+
+- /* enable RSA-PKCS1-V1_5 by default */
+- cfg->allow_rsa_pkcs1_encrypt = true;
+-
+ if (cfg->allowlisting) {
+ /* also updates `flags` of global `hash_algorithms[]` */
+ ret = cfg_hashes_set_array(cfg, ctx->hashes, ctx->hashes_size);
+@@ -2217,22 +2226,73 @@ update_system_wide_priority_string(void)
+ return 0;
+ }
+
++/* Returns false on parse error, otherwise true.
++ * The system_wide_config must be locked for writing.
++ */
++static inline bool load_system_priority_file(void)
++{
++ int err;
++ FILE *fp;
++ struct ini_ctx ctx;
++
++ cfg_init(&system_wide_config);
++
++ fp = fopen(system_priority_file, "re");
++ if (fp == NULL) {
++ _gnutls_debug_log("cfg: unable to open: %s: %d\n",
++ system_priority_file, errno);
++ return true;
++ }
++
++ /* Parsing the configuration file needs to be done in 2 phases:
++ * first parsing the [global] section
++ * and then the other sections,
++ * because the [global] section modifies the parsing behavior.
++ */
++ ini_ctx_init(&ctx);
++ err = ini_parse_file(fp, global_ini_handler, &ctx);
++ if (!err) {
++ if (fseek(fp, 0L, SEEK_SET) < 0) {
++ _gnutls_debug_log("cfg: unable to rewind: %s\n",
++ system_priority_file);
++ if (fail_on_invalid_config)
++ exit(1);
++ }
++ err = ini_parse_file(fp, cfg_ini_handler, &ctx);
++ }
++ fclose(fp);
++ if (err) {
++ ini_ctx_deinit(&ctx);
++ _gnutls_debug_log("cfg: unable to parse: %s: %d\n",
++ system_priority_file, err);
++ return false;
++ }
++ cfg_apply(&system_wide_config, &ctx);
++ ini_ctx_deinit(&ctx);
++ return true;
++}
++
+ static int _gnutls_update_system_priorities(bool defer_system_wide)
+ {
+- int ret, err = 0;
++ int ret;
++ bool config_parse_error = false;
+ struct stat sb;
+- FILE *fp;
+ gnutls_buffer_st buf;
+- struct ini_ctx ctx;
+
+ ret = gnutls_rwlock_rdlock(&system_wide_config_rwlock);
+- if (ret < 0) {
++ if (ret < 0)
+ return gnutls_assert_val(ret);
+- }
+
+ if (stat(system_priority_file, &sb) < 0) {
+ _gnutls_debug_log("cfg: unable to access: %s: %d\n",
+ system_priority_file, errno);
++
++ (void)gnutls_rwlock_unlock(&system_wide_config_rwlock);
++ ret = gnutls_rwlock_wrlock(&system_wide_config_rwlock);
++ if (ret < 0)
++ goto out;
++ /* If system-wide config is unavailable, apply the defaults */
++ cfg_init(&system_wide_config);
+ goto out;
+ }
+
+@@ -2240,63 +2300,27 @@ static int _gnutls_update_system_priorities(bool defer_system_wide)
+ system_priority_last_mod == sb.st_mtime) {
+ _gnutls_debug_log("cfg: system priority %s has not changed\n",
+ system_priority_file);
+- if (system_wide_config.priority_string) {
++ if (system_wide_config.priority_string)
+ goto out; /* nothing to do */
+- }
+ }
+
+ (void)gnutls_rwlock_unlock(&system_wide_config_rwlock);
+
+ ret = gnutls_rwlock_wrlock(&system_wide_config_rwlock);
+- if (ret < 0) {
++ if (ret < 0)
+ return gnutls_assert_val(ret);
+- }
+
+ /* Another thread could have successfully re-read system-wide config,
+ * skip re-reading if the mtime it has used is exactly the same.
+ */
+- if (system_priority_file_loaded) {
++ if (system_priority_file_loaded)
+ system_priority_file_loaded =
+ (system_priority_last_mod == sb.st_mtime);
+- }
+
+ if (!system_priority_file_loaded) {
+- _name_val_array_clear(&system_wide_config.priority_strings);
+-
+- gnutls_free(system_wide_config.priority_string);
+- system_wide_config.priority_string = NULL;
+-
+- fp = fopen(system_priority_file, "re");
+- if (fp == NULL) {
+- _gnutls_debug_log("cfg: unable to open: %s: %d\n",
+- system_priority_file, errno);
++ config_parse_error = !load_system_priority_file();
++ if (config_parse_error)
+ goto out;
+- }
+- /* Parsing the configuration file needs to be done in 2 phases:
+- * first parsing the [global] section
+- * and then the other sections,
+- * because the [global] section modifies the parsing behavior.
+- */
+- memset(&ctx, 0, sizeof(ctx));
+- err = ini_parse_file(fp, global_ini_handler, &ctx);
+- if (!err) {
+- if (fseek(fp, 0L, SEEK_SET) < 0) {
+- _gnutls_debug_log("cfg: unable to rewind: %s\n",
+- system_priority_file);
+- if (fail_on_invalid_config)
+- exit(1);
+- }
+- err = ini_parse_file(fp, cfg_ini_handler, &ctx);
+- }
+- fclose(fp);
+- if (err) {
+- ini_ctx_deinit(&ctx);
+- _gnutls_debug_log("cfg: unable to parse: %s: %d\n",
+- system_priority_file, err);
+- goto out;
+- }
+- cfg_apply(&system_wide_config, &ctx);
+- ini_ctx_deinit(&ctx);
+ _gnutls_debug_log("cfg: loaded system config %s mtime %lld\n",
+ system_priority_file,
+ (unsigned long long)sb.st_mtime);
+@@ -2332,9 +2356,8 @@ static int _gnutls_update_system_priorities(bool defer_system_wide)
+ out:
+ (void)gnutls_rwlock_unlock(&system_wide_config_rwlock);
+
+- if (err && fail_on_invalid_config) {
++ if (config_parse_error && fail_on_invalid_config)
+ exit(1);
+- }
+
+ return ret;
+ }
+--- a/tests/system-override-allow-rsa-pkcs1-encrypt.sh
++++ b/tests/system-override-allow-rsa-pkcs1-encrypt.sh
+@@ -19,9 +19,8 @@
+ # You should have received a copy of the GNU Lesser General Public License
+ # along with this program. If not, see <https://www.gnu.org/licenses/>
+
+-: ${srcdir=.}
+-TEST=${srcdir}/rsaes-pkcs1-v1_5
+-CONF=${srcdir}/config.$$.tmp
++TEST=${builddir}/rsaes-pkcs1-v1_5
++CONF=config.$$.tmp
+ export GNUTLS_SYSTEM_PRIORITY_FILE=${CONF}
+ export GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID=1
+
+@@ -38,15 +37,33 @@ cat <<_EOF_ > ${CONF}
+ allow-rsa-pkcs1-encrypt = true
+ _EOF_
+
+-${TEST} && fail "RSAES-PKCS1-v1_5 expected to succeed"
++${TEST}
++if [ $? != 0 ]; then
++ echo "${TEST} expected to succeed"
++ exit 1
++fi
++echo "RSAES-PKCS1-v1_5 successfully enabled"
+
+ cat <<_EOF_ > ${CONF}
+ [overrides]
+ allow-rsa-pkcs1-encrypt = false
+ _EOF_
+
+-${TEST} || fail "RSAES-PKCS1-v1_5 expected to fail"
++${TEST}
++if [ $? = 0 ]; then
++ echo "${TEST} expected to fail"
++ exit 1
++fi
++echo "RSAES-PKCS1-v1_5 successfully disabled"
+
+ unset GNUTLS_SYSTEM_PRIORITY_FILE
+ unset GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID
++
++${TEST}
++if [ $? != 0 ]; then
++ echo "${TEST} expected to succeed by default"
++ exit 1
++fi
++echo "RSAES-PKCS1-v1_5 successfully enabled by default"
++
+ exit 0
+--
+GitLab
diff --git a/net-libs/gnutls/gnutls-3.8.5-r1.ebuild b/net-libs/gnutls/gnutls-3.8.5-r1.ebuild
new file mode 100644
index 000000000000..24fba955fe8e
--- /dev/null
+++ b/net-libs/gnutls/gnutls-3.8.5-r1.ebuild
@@ -0,0 +1,155 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/gnutls.asc
+inherit libtool multilib-minimal verify-sig
+
+DESCRIPTION="A secure communications library implementing the SSL, TLS and DTLS protocols"
+HOMEPAGE="https://www.gnutls.org/"
+SRC_URI="mirror://gnupg/gnutls/v$(ver_cut 1-2)/${P}.tar.xz"
+SRC_URI+=" verify-sig? ( mirror://gnupg/gnutls/v$(ver_cut 1-2)/${P}.tar.xz.sig )"
+
+LICENSE="GPL-3 LGPL-2.1+"
+# As of 3.8.0, the C++ library is header-only, but we won't drop the subslot
+# component for it until libgnutls.so breaks ABI, to avoid pointless rebuilds.
+# Subslot format:
+# <libgnutls.so number>.<libgnutlsxx.so number>
+SLOT="0/30.30"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+IUSE="brotli +cxx dane doc examples +idn nls +openssl pkcs11 seccomp sslv2 sslv3 static-libs test test-full +tls-heartbeat tools zlib zstd"
+REQUIRED_USE="test-full? ( cxx dane doc examples idn nls openssl pkcs11 seccomp tls-heartbeat tools )"
+RESTRICT="!test? ( test )"
+
+RDEPEND="
+ >=dev-libs/libtasn1-4.9:=[${MULTILIB_USEDEP}]
+ dev-libs/libunistring:=[${MULTILIB_USEDEP}]
+ >=dev-libs/nettle-3.6:=[gmp,${MULTILIB_USEDEP}]
+ >=dev-libs/gmp-5.1.3-r1:=[${MULTILIB_USEDEP}]
+ brotli? ( >=app-arch/brotli-1.0.0:=[${MULTILIB_USEDEP}] )
+ dane? ( >=net-dns/unbound-1.4.20:=[${MULTILIB_USEDEP}] )
+ nls? ( >=virtual/libintl-0-r1:=[${MULTILIB_USEDEP}] )
+ pkcs11? ( >=app-crypt/p11-kit-0.23.1[${MULTILIB_USEDEP}] )
+ idn? ( >=net-dns/libidn2-0.16-r1:=[${MULTILIB_USEDEP}] )
+ zlib? ( sys-libs/zlib[${MULTILIB_USEDEP}] )
+ zstd? ( >=app-arch/zstd-1.3.0:=[${MULTILIB_USEDEP}] )
+"
+DEPEND="
+ ${RDEPEND}
+ test? (
+ seccomp? ( sys-libs/libseccomp )
+ )
+"
+BDEPEND="
+ dev-build/gtk-doc-am
+ >=virtual/pkgconfig-0-r1
+ doc? ( dev-util/gtk-doc )
+ nls? ( sys-devel/gettext )
+ test-full? (
+ app-crypt/dieharder
+ || ( sys-libs/libfaketime >=app-misc/datefudge-1.22 )
+ dev-libs/softhsm:2[-bindist(-)]
+ net-dialup/ppp
+ net-misc/socat
+ )
+ verify-sig? ( >=sec-keys/openpgp-keys-gnutls-20240415 )
+"
+
+DOCS=( README.md doc/certtool.cfg )
+
+HTML_DOCS=()
+
+QA_CONFIG_IMPL_DECL_SKIP=(
+ # gnulib FPs
+ MIN
+ alignof
+ static_assert
+)
+
+PATCHES=(
+ # Should no longer be needed for the next release
+ # bug #930529
+ "${FILESDIR}"/${PN}-3.8.5-fix-rsaes-pkcs1-systemd-wide-config.patch
+)
+
+src_prepare() {
+ default
+
+ # bug #520818
+ export TZ=UTC
+
+ use doc && HTML_DOCS+=( doc/gnutls.html )
+
+ # don't try to use system certificate store on macOS, it is
+ # confusingly ignoring our ca-certificates and more importantly
+ # fails to compile in certain configurations
+ sed -i -e 's/__APPLE__/__NO_APPLE__/' lib/system/certs.c || die
+
+ # Use sane .so versioning on FreeBSD.
+ elibtoolize
+}
+
+multilib_src_configure() {
+ LINGUAS="${LINGUAS//en/en@boldquot en@quot}"
+
+ local libconf=()
+
+ # TPM needs to be tested before being enabled
+ # Note that this may add a libltdl dep when enabled. Check configure.ac.
+ libconf+=(
+ --without-tpm
+ --without-tpm2
+ )
+
+ # hardware-accel is disabled on OSX because the asm files force
+ # GNU-stack (as doesn't support that) and when that's removed ld
+ # complains about duplicate symbols
+ [[ ${CHOST} == *-darwin* ]] && libconf+=( --disable-hardware-acceleration )
+
+ # -fanalyzer substantially slows down the build and isn't useful for
+ # us. It's useful for upstream as it's static analysis, but it's not
+ # useful when just getting something built.
+ export gl_cv_warn_c__fanalyzer=no
+
+ local myeconfargs=(
+ --disable-valgrind-tests
+ $(multilib_native_enable manpages)
+ $(multilib_native_use_enable doc gtk-doc)
+ $(multilib_native_use_enable doc)
+ $(multilib_native_use_enable seccomp seccomp-tests)
+ $(multilib_native_use_enable test tests)
+ $(multilib_native_use_enable test-full full-test-suite)
+ $(multilib_native_use_enable tools)
+ $(use_enable cxx)
+ $(use_enable dane libdane)
+ $(use_enable nls)
+ $(use_enable openssl openssl-compatibility)
+ $(use_enable sslv2 ssl2-support)
+ $(use_enable sslv3 ssl3-support)
+ $(use_enable static-libs static)
+ $(use_enable tls-heartbeat heartbeat-support)
+ $(use_with brotli)
+ $(use_with idn)
+ $(use_with pkcs11 p11-kit)
+ $(use_with zlib)
+ $(use_with zstd)
+ --disable-rpath
+ --with-default-trust-store-file="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt
+ --with-unbound-root-key-file="${EPREFIX}"/etc/dnssec/root-anchors.txt
+ --without-included-libtasn1
+ $("${S}/configure" --help | grep -o -- '--without-.*-prefix')
+ )
+
+ ECONF_SOURCE="${S}" econf "${libconf[@]}" "${myeconfargs[@]}"
+}
+
+multilib_src_install_all() {
+ einstalldocs
+ find "${ED}" -type f -name '*.la' -delete || die
+
+ if use examples; then
+ docinto examples
+ dodoc doc/examples/*.c
+ fi
+}
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-libs/gnutls/, net-libs/gnutls/files/
@ 2024-08-16 23:28 Sam James
0 siblings, 0 replies; 13+ messages in thread
From: Sam James @ 2024-08-16 23:28 UTC (permalink / raw
To: gentoo-commits
commit: 2af3693a618cef6ede54b783d048767482ae21a6
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Aug 16 23:24:46 2024 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Aug 16 23:25:12 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2af3693a
net-libs/gnutls: fix configure handling of brotli args
Revbump given it could be automagic.
Closes: https://bugs.gentoo.org/937997
Signed-off-by: Sam James <sam <AT> gentoo.org>
.../files/gnutls-3.8.7.1-configure-brotli.patch | 156 +++++++++++++++++++++
...tls-3.8.7.1.ebuild => gnutls-3.8.7.1-r1.ebuild} | 11 +-
2 files changed, 165 insertions(+), 2 deletions(-)
diff --git a/net-libs/gnutls/files/gnutls-3.8.7.1-configure-brotli.patch b/net-libs/gnutls/files/gnutls-3.8.7.1-configure-brotli.patch
new file mode 100644
index 000000000000..1dac6f514f0b
--- /dev/null
+++ b/net-libs/gnutls/files/gnutls-3.8.7.1-configure-brotli.patch
@@ -0,0 +1,156 @@
+https://bugs.gentoo.org/937997
+https://gitlab.com/gnutls/gnutls/-/merge_requests/1867
+
+From 292f96f26d7ce80e4a165c903c4fd569b85c1c1f Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Fri, 16 Aug 2024 09:42:15 +0900
+Subject: [PATCH 1/3] build: fix setting AM_CONDITIONAL for brotli and zstd
+
+As the with_{libbrotli,libzsttd} variables are unset if configured
+with --without-{brotli,zstd}, check the unequality to "no" doesn't
+work; use explicit matching with "yes" instead.
+
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+--- a/configure.ac
++++ b/configure.ac
+@@ -1158,7 +1158,7 @@ if test x$ac_brotli != xno; then
+ else
+ AC_MSG_RESULT(no)
+ fi
+-AM_CONDITIONAL(HAVE_LIBBROTLI, test "$with_libbrotlienc" != "no" && test "$with_libbrotlidec" != "no")
++AM_CONDITIONAL(HAVE_LIBBROTLI, test "$with_libbrotlienc" = yes && test "$with_libbrotlidec" = yes)
+
+ AS_IF([test "$ac_cv_dlopen_soname_works" = yes], [
+ save_CFLAGS=$CFLAGS
+@@ -1203,7 +1203,7 @@ if test x$ac_zstd != xno; then
+ else
+ AC_MSG_RESULT(no)
+ fi
+-AM_CONDITIONAL(HAVE_LIBZSTD, test "$with_libzstd" != "no")
++AM_CONDITIONAL(HAVE_LIBZSTD, test "$with_libzstd" = yes)
+
+ AS_IF([test "$ac_cv_dlopen_soname_works" = yes], [
+ save_CFLAGS=$CFLAGS
+--
+GitLab
+
+
+From 546153198d2fb8fc4902f23de6254bb7988de534 Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Fri, 16 Aug 2024 09:48:31 +0900
+Subject: [PATCH 2/3] build: don't emit Requires.private for dlopened libraries
+
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+--- a/configure.ac
++++ b/configure.ac
+@@ -1100,11 +1100,6 @@ if test x$ac_zlib != xno; then
+ PKG_CHECK_EXISTS(zlib, ZLIB_HAS_PKGCONFIG=y, ZLIB_HAS_PKGCONFIG=n)
+ if test "$ZLIB_HAS_PKGCONFIG" = "y" ; then
+ PKG_CHECK_MODULES(ZLIB, [zlib])
+- if test "x$GNUTLS_REQUIRES_PRIVATE" = x; then
+- GNUTLS_REQUIRES_PRIVATE="Requires.private: zlib"
+- else
+- GNUTLS_REQUIRES_PRIVATE="$GNUTLS_REQUIRES_PRIVATE, zlib"
+- fi
+ ac_zlib=yes
+ else
+ AC_LIB_HAVE_LINKFLAGS(z,, [#include <zlib.h>], [compress (0, 0, 0, 0);])
+@@ -1134,6 +1129,13 @@ AS_IF([test "$ac_cv_dlopen_soname_works" = yes], [
+ compress (0, 0, 0, 0);])])
+ LIBS="$save_LIBS"
+ CFLAGS="$save_CFLAGS"
++],
++ [test "$ZLIB_HAS_PKGCONFIG" = y && test "$ac_zlib" = yes], [
++ if test "x$GNUTLS_REQUIRES_PRIVATE" = x; then
++ GNUTLS_REQUIRES_PRIVATE="Requires.private: zlib"
++ else
++ GNUTLS_REQUIRES_PRIVATE="$GNUTLS_REQUIRES_PRIVATE, zlib"
++ fi
+ ])
+
+ AC_ARG_WITH(brotli,
+@@ -1146,11 +1148,6 @@ if test x$ac_brotli != xno; then
+ PKG_CHECK_MODULES(LIBBROTLIDEC, [libbrotlidec >= 1.0.0], [with_libbrotlidec=yes], [with_libbrotlidec=no])
+ if test "${with_libbrotlienc}" = "yes" && test "${with_libbrotlidec}" = "yes"; then
+ AC_DEFINE([HAVE_LIBBROTLI], 1, [Define if BROTLI compression is enabled.])
+- if test "x$GNUTLS_REQUIRES_PRIVATE" = "x"; then
+- GNUTLS_REQUIRES_PRIVATE="Requires.private: libbrotlienc, libbrotlidec"
+- else
+- GNUTLS_REQUIRES_PRIVATE="${GNUTLS_REQUIRES_PRIVATE}, libbrotlienc, libbrotlidec"
+- fi
+ need_ltlibdl=yes
+ else
+ AC_MSG_WARN(*** LIBBROTLI was not found. You will not be able to use BROTLI compression.)
+@@ -1180,6 +1177,13 @@ AS_IF([test "$ac_cv_dlopen_soname_works" = yes], [
+ BrotliDecoderVersion();])])
+ LIBS="$save_LIBS"
+ CFLAGS="$save_CFLAGS"
++],
++ [test "$with_libbrotlienc" = yes && test "$with_libbrotlidec" = yes], [
++ if test "x$GNUTLS_REQUIRES_PRIVATE" = "x"; then
++ GNUTLS_REQUIRES_PRIVATE="Requires.private: libbrotlienc, libbrotlidec"
++ else
++ GNUTLS_REQUIRES_PRIVATE="${GNUTLS_REQUIRES_PRIVATE}, libbrotlienc, libbrotlidec"
++ fi
+ ])
+
+ AC_ARG_WITH(zstd,
+@@ -1191,11 +1195,6 @@ if test x$ac_zstd != xno; then
+ PKG_CHECK_MODULES(LIBZSTD, [libzstd >= 1.3.0], [with_libzstd=yes], [with_libzstd=no])
+ if test "${with_libzstd}" = "yes"; then
+ AC_DEFINE([HAVE_LIBZSTD], 1, [Define if ZSTD compression is enabled.])
+- if test "x$GNUTLS_REQUIRES_PRIVATE" = "x"; then
+- GNUTLS_REQUIRES_PRIVATE="Requires.private: libzstd"
+- else
+- GNUTLS_REQUIRES_PRIVATE="${GNUTLS_REQUIRES_PRIVATE}, libzstd"
+- fi
+ need_ltlibdl=yes
+ else
+ AC_MSG_WARN(*** LIBZSTD was not found. You will not be able to use ZSTD compression.)
+@@ -1215,6 +1214,13 @@ AS_IF([test "$ac_cv_dlopen_soname_works" = yes], [
+ ZSTD_versionNumber();])])
+ LIBS="$save_LIBS"
+ CFLAGS="$save_CFLAGS"
++],
++ [test "$with_libzstd" = yes], [
++ if test "x$GNUTLS_REQUIRES_PRIVATE" = "x"; then
++ GNUTLS_REQUIRES_PRIVATE="Requires.private: libzstd"
++ else
++ GNUTLS_REQUIRES_PRIVATE="${GNUTLS_REQUIRES_PRIVATE}, libzstd"
++ fi
+ ])
+
+ AC_ARG_WITH(liboqs,
+--
+GitLab
+
+
+From 8d0ec0ccdfeaae0d56426169d4c7b490e3b07826 Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Fri, 16 Aug 2024 13:35:47 +0900
+Subject: [PATCH 3/3] build: add liboqs in Requires.private in gnutls.pc if
+ needed
+
+When --with-liboqs is specified and liboqs cannot be dlopen'ed, it
+will be linked at build time. In that case gnutls.pc should indicate
+that through Requires.private.
+
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+--- a/configure.ac
++++ b/configure.ac
+@@ -1256,6 +1256,13 @@ AS_IF([test "$ac_cv_dlopen_soname_works" = yes], [
+ OQS_version ();])])
+ LIBS="$save_LIBS"
+ CFLAGS="$save_CFLAGS"
++],
++ [test "$have_liboqs" = yes], [
++ if test "x$GNUTLS_REQUIRES_PRIVATE" = x; then
++ GNUTLS_REQUIRES_PRIVATE="Requires.private: liboqs"
++ else
++ GNUTLS_REQUIRES_PRIVATE="$GNUTLS_REQUIRES_PRIVATE, liboqs"
++ fi
+ ])
+
+ AM_CONDITIONAL(NEED_LTLIBDL, test "$need_ltlibdl" = yes)
+--
+GitLab
diff --git a/net-libs/gnutls/gnutls-3.8.7.1.ebuild b/net-libs/gnutls/gnutls-3.8.7.1-r1.ebuild
similarity index 96%
rename from net-libs/gnutls/gnutls-3.8.7.1.ebuild
rename to net-libs/gnutls/gnutls-3.8.7.1-r1.ebuild
index 7d5cb7b66fec..3474e58c4983 100644
--- a/net-libs/gnutls/gnutls-3.8.7.1.ebuild
+++ b/net-libs/gnutls/gnutls-3.8.7.1-r1.ebuild
@@ -4,7 +4,7 @@
EAPI=8
VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/gnutls.asc
-inherit libtool multilib-minimal verify-sig flag-o-matic
+inherit autotools multilib-minimal verify-sig flag-o-matic
DESCRIPTION="A secure communications library implementing the SSL, TLS and DTLS protocols"
HOMEPAGE="https://www.gnutls.org/"
@@ -72,6 +72,10 @@ QA_CONFIG_IMPL_DECL_SKIP=(
static_assert
)
+PATCHES=(
+ "${FILESDIR}"/${PN}-3.8.7.1-configure-brotli.patch
+)
+
src_prepare() {
default
@@ -93,7 +97,10 @@ src_prepare() {
fi
# Use sane .so versioning on FreeBSD.
- elibtoolize
+ #elibtoolize
+
+ # Switch back to elibtoolize after 3.8.7.1
+ eautoreconf
}
multilib_src_configure() {
^ permalink raw reply related [flat|nested] 13+ messages in thread
end of thread, other threads:[~2024-08-16 23:28 UTC | newest]
Thread overview: 13+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-09-04 16:14 [gentoo-commits] repo/gentoo:master commit in: net-libs/gnutls/, net-libs/gnutls/files/ Thomas Deutschmann
-- strict thread matches above, loose matches on Subject: below --
2024-08-16 23:28 Sam James
2024-04-27 22:11 Sam James
2022-05-14 21:24 Sam James
2022-03-18 6:16 Sam James
2021-05-23 11:48 David Seifert
2021-03-28 6:08 Thomas Deutschmann
2020-06-09 14:58 Thomas Deutschmann
2019-01-06 19:27 Alon Bar-Lev
2017-09-09 19:34 Alon Bar-Lev
2017-05-19 15:50 Alon Bar-Lev
2016-08-12 16:43 Alon Bar-Lev
2015-12-19 11:27 Alon Bar-Lev
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox