commit: 2d8996e27fdacdf75a805f921c8de52d96441c9c Author: Azamat H. Hackimov <azamat.hackimov <AT> gmail <DOT> com> AuthorDate: Tue Feb 10 01:55:30 2026 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Wed Feb 11 03:43:11 2026 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2d8996e2
net-libs/mbedtls: add 3.6.5 Signed-off-by: Azamat H. Hackimov <azamat.hackimov <AT> gmail.com> Part-of: https://github.com/gentoo/gentoo/pull/45720 Closes: https://github.com/gentoo/gentoo/pull/45720 Signed-off-by: Sam James <sam <AT> gentoo.org> net-libs/mbedtls/Manifest | 1 + ...ersion-suffix-for-all-installable-targets.patch | 79 ++++++++++++ .../files/mbedtls-3.6.5-slotted-version.patch | 132 +++++++++++++++++++++ net-libs/mbedtls/mbedtls-3.6.5.ebuild | 109 +++++++++++++++++ 4 files changed, 321 insertions(+) diff --git a/net-libs/mbedtls/Manifest b/net-libs/mbedtls/Manifest index 677df466f63f..d21ff35323c6 100644 --- a/net-libs/mbedtls/Manifest +++ b/net-libs/mbedtls/Manifest @@ -1,2 +1,3 @@ DIST mbedtls-2.28.10.tar.bz2 3489179 BLAKE2B 30243e3100428f1e7e5deb1199c774b8b6a1fc58253990d80bbd33d71da32fbf73e285fbd403596e08ac9b0569ef28105cfe08ffb281670d21ca31bb80b65ee7 SHA512 e97d4f5dc71e0db8ff53c1b521057e95ec0cdadcf4555fc2491288defea73d2ae265fc5a02f83ff8143281c9dec88bee4cb62c670eef786f9a714c77958a29df DIST mbedtls-3.6.4.tar.bz2 5099459 BLAKE2B d9bfb3984081a346ac5b022af79f133a0e97cd17770e3aa468d0db200cebd21f92d00cddbe23038fbbda61deb1d9d96f5ac84b0b3a75e0e98b36d236f97e738a SHA512 6671fb8fcaa832e5b115dfdce8f78baa6a4aea71f5c89a640583634cdee27aefe3bf4be075744da91f7c3ae5ea4e0c765c8fc3937b5cfd9ea73d87ef496524da +DIST mbedtls-3.6.5.tar.bz2 5367178 BLAKE2B d4bbc13b4dc50485fa544aff74ad2ec6be9e0ad70fc31ec18f9c261f26d0d0d852094ea8c8a78e16f3311f0a0922af31cb2d761c0ef3a0fec7a155c0e3150b97 SHA512 acc6d49cba57379f27185d6a381073132f3013c91bb21d14f57ca4f9f4b75cd27df6bf0bb598ffa347ebeb34d9d3a444ef230592813c5611c918f7714ed4a8df diff --git a/net-libs/mbedtls/files/mbedtls-3.6.5-add-version-suffix-for-all-installable-targets.patch b/net-libs/mbedtls/files/mbedtls-3.6.5-add-version-suffix-for-all-installable-targets.patch new file mode 100644 index 000000000000..cda2c02d45d1 --- /dev/null +++ b/net-libs/mbedtls/files/mbedtls-3.6.5-add-version-suffix-for-all-installable-targets.patch @@ -0,0 +1,79 @@ +From https://github.com/Mbed-TLS/mbedtls/pull/9876 +From: "Azamat H. Hackimov" <[email protected]> +Date: Sun, 1 Dec 2024 00:49:15 +0300 +Subject: [PATCH 2/5] Add version suffix for all installable targets + +Convert main library targets to slottable versions. This allows to +install major versions of MbedTLS simultaneously. + +Dependent packages should use `find_package(MbedTLS 3 [REQUIRED])` and +`MbedTLS::<component>` in order to use requested libraries. +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -481,7 +481,7 @@ if(NOT DISABLE_PACKAGE_CONFIG_AND_INSTALL) + install( + FILES "${CMAKE_CURRENT_BINARY_DIR}/cmake/MbedTLSConfig.cmake" + "${CMAKE_CURRENT_BINARY_DIR}/cmake/MbedTLSConfigVersion.cmake" +- DESTINATION "${CMAKE_INSTALL_LIBDIR}/cmake/MbedTLS") ++ DESTINATION "${CMAKE_INSTALL_LIBDIR}/cmake/MbedTLS-${PROJECT_VERSION_MAJOR}") + + export( + EXPORT MbedTLSTargets +@@ -491,7 +491,7 @@ if(NOT DISABLE_PACKAGE_CONFIG_AND_INSTALL) + install( + EXPORT MbedTLSTargets + NAMESPACE MbedTLS:: +- DESTINATION "${CMAKE_INSTALL_LIBDIR}/cmake/MbedTLS" ++ DESTINATION "${CMAKE_INSTALL_LIBDIR}/cmake/MbedTLS-${PROJECT_VERSION_MAJOR}" + FILE "MbedTLSTargets.cmake") + + if(CMAKE_VERSION VERSION_GREATER 3.15 OR CMAKE_VERSION VERSION_EQUAL 3.15) +--- a/library/CMakeLists.txt ++++ b/library/CMakeLists.txt +@@ -283,7 +283,7 @@ set(everest_target "${MBEDTLS_TARGET_PREFIX}everest") + + if(USE_STATIC_MBEDTLS_LIBRARY) + add_library(${mbedcrypto_static_target} STATIC ${src_crypto}) +- set_target_properties(${mbedcrypto_static_target} PROPERTIES OUTPUT_NAME mbedcrypto) ++ set_target_properties(${mbedcrypto_static_target} PROPERTIES OUTPUT_NAME mbedcrypto${PROJECT_VERSION_MAJOR}) + target_link_libraries(${mbedcrypto_static_target} PUBLIC ${libs}) + + if(TARGET ${everest_target}) +@@ -295,11 +295,11 @@ if(USE_STATIC_MBEDTLS_LIBRARY) + endif() + + add_library(${mbedx509_static_target} STATIC ${src_x509}) +- set_target_properties(${mbedx509_static_target} PROPERTIES OUTPUT_NAME mbedx509) ++ set_target_properties(${mbedx509_static_target} PROPERTIES OUTPUT_NAME mbedx509${PROJECT_VERSION_MAJOR}) + target_link_libraries(${mbedx509_static_target} PUBLIC ${libs} ${mbedcrypto_static_target}) + + add_library(${mbedtls_static_target} STATIC ${src_tls}) +- set_target_properties(${mbedtls_static_target} PROPERTIES OUTPUT_NAME mbedtls) ++ set_target_properties(${mbedtls_static_target} PROPERTIES OUTPUT_NAME mbedtls${PROJECT_VERSION_MAJOR}) + target_link_libraries(${mbedtls_static_target} PUBLIC ${libs} ${mbedx509_static_target}) + + if(GEN_FILES) +@@ -314,6 +314,7 @@ if(USE_SHARED_MBEDTLS_LIBRARY) + set(CMAKE_LIBRARY_PATH ${CMAKE_CURRENT_BINARY_DIR}) + add_library(${mbedcrypto_target} SHARED ${src_crypto}) + set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 3.6.5 SOVERSION 16) ++ set_target_properties(${mbedcrypto_target} PROPERTIES OUTPUT_NAME mbedcrypto${PROJECT_VERSION_MAJOR}) + target_link_libraries(${mbedcrypto_target} PUBLIC ${libs}) + + if(TARGET ${everest_target}) +@@ -326,10 +327,12 @@ if(USE_SHARED_MBEDTLS_LIBRARY) + + add_library(${mbedx509_target} SHARED ${src_x509}) + set_target_properties(${mbedx509_target} PROPERTIES VERSION 3.6.5 SOVERSION 7) ++ set_target_properties(${mbedx509_target} PROPERTIES OUTPUT_NAME mbedx509${PROJECT_VERSION_MAJOR}) + target_link_libraries(${mbedx509_target} PUBLIC ${libs} ${mbedcrypto_target}) + + add_library(${mbedtls_target} SHARED ${src_tls}) + set_target_properties(${mbedtls_target} PROPERTIES VERSION 3.6.5 SOVERSION 21) ++ set_target_properties(${mbedtls_target} PROPERTIES OUTPUT_NAME mbedtls${PROJECT_VERSION_MAJOR}) + target_link_libraries(${mbedtls_target} PUBLIC ${libs} ${mbedx509_target}) + + if(GEN_FILES) +-- +2.52.0 + diff --git a/net-libs/mbedtls/files/mbedtls-3.6.5-slotted-version.patch b/net-libs/mbedtls/files/mbedtls-3.6.5-slotted-version.patch new file mode 100644 index 000000000000..0f8c8247a309 --- /dev/null +++ b/net-libs/mbedtls/files/mbedtls-3.6.5-slotted-version.patch @@ -0,0 +1,132 @@ +https://github.com/Mbed-TLS/mbedtls/pull/9876 +From: "Azamat H. Hackimov" <[email protected]> +Date: Sun, 26 Jan 2025 22:21:33 +0300 +Subject: [PATCH 5/5] Add ENABLE_SLOTTED_VERSION to cmake project + +Make version suffix appending optional. Change suffix to include dash symbol to comply pkg-config naming conventions. + +Signed-off-by: Azamat H. Hackimov <[email protected]> +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -77,6 +77,12 @@ else() + endif() + + option(DISABLE_PACKAGE_CONFIG_AND_INSTALL "Disable package configuration, target export and installation" ${MBEDTLS_AS_SUBPROJECT}) ++option(ENABLE_SLOTTED_VERSION "Enable slotted installation in order to install multiple versions of Mbed TLS" OFF) ++ ++set(VERSION_SUFFIX "") ++if(ENABLE_SLOTTED_VERSION) ++ set(VERSION_SUFFIX "-${PROJECT_VERSION_MAJOR}") ++endif() + + if (CMAKE_C_SIMULATE_ID) + set(COMPILER_ID ${CMAKE_C_SIMULATE_ID}) +--- a/library/CMakeLists.txt ++++ b/library/CMakeLists.txt +@@ -283,7 +283,7 @@ set(everest_target "${MBEDTLS_TARGET_PREFIX}everest") + + if(USE_STATIC_MBEDTLS_LIBRARY) + add_library(${mbedcrypto_static_target} STATIC ${src_crypto}) +- set_target_properties(${mbedcrypto_static_target} PROPERTIES OUTPUT_NAME mbedcrypto${PROJECT_VERSION_MAJOR}) ++ set_target_properties(${mbedcrypto_static_target} PROPERTIES OUTPUT_NAME mbedcrypto${VERSION_SUFFIX}) + target_link_libraries(${mbedcrypto_static_target} PUBLIC ${libs}) + + if(TARGET ${everest_target}) +@@ -295,11 +295,11 @@ if(USE_STATIC_MBEDTLS_LIBRARY) + endif() + + add_library(${mbedx509_static_target} STATIC ${src_x509}) +- set_target_properties(${mbedx509_static_target} PROPERTIES OUTPUT_NAME mbedx509${PROJECT_VERSION_MAJOR}) ++ set_target_properties(${mbedx509_static_target} PROPERTIES OUTPUT_NAME mbedx509${VERSION_SUFFIX}) + target_link_libraries(${mbedx509_static_target} PUBLIC ${libs} ${mbedcrypto_static_target}) + + add_library(${mbedtls_static_target} STATIC ${src_tls}) +- set_target_properties(${mbedtls_static_target} PROPERTIES OUTPUT_NAME mbedtls${PROJECT_VERSION_MAJOR}) ++ set_target_properties(${mbedtls_static_target} PROPERTIES OUTPUT_NAME mbedtls${VERSION_SUFFIX}) + target_link_libraries(${mbedtls_static_target} PUBLIC ${libs} ${mbedx509_static_target}) + + if(GEN_FILES) +@@ -314,7 +314,7 @@ if(USE_SHARED_MBEDTLS_LIBRARY) + set(CMAKE_LIBRARY_PATH ${CMAKE_CURRENT_BINARY_DIR}) + add_library(${mbedcrypto_target} SHARED ${src_crypto}) + set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 3.6.5 SOVERSION 16) +- set_target_properties(${mbedcrypto_target} PROPERTIES OUTPUT_NAME mbedcrypto${PROJECT_VERSION_MAJOR}) ++ set_target_properties(${mbedcrypto_target} PROPERTIES OUTPUT_NAME mbedcrypto${VERSION_SUFFIX}) + target_link_libraries(${mbedcrypto_target} PUBLIC ${libs}) + + if(TARGET ${everest_target}) +@@ -327,12 +327,12 @@ if(USE_SHARED_MBEDTLS_LIBRARY) + + add_library(${mbedx509_target} SHARED ${src_x509}) + set_target_properties(${mbedx509_target} PROPERTIES VERSION 3.6.5 SOVERSION 7) +- set_target_properties(${mbedx509_target} PROPERTIES OUTPUT_NAME mbedx509${PROJECT_VERSION_MAJOR}) ++ set_target_properties(${mbedx509_target} PROPERTIES OUTPUT_NAME mbedx509${VERSION_SUFFIX}) + target_link_libraries(${mbedx509_target} PUBLIC ${libs} ${mbedcrypto_target}) + + add_library(${mbedtls_target} SHARED ${src_tls}) + set_target_properties(${mbedtls_target} PROPERTIES VERSION 3.6.5 SOVERSION 21) +- set_target_properties(${mbedtls_target} PROPERTIES OUTPUT_NAME mbedtls${PROJECT_VERSION_MAJOR}) ++ set_target_properties(${mbedtls_target} PROPERTIES OUTPUT_NAME mbedtls${VERSION_SUFFIX}) + target_link_libraries(${mbedtls_target} PUBLIC ${libs} ${mbedx509_target}) + + if(GEN_FILES) +--- a/pkgconfig/CMakeLists.txt ++++ b/pkgconfig/CMakeLists.txt +@@ -8,18 +8,18 @@ if(NOT DISABLE_PACKAGE_CONFIG_AND_INSTALL) + set(PKGCONFIG_PROJECT_DESCRIPTION "Mbed TLS is a C library that implements cryptographic primitives, X.509 certificate manipulation and the SSL/TLS and DTLS protocols. Its small code footprint makes it suitable for embedded systems.") + set(PKGCONFIG_PROJECT_HOMEPAGE_URL "https://www.trustedfirmware.org/projects/mbed-tls/";) + +- configure_file(mbedcrypto.pc.in mbedcrypto${PROJECT_VERSION_MAJOR}.pc @ONLY) ++ configure_file(mbedcrypto.pc.in mbedcrypto${VERSION_SUFFIX}.pc @ONLY) + install(FILES +- ${CMAKE_CURRENT_BINARY_DIR}/mbedcrypto${PROJECT_VERSION_MAJOR}.pc ++ ${CMAKE_CURRENT_BINARY_DIR}/mbedcrypto${VERSION_SUFFIX}.pc + DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig) + +- configure_file(mbedtls.pc.in mbedtls${PROJECT_VERSION_MAJOR}.pc @ONLY) ++ configure_file(mbedtls.pc.in mbedtls${VERSION_SUFFIX}.pc @ONLY) + install(FILES +- ${CMAKE_CURRENT_BINARY_DIR}/mbedtls${PROJECT_VERSION_MAJOR}.pc ++ ${CMAKE_CURRENT_BINARY_DIR}/mbedtls${VERSION_SUFFIX}.pc + DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig) + +- configure_file(mbedx509.pc.in mbedx509${PROJECT_VERSION_MAJOR}.pc @ONLY) ++ configure_file(mbedx509.pc.in mbedx509${VERSION_SUFFIX}.pc @ONLY) + install(FILES +- ${CMAKE_CURRENT_BINARY_DIR}/mbedx509${PROJECT_VERSION_MAJOR}.pc ++ ${CMAKE_CURRENT_BINARY_DIR}/mbedx509${VERSION_SUFFIX}.pc + DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig) + endif() +--- a/pkgconfig/mbedcrypto.pc.in ++++ b/pkgconfig/mbedcrypto.pc.in +@@ -7,4 +7,4 @@ Description: @PKGCONFIG_PROJECT_DESCRIPTION@ + URL: @PKGCONFIG_PROJECT_HOMEPAGE_URL@ + Version: @PROJECT_VERSION@ + Cflags: -I"${includedir}" +-Libs: -L"${libdir}" -lmbedcrypto@PROJECT_VERSION_MAJOR@ ++Libs: -L"${libdir}" -lmbedcrypto@VERSION_SUFFIX@ +--- a/pkgconfig/mbedtls.pc.in ++++ b/pkgconfig/mbedtls.pc.in +@@ -6,6 +6,6 @@ Name: @PROJECT_NAME@ + Description: @PKGCONFIG_PROJECT_DESCRIPTION@ + URL: @PKGCONFIG_PROJECT_HOMEPAGE_URL@ + Version: @PROJECT_VERSION@ +-Requires.private: mbedcrypto@PROJECT_VERSION_MAJOR@ mbedx509@PROJECT_VERSION_MAJOR@ ++Requires.private: mbedcrypto@VERSION_SUFFIX@ mbedx509@VERSION_SUFFIX@ + Cflags: -I"${includedir}" +-Libs: -L"${libdir}" -lmbedtls@PROJECT_VERSION_MAJOR@ ++Libs: -L"${libdir}" -lmbedtls@VERSION_SUFFIX@ +--- a/pkgconfig/mbedx509.pc.in ++++ b/pkgconfig/mbedx509.pc.in +@@ -6,6 +6,6 @@ Name: @PROJECT_NAME@ + Description: @PKGCONFIG_PROJECT_DESCRIPTION@ + URL: @PKGCONFIG_PROJECT_HOMEPAGE_URL@ + Version: @PROJECT_VERSION@ +-Requires.private: mbedcrypto@PROJECT_VERSION_MAJOR@ ++Requires.private: mbedcrypto@VERSION_SUFFIX@ + Cflags: -I"${includedir}" +-Libs: -L"${libdir}" -lmbedx509@PROJECT_VERSION_MAJOR@ ++Libs: -L"${libdir}" -lmbedx509@VERSION_SUFFIX@ +-- +2.52.0 + diff --git a/net-libs/mbedtls/mbedtls-3.6.5.ebuild b/net-libs/mbedtls/mbedtls-3.6.5.ebuild new file mode 100644 index 000000000000..45ab914c3538 --- /dev/null +++ b/net-libs/mbedtls/mbedtls-3.6.5.ebuild @@ -0,0 +1,109 @@ +# Copyright 1999-2026 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..14} ) + +inherit cmake flag-o-matic multilib-minimal python-any-r1 + +DESCRIPTION="Cryptographic library for embedded systems" +HOMEPAGE="https://www.trustedfirmware.org/projects/mbed-tls/"; +SRC_URI="https://github.com/Mbed-TLS/mbedtls/releases/download/${P}/${P}.tar.bz2"; + +LICENSE="|| ( Apache-2.0 GPL-2+ )" +SLOT="3/16.21.7" # ffmpeg subslot naming: SONAME tuple of {libmbedcrypto.so,libmbedtls.so,libmbedx509.so} +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +IUSE="cpu_flags_x86_sse2 doc programs static-libs test threads" +RESTRICT="!test? ( test )" + +RDEPEND=" + programs? ( !net-libs/mbedtls:0[programs] ) +" +BDEPEND=" + ${PYTHON_DEPS} + doc? ( + app-text/doxygen + media-gfx/graphviz + ) + test? ( dev-lang/perl ) +" + +PATCHES=( + "${FILESDIR}/mbedtls-3.6.2-allow-install-headers-to-different-location.patch" + "${FILESDIR}/mbedtls-3.6.5-add-version-suffix-for-all-installable-targets.patch" + "${FILESDIR}/mbedtls-3.6.2-add-version-suffix-for-pkg-config-files.patch" + "${FILESDIR}/mbedtls-3.6.2-exclude-static-3dparty.patch" + "${FILESDIR}/mbedtls-3.6.5-slotted-version.patch" +) + +enable_mbedtls_option() { + local myopt="$@" + # check that config.h syntax is the same at version bump + sed -i \ + -e "s://#define ${myopt}:#define ${myopt}:" \ + include/mbedtls/mbedtls_config.h || die +} + +src_prepare() { + use cpu_flags_x86_sse2 && enable_mbedtls_option MBEDTLS_HAVE_SSE2 + use threads && enable_mbedtls_option MBEDTLS_THREADING_C + use threads && enable_mbedtls_option MBEDTLS_THREADING_PTHREAD + + sed -i -e "s:VERSION 3.5.1:VERSION 3.10:g" CMakeLists.txt || die + + cmake_src_prepare +} + +multilib_src_configure() { + local mycmakeargs=( + -DENABLE_PROGRAMS=$(multilib_native_usex programs) + -DENABLE_TESTING=$(usex test) + -DENABLE_SLOTTED_VERSION=ON + -DINSTALL_MBEDTLS_HEADERS=ON + -DCMAKE_INSTALL_INCLUDEDIR="include/mbedtls3" + -DLINK_WITH_PTHREAD=$(usex threads) + -DMBEDTLS_FATAL_WARNINGS=OFF # Don't use -Werror, #744946 + -DUSE_SHARED_MBEDTLS_LIBRARY=ON + -DUSE_STATIC_MBEDTLS_LIBRARY=$(usex static-libs) + ) + + cmake_src_configure +} + +multilib_src_compile() { + cmake_src_compile + use doc && multilib_is_native_abi && emake -C "${S}" apidoc +} + +multilib_src_test() { + # Disable parallel run, bug #718390 + # https://github.com/Mbed-TLS/mbedtls/issues/4980 + LD_LIBRARY_PATH="${LD_LIBRARY_PATH}:${BUILD_DIR}/library" \ + cmake_src_test -j1 +} + +multilib_src_install() { + cmake_src_install +} + +multilib_src_install_all() { + use doc && HTML_DOCS=( apidoc ) + + einstalldocs + + if use programs ; then + # avoid file collisions with sys-apps/coreutils + local p e + for p in "${ED}"/usr/bin/* ; do + if [[ -x "${p}" && ! -d "${p}" ]] ; then + mv "${p}" "${ED}"/usr/bin/mbedtls_${p##*/} || die + fi + done + for e in aes hash pkey ssl test ; do + docinto "${e}" + dodoc programs/"${e}"/*.c + dodoc programs/"${e}"/*.txt + done + fi +}
