commit: 88593f8e92b7005d723fd67c88592cfddedf9f35 Author: orbea <orbea <AT> riseup <DOT> net> AuthorDate: Mon May 1 13:28:00 2023 +0000 Commit: orbea <orbea <AT> riseup <DOT> net> CommitDate: Mon May 1 13:28:00 2023 +0000 URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=88593f8e
dev-libs/libressl: silence QA notice This is a false positive that triggers a Gentoo QA notice that is caused by GCC's inability to see that OPENSSL_assert() will not return because it is in a different library. /var/tmp/portage/dev-libs/libressl-3.7.1/work/libressl-3.7.1/ssl/s3_cbc.c:529:9: warning: 'memcpy' forming offset 128 is out of the bounds [0, 128] of object 'hmac_pad' with type 'unsigned char[128]' [-Warray-bounds] Signed-off-by: orbea <orbea <AT> riseup.net> .../files/libressl-3.7.2-array-bounds.patch | 24 +++++++++ dev-libs/libressl/libressl-3.7.2-r2.ebuild | 61 ++++++++++++++++++++++ 2 files changed, 85 insertions(+) diff --git a/dev-libs/libressl/files/libressl-3.7.2-array-bounds.patch b/dev-libs/libressl/files/libressl-3.7.2-array-bounds.patch new file mode 100644 index 0000000..7ebdc33 --- /dev/null +++ b/dev-libs/libressl/files/libressl-3.7.2-array-bounds.patch @@ -0,0 +1,24 @@ +https://github.com/libressl/portable/issues/825 + +--- a/include/openssl/crypto.h ++++ b/include/openssl/crypto.h +@@ -132,6 +132,10 @@ + extern "C" { + #endif + ++#ifndef __dead ++#define __dead ++#endif ++ + /* Backward compatibility to SSLeay */ + /* This is more to be used to check the correct DLL is being used + * in the MS world. */ +@@ -488,7 +492,7 @@ typedef int *CRYPTO_MEM_LEAK_CB(unsigned long, const char *, int, int, void *); + int CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb); + + /* die if we have to */ +-void OpenSSLDie(const char *file, int line, const char *assertion); ++__dead void OpenSSLDie(const char *file, int line, const char *assertion); + #define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1)) + + uint64_t OPENSSL_cpu_caps(void); diff --git a/dev-libs/libressl/libressl-3.7.2-r2.ebuild b/dev-libs/libressl/libressl-3.7.2-r2.ebuild new file mode 100644 index 0000000..86de254 --- /dev/null +++ b/dev-libs/libressl/libressl-3.7.2-r2.ebuild @@ -0,0 +1,61 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit autotools multilib-minimal verify-sig + +DESCRIPTION="Free version of the SSL/TLS protocol forked from OpenSSL" +HOMEPAGE="https://www.libressl.org/"; +SRC_URI=" + https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/${P}.tar.gz + verify-sig? ( https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/${P}.tar.gz.asc ) +" + +LICENSE="ISC openssl" +# Reflects ABI of libcrypto.so and libssl.so. Since these can differ, +# we'll try to use the max of either. However, if either change between +# versions, we have to change the subslot to trigger rebuild of consumers. +SLOT="0/54" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +IUSE="+asm static-libs test" +RESTRICT="!test? ( test )" + +PDEPEND="app-misc/ca-certificates" +BDEPEND="verify-sig? ( sec-keys/openpgp-keys-libressl )" + +VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/libressl.asc + +MULTILIB_WRAPPED_HEADERS=( /usr/include/openssl/opensslconf.h ) + +PATCHES=( + "${FILESDIR}"/${PN}-2.8.3-solaris10.patch + # Silences a Gentoo QA notice that is a false positive + # https://github.com/libressl/portable/issues/825 + "${FILESDIR}"/${PN}-3.7.2-array-bounds.patch + # Gentoo's ssl-cert.eclass uses 'openssl genrsa -rand' + # which LibreSSL doesn't support. + # https://github.com/libressl/portable/issues/839 + "${FILESDIR}"/${PN}-3.7.2-genrsa-rand.patch +) + +src_prepare() { + default + + eautoreconf +} + +multilib_src_configure() { + local ECONF_SOURCE="${S}" + local args=( + $(use_enable asm) + $(use_enable static-libs static) + $(use_enable test tests) + ) + econf "${args[@]}" +} + +multilib_src_install_all() { + einstalldocs + find "${D}" -name '*.la' -exec rm -f {} + || die +}
