From 780d9c9e6538ad67326538cc403e6d8e9f701a42 Mon Sep 17 00:00:00 2001 From: Flatcar Buildbot Date: Mon, 2 Mar 2026 07:28:22 +0000 Subject: [PATCH] net-libs/gnutls: Sync with Gentoo It's from Gentoo commit a0f115fddabd94adc287b1b582e5a17f59c89398. Signed-off-by: Flatcar Buildbot --- .../portage-stable/net-libs/gnutls/Manifest | 4 +-- .../net-libs/gnutls/gnutls-3.8.10-r1.ebuild | 8 +++-- .../net-libs/gnutls/gnutls-3.8.11.ebuild | 11 +++++-- ....8.9-r1.ebuild => gnutls-3.8.12-r1.ebuild} | 29 ++++++++++++------- ...tls-3.8.10.ebuild => gnutls-3.8.12.ebuild} | 16 +++++----- .../net-libs/gnutls/metadata.xml | 7 +++++ 6 files changed, 50 insertions(+), 25 deletions(-) rename sdk_container/src/third_party/portage-stable/net-libs/gnutls/{gnutls-3.8.9-r1.ebuild => gnutls-3.8.12-r1.ebuild} (82%) rename sdk_container/src/third_party/portage-stable/net-libs/gnutls/{gnutls-3.8.10.ebuild => gnutls-3.8.12.ebuild} (91%) diff --git a/sdk_container/src/third_party/portage-stable/net-libs/gnutls/Manifest b/sdk_container/src/third_party/portage-stable/net-libs/gnutls/Manifest index 3100e6b719..b898383457 100644 --- a/sdk_container/src/third_party/portage-stable/net-libs/gnutls/Manifest +++ b/sdk_container/src/third_party/portage-stable/net-libs/gnutls/Manifest @@ -2,5 +2,5 @@ DIST gnutls-3.8.10.tar.xz 6909856 BLAKE2B 0b62e93b2818d2265ca11e561724547fa3c24d DIST gnutls-3.8.10.tar.xz.sig 566 BLAKE2B 32af044eb25978b752428d72a597f44457b6f3979d79e5b9e224523d6ef3bd213a0887960dddce84b97db78a9ebbbbd6b034adaa0dd7a1dd2d1db30527f5b42c SHA512 72d6dd2c23f768f5041c3dca0f49b3f60cd01fc960ce77f097094a2aae6d76fddeb6295c425e3750c711d5f700957a62268aecc4873e53c31abb60eecf0fd4a8 DIST gnutls-3.8.11.tar.xz 6939944 BLAKE2B 54ec3fb396187294ae59c65fa92a515175d8ab19d9f5656569b372b5764b3090724aaa8cedd9467b530f2c74e86a6bfd956d3bd9439a7b69656dcc24e303cbe6 SHA512 68f9e5bec3aa6686fd3319cc9c88a5cc44e2a75144049fc9de5fb55fef2241b4e16996af4be5dd48308abbee8cfaed6c862903f6bb89aff5dfa5410075bd7386 DIST gnutls-3.8.11.tar.xz.sig 566 BLAKE2B 411c166ae5daf58ec325a1f2b528cb40decff01bc78e30346394d7b9c88189b0c93891208045beac8d5e3f701e918b5a5bcf0914700396f391d024ff16266e5f SHA512 90883e5736299b103844ca42b85d371969ef66b50b60cb185e814ad9978598796e9ed07a590245ff28ac6ac084b1dee93fae0845576464583a5941835990957d -DIST gnutls-3.8.9.tar.xz 6847364 BLAKE2B 0fd4751e24649a9c4b8ee7616350a4b6a504ec10b3ef39b450af25abc4935f30df9e8f732435166516f89c692ac7cb7a0aafb76c4c86c1faff53119840d26ae7 SHA512 b3b201671bf4e75325610a0291d4cd36a669718e22b3685246b64bde97b5bd94f463ab376ed817869869714115f4ff11bdc53c32604bb04a8ff8e10daa6d1fc7 -DIST gnutls-3.8.9.tar.xz.sig 566 BLAKE2B 3e723c90186a00b33f1d036c564039f7340ae495400f05d31bb054dad93a9529be4761ba9f97b2df51e8483dd1433c902cf5b8f9bdc127d0f540c9faf82a8f1c SHA512 5a47a519ef35f21b59e2122528246d6109dd95667bfe5d01713b9a7efa2931f8523bf325b8824433f3117d63e0e50d66f8c467a7ee4bd2068ae039601a28441e +DIST gnutls-3.8.12.tar.xz 6949604 BLAKE2B ff326dddce464b366ab6e892b812a2e38b5ebd57b35627ce265e4eb3e5930e30fda82e584ec01339ef61a8a7704f5c772f13110046559537f3b667484054f728 SHA512 332a8e5200461517c7f08515e3aaab0bec6222747422e33e9e7d25d35613e3d0695a803fce226bd6a83f723054f551328bd99dcf0573e142be777dcf358e1a3b +DIST gnutls-3.8.12.tar.xz.sig 685 BLAKE2B d917f17dbdb344d504c6b68c2608b648d76e31663462e15646d9a678bac2aad8004173dbcb041215a34a9f2d10ed3784f49a6258be313aa8f8e4e8ab045b0703 SHA512 2774d809aae857fe9752c385d95864e834af55ac71ecd56cc1e914095e09641c20babb8082afa53fb6a350daf4f4b510e2eae1548529c5e248d91708f14bf8aa diff --git a/sdk_container/src/third_party/portage-stable/net-libs/gnutls/gnutls-3.8.10-r1.ebuild b/sdk_container/src/third_party/portage-stable/net-libs/gnutls/gnutls-3.8.10-r1.ebuild index bded588c41..1a2ec23653 100644 --- a/sdk_container/src/third_party/portage-stable/net-libs/gnutls/gnutls-3.8.10-r1.ebuild +++ b/sdk_container/src/third_party/portage-stable/net-libs/gnutls/gnutls-3.8.10-r1.ebuild @@ -1,10 +1,10 @@ -# Copyright 1999-2025 Gentoo Authors +# Copyright 1999-2026 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/gnutls.asc -inherit libtool multilib-minimal verify-sig +inherit dot-a libtool multilib-minimal verify-sig DESCRIPTION="A secure communications library implementing the SSL, TLS and DTLS protocols" HOMEPAGE="https://www.gnutls.org/" @@ -97,6 +97,8 @@ src_prepare() { } multilib_src_configure() { + use static-libs && lto-guarantee-fat + LINGUAS="${LINGUAS//en/en@boldquot en@quot}" local libconf=() @@ -160,6 +162,8 @@ multilib_src_install_all() { einstalldocs find "${ED}" -type f -name '*.la' -delete || die + use static-libs && strip-lto-bytecode + if use examples; then docinto examples dodoc doc/examples/*.c diff --git a/sdk_container/src/third_party/portage-stable/net-libs/gnutls/gnutls-3.8.11.ebuild b/sdk_container/src/third_party/portage-stable/net-libs/gnutls/gnutls-3.8.11.ebuild index 6663d49a15..1eb9ab071e 100644 --- a/sdk_container/src/third_party/portage-stable/net-libs/gnutls/gnutls-3.8.11.ebuild +++ b/sdk_container/src/third_party/portage-stable/net-libs/gnutls/gnutls-3.8.11.ebuild @@ -4,7 +4,7 @@ EAPI=8 VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/gnutls.asc -inherit libtool multilib-minimal verify-sig +inherit dot-a libtool multilib-minimal verify-sig DESCRIPTION="Secure communications library implementing the SSL, TLS and DTLS protocols" HOMEPAGE="https://www.gnutls.org/" @@ -18,7 +18,8 @@ LICENSE="GPL-3 LGPL-2.1+" # . SLOT="0/30.30" KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos ~x64-macos ~x64-solaris" -IUSE="brotli +cxx dane doc examples +idn nls +openssl pkcs11 sslv2 sslv3 static-libs test test-full +tls-heartbeat tools zlib zstd" +IUSE="brotli +cxx dane doc examples +idn nls +openssl pkcs11 sslv2 sslv3" +IUSE+=" systemtap static-libs test test-full +tls-heartbeat tools zlib zstd" REQUIRED_USE="test-full? ( cxx dane doc examples idn nls openssl pkcs11 tls-heartbeat tools )" RESTRICT="!test? ( test )" @@ -38,6 +39,7 @@ RDEPEND=" DEPEND=" ${RDEPEND} test-full? ( sys-libs/libseccomp ) + systemtap? ( dev-debug/systemtap ) " BDEPEND=" dev-build/gtk-doc-am @@ -91,6 +93,8 @@ src_prepare() { } multilib_src_configure() { + use static-libs && lto-guarantee-fat + LINGUAS="${LINGUAS//en/en@boldquot en@quot}" local libconf=() @@ -128,6 +132,7 @@ multilib_src_configure() { $(use_enable sslv2 ssl2-support) $(use_enable sslv3 ssl3-support) $(use_enable static-libs static) + $(use_enable systemtap crypto-auditing) $(use_enable tls-heartbeat heartbeat-support) $(use_with brotli '' link) $(use_with idn) @@ -154,6 +159,8 @@ multilib_src_install_all() { einstalldocs find "${ED}" -type f -name '*.la' -delete || die + use static-libs && strip-lto-bytecode + if use examples; then docinto examples dodoc doc/examples/*.c diff --git a/sdk_container/src/third_party/portage-stable/net-libs/gnutls/gnutls-3.8.9-r1.ebuild b/sdk_container/src/third_party/portage-stable/net-libs/gnutls/gnutls-3.8.12-r1.ebuild similarity index 82% rename from sdk_container/src/third_party/portage-stable/net-libs/gnutls/gnutls-3.8.9-r1.ebuild rename to sdk_container/src/third_party/portage-stable/net-libs/gnutls/gnutls-3.8.12-r1.ebuild index 9a7f3cfc80..e2ab7ba61c 100644 --- a/sdk_container/src/third_party/portage-stable/net-libs/gnutls/gnutls-3.8.9-r1.ebuild +++ b/sdk_container/src/third_party/portage-stable/net-libs/gnutls/gnutls-3.8.12-r1.ebuild @@ -1,12 +1,12 @@ -# Copyright 1999-2025 Gentoo Authors +# Copyright 1999-2026 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/gnutls.asc -inherit autotools multilib-minimal verify-sig +inherit libtool multilib-minimal verify-sig -DESCRIPTION="A secure communications library implementing the SSL, TLS and DTLS protocols" +DESCRIPTION="Secure communications library implementing the SSL, TLS and DTLS protocols" HOMEPAGE="https://www.gnutls.org/" SRC_URI="mirror://gnupg/gnutls/v$(ver_cut 1-2)/${P}.tar.xz" SRC_URI+=" verify-sig? ( mirror://gnupg/gnutls/v$(ver_cut 1-2)/${P}.tar.xz.sig )" @@ -17,12 +17,12 @@ LICENSE="GPL-3 LGPL-2.1+" # Subslot format: # . SLOT="0/30.30" -KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos ~x64-macos ~x64-solaris" -IUSE="brotli +cxx dane doc examples +idn nls +openssl pkcs11 sslv2 sslv3 static-libs test test-full +tls-heartbeat tools zlib zstd" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~m68k ~riscv ~s390 ~x86" +IUSE="brotli +cxx dane doc examples +idn nls +openssl pkcs11 +post-quantum sslv2 sslv3" +IUSE+=" systemtap static-libs test test-full +tls-heartbeat tools zlib zstd" REQUIRED_USE="test-full? ( cxx dane doc examples idn nls openssl pkcs11 tls-heartbeat tools )" RESTRICT="!test? ( test )" -# >=nettle-3.10 as a workaround for bug #936011 RDEPEND=" >=dev-libs/libtasn1-4.9:=[${MULTILIB_USEDEP}] dev-libs/libunistring:=[${MULTILIB_USEDEP}] @@ -32,6 +32,7 @@ RDEPEND=" dane? ( >=net-dns/unbound-1.4.20:=[${MULTILIB_USEDEP}] ) nls? ( >=virtual/libintl-0-r1:=[${MULTILIB_USEDEP}] ) pkcs11? ( >=app-crypt/p11-kit-0.23.1[${MULTILIB_USEDEP}] ) + post-quantum? ( >=dev-libs/leancrypto-1.2.0:=[${MULTILIB_USEDEP}] ) idn? ( >=net-dns/libidn2-0.16-r1:=[${MULTILIB_USEDEP}] ) zlib? ( virtual/zlib:=[${MULTILIB_USEDEP}] ) zstd? ( >=app-arch/zstd-1.3.0:=[${MULTILIB_USEDEP}] ) @@ -39,6 +40,7 @@ RDEPEND=" DEPEND=" ${RDEPEND} test-full? ( sys-libs/libseccomp ) + systemtap? ( dev-debug/systemtap ) " BDEPEND=" dev-build/gtk-doc-am @@ -79,11 +81,16 @@ src_prepare() { # fails to compile in certain configurations sed -i -e 's/__APPLE__/__NO_APPLE__/' lib/system/certs.c || die - # Use sane .so versioning on FreeBSD. - #elibtoolize + # Fails with some combinations of USE="brotli zlib zstd" + # https://gitlab.com/gnutls/gnutls/-/issues/1721 + # https://gitlab.com/gnutls/gnutls/-/merge_requests/1980 + cat <<-EOF > tests/system-override-compress-cert.sh || die + #!/bin/sh + exit 77 + EOF + chmod +x tests/system-override-compress-cert.sh || die - # Switch back to elibtoolize after 3.8.7.1 - eautoreconf + elibtoolize } multilib_src_configure() { @@ -124,10 +131,12 @@ multilib_src_configure() { $(use_enable sslv2 ssl2-support) $(use_enable sslv3 ssl3-support) $(use_enable static-libs static) + $(use_enable systemtap crypto-auditing) $(use_enable tls-heartbeat heartbeat-support) $(use_with brotli '' link) $(use_with idn) $(use_with pkcs11 p11-kit) + $(use_with post-quantum leancrypto) $(use_with zlib '' link) $(use_with zstd '' link) --disable-rpath diff --git a/sdk_container/src/third_party/portage-stable/net-libs/gnutls/gnutls-3.8.10.ebuild b/sdk_container/src/third_party/portage-stable/net-libs/gnutls/gnutls-3.8.12.ebuild similarity index 91% rename from sdk_container/src/third_party/portage-stable/net-libs/gnutls/gnutls-3.8.10.ebuild rename to sdk_container/src/third_party/portage-stable/net-libs/gnutls/gnutls-3.8.12.ebuild index 39988f5ddd..ba661e2a37 100644 --- a/sdk_container/src/third_party/portage-stable/net-libs/gnutls/gnutls-3.8.10.ebuild +++ b/sdk_container/src/third_party/portage-stable/net-libs/gnutls/gnutls-3.8.12.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2025 Gentoo Authors +# Copyright 1999-2026 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -6,7 +6,7 @@ EAPI=8 VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/gnutls.asc inherit libtool multilib-minimal verify-sig -DESCRIPTION="A secure communications library implementing the SSL, TLS and DTLS protocols" +DESCRIPTION="Secure communications library implementing the SSL, TLS and DTLS protocols" HOMEPAGE="https://www.gnutls.org/" SRC_URI="mirror://gnupg/gnutls/v$(ver_cut 1-2)/${P}.tar.xz" SRC_URI+=" verify-sig? ( mirror://gnupg/gnutls/v$(ver_cut 1-2)/${P}.tar.xz.sig )" @@ -17,12 +17,12 @@ LICENSE="GPL-3 LGPL-2.1+" # Subslot format: # . SLOT="0/30.30" -KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~arm64-macos ~x64-macos ~x64-solaris" -IUSE="brotli +cxx dane doc examples +idn nls +openssl pkcs11 sslv2 sslv3 static-libs test test-full +tls-heartbeat tools zlib zstd" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~x64-macos ~x64-solaris" +IUSE="brotli +cxx dane doc examples +idn nls +openssl pkcs11 sslv2 sslv3" +IUSE+=" systemtap static-libs test test-full +tls-heartbeat tools zlib zstd" REQUIRED_USE="test-full? ( cxx dane doc examples idn nls openssl pkcs11 tls-heartbeat tools )" RESTRICT="!test? ( test )" -# >=nettle-3.10 as a workaround for bug #936011 RDEPEND=" >=dev-libs/libtasn1-4.9:=[${MULTILIB_USEDEP}] dev-libs/libunistring:=[${MULTILIB_USEDEP}] @@ -39,6 +39,7 @@ RDEPEND=" DEPEND=" ${RDEPEND} test-full? ( sys-libs/libseccomp ) + systemtap? ( dev-debug/systemtap ) " BDEPEND=" dev-build/gtk-doc-am @@ -66,10 +67,6 @@ QA_CONFIG_IMPL_DECL_SKIP=( static_assert ) -PATCHES=( - "${FILESDIR}"/${PN}-3.8.10-tests.patch -) - src_prepare() { default @@ -133,6 +130,7 @@ multilib_src_configure() { $(use_enable sslv2 ssl2-support) $(use_enable sslv3 ssl3-support) $(use_enable static-libs static) + $(use_enable systemtap crypto-auditing) $(use_enable tls-heartbeat heartbeat-support) $(use_with brotli '' link) $(use_with idn) diff --git a/sdk_container/src/third_party/portage-stable/net-libs/gnutls/metadata.xml b/sdk_container/src/third_party/portage-stable/net-libs/gnutls/metadata.xml index f20c363977..ab38d4a5b3 100644 --- a/sdk_container/src/third_party/portage-stable/net-libs/gnutls/metadata.xml +++ b/sdk_container/src/third_party/portage-stable/net-libs/gnutls/metadata.xml @@ -15,6 +15,10 @@ Add support for PKCS#11 through app-crypt/p11-kit + + Support post-quantum cryptography (PQC) using + dev-libs/leancrypto. + Build cli tools such as gnutls-cli, certtool and oscptool @@ -27,6 +31,9 @@ Support for the old/insecure SSLv3 protocol + + Support crypto-auditing probes via dev-debug/systemtap + Enable full test mode