dev-libs/libgcrypt: add 1.11.0

Signed-off-by: Sam James <sam@gentoo.org>
author: Sam James <sam@gentoo.org> 2024-06-23 02:39:47 +0100
committer: Sam James <sam@gentoo.org> 2024-06-23 02:49:04 +0100
commit: c3d48d64103057105a8dde2d0e1617cd98c9480c (patch)
tree: 8cc5b81317565fece26f3cc7823d78e5f07a373f /dev-libs/libgcrypt
parent: app-crypt/gnupg: drop old patch (diff)
download: gentoo-c3d48d64103057105a8dde2d0e1617cd98c9480c.tar.gz
gentoo-c3d48d64103057105a8dde2d0e1617cd98c9480c.tar.bz2
gentoo-c3d48d64103057105a8dde2d0e1617cd98c9480c.zip
3 files changed, 241 insertions, 0 deletions
diff --git a/dev-libs/libgcrypt/Manifest b/dev-libs/libgcrypt/Manifest
index 2bbd8c896934..8f6a1788ff24 100644
--- a/dev-libs/libgcrypt/Manifest
+++ b/dev-libs/libgcrypt/Manifest
@@ -2,3 +2,5 @@ DIST libgcrypt-1.10.2.tar.bz2 3795164 BLAKE2B c86b29648664aae3fb694b20ad258828d2
 DIST libgcrypt-1.10.2.tar.bz2.sig 119 BLAKE2B 3753134a1ed1fd2bfd2c64f175c3745db02791359646b3f0229c80ce4ccedbb147ee889a6b8c4fe4bf7e9067d804ee18a8411cd347026cd1656ad1d4d5686bec SHA512 9350444a0bcfa49217815a831f2286ccea470311673257bd809eb5dedbe97d2a5543b0bc7fb752312df69adeb7ac5f064e433f2545a8bf3e494027986cd8020c
 DIST libgcrypt-1.10.3.tar.bz2 3783827 BLAKE2B 1a228e02820e886016eb55dee75936c4422a15fb4f95a2f9bcd1e4faac4015d4321c7c8d23f164eb08ece5d62935ab3b3d3104eabfdd22db997ab3e5689dfa6f SHA512 8a8d4c61a6622d8481ceb9edc88ec43f58da32e316f79f8d4775325a48f8936aaa9eb355923b39e2c267b784e9c390600daeb62e0c94f00e30bbadb0d8c0865d
 DIST libgcrypt-1.10.3.tar.bz2.sig 238 BLAKE2B 216baebca91b2e940f60d70a4260b6b6b8221ef88cfb42b020bc7b3743a465ef2cf105316648ed1e689cbbf7d79da421aa9f08b5af21c5b862734cf01f377214 SHA512 73795781a458c334ec6daade1b86ae8b788dd5da0b7198b46b8e54a103c5ec4c65a5dd7e6a9d173d136889f24e7f5721992f59117334f39bd1c8a94e3b55a048
+DIST libgcrypt-1.11.0.tar.bz2 4180345 BLAKE2B fe3f42480c0b9a0c50c24f4c54197404b4e1056d8baa9c0c07c671c9c05b90777580b4cbcde931b50ecb4dd93f5ddad89cea99aa36a35f86f796a003e3816f7d SHA512 8e093e69e3c45d30838625ca008e995556f0d5b272de1c003d44ef94633bcc0d0ef5d95e8725eb531bfafb4490ac273488633e0c801200d4666194f86c3e270e
+DIST libgcrypt-1.11.0.tar.bz2.sig 119 BLAKE2B e64d59dae5556e2826f6d297988a3300c36d05aeecfe19544c5092b5f7b777b9b3f37c5ddcfcba5a916ae237cf981efdd9e3bdec482f7c36b12ac5c70f9d4c52 SHA512 8c5ceb50d70ccdedcc1ff4b31a65a07198567b85f582e3e67699cc3e5d012bebf7b1d4903652d11905a9cd845976ad7d3642474804777d0bdc46c6847d92fe38
diff --git a/dev-libs/libgcrypt/files/libgcrypt-1.11.0-s390x.patch b/dev-libs/libgcrypt/files/libgcrypt-1.11.0-s390x.patch
new file mode 100644
index 000000000000..6d306423df51
--- /dev/null
+++ b/dev-libs/libgcrypt/files/libgcrypt-1.11.0-s390x.patch
@@ -0,0 +1,59 @@
+https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=2486d9b5ae015c1786cb84466a751da4bc0d7122
+
+From 2486d9b5ae015c1786cb84466a751da4bc0d7122 Mon Sep 17 00:00:00 2001
+From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
+Date: Thu, 20 Jun 2024 20:10:09 +0300
+Subject: [PATCH] Disable SHA3 s390x acceleration for CSHAKE
+
+* cipher/keccak.c (keccak_final_s390x): Add assert check for
+expected SHAKE suffix.
+(_gcry_cshake_customize, cshake_hash_buffers): Disable s390x
+acceleration when selecting CSHAKE suffix.
+--
+
+Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
+--- a/cipher/keccak.c
++++ b/cipher/keccak.c
+@@ -745,6 +745,8 @@ keccak_final_s390x (void *context)
+     }
+   else
+     {
++      gcry_assert(ctx->suffix == SHAKE_DELIMITED_SUFFIX);
++
+       klmd_shake_execute (ctx->kimd_func, &ctx->state, NULL, 0, ctx->buf,
+ 			  ctx->count);
+       ctx->count = 0;
+@@ -1497,9 +1499,14 @@ _gcry_cshake_customize (void *context, struct gcry_cshake_customization *p)
+     /* No customization */
+     return 0;
+ 
++  ctx->suffix = CSHAKE_DELIMITED_SUFFIX;
++#ifdef USE_S390X_CRYPTO
++  /* CSHAKE suffix is not supported by s390x/kimd. */
++  ctx->kimd_func = 0;
++#endif
++
+   len_written = cshake_input_n (ctx, p->n, p->n_len);
+   cshake_input_s (ctx, p->s, p->s_len, len_written);
+-  ctx->suffix = CSHAKE_DELIMITED_SUFFIX;
+   return 0;
+ }
+ 
+@@ -1536,9 +1543,14 @@ cshake_hash_buffers (const gcry_md_spec_t *spec, void *outbuf, size_t nbytes,
+           size_t s_len = iov[1].len;
+           size_t len;
+ 
++          ctx.suffix = CSHAKE_DELIMITED_SUFFIX;
++#ifdef USE_S390X_CRYPTO
++          /* CSHAKE suffix is not supported by s390x/kimd. */
++          ctx.kimd_func = 0;
++#endif
++
+           len = cshake_input_n (&ctx, n, n_len);
+           cshake_input_s (&ctx, s, s_len, len);
+-          ctx.suffix = CSHAKE_DELIMITED_SUFFIX;
+         }
+       iovcnt -= 2;
+       iov += 2;
+-- 
+2.30.2
diff --git a/dev-libs/libgcrypt/libgcrypt-1.11.0.ebuild b/dev-libs/libgcrypt/libgcrypt-1.11.0.ebuild
new file mode 100644
index 000000000000..10b42d5ca451
--- /dev/null
+++ b/dev-libs/libgcrypt/libgcrypt-1.11.0.ebuild
@@ -0,0 +1,180 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/gnupg.asc
+inherit autotools flag-o-matic linux-info multilib-minimal toolchain-funcs verify-sig
+
+DESCRIPTION="General purpose crypto library based on the code used in GnuPG"
+HOMEPAGE="https://www.gnupg.org/"
+SRC_URI="mirror://gnupg/${PN}/${P}.tar.bz2"
+SRC_URI+=" verify-sig? ( mirror://gnupg/${PN}/${P}.tar.bz2.sig )"
+
+LICENSE="LGPL-2.1+ GPL-2+ MIT"
+SLOT="0/20" # subslot = soname major version
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+IUSE="+asm doc +getentropy static-libs"
+IUSE+=" cpu_flags_arm_neon cpu_flags_arm_aes cpu_flags_arm_sha1 cpu_flags_arm_sha2 cpu_flags_arm_sve"
+IUSE+=" cpu_flags_ppc_altivec cpu_flags_ppc_vsx2 cpu_flags_ppc_vsx3"
+IUSE+=" cpu_flags_x86_aes cpu_flags_x86_avx cpu_flags_x86_avx2 cpu_flags_x86_avx512f cpu_flags_x86_padlock cpu_flags_x86_sha cpu_flags_x86_sse4_1"
+
+# Build system only has --disable-arm-crypto-support right now
+# If changing this, update src_configure logic too.
+# ARM CPUs seem to, right now, support all-or-nothing for crypto extensions,
+# but this looks like it might change in future. This is just a safety check
+# in case people somehow do have a CPU which only supports some. They must
+# for now disable them all if that's the case.
+REQUIRED_USE="
+	cpu_flags_arm_aes? ( cpu_flags_arm_sha1 cpu_flags_arm_sha2 )
+	cpu_flags_arm_sha1? ( cpu_flags_arm_aes cpu_flags_arm_sha2 )
+	cpu_flags_arm_sha2? ( cpu_flags_arm_aes cpu_flags_arm_sha1 )
+	cpu_flags_ppc_vsx3? ( cpu_flags_ppc_altivec cpu_flags_ppc_vsx2 )
+	cpu_flags_ppc_vsx2? ( cpu_flags_ppc_altivec )
+"
+
+RDEPEND="
+	>=dev-libs/libgpg-error-1.49[${MULTILIB_USEDEP}]
+	getentropy? (
+		kernel_linux? (
+			elibc_glibc? ( >=sys-libs/glibc-2.25 )
+			elibc_musl? ( >=sys-libs/musl-1.1.20 )
+		)
+	)
+"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	doc? ( virtual/texi2dvi )
+	verify-sig? ( sec-keys/openpgp-keys-gnupg )
+"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-multilib-syspath.patch
+	"${FILESDIR}"/${PN}-powerpc-darwin.patch
+	"${FILESDIR}"/${P}-s390x.patch
+)
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/libgcrypt-config
+)
+
+pkg_pretend() {
+	if [[ ${MERGE_TYPE} == buildonly ]]; then
+		return
+	fi
+	if use kernel_linux && use getentropy; then
+		unset KV_FULL
+		get_running_version
+		if [[ -n ${KV_FULL} ]] && kernel_is -lt 3 17; then
+			eerror "The getentropy function requires the getrandom syscall."
+			eerror "This was introduced in Linux 3.17."
+			eerror "Your system is currently running Linux ${KV_FULL}."
+			eerror "Disable the 'getentropy' USE flag or upgrade your kernel."
+			die "Kernel is too old for getentropy"
+		fi
+	fi
+}
+
+pkg_setup() {
+	:
+}
+
+src_prepare() {
+	default
+	eautoreconf
+}
+
+multilib_src_configure() {
+	if [[ ${CHOST} == *86*-solaris* ]] ; then
+		# ASM code uses GNU ELF syntax, divide in particular, we need to
+		# allow this via ASFLAGS, since we don't have a flag-o-matic
+		# function for that, we'll have to abuse cflags for this
+		append-cflags -Wa,--divide
+	fi
+
+	if [[ ${CHOST} == powerpc* ]] ; then
+		# ./configure does a lot of automagic, prevent that
+		# generic ppc32+ppc64 altivec
+		use cpu_flags_ppc_altivec || local -x gcry_cv_cc_ppc_altivec=no
+		use cpu_flags_ppc_altivec || local -x gcry_cv_cc_ppc_altivec_cflags=no
+		# power8 vector extension, aka arch 2.07 ISA, also checked below via ppc-crypto-support
+		use cpu_flags_ppc_vsx2 || local -x gcry_cv_gcc_inline_asm_ppc_altivec=no
+		# power9 vector extension, aka arch 3.00 ISA
+		use cpu_flags_ppc_vsx3 || local -x gcry_cv_gcc_inline_asm_ppc_arch_3_00=no
+	fi
+
+	# Workaround for GCC < 11.3 bug
+	# https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commitdiff;h=0b399721ce9709ae25f9d2050360c5ab2115ae29
+	# https://dev.gnupg.org/T5581
+	# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102124
+	if use arm64 && tc-is-gcc && (($(gcc-major-version) == 11)) &&
+		(($(gcc-minor-version) <= 2)) && (($(gcc-micro-version) == 0)) ; then
+		append-flags -fno-tree-loop-vectorize
+	fi
+
+	append-ldflags $(test-flags-CCLD -Wl,--undefined-version)
+
+	local myeconfargs=(
+		CC_FOR_BUILD="$(tc-getBUILD_CC)"
+
+		--enable-noexecstack
+		$(use_enable cpu_flags_arm_neon neon-support)
+		# See REQUIRED_USE comment above
+		$(use_enable cpu_flags_arm_aes arm-crypto-support)
+		$(use_enable cpu_flags_arm_sve sve-support)
+		$(use_enable cpu_flags_ppc_vsx2 ppc-crypto-support)
+		$(use_enable cpu_flags_x86_aes aesni-support)
+		$(use_enable cpu_flags_x86_avx avx-support)
+		$(use_enable cpu_flags_x86_avx2 avx2-support)
+		$(use_enable cpu_flags_x86_avx512f avx512-support)
+		$(use_enable cpu_flags_x86_padlock padlock-support)
+		$(use_enable cpu_flags_x86_sha shaext-support)
+		$(use_enable cpu_flags_x86_sse4_1 sse41-support)
+		# required for sys-power/suspend[crypt], bug 751568
+		$(use_enable static-libs static)
+
+		# disabled due to various applications requiring privileges
+		# after libgcrypt drops them (bug #468616)
+		--without-capabilities
+
+		# http://trac.videolan.org/vlc/ticket/620
+		$([[ ${CHOST} == *86*-darwin* ]] && echo "--disable-asm")
+
+		$(use asm || echo "--disable-asm")
+
+		GPG_ERROR_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-gpg-error-config"
+	)
+
+	if use kernel_linux; then
+		# --enable-random=getentropy requires getentropy/getrandom.
+		# --enable-random=linux enables legacy code that tries getrandom
+		# and falls back to reading /dev/random.
+		myeconfargs+=( --enable-random=$(usex getentropy getentropy linux) )
+	fi
+
+	ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" \
+		$("${S}/configure" --help | grep -o -- '--without-.*-prefix')
+}
+
+multilib_src_compile() {
+	default
+	multilib_is_native_abi && use doc && VARTEXFONTS="${T}/fonts" emake -C doc gcrypt.pdf
+}
+
+multilib_src_test() {
+	# t-secmem and t-sexp need mlock which requires extra privileges; nspawn
+	# at least disallows that by default.
+	local -x GCRYPT_IN_ASAN_TEST=1
+
+	default
+}
+
+multilib_src_install() {
+	emake DESTDIR="${D}" install
+	multilib_is_native_abi && use doc && dodoc doc/gcrypt.pdf
+}
+
+multilib_src_install_all() {
+	default
+	find "${ED}" -type f -name '*.la' -delete || die
+}
author	Sam James <sam@gentoo.org>	2024-06-23 02:39:47 +0100
committer	Sam James <sam@gentoo.org>	2024-06-23 02:49:04 +0100
commit	c3d48d64103057105a8dde2d0e1617cd98c9480c (patch)
tree	8cc5b81317565fece26f3cc7823d78e5f07a373f /dev-libs/libgcrypt
parent	app-crypt/gnupg: drop old patch (diff)
download	gentoo-c3d48d64103057105a8dde2d0e1617cd98c9480c.tar.gz gentoo-c3d48d64103057105a8dde2d0e1617cd98c9480c.tar.bz2 gentoo-c3d48d64103057105a8dde2d0e1617cd98c9480c.zip