commit: 86acd886db67d37721a4ac9968358131e3439f76 Author: Azamat H. Hackimov <azamat.hackimov <AT> gmail <DOT> com> AuthorDate: Tue Nov 12 20:28:30 2024 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Sat Nov 23 16:54:05 2024 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=86acd886
net-libs/mbedtls: add 2.28.9, 3.6.2 Fix security vulnerabilities: * CVE-2024-45157 * CVE-2024-49195 Bug: https://bugs.gentoo.org/943337 Signed-off-by: Azamat H. Hackimov <azamat.hackimov <AT> gmail.com> Signed-off-by: Sam James <sam <AT> gentoo.org> net-libs/mbedtls/Manifest | 2 + net-libs/mbedtls/mbedtls-2.28.9.ebuild | 102 +++++++++++++++++++++++++++++++++ net-libs/mbedtls/mbedtls-3.6.2.ebuild | 95 ++++++++++++++++++++++++++++++ 3 files changed, 199 insertions(+) diff --git a/net-libs/mbedtls/Manifest b/net-libs/mbedtls/Manifest index f64ba92d6b83..8172042fb4f7 100644 --- a/net-libs/mbedtls/Manifest +++ b/net-libs/mbedtls/Manifest @@ -1,2 +1,4 @@ DIST mbedtls-2.28.8.tar.bz2 3343796 BLAKE2B 1efde6698662873c40df9733bae902db4e009f3dd26a937e05707ca1a208b71675df0737b44b5895a60cfbf42f18f92dae88cba62f32b55733947b9c0481880e SHA512 c8e91ec50ab2caf1f33e907279dc30fca2a8cd97e6e531be857149589e52aeffb95b445b2a9fa674886f0071f446381da3bb8107f7e850f3390128b069ac9ea7 +DIST mbedtls-2.28.9.tar.bz2 3357068 BLAKE2B 14b845f826c3a1953ca3ab82d2f557d8fe6f1a2f57b31134c89933571a87ab9027de50f8f094d4086509d60e38d4c82ac67180f848aa6d06f3ce9f390c8ed63c SHA512 305f97c0b0ba7d57639532a24600234d8f849a4a5795773673b31cc1fdcd1cd56aea42bec2ff87439296e1528dcc2bed5e2a29fbdbf7edad4f5c4da232079d99 DIST mbedtls-3.6.1.tar.bz2 4977592 BLAKE2B afecf4968a8f1b64413d7cc17919bacc69e3b5e5ff9e1750c43f965f6c7cd9af9be7a0d09fcab986b9a22e7951a038a653568a2e6cba976dbc8714692a784192 SHA512 c75e207273f39ff1980e629123422299e8f81b2ea4a1a206896f06911b48cb06db1d20d129ec675b1ec10fe7a92fa81bd33b19a84d21370d092442b34b02048f +DIST mbedtls-3.6.2.tar.bz2 4979769 BLAKE2B dbf34ca3cffca7a9bdb10191bd58971583ae3f2cdef3e350ccda08eae2e7b52f5fd4d1aff5582ee120b6e35e6843d7dd323ba7da5f1428c16130e5ed7c0d689e SHA512 7ab3b1ec179681949e1b0d171e04f75a605ae9ed8177cf3f6f27c401efca4aff930437ecc425c9a994d36f50ddd6f0f0dd7feeb42251128ac875b4c57fe3811b diff --git a/net-libs/mbedtls/mbedtls-2.28.9.ebuild b/net-libs/mbedtls/mbedtls-2.28.9.ebuild new file mode 100644 index 000000000000..76e76b4e4c2e --- /dev/null +++ b/net-libs/mbedtls/mbedtls-2.28.9.ebuild @@ -0,0 +1,102 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..13} ) + +inherit cmake multilib-minimal python-any-r1 + +DESCRIPTION="Cryptographic library for embedded systems" +HOMEPAGE="https://www.trustedfirmware.org/projects/mbed-tls/"; +SRC_URI="https://github.com/Mbed-TLS/mbedtls/releases/download/${P}/${P}.tar.bz2"; +LICENSE="|| ( Apache-2.0 GPL-2+ )" +SLOT="0/7.14.1" # ffmpeg subslot naming: SONAME tuple of {libmbedcrypto.so,libmbedtls.so,libmbedx509.so} +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +IUSE="cmac cpu_flags_x86_sse2 doc havege programs static-libs test threads zlib" +RESTRICT="!test? ( test )" + +RDEPEND=" + zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] ) +" +DEPEND="${RDEPEND}" +BDEPEND=" + ${PYTHON_DEPS} + doc? ( + app-text/doxygen + media-gfx/graphviz + ) + test? ( dev-lang/perl ) +" + +enable_mbedtls_option() { + local myopt="$@" + # check that config.h syntax is the same at version bump + sed -i \ + -e "s://#define ${myopt}:#define ${myopt}:" \ + include/mbedtls/config.h || die +} + +src_prepare() { + use cmac && enable_mbedtls_option MBEDTLS_CMAC_C + use cpu_flags_x86_sse2 && enable_mbedtls_option MBEDTLS_HAVE_SSE2 + use zlib && enable_mbedtls_option MBEDTLS_ZLIB_SUPPORT + use havege && enable_mbedtls_option MBEDTLS_HAVEGE_C + use threads && enable_mbedtls_option MBEDTLS_THREADING_C + use threads && enable_mbedtls_option MBEDTLS_THREADING_PTHREAD + + cmake_src_prepare +} + +multilib_src_configure() { + local mycmakeargs=( + -DENABLE_PROGRAMS=$(multilib_native_usex programs) + -DENABLE_TESTING=$(usex test) + -DENABLE_ZLIB_SUPPORT=$(usex zlib) + -DINSTALL_MBEDTLS_HEADERS=ON + -DLIB_INSTALL_DIR="${EPREFIX}/usr/$(get_libdir)" + -DLINK_WITH_PTHREAD=$(usex threads) + -DMBEDTLS_FATAL_WARNINGS=OFF # Don't use -Werror, #744946 + -DUSE_SHARED_MBEDTLS_LIBRARY=ON + -DUSE_STATIC_MBEDTLS_LIBRARY=$(usex static-libs) + ) + + cmake_src_configure +} + +multilib_src_compile() { + cmake_src_compile + use doc && multilib_is_native_abi && emake -C "${S}" apidoc +} + +multilib_src_test() { + # Disable parallel run, bug #718390 + # https://github.com/Mbed-TLS/mbedtls/issues/4980 + LD_LIBRARY_PATH="${LD_LIBRARY_PATH}:${BUILD_DIR}/library" \ + cmake_src_test -j1 +} + +multilib_src_install() { + cmake_src_install +} + +multilib_src_install_all() { + use doc && HTML_DOCS=( apidoc ) + + einstalldocs + + if use programs ; then + # avoid file collisions with sys-apps/coreutils + local p e + for p in "${ED}"/usr/bin/* ; do + if [[ -x "${p}" && ! -d "${p}" ]] ; then + mv "${p}" "${ED}"/usr/bin/mbedtls_${p##*/} || die + fi + done + for e in aes hash pkey ssl test ; do + docinto "${e}" + dodoc programs/"${e}"/*.c + dodoc programs/"${e}"/*.txt + done + fi +} diff --git a/net-libs/mbedtls/mbedtls-3.6.2.ebuild b/net-libs/mbedtls/mbedtls-3.6.2.ebuild new file mode 100644 index 000000000000..0d3fb3694a4e --- /dev/null +++ b/net-libs/mbedtls/mbedtls-3.6.2.ebuild @@ -0,0 +1,95 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..13} ) + +inherit cmake multilib-minimal python-any-r1 + +DESCRIPTION="Cryptographic library for embedded systems" +HOMEPAGE="https://www.trustedfirmware.org/projects/mbed-tls/"; +SRC_URI="https://github.com/Mbed-TLS/mbedtls/releases/download/${P}/${P}.tar.bz2"; + +LICENSE="|| ( Apache-2.0 GPL-2+ )" +SLOT="0/16.21.7" # ffmpeg subslot naming: SONAME tuple of {libmbedcrypto.so,libmbedtls.so,libmbedx509.so} +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +IUSE="cpu_flags_x86_sse2 doc programs static-libs test threads" +RESTRICT="!test? ( test )" + +BDEPEND=" + ${PYTHON_DEPS} + doc? ( + app-text/doxygen + media-gfx/graphviz + ) + test? ( dev-lang/perl ) +" + +enable_mbedtls_option() { + local myopt="$@" + # check that config.h syntax is the same at version bump + sed -i \ + -e "s://#define ${myopt}:#define ${myopt}:" \ + include/mbedtls/mbedtls_config.h || die +} + +src_prepare() { + use cpu_flags_x86_sse2 && enable_mbedtls_option MBEDTLS_HAVE_SSE2 + use threads && enable_mbedtls_option MBEDTLS_THREADING_C + use threads && enable_mbedtls_option MBEDTLS_THREADING_PTHREAD + + cmake_src_prepare +} + +multilib_src_configure() { + local mycmakeargs=( + -DENABLE_PROGRAMS=$(multilib_native_usex programs) + -DENABLE_TESTING=$(usex test) + -DINSTALL_MBEDTLS_HEADERS=ON + -DLIB_INSTALL_DIR="${EPREFIX}/usr/$(get_libdir)" + -DLINK_WITH_PTHREAD=$(usex threads) + -DMBEDTLS_FATAL_WARNINGS=OFF # Don't use -Werror, #744946 + -DUSE_SHARED_MBEDTLS_LIBRARY=ON + -DUSE_STATIC_MBEDTLS_LIBRARY=$(usex static-libs) + ) + + cmake_src_configure +} + +multilib_src_compile() { + cmake_src_compile + use doc && multilib_is_native_abi && emake -C "${S}" apidoc +} + +multilib_src_test() { + # Disable parallel run, bug #718390 + # https://github.com/Mbed-TLS/mbedtls/issues/4980 + LD_LIBRARY_PATH="${LD_LIBRARY_PATH}:${BUILD_DIR}/library" \ + cmake_src_test -j1 +} + +multilib_src_install() { + cmake_src_install +} + +multilib_src_install_all() { + use doc && HTML_DOCS=( apidoc ) + + einstalldocs + + if use programs ; then + # avoid file collisions with sys-apps/coreutils + local p e + for p in "${ED}"/usr/bin/* ; do + if [[ -x "${p}" && ! -d "${p}" ]] ; then + mv "${p}" "${ED}"/usr/bin/mbedtls_${p##*/} || die + fi + done + for e in aes hash pkey ssl test ; do + docinto "${e}" + dodoc programs/"${e}"/*.c + dodoc programs/"${e}"/*.txt + done + fi +}
