I have been doing most of the work maintaining the gentoo libressl overlay. https://github.com/gentoo/libressl https://github.com/gentoo/libressl/graphs/contributors However this is problematic for several reasons. * There is a lot of wasted effort updating ebuilds with minor changes that need to be reapplied every time the ebuild changes. * Packages end up out of date without any good mechanism for noticing and a lot of duplicated effort keeping everything in sync. * Pull Requests end up neglected and not merged until they end up out of date while being problematic to anyone trying to use the overlay. While the developer merging PRs has been very much appreciated for helping, but I suspect they don't have as much interest in libressl as the users of the overlay. Can libressl be added back to gentoo to reduce all the wasted duplicated effort? As can be evidenced by the commit history I can help debug, report, fix or workaround any issues for packages that users care about as long as I am aware of the issue.
Perhaps something similar to app-alternatives could be used to not need a libressl USE flag everywhere that a ssl implementation is required and only have a USE flag where specific behavior is required?
revdeps need to rebuild on subslot change, how is that supposed to work with app-alternatives?
(or similar)
Yes. LibreSSL changes soversion quite often.
Also LibreSSL support often needs heavy patching => maintenance burden.
> revdeps need to rebuild on subslot change, how is that supposed to work with app-alternatives? I wasn't sure what the best way of handling this, currently the overlay has a dummy dev-libs/openssl package which is not ideal. However perhaps someone that knows gentoo infrastructure better would have a cleaner way of achieving similar? > Yes. LibreSSL changes soversion quite often This hasn't really been a problem in regards to the overlay, the changes are often trivial to fix and mostly includes removing old LIBRESSL_VERSION_NUMBER hacks. > Also LibreSSL support often needs heavy patching => maintenance burden. The maintenance burden is significantly higher when done as part of an out of tree overlay rather than being in the main Gentoo repository because of all the redundant and repeated work being done. Regardless I am willing to fix issues as much as I am able, especially if issues are reported. Since I do not have access to a tinderbox this mostly ends up with fixing things I build myself.
Anything that can be done to improve this situation in Gentoo would be greatly appreciated. I made this issue for LibreSSL recently concerning a build issue in net-libs/neon where I was given thanks for helping keeping upstreams working with LibreSSL. However without full support in Gentoo or anyone kindly providing a tinderbox and the associated bug reports my ability to find and work on issues is greatly hindered. My hardware is sadly not up to the task and Gentoo officially supporting it carries weight so any help would go a long way. https://github.com/libressl/portable/issues/832#issuecomment-1493094602
Speaking as a Gentoo developer and a member of the base-system team: We got rid of libressl because it has a large maintenance burden, and offers little to no benefit over openssl. It seems that neither of these things has changed, so I don't see why we would repeat the painful process of trying to support libressl in gentoo.git. I can sympathize that keeping an overlay going is perhaps an even greater burden, but I don't see an easy solution to that problem. Regarding tinderboxes, you might reach out to ago and toralf directly to see if they are willing to do some runs with the libressl overlay installed.
> We got rid of libressl because it has a large maintenance burden, and offers little to no benefit over openssl. It seems that neither of these things has changed, so I don't see why we would repeat the painful process of trying to support libressl in gentoo.git. Thanks for the reply, but I must strongly disagree with this assessment and I don't think the people who use libressl were ever included in these conversations. At the time Gentoo policies were preventing me from more openly contributing, but thankfully that no longer seems to the case. :) To name a few things: * Its important to have more than one viable ssl implementation since its such a crucial part of the system and users may have niche needs which may only be met by one of them. * OpenBSD has a good track record with security and having a ssl implementation that focuses on security is a good selling point for some. * OpenSSL has such an objectively terrible build system that I am personally uncomfortable trusting the quality of the rest of their code. Meanwhile OpenBSD has made improvements for their build system to make it easier for downstreams. For example the tests no longer depend upon USE=static. I understand that if no developers are interested it may be a burden, but I would hope my track record getting slibtool to mostly work on Gentoo as well as doing a lot of the work in keeping the overlay alive since libressl was removed would dissuade some of those concerns?
Compromise could be found if new EAPI included some way to create patch overlays, e.g. repositories that don't contain ebuild but only patches (similar to /etc/portage/patches).
(In reply to orbea from comment #9) > > We got rid of libressl because it has a large maintenance burden, and offers little to no benefit over openssl. It seems that neither of these things has changed, so I don't see why we would repeat the painful process of trying to support libressl in gentoo.git. > Right, I'm not sure what has changed (other than your interest/ability to contribute) since libressl was removed. > Thanks for the reply, but I must strongly disagree with this assessment and > I don't think the people who use libressl were ever included in these > conversations. At the time Gentoo policies were preventing me from more > openly contributing, but thankfully that no longer seems to the case. :) > It was an open discussion on the gentoo-dev ML (and also on IRC). It was a big thing at the time and it was even discussed on HN and friends. > To name a few things: > > * Its important to have more than one viable ssl implementation since its > such a crucial part of the system and users may have niche needs which may > only be met by one of them. We have gnutls and mbedtls and I'd be open to having bearssl as well. > * OpenBSD has a good track record with security and having a ssl > implementation that focuses on security is a good selling point for some. OpenBSD also has a track record of not really caring about what the Linux world does, which was and is the big problem. The key problem with LibreSSL was the lack of documentation/porting docs and in addition hostility from upstreams which meant we had to maintain defacto forks with often scarily-large patches (which we then couldn't keep up maintenance for, so versions lagged behind - exactly what happens in ::libressl now, even). I can see this getting worse than it is now if upstreams start to use OpenSSL 3 APIs, too. > * OpenSSL has such an objectively terrible build system that I am personally > uncomfortable trusting the quality of the rest of their code. Meanwhile > OpenBSD has made improvements for their build system to make it easier for > downstreams. For example the tests no longer depend upon USE=static. I'm glad they've started to care about what downstreams think. They didn't seem particularly interested before. > > I understand that if no developers are interested it may be a burden, but I > would hope my track record getting slibtool to mostly work on Gentoo as well > as doing a lot of the work in keeping the overlay alive since libressl was > removed would dissuade some of those concerns? Yes, that's really the only reason I care about finding a compromise here, given that. I think we should be able to give you ::libressl commit access now. (In reply to orbea from comment #0) > I have been doing most of the work maintaining the gentoo libressl overlay. > > https://github.com/gentoo/libressl > https://github.com/gentoo/libressl/graphs/contributors > > However this is problematic for several reasons. > > * There is a lot of wasted effort updating ebuilds with minor changes that > need to be reapplied every time the ebuild changes. > * Packages end up out of date without any good mechanism for noticing and a > lot of duplicated effort keeping everything in sync. I think it's a cheesy hack in lieu of a solution for overlays to provide their own patches/ dir, but you could possibly install things to /etc/portage/patches in an ebuild. Even if it wouldn't be acceptable in ::gentoo. > * Pull Requests end up neglected and not merged until they end up out of > date while being problematic to anyone trying to use the overlay. > That can be solved by giving you commit access to ::libessl, I think.
> Compromise could be found if new EAPI included some way to create patch overlays, > e.g. repositories that don't contain ebuild but only patches (similar to > /etc/portage/patches). This is a plausible improvement I have thought of too. However its not only patches, but some ebuilds need minor changes. > It was an open discussion on the gentoo-dev ML (and also on IRC). It was a big > thing at the time and it was even discussed on HN and friends. The common problem in these cases most of the people that complain do so privately so you will never hear about it, most people aren't as forward as I can be. You will see this same phenomena with systemd and rust. Although I did complain back then where I was largely ignored. One of the primary reasons I started to use Gentoo was for libressl, but it was removed shortly afterwards. > OpenBSD also has a track record of not really caring about what the Linux > world does, which was and is the big problem. The real problem was that distros that used libressl complained about OpenBSD not caring when they refused to report issues. When I have reported issues OpenBSD developers have been more receptive than I have been told they would be and have never been hostile. > The key problem with LibreSSL was the lack of documentation/porting docs and > in addition hostility from upstreams which meant we had to maintain defacto > forks with often scarily-large patches (which we then couldn't keep up maintenance > for, so versions lagged behind - exactly what happens in ::libressl now, even). While I have not tried giving larger projects like Qt any patches the reactions I have received have been mostly positive or neutral. The only reason ::libressl lags behind is because there isn't a tinderbox and I don't have the ability to find all the of the issues on my own. Keeping up with updating every ebuild for programs that aren't commonly used by libressl users is impossible without any supporting infrastructure. The packages people use seem to work. > I can see this getting worse than it is now if upstreams start to use OpenSSL 3 > APIs, too. This hasn't been an issue in practice yet, but maybe in the future? OpenBSD will have to deal with this too so I am not really worried. > I think we should be able to give you ::libressl commit access now. I would greatly appreciate anything that can make this easier, but just to be clear this is only one of the issues. The biggest issue in my opinion is how often duplicated work must be done to to add the existing patch and ebuild changes to new package versions or ebuild revisions, a lot of the time these never change. A good example are older python versions which update often, but where the libressl changes never do.
> We have gnutls and mbedtls and I'd be open to having bearssl as well. These all require for the project to explicitly support them instead of being advertised as a drop in replacement for OpenSSL?
Just to emphasis how much the current workflow is flawed here are 3 recent PRs from the libressl overlay. 1. net-nds/openldap: https://github.com/gentoo/libressl/pull/513 Several new openldap versions where the fix is a single exported variable in multilib_src_configure(), the fix has not changed since the last time the package was updated for the overlay. 2. dev-qt/qtnetwork: https://github.com/gentoo/libressl/pull/514 There have been no changes for this besides keyword changes which are very easy to miss. I have also received issue reports for this already via IRC. 3. net-misc/seafile-client: https://github.com/gentoo/libressl/pull/515 Again the same patch as before which disables a legacy code path which has not been needed by liberssl for some time now. I am unsure why it was removed from the overlay before this. I don't use any of these packages on this system and only have an unstable dev-qt/qtnetwork on my other system so these are not things I will notice breaking unless I actively look for it or if someone else informs me. There are probably a lot of packages like this which I can fix, but will become outdated as soon as Gentoo updates them where I have no mechanism to even be regularly informed of the changes. As a bonus I also updated dev-db/mysql-connector-c++ (https://github.com/gentoo/libressl/pull/511), but that resulted in a much cleaner patch so its fine. :)
A friend told me that they have a TS-100 Soldering Iron (32bit RISC-V) which is being used for PGP key storage, but OpenSSL will not build here while LibreSSL will. Yes, this does sound like a niche case...
I think it would be ok to apply backports of LibreSSL-compatibility patches in gentoo.git, so long as they have been accepted upstream. If upstream rejects the changes, so should Gentoo.
That would be very much appreciated and may help in some cases, but would this count for dev-lang/rust which fails because of a hardcoded version check in the openssl crate. While this is already fixed in the upstream openssl crate it will never work because rust itself rarely updates the crate and when they do its already out of date with the current libressl version. This leaves libressl users between a rock and a hard place.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=93d2cce2f2111f1c219587443a1b676ce2ff561c commit 93d2cce2f2111f1c219587443a1b676ce2ff561c Author: orbea <orbea@riseup.net> AuthorDate: 2023-04-16 19:14:33 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-04-26 03:46:27 +0000 net-vpn/tor: Add upstream libressl patch This patch was accepted upstream and fixes the build with libressl 3.5 and newer. [sam: As discussed, we're going to accept backports of LibreSSL fixes when merged upstream, as it's not really any hassle for us, and it makes life easier in overlays.] Bug: https://bugs.gentoo.org/903001 Upstream-Commit: https://gitlab.torproject.org/tpo/core/tor/-/commit/da52d7206a4a8e4fa8b5e80b5ed73de50fbe8692 Upstream-PR: https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/598 Signed-off-by: orbea <orbea@riseup.net> Closes: https://github.com/gentoo/gentoo/pull/30622 Signed-off-by: Sam James <sam@gentoo.org> net-vpn/tor/files/tor-0.4.7.13-libressl.patch | 161 ++++++++++++++++++++++++++ net-vpn/tor/tor-0.4.7.13-r1.ebuild | 1 + 2 files changed, 162 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=5443c47ba7bbf6a875fd5e5e02ae93d1a3f20128 commit 5443c47ba7bbf6a875fd5e5e02ae93d1a3f20128 Author: orbea <orbea@riseup.net> AuthorDate: 2023-04-26 15:25:20 +0000 Commit: orbea <orbea@riseup.net> CommitDate: 2023-04-26 15:25:32 +0000 net-vpn/tor: treeclean Bug: https://bugs.gentoo.org/903001 Upstream-PR: https://github.com/gentoo/gentoo/pull/30622 Upstream-Commit: https://github.com/gentoo/gentoo/commit/93d2cce2f2111f1c219587443a1b676ce2ff561c Signed-off-by: orbea <orbea@riseup.net> net-vpn/tor/Manifest | 3 - net-vpn/tor/files/README.gentoo | 8 -- net-vpn/tor/files/tor-0.2.7.4-torrc.sample.patch | 31 ----- net-vpn/tor/files/tor-0.4.6.7-libressl.patch | 123 -------------------- net-vpn/tor/files/tor.confd | 3 - net-vpn/tor/files/tor.initd-r9 | 37 ------ net-vpn/tor/files/tor.service | 38 ------- net-vpn/tor/files/torrc-r2 | 7 -- net-vpn/tor/metadata.xml | 17 --- net-vpn/tor/tor-0.4.7.13-r1.ebuild | 138 ----------------------- 10 files changed, 405 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b4d09bb5d767ebb39c3133c6456c018c74562e0e commit b4d09bb5d767ebb39c3133c6456c018c74562e0e Author: orbea <orbea@riseup.net> AuthorDate: 2023-04-26 16:00:23 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-04-28 00:48:09 +0000 sys-auth/pam_p11: Add upstream libressl patch This patch was accepted upstream and fixes the build with libressl >= 3.0.0. Bug: https://bugs.gentoo.org/903001 Upstream-PR: https://github.com/OpenSC/pam_p11/pull/26 Upstream-Commit: https://github.com/OpenSC/pam_p11/commit/cb2f0c318c94e30addfce3b432ed91496a43e411 Signed-off-by: orbea <orbea@riseup.net> Closes: https://github.com/gentoo/gentoo/pull/30771 Signed-off-by: Sam James <sam@gentoo.org> .../pam_p11/files/pam_p11-0.3.1-libressl.patch | 28 ++++++++++++++++++++++ sys-auth/pam_p11/pam_p11-0.3.1.ebuild | 6 ++++- 2 files changed, 33 insertions(+), 1 deletion(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cd2145a304808f254c2ae301598d57ac3f4fb62c commit cd2145a304808f254c2ae301598d57ac3f4fb62c Author: orbea <orbea@riseup.net> AuthorDate: 2023-04-28 00:38:42 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-04-28 00:49:01 +0000 www-servers/h2o: add upstream libressl patch These two patches were merged upstream and fix the build with newer libressl versions (>= 3.5). Bug: https://bugs.gentoo.org/903001 Upstream-PR: https://github.com/h2o/neverbleed/pull/51 Upstream-Commit: https://github.com/h2o/neverbleed/commit/e1005c16e11b2ca358c86df2a4226632a2992d55 Upstream-PR: https://github.com/h2o/h2o/pull/3214 Upstream-Commit: https://github.com/h2o/h2o/commit/83f89f2fe7c5399b88386a940b2a675742478aca Upstream-PR: https://github.com/h2o/h2o/pull/2062 Upstream-Commit: https://github.com/h2o/h2o/commit/e61e9c8296e894a479268d041985e65433c17e67 Signed-off-by: orbea <orbea@riseup.net> Closes: https://github.com/gentoo/gentoo/pull/30785 Signed-off-by: Sam James <sam@gentoo.org> www-servers/h2o/files/h2o-2.2-libressl.patch | 54 ++++++++++++++++++++++++++++ www-servers/h2o/h2o-2.2.6-r1.ebuild | 1 + 2 files changed, 55 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=67b46f0e699aa2c4d64f7566479cd3b19bc49f93 commit 67b46f0e699aa2c4d64f7566479cd3b19bc49f93 Author: orbea <orbea@riseup.net> AuthorDate: 2023-04-28 14:19:57 +0000 Commit: orbea <orbea@riseup.net> CommitDate: 2023-04-28 14:20:09 +0000 www-servers/h2o: treeclean Bug: https://bugs.gentoo.org/903001 Upstream-PR: https://github.com/gentoo/gentoo/pull/30785 Upstream-Commit: https://github.com/gentoo/gentoo/commit/cd2145a304808f254c2ae301598d57ac3f4fb62c Signed-off-by: orbea <orbea@riseup.net> www-servers/h2o/Manifest | 1 - www-servers/h2o/files/h2o-2.2-libressl-3.5.patch | 29 ------- www-servers/h2o/files/h2o-2.2-mruby.patch | 57 ------------ www-servers/h2o/files/h2o-2.2-ruby30.patch | 63 -------------- www-servers/h2o/files/h2o-2.3-mruby.patch | 70 --------------- www-servers/h2o/files/h2o.conf | 17 ---- www-servers/h2o/files/h2o.initd | 37 -------- www-servers/h2o/files/h2o.logrotate | 11 --- www-servers/h2o/files/h2o.service | 13 --- www-servers/h2o/h2o-2.2.6-r1.ebuild | 106 ----------------------- www-servers/h2o/metadata.xml | 20 ----- 11 files changed, 424 deletions(-) https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=f6bde674532180d010e3ddc66f42b4b612dacd32 commit f6bde674532180d010e3ddc66f42b4b612dacd32 Author: orbea <orbea@riseup.net> AuthorDate: 2023-04-28 14:17:49 +0000 Commit: orbea <orbea@riseup.net> CommitDate: 2023-04-28 14:17:59 +0000 sys-auth/pam_p11: treeclean Bug: https://bugs.gentoo.org/903001 Upstream-PR: https://github.com/gentoo/gentoo/pull/30771 Upstream-Commit: https://github.com/gentoo/gentoo/commit/b4d09bb5d767ebb39c3133c6456c018c74562e0e Signed-off-by: orbea <orbea@riseup.net> sys-auth/pam_p11/Manifest | 1 - .../pam_p11/files/pam_p11-0.3.1-libressl.patch | 15 --------- sys-auth/pam_p11/metadata.xml | 12 ------- sys-auth/pam_p11/pam_p11-0.3.1.ebuild | 37 ---------------------- 4 files changed, 65 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=31aac77f7d43a553ddd20a1ca65e1fa4aa74ecd8 commit 31aac77f7d43a553ddd20a1ca65e1fa4aa74ecd8 Author: orbea <orbea@riseup.net> AuthorDate: 2023-04-28 17:20:46 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2023-04-29 17:51:56 +0000 net-libs/libssh2: add upstream libressl patch This patch has been accepted upstream and fixes the build libressl >= 3.5.0. Bug: https://bugs.gentoo.org/903001 Upstream-PR: https://github.com/libssh2/libssh2/pull/700 Upstream-Commit: https://github.com/libssh2/libssh2/commit/b952674f120748174ed2c0fb93e7bd78cf355cac Signed-off-by: orbea <orbea@riseup.net> Closes: https://github.com/gentoo/gentoo/pull/30795 Signed-off-by: Michał Górny <mgorny@gentoo.org> .../libssh2/files/libssh2-1.10.0-libressl.patch | 33 ++++++++++++++++++++++ net-libs/libssh2/libssh2-1.10.0.ebuild | 6 +++- 2 files changed, 38 insertions(+), 1 deletion(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=8ec3c8187d7349c7939c0ce1820d2317ccde4521 commit 8ec3c8187d7349c7939c0ce1820d2317ccde4521 Author: orbea <orbea@riseup.net> AuthorDate: 2023-04-29 23:02:07 +0000 Commit: orbea <orbea@riseup.net> CommitDate: 2023-04-29 23:02:20 +0000 net-libs/libssh2: treeclean Bug: https://bugs.gentoo.org/903001 Upstream-PR: https://github.com/gentoo/gentoo/pull/30795 Upstream-Commit: https://github.com/gentoo/gentoo/commit/31aac77f7d43a553ddd20a1ca65e1fa4aa74ecd8 Signed-off-by: orbea <orbea@riseup.net> net-libs/libssh2/Manifest | 1 - .../libssh2/files/libssh2-1.8.0-mansyntax_sh.patch | 41 ---------------- net-libs/libssh2/libssh2-1.10.0.ebuild | 54 ---------------------- net-libs/libssh2/metadata.xml | 18 -------- 4 files changed, 114 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9088957da743bd19ba56a001852568916b5d393a commit 9088957da743bd19ba56a001852568916b5d393a Author: orbea <orbea@riseup.net> AuthorDate: 2023-04-28 16:36:57 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2023-05-01 08:05:29 +0000 dev-libs/efl: add upstream patch for libressl This patch was accepted upstream and fixed the build with libressl >= 3.5.0. Upstream-PR: https://git.enlightenment.org/enlightenment/efl/pulls/10 Upstream-Commit: https://git.enlightenment.org/enlightenment/efl/commit/bdd5b244e6a6161228f4a98210cefd9ef8a12e85 Upstream-Commit: https://git.enlightenment.org/enlightenment/efl/commit/0e22417f4579333a967fb5ce65ab339dfc066753 Bug: https://bugs.gentoo.org/903001 Closes: https://github.com/gentoo/gentoo/pull/30794 Signed-off-by: Joonas Niilola <juippis@gentoo.org> dev-libs/efl/efl-1.26.3-r1.ebuild | 4 + dev-libs/efl/files/efl-1.26.3-libressl.patch | 191 +++++++++++++++++++++++++++ 2 files changed, 195 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=cf35d3c15813620a15db9cda24c254907fd15f90 commit cf35d3c15813620a15db9cda24c254907fd15f90 Author: orbea <orbea@riseup.net> AuthorDate: 2023-05-01 13:58:42 +0000 Commit: orbea <orbea@riseup.net> CommitDate: 2023-05-01 13:58:42 +0000 dev-libs/efl: treeclean Bug: https://bugs.gentoo.org/903001 Upstream-PR: https://github.com/gentoo/gentoo/pull/30794 Upstream-Commit: https://github.com/gentoo/gentoo/commit/9088957da743bd19ba56a001852568916b5d393a Signed-off-by: orbea <orbea@riseup.net> dev-libs/efl/Manifest | 1 - dev-libs/efl/efl-1.26.3-r1.ebuild | 316 --------------------------- dev-libs/efl/files/efl-1.26.2-libressl.patch | 178 --------------- dev-libs/efl/metadata.xml | 36 --- 4 files changed, 531 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=339d581366252f59abd7b6a9fe06d4c5c08af0c2 commit 339d581366252f59abd7b6a9fe06d4c5c08af0c2 Author: orbea <orbea@riseup.net> AuthorDate: 2023-05-02 16:45:03 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-05-02 20:47:06 +0000 dev-libs/libevent: add upstream libressl patch This fixes the build with LibreSSL >= 3.5 when the BIO_get_init() function became available. Bug: https://bugs.gentoo.org/903001 Upstream-Issue: https://github.com/libevent/libevent/issues/1277 Upstream-PR: https://github.com/libevent/libevent/pull/1227 Upstream-Commit: https://github.com/libevent/libevent/commit/883630f76cbf512003b81de25cd96cb75c6cf0f9 Signed-off-by: orbea <orbea@riseup.net> Signed-off-by: Sam James <sam@gentoo.org> .../libevent/files/libevent-2.1.12-libressl.patch | 30 ++++++++++++++++++++++ dev-libs/libevent/libevent-2.1.12-r1.ebuild | 4 +++ 2 files changed, 34 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=c3a987fad184c563fe3cb055f38b0245a015c82d commit c3a987fad184c563fe3cb055f38b0245a015c82d Author: orbea <orbea@riseup.net> AuthorDate: 2023-05-03 13:26:34 +0000 Commit: orbea <orbea@riseup.net> CommitDate: 2023-05-03 13:26:34 +0000 dev-libs/libevent: treeclean Bug: https://bugs.gentoo.org/903001 Upstream-PR: https://github.com/gentoo/gentoo/pull/30840 Upstream-Commit: https://github.com/gentoo/gentoo/commit/339d581366252f59abd7b6a9fe06d4c5c08af0c2 Signed-off-by: orbea <orbea@riseup.net> dev-libs/libevent/Manifest | 1 - .../libevent/files/libevent-2.1.12-libressl.patch | 25 ------- dev-libs/libevent/libevent-2.1.12-r1.ebuild | 79 ---------------------- dev-libs/libevent/metadata.xml | 21 ------ 4 files changed, 126 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5e1f8f0cd8b644690bfe597374a549f87548ad00 commit 5e1f8f0cd8b644690bfe597374a549f87548ad00 Author: orbea <orbea@riseup.net> AuthorDate: 2023-05-04 20:08:49 +0000 Commit: Conrad Kostecki <conikost@gentoo.org> CommitDate: 2023-05-04 21:38:48 +0000 net-ftp/lftp: add upstream libressl patch This patch has been accepted upstream and fixes the build with LibreSSL >= 2.7.0. Bug: https://bugs.gentoo.org/903001 Upstream-PR: https://github.com/lavv17/lftp/pull/663 Uptream-Commit: https://github.com/lavv17/lftp/commit/3ffa0132987bdde986c82c924bc51b13b37f8b54 Signed-off-by: orbea <orbea@riseup.net> Closes: https://github.com/gentoo/gentoo/pull/30873 Signed-off-by: Conrad Kostecki <conikost@gentoo.org> net-ftp/lftp/files/lftp-4.9.2-libressl.patch | 38 ++++++++++++++++++++++++++++ net-ftp/lftp/lftp-4.9.2-r1.ebuild | 1 + 2 files changed, 39 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=4ecf4b099951d5fa61fe9747fd5c0bd8960794c8 commit 4ecf4b099951d5fa61fe9747fd5c0bd8960794c8 Author: orbea <orbea@riseup.net> AuthorDate: 2023-05-05 04:23:08 +0000 Commit: orbea <orbea@riseup.net> CommitDate: 2023-05-05 04:23:08 +0000 net-ftp/lftp: treeclean Bug: https://bugs.gentoo.org/903001 Upstream-PR: https://github.com/gentoo/gentoo/pull/30873 Upstream-Commit: https://github.com/gentoo/gentoo/commit/5e1f8f0cd8b644690bfe597374a549f87548ad00 Signed-off-by: orbea <orbea@riseup.net> net-ftp/lftp/Manifest | 1 - net-ftp/lftp/files/lftp-4.0.2.91-lafile.patch | 21 ---- .../lftp/files/lftp-4.5.5-am_config_header.patch | 11 --- net-ftp/lftp/files/lftp-4.7.0-gettext.patch | 11 --- .../lftp/files/lftp-4.7.5-libdir-additional.patch | 12 --- net-ftp/lftp/files/lftp-4.7.5-libdir-expat.patch | 11 --- .../lftp/files/lftp-4.8.2-libdir-configure.patch | 18 ---- net-ftp/lftp/files/lftp-4.8.2-libdir-libidn2.patch | 10 -- net-ftp/lftp/files/lftp-4.8.2-libdir-openssl.patch | 18 ---- net-ftp/lftp/files/lftp-4.8.2-libdir-zlib.patch | 20 ---- .../lftp/files/lftp-4.9.1-libdir-readline.patch | 11 --- net-ftp/lftp/files/lftp-4.9.2-ac-270.patch | 36 ------- .../lftp/files/lftp-4.9.2-configure-clang16.patch | 22 ----- net-ftp/lftp/files/lftp-4.9.2-libressl.patch | 76 --------------- net-ftp/lftp/lftp-4.9.2-r1.ebuild | 108 --------------------- net-ftp/lftp/metadata.xml | 12 --- 16 files changed, 398 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=99c73595289f56a343b84158a639a8115aa84220 commit 99c73595289f56a343b84158a639a8115aa84220 Author: orbea <orbea@riseup.net> AuthorDate: 2023-05-04 22:57:53 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-05-05 04:41:57 +0000 sys-cluster/keepalived: add upstream libressl patch This patch was accepted upstream and fixes the build with LibreSSL which doesn't yet have the SSL_set0_wbio() function and this is solved by adding a configure check. Bug: https://bugs.gentoo.org/903001 Upstream-PR: https://github.com/acassen/keepalived/pull/2124 Upstream-Commit: https://github.com/acassen/keepalived/commit/bbec15d4781670ac1be5e543cb04543f79200e69 Upstream-PR: https://github.com/acassen/keepalived/pull/2130 Upstream-Commit: https://github.com/acassen/keepalived/commit/5cb40301f5cd8fbedbb756cd3d838def7293e0bd Upstream-Issue: https://github.com/libressl/portable/issues/838 Signed-off-by: orbea <orbea@riseup.net> Signed-off-by: Sam James <sam@gentoo.org> .../files/keepalived-2.2.7-libressl.patch | 67 ++++++++++++++++++++++ sys-cluster/keepalived/keepalived-2.2.7.ebuild | 6 +- 2 files changed, 72 insertions(+), 1 deletion(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=fcf01c9ab5cd8287c16cae37ec22945eabbae785 commit fcf01c9ab5cd8287c16cae37ec22945eabbae785 Author: orbea <orbea@riseup.net> AuthorDate: 2023-05-06 00:54:59 +0000 Commit: orbea <orbea@riseup.net> CommitDate: 2023-05-06 00:54:59 +0000 sys-cluster/keepalived: treeclean Bug: https://bugs.gentoo.org/903001 Upstream-PR: https://github.com/gentoo/gentoo/pull/30876 Upstream-Commit: https://github.com/gentoo/gentoo/commit/99c73595289f56a343b84158a639a8115aa84220 Signed-off-by: orbea <orbea@riseup.net> sys-cluster/keepalived/Manifest | 2 - .../files/keepalived-2.2.7-libressl.patch | 23 ------ sys-cluster/keepalived/files/keepalived.confd-r1 | 3 - sys-cluster/keepalived/files/keepalived.init-r1 | 21 ------ sys-cluster/keepalived/files/keepalived.service | 13 ---- sys-cluster/keepalived/files/keepalived.service-r1 | 15 ---- .../keepalived/files/keepalived.service.conf | 2 - sys-cluster/keepalived/keepalived-2.2.7.ebuild | 84 ---------------------- sys-cluster/keepalived/metadata.xml | 16 ----- 9 files changed, 179 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4847bb69db4fb5ed8656b92267944934c41d186e commit 4847bb69db4fb5ed8656b92267944934c41d186e Author: orbea <orbea@riseup.net> AuthorDate: 2023-05-05 01:06:39 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-05-06 03:46:12 +0000 dev-perl/Net-SSLeay: add upstream libressl patches These patches are accepted upstream and fix the build with LibreSSL >= 3.5.0. Bug: https://bugs.gentoo.org/903001 Upstream-PR: https://github.com/radiator-software/p5-net-ssleay/pull/360 Upstream-Commit: https://github.com/radiator-software/p5-net-ssleay/commit/4a886e06c1cac80e7fb3f8d52146a27ce557ba8c Upstream-PR: https://github.com/radiator-software/p5-net-ssleay/pull/362 Upstream-Commit: https://github.com/radiator-software/p5-net-ssleay/commit/88c3bbc45399c8ef2c8879aada8bfa91d8bc6c10 Upstream-PR: https://github.com/radiator-software/p5-net-ssleay/pull/363 Upstream-Commit: https://github.com/radiator-software/p5-net-ssleay/commit/3dd2f101b8e15a59f66e22525b8d001d5ad6ce7d Signed-off-by: orbea <orbea@riseup.net> Closes: https://github.com/gentoo/gentoo/pull/30877 Signed-off-by: Sam James <sam@gentoo.org> dev-perl/Net-SSLeay/Net-SSLeay-1.920.0-r1.ebuild | 66 +++++++++++ .../files/Net-SSLeay-1.92-libressl.patch | 129 +++++++++++++++++++++ 2 files changed, 195 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3c567ba631c14b1605c441fba76cdaf65e05e828 commit 3c567ba631c14b1605c441fba76cdaf65e05e828 Author: orbea <orbea@riseup.net> AuthorDate: 2023-04-30 01:58:30 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-05-10 16:35:32 +0000 net-analyzer/ettercap: add upstream libressl patch This patch was accepted upstream and disables APIs not supported by LibreSSL <= 3.7.2. Bug: https://bugs.gentoo.org/903001 Bug: https://bugs.gentoo.org/736990 Upstream-Issue: https://github.com/Ettercap/ettercap/issues/1068 Upstream-PR: https://github.com/Ettercap/ettercap/pull/1069 Upstream-Commit: https://github.com/Ettercap/ettercap/commit/b2fc8e959dc71fdbaba08aecb1f157c914490a07 Signed-off-by: orbea <orbea@riseup.net> Closes: https://github.com/gentoo/gentoo/pull/30813 Signed-off-by: Sam James <sam@gentoo.org> net-analyzer/ettercap/ettercap-0.8.3.1-r3.ebuild | 1 + .../ettercap/files/ettercap-0.8.3.1-libressl.patch | 36 ++++++++++++++++++++++ 2 files changed, 37 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2a155bd2b730a6351625803877e5cdb3057bd5af commit 2a155bd2b730a6351625803877e5cdb3057bd5af Author: orbea <orbea@riseup.net> AuthorDate: 2023-05-01 02:48:07 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-05-10 16:35:24 +0000 net-libs/serf: add upstream libressl patch This patch was accepted upstream and disables the use of OPENSSL_malloc_init() when it is not available as is the case with LibreSSL. Additionally serf has changed greatly since the 1.3.9 release in 2016 and no longer uses OPENSSL_malloc_init() altogether in their current git commit (2899841) which has no build failures with LibreSSL 3.7.2. The build fix for the tests (Commit 6f689c72) was not backported since the tests are restricted in the ebuild. Bug: https://bugs.gentoo.org/903001 Upstream-Commit: https://github.com/apache/serf/commit/df0d2d0dbdf88576f26da9c71df3ab6249d351dc Signed-off-by: orbea <orbea@riseup.net> Closes: https://github.com/gentoo/gentoo/pull/30817 Signed-off-by: Sam James <sam@gentoo.org> net-libs/serf/files/serf-1.3.9-libressl.patch | 51 +++++++++++++++++++++++++++ net-libs/serf/serf-1.3.9-r3.ebuild | 1 + 2 files changed, 52 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6736b24818b00f95d55ca46ac02335bfc505e71f commit 6736b24818b00f95d55ca46ac02335bfc505e71f Author: orbea <orbea@riseup.net> AuthorDate: 2023-05-03 13:13:05 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-05-10 16:35:19 +0000 x11-misc/x11vnc: add upstream libressl patch This patch was accepted upstream and fixed the build with LibreSSL < 3.6 which doesn't have SSL_CTX_set_security_level() which is added in the also upstreamed x11vnc-0.9.16-anonymous-ssl.patch. The function is appropriately enabled for LibreSSL >= 3.6. Bug: https://bugs.gentoo.org/903001 Upstream-PR: https://github.com/LibVNC/x11vnc/pull/202 Upstream-Commit: https://github.com/LibVNC/x11vnc/commit/af63109a17f1b1ec8b1e332d215501f11c4a33a0 Upstream-PR: https://github.com/LibVNC/x11vnc/pull/224 Upstream-Commit: https://github.com/LibVNC/x11vnc/commit/354602cffa8edcbe813da6dfd051b96d94b3efbc Signed-off-by: orbea <orbea@riseup.net> Closes: https://github.com/gentoo/gentoo/pull/30856 Signed-off-by: Sam James <sam@gentoo.org> x11-misc/x11vnc/files/x11vnc-0.9.16-libressl.patch | 45 ++++++++++++++++++++++ x11-misc/x11vnc/x11vnc-0.9.16-r8.ebuild | 1 + 2 files changed, 46 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=1a3b9f8ddc8b919798838f62c90fc200b067a0a0 commit 1a3b9f8ddc8b919798838f62c90fc200b067a0a0 Author: orbea <orbea@riseup.net> AuthorDate: 2023-05-10 18:03:58 +0000 Commit: orbea <orbea@riseup.net> CommitDate: 2023-05-10 18:03:58 +0000 x11-misc/x11vnc: treeclean Bug: https://bugs.gentoo.org/903001 Upstream-PR: https://github.com/gentoo/gentoo/pull/30856 Upstream-Commit: https://github.com/gentoo/gentoo/commit/6736b24818b00f95d55ca46ac02335bfc505e71f Signed-off-by: orbea <orbea@riseup.net> x11-misc/x11vnc/Manifest | 1 - .../files/x11vnc-0.9.16-CVE-2020-29074.patch | 25 ------- .../x11vnc/files/x11vnc-0.9.16-anonymous-ssl.patch | 26 ------- x11-misc/x11vnc/files/x11vnc-0.9.16-crypto.patch | 23 ------- .../x11vnc/files/x11vnc-0.9.16-fno-common.patch | 45 ------------ ...1vnc-0.9.16-implicit-function-declaration.patch | 26 ------- x11-misc/x11vnc/files/x11vnc-0.9.16-libressl.patch | 25 ------- x11-misc/x11vnc/files/x11vnc.conf.d | 37 ---------- x11-misc/x11vnc/files/x11vnc.init.d-r1 | 70 ------------------- x11-misc/x11vnc/metadata.xml | 26 ------- x11-misc/x11vnc/x11vnc-0.9.16-r8.ebuild | 80 ---------------------- 11 files changed, 384 deletions(-) https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=5c0fdb288dd54467663a7e4f21e513fea12fd44e commit 5c0fdb288dd54467663a7e4f21e513fea12fd44e Author: orbea <orbea@riseup.net> AuthorDate: 2023-05-10 18:03:11 +0000 Commit: orbea <orbea@riseup.net> CommitDate: 2023-05-10 18:03:11 +0000 net-libs/serf: treeclean Bug: https://bugs.gentoo.org/903001 Upstream-PR: https://github.com/gentoo/gentoo/pull/30817 Upstream-Commit: https://github.com/gentoo/gentoo/commit/2a155bd2b730a6351625803877e5cdb3057bd5af Signed-off-by: orbea <orbea@riseup.net> net-libs/serf/Manifest | 1 - net-libs/serf/files/serf-1.3.8-openssl.patch | 28 -------- net-libs/serf/files/serf-1.3.8-static-lib.patch | 49 ------------- net-libs/serf/files/serf-1.3.9-libressl.patch | 13 ---- .../serf/files/serf-1.3.9-openssl-3-bio-ctrl.patch | 22 ------ .../files/serf-1.3.9-openssl-3-errgetfunc.patch | 15 ---- net-libs/serf/files/serf-1.3.9-python3-check.patch | 74 -------------------- net-libs/serf/files/serf-1.3.9-python3.patch | 28 -------- net-libs/serf/files/serf-1.3.9-python3_byte.patch | 28 -------- net-libs/serf/metadata.xml | 15 ---- net-libs/serf/serf-1.3.9-r3.ebuild | 81 ---------------------- 11 files changed, 354 deletions(-) https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=b8c2efc6d2dfcf0eb6f334050131e8de5f096c9d commit b8c2efc6d2dfcf0eb6f334050131e8de5f096c9d Author: orbea <orbea@riseup.net> AuthorDate: 2023-05-10 18:02:15 +0000 Commit: orbea <orbea@riseup.net> CommitDate: 2023-05-10 18:02:15 +0000 net-analyzer/ettercap: treeclean Bug: https://bugs.gentoo.org/903001 Upstream-PR: https://github.com/gentoo/gentoo/pull/30813 Upstream-Commit: https://github.com/gentoo/gentoo/commit/3c567ba631c14b1605c441fba76cdaf65e05e828 Signed-off-by: orbea <orbea@riseup.net> net-analyzer/ettercap/Manifest | 1 - net-analyzer/ettercap/ettercap-0.8.3.1-r3.ebuild | 87 ---------------------- .../ettercap/files/ettercap-0.8.3.1-curl-8.patch | 32 -------- .../ettercap/files/ettercap-0.8.3.1-libressl.patch | 37 --------- .../ettercap/files/ettercap-0.8.3.1-musl.patch | 39 ---------- net-analyzer/ettercap/metadata.xml | 22 ------ 6 files changed, 218 deletions(-)
Most of the first pass of upstreamed patches has been merged into ::gentoo which allowing removing 11 packaged from the ::libresssl overlay (12 if counting dev-libs/libp11 which fixed itself). Additionally there are 8 more upstreamable patches that are waiting for upstream attention: app/crypt/trousers (Dead upstream?) https://sourceforge.net/p/trousers/trousers/merge-requests/2/ app-pda/libimobiuledevice https://github.com/libimobiledevice/libimobiledevice/pull/1432 dev-db/mysql-connector-c++ https://bugs.mysql.com/bug.php?id=110784 kde-frameworks/kdelibs4support https://invent.kde.org/frameworks/kdelibs4support/-/merge_requests/2 net-analyzer/nmap https://github.com/nmap/nmap/pull/2485 net-misc/seafile-client https://github.com/haiwen/seafile-client/pull/1452 net-nds/openldap https://git.openldap.org/openldap/openldap/-/merge_requests/613 www-client/netsurf https://bugs.netsurf-browser.org/mantis/view.php?id=2855 And 4 which are fixed in newer versions already available in ::gentoo: app-text/mupdf > 1.19.1 dev-lang/ruby >= 3.2 dev-perl/Net-SSLeay >= 1.920.0-r1 mail-filter/imapfilter > 2.7.5 The 4 which seem rejected upstream (At least for now) are: dev-lang/python dev-python/urllib3 (Bogus requirement for openssl easily patched) dev-qt/{qtbase,qtnetwork} net-dialup/freeradius And the 3 which are known to be broken in ways that can't be easily resolved: dev-python/pypy3 mail-mta/postfix net-libs/nodejs (USE=-system-ssl works) That leaves 7 known packages which have patches and/or issues that may be accepted upstream with some effort and 4 packages that only need ebuild changes (OpenSMTPD only needs to change the openssl version requirement). As well of course any package which vendors the openssl-sys crate which strictly checks the libressl version and is often out of date.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b6788868d80c10a3a37bb3cd6f24cbe3f45284e6 commit b6788868d80c10a3a37bb3cd6f24cbe3f45284e6 Author: orbea <orbea@riseup.net> AuthorDate: 2023-05-16 00:43:47 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-05-30 21:55:50 +0000 net-nds/openldap: add upstream libressl patch This patch was merged upstream and fixes the configure with LibreSSL. The configure script checks for SSL_export_keying_material_early() which LibreSSL doesn't support, but OpenLDAP doesn't actually use this function and only does this to ensure modern OpenSSL APIs are available. As a compromise the configure script now checks for the SSL_CTX_set_ciohersuites() function which both OpenSSL and LibreSSL support and where currently the rest of the OpenLDAP build and tests otherwise work with LibreSSL 3.7.2. Bug: https://bugs.gentoo.org/903001 Upstream-Issue: https://bugs.openldap.org/show_bug.cgi?id=10039 Upstream-PR: https://git.openldap.org/openldap/openldap/-/merge_requests/613 Upstream-Commit: https://git.openldap.org/openldap/openldap/-/commit/cb73e60a49f85bf5207b2fd0f557013be29ac072 Signed-off-by: orbea <orbea@riseup.net> Closes: https://github.com/gentoo/gentoo/pull/31050 Signed-off-by: Sam James <sam@gentoo.org> .../openldap/files/openldap-2.6.4-libressl.patch | 38 ++++++++++++++++++++++ net-nds/openldap/openldap-2.5.14.ebuild | 1 + net-nds/openldap/openldap-2.6.4-r1.ebuild | 1 + 3 files changed, 40 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=5618306d3a44865261cf929c5760669611c67502 commit 5618306d3a44865261cf929c5760669611c67502 Author: orbea <orbea@riseup.net> AuthorDate: 2023-05-31 13:06:35 +0000 Commit: orbea <orbea@riseup.net> CommitDate: 2023-05-31 13:06:35 +0000 net-nds/openldap: drop 2.5.14, 2.6.4-r1 Bug: https://bugs.gentoo.org/903001 Upstream-PR: https://github.com/gentoo/gentoo/pull/31050 Signed-off-by: orbea <orbea@riseup.net> net-nds/openldap/Manifest | 2 - net-nds/openldap/openldap-2.5.14.ebuild | 866 ----------------------------- net-nds/openldap/openldap-2.6.4-r1.ebuild | 867 ------------------------------ 3 files changed, 1735 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=59879db8e97318941bd2da04d53878cf04c47202 commit 59879db8e97318941bd2da04d53878cf04c47202 Author: orbea <orbea@riseup.net> AuthorDate: 2023-05-30 14:18:21 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2023-06-03 13:07:10 +0000 net-libs/neon: add upstream patches This fixes POSIX compliance in the tests and fixes the build with LibreSSL. Closes: https://bugs.gentoo.org/832851 Upstream-PR: https://github.com/notroj/neon/pull/115 Upstream-Commit: https://github.com/notroj/neon/commit/e02ead4d990e49c912ef053c46b55713685119ee Bug: https://bugs.gentoo.org/903001 Upstream-PR: https://github.com/notroj/neon/pull/113 Upstream-Commit: https://github.com/notroj/neon/commit/18e868e4449cd46d494944ced798f9dcd01f65c5 Upstream-PR: https://github.com/notroj/neon/pull/116 Upstream-Commit: https://github.com/notroj/neon/commit/231a1d3f3f427b823753dc2e53adcf9cafda619b Upstream-PR: https://github.com/notroj/neon/pull/118 Upstream-Commit: https://github.com/notroj/neon/commit/6f98a9c9bdd76fb3d367e3b01bcc45bea574c3d1 Signed-off-by: orbea <orbea@riseup.net> Closes: https://github.com/gentoo/gentoo/pull/31230 Signed-off-by: Joonas Niilola <juippis@gentoo.org> net-libs/neon/files/neon-0.32.4-dash.patch | 43 ++++++++++++++++++ net-libs/neon/files/neon-0.32.4-libressl.patch | 61 ++++++++++++++++++++++++++ net-libs/neon/neon-0.32.4.ebuild | 7 ++- 3 files changed, 110 insertions(+), 1 deletion(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a9511d3124e41b1af1cf9d953d9866e3e1e2ee05 commit a9511d3124e41b1af1cf9d953d9866e3e1e2ee05 Author: orbea <orbea@riseup.net> AuthorDate: 2023-06-05 05:32:20 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-06-05 05:39:06 +0000 net-libs/neon: apply patches Fixes: https://github.com/gentoo/gentoo/commit/59879db8e97318941bd2da04d53878cf04c47202 Bug: https://bugs.gentoo.org/832851 Bug: https://bugs.gentoo.org/903001 Signed-off-by: orbea <orbea@riseup.net> Closes: https://github.com/gentoo/gentoo/pull/31313 Signed-off-by: Sam James <sam@gentoo.org> net-libs/neon/{neon-0.32.4.ebuild => neon-0.32.4-r1.ebuild} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3892b973f9dabb5a5f0cd304d96475223ccbc34d commit 3892b973f9dabb5a5f0cd304d96475223ccbc34d Author: orbea <orbea@riseup.net> AuthorDate: 2023-05-31 14:16:46 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-06-07 16:19:10 +0000 net-vpn/tor: update upstream libressl patch With LibreSSL 3.8.0 some functions which have been deprecated in OpenSSL 3.0 were removed for security reasons. This patch which was accepted upstream by Tor disables some code that uses one of these functions with the newer LibreSSL 3.8.0 version. Bug: https://bugs.gentoo.org/903001 Upstream-PR: https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/713 Upstream-Commit: https://gitlab.torproject.org/tpo/core/tor/-/commit/9850dc59c0db5cbcadc314be8d324a992880fce1 Signed-off-by: orbea <orbea@riseup.net> Closes: https://github.com/gentoo/gentoo/pull/31245 Signed-off-by: Sam James <sam@gentoo.org> net-vpn/tor/files/tor-0.4.7.13-libressl.patch | 41 +++++++++++++++++++++++++++ 1 file changed, 41 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=d0e8bf62d8a2e88190fb47d62f1183b5cb26c4e4 commit d0e8bf62d8a2e88190fb47d62f1183b5cb26c4e4 Author: orbea <orbea@riseup.net> AuthorDate: 2023-06-08 18:03:14 +0000 Commit: orbea <orbea@riseup.net> CommitDate: 2023-06-08 18:03:14 +0000 net-libs/neon: treeclean Bug: https://bugs.gentoo.org/903001 Upstream-PR: https://github.com/gentoo/gentoo/pull/31230 Upstream-Commit: https://github.com/gentoo/gentoo/commit/59879db8e97318941bd2da04d53878cf04c47202 Upstream-PR: https://github.com/gentoo/gentoo/pull/31313 Upstream-Commit: https://github.com/gentoo/gentoo/commit/a9511d3124e41b1af1cf9d953d9866e3e1e2ee05 Signed-off-by: orbea <orbea@riseup.net> net-libs/neon/Manifest | 1 - net-libs/neon/files/neon-0.32.4-libressl.patch | 36 -------- net-libs/neon/metadata.xml | 25 ------ net-libs/neon/neon-0.32.4.ebuild | 109 ------------------------- 4 files changed, 171 deletions(-) https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=5f8a96e69bc21d634ec745e34c725955d870ccfe commit 5f8a96e69bc21d634ec745e34c725955d870ccfe Author: orbea <orbea@riseup.net> AuthorDate: 2023-06-08 18:01:53 +0000 Commit: orbea <orbea@riseup.net> CommitDate: 2023-06-08 18:01:53 +0000 net-vpn/tor: treeclean Bug: https://bugs.gentoo.org/903001 Upstream-PR: https://github.com/gentoo/gentoo/pull/31245 Upstream-Commit: https://github.com/gentoo/gentoo/commit/3892b973f9dabb5a5f0cd304d96475223ccbc34d Signed-off-by: orbea <orbea@riseup.net> net-vpn/tor/Manifest | 3 - net-vpn/tor/files/README.gentoo | 8 - net-vpn/tor/files/tor-0.2.7.4-torrc.sample.patch | 31 ---- .../tor/files/tor-0.4.7.13-libressl-3.8.0.patch | 27 ---- net-vpn/tor/files/tor-0.4.7.13-libressl.patch | 161 --------------------- net-vpn/tor/files/tor.confd | 3 - net-vpn/tor/files/tor.initd-r9 | 37 ----- net-vpn/tor/files/tor.service | 38 ----- net-vpn/tor/files/torrc-r2 | 7 - net-vpn/tor/metadata.xml | 17 --- net-vpn/tor/tor-0.4.7.13-r1.ebuild | 150 ------------------- 11 files changed, 482 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e1e2b092d919a5303afac98fb77f9bc809229e13 commit e1e2b092d919a5303afac98fb77f9bc809229e13 Author: orbea <orbea@riseup.net> AuthorDate: 2023-05-31 14:29:27 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-06-14 06:07:16 +0000 dev-libs/xmlsec: add upstream libressl patches These patches add compatiblity for LibreSSL. Bug: https://bugs.gentoo.org/903001 Upstream-PR: https://github.com/lsh123/xmlsec/pull/456 Upstream-Commit: https://github.com/lsh123/xmlsec/commit/c5469cfc8443c57a25a8783f0bd669f71e29bb04 Upstream-PR: https://github.com/lsh123/xmlsec/pull/654 Upstream-Commit: https://github.com/lsh123/xmlsec/commit/dfdf981f3522e4059170b504fb6fd40b37c9d70f Upstream-Issue: https://github.com/lsh123/xmlsec/issues/665 Upstream-PR: https://github.com/lsh123/xmlsec/pull/666 Upstream-Commit: https://github.com/lsh123/xmlsec/commit/1ee1754c5ab8f0071adbde92d3a007729df7c5a7 Upstream-PR: https://github.com/lsh123/xmlsec/pull/667 Upstream-Commit: https://github.com/lsh123/xmlsec/commit/c9b0dcd01af1ecaed828269b734861cb93edeae3 Signed-off-by: orbea <orbea@riseup.net> Closes: https://github.com/gentoo/gentoo/pull/31246 Signed-off-by: Sam James <sam@gentoo.org> dev-libs/xmlsec/files/xmlsec-1.2.37-libressl.patch | 40 +++++++++++++ dev-libs/xmlsec/xmlsec-1.2.37-r1.ebuild | 66 ++++++++++++++++++++++ 2 files changed, 106 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2cd8bce8727c9b68b8cbb3aa5fb6f2528a4db6d9 commit 2cd8bce8727c9b68b8cbb3aa5fb6f2528a4db6d9 Author: orbea <orbea@riseup.net> AuthorDate: 2023-06-12 23:04:39 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-06-20 14:03:55 +0000 dev-perl/Net-SSLeay: update libressl patch The patch is updated with a fix for >= libressl 3.8.0 that was accepted upstream. Bug: https://bugs.gentoo.org/903001 Upstream-PR: https://github.com/radiator-software/p5-net-ssleay/pull/434 Upstream-PR: https://github.com/radiator-software/p5-net-ssleay/pull/435 Upstream-Commit: https://github.com/radiator-software/p5-net-ssleay/commit/fe9e49d220fa424c55fc436303b24f5bddae0b8d Signed-off-by: orbea <orbea@riseup.net> Closes: https://github.com/gentoo/gentoo/pull/31406 Signed-off-by: Sam James <sam@gentoo.org> .../files/Net-SSLeay-1.92-libressl.patch | 45 ++++++++++++++++++---- 1 file changed, 37 insertions(+), 8 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=5a337f3015ff9536fd47d18da4e1c8ab70823382 commit 5a337f3015ff9536fd47d18da4e1c8ab70823382 Author: orbea <orbea@riseup.net> AuthorDate: 2023-06-21 13:20:07 +0000 Commit: orbea <orbea@riseup.net> CommitDate: 2023-06-21 13:20:15 +0000 dev-perl/Net-SSLeay: drop 1.920.0-r1 Bug: https://bugs.gentoo.org/903001 Upstream-PR: https://github.com/gentoo/gentoo/pull/31406 Upstream-Commit: https://github.com/gentoo/gentoo/commit/2cd8bce8727c9b68b8cbb3aa5fb6f2528a4db6d9 Signed-off-by: orbea <orbea@riseup.net> dev-perl/Net-SSLeay/Net-SSLeay-1.920.0-r1.ebuild | 67 ------------------------ 1 file changed, 67 deletions(-)