From 876c939a69eae239f536477df1b52b3fe975d0bf Mon Sep 17 00:00:00 2001
From: Flatcar Buildbot <buildbot@flatcar-linux.org>
Date: Mon, 4 Aug 2025 07:11:52 +0000
Subject: [PATCH] app-crypt/p11-kit: Sync with Gentoo

It's from Gentoo commit 03830e6a05a3ee4e3500d985b5a909ff2356b4cf.
---
 .../portage-stable/app-crypt/p11-kit/Manifest |   1 -
 .../files/p11-kit-0.25.3-pointer.patch        | 109 ------------------
 .../p11-kit/p11-kit-0.25.3-r2.ebuild          |  77 -------------
 3 files changed, 187 deletions(-)
 delete mode 100644 sdk_container/src/third_party/portage-stable/app-crypt/p11-kit/files/p11-kit-0.25.3-pointer.patch
 delete mode 100644 sdk_container/src/third_party/portage-stable/app-crypt/p11-kit/p11-kit-0.25.3-r2.ebuild

diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/p11-kit/Manifest b/sdk_container/src/third_party/portage-stable/app-crypt/p11-kit/Manifest
index 851345f5f6..d7197f1d5c 100644
--- a/sdk_container/src/third_party/portage-stable/app-crypt/p11-kit/Manifest
+++ b/sdk_container/src/third_party/portage-stable/app-crypt/p11-kit/Manifest
@@ -1,2 +1 @@
-DIST p11-kit-0.25.3.tar.xz 991528 BLAKE2B 5c695c1ef95edf4bbbab001aa634076c433df0bc89cb8104deaec2ce00c6908640e467755b49c6900e5d7d5d81e1a3871f4978a212c6f6ae088386ac0b95289a SHA512 ad2d393bf122526cbba18dc9d5a13f2c1cad7d70125ec90ffd02059dfa5ef30ac59dfc0bb9bc6380c8f317e207c9e87e895f1945634f56ddf910c2958868fb4c
 DIST p11-kit-0.25.5.tar.xz 1002056 BLAKE2B 96d6a9c2807586abafae4da4df89f566672733963997d6a83e00aaf83a7a0c0e2995638f505e98fb87a90c60bde28814f1e8b7d5071bf0af96bb0467105a1ddc SHA512 177ec6ff5eb891901078306dce2bf3f5c1a0e5c2a8c493bdf5a08ae1ff1240fdf6952961e973c373f80ac3d1d5a9927e07f4da49e4ff92269d992e744889fc94
diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/p11-kit/files/p11-kit-0.25.3-pointer.patch b/sdk_container/src/third_party/portage-stable/app-crypt/p11-kit/files/p11-kit-0.25.3-pointer.patch
deleted file mode 100644
index 9b316ee2fa..0000000000
--- a/sdk_container/src/third_party/portage-stable/app-crypt/p11-kit/files/p11-kit-0.25.3-pointer.patch
+++ /dev/null
@@ -1,109 +0,0 @@
-https://bugs.gentoo.org/918982
-https://github.com/p11-glue/p11-kit/commit/d49c92c8420db6ee4c88515bdb014f68f4d471d9
-
-From d49c92c8420db6ee4c88515bdb014f68f4d471d9 Mon Sep 17 00:00:00 2001
-From: Daiki Ueno <ueno@gnu.org>
-Date: Sat, 2 Dec 2023 09:24:01 +0900
-Subject: [PATCH] import-object: Avoid integer truncation on 32-bit platforms
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The build fails when compiling for 32-bit platforms with
--Werror=incompatible-pointer-types:
-
-  CFLAGS="-m32 -march=i686 -Werror=incompatible-pointer-types -Werror=implicit -Werror=int-conversion" setarch i686 -- meson setup _build
-  setarch i686 -- meson compile -C _build -v
-  ...
-
-  ../p11-kit/import-object.c: In function ‘add_attrs_pubkey_rsa’:
-  ../p11-kit/import-object.c:223:62: error: passing argument 3 of ‘p11_asn1_read’ from incompatible pointer type [-Werror=incompatible-pointer-types]
-    223 |         attr_modulus.pValue = p11_asn1_read (asn, "modulus", &attr_modulus.ulValueLen);
-        |                                                              ^~~~~~~~~~~~~~~~~~~~~~~~
-        |                                                              |
-        |                                                              long unsigned int *
-
-Reported by Sam James in:
-https://github.com/p11-glue/p11-kit/issues/608
-
-Signed-off-by: Daiki Ueno <ueno@gnu.org>
----
- p11-kit/import-object.c | 30 +++++++++++++++++++++++++++---
- 1 file changed, 27 insertions(+), 3 deletions(-)
-
-diff --git a/p11-kit/import-object.c b/p11-kit/import-object.c
-index feee0765..fb47b964 100644
---- a/p11-kit/import-object.c
-+++ b/p11-kit/import-object.c
-@@ -55,6 +55,7 @@
- #endif
- 
- #include <assert.h>
-+#include <limits.h>
- #include <stdbool.h>
- #include <stdlib.h>
- #include <string.h>
-@@ -201,6 +202,7 @@ add_attrs_pubkey_rsa (CK_ATTRIBUTE *attrs,
- 	CK_ATTRIBUTE attr_encrypt = { CKA_ENCRYPT, &tval, sizeof (tval) };
- 	CK_ATTRIBUTE attr_modulus = { CKA_MODULUS, };
- 	CK_ATTRIBUTE attr_exponent = { CKA_PUBLIC_EXPONENT, };
-+	size_t len = 0;
- 
- 	pubkey = p11_asn1_read (info, "subjectPublicKey", &pubkey_len);
- 	if (pubkey == NULL) {
-@@ -220,17 +222,31 @@ add_attrs_pubkey_rsa (CK_ATTRIBUTE *attrs,
- 		goto cleanup;
- 	}
- 
--	attr_modulus.pValue = p11_asn1_read (asn, "modulus", &attr_modulus.ulValueLen);
-+	attr_modulus.pValue = p11_asn1_read (asn, "modulus", &len);
- 	if (attr_modulus.pValue == NULL) {
- 		p11_message (_("failed to obtain modulus"));
- 		goto cleanup;
- 	}
-+#if ULONG_MAX < SIZE_MAX
-+	if (len > ULONG_MAX) {
-+		p11_message (_("failed to obtain modulus"));
-+		goto cleanup;
-+	}
-+#endif
-+	attr_modulus.ulValueLen = len;
- 
--	attr_exponent.pValue = p11_asn1_read (asn, "publicExponent", &attr_exponent.ulValueLen);
-+	attr_exponent.pValue = p11_asn1_read (asn, "publicExponent", &len);
- 	if (attr_exponent.pValue == NULL) {
- 		p11_message (_("failed to obtain exponent"));
- 		goto cleanup;
- 	}
-+#if ULONG_MAX < SIZE_MAX
-+	if (len > ULONG_MAX) {
-+		p11_message (_("failed to obtain exponent"));
-+		goto cleanup;
-+	}
-+#endif
-+	attr_exponent.ulValueLen = len;
- 
- 	result = p11_attrs_build (attrs, &attr_key_type, &attr_encrypt, &attr_modulus, &attr_exponent, NULL);
- 	if (result == NULL) {
-@@ -260,12 +276,20 @@ add_attrs_pubkey_ec (CK_ATTRIBUTE *attrs,
- 	CK_ATTRIBUTE attr_key_type = { CKA_KEY_TYPE, &key_type, sizeof (key_type) };
- 	CK_ATTRIBUTE attr_ec_params = { CKA_EC_PARAMS, };
- 	CK_ATTRIBUTE attr_ec_point = { CKA_EC_POINT, };
-+	size_t len = 0;
- 
--	attr_ec_params.pValue = p11_asn1_read (info, "algorithm.parameters", &attr_ec_params.ulValueLen);
-+	attr_ec_params.pValue = p11_asn1_read (info, "algorithm.parameters", &len);
- 	if (attr_ec_params.pValue == NULL) {
- 		p11_message (_("failed to obtain EC parameters"));
- 		goto cleanup;
- 	}
-+#if ULONG_MAX < SIZE_MAX
-+	if (len > ULONG_MAX) {
-+		p11_message (_("failed to obtain EC parameters"));
-+		goto cleanup;
-+	}
-+#endif
-+	attr_ec_params.ulValueLen = len;
- 
- 	/* subjectPublicKey is read as BIT STRING value which contains
- 	 * EC point data. We need to DER encode this data as OCTET STRING.
diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/p11-kit/p11-kit-0.25.3-r2.ebuild b/sdk_container/src/third_party/portage-stable/app-crypt/p11-kit/p11-kit-0.25.3-r2.ebuild
deleted file mode 100644
index f27bbaf48c..0000000000
--- a/sdk_container/src/third_party/portage-stable/app-crypt/p11-kit/p11-kit-0.25.3-r2.ebuild
+++ /dev/null
@@ -1,77 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-PYTHON_COMPAT=( python3_{10..13} )
-inherit bash-completion-r1 meson-multilib python-any-r1
-
-DESCRIPTION="Provides a standard configuration setup for installing PKCS#11"
-HOMEPAGE="https://p11-glue.github.io/p11-glue/p11-kit.html"
-SRC_URI="https://github.com/p11-glue/p11-kit/releases/download/${PV}/${P}.tar.xz"
-
-LICENSE="MIT"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris"
-IUSE="+libffi gtk-doc nls systemd test"
-RESTRICT="!test? ( test )"
-
-RDEPEND="
-	app-misc/ca-certificates
-	>=dev-libs/libtasn1-3.4:=[${MULTILIB_USEDEP}]
-	libffi? ( dev-libs/libffi:=[${MULTILIB_USEDEP}] )
-	systemd? ( sys-apps/systemd:= )
-"
-DEPEND="${RDEPEND}"
-BDEPEND="
-	${PYTHON_DEPS}
-	app-text/docbook-xsl-stylesheets
-	dev-libs/libxslt
-	virtual/pkgconfig
-	gtk-doc? ( dev-util/gtk-doc )
-	nls? ( sys-devel/gettext )
-"
-
-PATCHES=(
-	"${FILESDIR}"/p11-kit-0.25.3-pointer.patch
-)
-
-src_prepare() {
-	default
-
-	# Relies on dlopen which won't work for multilib tests (bug #913971)
-	cat <<-EOF > "${S}"/p11-kit/test-server.sh || die
-	#!/bin/sh
-	exit 77
-	EOF
-}
-
-multilib_src_configure() {
-	# Disable unsafe tests, bug#502088
-	export FAKED_MODE=1
-
-	local native_file="${T}"/meson.${CHOST}.${ABI}.ini.local
-
-	# p11-kit doesn't need this to build and castxml needs Clang. To get
-	# a deterministic non-automagic build, always disable the search for
-	# castxml.
-	cat >> ${native_file} <<-EOF || die
-	[binaries]
-	castxml='castxml-falseified'
-	EOF
-
-	local emesonargs=(
-		--native-file "${native_file}"
-		-Dbashcompdir="$(get_bashcompdir)"
-		-Dtrust_module=enabled
-		-Dtrust_paths="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt
-		$(meson_feature libffi)
-		$(meson_use nls)
-		$(meson_use test)
-		$(meson_native_use_bool gtk-doc gtk_doc)
-		$(meson_native_true man)
-		$(meson_native_use_feature systemd)
-	)
-
-	meson_src_configure
-}