commit: 2c83922e6bd0289e72494a6f513986f94fa2f2bd
Author: Azamat H. Hackimov <azamat.hackimov <AT> gmail <DOT> com>
AuthorDate: Fri Apr 12 00:33:21 2024 +0000
Commit: Viorel Munteanu <ceamac <AT> gentoo <DOT> org>
CommitDate: Mon May 27 10:51:31 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2c83922e
net-libs/mbedtls: add 2.28.8
Fixes CVE-2024-28960.
Signed-off-by: Azamat H. Hackimov <azamat.hackimov <AT> gmail.com>
Signed-off-by: Viorel Munteanu <ceamac <AT> gentoo.org>
net-libs/mbedtls/Manifest | 1 +
net-libs/mbedtls/mbedtls-2.28.8.ebuild | 103 +++++++++++++++++++++++++++++++++
2 files changed, 104 insertions(+)
diff --git a/net-libs/mbedtls/Manifest b/net-libs/mbedtls/Manifest
index b424ead33b61..3894c8d34fe7 100644
--- a/net-libs/mbedtls/Manifest
+++ b/net-libs/mbedtls/Manifest
@@ -1,3 +1,4 @@
DIST mbedtls-2.28.5.tar.gz 4005000 BLAKE2B
755287e1a1e0be5d193a8a184a9ae3ab2b6c216235657f7f2e422fe06226cd4c7d11811bcb53519018137e7ed838b241704c955872e28f133bb17a5f42222acb
SHA512
339911d244b4e6e4d77b344c796f018d9ad4c56249530b8a56e0dc305ddf30bc709dca96a19c5a06710e92d167ef22893e9e17e20837e9daee0d0be00a8ccae9
DIST mbedtls-2.28.7.tar.gz 3990571 BLAKE2B
91a11d9d56fc058c3aef797e644c2c141cd70dc96716e75d9074de89717298a10c93e403a2fed9ae6f34c7549753a70d61b6602fbc21bc568c2e260d4f369f65
SHA512
1cf6722d60a49375f857c8d84f06dbb50ea08accaa12b329d75a93b959aef382410e7b6e0a1511407402b3eec5e2208eaf5e9fc2c8574ed0f8f44234bc4401b3
+DIST mbedtls-2.28.8.tar.bz2 3343796 BLAKE2B
1efde6698662873c40df9733bae902db4e009f3dd26a937e05707ca1a208b71675df0737b44b5895a60cfbf42f18f92dae88cba62f32b55733947b9c0481880e
SHA512
c8e91ec50ab2caf1f33e907279dc30fca2a8cd97e6e531be857149589e52aeffb95b445b2a9fa674886f0071f446381da3bb8107f7e850f3390128b069ac9ea7
DIST mbedtls-3.5.2.tar.gz 5584711 BLAKE2B
f1d0e7368ad156cc5cde4cd396ccaf3e1cacfda38f7d7ee89c908245944d22152d141928e8aeebd298437079e7fdb74207875e2f48ce3ef1a6f5fb8840b19df3
SHA512
99f4110d8410415982cb9b71994b069e4d2f89841decccc68b629250c7497c10d5e3ffe867c4ac1518ec7d6edd9703c38fd8afb6c238e9e0e7132def2b09b4e3
diff --git a/net-libs/mbedtls/mbedtls-2.28.8.ebuild
b/net-libs/mbedtls/mbedtls-2.28.8.ebuild
new file mode 100644
index 000000000000..3a5fad9968c5
--- /dev/null
+++ b/net-libs/mbedtls/mbedtls-2.28.8.ebuild
@@ -0,0 +1,103 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10..12} )
+
+inherit cmake multilib-minimal python-any-r1
+
+DESCRIPTION="Cryptographic library for embedded systems"
+HOMEPAGE="https://www.trustedfirmware.org/projects/mbed-tls/";
+SRC_URI="https://github.com/Mbed-TLS/mbedtls/releases/download/v${PV}/${P}.tar.bz2";
+
+LICENSE="|| ( Apache-2.0 GPL-2+ )"
+SLOT="0/7.14.1" # ffmpeg subslot naming: SONAME tuple of
{libmbedcrypto.so,libmbedtls.so,libmbedx509.so}
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64
~riscv ~s390 ~sparc ~x86"
+IUSE="cmac cpu_flags_x86_sse2 doc havege programs static-libs test threads
zlib"
+RESTRICT="!test? ( test )"
+
+RDEPEND="
+ zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
+"
+DEPEND="${RDEPEND}"
+BDEPEND="
+ ${PYTHON_DEPS}
+ doc? (
+ app-text/doxygen
+ media-gfx/graphviz
+ )
+ test? ( dev-lang/perl )
+"
+
+enable_mbedtls_option() {
+ local myopt="$@"
+ # check that config.h syntax is the same at version bump
+ sed -i \
+ -e "s://#define ${myopt}:#define ${myopt}:" \
+ include/mbedtls/config.h || die
+}
+
+src_prepare() {
+ use cmac && enable_mbedtls_option MBEDTLS_CMAC_C
+ use cpu_flags_x86_sse2 && enable_mbedtls_option MBEDTLS_HAVE_SSE2
+ use zlib && enable_mbedtls_option MBEDTLS_ZLIB_SUPPORT
+ use havege && enable_mbedtls_option MBEDTLS_HAVEGE_C
+ use threads && enable_mbedtls_option MBEDTLS_THREADING_C
+ use threads && enable_mbedtls_option MBEDTLS_THREADING_PTHREAD
+
+ cmake_src_prepare
+}
+
+multilib_src_configure() {
+ local mycmakeargs=(
+ -DENABLE_PROGRAMS=$(multilib_native_usex programs)
+ -DENABLE_TESTING=$(usex test)
+ -DENABLE_ZLIB_SUPPORT=$(usex zlib)
+ -DINSTALL_MBEDTLS_HEADERS=ON
+ -DLIB_INSTALL_DIR="${EPREFIX}/usr/$(get_libdir)"
+ -DLINK_WITH_PTHREAD=$(usex threads)
+ -DMBEDTLS_FATAL_WARNINGS=OFF # Don't use -Werror, #744946
+ -DUSE_SHARED_MBEDTLS_LIBRARY=ON
+ -DUSE_STATIC_MBEDTLS_LIBRARY=$(usex static-libs)
+ )
+
+ cmake_src_configure
+}
+
+multilib_src_compile() {
+ cmake_src_compile
+ use doc && multilib_is_native_abi && emake -C "${S}" apidoc
+}
+
+multilib_src_test() {
+ # Disable parallel run, bug #718390
+ # https://github.com/Mbed-TLS/mbedtls/issues/4980
+ LD_LIBRARY_PATH="${LD_LIBRARY_PATH}:${BUILD_DIR}/library" \
+ cmake_src_test -j1
+}
+
+multilib_src_install() {
+ cmake_src_install
+}
+
+multilib_src_install_all() {
+ use doc && HTML_DOCS=( apidoc )
+
+ einstalldocs
+
+ if use programs ; then
+ # avoid file collisions with sys-apps/coreutils
+ local p e
+ for p in "${ED}"/usr/bin/* ; do
+ if [[ -x "${p}" && ! -d "${p}" ]] ; then
+ mv "${p}" "${ED}"/usr/bin/mbedtls_${p##*/} ||
die
+ fi
+ done
+ for e in aes hash pkey ssl test ; do
+ docinto "${e}"
+ dodoc programs/"${e}"/*.c
+ dodoc programs/"${e}"/*.txt
+ done
+ fi
+}
