* [gentoo-commits] repo/proj/libressl:master commit in: net-misc/curl/, net-misc/curl/files/
@ 2024-11-10 16:03 orbea
0 siblings, 0 replies; 5+ messages in thread
From: orbea @ 2024-11-10 16:03 UTC (permalink / raw
To: gentoo-commits
commit: 359fd2822951e6a385ab9e8f464426d44a25daf8
Author: orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Sun Nov 10 16:01:27 2024 +0000
Commit: orbea <orbea <AT> riseup <DOT> net>
CommitDate: Sun Nov 10 16:01:27 2024 +0000
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=359fd282
net-misc/curl: add 8.11.0
Signed-off-by: orbea <orbea <AT> riseup.net>
net-misc/curl/Manifest | 2 +
net-misc/curl/curl-8.11.0.ebuild | 386 +++++++++++++++++++++
.../curl/files/curl-8.11.0-cmdline-ech-docs.patch | 59 ++++
.../files/curl-8.11.0-cookie-case-sensitive.patch | 56 +++
.../curl-8.11.0-curl-libssh-ipv6-brackets.patch | 26 ++
.../files/curl-8.11.0-duphandle-init-netrc.patch | 195 +++++++++++
.../files/curl-8.11.0-mbedtls-global-init.patch | 71 ++++
.../curl/files/curl-8.11.0-netrc-large-file.patch | 25 ++
.../curl-8.11.0-setopt-http_content_decoding.patch | 20 ++
net-misc/curl/files/curl-prefix-3.patch | 34 ++
10 files changed, 874 insertions(+)
diff --git a/net-misc/curl/Manifest b/net-misc/curl/Manifest
index 9748763..862b011 100644
--- a/net-misc/curl/Manifest
+++ b/net-misc/curl/Manifest
@@ -1,4 +1,6 @@
DIST curl-8.10.1.tar.xz 2726748 BLAKE2B bfdfa24f6d652884044c5e8eea5d70daad651b46255c99c9df502f9595a2dcbf8c4034446becf9e87f8e8a3f397a8fda29ab3e0d6020ac0dae62dd42b8136b78 SHA512 f1c7a12492dcfb8ba08be69b96a83ce9074592cbaa6b95c72b3c16fc58ad35e9f9deec7b72baca7d360d013b0b1c7ea38bd4edae464903ac67aa3c76238d8c6c
DIST curl-8.10.1.tar.xz.asc 488 BLAKE2B 8e8f2b628d4e8964a76c1c43c5557aacbfc2d2dbc51be8a0fa1b157c257f15f29aedba842cba7cb270c4adcf0b4a5d9c8b0b3d49633c48b061fb3e1472303d66 SHA512 21d6d560c027efc9e3e5db182a77501d6376442221ba910df817e2ec980bee44a9fe2afc698205f8d5e8313ae47915a341d60206a46b46e816d73ee357a894ac
+DIST curl-8.11.0.tar.xz 2750684 BLAKE2B 3db13ed558bee332e07e1eab878b5ecae14cd049c115eea3a25fcb78cf28aadfe577dc224df75b62844529994ec478a9a74fed5c9bae338f809d231420ae5d0a SHA512 3a642d421e0a5c09ecb681bea18498f2c6124e9af4d8afdc074dfb85a9b0211d8972ade9cf00ab44b5dfed9303262cd83551dd3b5e0976d11fc19da3c4a0987e
+DIST curl-8.11.0.tar.xz.asc 488 BLAKE2B 5d91dc654d6a62c66e344ca92676b42e7a49f437e14f9fb714f7ae64a266d24d9bb7006b4512fc323459072ff0d9e05f627e494f34f845eadbedbd83acacc2ce SHA512 71073dde48e8f0013e392eb88bf70f6b8a4a4f0c955a3fb56db98e74aa10acc1004e2a0483f30be082e61b59a76fa75ae1d90545ace7c6b07bca8164078375f0
DIST curl-8.9.1.tar.xz 2782364 BLAKE2B 6e38e20e2b03ab5bfbb8d9797442dfdd9644fc80d7b1f7c1efb1f44e0d730524e82ccf7413b2c6f4555bd61ae42f91ec7c0201e2c0d563811c85164aa234aada SHA512 a0fe234402875db194aad4e4208b7e67e7ffc1562622eea90948d4b9b0122c95c3dde8bbe2f7445a687cb3de7cb09f20e5819d424570442d976aa4c913227fc7
DIST curl-8.9.1.tar.xz.asc 488 BLAKE2B 437268f6e5ba5db73f205fd87f3ded1e5fc200e8bf63a83cdb7e21dfbf2f4a4620e598cd0bf5d8fa1548ade08d45b386599542cd988df46a238b85790409f42e SHA512 18acd58436d70900ab6912b84774da2c451b9dbfc83d6d00f85bbbe7894b67075918e58956fdb753fcc1486e4f10caa31139d7c68b037d7c83dc2e9c2fae9f9b
diff --git a/net-misc/curl/curl-8.11.0.ebuild b/net-misc/curl/curl-8.11.0.ebuild
new file mode 100644
index 0000000..87825d6
--- /dev/null
+++ b/net-misc/curl/curl-8.11.0.ebuild
@@ -0,0 +1,386 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Maintainers should subscribe to the 'curl-distros' ML for backports etc
+# https://daniel.haxx.se/blog/2024/03/25/curl-distro-report/
+# https://lists.haxx.se/listinfo/curl-distros
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/danielstenberg.asc
+inherit autotools multilib-minimal multiprocessing prefix toolchain-funcs verify-sig
+
+DESCRIPTION="A Client that groks URLs"
+HOMEPAGE="https://curl.se/"
+
+if [[ ${PV} == 9999 ]]; then
+ inherit git-r3
+ EGIT_REPO_URI="https://github.com/curl/curl.git"
+else
+ SRC_URI="
+ https://curl.se/download/${P}.tar.xz
+ verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )
+ "
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+fi
+
+LICENSE="BSD curl ISC test? ( BSD-4 )"
+SLOT="0"
+IUSE="+adns +alt-svc brotli debug +ftp gnutls gopher +hsts +http2 +http3 idn +imap kerberos ldap mbedtls +openssl +pop3"
+IUSE+=" +psl +progress-meter +quic rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp +websockets zstd"
+# These select the default tls implementation / which quic impl to use
+IUSE+=" +curl_quic_openssl curl_quic_ngtcp2 curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls"
+RESTRICT="!test? ( test )"
+
+# Only one default ssl / quic provider can be enabled
+# The default provider needs its USE satisfied
+# HTTP/3 and MultiSSL are mutually exclusive; it's not clear if MultiSSL offers any benefit at all in the modern day.
+# https://github.com/curl/curl/commit/65ece771f4602107d9cdd339dff4b420280a2c2e
+REQUIRED_USE="
+ quic? (
+ !curl_quic_openssl
+ curl_quic_ngtcp2
+ http3
+ ssl
+ )
+ ssl? (
+ ^^ (
+ curl_ssl_gnutls
+ curl_ssl_mbedtls
+ curl_ssl_openssl
+ curl_ssl_rustls
+ )
+ )
+ curl_quic_openssl? (
+ curl_ssl_openssl
+ quic
+ !gnutls
+ !mbedtls
+ !rustls
+ )
+ curl_quic_ngtcp2? (
+ quic
+ !mbedtls
+ !rustls
+ )
+ curl_ssl_gnutls? ( gnutls )
+ curl_ssl_mbedtls? ( mbedtls )
+ curl_ssl_openssl? ( openssl )
+ curl_ssl_rustls? ( rustls )
+ http3? ( alt-svc quic )
+"
+
+# cURL's docs and CI/CD are great resources for confirming supported versions
+# particulary for fast-moving targets like HTTP/2 and TCP/2 e.g.:
+# - https://github.com/curl/curl/blob/master/docs/INTERNALS.md (core dependencies + minimum versions)
+# - https://github.com/curl/curl/blob/master/docs/HTTP3.md (example of a feature that moves quickly)
+# - https://github.com/curl/curl/blob/master/.github/workflows/http3-linux.yml (CI/CD for TCP/2)
+# However 'supported' vs 'works' are two entirely different things; be sane but
+# don't be afraid to require a later version.
+# ngtcp2 = https://bugs.gentoo.org/912029 - can only build with one tls backend at a time.
+RDEPEND="
+ >=sys-libs/zlib-1.1.4[${MULTILIB_USEDEP}]
+ adns? ( >=net-dns/c-ares-1.16.0:=[${MULTILIB_USEDEP}] )
+ brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
+ http2? ( >=net-libs/nghttp2-1.15.0:=[${MULTILIB_USEDEP}] )
+ http3? ( >=net-libs/nghttp3-1.1.0[${MULTILIB_USEDEP}] )
+ idn? ( >=net-dns/libidn2-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
+ kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
+ ldap? ( >=net-nds/openldap-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
+ psl? ( net-libs/libpsl[${MULTILIB_USEDEP}] )
+ quic? (
+ curl_quic_openssl? ( >=dev-libs/openssl-3.3.0:=[quic,${MULTILIB_USEDEP}] )
+ curl_quic_ngtcp2? ( >=net-libs/ngtcp2-1.2.0[ssl,${MULTILIB_USEDEP}] )
+ )
+ rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
+ ssh? ( >=net-libs/libssh2-1.0.0[${MULTILIB_USEDEP}] )
+ ssl? (
+ gnutls? (
+ app-misc/ca-certificates
+ >=net-libs/gnutls-3.1.10:=[static-libs?,${MULTILIB_USEDEP}]
+ dev-libs/nettle:=[${MULTILIB_USEDEP}]
+ )
+ mbedtls? (
+ app-misc/ca-certificates
+ net-libs/mbedtls:=[${MULTILIB_USEDEP}]
+ )
+ openssl? (
+ >=dev-libs/openssl-0.9.7:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
+ )
+ rustls? (
+ >=net-libs/rustls-ffi-0.14.0:=[${MULTILIB_USEDEP}]
+ )
+ )
+ zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )
+"
+
+DEPEND="${RDEPEND}"
+
+BDEPEND="
+ dev-lang/perl
+ virtual/pkgconfig
+ test? (
+ sys-apps/diffutils
+ http2? ( >=net-libs/nghttp2-1.15.0:=[utils,${MULTILIB_USEDEP}] )
+ http3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] )
+ )
+ verify-sig? ( sec-keys/openpgp-keys-danielstenberg )
+"
+
+DOCS=( README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
+
+MULTILIB_WRAPPED_HEADERS=(
+ /usr/include/curl/curlbuild.h
+)
+
+MULTILIB_CHOST_TOOLS=(
+ /usr/bin/curl-config
+)
+
+QA_CONFIG_IMPL_DECL_SKIP=(
+ __builtin_available
+ closesocket
+ CloseSocket
+ getpass_r
+ ioctlsocket
+ IoctlSocket
+ mach_absolute_time
+ setmode
+ _fseeki64
+ # custom AC_LINK_IFELSE code fails to link even without -Werror
+ OSSL_QUIC_client_method
+)
+
+PATCHES=(
+ "${FILESDIR}/${PN}-prefix-3.patch"
+ "${FILESDIR}/${PN}-respect-cflags-3.patch"
+ "${FILESDIR}/${P}-cmdline-ech-docs.patch"
+ "${FILESDIR}/${P}-curl-libssh-ipv6-brackets.patch"
+ "${FILESDIR}/${P}-mbedtls-global-init.patch"
+ "${FILESDIR}/${P}-setopt-http_content_decoding.patch"
+ "${FILESDIR}/${P}-cookie-case-sensitive.patch"
+ "${FILESDIR}/${P}-duphandle-init-netrc.patch"
+ "${FILESDIR}/${P}-netrc-large-file.patch"
+)
+
+src_prepare() {
+ default
+
+ eprefixify curl-config.in
+ eautoreconf
+}
+
+multilib_src_configure() {
+ # We make use of the fact that later flags override earlier ones
+ # So start with all ssl providers off until proven otherwise
+ # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
+ local myconf=()
+
+ myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
+ if use ssl; then
+ myconf+=( --without-gnutls --without-mbedtls --without-rustls )
+
+ if use gnutls; then
+ multilib_is_native_abi && einfo "SSL provided by gnutls"
+ myconf+=( --with-gnutls )
+ fi
+ if use mbedtls; then
+ multilib_is_native_abi && einfo "SSL provided by mbedtls"
+ myconf+=( --with-mbedtls )
+ fi
+ if use openssl; then
+ multilib_is_native_abi && einfo "SSL provided by openssl"
+ myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
+ fi
+ if use rustls; then
+ multilib_is_native_abi && einfo "SSL provided by rustls"
+ myconf+=( --with-rustls )
+ fi
+ if use curl_ssl_gnutls; then
+ multilib_is_native_abi && einfo "Default SSL provided by gnutls"
+ myconf+=( --with-default-ssl-backend=gnutls )
+ elif use curl_ssl_mbedtls; then
+ multilib_is_native_abi && einfo "Default SSL provided by mbedtls"
+ myconf+=( --with-default-ssl-backend=mbedtls )
+ elif use curl_ssl_openssl; then
+ multilib_is_native_abi && einfo "Default SSL provided by openssl"
+ myconf+=( --with-default-ssl-backend=openssl )
+ elif use curl_ssl_rustls; then
+ multilib_is_native_abi && einfo "Default SSL provided by rustls"
+ myconf+=( --with-default-ssl-backend=rustls )
+ else
+ eerror "We can't be here because of REQUIRED_USE."
+ die "Please file a bug, hit impossible condition w/ USE=ssl handling."
+ fi
+
+ else
+ myconf+=( --without-ssl )
+ einfo "SSL disabled"
+ fi
+
+ # These configuration options are organized alphabetically
+ # within each category. This should make it easier if we
+ # ever decide to make any of them contingent on USE flags:
+ # 1) protocols first. To see them all do
+ # 'grep SUPPORT_PROTOCOLS configure.ac'
+ # 2) --enable/disable options second.
+ # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
+ # 3) --with/without options third.
+ # grep -- --with configure | grep Check | awk '{ print $4 }' | sort
+
+ myconf+=(
+ $(use_enable alt-svc)
+ --enable-basic-auth
+ --enable-bearer-auth
+ --enable-digest-auth
+ --enable-kerberos-auth
+ --enable-negotiate-auth
+ --enable-aws
+ --enable-dict
+ --disable-ech
+ --enable-file
+ $(use_enable ftp)
+ $(use_enable gopher)
+ $(use_enable hsts)
+ --enable-http
+ $(use_enable imap)
+ $(use_enable ldap)
+ $(use_enable ldap ldaps)
+ --enable-ntlm
+ $(use_enable pop3)
+ --enable-rt
+ --enable-rtsp
+ $(use_enable samba smb)
+ $(use_with ssh libssh2)
+ $(use_enable smtp)
+ $(use_enable telnet)
+ $(use_enable tftp)
+ --enable-tls-srp
+ $(use_enable adns ares)
+ --enable-cookies
+ --enable-dateparse
+ --enable-dnsshuffle
+ --enable-doh
+ --enable-symbol-hiding
+ --enable-http-auth
+ --enable-ipv6
+ --enable-largefile
+ --enable-manual
+ --enable-mime
+ --enable-netrc
+ $(use_enable progress-meter)
+ --enable-proxy
+ --enable-socketpair
+ --disable-sspi
+ $(use_enable static-libs static)
+ --enable-pthreads
+ --enable-threaded-resolver
+ --disable-versioned-symbols
+ --without-amissl
+ --without-bearssl
+ $(use_with brotli)
+ --with-fish-functions-dir="${EPREFIX}"/usr/share/fish/vendor_completions.d
+ $(use_with http2 nghttp2)
+ --without-hyper
+ $(use_with idn libidn2)
+ $(use_with kerberos gssapi "${EPREFIX}"/usr)
+ --without-libgsasl
+ $(use_with psl libpsl)
+ --without-msh3
+ $(use_with http3 nghttp3)
+ $(use_with curl_quic_ngtcp2 ngtcp2)
+ $(use_with curl_quic_openssl openssl-quic)
+ --without-quiche
+ $(use_with rtmp librtmp)
+ --without-schannel
+ --without-secure-transport
+ --without-test-caddy
+ --without-test-httpd
+ --without-test-nghttpx
+ $(use_enable websockets)
+ --without-winidn
+ --without-wolfssl
+ --with-zlib
+ $(use_with zstd)
+ --with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions
+ )
+
+ if use debug; then
+ myconf+=(
+ --enable-debug
+ )
+ fi
+
+ if use test && multilib_is_native_abi && ( use http2 || use http3 ); then
+ myconf+=(
+ --with-test-nghttpx="${BROOT}/usr/bin/nghttpx"
+ )
+ fi
+
+ if [[ ${CHOST} == *mingw* ]] ; then
+ myconf+=(
+ --disable-pthreads
+ )
+ fi
+
+ ECONF_SOURCE="${S}" econf "${myconf[@]}"
+
+ if ! multilib_is_native_abi; then
+ # Avoid building the client (we just want libcurl for multilib)
+ sed -i -e '/SUBDIRS/s:src::' Makefile || die
+ sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
+ fi
+
+}
+
+multilib_src_compile() {
+ default
+
+ if multilib_is_native_abi; then
+ # Shell completions
+ ! tc-is-cross-compiler && emake -C scripts
+ fi
+}
+
+# There is also a pytest harness that tests for bugs in some very specific
+# situations; we can rely on upstream for this rather than adding additional test deps.
+multilib_src_test() {
+ # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
+ # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
+ # -v: verbose
+ # -a: keep going on failure (so we see everything that breaks, not just 1st test)
+ # -k: keep test files after completion
+ # -am: automake style TAP output
+ # -p: print logs if test fails
+ # Note: if needed, we can skip specific tests. See e.g. Fedora's packaging
+ # or just read https://github.com/curl/curl/tree/master/tests#run.
+ # Note: we don't run the testsuite for cross-compilation.
+ # Upstream recommend 7*nproc as a starting point for parallel tests, but
+ # this ends up breaking when nproc is huge (like -j80).
+ # The network sandbox causes tests 241 and 1083 to fail; these are typically skipped
+ # as most gentoo users don't have an 'ip6-localhost'
+ multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p -j$((2*$(makeopts_jobs))) !241 !1083"
+}
+
+multilib_src_install() {
+ emake DESTDIR="${D}" install
+
+ if multilib_is_native_abi; then
+ # Shell completions
+ ! tc-is-cross-compiler && emake -C scripts DESTDIR="${D}" install
+ fi
+}
+
+multilib_src_install_all() {
+ einstalldocs
+ find "${ED}" -type f -name '*.la' -delete || die
+ rm -rf "${ED}"/etc/ || die
+}
+
+pkg_postinst() {
+ if use debug; then
+ ewarn "USE=debug has been selected, enabling debug codepaths and making cURL extra verbose."
+ ewarn "Use this _only_ for testing. Debug builds should _not_ be used in anger."
+ ewarn "hic sunt dracones; you have been warned."
+ fi
+}
diff --git a/net-misc/curl/files/curl-8.11.0-cmdline-ech-docs.patch b/net-misc/curl/files/curl-8.11.0-cmdline-ech-docs.patch
new file mode 100644
index 0000000..e6cd109
--- /dev/null
+++ b/net-misc/curl/files/curl-8.11.0-cmdline-ech-docs.patch
@@ -0,0 +1,59 @@
+https://github.com/curl/curl/commit/f4ee7bafda8d451255e935a3c585220dd3cf58c4
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 7 Nov 2024 23:21:14 +0100
+Subject: [PATCH] cmdline/ech.md: formatting cleanups
+
+Reported-by: Samuel Henrique
+Fixes #15506
+Closes #15517
+--- a/docs/cmdline-opts/ech.md
++++ b/docs/cmdline-opts/ech.md
+@@ -20,35 +20,33 @@ Specifies how to do ECH (Encrypted Client Hello).
+
+ The values allowed for \<config\> can be:
+
+-## "false" (default)
++## `false`
+
+-Do not attempt ECH
++Do not attempt ECH. The is the default.
+
+-## "grease"
++## `grease`
+
+ Send a GREASE ECH extension
+
+-## "true"
++## `true`
+
+ Attempt ECH if possible, but do not fail if ECH is not attempted.
+ (The connection fails if ECH is attempted but fails.)
+
+-## "hard"
++## `hard`
+
+-Attempt ECH and fail if that is not possible.
+-ECH only works with TLS 1.3 and also requires using
+-DoH or providing an ECHConfigList on the command line.
++Attempt ECH and fail if that is not possible. ECH only works with TLS 1.3 and
++also requires using DoH or providing an ECHConfigList on the command line.
+
+-## "ecl:<b64val>"
++## `ecl:<b64val>`
+
+ A base64 encoded ECHConfigList that is used for ECH.
+
+-## "pn:<name>"
++## `pn:<name>`
+
+-A name to use to over-ride the `public_name` field of an ECHConfigList
+-(only available with OpenSSL TLS support)
++A name to use to over-ride the `public_name` field of an ECHConfigList (only
++available with OpenSSL TLS support)
+
+-## Errors
++##
+
+-Most errors cause error
+-*CURLE_ECH_REQUIRED* (101).
++Most ECH related errors cause error *CURLE_ECH_REQUIRED* (101).
diff --git a/net-misc/curl/files/curl-8.11.0-cookie-case-sensitive.patch b/net-misc/curl/files/curl-8.11.0-cookie-case-sensitive.patch
new file mode 100644
index 0000000..d906aab
--- /dev/null
+++ b/net-misc/curl/files/curl-8.11.0-cookie-case-sensitive.patch
@@ -0,0 +1,56 @@
+https://github.com/curl/curl/commit/9919149aef67014150e2a1c75a7aa2c79204e30d
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Wed, 6 Nov 2024 11:26:25 +0100
+Subject: [PATCH] cookie: treat cookie name case sensitively
+
+Extend test 31 to verify
+
+Reported-by: delogicsreal on github
+Fixes #15492
+Closes #15493
+--- a/lib/cookie.c
++++ b/lib/cookie.c
+@@ -989,7 +989,7 @@ replace_existing(struct Curl_easy *data,
+ size_t myhash = cookiehash(co->domain);
+ for(n = Curl_llist_head(&ci->cookielist[myhash]); n; n = Curl_node_next(n)) {
+ struct Cookie *clist = Curl_node_elem(n);
+- if(strcasecompare(clist->name, co->name)) {
++ if(!strcmp(clist->name, co->name)) {
+ /* the names are identical */
+ bool matching_domains = FALSE;
+
+@@ -1029,7 +1029,7 @@ replace_existing(struct Curl_easy *data,
+ }
+ }
+
+- if(!replace_n && strcasecompare(clist->name, co->name)) {
++ if(!replace_n && !strcmp(clist->name, co->name)) {
+ /* the names are identical */
+
+ if(clist->domain && co->domain) {
+--- a/tests/data/test31
++++ b/tests/data/test31
+@@ -26,6 +26,7 @@ Set-Cookie: blankdomain=sure; domain=; path=/
+ %if !hyper
+ Set-Cookie: foobar=name; domain=anything.com; path=/ ; secure
+ Set-Cookie:ismatch=this ; domain=test31.curl; path=/silly/
++Set-Cookie:ISMATCH=this ; domain=test31.curl; path=/silly/
+ Set-Cookie: overwrite=this ; domain=test31.curl; path=/overwrite/
+ Set-Cookie: overwrite=this2 ; domain=test31.curl; path=/overwrite
+ Set-Cookie: sec1value=secure1 ; domain=test31.curl; path=/secure1/ ; secure
+@@ -75,6 +76,7 @@ Set-Cookie: securewithspace=after ; secure =
+ %else
+ Set-Cookie: foobar=name; domain=anything.com; path=/ ; secure
+ Set-Cookie: ismatch=this ; domain=test31.curl; path=/silly/
++Set-Cookie:ISMATCH=this ; domain=test31.curl; path=/silly/
+ Set-Cookie: overwrite=this ; domain=test31.curl; path=/overwrite/
+ Set-Cookie: overwrite=this2 ; domain=test31.curl; path=/overwrite
+ Set-Cookie: sec1value=secure1 ; domain=test31.curl; path=/secure1/ ; secure
+@@ -181,6 +183,7 @@ test31.curl FALSE /we/want/ FALSE 2118138987 nodomain value
+ #HttpOnly_.test31.curl TRUE /p2/ FALSE 0 httpo2 value2
+ #HttpOnly_.test31.curl TRUE /p1/ FALSE 0 httpo1 value1
+ .test31.curl TRUE /overwrite FALSE 0 overwrite this2
++.test31.curl TRUE /silly/ FALSE 0 ISMATCH this
+ .test31.curl TRUE /silly/ FALSE 0 ismatch this
+ test31.curl FALSE / FALSE 0 blankdomain sure
+ </file>
diff --git a/net-misc/curl/files/curl-8.11.0-curl-libssh-ipv6-brackets.patch b/net-misc/curl/files/curl-8.11.0-curl-libssh-ipv6-brackets.patch
new file mode 100644
index 0000000..6e1ecc0
--- /dev/null
+++ b/net-misc/curl/files/curl-8.11.0-curl-libssh-ipv6-brackets.patch
@@ -0,0 +1,26 @@
+https://github.com/curl/curl/commit/93c65c00e52c4c8cdc09b2d9194ce63763c7349e
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Fri, 8 Nov 2024 16:31:41 +0100
+Subject: [PATCH] libssh: when using IPv6 numerical address, add brackets
+
+Reported-by: henrikjehgmti on github
+Fixes #15522
+Closes #15524
+--- a/lib/vssh/libssh.c
++++ b/lib/vssh/libssh.c
+@@ -2191,7 +2191,14 @@ static CURLcode myssh_connect(struct Curl_easy *data, bool *done)
+ return CURLE_FAILED_INIT;
+ }
+
+- rc = ssh_options_set(ssh->ssh_session, SSH_OPTIONS_HOST, conn->host.name);
++ if(conn->bits.ipv6_ip) {
++ char ipv6[MAX_IPADR_LEN];
++ msnprintf(ipv6, sizeof(ipv6), "[%s]", conn->host.name);
++ rc = ssh_options_set(ssh->ssh_session, SSH_OPTIONS_HOST, ipv6);
++ }
++ else
++ rc = ssh_options_set(ssh->ssh_session, SSH_OPTIONS_HOST, conn->host.name);
++
+ if(rc != SSH_OK) {
+ failf(data, "Could not set remote host");
+ return CURLE_FAILED_INIT;
diff --git a/net-misc/curl/files/curl-8.11.0-duphandle-init-netrc.patch b/net-misc/curl/files/curl-8.11.0-duphandle-init-netrc.patch
new file mode 100644
index 0000000..4a3e82a
--- /dev/null
+++ b/net-misc/curl/files/curl-8.11.0-duphandle-init-netrc.patch
@@ -0,0 +1,195 @@
+https://github.com/curl/curl/commit/f5c616930b5cf148b1b2632da4f5963ff48bdf88
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 7 Nov 2024 08:52:38 +0100
+Subject: [PATCH] duphandle: also init netrc
+
+The netrc init was only done in the Curl_open, meaning that a duplicated
+handle would not get inited properly.
+
+Added test 2309 to verify. It does netrc auth with a duplicated handle.
+
+Regression from 3b43a05e000aa8f65bda513f733a
+
+Reported-by: tranzystorekk on github
+Fixes #15496
+Closes #15503
+--- a/lib/easy.c
++++ b/lib/easy.c
+@@ -940,6 +940,7 @@ CURL *curl_easy_duphandle(CURL *d)
+ goto fail;
+
+ Curl_dyn_init(&outcurl->state.headerb, CURL_MAX_HTTP_HEADER);
++ Curl_netrc_init(&outcurl->state.netrc);
+
+ /* the connection pool is setup on demand */
+ outcurl->state.lastconnect_id = -1;
+--- a/tests/data/Makefile.am
++++ b/tests/data/Makefile.am
+@@ -255,7 +255,7 @@ test2100 \
+ test2200 test2201 test2202 test2203 test2204 test2205 \
+ \
+ test2300 test2301 test2302 test2303 test2304 test2305 test2306 test2307 \
+-test2308 \
++test2308 test2309 \
+ \
+ test2400 test2401 test2402 test2403 test2404 test2405 test2406 \
+ \
+--- /dev/null
++++ b/tests/data/test2309
+@@ -0,0 +1,66 @@
++<testcase>
++<info>
++<keywords>
++netrc
++HTTP
++</keywords>
++</info>
++#
++# Server-side
++<reply>
++<data crlf="yes" nocheck="yes">
++HTTP/1.1 200 OK
++Date: Tue, 09 Nov 2010 14:49:00 GMT
++Server: test-server/fake
++Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
++ETag: "21025-dc7-39462498"
++Accept-Ranges: bytes
++Content-Length: 6
++Connection: close
++Content-Type: text/html
++Funny-head: yesyes
++
++-foo-
++</data>
++</reply>
++
++#
++# Client-side
++<client>
++<server>
++http
++</server>
++<features>
++proxy
++</features>
++
++# Reproducing issue 15496
++<name>
++HTTP with .netrc using duped easy handle
++</name>
++<tool>
++lib%TESTNUMBER
++</tool>
++<command>
++http://github.com %LOGDIR/netrc%TESTNUMBER http://%HOSTIP:%HTTPPORT/
++</command>
++<file name="%LOGDIR/netrc%TESTNUMBER" >
++
++machine github.com
++
++login daniel
++password $y$j9T$WUVjiVvDbRAWafDLs6cab1$01NX.oaZKf5lw8MR2Nk9Yaxv4CqbE0IaDF.GpGxPul1
++</file>
++</client>
++
++<verify>
++<protocol>
++GET http://github.com/ HTTP/1.1
++Host: github.com
++Authorization: Basic %b64[daniel:$y$j9T$WUVjiVvDbRAWafDLs6cab1$01NX.oaZKf5lw8MR2Nk9Yaxv4CqbE0IaDF.GpGxPul1]b64%
++Accept: */*
++Proxy-Connection: Keep-Alive
++
++</protocol>
++</verify>
++</testcase>
+--- a/tests/libtest/Makefile.inc
++++ b/tests/libtest/Makefile.inc
+@@ -77,7 +77,7 @@ LIBTESTPROGS = libauthretry libntlmconnect libprereq \
+ lib1945 lib1946 lib1947 lib1948 lib1955 lib1956 lib1957 lib1958 lib1959 \
+ lib1960 lib1964 \
+ lib1970 lib1971 lib1972 lib1973 lib1974 lib1975 \
+- lib2301 lib2302 lib2304 lib2305 lib2306 lib2308 \
++ lib2301 lib2302 lib2304 lib2305 lib2306 lib2308 lib2309 \
+ lib2402 lib2404 lib2405 \
+ lib2502 \
+ lib3010 lib3025 lib3026 lib3027 \
+@@ -683,6 +683,9 @@ lib2306_LDADD = $(TESTUTIL_LIBS)
+ lib2308_SOURCES = lib2308.c $(SUPPORTFILES)
+ lib2308_LDADD = $(TESTUTIL_LIBS)
+
++lib2309_SOURCES = lib2309.c $(SUPPORTFILES)
++lib2309_LDADD = $(TESTUTIL_LIBS)
++
+ lib2402_SOURCES = lib2402.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
+ lib2402_LDADD = $(TESTUTIL_LIBS)
+
+--- /dev/null
++++ b/tests/libtest/lib2309.c
+@@ -0,0 +1,66 @@
++/***************************************************************************
++ * _ _ ____ _
++ * Project ___| | | | _ \| |
++ * / __| | | | |_) | |
++ * | (__| |_| | _ <| |___
++ * \___|\___/|_| \_\_____|
++ *
++ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
++ *
++ * This software is licensed as described in the file COPYING, which
++ * you should have received as part of this distribution. The terms
++ * are also available at https://curl.se/docs/copyright.html.
++ *
++ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
++ * copies of the Software, and permit persons to whom the Software is
++ * furnished to do so, under the terms of the COPYING file.
++ *
++ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
++ * KIND, either express or implied.
++ *
++ * SPDX-License-Identifier: curl
++ *
++ ***************************************************************************/
++
++#include "test.h"
++#include "testtrace.h"
++
++#include <curl/curl.h>
++
++static size_t cb_ignore(char *buffer, size_t size, size_t nmemb, void *userp)
++{
++ (void)buffer;
++ (void)size;
++ (void)nmemb;
++ (void)userp;
++ return CURL_WRITEFUNC_ERROR;
++}
++
++CURLcode test(char *URL)
++{
++ CURL *curl;
++ CURL *curldupe;
++ CURLcode res = CURLE_OK;
++
++ global_init(CURL_GLOBAL_ALL);
++ curl = curl_easy_init();
++ if(curl) {
++ curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, cb_ignore);
++ curl_easy_setopt(curl, CURLOPT_URL, URL);
++ curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
++ curl_easy_setopt(curl, CURLOPT_PROXY, libtest_arg3);
++ curl_easy_setopt(curl, CURLOPT_NETRC, (long)CURL_NETRC_REQUIRED);
++ curl_easy_setopt(curl, CURLOPT_NETRC_FILE, libtest_arg2);
++
++ curldupe = curl_easy_duphandle(curl);
++ if(curldupe) {
++ res = curl_easy_perform(curldupe);
++ printf("Returned %d, should be %d.\n", res, CURLE_WRITE_ERROR);
++ fflush(stdout);
++ curl_easy_cleanup(curldupe);
++ }
++ curl_easy_cleanup(curl);
++ }
++ curl_global_cleanup();
++ return CURLE_OK;
++}
diff --git a/net-misc/curl/files/curl-8.11.0-mbedtls-global-init.patch b/net-misc/curl/files/curl-8.11.0-mbedtls-global-init.patch
new file mode 100644
index 0000000..2c60da8
--- /dev/null
+++ b/net-misc/curl/files/curl-8.11.0-mbedtls-global-init.patch
@@ -0,0 +1,71 @@
+https://github.com/curl/curl/commit/bcf8a848818ca0ca8d292c51c0ddeb93fa17fe62
+From: Stefan Eissing <stefan@eissing.org>
+Date: Thu, 7 Nov 2024 10:26:03 +0100
+Subject: [PATCH] mbedtls: call psa_crypt_init() in global init
+
+Run mbedtls' psa_crypt_init() in the general global init, optionally
+protected by mbedtls locks when available.
+
+CI: when building mbedtls, enabled thread safety
+
+Reported-by: wxiaoguang on github
+Fixes #15500
+Closes #15505
+--- a/lib/vtls/mbedtls.c
++++ b/lib/vtls/mbedtls.c
+@@ -54,7 +54,7 @@
+ # ifdef MBEDTLS_DEBUG
+ # include <mbedtls/debug.h>
+ # endif
+-#endif
++#endif /* MBEDTLS_VERSION_MAJOR >= 2 */
+
+ #include "cipher_suite.h"
+ #include "strcase.h"
+@@ -122,7 +122,7 @@ struct mbed_ssl_backend_data {
+ #define HAS_SESSION_TICKETS
+ #endif
+
+-#if defined(THREADING_SUPPORT)
++#ifdef THREADING_SUPPORT
+ static mbedtls_entropy_context ts_entropy;
+
+ static int entropy_init_initialized = 0;
+@@ -585,16 +585,6 @@ mbed_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data)
+ return CURLE_NOT_BUILT_IN;
+ }
+
+-#ifdef TLS13_SUPPORT
+- ret = psa_crypto_init();
+- if(ret != PSA_SUCCESS) {
+- mbedtls_strerror(ret, errorbuf, sizeof(errorbuf));
+- failf(data, "mbedTLS psa_crypto_init returned (-0x%04X) %s",
+- -ret, errorbuf);
+- return CURLE_SSL_CONNECT_ERROR;
+- }
+-#endif /* TLS13_SUPPORT */
+-
+ #ifdef THREADING_SUPPORT
+ mbedtls_ctr_drbg_init(&backend->ctr_drbg);
+
+@@ -1571,6 +1561,20 @@ static int mbedtls_init(void)
+ #ifdef THREADING_SUPPORT
+ entropy_init_mutex(&ts_entropy);
+ #endif
++#ifdef TLS13_SUPPORT
++ {
++ int ret;
++#ifdef THREADING_SUPPORT
++ Curl_mbedtlsthreadlock_lock_function(0);
++#endif
++ ret = psa_crypto_init();
++#ifdef THREADING_SUPPORT
++ Curl_mbedtlsthreadlock_unlock_function(0);
++#endif
++ if(ret != PSA_SUCCESS)
++ return 0;
++ }
++#endif /* TLS13_SUPPORT */
+ return 1;
+ }
+
diff --git a/net-misc/curl/files/curl-8.11.0-netrc-large-file.patch b/net-misc/curl/files/curl-8.11.0-netrc-large-file.patch
new file mode 100644
index 0000000..ba0e451
--- /dev/null
+++ b/net-misc/curl/files/curl-8.11.0-netrc-large-file.patch
@@ -0,0 +1,25 @@
+https://github.com/curl/curl/commit/0cdde0fdfbeb8c35420f6d03fa4b77ed73497694
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 7 Nov 2024 17:03:54 +0100
+Subject: [PATCH] netrc: support large file, longer lines, longer tokens
+
+Regression from 3b43a05e000aa8f6 (shipped in 8.11.0)
+
+Reported-by: Moritz
+Fixes #15513
+Closes #15514
+--- a/lib/netrc.c
++++ b/lib/netrc.c
+@@ -58,9 +58,9 @@ enum found_state {
+ #define NETRC_FAILED -1
+ #define NETRC_SUCCESS 0
+
+-#define MAX_NETRC_LINE 4096
+-#define MAX_NETRC_FILE (64*1024)
+-#define MAX_NETRC_TOKEN 128
++#define MAX_NETRC_LINE 16384
++#define MAX_NETRC_FILE (128*1024)
++#define MAX_NETRC_TOKEN 4096
+
+ static CURLcode file2memory(const char *filename, struct dynbuf *filebuf)
+ {
diff --git a/net-misc/curl/files/curl-8.11.0-setopt-http_content_decoding.patch b/net-misc/curl/files/curl-8.11.0-setopt-http_content_decoding.patch
new file mode 100644
index 0000000..68621e8
--- /dev/null
+++ b/net-misc/curl/files/curl-8.11.0-setopt-http_content_decoding.patch
@@ -0,0 +1,20 @@
+https://github.com/curl/curl/commit/878bc429f26c27294787dc59d7b53345d9edc5aa
+From: Jesus Malo Poyatos <jmalopoy@opentext.com>
+Date: Thu, 7 Nov 2024 14:00:53 +0100
+Subject: [PATCH] setopt: fix CURLOPT_HTTP_CONTENT_DECODING
+
+Regression from 30da1f5974d34841b30c4f (shipped in 8.11.0)
+
+Fixes #15511
+Closes #15510
+--- a/lib/setopt.c
++++ b/lib/setopt.c
+@@ -1146,7 +1146,7 @@ static CURLcode setopt_long(struct Curl_easy *data, CURLoption option,
+ /*
+ * raw data passed to the application when content encoding is used
+ */
+- data->set.http_ce_skip = enabled;
++ data->set.http_ce_skip = !enabled; /* reversed */
+ break;
+
+ #if !defined(CURL_DISABLE_FTP) || defined(USE_SSH)
diff --git a/net-misc/curl/files/curl-prefix-3.patch b/net-misc/curl/files/curl-prefix-3.patch
new file mode 100644
index 0000000..cebca0b
--- /dev/null
+++ b/net-misc/curl/files/curl-prefix-3.patch
@@ -0,0 +1,34 @@
+From 6927ecf38cf3372d539c88479e97707d855de07e Mon Sep 17 00:00:00 2001
+From: Matt Jolly <kangie@gentoo.org>
+Date: Sun, 10 Nov 2024 08:51:02 +1000
+Subject: [PATCH] Update prefix patch for 8.11.0
+
+---
+ curl-config.in | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/curl-config.in b/curl-config.in
+index 2dc40ed..1876d6c 100644
+--- a/curl-config.in
++++ b/curl-config.in
+@@ -147,7 +147,7 @@ while test "$#" -gt 0; do
+ else
+ CPPFLAG_CURL_STATICLIB=''
+ fi
+- if test "X@includedir@" = 'X/usr/include'; then
++ if test "X@includedir@" = "X@GENTOO_PORTAGE_EPREFIX@/usr/include"; then
+ echo "${CPPFLAG_CURL_STATICLIB}"
+ else
+ echo "${CPPFLAG_CURL_STATICLIB}-I@includedir@"
+@@ -155,7 +155,7 @@ while test "$#" -gt 0; do
+ ;;
+
+ --libs)
+- if test "X@libdir@" != 'X/usr/lib' -a "X@libdir@" != 'X/usr/lib64'; then
++ if test "X@libdir@" != "X@GENTOO_PORTAGE_EPREFIX@/usr/lib" -a "X@libdir@" != "X@GENTOO_PORTAGE_EPREFIX@/usr/lib64"; then
+ CURLLIBDIR="-L@libdir@ "
+ else
+ CURLLIBDIR=''
+--
+2.47.0
+
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [gentoo-commits] repo/proj/libressl:master commit in: net-misc/curl/, net-misc/curl/files/
@ 2025-02-09 15:13 orbea
0 siblings, 0 replies; 5+ messages in thread
From: orbea @ 2025-02-09 15:13 UTC (permalink / raw
To: gentoo-commits
commit: 1ea07b9a1fb95e214c4ef71b5c3cda38e91fed21
Author: orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Sun Feb 9 14:55:58 2025 +0000
Commit: orbea <orbea <AT> riseup <DOT> net>
CommitDate: Sun Feb 9 14:55:58 2025 +0000
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=1ea07b9a
net-misc/curl: sync ::gentoo
Signed-off-by: orbea <orbea <AT> riseup.net>
net-misc/curl/curl-8.12.0-r1.ebuild | 385 ++++++++++++++++++++++++++++
net-misc/curl/files/curl-8.12.0-multi.patch | 136 ++++++++++
2 files changed, 521 insertions(+)
diff --git a/net-misc/curl/curl-8.12.0-r1.ebuild b/net-misc/curl/curl-8.12.0-r1.ebuild
new file mode 100644
index 0000000..952ae72
--- /dev/null
+++ b/net-misc/curl/curl-8.12.0-r1.ebuild
@@ -0,0 +1,385 @@
+# Copyright 1999-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Maintainers should subscribe to the 'curl-distros' ML for backports etc
+# https://daniel.haxx.se/blog/2024/03/25/curl-distro-report/
+# https://lists.haxx.se/listinfo/curl-distros
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/danielstenberg.asc
+inherit autotools multilib-minimal multiprocessing prefix toolchain-funcs verify-sig
+
+DESCRIPTION="A Client that groks URLs"
+HOMEPAGE="https://curl.se/"
+
+if [[ ${PV} == 9999 ]]; then
+ inherit git-r3
+ EGIT_REPO_URI="https://github.com/curl/curl.git"
+else
+ SRC_URI="
+ https://curl.se/download/${P}.tar.xz
+ verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )
+ "
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+fi
+
+LICENSE="BSD curl ISC test? ( BSD-4 )"
+SLOT="0"
+IUSE="+adns +alt-svc brotli debug +ftp gnutls gopher +hsts +http2 +http3 idn +imap kerberos ldap mbedtls +openssl +pop3"
+IUSE+=" +psl +progress-meter +quic rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp +websockets zstd"
+# These select the default tls implementation / which quic impl to use
+IUSE+=" curl_quic_openssl +curl_quic_ngtcp2 curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls"
+RESTRICT="!test? ( test )"
+
+# Only one default ssl / quic provider can be enabled
+# The default provider needs its USE satisfied
+# HTTP/3 and MultiSSL are mutually exclusive; it's not clear if MultiSSL offers any benefit at all in the modern day.
+# https://github.com/curl/curl/commit/65ece771f4602107d9cdd339dff4b420280a2c2e
+REQUIRED_USE="
+ quic? (
+ !curl_quic_openssl
+ curl_quic_ngtcp2
+ http3
+ ssl
+ )
+ ssl? (
+ ^^ (
+ curl_ssl_gnutls
+ curl_ssl_mbedtls
+ curl_ssl_openssl
+ curl_ssl_rustls
+ )
+ )
+ curl_quic_openssl? (
+ curl_ssl_openssl
+ quic
+ !gnutls
+ !mbedtls
+ !rustls
+ )
+ curl_quic_ngtcp2? (
+ quic
+ !mbedtls
+ !rustls
+ )
+ curl_ssl_gnutls? ( gnutls )
+ curl_ssl_mbedtls? ( mbedtls )
+ curl_ssl_openssl? ( openssl )
+ curl_ssl_rustls? ( rustls )
+ http3? ( alt-svc quic )
+"
+
+# cURL's docs and CI/CD are great resources for confirming supported versions
+# particulary for fast-moving targets like HTTP/2 and TCP/2 e.g.:
+# - https://github.com/curl/curl/blob/master/docs/INTERNALS.md (core dependencies + minimum versions)
+# - https://github.com/curl/curl/blob/master/docs/HTTP3.md (example of a feature that moves quickly)
+# - https://github.com/curl/curl/blob/master/.github/workflows/http3-linux.yml (CI/CD for TCP/2)
+# However 'supported' vs 'works' are two entirely different things; be sane but
+# don't be afraid to require a later version.
+# ngtcp2 = https://bugs.gentoo.org/912029 - can only build with one tls backend at a time.
+RDEPEND="
+ >=sys-libs/zlib-1.1.4[${MULTILIB_USEDEP}]
+ adns? ( >=net-dns/c-ares-1.16.0:=[${MULTILIB_USEDEP}] )
+ brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
+ http2? ( >=net-libs/nghttp2-1.15.0:=[${MULTILIB_USEDEP}] )
+ http3? ( >=net-libs/nghttp3-1.1.0[${MULTILIB_USEDEP}] )
+ idn? ( >=net-dns/libidn2-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
+ kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
+ ldap? ( >=net-nds/openldap-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
+ psl? ( net-libs/libpsl[${MULTILIB_USEDEP}] )
+ quic? (
+ curl_quic_openssl? ( >=dev-libs/openssl-3.3.0:=[quic,${MULTILIB_USEDEP}] )
+ curl_quic_ngtcp2? ( >=net-libs/ngtcp2-1.2.0[ssl,openssl,${MULTILIB_USEDEP}] )
+ )
+ rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
+ ssh? ( >=net-libs/libssh2-1.0.0[${MULTILIB_USEDEP}] )
+ ssl? (
+ gnutls? (
+ app-misc/ca-certificates
+ >=net-libs/gnutls-3.1.10:=[static-libs?,${MULTILIB_USEDEP}]
+ dev-libs/nettle:=[${MULTILIB_USEDEP}]
+ )
+ mbedtls? (
+ app-misc/ca-certificates
+ net-libs/mbedtls:0=[${MULTILIB_USEDEP}]
+ )
+ openssl? (
+ >=dev-libs/openssl-0.9.7:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
+ )
+ rustls? (
+ >=net-libs/rustls-ffi-0.14.0:=[${MULTILIB_USEDEP}]
+ )
+ )
+ zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )
+"
+
+DEPEND="${RDEPEND}"
+
+BDEPEND="
+ dev-lang/perl
+ virtual/pkgconfig
+ test? (
+ sys-apps/diffutils
+ http2? ( >=net-libs/nghttp2-1.15.0:=[utils,${MULTILIB_USEDEP}] )
+ http3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] )
+ )
+ verify-sig? ( sec-keys/openpgp-keys-danielstenberg )
+"
+
+DOCS=( README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
+
+MULTILIB_WRAPPED_HEADERS=(
+ /usr/include/curl/curlbuild.h
+)
+
+MULTILIB_CHOST_TOOLS=(
+ /usr/bin/curl-config
+)
+
+QA_CONFIG_IMPL_DECL_SKIP=(
+ __builtin_available
+ closesocket
+ CloseSocket
+ getpass_r
+ ioctlsocket
+ IoctlSocket
+ mach_absolute_time
+ setmode
+ _fseeki64
+ # custom AC_LINK_IFELSE code fails to link even without -Werror
+ OSSL_QUIC_client_method
+)
+
+PATCHES=(
+ "${FILESDIR}/${PN}-prefix-4.patch"
+ "${FILESDIR}/${PN}-respect-cflags-3.patch"
+ "${FILESDIR}/${P}-multi.patch"
+)
+
+src_prepare() {
+ default
+
+ eprefixify curl-config.in
+ eautoreconf
+}
+
+multilib_src_configure() {
+ # We make use of the fact that later flags override earlier ones
+ # So start with all ssl providers off until proven otherwise
+ # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
+ local myconf=()
+
+ myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
+ if use ssl; then
+ myconf+=( --without-gnutls --without-mbedtls --without-rustls )
+
+ if use gnutls; then
+ multilib_is_native_abi && einfo "SSL provided by gnutls"
+ myconf+=( --with-gnutls )
+ fi
+ if use mbedtls; then
+ multilib_is_native_abi && einfo "SSL provided by mbedtls"
+ myconf+=( --with-mbedtls )
+ fi
+ if use openssl; then
+ multilib_is_native_abi && einfo "SSL provided by openssl"
+ myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
+ fi
+ if use rustls; then
+ multilib_is_native_abi && einfo "SSL provided by rustls"
+ myconf+=( --with-rustls )
+ fi
+ if use curl_ssl_gnutls; then
+ multilib_is_native_abi && einfo "Default SSL provided by gnutls"
+ myconf+=( --with-default-ssl-backend=gnutls )
+ elif use curl_ssl_mbedtls; then
+ multilib_is_native_abi && einfo "Default SSL provided by mbedtls"
+ myconf+=( --with-default-ssl-backend=mbedtls )
+ elif use curl_ssl_openssl; then
+ multilib_is_native_abi && einfo "Default SSL provided by openssl"
+ myconf+=( --with-default-ssl-backend=openssl )
+ elif use curl_ssl_rustls; then
+ multilib_is_native_abi && einfo "Default SSL provided by rustls"
+ myconf+=( --with-default-ssl-backend=rustls )
+ else
+ eerror "We can't be here because of REQUIRED_USE."
+ die "Please file a bug, hit impossible condition w/ USE=ssl handling."
+ fi
+
+ else
+ myconf+=( --without-ssl )
+ einfo "SSL disabled"
+ fi
+
+ # These configuration options are organized alphabetically
+ # within each category. This should make it easier if we
+ # ever decide to make any of them contingent on USE flags:
+ # 1) protocols first. To see them all do
+ # 'grep SUPPORT_PROTOCOLS configure.ac'
+ # 2) --enable/disable options second.
+ # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
+ # 3) --with/without options third.
+ # grep -- --with configure | grep Check | awk '{ print $4 }' | sort
+
+ myconf+=(
+ $(use_enable alt-svc)
+ --enable-basic-auth
+ --enable-bearer-auth
+ --enable-digest-auth
+ --enable-kerberos-auth
+ --enable-negotiate-auth
+ --enable-aws
+ --enable-dict
+ --disable-ech
+ --enable-file
+ $(use_enable ftp)
+ $(use_enable gopher)
+ $(use_enable hsts)
+ --enable-http
+ $(use_enable imap)
+ $(use_enable ldap)
+ $(use_enable ldap ldaps)
+ --enable-ntlm
+ $(use_enable pop3)
+ --enable-rt
+ --enable-rtsp
+ $(use_enable samba smb)
+ $(use_with ssh libssh2)
+ $(use_enable smtp)
+ $(use_enable telnet)
+ $(use_enable tftp)
+ --enable-tls-srp
+ $(use_enable adns ares)
+ --enable-cookies
+ --enable-dateparse
+ --enable-dnsshuffle
+ --enable-doh
+ --enable-symbol-hiding
+ --enable-http-auth
+ --enable-ipv6
+ --enable-largefile
+ --enable-manual
+ --enable-mime
+ --enable-netrc
+ $(use_enable progress-meter)
+ --enable-proxy
+ --enable-socketpair
+ --disable-sspi
+ $(use_enable static-libs static)
+ --disable-versioned-symbols
+ --without-amissl
+ --without-bearssl
+ $(use_with brotli)
+ --with-fish-functions-dir="${EPREFIX}"/usr/share/fish/vendor_completions.d
+ $(use_with http2 nghttp2)
+ $(use_with idn libidn2)
+ $(use_with kerberos gssapi "${EPREFIX}"/usr)
+ --without-libgsasl
+ $(use_with psl libpsl)
+ --without-msh3
+ $(use_with http3 nghttp3)
+ $(use_with curl_quic_ngtcp2 ngtcp2)
+ $(use_with curl_quic_openssl openssl-quic)
+ --without-quiche
+ $(use_with rtmp librtmp)
+ --without-schannel
+ --without-secure-transport
+ --without-test-caddy
+ --without-test-httpd
+ --without-test-nghttpx
+ $(use_enable websockets)
+ --without-winidn
+ --without-wolfssl
+ --with-zlib
+ $(use_with zstd)
+ --with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions
+ )
+
+ if use debug; then
+ myconf+=(
+ --enable-debug
+ )
+ fi
+
+ if use test && multilib_is_native_abi && ( use http2 || use http3 ); then
+ myconf+=(
+ --with-test-nghttpx="${BROOT}/usr/bin/nghttpx"
+ )
+ fi
+
+ # Since 8.12.0 adns/c-ares and the threaded resolver are mutually exclusive
+ # This is in support of some work to enable `httpsrr` to use adns and the rest
+ # of curl to use the threaded resolver; we'll just make `httpsrr` conditional on adns
+ # when the time comes.
+ if use adns; then
+ myconf+=(
+ --disable-threaded-resolver
+ )
+ else
+ myconf+=(
+ --enable-threaded-resolver
+ )
+ fi
+
+ ECONF_SOURCE="${S}" econf "${myconf[@]}"
+
+ if ! multilib_is_native_abi; then
+ # Avoid building the client (we just want libcurl for multilib)
+ sed -i -e '/SUBDIRS/s:src::' Makefile || die
+ sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
+ fi
+
+}
+
+multilib_src_compile() {
+ default
+
+ if multilib_is_native_abi; then
+ # Shell completions
+ ! tc-is-cross-compiler && emake -C scripts
+ fi
+}
+
+# There is also a pytest harness that tests for bugs in some very specific
+# situations; we can rely on upstream for this rather than adding additional test deps.
+multilib_src_test() {
+ # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
+ # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
+ # -v: verbose
+ # -a: keep going on failure (so we see everything that breaks, not just 1st test)
+ # -k: keep test files after completion
+ # -am: automake style TAP output
+ # -p: print logs if test fails
+ # Note: if needed, we can skip specific tests. See e.g. Fedora's packaging
+ # or just read https://github.com/curl/curl/tree/master/tests#run.
+ # Note: we don't run the testsuite for cross-compilation.
+ # Upstream recommend 7*nproc as a starting point for parallel tests, but
+ # this ends up breaking when nproc is huge (like -j80).
+ # The network sandbox causes tests 241 and 1083 to fail; these are typically skipped
+ # as most gentoo users don't have an 'ip6-localhost'
+ multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p -j$((2*$(makeopts_jobs))) !241 !1083"
+}
+
+multilib_src_install() {
+ emake DESTDIR="${D}" install
+
+ if multilib_is_native_abi; then
+ # Shell completions
+ ! tc-is-cross-compiler && emake -C scripts DESTDIR="${D}" install
+ fi
+}
+
+multilib_src_install_all() {
+ einstalldocs
+ find "${ED}" -type f -name '*.la' -delete || die
+ rm -rf "${ED}"/etc/ || die
+}
+
+pkg_postinst() {
+ if use debug; then
+ ewarn "USE=debug has been selected, enabling debug codepaths and making cURL extra verbose."
+ ewarn "Use this _only_ for testing. Debug builds should _not_ be used in anger."
+ ewarn "hic sunt dracones; you have been warned."
+ fi
+}
diff --git a/net-misc/curl/files/curl-8.12.0-multi.patch b/net-misc/curl/files/curl-8.12.0-multi.patch
new file mode 100644
index 0000000..b9405af
--- /dev/null
+++ b/net-misc/curl/files/curl-8.12.0-multi.patch
@@ -0,0 +1,136 @@
+https://github.com/curl/curl/issues/16236#issuecomment-2645385845
+https://github.com/curl/curl/commit/242a1439e7d8cdb72ae6a2fa2e705e2d9a2b7501
+
+
+--- a/lib/setopt.c
++++ b/lib/setopt.c
+@@ -1584,10 +1584,6 @@ static CURLcode setopt_pointers(struct Curl_easy *data, CURLoption option,
+ if(data->share->hsts == data->hsts)
+ data->hsts = NULL;
+ #endif
+-#ifdef USE_SSL
+- if(data->share->ssl_scache == data->state.ssl_scache)
+- data->state.ssl_scache = data->multi ? data->multi->ssl_scache : NULL;
+-#endif
+ #ifdef USE_LIBPSL
+ if(data->psl == &data->share->psl)
+ data->psl = data->multi ? &data->multi->psl : NULL;
+@@ -1628,10 +1624,6 @@ static CURLcode setopt_pointers(struct Curl_easy *data, CURLoption option,
+ data->hsts = data->share->hsts;
+ }
+ #endif
+-#ifdef USE_SSL
+- if(data->share->ssl_scache)
+- data->state.ssl_scache = data->share->ssl_scache;
+-#endif
+ #ifdef USE_LIBPSL
+ if(data->share->specifier & (1 << CURL_LOCK_DATA_PSL))
+ data->psl = &data->share->psl;
+--- a/lib/transfer.c
++++ b/lib/transfer.c
+@@ -567,12 +567,6 @@ CURLcode Curl_pretransfer(struct Curl_easy *data)
+ #endif
+ data->state.httpreq = data->set.method;
+
+-#ifdef USE_SSL
+- if(!data->state.ssl_scache)
+- /* There was no ssl session cache set via a share, use the multi one */
+- data->state.ssl_scache = data->multi->ssl_scache;
+-#endif
+-
+ data->state.requests = 0;
+ data->state.followlocation = 0; /* reset the location-follow counter */
+ data->state.this_is_a_follow = FALSE; /* reset this */
+--- a/lib/urldata.h
++++ b/lib/urldata.h
+@@ -1199,7 +1199,6 @@ struct UrlState {
+ curl_prot_t first_remote_protocol;
+
+ int retrycount; /* number of retries on a new connection */
+- struct Curl_ssl_scache *ssl_scache; /* TLS session pool */
+ int os_errno; /* filled in with errno whenever an error occurs */
+ long followlocation; /* redirect counter */
+ int requests; /* request counter: redirects + authentication retakes */
+--- a/lib/vtls/vtls_scache.c
++++ b/lib/vtls/vtls_scache.c
+@@ -82,6 +82,17 @@ struct Curl_ssl_scache {
+ long age;
+ };
+
++static struct Curl_ssl_scache *cf_ssl_scache_get(struct Curl_easy *data)
++{
++ struct Curl_ssl_scache *scache = NULL;
++ /* If a share is present, its ssl_scache has preference over the multi */
++ if(data->share && data->share->ssl_scache)
++ scache = data->share->ssl_scache;
++ else if(data->multi && data->multi->ssl_scache)
++ scache = data->multi->ssl_scache;
++ return scache;
++}
++
+ static void cf_ssl_scache_clear_session(struct Curl_ssl_session *s)
+ {
+ if(s->sdata) {
+@@ -792,7 +803,7 @@ CURLcode Curl_ssl_scache_put(struct Curl_cfilter *cf,
+ const char *ssl_peer_key,
+ struct Curl_ssl_session *s)
+ {
+- struct Curl_ssl_scache *scache = data->state.ssl_scache;
++ struct Curl_ssl_scache *scache = cf_ssl_scache_get(data);
+ struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data);
+ CURLcode result;
+ DEBUGASSERT(ssl_config);
+@@ -826,7 +837,7 @@ CURLcode Curl_ssl_scache_take(struct Curl_cfilter *cf,
+ const char *ssl_peer_key,
+ struct Curl_ssl_session **ps)
+ {
+- struct Curl_ssl_scache *scache = data->state.ssl_scache;
++ struct Curl_ssl_scache *scache = cf_ssl_scache_get(data);
+ struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
+ struct Curl_ssl_scache_peer *peer = NULL;
+ struct Curl_llist_node *n;
+@@ -870,7 +881,7 @@ CURLcode Curl_ssl_scache_add_obj(struct Curl_cfilter *cf,
+ void *sobj,
+ Curl_ssl_scache_obj_dtor *sobj_free)
+ {
+- struct Curl_ssl_scache *scache = data->state.ssl_scache;
++ struct Curl_ssl_scache *scache = cf_ssl_scache_get(data);
+ struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
+ struct Curl_ssl_scache_peer *peer = NULL;
+ CURLcode result;
+@@ -898,7 +909,7 @@ bool Curl_ssl_scache_get_obj(struct Curl_cfilter *cf,
+ const char *ssl_peer_key,
+ void **sobj)
+ {
+- struct Curl_ssl_scache *scache = data->state.ssl_scache;
++ struct Curl_ssl_scache *scache = cf_ssl_scache_get(data);
+ struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
+ struct Curl_ssl_scache_peer *peer = NULL;
+ CURLcode result;
+@@ -924,7 +935,7 @@ void Curl_ssl_scache_remove_all(struct Curl_cfilter *cf,
+ struct Curl_easy *data,
+ const char *ssl_peer_key)
+ {
+- struct Curl_ssl_scache *scache = data->state.ssl_scache;
++ struct Curl_ssl_scache *scache = cf_ssl_scache_get(data);
+ struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
+ struct Curl_ssl_scache_peer *peer = NULL;
+ CURLcode result;
+@@ -1021,7 +1032,7 @@ CURLcode Curl_ssl_session_import(struct Curl_easy *data,
+ const unsigned char *shmac, size_t shmac_len,
+ const unsigned char *sdata, size_t sdata_len)
+ {
+- struct Curl_ssl_scache *scache = data->state.ssl_scache;
++ struct Curl_ssl_scache *scache = cf_ssl_scache_get(data);
+ struct Curl_ssl_scache_peer *peer = NULL;
+ struct Curl_ssl_session *s = NULL;
+ bool locked = FALSE;
+@@ -1092,7 +1103,7 @@ CURLcode Curl_ssl_session_export(struct Curl_easy *data,
+ curl_ssls_export_cb *export_fn,
+ void *userptr)
+ {
+- struct Curl_ssl_scache *scache = data->state.ssl_scache;
++ struct Curl_ssl_scache *scache = cf_ssl_scache_get(data);
+ struct Curl_ssl_scache_peer *peer;
+ struct dynbuf sbuf, hbuf;
+ struct Curl_llist_node *n;
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [gentoo-commits] repo/proj/libressl:master commit in: net-misc/curl/, net-misc/curl/files/
@ 2025-03-23 16:37 orbea
0 siblings, 0 replies; 5+ messages in thread
From: orbea @ 2025-03-23 16:37 UTC (permalink / raw
To: gentoo-commits
commit: 44b4dc7992875640b9f0c7456a2b671e06f466ab
Author: orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Sun Mar 23 16:35:49 2025 +0000
Commit: orbea <orbea <AT> riseup <DOT> net>
CommitDate: Sun Mar 23 16:35:49 2025 +0000
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=44b4dc79
net-misc/curl: drop 8.9.1-r2, 8.10.1-r2, 8.12.0, 8.12.0-r1
Signed-off-by: orbea <orbea <AT> riseup.net>
net-misc/curl/Manifest | 6 -
net-misc/curl/curl-8.10.1-r2.ebuild | 379 --------------------
net-misc/curl/curl-8.12.0-r1.ebuild | 385 ---------------------
net-misc/curl/curl-8.12.0.ebuild | 384 --------------------
net-misc/curl/curl-8.9.1-r2.ebuild | 380 --------------------
.../curl/files/curl-8.11.0-cmdline-ech-docs.patch | 59 ----
.../files/curl-8.11.0-cookie-case-sensitive.patch | 56 ---
.../curl-8.11.0-curl-libssh-ipv6-brackets.patch | 26 --
.../files/curl-8.11.0-duphandle-init-netrc.patch | 195 -----------
.../files/curl-8.11.0-mbedtls-global-init.patch | 71 ----
.../curl/files/curl-8.11.0-netrc-large-file.patch | 25 --
.../curl-8.11.0-setopt-http_content_decoding.patch | 20 --
.../curl/files/curl-8.8.0-install-manpage.patch | 22 --
net-misc/curl/files/curl-8.8.0-mbedtls.patch | 42 ---
.../curl/files/curl-8.8.0-multi_wait-timeout.patch | 75 ----
15 files changed, 2125 deletions(-)
diff --git a/net-misc/curl/Manifest b/net-misc/curl/Manifest
index 1300283..6e83e73 100644
--- a/net-misc/curl/Manifest
+++ b/net-misc/curl/Manifest
@@ -1,10 +1,4 @@
-DIST curl-8.10.1.tar.xz 2726748 BLAKE2B bfdfa24f6d652884044c5e8eea5d70daad651b46255c99c9df502f9595a2dcbf8c4034446becf9e87f8e8a3f397a8fda29ab3e0d6020ac0dae62dd42b8136b78 SHA512 f1c7a12492dcfb8ba08be69b96a83ce9074592cbaa6b95c72b3c16fc58ad35e9f9deec7b72baca7d360d013b0b1c7ea38bd4edae464903ac67aa3c76238d8c6c
-DIST curl-8.10.1.tar.xz.asc 488 BLAKE2B 8e8f2b628d4e8964a76c1c43c5557aacbfc2d2dbc51be8a0fa1b157c257f15f29aedba842cba7cb270c4adcf0b4a5d9c8b0b3d49633c48b061fb3e1472303d66 SHA512 21d6d560c027efc9e3e5db182a77501d6376442221ba910df817e2ec980bee44a9fe2afc698205f8d5e8313ae47915a341d60206a46b46e816d73ee357a894ac
DIST curl-8.11.1.tar.xz 2751236 BLAKE2B a87ec2c78c5d6daf44eee4cf8e3ed124849d067f6c63145205fda18f33ddd3adce386058ead8f9b713f8e595f5e059acd13479eb00edc226247aabd3c2234112 SHA512 7c7c47a49505575b610c56b455f0919ea5082a993bf5483eeb258ead167aadb87078d626b343b417dcfc5439c53556425c8fb4fe3b01b53a87b47c01686a3e57
DIST curl-8.11.1.tar.xz.asc 488 BLAKE2B 53d58ebb8ab722d8394b7ce94b646c876324cd89b3e47d9129bddcfbb6db338c1dbe93a5e72a25caf7be9ddd450c2b0832cfee17beb8ba701bdeefe653235d53 SHA512 c09bedb67e83fb8ca3ad73c5bd0d92fed7fc2c26dbe5a71cccb193fd151c7219713241a9fe74baefcd1d008cfafba78142bf04cec24dd4a88d67179184d35824
-DIST curl-8.12.0.tar.xz 2777552 BLAKE2B b38c7465a38f6bbdc6daa1e8a27dc810f970c9172ddf532881e83965e1fa6001beff1bf358e5138e1a0ae1121d877f6a5a4f38ef7ea7e03c8b06dc46fbf24022 SHA512 ed35f0020541050ce387f4ba80f9e87562ececd99082da1bae85840dee81c49b86a4a55909e15fcbf4eb116106a796c29a9b2678dee11326f80db75992c6edc5
-DIST curl-8.12.0.tar.xz.asc 488 BLAKE2B 8977dabab96b6f188e8b16497e7a4e589f05b5512a9bc6ec0ee36797615c720b9cb5c34bc90df6ee037d898b8fa7f708ad2b2ff789163adcb5308a2e0d7cf9df SHA512 8526554ffb2187b48b6a4c6a0d4a8c73d484ef3ce4c3791add0e759baf953ac7ae0b2f88d688365b1f09c5745198611fa1761aa14d02ddf52823c4ff238779cd
DIST curl-8.12.1.tar.xz 2768160 BLAKE2B 2b3e3d91041881c0951ad470736266105d3b9720440b808fe382baa493a30075aba52eb1d329fb1f148e27cd76290d82e121e7f4abf695f215456a10e26ade3e SHA512 88915468fa1bb7256e3dd6c9d058ada6894faa1e3e7800c7d9bfee3e8be4081ae57e7f2bf260c5342b709499fc4302ddc2d7864e25bfa3300fa07f118a3de603
DIST curl-8.12.1.tar.xz.asc 488 BLAKE2B 2a6563609c9f7ada84ca2c7048ad9406809eef4cc958760d2ab3d1b7be58d26247e579bd025870609e80ebb00295026aae30614b84e3a81bdf3ed3dbd0f5ed70 SHA512 41fc5582935090d13940d86974fdea3ea901dd5dab156c16029a87f811d2535172c59dc8dc366f2ffc37bcf85accbecb5aa765bc7b83c2991a3ef402bf25af69
-DIST curl-8.9.1.tar.xz 2782364 BLAKE2B 6e38e20e2b03ab5bfbb8d9797442dfdd9644fc80d7b1f7c1efb1f44e0d730524e82ccf7413b2c6f4555bd61ae42f91ec7c0201e2c0d563811c85164aa234aada SHA512 a0fe234402875db194aad4e4208b7e67e7ffc1562622eea90948d4b9b0122c95c3dde8bbe2f7445a687cb3de7cb09f20e5819d424570442d976aa4c913227fc7
-DIST curl-8.9.1.tar.xz.asc 488 BLAKE2B 437268f6e5ba5db73f205fd87f3ded1e5fc200e8bf63a83cdb7e21dfbf2f4a4620e598cd0bf5d8fa1548ade08d45b386599542cd988df46a238b85790409f42e SHA512 18acd58436d70900ab6912b84774da2c451b9dbfc83d6d00f85bbbe7894b67075918e58956fdb753fcc1486e4f10caa31139d7c68b037d7c83dc2e9c2fae9f9b
diff --git a/net-misc/curl/curl-8.10.1-r2.ebuild b/net-misc/curl/curl-8.10.1-r2.ebuild
deleted file mode 100644
index 9dda829..0000000
--- a/net-misc/curl/curl-8.10.1-r2.ebuild
+++ /dev/null
@@ -1,379 +0,0 @@
-# Copyright 1999-2025 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-# Maintainers should subscribe to the 'curl-distros' ML for backports etc
-# https://daniel.haxx.se/blog/2024/03/25/curl-distro-report/
-# https://lists.haxx.se/listinfo/curl-distros
-
-VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/danielstenberg.asc
-inherit autotools multilib-minimal multiprocessing prefix toolchain-funcs verify-sig
-
-DESCRIPTION="A Client that groks URLs"
-HOMEPAGE="https://curl.se/"
-
-if [[ ${PV} == 9999 ]]; then
- inherit git-r3
- EGIT_REPO_URI="https://github.com/curl/curl.git"
-else
- SRC_URI="
- https://curl.se/download/${P}.tar.xz
- verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )
- "
- KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
-fi
-
-LICENSE="BSD curl ISC test? ( BSD-4 )"
-SLOT="0"
-IUSE="+adns +alt-svc brotli debug +ftp gnutls gopher +hsts +http2 +http3 idn +imap kerberos ldap mbedtls +openssl +pop3"
-IUSE+=" +psl +progress-meter +quic rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp +websockets zstd"
-# These select the default tls implementation / which quic impl to use
-IUSE+=" curl_quic_openssl +curl_quic_ngtcp2 curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls"
-RESTRICT="!test? ( test )"
-
-# Only one default ssl / quic provider can be enabled
-# The default provider needs its USE satisfied
-# HTTP/3 and MultiSSL are mutually exclusive; it's not clear if MultiSSL offers any benefit at all in the modern day.
-# https://github.com/curl/curl/commit/65ece771f4602107d9cdd339dff4b420280a2c2e
-REQUIRED_USE="
- quic? (
- !curl_quic_openssl
- curl_quic_ngtcp2
- http3
- ssl
- )
- ssl? (
- ^^ (
- curl_ssl_gnutls
- curl_ssl_mbedtls
- curl_ssl_openssl
- curl_ssl_rustls
- )
- )
- curl_quic_openssl? (
- curl_ssl_openssl
- quic
- !gnutls
- !mbedtls
- !rustls
- )
- curl_quic_ngtcp2? (
- quic
- !mbedtls
- !rustls
- )
- curl_ssl_gnutls? ( gnutls )
- curl_ssl_mbedtls? ( mbedtls )
- curl_ssl_openssl? ( openssl )
- curl_ssl_rustls? ( rustls )
- http3? ( alt-svc quic )
-"
-
-# cURL's docs and CI/CD are great resources for confirming supported versions
-# particulary for fast-moving targets like HTTP/2 and TCP/2 e.g.:
-# - https://github.com/curl/curl/blob/master/docs/INTERNALS.md (core dependencies + minimum versions)
-# - https://github.com/curl/curl/blob/master/docs/HTTP3.md (example of a feature that moves quickly)
-# - https://github.com/curl/curl/blob/master/.github/workflows/http3-linux.yml (CI/CD for TCP/2)
-# However 'supported' vs 'works' are two entirely different things; be sane but
-# don't be afraid to require a later version.
-# ngtcp2 = https://bugs.gentoo.org/912029 - can only build with one tls backend at a time.
-RDEPEND="
- >=sys-libs/zlib-1.1.4[${MULTILIB_USEDEP}]
- adns? ( >=net-dns/c-ares-1.16.0:=[${MULTILIB_USEDEP}] )
- brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
- http2? ( >=net-libs/nghttp2-1.15.0:=[${MULTILIB_USEDEP}] )
- http3? ( >=net-libs/nghttp3-1.1.0[${MULTILIB_USEDEP}] )
- idn? ( >=net-dns/libidn2-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
- kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
- ldap? ( >=net-nds/openldap-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
- psl? ( net-libs/libpsl[${MULTILIB_USEDEP}] )
- quic? (
- curl_quic_openssl? ( >=dev-libs/openssl-3.3.0:=[quic,${MULTILIB_USEDEP}] )
- curl_quic_ngtcp2? ( >=net-libs/ngtcp2-1.2.0[ssl,openssl,${MULTILIB_USEDEP}] )
- )
- rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
- ssh? ( >=net-libs/libssh2-1.0.0[${MULTILIB_USEDEP}] )
- ssl? (
- gnutls? (
- app-misc/ca-certificates
- >=net-libs/gnutls-3.1.10:=[static-libs?,${MULTILIB_USEDEP}]
- dev-libs/nettle:=[${MULTILIB_USEDEP}]
- )
- mbedtls? (
- app-misc/ca-certificates
- net-libs/mbedtls:0=[${MULTILIB_USEDEP}]
- )
- openssl? (
- >=dev-libs/openssl-0.9.7:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
- )
- rustls? (
- >=net-libs/rustls-ffi-0.14.0:=[${MULTILIB_USEDEP}]
- )
- )
- zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )
-"
-
-DEPEND="${RDEPEND}"
-
-BDEPEND="
- dev-lang/perl
- virtual/pkgconfig
- test? (
- sys-apps/diffutils
- http2? ( >=net-libs/nghttp2-1.15.0:=[utils,${MULTILIB_USEDEP}] )
- http3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] )
- )
- verify-sig? ( sec-keys/openpgp-keys-danielstenberg )
-"
-
-DOCS=( README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
-
-MULTILIB_WRAPPED_HEADERS=(
- /usr/include/curl/curlbuild.h
-)
-
-MULTILIB_CHOST_TOOLS=(
- /usr/bin/curl-config
-)
-
-QA_CONFIG_IMPL_DECL_SKIP=(
- __builtin_available
- closesocket
- CloseSocket
- getpass_r
- ioctlsocket
- IoctlSocket
- mach_absolute_time
- setmode
- _fseeki64
- # custom AC_LINK_IFELSE code fails to link even without -Werror
- OSSL_QUIC_client_method
-)
-
-PATCHES=(
- "${FILESDIR}"/${PN}-prefix-2.patch
- "${FILESDIR}"/${PN}-respect-cflags-3.patch
-)
-
-src_prepare() {
- default
-
- eprefixify curl-config.in
- eautoreconf
-}
-
-multilib_src_configure() {
- # We make use of the fact that later flags override earlier ones
- # So start with all ssl providers off until proven otherwise
- # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
- local myconf=()
-
- myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
- if use ssl; then
- myconf+=( --without-gnutls --without-mbedtls --without-rustls )
-
- if use gnutls; then
- multilib_is_native_abi && einfo "SSL provided by gnutls"
- myconf+=( --with-gnutls )
- fi
- if use mbedtls; then
- multilib_is_native_abi && einfo "SSL provided by mbedtls"
- myconf+=( --with-mbedtls )
- fi
- if use openssl; then
- multilib_is_native_abi && einfo "SSL provided by openssl"
- myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
- fi
- if use rustls; then
- multilib_is_native_abi && einfo "SSL provided by rustls"
- myconf+=( --with-rustls )
- fi
- if use curl_ssl_gnutls; then
- multilib_is_native_abi && einfo "Default SSL provided by gnutls"
- myconf+=( --with-default-ssl-backend=gnutls )
- elif use curl_ssl_mbedtls; then
- multilib_is_native_abi && einfo "Default SSL provided by mbedtls"
- myconf+=( --with-default-ssl-backend=mbedtls )
- elif use curl_ssl_openssl; then
- multilib_is_native_abi && einfo "Default SSL provided by openssl"
- myconf+=( --with-default-ssl-backend=openssl )
- elif use curl_ssl_rustls; then
- multilib_is_native_abi && einfo "Default SSL provided by rustls"
- myconf+=( --with-default-ssl-backend=rustls )
- else
- eerror "We can't be here because of REQUIRED_USE."
- die "Please file a bug, hit impossible condition w/ USE=ssl handling."
- fi
-
- else
- myconf+=( --without-ssl )
- einfo "SSL disabled"
- fi
-
- # These configuration options are organized alphabetically
- # within each category. This should make it easier if we
- # ever decide to make any of them contingent on USE flags:
- # 1) protocols first. To see them all do
- # 'grep SUPPORT_PROTOCOLS configure.ac'
- # 2) --enable/disable options second.
- # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
- # 3) --with/without options third.
- # grep -- --with configure | grep Check | awk '{ print $4 }' | sort
-
- myconf+=(
- $(use_enable alt-svc)
- --enable-basic-auth
- --enable-bearer-auth
- --enable-digest-auth
- --enable-kerberos-auth
- --enable-negotiate-auth
- --enable-aws
- --enable-dict
- --disable-ech
- --enable-file
- $(use_enable ftp)
- $(use_enable gopher)
- $(use_enable hsts)
- --enable-http
- $(use_enable imap)
- $(use_enable ldap)
- $(use_enable ldap ldaps)
- --enable-ntlm
- $(use_enable pop3)
- --enable-rt
- --enable-rtsp
- $(use_enable samba smb)
- $(use_with ssh libssh2)
- $(use_enable smtp)
- $(use_enable telnet)
- $(use_enable tftp)
- --enable-tls-srp
- $(use_enable adns ares)
- --enable-cookies
- --enable-dateparse
- --enable-dnsshuffle
- --enable-doh
- --enable-symbol-hiding
- --enable-http-auth
- --enable-ipv6
- --enable-largefile
- --enable-manual
- --enable-mime
- --enable-netrc
- $(use_enable progress-meter)
- --enable-proxy
- --enable-socketpair
- --disable-sspi
- $(use_enable static-libs static)
- --enable-pthreads
- --enable-threaded-resolver
- --disable-versioned-symbols
- --without-amissl
- --without-bearssl
- $(use_with brotli)
- --with-fish-functions-dir="${EPREFIX}"/usr/share/fish/vendor_completions.d
- $(use_with http2 nghttp2)
- --without-hyper
- $(use_with idn libidn2)
- $(use_with kerberos gssapi "${EPREFIX}"/usr)
- --without-libgsasl
- $(use_with psl libpsl)
- --without-msh3
- $(use_with http3 nghttp3)
- $(use_with curl_quic_ngtcp2 ngtcp2)
- $(use_with curl_quic_openssl openssl-quic)
- --without-quiche
- $(use_with rtmp librtmp)
- --without-schannel
- --without-secure-transport
- --without-test-caddy
- --without-test-httpd
- --without-test-nghttpx
- $(use_enable websockets)
- --without-winidn
- --without-wolfssl
- --with-zlib
- $(use_with zstd)
- --with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions
- )
-
- if use debug; then
- myconf+=(
- --enable-debug
- )
- fi
-
- if use test && multilib_is_native_abi && ( use http2 || use http3 ); then
- myconf+=(
- --with-test-nghttpx="${BROOT}/usr/bin/nghttpx"
- )
- fi
-
- if [[ ${CHOST} == *mingw* ]] ; then
- myconf+=(
- --disable-pthreads
- )
- fi
-
- ECONF_SOURCE="${S}" econf "${myconf[@]}"
-
- if ! multilib_is_native_abi; then
- # Avoid building the client (we just want libcurl for multilib)
- sed -i -e '/SUBDIRS/s:src::' Makefile || die
- sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
- fi
-
-}
-
-multilib_src_compile() {
- default
-
- if multilib_is_native_abi; then
- # Shell completions
- ! tc-is-cross-compiler && emake -C scripts
- fi
-}
-
-# There is also a pytest harness that tests for bugs in some very specific
-# situations; we can rely on upstream for this rather than adding additional test deps.
-multilib_src_test() {
- # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
- # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
- # -v: verbose
- # -a: keep going on failure (so we see everything that breaks, not just 1st test)
- # -k: keep test files after completion
- # -am: automake style TAP output
- # -p: print logs if test fails
- # Note: if needed, we can skip specific tests. See e.g. Fedora's packaging
- # or just read https://github.com/curl/curl/tree/master/tests#run.
- # Note: we don't run the testsuite for cross-compilation.
- # Upstream recommend 7*nproc as a starting point for parallel tests, but
- # this ends up breaking when nproc is huge (like -j80).
- # The network sandbox causes tests 241 and 1083 to fail; these are typically skipped
- # as most gentoo users don't have an 'ip6-localhost'
- multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p -j$((2*$(makeopts_jobs))) !241 !1083"
-}
-
-multilib_src_install() {
- emake DESTDIR="${D}" install
-
- if multilib_is_native_abi; then
- # Shell completions
- ! tc-is-cross-compiler && emake -C scripts DESTDIR="${D}" install
- fi
-}
-
-multilib_src_install_all() {
- einstalldocs
- find "${ED}" -type f -name '*.la' -delete || die
- rm -rf "${ED}"/etc/ || die
-}
-
-pkg_postinst() {
- if use debug; then
- ewarn "USE=debug has been selected, enabling debug codepaths and making cURL extra verbose."
- ewarn "Use this _only_ for testing. Debug builds should _not_ be used in anger."
- ewarn "hic sunt dracones; you have been warned."
- fi
-}
diff --git a/net-misc/curl/curl-8.12.0-r1.ebuild b/net-misc/curl/curl-8.12.0-r1.ebuild
deleted file mode 100644
index 952ae72..0000000
--- a/net-misc/curl/curl-8.12.0-r1.ebuild
+++ /dev/null
@@ -1,385 +0,0 @@
-# Copyright 1999-2025 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-# Maintainers should subscribe to the 'curl-distros' ML for backports etc
-# https://daniel.haxx.se/blog/2024/03/25/curl-distro-report/
-# https://lists.haxx.se/listinfo/curl-distros
-
-VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/danielstenberg.asc
-inherit autotools multilib-minimal multiprocessing prefix toolchain-funcs verify-sig
-
-DESCRIPTION="A Client that groks URLs"
-HOMEPAGE="https://curl.se/"
-
-if [[ ${PV} == 9999 ]]; then
- inherit git-r3
- EGIT_REPO_URI="https://github.com/curl/curl.git"
-else
- SRC_URI="
- https://curl.se/download/${P}.tar.xz
- verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )
- "
- KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
-fi
-
-LICENSE="BSD curl ISC test? ( BSD-4 )"
-SLOT="0"
-IUSE="+adns +alt-svc brotli debug +ftp gnutls gopher +hsts +http2 +http3 idn +imap kerberos ldap mbedtls +openssl +pop3"
-IUSE+=" +psl +progress-meter +quic rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp +websockets zstd"
-# These select the default tls implementation / which quic impl to use
-IUSE+=" curl_quic_openssl +curl_quic_ngtcp2 curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls"
-RESTRICT="!test? ( test )"
-
-# Only one default ssl / quic provider can be enabled
-# The default provider needs its USE satisfied
-# HTTP/3 and MultiSSL are mutually exclusive; it's not clear if MultiSSL offers any benefit at all in the modern day.
-# https://github.com/curl/curl/commit/65ece771f4602107d9cdd339dff4b420280a2c2e
-REQUIRED_USE="
- quic? (
- !curl_quic_openssl
- curl_quic_ngtcp2
- http3
- ssl
- )
- ssl? (
- ^^ (
- curl_ssl_gnutls
- curl_ssl_mbedtls
- curl_ssl_openssl
- curl_ssl_rustls
- )
- )
- curl_quic_openssl? (
- curl_ssl_openssl
- quic
- !gnutls
- !mbedtls
- !rustls
- )
- curl_quic_ngtcp2? (
- quic
- !mbedtls
- !rustls
- )
- curl_ssl_gnutls? ( gnutls )
- curl_ssl_mbedtls? ( mbedtls )
- curl_ssl_openssl? ( openssl )
- curl_ssl_rustls? ( rustls )
- http3? ( alt-svc quic )
-"
-
-# cURL's docs and CI/CD are great resources for confirming supported versions
-# particulary for fast-moving targets like HTTP/2 and TCP/2 e.g.:
-# - https://github.com/curl/curl/blob/master/docs/INTERNALS.md (core dependencies + minimum versions)
-# - https://github.com/curl/curl/blob/master/docs/HTTP3.md (example of a feature that moves quickly)
-# - https://github.com/curl/curl/blob/master/.github/workflows/http3-linux.yml (CI/CD for TCP/2)
-# However 'supported' vs 'works' are two entirely different things; be sane but
-# don't be afraid to require a later version.
-# ngtcp2 = https://bugs.gentoo.org/912029 - can only build with one tls backend at a time.
-RDEPEND="
- >=sys-libs/zlib-1.1.4[${MULTILIB_USEDEP}]
- adns? ( >=net-dns/c-ares-1.16.0:=[${MULTILIB_USEDEP}] )
- brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
- http2? ( >=net-libs/nghttp2-1.15.0:=[${MULTILIB_USEDEP}] )
- http3? ( >=net-libs/nghttp3-1.1.0[${MULTILIB_USEDEP}] )
- idn? ( >=net-dns/libidn2-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
- kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
- ldap? ( >=net-nds/openldap-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
- psl? ( net-libs/libpsl[${MULTILIB_USEDEP}] )
- quic? (
- curl_quic_openssl? ( >=dev-libs/openssl-3.3.0:=[quic,${MULTILIB_USEDEP}] )
- curl_quic_ngtcp2? ( >=net-libs/ngtcp2-1.2.0[ssl,openssl,${MULTILIB_USEDEP}] )
- )
- rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
- ssh? ( >=net-libs/libssh2-1.0.0[${MULTILIB_USEDEP}] )
- ssl? (
- gnutls? (
- app-misc/ca-certificates
- >=net-libs/gnutls-3.1.10:=[static-libs?,${MULTILIB_USEDEP}]
- dev-libs/nettle:=[${MULTILIB_USEDEP}]
- )
- mbedtls? (
- app-misc/ca-certificates
- net-libs/mbedtls:0=[${MULTILIB_USEDEP}]
- )
- openssl? (
- >=dev-libs/openssl-0.9.7:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
- )
- rustls? (
- >=net-libs/rustls-ffi-0.14.0:=[${MULTILIB_USEDEP}]
- )
- )
- zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )
-"
-
-DEPEND="${RDEPEND}"
-
-BDEPEND="
- dev-lang/perl
- virtual/pkgconfig
- test? (
- sys-apps/diffutils
- http2? ( >=net-libs/nghttp2-1.15.0:=[utils,${MULTILIB_USEDEP}] )
- http3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] )
- )
- verify-sig? ( sec-keys/openpgp-keys-danielstenberg )
-"
-
-DOCS=( README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
-
-MULTILIB_WRAPPED_HEADERS=(
- /usr/include/curl/curlbuild.h
-)
-
-MULTILIB_CHOST_TOOLS=(
- /usr/bin/curl-config
-)
-
-QA_CONFIG_IMPL_DECL_SKIP=(
- __builtin_available
- closesocket
- CloseSocket
- getpass_r
- ioctlsocket
- IoctlSocket
- mach_absolute_time
- setmode
- _fseeki64
- # custom AC_LINK_IFELSE code fails to link even without -Werror
- OSSL_QUIC_client_method
-)
-
-PATCHES=(
- "${FILESDIR}/${PN}-prefix-4.patch"
- "${FILESDIR}/${PN}-respect-cflags-3.patch"
- "${FILESDIR}/${P}-multi.patch"
-)
-
-src_prepare() {
- default
-
- eprefixify curl-config.in
- eautoreconf
-}
-
-multilib_src_configure() {
- # We make use of the fact that later flags override earlier ones
- # So start with all ssl providers off until proven otherwise
- # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
- local myconf=()
-
- myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
- if use ssl; then
- myconf+=( --without-gnutls --without-mbedtls --without-rustls )
-
- if use gnutls; then
- multilib_is_native_abi && einfo "SSL provided by gnutls"
- myconf+=( --with-gnutls )
- fi
- if use mbedtls; then
- multilib_is_native_abi && einfo "SSL provided by mbedtls"
- myconf+=( --with-mbedtls )
- fi
- if use openssl; then
- multilib_is_native_abi && einfo "SSL provided by openssl"
- myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
- fi
- if use rustls; then
- multilib_is_native_abi && einfo "SSL provided by rustls"
- myconf+=( --with-rustls )
- fi
- if use curl_ssl_gnutls; then
- multilib_is_native_abi && einfo "Default SSL provided by gnutls"
- myconf+=( --with-default-ssl-backend=gnutls )
- elif use curl_ssl_mbedtls; then
- multilib_is_native_abi && einfo "Default SSL provided by mbedtls"
- myconf+=( --with-default-ssl-backend=mbedtls )
- elif use curl_ssl_openssl; then
- multilib_is_native_abi && einfo "Default SSL provided by openssl"
- myconf+=( --with-default-ssl-backend=openssl )
- elif use curl_ssl_rustls; then
- multilib_is_native_abi && einfo "Default SSL provided by rustls"
- myconf+=( --with-default-ssl-backend=rustls )
- else
- eerror "We can't be here because of REQUIRED_USE."
- die "Please file a bug, hit impossible condition w/ USE=ssl handling."
- fi
-
- else
- myconf+=( --without-ssl )
- einfo "SSL disabled"
- fi
-
- # These configuration options are organized alphabetically
- # within each category. This should make it easier if we
- # ever decide to make any of them contingent on USE flags:
- # 1) protocols first. To see them all do
- # 'grep SUPPORT_PROTOCOLS configure.ac'
- # 2) --enable/disable options second.
- # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
- # 3) --with/without options third.
- # grep -- --with configure | grep Check | awk '{ print $4 }' | sort
-
- myconf+=(
- $(use_enable alt-svc)
- --enable-basic-auth
- --enable-bearer-auth
- --enable-digest-auth
- --enable-kerberos-auth
- --enable-negotiate-auth
- --enable-aws
- --enable-dict
- --disable-ech
- --enable-file
- $(use_enable ftp)
- $(use_enable gopher)
- $(use_enable hsts)
- --enable-http
- $(use_enable imap)
- $(use_enable ldap)
- $(use_enable ldap ldaps)
- --enable-ntlm
- $(use_enable pop3)
- --enable-rt
- --enable-rtsp
- $(use_enable samba smb)
- $(use_with ssh libssh2)
- $(use_enable smtp)
- $(use_enable telnet)
- $(use_enable tftp)
- --enable-tls-srp
- $(use_enable adns ares)
- --enable-cookies
- --enable-dateparse
- --enable-dnsshuffle
- --enable-doh
- --enable-symbol-hiding
- --enable-http-auth
- --enable-ipv6
- --enable-largefile
- --enable-manual
- --enable-mime
- --enable-netrc
- $(use_enable progress-meter)
- --enable-proxy
- --enable-socketpair
- --disable-sspi
- $(use_enable static-libs static)
- --disable-versioned-symbols
- --without-amissl
- --without-bearssl
- $(use_with brotli)
- --with-fish-functions-dir="${EPREFIX}"/usr/share/fish/vendor_completions.d
- $(use_with http2 nghttp2)
- $(use_with idn libidn2)
- $(use_with kerberos gssapi "${EPREFIX}"/usr)
- --without-libgsasl
- $(use_with psl libpsl)
- --without-msh3
- $(use_with http3 nghttp3)
- $(use_with curl_quic_ngtcp2 ngtcp2)
- $(use_with curl_quic_openssl openssl-quic)
- --without-quiche
- $(use_with rtmp librtmp)
- --without-schannel
- --without-secure-transport
- --without-test-caddy
- --without-test-httpd
- --without-test-nghttpx
- $(use_enable websockets)
- --without-winidn
- --without-wolfssl
- --with-zlib
- $(use_with zstd)
- --with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions
- )
-
- if use debug; then
- myconf+=(
- --enable-debug
- )
- fi
-
- if use test && multilib_is_native_abi && ( use http2 || use http3 ); then
- myconf+=(
- --with-test-nghttpx="${BROOT}/usr/bin/nghttpx"
- )
- fi
-
- # Since 8.12.0 adns/c-ares and the threaded resolver are mutually exclusive
- # This is in support of some work to enable `httpsrr` to use adns and the rest
- # of curl to use the threaded resolver; we'll just make `httpsrr` conditional on adns
- # when the time comes.
- if use adns; then
- myconf+=(
- --disable-threaded-resolver
- )
- else
- myconf+=(
- --enable-threaded-resolver
- )
- fi
-
- ECONF_SOURCE="${S}" econf "${myconf[@]}"
-
- if ! multilib_is_native_abi; then
- # Avoid building the client (we just want libcurl for multilib)
- sed -i -e '/SUBDIRS/s:src::' Makefile || die
- sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
- fi
-
-}
-
-multilib_src_compile() {
- default
-
- if multilib_is_native_abi; then
- # Shell completions
- ! tc-is-cross-compiler && emake -C scripts
- fi
-}
-
-# There is also a pytest harness that tests for bugs in some very specific
-# situations; we can rely on upstream for this rather than adding additional test deps.
-multilib_src_test() {
- # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
- # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
- # -v: verbose
- # -a: keep going on failure (so we see everything that breaks, not just 1st test)
- # -k: keep test files after completion
- # -am: automake style TAP output
- # -p: print logs if test fails
- # Note: if needed, we can skip specific tests. See e.g. Fedora's packaging
- # or just read https://github.com/curl/curl/tree/master/tests#run.
- # Note: we don't run the testsuite for cross-compilation.
- # Upstream recommend 7*nproc as a starting point for parallel tests, but
- # this ends up breaking when nproc is huge (like -j80).
- # The network sandbox causes tests 241 and 1083 to fail; these are typically skipped
- # as most gentoo users don't have an 'ip6-localhost'
- multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p -j$((2*$(makeopts_jobs))) !241 !1083"
-}
-
-multilib_src_install() {
- emake DESTDIR="${D}" install
-
- if multilib_is_native_abi; then
- # Shell completions
- ! tc-is-cross-compiler && emake -C scripts DESTDIR="${D}" install
- fi
-}
-
-multilib_src_install_all() {
- einstalldocs
- find "${ED}" -type f -name '*.la' -delete || die
- rm -rf "${ED}"/etc/ || die
-}
-
-pkg_postinst() {
- if use debug; then
- ewarn "USE=debug has been selected, enabling debug codepaths and making cURL extra verbose."
- ewarn "Use this _only_ for testing. Debug builds should _not_ be used in anger."
- ewarn "hic sunt dracones; you have been warned."
- fi
-}
diff --git a/net-misc/curl/curl-8.12.0.ebuild b/net-misc/curl/curl-8.12.0.ebuild
deleted file mode 100644
index 8e9833f..0000000
--- a/net-misc/curl/curl-8.12.0.ebuild
+++ /dev/null
@@ -1,384 +0,0 @@
-# Copyright 1999-2025 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-# Maintainers should subscribe to the 'curl-distros' ML for backports etc
-# https://daniel.haxx.se/blog/2024/03/25/curl-distro-report/
-# https://lists.haxx.se/listinfo/curl-distros
-
-VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/danielstenberg.asc
-inherit autotools multilib-minimal multiprocessing prefix toolchain-funcs verify-sig
-
-DESCRIPTION="A Client that groks URLs"
-HOMEPAGE="https://curl.se/"
-
-if [[ ${PV} == 9999 ]]; then
- inherit git-r3
- EGIT_REPO_URI="https://github.com/curl/curl.git"
-else
- SRC_URI="
- https://curl.se/download/${P}.tar.xz
- verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )
- "
- KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
-fi
-
-LICENSE="BSD curl ISC test? ( BSD-4 )"
-SLOT="0"
-IUSE="+adns +alt-svc brotli debug +ftp gnutls gopher +hsts +http2 +http3 idn +imap kerberos ldap mbedtls +openssl +pop3"
-IUSE+=" +psl +progress-meter +quic rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp +websockets zstd"
-# These select the default tls implementation / which quic impl to use
-IUSE+=" curl_quic_openssl +curl_quic_ngtcp2 curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls"
-RESTRICT="!test? ( test )"
-
-# Only one default ssl / quic provider can be enabled
-# The default provider needs its USE satisfied
-# HTTP/3 and MultiSSL are mutually exclusive; it's not clear if MultiSSL offers any benefit at all in the modern day.
-# https://github.com/curl/curl/commit/65ece771f4602107d9cdd339dff4b420280a2c2e
-REQUIRED_USE="
- quic? (
- !curl_quic_openssl
- curl_quic_ngtcp2
- http3
- ssl
- )
- ssl? (
- ^^ (
- curl_ssl_gnutls
- curl_ssl_mbedtls
- curl_ssl_openssl
- curl_ssl_rustls
- )
- )
- curl_quic_openssl? (
- curl_ssl_openssl
- quic
- !gnutls
- !mbedtls
- !rustls
- )
- curl_quic_ngtcp2? (
- quic
- !mbedtls
- !rustls
- )
- curl_ssl_gnutls? ( gnutls )
- curl_ssl_mbedtls? ( mbedtls )
- curl_ssl_openssl? ( openssl )
- curl_ssl_rustls? ( rustls )
- http3? ( alt-svc quic )
-"
-
-# cURL's docs and CI/CD are great resources for confirming supported versions
-# particulary for fast-moving targets like HTTP/2 and TCP/2 e.g.:
-# - https://github.com/curl/curl/blob/master/docs/INTERNALS.md (core dependencies + minimum versions)
-# - https://github.com/curl/curl/blob/master/docs/HTTP3.md (example of a feature that moves quickly)
-# - https://github.com/curl/curl/blob/master/.github/workflows/http3-linux.yml (CI/CD for TCP/2)
-# However 'supported' vs 'works' are two entirely different things; be sane but
-# don't be afraid to require a later version.
-# ngtcp2 = https://bugs.gentoo.org/912029 - can only build with one tls backend at a time.
-RDEPEND="
- >=sys-libs/zlib-1.1.4[${MULTILIB_USEDEP}]
- adns? ( >=net-dns/c-ares-1.16.0:=[${MULTILIB_USEDEP}] )
- brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
- http2? ( >=net-libs/nghttp2-1.15.0:=[${MULTILIB_USEDEP}] )
- http3? ( >=net-libs/nghttp3-1.1.0[${MULTILIB_USEDEP}] )
- idn? ( >=net-dns/libidn2-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
- kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
- ldap? ( >=net-nds/openldap-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
- psl? ( net-libs/libpsl[${MULTILIB_USEDEP}] )
- quic? (
- curl_quic_openssl? ( >=dev-libs/openssl-3.3.0:=[quic,${MULTILIB_USEDEP}] )
- curl_quic_ngtcp2? ( >=net-libs/ngtcp2-1.2.0[ssl,openssl,${MULTILIB_USEDEP}] )
- )
- rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
- ssh? ( >=net-libs/libssh2-1.0.0[${MULTILIB_USEDEP}] )
- ssl? (
- gnutls? (
- app-misc/ca-certificates
- >=net-libs/gnutls-3.1.10:=[static-libs?,${MULTILIB_USEDEP}]
- dev-libs/nettle:=[${MULTILIB_USEDEP}]
- )
- mbedtls? (
- app-misc/ca-certificates
- net-libs/mbedtls:0=[${MULTILIB_USEDEP}]
- )
- openssl? (
- >=dev-libs/openssl-0.9.7:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
- )
- rustls? (
- >=net-libs/rustls-ffi-0.14.0:=[${MULTILIB_USEDEP}]
- )
- )
- zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )
-"
-
-DEPEND="${RDEPEND}"
-
-BDEPEND="
- dev-lang/perl
- virtual/pkgconfig
- test? (
- sys-apps/diffutils
- http2? ( >=net-libs/nghttp2-1.15.0:=[utils,${MULTILIB_USEDEP}] )
- http3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] )
- )
- verify-sig? ( sec-keys/openpgp-keys-danielstenberg )
-"
-
-DOCS=( README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
-
-MULTILIB_WRAPPED_HEADERS=(
- /usr/include/curl/curlbuild.h
-)
-
-MULTILIB_CHOST_TOOLS=(
- /usr/bin/curl-config
-)
-
-QA_CONFIG_IMPL_DECL_SKIP=(
- __builtin_available
- closesocket
- CloseSocket
- getpass_r
- ioctlsocket
- IoctlSocket
- mach_absolute_time
- setmode
- _fseeki64
- # custom AC_LINK_IFELSE code fails to link even without -Werror
- OSSL_QUIC_client_method
-)
-
-PATCHES=(
- "${FILESDIR}/${PN}-prefix-4.patch"
- "${FILESDIR}/${PN}-respect-cflags-3.patch"
-)
-
-src_prepare() {
- default
-
- eprefixify curl-config.in
- eautoreconf
-}
-
-multilib_src_configure() {
- # We make use of the fact that later flags override earlier ones
- # So start with all ssl providers off until proven otherwise
- # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
- local myconf=()
-
- myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
- if use ssl; then
- myconf+=( --without-gnutls --without-mbedtls --without-rustls )
-
- if use gnutls; then
- multilib_is_native_abi && einfo "SSL provided by gnutls"
- myconf+=( --with-gnutls )
- fi
- if use mbedtls; then
- multilib_is_native_abi && einfo "SSL provided by mbedtls"
- myconf+=( --with-mbedtls )
- fi
- if use openssl; then
- multilib_is_native_abi && einfo "SSL provided by openssl"
- myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
- fi
- if use rustls; then
- multilib_is_native_abi && einfo "SSL provided by rustls"
- myconf+=( --with-rustls )
- fi
- if use curl_ssl_gnutls; then
- multilib_is_native_abi && einfo "Default SSL provided by gnutls"
- myconf+=( --with-default-ssl-backend=gnutls )
- elif use curl_ssl_mbedtls; then
- multilib_is_native_abi && einfo "Default SSL provided by mbedtls"
- myconf+=( --with-default-ssl-backend=mbedtls )
- elif use curl_ssl_openssl; then
- multilib_is_native_abi && einfo "Default SSL provided by openssl"
- myconf+=( --with-default-ssl-backend=openssl )
- elif use curl_ssl_rustls; then
- multilib_is_native_abi && einfo "Default SSL provided by rustls"
- myconf+=( --with-default-ssl-backend=rustls )
- else
- eerror "We can't be here because of REQUIRED_USE."
- die "Please file a bug, hit impossible condition w/ USE=ssl handling."
- fi
-
- else
- myconf+=( --without-ssl )
- einfo "SSL disabled"
- fi
-
- # These configuration options are organized alphabetically
- # within each category. This should make it easier if we
- # ever decide to make any of them contingent on USE flags:
- # 1) protocols first. To see them all do
- # 'grep SUPPORT_PROTOCOLS configure.ac'
- # 2) --enable/disable options second.
- # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
- # 3) --with/without options third.
- # grep -- --with configure | grep Check | awk '{ print $4 }' | sort
-
- myconf+=(
- $(use_enable alt-svc)
- --enable-basic-auth
- --enable-bearer-auth
- --enable-digest-auth
- --enable-kerberos-auth
- --enable-negotiate-auth
- --enable-aws
- --enable-dict
- --disable-ech
- --enable-file
- $(use_enable ftp)
- $(use_enable gopher)
- $(use_enable hsts)
- --enable-http
- $(use_enable imap)
- $(use_enable ldap)
- $(use_enable ldap ldaps)
- --enable-ntlm
- $(use_enable pop3)
- --enable-rt
- --enable-rtsp
- $(use_enable samba smb)
- $(use_with ssh libssh2)
- $(use_enable smtp)
- $(use_enable telnet)
- $(use_enable tftp)
- --enable-tls-srp
- $(use_enable adns ares)
- --enable-cookies
- --enable-dateparse
- --enable-dnsshuffle
- --enable-doh
- --enable-symbol-hiding
- --enable-http-auth
- --enable-ipv6
- --enable-largefile
- --enable-manual
- --enable-mime
- --enable-netrc
- $(use_enable progress-meter)
- --enable-proxy
- --enable-socketpair
- --disable-sspi
- $(use_enable static-libs static)
- --disable-versioned-symbols
- --without-amissl
- --without-bearssl
- $(use_with brotli)
- --with-fish-functions-dir="${EPREFIX}"/usr/share/fish/vendor_completions.d
- $(use_with http2 nghttp2)
- $(use_with idn libidn2)
- $(use_with kerberos gssapi "${EPREFIX}"/usr)
- --without-libgsasl
- $(use_with psl libpsl)
- --without-msh3
- $(use_with http3 nghttp3)
- $(use_with curl_quic_ngtcp2 ngtcp2)
- $(use_with curl_quic_openssl openssl-quic)
- --without-quiche
- $(use_with rtmp librtmp)
- --without-schannel
- --without-secure-transport
- --without-test-caddy
- --without-test-httpd
- --without-test-nghttpx
- $(use_enable websockets)
- --without-winidn
- --without-wolfssl
- --with-zlib
- $(use_with zstd)
- --with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions
- )
-
- if use debug; then
- myconf+=(
- --enable-debug
- )
- fi
-
- if use test && multilib_is_native_abi && ( use http2 || use http3 ); then
- myconf+=(
- --with-test-nghttpx="${BROOT}/usr/bin/nghttpx"
- )
- fi
-
- # Since 8.12.0 adns/c-ares and the threaded resolver are mutually exclusive
- # This is in support of some work to enable `httpsrr` to use adns and the rest
- # of curl to use the threaded resolver; we'll just make `httpsrr` conditional on adns
- # when the time comes.
- if use adns; then
- myconf+=(
- --disable-threaded-resolver
- )
- else
- myconf+=(
- --enable-threaded-resolver
- )
- fi
-
- ECONF_SOURCE="${S}" econf "${myconf[@]}"
-
- if ! multilib_is_native_abi; then
- # Avoid building the client (we just want libcurl for multilib)
- sed -i -e '/SUBDIRS/s:src::' Makefile || die
- sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
- fi
-
-}
-
-multilib_src_compile() {
- default
-
- if multilib_is_native_abi; then
- # Shell completions
- ! tc-is-cross-compiler && emake -C scripts
- fi
-}
-
-# There is also a pytest harness that tests for bugs in some very specific
-# situations; we can rely on upstream for this rather than adding additional test deps.
-multilib_src_test() {
- # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
- # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
- # -v: verbose
- # -a: keep going on failure (so we see everything that breaks, not just 1st test)
- # -k: keep test files after completion
- # -am: automake style TAP output
- # -p: print logs if test fails
- # Note: if needed, we can skip specific tests. See e.g. Fedora's packaging
- # or just read https://github.com/curl/curl/tree/master/tests#run.
- # Note: we don't run the testsuite for cross-compilation.
- # Upstream recommend 7*nproc as a starting point for parallel tests, but
- # this ends up breaking when nproc is huge (like -j80).
- # The network sandbox causes tests 241 and 1083 to fail; these are typically skipped
- # as most gentoo users don't have an 'ip6-localhost'
- multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p -j$((2*$(makeopts_jobs))) !241 !1083"
-}
-
-multilib_src_install() {
- emake DESTDIR="${D}" install
-
- if multilib_is_native_abi; then
- # Shell completions
- ! tc-is-cross-compiler && emake -C scripts DESTDIR="${D}" install
- fi
-}
-
-multilib_src_install_all() {
- einstalldocs
- find "${ED}" -type f -name '*.la' -delete || die
- rm -rf "${ED}"/etc/ || die
-}
-
-pkg_postinst() {
- if use debug; then
- ewarn "USE=debug has been selected, enabling debug codepaths and making cURL extra verbose."
- ewarn "Use this _only_ for testing. Debug builds should _not_ be used in anger."
- ewarn "hic sunt dracones; you have been warned."
- fi
-}
diff --git a/net-misc/curl/curl-8.9.1-r2.ebuild b/net-misc/curl/curl-8.9.1-r2.ebuild
deleted file mode 100644
index aa6c650..0000000
--- a/net-misc/curl/curl-8.9.1-r2.ebuild
+++ /dev/null
@@ -1,380 +0,0 @@
-# Copyright 1999-2025 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-# Maintainers should subscribe to the 'curl-distros' ML for backports etc
-# https://daniel.haxx.se/blog/2024/03/25/curl-distro-report/
-# https://lists.haxx.se/listinfo/curl-distros
-
-VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/danielstenberg.asc
-inherit autotools multilib-minimal multiprocessing prefix toolchain-funcs verify-sig
-
-DESCRIPTION="A Client that groks URLs"
-HOMEPAGE="https://curl.se/"
-
-if [[ ${PV} == 9999 ]]; then
- inherit git-r3
- EGIT_REPO_URI="https://github.com/curl/curl.git"
-else
- SRC_URI="
- https://curl.se/download/${P}.tar.xz
- verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )
- "
- KEYWORDS="~alpha amd64 arm arm64 hppa ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
-fi
-
-LICENSE="BSD curl ISC test? ( BSD-4 )"
-SLOT="0"
-IUSE="+adns +alt-svc brotli debug +ftp gnutls gopher +hsts +http2 +http3 idn +imap kerberos ldap mbedtls +openssl +pop3"
-IUSE+=" +psl +progress-meter +quic rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd"
-# These select the default tls implementation / which quic impl to use
-IUSE+=" curl_quic_openssl +curl_quic_ngtcp2 curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls"
-RESTRICT="!test? ( test )"
-
-# Only one default ssl / quic provider can be enabled
-# The default provider needs its USE satisfied
-# HTTP/3 and MultiSSL are mutually exclusive; it's not clear if MultiSSL offers any benefit at all in the modern day.
-# https://github.com/curl/curl/commit/65ece771f4602107d9cdd339dff4b420280a2c2e
-REQUIRED_USE="
- quic? (
- !curl_quic_openssl
- curl_quic_ngtcp2
- http3
- ssl
- )
- ssl? (
- ^^ (
- curl_ssl_gnutls
- curl_ssl_mbedtls
- curl_ssl_openssl
- curl_ssl_rustls
- )
- )
- curl_quic_openssl? (
- curl_ssl_openssl
- quic
- !gnutls
- !mbedtls
- !rustls
- )
- curl_quic_ngtcp2? (
- quic
- !mbedtls
- !rustls
- )
- curl_ssl_gnutls? ( gnutls )
- curl_ssl_mbedtls? ( mbedtls )
- curl_ssl_openssl? ( openssl )
- curl_ssl_rustls? ( rustls )
- http3? ( alt-svc quic )
-"
-
-# cURL's docs and CI/CD are great resources for confirming supported versions
-# particulary for fast-moving targets like HTTP/2 and TCP/2 e.g.:
-# - https://github.com/curl/curl/blob/master/docs/INTERNALS.md (core dependencies + minimum versions)
-# - https://github.com/curl/curl/blob/master/docs/HTTP3.md (example of a feature that moves quickly)
-# - https://github.com/curl/curl/blob/master/.github/workflows/quiche-linux.yml (CI/CD for TCP/2)
-# However 'supported' vs 'works' are two entirely different things; be sane but
-# don't be afraid to require a later version.
-# ngtcp2 = https://bugs.gentoo.org/912029 - can only build with one tls backend at a time.
-RDEPEND="
- >=sys-libs/zlib-1.1.4[${MULTILIB_USEDEP}]
- adns? ( >=net-dns/c-ares-1.16.0:=[${MULTILIB_USEDEP}] )
- brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
- http2? ( >=net-libs/nghttp2-1.15.0:=[${MULTILIB_USEDEP}] )
- http3? ( >=net-libs/nghttp3-1.1.0[${MULTILIB_USEDEP}] )
- idn? ( >=net-dns/libidn2-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
- kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
- ldap? ( >=net-nds/openldap-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
- psl? ( net-libs/libpsl[${MULTILIB_USEDEP}] )
- quic? (
- curl_quic_openssl? ( >=dev-libs/openssl-3.3.0:=[quic,${MULTILIB_USEDEP}] )
- curl_quic_ngtcp2? ( >=net-libs/ngtcp2-1.2.0[ssl,openssl,${MULTILIB_USEDEP}] )
- )
- rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
- ssh? ( >=net-libs/libssh2-1.0.0[${MULTILIB_USEDEP}] )
- ssl? (
- gnutls? (
- app-misc/ca-certificates
- >=net-libs/gnutls-3.1.10:=[static-libs?,${MULTILIB_USEDEP}]
- dev-libs/nettle:=[${MULTILIB_USEDEP}]
- )
- mbedtls? (
- app-misc/ca-certificates
- net-libs/mbedtls:0=[${MULTILIB_USEDEP}]
- )
- openssl? (
- >=dev-libs/openssl-0.9.7:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
- )
- rustls? (
- >=net-libs/rustls-ffi-0.13.0:=[${MULTILIB_USEDEP}]
- )
- )
- zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )
-"
-
-DEPEND="${RDEPEND}"
-
-BDEPEND="
- dev-lang/perl
- virtual/pkgconfig
- test? (
- sys-apps/diffutils
- http2? ( >=net-libs/nghttp2-1.15.0:=[utils,${MULTILIB_USEDEP}] )
- http3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] )
- )
- verify-sig? ( sec-keys/openpgp-keys-danielstenberg )
-"
-
-DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
-
-MULTILIB_WRAPPED_HEADERS=(
- /usr/include/curl/curlbuild.h
-)
-
-MULTILIB_CHOST_TOOLS=(
- /usr/bin/curl-config
-)
-
-QA_CONFIG_IMPL_DECL_SKIP=(
- __builtin_available
- closesocket
- CloseSocket
- getpass_r
- ioctlsocket
- IoctlSocket
- mach_absolute_time
- setmode
- _fseeki64
- # custom AC_LINK_IFELSE code fails to link even without -Werror
- OSSL_QUIC_client_method
-)
-
-PATCHES=(
- "${FILESDIR}"/${PN}-prefix-2.patch
- "${FILESDIR}"/${PN}-respect-cflags-3.patch
- "${FILESDIR}"/${PN}-8.9.1-sigpipe.patch
-)
-
-src_prepare() {
- default
-
- eprefixify curl-config.in
- eautoreconf
-}
-
-multilib_src_configure() {
- # We make use of the fact that later flags override earlier ones
- # So start with all ssl providers off until proven otherwise
- # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
- local myconf=()
-
- myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
- if use ssl; then
- myconf+=( --without-gnutls --without-mbedtls --without-rustls )
-
- if use gnutls; then
- multilib_is_native_abi && einfo "SSL provided by gnutls"
- myconf+=( --with-gnutls )
- fi
- if use mbedtls; then
- multilib_is_native_abi && einfo "SSL provided by mbedtls"
- myconf+=( --with-mbedtls )
- fi
- if use openssl; then
- multilib_is_native_abi && einfo "SSL provided by openssl"
- myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
- fi
- if use rustls; then
- multilib_is_native_abi && einfo "SSL provided by rustls"
- myconf+=( --with-rustls )
- fi
- if use curl_ssl_gnutls; then
- multilib_is_native_abi && einfo "Default SSL provided by gnutls"
- myconf+=( --with-default-ssl-backend=gnutls )
- elif use curl_ssl_mbedtls; then
- multilib_is_native_abi && einfo "Default SSL provided by mbedtls"
- myconf+=( --with-default-ssl-backend=mbedtls )
- elif use curl_ssl_openssl; then
- multilib_is_native_abi && einfo "Default SSL provided by openssl"
- myconf+=( --with-default-ssl-backend=openssl )
- elif use curl_ssl_rustls; then
- multilib_is_native_abi && einfo "Default SSL provided by rustls"
- myconf+=( --with-default-ssl-backend=rustls )
- else
- eerror "We can't be here because of REQUIRED_USE."
- die "Please file a bug, hit impossible condition w/ USE=ssl handling."
- fi
-
- else
- myconf+=( --without-ssl )
- einfo "SSL disabled"
- fi
-
- # These configuration options are organized alphabetically
- # within each category. This should make it easier if we
- # ever decide to make any of them contingent on USE flags:
- # 1) protocols first. To see them all do
- # 'grep SUPPORT_PROTOCOLS configure.ac'
- # 2) --enable/disable options second.
- # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
- # 3) --with/without options third.
- # grep -- --with configure | grep Check | awk '{ print $4 }' | sort
-
- myconf+=(
- $(use_enable alt-svc)
- --enable-basic-auth
- --enable-bearer-auth
- --enable-digest-auth
- --enable-kerberos-auth
- --enable-negotiate-auth
- --enable-aws
- --enable-dict
- --disable-ech
- --enable-file
- $(use_enable ftp)
- $(use_enable gopher)
- $(use_enable hsts)
- --enable-http
- $(use_enable imap)
- $(use_enable ldap)
- $(use_enable ldap ldaps)
- --enable-ntlm
- $(use_enable pop3)
- --enable-rt
- --enable-rtsp
- $(use_enable samba smb)
- $(use_with ssh libssh2)
- $(use_enable smtp)
- $(use_enable telnet)
- $(use_enable tftp)
- --enable-tls-srp
- $(use_enable adns ares)
- --enable-cookies
- --enable-dateparse
- --enable-dnsshuffle
- --enable-doh
- --enable-symbol-hiding
- --enable-http-auth
- --enable-ipv6
- --enable-largefile
- --enable-manual
- --enable-mime
- --enable-netrc
- $(use_enable progress-meter)
- --enable-proxy
- --enable-socketpair
- --disable-sspi
- $(use_enable static-libs static)
- --enable-pthreads
- --enable-threaded-resolver
- --disable-versioned-symbols
- --without-amissl
- --without-bearssl
- $(use_with brotli)
- --with-fish-functions-dir="${EPREFIX}"/usr/share/fish/vendor_completions.d
- $(use_with http2 nghttp2)
- --without-hyper
- $(use_with idn libidn2)
- $(use_with kerberos gssapi "${EPREFIX}"/usr)
- --without-libgsasl
- $(use_with psl libpsl)
- --without-msh3
- $(use_with http3 nghttp3)
- $(use_with curl_quic_ngtcp2 ngtcp2)
- $(use_with curl_quic_openssl openssl-quic)
- --without-quiche
- $(use_with rtmp librtmp)
- --without-schannel
- --without-secure-transport
- --without-test-caddy
- --without-test-httpd
- --without-test-nghttpx
- $(use_enable websockets)
- --without-winidn
- --without-wolfssl
- --with-zlib
- $(use_with zstd)
- --with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions
- )
-
- if use debug; then
- myconf+=(
- --enable-debug
- )
- fi
-
- if use test && multilib_is_native_abi && ( use http2 || use http3 ); then
- myconf+=(
- --with-test-nghttpx="${BROOT}/usr/bin/nghttpx"
- )
- fi
-
- if [[ ${CHOST} == *mingw* ]] ; then
- myconf+=(
- --disable-pthreads
- )
- fi
-
- ECONF_SOURCE="${S}" econf "${myconf[@]}"
-
- if ! multilib_is_native_abi; then
- # Avoid building the client (we just want libcurl for multilib)
- sed -i -e '/SUBDIRS/s:src::' Makefile || die
- sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
- fi
-
-}
-
-multilib_src_compile() {
- default
-
- if multilib_is_native_abi; then
- # Shell completions
- ! tc-is-cross-compiler && emake -C scripts
- fi
-}
-
-# There is also a pytest harness that tests for bugs in some very specific
-# situations; we can rely on upstream for this rather than adding additional test deps.
-multilib_src_test() {
- # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
- # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
- # -v: verbose
- # -a: keep going on failure (so we see everything which breaks, not just 1st test)
- # -k: keep test files after completion
- # -am: automake style TAP output
- # -p: print logs if test fails
- # Note: if needed, we can skip specific tests. See e.g. Fedora's packaging
- # or just read https://github.com/curl/curl/tree/master/tests#run.
- # Note: we don't run the testsuite for cross-compilation.
- # Upstream recommend 7*nproc as a starting point for parallel tests, but
- # this ends up breaking when nproc is huge (like -j80).
- # The network sandbox causes tests 241 and 1083 to fail; these are typically skipped
- # as most gentoo users don't have an 'ip6-localhost'
- multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p -j$((2*$(makeopts_jobs))) !241 !1083"
-}
-
-multilib_src_install() {
- emake DESTDIR="${D}" install
-
- if multilib_is_native_abi; then
- # Shell completions
- ! tc-is-cross-compiler && emake -C scripts DESTDIR="${D}" install
- fi
-}
-
-multilib_src_install_all() {
- einstalldocs
- find "${ED}" -type f -name '*.la' -delete || die
- rm -rf "${ED}"/etc/ || die
-}
-
-pkg_postinst() {
- if use debug; then
- ewarn "USE=debug has been selected, enabling debug codepaths and making cURL extra verbose."
- ewarn "Use this _only_ for testing. Debug builds should _not_ be used in anger."
- ewarn "hic sunt dracones; you have been warned."
- fi
-}
diff --git a/net-misc/curl/files/curl-8.11.0-cmdline-ech-docs.patch b/net-misc/curl/files/curl-8.11.0-cmdline-ech-docs.patch
deleted file mode 100644
index e6cd109..0000000
--- a/net-misc/curl/files/curl-8.11.0-cmdline-ech-docs.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-https://github.com/curl/curl/commit/f4ee7bafda8d451255e935a3c585220dd3cf58c4
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Thu, 7 Nov 2024 23:21:14 +0100
-Subject: [PATCH] cmdline/ech.md: formatting cleanups
-
-Reported-by: Samuel Henrique
-Fixes #15506
-Closes #15517
---- a/docs/cmdline-opts/ech.md
-+++ b/docs/cmdline-opts/ech.md
-@@ -20,35 +20,33 @@ Specifies how to do ECH (Encrypted Client Hello).
-
- The values allowed for \<config\> can be:
-
--## "false" (default)
-+## `false`
-
--Do not attempt ECH
-+Do not attempt ECH. The is the default.
-
--## "grease"
-+## `grease`
-
- Send a GREASE ECH extension
-
--## "true"
-+## `true`
-
- Attempt ECH if possible, but do not fail if ECH is not attempted.
- (The connection fails if ECH is attempted but fails.)
-
--## "hard"
-+## `hard`
-
--Attempt ECH and fail if that is not possible.
--ECH only works with TLS 1.3 and also requires using
--DoH or providing an ECHConfigList on the command line.
-+Attempt ECH and fail if that is not possible. ECH only works with TLS 1.3 and
-+also requires using DoH or providing an ECHConfigList on the command line.
-
--## "ecl:<b64val>"
-+## `ecl:<b64val>`
-
- A base64 encoded ECHConfigList that is used for ECH.
-
--## "pn:<name>"
-+## `pn:<name>`
-
--A name to use to over-ride the `public_name` field of an ECHConfigList
--(only available with OpenSSL TLS support)
-+A name to use to over-ride the `public_name` field of an ECHConfigList (only
-+available with OpenSSL TLS support)
-
--## Errors
-+##
-
--Most errors cause error
--*CURLE_ECH_REQUIRED* (101).
-+Most ECH related errors cause error *CURLE_ECH_REQUIRED* (101).
diff --git a/net-misc/curl/files/curl-8.11.0-cookie-case-sensitive.patch b/net-misc/curl/files/curl-8.11.0-cookie-case-sensitive.patch
deleted file mode 100644
index d906aab..0000000
--- a/net-misc/curl/files/curl-8.11.0-cookie-case-sensitive.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-https://github.com/curl/curl/commit/9919149aef67014150e2a1c75a7aa2c79204e30d
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Wed, 6 Nov 2024 11:26:25 +0100
-Subject: [PATCH] cookie: treat cookie name case sensitively
-
-Extend test 31 to verify
-
-Reported-by: delogicsreal on github
-Fixes #15492
-Closes #15493
---- a/lib/cookie.c
-+++ b/lib/cookie.c
-@@ -989,7 +989,7 @@ replace_existing(struct Curl_easy *data,
- size_t myhash = cookiehash(co->domain);
- for(n = Curl_llist_head(&ci->cookielist[myhash]); n; n = Curl_node_next(n)) {
- struct Cookie *clist = Curl_node_elem(n);
-- if(strcasecompare(clist->name, co->name)) {
-+ if(!strcmp(clist->name, co->name)) {
- /* the names are identical */
- bool matching_domains = FALSE;
-
-@@ -1029,7 +1029,7 @@ replace_existing(struct Curl_easy *data,
- }
- }
-
-- if(!replace_n && strcasecompare(clist->name, co->name)) {
-+ if(!replace_n && !strcmp(clist->name, co->name)) {
- /* the names are identical */
-
- if(clist->domain && co->domain) {
---- a/tests/data/test31
-+++ b/tests/data/test31
-@@ -26,6 +26,7 @@ Set-Cookie: blankdomain=sure; domain=; path=/
- %if !hyper
- Set-Cookie: foobar=name; domain=anything.com; path=/ ; secure
- Set-Cookie:ismatch=this ; domain=test31.curl; path=/silly/
-+Set-Cookie:ISMATCH=this ; domain=test31.curl; path=/silly/
- Set-Cookie: overwrite=this ; domain=test31.curl; path=/overwrite/
- Set-Cookie: overwrite=this2 ; domain=test31.curl; path=/overwrite
- Set-Cookie: sec1value=secure1 ; domain=test31.curl; path=/secure1/ ; secure
-@@ -75,6 +76,7 @@ Set-Cookie: securewithspace=after ; secure =
- %else
- Set-Cookie: foobar=name; domain=anything.com; path=/ ; secure
- Set-Cookie: ismatch=this ; domain=test31.curl; path=/silly/
-+Set-Cookie:ISMATCH=this ; domain=test31.curl; path=/silly/
- Set-Cookie: overwrite=this ; domain=test31.curl; path=/overwrite/
- Set-Cookie: overwrite=this2 ; domain=test31.curl; path=/overwrite
- Set-Cookie: sec1value=secure1 ; domain=test31.curl; path=/secure1/ ; secure
-@@ -181,6 +183,7 @@ test31.curl FALSE /we/want/ FALSE 2118138987 nodomain value
- #HttpOnly_.test31.curl TRUE /p2/ FALSE 0 httpo2 value2
- #HttpOnly_.test31.curl TRUE /p1/ FALSE 0 httpo1 value1
- .test31.curl TRUE /overwrite FALSE 0 overwrite this2
-+.test31.curl TRUE /silly/ FALSE 0 ISMATCH this
- .test31.curl TRUE /silly/ FALSE 0 ismatch this
- test31.curl FALSE / FALSE 0 blankdomain sure
- </file>
diff --git a/net-misc/curl/files/curl-8.11.0-curl-libssh-ipv6-brackets.patch b/net-misc/curl/files/curl-8.11.0-curl-libssh-ipv6-brackets.patch
deleted file mode 100644
index 6e1ecc0..0000000
--- a/net-misc/curl/files/curl-8.11.0-curl-libssh-ipv6-brackets.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-https://github.com/curl/curl/commit/93c65c00e52c4c8cdc09b2d9194ce63763c7349e
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Fri, 8 Nov 2024 16:31:41 +0100
-Subject: [PATCH] libssh: when using IPv6 numerical address, add brackets
-
-Reported-by: henrikjehgmti on github
-Fixes #15522
-Closes #15524
---- a/lib/vssh/libssh.c
-+++ b/lib/vssh/libssh.c
-@@ -2191,7 +2191,14 @@ static CURLcode myssh_connect(struct Curl_easy *data, bool *done)
- return CURLE_FAILED_INIT;
- }
-
-- rc = ssh_options_set(ssh->ssh_session, SSH_OPTIONS_HOST, conn->host.name);
-+ if(conn->bits.ipv6_ip) {
-+ char ipv6[MAX_IPADR_LEN];
-+ msnprintf(ipv6, sizeof(ipv6), "[%s]", conn->host.name);
-+ rc = ssh_options_set(ssh->ssh_session, SSH_OPTIONS_HOST, ipv6);
-+ }
-+ else
-+ rc = ssh_options_set(ssh->ssh_session, SSH_OPTIONS_HOST, conn->host.name);
-+
- if(rc != SSH_OK) {
- failf(data, "Could not set remote host");
- return CURLE_FAILED_INIT;
diff --git a/net-misc/curl/files/curl-8.11.0-duphandle-init-netrc.patch b/net-misc/curl/files/curl-8.11.0-duphandle-init-netrc.patch
deleted file mode 100644
index 4a3e82a..0000000
--- a/net-misc/curl/files/curl-8.11.0-duphandle-init-netrc.patch
+++ /dev/null
@@ -1,195 +0,0 @@
-https://github.com/curl/curl/commit/f5c616930b5cf148b1b2632da4f5963ff48bdf88
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Thu, 7 Nov 2024 08:52:38 +0100
-Subject: [PATCH] duphandle: also init netrc
-
-The netrc init was only done in the Curl_open, meaning that a duplicated
-handle would not get inited properly.
-
-Added test 2309 to verify. It does netrc auth with a duplicated handle.
-
-Regression from 3b43a05e000aa8f65bda513f733a
-
-Reported-by: tranzystorekk on github
-Fixes #15496
-Closes #15503
---- a/lib/easy.c
-+++ b/lib/easy.c
-@@ -940,6 +940,7 @@ CURL *curl_easy_duphandle(CURL *d)
- goto fail;
-
- Curl_dyn_init(&outcurl->state.headerb, CURL_MAX_HTTP_HEADER);
-+ Curl_netrc_init(&outcurl->state.netrc);
-
- /* the connection pool is setup on demand */
- outcurl->state.lastconnect_id = -1;
---- a/tests/data/Makefile.am
-+++ b/tests/data/Makefile.am
-@@ -255,7 +255,7 @@ test2100 \
- test2200 test2201 test2202 test2203 test2204 test2205 \
- \
- test2300 test2301 test2302 test2303 test2304 test2305 test2306 test2307 \
--test2308 \
-+test2308 test2309 \
- \
- test2400 test2401 test2402 test2403 test2404 test2405 test2406 \
- \
---- /dev/null
-+++ b/tests/data/test2309
-@@ -0,0 +1,66 @@
-+<testcase>
-+<info>
-+<keywords>
-+netrc
-+HTTP
-+</keywords>
-+</info>
-+#
-+# Server-side
-+<reply>
-+<data crlf="yes" nocheck="yes">
-+HTTP/1.1 200 OK
-+Date: Tue, 09 Nov 2010 14:49:00 GMT
-+Server: test-server/fake
-+Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
-+ETag: "21025-dc7-39462498"
-+Accept-Ranges: bytes
-+Content-Length: 6
-+Connection: close
-+Content-Type: text/html
-+Funny-head: yesyes
-+
-+-foo-
-+</data>
-+</reply>
-+
-+#
-+# Client-side
-+<client>
-+<server>
-+http
-+</server>
-+<features>
-+proxy
-+</features>
-+
-+# Reproducing issue 15496
-+<name>
-+HTTP with .netrc using duped easy handle
-+</name>
-+<tool>
-+lib%TESTNUMBER
-+</tool>
-+<command>
-+http://github.com %LOGDIR/netrc%TESTNUMBER http://%HOSTIP:%HTTPPORT/
-+</command>
-+<file name="%LOGDIR/netrc%TESTNUMBER" >
-+
-+machine github.com
-+
-+login daniel
-+password $y$j9T$WUVjiVvDbRAWafDLs6cab1$01NX.oaZKf5lw8MR2Nk9Yaxv4CqbE0IaDF.GpGxPul1
-+</file>
-+</client>
-+
-+<verify>
-+<protocol>
-+GET http://github.com/ HTTP/1.1
-+Host: github.com
-+Authorization: Basic %b64[daniel:$y$j9T$WUVjiVvDbRAWafDLs6cab1$01NX.oaZKf5lw8MR2Nk9Yaxv4CqbE0IaDF.GpGxPul1]b64%
-+Accept: */*
-+Proxy-Connection: Keep-Alive
-+
-+</protocol>
-+</verify>
-+</testcase>
---- a/tests/libtest/Makefile.inc
-+++ b/tests/libtest/Makefile.inc
-@@ -77,7 +77,7 @@ LIBTESTPROGS = libauthretry libntlmconnect libprereq \
- lib1945 lib1946 lib1947 lib1948 lib1955 lib1956 lib1957 lib1958 lib1959 \
- lib1960 lib1964 \
- lib1970 lib1971 lib1972 lib1973 lib1974 lib1975 \
-- lib2301 lib2302 lib2304 lib2305 lib2306 lib2308 \
-+ lib2301 lib2302 lib2304 lib2305 lib2306 lib2308 lib2309 \
- lib2402 lib2404 lib2405 \
- lib2502 \
- lib3010 lib3025 lib3026 lib3027 \
-@@ -683,6 +683,9 @@ lib2306_LDADD = $(TESTUTIL_LIBS)
- lib2308_SOURCES = lib2308.c $(SUPPORTFILES)
- lib2308_LDADD = $(TESTUTIL_LIBS)
-
-+lib2309_SOURCES = lib2309.c $(SUPPORTFILES)
-+lib2309_LDADD = $(TESTUTIL_LIBS)
-+
- lib2402_SOURCES = lib2402.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
- lib2402_LDADD = $(TESTUTIL_LIBS)
-
---- /dev/null
-+++ b/tests/libtest/lib2309.c
-@@ -0,0 +1,66 @@
-+/***************************************************************************
-+ * _ _ ____ _
-+ * Project ___| | | | _ \| |
-+ * / __| | | | |_) | |
-+ * | (__| |_| | _ <| |___
-+ * \___|\___/|_| \_\_____|
-+ *
-+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
-+ *
-+ * This software is licensed as described in the file COPYING, which
-+ * you should have received as part of this distribution. The terms
-+ * are also available at https://curl.se/docs/copyright.html.
-+ *
-+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
-+ * copies of the Software, and permit persons to whom the Software is
-+ * furnished to do so, under the terms of the COPYING file.
-+ *
-+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
-+ * KIND, either express or implied.
-+ *
-+ * SPDX-License-Identifier: curl
-+ *
-+ ***************************************************************************/
-+
-+#include "test.h"
-+#include "testtrace.h"
-+
-+#include <curl/curl.h>
-+
-+static size_t cb_ignore(char *buffer, size_t size, size_t nmemb, void *userp)
-+{
-+ (void)buffer;
-+ (void)size;
-+ (void)nmemb;
-+ (void)userp;
-+ return CURL_WRITEFUNC_ERROR;
-+}
-+
-+CURLcode test(char *URL)
-+{
-+ CURL *curl;
-+ CURL *curldupe;
-+ CURLcode res = CURLE_OK;
-+
-+ global_init(CURL_GLOBAL_ALL);
-+ curl = curl_easy_init();
-+ if(curl) {
-+ curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, cb_ignore);
-+ curl_easy_setopt(curl, CURLOPT_URL, URL);
-+ curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
-+ curl_easy_setopt(curl, CURLOPT_PROXY, libtest_arg3);
-+ curl_easy_setopt(curl, CURLOPT_NETRC, (long)CURL_NETRC_REQUIRED);
-+ curl_easy_setopt(curl, CURLOPT_NETRC_FILE, libtest_arg2);
-+
-+ curldupe = curl_easy_duphandle(curl);
-+ if(curldupe) {
-+ res = curl_easy_perform(curldupe);
-+ printf("Returned %d, should be %d.\n", res, CURLE_WRITE_ERROR);
-+ fflush(stdout);
-+ curl_easy_cleanup(curldupe);
-+ }
-+ curl_easy_cleanup(curl);
-+ }
-+ curl_global_cleanup();
-+ return CURLE_OK;
-+}
diff --git a/net-misc/curl/files/curl-8.11.0-mbedtls-global-init.patch b/net-misc/curl/files/curl-8.11.0-mbedtls-global-init.patch
deleted file mode 100644
index 2c60da8..0000000
--- a/net-misc/curl/files/curl-8.11.0-mbedtls-global-init.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-https://github.com/curl/curl/commit/bcf8a848818ca0ca8d292c51c0ddeb93fa17fe62
-From: Stefan Eissing <stefan@eissing.org>
-Date: Thu, 7 Nov 2024 10:26:03 +0100
-Subject: [PATCH] mbedtls: call psa_crypt_init() in global init
-
-Run mbedtls' psa_crypt_init() in the general global init, optionally
-protected by mbedtls locks when available.
-
-CI: when building mbedtls, enabled thread safety
-
-Reported-by: wxiaoguang on github
-Fixes #15500
-Closes #15505
---- a/lib/vtls/mbedtls.c
-+++ b/lib/vtls/mbedtls.c
-@@ -54,7 +54,7 @@
- # ifdef MBEDTLS_DEBUG
- # include <mbedtls/debug.h>
- # endif
--#endif
-+#endif /* MBEDTLS_VERSION_MAJOR >= 2 */
-
- #include "cipher_suite.h"
- #include "strcase.h"
-@@ -122,7 +122,7 @@ struct mbed_ssl_backend_data {
- #define HAS_SESSION_TICKETS
- #endif
-
--#if defined(THREADING_SUPPORT)
-+#ifdef THREADING_SUPPORT
- static mbedtls_entropy_context ts_entropy;
-
- static int entropy_init_initialized = 0;
-@@ -585,16 +585,6 @@ mbed_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data)
- return CURLE_NOT_BUILT_IN;
- }
-
--#ifdef TLS13_SUPPORT
-- ret = psa_crypto_init();
-- if(ret != PSA_SUCCESS) {
-- mbedtls_strerror(ret, errorbuf, sizeof(errorbuf));
-- failf(data, "mbedTLS psa_crypto_init returned (-0x%04X) %s",
-- -ret, errorbuf);
-- return CURLE_SSL_CONNECT_ERROR;
-- }
--#endif /* TLS13_SUPPORT */
--
- #ifdef THREADING_SUPPORT
- mbedtls_ctr_drbg_init(&backend->ctr_drbg);
-
-@@ -1571,6 +1561,20 @@ static int mbedtls_init(void)
- #ifdef THREADING_SUPPORT
- entropy_init_mutex(&ts_entropy);
- #endif
-+#ifdef TLS13_SUPPORT
-+ {
-+ int ret;
-+#ifdef THREADING_SUPPORT
-+ Curl_mbedtlsthreadlock_lock_function(0);
-+#endif
-+ ret = psa_crypto_init();
-+#ifdef THREADING_SUPPORT
-+ Curl_mbedtlsthreadlock_unlock_function(0);
-+#endif
-+ if(ret != PSA_SUCCESS)
-+ return 0;
-+ }
-+#endif /* TLS13_SUPPORT */
- return 1;
- }
-
diff --git a/net-misc/curl/files/curl-8.11.0-netrc-large-file.patch b/net-misc/curl/files/curl-8.11.0-netrc-large-file.patch
deleted file mode 100644
index ba0e451..0000000
--- a/net-misc/curl/files/curl-8.11.0-netrc-large-file.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-https://github.com/curl/curl/commit/0cdde0fdfbeb8c35420f6d03fa4b77ed73497694
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Thu, 7 Nov 2024 17:03:54 +0100
-Subject: [PATCH] netrc: support large file, longer lines, longer tokens
-
-Regression from 3b43a05e000aa8f6 (shipped in 8.11.0)
-
-Reported-by: Moritz
-Fixes #15513
-Closes #15514
---- a/lib/netrc.c
-+++ b/lib/netrc.c
-@@ -58,9 +58,9 @@ enum found_state {
- #define NETRC_FAILED -1
- #define NETRC_SUCCESS 0
-
--#define MAX_NETRC_LINE 4096
--#define MAX_NETRC_FILE (64*1024)
--#define MAX_NETRC_TOKEN 128
-+#define MAX_NETRC_LINE 16384
-+#define MAX_NETRC_FILE (128*1024)
-+#define MAX_NETRC_TOKEN 4096
-
- static CURLcode file2memory(const char *filename, struct dynbuf *filebuf)
- {
diff --git a/net-misc/curl/files/curl-8.11.0-setopt-http_content_decoding.patch b/net-misc/curl/files/curl-8.11.0-setopt-http_content_decoding.patch
deleted file mode 100644
index 68621e8..0000000
--- a/net-misc/curl/files/curl-8.11.0-setopt-http_content_decoding.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-https://github.com/curl/curl/commit/878bc429f26c27294787dc59d7b53345d9edc5aa
-From: Jesus Malo Poyatos <jmalopoy@opentext.com>
-Date: Thu, 7 Nov 2024 14:00:53 +0100
-Subject: [PATCH] setopt: fix CURLOPT_HTTP_CONTENT_DECODING
-
-Regression from 30da1f5974d34841b30c4f (shipped in 8.11.0)
-
-Fixes #15511
-Closes #15510
---- a/lib/setopt.c
-+++ b/lib/setopt.c
-@@ -1146,7 +1146,7 @@ static CURLcode setopt_long(struct Curl_easy *data, CURLoption option,
- /*
- * raw data passed to the application when content encoding is used
- */
-- data->set.http_ce_skip = enabled;
-+ data->set.http_ce_skip = !enabled; /* reversed */
- break;
-
- #if !defined(CURL_DISABLE_FTP) || defined(USE_SSH)
diff --git a/net-misc/curl/files/curl-8.8.0-install-manpage.patch b/net-misc/curl/files/curl-8.8.0-install-manpage.patch
deleted file mode 100644
index f58ddae..0000000
--- a/net-misc/curl/files/curl-8.8.0-install-manpage.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-https://patch-diff.githubusercontent.com/raw/curl/curl/pull/13741
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Wed, 22 May 2024 08:43:43 +0200
-Subject: [PATCH] docs/Makefile.am: make curl-config.1 install
-
-on "make install" like it should
----
- docs/Makefile.am | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/docs/Makefile.am b/docs/Makefile.am
-index 83f5b0c461cc0f..e9ef6284860555 100644
---- a/docs/Makefile.am
-+++ b/docs/Makefile.am
-@@ -28,6 +28,7 @@ if BUILD_DOCS
- # if we disable man page building, ignore these
- MK_CA_DOCS = mk-ca-bundle.1
- CURLCONF_DOCS = curl-config.1
-+man_MANS = curl-config.1
- endif
-
- CURLPAGES = curl-config.md mk-ca-bundle.md
diff --git a/net-misc/curl/files/curl-8.8.0-mbedtls.patch b/net-misc/curl/files/curl-8.8.0-mbedtls.patch
deleted file mode 100644
index 8fa4d6e..0000000
--- a/net-misc/curl/files/curl-8.8.0-mbedtls.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-https://github.com/curl/curl/pull/13749
-From: Stefan Eissing <stefan@eissing.org>
-Date: Wed, 22 May 2024 14:44:56 +0200
-Subject: [PATCH] mbedtls, check version for cipher id
-
-- mbedtls_ssl_get_ciphersuite_id_from_ssl() seems to have
- been added in mbedtls 3.2.0. Check for that version.
---- a/lib/vtls/mbedtls.c
-+++ b/lib/vtls/mbedtls.c
-@@ -902,8 +902,6 @@ mbed_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data)
- (struct mbed_ssl_backend_data *)connssl->backend;
- struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
- const mbedtls_x509_crt *peercert;
-- char cipher_str[64];
-- uint16_t cipher_id;
- #ifndef CURL_DISABLE_PROXY
- const char * const pinnedpubkey = Curl_ssl_cf_is_proxy(cf)?
- data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY]:
-@@ -932,11 +930,18 @@ mbed_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data)
- return CURLE_SSL_CONNECT_ERROR;
- }
-
-- cipher_id = (uint16_t)
-- mbedtls_ssl_get_ciphersuite_id_from_ssl(&backend->ssl);
-- mbed_cipher_suite_get_str(cipher_id, cipher_str, sizeof(cipher_str), true);
-- infof(data, "mbedTLS: Handshake complete, cipher is %s", cipher_str);
--
-+#if MBEDTLS_VERSION_NUMBER >= 0x03020000
-+ {
-+ char cipher_str[64];
-+ uint16_t cipher_id;
-+ cipher_id = (uint16_t)
-+ mbedtls_ssl_get_ciphersuite_id_from_ssl(&backend->ssl);
-+ mbed_cipher_suite_get_str(cipher_id, cipher_str, sizeof(cipher_str), true);
-+ infof(data, "mbedTLS: Handshake complete, cipher is %s", cipher_str);
-+ }
-+#else
-+ infof(data, "mbedTLS: Handshake complete");
-+#endif
- ret = mbedtls_ssl_get_verify_result(&backend->ssl);
-
- if(!conn_config->verifyhost)
diff --git a/net-misc/curl/files/curl-8.8.0-multi_wait-timeout.patch b/net-misc/curl/files/curl-8.8.0-multi_wait-timeout.patch
deleted file mode 100644
index 38d8c1b..0000000
--- a/net-misc/curl/files/curl-8.8.0-multi_wait-timeout.patch
+++ /dev/null
@@ -1,75 +0,0 @@
-https://github.com/curl/curl/pull/13825
-From: Stefan Eissing <stefan@eissing.org>
-Date: Wed, 29 May 2024 17:13:34 +0200
-Subject: [PATCH] fix multi_wait() timeout handling
-
-- determine the actual poll timeout *after* all sockets
- have been collected. Protocols and connection filters may
- install new timeouts during collection.
-- add debug logging to test1533 where the mistake was noticed
-- refs #13782
---- a/lib/multi.c
-+++ b/lib/multi.c
-@@ -1366,13 +1366,6 @@ static CURLMcode multi_wait(struct Curl_multi *multi,
- if(timeout_ms < 0)
- return CURLM_BAD_FUNCTION_ARGUMENT;
-
-- /* If the internally desired timeout is actually shorter than requested from
-- the outside, then use the shorter time! But only if the internal timer
-- is actually larger than -1! */
-- (void)multi_timeout(multi, &timeout_internal);
-- if((timeout_internal >= 0) && (timeout_internal < (long)timeout_ms))
-- timeout_ms = (int)timeout_internal;
--
- memset(ufds, 0, ufds_len * sizeof(struct pollfd));
- memset(&ps, 0, sizeof(ps));
-
-@@ -1476,6 +1469,14 @@ static CURLMcode multi_wait(struct Curl_multi *multi,
- #endif
- #endif
-
-+ /* We check the internal timeout *AFTER* we collected all sockets to
-+ * poll. Collecting the sockets may install new timers by protocols
-+ * and connection filters.
-+ * Use the shorter one of the internal and the caller requested timeout. */
-+ (void)multi_timeout(multi, &timeout_internal);
-+ if((timeout_internal >= 0) && (timeout_internal < (long)timeout_ms))
-+ timeout_ms = (int)timeout_internal;
-+
- #if defined(ENABLE_WAKEUP) && defined(USE_WINSOCK)
- if(nfds || use_wakeup) {
- #else
---- a/tests/libtest/Makefile.inc
-+++ b/tests/libtest/Makefile.inc
-@@ -487,7 +487,7 @@ lib1551_SOURCES = lib1551.c $(SUPPORTFILES)
- lib1552_SOURCES = lib1552.c $(SUPPORTFILES) $(TESTUTIL)
- lib1552_LDADD = $(TESTUTIL_LIBS)
-
--lib1553_SOURCES = lib1553.c $(SUPPORTFILES) $(TESTUTIL)
-+lib1553_SOURCES = lib1553.c $(SUPPORTFILES) $(TSTTRACE) $(TESTUTIL)
- lib1553_LDADD = $(TESTUTIL_LIBS)
-
- lib1554_SOURCES = lib1554.c $(SUPPORTFILES)
---- a/tests/libtest/lib1553.c
-+++ b/tests/libtest/lib1553.c
-@@ -24,6 +24,7 @@
- #include "test.h"
-
- #include "testutil.h"
-+#include "testtrace.h"
- #include "warnless.h"
- #include "memdebug.h"
-
-@@ -74,6 +75,12 @@ CURLcode test(char *URL)
- easy_setopt(curls, CURLOPT_XFERINFOFUNCTION, xferinfo);
- easy_setopt(curls, CURLOPT_NOPROGRESS, 1L);
-
-+ libtest_debug_config.nohex = 1;
-+ libtest_debug_config.tracetime = 1;
-+ test_setopt(curls, CURLOPT_DEBUGDATA, &libtest_debug_config);
-+ easy_setopt(curls, CURLOPT_DEBUGFUNCTION, libtest_debug_cb);
-+ easy_setopt(curls, CURLOPT_VERBOSE, 1L);
-+
- multi_add_handle(multi, curls);
-
- multi_perform(multi, &still_running);
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [gentoo-commits] repo/proj/libressl:master commit in: net-misc/curl/, net-misc/curl/files/
@ 2025-04-15 15:56 orbea
0 siblings, 0 replies; 5+ messages in thread
From: orbea @ 2025-04-15 15:56 UTC (permalink / raw
To: gentoo-commits
commit: 20b82121b5a956b2a7051629d7532abc7188027a
Author: orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Tue Apr 15 14:17:55 2025 +0000
Commit: orbea <orbea <AT> riseup <DOT> net>
CommitDate: Tue Apr 15 14:17:55 2025 +0000
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=20b82121
net-misc/curl: add 8.13.0-r1
Signed-off-by: orbea <orbea <AT> riseup.net>
net-misc/curl/curl-8.13.0-r1.ebuild | 438 +++++++++++++++++++++
.../curl-8.11.1-async-thread-close-eventfd.patch | 33 --
.../files/curl-8.13.0-gssapi-non-ssl-build.patch | 28 ++
.../curl-8.13.0-hostip-correct-proxy-name.patch | 46 +++
.../curl-8.13.0-http2-stream-window-size.patch | 143 +++++++
.../files/curl-8.13.0-httpsrr-target-check.patch | 22 ++
net-misc/curl/files/curl-8.13.0-krb5-ftp.patch | 19 +
.../curl-8.13.0-openssl-quic-stream-shutdown.patch | 44 +++
net-misc/curl/files/curl-prefix-3.patch | 34 --
9 files changed, 740 insertions(+), 67 deletions(-)
diff --git a/net-misc/curl/curl-8.13.0-r1.ebuild b/net-misc/curl/curl-8.13.0-r1.ebuild
new file mode 100644
index 0000000..c6aeba5
--- /dev/null
+++ b/net-misc/curl/curl-8.13.0-r1.ebuild
@@ -0,0 +1,438 @@
+# Copyright 1999-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Maintainers should subscribe to the 'curl-distros' ML for backports etc
+# https://daniel.haxx.se/blog/2024/03/25/curl-distro-report/
+# https://lists.haxx.se/listinfo/curl-distros
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/danielstenberg.asc
+inherit autotools multilib-minimal multiprocessing prefix toolchain-funcs verify-sig
+
+DESCRIPTION="A Client that groks URLs"
+HOMEPAGE="https://curl.se/"
+
+if [[ ${PV} == 9999 ]]; then
+ inherit git-r3
+ EGIT_REPO_URI="https://github.com/curl/curl.git"
+else
+ if [[ ${P} == *rc* ]]; then
+ CURL_URI="https://curl.se/rc/"
+ S="${WORKDIR}/${P//_/-}"
+ else
+ CURL_URI="https://curl.se/download/"
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+ fi
+ SRC_URI="
+ ${CURL_URI}${P//_/-}.tar.xz
+ verify-sig? ( ${CURL_URI}${P//_/-}.tar.xz.asc )
+ "
+fi
+
+LICENSE="BSD curl ISC test? ( BSD-4 )"
+SLOT="0"
+IUSE="+adns +alt-svc brotli debug ech +ftp gnutls gopher +hsts +http2 +http3 +httpsrr idn +imap kerberos ldap"
+IUSE+=" mbedtls +openssl +pop3 +psl +quic rtmp rustls samba sasl-scram +smtp ssh ssl static-libs test"
+IUSE+=" telnet +tftp +websockets zstd"
+# These select the default tls implementation / which quic impl to use
+IUSE+=" curl_quic_openssl +curl_quic_ngtcp2 curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls"
+RESTRICT="!test? ( test )"
+
+# HTTPS RR is technically usable with the threaded resolver, but it still uses c-ares to
+# ask for the HTTPS RR record type; if DoH is in use the HTTPS record will be requested
+# in addition to A and AAAA records.
+
+# To simplify dependency management in the ebuild we'll require c-ares for HTTPS RR (for now?).
+# HTTPS RR in cURL is a dependency for:
+# - ECH (requires patched openssl or gnutls currently, enabled with rustls)
+# - Fetching the ALPN list which should provide a better HTTP/3 experience.
+
+# Only one default ssl / quic provider can be enabled
+# The default provider needs its USE satisfied
+# HTTP/3 and MultiSSL are mutually exclusive; it's not clear if MultiSSL offers any benefit at all in the modern day.
+# https://github.com/curl/curl/commit/65ece771f4602107d9cdd339dff4b420280a2c2e
+REQUIRED_USE="
+ ech? ( rustls )
+ httpsrr? ( adns )
+ quic? (
+ !curl_quic_openssl
+ curl_quic_ngtcp2
+ http3
+ ssl
+ )
+ ssl? (
+ ^^ (
+ curl_ssl_gnutls
+ curl_ssl_mbedtls
+ curl_ssl_openssl
+ curl_ssl_rustls
+ )
+ )
+ curl_quic_openssl? (
+ curl_ssl_openssl
+ quic
+ !gnutls
+ !mbedtls
+ !rustls
+ )
+ curl_quic_ngtcp2? (
+ quic
+ !mbedtls
+ !rustls
+ )
+ curl_ssl_gnutls? ( gnutls )
+ curl_ssl_mbedtls? ( mbedtls )
+ curl_ssl_openssl? ( openssl )
+ curl_ssl_rustls? ( rustls )
+ http3? ( alt-svc httpsrr quic )
+"
+
+# cURL's docs and CI/CD are great resources for confirming supported versions
+# particulary for fast-moving targets like HTTP/2 and TCP/2 e.g.:
+# - https://github.com/curl/curl/blob/master/docs/INTERNALS.md (core dependencies + minimum versions)
+# - https://github.com/curl/curl/blob/master/docs/HTTP3.md (example of a feature that moves quickly)
+# - https://github.com/curl/curl/blob/master/.github/workflows/http3-linux.yml (CI/CD for TCP/2)
+# However 'supported' vs 'works' are two entirely different things; be sane but
+# don't be afraid to require a later version.
+# ngtcp2 = https://bugs.gentoo.org/912029 - can only build with one tls backend at a time.
+RDEPEND="
+ >=sys-libs/zlib-1.2.5[${MULTILIB_USEDEP}]
+ adns? ( >=net-dns/c-ares-1.16.0:=[${MULTILIB_USEDEP}] )
+ brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
+ http2? ( >=net-libs/nghttp2-1.15.0:=[${MULTILIB_USEDEP}] )
+ http3? ( >=net-libs/nghttp3-1.1.0[${MULTILIB_USEDEP}] )
+ idn? ( >=net-dns/libidn2-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
+ kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
+ ldap? ( >=net-nds/openldap-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
+ psl? ( net-libs/libpsl[${MULTILIB_USEDEP}] )
+ quic? (
+ curl_quic_openssl? ( >=dev-libs/openssl-3.3.0:=[quic,${MULTILIB_USEDEP}] )
+ curl_quic_ngtcp2? ( >=net-libs/ngtcp2-1.2.0[ssl,openssl,${MULTILIB_USEDEP}] )
+ )
+ rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
+ ssh? ( >=net-libs/libssh2-1.2.8[${MULTILIB_USEDEP}] )
+ sasl-scram? ( >=net-misc/gsasl-2.2.0[static-libs?,${MULTILIB_USEDEP}] )
+ ssl? (
+ gnutls? (
+ app-misc/ca-certificates
+ >=net-libs/gnutls-3.1.10:=[static-libs?,${MULTILIB_USEDEP}]
+ dev-libs/nettle:=[${MULTILIB_USEDEP}]
+ )
+ mbedtls? (
+ app-misc/ca-certificates
+ net-libs/mbedtls:0=[${MULTILIB_USEDEP}]
+ )
+ openssl? (
+ >=dev-libs/openssl-1.0.2:=[static-libs?,${MULTILIB_USEDEP}]
+ )
+ rustls? (
+ >=net-libs/rustls-ffi-0.15.0:=[${MULTILIB_USEDEP}]
+ )
+ )
+ zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )
+"
+
+DEPEND="${RDEPEND}"
+
+BDEPEND="
+ dev-lang/perl
+ virtual/pkgconfig
+ test? (
+ sys-apps/diffutils
+ http2? ( >=net-libs/nghttp2-1.15.0:=[utils,${MULTILIB_USEDEP}] )
+ http3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] )
+ )
+ verify-sig? ( sec-keys/openpgp-keys-danielstenberg )
+"
+
+DOCS=( README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
+
+MULTILIB_WRAPPED_HEADERS=(
+ /usr/include/curl/curlbuild.h
+)
+
+MULTILIB_CHOST_TOOLS=(
+ /usr/bin/curl-config
+)
+
+QA_CONFIG_IMPL_DECL_SKIP=(
+ __builtin_available
+ closesocket
+ CloseSocket
+ getpass_r
+ ioctlsocket
+ IoctlSocket
+ mach_absolute_time
+ setmode
+ _fseeki64
+ # custom AC_LINK_IFELSE code fails to link even without -Werror
+ OSSL_QUIC_client_method
+)
+
+PATCHES=(
+ "${FILESDIR}/${PN}-prefix-4.patch"
+ "${FILESDIR}/${PN}-respect-cflags-3.patch"
+ "${FILESDIR}/${P}-gssapi-non-ssl-build.patch"
+ "${FILESDIR}/${P}-hostip-correct-proxy-name.patch"
+ "${FILESDIR}/${P}-http2-stream-window-size.patch"
+ "${FILESDIR}/${P}-httpsrr-target-check.patch"
+ "${FILESDIR}/${P}-krb5-ftp.patch"
+ "${FILESDIR}/${P}-openssl-quic-stream-shutdown.patch"
+)
+
+src_prepare() {
+ default
+
+ eprefixify curl-config.in
+ eautoreconf
+}
+
+# Generates TLS-related configure options based on USE flags.
+# Outputs options suitable for appending to a configure options array.
+_get_curl_tls_configure_opts() {
+ local tls_opts=()
+
+ local backend flag_name
+ for backend in gnutls mbedtls openssl rustls; do
+ if [[ "$backend" == "openssl" ]]; then
+ flag_name="ssl"
+ tls_opts+=( "--with-ca-path=${EPREFIX}/etc/ssl/certs")
+ else
+ flag_name="$backend"
+ fi
+
+ if use "$backend"; then
+ tls_opts+=( "--with-${flag_name}" )
+ else
+ # If a single backend is enabled, 'ssl' is required, openssl is the default / fallback
+ if ! [[ "$backend" == "openssl" ]]; then
+ tls_opts+=( "--without-${flag_name}" )
+ fi
+ fi
+ done
+
+ if use curl_ssl_gnutls; then
+ multilib_is_native_abi && einfo "Default TLS backend: gnutls"
+ tls_opts+=( "--with-default-ssl-backend=gnutls" )
+ elif use curl_ssl_mbedtls; then
+ multilib_is_native_abi && einfo "Default TLS backend: mbedtls"
+ tls_opts+=( "--with-default-ssl-backend=mbedtls" )
+ elif use curl_ssl_openssl; then
+ multilib_is_native_abi && einfo "Default TLS backend: openssl"
+ tls_opts+=( "--with-default-ssl-backend=openssl" )
+ elif use curl_ssl_rustls; then
+ multilib_is_native_abi && einfo "Default TLS backend: rustls"
+ tls_opts+=( "--with-default-ssl-backend=rustls" )
+ else
+ eerror "We can't be here because of REQUIRED_USE."
+ die "Please file a bug, hit impossible condition w/ USE=ssl handling."
+ fi
+
+ # Explicitly Disable unimplemented b
+ tls_opts+=(
+ --without-amissl
+ --without-bearssl
+ --without-wolfssl
+ )
+
+ printf "%s\n" "${tls_opts[@]}"
+}
+
+multilib_src_configure() {
+ # We make use of the fact that later flags override earlier ones
+ # So start with all ssl providers off until proven otherwise
+ # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
+ local myconf=()
+
+ myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
+ if use ssl; then
+ local -a tls_backend_opts
+ readarray -t tls_backend_opts < <(_get_curl_tls_configure_opts)
+ myconf+=("${tls_backend_opts[@]}")
+ else
+ myconf+=( --without-ssl )
+ einfo "SSL disabled"
+ fi
+
+ # These configuration options are organised alphabetically by category/type
+
+ # Protocols
+ # `grep SUPPORT_PROTOCOLS=\" configure.ac | awk '{ print substr($2, 1, length($2)-1)}' | sort`
+ # Assume that anything omitted (that is not new!) is enabled by default with no deps
+ myconf+=(
+ --enable-file
+ $(use_enable ftp)
+ $(use_enable gopher)
+ --enable-http
+ $(use_enable imap) # Automatic IMAPS if TLS is enabled
+ $(use_enable ldap ldaps)
+ $(use_enable ldap)
+ $(use_enable pop3)
+ $(use_enable samba smb)
+ $(use_with ssh libssh2) # enables scp/sftp
+ $(use_with rtmp librtmp)
+ --enable-rtsp
+ $(use_enable smtp)
+ $(use_enable telnet)
+ $(use_enable tftp)
+ $(use_enable websockets)
+ )
+
+ # Keep various 'HTTP-flavoured' options together
+ myconf+=(
+ $(use_enable alt-svc)
+ $(use_enable hsts)
+ $(use_enable httpsrr)
+ $(use_with http2 nghttp2)
+ $(use_with http3 nghttp3)
+ $(use_with curl_quic_ngtcp2 ngtcp2)
+ $(use_with curl_quic_openssl openssl-quic)
+ )
+
+ # --enable/disable options
+ # `grep -- --enable configure | grep Check | awk '{ print $4 }' | sort`
+ myconf+=(
+ $(use_enable adns ares)
+ --enable-aws
+ --enable-basic-auth
+ --enable-bearer-auth
+ --enable-cookies
+ --enable-dateparse
+ --enable-dict
+ --enable-digest-auth
+ --enable-dnsshuffle
+ --enable-doh
+ $(use_enable ech)
+ --enable-http-auth
+ --enable-ipv6
+ --enable-kerberos-auth
+ --enable-largefile
+ --enable-manual
+ --enable-mime
+ --enable-negotiate-auth
+ --enable-netrc
+ --enable-ntlm
+ --enable-progress-meter
+ --enable-proxy
+ --enable-rt
+ --enable-socketpair
+ --disable-sspi
+ $(use_enable static-libs static)
+ --enable-symbol-hiding
+ --enable-tls-srp
+ --disable-versioned-symbols
+ )
+
+ # --with/without options
+ # `grep -- --with configure | grep Check | awk '{ print $4 }' | sort`
+ myconf+=(
+ $(use_with brotli)
+ --with-fish-functions-dir="${EPREFIX}"/usr/share/fish/vendor_completions.d
+ $(use_with idn libidn2)
+ $(use_with kerberos gssapi "${EPREFIX}"/usr)
+ $(use_with sasl-scram libgsasl)
+ $(use_with psl libpsl)
+ --without-msh3
+ --without-quiche
+ --without-schannel
+ --without-secure-transport
+ --without-winidn
+ --with-zlib
+ --with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions
+ $(use_with zstd)
+ )
+
+ # Test deps (disabled)
+ myconf+=(
+ --without-test-caddy
+ --without-test-httpd
+ --without-test-nghttpx
+ )
+
+ if use debug; then
+ myconf+=(
+ --enable-debug
+ )
+ fi
+
+ if use test && multilib_is_native_abi && ( use http2 || use http3 ); then
+ myconf+=(
+ --with-test-nghttpx="${BROOT}/usr/bin/nghttpx"
+ )
+ fi
+
+ # Since 8.12.0 adns/c-ares and the threaded resolver are mutually exclusive
+ # This is in support of some work to enable `httpsrr` to use adns and the rest
+ # of curl to use the threaded resolver; for us `httpsrr` is conditional on adns.
+ if use adns; then
+ myconf+=(
+ --disable-threaded-resolver
+ )
+ else
+ myconf+=(
+ --enable-threaded-resolver
+ )
+ fi
+
+ ECONF_SOURCE="${S}" econf "${myconf[@]}"
+
+ if ! multilib_is_native_abi; then
+ # Avoid building the client (we just want libcurl for multilib)
+ sed -i -e '/SUBDIRS/s:src::' Makefile || die
+ sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
+ fi
+
+}
+
+multilib_src_compile() {
+ default
+
+ if multilib_is_native_abi; then
+ # Shell completions
+ ! tc-is-cross-compiler && emake -C scripts
+ fi
+}
+
+# There is also a pytest harness that tests for bugs in some very specific
+# situations; we can rely on upstream for this rather than adding additional test deps.
+multilib_src_test() {
+ # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
+ # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
+ # -v: verbose
+ # -a: keep going on failure (so we see everything that breaks, not just 1st test)
+ # -k: keep test files after completion
+ # -am: automake style TAP output
+ # -p: print logs if test fails
+ # Note: if needed, we can skip specific tests. See e.g. Fedora's packaging
+ # or just read https://github.com/curl/curl/tree/master/tests#run.
+ # Note: we don't run the testsuite for cross-compilation.
+ # Upstream recommend 7*nproc as a starting point for parallel tests, but
+ # this ends up breaking when nproc is huge (like -j80).
+ # The network sandbox causes tests 241 and 1083 to fail; these are typically skipped
+ # as most gentoo users don't have an 'ip6-localhost'
+ multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p -j$((2*$(makeopts_jobs))) !241 !1083"
+}
+
+multilib_src_install() {
+ emake DESTDIR="${D}" install
+
+ if multilib_is_native_abi; then
+ # Shell completions
+ ! tc-is-cross-compiler && emake -C scripts DESTDIR="${D}" install
+ fi
+}
+
+multilib_src_install_all() {
+ einstalldocs
+ find "${ED}" -type f -name '*.la' -delete || die
+ rm -rf "${ED}"/etc/ || die
+}
+
+pkg_postinst() {
+ if use debug; then
+ ewarn "USE=debug has been selected, enabling debug codepaths and making cURL extra verbose."
+ ewarn "Use this _only_ for testing. Debug builds should _not_ be used in anger."
+ ewarn "hic sunt dracones; you have been warned."
+ fi
+}
diff --git a/net-misc/curl/files/curl-8.11.1-async-thread-close-eventfd.patch b/net-misc/curl/files/curl-8.11.1-async-thread-close-eventfd.patch
deleted file mode 100644
index 2bdfc51..0000000
--- a/net-misc/curl/files/curl-8.11.1-async-thread-close-eventfd.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-https://github.com/curl/curl/commit/ff5091aa9f73802e894b1cbdf24ab84e103200e2
-From: Andy Pan <i@andypan.me>
-Date: Thu, 12 Dec 2024 12:48:56 +0000
-Subject: [PATCH] async-thread: avoid closing eventfd twice
-
-When employing eventfd for socketpair, there is only one file
-descriptor. Closing that fd twice might result in fd corruption.
-Thus, we should avoid closing the eventfd twice, following the
-pattern in lib/multi.c.
-
-Fixes #15725
-Closes #15727
-Reported-by: Christian Heusel
----
- lib/asyn-thread.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/lib/asyn-thread.c b/lib/asyn-thread.c
-index a58e4b790494ab..32d496b107cb0a 100644
---- a/lib/asyn-thread.c
-+++ b/lib/asyn-thread.c
-@@ -195,9 +195,11 @@ void destroy_thread_sync_data(struct thread_sync_data *tsd)
- * close one end of the socket pair (may be done in resolver thread);
- * the other end (for reading) is always closed in the parent thread.
- */
-+#ifndef USE_EVENTFD
- if(tsd->sock_pair[1] != CURL_SOCKET_BAD) {
- wakeup_close(tsd->sock_pair[1]);
- }
-+#endif
- #endif
- memset(tsd, 0, sizeof(*tsd));
- }
diff --git a/net-misc/curl/files/curl-8.13.0-gssapi-non-ssl-build.patch b/net-misc/curl/files/curl-8.13.0-gssapi-non-ssl-build.patch
new file mode 100644
index 0000000..cd9bde1
--- /dev/null
+++ b/net-misc/curl/files/curl-8.13.0-gssapi-non-ssl-build.patch
@@ -0,0 +1,28 @@
+https://github.com/curl/curl/commit/fe5f435b42a6c928b57c61db5d57f96b5c5a39be
+From: Andrew <akirillo@uk.ibm.com>
+Date: Wed, 2 Apr 2025 13:45:21 +0100
+Subject: [PATCH] http_negotiate: fix non-SSL build with GSSAPI
+
+Fixes #16919
+Closes #16921
+--- a/lib/http_negotiate.c
++++ b/lib/http_negotiate.c
+@@ -110,8 +110,8 @@ CURLcode Curl_input_negotiate(struct Curl_easy *data, struct connectdata *conn,
+ #endif
+ /* Check if the connection is using SSL and get the channel binding data */
+ #ifdef HAVE_GSSAPI
+- Curl_dyn_init(&neg_ctx->channel_binding_data, SSL_CB_MAX_SIZE + 1);
+ #ifdef USE_SSL
++ Curl_dyn_init(&neg_ctx->channel_binding_data, SSL_CB_MAX_SIZE + 1);
+ if(Curl_conn_is_ssl(conn, FIRSTSOCKET)) {
+ result = Curl_ssl_get_channel_binding(
+ data, FIRSTSOCKET, &neg_ctx->channel_binding_data);
+@@ -120,6 +120,8 @@ CURLcode Curl_input_negotiate(struct Curl_easy *data, struct connectdata *conn,
+ return result;
+ }
+ }
++#else
++ Curl_dyn_init(&neg_ctx->channel_binding_data, 1);
+ #endif /* USE_SSL */
+ #endif /* HAVE_GSSAPI */
+
diff --git a/net-misc/curl/files/curl-8.13.0-hostip-correct-proxy-name.patch b/net-misc/curl/files/curl-8.13.0-hostip-correct-proxy-name.patch
new file mode 100644
index 0000000..18965c9
--- /dev/null
+++ b/net-misc/curl/files/curl-8.13.0-hostip-correct-proxy-name.patch
@@ -0,0 +1,46 @@
+https://github.com/curl/curl/commit/db3e7a24b5339860fb91cf0d932e8ae13a01e472
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Fri, 4 Apr 2025 12:34:09 +0200
+Subject: [PATCH] hostip: show the correct name on proxy resolve error
+
+Regression, probably from 8ded8e5f3f4b6586399 (#16451)
+
+Fixes #16958
+Reported-by: Jean-Christophe Amiel
+Closes #16961
+--- a/lib/hostip.c
++++ b/lib/hostip.c
+@@ -1494,25 +1494,21 @@ CURLcode Curl_once_resolved(struct Curl_easy *data, bool *protocol_done)
+ #ifdef USE_CURL_ASYNC
+ CURLcode Curl_resolver_error(struct Curl_easy *data)
+ {
+- const char *host_or_proxy;
+- CURLcode result;
++ struct connectdata *conn = data->conn;
++ const char *host_or_proxy = "host";
++ const char *name = conn->host.dispname;
++ CURLcode result = CURLE_COULDNT_RESOLVE_HOST;
+
+ #ifndef CURL_DISABLE_PROXY
+- struct connectdata *conn = data->conn;
+- if(conn->bits.httpproxy) {
++ if(conn->bits.proxy) {
+ host_or_proxy = "proxy";
+ result = CURLE_COULDNT_RESOLVE_PROXY;
++ name = conn->socks_proxy.host.name ? conn->socks_proxy.host.dispname :
++ conn->http_proxy.host.dispname;
+ }
+- else
+ #endif
+- {
+- host_or_proxy = "host";
+- result = CURLE_COULDNT_RESOLVE_HOST;
+- }
+-
+- failf(data, "Could not resolve %s: %s", host_or_proxy,
+- data->conn->host.dispname);
+
++ failf(data, "Could not resolve %s: %s", host_or_proxy, name);
+ return result;
+ }
+ #endif /* USE_CURL_ASYNC */
diff --git a/net-misc/curl/files/curl-8.13.0-http2-stream-window-size.patch b/net-misc/curl/files/curl-8.13.0-http2-stream-window-size.patch
new file mode 100644
index 0000000..f16c137
--- /dev/null
+++ b/net-misc/curl/files/curl-8.13.0-http2-stream-window-size.patch
@@ -0,0 +1,143 @@
+https://github.com/curl/curl/commit/5fbd78eb2dc4afbd8884e8eed27147fc3d4318f6
+From: Stefan Eissing <stefan@eissing.org>
+Date: Fri, 4 Apr 2025 10:43:13 +0200
+Subject: [PATCH] http2: fix stream window size after unpausing
+
+When pausing a HTTP/2 transfer, the stream's local window size
+is reduced to 0 to prevent the server from sending further data
+which curl cannot write out to the application.
+
+When unpausing again, the stream's window size was not correctly
+increased again. The attempt to trigger a window update was
+ignored by nghttp2, the server never received it and the transfer
+stalled.
+
+Add a debug feature to allow use of small window sizes which
+reproduces this bug in test_02_21.
+
+Fixes #16955
+Closes #16960
+--- a/docs/libcurl/libcurl-env-dbg.md
++++ b/docs/libcurl/libcurl-env-dbg.md
+@@ -147,3 +147,8 @@ Make a blocking, graceful shutdown of all remaining connections when
+ a multi handle is destroyed. This implicitly triggers for easy handles
+ that are run via easy_perform. The value of the environment variable
+ gives the shutdown timeout in milliseconds.
++
++## `CURL_H2_STREAM_WIN_MAX`
++
++Set to a positive 32-bit number to override the HTTP/2 stream window's
++default of 10MB. Used in testing to verify correct window update handling.
+--- a/lib/http2.c
++++ b/lib/http2.c
+@@ -44,6 +44,7 @@
+ #include "connect.h"
+ #include "rand.h"
+ #include "strdup.h"
++#include "strparse.h"
+ #include "transfer.h"
+ #include "dynbuf.h"
+ #include "headers.h"
+@@ -141,6 +142,9 @@ struct cf_h2_ctx {
+ uint32_t goaway_error; /* goaway error code from server */
+ int32_t remote_max_sid; /* max id processed by server */
+ int32_t local_max_sid; /* max id processed by us */
++#ifdef DEBUGBUILD
++ int32_t stream_win_max; /* max h2 stream window size */
++#endif
+ BIT(initialized);
+ BIT(via_h1_upgrade);
+ BIT(conn_closed);
+@@ -166,6 +170,18 @@ static void cf_h2_ctx_init(struct cf_h2_ctx *ctx, bool via_h1_upgrade)
+ Curl_hash_offt_init(&ctx->streams, 63, h2_stream_hash_free);
+ ctx->remote_max_sid = 2147483647;
+ ctx->via_h1_upgrade = via_h1_upgrade;
++#ifdef DEBUGBUILD
++ {
++ const char *p = getenv("CURL_H2_STREAM_WIN_MAX");
++
++ ctx->stream_win_max = H2_STREAM_WINDOW_SIZE_MAX;
++ if(p) {
++ curl_off_t l;
++ if(!Curl_str_number(&p, &l, INT_MAX))
++ ctx->stream_win_max = (int32_t)l;
++ }
++ }
++#endif
+ ctx->initialized = TRUE;
+ }
+
+@@ -285,7 +301,15 @@ static int32_t cf_h2_get_desired_local_win(struct Curl_cfilter *cf,
+ * This gets less precise the higher the latency. */
+ return (int32_t)data->set.max_recv_speed;
+ }
++#ifdef DEBUGBUILD
++ else {
++ struct cf_h2_ctx *ctx = cf->ctx;
++ CURL_TRC_CF(data, cf, "stream_win_max=%d", ctx->stream_win_max);
++ return ctx->stream_win_max;
++ }
++#else
+ return H2_STREAM_WINDOW_SIZE_MAX;
++#endif
+ }
+
+ static CURLcode cf_h2_update_local_win(struct Curl_cfilter *cf,
+@@ -302,6 +326,13 @@ static CURLcode cf_h2_update_local_win(struct Curl_cfilter *cf,
+ int32_t wsize = nghttp2_session_get_stream_effective_local_window_size(
+ ctx->h2, stream->id);
+ if(dwsize > wsize) {
++ rv = nghttp2_session_set_local_window_size(ctx->h2, NGHTTP2_FLAG_NONE,
++ stream->id, dwsize);
++ if(rv) {
++ failf(data, "[%d] nghttp2 set_local_window_size(%d) failed: "
++ "%s(%d)", stream->id, dwsize, nghttp2_strerror(rv), rv);
++ return CURLE_HTTP2;
++ }
+ rv = nghttp2_submit_window_update(ctx->h2, NGHTTP2_FLAG_NONE,
+ stream->id, dwsize - wsize);
+ if(rv) {
+--- a/tests/http/test_02_download.py
++++ b/tests/http/test_02_download.py
+@@ -313,9 +313,9 @@ def test_02_20_h2_small_frames(self, env: Env, httpd):
+ assert httpd.stop()
+ assert httpd.start()
+
+- # download via lib client, 1 at a time, pause/resume at different offsets
++ # download serial via lib client, pause/resume at different offsets
+ @pytest.mark.parametrize("pause_offset", [0, 10*1024, 100*1023, 640000])
+- @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])
++ @pytest.mark.parametrize("proto", ['http/1.1', 'h3'])
+ def test_02_21_lib_serial(self, env: Env, httpd, nghttpx, proto, pause_offset):
+ if proto == 'h3' and not env.have_h3():
+ pytest.skip("h3 not supported")
+@@ -332,6 +332,29 @@ def test_02_21_lib_serial(self, env: Env, httpd, nghttpx, proto, pause_offset):
+ srcfile = os.path.join(httpd.docs_dir, docname)
+ self.check_downloads(client, srcfile, count)
+
++ # h2 download parallel via lib client, pause/resume at different offsets
++ # debug-override stream window size to reproduce #16955
++ @pytest.mark.parametrize("pause_offset", [0, 10*1024, 100*1023, 640000])
++ @pytest.mark.parametrize("swin_max", [0, 10*1024])
++ def test_02_21_h2_lib_serial(self, env: Env, httpd, pause_offset, swin_max):
++ proto = 'h2'
++ count = 2
++ docname = 'data-10m'
++ url = f'https://localhost:{env.https_port}/{docname}'
++ run_env = os.environ.copy()
++ run_env['CURL_DEBUG'] = 'multi,http/2'
++ if swin_max > 0:
++ run_env['CURL_H2_STREAM_WIN_MAX'] = f'{swin_max}'
++ client = LocalClient(name='hx-download', env=env, run_env=run_env)
++ if not client.exists():
++ pytest.skip(f'example client not built: {client.name}')
++ r = client.run(args=[
++ '-n', f'{count}', '-P', f'{pause_offset}', '-V', proto, url
++ ])
++ r.check_exit_code(0)
++ srcfile = os.path.join(httpd.docs_dir, docname)
++ self.check_downloads(client, srcfile, count)
++
+ # download via lib client, several at a time, pause/resume
+ @pytest.mark.parametrize("pause_offset", [100*1023])
+ @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])
diff --git a/net-misc/curl/files/curl-8.13.0-httpsrr-target-check.patch b/net-misc/curl/files/curl-8.13.0-httpsrr-target-check.patch
new file mode 100644
index 0000000..880a676
--- /dev/null
+++ b/net-misc/curl/files/curl-8.13.0-httpsrr-target-check.patch
@@ -0,0 +1,22 @@
+https://github.com/curl/curl/commit/4f3c22d77d752fea6ff9ab2706f70d58882ea466
+From: Stefan Eissing <stefan@eissing.org>
+Date: Fri, 4 Apr 2025 18:10:28 +0200
+Subject: [PATCH] https-connect, fix httpsrr target check
+
+The HTTPSRR check on the record's target was not working as it used the
+wrong index on the NUL byte if the target was not NULL.
+
+Fixes #16966
+Reported-by: Pavel Kropachev
+Closes #16968
+--- a/lib/cf-https-connect.c
++++ b/lib/cf-https-connect.c
+@@ -673,7 +673,7 @@ CURLcode Curl_cf_https_setup(struct Curl_easy *data,
+ (!conn->dns_entry->hinfo->target || /* for same host */
+ !conn->dns_entry->hinfo->target[0] ||
+ (conn->dns_entry->hinfo->target[0] == '.' &&
+- !conn->dns_entry->hinfo->target[0])) &&
++ !conn->dns_entry->hinfo->target[1])) &&
+ (conn->dns_entry->hinfo->port < 0 || /* for same port */
+ conn->dns_entry->hinfo->port == conn->remote_port)) {
+ size_t i;
diff --git a/net-misc/curl/files/curl-8.13.0-krb5-ftp.patch b/net-misc/curl/files/curl-8.13.0-krb5-ftp.patch
new file mode 100644
index 0000000..5d59ed9
--- /dev/null
+++ b/net-misc/curl/files/curl-8.13.0-krb5-ftp.patch
@@ -0,0 +1,19 @@
+https://github.com/curl/curl/commit/5caba3bd97a14b64d906ece77bc0e2b339161a1f
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 3 Apr 2025 08:49:20 +0200
+Subject: [PATCH] curl_krb5: only use functions if FTP is still enabled
+
+Reported-by: x1sc0 on github
+Fixes #16925
+Closes #16931
+--- a/lib/curl_krb5.h
++++ b/lib/curl_krb5.h
+@@ -39,7 +39,7 @@ struct Curl_sec_client_mech {
+ #define AUTH_CONTINUE 1
+ #define AUTH_ERROR 2
+
+-#ifdef HAVE_GSSAPI
++#if defined(HAVE_GSSAPI) && !defined(CURL_DISABLE_FTP)
+ void Curl_sec_conn_init(struct connectdata *);
+ void Curl_sec_conn_destroy(struct connectdata *);
+ int Curl_sec_read_msg(struct Curl_easy *data, struct connectdata *conn, char *,
diff --git a/net-misc/curl/files/curl-8.13.0-openssl-quic-stream-shutdown.patch b/net-misc/curl/files/curl-8.13.0-openssl-quic-stream-shutdown.patch
new file mode 100644
index 0000000..acb8fa9
--- /dev/null
+++ b/net-misc/curl/files/curl-8.13.0-openssl-quic-stream-shutdown.patch
@@ -0,0 +1,44 @@
+https://github.com/curl/curl/commit/219302b4e64e2337c50d86056e9af2103b281e7e
+From: Stefan Eissing <stefan@eissing.org>
+Date: Wed, 9 Apr 2025 11:01:54 +0200
+Subject: [PATCH] openssl-quic: fix shutdown when stream not open
+
+Check that h3 stream had been opened before telling nghttp3 to
+shut it down.
+
+Fixes #16998
+Reported-by: Demi Marie Obenour
+Closes #17003
+--- a/lib/vquic/curl_osslq.c
++++ b/lib/vquic/curl_osslq.c
+@@ -654,7 +654,7 @@ static void h3_data_done(struct Curl_cfilter *cf, struct Curl_easy *data)
+ if(stream) {
+ CURL_TRC_CF(data, cf, "[%"FMT_PRId64"] easy handle is done",
+ stream->s.id);
+- if(ctx->h3.conn && !stream->closed) {
++ if(ctx->h3.conn && (stream->s.id >= 0) && !stream->closed) {
+ nghttp3_conn_shutdown_stream_read(ctx->h3.conn, stream->s.id);
+ nghttp3_conn_close_stream(ctx->h3.conn, stream->s.id,
+ NGHTTP3_H3_REQUEST_CANCELLED);
+--- a/tests/http/test_01_basic.py
++++ b/tests/http/test_01_basic.py
+@@ -242,3 +242,19 @@ def test_01_15_gigalarge_resp_headers(self, env: Env, httpd, proto):
+ r.check_exit_code(16) # CURLE_HTTP2
+ else:
+ r.check_exit_code(100) # CURLE_TOO_LARGE
++
++ # http: invalid request headers, GET, issue #16998
++ @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])
++ def test_01_16_inv_req_get(self, env: Env, httpd, proto):
++ if proto == 'h3' and not env.have_h3():
++ pytest.skip("h3 not supported")
++ curl = CurlClient(env=env)
++ url = f'https://{env.authority_for(env.domain1, proto)}/curltest/echo'
++ r = curl.http_get(url=url, alpn_proto=proto, extra_args=[
++ '-H', "a: a\x0ab"
++ ])
++ # on h1, request is sent, h2/h3 reject
++ if proto == 'http/1.1':
++ r.check_exit_code(0)
++ else:
++ r.check_exit_code(43)
diff --git a/net-misc/curl/files/curl-prefix-3.patch b/net-misc/curl/files/curl-prefix-3.patch
deleted file mode 100644
index cebca0b..0000000
--- a/net-misc/curl/files/curl-prefix-3.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 6927ecf38cf3372d539c88479e97707d855de07e Mon Sep 17 00:00:00 2001
-From: Matt Jolly <kangie@gentoo.org>
-Date: Sun, 10 Nov 2024 08:51:02 +1000
-Subject: [PATCH] Update prefix patch for 8.11.0
-
----
- curl-config.in | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/curl-config.in b/curl-config.in
-index 2dc40ed..1876d6c 100644
---- a/curl-config.in
-+++ b/curl-config.in
-@@ -147,7 +147,7 @@ while test "$#" -gt 0; do
- else
- CPPFLAG_CURL_STATICLIB=''
- fi
-- if test "X@includedir@" = 'X/usr/include'; then
-+ if test "X@includedir@" = "X@GENTOO_PORTAGE_EPREFIX@/usr/include"; then
- echo "${CPPFLAG_CURL_STATICLIB}"
- else
- echo "${CPPFLAG_CURL_STATICLIB}-I@includedir@"
-@@ -155,7 +155,7 @@ while test "$#" -gt 0; do
- ;;
-
- --libs)
-- if test "X@libdir@" != 'X/usr/lib' -a "X@libdir@" != 'X/usr/lib64'; then
-+ if test "X@libdir@" != "X@GENTOO_PORTAGE_EPREFIX@/usr/lib" -a "X@libdir@" != "X@GENTOO_PORTAGE_EPREFIX@/usr/lib64"; then
- CURLLIBDIR="-L@libdir@ "
- else
- CURLLIBDIR=''
---
-2.47.0
-
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [gentoo-commits] repo/proj/libressl:master commit in: net-misc/curl/, net-misc/curl/files/
@ 2025-09-20 14:48 orbea
0 siblings, 0 replies; 5+ messages in thread
From: orbea @ 2025-09-20 14:48 UTC (permalink / raw
To: gentoo-commits
commit: ba5ca5540401f18eb4f7db4091644148a2624c15
Author: orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Sat Sep 20 14:45:35 2025 +0000
Commit: orbea <orbea <AT> riseup <DOT> net>
CommitDate: Sat Sep 20 14:45:35 2025 +0000
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=ba5ca554
net-misc/curl: drop 8.12.1, 8.13.0-r1
Signed-off-by: orbea <orbea <AT> riseup.net>
net-misc/curl/Manifest | 4 -
net-misc/curl/curl-8.12.1.ebuild | 382 ------------------
net-misc/curl/curl-8.13.0-r1.ebuild | 444 ---------------------
.../files/curl-8.13.0-gssapi-non-ssl-build.patch | 28 --
.../curl-8.13.0-hostip-correct-proxy-name.patch | 46 ---
.../curl-8.13.0-http2-stream-window-size.patch | 143 -------
.../files/curl-8.13.0-httpsrr-target-check.patch | 22 -
net-misc/curl/files/curl-8.13.0-krb5-ftp.patch | 19 -
.../curl-8.13.0-openssl-quic-stream-shutdown.patch | 44 --
net-misc/curl/metadata.xml | 2 -
10 files changed, 1134 deletions(-)
diff --git a/net-misc/curl/Manifest b/net-misc/curl/Manifest
index 4b4076c..7ce5cf5 100644
--- a/net-misc/curl/Manifest
+++ b/net-misc/curl/Manifest
@@ -1,7 +1,3 @@
-DIST curl-8.12.1.tar.xz 2768160 BLAKE2B 2b3e3d91041881c0951ad470736266105d3b9720440b808fe382baa493a30075aba52eb1d329fb1f148e27cd76290d82e121e7f4abf695f215456a10e26ade3e SHA512 88915468fa1bb7256e3dd6c9d058ada6894faa1e3e7800c7d9bfee3e8be4081ae57e7f2bf260c5342b709499fc4302ddc2d7864e25bfa3300fa07f118a3de603
-DIST curl-8.12.1.tar.xz.asc 488 BLAKE2B 2a6563609c9f7ada84ca2c7048ad9406809eef4cc958760d2ab3d1b7be58d26247e579bd025870609e80ebb00295026aae30614b84e3a81bdf3ed3dbd0f5ed70 SHA512 41fc5582935090d13940d86974fdea3ea901dd5dab156c16029a87f811d2535172c59dc8dc366f2ffc37bcf85accbecb5aa765bc7b83c2991a3ef402bf25af69
-DIST curl-8.13.0.tar.xz 2773628 BLAKE2B 6869634ad50f015d5c7526699034d5a3f27d9588bc32eacc8080dbd6c690f63b1f25cee40d3fdf8fd9dd8535c305ea9c5edf1d5a02bc6d9ce60fd8c88230aca0 SHA512 d266e460f162ee455b56726e5b7247b2d1aa5265ae12081513fc0c5c79e785a594097bc71d505dc9bcd2c2f6f1ff6f4bab9dbd9d120bb76d06c5be8521a8ca7d
-DIST curl-8.13.0.tar.xz.asc 488 BLAKE2B bd568ec32a44ef7c14c38e4830bcc7711dac726e950325292f1e5de76e619839685300c5afac32330127324327e71ce0d6e574f6e95bcc4a48957345152bc86a SHA512 07f79c7fd7c305c96e10a5f52797254aed7d2a1f3577c8626b8d617855ceb82634ac6787bfa0b7130a4ed72c3a9945d3c9ba5b7be54df8bafa07ded1c62ef2be
DIST curl-8.14.1.tar.xz 2817248 BLAKE2B 4ce2277d143084823855b714e86047a94d4c52a686b8d16d9ab76c31168f1a74d63dfa7608cff36706a8a0b9bf9cc611a9b99860b176a227bca580cd95e9cff2 SHA512 7f6eae04cc23c50fc41d448aa28dfa59141018009e42c5b1e3f4e0d40c0633460b4e6eec05dfc290f7953671096abfa70a8b5443fccdd3f1be6be32ac10b31d9
DIST curl-8.14.1.tar.xz.asc 488 BLAKE2B f664f526dbffa0a1af2b28f51982445f7d9064b3c3b3e6dd04322003db22da2acde5d493c80204b36a9219d42959543c5a0aee47f2365eb713490ff2fc5f475f SHA512 663b1652bb27338310d1475a8b0422f04e68fca74be11a4b7120de948af4fc0c2b08b75ce5372d657aa89504a27b36b937b5091cb2d932297a7490d5e390d99f
DIST curl-8.15.0.tar.xz 2773156 BLAKE2B ae809be87f34d079413129c27e618a6d15c2bf9087fd7e679cefe9b6d8645f0dd092e8c3e1f62b7bd0dffdd0b77e0bc5ac031ffce4e50060ec20b280618c8e68 SHA512 d27e316d70973906ac4b8d2c280f7e99b7528966aa1220c13a38ed45fca2ed6bbde54b8a9d7bed9e283171b92edb621f7b95162ef7d392e6383b0ee469de3191
diff --git a/net-misc/curl/curl-8.12.1.ebuild b/net-misc/curl/curl-8.12.1.ebuild
deleted file mode 100644
index 0a444ee..0000000
--- a/net-misc/curl/curl-8.12.1.ebuild
+++ /dev/null
@@ -1,382 +0,0 @@
-# Copyright 1999-2025 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-# Maintainers should subscribe to the 'curl-distros' ML for backports etc
-# https://daniel.haxx.se/blog/2024/03/25/curl-distro-report/
-# https://lists.haxx.se/listinfo/curl-distros
-
-VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/danielstenberg.asc
-inherit autotools multilib-minimal multiprocessing prefix toolchain-funcs verify-sig
-
-DESCRIPTION="A Client that groks URLs"
-HOMEPAGE="https://curl.se/"
-
-if [[ ${PV} == 9999 ]]; then
- inherit git-r3
- EGIT_REPO_URI="https://github.com/curl/curl.git"
-else
- SRC_URI="
- https://curl.se/download/${P}.tar.xz
- verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )
- "
- KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
-fi
-
-LICENSE="BSD curl ISC test? ( BSD-4 )"
-SLOT="0"
-IUSE="+adns +alt-svc brotli debug +ftp gnutls gopher +hsts +http2 +http3 idn +imap kerberos ldap mbedtls +openssl +pop3"
-IUSE+=" +psl +progress-meter +quic rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp +websockets zstd"
-# These select the default tls implementation / which quic impl to use
-IUSE+=" curl_quic_openssl +curl_quic_ngtcp2 curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls"
-RESTRICT="!test? ( test )"
-
-# Only one default ssl / quic provider can be enabled
-# The default provider needs its USE satisfied
-# HTTP/3 and MultiSSL are mutually exclusive; it's not clear if MultiSSL offers any benefit at all in the modern day.
-# https://github.com/curl/curl/commit/65ece771f4602107d9cdd339dff4b420280a2c2e
-REQUIRED_USE="
- quic? (
- !curl_quic_openssl
- curl_quic_ngtcp2
- http3
- ssl
- )
- ssl? (
- ^^ (
- curl_ssl_gnutls
- curl_ssl_mbedtls
- curl_ssl_openssl
- curl_ssl_rustls
- )
- )
- curl_quic_openssl? (
- curl_ssl_openssl
- !gnutls
- !mbedtls
- !rustls
- )
- curl_quic_ngtcp2? (
- !mbedtls
- !rustls
- )
- curl_ssl_gnutls? ( gnutls )
- curl_ssl_mbedtls? ( mbedtls )
- curl_ssl_openssl? ( openssl )
- curl_ssl_rustls? ( rustls )
- http3? ( alt-svc quic )
-"
-
-# cURL's docs and CI/CD are great resources for confirming supported versions
-# particulary for fast-moving targets like HTTP/2 and TCP/2 e.g.:
-# - https://github.com/curl/curl/blob/master/docs/INTERNALS.md (core dependencies + minimum versions)
-# - https://github.com/curl/curl/blob/master/docs/HTTP3.md (example of a feature that moves quickly)
-# - https://github.com/curl/curl/blob/master/.github/workflows/http3-linux.yml (CI/CD for TCP/2)
-# However 'supported' vs 'works' are two entirely different things; be sane but
-# don't be afraid to require a later version.
-# ngtcp2 = https://bugs.gentoo.org/912029 - can only build with one tls backend at a time.
-RDEPEND="
- >=sys-libs/zlib-1.1.4[${MULTILIB_USEDEP}]
- adns? ( >=net-dns/c-ares-1.16.0:=[${MULTILIB_USEDEP}] )
- brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
- http2? ( >=net-libs/nghttp2-1.15.0:=[${MULTILIB_USEDEP}] )
- http3? ( >=net-libs/nghttp3-1.1.0[${MULTILIB_USEDEP}] )
- idn? ( >=net-dns/libidn2-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
- kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
- ldap? ( >=net-nds/openldap-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
- psl? ( net-libs/libpsl[${MULTILIB_USEDEP}] )
- quic? (
- curl_quic_openssl? ( >=dev-libs/openssl-3.3.0:=[quic,${MULTILIB_USEDEP}] )
- curl_quic_ngtcp2? ( >=net-libs/ngtcp2-1.2.0[ssl,openssl,${MULTILIB_USEDEP}] )
- )
- rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
- ssh? ( >=net-libs/libssh2-1.0.0[${MULTILIB_USEDEP}] )
- ssl? (
- gnutls? (
- app-misc/ca-certificates
- >=net-libs/gnutls-3.1.10:=[static-libs?,${MULTILIB_USEDEP}]
- dev-libs/nettle:=[${MULTILIB_USEDEP}]
- )
- mbedtls? (
- app-misc/ca-certificates
- net-libs/mbedtls:0=[${MULTILIB_USEDEP}]
- )
- openssl? (
- >=dev-libs/openssl-0.9.7:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
- )
- rustls? (
- >=net-libs/rustls-ffi-0.14.0:=[${MULTILIB_USEDEP}]
- )
- )
- zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )
-"
-
-DEPEND="${RDEPEND}"
-
-BDEPEND="
- dev-lang/perl
- virtual/pkgconfig
- test? (
- sys-apps/diffutils
- http2? ( >=net-libs/nghttp2-1.15.0:=[utils,${MULTILIB_USEDEP}] )
- http3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] )
- )
- verify-sig? ( sec-keys/openpgp-keys-danielstenberg )
-"
-
-DOCS=( README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
-
-MULTILIB_WRAPPED_HEADERS=(
- /usr/include/curl/curlbuild.h
-)
-
-MULTILIB_CHOST_TOOLS=(
- /usr/bin/curl-config
-)
-
-QA_CONFIG_IMPL_DECL_SKIP=(
- __builtin_available
- closesocket
- CloseSocket
- getpass_r
- ioctlsocket
- IoctlSocket
- mach_absolute_time
- setmode
- _fseeki64
- # custom AC_LINK_IFELSE code fails to link even without -Werror
- OSSL_QUIC_client_method
-)
-
-PATCHES=(
- "${FILESDIR}/${PN}-prefix-4.patch"
- "${FILESDIR}/${PN}-respect-cflags-3.patch"
-)
-
-src_prepare() {
- default
-
- eprefixify curl-config.in
- eautoreconf
-}
-
-multilib_src_configure() {
- # We make use of the fact that later flags override earlier ones
- # So start with all ssl providers off until proven otherwise
- # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
- local myconf=()
-
- myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
- if use ssl; then
- myconf+=( --without-gnutls --without-mbedtls --without-rustls )
-
- if use gnutls; then
- multilib_is_native_abi && einfo "SSL provided by gnutls"
- myconf+=( --with-gnutls )
- fi
- if use mbedtls; then
- multilib_is_native_abi && einfo "SSL provided by mbedtls"
- myconf+=( --with-mbedtls )
- fi
- if use openssl; then
- multilib_is_native_abi && einfo "SSL provided by openssl"
- myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
- fi
- if use rustls; then
- multilib_is_native_abi && einfo "SSL provided by rustls"
- myconf+=( --with-rustls )
- fi
- if use curl_ssl_gnutls; then
- multilib_is_native_abi && einfo "Default SSL provided by gnutls"
- myconf+=( --with-default-ssl-backend=gnutls )
- elif use curl_ssl_mbedtls; then
- multilib_is_native_abi && einfo "Default SSL provided by mbedtls"
- myconf+=( --with-default-ssl-backend=mbedtls )
- elif use curl_ssl_openssl; then
- multilib_is_native_abi && einfo "Default SSL provided by openssl"
- myconf+=( --with-default-ssl-backend=openssl )
- elif use curl_ssl_rustls; then
- multilib_is_native_abi && einfo "Default SSL provided by rustls"
- myconf+=( --with-default-ssl-backend=rustls )
- else
- eerror "We can't be here because of REQUIRED_USE."
- die "Please file a bug, hit impossible condition w/ USE=ssl handling."
- fi
-
- else
- myconf+=( --without-ssl )
- einfo "SSL disabled"
- fi
-
- # These configuration options are organized alphabetically
- # within each category. This should make it easier if we
- # ever decide to make any of them contingent on USE flags:
- # 1) protocols first. To see them all do
- # 'grep SUPPORT_PROTOCOLS configure.ac'
- # 2) --enable/disable options second.
- # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
- # 3) --with/without options third.
- # grep -- --with configure | grep Check | awk '{ print $4 }' | sort
-
- myconf+=(
- $(use_enable alt-svc)
- --enable-basic-auth
- --enable-bearer-auth
- --enable-digest-auth
- --enable-kerberos-auth
- --enable-negotiate-auth
- --enable-aws
- --enable-dict
- --disable-ech
- --enable-file
- $(use_enable ftp)
- $(use_enable gopher)
- $(use_enable hsts)
- --enable-http
- $(use_enable imap)
- $(use_enable ldap)
- $(use_enable ldap ldaps)
- --enable-ntlm
- $(use_enable pop3)
- --enable-rt
- --enable-rtsp
- $(use_enable samba smb)
- $(use_with ssh libssh2)
- $(use_enable smtp)
- $(use_enable telnet)
- $(use_enable tftp)
- --enable-tls-srp
- $(use_enable adns ares)
- --enable-cookies
- --enable-dateparse
- --enable-dnsshuffle
- --enable-doh
- --enable-symbol-hiding
- --enable-http-auth
- --enable-ipv6
- --enable-largefile
- --enable-manual
- --enable-mime
- --enable-netrc
- $(use_enable progress-meter)
- --enable-proxy
- --enable-socketpair
- --disable-sspi
- $(use_enable static-libs static)
- --disable-versioned-symbols
- --without-amissl
- --without-bearssl
- $(use_with brotli)
- --with-fish-functions-dir="${EPREFIX}"/usr/share/fish/vendor_completions.d
- $(use_with http2 nghttp2)
- $(use_with idn libidn2)
- $(use_with kerberos gssapi "${EPREFIX}"/usr)
- --without-libgsasl
- $(use_with psl libpsl)
- --without-msh3
- $(use_with http3 nghttp3)
- $(use_with curl_quic_ngtcp2 ngtcp2)
- $(use_with curl_quic_openssl openssl-quic)
- --without-quiche
- $(use_with rtmp librtmp)
- --without-schannel
- --without-secure-transport
- --without-test-caddy
- --without-test-httpd
- --without-test-nghttpx
- $(use_enable websockets)
- --without-winidn
- --without-wolfssl
- --with-zlib
- $(use_with zstd)
- --with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions
- )
-
- if use debug; then
- myconf+=(
- --enable-debug
- )
- fi
-
- if use test && multilib_is_native_abi && ( use http2 || use http3 ); then
- myconf+=(
- --with-test-nghttpx="${BROOT}/usr/bin/nghttpx"
- )
- fi
-
- # Since 8.12.0 adns/c-ares and the threaded resolver are mutually exclusive
- # This is in support of some work to enable `httpsrr` to use adns and the rest
- # of curl to use the threaded resolver; we'll just make `httpsrr` conditional on adns
- # when the time comes.
- if use adns; then
- myconf+=(
- --disable-threaded-resolver
- )
- else
- myconf+=(
- --enable-threaded-resolver
- )
- fi
-
- ECONF_SOURCE="${S}" econf "${myconf[@]}"
-
- if ! multilib_is_native_abi; then
- # Avoid building the client (we just want libcurl for multilib)
- sed -i -e '/SUBDIRS/s:src::' Makefile || die
- sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
- fi
-
-}
-
-multilib_src_compile() {
- default
-
- if multilib_is_native_abi; then
- # Shell completions
- ! tc-is-cross-compiler && emake -C scripts
- fi
-}
-
-# There is also a pytest harness that tests for bugs in some very specific
-# situations; we can rely on upstream for this rather than adding additional test deps.
-multilib_src_test() {
- # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
- # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
- # -v: verbose
- # -a: keep going on failure (so we see everything that breaks, not just 1st test)
- # -k: keep test files after completion
- # -am: automake style TAP output
- # -p: print logs if test fails
- # Note: if needed, we can skip specific tests. See e.g. Fedora's packaging
- # or just read https://github.com/curl/curl/tree/master/tests#run.
- # Note: we don't run the testsuite for cross-compilation.
- # Upstream recommend 7*nproc as a starting point for parallel tests, but
- # this ends up breaking when nproc is huge (like -j80).
- # The network sandbox causes tests 241 and 1083 to fail; these are typically skipped
- # as most gentoo users don't have an 'ip6-localhost'
- multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p -j$((2*$(makeopts_jobs))) !241 !1083"
-}
-
-multilib_src_install() {
- emake DESTDIR="${D}" install
-
- if multilib_is_native_abi; then
- # Shell completions
- ! tc-is-cross-compiler && emake -C scripts DESTDIR="${D}" install
- fi
-}
-
-multilib_src_install_all() {
- einstalldocs
- find "${ED}" -type f -name '*.la' -delete || die
- rm -rf "${ED}"/etc/ || die
-}
-
-pkg_postinst() {
- if use debug; then
- ewarn "USE=debug has been selected, enabling debug codepaths and making cURL extra verbose."
- ewarn "Use this _only_ for testing. Debug builds should _not_ be used in anger."
- ewarn "hic sunt dracones; you have been warned."
- fi
-}
diff --git a/net-misc/curl/curl-8.13.0-r1.ebuild b/net-misc/curl/curl-8.13.0-r1.ebuild
deleted file mode 100644
index cd1fae0..0000000
--- a/net-misc/curl/curl-8.13.0-r1.ebuild
+++ /dev/null
@@ -1,444 +0,0 @@
-# Copyright 1999-2025 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-# Maintainers should subscribe to the 'curl-distros' ML for backports etc
-# https://daniel.haxx.se/blog/2024/03/25/curl-distro-report/
-# https://lists.haxx.se/listinfo/curl-distros
-
-VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/danielstenberg.asc
-inherit autotools multilib-minimal multiprocessing prefix toolchain-funcs verify-sig
-
-DESCRIPTION="A Client that groks URLs"
-HOMEPAGE="https://curl.se/"
-
-if [[ ${PV} == 9999 ]]; then
- inherit git-r3
- EGIT_REPO_URI="https://github.com/curl/curl.git"
-else
- if [[ ${P} == *rc* ]]; then
- CURL_URI="https://curl.se/rc/"
- S="${WORKDIR}/${P//_/-}"
- else
- CURL_URI="https://curl.se/download/"
- KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
- fi
- SRC_URI="
- ${CURL_URI}${P//_/-}.tar.xz
- verify-sig? ( ${CURL_URI}${P//_/-}.tar.xz.asc )
- "
-fi
-
-LICENSE="BSD curl ISC test? ( BSD-4 )"
-SLOT="0"
-IUSE="+adns +alt-svc brotli debug ech +ftp gnutls gopher +hsts +http2 +http3 +httpsrr idn +imap kerberos ldap"
-IUSE+=" mbedtls +openssl +pop3 +psl +quic rtmp rustls samba sasl-scram +smtp ssh ssl static-libs test"
-IUSE+=" telnet +tftp +websockets zstd"
-# These select the default tls implementation / which quic impl to use
-IUSE+=" curl_quic_openssl +curl_quic_ngtcp2 curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls"
-RESTRICT="!test? ( test )"
-
-# HTTPS RR is technically usable with the threaded resolver, but it still uses c-ares to
-# ask for the HTTPS RR record type; if DoH is in use the HTTPS record will be requested
-# in addition to A and AAAA records.
-
-# To simplify dependency management in the ebuild we'll require c-ares for HTTPS RR (for now?).
-# HTTPS RR in cURL is a dependency for:
-# - ECH (requires patched openssl or gnutls currently, enabled with rustls)
-# - Fetching the ALPN list which should provide a better HTTP/3 experience.
-
-# Only one default ssl / quic provider can be enabled
-# The default provider needs its USE satisfied
-# HTTP/3 and MultiSSL are mutually exclusive; it's not clear if MultiSSL offers any benefit at all in the modern day.
-# https://github.com/curl/curl/commit/65ece771f4602107d9cdd339dff4b420280a2c2e
-REQUIRED_USE="
- ech? ( rustls )
- httpsrr? ( adns )
- quic? (
- !curl_quic_openssl
- curl_quic_ngtcp2
- http3
- ssl
- )
- ssl? (
- ^^ (
- curl_ssl_gnutls
- curl_ssl_mbedtls
- curl_ssl_openssl
- curl_ssl_rustls
- )
- )
- curl_quic_openssl? (
- curl_ssl_openssl
- !gnutls
- !mbedtls
- !rustls
- )
- curl_quic_ngtcp2? (
- !mbedtls
- !rustls
- )
- curl_ssl_gnutls? ( gnutls )
- curl_ssl_mbedtls? ( mbedtls )
- curl_ssl_openssl? ( openssl )
- curl_ssl_rustls? ( rustls )
- http3? ( alt-svc httpsrr quic )
-"
-
-# cURL's docs and CI/CD are great resources for confirming supported versions
-# particulary for fast-moving targets like HTTP/2 and TCP/2 e.g.:
-# - https://github.com/curl/curl/blob/master/docs/INTERNALS.md (core dependencies + minimum versions)
-# - https://github.com/curl/curl/blob/master/docs/HTTP3.md (example of a feature that moves quickly)
-# - https://github.com/curl/curl/blob/master/.github/workflows/http3-linux.yml (CI/CD for TCP/2)
-# However 'supported' vs 'works' are two entirely different things; be sane but
-# don't be afraid to require a later version.
-# ngtcp2 = https://bugs.gentoo.org/912029 - can only build with one tls backend at a time.
-RDEPEND="
- >=sys-libs/zlib-1.2.5[${MULTILIB_USEDEP}]
- adns? ( >=net-dns/c-ares-1.16.0:=[${MULTILIB_USEDEP}] )
- brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
- http2? ( >=net-libs/nghttp2-1.15.0:=[${MULTILIB_USEDEP}] )
- http3? ( >=net-libs/nghttp3-1.1.0[${MULTILIB_USEDEP}] )
- idn? ( >=net-dns/libidn2-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
- kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
- ldap? ( >=net-nds/openldap-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
- psl? ( net-libs/libpsl[${MULTILIB_USEDEP}] )
- quic? (
- curl_quic_openssl? ( >=dev-libs/openssl-3.3.0:=[quic,${MULTILIB_USEDEP}] )
- curl_quic_ngtcp2? ( >=net-libs/ngtcp2-1.2.0[ssl,openssl,${MULTILIB_USEDEP}] )
- )
- rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
- ssh? ( >=net-libs/libssh2-1.2.8[${MULTILIB_USEDEP}] )
- sasl-scram? ( >=net-misc/gsasl-2.2.0[static-libs?,${MULTILIB_USEDEP}] )
- ssl? (
- gnutls? (
- app-misc/ca-certificates
- >=net-libs/gnutls-3.1.10:=[static-libs?,${MULTILIB_USEDEP}]
- dev-libs/nettle:=[${MULTILIB_USEDEP}]
- )
- mbedtls? (
- app-misc/ca-certificates
- net-libs/mbedtls:0=[${MULTILIB_USEDEP}]
- )
- openssl? (
- >=dev-libs/openssl-1.0.2:=[static-libs?,${MULTILIB_USEDEP}]
- )
- rustls? (
- >=net-libs/rustls-ffi-0.15.0:=[${MULTILIB_USEDEP}]
- )
- )
- zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )
-"
-
-DEPEND="${RDEPEND}"
-
-BDEPEND="
- dev-lang/perl
- virtual/pkgconfig
- test? (
- sys-apps/diffutils
- http2? ( >=net-libs/nghttp2-1.15.0:=[utils,${MULTILIB_USEDEP}] )
- http3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] )
- )
- verify-sig? ( sec-keys/openpgp-keys-danielstenberg )
-"
-
-DOCS=( README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
-
-MULTILIB_WRAPPED_HEADERS=(
- /usr/include/curl/curlbuild.h
-)
-
-MULTILIB_CHOST_TOOLS=(
- /usr/bin/curl-config
-)
-
-QA_CONFIG_IMPL_DECL_SKIP=(
- __builtin_available
- closesocket
- CloseSocket
- getpass_r
- ioctlsocket
- IoctlSocket
- mach_absolute_time
- setmode
- _fseeki64
- # custom AC_LINK_IFELSE code fails to link even without -Werror
- OSSL_QUIC_client_method
-)
-
-PATCHES=(
- "${FILESDIR}/${PN}-prefix-4.patch"
- "${FILESDIR}/${PN}-respect-cflags-3.patch"
- "${FILESDIR}/${P}-gssapi-non-ssl-build.patch"
- "${FILESDIR}/${P}-hostip-correct-proxy-name.patch"
- "${FILESDIR}/${P}-http2-stream-window-size.patch"
- "${FILESDIR}/${P}-httpsrr-target-check.patch"
- "${FILESDIR}/${P}-krb5-ftp.patch"
- "${FILESDIR}/${P}-openssl-quic-stream-shutdown.patch"
-)
-
-src_prepare() {
- default
-
- eprefixify curl-config.in
- eautoreconf
-}
-
-# Generates TLS-related configure options based on USE flags.
-# Outputs options suitable for appending to a configure options array.
-_get_curl_tls_configure_opts() {
- local tls_opts=()
-
- local backend flag_name
- for backend in gnutls mbedtls openssl rustls; do
- if [[ "$backend" == "openssl" ]]; then
- flag_name="ssl"
- tls_opts+=( "--with-ca-path=${EPREFIX}/etc/ssl/certs")
- else
- flag_name="$backend"
- fi
-
- if use "$backend"; then
- tls_opts+=( "--with-${flag_name}" )
- else
- # If a single backend is enabled, 'ssl' is required, openssl is the default / fallback
- if ! [[ "$backend" == "openssl" ]]; then
- tls_opts+=( "--without-${flag_name}" )
- fi
- fi
- done
-
- if use curl_ssl_gnutls; then
- multilib_is_native_abi && einfo "Default TLS backend: gnutls"
- tls_opts+=( "--with-default-ssl-backend=gnutls" )
- elif use curl_ssl_mbedtls; then
- multilib_is_native_abi && einfo "Default TLS backend: mbedtls"
- tls_opts+=( "--with-default-ssl-backend=mbedtls" )
- elif use curl_ssl_openssl; then
- multilib_is_native_abi && einfo "Default TLS backend: openssl"
- tls_opts+=( "--with-default-ssl-backend=openssl" )
- elif use curl_ssl_rustls; then
- multilib_is_native_abi && einfo "Default TLS backend: rustls"
- tls_opts+=( "--with-default-ssl-backend=rustls" )
- else
- eerror "We can't be here because of REQUIRED_USE."
- die "Please file a bug, hit impossible condition w/ USE=ssl handling."
- fi
-
- # Explicitly Disable unimplemented b
- tls_opts+=(
- --without-amissl
- --without-bearssl
- --without-wolfssl
- )
-
- printf "%s\n" "${tls_opts[@]}"
-}
-
-multilib_src_configure() {
- # We make use of the fact that later flags override earlier ones
- # So start with all ssl providers off until proven otherwise
- # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
- local myconf=()
-
- myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
- if use ssl; then
- local -a tls_backend_opts
- readarray -t tls_backend_opts < <(_get_curl_tls_configure_opts)
- myconf+=("${tls_backend_opts[@]}")
- if use quic; then
- myconf+=(
- $(use_with curl_quic_ngtcp2 ngtcp2)
- $(use_with curl_quic_openssl openssl-quic)
- )
- else
- # Without a REQUIRED_USE to ensure that QUIC was requested when at least one default backend is
- # enabled we need ensure that we don't try to build QUIC support
- myconf+=( --without-ngtcp2 --without-openssl-quic )
- fi
- else
- myconf+=( --without-ssl )
- einfo "SSL disabled"
- fi
-
- # These configuration options are organised alphabetically by category/type
-
- # Protocols
- # `grep SUPPORT_PROTOCOLS=\" configure.ac | awk '{ print substr($2, 1, length($2)-1)}' | sort`
- # Assume that anything omitted (that is not new!) is enabled by default with no deps
- myconf+=(
- --enable-file
- $(use_enable ftp)
- $(use_enable gopher)
- --enable-http
- $(use_enable imap) # Automatic IMAPS if TLS is enabled
- $(use_enable ldap ldaps)
- $(use_enable ldap)
- $(use_enable pop3)
- $(use_enable samba smb)
- $(use_with ssh libssh2) # enables scp/sftp
- $(use_with rtmp librtmp)
- --enable-rtsp
- $(use_enable smtp)
- $(use_enable telnet)
- $(use_enable tftp)
- $(use_enable websockets)
- )
-
- # Keep various 'HTTP-flavoured' options together
- myconf+=(
- $(use_enable alt-svc)
- $(use_enable hsts)
- $(use_enable httpsrr)
- $(use_with http2 nghttp2)
- $(use_with http3 nghttp3)
- )
-
- # --enable/disable options
- # `grep -- --enable configure | grep Check | awk '{ print $4 }' | sort`
- myconf+=(
- $(use_enable adns ares)
- --enable-aws
- --enable-basic-auth
- --enable-bearer-auth
- --enable-cookies
- --enable-dateparse
- --enable-dict
- --enable-digest-auth
- --enable-dnsshuffle
- --enable-doh
- $(use_enable ech)
- --enable-http-auth
- --enable-ipv6
- --enable-kerberos-auth
- --enable-largefile
- --enable-manual
- --enable-mime
- --enable-negotiate-auth
- --enable-netrc
- --enable-ntlm
- --enable-progress-meter
- --enable-proxy
- --enable-rt
- --enable-socketpair
- --disable-sspi
- $(use_enable static-libs static)
- --enable-symbol-hiding
- --enable-tls-srp
- --disable-versioned-symbols
- )
-
- # --with/without options
- # `grep -- --with configure | grep Check | awk '{ print $4 }' | sort`
- myconf+=(
- $(use_with brotli)
- --with-fish-functions-dir="${EPREFIX}"/usr/share/fish/vendor_completions.d
- $(use_with idn libidn2)
- $(use_with kerberos gssapi "${EPREFIX}"/usr)
- $(use_with sasl-scram libgsasl)
- $(use_with psl libpsl)
- --without-msh3
- --without-quiche
- --without-schannel
- --without-secure-transport
- --without-winidn
- --with-zlib
- --with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions
- $(use_with zstd)
- )
-
- # Test deps (disabled)
- myconf+=(
- --without-test-caddy
- --without-test-httpd
- --without-test-nghttpx
- )
-
- if use debug; then
- myconf+=(
- --enable-debug
- )
- fi
-
- if use test && multilib_is_native_abi && ( use http2 || use http3 ); then
- myconf+=(
- --with-test-nghttpx="${BROOT}/usr/bin/nghttpx"
- )
- fi
-
- # Since 8.12.0 adns/c-ares and the threaded resolver are mutually exclusive
- # This is in support of some work to enable `httpsrr` to use adns and the rest
- # of curl to use the threaded resolver; for us `httpsrr` is conditional on adns.
- if use adns; then
- myconf+=(
- --disable-threaded-resolver
- )
- else
- myconf+=(
- --enable-threaded-resolver
- )
- fi
-
- ECONF_SOURCE="${S}" econf "${myconf[@]}"
-
- if ! multilib_is_native_abi; then
- # Avoid building the client (we just want libcurl for multilib)
- sed -i -e '/SUBDIRS/s:src::' Makefile || die
- sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
- fi
-
-}
-
-multilib_src_compile() {
- default
-
- if multilib_is_native_abi; then
- # Shell completions
- ! tc-is-cross-compiler && emake -C scripts
- fi
-}
-
-# There is also a pytest harness that tests for bugs in some very specific
-# situations; we can rely on upstream for this rather than adding additional test deps.
-multilib_src_test() {
- # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
- # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
- # -v: verbose
- # -a: keep going on failure (so we see everything that breaks, not just 1st test)
- # -k: keep test files after completion
- # -am: automake style TAP output
- # -p: print logs if test fails
- # Note: if needed, we can skip specific tests. See e.g. Fedora's packaging
- # or just read https://github.com/curl/curl/tree/master/tests#run.
- # Note: we don't run the testsuite for cross-compilation.
- # Upstream recommend 7*nproc as a starting point for parallel tests, but
- # this ends up breaking when nproc is huge (like -j80).
- # The network sandbox causes tests 241 and 1083 to fail; these are typically skipped
- # as most gentoo users don't have an 'ip6-localhost'
- multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p -j$((2*$(makeopts_jobs))) !241 !1083"
-}
-
-multilib_src_install() {
- emake DESTDIR="${D}" install
-
- if multilib_is_native_abi; then
- # Shell completions
- ! tc-is-cross-compiler && emake -C scripts DESTDIR="${D}" install
- fi
-}
-
-multilib_src_install_all() {
- einstalldocs
- find "${ED}" -type f -name '*.la' -delete || die
- rm -rf "${ED}"/etc/ || die
-}
-
-pkg_postinst() {
- if use debug; then
- ewarn "USE=debug has been selected, enabling debug codepaths and making cURL extra verbose."
- ewarn "Use this _only_ for testing. Debug builds should _not_ be used in anger."
- ewarn "hic sunt dracones; you have been warned."
- fi
-}
diff --git a/net-misc/curl/files/curl-8.13.0-gssapi-non-ssl-build.patch b/net-misc/curl/files/curl-8.13.0-gssapi-non-ssl-build.patch
deleted file mode 100644
index cd9bde1..0000000
--- a/net-misc/curl/files/curl-8.13.0-gssapi-non-ssl-build.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-https://github.com/curl/curl/commit/fe5f435b42a6c928b57c61db5d57f96b5c5a39be
-From: Andrew <akirillo@uk.ibm.com>
-Date: Wed, 2 Apr 2025 13:45:21 +0100
-Subject: [PATCH] http_negotiate: fix non-SSL build with GSSAPI
-
-Fixes #16919
-Closes #16921
---- a/lib/http_negotiate.c
-+++ b/lib/http_negotiate.c
-@@ -110,8 +110,8 @@ CURLcode Curl_input_negotiate(struct Curl_easy *data, struct connectdata *conn,
- #endif
- /* Check if the connection is using SSL and get the channel binding data */
- #ifdef HAVE_GSSAPI
-- Curl_dyn_init(&neg_ctx->channel_binding_data, SSL_CB_MAX_SIZE + 1);
- #ifdef USE_SSL
-+ Curl_dyn_init(&neg_ctx->channel_binding_data, SSL_CB_MAX_SIZE + 1);
- if(Curl_conn_is_ssl(conn, FIRSTSOCKET)) {
- result = Curl_ssl_get_channel_binding(
- data, FIRSTSOCKET, &neg_ctx->channel_binding_data);
-@@ -120,6 +120,8 @@ CURLcode Curl_input_negotiate(struct Curl_easy *data, struct connectdata *conn,
- return result;
- }
- }
-+#else
-+ Curl_dyn_init(&neg_ctx->channel_binding_data, 1);
- #endif /* USE_SSL */
- #endif /* HAVE_GSSAPI */
-
diff --git a/net-misc/curl/files/curl-8.13.0-hostip-correct-proxy-name.patch b/net-misc/curl/files/curl-8.13.0-hostip-correct-proxy-name.patch
deleted file mode 100644
index 18965c9..0000000
--- a/net-misc/curl/files/curl-8.13.0-hostip-correct-proxy-name.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-https://github.com/curl/curl/commit/db3e7a24b5339860fb91cf0d932e8ae13a01e472
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Fri, 4 Apr 2025 12:34:09 +0200
-Subject: [PATCH] hostip: show the correct name on proxy resolve error
-
-Regression, probably from 8ded8e5f3f4b6586399 (#16451)
-
-Fixes #16958
-Reported-by: Jean-Christophe Amiel
-Closes #16961
---- a/lib/hostip.c
-+++ b/lib/hostip.c
-@@ -1494,25 +1494,21 @@ CURLcode Curl_once_resolved(struct Curl_easy *data, bool *protocol_done)
- #ifdef USE_CURL_ASYNC
- CURLcode Curl_resolver_error(struct Curl_easy *data)
- {
-- const char *host_or_proxy;
-- CURLcode result;
-+ struct connectdata *conn = data->conn;
-+ const char *host_or_proxy = "host";
-+ const char *name = conn->host.dispname;
-+ CURLcode result = CURLE_COULDNT_RESOLVE_HOST;
-
- #ifndef CURL_DISABLE_PROXY
-- struct connectdata *conn = data->conn;
-- if(conn->bits.httpproxy) {
-+ if(conn->bits.proxy) {
- host_or_proxy = "proxy";
- result = CURLE_COULDNT_RESOLVE_PROXY;
-+ name = conn->socks_proxy.host.name ? conn->socks_proxy.host.dispname :
-+ conn->http_proxy.host.dispname;
- }
-- else
- #endif
-- {
-- host_or_proxy = "host";
-- result = CURLE_COULDNT_RESOLVE_HOST;
-- }
--
-- failf(data, "Could not resolve %s: %s", host_or_proxy,
-- data->conn->host.dispname);
-
-+ failf(data, "Could not resolve %s: %s", host_or_proxy, name);
- return result;
- }
- #endif /* USE_CURL_ASYNC */
diff --git a/net-misc/curl/files/curl-8.13.0-http2-stream-window-size.patch b/net-misc/curl/files/curl-8.13.0-http2-stream-window-size.patch
deleted file mode 100644
index f16c137..0000000
--- a/net-misc/curl/files/curl-8.13.0-http2-stream-window-size.patch
+++ /dev/null
@@ -1,143 +0,0 @@
-https://github.com/curl/curl/commit/5fbd78eb2dc4afbd8884e8eed27147fc3d4318f6
-From: Stefan Eissing <stefan@eissing.org>
-Date: Fri, 4 Apr 2025 10:43:13 +0200
-Subject: [PATCH] http2: fix stream window size after unpausing
-
-When pausing a HTTP/2 transfer, the stream's local window size
-is reduced to 0 to prevent the server from sending further data
-which curl cannot write out to the application.
-
-When unpausing again, the stream's window size was not correctly
-increased again. The attempt to trigger a window update was
-ignored by nghttp2, the server never received it and the transfer
-stalled.
-
-Add a debug feature to allow use of small window sizes which
-reproduces this bug in test_02_21.
-
-Fixes #16955
-Closes #16960
---- a/docs/libcurl/libcurl-env-dbg.md
-+++ b/docs/libcurl/libcurl-env-dbg.md
-@@ -147,3 +147,8 @@ Make a blocking, graceful shutdown of all remaining connections when
- a multi handle is destroyed. This implicitly triggers for easy handles
- that are run via easy_perform. The value of the environment variable
- gives the shutdown timeout in milliseconds.
-+
-+## `CURL_H2_STREAM_WIN_MAX`
-+
-+Set to a positive 32-bit number to override the HTTP/2 stream window's
-+default of 10MB. Used in testing to verify correct window update handling.
---- a/lib/http2.c
-+++ b/lib/http2.c
-@@ -44,6 +44,7 @@
- #include "connect.h"
- #include "rand.h"
- #include "strdup.h"
-+#include "strparse.h"
- #include "transfer.h"
- #include "dynbuf.h"
- #include "headers.h"
-@@ -141,6 +142,9 @@ struct cf_h2_ctx {
- uint32_t goaway_error; /* goaway error code from server */
- int32_t remote_max_sid; /* max id processed by server */
- int32_t local_max_sid; /* max id processed by us */
-+#ifdef DEBUGBUILD
-+ int32_t stream_win_max; /* max h2 stream window size */
-+#endif
- BIT(initialized);
- BIT(via_h1_upgrade);
- BIT(conn_closed);
-@@ -166,6 +170,18 @@ static void cf_h2_ctx_init(struct cf_h2_ctx *ctx, bool via_h1_upgrade)
- Curl_hash_offt_init(&ctx->streams, 63, h2_stream_hash_free);
- ctx->remote_max_sid = 2147483647;
- ctx->via_h1_upgrade = via_h1_upgrade;
-+#ifdef DEBUGBUILD
-+ {
-+ const char *p = getenv("CURL_H2_STREAM_WIN_MAX");
-+
-+ ctx->stream_win_max = H2_STREAM_WINDOW_SIZE_MAX;
-+ if(p) {
-+ curl_off_t l;
-+ if(!Curl_str_number(&p, &l, INT_MAX))
-+ ctx->stream_win_max = (int32_t)l;
-+ }
-+ }
-+#endif
- ctx->initialized = TRUE;
- }
-
-@@ -285,7 +301,15 @@ static int32_t cf_h2_get_desired_local_win(struct Curl_cfilter *cf,
- * This gets less precise the higher the latency. */
- return (int32_t)data->set.max_recv_speed;
- }
-+#ifdef DEBUGBUILD
-+ else {
-+ struct cf_h2_ctx *ctx = cf->ctx;
-+ CURL_TRC_CF(data, cf, "stream_win_max=%d", ctx->stream_win_max);
-+ return ctx->stream_win_max;
-+ }
-+#else
- return H2_STREAM_WINDOW_SIZE_MAX;
-+#endif
- }
-
- static CURLcode cf_h2_update_local_win(struct Curl_cfilter *cf,
-@@ -302,6 +326,13 @@ static CURLcode cf_h2_update_local_win(struct Curl_cfilter *cf,
- int32_t wsize = nghttp2_session_get_stream_effective_local_window_size(
- ctx->h2, stream->id);
- if(dwsize > wsize) {
-+ rv = nghttp2_session_set_local_window_size(ctx->h2, NGHTTP2_FLAG_NONE,
-+ stream->id, dwsize);
-+ if(rv) {
-+ failf(data, "[%d] nghttp2 set_local_window_size(%d) failed: "
-+ "%s(%d)", stream->id, dwsize, nghttp2_strerror(rv), rv);
-+ return CURLE_HTTP2;
-+ }
- rv = nghttp2_submit_window_update(ctx->h2, NGHTTP2_FLAG_NONE,
- stream->id, dwsize - wsize);
- if(rv) {
---- a/tests/http/test_02_download.py
-+++ b/tests/http/test_02_download.py
-@@ -313,9 +313,9 @@ def test_02_20_h2_small_frames(self, env: Env, httpd):
- assert httpd.stop()
- assert httpd.start()
-
-- # download via lib client, 1 at a time, pause/resume at different offsets
-+ # download serial via lib client, pause/resume at different offsets
- @pytest.mark.parametrize("pause_offset", [0, 10*1024, 100*1023, 640000])
-- @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])
-+ @pytest.mark.parametrize("proto", ['http/1.1', 'h3'])
- def test_02_21_lib_serial(self, env: Env, httpd, nghttpx, proto, pause_offset):
- if proto == 'h3' and not env.have_h3():
- pytest.skip("h3 not supported")
-@@ -332,6 +332,29 @@ def test_02_21_lib_serial(self, env: Env, httpd, nghttpx, proto, pause_offset):
- srcfile = os.path.join(httpd.docs_dir, docname)
- self.check_downloads(client, srcfile, count)
-
-+ # h2 download parallel via lib client, pause/resume at different offsets
-+ # debug-override stream window size to reproduce #16955
-+ @pytest.mark.parametrize("pause_offset", [0, 10*1024, 100*1023, 640000])
-+ @pytest.mark.parametrize("swin_max", [0, 10*1024])
-+ def test_02_21_h2_lib_serial(self, env: Env, httpd, pause_offset, swin_max):
-+ proto = 'h2'
-+ count = 2
-+ docname = 'data-10m'
-+ url = f'https://localhost:{env.https_port}/{docname}'
-+ run_env = os.environ.copy()
-+ run_env['CURL_DEBUG'] = 'multi,http/2'
-+ if swin_max > 0:
-+ run_env['CURL_H2_STREAM_WIN_MAX'] = f'{swin_max}'
-+ client = LocalClient(name='hx-download', env=env, run_env=run_env)
-+ if not client.exists():
-+ pytest.skip(f'example client not built: {client.name}')
-+ r = client.run(args=[
-+ '-n', f'{count}', '-P', f'{pause_offset}', '-V', proto, url
-+ ])
-+ r.check_exit_code(0)
-+ srcfile = os.path.join(httpd.docs_dir, docname)
-+ self.check_downloads(client, srcfile, count)
-+
- # download via lib client, several at a time, pause/resume
- @pytest.mark.parametrize("pause_offset", [100*1023])
- @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])
diff --git a/net-misc/curl/files/curl-8.13.0-httpsrr-target-check.patch b/net-misc/curl/files/curl-8.13.0-httpsrr-target-check.patch
deleted file mode 100644
index 880a676..0000000
--- a/net-misc/curl/files/curl-8.13.0-httpsrr-target-check.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-https://github.com/curl/curl/commit/4f3c22d77d752fea6ff9ab2706f70d58882ea466
-From: Stefan Eissing <stefan@eissing.org>
-Date: Fri, 4 Apr 2025 18:10:28 +0200
-Subject: [PATCH] https-connect, fix httpsrr target check
-
-The HTTPSRR check on the record's target was not working as it used the
-wrong index on the NUL byte if the target was not NULL.
-
-Fixes #16966
-Reported-by: Pavel Kropachev
-Closes #16968
---- a/lib/cf-https-connect.c
-+++ b/lib/cf-https-connect.c
-@@ -673,7 +673,7 @@ CURLcode Curl_cf_https_setup(struct Curl_easy *data,
- (!conn->dns_entry->hinfo->target || /* for same host */
- !conn->dns_entry->hinfo->target[0] ||
- (conn->dns_entry->hinfo->target[0] == '.' &&
-- !conn->dns_entry->hinfo->target[0])) &&
-+ !conn->dns_entry->hinfo->target[1])) &&
- (conn->dns_entry->hinfo->port < 0 || /* for same port */
- conn->dns_entry->hinfo->port == conn->remote_port)) {
- size_t i;
diff --git a/net-misc/curl/files/curl-8.13.0-krb5-ftp.patch b/net-misc/curl/files/curl-8.13.0-krb5-ftp.patch
deleted file mode 100644
index 5d59ed9..0000000
--- a/net-misc/curl/files/curl-8.13.0-krb5-ftp.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-https://github.com/curl/curl/commit/5caba3bd97a14b64d906ece77bc0e2b339161a1f
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Thu, 3 Apr 2025 08:49:20 +0200
-Subject: [PATCH] curl_krb5: only use functions if FTP is still enabled
-
-Reported-by: x1sc0 on github
-Fixes #16925
-Closes #16931
---- a/lib/curl_krb5.h
-+++ b/lib/curl_krb5.h
-@@ -39,7 +39,7 @@ struct Curl_sec_client_mech {
- #define AUTH_CONTINUE 1
- #define AUTH_ERROR 2
-
--#ifdef HAVE_GSSAPI
-+#if defined(HAVE_GSSAPI) && !defined(CURL_DISABLE_FTP)
- void Curl_sec_conn_init(struct connectdata *);
- void Curl_sec_conn_destroy(struct connectdata *);
- int Curl_sec_read_msg(struct Curl_easy *data, struct connectdata *conn, char *,
diff --git a/net-misc/curl/files/curl-8.13.0-openssl-quic-stream-shutdown.patch b/net-misc/curl/files/curl-8.13.0-openssl-quic-stream-shutdown.patch
deleted file mode 100644
index acb8fa9..0000000
--- a/net-misc/curl/files/curl-8.13.0-openssl-quic-stream-shutdown.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-https://github.com/curl/curl/commit/219302b4e64e2337c50d86056e9af2103b281e7e
-From: Stefan Eissing <stefan@eissing.org>
-Date: Wed, 9 Apr 2025 11:01:54 +0200
-Subject: [PATCH] openssl-quic: fix shutdown when stream not open
-
-Check that h3 stream had been opened before telling nghttp3 to
-shut it down.
-
-Fixes #16998
-Reported-by: Demi Marie Obenour
-Closes #17003
---- a/lib/vquic/curl_osslq.c
-+++ b/lib/vquic/curl_osslq.c
-@@ -654,7 +654,7 @@ static void h3_data_done(struct Curl_cfilter *cf, struct Curl_easy *data)
- if(stream) {
- CURL_TRC_CF(data, cf, "[%"FMT_PRId64"] easy handle is done",
- stream->s.id);
-- if(ctx->h3.conn && !stream->closed) {
-+ if(ctx->h3.conn && (stream->s.id >= 0) && !stream->closed) {
- nghttp3_conn_shutdown_stream_read(ctx->h3.conn, stream->s.id);
- nghttp3_conn_close_stream(ctx->h3.conn, stream->s.id,
- NGHTTP3_H3_REQUEST_CANCELLED);
---- a/tests/http/test_01_basic.py
-+++ b/tests/http/test_01_basic.py
-@@ -242,3 +242,19 @@ def test_01_15_gigalarge_resp_headers(self, env: Env, httpd, proto):
- r.check_exit_code(16) # CURLE_HTTP2
- else:
- r.check_exit_code(100) # CURLE_TOO_LARGE
-+
-+ # http: invalid request headers, GET, issue #16998
-+ @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])
-+ def test_01_16_inv_req_get(self, env: Env, httpd, proto):
-+ if proto == 'h3' and not env.have_h3():
-+ pytest.skip("h3 not supported")
-+ curl = CurlClient(env=env)
-+ url = f'https://{env.authority_for(env.domain1, proto)}/curltest/echo'
-+ r = curl.http_get(url=url, alpn_proto=proto, extra_args=[
-+ '-H', "a: a\x0ab"
-+ ])
-+ # on h1, request is sent, h2/h3 reject
-+ if proto == 'http/1.1':
-+ r.check_exit_code(0)
-+ else:
-+ r.check_exit_code(43)
diff --git a/net-misc/curl/metadata.xml b/net-misc/curl/metadata.xml
index 2fa671c..48bc5a5 100644
--- a/net-misc/curl/metadata.xml
+++ b/net-misc/curl/metadata.xml
@@ -22,7 +22,6 @@
<flag name="mbedtls">Enable mbedtls ssl backend</flag>
<flag name="openssl">Enable openssl ssl backend</flag>
<flag name="pop3">Enable Post Office Protocol 3 support</flag>
- <flag name="progress-meter">Enable the progress meter</flag>
<flag name="psl">Enable Public Suffix List (PSL) support. See https://daniel.haxx.se/blog/2024/01/10/psl-in-curl/.</flag>
<flag name="quic">Enable support for QUIC (RFC 9000); a UDP-based protocol intended to replace TCP</flag>
<flag name="rtmp">Enable RTMP Streaming Media support</flag>
@@ -31,7 +30,6 @@
<flag name="smtp">Enable Simple Mail Transfer Protocol support</flag>
<flag name="ssh">Enable SSH urls in curl using libssh2</flag>
<flag name="ssl">Enable crypto engine support (via openssl if USE='-gnutls -nss')</flag>
- <flag name="sslv3">Support for the old/insecure SSLv3 protocol</flag>
<flag name="telnet">Enable Telnet protocol support</flag>
<flag name="tftp">Enable TFTP support</flag>
<flag name="websockets">Enable websockets support</flag>
^ permalink raw reply related [flat|nested] 5+ messages in thread
end of thread, other threads:[~2025-09-20 14:48 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-09-20 14:48 [gentoo-commits] repo/proj/libressl:master commit in: net-misc/curl/, net-misc/curl/files/ orbea
-- strict thread matches above, loose matches on Subject: below --
2025-04-15 15:56 orbea
2025-03-23 16:37 orbea
2025-02-09 15:13 orbea
2024-11-10 16:03 orbea
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox