diff --git a/sdk_container/src/third_party/portage-stable/net-libs/gnutls/Manifest b/sdk_container/src/third_party/portage-stable/net-libs/gnutls/Manifest index d5dd2ac23f..3b6051fad3 100644 --- a/sdk_container/src/third_party/portage-stable/net-libs/gnutls/Manifest +++ b/sdk_container/src/third_party/portage-stable/net-libs/gnutls/Manifest @@ -1,5 +1,3 @@ -DIST gnutls-3.8.7.1.tar.xz 6695404 BLAKE2B 43334190ce1e45c5302b195f17d06e767d1bea7376278bfbc6ff181a2f57423ba5f334c00ae1833938c7a7a8d15cf607ac862e57435a756ccfa98527d469fd3a SHA512 429cea78e227d838105791b28a18270c3d2418bfb951c322771e6323d5f712204d63d66a6606ce9604a92d236a8dd07d651232c717264472d27eb6de26ddc733 -DIST gnutls-3.8.7.1.tar.xz.sig 580 BLAKE2B ca627d7b3f089205c94f556bee9c06428ada9e0116bb50486dc7dd70f611ae744416d96b17452749d102ccd16bf7b400577b1886a7c8be55833c9e2fde85f9ae SHA512 53ebdaa9775ae22f7eb5e7d6f5411ec667c9c880cea84e23651b6d1994fb1398c09d8efa39b21c96f8be29fa09c2436bdd732a061308956ca1650e3e1878ed57 DIST gnutls-3.8.8.tar.xz 6696460 BLAKE2B d1498b0b9f14789599fd5b984d5370b632611f2702e9f4fc504ddba2a3e0dd4137bec858eb6150d031f9f50e6b3a3a7d905864f0a9f50a1f01e5ea8f37a44ba8 SHA512 4f617c63e8e8392e400d72c9e39989fcd782268b4a4c4e36bbfb0444a4b5bcb0f53054f04a6dce99ab89c0f38f57430c95aaaec6eb9209b8e9329140abf230c3 DIST gnutls-3.8.8.tar.xz.sig 580 BLAKE2B 11a30f09e3a478615df2c6a0e40c0b9b2aad5794a82ae0cc871fcf3699b5d9725c9d04708c6f0b983da6e21f90a81f7550e723d0d04f97d1a16d526efbe91b1e SHA512 fdff792511e9e5de203a1dfd66bf521c12fb74a19de651ffa1f7359dafdd1dad59ae57d0f95fa363c4167f798e6b624b4ae1f84d4e0737ff690c2fb0e5a5bdce DIST gnutls-3.8.9.tar.xz 6847364 BLAKE2B 0fd4751e24649a9c4b8ee7616350a4b6a504ec10b3ef39b450af25abc4935f30df9e8f732435166516f89c692ac7cb7a0aafb76c4c86c1faff53119840d26ae7 SHA512 b3b201671bf4e75325610a0291d4cd36a669718e22b3685246b64bde97b5bd94f463ab376ed817869869714115f4ff11bdc53c32604bb04a8ff8e10daa6d1fc7 diff --git a/sdk_container/src/third_party/portage-stable/net-libs/gnutls/files/gnutls-3.8.7.1-configure-brotli.patch b/sdk_container/src/third_party/portage-stable/net-libs/gnutls/files/gnutls-3.8.7.1-configure-brotli.patch deleted file mode 100644 index 1dac6f514f..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-libs/gnutls/files/gnutls-3.8.7.1-configure-brotli.patch +++ /dev/null @@ -1,156 +0,0 @@ -https://bugs.gentoo.org/937997 -https://gitlab.com/gnutls/gnutls/-/merge_requests/1867 - -From 292f96f26d7ce80e4a165c903c4fd569b85c1c1f Mon Sep 17 00:00:00 2001 -From: Daiki Ueno -Date: Fri, 16 Aug 2024 09:42:15 +0900 -Subject: [PATCH 1/3] build: fix setting AM_CONDITIONAL for brotli and zstd - -As the with_{libbrotli,libzsttd} variables are unset if configured -with --without-{brotli,zstd}, check the unequality to "no" doesn't -work; use explicit matching with "yes" instead. - -Signed-off-by: Daiki Ueno ---- a/configure.ac -+++ b/configure.ac -@@ -1158,7 +1158,7 @@ if test x$ac_brotli != xno; then - else - AC_MSG_RESULT(no) - fi --AM_CONDITIONAL(HAVE_LIBBROTLI, test "$with_libbrotlienc" != "no" && test "$with_libbrotlidec" != "no") -+AM_CONDITIONAL(HAVE_LIBBROTLI, test "$with_libbrotlienc" = yes && test "$with_libbrotlidec" = yes) - - AS_IF([test "$ac_cv_dlopen_soname_works" = yes], [ - save_CFLAGS=$CFLAGS -@@ -1203,7 +1203,7 @@ if test x$ac_zstd != xno; then - else - AC_MSG_RESULT(no) - fi --AM_CONDITIONAL(HAVE_LIBZSTD, test "$with_libzstd" != "no") -+AM_CONDITIONAL(HAVE_LIBZSTD, test "$with_libzstd" = yes) - - AS_IF([test "$ac_cv_dlopen_soname_works" = yes], [ - save_CFLAGS=$CFLAGS --- -GitLab - - -From 546153198d2fb8fc4902f23de6254bb7988de534 Mon Sep 17 00:00:00 2001 -From: Daiki Ueno -Date: Fri, 16 Aug 2024 09:48:31 +0900 -Subject: [PATCH 2/3] build: don't emit Requires.private for dlopened libraries - -Signed-off-by: Daiki Ueno ---- a/configure.ac -+++ b/configure.ac -@@ -1100,11 +1100,6 @@ if test x$ac_zlib != xno; then - PKG_CHECK_EXISTS(zlib, ZLIB_HAS_PKGCONFIG=y, ZLIB_HAS_PKGCONFIG=n) - if test "$ZLIB_HAS_PKGCONFIG" = "y" ; then - PKG_CHECK_MODULES(ZLIB, [zlib]) -- if test "x$GNUTLS_REQUIRES_PRIVATE" = x; then -- GNUTLS_REQUIRES_PRIVATE="Requires.private: zlib" -- else -- GNUTLS_REQUIRES_PRIVATE="$GNUTLS_REQUIRES_PRIVATE, zlib" -- fi - ac_zlib=yes - else - AC_LIB_HAVE_LINKFLAGS(z,, [#include ], [compress (0, 0, 0, 0);]) -@@ -1134,6 +1129,13 @@ AS_IF([test "$ac_cv_dlopen_soname_works" = yes], [ - compress (0, 0, 0, 0);])]) - LIBS="$save_LIBS" - CFLAGS="$save_CFLAGS" -+], -+ [test "$ZLIB_HAS_PKGCONFIG" = y && test "$ac_zlib" = yes], [ -+ if test "x$GNUTLS_REQUIRES_PRIVATE" = x; then -+ GNUTLS_REQUIRES_PRIVATE="Requires.private: zlib" -+ else -+ GNUTLS_REQUIRES_PRIVATE="$GNUTLS_REQUIRES_PRIVATE, zlib" -+ fi - ]) - - AC_ARG_WITH(brotli, -@@ -1146,11 +1148,6 @@ if test x$ac_brotli != xno; then - PKG_CHECK_MODULES(LIBBROTLIDEC, [libbrotlidec >= 1.0.0], [with_libbrotlidec=yes], [with_libbrotlidec=no]) - if test "${with_libbrotlienc}" = "yes" && test "${with_libbrotlidec}" = "yes"; then - AC_DEFINE([HAVE_LIBBROTLI], 1, [Define if BROTLI compression is enabled.]) -- if test "x$GNUTLS_REQUIRES_PRIVATE" = "x"; then -- GNUTLS_REQUIRES_PRIVATE="Requires.private: libbrotlienc, libbrotlidec" -- else -- GNUTLS_REQUIRES_PRIVATE="${GNUTLS_REQUIRES_PRIVATE}, libbrotlienc, libbrotlidec" -- fi - need_ltlibdl=yes - else - AC_MSG_WARN(*** LIBBROTLI was not found. You will not be able to use BROTLI compression.) -@@ -1180,6 +1177,13 @@ AS_IF([test "$ac_cv_dlopen_soname_works" = yes], [ - BrotliDecoderVersion();])]) - LIBS="$save_LIBS" - CFLAGS="$save_CFLAGS" -+], -+ [test "$with_libbrotlienc" = yes && test "$with_libbrotlidec" = yes], [ -+ if test "x$GNUTLS_REQUIRES_PRIVATE" = "x"; then -+ GNUTLS_REQUIRES_PRIVATE="Requires.private: libbrotlienc, libbrotlidec" -+ else -+ GNUTLS_REQUIRES_PRIVATE="${GNUTLS_REQUIRES_PRIVATE}, libbrotlienc, libbrotlidec" -+ fi - ]) - - AC_ARG_WITH(zstd, -@@ -1191,11 +1195,6 @@ if test x$ac_zstd != xno; then - PKG_CHECK_MODULES(LIBZSTD, [libzstd >= 1.3.0], [with_libzstd=yes], [with_libzstd=no]) - if test "${with_libzstd}" = "yes"; then - AC_DEFINE([HAVE_LIBZSTD], 1, [Define if ZSTD compression is enabled.]) -- if test "x$GNUTLS_REQUIRES_PRIVATE" = "x"; then -- GNUTLS_REQUIRES_PRIVATE="Requires.private: libzstd" -- else -- GNUTLS_REQUIRES_PRIVATE="${GNUTLS_REQUIRES_PRIVATE}, libzstd" -- fi - need_ltlibdl=yes - else - AC_MSG_WARN(*** LIBZSTD was not found. You will not be able to use ZSTD compression.) -@@ -1215,6 +1214,13 @@ AS_IF([test "$ac_cv_dlopen_soname_works" = yes], [ - ZSTD_versionNumber();])]) - LIBS="$save_LIBS" - CFLAGS="$save_CFLAGS" -+], -+ [test "$with_libzstd" = yes], [ -+ if test "x$GNUTLS_REQUIRES_PRIVATE" = "x"; then -+ GNUTLS_REQUIRES_PRIVATE="Requires.private: libzstd" -+ else -+ GNUTLS_REQUIRES_PRIVATE="${GNUTLS_REQUIRES_PRIVATE}, libzstd" -+ fi - ]) - - AC_ARG_WITH(liboqs, --- -GitLab - - -From 8d0ec0ccdfeaae0d56426169d4c7b490e3b07826 Mon Sep 17 00:00:00 2001 -From: Daiki Ueno -Date: Fri, 16 Aug 2024 13:35:47 +0900 -Subject: [PATCH 3/3] build: add liboqs in Requires.private in gnutls.pc if - needed - -When --with-liboqs is specified and liboqs cannot be dlopen'ed, it -will be linked at build time. In that case gnutls.pc should indicate -that through Requires.private. - -Signed-off-by: Daiki Ueno ---- a/configure.ac -+++ b/configure.ac -@@ -1256,6 +1256,13 @@ AS_IF([test "$ac_cv_dlopen_soname_works" = yes], [ - OQS_version ();])]) - LIBS="$save_LIBS" - CFLAGS="$save_CFLAGS" -+], -+ [test "$have_liboqs" = yes], [ -+ if test "x$GNUTLS_REQUIRES_PRIVATE" = x; then -+ GNUTLS_REQUIRES_PRIVATE="Requires.private: liboqs" -+ else -+ GNUTLS_REQUIRES_PRIVATE="$GNUTLS_REQUIRES_PRIVATE, liboqs" -+ fi - ]) - - AM_CONDITIONAL(NEED_LTLIBDL, test "$need_ltlibdl" = yes) --- -GitLab diff --git a/sdk_container/src/third_party/portage-stable/net-libs/gnutls/files/gnutls-3.8.7.1-tests.patch b/sdk_container/src/third_party/portage-stable/net-libs/gnutls/files/gnutls-3.8.7.1-tests.patch deleted file mode 100644 index 1e1b3b54f4..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-libs/gnutls/files/gnutls-3.8.7.1-tests.patch +++ /dev/null @@ -1,45 +0,0 @@ -https://gitlab.com/gnutls/gnutls/-/commit/f3e8eac0586a19f4dafd89f68006a536b826e65a - -From f3e8eac0586a19f4dafd89f68006a536b826e65a Mon Sep 17 00:00:00 2001 -From: Andreas Metzler -Date: Thu, 15 Aug 2024 16:22:02 +0200 -Subject: [PATCH] revert back to datefudge for "openssl ocsp". - -openssl's -attime only changes the verification logic but not the -generation. - -Broken by: d1bc7f644422c4d87edfcd9fafe7f292a1a3a6de - -Signed-off-by: Andreas Metzler ---- a/tests/ocsp-tests/ocsp-must-staple-connection.sh -+++ b/tests/ocsp-tests/ocsp-must-staple-connection.sh -@@ -48,6 +48,8 @@ fi - - . "${srcdir}/scripts/common.sh" - -+skip_if_no_datefudge -+ - eval "${GETPORT}" - # Port for gnutls-serv - TLS_SERVER_PORT=$PORT -@@ -69,7 +71,6 @@ fi - - CERTDATE="2016-04-28 00:00:00" - TESTDATE="2016-04-29 00:00:00" --EPOCHTESTDATE=1461888000 - EXP_OCSP_DATE="2016-03-27 00:00:00" - - OCSP_PID="" -@@ -129,8 +130,8 @@ cp "${srcdir}/ocsp-tests/certs/ocsp_index.txt.attr" ${ATTRFILE} - # SO_REUSEADDR usage. - PORT=${OCSP_PORT} - launch_bare_server \ -- "${OPENSSL}" ocsp -attime "${EPOCHTESTDATE}" \ -- -index "${INDEXFILE}" -text \ -+ "$FAKETIME" "${TESTDATE}" \ -+ "${OPENSSL}" ocsp -index "${INDEXFILE}" -text \ - -port "${OCSP_PORT}" \ - -rsigner "${srcdir}/ocsp-tests/certs/ocsp-server.pem" \ - -rkey "${srcdir}/ocsp-tests/certs/ocsp-server.key" \ --- -GitLab diff --git a/sdk_container/src/third_party/portage-stable/net-libs/gnutls/gnutls-3.8.7.1-r1.ebuild b/sdk_container/src/third_party/portage-stable/net-libs/gnutls/gnutls-3.8.7.1-r1.ebuild deleted file mode 100644 index 4bea59830e..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-libs/gnutls/gnutls-3.8.7.1-r1.ebuild +++ /dev/null @@ -1,166 +0,0 @@ -# Copyright 1999-2024 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/gnutls.asc -inherit autotools multilib-minimal verify-sig - -DESCRIPTION="A secure communications library implementing the SSL, TLS and DTLS protocols" -HOMEPAGE="https://www.gnutls.org/" -SRC_URI="mirror://gnupg/gnutls/v$(ver_cut 1-2)/${P}.tar.xz" -SRC_URI+=" verify-sig? ( mirror://gnupg/gnutls/v$(ver_cut 1-2)/${P}.tar.xz.sig )" -if [[ ${PV} == 3.8.7.1 ]] ; then - # Workaround for botched dist tarball - S="${WORKDIR}"/gnutls-3.8.7 -fi - -LICENSE="GPL-3 LGPL-2.1+" -# As of 3.8.0, the C++ library is header-only, but we won't drop the subslot -# component for it until libgnutls.so breaks ABI, to avoid pointless rebuilds. -# Subslot format: -# . -SLOT="0/30.30" -KEYWORDS="~alpha amd64 arm arm64 hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" -IUSE="brotli +cxx dane doc examples +idn nls +openssl pkcs11 sslv2 sslv3 static-libs test test-full +tls-heartbeat tools zlib zstd" -REQUIRED_USE="test-full? ( cxx dane doc examples idn nls openssl pkcs11 tls-heartbeat tools )" -RESTRICT="!test? ( test )" - -# >=nettle-3.10 as a workaround for bug #936011 -RDEPEND=" - >=dev-libs/libtasn1-4.9:=[${MULTILIB_USEDEP}] - dev-libs/libunistring:=[${MULTILIB_USEDEP}] - >=dev-libs/nettle-3.10:=[gmp,${MULTILIB_USEDEP}] - >=dev-libs/gmp-5.1.3-r1:=[${MULTILIB_USEDEP}] - brotli? ( >=app-arch/brotli-1.0.0:=[${MULTILIB_USEDEP}] ) - dane? ( >=net-dns/unbound-1.4.20:=[${MULTILIB_USEDEP}] ) - nls? ( >=virtual/libintl-0-r1:=[${MULTILIB_USEDEP}] ) - pkcs11? ( >=app-crypt/p11-kit-0.23.1[${MULTILIB_USEDEP}] ) - idn? ( >=net-dns/libidn2-0.16-r1:=[${MULTILIB_USEDEP}] ) - zlib? ( sys-libs/zlib[${MULTILIB_USEDEP}] ) - zstd? ( >=app-arch/zstd-1.3.0:=[${MULTILIB_USEDEP}] ) -" -DEPEND=" - ${RDEPEND} - test-full? ( sys-libs/libseccomp ) -" -BDEPEND=" - dev-build/gtk-doc-am - >=virtual/pkgconfig-0-r1 - doc? ( dev-util/gtk-doc ) - nls? ( sys-devel/gettext ) - test-full? ( - app-crypt/dieharder - || ( sys-libs/libfaketime >=app-misc/datefudge-1.22 ) - dev-libs/softhsm:2[-bindist(-)] - net-dialup/ppp - net-misc/socat - ) - verify-sig? ( >=sec-keys/openpgp-keys-gnutls-20240415 ) -" - -DOCS=( README.md doc/certtool.cfg ) - -HTML_DOCS=() - -QA_CONFIG_IMPL_DECL_SKIP=( - # gnulib FPs - MIN - alignof - static_assert -) - -PATCHES=( - "${FILESDIR}"/${PN}-3.8.7.1-configure-brotli.patch - "${FILESDIR}"/${PN}-3.8.7.1-tests.patch -) - -src_prepare() { - default - - # bug #520818 - export TZ=UTC - - use doc && HTML_DOCS+=( doc/gnutls.html ) - - # don't try to use system certificate store on macOS, it is - # confusingly ignoring our ca-certificates and more importantly - # fails to compile in certain configurations - sed -i -e 's/__APPLE__/__NO_APPLE__/' lib/system/certs.c || die - - # Use sane .so versioning on FreeBSD. - #elibtoolize - - # Switch back to elibtoolize after 3.8.7.1 - eautoreconf -} - -multilib_src_configure() { - LINGUAS="${LINGUAS//en/en@boldquot en@quot}" - - local libconf=() - - # TPM needs to be tested before being enabled - # Note that this may add a libltdl dep when enabled. Check configure.ac. - libconf+=( - --without-tpm - --without-tpm2 - ) - - # hardware-accel is disabled on OSX because the asm files force - # GNU-stack (as doesn't support that) and when that's removed ld - # complains about duplicate symbols - [[ ${CHOST} == *-darwin* ]] && libconf+=( --disable-hardware-acceleration ) - - # -fanalyzer substantially slows down the build and isn't useful for - # us. It's useful for upstream as it's static analysis, but it's not - # useful when just getting something built. - export gl_cv_warn_c__fanalyzer=no - - local myeconfargs=( - --disable-valgrind-tests - $(multilib_native_enable manpages) - $(multilib_native_use_enable doc gtk-doc) - $(multilib_native_use_enable doc) - $(multilib_native_use_enable test tests) - $(multilib_native_use_enable test-full full-test-suite) - $(multilib_native_use_enable test-full seccomp-tests) - $(multilib_native_use_enable tools) - $(use_enable cxx) - $(use_enable dane libdane) - $(use_enable nls) - $(use_enable openssl openssl-compatibility) - $(use_enable sslv2 ssl2-support) - $(use_enable sslv3 ssl3-support) - $(use_enable static-libs static) - $(use_enable tls-heartbeat heartbeat-support) - $(use_with brotli) - $(use_with idn) - $(use_with pkcs11 p11-kit) - $(use_with zlib) - $(use_with zstd) - --disable-rpath - --with-default-trust-store-file="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt - --with-unbound-root-key-file="${EPREFIX}"/etc/dnssec/root-anchors.txt - --without-included-libtasn1 - $("${S}/configure" --help | grep -o -- '--without-.*-prefix') - ) - - ECONF_SOURCE="${S}" econf "${libconf[@]}" "${myeconfargs[@]}" - - if [[ ${CHOST} == *-solaris* ]] ; then - # gnulib ends up defining its own pthread_mutexattr_gettype - # otherwise, which is causing versioning problems - echo "#define PTHREAD_IN_USE_DETECTION_HARD 1" >> config.h || die - fi -} - -multilib_src_install_all() { - einstalldocs - find "${ED}" -type f -name '*.la' -delete || die - - if use examples; then - docinto examples - dodoc doc/examples/*.c - fi -} diff --git a/sdk_container/src/third_party/portage-stable/net-libs/gnutls/gnutls-3.8.8.ebuild b/sdk_container/src/third_party/portage-stable/net-libs/gnutls/gnutls-3.8.8.ebuild index 4fb2c91560..97af7a7619 100644 --- a/sdk_container/src/third_party/portage-stable/net-libs/gnutls/gnutls-3.8.8.ebuild +++ b/sdk_container/src/third_party/portage-stable/net-libs/gnutls/gnutls-3.8.8.ebuild @@ -21,7 +21,7 @@ LICENSE="GPL-3 LGPL-2.1+" # Subslot format: # . SLOT="0/30.30" -KEYWORDS="~alpha amd64 arm arm64 hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" +KEYWORDS="~alpha amd64 arm arm64 hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" IUSE="brotli +cxx dane doc examples +idn nls +openssl pkcs11 sslv2 sslv3 static-libs test test-full +tls-heartbeat tools zlib zstd" REQUIRED_USE="test-full? ( cxx dane doc examples idn nls openssl pkcs11 tls-heartbeat tools )" RESTRICT="!test? ( test )"