commit: a9ee81cf0e4c6b4df223fff5732fba83a019e398 Author: Azamat H. Hackimov <azamat.hackimov <AT> gmail <DOT> com> AuthorDate: Mon Jan 29 17:47:16 2024 +0000 Commit: Yixun Lan <dlan <AT> gentoo <DOT> org> CommitDate: Wed Jan 31 09:35:52 2024 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a9ee81cf
net-libs/mbedtls: add 2.28.7, 3.5.2 Fixes CVE-2024-23170, CVE-2024-23775 issues. Bug: https://bugs.gentoo.org/923279 Signed-off-by: Azamat H. Hackimov <azamat.hackimov <AT> gmail.com> Signed-off-by: Yixun Lan <dlan <AT> gentoo.org> net-libs/mbedtls/Manifest | 2 + net-libs/mbedtls/mbedtls-2.28.7.ebuild | 104 +++++++++++++++++++++++++++++++++ net-libs/mbedtls/mbedtls-3.5.2.ebuild | 96 ++++++++++++++++++++++++++++++ net-libs/mbedtls/metadata.xml | 1 + 4 files changed, 203 insertions(+) diff --git a/net-libs/mbedtls/Manifest b/net-libs/mbedtls/Manifest index b522f14229b9..c68e577d2db6 100644 --- a/net-libs/mbedtls/Manifest +++ b/net-libs/mbedtls/Manifest @@ -1,3 +1,5 @@ DIST mbedtls-2.28.5.tar.gz 4005000 BLAKE2B 755287e1a1e0be5d193a8a184a9ae3ab2b6c216235657f7f2e422fe06226cd4c7d11811bcb53519018137e7ed838b241704c955872e28f133bb17a5f42222acb SHA512 339911d244b4e6e4d77b344c796f018d9ad4c56249530b8a56e0dc305ddf30bc709dca96a19c5a06710e92d167ef22893e9e17e20837e9daee0d0be00a8ccae9 DIST mbedtls-2.28.6.tar.gz 3988909 BLAKE2B d4991fce07ab5120340a7ea6b5eae6888e9568e6d93bb41e1a4b4cc6f7868489ad3542aef346dffc39212d543e3b2d08e7409c078d37a2f7d512e4afa7ca5b60 SHA512 1ce2cfe55b569c6332a462447f69ec1e349e23410afeda88f5f55037493cf145e1031f9a7c8fe080f346cfae98802a13258891376684e7491d171101cb302754 +DIST mbedtls-2.28.7.tar.gz 3990571 BLAKE2B 91a11d9d56fc058c3aef797e644c2c141cd70dc96716e75d9074de89717298a10c93e403a2fed9ae6f34c7549753a70d61b6602fbc21bc568c2e260d4f369f65 SHA512 1cf6722d60a49375f857c8d84f06dbb50ea08accaa12b329d75a93b959aef382410e7b6e0a1511407402b3eec5e2208eaf5e9fc2c8574ed0f8f44234bc4401b3 DIST mbedtls-3.5.1.tar.gz 5580943 BLAKE2B 67ff3e2bf69f507108ee20ddabd7257cb42475e143fc00c7dae5ac9356898cd4db6d8abc5e4995107cafc2dd4802b87b6b2edb888f10c52f34e85a49332c061b SHA512 bb36395f9d889f1e19ee6968d01ec96f974d543ea46cb3935aa86683918e31bf81f46d0d436bcda947c71d622286217bdf4c3afd82503008ac16728e1bdcfc7a +DIST mbedtls-3.5.2.tar.gz 5584711 BLAKE2B f1d0e7368ad156cc5cde4cd396ccaf3e1cacfda38f7d7ee89c908245944d22152d141928e8aeebd298437079e7fdb74207875e2f48ce3ef1a6f5fb8840b19df3 SHA512 99f4110d8410415982cb9b71994b069e4d2f89841decccc68b629250c7497c10d5e3ffe867c4ac1518ec7d6edd9703c38fd8afb6c238e9e0e7132def2b09b4e3 diff --git a/net-libs/mbedtls/mbedtls-2.28.7.ebuild b/net-libs/mbedtls/mbedtls-2.28.7.ebuild new file mode 100644 index 000000000000..f0133d22a389 --- /dev/null +++ b/net-libs/mbedtls/mbedtls-2.28.7.ebuild @@ -0,0 +1,104 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..12} ) + +inherit cmake multilib-minimal python-any-r1 + +DESCRIPTION="Cryptographic library for embedded systems" +HOMEPAGE="https://www.trustedfirmware.org/projects/mbed-tls/"; +SRC_URI="https://github.com/Mbed-TLS/mbedtls/archive/${P}.tar.gz"; +S="${WORKDIR}"/${PN}-${P} + +LICENSE="|| ( Apache-2.0 GPL-2+ )" +SLOT="0/7.14.1" # ffmpeg subslot naming: SONAME tuple of {libmbedcrypto.so,libmbedtls.so,libmbedx509.so} +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +IUSE="cmac cpu_flags_x86_sse2 doc havege programs static-libs test threads zlib" +RESTRICT="!test? ( test )" + +RDEPEND=" + zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] ) +" +DEPEND="${RDEPEND}" +BDEPEND=" + ${PYTHON_DEPS} + doc? ( + app-text/doxygen + media-gfx/graphviz + ) + test? ( dev-lang/perl ) +" + +enable_mbedtls_option() { + local myopt="$@" + # check that config.h syntax is the same at version bump + sed -i \ + -e "s://#define ${myopt}:#define ${myopt}:" \ + include/mbedtls/config.h || die +} + +src_prepare() { + use cmac && enable_mbedtls_option MBEDTLS_CMAC_C + use cpu_flags_x86_sse2 && enable_mbedtls_option MBEDTLS_HAVE_SSE2 + use zlib && enable_mbedtls_option MBEDTLS_ZLIB_SUPPORT + use havege && enable_mbedtls_option MBEDTLS_HAVEGE_C + use threads && enable_mbedtls_option MBEDTLS_THREADING_C + use threads && enable_mbedtls_option MBEDTLS_THREADING_PTHREAD + + cmake_src_prepare +} + +multilib_src_configure() { + local mycmakeargs=( + -DENABLE_PROGRAMS=$(multilib_native_usex programs) + -DENABLE_TESTING=$(usex test) + -DENABLE_ZLIB_SUPPORT=$(usex zlib) + -DINSTALL_MBEDTLS_HEADERS=ON + -DLIB_INSTALL_DIR="${EPREFIX}/usr/$(get_libdir)" + -DLINK_WITH_PTHREAD=$(usex threads) + -DMBEDTLS_FATAL_WARNINGS=OFF # Don't use -Werror, #744946 + -DUSE_SHARED_MBEDTLS_LIBRARY=ON + -DUSE_STATIC_MBEDTLS_LIBRARY=$(usex static-libs) + ) + + cmake_src_configure +} + +multilib_src_compile() { + cmake_src_compile + use doc && multilib_is_native_abi && emake -C "${S}" apidoc +} + +multilib_src_test() { + # Disable parallel run, bug #718390 + # https://github.com/Mbed-TLS/mbedtls/issues/4980 + LD_LIBRARY_PATH="${LD_LIBRARY_PATH}:${BUILD_DIR}/library" \ + cmake_src_test -j1 +} + +multilib_src_install() { + cmake_src_install +} + +multilib_src_install_all() { + use doc && HTML_DOCS=( apidoc ) + + einstalldocs + + if use programs ; then + # avoid file collisions with sys-apps/coreutils + local p e + for p in "${ED}"/usr/bin/* ; do + if [[ -x "${p}" && ! -d "${p}" ]] ; then + mv "${p}" "${ED}"/usr/bin/mbedtls_${p##*/} || die + fi + done + for e in aes hash pkey ssl test ; do + docinto "${e}" + dodoc programs/"${e}"/*.c + dodoc programs/"${e}"/*.txt + done + fi +} diff --git a/net-libs/mbedtls/mbedtls-3.5.2.ebuild b/net-libs/mbedtls/mbedtls-3.5.2.ebuild new file mode 100644 index 000000000000..963a8edbe27c --- /dev/null +++ b/net-libs/mbedtls/mbedtls-3.5.2.ebuild @@ -0,0 +1,96 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..12} ) + +inherit cmake multilib-minimal python-any-r1 + +DESCRIPTION="Cryptographic library for embedded systems" +HOMEPAGE="https://www.trustedfirmware.org/projects/mbed-tls/"; +SRC_URI="https://github.com/Mbed-TLS/mbedtls/archive/${P}.tar.gz"; +S="${WORKDIR}"/${PN}-${P} + +LICENSE="|| ( Apache-2.0 GPL-2+ )" +SLOT="0/15.20.6" # ffmpeg subslot naming: SONAME tuple of {libmbedcrypto.so,libmbedtls.so,libmbedx509.so} +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +IUSE="cpu_flags_x86_sse2 doc programs static-libs test threads" +RESTRICT="!test? ( test )" + +BDEPEND=" + ${PYTHON_DEPS} + doc? ( + app-text/doxygen + media-gfx/graphviz + ) + test? ( dev-lang/perl ) +" + +enable_mbedtls_option() { + local myopt="$@" + # check that config.h syntax is the same at version bump + sed -i \ + -e "s://#define ${myopt}:#define ${myopt}:" \ + include/mbedtls/mbedtls_config.h || die +} + +src_prepare() { + use cpu_flags_x86_sse2 && enable_mbedtls_option MBEDTLS_HAVE_SSE2 + use threads && enable_mbedtls_option MBEDTLS_THREADING_C + use threads && enable_mbedtls_option MBEDTLS_THREADING_PTHREAD + + cmake_src_prepare +} + +multilib_src_configure() { + local mycmakeargs=( + -DENABLE_PROGRAMS=$(multilib_native_usex programs) + -DENABLE_TESTING=$(usex test) + -DINSTALL_MBEDTLS_HEADERS=ON + -DLIB_INSTALL_DIR="${EPREFIX}/usr/$(get_libdir)" + -DLINK_WITH_PTHREAD=$(usex threads) + -DMBEDTLS_FATAL_WARNINGS=OFF # Don't use -Werror, #744946 + -DUSE_SHARED_MBEDTLS_LIBRARY=ON + -DUSE_STATIC_MBEDTLS_LIBRARY=$(usex static-libs) + ) + + cmake_src_configure +} + +multilib_src_compile() { + cmake_src_compile + use doc && multilib_is_native_abi && emake -C "${S}" apidoc +} + +multilib_src_test() { + # Disable parallel run, bug #718390 + # https://github.com/Mbed-TLS/mbedtls/issues/4980 + LD_LIBRARY_PATH="${LD_LIBRARY_PATH}:${BUILD_DIR}/library" \ + cmake_src_test -j1 +} + +multilib_src_install() { + cmake_src_install +} + +multilib_src_install_all() { + use doc && HTML_DOCS=( apidoc ) + + einstalldocs + + if use programs ; then + # avoid file collisions with sys-apps/coreutils + local p e + for p in "${ED}"/usr/bin/* ; do + if [[ -x "${p}" && ! -d "${p}" ]] ; then + mv "${p}" "${ED}"/usr/bin/mbedtls_${p##*/} || die + fi + done + for e in aes hash pkey ssl test ; do + docinto "${e}" + dodoc programs/"${e}"/*.c + dodoc programs/"${e}"/*.txt + done + fi +} diff --git a/net-libs/mbedtls/metadata.xml b/net-libs/mbedtls/metadata.xml index 1b3db4f9f537..83b4b19aa6eb 100644 --- a/net-libs/mbedtls/metadata.xml +++ b/net-libs/mbedtls/metadata.xml @@ -24,6 +24,7 @@ <flag name="programs">Build Mbed TLS programs</flag> </use> <upstream> + <remote-id type="cpe">cpe:/a:arm:mbed_tls</remote-id> <remote-id type="github">Mbed-TLS/mbedtls</remote-id> </upstream> </pkgmetadata>
