public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-commits] repo/gentoo:master commit in: net-libs/gnutls/, net-libs/gnutls/files/
@ 2015-12-19 11:27 Alon Bar-Lev
  0 siblings, 0 replies; 13+ messages in thread
From: Alon Bar-Lev @ 2015-12-19 11:27 UTC (permalink / raw
  To: gentoo-commits

commit:     0aa72a1fa56ba00946438ae38fba467fcc277e36
Author:     Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
AuthorDate: Sat Dec 19 11:13:01 2015 +0000
Commit:     Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
CommitDate: Sat Dec 19 11:26:28 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0aa72a1f

net-libs/gnutls - install man(1)

Bug: 568534

Package-Manager: portage-2.2.24

 ...ow-installing-man-1-even-with-disable-doc.patch |  94 +++++++++++
 ...ow-installing-man-1-even-with-disable-doc.patch |  96 +++++++++++
 net-libs/gnutls/gnutls-3.3.19-r1.ebuild            | 177 +++++++++++++++++++++
 net-libs/gnutls/gnutls-3.4.7-r1.ebuild             | 135 ++++++++++++++++
 4 files changed, 502 insertions(+)

diff --git a/net-libs/gnutls/files/gnutls-3.3.19-build-allow-installing-man-1-even-with-disable-doc.patch b/net-libs/gnutls/files/gnutls-3.3.19-build-allow-installing-man-1-even-with-disable-doc.patch
new file mode 100644
index 0000000..dda8bfc
--- /dev/null
+++ b/net-libs/gnutls/files/gnutls-3.3.19-build-allow-installing-man-1-even-with-disable-doc.patch
@@ -0,0 +1,94 @@
+From 0f230c6375fd3680837d98f20ee3862e9041af3d Mon Sep 17 00:00:00 2001
+From: Alon Bar-Lev <alon.barlev@gmail.com>
+Date: Fri, 18 Dec 2015 12:14:08 +0200
+Subject: [PATCH] build: allow installing man(1) even with --disable-doc
+
+Currently these man pages are installed only if --enable-doc
+is provided, while these are not actually docs, do not require any
+special dependency, nor consume large space.
+
+This adds --enable-manpages to enable/disable manpages installation, and
+install the man(1) regardless of --disable-doc.
+
+Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
+Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+---
+ Makefile.am              |  3 +++
+ configure.ac             | 10 ++++++++++
+ doc/Makefile.am          |  2 +-
+ doc/manpages/Makefile.am |  2 ++
+ 5 files changed, 17 insertions(+), 1 deletion(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index d446711..6e19f26 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -28,6 +28,9 @@ SUBDIRS += libdane
+ endif
+ 
+ SUBDIRS += po src
++if ENABLE_MANPAGES
++SUBDIRS += doc/manpages
++endif
+ if ENABLE_DOC
+ SUBDIRS += doc
+ endif
+diff --git a/configure.ac b/configure.ac
+index c7a83b8..d161c05 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -152,6 +152,15 @@ AC_ARG_ENABLE(doc,
+     enable_doc=$enableval, enable_doc=yes)
+ AM_CONDITIONAL(ENABLE_DOC, test "$enable_doc" != "no")
+ 
++AC_ARG_ENABLE(manpages,
++  AS_HELP_STRING([--enable-manpages], [install manpages even if disable-doc is given]),
++    enable_manpages=$enableval,enable_manpages=auto)
++
++if test "${enable_manpages}" = "auto";then
++  enable_manpages="${enable_doc}"
++fi
++AM_CONDITIONAL(ENABLE_MANPAGES, test "$enable_manpages" != "no")
++
+ AC_ARG_ENABLE(tests,
+   AS_HELP_STRING([--disable-tests], [don't compile or run any tests]),
+     enable_tests=$enableval, enable_tests=yes)
+@@ -838,6 +847,7 @@ AC_MSG_NOTICE([summary of build options:
+   Local libtasn1:       ${included_libtasn1}
+   Use nettle-mini:      ${mini_nettle}
+   nettle-version:       ${nettle_version}
++  Documentation:        ${enable_doc} (manpages: ${enable_manpages})
+ ])
+ 
+ AC_MSG_NOTICE([External hardware support:
+diff --git a/doc/Makefile.am b/doc/Makefile.am
+index d9b4022..492a74a 100644
+--- a/doc/Makefile.am
++++ b/doc/Makefile.am
+@@ -24,7 +24,7 @@ EXTRA_DIST = TODO certtool.cfg gnutls.pdf gnutls.html	\
+ 	gnutls-guile.pdf gnutls-guile.html stamp_enums stamp_functions \
+ 	doc.mk
+ 
+-SUBDIRS = examples cyclo scripts manpages credentials latex
++SUBDIRS = examples cyclo scripts credentials latex
+ if ENABLE_GTK_DOC
+ SUBDIRS += reference
+ endif
+diff --git a/doc/manpages/Makefile.am b/doc/manpages/Makefile.am
+index 6d16787..2840197 100644
+--- a/doc/manpages/Makefile.am
++++ b/doc/manpages/Makefile.am
+@@ -1053,7 +1053,9 @@ APIMANS += gnutls_x509_trust_list_verify_crt.3
+ APIMANS += gnutls_x509_trust_list_verify_crt2.3
+ APIMANS += gnutls_x509_trust_list_verify_named_crt.3
+ 
++if ENABLE_DOC
+ dist_man_MANS += $(APIMANS)
++endif
+ 
+ $(APIMANS): stamp_mans
+ 
+-- 
+2.4.10
+

diff --git a/net-libs/gnutls/files/gnutls-3.4.7-build-allow-installing-man-1-even-with-disable-doc.patch b/net-libs/gnutls/files/gnutls-3.4.7-build-allow-installing-man-1-even-with-disable-doc.patch
new file mode 100644
index 0000000..cf108f0
--- /dev/null
+++ b/net-libs/gnutls/files/gnutls-3.4.7-build-allow-installing-man-1-even-with-disable-doc.patch
@@ -0,0 +1,96 @@
+From 86f039f8c78f87edd6346265010abc679d9283a9 Mon Sep 17 00:00:00 2001
+From: Alon Bar-Lev <alon.barlev@gmail.com>
+Date: Fri, 18 Dec 2015 12:14:08 +0200
+Subject: [PATCH] build: allow installing man(1) even with --disable-doc
+
+Currently these man pages are installed only if --enable-doc
+is provided, while these are not actually docs, do not require any
+special dependency, nor consume large space.
+
+This adds --enable-manpages to enable/disable manpages installation, and
+install the man(1) regardless of --disable-doc.
+
+Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
+Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+---
+ Makefile.am              |  4 ++++
+ configure.ac             | 11 +++++++++++
+ doc/Makefile.am          |  2 +-
+ doc/manpages/Makefile.am |  2 ++
+ 5 files changed, 19 insertions(+), 1 deletion(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index 19fcb90..b94af06 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -42,6 +42,10 @@ if HAVE_GUILE
+ SUBDIRS += guile
+ endif
+ 
++if ENABLE_MANPAGES
++SUBDIRS += doc/manpages
++endif
++
+ if ENABLE_DOC
+ SUBDIRS += doc
+ endif
+diff --git a/configure.ac b/configure.ac
+index e634236..0b1625b 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -51,6 +51,16 @@ AC_ARG_ENABLE(doc,
+     enable_doc=$enableval, enable_doc=yes)
+ AM_CONDITIONAL(ENABLE_DOC, test "$enable_doc" != "no")
+ 
++AC_ARG_ENABLE(manpages,
++  AS_HELP_STRING([--enable-manpages], [install manpages even if disable-doc is given]),
++    enable_manpages=$enableval,enable_manpages=auto)
++
++if test "${enable_manpages}" = "auto";then
++  enable_manpages="${enable_doc}"
++fi
++
++AM_CONDITIONAL(ENABLE_MANPAGES, test "$enable_manpages" != "no")
++
+ AC_ARG_ENABLE(tools,
+   AS_HELP_STRING([--disable-tools], [don't compile any tools]),
+     enable_tools=$enableval, enable_tools=yes)
+@@ -920,6 +930,7 @@ AC_MSG_NOTICE([summary of build options:
+   Local libopts:        ${included_libopts}
+   Local libtasn1:       ${included_libtasn1}
+   Use nettle-mini:      ${mini_nettle}
++  Documentation:        ${enable_doc} (manpages: ${enable_manpages})
+ ])
+ 
+ AC_MSG_NOTICE([External hardware support:
+diff --git a/doc/Makefile.am b/doc/Makefile.am
+index 1e99dd0..05c2188 100644
+--- a/doc/Makefile.am
++++ b/doc/Makefile.am
+@@ -24,7 +24,7 @@ EXTRA_DIST = TODO certtool.cfg gnutls.pdf gnutls.html	\
+ 	gnutls-guile.pdf gnutls-guile.html stamp_enums stamp_functions \
+ 	doc.mk
+ 
+-SUBDIRS = examples cyclo scripts manpages credentials latex
++SUBDIRS = examples cyclo scripts credentials latex
+ if ENABLE_GTK_DOC
+ SUBDIRS += reference
+ endif
+diff --git a/doc/manpages/Makefile.am b/doc/manpages/Makefile.am
+index 8a1613d..10365a9 100644
+--- a/doc/manpages/Makefile.am
++++ b/doc/manpages/Makefile.am
+@@ -1127,7 +1127,9 @@ APIMANS += gnutls_x509_trust_list_verify_crt.3
+ APIMANS += gnutls_x509_trust_list_verify_crt2.3
+ APIMANS += gnutls_x509_trust_list_verify_named_crt.3
+ 
++if ENABLE_DOC
+ dist_man_MANS += $(APIMANS)
++endif
+ 
+ $(APIMANS): stamp_mans
+ 
+-- 
+2.4.10
+

diff --git a/net-libs/gnutls/gnutls-3.3.19-r1.ebuild b/net-libs/gnutls/gnutls-3.3.19-r1.ebuild
new file mode 100644
index 0000000..c26d74c
--- /dev/null
+++ b/net-libs/gnutls/gnutls-3.3.19-r1.ebuild
@@ -0,0 +1,177 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit autotools libtool eutils multilib-minimal versionator
+
+DESCRIPTION="A TLS 1.2 and SSL 3.0 implementation for the GNU project"
+HOMEPAGE="http://www.gnutls.org/"
+SRC_URI="mirror://gnupg/gnutls/v$(get_version_component_range 1-2)/${P}.tar.xz"
+
+# LGPL-3 for libgnutls library and GPL-3 for libgnutls-extra library.
+# soon to be relicensed as LGPL-2.1 unless heartbeat extension enabled.
+LICENSE="GPL-3 LGPL-3"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x86-interix ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x86-solaris"
+IUSE_LINGUAS=" en cs de fi fr it ms nl pl sv uk vi zh_CN"
+IUSE="+cxx +crywrap dane doc examples guile nls +openssl pkcs11 static-libs test zlib ${IUSE_LINGUAS// / linguas_}"
+# heartbeat support is not disabled until re-licensing happens fullyf
+
+# NOTICE: sys-devel/autogen is required at runtime as we
+# use system libopts
+RDEPEND=">=dev-libs/libtasn1-4.3[${MULTILIB_USEDEP}]
+	>=dev-libs/nettle-2.7:=[gmp,${MULTILIB_USEDEP}]
+	>=dev-libs/gmp-5.1.3-r1[${MULTILIB_USEDEP}]
+	sys-devel/autogen
+	crywrap? ( net-dns/libidn )
+	dane? ( >=net-dns/unbound-1.4.20[${MULTILIB_USEDEP}] )
+	guile? ( >=dev-scheme/guile-1.8:*[networking] )
+	nls? ( >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] )
+	pkcs11? ( >=app-crypt/p11-kit-0.20.7[${MULTILIB_USEDEP}] )
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
+	abi_x86_32? (
+		!<=app-emulation/emul-linux-x86-baselibs-20140508
+		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+	)"
+DEPEND="${RDEPEND}
+	>=sys-devel/automake-1.11.6
+	>=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+	doc? (
+		sys-apps/texinfo
+		dev-util/gtk-doc
+	)
+	nls? ( sys-devel/gettext )
+	test? ( app-misc/datefudge )"
+
+DOCS=( AUTHORS ChangeLog NEWS README THANKS doc/TODO )
+
+pkg_setup() {
+	# bug#520818
+	export TZ=UTC
+}
+
+src_prepare() {
+	epatch "${FILESDIR}/${P}-build-allow-installing-man-1-even-with-disable-doc.patch"
+
+	sed -i \
+		-e 's/imagesdir = $(infodir)/imagesdir = $(htmldir)/' \
+		doc/Makefile.am || die
+
+	# force regeneration of autogen-ed files
+	local file
+	for file in $(grep -l AutoGen-ed src/*.c) ; do
+		rm src/$(basename ${file} .c).{c,h} || die
+	done
+
+	# force regeneration of makeinfo files
+	# have no idea why on some system these files are not
+	# accepted as-is, see bug#520818
+	for file in $(grep -l "produced by makeinfo" doc/*.info) ; do
+		rm "${file}" || die
+	done
+
+	# support user patches
+	epatch_user
+
+	eautoreconf
+
+	# Use sane .so versioning on FreeBSD.
+	elibtoolize
+
+	# bug 497472
+	use cxx || epunt_cxx
+}
+
+multilib_src_configure() {
+	LINGUAS="${LINGUAS//en/en@boldquot en@quot}"
+
+	# TPM needs to be tested before being enabled
+	# hardware-accell is disabled on OSX because the asm files force
+	#   GNU-stack (as doesn't support that) and when that's removed ld
+	#   complains about duplicate symbols
+	ECONF_SOURCE=${S} \
+	econf \
+		--htmldir="${EPREFIX}/usr/share/doc/${PF}/html" \
+		--disable-valgrind-tests \
+		--without-included-libtasn1 \
+		--enable-heartbeat-support \
+		$(use_enable cxx) \
+		$(use_enable dane libdane) \
+		$(multilib_native_enable manpages) \
+		$(multilib_native_use_enable doc) \
+		$(multilib_native_use_enable doc gtk-doc) \
+		$(multilib_native_use_enable guile) \
+		$(multilib_native_use_enable crywrap) \
+		$(use_enable nls) \
+		$(use_enable openssl openssl-compatibility) \
+		$(use_enable static-libs static) \
+		$(use_with pkcs11 p11-kit) \
+		$(use_with zlib) \
+		--without-tpm \
+		--with-unbound-root-key-file=/etc/dnssec/root-anchors.txt \
+		$([[ ${CHOST} == *-darwin* ]] && echo --disable-hardware-acceleration)
+
+	if multilib_is_native_abi; then
+		ln -s "${S}"/doc/reference/html doc/reference/html || die
+	fi
+}
+
+multilib_src_compile() {
+	if multilib_is_native_abi; then
+		default
+
+		# symlink certtool for use in other ABIs
+		if use test; then
+			ln -s "${BUILD_DIR}"/src "${T}"/native-tools || die
+		fi
+	else
+		emake -C gl
+		emake -C lib
+		emake -C extra
+		use dane && emake -C libdane
+	fi
+}
+
+multilib_src_test() {
+	if multilib_is_native_abi; then
+		# parallel testing often fails
+		emake -j1 check
+	else
+		# use native ABI tools
+		ln -s "${T}"/native-tools/{certtool,gnutls-{serv,cli}} \
+			"${BUILD_DIR}"/src/ || die
+
+		emake -C gl -j1 check
+		emake -C tests -j1 check
+	fi
+}
+
+multilib_src_install() {
+	if multilib_is_native_abi; then
+		emake DESTDIR="${D}" install
+	else
+		emake -C lib DESTDIR="${D}" install
+		emake -C extra DESTDIR="${D}" install
+		use dane && emake -C libdane DESTDIR="${D}" install
+	fi
+}
+
+multilib_src_install_all() {
+	einstalldocs
+	prune_libtool_files --all
+
+	dodoc doc/certtool.cfg
+
+	if use doc; then
+		dohtml doc/gnutls.html
+	else
+		rm -fr "${ED}/usr/share/doc/${PF}/html"
+	fi
+
+	if use examples; then
+		docinto examples
+		dodoc doc/examples/*.c
+	fi
+}

diff --git a/net-libs/gnutls/gnutls-3.4.7-r1.ebuild b/net-libs/gnutls/gnutls-3.4.7-r1.ebuild
new file mode 100644
index 0000000..89d3fc4
--- /dev/null
+++ b/net-libs/gnutls/gnutls-3.4.7-r1.ebuild
@@ -0,0 +1,135 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit autotools libtool eutils multilib-minimal versionator
+
+DESCRIPTION="A TLS 1.2 and SSL 3.0 implementation for the GNU project"
+HOMEPAGE="http://www.gnutls.org/"
+SRC_URI="mirror://gnupg/gnutls/v$(get_version_component_range 1-2)/${P}.tar.xz"
+
+# LGPL-3 for libgnutls library and GPL-3 for libgnutls-extra library.
+# soon to be relicensed as LGPL-2.1 unless heartbeat extension enabled.
+LICENSE="GPL-3 LGPL-3"
+SLOT="0/30" # libgnutls.so number
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x86-interix ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x86-solaris"
+IUSE_LINGUAS=" en cs de fi fr it ms nl pl sv uk vi zh_CN"
+IUSE="+cxx +crywrap dane doc examples guile nls +openssl pkcs11 static-libs test +tools zlib ${IUSE_LINGUAS// / linguas_}"
+# heartbeat support is not disabled until re-licensing happens fullyf
+
+# NOTICE: sys-devel/autogen is required at runtime as we
+# use system libopts
+RDEPEND=">=dev-libs/libtasn1-4.3[${MULTILIB_USEDEP}]
+	>=dev-libs/nettle-3.1:=[gmp,${MULTILIB_USEDEP}]
+	>=dev-libs/gmp-5.1.3-r1[${MULTILIB_USEDEP}]
+	tools? ( sys-devel/autogen )
+	crywrap? ( net-dns/libidn )
+	dane? ( >=net-dns/unbound-1.4.20[${MULTILIB_USEDEP}] )
+	guile? ( >=dev-scheme/guile-1.8:*[networking] )
+	nls? ( >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] )
+	pkcs11? ( >=app-crypt/p11-kit-0.23.1[${MULTILIB_USEDEP}] )
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
+	abi_x86_32? (
+		!<=app-emulation/emul-linux-x86-baselibs-20140508
+		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+	)"
+DEPEND="${RDEPEND}
+	>=sys-devel/automake-1.11.6
+	>=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+	doc? (
+		sys-apps/texinfo
+		dev-util/gtk-doc
+	)
+	nls? ( sys-devel/gettext )
+	test? ( app-misc/datefudge )"
+
+DOCS=( AUTHORS ChangeLog NEWS README THANKS doc/TODO )
+
+pkg_setup() {
+	# bug#520818
+	export TZ=UTC
+}
+
+src_prepare() {
+	epatch "${FILESDIR}/${P}-build-allow-installing-man-1-even-with-disable-doc.patch"
+
+	sed -i \
+		-e 's/imagesdir = $(infodir)/imagesdir = $(htmldir)/' \
+		doc/Makefile.am || die
+
+	# force regeneration of autogen-ed files
+	local file
+	for file in $(grep -l AutoGen-ed src/*.c) ; do
+		rm src/$(basename ${file} .c).{c,h} || die
+	done
+
+	# force regeneration of makeinfo files
+	# have no idea why on some system these files are not
+	# accepted as-is, see bug#520818
+	for file in $(grep -l "produced by makeinfo" doc/*.info) ; do
+		rm "${file}" || die
+	done
+
+	# support user patches
+	epatch_user
+
+	eautoreconf
+
+	# Use sane .so versioning on FreeBSD.
+	elibtoolize
+
+	# bug 497472
+	use cxx || epunt_cxx
+}
+
+multilib_src_configure() {
+	LINGUAS="${LINGUAS//en/en@boldquot en@quot}"
+
+	# TPM needs to be tested before being enabled
+	# hardware-accell is disabled on OSX because the asm files force
+	#   GNU-stack (as doesn't support that) and when that's removed ld
+	#   complains about duplicate symbols
+	ECONF_SOURCE=${S} \
+	econf \
+		--htmldir="${EPREFIX}/usr/share/doc/${PF}/html" \
+		--disable-valgrind-tests \
+		--without-included-libtasn1 \
+		--enable-heartbeat-support \
+		$(use_enable cxx) \
+		$(use_enable dane libdane) \
+		$(multilib_native_enable manpages) \
+		$(multilib_native_use_enable tools) \
+		$(multilib_native_use_enable doc) \
+		$(multilib_native_use_enable doc gtk-doc) \
+		$(multilib_native_use_enable guile) \
+		$(multilib_native_use_enable crywrap) \
+		$(multilib_native_use_enable test tests) \
+		$(use_enable nls) \
+		$(use_enable openssl openssl-compatibility) \
+		$(use_enable static-libs static) \
+		$(use_with pkcs11 p11-kit) \
+		$(use_with zlib) \
+		--without-tpm \
+		--with-unbound-root-key-file=/etc/dnssec/root-anchors.txt \
+		$([[ ${CHOST} == *-darwin* ]] && echo --disable-hardware-acceleration)
+}
+
+multilib_src_install_all() {
+	einstalldocs
+	prune_libtool_files --all
+
+	dodoc doc/certtool.cfg
+
+	if use doc; then
+		dohtml doc/gnutls.html
+	else
+		rm -fr "${ED}/usr/share/doc/${PF}/html"
+	fi
+
+	if use examples; then
+		docinto examples
+		dodoc doc/examples/*.c
+	fi
+}


^ permalink raw reply related	[flat|nested] 13+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: net-libs/gnutls/, net-libs/gnutls/files/
@ 2016-08-12 16:43 Alon Bar-Lev
  0 siblings, 0 replies; 13+ messages in thread
From: Alon Bar-Lev @ 2016-08-12 16:43 UTC (permalink / raw
  To: gentoo-commits

commit:     7151cfbeaec4f1c8cfae0491ffece7be694269af
Author:     Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
AuthorDate: Fri Aug 12 16:42:12 2016 +0000
Commit:     Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
CommitDate: Fri Aug 12 16:42:32 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7151cfbe

net-libs/gnutls: fix parallel build

Bug: 590918
Thanks: Oleg

Package-Manager: portage-2.2.28

 net-libs/gnutls/files/gnutls-3.4.14-build.patch |  25 +++++
 net-libs/gnutls/gnutls-3.4.14-r1.ebuild         | 133 ++++++++++++++++++++++++
 2 files changed, 158 insertions(+)

diff --git a/net-libs/gnutls/files/gnutls-3.4.14-build.patch b/net-libs/gnutls/files/gnutls-3.4.14-build.patch
new file mode 100644
index 0000000..5803bf5
--- /dev/null
+++ b/net-libs/gnutls/files/gnutls-3.4.14-build.patch
@@ -0,0 +1,25 @@
+From 107e1df19715ffd4701bfcd3325c5cc80e5174b0 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@redhat.com>
+Date: Thu, 18 Feb 2016 09:17:17 +0100
+Subject: [PATCH] src: added systemkey-args to BUILT_SOURCES
+
+---
+ src/Makefile.am | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/Makefile.am b/src/Makefile.am
+index 1901a76..fda8b9e 100644
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -25,7 +25,7 @@ BUILT_SOURCES = srptool-args.c srptool-args.h \
+ 	serv-args.c serv-args.h cli-args.c cli-args.h \
+ 	cli-debug-args.c cli-debug-args.h certtool-args.c certtool-args.h \
+ 	danetool-args.c danetool-args.h p11tool-args.c p11tool-args.h \
+-	tpmtool-args.c tpmtool-args.h
++	tpmtool-args.c tpmtool-args.h systemkey-args.c systemkey-args.h
+ 
+ if ENABLE_CRYWRAP
+ SUBDIRS += crywrap
+-- 
+2.7.3
+

diff --git a/net-libs/gnutls/gnutls-3.4.14-r1.ebuild b/net-libs/gnutls/gnutls-3.4.14-r1.ebuild
new file mode 100644
index 0000000..5656755
--- /dev/null
+++ b/net-libs/gnutls/gnutls-3.4.14-r1.ebuild
@@ -0,0 +1,133 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+inherit autotools libtool eutils multilib-minimal versionator
+
+DESCRIPTION="A TLS 1.2 and SSL 3.0 implementation for the GNU project"
+HOMEPAGE="http://www.gnutls.org/"
+SRC_URI="mirror://gnupg/gnutls/v$(get_version_component_range 1-2)/${P}.tar.xz"
+
+LICENSE="GPL-3 LGPL-2.1"
+SLOT="0/30" # libgnutls.so number
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x86-interix ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x86-solaris"
+IUSE_LINGUAS=" en cs de fi fr it ms nl pl sv uk vi zh_CN"
+IUSE="+cxx +crywrap dane doc examples guile nls +openssl pkcs11 static-libs test +tls-heartbeat +tools zlib ${IUSE_LINGUAS// / linguas_}"
+
+# NOTICE: sys-devel/autogen is required at runtime as we
+# use system libopts
+RDEPEND=">=dev-libs/libtasn1-4.3[${MULTILIB_USEDEP}]
+	>=dev-libs/nettle-3.1:=[gmp,${MULTILIB_USEDEP}]
+	>=dev-libs/gmp-5.1.3-r1[${MULTILIB_USEDEP}]
+	tools? ( sys-devel/autogen )
+	crywrap? ( net-dns/libidn )
+	dane? ( >=net-dns/unbound-1.4.20[${MULTILIB_USEDEP}] )
+	guile? ( >=dev-scheme/guile-1.8:*[networking] )
+	nls? ( >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] )
+	pkcs11? ( >=app-crypt/p11-kit-0.23.1[${MULTILIB_USEDEP}] )
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
+	abi_x86_32? (
+		!<=app-emulation/emul-linux-x86-baselibs-20140508
+		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+	)"
+DEPEND="${RDEPEND}
+	>=sys-devel/automake-1.11.6
+	>=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+	doc? (
+		sys-apps/texinfo
+		dev-util/gtk-doc
+	)
+	nls? ( sys-devel/gettext )
+	test? ( app-misc/datefudge )"
+
+DOCS=( AUTHORS ChangeLog NEWS README THANKS doc/TODO )
+
+PATCHES=(
+	"${FILESDIR}/${PN}-3.4.7-build-allow-installing-man-1-even-with-disable-doc.patch"
+	"${FILESDIR}/${PN}-3.4.14-build.patch"
+)
+
+pkg_setup() {
+	# bug#520818
+	export TZ=UTC
+}
+
+src_prepare() {
+	default
+
+	sed -i \
+		-e 's/imagesdir = $(infodir)/imagesdir = $(htmldir)/' \
+		doc/Makefile.am || die
+
+	# force regeneration of autogen-ed files
+	local file
+	for file in $(grep -l AutoGen-ed src/*.c) ; do
+		rm src/$(basename ${file} .c).{c,h} || die
+	done
+
+	# force regeneration of makeinfo files
+	# have no idea why on some system these files are not
+	# accepted as-is, see bug#520818
+	for file in $(grep -l "produced by makeinfo" doc/*.info) ; do
+		rm "${file}" || die
+	done
+
+	eautoreconf
+
+	# Use sane .so versioning on FreeBSD.
+	elibtoolize
+
+	# bug 497472
+	use cxx || epunt_cxx
+}
+
+multilib_src_configure() {
+	LINGUAS="${LINGUAS//en/en@boldquot en@quot}"
+
+	# TPM needs to be tested before being enabled
+	# hardware-accell is disabled on OSX because the asm files force
+	#   GNU-stack (as doesn't support that) and when that's removed ld
+	#   complains about duplicate symbols
+	ECONF_SOURCE=${S} \
+	econf \
+		--disable-valgrind-tests \
+		--without-included-libtasn1 \
+		$(use_enable cxx) \
+		$(use_enable dane libdane) \
+		$(multilib_native_enable manpages) \
+		$(multilib_native_use_enable tools) \
+		$(multilib_native_use_enable doc) \
+		$(multilib_native_use_enable doc gtk-doc) \
+		$(multilib_native_use_enable guile) \
+		$(multilib_native_use_enable crywrap) \
+		$(multilib_native_use_enable test tests) \
+		$(use_enable nls) \
+		$(use_enable openssl openssl-compatibility) \
+		$(use_enable tls-heartbeat heartbeat-support) \
+		$(use_enable static-libs static) \
+		$(use_with pkcs11 p11-kit) \
+		$(use_with zlib) \
+		--without-tpm \
+		--with-unbound-root-key-file=/etc/dnssec/root-anchors.txt \
+		$([[ ${CHOST} == *-darwin* ]] && echo --disable-hardware-acceleration)
+}
+
+multilib_src_install_all() {
+	einstalldocs
+	prune_libtool_files --all
+
+	dodoc doc/certtool.cfg
+
+	if use doc; then
+		dohtml doc/gnutls.html
+	else
+		rm -fr "${ED}/usr/share/doc/${PF}/html"
+	fi
+
+	if use examples; then
+		docinto examples
+		dodoc doc/examples/*.c
+	fi
+}


^ permalink raw reply related	[flat|nested] 13+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: net-libs/gnutls/, net-libs/gnutls/files/
@ 2017-05-19 15:50 Alon Bar-Lev
  0 siblings, 0 replies; 13+ messages in thread
From: Alon Bar-Lev @ 2017-05-19 15:50 UTC (permalink / raw
  To: gentoo-commits

commit:     3782a23cc43e7c22e50ce524761f2385ddb25543
Author:     Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
AuthorDate: Fri May 19 15:50:15 2017 +0000
Commit:     Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
CommitDate: Fri May 19 15:50:15 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3782a23c

net-libs/gnutls: cleanup

Package-Manager: Portage-2.3.5, Repoman-2.3.1

 net-libs/gnutls/Manifest                        |   1 -
 net-libs/gnutls/files/gnutls-3.5.11-tests.patch | 166 ------------------------
 net-libs/gnutls/gnutls-3.5.11.ebuild            | 138 --------------------
 3 files changed, 305 deletions(-)

diff --git a/net-libs/gnutls/Manifest b/net-libs/gnutls/Manifest
index 3fd74bfe2f3..10fcfed1f5f 100644
--- a/net-libs/gnutls/Manifest
+++ b/net-libs/gnutls/Manifest
@@ -1,4 +1,3 @@
 DIST gnutls-3.3.26.tar.xz 6361068 SHA256 6a7d882b6b581d684883fde195abf930dab37dfbe6aaea88ab164252bec720d9 SHA512 41259f760f5ed9b87d4203de567efb1a2087e01a025f2ea0f14167f146ecd640fbddeab390fbae6acc262507229894774db883d0892d448068ee73abb110738f WHIRLPOOL afca5aabebf36064847933662736c7713b837375db2c91c416d43a980407d912edf8fb64f53615c0bed770f46a9d2e0a3eb309f6a66281f5377e50a02863c8e7
 DIST gnutls-3.3.27.tar.xz 6364824 SHA256 8dfda16c158ef5c134010d51d1a91d02aa5d43b8cb711b1572650a7ffb56b17f SHA512 2cc5706b502a500375f706d1a7321af4c55554d3052f35cf24cbb288f9568ce891999d0f401119d04f594e9bc79e2e68d3c008648604032222ad2a6d8224bbdf WHIRLPOOL 508ac8939e471155bd5d49510111fca4eb5b5362f0bae8ec16f98eb16aeaa44ff06448fd7793398e56f9713b344b0b27a32e66c24cbdc062d33bc74dd6b83f57
-DIST gnutls-3.5.11.tar.xz 7208068 SHA256 51765cc5579e250da77fbd7871507c517d01b15353cc40af7b67e9ec7b6fe28f SHA512 ce7e68bae417c114dcd8d2d8f84a69c233e41aa0591cb35f3872db29164031b53e1688553eb1c829602512954066aef6b0894ce50deb556723b93fd8e5817ac5 WHIRLPOOL 0c237b924148aef3fdee82567962c379293054f2b73e7740fc73aef9dc70f19007992a3d69bd2b3b0939c5ef4b34350fe69c99e94f46f3784d326eb6ddce9c01
 DIST gnutls-3.5.12.tar.xz 7212652 SHA256 63cb39a5eaa029381df2e49a74cfb7be89fc4a592445191818ffe1e66bde57cb SHA512 8fec23e7e494a2e15e0f938115cae1ba3fee952d634db387f983b01096f68ca4313b23bc4c439d3c7fdd07c861eac4913a7c2343c8704961588ae195886ec90c WHIRLPOOL f7309aa89e75ed75371893ba4e4ac89f9f8bc7a61ef10ae4c4986aec290ae2dc5108cd3cc6463af6700ddab3754c6fcbd10ac95d3c40c4549cfdf6b3289f8a72

diff --git a/net-libs/gnutls/files/gnutls-3.5.11-tests.patch b/net-libs/gnutls/files/gnutls-3.5.11-tests.patch
deleted file mode 100644
index e81ecedbc34..00000000000
--- a/net-libs/gnutls/files/gnutls-3.5.11-tests.patch
+++ /dev/null
@@ -1,166 +0,0 @@
-From e03782b6ce2f5b909ebb65ff1682126302200c80 Mon Sep 17 00:00:00 2001
-From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
-Date: Tue, 7 Mar 2017 22:39:20 +0100
-Subject: [PATCH] tests: do not run tests which require openpgp when it is
- disabled
-
-Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
----
- tests/openpgp-callback.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/tests/openpgp-callback.c b/tests/openpgp-callback.c
-index c3f2c4c..3df10ac 100644
---- a/tests/openpgp-callback.c
-+++ b/tests/openpgp-callback.c
-@@ -27,7 +27,7 @@
- #include <stdio.h>
- #include <stdlib.h>
- 
--#if defined(_WIN32)
-+#if defined(_WIN32) || !defined(ENABLED_OPENPGP)
- 
- /* socketpair isn't supported on Win32. */
- int main(int argc, char **argv)
--- 
-2.10.2
-
-From 72e9bc6f807924ae563f247272ebd8437f7fd5db Mon Sep 17 00:00:00 2001
-From: Nikos Mavrogiannopoulos <nmav@redhat.com>
-Date: Wed, 8 Mar 2017 16:00:02 +0100
-Subject: [PATCH] tests: dtls-stress: use X.509 certificates instead of openpgp
-
-This will allow the test tool to operate even after openpgp certificates
-are deprecated.
-
-Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
----
- tests/dtls/Makefile.am   |  1 +
- tests/dtls/dtls-stress.c | 67 ++++++------------------------------------------
- 2 files changed, 9 insertions(+), 59 deletions(-)
-
-diff --git a/tests/dtls/Makefile.am b/tests/dtls/Makefile.am
-index 8f56408..6c8f411 100644
---- a/tests/dtls/Makefile.am
-+++ b/tests/dtls/Makefile.am
-@@ -30,6 +30,7 @@ AM_CPPFLAGS = \
- 	-I$(top_srcdir)/extra/includes	\
- 	-I$(top_builddir)/extra/includes	\
- 	-I$(top_srcdir)/lib			\
-+	-I$(top_srcdir)/tests			\
- 	-I$(top_srcdir)/doc/examples
- 
- AM_LDFLAGS = -no-install
-diff --git a/tests/dtls/dtls-stress.c b/tests/dtls/dtls-stress.c
-index c9493af..01e5eca 100644
---- a/tests/dtls/dtls-stress.c
-+++ b/tests/dtls/dtls-stress.c
-@@ -101,6 +101,7 @@
- #include <errno.h>
- #include <poll.h>
- #include <time.h>
-+#include <assert.h>
- #include <sys/wait.h>
- 
- #if _POSIX_TIMERS && (_POSIX_TIMERS - 200112L) >= 0
-@@ -232,56 +233,7 @@ static const char *filter_names_full[12]
- 	"SFinished"
- };
- 
--static const unsigned char PUBKEY[] =
--    "-----BEGIN PGP PUBLIC KEY BLOCK-----\n"
--    "\n"
--    "mI0ETz0XRAEEAKXSU/tg2yGvoKf/r1pdzj7dnfPHeS+BRiT34763uUhibAbTgMkp\n"
--    "v44OlBPiAaZ54uuXVkz8e4pgvrBgQwIRtNp3xPaWF1CfC4F+V4LdZV8l8IG+AfES\n"
--    "K0GbfUS4q8vjnPJ0TyxnXE2KtbcRdzZzWBshJ8KChKwbH2vvrMrlmEeZABEBAAG0\n"
--    "CHRlc3Qga2V5iLgEEwECACIFAk89F0QCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4B\n"
--    "AheAAAoJEMNjhmkfkLY9J/YD+wYZ2BD/0/c5gkkDP2NlVvrLGyFmEwQcR7DcaQYB\n"
--    "P3/Teq2gnscZ5Xm/z1qgGEpwmaVfVHY8mfEj8bYI8jAu0v1C1jCtJPUTmxf9tmkZ\n"
--    "QYFNR8T+F5Xae2XseOH70lSN/AEiW02BEBFlGBx0a3T30muFfqi/KawaE7KKn2e4\n"
--    "uNWvuI0ETz0XRAEEAKgZExsb7Lf9P3DmwJSvNVdkGVny7wr4/M1s0CDX20NkO7Y1\n"
--    "Ao9g+qFo5MlCOEuzjVaEYmM+rro7qyxmDKsaNIzZF1VN5UeYgPFyLcBK7C+QwUqw\n"
--    "1PUl/w4dFq8neQyqIPUVGRwQPlwpkkabRPNT3t/7KgDJvYzV9uu+cXCyfqErABEB\n"
--    "AAGInwQYAQIACQUCTz0XRAIbDAAKCRDDY4ZpH5C2PTBtBACVsR6l4HtuzQb5WFQt\n"
--    "sD/lQEk6BEY9aVfK957Oj+A4alGEGObToqVJFo/nq+P7aWExIXucJQRL8lYnC7u+\n"
--    "GjPVCun5TYzKMiryxHPkQr9NBx4hh8JjkDCc8nAgI3il49uPYkmsv70CgqJFFtT8\n"
--    "NfM+8fS537I+XA+hfjt20NUFIA==\n"
--    "=oD3a\n" "-----END PGP PUBLIC KEY BLOCK-----\n";
--
--static const unsigned char PRIVKEY[] =
--    "-----BEGIN PGP PRIVATE KEY BLOCK-----\n"
--    "\n"
--    "lQHYBE89F0QBBACl0lP7YNshr6Cn/69aXc4+3Z3zx3kvgUYk9+O+t7lIYmwG04DJ\n"
--    "Kb+ODpQT4gGmeeLrl1ZM/HuKYL6wYEMCEbTad8T2lhdQnwuBfleC3WVfJfCBvgHx\n"
--    "EitBm31EuKvL45zydE8sZ1xNirW3EXc2c1gbISfCgoSsGx9r76zK5ZhHmQARAQAB\n"
--    "AAP6A6VhRVi22MHE1YzQrTr8yvMSgwayynGcOjndHxdpEodferLx1Pp/BL+bT+ib\n"
--    "Qq7RZ363Xg/7I2rHJpenQYdkI5SI4KrXIV57p8G+isyTtsxU38SY84WoB5os8sfT\n"
--    "YhxG+edoTfDzXkRSWFB8EUjRaLa2b//nvLpxNRyqDSzzUxECAMtEnL5H/8gHbpZf\n"
--    "D98TSJVxdAl9rBAQaVMgrFgcU/IlmxCyVEh9eh/P261tefgOnyVcGFYHxdZvJ3td\n"
--    "miM+DNUCANDW1S9t7IiqflDpQIS2wGTZ/rLKPoE1F3285EaYAd0FQUq0O4/Nu31D\n"
--    "5pz/S7D+PfXn9oEZH3Dvl3EVIDyq4bUB+QEzFc3BsH2uueD3g42RoBfMGl6m3LI9\n"
--    "yWOnrUmIW+h9Fu8W9mcU6y82Q1G7OPIxA1me/Qtzo20lGQa8jAyzLhuit7QIdGVz\n"
--    "dCBrZXmIuAQTAQIAIgUCTz0XRAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AA\n"
--    "CgkQw2OGaR+Qtj0n9gP7BhnYEP/T9zmCSQM/Y2VW+ssbIWYTBBxHsNxpBgE/f9N6\n"
--    "raCexxnleb/PWqAYSnCZpV9UdjyZ8SPxtgjyMC7S/ULWMK0k9RObF/22aRlBgU1H\n"
--    "xP4Xldp7Zex44fvSVI38ASJbTYEQEWUYHHRrdPfSa4V+qL8prBoTsoqfZ7i41a+d\n"
--    "AdgETz0XRAEEAKgZExsb7Lf9P3DmwJSvNVdkGVny7wr4/M1s0CDX20NkO7Y1Ao9g\n"
--    "+qFo5MlCOEuzjVaEYmM+rro7qyxmDKsaNIzZF1VN5UeYgPFyLcBK7C+QwUqw1PUl\n"
--    "/w4dFq8neQyqIPUVGRwQPlwpkkabRPNT3t/7KgDJvYzV9uu+cXCyfqErABEBAAEA\n"
--    "A/4wX+brqkGZQTv8lateHn3PRHM3O34nPjgiNeo/SV9EKZg1e1PdRx9ZTAJrGK9y\n"
--    "uZ03BKn7vZIy7fD4ufVzV/s/BaypVmvwjZud8fdMgsMQAJYtoMhozbOtUelCFpja\n"
--    "I1xAbDBx1PAAbS8Sh022/0jvOGnZhvkgZMG90z7AEANUYQIAwzywU087TcJk8Bzd\n"
--    "37JGWyE4f3iYFGA+r8BoIOrxvvgfUHKxdhG0gaT8SDeRAwNY6D43dCBZkG7Uel1F\n"
--    "x9MlLQIA3Goaz58hEN0fdm4TM7A8crtMB+f8/h87EneBgMl+Yj/3sklhyahR6Itm\n"
--    "lGuAAGTAOmD7i8OmS/a1ac5MtHAGtwH6A0B5GjaL8VnLQo4vFnuR7JuCQaLqGadV\n"
--    "mBmKxVHElduLf/VauBQPD5KZA+egpg+laJ4JLVXMmKIZGqRzopcIWZnKiJ8EGAEC\n"
--    "AAkFAk89F0QCGwwACgkQw2OGaR+Qtj0wbQQAlbEepeB7bs0G+VhULbA/5UBJOgRG\n"
--    "PWlXyveezo/gOGpRhBjm06KlSRaP56vj+2lhMSF7nCUES/JWJwu7vhoz1Qrp+U2M\n"
--    "yjIq8sRz5EK/TQceIYfCY5AwnPJwICN4pePbj2JJrL+9AoKiRRbU/DXzPvH0ud+y\n"
--    "PlwPoX47dtDVBSA=\n" "=EVlv\n" "-----END PGP PRIVATE KEY BLOCK-----\n";
-+#include "cert-common.h"
- 
- // }}}
- 
-@@ -736,13 +688,10 @@ static void await(int fd, int timeout)
- 
- static void cred_init(void)
- {
--	gnutls_datum_t key = { (unsigned char *)PUBKEY, sizeof(PUBKEY) };
--	gnutls_datum_t sec = { (unsigned char *)PRIVKEY, sizeof(PRIVKEY) };
-+	assert(gnutls_certificate_allocate_credentials(&cred)>=0);
- 
--	gnutls_certificate_allocate_credentials(&cred);
--
--	gnutls_certificate_set_openpgp_key_mem(cred, &key, &sec,
--					       GNUTLS_OPENPGP_FMT_BASE64);
-+	gnutls_certificate_set_x509_key_mem(cred, &cli_ca3_cert, &cli_ca3_key,
-+					       GNUTLS_X509_FMT_PEM);
- }
- 
- static void session_init(int sock, int server)
-@@ -751,7 +700,7 @@ static void session_init(int sock, int server)
- 		    GNUTLS_DATAGRAM | (server ? GNUTLS_SERVER : GNUTLS_CLIENT)
- 		    | GNUTLS_NONBLOCK * nonblock);
- 	gnutls_priority_set_direct(session,
--				   "+CTYPE-OPENPGP:+CIPHER-ALL:+MAC-ALL:+ECDHE-RSA:+ANON-ECDH",
-+				   "NORMAL:+ECDHE-RSA:+ANON-ECDH",
- 				   0);
- 	gnutls_transport_set_int(session, sock);
- 
-@@ -763,11 +712,11 @@ static void session_init(int sock, int server)
- 		}
- 	} else if (server) {
- 		gnutls_anon_server_credentials_t acred;
--		gnutls_anon_allocate_server_credentials(&acred);
-+		assert(gnutls_anon_allocate_server_credentials(&acred)>=0);
- 		gnutls_credentials_set(session, GNUTLS_CRD_ANON, acred);
- 	} else {
- 		gnutls_anon_client_credentials_t acred;
--		gnutls_anon_allocate_client_credentials(&acred);
-+		assert(gnutls_anon_allocate_client_credentials(&acred)>=0);
- 		gnutls_credentials_set(session, GNUTLS_CRD_ANON, acred);
- 	}
- 
--- 
-2.10.2
-

diff --git a/net-libs/gnutls/gnutls-3.5.11.ebuild b/net-libs/gnutls/gnutls-3.5.11.ebuild
deleted file mode 100644
index 21820c477a1..00000000000
--- a/net-libs/gnutls/gnutls-3.5.11.ebuild
+++ /dev/null
@@ -1,138 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit libtool ltprune multilib-minimal versionator
-
-DESCRIPTION="A TLS 1.2 and SSL 3.0 implementation for the GNU project"
-HOMEPAGE="http://www.gnutls.org/"
-SRC_URI="mirror://gnupg/gnutls/v$(get_version_component_range 1-2)/${P}.tar.xz"
-
-LICENSE="GPL-3 LGPL-2.1"
-SLOT="0/30" # libgnutls.so number
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE_LINGUAS=" en cs de fi fr it ms nl pl sv uk vi zh_CN"
-IUSE="+cxx dane doc examples guile +idn nls openpgp +openssl pkcs11 sslv2 +sslv3 seccomp static-libs test test-full +tls-heartbeat tools valgrind zlib ${IUSE_LINGUAS// / linguas_}"
-
-REQUIRED_USE="
-	test-full? ( guile pkcs11 openpgp openssl idn seccomp tools zlib )"
-
-# NOTICE: sys-devel/autogen is required at runtime as we
-# use system libopts
-RDEPEND=">=dev-libs/libtasn1-4.9:=[${MULTILIB_USEDEP}]
-	dev-libs/libunistring:=[${MULTILIB_USEDEP}]
-	>=dev-libs/nettle-3.1:=[gmp,${MULTILIB_USEDEP}]
-	>=dev-libs/gmp-5.1.3-r1:=[${MULTILIB_USEDEP}]
-	tools? ( sys-devel/autogen )
-	dane? ( >=net-dns/unbound-1.4.20[${MULTILIB_USEDEP}] )
-	guile? ( >=dev-scheme/guile-1.8:=[networking] )
-	nls? ( >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] )
-	pkcs11? ( >=app-crypt/p11-kit-0.23.1[${MULTILIB_USEDEP}] )
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
-	idn? ( >=net-dns/libidn2-0.16-r1[${MULTILIB_USEDEP}] )
-	abi_x86_32? (
-		!<=app-emulation/emul-linux-x86-baselibs-20140508
-		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
-	)"
-DEPEND="${RDEPEND}
-	>=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
-	doc? ( dev-util/gtk-doc )
-	nls? ( sys-devel/gettext )
-	valgrind? ( dev-util/valgrind )
-	test? (
-		seccomp? ( sys-libs/libseccomp )
-	)
-	test-full? (
-		guile? ( >=dev-scheme/guile-2 )
-		app-crypt/dieharder
-		app-misc/datefudge
-		dev-libs/softhsm:2[-bindist]
-		net-dialup/ppp
-		net-misc/socat
-	)"
-
-DOCS=(
-	README.md
-	doc/certtool.cfg
-)
-
-HTML_DOCS=()
-
-PATCHES=(
-	"${FILESDIR}/${P}-tests.patch"
-)
-
-pkg_setup() {
-	# bug#520818
-	export TZ=UTC
-
-	use doc && HTML_DOCS+=(
-		doc/gnutls.html
-	)
-}
-
-src_prepare() {
-	default
-
-	# force regeneration of autogen-ed files
-	local file
-	for file in $(grep -l AutoGen-ed src/*.c) ; do
-		rm src/$(basename ${file} .c).{c,h} || die
-	done
-
-	# Use sane .so versioning on FreeBSD.
-	elibtoolize
-}
-
-multilib_src_configure() {
-	LINGUAS="${LINGUAS//en/en@boldquot en@quot}"
-
-	# remove magic of library detection
-	# bug#438222
-	local libconf=($("${S}/configure" --help | grep -- '--without-.*-prefix' | sed -e 's/^ *\([^ ]*\) .*/\1/g'))
-
-	# TPM needs to be tested before being enabled
-	# hardware-accell is disabled on OSX because the asm files force
-	#   GNU-stack (as doesn't support that) and when that's removed ld
-	#   complains about duplicate symbols
-	ECONF_SOURCE=${S} econf \
-		--without-included-libtasn1 \
-		$(use_enable cxx) \
-		$(use_enable dane libdane) \
-		$(multilib_native_enable manpages) \
-		$(multilib_native_use_enable tools) \
-		$(multilib_native_use_enable doc) \
-		$(multilib_native_use_enable doc gtk-doc) \
-		$(multilib_native_use_enable guile) \
-		$(multilib_native_use_enable test tests) \
-		$(multilib_native_use_enable seccomp seccomp-tests) \
-		$(multilib_native_use_enable valgrind valgrind-tests) \
-		$(multilib_native_use_enable test-full full-test-suite) \
-		$(use_enable nls) \
-		$(use_enable openpgp openpgp-authentication) \
-		$(use_enable openssl openssl-compatibility) \
-		$(use_enable openssl openssl-compatibility) \
-		$(use_enable tls-heartbeat heartbeat-support) \
-		$(use_enable sslv2 ssl2-support) \
-		$(use_enable sslv3 ssl3-support) \
-		$(use_enable static-libs static) \
-		$(use_with pkcs11 p11-kit) \
-		$(use_with zlib) \
-		$(use_with idn) \
-		$(use_with idn libidn2) \
-		--without-tpm \
-		--with-unbound-root-key-file="${EPREFIX}/etc/dnssec/root-anchors.txt" \
-		"${libconf[@]}" \
-		$([[ ${CHOST} == *-darwin* ]] && echo --disable-hardware-acceleration)
-}
-
-multilib_src_install_all() {
-	einstalldocs
-	prune_libtool_files --all
-
-	if use examples; then
-		docinto examples
-		dodoc doc/examples/*.c
-	fi
-}


^ permalink raw reply related	[flat|nested] 13+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: net-libs/gnutls/, net-libs/gnutls/files/
@ 2017-09-09 19:34 Alon Bar-Lev
  0 siblings, 0 replies; 13+ messages in thread
From: Alon Bar-Lev @ 2017-09-09 19:34 UTC (permalink / raw
  To: gentoo-commits

commit:     0d72ce7cbd61355efa88da7369d37b1849ec2f4a
Author:     Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
AuthorDate: Sat Sep  9 19:31:23 2017 +0000
Commit:     Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
CommitDate: Sat Sep  9 19:34:22 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0d72ce7c

net-libs/gnutls: cleanup 3.3 series

Gentoo-Bug: 612340

Package-Manager: Portage-2.3.6, Repoman-2.3.1

 net-libs/gnutls/Manifest                           |   3 -
 ...ow-installing-man-1-even-with-disable-doc.patch |  94 -----------
 net-libs/gnutls/gnutls-3.3.26.ebuild               | 181 ---------------------
 net-libs/gnutls/gnutls-3.3.27.ebuild               | 181 ---------------------
 net-libs/gnutls/gnutls-3.3.28.ebuild               | 181 ---------------------
 net-libs/gnutls/metadata.xml                       |   5 +-
 6 files changed, 1 insertion(+), 644 deletions(-)

diff --git a/net-libs/gnutls/Manifest b/net-libs/gnutls/Manifest
index 9fc72d07f4d..c0a68df90fb 100644
--- a/net-libs/gnutls/Manifest
+++ b/net-libs/gnutls/Manifest
@@ -1,6 +1,3 @@
-DIST gnutls-3.3.26.tar.xz 6361068 SHA256 6a7d882b6b581d684883fde195abf930dab37dfbe6aaea88ab164252bec720d9 SHA512 41259f760f5ed9b87d4203de567efb1a2087e01a025f2ea0f14167f146ecd640fbddeab390fbae6acc262507229894774db883d0892d448068ee73abb110738f WHIRLPOOL afca5aabebf36064847933662736c7713b837375db2c91c416d43a980407d912edf8fb64f53615c0bed770f46a9d2e0a3eb309f6a66281f5377e50a02863c8e7
-DIST gnutls-3.3.27.tar.xz 6364824 SHA256 8dfda16c158ef5c134010d51d1a91d02aa5d43b8cb711b1572650a7ffb56b17f SHA512 2cc5706b502a500375f706d1a7321af4c55554d3052f35cf24cbb288f9568ce891999d0f401119d04f594e9bc79e2e68d3c008648604032222ad2a6d8224bbdf WHIRLPOOL 508ac8939e471155bd5d49510111fca4eb5b5362f0bae8ec16f98eb16aeaa44ff06448fd7793398e56f9713b344b0b27a32e66c24cbdc062d33bc74dd6b83f57
-DIST gnutls-3.3.28.tar.xz 6369560 SHA256 608f63441abc209c5bd5f61e35f2b6128c22e06fa2ad6248a08d8a643feeb807 SHA512 c88c8dca22446f1eda0bd06b57402a9d67c866b87836963cba66ff3209c0781c3106f8d4355c50ed15bd11b3208c029652cd7f00450de68f01651aad7c8e562f WHIRLPOOL cb6c6a796a0c75f0b70bce617ddcde2c34c21626d6ac351cb9c6df585e84a63d4dbe15d0b70a5ad901be4ff914f83f8a7fbb477624ca3e16e25b81c8afbc3f4e
 DIST gnutls-3.5.12.tar.xz 7212652 SHA256 63cb39a5eaa029381df2e49a74cfb7be89fc4a592445191818ffe1e66bde57cb SHA512 8fec23e7e494a2e15e0f938115cae1ba3fee952d634db387f983b01096f68ca4313b23bc4c439d3c7fdd07c861eac4913a7c2343c8704961588ae195886ec90c WHIRLPOOL f7309aa89e75ed75371893ba4e4ac89f9f8bc7a61ef10ae4c4986aec290ae2dc5108cd3cc6463af6700ddab3754c6fcbd10ac95d3c40c4549cfdf6b3289f8a72
 DIST gnutls-3.5.13.tar.xz 7226468 SHA256 79f5480ad198dad5bc78e075f4a40c4a315a1b2072666919d2d05a08aec13096 SHA512 e98f23a589042f879936c3f8b474535e695fb7dd68a9e81323668c013241f765c2d3af6c6a072ecf867acc1e551ec46e15bb842144d3a06bdd5d2f4fc3d828a7 WHIRLPOOL 89439e7adba634698642a247c418569c0ea6ca6155bfb5dce17c8ed69d2506a37d9ad793122aaaec92adffefa75cb23a857c49ef722c5cf506700fe0c34b6028
 DIST gnutls-3.5.14.tar.xz 7228200 SHA256 4aa12dec92f42a0434df794aca3d02f6f2a35b47b48c01252de65f355c051bda SHA512 c55384bdf835c0f7715bfb10b7fa0ac30d26d53ffa5f32af78844cf27985407eed034af77413fb2e94e3a0c0a5fb0597d66f5dbbbe72e5e0658bfeeafa6f7829 WHIRLPOOL c6ae68898983184d00dde78a38a3398b677541ae6316a25544668f183423da1f6c3c7f3709f896f6c135e6907d832d6980f102d77b40758f9cf81c25f68cb086

diff --git a/net-libs/gnutls/files/gnutls-3.3.19-build-allow-installing-man-1-even-with-disable-doc.patch b/net-libs/gnutls/files/gnutls-3.3.19-build-allow-installing-man-1-even-with-disable-doc.patch
deleted file mode 100644
index dda8bfced64..00000000000
--- a/net-libs/gnutls/files/gnutls-3.3.19-build-allow-installing-man-1-even-with-disable-doc.patch
+++ /dev/null
@@ -1,94 +0,0 @@
-From 0f230c6375fd3680837d98f20ee3862e9041af3d Mon Sep 17 00:00:00 2001
-From: Alon Bar-Lev <alon.barlev@gmail.com>
-Date: Fri, 18 Dec 2015 12:14:08 +0200
-Subject: [PATCH] build: allow installing man(1) even with --disable-doc
-
-Currently these man pages are installed only if --enable-doc
-is provided, while these are not actually docs, do not require any
-special dependency, nor consume large space.
-
-This adds --enable-manpages to enable/disable manpages installation, and
-install the man(1) regardless of --disable-doc.
-
-Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
-Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-
----
- Makefile.am              |  3 +++
- configure.ac             | 10 ++++++++++
- doc/Makefile.am          |  2 +-
- doc/manpages/Makefile.am |  2 ++
- 5 files changed, 17 insertions(+), 1 deletion(-)
-
-diff --git a/Makefile.am b/Makefile.am
-index d446711..6e19f26 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -28,6 +28,9 @@ SUBDIRS += libdane
- endif
- 
- SUBDIRS += po src
-+if ENABLE_MANPAGES
-+SUBDIRS += doc/manpages
-+endif
- if ENABLE_DOC
- SUBDIRS += doc
- endif
-diff --git a/configure.ac b/configure.ac
-index c7a83b8..d161c05 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -152,6 +152,15 @@ AC_ARG_ENABLE(doc,
-     enable_doc=$enableval, enable_doc=yes)
- AM_CONDITIONAL(ENABLE_DOC, test "$enable_doc" != "no")
- 
-+AC_ARG_ENABLE(manpages,
-+  AS_HELP_STRING([--enable-manpages], [install manpages even if disable-doc is given]),
-+    enable_manpages=$enableval,enable_manpages=auto)
-+
-+if test "${enable_manpages}" = "auto";then
-+  enable_manpages="${enable_doc}"
-+fi
-+AM_CONDITIONAL(ENABLE_MANPAGES, test "$enable_manpages" != "no")
-+
- AC_ARG_ENABLE(tests,
-   AS_HELP_STRING([--disable-tests], [don't compile or run any tests]),
-     enable_tests=$enableval, enable_tests=yes)
-@@ -838,6 +847,7 @@ AC_MSG_NOTICE([summary of build options:
-   Local libtasn1:       ${included_libtasn1}
-   Use nettle-mini:      ${mini_nettle}
-   nettle-version:       ${nettle_version}
-+  Documentation:        ${enable_doc} (manpages: ${enable_manpages})
- ])
- 
- AC_MSG_NOTICE([External hardware support:
-diff --git a/doc/Makefile.am b/doc/Makefile.am
-index d9b4022..492a74a 100644
---- a/doc/Makefile.am
-+++ b/doc/Makefile.am
-@@ -24,7 +24,7 @@ EXTRA_DIST = TODO certtool.cfg gnutls.pdf gnutls.html	\
- 	gnutls-guile.pdf gnutls-guile.html stamp_enums stamp_functions \
- 	doc.mk
- 
--SUBDIRS = examples cyclo scripts manpages credentials latex
-+SUBDIRS = examples cyclo scripts credentials latex
- if ENABLE_GTK_DOC
- SUBDIRS += reference
- endif
-diff --git a/doc/manpages/Makefile.am b/doc/manpages/Makefile.am
-index 6d16787..2840197 100644
---- a/doc/manpages/Makefile.am
-+++ b/doc/manpages/Makefile.am
-@@ -1053,7 +1053,9 @@ APIMANS += gnutls_x509_trust_list_verify_crt.3
- APIMANS += gnutls_x509_trust_list_verify_crt2.3
- APIMANS += gnutls_x509_trust_list_verify_named_crt.3
- 
-+if ENABLE_DOC
- dist_man_MANS += $(APIMANS)
-+endif
- 
- $(APIMANS): stamp_mans
- 
--- 
-2.4.10
-

diff --git a/net-libs/gnutls/gnutls-3.3.26.ebuild b/net-libs/gnutls/gnutls-3.3.26.ebuild
deleted file mode 100644
index cd9ee855600..00000000000
--- a/net-libs/gnutls/gnutls-3.3.26.ebuild
+++ /dev/null
@@ -1,181 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit autotools epunt-cxx libtool ltprune multilib-minimal versionator
-
-DESCRIPTION="A TLS 1.2 and SSL 3.0 implementation for the GNU project"
-HOMEPAGE="http://www.gnutls.org/"
-SRC_URI="mirror://gnupg/gnutls/v$(get_version_component_range 1-2)/${P}.tar.xz"
-
-# LGPL-3 for libgnutls library and GPL-3 for libgnutls-extra library.
-# soon to be relicensed as LGPL-2.1 unless heartbeat extension enabled.
-LICENSE="GPL-3 LGPL-3"
-SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x86-solaris"
-IUSE_LINGUAS=" en cs de fi fr it ms nl pl sv uk vi zh_CN"
-IUSE="+cxx +crywrap dane doc examples guile nls +openssl pkcs11 static-libs test zlib ${IUSE_LINGUAS// / linguas_}"
-# heartbeat support is not disabled until re-licensing happens fullyf
-
-# NOTICE: sys-devel/autogen is required at runtime as we
-# use system libopts
-RDEPEND=">=dev-libs/libtasn1-4.3:=[${MULTILIB_USEDEP}]
-	>=dev-libs/nettle-2.7:=[gmp,${MULTILIB_USEDEP}]
-	>=dev-libs/gmp-5.1.3-r1:=[${MULTILIB_USEDEP}]
-	sys-devel/autogen
-	crywrap? ( net-dns/libidn )
-	dane? ( >=net-dns/unbound-1.4.20[${MULTILIB_USEDEP}] )
-	guile? ( >=dev-scheme/guile-1.8:=[networking] )
-	nls? ( >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] )
-	pkcs11? ( >=app-crypt/p11-kit-0.20.7[${MULTILIB_USEDEP}] )
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
-	abi_x86_32? (
-		!<=app-emulation/emul-linux-x86-baselibs-20140508
-		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
-	)"
-DEPEND="${RDEPEND}
-	>=sys-devel/automake-1.11.6
-	>=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
-	doc? (
-		sys-apps/texinfo
-		dev-util/gtk-doc
-	)
-	nls? ( sys-devel/gettext )
-	test? ( app-misc/datefudge )"
-
-DOCS=( AUTHORS ChangeLog NEWS README THANKS doc/TODO )
-
-PATCHES=(
-	"${FILESDIR}/${PN}-3.3.19-build-allow-installing-man-1-even-with-disable-doc.patch"
-)
-
-pkg_setup() {
-	# bug#520818
-	export TZ=UTC
-}
-
-src_prepare() {
-	default
-
-	sed -i \
-		-e 's/imagesdir = $(infodir)/imagesdir = $(htmldir)/' \
-		doc/Makefile.am || die
-
-	# force regeneration of autogen-ed files
-	local file
-	for file in $(grep -l AutoGen-ed src/*.c) ; do
-		rm src/$(basename ${file} .c).{c,h} || die
-	done
-
-	# force regeneration of makeinfo files
-	# have no idea why on some system these files are not
-	# accepted as-is, see bug#520818
-	for file in $(grep -l "produced by makeinfo" doc/*.info) ; do
-		rm "${file}" || die
-	done
-
-	eautoreconf
-
-	# Use sane .so versioning on FreeBSD.
-	elibtoolize
-
-	# bug 497472
-	use cxx || epunt_cxx
-}
-
-multilib_src_configure() {
-	LINGUAS="${LINGUAS//en/en@boldquot en@quot}"
-
-	# remove magic of library detection
-	# bug#438222
-	libconf=($("${S}/configure" --help | grep -- '--without-.*-prefix' | sed -e 's/^ *\([^ ]*\) .*/\1/g'))
-
-	# TPM needs to be tested before being enabled
-	# hardware-accell is disabled on OSX because the asm files force
-	#   GNU-stack (as doesn't support that) and when that's removed ld
-	#   complains about duplicate symbols
-	ECONF_SOURCE=${S} \
-	econf \
-		--disable-valgrind-tests \
-		--without-included-libtasn1 \
-		--enable-heartbeat-support \
-		$(use_enable cxx) \
-		$(use_enable dane libdane) \
-		$(multilib_native_enable manpages) \
-		$(multilib_native_use_enable doc) \
-		$(multilib_native_use_enable doc gtk-doc) \
-		$(multilib_native_use_enable guile) \
-		$(multilib_native_use_enable crywrap) \
-		$(use_enable nls) \
-		$(use_enable openssl openssl-compatibility) \
-		$(use_enable static-libs static) \
-		$(use_with pkcs11 p11-kit) \
-		$(use_with zlib) \
-		--without-tpm \
-		--with-unbound-root-key-file=/etc/dnssec/root-anchors.txt \
-		"${libconf[@]}" \
-		$([[ ${CHOST} == *-darwin* ]] && echo --disable-hardware-acceleration)
-
-	if multilib_is_native_abi; then
-		ln -s "${S}"/doc/reference/html doc/reference/html || die
-	fi
-}
-
-multilib_src_compile() {
-	if multilib_is_native_abi; then
-		default
-
-		# symlink certtool for use in other ABIs
-		if use test; then
-			ln -s "${BUILD_DIR}"/src "${T}"/native-tools || die
-		fi
-	else
-		emake -C gl
-		emake -C lib
-		emake -C extra
-		use dane && emake -C libdane
-	fi
-}
-
-multilib_src_test() {
-	if multilib_is_native_abi; then
-		# parallel testing often fails
-		emake -j1 check
-	else
-		# use native ABI tools
-		ln -s "${T}"/native-tools/{certtool,gnutls-{serv,cli}} \
-			"${BUILD_DIR}"/src/ || die
-
-		emake -C gl -j1 check
-		emake -C tests -j1 check
-	fi
-}
-
-multilib_src_install() {
-	if multilib_is_native_abi; then
-		emake DESTDIR="${D}" install
-	else
-		emake -C lib DESTDIR="${D}" install
-		emake -C extra DESTDIR="${D}" install
-		use dane && emake -C libdane DESTDIR="${D}" install
-	fi
-}
-
-multilib_src_install_all() {
-	einstalldocs
-	prune_libtool_files --all
-
-	dodoc doc/certtool.cfg
-
-	if use doc; then
-		dohtml doc/gnutls.html
-	else
-		rm -fr "${ED}/usr/share/doc/${PF}/html"
-	fi
-
-	if use examples; then
-		docinto examples
-		dodoc doc/examples/*.c
-	fi
-}

diff --git a/net-libs/gnutls/gnutls-3.3.27.ebuild b/net-libs/gnutls/gnutls-3.3.27.ebuild
deleted file mode 100644
index 434bd0c5af9..00000000000
--- a/net-libs/gnutls/gnutls-3.3.27.ebuild
+++ /dev/null
@@ -1,181 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit autotools epunt-cxx libtool ltprune multilib-minimal versionator
-
-DESCRIPTION="A TLS 1.2 and SSL 3.0 implementation for the GNU project"
-HOMEPAGE="http://www.gnutls.org/"
-SRC_URI="mirror://gnupg/gnutls/v$(get_version_component_range 1-2)/${P}.tar.xz"
-
-# LGPL-3 for libgnutls library and GPL-3 for libgnutls-extra library.
-# soon to be relicensed as LGPL-2.1 unless heartbeat extension enabled.
-LICENSE="GPL-3 LGPL-3"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x86-solaris"
-IUSE_LINGUAS=" en cs de fi fr it ms nl pl sv uk vi zh_CN"
-IUSE="+cxx +crywrap dane doc examples guile nls +openssl pkcs11 static-libs test zlib ${IUSE_LINGUAS// / linguas_}"
-# heartbeat support is not disabled until re-licensing happens fullyf
-
-# NOTICE: sys-devel/autogen is required at runtime as we
-# use system libopts
-RDEPEND=">=dev-libs/libtasn1-4.3:=[${MULTILIB_USEDEP}]
-	>=dev-libs/nettle-2.7:=[gmp,${MULTILIB_USEDEP}]
-	>=dev-libs/gmp-5.1.3-r1:=[${MULTILIB_USEDEP}]
-	sys-devel/autogen
-	crywrap? ( net-dns/libidn )
-	dane? ( >=net-dns/unbound-1.4.20[${MULTILIB_USEDEP}] )
-	guile? ( >=dev-scheme/guile-1.8:=[networking] )
-	nls? ( >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] )
-	pkcs11? ( >=app-crypt/p11-kit-0.20.7[${MULTILIB_USEDEP}] )
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
-	abi_x86_32? (
-		!<=app-emulation/emul-linux-x86-baselibs-20140508
-		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
-	)"
-DEPEND="${RDEPEND}
-	>=sys-devel/automake-1.11.6
-	>=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
-	doc? (
-		sys-apps/texinfo
-		dev-util/gtk-doc
-	)
-	nls? ( sys-devel/gettext )
-	test? ( app-misc/datefudge )"
-
-DOCS=( AUTHORS ChangeLog NEWS README THANKS doc/TODO )
-
-PATCHES=(
-	"${FILESDIR}/${PN}-3.3.19-build-allow-installing-man-1-even-with-disable-doc.patch"
-)
-
-pkg_setup() {
-	# bug#520818
-	export TZ=UTC
-}
-
-src_prepare() {
-	default
-
-	sed -i \
-		-e 's/imagesdir = $(infodir)/imagesdir = $(htmldir)/' \
-		doc/Makefile.am || die
-
-	# force regeneration of autogen-ed files
-	local file
-	for file in $(grep -l AutoGen-ed src/*.c) ; do
-		rm src/$(basename ${file} .c).{c,h} || die
-	done
-
-	# force regeneration of makeinfo files
-	# have no idea why on some system these files are not
-	# accepted as-is, see bug#520818
-	for file in $(grep -l "produced by makeinfo" doc/*.info) ; do
-		rm "${file}" || die
-	done
-
-	eautoreconf
-
-	# Use sane .so versioning on FreeBSD.
-	elibtoolize
-
-	# bug 497472
-	use cxx || epunt_cxx
-}
-
-multilib_src_configure() {
-	LINGUAS="${LINGUAS//en/en@boldquot en@quot}"
-
-	# remove magic of library detection
-	# bug#438222
-	libconf=($("${S}/configure" --help | grep -- '--without-.*-prefix' | sed -e 's/^ *\([^ ]*\) .*/\1/g'))
-
-	# TPM needs to be tested before being enabled
-	# hardware-accell is disabled on OSX because the asm files force
-	#   GNU-stack (as doesn't support that) and when that's removed ld
-	#   complains about duplicate symbols
-	ECONF_SOURCE=${S} \
-	econf \
-		--disable-valgrind-tests \
-		--without-included-libtasn1 \
-		--enable-heartbeat-support \
-		$(use_enable cxx) \
-		$(use_enable dane libdane) \
-		$(multilib_native_enable manpages) \
-		$(multilib_native_use_enable doc) \
-		$(multilib_native_use_enable doc gtk-doc) \
-		$(multilib_native_use_enable guile) \
-		$(multilib_native_use_enable crywrap) \
-		$(use_enable nls) \
-		$(use_enable openssl openssl-compatibility) \
-		$(use_enable static-libs static) \
-		$(use_with pkcs11 p11-kit) \
-		$(use_with zlib) \
-		--without-tpm \
-		--with-unbound-root-key-file=/etc/dnssec/root-anchors.txt \
-		"${libconf[@]}" \
-		$([[ ${CHOST} == *-darwin* ]] && echo --disable-hardware-acceleration)
-
-	if multilib_is_native_abi; then
-		ln -s "${S}"/doc/reference/html doc/reference/html || die
-	fi
-}
-
-multilib_src_compile() {
-	if multilib_is_native_abi; then
-		default
-
-		# symlink certtool for use in other ABIs
-		if use test; then
-			ln -s "${BUILD_DIR}"/src "${T}"/native-tools || die
-		fi
-	else
-		emake -C gl
-		emake -C lib
-		emake -C extra
-		use dane && emake -C libdane
-	fi
-}
-
-multilib_src_test() {
-	if multilib_is_native_abi; then
-		# parallel testing often fails
-		emake -j1 check
-	else
-		# use native ABI tools
-		ln -s "${T}"/native-tools/{certtool,gnutls-{serv,cli}} \
-			"${BUILD_DIR}"/src/ || die
-
-		emake -C gl -j1 check
-		emake -C tests -j1 check
-	fi
-}
-
-multilib_src_install() {
-	if multilib_is_native_abi; then
-		emake DESTDIR="${D}" install
-	else
-		emake -C lib DESTDIR="${D}" install
-		emake -C extra DESTDIR="${D}" install
-		use dane && emake -C libdane DESTDIR="${D}" install
-	fi
-}
-
-multilib_src_install_all() {
-	einstalldocs
-	prune_libtool_files --all
-
-	dodoc doc/certtool.cfg
-
-	if use doc; then
-		dohtml doc/gnutls.html
-	else
-		rm -fr "${ED}/usr/share/doc/${PF}/html"
-	fi
-
-	if use examples; then
-		docinto examples
-		dodoc doc/examples/*.c
-	fi
-}

diff --git a/net-libs/gnutls/gnutls-3.3.28.ebuild b/net-libs/gnutls/gnutls-3.3.28.ebuild
deleted file mode 100644
index 434bd0c5af9..00000000000
--- a/net-libs/gnutls/gnutls-3.3.28.ebuild
+++ /dev/null
@@ -1,181 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit autotools epunt-cxx libtool ltprune multilib-minimal versionator
-
-DESCRIPTION="A TLS 1.2 and SSL 3.0 implementation for the GNU project"
-HOMEPAGE="http://www.gnutls.org/"
-SRC_URI="mirror://gnupg/gnutls/v$(get_version_component_range 1-2)/${P}.tar.xz"
-
-# LGPL-3 for libgnutls library and GPL-3 for libgnutls-extra library.
-# soon to be relicensed as LGPL-2.1 unless heartbeat extension enabled.
-LICENSE="GPL-3 LGPL-3"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x86-solaris"
-IUSE_LINGUAS=" en cs de fi fr it ms nl pl sv uk vi zh_CN"
-IUSE="+cxx +crywrap dane doc examples guile nls +openssl pkcs11 static-libs test zlib ${IUSE_LINGUAS// / linguas_}"
-# heartbeat support is not disabled until re-licensing happens fullyf
-
-# NOTICE: sys-devel/autogen is required at runtime as we
-# use system libopts
-RDEPEND=">=dev-libs/libtasn1-4.3:=[${MULTILIB_USEDEP}]
-	>=dev-libs/nettle-2.7:=[gmp,${MULTILIB_USEDEP}]
-	>=dev-libs/gmp-5.1.3-r1:=[${MULTILIB_USEDEP}]
-	sys-devel/autogen
-	crywrap? ( net-dns/libidn )
-	dane? ( >=net-dns/unbound-1.4.20[${MULTILIB_USEDEP}] )
-	guile? ( >=dev-scheme/guile-1.8:=[networking] )
-	nls? ( >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] )
-	pkcs11? ( >=app-crypt/p11-kit-0.20.7[${MULTILIB_USEDEP}] )
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
-	abi_x86_32? (
-		!<=app-emulation/emul-linux-x86-baselibs-20140508
-		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
-	)"
-DEPEND="${RDEPEND}
-	>=sys-devel/automake-1.11.6
-	>=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
-	doc? (
-		sys-apps/texinfo
-		dev-util/gtk-doc
-	)
-	nls? ( sys-devel/gettext )
-	test? ( app-misc/datefudge )"
-
-DOCS=( AUTHORS ChangeLog NEWS README THANKS doc/TODO )
-
-PATCHES=(
-	"${FILESDIR}/${PN}-3.3.19-build-allow-installing-man-1-even-with-disable-doc.patch"
-)
-
-pkg_setup() {
-	# bug#520818
-	export TZ=UTC
-}
-
-src_prepare() {
-	default
-
-	sed -i \
-		-e 's/imagesdir = $(infodir)/imagesdir = $(htmldir)/' \
-		doc/Makefile.am || die
-
-	# force regeneration of autogen-ed files
-	local file
-	for file in $(grep -l AutoGen-ed src/*.c) ; do
-		rm src/$(basename ${file} .c).{c,h} || die
-	done
-
-	# force regeneration of makeinfo files
-	# have no idea why on some system these files are not
-	# accepted as-is, see bug#520818
-	for file in $(grep -l "produced by makeinfo" doc/*.info) ; do
-		rm "${file}" || die
-	done
-
-	eautoreconf
-
-	# Use sane .so versioning on FreeBSD.
-	elibtoolize
-
-	# bug 497472
-	use cxx || epunt_cxx
-}
-
-multilib_src_configure() {
-	LINGUAS="${LINGUAS//en/en@boldquot en@quot}"
-
-	# remove magic of library detection
-	# bug#438222
-	libconf=($("${S}/configure" --help | grep -- '--without-.*-prefix' | sed -e 's/^ *\([^ ]*\) .*/\1/g'))
-
-	# TPM needs to be tested before being enabled
-	# hardware-accell is disabled on OSX because the asm files force
-	#   GNU-stack (as doesn't support that) and when that's removed ld
-	#   complains about duplicate symbols
-	ECONF_SOURCE=${S} \
-	econf \
-		--disable-valgrind-tests \
-		--without-included-libtasn1 \
-		--enable-heartbeat-support \
-		$(use_enable cxx) \
-		$(use_enable dane libdane) \
-		$(multilib_native_enable manpages) \
-		$(multilib_native_use_enable doc) \
-		$(multilib_native_use_enable doc gtk-doc) \
-		$(multilib_native_use_enable guile) \
-		$(multilib_native_use_enable crywrap) \
-		$(use_enable nls) \
-		$(use_enable openssl openssl-compatibility) \
-		$(use_enable static-libs static) \
-		$(use_with pkcs11 p11-kit) \
-		$(use_with zlib) \
-		--without-tpm \
-		--with-unbound-root-key-file=/etc/dnssec/root-anchors.txt \
-		"${libconf[@]}" \
-		$([[ ${CHOST} == *-darwin* ]] && echo --disable-hardware-acceleration)
-
-	if multilib_is_native_abi; then
-		ln -s "${S}"/doc/reference/html doc/reference/html || die
-	fi
-}
-
-multilib_src_compile() {
-	if multilib_is_native_abi; then
-		default
-
-		# symlink certtool for use in other ABIs
-		if use test; then
-			ln -s "${BUILD_DIR}"/src "${T}"/native-tools || die
-		fi
-	else
-		emake -C gl
-		emake -C lib
-		emake -C extra
-		use dane && emake -C libdane
-	fi
-}
-
-multilib_src_test() {
-	if multilib_is_native_abi; then
-		# parallel testing often fails
-		emake -j1 check
-	else
-		# use native ABI tools
-		ln -s "${T}"/native-tools/{certtool,gnutls-{serv,cli}} \
-			"${BUILD_DIR}"/src/ || die
-
-		emake -C gl -j1 check
-		emake -C tests -j1 check
-	fi
-}
-
-multilib_src_install() {
-	if multilib_is_native_abi; then
-		emake DESTDIR="${D}" install
-	else
-		emake -C lib DESTDIR="${D}" install
-		emake -C extra DESTDIR="${D}" install
-		use dane && emake -C libdane DESTDIR="${D}" install
-	fi
-}
-
-multilib_src_install_all() {
-	einstalldocs
-	prune_libtool_files --all
-
-	dodoc doc/certtool.cfg
-
-	if use doc; then
-		dohtml doc/gnutls.html
-	else
-		rm -fr "${ED}/usr/share/doc/${PF}/html"
-	fi
-
-	if use examples; then
-		docinto examples
-		dodoc doc/examples/*.c
-	fi
-}

diff --git a/net-libs/gnutls/metadata.xml b/net-libs/gnutls/metadata.xml
index 536d49f0da3..9f796b4b07f 100644
--- a/net-libs/gnutls/metadata.xml
+++ b/net-libs/gnutls/metadata.xml
@@ -6,10 +6,7 @@
     <name>Crypto</name>
   </maintainer>
   <use>
-    <flag name="crywrap" restrict="&gt;=net-libs/gnutls-3.2.10">
-      Build the crywrap TLS proxy service
-    </flag>
-    <flag name="dane" restrict="&gt;=net-libs/gnutls-3.1.3">
+    <flag name="dane">
       Build libgnutls-dane, implementing DNS-based Authentication of
       Named Entities. Requires <pkg>net-dns/unbound</pkg>
     </flag>


^ permalink raw reply related	[flat|nested] 13+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: net-libs/gnutls/, net-libs/gnutls/files/
@ 2019-01-06 19:27 Alon Bar-Lev
  0 siblings, 0 replies; 13+ messages in thread
From: Alon Bar-Lev @ 2019-01-06 19:27 UTC (permalink / raw
  To: gentoo-commits

commit:     bd171538ea6c76c689150c983ad4069b4b5a2549
Author:     Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
AuthorDate: Sun Jan  6 19:24:53 2019 +0000
Commit:     Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
CommitDate: Sun Jan  6 19:26:26 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bd171538

net-libs/gnutls: build with libidn2-2.1.0

Closes: https://bugs.gentoo.org/show_bug.cgi?id=674690
Signed-off-by: Alon Bar-Lev <alonbl <AT> gentoo.org>
Package-Manager: Portage-2.3.51, Repoman-2.3.11

 net-libs/gnutls/files/gnutls-3.5.19-idn2.patch | 47 ++++++++++++++++++++++++++
 net-libs/gnutls/gnutls-3.5.19-r1.ebuild        |  6 +++-
 net-libs/gnutls/gnutls-3.5.19.ebuild           |  6 +++-
 3 files changed, 57 insertions(+), 2 deletions(-)

diff --git a/net-libs/gnutls/files/gnutls-3.5.19-idn2.patch b/net-libs/gnutls/files/gnutls-3.5.19-idn2.patch
new file mode 100644
index 00000000000..1f16302c81b
--- /dev/null
+++ b/net-libs/gnutls/files/gnutls-3.5.19-idn2.patch
@@ -0,0 +1,47 @@
+From b0dfccd2149086cf5d2db44c329664a56b126216 Mon Sep 17 00:00:00 2001
+From: Alon Bar-Lev <alon.barlev@gmail.com>
+Date: Sun, 6 Jan 2019 20:02:50 +0200
+Subject: [PATCH] idn2: do not use deprecated idn2_to_unicode_8z8z in
+ idn2-2.1.0
+
+Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
+---
+ lib/str-idna.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+https://gitlab.com/gnutls/gnutls/merge_requests/864
+
+diff --git a/lib/str-idna.c b/lib/str-idna.c
+index 3bf2db877..95ca9b769 100644
+--- a/lib/str-idna.c
++++ b/lib/str-idna.c
+@@ -145,7 +145,7 @@ int gnutls_idna_map(const char *input, unsigned ilen, gnutls_datum_t *out, unsig
+ 	return ret;
+ }
+ 
+-#ifdef HAVE_LIBIDN2
++#if defined(HAVE_LIBIDN2) && IDN2_VERSION_NUMBER < 0x02000000
+ int _idn2_punycode_decode(
+ 	size_t input_length,
+ 	const char input[],
+@@ -153,7 +153,7 @@ int _idn2_punycode_decode(
+ 	uint32_t output[],
+ 	unsigned char case_flags[]);
+ 
+-static int _idn2_to_unicode_8z8z(const char *src, char **dst)
++static int idn2_to_unicode_8z8z(const char *src, char **dst, int flags)
+ {
+ 	int rc, run;
+ 	size_t out_len = 0;
+@@ -253,7 +253,7 @@ int gnutls_idna_reverse_map(const char *input, unsigned ilen, gnutls_datum_t *ou
+ 
+ #ifdef HAVE_LIBIDN2
+ 	/* currently libidn2 just converts single labels, thus a wrapper function */
+-	rc = _idn2_to_unicode_8z8z((char*)istr.data, &u8);
++	rc = idn2_to_unicode_8z8z((char*)istr.data, &u8, 0);
+ 	if (rc != IDN2_OK) {
+ 		gnutls_assert();
+ 		_gnutls_debug_log("unable to convert ACE name '%s' to UTF-8 format: %s\n", istr.data, idn2_strerror(rc));
+-- 
+2.19.2
+

diff --git a/net-libs/gnutls/gnutls-3.5.19-r1.ebuild b/net-libs/gnutls/gnutls-3.5.19-r1.ebuild
index 9fc06eac7ed..379e758cd88 100644
--- a/net-libs/gnutls/gnutls-3.5.19-r1.ebuild
+++ b/net-libs/gnutls/gnutls-3.5.19-r1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2018 Gentoo Foundation
+# Copyright 1999-2019 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=7
@@ -54,6 +54,10 @@ DOCS=(
 
 HTML_DOCS=()
 
+PATCHES=(
+	"${FILESDIR}/${P}-idn2.patch"
+)
+
 pkg_setup() {
 	# bug#520818
 	export TZ=UTC

diff --git a/net-libs/gnutls/gnutls-3.5.19.ebuild b/net-libs/gnutls/gnutls-3.5.19.ebuild
index 39244f5c2a3..77cc3480387 100644
--- a/net-libs/gnutls/gnutls-3.5.19.ebuild
+++ b/net-libs/gnutls/gnutls-3.5.19.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2018 Gentoo Foundation
+# Copyright 1999-2019 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=6
@@ -54,6 +54,10 @@ DOCS=(
 
 HTML_DOCS=()
 
+PATCHES=(
+	"${FILESDIR}/${P}-idn2.patch"
+)
+
 pkg_setup() {
 	# bug#520818
 	export TZ=UTC


^ permalink raw reply related	[flat|nested] 13+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: net-libs/gnutls/, net-libs/gnutls/files/
@ 2020-06-09 14:58 Thomas Deutschmann
  0 siblings, 0 replies; 13+ messages in thread
From: Thomas Deutschmann @ 2020-06-09 14:58 UTC (permalink / raw
  To: gentoo-commits

commit:     4254290cbaff26d7530a273eb9d307317f7f5f45
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Jun  9 14:58:22 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Jun  9 14:58:22 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4254290c

net-libs/gnutls: security cleanup

Bug: https://bugs.gentoo.org/727108
Package-Manager: Portage-2.3.100, Repoman-2.3.22
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 net-libs/gnutls/Manifest                           |   1 -
 ...s-3.6.13-handle-expired-root-certificates.patch | 391 ---------------------
 net-libs/gnutls/gnutls-3.6.13-r1.ebuild            | 134 -------
 3 files changed, 526 deletions(-)

diff --git a/net-libs/gnutls/Manifest b/net-libs/gnutls/Manifest
index b64da79d7df..a6db64d03c0 100644
--- a/net-libs/gnutls/Manifest
+++ b/net-libs/gnutls/Manifest
@@ -1,2 +1 @@
-DIST gnutls-3.6.13.tar.xz 5958956 BLAKE2B de67f96198b6456f397bf203f13bf1f906b69c7ce632dd96b72539fea12f2bd8ee8b2c608d1ed8b06d3b189023fa81e9a2cfcdd6c9bbd174e5bd2b0673f6ca47 SHA512 23581952cb72c9a34f378c002bb62413d5a1243b74b48ad8dc49eaea4020d33c550f8dc1dd374cf7fbfa4187b0ca1c5698c8a0430398268a8b8a863f8633305c
 DIST gnutls-3.6.14.tar.xz 6069088 BLAKE2B a1cd88a7c977f3a94a49e4187878560a8d9589a6fd32d8ad41b84c33534597fb85a88cf6b260a4a5e8b1a100790a7ba701acac2368f1ad42dcaba7e5c90b6758 SHA512 b2d427b5542a4679117c011dffa8efb0e0bffa3ce9cebc319f8998d03f80f4168d08f9fda35df18dbeaaada59e479d325a6c1c77d5ca7f8ce221b44e42bfe604

diff --git a/net-libs/gnutls/files/gnutls-3.6.13-handle-expired-root-certificates.patch b/net-libs/gnutls/files/gnutls-3.6.13-handle-expired-root-certificates.patch
deleted file mode 100644
index 91986cf449c..00000000000
--- a/net-libs/gnutls/files/gnutls-3.6.13-handle-expired-root-certificates.patch
+++ /dev/null
@@ -1,391 +0,0 @@
-From 299bd4f113d0bd39fa1577a671a04ed7899eff3c Mon Sep 17 00:00:00 2001
-From: Daiki Ueno <ueno@gnu.org>
-Date: Sun, 31 May 2020 12:39:14 +0200
-Subject: [PATCH 1/3] _gnutls_pkcs11_verify_crt_status: check validity against
- system cert
-
-To verify a certificate chain, this function replaces known
-certificates with the ones in the system trust store if possible.
-
-However, if it is found, the function checks the validity of the
-original certificate rather than the certificate found in the trust
-store.  That reveals a problem in a scenario that (1) a certificate is
-signed by multiple issuers and (2) one of the issuers' certificate has
-expired and included in the input chain.
-
-This patch makes it a little robuster by actually retrieving the
-certificate from the trust store and perform check against it.
-
-Signed-off-by: Daiki Ueno <ueno@gnu.org>
----
- lib/pkcs11.c      | 98 +++++++++++++++++++++++++++++++++--------------
- lib/pkcs11_int.h  |  5 +++
- lib/x509/verify.c |  7 +++-
- 3 files changed, 80 insertions(+), 30 deletions(-)
-
-diff --git a/lib/pkcs11.c b/lib/pkcs11.c
-index fad16aaf4f..d8d4a65114 100644
---- a/lib/pkcs11.c
-+++ b/lib/pkcs11.c
-@@ -4547,34 +4547,10 @@ int gnutls_pkcs11_get_raw_issuer_by_subject_key_id (const char *url,
- 	return ret;
- }
- 
--/**
-- * gnutls_pkcs11_crt_is_known:
-- * @url: A PKCS 11 url identifying a token
-- * @cert: is the certificate to find issuer for
-- * @issuer: Will hold the issuer if any in an allocated buffer.
-- * @fmt: The format of the exported issuer.
-- * @flags: Use zero or flags from %GNUTLS_PKCS11_OBJ_FLAG.
-- *
-- * This function will check whether the provided certificate is stored
-- * in the specified token. This is useful in combination with 
-- * %GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED or
-- * %GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED,
-- * to check whether a CA is present or a certificate is blacklisted in
-- * a trust PKCS #11 module.
-- *
-- * This function can be used with a @url of "pkcs11:", and in that case all modules
-- * will be searched. To restrict the modules to the marked as trusted in p11-kit
-- * use the %GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE flag.
-- *
-- * Note that the flag %GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED is
-- * specific to p11-kit trust modules.
-- *
-- * Returns: If the certificate exists non-zero is returned, otherwise zero.
-- *
-- * Since: 3.3.0
-- **/
--unsigned gnutls_pkcs11_crt_is_known(const char *url, gnutls_x509_crt_t cert,
--				 unsigned int flags)
-+unsigned
-+_gnutls_pkcs11_crt_is_known(const char *url, gnutls_x509_crt_t cert,
-+			    unsigned int flags,
-+			    gnutls_x509_crt_t *trusted_cert)
- {
- 	int ret;
- 	struct find_cert_st priv;
-@@ -4586,6 +4562,15 @@ unsigned gnutls_pkcs11_crt_is_known(const char *url, gnutls_x509_crt_t cert,
- 
- 	memset(&priv, 0, sizeof(priv));
- 
-+	if (trusted_cert) {
-+		ret = gnutls_pkcs11_obj_init(&priv.obj);
-+		if (ret < 0) {
-+			gnutls_assert();
-+			goto cleanup;
-+		}
-+		priv.need_import = 1;
-+	}
-+
- 	if (url == NULL || url[0] == 0) {
- 		url = "pkcs11:";
- 	}
-@@ -4632,8 +4617,18 @@ unsigned gnutls_pkcs11_crt_is_known(const char *url, gnutls_x509_crt_t cert,
- 		_gnutls_debug_log("crt_is_known: did not find cert, using issuer DN + serial, using DN only\n");
- 		/* attempt searching with the subject DN only */
- 		gnutls_assert();
-+		if (priv.obj)
-+			gnutls_pkcs11_obj_deinit(priv.obj);
- 		gnutls_free(priv.serial.data);
- 		memset(&priv, 0, sizeof(priv));
-+		if (trusted_cert) {
-+			ret = gnutls_pkcs11_obj_init(&priv.obj);
-+			if (ret < 0) {
-+				gnutls_assert();
-+				goto cleanup;
-+			}
-+			priv.need_import = 1;
-+		}
- 		priv.crt = cert;
- 		priv.flags = flags;
- 
-@@ -4650,9 +4645,26 @@ unsigned gnutls_pkcs11_crt_is_known(const char *url, gnutls_x509_crt_t cert,
- 		goto cleanup;
- 	}
- 
-+	if (trusted_cert) {
-+		ret = gnutls_x509_crt_init(trusted_cert);
-+		if (ret < 0) {
-+			gnutls_assert();
-+			ret = 0;
-+			goto cleanup;
-+		}
-+		ret = gnutls_x509_crt_import_pkcs11(*trusted_cert, priv.obj);
-+		if (ret < 0) {
-+			gnutls_assert();
-+			gnutls_x509_crt_deinit(*trusted_cert);
-+			ret = 0;
-+			goto cleanup;
-+		}
-+	}
- 	ret = 1;
- 
-       cleanup:
-+	if (priv.obj)
-+		gnutls_pkcs11_obj_deinit(priv.obj);
- 	if (info)
- 		p11_kit_uri_free(info);
- 	gnutls_free(priv.serial.data);
-@@ -4660,6 +4672,36 @@ unsigned gnutls_pkcs11_crt_is_known(const char *url, gnutls_x509_crt_t cert,
- 	return ret;
- }
- 
-+/**
-+ * gnutls_pkcs11_crt_is_known:
-+ * @url: A PKCS 11 url identifying a token
-+ * @cert: is the certificate to find issuer for
-+ * @flags: Use zero or flags from %GNUTLS_PKCS11_OBJ_FLAG.
-+ *
-+ * This function will check whether the provided certificate is stored
-+ * in the specified token. This is useful in combination with 
-+ * %GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED or
-+ * %GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED,
-+ * to check whether a CA is present or a certificate is blacklisted in
-+ * a trust PKCS #11 module.
-+ *
-+ * This function can be used with a @url of "pkcs11:", and in that case all modules
-+ * will be searched. To restrict the modules to the marked as trusted in p11-kit
-+ * use the %GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE flag.
-+ *
-+ * Note that the flag %GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED is
-+ * specific to p11-kit trust modules.
-+ *
-+ * Returns: If the certificate exists non-zero is returned, otherwise zero.
-+ *
-+ * Since: 3.3.0
-+ **/
-+unsigned gnutls_pkcs11_crt_is_known(const char *url, gnutls_x509_crt_t cert,
-+				 unsigned int flags)
-+{
-+	return _gnutls_pkcs11_crt_is_known(url, cert, flags, NULL);
-+}
-+
- /**
-  * gnutls_pkcs11_obj_get_flags:
-  * @obj: The pkcs11 object
-diff --git a/lib/pkcs11_int.h b/lib/pkcs11_int.h
-index 9d88807098..86cce0dee5 100644
---- a/lib/pkcs11_int.h
-+++ b/lib/pkcs11_int.h
-@@ -460,6 +460,11 @@ inline static bool is_pkcs11_url_object(const char *url)
- 	return 0;
- }
- 
-+unsigned
-+_gnutls_pkcs11_crt_is_known(const char *url, gnutls_x509_crt_t cert,
-+			    unsigned int flags,
-+			    gnutls_x509_crt_t *trusted_cert);
-+
- #endif				/* ENABLE_PKCS11 */
- 
- #endif /* GNUTLS_LIB_PKCS11_INT_H */
-diff --git a/lib/x509/verify.c b/lib/x509/verify.c
-index d202670198..fd7c6a1642 100644
---- a/lib/x509/verify.c
-+++ b/lib/x509/verify.c
-@@ -34,6 +34,7 @@
- #include <tls-sig.h>
- #include <str.h>
- #include <datum.h>
-+#include <pkcs11_int.h>
- #include <x509_int.h>
- #include <common.h>
- #include <pk.h>
-@@ -1188,6 +1189,7 @@ _gnutls_pkcs11_verify_crt_status(const char* url,
- 
- 	for (; i < clist_size; i++) {
- 		unsigned vflags;
-+		gnutls_x509_crt_t trusted_cert;
- 
- 		if (i == 0) /* in the end certificate do full comparison */
- 			vflags = GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE|
-@@ -1196,9 +1198,10 @@ _gnutls_pkcs11_verify_crt_status(const char* url,
- 			vflags = GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE|
- 				GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY|GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED;
- 
--		if (gnutls_pkcs11_crt_is_known (url, certificate_list[i], vflags) != 0) {
-+		if (_gnutls_pkcs11_crt_is_known (url, certificate_list[i], vflags, &trusted_cert) != 0) {
- 
--			status |= check_ca_sanity(certificate_list[i], now, flags);
-+			status |= check_ca_sanity(trusted_cert, now, flags);
-+			gnutls_x509_crt_deinit(trusted_cert);
- 
- 			if (func)
- 				func(certificate_list[i],
--- 
-2.26.2
-
-
-From cdf075e7f54cb77f046ef3e7c2147f159941faca Mon Sep 17 00:00:00 2001
-From: Daiki Ueno <ueno@gnu.org>
-Date: Sun, 31 May 2020 13:59:53 +0200
-Subject: [PATCH 2/3] x509: trigger fallback verification path when cert is
- expired
-
-gnutls_x509_trust_list_verify_crt2 use the macro SIGNER_OLD_OR_UNKNOWN
-to trigger the fallback verification path if the signer of the last
-certificate is not in the trust store.  Previously, it doesn't take
-into account of the condition where the certificate is expired.
-
-Signed-off-by: Daiki Ueno <ueno@gnu.org>
----
- lib/x509/verify-high.c | 12 +++++++-----
- 1 file changed, 7 insertions(+), 5 deletions(-)
-
-diff --git a/lib/x509/verify-high.c b/lib/x509/verify-high.c
-index b1421ef17a..40638ad3aa 100644
---- a/lib/x509/verify-high.c
-+++ b/lib/x509/verify-high.c
-@@ -1192,11 +1192,13 @@ gnutls_x509_trust_list_verify_crt(gnutls_x509_trust_list_t list,
- 
- #define LAST_DN cert_list[cert_list_size-1]->raw_dn
- #define LAST_IDN cert_list[cert_list_size-1]->raw_issuer_dn
--/* This macro is introduced to detect a verification output
-- * which indicates an unknown signer, or a signer which uses
-- * an insecure algorithm (e.g., sha1), something that indicates
-- * a superseded signer */
--#define SIGNER_OLD_OR_UNKNOWN(output) ((output & GNUTLS_CERT_SIGNER_NOT_FOUND) || (output & GNUTLS_CERT_INSECURE_ALGORITHM))
-+/* This macro is introduced to detect a verification output which
-+ * indicates an unknown signer, a signer which uses an insecure
-+ * algorithm (e.g., sha1), a signer has expired, or something that
-+ * indicates a superseded signer */
-+#define SIGNER_OLD_OR_UNKNOWN(output) ((output & GNUTLS_CERT_SIGNER_NOT_FOUND) || \
-+				       (output & GNUTLS_CERT_EXPIRED) || \
-+				       (output & GNUTLS_CERT_INSECURE_ALGORITHM))
- #define SIGNER_WAS_KNOWN(output) (!(output & GNUTLS_CERT_SIGNER_NOT_FOUND))
- 
- /**
--- 
-2.26.2
-
-
-From 9067bcbee8ff18badff1e829d22e63590dbd7a5c Mon Sep 17 00:00:00 2001
-From: Daiki Ueno <ueno@gnu.org>
-Date: Sun, 31 May 2020 14:28:48 +0200
-Subject: [PATCH 3/3] tests: add test case for certificate chain superseding
-
-Signed-off-by: Daiki Ueno <ueno@gnu.org>
----
- tests/test-chains.h | 97 +++++++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 97 insertions(+)
-
-diff --git a/tests/test-chains.h b/tests/test-chains.h
-index dd19e6a815..9b06b85f5f 100644
---- a/tests/test-chains.h
-+++ b/tests/test-chains.h
-@@ -4010,6 +4010,102 @@ static const char *ed448[] = {
- 	NULL
- };
- 
-+/* This contains an expired intermediate CA, which should be superseded. */
-+static const char *superseding[] = {
-+	"-----BEGIN CERTIFICATE-----"
-+	"MIIDrzCCAmegAwIBAgIUcozIBhMJvM/rd1PVI7LOq7Kscs8wDQYJKoZIhvcNAQEL"
-+	"BQAwJjEkMCIGA1UEAxMbR251VExTIHRlc3QgaW50ZXJtZWRpYXRlIENBMCAXDTIw"
-+	"MDUzMTEyMTczN1oYDzk5OTkxMjMxMjM1OTU5WjA3MRgwFgYDVQQDEw90ZXN0Lmdu"
-+	"dXRscy5vcmcxGzAZBgNVBAoTEkdudVRMUyB0ZXN0IHNlcnZlcjCCASAwCwYJKoZI"
-+	"hvcNAQEKA4IBDwAwggEKAoIBAQCd2PBnWn+b0FsIMbG+f/K+og2iK/BoLCsJD3j9"
-+	"yRNSHD6wTifYwNTbe1LF/8BzxcwVRCD0zpbpFQawbjxbmBSzrXqQlUFFG11DvNBa"
-+	"w58rgHGo3TYCrtFIBfLbziyB1w/vWeX0xHvv8MMJ1iRSdY+7Y36a2cV+s85PdO4B"
-+	"TpZlLfy8LPP6p6+dgVoC+9tTu2H1wARYOVog+jt9A3Hx0L1xxVWTedFoiK2sVouz"
-+	"fLRjfp5cOwuRHSD2qbpGOAeNVVaOE88Bv3pIGPguMw0qAdEDo20hRYH23LIyvBwB"
-+	"oCnyFNnAViMtLa2QlXSliV9a9BKOXYjWzAeso2SF4pdHcvd5AgMBAAGjgZMwgZAw"
-+	"DAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg90ZXN0LmdudXRscy5vcmcwEwYDVR0l"
-+	"BAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUDAweAADAdBgNVHQ4EFgQUan6mlccq"
-+	"Uy1Z64wvRv3xxg4h2ykwHwYDVR0jBBgwFoAUSCM0UwqJMThKWurKttKm3s4dKxgw"
-+	"DQYJKoZIhvcNAQELBQADggExAKAOMyMLpk0u2UTwwFWtr1hfx7evo2J7dgco410I"
-+	"DN/QWoe2Xlcxcp1h5R9rX1I3KU2WGFtdXqiMsllCLnrDEKZmlks0uz76bCpKmM99"
-+	"/1MDlY7mGCr/2PPx53USK5J5JTiqgp6r7qAcDAnpYvrPH45kk7iqwh02DhAxRnGR"
-+	"CW7KWK8h7uu0Az9iBT2YfV372g4fRDK3fqYzJofQwbhSiUuJ7wyZCRhGOoxMMmDb"
-+	"KBbc1wAYXW+tlv2cSbfzRvSxMR+CzkyH2tGDxeN//aZUfGmQ8IzWUQ7UtK5z+Q0E"
-+	"fL6fZtm2SdGabGpV1UYoGpwOtOngK+m0i9SqrMD7g5+SMhc1VuvVuTtxjr5Cha8l"
-+	"X0HEZtxgFrkdfMD4yLAqiguaCBngtbRmELF5VpebmJbiLVU="
-+	"-----END CERTIFICATE-----",
-+	"-----BEGIN CERTIFICATE-----"
-+	"MIIDkTCCAkmgAwIBAgIUY9cJ4NLNFEaojJHdP1I4Q7OHNJwwDQYJKoZIhvcNAQEL"
-+	"BQAwGTEXMBUGA1UEAxMOR251VExTIHRlc3QgQ0EwHhcNMTgxMjMxMjMwMDAwWhcN"
-+	"MjAwNTMwMjIwMDAwWjAmMSQwIgYDVQQDExtHbnVUTFMgdGVzdCBpbnRlcm1lZGlh"
-+	"dGUgQ0EwggFSMA0GCSqGSIb3DQEBAQUAA4IBPwAwggE6AoIBMQC0ayeYJa/B/x7K"
-+	"sH702LztQ4ZnVF3atB7CkF+DPAIR/BNyhbKIpGVBC3ZfI76Kn/55S3M7LsdLPL8W"
-+	"yZdVNRfzoXJLMMLgJ5QS81YA5s6CSxFdpB6b+vq5GypNGLW6peYMx6iooW2qiITc"
-+	"lg6ybBw1qufHlD351cfCog1Ls2569whfxQnNFZMa95jfKkxmiSTtH9AWY4FlpVg7"
-+	"oc0lYpuZgVQIFxjsfC8IojsoVzKdF0cKhvtisUGZ5vveqOogfvMb7rrqmiFkKZLy"
-+	"rXPlGQWdN1PiEZ8YXyK64osNAIyeL6eHPUC+SqKlkggMLmHAWHyameHWrIM5Jc8+"
-+	"G+3ro22dy8U43sHHbps0FL4wPoKQHrlKmnbk7zMMRqIxcvbDYQv4qmeJ9KXldjeh"
-+	"KZ+Aeap1AgMBAAGjZDBiMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcE"
-+	"ADAdBgNVHQ4EFgQUSCM0UwqJMThKWurKttKm3s4dKxgwHwYDVR0jBBgwFoAUHncj"
-+	"bWcxH5EHm5Yv7PzIRv6M4QMwDQYJKoZIhvcNAQELBQADggExAHP1UAQ/nvuQtRZF"
-+	"Q4b96yxVwCjMjn7knLyLNtyYGE3466xvE/ofvx5lgaR06ez/G17XP+Ok5SLJNUVc"
-+	"mplTERCv5CgnX7R5VdGJkkD1repaYxaTtwyJz0AfYEMRUj3jfaeLaiUKJvEW5RRs"
-+	"I3solY18sy/m/xGrH2X0GTNfKM9BURENABsppt07jxH719nF9m9SynV/Z2hE5hlv"
-+	"5e5vyPt4wyRPIJLUI3TKAlvb1s40zz3ua7ZTgQL/cOxfY4f9pRKW9CMB3uF69OP9"
-+	"COAxrmHVZsImmDZ6qO1qQrbY1KN/cX5kG4pKg7Ium723aOlwcWzEDXKumD960fN1"
-+	"5g+HrjNs6kW+r9Q5QS8qV5s8maZNcxTrMvQ1fF2AKBNI3Z3U7vmtrSeqxIXp3rGH"
-+	"iJwOKIk="
-+	"-----END CERTIFICATE-----",
-+	NULL
-+};
-+
-+static const char *superseding_ca[] = {
-+	"-----BEGIN CERTIFICATE-----"
-+	"MIIDkzCCAkugAwIBAgIUIs7jB4Q4sFcdCmzWVHbJLESC3T4wDQYJKoZIhvcNAQEL"
-+	"BQAwGTEXMBUGA1UEAxMOR251VExTIHRlc3QgQ0EwIBcNMjAwNTMxMTIxMzEwWhgP"
-+	"OTk5OTEyMzEyMzU5NTlaMCYxJDAiBgNVBAMTG0dudVRMUyB0ZXN0IGludGVybWVk"
-+	"aWF0ZSBDQTCCAVIwDQYJKoZIhvcNAQEBBQADggE/ADCCAToCggExALRrJ5glr8H/"
-+	"HsqwfvTYvO1DhmdUXdq0HsKQX4M8AhH8E3KFsoikZUELdl8jvoqf/nlLczsux0s8"
-+	"vxbJl1U1F/OhckswwuAnlBLzVgDmzoJLEV2kHpv6+rkbKk0Ytbql5gzHqKihbaqI"
-+	"hNyWDrJsHDWq58eUPfnVx8KiDUuzbnr3CF/FCc0Vkxr3mN8qTGaJJO0f0BZjgWWl"
-+	"WDuhzSVim5mBVAgXGOx8LwiiOyhXMp0XRwqG+2KxQZnm+96o6iB+8xvuuuqaIWQp"
-+	"kvKtc+UZBZ03U+IRnxhfIrriiw0AjJ4vp4c9QL5KoqWSCAwuYcBYfJqZ4dasgzkl"
-+	"zz4b7eujbZ3LxTjewcdumzQUvjA+gpAeuUqaduTvMwxGojFy9sNhC/iqZ4n0peV2"
-+	"N6Epn4B5qnUCAwEAAaNkMGIwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMD"
-+	"BwQAMB0GA1UdDgQWBBRIIzRTCokxOEpa6sq20qbezh0rGDAfBgNVHSMEGDAWgBQe"
-+	"dyNtZzEfkQebli/s/MhG/ozhAzANBgkqhkiG9w0BAQsFAAOCATEAcF9R9VGQxTwW"
-+	"aOjeIeQ9ZJxybaj0BaXC8xR4b9uZloS9d/RBFTjgRbQ82yqaj7f80mgUtabKRfTA"
-+	"ltV2MgTbJdOjwGzEDtKGhClBbovnEGrYTbPBT9rgfYPt0q7SMBr6AzGAPt+ltwI7"
-+	"9yntV81qvTxvW5MEEo0j2MuA3NT3oqe+w1rUKNQCWhnN2TUhJGkTlaaMozcgNFaE"
-+	"Dplop4dtvCGtupxOjC3Nf6FWq1k7iZQxX70AFBYVMpuF7qGh6qDp+T1hmTCSVzxP"
-+	"SfDQIBjhKgy4clhkuR5SRxhN74RX+/5eiQyVLxzr+eIhqzJhPqUCmVnCLcqYdNRi"
-+	"hpHic4uJm0wGOKYTI7EG8rb4ZP4Jz6k4iN9CnL/+kiiW5otSl3YyCAuao5VKdDq9"
-+	"izchzb9eow=="
-+	"-----END CERTIFICATE-----",
-+	"-----BEGIN CERTIFICATE-----"
-+	"MIIDZTCCAh2gAwIBAgIULcrECQOBgPaePBfBHXcyZiU0IiYwDQYJKoZIhvcNAQEL"
-+	"BQAwGTEXMBUGA1UEAxMOR251VExTIHRlc3QgQ0EwIBcNMjAwNTMxMTIxMTQzWhgP"
-+	"OTk5OTEyMzEyMzU5NTlaMBkxFzAVBgNVBAMTDkdudVRMUyB0ZXN0IENBMIIBUjAN"
-+	"BgkqhkiG9w0BAQEFAAOCAT8AMIIBOgKCATEAnORCsX1unl//fy2d1054XduIg/3C"
-+	"qVBaT3Hca65SEoDwh0KiPtQoOgZLdKY2cobGs/ojYtOjcs0KnlPYdmtjEh6WEhuJ"
-+	"U95v4TQdC4OLMiE56eIGq252hZAbHoTL84Q14DxQWGuzQK830iml7fbw2WcIcRQ8"
-+	"vFGs8SzfXw63+MI6Fq6iMAQIqP08WzGmRRzL5wvCiPhCVkrPmwbXoABub6AAsYwW"
-+	"PJB91M9/lx5gFH5k9/iPfi3s2Kg3F8MOcppqFYjxDSnsfiz6eMh1+bYVIAo367vG"
-+	"VYHigXMEZC2FezlwIHaZzpEoFlY3a7LFJ00yrjQ910r8UE+CEMTYzE40D0olCMo7"
-+	"FA9RCjeO3bUIoYaIdVTUGWEGHWSeoxGei9Gkm6u+ASj8f+i0jxdD2qXsewIDAQAB"
-+	"o0MwQTAPBgNVHRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMHBAAwHQYDVR0OBBYE"
-+	"FB53I21nMR+RB5uWL+z8yEb+jOEDMA0GCSqGSIb3DQEBCwUAA4IBMQAeMSzMyuTy"
-+	"FjXTjxAUv010bsr6e6fI9txq/S1tXmWWJV/8aeARthuOFZO5Jjy3C5aMbac2HDV4"
-+	"Otu0+JLaoEMSXvorAhValVuq06i5cmaPzvJBcxMWzlEAXfavSwHv5Q+kqNU3z81S"
-+	"WnjEpMHcl9OyER7o9IhF55Xom2BXY5XL83QOzQ4C3bpKrNevZC7i7zS8NoYRGP+8"
-+	"w21JseXkWQW4o2hkFqbCcRE1dlMW02iJE28RZ5aBFDIm2Y6zuLaXZIkaO7E41CAw"
-+	"IUyhowm/S1HcmQnhruAGKJvQtB6jvnhZb7pgnuSkhIvAQgw93CLE985KEua1ifY2"
-+	"p1d/6ho2TWotHHqDnDkB8pC0Wzai8R+63z18Kt0gROX2QItCyFksjNJqYPbgwZgt"
-+	"eh1COrLsOJo+"
-+	"-----END CERTIFICATE-----",
-+	NULL
-+};
-+
- #if defined __clang__ || __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 5)
- #  pragma GCC diagnostic push
- #  pragma GCC diagnostic ignored "-Wunused-variable"
-@@ -4178,6 +4274,7 @@ static struct
-     GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID, NULL, 1576759855, 1},
-   { "ed448 - ok", ed448, &ed448[0], GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_ULTRA),
-     0, NULL, 1584352960, 1},
-+  { "superseding - ok", superseding, superseding_ca, 0, 0, 0, 1590928011 },
-   { NULL, NULL, NULL, 0, 0}
- };
- 
--- 
-2.26.2
-

diff --git a/net-libs/gnutls/gnutls-3.6.13-r1.ebuild b/net-libs/gnutls/gnutls-3.6.13-r1.ebuild
deleted file mode 100644
index 0f8de4605eb..00000000000
--- a/net-libs/gnutls/gnutls-3.6.13-r1.ebuild
+++ /dev/null
@@ -1,134 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit libtool multilib-minimal
-
-DESCRIPTION="A TLS 1.2 and SSL 3.0 implementation for the GNU project"
-HOMEPAGE="http://www.gnutls.org/"
-SRC_URI="mirror://gnupg/gnutls/v$(ver_cut 1-2)/${P}.tar.xz"
-
-LICENSE="GPL-3 LGPL-2.1+"
-SLOT="0/30" # libgnutls.so number
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="+cxx dane doc examples guile +idn nls +openssl pkcs11 seccomp sslv2 sslv3 static-libs test test-full +tls-heartbeat tools valgrind"
-
-REQUIRED_USE="
-	test-full? ( cxx dane doc examples guile idn nls openssl pkcs11 seccomp tls-heartbeat tools )"
-RESTRICT="!test? ( test )"
-
-# NOTICE: sys-devel/autogen is required at runtime as we
-# use system libopts
-RDEPEND=">=dev-libs/libtasn1-4.9:=[${MULTILIB_USEDEP}]
-	dev-libs/libunistring:=[${MULTILIB_USEDEP}]
-	>=dev-libs/nettle-3.4.1:=[gmp,${MULTILIB_USEDEP}]
-	>=dev-libs/gmp-5.1.3-r1:=[${MULTILIB_USEDEP}]
-	tools? ( sys-devel/autogen:= )
-	dane? ( >=net-dns/unbound-1.4.20:=[${MULTILIB_USEDEP}] )
-	guile? ( >=dev-scheme/guile-2:=[networking] )
-	nls? ( >=virtual/libintl-0-r1:=[${MULTILIB_USEDEP}] )
-	pkcs11? ( >=app-crypt/p11-kit-0.23.1:=[${MULTILIB_USEDEP}] )
-	idn? ( >=net-dns/libidn2-0.16-r1:=[${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}
-	test? (
-		seccomp? ( sys-libs/libseccomp )
-	)"
-BDEPEND=">=virtual/pkgconfig-0-r1
-	doc? ( dev-util/gtk-doc )
-	nls? ( sys-devel/gettext )
-	tools? ( sys-devel/autogen )
-	valgrind? ( dev-util/valgrind )
-	test-full? (
-		app-crypt/dieharder
-		>=app-misc/datefudge-1.22
-		dev-libs/softhsm:2[-bindist]
-		net-dialup/ppp
-		net-misc/socat
-	)"
-
-DOCS=(
-	README.md
-	doc/certtool.cfg
-)
-
-HTML_DOCS=()
-
-PATCHES=( "${FILESDIR}"/${P}-handle-expired-root-certificates.patch )
-
-pkg_setup() {
-	# bug#520818
-	export TZ=UTC
-
-	use doc && HTML_DOCS+=(
-		doc/gnutls.html
-	)
-}
-
-src_prepare() {
-	default
-
-	# force regeneration of autogen-ed files
-	local file
-	for file in $(grep -l AutoGen-ed src/*.c) ; do
-		rm src/$(basename ${file} .c).{c,h} || die
-	done
-
-	# Use sane .so versioning on FreeBSD.
-	elibtoolize
-}
-
-multilib_src_configure() {
-	LINGUAS="${LINGUAS//en/en@boldquot en@quot}"
-
-	local libconf=()
-
-	# TPM needs to be tested before being enabled
-	libconf+=( --without-tpm )
-
-	# hardware-accell is disabled on OSX because the asm files force
-	#   GNU-stack (as doesn't support that) and when that's removed ld
-	#   complains about duplicate symbols
-	[[ ${CHOST} == *-darwin* ]] && libconf+=( --disable-hardware-acceleration )
-
-	# Cygwin as does not understand these asm files at all
-	[[ ${CHOST} == *-cygwin* ]] && libconf+=( --disable-hardware-acceleration )
-
-	local myeconfargs=(
-		$(multilib_native_enable manpages)
-		$(multilib_native_use_enable doc gtk-doc)
-		$(multilib_native_use_enable doc)
-		$(multilib_native_use_enable guile)
-		$(multilib_native_use_enable seccomp seccomp-tests)
-		$(multilib_native_use_enable test tests)
-		$(multilib_native_use_enable test-full full-test-suite)
-		$(multilib_native_use_enable tools)
-		$(multilib_native_use_enable valgrind valgrind-tests)
-		$(use_enable cxx)
-		$(use_enable dane libdane)
-		$(use_enable nls)
-		$(use_enable openssl openssl-compatibility)
-		$(use_enable sslv2 ssl2-support)
-		$(use_enable sslv3 ssl3-support)
-		$(use_enable static-libs static)
-		$(use_enable tls-heartbeat heartbeat-support)
-		$(use_with idn)
-		$(use_with pkcs11 p11-kit)
-		--disable-rpath
-		--with-default-trust-store-file="${EPREFIX}/etc/ssl/certs/ca-certificates.crt"
-		--with-unbound-root-key-file="${EPREFIX}/etc/dnssec/root-anchors.txt"
-		--without-included-libtasn1
-		$("${S}/configure" --help | grep -o -- '--without-.*-prefix')
-	)
-	ECONF_SOURCE="${S}" econf "${libconf[@]}" "${myeconfargs[@]}"
-}
-
-multilib_src_install_all() {
-	einstalldocs
-	find "${ED}" -type f -name '*.la' -delete || die
-
-	if use examples; then
-		docinto examples
-		dodoc doc/examples/*.c
-	fi
-}


^ permalink raw reply related	[flat|nested] 13+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: net-libs/gnutls/, net-libs/gnutls/files/
@ 2020-09-04 16:14 Thomas Deutschmann
  0 siblings, 0 replies; 13+ messages in thread
From: Thomas Deutschmann @ 2020-09-04 16:14 UTC (permalink / raw
  To: gentoo-commits

commit:     807088725f04adee3a1e0ed9a8b41d8d647262b3
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri Sep  4 15:28:14 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri Sep  4 16:13:47 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=80708872

net-libs/gnutls: bump to v3.6.15

Bug: https://bugs.gentoo.org/649396
Bug: https://bugs.gentoo.org/711104
Bug: https://bugs.gentoo.org/740390
Package-Manager: Portage-3.0.4, Repoman-3.0.1
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 net-libs/gnutls/Manifest                           |   1 +
 .../gnutls-3.6.15-skip-dtls-seccomp-tests.patch    |  26 ++++
 net-libs/gnutls/gnutls-3.6.15.ebuild               | 134 +++++++++++++++++++++
 3 files changed, 161 insertions(+)

diff --git a/net-libs/gnutls/Manifest b/net-libs/gnutls/Manifest
index a6db64d03c0..580a7c962dd 100644
--- a/net-libs/gnutls/Manifest
+++ b/net-libs/gnutls/Manifest
@@ -1 +1,2 @@
 DIST gnutls-3.6.14.tar.xz 6069088 BLAKE2B a1cd88a7c977f3a94a49e4187878560a8d9589a6fd32d8ad41b84c33534597fb85a88cf6b260a4a5e8b1a100790a7ba701acac2368f1ad42dcaba7e5c90b6758 SHA512 b2d427b5542a4679117c011dffa8efb0e0bffa3ce9cebc319f8998d03f80f4168d08f9fda35df18dbeaaada59e479d325a6c1c77d5ca7f8ce221b44e42bfe604
+DIST gnutls-3.6.15.tar.xz 6081656 BLAKE2B 6c52419037e41e817087a2577a6b73969cf065453ecf88e2f87152f544a177e4ad0ef825ae9dab243312e0223a953ab28e532bd2dbf96cb9498618415bc7f654 SHA512 f757d1532198f44bcad7b73856ce6a05bab43f6fb77fcc81c59607f146202f73023d0796d3e1e7471709cf792c8ee7d436e19407e0601bc0bda2f21512b3b01c

diff --git a/net-libs/gnutls/files/gnutls-3.6.15-skip-dtls-seccomp-tests.patch b/net-libs/gnutls/files/gnutls-3.6.15-skip-dtls-seccomp-tests.patch
new file mode 100644
index 00000000000..dad6cec8d3d
--- /dev/null
+++ b/net-libs/gnutls/files/gnutls-3.6.15-skip-dtls-seccomp-tests.patch
@@ -0,0 +1,26 @@
+https://bugs.gentoo.org/649396
+https://bugs.gentoo.org/711104
+
+--- a/tests/dtls-client-with-seccomp.c
++++ b/tests/dtls-client-with-seccomp.c
+@@ -27,7 +27,7 @@
+ #include <stdio.h>
+ #include <stdlib.h>
+ 
+-#if defined(_WIN32) || !defined(HAVE_LIBSECCOMP)
++#if 1
+ 
+ int main()
+ {
+--- a/tests/dtls-with-seccomp.c
++++ b/tests/dtls-with-seccomp.c
+@@ -27,7 +27,7 @@
+ #include <stdio.h>
+ #include <stdlib.h>
+ 
+-#if defined(_WIN32) || !defined(HAVE_LIBSECCOMP)
++#if 1
+ 
+ int main()
+ {
+ 

diff --git a/net-libs/gnutls/gnutls-3.6.15.ebuild b/net-libs/gnutls/gnutls-3.6.15.ebuild
new file mode 100644
index 00000000000..2aaf56d8ded
--- /dev/null
+++ b/net-libs/gnutls/gnutls-3.6.15.ebuild
@@ -0,0 +1,134 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit libtool multilib-minimal
+
+DESCRIPTION="A TLS 1.2 and SSL 3.0 implementation for the GNU project"
+HOMEPAGE="http://www.gnutls.org/"
+SRC_URI="mirror://gnupg/gnutls/v$(ver_cut 1-2)/${P}.tar.xz"
+
+LICENSE="GPL-3 LGPL-2.1+"
+SLOT="0/30" # libgnutls.so number
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="+cxx dane doc examples guile +idn nls +openssl pkcs11 seccomp sslv2 sslv3 static-libs test test-full +tls-heartbeat tools valgrind"
+
+REQUIRED_USE="
+	test-full? ( cxx dane doc examples guile idn nls openssl pkcs11 seccomp tls-heartbeat tools )"
+RESTRICT="!test? ( test )"
+
+# NOTICE: sys-devel/autogen is required at runtime as we
+# use system libopts
+RDEPEND=">=dev-libs/libtasn1-4.9:=[${MULTILIB_USEDEP}]
+	dev-libs/libunistring:=[${MULTILIB_USEDEP}]
+	>=dev-libs/nettle-3.4.1:=[gmp,${MULTILIB_USEDEP}]
+	>=dev-libs/gmp-5.1.3-r1:=[${MULTILIB_USEDEP}]
+	tools? ( sys-devel/autogen:= )
+	dane? ( >=net-dns/unbound-1.4.20:=[${MULTILIB_USEDEP}] )
+	guile? ( >=dev-scheme/guile-2:=[networking] )
+	nls? ( >=virtual/libintl-0-r1:=[${MULTILIB_USEDEP}] )
+	pkcs11? ( >=app-crypt/p11-kit-0.23.1:=[${MULTILIB_USEDEP}] )
+	idn? ( >=net-dns/libidn2-0.16-r1:=[${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}
+	test? (
+		seccomp? ( sys-libs/libseccomp )
+	)"
+BDEPEND=">=virtual/pkgconfig-0-r1
+	doc? ( dev-util/gtk-doc )
+	nls? ( sys-devel/gettext )
+	tools? ( sys-devel/autogen )
+	valgrind? ( dev-util/valgrind )
+	test-full? (
+		app-crypt/dieharder
+		>=app-misc/datefudge-1.22
+		dev-libs/softhsm:2[-bindist]
+		net-dialup/ppp
+		net-misc/socat
+	)"
+
+DOCS=(
+	README.md
+	doc/certtool.cfg
+)
+
+HTML_DOCS=()
+
+PATCHES=( "${FILESDIR}"/${PN}-3.6.15-skip-dtls-seccomp-tests.patch )
+
+pkg_setup() {
+	# bug#520818
+	export TZ=UTC
+
+	use doc && HTML_DOCS+=(
+		doc/gnutls.html
+	)
+}
+
+src_prepare() {
+	default
+
+	# force regeneration of autogen-ed files
+	local file
+	for file in $(grep -l AutoGen-ed src/*.c) ; do
+		rm src/$(basename ${file} .c).{c,h} || die
+	done
+
+	# Use sane .so versioning on FreeBSD.
+	elibtoolize
+}
+
+multilib_src_configure() {
+	LINGUAS="${LINGUAS//en/en@boldquot en@quot}"
+
+	local libconf=()
+
+	# TPM needs to be tested before being enabled
+	libconf+=( --without-tpm )
+
+	# hardware-accell is disabled on OSX because the asm files force
+	#   GNU-stack (as doesn't support that) and when that's removed ld
+	#   complains about duplicate symbols
+	[[ ${CHOST} == *-darwin* ]] && libconf+=( --disable-hardware-acceleration )
+
+	# Cygwin as does not understand these asm files at all
+	[[ ${CHOST} == *-cygwin* ]] && libconf+=( --disable-hardware-acceleration )
+
+	local myeconfargs=(
+		$(multilib_native_enable manpages)
+		$(multilib_native_use_enable doc gtk-doc)
+		$(multilib_native_use_enable doc)
+		$(multilib_native_use_enable guile)
+		$(multilib_native_use_enable seccomp seccomp-tests)
+		$(multilib_native_use_enable test tests)
+		$(multilib_native_use_enable test-full full-test-suite)
+		$(multilib_native_use_enable tools)
+		$(multilib_native_use_enable valgrind valgrind-tests)
+		$(use_enable cxx)
+		$(use_enable dane libdane)
+		$(use_enable nls)
+		$(use_enable openssl openssl-compatibility)
+		$(use_enable sslv2 ssl2-support)
+		$(use_enable sslv3 ssl3-support)
+		$(use_enable static-libs static)
+		$(use_enable tls-heartbeat heartbeat-support)
+		$(use_with idn)
+		$(use_with pkcs11 p11-kit)
+		--disable-rpath
+		--with-default-trust-store-file="${EPREFIX}/etc/ssl/certs/ca-certificates.crt"
+		--with-unbound-root-key-file="${EPREFIX}/etc/dnssec/root-anchors.txt"
+		--without-included-libtasn1
+		$("${S}/configure" --help | grep -o -- '--without-.*-prefix')
+	)
+	ECONF_SOURCE="${S}" econf "${libconf[@]}" "${myeconfargs[@]}"
+}
+
+multilib_src_install_all() {
+	einstalldocs
+	find "${ED}" -type f -name '*.la' -delete || die
+
+	if use examples; then
+		docinto examples
+		dodoc doc/examples/*.c
+	fi
+}


^ permalink raw reply related	[flat|nested] 13+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: net-libs/gnutls/, net-libs/gnutls/files/
@ 2021-03-28  6:08 Thomas Deutschmann
  0 siblings, 0 replies; 13+ messages in thread
From: Thomas Deutschmann @ 2021-03-28  6:08 UTC (permalink / raw
  To: gentoo-commits

commit:     42cb2c95be07553ccb6c28c1634e8b64602c3fe1
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Mar 28 06:07:24 2021 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun Mar 28 06:08:22 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=42cb2c95

net-libs/gnutls: drop vulnerable version

Bug: https://bugs.gentoo.org/775338
Package-Manager: Portage-3.0.17, Repoman-3.0.2
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 net-libs/gnutls/Manifest                           |   1 -
 ...nutls-3.7.0-ignore-duplicate-certificates.patch | 403 ---------------------
 net-libs/gnutls/gnutls-3.7.0-r1.ebuild             | 139 -------
 3 files changed, 543 deletions(-)

diff --git a/net-libs/gnutls/Manifest b/net-libs/gnutls/Manifest
index 5c0d91491fa..1ab16ed845f 100644
--- a/net-libs/gnutls/Manifest
+++ b/net-libs/gnutls/Manifest
@@ -1,3 +1,2 @@
 DIST gnutls-3.6.15.tar.xz 6081656 BLAKE2B 6c52419037e41e817087a2577a6b73969cf065453ecf88e2f87152f544a177e4ad0ef825ae9dab243312e0223a953ab28e532bd2dbf96cb9498618415bc7f654 SHA512 f757d1532198f44bcad7b73856ce6a05bab43f6fb77fcc81c59607f146202f73023d0796d3e1e7471709cf792c8ee7d436e19407e0601bc0bda2f21512b3b01c
-DIST gnutls-3.7.0.tar.xz 6129176 BLAKE2B 3b03e7017ac1d715c740f8f09b0690dd1c983dcfd5faef0740cf66ac785c1a84e959f85808aa10a6eebd745d96ca0293681049911ea663aeff85fedfa2567aad SHA512 5cf1025f2d0a0cbf5a83dd7f3b22dafd1769f7c3349096c0272d08573bb5ff87f510e0e69b4bbb47dad1b64476aa5479804b2f4ceb2216cd747bbc53bf42d885
 DIST gnutls-3.7.1.tar.xz 6038388 BLAKE2B 1d55eb441827c7148d63bcad37bf7bc62d539ee9bc7e14c2fe5ec1d0bdcadd75e2cbc98ba104523b24c8dfd9526b4595475a818d206971cc012fac509cd33a6f SHA512 0fe801f03676c3bd970387f94578c8be7ba6030904989e7d21dffdc726209bab44c8096fbcb6d51fed2de239537bd00df2338ee9c8d984a1c386826b91062a95

diff --git a/net-libs/gnutls/files/gnutls-3.7.0-ignore-duplicate-certificates.patch b/net-libs/gnutls/files/gnutls-3.7.0-ignore-duplicate-certificates.patch
deleted file mode 100644
index b0143818b46..00000000000
--- a/net-libs/gnutls/files/gnutls-3.7.0-ignore-duplicate-certificates.patch
+++ /dev/null
@@ -1,403 +0,0 @@
-From 09b40be6e0e0a59ba4bd764067eb353241043a70 Mon Sep 17 00:00:00 2001
-From: Daiki Ueno <ueno@gnu.org>
-Date: Mon, 28 Dec 2020 12:14:13 +0100
-Subject: [PATCH] gnutls_x509_trust_list_verify_crt2: ignore duplicate
- certificates
-
-The commit ebb19db9165fed30d73c83bab1b1b8740c132dfd caused a
-regression, where duplicate certificates in a certificate chain are no
-longer ignored but treated as a non-contiguous segment and that
-results in calling the issuer callback, or a verification failure.
-
-This adds a mechanism to record certificates already seen in the
-chain, and skip them while still allow the caller to inject missing
-certificates.
-
-Signed-off-by: Daiki Ueno <ueno@gnu.org>
-Co-authored-by: Andreas Metzler <ametzler@debian.org>
----
- lib/x509/common.c          |   8 ++
- lib/x509/verify-high.c     | 157 +++++++++++++++++++++++++++++++------
- tests/missingissuer.c      |   2 +
- tests/test-chains-issuer.h | 101 +++++++++++++++++++++++-
- 4 files changed, 245 insertions(+), 23 deletions(-)
-
-diff --git a/lib/x509/common.c b/lib/x509/common.c
-index 3301aaad0c..10c8db53c0 100644
---- a/lib/x509/common.c
-+++ b/lib/x509/common.c
-@@ -1758,6 +1758,14 @@ unsigned int _gnutls_sort_clist(gnutls_x509_crt_t *clist,
- 	 * increasing DEFAULT_MAX_VERIFY_DEPTH.
- 	 */
- 	for (i = 0; i < clist_size; i++) {
-+		/* Self-signed certificate found in the chain; skip it
-+		 * as it should only appear in the trusted set.
-+		 */
-+		if (gnutls_x509_crt_check_issuer(clist[i], clist[i])) {
-+			_gnutls_cert_log("self-signed cert found", clist[i]);
-+			continue;
-+		}
-+
- 		for (j = 1; j < clist_size; j++) {
- 			if (i == j)
- 				continue;
-diff --git a/lib/x509/verify-high.c b/lib/x509/verify-high.c
-index 588e7ee0dc..9a16e6b42a 100644
---- a/lib/x509/verify-high.c
-+++ b/lib/x509/verify-high.c
-@@ -67,6 +67,80 @@ struct gnutls_x509_trust_list_iter {
- 
- #define DEFAULT_SIZE 127
- 
-+struct cert_set_node_st {
-+	gnutls_x509_crt_t *certs;
-+	unsigned int size;
-+};
-+
-+struct cert_set_st {
-+	struct cert_set_node_st *node;
-+	unsigned int size;
-+};
-+
-+static int
-+cert_set_init(struct cert_set_st *set, unsigned int size)
-+{
-+	memset(set, 0, sizeof(*set));
-+
-+	set->size = size;
-+	set->node = gnutls_calloc(size, sizeof(*set->node));
-+	if (!set->node) {
-+		return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-+	}
-+
-+	return 0;
-+}
-+
-+static void
-+cert_set_deinit(struct cert_set_st *set)
-+{
-+	size_t i;
-+
-+	for (i = 0; i < set->size; i++) {
-+		gnutls_free(set->node[i].certs);
-+	}
-+
-+	gnutls_free(set->node);
-+}
-+
-+static bool
-+cert_set_contains(struct cert_set_st *set, const gnutls_x509_crt_t cert)
-+{
-+	size_t hash, i;
-+
-+	hash = hash_pjw_bare(cert->raw_dn.data, cert->raw_dn.size);
-+	hash %= set->size;
-+
-+	for (i = 0; i < set->node[hash].size; i++) {
-+		if (unlikely(gnutls_x509_crt_equals(set->node[hash].certs[i], cert))) {
-+			return true;
-+		}
-+	}
-+
-+	return false;
-+}
-+
-+static int
-+cert_set_add(struct cert_set_st *set, const gnutls_x509_crt_t cert)
-+{
-+	size_t hash;
-+
-+	hash = hash_pjw_bare(cert->raw_dn.data, cert->raw_dn.size);
-+	hash %= set->size;
-+
-+	set->node[hash].certs =
-+		gnutls_realloc_fast(set->node[hash].certs,
-+				    (set->node[hash].size + 1) *
-+				    sizeof(*set->node[hash].certs));
-+	if (!set->node[hash].certs) {
-+		return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-+	}
-+	set->node[hash].certs[set->node[hash].size] = cert;
-+	set->node[hash].size++;
-+
-+	return 0;
-+}
-+
- /**
-  * gnutls_x509_trust_list_init:
-  * @list: A pointer to the type to be initialized
-@@ -1328,6 +1402,7 @@ gnutls_x509_trust_list_verify_crt2(gnutls_x509_trust_list_t list,
- 	unsigned have_set_name = 0;
- 	unsigned saved_output;
- 	gnutls_datum_t ip = {NULL, 0};
-+	struct cert_set_st cert_set = { NULL, 0 };
- 
- 	if (cert_list == NULL || cert_list_size < 1)
- 		return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-@@ -1376,36 +1451,68 @@ gnutls_x509_trust_list_verify_crt2(gnutls_x509_trust_list_t list,
- 	memcpy(sorted, cert_list, cert_list_size * sizeof(gnutls_x509_crt_t));
- 	cert_list = sorted;
- 
-+	ret = cert_set_init(&cert_set, DEFAULT_MAX_VERIFY_DEPTH);
-+	if (ret < 0) {
-+		return ret;
-+	}
-+
- 	for (i = 0; i < cert_list_size &&
--		     cert_list_size <= DEFAULT_MAX_VERIFY_DEPTH; i++) {
--		if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN)) {
--			unsigned int sorted_size;
-+		     cert_list_size <= DEFAULT_MAX_VERIFY_DEPTH; ) {
-+		unsigned int sorted_size = 1;
-+		unsigned int j;
-+		gnutls_x509_crt_t issuer;
- 
-+		if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN)) {
- 			sorted_size = _gnutls_sort_clist(&cert_list[i],
- 							 cert_list_size - i);
--			i += sorted_size - 1;
- 		}
- 
--		if (i == cert_list_size - 1) {
--			gnutls_x509_crt_t issuer;
--
--			/* If it is the last certificate and its issuer is
--			 * known, don't need to run issuer callback. */
--			if (_gnutls_trust_list_get_issuer(list,
--							  cert_list[i],
--							  &issuer,
--							  0) == 0) {
-+		/* Remove duplicates. Start with index 1, as the first element
-+		 * may be re-checked after issuer retrieval. */
-+		for (j = 1; j < sorted_size; j++) {
-+			if (cert_set_contains(&cert_set, cert_list[i + j])) {
-+				if (i + j < cert_list_size - 1) {
-+					memmove(&cert_list[i + j],
-+						&cert_list[i + j + 1],
-+						sizeof(cert_list[i]));
-+				}
-+				cert_list_size--;
- 				break;
- 			}
--		} else if (gnutls_x509_crt_check_issuer(cert_list[i],
--							cert_list[i + 1])) {
--			/* There is no gap between this and the next
--			 * certificate. */
-+		}
-+		/* Found a duplicate, try again with the same index. */
-+		if (j < sorted_size) {
-+			continue;
-+		}
-+
-+		/* Record the certificates seen. */
-+		for (j = 0; j < sorted_size; j++, i++) {
-+			ret = cert_set_add(&cert_set, cert_list[i]);
-+			if (ret < 0) {
-+				goto cleanup;
-+			}
-+		}
-+
-+		/* If the issuer of the certificate is known, no need
-+		 * for further processing. */
-+		if (_gnutls_trust_list_get_issuer(list,
-+						  cert_list[i - 1],
-+						  &issuer,
-+						  0) == 0) {
-+			cert_list_size = i;
-+			break;
-+		}
-+
-+		/* If there is no gap between this and the next certificate,
-+		 * proceed with the next certificate. */
-+		if (i < cert_list_size &&
-+		    gnutls_x509_crt_check_issuer(cert_list[i - 1],
-+						 cert_list[i])) {
- 			continue;
- 		}
- 
- 		ret = retrieve_issuers(list,
--				       cert_list[i],
-+				       cert_list[i - 1],
- 				       &retrieved[retrieved_size],
- 				       DEFAULT_MAX_VERIFY_DEPTH -
- 				       MAX(retrieved_size,
-@@ -1413,15 +1520,20 @@ gnutls_x509_trust_list_verify_crt2(gnutls_x509_trust_list_t list,
- 		if (ret < 0) {
- 			break;
- 		} else if (ret > 0) {
--			memmove(&cert_list[i + 1 + ret],
--				&cert_list[i + 1],
--				(cert_list_size - i - 1) *
-+			assert((unsigned int)ret <=
-+			       DEFAULT_MAX_VERIFY_DEPTH - cert_list_size);
-+			memmove(&cert_list[i + ret],
-+				&cert_list[i],
-+				(cert_list_size - i) *
- 				sizeof(gnutls_x509_crt_t));
--			memcpy(&cert_list[i + 1],
-+			memcpy(&cert_list[i],
- 			       &retrieved[retrieved_size],
- 			       ret * sizeof(gnutls_x509_crt_t));
- 			retrieved_size += ret;
- 			cert_list_size += ret;
-+
-+			/* Start again from the end of the previous segment. */
-+			i--;
- 		}
- 	}
- 
-@@ -1581,6 +1693,7 @@ gnutls_x509_trust_list_verify_crt2(gnutls_x509_trust_list_t list,
- 	for (i = 0; i < retrieved_size; i++) {
- 		gnutls_x509_crt_deinit(retrieved[i]);
- 	}
-+	cert_set_deinit(&cert_set);
- 	return ret;
- }
- 
-diff --git a/tests/missingissuer.c b/tests/missingissuer.c
-index f21e2b6b0c..226d095929 100644
---- a/tests/missingissuer.c
-+++ b/tests/missingissuer.c
-@@ -145,6 +145,8 @@ void doit(void)
- 		printf("[%d]: Chain '%s'...\n", (int)i, chains[i].name);
- 
- 		for (j = 0; chains[i].chain[j]; j++) {
-+			assert(j < MAX_CHAIN);
-+
- 			if (debug > 2)
- 				printf("\tAdding certificate %d...", (int)j);
- 
-diff --git a/tests/test-chains-issuer.h b/tests/test-chains-issuer.h
-index 543e2d71fb..bf1e65c956 100644
---- a/tests/test-chains-issuer.h
-+++ b/tests/test-chains-issuer.h
-@@ -24,7 +24,7 @@
- #ifndef GNUTLS_TESTS_TEST_CHAINS_ISSUER_H
- #define GNUTLS_TESTS_TEST_CHAINS_ISSUER_H
- 
--#define MAX_CHAIN 6
-+#define MAX_CHAIN 15
- 
- #define SERVER_CERT "-----BEGIN CERTIFICATE-----\n"			\
- 	"MIIDATCCAbmgAwIBAgIUQdvdegP8JFszFHLfV4+lrEdafzAwPQYJKoZIhvcNAQEK\n" \
-@@ -338,11 +338,102 @@ static const char *missing_middle_unrelated_extra_insert[] = {
- 	NULL,
- };
- 
-+static const char *missing_middle_single_duplicate[] = {
-+	SERVER_CERT,
-+	SERVER_CERT,
-+	CA_CERT_5,
-+	CA_CERT_5,
-+	CA_CERT_4,
-+	CA_CERT_4,
-+	CA_CERT_2,
-+	CA_CERT_2,
-+	CA_CERT_1,
-+	CA_CERT_1,
-+	NULL,
-+};
-+
-+static const char *missing_middle_multiple_duplicate[] = {
-+	SERVER_CERT,
-+	SERVER_CERT,
-+	CA_CERT_5,
-+	CA_CERT_5,
-+	CA_CERT_4,
-+	CA_CERT_4,
-+	CA_CERT_1,
-+	CA_CERT_1,
-+	NULL,
-+};
-+
-+static const char *missing_last_single_duplicate[] = {
-+	SERVER_CERT,
-+	SERVER_CERT,
-+	CA_CERT_5,
-+	CA_CERT_5,
-+	CA_CERT_4,
-+	CA_CERT_4,
-+	CA_CERT_3,
-+	CA_CERT_3,
-+	CA_CERT_2,
-+	CA_CERT_2,
-+	NULL,
-+};
-+
-+static const char *missing_last_multiple_duplicate[] = {
-+	SERVER_CERT,
-+	SERVER_CERT,
-+	CA_CERT_5,
-+	CA_CERT_5,
-+	CA_CERT_4,
-+	CA_CERT_4,
-+	CA_CERT_3,
-+	CA_CERT_3,
-+	NULL,
-+};
-+
-+static const char *missing_skip_single_duplicate[] = {
-+	SERVER_CERT,
-+	SERVER_CERT,
-+	CA_CERT_5,
-+	CA_CERT_5,
-+	CA_CERT_3,
-+	CA_CERT_3,
-+	CA_CERT_1,
-+	CA_CERT_1,
-+	NULL,
-+};
-+
-+static const char *missing_skip_multiple_duplicate[] = {
-+	SERVER_CERT,
-+	SERVER_CERT,
-+	CA_CERT_5,
-+	CA_CERT_5,
-+	CA_CERT_3,
-+	CA_CERT_3,
-+	NULL,
-+};
-+
- static const char *missing_ca[] = {
- 	CA_CERT_0,
- 	NULL,
- };
- 
-+static const char *middle_single_duplicate_ca[] = {
-+	SERVER_CERT,
-+	CA_CERT_5,
-+	CA_CERT_0,
-+	CA_CERT_4,
-+	CA_CERT_0,
-+	CA_CERT_2,
-+	CA_CERT_0,
-+	CA_CERT_1,
-+	NULL,
-+};
-+
-+static const char *missing_middle_single_duplicate_ca_unrelated_insert[] = {
-+	CA_CERT_0,
-+	NULL,
-+};
-+
- static struct chains {
- 	const char *name;
- 	const char **chain;
-@@ -377,6 +468,14 @@ static struct chains {
- 	{ "skip multiple unsorted", missing_skip_multiple_unsorted, missing_skip_multiple_insert, missing_ca, 0, 0 },
- 	{ "unrelated", missing_middle_single, missing_middle_unrelated_insert, missing_ca, 0, GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNER_NOT_FOUND },
- 	{ "unrelated extra", missing_middle_single, missing_middle_unrelated_extra_insert, missing_ca, 0, 0 },
-+	{ "middle single duplicate", missing_middle_single_duplicate, missing_middle_single_insert, missing_ca, 0, 0 },
-+	{ "middle multiple duplicate", missing_middle_multiple_duplicate, missing_middle_multiple_insert, missing_ca, 0, 0 },
-+	{ "last single duplicate", missing_last_single_duplicate, missing_last_single_insert, missing_ca, 0, 0 },
-+	{ "last multiple duplicate", missing_last_multiple_duplicate, missing_last_multiple_insert, missing_ca, 0, 0 },
-+	{ "skip single duplicate", missing_skip_single_duplicate, missing_skip_single_insert, missing_ca, 0, 0 },
-+	{ "skip multiple duplicate", missing_skip_multiple_duplicate, missing_skip_multiple_insert, missing_ca, 0, 0 },
-+	{ "middle single duplicate ca", middle_single_duplicate_ca, missing_middle_single_insert, missing_ca, 0, 0 },
-+	{ "middle single duplicate ca - insert unrelated", middle_single_duplicate_ca, missing_middle_single_duplicate_ca_unrelated_insert, missing_ca, 0, GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNER_NOT_FOUND },
- 	{ NULL, NULL, NULL, NULL },
- };
- 
--- 
-GitLab
-

diff --git a/net-libs/gnutls/gnutls-3.7.0-r1.ebuild b/net-libs/gnutls/gnutls-3.7.0-r1.ebuild
deleted file mode 100644
index 643a1c4d8ad..00000000000
--- a/net-libs/gnutls/gnutls-3.7.0-r1.ebuild
+++ /dev/null
@@ -1,139 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit libtool multilib-minimal
-
-DESCRIPTION="A secure communications library implementing the SSL, TLS and DTLS protocols"
-HOMEPAGE="https://www.gnutls.org/"
-SRC_URI="mirror://gnupg/gnutls/v$(ver_cut 1-2)/${P}.tar.xz"
-
-LICENSE="GPL-3 LGPL-2.1+"
-SLOT="0/30" # libgnutls.so number
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="+cxx dane doc examples guile +idn nls +openssl pkcs11 seccomp sslv2 sslv3 static-libs test test-full +tls-heartbeat tools valgrind"
-
-REQUIRED_USE="
-	test-full? ( cxx dane doc examples guile idn nls openssl pkcs11 seccomp tls-heartbeat tools )"
-RESTRICT="!test? ( test )"
-
-# NOTICE: sys-devel/autogen is required at runtime as we
-# use system libopts
-RDEPEND=">=dev-libs/libtasn1-4.9:=[${MULTILIB_USEDEP}]
-	dev-libs/libunistring:=[${MULTILIB_USEDEP}]
-	>=dev-libs/nettle-3.6:=[gmp,${MULTILIB_USEDEP}]
-	>=dev-libs/gmp-5.1.3-r1:=[${MULTILIB_USEDEP}]
-	tools? ( sys-devel/autogen:= )
-	dane? ( >=net-dns/unbound-1.4.20:=[${MULTILIB_USEDEP}] )
-	guile? ( >=dev-scheme/guile-2:=[networking] )
-	nls? ( >=virtual/libintl-0-r1:=[${MULTILIB_USEDEP}] )
-	pkcs11? ( >=app-crypt/p11-kit-0.23.1:=[${MULTILIB_USEDEP}] )
-	idn? ( >=net-dns/libidn2-0.16-r1:=[${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}
-	test? (
-		seccomp? ( sys-libs/libseccomp )
-	)"
-BDEPEND=">=virtual/pkgconfig-0-r1
-	doc? ( dev-util/gtk-doc )
-	nls? ( sys-devel/gettext )
-	tools? ( sys-devel/autogen )
-	valgrind? ( dev-util/valgrind )
-	test-full? (
-		app-crypt/dieharder
-		>=app-misc/datefudge-1.22
-		dev-libs/softhsm:2[-bindist]
-		net-dialup/ppp
-		net-misc/socat
-	)"
-
-DOCS=(
-	README.md
-	doc/certtool.cfg
-)
-
-HTML_DOCS=()
-
-PATCHES=( "${FILESDIR}"/${P}-ignore-duplicate-certificates.patch )
-
-pkg_setup() {
-	# bug#520818
-	export TZ=UTC
-
-	use doc && HTML_DOCS+=(
-		doc/gnutls.html
-	)
-}
-
-src_prepare() {
-	default
-
-	# force regeneration of autogen-ed files
-	local file
-	for file in $(grep -l AutoGen-ed src/*.c) ; do
-		rm src/$(basename ${file} .c).{c,h} || die
-	done
-
-	# don't try to use system certificate store on macOS, it is
-	# confusingly ignoring our ca-certificates and more importantly
-	# fails to compile in certain configurations
-	sed -i -e 's/__APPLE__/__NO_APPLE__/' lib/system/certs.c || die
-
-	# Use sane .so versioning on FreeBSD.
-	elibtoolize
-}
-
-multilib_src_configure() {
-	LINGUAS="${LINGUAS//en/en@boldquot en@quot}"
-
-	local libconf=()
-
-	# TPM needs to be tested before being enabled
-	libconf+=( --without-tpm )
-
-	# hardware-accell is disabled on OSX because the asm files force
-	#   GNU-stack (as doesn't support that) and when that's removed ld
-	#   complains about duplicate symbols
-	[[ ${CHOST} == *-darwin* ]] && libconf+=( --disable-hardware-acceleration )
-
-	# Cygwin as does not understand these asm files at all
-	[[ ${CHOST} == *-cygwin* ]] && libconf+=( --disable-hardware-acceleration )
-
-	local myeconfargs=(
-		$(multilib_native_enable manpages)
-		$(multilib_native_use_enable doc gtk-doc)
-		$(multilib_native_use_enable doc)
-		$(multilib_native_use_enable guile)
-		$(multilib_native_use_enable seccomp seccomp-tests)
-		$(multilib_native_use_enable test tests)
-		$(multilib_native_use_enable test-full full-test-suite)
-		$(multilib_native_use_enable tools)
-		$(multilib_native_use_enable valgrind valgrind-tests)
-		$(use_enable cxx)
-		$(use_enable dane libdane)
-		$(use_enable nls)
-		$(use_enable openssl openssl-compatibility)
-		$(use_enable sslv2 ssl2-support)
-		$(use_enable sslv3 ssl3-support)
-		$(use_enable static-libs static)
-		$(use_enable tls-heartbeat heartbeat-support)
-		$(use_with idn)
-		$(use_with pkcs11 p11-kit)
-		--disable-rpath
-		--with-default-trust-store-file="${EPREFIX}/etc/ssl/certs/ca-certificates.crt"
-		--with-unbound-root-key-file="${EPREFIX}/etc/dnssec/root-anchors.txt"
-		--without-included-libtasn1
-		$("${S}/configure" --help | grep -o -- '--without-.*-prefix')
-	)
-	ECONF_SOURCE="${S}" econf "${libconf[@]}" "${myeconfargs[@]}"
-}
-
-multilib_src_install_all() {
-	einstalldocs
-	find "${ED}" -type f -name '*.la' -delete || die
-
-	if use examples; then
-		docinto examples
-		dodoc doc/examples/*.c
-	fi
-}


^ permalink raw reply related	[flat|nested] 13+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: net-libs/gnutls/, net-libs/gnutls/files/
@ 2021-05-23 11:48 David Seifert
  0 siblings, 0 replies; 13+ messages in thread
From: David Seifert @ 2021-05-23 11:48 UTC (permalink / raw
  To: gentoo-commits

commit:     1080e719f546c07009f81a320917ff96bf4e8f26
Author:     David Seifert <soap <AT> gentoo <DOT> org>
AuthorDate: Sun May 23 11:48:05 2021 +0000
Commit:     David Seifert <soap <AT> gentoo <DOT> org>
CommitDate: Sun May 23 11:48:05 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1080e719

net-libs/gnutls: drop 3.6.15

Signed-off-by: David Seifert <soap <AT> gentoo.org>

 net-libs/gnutls/Manifest                           |   1 -
 .../gnutls-3.6.15-skip-dtls-seccomp-tests.patch    |  26 ----
 net-libs/gnutls/gnutls-3.6.15.ebuild               | 139 ---------------------
 3 files changed, 166 deletions(-)

diff --git a/net-libs/gnutls/Manifest b/net-libs/gnutls/Manifest
index 1ab16ed845f..94f3fc8017f 100644
--- a/net-libs/gnutls/Manifest
+++ b/net-libs/gnutls/Manifest
@@ -1,2 +1 @@
-DIST gnutls-3.6.15.tar.xz 6081656 BLAKE2B 6c52419037e41e817087a2577a6b73969cf065453ecf88e2f87152f544a177e4ad0ef825ae9dab243312e0223a953ab28e532bd2dbf96cb9498618415bc7f654 SHA512 f757d1532198f44bcad7b73856ce6a05bab43f6fb77fcc81c59607f146202f73023d0796d3e1e7471709cf792c8ee7d436e19407e0601bc0bda2f21512b3b01c
 DIST gnutls-3.7.1.tar.xz 6038388 BLAKE2B 1d55eb441827c7148d63bcad37bf7bc62d539ee9bc7e14c2fe5ec1d0bdcadd75e2cbc98ba104523b24c8dfd9526b4595475a818d206971cc012fac509cd33a6f SHA512 0fe801f03676c3bd970387f94578c8be7ba6030904989e7d21dffdc726209bab44c8096fbcb6d51fed2de239537bd00df2338ee9c8d984a1c386826b91062a95

diff --git a/net-libs/gnutls/files/gnutls-3.6.15-skip-dtls-seccomp-tests.patch b/net-libs/gnutls/files/gnutls-3.6.15-skip-dtls-seccomp-tests.patch
deleted file mode 100644
index dad6cec8d3d..00000000000
--- a/net-libs/gnutls/files/gnutls-3.6.15-skip-dtls-seccomp-tests.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-https://bugs.gentoo.org/649396
-https://bugs.gentoo.org/711104
-
---- a/tests/dtls-client-with-seccomp.c
-+++ b/tests/dtls-client-with-seccomp.c
-@@ -27,7 +27,7 @@
- #include <stdio.h>
- #include <stdlib.h>
- 
--#if defined(_WIN32) || !defined(HAVE_LIBSECCOMP)
-+#if 1
- 
- int main()
- {
---- a/tests/dtls-with-seccomp.c
-+++ b/tests/dtls-with-seccomp.c
-@@ -27,7 +27,7 @@
- #include <stdio.h>
- #include <stdlib.h>
- 
--#if defined(_WIN32) || !defined(HAVE_LIBSECCOMP)
-+#if 1
- 
- int main()
- {
- 

diff --git a/net-libs/gnutls/gnutls-3.6.15.ebuild b/net-libs/gnutls/gnutls-3.6.15.ebuild
deleted file mode 100644
index b5557dc3ffc..00000000000
--- a/net-libs/gnutls/gnutls-3.6.15.ebuild
+++ /dev/null
@@ -1,139 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit libtool multilib-minimal
-
-DESCRIPTION="A secure communications library implementing the SSL, TLS and DTLS protocols"
-HOMEPAGE="https://www.gnutls.org/"
-SRC_URI="mirror://gnupg/gnutls/v$(ver_cut 1-2)/${P}.tar.xz"
-
-LICENSE="GPL-3 LGPL-2.1+"
-SLOT="0/30" # libgnutls.so number
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="+cxx dane doc examples guile +idn nls +openssl pkcs11 seccomp sslv2 sslv3 static-libs test test-full +tls-heartbeat tools valgrind"
-
-REQUIRED_USE="
-	test-full? ( cxx dane doc examples guile idn nls openssl pkcs11 seccomp tls-heartbeat tools )"
-RESTRICT="!test? ( test )"
-
-# NOTICE: sys-devel/autogen is required at runtime as we
-# use system libopts
-RDEPEND=">=dev-libs/libtasn1-4.9:=[${MULTILIB_USEDEP}]
-	dev-libs/libunistring:=[${MULTILIB_USEDEP}]
-	>=dev-libs/nettle-3.4.1:=[gmp,${MULTILIB_USEDEP}]
-	>=dev-libs/gmp-5.1.3-r1:=[${MULTILIB_USEDEP}]
-	tools? ( sys-devel/autogen:= )
-	dane? ( >=net-dns/unbound-1.4.20:=[${MULTILIB_USEDEP}] )
-	guile? ( >=dev-scheme/guile-2:=[networking] )
-	nls? ( >=virtual/libintl-0-r1:=[${MULTILIB_USEDEP}] )
-	pkcs11? ( >=app-crypt/p11-kit-0.23.1:=[${MULTILIB_USEDEP}] )
-	idn? ( >=net-dns/libidn2-0.16-r1:=[${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}
-	test? (
-		seccomp? ( sys-libs/libseccomp )
-	)"
-BDEPEND=">=virtual/pkgconfig-0-r1
-	doc? ( dev-util/gtk-doc )
-	nls? ( sys-devel/gettext )
-	tools? ( sys-devel/autogen )
-	valgrind? ( dev-util/valgrind )
-	test-full? (
-		app-crypt/dieharder
-		>=app-misc/datefudge-1.22
-		dev-libs/softhsm:2[-bindist]
-		net-dialup/ppp
-		net-misc/socat
-	)"
-
-DOCS=(
-	README.md
-	doc/certtool.cfg
-)
-
-HTML_DOCS=()
-
-PATCHES=( "${FILESDIR}"/${PN}-3.6.15-skip-dtls-seccomp-tests.patch )
-
-pkg_setup() {
-	# bug#520818
-	export TZ=UTC
-
-	use doc && HTML_DOCS+=(
-		doc/gnutls.html
-	)
-}
-
-src_prepare() {
-	default
-
-	# force regeneration of autogen-ed files
-	local file
-	for file in $(grep -l AutoGen-ed src/*.c) ; do
-		rm src/$(basename ${file} .c).{c,h} || die
-	done
-
-	# don't try to use system certificate store on macOS, it is
-	# confusingly ignoring our ca-certificates and more importantly
-	# fails to compile in certain configurations
-	sed -i -e 's/__APPLE__/__NO_APPLE__/' lib/system/certs.c || die
-
-	# Use sane .so versioning on FreeBSD.
-	elibtoolize
-}
-
-multilib_src_configure() {
-	LINGUAS="${LINGUAS//en/en@boldquot en@quot}"
-
-	local libconf=()
-
-	# TPM needs to be tested before being enabled
-	libconf+=( --without-tpm )
-
-	# hardware-accell is disabled on OSX because the asm files force
-	#   GNU-stack (as doesn't support that) and when that's removed ld
-	#   complains about duplicate symbols
-	[[ ${CHOST} == *-darwin* ]] && libconf+=( --disable-hardware-acceleration )
-
-	# Cygwin as does not understand these asm files at all
-	[[ ${CHOST} == *-cygwin* ]] && libconf+=( --disable-hardware-acceleration )
-
-	local myeconfargs=(
-		$(multilib_native_enable manpages)
-		$(multilib_native_use_enable doc gtk-doc)
-		$(multilib_native_use_enable doc)
-		$(multilib_native_use_enable guile)
-		$(multilib_native_use_enable seccomp seccomp-tests)
-		$(multilib_native_use_enable test tests)
-		$(multilib_native_use_enable test-full full-test-suite)
-		$(multilib_native_use_enable tools)
-		$(multilib_native_use_enable valgrind valgrind-tests)
-		$(use_enable cxx)
-		$(use_enable dane libdane)
-		$(use_enable nls)
-		$(use_enable openssl openssl-compatibility)
-		$(use_enable sslv2 ssl2-support)
-		$(use_enable sslv3 ssl3-support)
-		$(use_enable static-libs static)
-		$(use_enable tls-heartbeat heartbeat-support)
-		$(use_with idn)
-		$(use_with pkcs11 p11-kit)
-		--disable-rpath
-		--with-default-trust-store-file="${EPREFIX}/etc/ssl/certs/ca-certificates.crt"
-		--with-unbound-root-key-file="${EPREFIX}/etc/dnssec/root-anchors.txt"
-		--without-included-libtasn1
-		$("${S}/configure" --help | grep -o -- '--without-.*-prefix')
-	)
-	ECONF_SOURCE="${S}" econf "${libconf[@]}" "${myeconfargs[@]}"
-}
-
-multilib_src_install_all() {
-	einstalldocs
-	find "${ED}" -type f -name '*.la' -delete || die
-
-	if use examples; then
-		docinto examples
-		dodoc doc/examples/*.c
-	fi
-}


^ permalink raw reply related	[flat|nested] 13+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: net-libs/gnutls/, net-libs/gnutls/files/
@ 2022-03-18  6:16 Sam James
  0 siblings, 0 replies; 13+ messages in thread
From: Sam James @ 2022-03-18  6:16 UTC (permalink / raw
  To: gentoo-commits

commit:     82957f19c28749d0004fef905c949a39aced93b2
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Mar 18 06:10:47 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Mar 18 06:16:18 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=82957f19

net-libs/gnutls: add 3.7.4

More of an exciting release than I anticipated when I started looking at it,
but for unexpected reasons!

- verify-sig support is stubbed out in the ebuild (commented out); couldn't
  enable yet because website doesn't list key from new maintainer(?) but
  distfile *does* have a valid signature from a known maintainer. gemato/gpg/
  verify-sig currently rejects a distfile if it has *any* unrecognised signatuers,
  not if *all* are.

  See https://gitlab.com/gnutls/web-pages/-/issues/3.

- Noticed `--{enable,disable}-gtk-doc` was suddenly unrecognised by `./configure`.

  The macro is used automagically upstream rather than being a hard dependency
  so if it's not available at point of `make dist`, it'll just be dropped. It looks
  like that's what happened as a new person made the release => new env.

  Temporarily unconditionally BDEPENDing on gtk-doc-am (harmless, tiny dep)
  for now.

  See https://gitlab.com/gnutls/gnutls/-/issues/1341.

- Needed to fix brotli & zstd configure arguments to be consistent with
  `./configure --help` output.

  Bug: https://gitlab.com/gnutls/gnutls/-/issues/1342

- Discovered brotli & zstd were both automagic dependencies, but it turns out
  that the zstd check was broken anyway (would always fail).

  See: https://gitlab.com/gnutls/gnutls/-/issues/1343.

Bug: https://gitlab.com/gnutls/gnutls/-/issues/1341
Bug: https://gitlab.com/gnutls/gnutls/-/issues/1342
Bug: https://gitlab.com/gnutls/gnutls/-/issues/1343
Bug: https://gitlab.com/gnutls/web-pages/-/issues/3
Signed-off-by: Sam James <sam <AT> gentoo.org>

 net-libs/gnutls/Manifest                           |   1 +
 .../files/gnutls-3.7.4-configure-compression.patch |  63 +++++++++
 net-libs/gnutls/gnutls-3.7.4.ebuild                | 157 +++++++++++++++++++++
 3 files changed, 221 insertions(+)

diff --git a/net-libs/gnutls/Manifest b/net-libs/gnutls/Manifest
index b3e46a868aac..3158b68efb68 100644
--- a/net-libs/gnutls/Manifest
+++ b/net-libs/gnutls/Manifest
@@ -1,2 +1,3 @@
 DIST gnutls-3.7.2.tar.xz 6091508 BLAKE2B f408ff65f2e08cf294b449dfac64a272a8ba40e987618960f57ee36c167a25974711ab8d11bdbd6335fbf18ac902a79b5c6b40bb6a37f4ee07549832d0611df2 SHA512 5d01d561a05379da71e4847e30ba13c2abe09f7a5c4359fd539d8bd19abad0ce87120f82ee7b6264e787bd3edbc5ae16beffa892983cbc3d59f11a1811c10329
 DIST gnutls-3.7.3.tar.xz 6119292 BLAKE2B 811e6fbb62fbd35fa63e66cfcbfc3bf899cea5cece1d2a68bc650f507df0f7be9f59c707c90fa19b7ef5a52455a663da49682704e0884af06075c566afbfc0bf SHA512 3ace744affe23e284342658d6d2d2de49dd50065489cbc8be18fc7d38187253e5268ca54027ce5cd517056c249ac039a7481e4548cec04325de37ae85617d077
+DIST gnutls-3.7.4.tar.xz 6131772 BLAKE2B 1c44528952275f48e4e458558c4e03c5b90dfb267482d6815f6c836f9530abb486a23ae5ea70ba2db7e272eee8e2066b259374f02a9bb9e714487466fd5994c9 SHA512 38b488ca1223d9aa8fc25756df08db6f29aaf76fb5816fdeaa14bd89fb431a2e1c495fefc64094f726337d5b89e198146ec7dc22e9a1bca6841a9d881b0d99e6

diff --git a/net-libs/gnutls/files/gnutls-3.7.4-configure-compression.patch b/net-libs/gnutls/files/gnutls-3.7.4-configure-compression.patch
new file mode 100644
index 000000000000..edd688d9b58a
--- /dev/null
+++ b/net-libs/gnutls/files/gnutls-3.7.4-configure-compression.patch
@@ -0,0 +1,63 @@
+https://gitlab.com/gnutls/gnutls/-/merge_requests/1557
+
+From: Sam James <sam@gentoo.org>
+Date: Fri, 18 Mar 2022 05:40:28 +0000
+Subject: [PATCH 1/2] configure.ac: fix brotli/zstd configure argument name
+
+The old `./configure` arguments for brotli and zstd respectively
+were inconsistent with the `./configure --help` output.
+
+Old: --without-libbrotli --without-libzstd (also --with-*)
+New: --without-brotli --without-zstd (also --with-*)
+
+Fixes: https://gitlab.com/gnutls/gnutls/-/issues/1342
+Signed-off-by: Sam James <sam@gentoo.org>
+--- a/configure.ac
++++ b/configure.ac
+@@ -1010,7 +1010,7 @@ if test x$ac_zlib != xno; then
+ fi
+ AC_SUBST(LIBZ_PC)
+ 
+-AC_ARG_WITH(libbrotli,
++AC_ARG_WITH(brotli,
+ 	    AS_HELP_STRING([--without-brotli], [disable brotli compression support]),
+ 	    ac_brotli=$withval, ac_brotli=yes)
+ AC_MSG_CHECKING([whether to include brotli compression support])
+@@ -1033,7 +1033,7 @@ else
+ fi
+ AM_CONDITIONAL(HAVE_LIBBROTLI, test "$with_libbrotlienc" != "no" && test "$with_libbrotlidec" != "no")
+ 
+-AC_ARG_WITH(libzstd,
++AC_ARG_WITH(zstd,
+ 	    AS_HELP_STRING([--without-zstd], [disable zstd compression support]),
+ 	    ac_zstd=$withval, ac_zstd=yes)
+ AC_MSG_CHECKING([whether to include zstd compression support])
+GitLab
+
+From: Sam James <sam@gentoo.org>
+Date: Fri, 18 Mar 2022 05:51:29 +0000
+Subject: [PATCH 2/2] configure.ac: fix zstd detection
+
+Fixes typo in zstd detection.
+
+None of the used autoconf macros will define `has_zstd_h` so
+configure will (AFAICT) always fail to find zstd, even if it succeeded
+via pkg-config moments before.
+
+Drop it and rely solely on pkg-config as that's the only search
+we're actually doing.
+
+Fixes: https://gitlab.com/gnutls/gnutls/-/issues/1343
+Signed-off-by: Sam James <sam@gentoo.org>
+--- a/configure.ac
++++ b/configure.ac
+@@ -1040,7 +1040,7 @@ AC_MSG_CHECKING([whether to include zstd compression support])
+ if test x$ac_zstd != xno; then
+     AC_MSG_RESULT(yes)
+     PKG_CHECK_MODULES(LIBZSTD, [libzstd >= 1.3.0], [with_libzstd=yes], [with_libzstd=no])
+-    if test "${with_libzstd}" = "yes" && test "${has_zstd_h}" = "yes"; then
++    if test "${with_libzstd}" = "yes"; then
+ 	AC_DEFINE([HAVE_LIBZSTD], 1, [Define if ZSTD compression is enabled.])
+ 	if test "x$GNUTLS_REQUIRES_PRIVATE" = "x"; then
+ 	    GNUTLS_REQUIRES_PRIVATE="Requires.private: libzstd"
+GitLab

diff --git a/net-libs/gnutls/gnutls-3.7.4.ebuild b/net-libs/gnutls/gnutls-3.7.4.ebuild
new file mode 100644
index 000000000000..aa86f0ac1050
--- /dev/null
+++ b/net-libs/gnutls/gnutls-3.7.4.ebuild
@@ -0,0 +1,157 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+# 3.7.4 has an additional signature from a non-listed maintainer on gnutls.org
+# and verify-sig.eclass dies on it. It does have a legitimate signature from
+# a listed maintainer though, it's just that the eclass dislikes an extra signature
+# from someone it doesn't recognise.
+# https://gitlab.com/gnutls/web-pages/-/issues/3
+#VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/gnutls.asc
+
+inherit autotools libtool multilib-minimal
+
+DESCRIPTION="A secure communications library implementing the SSL, TLS and DTLS protocols"
+HOMEPAGE="https://www.gnutls.org/"
+SRC_URI="mirror://gnupg/gnutls/v$(ver_cut 1-2)/${P}.tar.xz"
+#SRC_URI+=" verify-sig? ( mirror://gnupg/gnutls/v$(ver_cut 1-2)/${P}.tar.xz.sig )"
+
+LICENSE="GPL-3 LGPL-2.1+"
+SLOT="0/30" # libgnutls.so number
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="brotli +cxx dane doc examples guile +idn nls +openssl pkcs11 seccomp sslv2 sslv3 static-libs test test-full +tls-heartbeat tools valgrind zlib zstd"
+
+REQUIRED_USE="test-full? ( cxx dane doc examples guile idn nls openssl pkcs11 seccomp tls-heartbeat tools )"
+RESTRICT="!test? ( test )"
+
+RDEPEND=">=dev-libs/libtasn1-4.9:=[${MULTILIB_USEDEP}]
+	dev-libs/libunistring:=[${MULTILIB_USEDEP}]
+	>=dev-libs/nettle-3.6:=[gmp,${MULTILIB_USEDEP}]
+	>=dev-libs/gmp-5.1.3-r1:=[${MULTILIB_USEDEP}]
+	brotli? ( >=app-arch/brotli-1.0.0:=[${MULTILIB_USEDEP}] )
+	dane? ( >=net-dns/unbound-1.4.20:=[${MULTILIB_USEDEP}] )
+	guile? ( >=dev-scheme/guile-2:=[networking] )
+	nls? ( >=virtual/libintl-0-r1:=[${MULTILIB_USEDEP}] )
+	pkcs11? ( >=app-crypt/p11-kit-0.23.1[${MULTILIB_USEDEP}] )
+	idn? ( >=net-dns/libidn2-0.16-r1:=[${MULTILIB_USEDEP}] )
+	zlib? ( sys-libs/zlib[${MULTILIB_USEDEP}] )
+	zstd? ( >=app-arch/zstd-1.3.0:=[${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}
+	test? (
+		seccomp? ( sys-libs/libseccomp )
+	)"
+BDEPEND="
+	dev-util/gtk-doc-am
+	>=virtual/pkgconfig-0-r1
+	doc? ( dev-util/gtk-doc )
+	nls? ( sys-devel/gettext )
+	valgrind? ( dev-util/valgrind )
+	test-full? (
+		app-crypt/dieharder
+		>=app-misc/datefudge-1.22
+		dev-libs/softhsm:2[-bindist(-)]
+		net-dialup/ppp
+		net-misc/socat
+	)"
+#	verify-sig? ( sec-keys/openpgp-keys-gnutls )"
+
+DOCS=( README.md doc/certtool.cfg )
+
+HTML_DOCS=()
+
+PATCHES=(
+	"${FILESDIR}"/${P}-configure-compression.patch
+)
+
+pkg_setup() {
+	# bug #520818
+	export TZ=UTC
+
+	use doc && HTML_DOCS+=(
+		doc/gnutls.html
+	)
+}
+
+src_prepare() {
+	default
+
+	# don't try to use system certificate store on macOS, it is
+	# confusingly ignoring our ca-certificates and more importantly
+	# fails to compile in certain configurations
+	sed -i -e 's/__APPLE__/__NO_APPLE__/' lib/system/certs.c || die
+
+	# Use sane .so versioning on FreeBSD.
+	#elibtoolize
+
+	# Need eautoreconf for:
+	# 1) gtk-doc macro fix
+	#    (once fixed, we can drop unconditional gtk-doc-am BDEPEND too)
+	#    see https://gitlab.com/gnutls/gnutls/-/issues/1341
+	#
+	# 2) configure fixes for brotli, zstd
+	#    see https://gitlab.com/gnutls/gnutls/-/issues/1343
+	eautoreconf
+}
+
+multilib_src_configure() {
+	LINGUAS="${LINGUAS//en/en@boldquot en@quot}"
+
+	local libconf=()
+
+	# TPM needs to be tested before being enabled
+	# Note that this may add a libltdl dep when enabled. Check configure.ac.
+	libconf+=(
+		--without-tpm
+		--without-tpm2
+	)
+
+	# hardware-accel is disabled on OSX because the asm files force
+	#   GNU-stack (as doesn't support that) and when that's removed ld
+	#   complains about duplicate symbols
+	[[ ${CHOST} == *-darwin* ]] && libconf+=( --disable-hardware-acceleration )
+
+	# Cygwin as does not understand these asm files at all
+	[[ ${CHOST} == *-cygwin* ]] && libconf+=( --disable-hardware-acceleration )
+
+	local myeconfargs=(
+		$(multilib_native_enable manpages)
+		$(multilib_native_use_enable doc gtk-doc)
+		$(multilib_native_use_enable doc)
+		$(multilib_native_use_enable guile)
+		$(multilib_native_use_enable seccomp seccomp-tests)
+		$(multilib_native_use_enable test tests)
+		$(multilib_native_use_enable test-full full-test-suite)
+		$(multilib_native_use_enable tools)
+		$(multilib_native_use_enable valgrind valgrind-tests)
+		$(use_enable cxx)
+		$(use_enable dane libdane)
+		$(use_enable nls)
+		$(use_enable openssl openssl-compatibility)
+		$(use_enable sslv2 ssl2-support)
+		$(use_enable sslv3 ssl3-support)
+		$(use_enable static-libs static)
+		$(use_enable tls-heartbeat heartbeat-support)
+		$(use_with brotli)
+		$(use_with idn)
+		$(use_with pkcs11 p11-kit)
+		$(use_with zlib)
+		$(use_with zstd)
+		--disable-rpath
+		--with-default-trust-store-file="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt
+		--with-unbound-root-key-file="${EPREFIX}"/etc/dnssec/root-anchors.txt
+		--without-included-libtasn1
+		$("${S}/configure" --help | grep -o -- '--without-.*-prefix')
+	)
+	ECONF_SOURCE="${S}" econf "${libconf[@]}" "${myeconfargs[@]}"
+}
+
+multilib_src_install_all() {
+	einstalldocs
+	find "${ED}" -type f -name '*.la' -delete || die
+
+	if use examples; then
+		docinto examples
+		dodoc doc/examples/*.c
+	fi
+}


^ permalink raw reply related	[flat|nested] 13+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: net-libs/gnutls/, net-libs/gnutls/files/
@ 2022-05-14 21:24 Sam James
  0 siblings, 0 replies; 13+ messages in thread
From: Sam James @ 2022-05-14 21:24 UTC (permalink / raw
  To: gentoo-commits

commit:     7ac241549034d7ca490acb1ea8321daf25b4fd21
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat May 14 04:03:23 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat May 14 21:22:25 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7ac24154

net-libs/gnutls: drop 3.7.4

Signed-off-by: Sam James <sam <AT> gentoo.org>

 net-libs/gnutls/Manifest                           |   2 -
 .../files/gnutls-3.7.4-configure-compression.patch |  63 ---------
 net-libs/gnutls/gnutls-3.7.4.ebuild                | 153 ---------------------
 3 files changed, 218 deletions(-)

diff --git a/net-libs/gnutls/Manifest b/net-libs/gnutls/Manifest
index b80bc56323a2..cdc465872bb4 100644
--- a/net-libs/gnutls/Manifest
+++ b/net-libs/gnutls/Manifest
@@ -1,6 +1,4 @@
 DIST gnutls-3.7.2.tar.xz 6091508 BLAKE2B f408ff65f2e08cf294b449dfac64a272a8ba40e987618960f57ee36c167a25974711ab8d11bdbd6335fbf18ac902a79b5c6b40bb6a37f4ee07549832d0611df2 SHA512 5d01d561a05379da71e4847e30ba13c2abe09f7a5c4359fd539d8bd19abad0ce87120f82ee7b6264e787bd3edbc5ae16beffa892983cbc3d59f11a1811c10329
 DIST gnutls-3.7.3.tar.xz 6119292 BLAKE2B 811e6fbb62fbd35fa63e66cfcbfc3bf899cea5cece1d2a68bc650f507df0f7be9f59c707c90fa19b7ef5a52455a663da49682704e0884af06075c566afbfc0bf SHA512 3ace744affe23e284342658d6d2d2de49dd50065489cbc8be18fc7d38187253e5268ca54027ce5cd517056c249ac039a7481e4548cec04325de37ae85617d077
-DIST gnutls-3.7.4.tar.xz 6131772 BLAKE2B 1c44528952275f48e4e458558c4e03c5b90dfb267482d6815f6c836f9530abb486a23ae5ea70ba2db7e272eee8e2066b259374f02a9bb9e714487466fd5994c9 SHA512 38b488ca1223d9aa8fc25756df08db6f29aaf76fb5816fdeaa14bd89fb431a2e1c495fefc64094f726337d5b89e198146ec7dc22e9a1bca6841a9d881b0d99e6
-DIST gnutls-3.7.4.tar.xz.sig 685 BLAKE2B ad485450abb916a229984f8f0d74fe7c46a0a87627f9d739f8121dccf36f4ca454007178f2a4e9bd5fffa2813363481bf80eaeee40f86e1b9c23b1f25dff7b4c SHA512 74b8badd67e215313583bd25c7b639207860af45d6f5cbcb81f1aaf46dacf0992b6d06876979594688e13dac5b8b27ba39935626374b4ddaa3e48118bbc2e7de
 DIST gnutls-3.7.5.tar.xz 6321392 BLAKE2B e7b2da643dc8d5160d1872655ed6771b89587d62132eccfe0b7ce0cc9e81daa27b3608608df3301787d89148a27d321266ac52c1fde06afd2e821575e8805403 SHA512 2e4898e6aeff4f82abd48e6a442f5c9ebe4ecaeb0c038b76e2da8e468f6a7ae37fef5e8de17d90346f29aa0b56a08abf67fe8b81ba09dcf4612cc3b97b830bec
 DIST gnutls-3.7.5.tar.xz.sig 685 BLAKE2B 0a7fdeae9b10382e962c5ea7b49fbb2c0829203bded123597b7718b0cd9483204498a05556da82518f40a4775c90a9b275afdbb4d6a65e7a9396bd0c40ca522a SHA512 1110b859299d13c5121f9c68d6faf099a62b13500cd1c994ac6dea49d69c29a351fd4de42bb66fe01d2e6feef9c3fbd344e8eec0a409c804699d3f7956fe28ff

diff --git a/net-libs/gnutls/files/gnutls-3.7.4-configure-compression.patch b/net-libs/gnutls/files/gnutls-3.7.4-configure-compression.patch
deleted file mode 100644
index edd688d9b58a..000000000000
--- a/net-libs/gnutls/files/gnutls-3.7.4-configure-compression.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-https://gitlab.com/gnutls/gnutls/-/merge_requests/1557
-
-From: Sam James <sam@gentoo.org>
-Date: Fri, 18 Mar 2022 05:40:28 +0000
-Subject: [PATCH 1/2] configure.ac: fix brotli/zstd configure argument name
-
-The old `./configure` arguments for brotli and zstd respectively
-were inconsistent with the `./configure --help` output.
-
-Old: --without-libbrotli --without-libzstd (also --with-*)
-New: --without-brotli --without-zstd (also --with-*)
-
-Fixes: https://gitlab.com/gnutls/gnutls/-/issues/1342
-Signed-off-by: Sam James <sam@gentoo.org>
---- a/configure.ac
-+++ b/configure.ac
-@@ -1010,7 +1010,7 @@ if test x$ac_zlib != xno; then
- fi
- AC_SUBST(LIBZ_PC)
- 
--AC_ARG_WITH(libbrotli,
-+AC_ARG_WITH(brotli,
- 	    AS_HELP_STRING([--without-brotli], [disable brotli compression support]),
- 	    ac_brotli=$withval, ac_brotli=yes)
- AC_MSG_CHECKING([whether to include brotli compression support])
-@@ -1033,7 +1033,7 @@ else
- fi
- AM_CONDITIONAL(HAVE_LIBBROTLI, test "$with_libbrotlienc" != "no" && test "$with_libbrotlidec" != "no")
- 
--AC_ARG_WITH(libzstd,
-+AC_ARG_WITH(zstd,
- 	    AS_HELP_STRING([--without-zstd], [disable zstd compression support]),
- 	    ac_zstd=$withval, ac_zstd=yes)
- AC_MSG_CHECKING([whether to include zstd compression support])
-GitLab
-
-From: Sam James <sam@gentoo.org>
-Date: Fri, 18 Mar 2022 05:51:29 +0000
-Subject: [PATCH 2/2] configure.ac: fix zstd detection
-
-Fixes typo in zstd detection.
-
-None of the used autoconf macros will define `has_zstd_h` so
-configure will (AFAICT) always fail to find zstd, even if it succeeded
-via pkg-config moments before.
-
-Drop it and rely solely on pkg-config as that's the only search
-we're actually doing.
-
-Fixes: https://gitlab.com/gnutls/gnutls/-/issues/1343
-Signed-off-by: Sam James <sam@gentoo.org>
---- a/configure.ac
-+++ b/configure.ac
-@@ -1040,7 +1040,7 @@ AC_MSG_CHECKING([whether to include zstd compression support])
- if test x$ac_zstd != xno; then
-     AC_MSG_RESULT(yes)
-     PKG_CHECK_MODULES(LIBZSTD, [libzstd >= 1.3.0], [with_libzstd=yes], [with_libzstd=no])
--    if test "${with_libzstd}" = "yes" && test "${has_zstd_h}" = "yes"; then
-+    if test "${with_libzstd}" = "yes"; then
- 	AC_DEFINE([HAVE_LIBZSTD], 1, [Define if ZSTD compression is enabled.])
- 	if test "x$GNUTLS_REQUIRES_PRIVATE" = "x"; then
- 	    GNUTLS_REQUIRES_PRIVATE="Requires.private: libzstd"
-GitLab

diff --git a/net-libs/gnutls/gnutls-3.7.4.ebuild b/net-libs/gnutls/gnutls-3.7.4.ebuild
deleted file mode 100644
index 6eaf9997a965..000000000000
--- a/net-libs/gnutls/gnutls-3.7.4.ebuild
+++ /dev/null
@@ -1,153 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/gnutls.asc
-inherit autotools multilib-minimal verify-sig
-
-DESCRIPTION="A secure communications library implementing the SSL, TLS and DTLS protocols"
-HOMEPAGE="https://www.gnutls.org/"
-SRC_URI="mirror://gnupg/gnutls/v$(ver_cut 1-2)/${P}.tar.xz"
-SRC_URI+=" verify-sig? ( mirror://gnupg/gnutls/v$(ver_cut 1-2)/${P}.tar.xz.sig )"
-
-LICENSE="GPL-3 LGPL-2.1+"
-SLOT="0/30" # libgnutls.so number
-# Drop keywords while figuring out what to do (if anything) about USE=cxx ABI break
-# https://gitlab.com/gnutls/gnutls/-/commit/f746f7d4be0070395834bef8e7f7b6f9c8d3158b
-#KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="brotli +cxx dane doc examples guile +idn nls +openssl pkcs11 seccomp sslv2 sslv3 static-libs test test-full +tls-heartbeat tools valgrind zlib zstd"
-
-REQUIRED_USE="test-full? ( cxx dane doc examples guile idn nls openssl pkcs11 seccomp tls-heartbeat tools )"
-RESTRICT="!test? ( test )"
-
-RDEPEND=">=dev-libs/libtasn1-4.9:=[${MULTILIB_USEDEP}]
-	dev-libs/libunistring:=[${MULTILIB_USEDEP}]
-	>=dev-libs/nettle-3.6:=[gmp,${MULTILIB_USEDEP}]
-	>=dev-libs/gmp-5.1.3-r1:=[${MULTILIB_USEDEP}]
-	brotli? ( >=app-arch/brotli-1.0.0:=[${MULTILIB_USEDEP}] )
-	dane? ( >=net-dns/unbound-1.4.20:=[${MULTILIB_USEDEP}] )
-	guile? ( >=dev-scheme/guile-2:=[networking] )
-	nls? ( >=virtual/libintl-0-r1:=[${MULTILIB_USEDEP}] )
-	pkcs11? ( >=app-crypt/p11-kit-0.23.1[${MULTILIB_USEDEP}] )
-	idn? ( >=net-dns/libidn2-0.16-r1:=[${MULTILIB_USEDEP}] )
-	zlib? ( sys-libs/zlib[${MULTILIB_USEDEP}] )
-	zstd? ( >=app-arch/zstd-1.3.0:=[${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}
-	test? (
-		seccomp? ( sys-libs/libseccomp )
-	)"
-BDEPEND="
-	dev-util/gtk-doc-am
-	>=virtual/pkgconfig-0-r1
-	doc? ( dev-util/gtk-doc )
-	nls? ( sys-devel/gettext )
-	valgrind? ( dev-util/valgrind )
-	test-full? (
-		app-crypt/dieharder
-		>=app-misc/datefudge-1.22
-		dev-libs/softhsm:2[-bindist(-)]
-		net-dialup/ppp
-		net-misc/socat
-	)
-	verify-sig? ( >=sec-keys/openpgp-keys-gnutls-20220320 )"
-
-DOCS=( README.md doc/certtool.cfg )
-
-HTML_DOCS=()
-
-PATCHES=(
-	"${FILESDIR}"/${P}-configure-compression.patch
-)
-
-pkg_setup() {
-	# bug #520818
-	export TZ=UTC
-
-	use doc && HTML_DOCS+=(
-		doc/gnutls.html
-	)
-}
-
-src_prepare() {
-	default
-
-	# don't try to use system certificate store on macOS, it is
-	# confusingly ignoring our ca-certificates and more importantly
-	# fails to compile in certain configurations
-	sed -i -e 's/__APPLE__/__NO_APPLE__/' lib/system/certs.c || die
-
-	# Use sane .so versioning on FreeBSD.
-	#elibtoolize
-
-	# Need eautoreconf for:
-	# 1) gtk-doc macro fix
-	#    (once fixed, we can drop unconditional gtk-doc-am BDEPEND too)
-	#    see https://gitlab.com/gnutls/gnutls/-/issues/1341
-	#
-	# 2) configure fixes for brotli, zstd
-	#    see https://gitlab.com/gnutls/gnutls/-/issues/1343
-	eautoreconf
-}
-
-multilib_src_configure() {
-	LINGUAS="${LINGUAS//en/en@boldquot en@quot}"
-
-	local libconf=()
-
-	# TPM needs to be tested before being enabled
-	# Note that this may add a libltdl dep when enabled. Check configure.ac.
-	libconf+=(
-		--without-tpm
-		--without-tpm2
-	)
-
-	# hardware-accel is disabled on OSX because the asm files force
-	#   GNU-stack (as doesn't support that) and when that's removed ld
-	#   complains about duplicate symbols
-	[[ ${CHOST} == *-darwin* ]] && libconf+=( --disable-hardware-acceleration )
-
-	# Cygwin as does not understand these asm files at all
-	[[ ${CHOST} == *-cygwin* ]] && libconf+=( --disable-hardware-acceleration )
-
-	local myeconfargs=(
-		$(multilib_native_enable manpages)
-		$(multilib_native_use_enable doc gtk-doc)
-		$(multilib_native_use_enable doc)
-		$(multilib_native_use_enable guile)
-		$(multilib_native_use_enable seccomp seccomp-tests)
-		$(multilib_native_use_enable test tests)
-		$(multilib_native_use_enable test-full full-test-suite)
-		$(multilib_native_use_enable tools)
-		$(multilib_native_use_enable valgrind valgrind-tests)
-		$(use_enable cxx)
-		$(use_enable dane libdane)
-		$(use_enable nls)
-		$(use_enable openssl openssl-compatibility)
-		$(use_enable sslv2 ssl2-support)
-		$(use_enable sslv3 ssl3-support)
-		$(use_enable static-libs static)
-		$(use_enable tls-heartbeat heartbeat-support)
-		$(use_with brotli)
-		$(use_with idn)
-		$(use_with pkcs11 p11-kit)
-		$(use_with zlib)
-		$(use_with zstd)
-		--disable-rpath
-		--with-default-trust-store-file="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt
-		--with-unbound-root-key-file="${EPREFIX}"/etc/dnssec/root-anchors.txt
-		--without-included-libtasn1
-		$("${S}/configure" --help | grep -o -- '--without-.*-prefix')
-	)
-	ECONF_SOURCE="${S}" econf "${libconf[@]}" "${myeconfargs[@]}"
-}
-
-multilib_src_install_all() {
-	einstalldocs
-	find "${ED}" -type f -name '*.la' -delete || die
-
-	if use examples; then
-		docinto examples
-		dodoc doc/examples/*.c
-	fi
-}


^ permalink raw reply related	[flat|nested] 13+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: net-libs/gnutls/, net-libs/gnutls/files/
@ 2024-04-27 22:11 Sam James
  0 siblings, 0 replies; 13+ messages in thread
From: Sam James @ 2024-04-27 22:11 UTC (permalink / raw
  To: gentoo-commits

commit:     3e414999ed5919555adceb25d8abf547f001f034
Author:     Christopher Fore <csfore <AT> posteo <DOT> net>
AuthorDate: Tue Apr 23 22:59:04 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Apr 27 22:10:27 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3e414999

net-libs/gnutls: Add patch to fix Wireshark tests

- GnuTLS tests pass
- Wireshark tests pass now with this

[sam: add more references to patch]

Closes: https://bugs.gentoo.org/930529
Closes: https://bugs.gentoo.org/930752
Signed-off-by: Christopher Fore <csfore <AT> posteo.net>
Closes: https://github.com/gentoo/gentoo/pull/36392
Signed-off-by: Sam James <sam <AT> gentoo.org>

 ...3.8.5-fix-rsaes-pkcs1-systemd-wide-config.patch | 261 +++++++++++++++++++++
 net-libs/gnutls/gnutls-3.8.5-r1.ebuild             | 155 ++++++++++++
 2 files changed, 416 insertions(+)

diff --git a/net-libs/gnutls/files/gnutls-3.8.5-fix-rsaes-pkcs1-systemd-wide-config.patch b/net-libs/gnutls/files/gnutls-3.8.5-fix-rsaes-pkcs1-systemd-wide-config.patch
new file mode 100644
index 000000000000..6905f793ab4f
--- /dev/null
+++ b/net-libs/gnutls/files/gnutls-3.8.5-fix-rsaes-pkcs1-systemd-wide-config.patch
@@ -0,0 +1,261 @@
+https://bugs.gentoo.org/930752
+https://bugs.gentoo.org/930529
+https://gitlab.com/gnutls/gnutls/-/issues/1540
+https://gitlab.com/gnutls/gnutls/-/merge_requests/1830
+https://gitlab.com/gnutls/gnutls/-/commit/2d73d945c4b1dfcf8d2328c4d23187d62ffaab2d
+
+From 2d73d945c4b1dfcf8d2328c4d23187d62ffaab2d Mon Sep 17 00:00:00 2001
+From: Zoltan Fridrich <zfridric@redhat.com>
+Date: Wed, 10 Apr 2024 12:51:33 +0200
+Subject: [PATCH] Fix RSAES-PKCS1-v1_5 system-wide configuration
+
+Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
+--- a/lib/priority.c
++++ b/lib/priority.c
+@@ -1018,6 +1018,12 @@ struct cfg {
+ 	bool force_ext_master_secret_set;
+ };
+ 
++static inline void cfg_init(struct cfg *cfg)
++{
++	memset(cfg, 0, sizeof(*cfg));
++	cfg->allow_rsa_pkcs1_encrypt = true;
++}
++
+ static inline void cfg_deinit(struct cfg *cfg)
+ {
+ 	if (cfg->priority_strings) {
+@@ -1095,6 +1101,12 @@ struct ini_ctx {
+ 	size_t curves_size;
+ };
+ 
++static inline void ini_ctx_init(struct ini_ctx *ctx)
++{
++	memset(ctx, 0, sizeof(*ctx));
++	cfg_init(&ctx->cfg);
++}
++
+ static inline void ini_ctx_deinit(struct ini_ctx *ctx)
+ {
+ 	cfg_deinit(&ctx->cfg);
+@@ -1423,9 +1435,6 @@ static inline int cfg_apply(struct cfg *cfg, struct ini_ctx *ctx)
+ 		_gnutls_default_priority_string = cfg->default_priority_string;
+ 	}
+ 
+-	/* enable RSA-PKCS1-V1_5 by default */
+-	cfg->allow_rsa_pkcs1_encrypt = true;
+-
+ 	if (cfg->allowlisting) {
+ 		/* also updates `flags` of global `hash_algorithms[]` */
+ 		ret = cfg_hashes_set_array(cfg, ctx->hashes, ctx->hashes_size);
+@@ -2217,22 +2226,73 @@ update_system_wide_priority_string(void)
+ 	return 0;
+ }
+ 
++/* Returns false on parse error, otherwise true.
++ * The system_wide_config must be locked for writing.
++ */
++static inline bool load_system_priority_file(void)
++{
++	int err;
++	FILE *fp;
++	struct ini_ctx ctx;
++
++	cfg_init(&system_wide_config);
++
++	fp = fopen(system_priority_file, "re");
++	if (fp == NULL) {
++		_gnutls_debug_log("cfg: unable to open: %s: %d\n",
++				  system_priority_file, errno);
++		return true;
++	}
++
++	/* Parsing the configuration file needs to be done in 2 phases:
++	 * first parsing the [global] section
++	 * and then the other sections,
++	 * because the [global] section modifies the parsing behavior.
++	 */
++	ini_ctx_init(&ctx);
++	err = ini_parse_file(fp, global_ini_handler, &ctx);
++	if (!err) {
++		if (fseek(fp, 0L, SEEK_SET) < 0) {
++			_gnutls_debug_log("cfg: unable to rewind: %s\n",
++					  system_priority_file);
++			if (fail_on_invalid_config)
++				exit(1);
++		}
++		err = ini_parse_file(fp, cfg_ini_handler, &ctx);
++	}
++	fclose(fp);
++	if (err) {
++		ini_ctx_deinit(&ctx);
++		_gnutls_debug_log("cfg: unable to parse: %s: %d\n",
++				  system_priority_file, err);
++		return false;
++	}
++	cfg_apply(&system_wide_config, &ctx);
++	ini_ctx_deinit(&ctx);
++	return true;
++}
++
+ static int _gnutls_update_system_priorities(bool defer_system_wide)
+ {
+-	int ret, err = 0;
++	int ret;
++	bool config_parse_error = false;
+ 	struct stat sb;
+-	FILE *fp;
+ 	gnutls_buffer_st buf;
+-	struct ini_ctx ctx;
+ 
+ 	ret = gnutls_rwlock_rdlock(&system_wide_config_rwlock);
+-	if (ret < 0) {
++	if (ret < 0)
+ 		return gnutls_assert_val(ret);
+-	}
+ 
+ 	if (stat(system_priority_file, &sb) < 0) {
+ 		_gnutls_debug_log("cfg: unable to access: %s: %d\n",
+ 				  system_priority_file, errno);
++
++		(void)gnutls_rwlock_unlock(&system_wide_config_rwlock);
++		ret = gnutls_rwlock_wrlock(&system_wide_config_rwlock);
++		if (ret < 0)
++			goto out;
++		/* If system-wide config is unavailable, apply the defaults */
++		cfg_init(&system_wide_config);
+ 		goto out;
+ 	}
+ 
+@@ -2240,63 +2300,27 @@ static int _gnutls_update_system_priorities(bool defer_system_wide)
+ 	    system_priority_last_mod == sb.st_mtime) {
+ 		_gnutls_debug_log("cfg: system priority %s has not changed\n",
+ 				  system_priority_file);
+-		if (system_wide_config.priority_string) {
++		if (system_wide_config.priority_string)
+ 			goto out; /* nothing to do */
+-		}
+ 	}
+ 
+ 	(void)gnutls_rwlock_unlock(&system_wide_config_rwlock);
+ 
+ 	ret = gnutls_rwlock_wrlock(&system_wide_config_rwlock);
+-	if (ret < 0) {
++	if (ret < 0)
+ 		return gnutls_assert_val(ret);
+-	}
+ 
+ 	/* Another thread could have successfully re-read system-wide config,
+ 	 * skip re-reading if the mtime it has used is exactly the same.
+ 	 */
+-	if (system_priority_file_loaded) {
++	if (system_priority_file_loaded)
+ 		system_priority_file_loaded =
+ 			(system_priority_last_mod == sb.st_mtime);
+-	}
+ 
+ 	if (!system_priority_file_loaded) {
+-		_name_val_array_clear(&system_wide_config.priority_strings);
+-
+-		gnutls_free(system_wide_config.priority_string);
+-		system_wide_config.priority_string = NULL;
+-
+-		fp = fopen(system_priority_file, "re");
+-		if (fp == NULL) {
+-			_gnutls_debug_log("cfg: unable to open: %s: %d\n",
+-					  system_priority_file, errno);
++		config_parse_error = !load_system_priority_file();
++		if (config_parse_error)
+ 			goto out;
+-		}
+-		/* Parsing the configuration file needs to be done in 2 phases:
+-		 * first parsing the [global] section
+-		 * and then the other sections,
+-		 * because the [global] section modifies the parsing behavior.
+-		 */
+-		memset(&ctx, 0, sizeof(ctx));
+-		err = ini_parse_file(fp, global_ini_handler, &ctx);
+-		if (!err) {
+-			if (fseek(fp, 0L, SEEK_SET) < 0) {
+-				_gnutls_debug_log("cfg: unable to rewind: %s\n",
+-						  system_priority_file);
+-				if (fail_on_invalid_config)
+-					exit(1);
+-			}
+-			err = ini_parse_file(fp, cfg_ini_handler, &ctx);
+-		}
+-		fclose(fp);
+-		if (err) {
+-			ini_ctx_deinit(&ctx);
+-			_gnutls_debug_log("cfg: unable to parse: %s: %d\n",
+-					  system_priority_file, err);
+-			goto out;
+-		}
+-		cfg_apply(&system_wide_config, &ctx);
+-		ini_ctx_deinit(&ctx);
+ 		_gnutls_debug_log("cfg: loaded system config %s mtime %lld\n",
+ 				  system_priority_file,
+ 				  (unsigned long long)sb.st_mtime);
+@@ -2332,9 +2356,8 @@ static int _gnutls_update_system_priorities(bool defer_system_wide)
+ out:
+ 	(void)gnutls_rwlock_unlock(&system_wide_config_rwlock);
+ 
+-	if (err && fail_on_invalid_config) {
++	if (config_parse_error && fail_on_invalid_config)
+ 		exit(1);
+-	}
+ 
+ 	return ret;
+ }
+--- a/tests/system-override-allow-rsa-pkcs1-encrypt.sh
++++ b/tests/system-override-allow-rsa-pkcs1-encrypt.sh
+@@ -19,9 +19,8 @@
+ # You should have received a copy of the GNU Lesser General Public License
+ # along with this program.  If not, see <https://www.gnu.org/licenses/>
+ 
+-: ${srcdir=.}
+-TEST=${srcdir}/rsaes-pkcs1-v1_5
+-CONF=${srcdir}/config.$$.tmp
++TEST=${builddir}/rsaes-pkcs1-v1_5
++CONF=config.$$.tmp
+ export GNUTLS_SYSTEM_PRIORITY_FILE=${CONF}
+ export GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID=1
+ 
+@@ -38,15 +37,33 @@ cat <<_EOF_ > ${CONF}
+ allow-rsa-pkcs1-encrypt = true
+ _EOF_
+ 
+-${TEST} && fail "RSAES-PKCS1-v1_5 expected to succeed"
++${TEST}
++if [ $? != 0 ]; then
++	echo "${TEST} expected to succeed"
++	exit 1
++fi
++echo "RSAES-PKCS1-v1_5 successfully enabled"
+ 
+ cat <<_EOF_ > ${CONF}
+ [overrides]
+ allow-rsa-pkcs1-encrypt = false
+ _EOF_
+ 
+-${TEST} || fail "RSAES-PKCS1-v1_5 expected to fail"
++${TEST}
++if [ $? = 0 ]; then
++	echo "${TEST} expected to fail"
++	exit 1
++fi
++echo "RSAES-PKCS1-v1_5 successfully disabled"
+ 
+ unset GNUTLS_SYSTEM_PRIORITY_FILE
+ unset GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID
++
++${TEST}
++if [ $? != 0 ]; then
++	echo "${TEST} expected to succeed by default"
++	exit 1
++fi
++echo "RSAES-PKCS1-v1_5 successfully enabled by default"
++
+ exit 0
+-- 
+GitLab

diff --git a/net-libs/gnutls/gnutls-3.8.5-r1.ebuild b/net-libs/gnutls/gnutls-3.8.5-r1.ebuild
new file mode 100644
index 000000000000..24fba955fe8e
--- /dev/null
+++ b/net-libs/gnutls/gnutls-3.8.5-r1.ebuild
@@ -0,0 +1,155 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/gnutls.asc
+inherit libtool multilib-minimal verify-sig
+
+DESCRIPTION="A secure communications library implementing the SSL, TLS and DTLS protocols"
+HOMEPAGE="https://www.gnutls.org/"
+SRC_URI="mirror://gnupg/gnutls/v$(ver_cut 1-2)/${P}.tar.xz"
+SRC_URI+=" verify-sig? ( mirror://gnupg/gnutls/v$(ver_cut 1-2)/${P}.tar.xz.sig )"
+
+LICENSE="GPL-3 LGPL-2.1+"
+# As of 3.8.0, the C++ library is header-only, but we won't drop the subslot
+# component for it until libgnutls.so breaks ABI, to avoid pointless rebuilds.
+# Subslot format:
+# <libgnutls.so number>.<libgnutlsxx.so number>
+SLOT="0/30.30"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+IUSE="brotli +cxx dane doc examples +idn nls +openssl pkcs11 seccomp sslv2 sslv3 static-libs test test-full +tls-heartbeat tools zlib zstd"
+REQUIRED_USE="test-full? ( cxx dane doc examples idn nls openssl pkcs11 seccomp tls-heartbeat tools )"
+RESTRICT="!test? ( test )"
+
+RDEPEND="
+	>=dev-libs/libtasn1-4.9:=[${MULTILIB_USEDEP}]
+	dev-libs/libunistring:=[${MULTILIB_USEDEP}]
+	>=dev-libs/nettle-3.6:=[gmp,${MULTILIB_USEDEP}]
+	>=dev-libs/gmp-5.1.3-r1:=[${MULTILIB_USEDEP}]
+	brotli? ( >=app-arch/brotli-1.0.0:=[${MULTILIB_USEDEP}] )
+	dane? ( >=net-dns/unbound-1.4.20:=[${MULTILIB_USEDEP}] )
+	nls? ( >=virtual/libintl-0-r1:=[${MULTILIB_USEDEP}] )
+	pkcs11? ( >=app-crypt/p11-kit-0.23.1[${MULTILIB_USEDEP}] )
+	idn? ( >=net-dns/libidn2-0.16-r1:=[${MULTILIB_USEDEP}] )
+	zlib? ( sys-libs/zlib[${MULTILIB_USEDEP}] )
+	zstd? ( >=app-arch/zstd-1.3.0:=[${MULTILIB_USEDEP}] )
+"
+DEPEND="
+	${RDEPEND}
+	test? (
+		seccomp? ( sys-libs/libseccomp )
+	)
+"
+BDEPEND="
+	dev-build/gtk-doc-am
+	>=virtual/pkgconfig-0-r1
+	doc? ( dev-util/gtk-doc )
+	nls? ( sys-devel/gettext )
+	test-full? (
+		app-crypt/dieharder
+		|| ( sys-libs/libfaketime >=app-misc/datefudge-1.22 )
+		dev-libs/softhsm:2[-bindist(-)]
+		net-dialup/ppp
+		net-misc/socat
+	)
+	verify-sig? ( >=sec-keys/openpgp-keys-gnutls-20240415 )
+"
+
+DOCS=( README.md doc/certtool.cfg )
+
+HTML_DOCS=()
+
+QA_CONFIG_IMPL_DECL_SKIP=(
+	# gnulib FPs
+	MIN
+	alignof
+	static_assert
+)
+
+PATCHES=(
+	# Should no longer be needed for the next release
+	# bug #930529
+	"${FILESDIR}"/${PN}-3.8.5-fix-rsaes-pkcs1-systemd-wide-config.patch
+)
+
+src_prepare() {
+	default
+
+	# bug #520818
+	export TZ=UTC
+
+	use doc && HTML_DOCS+=( doc/gnutls.html )
+
+	# don't try to use system certificate store on macOS, it is
+	# confusingly ignoring our ca-certificates and more importantly
+	# fails to compile in certain configurations
+	sed -i -e 's/__APPLE__/__NO_APPLE__/' lib/system/certs.c || die
+
+	# Use sane .so versioning on FreeBSD.
+	elibtoolize
+}
+
+multilib_src_configure() {
+	LINGUAS="${LINGUAS//en/en@boldquot en@quot}"
+
+	local libconf=()
+
+	# TPM needs to be tested before being enabled
+	# Note that this may add a libltdl dep when enabled. Check configure.ac.
+	libconf+=(
+		--without-tpm
+		--without-tpm2
+	)
+
+	# hardware-accel is disabled on OSX because the asm files force
+	#   GNU-stack (as doesn't support that) and when that's removed ld
+	#   complains about duplicate symbols
+	[[ ${CHOST} == *-darwin* ]] && libconf+=( --disable-hardware-acceleration )
+
+	# -fanalyzer substantially slows down the build and isn't useful for
+	# us. It's useful for upstream as it's static analysis, but it's not
+	# useful when just getting something built.
+	export gl_cv_warn_c__fanalyzer=no
+
+	local myeconfargs=(
+		--disable-valgrind-tests
+		$(multilib_native_enable manpages)
+		$(multilib_native_use_enable doc gtk-doc)
+		$(multilib_native_use_enable doc)
+		$(multilib_native_use_enable seccomp seccomp-tests)
+		$(multilib_native_use_enable test tests)
+		$(multilib_native_use_enable test-full full-test-suite)
+		$(multilib_native_use_enable tools)
+		$(use_enable cxx)
+		$(use_enable dane libdane)
+		$(use_enable nls)
+		$(use_enable openssl openssl-compatibility)
+		$(use_enable sslv2 ssl2-support)
+		$(use_enable sslv3 ssl3-support)
+		$(use_enable static-libs static)
+		$(use_enable tls-heartbeat heartbeat-support)
+		$(use_with brotli)
+		$(use_with idn)
+		$(use_with pkcs11 p11-kit)
+		$(use_with zlib)
+		$(use_with zstd)
+		--disable-rpath
+		--with-default-trust-store-file="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt
+		--with-unbound-root-key-file="${EPREFIX}"/etc/dnssec/root-anchors.txt
+		--without-included-libtasn1
+		$("${S}/configure" --help | grep -o -- '--without-.*-prefix')
+	)
+
+	ECONF_SOURCE="${S}" econf "${libconf[@]}" "${myeconfargs[@]}"
+}
+
+multilib_src_install_all() {
+	einstalldocs
+	find "${ED}" -type f -name '*.la' -delete || die
+
+	if use examples; then
+		docinto examples
+		dodoc doc/examples/*.c
+	fi
+}


^ permalink raw reply related	[flat|nested] 13+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: net-libs/gnutls/, net-libs/gnutls/files/
@ 2024-08-16 23:28 Sam James
  0 siblings, 0 replies; 13+ messages in thread
From: Sam James @ 2024-08-16 23:28 UTC (permalink / raw
  To: gentoo-commits

commit:     2af3693a618cef6ede54b783d048767482ae21a6
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Aug 16 23:24:46 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Aug 16 23:25:12 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2af3693a

net-libs/gnutls: fix configure handling of brotli args

Revbump given it could be automagic.

Closes: https://bugs.gentoo.org/937997
Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../files/gnutls-3.8.7.1-configure-brotli.patch    | 156 +++++++++++++++++++++
 ...tls-3.8.7.1.ebuild => gnutls-3.8.7.1-r1.ebuild} |  11 +-
 2 files changed, 165 insertions(+), 2 deletions(-)

diff --git a/net-libs/gnutls/files/gnutls-3.8.7.1-configure-brotli.patch b/net-libs/gnutls/files/gnutls-3.8.7.1-configure-brotli.patch
new file mode 100644
index 000000000000..1dac6f514f0b
--- /dev/null
+++ b/net-libs/gnutls/files/gnutls-3.8.7.1-configure-brotli.patch
@@ -0,0 +1,156 @@
+https://bugs.gentoo.org/937997
+https://gitlab.com/gnutls/gnutls/-/merge_requests/1867
+
+From 292f96f26d7ce80e4a165c903c4fd569b85c1c1f Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Fri, 16 Aug 2024 09:42:15 +0900
+Subject: [PATCH 1/3] build: fix setting AM_CONDITIONAL for brotli and zstd
+
+As the with_{libbrotli,libzsttd} variables are unset if configured
+with --without-{brotli,zstd}, check the unequality to "no" doesn't
+work; use explicit matching with "yes" instead.
+
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+--- a/configure.ac
++++ b/configure.ac
+@@ -1158,7 +1158,7 @@ if test x$ac_brotli != xno; then
+ else
+     AC_MSG_RESULT(no)
+ fi
+-AM_CONDITIONAL(HAVE_LIBBROTLI, test "$with_libbrotlienc" != "no" && test "$with_libbrotlidec" != "no")
++AM_CONDITIONAL(HAVE_LIBBROTLI, test "$with_libbrotlienc" = yes && test "$with_libbrotlidec" = yes)
+ 
+ AS_IF([test "$ac_cv_dlopen_soname_works" = yes], [
+     save_CFLAGS=$CFLAGS
+@@ -1203,7 +1203,7 @@ if test x$ac_zstd != xno; then
+ else
+     AC_MSG_RESULT(no)
+ fi
+-AM_CONDITIONAL(HAVE_LIBZSTD, test "$with_libzstd" != "no")
++AM_CONDITIONAL(HAVE_LIBZSTD, test "$with_libzstd" = yes)
+ 
+ AS_IF([test "$ac_cv_dlopen_soname_works" = yes], [
+     save_CFLAGS=$CFLAGS
+-- 
+GitLab
+
+
+From 546153198d2fb8fc4902f23de6254bb7988de534 Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Fri, 16 Aug 2024 09:48:31 +0900
+Subject: [PATCH 2/3] build: don't emit Requires.private for dlopened libraries
+
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+--- a/configure.ac
++++ b/configure.ac
+@@ -1100,11 +1100,6 @@ if test x$ac_zlib != xno; then
+     PKG_CHECK_EXISTS(zlib, ZLIB_HAS_PKGCONFIG=y, ZLIB_HAS_PKGCONFIG=n)
+     if test "$ZLIB_HAS_PKGCONFIG" = "y" ; then
+         PKG_CHECK_MODULES(ZLIB, [zlib])
+-	if test "x$GNUTLS_REQUIRES_PRIVATE" = x; then
+-	    GNUTLS_REQUIRES_PRIVATE="Requires.private: zlib"
+-	else
+-	    GNUTLS_REQUIRES_PRIVATE="$GNUTLS_REQUIRES_PRIVATE, zlib"
+-	fi
+ 	ac_zlib=yes
+     else
+ 	AC_LIB_HAVE_LINKFLAGS(z,, [#include <zlib.h>], [compress (0, 0, 0, 0);])
+@@ -1134,6 +1129,13 @@ AS_IF([test "$ac_cv_dlopen_soname_works" = yes], [
+                    compress (0, 0, 0, 0);])])
+     LIBS="$save_LIBS"
+     CFLAGS="$save_CFLAGS"
++],
++      [test "$ZLIB_HAS_PKGCONFIG" = y && test "$ac_zlib" = yes], [
++    if test "x$GNUTLS_REQUIRES_PRIVATE" = x; then
++        GNUTLS_REQUIRES_PRIVATE="Requires.private: zlib"
++    else
++        GNUTLS_REQUIRES_PRIVATE="$GNUTLS_REQUIRES_PRIVATE, zlib"
++    fi
+ ])
+ 
+ AC_ARG_WITH(brotli,
+@@ -1146,11 +1148,6 @@ if test x$ac_brotli != xno; then
+     PKG_CHECK_MODULES(LIBBROTLIDEC, [libbrotlidec >= 1.0.0], [with_libbrotlidec=yes], [with_libbrotlidec=no])
+     if test "${with_libbrotlienc}" = "yes" && test "${with_libbrotlidec}" = "yes"; then
+ 	AC_DEFINE([HAVE_LIBBROTLI], 1, [Define if BROTLI compression is enabled.])
+-	if test "x$GNUTLS_REQUIRES_PRIVATE" = "x"; then
+-	    GNUTLS_REQUIRES_PRIVATE="Requires.private: libbrotlienc, libbrotlidec"
+-	else
+-	    GNUTLS_REQUIRES_PRIVATE="${GNUTLS_REQUIRES_PRIVATE}, libbrotlienc, libbrotlidec"
+-	fi
+ 	need_ltlibdl=yes
+     else
+ 	AC_MSG_WARN(*** LIBBROTLI was not found. You will not be able to use BROTLI compression.)
+@@ -1180,6 +1177,13 @@ AS_IF([test "$ac_cv_dlopen_soname_works" = yes], [
+            BrotliDecoderVersion();])])
+     LIBS="$save_LIBS"
+     CFLAGS="$save_CFLAGS"
++],
++      [test "$with_libbrotlienc" = yes && test "$with_libbrotlidec" = yes], [
++    if test "x$GNUTLS_REQUIRES_PRIVATE" = "x"; then
++        GNUTLS_REQUIRES_PRIVATE="Requires.private: libbrotlienc, libbrotlidec"
++    else
++        GNUTLS_REQUIRES_PRIVATE="${GNUTLS_REQUIRES_PRIVATE}, libbrotlienc, libbrotlidec"
++    fi
+ ])
+ 
+ AC_ARG_WITH(zstd,
+@@ -1191,11 +1195,6 @@ if test x$ac_zstd != xno; then
+     PKG_CHECK_MODULES(LIBZSTD, [libzstd >= 1.3.0], [with_libzstd=yes], [with_libzstd=no])
+     if test "${with_libzstd}" = "yes"; then
+ 	AC_DEFINE([HAVE_LIBZSTD], 1, [Define if ZSTD compression is enabled.])
+-	if test "x$GNUTLS_REQUIRES_PRIVATE" = "x"; then
+-	    GNUTLS_REQUIRES_PRIVATE="Requires.private: libzstd"
+-	else
+-	    GNUTLS_REQUIRES_PRIVATE="${GNUTLS_REQUIRES_PRIVATE}, libzstd"
+-	fi
+ 	need_ltlibdl=yes
+     else
+ 	AC_MSG_WARN(*** LIBZSTD was not found. You will not be able to use ZSTD compression.)
+@@ -1215,6 +1214,13 @@ AS_IF([test "$ac_cv_dlopen_soname_works" = yes], [
+            ZSTD_versionNumber();])])
+     LIBS="$save_LIBS"
+     CFLAGS="$save_CFLAGS"
++],
++      [test "$with_libzstd" = yes], [
++    if test "x$GNUTLS_REQUIRES_PRIVATE" = "x"; then
++        GNUTLS_REQUIRES_PRIVATE="Requires.private: libzstd"
++    else
++        GNUTLS_REQUIRES_PRIVATE="${GNUTLS_REQUIRES_PRIVATE}, libzstd"
++    fi
+ ])
+ 
+ AC_ARG_WITH(liboqs,
+-- 
+GitLab
+
+
+From 8d0ec0ccdfeaae0d56426169d4c7b490e3b07826 Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Fri, 16 Aug 2024 13:35:47 +0900
+Subject: [PATCH 3/3] build: add liboqs in Requires.private in gnutls.pc if
+ needed
+
+When --with-liboqs is specified and liboqs cannot be dlopen'ed, it
+will be linked at build time. In that case gnutls.pc should indicate
+that through Requires.private.
+
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+--- a/configure.ac
++++ b/configure.ac
+@@ -1256,6 +1256,13 @@ AS_IF([test "$ac_cv_dlopen_soname_works" = yes], [
+                    OQS_version ();])])
+     LIBS="$save_LIBS"
+     CFLAGS="$save_CFLAGS"
++],
++      [test "$have_liboqs" = yes], [
++    if test "x$GNUTLS_REQUIRES_PRIVATE" = x; then
++        GNUTLS_REQUIRES_PRIVATE="Requires.private: liboqs"
++    else
++        GNUTLS_REQUIRES_PRIVATE="$GNUTLS_REQUIRES_PRIVATE, liboqs"
++    fi
+ ])
+ 
+ AM_CONDITIONAL(NEED_LTLIBDL, test "$need_ltlibdl" = yes)
+-- 
+GitLab

diff --git a/net-libs/gnutls/gnutls-3.8.7.1.ebuild b/net-libs/gnutls/gnutls-3.8.7.1-r1.ebuild
similarity index 96%
rename from net-libs/gnutls/gnutls-3.8.7.1.ebuild
rename to net-libs/gnutls/gnutls-3.8.7.1-r1.ebuild
index 7d5cb7b66fec..3474e58c4983 100644
--- a/net-libs/gnutls/gnutls-3.8.7.1.ebuild
+++ b/net-libs/gnutls/gnutls-3.8.7.1-r1.ebuild
@@ -4,7 +4,7 @@
 EAPI=8
 
 VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/gnutls.asc
-inherit libtool multilib-minimal verify-sig flag-o-matic
+inherit autotools multilib-minimal verify-sig flag-o-matic
 
 DESCRIPTION="A secure communications library implementing the SSL, TLS and DTLS protocols"
 HOMEPAGE="https://www.gnutls.org/"
@@ -72,6 +72,10 @@ QA_CONFIG_IMPL_DECL_SKIP=(
 	static_assert
 )
 
+PATCHES=(
+	"${FILESDIR}"/${PN}-3.8.7.1-configure-brotli.patch
+)
+
 src_prepare() {
 	default
 
@@ -93,7 +97,10 @@ src_prepare() {
 	fi
 
 	# Use sane .so versioning on FreeBSD.
-	elibtoolize
+	#elibtoolize
+
+	# Switch back to elibtoolize after 3.8.7.1
+	eautoreconf
 }
 
 multilib_src_configure() {


^ permalink raw reply related	[flat|nested] 13+ messages in thread

end of thread, other threads:[~2024-08-16 23:28 UTC | newest]

Thread overview: 13+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-08-16 23:28 [gentoo-commits] repo/gentoo:master commit in: net-libs/gnutls/, net-libs/gnutls/files/ Sam James
  -- strict thread matches above, loose matches on Subject: below --
2024-04-27 22:11 Sam James
2022-05-14 21:24 Sam James
2022-03-18  6:16 Sam James
2021-05-23 11:48 David Seifert
2021-03-28  6:08 Thomas Deutschmann
2020-09-04 16:14 Thomas Deutschmann
2020-06-09 14:58 Thomas Deutschmann
2019-01-06 19:27 Alon Bar-Lev
2017-09-09 19:34 Alon Bar-Lev
2017-05-19 15:50 Alon Bar-Lev
2016-08-12 16:43 Alon Bar-Lev
2015-12-19 11:27 Alon Bar-Lev

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox