* [gentoo-commits] repo/proj/libressl:master commit in: dev-libs/xmlsec/, dev-libs/xmlsec/files/
@ 2023-06-08 19:04 orbea
0 siblings, 0 replies; 3+ messages in thread
From: orbea @ 2023-06-08 19:04 UTC (permalink / raw
To: gentoo-commits
commit: d6e1b4f9052d69927fca7a78817b94eec5e492f2
Author: orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Thu Jun 8 19:01:37 2023 +0000
Commit: orbea <orbea <AT> riseup <DOT> net>
CommitDate: Thu Jun 8 19:02:50 2023 +0000
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=d6e1b4f9
dev-libs/xmlsec: add 1.3.0-r1
Upstream-PR: https://github.com/lsh123/xmlsec/pull/654
Upstream-Commit: https://github.com/lsh123/xmlsec/commit/dfdf981f3522e4059170b504fb6fd40b37c9d70f
Upstream-Issue: https://github.com/lsh123/xmlsec/issues/665
Upstream-PR: https://github.com/lsh123/xmlsec/pull/666
Upstream-Commit: https://github.com/lsh123/xmlsec/commit/1ee1754c5ab8f0071adbde92d3a007729df7c5a7
Upstream-PR: https://github.com/lsh123/xmlsec/pull/667
Upstream-Commit: https://github.com/lsh123/xmlsec/commit/c9b0dcd01af1ecaed828269b734861cb93edeae3
Signed-off-by: orbea <orbea <AT> riseup.net>
dev-libs/xmlsec/Manifest | 1 +
dev-libs/xmlsec/files/xmlsec-1.3.0-clang.patch | 19 +
dev-libs/xmlsec/files/xmlsec-1.3.0-libressl.patch | 525 +++++++++++++++++++++
.../xmlsec/files/xmlsec-1.3.0-optimisation.patch | 11 +
.../files/xmlsec-1.3.0-strict-prototypes.patch | 21 +
dev-libs/xmlsec/xmlsec-1.3.0-r1.ebuild | 96 ++++
6 files changed, 673 insertions(+)
diff --git a/dev-libs/xmlsec/Manifest b/dev-libs/xmlsec/Manifest
index 63c3df8..d0d51ac 100644
--- a/dev-libs/xmlsec/Manifest
+++ b/dev-libs/xmlsec/Manifest
@@ -1,2 +1,3 @@
DIST xmlsec1-1.2.36.tar.gz 2005656 BLAKE2B 617f7532f3e0401357261d1294f7f497e81f79538b223616433b007a5d3132e9e4ec7a40f36e909759f996754b95c060386ec9740165fb1b045809142e9fae35 SHA512 7545935d33236bc8ec79b9173c8c0967df5c96bb9e2d5c8edacfb5ffb366ff8d087eada0cebb1de81a477f93d40544bf0a12abcdbc60874ecaecb9c8dd33dfe3
DIST xmlsec1-1.2.37.tar.gz 2009175 BLAKE2B 19f43ba6bf6eb49428b9c5563baecbab21476f326cceee13785ae16769afa258f100732831c0f3f7d160543bd075cdcfdc5cbf11b7406637ee6c2f0e27c07f30 SHA512 99220cb28a346ffac0023f9f177d6a7be3ddcea04bea434b7dc926c1f0aaa5564d75f74f92896ac100179c04d77e001f688ddf46fed4e0a0b4f20b7b87c24900
+DIST xmlsec1-1.3.0.tar.gz 2425729 BLAKE2B a83d0117aaf1824a8a8f597f73ab1b76bcd1a9f0bb5d160df6c775f70cd2485f8e09c250f4ddbb4d42ba35549f9617d06f5470a91306757b4d5d54fdc0684f3c SHA512 ac1b1b88336959f54ef7fcfd6b9ff0feb2ba00a966a8e5b4efb97e802a1f9bb7adf5f4524c7f169344a1b7258377b5a7e879a0ab5ce25cfae3b05eac9b54729d
diff --git a/dev-libs/xmlsec/files/xmlsec-1.3.0-clang.patch b/dev-libs/xmlsec/files/xmlsec-1.3.0-clang.patch
new file mode 100644
index 0000000..a8e8a9b
--- /dev/null
+++ b/dev-libs/xmlsec/files/xmlsec-1.3.0-clang.patch
@@ -0,0 +1,19 @@
+https://bugs.gentoo.org/904418
+https://github.com/lsh123/xmlsec/commit/0682c1d4be1e1d5d0f3cf5c4d2301dc3da09d677
+
+From 0682c1d4be1e1d5d0f3cf5c4d2301dc3da09d677 Mon Sep 17 00:00:00 2001
+From: lsh123 <aleksey@aleksey.com>
+Date: Thu, 13 Apr 2023 09:49:25 -0400
+Subject: [PATCH] Add newline (#628)
+
+Issue #626
+--- a/src/openssl/symkeys.c
++++ b/src/openssl/symkeys.c
+@@ -618,4 +618,4 @@ xmlSecOpenSSLKeyDataPbkdf2Set(xmlSecKeyDataPtr data, const xmlSecByte* buf, xmlS
+
+ return(xmlSecBufferSetData(buffer, buf, bufSize));
+ }
+-#endif /* XMLSEC_NO_PBKDF2 */
+\ No newline at end of file
++#endif /* XMLSEC_NO_PBKDF2 */
+
diff --git a/dev-libs/xmlsec/files/xmlsec-1.3.0-libressl.patch b/dev-libs/xmlsec/files/xmlsec-1.3.0-libressl.patch
new file mode 100644
index 0000000..a273350
--- /dev/null
+++ b/dev-libs/xmlsec/files/xmlsec-1.3.0-libressl.patch
@@ -0,0 +1,525 @@
+https://github.com/lsh123/xmlsec/pull/654
+https://github.com/lsh123/xmlsec/commit/dfdf981f3522e4059170b504fb6fd40b37c9d70f
+
+From dfdf981f3522e4059170b504fb6fd40b37c9d70f Mon Sep 17 00:00:00 2001
+From: orbea <orbea@riseup.net>
+Date: Tue, 30 May 2023 07:36:12 -0700
+Subject: [PATCH] openssl_compat.h: Update LibreSSL UI_null() compat (#654)
+
+LibreSSL added UI_null() in 3.7.1.
+---
+ src/openssl/openssl_compat.h | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+https://github.com/lsh123/xmlsec/issues/665
+https://github.com/lsh123/xmlsec/pull/666
+https://github.com/lsh123/xmlsec/commit/1ee1754c5ab8f0071adbde92d3a007729df7c5a7
+
+From 1ee1754c5ab8f0071adbde92d3a007729df7c5a7 Mon Sep 17 00:00:00 2001
+From: lsh123 <aleksey@aleksey.com>
+Date: Sat, 3 Jun 2023 13:30:01 -0400
+Subject: [PATCH] Fix Libressl support and bump min version to 3.6 (issue #665)
+ (#666)
+
+---
+ Makefile.am | 5 +-
+ configure.ac | 7 ++-
+ docs/download.html | 4 +-
+ include/xmlsec/openssl/crypto.h | 4 +-
+ src/nss/README.md | 2 +-
+ src/openssl/README.md | 5 +-
+ src/openssl/app.c | 30 +++++++--
+ src/openssl/openssl_compat.h | 30 +++++----
+ src/openssl/x509.c | 62 +++++++++++++++++++
+ .../enveloping-ripemd160-rsa-ripemd160.xml | 60 +++++++++++-------
+ tests/testrun.sh | 17 ++++-
+ 11 files changed, 172 insertions(+), 54 deletions(-)
+
+https://github.com/lsh123/xmlsec/pull/667
+https://github.com/lsh123/xmlsec/commit/c9b0dcd01af1ecaed828269b734861cb93edeae3
+
+From c9b0dcd01af1ecaed828269b734861cb93edeae3 Mon Sep 17 00:00:00 2001
+From: lsh123 <aleksey@aleksey.com>
+Date: Sat, 3 Jun 2023 15:37:50 -0400
+Subject: [PATCH] Downgrade to LibreSSL 3.5 (#667)
+
+---
+ configure.ac | 4 ++--
+ docs/download.html | 2 +-
+ include/xmlsec/openssl/crypto.h | 2 +-
+ src/openssl/README.md | 2 +-
+ src/openssl/app.c | 3 ++-
+ src/openssl/openssl_compat.h | 5 ++++-
+ src/openssl/x509.c | 8 ++++----
+ 7 files changed, 15 insertions(+), 11 deletions(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index 67f0d9ae..626efef1 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -71,14 +71,18 @@ EXTRA_CLEAN = \
+ ABS_SRCDIR=@abs_srcdir@
+ ABS_BUILDDIR=@abs_builddir@
+ XMLSEC_OPENSSL_TEST_CONFIG=@OPENSSL_TEST_CONFIG@
++XMLSEC_OPENSSL_VERSION=@OPENSSL_VERSION@
++
+ if XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING
+ PRECHECK_COMMANDS = \
+ export XMLSEC_OPENSSL_TEST_CONFIG="$(XMLSEC_OPENSSL_TEST_CONFIG)" && \
++ export XMLSEC_OPENSSL_VERSION="$(XMLSEC_OPENSSL_VERSION)" && \
+ cd $(ABS_SRCDIR) \
+ $(NULL)
+ else
+ PRECHECK_COMMANDS= \
+ export XMLSEC_OPENSSL_TEST_CONFIG="$(XMLSEC_OPENSSL_TEST_CONFIG)" && \
++ export XMLSEC_OPENSSL_VERSION="$(XMLSEC_OPENSSL_VERSION)" && \
+ export LD_LIBRARY_PATH="$(ABS_BUILDDIR)/src/.libs:$$LD_LIBRARY_PATH" && \
+ for i in $(XMLSEC_CHECK_CRYPTO_LIST) ; do \
+ export LTDL_LIBRARY_PATH="$(ABS_BUILDDIR)/src/$$i/.libs:$$LTDL_LIBRARY_PATH" ; \
+@@ -198,4 +202,3 @@ rpm: cleantar tar-release
+ @(unset CDPATH && rpmbuild -ta $(distdir).tar.gz)
+
+ rpm-release: clean cleantar rpm
+-
+diff --git a/configure.ac b/configure.ac
+index 825380eb..e81c13b2 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -812,11 +812,11 @@ if test "z$OPENSSL_FOUND" = "zyes" ; then
+ if test "z$OPENSSL_VERSION" = "z" ; then
+ AC_EGREP_CPP(greater-than-minvers, [
+ #include <openssl/opensslv.h>
+- #if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x20700000L
++ #if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x30500000L
+ greater-than-minvers
+ #endif
+ ],[
+- OPENSSL_VERSION="1.1.0 (LibreSSL >= 2.7)"
++ OPENSSL_VERSION="LibreSSL >= 3.5"
+ ],[
+ OPENSSL_VERSION=""
+ ])
+@@ -832,7 +832,7 @@ if test "z$OPENSSL_FOUND" = "zyes" ; then
+ #endif
+ #endif
+ ],[
+- OPENSSL_VERSION="1.1.0 (BoringSSL)"
++ OPENSSL_VERSION="BoringSSL >= 1.1.0"
+ enable_ripemd160=no
+ enable_dsa=no
+ ],[
+@@ -897,6 +897,7 @@ AC_SUBST(OPENSSL_LIBS)
+ AC_SUBST(OPENSSL_CRYPTO_LIB)
+ AC_SUBST(OPENSSL_TEST_CONFIG)
+ AC_SUBST(OPENSSL_MIN_VERSION)
++AC_SUBST(OPENSSL_VERSION)
+
+ dnl See if we should build OpenSSL 3+ with engines support
+ AC_ARG_ENABLE([openssl3_engines],[AS_HELP_STRING([--enable-openssl3-engines],[enable engines support for OpenSSL 3+ (no)])])
+diff --git a/src/openssl/app.c b/src/openssl/app.c
+index 58b6b6f5..4e62de7b 100644
+--- a/src/openssl/app.c
++++ b/src/openssl/app.c
+@@ -44,11 +44,14 @@
+ #include <openssl/pkcs12.h>
+ #include <openssl/conf.h>
+ #include <openssl/engine.h>
+-#include <openssl/store.h>
+ #include <openssl/x509_vfy.h>
+ #include <openssl/x509.h>
+ #include <openssl/ui.h>
+
++#ifndef XMLSEC_OPENSSL_NO_STORE
++#include <openssl/store.h>
++#endif /* XMLSEC_OPENSSL_NO_STORE */
++
+ #ifdef XMLSEC_OPENSSL_API_300
+ #include <openssl/provider.h>
+ #endif /* XMLSEC_OPENSSL_API_300 */
+@@ -477,8 +480,10 @@ xmlSecOpenSSLAppEngineKeyLoad(const char *engineName, const char *engineKeyId,
+ ) {
+ #if !defined(OPENSSL_NO_ENGINE) && (!defined(XMLSEC_OPENSSL_API_300) || defined(XMLSEC_OPENSSL3_ENGINES))
+ UI_METHOD * ui_method = NULL;
+- pem_password_cb * pwdCb;
+ void * pwdCbCtx;
++#ifndef XMLSEC_OPENSSL_NO_PWD_CALLBACK
++ pem_password_cb * pwdCb;
++#endif /* XMLSEC_OPENSSL_NO_PWD_CALLBACK */
+ ENGINE* engine = NULL;
+ xmlSecKeyPtr key = NULL;
+ xmlSecKeyDataPtr data = NULL;
+@@ -490,6 +495,7 @@ xmlSecOpenSSLAppEngineKeyLoad(const char *engineName, const char *engineKeyId,
+ xmlSecAssert2(engineKeyId != NULL, NULL);
+ xmlSecAssert2(format == xmlSecKeyDataFormatEngine, NULL);
+
++#ifndef XMLSEC_OPENSSL_NO_PWD_CALLBACK
+ /* prep pwd callbacks */
+ if(pwd != NULL) {
+ pwdCb = xmlSecOpenSSLDummyPasswordCallback;
+@@ -503,6 +509,18 @@ xmlSecOpenSSLAppEngineKeyLoad(const char *engineName, const char *engineKeyId,
+ xmlSecOpenSSLError("UI_UTIL_wrap_read_pem_callback", NULL);
+ goto done;
+ }
++#else /* XMLSEC_OPENSSL_NO_PWD_CALLBACK */
++ UNREFERENCED_PARAMETER(pwd);
++ UNREFERENCED_PARAMETER(pwdCallback);
++ UNREFERENCED_PARAMETER(pwdCallbackCtx);
++
++ ui_method = UI_OpenSSL();
++ if(ui_method == NULL) {
++ xmlSecOpenSSLError("UI_OpenSSL", NULL);
++ goto done;
++ }
++ pwdCbCtx = NULL;
++#endif /* XMLSEC_OPENSSL_NO_PWD_CALLBACK */
+
+ /* load and initialize the engine */
+ engine = ENGINE_by_id(engineName);
+@@ -596,9 +614,10 @@ done:
+ }
+ ENGINE_free(engine);
+ }
+- if(ui_method != NULL) {
++ if((ui_method != NULL) && (ui_method != UI_OpenSSL())) {
+ UI_destroy_method(ui_method);
+ }
++ /* result */
+ return(key);
+
+ #else /* !defined(OPENSSL_NO_ENGINE) && (!defined(XMLSEC_OPENSSL_API_300) || defined(XMLSEC_OPENSSL3_ENGINES)) */
+@@ -789,7 +808,7 @@ xmlSecOpenSSLAppFindKeyCert(EVP_PKEY * pKey, STACK_OF(X509) * certs) {
+
+ static xmlSecKeyPtr
+ xmlSecOpenSSLAppStoreKeyLoad(const char *uri, xmlSecKeyDataType type, const char *pwd, void* pwdCallback, void* pwdCallbackCtx) {
+-#ifndef XMLSEC_NO_X509
++#if !defined(XMLSEC_OPENSSL_NO_STORE) && !defined(XMLSEC_NO_X509)
+ UI_METHOD * ui_method = NULL;
+ pem_password_cb * pwdCb;
+ void * pwdCbCtx;
+@@ -964,7 +983,7 @@ done:
+ }
+ return(res);
+
+-#else /* XMLSEC_NO_X509 */
++#else /* !defined(XMLSEC_OPENSSL_NO_STORE) && !defined(XMLSEC_NO_X509) */
+
+ xmlSecAssert2(uri != NULL, NULL);
+ UNREFERENCED_PARAMETER(type);
+@@ -972,9 +991,9 @@ done:
+ UNREFERENCED_PARAMETER(pwdCallback);
+ UNREFERENCED_PARAMETER(pwdCallbackCtx);
+
+- xmlSecNotImplementedError("X509 support is disabled");
++ xmlSecNotImplementedError("X509 or OpenSSL Stores support is disabled");
+ return(NULL);
+-#endif /* XMLSEC_NO_X509 */
++#endif /* !defined(XMLSEC_OPENSSL_NO_STORE) && !defined(XMLSEC_NO_X509) */
+ }
+
+ #ifndef XMLSEC_NO_X509
+diff --git a/src/openssl/openssl_compat.h b/src/openssl/openssl_compat.h
+index 7d705398..958638fb 100644
+--- a/src/openssl/openssl_compat.h
++++ b/src/openssl/openssl_compat.h
+@@ -70,6 +70,9 @@ static inline int xmlSecOpenSSLCompatRand(unsigned char *buf, xmlSecSize size) {
+ *****************************************************************************/
+ #ifdef OPENSSL_IS_BORINGSSL
+
++/* Not implemented by LibreSSL (yet?) */
++#define XMLSEC_OPENSSL_NO_ASN1_TIME_TO_TM 1
++
+ #define ENGINE_cleanup(...) {}
+ #define CONF_modules_unload(...) {}
+ #define RAND_write_file(file) (0)
+@@ -100,20 +103,26 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(uint8_t *out, size_t *out_len, size_t max_
+ *****************************************************************************/
+ #if defined(LIBRESSL_VERSION_NUMBER)
+
+-/* Needed for Engine initialization */
+-#define UI_null() NULL
++/* Not implemented by LibreSSL (yet?) */
++#define XMLSEC_OPENSSL_NO_ASN1_TIME_TO_TM 1
++#define XMLSEC_OPENSSL_NO_STORE 1
++#define XMLSEC_OPENSSL_NO_PWD_CALLBACK 1
++#define XMLSEC_OPENSSL_NO_DEEP_COPY 1
++#define XMLSEC_NO_DH 1
+
+-#endif /* defined(LIBRESSL_VERSION_NUMBER) */
++/* simply return success */
++#define sk_X509_reserve(crts, num) (1)
++#define sk_X509_CRL_reserve(crls, num) (1)
+
+-#if defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x30500000L)
+-/* EVP_CIPHER_CTX stuff */
+-#define EVP_CIPHER_CTX_encrypting(x) ((x)->encrypt)
++#if (LIBRESSL_VERSION_NUMBER < 0x3080000fL)
++#define XMLSEC_NO_SHA3 1
++#endif /* (LIBRESSL_VERSION_NUMBER < 0x3080000fL) */
+
+-/* X509 stuff */
+-#define X509_STORE_CTX_get_by_subject X509_STORE_get_by_subject
+-#define X509_OBJECT_new() (calloc(1, sizeof(X509_OBJECT)))
+-#define X509_OBJECT_free(x) { X509_OBJECT_free_contents(x); free(x); }
+-#endif /* defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x30500000L) */
++#if (LIBRESSL_VERSION_NUMBER < 0x3070200fL)
++#define UI_null() NULL
++#endif /* (LIBRESSL_VERSION_NUMBER < 0x3070200fL) */
++
++#endif /* defined(LIBRESSL_VERSION_NUMBER) */
+
+
+ /******************************************************************************
+diff --git a/src/openssl/x509.c b/src/openssl/x509.c
+index 7173b13a..01c6f467 100644
+--- a/src/openssl/x509.c
++++ b/src/openssl/x509.c
+@@ -552,6 +552,7 @@ xmlSecOpenSSLKeyDataX509Duplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
+
+ /* crts */
+ if(ctxSrc->certsList != NULL) {
++#ifndef XMLSEC_OPENSSL_NO_DEEP_COPY
+ #ifndef XMLSEC_OPENSSL_API_300
+ ctxDst->certsList = sk_X509_deep_copy(ctxSrc->certsList, (sk_X509_copyfunc)X509_dup, X509_free);
+ #else /* XMLSEC_OPENSSL_API_300 */
+@@ -561,10 +562,41 @@ xmlSecOpenSSLKeyDataX509Duplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
+ xmlSecOpenSSLError("sk_X509_deep_copy", xmlSecKeyDataGetName(dst));
+ return(-1);
+ }
++#else /* XMLSEC_OPENSSL_NO_DEEP_COPY */
++ int size, ii;
++ X509* certSrc;
++ X509* certDst;
++ int ret;
++
++ ctxDst->certsList = sk_X509_new_null();
++ if(ctxDst->certsList == NULL) {
++ xmlSecOpenSSLError("sk_X509_new_null", xmlSecKeyDataGetName(dst));
++ return(-1);
++ }
++ size = sk_X509_num(ctxSrc->certsList);
++ for(ii = 0; ii < size; ++ii) {
++ certSrc = sk_X509_value(ctxSrc->certsList, ii);
++ if(certSrc == NULL) {
++ continue;
++ }
++ certDst = X509_dup(certSrc);
++ if(certDst == NULL) {
++ xmlSecOpenSSLError("X509_dup", xmlSecKeyDataGetName(dst));
++ return(-1);
++ }
++ ret = sk_X509_push(ctxDst->certsList, certDst);
++ if(ret <= 0) {
++ xmlSecOpenSSLError("sk_X509_push", NULL);
++ X509_free(certDst);
++ return(-1);
++ }
++ }
++#endif /* XMLSEC_OPENSSL_NO_DEEP_COPY */
+ }
+
+ /* crls */
+ if(ctxSrc->crlsList != NULL) {
++#ifndef XMLSEC_OPENSSL_NO_DEEP_COPY
+ #ifndef XMLSEC_OPENSSL_API_300
+ ctxDst->crlsList = sk_X509_CRL_deep_copy(ctxSrc->crlsList, (sk_X509_CRL_copyfunc)X509_CRL_dup, X509_CRL_free);
+ #else /* XMLSEC_OPENSSL_API_300 */
+@@ -574,6 +606,36 @@ xmlSecOpenSSLKeyDataX509Duplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
+ xmlSecOpenSSLError("sk_X509_CRL_deep_copy", xmlSecKeyDataGetName(dst));
+ return(-1);
+ }
++#else /* XMLSEC_OPENSSL_NO_DEEP_COPY */
++ int size, ii;
++ X509_CRL* crlSrc;
++ X509_CRL* crlDst;
++ int ret;
++
++ ctxDst->crlsList = sk_X509_CRL_new_null();
++ if(ctxDst->crlsList == NULL) {
++ xmlSecOpenSSLError("sk_X509_CRL_new_null", xmlSecKeyDataGetName(dst));
++ return(-1);
++ }
++ size = sk_X509_CRL_num(ctxSrc->crlsList);
++ for(ii = 0; ii < size; ++ii) {
++ crlSrc = sk_X509_CRL_value(ctxSrc->crlsList, ii);
++ if(crlSrc == NULL) {
++ continue;
++ }
++ crlDst = X509_CRL_dup(crlSrc);
++ if(crlDst == NULL) {
++ xmlSecOpenSSLError("X509_CRL_dup", xmlSecKeyDataGetName(dst));
++ return(-1);
++ }
++ ret = sk_X509_CRL_push(ctxDst->crlsList, crlDst);
++ if(ret <= 0) {
++ xmlSecOpenSSLError("sk_X509_CRL_push", NULL);
++ X509_CRL_free(crlDst);
++ return(-1);
++ }
++ }
++#endif /* XMLSEC_OPENSSL_NO_DEEP_COPY */
+ }
+
+ /* keyCert: should be in the same position in certsList after copy */
+@@ -1393,7 +1455,7 @@ my_timegm(struct tm *t) {
+
+ #endif /* HAVE_TIMEGM */
+
+-#if !defined(OPENSSL_IS_BORINGSSL)
++#ifndef XMLSEC_OPENSSL_NO_ASN1_TIME_TO_TM
+
+ time_t
+ xmlSecOpenSSLX509Asn1TimeToTime(const ASN1_TIME * t) {
+@@ -1417,10 +1479,10 @@ xmlSecOpenSSLX509Asn1TimeToTime(const ASN1_TIME * t) {
+ return(timegm(&tm));
+ }
+
+-#else /* !defined(OPENSSL_IS_BORINGSSL) */
++#else /* XMLSEC_OPENSSL_NO_ASN1_TIME_TO_TM */
+
+ time_t
+-xmlSecOpenSSLX509Asn1TimeToTime(ASN1_TIME * t) {
++xmlSecOpenSSLX509Asn1TimeToTime(const ASN1_TIME * t) {
+ struct tm tm;
+ int offset;
+
+@@ -1482,7 +1544,7 @@ xmlSecOpenSSLX509Asn1TimeToTime(ASN1_TIME * t) {
+ #undef g2
+ return(timegm(&tm) - offset * 60);
+ }
+-#endif /* !defined(OPENSSL_IS_BORINGSSL) */
++#endif /* XMLSEC_OPENSSL_NO_ASN1_TIME_TO_TM */
+
+ /* returns 1 if cert was found and verified and also data was adopted, 0 if not, or negative value if an error occurs */
+ static int
+diff --git a/tests/aleksey-xmldsig-01/enveloping-ripemd160-rsa-ripemd160.xml b/tests/aleksey-xmldsig-01/enveloping-ripemd160-rsa-ripemd160.xml
+index cd87ded2..4f1ba7cf 100644
+--- a/tests/aleksey-xmldsig-01/enveloping-ripemd160-rsa-ripemd160.xml
++++ b/tests/aleksey-xmldsig-01/enveloping-ripemd160-rsa-ripemd160.xml
+@@ -8,10 +8,40 @@
+ <DigestValue>Ofs8NqfoXX+r0Cas3GRY2GbzhPo=</DigestValue>
+ </Reference>
+ </SignedInfo>
+- <SignatureValue>un5Fwdn5LTFBPQPv1GSst3mviS7I1X8icM7cYRTSIqKMnkXOIzXgcEKVcfO1oodP
+-9ABdLzQB0wdZJW6CCoHKwA==</SignatureValue>
++ <SignatureValue>Kncq42zs0n0gnmMQPYi2VuRMJH5hBFXl8Ea7P4ogmF4lW2OY+K7m145i46SlzZAU
++fxjK44tl4UL09VKn25BqskOkwYor0utRnbrrFP4lKyC3mB8f1KGsxUKN4sbsk21c
++8Lc+UZ/UZyIcA8a5qRCw7kJWWqOZB5Bv48+eCnbaZ8W5rPZ2vxxZvUtSlPTkZs3q
++2ZAsI0WlnPn5a1CgExvqkddULw1xBxEq8dy5gmLuYyvTPpwTYU/wlAxOMuyke69s
++2KBuB9XiRoYgHTKVIqvPOYFXctOJVWrLh7JbRDZTTw7IyaT8mH/cD3yixXLciL2I
++I6E6XtkiWyfPpOLmXxucjw==</SignatureValue>
+ <KeyInfo>
++ <KeyName>mykey</KeyName>
+ <X509Data>
++<X509Certificate>MIIEbzCCBBmgAwIBAgIJAK+ii7kzrdq5MA0GCSqGSIb3DQEBBQUAMIGcMQswCQYD
++VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
++aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEWMBQG
++A1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtz
++ZXkuY29tMCAXDTIyMTIxMjIwMTQ0OFoYDzIxMjIxMTE4MjAxNDQ4WjCBxzELMAkG
++A1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1
++cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxKTAn
++BgNVBAsTIFRlc3QgVGhpcmQgTGV2ZWwgUlNBIENlcnRpZmljYXRlMRYwFAYDVQQD
++Ew1BbGVrc2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5j
++b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbu5Mc7aNSahgJAWeP
++9BoQLQoqGne9rR+PcxsEIie7J4RoVhyK7iwh18HT1TTMdCm4fP6OkgUrosHMELB4
++NImb6GzHq0vJ9SOCT8B4UntNRJ0qJrWw0Gel99CtrhAQxESTggpqB9mtA1Po5AIH
++R+hQ8v2NxqEZkQS3DkjI1LjH4jX3iSyU7q7qM80m/7iCj8rQWJJIvdk53B89jj06
++s+85ZtywghS7EqjesRiW/YQoN39rg4Xh24fiVWdH7YsAL8GuiE9oimWnEWYDyyYV
++NoxAoEVe5OyV1D9RYjzp/qPypIBsQJ8EN0xBN8dn9jFxlPDGRfUxRm3MscTm0ziY
++XGNnAgMBAAGjggFFMIIBQTAMBgNVHRMEBTADAQH/MCwGCWCGSAGG+EIBDQQfFh1P
++cGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUmYhmm8qirSHN
++YCIr/2whHEivOwowgeMGA1UdIwSB2zCB2IAU/uTsUyTwlZXHELXhRLVdOWVa436h
++gbSkgbEwga4xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMT0wOwYD
++VQQKEzRYTUwgU2VjdXJpdHkgTGlicmFyeSAoaHR0cDovL3d3dy5hbGVrc2V5LmNv
++bS94bWxzZWMpMRAwDgYDVQQLEwdSb290IENBMRYwFAYDVQQDEw1BbGVrc2V5IFNh
++bmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb22CCQCvoou5M63a
++rTANBgkqhkiG9w0BAQUFAANBADSQ02d8qKGQdQj9D6/ZqA524hpGmyusPTI9BvCh
++8R1QO1w3ong7/my1/heps+dH6zw42uOnF6UK7TQIAtNafHM=
++</X509Certificate>
+ <X509Certificate>MIID9zCCA2CgAwIBAgIJAK+ii7kzrdqsMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYD
+ VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+ aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEQMA4G
+@@ -33,7 +63,8 @@ BgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbYIJAK+ii7kzrdqsMAwGA1Ud
+ EwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEARpb86RP/ck55X+NunXeIX81i763b
+ j7Z1VJwFbA/QfupzxnqJ2IP/lxC8YxJ3Bp2IJMI7rC9r0poa41ZxI5rGHip97Dpg
+ sxPF9lkRUmKBBQjkICOq1w/4d2DRInBoqXttD+0WsqDfNDVK+7kSE07ytn3RzHCj
+-j0gv0PdxmuCsR/E=</X509Certificate>
++j0gv0PdxmuCsR/E=
++</X509Certificate>
+ <X509Certificate>MIIDzzCCAzigAwIBAgIJAK+ii7kzrdqtMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYD
+ VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+ aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEQMA4G
+@@ -54,27 +85,8 @@ VQQDEw1BbGVrc2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3Nl
+ eS5jb22CCQCvoou5M63arDANBgkqhkiG9w0BAQUFAAOBgQBuTAW63AgWqqUDPGi8
+ BiXbdKHhFP4J8qgkdv5WMa6SpSWVgNgOYXkK/BSg1aSmQtGv8/8UvBRPoJnO4y0N
+ jWUFf1ubOgUNmedYNLq7YbTp8yTGWeogCyM2xdWELMP8BMgQL0sP+MDAFMKO3itY
+-mEWnCEsP15HKSTms54RNj7oJ+A==</X509Certificate>
+-<X509Certificate>MIIDpzCCA1GgAwIBAgIJAK+ii7kzrdqvMA0GCSqGSIb3DQEBBQUAMIGcMQswCQYD
+-VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+-aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEWMBQG
+-A1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtz
+-ZXkuY29tMCAXDTE0MDUyMzE3NTUzNFoYDzIxMTQwNDI5MTc1NTM0WjCBxzELMAkG
+-A1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1
+-cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxKTAn
+-BgNVBAsTIFRlc3QgVGhpcmQgTGV2ZWwgUlNBIENlcnRpZmljYXRlMRYwFAYDVQQD
+-Ew1BbGVrc2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5j
+-b20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEA09BtD3aeVt6DVDkk0dI7Vh7Ljqdn
+-sYmW0tbDVxxK+nume+Z9Sb4znbUKkWl+vgQATdRUEyhT2P+Gqrd0UBzYfQIDAQAB
+-o4IBRTCCAUEwDAYDVR0TBAUwAwEB/zAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBH
+-ZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFNf0xkZ3zjcEI60pVPuwDqTM
+-QygZMIHjBgNVHSMEgdswgdiAFP7k7FMk8JWVxxC14US1XTllWuN+oYG0pIGxMIGu
+-MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1M
+-IFNlY3VyaXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2Vj
+-KTEQMA4GA1UECxMHUm9vdCBDQTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8G
+-CSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tggkAr6KLuTOt2q0wDQYJKoZI
+-hvcNAQEFBQADQQAOXBj0yICp1RmHXqnUlsppryLCW3pKBD1dkb4HWarO7RjA1yJJ
+-fBjXssrERn05kpBcrRfzou4r3DCgQFPhjxga</X509Certificate>
++mEWnCEsP15HKSTms54RNj7oJ+A==
++</X509Certificate>
+ </X509Data>
+ </KeyInfo>
+ <Object Id="object">some text</Object>
+diff --git a/tests/testrun.sh b/tests/testrun.sh
+index 0a5cbda0..6532e27e 100755
+--- a/tests/testrun.sh
++++ b/tests/testrun.sh
+@@ -87,6 +87,19 @@ else
+ fi
+ xmlsec_params="$xmlsec_params --crypto-config $crypto_config"
+
++# What flavour of OpenSSL do we have?
++case $XMLSEC_OPENSSL_VERSION in
++*LibreSSL*)
++ xmlsec_openssl_flavor="libressl"
++ ;;
++*BoringSSL*)
++ xmlsec_openssl_flavor="boringssl"
++ ;;
++*)
++ xmlsec_openssl_flavor="openssl"
++ ;;
++esac
++
+ #
+ # Setup extra vars
+ #
+@@ -333,7 +346,7 @@ execKeysTest() {
+ fi
+
+ # only openssl supports --privkey-openssl-store
+- if [ "z$crypto" = "zopenssl" ] ; then
++ if [ "z$crypto" = "zopenssl" -a "z$xmlsec_openssl_flavor" != "zlibressl" ] ; then
+ printf " Reading private key from pkcs12 file using ossl-store "
+ rm -f $tmpfile
+ params="--lax-key-search --privkey-openssl-store $privkey_file.p12 $pkcs12_key_extra_options $key_test_options --output $tmpfile $asym_key_test.tmpl"
+@@ -402,7 +415,7 @@ execKeysTest() {
+ # test reading public keys
+ if [ -n "$pubkey_file" -a -n "$asym_key_test" ]; then
+ # only openssl supports --pubkey-openssl-store
+- if [ "z$crypto" = "zopenssl" ] ; then
++ if [ "z$crypto" = "zopenssl" -a "z$xmlsec_openssl_flavor" != "zlibressl" ] ; then
+ printf " Reading public key from pem file using ossl-store "
+ rm -f $tmpfile
+ params="--lax-key-search --pubkey-openssl-store $pubkey_file.pem $key_test_options $asym_key_test.xml"
+--
+2.39.3
+
diff --git a/dev-libs/xmlsec/files/xmlsec-1.3.0-optimisation.patch b/dev-libs/xmlsec/files/xmlsec-1.3.0-optimisation.patch
new file mode 100644
index 0000000..2cd0401
--- /dev/null
+++ b/dev-libs/xmlsec/files/xmlsec-1.3.0-optimisation.patch
@@ -0,0 +1,11 @@
+--- a/configure.ac
++++ b/configure.ac
+@@ -2482,7 +2482,7 @@ AC_ARG_ENABLE([pedantic], [AS_HELP_STRING([--enable-pedantic],[enable pedantic c
+ if test "z$enable_pedantic" = "zno" ; then
+ AC_MSG_RESULT([disabled])
+ else
+- CFLAGS="$CFLAGS -O -std=c99 -pedantic -pedantic-errors -W -Wall -Wextra"
++ CFLAGS="$CFLAGS -std=c99 -pedantic -W -Wall -Wextra"
+ CFLAGS="$CFLAGS -fno-inline -Wnull-dereference -Wdouble-promotion"
+ CFLAGS="$CFLAGS -Wformat=2 -Wformat-security -Wformat-nonliteral"
+ CFLAGS="$CFLAGS -Wconversion -Wunused -Wshadow -Wpointer-arith -Wcast-align"
diff --git a/dev-libs/xmlsec/files/xmlsec-1.3.0-strict-prototypes.patch b/dev-libs/xmlsec/files/xmlsec-1.3.0-strict-prototypes.patch
new file mode 100644
index 0000000..be8377e
--- /dev/null
+++ b/dev-libs/xmlsec/files/xmlsec-1.3.0-strict-prototypes.patch
@@ -0,0 +1,21 @@
+https://github.com/lsh123/xmlsec/issues/627
+https://github.com/lsh123/xmlsec/commit/a2c8cad6215d89ce4454adcde5e84ffb12901a7a
+
+From a2c8cad6215d89ce4454adcde5e84ffb12901a7a Mon Sep 17 00:00:00 2001
+From: lsh123 <aleksey@aleksey.com>
+Date: Thu, 13 Apr 2023 10:30:13 -0400
+Subject: [PATCH] Fix prototype (#629)
+
+Issue #627
+--- a/src/nss/crypto.c
++++ b/src/nss/crypto.c
+@@ -412,7 +412,7 @@ xmlSecNssKeysMngrInit(xmlSecKeysMngrPtr mngr) {
+ * Returns: internal key slot and initializes it if needed.
+ */
+ PK11SlotInfo *
+-xmlSecNssGetInternalKeySlot()
++xmlSecNssGetInternalKeySlot(void)
+ {
+ PK11SlotInfo *slot = NULL;
+ SECStatus rv;
+
diff --git a/dev-libs/xmlsec/xmlsec-1.3.0-r1.ebuild b/dev-libs/xmlsec/xmlsec-1.3.0-r1.ebuild
new file mode 100644
index 0000000..cc3b777
--- /dev/null
+++ b/dev-libs/xmlsec/xmlsec-1.3.0-r1.ebuild
@@ -0,0 +1,96 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit autotools
+
+DESCRIPTION="Command line tool for signing, verifying, encrypting and decrypting XML"
+HOMEPAGE="https://www.aleksey.com/xmlsec"
+SRC_URI="https://www.aleksey.com/xmlsec/download/${PN}1-${PV}.tar.gz"
+S="${WORKDIR}/${PN}1-${PV}"
+
+LICENSE="MIT"
+# Upstream consider major version bumps to be changes in either X or Y in X.Y.Z
+SLOT="0/$(ver_cut 1-2)"
+KEYWORDS="amd64 arm arm64 ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86"
+IUSE="doc gcrypt gnutls http nss +openssl static-libs test"
+RESTRICT="!test? ( test )"
+REQUIRED_USE="
+ || ( gnutls nss openssl )
+"
+
+RDEPEND="
+ >=dev-libs/libxml2-2.7.4
+ >=dev-libs/libxslt-1.0.20
+ dev-libs/libltdl
+ gcrypt? ( >=dev-libs/libgcrypt-1.4.0:= )
+ gnutls? ( >=net-libs/gnutls-3.6.13:= )
+ nss? (
+ >=dev-libs/nspr-4.4.1
+ >=dev-libs/nss-3.9
+ )
+ openssl? ( dev-libs/openssl:= )
+"
+DEPEND="${RDEPEND}"
+BDEPEND="
+ virtual/pkgconfig
+ test? (
+ nss? (
+ >=dev-libs/nss-3.9[utils]
+ )
+ )
+"
+
+PATCHES=(
+ "${FILESDIR}"/${P}-strict-prototypes.patch
+ "${FILESDIR}"/${P}-clang.patch
+ "${FILESDIR}"/${P}-optimisation.patch
+ "${FILESDIR}"/${P}-libressl.patch #903001
+)
+
+src_prepare() {
+ default
+
+ eautoreconf
+}
+
+src_configure() {
+ local myeconfargs=(
+ $(use_enable doc docs)
+ $(use_enable static-libs static)
+ $(use_with gcrypt)
+ $(use_with gnutls)
+ $(use_with nss nspr)
+ $(use_with nss)
+ $(use_with openssl)
+
+ --disable-werror
+ --enable-mans
+ --enable-pkgconfig
+
+ --enable-concatkdf
+ --enable-pbkdf2
+ --enable-ec
+ --enable-dh
+ --enable-sha3
+
+ --enable-files
+ $(use_enable http)
+ --disable-ftp
+ )
+
+ # Bash because of bug #721128
+ CONFIG_SHELL="${BROOT}"/bin/bash econf "${myeconfargs[@]}"
+}
+
+src_test() {
+ # See https://github.com/lsh123/xmlsec/issues/280 for TZ=UTC
+ TZ=UTC SHELL="${BROOT}"/bin/bash emake TMPFOLDER="${T}" check
+}
+
+src_install() {
+ default
+
+ find "${ED}" -name '*.la' -delete || die
+}
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [gentoo-commits] repo/proj/libressl:master commit in: dev-libs/xmlsec/, dev-libs/xmlsec/files/
@ 2023-09-17 16:22 orbea
0 siblings, 0 replies; 3+ messages in thread
From: orbea @ 2023-09-17 16:22 UTC (permalink / raw
To: gentoo-commits
commit: a1b07f71b1e2ce543163b1fbaaf87c1f4228109f
Author: orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Sun Sep 17 16:11:05 2023 +0000
Commit: orbea <orbea <AT> riseup <DOT> net>
CommitDate: Sun Sep 17 16:12:29 2023 +0000
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=a1b07f71
dev-libs/xmlsec: drop 1.3.0-r1
Signed-off-by: orbea <orbea <AT> riseup.net>
dev-libs/xmlsec/Manifest | 1 -
dev-libs/xmlsec/files/xmlsec-1.3.0-clang.patch | 19 -
dev-libs/xmlsec/files/xmlsec-1.3.0-libressl.patch | 481 ---------------------
.../files/xmlsec-1.3.0-strict-prototypes.patch | 21 -
dev-libs/xmlsec/xmlsec-1.3.0-r1.ebuild | 96 ----
5 files changed, 618 deletions(-)
diff --git a/dev-libs/xmlsec/Manifest b/dev-libs/xmlsec/Manifest
index 1378fdc..70f3200 100644
--- a/dev-libs/xmlsec/Manifest
+++ b/dev-libs/xmlsec/Manifest
@@ -1,2 +1 @@
DIST xmlsec1-1.2.37.tar.gz 2009175 BLAKE2B 19f43ba6bf6eb49428b9c5563baecbab21476f326cceee13785ae16769afa258f100732831c0f3f7d160543bd075cdcfdc5cbf11b7406637ee6c2f0e27c07f30 SHA512 99220cb28a346ffac0023f9f177d6a7be3ddcea04bea434b7dc926c1f0aaa5564d75f74f92896ac100179c04d77e001f688ddf46fed4e0a0b4f20b7b87c24900
-DIST xmlsec1-1.3.0.tar.gz 2425729 BLAKE2B a83d0117aaf1824a8a8f597f73ab1b76bcd1a9f0bb5d160df6c775f70cd2485f8e09c250f4ddbb4d42ba35549f9617d06f5470a91306757b4d5d54fdc0684f3c SHA512 ac1b1b88336959f54ef7fcfd6b9ff0feb2ba00a966a8e5b4efb97e802a1f9bb7adf5f4524c7f169344a1b7258377b5a7e879a0ab5ce25cfae3b05eac9b54729d
diff --git a/dev-libs/xmlsec/files/xmlsec-1.3.0-clang.patch b/dev-libs/xmlsec/files/xmlsec-1.3.0-clang.patch
deleted file mode 100644
index a8e8a9b..0000000
--- a/dev-libs/xmlsec/files/xmlsec-1.3.0-clang.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-https://bugs.gentoo.org/904418
-https://github.com/lsh123/xmlsec/commit/0682c1d4be1e1d5d0f3cf5c4d2301dc3da09d677
-
-From 0682c1d4be1e1d5d0f3cf5c4d2301dc3da09d677 Mon Sep 17 00:00:00 2001
-From: lsh123 <aleksey@aleksey.com>
-Date: Thu, 13 Apr 2023 09:49:25 -0400
-Subject: [PATCH] Add newline (#628)
-
-Issue #626
---- a/src/openssl/symkeys.c
-+++ b/src/openssl/symkeys.c
-@@ -618,4 +618,4 @@ xmlSecOpenSSLKeyDataPbkdf2Set(xmlSecKeyDataPtr data, const xmlSecByte* buf, xmlS
-
- return(xmlSecBufferSetData(buffer, buf, bufSize));
- }
--#endif /* XMLSEC_NO_PBKDF2 */
-\ No newline at end of file
-+#endif /* XMLSEC_NO_PBKDF2 */
-
diff --git a/dev-libs/xmlsec/files/xmlsec-1.3.0-libressl.patch b/dev-libs/xmlsec/files/xmlsec-1.3.0-libressl.patch
deleted file mode 100644
index 7974e27..0000000
--- a/dev-libs/xmlsec/files/xmlsec-1.3.0-libressl.patch
+++ /dev/null
@@ -1,481 +0,0 @@
-https://github.com/lsh123/xmlsec/pull/654
-https://github.com/lsh123/xmlsec/commit/dfdf981f3522e4059170b504fb6fd40b37c9d70f
-
-From dfdf981f3522e4059170b504fb6fd40b37c9d70f Mon Sep 17 00:00:00 2001
-From: orbea <orbea@riseup.net>
-Date: Tue, 30 May 2023 07:36:12 -0700
-Subject: [PATCH] openssl_compat.h: Update LibreSSL UI_null() compat (#654)
-
-LibreSSL added UI_null() in 3.7.1.
-
-https://github.com/lsh123/xmlsec/issues/665
-https://github.com/lsh123/xmlsec/pull/666
-https://github.com/lsh123/xmlsec/commit/1ee1754c5ab8f0071adbde92d3a007729df7c5a7
-
-From 1ee1754c5ab8f0071adbde92d3a007729df7c5a7 Mon Sep 17 00:00:00 2001
-From: lsh123 <aleksey@aleksey.com>
-Date: Sat, 3 Jun 2023 13:30:01 -0400
-Subject: [PATCH] Fix Libressl support and bump min version to 3.6 (issue #665)
- (#666)
-
-https://github.com/lsh123/xmlsec/pull/667
-https://github.com/lsh123/xmlsec/commit/c9b0dcd01af1ecaed828269b734861cb93edeae3
-
-From c9b0dcd01af1ecaed828269b734861cb93edeae3 Mon Sep 17 00:00:00 2001
-From: lsh123 <aleksey@aleksey.com>
-Date: Sat, 3 Jun 2023 15:37:50 -0400
-Subject: [PATCH] Downgrade to LibreSSL 3.5 (#667)
-
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -71,14 +71,18 @@ EXTRA_CLEAN = \
- ABS_SRCDIR=@abs_srcdir@
- ABS_BUILDDIR=@abs_builddir@
- XMLSEC_OPENSSL_TEST_CONFIG=@OPENSSL_TEST_CONFIG@
-+XMLSEC_OPENSSL_VERSION=@OPENSSL_VERSION@
-+
- if XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING
- PRECHECK_COMMANDS = \
- export XMLSEC_OPENSSL_TEST_CONFIG="$(XMLSEC_OPENSSL_TEST_CONFIG)" && \
-+ export XMLSEC_OPENSSL_VERSION="$(XMLSEC_OPENSSL_VERSION)" && \
- cd $(ABS_SRCDIR) \
- $(NULL)
- else
- PRECHECK_COMMANDS= \
- export XMLSEC_OPENSSL_TEST_CONFIG="$(XMLSEC_OPENSSL_TEST_CONFIG)" && \
-+ export XMLSEC_OPENSSL_VERSION="$(XMLSEC_OPENSSL_VERSION)" && \
- export LD_LIBRARY_PATH="$(ABS_BUILDDIR)/src/.libs:$$LD_LIBRARY_PATH" && \
- for i in $(XMLSEC_CHECK_CRYPTO_LIST) ; do \
- export LTDL_LIBRARY_PATH="$(ABS_BUILDDIR)/src/$$i/.libs:$$LTDL_LIBRARY_PATH" ; \
-@@ -198,4 +202,3 @@ rpm: cleantar tar-release
- @(unset CDPATH && rpmbuild -ta $(distdir).tar.gz)
-
- rpm-release: clean cleantar rpm
--
---- a/configure.ac
-+++ b/configure.ac
-@@ -812,11 +812,11 @@ if test "z$OPENSSL_FOUND" = "zyes" ; then
- if test "z$OPENSSL_VERSION" = "z" ; then
- AC_EGREP_CPP(greater-than-minvers, [
- #include <openssl/opensslv.h>
-- #if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x20700000L
-+ #if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x30500000L
- greater-than-minvers
- #endif
- ],[
-- OPENSSL_VERSION="1.1.0 (LibreSSL >= 2.7)"
-+ OPENSSL_VERSION="LibreSSL >= 3.5"
- ],[
- OPENSSL_VERSION=""
- ])
-@@ -832,7 +832,7 @@ if test "z$OPENSSL_FOUND" = "zyes" ; then
- #endif
- #endif
- ],[
-- OPENSSL_VERSION="1.1.0 (BoringSSL)"
-+ OPENSSL_VERSION="BoringSSL >= 1.1.0"
- enable_ripemd160=no
- enable_dsa=no
- ],[
-@@ -897,6 +897,7 @@ AC_SUBST(OPENSSL_LIBS)
- AC_SUBST(OPENSSL_CRYPTO_LIB)
- AC_SUBST(OPENSSL_TEST_CONFIG)
- AC_SUBST(OPENSSL_MIN_VERSION)
-+AC_SUBST(OPENSSL_VERSION)
-
- dnl See if we should build OpenSSL 3+ with engines support
- AC_ARG_ENABLE([openssl3_engines],[AS_HELP_STRING([--enable-openssl3-engines],[enable engines support for OpenSSL 3+ (no)])])
---- a/src/openssl/app.c
-+++ b/src/openssl/app.c
-@@ -44,11 +44,14 @@
- #include <openssl/pkcs12.h>
- #include <openssl/conf.h>
- #include <openssl/engine.h>
--#include <openssl/store.h>
- #include <openssl/x509_vfy.h>
- #include <openssl/x509.h>
- #include <openssl/ui.h>
-
-+#ifndef XMLSEC_OPENSSL_NO_STORE
-+#include <openssl/store.h>
-+#endif /* XMLSEC_OPENSSL_NO_STORE */
-+
- #ifdef XMLSEC_OPENSSL_API_300
- #include <openssl/provider.h>
- #endif /* XMLSEC_OPENSSL_API_300 */
-@@ -477,8 +480,10 @@ xmlSecOpenSSLAppEngineKeyLoad(const char *engineName, const char *engineKeyId,
- ) {
- #if !defined(OPENSSL_NO_ENGINE) && (!defined(XMLSEC_OPENSSL_API_300) || defined(XMLSEC_OPENSSL3_ENGINES))
- UI_METHOD * ui_method = NULL;
-- pem_password_cb * pwdCb;
- void * pwdCbCtx;
-+#ifndef XMLSEC_OPENSSL_NO_PWD_CALLBACK
-+ pem_password_cb * pwdCb;
-+#endif /* XMLSEC_OPENSSL_NO_PWD_CALLBACK */
- ENGINE* engine = NULL;
- xmlSecKeyPtr key = NULL;
- xmlSecKeyDataPtr data = NULL;
-@@ -490,6 +495,7 @@ xmlSecOpenSSLAppEngineKeyLoad(const char *engineName, const char *engineKeyId,
- xmlSecAssert2(engineKeyId != NULL, NULL);
- xmlSecAssert2(format == xmlSecKeyDataFormatEngine, NULL);
-
-+#ifndef XMLSEC_OPENSSL_NO_PWD_CALLBACK
- /* prep pwd callbacks */
- if(pwd != NULL) {
- pwdCb = xmlSecOpenSSLDummyPasswordCallback;
-@@ -503,6 +509,18 @@ xmlSecOpenSSLAppEngineKeyLoad(const char *engineName, const char *engineKeyId,
- xmlSecOpenSSLError("UI_UTIL_wrap_read_pem_callback", NULL);
- goto done;
- }
-+#else /* XMLSEC_OPENSSL_NO_PWD_CALLBACK */
-+ UNREFERENCED_PARAMETER(pwd);
-+ UNREFERENCED_PARAMETER(pwdCallback);
-+ UNREFERENCED_PARAMETER(pwdCallbackCtx);
-+
-+ ui_method = UI_OpenSSL();
-+ if(ui_method == NULL) {
-+ xmlSecOpenSSLError("UI_OpenSSL", NULL);
-+ goto done;
-+ }
-+ pwdCbCtx = NULL;
-+#endif /* XMLSEC_OPENSSL_NO_PWD_CALLBACK */
-
- /* load and initialize the engine */
- engine = ENGINE_by_id(engineName);
-@@ -596,9 +614,10 @@ done:
- }
- ENGINE_free(engine);
- }
-- if(ui_method != NULL) {
-+ if((ui_method != NULL) && (ui_method != UI_OpenSSL())) {
- UI_destroy_method(ui_method);
- }
-+ /* result */
- return(key);
-
- #else /* !defined(OPENSSL_NO_ENGINE) && (!defined(XMLSEC_OPENSSL_API_300) || defined(XMLSEC_OPENSSL3_ENGINES)) */
-@@ -789,7 +808,7 @@ xmlSecOpenSSLAppFindKeyCert(EVP_PKEY * pKey, STACK_OF(X509) * certs) {
-
- static xmlSecKeyPtr
- xmlSecOpenSSLAppStoreKeyLoad(const char *uri, xmlSecKeyDataType type, const char *pwd, void* pwdCallback, void* pwdCallbackCtx) {
--#ifndef XMLSEC_NO_X509
-+#if !defined(XMLSEC_OPENSSL_NO_STORE) && !defined(XMLSEC_NO_X509)
- UI_METHOD * ui_method = NULL;
- pem_password_cb * pwdCb;
- void * pwdCbCtx;
-@@ -964,7 +983,7 @@ done:
- }
- return(res);
-
--#else /* XMLSEC_NO_X509 */
-+#else /* !defined(XMLSEC_OPENSSL_NO_STORE) && !defined(XMLSEC_NO_X509) */
-
- xmlSecAssert2(uri != NULL, NULL);
- UNREFERENCED_PARAMETER(type);
-@@ -972,9 +991,9 @@ done:
- UNREFERENCED_PARAMETER(pwdCallback);
- UNREFERENCED_PARAMETER(pwdCallbackCtx);
-
-- xmlSecNotImplementedError("X509 support is disabled");
-+ xmlSecNotImplementedError("X509 or OpenSSL Stores support is disabled");
- return(NULL);
--#endif /* XMLSEC_NO_X509 */
-+#endif /* !defined(XMLSEC_OPENSSL_NO_STORE) && !defined(XMLSEC_NO_X509) */
- }
-
- #ifndef XMLSEC_NO_X509
---- a/src/openssl/openssl_compat.h
-+++ b/src/openssl/openssl_compat.h
-@@ -70,6 +70,9 @@ static inline int xmlSecOpenSSLCompatRand(unsigned char *buf, xmlSecSize size) {
- *****************************************************************************/
- #ifdef OPENSSL_IS_BORINGSSL
-
-+/* Not implemented by LibreSSL (yet?) */
-+#define XMLSEC_OPENSSL_NO_ASN1_TIME_TO_TM 1
-+
- #define ENGINE_cleanup(...) {}
- #define CONF_modules_unload(...) {}
- #define RAND_write_file(file) (0)
-@@ -100,20 +103,26 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(uint8_t *out, size_t *out_len, size_t max_
- *****************************************************************************/
- #if defined(LIBRESSL_VERSION_NUMBER)
-
--/* Needed for Engine initialization */
--#define UI_null() NULL
-+/* Not implemented by LibreSSL (yet?) */
-+#define XMLSEC_OPENSSL_NO_ASN1_TIME_TO_TM 1
-+#define XMLSEC_OPENSSL_NO_STORE 1
-+#define XMLSEC_OPENSSL_NO_PWD_CALLBACK 1
-+#define XMLSEC_OPENSSL_NO_DEEP_COPY 1
-+#define XMLSEC_NO_DH 1
-
--#endif /* defined(LIBRESSL_VERSION_NUMBER) */
-+/* simply return success */
-+#define sk_X509_reserve(crts, num) (1)
-+#define sk_X509_CRL_reserve(crls, num) (1)
-
--#if defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x30500000L)
--/* EVP_CIPHER_CTX stuff */
--#define EVP_CIPHER_CTX_encrypting(x) ((x)->encrypt)
-+#if (LIBRESSL_VERSION_NUMBER < 0x3080000fL)
-+#define XMLSEC_NO_SHA3 1
-+#endif /* (LIBRESSL_VERSION_NUMBER < 0x3080000fL) */
-
--/* X509 stuff */
--#define X509_STORE_CTX_get_by_subject X509_STORE_get_by_subject
--#define X509_OBJECT_new() (calloc(1, sizeof(X509_OBJECT)))
--#define X509_OBJECT_free(x) { X509_OBJECT_free_contents(x); free(x); }
--#endif /* defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x30500000L) */
-+#if (LIBRESSL_VERSION_NUMBER < 0x3070200fL)
-+#define UI_null() NULL
-+#endif /* (LIBRESSL_VERSION_NUMBER < 0x3070200fL) */
-+
-+#endif /* defined(LIBRESSL_VERSION_NUMBER) */
-
-
- /******************************************************************************
---- a/src/openssl/x509.c
-+++ b/src/openssl/x509.c
-@@ -552,6 +552,7 @@ xmlSecOpenSSLKeyDataX509Duplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
-
- /* crts */
- if(ctxSrc->certsList != NULL) {
-+#ifndef XMLSEC_OPENSSL_NO_DEEP_COPY
- #ifndef XMLSEC_OPENSSL_API_300
- ctxDst->certsList = sk_X509_deep_copy(ctxSrc->certsList, (sk_X509_copyfunc)X509_dup, X509_free);
- #else /* XMLSEC_OPENSSL_API_300 */
-@@ -561,10 +562,41 @@ xmlSecOpenSSLKeyDataX509Duplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
- xmlSecOpenSSLError("sk_X509_deep_copy", xmlSecKeyDataGetName(dst));
- return(-1);
- }
-+#else /* XMLSEC_OPENSSL_NO_DEEP_COPY */
-+ int size, ii;
-+ X509* certSrc;
-+ X509* certDst;
-+ int ret;
-+
-+ ctxDst->certsList = sk_X509_new_null();
-+ if(ctxDst->certsList == NULL) {
-+ xmlSecOpenSSLError("sk_X509_new_null", xmlSecKeyDataGetName(dst));
-+ return(-1);
-+ }
-+ size = sk_X509_num(ctxSrc->certsList);
-+ for(ii = 0; ii < size; ++ii) {
-+ certSrc = sk_X509_value(ctxSrc->certsList, ii);
-+ if(certSrc == NULL) {
-+ continue;
-+ }
-+ certDst = X509_dup(certSrc);
-+ if(certDst == NULL) {
-+ xmlSecOpenSSLError("X509_dup", xmlSecKeyDataGetName(dst));
-+ return(-1);
-+ }
-+ ret = sk_X509_push(ctxDst->certsList, certDst);
-+ if(ret <= 0) {
-+ xmlSecOpenSSLError("sk_X509_push", NULL);
-+ X509_free(certDst);
-+ return(-1);
-+ }
-+ }
-+#endif /* XMLSEC_OPENSSL_NO_DEEP_COPY */
- }
-
- /* crls */
- if(ctxSrc->crlsList != NULL) {
-+#ifndef XMLSEC_OPENSSL_NO_DEEP_COPY
- #ifndef XMLSEC_OPENSSL_API_300
- ctxDst->crlsList = sk_X509_CRL_deep_copy(ctxSrc->crlsList, (sk_X509_CRL_copyfunc)X509_CRL_dup, X509_CRL_free);
- #else /* XMLSEC_OPENSSL_API_300 */
-@@ -574,6 +606,36 @@ xmlSecOpenSSLKeyDataX509Duplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
- xmlSecOpenSSLError("sk_X509_CRL_deep_copy", xmlSecKeyDataGetName(dst));
- return(-1);
- }
-+#else /* XMLSEC_OPENSSL_NO_DEEP_COPY */
-+ int size, ii;
-+ X509_CRL* crlSrc;
-+ X509_CRL* crlDst;
-+ int ret;
-+
-+ ctxDst->crlsList = sk_X509_CRL_new_null();
-+ if(ctxDst->crlsList == NULL) {
-+ xmlSecOpenSSLError("sk_X509_CRL_new_null", xmlSecKeyDataGetName(dst));
-+ return(-1);
-+ }
-+ size = sk_X509_CRL_num(ctxSrc->crlsList);
-+ for(ii = 0; ii < size; ++ii) {
-+ crlSrc = sk_X509_CRL_value(ctxSrc->crlsList, ii);
-+ if(crlSrc == NULL) {
-+ continue;
-+ }
-+ crlDst = X509_CRL_dup(crlSrc);
-+ if(crlDst == NULL) {
-+ xmlSecOpenSSLError("X509_CRL_dup", xmlSecKeyDataGetName(dst));
-+ return(-1);
-+ }
-+ ret = sk_X509_CRL_push(ctxDst->crlsList, crlDst);
-+ if(ret <= 0) {
-+ xmlSecOpenSSLError("sk_X509_CRL_push", NULL);
-+ X509_CRL_free(crlDst);
-+ return(-1);
-+ }
-+ }
-+#endif /* XMLSEC_OPENSSL_NO_DEEP_COPY */
- }
-
- /* keyCert: should be in the same position in certsList after copy */
-@@ -1393,7 +1455,7 @@ my_timegm(struct tm *t) {
-
- #endif /* HAVE_TIMEGM */
-
--#if !defined(OPENSSL_IS_BORINGSSL)
-+#ifndef XMLSEC_OPENSSL_NO_ASN1_TIME_TO_TM
-
- time_t
- xmlSecOpenSSLX509Asn1TimeToTime(const ASN1_TIME * t) {
-@@ -1417,10 +1479,10 @@ xmlSecOpenSSLX509Asn1TimeToTime(const ASN1_TIME * t) {
- return(timegm(&tm));
- }
-
--#else /* !defined(OPENSSL_IS_BORINGSSL) */
-+#else /* XMLSEC_OPENSSL_NO_ASN1_TIME_TO_TM */
-
- time_t
--xmlSecOpenSSLX509Asn1TimeToTime(ASN1_TIME * t) {
-+xmlSecOpenSSLX509Asn1TimeToTime(const ASN1_TIME * t) {
- struct tm tm;
- int offset;
-
-@@ -1482,7 +1544,7 @@ xmlSecOpenSSLX509Asn1TimeToTime(ASN1_TIME * t) {
- #undef g2
- return(timegm(&tm) - offset * 60);
- }
--#endif /* !defined(OPENSSL_IS_BORINGSSL) */
-+#endif /* XMLSEC_OPENSSL_NO_ASN1_TIME_TO_TM */
-
- /* returns 1 if cert was found and verified and also data was adopted, 0 if not, or negative value if an error occurs */
- static int
---- a/tests/aleksey-xmldsig-01/enveloping-ripemd160-rsa-ripemd160.xml
-+++ b/tests/aleksey-xmldsig-01/enveloping-ripemd160-rsa-ripemd160.xml
-@@ -8,10 +8,40 @@
- <DigestValue>Ofs8NqfoXX+r0Cas3GRY2GbzhPo=</DigestValue>
- </Reference>
- </SignedInfo>
-- <SignatureValue>un5Fwdn5LTFBPQPv1GSst3mviS7I1X8icM7cYRTSIqKMnkXOIzXgcEKVcfO1oodP
--9ABdLzQB0wdZJW6CCoHKwA==</SignatureValue>
-+ <SignatureValue>Kncq42zs0n0gnmMQPYi2VuRMJH5hBFXl8Ea7P4ogmF4lW2OY+K7m145i46SlzZAU
-+fxjK44tl4UL09VKn25BqskOkwYor0utRnbrrFP4lKyC3mB8f1KGsxUKN4sbsk21c
-+8Lc+UZ/UZyIcA8a5qRCw7kJWWqOZB5Bv48+eCnbaZ8W5rPZ2vxxZvUtSlPTkZs3q
-+2ZAsI0WlnPn5a1CgExvqkddULw1xBxEq8dy5gmLuYyvTPpwTYU/wlAxOMuyke69s
-+2KBuB9XiRoYgHTKVIqvPOYFXctOJVWrLh7JbRDZTTw7IyaT8mH/cD3yixXLciL2I
-+I6E6XtkiWyfPpOLmXxucjw==</SignatureValue>
- <KeyInfo>
-+ <KeyName>mykey</KeyName>
- <X509Data>
-+<X509Certificate>MIIEbzCCBBmgAwIBAgIJAK+ii7kzrdq5MA0GCSqGSIb3DQEBBQUAMIGcMQswCQYD
-+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
-+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEWMBQG
-+A1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtz
-+ZXkuY29tMCAXDTIyMTIxMjIwMTQ0OFoYDzIxMjIxMTE4MjAxNDQ4WjCBxzELMAkG
-+A1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1
-+cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxKTAn
-+BgNVBAsTIFRlc3QgVGhpcmQgTGV2ZWwgUlNBIENlcnRpZmljYXRlMRYwFAYDVQQD
-+Ew1BbGVrc2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5j
-+b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbu5Mc7aNSahgJAWeP
-+9BoQLQoqGne9rR+PcxsEIie7J4RoVhyK7iwh18HT1TTMdCm4fP6OkgUrosHMELB4
-+NImb6GzHq0vJ9SOCT8B4UntNRJ0qJrWw0Gel99CtrhAQxESTggpqB9mtA1Po5AIH
-+R+hQ8v2NxqEZkQS3DkjI1LjH4jX3iSyU7q7qM80m/7iCj8rQWJJIvdk53B89jj06
-+s+85ZtywghS7EqjesRiW/YQoN39rg4Xh24fiVWdH7YsAL8GuiE9oimWnEWYDyyYV
-+NoxAoEVe5OyV1D9RYjzp/qPypIBsQJ8EN0xBN8dn9jFxlPDGRfUxRm3MscTm0ziY
-+XGNnAgMBAAGjggFFMIIBQTAMBgNVHRMEBTADAQH/MCwGCWCGSAGG+EIBDQQfFh1P
-+cGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUmYhmm8qirSHN
-+YCIr/2whHEivOwowgeMGA1UdIwSB2zCB2IAU/uTsUyTwlZXHELXhRLVdOWVa436h
-+gbSkgbEwga4xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMT0wOwYD
-+VQQKEzRYTUwgU2VjdXJpdHkgTGlicmFyeSAoaHR0cDovL3d3dy5hbGVrc2V5LmNv
-+bS94bWxzZWMpMRAwDgYDVQQLEwdSb290IENBMRYwFAYDVQQDEw1BbGVrc2V5IFNh
-+bmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb22CCQCvoou5M63a
-+rTANBgkqhkiG9w0BAQUFAANBADSQ02d8qKGQdQj9D6/ZqA524hpGmyusPTI9BvCh
-+8R1QO1w3ong7/my1/heps+dH6zw42uOnF6UK7TQIAtNafHM=
-+</X509Certificate>
- <X509Certificate>MIID9zCCA2CgAwIBAgIJAK+ii7kzrdqsMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYD
- VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
- aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEQMA4G
-@@ -33,7 +63,8 @@ BgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbYIJAK+ii7kzrdqsMAwGA1Ud
- EwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEARpb86RP/ck55X+NunXeIX81i763b
- j7Z1VJwFbA/QfupzxnqJ2IP/lxC8YxJ3Bp2IJMI7rC9r0poa41ZxI5rGHip97Dpg
- sxPF9lkRUmKBBQjkICOq1w/4d2DRInBoqXttD+0WsqDfNDVK+7kSE07ytn3RzHCj
--j0gv0PdxmuCsR/E=</X509Certificate>
-+j0gv0PdxmuCsR/E=
-+</X509Certificate>
- <X509Certificate>MIIDzzCCAzigAwIBAgIJAK+ii7kzrdqtMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYD
- VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
- aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEQMA4G
-@@ -54,27 +85,8 @@ VQQDEw1BbGVrc2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3Nl
- eS5jb22CCQCvoou5M63arDANBgkqhkiG9w0BAQUFAAOBgQBuTAW63AgWqqUDPGi8
- BiXbdKHhFP4J8qgkdv5WMa6SpSWVgNgOYXkK/BSg1aSmQtGv8/8UvBRPoJnO4y0N
- jWUFf1ubOgUNmedYNLq7YbTp8yTGWeogCyM2xdWELMP8BMgQL0sP+MDAFMKO3itY
--mEWnCEsP15HKSTms54RNj7oJ+A==</X509Certificate>
--<X509Certificate>MIIDpzCCA1GgAwIBAgIJAK+ii7kzrdqvMA0GCSqGSIb3DQEBBQUAMIGcMQswCQYD
--VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
--aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEWMBQG
--A1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtz
--ZXkuY29tMCAXDTE0MDUyMzE3NTUzNFoYDzIxMTQwNDI5MTc1NTM0WjCBxzELMAkG
--A1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1
--cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxKTAn
--BgNVBAsTIFRlc3QgVGhpcmQgTGV2ZWwgUlNBIENlcnRpZmljYXRlMRYwFAYDVQQD
--Ew1BbGVrc2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5j
--b20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEA09BtD3aeVt6DVDkk0dI7Vh7Ljqdn
--sYmW0tbDVxxK+nume+Z9Sb4znbUKkWl+vgQATdRUEyhT2P+Gqrd0UBzYfQIDAQAB
--o4IBRTCCAUEwDAYDVR0TBAUwAwEB/zAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBH
--ZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFNf0xkZ3zjcEI60pVPuwDqTM
--QygZMIHjBgNVHSMEgdswgdiAFP7k7FMk8JWVxxC14US1XTllWuN+oYG0pIGxMIGu
--MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1M
--IFNlY3VyaXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2Vj
--KTEQMA4GA1UECxMHUm9vdCBDQTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8G
--CSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tggkAr6KLuTOt2q0wDQYJKoZI
--hvcNAQEFBQADQQAOXBj0yICp1RmHXqnUlsppryLCW3pKBD1dkb4HWarO7RjA1yJJ
--fBjXssrERn05kpBcrRfzou4r3DCgQFPhjxga</X509Certificate>
-+mEWnCEsP15HKSTms54RNj7oJ+A==
-+</X509Certificate>
- </X509Data>
- </KeyInfo>
- <Object Id="object">some text</Object>
---- a/tests/testrun.sh
-+++ b/tests/testrun.sh
-@@ -87,6 +87,19 @@ else
- fi
- xmlsec_params="$xmlsec_params --crypto-config $crypto_config"
-
-+# What flavour of OpenSSL do we have?
-+case $XMLSEC_OPENSSL_VERSION in
-+*LibreSSL*)
-+ xmlsec_openssl_flavor="libressl"
-+ ;;
-+*BoringSSL*)
-+ xmlsec_openssl_flavor="boringssl"
-+ ;;
-+*)
-+ xmlsec_openssl_flavor="openssl"
-+ ;;
-+esac
-+
- #
- # Setup extra vars
- #
-@@ -333,7 +346,7 @@ execKeysTest() {
- fi
-
- # only openssl supports --privkey-openssl-store
-- if [ "z$crypto" = "zopenssl" ] ; then
-+ if [ "z$crypto" = "zopenssl" -a "z$xmlsec_openssl_flavor" != "zlibressl" ] ; then
- printf " Reading private key from pkcs12 file using ossl-store "
- rm -f $tmpfile
- params="--lax-key-search --privkey-openssl-store $privkey_file.p12 $pkcs12_key_extra_options $key_test_options --output $tmpfile $asym_key_test.tmpl"
-@@ -402,7 +415,7 @@ execKeysTest() {
- # test reading public keys
- if [ -n "$pubkey_file" -a -n "$asym_key_test" ]; then
- # only openssl supports --pubkey-openssl-store
-- if [ "z$crypto" = "zopenssl" ] ; then
-+ if [ "z$crypto" = "zopenssl" -a "z$xmlsec_openssl_flavor" != "zlibressl" ] ; then
- printf " Reading public key from pem file using ossl-store "
- rm -f $tmpfile
- params="--lax-key-search --pubkey-openssl-store $pubkey_file.pem $key_test_options $asym_key_test.xml"
diff --git a/dev-libs/xmlsec/files/xmlsec-1.3.0-strict-prototypes.patch b/dev-libs/xmlsec/files/xmlsec-1.3.0-strict-prototypes.patch
deleted file mode 100644
index be8377e..0000000
--- a/dev-libs/xmlsec/files/xmlsec-1.3.0-strict-prototypes.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-https://github.com/lsh123/xmlsec/issues/627
-https://github.com/lsh123/xmlsec/commit/a2c8cad6215d89ce4454adcde5e84ffb12901a7a
-
-From a2c8cad6215d89ce4454adcde5e84ffb12901a7a Mon Sep 17 00:00:00 2001
-From: lsh123 <aleksey@aleksey.com>
-Date: Thu, 13 Apr 2023 10:30:13 -0400
-Subject: [PATCH] Fix prototype (#629)
-
-Issue #627
---- a/src/nss/crypto.c
-+++ b/src/nss/crypto.c
-@@ -412,7 +412,7 @@ xmlSecNssKeysMngrInit(xmlSecKeysMngrPtr mngr) {
- * Returns: internal key slot and initializes it if needed.
- */
- PK11SlotInfo *
--xmlSecNssGetInternalKeySlot()
-+xmlSecNssGetInternalKeySlot(void)
- {
- PK11SlotInfo *slot = NULL;
- SECStatus rv;
-
diff --git a/dev-libs/xmlsec/xmlsec-1.3.0-r1.ebuild b/dev-libs/xmlsec/xmlsec-1.3.0-r1.ebuild
deleted file mode 100644
index fd5446d..0000000
--- a/dev-libs/xmlsec/xmlsec-1.3.0-r1.ebuild
+++ /dev/null
@@ -1,96 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit autotools
-
-DESCRIPTION="Command line tool for signing, verifying, encrypting and decrypting XML"
-HOMEPAGE="https://www.aleksey.com/xmlsec"
-SRC_URI="https://www.aleksey.com/xmlsec/download/${PN}1-${PV}.tar.gz"
-S="${WORKDIR}/${PN}1-${PV}"
-
-LICENSE="MIT"
-# Upstream consider major version bumps to be changes in either X or Y in X.Y.Z
-SLOT="0/$(ver_cut 1-2)"
-KEYWORDS="amd64 arm arm64 ~loong ppc ppc64 ~riscv ~sparc x86"
-IUSE="doc gcrypt gnutls http nss +openssl static-libs test"
-RESTRICT="!test? ( test )"
-REQUIRED_USE="
- || ( gnutls nss openssl )
-"
-
-RDEPEND="
- >=dev-libs/libxml2-2.7.4
- >=dev-libs/libxslt-1.0.20
- dev-libs/libltdl
- gcrypt? ( >=dev-libs/libgcrypt-1.4.0:= )
- gnutls? ( >=net-libs/gnutls-3.6.13:= )
- nss? (
- >=dev-libs/nspr-4.4.1
- >=dev-libs/nss-3.9
- )
- openssl? ( dev-libs/openssl:= )
-"
-DEPEND="${RDEPEND}"
-BDEPEND="
- virtual/pkgconfig
- test? (
- nss? (
- >=dev-libs/nss-3.9[utils]
- )
- )
-"
-
-PATCHES=(
- "${FILESDIR}"/${P}-strict-prototypes.patch
- "${FILESDIR}"/${P}-clang.patch
- "${FILESDIR}"/${P}-optimisation.patch
- "${FILESDIR}"/${P}-libressl.patch #903001
-)
-
-src_prepare() {
- default
-
- eautoreconf
-}
-
-src_configure() {
- local myeconfargs=(
- $(use_enable doc docs)
- $(use_enable static-libs static)
- $(use_with gcrypt)
- $(use_with gnutls)
- $(use_with nss nspr)
- $(use_with nss)
- $(use_with openssl)
-
- --disable-werror
- --enable-mans
- --enable-pkgconfig
-
- --enable-concatkdf
- --enable-pbkdf2
- --enable-ec
- --enable-dh
- --enable-sha3
-
- --enable-files
- $(use_enable http)
- --disable-ftp
- )
-
- # Bash because of bug #721128
- CONFIG_SHELL="${BROOT}"/bin/bash econf "${myeconfargs[@]}"
-}
-
-src_test() {
- # See https://github.com/lsh123/xmlsec/issues/280 for TZ=UTC
- TZ=UTC SHELL="${BROOT}"/bin/bash emake TMPFOLDER="${T}" check
-}
-
-src_install() {
- default
-
- find "${ED}" -name '*.la' -delete || die
-}
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [gentoo-commits] repo/proj/libressl:master commit in: dev-libs/xmlsec/, dev-libs/xmlsec/files/
@ 2024-10-30 19:39 orbea
0 siblings, 0 replies; 3+ messages in thread
From: orbea @ 2024-10-30 19:39 UTC (permalink / raw
To: gentoo-commits
commit: 35c434cf74f2d3a665d8349e930d736d6cccd845
Author: orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Wed Oct 30 16:32:50 2024 +0000
Commit: orbea <orbea <AT> riseup <DOT> net>
CommitDate: Wed Oct 30 16:32:50 2024 +0000
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=35c434cf
dev-libs/xmlsec: treeclean
Signed-off-by: orbea <orbea <AT> riseup.net>
dev-libs/xmlsec/Manifest | 1 -
dev-libs/xmlsec/files/xmlsec-1.2.37-libressl.patch | 40 --------------
.../xmlsec/files/xmlsec-1.3.0-optimisation.patch | 11 ----
dev-libs/xmlsec/metadata.xml | 15 -----
dev-libs/xmlsec/xmlsec-1.2.37.ebuild | 64 ----------------------
5 files changed, 131 deletions(-)
diff --git a/dev-libs/xmlsec/Manifest b/dev-libs/xmlsec/Manifest
deleted file mode 100644
index 70f3200..0000000
--- a/dev-libs/xmlsec/Manifest
+++ /dev/null
@@ -1 +0,0 @@
-DIST xmlsec1-1.2.37.tar.gz 2009175 BLAKE2B 19f43ba6bf6eb49428b9c5563baecbab21476f326cceee13785ae16769afa258f100732831c0f3f7d160543bd075cdcfdc5cbf11b7406637ee6c2f0e27c07f30 SHA512 99220cb28a346ffac0023f9f177d6a7be3ddcea04bea434b7dc926c1f0aaa5564d75f74f92896ac100179c04d77e001f688ddf46fed4e0a0b4f20b7b87c24900
diff --git a/dev-libs/xmlsec/files/xmlsec-1.2.37-libressl.patch b/dev-libs/xmlsec/files/xmlsec-1.2.37-libressl.patch
deleted file mode 100644
index acdb535..0000000
--- a/dev-libs/xmlsec/files/xmlsec-1.2.37-libressl.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-https://github.com/lsh123/xmlsec/pull/456
-https://github.com/lsh123/xmlsec/commit/c5469cfc8443c57a25a8783f0bd669f71e29bb04
-https://github.com/lsh123/xmlsec/pull/654
-https://github.com/lsh123/xmlsec/commit/dfdf981f3522e4059170b504fb6fd40b37c9d70f
-
-From c5469cfc8443c57a25a8783f0bd669f71e29bb04 Mon Sep 17 00:00:00 2001
-From: lsh123 <aleksey@aleksey.com>
-Date: Mon, 12 Dec 2022 10:34:56 -0500
-Subject: [PATCH] fix libressl (#456)
-
----
- src/openssl/openssl_compat.h | 9 ++++++++-
- 1 file changed, 8 insertions(+), 1 deletion(-)
-
-From d113d1e6355c4841fd03c6aa797d33bde1d064f3 Mon Sep 17 00:00:00 2001
-From: orbea <orbea@riseup.net>
-Date: Mon, 29 May 2023 07:46:58 -0700
-Subject: [PATCH] openssl_compat.h: Update LibreSSL UI_null() compat
-
-LibreSSL added UI_null() in 3.7.1.
----
- src/openssl/openssl_compat.h | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
---- a/src/openssl/openssl_compat.h
-+++ b/src/openssl/openssl_compat.h
-@@ -123,6 +123,13 @@ static inline int xmlSecOpenSSLCompatRand(unsigned char *buf, xmlSecSize size) {
- * LibreSSL 2.7 compatibility (implements most of OpenSSL 1.1 API)
- *
- *****************************************************************************/
-+#if defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x3070200fL)
-+
-+/* Needed for Engine initialization */
-+#define UI_null() NULL
-+
-+#endif /* defined(LIBRESSL_VERSION_NUMBER) */
-+
- #if defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x30500000L) && defined(XMLSEC_OPENSSL_API_110)
- /* EVP_CIPHER_CTX stuff */
- #define EVP_CIPHER_CTX_encrypting(x) ((x)->encrypt)
diff --git a/dev-libs/xmlsec/files/xmlsec-1.3.0-optimisation.patch b/dev-libs/xmlsec/files/xmlsec-1.3.0-optimisation.patch
deleted file mode 100644
index 2cd0401..0000000
--- a/dev-libs/xmlsec/files/xmlsec-1.3.0-optimisation.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- a/configure.ac
-+++ b/configure.ac
-@@ -2482,7 +2482,7 @@ AC_ARG_ENABLE([pedantic], [AS_HELP_STRING([--enable-pedantic],[enable pedantic c
- if test "z$enable_pedantic" = "zno" ; then
- AC_MSG_RESULT([disabled])
- else
-- CFLAGS="$CFLAGS -O -std=c99 -pedantic -pedantic-errors -W -Wall -Wextra"
-+ CFLAGS="$CFLAGS -std=c99 -pedantic -W -Wall -Wextra"
- CFLAGS="$CFLAGS -fno-inline -Wnull-dereference -Wdouble-promotion"
- CFLAGS="$CFLAGS -Wformat=2 -Wformat-security -Wformat-nonliteral"
- CFLAGS="$CFLAGS -Wconversion -Wunused -Wshadow -Wpointer-arith -Wcast-align"
diff --git a/dev-libs/xmlsec/metadata.xml b/dev-libs/xmlsec/metadata.xml
deleted file mode 100644
index 0f981c3..0000000
--- a/dev-libs/xmlsec/metadata.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
-<pkgmetadata>
- <!-- maintainer-needed -->
- <use>
- <flag name="gcrypt">Install xmlsec-gcrypt library</flag>
- <flag name="gnutls">Install xmlsec-gnutls library</flag>
- <flag name="http">Allow fetching over HTTP via libxml2.</flag>
- <flag name="nss">Install xmlsec-nss library</flag>
- <flag name="openssl">Install xmlsec-openssl library</flag>
- </use>
- <upstream>
- <remote-id type="github">lsh123/xmlsec</remote-id>
- </upstream>
-</pkgmetadata>
diff --git a/dev-libs/xmlsec/xmlsec-1.2.37.ebuild b/dev-libs/xmlsec/xmlsec-1.2.37.ebuild
deleted file mode 100644
index 42695ac..0000000
--- a/dev-libs/xmlsec/xmlsec-1.2.37.ebuild
+++ /dev/null
@@ -1,64 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-DESCRIPTION="Command line tool for signing, verifying, encrypting and decrypting XML"
-HOMEPAGE="https://www.aleksey.com/xmlsec"
-SRC_URI="https://www.aleksey.com/xmlsec/download/${PN}1-${PV}.tar.gz"
-S="${WORKDIR}/${PN}1-${PV}"
-
-LICENSE="MIT"
-SLOT="0"
-KEYWORDS="amd64 arm arm64 ~loong ppc ppc64 ~riscv ~sparc x86"
-IUSE="doc gcrypt gnutls nss +openssl static-libs test"
-RESTRICT="!test? ( test )"
-REQUIRED_USE="|| ( gcrypt gnutls nss openssl )
- gnutls? ( gcrypt )"
-
-RDEPEND=">=dev-libs/libxml2-2.7.4[ftp(+)]
- >=dev-libs/libxslt-1.0.20
- dev-libs/libltdl
- gcrypt? ( >=dev-libs/libgcrypt-1.4.0:= )
- gnutls? ( >=net-libs/gnutls-2.8.0:= )
- nss? (
- >=dev-libs/nspr-4.4.1
- >=dev-libs/nss-3.9
- )
- openssl? (
- dev-libs/openssl:=
- )"
-DEPEND="${RDEPEND}"
-BDEPEND="virtual/pkgconfig
- test? (
- nss? (
- >=dev-libs/nss-3.9[utils]
- )
- )"
-
-PATCHES=( "${FILESDIR}"/${PN}-1.2.37-libressl.patch )
-
-src_configure() {
- # Bash because of bug #721128
- CONFIG_SHELL="${BROOT}"/bin/bash econf \
- $(use_enable doc docs) \
- $(use_enable static-libs static) \
- $(use_with gcrypt) \
- $(use_with gnutls) \
- $(use_with nss nspr) \
- $(use_with nss) \
- $(use_with openssl) \
- --enable-mans \
- --enable-pkgconfig
-}
-
-src_test() {
- # See https://github.com/lsh123/xmlsec/issues/280 for TZ=UTC
- TZ=UTC SHELL="${BROOT}"/bin/bash emake TMPFOLDER="${T}" check
-}
-
-src_install() {
- default
-
- find "${ED}" -name '*.la' -delete || die
-}
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-10-30 19:39 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-09-17 16:22 [gentoo-commits] repo/proj/libressl:master commit in: dev-libs/xmlsec/, dev-libs/xmlsec/files/ orbea
-- strict thread matches above, loose matches on Subject: below --
2024-10-30 19:39 orbea
2023-06-08 19:04 orbea
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox