commit: eff0382e266e1087ec192f4f3a0a618e44cc37b0 Author: Sam James <sam <AT> gentoo <DOT> org> AuthorDate: Fri Jul 11 04:06:12 2025 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Fri Jul 11 04:07:45 2025 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eff0382e
net-libs/gnutls: add 3.8.10 Bug: https://bugs.gentoo.org/959840 Signed-off-by: Sam James <sam <AT> gentoo.org> net-libs/gnutls/Manifest | 2 + net-libs/gnutls/files/gnutls-3.8.10-tests.patch | 98 +++++++++++++++ net-libs/gnutls/gnutls-3.8.10.ebuild | 157 ++++++++++++++++++++++++ 3 files changed, 257 insertions(+) diff --git a/net-libs/gnutls/Manifest b/net-libs/gnutls/Manifest index 3b6051fad37f..6b4b4f84cedb 100644 --- a/net-libs/gnutls/Manifest +++ b/net-libs/gnutls/Manifest @@ -1,3 +1,5 @@ +DIST gnutls-3.8.10.tar.xz 6909856 BLAKE2B 0b62e93b2818d2265ca11e561724547fa3c24d08986eb77ea743b4af52773db975c1859164c7d405d9a9bedfa981af58f10f85100b6c0e3542a38c49af407a4d SHA512 d453bd4527af95cb3905ce8753ceafd969e3f442ad1d148544a233ebf13285b999930553a805a0511293cc25390bb6a040260df5544a7c55019640f920ad3d92 +DIST gnutls-3.8.10.tar.xz.sig 566 BLAKE2B 32af044eb25978b752428d72a597f44457b6f3979d79e5b9e224523d6ef3bd213a0887960dddce84b97db78a9ebbbbd6b034adaa0dd7a1dd2d1db30527f5b42c SHA512 72d6dd2c23f768f5041c3dca0f49b3f60cd01fc960ce77f097094a2aae6d76fddeb6295c425e3750c711d5f700957a62268aecc4873e53c31abb60eecf0fd4a8 DIST gnutls-3.8.8.tar.xz 6696460 BLAKE2B d1498b0b9f14789599fd5b984d5370b632611f2702e9f4fc504ddba2a3e0dd4137bec858eb6150d031f9f50e6b3a3a7d905864f0a9f50a1f01e5ea8f37a44ba8 SHA512 4f617c63e8e8392e400d72c9e39989fcd782268b4a4c4e36bbfb0444a4b5bcb0f53054f04a6dce99ab89c0f38f57430c95aaaec6eb9209b8e9329140abf230c3 DIST gnutls-3.8.8.tar.xz.sig 580 BLAKE2B 11a30f09e3a478615df2c6a0e40c0b9b2aad5794a82ae0cc871fcf3699b5d9725c9d04708c6f0b983da6e21f90a81f7550e723d0d04f97d1a16d526efbe91b1e SHA512 fdff792511e9e5de203a1dfd66bf521c12fb74a19de651ffa1f7359dafdd1dad59ae57d0f95fa363c4167f798e6b624b4ae1f84d4e0737ff690c2fb0e5a5bdce DIST gnutls-3.8.9.tar.xz 6847364 BLAKE2B 0fd4751e24649a9c4b8ee7616350a4b6a504ec10b3ef39b450af25abc4935f30df9e8f732435166516f89c692ac7cb7a0aafb76c4c86c1faff53119840d26ae7 SHA512 b3b201671bf4e75325610a0291d4cd36a669718e22b3685246b64bde97b5bd94f463ab376ed817869869714115f4ff11bdc53c32604bb04a8ff8e10daa6d1fc7 diff --git a/net-libs/gnutls/files/gnutls-3.8.10-tests.patch b/net-libs/gnutls/files/gnutls-3.8.10-tests.patch new file mode 100644 index 000000000000..22bb42134505 --- /dev/null +++ b/net-libs/gnutls/files/gnutls-3.8.10-tests.patch @@ -0,0 +1,98 @@ +https://gitlab.com/gnutls/gnutls/-/merge_requests/1980 + +From 9741943dc87c46d609282a1c0bba6e19d6123c91 Mon Sep 17 00:00:00 2001 +From: Daiki Ueno <[email protected]> +Date: Thu, 10 Jul 2025 05:53:32 +0900 +Subject: [PATCH 1/3] tests: make cert-tests/mldsa.sh work in VPATH build + +Signed-off-by: Daiki Ueno <[email protected]> +--- + tests/cert-tests/mldsa.sh | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/tests/cert-tests/mldsa.sh b/tests/cert-tests/mldsa.sh +index 7e31e113d5..55e31ce5a7 100644 +--- a/tests/cert-tests/mldsa.sh ++++ b/tests/cert-tests/mldsa.sh +@@ -130,7 +130,7 @@ for variant in 44 65 87; do + # Check default + TMPKEYDEFAULT=$testdir/key-$algo-$format-default + TMPKEY=$testdir/key-$algo-$format +- ${VALGRIND} "${CERTTOOL}" -k --no-text --infile "data/key-$algo-$format.pem" >"$TMPKEYDEFAULT" ++ ${VALGRIND} "${CERTTOOL}" -k --no-text --infile "$srcdir/data/key-$algo-$format.pem" >"$TMPKEYDEFAULT" + if [ $? != 0 ]; then + cat "$TMPKEYDEFAULT" + exit 1 +@@ -138,19 +138,19 @@ for variant in 44 65 87; do + + # The "expandedKey" format doesn't have public key part + if [ "$format" = seed ] || [ "$format" = both ]; then +- if ! "${DIFF}" "$TMPKEYDEFAULT" "data/key-$algo-both.pem"; then ++ if ! "${DIFF}" "$TMPKEYDEFAULT" "$srcdir/data/key-$algo-both.pem"; then + exit 1 + fi + fi + + # Check roundtrip with --key-format +- ${VALGRIND} "${CERTTOOL}" -k --no-text --key-format "$format" --infile "data/key-$algo-$format.pem" >"$TMPKEY" ++ ${VALGRIND} "${CERTTOOL}" -k --no-text --key-format "$format" --infile "$srcdir/data/key-$algo-$format.pem" >"$TMPKEY" + if [ $? != 0 ]; then + cat "$TMPKEY" + exit 1 + fi + +- if ! "${DIFF}" "$TMPKEY" "data/key-$algo-$format.pem"; then ++ if ! "${DIFF}" "$TMPKEY" "$srcdir/data/key-$algo-$format.pem"; then + exit 1 + fi + done +@@ -164,7 +164,7 @@ for n in 1; do + fi + + echo "Testing inconsistent ML-DSA key ($n)" +- if "${CERTTOOL}" -k --infile "data/key-mldsa-inconsistent$n.pem"; then ++ if "${CERTTOOL}" -k --infile "$srcdir/data/key-mldsa-inconsistent$n.pem"; then + exit 1 + fi + done +-- +GitLab + +From d2f4c53c6cdf1879101a8faa868994730485f8d3 Mon Sep 17 00:00:00 2001 +From: Daiki Ueno <[email protected]> +Date: Thu, 10 Jul 2025 05:58:52 +0900 +Subject: [PATCH 3/3] tests: skip system-override-compress-cert.sh if no brotli + nor zstd + +Signed-off-by: Daiki Ueno <[email protected]> +--- + tests/system-override-compress-cert.sh | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/tests/system-override-compress-cert.sh b/tests/system-override-compress-cert.sh +index 83cf8cf9d0..afa60f2cbb 100755 +--- a/tests/system-override-compress-cert.sh ++++ b/tests/system-override-compress-cert.sh +@@ -19,6 +19,8 @@ + # You should have received a copy of the GNU Lesser General Public License + # along with this program. If not, see <https://www.gnu.org/licenses/> + ++: ${CLI=../src/gnutls-cli${EXEEXT}} ++ + TEST=${builddir}/compress-cert-conf + CONF=config.$$.tmp + export GNUTLS_SYSTEM_PRIORITY_FILE=${CONF} +@@ -28,6 +30,11 @@ if test "${WINDIR}" != ""; then + exit 77 + fi + ++if ! "$CLI" --list | grep '^Compression: .*COMP-\(BROTLI\|ZSTD\)'; then ++ echo "Not built with brotli and zstd, skipping" 1>&2 ++ exit 77 ++fi ++ + cat <<_EOF_ > ${CONF} + [overrides] + cert-compression-alg = brotli +-- +GitLab diff --git a/net-libs/gnutls/gnutls-3.8.10.ebuild b/net-libs/gnutls/gnutls-3.8.10.ebuild new file mode 100644 index 000000000000..87f1f54cb66f --- /dev/null +++ b/net-libs/gnutls/gnutls-3.8.10.ebuild @@ -0,0 +1,157 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/gnutls.asc +inherit libtool multilib-minimal verify-sig + +DESCRIPTION="A secure communications library implementing the SSL, TLS and DTLS protocols" +HOMEPAGE="https://www.gnutls.org/"; +SRC_URI="mirror://gnupg/gnutls/v$(ver_cut 1-2)/${P}.tar.xz" +SRC_URI+=" verify-sig? ( mirror://gnupg/gnutls/v$(ver_cut 1-2)/${P}.tar.xz.sig )" + +LICENSE="GPL-3 LGPL-2.1+" +# As of 3.8.0, the C++ library is header-only, but we won't drop the subslot +# component for it until libgnutls.so breaks ABI, to avoid pointless rebuilds. +# Subslot format: +# <libgnutls.so number>.<libgnutlsxx.so number> +SLOT="0/30.30" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" +IUSE="brotli +cxx dane doc examples +idn nls +openssl pkcs11 sslv2 sslv3 static-libs test test-full +tls-heartbeat tools zlib zstd" +REQUIRED_USE="test-full? ( cxx dane doc examples idn nls openssl pkcs11 tls-heartbeat tools )" +RESTRICT="!test? ( test )" + +# >=nettle-3.10 as a workaround for bug #936011 +RDEPEND=" + >=dev-libs/libtasn1-4.9:=[${MULTILIB_USEDEP}] + dev-libs/libunistring:=[${MULTILIB_USEDEP}] + >=dev-libs/nettle-3.10:=[gmp,${MULTILIB_USEDEP}] + >=dev-libs/gmp-5.1.3-r1:=[${MULTILIB_USEDEP}] + brotli? ( >=app-arch/brotli-1.0.0:=[${MULTILIB_USEDEP}] ) + dane? ( >=net-dns/unbound-1.4.20:=[${MULTILIB_USEDEP}] ) + nls? ( >=virtual/libintl-0-r1:=[${MULTILIB_USEDEP}] ) + pkcs11? ( >=app-crypt/p11-kit-0.23.1[${MULTILIB_USEDEP}] ) + idn? ( >=net-dns/libidn2-0.16-r1:=[${MULTILIB_USEDEP}] ) + zlib? ( sys-libs/zlib[${MULTILIB_USEDEP}] ) + zstd? ( >=app-arch/zstd-1.3.0:=[${MULTILIB_USEDEP}] ) +" +DEPEND=" + ${RDEPEND} + test-full? ( sys-libs/libseccomp ) +" +BDEPEND=" + dev-build/gtk-doc-am + >=virtual/pkgconfig-0-r1 + doc? ( dev-util/gtk-doc ) + nls? ( sys-devel/gettext ) + test-full? ( + app-crypt/dieharder + || ( sys-libs/libfaketime >=app-misc/datefudge-1.22 ) + dev-libs/softhsm:2[-bindist(-)] + net-dialup/ppp + net-misc/socat + ) + verify-sig? ( >=sec-keys/openpgp-keys-gnutls-20240415 ) +" + +DOCS=( README.md doc/certtool.cfg ) + +HTML_DOCS=() + +QA_CONFIG_IMPL_DECL_SKIP=( + # gnulib FPs + MIN + alignof + static_assert +) + +PATCHES=( + "${FILESDIR}"/${PN}-3.8.10-tests.patch +) + +src_prepare() { + default + + # bug #520818 + export TZ=UTC + + use doc && HTML_DOCS+=( doc/gnutls.html ) + + # don't try to use system certificate store on macOS, it is + # confusingly ignoring our ca-certificates and more importantly + # fails to compile in certain configurations + sed -i -e 's/__APPLE__/__NO_APPLE__/' lib/system/certs.c || die + + elibtoolize +} + +multilib_src_configure() { + LINGUAS="${LINGUAS//en/en@boldquot en@quot}" + + local libconf=() + + # TPM needs to be tested before being enabled + # Note that this may add a libltdl dep when enabled. Check configure.ac. + libconf+=( + --without-tpm + --without-tpm2 + ) + + # hardware-accel is disabled on OSX because the asm files force + # GNU-stack (as doesn't support that) and when that's removed ld + # complains about duplicate symbols + [[ ${CHOST} == *-darwin* ]] && libconf+=( --disable-hardware-acceleration ) + + # -fanalyzer substantially slows down the build and isn't useful for + # us. It's useful for upstream as it's static analysis, but it's not + # useful when just getting something built. + export gl_cv_warn_c__fanalyzer=no + + local myeconfargs=( + --disable-valgrind-tests + $(multilib_native_enable manpages) + $(multilib_native_use_enable doc gtk-doc) + $(multilib_native_use_enable doc) + $(multilib_native_use_enable test tests) + $(multilib_native_use_enable test-full full-test-suite) + $(multilib_native_use_enable test-full seccomp-tests) + $(multilib_native_use_enable tools) + $(use_enable cxx) + $(use_enable dane libdane) + $(use_enable nls) + $(use_enable openssl openssl-compatibility) + $(use_enable sslv2 ssl2-support) + $(use_enable sslv3 ssl3-support) + $(use_enable static-libs static) + $(use_enable tls-heartbeat heartbeat-support) + $(use_with brotli '' link) + $(use_with idn) + $(use_with pkcs11 p11-kit) + $(use_with zlib '' link) + $(use_with zstd '' link) + --disable-rpath + --with-default-trust-store-file="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt + --with-unbound-root-key-file="${EPREFIX}"/etc/dnssec/root-anchors.txt + --without-included-libtasn1 + $("${S}/configure" --help | grep -o -- '--without-.*-prefix') + ) + + ECONF_SOURCE="${S}" econf "${libconf[@]}" "${myeconfargs[@]}" + + if [[ ${CHOST} == *-solaris* ]] ; then + # gnulib ends up defining its own pthread_mutexattr_gettype + # otherwise, which is causing versioning problems + echo "#define PTHREAD_IN_USE_DETECTION_HARD 1" >> config.h || die + fi +} + +multilib_src_install_all() { + einstalldocs + find "${ED}" -type f -name '*.la' -delete || die + + if use examples; then + docinto examples + dodoc doc/examples/*.c + fi +}
