* [gentoo-commits] repo/gentoo:master commit in: net-misc/curl/, net-misc/curl/files/
@ 2016-03-24 12:24 Anthony G. Basile
0 siblings, 0 replies; 30+ messages in thread
From: Anthony G. Basile @ 2016-03-24 12:24 UTC (permalink / raw
To: gentoo-commits
commit: ee6ac60120137d9d3e6f56fa776802caa5d69e84
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Thu Mar 24 12:30:06 2016 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Thu Mar 24 12:30:24 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ee6ac601
net-misc/curl: fix build for 7.48.0 for libressl, bug #578098
Package-Manager: portage-2.2.26
net-misc/curl/curl-7.48.0.ebuild | 3 ++-
net-misc/curl/files/curl-7.48.0-libressl.patch | 27 ++++++++++++++++++++++++++
2 files changed, 29 insertions(+), 1 deletion(-)
diff --git a/net-misc/curl/curl-7.48.0.ebuild b/net-misc/curl/curl-7.48.0.ebuild
index ae337f1..9bc5b8e 100644
--- a/net-misc/curl/curl-7.48.0.ebuild
+++ b/net-misc/curl/curl-7.48.0.ebuild
@@ -113,7 +113,8 @@ src_prepare() {
epatch \
"${FILESDIR}"/${PN}-7.30.0-prefix.patch \
"${FILESDIR}"/${PN}-respect-cflags-3.patch \
- "${FILESDIR}"/${PN}-fix-gnutls-nettle.patch
+ "${FILESDIR}"/${PN}-fix-gnutls-nettle.patch \
+ "${FILESDIR}"/${P}-libressl.patch
sed -i '/LD_LIBRARY_PATH=/d' configure.ac || die #382241
diff --git a/net-misc/curl/files/curl-7.48.0-libressl.patch b/net-misc/curl/files/curl-7.48.0-libressl.patch
new file mode 100644
index 0000000..3a3fe83
--- /dev/null
+++ b/net-misc/curl/files/curl-7.48.0-libressl.patch
@@ -0,0 +1,27 @@
+See: https://bugs.gentoo.org/show_bug.cgi?id=578098
+
+commit 240cd84b494e0ffee8ad261c43b927d246cf6be1
+Author: Daniel Stenberg <daniel@haxx.se>
+Date: Wed Mar 23 10:04:48 2016 +0100
+
+ openssl: fix ERR_remove_thread_state() for boringssl/libressl
+
+ The removed arg is only done in OpenSSL
+
+ Bug: https://twitter.com/xtraemeat/status/712564874098917376
+
+diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
+index cbf2d21..b7e4462 100644
+--- a/lib/vtls/openssl.c
++++ b/lib/vtls/openssl.c
+@@ -95,7 +95,9 @@
+
+ #if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
+ #define HAVE_ERR_REMOVE_THREAD_STATE 1
+-#if (OPENSSL_VERSION_NUMBER >= 0x10100004L)
++#if (OPENSSL_VERSION_NUMBER >= 0x10100004L) && \
++ !defined(LIBRESSL_VERSION_NUMBER) && \
++ !defined(OPENSSL_IS_BORINGSSL)
+ /* OpenSSL 1.1.0-pre4 removed the argument! */
+ #define HAVE_ERR_REMOVE_THREAD_STATE_NOARG 1
+ #endif
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/curl/, net-misc/curl/files/
@ 2016-05-18 12:25 Anthony G. Basile
0 siblings, 0 replies; 30+ messages in thread
From: Anthony G. Basile @ 2016-05-18 12:25 UTC (permalink / raw
To: gentoo-commits
commit: 80c4532dd61fbe55ed7496ef00efa3e439da7309
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Wed May 18 12:26:40 2016 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Wed May 18 12:27:09 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=80c4532d
net-misc/curl: remove older unstable version for CVE-2016-3739
Package-Manager: portage-2.2.26
net-misc/curl/Manifest | 1 -
net-misc/curl/curl-7.48.0.ebuild | 238 -------------------------
net-misc/curl/files/curl-7.48.0-libressl.patch | 27 ---
3 files changed, 266 deletions(-)
diff --git a/net-misc/curl/Manifest b/net-misc/curl/Manifest
index 0809585..5e2aac6 100644
--- a/net-misc/curl/Manifest
+++ b/net-misc/curl/Manifest
@@ -1,4 +1,3 @@
DIST curl-7.45.0.tar.bz2 3473632 SHA256 65154e66b9f8a442b57c436904639507b4ac37ec13d6f8a48248f1b4012b98ea SHA512 71c557c69eb8d160f74a9b76ef83a46ce33ef4e8a66a261699329583dadf10205b4ba4783f92d4e6c8724f6610ffade5b0a9f189b0a7b9169ff839dfc8980481 WHIRLPOOL afc1627cebb64c9111f943fe63d95c8a998934fd02e3b8d12f061d23b174b7475c48451ecc1713ce54771455a6465238aa3b818b0eb9ba5c86ffd06eb1f2bc76
DIST curl-7.47.1.tar.bz2 3506256 SHA256 ddc643ab9382e24bbe4747d43df189a0a6ce38fcb33df041b9cb0b3cd47ae98f SHA512 e99d94dfdd349df0603de21687039c69765d40ae6bd73bd8ccdb6d046903a94e590a9cc903f378f8d030997a29bf0394ac5e342c9989a815679f9ea4fa79913f WHIRLPOOL d8a77d9c693a7b72066d5289107a5a5afc798b4736795569350840bd41a2166fec700138244ddcb24558fdd94d91b919ff385e1bc8abcdcdad65cba842076b3d
-DIST curl-7.48.0.tar.bz2 7408757 SHA256 864e7819210b586d42c674a1fdd577ce75a78b3dda64c63565abe5aefd72c753 SHA512 9bb554eaf4ccaced0fa9b38de4f381eab84b96c1aa07a45d83ddfd38a925044d0fe9fac517263f67f009d2294a31c33dedb2267defbab0cb14f96091bbed5f92 WHIRLPOOL ffdc621510f71d039544e7d646f198cd1bcbb96ad114f2a685093d7a6d4431d38949c7a3557c3f4a38f54843ba217a04e3fde8a27a56b40e30d6552ef8c2a02b
DIST curl-7.49.0.tar.bz2 7458465 SHA256 14f44ed7b5207fea769ddb2c31bd9e720d37312e1c02315def67923a4a636078 SHA512 57a82185c082ea872a54c6f5a11ca24fe6131108c16255278671504afca848b9298681de9c9bb5905b9655295edf25c104d1301c4bbdb1f261d952a020d77111 WHIRLPOOL f5c4d15b7072d98e0760d7e5de59c307fb4e7f84125db7ebb2fc9f9d19e3ed35f937244579c00d9fb1e86604df277eab2a1eb14d7b339182e484a4925103dff7
diff --git a/net-misc/curl/curl-7.48.0.ebuild b/net-misc/curl/curl-7.48.0.ebuild
deleted file mode 100644
index 9bc5b8e..0000000
--- a/net-misc/curl/curl-7.48.0.ebuild
+++ /dev/null
@@ -1,238 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-inherit autotools eutils prefix multilib-minimal
-
-DESCRIPTION="A Client that groks URLs"
-HOMEPAGE="http://curl.haxx.se/"
-SRC_URI="http://curl.haxx.se/download/${P}.tar.bz2"
-
-LICENSE="MIT"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~x86-interix ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="adns http2 idn ipv6 kerberos ldap metalink rtmp samba ssh ssl static-libs test threads"
-IUSE+=" curl_ssl_axtls curl_ssl_gnutls curl_ssl_libressl curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_polarssl curl_ssl_winssl"
-IUSE+=" elibc_Winnt"
-
-#lead to lots of false negatives, bug #285669
-RESTRICT="test"
-
-RDEPEND="ldap? ( net-nds/openldap[${MULTILIB_USEDEP}] )
- ssl? (
- curl_ssl_axtls? (
- net-libs/axtls[${MULTILIB_USEDEP}]
- app-misc/ca-certificates
- )
- curl_ssl_gnutls? (
- net-libs/gnutls:0=[static-libs?,${MULTILIB_USEDEP}]
- dev-libs/nettle:0=[${MULTILIB_USEDEP}]
- app-misc/ca-certificates
- )
- curl_ssl_libressl? (
- dev-libs/libressl:0=[static-libs?,${MULTILIB_USEDEP}]
- )
- curl_ssl_mbedtls? (
- net-libs/mbedtls:0=[${MULTILIB_USEDEP}]
- app-misc/ca-certificates
- )
- curl_ssl_openssl? (
- dev-libs/openssl:0=[static-libs?,${MULTILIB_USEDEP}]
- )
- curl_ssl_nss? (
- dev-libs/nss:0[${MULTILIB_USEDEP}]
- app-misc/ca-certificates
- )
- curl_ssl_polarssl? (
- net-libs/polarssl:0=[${MULTILIB_USEDEP}]
- app-misc/ca-certificates
- )
- )
- http2? ( net-libs/nghttp2[${MULTILIB_USEDEP}] )
- idn? ( net-dns/libidn:0[static-libs?,${MULTILIB_USEDEP}] )
- adns? ( net-dns/c-ares:0[${MULTILIB_USEDEP}] )
- kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
- metalink? ( >=media-libs/libmetalink-0.1.1[${MULTILIB_USEDEP}] )
- rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
- ssh? ( net-libs/libssh2[static-libs?,${MULTILIB_USEDEP}] )
- sys-libs/zlib[${MULTILIB_USEDEP}]
- abi_x86_32? (
- !<=app-emulation/emul-linux-x86-baselibs-20140508-r13
- !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
- )"
-
-# Do we need to enforce the same ssl backend for curl and rtmpdump? Bug #423303
-# rtmp? (
-# media-video/rtmpdump
-# curl_ssl_gnutls? ( media-video/rtmpdump[gnutls] )
-# curl_ssl_openssl? ( media-video/rtmpdump[-gnutls,ssl] )
-# )
-
-# ssl providers to be added:
-# fbopenssl $(use_with spnego)
-
-DEPEND="${RDEPEND}
- >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
- test? (
- sys-apps/diffutils
- dev-lang/perl
- )"
-
-# c-ares must be disabled for threads
-# only one ssl provider can be enabled
-REQUIRED_USE="
- curl_ssl_winssl? ( elibc_Winnt )
- threads? ( !adns )
- ssl? (
- ^^ (
- curl_ssl_axtls
- curl_ssl_gnutls
- curl_ssl_libressl
- curl_ssl_mbedtls
- curl_ssl_nss
- curl_ssl_openssl
- curl_ssl_polarssl
- curl_ssl_winssl
- )
- )"
-
-DOCS=( CHANGES README docs/FEATURES docs/INTERNALS \
- docs/MANUAL docs/FAQ docs/BUGS docs/CONTRIBUTE )
-
-MULTILIB_WRAPPED_HEADERS=(
- /usr/include/curl/curlbuild.h
-)
-
-MULTILIB_CHOST_TOOLS=(
- /usr/bin/curl-config
-)
-
-src_prepare() {
- epatch \
- "${FILESDIR}"/${PN}-7.30.0-prefix.patch \
- "${FILESDIR}"/${PN}-respect-cflags-3.patch \
- "${FILESDIR}"/${PN}-fix-gnutls-nettle.patch \
- "${FILESDIR}"/${P}-libressl.patch
-
- sed -i '/LD_LIBRARY_PATH=/d' configure.ac || die #382241
-
- epatch_user
- eprefixify curl-config.in
- eautoreconf
-}
-
-multilib_src_configure() {
- einfo "\033[1;32m**************************************************\033[00m"
-
- # We make use of the fact that later flags override earlier ones
- # So start with all ssl providers off until proven otherwise
- local myconf=()
- myconf+=( --without-axtls --without-gnutls --without-mbedtls --without-nss --without-polarssl --without-ssl --without-winssl )
- myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
- if use ssl ; then
- if use curl_ssl_axtls; then
- einfo "SSL provided by axtls"
- myconf+=( --with-axtls )
- elif use curl_ssl_gnutls; then
- einfo "SSL provided by gnutls"
- myconf+=( --with-gnutls --with-nettle )
- elif use curl_ssl_libressl; then
- einfo "SSL provided by LibreSSL"
- myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
- elif use curl_ssl_mbedtls; then
- einfo "SSL provided by mbedtls"
- myconf+=( --with-mbedtls )
- elif use curl_ssl_nss; then
- einfo "SSL provided by nss"
- myconf+=( --with-nss )
- elif use curl_ssl_polarssl; then
- einfo "SSL provided by polarssl"
- myconf+=( --with-polarssl )
- elif use curl_ssl_openssl; then
- einfo "SSL provided by openssl"
- myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
- elif use curl_ssl_winssl; then
- einfo "SSL provided by Windows"
- myconf+=( --with-winssl )
- else
- eerror "We can't be here because of REQUIRED_USE."
- fi
- else
- einfo "SSL disabled"
- fi
- einfo "\033[1;32m**************************************************\033[00m"
-
- # These configuration options are organized alphabetically
- # within each category. This should make it easier if we
- # ever decide to make any of them contingent on USE flags:
- # 1) protocols first. To see them all do
- # 'grep SUPPORT_PROTOCOLS configure.ac'
- # 2) --enable/disable options second.
- # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
- # 3) --with/without options third.
- # grep -- --with configure | grep Check | awk '{ print $4 }' | sort
- ECONF_SOURCE="${S}" \
- econf \
- --enable-crypto-auth \
- --enable-dict \
- --enable-file \
- --enable-ftp \
- --enable-gopher \
- --enable-http \
- --enable-imap \
- $(use_enable ldap) \
- $(use_enable ldap ldaps) \
- --disable-ntlm-wb \
- --enable-pop3 \
- --enable-rt \
- --enable-rtsp \
- $(use_enable samba smb) \
- $(use_with ssh libssh2) \
- --enable-smtp \
- --enable-telnet \
- --enable-tftp \
- --enable-tls-srp \
- $(use_enable adns ares) \
- --enable-cookies \
- --enable-hidden-symbols \
- $(use_enable ipv6) \
- --enable-largefile \
- --without-libpsl \
- --enable-manual \
- --enable-proxy \
- --disable-soname-bump \
- --disable-sspi \
- $(use_enable static-libs static) \
- $(use_enable threads threaded-resolver) \
- --disable-versioned-symbols \
- --without-cyassl \
- --without-darwinssl \
- $(use_with idn libidn) \
- $(use_with kerberos gssapi "${EPREFIX}"/usr) \
- $(use_with metalink libmetalink) \
- $(use_with http2 nghttp2) \
- $(use_with rtmp librtmp) \
- --without-spnego \
- --without-winidn \
- --with-zlib \
- "${myconf[@]}"
-
- if ! multilib_is_native_abi; then
- # avoid building the client
- sed -i -e '/SUBDIRS/s:src::' Makefile || die
- sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
- fi
-}
-
-multilib_src_install_all() {
- einstalldocs
- prune_libtool_files --all
-
- rm -rf "${ED}"/etc/
-
- # https://sourceforge.net/tracker/index.php?func=detail&aid=1705197&group_id=976&atid=350976
- insinto /usr/share/aclocal
- doins docs/libcurl/libcurl.m4
-}
diff --git a/net-misc/curl/files/curl-7.48.0-libressl.patch b/net-misc/curl/files/curl-7.48.0-libressl.patch
deleted file mode 100644
index 3a3fe83..0000000
--- a/net-misc/curl/files/curl-7.48.0-libressl.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-See: https://bugs.gentoo.org/show_bug.cgi?id=578098
-
-commit 240cd84b494e0ffee8ad261c43b927d246cf6be1
-Author: Daniel Stenberg <daniel@haxx.se>
-Date: Wed Mar 23 10:04:48 2016 +0100
-
- openssl: fix ERR_remove_thread_state() for boringssl/libressl
-
- The removed arg is only done in OpenSSL
-
- Bug: https://twitter.com/xtraemeat/status/712564874098917376
-
-diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
-index cbf2d21..b7e4462 100644
---- a/lib/vtls/openssl.c
-+++ b/lib/vtls/openssl.c
-@@ -95,7 +95,9 @@
-
- #if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
- #define HAVE_ERR_REMOVE_THREAD_STATE 1
--#if (OPENSSL_VERSION_NUMBER >= 0x10100004L)
-+#if (OPENSSL_VERSION_NUMBER >= 0x10100004L) && \
-+ !defined(LIBRESSL_VERSION_NUMBER) && \
-+ !defined(OPENSSL_IS_BORINGSSL)
- /* OpenSSL 1.1.0-pre4 removed the argument! */
- #define HAVE_ERR_REMOVE_THREAD_STATE_NOARG 1
- #endif
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/curl/, net-misc/curl/files/
@ 2016-11-13 13:21 Anthony G. Basile
0 siblings, 0 replies; 30+ messages in thread
From: Anthony G. Basile @ 2016-11-13 13:21 UTC (permalink / raw
To: gentoo-commits
commit: 9b38608dcdd87371cf27c20be9db126f5ebea06c
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sun Nov 13 13:16:28 2016 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sun Nov 13 13:21:32 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9b38608d
net-misc/curl: fix build with <net-libs/mbedtls-2.4.0, bug #599092
Package-Manager: portage-2.3.0
net-misc/curl/curl-7.51.0.ebuild | 3 ++-
net-misc/curl/files/curl-fix-mbedtls.patch | 37 ++++++++++++++++++++++++++++++
2 files changed, 39 insertions(+), 1 deletion(-)
diff --git a/net-misc/curl/curl-7.51.0.ebuild b/net-misc/curl/curl-7.51.0.ebuild
index 311cf72..88cb7ea 100644
--- a/net-misc/curl/curl-7.51.0.ebuild
+++ b/net-misc/curl/curl-7.51.0.ebuild
@@ -114,7 +114,8 @@ src_prepare() {
epatch \
"${FILESDIR}"/${PN}-7.30.0-prefix.patch \
"${FILESDIR}"/${PN}-respect-cflags-3.patch \
- "${FILESDIR}"/${PN}-fix-gnutls-nettle.patch
+ "${FILESDIR}"/${PN}-fix-gnutls-nettle.patch \
+ "${FILESDIR}"/${PN}-fix-mbedtls.patch
sed -i '/LD_LIBRARY_PATH=/d' configure.ac || die #382241
diff --git a/net-misc/curl/files/curl-fix-mbedtls.patch b/net-misc/curl/files/curl-fix-mbedtls.patch
new file mode 100644
index 00000000..b82e4c6
--- /dev/null
+++ b/net-misc/curl/files/curl-fix-mbedtls.patch
@@ -0,0 +1,37 @@
+This addresses bug #599092
+
+https://bugs.gentoo.org/show_bug.cgi?id=599092
+
+commit 9ea3a6e150dfc822ba1565f649b634848597d2d9
+Author: Daniel Stenberg <daniel@haxx.se>
+Date: Fri Nov 4 11:13:16 2016 +0100
+
+ mbedtls: fix build with mbedtls versions < 2.4.0
+
+ Regression added in 62a8095e714
+
+ Reported-by: Tony Kelman
+
+ Discussed in #1087
+
+diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c
+index 24249dd..9f29ff0 100644
+--- a/lib/vtls/mbedtls.c
++++ b/lib/vtls/mbedtls.c
+@@ -31,11 +31,15 @@
+
+ #ifdef USE_MBEDTLS
+
++#include <mbedtls/version.h>
++#if MBEDTLS_VERSION_NUMBER >= 0x02040000
+ #include <mbedtls/net_sockets.h>
++#else
++#include <mbedtls/net.h>
++#endif
+ #include <mbedtls/ssl.h>
+ #include <mbedtls/certs.h>
+ #include <mbedtls/x509.h>
+-#include <mbedtls/version.h>
+
+ #include <mbedtls/error.h>
+ #include <mbedtls/entropy.h>
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/curl/, net-misc/curl/files/
@ 2018-04-18 21:42 Aaron Bauman
0 siblings, 0 replies; 30+ messages in thread
From: Aaron Bauman @ 2018-04-18 21:42 UTC (permalink / raw
To: gentoo-commits
commit: 850b3f95dcf1417854d77e26303c0ed0ce519e9f
Author: Aaron Bauman <bman <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 18 21:41:30 2018 +0000
Commit: Aaron Bauman <bman <AT> gentoo <DOT> org>
CommitDate: Wed Apr 18 21:42:18 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=850b3f95
net-misc/curl: compatibility patch for LibreSSL
This patch fixes building with dev-libs/libressl-2.7.x. Patch was pulled
from upstream Git and should be included in the next 7.60.0 release.
Closes: https://bugs.gentoo.org/651172
Package-Manager: Portage-2.3.29, Repoman-2.3.9
net-misc/curl/curl-7.59.0.ebuild | 2 +
.../files/curl-7.59.0-libressl-compatibility.patch | 70 ++++++++++++++++++++++
2 files changed, 72 insertions(+)
diff --git a/net-misc/curl/curl-7.59.0.ebuild b/net-misc/curl/curl-7.59.0.ebuild
index 2240efbd3a8..87d83904d5d 100644
--- a/net-misc/curl/curl-7.59.0.ebuild
+++ b/net-misc/curl/curl-7.59.0.ebuild
@@ -108,6 +108,8 @@ src_prepare() {
eapply "${FILESDIR}"/${PN}-7.30.0-prefix.patch
eapply "${FILESDIR}"/${PN}-respect-cflags-3.patch
eapply "${FILESDIR}"/${PN}-fix-gnutls-nettle.patch
+ # the next curl release (7.60.0) *should* contain this patch as it is in Git head and 7.60.0 has been tagged
+ eapply "${FILESDIR}"/${PN}-7.59.0-libressl-compatibility.patch
sed -i '/LD_LIBRARY_PATH=/d' configure.ac || die #382241
diff --git a/net-misc/curl/files/curl-7.59.0-libressl-compatibility.patch b/net-misc/curl/files/curl-7.59.0-libressl-compatibility.patch
new file mode 100644
index 00000000000..e7ee6c3ab15
--- /dev/null
+++ b/net-misc/curl/files/curl-7.59.0-libressl-compatibility.patch
@@ -0,0 +1,70 @@
+From da51ddee81e10398172f0baf3327b5db82846175 Mon Sep 17 00:00:00 2001
+From: Bernard Spil <brnrd@FreeBSD.org>
+Date: Mon, 2 Apr 2018 19:04:06 +0200
+Subject: [PATCH] openssl: fix build with LibreSSL 2.7
+
+ - LibreSSL 2.7 implements (most of) OpenSSL 1.1 API
+
+Fixes #2319
+Closes #2447
+Closes #2448
+
+Signed-off-by: Bernard Spil <brnrd@FreeBSD.org>
+---
+ lib/vtls/openssl.c | 15 +++++++++------
+ 1 file changed, 9 insertions(+), 6 deletions(-)
+
+diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
+index 2a6b3cfac..bbb8ec766 100644
+--- a/lib/vtls/openssl.c
++++ b/lib/vtls/openssl.c
+@@ -104,7 +104,8 @@
+ #endif
+
+ #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && /* OpenSSL 1.1.0+ */ \
+- !defined(LIBRESSL_VERSION_NUMBER)
++ !(defined(LIBRESSL_VERSION_NUMBER) && \
++ LIBRESSL_VERSION_NUMBER < 0x20700000L)
+ #define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER
+ #define HAVE_X509_GET0_EXTENSIONS 1 /* added in 1.1.0 -pre1 */
+ #define HAVE_OPAQUE_EVP_PKEY 1 /* since 1.1.0 -pre3 */
+@@ -128,7 +129,8 @@ static unsigned long OpenSSL_version_num(void)
+ #endif
+
+ #if (OPENSSL_VERSION_NUMBER >= 0x1000200fL) && /* 1.0.2 or later */ \
+- !defined(LIBRESSL_VERSION_NUMBER)
++ !(defined(LIBRESSL_VERSION_NUMBER) && \
++ LIBRESSL_VERSION_NUMBER < 0x20700000L)
+ #define HAVE_X509_GET0_SIGNATURE 1
+ #endif
+
+@@ -147,7 +149,7 @@ static unsigned long OpenSSL_version_num(void)
+ * Whether SSL_CTX_set_keylog_callback is available.
+ * OpenSSL: supported since 1.1.1 https://github.com/openssl/openssl/pull/2287
+ * BoringSSL: supported since d28f59c27bac (committed 2015-11-19)
+- * LibreSSL: unsupported in at least 2.5.1 (explicitly check for it since it
++ * LibreSSL: unsupported in at least 2.7.2 (explicitly check for it since it
+ * lies and pretends to be OpenSSL 2.0.0).
+ */
+ #if (OPENSSL_VERSION_NUMBER >= 0x10101000L && \
+@@ -259,7 +261,9 @@ static void tap_ssl_key(const SSL *ssl, ssl_tap_state_t *state)
+ if(!session || !keylog_file_fp)
+ return;
+
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
++ !(defined(LIBRESSL_VERSION_NUMBER) && \
++ LIBRESSL_VERSION_NUMBER < 0x20700000L)
+ /* ssl->s3 is not checked in openssl 1.1.0-pre6, but let's assume that
+ * we have a valid SSL context if we have a non-NULL session. */
+ SSL_get_client_random(ssl, client_random, SSL3_RANDOM_SIZE);
+@@ -2082,8 +2086,7 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
+ case CURL_SSLVERSION_TLSv1_2:
+ case CURL_SSLVERSION_TLSv1_3:
+ /* it will be handled later with the context options */
+-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
+- !defined(LIBRESSL_VERSION_NUMBER)
++#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+ req_method = TLS_client_method();
+ #else
+ req_method = SSLv23_client_method();
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/curl/, net-misc/curl/files/
@ 2020-06-10 20:13 Anthony G. Basile
0 siblings, 0 replies; 30+ messages in thread
From: Anthony G. Basile @ 2020-06-10 20:13 UTC (permalink / raw
To: gentoo-commits
commit: 3c70da322b14b83f9894c98725b6ffd3c1ea00cb
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Wed Jun 10 20:12:56 2020 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Wed Jun 10 20:12:56 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3c70da32
net-misc/curl: remove busy-loop, bug #727352
Closes: https://bugs.gentoo.org/727352
Package-Manager: Portage-2.3.99, Repoman-2.3.22
Signed-off-by: Anthony G. Basile <blueness <AT> gentoo.org>
.../{curl-7.70.0.ebuild => curl-7.70.0-r1.ebuild} | 1 +
net-misc/curl/files/curl-fix-cpu-load.patch | 94 ++++++++++++++++++++++
2 files changed, 95 insertions(+)
diff --git a/net-misc/curl/curl-7.70.0.ebuild b/net-misc/curl/curl-7.70.0-r1.ebuild
similarity index 99%
rename from net-misc/curl/curl-7.70.0.ebuild
rename to net-misc/curl/curl-7.70.0-r1.ebuild
index 6d8ee271731..7b751a4ef1c 100644
--- a/net-misc/curl/curl-7.70.0.ebuild
+++ b/net-misc/curl/curl-7.70.0-r1.ebuild
@@ -105,6 +105,7 @@ src_prepare() {
eapply "${FILESDIR}"/${PN}-7.30.0-prefix.patch
eapply "${FILESDIR}"/${PN}-respect-cflags-3.patch
eapply "${FILESDIR}"/${PN}-fix-gnutls-nettle.patch
+ eapply "${FILESDIR}"/${PN}-fix-cpu-load.patch
sed -i '/LD_LIBRARY_PATH=/d' configure.ac || die #382241
sed -i '/CURL_MAC_CFLAGS/d' configure.ac || die #637252
diff --git a/net-misc/curl/files/curl-fix-cpu-load.patch b/net-misc/curl/files/curl-fix-cpu-load.patch
new file mode 100644
index 00000000000..fb20641b5b2
--- /dev/null
+++ b/net-misc/curl/files/curl-fix-cpu-load.patch
@@ -0,0 +1,94 @@
+Fixes https://bugs.gentoo.org/727352
+
+From 2a41e236716da4c41ebc1132bd36d9273bd0321f Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Mon, 8 Jun 2020 14:05:22 +0200
+Subject: [PATCH] socks: detect connection close during handshake
+
+The SOCKS4/5 state machines weren't properly terminated when the proxy
+connection got closed, leading to a busy-loop.
+
+Reported-By: zloi-user on github
+Fixes #5532
+Closes #5542
+---
+ lib/socks.c | 32 ++++++++++++++++++++++++++++----
+ 1 file changed, 28 insertions(+), 4 deletions(-)
+
+diff --git a/lib/socks.c b/lib/socks.c
+index 4c1af7b9de7..b2215fef30c 100644
+--- a/lib/socks.c
++++ b/lib/socks.c
+@@ -382,6 +382,11 @@ CURLcode Curl_SOCKS4(const char *proxy_user,
+ curl_easy_strerror(result));
+ return CURLE_COULDNT_CONNECT;
+ }
++ else if(!result && !actualread) {
++ /* connection closed */
++ failf(data, "connection to proxy closed");
++ return CURLE_COULDNT_CONNECT;
++ }
+ else if(actualread != sx->outstanding) {
+ /* remain in reading state */
+ sx->outstanding -= actualread;
+@@ -592,6 +597,11 @@ CURLcode Curl_SOCKS5(const char *proxy_user,
+ failf(data, "Unable to receive initial SOCKS5 response.");
+ return CURLE_COULDNT_CONNECT;
+ }
++ else if(!result && !actualread) {
++ /* connection closed */
++ failf(data, "Connection to proxy closed");
++ return CURLE_COULDNT_CONNECT;
++ }
+ else if(actualread != sx->outstanding) {
+ /* remain in reading state */
+ sx->outstanding -= actualread;
+@@ -717,15 +727,19 @@ CURLcode Curl_SOCKS5(const char *proxy_user,
+ failf(data, "Unable to receive SOCKS5 sub-negotiation response.");
+ return CURLE_COULDNT_CONNECT;
+ }
+- if(actualread != sx->outstanding) {
++ else if(!result && !actualread) {
++ /* connection closed */
++ failf(data, "connection to proxy closed");
++ return CURLE_COULDNT_CONNECT;
++ }
++ else if(actualread != sx->outstanding) {
+ /* remain in state */
+ sx->outstanding -= actualread;
+ sx->outp += actualread;
+ return CURLE_OK;
+ }
+-
+ /* ignore the first (VER) byte */
+- if(socksreq[1] != 0) { /* status */
++ else if(socksreq[1] != 0) { /* status */
+ failf(data, "User was rejected by the SOCKS5 server (%d %d).",
+ socksreq[0], socksreq[1]);
+ return CURLE_COULDNT_CONNECT;
+@@ -890,6 +904,11 @@ CURLcode Curl_SOCKS5(const char *proxy_user,
+ failf(data, "Failed to receive SOCKS5 connect request ack.");
+ return CURLE_COULDNT_CONNECT;
+ }
++ else if(!result && !actualread) {
++ /* connection closed */
++ failf(data, "connection to proxy closed");
++ return CURLE_COULDNT_CONNECT;
++ }
+ else if(actualread != sx->outstanding) {
+ /* remain in state */
+ sx->outstanding -= actualread;
+@@ -967,7 +986,12 @@ CURLcode Curl_SOCKS5(const char *proxy_user,
+ failf(data, "Failed to receive SOCKS5 connect request ack.");
+ return CURLE_COULDNT_CONNECT;
+ }
+- if(actualread != sx->outstanding) {
++ else if(!result && !actualread) {
++ /* connection closed */
++ failf(data, "connection to proxy closed");
++ return CURLE_COULDNT_CONNECT;
++ }
++ else if(actualread != sx->outstanding) {
+ /* remain in state */
+ sx->outstanding -= actualread;
+ sx->outp += actualread;
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/curl/, net-misc/curl/files/
@ 2021-09-18 3:01 Sam James
0 siblings, 0 replies; 30+ messages in thread
From: Sam James @ 2021-09-18 3:01 UTC (permalink / raw
To: gentoo-commits
commit: 9886665e4f3d22da1d722509fd5de9000a36d4d6
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Sep 18 02:52:49 2021 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Sep 18 02:52:49 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9886665e
net-misc/curl: add 7.79.0
Bug: https://bugs.gentoo.org/813270
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-misc/curl/Manifest | 1 +
net-misc/curl/curl-7.79.0.ebuild | 293 +++++++++++++++++++++
.../curl-7.79.0-http-3digit-response-code.patch | 107 ++++++++
.../files/curl-7.79.0-http2-connection-data.patch | 43 +++
4 files changed, 444 insertions(+)
diff --git a/net-misc/curl/Manifest b/net-misc/curl/Manifest
index 65ea300bc22..b1b6f556d43 100644
--- a/net-misc/curl/Manifest
+++ b/net-misc/curl/Manifest
@@ -1 +1,2 @@
DIST curl-7.78.0.tar.xz 2440640 BLAKE2B 0422071ce22d38b89652c702989674a2257dd18b05004245c4f2d7494ccdd24b5b52f330629ce6a411a059d5990e8c879cbbdf23d873b881141f9d2b9ad07f7f SHA512 f72e822a0b5e28320ef547c7a441c07f3b4870579a70ab4c428751baba435a1385cb89a22b9ed4b84a7fafecf620f155911e4131e3463ec1bdad80ecde47bb7a
+DIST curl-7.79.0.tar.xz 2463072 BLAKE2B c3a8a60d3c04965272b1a439a4719cfaca903daaecd6265869b9188d1b6b13be63817b9daa77260673d67330baa3d9c2d917274f939cdadc467ac64d8fcf3203 SHA512 68bccba61f18de9f94c311b0d92cfa6572bb7e55e8773917c13b25203164a5a9f4ef6b8ad84a14d3d5dcb286271bf18c3dd84c4ca353866763c726f9defce808
diff --git a/net-misc/curl/curl-7.79.0.ebuild b/net-misc/curl/curl-7.79.0.ebuild
new file mode 100644
index 00000000000..380b1da5a4e
--- /dev/null
+++ b/net-misc/curl/curl-7.79.0.ebuild
@@ -0,0 +1,293 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit autotools prefix multilib-minimal
+
+DESCRIPTION="A Client that groks URLs"
+HOMEPAGE="https://curl.haxx.se/"
+SRC_URI="https://curl.haxx.se/download/${P}.tar.xz"
+
+LICENSE="curl"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap ipv6 kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp samba +smtp ssh ssl sslv3 static-libs test telnet +tftp threads winssl zstd"
+IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_winssl"
+IUSE+=" nghttp3 quiche"
+IUSE+=" elibc_Winnt"
+
+# c-ares must be disabled for threads
+# only one default ssl provider can be enabled
+REQUIRED_USE="
+ winssl? ( elibc_Winnt )
+ threads? ( !adns )
+ ssl? (
+ ^^ (
+ curl_ssl_gnutls
+ curl_ssl_mbedtls
+ curl_ssl_nss
+ curl_ssl_openssl
+ curl_ssl_winssl
+ )
+ )"
+
+# lead to lots of false negatives, bug #285669
+RESTRICT="!test? ( test )"
+
+RDEPEND="ldap? ( net-nds/openldap[${MULTILIB_USEDEP}] )
+ brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
+ ssl? (
+ gnutls? (
+ net-libs/gnutls:0=[static-libs?,${MULTILIB_USEDEP}]
+ dev-libs/nettle:0=[${MULTILIB_USEDEP}]
+ app-misc/ca-certificates
+ )
+ mbedtls? (
+ net-libs/mbedtls:0=[${MULTILIB_USEDEP}]
+ app-misc/ca-certificates
+ )
+ openssl? (
+ dev-libs/openssl:0=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
+ )
+ nss? (
+ dev-libs/nss:0[${MULTILIB_USEDEP}]
+ app-misc/ca-certificates
+ )
+ )
+ http2? ( net-libs/nghttp2:=[${MULTILIB_USEDEP}] )
+ nghttp3? (
+ net-libs/nghttp3[${MULTILIB_USEDEP}]
+ net-libs/ngtcp2[ssl,${MULTILIB_USEDEP}]
+ )
+ quiche? ( >=net-libs/quiche-0.3.0[${MULTILIB_USEDEP}] )
+ idn? ( net-dns/libidn2:0=[static-libs?,${MULTILIB_USEDEP}] )
+ adns? ( net-dns/c-ares:0=[${MULTILIB_USEDEP}] )
+ kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
+ rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
+ ssh? ( net-libs/libssh2[${MULTILIB_USEDEP}] )
+ sys-libs/zlib[${MULTILIB_USEDEP}]
+ zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )"
+
+# Do we need to enforce the same ssl backend for curl and rtmpdump? Bug #423303
+# rtmp? (
+# media-video/rtmpdump
+# curl_ssl_gnutls? ( media-video/rtmpdump[gnutls] )
+# curl_ssl_openssl? ( media-video/rtmpdump[-gnutls,ssl] )
+# )
+
+# ssl providers to be added:
+# fbopenssl $(use_with spnego)
+
+DEPEND="${RDEPEND}"
+BDEPEND="virtual/pkgconfig
+ test? (
+ sys-apps/diffutils
+ dev-lang/perl
+ )"
+
+DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
+
+MULTILIB_WRAPPED_HEADERS=(
+ /usr/include/curl/curlbuild.h
+)
+
+MULTILIB_CHOST_TOOLS=(
+ /usr/bin/curl-config
+)
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-7.30.0-prefix.patch
+ "${FILESDIR}"/${PN}-respect-cflags-3.patch
+ # Backported patches to 7.79.0
+ "${FILESDIR}"/${P}-http2-connection-data.patch
+ "${FILESDIR}"/${P}-http-3digit-response-code.patch
+)
+
+src_prepare() {
+ default
+
+ eprefixify curl-config.in
+ eautoreconf
+}
+
+multilib_src_configure() {
+ # We make use of the fact that later flags override earlier ones
+ # So start with all ssl providers off until proven otherwise
+ # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
+ local myconf=()
+
+ myconf+=( --without-gnutls --without-mbedtls --without-nss --without-polarssl --without-ssl --without-winssl )
+ myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
+ #myconf+=( --without-default-ssl-backend )
+ if use ssl ; then
+ if use gnutls || use curl_ssl_gnutls; then
+ einfo "SSL provided by gnutls"
+ myconf+=( --with-gnutls --with-nettle )
+ fi
+ if use mbedtls || use curl_ssl_mbedtls; then
+ einfo "SSL provided by mbedtls"
+ myconf+=( --with-mbedtls )
+ fi
+ if use nss || use curl_ssl_nss; then
+ einfo "SSL provided by nss"
+ myconf+=( --with-nss )
+ fi
+ if use openssl || use curl_ssl_openssl; then
+ einfo "SSL provided by openssl"
+ myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
+ fi
+ if use winssl || use curl_ssl_winssl; then
+ einfo "SSL provided by Windows"
+ myconf+=( --with-winssl )
+ fi
+
+ if use curl_ssl_gnutls; then
+ einfo "Default SSL provided by gnutls"
+ myconf+=( --with-default-ssl-backend=gnutls )
+ elif use curl_ssl_mbedtls; then
+ einfo "Default SSL provided by mbedtls"
+ myconf+=( --with-default-ssl-backend=mbedtls )
+ elif use curl_ssl_nss; then
+ einfo "Default SSL provided by nss"
+ myconf+=( --with-default-ssl-backend=nss )
+ elif use curl_ssl_openssl; then
+ einfo "Default SSL provided by openssl"
+ myconf+=( --with-default-ssl-backend=openssl )
+ elif use curl_ssl_winssl; then
+ einfo "Default SSL provided by Windows"
+ myconf+=( --with-default-ssl-backend=winssl )
+ else
+ eerror "We can't be here because of REQUIRED_USE."
+ fi
+
+ else
+ einfo "SSL disabled"
+ fi
+
+ # These configuration options are organized alphabetically
+ # within each category. This should make it easier if we
+ # ever decide to make any of them contingent on USE flags:
+ # 1) protocols first. To see them all do
+ # 'grep SUPPORT_PROTOCOLS configure.ac'
+ # 2) --enable/disable options second.
+ # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
+ # 3) --with/without options third.
+ # grep -- --with configure | grep Check | awk '{ print $4 }' | sort
+
+ myconf+=(
+ $(use_enable alt-svc)
+ --enable-crypto-auth
+ --enable-dict
+ --disable-ech
+ --enable-file
+ $(use_enable ftp)
+ $(use_enable gopher)
+ $(use_enable hsts)
+ --enable-http
+ $(use_enable imap)
+ $(use_enable ldap)
+ $(use_enable ldap ldaps)
+ --enable-ntlm
+ --disable-ntlm-wb
+ $(use_enable pop3)
+ --enable-rt
+ --enable-rtsp
+ $(use_enable samba smb)
+ $(use_with ssh libssh2)
+ $(use_enable smtp)
+ $(use_enable telnet)
+ $(use_enable tftp)
+ --enable-tls-srp
+ $(use_enable adns ares)
+ --enable-cookies
+ --enable-dateparse
+ --enable-dnsshuffle
+ --enable-doh
+ --enable-hidden-symbols
+ --enable-http-auth
+ $(use_enable ipv6)
+ --enable-largefile
+ --enable-manual
+ --enable-mime
+ --enable-netrc
+ $(use_enable progress-meter)
+ --enable-proxy
+ --disable-sspi
+ $(use_enable static-libs static)
+ $(use_enable threads threaded-resolver)
+ $(use_enable threads pthreads)
+ --disable-versioned-symbols
+ --without-amissl
+ --without-bearssl
+ $(use_with brotli)
+ --without-cyassl
+ --without-fish-functions-dir
+ $(use_with http2 nghttp2)
+ --without-hyper
+ $(use_with idn libidn2)
+ $(use_with kerberos gssapi "${EPREFIX}"/usr)
+ --without-libgsasl
+ --without-libpsl
+ $(use_with nghttp3)
+ $(use_with nghttp3 ngtcp2)
+ $(use_with quiche)
+ $(use_with rtmp librtmp)
+ --without-rustls
+ --without-schannel
+ --without-secure-transport
+ --without-spnego
+ --without-winidn
+ --without-wolfssl
+ --with-zlib
+ $(use_with zstd)
+ )
+
+ ECONF_SOURCE="${S}" \
+ econf "${myconf[@]}"
+
+ if ! multilib_is_native_abi; then
+ # avoid building the client
+ sed -i -e '/SUBDIRS/s:src::' Makefile || die
+ sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
+ fi
+
+ # Fix up the pkg-config file to be more robust.
+ # https://github.com/curl/curl/issues/864
+ local priv=() libs=()
+ # We always enable zlib.
+ libs+=( "-lz" )
+ priv+=( "zlib" )
+ if use http2; then
+ libs+=( "-lnghttp2" )
+ priv+=( "libnghttp2" )
+ fi
+ if use quiche; then
+ libs+=( "-lquiche" )
+ priv+=( "quiche" )
+ fi
+ if use nghttp3; then
+ libs+=( "-lnghttp3" "-lngtcp2" )
+ priv+=( "libnghttp3" "-libtcp2" )
+ fi
+ if use ssl && use curl_ssl_openssl; then
+ libs+=( "-lssl" "-lcrypto" )
+ priv+=( "openssl" )
+ fi
+ grep -q Requires.private libcurl.pc && die "need to update ebuild"
+ libs=$(printf '|%s' "${libs[@]}")
+ sed -i -r \
+ -e "/^Libs.private/s:(${libs#|})( |$)::g" \
+ libcurl.pc || die
+ echo "Requires.private: ${priv[*]}" >> libcurl.pc
+}
+
+multilib_src_test() {
+ multilib_is_native_abi && default_src_test
+}
+
+multilib_src_install_all() {
+ einstalldocs
+ find "${ED}" -type f -name '*.la' -delete || die
+ rm -rf "${ED}"/etc/ || die
+}
diff --git a/net-misc/curl/files/curl-7.79.0-http-3digit-response-code.patch b/net-misc/curl/files/curl-7.79.0-http-3digit-response-code.patch
new file mode 100644
index 00000000000..1da4cebd4aa
--- /dev/null
+++ b/net-misc/curl/files/curl-7.79.0-http-3digit-response-code.patch
@@ -0,0 +1,107 @@
+https://github.com/curl/curl/commit/beb8990d934a01acf103871e463d4e61afc9ded2
+
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Fri, 17 Sep 2021 16:31:25 +0200
+Subject: [PATCH] http: fix the broken >3 digit response code detection
+
+When the "reason phrase" in the HTTP status line starts with a digit,
+that was treated as the forth response code digit and curl would claim
+the response to be non-compliant.
+
+Added test 1466 to verify this case.
+
+Regression brought by 5dc594e44f73b17
+Reported-by: Glenn de boer
+Fixes #7738
+Closes #7739
+--- a/lib/http.c
++++ b/lib/http.c
+@@ -4232,9 +4232,9 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data,
+ char separator;
+ char twoorthree[2];
+ int httpversion = 0;
+- int digit4 = -1; /* should remain untouched to be good */
++ char digit4 = 0;
+ nc = sscanf(HEADER1,
+- " HTTP/%1d.%1d%c%3d%1d",
++ " HTTP/%1d.%1d%c%3d%c",
+ &httpversion_major,
+ &httpversion,
+ &separator,
+@@ -4250,13 +4250,13 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data,
+
+ /* There can only be a 4th response code digit stored in 'digit4' if
+ all the other fields were parsed and stored first, so nc is 5 when
+- digit4 is not -1 */
+- else if(digit4 != -1) {
++ digit4 a digit */
++ else if(ISDIGIT(digit4)) {
+ failf(data, "Unsupported response code in HTTP response");
+ return CURLE_UNSUPPORTED_PROTOCOL;
+ }
+
+- if((nc == 4) && (' ' == separator)) {
++ if((nc >= 4) && (' ' == separator)) {
+ httpversion += 10 * httpversion_major;
+ switch(httpversion) {
+ case 10:
+--- a/tests/data/Makefile.inc
++++ b/tests/data/Makefile.inc
+@@ -182,7 +182,7 @@ test1432 test1433 test1434 test1435 test1436 test1437 test1438 test1439 \
+ test1440 test1441 test1442 test1443 test1444 test1445 test1446 test1447 \
+ test1448 test1449 test1450 test1451 test1452 test1453 test1454 test1455 \
+ test1456 test1457 test1458 test1459 test1460 test1461 test1462 test1463 \
+-test1464 test1465 \
++test1464 test1465 test1466 \
+ \
+ test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1507 \
+ test1508 test1509 test1510 test1511 test1512 test1513 test1514 test1515 \
+--- /dev/null
++++ b/tests/data/test1466
+@@ -0,0 +1,45 @@
++<testcase>
++<info>
++<keywords>
++HTTP
++HTTP GET
++</keywords>
++</info>
++
++<reply>
++<data>
++HTTP/1.1 405 405
++Content-Length: 6
++Connection: close
++
++-foo-
++</data>
++</reply>
++
++#
++# Client-side
++<client>
++<server>
++http
++</server>
++
++<name>
++HTTP GET with 3-digit response and only digits in reason
++ </name>
++ <command>
++http://%HOSTIP:%HTTPPORT/%TESTNUMBER
++</command>
++</client>
++
++#
++# Verify data after the test has been "shot"
++<verify>
++<protocol>
++GET /%TESTNUMBER HTTP/1.1
++Host: %HOSTIP:%HTTPPORT
++User-Agent: curl/%VERSION
++Accept: */*
++
++</protocol>
++</verify>
++</testcase>
+
diff --git a/net-misc/curl/files/curl-7.79.0-http2-connection-data.patch b/net-misc/curl/files/curl-7.79.0-http2-connection-data.patch
new file mode 100644
index 00000000000..bdb1484d1b1
--- /dev/null
+++ b/net-misc/curl/files/curl-7.79.0-http2-connection-data.patch
@@ -0,0 +1,43 @@
+https://github.com/curl/curl/commit/901804ef95777b8e735a55b77f8dd630a58c575b
+
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 16 Sep 2021 08:50:54 +0200
+Subject: [PATCH] Curl_http2_setup: don't change connection data on repeat
+ invokes
+
+Regression from 3cb8a748670ab88c (releasde in 7.79.0). That change moved
+transfer oriented inits to before the check but also erroneously moved a
+few connection oriented ones, which causes problems.
+
+Reported-by: Evangelos Foutras
+Fixes #7730
+Closes #7731
+--- a/lib/http2.c
++++ b/lib/http2.c
+@@ -2221,12 +2221,6 @@ CURLcode Curl_http2_setup(struct Curl_easy *data,
+ stream->mem = data->state.buffer;
+ stream->len = data->set.buffer_size;
+
+- httpc->inbuflen = 0;
+- httpc->nread_inbuf = 0;
+-
+- httpc->pause_stream_id = 0;
+- httpc->drain_total = 0;
+-
+ multi_connchanged(data->multi);
+ /* below this point only connection related inits are done, which only needs
+ to be done once per connection */
+@@ -2252,6 +2246,12 @@ CURLcode Curl_http2_setup(struct Curl_easy *data,
+ conn->httpversion = 20;
+ conn->bundle->multiuse = BUNDLE_MULTIPLEX;
+
++ httpc->inbuflen = 0;
++ httpc->nread_inbuf = 0;
++
++ httpc->pause_stream_id = 0;
++ httpc->drain_total = 0;
++
+ infof(data, "Connection state changed (HTTP/2 confirmed)");
+
+ return CURLE_OK;
+
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/curl/, net-misc/curl/files/
@ 2022-04-20 20:14 Sam James
0 siblings, 0 replies; 30+ messages in thread
From: Sam James @ 2022-04-20 20:14 UTC (permalink / raw
To: gentoo-commits
commit: 021483c2d2bf73557d74ce0b90aafffe366e02b4
Author: Karlson2k (Evgeny Grin) <k2k <AT> narod <DOT> ru>
AuthorDate: Wed Apr 20 19:35:31 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Apr 20 20:14:39 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=021483c2
net-misc/curl: fixed "out of memory error" in 7.82.0
Closes: https://bugs.gentoo.org/836629
Signed-off-by: Karlson2k (Evgeny Grin) <k2k <AT> narod.ru>
Closes: https://github.com/gentoo/gentoo/pull/25133
Signed-off-by: Sam James <sam <AT> gentoo.org>
...curl-7.82.0-r1.ebuild => curl-7.82.0-r2.ebuild} | 1 +
.../curl/files/curl-7.82.0-certs-processing.patch | 27 ++++++++++++++++++++++
2 files changed, 28 insertions(+)
diff --git a/net-misc/curl/curl-7.82.0-r1.ebuild b/net-misc/curl/curl-7.82.0-r2.ebuild
similarity index 99%
rename from net-misc/curl/curl-7.82.0-r1.ebuild
rename to net-misc/curl/curl-7.82.0-r2.ebuild
index 9b955edd99ac..1697033eb0d2 100644
--- a/net-misc/curl/curl-7.82.0-r1.ebuild
+++ b/net-misc/curl/curl-7.82.0-r2.ebuild
@@ -93,6 +93,7 @@ MULTILIB_CHOST_TOOLS=(
PATCHES=(
"${FILESDIR}"/${PN}-7.30.0-prefix.patch
"${FILESDIR}"/${PN}-respect-cflags-3.patch
+ "${FILESDIR}"/${P}-certs-processing.patch
)
src_prepare() {
diff --git a/net-misc/curl/files/curl-7.82.0-certs-processing.patch b/net-misc/curl/files/curl-7.82.0-certs-processing.patch
new file mode 100644
index 000000000000..a62c1df20b30
--- /dev/null
+++ b/net-misc/curl/files/curl-7.82.0-certs-processing.patch
@@ -0,0 +1,27 @@
+https://github.com/curl/curl/issues/8559
+https://bugs.gentoo.org/836629
+
+From 911714d617c106ed5d553bf003e34ec94ab6a136 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Tue, 8 Mar 2022 13:38:13 +0100
+Subject: [PATCH] openssl: fix CN check error code
+
+Due to a missing 'else' this returns error too easily.
+
+Regressed in: d15692ebb
+
+Reported-by: Kristoffer Gleditsch
+Fixes #8559
+Closes #8560
+--- a/lib/vtls/openssl.c
++++ b/lib/vtls/openssl.c
+@@ -1817,7 +1817,8 @@ CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn,
+ memcpy(peer_CN, ASN1_STRING_get0_data(tmp), peerlen);
+ peer_CN[peerlen] = '\0';
+ }
+- result = CURLE_OUT_OF_MEMORY;
++ else
++ result = CURLE_OUT_OF_MEMORY;
+ }
+ }
+ else /* not a UTF8 name */
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/curl/, net-misc/curl/files/
@ 2022-05-05 13:46 Jakov Smolić
0 siblings, 0 replies; 30+ messages in thread
From: Jakov Smolić @ 2022-05-05 13:46 UTC (permalink / raw
To: gentoo-commits
commit: 3a94588919324503c7103b12b0417cb8741179aa
Author: Jakov Smolić <jsmolic <AT> gentoo <DOT> org>
AuthorDate: Thu May 5 13:46:02 2022 +0000
Commit: Jakov Smolić <jsmolic <AT> gentoo <DOT> org>
CommitDate: Thu May 5 13:46:16 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3a945889
net-misc/curl: Fix compilation with USE=mbedtls,http2
Closes: https://bugs.gentoo.org/842780
Signed-off-by: Jakov Smolić <jsmolic <AT> gentoo.org>
net-misc/curl/curl-7.83.0.ebuild | 2 ++
net-misc/curl/files/curl-7.83.0-http2.patch | 30 +++++++++++++++++++++++++++++
2 files changed, 32 insertions(+)
diff --git a/net-misc/curl/curl-7.83.0.ebuild b/net-misc/curl/curl-7.83.0.ebuild
index 150319f8e7d6..041b6cd5a2e4 100644
--- a/net-misc/curl/curl-7.83.0.ebuild
+++ b/net-misc/curl/curl-7.83.0.ebuild
@@ -96,6 +96,8 @@ MULTILIB_CHOST_TOOLS=(
PATCHES=(
"${FILESDIR}"/${PN}-7.30.0-prefix.patch
"${FILESDIR}"/${PN}-respect-cflags-3.patch
+ # Bug 842780, fixed upstream, drop on next version bump
+ "${FILESDIR}"/${P}-http2.patch
)
src_prepare() {
diff --git a/net-misc/curl/files/curl-7.83.0-http2.patch b/net-misc/curl/files/curl-7.83.0-http2.patch
new file mode 100644
index 000000000000..ede69a177b98
--- /dev/null
+++ b/net-misc/curl/files/curl-7.83.0-http2.patch
@@ -0,0 +1,30 @@
+Bug: https://bugs.gentoo.org/842780, https://github.com/curl/curl/pull/8768
+https://github.com/curl/curl/commit/6eb7fb37d901ed1e4ce07cbd628ee11bf02db1f3
+
+From 6eb7fb37d901ed1e4ce07cbd628ee11bf02db1f3 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 28 Apr 2022 17:11:50 +0200
+Subject: [PATCH] mbedtls: fix compile when h2-enabled
+
+Fixes #8766
+Reported-by: LigH-de on github
+Closes #8768
+---
+ lib/vtls/mbedtls.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c
+index 64f57c5d8321..5f9b87e6b75b 100644
+--- a/lib/vtls/mbedtls.c
++++ b/lib/vtls/mbedtls.c
+@@ -815,8 +815,8 @@ mbed_connect_step2(struct Curl_easy *data, struct connectdata *conn,
+ if(next_protocol) {
+ infof(data, VTLS_INFOF_ALPN_ACCEPTED_1STR, next_protocol);
+ #ifdef USE_HTTP2
+- if(!strncmp(next_protocol, ALPN_H2, ALPN_H2_LEN) &&
+- !next_protocol[ALPN_H2_LEN]) {
++ if(!strncmp(next_protocol, ALPN_H2, ALPN_H2_LENGTH) &&
++ !next_protocol[ALPN_H2_LENGTH]) {
+ conn->negnpn = CURL_HTTP_VERSION_2;
+ }
+ else
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/curl/, net-misc/curl/files/
@ 2022-07-02 12:41 Sam James
0 siblings, 0 replies; 30+ messages in thread
From: Sam James @ 2022-07-02 12:41 UTC (permalink / raw
To: gentoo-commits
commit: 5faad6a505dc25262ff894805bfae514df4fba8f
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Jul 2 12:41:03 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Jul 2 12:41:03 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5faad6a5
net-misc/curl: backport include fix
Closes: https://bugs.gentoo.org/855710
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-misc/curl/curl-7.84.0.ebuild | 1 +
.../curl/files/curl-7.84.0-include-sched.patch | 24 ++++++++++++++++++++++
2 files changed, 25 insertions(+)
diff --git a/net-misc/curl/curl-7.84.0.ebuild b/net-misc/curl/curl-7.84.0.ebuild
index 7ea18d7d53d0..7e08867a5200 100644
--- a/net-misc/curl/curl-7.84.0.ebuild
+++ b/net-misc/curl/curl-7.84.0.ebuild
@@ -96,6 +96,7 @@ MULTILIB_CHOST_TOOLS=(
PATCHES=(
"${FILESDIR}"/${PN}-7.30.0-prefix.patch
"${FILESDIR}"/${PN}-respect-cflags-3.patch
+ "${FILESDIR}"/${PN}-7.84.0-include-sched.patch
)
src_prepare() {
diff --git a/net-misc/curl/files/curl-7.84.0-include-sched.patch b/net-misc/curl/files/curl-7.84.0-include-sched.patch
new file mode 100644
index 000000000000..842310d2eaab
--- /dev/null
+++ b/net-misc/curl/files/curl-7.84.0-include-sched.patch
@@ -0,0 +1,24 @@
+https://github.com/curl/curl/commit/e2e7f54b7bea521fa8373095d0f43261a720cda0
+https://bugs.gentoo.org/855710
+
+From e2e7f54b7bea521fa8373095d0f43261a720cda0 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Mon, 27 Jun 2022 08:46:21 +0200
+Subject: [PATCH] easy_lock.h: include sched.h if available to fix build
+
+Patched-by: Harry Sintonen
+
+Closes #9054
+--- a/lib/easy_lock.h
++++ b/lib/easy_lock.h
+@@ -36,6 +36,9 @@
+
+ #elif defined (HAVE_ATOMIC)
+ #include <stdatomic.h>
++#if defined(HAVE_SCHED_YIELD)
++#include <sched.h>
++#endif
+
+ #define curl_simple_lock atomic_bool
+ #define CURL_SIMPLE_LOCK_INIT false
+
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/curl/, net-misc/curl/files/
@ 2022-07-03 2:36 Andreas K. Hüttel
0 siblings, 0 replies; 30+ messages in thread
From: Andreas K. Hüttel @ 2022-07-03 2:36 UTC (permalink / raw
To: gentoo-commits
commit: ad4a8aa185ee5c83bb775f398b93da9faf4431c6
Author: Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
AuthorDate: Sun Jul 3 02:34:00 2022 +0000
Commit: Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
CommitDate: Sun Jul 3 02:36:00 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ad4a8aa1
net-misc/curl: Add build fix for e.g. gcc-12/riscv
Patch comes from upstream master
Signed-off-by: Andreas K. Hüttel <dilfridge <AT> gentoo.org>
net-misc/curl/curl-7.84.0.ebuild | 1 +
net-misc/curl/files/curl-7.84.0-easylock.patch | 30 ++++++++++++++++++++++++++
2 files changed, 31 insertions(+)
diff --git a/net-misc/curl/curl-7.84.0.ebuild b/net-misc/curl/curl-7.84.0.ebuild
index c55c9520aa81..645a223aed8f 100644
--- a/net-misc/curl/curl-7.84.0.ebuild
+++ b/net-misc/curl/curl-7.84.0.ebuild
@@ -95,6 +95,7 @@ MULTILIB_CHOST_TOOLS=(
PATCHES=(
"${FILESDIR}"/${PN}-7.30.0-prefix.patch
+ "${FILESDIR}"/${PN}-7.84.0-easylock.patch
"${FILESDIR}"/${PN}-respect-cflags-3.patch
"${FILESDIR}"/${PN}-7.84.0-include-sched.patch
)
diff --git a/net-misc/curl/files/curl-7.84.0-easylock.patch b/net-misc/curl/files/curl-7.84.0-easylock.patch
new file mode 100644
index 000000000000..77ee610fc117
--- /dev/null
+++ b/net-misc/curl/files/curl-7.84.0-easylock.patch
@@ -0,0 +1,30 @@
+From 50efb0822aa0e0ab165158dd0a26e65a2290e6d2 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Tue, 28 Jun 2022 09:00:25 +0200
+Subject: [PATCH] easy_lock: switch to using atomic_int instead of bool
+
+To work with more compilers without requiring separate libs to
+link. Like with gcc-12 for RISC-V on Linux.
+
+Reported-by: Adam Sampson
+Fixes #9055
+Closes #9061
+---
+ lib/easy_lock.h | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/lib/easy_lock.h b/lib/easy_lock.h
+index 07c85c5ffdd19..9c11bc50c5f20 100644
+--- a/lib/easy_lock.h
++++ b/lib/easy_lock.h
+@@ -40,8 +40,8 @@
+ #include <sched.h>
+ #endif
+
+-#define curl_simple_lock atomic_bool
+-#define CURL_SIMPLE_LOCK_INIT false
++#define curl_simple_lock atomic_int
++#define CURL_SIMPLE_LOCK_INIT 0
+
+ static inline void curl_simple_lock_lock(curl_simple_lock *lock)
+ {
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/curl/, net-misc/curl/files/
@ 2022-10-28 17:18 Sam James
0 siblings, 0 replies; 30+ messages in thread
From: Sam James @ 2022-10-28 17:18 UTC (permalink / raw
To: gentoo-commits
commit: cc9e19d913994302ce2aff803013cd2be7dc3ce4
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Oct 28 17:18:11 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Oct 28 17:18:33 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cc9e19d9
net-misc/curl: backport proxy handling regression fixes to 7.86.0
Bug: https://bugs.gentoo.org/878365
Thanks-to: Henning Schild <henning <AT> hennsch.de>
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-misc/curl/curl-7.86.0-r1.ebuild | 289 +++++++++++++++++++++
.../curl-7.86.0-proxy-noproxy-match-comma.patch | 86 ++++++
.../curl-7.86.0-proxy-noproxy-tailmatching.patch | 66 +++++
3 files changed, 441 insertions(+)
diff --git a/net-misc/curl/curl-7.86.0-r1.ebuild b/net-misc/curl/curl-7.86.0-r1.ebuild
new file mode 100644
index 000000000000..5ab554508bc4
--- /dev/null
+++ b/net-misc/curl/curl-7.86.0-r1.ebuild
@@ -0,0 +1,289 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="8"
+
+inherit autotools prefix multilib-minimal verify-sig
+
+DESCRIPTION="A Client that groks URLs"
+HOMEPAGE="https://curl.haxx.se/"
+SRC_URI="https://curl.haxx.se/download/${P}.tar.xz
+ verify-sig? ( https://curl.haxx.se/download/${P}.tar.xz.asc )"
+
+LICENSE="curl"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="+adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap ipv6 kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd"
+IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl"
+IUSE+=" nghttp3 quiche"
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/danielstenberg.asc
+
+# Only one default ssl provider can be enabled
+REQUIRED_USE="
+ ssl? (
+ ^^ (
+ curl_ssl_gnutls
+ curl_ssl_mbedtls
+ curl_ssl_nss
+ curl_ssl_openssl
+ )
+ )"
+
+# lead to lots of false negatives, bug #285669
+RESTRICT="!test? ( test )"
+
+RDEPEND="ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] )
+ brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
+ ssl? (
+ gnutls? (
+ net-libs/gnutls:0=[static-libs?,${MULTILIB_USEDEP}]
+ dev-libs/nettle:0=[${MULTILIB_USEDEP}]
+ app-misc/ca-certificates
+ )
+ mbedtls? (
+ net-libs/mbedtls:0=[${MULTILIB_USEDEP}]
+ app-misc/ca-certificates
+ )
+ openssl? (
+ dev-libs/openssl:0=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
+ )
+ nss? (
+ dev-libs/nss:0[${MULTILIB_USEDEP}]
+ dev-libs/nss-pem
+ app-misc/ca-certificates
+ )
+ )
+ http2? ( net-libs/nghttp2:=[${MULTILIB_USEDEP}] )
+ nghttp3? (
+ net-libs/nghttp3[${MULTILIB_USEDEP}]
+ net-libs/ngtcp2[ssl,${MULTILIB_USEDEP}]
+ )
+ quiche? ( >=net-libs/quiche-0.3.0[${MULTILIB_USEDEP}] )
+ idn? ( net-dns/libidn2:0=[static-libs?,${MULTILIB_USEDEP}] )
+ adns? ( net-dns/c-ares:0=[${MULTILIB_USEDEP}] )
+ kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
+ rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
+ ssh? ( net-libs/libssh2[${MULTILIB_USEDEP}] )
+ sys-libs/zlib[${MULTILIB_USEDEP}]
+ zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )"
+
+# Do we need to enforce the same ssl backend for curl and rtmpdump? Bug #423303
+# rtmp? (
+# media-video/rtmpdump
+# curl_ssl_gnutls? ( media-video/rtmpdump[gnutls] )
+# curl_ssl_openssl? ( media-video/rtmpdump[-gnutls,ssl] )
+# )
+
+DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl
+ virtual/pkgconfig
+ test? (
+ sys-apps/diffutils
+ )
+ verify-sig? ( sec-keys/openpgp-keys-danielstenberg )"
+
+DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
+
+MULTILIB_WRAPPED_HEADERS=(
+ /usr/include/curl/curlbuild.h
+)
+
+MULTILIB_CHOST_TOOLS=(
+ /usr/bin/curl-config
+)
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-7.30.0-prefix.patch
+ "${FILESDIR}"/${PN}-respect-cflags-3.patch
+ "${FILESDIR}"/${P}-proxy-noproxy-tailmatching.patch
+ "${FILESDIR}"/${P}-proxy-noproxy-match-comma.patch
+)
+
+src_prepare() {
+ default
+
+ eprefixify curl-config.in
+ eautoreconf
+}
+
+multilib_src_configure() {
+ # We make use of the fact that later flags override earlier ones
+ # So start with all ssl providers off until proven otherwise
+ # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
+ local myconf=()
+
+ myconf+=( --without-gnutls --without-mbedtls --without-nss --without-ssl )
+ myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
+ #myconf+=( --without-default-ssl-backend )
+ if use ssl ; then
+ if use gnutls || use curl_ssl_gnutls; then
+ einfo "SSL provided by gnutls"
+ myconf+=( --with-gnutls --with-nettle )
+ fi
+ if use mbedtls || use curl_ssl_mbedtls; then
+ einfo "SSL provided by mbedtls"
+ myconf+=( --with-mbedtls )
+ fi
+ if use nss || use curl_ssl_nss; then
+ einfo "SSL provided by nss"
+ myconf+=( --with-nss --with-nss-deprecated )
+ fi
+ if use openssl || use curl_ssl_openssl; then
+ einfo "SSL provided by openssl"
+ myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
+ fi
+
+ if use curl_ssl_gnutls; then
+ einfo "Default SSL provided by gnutls"
+ myconf+=( --with-default-ssl-backend=gnutls )
+ elif use curl_ssl_mbedtls; then
+ einfo "Default SSL provided by mbedtls"
+ myconf+=( --with-default-ssl-backend=mbedtls )
+ elif use curl_ssl_nss; then
+ einfo "Default SSL provided by nss"
+ myconf+=( --with-default-ssl-backend=nss )
+ elif use curl_ssl_openssl; then
+ einfo "Default SSL provided by openssl"
+ myconf+=( --with-default-ssl-backend=openssl )
+ else
+ eerror "We can't be here because of REQUIRED_USE."
+ fi
+
+ else
+ einfo "SSL disabled"
+ fi
+
+ # These configuration options are organized alphabetically
+ # within each category. This should make it easier if we
+ # ever decide to make any of them contingent on USE flags:
+ # 1) protocols first. To see them all do
+ # 'grep SUPPORT_PROTOCOLS configure.ac'
+ # 2) --enable/disable options second.
+ # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
+ # 3) --with/without options third.
+ # grep -- --with configure | grep Check | awk '{ print $4 }' | sort
+
+ myconf+=(
+ $(use_enable alt-svc)
+ --enable-crypto-auth
+ --enable-dict
+ --disable-ech
+ --enable-file
+ $(use_enable ftp)
+ $(use_enable gopher)
+ $(use_enable hsts)
+ --enable-http
+ $(use_enable imap)
+ $(use_enable ldap)
+ $(use_enable ldap ldaps)
+ --enable-ntlm
+ --disable-ntlm-wb
+ $(use_enable pop3)
+ --enable-rt
+ --enable-rtsp
+ $(use_enable samba smb)
+ $(use_with ssh libssh2)
+ $(use_enable smtp)
+ $(use_enable telnet)
+ $(use_enable tftp)
+ --enable-tls-srp
+ $(use_enable adns ares)
+ --enable-cookies
+ --enable-dateparse
+ --enable-dnsshuffle
+ --enable-doh
+ --enable-symbol-hiding
+ --enable-http-auth
+ $(use_enable ipv6)
+ --enable-largefile
+ --enable-manual
+ --enable-mime
+ --enable-netrc
+ $(use_enable progress-meter)
+ --enable-proxy
+ --disable-sspi
+ $(use_enable static-libs static)
+ --enable-pthreads
+ --enable-threaded-resolver
+ --disable-versioned-symbols
+ --without-amissl
+ --without-bearssl
+ $(use_with brotli)
+ --without-fish-functions-dir
+ $(use_with http2 nghttp2)
+ --without-hyper
+ $(use_with idn libidn2)
+ $(use_with kerberos gssapi "${EPREFIX}"/usr)
+ --without-libgsasl
+ --without-libpsl
+ --without-msh3
+ $(use_with nghttp3)
+ $(use_with nghttp3 ngtcp2)
+ $(use_with quiche)
+ $(use_with rtmp librtmp)
+ --without-rustls
+ --without-schannel
+ --without-secure-transport
+ $(use_enable websockets)
+ --without-winidn
+ --without-wolfssl
+ --with-zlib
+ $(use_with zstd)
+ )
+
+ ECONF_SOURCE="${S}" econf "${myconf[@]}"
+
+ if ! multilib_is_native_abi; then
+ # avoid building the client
+ sed -i -e '/SUBDIRS/s:src::' Makefile || die
+ sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
+ fi
+
+ # Fix up the pkg-config file to be more robust.
+ # https://github.com/curl/curl/issues/864
+ local priv=() libs=()
+ # We always enable zlib.
+ libs+=( "-lz" )
+ priv+=( "zlib" )
+ if use http2; then
+ libs+=( "-lnghttp2" )
+ priv+=( "libnghttp2" )
+ fi
+ if use quiche; then
+ libs+=( "-lquiche" )
+ priv+=( "quiche" )
+ fi
+ if use nghttp3; then
+ libs+=( "-lnghttp3" "-lngtcp2" )
+ priv+=( "libnghttp3" "-libtcp2" )
+ fi
+ if use ssl && use curl_ssl_openssl; then
+ libs+=( "-lssl" "-lcrypto" )
+ priv+=( "openssl" )
+ fi
+ grep -q Requires.private libcurl.pc && die "need to update ebuild"
+ libs=$(printf '|%s' "${libs[@]}")
+ sed -i -r \
+ -e "/^Libs.private/s:(${libs#|})( |$)::g" \
+ libcurl.pc || die
+ echo "Requires.private: ${priv[*]}" >> libcurl.pc || die
+}
+
+multilib_src_test() {
+ # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
+ # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
+ # -v: verbose
+ # -a: keep going on failure (so we see everything which breaks, not just 1st test)
+ # -k: keep test files after completion
+ # -am: automake style TAP output
+ # -p: print logs if test fails
+ # Note: if needed, we can disable tests. See e.g. Fedora's packaging
+ # or just read https://github.com/curl/curl/tree/master/tests#run.
+ multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p"
+}
+
+multilib_src_install_all() {
+ einstalldocs
+ find "${ED}" -type f -name '*.la' -delete || die
+ rm -rf "${ED}"/etc/ || die
+}
diff --git a/net-misc/curl/files/curl-7.86.0-proxy-noproxy-match-comma.patch b/net-misc/curl/files/curl-7.86.0-proxy-noproxy-match-comma.patch
new file mode 100644
index 000000000000..6c8f4067e8d5
--- /dev/null
+++ b/net-misc/curl/files/curl-7.86.0-proxy-noproxy-match-comma.patch
@@ -0,0 +1,86 @@
+https://bugs.gentoo.org/878365#c2
+https://github.com/curl/curl/issues/9813
+https://github.com/curl/curl/commit/efc286b7a62af0568fdcbf3c68791c9955182128
+
+From efc286b7a62af0568fdcbf3c68791c9955182128 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 27 Oct 2022 13:54:27 +0200
+Subject: [PATCH] noproxy: also match with adjacent comma
+
+If the host name is an IP address and the noproxy string contained that
+IP address with a following comma, it would erroneously not match.
+
+Extended test 1614 to verify this combo as well.
+
+Reported-by: Henning Schild
+
+Fixes #9813
+Closes #9814
+--- a/lib/noproxy.c
++++ b/lib/noproxy.c
+@@ -192,18 +192,22 @@ bool Curl_check_noproxy(const char *name, const char *no_proxy)
+ /* FALLTHROUGH */
+ case TYPE_IPV6: {
+ const char *check = token;
+- char *slash = strchr(check, '/');
++ char *slash;
+ unsigned int bits = 0;
+ char checkip[128];
++ if(tokenlen >= sizeof(checkip))
++ /* this cannot match */
++ break;
++ /* copy the check name to a temp buffer */
++ memcpy(checkip, check, tokenlen);
++ checkip[tokenlen] = 0;
++ check = checkip;
++
++ slash = strchr(check, '/');
+ /* if the slash is part of this token, use it */
+- if(slash && (slash < &check[tokenlen])) {
++ if(slash) {
+ bits = atoi(slash + 1);
+- /* copy the check name to a temp buffer */
+- if(tokenlen >= sizeof(checkip))
+- break;
+- memcpy(checkip, check, tokenlen);
+- checkip[ slash - check ] = 0;
+- check = checkip;
++ *slash = 0; /* null terminate there */
+ }
+ if(type == TYPE_IPV6)
+ match = Curl_cidr6_match(name, check, bits);
+--- a/tests/data/test1614
++++ b/tests/data/test1614
+@@ -16,7 +16,7 @@ unittest
+ proxy
+ </features>
+ <name>
+-cidr comparisons
++noproxy and cidr comparisons
+ </name>
+ </client>
+ <errorcode>
+--- a/tests/unit/unit1614.c
++++ b/tests/unit/unit1614.c
+@@ -77,6 +77,20 @@ UNITTEST_START
+ { NULL, NULL, 0, FALSE} /* end marker */
+ };
+ struct noproxy list[]= {
++ { "127.0.0.1", "127.0.0.1,localhost", TRUE},
++ { "127.0.0.1", "127.0.0.1,localhost,", TRUE},
++ { "127.0.0.1", "127.0.0.1/8,localhost,", TRUE},
++ { "127.0.0.1", "127.0.0.1/28,localhost,", TRUE},
++ { "127.0.0.1", "127.0.0.1/31,localhost,", TRUE},
++ { "127.0.0.1", "localhost,127.0.0.1", TRUE},
++ { "127.0.0.1", "localhost,127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1."
++ "127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127."
++ "0.0.1.127.0.0.1.127.0.0." /* 128 bytes "address" */, FALSE},
++ { "127.0.0.1", "localhost,127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1."
++ "127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127."
++ "0.0.1.127.0.0.1.127.0.0" /* 127 bytes "address" */, FALSE},
++ { "localhost", "localhost,127.0.0.1", TRUE},
++ { "localhost", "127.0.0.1,localhost", TRUE},
+ { "foobar", "barfoo", FALSE},
+ { "foobar", "foobar", TRUE},
+ { "192.168.0.1", "foobar", FALSE},
+
diff --git a/net-misc/curl/files/curl-7.86.0-proxy-noproxy-tailmatching.patch b/net-misc/curl/files/curl-7.86.0-proxy-noproxy-tailmatching.patch
new file mode 100644
index 000000000000..15f5e64c91f3
--- /dev/null
+++ b/net-misc/curl/files/curl-7.86.0-proxy-noproxy-tailmatching.patch
@@ -0,0 +1,66 @@
+https://bugs.gentoo.org/878365#c2
+https://github.com/curl/curl/issues/9821
+https://github.com/curl/curl/commit/b830f9ba9e94acf672cd191993ff679fa888838b
+
+From b830f9ba9e94acf672cd191993ff679fa888838b Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Fri, 28 Oct 2022 10:51:49 +0200
+Subject: [PATCH] noproxy: fix tail-matching
+
+Also ignore trailing dots in both host name and comparison pattern.
+
+Regression in 7.86.0 (from 1e9a538e05c0)
+
+Extended test 1614 to verify better.
+
+Reported-by: Henning Schild
+Fixes #9821
+Closes #9822
+--- a/lib/noproxy.c
++++ b/lib/noproxy.c
+@@ -153,9 +153,14 @@ bool Curl_check_noproxy(const char *name, const char *no_proxy)
+ }
+ else {
+ unsigned int address;
++ namelen = strlen(name);
+ if(1 == Curl_inet_pton(AF_INET, name, &address))
+ type = TYPE_IPV4;
+- namelen = strlen(name);
++ else {
++ /* ignore trailing dots in the host name */
++ if(name[namelen - 1] == '.')
++ namelen--;
++ }
+ }
+
+ while(*p) {
+@@ -177,12 +182,23 @@ bool Curl_check_noproxy(const char *name, const char *no_proxy)
+ if(tokenlen) {
+ switch(type) {
+ case TYPE_HOST:
+- if(*token == '.') {
+- ++token;
+- --tokenlen;
+- /* tailmatch */
+- match = (tokenlen <= namelen) &&
+- strncasecompare(token, name + (namelen - tokenlen), namelen);
++ /* ignore trailing dots in the token to check */
++ if(token[tokenlen - 1] == '.')
++ tokenlen--;
++
++ if(tokenlen && (*token == '.')) {
++ /* A: example.com matches '.example.com'
++ B: www.example.com matches '.example.com'
++ C: nonexample.com DOES NOT match '.example.com'
++ */
++ if((tokenlen - 1) == namelen)
++ /* case A, exact match without leading dot */
++ match = strncasecompare(token + 1, name, namelen);
++ else if(tokenlen < namelen)
++ /* case B, tailmatch with leading dot */
++ match = strncasecompare(token, name + (namelen - tokenlen),
++ tokenlen);
++ /* case C passes through, not a match */
+ }
+ else
+ match = (tokenlen == namelen) &&
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/curl/, net-misc/curl/files/
@ 2022-12-23 1:29 Sam James
0 siblings, 0 replies; 30+ messages in thread
From: Sam James @ 2022-12-23 1:29 UTC (permalink / raw
To: gentoo-commits
commit: 26ad093791c6f0d4953b939e87eb259b49eb3b89
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Dec 23 01:28:08 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Dec 23 01:28:42 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=26ad0937
net-misc/curl: fix build w/ USE='gnutls openssl'
Closes: https://bugs.gentoo.org/887833
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-misc/curl/curl-7.87.0.ebuild | 16 +++++----
.../files/curl-7.87.0-gnutls-openssl-build.patch | 39 ++++++++++++++++++++++
2 files changed, 48 insertions(+), 7 deletions(-)
diff --git a/net-misc/curl/curl-7.87.0.ebuild b/net-misc/curl/curl-7.87.0.ebuild
index f804460a11c1..128b0427d016 100644
--- a/net-misc/curl/curl-7.87.0.ebuild
+++ b/net-misc/curl/curl-7.87.0.ebuild
@@ -37,16 +37,16 @@ RDEPEND="ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] )
brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
ssl? (
gnutls? (
- net-libs/gnutls:0=[static-libs?,${MULTILIB_USEDEP}]
- dev-libs/nettle:0=[${MULTILIB_USEDEP}]
+ net-libs/gnutls:=[static-libs?,${MULTILIB_USEDEP}]
+ dev-libs/nettle:=[${MULTILIB_USEDEP}]
app-misc/ca-certificates
)
mbedtls? (
- net-libs/mbedtls:0=[${MULTILIB_USEDEP}]
+ net-libs/mbedtls:=[${MULTILIB_USEDEP}]
app-misc/ca-certificates
)
openssl? (
- dev-libs/openssl:0=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
+ dev-libs/openssl:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
)
nss? (
dev-libs/nss:0[${MULTILIB_USEDEP}]
@@ -63,8 +63,8 @@ RDEPEND="ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] )
net-libs/ngtcp2[ssl,${MULTILIB_USEDEP}]
)
quiche? ( >=net-libs/quiche-0.3.0[${MULTILIB_USEDEP}] )
- idn? ( net-dns/libidn2:0=[static-libs?,${MULTILIB_USEDEP}] )
- adns? ( net-dns/c-ares:0=[${MULTILIB_USEDEP}] )
+ idn? ( net-dns/libidn2:=[static-libs?,${MULTILIB_USEDEP}] )
+ adns? ( net-dns/c-ares:=[${MULTILIB_USEDEP}] )
kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
ssh? ( net-libs/libssh2[${MULTILIB_USEDEP}] )
@@ -99,6 +99,8 @@ MULTILIB_CHOST_TOOLS=(
PATCHES=(
"${FILESDIR}"/${PN}-7.30.0-prefix.patch
"${FILESDIR}"/${PN}-respect-cflags-3.patch
+
+ "${FILESDIR}"/${P}-gnutls-openssl-build.patch
)
src_prepare() {
@@ -121,7 +123,7 @@ multilib_src_configure() {
if use gnutls || use curl_ssl_gnutls; then
einfo "SSL provided by gnutls"
- myconf+=( --with-gnutls --with-nettle )
+ myconf+=( --with-gnutls )
fi
if use mbedtls || use curl_ssl_mbedtls; then
einfo "SSL provided by mbedtls"
diff --git a/net-misc/curl/files/curl-7.87.0-gnutls-openssl-build.patch b/net-misc/curl/files/curl-7.87.0-gnutls-openssl-build.patch
new file mode 100644
index 000000000000..88463dc003f7
--- /dev/null
+++ b/net-misc/curl/files/curl-7.87.0-gnutls-openssl-build.patch
@@ -0,0 +1,39 @@
+https://bugs.gentoo.org/887833
+https://github.com/curl/curl/issues/10110
+https://github.com/curl/curl/commit/aef4dc892d012d990c85c7bad0d9d06c2ebfa775
+
+From aef4dc892d012d990c85c7bad0d9d06c2ebfa775 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 22 Dec 2022 17:40:26 +0100
+Subject: [PATCH] md4: fix build with GnuTLS + OpenSSL v1
+
+Reported-by: Esdras de Morais da Silva
+
+Fixes #10110
+Closes #10142
+--- a/lib/md4.c
++++ b/lib/md4.c
+@@ -86,11 +86,7 @@
+ #include "memdebug.h"
+
+
+-#if defined(USE_WOLFSSL) && !defined(WOLFSSL_NO_MD4)
+-
+-#elif defined(USE_OPENSSL) && !defined(OPENSSL_NO_MD4)
+-
+-#elif defined(USE_GNUTLS)
++#if defined(USE_GNUTLS)
+
+ typedef struct md4_ctx MD4_CTX;
+
+@@ -109,6 +105,10 @@ static void MD4_Final(unsigned char *result, MD4_CTX *ctx)
+ md4_digest(ctx, MD4_DIGEST_SIZE, result);
+ }
+
++#elif defined(USE_WOLFSSL) && !defined(WOLFSSL_NO_MD4)
++
++#elif defined(USE_OPENSSL) && !defined(OPENSSL_NO_MD4)
++
+ #elif defined(AN_APPLE_OS)
+ typedef CC_MD4_CTX MD4_CTX;
+
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/curl/, net-misc/curl/files/
@ 2023-02-22 10:00 Sam James
0 siblings, 0 replies; 30+ messages in thread
From: Sam James @ 2023-02-22 10:00 UTC (permalink / raw
To: gentoo-commits
commit: cbe12326fbfac876349ee179531ba24652de9025
Author: Matt Jolly <Matt.Jolly <AT> footclan <DOT> ninja>
AuthorDate: Wed Feb 22 08:47:01 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Feb 22 09:59:54 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cbe12326
net-misc/curl: add 7.88.1-r1
Includes fixes for a segfault during "bad" header dumps, silent parallel
downloads, and parallel download fixes for >199 connections.
Signed-off-by: Matt Jolly <Matt.Jolly <AT> footclan.ninja>
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-misc/curl/curl-7.88.1-r1.ebuild | 306 +++++++++++++++++++++
| 29 ++
net-misc/curl/files/curl-7.88.1-pipewait.patch | 64 +++++
.../curl/files/curl-7.88.1-silent-parallel.patch | 20 ++
4 files changed, 419 insertions(+)
diff --git a/net-misc/curl/curl-7.88.1-r1.ebuild b/net-misc/curl/curl-7.88.1-r1.ebuild
new file mode 100644
index 000000000000..9857f3a4d3a3
--- /dev/null
+++ b/net-misc/curl/curl-7.88.1-r1.ebuild
@@ -0,0 +1,306 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="8"
+
+inherit autotools multilib-minimal prefix verify-sig
+
+DESCRIPTION="A Client that groks URLs"
+HOMEPAGE="https://curl.se/"
+SRC_URI="https://curl.se/download/${P}.tar.xz
+ verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )"
+
+LICENSE="curl"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="+adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd"
+IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_rustls"
+IUSE+=" nghttp3"
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/danielstenberg.asc
+
+#Only one default ssl provider can be enabled
+REQUIRED_USE="
+ ssl? (
+ ^^ (
+ curl_ssl_gnutls
+ curl_ssl_mbedtls
+ curl_ssl_nss
+ curl_ssl_openssl
+ curl_ssl_rustls
+ )
+ )"
+
+# lead to lots of false negatives, bug #285669
+RESTRICT="!test? ( test )"
+
+RDEPEND="ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] )
+ brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
+ ssl? (
+ gnutls? (
+ net-libs/gnutls:=[static-libs?,${MULTILIB_USEDEP}]
+ dev-libs/nettle:=[${MULTILIB_USEDEP}]
+ app-misc/ca-certificates
+ )
+ mbedtls? (
+ net-libs/mbedtls:=[${MULTILIB_USEDEP}]
+ app-misc/ca-certificates
+ )
+ openssl? (
+ dev-libs/openssl:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
+ )
+ nss? (
+ dev-libs/nss:0[${MULTILIB_USEDEP}]
+ dev-libs/nss-pem
+ app-misc/ca-certificates
+ )
+ rustls? (
+ net-libs/rustls-ffi:=[${MULTILIB_USEDEP}]
+ )
+ )
+ http2? ( net-libs/nghttp2:=[${MULTILIB_USEDEP}] )
+ nghttp3? (
+ net-libs/nghttp3[${MULTILIB_USEDEP}]
+ net-libs/ngtcp2[ssl,${MULTILIB_USEDEP}]
+ )
+ idn? ( net-dns/libidn2:=[static-libs?,${MULTILIB_USEDEP}] )
+ adns? ( net-dns/c-ares:=[${MULTILIB_USEDEP}] )
+ kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
+ rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
+ ssh? ( net-libs/libssh2[${MULTILIB_USEDEP}] )
+ sys-libs/zlib[${MULTILIB_USEDEP}]
+ zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )"
+
+DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl
+ virtual/pkgconfig
+ test? (
+ sys-apps/diffutils
+ http2? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] )
+ nghttp3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] )
+ )
+ verify-sig? ( sec-keys/openpgp-keys-danielstenberg )"
+
+DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
+
+MULTILIB_WRAPPED_HEADERS=(
+ /usr/include/curl/curlbuild.h
+)
+
+MULTILIB_CHOST_TOOLS=(
+ /usr/bin/curl-config
+)
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-7.30.0-prefix.patch
+ "${FILESDIR}"/${PN}-respect-cflags-3.patch
+
+ "${FILESDIR}"/${P}-header-dump-segfault.patch
+ "${FILESDIR}"/${P}-pipewait.patch
+ "${FILESDIR}"/${P}-silent-parallel.patch
+)
+
+src_prepare() {
+ default
+
+ # Some tests (HTTP/#) rely on ssl certificates that are stored VCS which breaks
+ # with out-of-tree builds.
+ sed -i "s:my \$path = getcwd():my \$path = \"${S}/tests\":" tests/http*-server.pl \
+ || die "Unable to update test locations"
+ eprefixify curl-config.in
+ eautoreconf
+}
+
+multilib_src_configure() {
+ # We make use of the fact that later flags override earlier ones
+ # So start with all ssl providers off until proven otherwise
+ # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
+ local myconf=()
+
+ myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
+ #myconf+=( --without-default-ssl-backend )
+ if use ssl ; then
+ myconf+=( --without-gnutls --without-mbedtls --without-nss --without-rustls )
+
+ if use gnutls || use curl_ssl_gnutls; then
+ einfo "SSL provided by gnutls"
+ myconf+=( --with-gnutls )
+ fi
+ if use mbedtls || use curl_ssl_mbedtls; then
+ einfo "SSL provided by mbedtls"
+ myconf+=( --with-mbedtls )
+ fi
+ if use nss || use curl_ssl_nss; then
+ einfo "SSL provided by nss"
+ myconf+=( --with-nss --with-nss-deprecated )
+ fi
+ if use openssl || use curl_ssl_openssl; then
+ einfo "SSL provided by openssl"
+ myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
+ fi
+ if use rustls || use curl_ssl_rustls; then
+ einfo "SSL provided by rustls"
+ myconf+=( --with-rustls )
+ fi
+ if use curl_ssl_gnutls; then
+ einfo "Default SSL provided by gnutls"
+ myconf+=( --with-default-ssl-backend=gnutls )
+ elif use curl_ssl_mbedtls; then
+ einfo "Default SSL provided by mbedtls"
+ myconf+=( --with-default-ssl-backend=mbedtls )
+ elif use curl_ssl_nss; then
+ einfo "Default SSL provided by nss"
+ myconf+=( --with-default-ssl-backend=nss )
+ elif use curl_ssl_openssl; then
+ einfo "Default SSL provided by openssl"
+ myconf+=( --with-default-ssl-backend=openssl )
+ elif use curl_ssl_rustls; then
+ einfo "Default SSL provided by rustls"
+ myconf+=( --with-default-ssl-backend=rustls )
+ else
+ eerror "We can't be here because of REQUIRED_USE."
+ fi
+
+ else
+ myconf+=( --without-ssl )
+ einfo "SSL disabled"
+ fi
+
+ # These configuration options are organized alphabetically
+ # within each category. This should make it easier if we
+ # ever decide to make any of them contingent on USE flags:
+ # 1) protocols first. To see them all do
+ # 'grep SUPPORT_PROTOCOLS configure.ac'
+ # 2) --enable/disable options second.
+ # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
+ # 3) --with/without options third.
+ # grep -- --with configure | grep Check | awk '{ print $4 }' | sort
+
+ myconf+=(
+ $(use_enable alt-svc)
+ --enable-crypto-auth
+ --enable-dict
+ --disable-ech
+ --enable-file
+ $(use_enable ftp)
+ $(use_enable gopher)
+ $(use_enable hsts)
+ --enable-http
+ $(use_enable imap)
+ $(use_enable ldap)
+ $(use_enable ldap ldaps)
+ --enable-ntlm
+ --disable-ntlm-wb
+ $(use_enable pop3)
+ --enable-rt
+ --enable-rtsp
+ $(use_enable samba smb)
+ $(use_with ssh libssh2)
+ $(use_enable smtp)
+ $(use_enable telnet)
+ $(use_enable tftp)
+ --enable-tls-srp
+ $(use_enable adns ares)
+ --enable-cookies
+ --enable-dateparse
+ --enable-dnsshuffle
+ --enable-doh
+ --enable-symbol-hiding
+ --enable-http-auth
+ --enable-ipv6
+ --enable-largefile
+ --enable-manual
+ --enable-mime
+ --enable-netrc
+ $(use_enable progress-meter)
+ --enable-proxy
+ --enable-socketpair
+ --disable-sspi
+ $(use_enable static-libs static)
+ --enable-pthreads
+ --enable-threaded-resolver
+ --disable-versioned-symbols
+ --without-amissl
+ --without-bearssl
+ $(use_with brotli)
+ --without-fish-functions-dir
+ $(use_with http2 nghttp2)
+ --without-hyper
+ $(use_with idn libidn2)
+ $(use_with kerberos gssapi "${EPREFIX}"/usr)
+ --without-libgsasl
+ --without-libpsl
+ --without-msh3
+ $(use_with nghttp3)
+ $(use_with nghttp3 ngtcp2)
+ --without-quiche
+ $(use_with rtmp librtmp)
+ --without-schannel
+ --without-secure-transport
+ --without-test-caddy
+ --without-test-httpd
+ --without-test-nghttpx
+ $(use_enable websockets)
+ --without-winidn
+ --without-wolfssl
+ --with-zlib
+ $(use_with zstd)
+ )
+
+ if use test && multilib_is_native_abi && ( use http2 || use nghttp3 ); then
+ myconf+=(
+ --with-test-nghttpx="${BROOT}/usr/bin/nghttpx"
+ )
+ fi
+
+ ECONF_SOURCE="${S}" econf "${myconf[@]}"
+
+ if ! multilib_is_native_abi; then
+ # avoid building the client
+ sed -i -e '/SUBDIRS/s:src::' Makefile || die
+ sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
+ fi
+
+ # Fix up the pkg-config file to be more robust.
+ # https://github.com/curl/curl/issues/864
+ local priv=() libs=()
+ # We always enable zlib.
+ libs+=( "-lz" )
+ priv+=( "zlib" )
+ if use http2; then
+ libs+=( "-lnghttp2" )
+ priv+=( "libnghttp2" )
+ fi
+ if use nghttp3; then
+ libs+=( "-lnghttp3" "-lngtcp2" )
+ priv+=( "libnghttp3" "libngtcp2" )
+ fi
+ if use ssl && use curl_ssl_openssl; then
+ libs+=( "-lssl" "-lcrypto" )
+ priv+=( "openssl" )
+ fi
+ grep -q Requires.private libcurl.pc && die "need to update ebuild"
+ libs=$(printf '|%s' "${libs[@]}")
+ sed -i -r \
+ -e "/^Libs.private/s:(${libs#|})( |$)::g" \
+ libcurl.pc || die
+ echo "Requires.private: ${priv[*]}" >> libcurl.pc || die
+}
+
+multilib_src_test() {
+ # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
+ # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
+ # -v: verbose
+ # -a: keep going on failure (so we see everything which breaks, not just 1st test)
+ # -k: keep test files after completion
+ # -am: automake style TAP output
+ # -p: print logs if test fails
+ # Note: if needed, we can disable tests. See e.g. Fedora's packaging
+ # or just read https://github.com/curl/curl/tree/master/tests#run.
+ multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p"
+}
+
+multilib_src_install_all() {
+ einstalldocs
+ find "${ED}" -type f -name '*.la' -delete || die
+ rm -rf "${ED}"/etc/ || die
+}
--git a/net-misc/curl/files/curl-7.88.1-header-dump-segfault.patch b/net-misc/curl/files/curl-7.88.1-header-dump-segfault.patch
new file mode 100644
index 000000000000..48ebb7a5e45f
--- /dev/null
+++ b/net-misc/curl/files/curl-7.88.1-header-dump-segfault.patch
@@ -0,0 +1,29 @@
+https://github.com/curl/curl/commit/1c9cfb7af368feefb522caf81b052ee742a76da8
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Mon, 20 Feb 2023 18:35:13 +0100
+Subject: [PATCH] tool_operate: avoid fclose(NULL) on bad header dump file
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fixes #10570
+Reported-by: Jérémy Rabasco
+Closes #10571
+--- a/src/tool_operate.c
++++ b/src/tool_operate.c
+@@ -984,12 +984,13 @@ static CURLcode single_transfer(struct GlobalConfig *global,
+ */
+ if(!per->prev || per->prev->config != config) {
+ newfile = fopen(config->headerfile, "wb+");
+- fclose(newfile);
++ if(newfile)
++ fclose(newfile);
+ }
+ newfile = fopen(config->headerfile, "ab+");
+
+ if(!newfile) {
+- warnf(global, "Failed to open %s\n", config->headerfile);
++ errorf(global, "Failed to open %s\n", config->headerfile);
+ result = CURLE_WRITE_ERROR;
+ break;
+ }
diff --git a/net-misc/curl/files/curl-7.88.1-pipewait.patch b/net-misc/curl/files/curl-7.88.1-pipewait.patch
new file mode 100644
index 000000000000..6c626a86c8e0
--- /dev/null
+++ b/net-misc/curl/files/curl-7.88.1-pipewait.patch
@@ -0,0 +1,64 @@
+https://github.com/curl/curl/commit/821f6e2a89de8aec1c7da3c0f381b92b2b801efc
+From: Stefan Eissing <stefan@eissing.org>
+Date: Thu, 9 Feb 2023 16:07:34 +0100
+Subject: [PATCH] CURLOPT_PIPEWAIT: allow waited reuse also for subsequent
+ connections
+
+note: Dropped test portion of patch; not shipped in source tarball!
+
+As tested in test_02_07, when firing off 200 urls with --parallel, 199
+wait for the first connection to be established. if that is multiuse,
+urls are added up to its capacity.
+
+The first url over capacity opens another connection. But subsequent
+urls found the same situation and open a connection too. They should
+have waited for the second connection to actually connect and make its
+capacity known.
+
+This change fixes that by
+
+- setting `connkeep()` early in the HTTP setup handler. as otherwise
+ a new connection is marked as closeit by default and not considered
+ for multiuse at all
+- checking the "connected" status for a candidate always and continuing
+ to PIPEWAIT if no alternative is found.
+
+pytest:
+- removed "skip" from test_02_07
+- added test_02_07b to check that http/1.1 continues to work as before
+
+Closes #10456
+--- a/lib/http.c
++++ b/lib/http.c
+@@ -233,6 +233,7 @@ static CURLcode http_setup_conn(struct Curl_easy *data,
+
+ Curl_mime_initpart(&http->form);
+ data->req.p.http = http;
++ connkeep(conn, "HTTP default");
+
+ if((data->state.httpwant == CURL_HTTP_VERSION_3)
+ || (data->state.httpwant == CURL_HTTP_VERSION_3ONLY)) {
+--- a/lib/url.c
++++ b/lib/url.c
+@@ -1170,14 +1170,14 @@ ConnectionExists(struct Curl_easy *data,
+ continue;
+ }
+ }
++ }
+
+- if(!Curl_conn_is_connected(check, FIRSTSOCKET)) {
+- foundPendingCandidate = TRUE;
+- /* Don't pick a connection that hasn't connected yet */
+- infof(data, "Connection #%ld isn't open enough, can't reuse",
+- check->connection_id);
+- continue;
+- }
++ if(!Curl_conn_is_connected(check, FIRSTSOCKET)) {
++ foundPendingCandidate = TRUE;
++ /* Don't pick a connection that hasn't connected yet */
++ infof(data, "Connection #%ld isn't open enough, can't reuse",
++ check->connection_id);
++ continue;
+ }
+
+ #ifdef USE_UNIX_SOCKETS
diff --git a/net-misc/curl/files/curl-7.88.1-silent-parallel.patch b/net-misc/curl/files/curl-7.88.1-silent-parallel.patch
new file mode 100644
index 000000000000..1162067f73b3
--- /dev/null
+++ b/net-misc/curl/files/curl-7.88.1-silent-parallel.patch
@@ -0,0 +1,20 @@
+https://github.com/curl/curl/commit/475207c1c834ecf203dc4f3bc1917ae87628b6d0
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Tue, 21 Feb 2023 11:38:03 +0100
+Subject: [PATCH] tool_progress: shut off progress meter for --silent in
+ parallel
+
+Reported-by: finkjsc on github
+Fixes #10573
+Closes #10579
+--- a/src/tool_progress.c
++++ b/src/tool_progress.c
+@@ -173,7 +173,7 @@ bool progress_meter(struct GlobalConfig *global,
+ struct timeval now;
+ long diff;
+
+- if(global->noprogress)
++ if(global->noprogress || global->silent)
+ return FALSE;
+
+ now = tvnow();
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/curl/, net-misc/curl/files/
@ 2023-03-23 8:59 Sam James
0 siblings, 0 replies; 30+ messages in thread
From: Sam James @ 2023-03-23 8:59 UTC (permalink / raw
To: gentoo-commits
commit: 3bca090841779256251eec23164a715e3356c3f0
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Mar 23 08:51:32 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Mar 23 08:59:13 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3bca0908
net-misc/curl: add 8.0.1
Note that https://github.com/curl/curl/commit/372b95f77f08ae7a64a5bca53cfb342ec5a8adc9
did get fixed in this release, although the warnings in bug 898364 weren't real
issues here.
Kangie's done a great job of upstreaming various fixes here but is away at
the moment so I'm doing the easy bit of just bumping the ebuild.
Also sorted dependencies and some other minor tweaks to comments.
Bug: https://bugs.gentoo.org/902801
Closes: https://bugs.gentoo.org/879237
Closes: https://bugs.gentoo.org/898364
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-misc/curl/Manifest | 2 +
net-misc/curl/curl-8.0.1.ebuild | 316 +++++++++++++++++++++
.../curl/files/curl-8.0.1-onion-resolution.patch | 158 +++++++++++
3 files changed, 476 insertions(+)
diff --git a/net-misc/curl/Manifest b/net-misc/curl/Manifest
index e32343230d55..7b6217a5f3f0 100644
--- a/net-misc/curl/Manifest
+++ b/net-misc/curl/Manifest
@@ -2,3 +2,5 @@ DIST curl-7.87.0.tar.xz 2547932 BLAKE2B b272ec928c5ef1728434630d8910f58834327a30
DIST curl-7.87.0.tar.xz.asc 488 BLAKE2B 031d8236b357bd3c519548b181254dc0aea1efc1375738bce04f4f331d35bafe99d1ca394ecf5943ede7cae040854b6d2b478fd305147eb7330f8d50e5d95c96 SHA512 0bcc12bafc4ae50d80128af2cf4bf1a1ec6018ebb8d5b9c49f52b51c0c25acc77e820858965656549ef43c1f923f4e5fe75b0a3523623154b4cfb9dc8a1d76e4
DIST curl-7.88.1.tar.xz 2581032 BLAKE2B ed7e7aa29efb02fd89a53d5c8d0ec79b4d17612ea07d2a6b5a951f0ca651b4cf7264704344b1a0c2d82196f4cb5c08525e06b4cdd432bc3278ff23c7a6580839 SHA512 b8d30c52a6d1c3e272608a7a8db78dfd79aef21330f34d6f1df43839a400e13ac6aac72a383526db0b711a70ecbec89a3b934677d7ecf5094fd64d3dbcb3492f
DIST curl-7.88.1.tar.xz.asc 488 BLAKE2B ea90d840846fca3f0b17838a84431cb44d6e3f8d2b42c3eced1fb1c929a58e8899b303c93d27ca3cafcaa52e7269ac440e7102191d6b2c2751729a6c4116e82f SHA512 d6dc720533004c4d533cc4fb3dd33ac28d95e114f440ec011e4b58f65d1f4c40cfa10ba26d2e2f2f1f9de99511632578b4758c5e79593c7c30d29788fdf1cbb6
+DIST curl-8.0.1.tar.xz 2575544 BLAKE2B 67d82e9d71f0a351b5c2ed3ad5eab02e367ded872658a295179b935729d5105015f8c29569c396e11cd14036656af894ded85c8838cba260d9f6f1a8dcb5e22b SHA512 3bb777982659ed697ae90f113ff7b65d6ce8ba9fe6a8984cfd6769d2f051a72ba953c911abe234c204ec2cc5a35d68b4d033037fad7fba31bb92a52543f8d13d
+DIST curl-8.0.1.tar.xz.asc 488 BLAKE2B 452e1bebe1028e7621bbf8829e50cf56e254cd63a8cf2a4c0332176b9f18fb2821304ae556a203996d273c986bddbd04db2218c18fd34dee66e9155861ba50ce SHA512 92c6a0570e9a8a708fe2f717b8b37a68dcb9cd4520ca50c9baafec5891bda103bce2d2dcb67f1387bf11bd7e51e0e64ccd52d196e61d58b598ad3aa1960386cf
diff --git a/net-misc/curl/curl-8.0.1.ebuild b/net-misc/curl/curl-8.0.1.ebuild
new file mode 100644
index 000000000000..6af2629111d2
--- /dev/null
+++ b/net-misc/curl/curl-8.0.1.ebuild
@@ -0,0 +1,316 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/danielstenberg.asc
+inherit autotools multilib-minimal prefix verify-sig
+
+DESCRIPTION="A Client that groks URLs"
+HOMEPAGE="https://curl.se/"
+SRC_URI="
+ https://curl.se/download/${P}.tar.xz
+ verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )
+"
+
+LICENSE="curl"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="+adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd"
+IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_rustls"
+IUSE+=" nghttp3"
+RESTRICT="!test? ( test )"
+
+# Only one default ssl provider can be enabled
+REQUIRED_USE="
+ ssl? (
+ ^^ (
+ curl_ssl_gnutls
+ curl_ssl_mbedtls
+ curl_ssl_nss
+ curl_ssl_openssl
+ curl_ssl_rustls
+ )
+ )
+"
+
+RDEPEND="
+ sys-libs/zlib[${MULTILIB_USEDEP}]
+ adns? ( net-dns/c-ares:=[${MULTILIB_USEDEP}] )
+ brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
+ http2? ( net-libs/nghttp2:=[${MULTILIB_USEDEP}] )
+ idn? ( net-dns/libidn2:=[static-libs?,${MULTILIB_USEDEP}] )
+ kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
+ ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] )
+ nghttp3? (
+ net-libs/nghttp3[${MULTILIB_USEDEP}]
+ net-libs/ngtcp2[ssl,${MULTILIB_USEDEP}]
+ )
+ rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
+ ssh? ( net-libs/libssh2[${MULTILIB_USEDEP}] )
+ ssl? (
+ gnutls? (
+ app-misc/ca-certificates
+ net-libs/gnutls:=[static-libs?,${MULTILIB_USEDEP}]
+ dev-libs/nettle:=[${MULTILIB_USEDEP}]
+ )
+ mbedtls? (
+ app-misc/ca-certificates
+ net-libs/mbedtls:=[${MULTILIB_USEDEP}]
+ )
+ nss? (
+ app-misc/ca-certificates
+ dev-libs/nss[${MULTILIB_USEDEP}]
+ dev-libs/nss-pem
+ )
+ openssl? (
+ dev-libs/openssl:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
+ )
+ rustls? (
+ net-libs/rustls-ffi:=[${MULTILIB_USEDEP}]
+ )
+ )
+ zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )
+"
+DEPEND="${RDEPEND}"
+BDEPEND="
+ dev-lang/perl
+ virtual/pkgconfig
+ test? (
+ sys-apps/diffutils
+ http2? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] )
+ nghttp3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] )
+ )
+ verify-sig? ( sec-keys/openpgp-keys-danielstenberg )
+"
+
+DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
+
+MULTILIB_WRAPPED_HEADERS=(
+ /usr/include/curl/curlbuild.h
+)
+
+MULTILIB_CHOST_TOOLS=(
+ /usr/bin/curl-config
+)
+
+QA_CONFIG_IMPL_DECL_SKIP=(
+ __builtin_available
+ closesocket
+ CloseSocket
+ getpass_r
+ ioctlsocket
+ IoctlSocket
+ mach_absolute_time
+ setmode
+)
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-7.30.0-prefix.patch
+ "${FILESDIR}"/${PN}-respect-cflags-3.patch
+
+ # Backports
+ "${FILESDIR}"/${PN}-8.0.1-onion-resolution.patch
+)
+
+src_prepare() {
+ default
+
+ eprefixify curl-config.in
+ eautoreconf
+}
+
+multilib_src_configure() {
+ # We make use of the fact that later flags override earlier ones
+ # So start with all ssl providers off until proven otherwise
+ # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
+ local myconf=()
+
+ myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
+ #myconf+=( --without-default-ssl-backend )
+ if use ssl ; then
+ myconf+=( --without-gnutls --without-mbedtls --without-nss --without-rustls )
+
+ if use gnutls || use curl_ssl_gnutls; then
+ einfo "SSL provided by gnutls"
+ myconf+=( --with-gnutls )
+ fi
+ if use mbedtls || use curl_ssl_mbedtls; then
+ einfo "SSL provided by mbedtls"
+ myconf+=( --with-mbedtls )
+ fi
+ if use nss || use curl_ssl_nss; then
+ einfo "SSL provided by nss"
+ myconf+=( --with-nss --with-nss-deprecated )
+ fi
+ if use openssl || use curl_ssl_openssl; then
+ einfo "SSL provided by openssl"
+ myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
+ fi
+ if use rustls || use curl_ssl_rustls; then
+ einfo "SSL provided by rustls"
+ myconf+=( --with-rustls )
+ fi
+ if use curl_ssl_gnutls; then
+ einfo "Default SSL provided by gnutls"
+ myconf+=( --with-default-ssl-backend=gnutls )
+ elif use curl_ssl_mbedtls; then
+ einfo "Default SSL provided by mbedtls"
+ myconf+=( --with-default-ssl-backend=mbedtls )
+ elif use curl_ssl_nss; then
+ einfo "Default SSL provided by nss"
+ myconf+=( --with-default-ssl-backend=nss )
+ elif use curl_ssl_openssl; then
+ einfo "Default SSL provided by openssl"
+ myconf+=( --with-default-ssl-backend=openssl )
+ elif use curl_ssl_rustls; then
+ einfo "Default SSL provided by rustls"
+ myconf+=( --with-default-ssl-backend=rustls )
+ else
+ eerror "We can't be here because of REQUIRED_USE."
+ fi
+
+ else
+ myconf+=( --without-ssl )
+ einfo "SSL disabled"
+ fi
+
+ # These configuration options are organized alphabetically
+ # within each category. This should make it easier if we
+ # ever decide to make any of them contingent on USE flags:
+ # 1) protocols first. To see them all do
+ # 'grep SUPPORT_PROTOCOLS configure.ac'
+ # 2) --enable/disable options second.
+ # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
+ # 3) --with/without options third.
+ # grep -- --with configure | grep Check | awk '{ print $4 }' | sort
+
+ myconf+=(
+ $(use_enable alt-svc)
+ --enable-crypto-auth
+ --enable-dict
+ --disable-ech
+ --enable-file
+ $(use_enable ftp)
+ $(use_enable gopher)
+ $(use_enable hsts)
+ --enable-http
+ $(use_enable imap)
+ $(use_enable ldap)
+ $(use_enable ldap ldaps)
+ --enable-ntlm
+ --disable-ntlm-wb
+ $(use_enable pop3)
+ --enable-rt
+ --enable-rtsp
+ $(use_enable samba smb)
+ $(use_with ssh libssh2)
+ $(use_enable smtp)
+ $(use_enable telnet)
+ $(use_enable tftp)
+ --enable-tls-srp
+ $(use_enable adns ares)
+ --enable-cookies
+ --enable-dateparse
+ --enable-dnsshuffle
+ --enable-doh
+ --enable-symbol-hiding
+ --enable-http-auth
+ --enable-ipv6
+ --enable-largefile
+ --enable-manual
+ --enable-mime
+ --enable-netrc
+ $(use_enable progress-meter)
+ --enable-proxy
+ --enable-socketpair
+ --disable-sspi
+ $(use_enable static-libs static)
+ --enable-pthreads
+ --enable-threaded-resolver
+ --disable-versioned-symbols
+ --without-amissl
+ --without-bearssl
+ $(use_with brotli)
+ --without-fish-functions-dir
+ $(use_with http2 nghttp2)
+ --without-hyper
+ $(use_with idn libidn2)
+ $(use_with kerberos gssapi "${EPREFIX}"/usr)
+ --without-libgsasl
+ --without-libpsl
+ --without-msh3
+ $(use_with nghttp3)
+ $(use_with nghttp3 ngtcp2)
+ --without-quiche
+ $(use_with rtmp librtmp)
+ --without-schannel
+ --without-secure-transport
+ --without-test-caddy
+ --without-test-httpd
+ --without-test-nghttpx
+ $(use_enable websockets)
+ --without-winidn
+ --without-wolfssl
+ --with-zlib
+ $(use_with zstd)
+ )
+
+ if use test && multilib_is_native_abi && ( use http2 || use nghttp3 ); then
+ myconf+=(
+ --with-test-nghttpx="${BROOT}/usr/bin/nghttpx"
+ )
+ fi
+
+ ECONF_SOURCE="${S}" econf "${myconf[@]}"
+
+ if ! multilib_is_native_abi; then
+ # Avoid building the client (we just want libcurl for multilib)
+ sed -i -e '/SUBDIRS/s:src::' Makefile || die
+ sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
+ fi
+
+ # Fix up the pkg-config file to be more robust.
+ # https://github.com/curl/curl/issues/864
+ local priv=() libs=()
+ # We always enable zlib.
+ libs+=( "-lz" )
+ priv+=( "zlib" )
+ if use http2; then
+ libs+=( "-lnghttp2" )
+ priv+=( "libnghttp2" )
+ fi
+ if use nghttp3; then
+ libs+=( "-lnghttp3" "-lngtcp2" )
+ priv+=( "libnghttp3" "libngtcp2" )
+ fi
+ if use ssl && use curl_ssl_openssl; then
+ libs+=( "-lssl" "-lcrypto" )
+ priv+=( "openssl" )
+ fi
+ grep -q Requires.private libcurl.pc && die "need to update ebuild"
+ libs=$(printf '|%s' "${libs[@]}")
+ sed -i -r \
+ -e "/^Libs.private/s:(${libs#|})( |$)::g" \
+ libcurl.pc || die
+ echo "Requires.private: ${priv[*]}" >> libcurl.pc || die
+}
+
+multilib_src_test() {
+ # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
+ # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
+ # -v: verbose
+ # -a: keep going on failure (so we see everything which breaks, not just 1st test)
+ # -k: keep test files after completion
+ # -am: automake style TAP output
+ # -p: print logs if test fails
+ # Note: if needed, we can skip specific tests. See e.g. Fedora's packaging
+ # or just read https://github.com/curl/curl/tree/master/tests#run.
+ multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p"
+}
+
+multilib_src_install_all() {
+ einstalldocs
+ find "${ED}" -type f -name '*.la' -delete || die
+ rm -rf "${ED}"/etc/ || die
+}
diff --git a/net-misc/curl/files/curl-8.0.1-onion-resolution.patch b/net-misc/curl/files/curl-8.0.1-onion-resolution.patch
new file mode 100644
index 000000000000..65b486529c1f
--- /dev/null
+++ b/net-misc/curl/files/curl-8.0.1-onion-resolution.patch
@@ -0,0 +1,158 @@
+https://bugs.gentoo.org/887287
+https://github.com/curl/curl/pull/10705
+
+From e2bbd1adc22ec5033e2292b780e1790db93c3cb4 Mon Sep 17 00:00:00 2001
+From: Matt Jolly <Matt.Jolly@footclan.ninja>
+Date: Wed, 8 Mar 2023 02:16:45 +1100
+Subject: [PATCH] Refuse to resolve the .onion TLD.
+
+RFC 7686 states that:
+
+> Applications that do not implement the Tor
+> protocol SHOULD generate an error upon the use of .onion and
+> SHOULD NOT perform a DNS lookup.
+
+Let's do that.
+
+See curl/curl#543
+https://www.rfc-editor.org/rfc/rfc7686#section-2
+--- a/docs/KNOWN_BUGS
++++ b/docs/KNOWN_BUGS
+@@ -80,7 +80,6 @@ problems may have been fixed or changed somewhat since this was written.
+ 10.3 FTPS over SOCKS
+
+ 11. Internals
+- 11.1 Curl leaks .onion hostnames in DNS
+ 11.2 error buffer not set if connection to multiple addresses fails
+ 11.4 HTTP test server 'connection-monitor' problems
+ 11.5 Connection information when using TCP Fast Open
+@@ -525,14 +524,6 @@ problems may have been fixed or changed somewhat since this was written.
+
+ 11. Internals
+
+-11.1 Curl leaks .onion hostnames in DNS
+-
+- Curl sends DNS requests for hostnames with a .onion TLD. This leaks
+- information about what the user is attempting to access, and violates this
+- requirement of RFC7686: https://datatracker.ietf.org/doc/html/rfc7686
+-
+- Issue: https://github.com/curl/curl/issues/543
+-
+ 11.2 error buffer not set if connection to multiple addresses fails
+
+ If you ask libcurl to resolve a hostname like example.com to IPv6 addresses
+--- a/lib/hostip.c
++++ b/lib/hostip.c
+@@ -652,6 +652,14 @@ enum resolve_t Curl_resolv(struct Curl_easy *data,
+ CURLcode result;
+ enum resolve_t rc = CURLRESOLV_ERROR; /* default to failure */
+ struct connectdata *conn = data->conn;
++ /* We should intentionally error and not resolve .onion TLDs */
++ size_t hostname_len = strlen(hostname);
++ if(hostname_len >= 7 &&
++ (curl_strequal(&hostname[hostname_len-6], ".onion") ||
++ curl_strequal(&hostname[hostname_len-7], ".onion."))) {
++ failf(data, "Not resolving .onion address (RFC 7686)");
++ return CURLRESOLV_ERROR;
++ }
+ *entry = NULL;
+ #ifndef CURL_DISABLE_DOH
+ conn->bits.doh = FALSE; /* default is not */
+--- a/tests/data/Makefile.inc
++++ b/tests/data/Makefile.inc
+@@ -186,8 +186,8 @@ test1432 test1433 test1434 test1435 test1436 test1437 test1438 test1439 \
+ test1440 test1441 test1442 test1443 test1444 test1445 test1446 test1447 \
+ test1448 test1449 test1450 test1451 test1452 test1453 test1454 test1455 \
+ test1456 test1457 test1458 test1459 test1460 test1461 test1462 test1463 \
+-test1464 test1465 test1466 test1467 test1468 test1469 test1470 \
+-\
++test1464 test1465 test1466 test1467 test1468 test1469 test1470 test1471 \
++test1472 \
+ test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1507 \
+ test1508 test1509 test1510 test1511 test1512 test1513 test1514 test1515 \
+ test1516 test1517 test1518 test1519 test1520 test1521 test1522 test1523 \
+--- /dev/null
++++ b/tests/data/test1471
+@@ -0,0 +1,39 @@
++<testcase>
++<info>
++<keywords>
++Onion
++Tor
++FAILURE
++</keywords>
++</info>
++#
++# Server-side
++<reply>
++</reply>
++
++#
++# Client-side
++<client>
++<server>
++none
++</server>
++<name>
++Fail to resolve .onion TLD
++</name>
++<command>
++red.onion
++</command>
++</client>
++
++#
++# Verify data after the test has been "shot"
++<verify>
++# Couldn't resolve host name
++<errorcode>
++6
++</errorcode>
++<stderr mode="text">
++curl: (6) Not resolving .onion address (RFC 7686)
++</stderr>
++</verify>
++</testcase>
+--- /dev/null
++++ b/tests/data/test1472
+@@ -0,0 +1,39 @@
++<testcase>
++<info>
++<keywords>
++Onion
++Tor
++FAILURE
++</keywords>
++</info>
++#
++# Server-side
++<reply>
++</reply>
++
++#
++# Client-side
++<client>
++<server>
++none
++</server>
++<name>
++Fail to resolve .onion. TLD
++</name>
++<command>
++tasty.onion.
++</command>
++</client>
++
++#
++# Verify data after the test has been "shot"
++<verify>
++# Couldn't resolve host name
++<errorcode>
++6
++</errorcode>
++<stderr mode="text">
++curl: (6) Not resolving .onion address (RFC 7686)
++</stderr>
++</verify>
++</testcase>
+
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/curl/, net-misc/curl/files/
@ 2023-05-17 7:58 Sam James
0 siblings, 0 replies; 30+ messages in thread
From: Sam James @ 2023-05-17 7:58 UTC (permalink / raw
To: gentoo-commits
commit: e157923b659d2650cb9eb5a3084d9539f6487b29
Author: Matt Jolly <Matt.Jolly <AT> footclan <DOT> ninja>
AuthorDate: Wed May 17 07:51:10 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed May 17 07:58:25 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e157923b
net-misc/curl: drop 7.88.1-r2
Bug: https://bugs.gentoo.org/902801
Signed-off-by: Matt Jolly <Matt.Jolly <AT> footclan.ninja>
Closes: https://github.com/gentoo/gentoo/pull/31074
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-misc/curl/Manifest | 2 -
net-misc/curl/curl-7.88.1-r2.ebuild | 307 ---------------------
| 29 --
.../curl/files/curl-7.88.1-onion-resolution.patch | 134 ---------
net-misc/curl/files/curl-7.88.1-pipewait.patch | 64 -----
.../curl/files/curl-7.88.1-silent-parallel.patch | 20 --
6 files changed, 556 deletions(-)
diff --git a/net-misc/curl/Manifest b/net-misc/curl/Manifest
index 6e39d609ad9b..23d992711598 100644
--- a/net-misc/curl/Manifest
+++ b/net-misc/curl/Manifest
@@ -1,5 +1,3 @@
-DIST curl-7.88.1.tar.xz 2581032 BLAKE2B ed7e7aa29efb02fd89a53d5c8d0ec79b4d17612ea07d2a6b5a951f0ca651b4cf7264704344b1a0c2d82196f4cb5c08525e06b4cdd432bc3278ff23c7a6580839 SHA512 b8d30c52a6d1c3e272608a7a8db78dfd79aef21330f34d6f1df43839a400e13ac6aac72a383526db0b711a70ecbec89a3b934677d7ecf5094fd64d3dbcb3492f
-DIST curl-7.88.1.tar.xz.asc 488 BLAKE2B ea90d840846fca3f0b17838a84431cb44d6e3f8d2b42c3eced1fb1c929a58e8899b303c93d27ca3cafcaa52e7269ac440e7102191d6b2c2751729a6c4116e82f SHA512 d6dc720533004c4d533cc4fb3dd33ac28d95e114f440ec011e4b58f65d1f4c40cfa10ba26d2e2f2f1f9de99511632578b4758c5e79593c7c30d29788fdf1cbb6
DIST curl-8.0.1.tar.xz 2575544 BLAKE2B 67d82e9d71f0a351b5c2ed3ad5eab02e367ded872658a295179b935729d5105015f8c29569c396e11cd14036656af894ded85c8838cba260d9f6f1a8dcb5e22b SHA512 3bb777982659ed697ae90f113ff7b65d6ce8ba9fe6a8984cfd6769d2f051a72ba953c911abe234c204ec2cc5a35d68b4d033037fad7fba31bb92a52543f8d13d
DIST curl-8.0.1.tar.xz.asc 488 BLAKE2B 452e1bebe1028e7621bbf8829e50cf56e254cd63a8cf2a4c0332176b9f18fb2821304ae556a203996d273c986bddbd04db2218c18fd34dee66e9155861ba50ce SHA512 92c6a0570e9a8a708fe2f717b8b37a68dcb9cd4520ca50c9baafec5891bda103bce2d2dcb67f1387bf11bd7e51e0e64ccd52d196e61d58b598ad3aa1960386cf
DIST curl-8.1.0.tar.xz 2612568 BLAKE2B 768a824b8f5f6ddaa073599c4106f07a8134bcbe0e0d666390be1bce16ba25386d85930853bb47bc90b2c8a499a0b2abb9c685042563801e0fe58b9c315ac6cc SHA512 b99926f372ddd715cd1d2b54d8fb96b26b085e6501715e25aa57b6c6a7f8452473506ddb284e2f280f8afdb301b7f0c3bfde7ad7ed393b12c022430a9301096d
diff --git a/net-misc/curl/curl-7.88.1-r2.ebuild b/net-misc/curl/curl-7.88.1-r2.ebuild
deleted file mode 100644
index 98f09d3e9b4b..000000000000
--- a/net-misc/curl/curl-7.88.1-r2.ebuild
+++ /dev/null
@@ -1,307 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="8"
-
-inherit autotools multilib-minimal prefix verify-sig
-
-DESCRIPTION="A Client that groks URLs"
-HOMEPAGE="https://curl.se/"
-SRC_URI="https://curl.se/download/${P}.tar.xz
- verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )"
-
-LICENSE="curl"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="+adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd"
-IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_rustls"
-IUSE+=" nghttp3"
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/danielstenberg.asc
-
-#Only one default ssl provider can be enabled
-REQUIRED_USE="
- ssl? (
- ^^ (
- curl_ssl_gnutls
- curl_ssl_mbedtls
- curl_ssl_nss
- curl_ssl_openssl
- curl_ssl_rustls
- )
- )"
-
-# lead to lots of false negatives, bug #285669
-RESTRICT="!test? ( test )"
-
-RDEPEND="ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] )
- brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
- ssl? (
- gnutls? (
- net-libs/gnutls:=[static-libs?,${MULTILIB_USEDEP}]
- dev-libs/nettle:=[${MULTILIB_USEDEP}]
- app-misc/ca-certificates
- )
- mbedtls? (
- net-libs/mbedtls:=[${MULTILIB_USEDEP}]
- app-misc/ca-certificates
- )
- openssl? (
- dev-libs/openssl:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
- )
- nss? (
- dev-libs/nss:0[${MULTILIB_USEDEP}]
- dev-libs/nss-pem
- app-misc/ca-certificates
- )
- rustls? (
- net-libs/rustls-ffi:=[${MULTILIB_USEDEP}]
- )
- )
- http2? ( net-libs/nghttp2:=[${MULTILIB_USEDEP}] )
- nghttp3? (
- net-libs/nghttp3[${MULTILIB_USEDEP}]
- net-libs/ngtcp2[ssl,${MULTILIB_USEDEP}]
- )
- idn? ( net-dns/libidn2:=[static-libs?,${MULTILIB_USEDEP}] )
- adns? ( net-dns/c-ares:=[${MULTILIB_USEDEP}] )
- kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
- rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
- ssh? ( net-libs/libssh2[${MULTILIB_USEDEP}] )
- sys-libs/zlib[${MULTILIB_USEDEP}]
- zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )"
-
-DEPEND="${RDEPEND}"
-BDEPEND="dev-lang/perl
- virtual/pkgconfig
- test? (
- sys-apps/diffutils
- http2? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] )
- nghttp3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] )
- )
- verify-sig? ( sec-keys/openpgp-keys-danielstenberg )"
-
-DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
-
-MULTILIB_WRAPPED_HEADERS=(
- /usr/include/curl/curlbuild.h
-)
-
-MULTILIB_CHOST_TOOLS=(
- /usr/bin/curl-config
-)
-
-PATCHES=(
- "${FILESDIR}"/${PN}-7.30.0-prefix.patch
- "${FILESDIR}"/${PN}-respect-cflags-3.patch
-
- "${FILESDIR}"/${P}-header-dump-segfault.patch
- "${FILESDIR}"/${P}-onion-resolution.patch
- "${FILESDIR}"/${P}-pipewait.patch
- "${FILESDIR}"/${P}-silent-parallel.patch
-)
-
-src_prepare() {
- default
-
- # Some tests (HTTP/#) rely on ssl certificates that are stored VCS which breaks
- # with out-of-tree builds.
- sed -i "s:my \$path = getcwd():my \$path = \"${S}/tests\":" tests/http*-server.pl \
- || die "Unable to update test locations"
- eprefixify curl-config.in
- eautoreconf
-}
-
-multilib_src_configure() {
- # We make use of the fact that later flags override earlier ones
- # So start with all ssl providers off until proven otherwise
- # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
- local myconf=()
-
- myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
- #myconf+=( --without-default-ssl-backend )
- if use ssl ; then
- myconf+=( --without-gnutls --without-mbedtls --without-nss --without-rustls )
-
- if use gnutls || use curl_ssl_gnutls; then
- einfo "SSL provided by gnutls"
- myconf+=( --with-gnutls )
- fi
- if use mbedtls || use curl_ssl_mbedtls; then
- einfo "SSL provided by mbedtls"
- myconf+=( --with-mbedtls )
- fi
- if use nss || use curl_ssl_nss; then
- einfo "SSL provided by nss"
- myconf+=( --with-nss --with-nss-deprecated )
- fi
- if use openssl || use curl_ssl_openssl; then
- einfo "SSL provided by openssl"
- myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
- fi
- if use rustls || use curl_ssl_rustls; then
- einfo "SSL provided by rustls"
- myconf+=( --with-rustls )
- fi
- if use curl_ssl_gnutls; then
- einfo "Default SSL provided by gnutls"
- myconf+=( --with-default-ssl-backend=gnutls )
- elif use curl_ssl_mbedtls; then
- einfo "Default SSL provided by mbedtls"
- myconf+=( --with-default-ssl-backend=mbedtls )
- elif use curl_ssl_nss; then
- einfo "Default SSL provided by nss"
- myconf+=( --with-default-ssl-backend=nss )
- elif use curl_ssl_openssl; then
- einfo "Default SSL provided by openssl"
- myconf+=( --with-default-ssl-backend=openssl )
- elif use curl_ssl_rustls; then
- einfo "Default SSL provided by rustls"
- myconf+=( --with-default-ssl-backend=rustls )
- else
- eerror "We can't be here because of REQUIRED_USE."
- fi
-
- else
- myconf+=( --without-ssl )
- einfo "SSL disabled"
- fi
-
- # These configuration options are organized alphabetically
- # within each category. This should make it easier if we
- # ever decide to make any of them contingent on USE flags:
- # 1) protocols first. To see them all do
- # 'grep SUPPORT_PROTOCOLS configure.ac'
- # 2) --enable/disable options second.
- # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
- # 3) --with/without options third.
- # grep -- --with configure | grep Check | awk '{ print $4 }' | sort
-
- myconf+=(
- $(use_enable alt-svc)
- --enable-crypto-auth
- --enable-dict
- --disable-ech
- --enable-file
- $(use_enable ftp)
- $(use_enable gopher)
- $(use_enable hsts)
- --enable-http
- $(use_enable imap)
- $(use_enable ldap)
- $(use_enable ldap ldaps)
- --enable-ntlm
- --disable-ntlm-wb
- $(use_enable pop3)
- --enable-rt
- --enable-rtsp
- $(use_enable samba smb)
- $(use_with ssh libssh2)
- $(use_enable smtp)
- $(use_enable telnet)
- $(use_enable tftp)
- --enable-tls-srp
- $(use_enable adns ares)
- --enable-cookies
- --enable-dateparse
- --enable-dnsshuffle
- --enable-doh
- --enable-symbol-hiding
- --enable-http-auth
- --enable-ipv6
- --enable-largefile
- --enable-manual
- --enable-mime
- --enable-netrc
- $(use_enable progress-meter)
- --enable-proxy
- --enable-socketpair
- --disable-sspi
- $(use_enable static-libs static)
- --enable-pthreads
- --enable-threaded-resolver
- --disable-versioned-symbols
- --without-amissl
- --without-bearssl
- $(use_with brotli)
- --without-fish-functions-dir
- $(use_with http2 nghttp2)
- --without-hyper
- $(use_with idn libidn2)
- $(use_with kerberos gssapi "${EPREFIX}"/usr)
- --without-libgsasl
- --without-libpsl
- --without-msh3
- $(use_with nghttp3)
- $(use_with nghttp3 ngtcp2)
- --without-quiche
- $(use_with rtmp librtmp)
- --without-schannel
- --without-secure-transport
- --without-test-caddy
- --without-test-httpd
- --without-test-nghttpx
- $(use_enable websockets)
- --without-winidn
- --without-wolfssl
- --with-zlib
- $(use_with zstd)
- )
-
- if use test && multilib_is_native_abi && ( use http2 || use nghttp3 ); then
- myconf+=(
- --with-test-nghttpx="${BROOT}/usr/bin/nghttpx"
- )
- fi
-
- ECONF_SOURCE="${S}" econf "${myconf[@]}"
-
- if ! multilib_is_native_abi; then
- # avoid building the client
- sed -i -e '/SUBDIRS/s:src::' Makefile || die
- sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
- fi
-
- # Fix up the pkg-config file to be more robust.
- # https://github.com/curl/curl/issues/864
- local priv=() libs=()
- # We always enable zlib.
- libs+=( "-lz" )
- priv+=( "zlib" )
- if use http2; then
- libs+=( "-lnghttp2" )
- priv+=( "libnghttp2" )
- fi
- if use nghttp3; then
- libs+=( "-lnghttp3" "-lngtcp2" )
- priv+=( "libnghttp3" "libngtcp2" )
- fi
- if use ssl && use curl_ssl_openssl; then
- libs+=( "-lssl" "-lcrypto" )
- priv+=( "openssl" )
- fi
- grep -q Requires.private libcurl.pc && die "need to update ebuild"
- libs=$(printf '|%s' "${libs[@]}")
- sed -i -r \
- -e "/^Libs.private/s:(${libs#|})( |$)::g" \
- libcurl.pc || die
- echo "Requires.private: ${priv[*]}" >> libcurl.pc || die
-}
-
-multilib_src_test() {
- # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
- # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
- # -v: verbose
- # -a: keep going on failure (so we see everything which breaks, not just 1st test)
- # -k: keep test files after completion
- # -am: automake style TAP output
- # -p: print logs if test fails
- # Note: if needed, we can disable tests. See e.g. Fedora's packaging
- # or just read https://github.com/curl/curl/tree/master/tests#run.
- multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p"
-}
-
-multilib_src_install_all() {
- einstalldocs
- find "${ED}" -type f -name '*.la' -delete || die
- rm -rf "${ED}"/etc/ || die
-}
diff --git a/net-misc/curl/files/curl-7.88.1-header-dump-segfault.patch b/net-misc/curl/files/curl-7.88.1-header-dump-segfault.patch
deleted file mode 100644
index 48ebb7a5e45f..000000000000
--- a/net-misc/curl/files/curl-7.88.1-header-dump-segfault.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-https://github.com/curl/curl/commit/1c9cfb7af368feefb522caf81b052ee742a76da8
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Mon, 20 Feb 2023 18:35:13 +0100
-Subject: [PATCH] tool_operate: avoid fclose(NULL) on bad header dump file
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Fixes #10570
-Reported-by: Jérémy Rabasco
-Closes #10571
---- a/src/tool_operate.c
-+++ b/src/tool_operate.c
-@@ -984,12 +984,13 @@ static CURLcode single_transfer(struct GlobalConfig *global,
- */
- if(!per->prev || per->prev->config != config) {
- newfile = fopen(config->headerfile, "wb+");
-- fclose(newfile);
-+ if(newfile)
-+ fclose(newfile);
- }
- newfile = fopen(config->headerfile, "ab+");
-
- if(!newfile) {
-- warnf(global, "Failed to open %s\n", config->headerfile);
-+ errorf(global, "Failed to open %s\n", config->headerfile);
- result = CURLE_WRITE_ERROR;
- break;
- }
diff --git a/net-misc/curl/files/curl-7.88.1-onion-resolution.patch b/net-misc/curl/files/curl-7.88.1-onion-resolution.patch
deleted file mode 100644
index d3385623da5f..000000000000
--- a/net-misc/curl/files/curl-7.88.1-onion-resolution.patch
+++ /dev/null
@@ -1,134 +0,0 @@
-https://bugs.gentoo.org/887287
-https://github.com/curl/curl/pull/10705
-
-From: Matt Jolly <Matt.Jolly@footclan.ninja>
-Date: Wed, 8 Mar 2023 02:16:45 +1100
-Subject: [PATCH] Refuse to resolve the .onion TLD.
-
-RFC 7686 states that:
-
-> Applications that do not implement the Tor
-> protocol SHOULD generate an error upon the use of .onion and
-> SHOULD NOT perform a DNS lookup.
-
-Let's do that.
-
-See curl/curl#543
-https://www.rfc-editor.org/rfc/rfc7686#section-2
---- a/lib/hostip.c
-+++ b/lib/hostip.c
-@@ -652,6 +652,14 @@ enum resolve_t Curl_resolv(struct Curl_easy *data,
- CURLcode result;
- enum resolve_t rc = CURLRESOLV_ERROR; /* default to failure */
- struct connectdata *conn = data->conn;
-+ /* We should intentionally error and not resolve .onion TLDs */
-+ size_t hostname_len = strlen(hostname);
-+ if(hostname_len >= 7 &&
-+ (curl_strequal(&hostname[hostname_len-6], ".onion") ||
-+ curl_strequal(&hostname[hostname_len-7], ".onion."))) {
-+ failf(data, "Not resolving .onion address (RFC 7686)");
-+ return CURLRESOLV_ERROR;
-+ }
- *entry = NULL;
- #ifndef CURL_DISABLE_DOH
- conn->bits.doh = FALSE; /* default is not */
---- a/tests/data/Makefile.inc
-+++ b/tests/data/Makefile.inc
-@@ -186,8 +186,8 @@ test1432 test1433 test1434 test1435 test1436 test1437 test1438 test1439 \
- test1440 test1441 test1442 test1443 test1444 test1445 test1446 test1447 \
- test1448 test1449 test1450 test1451 test1452 test1453 test1454 test1455 \
- test1456 test1457 test1458 test1459 test1460 test1461 test1462 test1463 \
--test1464 test1465 test1466 test1467 test1468 test1469 \
--\
-+test1464 test1465 test1466 test1467 test1468 test1469 test1471 \
-+test1472 \
- test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1507 \
- test1508 test1509 test1510 test1511 test1512 test1513 test1514 test1515 \
- test1516 test1517 test1518 test1519 test1520 test1521 test1522 test1523 \
---- /dev/null
-+++ b/tests/data/test1471
-@@ -0,0 +1,39 @@
-+<testcase>
-+<info>
-+<keywords>
-+Onion
-+Tor
-+FAILURE
-+</keywords>
-+</info>
-+#
-+# Server-side
-+<reply>
-+</reply>
-+
-+#
-+# Client-side
-+<client>
-+<server>
-+none
-+</server>
-+<name>
-+Fail to resolve .onion TLD
-+</name>
-+<command>
-+red.onion
-+</command>
-+</client>
-+
-+#
-+# Verify data after the test has been "shot"
-+<verify>
-+# Couldn't resolve host name
-+<errorcode>
-+6
-+</errorcode>
-+<stderr mode="text">
-+curl: (6) Not resolving .onion address (RFC 7686)
-+</stderr>
-+</verify>
-+</testcase>
---- /dev/null
-+++ b/tests/data/test1472
-@@ -0,0 +1,39 @@
-+<testcase>
-+<info>
-+<keywords>
-+Onion
-+Tor
-+FAILURE
-+</keywords>
-+</info>
-+#
-+# Server-side
-+<reply>
-+</reply>
-+
-+#
-+# Client-side
-+<client>
-+<server>
-+none
-+</server>
-+<name>
-+Fail to resolve .onion. TLD
-+</name>
-+<command>
-+tasty.onion.
-+</command>
-+</client>
-+
-+#
-+# Verify data after the test has been "shot"
-+<verify>
-+# Couldn't resolve host name
-+<errorcode>
-+6
-+</errorcode>
-+<stderr mode="text">
-+curl: (6) Not resolving .onion address (RFC 7686)
-+</stderr>
-+</verify>
-+</testcase>
---
-2.39.2
-
diff --git a/net-misc/curl/files/curl-7.88.1-pipewait.patch b/net-misc/curl/files/curl-7.88.1-pipewait.patch
deleted file mode 100644
index 6c626a86c8e0..000000000000
--- a/net-misc/curl/files/curl-7.88.1-pipewait.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-https://github.com/curl/curl/commit/821f6e2a89de8aec1c7da3c0f381b92b2b801efc
-From: Stefan Eissing <stefan@eissing.org>
-Date: Thu, 9 Feb 2023 16:07:34 +0100
-Subject: [PATCH] CURLOPT_PIPEWAIT: allow waited reuse also for subsequent
- connections
-
-note: Dropped test portion of patch; not shipped in source tarball!
-
-As tested in test_02_07, when firing off 200 urls with --parallel, 199
-wait for the first connection to be established. if that is multiuse,
-urls are added up to its capacity.
-
-The first url over capacity opens another connection. But subsequent
-urls found the same situation and open a connection too. They should
-have waited for the second connection to actually connect and make its
-capacity known.
-
-This change fixes that by
-
-- setting `connkeep()` early in the HTTP setup handler. as otherwise
- a new connection is marked as closeit by default and not considered
- for multiuse at all
-- checking the "connected" status for a candidate always and continuing
- to PIPEWAIT if no alternative is found.
-
-pytest:
-- removed "skip" from test_02_07
-- added test_02_07b to check that http/1.1 continues to work as before
-
-Closes #10456
---- a/lib/http.c
-+++ b/lib/http.c
-@@ -233,6 +233,7 @@ static CURLcode http_setup_conn(struct Curl_easy *data,
-
- Curl_mime_initpart(&http->form);
- data->req.p.http = http;
-+ connkeep(conn, "HTTP default");
-
- if((data->state.httpwant == CURL_HTTP_VERSION_3)
- || (data->state.httpwant == CURL_HTTP_VERSION_3ONLY)) {
---- a/lib/url.c
-+++ b/lib/url.c
-@@ -1170,14 +1170,14 @@ ConnectionExists(struct Curl_easy *data,
- continue;
- }
- }
-+ }
-
-- if(!Curl_conn_is_connected(check, FIRSTSOCKET)) {
-- foundPendingCandidate = TRUE;
-- /* Don't pick a connection that hasn't connected yet */
-- infof(data, "Connection #%ld isn't open enough, can't reuse",
-- check->connection_id);
-- continue;
-- }
-+ if(!Curl_conn_is_connected(check, FIRSTSOCKET)) {
-+ foundPendingCandidate = TRUE;
-+ /* Don't pick a connection that hasn't connected yet */
-+ infof(data, "Connection #%ld isn't open enough, can't reuse",
-+ check->connection_id);
-+ continue;
- }
-
- #ifdef USE_UNIX_SOCKETS
diff --git a/net-misc/curl/files/curl-7.88.1-silent-parallel.patch b/net-misc/curl/files/curl-7.88.1-silent-parallel.patch
deleted file mode 100644
index 1162067f73b3..000000000000
--- a/net-misc/curl/files/curl-7.88.1-silent-parallel.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-https://github.com/curl/curl/commit/475207c1c834ecf203dc4f3bc1917ae87628b6d0
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Tue, 21 Feb 2023 11:38:03 +0100
-Subject: [PATCH] tool_progress: shut off progress meter for --silent in
- parallel
-
-Reported-by: finkjsc on github
-Fixes #10573
-Closes #10579
---- a/src/tool_progress.c
-+++ b/src/tool_progress.c
-@@ -173,7 +173,7 @@ bool progress_meter(struct GlobalConfig *global,
- struct timeval now;
- long diff;
-
-- if(global->noprogress)
-+ if(global->noprogress || global->silent)
- return FALSE;
-
- now = tvnow();
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/curl/, net-misc/curl/files/
@ 2023-05-17 7:58 Sam James
0 siblings, 0 replies; 30+ messages in thread
From: Sam James @ 2023-05-17 7:58 UTC (permalink / raw
To: gentoo-commits
commit: 7de0ffe047c4bf430f82a1fa92d06faf66535ed8
Author: Matt Jolly <Matt.Jolly <AT> footclan <DOT> ninja>
AuthorDate: Wed May 17 07:36:16 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed May 17 07:58:16 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7de0ffe0
net-misc/curl: drop 7.87.0-r2
Bug: https://bugs.gentoo.org/902801
Signed-off-by: Matt Jolly <Matt.Jolly <AT> footclan.ninja>
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-misc/curl/Manifest | 2 -
net-misc/curl/curl-7.87.0-r2.ebuild | 302 ---------------------
.../files/curl-7.87.0-gnutls-openssl-build.patch | 39 ---
.../files/curl-7.87.0-typecheck-deprecated.patch | 48 ----
net-misc/curl/metadata.xml | 1 -
5 files changed, 392 deletions(-)
diff --git a/net-misc/curl/Manifest b/net-misc/curl/Manifest
index 3d7037770308..6e39d609ad9b 100644
--- a/net-misc/curl/Manifest
+++ b/net-misc/curl/Manifest
@@ -1,5 +1,3 @@
-DIST curl-7.87.0.tar.xz 2547932 BLAKE2B b272ec928c5ef1728434630d8910f58834327a30570913df9d47921a2810d002bd88b81371005197db857d3a53386420c1e28b1e463e6241d46c1e50fbce0c13 SHA512 aa125991592667280dce3788aabe81487cf8c55b0afc59d675cc30b76055bb7114f5380b4a0e3b6461a8f81bf9812fa26d493a85f7e01d84263d484a0d699ee7
-DIST curl-7.87.0.tar.xz.asc 488 BLAKE2B 031d8236b357bd3c519548b181254dc0aea1efc1375738bce04f4f331d35bafe99d1ca394ecf5943ede7cae040854b6d2b478fd305147eb7330f8d50e5d95c96 SHA512 0bcc12bafc4ae50d80128af2cf4bf1a1ec6018ebb8d5b9c49f52b51c0c25acc77e820858965656549ef43c1f923f4e5fe75b0a3523623154b4cfb9dc8a1d76e4
DIST curl-7.88.1.tar.xz 2581032 BLAKE2B ed7e7aa29efb02fd89a53d5c8d0ec79b4d17612ea07d2a6b5a951f0ca651b4cf7264704344b1a0c2d82196f4cb5c08525e06b4cdd432bc3278ff23c7a6580839 SHA512 b8d30c52a6d1c3e272608a7a8db78dfd79aef21330f34d6f1df43839a400e13ac6aac72a383526db0b711a70ecbec89a3b934677d7ecf5094fd64d3dbcb3492f
DIST curl-7.88.1.tar.xz.asc 488 BLAKE2B ea90d840846fca3f0b17838a84431cb44d6e3f8d2b42c3eced1fb1c929a58e8899b303c93d27ca3cafcaa52e7269ac440e7102191d6b2c2751729a6c4116e82f SHA512 d6dc720533004c4d533cc4fb3dd33ac28d95e114f440ec011e4b58f65d1f4c40cfa10ba26d2e2f2f1f9de99511632578b4758c5e79593c7c30d29788fdf1cbb6
DIST curl-8.0.1.tar.xz 2575544 BLAKE2B 67d82e9d71f0a351b5c2ed3ad5eab02e367ded872658a295179b935729d5105015f8c29569c396e11cd14036656af894ded85c8838cba260d9f6f1a8dcb5e22b SHA512 3bb777982659ed697ae90f113ff7b65d6ce8ba9fe6a8984cfd6769d2f051a72ba953c911abe234c204ec2cc5a35d68b4d033037fad7fba31bb92a52543f8d13d
diff --git a/net-misc/curl/curl-7.87.0-r2.ebuild b/net-misc/curl/curl-7.87.0-r2.ebuild
deleted file mode 100644
index fcf16d41edd0..000000000000
--- a/net-misc/curl/curl-7.87.0-r2.ebuild
+++ /dev/null
@@ -1,302 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="8"
-
-inherit autotools prefix multilib-minimal verify-sig
-
-DESCRIPTION="A Client that groks URLs"
-HOMEPAGE="https://curl.se/"
-SRC_URI="https://curl.se/download/${P}.tar.xz
- verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )"
-
-LICENSE="curl"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="+adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap ipv6 kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd"
-IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_rustls"
-IUSE+=" nghttp3 quiche"
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/danielstenberg.asc
-
-# Only one default ssl provider can be enabled
-REQUIRED_USE="
- ssl? (
- ^^ (
- curl_ssl_gnutls
- curl_ssl_mbedtls
- curl_ssl_nss
- curl_ssl_openssl
- curl_ssl_rustls
- )
- )"
-
-# lead to lots of false negatives, bug #285669
-RESTRICT="!test? ( test )"
-
-RDEPEND="ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] )
- brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
- ssl? (
- gnutls? (
- net-libs/gnutls:=[static-libs?,${MULTILIB_USEDEP}]
- dev-libs/nettle:=[${MULTILIB_USEDEP}]
- app-misc/ca-certificates
- )
- mbedtls? (
- net-libs/mbedtls:=[${MULTILIB_USEDEP}]
- app-misc/ca-certificates
- )
- openssl? (
- dev-libs/openssl:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
- )
- nss? (
- dev-libs/nss:0[${MULTILIB_USEDEP}]
- dev-libs/nss-pem
- app-misc/ca-certificates
- )
- rustls? (
- net-libs/rustls-ffi:=[${MULTILIB_USEDEP}]
- )
- )
- http2? ( net-libs/nghttp2:=[${MULTILIB_USEDEP}] )
- nghttp3? (
- net-libs/nghttp3[${MULTILIB_USEDEP}]
- net-libs/ngtcp2[ssl,${MULTILIB_USEDEP}]
- )
- quiche? ( >=net-libs/quiche-0.3.0[${MULTILIB_USEDEP}] )
- idn? ( net-dns/libidn2:=[static-libs?,${MULTILIB_USEDEP}] )
- adns? ( net-dns/c-ares:=[${MULTILIB_USEDEP}] )
- kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
- rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
- ssh? ( net-libs/libssh2[${MULTILIB_USEDEP}] )
- sys-libs/zlib[${MULTILIB_USEDEP}]
- zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )"
-
-# Do we need to enforce the same ssl backend for curl and rtmpdump? Bug #423303
-# rtmp? (
-# media-video/rtmpdump
-# curl_ssl_gnutls? ( media-video/rtmpdump[gnutls] )
-# curl_ssl_openssl? ( media-video/rtmpdump[-gnutls,ssl] )
-# )
-
-DEPEND="${RDEPEND}"
-BDEPEND="dev-lang/perl
- virtual/pkgconfig
- test? (
- sys-apps/diffutils
- )
- verify-sig? ( sec-keys/openpgp-keys-danielstenberg )"
-
-DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
-
-MULTILIB_WRAPPED_HEADERS=(
- /usr/include/curl/curlbuild.h
-)
-
-MULTILIB_CHOST_TOOLS=(
- /usr/bin/curl-config
-)
-
-PATCHES=(
- "${FILESDIR}"/${PN}-7.30.0-prefix.patch
- "${FILESDIR}"/${PN}-respect-cflags-3.patch
-
- "${FILESDIR}"/${P}-gnutls-openssl-build.patch
- "${FILESDIR}"/${P}-typecheck-deprecated.patch
-)
-
-src_prepare() {
- default
-
- eprefixify curl-config.in
- eautoreconf
-}
-
-multilib_src_configure() {
- # We make use of the fact that later flags override earlier ones
- # So start with all ssl providers off until proven otherwise
- # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
- local myconf=()
-
- myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
- #myconf+=( --without-default-ssl-backend )
- if use ssl ; then
- myconf+=( --without-gnutls --without-mbedtls --without-nss --without-rustls )
-
- if use gnutls || use curl_ssl_gnutls; then
- einfo "SSL provided by gnutls"
- myconf+=( --with-gnutls )
- fi
- if use mbedtls || use curl_ssl_mbedtls; then
- einfo "SSL provided by mbedtls"
- myconf+=( --with-mbedtls )
- fi
- if use nss || use curl_ssl_nss; then
- einfo "SSL provided by nss"
- myconf+=( --with-nss --with-nss-deprecated )
- fi
- if use openssl || use curl_ssl_openssl; then
- einfo "SSL provided by openssl"
- myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
- fi
- if use rustls || use curl_ssl_rustls; then
- einfo "SSL provided by rustls"
- myconf+=( --with-rustls )
- fi
-
- if use curl_ssl_gnutls; then
- einfo "Default SSL provided by gnutls"
- myconf+=( --with-default-ssl-backend=gnutls )
- elif use curl_ssl_mbedtls; then
- einfo "Default SSL provided by mbedtls"
- myconf+=( --with-default-ssl-backend=mbedtls )
- elif use curl_ssl_nss; then
- einfo "Default SSL provided by nss"
- myconf+=( --with-default-ssl-backend=nss )
- elif use curl_ssl_openssl; then
- einfo "Default SSL provided by openssl"
- myconf+=( --with-default-ssl-backend=openssl )
- elif use curl_ssl_rustls; then
- einfo "Default SSL provided by rustls"
- myconf+=( --with-default-ssl-backend=rustls )
- else
- eerror "We can't be here because of REQUIRED_USE."
- fi
-
- else
- myconf+=( --without-ssl )
- einfo "SSL disabled"
- fi
-
- # These configuration options are organized alphabetically
- # within each category. This should make it easier if we
- # ever decide to make any of them contingent on USE flags:
- # 1) protocols first. To see them all do
- # 'grep SUPPORT_PROTOCOLS configure.ac'
- # 2) --enable/disable options second.
- # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
- # 3) --with/without options third.
- # grep -- --with configure | grep Check | awk '{ print $4 }' | sort
-
- myconf+=(
- $(use_enable alt-svc)
- --enable-crypto-auth
- --enable-dict
- --disable-ech
- --enable-file
- $(use_enable ftp)
- $(use_enable gopher)
- $(use_enable hsts)
- --enable-http
- $(use_enable imap)
- $(use_enable ldap)
- $(use_enable ldap ldaps)
- --enable-ntlm
- --disable-ntlm-wb
- $(use_enable pop3)
- --enable-rt
- --enable-rtsp
- $(use_enable samba smb)
- $(use_with ssh libssh2)
- $(use_enable smtp)
- $(use_enable telnet)
- $(use_enable tftp)
- --enable-tls-srp
- $(use_enable adns ares)
- --enable-cookies
- --enable-dateparse
- --enable-dnsshuffle
- --enable-doh
- --enable-symbol-hiding
- --enable-http-auth
- $(use_enable ipv6)
- --enable-largefile
- --enable-manual
- --enable-mime
- --enable-netrc
- $(use_enable progress-meter)
- --enable-proxy
- --disable-sspi
- $(use_enable static-libs static)
- --enable-pthreads
- --enable-threaded-resolver
- --disable-versioned-symbols
- --without-amissl
- --without-bearssl
- $(use_with brotli)
- --without-fish-functions-dir
- $(use_with http2 nghttp2)
- --without-hyper
- $(use_with idn libidn2)
- $(use_with kerberos gssapi "${EPREFIX}"/usr)
- --without-libgsasl
- --without-libpsl
- --without-msh3
- $(use_with nghttp3)
- $(use_with nghttp3 ngtcp2)
- $(use_with quiche)
- $(use_with rtmp librtmp)
- --without-schannel
- --without-secure-transport
- $(use_enable websockets)
- --without-winidn
- --without-wolfssl
- --with-zlib
- $(use_with zstd)
- )
-
- ECONF_SOURCE="${S}" econf "${myconf[@]}"
-
- if ! multilib_is_native_abi; then
- # avoid building the client
- sed -i -e '/SUBDIRS/s:src::' Makefile || die
- sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
- fi
-
- # Fix up the pkg-config file to be more robust.
- # https://github.com/curl/curl/issues/864
- local priv=() libs=()
- # We always enable zlib.
- libs+=( "-lz" )
- priv+=( "zlib" )
- if use http2; then
- libs+=( "-lnghttp2" )
- priv+=( "libnghttp2" )
- fi
- if use quiche; then
- libs+=( "-lquiche" )
- priv+=( "quiche" )
- fi
- if use nghttp3; then
- libs+=( "-lnghttp3" "-lngtcp2" )
- priv+=( "libnghttp3" "libngtcp2" )
- fi
- if use ssl && use curl_ssl_openssl; then
- libs+=( "-lssl" "-lcrypto" )
- priv+=( "openssl" )
- fi
- grep -q Requires.private libcurl.pc && die "need to update ebuild"
- libs=$(printf '|%s' "${libs[@]}")
- sed -i -r \
- -e "/^Libs.private/s:(${libs#|})( |$)::g" \
- libcurl.pc || die
- echo "Requires.private: ${priv[*]}" >> libcurl.pc || die
-}
-
-multilib_src_test() {
- # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
- # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
- # -v: verbose
- # -a: keep going on failure (so we see everything which breaks, not just 1st test)
- # -k: keep test files after completion
- # -am: automake style TAP output
- # -p: print logs if test fails
- # Note: if needed, we can disable tests. See e.g. Fedora's packaging
- # or just read https://github.com/curl/curl/tree/master/tests#run.
- multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p"
-}
-
-multilib_src_install_all() {
- einstalldocs
- find "${ED}" -type f -name '*.la' -delete || die
- rm -rf "${ED}"/etc/ || die
-}
diff --git a/net-misc/curl/files/curl-7.87.0-gnutls-openssl-build.patch b/net-misc/curl/files/curl-7.87.0-gnutls-openssl-build.patch
deleted file mode 100644
index 88463dc003f7..000000000000
--- a/net-misc/curl/files/curl-7.87.0-gnutls-openssl-build.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-https://bugs.gentoo.org/887833
-https://github.com/curl/curl/issues/10110
-https://github.com/curl/curl/commit/aef4dc892d012d990c85c7bad0d9d06c2ebfa775
-
-From aef4dc892d012d990c85c7bad0d9d06c2ebfa775 Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Thu, 22 Dec 2022 17:40:26 +0100
-Subject: [PATCH] md4: fix build with GnuTLS + OpenSSL v1
-
-Reported-by: Esdras de Morais da Silva
-
-Fixes #10110
-Closes #10142
---- a/lib/md4.c
-+++ b/lib/md4.c
-@@ -86,11 +86,7 @@
- #include "memdebug.h"
-
-
--#if defined(USE_WOLFSSL) && !defined(WOLFSSL_NO_MD4)
--
--#elif defined(USE_OPENSSL) && !defined(OPENSSL_NO_MD4)
--
--#elif defined(USE_GNUTLS)
-+#if defined(USE_GNUTLS)
-
- typedef struct md4_ctx MD4_CTX;
-
-@@ -109,6 +105,10 @@ static void MD4_Final(unsigned char *result, MD4_CTX *ctx)
- md4_digest(ctx, MD4_DIGEST_SIZE, result);
- }
-
-+#elif defined(USE_WOLFSSL) && !defined(WOLFSSL_NO_MD4)
-+
-+#elif defined(USE_OPENSSL) && !defined(OPENSSL_NO_MD4)
-+
- #elif defined(AN_APPLE_OS)
- typedef CC_MD4_CTX MD4_CTX;
-
diff --git a/net-misc/curl/files/curl-7.87.0-typecheck-deprecated.patch b/net-misc/curl/files/curl-7.87.0-typecheck-deprecated.patch
deleted file mode 100644
index dec6d117efa4..000000000000
--- a/net-misc/curl/files/curl-7.87.0-typecheck-deprecated.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-https://bugs.gentoo.org/890587
-https://github.com/curl/curl/issues/10148
-https://github.com/curl/curl/commit/e2aed004302e51cfa5b6ce8c8ab65ef92aa83196
-
-From e2aed004302e51cfa5b6ce8c8ab65ef92aa83196 Mon Sep 17 00:00:00 2001
-From: Patrick Monnerat <patrick@monnerat.net>
-Date: Fri, 23 Dec 2022 15:35:27 +0100
-Subject: [PATCH] typecheck: accept expressions for option/info parameters
-
-As expressions can have side effects, evaluate only once.
-
-To enable deprecation reporting only once, get rid of the __typeof__
-use to define the local temporary variable and use the target type
-(CURLoption/CURLINFO). This also avoids multiple reports on type
-conflicts (if some) by the curlcheck_* macros.
-
-Note that CURLOPT_* and CURLINFO_* symbols may be deprecated, but not
-their values: a curl_easy_setopt call with an integer constant as option
-will never report a deprecation.
-
-Reported-by: Thomas Klausner
-Fixes #10148
-Closes #10149
---- a/include/curl/typecheck-gcc.h
-+++ b/include/curl/typecheck-gcc.h
-@@ -42,9 +42,8 @@
- */
- #define curl_easy_setopt(handle, option, value) \
- __extension__({ \
-- CURL_IGNORE_DEPRECATION(__typeof__(option) _curl_opt = option;) \
-+ CURLoption _curl_opt = (option); \
- if(__builtin_constant_p(_curl_opt)) { \
-- (void) option; \
- CURL_IGNORE_DEPRECATION( \
- if(curlcheck_long_option(_curl_opt)) \
- if(!curlcheck_long(value)) \
-@@ -120,9 +119,8 @@
- /* wraps curl_easy_getinfo() with typechecking */
- #define curl_easy_getinfo(handle, info, arg) \
- __extension__({ \
-- CURL_IGNORE_DEPRECATION(__typeof__(info) _curl_info = info;) \
-+ CURLINFO _curl_info = (info); \
- if(__builtin_constant_p(_curl_info)) { \
-- (void) info; \
- CURL_IGNORE_DEPRECATION( \
- if(curlcheck_string_info(_curl_info)) \
- if(!curlcheck_arr((arg), char *)) \
-
diff --git a/net-misc/curl/metadata.xml b/net-misc/curl/metadata.xml
index cdd47f10334b..10ae7d7198e0 100644
--- a/net-misc/curl/metadata.xml
+++ b/net-misc/curl/metadata.xml
@@ -20,7 +20,6 @@
<flag name="imap">Enable Internet Message Access Protocol support</flag>
<flag name="mbedtls">Enable mbedtls ssl backend</flag>
<flag name="nghttp3">Enable HTTP/3.0 support using <pkg>net-libs/nghttp3</pkg> and <pkg>net-libs/ngtcp2</pkg></flag>
- <flag name="quiche">Enable HTTP/3.0 support using <pkg>net-libs/quiche</pkg></flag>
<flag name="nss">Enable nss ssl backend</flag>
<flag name="openssl">Enable openssl ssl backend</flag>
<flag name="pop3">Enable Post Office Protocol 3 support</flag>
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/curl/, net-misc/curl/files/
@ 2023-05-23 3:42 Sam James
0 siblings, 0 replies; 30+ messages in thread
From: Sam James @ 2023-05-23 3:42 UTC (permalink / raw
To: gentoo-commits
commit: da8e78955716e425fc1b051254102f2010b8563f
Author: Matt Jolly <Matt.Jolly <AT> footclan <DOT> ninja>
AuthorDate: Mon May 22 00:23:19 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue May 23 03:41:12 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=da8e7895
net-misc/curl: add 8.1.0-r1
Signed-off-by: Matt Jolly <Matt.Jolly <AT> footclan.ninja>
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-misc/curl/curl-8.1.0-r1.ebuild | 319 +++++++++++++++++++++
| 86 ++++++
.../curl/files/curl-8.1.0-numeric-hostname.patch | 227 +++++++++++++++
3 files changed, 632 insertions(+)
diff --git a/net-misc/curl/curl-8.1.0-r1.ebuild b/net-misc/curl/curl-8.1.0-r1.ebuild
new file mode 100644
index 000000000000..bad759c48393
--- /dev/null
+++ b/net-misc/curl/curl-8.1.0-r1.ebuild
@@ -0,0 +1,319 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/danielstenberg.asc
+inherit autotools multilib-minimal prefix verify-sig
+
+DESCRIPTION="A Client that groks URLs"
+HOMEPAGE="https://curl.se/"
+SRC_URI="
+ https://curl.se/download/${P}.tar.xz
+ verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )
+"
+
+LICENSE="curl"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="+adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd"
+IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_rustls"
+IUSE+=" nghttp3"
+RESTRICT="!test? ( test )"
+
+# Only one default ssl provider can be enabled
+REQUIRED_USE="
+ ssl? (
+ ^^ (
+ curl_ssl_gnutls
+ curl_ssl_mbedtls
+ curl_ssl_nss
+ curl_ssl_openssl
+ curl_ssl_rustls
+ )
+ )
+"
+
+RDEPEND="
+ sys-libs/zlib[${MULTILIB_USEDEP}]
+ adns? ( net-dns/c-ares:=[${MULTILIB_USEDEP}] )
+ brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
+ http2? ( net-libs/nghttp2:=[${MULTILIB_USEDEP}] )
+ idn? ( net-dns/libidn2:=[static-libs?,${MULTILIB_USEDEP}] )
+ kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
+ ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] )
+ nghttp3? (
+ net-libs/nghttp3[${MULTILIB_USEDEP}]
+ net-libs/ngtcp2[ssl,${MULTILIB_USEDEP}]
+ )
+ rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
+ ssh? ( net-libs/libssh2[${MULTILIB_USEDEP}] )
+ ssl? (
+ gnutls? (
+ app-misc/ca-certificates
+ net-libs/gnutls:=[static-libs?,${MULTILIB_USEDEP}]
+ dev-libs/nettle:=[${MULTILIB_USEDEP}]
+ )
+ mbedtls? (
+ app-misc/ca-certificates
+ net-libs/mbedtls:=[${MULTILIB_USEDEP}]
+ )
+ nss? (
+ app-misc/ca-certificates
+ dev-libs/nss[${MULTILIB_USEDEP}]
+ dev-libs/nss-pem
+ )
+ openssl? (
+ dev-libs/openssl:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
+ )
+ rustls? (
+ net-libs/rustls-ffi:=[${MULTILIB_USEDEP}]
+ )
+ )
+ zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )
+"
+DEPEND="${RDEPEND}"
+BDEPEND="
+ dev-lang/perl
+ virtual/pkgconfig
+ test? (
+ sys-apps/diffutils
+ http2? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] )
+ nghttp3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] )
+ )
+ verify-sig? ( sec-keys/openpgp-keys-danielstenberg )
+"
+
+DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
+
+MULTILIB_WRAPPED_HEADERS=(
+ /usr/include/curl/curlbuild.h
+)
+
+MULTILIB_CHOST_TOOLS=(
+ /usr/bin/curl-config
+)
+
+QA_CONFIG_IMPL_DECL_SKIP=(
+ __builtin_available
+ closesocket
+ CloseSocket
+ getpass_r
+ ioctlsocket
+ IoctlSocket
+ mach_absolute_time
+ setmode
+)
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-7.30.0-prefix.patch
+ "${FILESDIR}"/${PN}-respect-cflags-3.patch
+ ### Backports
+ "${FILESDIR}"/${P}-numeric-hostname.patch
+ "${FILESDIR}"/${P}-header-length.patch
+)
+
+src_prepare() {
+ default
+
+ eprefixify curl-config.in
+ eautoreconf
+}
+
+multilib_src_configure() {
+ # We make use of the fact that later flags override earlier ones
+ # So start with all ssl providers off until proven otherwise
+ # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
+ local myconf=()
+
+ myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
+ #myconf+=( --without-default-ssl-backend )
+ if use ssl ; then
+ myconf+=( --without-gnutls --without-mbedtls --without-nss --without-rustls )
+
+ if use gnutls || use curl_ssl_gnutls; then
+ einfo "SSL provided by gnutls"
+ myconf+=( --with-gnutls )
+ fi
+ if use mbedtls || use curl_ssl_mbedtls; then
+ einfo "SSL provided by mbedtls"
+ myconf+=( --with-mbedtls )
+ fi
+ if use nss || use curl_ssl_nss; then
+ einfo "SSL provided by nss"
+ myconf+=( --with-nss --with-nss-deprecated )
+ fi
+ if use openssl || use curl_ssl_openssl; then
+ einfo "SSL provided by openssl"
+ myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
+ fi
+ if use rustls || use curl_ssl_rustls; then
+ einfo "SSL provided by rustls"
+ myconf+=( --with-rustls )
+ fi
+ if use curl_ssl_gnutls; then
+ einfo "Default SSL provided by gnutls"
+ myconf+=( --with-default-ssl-backend=gnutls )
+ elif use curl_ssl_mbedtls; then
+ einfo "Default SSL provided by mbedtls"
+ myconf+=( --with-default-ssl-backend=mbedtls )
+ elif use curl_ssl_nss; then
+ einfo "Default SSL provided by nss"
+ myconf+=( --with-default-ssl-backend=nss )
+ elif use curl_ssl_openssl; then
+ einfo "Default SSL provided by openssl"
+ myconf+=( --with-default-ssl-backend=openssl )
+ elif use curl_ssl_rustls; then
+ einfo "Default SSL provided by rustls"
+ myconf+=( --with-default-ssl-backend=rustls )
+ else
+ eerror "We can't be here because of REQUIRED_USE."
+ fi
+
+ else
+ myconf+=( --without-ssl )
+ einfo "SSL disabled"
+ fi
+
+ # These configuration options are organized alphabetically
+ # within each category. This should make it easier if we
+ # ever decide to make any of them contingent on USE flags:
+ # 1) protocols first. To see them all do
+ # 'grep SUPPORT_PROTOCOLS configure.ac'
+ # 2) --enable/disable options second.
+ # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
+ # 3) --with/without options third.
+ # grep -- --with configure | grep Check | awk '{ print $4 }' | sort
+
+ myconf+=(
+ $(use_enable alt-svc)
+ --enable-crypto-auth
+ --enable-dict
+ --disable-ech
+ --enable-file
+ $(use_enable ftp)
+ $(use_enable gopher)
+ $(use_enable hsts)
+ --enable-http
+ $(use_enable imap)
+ $(use_enable ldap)
+ $(use_enable ldap ldaps)
+ --enable-ntlm
+ --disable-ntlm-wb
+ $(use_enable pop3)
+ --enable-rt
+ --enable-rtsp
+ $(use_enable samba smb)
+ $(use_with ssh libssh2)
+ $(use_enable smtp)
+ $(use_enable telnet)
+ $(use_enable tftp)
+ --enable-tls-srp
+ $(use_enable adns ares)
+ --enable-cookies
+ --enable-dateparse
+ --enable-dnsshuffle
+ --enable-doh
+ --enable-symbol-hiding
+ --enable-http-auth
+ --enable-ipv6
+ --enable-largefile
+ --enable-manual
+ --enable-mime
+ --enable-netrc
+ $(use_enable progress-meter)
+ --enable-proxy
+ --enable-socketpair
+ --disable-sspi
+ $(use_enable static-libs static)
+ --enable-pthreads
+ --enable-threaded-resolver
+ --disable-versioned-symbols
+ --without-amissl
+ --without-bearssl
+ $(use_with brotli)
+ --without-fish-functions-dir
+ $(use_with http2 nghttp2)
+ --without-hyper
+ $(use_with idn libidn2)
+ $(use_with kerberos gssapi "${EPREFIX}"/usr)
+ --without-libgsasl
+ --without-libpsl
+ --without-msh3
+ $(use_with nghttp3)
+ $(use_with nghttp3 ngtcp2)
+ --without-quiche
+ $(use_with rtmp librtmp)
+ --without-schannel
+ --without-secure-transport
+ --without-test-caddy
+ --without-test-httpd
+ --without-test-nghttpx
+ $(use_enable websockets)
+ --without-winidn
+ --without-wolfssl
+ --with-zlib
+ $(use_with zstd)
+ )
+
+ if use test && multilib_is_native_abi && ( use http2 || use nghttp3 ); then
+ myconf+=(
+ --with-test-nghttpx="${BROOT}/usr/bin/nghttpx"
+ )
+ fi
+
+ ECONF_SOURCE="${S}" econf "${myconf[@]}"
+
+ if ! multilib_is_native_abi; then
+ # Avoid building the client (we just want libcurl for multilib)
+ sed -i -e '/SUBDIRS/s:src::' Makefile || die
+ sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
+ fi
+
+ # Fix up the pkg-config file to be more robust.
+ # https://github.com/curl/curl/issues/864
+ local priv=() libs=()
+ # We always enable zlib.
+ libs+=( "-lz" )
+ priv+=( "zlib" )
+ if use http2; then
+ libs+=( "-lnghttp2" )
+ priv+=( "libnghttp2" )
+ fi
+ if use nghttp3; then
+ libs+=( "-lnghttp3" "-lngtcp2" )
+ priv+=( "libnghttp3" "libngtcp2" )
+ fi
+ if use ssl && use curl_ssl_openssl; then
+ libs+=( "-lssl" "-lcrypto" )
+ priv+=( "openssl" )
+ fi
+ grep -q Requires.private libcurl.pc && die "need to update ebuild"
+ libs=$(printf '|%s' "${libs[@]}")
+ sed -i -r \
+ -e "/^Libs.private/s:(${libs#|})( |$)::g" \
+ libcurl.pc || die
+ echo "Requires.private: ${priv[*]}" >> libcurl.pc || die
+}
+
+multilib_src_test() {
+ # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
+ # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
+ # -v: verbose
+ # -a: keep going on failure (so we see everything which breaks, not just 1st test)
+ # -k: keep test files after completion
+ # -am: automake style TAP output
+ # -p: print logs if test fails
+ # Note: if needed, we can skip specific tests. Prefix the test number in TFLAGS
+ # with a '!'. For example, to skip test 241 and 1083, use '!241 !1083'.
+ # See https://github.com/curl/curl/tree/master/tests#run for advanced test selection.
+ # The network sandbox causes tests 241 and 1083 to fail; these are typically skipped
+ # as most gentoo users don't have an 'ip6-localhost'
+ multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p !241 !1083"
+}
+
+multilib_src_install_all() {
+ einstalldocs
+ find "${ED}" -type f -name '*.la' -delete || die
+ rm -rf "${ED}"/etc/ || die
+}
--git a/net-misc/curl/files/curl-8.1.0-header-length.patch b/net-misc/curl/files/curl-8.1.0-header-length.patch
new file mode 100644
index 000000000000..6229fd817f2a
--- /dev/null
+++ b/net-misc/curl/files/curl-8.1.0-header-length.patch
@@ -0,0 +1,86 @@
+https://github.com/curl/curl/commit/77c9a9845bbee66f3aff158b8452dc8cd963cbd5.patch
+From: =?UTF-8?q?Emilio=20Cobos=20=C3=81lvarez?= <emilio@crisal.io>
+Date: Thu, 18 May 2023 18:22:57 +0200
+Subject: [PATCH] http2: double http request parser max line length
+
+This works around #11138, by doubling the limit, and should be a
+relatively safe fix.
+
+Ideally the buffer would grow as needed and there would be no need for a
+limit? But that might be follow-up material.
+
+Fixes #11138
+Closes #11139
+---
+ lib/http1.h | 2 ++
+ lib/http2.c | 2 +-
+ lib/vquic/curl_msh3.c | 2 +-
+ lib/vquic/curl_ngtcp2.c | 2 +-
+ lib/vquic/curl_quiche.c | 2 +-
+ 5 files changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/lib/http1.h b/lib/http1.h
+index c2d107587a6f8..8acb9db401a95 100644
+--- a/lib/http1.h
++++ b/lib/http1.h
+@@ -33,6 +33,8 @@
+ #define H1_PARSE_OPT_NONE (0)
+ #define H1_PARSE_OPT_STRICT (1 << 0)
+
++#define H1_PARSE_DEFAULT_MAX_LINE_LEN (8 * 1024)
++
+ struct h1_req_parser {
+ struct http_req *req;
+ struct bufq scratch;
+diff --git a/lib/http2.c b/lib/http2.c
+index 47e6f71393156..4e3b182b8d815 100644
+--- a/lib/http2.c
++++ b/lib/http2.c
+@@ -1860,7 +1860,7 @@ static ssize_t h2_submit(struct stream_ctx **pstream,
+ nghttp2_priority_spec pri_spec;
+ ssize_t nwritten;
+
+- Curl_h1_req_parse_init(&h1, (4*1024));
++ Curl_h1_req_parse_init(&h1, H1_PARSE_DEFAULT_MAX_LINE_LEN);
+ Curl_dynhds_init(&h2_headers, 0, DYN_HTTP_REQUEST);
+
+ *err = http2_data_setup(cf, data, &stream);
+diff --git a/lib/vquic/curl_msh3.c b/lib/vquic/curl_msh3.c
+index 40e89379fc402..173886739b6dc 100644
+--- a/lib/vquic/curl_msh3.c
++++ b/lib/vquic/curl_msh3.c
+@@ -575,7 +575,7 @@ static ssize_t cf_msh3_send(struct Curl_cfilter *cf, struct Curl_easy *data,
+
+ CF_DATA_SAVE(save, cf, data);
+
+- Curl_h1_req_parse_init(&h1, (4*1024));
++ Curl_h1_req_parse_init(&h1, H1_PARSE_DEFAULT_MAX_LINE_LEN);
+ Curl_dynhds_init(&h2_headers, 0, DYN_HTTP_REQUEST);
+
+ /* Sizes must match for cast below to work" */
+diff --git a/lib/vquic/curl_ngtcp2.c b/lib/vquic/curl_ngtcp2.c
+index 05f960afdffa1..7794f148c6ec9 100644
+--- a/lib/vquic/curl_ngtcp2.c
++++ b/lib/vquic/curl_ngtcp2.c
+@@ -1550,7 +1550,7 @@ static ssize_t h3_stream_open(struct Curl_cfilter *cf,
+ nghttp3_data_reader reader;
+ nghttp3_data_reader *preader = NULL;
+
+- Curl_h1_req_parse_init(&h1, (4*1024));
++ Curl_h1_req_parse_init(&h1, H1_PARSE_DEFAULT_MAX_LINE_LEN);
+ Curl_dynhds_init(&h2_headers, 0, DYN_HTTP_REQUEST);
+
+ *err = h3_data_setup(cf, data);
+diff --git a/lib/vquic/curl_quiche.c b/lib/vquic/curl_quiche.c
+index 392b9beb83c59..c63e8e10a22e0 100644
+--- a/lib/vquic/curl_quiche.c
++++ b/lib/vquic/curl_quiche.c
+@@ -913,7 +913,7 @@ static ssize_t h3_open_stream(struct Curl_cfilter *cf,
+ DEBUGASSERT(stream);
+ }
+
+- Curl_h1_req_parse_init(&h1, (4*1024));
++ Curl_h1_req_parse_init(&h1, H1_PARSE_DEFAULT_MAX_LINE_LEN);
+ Curl_dynhds_init(&h2_headers, 0, DYN_HTTP_REQUEST);
+
+ DEBUGASSERT(stream);
diff --git a/net-misc/curl/files/curl-8.1.0-numeric-hostname.patch b/net-misc/curl/files/curl-8.1.0-numeric-hostname.patch
new file mode 100644
index 000000000000..6a0dd1382d62
--- /dev/null
+++ b/net-misc/curl/files/curl-8.1.0-numeric-hostname.patch
@@ -0,0 +1,227 @@
+https://github.com/curl/curl/commit/92772e6d395bbdda0e7822d980caf86e8c4aa51c.patch
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 18 May 2023 00:31:17 +0200
+Subject: [PATCH] urlapi: allow numerical parts in the host name
+
+It can only be an IPv4 address if all parts are all digits and no more than
+four parts, otherwise it is a host name. Even slightly wrong IPv4 will now be
+passed through as a host name.
+
+Regression from 17a15d88467 shipped in 8.1.0
+
+Extended test 1560 accordingly.
+
+Reported-by: Pavel Kalyugin
+Fixes #11129
+Closes #11131
+--- a/lib/urlapi.c
++++ b/lib/urlapi.c
+@@ -34,6 +34,7 @@
+ #include "inet_ntop.h"
+ #include "strdup.h"
+ #include "idn.h"
++#include "curl_memrchr.h"
+
+ /* The last 3 #include files should be in this order */
+ #include "curl_printf.h"
+@@ -643,8 +644,8 @@ static CURLUcode hostname_check(struct Curl_URL *u, char *hostname,
+ * Handle partial IPv4 numerical addresses and different bases, like
+ * '16843009', '0x7f', '0x7f.1' '0177.1.1.1' etc.
+ *
+- * If the given input string is syntactically wrong or any part for example is
+- * too big, this function returns FALSE and doesn't create any output.
++ * If the given input string is syntactically wrong IPv4 or any part for
++ * example is too big, this function returns HOST_NAME.
+ *
+ * Output the "normalized" version of that input string in plain quad decimal
+ * integers.
+@@ -675,7 +676,7 @@ static int ipv4_normalize(struct dynbuf *host)
+ unsigned long l;
+ if(!ISDIGIT(*c))
+ /* most importantly this doesn't allow a leading plus or minus */
+- return n ? HOST_BAD : HOST_NAME;
++ return HOST_NAME;
+ l = strtoul(c, &endp, 0);
+
+ parts[n] = l;
+@@ -684,7 +685,7 @@ static int ipv4_normalize(struct dynbuf *host)
+ switch(*c) {
+ case '.':
+ if(n == 3)
+- return HOST_BAD;
++ return HOST_NAME;
+ n++;
+ c++;
+ break;
+@@ -694,39 +695,40 @@ static int ipv4_normalize(struct dynbuf *host)
+ break;
+
+ default:
+- return n ? HOST_BAD : HOST_NAME;
++ return HOST_NAME;
+ }
+
+ /* overflow */
+ if((l == ULONG_MAX) && (errno == ERANGE))
+- return HOST_BAD;
++ return HOST_NAME;
+
+ #if SIZEOF_LONG > 4
+ /* a value larger than 32 bits */
+ if(l > UINT_MAX)
+- return HOST_BAD;
++ return HOST_NAME;
+ #endif
+ }
+
+- /* this is a valid IPv4 numerical address */
+- Curl_dyn_reset(host);
+-
+ switch(n) {
+ case 0: /* a -- 32 bits */
++ Curl_dyn_reset(host);
++
+ result = Curl_dyn_addf(host, "%u.%u.%u.%u",
+ parts[0] >> 24, (parts[0] >> 16) & 0xff,
+ (parts[0] >> 8) & 0xff, parts[0] & 0xff);
+ break;
+ case 1: /* a.b -- 8.24 bits */
+ if((parts[0] > 0xff) || (parts[1] > 0xffffff))
+- return HOST_BAD;
++ return HOST_NAME;
++ Curl_dyn_reset(host);
+ result = Curl_dyn_addf(host, "%u.%u.%u.%u",
+ parts[0], (parts[1] >> 16) & 0xff,
+ (parts[1] >> 8) & 0xff, parts[1] & 0xff);
+ break;
+ case 2: /* a.b.c -- 8.8.16 bits */
+ if((parts[0] > 0xff) || (parts[1] > 0xff) || (parts[2] > 0xffff))
+- return HOST_BAD;
++ return HOST_NAME;
++ Curl_dyn_reset(host);
+ result = Curl_dyn_addf(host, "%u.%u.%u.%u",
+ parts[0], parts[1], (parts[2] >> 8) & 0xff,
+ parts[2] & 0xff);
+@@ -734,7 +736,8 @@ static int ipv4_normalize(struct dynbuf *host)
+ case 3: /* a.b.c.d -- 8.8.8.8 bits */
+ if((parts[0] > 0xff) || (parts[1] > 0xff) || (parts[2] > 0xff) ||
+ (parts[3] > 0xff))
+- return HOST_BAD;
++ return HOST_NAME;
++ Curl_dyn_reset(host);
+ result = Curl_dyn_addf(host, "%u.%u.%u.%u",
+ parts[0], parts[1], parts[2], parts[3]);
+ break;
+@@ -796,6 +799,9 @@ static CURLUcode parse_authority(struct Curl_URL *u,
+ if(result)
+ goto out;
+
++ if(!Curl_dyn_len(host))
++ return CURLUE_NO_HOST;
++
+ switch(ipv4_normalize(host)) {
+ case HOST_IPV4:
+ break;
+--- a/tests/libtest/lib1560.c
++++ b/tests/libtest/lib1560.c
+@@ -474,6 +474,13 @@ static const struct testcase get_parts_list[] ={
+ };
+
+ static const struct urltestcase get_url_list[] = {
++ {"https://1.0x1000000", "https://1.0x1000000/", 0, 0, CURLUE_OK},
++ {"https://0x7f.1", "https://127.0.0.1/", 0, 0, CURLUE_OK},
++ {"https://1.2.3.256.com", "https://1.2.3.256.com/", 0, 0, CURLUE_OK},
++ {"https://10.com", "https://10.com/", 0, 0, CURLUE_OK},
++ {"https://1.2.com", "https://1.2.com/", 0, 0, CURLUE_OK},
++ {"https://1.2.3.com", "https://1.2.3.com/", 0, 0, CURLUE_OK},
++ {"https://1.2.com.99", "https://1.2.com.99/", 0, 0, CURLUE_OK},
+ {"https://[fe80::0000:20c:29ff:fe9c:409b]:80/moo",
+ "https://[fe80::20c:29ff:fe9c:409b]:80/moo",
+ 0, 0, CURLUE_OK},
+@@ -522,22 +529,24 @@ static const struct urltestcase get_url_list[] = {
+
+ /* IPv4 trickeries */
+ {"https://16843009", "https://1.1.1.1/", 0, 0, CURLUE_OK},
+- {"https://0x7f.1", "https://127.0.0.1/", 0, 0, CURLUE_OK},
+ {"https://0177.1", "https://127.0.0.1/", 0, 0, CURLUE_OK},
+ {"https://0111.02.0x3", "https://73.2.0.3/", 0, 0, CURLUE_OK},
++ {"https://0111.02.0x3.", "https://0111.02.0x3./", 0, 0, CURLUE_OK},
++ {"https://0111.02.030", "https://73.2.0.24/", 0, 0, CURLUE_OK},
++ {"https://0111.02.030.", "https://0111.02.030./", 0, 0, CURLUE_OK},
+ {"https://0xff.0xff.0377.255", "https://255.255.255.255/", 0, 0, CURLUE_OK},
+ {"https://1.0xffffff", "https://1.255.255.255/", 0, 0, CURLUE_OK},
+ /* IPv4 numerical overflows or syntax errors will not normalize */
+ {"https://a127.0.0.1", "https://a127.0.0.1/", 0, 0, CURLUE_OK},
+ {"https://\xff.127.0.0.1", "https://%FF.127.0.0.1/", 0, CURLU_URLENCODE,
+ CURLUE_OK},
+- {"https://127.-0.0.1", "https://127.-0.0.1/", 0, 0, CURLUE_BAD_HOSTNAME},
++ {"https://127.-0.0.1", "https://127.-0.0.1/", 0, 0, CURLUE_OK},
+ {"https://127.0. 1", "https://127.0.0.1/", 0, 0, CURLUE_MALFORMED_INPUT},
+- {"https://1.0x1000000", "https://1.0x1000000/", 0, 0, CURLUE_BAD_HOSTNAME},
+- {"https://1.2.3.256", "https://1.2.3.256/", 0, 0, CURLUE_BAD_HOSTNAME},
+- {"https://1.2.3.4.5", "https://1.2.3.4.5/", 0, 0, CURLUE_BAD_HOSTNAME},
+- {"https://1.2.0x100.3", "https://1.2.0x100.3/", 0, 0, CURLUE_BAD_HOSTNAME},
+- {"https://4294967296", "https://4294967296/", 0, 0, CURLUE_BAD_HOSTNAME},
++ {"https://1.2.3.256", "https://1.2.3.256/", 0, 0, CURLUE_OK},
++ {"https://1.2.3.256.", "https://1.2.3.256./", 0, 0, CURLUE_OK},
++ {"https://1.2.3.4.5", "https://1.2.3.4.5/", 0, 0, CURLUE_OK},
++ {"https://1.2.0x100.3", "https://1.2.0x100.3/", 0, 0, CURLUE_OK},
++ {"https://4294967296", "https://4294967296/", 0, 0, CURLUE_OK},
+ {"https://123host", "https://123host/", 0, 0, CURLUE_OK},
+ /* 40 bytes scheme is the max allowed */
+ {"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA://hostname/path",
+@@ -599,20 +608,11 @@ static const struct urltestcase get_url_list[] = {
+ 0, 0, CURLUE_OK},
+ /* here the password has the semicolon */
+ {"http://user:pass;word@host/file",
+- "http://user:pass;word@host/file",
+- 0, 0, CURLUE_OK},
+- {"file:///file.txt#moo",
+- "file:///file.txt#moo",
+- 0, 0, CURLUE_OK},
+- {"file:////file.txt",
+- "file:////file.txt",
+- 0, 0, CURLUE_OK},
+- {"file:///file.txt",
+- "file:///file.txt",
+- 0, 0, CURLUE_OK},
+- {"file:./",
+- "file://",
+- 0, 0, CURLUE_BAD_SCHEME},
++ "http://user:pass;word@host/file", 0, 0, CURLUE_OK},
++ {"file:///file.txt#moo", "file:///file.txt#moo", 0, 0, CURLUE_OK},
++ {"file:////file.txt", "file:////file.txt", 0, 0, CURLUE_OK},
++ {"file:///file.txt", "file:///file.txt", 0, 0, CURLUE_OK},
++ {"file:./", "file://", 0, 0, CURLUE_OK},
+ {"http://example.com/hello/../here",
+ "http://example.com/hello/../here",
+ CURLU_PATH_AS_IS, 0, CURLUE_OK},
+@@ -1124,7 +1124,7 @@ static int get_url(void)
+ }
+ curl_free(url);
+ }
+- else if(rc != get_url_list[i].ucode) {
++ if(rc != get_url_list[i].ucode) {
+ fprintf(stderr, "Get URL\nin: %s\nreturned %d (expected %d)\n",
+ get_url_list[i].in, (int)rc, get_url_list[i].ucode);
+ error++;
+@@ -1515,6 +1515,9 @@ int test(char *URL)
+ {
+ (void)URL; /* not used */
+
++ if(get_url())
++ return 3;
++
+ if(huge())
+ return 9;
+
+@@ -1533,9 +1536,6 @@ int test(char *URL)
+ if(set_parts())
+ return 2;
+
+- if(get_url())
+- return 3;
+-
+ if(get_parts())
+ return 4;
+
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/curl/, net-misc/curl/files/
@ 2023-10-11 7:03 Sam James
0 siblings, 0 replies; 30+ messages in thread
From: Sam James @ 2023-10-11 7:03 UTC (permalink / raw
To: gentoo-commits
commit: 7f8dbaf27e1846b31eeb6d4b02fd9979ace03d8a
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Oct 11 07:01:55 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Oct 11 07:01:55 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7f8dbaf2
net-misc/curl: backport CVE-2023-38545, CVE-2023-38546 fixes to 8.3.0
Had a request to backport these - so why not? curl is a large program so
people might be hesitant to upgrade it quickly everywhere, so let's make life a bit
easier for them.
Bug: https://bugs.gentoo.org/915195
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-misc/curl/curl-8.3.0-r2.ebuild | 363 +++++++++++++++++++++
.../curl/files/curl-8.3.0-CVE-2023-38545.patch | 136 ++++++++
.../curl/files/curl-8.3.0-CVE-2023-38546.patch | 131 ++++++++
3 files changed, 630 insertions(+)
diff --git a/net-misc/curl/curl-8.3.0-r2.ebuild b/net-misc/curl/curl-8.3.0-r2.ebuild
new file mode 100644
index 000000000000..14f696216235
--- /dev/null
+++ b/net-misc/curl/curl-8.3.0-r2.ebuild
@@ -0,0 +1,363 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/danielstenberg.asc
+inherit autotools multilib-minimal multiprocessing prefix toolchain-funcs verify-sig
+
+DESCRIPTION="A Client that groks URLs"
+HOMEPAGE="https://curl.se/"
+
+if [[ ${PV} == 9999 ]]; then
+ inherit git-r3
+ EGIT_REPO_URI="https://github.com/curl/curl.git"
+else
+ SRC_URI="
+ https://curl.se/download/${P}.tar.xz
+ verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )
+ "
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+fi
+
+LICENSE="BSD curl ISC test? ( BSD-4 )"
+SLOT="0"
+IUSE="+adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap kerberos ldap mbedtls +openssl +pop3 +progress-meter rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd"
+# These select the default SSL implementation
+IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls"
+IUSE+=" nghttp3"
+RESTRICT="!test? ( test )"
+
+# Only one default ssl provider can be enabled
+# The default ssl provider needs its USE satisfied
+# nghttp3 = https://bugs.gentoo.org/912029
+REQUIRED_USE="
+ ssl? (
+ ^^ (
+ curl_ssl_gnutls
+ curl_ssl_mbedtls
+ curl_ssl_openssl
+ curl_ssl_rustls
+ )
+ )
+ curl_ssl_gnutls? ( gnutls )
+ curl_ssl_mbedtls? ( mbedtls )
+ curl_ssl_openssl? ( openssl )
+ curl_ssl_rustls? ( rustls )
+ nghttp3? ( !openssl )
+"
+
+# cURL's docs and CI/CD are great resources for confirming supported versions
+# particulary for fast-moving targets like HTTP/2 and TCP/2 e.g.:
+# - https://github.com/curl/curl/blob/master/docs/HTTP3.md
+# - https://github.com/curl/curl/blob/master/.github/workflows/quiche-linux.yml
+# However 'supported' vs 'works' are two entirely different things; be sane but
+# don't be afraid to require a later version.
+
+RDEPEND="
+ sys-libs/zlib[${MULTILIB_USEDEP}]
+ adns? ( net-dns/c-ares:=[${MULTILIB_USEDEP}] )
+ brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
+ http2? ( >=net-libs/nghttp2-1.12.0:=[${MULTILIB_USEDEP}] )
+ idn? ( net-dns/libidn2:=[static-libs?,${MULTILIB_USEDEP}] )
+ kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
+ ldap? ( net-nds/openldap:=[static-libs?,${MULTILIB_USEDEP}] )
+ nghttp3? (
+ >=net-libs/nghttp3-0.15.0[${MULTILIB_USEDEP}]
+ >=net-libs/ngtcp2-0.19.1[gnutls,ssl,-openssl,${MULTILIB_USEDEP}]
+ )
+ rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
+ ssh? ( net-libs/libssh2[${MULTILIB_USEDEP}] )
+ ssl? (
+ gnutls? (
+ app-misc/ca-certificates
+ net-libs/gnutls:=[static-libs?,${MULTILIB_USEDEP}]
+ dev-libs/nettle:=[${MULTILIB_USEDEP}]
+ )
+ mbedtls? (
+ app-misc/ca-certificates
+ net-libs/mbedtls:=[${MULTILIB_USEDEP}]
+ )
+ openssl? (
+ dev-libs/openssl:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
+ )
+ rustls? (
+ net-libs/rustls-ffi:=[${MULTILIB_USEDEP}]
+ )
+ )
+ zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )
+"
+
+DEPEND="${RDEPEND}"
+
+BDEPEND="
+ dev-lang/perl
+ virtual/pkgconfig
+ test? (
+ sys-apps/diffutils
+ http2? ( >=net-libs/nghttp2-1.15.0:=[utils,${MULTILIB_USEDEP}] )
+ nghttp3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] )
+ )
+ verify-sig? ( sec-keys/openpgp-keys-danielstenberg )
+"
+
+DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
+
+MULTILIB_WRAPPED_HEADERS=(
+ /usr/include/curl/curlbuild.h
+)
+
+MULTILIB_CHOST_TOOLS=(
+ /usr/bin/curl-config
+)
+
+QA_CONFIG_IMPL_DECL_SKIP=(
+ __builtin_available
+ closesocket
+ CloseSocket
+ getpass_r
+ ioctlsocket
+ IoctlSocket
+ mach_absolute_time
+ setmode
+)
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-prefix.patch
+ "${FILESDIR}"/${PN}-respect-cflags-3.patch
+ "${FILESDIR}"/${P}-tests-arm-musl.patch
+ "${FILESDIR}"/${P}-CVE-2023-38545.patch
+ "${FILESDIR}"/${P}-CVE-2023-38546.patch
+)
+
+src_prepare() {
+ default
+
+ eprefixify curl-config.in
+ eautoreconf
+}
+
+multilib_src_configure() {
+ # We make use of the fact that later flags override earlier ones
+ # So start with all ssl providers off until proven otherwise
+ # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
+ local myconf=()
+
+ myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
+ if use ssl; then
+ myconf+=( --without-gnutls --without-mbedtls --without-rustls )
+
+ if use gnutls; then
+ multilib_is_native_abi && einfo "SSL provided by gnutls"
+ myconf+=( --with-gnutls )
+ fi
+ if use mbedtls; then
+ multilib_is_native_abi && einfo "SSL provided by mbedtls"
+ myconf+=( --with-mbedtls )
+ fi
+ if use openssl; then
+ multilib_is_native_abi && einfo "SSL provided by openssl"
+ myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
+ fi
+ if use rustls; then
+ multilib_is_native_abi && einfo "SSL provided by rustls"
+ myconf+=( --with-rustls )
+ fi
+ if use curl_ssl_gnutls; then
+ multilib_is_native_abi && einfo "Default SSL provided by gnutls"
+ myconf+=( --with-default-ssl-backend=gnutls )
+ elif use curl_ssl_mbedtls; then
+ multilib_is_native_abi && einfo "Default SSL provided by mbedtls"
+ myconf+=( --with-default-ssl-backend=mbedtls )
+ elif use curl_ssl_openssl; then
+ multilib_is_native_abi && einfo "Default SSL provided by openssl"
+ myconf+=( --with-default-ssl-backend=openssl )
+ elif use curl_ssl_rustls; then
+ multilib_is_native_abi && einfo "Default SSL provided by rustls"
+ myconf+=( --with-default-ssl-backend=rustls )
+ else
+ eerror "We can't be here because of REQUIRED_USE."
+ die "Please file a bug, hit impossible condition w/ USE=ssl handling."
+ fi
+
+ else
+ myconf+=( --without-ssl )
+ einfo "SSL disabled"
+ fi
+
+ # These configuration options are organized alphabetically
+ # within each category. This should make it easier if we
+ # ever decide to make any of them contingent on USE flags:
+ # 1) protocols first. To see them all do
+ # 'grep SUPPORT_PROTOCOLS configure.ac'
+ # 2) --enable/disable options second.
+ # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
+ # 3) --with/without options third.
+ # grep -- --with configure | grep Check | awk '{ print $4 }' | sort
+
+ myconf+=(
+ $(use_enable alt-svc)
+ --enable-basic-auth
+ --enable-bearer-auth
+ --enable-digest-auth
+ --enable-kerberos-auth
+ --enable-negotiate-auth
+ --enable-aws
+ --enable-dict
+ --disable-ech
+ --enable-file
+ $(use_enable ftp)
+ $(use_enable gopher)
+ $(use_enable hsts)
+ --enable-http
+ $(use_enable imap)
+ $(use_enable ldap)
+ $(use_enable ldap ldaps)
+ --enable-ntlm
+ --disable-ntlm-wb
+ $(use_enable pop3)
+ --enable-rt
+ --enable-rtsp
+ $(use_enable samba smb)
+ $(use_with ssh libssh2)
+ $(use_enable smtp)
+ $(use_enable telnet)
+ $(use_enable tftp)
+ --enable-tls-srp
+ $(use_enable adns ares)
+ --enable-cookies
+ --enable-dateparse
+ --enable-dnsshuffle
+ --enable-doh
+ --enable-symbol-hiding
+ --enable-http-auth
+ --enable-ipv6
+ --enable-largefile
+ --enable-manual
+ --enable-mime
+ --enable-netrc
+ $(use_enable progress-meter)
+ --enable-proxy
+ --enable-socketpair
+ --disable-sspi
+ $(use_enable static-libs static)
+ --enable-pthreads
+ --enable-threaded-resolver
+ --disable-versioned-symbols
+ --without-amissl
+ --without-bearssl
+ $(use_with brotli)
+ --with-fish-functions-dir="${EPREFIX}"/usr/share/fish/vendor_completions.d
+ $(use_with http2 nghttp2)
+ --without-hyper
+ $(use_with idn libidn2)
+ $(use_with kerberos gssapi "${EPREFIX}"/usr)
+ --without-libgsasl
+ --without-libpsl
+ --without-msh3
+ $(use_with nghttp3)
+ $(use_with nghttp3 ngtcp2)
+ --without-quiche
+ $(use_with rtmp librtmp)
+ --without-schannel
+ --without-secure-transport
+ --without-test-caddy
+ --without-test-httpd
+ --without-test-nghttpx
+ $(use_enable websockets)
+ --without-winidn
+ --without-wolfssl
+ --with-zlib
+ $(use_with zstd)
+ --with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions
+ )
+
+ if use test && multilib_is_native_abi && ( use http2 || use nghttp3 ); then
+ myconf+=(
+ --with-test-nghttpx="${BROOT}/usr/bin/nghttpx"
+ )
+ fi
+
+ if [[ ${CHOST} == *mingw* ]] ; then
+ myconf+=(
+ --disable-pthreads
+ )
+ fi
+
+ ECONF_SOURCE="${S}" econf "${myconf[@]}"
+
+ if ! multilib_is_native_abi; then
+ # Avoid building the client (we just want libcurl for multilib)
+ sed -i -e '/SUBDIRS/s:src::' Makefile || die
+ sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
+ fi
+
+ # Fix up the pkg-config file to be more robust.
+ # https://github.com/curl/curl/issues/864
+ local priv=() libs=()
+ # We always enable zlib.
+ libs+=( "-lz" )
+ priv+=( "zlib" )
+ if use http2; then
+ libs+=( "-lnghttp2" )
+ priv+=( "libnghttp2" )
+ fi
+ if use nghttp3; then
+ libs+=( "-lnghttp3" "-lngtcp2" )
+ priv+=( "libnghttp3" "libngtcp2" )
+ fi
+ if use ssl && use curl_ssl_openssl; then
+ libs+=( "-lssl" "-lcrypto" )
+ priv+=( "openssl" )
+ fi
+ grep -q Requires.private libcurl.pc && die "need to update ebuild"
+ libs=$(printf '|%s' "${libs[@]}")
+ sed -i -r \
+ -e "/^Libs.private/s:(${libs#|})( |$)::g" \
+ libcurl.pc || die
+ echo "Requires.private: ${priv[*]}" >> libcurl.pc || die
+}
+
+multilib_src_compile() {
+ default
+
+ if multilib_is_native_abi; then
+ # Shell completions
+ ! tc-is-cross-compiler && emake -C scripts
+ fi
+}
+
+# There is also a pytest harness that tests for bugs in some very specific
+# situations; we can rely on upstream for this rather than adding additional test deps.
+multilib_src_test() {
+ # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
+ # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
+ # -v: verbose
+ # -a: keep going on failure (so we see everything which breaks, not just 1st test)
+ # -k: keep test files after completion
+ # -am: automake style TAP output
+ # -p: print logs if test fails
+ # Note: if needed, we can skip specific tests. See e.g. Fedora's packaging
+ # or just read https://github.com/curl/curl/tree/master/tests#run.
+ # Note: we don't run the testsuite for cross-compilation.
+ # Upstream recommend 7*nproc as a starting point for parallel tests, but
+ # this ends up breaking when nproc is huge (like -j80).
+ # The network sandbox causes tests 241 and 1083 to fail; these are typically skipped
+ # as most gentoo users don't have an 'ip6-localhost'
+ multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p -j$((2*$(makeopts_jobs))) !241 !1083"
+}
+
+multilib_src_install() {
+ emake DESTDIR="${D}" install
+
+ if multilib_is_native_abi; then
+ # Shell completions
+ ! tc-is-cross-compiler && emake -C scripts DESTDIR="${D}" install
+ fi
+}
+
+multilib_src_install_all() {
+ einstalldocs
+ find "${ED}" -type f -name '*.la' -delete || die
+ rm -rf "${ED}"/etc/ || die
+}
diff --git a/net-misc/curl/files/curl-8.3.0-CVE-2023-38545.patch b/net-misc/curl/files/curl-8.3.0-CVE-2023-38545.patch
new file mode 100644
index 000000000000..04603a8c01dc
--- /dev/null
+++ b/net-misc/curl/files/curl-8.3.0-CVE-2023-38545.patch
@@ -0,0 +1,136 @@
+https://bugs.gentoo.org/915195
+
+From 1e1f915b73ab0895a68348ad1f96a5283a44ffd7 Mon Sep 17 00:00:00 2001
+From: Jay Satiro <raysatiro@yahoo.com>
+Date: Mon, 9 Oct 2023 17:45:07 -0400
+Subject: [PATCH] socks: return error if hostname too long for remote resolve
+
+Prior to this change the state machine attempted to change the remote
+resolve to a local resolve if the hostname was longer than 255
+characters. Unfortunately that did not work as intended and caused a
+security issue.
+
+This patch applies to curl versions 8.2.0 - 8.3.0. Other versions
+that are affected take a different patch. Refer to the CVE advisory
+for more information.
+
+Bug: https://curl.se/docs/CVE-2023-38545.html
+---
+ lib/socks.c | 8 +++----
+ tests/data/Makefile.inc | 2 +-
+ tests/data/test728 | 64 +++++++++++++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 69 insertions(+), 5 deletions(-)
+ create mode 100644 tests/data/test728
+
+diff --git a/lib/socks.c b/lib/socks.c
+index 25a3578..3d41c93 100644
+--- a/lib/socks.c
++++ b/lib/socks.c
+@@ -588,9 +588,9 @@ static CURLproxycode do_SOCKS5(struct Curl_cfilter *cf,
+
+ /* RFC1928 chapter 5 specifies max 255 chars for domain name in packet */
+ if(!socks5_resolve_local && hostname_len > 255) {
+- infof(data, "SOCKS5: server resolving disabled for hostnames of "
+- "length > 255 [actual len=%zu]", hostname_len);
+- socks5_resolve_local = TRUE;
++ failf(data, "SOCKS5: the destination hostname is too long to be "
++ "resolved remotely by the proxy.");
++ return CURLPX_LONG_HOSTNAME;
+ }
+
+ if(auth & ~(CURLAUTH_BASIC | CURLAUTH_GSSAPI))
+@@ -904,7 +904,7 @@ CONNECT_RESOLVE_REMOTE:
+ }
+ else {
+ socksreq[len++] = 3;
+- socksreq[len++] = (char) hostname_len; /* one byte address length */
++ socksreq[len++] = (unsigned char) hostname_len; /* one byte length */
+ memcpy(&socksreq[len], sx->hostname, hostname_len); /* w/o NULL */
+ len += hostname_len;
+ }
+diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
+index 8ee1394..3e2094e 100644
+--- a/tests/data/Makefile.inc
++++ b/tests/data/Makefile.inc
+@@ -100,7 +100,7 @@ test679 test680 test681 test682 test683 test684 test685 test686 \
+ \
+ test700 test701 test702 test703 test704 test705 test706 test707 test708 \
+ test709 test710 test711 test712 test713 test714 test715 test716 test717 \
+-test718 test719 test720 test721 \
++test718 test719 test720 test721 test728 \
+ \
+ test799 test800 test801 test802 test803 test804 test805 test806 test807 \
+ test808 test809 test810 test811 test812 test813 test814 test815 test816 \
+diff --git a/tests/data/test728 b/tests/data/test728
+new file mode 100644
+index 0000000..05bcf28
+--- /dev/null
++++ b/tests/data/test728
+@@ -0,0 +1,64 @@
++<testcase>
++<info>
++<keywords>
++HTTP
++HTTP GET
++SOCKS5
++SOCKS5h
++followlocation
++</keywords>
++</info>
++
++#
++# Server-side
++<reply>
++# The hostname in this redirect is 256 characters and too long (> 255) for
++# SOCKS5 remote resolve. curl must return error CURLE_PROXY in this case.
++<data>
++HTTP/1.1 301 Moved Permanently
++Location: http://AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/
++Content-Length: 0
++Connection: close
++
++</data>
++</reply>
++
++#
++# Client-side
++<client>
++<features>
++proxy
++</features>
++<server>
++http
++socks5
++</server>
++ <name>
++SOCKS5h with HTTP redirect to hostname too long
++ </name>
++ <command>
++--no-progress-meter --location --proxy socks5h://%HOSTIP:%SOCKSPORT http://%HOSTIP:%HTTPPORT/%TESTNUMBER
++</command>
++</client>
++
++#
++# Verify data after the test has been "shot"
++<verify>
++<protocol crlf="yes">
++GET /%TESTNUMBER HTTP/1.1
++Host: %HOSTIP:%HTTPPORT
++User-Agent: curl/%VERSION
++Accept: */*
++
++</protocol>
++<errorcode>
++97
++</errorcode>
++# the error message is verified because error code CURLE_PROXY (97) may be
++# returned for any number of reasons and we need to make sure it is
++# specifically for the reason below so that we know the check is working.
++<stderr mode="text">
++curl: (97) SOCKS5: the destination hostname is too long to be resolved remotely by the proxy.
++</stderr>
++</verify>
++</testcase>
+--
+2.7.4
+
diff --git a/net-misc/curl/files/curl-8.3.0-CVE-2023-38546.patch b/net-misc/curl/files/curl-8.3.0-CVE-2023-38546.patch
new file mode 100644
index 000000000000..615ab26cb2a8
--- /dev/null
+++ b/net-misc/curl/files/curl-8.3.0-CVE-2023-38546.patch
@@ -0,0 +1,131 @@
+https://bugs.gentoo.org/915195
+https://github.com/curl/curl/commit/61275672b46d9abb3285740467b882e22ed75da8
+
+From 61275672b46d9abb3285740467b882e22ed75da8 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 14 Sep 2023 23:28:32 +0200
+Subject: [PATCH] cookie: remove unnecessary struct fields
+
+Plus: reduce the hash table size from 256 to 63. It seems unlikely to
+make much of a speed difference for most use cases but saves 1.5KB of
+data per instance.
+
+Closes #11862
+---
+ lib/cookie.c | 13 +------------
+ lib/cookie.h | 13 ++++---------
+ lib/easy.c | 4 +---
+ 3 files changed, 6 insertions(+), 24 deletions(-)
+
+diff --git a/lib/cookie.c b/lib/cookie.c
+index 4345a84c6fd9d..e39c89a94a960 100644
+--- a/lib/cookie.c
++++ b/lib/cookie.c
+@@ -119,7 +119,6 @@ static void freecookie(struct Cookie *co)
+ free(co->name);
+ free(co->value);
+ free(co->maxage);
+- free(co->version);
+ free(co);
+ }
+
+@@ -718,11 +717,7 @@ Curl_cookie_add(struct Curl_easy *data,
+ }
+ }
+ else if((nlen == 7) && strncasecompare("version", namep, 7)) {
+- strstore(&co->version, valuep, vlen);
+- if(!co->version) {
+- badcookie = TRUE;
+- break;
+- }
++ /* just ignore */
+ }
+ else if((nlen == 7) && strncasecompare("max-age", namep, 7)) {
+ /*
+@@ -1160,7 +1155,6 @@ Curl_cookie_add(struct Curl_easy *data,
+ free(clist->path);
+ free(clist->spath);
+ free(clist->expirestr);
+- free(clist->version);
+ free(clist->maxage);
+
+ *clist = *co; /* then store all the new data */
+@@ -1224,9 +1218,6 @@ struct CookieInfo *Curl_cookie_init(struct Curl_easy *data,
+ c = calloc(1, sizeof(struct CookieInfo));
+ if(!c)
+ return NULL; /* failed to get memory */
+- c->filename = strdup(file?file:"none"); /* copy the name just in case */
+- if(!c->filename)
+- goto fail; /* failed to get memory */
+ /*
+ * Initialize the next_expiration time to signal that we don't have enough
+ * information yet.
+@@ -1378,7 +1369,6 @@ static struct Cookie *dup_cookie(struct Cookie *src)
+ CLONE(name);
+ CLONE(value);
+ CLONE(maxage);
+- CLONE(version);
+ d->expires = src->expires;
+ d->tailmatch = src->tailmatch;
+ d->secure = src->secure;
+@@ -1595,7 +1585,6 @@ void Curl_cookie_cleanup(struct CookieInfo *c)
+ {
+ if(c) {
+ unsigned int i;
+- free(c->filename);
+ for(i = 0; i < COOKIE_HASH_SIZE; i++)
+ Curl_cookie_freelist(c->cookies[i]);
+ free(c); /* free the base struct as well */
+diff --git a/lib/cookie.h b/lib/cookie.h
+index b3c0063b2cfb2..41e9e7a6914e0 100644
+--- a/lib/cookie.h
++++ b/lib/cookie.h
+@@ -36,11 +36,7 @@ struct Cookie {
+ char *domain; /* domain = <this> */
+ curl_off_t expires; /* expires = <this> */
+ char *expirestr; /* the plain text version */
+-
+- /* RFC 2109 keywords. Version=1 means 2109-compliant cookie sending */
+- char *version; /* Version = <value> */
+ char *maxage; /* Max-Age = <value> */
+-
+ bool tailmatch; /* whether we do tail-matching of the domain name */
+ bool secure; /* whether the 'secure' keyword was used */
+ bool livecookie; /* updated from a server, not a stored file */
+@@ -56,17 +52,16 @@ struct Cookie {
+ #define COOKIE_PREFIX__SECURE (1<<0)
+ #define COOKIE_PREFIX__HOST (1<<1)
+
+-#define COOKIE_HASH_SIZE 256
++#define COOKIE_HASH_SIZE 63
+
+ struct CookieInfo {
+ /* linked list of cookies we know of */
+ struct Cookie *cookies[COOKIE_HASH_SIZE];
+- char *filename; /* file we read from/write to */
+- long numcookies; /* number of cookies in the "jar" */
++ curl_off_t next_expiration; /* the next time at which expiration happens */
++ int numcookies; /* number of cookies in the "jar" */
++ int lastct; /* last creation-time used in the jar */
+ bool running; /* state info, for cookie adding information */
+ bool newsession; /* new session, discard session cookies on load */
+- int lastct; /* last creation-time used in the jar */
+- curl_off_t next_expiration; /* the next time at which expiration happens */
+ };
+
+ /* The maximum sizes we accept for cookies. RFC 6265 section 6.1 says
+diff --git a/lib/easy.c b/lib/easy.c
+index 16bbd35251d40..03195481f9780 100644
+--- a/lib/easy.c
++++ b/lib/easy.c
+@@ -925,9 +925,7 @@ struct Curl_easy *curl_easy_duphandle(struct Curl_easy *data)
+ if(data->cookies) {
+ /* If cookies are enabled in the parent handle, we enable them
+ in the clone as well! */
+- outcurl->cookies = Curl_cookie_init(data,
+- data->cookies->filename,
+- outcurl->cookies,
++ outcurl->cookies = Curl_cookie_init(data, NULL, outcurl->cookies,
+ data->set.cookiesession);
+ if(!outcurl->cookies)
+ goto fail;
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/curl/, net-misc/curl/files/
@ 2024-01-05 5:57 Sam James
0 siblings, 0 replies; 30+ messages in thread
From: Sam James @ 2024-01-05 5:57 UTC (permalink / raw
To: gentoo-commits
commit: 6da47de8d9c8087ff2f55c8fc4459387207a13cd
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Jan 5 05:56:33 2024 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Jan 5 05:57:04 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6da47de8
net-misc/curl: fix mpd streaming
Bug: https://github.com/MusicPlayerDaemon/MPD/issues/1952
Bug: https://github.com/curl/curl/issues/12632
Closes: https://bugs.gentoo.org/916471
Signed-off-by: Sam James <sam <AT> gentoo.org>
.../{curl-9999.ebuild => curl-8.5.0-r2.ebuild} | 8 ++-
net-misc/curl/curl-9999.ebuild | 5 +-
...curl-8.5.0-mpd-stream-http-adjust_pollset.patch | 69 ++++++++++++++++++++++
3 files changed, 79 insertions(+), 3 deletions(-)
diff --git a/net-misc/curl/curl-9999.ebuild b/net-misc/curl/curl-8.5.0-r2.ebuild
similarity index 97%
copy from net-misc/curl/curl-9999.ebuild
copy to net-misc/curl/curl-8.5.0-r2.ebuild
index 7d87477bc1f1..03cc7f61ebca 100644
--- a/net-misc/curl/curl-9999.ebuild
+++ b/net-misc/curl/curl-8.5.0-r2.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2023 Gentoo Authors
+# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
@@ -123,11 +123,14 @@ QA_CONFIG_IMPL_DECL_SKIP=(
IoctlSocket
mach_absolute_time
setmode
+ _fseeki64
)
PATCHES=(
"${FILESDIR}"/${PN}-prefix.patch
"${FILESDIR}"/${PN}-respect-cflags-3.patch
+ "${FILESDIR}"/${P}-ipv6-configure-c99.patch
+ "${FILESDIR}"/${P}-mpd-stream-http-adjust_pollset.patch
)
src_prepare() {
@@ -344,7 +347,8 @@ multilib_src_test() {
# this ends up breaking when nproc is huge (like -j80).
# The network sandbox causes tests 241 and 1083 to fail; these are typically skipped
# as most gentoo users don't have an 'ip6-localhost'
- multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p -j$((2*$(makeopts_jobs))) !241 !1083"
+ # Required deps for 1477 are not included in the release tarball for 8.5.0
+ multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p -j$((2*$(makeopts_jobs))) !241 !1083 !1477"
}
multilib_src_install() {
diff --git a/net-misc/curl/curl-9999.ebuild b/net-misc/curl/curl-9999.ebuild
index 7d87477bc1f1..e390e3ae71bb 100644
--- a/net-misc/curl/curl-9999.ebuild
+++ b/net-misc/curl/curl-9999.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2023 Gentoo Authors
+# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
@@ -123,11 +123,14 @@ QA_CONFIG_IMPL_DECL_SKIP=(
IoctlSocket
mach_absolute_time
setmode
+ _fseeki64
)
PATCHES=(
"${FILESDIR}"/${PN}-prefix.patch
"${FILESDIR}"/${PN}-respect-cflags-3.patch
+ "${FILESDIR}"/${P}-ipv6-configure-c99.patch
+ "${FILESDIR}"/${P}-mpd-stream-http-adjust_pollset.patch
)
src_prepare() {
diff --git a/net-misc/curl/files/curl-8.5.0-mpd-stream-http-adjust_pollset.patch b/net-misc/curl/files/curl-8.5.0-mpd-stream-http-adjust_pollset.patch
new file mode 100644
index 000000000000..79a16a2cc7b4
--- /dev/null
+++ b/net-misc/curl/files/curl-8.5.0-mpd-stream-http-adjust_pollset.patch
@@ -0,0 +1,69 @@
+https://github.com/MusicPlayerDaemon/MPD/issues/1952
+https://github.com/curl/curl/issues/12632
+https://github.com/curl/curl/commit/8e2d7b9fa4264b94bd1d9838c84d16e4cd33fbea
+
+From 8e2d7b9fa4264b94bd1d9838c84d16e4cd33fbea Mon Sep 17 00:00:00 2001
+From: Stefan Eissing <stefan@eissing.org>
+Date: Thu, 4 Jan 2024 10:06:17 +0100
+Subject: [PATCH] http: adjust_pollset fix
+
+do not add a socket for POLLIN when the transfer does not want to send
+(for example is paused).
+
+Follow-up to 47f5b1a
+
+Reported-by: bubbleguuum on github
+Fixes #12632
+Closes #12633
+--- a/lib/cf-socket.c
++++ b/lib/cf-socket.c
+@@ -1243,7 +1243,7 @@ static void cf_socket_adjust_pollset(struct Curl_cfilter *cf,
+ if(ctx->sock != CURL_SOCKET_BAD) {
+ if(!cf->connected)
+ Curl_pollset_set_out_only(data, ps, ctx->sock);
+- else
++ else if(CURL_WANT_RECV(data))
+ Curl_pollset_add_in(data, ps, ctx->sock);
+ CURL_TRC_CF(data, cf, "adjust_pollset -> %d socks", ps->num);
+ }
+--- a/lib/http2.c
++++ b/lib/http2.c
+@@ -2341,8 +2341,8 @@ static void cf_h2_adjust_pollset(struct Curl_cfilter *cf,
+ bool c_exhaust, s_exhaust;
+
+ CF_DATA_SAVE(save, cf, data);
+- c_exhaust = !nghttp2_session_get_remote_window_size(ctx->h2);
+- s_exhaust = stream && stream->id >= 0 &&
++ c_exhaust = want_send && !nghttp2_session_get_remote_window_size(ctx->h2);
++ s_exhaust = want_send && stream && stream->id >= 0 &&
+ !nghttp2_session_get_stream_remote_window_size(ctx->h2,
+ stream->id);
+ want_recv = (want_recv || c_exhaust || s_exhaust);
+--- a/lib/vquic/curl_ngtcp2.c
++++ b/lib/vquic/curl_ngtcp2.c
+@@ -1166,9 +1166,10 @@ static void cf_ngtcp2_adjust_pollset(struct Curl_cfilter *cf,
+ bool c_exhaust, s_exhaust;
+
+ CF_DATA_SAVE(save, cf, data);
+- c_exhaust = !ngtcp2_conn_get_cwnd_left(ctx->qconn) ||
+- !ngtcp2_conn_get_max_data_left(ctx->qconn);
+- s_exhaust = stream && stream->id >= 0 && stream->quic_flow_blocked;
++ c_exhaust = want_send && (!ngtcp2_conn_get_cwnd_left(ctx->qconn) ||
++ !ngtcp2_conn_get_max_data_left(ctx->qconn));
++ s_exhaust = want_send && stream && stream->id >= 0 &&
++ stream->quic_flow_blocked;
+ want_recv = (want_recv || c_exhaust || s_exhaust);
+ want_send = (!s_exhaust && want_send) ||
+ !Curl_bufq_is_empty(&ctx->q.sendbuf);
+--- a/lib/vquic/curl_quiche.c
++++ b/lib/vquic/curl_quiche.c
+@@ -1189,7 +1189,7 @@ static void cf_quiche_adjust_pollset(struct Curl_cfilter *cf,
+
+ c_exhaust = FALSE; /* Have not found any call in quiche that tells
+ us if the connection itself is blocked */
+- s_exhaust = stream && stream->id >= 0 &&
++ s_exhaust = want_send && stream && stream->id >= 0 &&
+ (stream->quic_flow_blocked || !stream_is_writeable(cf, data));
+ want_recv = (want_recv || c_exhaust || s_exhaust);
+ want_send = (!s_exhaust && want_send) ||
+
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/curl/, net-misc/curl/files/
@ 2024-01-05 5:57 Sam James
0 siblings, 0 replies; 30+ messages in thread
From: Sam James @ 2024-01-05 5:57 UTC (permalink / raw
To: gentoo-commits
commit: fa7c78354f518ea4c75dfa23acae132a8e8cb493
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Jan 5 05:38:51 2024 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Jan 5 05:51:29 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fa7c7835
net-misc/curl: fix modern C issue in configure ipv6 check
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-misc/curl/curl-8.5.0-r1.ebuild | 365 +++++++++++++++++++++
.../curl/files/curl-8.5.0-ipv6-configure-c99.patch | 31 ++
2 files changed, 396 insertions(+)
diff --git a/net-misc/curl/curl-8.5.0-r1.ebuild b/net-misc/curl/curl-8.5.0-r1.ebuild
new file mode 100644
index 000000000000..8c9e7ec34d3f
--- /dev/null
+++ b/net-misc/curl/curl-8.5.0-r1.ebuild
@@ -0,0 +1,365 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/danielstenberg.asc
+inherit autotools multilib-minimal multiprocessing prefix toolchain-funcs verify-sig
+
+DESCRIPTION="A Client that groks URLs"
+HOMEPAGE="https://curl.se/"
+
+if [[ ${PV} == 9999 ]]; then
+ inherit git-r3
+ EGIT_REPO_URI="https://github.com/curl/curl.git"
+else
+ SRC_URI="
+ https://curl.se/download/${P}.tar.xz
+ verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )
+ "
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+fi
+
+LICENSE="BSD curl ISC test? ( BSD-4 )"
+SLOT="0"
+IUSE="+adns +alt-svc brotli +ftp gnutls gopher +hsts +http2 idn +imap kerberos ldap mbedtls nghttp3 +openssl +pop3"
+IUSE+=" +progress-meter rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd"
+# These select the default SSL implementation
+IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls"
+RESTRICT="!test? ( test )"
+
+# Only one default ssl provider can be enabled
+# The default ssl provider needs its USE satisfied
+# nghttp3 = https://bugs.gentoo.org/912029
+REQUIRED_USE="
+ ssl? (
+ ^^ (
+ curl_ssl_gnutls
+ curl_ssl_mbedtls
+ curl_ssl_openssl
+ curl_ssl_rustls
+ )
+ )
+ curl_ssl_gnutls? ( gnutls )
+ curl_ssl_mbedtls? ( mbedtls )
+ curl_ssl_openssl? ( openssl )
+ curl_ssl_rustls? ( rustls )
+ nghttp3? (
+ !openssl
+ alt-svc )
+"
+
+# cURL's docs and CI/CD are great resources for confirming supported versions
+# particulary for fast-moving targets like HTTP/2 and TCP/2 e.g.:
+# - https://github.com/curl/curl/blob/master/docs/INTERNALS.md (core dependencies + minimum versions)
+# - https://github.com/curl/curl/blob/master/docs/HTTP3.md (example of a feature that moves quickly)
+# - https://github.com/curl/curl/blob/master/.github/workflows/quiche-linux.yml (CI/CD for TCP/2)
+# However 'supported' vs 'works' are two entirely different things; be sane but
+# don't be afraid to require a later version.
+
+RDEPEND="
+ >=sys-libs/zlib-1.1.4[${MULTILIB_USEDEP}]
+ adns? ( net-dns/c-ares:=[${MULTILIB_USEDEP}] )
+ brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
+ http2? ( >=net-libs/nghttp2-1.12.0:=[${MULTILIB_USEDEP}] )
+ idn? ( net-dns/libidn2:=[static-libs?,${MULTILIB_USEDEP}] )
+ kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
+ ldap? ( >=net-nds/openldap-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
+ nghttp3? (
+ >=net-libs/nghttp3-0.15.0[${MULTILIB_USEDEP}]
+ >=net-libs/ngtcp2-0.19.1[gnutls,ssl,-openssl,${MULTILIB_USEDEP}]
+ )
+ rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
+ ssh? ( >=net-libs/libssh2-1.0.0[${MULTILIB_USEDEP}] )
+ ssl? (
+ gnutls? (
+ app-misc/ca-certificates
+ >=net-libs/gnutls-3.1.10:=[static-libs?,${MULTILIB_USEDEP}]
+ dev-libs/nettle:=[${MULTILIB_USEDEP}]
+ )
+ mbedtls? (
+ app-misc/ca-certificates
+ net-libs/mbedtls:=[${MULTILIB_USEDEP}]
+ )
+ openssl? (
+ >=dev-libs/openssl-0.9.7:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
+ )
+ rustls? (
+ net-libs/rustls-ffi:=[${MULTILIB_USEDEP}]
+ )
+ )
+ zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )
+"
+
+DEPEND="${RDEPEND}"
+
+BDEPEND="
+ dev-lang/perl
+ virtual/pkgconfig
+ test? (
+ sys-apps/diffutils
+ http2? ( >=net-libs/nghttp2-1.15.0:=[utils,${MULTILIB_USEDEP}] )
+ nghttp3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] )
+ )
+ verify-sig? ( sec-keys/openpgp-keys-danielstenberg )
+"
+
+DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
+
+MULTILIB_WRAPPED_HEADERS=(
+ /usr/include/curl/curlbuild.h
+)
+
+MULTILIB_CHOST_TOOLS=(
+ /usr/bin/curl-config
+)
+
+QA_CONFIG_IMPL_DECL_SKIP=(
+ __builtin_available
+ closesocket
+ CloseSocket
+ getpass_r
+ ioctlsocket
+ IoctlSocket
+ mach_absolute_time
+ setmode
+)
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-prefix.patch
+ "${FILESDIR}"/${PN}-respect-cflags-3.patch
+ "${FILESDIR}"/${P}-ipv6-configure-c99.patch
+)
+
+src_prepare() {
+ default
+
+ eprefixify curl-config.in
+ eautoreconf
+}
+
+multilib_src_configure() {
+ # We make use of the fact that later flags override earlier ones
+ # So start with all ssl providers off until proven otherwise
+ # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
+ local myconf=()
+
+ myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
+ if use ssl; then
+ myconf+=( --without-gnutls --without-mbedtls --without-rustls )
+
+ if use gnutls; then
+ multilib_is_native_abi && einfo "SSL provided by gnutls"
+ myconf+=( --with-gnutls )
+ fi
+ if use mbedtls; then
+ multilib_is_native_abi && einfo "SSL provided by mbedtls"
+ myconf+=( --with-mbedtls )
+ fi
+ if use openssl; then
+ multilib_is_native_abi && einfo "SSL provided by openssl"
+ myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
+ fi
+ if use rustls; then
+ multilib_is_native_abi && einfo "SSL provided by rustls"
+ myconf+=( --with-rustls )
+ fi
+ if use curl_ssl_gnutls; then
+ multilib_is_native_abi && einfo "Default SSL provided by gnutls"
+ myconf+=( --with-default-ssl-backend=gnutls )
+ elif use curl_ssl_mbedtls; then
+ multilib_is_native_abi && einfo "Default SSL provided by mbedtls"
+ myconf+=( --with-default-ssl-backend=mbedtls )
+ elif use curl_ssl_openssl; then
+ multilib_is_native_abi && einfo "Default SSL provided by openssl"
+ myconf+=( --with-default-ssl-backend=openssl )
+ elif use curl_ssl_rustls; then
+ multilib_is_native_abi && einfo "Default SSL provided by rustls"
+ myconf+=( --with-default-ssl-backend=rustls )
+ else
+ eerror "We can't be here because of REQUIRED_USE."
+ die "Please file a bug, hit impossible condition w/ USE=ssl handling."
+ fi
+
+ else
+ myconf+=( --without-ssl )
+ einfo "SSL disabled"
+ fi
+
+ # These configuration options are organized alphabetically
+ # within each category. This should make it easier if we
+ # ever decide to make any of them contingent on USE flags:
+ # 1) protocols first. To see them all do
+ # 'grep SUPPORT_PROTOCOLS configure.ac'
+ # 2) --enable/disable options second.
+ # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
+ # 3) --with/without options third.
+ # grep -- --with configure | grep Check | awk '{ print $4 }' | sort
+
+ myconf+=(
+ $(use_enable alt-svc)
+ --enable-basic-auth
+ --enable-bearer-auth
+ --enable-digest-auth
+ --enable-kerberos-auth
+ --enable-negotiate-auth
+ --enable-aws
+ --enable-dict
+ --disable-ech
+ --enable-file
+ $(use_enable ftp)
+ $(use_enable gopher)
+ $(use_enable hsts)
+ --enable-http
+ $(use_enable imap)
+ $(use_enable ldap)
+ $(use_enable ldap ldaps)
+ --enable-ntlm
+ --disable-ntlm-wb
+ $(use_enable pop3)
+ --enable-rt
+ --enable-rtsp
+ $(use_enable samba smb)
+ $(use_with ssh libssh2)
+ $(use_enable smtp)
+ $(use_enable telnet)
+ $(use_enable tftp)
+ --enable-tls-srp
+ $(use_enable adns ares)
+ --enable-cookies
+ --enable-dateparse
+ --enable-dnsshuffle
+ --enable-doh
+ --enable-symbol-hiding
+ --enable-http-auth
+ --enable-ipv6
+ --enable-largefile
+ --enable-manual
+ --enable-mime
+ --enable-netrc
+ $(use_enable progress-meter)
+ --enable-proxy
+ --enable-socketpair
+ --disable-sspi
+ $(use_enable static-libs static)
+ --enable-pthreads
+ --enable-threaded-resolver
+ --disable-versioned-symbols
+ --without-amissl
+ --without-bearssl
+ $(use_with brotli)
+ --with-fish-functions-dir="${EPREFIX}"/usr/share/fish/vendor_completions.d
+ $(use_with http2 nghttp2)
+ --without-hyper
+ $(use_with idn libidn2)
+ $(use_with kerberos gssapi "${EPREFIX}"/usr)
+ --without-libgsasl
+ --without-libpsl
+ --without-msh3
+ $(use_with nghttp3)
+ $(use_with nghttp3 ngtcp2)
+ --without-quiche
+ $(use_with rtmp librtmp)
+ --without-schannel
+ --without-secure-transport
+ --without-test-caddy
+ --without-test-httpd
+ --without-test-nghttpx
+ $(use_enable websockets)
+ --without-winidn
+ --without-wolfssl
+ --with-zlib
+ $(use_with zstd)
+ --with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions
+ )
+
+ if use test && multilib_is_native_abi && ( use http2 || use nghttp3 ); then
+ myconf+=(
+ --with-test-nghttpx="${BROOT}/usr/bin/nghttpx"
+ )
+ fi
+
+ if [[ ${CHOST} == *mingw* ]] ; then
+ myconf+=(
+ --disable-pthreads
+ )
+ fi
+
+ ECONF_SOURCE="${S}" econf "${myconf[@]}"
+
+ if ! multilib_is_native_abi; then
+ # Avoid building the client (we just want libcurl for multilib)
+ sed -i -e '/SUBDIRS/s:src::' Makefile || die
+ sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
+ fi
+
+ # Fix up the pkg-config file to be more robust.
+ # https://github.com/curl/curl/issues/864
+ local priv=() libs=()
+ # We always enable zlib.
+ libs+=( "-lz" )
+ priv+=( "zlib" )
+ if use http2; then
+ libs+=( "-lnghttp2" )
+ priv+=( "libnghttp2" )
+ fi
+ if use nghttp3; then
+ libs+=( "-lnghttp3" "-lngtcp2" )
+ priv+=( "libnghttp3" "libngtcp2" )
+ fi
+ if use ssl && use curl_ssl_openssl; then
+ libs+=( "-lssl" "-lcrypto" )
+ priv+=( "openssl" )
+ fi
+ grep -q Requires.private libcurl.pc && die "need to update ebuild"
+ libs=$(printf '|%s' "${libs[@]}")
+ sed -i -r \
+ -e "/^Libs.private/s:(${libs#|})( |$)::g" \
+ libcurl.pc || die
+ echo "Requires.private: ${priv[*]}" >> libcurl.pc || die
+}
+
+multilib_src_compile() {
+ default
+
+ if multilib_is_native_abi; then
+ # Shell completions
+ ! tc-is-cross-compiler && emake -C scripts
+ fi
+}
+
+# There is also a pytest harness that tests for bugs in some very specific
+# situations; we can rely on upstream for this rather than adding additional test deps.
+multilib_src_test() {
+ # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
+ # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
+ # -v: verbose
+ # -a: keep going on failure (so we see everything which breaks, not just 1st test)
+ # -k: keep test files after completion
+ # -am: automake style TAP output
+ # -p: print logs if test fails
+ # Note: if needed, we can skip specific tests. See e.g. Fedora's packaging
+ # or just read https://github.com/curl/curl/tree/master/tests#run.
+ # Note: we don't run the testsuite for cross-compilation.
+ # Upstream recommend 7*nproc as a starting point for parallel tests, but
+ # this ends up breaking when nproc is huge (like -j80).
+ # The network sandbox causes tests 241 and 1083 to fail; these are typically skipped
+ # as most gentoo users don't have an 'ip6-localhost'
+ # Required deps for 1477 are not included in the release tarball for 8.5.0
+ multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p -j$((2*$(makeopts_jobs))) !241 !1083 !1477"
+}
+
+multilib_src_install() {
+ emake DESTDIR="${D}" install
+
+ if multilib_is_native_abi; then
+ # Shell completions
+ ! tc-is-cross-compiler && emake -C scripts DESTDIR="${D}" install
+ fi
+}
+
+multilib_src_install_all() {
+ einstalldocs
+ find "${ED}" -type f -name '*.la' -delete || die
+ rm -rf "${ED}"/etc/ || die
+}
diff --git a/net-misc/curl/files/curl-8.5.0-ipv6-configure-c99.patch b/net-misc/curl/files/curl-8.5.0-ipv6-configure-c99.patch
new file mode 100644
index 000000000000..68830f8f4717
--- /dev/null
+++ b/net-misc/curl/files/curl-8.5.0-ipv6-configure-c99.patch
@@ -0,0 +1,31 @@
+https://github.com/curl/curl/commit/ae75db3527461248b0a7b1686df52200d28d83b9
+
+From ae75db3527461248b0a7b1686df52200d28d83b9 Mon Sep 17 00:00:00 2001
+From: annalee <150648636+a-n-n-a-l-e-e@users.noreply.github.com>
+Date: Fri, 29 Dec 2023 05:43:33 +0000
+Subject: [PATCH] configure: fix no default int compile error in ipv6 detection
+
+Closes #12607
+--- a/configure.ac
++++ b/configure.ac
+@@ -1655,15 +1655,12 @@ AS_HELP_STRING([--disable-ipv6],[Disable IPv6 support]),
+ # include <netinet/in6.h>
+ #endif
+ #endif
+-#include <stdlib.h> /* for exit() */
+-main()
++
++int main(void)
+ {
+ struct sockaddr_in6 s;
+ (void)s;
+- if (socket(AF_INET6, SOCK_STREAM, 0) < 0)
+- exit(1);
+- else
+- exit(0);
++ return socket(AF_INET6, SOCK_STREAM, 0) < 0;
+ }
+ ]])
+ ],
+
+
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/curl/, net-misc/curl/files/
@ 2024-02-08 1:18 Sam James
0 siblings, 0 replies; 30+ messages in thread
From: Sam James @ 2024-02-08 1:18 UTC (permalink / raw
To: gentoo-commits
commit: dca9900c72b7091a5bb82b488f57bc2aa07bf90f
Author: Christopher Byrne <salah.coronya <AT> gmail <DOT> com>
AuthorDate: Wed Feb 7 17:18:47 2024 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Feb 8 00:44:54 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dca9900c
net-misc/curl: Add patch to revert greedy receives that can cause hangs
Closes: https://bugs.gentoo.org/924017
Signed-off-by: Christopher Byrne <salah.coronya <AT> gmail.com>
Closes: https://github.com/gentoo/gentoo/pull/35215
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-misc/curl/curl-8.6.0-r1.ebuild | 366 +++++++++++++++++++++
...s-revert-receive-max-buffer-add-test-case.patch | 68 ++++
2 files changed, 434 insertions(+)
diff --git a/net-misc/curl/curl-8.6.0-r1.ebuild b/net-misc/curl/curl-8.6.0-r1.ebuild
new file mode 100644
index 000000000000..718fd48ce928
--- /dev/null
+++ b/net-misc/curl/curl-8.6.0-r1.ebuild
@@ -0,0 +1,366 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/danielstenberg.asc
+inherit autotools multilib-minimal multiprocessing prefix toolchain-funcs verify-sig
+
+DESCRIPTION="A Client that groks URLs"
+HOMEPAGE="https://curl.se/"
+
+if [[ ${PV} == 9999 ]]; then
+ inherit git-r3
+ EGIT_REPO_URI="https://github.com/curl/curl.git"
+else
+ SRC_URI="
+ https://curl.se/download/${P}.tar.xz
+ verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )
+ "
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+fi
+
+LICENSE="BSD curl ISC test? ( BSD-4 )"
+SLOT="0"
+IUSE="+adns +alt-svc brotli +ftp gnutls gopher +hsts +http2 idn +imap kerberos ldap mbedtls nghttp3 +openssl +pop3"
+IUSE+=" +psl +progress-meter rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd"
+# These select the default SSL implementation
+IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls"
+RESTRICT="!test? ( test )"
+
+# Only one default ssl provider can be enabled
+# The default ssl provider needs its USE satisfied
+# nghttp3 = https://bugs.gentoo.org/912029
+REQUIRED_USE="
+ ssl? (
+ ^^ (
+ curl_ssl_gnutls
+ curl_ssl_mbedtls
+ curl_ssl_openssl
+ curl_ssl_rustls
+ )
+ )
+ curl_ssl_gnutls? ( gnutls )
+ curl_ssl_mbedtls? ( mbedtls )
+ curl_ssl_openssl? ( openssl )
+ curl_ssl_rustls? ( rustls )
+ nghttp3? (
+ !openssl
+ alt-svc )
+"
+
+# cURL's docs and CI/CD are great resources for confirming supported versions
+# particulary for fast-moving targets like HTTP/2 and TCP/2 e.g.:
+# - https://github.com/curl/curl/blob/master/docs/INTERNALS.md (core dependencies + minimum versions)
+# - https://github.com/curl/curl/blob/master/docs/HTTP3.md (example of a feature that moves quickly)
+# - https://github.com/curl/curl/blob/master/.github/workflows/quiche-linux.yml (CI/CD for TCP/2)
+# However 'supported' vs 'works' are two entirely different things; be sane but
+# don't be afraid to require a later version.
+
+RDEPEND="
+ >=sys-libs/zlib-1.1.4[${MULTILIB_USEDEP}]
+ adns? ( net-dns/c-ares:=[${MULTILIB_USEDEP}] )
+ brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
+ http2? ( >=net-libs/nghttp2-1.12.0:=[${MULTILIB_USEDEP}] )
+ idn? ( net-dns/libidn2:=[static-libs?,${MULTILIB_USEDEP}] )
+ kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
+ ldap? ( >=net-nds/openldap-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
+ nghttp3? (
+ >=net-libs/nghttp3-0.15.0[${MULTILIB_USEDEP}]
+ >=net-libs/ngtcp2-0.19.1[gnutls,ssl,-openssl,${MULTILIB_USEDEP}]
+ )
+ psl? ( net-libs/libpsl[${MULTILIB_USEDEP}] )
+ rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
+ ssh? ( >=net-libs/libssh2-1.0.0[${MULTILIB_USEDEP}] )
+ ssl? (
+ gnutls? (
+ app-misc/ca-certificates
+ >=net-libs/gnutls-3.1.10:=[static-libs?,${MULTILIB_USEDEP}]
+ dev-libs/nettle:=[${MULTILIB_USEDEP}]
+ )
+ mbedtls? (
+ app-misc/ca-certificates
+ net-libs/mbedtls:=[${MULTILIB_USEDEP}]
+ )
+ openssl? (
+ >=dev-libs/openssl-0.9.7:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
+ )
+ rustls? (
+ net-libs/rustls-ffi:=[${MULTILIB_USEDEP}]
+ )
+ )
+ zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )
+"
+
+DEPEND="${RDEPEND}"
+
+BDEPEND="
+ dev-lang/perl
+ virtual/pkgconfig
+ test? (
+ sys-apps/diffutils
+ http2? ( >=net-libs/nghttp2-1.15.0:=[utils,${MULTILIB_USEDEP}] )
+ nghttp3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] )
+ )
+ verify-sig? ( sec-keys/openpgp-keys-danielstenberg )
+"
+
+DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
+
+MULTILIB_WRAPPED_HEADERS=(
+ /usr/include/curl/curlbuild.h
+)
+
+MULTILIB_CHOST_TOOLS=(
+ /usr/bin/curl-config
+)
+
+QA_CONFIG_IMPL_DECL_SKIP=(
+ __builtin_available
+ closesocket
+ CloseSocket
+ getpass_r
+ ioctlsocket
+ IoctlSocket
+ mach_absolute_time
+ setmode
+ _fseeki64
+)
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-prefix.patch
+ "${FILESDIR}"/${PN}-respect-cflags-3.patch
+ "${FILESDIR}"/${P}-vtls-revert-receive-max-buffer-add-test-case.patch
+)
+
+src_prepare() {
+ default
+
+ eprefixify curl-config.in
+ eautoreconf
+}
+
+multilib_src_configure() {
+ # We make use of the fact that later flags override earlier ones
+ # So start with all ssl providers off until proven otherwise
+ # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
+ local myconf=()
+
+ myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
+ if use ssl; then
+ myconf+=( --without-gnutls --without-mbedtls --without-rustls )
+
+ if use gnutls; then
+ multilib_is_native_abi && einfo "SSL provided by gnutls"
+ myconf+=( --with-gnutls )
+ fi
+ if use mbedtls; then
+ multilib_is_native_abi && einfo "SSL provided by mbedtls"
+ myconf+=( --with-mbedtls )
+ fi
+ if use openssl; then
+ multilib_is_native_abi && einfo "SSL provided by openssl"
+ myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
+ fi
+ if use rustls; then
+ multilib_is_native_abi && einfo "SSL provided by rustls"
+ myconf+=( --with-rustls )
+ fi
+ if use curl_ssl_gnutls; then
+ multilib_is_native_abi && einfo "Default SSL provided by gnutls"
+ myconf+=( --with-default-ssl-backend=gnutls )
+ elif use curl_ssl_mbedtls; then
+ multilib_is_native_abi && einfo "Default SSL provided by mbedtls"
+ myconf+=( --with-default-ssl-backend=mbedtls )
+ elif use curl_ssl_openssl; then
+ multilib_is_native_abi && einfo "Default SSL provided by openssl"
+ myconf+=( --with-default-ssl-backend=openssl )
+ elif use curl_ssl_rustls; then
+ multilib_is_native_abi && einfo "Default SSL provided by rustls"
+ myconf+=( --with-default-ssl-backend=rustls )
+ else
+ eerror "We can't be here because of REQUIRED_USE."
+ die "Please file a bug, hit impossible condition w/ USE=ssl handling."
+ fi
+
+ else
+ myconf+=( --without-ssl )
+ einfo "SSL disabled"
+ fi
+
+ # These configuration options are organized alphabetically
+ # within each category. This should make it easier if we
+ # ever decide to make any of them contingent on USE flags:
+ # 1) protocols first. To see them all do
+ # 'grep SUPPORT_PROTOCOLS configure.ac'
+ # 2) --enable/disable options second.
+ # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
+ # 3) --with/without options third.
+ # grep -- --with configure | grep Check | awk '{ print $4 }' | sort
+
+ myconf+=(
+ $(use_enable alt-svc)
+ --enable-basic-auth
+ --enable-bearer-auth
+ --enable-digest-auth
+ --enable-kerberos-auth
+ --enable-negotiate-auth
+ --enable-aws
+ --enable-dict
+ --disable-ech
+ --enable-file
+ $(use_enable ftp)
+ $(use_enable gopher)
+ $(use_enable hsts)
+ --enable-http
+ $(use_enable imap)
+ $(use_enable ldap)
+ $(use_enable ldap ldaps)
+ --enable-ntlm
+ --disable-ntlm-wb
+ $(use_enable pop3)
+ --enable-rt
+ --enable-rtsp
+ $(use_enable samba smb)
+ $(use_with ssh libssh2)
+ $(use_enable smtp)
+ $(use_enable telnet)
+ $(use_enable tftp)
+ --enable-tls-srp
+ $(use_enable adns ares)
+ --enable-cookies
+ --enable-dateparse
+ --enable-dnsshuffle
+ --enable-doh
+ --enable-symbol-hiding
+ --enable-http-auth
+ --enable-ipv6
+ --enable-largefile
+ --enable-manual
+ --enable-mime
+ --enable-netrc
+ $(use_enable progress-meter)
+ --enable-proxy
+ --enable-socketpair
+ --disable-sspi
+ $(use_enable static-libs static)
+ --enable-pthreads
+ --enable-threaded-resolver
+ --disable-versioned-symbols
+ --without-amissl
+ --without-bearssl
+ $(use_with brotli)
+ --with-fish-functions-dir="${EPREFIX}"/usr/share/fish/vendor_completions.d
+ $(use_with http2 nghttp2)
+ --without-hyper
+ $(use_with idn libidn2)
+ $(use_with kerberos gssapi "${EPREFIX}"/usr)
+ --without-libgsasl
+ $(use_with psl libpsl)
+ --without-msh3
+ $(use_with nghttp3)
+ $(use_with nghttp3 ngtcp2)
+ --without-quiche
+ $(use_with rtmp librtmp)
+ --without-schannel
+ --without-secure-transport
+ --without-test-caddy
+ --without-test-httpd
+ --without-test-nghttpx
+ $(use_enable websockets)
+ --without-winidn
+ --without-wolfssl
+ --with-zlib
+ $(use_with zstd)
+ --with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions
+ )
+
+ if use test && multilib_is_native_abi && ( use http2 || use nghttp3 ); then
+ myconf+=(
+ --with-test-nghttpx="${BROOT}/usr/bin/nghttpx"
+ )
+ fi
+
+ if [[ ${CHOST} == *mingw* ]] ; then
+ myconf+=(
+ --disable-pthreads
+ )
+ fi
+
+ ECONF_SOURCE="${S}" econf "${myconf[@]}"
+
+ if ! multilib_is_native_abi; then
+ # Avoid building the client (we just want libcurl for multilib)
+ sed -i -e '/SUBDIRS/s:src::' Makefile || die
+ sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
+ fi
+
+ # Fix up the pkg-config file to be more robust.
+ # https://github.com/curl/curl/issues/864
+ local priv=() libs=()
+ # We always enable zlib.
+ libs+=( "-lz" )
+ priv+=( "zlib" )
+ if use http2; then
+ libs+=( "-lnghttp2" )
+ priv+=( "libnghttp2" )
+ fi
+ if use nghttp3; then
+ libs+=( "-lnghttp3" "-lngtcp2" )
+ priv+=( "libnghttp3" "libngtcp2" )
+ fi
+ if use ssl && use curl_ssl_openssl; then
+ libs+=( "-lssl" "-lcrypto" )
+ priv+=( "openssl" )
+ fi
+ grep -q Requires.private libcurl.pc && die "need to update ebuild"
+ libs=$(printf '|%s' "${libs[@]}")
+ sed -i -r \
+ -e "/^Libs.private/s:(${libs#|})( |$)::g" \
+ libcurl.pc || die
+ echo "Requires.private: ${priv[*]}" >> libcurl.pc || die
+}
+
+multilib_src_compile() {
+ default
+
+ if multilib_is_native_abi; then
+ # Shell completions
+ ! tc-is-cross-compiler && emake -C scripts
+ fi
+}
+
+# There is also a pytest harness that tests for bugs in some very specific
+# situations; we can rely on upstream for this rather than adding additional test deps.
+multilib_src_test() {
+ # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
+ # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
+ # -v: verbose
+ # -a: keep going on failure (so we see everything which breaks, not just 1st test)
+ # -k: keep test files after completion
+ # -am: automake style TAP output
+ # -p: print logs if test fails
+ # Note: if needed, we can skip specific tests. See e.g. Fedora's packaging
+ # or just read https://github.com/curl/curl/tree/master/tests#run.
+ # Note: we don't run the testsuite for cross-compilation.
+ # Upstream recommend 7*nproc as a starting point for parallel tests, but
+ # this ends up breaking when nproc is huge (like -j80).
+ # The network sandbox causes tests 241 and 1083 to fail; these are typically skipped
+ # as most gentoo users don't have an 'ip6-localhost'
+ multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p -j$((2*$(makeopts_jobs))) !241 !1083"
+}
+
+multilib_src_install() {
+ emake DESTDIR="${D}" install
+
+ if multilib_is_native_abi; then
+ # Shell completions
+ ! tc-is-cross-compiler && emake -C scripts DESTDIR="${D}" install
+ fi
+}
+
+multilib_src_install_all() {
+ einstalldocs
+ find "${ED}" -type f -name '*.la' -delete || die
+ rm -rf "${ED}"/etc/ || die
+}
diff --git a/net-misc/curl/files/curl-8.6.0-vtls-revert-receive-max-buffer-add-test-case.patch b/net-misc/curl/files/curl-8.6.0-vtls-revert-receive-max-buffer-add-test-case.patch
new file mode 100644
index 000000000000..66e8399370a2
--- /dev/null
+++ b/net-misc/curl/files/curl-8.6.0-vtls-revert-receive-max-buffer-add-test-case.patch
@@ -0,0 +1,68 @@
+https://bugs.gentoo.org/924017
+https://github.com/curl/curl/pull/12848
+
+From ed09a99af57200643d5ae001e815eeab9ffe3f84 Mon Sep 17 00:00:00 2001
+From: Stefan Eissing <stefan@eissing.org>
+Date: Thu, 1 Feb 2024 18:15:50 +0100
+Subject: [PATCH] vtls: revert "receive max buffer" + add test case
+
+- add test_05_04 for requests using http/1.0, http/1.1 and h2 against an
+ Apache resource that does an unclean TLS shutdown.
+- revert special workarund in openssl.c for suppressing shutdown errors
+ on multiplexed connections
+- vlts.c restore to its state before 9a90c9dd64d2f03601833a70786d485851bd1b53
+
+Fixes #12885
+Fixes #12844
+
+Closes #12848
+---
+ lib/vtls/vtls.c | 27 ++++++---------------------
+ 1 file changed, 6 insertions(+), 21 deletions(-)
+
+diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c
+index e928ba5d0..f654a9749 100644
+--- a/lib/vtls/vtls.c
++++ b/lib/vtls/vtls.c
+@@ -1715,32 +1715,17 @@ static ssize_t ssl_cf_recv(struct Curl_cfilter *cf,
+ {
+ struct cf_call_data save;
+ ssize_t nread;
+- size_t ntotal = 0;
+
+ CF_DATA_SAVE(save, cf, data);
+ *err = CURLE_OK;
+- /* Do receive until we fill the buffer somehwhat or EGAIN, error or EOF */
+- while(!ntotal || (len - ntotal) > (4*1024)) {
++ nread = Curl_ssl->recv_plain(cf, data, buf, len, err);
++ if(nread > 0) {
++ DEBUGASSERT((size_t)nread <= len);
++ }
++ else if(nread == 0) {
++ /* eof */
+ *err = CURLE_OK;
+- nread = Curl_ssl->recv_plain(cf, data, buf + ntotal, len - ntotal, err);
+- if(nread < 0) {
+- if(*err == CURLE_AGAIN && ntotal > 0) {
+- /* we EAGAINed after having reed data, return the success amount */
+- *err = CURLE_OK;
+- break;
+- }
+- /* we have a an error to report */
+- goto out;
+- }
+- else if(nread == 0) {
+- /* eof */
+- break;
+- }
+- ntotal += (size_t)nread;
+- DEBUGASSERT((size_t)ntotal <= len);
+ }
+- nread = (ssize_t)ntotal;
+-out:
+ CURL_TRC_CF(data, cf, "cf_recv(len=%zu) -> %zd, %d", len,
+ nread, *err);
+ CF_DATA_RESTORE(cf, save);
+--
+2.43.0
+
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/curl/, net-misc/curl/files/
@ 2024-03-28 2:09 Matt Jolly
0 siblings, 0 replies; 30+ messages in thread
From: Matt Jolly @ 2024-03-28 2:09 UTC (permalink / raw
To: gentoo-commits
commit: cd006458fff2138c9810c0154f14528ff69a416f
Author: Matt Jolly <kangie <AT> gentoo <DOT> org>
AuthorDate: Thu Mar 28 01:07:25 2024 +0000
Commit: Matt Jolly <kangie <AT> gentoo <DOT> org>
CommitDate: Thu Mar 28 02:09:28 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cd006458
net-misc/curl: add 8.7.1
Bug: https://bugs.gentoo.org/927960
Signed-off-by: Matt Jolly <kangie <AT> gentoo.org>
net-misc/curl/Manifest | 2 +
net-misc/curl/curl-8.7.1.ebuild | 366 +++++++++++++++++++++
.../files/curl-8.7.1-fix-pkgconfig-macros.patch | 39 +++
3 files changed, 407 insertions(+)
diff --git a/net-misc/curl/Manifest b/net-misc/curl/Manifest
index 3e9f136e5372..fd56dbdb80f0 100644
--- a/net-misc/curl/Manifest
+++ b/net-misc/curl/Manifest
@@ -2,3 +2,5 @@ DIST curl-8.5.0.tar.xz 2658520 BLAKE2B cfd591f9703b9c63712dbe74494b05a80ce5a4fc4
DIST curl-8.5.0.tar.xz.asc 488 BLAKE2B d706c401aecf345398411b94c87b8f1ecc752d73d24e1a578c8c0e62732e8e476333a2a4772428c6425eb0d124b1ceee8e377cf41d60a54b6f2df5cccc0b9f23 SHA512 9c6a2e61860878cd731d951fac1bb52cd314db20439a5173a95b48da1742737e02bfb9978d65e25de6535f839e281235203599a29f252e78e0d7a83769727329
DIST curl-8.6.0.tar.xz 2630108 BLAKE2B 1b01de396008d57e154e2b5fc1acf1dd000703fa5d70b913dafea5487f0166bd8fdb63eee5c9b5af08a1ca40dd026144a791016f67c2395fcfc9c6b555929034 SHA512 359c08d88a5dec441255b36afe1a821730eca0ca8800ba52f57132b9e7d21f32457623907b4ae4876904b5e505eb1a59652372bb7de8dbd8db429dae9785e036
DIST curl-8.6.0.tar.xz.asc 488 BLAKE2B 18d7583a9aa6a278bea5a8a74461ff06f45ec418cd4542b015c74091c353b340afcc5dfe7e5e99f0b9fac7de9251164044a85e4f6665bf042636868a2c613d0a SHA512 2b835bb4b307e5e1c929b7136c5acfb9f6f06efa471ac27060336cabcfac40e02143f40434986c5e6817d4a9562b09efa8ff3168beed310a45453148cc1b5c8f
+DIST curl-8.7.1.tar.xz 2707016 BLAKE2B a2a9f48d0b69c0d92fcbbda535ce55082a5243abe3ab2db80d6fa3f32fb2c98b65026d69fc45c94e966398cf9ba8d9c95b6b91f4768b54749ed3275dd21838ef SHA512 5bbde9d5648e9226f5490fa951690aaf159149345f3a315df2ba58b2468f3e59ca32e8a49734338afc861803a4f81caac6d642a4699b72c6310ebfb1f618aad2
+DIST curl-8.7.1.tar.xz.asc 488 BLAKE2B 1c91d116aecc8e98d8ec3aad68b7c96f11151e6c2716f531e5d2989e9b6b1199e180603673891d7967cdcdaee1d6b5e15160ccabe9b51590e2887022db03c2ed SHA512 f98c393997c4a32f545a8982226e8cd612395210915a4576c2ce227d0f650cff341be7bf15e989d1789abf32ac4fd9c190b9250b81e650b569e8532048746b37
diff --git a/net-misc/curl/curl-8.7.1.ebuild b/net-misc/curl/curl-8.7.1.ebuild
new file mode 100644
index 000000000000..1fa3c0279ada
--- /dev/null
+++ b/net-misc/curl/curl-8.7.1.ebuild
@@ -0,0 +1,366 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/danielstenberg.asc
+inherit autotools multilib-minimal multiprocessing prefix toolchain-funcs verify-sig
+
+DESCRIPTION="A Client that groks URLs"
+HOMEPAGE="https://curl.se/"
+
+if [[ ${PV} == 9999 ]]; then
+ inherit git-r3
+ EGIT_REPO_URI="https://github.com/curl/curl.git"
+else
+ SRC_URI="
+ https://curl.se/download/${P}.tar.xz
+ verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )
+ "
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+fi
+
+LICENSE="BSD curl ISC test? ( BSD-4 )"
+SLOT="0"
+IUSE="+adns +alt-svc brotli +ftp gnutls gopher +hsts +http2 idn +imap kerberos ldap mbedtls nghttp3 +openssl +pop3"
+IUSE+=" +psl +progress-meter rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd"
+# These select the default SSL implementation
+IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls"
+RESTRICT="!test? ( test )"
+
+# Only one default ssl provider can be enabled
+# The default ssl provider needs its USE satisfied
+# nghttp3 = https://bugs.gentoo.org/912029
+REQUIRED_USE="
+ ssl? (
+ ^^ (
+ curl_ssl_gnutls
+ curl_ssl_mbedtls
+ curl_ssl_openssl
+ curl_ssl_rustls
+ )
+ )
+ curl_ssl_gnutls? ( gnutls )
+ curl_ssl_mbedtls? ( mbedtls )
+ curl_ssl_openssl? ( openssl )
+ curl_ssl_rustls? ( rustls )
+ nghttp3? (
+ !openssl
+ alt-svc )
+"
+
+# cURL's docs and CI/CD are great resources for confirming supported versions
+# particulary for fast-moving targets like HTTP/2 and TCP/2 e.g.:
+# - https://github.com/curl/curl/blob/master/docs/INTERNALS.md (core dependencies + minimum versions)
+# - https://github.com/curl/curl/blob/master/docs/HTTP3.md (example of a feature that moves quickly)
+# - https://github.com/curl/curl/blob/master/.github/workflows/quiche-linux.yml (CI/CD for TCP/2)
+# However 'supported' vs 'works' are two entirely different things; be sane but
+# don't be afraid to require a later version.
+
+RDEPEND="
+ >=sys-libs/zlib-1.1.4[${MULTILIB_USEDEP}]
+ adns? ( net-dns/c-ares:=[${MULTILIB_USEDEP}] )
+ brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
+ http2? ( >=net-libs/nghttp2-1.12.0:=[${MULTILIB_USEDEP}] )
+ idn? ( net-dns/libidn2:=[static-libs?,${MULTILIB_USEDEP}] )
+ kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
+ ldap? ( >=net-nds/openldap-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
+ nghttp3? (
+ >=net-libs/nghttp3-0.15.0[${MULTILIB_USEDEP}]
+ >=net-libs/ngtcp2-0.19.1[gnutls,ssl,-openssl,${MULTILIB_USEDEP}]
+ )
+ psl? ( net-libs/libpsl[${MULTILIB_USEDEP}] )
+ rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
+ ssh? ( >=net-libs/libssh2-1.0.0[${MULTILIB_USEDEP}] )
+ ssl? (
+ gnutls? (
+ app-misc/ca-certificates
+ >=net-libs/gnutls-3.1.10:=[static-libs?,${MULTILIB_USEDEP}]
+ dev-libs/nettle:=[${MULTILIB_USEDEP}]
+ )
+ mbedtls? (
+ app-misc/ca-certificates
+ net-libs/mbedtls:=[${MULTILIB_USEDEP}]
+ )
+ openssl? (
+ >=dev-libs/openssl-0.9.7:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
+ )
+ rustls? (
+ >=net-libs/rustls-ffi-0.12.0:=[${MULTILIB_USEDEP}]
+ )
+ )
+ zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )
+"
+
+DEPEND="${RDEPEND}"
+
+BDEPEND="
+ dev-lang/perl
+ virtual/pkgconfig
+ test? (
+ sys-apps/diffutils
+ http2? ( >=net-libs/nghttp2-1.15.0:=[utils,${MULTILIB_USEDEP}] )
+ nghttp3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] )
+ )
+ verify-sig? ( sec-keys/openpgp-keys-danielstenberg )
+"
+
+DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
+
+MULTILIB_WRAPPED_HEADERS=(
+ /usr/include/curl/curlbuild.h
+)
+
+MULTILIB_CHOST_TOOLS=(
+ /usr/bin/curl-config
+)
+
+QA_CONFIG_IMPL_DECL_SKIP=(
+ __builtin_available
+ closesocket
+ CloseSocket
+ getpass_r
+ ioctlsocket
+ IoctlSocket
+ mach_absolute_time
+ setmode
+ _fseeki64
+)
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-prefix.patch
+ "${FILESDIR}"/${PN}-respect-cflags-3.patch
+ "${FILESDIR}"/${PN}-8.7.1-fix-pkgconfig-macros.patch
+)
+
+src_prepare() {
+ default
+
+ eprefixify curl-config.in
+ eautoreconf
+}
+
+multilib_src_configure() {
+ # We make use of the fact that later flags override earlier ones
+ # So start with all ssl providers off until proven otherwise
+ # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
+ local myconf=()
+
+ myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
+ if use ssl; then
+ myconf+=( --without-gnutls --without-mbedtls --without-rustls )
+
+ if use gnutls; then
+ multilib_is_native_abi && einfo "SSL provided by gnutls"
+ myconf+=( --with-gnutls )
+ fi
+ if use mbedtls; then
+ multilib_is_native_abi && einfo "SSL provided by mbedtls"
+ myconf+=( --with-mbedtls )
+ fi
+ if use openssl; then
+ multilib_is_native_abi && einfo "SSL provided by openssl"
+ myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
+ fi
+ if use rustls; then
+ multilib_is_native_abi && einfo "SSL provided by rustls"
+ myconf+=( --with-rustls )
+ fi
+ if use curl_ssl_gnutls; then
+ multilib_is_native_abi && einfo "Default SSL provided by gnutls"
+ myconf+=( --with-default-ssl-backend=gnutls )
+ elif use curl_ssl_mbedtls; then
+ multilib_is_native_abi && einfo "Default SSL provided by mbedtls"
+ myconf+=( --with-default-ssl-backend=mbedtls )
+ elif use curl_ssl_openssl; then
+ multilib_is_native_abi && einfo "Default SSL provided by openssl"
+ myconf+=( --with-default-ssl-backend=openssl )
+ elif use curl_ssl_rustls; then
+ multilib_is_native_abi && einfo "Default SSL provided by rustls"
+ myconf+=( --with-default-ssl-backend=rustls )
+ else
+ eerror "We can't be here because of REQUIRED_USE."
+ die "Please file a bug, hit impossible condition w/ USE=ssl handling."
+ fi
+
+ else
+ myconf+=( --without-ssl )
+ einfo "SSL disabled"
+ fi
+
+ # These configuration options are organized alphabetically
+ # within each category. This should make it easier if we
+ # ever decide to make any of them contingent on USE flags:
+ # 1) protocols first. To see them all do
+ # 'grep SUPPORT_PROTOCOLS configure.ac'
+ # 2) --enable/disable options second.
+ # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
+ # 3) --with/without options third.
+ # grep -- --with configure | grep Check | awk '{ print $4 }' | sort
+
+ myconf+=(
+ $(use_enable alt-svc)
+ --enable-basic-auth
+ --enable-bearer-auth
+ --enable-digest-auth
+ --enable-kerberos-auth
+ --enable-negotiate-auth
+ --enable-aws
+ --enable-dict
+ --disable-ech
+ --enable-file
+ $(use_enable ftp)
+ $(use_enable gopher)
+ $(use_enable hsts)
+ --enable-http
+ $(use_enable imap)
+ $(use_enable ldap)
+ $(use_enable ldap ldaps)
+ --enable-ntlm
+ --disable-ntlm-wb
+ $(use_enable pop3)
+ --enable-rt
+ --enable-rtsp
+ $(use_enable samba smb)
+ $(use_with ssh libssh2)
+ $(use_enable smtp)
+ $(use_enable telnet)
+ $(use_enable tftp)
+ --enable-tls-srp
+ $(use_enable adns ares)
+ --enable-cookies
+ --enable-dateparse
+ --enable-dnsshuffle
+ --enable-doh
+ --enable-symbol-hiding
+ --enable-http-auth
+ --enable-ipv6
+ --enable-largefile
+ --enable-manual
+ --enable-mime
+ --enable-netrc
+ $(use_enable progress-meter)
+ --enable-proxy
+ --enable-socketpair
+ --disable-sspi
+ $(use_enable static-libs static)
+ --enable-pthreads
+ --enable-threaded-resolver
+ --disable-versioned-symbols
+ --without-amissl
+ --without-bearssl
+ $(use_with brotli)
+ --with-fish-functions-dir="${EPREFIX}"/usr/share/fish/vendor_completions.d
+ $(use_with http2 nghttp2)
+ --without-hyper
+ $(use_with idn libidn2)
+ $(use_with kerberos gssapi "${EPREFIX}"/usr)
+ --without-libgsasl
+ $(use_with psl libpsl)
+ --without-msh3
+ $(use_with nghttp3)
+ $(use_with nghttp3 ngtcp2)
+ --without-quiche
+ $(use_with rtmp librtmp)
+ --without-schannel
+ --without-secure-transport
+ --without-test-caddy
+ --without-test-httpd
+ --without-test-nghttpx
+ $(use_enable websockets)
+ --without-winidn
+ --without-wolfssl
+ --with-zlib
+ $(use_with zstd)
+ --with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions
+ )
+
+ if use test && multilib_is_native_abi && ( use http2 || use nghttp3 ); then
+ myconf+=(
+ --with-test-nghttpx="${BROOT}/usr/bin/nghttpx"
+ )
+ fi
+
+ if [[ ${CHOST} == *mingw* ]] ; then
+ myconf+=(
+ --disable-pthreads
+ )
+ fi
+
+ ECONF_SOURCE="${S}" econf "${myconf[@]}"
+
+ if ! multilib_is_native_abi; then
+ # Avoid building the client (we just want libcurl for multilib)
+ sed -i -e '/SUBDIRS/s:src::' Makefile || die
+ sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
+ fi
+
+ # Fix up the pkg-config file to be more robust.
+ # https://github.com/curl/curl/issues/864
+ local priv=() libs=()
+ # We always enable zlib.
+ libs+=( "-lz" )
+ priv+=( "zlib" )
+ if use http2; then
+ libs+=( "-lnghttp2" )
+ priv+=( "libnghttp2" )
+ fi
+ if use nghttp3; then
+ libs+=( "-lnghttp3" "-lngtcp2" )
+ priv+=( "libnghttp3" "libngtcp2" )
+ fi
+ if use ssl && use curl_ssl_openssl; then
+ libs+=( "-lssl" "-lcrypto" )
+ priv+=( "openssl" )
+ fi
+ grep -q Requires.private libcurl.pc && die "need to update ebuild"
+ libs=$(printf '|%s' "${libs[@]}")
+ sed -i -r \
+ -e "/^Libs.private/s:(${libs#|})( |$)::g" \
+ libcurl.pc || die
+ echo "Requires.private: ${priv[*]}" >> libcurl.pc || die
+}
+
+multilib_src_compile() {
+ default
+
+ if multilib_is_native_abi; then
+ # Shell completions
+ ! tc-is-cross-compiler && emake -C scripts
+ fi
+}
+
+# There is also a pytest harness that tests for bugs in some very specific
+# situations; we can rely on upstream for this rather than adding additional test deps.
+multilib_src_test() {
+ # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
+ # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
+ # -v: verbose
+ # -a: keep going on failure (so we see everything which breaks, not just 1st test)
+ # -k: keep test files after completion
+ # -am: automake style TAP output
+ # -p: print logs if test fails
+ # Note: if needed, we can skip specific tests. See e.g. Fedora's packaging
+ # or just read https://github.com/curl/curl/tree/master/tests#run.
+ # Note: we don't run the testsuite for cross-compilation.
+ # Upstream recommend 7*nproc as a starting point for parallel tests, but
+ # this ends up breaking when nproc is huge (like -j80).
+ # The network sandbox causes tests 241 and 1083 to fail; these are typically skipped
+ # as most gentoo users don't have an 'ip6-localhost'
+ multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p -j$((2*$(makeopts_jobs))) !241 !1083"
+}
+
+multilib_src_install() {
+ emake DESTDIR="${D}" install
+
+ if multilib_is_native_abi; then
+ # Shell completions
+ ! tc-is-cross-compiler && emake -C scripts DESTDIR="${D}" install
+ fi
+}
+
+multilib_src_install_all() {
+ einstalldocs
+ find "${ED}" -type f -name '*.la' -delete || die
+ rm -rf "${ED}"/etc/ || die
+}
diff --git a/net-misc/curl/files/curl-8.7.1-fix-pkgconfig-macros.patch b/net-misc/curl/files/curl-8.7.1-fix-pkgconfig-macros.patch
new file mode 100644
index 000000000000..91aed9582521
--- /dev/null
+++ b/net-misc/curl/files/curl-8.7.1-fix-pkgconfig-macros.patch
@@ -0,0 +1,39 @@
+https://github.com/curl/curl/pull/13202
+From: Matt Jolly <kangie@gentoo.org>
+Date: Wed, 27 Mar 2024 22:52:26 +1000
+Subject: [PATCH] m4: fix rustls pkg-config codepath
+
+The previous pkg-config code would successfully detect rustls
+but did not set all appropriate variables and call the right macros to
+properly configure cURL.
+
+Closes: #13200
+--- a/m4/curl-rustls.m4
++++ b/m4/curl-rustls.m4
+@@ -142,6 +142,10 @@ if test "x$OPT_RUSTLS" != xno; then
+ LIBS="$SSL_LIBS $LIBS"
+ USE_RUSTLS="yes"
+ ssl_msg="rustls"
++ AC_DEFINE(USE_RUSTLS, 1, [if rustls is enabled])
++ AC_SUBST(USE_RUSTLS, [1])
++ RUSTLS_ENABLED=1
++ test rustls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
+ else
+ AC_MSG_ERROR([pkg-config: Could not find rustls])
+ fi
+@@ -174,5 +178,15 @@ if test "x$OPT_RUSTLS" != xno; then
+ fi
+
+ test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
++
++ if test X"$OPT_RUSTLS" != Xno &&
++ test "$RUSTLS_ENABLED" != "1"; then
++ AC_MSG_NOTICE([OPT_RUSTLS: $OPT_RUSTLS])
++ AC_MSG_NOTICE([RUSTLS_ENABLED: $RUSTLS_ENABLED])
++ AC_MSG_ERROR([--with-rustls was given but Rustls could not be detected])
++ fi
+ fi
+ ])
++
++
++RUSTLS_ENABLED
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/curl/, net-misc/curl/files/
@ 2024-04-01 3:59 Matt Jolly
0 siblings, 0 replies; 30+ messages in thread
From: Matt Jolly @ 2024-04-01 3:59 UTC (permalink / raw
To: gentoo-commits
commit: d477c73f0fb9a7649eefdd96f3c96154153f2bf4
Author: Matt Jolly <kangie <AT> gentoo <DOT> org>
AuthorDate: Sun Mar 31 22:55:27 2024 +0000
Commit: Matt Jolly <kangie <AT> gentoo <DOT> org>
CommitDate: Mon Apr 1 03:53:43 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d477c73f
net-misc/curl: add 8.6.0-r2
Revbump to fix some runtime issues resulting from a
subtle order-of-operations error in rustls detection via
pkgconfig.
Bug: https://bugs.gentoo.org/928236
Signed-off-by: Matt Jolly <kangie <AT> gentoo.org>
net-misc/curl/curl-8.6.0-r2.ebuild | 367 ++++++++++++++++++++++
net-misc/curl/files/curl-8.6.0-rustls-fixes.patch | 252 +++++++++++++++
2 files changed, 619 insertions(+)
diff --git a/net-misc/curl/curl-8.6.0-r2.ebuild b/net-misc/curl/curl-8.6.0-r2.ebuild
new file mode 100644
index 000000000000..c31bf46b91d8
--- /dev/null
+++ b/net-misc/curl/curl-8.6.0-r2.ebuild
@@ -0,0 +1,367 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/danielstenberg.asc
+inherit autotools multilib-minimal multiprocessing prefix toolchain-funcs verify-sig
+
+DESCRIPTION="A Client that groks URLs"
+HOMEPAGE="https://curl.se/"
+
+if [[ ${PV} == 9999 ]]; then
+ inherit git-r3
+ EGIT_REPO_URI="https://github.com/curl/curl.git"
+else
+ SRC_URI="
+ https://curl.se/download/${P}.tar.xz
+ verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )
+ "
+ KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+fi
+
+LICENSE="BSD curl ISC test? ( BSD-4 )"
+SLOT="0"
+IUSE="+adns +alt-svc brotli +ftp gnutls gopher +hsts +http2 idn +imap kerberos ldap mbedtls nghttp3 +openssl +pop3"
+IUSE+=" +psl +progress-meter rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd"
+# These select the default SSL implementation
+IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls"
+RESTRICT="!test? ( test )"
+
+# Only one default ssl provider can be enabled
+# The default ssl provider needs its USE satisfied
+# nghttp3 = https://bugs.gentoo.org/912029
+REQUIRED_USE="
+ ssl? (
+ ^^ (
+ curl_ssl_gnutls
+ curl_ssl_mbedtls
+ curl_ssl_openssl
+ curl_ssl_rustls
+ )
+ )
+ curl_ssl_gnutls? ( gnutls )
+ curl_ssl_mbedtls? ( mbedtls )
+ curl_ssl_openssl? ( openssl )
+ curl_ssl_rustls? ( rustls )
+ nghttp3? (
+ !openssl
+ alt-svc )
+"
+
+# cURL's docs and CI/CD are great resources for confirming supported versions
+# particulary for fast-moving targets like HTTP/2 and TCP/2 e.g.:
+# - https://github.com/curl/curl/blob/master/docs/INTERNALS.md (core dependencies + minimum versions)
+# - https://github.com/curl/curl/blob/master/docs/HTTP3.md (example of a feature that moves quickly)
+# - https://github.com/curl/curl/blob/master/.github/workflows/quiche-linux.yml (CI/CD for TCP/2)
+# However 'supported' vs 'works' are two entirely different things; be sane but
+# don't be afraid to require a later version.
+
+RDEPEND="
+ >=sys-libs/zlib-1.1.4[${MULTILIB_USEDEP}]
+ adns? ( net-dns/c-ares:=[${MULTILIB_USEDEP}] )
+ brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
+ http2? ( >=net-libs/nghttp2-1.12.0:=[${MULTILIB_USEDEP}] )
+ idn? ( net-dns/libidn2:=[static-libs?,${MULTILIB_USEDEP}] )
+ kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
+ ldap? ( >=net-nds/openldap-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
+ nghttp3? (
+ >=net-libs/nghttp3-0.15.0[${MULTILIB_USEDEP}]
+ >=net-libs/ngtcp2-0.19.1[gnutls,ssl,-openssl,${MULTILIB_USEDEP}]
+ )
+ psl? ( net-libs/libpsl[${MULTILIB_USEDEP}] )
+ rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
+ ssh? ( >=net-libs/libssh2-1.0.0[${MULTILIB_USEDEP}] )
+ ssl? (
+ gnutls? (
+ app-misc/ca-certificates
+ >=net-libs/gnutls-3.1.10:=[static-libs?,${MULTILIB_USEDEP}]
+ dev-libs/nettle:=[${MULTILIB_USEDEP}]
+ )
+ mbedtls? (
+ app-misc/ca-certificates
+ net-libs/mbedtls:=[${MULTILIB_USEDEP}]
+ )
+ openssl? (
+ >=dev-libs/openssl-0.9.7:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
+ )
+ rustls? (
+ ~net-libs/rustls-ffi-0.10.0:=[${MULTILIB_USEDEP}]
+ )
+ )
+ zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )
+"
+
+DEPEND="${RDEPEND}"
+
+BDEPEND="
+ dev-lang/perl
+ virtual/pkgconfig
+ test? (
+ sys-apps/diffutils
+ http2? ( >=net-libs/nghttp2-1.15.0:=[utils,${MULTILIB_USEDEP}] )
+ nghttp3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] )
+ )
+ verify-sig? ( sec-keys/openpgp-keys-danielstenberg )
+"
+
+DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
+
+MULTILIB_WRAPPED_HEADERS=(
+ /usr/include/curl/curlbuild.h
+)
+
+MULTILIB_CHOST_TOOLS=(
+ /usr/bin/curl-config
+)
+
+QA_CONFIG_IMPL_DECL_SKIP=(
+ __builtin_available
+ closesocket
+ CloseSocket
+ getpass_r
+ ioctlsocket
+ IoctlSocket
+ mach_absolute_time
+ setmode
+ _fseeki64
+)
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-prefix.patch
+ "${FILESDIR}"/${PN}-respect-cflags-3.patch
+ "${FILESDIR}"/${P}-vtls-revert-receive-max-buffer-add-test-case.patch
+ "${FILESDIR}"/${P}-rustls-fixes.patch
+)
+
+src_prepare() {
+ default
+
+ eprefixify curl-config.in
+ eautoreconf
+}
+
+multilib_src_configure() {
+ # We make use of the fact that later flags override earlier ones
+ # So start with all ssl providers off until proven otherwise
+ # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
+ local myconf=()
+
+ myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
+ if use ssl; then
+ myconf+=( --without-gnutls --without-mbedtls --without-rustls )
+
+ if use gnutls; then
+ multilib_is_native_abi && einfo "SSL provided by gnutls"
+ myconf+=( --with-gnutls )
+ fi
+ if use mbedtls; then
+ multilib_is_native_abi && einfo "SSL provided by mbedtls"
+ myconf+=( --with-mbedtls )
+ fi
+ if use openssl; then
+ multilib_is_native_abi && einfo "SSL provided by openssl"
+ myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
+ fi
+ if use rustls; then
+ multilib_is_native_abi && einfo "SSL provided by rustls"
+ myconf+=( --with-rustls )
+ fi
+ if use curl_ssl_gnutls; then
+ multilib_is_native_abi && einfo "Default SSL provided by gnutls"
+ myconf+=( --with-default-ssl-backend=gnutls )
+ elif use curl_ssl_mbedtls; then
+ multilib_is_native_abi && einfo "Default SSL provided by mbedtls"
+ myconf+=( --with-default-ssl-backend=mbedtls )
+ elif use curl_ssl_openssl; then
+ multilib_is_native_abi && einfo "Default SSL provided by openssl"
+ myconf+=( --with-default-ssl-backend=openssl )
+ elif use curl_ssl_rustls; then
+ multilib_is_native_abi && einfo "Default SSL provided by rustls"
+ myconf+=( --with-default-ssl-backend=rustls )
+ else
+ eerror "We can't be here because of REQUIRED_USE."
+ die "Please file a bug, hit impossible condition w/ USE=ssl handling."
+ fi
+
+ else
+ myconf+=( --without-ssl )
+ einfo "SSL disabled"
+ fi
+
+ # These configuration options are organized alphabetically
+ # within each category. This should make it easier if we
+ # ever decide to make any of them contingent on USE flags:
+ # 1) protocols first. To see them all do
+ # 'grep SUPPORT_PROTOCOLS configure.ac'
+ # 2) --enable/disable options second.
+ # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
+ # 3) --with/without options third.
+ # grep -- --with configure | grep Check | awk '{ print $4 }' | sort
+
+ myconf+=(
+ $(use_enable alt-svc)
+ --enable-basic-auth
+ --enable-bearer-auth
+ --enable-digest-auth
+ --enable-kerberos-auth
+ --enable-negotiate-auth
+ --enable-aws
+ --enable-dict
+ --disable-ech
+ --enable-file
+ $(use_enable ftp)
+ $(use_enable gopher)
+ $(use_enable hsts)
+ --enable-http
+ $(use_enable imap)
+ $(use_enable ldap)
+ $(use_enable ldap ldaps)
+ --enable-ntlm
+ --disable-ntlm-wb
+ $(use_enable pop3)
+ --enable-rt
+ --enable-rtsp
+ $(use_enable samba smb)
+ $(use_with ssh libssh2)
+ $(use_enable smtp)
+ $(use_enable telnet)
+ $(use_enable tftp)
+ --enable-tls-srp
+ $(use_enable adns ares)
+ --enable-cookies
+ --enable-dateparse
+ --enable-dnsshuffle
+ --enable-doh
+ --enable-symbol-hiding
+ --enable-http-auth
+ --enable-ipv6
+ --enable-largefile
+ --enable-manual
+ --enable-mime
+ --enable-netrc
+ $(use_enable progress-meter)
+ --enable-proxy
+ --enable-socketpair
+ --disable-sspi
+ $(use_enable static-libs static)
+ --enable-pthreads
+ --enable-threaded-resolver
+ --disable-versioned-symbols
+ --without-amissl
+ --without-bearssl
+ $(use_with brotli)
+ --with-fish-functions-dir="${EPREFIX}"/usr/share/fish/vendor_completions.d
+ $(use_with http2 nghttp2)
+ --without-hyper
+ $(use_with idn libidn2)
+ $(use_with kerberos gssapi "${EPREFIX}"/usr)
+ --without-libgsasl
+ $(use_with psl libpsl)
+ --without-msh3
+ $(use_with nghttp3)
+ $(use_with nghttp3 ngtcp2)
+ --without-quiche
+ $(use_with rtmp librtmp)
+ --without-schannel
+ --without-secure-transport
+ --without-test-caddy
+ --without-test-httpd
+ --without-test-nghttpx
+ $(use_enable websockets)
+ --without-winidn
+ --without-wolfssl
+ --with-zlib
+ $(use_with zstd)
+ --with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions
+ )
+
+ if use test && multilib_is_native_abi && ( use http2 || use nghttp3 ); then
+ myconf+=(
+ --with-test-nghttpx="${BROOT}/usr/bin/nghttpx"
+ )
+ fi
+
+ if [[ ${CHOST} == *mingw* ]] ; then
+ myconf+=(
+ --disable-pthreads
+ )
+ fi
+
+ ECONF_SOURCE="${S}" econf "${myconf[@]}"
+
+ if ! multilib_is_native_abi; then
+ # Avoid building the client (we just want libcurl for multilib)
+ sed -i -e '/SUBDIRS/s:src::' Makefile || die
+ sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
+ fi
+
+ # Fix up the pkg-config file to be more robust.
+ # https://github.com/curl/curl/issues/864
+ local priv=() libs=()
+ # We always enable zlib.
+ libs+=( "-lz" )
+ priv+=( "zlib" )
+ if use http2; then
+ libs+=( "-lnghttp2" )
+ priv+=( "libnghttp2" )
+ fi
+ if use nghttp3; then
+ libs+=( "-lnghttp3" "-lngtcp2" )
+ priv+=( "libnghttp3" "libngtcp2" )
+ fi
+ if use ssl && use curl_ssl_openssl; then
+ libs+=( "-lssl" "-lcrypto" )
+ priv+=( "openssl" )
+ fi
+ grep -q Requires.private libcurl.pc && die "need to update ebuild"
+ libs=$(printf '|%s' "${libs[@]}")
+ sed -i -r \
+ -e "/^Libs.private/s:(${libs#|})( |$)::g" \
+ libcurl.pc || die
+ echo "Requires.private: ${priv[*]}" >> libcurl.pc || die
+}
+
+multilib_src_compile() {
+ default
+
+ if multilib_is_native_abi; then
+ # Shell completions
+ ! tc-is-cross-compiler && emake -C scripts
+ fi
+}
+
+# There is also a pytest harness that tests for bugs in some very specific
+# situations; we can rely on upstream for this rather than adding additional test deps.
+multilib_src_test() {
+ # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
+ # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
+ # -v: verbose
+ # -a: keep going on failure (so we see everything which breaks, not just 1st test)
+ # -k: keep test files after completion
+ # -am: automake style TAP output
+ # -p: print logs if test fails
+ # Note: if needed, we can skip specific tests. See e.g. Fedora's packaging
+ # or just read https://github.com/curl/curl/tree/master/tests#run.
+ # Note: we don't run the testsuite for cross-compilation.
+ # Upstream recommend 7*nproc as a starting point for parallel tests, but
+ # this ends up breaking when nproc is huge (like -j80).
+ # The network sandbox causes tests 241 and 1083 to fail; these are typically skipped
+ # as most gentoo users don't have an 'ip6-localhost'
+ multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p -j$((2*$(makeopts_jobs))) !241 !1083"
+}
+
+multilib_src_install() {
+ emake DESTDIR="${D}" install
+
+ if multilib_is_native_abi; then
+ # Shell completions
+ ! tc-is-cross-compiler && emake -C scripts DESTDIR="${D}" install
+ fi
+}
+
+multilib_src_install_all() {
+ einstalldocs
+ find "${ED}" -type f -name '*.la' -delete || die
+ rm -rf "${ED}"/etc/ || die
+}
diff --git a/net-misc/curl/files/curl-8.6.0-rustls-fixes.patch b/net-misc/curl/files/curl-8.6.0-rustls-fixes.patch
new file mode 100644
index 000000000000..4f713668fd35
--- /dev/null
+++ b/net-misc/curl/files/curl-8.6.0-rustls-fixes.patch
@@ -0,0 +1,252 @@
+From a59683a3607bc0167ff702352d15eee1c0d658a6 Mon Sep 17 00:00:00 2001
+From: Matt Jolly <Matt.Jolly@footclan.ninja>
+Date: Mon, 1 Apr 2024 08:49:27 +1000
+Subject: [PATCH] m4: fix rustls builds
+
+This patch consolidates the following commits to do with rustls
+detection using pkg-config:
+
+- https://github.com/curl/curl/commit/9c4209837094781d5eef69ae6bcad0e86b64bf99
+- https://github.com/curl/curl/commit/5a50cb5a18a141a463148562dab83fa3be1a3b90
+---
+ m4/curl-rustls.m4 | 210 ++++++++++++++++++++++++++++++++--------------
+ 1 file changed, 146 insertions(+), 64 deletions(-)
+
+diff --git a/m4/curl-rustls.m4 b/m4/curl-rustls.m4
+index 75542e4..8082cf9 100644
+--- a/m4/curl-rustls.m4
++++ b/m4/curl-rustls.m4
+@@ -28,84 +28,166 @@ dnl check for rustls
+ dnl ----------------------------------------------------
+
+ if test "x$OPT_RUSTLS" != xno; then
+- _cppflags=$CPPFLAGS
+- _ldflags=$LDFLAGS
+ ssl_msg=
+
+- if test X"$OPT_RUSTLS" != Xno; then
++ dnl backup the pre-ssl variables
++ CLEANLDFLAGS="$LDFLAGS"
++ CLEANCPPFLAGS="$CPPFLAGS"
+
+- if test "$OPT_RUSTLS" = "yes"; then
+- OPT_RUSTLS=""
+- fi
++ case $host_os in
++ darwin*)
++ LDFLAGS="$LDFLAGS -framework Security"
++ ;;
++ *)
++ ;;
++ esac
++ ## NEW CODE
+
+- case $host_os in
+- darwin*)
+- LDFLAGS="$LDFLAGS -framework Security"
+- ;;
+- *)
+- ;;
+- esac
+-
+- if test -z "$OPT_RUSTLS" ; then
+- dnl check for lib first without setting any new path
+-
+- AC_CHECK_LIB(rustls, rustls_client_session_read,
+- dnl librustls found, set the variable
+- [
+- AC_DEFINE(USE_RUSTLS, 1, [if rustls is enabled])
+- AC_SUBST(USE_RUSTLS, [1])
+- RUSTLS_ENABLED=1
+- USE_RUSTLS="yes"
+- ssl_msg="rustls"
+- test rustls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
+- ], [], -lpthread -ldl -lm)
+- fi
++ dnl use pkg-config unless we have been given a path
++ dnl even then, try pkg-config first
+
+- if test "x$USE_RUSTLS" != "xyes"; then
+- dnl add the path and test again
+- addld=-L$OPT_RUSTLS/lib$libsuff
+- addcflags=-I$OPT_RUSTLS/include
+- rustlslib=$OPT_RUSTLS/lib$libsuff
++ case "$OPT_RUSTLS" in
++ yes)
++ dnl --with-rustls (without path) used
++ PKGTEST="yes"
++ PREFIX_RUSTLS=
++ ;;
++ *)
++ dnl check the provided --with-rustls path
++ PKGTEST="no"
++ PREFIX_RUSTLS=$OPT_RUSTLS
+
+- LDFLAGS="$LDFLAGS $addld"
+- if test "$addcflags" != "-I/usr/include"; then
+- CPPFLAGS="$CPPFLAGS $addcflags"
++ dnl Try pkg-config even when cross-compiling. Since we
++ dnl specify PKG_CONFIG_LIBDIR we are only looking where
++ dnl the user told us to look
++
++ RUSTLS_PCDIR="$PREFIX_RUSTLS/lib/pkgconfig"
++ if test -f "$RUSTLS_PCDIR/rustls.pc"; then
++ AC_MSG_NOTICE([PKG_CONFIG_LIBDIR will be set to "$RUSTLS_PCDIR"])
++ PKGTEST="yes"
+ fi
+
+- AC_CHECK_LIB(rustls, rustls_connection_read,
+- [
+- AC_DEFINE(USE_RUSTLS, 1, [if rustls is enabled])
+- AC_SUBST(USE_RUSTLS, [1])
+- RUSTLS_ENABLED=1
+- USE_RUSTLS="yes"
+- ssl_msg="rustls"
+- test rustls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
+- ],
+- AC_MSG_ERROR([--with-rustls was specified but could not find rustls.]),
+- -lpthread -ldl -lm)
+- fi
++ if test "$PKGTEST" != "yes"; then
++ # try lib64 instead
++ RUSTLS_PCDIR="$PREFIX_RUSTLS/lib64/pkgconfig"
++ if test -f "$RUSTLS_PCDIR/rustls.pc"; then
++ AC_MSG_NOTICE([PKG_CONFIG_LIBDIR will be set to "$RUSTLS_PCDIR"])
++ PKGTEST="yes"
++ fi
++ fi
++
++ if test "$PKGTEST" != "yes"; then
++ dnl pkg-config came up empty, use what we got
++ dnl via --with-rustls
+
+- if test "x$USE_RUSTLS" = "xyes"; then
+- AC_MSG_NOTICE([detected rustls])
+- check_for_ca_bundle=1
+-
+- LIBS="-lrustls -lpthread -ldl -lm $LIBS"
+-
+- if test -n "$rustlslib"; then
+- dnl when shared libs were found in a path that the run-time
+- dnl linker doesn't search through, we need to add it to
+- dnl CURL_LIBRARY_PATH to prevent further configure tests to fail
+- dnl due to this
+- if test "x$cross_compiling" != "xyes"; then
+- CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$rustlslib"
+- export CURL_LIBRARY_PATH
+- AC_MSG_NOTICE([Added $rustlslib to CURL_LIBRARY_PATH])
++ addld=-L$PREFIX_RUSTLS/lib$libsuff
++ addcflags=-I$PREFIX_RUSTLS/include
++
++ LDFLAGS="$LDFLAGS $addld"
++ if test "$addcflags" != "-I/usr/include"; then
++ CPPFLAGS="$CPPFLAGS $addcflags"
++ fi
++
++ AC_CHECK_LIB(rustls, rustls_connection_read,
++ [
++ AC_DEFINE(USE_RUSTLS, 1, [if rustls is enabled])
++ AC_SUBST(USE_RUSTLS, [1])
++ RUSTLS_ENABLED=1
++ USE_RUSTLS="yes"
++ ssl_msg="rustls"
++ test rustls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
++ ],
++ AC_MSG_ERROR([--with-rustls was specified but could not find rustls.]),
++ -lpthread -ldl -lm)
++
++ USE_RUSTLS="yes"
++ ssl_msg="rustls"
++
++ LIB_RUSTLS="$PREFIX_RUSTLS/lib$libsuff"
++ if test "$PREFIX_RUSTLS" != "/usr" ; then
++ SSL_LDFLAGS="-L$LIB_RUSTLS"
++ SSL_CPPFLAGS="-I$PREFIX_RUSTLS/include"
+ fi
+ fi
++ ;;
++ esac
++
++ if test "$PKGTEST" = "yes"; then
++
++ CURL_CHECK_PKGCONFIG(rustls, [$RUSTLS_PCDIR])
++
++ if test "$PKGCONFIG" != "no" ; then
++ SSL_LIBS=`CURL_EXPORT_PCDIR([$RUSTLS_PCDIR]) dnl
++ $PKGCONFIG --libs-only-l --libs-only-other rustls 2>/dev/null`
++
++ SSL_LDFLAGS=`CURL_EXPORT_PCDIR([$RUSTLS_PCDIR]) dnl
++ $PKGCONFIG --libs-only-L rustls 2>/dev/null`
++
++ SSL_CPPFLAGS=`CURL_EXPORT_PCDIR([$RUSTLS_PCDIR]) dnl
++ $PKGCONFIG --cflags-only-I rustls 2>/dev/null`
++
++ AC_SUBST(SSL_LIBS)
++ AC_MSG_NOTICE([pkg-config: SSL_LIBS: "$SSL_LIBS"])
++ AC_MSG_NOTICE([pkg-config: SSL_LDFLAGS: "$SSL_LDFLAGS"])
++ AC_MSG_NOTICE([pkg-config: SSL_CPPFLAGS: "$SSL_CPPFLAGS"])
++
++ LIB_RUSTLS=`echo $SSL_LDFLAGS | sed -e 's/^-L//'`
++
++ dnl use the values pkg-config reported. This is here
++ dnl instead of below with CPPFLAGS and LDFLAGS because we only
++ dnl learn about this via pkg-config. If we only have
++ dnl the argument to --with-rustls we don't know what
++ dnl additional libs may be necessary. Hope that we
++ dnl don't need any.
++ LIBS="$SSL_LIBS $LIBS"
++ USE_RUSTLS="yes"
++ ssl_msg="rustls"
++ AC_DEFINE(USE_RUSTLS, 1, [if rustls is enabled])
++ AC_SUBST(USE_RUSTLS, [1])
++ USE_RUSTLS="yes"
++ RUSTLS_ENABLED=1
++ test rustls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
++ else
++ AC_MSG_ERROR([pkg-config: Could not find rustls])
+ fi
+
+- fi dnl rustls not disabled
++ else
++ dnl we did not use pkg-config, so we need to add the
++ dnl rustls lib to LIBS
++ LIBS="-lrustls -lpthread -ldl -lm $LIBS"
++ fi
++
++ dnl finally, set flags to use this TLS backend
++ CPPFLAGS="$CLEAN_CPPFLAGS $SSL_CPPFLAGS"
++ LDFLAGS="$CLAN_LDFLAGS $SSL_LDFLAGS"
++
++ if test "x$USE_RUSTLS" = "xyes"; then
++ AC_MSG_NOTICE([detected rustls])
++ check_for_ca_bundle=1
++
++ if test -n "$LIB_RUSTLS"; then
++ dnl when shared libs were found in a path that the run-time
++ dnl linker does not search through, we need to add it to
++ dnl CURL_LIBRARY_PATH so that further configure tests do not
++ dnl fail due to this
++ if test "x$cross_compiling" != "xyes"; then
++ CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$LIB_RUSTLS"
++ export CURL_LIBRARY_PATH
++ AC_MSG_NOTICE([Added $LIB_RUSTLS to CURL_LIBRARY_PATH])
++ fi
++ fi
++ fi
+
+ test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
++
++ if test X"$OPT_RUSTLS" != Xno &&
++ test "$RUSTLS_ENABLED" != "1"; then
++ AC_MSG_NOTICE([OPT_RUSTLS: $OPT_RUSTLS])
++ AC_MSG_NOTICE([RUSTLS_ENABLED: $RUSTLS_ENABLED])
++ AC_MSG_ERROR([--with-rustls was given but Rustls could not be detected])
++ fi
+ fi
+ ])
++
++
++RUSTLS_ENABLED
+--
+2.44.0
+
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/curl/, net-misc/curl/files/
@ 2024-04-01 3:59 Matt Jolly
0 siblings, 0 replies; 30+ messages in thread
From: Matt Jolly @ 2024-04-01 3:59 UTC (permalink / raw
To: gentoo-commits
commit: bfa2f44d8b2211ab41326f5ff2a31e7aca30348d
Author: Matt Jolly <kangie <AT> gentoo <DOT> org>
AuthorDate: Sun Mar 31 23:06:34 2024 +0000
Commit: Matt Jolly <kangie <AT> gentoo <DOT> org>
CommitDate: Mon Apr 1 03:54:07 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bfa2f44d
net-misc/curl: drop 8.6.0-r1, 8.7.1
Signed-off-by: Matt Jolly <kangie <AT> gentoo.org>
net-misc/curl/curl-8.6.0-r1.ebuild | 367 ---------------------
net-misc/curl/curl-8.7.1.ebuild | 366 --------------------
.../curl-8.6.0-backport-rustls-detection.patch | 256 --------------
.../files/curl-8.7.1-fix-pkgconfig-macros.patch | 39 ---
4 files changed, 1028 deletions(-)
diff --git a/net-misc/curl/curl-8.6.0-r1.ebuild b/net-misc/curl/curl-8.6.0-r1.ebuild
deleted file mode 100644
index f48e3df12d7c..000000000000
--- a/net-misc/curl/curl-8.6.0-r1.ebuild
+++ /dev/null
@@ -1,367 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/danielstenberg.asc
-inherit autotools multilib-minimal multiprocessing prefix toolchain-funcs verify-sig
-
-DESCRIPTION="A Client that groks URLs"
-HOMEPAGE="https://curl.se/"
-
-if [[ ${PV} == 9999 ]]; then
- inherit git-r3
- EGIT_REPO_URI="https://github.com/curl/curl.git"
-else
- SRC_URI="
- https://curl.se/download/${P}.tar.xz
- verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )
- "
- KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
-fi
-
-LICENSE="BSD curl ISC test? ( BSD-4 )"
-SLOT="0"
-IUSE="+adns +alt-svc brotli +ftp gnutls gopher +hsts +http2 idn +imap kerberos ldap mbedtls nghttp3 +openssl +pop3"
-IUSE+=" +psl +progress-meter rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd"
-# These select the default SSL implementation
-IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls"
-RESTRICT="!test? ( test )"
-
-# Only one default ssl provider can be enabled
-# The default ssl provider needs its USE satisfied
-# nghttp3 = https://bugs.gentoo.org/912029
-REQUIRED_USE="
- ssl? (
- ^^ (
- curl_ssl_gnutls
- curl_ssl_mbedtls
- curl_ssl_openssl
- curl_ssl_rustls
- )
- )
- curl_ssl_gnutls? ( gnutls )
- curl_ssl_mbedtls? ( mbedtls )
- curl_ssl_openssl? ( openssl )
- curl_ssl_rustls? ( rustls )
- nghttp3? (
- !openssl
- alt-svc )
-"
-
-# cURL's docs and CI/CD are great resources for confirming supported versions
-# particulary for fast-moving targets like HTTP/2 and TCP/2 e.g.:
-# - https://github.com/curl/curl/blob/master/docs/INTERNALS.md (core dependencies + minimum versions)
-# - https://github.com/curl/curl/blob/master/docs/HTTP3.md (example of a feature that moves quickly)
-# - https://github.com/curl/curl/blob/master/.github/workflows/quiche-linux.yml (CI/CD for TCP/2)
-# However 'supported' vs 'works' are two entirely different things; be sane but
-# don't be afraid to require a later version.
-
-RDEPEND="
- >=sys-libs/zlib-1.1.4[${MULTILIB_USEDEP}]
- adns? ( net-dns/c-ares:=[${MULTILIB_USEDEP}] )
- brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
- http2? ( >=net-libs/nghttp2-1.12.0:=[${MULTILIB_USEDEP}] )
- idn? ( net-dns/libidn2:=[static-libs?,${MULTILIB_USEDEP}] )
- kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
- ldap? ( >=net-nds/openldap-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
- nghttp3? (
- >=net-libs/nghttp3-0.15.0[${MULTILIB_USEDEP}]
- >=net-libs/ngtcp2-0.19.1[gnutls,ssl,-openssl,${MULTILIB_USEDEP}]
- )
- psl? ( net-libs/libpsl[${MULTILIB_USEDEP}] )
- rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
- ssh? ( >=net-libs/libssh2-1.0.0[${MULTILIB_USEDEP}] )
- ssl? (
- gnutls? (
- app-misc/ca-certificates
- >=net-libs/gnutls-3.1.10:=[static-libs?,${MULTILIB_USEDEP}]
- dev-libs/nettle:=[${MULTILIB_USEDEP}]
- )
- mbedtls? (
- app-misc/ca-certificates
- net-libs/mbedtls:=[${MULTILIB_USEDEP}]
- )
- openssl? (
- >=dev-libs/openssl-0.9.7:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
- )
- rustls? (
- ~net-libs/rustls-ffi-0.10.0:=[${MULTILIB_USEDEP}]
- )
- )
- zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )
-"
-
-DEPEND="${RDEPEND}"
-
-BDEPEND="
- dev-lang/perl
- virtual/pkgconfig
- test? (
- sys-apps/diffutils
- http2? ( >=net-libs/nghttp2-1.15.0:=[utils,${MULTILIB_USEDEP}] )
- nghttp3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] )
- )
- verify-sig? ( sec-keys/openpgp-keys-danielstenberg )
-"
-
-DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
-
-MULTILIB_WRAPPED_HEADERS=(
- /usr/include/curl/curlbuild.h
-)
-
-MULTILIB_CHOST_TOOLS=(
- /usr/bin/curl-config
-)
-
-QA_CONFIG_IMPL_DECL_SKIP=(
- __builtin_available
- closesocket
- CloseSocket
- getpass_r
- ioctlsocket
- IoctlSocket
- mach_absolute_time
- setmode
- _fseeki64
-)
-
-PATCHES=(
- "${FILESDIR}"/${PN}-prefix.patch
- "${FILESDIR}"/${PN}-respect-cflags-3.patch
- "${FILESDIR}"/${P}-vtls-revert-receive-max-buffer-add-test-case.patch
- "${FILESDIR}"/${P}-backport-rustls-detection.patch
-)
-
-src_prepare() {
- default
-
- eprefixify curl-config.in
- eautoreconf
-}
-
-multilib_src_configure() {
- # We make use of the fact that later flags override earlier ones
- # So start with all ssl providers off until proven otherwise
- # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
- local myconf=()
-
- myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
- if use ssl; then
- myconf+=( --without-gnutls --without-mbedtls --without-rustls )
-
- if use gnutls; then
- multilib_is_native_abi && einfo "SSL provided by gnutls"
- myconf+=( --with-gnutls )
- fi
- if use mbedtls; then
- multilib_is_native_abi && einfo "SSL provided by mbedtls"
- myconf+=( --with-mbedtls )
- fi
- if use openssl; then
- multilib_is_native_abi && einfo "SSL provided by openssl"
- myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
- fi
- if use rustls; then
- multilib_is_native_abi && einfo "SSL provided by rustls"
- myconf+=( --with-rustls )
- fi
- if use curl_ssl_gnutls; then
- multilib_is_native_abi && einfo "Default SSL provided by gnutls"
- myconf+=( --with-default-ssl-backend=gnutls )
- elif use curl_ssl_mbedtls; then
- multilib_is_native_abi && einfo "Default SSL provided by mbedtls"
- myconf+=( --with-default-ssl-backend=mbedtls )
- elif use curl_ssl_openssl; then
- multilib_is_native_abi && einfo "Default SSL provided by openssl"
- myconf+=( --with-default-ssl-backend=openssl )
- elif use curl_ssl_rustls; then
- multilib_is_native_abi && einfo "Default SSL provided by rustls"
- myconf+=( --with-default-ssl-backend=rustls )
- else
- eerror "We can't be here because of REQUIRED_USE."
- die "Please file a bug, hit impossible condition w/ USE=ssl handling."
- fi
-
- else
- myconf+=( --without-ssl )
- einfo "SSL disabled"
- fi
-
- # These configuration options are organized alphabetically
- # within each category. This should make it easier if we
- # ever decide to make any of them contingent on USE flags:
- # 1) protocols first. To see them all do
- # 'grep SUPPORT_PROTOCOLS configure.ac'
- # 2) --enable/disable options second.
- # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
- # 3) --with/without options third.
- # grep -- --with configure | grep Check | awk '{ print $4 }' | sort
-
- myconf+=(
- $(use_enable alt-svc)
- --enable-basic-auth
- --enable-bearer-auth
- --enable-digest-auth
- --enable-kerberos-auth
- --enable-negotiate-auth
- --enable-aws
- --enable-dict
- --disable-ech
- --enable-file
- $(use_enable ftp)
- $(use_enable gopher)
- $(use_enable hsts)
- --enable-http
- $(use_enable imap)
- $(use_enable ldap)
- $(use_enable ldap ldaps)
- --enable-ntlm
- --disable-ntlm-wb
- $(use_enable pop3)
- --enable-rt
- --enable-rtsp
- $(use_enable samba smb)
- $(use_with ssh libssh2)
- $(use_enable smtp)
- $(use_enable telnet)
- $(use_enable tftp)
- --enable-tls-srp
- $(use_enable adns ares)
- --enable-cookies
- --enable-dateparse
- --enable-dnsshuffle
- --enable-doh
- --enable-symbol-hiding
- --enable-http-auth
- --enable-ipv6
- --enable-largefile
- --enable-manual
- --enable-mime
- --enable-netrc
- $(use_enable progress-meter)
- --enable-proxy
- --enable-socketpair
- --disable-sspi
- $(use_enable static-libs static)
- --enable-pthreads
- --enable-threaded-resolver
- --disable-versioned-symbols
- --without-amissl
- --without-bearssl
- $(use_with brotli)
- --with-fish-functions-dir="${EPREFIX}"/usr/share/fish/vendor_completions.d
- $(use_with http2 nghttp2)
- --without-hyper
- $(use_with idn libidn2)
- $(use_with kerberos gssapi "${EPREFIX}"/usr)
- --without-libgsasl
- $(use_with psl libpsl)
- --without-msh3
- $(use_with nghttp3)
- $(use_with nghttp3 ngtcp2)
- --without-quiche
- $(use_with rtmp librtmp)
- --without-schannel
- --without-secure-transport
- --without-test-caddy
- --without-test-httpd
- --without-test-nghttpx
- $(use_enable websockets)
- --without-winidn
- --without-wolfssl
- --with-zlib
- $(use_with zstd)
- --with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions
- )
-
- if use test && multilib_is_native_abi && ( use http2 || use nghttp3 ); then
- myconf+=(
- --with-test-nghttpx="${BROOT}/usr/bin/nghttpx"
- )
- fi
-
- if [[ ${CHOST} == *mingw* ]] ; then
- myconf+=(
- --disable-pthreads
- )
- fi
-
- ECONF_SOURCE="${S}" econf "${myconf[@]}"
-
- if ! multilib_is_native_abi; then
- # Avoid building the client (we just want libcurl for multilib)
- sed -i -e '/SUBDIRS/s:src::' Makefile || die
- sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
- fi
-
- # Fix up the pkg-config file to be more robust.
- # https://github.com/curl/curl/issues/864
- local priv=() libs=()
- # We always enable zlib.
- libs+=( "-lz" )
- priv+=( "zlib" )
- if use http2; then
- libs+=( "-lnghttp2" )
- priv+=( "libnghttp2" )
- fi
- if use nghttp3; then
- libs+=( "-lnghttp3" "-lngtcp2" )
- priv+=( "libnghttp3" "libngtcp2" )
- fi
- if use ssl && use curl_ssl_openssl; then
- libs+=( "-lssl" "-lcrypto" )
- priv+=( "openssl" )
- fi
- grep -q Requires.private libcurl.pc && die "need to update ebuild"
- libs=$(printf '|%s' "${libs[@]}")
- sed -i -r \
- -e "/^Libs.private/s:(${libs#|})( |$)::g" \
- libcurl.pc || die
- echo "Requires.private: ${priv[*]}" >> libcurl.pc || die
-}
-
-multilib_src_compile() {
- default
-
- if multilib_is_native_abi; then
- # Shell completions
- ! tc-is-cross-compiler && emake -C scripts
- fi
-}
-
-# There is also a pytest harness that tests for bugs in some very specific
-# situations; we can rely on upstream for this rather than adding additional test deps.
-multilib_src_test() {
- # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
- # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
- # -v: verbose
- # -a: keep going on failure (so we see everything which breaks, not just 1st test)
- # -k: keep test files after completion
- # -am: automake style TAP output
- # -p: print logs if test fails
- # Note: if needed, we can skip specific tests. See e.g. Fedora's packaging
- # or just read https://github.com/curl/curl/tree/master/tests#run.
- # Note: we don't run the testsuite for cross-compilation.
- # Upstream recommend 7*nproc as a starting point for parallel tests, but
- # this ends up breaking when nproc is huge (like -j80).
- # The network sandbox causes tests 241 and 1083 to fail; these are typically skipped
- # as most gentoo users don't have an 'ip6-localhost'
- multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p -j$((2*$(makeopts_jobs))) !241 !1083"
-}
-
-multilib_src_install() {
- emake DESTDIR="${D}" install
-
- if multilib_is_native_abi; then
- # Shell completions
- ! tc-is-cross-compiler && emake -C scripts DESTDIR="${D}" install
- fi
-}
-
-multilib_src_install_all() {
- einstalldocs
- find "${ED}" -type f -name '*.la' -delete || die
- rm -rf "${ED}"/etc/ || die
-}
diff --git a/net-misc/curl/curl-8.7.1.ebuild b/net-misc/curl/curl-8.7.1.ebuild
deleted file mode 100644
index 3338a14e2bef..000000000000
--- a/net-misc/curl/curl-8.7.1.ebuild
+++ /dev/null
@@ -1,366 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/danielstenberg.asc
-inherit autotools multilib-minimal multiprocessing prefix toolchain-funcs verify-sig
-
-DESCRIPTION="A Client that groks URLs"
-HOMEPAGE="https://curl.se/"
-
-if [[ ${PV} == 9999 ]]; then
- inherit git-r3
- EGIT_REPO_URI="https://github.com/curl/curl.git"
-else
- SRC_URI="
- https://curl.se/download/${P}.tar.xz
- verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )
- "
- KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
-fi
-
-LICENSE="BSD curl ISC test? ( BSD-4 )"
-SLOT="0"
-IUSE="+adns +alt-svc brotli +ftp gnutls gopher +hsts +http2 idn +imap kerberos ldap mbedtls nghttp3 +openssl +pop3"
-IUSE+=" +psl +progress-meter rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd"
-# These select the default SSL implementation
-IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls"
-RESTRICT="!test? ( test )"
-
-# Only one default ssl provider can be enabled
-# The default ssl provider needs its USE satisfied
-# nghttp3 = https://bugs.gentoo.org/912029
-REQUIRED_USE="
- ssl? (
- ^^ (
- curl_ssl_gnutls
- curl_ssl_mbedtls
- curl_ssl_openssl
- curl_ssl_rustls
- )
- )
- curl_ssl_gnutls? ( gnutls )
- curl_ssl_mbedtls? ( mbedtls )
- curl_ssl_openssl? ( openssl )
- curl_ssl_rustls? ( rustls )
- nghttp3? (
- !openssl
- alt-svc )
-"
-
-# cURL's docs and CI/CD are great resources for confirming supported versions
-# particulary for fast-moving targets like HTTP/2 and TCP/2 e.g.:
-# - https://github.com/curl/curl/blob/master/docs/INTERNALS.md (core dependencies + minimum versions)
-# - https://github.com/curl/curl/blob/master/docs/HTTP3.md (example of a feature that moves quickly)
-# - https://github.com/curl/curl/blob/master/.github/workflows/quiche-linux.yml (CI/CD for TCP/2)
-# However 'supported' vs 'works' are two entirely different things; be sane but
-# don't be afraid to require a later version.
-
-RDEPEND="
- >=sys-libs/zlib-1.1.4[${MULTILIB_USEDEP}]
- adns? ( net-dns/c-ares:=[${MULTILIB_USEDEP}] )
- brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
- http2? ( >=net-libs/nghttp2-1.12.0:=[${MULTILIB_USEDEP}] )
- idn? ( net-dns/libidn2:=[static-libs?,${MULTILIB_USEDEP}] )
- kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
- ldap? ( >=net-nds/openldap-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
- nghttp3? (
- >=net-libs/nghttp3-0.15.0[${MULTILIB_USEDEP}]
- >=net-libs/ngtcp2-0.19.1[gnutls,ssl,-openssl,${MULTILIB_USEDEP}]
- )
- psl? ( net-libs/libpsl[${MULTILIB_USEDEP}] )
- rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
- ssh? ( >=net-libs/libssh2-1.0.0[${MULTILIB_USEDEP}] )
- ssl? (
- gnutls? (
- app-misc/ca-certificates
- >=net-libs/gnutls-3.1.10:=[static-libs?,${MULTILIB_USEDEP}]
- dev-libs/nettle:=[${MULTILIB_USEDEP}]
- )
- mbedtls? (
- app-misc/ca-certificates
- net-libs/mbedtls:=[${MULTILIB_USEDEP}]
- )
- openssl? (
- >=dev-libs/openssl-0.9.7:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
- )
- rustls? (
- ~net-libs/rustls-ffi-0.12.1:=[${MULTILIB_USEDEP}]
- )
- )
- zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )
-"
-
-DEPEND="${RDEPEND}"
-
-BDEPEND="
- dev-lang/perl
- virtual/pkgconfig
- test? (
- sys-apps/diffutils
- http2? ( >=net-libs/nghttp2-1.15.0:=[utils,${MULTILIB_USEDEP}] )
- nghttp3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] )
- )
- verify-sig? ( sec-keys/openpgp-keys-danielstenberg )
-"
-
-DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
-
-MULTILIB_WRAPPED_HEADERS=(
- /usr/include/curl/curlbuild.h
-)
-
-MULTILIB_CHOST_TOOLS=(
- /usr/bin/curl-config
-)
-
-QA_CONFIG_IMPL_DECL_SKIP=(
- __builtin_available
- closesocket
- CloseSocket
- getpass_r
- ioctlsocket
- IoctlSocket
- mach_absolute_time
- setmode
- _fseeki64
-)
-
-PATCHES=(
- "${FILESDIR}"/${PN}-prefix.patch
- "${FILESDIR}"/${PN}-respect-cflags-3.patch
- "${FILESDIR}"/${PN}-8.7.1-fix-pkgconfig-macros.patch
-)
-
-src_prepare() {
- default
-
- eprefixify curl-config.in
- eautoreconf
-}
-
-multilib_src_configure() {
- # We make use of the fact that later flags override earlier ones
- # So start with all ssl providers off until proven otherwise
- # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
- local myconf=()
-
- myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
- if use ssl; then
- myconf+=( --without-gnutls --without-mbedtls --without-rustls )
-
- if use gnutls; then
- multilib_is_native_abi && einfo "SSL provided by gnutls"
- myconf+=( --with-gnutls )
- fi
- if use mbedtls; then
- multilib_is_native_abi && einfo "SSL provided by mbedtls"
- myconf+=( --with-mbedtls )
- fi
- if use openssl; then
- multilib_is_native_abi && einfo "SSL provided by openssl"
- myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
- fi
- if use rustls; then
- multilib_is_native_abi && einfo "SSL provided by rustls"
- myconf+=( --with-rustls )
- fi
- if use curl_ssl_gnutls; then
- multilib_is_native_abi && einfo "Default SSL provided by gnutls"
- myconf+=( --with-default-ssl-backend=gnutls )
- elif use curl_ssl_mbedtls; then
- multilib_is_native_abi && einfo "Default SSL provided by mbedtls"
- myconf+=( --with-default-ssl-backend=mbedtls )
- elif use curl_ssl_openssl; then
- multilib_is_native_abi && einfo "Default SSL provided by openssl"
- myconf+=( --with-default-ssl-backend=openssl )
- elif use curl_ssl_rustls; then
- multilib_is_native_abi && einfo "Default SSL provided by rustls"
- myconf+=( --with-default-ssl-backend=rustls )
- else
- eerror "We can't be here because of REQUIRED_USE."
- die "Please file a bug, hit impossible condition w/ USE=ssl handling."
- fi
-
- else
- myconf+=( --without-ssl )
- einfo "SSL disabled"
- fi
-
- # These configuration options are organized alphabetically
- # within each category. This should make it easier if we
- # ever decide to make any of them contingent on USE flags:
- # 1) protocols first. To see them all do
- # 'grep SUPPORT_PROTOCOLS configure.ac'
- # 2) --enable/disable options second.
- # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
- # 3) --with/without options third.
- # grep -- --with configure | grep Check | awk '{ print $4 }' | sort
-
- myconf+=(
- $(use_enable alt-svc)
- --enable-basic-auth
- --enable-bearer-auth
- --enable-digest-auth
- --enable-kerberos-auth
- --enable-negotiate-auth
- --enable-aws
- --enable-dict
- --disable-ech
- --enable-file
- $(use_enable ftp)
- $(use_enable gopher)
- $(use_enable hsts)
- --enable-http
- $(use_enable imap)
- $(use_enable ldap)
- $(use_enable ldap ldaps)
- --enable-ntlm
- --disable-ntlm-wb
- $(use_enable pop3)
- --enable-rt
- --enable-rtsp
- $(use_enable samba smb)
- $(use_with ssh libssh2)
- $(use_enable smtp)
- $(use_enable telnet)
- $(use_enable tftp)
- --enable-tls-srp
- $(use_enable adns ares)
- --enable-cookies
- --enable-dateparse
- --enable-dnsshuffle
- --enable-doh
- --enable-symbol-hiding
- --enable-http-auth
- --enable-ipv6
- --enable-largefile
- --enable-manual
- --enable-mime
- --enable-netrc
- $(use_enable progress-meter)
- --enable-proxy
- --enable-socketpair
- --disable-sspi
- $(use_enable static-libs static)
- --enable-pthreads
- --enable-threaded-resolver
- --disable-versioned-symbols
- --without-amissl
- --without-bearssl
- $(use_with brotli)
- --with-fish-functions-dir="${EPREFIX}"/usr/share/fish/vendor_completions.d
- $(use_with http2 nghttp2)
- --without-hyper
- $(use_with idn libidn2)
- $(use_with kerberos gssapi "${EPREFIX}"/usr)
- --without-libgsasl
- $(use_with psl libpsl)
- --without-msh3
- $(use_with nghttp3)
- $(use_with nghttp3 ngtcp2)
- --without-quiche
- $(use_with rtmp librtmp)
- --without-schannel
- --without-secure-transport
- --without-test-caddy
- --without-test-httpd
- --without-test-nghttpx
- $(use_enable websockets)
- --without-winidn
- --without-wolfssl
- --with-zlib
- $(use_with zstd)
- --with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions
- )
-
- if use test && multilib_is_native_abi && ( use http2 || use nghttp3 ); then
- myconf+=(
- --with-test-nghttpx="${BROOT}/usr/bin/nghttpx"
- )
- fi
-
- if [[ ${CHOST} == *mingw* ]] ; then
- myconf+=(
- --disable-pthreads
- )
- fi
-
- ECONF_SOURCE="${S}" econf "${myconf[@]}"
-
- if ! multilib_is_native_abi; then
- # Avoid building the client (we just want libcurl for multilib)
- sed -i -e '/SUBDIRS/s:src::' Makefile || die
- sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
- fi
-
- # Fix up the pkg-config file to be more robust.
- # https://github.com/curl/curl/issues/864
- local priv=() libs=()
- # We always enable zlib.
- libs+=( "-lz" )
- priv+=( "zlib" )
- if use http2; then
- libs+=( "-lnghttp2" )
- priv+=( "libnghttp2" )
- fi
- if use nghttp3; then
- libs+=( "-lnghttp3" "-lngtcp2" )
- priv+=( "libnghttp3" "libngtcp2" )
- fi
- if use ssl && use curl_ssl_openssl; then
- libs+=( "-lssl" "-lcrypto" )
- priv+=( "openssl" )
- fi
- grep -q Requires.private libcurl.pc && die "need to update ebuild"
- libs=$(printf '|%s' "${libs[@]}")
- sed -i -r \
- -e "/^Libs.private/s:(${libs#|})( |$)::g" \
- libcurl.pc || die
- echo "Requires.private: ${priv[*]}" >> libcurl.pc || die
-}
-
-multilib_src_compile() {
- default
-
- if multilib_is_native_abi; then
- # Shell completions
- ! tc-is-cross-compiler && emake -C scripts
- fi
-}
-
-# There is also a pytest harness that tests for bugs in some very specific
-# situations; we can rely on upstream for this rather than adding additional test deps.
-multilib_src_test() {
- # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
- # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
- # -v: verbose
- # -a: keep going on failure (so we see everything which breaks, not just 1st test)
- # -k: keep test files after completion
- # -am: automake style TAP output
- # -p: print logs if test fails
- # Note: if needed, we can skip specific tests. See e.g. Fedora's packaging
- # or just read https://github.com/curl/curl/tree/master/tests#run.
- # Note: we don't run the testsuite for cross-compilation.
- # Upstream recommend 7*nproc as a starting point for parallel tests, but
- # this ends up breaking when nproc is huge (like -j80).
- # The network sandbox causes tests 241 and 1083 to fail; these are typically skipped
- # as most gentoo users don't have an 'ip6-localhost'
- multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p -j$((2*$(makeopts_jobs))) !241 !1083"
-}
-
-multilib_src_install() {
- emake DESTDIR="${D}" install
-
- if multilib_is_native_abi; then
- # Shell completions
- ! tc-is-cross-compiler && emake -C scripts DESTDIR="${D}" install
- fi
-}
-
-multilib_src_install_all() {
- einstalldocs
- find "${ED}" -type f -name '*.la' -delete || die
- rm -rf "${ED}"/etc/ || die
-}
diff --git a/net-misc/curl/files/curl-8.6.0-backport-rustls-detection.patch b/net-misc/curl/files/curl-8.6.0-backport-rustls-detection.patch
deleted file mode 100644
index 5d7b3a23c2c9..000000000000
--- a/net-misc/curl/files/curl-8.6.0-backport-rustls-detection.patch
+++ /dev/null
@@ -1,256 +0,0 @@
-https://github.com/curl/curl/commit/647e86a3efe1eea7a2a456c009cfe1eb55fe48eb
-https://github.com/curl/curl/pull/13202
-From: Matt Jolly <Matt.Jolly@footclan.ninja>
-Date: Fri, 29 Mar 2024 09:58:14 +1000
-Subject: [PATCH] curl-rustls.m4: add pkg-config support to rustls detection
-
-Based on the existing openssl pkg-config detection, this commit tries to
-use pkg-config to find `rustls` then falls back to the current approach
-if that fails.
-
-We use the following logic:
-
-- if no path is provided, just use pkg-config, if it's not there we have
- a problem!
-- if a path is provided, try pkg-config
- + if pkg-config fails, try and find rustls directly
----
- m4/curl-rustls.m4 | 209 ++++++++++++++++++++++++++++++++--------------
- 1 file changed, 145 insertions(+), 64 deletions(-)
-
-diff --git a/m4/curl-rustls.m4 b/m4/curl-rustls.m4
-index 75542e4..902327a 100644
---- a/m4/curl-rustls.m4
-+++ b/m4/curl-rustls.m4
-@@ -28,84 +28,165 @@ dnl check for rustls
- dnl ----------------------------------------------------
-
- if test "x$OPT_RUSTLS" != xno; then
-- _cppflags=$CPPFLAGS
-- _ldflags=$LDFLAGS
- ssl_msg=
-
-- if test X"$OPT_RUSTLS" != Xno; then
-+ dnl backup the pre-ssl variables
-+ CLEANLDFLAGS="$LDFLAGS"
-+ CLEANCPPFLAGS="$CPPFLAGS"
-
-- if test "$OPT_RUSTLS" = "yes"; then
-- OPT_RUSTLS=""
-- fi
-+ case $host_os in
-+ darwin*)
-+ LDFLAGS="$LDFLAGS -framework Security"
-+ ;;
-+ *)
-+ ;;
-+ esac
-+ ## NEW CODE
-
-- case $host_os in
-- darwin*)
-- LDFLAGS="$LDFLAGS -framework Security"
-- ;;
-- *)
-- ;;
-- esac
--
-- if test -z "$OPT_RUSTLS" ; then
-- dnl check for lib first without setting any new path
--
-- AC_CHECK_LIB(rustls, rustls_client_session_read,
-- dnl librustls found, set the variable
-- [
-- AC_DEFINE(USE_RUSTLS, 1, [if rustls is enabled])
-- AC_SUBST(USE_RUSTLS, [1])
-- RUSTLS_ENABLED=1
-- USE_RUSTLS="yes"
-- ssl_msg="rustls"
-- test rustls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
-- ], [], -lpthread -ldl -lm)
-- fi
-+ dnl use pkg-config unless we have been given a path
-+ dnl even then, try pkg-config first
-
-- if test "x$USE_RUSTLS" != "xyes"; then
-- dnl add the path and test again
-- addld=-L$OPT_RUSTLS/lib$libsuff
-- addcflags=-I$OPT_RUSTLS/include
-- rustlslib=$OPT_RUSTLS/lib$libsuff
-+ case "$OPT_RUSTLS" in
-+ yes)
-+ dnl --with-rustls (without path) used
-+ PKGTEST="yes"
-+ PREFIX_RUSTLS=
-+ ;;
-+ *)
-+ dnl check the provided --with-rustls path
-+ PKGTEST="no"
-+ PREFIX_RUSTLS=$OPT_RUSTLS
-
-- LDFLAGS="$LDFLAGS $addld"
-- if test "$addcflags" != "-I/usr/include"; then
-- CPPFLAGS="$CPPFLAGS $addcflags"
-+ dnl Try pkg-config even when cross-compiling. Since we
-+ dnl specify PKG_CONFIG_LIBDIR we are only looking where
-+ dnl the user told us to look
-+
-+ RUSTLS_PCDIR="$PREFIX_RUSTLS/lib/pkgconfig"
-+ if test -f "$RUSTLS_PCDIR/rustls.pc"; then
-+ AC_MSG_NOTICE([PKG_CONFIG_LIBDIR will be set to "$RUSTLS_PCDIR"])
-+ PKGTEST="yes"
- fi
-
-- AC_CHECK_LIB(rustls, rustls_connection_read,
-- [
-- AC_DEFINE(USE_RUSTLS, 1, [if rustls is enabled])
-- AC_SUBST(USE_RUSTLS, [1])
-- RUSTLS_ENABLED=1
-- USE_RUSTLS="yes"
-- ssl_msg="rustls"
-- test rustls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
-- ],
-- AC_MSG_ERROR([--with-rustls was specified but could not find rustls.]),
-- -lpthread -ldl -lm)
-- fi
-+ if test "$PKGTEST" != "yes"; then
-+ # try lib64 instead
-+ RUSTLS_PCDIR="$PREFIX_RUSTLS/lib64/pkgconfig"
-+ if test -f "$RUSTLS_PCDIR/rustls.pc"; then
-+ AC_MSG_NOTICE([PKG_CONFIG_LIBDIR will be set to "$RUSTLS_PCDIR"])
-+ PKGTEST="yes"
-+ fi
-+ fi
-+
-+ if test "$PKGTEST" != "yes"; then
-+ dnl pkg-config came up empty, use what we got
-+ dnl via --with-rustls
-
-- if test "x$USE_RUSTLS" = "xyes"; then
-- AC_MSG_NOTICE([detected rustls])
-- check_for_ca_bundle=1
--
-- LIBS="-lrustls -lpthread -ldl -lm $LIBS"
--
-- if test -n "$rustlslib"; then
-- dnl when shared libs were found in a path that the run-time
-- dnl linker doesn't search through, we need to add it to
-- dnl CURL_LIBRARY_PATH to prevent further configure tests to fail
-- dnl due to this
-- if test "x$cross_compiling" != "xyes"; then
-- CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$rustlslib"
-- export CURL_LIBRARY_PATH
-- AC_MSG_NOTICE([Added $rustlslib to CURL_LIBRARY_PATH])
-+ addld=-L$PREFIX_RUSTLS/lib$libsuff
-+ addcflags=-I$PREFIX_RUSTLS/include
-+
-+ LDFLAGS="$LDFLAGS $addld"
-+ if test "$addcflags" != "-I/usr/include"; then
-+ CPPFLAGS="$CPPFLAGS $addcflags"
-+ fi
-+
-+ AC_CHECK_LIB(rustls, rustls_connection_read,
-+ [
-+ AC_DEFINE(USE_RUSTLS, 1, [if rustls is enabled])
-+ AC_SUBST(USE_RUSTLS, [1])
-+ RUSTLS_ENABLED=1
-+ USE_RUSTLS="yes"
-+ ssl_msg="rustls"
-+ test rustls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
-+ ],
-+ AC_MSG_ERROR([--with-rustls was specified but could not find rustls.]),
-+ -lpthread -ldl -lm)
-+
-+ USE_RUSTLS="yes"
-+ ssl_msg="rustls"
-+
-+ LIB_RUSTLS="$PREFIX_RUSTLS/lib$libsuff"
-+ if test "$PREFIX_RUSTLS" != "/usr" ; then
-+ SSL_LDFLAGS="-L$LIB_RUSTLS"
-+ SSL_CPPFLAGS="-I$PREFIX_RUSTLS/include"
- fi
- fi
-+ ;;
-+ esac
-+
-+ if test "$PKGTEST" = "yes"; then
-+
-+ CURL_CHECK_PKGCONFIG(rustls, [$RUSTLS_PCDIR])
-+
-+ if test "$PKGCONFIG" != "no" ; then
-+ SSL_LIBS=`CURL_EXPORT_PCDIR([$RUSTLS_PCDIR]) dnl
-+ $PKGCONFIG --libs-only-l --libs-only-other rustls 2>/dev/null`
-+
-+ SSL_LDFLAGS=`CURL_EXPORT_PCDIR([$RUSTLS_PCDIR]) dnl
-+ $PKGCONFIG --libs-only-L rustls 2>/dev/null`
-+
-+ SSL_CPPFLAGS=`CURL_EXPORT_PCDIR([$RUSTLS_PCDIR]) dnl
-+ $PKGCONFIG --cflags-only-I rustls 2>/dev/null`
-+
-+ AC_SUBST(SSL_LIBS)
-+ AC_MSG_NOTICE([pkg-config: SSL_LIBS: "$SSL_LIBS"])
-+ AC_MSG_NOTICE([pkg-config: SSL_LDFLAGS: "$SSL_LDFLAGS"])
-+ AC_MSG_NOTICE([pkg-config: SSL_CPPFLAGS: "$SSL_CPPFLAGS"])
-+
-+ LIB_RUSTLS=`echo $SSL_LDFLAGS | sed -e 's/^-L//'`
-+
-+ dnl use the values pkg-config reported. This is here
-+ dnl instead of below with CPPFLAGS and LDFLAGS because we only
-+ dnl learn about this via pkg-config. If we only have
-+ dnl the argument to --with-rustls we don't know what
-+ dnl additional libs may be necessary. Hope that we
-+ dnl don't need any.
-+ LIBS="$SSL_LIBS $LIBS"
-+ USE_RUSTLS="yes"
-+ ssl_msg="rustls"
-+ AC_DEFINE(USE_RUSTLS, 1, [if rustls is enabled])
-+ AC_SUBST(USE_RUSTLS, [1])
-+ RUSTLS_ENABLED=1
-+ test rustls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
-+ else
-+ AC_MSG_ERROR([pkg-config: Could not find rustls])
- fi
-
-- fi dnl rustls not disabled
-+ else
-+ dnl we did not use pkg-config, so we need to add the
-+ dnl rustls lib to LIBS
-+ LIBS="-lrustls -lpthread -ldl -lm $LIBS"
-+ fi
-+
-+ dnl finally, set flags to use this TLS backend
-+ CPPFLAGS="$CLEAN_CPPFLAGS $SSL_CPPFLAGS"
-+ LDFLAGS="$CLAN_LDFLAGS $SSL_LDFLAGS"
-+
-+ if test "x$USE_RUSTLS" = "xyes"; then
-+ AC_MSG_NOTICE([detected rustls])
-+ check_for_ca_bundle=1
-+
-+ if test -n "$LIB_RUSTLS"; then
-+ dnl when shared libs were found in a path that the run-time
-+ dnl linker does not search through, we need to add it to
-+ dnl CURL_LIBRARY_PATH so that further configure tests do not
-+ dnl fail due to this
-+ if test "x$cross_compiling" != "xyes"; then
-+ CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$LIB_RUSTLS"
-+ export CURL_LIBRARY_PATH
-+ AC_MSG_NOTICE([Added $LIB_RUSTLS to CURL_LIBRARY_PATH])
-+ fi
-+ fi
-+ fi
-
- test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
-+
-+ if test X"$OPT_RUSTLS" != Xno &&
-+ test "$RUSTLS_ENABLED" != "1"; then
-+ AC_MSG_NOTICE([OPT_RUSTLS: $OPT_RUSTLS])
-+ AC_MSG_NOTICE([RUSTLS_ENABLED: $RUSTLS_ENABLED])
-+ AC_MSG_ERROR([--with-rustls was given but Rustls could not be detected])
-+ fi
- fi
- ])
-+
-+
-+RUSTLS_ENABLED
---
-2.44.0
diff --git a/net-misc/curl/files/curl-8.7.1-fix-pkgconfig-macros.patch b/net-misc/curl/files/curl-8.7.1-fix-pkgconfig-macros.patch
deleted file mode 100644
index 91aed9582521..000000000000
--- a/net-misc/curl/files/curl-8.7.1-fix-pkgconfig-macros.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-https://github.com/curl/curl/pull/13202
-From: Matt Jolly <kangie@gentoo.org>
-Date: Wed, 27 Mar 2024 22:52:26 +1000
-Subject: [PATCH] m4: fix rustls pkg-config codepath
-
-The previous pkg-config code would successfully detect rustls
-but did not set all appropriate variables and call the right macros to
-properly configure cURL.
-
-Closes: #13200
---- a/m4/curl-rustls.m4
-+++ b/m4/curl-rustls.m4
-@@ -142,6 +142,10 @@ if test "x$OPT_RUSTLS" != xno; then
- LIBS="$SSL_LIBS $LIBS"
- USE_RUSTLS="yes"
- ssl_msg="rustls"
-+ AC_DEFINE(USE_RUSTLS, 1, [if rustls is enabled])
-+ AC_SUBST(USE_RUSTLS, [1])
-+ RUSTLS_ENABLED=1
-+ test rustls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
- else
- AC_MSG_ERROR([pkg-config: Could not find rustls])
- fi
-@@ -174,5 +178,15 @@ if test "x$OPT_RUSTLS" != xno; then
- fi
-
- test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
-+
-+ if test X"$OPT_RUSTLS" != Xno &&
-+ test "$RUSTLS_ENABLED" != "1"; then
-+ AC_MSG_NOTICE([OPT_RUSTLS: $OPT_RUSTLS])
-+ AC_MSG_NOTICE([RUSTLS_ENABLED: $RUSTLS_ENABLED])
-+ AC_MSG_ERROR([--with-rustls was given but Rustls could not be detected])
-+ fi
- fi
- ])
-+
-+
-+RUSTLS_ENABLED
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/curl/, net-misc/curl/files/
@ 2024-04-20 4:04 Matt Jolly
0 siblings, 0 replies; 30+ messages in thread
From: Matt Jolly @ 2024-04-20 4:04 UTC (permalink / raw
To: gentoo-commits
commit: 6c9477001d99393a7fc4f610d0ef25a4fef0ce60
Author: Matt Jolly <kangie <AT> gentoo <DOT> org>
AuthorDate: Sat Apr 20 03:51:05 2024 +0000
Commit: Matt Jolly <kangie <AT> gentoo <DOT> org>
CommitDate: Sat Apr 20 04:04:42 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6c947700
net-misc/curl: add 8.7.1-r2
Closes: https://bugs.gentoo.org/930194
Signed-off-by: Matt Jolly <kangie <AT> gentoo.org>
.../{curl-8.7.1-r1.ebuild => curl-8.7.1-r2.ebuild} | 0
net-misc/curl/files/curl-8.7.1-chunked-post.patch | 57 ++++++++
.../files/curl-8.7.1-fix-compress-option.patch | 153 +++++++++++++++++++++
3 files changed, 210 insertions(+)
diff --git a/net-misc/curl/curl-8.7.1-r1.ebuild b/net-misc/curl/curl-8.7.1-r2.ebuild
similarity index 100%
rename from net-misc/curl/curl-8.7.1-r1.ebuild
rename to net-misc/curl/curl-8.7.1-r2.ebuild
diff --git a/net-misc/curl/files/curl-8.7.1-chunked-post.patch b/net-misc/curl/files/curl-8.7.1-chunked-post.patch
new file mode 100644
index 000000000000..9d1fef73d383
--- /dev/null
+++ b/net-misc/curl/files/curl-8.7.1-chunked-post.patch
@@ -0,0 +1,57 @@
+https://github.com/curl/curl/commit/721941aadf4adf4f6aeb3f4c0ab489bb89610c36
+From: Stefan Eissing <stefan@eissing.org>
+Date: Mon, 1 Apr 2024 15:41:18 +0200
+Subject: [PATCH] http: with chunked POST forced, disable length check on read
+ callback
+
+- when an application forces HTTP/1.1 chunked transfer encoding
+ by setting the corresponding header and instructs curl to use
+ the CURLOPT_READFUNCTION, disregard any POST length information.
+- this establishes backward compatibility with previous curl versions
+
+Applications are encouraged to not force "chunked", but rather
+set length information for a POST. By setting -1, curl will
+auto-select chunked on HTTP/1.1 and work properly on other HTTP
+versions.
+
+Reported-by: Jeff King
+Fixes #13229
+Closes #13257
+--- a/lib/http.c
++++ b/lib/http.c
+@@ -2046,8 +2046,19 @@ static CURLcode set_reader(struct Curl_easy *data, Curl_HttpReq httpreq)
+ else
+ result = Curl_creader_set_null(data);
+ }
+- else { /* we read the bytes from the callback */
+- result = Curl_creader_set_fread(data, postsize);
++ else {
++ /* we read the bytes from the callback. In case "chunked" encoding
++ * is forced by the application, we disregard `postsize`. This is
++ * a backward compatibility decision to earlier versions where
++ * chunking disregarded this. See issue #13229. */
++ bool chunked = FALSE;
++ char *ptr = Curl_checkheaders(data, STRCONST("Transfer-Encoding"));
++ if(ptr) {
++ /* Some kind of TE is requested, check if 'chunked' is chosen */
++ chunked = Curl_compareheader(ptr, STRCONST("Transfer-Encoding:"),
++ STRCONST("chunked"));
++ }
++ result = Curl_creader_set_fread(data, chunked? -1 : postsize);
+ }
+ return result;
+
+@@ -2115,6 +2126,13 @@ CURLcode Curl_http_req_set_reader(struct Curl_easy *data,
+ data->req.upload_chunky =
+ Curl_compareheader(ptr,
+ STRCONST("Transfer-Encoding:"), STRCONST("chunked"));
++ if(data->req.upload_chunky &&
++ Curl_use_http_1_1plus(data, data->conn) &&
++ (data->conn->httpversion >= 20)) {
++ infof(data, "suppressing chunked transfer encoding on connection "
++ "using HTTP version 2 or higher");
++ data->req.upload_chunky = FALSE;
++ }
+ }
+ else {
+ curl_off_t req_clen = Curl_creader_total_length(data);
diff --git a/net-misc/curl/files/curl-8.7.1-fix-compress-option.patch b/net-misc/curl/files/curl-8.7.1-fix-compress-option.patch
new file mode 100644
index 000000000000..a06a53729533
--- /dev/null
+++ b/net-misc/curl/files/curl-8.7.1-fix-compress-option.patch
@@ -0,0 +1,153 @@
+https://github.com/curl/curl/commit/b30d694a027eb771c02a3db0dee0ca03ccab7377
+From: Stefan Eissing <stefan@eissing.org>
+Date: Thu, 28 Mar 2024 11:08:15 +0100
+Subject: [PATCH] content_encoding: brotli and others, pass through 0-length
+ writes
+
+- curl's transfer handling may write 0-length chunks at the end of the
+ download with an EOS flag. (HTTP/2 does this commonly)
+
+- content encoders need to pass-through such a write and not count this
+ as error in case they are finished decoding
+
+Fixes #13209
+Fixes #13212
+Closes #13219
+--- a/lib/content_encoding.c
++++ b/lib/content_encoding.c
+@@ -300,7 +300,7 @@ static CURLcode deflate_do_write(struct Curl_easy *data,
+ struct zlib_writer *zp = (struct zlib_writer *) writer;
+ z_stream *z = &zp->z; /* zlib state structure */
+
+- if(!(type & CLIENTWRITE_BODY))
++ if(!(type & CLIENTWRITE_BODY) || !nbytes)
+ return Curl_cwriter_write(data, writer->next, type, buf, nbytes);
+
+ /* Set the compressed input when this function is called */
+@@ -457,7 +457,7 @@ static CURLcode gzip_do_write(struct Curl_easy *data,
+ struct zlib_writer *zp = (struct zlib_writer *) writer;
+ z_stream *z = &zp->z; /* zlib state structure */
+
+- if(!(type & CLIENTWRITE_BODY))
++ if(!(type & CLIENTWRITE_BODY) || !nbytes)
+ return Curl_cwriter_write(data, writer->next, type, buf, nbytes);
+
+ if(zp->zlib_init == ZLIB_INIT_GZIP) {
+@@ -669,7 +669,7 @@ static CURLcode brotli_do_write(struct Curl_easy *data,
+ CURLcode result = CURLE_OK;
+ BrotliDecoderResult r = BROTLI_DECODER_RESULT_NEEDS_MORE_OUTPUT;
+
+- if(!(type & CLIENTWRITE_BODY))
++ if(!(type & CLIENTWRITE_BODY) || !nbytes)
+ return Curl_cwriter_write(data, writer->next, type, buf, nbytes);
+
+ if(!bp->br)
+@@ -762,7 +762,7 @@ static CURLcode zstd_do_write(struct Curl_easy *data,
+ ZSTD_outBuffer out;
+ size_t errorCode;
+
+- if(!(type & CLIENTWRITE_BODY))
++ if(!(type & CLIENTWRITE_BODY) || !nbytes)
+ return Curl_cwriter_write(data, writer->next, type, buf, nbytes);
+
+ if(!zp->decomp) {
+@@ -916,7 +916,7 @@ static CURLcode error_do_write(struct Curl_easy *data,
+ (void) buf;
+ (void) nbytes;
+
+- if(!(type & CLIENTWRITE_BODY))
++ if(!(type & CLIENTWRITE_BODY) || !nbytes)
+ return Curl_cwriter_write(data, writer->next, type, buf, nbytes);
+
+ failf(data, "Unrecognized content encoding type. "
+--- a/tests/http/test_02_download.py
++++ b/tests/http/test_02_download.py
+@@ -394,6 +394,19 @@ def test_02_27_paused_no_cl(self, env: Env, httpd, nghttpx, repeat):
+ r = client.run(args=[url])
+ r.check_exit_code(0)
+
++ @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])
++ def test_02_28_get_compressed(self, env: Env, httpd, nghttpx, repeat, proto):
++ if proto == 'h3' and not env.have_h3():
++ pytest.skip("h3 not supported")
++ count = 1
++ urln = f'https://{env.authority_for(env.domain1brotli, proto)}/data-100k?[0-{count-1}]'
++ curl = CurlClient(env=env)
++ r = curl.http_download(urls=[urln], alpn_proto=proto, extra_args=[
++ '--compressed'
++ ])
++ r.check_exit_code(code=0)
++ r.check_response(count=count, http_status=200)
++
+ def check_downloads(self, client, srcfile: str, count: int,
+ complete: bool = True):
+ for i in range(count):
+--- a/tests/http/testenv/env.py
++++ b/tests/http/testenv/env.py
+@@ -129,10 +129,11 @@ def __init__(self):
+ self.htdocs_dir = os.path.join(self.gen_dir, 'htdocs')
+ self.tld = 'http.curl.se'
+ self.domain1 = f"one.{self.tld}"
++ self.domain1brotli = f"brotli.one.{self.tld}"
+ self.domain2 = f"two.{self.tld}"
+ self.proxy_domain = f"proxy.{self.tld}"
+ self.cert_specs = [
+- CertificateSpec(domains=[self.domain1, 'localhost'], key_type='rsa2048'),
++ CertificateSpec(domains=[self.domain1, self.domain1brotli, 'localhost'], key_type='rsa2048'),
+ CertificateSpec(domains=[self.domain2], key_type='rsa2048'),
+ CertificateSpec(domains=[self.proxy_domain, '127.0.0.1'], key_type='rsa2048'),
+ CertificateSpec(name="clientsX", sub_specs=[
+@@ -376,6 +377,10 @@ def htdocs_dir(self) -> str:
+ def domain1(self) -> str:
+ return self.CONFIG.domain1
+
++ @property
++ def domain1brotli(self) -> str:
++ return self.CONFIG.domain1brotli
++
+ @property
+ def domain2(self) -> str:
+ return self.CONFIG.domain2
+--- a/tests/http/testenv/httpd.py
++++ b/tests/http/testenv/httpd.py
+@@ -50,6 +50,7 @@ class Httpd:
+ 'alias', 'env', 'filter', 'headers', 'mime', 'setenvif',
+ 'socache_shmcb',
+ 'rewrite', 'http2', 'ssl', 'proxy', 'proxy_http', 'proxy_connect',
++ 'brotli',
+ 'mpm_event',
+ ]
+ COMMON_MODULES_DIRS = [
+@@ -203,6 +204,7 @@ def _mkpath(self, path):
+
+ def _write_config(self):
+ domain1 = self.env.domain1
++ domain1brotli = self.env.domain1brotli
+ creds1 = self.env.get_credentials(domain1)
+ domain2 = self.env.domain2
+ creds2 = self.env.get_credentials(domain2)
+@@ -285,6 +287,24 @@ def _write_config(self):
+ f'</VirtualHost>',
+ f'',
+ ])
++ # Alternate to domain1 with BROTLI compression
++ conf.extend([ # https host for domain1, h1 + h2
++ f'<VirtualHost *:{self.env.https_port}>',
++ f' ServerName {domain1brotli}',
++ f' Protocols h2 http/1.1',
++ f' SSLEngine on',
++ f' SSLCertificateFile {creds1.cert_file}',
++ f' SSLCertificateKeyFile {creds1.pkey_file}',
++ f' DocumentRoot "{self._docs_dir}"',
++ f' SetOutputFilter BROTLI_COMPRESS',
++ ])
++ conf.extend(self._curltest_conf(domain1))
++ if domain1 in self._extra_configs:
++ conf.extend(self._extra_configs[domain1])
++ conf.extend([
++ f'</VirtualHost>',
++ f'',
++ ])
+ conf.extend([ # https host for domain2, no h2
+ f'<VirtualHost *:{self.env.https_port}>',
+ f' ServerName {domain2}',
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/curl/, net-misc/curl/files/
@ 2024-04-26 13:37 Sam James
0 siblings, 0 replies; 30+ messages in thread
From: Sam James @ 2024-04-26 13:37 UTC (permalink / raw
To: gentoo-commits
commit: 9e15b31fe250cf83eda813789cfc371a22dfb50f
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Apr 26 13:35:58 2024 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Apr 26 13:36:55 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9e15b31f
net-misc/curl: backport fix for hanging git clone over HTTP2
Thank you to Stefan for giving us a bespoke backport, as the original
fix didn't apply cleanly to 8.7.1.
Bug: https://github.com/curl/curl/issues/13474
Closes: https://bugs.gentoo.org/930633
Thanks-to: Stefan Eissing <stefan <AT> eissing.org>
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-misc/curl/curl-8.7.1-r4.ebuild | 369 +++++++++++++++++++++
.../curl/files/curl-8.7.1-http2-git-clone.patch | 342 +++++++++++++++++++
2 files changed, 711 insertions(+)
diff --git a/net-misc/curl/curl-8.7.1-r4.ebuild b/net-misc/curl/curl-8.7.1-r4.ebuild
new file mode 100644
index 000000000000..b09790862f8d
--- /dev/null
+++ b/net-misc/curl/curl-8.7.1-r4.ebuild
@@ -0,0 +1,369 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/danielstenberg.asc
+inherit autotools multilib-minimal multiprocessing prefix toolchain-funcs verify-sig
+
+DESCRIPTION="A Client that groks URLs"
+HOMEPAGE="https://curl.se/"
+
+if [[ ${PV} == 9999 ]]; then
+ inherit git-r3
+ EGIT_REPO_URI="https://github.com/curl/curl.git"
+else
+ SRC_URI="
+ https://curl.se/download/${P}.tar.xz
+ verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )
+ "
+ KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+fi
+
+LICENSE="BSD curl ISC test? ( BSD-4 )"
+SLOT="0"
+IUSE="+adns +alt-svc brotli +ftp gnutls gopher +hsts +http2 idn +imap kerberos ldap mbedtls nghttp3 +openssl +pop3"
+IUSE+=" +psl +progress-meter rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd"
+# These select the default SSL implementation
+IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls"
+RESTRICT="!test? ( test )"
+
+# Only one default ssl provider can be enabled
+# The default ssl provider needs its USE satisfied
+# nghttp3 = https://bugs.gentoo.org/912029
+REQUIRED_USE="
+ ssl? (
+ ^^ (
+ curl_ssl_gnutls
+ curl_ssl_mbedtls
+ curl_ssl_openssl
+ curl_ssl_rustls
+ )
+ )
+ curl_ssl_gnutls? ( gnutls )
+ curl_ssl_mbedtls? ( mbedtls )
+ curl_ssl_openssl? ( openssl )
+ curl_ssl_rustls? ( rustls )
+ nghttp3? (
+ !openssl
+ alt-svc )
+"
+
+# cURL's docs and CI/CD are great resources for confirming supported versions
+# particulary for fast-moving targets like HTTP/2 and TCP/2 e.g.:
+# - https://github.com/curl/curl/blob/master/docs/INTERNALS.md (core dependencies + minimum versions)
+# - https://github.com/curl/curl/blob/master/docs/HTTP3.md (example of a feature that moves quickly)
+# - https://github.com/curl/curl/blob/master/.github/workflows/quiche-linux.yml (CI/CD for TCP/2)
+# However 'supported' vs 'works' are two entirely different things; be sane but
+# don't be afraid to require a later version.
+
+RDEPEND="
+ >=sys-libs/zlib-1.1.4[${MULTILIB_USEDEP}]
+ adns? ( net-dns/c-ares:=[${MULTILIB_USEDEP}] )
+ brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
+ http2? ( >=net-libs/nghttp2-1.12.0:=[${MULTILIB_USEDEP}] )
+ idn? ( net-dns/libidn2:=[static-libs?,${MULTILIB_USEDEP}] )
+ kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
+ ldap? ( >=net-nds/openldap-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
+ nghttp3? (
+ >=net-libs/nghttp3-0.15.0[${MULTILIB_USEDEP}]
+ >=net-libs/ngtcp2-0.19.1[gnutls,ssl,-openssl,${MULTILIB_USEDEP}]
+ )
+ psl? ( net-libs/libpsl[${MULTILIB_USEDEP}] )
+ rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
+ ssh? ( >=net-libs/libssh2-1.0.0[${MULTILIB_USEDEP}] )
+ ssl? (
+ gnutls? (
+ app-misc/ca-certificates
+ >=net-libs/gnutls-3.1.10:=[static-libs?,${MULTILIB_USEDEP}]
+ dev-libs/nettle:=[${MULTILIB_USEDEP}]
+ )
+ mbedtls? (
+ app-misc/ca-certificates
+ net-libs/mbedtls:=[${MULTILIB_USEDEP}]
+ )
+ openssl? (
+ >=dev-libs/openssl-0.9.7:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
+ )
+ rustls? ( >=net-libs/rustls-ffi-0.12.1:=[${MULTILIB_USEDEP}]
+ <net-libs/rustls-ffi-0.13.0:=[${MULTILIB_USEDEP}]
+ )
+ )
+ zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )
+"
+
+DEPEND="${RDEPEND}"
+
+BDEPEND="
+ dev-lang/perl
+ virtual/pkgconfig
+ test? (
+ sys-apps/diffutils
+ http2? ( >=net-libs/nghttp2-1.15.0:=[utils,${MULTILIB_USEDEP}] )
+ nghttp3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] )
+ )
+ verify-sig? ( sec-keys/openpgp-keys-danielstenberg )
+"
+
+DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
+
+MULTILIB_WRAPPED_HEADERS=(
+ /usr/include/curl/curlbuild.h
+)
+
+MULTILIB_CHOST_TOOLS=(
+ /usr/bin/curl-config
+)
+
+QA_CONFIG_IMPL_DECL_SKIP=(
+ __builtin_available
+ closesocket
+ CloseSocket
+ getpass_r
+ ioctlsocket
+ IoctlSocket
+ mach_absolute_time
+ setmode
+ _fseeki64
+)
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-prefix.patch
+ "${FILESDIR}"/${PN}-respect-cflags-3.patch
+ "${FILESDIR}"/${PN}-8.7.1-rustls-fixes.patch
+ "${FILESDIR}"/${P}-chunked-post.patch
+ "${FILESDIR}"/${P}-fix-compress-option.patch
+ "${FILESDIR}"/${P}-http2-git-clone.patch
+)
+
+src_prepare() {
+ default
+
+ eprefixify curl-config.in
+ eautoreconf
+}
+
+multilib_src_configure() {
+ # We make use of the fact that later flags override earlier ones
+ # So start with all ssl providers off until proven otherwise
+ # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
+ local myconf=()
+
+ myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
+ if use ssl; then
+ myconf+=( --without-gnutls --without-mbedtls --without-rustls )
+
+ if use gnutls; then
+ multilib_is_native_abi && einfo "SSL provided by gnutls"
+ myconf+=( --with-gnutls )
+ fi
+ if use mbedtls; then
+ multilib_is_native_abi && einfo "SSL provided by mbedtls"
+ myconf+=( --with-mbedtls )
+ fi
+ if use openssl; then
+ multilib_is_native_abi && einfo "SSL provided by openssl"
+ myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
+ fi
+ if use rustls; then
+ multilib_is_native_abi && einfo "SSL provided by rustls"
+ myconf+=( --with-rustls )
+ fi
+ if use curl_ssl_gnutls; then
+ multilib_is_native_abi && einfo "Default SSL provided by gnutls"
+ myconf+=( --with-default-ssl-backend=gnutls )
+ elif use curl_ssl_mbedtls; then
+ multilib_is_native_abi && einfo "Default SSL provided by mbedtls"
+ myconf+=( --with-default-ssl-backend=mbedtls )
+ elif use curl_ssl_openssl; then
+ multilib_is_native_abi && einfo "Default SSL provided by openssl"
+ myconf+=( --with-default-ssl-backend=openssl )
+ elif use curl_ssl_rustls; then
+ multilib_is_native_abi && einfo "Default SSL provided by rustls"
+ myconf+=( --with-default-ssl-backend=rustls )
+ else
+ eerror "We can't be here because of REQUIRED_USE."
+ die "Please file a bug, hit impossible condition w/ USE=ssl handling."
+ fi
+
+ else
+ myconf+=( --without-ssl )
+ einfo "SSL disabled"
+ fi
+
+ # These configuration options are organized alphabetically
+ # within each category. This should make it easier if we
+ # ever decide to make any of them contingent on USE flags:
+ # 1) protocols first. To see them all do
+ # 'grep SUPPORT_PROTOCOLS configure.ac'
+ # 2) --enable/disable options second.
+ # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
+ # 3) --with/without options third.
+ # grep -- --with configure | grep Check | awk '{ print $4 }' | sort
+
+ myconf+=(
+ $(use_enable alt-svc)
+ --enable-basic-auth
+ --enable-bearer-auth
+ --enable-digest-auth
+ --enable-kerberos-auth
+ --enable-negotiate-auth
+ --enable-aws
+ --enable-dict
+ --disable-ech
+ --enable-file
+ $(use_enable ftp)
+ $(use_enable gopher)
+ $(use_enable hsts)
+ --enable-http
+ $(use_enable imap)
+ $(use_enable ldap)
+ $(use_enable ldap ldaps)
+ --enable-ntlm
+ --disable-ntlm-wb
+ $(use_enable pop3)
+ --enable-rt
+ --enable-rtsp
+ $(use_enable samba smb)
+ $(use_with ssh libssh2)
+ $(use_enable smtp)
+ $(use_enable telnet)
+ $(use_enable tftp)
+ --enable-tls-srp
+ $(use_enable adns ares)
+ --enable-cookies
+ --enable-dateparse
+ --enable-dnsshuffle
+ --enable-doh
+ --enable-symbol-hiding
+ --enable-http-auth
+ --enable-ipv6
+ --enable-largefile
+ --enable-manual
+ --enable-mime
+ --enable-netrc
+ $(use_enable progress-meter)
+ --enable-proxy
+ --enable-socketpair
+ --disable-sspi
+ $(use_enable static-libs static)
+ --enable-pthreads
+ --enable-threaded-resolver
+ --disable-versioned-symbols
+ --without-amissl
+ --without-bearssl
+ $(use_with brotli)
+ --with-fish-functions-dir="${EPREFIX}"/usr/share/fish/vendor_completions.d
+ $(use_with http2 nghttp2)
+ --without-hyper
+ $(use_with idn libidn2)
+ $(use_with kerberos gssapi "${EPREFIX}"/usr)
+ --without-libgsasl
+ $(use_with psl libpsl)
+ --without-msh3
+ $(use_with nghttp3)
+ $(use_with nghttp3 ngtcp2)
+ --without-quiche
+ $(use_with rtmp librtmp)
+ --without-schannel
+ --without-secure-transport
+ --without-test-caddy
+ --without-test-httpd
+ --without-test-nghttpx
+ $(use_enable websockets)
+ --without-winidn
+ --without-wolfssl
+ --with-zlib
+ $(use_with zstd)
+ --with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions
+ )
+
+ if use test && multilib_is_native_abi && ( use http2 || use nghttp3 ); then
+ myconf+=(
+ --with-test-nghttpx="${BROOT}/usr/bin/nghttpx"
+ )
+ fi
+
+ if [[ ${CHOST} == *mingw* ]] ; then
+ myconf+=(
+ --disable-pthreads
+ )
+ fi
+
+ ECONF_SOURCE="${S}" econf "${myconf[@]}"
+
+ if ! multilib_is_native_abi; then
+ # Avoid building the client (we just want libcurl for multilib)
+ sed -i -e '/SUBDIRS/s:src::' Makefile || die
+ sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
+ fi
+
+ # Fix up the pkg-config file to be more robust.
+ # https://github.com/curl/curl/issues/864
+ local priv=() libs=()
+ # We always enable zlib.
+ libs+=( "-lz" )
+ priv+=( "zlib" )
+ if use http2; then
+ libs+=( "-lnghttp2" )
+ priv+=( "libnghttp2" )
+ fi
+ if use nghttp3; then
+ libs+=( "-lnghttp3" "-lngtcp2" )
+ priv+=( "libnghttp3" "libngtcp2" )
+ fi
+ if use ssl && use curl_ssl_openssl; then
+ libs+=( "-lssl" "-lcrypto" )
+ priv+=( "openssl" )
+ fi
+ grep -q Requires.private libcurl.pc && die "need to update ebuild"
+ libs=$(printf '|%s' "${libs[@]}")
+ sed -i -r \
+ -e "/^Libs.private/s:(${libs#|})( |$)::g" \
+ libcurl.pc || die
+ echo "Requires.private: ${priv[*]}" >> libcurl.pc || die
+}
+
+multilib_src_compile() {
+ default
+
+ if multilib_is_native_abi; then
+ # Shell completions
+ ! tc-is-cross-compiler && emake -C scripts
+ fi
+}
+
+# There is also a pytest harness that tests for bugs in some very specific
+# situations; we can rely on upstream for this rather than adding additional test deps.
+multilib_src_test() {
+ # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
+ # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
+ # -v: verbose
+ # -a: keep going on failure (so we see everything which breaks, not just 1st test)
+ # -k: keep test files after completion
+ # -am: automake style TAP output
+ # -p: print logs if test fails
+ # Note: if needed, we can skip specific tests. See e.g. Fedora's packaging
+ # or just read https://github.com/curl/curl/tree/master/tests#run.
+ # Note: we don't run the testsuite for cross-compilation.
+ # Upstream recommend 7*nproc as a starting point for parallel tests, but
+ # this ends up breaking when nproc is huge (like -j80).
+ # The network sandbox causes tests 241 and 1083 to fail; these are typically skipped
+ # as most gentoo users don't have an 'ip6-localhost'
+ multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p -j$((2*$(makeopts_jobs))) !241 !1083"
+}
+
+multilib_src_install() {
+ emake DESTDIR="${D}" install
+
+ if multilib_is_native_abi; then
+ # Shell completions
+ ! tc-is-cross-compiler && emake -C scripts DESTDIR="${D}" install
+ fi
+}
+
+multilib_src_install_all() {
+ einstalldocs
+ find "${ED}" -type f -name '*.la' -delete || die
+ rm -rf "${ED}"/etc/ || die
+}
diff --git a/net-misc/curl/files/curl-8.7.1-http2-git-clone.patch b/net-misc/curl/files/curl-8.7.1-http2-git-clone.patch
new file mode 100644
index 000000000000..b07a3b0a8817
--- /dev/null
+++ b/net-misc/curl/files/curl-8.7.1-http2-git-clone.patch
@@ -0,0 +1,342 @@
+https://bugs.gentoo.org/930633
+https://github.com/curl/curl/issues/13474
+--- a/lib/http2.c
++++ b/lib/http2.c
+@@ -187,6 +187,7 @@ struct h2_stream_ctx {
+
+ int status_code; /* HTTP response status code */
+ uint32_t error; /* stream error code */
++ CURLcode xfer_result; /* Result of writing out response */
+ uint32_t local_window_size; /* the local recv window size */
+ int32_t id; /* HTTP/2 protocol identifier for stream */
+ BIT(resp_hds_complete); /* we have a complete, final response */
+@@ -945,12 +946,39 @@ fail:
+ return rv;
+ }
+
+-static CURLcode recvbuf_write_hds(struct Curl_cfilter *cf,
++static void h2_xfer_write_resp_hd(struct Curl_cfilter *cf,
+ struct Curl_easy *data,
+- const char *buf, size_t blen)
++ struct h2_stream_ctx *stream,
++ const char *buf, size_t blen, bool eos)
+ {
+- (void)cf;
+- return Curl_xfer_write_resp(data, (char *)buf, blen, FALSE);
++
++ /* If we already encountered an error, skip further writes */
++ if(!stream->xfer_result) {
++ stream->xfer_result = Curl_xfer_write_resp(data, (char *)buf, blen, eos);
++ if(stream->xfer_result)
++ CURL_TRC_CF(data, cf, "[%d] error %d writing %zu bytes of headers",
++ stream->id, stream->xfer_result, blen);
++ }
++}
++
++static void h2_xfer_write_resp(struct Curl_cfilter *cf,
++ struct Curl_easy *data,
++ struct h2_stream_ctx *stream,
++ const char *buf, size_t blen, bool eos)
++{
++
++ /* If we already encountered an error, skip further writes */
++ if(!stream->xfer_result)
++ stream->xfer_result = Curl_xfer_write_resp(data, (char *)buf, blen, eos);
++ /* If the transfer write is errored, we do not want any more data */
++ if(stream->xfer_result) {
++ struct cf_h2_ctx *ctx = cf->ctx;
++ CURL_TRC_CF(data, cf, "[%d] error %d writing %zu bytes of data, "
++ "RST-ing stream",
++ stream->id, stream->xfer_result, blen);
++ nghttp2_submit_rst_stream(ctx->h2, 0, stream->id,
++ NGHTTP2_ERR_CALLBACK_FAILURE);
++ }
+ }
+
+ static CURLcode on_stream_frame(struct Curl_cfilter *cf,
+@@ -960,7 +988,6 @@ static CURLcode on_stream_frame(struct Curl_cfilter *cf,
+ struct cf_h2_ctx *ctx = cf->ctx;
+ struct h2_stream_ctx *stream = H2_STREAM_CTX(data);
+ int32_t stream_id = frame->hd.stream_id;
+- CURLcode result;
+ int rv;
+
+ if(!stream) {
+@@ -1008,9 +1035,7 @@ static CURLcode on_stream_frame(struct Curl_cfilter *cf,
+ stream->status_code = -1;
+ }
+
+- result = recvbuf_write_hds(cf, data, STRCONST("\r\n"));
+- if(result)
+- return result;
++ h2_xfer_write_resp_hd(cf, data, stream, STRCONST("\r\n"), stream->closed);
+
+ if(stream->status_code / 100 != 1) {
+ stream->resp_hds_complete = TRUE;
+@@ -1229,7 +1254,6 @@ static int on_data_chunk_recv(nghttp2_session *session, uint8_t flags,
+ struct cf_h2_ctx *ctx = cf->ctx;
+ struct h2_stream_ctx *stream;
+ struct Curl_easy *data_s;
+- CURLcode result;
+ (void)flags;
+
+ DEBUGASSERT(stream_id); /* should never be a zero stream ID here */
+@@ -1252,9 +1276,7 @@ static int on_data_chunk_recv(nghttp2_session *session, uint8_t flags,
+ if(!stream)
+ return NGHTTP2_ERR_CALLBACK_FAILURE;
+
+- result = Curl_xfer_write_resp(data_s, (char *)mem, len, FALSE);
+- if(result && result != CURLE_AGAIN)
+- return NGHTTP2_ERR_CALLBACK_FAILURE;
++ h2_xfer_write_resp(cf, data_s, stream, (char *)mem, len, FALSE);
+
+ nghttp2_session_consume(ctx->h2, stream_id, len);
+ stream->nrcvd_data += (curl_off_t)len;
+@@ -1465,16 +1487,12 @@ static int on_header(nghttp2_session *session, const nghttp2_frame *frame,
+ result = Curl_headers_push(data_s, buffer, CURLH_PSEUDO);
+ if(result)
+ return NGHTTP2_ERR_CALLBACK_FAILURE;
+- result = recvbuf_write_hds(cf, data_s, STRCONST("HTTP/2 "));
+- if(result)
+- return NGHTTP2_ERR_CALLBACK_FAILURE;
+- result = recvbuf_write_hds(cf, data_s, (const char *)value, valuelen);
+- if(result)
+- return NGHTTP2_ERR_CALLBACK_FAILURE;
++ h2_xfer_write_resp_hd(cf, data_s, stream, STRCONST("HTTP/2 "), FALSE);
++ h2_xfer_write_resp_hd(cf, data_s, stream,
++ (const char *)value, valuelen, FALSE);
+ /* the space character after the status code is mandatory */
+- result = recvbuf_write_hds(cf, data_s, STRCONST(" \r\n"));
+- if(result)
+- return NGHTTP2_ERR_CALLBACK_FAILURE;
++ h2_xfer_write_resp_hd(cf, data_s, stream, STRCONST(" \r\n"), FALSE);
++
+ /* if we receive data for another handle, wake that up */
+ if(CF_DATA_CURRENT(cf) != data_s)
+ Curl_expire(data_s, 0, EXPIRE_RUN_NOW);
+@@ -1487,18 +1505,13 @@ static int on_header(nghttp2_session *session, const nghttp2_frame *frame,
+ /* nghttp2 guarantees that namelen > 0, and :status was already
+ received, and this is not pseudo-header field . */
+ /* convert to an HTTP1-style header */
+- result = recvbuf_write_hds(cf, data_s, (const char *)name, namelen);
+- if(result)
+- return NGHTTP2_ERR_CALLBACK_FAILURE;
+- result = recvbuf_write_hds(cf, data_s, STRCONST(": "));
+- if(result)
+- return NGHTTP2_ERR_CALLBACK_FAILURE;
+- result = recvbuf_write_hds(cf, data_s, (const char *)value, valuelen);
+- if(result)
+- return NGHTTP2_ERR_CALLBACK_FAILURE;
+- result = recvbuf_write_hds(cf, data_s, STRCONST("\r\n"));
+- if(result)
+- return NGHTTP2_ERR_CALLBACK_FAILURE;
++ h2_xfer_write_resp_hd(cf, data_s, stream,
++ (const char *)name, namelen, FALSE);
++ h2_xfer_write_resp_hd(cf, data_s, stream, STRCONST(": "), FALSE);
++ h2_xfer_write_resp_hd(cf, data_s, stream,
++ (const char *)value, valuelen, FALSE);
++ h2_xfer_write_resp_hd(cf, data_s, stream, STRCONST("\r\n"), FALSE);
++
+ /* if we receive data for another handle, wake that up */
+ if(CF_DATA_CURRENT(cf) != data_s)
+ Curl_expire(data_s, 0, EXPIRE_RUN_NOW);
+@@ -1799,7 +1812,12 @@ static ssize_t stream_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
+
+ (void)buf;
+ *err = CURLE_AGAIN;
+- if(stream->closed) {
++ if(stream->xfer_result) {
++ CURL_TRC_CF(data, cf, "[%d] xfer write failed", stream->id);
++ *err = stream->xfer_result;
++ nread = -1;
++ }
++ else if(stream->closed) {
+ CURL_TRC_CF(data, cf, "[%d] returning CLOSE", stream->id);
+ nread = http2_handle_stream_close(cf, data, stream, err);
+ }
+--- a/lib/vquic/curl_ngtcp2.c
++++ b/lib/vquic/curl_ngtcp2.c
+@@ -152,6 +152,7 @@ struct h3_stream_ctx {
+ uint64_t error3; /* HTTP/3 stream error code */
+ curl_off_t upload_left; /* number of request bytes left to upload */
+ int status_code; /* HTTP status code */
++ CURLcode xfer_result; /* result from xfer_resp_write(_hd) */
+ bool resp_hds_complete; /* we have a complete, final response */
+ bool closed; /* TRUE on stream close */
+ bool reset; /* TRUE on stream reset */
+@@ -759,10 +760,39 @@ static int cb_h3_stream_close(nghttp3_conn *conn, int64_t stream_id,
+ return 0;
+ }
+
+-static CURLcode write_resp_hds(struct Curl_easy *data,
+- const char *buf, size_t blen)
++static void h3_xfer_write_resp_hd(struct Curl_cfilter *cf,
++ struct Curl_easy *data,
++ struct h3_stream_ctx *stream,
++ const char *buf, size_t blen, bool eos)
+ {
+- return Curl_xfer_write_resp(data, (char *)buf, blen, FALSE);
++
++ /* If we already encountered an error, skip further writes */
++ if(!stream->xfer_result) {
++ stream->xfer_result = Curl_xfer_write_resp(data, (char *)buf, blen, eos);
++ if(stream->xfer_result)
++ CURL_TRC_CF(data, cf, "[%"PRId64"] error %d writing %zu "
++ "bytes of headers", stream->id, stream->xfer_result, blen);
++ }
++}
++
++static void h3_xfer_write_resp(struct Curl_cfilter *cf,
++ struct Curl_easy *data,
++ struct h3_stream_ctx *stream,
++ const char *buf, size_t blen, bool eos)
++{
++
++ /* If we already encountered an error, skip further writes */
++ if(!stream->xfer_result)
++ stream->xfer_result = Curl_xfer_write_resp(data, (char *)buf, blen, eos);
++ /* If the transfer write is errored, we do not want any more data */
++ if(stream->xfer_result) {
++ struct cf_ngtcp2_ctx *ctx = cf->ctx;
++ CURL_TRC_CF(data, cf, "[%"PRId64"] error %d writing %zu bytes "
++ "of data, cancelling stream",
++ stream->id, stream->xfer_result, blen);
++ nghttp3_conn_close_stream(ctx->h3conn, stream->id,
++ NGHTTP3_H3_REQUEST_CANCELLED);
++ }
+ }
+
+ static int cb_h3_recv_data(nghttp3_conn *conn, int64_t stream3_id,
+@@ -773,7 +803,6 @@ static int cb_h3_recv_data(nghttp3_conn *conn, int64_t stream3_id,
+ struct cf_ngtcp2_ctx *ctx = cf->ctx;
+ struct Curl_easy *data = stream_user_data;
+ struct h3_stream_ctx *stream = H3_STREAM_CTX(data);
+- CURLcode result;
+
+ (void)conn;
+ (void)stream3_id;
+@@ -781,12 +810,7 @@ static int cb_h3_recv_data(nghttp3_conn *conn, int64_t stream3_id,
+ if(!stream)
+ return NGHTTP3_ERR_CALLBACK_FAILURE;
+
+- result = Curl_xfer_write_resp(data, (char *)buf, blen, FALSE);
+- if(result) {
+- CURL_TRC_CF(data, cf, "[%" PRId64 "] DATA len=%zu, ERROR receiving %d",
+- stream->id, blen, result);
+- return NGHTTP3_ERR_CALLBACK_FAILURE;
+- }
++ h3_xfer_write_resp(cf, data, stream, (char *)buf, blen, FALSE);
+ if(blen) {
+ CURL_TRC_CF(data, cf, "[%" PRId64 "] ACK %zu bytes of DATA",
+ stream->id, blen);
+@@ -819,7 +843,6 @@ static int cb_h3_end_headers(nghttp3_conn *conn, int64_t stream_id,
+ struct Curl_cfilter *cf = user_data;
+ struct Curl_easy *data = stream_user_data;
+ struct h3_stream_ctx *stream = H3_STREAM_CTX(data);
+- CURLcode result = CURLE_OK;
+ (void)conn;
+ (void)stream_id;
+ (void)fin;
+@@ -828,10 +851,7 @@ static int cb_h3_end_headers(nghttp3_conn *conn, int64_t stream_id,
+ if(!stream)
+ return 0;
+ /* add a CRLF only if we've received some headers */
+- result = write_resp_hds(data, "\r\n", 2);
+- if(result) {
+- return -1;
+- }
++ h3_xfer_write_resp_hd(cf, data, stream, STRCONST("\r\n"), stream->closed);
+
+ CURL_TRC_CF(data, cf, "[%" PRId64 "] end_headers, status=%d",
+ stream_id, stream->status_code);
+@@ -874,7 +894,7 @@ static int cb_h3_recv_header(nghttp3_conn *conn, int64_t stream_id,
+ ncopy = msnprintf(line, sizeof(line), "HTTP/3 %03d \r\n",
+ stream->status_code);
+ CURL_TRC_CF(data, cf, "[%" PRId64 "] status: %s", stream_id, line);
+- result = write_resp_hds(data, line, ncopy);
++ h3_xfer_write_resp_hd(cf, data, stream, line, ncopy, FALSE);
+ if(result) {
+ return -1;
+ }
+@@ -884,22 +904,12 @@ static int cb_h3_recv_header(nghttp3_conn *conn, int64_t stream_id,
+ CURL_TRC_CF(data, cf, "[%" PRId64 "] header: %.*s: %.*s",
+ stream_id, (int)h3name.len, h3name.base,
+ (int)h3val.len, h3val.base);
+- result = write_resp_hds(data, (const char *)h3name.base, h3name.len);
+- if(result) {
+- return -1;
+- }
+- result = write_resp_hds(data, ": ", 2);
+- if(result) {
+- return -1;
+- }
+- result = write_resp_hds(data, (const char *)h3val.base, h3val.len);
+- if(result) {
+- return -1;
+- }
+- result = write_resp_hds(data, "\r\n", 2);
+- if(result) {
+- return -1;
+- }
++ h3_xfer_write_resp_hd(cf, data, stream,
++ (const char *)h3name.base, h3name.len, FALSE);
++ h3_xfer_write_resp_hd(cf, data, stream, ": ", 2, FALSE);
++ h3_xfer_write_resp_hd(cf, data, stream, (
++ const char *)h3val.base, h3val.len, FALSE);
++ h3_xfer_write_resp_hd(cf, data, stream, "\r\n", 2, FALSE);
+ }
+ return 0;
+ }
+@@ -1083,7 +1093,13 @@ static ssize_t cf_ngtcp2_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
+ goto out;
+ }
+
+- if(stream->closed) {
++ if(stream->xfer_result) {
++ CURL_TRC_CF(data, cf, "[%" PRId64 "] xfer write failed", stream->id);
++ *err = stream->xfer_result;
++ nread = -1;
++ goto out;
++ }
++ else if(stream->closed) {
+ nread = recv_closed_stream(cf, data, stream, err);
+ goto out;
+ }
+--- a/tests/http/test_02_download.py
++++ b/tests/http/test_02_download.py
+@@ -257,6 +257,34 @@ class TestDownload:
+ ])
+ r.check_response(count=count, http_status=200)
+
++ @pytest.mark.parametrize("proto", ['h2', 'h3'])
++ def test_02_14_not_found(self, env: Env, httpd, nghttpx, repeat, proto):
++ if proto == 'h3' and not env.have_h3():
++ pytest.skip("h3 not supported")
++ if proto == 'h3' and env.curl_uses_lib('msh3'):
++ pytest.skip("msh3 stalls here")
++ count = 10
++ urln = f'https://{env.authority_for(env.domain1, proto)}/not-found?[0-{count-1}]'
++ curl = CurlClient(env=env)
++ r = curl.http_download(urls=[urln], alpn_proto=proto, extra_args=[
++ '--parallel'
++ ])
++ r.check_stats(count=count, http_status=404, exitcode=0)
++
++ @pytest.mark.parametrize("proto", ['h2', 'h3'])
++ def test_02_15_fail_not_found(self, env: Env, httpd, nghttpx, repeat, proto):
++ if proto == 'h3' and not env.have_h3():
++ pytest.skip("h3 not supported")
++ if proto == 'h3' and env.curl_uses_lib('msh3'):
++ pytest.skip("msh3 stalls here")
++ count = 10
++ urln = f'https://{env.authority_for(env.domain1, proto)}/not-found?[0-{count-1}]'
++ curl = CurlClient(env=env)
++ r = curl.http_download(urls=[urln], alpn_proto=proto, extra_args=[
++ '--fail'
++ ])
++ r.check_stats(count=count, http_status=404, exitcode=22)
++
+ @pytest.mark.skipif(condition=Env().slow_network, reason="not suitable for slow network tests")
+ @pytest.mark.skipif(condition=Env().ci_run, reason="not suitable for CI runs")
+ def test_02_20_h2_small_frames(self, env: Env, httpd, repeat):
+
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/curl/, net-misc/curl/files/
@ 2024-05-22 7:03 Matt Jolly
0 siblings, 0 replies; 30+ messages in thread
From: Matt Jolly @ 2024-05-22 7:03 UTC (permalink / raw
To: gentoo-commits
commit: 6611314392d759e8733572ffd0b114edeb369857
Author: Matt Jolly <kangie <AT> gentoo <DOT> org>
AuthorDate: Wed May 22 06:14:51 2024 +0000
Commit: Matt Jolly <kangie <AT> gentoo <DOT> org>
CommitDate: Wed May 22 06:58:20 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=66113143
net-misc/curl: add 8.8.0
Signed-off-by: Matt Jolly <kangie <AT> gentoo.org>
net-misc/curl/Manifest | 2 ++
.../curl/{curl-9999.ebuild => curl-8.8.0.ebuild} | 11 +++----
net-misc/curl/curl-9999.ebuild | 2 +-
.../curl/files/curl-8.8.0-install-manpage.patch | 22 ++++++++++++++
net-misc/curl/files/curl-prefix-2.patch | 34 ++++++++++++++++++++++
5 files changed, 65 insertions(+), 6 deletions(-)
diff --git a/net-misc/curl/Manifest b/net-misc/curl/Manifest
index fd56dbdb80f0..197b1b91243d 100644
--- a/net-misc/curl/Manifest
+++ b/net-misc/curl/Manifest
@@ -4,3 +4,5 @@ DIST curl-8.6.0.tar.xz 2630108 BLAKE2B 1b01de396008d57e154e2b5fc1acf1dd000703fa5
DIST curl-8.6.0.tar.xz.asc 488 BLAKE2B 18d7583a9aa6a278bea5a8a74461ff06f45ec418cd4542b015c74091c353b340afcc5dfe7e5e99f0b9fac7de9251164044a85e4f6665bf042636868a2c613d0a SHA512 2b835bb4b307e5e1c929b7136c5acfb9f6f06efa471ac27060336cabcfac40e02143f40434986c5e6817d4a9562b09efa8ff3168beed310a45453148cc1b5c8f
DIST curl-8.7.1.tar.xz 2707016 BLAKE2B a2a9f48d0b69c0d92fcbbda535ce55082a5243abe3ab2db80d6fa3f32fb2c98b65026d69fc45c94e966398cf9ba8d9c95b6b91f4768b54749ed3275dd21838ef SHA512 5bbde9d5648e9226f5490fa951690aaf159149345f3a315df2ba58b2468f3e59ca32e8a49734338afc861803a4f81caac6d642a4699b72c6310ebfb1f618aad2
DIST curl-8.7.1.tar.xz.asc 488 BLAKE2B 1c91d116aecc8e98d8ec3aad68b7c96f11151e6c2716f531e5d2989e9b6b1199e180603673891d7967cdcdaee1d6b5e15160ccabe9b51590e2887022db03c2ed SHA512 f98c393997c4a32f545a8982226e8cd612395210915a4576c2ce227d0f650cff341be7bf15e989d1789abf32ac4fd9c190b9250b81e650b569e8532048746b37
+DIST curl-8.8.0.tar.xz 2748860 BLAKE2B c14903bad4cbd1752a5335afa6bcc78be1a484692fce0e0a6c2061963e0e6b4e56defb8332cef32d0dbddb481ad0443b71faf3a52a6e9d945c89ecbce373d2a3 SHA512 9d2c0d3a0d8f6c31ba4fabe48f801910f886fde43dc198dc4213708d6967ed5e040a1bb7348aa1cb126577ee508a3ec36fe65256d027d861d6ffb70f6383967a
+DIST curl-8.8.0.tar.xz.asc 488 BLAKE2B d80c0ff357b344d7ec2b975a92f1eeb7557993b61a69e7adaaeab89c9b5a53ddade5104fe1a0ad260145db9c90fc0aae36dfc22320492db6696f290da9ff675b SHA512 37b501770225dff6b1e7bde1157f556f10ec1c597fcbbb5c8b8c370efb97a3a70f585f2f5c201b96380d68466696474a5f65a07da59b704678d6927567d25359
diff --git a/net-misc/curl/curl-9999.ebuild b/net-misc/curl/curl-8.8.0.ebuild
similarity index 97%
copy from net-misc/curl/curl-9999.ebuild
copy to net-misc/curl/curl-8.8.0.ebuild
index 684c38ec8a8e..2f3f1a6fc7ae 100644
--- a/net-misc/curl/curl-9999.ebuild
+++ b/net-misc/curl/curl-8.8.0.ebuild
@@ -63,15 +63,15 @@ REQUIRED_USE="
RDEPEND="
>=sys-libs/zlib-1.1.4[${MULTILIB_USEDEP}]
- adns? ( net-dns/c-ares:=[${MULTILIB_USEDEP}] )
+ adns? ( >=net-dns/c-ares-1.16.0:=[${MULTILIB_USEDEP}] )
brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
http2? ( >=net-libs/nghttp2-1.12.0:=[${MULTILIB_USEDEP}] )
idn? ( net-dns/libidn2:=[static-libs?,${MULTILIB_USEDEP}] )
kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
ldap? ( >=net-nds/openldap-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
nghttp3? (
- >=net-libs/nghttp3-0.15.0[${MULTILIB_USEDEP}]
- >=net-libs/ngtcp2-0.19.1[gnutls,ssl,-openssl,${MULTILIB_USEDEP}]
+ >=net-libs/nghttp3-1.1.0[${MULTILIB_USEDEP}]
+ >=net-libs/ngtcp2-1.2.0[gnutls,ssl,-openssl,${MULTILIB_USEDEP}]
)
psl? ( net-libs/libpsl[${MULTILIB_USEDEP}] )
rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
@@ -90,7 +90,7 @@ RDEPEND="
>=dev-libs/openssl-0.9.7:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
)
rustls? (
- net-libs/rustls-ffi:=[${MULTILIB_USEDEP}]
+ >=net-libs/rustls-ffi-0.13.0:=[${MULTILIB_USEDEP}]
)
)
zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )
@@ -132,8 +132,9 @@ QA_CONFIG_IMPL_DECL_SKIP=(
)
PATCHES=(
- "${FILESDIR}"/${PN}-prefix.patch
+ "${FILESDIR}"/${PN}-prefix-2.patch
"${FILESDIR}"/${PN}-respect-cflags-3.patch
+ "${FILESDIR}"/${P}-install-manpage.patch
)
src_prepare() {
diff --git a/net-misc/curl/curl-9999.ebuild b/net-misc/curl/curl-9999.ebuild
index 684c38ec8a8e..3edcf42e2eb6 100644
--- a/net-misc/curl/curl-9999.ebuild
+++ b/net-misc/curl/curl-9999.ebuild
@@ -132,7 +132,7 @@ QA_CONFIG_IMPL_DECL_SKIP=(
)
PATCHES=(
- "${FILESDIR}"/${PN}-prefix.patch
+ "${FILESDIR}"/${PN}-prefix-2.patch
"${FILESDIR}"/${PN}-respect-cflags-3.patch
)
diff --git a/net-misc/curl/files/curl-8.8.0-install-manpage.patch b/net-misc/curl/files/curl-8.8.0-install-manpage.patch
new file mode 100644
index 000000000000..f58ddae1c302
--- /dev/null
+++ b/net-misc/curl/files/curl-8.8.0-install-manpage.patch
@@ -0,0 +1,22 @@
+https://patch-diff.githubusercontent.com/raw/curl/curl/pull/13741
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Wed, 22 May 2024 08:43:43 +0200
+Subject: [PATCH] docs/Makefile.am: make curl-config.1 install
+
+on "make install" like it should
+---
+ docs/Makefile.am | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/docs/Makefile.am b/docs/Makefile.am
+index 83f5b0c461cc0f..e9ef6284860555 100644
+--- a/docs/Makefile.am
++++ b/docs/Makefile.am
+@@ -28,6 +28,7 @@ if BUILD_DOCS
+ # if we disable man page building, ignore these
+ MK_CA_DOCS = mk-ca-bundle.1
+ CURLCONF_DOCS = curl-config.1
++man_MANS = curl-config.1
+ endif
+
+ CURLPAGES = curl-config.md mk-ca-bundle.md
diff --git a/net-misc/curl/files/curl-prefix-2.patch b/net-misc/curl/files/curl-prefix-2.patch
new file mode 100644
index 000000000000..0372038e7d59
--- /dev/null
+++ b/net-misc/curl/files/curl-prefix-2.patch
@@ -0,0 +1,34 @@
+From a3033ee39f2cc43cb17386b23cb304b010c2c96f Mon Sep 17 00:00:00 2001
+From: Matt Jolly <Matt.Jolly@footclan.ninja>
+Date: Wed, 22 May 2024 16:18:51 +1000
+Subject: [PATCH] Update prefix patch for 8.8.0
+
+---
+ curl-config.in | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/curl-config.in b/curl-config.in
+index 085bb1e..c0bc6ce 100644
+--- a/curl-config.in
++++ b/curl-config.in
+@@ -145,7 +145,7 @@ while test "$#" -gt 0; do
+ else
+ CPPFLAG_CURL_STATICLIB=""
+ fi
+- if test "X@includedir@" = "X/usr/include"; then
++ if test "X@includedir@" = "X@GENTOO_PORTAGE_EPREFIX@/usr/include"; then
+ echo "${CPPFLAG_CURL_STATICLIB}"
+ else
+ echo "${CPPFLAG_CURL_STATICLIB}-I@includedir@"
+@@ -153,7 +153,7 @@ while test "$#" -gt 0; do
+ ;;
+
+ --libs)
+- if test "X@libdir@" != "X/usr/lib" -a "X@libdir@" != "X/usr/lib64"; then
++ if test "X@libdir@" != "X@GENTOO_PORTAGE_EPREFIX@/usr/lib" -a "X@libdir@" != "X@GENTOO_PORTAGE_EPREFIX@/usr/lib64"; then
+ CURLLIBDIR="-L@libdir@ "
+ else
+ CURLLIBDIR=""
+--
+2.45.0
+
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/curl/, net-misc/curl/files/
@ 2024-05-30 2:02 Matt Jolly
0 siblings, 0 replies; 30+ messages in thread
From: Matt Jolly @ 2024-05-30 2:02 UTC (permalink / raw
To: gentoo-commits
commit: b4a094f4165eba939dc23b9af9c660ab3b45f449
Author: Matt Jolly <kangie <AT> gentoo <DOT> org>
AuthorDate: Thu May 30 00:30:56 2024 +0000
Commit: Matt Jolly <kangie <AT> gentoo <DOT> org>
CommitDate: Thu May 30 02:02:10 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b4a094f4
net-misc/curl: add 8.8.0-r1
This release fixes an issue where under certain circumstances
(in particular when invoked within the Gentoo sandbox), `multi_wait()`
would incorrectly calculate the timeout, resulting in test failures.
Allow setting `--enable-debug` via USE=debug with an appropriate warning
to the ebuild and live ebuild.
Closes: https://bugs.gentoo.org/932660
See-also: https://github.com/curl/curl/issues/13782
Signed-off-by: Matt Jolly <kangie <AT> gentoo.org>
.../{curl-9999.ebuild => curl-8.8.0-r1.ebuild} | 19 +++++-
net-misc/curl/curl-9999.ebuild | 16 ++++-
.../curl/files/curl-8.8.0-multi_wait-timeout.patch | 75 ++++++++++++++++++++++
3 files changed, 108 insertions(+), 2 deletions(-)
diff --git a/net-misc/curl/curl-9999.ebuild b/net-misc/curl/curl-8.8.0-r1.ebuild
similarity index 95%
copy from net-misc/curl/curl-9999.ebuild
copy to net-misc/curl/curl-8.8.0-r1.ebuild
index 17ec871e7e2a..b77ba32f5d7e 100644
--- a/net-misc/curl/curl-9999.ebuild
+++ b/net-misc/curl/curl-8.8.0-r1.ebuild
@@ -26,7 +26,7 @@ fi
LICENSE="BSD curl ISC test? ( BSD-4 )"
SLOT="0"
-IUSE="+adns +alt-svc brotli +ftp gnutls gopher +hsts +http2 idn +imap kerberos ldap mbedtls nghttp3 +openssl +pop3"
+IUSE="+adns +alt-svc brotli debug +ftp gnutls gopher +hsts +http2 idn +imap kerberos ldap mbedtls nghttp3 +openssl +pop3"
IUSE+=" +psl +progress-meter rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd"
# These select the default SSL implementation
IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls"
@@ -136,6 +136,9 @@ QA_CONFIG_IMPL_DECL_SKIP=(
PATCHES=(
"${FILESDIR}"/${PN}-prefix-2.patch
"${FILESDIR}"/${PN}-respect-cflags-3.patch
+ "${FILESDIR}"/${P}-install-manpage.patch
+ "${FILESDIR}"/${P}-mbedtls.patch
+ "${FILESDIR}"/${P}-multi_wait-timeout.patch
)
src_prepare() {
@@ -279,6 +282,12 @@ multilib_src_configure() {
--with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions
)
+ if use debug; then
+ myconf+=(
+ --enable-debug
+ )
+ fi
+
if use test && multilib_is_native_abi && ( use http2 || use nghttp3 ); then
myconf+=(
--with-test-nghttpx="${BROOT}/usr/bin/nghttpx"
@@ -368,3 +377,11 @@ multilib_src_install_all() {
find "${ED}" -type f -name '*.la' -delete || die
rm -rf "${ED}"/etc/ || die
}
+
+pkg_postinst() {
+ if use debug; then
+ ewarn "USE=debug has been selected, enabling debug codepaths and making cURL extra verbose."
+ ewarn "Use this _only_ for testing. Debug builds should _not_ be used in anger."
+ ewarn "hic sunt dracones; you have been warned."
+ fi
+}
diff --git a/net-misc/curl/curl-9999.ebuild b/net-misc/curl/curl-9999.ebuild
index 17ec871e7e2a..7f560fb74a9b 100644
--- a/net-misc/curl/curl-9999.ebuild
+++ b/net-misc/curl/curl-9999.ebuild
@@ -26,7 +26,7 @@ fi
LICENSE="BSD curl ISC test? ( BSD-4 )"
SLOT="0"
-IUSE="+adns +alt-svc brotli +ftp gnutls gopher +hsts +http2 idn +imap kerberos ldap mbedtls nghttp3 +openssl +pop3"
+IUSE="+adns +alt-svc brotli debug +ftp gnutls gopher +hsts +http2 idn +imap kerberos ldap mbedtls nghttp3 +openssl +pop3"
IUSE+=" +psl +progress-meter rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd"
# These select the default SSL implementation
IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls"
@@ -279,6 +279,12 @@ multilib_src_configure() {
--with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions
)
+ if use debug; then
+ myconf+=(
+ --enable-debug
+ )
+ fi
+
if use test && multilib_is_native_abi && ( use http2 || use nghttp3 ); then
myconf+=(
--with-test-nghttpx="${BROOT}/usr/bin/nghttpx"
@@ -368,3 +374,11 @@ multilib_src_install_all() {
find "${ED}" -type f -name '*.la' -delete || die
rm -rf "${ED}"/etc/ || die
}
+
+pkg_postinst() {
+ if use debug; then
+ ewarn "USE=debug has been selected, enabling debug codepaths and making cURL extra verbose."
+ ewarn "Use this _only_ for testing. Debug builds should _not_ be used in anger."
+ ewarn "hic sunt dracones; you have been warned."
+ fi
+}
diff --git a/net-misc/curl/files/curl-8.8.0-multi_wait-timeout.patch b/net-misc/curl/files/curl-8.8.0-multi_wait-timeout.patch
new file mode 100644
index 000000000000..38d8c1bd3f20
--- /dev/null
+++ b/net-misc/curl/files/curl-8.8.0-multi_wait-timeout.patch
@@ -0,0 +1,75 @@
+https://github.com/curl/curl/pull/13825
+From: Stefan Eissing <stefan@eissing.org>
+Date: Wed, 29 May 2024 17:13:34 +0200
+Subject: [PATCH] fix multi_wait() timeout handling
+
+- determine the actual poll timeout *after* all sockets
+ have been collected. Protocols and connection filters may
+ install new timeouts during collection.
+- add debug logging to test1533 where the mistake was noticed
+- refs #13782
+--- a/lib/multi.c
++++ b/lib/multi.c
+@@ -1366,13 +1366,6 @@ static CURLMcode multi_wait(struct Curl_multi *multi,
+ if(timeout_ms < 0)
+ return CURLM_BAD_FUNCTION_ARGUMENT;
+
+- /* If the internally desired timeout is actually shorter than requested from
+- the outside, then use the shorter time! But only if the internal timer
+- is actually larger than -1! */
+- (void)multi_timeout(multi, &timeout_internal);
+- if((timeout_internal >= 0) && (timeout_internal < (long)timeout_ms))
+- timeout_ms = (int)timeout_internal;
+-
+ memset(ufds, 0, ufds_len * sizeof(struct pollfd));
+ memset(&ps, 0, sizeof(ps));
+
+@@ -1476,6 +1469,14 @@ static CURLMcode multi_wait(struct Curl_multi *multi,
+ #endif
+ #endif
+
++ /* We check the internal timeout *AFTER* we collected all sockets to
++ * poll. Collecting the sockets may install new timers by protocols
++ * and connection filters.
++ * Use the shorter one of the internal and the caller requested timeout. */
++ (void)multi_timeout(multi, &timeout_internal);
++ if((timeout_internal >= 0) && (timeout_internal < (long)timeout_ms))
++ timeout_ms = (int)timeout_internal;
++
+ #if defined(ENABLE_WAKEUP) && defined(USE_WINSOCK)
+ if(nfds || use_wakeup) {
+ #else
+--- a/tests/libtest/Makefile.inc
++++ b/tests/libtest/Makefile.inc
+@@ -487,7 +487,7 @@ lib1551_SOURCES = lib1551.c $(SUPPORTFILES)
+ lib1552_SOURCES = lib1552.c $(SUPPORTFILES) $(TESTUTIL)
+ lib1552_LDADD = $(TESTUTIL_LIBS)
+
+-lib1553_SOURCES = lib1553.c $(SUPPORTFILES) $(TESTUTIL)
++lib1553_SOURCES = lib1553.c $(SUPPORTFILES) $(TSTTRACE) $(TESTUTIL)
+ lib1553_LDADD = $(TESTUTIL_LIBS)
+
+ lib1554_SOURCES = lib1554.c $(SUPPORTFILES)
+--- a/tests/libtest/lib1553.c
++++ b/tests/libtest/lib1553.c
+@@ -24,6 +24,7 @@
+ #include "test.h"
+
+ #include "testutil.h"
++#include "testtrace.h"
+ #include "warnless.h"
+ #include "memdebug.h"
+
+@@ -74,6 +75,12 @@ CURLcode test(char *URL)
+ easy_setopt(curls, CURLOPT_XFERINFOFUNCTION, xferinfo);
+ easy_setopt(curls, CURLOPT_NOPROGRESS, 1L);
+
++ libtest_debug_config.nohex = 1;
++ libtest_debug_config.tracetime = 1;
++ test_setopt(curls, CURLOPT_DEBUGDATA, &libtest_debug_config);
++ easy_setopt(curls, CURLOPT_DEBUGFUNCTION, libtest_debug_cb);
++ easy_setopt(curls, CURLOPT_VERBOSE, 1L);
++
+ multi_add_handle(multi, curls);
+
+ multi_perform(multi, &still_running);
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/curl/, net-misc/curl/files/
@ 2024-08-05 7:23 Matt Jolly
0 siblings, 0 replies; 30+ messages in thread
From: Matt Jolly @ 2024-08-05 7:23 UTC (permalink / raw
To: gentoo-commits
commit: 508591b213da065801a691a68860eb3d21d898d4
Author: Matt Jolly <kangie <AT> gentoo <DOT> org>
AuthorDate: Mon Aug 5 07:07:51 2024 +0000
Commit: Matt Jolly <kangie <AT> gentoo <DOT> org>
CommitDate: Mon Aug 5 07:23:03 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=508591b2
net-misc/curl: add 8.9.1-r1
This revbump includes a patch for a regression where
libcurl could leak SIGPIPE into programs using it,
for example Transmission.
See: https://github.com/curl/curl/issues/14344
Closes: https://bugs.gentoo.org/937139
Signed-off-by: Matt Jolly <kangie <AT> gentoo.org>
.../{curl-9999.ebuild => curl-8.9.1-r1.ebuild} | 4 +++-
net-misc/curl/curl-9999.ebuild | 1 +
net-misc/curl/files/curl-8.9.1-sigpipe.patch | 26 ++++++++++++++++++++++
3 files changed, 30 insertions(+), 1 deletion(-)
diff --git a/net-misc/curl/curl-9999.ebuild b/net-misc/curl/curl-8.9.1-r1.ebuild
similarity index 99%
copy from net-misc/curl/curl-9999.ebuild
copy to net-misc/curl/curl-8.9.1-r1.ebuild
index 2660f7cff4ca..68501e82986b 100644
--- a/net-misc/curl/curl-9999.ebuild
+++ b/net-misc/curl/curl-8.9.1-r1.ebuild
@@ -27,7 +27,7 @@ fi
LICENSE="BSD curl ISC test? ( BSD-4 )"
SLOT="0"
IUSE="+adns +alt-svc brotli debug +ftp gnutls gopher +hsts +http2 +http3 idn +imap kerberos ldap mbedtls +openssl +pop3"
-IUSE+=" +psl +progress-meter +quic rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp +websockets zstd"
+IUSE+=" +psl +progress-meter +quic rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd"
# These select the default tls implementation / which quic impl to use
IUSE+=" +curl_quic_openssl curl_quic_ngtcp2 curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls"
RESTRICT="!test? ( test )"
@@ -43,6 +43,7 @@ REQUIRED_USE="
curl_quic_ngtcp2
)
http3
+ ssl
)
ssl? (
^^ (
@@ -157,6 +158,7 @@ QA_CONFIG_IMPL_DECL_SKIP=(
PATCHES=(
"${FILESDIR}"/${PN}-prefix-2.patch
"${FILESDIR}"/${PN}-respect-cflags-3.patch
+ "${FILESDIR}"/${PN}-8.9.1-sigpipe.patch
)
src_prepare() {
diff --git a/net-misc/curl/curl-9999.ebuild b/net-misc/curl/curl-9999.ebuild
index 2660f7cff4ca..0e787dfac352 100644
--- a/net-misc/curl/curl-9999.ebuild
+++ b/net-misc/curl/curl-9999.ebuild
@@ -43,6 +43,7 @@ REQUIRED_USE="
curl_quic_ngtcp2
)
http3
+ ssl
)
ssl? (
^^ (
diff --git a/net-misc/curl/files/curl-8.9.1-sigpipe.patch b/net-misc/curl/files/curl-8.9.1-sigpipe.patch
new file mode 100644
index 000000000000..d308fc4420e1
--- /dev/null
+++ b/net-misc/curl/files/curl-8.9.1-sigpipe.patch
@@ -0,0 +1,26 @@
+https://github.com/curl/curl/commit/3eec5afbd0b6377eca893c392569b2faf094d970
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Mon, 5 Aug 2024 00:17:17 +0200
+Subject: [PATCH] sigpipe: init the struct so that first apply ignores
+
+Initializes 'no_signal' to TRUE, so that a call to sigpipe_apply() after
+init ignores the signal (unless CURLOPT_NOSIGNAL) is set.
+
+I have read the existing code multiple times now and I think it gets the
+initial state reversed this missing to ignore.
+
+Regression from 17e6f06ea37136c36d27
+
+Reported-by: Rasmus Thomsen
+Fixes #14344
+Closes #14390
+--- a/lib/sigpipe.h
++++ b/lib/sigpipe.h
+@@ -39,6 +39,7 @@ struct sigpipe_ignore {
+ static void sigpipe_init(struct sigpipe_ignore *ig)
+ {
+ memset(ig, 0, sizeof(*ig));
++ ig->no_signal = TRUE;
+ }
+
+ /*
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/curl/, net-misc/curl/files/
@ 2024-09-14 22:15 Matt Jolly
0 siblings, 0 replies; 30+ messages in thread
From: Matt Jolly @ 2024-09-14 22:15 UTC (permalink / raw
To: gentoo-commits
commit: 0e3037907e347b28e1019eb84ea56fcb4a310dcd
Author: Matt Jolly <kangie <AT> gentoo <DOT> org>
AuthorDate: Sat Sep 14 21:52:43 2024 +0000
Commit: Matt Jolly <kangie <AT> gentoo <DOT> org>
CommitDate: Sat Sep 14 22:15:34 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0e303790
net-misc/curl: add 8.10.0-r1
There is a reported regression in net-misc/curl 8.10.0 which can
cause connections to hang in clients using libcurl (e.g. xonotic).
This revision adds `sendrecv-poll.patch` to resolve this issue.
See-Also: https://github.com/gentoo/gentoo/pull/38591
Signed-off-by: Matt Jolly <kangie <AT> gentoo.org>
net-misc/curl/curl-8.10.0-r1.ebuild | 384 +++++++++++++++++++++
.../curl/files/curl-8.10.0-sendrecv-poll.patch | 51 +++
2 files changed, 435 insertions(+)
diff --git a/net-misc/curl/curl-8.10.0-r1.ebuild b/net-misc/curl/curl-8.10.0-r1.ebuild
new file mode 100644
index 000000000000..335c3c36a022
--- /dev/null
+++ b/net-misc/curl/curl-8.10.0-r1.ebuild
@@ -0,0 +1,384 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Maintainers should subscribe to the 'curl-distros' ML for backports etc
+# https://daniel.haxx.se/blog/2024/03/25/curl-distro-report/
+# https://lists.haxx.se/listinfo/curl-distros
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/danielstenberg.asc
+inherit autotools multilib-minimal multiprocessing prefix toolchain-funcs verify-sig
+
+DESCRIPTION="A Client that groks URLs"
+HOMEPAGE="https://curl.se/"
+
+if [[ ${PV} == 9999 ]]; then
+ inherit git-r3
+ EGIT_REPO_URI="https://github.com/curl/curl.git"
+else
+ SRC_URI="
+ https://curl.se/download/${P}.tar.xz
+ verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )
+ "
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+fi
+
+LICENSE="BSD curl ISC test? ( BSD-4 )"
+SLOT="0"
+IUSE="+adns +alt-svc brotli debug +ftp gnutls gopher +hsts +http2 +http3 idn +imap kerberos ldap mbedtls +openssl +pop3"
+IUSE+=" +psl +progress-meter +quic rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp +websockets zstd"
+# These select the default tls implementation / which quic impl to use
+IUSE+=" +curl_quic_openssl curl_quic_ngtcp2 curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls"
+RESTRICT="!test? ( test )"
+
+# Only one default ssl / quic provider can be enabled
+# The default provider needs its USE satisfied
+# HTTP/3 and MultiSSL are mutually exclusive; it's not clear if MultiSSL offers any benefit at all in the modern day.
+# https://github.com/curl/curl/commit/65ece771f4602107d9cdd339dff4b420280a2c2e
+REQUIRED_USE="
+ quic? (
+ ^^ (
+ curl_quic_openssl
+ curl_quic_ngtcp2
+ )
+ http3
+ ssl
+ )
+ ssl? (
+ ^^ (
+ curl_ssl_gnutls
+ curl_ssl_mbedtls
+ curl_ssl_openssl
+ curl_ssl_rustls
+ )
+ )
+ curl_quic_openssl? (
+ curl_ssl_openssl
+ quic
+ !gnutls
+ !mbedtls
+ !rustls
+ )
+ curl_quic_ngtcp2? (
+ curl_ssl_gnutls
+ quic
+ !mbedtls
+ !openssl
+ !rustls
+ )
+ curl_ssl_gnutls? ( gnutls )
+ curl_ssl_mbedtls? ( mbedtls )
+ curl_ssl_openssl? ( openssl )
+ curl_ssl_rustls? ( rustls )
+ http3? ( alt-svc quic )
+"
+
+# cURL's docs and CI/CD are great resources for confirming supported versions
+# particulary for fast-moving targets like HTTP/2 and TCP/2 e.g.:
+# - https://github.com/curl/curl/blob/master/docs/INTERNALS.md (core dependencies + minimum versions)
+# - https://github.com/curl/curl/blob/master/docs/HTTP3.md (example of a feature that moves quickly)
+# - https://github.com/curl/curl/blob/master/.github/workflows/http3-linux.yml (CI/CD for TCP/2)
+# However 'supported' vs 'works' are two entirely different things; be sane but
+# don't be afraid to require a later version.
+# ngtcp2 = https://bugs.gentoo.org/912029 - can only build with one tls backend at a time.
+RDEPEND="
+ >=sys-libs/zlib-1.1.4[${MULTILIB_USEDEP}]
+ adns? ( >=net-dns/c-ares-1.16.0:=[${MULTILIB_USEDEP}] )
+ brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
+ http2? ( >=net-libs/nghttp2-1.15.0:=[${MULTILIB_USEDEP}] )
+ http3? ( >=net-libs/nghttp3-1.1.0[${MULTILIB_USEDEP}] )
+ idn? ( >=net-dns/libidn2-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
+ kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
+ ldap? ( >=net-nds/openldap-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
+ psl? ( net-libs/libpsl[${MULTILIB_USEDEP}] )
+ quic? (
+ curl_quic_openssl? ( >=dev-libs/openssl-3.3.0:=[quic,${MULTILIB_USEDEP}] )
+ curl_quic_ngtcp2? ( >=net-libs/ngtcp2-1.2.0[gnutls,ssl,-openssl,${MULTILIB_USEDEP}] )
+ )
+ rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
+ ssh? ( >=net-libs/libssh2-1.0.0[${MULTILIB_USEDEP}] )
+ ssl? (
+ gnutls? (
+ app-misc/ca-certificates
+ >=net-libs/gnutls-3.1.10:=[static-libs?,${MULTILIB_USEDEP}]
+ dev-libs/nettle:=[${MULTILIB_USEDEP}]
+ )
+ mbedtls? (
+ app-misc/ca-certificates
+ net-libs/mbedtls:=[${MULTILIB_USEDEP}]
+ )
+ openssl? (
+ >=dev-libs/openssl-0.9.7:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
+ )
+ rustls? (
+ >=net-libs/rustls-ffi-0.13.0:=[${MULTILIB_USEDEP}]
+ )
+ )
+ zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )
+"
+
+DEPEND="${RDEPEND}"
+
+BDEPEND="
+ dev-lang/perl
+ virtual/pkgconfig
+ test? (
+ sys-apps/diffutils
+ http2? ( >=net-libs/nghttp2-1.15.0:=[utils,${MULTILIB_USEDEP}] )
+ http3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] )
+ )
+ verify-sig? ( sec-keys/openpgp-keys-danielstenberg )
+"
+
+DOCS=( README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
+
+MULTILIB_WRAPPED_HEADERS=(
+ /usr/include/curl/curlbuild.h
+)
+
+MULTILIB_CHOST_TOOLS=(
+ /usr/bin/curl-config
+)
+
+QA_CONFIG_IMPL_DECL_SKIP=(
+ __builtin_available
+ closesocket
+ CloseSocket
+ getpass_r
+ ioctlsocket
+ IoctlSocket
+ mach_absolute_time
+ setmode
+ _fseeki64
+ # custom AC_LINK_IFELSE code fails to link even without -Werror
+ OSSL_QUIC_client_method
+)
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-prefix-2.patch
+ "${FILESDIR}"/${PN}-respect-cflags-3.patch
+ "${FILESDIR}"/${P}-sendrecv-poll.patch
+)
+
+src_prepare() {
+ default
+
+ eprefixify curl-config.in
+ eautoreconf
+}
+
+multilib_src_configure() {
+ # We make use of the fact that later flags override earlier ones
+ # So start with all ssl providers off until proven otherwise
+ # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
+ local myconf=()
+
+ myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
+ if use ssl; then
+ myconf+=( --without-gnutls --without-mbedtls --without-rustls )
+
+ if use gnutls; then
+ multilib_is_native_abi && einfo "SSL provided by gnutls"
+ myconf+=( --with-gnutls )
+ fi
+ if use mbedtls; then
+ multilib_is_native_abi && einfo "SSL provided by mbedtls"
+ myconf+=( --with-mbedtls )
+ fi
+ if use openssl; then
+ multilib_is_native_abi && einfo "SSL provided by openssl"
+ myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
+ fi
+ if use rustls; then
+ multilib_is_native_abi && einfo "SSL provided by rustls"
+ myconf+=( --with-rustls )
+ fi
+ if use curl_ssl_gnutls; then
+ multilib_is_native_abi && einfo "Default SSL provided by gnutls"
+ myconf+=( --with-default-ssl-backend=gnutls )
+ elif use curl_ssl_mbedtls; then
+ multilib_is_native_abi && einfo "Default SSL provided by mbedtls"
+ myconf+=( --with-default-ssl-backend=mbedtls )
+ elif use curl_ssl_openssl; then
+ multilib_is_native_abi && einfo "Default SSL provided by openssl"
+ myconf+=( --with-default-ssl-backend=openssl )
+ elif use curl_ssl_rustls; then
+ multilib_is_native_abi && einfo "Default SSL provided by rustls"
+ myconf+=( --with-default-ssl-backend=rustls )
+ else
+ eerror "We can't be here because of REQUIRED_USE."
+ die "Please file a bug, hit impossible condition w/ USE=ssl handling."
+ fi
+
+ else
+ myconf+=( --without-ssl )
+ einfo "SSL disabled"
+ fi
+
+ # These configuration options are organized alphabetically
+ # within each category. This should make it easier if we
+ # ever decide to make any of them contingent on USE flags:
+ # 1) protocols first. To see them all do
+ # 'grep SUPPORT_PROTOCOLS configure.ac'
+ # 2) --enable/disable options second.
+ # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
+ # 3) --with/without options third.
+ # grep -- --with configure | grep Check | awk '{ print $4 }' | sort
+
+ myconf+=(
+ $(use_enable alt-svc)
+ --enable-basic-auth
+ --enable-bearer-auth
+ --enable-digest-auth
+ --enable-kerberos-auth
+ --enable-negotiate-auth
+ --enable-aws
+ --enable-dict
+ --disable-ech
+ --enable-file
+ $(use_enable ftp)
+ $(use_enable gopher)
+ $(use_enable hsts)
+ --enable-http
+ $(use_enable imap)
+ $(use_enable ldap)
+ $(use_enable ldap ldaps)
+ --enable-ntlm
+ $(use_enable pop3)
+ --enable-rt
+ --enable-rtsp
+ $(use_enable samba smb)
+ $(use_with ssh libssh2)
+ $(use_enable smtp)
+ $(use_enable telnet)
+ $(use_enable tftp)
+ --enable-tls-srp
+ $(use_enable adns ares)
+ --enable-cookies
+ --enable-dateparse
+ --enable-dnsshuffle
+ --enable-doh
+ --enable-symbol-hiding
+ --enable-http-auth
+ --enable-ipv6
+ --enable-largefile
+ --enable-manual
+ --enable-mime
+ --enable-netrc
+ $(use_enable progress-meter)
+ --enable-proxy
+ --enable-socketpair
+ --disable-sspi
+ $(use_enable static-libs static)
+ --enable-pthreads
+ --enable-threaded-resolver
+ --disable-versioned-symbols
+ --without-amissl
+ --without-bearssl
+ $(use_with brotli)
+ --with-fish-functions-dir="${EPREFIX}"/usr/share/fish/vendor_completions.d
+ $(use_with http2 nghttp2)
+ --without-hyper
+ $(use_with idn libidn2)
+ $(use_with kerberos gssapi "${EPREFIX}"/usr)
+ --without-libgsasl
+ $(use_with psl libpsl)
+ --without-msh3
+ $(use_with http3 nghttp3)
+ $(use_with curl_quic_ngtcp2 ngtcp2)
+ $(use_with curl_quic_openssl openssl-quic)
+ --without-quiche
+ $(use_with rtmp librtmp)
+ --without-schannel
+ --without-secure-transport
+ --without-test-caddy
+ --without-test-httpd
+ --without-test-nghttpx
+ $(use_enable websockets)
+ --without-winidn
+ --without-wolfssl
+ --with-zlib
+ $(use_with zstd)
+ --with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions
+ )
+
+ if use debug; then
+ myconf+=(
+ --enable-debug
+ )
+ fi
+
+ if use test && multilib_is_native_abi && ( use http2 || use http3 ); then
+ myconf+=(
+ --with-test-nghttpx="${BROOT}/usr/bin/nghttpx"
+ )
+ fi
+
+ if [[ ${CHOST} == *mingw* ]] ; then
+ myconf+=(
+ --disable-pthreads
+ )
+ fi
+
+ ECONF_SOURCE="${S}" econf "${myconf[@]}"
+
+ if ! multilib_is_native_abi; then
+ # Avoid building the client (we just want libcurl for multilib)
+ sed -i -e '/SUBDIRS/s:src::' Makefile || die
+ sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
+ fi
+
+}
+
+multilib_src_compile() {
+ default
+
+ if multilib_is_native_abi; then
+ # Shell completions
+ ! tc-is-cross-compiler && emake -C scripts
+ fi
+}
+
+# There is also a pytest harness that tests for bugs in some very specific
+# situations; we can rely on upstream for this rather than adding additional test deps.
+multilib_src_test() {
+ # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
+ # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
+ # -v: verbose
+ # -a: keep going on failure (so we see everything that breaks, not just 1st test)
+ # -k: keep test files after completion
+ # -am: automake style TAP output
+ # -p: print logs if test fails
+ # Note: if needed, we can skip specific tests. See e.g. Fedora's packaging
+ # or just read https://github.com/curl/curl/tree/master/tests#run.
+ # Note: we don't run the testsuite for cross-compilation.
+ # Upstream recommend 7*nproc as a starting point for parallel tests, but
+ # this ends up breaking when nproc is huge (like -j80).
+ # The network sandbox causes tests 241 and 1083 to fail; these are typically skipped
+ # as most gentoo users don't have an 'ip6-localhost'
+ multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p -j$((2*$(makeopts_jobs))) !241 !1083"
+}
+
+multilib_src_install() {
+ emake DESTDIR="${D}" install
+
+ if multilib_is_native_abi; then
+ # Shell completions
+ ! tc-is-cross-compiler && emake -C scripts DESTDIR="${D}" install
+ fi
+}
+
+multilib_src_install_all() {
+ einstalldocs
+ find "${ED}" -type f -name '*.la' -delete || die
+ rm -rf "${ED}"/etc/ || die
+}
+
+pkg_postinst() {
+ if use debug; then
+ ewarn "USE=debug has been selected, enabling debug codepaths and making cURL extra verbose."
+ ewarn "Use this _only_ for testing. Debug builds should _not_ be used in anger."
+ ewarn "hic sunt dracones; you have been warned."
+ fi
+}
diff --git a/net-misc/curl/files/curl-8.10.0-sendrecv-poll.patch b/net-misc/curl/files/curl-8.10.0-sendrecv-poll.patch
new file mode 100644
index 000000000000..44654377008a
--- /dev/null
+++ b/net-misc/curl/files/curl-8.10.0-sendrecv-poll.patch
@@ -0,0 +1,51 @@
+https://github.com/curl/curl/commit/a33bcc9b53b9d6ea9f879624e8abea0b012b008e
+From: Stefan Eissing <stefan@eissing.org>
+Date: Fri, 13 Sep 2024 18:36:53 +0200
+Subject: [PATCH] transfer: fix sendrecv() without interim poll
+
+There was a "clever" optimization that skipped sendrecv() handling when
+the transfer's pollset was empty. This happens for paused transfers, for
+example.
+
+Unforunately, if the libcurl application never calls curl_multi_poll(),
+the pollset is and will aways remain empty, prevent the transfer from
+progressing.
+
+Remove this "optimization" and always try send/receive where applicable.
+
+Fixes #14898
+Reported-by: Victor Kislov
+Closes #14901
+--- a/lib/transfer.c
++++ b/lib/transfer.c
+@@ -431,8 +431,6 @@ CURLcode Curl_sendrecv(struct Curl_easy *data, struct curltime *nowp)
+ if(select_bits_paused(data, data->state.select_bits)) {
+ /* leave the bits unchanged, so they'll tell us what to do when
+ * this transfer gets unpaused. */
+- /* DEBUGF(infof(data, "sendrecv, select_bits, early return on PAUSED"));
+- */
+ result = CURLE_OK;
+ goto out;
+ }
+@@ -440,16 +438,13 @@ CURLcode Curl_sendrecv(struct Curl_easy *data, struct curltime *nowp)
+ /* DEBUGF(infof(data, "sendrecv, select_bits %x, RUN", select_bits)); */
+ select_bits = (CURL_CSELECT_OUT|CURL_CSELECT_IN);
+ }
+- else if(data->last_poll.num) {
+- /* The transfer wanted something polled. Let's run all available
+- * send/receives. Worst case we EAGAIN on some. */
+- /* DEBUGF(infof(data, "sendrecv, had poll sockets, RUN")); */
++ else {
++ /* try both directions if the transfer wants it. We used to poll
++ * the socket here and on ran send/recv depending on POLLIN/OUT, but
++ * that does not when connections are multiplexed or handshake,
++ * or other direction reversals are happening. */
+ select_bits = (CURL_CSELECT_OUT|CURL_CSELECT_IN);
+ }
+- else if(data->req.keepon & KEEP_SEND_TIMED) {
+- /* DEBUGF(infof(data, "sendrecv, KEEP_SEND_TIMED, RUN ul")); */
+- select_bits = CURL_CSELECT_OUT;
+- }
+
+ #ifdef USE_HYPER
+ if(data->conn->datastream) {
^ permalink raw reply related [flat|nested] 30+ messages in thread
end of thread, other threads:[~2024-09-14 22:15 UTC | newest]
Thread overview: 30+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-01-05 5:57 [gentoo-commits] repo/gentoo:master commit in: net-misc/curl/, net-misc/curl/files/ Sam James
-- strict thread matches above, loose matches on Subject: below --
2024-09-14 22:15 Matt Jolly
2024-08-05 7:23 Matt Jolly
2024-05-30 2:02 Matt Jolly
2024-05-22 7:03 Matt Jolly
2024-04-26 13:37 Sam James
2024-04-20 4:04 Matt Jolly
2024-04-01 3:59 Matt Jolly
2024-04-01 3:59 Matt Jolly
2024-03-28 2:09 Matt Jolly
2024-02-08 1:18 Sam James
2024-01-05 5:57 Sam James
2023-10-11 7:03 Sam James
2023-05-23 3:42 Sam James
2023-05-17 7:58 Sam James
2023-05-17 7:58 Sam James
2023-03-23 8:59 Sam James
2023-02-22 10:00 Sam James
2022-12-23 1:29 Sam James
2022-10-28 17:18 Sam James
2022-07-03 2:36 Andreas K. Hüttel
2022-07-02 12:41 Sam James
2022-05-05 13:46 Jakov Smolić
2022-04-20 20:14 Sam James
2021-09-18 3:01 Sam James
2020-06-10 20:13 Anthony G. Basile
2018-04-18 21:42 Aaron Bauman
2016-11-13 13:21 Anthony G. Basile
2016-05-18 12:25 Anthony G. Basile
2016-03-24 12:24 Anthony G. Basile
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox