From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1513962-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id EF41F15ACFC
	for <garchives@archives.gentoo.org>; Mon,  1 May 2023 13:39:07 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 45A66E087C;
	Mon,  1 May 2023 13:39:07 +0000 (UTC)
Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 29F51E087C
	for <gentoo-commits@lists.gentoo.org>; Mon,  1 May 2023 13:39:07 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 16156341473
	for <gentoo-commits@lists.gentoo.org>; Mon,  1 May 2023 13:39:06 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id A43F5A40
	for <gentoo-commits@lists.gentoo.org>; Mon,  1 May 2023 13:39:04 +0000 (UTC)
From: "orbea" <orbea@riseup.net>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "orbea" <orbea@riseup.net>
Message-ID: <1682947680.88593f8e92b7005d723fd67c88592cfddedf9f35.orbea@gentoo>
Subject: [gentoo-commits] repo/proj/libressl:master commit in: dev-libs/libressl/, dev-libs/libressl/files/
X-VCS-Repository: repo/proj/libressl
X-VCS-Files: dev-libs/libressl/files/libressl-3.7.2-array-bounds.patch dev-libs/libressl/libressl-3.7.2-r2.ebuild
X-VCS-Directories: dev-libs/libressl/files/ dev-libs/libressl/
X-VCS-Committer: orbea
X-VCS-Committer-Name: orbea
X-VCS-Revision: 88593f8e92b7005d723fd67c88592cfddedf9f35
X-VCS-Branch: master
Date: Mon,  1 May 2023 13:39:04 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: 75c11d6e-6881-4608-85ad-39f023599aae
X-Archives-Hash: 27bce7b1dbd34f93d067af3b5356819c

commit:     88593f8e92b7005d723fd67c88592cfddedf9f35
Author:     orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Mon May  1 13:28:00 2023 +0000
Commit:     orbea <orbea <AT> riseup <DOT> net>
CommitDate: Mon May  1 13:28:00 2023 +0000
URL:        https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=88593f8e

dev-libs/libressl: silence QA notice

This is a false positive that triggers a Gentoo QA notice that is caused
by GCC's inability to see that OPENSSL_assert() will not return
because it is in a different library.

/var/tmp/portage/dev-libs/libressl-3.7.1/work/libressl-3.7.1/ssl/s3_cbc.c:529:9: warning: 'memcpy' forming offset 128 is out of the bounds [0, 128] of object 'hmac_pad' with type 'unsigned char[128]' [-Warray-bounds]

Signed-off-by: orbea <orbea <AT> riseup.net>

 .../files/libressl-3.7.2-array-bounds.patch        | 24 +++++++++
 dev-libs/libressl/libressl-3.7.2-r2.ebuild         | 61 ++++++++++++++++++++++
 2 files changed, 85 insertions(+)

diff --git a/dev-libs/libressl/files/libressl-3.7.2-array-bounds.patch b/dev-libs/libressl/files/libressl-3.7.2-array-bounds.patch
new file mode 100644
index 0000000..7ebdc33
--- /dev/null
+++ b/dev-libs/libressl/files/libressl-3.7.2-array-bounds.patch
@@ -0,0 +1,24 @@
+https://github.com/libressl/portable/issues/825
+
+--- a/include/openssl/crypto.h
++++ b/include/openssl/crypto.h
+@@ -132,6 +132,10 @@
+ extern "C" {
+ #endif
+ 
++#ifndef __dead
++#define __dead
++#endif
++
+ /* Backward compatibility to SSLeay */
+ /* This is more to be used to check the correct DLL is being used
+  * in the MS world. */
+@@ -488,7 +492,7 @@ typedef int *CRYPTO_MEM_LEAK_CB(unsigned long, const char *, int, int, void *);
+ int CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb);
+ 
+ /* die if we have to */
+-void OpenSSLDie(const char *file, int line, const char *assertion);
++__dead void OpenSSLDie(const char *file, int line, const char *assertion);
+ #define OPENSSL_assert(e)       (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))
+ 
+ uint64_t OPENSSL_cpu_caps(void);

diff --git a/dev-libs/libressl/libressl-3.7.2-r2.ebuild b/dev-libs/libressl/libressl-3.7.2-r2.ebuild
new file mode 100644
index 0000000..86de254
--- /dev/null
+++ b/dev-libs/libressl/libressl-3.7.2-r2.ebuild
@@ -0,0 +1,61 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit autotools multilib-minimal verify-sig
+
+DESCRIPTION="Free version of the SSL/TLS protocol forked from OpenSSL"
+HOMEPAGE="https://www.libressl.org/"
+SRC_URI="
+	https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/${P}.tar.gz
+	verify-sig? ( https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/${P}.tar.gz.asc )
+"
+
+LICENSE="ISC openssl"
+# Reflects ABI of libcrypto.so and libssl.so. Since these can differ,
+# we'll try to use the max of either. However, if either change between
+# versions, we have to change the subslot to trigger rebuild of consumers.
+SLOT="0/54"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="+asm static-libs test"
+RESTRICT="!test? ( test )"
+
+PDEPEND="app-misc/ca-certificates"
+BDEPEND="verify-sig? ( sec-keys/openpgp-keys-libressl )"
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/libressl.asc
+
+MULTILIB_WRAPPED_HEADERS=( /usr/include/openssl/opensslconf.h )
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-2.8.3-solaris10.patch
+	# Silences a Gentoo QA notice that is a false positive
+	# https://github.com/libressl/portable/issues/825
+	"${FILESDIR}"/${PN}-3.7.2-array-bounds.patch
+	# Gentoo's ssl-cert.eclass uses 'openssl genrsa -rand'
+	# which LibreSSL doesn't support.
+	# https://github.com/libressl/portable/issues/839
+	"${FILESDIR}"/${PN}-3.7.2-genrsa-rand.patch
+)
+
+src_prepare() {
+	default
+
+	eautoreconf
+}
+
+multilib_src_configure() {
+	local ECONF_SOURCE="${S}"
+	local args=(
+		$(use_enable asm)
+		$(use_enable static-libs static)
+		$(use_enable test tests)
+	)
+	econf "${args[@]}"
+}
+
+multilib_src_install_all() {
+	einstalldocs
+	find "${D}" -name '*.la' -exec rm -f {} + || die
+}