diff options
Diffstat (limited to 'app-crypt')
-rw-r--r-- | app-crypt/Manifest.gz | bin | 24615 -> 24618 bytes | |||
-rw-r--r-- | app-crypt/p11-kit/Manifest | 2 | ||||
-rw-r--r-- | app-crypt/p11-kit/files/p11-kit-0.25.3-pointer.patch | 111 | ||||
-rw-r--r-- | app-crypt/p11-kit/p11-kit-0.25.3-r1.ebuild | 76 |
4 files changed, 189 insertions, 0 deletions
diff --git a/app-crypt/Manifest.gz b/app-crypt/Manifest.gz Binary files differindex bb73ff323908..8c72932f2989 100644 --- a/app-crypt/Manifest.gz +++ b/app-crypt/Manifest.gz diff --git a/app-crypt/p11-kit/Manifest b/app-crypt/p11-kit/Manifest index 8ce56eda3372..bac388dd03cf 100644 --- a/app-crypt/p11-kit/Manifest +++ b/app-crypt/p11-kit/Manifest @@ -1,9 +1,11 @@ AUX p11-kit-0.25.0-fix-C_GetInterface.patch 1410 BLAKE2B c15a8950a73cd9b0a656df2e00c8068abacb14dc9c9b30e67fb777b9987a4419a215904828554a0269699319725d90aab4996895231d325be825a431e99ad4e4 SHA512 69c31b5f2c5dbfb5504281c2518a1cb555973e0a80c5317dc8605d793740c8f2fca0506c2f9baa88de181bab9455a16efdf9649a5a08c35214f2bc46e9dc265a AUX p11-kit-0.25.1-fix-tty-comparison.patch 753 BLAKE2B 0ee0fd52076526853394c1f2a353c95d60c2166645da3bdeefbe1ea878fff7c125ffa76eae4e8949440ccd8aaabde035331a32b1dc7b040c56d41fc26f74eac7 SHA512 1f7b3730aa157dc113ee98c82ab2ce06beed0c5745454857246249f8f15c35fd2c90b5368f966cd4b155cff3e44bdb59d7942ea71689b5eb7bd9efb97df9021e +AUX p11-kit-0.25.3-pointer.patch 4096 BLAKE2B e5ed577fae6987161eb3d4da00d182f0028ca09d32196e75e0146618e0fb43c462517c0d67d575dc274c93258e1ce4d486e4c8647737a1b9026b6c4e8e642495 SHA512 d71357b46d71bcb6c19427b822839a44fe460af0e4ca3e6dfbad054d81feb0bbf8da2947fc7eaeea237b92126e4a2f1b341d947fe808c36edd171015432a20bf DIST p11-kit-0.25.0.tar.xz 958940 BLAKE2B 6ffce977f86c516a327afe50f4cc5a36e86ba7f43c6cb555db419d9e4ba7543a9f1847ba83da348cd6d7bbebe55dfa26cfe3a3aaa3e1d5420a4b8dc6cbbff088 SHA512 e6df3cb224f6ff5671bd3c0557503b5f20bbfded1b6ec340b1dafcbd1b1725ea2d41d0e920756716e0fe9cb28270d115fe77b23ec876a15007b22e3f30d015fe DIST p11-kit-0.25.1.tar.xz 990460 BLAKE2B 6704ef2ada20765bfbbbfc6f92ec2e934be34b482e1b6a94a7a15ab4718efcaecf943ce06b6c352b8c638fe2b1f0bc7c953c6b0dcf0590e5695c1d6724272ebb SHA512 e12e32148e0924ac7dca4c6a4399cff0934df4f002a31e7ffc5c3cfd14a4c0a47225eb84abd73b7f36c8dfcc32f92756e90699335b830414e8f5eddeaa42c532 DIST p11-kit-0.25.3.tar.xz 991528 BLAKE2B 5c695c1ef95edf4bbbab001aa634076c433df0bc89cb8104deaec2ce00c6908640e467755b49c6900e5d7d5d81e1a3871f4978a212c6f6ae088386ac0b95289a SHA512 ad2d393bf122526cbba18dc9d5a13f2c1cad7d70125ec90ffd02059dfa5ef30ac59dfc0bb9bc6380c8f317e207c9e87e895f1945634f56ddf910c2958868fb4c EBUILD p11-kit-0.25.0-r1.ebuild 1425 BLAKE2B 9e9b0b01a2befbfebb2e6c9bc3be306478b730174f42b9a057c497e45bc7944994b292ba6ccc2e4e3b7e62b7e081507ee7e578f708facd3de9d5d1c63a34943d SHA512 444036cc4a421b8567ec3a2b4d08484dd8484249d7c4bfda4fd567f261c6387a3ab87d32e7de4c1347cfea3c57d44d85c4387f25b9fce067eb053b5de0cd687f EBUILD p11-kit-0.25.1-r1.ebuild 2002 BLAKE2B 844b2de51d7d3f2f048ebd0fb91bb814361e7913ec4c554164b90820d9fc1d83f7dda1b20b0beda6f9f966deac346f6bdee8c00443396fd6f77d2ff7a8a83edb SHA512 63089b45323ce0ee13fc5e5cfd15911516354f3e9e950e8061a935215bd76e81b7a8502d5121f598deee4879c5b047ba5be4dd38255c326ac59d12ded4ab5e54 +EBUILD p11-kit-0.25.3-r1.ebuild 2001 BLAKE2B 6f0dab3faa7d783f2b4ce5e0e3324ca87791f00d2f82346a272c9286a0ef2ad72c3d359e94ce9fef1c2ded197b7c9472d4170163a44b75fd677ee719f210aaf6 SHA512 7286be21e7c12de14c04afe13e58fc4704630d953a2a9a5c67175fe501bb9ef5a5a39d7eee4aae24e5c563e1a9bc1de67117e9ef34e24f68ef76d1c728ec6c0c EBUILD p11-kit-0.25.3.ebuild 1944 BLAKE2B 85f793ce2f56c52c3d161ebae58a3d8cb170e06206ac661da5cde04f10bd9d8d415e2806ef5b9bc98532fdd62bdb1c2b27efab42623d9fa62c9ba32c83325b97 SHA512 97146c0d6861d1d9e5c21411feb806b905f736f20b53514b7d4427cd50f0cf9600744c455e4bd3227d0015414e36c88bab9cf246f4f54c40c015543428388601 MISC metadata.xml 249 BLAKE2B 689b2967578682135e3f7d619c2b733bb4e50cd74215a0fa17d3bae7b4f59495c7f8d316ef5340d14cf32de956162fa890186f19346d95f212d18a643b55bee1 SHA512 f3f0b79d325cd001c8cf1c9d6ca14d3c09149aefab7862bd04801cafdc2efad9fe7e456e4fac55c6233413f645188188643f6e8f8dfb54deffe5fa30768831b0 diff --git a/app-crypt/p11-kit/files/p11-kit-0.25.3-pointer.patch b/app-crypt/p11-kit/files/p11-kit-0.25.3-pointer.patch new file mode 100644 index 000000000000..feac3e132fce --- /dev/null +++ b/app-crypt/p11-kit/files/p11-kit-0.25.3-pointer.patch @@ -0,0 +1,111 @@ +https://bugs.gentoo.org/918982 +https://github.com/p11-glue/p11-kit/pull/609 + +From 6f05ca107d588fcedaa4ef06542760cbbda8c878 Mon Sep 17 00:00:00 2001 +From: Daiki Ueno <ueno@gnu.org> +Date: Sat, 2 Dec 2023 09:24:01 +0900 +Subject: [PATCH] import-object: Avoid integer truncation on 32-bit platforms +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The build fails when compiling for 32-bit platforms with +-Werror=incompatible-pointer-types: + + CFLAGS="-m32 -march=i686 -Werror=incompatible-pointer-types -Werror=implicit -Werror=int-conversion" setarch i686 -- meson setup _build + setarch i686 -- meson compile -C _build -v + ... + + ../p11-kit/import-object.c: In function ‘add_attrs_pubkey_rsa’: + ../p11-kit/import-object.c:223:62: error: passing argument 3 of ‘p11_asn1_read’ from incompatible pointer type [-Werror=incompatible-pointer-types] + 223 | attr_modulus.pValue = p11_asn1_read (asn, "modulus", &attr_modulus.ulValueLen); + | ^~~~~~~~~~~~~~~~~~~~~~~~ + | | + | long unsigned int * + +Reported by Sam James in: +https://github.com/p11-glue/p11-kit/issues/608 + +Signed-off-by: Daiki Ueno <ueno@gnu.org> +--- + p11-kit/import-object.c | 32 ++++++++++++++++++++++++++++---- + 1 file changed, 28 insertions(+), 4 deletions(-) + +diff --git a/p11-kit/import-object.c b/p11-kit/import-object.c +index feee0765..278ad932 100644 +--- a/p11-kit/import-object.c ++++ b/p11-kit/import-object.c +@@ -55,6 +55,7 @@ + #endif + + #include <assert.h> ++#include <limits.h> + #include <stdbool.h> + #include <stdlib.h> + #include <string.h> +@@ -201,6 +202,7 @@ add_attrs_pubkey_rsa (CK_ATTRIBUTE *attrs, + CK_ATTRIBUTE attr_encrypt = { CKA_ENCRYPT, &tval, sizeof (tval) }; + CK_ATTRIBUTE attr_modulus = { CKA_MODULUS, }; + CK_ATTRIBUTE attr_exponent = { CKA_PUBLIC_EXPONENT, }; ++ size_t len; + + pubkey = p11_asn1_read (info, "subjectPublicKey", &pubkey_len); + if (pubkey == NULL) { +@@ -220,17 +222,31 @@ add_attrs_pubkey_rsa (CK_ATTRIBUTE *attrs, + goto cleanup; + } + +- attr_modulus.pValue = p11_asn1_read (asn, "modulus", &attr_modulus.ulValueLen); ++ attr_modulus.pValue = p11_asn1_read (asn, "modulus", &len); + if (attr_modulus.pValue == NULL) { + p11_message (_("failed to obtain modulus")); + goto cleanup; + } ++#if ULONG_MAX < SIZE_MAX ++ if (len > ULONG_MAX) { ++ p11_message (_("failed to obtain modulus")); ++ goto cleanup; ++ } ++#endif ++ attr_modulus.ulValueLen = len; + +- attr_exponent.pValue = p11_asn1_read (asn, "publicExponent", &attr_exponent.ulValueLen); +- if (attr_exponent.pValue == NULL) { ++ attr_exponent.pValue = p11_asn1_read (asn, "publicExponent", &len); ++ if (attr_exponent.pValue == NULL || len > ULONG_MAX) { ++ p11_message (_("failed to obtain exponent")); ++ goto cleanup; ++ } ++#if ULONG_MAX < SIZE_MAX ++ if (len > ULONG_MAX) { + p11_message (_("failed to obtain exponent")); + goto cleanup; + } ++#endif ++ attr_exponent.ulValueLen = len; + + result = p11_attrs_build (attrs, &attr_key_type, &attr_encrypt, &attr_modulus, &attr_exponent, NULL); + if (result == NULL) { +@@ -260,12 +276,20 @@ add_attrs_pubkey_ec (CK_ATTRIBUTE *attrs, + CK_ATTRIBUTE attr_key_type = { CKA_KEY_TYPE, &key_type, sizeof (key_type) }; + CK_ATTRIBUTE attr_ec_params = { CKA_EC_PARAMS, }; + CK_ATTRIBUTE attr_ec_point = { CKA_EC_POINT, }; ++ size_t len; + +- attr_ec_params.pValue = p11_asn1_read (info, "algorithm.parameters", &attr_ec_params.ulValueLen); ++ attr_ec_params.pValue = p11_asn1_read (info, "algorithm.parameters", &len); + if (attr_ec_params.pValue == NULL) { + p11_message (_("failed to obtain EC parameters")); + goto cleanup; + } ++#if ULONG_MAX < SIZE_MAX ++ if (len > ULONG_MAX) { ++ p11_message (_("failed to obtain EC parameters")); ++ goto cleanup; ++ } ++#endif ++ attr_ec_params.ulValueLen = len; + + /* subjectPublicKey is read as BIT STRING value which contains + * EC point data. We need to DER encode this data as OCTET STRING. + diff --git a/app-crypt/p11-kit/p11-kit-0.25.3-r1.ebuild b/app-crypt/p11-kit/p11-kit-0.25.3-r1.ebuild new file mode 100644 index 000000000000..acb110fc1090 --- /dev/null +++ b/app-crypt/p11-kit/p11-kit-0.25.3-r1.ebuild @@ -0,0 +1,76 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..12} ) +inherit bash-completion-r1 meson-multilib python-any-r1 + +DESCRIPTION="Provides a standard configuration setup for installing PKCS#11" +HOMEPAGE="https://p11-glue.github.io/p11-glue/p11-kit.html" +SRC_URI="https://github.com/p11-glue/p11-kit/releases/download/${PV}/${P}.tar.xz" + +LICENSE="MIT" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris" +IUSE="+libffi gtk-doc nls systemd test" +RESTRICT="!test? ( test )" + +RDEPEND=" + app-misc/ca-certificates + >=dev-libs/libtasn1-3.4:=[${MULTILIB_USEDEP}] + libffi? ( dev-libs/libffi:=[${MULTILIB_USEDEP}] ) + systemd? ( sys-apps/systemd:= ) +" +DEPEND="${RDEPEND}" +BDEPEND=" + ${PYTHON_DEPS} + app-text/docbook-xsl-stylesheets + virtual/pkgconfig + gtk-doc? ( dev-util/gtk-doc ) + nls? ( sys-devel/gettext ) +" + +PATCHES=( + "${FILESDIR}"/p11-kit-0.25.3-pointer.patch +) + +src_prepare() { + default + + # Relies on dlopen which won't work for multilib tests (bug #913971) + cat <<-EOF > "${S}"/p11-kit/test-server.sh || die + #!/bin/sh + exit 77 + EOF +} + +multilib_src_configure() { + # Disable unsafe tests, bug#502088 + export FAKED_MODE=1 + + local native_file="${T}"/meson.${CHOST}.${ABI}.ini.local + + # p11-kit doesn't need this to build and castxml needs Clang. To get + # a deterministic non-automagic build, always disable the search for + # castxml. + cat >> ${native_file} <<-EOF || die + [binaries] + castxml='castxml-falseified' + EOF + + local emesonargs=( + --native-file "${native_file}" + -Dbashcompdir="$(get_bashcompdir)" + -Dtrust_module=enabled + -Dtrust_paths="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt + $(meson_feature libffi) + $(meson_use nls) + $(meson_use test) + $(meson_native_use_bool gtk-doc gtk_doc) + $(meson_native_true man) + $(meson_native_use_feature systemd) + ) + + meson_src_configure +} |