[gentoo-commits] repo/proj/libressl:master commit in: dev-libs/libressl/, dev-libs/libressl/files/

orbea Sat, 24 Feb 2024 08:07:48 -0800

commit:     5f429107d3ce3950cc33a93602947e855f9ec927
Author:     orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Sat Feb 24 16:05:57 2024 +0000
Commit:     orbea <orbea <AT> riseup <DOT> net>
CommitDate: Sat Feb 24 16:05:57 2024 +0000
URL:        https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=5f429107


dev-libs/libressl: don't export internal symbols

Closes: https://github.com/gentoo/libressl/issues/549
Signed-off-by: orbea <orbea <AT> riseup.net>

 ...3.7.3-libcrypto-unexport-internal-symbols.patch | 234 +++++++++++++++++++++
 dev-libs/libressl/libressl-3.7.3-r1.ebuild         |  74 +++++++
 2 files changed, 308 insertions(+)

diff --git 
a/dev-libs/libressl/files/libressl-3.7.3-libcrypto-unexport-internal-symbols.patch
 
b/dev-libs/libressl/files/libressl-3.7.3-libcrypto-unexport-internal-symbols.patch
new file mode 100644
index 0000000..40cc470
--- /dev/null
+++ 
b/dev-libs/libressl/files/libressl-3.7.3-libcrypto-unexport-internal-symbols.patch
@@ -0,0 +1,234 @@
+https://github.com/gentoo/libressl/issues/549
+https://github.com/libressl/portable/pull/808
+
+From b38f5a8904b83d433e967f683821ca992354551b Mon Sep 17 00:00:00 2001
+From: Brent Cook <[email protected]>
+Date: Sun, 18 Dec 2022 21:39:58 -0600
+Subject: [PATCH 1/4] fix dangling whitespace when building object list
+
+breaks latest macOS linker to have a directory in the object list
+---
+ tls/Makefile.am | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tls/Makefile.am b/tls/Makefile.am
+index 9b62b2231e..d5725c362a 100644
+--- a/tls/Makefile.am
++++ b/tls/Makefile.am
+@@ -16,7 +16,7 @@ EXTRA_libtls_la_DEPENDENCIES = libtls_la_objects.mk
+ 
+ libtls_la_objects.mk: Makefile
+       @echo "libtls_la_objects= $(libtls_la_OBJECTS)" \
+-        | sed 's/  */ $$\(abs_top_builddir\)\/tls\//g' \
++        | sed -e 's/ *$$//' -e 's/  */ $$\(abs_top_builddir\)\/tls\//g' \
+         > libtls_la_objects.mk
+ 
+ libtls_la_LDFLAGS = -version-info @LIBTLS_VERSION@ -no-undefined 
-export-symbols $(top_srcdir)/tls/tls.sym
+
+From cfbdf67f5960198363f56b06f6a4f88aa8654d10 Mon Sep 17 00:00:00 2001
+From: Brent Cook <[email protected]>
+Date: Sun, 18 Dec 2022 22:10:11 -0600
+Subject: [PATCH 2/4] link internal apps statically
+
+---
+ apps/nc/Makefile.am        | 11 +++++++----
+ apps/ocspcheck/Makefile.am | 12 +++++++++---
+ apps/openssl/Makefile.am   |  9 +++++++--
+ 3 files changed, 23 insertions(+), 9 deletions(-)
+
+diff --git a/apps/nc/Makefile.am b/apps/nc/Makefile.am
+index e9db6e592b..aba306ed3b 100644
+--- a/apps/nc/Makefile.am
++++ b/apps/nc/Makefile.am
+@@ -1,6 +1,8 @@
+ include $(top_srcdir)/Makefile.am.common
+ 
+ -include $(abs_top_builddir)/crypto/libcrypto_la_objects.mk
++-include $(abs_top_builddir)/ssl/libssl_la_objects.mk
++-include $(abs_top_builddir)/tls/libtls_la_objects.mk
+ 
+ if BUILD_NC
+ 
+@@ -14,12 +16,13 @@ endif
+ EXTRA_DIST = nc.1
+ EXTRA_DIST += CMakeLists.txt
+ 
+-nc_LDADD = $(abs_top_builddir)/tls/libtls.la
+-nc_LDADD += $(PLATFORM_LDADD) $(PROG_LDADD)
+-
+-nc_LDADD += $(libcrypto_la_objects)
++nc_LDADD = $(libcrypto_la_objects)
+ nc_LDADD += $(libcompat_la_objects)
+ nc_LDADD += $(libcompatnoopt_la_objects)
++nc_LDADD += $(libssl_la_objects)
++nc_LDADD += $(libtls_la_objects)
++
++nc_LDADD += $(PLATFORM_LDADD) $(PROG_LDADD)
+ 
+ AM_CPPFLAGS += -I$(top_srcdir)/apps/nc/compat
+ 
+diff --git a/apps/ocspcheck/Makefile.am b/apps/ocspcheck/Makefile.am
+index 7c7b454313..e6f3c5436b 100644
+--- a/apps/ocspcheck/Makefile.am
++++ b/apps/ocspcheck/Makefile.am
+@@ -1,5 +1,9 @@
+ include $(top_srcdir)/Makefile.am.common
+ 
++-include $(abs_top_builddir)/crypto/libcrypto_la_objects.mk
++-include $(abs_top_builddir)/ssl/libssl_la_objects.mk
++-include $(abs_top_builddir)/tls/libtls_la_objects.mk
++
+ if !ENABLE_LIBTLS_ONLY
+ bin_PROGRAMS = ocspcheck
+ dist_man_MANS = ocspcheck.8
+@@ -10,9 +14,11 @@ endif
+ EXTRA_DIST = ocspcheck.8
+ EXTRA_DIST += CMakeLists.txt
+ 
+-ocspcheck_LDADD = $(abs_top_builddir)/crypto/libcrypto.la
+-ocspcheck_LDADD += $(abs_top_builddir)/ssl/libssl.la
+-ocspcheck_LDADD += $(abs_top_builddir)/tls/libtls.la
++ocspcheck_LDADD = $(libcrypto_la_objects)
++ocspcheck_LDADD += $(libcompat_la_objects)
++ocspcheck_LDADD += $(libcompatnoopt_la_objects)
++ocspcheck_LDADD += $(libssl_la_objects)
++ocspcheck_LDADD += $(libtls_la_objects)
+ ocspcheck_LDADD += $(PLATFORM_LDADD) $(PROG_LDADD)
+ 
+ ocspcheck_SOURCES = http.c
+diff --git a/apps/openssl/Makefile.am b/apps/openssl/Makefile.am
+index 7cbac48ae6..9574e06339 100644
+--- a/apps/openssl/Makefile.am
++++ b/apps/openssl/Makefile.am
+@@ -1,5 +1,8 @@
+ include $(top_srcdir)/Makefile.am.common
+ 
++-include $(abs_top_builddir)/crypto/libcrypto_la_objects.mk
++-include $(abs_top_builddir)/ssl/libssl_la_objects.mk
++
+ if !ENABLE_LIBTLS_ONLY
+ bin_PROGRAMS = openssl
+ dist_man_MANS = openssl.1
+@@ -7,8 +10,10 @@ else
+ noinst_PROGRAMS = openssl
+ endif
+ 
+-openssl_LDADD = $(abs_top_builddir)/ssl/libssl.la
+-openssl_LDADD += $(abs_top_builddir)/crypto/libcrypto.la
++openssl_LDADD = $(libcrypto_la_objects)
++openssl_LDADD += $(libcompat_la_objects)
++openssl_LDADD += $(libcompatnoopt_la_objects)
++openssl_LDADD += $(libssl_la_objects)
+ openssl_LDADD += $(PLATFORM_LDADD) $(PROG_LDADD)
+ 
+ openssl_SOURCES = apps.c
+
+From f261e8c46e5ce6a15638275b95d9d5c145d35d9c Mon Sep 17 00:00:00 2001
+From: Brent Cook <[email protected]>
+Date: Tue, 28 Feb 2023 08:34:39 -0600
+Subject: [PATCH 4/4] unexport internal compat symbols from libcrypto
+
+---
+ crypto/Makefile.am | 66 ----------------------------------------------
+ ssl/Makefile.am    |  4 +++
+ 2 files changed, 4 insertions(+), 66 deletions(-)
+
+diff --git a/crypto/Makefile.am b/crypto/Makefile.am
+index c09d266b2e..0b5ba3f99f 100644
+--- a/crypto/Makefile.am
++++ b/crypto/Makefile.am
+@@ -44,73 +44,7 @@ crypto_portable.sym: crypto.sym  Makefile
+       -echo "generating crypto_portable.sym ..."
+       -cp $(top_srcdir)/crypto/crypto.sym crypto_portable.sym
+       -chmod u+w crypto_portable.sym
+-if !HAVE_ARC4RANDOM_BUF
+-      -echo arc4random >> crypto_portable.sym
+-      -echo arc4random_buf >> crypto_portable.sym
+-      -echo arc4random_uniform >> crypto_portable.sym
+-if !HAVE_GETENTROPY
+-      -echo getentropy >> crypto_portable.sym
+-endif
+-endif
+-if !HAVE_ASPRINTF
+-      -echo asprintf >> crypto_portable.sym
+-      -echo vasprintf >> crypto_portable.sym
+-endif
+-if !HAVE_EXPLICIT_BZERO
+-      -echo explicit_bzero >> crypto_portable.sym
+-endif
+-if !HAVE_FREEZERO
+-      -echo freezero >> crypto_portable.sym
+-endif
+-if !HAVE_REALLOCARRAY
+-      -echo reallocarray >> crypto_portable.sym
+-endif
+-if !HAVE_RECALLOCARRAY
+-      -echo recallocarray >> crypto_portable.sym
+-endif
+-if !HAVE_STRLCAT
+-      -echo strlcat >> crypto_portable.sym
+-endif
+-if !HAVE_STRLCPY
+-      -echo strlcpy >> crypto_portable.sym
+-endif
+-if !HAVE_STRNDUP
+-      -echo strndup >> crypto_portable.sym
+-endif
+-if !HAVE_STRNLEN
+-      -echo strnlen >> crypto_portable.sym
+-endif
+-if !HAVE_STRSEP
+-      -echo strsep >> crypto_portable.sym
+-endif
+-if !HAVE_STRTONUM
+-      -echo strtonum >> crypto_portable.sym
+-endif
+-if !HAVE_TIMEGM
+-      -echo timegm >> crypto_portable.sym
+-endif
+-if !HAVE_TIMINGSAFE_BCMP
+-      -echo timingsafe_bcmp >> crypto_portable.sym
+-endif
+-if !HAVE_TIMINGSAFE_MEMCMP
+-      -echo timingsafe_memcmp >> crypto_portable.sym
+-endif
+-if HOST_CPU_IS_INTEL
+-      -echo OPENSSL_ia32cap_P >> crypto_portable.sym
+-endif
+ if HOST_WIN
+-      -echo posix_perror >> crypto_portable.sym
+-      -echo posix_fopen >> crypto_portable.sym
+-      -echo posix_fgets >> crypto_portable.sym
+-      -echo posix_open >> crypto_portable.sym
+-      -echo posix_rename >> crypto_portable.sym
+-      -echo posix_connect >> crypto_portable.sym
+-      -echo posix_close >> crypto_portable.sym
+-      -echo posix_read >> crypto_portable.sym
+-      -echo posix_write >> crypto_portable.sym
+-      -echo posix_getsockopt >> crypto_portable.sym
+-      -echo posix_setsockopt >> crypto_portable.sym
+-      -echo getuid >> crypto_portable.sym
+       -grep -v BIO_s_log crypto_portable.sym > crypto_portable.sym.tmp
+       -mv crypto_portable.sym.tmp crypto_portable.sym
+ endif
+diff --git a/ssl/Makefile.am b/ssl/Makefile.am
+index d27e2af835..002a26674a 100644
+--- a/ssl/Makefile.am
++++ b/ssl/Makefile.am
+@@ -1,5 +1,7 @@
+ include $(top_srcdir)/Makefile.am.common
+ 
++-include $(abs_top_builddir)/crypto/libcrypto_la_objects.mk
++
+ AM_CPPFLAGS += -I$(top_srcdir)/crypto/bio
+ 
+ noinst_LTLIBRARIES = libbs.la
+@@ -34,6 +36,8 @@ remove_bs_objects: libssl.la
+ libssl_la_CPPFLAGS = -I$(top_srcdir)/ssl/hidden ${AM_CPPFLAGS}
+ libssl_la_LDFLAGS = -version-info @LIBSSL_VERSION@ -no-undefined 
-export-symbols $(top_srcdir)/ssl/ssl.sym
+ libssl_la_LIBADD = $(abs_top_builddir)/crypto/libcrypto.la $(PLATFORM_LDADD)
++libssl_la_LIBADD += $(libcompat_la_objects)
++libssl_la_LIBADD += $(libcompatnoopt_la_objects)
+ libssl_la_LIBADD += libbs.la
+ 
+ libbs_la_SOURCES = bs_ber.c

diff --git a/dev-libs/libressl/libressl-3.7.3-r1.ebuild 
b/dev-libs/libressl/libressl-3.7.3-r1.ebuild
new file mode 100644
index 0000000..a2beb54
--- /dev/null
+++ b/dev-libs/libressl/libressl-3.7.3-r1.ebuild
@@ -0,0 +1,74 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/libressl.asc
+inherit autotools multilib-minimal verify-sig
+
+DESCRIPTION="Free version of the SSL/TLS protocol forked from OpenSSL"
+HOMEPAGE="https://www.libressl.org/";
+SRC_URI="
+       https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/${P}.tar.gz
+       verify-sig? ( 
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/${P}.tar.gz.asc )
+"
+
+LICENSE="ISC openssl"
+# Reflects ABI of libcrypto.so and libssl.so. Since these can differ,
+# we'll try to use the max of either. However, if either change between
+# versions, we have to change the subslot to trigger rebuild of consumers.
+SLOT="0/54"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~s390 
~sparc ~x86 ~amd64-linux ~ppc-macos ~x64-macos ~x64-solaris"
+IUSE="+asm netcat static-libs test"
+RESTRICT="!test? ( test )"
+
+PDEPEND="app-misc/ca-certificates"
+BDEPEND="verify-sig? ( sec-keys/openpgp-keys-libressl )"
+RDEPEND="netcat? (
+       !net-analyzer/netcat
+       !net-analyzer/nmap[symlink]
+       !net-analyzer/openbsd-netcat
+)"
+
+MULTILIB_WRAPPED_HEADERS=( /usr/include/openssl/opensslconf.h )
+
+# LibreSSL checks for libc features during configure
+QA_CONFIG_IMPL_DECL_SKIP=(
+       __va_copy
+       b64_ntop
+)
+
+PATCHES=(
+       "${FILESDIR}"/${PN}-2.8.3-solaris10.patch
+       # Silences a Gentoo QA notice that is a false positive
+       # https://github.com/libressl/portable/issues/825
+       "${FILESDIR}"/${PN}-3.7.2-array-bounds.patch
+       # Gentoo's ssl-cert.eclass uses 'openssl genrsa -rand'
+       # which LibreSSL doesn't support.
+       # https://github.com/libressl/portable/issues/839
+       "${FILESDIR}"/${PN}-3.7.2-genrsa-rand.patch
+       # https://github.com/gentoo/libressl/issues/549
+       "${FILESDIR}"/${P}-libcrypto-unexport-internal-symbols.patch
+)
+
+src_prepare() {
+       default
+
+       eautoreconf
+}
+
+multilib_src_configure() {
+       local ECONF_SOURCE="${S}"
+       local args=(
+               $(use_enable asm)
+               $(use_enable static-libs static)
+               $(use_enable netcat nc)
+               $(use_enable test tests)
+       )
+       econf "${args[@]}"
+}
+
+multilib_src_install_all() {
+       einstalldocs
+       find "${D}" -name '*.la' -exec rm -f {} + || die
+}

[gentoo-commits] repo/proj/libressl:master commit in: dev-libs/libressl/, dev-libs/libressl/files/

Reply via email to