diff options
author | orbea <orbea@riseup.net> | 2024-02-24 08:05:57 -0800 |
---|---|---|
committer | orbea <orbea@riseup.net> | 2024-02-24 08:05:57 -0800 |
commit | 5f429107d3ce3950cc33a93602947e855f9ec927 (patch) | |
tree | c834933e4b17633c22c5df5de660942bd7834a23 /dev-libs | |
parent | dev-qt/qtbase: stabilize 6.6.2 for amd64 (diff) | |
download | libressl-5f429107d3ce3950cc33a93602947e855f9ec927.tar.gz libressl-5f429107d3ce3950cc33a93602947e855f9ec927.tar.bz2 libressl-5f429107d3ce3950cc33a93602947e855f9ec927.zip |
dev-libs/libressl: don't export internal symbols
Closes: https://github.com/gentoo/libressl/issues/549
Signed-off-by: orbea <orbea@riseup.net>
Diffstat (limited to 'dev-libs')
-rw-r--r-- | dev-libs/libressl/files/libressl-3.7.3-libcrypto-unexport-internal-symbols.patch | 234 | ||||
-rw-r--r-- | dev-libs/libressl/libressl-3.7.3-r1.ebuild | 74 |
2 files changed, 308 insertions, 0 deletions
diff --git a/dev-libs/libressl/files/libressl-3.7.3-libcrypto-unexport-internal-symbols.patch b/dev-libs/libressl/files/libressl-3.7.3-libcrypto-unexport-internal-symbols.patch new file mode 100644 index 0000000..40cc470 --- /dev/null +++ b/dev-libs/libressl/files/libressl-3.7.3-libcrypto-unexport-internal-symbols.patch @@ -0,0 +1,234 @@ +https://github.com/gentoo/libressl/issues/549 +https://github.com/libressl/portable/pull/808 + +From b38f5a8904b83d433e967f683821ca992354551b Mon Sep 17 00:00:00 2001 +From: Brent Cook <busterb@gmail.com> +Date: Sun, 18 Dec 2022 21:39:58 -0600 +Subject: [PATCH 1/4] fix dangling whitespace when building object list + +breaks latest macOS linker to have a directory in the object list +--- + tls/Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tls/Makefile.am b/tls/Makefile.am +index 9b62b2231e..d5725c362a 100644 +--- a/tls/Makefile.am ++++ b/tls/Makefile.am +@@ -16,7 +16,7 @@ EXTRA_libtls_la_DEPENDENCIES = libtls_la_objects.mk + + libtls_la_objects.mk: Makefile + @echo "libtls_la_objects= $(libtls_la_OBJECTS)" \ +- | sed 's/ */ $$\(abs_top_builddir\)\/tls\//g' \ ++ | sed -e 's/ *$$//' -e 's/ */ $$\(abs_top_builddir\)\/tls\//g' \ + > libtls_la_objects.mk + + libtls_la_LDFLAGS = -version-info @LIBTLS_VERSION@ -no-undefined -export-symbols $(top_srcdir)/tls/tls.sym + +From cfbdf67f5960198363f56b06f6a4f88aa8654d10 Mon Sep 17 00:00:00 2001 +From: Brent Cook <busterb@gmail.com> +Date: Sun, 18 Dec 2022 22:10:11 -0600 +Subject: [PATCH 2/4] link internal apps statically + +--- + apps/nc/Makefile.am | 11 +++++++---- + apps/ocspcheck/Makefile.am | 12 +++++++++--- + apps/openssl/Makefile.am | 9 +++++++-- + 3 files changed, 23 insertions(+), 9 deletions(-) + +diff --git a/apps/nc/Makefile.am b/apps/nc/Makefile.am +index e9db6e592b..aba306ed3b 100644 +--- a/apps/nc/Makefile.am ++++ b/apps/nc/Makefile.am +@@ -1,6 +1,8 @@ + include $(top_srcdir)/Makefile.am.common + + -include $(abs_top_builddir)/crypto/libcrypto_la_objects.mk ++-include $(abs_top_builddir)/ssl/libssl_la_objects.mk ++-include $(abs_top_builddir)/tls/libtls_la_objects.mk + + if BUILD_NC + +@@ -14,12 +16,13 @@ endif + EXTRA_DIST = nc.1 + EXTRA_DIST += CMakeLists.txt + +-nc_LDADD = $(abs_top_builddir)/tls/libtls.la +-nc_LDADD += $(PLATFORM_LDADD) $(PROG_LDADD) +- +-nc_LDADD += $(libcrypto_la_objects) ++nc_LDADD = $(libcrypto_la_objects) + nc_LDADD += $(libcompat_la_objects) + nc_LDADD += $(libcompatnoopt_la_objects) ++nc_LDADD += $(libssl_la_objects) ++nc_LDADD += $(libtls_la_objects) ++ ++nc_LDADD += $(PLATFORM_LDADD) $(PROG_LDADD) + + AM_CPPFLAGS += -I$(top_srcdir)/apps/nc/compat + +diff --git a/apps/ocspcheck/Makefile.am b/apps/ocspcheck/Makefile.am +index 7c7b454313..e6f3c5436b 100644 +--- a/apps/ocspcheck/Makefile.am ++++ b/apps/ocspcheck/Makefile.am +@@ -1,5 +1,9 @@ + include $(top_srcdir)/Makefile.am.common + ++-include $(abs_top_builddir)/crypto/libcrypto_la_objects.mk ++-include $(abs_top_builddir)/ssl/libssl_la_objects.mk ++-include $(abs_top_builddir)/tls/libtls_la_objects.mk ++ + if !ENABLE_LIBTLS_ONLY + bin_PROGRAMS = ocspcheck + dist_man_MANS = ocspcheck.8 +@@ -10,9 +14,11 @@ endif + EXTRA_DIST = ocspcheck.8 + EXTRA_DIST += CMakeLists.txt + +-ocspcheck_LDADD = $(abs_top_builddir)/crypto/libcrypto.la +-ocspcheck_LDADD += $(abs_top_builddir)/ssl/libssl.la +-ocspcheck_LDADD += $(abs_top_builddir)/tls/libtls.la ++ocspcheck_LDADD = $(libcrypto_la_objects) ++ocspcheck_LDADD += $(libcompat_la_objects) ++ocspcheck_LDADD += $(libcompatnoopt_la_objects) ++ocspcheck_LDADD += $(libssl_la_objects) ++ocspcheck_LDADD += $(libtls_la_objects) + ocspcheck_LDADD += $(PLATFORM_LDADD) $(PROG_LDADD) + + ocspcheck_SOURCES = http.c +diff --git a/apps/openssl/Makefile.am b/apps/openssl/Makefile.am +index 7cbac48ae6..9574e06339 100644 +--- a/apps/openssl/Makefile.am ++++ b/apps/openssl/Makefile.am +@@ -1,5 +1,8 @@ + include $(top_srcdir)/Makefile.am.common + ++-include $(abs_top_builddir)/crypto/libcrypto_la_objects.mk ++-include $(abs_top_builddir)/ssl/libssl_la_objects.mk ++ + if !ENABLE_LIBTLS_ONLY + bin_PROGRAMS = openssl + dist_man_MANS = openssl.1 +@@ -7,8 +10,10 @@ else + noinst_PROGRAMS = openssl + endif + +-openssl_LDADD = $(abs_top_builddir)/ssl/libssl.la +-openssl_LDADD += $(abs_top_builddir)/crypto/libcrypto.la ++openssl_LDADD = $(libcrypto_la_objects) ++openssl_LDADD += $(libcompat_la_objects) ++openssl_LDADD += $(libcompatnoopt_la_objects) ++openssl_LDADD += $(libssl_la_objects) + openssl_LDADD += $(PLATFORM_LDADD) $(PROG_LDADD) + + openssl_SOURCES = apps.c + +From f261e8c46e5ce6a15638275b95d9d5c145d35d9c Mon Sep 17 00:00:00 2001 +From: Brent Cook <busterb@gmail.com> +Date: Tue, 28 Feb 2023 08:34:39 -0600 +Subject: [PATCH 4/4] unexport internal compat symbols from libcrypto + +--- + crypto/Makefile.am | 66 ---------------------------------------------- + ssl/Makefile.am | 4 +++ + 2 files changed, 4 insertions(+), 66 deletions(-) + +diff --git a/crypto/Makefile.am b/crypto/Makefile.am +index c09d266b2e..0b5ba3f99f 100644 +--- a/crypto/Makefile.am ++++ b/crypto/Makefile.am +@@ -44,73 +44,7 @@ crypto_portable.sym: crypto.sym Makefile + -echo "generating crypto_portable.sym ..." + -cp $(top_srcdir)/crypto/crypto.sym crypto_portable.sym + -chmod u+w crypto_portable.sym +-if !HAVE_ARC4RANDOM_BUF +- -echo arc4random >> crypto_portable.sym +- -echo arc4random_buf >> crypto_portable.sym +- -echo arc4random_uniform >> crypto_portable.sym +-if !HAVE_GETENTROPY +- -echo getentropy >> crypto_portable.sym +-endif +-endif +-if !HAVE_ASPRINTF +- -echo asprintf >> crypto_portable.sym +- -echo vasprintf >> crypto_portable.sym +-endif +-if !HAVE_EXPLICIT_BZERO +- -echo explicit_bzero >> crypto_portable.sym +-endif +-if !HAVE_FREEZERO +- -echo freezero >> crypto_portable.sym +-endif +-if !HAVE_REALLOCARRAY +- -echo reallocarray >> crypto_portable.sym +-endif +-if !HAVE_RECALLOCARRAY +- -echo recallocarray >> crypto_portable.sym +-endif +-if !HAVE_STRLCAT +- -echo strlcat >> crypto_portable.sym +-endif +-if !HAVE_STRLCPY +- -echo strlcpy >> crypto_portable.sym +-endif +-if !HAVE_STRNDUP +- -echo strndup >> crypto_portable.sym +-endif +-if !HAVE_STRNLEN +- -echo strnlen >> crypto_portable.sym +-endif +-if !HAVE_STRSEP +- -echo strsep >> crypto_portable.sym +-endif +-if !HAVE_STRTONUM +- -echo strtonum >> crypto_portable.sym +-endif +-if !HAVE_TIMEGM +- -echo timegm >> crypto_portable.sym +-endif +-if !HAVE_TIMINGSAFE_BCMP +- -echo timingsafe_bcmp >> crypto_portable.sym +-endif +-if !HAVE_TIMINGSAFE_MEMCMP +- -echo timingsafe_memcmp >> crypto_portable.sym +-endif +-if HOST_CPU_IS_INTEL +- -echo OPENSSL_ia32cap_P >> crypto_portable.sym +-endif + if HOST_WIN +- -echo posix_perror >> crypto_portable.sym +- -echo posix_fopen >> crypto_portable.sym +- -echo posix_fgets >> crypto_portable.sym +- -echo posix_open >> crypto_portable.sym +- -echo posix_rename >> crypto_portable.sym +- -echo posix_connect >> crypto_portable.sym +- -echo posix_close >> crypto_portable.sym +- -echo posix_read >> crypto_portable.sym +- -echo posix_write >> crypto_portable.sym +- -echo posix_getsockopt >> crypto_portable.sym +- -echo posix_setsockopt >> crypto_portable.sym +- -echo getuid >> crypto_portable.sym + -grep -v BIO_s_log crypto_portable.sym > crypto_portable.sym.tmp + -mv crypto_portable.sym.tmp crypto_portable.sym + endif +diff --git a/ssl/Makefile.am b/ssl/Makefile.am +index d27e2af835..002a26674a 100644 +--- a/ssl/Makefile.am ++++ b/ssl/Makefile.am +@@ -1,5 +1,7 @@ + include $(top_srcdir)/Makefile.am.common + ++-include $(abs_top_builddir)/crypto/libcrypto_la_objects.mk ++ + AM_CPPFLAGS += -I$(top_srcdir)/crypto/bio + + noinst_LTLIBRARIES = libbs.la +@@ -34,6 +36,8 @@ remove_bs_objects: libssl.la + libssl_la_CPPFLAGS = -I$(top_srcdir)/ssl/hidden ${AM_CPPFLAGS} + libssl_la_LDFLAGS = -version-info @LIBSSL_VERSION@ -no-undefined -export-symbols $(top_srcdir)/ssl/ssl.sym + libssl_la_LIBADD = $(abs_top_builddir)/crypto/libcrypto.la $(PLATFORM_LDADD) ++libssl_la_LIBADD += $(libcompat_la_objects) ++libssl_la_LIBADD += $(libcompatnoopt_la_objects) + libssl_la_LIBADD += libbs.la + + libbs_la_SOURCES = bs_ber.c diff --git a/dev-libs/libressl/libressl-3.7.3-r1.ebuild b/dev-libs/libressl/libressl-3.7.3-r1.ebuild new file mode 100644 index 0000000..a2beb54 --- /dev/null +++ b/dev-libs/libressl/libressl-3.7.3-r1.ebuild @@ -0,0 +1,74 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/libressl.asc +inherit autotools multilib-minimal verify-sig + +DESCRIPTION="Free version of the SSL/TLS protocol forked from OpenSSL" +HOMEPAGE="https://www.libressl.org/" +SRC_URI=" + https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/${P}.tar.gz + verify-sig? ( https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/${P}.tar.gz.asc ) +" + +LICENSE="ISC openssl" +# Reflects ABI of libcrypto.so and libssl.so. Since these can differ, +# we'll try to use the max of either. However, if either change between +# versions, we have to change the subslot to trigger rebuild of consumers. +SLOT="0/54" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~ppc-macos ~x64-macos ~x64-solaris" +IUSE="+asm netcat static-libs test" +RESTRICT="!test? ( test )" + +PDEPEND="app-misc/ca-certificates" +BDEPEND="verify-sig? ( sec-keys/openpgp-keys-libressl )" +RDEPEND="netcat? ( + !net-analyzer/netcat + !net-analyzer/nmap[symlink] + !net-analyzer/openbsd-netcat +)" + +MULTILIB_WRAPPED_HEADERS=( /usr/include/openssl/opensslconf.h ) + +# LibreSSL checks for libc features during configure +QA_CONFIG_IMPL_DECL_SKIP=( + __va_copy + b64_ntop +) + +PATCHES=( + "${FILESDIR}"/${PN}-2.8.3-solaris10.patch + # Silences a Gentoo QA notice that is a false positive + # https://github.com/libressl/portable/issues/825 + "${FILESDIR}"/${PN}-3.7.2-array-bounds.patch + # Gentoo's ssl-cert.eclass uses 'openssl genrsa -rand' + # which LibreSSL doesn't support. + # https://github.com/libressl/portable/issues/839 + "${FILESDIR}"/${PN}-3.7.2-genrsa-rand.patch + # https://github.com/gentoo/libressl/issues/549 + "${FILESDIR}"/${P}-libcrypto-unexport-internal-symbols.patch +) + +src_prepare() { + default + + eautoreconf +} + +multilib_src_configure() { + local ECONF_SOURCE="${S}" + local args=( + $(use_enable asm) + $(use_enable static-libs static) + $(use_enable netcat nc) + $(use_enable test tests) + ) + econf "${args[@]}" +} + +multilib_src_install_all() { + einstalldocs + find "${D}" -name '*.la' -exec rm -f {} + || die +} |