commit: c3d48d64103057105a8dde2d0e1617cd98c9480c Author: Sam James <sam <AT> gentoo <DOT> org> AuthorDate: Sun Jun 23 01:39:47 2024 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Sun Jun 23 01:49:04 2024 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c3d48d64
dev-libs/libgcrypt: add 1.11.0 Signed-off-by: Sam James <sam <AT> gentoo.org> dev-libs/libgcrypt/Manifest | 2 + .../libgcrypt/files/libgcrypt-1.11.0-s390x.patch | 59 +++++++ dev-libs/libgcrypt/libgcrypt-1.11.0.ebuild | 180 +++++++++++++++++++++ 3 files changed, 241 insertions(+) diff --git a/dev-libs/libgcrypt/Manifest b/dev-libs/libgcrypt/Manifest index 2bbd8c896934..8f6a1788ff24 100644 --- a/dev-libs/libgcrypt/Manifest +++ b/dev-libs/libgcrypt/Manifest @@ -2,3 +2,5 @@ DIST libgcrypt-1.10.2.tar.bz2 3795164 BLAKE2B c86b29648664aae3fb694b20ad258828d2 DIST libgcrypt-1.10.2.tar.bz2.sig 119 BLAKE2B 3753134a1ed1fd2bfd2c64f175c3745db02791359646b3f0229c80ce4ccedbb147ee889a6b8c4fe4bf7e9067d804ee18a8411cd347026cd1656ad1d4d5686bec SHA512 9350444a0bcfa49217815a831f2286ccea470311673257bd809eb5dedbe97d2a5543b0bc7fb752312df69adeb7ac5f064e433f2545a8bf3e494027986cd8020c DIST libgcrypt-1.10.3.tar.bz2 3783827 BLAKE2B 1a228e02820e886016eb55dee75936c4422a15fb4f95a2f9bcd1e4faac4015d4321c7c8d23f164eb08ece5d62935ab3b3d3104eabfdd22db997ab3e5689dfa6f SHA512 8a8d4c61a6622d8481ceb9edc88ec43f58da32e316f79f8d4775325a48f8936aaa9eb355923b39e2c267b784e9c390600daeb62e0c94f00e30bbadb0d8c0865d DIST libgcrypt-1.10.3.tar.bz2.sig 238 BLAKE2B 216baebca91b2e940f60d70a4260b6b6b8221ef88cfb42b020bc7b3743a465ef2cf105316648ed1e689cbbf7d79da421aa9f08b5af21c5b862734cf01f377214 SHA512 73795781a458c334ec6daade1b86ae8b788dd5da0b7198b46b8e54a103c5ec4c65a5dd7e6a9d173d136889f24e7f5721992f59117334f39bd1c8a94e3b55a048 +DIST libgcrypt-1.11.0.tar.bz2 4180345 BLAKE2B fe3f42480c0b9a0c50c24f4c54197404b4e1056d8baa9c0c07c671c9c05b90777580b4cbcde931b50ecb4dd93f5ddad89cea99aa36a35f86f796a003e3816f7d SHA512 8e093e69e3c45d30838625ca008e995556f0d5b272de1c003d44ef94633bcc0d0ef5d95e8725eb531bfafb4490ac273488633e0c801200d4666194f86c3e270e +DIST libgcrypt-1.11.0.tar.bz2.sig 119 BLAKE2B e64d59dae5556e2826f6d297988a3300c36d05aeecfe19544c5092b5f7b777b9b3f37c5ddcfcba5a916ae237cf981efdd9e3bdec482f7c36b12ac5c70f9d4c52 SHA512 8c5ceb50d70ccdedcc1ff4b31a65a07198567b85f582e3e67699cc3e5d012bebf7b1d4903652d11905a9cd845976ad7d3642474804777d0bdc46c6847d92fe38 diff --git a/dev-libs/libgcrypt/files/libgcrypt-1.11.0-s390x.patch b/dev-libs/libgcrypt/files/libgcrypt-1.11.0-s390x.patch new file mode 100644 index 000000000000..6d306423df51 --- /dev/null +++ b/dev-libs/libgcrypt/files/libgcrypt-1.11.0-s390x.patch @@ -0,0 +1,59 @@ +https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=2486d9b5ae015c1786cb84466a751da4bc0d7122 + +From 2486d9b5ae015c1786cb84466a751da4bc0d7122 Mon Sep 17 00:00:00 2001 +From: Jussi Kivilinna <jussi.kivili...@iki.fi> +Date: Thu, 20 Jun 2024 20:10:09 +0300 +Subject: [PATCH] Disable SHA3 s390x acceleration for CSHAKE + +* cipher/keccak.c (keccak_final_s390x): Add assert check for +expected SHAKE suffix. +(_gcry_cshake_customize, cshake_hash_buffers): Disable s390x +acceleration when selecting CSHAKE suffix. +-- + +Signed-off-by: Jussi Kivilinna <jussi.kivili...@iki.fi> +--- a/cipher/keccak.c ++++ b/cipher/keccak.c +@@ -745,6 +745,8 @@ keccak_final_s390x (void *context) + } + else + { ++ gcry_assert(ctx->suffix == SHAKE_DELIMITED_SUFFIX); ++ + klmd_shake_execute (ctx->kimd_func, &ctx->state, NULL, 0, ctx->buf, + ctx->count); + ctx->count = 0; +@@ -1497,9 +1499,14 @@ _gcry_cshake_customize (void *context, struct gcry_cshake_customization *p) + /* No customization */ + return 0; + ++ ctx->suffix = CSHAKE_DELIMITED_SUFFIX; ++#ifdef USE_S390X_CRYPTO ++ /* CSHAKE suffix is not supported by s390x/kimd. */ ++ ctx->kimd_func = 0; ++#endif ++ + len_written = cshake_input_n (ctx, p->n, p->n_len); + cshake_input_s (ctx, p->s, p->s_len, len_written); +- ctx->suffix = CSHAKE_DELIMITED_SUFFIX; + return 0; + } + +@@ -1536,9 +1543,14 @@ cshake_hash_buffers (const gcry_md_spec_t *spec, void *outbuf, size_t nbytes, + size_t s_len = iov[1].len; + size_t len; + ++ ctx.suffix = CSHAKE_DELIMITED_SUFFIX; ++#ifdef USE_S390X_CRYPTO ++ /* CSHAKE suffix is not supported by s390x/kimd. */ ++ ctx.kimd_func = 0; ++#endif ++ + len = cshake_input_n (&ctx, n, n_len); + cshake_input_s (&ctx, s, s_len, len); +- ctx.suffix = CSHAKE_DELIMITED_SUFFIX; + } + iovcnt -= 2; + iov += 2; +-- +2.30.2 diff --git a/dev-libs/libgcrypt/libgcrypt-1.11.0.ebuild b/dev-libs/libgcrypt/libgcrypt-1.11.0.ebuild new file mode 100644 index 000000000000..10b42d5ca451 --- /dev/null +++ b/dev-libs/libgcrypt/libgcrypt-1.11.0.ebuild @@ -0,0 +1,180 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/gnupg.asc +inherit autotools flag-o-matic linux-info multilib-minimal toolchain-funcs verify-sig + +DESCRIPTION="General purpose crypto library based on the code used in GnuPG" +HOMEPAGE="https://www.gnupg.org/"; +SRC_URI="mirror://gnupg/${PN}/${P}.tar.bz2" +SRC_URI+=" verify-sig? ( mirror://gnupg/${PN}/${P}.tar.bz2.sig )" + +LICENSE="LGPL-2.1+ GPL-2+ MIT" +SLOT="0/20" # subslot = soname major version +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" +IUSE="+asm doc +getentropy static-libs" +IUSE+=" cpu_flags_arm_neon cpu_flags_arm_aes cpu_flags_arm_sha1 cpu_flags_arm_sha2 cpu_flags_arm_sve" +IUSE+=" cpu_flags_ppc_altivec cpu_flags_ppc_vsx2 cpu_flags_ppc_vsx3" +IUSE+=" cpu_flags_x86_aes cpu_flags_x86_avx cpu_flags_x86_avx2 cpu_flags_x86_avx512f cpu_flags_x86_padlock cpu_flags_x86_sha cpu_flags_x86_sse4_1" + +# Build system only has --disable-arm-crypto-support right now +# If changing this, update src_configure logic too. +# ARM CPUs seem to, right now, support all-or-nothing for crypto extensions, +# but this looks like it might change in future. This is just a safety check +# in case people somehow do have a CPU which only supports some. They must +# for now disable them all if that's the case. +REQUIRED_USE=" + cpu_flags_arm_aes? ( cpu_flags_arm_sha1 cpu_flags_arm_sha2 ) + cpu_flags_arm_sha1? ( cpu_flags_arm_aes cpu_flags_arm_sha2 ) + cpu_flags_arm_sha2? ( cpu_flags_arm_aes cpu_flags_arm_sha1 ) + cpu_flags_ppc_vsx3? ( cpu_flags_ppc_altivec cpu_flags_ppc_vsx2 ) + cpu_flags_ppc_vsx2? ( cpu_flags_ppc_altivec ) +" + +RDEPEND=" + >=dev-libs/libgpg-error-1.49[${MULTILIB_USEDEP}] + getentropy? ( + kernel_linux? ( + elibc_glibc? ( >=sys-libs/glibc-2.25 ) + elibc_musl? ( >=sys-libs/musl-1.1.20 ) + ) + ) +" +DEPEND="${RDEPEND}" +BDEPEND=" + doc? ( virtual/texi2dvi ) + verify-sig? ( sec-keys/openpgp-keys-gnupg ) +" + +PATCHES=( + "${FILESDIR}"/${PN}-multilib-syspath.patch + "${FILESDIR}"/${PN}-powerpc-darwin.patch + "${FILESDIR}"/${P}-s390x.patch +) + +MULTILIB_CHOST_TOOLS=( + /usr/bin/libgcrypt-config +) + +pkg_pretend() { + if [[ ${MERGE_TYPE} == buildonly ]]; then + return + fi + if use kernel_linux && use getentropy; then + unset KV_FULL + get_running_version + if [[ -n ${KV_FULL} ]] && kernel_is -lt 3 17; then + eerror "The getentropy function requires the getrandom syscall." + eerror "This was introduced in Linux 3.17." + eerror "Your system is currently running Linux ${KV_FULL}." + eerror "Disable the 'getentropy' USE flag or upgrade your kernel." + die "Kernel is too old for getentropy" + fi + fi +} + +pkg_setup() { + : +} + +src_prepare() { + default + eautoreconf +} + +multilib_src_configure() { + if [[ ${CHOST} == *86*-solaris* ]] ; then + # ASM code uses GNU ELF syntax, divide in particular, we need to + # allow this via ASFLAGS, since we don't have a flag-o-matic + # function for that, we'll have to abuse cflags for this + append-cflags -Wa,--divide + fi + + if [[ ${CHOST} == powerpc* ]] ; then + # ./configure does a lot of automagic, prevent that + # generic ppc32+ppc64 altivec + use cpu_flags_ppc_altivec || local -x gcry_cv_cc_ppc_altivec=no + use cpu_flags_ppc_altivec || local -x gcry_cv_cc_ppc_altivec_cflags=no + # power8 vector extension, aka arch 2.07 ISA, also checked below via ppc-crypto-support + use cpu_flags_ppc_vsx2 || local -x gcry_cv_gcc_inline_asm_ppc_altivec=no + # power9 vector extension, aka arch 3.00 ISA + use cpu_flags_ppc_vsx3 || local -x gcry_cv_gcc_inline_asm_ppc_arch_3_00=no + fi + + # Workaround for GCC < 11.3 bug + # https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commitdiff;h=0b399721ce9709ae25f9d2050360c5ab2115ae29 + # https://dev.gnupg.org/T5581 + # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102124 + if use arm64 && tc-is-gcc && (($(gcc-major-version) == 11)) && + (($(gcc-minor-version) <= 2)) && (($(gcc-micro-version) == 0)) ; then + append-flags -fno-tree-loop-vectorize + fi + + append-ldflags $(test-flags-CCLD -Wl,--undefined-version) + + local myeconfargs=( + CC_FOR_BUILD="$(tc-getBUILD_CC)" + + --enable-noexecstack + $(use_enable cpu_flags_arm_neon neon-support) + # See REQUIRED_USE comment above + $(use_enable cpu_flags_arm_aes arm-crypto-support) + $(use_enable cpu_flags_arm_sve sve-support) + $(use_enable cpu_flags_ppc_vsx2 ppc-crypto-support) + $(use_enable cpu_flags_x86_aes aesni-support) + $(use_enable cpu_flags_x86_avx avx-support) + $(use_enable cpu_flags_x86_avx2 avx2-support) + $(use_enable cpu_flags_x86_avx512f avx512-support) + $(use_enable cpu_flags_x86_padlock padlock-support) + $(use_enable cpu_flags_x86_sha shaext-support) + $(use_enable cpu_flags_x86_sse4_1 sse41-support) + # required for sys-power/suspend[crypt], bug 751568 + $(use_enable static-libs static) + + # disabled due to various applications requiring privileges + # after libgcrypt drops them (bug #468616) + --without-capabilities + + # http://trac.videolan.org/vlc/ticket/620 + $([[ ${CHOST} == *86*-darwin* ]] && echo "--disable-asm") + + $(use asm || echo "--disable-asm") + + GPG_ERROR_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-gpg-error-config" + ) + + if use kernel_linux; then + # --enable-random=getentropy requires getentropy/getrandom. + # --enable-random=linux enables legacy code that tries getrandom + # and falls back to reading /dev/random. + myeconfargs+=( --enable-random=$(usex getentropy getentropy linux) ) + fi + + ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" \ + $("${S}/configure" --help | grep -o -- '--without-.*-prefix') +} + +multilib_src_compile() { + default + multilib_is_native_abi && use doc && VARTEXFONTS="${T}/fonts" emake -C doc gcrypt.pdf +} + +multilib_src_test() { + # t-secmem and t-sexp need mlock which requires extra privileges; nspawn + # at least disallows that by default. + local -x GCRYPT_IN_ASAN_TEST=1 + + default +} + +multilib_src_install() { + emake DESTDIR="${D}" install + multilib_is_native_abi && use doc && dodoc doc/gcrypt.pdf +} + +multilib_src_install_all() { + default + find "${ED}" -type f -name '*.la' -delete || die +}
