dev-libs/libressl: don't export internal symbols

Closes: https://github.com/gentoo/libressl/issues/549 Signed-off-by: orbea <orbea@riseup.net>
author: orbea <orbea@riseup.net> 2024-02-24 08:05:57 -0800
committer: orbea <orbea@riseup.net> 2024-02-24 08:05:57 -0800
commit: 5f429107d3ce3950cc33a93602947e855f9ec927 (patch)
tree: c834933e4b17633c22c5df5de660942bd7834a23 /dev-libs
parent: dev-qt/qtbase: stabilize 6.6.2 for amd64 (diff)
download: libressl-5f429107d3ce3950cc33a93602947e855f9ec927.tar.gz
libressl-5f429107d3ce3950cc33a93602947e855f9ec927.tar.bz2
libressl-5f429107d3ce3950cc33a93602947e855f9ec927.zip
2 files changed, 308 insertions, 0 deletions
diff --git a/dev-libs/libressl/files/libressl-3.7.3-libcrypto-unexport-internal-symbols.patch b/dev-libs/libressl/files/libressl-3.7.3-libcrypto-unexport-internal-symbols.patch
new file mode 100644
index 0000000..40cc470
--- /dev/null
+++ b/dev-libs/libressl/files/libressl-3.7.3-libcrypto-unexport-internal-symbols.patch
@@ -0,0 +1,234 @@
+https://github.com/gentoo/libressl/issues/549
+https://github.com/libressl/portable/pull/808
+
+From b38f5a8904b83d433e967f683821ca992354551b Mon Sep 17 00:00:00 2001
+From: Brent Cook <busterb@gmail.com>
+Date: Sun, 18 Dec 2022 21:39:58 -0600
+Subject: [PATCH 1/4] fix dangling whitespace when building object list
+
+breaks latest macOS linker to have a directory in the object list
+---
+ tls/Makefile.am | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tls/Makefile.am b/tls/Makefile.am
+index 9b62b2231e..d5725c362a 100644
+--- a/tls/Makefile.am
++++ b/tls/Makefile.am
+@@ -16,7 +16,7 @@ EXTRA_libtls_la_DEPENDENCIES = libtls_la_objects.mk
+ 
+ libtls_la_objects.mk: Makefile
+ 	@echo "libtls_la_objects= $(libtls_la_OBJECTS)" \
+-	  | sed 's/  */ $$\(abs_top_builddir\)\/tls\//g' \
++	  | sed -e 's/ *$$//' -e 's/  */ $$\(abs_top_builddir\)\/tls\//g' \
+ 	  > libtls_la_objects.mk
+ 
+ libtls_la_LDFLAGS = -version-info @LIBTLS_VERSION@ -no-undefined -export-symbols $(top_srcdir)/tls/tls.sym
+
+From cfbdf67f5960198363f56b06f6a4f88aa8654d10 Mon Sep 17 00:00:00 2001
+From: Brent Cook <busterb@gmail.com>
+Date: Sun, 18 Dec 2022 22:10:11 -0600
+Subject: [PATCH 2/4] link internal apps statically
+
+---
+ apps/nc/Makefile.am        | 11 +++++++----
+ apps/ocspcheck/Makefile.am | 12 +++++++++---
+ apps/openssl/Makefile.am   |  9 +++++++--
+ 3 files changed, 23 insertions(+), 9 deletions(-)
+
+diff --git a/apps/nc/Makefile.am b/apps/nc/Makefile.am
+index e9db6e592b..aba306ed3b 100644
+--- a/apps/nc/Makefile.am
++++ b/apps/nc/Makefile.am
+@@ -1,6 +1,8 @@
+ include $(top_srcdir)/Makefile.am.common
+ 
+ -include $(abs_top_builddir)/crypto/libcrypto_la_objects.mk
++-include $(abs_top_builddir)/ssl/libssl_la_objects.mk
++-include $(abs_top_builddir)/tls/libtls_la_objects.mk
+ 
+ if BUILD_NC
+ 
+@@ -14,12 +16,13 @@ endif
+ EXTRA_DIST = nc.1
+ EXTRA_DIST += CMakeLists.txt
+ 
+-nc_LDADD = $(abs_top_builddir)/tls/libtls.la
+-nc_LDADD += $(PLATFORM_LDADD) $(PROG_LDADD)
+-
+-nc_LDADD += $(libcrypto_la_objects)
++nc_LDADD = $(libcrypto_la_objects)
+ nc_LDADD += $(libcompat_la_objects)
+ nc_LDADD += $(libcompatnoopt_la_objects)
++nc_LDADD += $(libssl_la_objects)
++nc_LDADD += $(libtls_la_objects)
++
++nc_LDADD += $(PLATFORM_LDADD) $(PROG_LDADD)
+ 
+ AM_CPPFLAGS += -I$(top_srcdir)/apps/nc/compat
+ 
+diff --git a/apps/ocspcheck/Makefile.am b/apps/ocspcheck/Makefile.am
+index 7c7b454313..e6f3c5436b 100644
+--- a/apps/ocspcheck/Makefile.am
++++ b/apps/ocspcheck/Makefile.am
+@@ -1,5 +1,9 @@
+ include $(top_srcdir)/Makefile.am.common
+ 
++-include $(abs_top_builddir)/crypto/libcrypto_la_objects.mk
++-include $(abs_top_builddir)/ssl/libssl_la_objects.mk
++-include $(abs_top_builddir)/tls/libtls_la_objects.mk
++
+ if !ENABLE_LIBTLS_ONLY
+ bin_PROGRAMS = ocspcheck
+ dist_man_MANS = ocspcheck.8
+@@ -10,9 +14,11 @@ endif
+ EXTRA_DIST = ocspcheck.8
+ EXTRA_DIST += CMakeLists.txt
+ 
+-ocspcheck_LDADD = $(abs_top_builddir)/crypto/libcrypto.la
+-ocspcheck_LDADD += $(abs_top_builddir)/ssl/libssl.la
+-ocspcheck_LDADD += $(abs_top_builddir)/tls/libtls.la
++ocspcheck_LDADD = $(libcrypto_la_objects)
++ocspcheck_LDADD += $(libcompat_la_objects)
++ocspcheck_LDADD += $(libcompatnoopt_la_objects)
++ocspcheck_LDADD += $(libssl_la_objects)
++ocspcheck_LDADD += $(libtls_la_objects)
+ ocspcheck_LDADD += $(PLATFORM_LDADD) $(PROG_LDADD)
+ 
+ ocspcheck_SOURCES = http.c
+diff --git a/apps/openssl/Makefile.am b/apps/openssl/Makefile.am
+index 7cbac48ae6..9574e06339 100644
+--- a/apps/openssl/Makefile.am
++++ b/apps/openssl/Makefile.am
+@@ -1,5 +1,8 @@
+ include $(top_srcdir)/Makefile.am.common
+ 
++-include $(abs_top_builddir)/crypto/libcrypto_la_objects.mk
++-include $(abs_top_builddir)/ssl/libssl_la_objects.mk
++
+ if !ENABLE_LIBTLS_ONLY
+ bin_PROGRAMS = openssl
+ dist_man_MANS = openssl.1
+@@ -7,8 +10,10 @@ else
+ noinst_PROGRAMS = openssl
+ endif
+ 
+-openssl_LDADD = $(abs_top_builddir)/ssl/libssl.la
+-openssl_LDADD += $(abs_top_builddir)/crypto/libcrypto.la
++openssl_LDADD = $(libcrypto_la_objects)
++openssl_LDADD += $(libcompat_la_objects)
++openssl_LDADD += $(libcompatnoopt_la_objects)
++openssl_LDADD += $(libssl_la_objects)
+ openssl_LDADD += $(PLATFORM_LDADD) $(PROG_LDADD)
+ 
+ openssl_SOURCES = apps.c
+
+From f261e8c46e5ce6a15638275b95d9d5c145d35d9c Mon Sep 17 00:00:00 2001
+From: Brent Cook <busterb@gmail.com>
+Date: Tue, 28 Feb 2023 08:34:39 -0600
+Subject: [PATCH 4/4] unexport internal compat symbols from libcrypto
+
+---
+ crypto/Makefile.am | 66 ----------------------------------------------
+ ssl/Makefile.am    |  4 +++
+ 2 files changed, 4 insertions(+), 66 deletions(-)
+
+diff --git a/crypto/Makefile.am b/crypto/Makefile.am
+index c09d266b2e..0b5ba3f99f 100644
+--- a/crypto/Makefile.am
++++ b/crypto/Makefile.am
+@@ -44,73 +44,7 @@ crypto_portable.sym: crypto.sym  Makefile
+ 	-echo "generating crypto_portable.sym ..."
+ 	-cp $(top_srcdir)/crypto/crypto.sym crypto_portable.sym
+ 	-chmod u+w crypto_portable.sym
+-if !HAVE_ARC4RANDOM_BUF
+-	-echo arc4random >> crypto_portable.sym
+-	-echo arc4random_buf >> crypto_portable.sym
+-	-echo arc4random_uniform >> crypto_portable.sym
+-if !HAVE_GETENTROPY
+-	-echo getentropy >> crypto_portable.sym
+-endif
+-endif
+-if !HAVE_ASPRINTF
+-	-echo asprintf >> crypto_portable.sym
+-	-echo vasprintf >> crypto_portable.sym
+-endif
+-if !HAVE_EXPLICIT_BZERO
+-	-echo explicit_bzero >> crypto_portable.sym
+-endif
+-if !HAVE_FREEZERO
+-	-echo freezero >> crypto_portable.sym
+-endif
+-if !HAVE_REALLOCARRAY
+-	-echo reallocarray >> crypto_portable.sym
+-endif
+-if !HAVE_RECALLOCARRAY
+-	-echo recallocarray >> crypto_portable.sym
+-endif
+-if !HAVE_STRLCAT
+-	-echo strlcat >> crypto_portable.sym
+-endif
+-if !HAVE_STRLCPY
+-	-echo strlcpy >> crypto_portable.sym
+-endif
+-if !HAVE_STRNDUP
+-	-echo strndup >> crypto_portable.sym
+-endif
+-if !HAVE_STRNLEN
+-	-echo strnlen >> crypto_portable.sym
+-endif
+-if !HAVE_STRSEP
+-	-echo strsep >> crypto_portable.sym
+-endif
+-if !HAVE_STRTONUM
+-	-echo strtonum >> crypto_portable.sym
+-endif
+-if !HAVE_TIMEGM
+-	-echo timegm >> crypto_portable.sym
+-endif
+-if !HAVE_TIMINGSAFE_BCMP
+-	-echo timingsafe_bcmp >> crypto_portable.sym
+-endif
+-if !HAVE_TIMINGSAFE_MEMCMP
+-	-echo timingsafe_memcmp >> crypto_portable.sym
+-endif
+-if HOST_CPU_IS_INTEL
+-	-echo OPENSSL_ia32cap_P >> crypto_portable.sym
+-endif
+ if HOST_WIN
+-	-echo posix_perror >> crypto_portable.sym
+-	-echo posix_fopen >> crypto_portable.sym
+-	-echo posix_fgets >> crypto_portable.sym
+-	-echo posix_open >> crypto_portable.sym
+-	-echo posix_rename >> crypto_portable.sym
+-	-echo posix_connect >> crypto_portable.sym
+-	-echo posix_close >> crypto_portable.sym
+-	-echo posix_read >> crypto_portable.sym
+-	-echo posix_write >> crypto_portable.sym
+-	-echo posix_getsockopt >> crypto_portable.sym
+-	-echo posix_setsockopt >> crypto_portable.sym
+-	-echo getuid >> crypto_portable.sym
+ 	-grep -v BIO_s_log crypto_portable.sym > crypto_portable.sym.tmp
+ 	-mv crypto_portable.sym.tmp crypto_portable.sym
+ endif
+diff --git a/ssl/Makefile.am b/ssl/Makefile.am
+index d27e2af835..002a26674a 100644
+--- a/ssl/Makefile.am
++++ b/ssl/Makefile.am
+@@ -1,5 +1,7 @@
+ include $(top_srcdir)/Makefile.am.common
+ 
++-include $(abs_top_builddir)/crypto/libcrypto_la_objects.mk
++
+ AM_CPPFLAGS += -I$(top_srcdir)/crypto/bio
+ 
+ noinst_LTLIBRARIES = libbs.la
+@@ -34,6 +36,8 @@ remove_bs_objects: libssl.la
+ libssl_la_CPPFLAGS = -I$(top_srcdir)/ssl/hidden ${AM_CPPFLAGS}
+ libssl_la_LDFLAGS = -version-info @LIBSSL_VERSION@ -no-undefined -export-symbols $(top_srcdir)/ssl/ssl.sym
+ libssl_la_LIBADD = $(abs_top_builddir)/crypto/libcrypto.la $(PLATFORM_LDADD)
++libssl_la_LIBADD += $(libcompat_la_objects)
++libssl_la_LIBADD += $(libcompatnoopt_la_objects)
+ libssl_la_LIBADD += libbs.la
+ 
+ libbs_la_SOURCES = bs_ber.c
diff --git a/dev-libs/libressl/libressl-3.7.3-r1.ebuild b/dev-libs/libressl/libressl-3.7.3-r1.ebuild
new file mode 100644
index 0000000..a2beb54
--- /dev/null
+++ b/dev-libs/libressl/libressl-3.7.3-r1.ebuild
@@ -0,0 +1,74 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/libressl.asc
+inherit autotools multilib-minimal verify-sig
+
+DESCRIPTION="Free version of the SSL/TLS protocol forked from OpenSSL"
+HOMEPAGE="https://www.libressl.org/"
+SRC_URI="
+	https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/${P}.tar.gz
+	verify-sig? ( https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/${P}.tar.gz.asc )
+"
+
+LICENSE="ISC openssl"
+# Reflects ABI of libcrypto.so and libssl.so. Since these can differ,
+# we'll try to use the max of either. However, if either change between
+# versions, we have to change the subslot to trigger rebuild of consumers.
+SLOT="0/54"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~ppc-macos ~x64-macos ~x64-solaris"
+IUSE="+asm netcat static-libs test"
+RESTRICT="!test? ( test )"
+
+PDEPEND="app-misc/ca-certificates"
+BDEPEND="verify-sig? ( sec-keys/openpgp-keys-libressl )"
+RDEPEND="netcat? (
+	!net-analyzer/netcat
+	!net-analyzer/nmap[symlink]
+	!net-analyzer/openbsd-netcat
+)"
+
+MULTILIB_WRAPPED_HEADERS=( /usr/include/openssl/opensslconf.h )
+
+# LibreSSL checks for libc features during configure
+QA_CONFIG_IMPL_DECL_SKIP=(
+	__va_copy
+	b64_ntop
+)
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-2.8.3-solaris10.patch
+	# Silences a Gentoo QA notice that is a false positive
+	# https://github.com/libressl/portable/issues/825
+	"${FILESDIR}"/${PN}-3.7.2-array-bounds.patch
+	# Gentoo's ssl-cert.eclass uses 'openssl genrsa -rand'
+	# which LibreSSL doesn't support.
+	# https://github.com/libressl/portable/issues/839
+	"${FILESDIR}"/${PN}-3.7.2-genrsa-rand.patch
+	# https://github.com/gentoo/libressl/issues/549
+	"${FILESDIR}"/${P}-libcrypto-unexport-internal-symbols.patch
+)
+
+src_prepare() {
+	default
+
+	eautoreconf
+}
+
+multilib_src_configure() {
+	local ECONF_SOURCE="${S}"
+	local args=(
+		$(use_enable asm)
+		$(use_enable static-libs static)
+		$(use_enable netcat nc)
+		$(use_enable test tests)
+	)
+	econf "${args[@]}"
+}
+
+multilib_src_install_all() {
+	einstalldocs
+	find "${D}" -name '*.la' -exec rm -f {} + || die
+}
author	orbea <orbea@riseup.net>	2024-02-24 08:05:57 -0800
committer	orbea <orbea@riseup.net>	2024-02-24 08:05:57 -0800
commit	5f429107d3ce3950cc33a93602947e855f9ec927 (patch)
tree	c834933e4b17633c22c5df5de660942bd7834a23 /dev-libs
parent	dev-qt/qtbase: stabilize 6.6.2 for amd64 (diff)
download	libressl-5f429107d3ce3950cc33a93602947e855f9ec927.tar.gz libressl-5f429107d3ce3950cc33a93602947e855f9ec927.tar.bz2 libressl-5f429107d3ce3950cc33a93602947e855f9ec927.zip