From d99093fb4bb5652015c06274d64083daa2439e4f Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Wed, 3 Mar 2021 10:28:17 +0000 Subject: gentoo resync : 03.03.2021 --- net-libs/gnutls/Manifest | 3 +- ...nutls-3.7.0-ignore-duplicate-certificates.patch | 403 +++++++++++++++++++++ net-libs/gnutls/gnutls-3.7.0-r1.ebuild | 139 +++++++ net-libs/gnutls/gnutls-3.7.0.ebuild | 137 ------- 4 files changed, 544 insertions(+), 138 deletions(-) create mode 100644 net-libs/gnutls/files/gnutls-3.7.0-ignore-duplicate-certificates.patch create mode 100644 net-libs/gnutls/gnutls-3.7.0-r1.ebuild delete mode 100644 net-libs/gnutls/gnutls-3.7.0.ebuild (limited to 'net-libs/gnutls') diff --git a/net-libs/gnutls/Manifest b/net-libs/gnutls/Manifest index b16a42648e75..662412c41f13 100644 --- a/net-libs/gnutls/Manifest +++ b/net-libs/gnutls/Manifest @@ -1,6 +1,7 @@ AUX gnutls-3.6.15-skip-dtls-seccomp-tests.patch 477 BLAKE2B 4c1add5ab8041b7847c0b579d77483b9fc0f779bb24e3ba50953c2ca2b2bfc7774861085da3d9709fdf250c450cc77aa312095f816bf67748b5d2b5bed4f43ee SHA512 6f2dc20dbdd27875a964aa806380556f4a3da1d2c0c4f7337e0845fb304319b5b9ad94ba519982a4db75486f673a717e20c294487b2d3e339bf7d144a0f33803 +AUX gnutls-3.7.0-ignore-duplicate-certificates.patch 11218 BLAKE2B 2d2b03b17dd482e11c4d51e8947459f0543f6f053be4175bd324b3395af31b77fd689613842abd147ae2cfe6ad4f0abf3f9dd80dec69685b36097828a0008dfc SHA512 65e0a4660caee99ca2d129227061a165fa7a0f5aee085a1ab5e4bf4939549e268d2988d601bc3a719c64e19597fd45bb19b3e6f721ac7ba290249c67e345096b DIST gnutls-3.6.15.tar.xz 6081656 BLAKE2B 6c52419037e41e817087a2577a6b73969cf065453ecf88e2f87152f544a177e4ad0ef825ae9dab243312e0223a953ab28e532bd2dbf96cb9498618415bc7f654 SHA512 f757d1532198f44bcad7b73856ce6a05bab43f6fb77fcc81c59607f146202f73023d0796d3e1e7471709cf792c8ee7d436e19407e0601bc0bda2f21512b3b01c DIST gnutls-3.7.0.tar.xz 6129176 BLAKE2B 3b03e7017ac1d715c740f8f09b0690dd1c983dcfd5faef0740cf66ac785c1a84e959f85808aa10a6eebd745d96ca0293681049911ea663aeff85fedfa2567aad SHA512 5cf1025f2d0a0cbf5a83dd7f3b22dafd1769f7c3349096c0272d08573bb5ff87f510e0e69b4bbb47dad1b64476aa5479804b2f4ceb2216cd747bbc53bf42d885 EBUILD gnutls-3.6.15.ebuild 4303 BLAKE2B c4aa9aed6ba8b99aaae8c3541d087afe299e37beaf78167876535b49aa9f7bc5ef624d5b04d4124df074ae08c63dccdb543e4bcdf9347cf6c4ac86938d60c62e SHA512 61a3ff29bd0821b07a7792b0d5d1520eb1abadc87119b8ba1cdc30980c299e47e40637cee61621607d860f7b66a38cc17714938995e7c477d1a85fd4b5b4e001 -EBUILD gnutls-3.7.0.ebuild 4240 BLAKE2B a53df62983590ce9052deb810b474563b7d5c046e3de5fcfb026c78962f7237f798be322e940cf78ba1949863bd0aac48606cb87f8e3f0be1af49bed43050f41 SHA512 e54a53d940060f0fa5e037478aa49a6eed4bf3293806a8045e8850918dd7b4cff54cd7786178fe9f17124ef8de2ef7b20cf2e85f5ea8e946ca153c782e51eaa5 +EBUILD gnutls-3.7.0-r1.ebuild 4308 BLAKE2B c72d05e3119bf539a2f5058ba2d917c28f05700d20a7e5773ad8ef3d3bcffb1ec5603e5238d42aef2e2ecf8d7d8755cdef181ded939cb683a93e2ae416506f16 SHA512 35e6036471eb50cea51e52614dc169972d8cba4da7e36b6f0e9c357e3c9d54e7cab828c84fd86ad6d960ad8807d3d599acb1c1109cbe29cfb3ccc351610633a3 MISC metadata.xml 1258 BLAKE2B 4dbd1ceb49d79ae699d79471e636807b79f68d6e81f403d8c458eb5110dbf172d5839ea1550a32581bac1da039549731d397e91069570a76c8ef0c871feccad5 SHA512 749eb5f798cd04170a5dcf44c2e7fbc26e19210217791d92c0fdb1a53586a219c183686c74385bed1ff0f743b9972fa1d92fc216f53d3870127d39a6b3adb87a diff --git a/net-libs/gnutls/files/gnutls-3.7.0-ignore-duplicate-certificates.patch b/net-libs/gnutls/files/gnutls-3.7.0-ignore-duplicate-certificates.patch new file mode 100644 index 000000000000..b0143818b46b --- /dev/null +++ b/net-libs/gnutls/files/gnutls-3.7.0-ignore-duplicate-certificates.patch @@ -0,0 +1,403 @@ +From 09b40be6e0e0a59ba4bd764067eb353241043a70 Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Mon, 28 Dec 2020 12:14:13 +0100 +Subject: [PATCH] gnutls_x509_trust_list_verify_crt2: ignore duplicate + certificates + +The commit ebb19db9165fed30d73c83bab1b1b8740c132dfd caused a +regression, where duplicate certificates in a certificate chain are no +longer ignored but treated as a non-contiguous segment and that +results in calling the issuer callback, or a verification failure. + +This adds a mechanism to record certificates already seen in the +chain, and skip them while still allow the caller to inject missing +certificates. + +Signed-off-by: Daiki Ueno +Co-authored-by: Andreas Metzler +--- + lib/x509/common.c | 8 ++ + lib/x509/verify-high.c | 157 +++++++++++++++++++++++++++++++------ + tests/missingissuer.c | 2 + + tests/test-chains-issuer.h | 101 +++++++++++++++++++++++- + 4 files changed, 245 insertions(+), 23 deletions(-) + +diff --git a/lib/x509/common.c b/lib/x509/common.c +index 3301aaad0c..10c8db53c0 100644 +--- a/lib/x509/common.c ++++ b/lib/x509/common.c +@@ -1758,6 +1758,14 @@ unsigned int _gnutls_sort_clist(gnutls_x509_crt_t *clist, + * increasing DEFAULT_MAX_VERIFY_DEPTH. + */ + for (i = 0; i < clist_size; i++) { ++ /* Self-signed certificate found in the chain; skip it ++ * as it should only appear in the trusted set. ++ */ ++ if (gnutls_x509_crt_check_issuer(clist[i], clist[i])) { ++ _gnutls_cert_log("self-signed cert found", clist[i]); ++ continue; ++ } ++ + for (j = 1; j < clist_size; j++) { + if (i == j) + continue; +diff --git a/lib/x509/verify-high.c b/lib/x509/verify-high.c +index 588e7ee0dc..9a16e6b42a 100644 +--- a/lib/x509/verify-high.c ++++ b/lib/x509/verify-high.c +@@ -67,6 +67,80 @@ struct gnutls_x509_trust_list_iter { + + #define DEFAULT_SIZE 127 + ++struct cert_set_node_st { ++ gnutls_x509_crt_t *certs; ++ unsigned int size; ++}; ++ ++struct cert_set_st { ++ struct cert_set_node_st *node; ++ unsigned int size; ++}; ++ ++static int ++cert_set_init(struct cert_set_st *set, unsigned int size) ++{ ++ memset(set, 0, sizeof(*set)); ++ ++ set->size = size; ++ set->node = gnutls_calloc(size, sizeof(*set->node)); ++ if (!set->node) { ++ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); ++ } ++ ++ return 0; ++} ++ ++static void ++cert_set_deinit(struct cert_set_st *set) ++{ ++ size_t i; ++ ++ for (i = 0; i < set->size; i++) { ++ gnutls_free(set->node[i].certs); ++ } ++ ++ gnutls_free(set->node); ++} ++ ++static bool ++cert_set_contains(struct cert_set_st *set, const gnutls_x509_crt_t cert) ++{ ++ size_t hash, i; ++ ++ hash = hash_pjw_bare(cert->raw_dn.data, cert->raw_dn.size); ++ hash %= set->size; ++ ++ for (i = 0; i < set->node[hash].size; i++) { ++ if (unlikely(gnutls_x509_crt_equals(set->node[hash].certs[i], cert))) { ++ return true; ++ } ++ } ++ ++ return false; ++} ++ ++static int ++cert_set_add(struct cert_set_st *set, const gnutls_x509_crt_t cert) ++{ ++ size_t hash; ++ ++ hash = hash_pjw_bare(cert->raw_dn.data, cert->raw_dn.size); ++ hash %= set->size; ++ ++ set->node[hash].certs = ++ gnutls_realloc_fast(set->node[hash].certs, ++ (set->node[hash].size + 1) * ++ sizeof(*set->node[hash].certs)); ++ if (!set->node[hash].certs) { ++ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); ++ } ++ set->node[hash].certs[set->node[hash].size] = cert; ++ set->node[hash].size++; ++ ++ return 0; ++} ++ + /** + * gnutls_x509_trust_list_init: + * @list: A pointer to the type to be initialized +@@ -1328,6 +1402,7 @@ gnutls_x509_trust_list_verify_crt2(gnutls_x509_trust_list_t list, + unsigned have_set_name = 0; + unsigned saved_output; + gnutls_datum_t ip = {NULL, 0}; ++ struct cert_set_st cert_set = { NULL, 0 }; + + if (cert_list == NULL || cert_list_size < 1) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); +@@ -1376,36 +1451,68 @@ gnutls_x509_trust_list_verify_crt2(gnutls_x509_trust_list_t list, + memcpy(sorted, cert_list, cert_list_size * sizeof(gnutls_x509_crt_t)); + cert_list = sorted; + ++ ret = cert_set_init(&cert_set, DEFAULT_MAX_VERIFY_DEPTH); ++ if (ret < 0) { ++ return ret; ++ } ++ + for (i = 0; i < cert_list_size && +- cert_list_size <= DEFAULT_MAX_VERIFY_DEPTH; i++) { +- if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN)) { +- unsigned int sorted_size; ++ cert_list_size <= DEFAULT_MAX_VERIFY_DEPTH; ) { ++ unsigned int sorted_size = 1; ++ unsigned int j; ++ gnutls_x509_crt_t issuer; + ++ if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN)) { + sorted_size = _gnutls_sort_clist(&cert_list[i], + cert_list_size - i); +- i += sorted_size - 1; + } + +- if (i == cert_list_size - 1) { +- gnutls_x509_crt_t issuer; +- +- /* If it is the last certificate and its issuer is +- * known, don't need to run issuer callback. */ +- if (_gnutls_trust_list_get_issuer(list, +- cert_list[i], +- &issuer, +- 0) == 0) { ++ /* Remove duplicates. Start with index 1, as the first element ++ * may be re-checked after issuer retrieval. */ ++ for (j = 1; j < sorted_size; j++) { ++ if (cert_set_contains(&cert_set, cert_list[i + j])) { ++ if (i + j < cert_list_size - 1) { ++ memmove(&cert_list[i + j], ++ &cert_list[i + j + 1], ++ sizeof(cert_list[i])); ++ } ++ cert_list_size--; + break; + } +- } else if (gnutls_x509_crt_check_issuer(cert_list[i], +- cert_list[i + 1])) { +- /* There is no gap between this and the next +- * certificate. */ ++ } ++ /* Found a duplicate, try again with the same index. */ ++ if (j < sorted_size) { ++ continue; ++ } ++ ++ /* Record the certificates seen. */ ++ for (j = 0; j < sorted_size; j++, i++) { ++ ret = cert_set_add(&cert_set, cert_list[i]); ++ if (ret < 0) { ++ goto cleanup; ++ } ++ } ++ ++ /* If the issuer of the certificate is known, no need ++ * for further processing. */ ++ if (_gnutls_trust_list_get_issuer(list, ++ cert_list[i - 1], ++ &issuer, ++ 0) == 0) { ++ cert_list_size = i; ++ break; ++ } ++ ++ /* If there is no gap between this and the next certificate, ++ * proceed with the next certificate. */ ++ if (i < cert_list_size && ++ gnutls_x509_crt_check_issuer(cert_list[i - 1], ++ cert_list[i])) { + continue; + } + + ret = retrieve_issuers(list, +- cert_list[i], ++ cert_list[i - 1], + &retrieved[retrieved_size], + DEFAULT_MAX_VERIFY_DEPTH - + MAX(retrieved_size, +@@ -1413,15 +1520,20 @@ gnutls_x509_trust_list_verify_crt2(gnutls_x509_trust_list_t list, + if (ret < 0) { + break; + } else if (ret > 0) { +- memmove(&cert_list[i + 1 + ret], +- &cert_list[i + 1], +- (cert_list_size - i - 1) * ++ assert((unsigned int)ret <= ++ DEFAULT_MAX_VERIFY_DEPTH - cert_list_size); ++ memmove(&cert_list[i + ret], ++ &cert_list[i], ++ (cert_list_size - i) * + sizeof(gnutls_x509_crt_t)); +- memcpy(&cert_list[i + 1], ++ memcpy(&cert_list[i], + &retrieved[retrieved_size], + ret * sizeof(gnutls_x509_crt_t)); + retrieved_size += ret; + cert_list_size += ret; ++ ++ /* Start again from the end of the previous segment. */ ++ i--; + } + } + +@@ -1581,6 +1693,7 @@ gnutls_x509_trust_list_verify_crt2(gnutls_x509_trust_list_t list, + for (i = 0; i < retrieved_size; i++) { + gnutls_x509_crt_deinit(retrieved[i]); + } ++ cert_set_deinit(&cert_set); + return ret; + } + +diff --git a/tests/missingissuer.c b/tests/missingissuer.c +index f21e2b6b0c..226d095929 100644 +--- a/tests/missingissuer.c ++++ b/tests/missingissuer.c +@@ -145,6 +145,8 @@ void doit(void) + printf("[%d]: Chain '%s'...\n", (int)i, chains[i].name); + + for (j = 0; chains[i].chain[j]; j++) { ++ assert(j < MAX_CHAIN); ++ + if (debug > 2) + printf("\tAdding certificate %d...", (int)j); + +diff --git a/tests/test-chains-issuer.h b/tests/test-chains-issuer.h +index 543e2d71fb..bf1e65c956 100644 +--- a/tests/test-chains-issuer.h ++++ b/tests/test-chains-issuer.h +@@ -24,7 +24,7 @@ + #ifndef GNUTLS_TESTS_TEST_CHAINS_ISSUER_H + #define GNUTLS_TESTS_TEST_CHAINS_ISSUER_H + +-#define MAX_CHAIN 6 ++#define MAX_CHAIN 15 + + #define SERVER_CERT "-----BEGIN CERTIFICATE-----\n" \ + "MIIDATCCAbmgAwIBAgIUQdvdegP8JFszFHLfV4+lrEdafzAwPQYJKoZIhvcNAQEK\n" \ +@@ -338,11 +338,102 @@ static const char *missing_middle_unrelated_extra_insert[] = { + NULL, + }; + ++static const char *missing_middle_single_duplicate[] = { ++ SERVER_CERT, ++ SERVER_CERT, ++ CA_CERT_5, ++ CA_CERT_5, ++ CA_CERT_4, ++ CA_CERT_4, ++ CA_CERT_2, ++ CA_CERT_2, ++ CA_CERT_1, ++ CA_CERT_1, ++ NULL, ++}; ++ ++static const char *missing_middle_multiple_duplicate[] = { ++ SERVER_CERT, ++ SERVER_CERT, ++ CA_CERT_5, ++ CA_CERT_5, ++ CA_CERT_4, ++ CA_CERT_4, ++ CA_CERT_1, ++ CA_CERT_1, ++ NULL, ++}; ++ ++static const char *missing_last_single_duplicate[] = { ++ SERVER_CERT, ++ SERVER_CERT, ++ CA_CERT_5, ++ CA_CERT_5, ++ CA_CERT_4, ++ CA_CERT_4, ++ CA_CERT_3, ++ CA_CERT_3, ++ CA_CERT_2, ++ CA_CERT_2, ++ NULL, ++}; ++ ++static const char *missing_last_multiple_duplicate[] = { ++ SERVER_CERT, ++ SERVER_CERT, ++ CA_CERT_5, ++ CA_CERT_5, ++ CA_CERT_4, ++ CA_CERT_4, ++ CA_CERT_3, ++ CA_CERT_3, ++ NULL, ++}; ++ ++static const char *missing_skip_single_duplicate[] = { ++ SERVER_CERT, ++ SERVER_CERT, ++ CA_CERT_5, ++ CA_CERT_5, ++ CA_CERT_3, ++ CA_CERT_3, ++ CA_CERT_1, ++ CA_CERT_1, ++ NULL, ++}; ++ ++static const char *missing_skip_multiple_duplicate[] = { ++ SERVER_CERT, ++ SERVER_CERT, ++ CA_CERT_5, ++ CA_CERT_5, ++ CA_CERT_3, ++ CA_CERT_3, ++ NULL, ++}; ++ + static const char *missing_ca[] = { + CA_CERT_0, + NULL, + }; + ++static const char *middle_single_duplicate_ca[] = { ++ SERVER_CERT, ++ CA_CERT_5, ++ CA_CERT_0, ++ CA_CERT_4, ++ CA_CERT_0, ++ CA_CERT_2, ++ CA_CERT_0, ++ CA_CERT_1, ++ NULL, ++}; ++ ++static const char *missing_middle_single_duplicate_ca_unrelated_insert[] = { ++ CA_CERT_0, ++ NULL, ++}; ++ + static struct chains { + const char *name; + const char **chain; +@@ -377,6 +468,14 @@ static struct chains { + { "skip multiple unsorted", missing_skip_multiple_unsorted, missing_skip_multiple_insert, missing_ca, 0, 0 }, + { "unrelated", missing_middle_single, missing_middle_unrelated_insert, missing_ca, 0, GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNER_NOT_FOUND }, + { "unrelated extra", missing_middle_single, missing_middle_unrelated_extra_insert, missing_ca, 0, 0 }, ++ { "middle single duplicate", missing_middle_single_duplicate, missing_middle_single_insert, missing_ca, 0, 0 }, ++ { "middle multiple duplicate", missing_middle_multiple_duplicate, missing_middle_multiple_insert, missing_ca, 0, 0 }, ++ { "last single duplicate", missing_last_single_duplicate, missing_last_single_insert, missing_ca, 0, 0 }, ++ { "last multiple duplicate", missing_last_multiple_duplicate, missing_last_multiple_insert, missing_ca, 0, 0 }, ++ { "skip single duplicate", missing_skip_single_duplicate, missing_skip_single_insert, missing_ca, 0, 0 }, ++ { "skip multiple duplicate", missing_skip_multiple_duplicate, missing_skip_multiple_insert, missing_ca, 0, 0 }, ++ { "middle single duplicate ca", middle_single_duplicate_ca, missing_middle_single_insert, missing_ca, 0, 0 }, ++ { "middle single duplicate ca - insert unrelated", middle_single_duplicate_ca, missing_middle_single_duplicate_ca_unrelated_insert, missing_ca, 0, GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNER_NOT_FOUND }, + { NULL, NULL, NULL, NULL }, + }; + +-- +GitLab + diff --git a/net-libs/gnutls/gnutls-3.7.0-r1.ebuild b/net-libs/gnutls/gnutls-3.7.0-r1.ebuild new file mode 100644 index 000000000000..643a1c4d8ad5 --- /dev/null +++ b/net-libs/gnutls/gnutls-3.7.0-r1.ebuild @@ -0,0 +1,139 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit libtool multilib-minimal + +DESCRIPTION="A secure communications library implementing the SSL, TLS and DTLS protocols" +HOMEPAGE="https://www.gnutls.org/" +SRC_URI="mirror://gnupg/gnutls/v$(ver_cut 1-2)/${P}.tar.xz" + +LICENSE="GPL-3 LGPL-2.1+" +SLOT="0/30" # libgnutls.so number +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +IUSE="+cxx dane doc examples guile +idn nls +openssl pkcs11 seccomp sslv2 sslv3 static-libs test test-full +tls-heartbeat tools valgrind" + +REQUIRED_USE=" + test-full? ( cxx dane doc examples guile idn nls openssl pkcs11 seccomp tls-heartbeat tools )" +RESTRICT="!test? ( test )" + +# NOTICE: sys-devel/autogen is required at runtime as we +# use system libopts +RDEPEND=">=dev-libs/libtasn1-4.9:=[${MULTILIB_USEDEP}] + dev-libs/libunistring:=[${MULTILIB_USEDEP}] + >=dev-libs/nettle-3.6:=[gmp,${MULTILIB_USEDEP}] + >=dev-libs/gmp-5.1.3-r1:=[${MULTILIB_USEDEP}] + tools? ( sys-devel/autogen:= ) + dane? ( >=net-dns/unbound-1.4.20:=[${MULTILIB_USEDEP}] ) + guile? ( >=dev-scheme/guile-2:=[networking] ) + nls? ( >=virtual/libintl-0-r1:=[${MULTILIB_USEDEP}] ) + pkcs11? ( >=app-crypt/p11-kit-0.23.1:=[${MULTILIB_USEDEP}] ) + idn? ( >=net-dns/libidn2-0.16-r1:=[${MULTILIB_USEDEP}] )" +DEPEND="${RDEPEND} + test? ( + seccomp? ( sys-libs/libseccomp ) + )" +BDEPEND=">=virtual/pkgconfig-0-r1 + doc? ( dev-util/gtk-doc ) + nls? ( sys-devel/gettext ) + tools? ( sys-devel/autogen ) + valgrind? ( dev-util/valgrind ) + test-full? ( + app-crypt/dieharder + >=app-misc/datefudge-1.22 + dev-libs/softhsm:2[-bindist] + net-dialup/ppp + net-misc/socat + )" + +DOCS=( + README.md + doc/certtool.cfg +) + +HTML_DOCS=() + +PATCHES=( "${FILESDIR}"/${P}-ignore-duplicate-certificates.patch ) + +pkg_setup() { + # bug#520818 + export TZ=UTC + + use doc && HTML_DOCS+=( + doc/gnutls.html + ) +} + +src_prepare() { + default + + # force regeneration of autogen-ed files + local file + for file in $(grep -l AutoGen-ed src/*.c) ; do + rm src/$(basename ${file} .c).{c,h} || die + done + + # don't try to use system certificate store on macOS, it is + # confusingly ignoring our ca-certificates and more importantly + # fails to compile in certain configurations + sed -i -e 's/__APPLE__/__NO_APPLE__/' lib/system/certs.c || die + + # Use sane .so versioning on FreeBSD. + elibtoolize +} + +multilib_src_configure() { + LINGUAS="${LINGUAS//en/en@boldquot en@quot}" + + local libconf=() + + # TPM needs to be tested before being enabled + libconf+=( --without-tpm ) + + # hardware-accell is disabled on OSX because the asm files force + # GNU-stack (as doesn't support that) and when that's removed ld + # complains about duplicate symbols + [[ ${CHOST} == *-darwin* ]] && libconf+=( --disable-hardware-acceleration ) + + # Cygwin as does not understand these asm files at all + [[ ${CHOST} == *-cygwin* ]] && libconf+=( --disable-hardware-acceleration ) + + local myeconfargs=( + $(multilib_native_enable manpages) + $(multilib_native_use_enable doc gtk-doc) + $(multilib_native_use_enable doc) + $(multilib_native_use_enable guile) + $(multilib_native_use_enable seccomp seccomp-tests) + $(multilib_native_use_enable test tests) + $(multilib_native_use_enable test-full full-test-suite) + $(multilib_native_use_enable tools) + $(multilib_native_use_enable valgrind valgrind-tests) + $(use_enable cxx) + $(use_enable dane libdane) + $(use_enable nls) + $(use_enable openssl openssl-compatibility) + $(use_enable sslv2 ssl2-support) + $(use_enable sslv3 ssl3-support) + $(use_enable static-libs static) + $(use_enable tls-heartbeat heartbeat-support) + $(use_with idn) + $(use_with pkcs11 p11-kit) + --disable-rpath + --with-default-trust-store-file="${EPREFIX}/etc/ssl/certs/ca-certificates.crt" + --with-unbound-root-key-file="${EPREFIX}/etc/dnssec/root-anchors.txt" + --without-included-libtasn1 + $("${S}/configure" --help | grep -o -- '--without-.*-prefix') + ) + ECONF_SOURCE="${S}" econf "${libconf[@]}" "${myeconfargs[@]}" +} + +multilib_src_install_all() { + einstalldocs + find "${ED}" -type f -name '*.la' -delete || die + + if use examples; then + docinto examples + dodoc doc/examples/*.c + fi +} diff --git a/net-libs/gnutls/gnutls-3.7.0.ebuild b/net-libs/gnutls/gnutls-3.7.0.ebuild deleted file mode 100644 index ece149c18554..000000000000 --- a/net-libs/gnutls/gnutls-3.7.0.ebuild +++ /dev/null @@ -1,137 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit libtool multilib-minimal - -DESCRIPTION="A secure communications library implementing the SSL, TLS and DTLS protocols" -HOMEPAGE="https://www.gnutls.org/" -SRC_URI="mirror://gnupg/gnutls/v$(ver_cut 1-2)/${P}.tar.xz" - -LICENSE="GPL-3 LGPL-2.1+" -SLOT="0/30" # libgnutls.so number -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -IUSE="+cxx dane doc examples guile +idn nls +openssl pkcs11 seccomp sslv2 sslv3 static-libs test test-full +tls-heartbeat tools valgrind" - -REQUIRED_USE=" - test-full? ( cxx dane doc examples guile idn nls openssl pkcs11 seccomp tls-heartbeat tools )" -RESTRICT="!test? ( test )" - -# NOTICE: sys-devel/autogen is required at runtime as we -# use system libopts -RDEPEND=">=dev-libs/libtasn1-4.9:=[${MULTILIB_USEDEP}] - dev-libs/libunistring:=[${MULTILIB_USEDEP}] - >=dev-libs/nettle-3.6:=[gmp,${MULTILIB_USEDEP}] - >=dev-libs/gmp-5.1.3-r1:=[${MULTILIB_USEDEP}] - tools? ( sys-devel/autogen:= ) - dane? ( >=net-dns/unbound-1.4.20:=[${MULTILIB_USEDEP}] ) - guile? ( >=dev-scheme/guile-2:=[networking] ) - nls? ( >=virtual/libintl-0-r1:=[${MULTILIB_USEDEP}] ) - pkcs11? ( >=app-crypt/p11-kit-0.23.1:=[${MULTILIB_USEDEP}] ) - idn? ( >=net-dns/libidn2-0.16-r1:=[${MULTILIB_USEDEP}] )" -DEPEND="${RDEPEND} - test? ( - seccomp? ( sys-libs/libseccomp ) - )" -BDEPEND=">=virtual/pkgconfig-0-r1 - doc? ( dev-util/gtk-doc ) - nls? ( sys-devel/gettext ) - tools? ( sys-devel/autogen ) - valgrind? ( dev-util/valgrind ) - test-full? ( - app-crypt/dieharder - >=app-misc/datefudge-1.22 - dev-libs/softhsm:2[-bindist] - net-dialup/ppp - net-misc/socat - )" - -DOCS=( - README.md - doc/certtool.cfg -) - -HTML_DOCS=() - -pkg_setup() { - # bug#520818 - export TZ=UTC - - use doc && HTML_DOCS+=( - doc/gnutls.html - ) -} - -src_prepare() { - default - - # force regeneration of autogen-ed files - local file - for file in $(grep -l AutoGen-ed src/*.c) ; do - rm src/$(basename ${file} .c).{c,h} || die - done - - # don't try to use system certificate store on macOS, it is - # confusingly ignoring our ca-certificates and more importantly - # fails to compile in certain configurations - sed -i -e 's/__APPLE__/__NO_APPLE__/' lib/system/certs.c || die - - # Use sane .so versioning on FreeBSD. - elibtoolize -} - -multilib_src_configure() { - LINGUAS="${LINGUAS//en/en@boldquot en@quot}" - - local libconf=() - - # TPM needs to be tested before being enabled - libconf+=( --without-tpm ) - - # hardware-accell is disabled on OSX because the asm files force - # GNU-stack (as doesn't support that) and when that's removed ld - # complains about duplicate symbols - [[ ${CHOST} == *-darwin* ]] && libconf+=( --disable-hardware-acceleration ) - - # Cygwin as does not understand these asm files at all - [[ ${CHOST} == *-cygwin* ]] && libconf+=( --disable-hardware-acceleration ) - - local myeconfargs=( - $(multilib_native_enable manpages) - $(multilib_native_use_enable doc gtk-doc) - $(multilib_native_use_enable doc) - $(multilib_native_use_enable guile) - $(multilib_native_use_enable seccomp seccomp-tests) - $(multilib_native_use_enable test tests) - $(multilib_native_use_enable test-full full-test-suite) - $(multilib_native_use_enable tools) - $(multilib_native_use_enable valgrind valgrind-tests) - $(use_enable cxx) - $(use_enable dane libdane) - $(use_enable nls) - $(use_enable openssl openssl-compatibility) - $(use_enable sslv2 ssl2-support) - $(use_enable sslv3 ssl3-support) - $(use_enable static-libs static) - $(use_enable tls-heartbeat heartbeat-support) - $(use_with idn) - $(use_with pkcs11 p11-kit) - --disable-rpath - --with-default-trust-store-file="${EPREFIX}/etc/ssl/certs/ca-certificates.crt" - --with-unbound-root-key-file="${EPREFIX}/etc/dnssec/root-anchors.txt" - --without-included-libtasn1 - $("${S}/configure" --help | grep -o -- '--without-.*-prefix') - ) - ECONF_SOURCE="${S}" econf "${libconf[@]}" "${myeconfargs[@]}" -} - -multilib_src_install_all() { - einstalldocs - find "${ED}" -type f -name '*.la' -delete || die - - if use examples; then - docinto examples - dodoc doc/examples/*.c - fi -} -- cgit v1.2.3