* [gentoo-commits] repo/gentoo:master commit in: net-misc/curl/files/, net-misc/curl/
@ 2016-12-30 1:45 Anthony G. Basile
0 siblings, 0 replies; 18+ messages in thread
From: Anthony G. Basile @ 2016-12-30 1:45 UTC (permalink / raw
To: gentoo-commits
commit: 7edeee5b966afc5550d2b4c03b4d7f09c7db2973
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Fri Dec 30 01:45:01 2016 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Fri Dec 30 01:45:01 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7edeee5b
net-misc/curl: fix bug #604104
Package-Manager: portage-2.3.0
net-misc/curl/curl-7.52.1-r1.ebuild | 252 ++++++++++++++++++++++
net-misc/curl/files/curl-7.52.1-fix-openssl.patch | 36 ++++
2 files changed, 288 insertions(+)
diff --git a/net-misc/curl/curl-7.52.1-r1.ebuild b/net-misc/curl/curl-7.52.1-r1.ebuild
new file mode 100644
index 00000000..a3bb758
--- /dev/null
+++ b/net-misc/curl/curl-7.52.1-r1.ebuild
@@ -0,0 +1,252 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="6"
+
+inherit autotools eutils prefix multilib-minimal
+
+DESCRIPTION="A Client that groks URLs"
+HOMEPAGE="https://curl.haxx.se/"
+SRC_URI="https://curl.haxx.se/download/${P}.tar.bz2"
+
+LICENSE="MIT"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~hppa ~mips ~ppc ~ppc64 ~x86 ~ppc-aix ~x64-freebsd ~x86-freebsd ~hppa-hpux ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+#KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~x86-interix ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="adns http2 idn ipv6 kerberos ldap metalink rtmp samba ssh ssl static-libs test threads"
+IUSE+=" curl_ssl_axtls curl_ssl_gnutls curl_ssl_libressl curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_polarssl curl_ssl_winssl"
+IUSE+=" elibc_Winnt"
+
+#lead to lots of false negatives, bug #285669
+RESTRICT="test"
+
+RDEPEND="ldap? ( net-nds/openldap[${MULTILIB_USEDEP}] )
+ ssl? (
+ curl_ssl_axtls? (
+ net-libs/axtls:0=[${MULTILIB_USEDEP}]
+ app-misc/ca-certificates
+ )
+ curl_ssl_gnutls? (
+ net-libs/gnutls:0=[static-libs?,${MULTILIB_USEDEP}]
+ dev-libs/nettle:0=[${MULTILIB_USEDEP}]
+ app-misc/ca-certificates
+ )
+ curl_ssl_libressl? (
+ dev-libs/libressl:0=[static-libs?,${MULTILIB_USEDEP}]
+ )
+ curl_ssl_mbedtls? (
+ net-libs/mbedtls:0=[${MULTILIB_USEDEP}]
+ app-misc/ca-certificates
+ )
+ curl_ssl_openssl? (
+ dev-libs/openssl:0=[static-libs?,${MULTILIB_USEDEP}]
+ )
+ curl_ssl_nss? (
+ dev-libs/nss:0[${MULTILIB_USEDEP}]
+ app-misc/ca-certificates
+ )
+ curl_ssl_polarssl? (
+ net-libs/polarssl:0=[${MULTILIB_USEDEP}]
+ app-misc/ca-certificates
+ )
+ )
+ http2? ( net-libs/nghttp2[${MULTILIB_USEDEP}] )
+ idn? ( net-dns/libidn2:0[static-libs?,${MULTILIB_USEDEP}] )
+ adns? ( net-dns/c-ares:0[${MULTILIB_USEDEP}] )
+ kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
+ metalink? ( >=media-libs/libmetalink-0.1.1[${MULTILIB_USEDEP}] )
+ rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
+ ssh? ( net-libs/libssh2[static-libs?,${MULTILIB_USEDEP}] )
+ sys-libs/zlib[${MULTILIB_USEDEP}]
+ abi_x86_32? (
+ !<=app-emulation/emul-linux-x86-baselibs-20140508-r13
+ !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+ )"
+
+# Do we need to enforce the same ssl backend for curl and rtmpdump? Bug #423303
+# rtmp? (
+# media-video/rtmpdump
+# curl_ssl_gnutls? ( media-video/rtmpdump[gnutls] )
+# curl_ssl_openssl? ( media-video/rtmpdump[-gnutls,ssl] )
+# )
+
+# ssl providers to be added:
+# fbopenssl $(use_with spnego)
+
+DEPEND="${RDEPEND}
+ >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+ test? (
+ sys-apps/diffutils
+ dev-lang/perl
+ )"
+
+# c-ares must be disabled for threads
+# only one ssl provider can be enabled
+REQUIRED_USE="
+ curl_ssl_winssl? ( elibc_Winnt )
+ threads? ( !adns )
+ ssl? (
+ ^^ (
+ curl_ssl_axtls
+ curl_ssl_gnutls
+ curl_ssl_libressl
+ curl_ssl_mbedtls
+ curl_ssl_nss
+ curl_ssl_openssl
+ curl_ssl_polarssl
+ curl_ssl_winssl
+ )
+ )"
+
+DOCS=( CHANGES README docs/FEATURES docs/INTERNALS.md \
+ docs/MANUAL docs/FAQ docs/BUGS docs/CONTRIBUTE.md )
+
+MULTILIB_WRAPPED_HEADERS=(
+ /usr/include/curl/curlbuild.h
+)
+
+MULTILIB_CHOST_TOOLS=(
+ /usr/bin/curl-config
+)
+
+src_prepare() {
+ eapply "${FILESDIR}"/${PN}-7.30.0-prefix.patch
+ eapply "${FILESDIR}"/${PN}-respect-cflags-3.patch
+ eapply "${FILESDIR}"/${PN}-fix-gnutls-nettle.patch
+ eapply "${FILESDIR}"/${P}-fix-openssl.patch
+
+ sed -i '/LD_LIBRARY_PATH=/d' configure.ac || die #382241
+
+ eapply_user
+ eprefixify curl-config.in
+ eautoreconf
+}
+
+multilib_src_configure() {
+ # We make use of the fact that later flags override earlier ones
+ # So start with all ssl providers off until proven otherwise
+ local myconf=()
+ myconf+=( --without-axtls --without-gnutls --without-mbedtls --without-nss --without-polarssl --without-ssl --without-winssl )
+ myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
+ if use ssl ; then
+ if use curl_ssl_axtls; then
+ einfo "SSL provided by axtls"
+ myconf+=( --with-axtls )
+ elif use curl_ssl_gnutls; then
+ einfo "SSL provided by gnutls"
+ myconf+=( --with-gnutls --with-nettle )
+ elif use curl_ssl_libressl; then
+ einfo "SSL provided by LibreSSL"
+ myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
+ elif use curl_ssl_mbedtls; then
+ einfo "SSL provided by mbedtls"
+ myconf+=( --with-mbedtls )
+ elif use curl_ssl_nss; then
+ einfo "SSL provided by nss"
+ myconf+=( --with-nss )
+ elif use curl_ssl_polarssl; then
+ einfo "SSL provided by polarssl"
+ myconf+=( --with-polarssl )
+ elif use curl_ssl_openssl; then
+ einfo "SSL provided by openssl"
+ myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
+ elif use curl_ssl_winssl; then
+ einfo "SSL provided by Windows"
+ myconf+=( --with-winssl )
+ else
+ eerror "We can't be here because of REQUIRED_USE."
+ fi
+ else
+ einfo "SSL disabled"
+ fi
+
+ # These configuration options are organized alphabetically
+ # within each category. This should make it easier if we
+ # ever decide to make any of them contingent on USE flags:
+ # 1) protocols first. To see them all do
+ # 'grep SUPPORT_PROTOCOLS configure.ac'
+ # 2) --enable/disable options second.
+ # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
+ # 3) --with/without options third.
+ # grep -- --with configure | grep Check | awk '{ print $4 }' | sort
+ ECONF_SOURCE="${S}" \
+ econf \
+ --enable-crypto-auth \
+ --enable-dict \
+ --enable-file \
+ --enable-ftp \
+ --enable-gopher \
+ --enable-http \
+ --enable-imap \
+ $(use_enable ldap) \
+ $(use_enable ldap ldaps) \
+ --disable-ntlm-wb \
+ --enable-pop3 \
+ --enable-rt \
+ --enable-rtsp \
+ $(use_enable samba smb) \
+ $(use_with ssh libssh2) \
+ --enable-smtp \
+ --enable-telnet \
+ --enable-tftp \
+ --enable-tls-srp \
+ $(use_enable adns ares) \
+ --enable-cookies \
+ --enable-hidden-symbols \
+ $(use_enable ipv6) \
+ --enable-largefile \
+ --without-libpsl \
+ --enable-manual \
+ --enable-proxy \
+ --disable-soname-bump \
+ --disable-sspi \
+ $(use_enable static-libs static) \
+ $(use_enable threads threaded-resolver) \
+ --disable-versioned-symbols \
+ --without-cyassl \
+ --without-darwinssl \
+ $(use_with idn libidn2) \
+ $(use_with kerberos gssapi "${EPREFIX}"/usr) \
+ $(use_with metalink libmetalink) \
+ $(use_with http2 nghttp2) \
+ $(use_with rtmp librtmp) \
+ --without-spnego \
+ --without-winidn \
+ --with-zlib \
+ "${myconf[@]}"
+
+ if ! multilib_is_native_abi; then
+ # avoid building the client
+ sed -i -e '/SUBDIRS/s:src::' Makefile || die
+ sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
+ fi
+
+ # Fix up the pkg-config file to be more robust.
+ # https://github.com/curl/curl/issues/864
+ local priv=() libs=()
+ # We always enable zlib.
+ libs+=( "-lz" )
+ priv+=( "zlib" )
+ if use http2; then
+ libs+=( "-lnghttp2" )
+ priv+=( "libnghttp2" )
+ fi
+ if use curl_ssl_openssl; then
+ libs+=( "-lssl" "-lcrypto" )
+ priv+=( "openssl" )
+ fi
+ grep -q Requires.private libcurl.pc && die "need to update ebuild"
+ libs=$(printf '|%s' "${libs[@]}")
+ sed -i -r \
+ -e "/^Libs.private/s:(${libs#|})( |$)::g" \
+ libcurl.pc || die
+ echo "Requires.private: ${priv[*]}" >> libcurl.pc
+}
+
+multilib_src_install_all() {
+ einstalldocs
+ prune_libtool_files --all
+
+ rm -rf "${ED}"/etc/
+}
diff --git a/net-misc/curl/files/curl-7.52.1-fix-openssl.patch b/net-misc/curl/files/curl-7.52.1-fix-openssl.patch
new file mode 100644
index 00000000..259f618
--- /dev/null
+++ b/net-misc/curl/files/curl-7.52.1-fix-openssl.patch
@@ -0,0 +1,36 @@
+From a7b38c9dc98481e4a5fc37e51a8690337c674dfb Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Mon, 26 Dec 2016 00:06:33 +0100
+Subject: [PATCH] vtls: s/SSLEAY/OPENSSL
+
+Fixed an old leftover use of the USE_SSLEAY define which would make a
+socket get removed from the applications sockets to monitor when the
+multi_socket API was used, leading to timeouts.
+
+Bug: #1174
+---
+ lib/vtls/vtls.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c
+index b808e1c..707f24b 100644
+--- a/lib/vtls/vtls.c
++++ b/lib/vtls/vtls.c
+@@ -484,7 +484,7 @@ void Curl_ssl_close_all(struct Curl_easy *data)
+ curlssl_close_all(data);
+ }
+
+-#if defined(USE_SSLEAY) || defined(USE_GNUTLS) || defined(USE_SCHANNEL) || \
++#if defined(USE_OPENSSL) || defined(USE_GNUTLS) || defined(USE_SCHANNEL) || \
+ defined(USE_DARWINSSL) || defined(USE_NSS)
+ /* This function is for OpenSSL, GnuTLS, darwinssl, and schannel only. */
+ int Curl_ssl_getsock(struct connectdata *conn, curl_socket_t *socks,
+@@ -518,7 +518,7 @@ int Curl_ssl_getsock(struct connectdata *conn,
+ (void)numsocks;
+ return GETSOCK_BLANK;
+ }
+-/* USE_SSLEAY || USE_GNUTLS || USE_SCHANNEL || USE_DARWINSSL || USE_NSS */
++/* USE_OPENSSL || USE_GNUTLS || USE_SCHANNEL || USE_DARWINSSL || USE_NSS */
+ #endif
+
+ void Curl_ssl_close(struct connectdata *conn, int sockindex)
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/curl/files/, net-misc/curl/
@ 2017-08-18 16:33 Anthony G. Basile
0 siblings, 0 replies; 18+ messages in thread
From: Anthony G. Basile @ 2017-08-18 16:33 UTC (permalink / raw
To: gentoo-commits
commit: d71ab1ab0c02acafad494ac843b5019c796e4c3a
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Fri Aug 18 16:32:52 2017 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Fri Aug 18 16:33:08 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d71ab1ab
net-misc/curl: fix build for 7.55.1. bug #627960.
Package-Manager: Portage-2.3.6, Repoman-2.3.1
net-misc/curl/curl-7.55.1.ebuild | 1 +
net-misc/curl/files/curl-7.55.1-fix-build.patch | 22 ++++++++++++++++++++++
2 files changed, 23 insertions(+)
diff --git a/net-misc/curl/curl-7.55.1.ebuild b/net-misc/curl/curl-7.55.1.ebuild
index 5227717914f..62d6e1d8a33 100644
--- a/net-misc/curl/curl-7.55.1.ebuild
+++ b/net-misc/curl/curl-7.55.1.ebuild
@@ -107,6 +107,7 @@ src_prepare() {
eapply "${FILESDIR}"/${PN}-7.30.0-prefix.patch
eapply "${FILESDIR}"/${PN}-respect-cflags-3.patch
eapply "${FILESDIR}"/${PN}-fix-gnutls-nettle.patch
+ eapply "${FILESDIR}"/${P}-fix-build.patch
sed -i '/LD_LIBRARY_PATH=/d' configure.ac || die #382241
diff --git a/net-misc/curl/files/curl-7.55.1-fix-build.patch b/net-misc/curl/files/curl-7.55.1-fix-build.patch
new file mode 100644
index 00000000000..b9749d59c7f
--- /dev/null
+++ b/net-misc/curl/files/curl-7.55.1-fix-build.patch
@@ -0,0 +1,22 @@
+index d77a884..6dcd0f1 100644
+--- a/m4/curl-confopts.m4
++++ b/m4/curl-confopts.m4
+@@ -37,14 +37,14 @@ AC_HELP_STRING([--enable-threaded-resolver],[Enable threaded resolver])
+ AC_HELP_STRING([--disable-threaded-resolver],[Disable threaded resolver]),
+ OPT_THRES=$enableval)
+ case "$OPT_THRES" in
+- *)
+- dnl configure option not specified
+- want_thres="yes"
+- ;;
+ no)
+ dnl --disable-threaded-resolver option used
+ want_thres="no"
+ ;;
++ *)
++ dnl configure option not specified
++ want_thres="yes"
++ ;;
+ esac
+ AC_MSG_RESULT([$want_thres])
+ ])
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/curl/files/, net-misc/curl/
@ 2020-07-27 3:15 Sam James
0 siblings, 0 replies; 18+ messages in thread
From: Sam James @ 2020-07-27 3:15 UTC (permalink / raw
To: gentoo-commits
commit: f0cf742462897b3ddeb3705b7d606e0f98bf2c5e
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Jul 27 02:33:27 2020 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Jul 27 03:15:18 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f0cf7424
net-misc/curl: security cleanup
Closes: https://bugs.gentoo.org/729374
Package-Manager: Portage-3.0.0, Repoman-2.3.23
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-misc/curl/Manifest | 3 -
net-misc/curl/curl-7.68.0.ebuild | 265 ---------------------------
net-misc/curl/curl-7.69.1.ebuild | 265 ---------------------------
net-misc/curl/curl-7.70.0-r1.ebuild | 267 ----------------------------
net-misc/curl/files/curl-fix-cpu-load.patch | 94 ----------
5 files changed, 894 deletions(-)
diff --git a/net-misc/curl/Manifest b/net-misc/curl/Manifest
index 11d6b199f88..4ae3273fda0 100644
--- a/net-misc/curl/Manifest
+++ b/net-misc/curl/Manifest
@@ -1,5 +1,2 @@
-DIST curl-7.68.0.tar.xz 2442788 BLAKE2B d72dbf3c4d6ef7259f0dc9b5347f9289067807246ce6aaab03f3a9c04c17328a8315261dbc08390096571bcad3bbb185a70d15ce83687d7e792bee37318bf269 SHA512 bf365609c9a66a05b3a263d02bcd3f81f905570c5739c8ec522a296b4b8e2a479d64d5524e8345e14eafad28995ee22d923522f1a45fa40eb46db38759c2eb2c
-DIST curl-7.69.1.tar.xz 2467272 BLAKE2B 71eee2a8f511ea698f4ebf879bcdccabe11439b2f6c7812cde640f944af93b33dc797c6f4990ddd2a7051d33584dacc005ae011c16a6c1f7ab7fc7258c891937 SHA512 dcb917ce9a6f34b30adae10e2e635d7a8c67781d69789cc5617ab2b49e898394ecfeee546453b14ab168d4b3b52baf974b2ec07e7a4b199addbc1ba57274d8fa
-DIST curl-7.70.0.tar.xz 2348780 BLAKE2B 6b505d87242bcaa554c4ee6994eb97ca70453521c1e77b5e757677475328c70f41e23e22b3a0eb9be7a299a94d4f1f85a46f7f999f3db8439072626320352ecf SHA512 ab8796af1bd6f35ae704fd5e3639a8153482615a05c24e2e6d0b9cef8ed9a1e0d497ead2dbf5972cc53f632c2d87f0bf79e9e7cac625452dd24e6c7d8045cfc6
DIST curl-7.71.0.tar.xz 2379056 BLAKE2B 50d7369e4335823c3032b8801b270f7d8e687b0552f25ed5f9752549483cf68870e0422132ecf86e756e1c7c27cdf60048a7765850608c3a1b734cffb1fe7b99 SHA512 f1ea045f23b6a7e2c84ea83954d3299c612f57c3b1e5fee0b39493dc92fc4e95e7af2a5424c2e5bc480659e80cf1adce1fc528fc816f8ff2d0e7bfcfe4c5830a
DIST curl-7.71.1.tar.xz 2387660 BLAKE2B 47b3a4704ae8b09b37f7a9d8850fd7d692d91db3dd4ad776aad9a57d0162e0f4091e0387a850eb048f834e6dfee5bcb36da56493a106696c72072c612b47f623 SHA512 631e0ee8562e5029fe022bfab4222836a3e6d666e82e2bfbd78311fe5985105218a36d1ea68c93472fc57a12b713957a3bcca6e385eda4e58a47ca8d5d50265b
diff --git a/net-misc/curl/curl-7.68.0.ebuild b/net-misc/curl/curl-7.68.0.ebuild
deleted file mode 100644
index 0141a4e0a48..00000000000
--- a/net-misc/curl/curl-7.68.0.ebuild
+++ /dev/null
@@ -1,265 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit autotools eutils prefix multilib-minimal
-
-DESCRIPTION="A Client that groks URLs"
-HOMEPAGE="https://curl.haxx.se/"
-SRC_URI="https://curl.haxx.se/download/${P}.tar.xz"
-
-LICENSE="curl"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="adns alt-svc brotli http2 idn ipv6 kerberos ldap metalink +progress-meter rtmp samba ssh ssl static-libs test threads"
-IUSE+=" curl_ssl_gnutls curl_ssl_libressl curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_winssl"
-IUSE+=" nghttp3 quiche"
-IUSE+=" elibc_Winnt"
-
-#lead to lots of false negatives, bug #285669
-RESTRICT="test"
-
-RDEPEND="ldap? ( net-nds/openldap[${MULTILIB_USEDEP}] )
- brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
- ssl? (
- curl_ssl_gnutls? (
- net-libs/gnutls:0=[static-libs?,${MULTILIB_USEDEP}]
- dev-libs/nettle:0=[${MULTILIB_USEDEP}]
- app-misc/ca-certificates
- )
- curl_ssl_libressl? (
- dev-libs/libressl:0=[static-libs?,${MULTILIB_USEDEP}]
- )
- curl_ssl_mbedtls? (
- net-libs/mbedtls:0=[${MULTILIB_USEDEP}]
- app-misc/ca-certificates
- )
- curl_ssl_openssl? (
- dev-libs/openssl:0=[static-libs?,${MULTILIB_USEDEP}]
- )
- curl_ssl_nss? (
- dev-libs/nss:0[${MULTILIB_USEDEP}]
- app-misc/ca-certificates
- )
- )
- http2? ( net-libs/nghttp2[${MULTILIB_USEDEP}] )
- nghttp3? (
- net-libs/nghttp3[${MULTILIB_USEDEP}]
- net-libs/ngtcp2[ssl,${MULTILIB_USEDEP}]
- )
- quiche? ( net-libs/quiche[${MULTILIB_USEDEP}] )
- idn? ( net-dns/libidn2:0=[static-libs?,${MULTILIB_USEDEP}] )
- adns? ( net-dns/c-ares:0[${MULTILIB_USEDEP}] )
- kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
- metalink? ( >=media-libs/libmetalink-0.1.1[${MULTILIB_USEDEP}] )
- rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
- ssh? ( net-libs/libssh2[${MULTILIB_USEDEP}] )
- sys-libs/zlib[${MULTILIB_USEDEP}]"
-
-# Do we need to enforce the same ssl backend for curl and rtmpdump? Bug #423303
-# rtmp? (
-# media-video/rtmpdump
-# curl_ssl_gnutls? ( media-video/rtmpdump[gnutls] )
-# curl_ssl_openssl? ( media-video/rtmpdump[-gnutls,ssl] )
-# )
-
-# ssl providers to be added:
-# fbopenssl $(use_with spnego)
-
-DEPEND="${RDEPEND}"
-BDEPEND="virtual/pkgconfig
- test? (
- sys-apps/diffutils
- dev-lang/perl
- )"
-
-# c-ares must be disabled for threads
-# only one ssl provider can be enabled
-REQUIRED_USE="
- curl_ssl_winssl? ( elibc_Winnt )
- threads? ( !adns )
- ssl? (
- ^^ (
- curl_ssl_gnutls
- curl_ssl_libressl
- curl_ssl_mbedtls
- curl_ssl_nss
- curl_ssl_openssl
- curl_ssl_winssl
- )
- )"
-
-DOCS=( CHANGES README docs/FEATURES docs/INTERNALS.md \
- docs/FAQ docs/BUGS docs/CONTRIBUTE.md )
-
-MULTILIB_WRAPPED_HEADERS=(
- /usr/include/curl/curlbuild.h
-)
-
-MULTILIB_CHOST_TOOLS=(
- /usr/bin/curl-config
-)
-
-src_prepare() {
- eapply "${FILESDIR}"/${PN}-7.30.0-prefix.patch
- eapply "${FILESDIR}"/${PN}-respect-cflags-3.patch
- eapply "${FILESDIR}"/${PN}-fix-gnutls-nettle.patch
-
- sed -i '/LD_LIBRARY_PATH=/d' configure.ac || die #382241
- sed -i '/CURL_MAC_CFLAGS/d' configure.ac || die #637252
-
- eapply_user
- eprefixify curl-config.in
- eautoreconf
-}
-
-multilib_src_configure() {
- # We make use of the fact that later flags override earlier ones
- # So start with all ssl providers off until proven otherwise
- # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
- local myconf=()
- myconf+=( --without-gnutls --without-mbedtls --without-nss --without-polarssl --without-ssl --without-winssl )
- myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
- if use ssl ; then
- if use curl_ssl_gnutls; then
- einfo "SSL provided by gnutls"
- myconf+=( --with-gnutls --with-nettle )
- elif use curl_ssl_libressl; then
- einfo "SSL provided by LibreSSL"
- myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
- elif use curl_ssl_mbedtls; then
- einfo "SSL provided by mbedtls"
- myconf+=( --with-mbedtls )
- elif use curl_ssl_nss; then
- einfo "SSL provided by nss"
- myconf+=( --with-nss )
- elif use curl_ssl_openssl; then
- einfo "SSL provided by openssl"
- myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
- elif use curl_ssl_winssl; then
- einfo "SSL provided by Windows"
- myconf+=( --with-winssl )
- else
- eerror "We can't be here because of REQUIRED_USE."
- fi
- else
- einfo "SSL disabled"
- fi
-
- # These configuration options are organized alphabetically
- # within each category. This should make it easier if we
- # ever decide to make any of them contingent on USE flags:
- # 1) protocols first. To see them all do
- # 'grep SUPPORT_PROTOCOLS configure.ac'
- # 2) --enable/disable options second.
- # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
- # 3) --with/without options third.
- # grep -- --with configure | grep Check | awk '{ print $4 }' | sort
-
- ECONF_SOURCE="${S}" \
- econf \
- $(use_enable alt-svc) \
- --enable-crypto-auth \
- --enable-dict \
- --disable-esni \
- --enable-file \
- --enable-ftp \
- --enable-gopher \
- --enable-http \
- --enable-imap \
- $(use_enable ldap) \
- $(use_enable ldap ldaps) \
- --disable-ntlm-wb \
- --enable-pop3 \
- --enable-rt \
- --enable-rtsp \
- $(use_enable samba smb) \
- $(use_with ssh libssh2) \
- --enable-smtp \
- --enable-telnet \
- --enable-tftp \
- --enable-tls-srp \
- $(use_enable adns ares) \
- --enable-cookies \
- --enable-dateparse \
- --enable-dnsshuffle \
- --enable-doh \
- --enable-hidden-symbols \
- --enable-http-auth \
- $(use_enable ipv6) \
- --enable-largefile \
- --without-libpsl \
- --enable-manual \
- --enable-mime \
- --enable-netrc \
- $(use_enable progress-meter) \
- --enable-proxy \
- --disable-sspi \
- $(use_enable static-libs static) \
- $(use_enable threads threaded-resolver) \
- $(use_enable threads pthreads) \
- --disable-versioned-symbols \
- --without-amissl \
- --without-bearssl \
- --without-cyassl \
- --without-darwinssl \
- --without-fish-functions-dir \
- $(use_with idn libidn2) \
- $(use_with kerberos gssapi "${EPREFIX}"/usr) \
- $(use_with metalink libmetalink) \
- $(use_with http2 nghttp2) \
- $(use_with nghttp3) \
- $(use_with nghttp3 ngtcp2) \
- $(use_with quiche) \
- $(use_with rtmp librtmp) \
- $(use_with brotli) \
- --without-schannel \
- --without-secure-transport \
- --without-spnego \
- --without-winidn \
- --without-wolfssl \
- --with-zlib \
- "${myconf[@]}"
-
- if ! multilib_is_native_abi; then
- # avoid building the client
- sed -i -e '/SUBDIRS/s:src::' Makefile || die
- sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
- fi
-
- # Fix up the pkg-config file to be more robust.
- # https://github.com/curl/curl/issues/864
- local priv=() libs=()
- # We always enable zlib.
- libs+=( "-lz" )
- priv+=( "zlib" )
- if use http2; then
- libs+=( "-lnghttp2" )
- priv+=( "libnghttp2" )
- fi
- if use quiche; then
- libs+=( "-lquiche" )
- priv+=( "quiche" )
- fi
- if use nghttp3; then
- libs+=( "-lnghttp3" "-lngtcp2" )
- priv+=( "libnghttp3" "-libtcp2" )
- fi
- if use ssl && use curl_ssl_openssl; then
- libs+=( "-lssl" "-lcrypto" )
- priv+=( "openssl" )
- fi
- grep -q Requires.private libcurl.pc && die "need to update ebuild"
- libs=$(printf '|%s' "${libs[@]}")
- sed -i -r \
- -e "/^Libs.private/s:(${libs#|})( |$)::g" \
- libcurl.pc || die
- echo "Requires.private: ${priv[*]}" >> libcurl.pc
-}
-
-multilib_src_install_all() {
- einstalldocs
- find "${ED}" -type f -name '*.la' -delete
- rm -rf "${ED}"/etc/
-}
diff --git a/net-misc/curl/curl-7.69.1.ebuild b/net-misc/curl/curl-7.69.1.ebuild
deleted file mode 100644
index c787559e030..00000000000
--- a/net-misc/curl/curl-7.69.1.ebuild
+++ /dev/null
@@ -1,265 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit autotools eutils prefix multilib-minimal
-
-DESCRIPTION="A Client that groks URLs"
-HOMEPAGE="https://curl.haxx.se/"
-SRC_URI="https://curl.haxx.se/download/${P}.tar.xz"
-
-LICENSE="curl"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="adns alt-svc brotli +ftp gopher http2 idn +imap ipv6 kerberos ldap metalink +pop3 +progress-meter rtmp samba +smtp ssh ssl static-libs test telnet +tftp threads"
-IUSE+=" curl_ssl_gnutls curl_ssl_libressl curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_winssl"
-IUSE+=" nghttp3 quiche"
-IUSE+=" elibc_Winnt"
-
-#lead to lots of false negatives, bug #285669
-RESTRICT="test"
-
-RDEPEND="ldap? ( net-nds/openldap[${MULTILIB_USEDEP}] )
- brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
- ssl? (
- curl_ssl_gnutls? (
- net-libs/gnutls:0=[static-libs?,${MULTILIB_USEDEP}]
- dev-libs/nettle:0=[${MULTILIB_USEDEP}]
- app-misc/ca-certificates
- )
- curl_ssl_libressl? (
- dev-libs/libressl:0=[static-libs?,${MULTILIB_USEDEP}]
- )
- curl_ssl_mbedtls? (
- net-libs/mbedtls:0=[${MULTILIB_USEDEP}]
- app-misc/ca-certificates
- )
- curl_ssl_openssl? (
- dev-libs/openssl:0=[static-libs?,${MULTILIB_USEDEP}]
- )
- curl_ssl_nss? (
- dev-libs/nss:0[${MULTILIB_USEDEP}]
- app-misc/ca-certificates
- )
- )
- http2? ( net-libs/nghttp2[${MULTILIB_USEDEP}] )
- nghttp3? (
- net-libs/nghttp3[${MULTILIB_USEDEP}]
- net-libs/ngtcp2[ssl,${MULTILIB_USEDEP}]
- )
- quiche? ( >=net-libs/quiche-0.3.0[${MULTILIB_USEDEP}] )
- idn? ( net-dns/libidn2:0=[static-libs?,${MULTILIB_USEDEP}] )
- adns? ( net-dns/c-ares:0[${MULTILIB_USEDEP}] )
- kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
- metalink? ( >=media-libs/libmetalink-0.1.1[${MULTILIB_USEDEP}] )
- rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
- ssh? ( net-libs/libssh2[${MULTILIB_USEDEP}] )
- sys-libs/zlib[${MULTILIB_USEDEP}]"
-
-# Do we need to enforce the same ssl backend for curl and rtmpdump? Bug #423303
-# rtmp? (
-# media-video/rtmpdump
-# curl_ssl_gnutls? ( media-video/rtmpdump[gnutls] )
-# curl_ssl_openssl? ( media-video/rtmpdump[-gnutls,ssl] )
-# )
-
-# ssl providers to be added:
-# fbopenssl $(use_with spnego)
-
-DEPEND="${RDEPEND}"
-BDEPEND="virtual/pkgconfig
- test? (
- sys-apps/diffutils
- dev-lang/perl
- )"
-
-# c-ares must be disabled for threads
-# only one ssl provider can be enabled
-REQUIRED_USE="
- curl_ssl_winssl? ( elibc_Winnt )
- threads? ( !adns )
- ssl? (
- ^^ (
- curl_ssl_gnutls
- curl_ssl_libressl
- curl_ssl_mbedtls
- curl_ssl_nss
- curl_ssl_openssl
- curl_ssl_winssl
- )
- )"
-
-DOCS=( CHANGES README docs/FEATURES docs/INTERNALS.md \
- docs/FAQ docs/BUGS docs/CONTRIBUTE.md )
-
-MULTILIB_WRAPPED_HEADERS=(
- /usr/include/curl/curlbuild.h
-)
-
-MULTILIB_CHOST_TOOLS=(
- /usr/bin/curl-config
-)
-
-src_prepare() {
- eapply "${FILESDIR}"/${PN}-7.30.0-prefix.patch
- eapply "${FILESDIR}"/${PN}-respect-cflags-3.patch
- eapply "${FILESDIR}"/${PN}-fix-gnutls-nettle.patch
-
- sed -i '/LD_LIBRARY_PATH=/d' configure.ac || die #382241
- sed -i '/CURL_MAC_CFLAGS/d' configure.ac || die #637252
-
- eapply_user
- eprefixify curl-config.in
- eautoreconf
-}
-
-multilib_src_configure() {
- # We make use of the fact that later flags override earlier ones
- # So start with all ssl providers off until proven otherwise
- # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
- local myconf=()
- myconf+=( --without-gnutls --without-mbedtls --without-nss --without-polarssl --without-ssl --without-winssl )
- myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
- if use ssl ; then
- if use curl_ssl_gnutls; then
- einfo "SSL provided by gnutls"
- myconf+=( --with-gnutls --with-nettle )
- elif use curl_ssl_libressl; then
- einfo "SSL provided by LibreSSL"
- myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
- elif use curl_ssl_mbedtls; then
- einfo "SSL provided by mbedtls"
- myconf+=( --with-mbedtls )
- elif use curl_ssl_nss; then
- einfo "SSL provided by nss"
- myconf+=( --with-nss )
- elif use curl_ssl_openssl; then
- einfo "SSL provided by openssl"
- myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
- elif use curl_ssl_winssl; then
- einfo "SSL provided by Windows"
- myconf+=( --with-winssl )
- else
- eerror "We can't be here because of REQUIRED_USE."
- fi
- else
- einfo "SSL disabled"
- fi
-
- # These configuration options are organized alphabetically
- # within each category. This should make it easier if we
- # ever decide to make any of them contingent on USE flags:
- # 1) protocols first. To see them all do
- # 'grep SUPPORT_PROTOCOLS configure.ac'
- # 2) --enable/disable options second.
- # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
- # 3) --with/without options third.
- # grep -- --with configure | grep Check | awk '{ print $4 }' | sort
-
- ECONF_SOURCE="${S}" \
- econf \
- $(use_enable alt-svc) \
- --enable-crypto-auth \
- --enable-dict \
- --disable-esni \
- --enable-file \
- $(use_enable ftp) \
- $(use_enable gopher) \
- --enable-http \
- $(use_enable imap) \
- $(use_enable ldap) \
- $(use_enable ldap ldaps) \
- --disable-ntlm-wb \
- $(use_enable pop3) \
- --enable-rt \
- --enable-rtsp \
- $(use_enable samba smb) \
- $(use_with ssh libssh2) \
- $(use_enable smtp) \
- $(use_enable telnet) \
- $(use_enable tftp) \
- --enable-tls-srp \
- $(use_enable adns ares) \
- --enable-cookies \
- --enable-dateparse \
- --enable-dnsshuffle \
- --enable-doh \
- --enable-hidden-symbols \
- --enable-http-auth \
- $(use_enable ipv6) \
- --enable-largefile \
- --enable-manual \
- --enable-mime \
- --enable-netrc \
- $(use_enable progress-meter) \
- --enable-proxy \
- --disable-sspi \
- $(use_enable static-libs static) \
- $(use_enable threads threaded-resolver) \
- $(use_enable threads pthreads) \
- --disable-versioned-symbols \
- --without-amissl \
- --without-bearssl \
- --without-cyassl \
- --without-darwinssl \
- --without-fish-functions-dir \
- $(use_with idn libidn2) \
- $(use_with kerberos gssapi "${EPREFIX}"/usr) \
- $(use_with metalink libmetalink) \
- $(use_with http2 nghttp2) \
- --without-libpsl \
- $(use_with nghttp3) \
- $(use_with nghttp3 ngtcp2) \
- $(use_with quiche) \
- $(use_with rtmp librtmp) \
- $(use_with brotli) \
- --without-schannel \
- --without-secure-transport \
- --without-spnego \
- --without-winidn \
- --without-wolfssl \
- --with-zlib \
- "${myconf[@]}"
-
- if ! multilib_is_native_abi; then
- # avoid building the client
- sed -i -e '/SUBDIRS/s:src::' Makefile || die
- sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
- fi
-
- # Fix up the pkg-config file to be more robust.
- # https://github.com/curl/curl/issues/864
- local priv=() libs=()
- # We always enable zlib.
- libs+=( "-lz" )
- priv+=( "zlib" )
- if use http2; then
- libs+=( "-lnghttp2" )
- priv+=( "libnghttp2" )
- fi
- if use quiche; then
- libs+=( "-lquiche" )
- priv+=( "quiche" )
- fi
- if use nghttp3; then
- libs+=( "-lnghttp3" "-lngtcp2" )
- priv+=( "libnghttp3" "-libtcp2" )
- fi
- if use ssl && use curl_ssl_openssl; then
- libs+=( "-lssl" "-lcrypto" )
- priv+=( "openssl" )
- fi
- grep -q Requires.private libcurl.pc && die "need to update ebuild"
- libs=$(printf '|%s' "${libs[@]}")
- sed -i -r \
- -e "/^Libs.private/s:(${libs#|})( |$)::g" \
- libcurl.pc || die
- echo "Requires.private: ${priv[*]}" >> libcurl.pc
-}
-
-multilib_src_install_all() {
- einstalldocs
- find "${ED}" -type f -name '*.la' -delete
- rm -rf "${ED}"/etc/
-}
diff --git a/net-misc/curl/curl-7.70.0-r1.ebuild b/net-misc/curl/curl-7.70.0-r1.ebuild
deleted file mode 100644
index d10edbee215..00000000000
--- a/net-misc/curl/curl-7.70.0-r1.ebuild
+++ /dev/null
@@ -1,267 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit autotools eutils prefix multilib-minimal
-
-DESCRIPTION="A Client that groks URLs"
-HOMEPAGE="https://curl.haxx.se/"
-SRC_URI="https://curl.haxx.se/download/${P}.tar.xz"
-
-LICENSE="curl"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="adns alt-svc brotli +ftp gopher http2 idn +imap ipv6 kerberos ldap metalink +pop3 +progress-meter rtmp samba +smtp ssh ssl static-libs test telnet +tftp threads"
-IUSE+=" curl_ssl_gnutls curl_ssl_libressl curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_winssl"
-IUSE+=" nghttp3 quiche"
-IUSE+=" elibc_Winnt"
-
-#lead to lots of false negatives, bug #285669
-RESTRICT="test"
-
-RDEPEND="ldap? ( net-nds/openldap[${MULTILIB_USEDEP}] )
- brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
- ssl? (
- curl_ssl_gnutls? (
- net-libs/gnutls:0=[static-libs?,${MULTILIB_USEDEP}]
- dev-libs/nettle:0=[${MULTILIB_USEDEP}]
- app-misc/ca-certificates
- )
- curl_ssl_libressl? (
- dev-libs/libressl:0=[static-libs?,${MULTILIB_USEDEP}]
- )
- curl_ssl_mbedtls? (
- net-libs/mbedtls:0=[${MULTILIB_USEDEP}]
- app-misc/ca-certificates
- )
- curl_ssl_openssl? (
- dev-libs/openssl:0=[static-libs?,${MULTILIB_USEDEP}]
- )
- curl_ssl_nss? (
- dev-libs/nss:0[${MULTILIB_USEDEP}]
- app-misc/ca-certificates
- )
- )
- http2? ( net-libs/nghttp2[${MULTILIB_USEDEP}] )
- nghttp3? (
- net-libs/nghttp3[${MULTILIB_USEDEP}]
- net-libs/ngtcp2[ssl,${MULTILIB_USEDEP}]
- )
- quiche? ( >=net-libs/quiche-0.3.0[${MULTILIB_USEDEP}] )
- idn? ( net-dns/libidn2:0=[static-libs?,${MULTILIB_USEDEP}] )
- adns? ( net-dns/c-ares:0[${MULTILIB_USEDEP}] )
- kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
- metalink? ( >=media-libs/libmetalink-0.1.1[${MULTILIB_USEDEP}] )
- rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
- ssh? ( net-libs/libssh2[${MULTILIB_USEDEP}] )
- sys-libs/zlib[${MULTILIB_USEDEP}]"
-
-# Do we need to enforce the same ssl backend for curl and rtmpdump? Bug #423303
-# rtmp? (
-# media-video/rtmpdump
-# curl_ssl_gnutls? ( media-video/rtmpdump[gnutls] )
-# curl_ssl_openssl? ( media-video/rtmpdump[-gnutls,ssl] )
-# )
-
-# ssl providers to be added:
-# fbopenssl $(use_with spnego)
-
-DEPEND="${RDEPEND}"
-BDEPEND="virtual/pkgconfig
- test? (
- sys-apps/diffutils
- dev-lang/perl
- )"
-
-# c-ares must be disabled for threads
-# only one ssl provider can be enabled
-REQUIRED_USE="
- curl_ssl_winssl? ( elibc_Winnt )
- threads? ( !adns )
- ssl? (
- ^^ (
- curl_ssl_gnutls
- curl_ssl_libressl
- curl_ssl_mbedtls
- curl_ssl_nss
- curl_ssl_openssl
- curl_ssl_winssl
- )
- )"
-
-DOCS=( CHANGES README docs/FEATURES docs/INTERNALS.md \
- docs/FAQ docs/BUGS docs/CONTRIBUTE.md )
-
-MULTILIB_WRAPPED_HEADERS=(
- /usr/include/curl/curlbuild.h
-)
-
-MULTILIB_CHOST_TOOLS=(
- /usr/bin/curl-config
-)
-
-src_prepare() {
- eapply "${FILESDIR}"/${PN}-7.30.0-prefix.patch
- eapply "${FILESDIR}"/${PN}-respect-cflags-3.patch
- eapply "${FILESDIR}"/${PN}-fix-gnutls-nettle.patch
- eapply "${FILESDIR}"/${PN}-fix-cpu-load.patch
-
- sed -i '/LD_LIBRARY_PATH=/d' configure.ac || die #382241
- sed -i '/CURL_MAC_CFLAGS/d' configure.ac || die #637252
-
- eapply_user
- eprefixify curl-config.in
- eautoreconf
-}
-
-multilib_src_configure() {
- # We make use of the fact that later flags override earlier ones
- # So start with all ssl providers off until proven otherwise
- # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
- local myconf=()
- myconf+=( --without-gnutls --without-mbedtls --without-nss --without-polarssl --without-ssl --without-winssl )
- myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
- if use ssl ; then
- if use curl_ssl_gnutls; then
- einfo "SSL provided by gnutls"
- myconf+=( --with-gnutls --with-nettle )
- elif use curl_ssl_libressl; then
- einfo "SSL provided by LibreSSL"
- myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
- elif use curl_ssl_mbedtls; then
- einfo "SSL provided by mbedtls"
- myconf+=( --with-mbedtls )
- elif use curl_ssl_nss; then
- einfo "SSL provided by nss"
- myconf+=( --with-nss )
- elif use curl_ssl_openssl; then
- einfo "SSL provided by openssl"
- myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
- elif use curl_ssl_winssl; then
- einfo "SSL provided by Windows"
- myconf+=( --with-winssl )
- else
- eerror "We can't be here because of REQUIRED_USE."
- fi
- else
- einfo "SSL disabled"
- fi
-
- # These configuration options are organized alphabetically
- # within each category. This should make it easier if we
- # ever decide to make any of them contingent on USE flags:
- # 1) protocols first. To see them all do
- # 'grep SUPPORT_PROTOCOLS configure.ac'
- # 2) --enable/disable options second.
- # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
- # 3) --with/without options third.
- # grep -- --with configure | grep Check | awk '{ print $4 }' | sort
-
- ECONF_SOURCE="${S}" \
- econf \
- $(use_enable alt-svc) \
- --enable-crypto-auth \
- --enable-dict \
- --disable-esni \
- --enable-file \
- $(use_enable ftp) \
- $(use_enable gopher) \
- --enable-http \
- $(use_enable imap) \
- $(use_enable ldap) \
- $(use_enable ldap ldaps) \
- --disable-mqtt \
- --disable-ntlm-wb \
- $(use_enable pop3) \
- --enable-rt \
- --enable-rtsp \
- $(use_enable samba smb) \
- $(use_with ssh libssh2) \
- $(use_enable smtp) \
- $(use_enable telnet) \
- $(use_enable tftp) \
- --enable-tls-srp \
- $(use_enable adns ares) \
- --enable-cookies \
- --enable-dateparse \
- --enable-dnsshuffle \
- --enable-doh \
- --enable-hidden-symbols \
- --enable-http-auth \
- $(use_enable ipv6) \
- --enable-largefile \
- --enable-manual \
- --enable-mime \
- --enable-netrc \
- $(use_enable progress-meter) \
- --enable-proxy \
- --disable-sspi \
- $(use_enable static-libs static) \
- $(use_enable threads threaded-resolver) \
- $(use_enable threads pthreads) \
- --disable-versioned-symbols \
- --without-amissl \
- --without-bearssl \
- --without-cyassl \
- --without-darwinssl \
- --without-fish-functions-dir \
- $(use_with idn libidn2) \
- $(use_with kerberos gssapi "${EPREFIX}"/usr) \
- $(use_with metalink libmetalink) \
- $(use_with http2 nghttp2) \
- --without-libpsl \
- $(use_with nghttp3) \
- $(use_with nghttp3 ngtcp2) \
- $(use_with quiche) \
- $(use_with rtmp librtmp) \
- $(use_with brotli) \
- --without-schannel \
- --without-secure-transport \
- --without-spnego \
- --without-winidn \
- --without-wolfssl \
- --with-zlib \
- "${myconf[@]}"
-
- if ! multilib_is_native_abi; then
- # avoid building the client
- sed -i -e '/SUBDIRS/s:src::' Makefile || die
- sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
- fi
-
- # Fix up the pkg-config file to be more robust.
- # https://github.com/curl/curl/issues/864
- local priv=() libs=()
- # We always enable zlib.
- libs+=( "-lz" )
- priv+=( "zlib" )
- if use http2; then
- libs+=( "-lnghttp2" )
- priv+=( "libnghttp2" )
- fi
- if use quiche; then
- libs+=( "-lquiche" )
- priv+=( "quiche" )
- fi
- if use nghttp3; then
- libs+=( "-lnghttp3" "-lngtcp2" )
- priv+=( "libnghttp3" "-libtcp2" )
- fi
- if use ssl && use curl_ssl_openssl; then
- libs+=( "-lssl" "-lcrypto" )
- priv+=( "openssl" )
- fi
- grep -q Requires.private libcurl.pc && die "need to update ebuild"
- libs=$(printf '|%s' "${libs[@]}")
- sed -i -r \
- -e "/^Libs.private/s:(${libs#|})( |$)::g" \
- libcurl.pc || die
- echo "Requires.private: ${priv[*]}" >> libcurl.pc
-}
-
-multilib_src_install_all() {
- einstalldocs
- find "${ED}" -type f -name '*.la' -delete
- rm -rf "${ED}"/etc/
-}
diff --git a/net-misc/curl/files/curl-fix-cpu-load.patch b/net-misc/curl/files/curl-fix-cpu-load.patch
deleted file mode 100644
index fb20641b5b2..00000000000
--- a/net-misc/curl/files/curl-fix-cpu-load.patch
+++ /dev/null
@@ -1,94 +0,0 @@
-Fixes https://bugs.gentoo.org/727352
-
-From 2a41e236716da4c41ebc1132bd36d9273bd0321f Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Mon, 8 Jun 2020 14:05:22 +0200
-Subject: [PATCH] socks: detect connection close during handshake
-
-The SOCKS4/5 state machines weren't properly terminated when the proxy
-connection got closed, leading to a busy-loop.
-
-Reported-By: zloi-user on github
-Fixes #5532
-Closes #5542
----
- lib/socks.c | 32 ++++++++++++++++++++++++++++----
- 1 file changed, 28 insertions(+), 4 deletions(-)
-
-diff --git a/lib/socks.c b/lib/socks.c
-index 4c1af7b9de7..b2215fef30c 100644
---- a/lib/socks.c
-+++ b/lib/socks.c
-@@ -382,6 +382,11 @@ CURLcode Curl_SOCKS4(const char *proxy_user,
- curl_easy_strerror(result));
- return CURLE_COULDNT_CONNECT;
- }
-+ else if(!result && !actualread) {
-+ /* connection closed */
-+ failf(data, "connection to proxy closed");
-+ return CURLE_COULDNT_CONNECT;
-+ }
- else if(actualread != sx->outstanding) {
- /* remain in reading state */
- sx->outstanding -= actualread;
-@@ -592,6 +597,11 @@ CURLcode Curl_SOCKS5(const char *proxy_user,
- failf(data, "Unable to receive initial SOCKS5 response.");
- return CURLE_COULDNT_CONNECT;
- }
-+ else if(!result && !actualread) {
-+ /* connection closed */
-+ failf(data, "Connection to proxy closed");
-+ return CURLE_COULDNT_CONNECT;
-+ }
- else if(actualread != sx->outstanding) {
- /* remain in reading state */
- sx->outstanding -= actualread;
-@@ -717,15 +727,19 @@ CURLcode Curl_SOCKS5(const char *proxy_user,
- failf(data, "Unable to receive SOCKS5 sub-negotiation response.");
- return CURLE_COULDNT_CONNECT;
- }
-- if(actualread != sx->outstanding) {
-+ else if(!result && !actualread) {
-+ /* connection closed */
-+ failf(data, "connection to proxy closed");
-+ return CURLE_COULDNT_CONNECT;
-+ }
-+ else if(actualread != sx->outstanding) {
- /* remain in state */
- sx->outstanding -= actualread;
- sx->outp += actualread;
- return CURLE_OK;
- }
--
- /* ignore the first (VER) byte */
-- if(socksreq[1] != 0) { /* status */
-+ else if(socksreq[1] != 0) { /* status */
- failf(data, "User was rejected by the SOCKS5 server (%d %d).",
- socksreq[0], socksreq[1]);
- return CURLE_COULDNT_CONNECT;
-@@ -890,6 +904,11 @@ CURLcode Curl_SOCKS5(const char *proxy_user,
- failf(data, "Failed to receive SOCKS5 connect request ack.");
- return CURLE_COULDNT_CONNECT;
- }
-+ else if(!result && !actualread) {
-+ /* connection closed */
-+ failf(data, "connection to proxy closed");
-+ return CURLE_COULDNT_CONNECT;
-+ }
- else if(actualread != sx->outstanding) {
- /* remain in state */
- sx->outstanding -= actualread;
-@@ -967,7 +986,12 @@ CURLcode Curl_SOCKS5(const char *proxy_user,
- failf(data, "Failed to receive SOCKS5 connect request ack.");
- return CURLE_COULDNT_CONNECT;
- }
-- if(actualread != sx->outstanding) {
-+ else if(!result && !actualread) {
-+ /* connection closed */
-+ failf(data, "connection to proxy closed");
-+ return CURLE_COULDNT_CONNECT;
-+ }
-+ else if(actualread != sx->outstanding) {
- /* remain in state */
- sx->outstanding -= actualread;
- sx->outp += actualread;
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/curl/files/, net-misc/curl/
@ 2022-11-17 1:06 Sam James
0 siblings, 0 replies; 18+ messages in thread
From: Sam James @ 2022-11-17 1:06 UTC (permalink / raw
To: gentoo-commits
commit: 93404ce48ebc3346b1d0a45e5b313f25bec02e5f
Author: Henning Schild <henning <AT> hennsch <DOT> de>
AuthorDate: Wed Nov 16 13:09:30 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Nov 17 00:58:35 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=93404ce4
net-misc/curl: backport one more noproxy regression patch to 7.86.0
Bug: https://bugs.gentoo.org/878365
Signed-off-by: Henning Schild <henning <AT> hennsch.de>
Closes: https://github.com/gentoo/gentoo/pull/28295
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-misc/curl/curl-7.86.0-r3.ebuild | 292 +++++++++++++++++++++
...roxy-tailmatch-like-in-7.85.0-and-earlier.patch | 84 ++++++
2 files changed, 376 insertions(+)
diff --git a/net-misc/curl/curl-7.86.0-r3.ebuild b/net-misc/curl/curl-7.86.0-r3.ebuild
new file mode 100644
index 000000000000..cd08376dee7b
--- /dev/null
+++ b/net-misc/curl/curl-7.86.0-r3.ebuild
@@ -0,0 +1,292 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="8"
+
+inherit autotools prefix multilib-minimal verify-sig
+
+DESCRIPTION="A Client that groks URLs"
+HOMEPAGE="https://curl.haxx.se/"
+SRC_URI="https://curl.haxx.se/download/${P}.tar.xz
+ verify-sig? ( https://curl.haxx.se/download/${P}.tar.xz.asc )"
+
+LICENSE="curl"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="+adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap ipv6 kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd"
+IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl"
+IUSE+=" nghttp3 quiche"
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/danielstenberg.asc
+
+# Only one default ssl provider can be enabled
+REQUIRED_USE="
+ ssl? (
+ ^^ (
+ curl_ssl_gnutls
+ curl_ssl_mbedtls
+ curl_ssl_nss
+ curl_ssl_openssl
+ )
+ )"
+
+# lead to lots of false negatives, bug #285669
+RESTRICT="!test? ( test )"
+
+RDEPEND="ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] )
+ brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
+ ssl? (
+ gnutls? (
+ net-libs/gnutls:0=[static-libs?,${MULTILIB_USEDEP}]
+ dev-libs/nettle:0=[${MULTILIB_USEDEP}]
+ app-misc/ca-certificates
+ )
+ mbedtls? (
+ net-libs/mbedtls:0=[${MULTILIB_USEDEP}]
+ app-misc/ca-certificates
+ )
+ openssl? (
+ dev-libs/openssl:0=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
+ )
+ nss? (
+ dev-libs/nss:0[${MULTILIB_USEDEP}]
+ dev-libs/nss-pem
+ app-misc/ca-certificates
+ )
+ )
+ http2? ( net-libs/nghttp2:=[${MULTILIB_USEDEP}] )
+ nghttp3? (
+ net-libs/nghttp3[${MULTILIB_USEDEP}]
+ net-libs/ngtcp2[ssl,${MULTILIB_USEDEP}]
+ )
+ quiche? ( >=net-libs/quiche-0.3.0[${MULTILIB_USEDEP}] )
+ idn? ( net-dns/libidn2:0=[static-libs?,${MULTILIB_USEDEP}] )
+ adns? ( net-dns/c-ares:0=[${MULTILIB_USEDEP}] )
+ kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
+ rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
+ ssh? ( net-libs/libssh2[${MULTILIB_USEDEP}] )
+ sys-libs/zlib[${MULTILIB_USEDEP}]
+ zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )"
+
+# Do we need to enforce the same ssl backend for curl and rtmpdump? Bug #423303
+# rtmp? (
+# media-video/rtmpdump
+# curl_ssl_gnutls? ( media-video/rtmpdump[gnutls] )
+# curl_ssl_openssl? ( media-video/rtmpdump[-gnutls,ssl] )
+# )
+
+DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl
+ virtual/pkgconfig
+ test? (
+ sys-apps/diffutils
+ )
+ verify-sig? ( sec-keys/openpgp-keys-danielstenberg )"
+
+DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
+
+MULTILIB_WRAPPED_HEADERS=(
+ /usr/include/curl/curlbuild.h
+)
+
+MULTILIB_CHOST_TOOLS=(
+ /usr/bin/curl-config
+)
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-7.30.0-prefix.patch
+ "${FILESDIR}"/${PN}-respect-cflags-3.patch
+ "${FILESDIR}"/${P}-proxy-noproxy-tailmatching.patch
+ "${FILESDIR}"/${P}-proxy-noproxy-match-comma.patch
+ "${FILESDIR}"/${P}-noproxy-tailmatch-like-in-7.85.0-and-earlier.patch
+)
+
+src_prepare() {
+ default
+
+ eprefixify curl-config.in
+ eautoreconf
+}
+
+multilib_src_configure() {
+ # We make use of the fact that later flags override earlier ones
+ # So start with all ssl providers off until proven otherwise
+ # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
+ local myconf=()
+
+ myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
+ #myconf+=( --without-default-ssl-backend )
+ if use ssl ; then
+ myconf+=( --without-gnutls --without-mbedtls --without-nss )
+
+ if use gnutls || use curl_ssl_gnutls; then
+ einfo "SSL provided by gnutls"
+ myconf+=( --with-gnutls --with-nettle )
+ fi
+ if use mbedtls || use curl_ssl_mbedtls; then
+ einfo "SSL provided by mbedtls"
+ myconf+=( --with-mbedtls )
+ fi
+ if use nss || use curl_ssl_nss; then
+ einfo "SSL provided by nss"
+ myconf+=( --with-nss --with-nss-deprecated )
+ fi
+ if use openssl || use curl_ssl_openssl; then
+ einfo "SSL provided by openssl"
+ myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
+ fi
+
+ if use curl_ssl_gnutls; then
+ einfo "Default SSL provided by gnutls"
+ myconf+=( --with-default-ssl-backend=gnutls )
+ elif use curl_ssl_mbedtls; then
+ einfo "Default SSL provided by mbedtls"
+ myconf+=( --with-default-ssl-backend=mbedtls )
+ elif use curl_ssl_nss; then
+ einfo "Default SSL provided by nss"
+ myconf+=( --with-default-ssl-backend=nss )
+ elif use curl_ssl_openssl; then
+ einfo "Default SSL provided by openssl"
+ myconf+=( --with-default-ssl-backend=openssl )
+ else
+ eerror "We can't be here because of REQUIRED_USE."
+ fi
+
+ else
+ myconf+=( --without-ssl )
+ einfo "SSL disabled"
+ fi
+
+ # These configuration options are organized alphabetically
+ # within each category. This should make it easier if we
+ # ever decide to make any of them contingent on USE flags:
+ # 1) protocols first. To see them all do
+ # 'grep SUPPORT_PROTOCOLS configure.ac'
+ # 2) --enable/disable options second.
+ # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
+ # 3) --with/without options third.
+ # grep -- --with configure | grep Check | awk '{ print $4 }' | sort
+
+ myconf+=(
+ $(use_enable alt-svc)
+ --enable-crypto-auth
+ --enable-dict
+ --disable-ech
+ --enable-file
+ $(use_enable ftp)
+ $(use_enable gopher)
+ $(use_enable hsts)
+ --enable-http
+ $(use_enable imap)
+ $(use_enable ldap)
+ $(use_enable ldap ldaps)
+ --enable-ntlm
+ --disable-ntlm-wb
+ $(use_enable pop3)
+ --enable-rt
+ --enable-rtsp
+ $(use_enable samba smb)
+ $(use_with ssh libssh2)
+ $(use_enable smtp)
+ $(use_enable telnet)
+ $(use_enable tftp)
+ --enable-tls-srp
+ $(use_enable adns ares)
+ --enable-cookies
+ --enable-dateparse
+ --enable-dnsshuffle
+ --enable-doh
+ --enable-symbol-hiding
+ --enable-http-auth
+ $(use_enable ipv6)
+ --enable-largefile
+ --enable-manual
+ --enable-mime
+ --enable-netrc
+ $(use_enable progress-meter)
+ --enable-proxy
+ --disable-sspi
+ $(use_enable static-libs static)
+ --enable-pthreads
+ --enable-threaded-resolver
+ --disable-versioned-symbols
+ --without-amissl
+ --without-bearssl
+ $(use_with brotli)
+ --without-fish-functions-dir
+ $(use_with http2 nghttp2)
+ --without-hyper
+ $(use_with idn libidn2)
+ $(use_with kerberos gssapi "${EPREFIX}"/usr)
+ --without-libgsasl
+ --without-libpsl
+ --without-msh3
+ $(use_with nghttp3)
+ $(use_with nghttp3 ngtcp2)
+ $(use_with quiche)
+ $(use_with rtmp librtmp)
+ --without-rustls
+ --without-schannel
+ --without-secure-transport
+ $(use_enable websockets)
+ --without-winidn
+ --without-wolfssl
+ --with-zlib
+ $(use_with zstd)
+ )
+
+ ECONF_SOURCE="${S}" econf "${myconf[@]}"
+
+ if ! multilib_is_native_abi; then
+ # avoid building the client
+ sed -i -e '/SUBDIRS/s:src::' Makefile || die
+ sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
+ fi
+
+ # Fix up the pkg-config file to be more robust.
+ # https://github.com/curl/curl/issues/864
+ local priv=() libs=()
+ # We always enable zlib.
+ libs+=( "-lz" )
+ priv+=( "zlib" )
+ if use http2; then
+ libs+=( "-lnghttp2" )
+ priv+=( "libnghttp2" )
+ fi
+ if use quiche; then
+ libs+=( "-lquiche" )
+ priv+=( "quiche" )
+ fi
+ if use nghttp3; then
+ libs+=( "-lnghttp3" "-lngtcp2" )
+ priv+=( "libnghttp3" "-libtcp2" )
+ fi
+ if use ssl && use curl_ssl_openssl; then
+ libs+=( "-lssl" "-lcrypto" )
+ priv+=( "openssl" )
+ fi
+ grep -q Requires.private libcurl.pc && die "need to update ebuild"
+ libs=$(printf '|%s' "${libs[@]}")
+ sed -i -r \
+ -e "/^Libs.private/s:(${libs#|})( |$)::g" \
+ libcurl.pc || die
+ echo "Requires.private: ${priv[*]}" >> libcurl.pc || die
+}
+
+multilib_src_test() {
+ # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
+ # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
+ # -v: verbose
+ # -a: keep going on failure (so we see everything which breaks, not just 1st test)
+ # -k: keep test files after completion
+ # -am: automake style TAP output
+ # -p: print logs if test fails
+ # Note: if needed, we can disable tests. See e.g. Fedora's packaging
+ # or just read https://github.com/curl/curl/tree/master/tests#run.
+ multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p"
+}
+
+multilib_src_install_all() {
+ einstalldocs
+ find "${ED}" -type f -name '*.la' -delete || die
+ rm -rf "${ED}"/etc/ || die
+}
diff --git a/net-misc/curl/files/curl-7.86.0-noproxy-tailmatch-like-in-7.85.0-and-earlier.patch b/net-misc/curl/files/curl-7.86.0-noproxy-tailmatch-like-in-7.85.0-and-earlier.patch
new file mode 100644
index 000000000000..1f04f22f9b1b
--- /dev/null
+++ b/net-misc/curl/files/curl-7.86.0-noproxy-tailmatch-like-in-7.85.0-and-earlier.patch
@@ -0,0 +1,84 @@
+https://github.com/curl/curl/issues/9842
+https://github.com/curl/curl/commit/b1953c1933b369b1217ef0f16053e26da63488c3
+
+From b1953c1933b369b1217ef0f16053e26da63488c3 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Sun, 6 Nov 2022 23:19:51 +0100
+Subject: [PATCH] noproxy: tailmatch like in 7.85.0 and earlier
+
+A regfression in 7.86.0 (via 1e9a538e05c010) made the tailmatch work
+differently than before. This restores the logic to how it used to work:
+
+All names listed in NO_PROXY are tailmatched against the used domain
+name, if the lengths are identical it needs a full match.
+
+Update the docs, update test 1614.
+
+Reported-by: Stuart Henderson
+Fixes #9842
+Closes #9858
+---
+ docs/libcurl/opts/CURLOPT_NOPROXY.3 | 4 ----
+ lib/noproxy.c | 32 +++++++++++++++--------------
+ tests/unit/unit1614.c | 3 ++-
+ 3 files changed, 19 insertions(+), 20 deletions(-)
+
+diff --git a/docs/libcurl/opts/CURLOPT_NOPROXY.3 b/docs/libcurl/opts/CURLOPT_NOPROXY.3
+index 5e4c32130431..dc3cf7c10833 100644
+--- a/docs/libcurl/opts/CURLOPT_NOPROXY.3
++++ b/docs/libcurl/opts/CURLOPT_NOPROXY.3
+@@ -40,10 +40,6 @@ list is matched as either a domain which contains the hostname, or the
+ hostname itself. For example, "ample.com" would match ample.com, ample.com:80,
+ and www.ample.com, but not www.example.com or ample.com.org.
+
+-If the name in the \fInoproxy\fP list has a leading period, it is a domain
+-match against the provided host name. This way ".example.com" will switch off
+-proxy use for both "www.example.com" as well as for "foo.example.com".
+-
+ Setting the \fInoproxy\fP string to "" (an empty string) will explicitly
+ enable the proxy for all host names, even if there is an environment variable
+ set for it.
+diff --git a/lib/noproxy.c b/lib/noproxy.c
+index 2832ae166a5b..fb856e4faa72 100644
+--- a/lib/noproxy.c
++++ b/lib/noproxy.c
+@@ -187,22 +187,24 @@ bool Curl_check_noproxy(const char *name, const char *no_proxy)
+ tokenlen--;
+
+ if(tokenlen && (*token == '.')) {
+- /* A: example.com matches '.example.com'
+- B: www.example.com matches '.example.com'
+- C: nonexample.com DOES NOT match '.example.com'
+- */
+- if((tokenlen - 1) == namelen)
+- /* case A, exact match without leading dot */
+- match = strncasecompare(token + 1, name, namelen);
+- else if(tokenlen < namelen)
+- /* case B, tailmatch with leading dot */
+- match = strncasecompare(token, name + (namelen - tokenlen),
+- tokenlen);
+- /* case C passes through, not a match */
++ /* ignore leading token dot as well */
++ token++;
++ tokenlen--;
+ }
+- else
+- match = (tokenlen == namelen) &&
+- strncasecompare(token, name, namelen);
++ /* A: example.com matches 'example.com'
++ B: www.example.com matches 'example.com'
++ C: nonexample.com DOES NOT match 'example.com'
++ */
++ if(tokenlen == namelen)
++ /* case A, exact match */
++ match = strncasecompare(token, name, namelen);
++ else if(tokenlen < namelen) {
++ /* case B, tailmatch domain */
++ match = (name[namelen - tokenlen - 1] == '.') &&
++ strncasecompare(token, name + (namelen - tokenlen),
++ tokenlen);
++ }
++ /* case C passes through, not a match */
+ break;
+ case TYPE_IPV4:
+ /* FALLTHROUGH */
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/curl/files/, net-misc/curl/
@ 2023-01-13 5:51 Sam James
0 siblings, 0 replies; 18+ messages in thread
From: Sam James @ 2023-01-13 5:51 UTC (permalink / raw
To: gentoo-commits
commit: 2850f811e059bb97e7412d2196b2475fd0b11720
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Jan 13 05:50:53 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Jan 13 05:50:53 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2850f811
net-misc/curl: fix regression causing zabbix build failure
Closes: https://bugs.gentoo.org/890587
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-misc/curl/curl-7.87.0-r2.ebuild | 302 +++++++++++++++++++++
.../files/curl-7.87.0-typecheck-deprecated.patch | 48 ++++
2 files changed, 350 insertions(+)
diff --git a/net-misc/curl/curl-7.87.0-r2.ebuild b/net-misc/curl/curl-7.87.0-r2.ebuild
new file mode 100644
index 000000000000..58cc83256461
--- /dev/null
+++ b/net-misc/curl/curl-7.87.0-r2.ebuild
@@ -0,0 +1,302 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="8"
+
+inherit autotools prefix multilib-minimal verify-sig
+
+DESCRIPTION="A Client that groks URLs"
+HOMEPAGE="https://curl.se/"
+SRC_URI="https://curl.se/download/${P}.tar.xz
+ verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )"
+
+LICENSE="curl"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="+adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap ipv6 kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd"
+IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_rustls"
+IUSE+=" nghttp3 quiche"
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/danielstenberg.asc
+
+# Only one default ssl provider can be enabled
+REQUIRED_USE="
+ ssl? (
+ ^^ (
+ curl_ssl_gnutls
+ curl_ssl_mbedtls
+ curl_ssl_nss
+ curl_ssl_openssl
+ curl_ssl_rustls
+ )
+ )"
+
+# lead to lots of false negatives, bug #285669
+RESTRICT="!test? ( test )"
+
+RDEPEND="ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] )
+ brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
+ ssl? (
+ gnutls? (
+ net-libs/gnutls:=[static-libs?,${MULTILIB_USEDEP}]
+ dev-libs/nettle:=[${MULTILIB_USEDEP}]
+ app-misc/ca-certificates
+ )
+ mbedtls? (
+ net-libs/mbedtls:=[${MULTILIB_USEDEP}]
+ app-misc/ca-certificates
+ )
+ openssl? (
+ dev-libs/openssl:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
+ )
+ nss? (
+ dev-libs/nss:0[${MULTILIB_USEDEP}]
+ dev-libs/nss-pem
+ app-misc/ca-certificates
+ )
+ rustls? (
+ net-libs/rustls-ffi:=[${MULTILIB_USEDEP}]
+ )
+ )
+ http2? ( net-libs/nghttp2:=[${MULTILIB_USEDEP}] )
+ nghttp3? (
+ net-libs/nghttp3[${MULTILIB_USEDEP}]
+ net-libs/ngtcp2[ssl,${MULTILIB_USEDEP}]
+ )
+ quiche? ( >=net-libs/quiche-0.3.0[${MULTILIB_USEDEP}] )
+ idn? ( net-dns/libidn2:=[static-libs?,${MULTILIB_USEDEP}] )
+ adns? ( net-dns/c-ares:=[${MULTILIB_USEDEP}] )
+ kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
+ rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
+ ssh? ( net-libs/libssh2[${MULTILIB_USEDEP}] )
+ sys-libs/zlib[${MULTILIB_USEDEP}]
+ zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )"
+
+# Do we need to enforce the same ssl backend for curl and rtmpdump? Bug #423303
+# rtmp? (
+# media-video/rtmpdump
+# curl_ssl_gnutls? ( media-video/rtmpdump[gnutls] )
+# curl_ssl_openssl? ( media-video/rtmpdump[-gnutls,ssl] )
+# )
+
+DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl
+ virtual/pkgconfig
+ test? (
+ sys-apps/diffutils
+ )
+ verify-sig? ( sec-keys/openpgp-keys-danielstenberg )"
+
+DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
+
+MULTILIB_WRAPPED_HEADERS=(
+ /usr/include/curl/curlbuild.h
+)
+
+MULTILIB_CHOST_TOOLS=(
+ /usr/bin/curl-config
+)
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-7.30.0-prefix.patch
+ "${FILESDIR}"/${PN}-respect-cflags-3.patch
+
+ "${FILESDIR}"/${P}-gnutls-openssl-build.patch
+ "${FILESDIR}"/${P}-typecheck-deprecated.patch
+)
+
+src_prepare() {
+ default
+
+ eprefixify curl-config.in
+ eautoreconf
+}
+
+multilib_src_configure() {
+ # We make use of the fact that later flags override earlier ones
+ # So start with all ssl providers off until proven otherwise
+ # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
+ local myconf=()
+
+ myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
+ #myconf+=( --without-default-ssl-backend )
+ if use ssl ; then
+ myconf+=( --without-gnutls --without-mbedtls --without-nss --without-rustls )
+
+ if use gnutls || use curl_ssl_gnutls; then
+ einfo "SSL provided by gnutls"
+ myconf+=( --with-gnutls )
+ fi
+ if use mbedtls || use curl_ssl_mbedtls; then
+ einfo "SSL provided by mbedtls"
+ myconf+=( --with-mbedtls )
+ fi
+ if use nss || use curl_ssl_nss; then
+ einfo "SSL provided by nss"
+ myconf+=( --with-nss --with-nss-deprecated )
+ fi
+ if use openssl || use curl_ssl_openssl; then
+ einfo "SSL provided by openssl"
+ myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
+ fi
+ if use rustls || use curl_ssl_rustls; then
+ einfo "SSL provided by rustls"
+ myconf+=( --with-rustls )
+ fi
+
+ if use curl_ssl_gnutls; then
+ einfo "Default SSL provided by gnutls"
+ myconf+=( --with-default-ssl-backend=gnutls )
+ elif use curl_ssl_mbedtls; then
+ einfo "Default SSL provided by mbedtls"
+ myconf+=( --with-default-ssl-backend=mbedtls )
+ elif use curl_ssl_nss; then
+ einfo "Default SSL provided by nss"
+ myconf+=( --with-default-ssl-backend=nss )
+ elif use curl_ssl_openssl; then
+ einfo "Default SSL provided by openssl"
+ myconf+=( --with-default-ssl-backend=openssl )
+ elif use curl_ssl_rustls; then
+ einfo "Default SSL provided by rustls"
+ myconf+=( --with-default-ssl-backend=rustls )
+ else
+ eerror "We can't be here because of REQUIRED_USE."
+ fi
+
+ else
+ myconf+=( --without-ssl )
+ einfo "SSL disabled"
+ fi
+
+ # These configuration options are organized alphabetically
+ # within each category. This should make it easier if we
+ # ever decide to make any of them contingent on USE flags:
+ # 1) protocols first. To see them all do
+ # 'grep SUPPORT_PROTOCOLS configure.ac'
+ # 2) --enable/disable options second.
+ # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
+ # 3) --with/without options third.
+ # grep -- --with configure | grep Check | awk '{ print $4 }' | sort
+
+ myconf+=(
+ $(use_enable alt-svc)
+ --enable-crypto-auth
+ --enable-dict
+ --disable-ech
+ --enable-file
+ $(use_enable ftp)
+ $(use_enable gopher)
+ $(use_enable hsts)
+ --enable-http
+ $(use_enable imap)
+ $(use_enable ldap)
+ $(use_enable ldap ldaps)
+ --enable-ntlm
+ --disable-ntlm-wb
+ $(use_enable pop3)
+ --enable-rt
+ --enable-rtsp
+ $(use_enable samba smb)
+ $(use_with ssh libssh2)
+ $(use_enable smtp)
+ $(use_enable telnet)
+ $(use_enable tftp)
+ --enable-tls-srp
+ $(use_enable adns ares)
+ --enable-cookies
+ --enable-dateparse
+ --enable-dnsshuffle
+ --enable-doh
+ --enable-symbol-hiding
+ --enable-http-auth
+ $(use_enable ipv6)
+ --enable-largefile
+ --enable-manual
+ --enable-mime
+ --enable-netrc
+ $(use_enable progress-meter)
+ --enable-proxy
+ --disable-sspi
+ $(use_enable static-libs static)
+ --enable-pthreads
+ --enable-threaded-resolver
+ --disable-versioned-symbols
+ --without-amissl
+ --without-bearssl
+ $(use_with brotli)
+ --without-fish-functions-dir
+ $(use_with http2 nghttp2)
+ --without-hyper
+ $(use_with idn libidn2)
+ $(use_with kerberos gssapi "${EPREFIX}"/usr)
+ --without-libgsasl
+ --without-libpsl
+ --without-msh3
+ $(use_with nghttp3)
+ $(use_with nghttp3 ngtcp2)
+ $(use_with quiche)
+ $(use_with rtmp librtmp)
+ --without-schannel
+ --without-secure-transport
+ $(use_enable websockets)
+ --without-winidn
+ --without-wolfssl
+ --with-zlib
+ $(use_with zstd)
+ )
+
+ ECONF_SOURCE="${S}" econf "${myconf[@]}"
+
+ if ! multilib_is_native_abi; then
+ # avoid building the client
+ sed -i -e '/SUBDIRS/s:src::' Makefile || die
+ sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
+ fi
+
+ # Fix up the pkg-config file to be more robust.
+ # https://github.com/curl/curl/issues/864
+ local priv=() libs=()
+ # We always enable zlib.
+ libs+=( "-lz" )
+ priv+=( "zlib" )
+ if use http2; then
+ libs+=( "-lnghttp2" )
+ priv+=( "libnghttp2" )
+ fi
+ if use quiche; then
+ libs+=( "-lquiche" )
+ priv+=( "quiche" )
+ fi
+ if use nghttp3; then
+ libs+=( "-lnghttp3" "-lngtcp2" )
+ priv+=( "libnghttp3" "libngtcp2" )
+ fi
+ if use ssl && use curl_ssl_openssl; then
+ libs+=( "-lssl" "-lcrypto" )
+ priv+=( "openssl" )
+ fi
+ grep -q Requires.private libcurl.pc && die "need to update ebuild"
+ libs=$(printf '|%s' "${libs[@]}")
+ sed -i -r \
+ -e "/^Libs.private/s:(${libs#|})( |$)::g" \
+ libcurl.pc || die
+ echo "Requires.private: ${priv[*]}" >> libcurl.pc || die
+}
+
+multilib_src_test() {
+ # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
+ # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
+ # -v: verbose
+ # -a: keep going on failure (so we see everything which breaks, not just 1st test)
+ # -k: keep test files after completion
+ # -am: automake style TAP output
+ # -p: print logs if test fails
+ # Note: if needed, we can disable tests. See e.g. Fedora's packaging
+ # or just read https://github.com/curl/curl/tree/master/tests#run.
+ multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p"
+}
+
+multilib_src_install_all() {
+ einstalldocs
+ find "${ED}" -type f -name '*.la' -delete || die
+ rm -rf "${ED}"/etc/ || die
+}
diff --git a/net-misc/curl/files/curl-7.87.0-typecheck-deprecated.patch b/net-misc/curl/files/curl-7.87.0-typecheck-deprecated.patch
new file mode 100644
index 000000000000..dec6d117efa4
--- /dev/null
+++ b/net-misc/curl/files/curl-7.87.0-typecheck-deprecated.patch
@@ -0,0 +1,48 @@
+https://bugs.gentoo.org/890587
+https://github.com/curl/curl/issues/10148
+https://github.com/curl/curl/commit/e2aed004302e51cfa5b6ce8c8ab65ef92aa83196
+
+From e2aed004302e51cfa5b6ce8c8ab65ef92aa83196 Mon Sep 17 00:00:00 2001
+From: Patrick Monnerat <patrick@monnerat.net>
+Date: Fri, 23 Dec 2022 15:35:27 +0100
+Subject: [PATCH] typecheck: accept expressions for option/info parameters
+
+As expressions can have side effects, evaluate only once.
+
+To enable deprecation reporting only once, get rid of the __typeof__
+use to define the local temporary variable and use the target type
+(CURLoption/CURLINFO). This also avoids multiple reports on type
+conflicts (if some) by the curlcheck_* macros.
+
+Note that CURLOPT_* and CURLINFO_* symbols may be deprecated, but not
+their values: a curl_easy_setopt call with an integer constant as option
+will never report a deprecation.
+
+Reported-by: Thomas Klausner
+Fixes #10148
+Closes #10149
+--- a/include/curl/typecheck-gcc.h
++++ b/include/curl/typecheck-gcc.h
+@@ -42,9 +42,8 @@
+ */
+ #define curl_easy_setopt(handle, option, value) \
+ __extension__({ \
+- CURL_IGNORE_DEPRECATION(__typeof__(option) _curl_opt = option;) \
++ CURLoption _curl_opt = (option); \
+ if(__builtin_constant_p(_curl_opt)) { \
+- (void) option; \
+ CURL_IGNORE_DEPRECATION( \
+ if(curlcheck_long_option(_curl_opt)) \
+ if(!curlcheck_long(value)) \
+@@ -120,9 +119,8 @@
+ /* wraps curl_easy_getinfo() with typechecking */
+ #define curl_easy_getinfo(handle, info, arg) \
+ __extension__({ \
+- CURL_IGNORE_DEPRECATION(__typeof__(info) _curl_info = info;) \
++ CURLINFO _curl_info = (info); \
+ if(__builtin_constant_p(_curl_info)) { \
+- (void) info; \
+ CURL_IGNORE_DEPRECATION( \
+ if(curlcheck_string_info(_curl_info)) \
+ if(!curlcheck_arr((arg), char *)) \
+
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/curl/files/, net-misc/curl/
@ 2023-02-16 5:08 Sam James
0 siblings, 0 replies; 18+ messages in thread
From: Sam James @ 2023-02-16 5:08 UTC (permalink / raw
To: gentoo-commits
commit: 1c6ec8d4579f9fbb2b3fbfb93de2abb7893cb42f
Author: Matt Jolly <Matt.Jolly <AT> footclan <DOT> ninja>
AuthorDate: Thu Feb 9 23:37:40 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Feb 16 05:08:27 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1c6ec8d4
net-misc/curl: add 7.88.0
drop ipv6 and quiche USE
Using quiche requires building cURL with the same SSL flavour
as the quiche library (i.e. BoringSSL). This is currently
unsupported on Gentoo.
Drop `ipv6` USE; it doesn't require additional deps and `--ipv4`
can be used at runtime to force connectivity in dual-stack configurations.
Closes: https://bugs.gentoo.org/881711
Closes: https://bugs.gentoo.org/792234
Closes: https://bugs.gentoo.org/847451
Closes: https://bugs.gentoo.org/867985
Closes: https://bugs.gentoo.org/835851
Signed-off-by: Matt Jolly <Matt.Jolly <AT> footclan.ninja>
Closes: https://github.com/gentoo/gentoo/pull/29511
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-misc/curl/Manifest | 2 +
net-misc/curl/curl-7.88.0.ebuild | 298 +++++++++++++++++++++
.../files/curl-7.88.0-test-gnuserv-tls-srp.patch | 39 +++
.../curl-7.88.0-test-uninitialised-value.patch | 30 +++
4 files changed, 369 insertions(+)
diff --git a/net-misc/curl/Manifest b/net-misc/curl/Manifest
index 51a46b81b61b..631ec92aa40b 100644
--- a/net-misc/curl/Manifest
+++ b/net-misc/curl/Manifest
@@ -1,2 +1,4 @@
DIST curl-7.87.0.tar.xz 2547932 BLAKE2B b272ec928c5ef1728434630d8910f58834327a30570913df9d47921a2810d002bd88b81371005197db857d3a53386420c1e28b1e463e6241d46c1e50fbce0c13 SHA512 aa125991592667280dce3788aabe81487cf8c55b0afc59d675cc30b76055bb7114f5380b4a0e3b6461a8f81bf9812fa26d493a85f7e01d84263d484a0d699ee7
DIST curl-7.87.0.tar.xz.asc 488 BLAKE2B 031d8236b357bd3c519548b181254dc0aea1efc1375738bce04f4f331d35bafe99d1ca394ecf5943ede7cae040854b6d2b478fd305147eb7330f8d50e5d95c96 SHA512 0bcc12bafc4ae50d80128af2cf4bf1a1ec6018ebb8d5b9c49f52b51c0c25acc77e820858965656549ef43c1f923f4e5fe75b0a3523623154b4cfb9dc8a1d76e4
+DIST curl-7.88.0.tar.xz 2571564 BLAKE2B 8fae8136a8a52c58b2860b6c3b342d59bb0c9a743f94c3ea3620cbb180f1ebd1310ace17e23d9c4bd2ec4b1dd72777779b2e1fbe66bb47b54a60b02247e3a07d SHA512 2008cbc67694f746b7449f087a19b2a9a4950333d6bac1cdc7d80351aa38d8d9b442087dedbc7b0909a419d3b10f510521c942aac012d04a53c32bdb15dce5f0
+DIST curl-7.88.0.tar.xz.asc 488 BLAKE2B 9714e26c1308b036f7b19c909447e20d0c3611b0995845a8fb1a356d74e68027399acaafb69244411787cf2abbcbca446f237ce1277228c33caf0adc97364dbf SHA512 6f3d9a5f8fcec64652f872adf994ff3d0162fba1b483a0e359522173bf29ef3d26eeda7c328207fa1fa974a45e62674a3a8ebec21830ab3981b56851d5804ade
diff --git a/net-misc/curl/curl-7.88.0.ebuild b/net-misc/curl/curl-7.88.0.ebuild
new file mode 100644
index 000000000000..b36a1acba8ac
--- /dev/null
+++ b/net-misc/curl/curl-7.88.0.ebuild
@@ -0,0 +1,298 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="8"
+
+inherit autotools prefix multilib-minimal verify-sig
+
+DESCRIPTION="A Client that groks URLs"
+HOMEPAGE="https://curl.se/"
+SRC_URI="https://curl.se/download/${P}.tar.xz
+ verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )"
+
+LICENSE="curl"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="+adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd"
+IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_rustls"
+IUSE+=" nghttp3"
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/danielstenberg.asc
+
+#Only one default ssl provider can be enabled
+REQUIRED_USE="
+ ssl? (
+ ^^ (
+ curl_ssl_gnutls
+ curl_ssl_mbedtls
+ curl_ssl_nss
+ curl_ssl_openssl
+ curl_ssl_rustls
+ )
+ )"
+
+# lead to lots of false negatives, bug #285669
+RESTRICT="!test? ( test )"
+
+RDEPEND="ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] )
+ brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
+ ssl? (
+ gnutls? (
+ net-libs/gnutls:=[static-libs?,${MULTILIB_USEDEP}]
+ dev-libs/nettle:=[${MULTILIB_USEDEP}]
+ app-misc/ca-certificates
+ )
+ mbedtls? (
+ net-libs/mbedtls:=[${MULTILIB_USEDEP}]
+ app-misc/ca-certificates
+ )
+ openssl? (
+ dev-libs/openssl:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
+ )
+ nss? (
+ dev-libs/nss:0[${MULTILIB_USEDEP}]
+ dev-libs/nss-pem
+ app-misc/ca-certificates
+ )
+ rustls? (
+ net-libs/rustls-ffi:=[${MULTILIB_USEDEP}]
+ )
+ )
+ http2? ( net-libs/nghttp2:=[${MULTILIB_USEDEP}] )
+ nghttp3? (
+ net-libs/nghttp3[${MULTILIB_USEDEP}]
+ net-libs/ngtcp2[ssl,${MULTILIB_USEDEP}]
+ )
+ idn? ( net-dns/libidn2:=[static-libs?,${MULTILIB_USEDEP}] )
+ adns? ( net-dns/c-ares:=[${MULTILIB_USEDEP}] )
+ kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
+ rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
+ ssh? ( net-libs/libssh2[${MULTILIB_USEDEP}] )
+ sys-libs/zlib[${MULTILIB_USEDEP}]
+ zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )"
+
+DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl
+ virtual/pkgconfig
+ test? (
+ sys-apps/diffutils
+ )
+ verify-sig? ( sec-keys/openpgp-keys-danielstenberg )"
+
+DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
+
+MULTILIB_WRAPPED_HEADERS=(
+ /usr/include/curl/curlbuild.h
+)
+
+MULTILIB_CHOST_TOOLS=(
+ /usr/bin/curl-config
+)
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-7.30.0-prefix.patch
+ "${FILESDIR}"/${PN}-respect-cflags-3.patch
+
+ "${FILESDIR}"/${P}-test-gnuserv-tls-srp.patch
+ "${FILESDIR}"/${P}-test-uninitialised-value.patch
+)
+
+src_prepare() {
+ default
+
+ eprefixify curl-config.in
+ eautoreconf
+}
+
+multilib_src_configure() {
+ # We make use of the fact that later flags override earlier ones
+ # So start with all ssl providers off until proven otherwise
+ # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
+ local myconf=()
+
+ myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
+ #myconf+=( --without-default-ssl-backend )
+ if use ssl ; then
+ myconf+=( --without-gnutls --without-mbedtls --without-nss --without-rustls )
+
+ if use gnutls || use curl_ssl_gnutls; then
+ einfo "SSL provided by gnutls"
+ myconf+=( --with-gnutls )
+ fi
+ if use mbedtls || use curl_ssl_mbedtls; then
+ einfo "SSL provided by mbedtls"
+ myconf+=( --with-mbedtls )
+ fi
+ if use nss || use curl_ssl_nss; then
+ einfo "SSL provided by nss"
+ myconf+=( --with-nss --with-nss-deprecated )
+ fi
+ if use openssl || use curl_ssl_openssl; then
+ einfo "SSL provided by openssl"
+ myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
+ fi
+ if use rustls || use curl_ssl_rustls; then
+ einfo "SSL provided by rustls"
+ myconf+=( --with-rustls )
+ fi
+ if use curl_ssl_gnutls; then
+ einfo "Default SSL provided by gnutls"
+ myconf+=( --with-default-ssl-backend=gnutls )
+ elif use curl_ssl_mbedtls; then
+ einfo "Default SSL provided by mbedtls"
+ myconf+=( --with-default-ssl-backend=mbedtls )
+ elif use curl_ssl_nss; then
+ einfo "Default SSL provided by nss"
+ myconf+=( --with-default-ssl-backend=nss )
+ elif use curl_ssl_openssl; then
+ einfo "Default SSL provided by openssl"
+ myconf+=( --with-default-ssl-backend=openssl )
+ elif use curl_ssl_rustls; then
+ einfo "Default SSL provided by rustls"
+ myconf+=( --with-default-ssl-backend=rustls )
+ else
+ eerror "We can't be here because of REQUIRED_USE."
+ fi
+
+ else
+ myconf+=( --without-ssl )
+ einfo "SSL disabled"
+ fi
+
+ # These configuration options are organized alphabetically
+ # within each category. This should make it easier if we
+ # ever decide to make any of them contingent on USE flags:
+ # 1) protocols first. To see them all do
+ # 'grep SUPPORT_PROTOCOLS configure.ac'
+ # 2) --enable/disable options second.
+ # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
+ # 3) --with/without options third.
+ # grep -- --with configure | grep Check | awk '{ print $4 }' | sort
+
+ myconf+=(
+ $(use_enable alt-svc)
+ --enable-crypto-auth
+ --enable-dict
+ --disable-ech
+ --enable-file
+ $(use_enable ftp)
+ $(use_enable gopher)
+ $(use_enable hsts)
+ --enable-http
+ $(use_enable imap)
+ $(use_enable ldap)
+ $(use_enable ldap ldaps)
+ --enable-ntlm
+ --disable-ntlm-wb
+ $(use_enable pop3)
+ --enable-rt
+ --enable-rtsp
+ $(use_enable samba smb)
+ $(use_with ssh libssh2)
+ $(use_enable smtp)
+ $(use_enable telnet)
+ $(use_enable tftp)
+ --enable-tls-srp
+ $(use_enable adns ares)
+ --enable-cookies
+ --enable-dateparse
+ --enable-dnsshuffle
+ --enable-doh
+ --enable-symbol-hiding
+ --enable-http-auth
+ --enable-ipv6
+ --enable-largefile
+ --enable-manual
+ --enable-mime
+ --enable-netrc
+ $(use_enable progress-meter)
+ --enable-proxy
+ --disable-sspi
+ $(use_enable static-libs static)
+ --enable-pthreads
+ --enable-threaded-resolver
+ --disable-versioned-symbols
+ --without-amissl
+ --without-bearssl
+ $(use_with brotli)
+ --without-fish-functions-dir
+ $(use_with http2 nghttp2)
+ --without-hyper
+ $(use_with idn libidn2)
+ $(use_with kerberos gssapi "${EPREFIX}"/usr)
+ --without-libgsasl
+ --without-libpsl
+ --without-msh3
+ $(use_with nghttp3)
+ $(use_with nghttp3 ngtcp2)
+ --without-quiche
+ $(use_with rtmp librtmp)
+ --without-schannel
+ --without-secure-transport
+ $(use_enable websockets)
+ --without-winidn
+ --without-wolfssl
+ --with-zlib
+ $(use_with zstd)
+ )
+
+ # Do not supply a test httpd/caddy/etc
+ if use test; then
+ myconf+=(
+ --without-test-caddy
+ --without-test-httpd
+ --without-test-nghttpx
+ )
+ fi
+
+ ECONF_SOURCE="${S}" econf "${myconf[@]}"
+
+ if ! multilib_is_native_abi; then
+ # avoid building the client
+ sed -i -e '/SUBDIRS/s:src::' Makefile || die
+ sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
+ fi
+
+ # Fix up the pkg-config file to be more robust.
+ # https://github.com/curl/curl/issues/864
+ local priv=() libs=()
+ # We always enable zlib.
+ libs+=( "-lz" )
+ priv+=( "zlib" )
+ if use http2; then
+ libs+=( "-lnghttp2" )
+ priv+=( "libnghttp2" )
+ fi
+ if use nghttp3; then
+ libs+=( "-lnghttp3" "-lngtcp2" )
+ priv+=( "libnghttp3" "libngtcp2" )
+ fi
+ if use ssl && use curl_ssl_openssl; then
+ libs+=( "-lssl" "-lcrypto" )
+ priv+=( "openssl" )
+ fi
+ grep -q Requires.private libcurl.pc && die "need to update ebuild"
+ libs=$(printf '|%s' "${libs[@]}")
+ sed -i -r \
+ -e "/^Libs.private/s:(${libs#|})( |$)::g" \
+ libcurl.pc || die
+ echo "Requires.private: ${priv[*]}" >> libcurl.pc || die
+}
+
+multilib_src_test() {
+ # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
+ # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
+ # -v: verbose
+ # -a: keep going on failure (so we see everything which breaks, not just 1st test)
+ # -k: keep test files after completion
+ # -am: automake style TAP output
+ # -p: print logs if test fails
+ # Note: if needed, we can disable tests. See e.g. Fedora's packaging
+ # or just read https://github.com/curl/curl/tree/master/tests#run.
+ multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p"
+}
+
+multilib_src_install_all() {
+ einstalldocs
+ find "${ED}" -type f -name '*.la' -delete || die
+ rm -rf "${ED}"/etc/ || die
+}
diff --git a/net-misc/curl/files/curl-7.88.0-test-gnuserv-tls-srp.patch b/net-misc/curl/files/curl-7.88.0-test-gnuserv-tls-srp.patch
new file mode 100644
index 000000000000..fb9e89fd48cb
--- /dev/null
+++ b/net-misc/curl/files/curl-7.88.0-test-gnuserv-tls-srp.patch
@@ -0,0 +1,39 @@
+https://github.com/curl/curl/commit/2fdc1d816ebf3c77f43068103bec1b3a3767881a.patch
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Wed, 15 Feb 2023 15:04:07 +0100
+Subject: [PATCH] tests: make sure gnuserv-tls has SRP support before using it
+
+Reported-by: fundawang on github
+Fixes #10522
+Closes #10524
+--- a/tests/runtests.pl
++++ b/tests/runtests.pl
+@@ -5382,7 +5382,7 @@ sub startservers {
+ elsif($what eq "httptls") {
+ if(!$httptlssrv) {
+ # for now, we can't run http TLS-EXT tests without gnutls-serv
+- return "no gnutls-serv";
++ return "no gnutls-serv (with SRP support)";
+ }
+ if($torture && $run{'httptls'} &&
+ !responsive_httptls_server($verbose, "IPv4")) {
+--- a/tests/sshhelp.pm
++++ b/tests/sshhelp.pm
+@@ -408,7 +408,16 @@ sub find_sshkeygen {
+ # Find httptlssrv (gnutls-serv) and return canonical filename
+ #
+ sub find_httptlssrv {
+- return find_exe_file_hpath($httptlssrvexe);
++ my $p = find_exe_file_hpath($httptlssrvexe);
++ my @o = `$p -l`;
++ my $found;
++ for(@o) {
++ if(/Key exchange: SRP/) {
++ $found = 1;
++ last;
++ }
++ }
++ return $p if($found);
+ }
+
+
diff --git a/net-misc/curl/files/curl-7.88.0-test-uninitialised-value.patch b/net-misc/curl/files/curl-7.88.0-test-uninitialised-value.patch
new file mode 100644
index 000000000000..c5ce31d4e427
--- /dev/null
+++ b/net-misc/curl/files/curl-7.88.0-test-uninitialised-value.patch
@@ -0,0 +1,30 @@
+https://github.com/curl/curl/commit/f1d09231adfc695d15995b9ef2c8c6e568c28091
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Wed, 15 Feb 2023 13:03:21 +0100
+Subject: [PATCH] runtests: fix "uninitialized value $port"
+
+by using a more appropriate variable
+
+Reported-by: fundawang on github
+Fixes #10518
+Closes #10520
+--- a/tests/runtests.pl
++++ b/tests/runtests.pl
+@@ -1740,7 +1740,7 @@ sub runhttpserver {
+ }
+
+ # where is it?
+- my $port;
++ my $port = 0;
+ if(!$port_or_path) {
+ $port = $port_or_path = pidfromfile($portfile);
+ }
+@@ -1758,7 +1758,7 @@ sub runhttpserver {
+ $pid2 = $pid3;
+
+ if($verbose) {
+- logmsg "RUN: $srvrname server is on PID $httppid port $port\n";
++ logmsg "RUN: $srvrname server is on PID $httppid port $port_or_path\n";
+ }
+
+ return ($httppid, $pid2, $port);
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/curl/files/, net-misc/curl/
@ 2023-02-17 5:14 Sam James
0 siblings, 0 replies; 18+ messages in thread
From: Sam James @ 2023-02-17 5:14 UTC (permalink / raw
To: gentoo-commits
commit: 1e51a6dbd59457ce01d377be7b04954a18a7509d
Author: Matt Jolly <Matt.Jolly <AT> footclan <DOT> ninja>
AuthorDate: Thu Feb 16 10:34:42 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Feb 17 05:09:14 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1e51a6db
net-misc/curl: drop 7.88.0
Signed-off-by: Matt Jolly <Matt.Jolly <AT> footclan.ninja>
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-misc/curl/curl-7.88.0.ebuild | 298 ---------------------
.../files/curl-7.88.0-test-gnuserv-tls-srp.patch | 39 ---
.../curl-7.88.0-test-uninitialised-value.patch | 30 ---
3 files changed, 367 deletions(-)
diff --git a/net-misc/curl/curl-7.88.0.ebuild b/net-misc/curl/curl-7.88.0.ebuild
deleted file mode 100644
index b36a1acba8ac..000000000000
--- a/net-misc/curl/curl-7.88.0.ebuild
+++ /dev/null
@@ -1,298 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="8"
-
-inherit autotools prefix multilib-minimal verify-sig
-
-DESCRIPTION="A Client that groks URLs"
-HOMEPAGE="https://curl.se/"
-SRC_URI="https://curl.se/download/${P}.tar.xz
- verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )"
-
-LICENSE="curl"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="+adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd"
-IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_rustls"
-IUSE+=" nghttp3"
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/danielstenberg.asc
-
-#Only one default ssl provider can be enabled
-REQUIRED_USE="
- ssl? (
- ^^ (
- curl_ssl_gnutls
- curl_ssl_mbedtls
- curl_ssl_nss
- curl_ssl_openssl
- curl_ssl_rustls
- )
- )"
-
-# lead to lots of false negatives, bug #285669
-RESTRICT="!test? ( test )"
-
-RDEPEND="ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] )
- brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
- ssl? (
- gnutls? (
- net-libs/gnutls:=[static-libs?,${MULTILIB_USEDEP}]
- dev-libs/nettle:=[${MULTILIB_USEDEP}]
- app-misc/ca-certificates
- )
- mbedtls? (
- net-libs/mbedtls:=[${MULTILIB_USEDEP}]
- app-misc/ca-certificates
- )
- openssl? (
- dev-libs/openssl:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
- )
- nss? (
- dev-libs/nss:0[${MULTILIB_USEDEP}]
- dev-libs/nss-pem
- app-misc/ca-certificates
- )
- rustls? (
- net-libs/rustls-ffi:=[${MULTILIB_USEDEP}]
- )
- )
- http2? ( net-libs/nghttp2:=[${MULTILIB_USEDEP}] )
- nghttp3? (
- net-libs/nghttp3[${MULTILIB_USEDEP}]
- net-libs/ngtcp2[ssl,${MULTILIB_USEDEP}]
- )
- idn? ( net-dns/libidn2:=[static-libs?,${MULTILIB_USEDEP}] )
- adns? ( net-dns/c-ares:=[${MULTILIB_USEDEP}] )
- kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
- rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
- ssh? ( net-libs/libssh2[${MULTILIB_USEDEP}] )
- sys-libs/zlib[${MULTILIB_USEDEP}]
- zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )"
-
-DEPEND="${RDEPEND}"
-BDEPEND="dev-lang/perl
- virtual/pkgconfig
- test? (
- sys-apps/diffutils
- )
- verify-sig? ( sec-keys/openpgp-keys-danielstenberg )"
-
-DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
-
-MULTILIB_WRAPPED_HEADERS=(
- /usr/include/curl/curlbuild.h
-)
-
-MULTILIB_CHOST_TOOLS=(
- /usr/bin/curl-config
-)
-
-PATCHES=(
- "${FILESDIR}"/${PN}-7.30.0-prefix.patch
- "${FILESDIR}"/${PN}-respect-cflags-3.patch
-
- "${FILESDIR}"/${P}-test-gnuserv-tls-srp.patch
- "${FILESDIR}"/${P}-test-uninitialised-value.patch
-)
-
-src_prepare() {
- default
-
- eprefixify curl-config.in
- eautoreconf
-}
-
-multilib_src_configure() {
- # We make use of the fact that later flags override earlier ones
- # So start with all ssl providers off until proven otherwise
- # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
- local myconf=()
-
- myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
- #myconf+=( --without-default-ssl-backend )
- if use ssl ; then
- myconf+=( --without-gnutls --without-mbedtls --without-nss --without-rustls )
-
- if use gnutls || use curl_ssl_gnutls; then
- einfo "SSL provided by gnutls"
- myconf+=( --with-gnutls )
- fi
- if use mbedtls || use curl_ssl_mbedtls; then
- einfo "SSL provided by mbedtls"
- myconf+=( --with-mbedtls )
- fi
- if use nss || use curl_ssl_nss; then
- einfo "SSL provided by nss"
- myconf+=( --with-nss --with-nss-deprecated )
- fi
- if use openssl || use curl_ssl_openssl; then
- einfo "SSL provided by openssl"
- myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
- fi
- if use rustls || use curl_ssl_rustls; then
- einfo "SSL provided by rustls"
- myconf+=( --with-rustls )
- fi
- if use curl_ssl_gnutls; then
- einfo "Default SSL provided by gnutls"
- myconf+=( --with-default-ssl-backend=gnutls )
- elif use curl_ssl_mbedtls; then
- einfo "Default SSL provided by mbedtls"
- myconf+=( --with-default-ssl-backend=mbedtls )
- elif use curl_ssl_nss; then
- einfo "Default SSL provided by nss"
- myconf+=( --with-default-ssl-backend=nss )
- elif use curl_ssl_openssl; then
- einfo "Default SSL provided by openssl"
- myconf+=( --with-default-ssl-backend=openssl )
- elif use curl_ssl_rustls; then
- einfo "Default SSL provided by rustls"
- myconf+=( --with-default-ssl-backend=rustls )
- else
- eerror "We can't be here because of REQUIRED_USE."
- fi
-
- else
- myconf+=( --without-ssl )
- einfo "SSL disabled"
- fi
-
- # These configuration options are organized alphabetically
- # within each category. This should make it easier if we
- # ever decide to make any of them contingent on USE flags:
- # 1) protocols first. To see them all do
- # 'grep SUPPORT_PROTOCOLS configure.ac'
- # 2) --enable/disable options second.
- # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
- # 3) --with/without options third.
- # grep -- --with configure | grep Check | awk '{ print $4 }' | sort
-
- myconf+=(
- $(use_enable alt-svc)
- --enable-crypto-auth
- --enable-dict
- --disable-ech
- --enable-file
- $(use_enable ftp)
- $(use_enable gopher)
- $(use_enable hsts)
- --enable-http
- $(use_enable imap)
- $(use_enable ldap)
- $(use_enable ldap ldaps)
- --enable-ntlm
- --disable-ntlm-wb
- $(use_enable pop3)
- --enable-rt
- --enable-rtsp
- $(use_enable samba smb)
- $(use_with ssh libssh2)
- $(use_enable smtp)
- $(use_enable telnet)
- $(use_enable tftp)
- --enable-tls-srp
- $(use_enable adns ares)
- --enable-cookies
- --enable-dateparse
- --enable-dnsshuffle
- --enable-doh
- --enable-symbol-hiding
- --enable-http-auth
- --enable-ipv6
- --enable-largefile
- --enable-manual
- --enable-mime
- --enable-netrc
- $(use_enable progress-meter)
- --enable-proxy
- --disable-sspi
- $(use_enable static-libs static)
- --enable-pthreads
- --enable-threaded-resolver
- --disable-versioned-symbols
- --without-amissl
- --without-bearssl
- $(use_with brotli)
- --without-fish-functions-dir
- $(use_with http2 nghttp2)
- --without-hyper
- $(use_with idn libidn2)
- $(use_with kerberos gssapi "${EPREFIX}"/usr)
- --without-libgsasl
- --without-libpsl
- --without-msh3
- $(use_with nghttp3)
- $(use_with nghttp3 ngtcp2)
- --without-quiche
- $(use_with rtmp librtmp)
- --without-schannel
- --without-secure-transport
- $(use_enable websockets)
- --without-winidn
- --without-wolfssl
- --with-zlib
- $(use_with zstd)
- )
-
- # Do not supply a test httpd/caddy/etc
- if use test; then
- myconf+=(
- --without-test-caddy
- --without-test-httpd
- --without-test-nghttpx
- )
- fi
-
- ECONF_SOURCE="${S}" econf "${myconf[@]}"
-
- if ! multilib_is_native_abi; then
- # avoid building the client
- sed -i -e '/SUBDIRS/s:src::' Makefile || die
- sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
- fi
-
- # Fix up the pkg-config file to be more robust.
- # https://github.com/curl/curl/issues/864
- local priv=() libs=()
- # We always enable zlib.
- libs+=( "-lz" )
- priv+=( "zlib" )
- if use http2; then
- libs+=( "-lnghttp2" )
- priv+=( "libnghttp2" )
- fi
- if use nghttp3; then
- libs+=( "-lnghttp3" "-lngtcp2" )
- priv+=( "libnghttp3" "libngtcp2" )
- fi
- if use ssl && use curl_ssl_openssl; then
- libs+=( "-lssl" "-lcrypto" )
- priv+=( "openssl" )
- fi
- grep -q Requires.private libcurl.pc && die "need to update ebuild"
- libs=$(printf '|%s' "${libs[@]}")
- sed -i -r \
- -e "/^Libs.private/s:(${libs#|})( |$)::g" \
- libcurl.pc || die
- echo "Requires.private: ${priv[*]}" >> libcurl.pc || die
-}
-
-multilib_src_test() {
- # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
- # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
- # -v: verbose
- # -a: keep going on failure (so we see everything which breaks, not just 1st test)
- # -k: keep test files after completion
- # -am: automake style TAP output
- # -p: print logs if test fails
- # Note: if needed, we can disable tests. See e.g. Fedora's packaging
- # or just read https://github.com/curl/curl/tree/master/tests#run.
- multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p"
-}
-
-multilib_src_install_all() {
- einstalldocs
- find "${ED}" -type f -name '*.la' -delete || die
- rm -rf "${ED}"/etc/ || die
-}
diff --git a/net-misc/curl/files/curl-7.88.0-test-gnuserv-tls-srp.patch b/net-misc/curl/files/curl-7.88.0-test-gnuserv-tls-srp.patch
deleted file mode 100644
index fb9e89fd48cb..000000000000
--- a/net-misc/curl/files/curl-7.88.0-test-gnuserv-tls-srp.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-https://github.com/curl/curl/commit/2fdc1d816ebf3c77f43068103bec1b3a3767881a.patch
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Wed, 15 Feb 2023 15:04:07 +0100
-Subject: [PATCH] tests: make sure gnuserv-tls has SRP support before using it
-
-Reported-by: fundawang on github
-Fixes #10522
-Closes #10524
---- a/tests/runtests.pl
-+++ b/tests/runtests.pl
-@@ -5382,7 +5382,7 @@ sub startservers {
- elsif($what eq "httptls") {
- if(!$httptlssrv) {
- # for now, we can't run http TLS-EXT tests without gnutls-serv
-- return "no gnutls-serv";
-+ return "no gnutls-serv (with SRP support)";
- }
- if($torture && $run{'httptls'} &&
- !responsive_httptls_server($verbose, "IPv4")) {
---- a/tests/sshhelp.pm
-+++ b/tests/sshhelp.pm
-@@ -408,7 +408,16 @@ sub find_sshkeygen {
- # Find httptlssrv (gnutls-serv) and return canonical filename
- #
- sub find_httptlssrv {
-- return find_exe_file_hpath($httptlssrvexe);
-+ my $p = find_exe_file_hpath($httptlssrvexe);
-+ my @o = `$p -l`;
-+ my $found;
-+ for(@o) {
-+ if(/Key exchange: SRP/) {
-+ $found = 1;
-+ last;
-+ }
-+ }
-+ return $p if($found);
- }
-
-
diff --git a/net-misc/curl/files/curl-7.88.0-test-uninitialised-value.patch b/net-misc/curl/files/curl-7.88.0-test-uninitialised-value.patch
deleted file mode 100644
index c5ce31d4e427..000000000000
--- a/net-misc/curl/files/curl-7.88.0-test-uninitialised-value.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-https://github.com/curl/curl/commit/f1d09231adfc695d15995b9ef2c8c6e568c28091
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Wed, 15 Feb 2023 13:03:21 +0100
-Subject: [PATCH] runtests: fix "uninitialized value $port"
-
-by using a more appropriate variable
-
-Reported-by: fundawang on github
-Fixes #10518
-Closes #10520
---- a/tests/runtests.pl
-+++ b/tests/runtests.pl
-@@ -1740,7 +1740,7 @@ sub runhttpserver {
- }
-
- # where is it?
-- my $port;
-+ my $port = 0;
- if(!$port_or_path) {
- $port = $port_or_path = pidfromfile($portfile);
- }
-@@ -1758,7 +1758,7 @@ sub runhttpserver {
- $pid2 = $pid3;
-
- if($verbose) {
-- logmsg "RUN: $srvrname server is on PID $httppid port $port\n";
-+ logmsg "RUN: $srvrname server is on PID $httppid port $port_or_path\n";
- }
-
- return ($httppid, $pid2, $port);
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/curl/files/, net-misc/curl/
@ 2023-03-15 5:05 Sam James
0 siblings, 0 replies; 18+ messages in thread
From: Sam James @ 2023-03-15 5:05 UTC (permalink / raw
To: gentoo-commits
commit: f7a9dcc44364ee6ae07f6bfa4c48661736d3d05f
Author: Matt Jolly <Matt.Jolly <AT> footclan <DOT> ninja>
AuthorDate: Thu Mar 9 13:19:13 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Mar 15 05:04:42 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f7a9dcc4
net-misc/curl: add 7.88.1-r2
cURL attempts to resolve .onion tlds and depending on USE flags
may leak that you're using Tor.
This commit adds the upstream patch for RFC7686 compliance a
little early as it may not make the next cURL release.
Closes: https://bugs.gentoo.org/887287
Signed-off-by: Matt Jolly <Matt.Jolly <AT> footclan.ninja>
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-misc/curl/curl-7.88.1-r2.ebuild | 307 +++++++++++++++++++++
.../curl/files/curl-7.88.1-onion-resolution.patch | 132 +++++++++
2 files changed, 439 insertions(+)
diff --git a/net-misc/curl/curl-7.88.1-r2.ebuild b/net-misc/curl/curl-7.88.1-r2.ebuild
new file mode 100644
index 000000000000..d1a2c5b2213a
--- /dev/null
+++ b/net-misc/curl/curl-7.88.1-r2.ebuild
@@ -0,0 +1,307 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="8"
+
+inherit autotools multilib-minimal prefix verify-sig
+
+DESCRIPTION="A Client that groks URLs"
+HOMEPAGE="https://curl.se/"
+SRC_URI="https://curl.se/download/${P}.tar.xz
+ verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )"
+
+LICENSE="curl"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="+adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd"
+IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_rustls"
+IUSE+=" nghttp3"
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/danielstenberg.asc
+
+#Only one default ssl provider can be enabled
+REQUIRED_USE="
+ ssl? (
+ ^^ (
+ curl_ssl_gnutls
+ curl_ssl_mbedtls
+ curl_ssl_nss
+ curl_ssl_openssl
+ curl_ssl_rustls
+ )
+ )"
+
+# lead to lots of false negatives, bug #285669
+RESTRICT="!test? ( test )"
+
+RDEPEND="ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] )
+ brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
+ ssl? (
+ gnutls? (
+ net-libs/gnutls:=[static-libs?,${MULTILIB_USEDEP}]
+ dev-libs/nettle:=[${MULTILIB_USEDEP}]
+ app-misc/ca-certificates
+ )
+ mbedtls? (
+ net-libs/mbedtls:=[${MULTILIB_USEDEP}]
+ app-misc/ca-certificates
+ )
+ openssl? (
+ dev-libs/openssl:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
+ )
+ nss? (
+ dev-libs/nss:0[${MULTILIB_USEDEP}]
+ dev-libs/nss-pem
+ app-misc/ca-certificates
+ )
+ rustls? (
+ net-libs/rustls-ffi:=[${MULTILIB_USEDEP}]
+ )
+ )
+ http2? ( net-libs/nghttp2:=[${MULTILIB_USEDEP}] )
+ nghttp3? (
+ net-libs/nghttp3[${MULTILIB_USEDEP}]
+ net-libs/ngtcp2[ssl,${MULTILIB_USEDEP}]
+ )
+ idn? ( net-dns/libidn2:=[static-libs?,${MULTILIB_USEDEP}] )
+ adns? ( net-dns/c-ares:=[${MULTILIB_USEDEP}] )
+ kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
+ rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
+ ssh? ( net-libs/libssh2[${MULTILIB_USEDEP}] )
+ sys-libs/zlib[${MULTILIB_USEDEP}]
+ zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )"
+
+DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl
+ virtual/pkgconfig
+ test? (
+ sys-apps/diffutils
+ http2? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] )
+ nghttp3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] )
+ )
+ verify-sig? ( sec-keys/openpgp-keys-danielstenberg )"
+
+DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
+
+MULTILIB_WRAPPED_HEADERS=(
+ /usr/include/curl/curlbuild.h
+)
+
+MULTILIB_CHOST_TOOLS=(
+ /usr/bin/curl-config
+)
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-7.30.0-prefix.patch
+ "${FILESDIR}"/${PN}-respect-cflags-3.patch
+
+ "${FILESDIR}"/${P}-header-dump-segfault.patch
+ "${FILESDIR}"/${P}-onion-resolution.patch
+ "${FILESDIR}"/${P}-pipewait.patch
+ "${FILESDIR}"/${P}-silent-parallel.patch
+)
+
+src_prepare() {
+ default
+
+ # Some tests (HTTP/#) rely on ssl certificates that are stored VCS which breaks
+ # with out-of-tree builds.
+ sed -i "s:my \$path = getcwd():my \$path = \"${S}/tests\":" tests/http*-server.pl \
+ || die "Unable to update test locations"
+ eprefixify curl-config.in
+ eautoreconf
+}
+
+multilib_src_configure() {
+ # We make use of the fact that later flags override earlier ones
+ # So start with all ssl providers off until proven otherwise
+ # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
+ local myconf=()
+
+ myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
+ #myconf+=( --without-default-ssl-backend )
+ if use ssl ; then
+ myconf+=( --without-gnutls --without-mbedtls --without-nss --without-rustls )
+
+ if use gnutls || use curl_ssl_gnutls; then
+ einfo "SSL provided by gnutls"
+ myconf+=( --with-gnutls )
+ fi
+ if use mbedtls || use curl_ssl_mbedtls; then
+ einfo "SSL provided by mbedtls"
+ myconf+=( --with-mbedtls )
+ fi
+ if use nss || use curl_ssl_nss; then
+ einfo "SSL provided by nss"
+ myconf+=( --with-nss --with-nss-deprecated )
+ fi
+ if use openssl || use curl_ssl_openssl; then
+ einfo "SSL provided by openssl"
+ myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
+ fi
+ if use rustls || use curl_ssl_rustls; then
+ einfo "SSL provided by rustls"
+ myconf+=( --with-rustls )
+ fi
+ if use curl_ssl_gnutls; then
+ einfo "Default SSL provided by gnutls"
+ myconf+=( --with-default-ssl-backend=gnutls )
+ elif use curl_ssl_mbedtls; then
+ einfo "Default SSL provided by mbedtls"
+ myconf+=( --with-default-ssl-backend=mbedtls )
+ elif use curl_ssl_nss; then
+ einfo "Default SSL provided by nss"
+ myconf+=( --with-default-ssl-backend=nss )
+ elif use curl_ssl_openssl; then
+ einfo "Default SSL provided by openssl"
+ myconf+=( --with-default-ssl-backend=openssl )
+ elif use curl_ssl_rustls; then
+ einfo "Default SSL provided by rustls"
+ myconf+=( --with-default-ssl-backend=rustls )
+ else
+ eerror "We can't be here because of REQUIRED_USE."
+ fi
+
+ else
+ myconf+=( --without-ssl )
+ einfo "SSL disabled"
+ fi
+
+ # These configuration options are organized alphabetically
+ # within each category. This should make it easier if we
+ # ever decide to make any of them contingent on USE flags:
+ # 1) protocols first. To see them all do
+ # 'grep SUPPORT_PROTOCOLS configure.ac'
+ # 2) --enable/disable options second.
+ # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
+ # 3) --with/without options third.
+ # grep -- --with configure | grep Check | awk '{ print $4 }' | sort
+
+ myconf+=(
+ $(use_enable alt-svc)
+ --enable-crypto-auth
+ --enable-dict
+ --disable-ech
+ --enable-file
+ $(use_enable ftp)
+ $(use_enable gopher)
+ $(use_enable hsts)
+ --enable-http
+ $(use_enable imap)
+ $(use_enable ldap)
+ $(use_enable ldap ldaps)
+ --enable-ntlm
+ --disable-ntlm-wb
+ $(use_enable pop3)
+ --enable-rt
+ --enable-rtsp
+ $(use_enable samba smb)
+ $(use_with ssh libssh2)
+ $(use_enable smtp)
+ $(use_enable telnet)
+ $(use_enable tftp)
+ --enable-tls-srp
+ $(use_enable adns ares)
+ --enable-cookies
+ --enable-dateparse
+ --enable-dnsshuffle
+ --enable-doh
+ --enable-symbol-hiding
+ --enable-http-auth
+ --enable-ipv6
+ --enable-largefile
+ --enable-manual
+ --enable-mime
+ --enable-netrc
+ $(use_enable progress-meter)
+ --enable-proxy
+ --enable-socketpair
+ --disable-sspi
+ $(use_enable static-libs static)
+ --enable-pthreads
+ --enable-threaded-resolver
+ --disable-versioned-symbols
+ --without-amissl
+ --without-bearssl
+ $(use_with brotli)
+ --without-fish-functions-dir
+ $(use_with http2 nghttp2)
+ --without-hyper
+ $(use_with idn libidn2)
+ $(use_with kerberos gssapi "${EPREFIX}"/usr)
+ --without-libgsasl
+ --without-libpsl
+ --without-msh3
+ $(use_with nghttp3)
+ $(use_with nghttp3 ngtcp2)
+ --without-quiche
+ $(use_with rtmp librtmp)
+ --without-schannel
+ --without-secure-transport
+ --without-test-caddy
+ --without-test-httpd
+ --without-test-nghttpx
+ $(use_enable websockets)
+ --without-winidn
+ --without-wolfssl
+ --with-zlib
+ $(use_with zstd)
+ )
+
+ if use test && multilib_is_native_abi && ( use http2 || use nghttp3 ); then
+ myconf+=(
+ --with-test-nghttpx="${BROOT}/usr/bin/nghttpx"
+ )
+ fi
+
+ ECONF_SOURCE="${S}" econf "${myconf[@]}"
+
+ if ! multilib_is_native_abi; then
+ # avoid building the client
+ sed -i -e '/SUBDIRS/s:src::' Makefile || die
+ sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
+ fi
+
+ # Fix up the pkg-config file to be more robust.
+ # https://github.com/curl/curl/issues/864
+ local priv=() libs=()
+ # We always enable zlib.
+ libs+=( "-lz" )
+ priv+=( "zlib" )
+ if use http2; then
+ libs+=( "-lnghttp2" )
+ priv+=( "libnghttp2" )
+ fi
+ if use nghttp3; then
+ libs+=( "-lnghttp3" "-lngtcp2" )
+ priv+=( "libnghttp3" "libngtcp2" )
+ fi
+ if use ssl && use curl_ssl_openssl; then
+ libs+=( "-lssl" "-lcrypto" )
+ priv+=( "openssl" )
+ fi
+ grep -q Requires.private libcurl.pc && die "need to update ebuild"
+ libs=$(printf '|%s' "${libs[@]}")
+ sed -i -r \
+ -e "/^Libs.private/s:(${libs#|})( |$)::g" \
+ libcurl.pc || die
+ echo "Requires.private: ${priv[*]}" >> libcurl.pc || die
+}
+
+multilib_src_test() {
+ # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
+ # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
+ # -v: verbose
+ # -a: keep going on failure (so we see everything which breaks, not just 1st test)
+ # -k: keep test files after completion
+ # -am: automake style TAP output
+ # -p: print logs if test fails
+ # Note: if needed, we can disable tests. See e.g. Fedora's packaging
+ # or just read https://github.com/curl/curl/tree/master/tests#run.
+ multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p"
+}
+
+multilib_src_install_all() {
+ einstalldocs
+ find "${ED}" -type f -name '*.la' -delete || die
+ rm -rf "${ED}"/etc/ || die
+}
diff --git a/net-misc/curl/files/curl-7.88.1-onion-resolution.patch b/net-misc/curl/files/curl-7.88.1-onion-resolution.patch
new file mode 100644
index 000000000000..05519884653c
--- /dev/null
+++ b/net-misc/curl/files/curl-7.88.1-onion-resolution.patch
@@ -0,0 +1,132 @@
+https://github.com/curl/curl/pull/10705
+From: Matt Jolly <Matt.Jolly@footclan.ninja>
+Date: Wed, 8 Mar 2023 02:16:45 +1100
+Subject: [PATCH] Refuse to resolve the .onion TLD.
+
+RFC 7686 states that:
+
+> Applications that do not implement the Tor
+> protocol SHOULD generate an error upon the use of .onion and
+> SHOULD NOT perform a DNS lookup.
+
+Let's do that.
+
+See curl/curl#543
+https://www.rfc-editor.org/rfc/rfc7686#section-2
+--- a/lib/hostip.c
++++ b/lib/hostip.c
+@@ -652,6 +652,14 @@ enum resolve_t Curl_resolv(struct Curl_easy *data,
+ CURLcode result;
+ enum resolve_t rc = CURLRESOLV_ERROR; /* default to failure */
+ struct connectdata *conn = data->conn;
++ /* We should intentionally error and not resolve .onion TLDs */
++ size_t hostname_len = strlen(hostname);
++ if(hostname_len >= 7 &&
++ (curl_strequal(&hostname[hostname_len-6], ".onion") ||
++ curl_strequal(&hostname[hostname_len-7], ".onion."))) {
++ failf(data, "Not resolving .onion address (RFC 7686)");
++ return CURLRESOLV_ERROR;
++ }
+ *entry = NULL;
+ #ifndef CURL_DISABLE_DOH
+ conn->bits.doh = FALSE; /* default is not */
+--- a/tests/data/Makefile.inc
++++ b/tests/data/Makefile.inc
+@@ -186,8 +186,8 @@ test1432 test1433 test1434 test1435 test1436 test1437 test1438 test1439 \
+ test1440 test1441 test1442 test1443 test1444 test1445 test1446 test1447 \
+ test1448 test1449 test1450 test1451 test1452 test1453 test1454 test1455 \
+ test1456 test1457 test1458 test1459 test1460 test1461 test1462 test1463 \
+-test1464 test1465 test1466 test1467 test1468 test1469 \
+-\
++test1464 test1465 test1466 test1467 test1468 test1469 test1471 \
++test1472 \
+ test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1507 \
+ test1508 test1509 test1510 test1511 test1512 test1513 test1514 test1515 \
+ test1516 test1517 test1518 test1519 test1520 test1521 test1522 test1523 \
+--- /dev/null
++++ b/tests/data/test1471
+@@ -0,0 +1,39 @@
++<testcase>
++<info>
++<keywords>
++Onion
++Tor
++FAILURE
++</keywords>
++</info>
++#
++# Server-side
++<reply>
++</reply>
++
++#
++# Client-side
++<client>
++<server>
++none
++</server>
++<name>
++Fail to resolve .onion TLD
++</name>
++<command>
++red.onion
++</command>
++</client>
++
++#
++# Verify data after the test has been "shot"
++<verify>
++# Couldn't resolve host name
++<errorcode>
++6
++</errorcode>
++<stderr mode="text">
++curl: (6) Not resolving .onion address (RFC 7686)
++</stderr>
++</verify>
++</testcase>
+--- /dev/null
++++ b/tests/data/test1472
+@@ -0,0 +1,39 @@
++<testcase>
++<info>
++<keywords>
++Onion
++Tor
++FAILURE
++</keywords>
++</info>
++#
++# Server-side
++<reply>
++</reply>
++
++#
++# Client-side
++<client>
++<server>
++none
++</server>
++<name>
++Fail to resolve .onion. TLD
++</name>
++<command>
++tasty.onion.
++</command>
++</client>
++
++#
++# Verify data after the test has been "shot"
++<verify>
++# Couldn't resolve host name
++<errorcode>
++6
++</errorcode>
++<stderr mode="text">
++curl: (6) Not resolving .onion address (RFC 7686)
++</stderr>
++</verify>
++</testcase>
+--
+2.39.2
+
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/curl/files/, net-misc/curl/
@ 2023-05-26 2:07 Sam James
0 siblings, 0 replies; 18+ messages in thread
From: Sam James @ 2023-05-26 2:07 UTC (permalink / raw
To: gentoo-commits
commit: b5a048d520b9fe74be7d34a7e5ff7929668c359a
Author: Matt Jolly <Matt.Jolly <AT> footclan <DOT> ninja>
AuthorDate: Wed May 24 11:30:22 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri May 26 02:06:50 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b5a048d5
net-misc/curl: add 8.1.1, 9999
Bugfix release for 8.1.0 which already has the important fixes
backported.
Additional `REQUIRED_USE` checks to ensure that the default SSL provider
is actually enabled.
Rename the prefix patch; it hasn't changed in a major version and won't
for a while
Closes: https://bugs.gentoo.org/905222
Closes: https://bugs.gentoo.org/742641
Closes: https://bugs.gentoo.org/750752
Signed-off-by: Matt Jolly <Matt.Jolly <AT> footclan.ninja>
Closes: https://github.com/gentoo/gentoo/pull/31152
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-misc/curl/Manifest | 2 +
net-misc/curl/curl-8.0.1.ebuild | 2 +-
net-misc/curl/curl-8.1.0-r1.ebuild | 2 +-
.../{curl-8.1.0-r1.ebuild => curl-8.1.1.ebuild} | 46 ++++++++++++++--------
.../curl/{curl-8.0.1.ebuild => curl-9999.ebuild} | 40 ++++++++++++-------
net-misc/curl/files/curl-8.1.1-hanging-http2.patch | 36 +++++++++++++++++
...{curl-7.30.0-prefix.patch => curl-prefix.patch} | 0
7 files changed, 94 insertions(+), 34 deletions(-)
diff --git a/net-misc/curl/Manifest b/net-misc/curl/Manifest
index 23d992711598..2d5667e3574a 100644
--- a/net-misc/curl/Manifest
+++ b/net-misc/curl/Manifest
@@ -2,3 +2,5 @@ DIST curl-8.0.1.tar.xz 2575544 BLAKE2B 67d82e9d71f0a351b5c2ed3ad5eab02e367ded872
DIST curl-8.0.1.tar.xz.asc 488 BLAKE2B 452e1bebe1028e7621bbf8829e50cf56e254cd63a8cf2a4c0332176b9f18fb2821304ae556a203996d273c986bddbd04db2218c18fd34dee66e9155861ba50ce SHA512 92c6a0570e9a8a708fe2f717b8b37a68dcb9cd4520ca50c9baafec5891bda103bce2d2dcb67f1387bf11bd7e51e0e64ccd52d196e61d58b598ad3aa1960386cf
DIST curl-8.1.0.tar.xz 2612568 BLAKE2B 768a824b8f5f6ddaa073599c4106f07a8134bcbe0e0d666390be1bce16ba25386d85930853bb47bc90b2c8a499a0b2abb9c685042563801e0fe58b9c315ac6cc SHA512 b99926f372ddd715cd1d2b54d8fb96b26b085e6501715e25aa57b6c6a7f8452473506ddb284e2f280f8afdb301b7f0c3bfde7ad7ed393b12c022430a9301096d
DIST curl-8.1.0.tar.xz.asc 488 BLAKE2B c1a8e50eddc7dd140af2af29736eb486e96a6d3b67a9161244daa86558f65522527380c92597a5f10e5dad187f0bda6ac5b9cadc29386bef4492bc047c77b423 SHA512 191a74c7a6b6aa78b7f36e1535fda0701bde8b333a61c90343e1f1b2d65cc5097b5febc5fa42b2f373795ef1b34078790deaaa71c8aaa45eed1c753729a45f3d
+DIST curl-8.1.1.tar.xz 2613348 BLAKE2B 465a3237335e73665086ac43f5c66cfbab7e9b163e1ae0e2345da82f9c736d87fccf4d76369cc069abc29621f10db7ddbf22d0337db9ca85042bb12438d4aaed SHA512 d034b1ab9c00e8a0acf7ba6c6344734945d45666b4f38394f5456fcd9b22623146a897270861b7411412ca25c912e1bbf24eb139a6dfc1a8c00d098b3b925399
+DIST curl-8.1.1.tar.xz.asc 488 BLAKE2B c92017d0fe4933d6c27d833944c231967263607a7871a658e0cbb9de46f7df8dfbec141e269296caf17ced004fb2b237b8311ec9f7bf98f03fb405b5755950fc SHA512 6a71c18d67de8c340b5d80c7452a82c00f7ef466f690eec12edcd6123aee6866e8a0e757e1cc6c9af87a63fdeaafbc9fc1b1a4e2e0fd8a75b5952d4738fd0b27
diff --git a/net-misc/curl/curl-8.0.1.ebuild b/net-misc/curl/curl-8.0.1.ebuild
index 4b4b1f3aac45..4f21364a91e4 100644
--- a/net-misc/curl/curl-8.0.1.ebuild
+++ b/net-misc/curl/curl-8.0.1.ebuild
@@ -106,7 +106,7 @@ QA_CONFIG_IMPL_DECL_SKIP=(
)
PATCHES=(
- "${FILESDIR}"/${PN}-7.30.0-prefix.patch
+ "${FILESDIR}"/${PN}-prefix.patch
"${FILESDIR}"/${PN}-respect-cflags-3.patch
# Backports
diff --git a/net-misc/curl/curl-8.1.0-r1.ebuild b/net-misc/curl/curl-8.1.0-r1.ebuild
index 1121646ce126..cf964b638bcd 100644
--- a/net-misc/curl/curl-8.1.0-r1.ebuild
+++ b/net-misc/curl/curl-8.1.0-r1.ebuild
@@ -106,7 +106,7 @@ QA_CONFIG_IMPL_DECL_SKIP=(
)
PATCHES=(
- "${FILESDIR}"/${PN}-7.30.0-prefix.patch
+ "${FILESDIR}"/${PN}-prefix.patch
"${FILESDIR}"/${PN}-respect-cflags-3.patch
### Backports
"${FILESDIR}"/${P}-numeric-hostname.patch
diff --git a/net-misc/curl/curl-8.1.0-r1.ebuild b/net-misc/curl/curl-8.1.1.ebuild
similarity index 88%
copy from net-misc/curl/curl-8.1.0-r1.ebuild
copy to net-misc/curl/curl-8.1.1.ebuild
index 1121646ce126..1f799eeab629 100644
--- a/net-misc/curl/curl-8.1.0-r1.ebuild
+++ b/net-misc/curl/curl-8.1.1.ebuild
@@ -8,20 +8,28 @@ inherit autotools multilib-minimal prefix verify-sig
DESCRIPTION="A Client that groks URLs"
HOMEPAGE="https://curl.se/"
-SRC_URI="
- https://curl.se/download/${P}.tar.xz
- verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )
-"
+
+if [[ ${PV} == 9999 ]]; then
+ inherit git-r3
+ EGIT_REPO_URI="https://github.com/curl/curl.git"
+else
+ SRC_URI="
+ https://curl.se/download/${P}.tar.xz
+ verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )
+ "
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+fi
LICENSE="curl"
SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
IUSE="+adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd"
+# These select the default SSL implementation
IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_rustls"
IUSE+=" nghttp3"
RESTRICT="!test? ( test )"
# Only one default ssl provider can be enabled
+# The default ssl provider needs its USE satisfied
REQUIRED_USE="
ssl? (
^^ (
@@ -32,6 +40,11 @@ REQUIRED_USE="
curl_ssl_rustls
)
)
+ curl_ssl_gnutls? ( gnutls )
+ curl_ssl_mbedtls? ( mbedtls )
+ curl_ssl_nss? ( nss )
+ curl_ssl_openssl? ( openssl )
+ curl_ssl_rustls? ( rustls )
"
RDEPEND="
@@ -106,11 +119,11 @@ QA_CONFIG_IMPL_DECL_SKIP=(
)
PATCHES=(
- "${FILESDIR}"/${PN}-7.30.0-prefix.patch
+ "${FILESDIR}"/${PN}-prefix.patch
"${FILESDIR}"/${PN}-respect-cflags-3.patch
+
### Backports
- "${FILESDIR}"/${P}-numeric-hostname.patch
- "${FILESDIR}"/${P}-header-length.patch
+ "${FILESDIR}"/${P}-hanging-http2.patch
)
src_prepare() {
@@ -127,27 +140,26 @@ multilib_src_configure() {
local myconf=()
myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
- #myconf+=( --without-default-ssl-backend )
if use ssl ; then
myconf+=( --without-gnutls --without-mbedtls --without-nss --without-rustls )
- if use gnutls || use curl_ssl_gnutls; then
+ if use gnutls; then
einfo "SSL provided by gnutls"
myconf+=( --with-gnutls )
fi
- if use mbedtls || use curl_ssl_mbedtls; then
+ if use mbedtls; then
einfo "SSL provided by mbedtls"
myconf+=( --with-mbedtls )
fi
- if use nss || use curl_ssl_nss; then
+ if use nss; then
einfo "SSL provided by nss"
myconf+=( --with-nss --with-nss-deprecated )
fi
- if use openssl || use curl_ssl_openssl; then
+ if use openssl; then
einfo "SSL provided by openssl"
myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
fi
- if use rustls || use curl_ssl_rustls; then
+ if use rustls; then
einfo "SSL provided by rustls"
myconf+=( --with-rustls )
fi
@@ -304,9 +316,9 @@ multilib_src_test() {
# -k: keep test files after completion
# -am: automake style TAP output
# -p: print logs if test fails
- # Note: if needed, we can skip specific tests. Prefix the test number in TFLAGS
- # with a '!'. For example, to skip test 241 and 1083, use '!241 !1083'.
- # See https://github.com/curl/curl/tree/master/tests#run for advanced test selection.
+ # Note: if needed, we can skip specific tests. See e.g. Fedora's packaging
+ # or just read https://github.com/curl/curl/tree/master/tests#run.
+ # Note: we don't run the testsuite for cross-compilation.
# The network sandbox causes tests 241 and 1083 to fail; these are typically skipped
# as most gentoo users don't have an 'ip6-localhost'
multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p !241 !1083"
diff --git a/net-misc/curl/curl-8.0.1.ebuild b/net-misc/curl/curl-9999.ebuild
similarity index 90%
copy from net-misc/curl/curl-8.0.1.ebuild
copy to net-misc/curl/curl-9999.ebuild
index 4b4b1f3aac45..780b2f6446f1 100644
--- a/net-misc/curl/curl-8.0.1.ebuild
+++ b/net-misc/curl/curl-9999.ebuild
@@ -8,20 +8,28 @@ inherit autotools multilib-minimal prefix verify-sig
DESCRIPTION="A Client that groks URLs"
HOMEPAGE="https://curl.se/"
-SRC_URI="
- https://curl.se/download/${P}.tar.xz
- verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )
-"
+
+if [[ ${PV} == 9999 ]]; then
+ inherit git-r3
+ EGIT_REPO_URI="https://github.com/curl/curl.git"
+else
+ SRC_URI="
+ https://curl.se/download/${P}.tar.xz
+ verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )
+ "
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+fi
LICENSE="curl"
SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
IUSE="+adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd"
+# These select the default SSL implementation
IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_rustls"
IUSE+=" nghttp3"
RESTRICT="!test? ( test )"
# Only one default ssl provider can be enabled
+# The default ssl provider needs its USE satisfied
REQUIRED_USE="
ssl? (
^^ (
@@ -32,6 +40,11 @@ REQUIRED_USE="
curl_ssl_rustls
)
)
+ curl_ssl_gnutls? ( gnutls )
+ curl_ssl_mbedtls? ( mbedtls )
+ curl_ssl_nss? ( nss )
+ curl_ssl_openssl? ( openssl )
+ curl_ssl_rustls? ( rustls )
"
RDEPEND="
@@ -106,11 +119,8 @@ QA_CONFIG_IMPL_DECL_SKIP=(
)
PATCHES=(
- "${FILESDIR}"/${PN}-7.30.0-prefix.patch
+ "${FILESDIR}"/${PN}-prefix.patch
"${FILESDIR}"/${PN}-respect-cflags-3.patch
-
- # Backports
- "${FILESDIR}"/${PN}-8.0.1-onion-resolution.patch
)
src_prepare() {
@@ -127,27 +137,26 @@ multilib_src_configure() {
local myconf=()
myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
- #myconf+=( --without-default-ssl-backend )
if use ssl ; then
myconf+=( --without-gnutls --without-mbedtls --without-nss --without-rustls )
- if use gnutls || use curl_ssl_gnutls; then
+ if use gnutls; then
einfo "SSL provided by gnutls"
myconf+=( --with-gnutls )
fi
- if use mbedtls || use curl_ssl_mbedtls; then
+ if use mbedtls; then
einfo "SSL provided by mbedtls"
myconf+=( --with-mbedtls )
fi
- if use nss || use curl_ssl_nss; then
+ if use nss; then
einfo "SSL provided by nss"
myconf+=( --with-nss --with-nss-deprecated )
fi
- if use openssl || use curl_ssl_openssl; then
+ if use openssl; then
einfo "SSL provided by openssl"
myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
fi
- if use rustls || use curl_ssl_rustls; then
+ if use rustls; then
einfo "SSL provided by rustls"
myconf+=( --with-rustls )
fi
@@ -306,6 +315,7 @@ multilib_src_test() {
# -p: print logs if test fails
# Note: if needed, we can skip specific tests. See e.g. Fedora's packaging
# or just read https://github.com/curl/curl/tree/master/tests#run.
+ # Note: we don't run the testsuite for cross-compilation.
multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p"
}
diff --git a/net-misc/curl/files/curl-8.1.1-hanging-http2.patch b/net-misc/curl/files/curl-8.1.1-hanging-http2.patch
new file mode 100644
index 000000000000..4777c4dd35ed
--- /dev/null
+++ b/net-misc/curl/files/curl-8.1.1-hanging-http2.patch
@@ -0,0 +1,36 @@
+https://github.com/curl/curl/commit/5c58cb0212bcf63cce33a974906bf9905948b4bb
+From: Stefan Eissing <stefan@eissing.org>
+Date: Wed, 24 May 2023 18:48:16 +0200
+Subject: [PATCH] http2: fix EOF handling on uploads with auth negotiation
+
+- doing a POST with `--digest` does an override on the initial request
+ with `Content-Length: 0`, but the http2 filter was unaware of that
+ and expected the originally request body. It did therefore not
+ send a final DATA frame with EOF flag to the server.
+- The fix overrides any initial notion of post size when the `done_send`
+ event is triggered by the transfer loop, leading to the EOF that
+ is necessary.
+- refs #11194. The fault did not happen in testing, as Apache httpd
+ never tries to read the request body of the initial request,
+ sends the 401 reply and closes the stream. The server used in the
+ reported issue however tried to read the EOF and timed out on the
+ request.
+
+Reported-by: Aleksander Mazur
+Fixes #11194
+Cloes #11200
+--- a/lib/http2.c
++++ b/lib/http2.c
+@@ -1527,10 +1527,8 @@ static CURLcode http2_data_done_send(struct Curl_cfilter *cf,
+ if(!stream->send_closed) {
+ stream->send_closed = TRUE;
+ if(stream->upload_left) {
+- /* If we operated with unknown length, we now know that everything
+- * that is buffered is all we have to send. */
+- if(stream->upload_left == -1)
+- stream->upload_left = Curl_bufq_len(&stream->sendbuf);
++ /* we now know that everything that is buffered is all there is. */
++ stream->upload_left = Curl_bufq_len(&stream->sendbuf);
+ /* resume sending here to trigger the callback to get called again so
+ that it can signal EOF to nghttp2 */
+ (void)nghttp2_session_resume_data(ctx->h2, stream->id);
diff --git a/net-misc/curl/files/curl-7.30.0-prefix.patch b/net-misc/curl/files/curl-prefix.patch
similarity index 100%
rename from net-misc/curl/files/curl-7.30.0-prefix.patch
rename to net-misc/curl/files/curl-prefix.patch
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/curl/files/, net-misc/curl/
@ 2023-05-26 4:30 Sam James
0 siblings, 0 replies; 18+ messages in thread
From: Sam James @ 2023-05-26 4:30 UTC (permalink / raw
To: gentoo-commits
commit: 3cb247e73e86b39815c50982f328562151af7ad8
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri May 26 04:30:33 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri May 26 04:30:37 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3cb247e7
net-misc/curl: fix hanging configure test
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-misc/curl/curl-8.1.1.ebuild | 1 +
.../curl/files/curl-8.1.1-configure-compiler.patch | 73 ++++++++++++++++++++++
2 files changed, 74 insertions(+)
diff --git a/net-misc/curl/curl-8.1.1.ebuild b/net-misc/curl/curl-8.1.1.ebuild
index 1f799eeab629..1240b566e376 100644
--- a/net-misc/curl/curl-8.1.1.ebuild
+++ b/net-misc/curl/curl-8.1.1.ebuild
@@ -124,6 +124,7 @@ PATCHES=(
### Backports
"${FILESDIR}"/${P}-hanging-http2.patch
+ "${FILESDIR}"/${P}-configure-compiler.patch
)
src_prepare() {
diff --git a/net-misc/curl/files/curl-8.1.1-configure-compiler.patch b/net-misc/curl/files/curl-8.1.1-configure-compiler.patch
new file mode 100644
index 000000000000..f769b35880cf
--- /dev/null
+++ b/net-misc/curl/files/curl-8.1.1-configure-compiler.patch
@@ -0,0 +1,73 @@
+The check for "basic compiler options" hangs otherwise.
+
+https://github.com/curl/curl/commit/471dab2da0c6b2b08ca2b96a1da0a4825e2c3c36
+https://github.com/curl/curl/commit/c4a019603b82a08c3572591a9393df0818ee02f6
+
+From 471dab2da0c6b2b08ca2b96a1da0a4825e2c3c36 Mon Sep 17 00:00:00 2001
+From: Christian Hesse <mail@eworm.de>
+Date: Tue, 23 May 2023 09:40:18 +0200
+Subject: [PATCH] configure: quote the assignments for run-compiler
+
+Building for multilib failed, as the compiler command contains an
+extra argument. That needs quoting.
+
+Regression from b78ca50cb3dda361f9c1
+
+Fixes #11179
+Closes #11180
+--- a/configure.ac
++++ b/configure.ac
+@@ -193,8 +193,8 @@ dnl something different but only have that affect the execution of the results
+ dnl of the compile, not change the libraries for the compiler itself.
+ dnl
+ compilersh="run-compiler"
+-echo "CC=$CC" > $compilersh
+-echo "LD_LIBRARY_PATH=$LD_LIBRARY_PATH" >> $compilersh
++echo "CC=\"$CC\"" > $compilersh
++echo "LD_LIBRARY_PATH=\"$LD_LIBRARY_PATH\"" >> $compilersh
+ echo 'exec $CC $@' >> $compilersh
+
+ dnl **********************************************************************
+
+From c4a019603b82a08c3572591a9393df0818ee02f6 Mon Sep 17 00:00:00 2001
+From: Emanuele Torre <torreemanuele6@gmail.com>
+Date: Tue, 23 May 2023 11:59:59 +0200
+Subject: [PATCH] configure: fix build with arbitrary CC and LD_LIBRARY_PATH
+
+Since ./configure and processes that inherit its environment variables
+are the only callers of the run-compiler script, we can just save the
+current value of the LD_LIBRARY_PATH and CC variables to another pair of
+environment variables, and make run-compiler a static script that
+simply restores CC and LD_LIBRARY_PATH to the saved value, and before
+running the compiler.
+
+This avoids having to inject the values of the variables in the script,
+possibly causing problems if they contains spaces, quotes, and other
+special characters.
+
+Also add exports in the script just in case LD_LIBRARY_PATH and CC are
+not already in the environment.
+
+follow-up from 471dab2
+
+Closes #11182
+--- a/configure.ac
++++ b/configure.ac
+@@ -193,9 +193,13 @@ dnl something different but only have that affect the execution of the results
+ dnl of the compile, not change the libraries for the compiler itself.
+ dnl
+ compilersh="run-compiler"
+-echo "CC=\"$CC\"" > $compilersh
+-echo "LD_LIBRARY_PATH=\"$LD_LIBRARY_PATH\"" >> $compilersh
+-echo 'exec $CC $@' >> $compilersh
++export "CURL_SAVED_CC=$CC"
++export "CURL_SAVED_LD_LIBRARY_PATH=$LD_LIBRARY_PATH"
++cat <<\EOF > "$compilersh"
++export "CC=$CURL_SAVED_CC"
++export "LD_LIBRARY_PATH=$CURL_SAVED_LD_LIBRARY_PATH"
++exec $CC "$@"
++EOF
+
+ dnl **********************************************************************
+ dnl See which TLS backend(s) that are requested. Just do all the
+
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/curl/files/, net-misc/curl/
@ 2023-07-23 1:52 Sam James
0 siblings, 0 replies; 18+ messages in thread
From: Sam James @ 2023-07-23 1:52 UTC (permalink / raw
To: gentoo-commits
commit: 931a75d893debd7a88d4b949e6a872463e798642
Author: Matt Jolly <Matt.Jolly <AT> footclan <DOT> ninja>
AuthorDate: Sat Jul 22 22:58:54 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Jul 23 01:36:55 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=931a75d8
net-misc/curl: add 8.2.0-r1
Signed-off-by: Matt Jolly <Matt.Jolly <AT> footclan.ninja>
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-misc/curl/curl-8.2.0-r1.ebuild | 353 ++++++++++++++++++++++++
net-misc/curl/files/curl-8.2.0-basic-auth.patch | 127 +++++++++
net-misc/curl/files/curl-8.2.0-http2-eof.patch | 32 +++
3 files changed, 512 insertions(+)
diff --git a/net-misc/curl/curl-8.2.0-r1.ebuild b/net-misc/curl/curl-8.2.0-r1.ebuild
new file mode 100644
index 000000000000..11500ccb756e
--- /dev/null
+++ b/net-misc/curl/curl-8.2.0-r1.ebuild
@@ -0,0 +1,353 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/danielstenberg.asc
+inherit autotools multilib-minimal multiprocessing prefix toolchain-funcs verify-sig
+
+DESCRIPTION="A Client that groks URLs"
+HOMEPAGE="https://curl.se/"
+
+if [[ ${PV} == 9999 ]]; then
+ inherit git-r3
+ EGIT_REPO_URI="https://github.com/curl/curl.git"
+else
+ SRC_URI="
+ https://curl.se/download/${P}.tar.xz
+ verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )
+ "
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+fi
+
+LICENSE="curl"
+SLOT="0"
+IUSE="+adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd"
+# These select the default SSL implementation
+IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_rustls"
+IUSE+=" nghttp3"
+RESTRICT="!test? ( test )"
+
+# Only one default ssl provider can be enabled
+# The default ssl provider needs its USE satisfied
+REQUIRED_USE="
+ ssl? (
+ ^^ (
+ curl_ssl_gnutls
+ curl_ssl_mbedtls
+ curl_ssl_nss
+ curl_ssl_openssl
+ curl_ssl_rustls
+ )
+ )
+ curl_ssl_gnutls? ( gnutls )
+ curl_ssl_mbedtls? ( mbedtls )
+ curl_ssl_nss? ( nss )
+ curl_ssl_openssl? ( openssl )
+ curl_ssl_rustls? ( rustls )
+"
+
+RDEPEND="
+ sys-libs/zlib[${MULTILIB_USEDEP}]
+ adns? ( net-dns/c-ares:=[${MULTILIB_USEDEP}] )
+ brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
+ http2? ( >=net-libs/nghttp2-1.15.0:=[${MULTILIB_USEDEP}] )
+ idn? ( net-dns/libidn2:=[static-libs?,${MULTILIB_USEDEP}] )
+ kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
+ ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] )
+ nghttp3? (
+ net-libs/nghttp3[${MULTILIB_USEDEP}]
+ net-libs/ngtcp2[ssl,${MULTILIB_USEDEP}]
+ )
+ rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
+ ssh? ( net-libs/libssh2[${MULTILIB_USEDEP}] )
+ ssl? (
+ gnutls? (
+ app-misc/ca-certificates
+ net-libs/gnutls:=[static-libs?,${MULTILIB_USEDEP}]
+ dev-libs/nettle:=[${MULTILIB_USEDEP}]
+ )
+ mbedtls? (
+ app-misc/ca-certificates
+ net-libs/mbedtls:=[${MULTILIB_USEDEP}]
+ )
+ nss? (
+ app-misc/ca-certificates
+ dev-libs/nss[${MULTILIB_USEDEP}]
+ dev-libs/nss-pem
+ )
+ openssl? (
+ dev-libs/openssl:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
+ )
+ rustls? (
+ net-libs/rustls-ffi:=[${MULTILIB_USEDEP}]
+ )
+ )
+ zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )
+"
+DEPEND="${RDEPEND}"
+BDEPEND="
+ dev-lang/perl
+ virtual/pkgconfig
+ test? (
+ sys-apps/diffutils
+ http2? ( >=net-libs/nghttp2-1.15.0:=[utils,${MULTILIB_USEDEP}] )
+ nghttp3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] )
+ )
+ verify-sig? ( sec-keys/openpgp-keys-danielstenberg )
+"
+
+DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
+
+MULTILIB_WRAPPED_HEADERS=(
+ /usr/include/curl/curlbuild.h
+)
+
+MULTILIB_CHOST_TOOLS=(
+ /usr/bin/curl-config
+)
+
+QA_CONFIG_IMPL_DECL_SKIP=(
+ __builtin_available
+ closesocket
+ CloseSocket
+ getpass_r
+ ioctlsocket
+ IoctlSocket
+ mach_absolute_time
+ setmode
+)
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-prefix.patch
+ "${FILESDIR}"/${PN}-respect-cflags-3.patch
+ "${FILESDIR}"/${PN}-8.2.0-basic-auth.patch
+ "${FILESDIR}"/${PN}-8.2.0-http2-eof.patch
+)
+
+src_prepare() {
+ default
+
+ eprefixify curl-config.in
+ eautoreconf
+}
+
+multilib_src_configure() {
+ # We make use of the fact that later flags override earlier ones
+ # So start with all ssl providers off until proven otherwise
+ # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
+ local myconf=()
+
+ myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
+ if use ssl; then
+ myconf+=( --without-gnutls --without-mbedtls --without-nss --without-rustls )
+
+ if use gnutls; then
+ multilib_is_native_abi && einfo "SSL provided by gnutls"
+ myconf+=( --with-gnutls )
+ fi
+ if use mbedtls; then
+ multilib_is_native_abi && einfo "SSL provided by mbedtls"
+ myconf+=( --with-mbedtls )
+ fi
+ if use nss; then
+ multilib_is_native_abi && einfo "SSL provided by nss"
+ myconf+=( --with-nss --with-nss-deprecated )
+ fi
+ if use openssl; then
+ multilib_is_native_abi && einfo "SSL provided by openssl"
+ myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
+ fi
+ if use rustls; then
+ multilib_is_native_abi && einfo "SSL provided by rustls"
+ myconf+=( --with-rustls )
+ fi
+ if use curl_ssl_gnutls; then
+ multilib_is_native_abi && einfo "Default SSL provided by gnutls"
+ myconf+=( --with-default-ssl-backend=gnutls )
+ elif use curl_ssl_mbedtls; then
+ multilib_is_native_abi && einfo "Default SSL provided by mbedtls"
+ myconf+=( --with-default-ssl-backend=mbedtls )
+ elif use curl_ssl_nss; then
+ multilib_is_native_abi && einfo "Default SSL provided by nss"
+ myconf+=( --with-default-ssl-backend=nss )
+ elif use curl_ssl_openssl; then
+ multilib_is_native_abi && einfo "Default SSL provided by openssl"
+ myconf+=( --with-default-ssl-backend=openssl )
+ elif use curl_ssl_rustls; then
+ multilib_is_native_abi && einfo "Default SSL provided by rustls"
+ myconf+=( --with-default-ssl-backend=rustls )
+ else
+ eerror "We can't be here because of REQUIRED_USE."
+ die "Please file a bug, hit impossible condition w/ USE=ssl handling."
+ fi
+
+ else
+ myconf+=( --without-ssl )
+ einfo "SSL disabled"
+ fi
+
+ # These configuration options are organized alphabetically
+ # within each category. This should make it easier if we
+ # ever decide to make any of them contingent on USE flags:
+ # 1) protocols first. To see them all do
+ # 'grep SUPPORT_PROTOCOLS configure.ac'
+ # 2) --enable/disable options second.
+ # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
+ # 3) --with/without options third.
+ # grep -- --with configure | grep Check | awk '{ print $4 }' | sort
+
+ myconf+=(
+ $(use_enable alt-svc)
+ --enable-crypto-auth
+ --enable-dict
+ --disable-ech
+ --enable-file
+ $(use_enable ftp)
+ $(use_enable gopher)
+ $(use_enable hsts)
+ --enable-http
+ $(use_enable imap)
+ $(use_enable ldap)
+ $(use_enable ldap ldaps)
+ --enable-ntlm
+ --disable-ntlm-wb
+ $(use_enable pop3)
+ --enable-rt
+ --enable-rtsp
+ $(use_enable samba smb)
+ $(use_with ssh libssh2)
+ $(use_enable smtp)
+ $(use_enable telnet)
+ $(use_enable tftp)
+ --enable-tls-srp
+ $(use_enable adns ares)
+ --enable-cookies
+ --enable-dateparse
+ --enable-dnsshuffle
+ --enable-doh
+ --enable-symbol-hiding
+ --enable-http-auth
+ --enable-ipv6
+ --enable-largefile
+ --enable-manual
+ --enable-mime
+ --enable-netrc
+ $(use_enable progress-meter)
+ --enable-proxy
+ --enable-socketpair
+ --disable-sspi
+ $(use_enable static-libs static)
+ --enable-pthreads
+ --enable-threaded-resolver
+ --disable-versioned-symbols
+ --without-amissl
+ --without-bearssl
+ $(use_with brotli)
+ --with-fish-functions-dir="${EPREFIX}"/usr/share/fish/vendor_completions.d
+ $(use_with http2 nghttp2)
+ --without-hyper
+ $(use_with idn libidn2)
+ $(use_with kerberos gssapi "${EPREFIX}"/usr)
+ --without-libgsasl
+ --without-libpsl
+ --without-msh3
+ $(use_with nghttp3)
+ $(use_with nghttp3 ngtcp2)
+ --without-quiche
+ $(use_with rtmp librtmp)
+ --without-schannel
+ --without-secure-transport
+ --without-test-caddy
+ --without-test-httpd
+ --without-test-nghttpx
+ $(use_enable websockets)
+ --without-winidn
+ --without-wolfssl
+ --with-zlib
+ $(use_with zstd)
+ --with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions
+ )
+
+ if use test && multilib_is_native_abi && ( use http2 || use nghttp3 ); then
+ myconf+=(
+ --with-test-nghttpx="${BROOT}/usr/bin/nghttpx"
+ )
+ fi
+
+ ECONF_SOURCE="${S}" econf "${myconf[@]}"
+
+ if ! multilib_is_native_abi; then
+ # Avoid building the client (we just want libcurl for multilib)
+ sed -i -e '/SUBDIRS/s:src::' Makefile || die
+ sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
+ fi
+
+ # Fix up the pkg-config file to be more robust.
+ # https://github.com/curl/curl/issues/864
+ local priv=() libs=()
+ # We always enable zlib.
+ libs+=( "-lz" )
+ priv+=( "zlib" )
+ if use http2; then
+ libs+=( "-lnghttp2" )
+ priv+=( "libnghttp2" )
+ fi
+ if use nghttp3; then
+ libs+=( "-lnghttp3" "-lngtcp2" )
+ priv+=( "libnghttp3" "libngtcp2" )
+ fi
+ if use ssl && use curl_ssl_openssl; then
+ libs+=( "-lssl" "-lcrypto" )
+ priv+=( "openssl" )
+ fi
+ grep -q Requires.private libcurl.pc && die "need to update ebuild"
+ libs=$(printf '|%s' "${libs[@]}")
+ sed -i -r \
+ -e "/^Libs.private/s:(${libs#|})( |$)::g" \
+ libcurl.pc || die
+ echo "Requires.private: ${priv[*]}" >> libcurl.pc || die
+}
+
+multilib_src_compile() {
+ default
+
+ if multilib_is_native_abi; then
+ # Shell completions
+ ! tc-is-cross-compiler && emake -C scripts
+ fi
+}
+
+# There is also a pytest harness that tests for bugs in some very specific
+# situations; we can rely on upstream for this rather than adding additional test deps.
+multilib_src_test() {
+ # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
+ # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
+ # -v: verbose
+ # -a: keep going on failure (so we see everything which breaks, not just 1st test)
+ # -k: keep test files after completion
+ # -am: automake style TAP output
+ # -p: print logs if test fails
+ # Note: if needed, we can skip specific tests. See e.g. Fedora's packaging
+ # or just read https://github.com/curl/curl/tree/master/tests#run.
+ # Note: we don't run the testsuite for cross-compilation.
+ # Upstream recommend 7*nproc as a starting point for parallel tests.
+ # The network sandbox causes tests 241 and 1083 to fail; these are typically skipped
+ # as most gentoo users don't have an 'ip6-localhost'
+ multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p -j$((7*$(makeopts_jobs))) !241 !1083"
+}
+
+multilib_src_install() {
+ emake DESTDIR="${D}" install
+
+ if multilib_is_native_abi; then
+ # Shell completions
+ ! tc-is-cross-compiler && emake -C scripts DESTDIR="${D}" install
+ fi
+}
+
+multilib_src_install_all() {
+ einstalldocs
+ find "${ED}" -type f -name '*.la' -delete || die
+ rm -rf "${ED}"/etc/ || die
+}
diff --git a/net-misc/curl/files/curl-8.2.0-basic-auth.patch b/net-misc/curl/files/curl-8.2.0-basic-auth.patch
new file mode 100644
index 000000000000..899ffb75a878
--- /dev/null
+++ b/net-misc/curl/files/curl-8.2.0-basic-auth.patch
@@ -0,0 +1,127 @@
+Patch-Source: https://github.com/curl/curl/pull/11492
+--
+From 0470577eb4524f09d245e9e6afd42ba8677a5a19 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 20 Jul 2023 23:20:50 +0200
+Subject: [PATCH 1/2] test979: test -u with redirect to (the same) absolute
+ host
+
+---
+ tests/data/Makefile.inc | 1 +
+ tests/data/test979 | 64 +++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 65 insertions(+)
+ create mode 100644 tests/data/test979
+
+diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
+index 8ee1394d4e562..12aefb14c0d1b 100644
+--- a/tests/data/Makefile.inc
++++ b/tests/data/Makefile.inc
+@@ -122,6 +122,7 @@ test943 test944 test945 test946 test947 test948 test949 test950 test951 \
+ test952 test953 test954 test955 test956 test957 test958 test959 test960 \
+ test961 test962 test963 test964 test965 test966 test967 test968 test969 \
+ test970 test971 test972 test973 test974 test975 test976 test977 test978 \
++test979 \
+ \
+ test980 test981 test982 test983 test984 test985 test986 test987 test988 \
+ test989 \
+diff --git a/tests/data/test979 b/tests/data/test979
+new file mode 100644
+index 0000000000000..40cc35044d9f6
+--- /dev/null
++++ b/tests/data/test979
+@@ -0,0 +1,64 @@
++<testcase>
++<info>
++<keywords>
++HTTP
++HTTP GET
++Basic
++</keywords>
++</info>
++
++#
++# Server-side
++<reply>
++<data crlf="yes" nocheck="yes">
++HTTP/1.1 302 go go go
++Content-Length: 8
++Location: http://%HOSTIP:%HTTPPORT/user/%TESTNUMBER0002
++Content-Type: text/html
++Funny-head: yesyes
++
++notreal
++</data>
++<data2 crlf="yes">
++HTTP/1.1 200 OK
++Content-Length: 6
++Content-Type: text/html
++Funny-head: yesyes
++
++final
++</data2>
++</reply>
++
++#
++# Client-side
++<client>
++<server>
++http
++</server>
++<name>
++-u with redirect to absolute URL using same origin and auth
++</name>
++<command>
++http://first:secret@%HOSTIP:%HTTPPORT/%TESTNUMBER -L -u smith:doggie
++</command>
++</client>
++
++#
++# Verify data after the test has been "shot"
++<verify>
++<protocol crlf="yes">
++GET /%TESTNUMBER HTTP/1.1
++Host: %HOSTIP:%HTTPPORT
++Authorization: Basic c21pdGg6ZG9nZ2ll
++User-Agent: curl/%VERSION
++Accept: */*
++
++GET /user/%TESTNUMBER0002 HTTP/1.1
++Host: %HOSTIP:%HTTPPORT
++Authorization: Basic c21pdGg6ZG9nZ2ll
++User-Agent: curl/%VERSION
++Accept: */*
++
++</protocol>
++</verify>
++</testcase>
+
+From c1effdfe658ae505e8ea65e5f46d810c4b8d81cb Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 20 Jul 2023 23:28:19 +0200
+Subject: [PATCH 2/2] transfer: do not clear the credentials on redirect to
+ absolute URL
+
+Makes test 979 work. Regression shipped in 8.2.0 from commit
+dd4d1a26959f63a2c
+
+Fixes #11486
+Reported-by: Cloudogu Siebels
+---
+ lib/transfer.c | 4 ----
+ 1 file changed, 4 deletions(-)
+
+diff --git a/lib/transfer.c b/lib/transfer.c
+index 52cd6a0153673..b678004b95ad2 100644
+--- a/lib/transfer.c
++++ b/lib/transfer.c
+@@ -1558,10 +1558,6 @@ CURLcode Curl_follow(struct Curl_easy *data,
+ /* If this is not redirect due to a 401 or 407 response and an absolute
+ URL: don't allow a custom port number */
+ disallowport = TRUE;
+- if(!data->set.allow_auth_to_other_hosts) {
+- Curl_safefree(data->state.aptr.user);
+- Curl_safefree(data->state.aptr.passwd);
+- }
+ }
+
+ DEBUGASSERT(data->state.uh);
diff --git a/net-misc/curl/files/curl-8.2.0-http2-eof.patch b/net-misc/curl/files/curl-8.2.0-http2-eof.patch
new file mode 100644
index 000000000000..0040a3c6560e
--- /dev/null
+++ b/net-misc/curl/files/curl-8.2.0-http2-eof.patch
@@ -0,0 +1,32 @@
+Patch-Source: https://github.com/curl/curl/commit/f9314f317f017e19e1802ce04ceeae620ca2cd71
+--
+From: Stefan Eissing <stefan@eissing.org>
+Date: Thu, 20 Jul 2023 13:08:00 +0200
+Subject: [PATCH] http2: fix regression on upload EOF handling
+
+- a regression introduced by c9ec85121110d7cbbbed2990024222c8f5b8afe5
+ where optimization of small POST bodies leads to a new code path
+ for such uploads that did not trigger the "done sending" event
+- add triggering this event for early "upload_done" situations
+
+Fixes #11485
+Closes #11487
+Reported-by: Aleksander Mazur
+---
+ lib/http.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/lib/http.c b/lib/http.c
+index f851bcd4a3443..e04028b3fec54 100644
+--- a/lib/http.c
++++ b/lib/http.c
+@@ -3380,6 +3380,9 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done)
+ }
+ }
+
++ if(data->req.upload_done)
++ Curl_conn_ev_data_done_send(data);
++
+ if((conn->httpversion >= 20) && data->req.upload_chunky)
+ /* upload_chunky was set above to set up the request in a chunky fashion,
+ but is disabled here again to avoid that the chunked encoded version is
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/curl/files/, net-misc/curl/
@ 2023-10-10 4:29 Sam James
0 siblings, 0 replies; 18+ messages in thread
From: Sam James @ 2023-10-10 4:29 UTC (permalink / raw
To: gentoo-commits
commit: 29b62f5e62682ea855af2e5e80b23c8808bea507
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Oct 10 04:29:13 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Oct 10 04:29:13 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=29b62f5e
net-misc/curl: fix tests on arm+musl
Bug: https://github.com/curl/curl/issues/11900
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-misc/curl/curl-8.3.0-r1.ebuild | 361 +++++++++++++++++++++
.../curl/files/curl-8.3.0-tests-arm-musl.patch | 115 +++++++
2 files changed, 476 insertions(+)
diff --git a/net-misc/curl/curl-8.3.0-r1.ebuild b/net-misc/curl/curl-8.3.0-r1.ebuild
new file mode 100644
index 000000000000..9c1c2fbb2ba4
--- /dev/null
+++ b/net-misc/curl/curl-8.3.0-r1.ebuild
@@ -0,0 +1,361 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/danielstenberg.asc
+inherit autotools multilib-minimal multiprocessing prefix toolchain-funcs verify-sig
+
+DESCRIPTION="A Client that groks URLs"
+HOMEPAGE="https://curl.se/"
+
+if [[ ${PV} == 9999 ]]; then
+ inherit git-r3
+ EGIT_REPO_URI="https://github.com/curl/curl.git"
+else
+ SRC_URI="
+ https://curl.se/download/${P}.tar.xz
+ verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )
+ "
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+fi
+
+LICENSE="BSD curl ISC test? ( BSD-4 )"
+SLOT="0"
+IUSE="+adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap kerberos ldap mbedtls +openssl +pop3 +progress-meter rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd"
+# These select the default SSL implementation
+IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls"
+IUSE+=" nghttp3"
+RESTRICT="!test? ( test )"
+
+# Only one default ssl provider can be enabled
+# The default ssl provider needs its USE satisfied
+# nghttp3 = https://bugs.gentoo.org/912029
+REQUIRED_USE="
+ ssl? (
+ ^^ (
+ curl_ssl_gnutls
+ curl_ssl_mbedtls
+ curl_ssl_openssl
+ curl_ssl_rustls
+ )
+ )
+ curl_ssl_gnutls? ( gnutls )
+ curl_ssl_mbedtls? ( mbedtls )
+ curl_ssl_openssl? ( openssl )
+ curl_ssl_rustls? ( rustls )
+ nghttp3? ( !openssl )
+"
+
+# cURL's docs and CI/CD are great resources for confirming supported versions
+# particulary for fast-moving targets like HTTP/2 and TCP/2 e.g.:
+# - https://github.com/curl/curl/blob/master/docs/HTTP3.md
+# - https://github.com/curl/curl/blob/master/.github/workflows/quiche-linux.yml
+# However 'supported' vs 'works' are two entirely different things; be sane but
+# don't be afraid to require a later version.
+
+RDEPEND="
+ sys-libs/zlib[${MULTILIB_USEDEP}]
+ adns? ( net-dns/c-ares:=[${MULTILIB_USEDEP}] )
+ brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
+ http2? ( >=net-libs/nghttp2-1.12.0:=[${MULTILIB_USEDEP}] )
+ idn? ( net-dns/libidn2:=[static-libs?,${MULTILIB_USEDEP}] )
+ kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
+ ldap? ( net-nds/openldap:=[static-libs?,${MULTILIB_USEDEP}] )
+ nghttp3? (
+ >=net-libs/nghttp3-0.15.0[${MULTILIB_USEDEP}]
+ >=net-libs/ngtcp2-0.19.1[gnutls,ssl,-openssl,${MULTILIB_USEDEP}]
+ )
+ rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
+ ssh? ( net-libs/libssh2[${MULTILIB_USEDEP}] )
+ ssl? (
+ gnutls? (
+ app-misc/ca-certificates
+ net-libs/gnutls:=[static-libs?,${MULTILIB_USEDEP}]
+ dev-libs/nettle:=[${MULTILIB_USEDEP}]
+ )
+ mbedtls? (
+ app-misc/ca-certificates
+ net-libs/mbedtls:=[${MULTILIB_USEDEP}]
+ )
+ openssl? (
+ dev-libs/openssl:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
+ )
+ rustls? (
+ net-libs/rustls-ffi:=[${MULTILIB_USEDEP}]
+ )
+ )
+ zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )
+"
+
+DEPEND="${RDEPEND}"
+
+BDEPEND="
+ dev-lang/perl
+ virtual/pkgconfig
+ test? (
+ sys-apps/diffutils
+ http2? ( >=net-libs/nghttp2-1.15.0:=[utils,${MULTILIB_USEDEP}] )
+ nghttp3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] )
+ )
+ verify-sig? ( sec-keys/openpgp-keys-danielstenberg )
+"
+
+DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
+
+MULTILIB_WRAPPED_HEADERS=(
+ /usr/include/curl/curlbuild.h
+)
+
+MULTILIB_CHOST_TOOLS=(
+ /usr/bin/curl-config
+)
+
+QA_CONFIG_IMPL_DECL_SKIP=(
+ __builtin_available
+ closesocket
+ CloseSocket
+ getpass_r
+ ioctlsocket
+ IoctlSocket
+ mach_absolute_time
+ setmode
+)
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-prefix.patch
+ "${FILESDIR}"/${PN}-respect-cflags-3.patch
+ "${FILESDIR}"/${P}-tests-arm-musl.patch
+)
+
+src_prepare() {
+ default
+
+ eprefixify curl-config.in
+ eautoreconf
+}
+
+multilib_src_configure() {
+ # We make use of the fact that later flags override earlier ones
+ # So start with all ssl providers off until proven otherwise
+ # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
+ local myconf=()
+
+ myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
+ if use ssl; then
+ myconf+=( --without-gnutls --without-mbedtls --without-rustls )
+
+ if use gnutls; then
+ multilib_is_native_abi && einfo "SSL provided by gnutls"
+ myconf+=( --with-gnutls )
+ fi
+ if use mbedtls; then
+ multilib_is_native_abi && einfo "SSL provided by mbedtls"
+ myconf+=( --with-mbedtls )
+ fi
+ if use openssl; then
+ multilib_is_native_abi && einfo "SSL provided by openssl"
+ myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
+ fi
+ if use rustls; then
+ multilib_is_native_abi && einfo "SSL provided by rustls"
+ myconf+=( --with-rustls )
+ fi
+ if use curl_ssl_gnutls; then
+ multilib_is_native_abi && einfo "Default SSL provided by gnutls"
+ myconf+=( --with-default-ssl-backend=gnutls )
+ elif use curl_ssl_mbedtls; then
+ multilib_is_native_abi && einfo "Default SSL provided by mbedtls"
+ myconf+=( --with-default-ssl-backend=mbedtls )
+ elif use curl_ssl_openssl; then
+ multilib_is_native_abi && einfo "Default SSL provided by openssl"
+ myconf+=( --with-default-ssl-backend=openssl )
+ elif use curl_ssl_rustls; then
+ multilib_is_native_abi && einfo "Default SSL provided by rustls"
+ myconf+=( --with-default-ssl-backend=rustls )
+ else
+ eerror "We can't be here because of REQUIRED_USE."
+ die "Please file a bug, hit impossible condition w/ USE=ssl handling."
+ fi
+
+ else
+ myconf+=( --without-ssl )
+ einfo "SSL disabled"
+ fi
+
+ # These configuration options are organized alphabetically
+ # within each category. This should make it easier if we
+ # ever decide to make any of them contingent on USE flags:
+ # 1) protocols first. To see them all do
+ # 'grep SUPPORT_PROTOCOLS configure.ac'
+ # 2) --enable/disable options second.
+ # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
+ # 3) --with/without options third.
+ # grep -- --with configure | grep Check | awk '{ print $4 }' | sort
+
+ myconf+=(
+ $(use_enable alt-svc)
+ --enable-basic-auth
+ --enable-bearer-auth
+ --enable-digest-auth
+ --enable-kerberos-auth
+ --enable-negotiate-auth
+ --enable-aws
+ --enable-dict
+ --disable-ech
+ --enable-file
+ $(use_enable ftp)
+ $(use_enable gopher)
+ $(use_enable hsts)
+ --enable-http
+ $(use_enable imap)
+ $(use_enable ldap)
+ $(use_enable ldap ldaps)
+ --enable-ntlm
+ --disable-ntlm-wb
+ $(use_enable pop3)
+ --enable-rt
+ --enable-rtsp
+ $(use_enable samba smb)
+ $(use_with ssh libssh2)
+ $(use_enable smtp)
+ $(use_enable telnet)
+ $(use_enable tftp)
+ --enable-tls-srp
+ $(use_enable adns ares)
+ --enable-cookies
+ --enable-dateparse
+ --enable-dnsshuffle
+ --enable-doh
+ --enable-symbol-hiding
+ --enable-http-auth
+ --enable-ipv6
+ --enable-largefile
+ --enable-manual
+ --enable-mime
+ --enable-netrc
+ $(use_enable progress-meter)
+ --enable-proxy
+ --enable-socketpair
+ --disable-sspi
+ $(use_enable static-libs static)
+ --enable-pthreads
+ --enable-threaded-resolver
+ --disable-versioned-symbols
+ --without-amissl
+ --without-bearssl
+ $(use_with brotli)
+ --with-fish-functions-dir="${EPREFIX}"/usr/share/fish/vendor_completions.d
+ $(use_with http2 nghttp2)
+ --without-hyper
+ $(use_with idn libidn2)
+ $(use_with kerberos gssapi "${EPREFIX}"/usr)
+ --without-libgsasl
+ --without-libpsl
+ --without-msh3
+ $(use_with nghttp3)
+ $(use_with nghttp3 ngtcp2)
+ --without-quiche
+ $(use_with rtmp librtmp)
+ --without-schannel
+ --without-secure-transport
+ --without-test-caddy
+ --without-test-httpd
+ --without-test-nghttpx
+ $(use_enable websockets)
+ --without-winidn
+ --without-wolfssl
+ --with-zlib
+ $(use_with zstd)
+ --with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions
+ )
+
+ if use test && multilib_is_native_abi && ( use http2 || use nghttp3 ); then
+ myconf+=(
+ --with-test-nghttpx="${BROOT}/usr/bin/nghttpx"
+ )
+ fi
+
+ if [[ ${CHOST} == *mingw* ]] ; then
+ myconf+=(
+ --disable-pthreads
+ )
+ fi
+
+ ECONF_SOURCE="${S}" econf "${myconf[@]}"
+
+ if ! multilib_is_native_abi; then
+ # Avoid building the client (we just want libcurl for multilib)
+ sed -i -e '/SUBDIRS/s:src::' Makefile || die
+ sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
+ fi
+
+ # Fix up the pkg-config file to be more robust.
+ # https://github.com/curl/curl/issues/864
+ local priv=() libs=()
+ # We always enable zlib.
+ libs+=( "-lz" )
+ priv+=( "zlib" )
+ if use http2; then
+ libs+=( "-lnghttp2" )
+ priv+=( "libnghttp2" )
+ fi
+ if use nghttp3; then
+ libs+=( "-lnghttp3" "-lngtcp2" )
+ priv+=( "libnghttp3" "libngtcp2" )
+ fi
+ if use ssl && use curl_ssl_openssl; then
+ libs+=( "-lssl" "-lcrypto" )
+ priv+=( "openssl" )
+ fi
+ grep -q Requires.private libcurl.pc && die "need to update ebuild"
+ libs=$(printf '|%s' "${libs[@]}")
+ sed -i -r \
+ -e "/^Libs.private/s:(${libs#|})( |$)::g" \
+ libcurl.pc || die
+ echo "Requires.private: ${priv[*]}" >> libcurl.pc || die
+}
+
+multilib_src_compile() {
+ default
+
+ if multilib_is_native_abi; then
+ # Shell completions
+ ! tc-is-cross-compiler && emake -C scripts
+ fi
+}
+
+# There is also a pytest harness that tests for bugs in some very specific
+# situations; we can rely on upstream for this rather than adding additional test deps.
+multilib_src_test() {
+ # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
+ # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
+ # -v: verbose
+ # -a: keep going on failure (so we see everything which breaks, not just 1st test)
+ # -k: keep test files after completion
+ # -am: automake style TAP output
+ # -p: print logs if test fails
+ # Note: if needed, we can skip specific tests. See e.g. Fedora's packaging
+ # or just read https://github.com/curl/curl/tree/master/tests#run.
+ # Note: we don't run the testsuite for cross-compilation.
+ # Upstream recommend 7*nproc as a starting point for parallel tests, but
+ # this ends up breaking when nproc is huge (like -j80).
+ # The network sandbox causes tests 241 and 1083 to fail; these are typically skipped
+ # as most gentoo users don't have an 'ip6-localhost'
+ multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p -j$((2*$(makeopts_jobs))) !241 !1083"
+}
+
+multilib_src_install() {
+ emake DESTDIR="${D}" install
+
+ if multilib_is_native_abi; then
+ # Shell completions
+ ! tc-is-cross-compiler && emake -C scripts DESTDIR="${D}" install
+ fi
+}
+
+multilib_src_install_all() {
+ einstalldocs
+ find "${ED}" -type f -name '*.la' -delete || die
+ rm -rf "${ED}"/etc/ || die
+}
diff --git a/net-misc/curl/files/curl-8.3.0-tests-arm-musl.patch b/net-misc/curl/files/curl-8.3.0-tests-arm-musl.patch
new file mode 100644
index 000000000000..e07c13a04766
--- /dev/null
+++ b/net-misc/curl/files/curl-8.3.0-tests-arm-musl.patch
@@ -0,0 +1,115 @@
+https://github.com/curl/curl/issues/11900
+https://github.com/curl/curl/commit/b226bd679a68b8bf94cbb6d58837f00251560e63
+https://github.com/curl/curl/commit/9c7165e96a3a9a2d0b7059c87c699b5ca8cdae93
+
+From b226bd679a68b8bf94cbb6d58837f00251560e63 Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Mon, 25 Sep 2023 13:03:26 +0200
+Subject: [PATCH] configure: sort AC_CHECK_FUNCS
+
+No functional changes.
+---
+ configure.ac | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 2fc9f2f01783c..a6f9066a133a4 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -3583,8 +3583,10 @@ AC_CHECK_DECLS([getpwuid_r], [], [AC_DEFINE(HAVE_DECL_GETPWUID_R_MISSING, 1, "Se
+ #include <sys/types.h>]])
+
+
+-AC_CHECK_FUNCS([fnmatch \
++AC_CHECK_FUNCS([\
++ arc4random \
+ fchmod \
++ fnmatch \
+ fork \
+ geteuid \
+ getpass_r \
+@@ -3604,7 +3606,6 @@ AC_CHECK_FUNCS([fnmatch \
+ snprintf \
+ utime \
+ utimes \
+- arc4random
+ ],[
+ ],[
+ func="$ac_func"
+
+From 9c7165e96a3a9a2d0b7059c87c699b5ca8cdae93 Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Fri, 22 Sep 2023 13:58:49 +0000
+Subject: [PATCH] lib: use wrapper for curl_mime_data fseek callback
+
+fseek uses long offset which does not match with curl_off_t. This leads
+to undefined behavior when calling the callback and caused failure on
+arm 32 bit.
+
+Use a wrapper to solve this and use fseeko which uses off_t instead of
+long.
+
+Thanks to the nice people at Libera IRC #musl for helping finding this
+out.
+
+Fixes #11882
+Fixes #11900
+Closes #11918
+---
+ configure.ac | 2 ++
+ lib/formdata.c | 17 +++++++++++++++--
+ 3 files changed, 20 insertions(+), 2 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index a6f9066a133a4..5fa7c45c47430 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -3584,10 +3584,12 @@ AC_CHECK_DECLS([getpwuid_r], [], [AC_DEFINE(HAVE_DECL_GETPWUID_R_MISSING, 1, "Se
+
+
+ AC_CHECK_FUNCS([\
++ _fseeki64 \
+ arc4random \
+ fchmod \
+ fnmatch \
+ fork \
++ fseeko \
+ geteuid \
+ getpass_r \
+ getppid \
+diff --git a/lib/formdata.c b/lib/formdata.c
+index 8984b63223cc0..f370ce6854b5f 100644
+--- a/lib/formdata.c
++++ b/lib/formdata.c
+@@ -789,6 +789,20 @@ static CURLcode setname(curl_mimepart *part, const char *name, size_t len)
+ return res;
+ }
+
++/* wrap call to fseeko so it matches the calling convetion of callback */
++static int fseeko_wrapper(void *stream, curl_off_t offset, int whence)
++{
++#if defined(HAVE_FSEEKO)
++ return fseeko(stream, (off_t)offset, whence);
++#elif defined(HAVE__FSEEKI64)
++ return _fseeki64(stream, (__int64)offset, whence);
++#else
++ if(offset > LONG_MAX)
++ return -1;
++ return fseek(stream, (long)offset, whence);
++#endif
++}
++
+ /*
+ * Curl_getformdata() converts a linked list of "meta data" into a mime
+ * structure. The input list is in 'post', while the output is stored in
+@@ -874,8 +888,7 @@ CURLcode Curl_getformdata(struct Curl_easy *data,
+ compatibility: use of "-" pseudo file name should be avoided. */
+ result = curl_mime_data_cb(part, (curl_off_t) -1,
+ (curl_read_callback) fread,
+- CURLX_FUNCTION_CAST(curl_seek_callback,
+- fseek),
++ fseeko_wrapper,
+ NULL, (void *) stdin);
+ }
+ else
+
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/curl/files/, net-misc/curl/
@ 2024-01-05 6:10 Sam James
0 siblings, 0 replies; 18+ messages in thread
From: Sam James @ 2024-01-05 6:10 UTC (permalink / raw
To: gentoo-commits
commit: 2b070cd4a9b495cee874b94964391472fc795aaf
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Jan 5 06:09:51 2024 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Jan 5 06:10:06 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2b070cd4
net-misc/curl: drop 8.3.0-r2
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-misc/curl/Manifest | 2 -
net-misc/curl/curl-8.3.0-r2.ebuild | 363 ---------------------
.../curl/files/curl-8.3.0-CVE-2023-38545.patch | 136 --------
.../curl/files/curl-8.3.0-CVE-2023-38546.patch | 131 --------
.../curl/files/curl-8.3.0-tests-arm-musl.patch | 115 -------
5 files changed, 747 deletions(-)
diff --git a/net-misc/curl/Manifest b/net-misc/curl/Manifest
index cf734b415f1c..7a6c28ff0f54 100644
--- a/net-misc/curl/Manifest
+++ b/net-misc/curl/Manifest
@@ -1,5 +1,3 @@
-DIST curl-8.3.0.tar.xz 2641764 BLAKE2B 6875b20e27ed86f9b6ab256210d85e9fb3b39645e8be710b2e6fe29fba40220f870e06bc21e8a92244670fed0a08c7716e4806a267ede49c4ed6d66e03f5fcd4 SHA512 6404b4c74fe1185cb482631ca3a143996cb7298d0d8a76bfafd7696e7729c00559999a069bdba782dee3f3eb273fb678a4438cb27d3deca54022878cdff83a51
-DIST curl-8.3.0.tar.xz.asc 488 BLAKE2B ef5a749e579710d45db9f73da0cbcb58d77a9dfe73be622536496997fa792fe5cbd0331a31f01e21cbdb36c6384dca44baa647c9f3d20effabb5bfc275b1b491 SHA512 b7d45722640ac50181b20a6d663168ec6eec6691c5604ddfe9c7177f07da598cb2de688c631043dc428c311774d781ccd16bd1e2fb4f038be651e3bee383aec4
DIST curl-8.4.0.tar.xz 2658376 BLAKE2B ea5ebecc3c1aeac3ae8fd0cf7d8ff3298149b9c4c556fb85ed8d9310e3613228eb6fca133b0dfb9268988f93d694779fab8d53510cfa5710c1320bb6638f05eb SHA512 7027dbf3b759b39d6ec9c4da58fadd254e84bb93bff599541b3bc3135bad4c2955c6237d7ddd60973f9f1a6948bc32d7e312985fb50658bc958b9f22fee74f2b
DIST curl-8.4.0.tar.xz.asc 488 BLAKE2B 0fd4ea46a0942b9bc440e91e8f9323bba6d0eb02fbc87c227004c90e5be14cc644446bc235ab67f857b617975cdeada6ce38a647da9e0bd783e57d58f354cdb4 SHA512 b8b7a5b76be816e7b1552354f267f335fdc608cdadbd2c40ab44faf6450c6bbd2853b6de5c2746a1292aad33a8ee1c367380d32bb1a8282540b38c3b985a320e
DIST curl-8.5.0.tar.xz 2658520 BLAKE2B cfd591f9703b9c63712dbe74494b05a80ce5a4fc4f8fc0fbf57058578eed5f33d71277f688d5d9f409bcd82e3a4cacaa5615a44f2a7c554559c6be7dd5188893 SHA512 acffa2cf61d9b8e4188575a1b40227da8d722df2e5fe8bb82a222b4eb2fd64bf8aebd90852ce050c79fb5e517d5cee2546bf7de92ede1dd394263e231cb741a3
diff --git a/net-misc/curl/curl-8.3.0-r2.ebuild b/net-misc/curl/curl-8.3.0-r2.ebuild
deleted file mode 100644
index 350d4acf5b7c..000000000000
--- a/net-misc/curl/curl-8.3.0-r2.ebuild
+++ /dev/null
@@ -1,363 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/danielstenberg.asc
-inherit autotools multilib-minimal multiprocessing prefix toolchain-funcs verify-sig
-
-DESCRIPTION="A Client that groks URLs"
-HOMEPAGE="https://curl.se/"
-
-if [[ ${PV} == 9999 ]]; then
- inherit git-r3
- EGIT_REPO_URI="https://github.com/curl/curl.git"
-else
- SRC_URI="
- https://curl.se/download/${P}.tar.xz
- verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )
- "
- KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
-fi
-
-LICENSE="BSD curl ISC test? ( BSD-4 )"
-SLOT="0"
-IUSE="+adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap kerberos ldap mbedtls +openssl +pop3 +progress-meter rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd"
-# These select the default SSL implementation
-IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls"
-IUSE+=" nghttp3"
-RESTRICT="!test? ( test )"
-
-# Only one default ssl provider can be enabled
-# The default ssl provider needs its USE satisfied
-# nghttp3 = https://bugs.gentoo.org/912029
-REQUIRED_USE="
- ssl? (
- ^^ (
- curl_ssl_gnutls
- curl_ssl_mbedtls
- curl_ssl_openssl
- curl_ssl_rustls
- )
- )
- curl_ssl_gnutls? ( gnutls )
- curl_ssl_mbedtls? ( mbedtls )
- curl_ssl_openssl? ( openssl )
- curl_ssl_rustls? ( rustls )
- nghttp3? ( !openssl )
-"
-
-# cURL's docs and CI/CD are great resources for confirming supported versions
-# particulary for fast-moving targets like HTTP/2 and TCP/2 e.g.:
-# - https://github.com/curl/curl/blob/master/docs/HTTP3.md
-# - https://github.com/curl/curl/blob/master/.github/workflows/quiche-linux.yml
-# However 'supported' vs 'works' are two entirely different things; be sane but
-# don't be afraid to require a later version.
-
-RDEPEND="
- sys-libs/zlib[${MULTILIB_USEDEP}]
- adns? ( net-dns/c-ares:=[${MULTILIB_USEDEP}] )
- brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
- http2? ( >=net-libs/nghttp2-1.12.0:=[${MULTILIB_USEDEP}] )
- idn? ( net-dns/libidn2:=[static-libs?,${MULTILIB_USEDEP}] )
- kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
- ldap? ( net-nds/openldap:=[static-libs?,${MULTILIB_USEDEP}] )
- nghttp3? (
- >=net-libs/nghttp3-0.15.0[${MULTILIB_USEDEP}]
- >=net-libs/ngtcp2-0.19.1[gnutls,ssl,-openssl,${MULTILIB_USEDEP}]
- )
- rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
- ssh? ( net-libs/libssh2[${MULTILIB_USEDEP}] )
- ssl? (
- gnutls? (
- app-misc/ca-certificates
- net-libs/gnutls:=[static-libs?,${MULTILIB_USEDEP}]
- dev-libs/nettle:=[${MULTILIB_USEDEP}]
- )
- mbedtls? (
- app-misc/ca-certificates
- net-libs/mbedtls:=[${MULTILIB_USEDEP}]
- )
- openssl? (
- dev-libs/openssl:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
- )
- rustls? (
- net-libs/rustls-ffi:=[${MULTILIB_USEDEP}]
- )
- )
- zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )
-"
-
-DEPEND="${RDEPEND}"
-
-BDEPEND="
- dev-lang/perl
- virtual/pkgconfig
- test? (
- sys-apps/diffutils
- http2? ( >=net-libs/nghttp2-1.15.0:=[utils,${MULTILIB_USEDEP}] )
- nghttp3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] )
- )
- verify-sig? ( sec-keys/openpgp-keys-danielstenberg )
-"
-
-DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
-
-MULTILIB_WRAPPED_HEADERS=(
- /usr/include/curl/curlbuild.h
-)
-
-MULTILIB_CHOST_TOOLS=(
- /usr/bin/curl-config
-)
-
-QA_CONFIG_IMPL_DECL_SKIP=(
- __builtin_available
- closesocket
- CloseSocket
- getpass_r
- ioctlsocket
- IoctlSocket
- mach_absolute_time
- setmode
-)
-
-PATCHES=(
- "${FILESDIR}"/${PN}-prefix.patch
- "${FILESDIR}"/${PN}-respect-cflags-3.patch
- "${FILESDIR}"/${P}-tests-arm-musl.patch
- "${FILESDIR}"/${P}-CVE-2023-38545.patch
- "${FILESDIR}"/${P}-CVE-2023-38546.patch
-)
-
-src_prepare() {
- default
-
- eprefixify curl-config.in
- eautoreconf
-}
-
-multilib_src_configure() {
- # We make use of the fact that later flags override earlier ones
- # So start with all ssl providers off until proven otherwise
- # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
- local myconf=()
-
- myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
- if use ssl; then
- myconf+=( --without-gnutls --without-mbedtls --without-rustls )
-
- if use gnutls; then
- multilib_is_native_abi && einfo "SSL provided by gnutls"
- myconf+=( --with-gnutls )
- fi
- if use mbedtls; then
- multilib_is_native_abi && einfo "SSL provided by mbedtls"
- myconf+=( --with-mbedtls )
- fi
- if use openssl; then
- multilib_is_native_abi && einfo "SSL provided by openssl"
- myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
- fi
- if use rustls; then
- multilib_is_native_abi && einfo "SSL provided by rustls"
- myconf+=( --with-rustls )
- fi
- if use curl_ssl_gnutls; then
- multilib_is_native_abi && einfo "Default SSL provided by gnutls"
- myconf+=( --with-default-ssl-backend=gnutls )
- elif use curl_ssl_mbedtls; then
- multilib_is_native_abi && einfo "Default SSL provided by mbedtls"
- myconf+=( --with-default-ssl-backend=mbedtls )
- elif use curl_ssl_openssl; then
- multilib_is_native_abi && einfo "Default SSL provided by openssl"
- myconf+=( --with-default-ssl-backend=openssl )
- elif use curl_ssl_rustls; then
- multilib_is_native_abi && einfo "Default SSL provided by rustls"
- myconf+=( --with-default-ssl-backend=rustls )
- else
- eerror "We can't be here because of REQUIRED_USE."
- die "Please file a bug, hit impossible condition w/ USE=ssl handling."
- fi
-
- else
- myconf+=( --without-ssl )
- einfo "SSL disabled"
- fi
-
- # These configuration options are organized alphabetically
- # within each category. This should make it easier if we
- # ever decide to make any of them contingent on USE flags:
- # 1) protocols first. To see them all do
- # 'grep SUPPORT_PROTOCOLS configure.ac'
- # 2) --enable/disable options second.
- # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
- # 3) --with/without options third.
- # grep -- --with configure | grep Check | awk '{ print $4 }' | sort
-
- myconf+=(
- $(use_enable alt-svc)
- --enable-basic-auth
- --enable-bearer-auth
- --enable-digest-auth
- --enable-kerberos-auth
- --enable-negotiate-auth
- --enable-aws
- --enable-dict
- --disable-ech
- --enable-file
- $(use_enable ftp)
- $(use_enable gopher)
- $(use_enable hsts)
- --enable-http
- $(use_enable imap)
- $(use_enable ldap)
- $(use_enable ldap ldaps)
- --enable-ntlm
- --disable-ntlm-wb
- $(use_enable pop3)
- --enable-rt
- --enable-rtsp
- $(use_enable samba smb)
- $(use_with ssh libssh2)
- $(use_enable smtp)
- $(use_enable telnet)
- $(use_enable tftp)
- --enable-tls-srp
- $(use_enable adns ares)
- --enable-cookies
- --enable-dateparse
- --enable-dnsshuffle
- --enable-doh
- --enable-symbol-hiding
- --enable-http-auth
- --enable-ipv6
- --enable-largefile
- --enable-manual
- --enable-mime
- --enable-netrc
- $(use_enable progress-meter)
- --enable-proxy
- --enable-socketpair
- --disable-sspi
- $(use_enable static-libs static)
- --enable-pthreads
- --enable-threaded-resolver
- --disable-versioned-symbols
- --without-amissl
- --without-bearssl
- $(use_with brotli)
- --with-fish-functions-dir="${EPREFIX}"/usr/share/fish/vendor_completions.d
- $(use_with http2 nghttp2)
- --without-hyper
- $(use_with idn libidn2)
- $(use_with kerberos gssapi "${EPREFIX}"/usr)
- --without-libgsasl
- --without-libpsl
- --without-msh3
- $(use_with nghttp3)
- $(use_with nghttp3 ngtcp2)
- --without-quiche
- $(use_with rtmp librtmp)
- --without-schannel
- --without-secure-transport
- --without-test-caddy
- --without-test-httpd
- --without-test-nghttpx
- $(use_enable websockets)
- --without-winidn
- --without-wolfssl
- --with-zlib
- $(use_with zstd)
- --with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions
- )
-
- if use test && multilib_is_native_abi && ( use http2 || use nghttp3 ); then
- myconf+=(
- --with-test-nghttpx="${BROOT}/usr/bin/nghttpx"
- )
- fi
-
- if [[ ${CHOST} == *mingw* ]] ; then
- myconf+=(
- --disable-pthreads
- )
- fi
-
- ECONF_SOURCE="${S}" econf "${myconf[@]}"
-
- if ! multilib_is_native_abi; then
- # Avoid building the client (we just want libcurl for multilib)
- sed -i -e '/SUBDIRS/s:src::' Makefile || die
- sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
- fi
-
- # Fix up the pkg-config file to be more robust.
- # https://github.com/curl/curl/issues/864
- local priv=() libs=()
- # We always enable zlib.
- libs+=( "-lz" )
- priv+=( "zlib" )
- if use http2; then
- libs+=( "-lnghttp2" )
- priv+=( "libnghttp2" )
- fi
- if use nghttp3; then
- libs+=( "-lnghttp3" "-lngtcp2" )
- priv+=( "libnghttp3" "libngtcp2" )
- fi
- if use ssl && use curl_ssl_openssl; then
- libs+=( "-lssl" "-lcrypto" )
- priv+=( "openssl" )
- fi
- grep -q Requires.private libcurl.pc && die "need to update ebuild"
- libs=$(printf '|%s' "${libs[@]}")
- sed -i -r \
- -e "/^Libs.private/s:(${libs#|})( |$)::g" \
- libcurl.pc || die
- echo "Requires.private: ${priv[*]}" >> libcurl.pc || die
-}
-
-multilib_src_compile() {
- default
-
- if multilib_is_native_abi; then
- # Shell completions
- ! tc-is-cross-compiler && emake -C scripts
- fi
-}
-
-# There is also a pytest harness that tests for bugs in some very specific
-# situations; we can rely on upstream for this rather than adding additional test deps.
-multilib_src_test() {
- # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
- # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
- # -v: verbose
- # -a: keep going on failure (so we see everything which breaks, not just 1st test)
- # -k: keep test files after completion
- # -am: automake style TAP output
- # -p: print logs if test fails
- # Note: if needed, we can skip specific tests. See e.g. Fedora's packaging
- # or just read https://github.com/curl/curl/tree/master/tests#run.
- # Note: we don't run the testsuite for cross-compilation.
- # Upstream recommend 7*nproc as a starting point for parallel tests, but
- # this ends up breaking when nproc is huge (like -j80).
- # The network sandbox causes tests 241 and 1083 to fail; these are typically skipped
- # as most gentoo users don't have an 'ip6-localhost'
- multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p -j$((2*$(makeopts_jobs))) !241 !1083"
-}
-
-multilib_src_install() {
- emake DESTDIR="${D}" install
-
- if multilib_is_native_abi; then
- # Shell completions
- ! tc-is-cross-compiler && emake -C scripts DESTDIR="${D}" install
- fi
-}
-
-multilib_src_install_all() {
- einstalldocs
- find "${ED}" -type f -name '*.la' -delete || die
- rm -rf "${ED}"/etc/ || die
-}
diff --git a/net-misc/curl/files/curl-8.3.0-CVE-2023-38545.patch b/net-misc/curl/files/curl-8.3.0-CVE-2023-38545.patch
deleted file mode 100644
index 04603a8c01dc..000000000000
--- a/net-misc/curl/files/curl-8.3.0-CVE-2023-38545.patch
+++ /dev/null
@@ -1,136 +0,0 @@
-https://bugs.gentoo.org/915195
-
-From 1e1f915b73ab0895a68348ad1f96a5283a44ffd7 Mon Sep 17 00:00:00 2001
-From: Jay Satiro <raysatiro@yahoo.com>
-Date: Mon, 9 Oct 2023 17:45:07 -0400
-Subject: [PATCH] socks: return error if hostname too long for remote resolve
-
-Prior to this change the state machine attempted to change the remote
-resolve to a local resolve if the hostname was longer than 255
-characters. Unfortunately that did not work as intended and caused a
-security issue.
-
-This patch applies to curl versions 8.2.0 - 8.3.0. Other versions
-that are affected take a different patch. Refer to the CVE advisory
-for more information.
-
-Bug: https://curl.se/docs/CVE-2023-38545.html
----
- lib/socks.c | 8 +++----
- tests/data/Makefile.inc | 2 +-
- tests/data/test728 | 64 +++++++++++++++++++++++++++++++++++++++++++++++++
- 3 files changed, 69 insertions(+), 5 deletions(-)
- create mode 100644 tests/data/test728
-
-diff --git a/lib/socks.c b/lib/socks.c
-index 25a3578..3d41c93 100644
---- a/lib/socks.c
-+++ b/lib/socks.c
-@@ -588,9 +588,9 @@ static CURLproxycode do_SOCKS5(struct Curl_cfilter *cf,
-
- /* RFC1928 chapter 5 specifies max 255 chars for domain name in packet */
- if(!socks5_resolve_local && hostname_len > 255) {
-- infof(data, "SOCKS5: server resolving disabled for hostnames of "
-- "length > 255 [actual len=%zu]", hostname_len);
-- socks5_resolve_local = TRUE;
-+ failf(data, "SOCKS5: the destination hostname is too long to be "
-+ "resolved remotely by the proxy.");
-+ return CURLPX_LONG_HOSTNAME;
- }
-
- if(auth & ~(CURLAUTH_BASIC | CURLAUTH_GSSAPI))
-@@ -904,7 +904,7 @@ CONNECT_RESOLVE_REMOTE:
- }
- else {
- socksreq[len++] = 3;
-- socksreq[len++] = (char) hostname_len; /* one byte address length */
-+ socksreq[len++] = (unsigned char) hostname_len; /* one byte length */
- memcpy(&socksreq[len], sx->hostname, hostname_len); /* w/o NULL */
- len += hostname_len;
- }
-diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
-index 8ee1394..3e2094e 100644
---- a/tests/data/Makefile.inc
-+++ b/tests/data/Makefile.inc
-@@ -100,7 +100,7 @@ test679 test680 test681 test682 test683 test684 test685 test686 \
- \
- test700 test701 test702 test703 test704 test705 test706 test707 test708 \
- test709 test710 test711 test712 test713 test714 test715 test716 test717 \
--test718 test719 test720 test721 \
-+test718 test719 test720 test721 test728 \
- \
- test799 test800 test801 test802 test803 test804 test805 test806 test807 \
- test808 test809 test810 test811 test812 test813 test814 test815 test816 \
-diff --git a/tests/data/test728 b/tests/data/test728
-new file mode 100644
-index 0000000..05bcf28
---- /dev/null
-+++ b/tests/data/test728
-@@ -0,0 +1,64 @@
-+<testcase>
-+<info>
-+<keywords>
-+HTTP
-+HTTP GET
-+SOCKS5
-+SOCKS5h
-+followlocation
-+</keywords>
-+</info>
-+
-+#
-+# Server-side
-+<reply>
-+# The hostname in this redirect is 256 characters and too long (> 255) for
-+# SOCKS5 remote resolve. curl must return error CURLE_PROXY in this case.
-+<data>
-+HTTP/1.1 301 Moved Permanently
-+Location: http://AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/
-+Content-Length: 0
-+Connection: close
-+
-+</data>
-+</reply>
-+
-+#
-+# Client-side
-+<client>
-+<features>
-+proxy
-+</features>
-+<server>
-+http
-+socks5
-+</server>
-+ <name>
-+SOCKS5h with HTTP redirect to hostname too long
-+ </name>
-+ <command>
-+--no-progress-meter --location --proxy socks5h://%HOSTIP:%SOCKSPORT http://%HOSTIP:%HTTPPORT/%TESTNUMBER
-+</command>
-+</client>
-+
-+#
-+# Verify data after the test has been "shot"
-+<verify>
-+<protocol crlf="yes">
-+GET /%TESTNUMBER HTTP/1.1
-+Host: %HOSTIP:%HTTPPORT
-+User-Agent: curl/%VERSION
-+Accept: */*
-+
-+</protocol>
-+<errorcode>
-+97
-+</errorcode>
-+# the error message is verified because error code CURLE_PROXY (97) may be
-+# returned for any number of reasons and we need to make sure it is
-+# specifically for the reason below so that we know the check is working.
-+<stderr mode="text">
-+curl: (97) SOCKS5: the destination hostname is too long to be resolved remotely by the proxy.
-+</stderr>
-+</verify>
-+</testcase>
---
-2.7.4
-
diff --git a/net-misc/curl/files/curl-8.3.0-CVE-2023-38546.patch b/net-misc/curl/files/curl-8.3.0-CVE-2023-38546.patch
deleted file mode 100644
index 615ab26cb2a8..000000000000
--- a/net-misc/curl/files/curl-8.3.0-CVE-2023-38546.patch
+++ /dev/null
@@ -1,131 +0,0 @@
-https://bugs.gentoo.org/915195
-https://github.com/curl/curl/commit/61275672b46d9abb3285740467b882e22ed75da8
-
-From 61275672b46d9abb3285740467b882e22ed75da8 Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Thu, 14 Sep 2023 23:28:32 +0200
-Subject: [PATCH] cookie: remove unnecessary struct fields
-
-Plus: reduce the hash table size from 256 to 63. It seems unlikely to
-make much of a speed difference for most use cases but saves 1.5KB of
-data per instance.
-
-Closes #11862
----
- lib/cookie.c | 13 +------------
- lib/cookie.h | 13 ++++---------
- lib/easy.c | 4 +---
- 3 files changed, 6 insertions(+), 24 deletions(-)
-
-diff --git a/lib/cookie.c b/lib/cookie.c
-index 4345a84c6fd9d..e39c89a94a960 100644
---- a/lib/cookie.c
-+++ b/lib/cookie.c
-@@ -119,7 +119,6 @@ static void freecookie(struct Cookie *co)
- free(co->name);
- free(co->value);
- free(co->maxage);
-- free(co->version);
- free(co);
- }
-
-@@ -718,11 +717,7 @@ Curl_cookie_add(struct Curl_easy *data,
- }
- }
- else if((nlen == 7) && strncasecompare("version", namep, 7)) {
-- strstore(&co->version, valuep, vlen);
-- if(!co->version) {
-- badcookie = TRUE;
-- break;
-- }
-+ /* just ignore */
- }
- else if((nlen == 7) && strncasecompare("max-age", namep, 7)) {
- /*
-@@ -1160,7 +1155,6 @@ Curl_cookie_add(struct Curl_easy *data,
- free(clist->path);
- free(clist->spath);
- free(clist->expirestr);
-- free(clist->version);
- free(clist->maxage);
-
- *clist = *co; /* then store all the new data */
-@@ -1224,9 +1218,6 @@ struct CookieInfo *Curl_cookie_init(struct Curl_easy *data,
- c = calloc(1, sizeof(struct CookieInfo));
- if(!c)
- return NULL; /* failed to get memory */
-- c->filename = strdup(file?file:"none"); /* copy the name just in case */
-- if(!c->filename)
-- goto fail; /* failed to get memory */
- /*
- * Initialize the next_expiration time to signal that we don't have enough
- * information yet.
-@@ -1378,7 +1369,6 @@ static struct Cookie *dup_cookie(struct Cookie *src)
- CLONE(name);
- CLONE(value);
- CLONE(maxage);
-- CLONE(version);
- d->expires = src->expires;
- d->tailmatch = src->tailmatch;
- d->secure = src->secure;
-@@ -1595,7 +1585,6 @@ void Curl_cookie_cleanup(struct CookieInfo *c)
- {
- if(c) {
- unsigned int i;
-- free(c->filename);
- for(i = 0; i < COOKIE_HASH_SIZE; i++)
- Curl_cookie_freelist(c->cookies[i]);
- free(c); /* free the base struct as well */
-diff --git a/lib/cookie.h b/lib/cookie.h
-index b3c0063b2cfb2..41e9e7a6914e0 100644
---- a/lib/cookie.h
-+++ b/lib/cookie.h
-@@ -36,11 +36,7 @@ struct Cookie {
- char *domain; /* domain = <this> */
- curl_off_t expires; /* expires = <this> */
- char *expirestr; /* the plain text version */
--
-- /* RFC 2109 keywords. Version=1 means 2109-compliant cookie sending */
-- char *version; /* Version = <value> */
- char *maxage; /* Max-Age = <value> */
--
- bool tailmatch; /* whether we do tail-matching of the domain name */
- bool secure; /* whether the 'secure' keyword was used */
- bool livecookie; /* updated from a server, not a stored file */
-@@ -56,17 +52,16 @@ struct Cookie {
- #define COOKIE_PREFIX__SECURE (1<<0)
- #define COOKIE_PREFIX__HOST (1<<1)
-
--#define COOKIE_HASH_SIZE 256
-+#define COOKIE_HASH_SIZE 63
-
- struct CookieInfo {
- /* linked list of cookies we know of */
- struct Cookie *cookies[COOKIE_HASH_SIZE];
-- char *filename; /* file we read from/write to */
-- long numcookies; /* number of cookies in the "jar" */
-+ curl_off_t next_expiration; /* the next time at which expiration happens */
-+ int numcookies; /* number of cookies in the "jar" */
-+ int lastct; /* last creation-time used in the jar */
- bool running; /* state info, for cookie adding information */
- bool newsession; /* new session, discard session cookies on load */
-- int lastct; /* last creation-time used in the jar */
-- curl_off_t next_expiration; /* the next time at which expiration happens */
- };
-
- /* The maximum sizes we accept for cookies. RFC 6265 section 6.1 says
-diff --git a/lib/easy.c b/lib/easy.c
-index 16bbd35251d40..03195481f9780 100644
---- a/lib/easy.c
-+++ b/lib/easy.c
-@@ -925,9 +925,7 @@ struct Curl_easy *curl_easy_duphandle(struct Curl_easy *data)
- if(data->cookies) {
- /* If cookies are enabled in the parent handle, we enable them
- in the clone as well! */
-- outcurl->cookies = Curl_cookie_init(data,
-- data->cookies->filename,
-- outcurl->cookies,
-+ outcurl->cookies = Curl_cookie_init(data, NULL, outcurl->cookies,
- data->set.cookiesession);
- if(!outcurl->cookies)
- goto fail;
diff --git a/net-misc/curl/files/curl-8.3.0-tests-arm-musl.patch b/net-misc/curl/files/curl-8.3.0-tests-arm-musl.patch
deleted file mode 100644
index e07c13a04766..000000000000
--- a/net-misc/curl/files/curl-8.3.0-tests-arm-musl.patch
+++ /dev/null
@@ -1,115 +0,0 @@
-https://github.com/curl/curl/issues/11900
-https://github.com/curl/curl/commit/b226bd679a68b8bf94cbb6d58837f00251560e63
-https://github.com/curl/curl/commit/9c7165e96a3a9a2d0b7059c87c699b5ca8cdae93
-
-From b226bd679a68b8bf94cbb6d58837f00251560e63 Mon Sep 17 00:00:00 2001
-From: Natanael Copa <ncopa@alpinelinux.org>
-Date: Mon, 25 Sep 2023 13:03:26 +0200
-Subject: [PATCH] configure: sort AC_CHECK_FUNCS
-
-No functional changes.
----
- configure.ac | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 2fc9f2f01783c..a6f9066a133a4 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -3583,8 +3583,10 @@ AC_CHECK_DECLS([getpwuid_r], [], [AC_DEFINE(HAVE_DECL_GETPWUID_R_MISSING, 1, "Se
- #include <sys/types.h>]])
-
-
--AC_CHECK_FUNCS([fnmatch \
-+AC_CHECK_FUNCS([\
-+ arc4random \
- fchmod \
-+ fnmatch \
- fork \
- geteuid \
- getpass_r \
-@@ -3604,7 +3606,6 @@ AC_CHECK_FUNCS([fnmatch \
- snprintf \
- utime \
- utimes \
-- arc4random
- ],[
- ],[
- func="$ac_func"
-
-From 9c7165e96a3a9a2d0b7059c87c699b5ca8cdae93 Mon Sep 17 00:00:00 2001
-From: Natanael Copa <ncopa@alpinelinux.org>
-Date: Fri, 22 Sep 2023 13:58:49 +0000
-Subject: [PATCH] lib: use wrapper for curl_mime_data fseek callback
-
-fseek uses long offset which does not match with curl_off_t. This leads
-to undefined behavior when calling the callback and caused failure on
-arm 32 bit.
-
-Use a wrapper to solve this and use fseeko which uses off_t instead of
-long.
-
-Thanks to the nice people at Libera IRC #musl for helping finding this
-out.
-
-Fixes #11882
-Fixes #11900
-Closes #11918
----
- configure.ac | 2 ++
- lib/formdata.c | 17 +++++++++++++++--
- 3 files changed, 20 insertions(+), 2 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index a6f9066a133a4..5fa7c45c47430 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -3584,10 +3584,12 @@ AC_CHECK_DECLS([getpwuid_r], [], [AC_DEFINE(HAVE_DECL_GETPWUID_R_MISSING, 1, "Se
-
-
- AC_CHECK_FUNCS([\
-+ _fseeki64 \
- arc4random \
- fchmod \
- fnmatch \
- fork \
-+ fseeko \
- geteuid \
- getpass_r \
- getppid \
-diff --git a/lib/formdata.c b/lib/formdata.c
-index 8984b63223cc0..f370ce6854b5f 100644
---- a/lib/formdata.c
-+++ b/lib/formdata.c
-@@ -789,6 +789,20 @@ static CURLcode setname(curl_mimepart *part, const char *name, size_t len)
- return res;
- }
-
-+/* wrap call to fseeko so it matches the calling convetion of callback */
-+static int fseeko_wrapper(void *stream, curl_off_t offset, int whence)
-+{
-+#if defined(HAVE_FSEEKO)
-+ return fseeko(stream, (off_t)offset, whence);
-+#elif defined(HAVE__FSEEKI64)
-+ return _fseeki64(stream, (__int64)offset, whence);
-+#else
-+ if(offset > LONG_MAX)
-+ return -1;
-+ return fseek(stream, (long)offset, whence);
-+#endif
-+}
-+
- /*
- * Curl_getformdata() converts a linked list of "meta data" into a mime
- * structure. The input list is in 'post', while the output is stored in
-@@ -874,8 +888,7 @@ CURLcode Curl_getformdata(struct Curl_easy *data,
- compatibility: use of "-" pseudo file name should be avoided. */
- result = curl_mime_data_cb(part, (curl_off_t) -1,
- (curl_read_callback) fread,
-- CURLX_FUNCTION_CAST(curl_seek_callback,
-- fseek),
-+ fseeko_wrapper,
- NULL, (void *) stdin);
- }
- else
-
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/curl/files/, net-misc/curl/
@ 2024-03-31 6:04 Matt Jolly
0 siblings, 0 replies; 18+ messages in thread
From: Matt Jolly @ 2024-03-31 6:04 UTC (permalink / raw
To: gentoo-commits
commit: 7046fc5e9c466101184aba00716f9c666c9ca680
Author: Matt Jolly <kangie <AT> gentoo <DOT> org>
AuthorDate: Fri Mar 29 00:27:03 2024 +0000
Commit: Matt Jolly <kangie <AT> gentoo <DOT> org>
CommitDate: Sun Mar 31 05:51:20 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7046fc5e
net-misc/curl: backport rustls detection fix
Closes: https://bugs.gentoo.org/919396
Signed-off-by: Matt Jolly <kangie <AT> gentoo.org>
net-misc/curl/curl-8.5.0-r3.ebuild | 2 +-
net-misc/curl/curl-8.6.0-r1.ebuild | 3 +-
.../curl-8.6.0-backport-rustls-detection.patch | 256 +++++++++++++++++++++
3 files changed, 259 insertions(+), 2 deletions(-)
diff --git a/net-misc/curl/curl-8.5.0-r3.ebuild b/net-misc/curl/curl-8.5.0-r3.ebuild
index 2ec6057d272b..d9c017b22b2b 100644
--- a/net-misc/curl/curl-8.5.0-r3.ebuild
+++ b/net-misc/curl/curl-8.5.0-r3.ebuild
@@ -86,7 +86,7 @@ RDEPEND="
>=dev-libs/openssl-0.9.7:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
)
rustls? (
- net-libs/rustls-ffi:=[${MULTILIB_USEDEP}]
+ ~net-libs/rustls-ffi-0.10.0:=[${MULTILIB_USEDEP}]
)
)
zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )
diff --git a/net-misc/curl/curl-8.6.0-r1.ebuild b/net-misc/curl/curl-8.6.0-r1.ebuild
index ec36bfb60122..f48e3df12d7c 100644
--- a/net-misc/curl/curl-8.6.0-r1.ebuild
+++ b/net-misc/curl/curl-8.6.0-r1.ebuild
@@ -86,7 +86,7 @@ RDEPEND="
>=dev-libs/openssl-0.9.7:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
)
rustls? (
- net-libs/rustls-ffi:=[${MULTILIB_USEDEP}]
+ ~net-libs/rustls-ffi-0.10.0:=[${MULTILIB_USEDEP}]
)
)
zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )
@@ -131,6 +131,7 @@ PATCHES=(
"${FILESDIR}"/${PN}-prefix.patch
"${FILESDIR}"/${PN}-respect-cflags-3.patch
"${FILESDIR}"/${P}-vtls-revert-receive-max-buffer-add-test-case.patch
+ "${FILESDIR}"/${P}-backport-rustls-detection.patch
)
src_prepare() {
diff --git a/net-misc/curl/files/curl-8.6.0-backport-rustls-detection.patch b/net-misc/curl/files/curl-8.6.0-backport-rustls-detection.patch
new file mode 100644
index 000000000000..5d7b3a23c2c9
--- /dev/null
+++ b/net-misc/curl/files/curl-8.6.0-backport-rustls-detection.patch
@@ -0,0 +1,256 @@
+https://github.com/curl/curl/commit/647e86a3efe1eea7a2a456c009cfe1eb55fe48eb
+https://github.com/curl/curl/pull/13202
+From: Matt Jolly <Matt.Jolly@footclan.ninja>
+Date: Fri, 29 Mar 2024 09:58:14 +1000
+Subject: [PATCH] curl-rustls.m4: add pkg-config support to rustls detection
+
+Based on the existing openssl pkg-config detection, this commit tries to
+use pkg-config to find `rustls` then falls back to the current approach
+if that fails.
+
+We use the following logic:
+
+- if no path is provided, just use pkg-config, if it's not there we have
+ a problem!
+- if a path is provided, try pkg-config
+ + if pkg-config fails, try and find rustls directly
+---
+ m4/curl-rustls.m4 | 209 ++++++++++++++++++++++++++++++++--------------
+ 1 file changed, 145 insertions(+), 64 deletions(-)
+
+diff --git a/m4/curl-rustls.m4 b/m4/curl-rustls.m4
+index 75542e4..902327a 100644
+--- a/m4/curl-rustls.m4
++++ b/m4/curl-rustls.m4
+@@ -28,84 +28,165 @@ dnl check for rustls
+ dnl ----------------------------------------------------
+
+ if test "x$OPT_RUSTLS" != xno; then
+- _cppflags=$CPPFLAGS
+- _ldflags=$LDFLAGS
+ ssl_msg=
+
+- if test X"$OPT_RUSTLS" != Xno; then
++ dnl backup the pre-ssl variables
++ CLEANLDFLAGS="$LDFLAGS"
++ CLEANCPPFLAGS="$CPPFLAGS"
+
+- if test "$OPT_RUSTLS" = "yes"; then
+- OPT_RUSTLS=""
+- fi
++ case $host_os in
++ darwin*)
++ LDFLAGS="$LDFLAGS -framework Security"
++ ;;
++ *)
++ ;;
++ esac
++ ## NEW CODE
+
+- case $host_os in
+- darwin*)
+- LDFLAGS="$LDFLAGS -framework Security"
+- ;;
+- *)
+- ;;
+- esac
+-
+- if test -z "$OPT_RUSTLS" ; then
+- dnl check for lib first without setting any new path
+-
+- AC_CHECK_LIB(rustls, rustls_client_session_read,
+- dnl librustls found, set the variable
+- [
+- AC_DEFINE(USE_RUSTLS, 1, [if rustls is enabled])
+- AC_SUBST(USE_RUSTLS, [1])
+- RUSTLS_ENABLED=1
+- USE_RUSTLS="yes"
+- ssl_msg="rustls"
+- test rustls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
+- ], [], -lpthread -ldl -lm)
+- fi
++ dnl use pkg-config unless we have been given a path
++ dnl even then, try pkg-config first
+
+- if test "x$USE_RUSTLS" != "xyes"; then
+- dnl add the path and test again
+- addld=-L$OPT_RUSTLS/lib$libsuff
+- addcflags=-I$OPT_RUSTLS/include
+- rustlslib=$OPT_RUSTLS/lib$libsuff
++ case "$OPT_RUSTLS" in
++ yes)
++ dnl --with-rustls (without path) used
++ PKGTEST="yes"
++ PREFIX_RUSTLS=
++ ;;
++ *)
++ dnl check the provided --with-rustls path
++ PKGTEST="no"
++ PREFIX_RUSTLS=$OPT_RUSTLS
+
+- LDFLAGS="$LDFLAGS $addld"
+- if test "$addcflags" != "-I/usr/include"; then
+- CPPFLAGS="$CPPFLAGS $addcflags"
++ dnl Try pkg-config even when cross-compiling. Since we
++ dnl specify PKG_CONFIG_LIBDIR we are only looking where
++ dnl the user told us to look
++
++ RUSTLS_PCDIR="$PREFIX_RUSTLS/lib/pkgconfig"
++ if test -f "$RUSTLS_PCDIR/rustls.pc"; then
++ AC_MSG_NOTICE([PKG_CONFIG_LIBDIR will be set to "$RUSTLS_PCDIR"])
++ PKGTEST="yes"
+ fi
+
+- AC_CHECK_LIB(rustls, rustls_connection_read,
+- [
+- AC_DEFINE(USE_RUSTLS, 1, [if rustls is enabled])
+- AC_SUBST(USE_RUSTLS, [1])
+- RUSTLS_ENABLED=1
+- USE_RUSTLS="yes"
+- ssl_msg="rustls"
+- test rustls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
+- ],
+- AC_MSG_ERROR([--with-rustls was specified but could not find rustls.]),
+- -lpthread -ldl -lm)
+- fi
++ if test "$PKGTEST" != "yes"; then
++ # try lib64 instead
++ RUSTLS_PCDIR="$PREFIX_RUSTLS/lib64/pkgconfig"
++ if test -f "$RUSTLS_PCDIR/rustls.pc"; then
++ AC_MSG_NOTICE([PKG_CONFIG_LIBDIR will be set to "$RUSTLS_PCDIR"])
++ PKGTEST="yes"
++ fi
++ fi
++
++ if test "$PKGTEST" != "yes"; then
++ dnl pkg-config came up empty, use what we got
++ dnl via --with-rustls
+
+- if test "x$USE_RUSTLS" = "xyes"; then
+- AC_MSG_NOTICE([detected rustls])
+- check_for_ca_bundle=1
+-
+- LIBS="-lrustls -lpthread -ldl -lm $LIBS"
+-
+- if test -n "$rustlslib"; then
+- dnl when shared libs were found in a path that the run-time
+- dnl linker doesn't search through, we need to add it to
+- dnl CURL_LIBRARY_PATH to prevent further configure tests to fail
+- dnl due to this
+- if test "x$cross_compiling" != "xyes"; then
+- CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$rustlslib"
+- export CURL_LIBRARY_PATH
+- AC_MSG_NOTICE([Added $rustlslib to CURL_LIBRARY_PATH])
++ addld=-L$PREFIX_RUSTLS/lib$libsuff
++ addcflags=-I$PREFIX_RUSTLS/include
++
++ LDFLAGS="$LDFLAGS $addld"
++ if test "$addcflags" != "-I/usr/include"; then
++ CPPFLAGS="$CPPFLAGS $addcflags"
++ fi
++
++ AC_CHECK_LIB(rustls, rustls_connection_read,
++ [
++ AC_DEFINE(USE_RUSTLS, 1, [if rustls is enabled])
++ AC_SUBST(USE_RUSTLS, [1])
++ RUSTLS_ENABLED=1
++ USE_RUSTLS="yes"
++ ssl_msg="rustls"
++ test rustls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
++ ],
++ AC_MSG_ERROR([--with-rustls was specified but could not find rustls.]),
++ -lpthread -ldl -lm)
++
++ USE_RUSTLS="yes"
++ ssl_msg="rustls"
++
++ LIB_RUSTLS="$PREFIX_RUSTLS/lib$libsuff"
++ if test "$PREFIX_RUSTLS" != "/usr" ; then
++ SSL_LDFLAGS="-L$LIB_RUSTLS"
++ SSL_CPPFLAGS="-I$PREFIX_RUSTLS/include"
+ fi
+ fi
++ ;;
++ esac
++
++ if test "$PKGTEST" = "yes"; then
++
++ CURL_CHECK_PKGCONFIG(rustls, [$RUSTLS_PCDIR])
++
++ if test "$PKGCONFIG" != "no" ; then
++ SSL_LIBS=`CURL_EXPORT_PCDIR([$RUSTLS_PCDIR]) dnl
++ $PKGCONFIG --libs-only-l --libs-only-other rustls 2>/dev/null`
++
++ SSL_LDFLAGS=`CURL_EXPORT_PCDIR([$RUSTLS_PCDIR]) dnl
++ $PKGCONFIG --libs-only-L rustls 2>/dev/null`
++
++ SSL_CPPFLAGS=`CURL_EXPORT_PCDIR([$RUSTLS_PCDIR]) dnl
++ $PKGCONFIG --cflags-only-I rustls 2>/dev/null`
++
++ AC_SUBST(SSL_LIBS)
++ AC_MSG_NOTICE([pkg-config: SSL_LIBS: "$SSL_LIBS"])
++ AC_MSG_NOTICE([pkg-config: SSL_LDFLAGS: "$SSL_LDFLAGS"])
++ AC_MSG_NOTICE([pkg-config: SSL_CPPFLAGS: "$SSL_CPPFLAGS"])
++
++ LIB_RUSTLS=`echo $SSL_LDFLAGS | sed -e 's/^-L//'`
++
++ dnl use the values pkg-config reported. This is here
++ dnl instead of below with CPPFLAGS and LDFLAGS because we only
++ dnl learn about this via pkg-config. If we only have
++ dnl the argument to --with-rustls we don't know what
++ dnl additional libs may be necessary. Hope that we
++ dnl don't need any.
++ LIBS="$SSL_LIBS $LIBS"
++ USE_RUSTLS="yes"
++ ssl_msg="rustls"
++ AC_DEFINE(USE_RUSTLS, 1, [if rustls is enabled])
++ AC_SUBST(USE_RUSTLS, [1])
++ RUSTLS_ENABLED=1
++ test rustls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
++ else
++ AC_MSG_ERROR([pkg-config: Could not find rustls])
+ fi
+
+- fi dnl rustls not disabled
++ else
++ dnl we did not use pkg-config, so we need to add the
++ dnl rustls lib to LIBS
++ LIBS="-lrustls -lpthread -ldl -lm $LIBS"
++ fi
++
++ dnl finally, set flags to use this TLS backend
++ CPPFLAGS="$CLEAN_CPPFLAGS $SSL_CPPFLAGS"
++ LDFLAGS="$CLAN_LDFLAGS $SSL_LDFLAGS"
++
++ if test "x$USE_RUSTLS" = "xyes"; then
++ AC_MSG_NOTICE([detected rustls])
++ check_for_ca_bundle=1
++
++ if test -n "$LIB_RUSTLS"; then
++ dnl when shared libs were found in a path that the run-time
++ dnl linker does not search through, we need to add it to
++ dnl CURL_LIBRARY_PATH so that further configure tests do not
++ dnl fail due to this
++ if test "x$cross_compiling" != "xyes"; then
++ CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$LIB_RUSTLS"
++ export CURL_LIBRARY_PATH
++ AC_MSG_NOTICE([Added $LIB_RUSTLS to CURL_LIBRARY_PATH])
++ fi
++ fi
++ fi
+
+ test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
++
++ if test X"$OPT_RUSTLS" != Xno &&
++ test "$RUSTLS_ENABLED" != "1"; then
++ AC_MSG_NOTICE([OPT_RUSTLS: $OPT_RUSTLS])
++ AC_MSG_NOTICE([RUSTLS_ENABLED: $RUSTLS_ENABLED])
++ AC_MSG_ERROR([--with-rustls was given but Rustls could not be detected])
++ fi
+ fi
+ ])
++
++
++RUSTLS_ENABLED
+--
+2.44.0
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/curl/files/, net-misc/curl/
@ 2024-04-01 3:59 Matt Jolly
0 siblings, 0 replies; 18+ messages in thread
From: Matt Jolly @ 2024-04-01 3:59 UTC (permalink / raw
To: gentoo-commits
commit: 2ebfd9734347ec5157a6eb74524eeaf036d7509f
Author: Matt Jolly <kangie <AT> gentoo <DOT> org>
AuthorDate: Sun Mar 31 22:46:34 2024 +0000
Commit: Matt Jolly <kangie <AT> gentoo <DOT> org>
CommitDate: Mon Apr 1 03:53:39 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2ebfd973
net-misc/curl: add 8.7.1-r1
Revbump to fix some runtime issues resulting from a
subtle order-of-operations error in rustls detection via
pkgconfig.
Bug: https://bugs.gentoo.org/928236
Signed-off-by: Matt Jolly <kangie <AT> gentoo.org>
net-misc/curl/curl-8.7.1-r1.ebuild | 369 ++++++++++++++++++++++
net-misc/curl/files/curl-8.7.1-rustls-fixes.patch | 49 +++
2 files changed, 418 insertions(+)
diff --git a/net-misc/curl/curl-8.7.1-r1.ebuild b/net-misc/curl/curl-8.7.1-r1.ebuild
new file mode 100644
index 000000000000..e75203f0ef3f
--- /dev/null
+++ b/net-misc/curl/curl-8.7.1-r1.ebuild
@@ -0,0 +1,369 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/danielstenberg.asc
+inherit autotools multilib-minimal multiprocessing prefix toolchain-funcs verify-sig
+
+DESCRIPTION="A Client that groks URLs"
+HOMEPAGE="https://curl.se/"
+
+if [[ ${PV} == 9999 ]]; then
+ inherit git-r3
+ EGIT_REPO_URI="https://github.com/curl/curl.git"
+else
+ SRC_URI="
+ https://curl.se/download/${P}.tar.xz
+ verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )
+ "
+ KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+fi
+
+LICENSE="BSD curl ISC test? ( BSD-4 )"
+SLOT="0"
+IUSE="+adns +alt-svc brotli +ftp gnutls gopher +hsts +http2 idn +imap kerberos ldap mbedtls nghttp3 +openssl +pop3"
+IUSE+=" +psl +progress-meter rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd"
+# These select the default SSL implementation
+IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls"
+RESTRICT="!test? ( test )"
+
+# Only one default ssl provider can be enabled
+# The default ssl provider needs its USE satisfied
+# nghttp3 = https://bugs.gentoo.org/912029
+REQUIRED_USE="
+ ssl? (
+ ^^ (
+ curl_ssl_gnutls
+ curl_ssl_mbedtls
+ curl_ssl_openssl
+ curl_ssl_rustls
+ )
+ )
+ curl_ssl_gnutls? ( gnutls )
+ curl_ssl_mbedtls? ( mbedtls )
+ curl_ssl_openssl? ( openssl )
+ curl_ssl_rustls? ( rustls )
+ nghttp3? (
+ !openssl
+ alt-svc )
+"
+
+# cURL's docs and CI/CD are great resources for confirming supported versions
+# particulary for fast-moving targets like HTTP/2 and TCP/2 e.g.:
+# - https://github.com/curl/curl/blob/master/docs/INTERNALS.md (core dependencies + minimum versions)
+# - https://github.com/curl/curl/blob/master/docs/HTTP3.md (example of a feature that moves quickly)
+# - https://github.com/curl/curl/blob/master/.github/workflows/quiche-linux.yml (CI/CD for TCP/2)
+# However 'supported' vs 'works' are two entirely different things; be sane but
+# don't be afraid to require a later version.
+
+RDEPEND="
+ >=sys-libs/zlib-1.1.4[${MULTILIB_USEDEP}]
+ adns? ( net-dns/c-ares:=[${MULTILIB_USEDEP}] )
+ brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
+ http2? ( >=net-libs/nghttp2-1.12.0:=[${MULTILIB_USEDEP}] )
+ idn? ( net-dns/libidn2:=[static-libs?,${MULTILIB_USEDEP}] )
+ kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
+ ldap? ( >=net-nds/openldap-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
+ nghttp3? (
+ >=net-libs/nghttp3-0.15.0[${MULTILIB_USEDEP}]
+ >=net-libs/ngtcp2-0.19.1[gnutls,ssl,-openssl,${MULTILIB_USEDEP}]
+ )
+ psl? ( net-libs/libpsl[${MULTILIB_USEDEP}] )
+ rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
+ ssh? ( >=net-libs/libssh2-1.0.0[${MULTILIB_USEDEP}] )
+ ssl? (
+ gnutls? (
+ app-misc/ca-certificates
+ >=net-libs/gnutls-3.1.10:=[static-libs?,${MULTILIB_USEDEP}]
+ dev-libs/nettle:=[${MULTILIB_USEDEP}]
+ )
+ mbedtls? (
+ app-misc/ca-certificates
+ net-libs/mbedtls:=[${MULTILIB_USEDEP}]
+ )
+ openssl? (
+ >=dev-libs/openssl-0.9.7:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
+ )
+ rustls? ( ||
+ (
+ ~net-libs/rustls-0.12.1:=[${MULTILIB_USEDEP}]
+ ~net-libs/rustls-ffi-0.12.2:=[${MULTILIB_USEDEP}]
+ )
+ )
+ )
+ zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )
+"
+
+DEPEND="${RDEPEND}"
+
+BDEPEND="
+ dev-lang/perl
+ virtual/pkgconfig
+ test? (
+ sys-apps/diffutils
+ http2? ( >=net-libs/nghttp2-1.15.0:=[utils,${MULTILIB_USEDEP}] )
+ nghttp3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] )
+ )
+ verify-sig? ( sec-keys/openpgp-keys-danielstenberg )
+"
+
+DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
+
+MULTILIB_WRAPPED_HEADERS=(
+ /usr/include/curl/curlbuild.h
+)
+
+MULTILIB_CHOST_TOOLS=(
+ /usr/bin/curl-config
+)
+
+QA_CONFIG_IMPL_DECL_SKIP=(
+ __builtin_available
+ closesocket
+ CloseSocket
+ getpass_r
+ ioctlsocket
+ IoctlSocket
+ mach_absolute_time
+ setmode
+ _fseeki64
+)
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-prefix.patch
+ "${FILESDIR}"/${PN}-respect-cflags-3.patch
+ "${FILESDIR}"/${PN}-8.7.1-rustls-fixes.patch
+)
+
+src_prepare() {
+ default
+
+ eprefixify curl-config.in
+ eautoreconf
+}
+
+multilib_src_configure() {
+ # We make use of the fact that later flags override earlier ones
+ # So start with all ssl providers off until proven otherwise
+ # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
+ local myconf=()
+
+ myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
+ if use ssl; then
+ myconf+=( --without-gnutls --without-mbedtls --without-rustls )
+
+ if use gnutls; then
+ multilib_is_native_abi && einfo "SSL provided by gnutls"
+ myconf+=( --with-gnutls )
+ fi
+ if use mbedtls; then
+ multilib_is_native_abi && einfo "SSL provided by mbedtls"
+ myconf+=( --with-mbedtls )
+ fi
+ if use openssl; then
+ multilib_is_native_abi && einfo "SSL provided by openssl"
+ myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
+ fi
+ if use rustls; then
+ multilib_is_native_abi && einfo "SSL provided by rustls"
+ myconf+=( --with-rustls )
+ fi
+ if use curl_ssl_gnutls; then
+ multilib_is_native_abi && einfo "Default SSL provided by gnutls"
+ myconf+=( --with-default-ssl-backend=gnutls )
+ elif use curl_ssl_mbedtls; then
+ multilib_is_native_abi && einfo "Default SSL provided by mbedtls"
+ myconf+=( --with-default-ssl-backend=mbedtls )
+ elif use curl_ssl_openssl; then
+ multilib_is_native_abi && einfo "Default SSL provided by openssl"
+ myconf+=( --with-default-ssl-backend=openssl )
+ elif use curl_ssl_rustls; then
+ multilib_is_native_abi && einfo "Default SSL provided by rustls"
+ myconf+=( --with-default-ssl-backend=rustls )
+ else
+ eerror "We can't be here because of REQUIRED_USE."
+ die "Please file a bug, hit impossible condition w/ USE=ssl handling."
+ fi
+
+ else
+ myconf+=( --without-ssl )
+ einfo "SSL disabled"
+ fi
+
+ # These configuration options are organized alphabetically
+ # within each category. This should make it easier if we
+ # ever decide to make any of them contingent on USE flags:
+ # 1) protocols first. To see them all do
+ # 'grep SUPPORT_PROTOCOLS configure.ac'
+ # 2) --enable/disable options second.
+ # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
+ # 3) --with/without options third.
+ # grep -- --with configure | grep Check | awk '{ print $4 }' | sort
+
+ myconf+=(
+ $(use_enable alt-svc)
+ --enable-basic-auth
+ --enable-bearer-auth
+ --enable-digest-auth
+ --enable-kerberos-auth
+ --enable-negotiate-auth
+ --enable-aws
+ --enable-dict
+ --disable-ech
+ --enable-file
+ $(use_enable ftp)
+ $(use_enable gopher)
+ $(use_enable hsts)
+ --enable-http
+ $(use_enable imap)
+ $(use_enable ldap)
+ $(use_enable ldap ldaps)
+ --enable-ntlm
+ --disable-ntlm-wb
+ $(use_enable pop3)
+ --enable-rt
+ --enable-rtsp
+ $(use_enable samba smb)
+ $(use_with ssh libssh2)
+ $(use_enable smtp)
+ $(use_enable telnet)
+ $(use_enable tftp)
+ --enable-tls-srp
+ $(use_enable adns ares)
+ --enable-cookies
+ --enable-dateparse
+ --enable-dnsshuffle
+ --enable-doh
+ --enable-symbol-hiding
+ --enable-http-auth
+ --enable-ipv6
+ --enable-largefile
+ --enable-manual
+ --enable-mime
+ --enable-netrc
+ $(use_enable progress-meter)
+ --enable-proxy
+ --enable-socketpair
+ --disable-sspi
+ $(use_enable static-libs static)
+ --enable-pthreads
+ --enable-threaded-resolver
+ --disable-versioned-symbols
+ --without-amissl
+ --without-bearssl
+ $(use_with brotli)
+ --with-fish-functions-dir="${EPREFIX}"/usr/share/fish/vendor_completions.d
+ $(use_with http2 nghttp2)
+ --without-hyper
+ $(use_with idn libidn2)
+ $(use_with kerberos gssapi "${EPREFIX}"/usr)
+ --without-libgsasl
+ $(use_with psl libpsl)
+ --without-msh3
+ $(use_with nghttp3)
+ $(use_with nghttp3 ngtcp2)
+ --without-quiche
+ $(use_with rtmp librtmp)
+ --without-schannel
+ --without-secure-transport
+ --without-test-caddy
+ --without-test-httpd
+ --without-test-nghttpx
+ $(use_enable websockets)
+ --without-winidn
+ --without-wolfssl
+ --with-zlib
+ $(use_with zstd)
+ --with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions
+ )
+
+ if use test && multilib_is_native_abi && ( use http2 || use nghttp3 ); then
+ myconf+=(
+ --with-test-nghttpx="${BROOT}/usr/bin/nghttpx"
+ )
+ fi
+
+ if [[ ${CHOST} == *mingw* ]] ; then
+ myconf+=(
+ --disable-pthreads
+ )
+ fi
+
+ ECONF_SOURCE="${S}" econf "${myconf[@]}"
+
+ if ! multilib_is_native_abi; then
+ # Avoid building the client (we just want libcurl for multilib)
+ sed -i -e '/SUBDIRS/s:src::' Makefile || die
+ sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
+ fi
+
+ # Fix up the pkg-config file to be more robust.
+ # https://github.com/curl/curl/issues/864
+ local priv=() libs=()
+ # We always enable zlib.
+ libs+=( "-lz" )
+ priv+=( "zlib" )
+ if use http2; then
+ libs+=( "-lnghttp2" )
+ priv+=( "libnghttp2" )
+ fi
+ if use nghttp3; then
+ libs+=( "-lnghttp3" "-lngtcp2" )
+ priv+=( "libnghttp3" "libngtcp2" )
+ fi
+ if use ssl && use curl_ssl_openssl; then
+ libs+=( "-lssl" "-lcrypto" )
+ priv+=( "openssl" )
+ fi
+ grep -q Requires.private libcurl.pc && die "need to update ebuild"
+ libs=$(printf '|%s' "${libs[@]}")
+ sed -i -r \
+ -e "/^Libs.private/s:(${libs#|})( |$)::g" \
+ libcurl.pc || die
+ echo "Requires.private: ${priv[*]}" >> libcurl.pc || die
+}
+
+multilib_src_compile() {
+ default
+
+ if multilib_is_native_abi; then
+ # Shell completions
+ ! tc-is-cross-compiler && emake -C scripts
+ fi
+}
+
+# There is also a pytest harness that tests for bugs in some very specific
+# situations; we can rely on upstream for this rather than adding additional test deps.
+multilib_src_test() {
+ # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
+ # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
+ # -v: verbose
+ # -a: keep going on failure (so we see everything which breaks, not just 1st test)
+ # -k: keep test files after completion
+ # -am: automake style TAP output
+ # -p: print logs if test fails
+ # Note: if needed, we can skip specific tests. See e.g. Fedora's packaging
+ # or just read https://github.com/curl/curl/tree/master/tests#run.
+ # Note: we don't run the testsuite for cross-compilation.
+ # Upstream recommend 7*nproc as a starting point for parallel tests, but
+ # this ends up breaking when nproc is huge (like -j80).
+ # The network sandbox causes tests 241 and 1083 to fail; these are typically skipped
+ # as most gentoo users don't have an 'ip6-localhost'
+ multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p -j$((2*$(makeopts_jobs))) !241 !1083"
+}
+
+multilib_src_install() {
+ emake DESTDIR="${D}" install
+
+ if multilib_is_native_abi; then
+ # Shell completions
+ ! tc-is-cross-compiler && emake -C scripts DESTDIR="${D}" install
+ fi
+}
+
+multilib_src_install_all() {
+ einstalldocs
+ find "${ED}" -type f -name '*.la' -delete || die
+ rm -rf "${ED}"/etc/ || die
+}
diff --git a/net-misc/curl/files/curl-8.7.1-rustls-fixes.patch b/net-misc/curl/files/curl-8.7.1-rustls-fixes.patch
new file mode 100644
index 000000000000..81bcb0734339
--- /dev/null
+++ b/net-misc/curl/files/curl-8.7.1-rustls-fixes.patch
@@ -0,0 +1,49 @@
+From a866b062b17ab94b16b817ab9969c561364a4d72 Mon Sep 17 00:00:00 2001
+From: Matt Jolly <Matt.Jolly@footclan.ninja>
+Date: Mon, 1 Apr 2024 08:36:51 +1000
+Subject: [PATCH] m4: fix rustls builds
+
+This patch consolidates the following commits to do with rustls
+detection using pkg-config:
+
+- https://github.com/curl/curl/commit/9c4209837094781d5eef69ae6bcad0e86b64bf99
+- https://github.com/curl/curl/commit/5a50cb5a18a141a463148562dab83fa3be1a3b90
+---
+ m4/curl-rustls.m4 | 15 +++++++++++++++
+ 1 file changed, 15 insertions(+)
+
+diff --git a/m4/curl-rustls.m4 b/m4/curl-rustls.m4
+index 7c55230..8082cf9 100644
+--- a/m4/curl-rustls.m4
++++ b/m4/curl-rustls.m4
+@@ -142,6 +142,11 @@ if test "x$OPT_RUSTLS" != xno; then
+ LIBS="$SSL_LIBS $LIBS"
+ USE_RUSTLS="yes"
+ ssl_msg="rustls"
++ AC_DEFINE(USE_RUSTLS, 1, [if rustls is enabled])
++ AC_SUBST(USE_RUSTLS, [1])
++ USE_RUSTLS="yes"
++ RUSTLS_ENABLED=1
++ test rustls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
+ else
+ AC_MSG_ERROR([pkg-config: Could not find rustls])
+ fi
+@@ -174,5 +179,15 @@ if test "x$OPT_RUSTLS" != xno; then
+ fi
+
+ test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
++
++ if test X"$OPT_RUSTLS" != Xno &&
++ test "$RUSTLS_ENABLED" != "1"; then
++ AC_MSG_NOTICE([OPT_RUSTLS: $OPT_RUSTLS])
++ AC_MSG_NOTICE([RUSTLS_ENABLED: $RUSTLS_ENABLED])
++ AC_MSG_ERROR([--with-rustls was given but Rustls could not be detected])
++ fi
+ fi
+ ])
++
++
++RUSTLS_ENABLED
+--
+2.44.0
+
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/curl/files/, net-misc/curl/
@ 2024-05-22 7:03 Matt Jolly
0 siblings, 0 replies; 18+ messages in thread
From: Matt Jolly @ 2024-05-22 7:03 UTC (permalink / raw
To: gentoo-commits
commit: 0adfd81907a2639d33dee2483265dc545d728542
Author: Matt Jolly <kangie <AT> gentoo <DOT> org>
AuthorDate: Wed May 22 06:56:27 2024 +0000
Commit: Matt Jolly <kangie <AT> gentoo <DOT> org>
CommitDate: Wed May 22 07:02:22 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0adfd819
net-misc/curl: drop 8.6.0-r2
Signed-off-by: Matt Jolly <kangie <AT> gentoo.org>
net-misc/curl/Manifest | 2 -
net-misc/curl/curl-8.6.0-r2.ebuild | 367 ---------------------
net-misc/curl/files/curl-8.6.0-rustls-fixes.patch | 252 --------------
...s-revert-receive-max-buffer-add-test-case.patch | 68 ----
4 files changed, 689 deletions(-)
diff --git a/net-misc/curl/Manifest b/net-misc/curl/Manifest
index 197b1b91243d..f8c5cc52869e 100644
--- a/net-misc/curl/Manifest
+++ b/net-misc/curl/Manifest
@@ -1,7 +1,5 @@
DIST curl-8.5.0.tar.xz 2658520 BLAKE2B cfd591f9703b9c63712dbe74494b05a80ce5a4fc4f8fc0fbf57058578eed5f33d71277f688d5d9f409bcd82e3a4cacaa5615a44f2a7c554559c6be7dd5188893 SHA512 acffa2cf61d9b8e4188575a1b40227da8d722df2e5fe8bb82a222b4eb2fd64bf8aebd90852ce050c79fb5e517d5cee2546bf7de92ede1dd394263e231cb741a3
DIST curl-8.5.0.tar.xz.asc 488 BLAKE2B d706c401aecf345398411b94c87b8f1ecc752d73d24e1a578c8c0e62732e8e476333a2a4772428c6425eb0d124b1ceee8e377cf41d60a54b6f2df5cccc0b9f23 SHA512 9c6a2e61860878cd731d951fac1bb52cd314db20439a5173a95b48da1742737e02bfb9978d65e25de6535f839e281235203599a29f252e78e0d7a83769727329
-DIST curl-8.6.0.tar.xz 2630108 BLAKE2B 1b01de396008d57e154e2b5fc1acf1dd000703fa5d70b913dafea5487f0166bd8fdb63eee5c9b5af08a1ca40dd026144a791016f67c2395fcfc9c6b555929034 SHA512 359c08d88a5dec441255b36afe1a821730eca0ca8800ba52f57132b9e7d21f32457623907b4ae4876904b5e505eb1a59652372bb7de8dbd8db429dae9785e036
-DIST curl-8.6.0.tar.xz.asc 488 BLAKE2B 18d7583a9aa6a278bea5a8a74461ff06f45ec418cd4542b015c74091c353b340afcc5dfe7e5e99f0b9fac7de9251164044a85e4f6665bf042636868a2c613d0a SHA512 2b835bb4b307e5e1c929b7136c5acfb9f6f06efa471ac27060336cabcfac40e02143f40434986c5e6817d4a9562b09efa8ff3168beed310a45453148cc1b5c8f
DIST curl-8.7.1.tar.xz 2707016 BLAKE2B a2a9f48d0b69c0d92fcbbda535ce55082a5243abe3ab2db80d6fa3f32fb2c98b65026d69fc45c94e966398cf9ba8d9c95b6b91f4768b54749ed3275dd21838ef SHA512 5bbde9d5648e9226f5490fa951690aaf159149345f3a315df2ba58b2468f3e59ca32e8a49734338afc861803a4f81caac6d642a4699b72c6310ebfb1f618aad2
DIST curl-8.7.1.tar.xz.asc 488 BLAKE2B 1c91d116aecc8e98d8ec3aad68b7c96f11151e6c2716f531e5d2989e9b6b1199e180603673891d7967cdcdaee1d6b5e15160ccabe9b51590e2887022db03c2ed SHA512 f98c393997c4a32f545a8982226e8cd612395210915a4576c2ce227d0f650cff341be7bf15e989d1789abf32ac4fd9c190b9250b81e650b569e8532048746b37
DIST curl-8.8.0.tar.xz 2748860 BLAKE2B c14903bad4cbd1752a5335afa6bcc78be1a484692fce0e0a6c2061963e0e6b4e56defb8332cef32d0dbddb481ad0443b71faf3a52a6e9d945c89ecbce373d2a3 SHA512 9d2c0d3a0d8f6c31ba4fabe48f801910f886fde43dc198dc4213708d6967ed5e040a1bb7348aa1cb126577ee508a3ec36fe65256d027d861d6ffb70f6383967a
diff --git a/net-misc/curl/curl-8.6.0-r2.ebuild b/net-misc/curl/curl-8.6.0-r2.ebuild
deleted file mode 100644
index c31bf46b91d8..000000000000
--- a/net-misc/curl/curl-8.6.0-r2.ebuild
+++ /dev/null
@@ -1,367 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/danielstenberg.asc
-inherit autotools multilib-minimal multiprocessing prefix toolchain-funcs verify-sig
-
-DESCRIPTION="A Client that groks URLs"
-HOMEPAGE="https://curl.se/"
-
-if [[ ${PV} == 9999 ]]; then
- inherit git-r3
- EGIT_REPO_URI="https://github.com/curl/curl.git"
-else
- SRC_URI="
- https://curl.se/download/${P}.tar.xz
- verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )
- "
- KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
-fi
-
-LICENSE="BSD curl ISC test? ( BSD-4 )"
-SLOT="0"
-IUSE="+adns +alt-svc brotli +ftp gnutls gopher +hsts +http2 idn +imap kerberos ldap mbedtls nghttp3 +openssl +pop3"
-IUSE+=" +psl +progress-meter rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd"
-# These select the default SSL implementation
-IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls"
-RESTRICT="!test? ( test )"
-
-# Only one default ssl provider can be enabled
-# The default ssl provider needs its USE satisfied
-# nghttp3 = https://bugs.gentoo.org/912029
-REQUIRED_USE="
- ssl? (
- ^^ (
- curl_ssl_gnutls
- curl_ssl_mbedtls
- curl_ssl_openssl
- curl_ssl_rustls
- )
- )
- curl_ssl_gnutls? ( gnutls )
- curl_ssl_mbedtls? ( mbedtls )
- curl_ssl_openssl? ( openssl )
- curl_ssl_rustls? ( rustls )
- nghttp3? (
- !openssl
- alt-svc )
-"
-
-# cURL's docs and CI/CD are great resources for confirming supported versions
-# particulary for fast-moving targets like HTTP/2 and TCP/2 e.g.:
-# - https://github.com/curl/curl/blob/master/docs/INTERNALS.md (core dependencies + minimum versions)
-# - https://github.com/curl/curl/blob/master/docs/HTTP3.md (example of a feature that moves quickly)
-# - https://github.com/curl/curl/blob/master/.github/workflows/quiche-linux.yml (CI/CD for TCP/2)
-# However 'supported' vs 'works' are two entirely different things; be sane but
-# don't be afraid to require a later version.
-
-RDEPEND="
- >=sys-libs/zlib-1.1.4[${MULTILIB_USEDEP}]
- adns? ( net-dns/c-ares:=[${MULTILIB_USEDEP}] )
- brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
- http2? ( >=net-libs/nghttp2-1.12.0:=[${MULTILIB_USEDEP}] )
- idn? ( net-dns/libidn2:=[static-libs?,${MULTILIB_USEDEP}] )
- kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
- ldap? ( >=net-nds/openldap-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
- nghttp3? (
- >=net-libs/nghttp3-0.15.0[${MULTILIB_USEDEP}]
- >=net-libs/ngtcp2-0.19.1[gnutls,ssl,-openssl,${MULTILIB_USEDEP}]
- )
- psl? ( net-libs/libpsl[${MULTILIB_USEDEP}] )
- rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
- ssh? ( >=net-libs/libssh2-1.0.0[${MULTILIB_USEDEP}] )
- ssl? (
- gnutls? (
- app-misc/ca-certificates
- >=net-libs/gnutls-3.1.10:=[static-libs?,${MULTILIB_USEDEP}]
- dev-libs/nettle:=[${MULTILIB_USEDEP}]
- )
- mbedtls? (
- app-misc/ca-certificates
- net-libs/mbedtls:=[${MULTILIB_USEDEP}]
- )
- openssl? (
- >=dev-libs/openssl-0.9.7:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
- )
- rustls? (
- ~net-libs/rustls-ffi-0.10.0:=[${MULTILIB_USEDEP}]
- )
- )
- zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )
-"
-
-DEPEND="${RDEPEND}"
-
-BDEPEND="
- dev-lang/perl
- virtual/pkgconfig
- test? (
- sys-apps/diffutils
- http2? ( >=net-libs/nghttp2-1.15.0:=[utils,${MULTILIB_USEDEP}] )
- nghttp3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] )
- )
- verify-sig? ( sec-keys/openpgp-keys-danielstenberg )
-"
-
-DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
-
-MULTILIB_WRAPPED_HEADERS=(
- /usr/include/curl/curlbuild.h
-)
-
-MULTILIB_CHOST_TOOLS=(
- /usr/bin/curl-config
-)
-
-QA_CONFIG_IMPL_DECL_SKIP=(
- __builtin_available
- closesocket
- CloseSocket
- getpass_r
- ioctlsocket
- IoctlSocket
- mach_absolute_time
- setmode
- _fseeki64
-)
-
-PATCHES=(
- "${FILESDIR}"/${PN}-prefix.patch
- "${FILESDIR}"/${PN}-respect-cflags-3.patch
- "${FILESDIR}"/${P}-vtls-revert-receive-max-buffer-add-test-case.patch
- "${FILESDIR}"/${P}-rustls-fixes.patch
-)
-
-src_prepare() {
- default
-
- eprefixify curl-config.in
- eautoreconf
-}
-
-multilib_src_configure() {
- # We make use of the fact that later flags override earlier ones
- # So start with all ssl providers off until proven otherwise
- # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
- local myconf=()
-
- myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
- if use ssl; then
- myconf+=( --without-gnutls --without-mbedtls --without-rustls )
-
- if use gnutls; then
- multilib_is_native_abi && einfo "SSL provided by gnutls"
- myconf+=( --with-gnutls )
- fi
- if use mbedtls; then
- multilib_is_native_abi && einfo "SSL provided by mbedtls"
- myconf+=( --with-mbedtls )
- fi
- if use openssl; then
- multilib_is_native_abi && einfo "SSL provided by openssl"
- myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
- fi
- if use rustls; then
- multilib_is_native_abi && einfo "SSL provided by rustls"
- myconf+=( --with-rustls )
- fi
- if use curl_ssl_gnutls; then
- multilib_is_native_abi && einfo "Default SSL provided by gnutls"
- myconf+=( --with-default-ssl-backend=gnutls )
- elif use curl_ssl_mbedtls; then
- multilib_is_native_abi && einfo "Default SSL provided by mbedtls"
- myconf+=( --with-default-ssl-backend=mbedtls )
- elif use curl_ssl_openssl; then
- multilib_is_native_abi && einfo "Default SSL provided by openssl"
- myconf+=( --with-default-ssl-backend=openssl )
- elif use curl_ssl_rustls; then
- multilib_is_native_abi && einfo "Default SSL provided by rustls"
- myconf+=( --with-default-ssl-backend=rustls )
- else
- eerror "We can't be here because of REQUIRED_USE."
- die "Please file a bug, hit impossible condition w/ USE=ssl handling."
- fi
-
- else
- myconf+=( --without-ssl )
- einfo "SSL disabled"
- fi
-
- # These configuration options are organized alphabetically
- # within each category. This should make it easier if we
- # ever decide to make any of them contingent on USE flags:
- # 1) protocols first. To see them all do
- # 'grep SUPPORT_PROTOCOLS configure.ac'
- # 2) --enable/disable options second.
- # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
- # 3) --with/without options third.
- # grep -- --with configure | grep Check | awk '{ print $4 }' | sort
-
- myconf+=(
- $(use_enable alt-svc)
- --enable-basic-auth
- --enable-bearer-auth
- --enable-digest-auth
- --enable-kerberos-auth
- --enable-negotiate-auth
- --enable-aws
- --enable-dict
- --disable-ech
- --enable-file
- $(use_enable ftp)
- $(use_enable gopher)
- $(use_enable hsts)
- --enable-http
- $(use_enable imap)
- $(use_enable ldap)
- $(use_enable ldap ldaps)
- --enable-ntlm
- --disable-ntlm-wb
- $(use_enable pop3)
- --enable-rt
- --enable-rtsp
- $(use_enable samba smb)
- $(use_with ssh libssh2)
- $(use_enable smtp)
- $(use_enable telnet)
- $(use_enable tftp)
- --enable-tls-srp
- $(use_enable adns ares)
- --enable-cookies
- --enable-dateparse
- --enable-dnsshuffle
- --enable-doh
- --enable-symbol-hiding
- --enable-http-auth
- --enable-ipv6
- --enable-largefile
- --enable-manual
- --enable-mime
- --enable-netrc
- $(use_enable progress-meter)
- --enable-proxy
- --enable-socketpair
- --disable-sspi
- $(use_enable static-libs static)
- --enable-pthreads
- --enable-threaded-resolver
- --disable-versioned-symbols
- --without-amissl
- --without-bearssl
- $(use_with brotli)
- --with-fish-functions-dir="${EPREFIX}"/usr/share/fish/vendor_completions.d
- $(use_with http2 nghttp2)
- --without-hyper
- $(use_with idn libidn2)
- $(use_with kerberos gssapi "${EPREFIX}"/usr)
- --without-libgsasl
- $(use_with psl libpsl)
- --without-msh3
- $(use_with nghttp3)
- $(use_with nghttp3 ngtcp2)
- --without-quiche
- $(use_with rtmp librtmp)
- --without-schannel
- --without-secure-transport
- --without-test-caddy
- --without-test-httpd
- --without-test-nghttpx
- $(use_enable websockets)
- --without-winidn
- --without-wolfssl
- --with-zlib
- $(use_with zstd)
- --with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions
- )
-
- if use test && multilib_is_native_abi && ( use http2 || use nghttp3 ); then
- myconf+=(
- --with-test-nghttpx="${BROOT}/usr/bin/nghttpx"
- )
- fi
-
- if [[ ${CHOST} == *mingw* ]] ; then
- myconf+=(
- --disable-pthreads
- )
- fi
-
- ECONF_SOURCE="${S}" econf "${myconf[@]}"
-
- if ! multilib_is_native_abi; then
- # Avoid building the client (we just want libcurl for multilib)
- sed -i -e '/SUBDIRS/s:src::' Makefile || die
- sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
- fi
-
- # Fix up the pkg-config file to be more robust.
- # https://github.com/curl/curl/issues/864
- local priv=() libs=()
- # We always enable zlib.
- libs+=( "-lz" )
- priv+=( "zlib" )
- if use http2; then
- libs+=( "-lnghttp2" )
- priv+=( "libnghttp2" )
- fi
- if use nghttp3; then
- libs+=( "-lnghttp3" "-lngtcp2" )
- priv+=( "libnghttp3" "libngtcp2" )
- fi
- if use ssl && use curl_ssl_openssl; then
- libs+=( "-lssl" "-lcrypto" )
- priv+=( "openssl" )
- fi
- grep -q Requires.private libcurl.pc && die "need to update ebuild"
- libs=$(printf '|%s' "${libs[@]}")
- sed -i -r \
- -e "/^Libs.private/s:(${libs#|})( |$)::g" \
- libcurl.pc || die
- echo "Requires.private: ${priv[*]}" >> libcurl.pc || die
-}
-
-multilib_src_compile() {
- default
-
- if multilib_is_native_abi; then
- # Shell completions
- ! tc-is-cross-compiler && emake -C scripts
- fi
-}
-
-# There is also a pytest harness that tests for bugs in some very specific
-# situations; we can rely on upstream for this rather than adding additional test deps.
-multilib_src_test() {
- # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
- # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
- # -v: verbose
- # -a: keep going on failure (so we see everything which breaks, not just 1st test)
- # -k: keep test files after completion
- # -am: automake style TAP output
- # -p: print logs if test fails
- # Note: if needed, we can skip specific tests. See e.g. Fedora's packaging
- # or just read https://github.com/curl/curl/tree/master/tests#run.
- # Note: we don't run the testsuite for cross-compilation.
- # Upstream recommend 7*nproc as a starting point for parallel tests, but
- # this ends up breaking when nproc is huge (like -j80).
- # The network sandbox causes tests 241 and 1083 to fail; these are typically skipped
- # as most gentoo users don't have an 'ip6-localhost'
- multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p -j$((2*$(makeopts_jobs))) !241 !1083"
-}
-
-multilib_src_install() {
- emake DESTDIR="${D}" install
-
- if multilib_is_native_abi; then
- # Shell completions
- ! tc-is-cross-compiler && emake -C scripts DESTDIR="${D}" install
- fi
-}
-
-multilib_src_install_all() {
- einstalldocs
- find "${ED}" -type f -name '*.la' -delete || die
- rm -rf "${ED}"/etc/ || die
-}
diff --git a/net-misc/curl/files/curl-8.6.0-rustls-fixes.patch b/net-misc/curl/files/curl-8.6.0-rustls-fixes.patch
deleted file mode 100644
index 4f713668fd35..000000000000
--- a/net-misc/curl/files/curl-8.6.0-rustls-fixes.patch
+++ /dev/null
@@ -1,252 +0,0 @@
-From a59683a3607bc0167ff702352d15eee1c0d658a6 Mon Sep 17 00:00:00 2001
-From: Matt Jolly <Matt.Jolly@footclan.ninja>
-Date: Mon, 1 Apr 2024 08:49:27 +1000
-Subject: [PATCH] m4: fix rustls builds
-
-This patch consolidates the following commits to do with rustls
-detection using pkg-config:
-
-- https://github.com/curl/curl/commit/9c4209837094781d5eef69ae6bcad0e86b64bf99
-- https://github.com/curl/curl/commit/5a50cb5a18a141a463148562dab83fa3be1a3b90
----
- m4/curl-rustls.m4 | 210 ++++++++++++++++++++++++++++++++--------------
- 1 file changed, 146 insertions(+), 64 deletions(-)
-
-diff --git a/m4/curl-rustls.m4 b/m4/curl-rustls.m4
-index 75542e4..8082cf9 100644
---- a/m4/curl-rustls.m4
-+++ b/m4/curl-rustls.m4
-@@ -28,84 +28,166 @@ dnl check for rustls
- dnl ----------------------------------------------------
-
- if test "x$OPT_RUSTLS" != xno; then
-- _cppflags=$CPPFLAGS
-- _ldflags=$LDFLAGS
- ssl_msg=
-
-- if test X"$OPT_RUSTLS" != Xno; then
-+ dnl backup the pre-ssl variables
-+ CLEANLDFLAGS="$LDFLAGS"
-+ CLEANCPPFLAGS="$CPPFLAGS"
-
-- if test "$OPT_RUSTLS" = "yes"; then
-- OPT_RUSTLS=""
-- fi
-+ case $host_os in
-+ darwin*)
-+ LDFLAGS="$LDFLAGS -framework Security"
-+ ;;
-+ *)
-+ ;;
-+ esac
-+ ## NEW CODE
-
-- case $host_os in
-- darwin*)
-- LDFLAGS="$LDFLAGS -framework Security"
-- ;;
-- *)
-- ;;
-- esac
--
-- if test -z "$OPT_RUSTLS" ; then
-- dnl check for lib first without setting any new path
--
-- AC_CHECK_LIB(rustls, rustls_client_session_read,
-- dnl librustls found, set the variable
-- [
-- AC_DEFINE(USE_RUSTLS, 1, [if rustls is enabled])
-- AC_SUBST(USE_RUSTLS, [1])
-- RUSTLS_ENABLED=1
-- USE_RUSTLS="yes"
-- ssl_msg="rustls"
-- test rustls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
-- ], [], -lpthread -ldl -lm)
-- fi
-+ dnl use pkg-config unless we have been given a path
-+ dnl even then, try pkg-config first
-
-- if test "x$USE_RUSTLS" != "xyes"; then
-- dnl add the path and test again
-- addld=-L$OPT_RUSTLS/lib$libsuff
-- addcflags=-I$OPT_RUSTLS/include
-- rustlslib=$OPT_RUSTLS/lib$libsuff
-+ case "$OPT_RUSTLS" in
-+ yes)
-+ dnl --with-rustls (without path) used
-+ PKGTEST="yes"
-+ PREFIX_RUSTLS=
-+ ;;
-+ *)
-+ dnl check the provided --with-rustls path
-+ PKGTEST="no"
-+ PREFIX_RUSTLS=$OPT_RUSTLS
-
-- LDFLAGS="$LDFLAGS $addld"
-- if test "$addcflags" != "-I/usr/include"; then
-- CPPFLAGS="$CPPFLAGS $addcflags"
-+ dnl Try pkg-config even when cross-compiling. Since we
-+ dnl specify PKG_CONFIG_LIBDIR we are only looking where
-+ dnl the user told us to look
-+
-+ RUSTLS_PCDIR="$PREFIX_RUSTLS/lib/pkgconfig"
-+ if test -f "$RUSTLS_PCDIR/rustls.pc"; then
-+ AC_MSG_NOTICE([PKG_CONFIG_LIBDIR will be set to "$RUSTLS_PCDIR"])
-+ PKGTEST="yes"
- fi
-
-- AC_CHECK_LIB(rustls, rustls_connection_read,
-- [
-- AC_DEFINE(USE_RUSTLS, 1, [if rustls is enabled])
-- AC_SUBST(USE_RUSTLS, [1])
-- RUSTLS_ENABLED=1
-- USE_RUSTLS="yes"
-- ssl_msg="rustls"
-- test rustls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
-- ],
-- AC_MSG_ERROR([--with-rustls was specified but could not find rustls.]),
-- -lpthread -ldl -lm)
-- fi
-+ if test "$PKGTEST" != "yes"; then
-+ # try lib64 instead
-+ RUSTLS_PCDIR="$PREFIX_RUSTLS/lib64/pkgconfig"
-+ if test -f "$RUSTLS_PCDIR/rustls.pc"; then
-+ AC_MSG_NOTICE([PKG_CONFIG_LIBDIR will be set to "$RUSTLS_PCDIR"])
-+ PKGTEST="yes"
-+ fi
-+ fi
-+
-+ if test "$PKGTEST" != "yes"; then
-+ dnl pkg-config came up empty, use what we got
-+ dnl via --with-rustls
-
-- if test "x$USE_RUSTLS" = "xyes"; then
-- AC_MSG_NOTICE([detected rustls])
-- check_for_ca_bundle=1
--
-- LIBS="-lrustls -lpthread -ldl -lm $LIBS"
--
-- if test -n "$rustlslib"; then
-- dnl when shared libs were found in a path that the run-time
-- dnl linker doesn't search through, we need to add it to
-- dnl CURL_LIBRARY_PATH to prevent further configure tests to fail
-- dnl due to this
-- if test "x$cross_compiling" != "xyes"; then
-- CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$rustlslib"
-- export CURL_LIBRARY_PATH
-- AC_MSG_NOTICE([Added $rustlslib to CURL_LIBRARY_PATH])
-+ addld=-L$PREFIX_RUSTLS/lib$libsuff
-+ addcflags=-I$PREFIX_RUSTLS/include
-+
-+ LDFLAGS="$LDFLAGS $addld"
-+ if test "$addcflags" != "-I/usr/include"; then
-+ CPPFLAGS="$CPPFLAGS $addcflags"
-+ fi
-+
-+ AC_CHECK_LIB(rustls, rustls_connection_read,
-+ [
-+ AC_DEFINE(USE_RUSTLS, 1, [if rustls is enabled])
-+ AC_SUBST(USE_RUSTLS, [1])
-+ RUSTLS_ENABLED=1
-+ USE_RUSTLS="yes"
-+ ssl_msg="rustls"
-+ test rustls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
-+ ],
-+ AC_MSG_ERROR([--with-rustls was specified but could not find rustls.]),
-+ -lpthread -ldl -lm)
-+
-+ USE_RUSTLS="yes"
-+ ssl_msg="rustls"
-+
-+ LIB_RUSTLS="$PREFIX_RUSTLS/lib$libsuff"
-+ if test "$PREFIX_RUSTLS" != "/usr" ; then
-+ SSL_LDFLAGS="-L$LIB_RUSTLS"
-+ SSL_CPPFLAGS="-I$PREFIX_RUSTLS/include"
- fi
- fi
-+ ;;
-+ esac
-+
-+ if test "$PKGTEST" = "yes"; then
-+
-+ CURL_CHECK_PKGCONFIG(rustls, [$RUSTLS_PCDIR])
-+
-+ if test "$PKGCONFIG" != "no" ; then
-+ SSL_LIBS=`CURL_EXPORT_PCDIR([$RUSTLS_PCDIR]) dnl
-+ $PKGCONFIG --libs-only-l --libs-only-other rustls 2>/dev/null`
-+
-+ SSL_LDFLAGS=`CURL_EXPORT_PCDIR([$RUSTLS_PCDIR]) dnl
-+ $PKGCONFIG --libs-only-L rustls 2>/dev/null`
-+
-+ SSL_CPPFLAGS=`CURL_EXPORT_PCDIR([$RUSTLS_PCDIR]) dnl
-+ $PKGCONFIG --cflags-only-I rustls 2>/dev/null`
-+
-+ AC_SUBST(SSL_LIBS)
-+ AC_MSG_NOTICE([pkg-config: SSL_LIBS: "$SSL_LIBS"])
-+ AC_MSG_NOTICE([pkg-config: SSL_LDFLAGS: "$SSL_LDFLAGS"])
-+ AC_MSG_NOTICE([pkg-config: SSL_CPPFLAGS: "$SSL_CPPFLAGS"])
-+
-+ LIB_RUSTLS=`echo $SSL_LDFLAGS | sed -e 's/^-L//'`
-+
-+ dnl use the values pkg-config reported. This is here
-+ dnl instead of below with CPPFLAGS and LDFLAGS because we only
-+ dnl learn about this via pkg-config. If we only have
-+ dnl the argument to --with-rustls we don't know what
-+ dnl additional libs may be necessary. Hope that we
-+ dnl don't need any.
-+ LIBS="$SSL_LIBS $LIBS"
-+ USE_RUSTLS="yes"
-+ ssl_msg="rustls"
-+ AC_DEFINE(USE_RUSTLS, 1, [if rustls is enabled])
-+ AC_SUBST(USE_RUSTLS, [1])
-+ USE_RUSTLS="yes"
-+ RUSTLS_ENABLED=1
-+ test rustls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
-+ else
-+ AC_MSG_ERROR([pkg-config: Could not find rustls])
- fi
-
-- fi dnl rustls not disabled
-+ else
-+ dnl we did not use pkg-config, so we need to add the
-+ dnl rustls lib to LIBS
-+ LIBS="-lrustls -lpthread -ldl -lm $LIBS"
-+ fi
-+
-+ dnl finally, set flags to use this TLS backend
-+ CPPFLAGS="$CLEAN_CPPFLAGS $SSL_CPPFLAGS"
-+ LDFLAGS="$CLAN_LDFLAGS $SSL_LDFLAGS"
-+
-+ if test "x$USE_RUSTLS" = "xyes"; then
-+ AC_MSG_NOTICE([detected rustls])
-+ check_for_ca_bundle=1
-+
-+ if test -n "$LIB_RUSTLS"; then
-+ dnl when shared libs were found in a path that the run-time
-+ dnl linker does not search through, we need to add it to
-+ dnl CURL_LIBRARY_PATH so that further configure tests do not
-+ dnl fail due to this
-+ if test "x$cross_compiling" != "xyes"; then
-+ CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$LIB_RUSTLS"
-+ export CURL_LIBRARY_PATH
-+ AC_MSG_NOTICE([Added $LIB_RUSTLS to CURL_LIBRARY_PATH])
-+ fi
-+ fi
-+ fi
-
- test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
-+
-+ if test X"$OPT_RUSTLS" != Xno &&
-+ test "$RUSTLS_ENABLED" != "1"; then
-+ AC_MSG_NOTICE([OPT_RUSTLS: $OPT_RUSTLS])
-+ AC_MSG_NOTICE([RUSTLS_ENABLED: $RUSTLS_ENABLED])
-+ AC_MSG_ERROR([--with-rustls was given but Rustls could not be detected])
-+ fi
- fi
- ])
-+
-+
-+RUSTLS_ENABLED
---
-2.44.0
-
diff --git a/net-misc/curl/files/curl-8.6.0-vtls-revert-receive-max-buffer-add-test-case.patch b/net-misc/curl/files/curl-8.6.0-vtls-revert-receive-max-buffer-add-test-case.patch
deleted file mode 100644
index 66e8399370a2..000000000000
--- a/net-misc/curl/files/curl-8.6.0-vtls-revert-receive-max-buffer-add-test-case.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-https://bugs.gentoo.org/924017
-https://github.com/curl/curl/pull/12848
-
-From ed09a99af57200643d5ae001e815eeab9ffe3f84 Mon Sep 17 00:00:00 2001
-From: Stefan Eissing <stefan@eissing.org>
-Date: Thu, 1 Feb 2024 18:15:50 +0100
-Subject: [PATCH] vtls: revert "receive max buffer" + add test case
-
-- add test_05_04 for requests using http/1.0, http/1.1 and h2 against an
- Apache resource that does an unclean TLS shutdown.
-- revert special workarund in openssl.c for suppressing shutdown errors
- on multiplexed connections
-- vlts.c restore to its state before 9a90c9dd64d2f03601833a70786d485851bd1b53
-
-Fixes #12885
-Fixes #12844
-
-Closes #12848
----
- lib/vtls/vtls.c | 27 ++++++---------------------
- 1 file changed, 6 insertions(+), 21 deletions(-)
-
-diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c
-index e928ba5d0..f654a9749 100644
---- a/lib/vtls/vtls.c
-+++ b/lib/vtls/vtls.c
-@@ -1715,32 +1715,17 @@ static ssize_t ssl_cf_recv(struct Curl_cfilter *cf,
- {
- struct cf_call_data save;
- ssize_t nread;
-- size_t ntotal = 0;
-
- CF_DATA_SAVE(save, cf, data);
- *err = CURLE_OK;
-- /* Do receive until we fill the buffer somehwhat or EGAIN, error or EOF */
-- while(!ntotal || (len - ntotal) > (4*1024)) {
-+ nread = Curl_ssl->recv_plain(cf, data, buf, len, err);
-+ if(nread > 0) {
-+ DEBUGASSERT((size_t)nread <= len);
-+ }
-+ else if(nread == 0) {
-+ /* eof */
- *err = CURLE_OK;
-- nread = Curl_ssl->recv_plain(cf, data, buf + ntotal, len - ntotal, err);
-- if(nread < 0) {
-- if(*err == CURLE_AGAIN && ntotal > 0) {
-- /* we EAGAINed after having reed data, return the success amount */
-- *err = CURLE_OK;
-- break;
-- }
-- /* we have a an error to report */
-- goto out;
-- }
-- else if(nread == 0) {
-- /* eof */
-- break;
-- }
-- ntotal += (size_t)nread;
-- DEBUGASSERT((size_t)ntotal <= len);
- }
-- nread = (ssize_t)ntotal;
--out:
- CURL_TRC_CF(data, cf, "cf_recv(len=%zu) -> %zd, %d", len,
- nread, *err);
- CF_DATA_RESTORE(cf, save);
---
-2.43.0
-
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/curl/files/, net-misc/curl/
@ 2024-05-22 7:03 Matt Jolly
0 siblings, 0 replies; 18+ messages in thread
From: Matt Jolly @ 2024-05-22 7:03 UTC (permalink / raw
To: gentoo-commits
commit: 7400529078754306ac09a433677165cb5c966353
Author: Matt Jolly <kangie <AT> gentoo <DOT> org>
AuthorDate: Wed May 22 06:58:02 2024 +0000
Commit: Matt Jolly <kangie <AT> gentoo <DOT> org>
CommitDate: Wed May 22 07:02:29 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=74005290
net-misc/curl: drop 8.5.0-r3
Signed-off-by: Matt Jolly <kangie <AT> gentoo.org>
net-misc/curl/Manifest | 2 -
net-misc/curl/curl-8.5.0-r3.ebuild | 370 ---------------------
.../curl/files/curl-8.5.0-ipv6-configure-c99.patch | 31 --
...curl-8.5.0-mpd-stream-http-adjust_pollset.patch | 69 ----
4 files changed, 472 deletions(-)
diff --git a/net-misc/curl/Manifest b/net-misc/curl/Manifest
index f8c5cc52869e..a42c74f10ce3 100644
--- a/net-misc/curl/Manifest
+++ b/net-misc/curl/Manifest
@@ -1,5 +1,3 @@
-DIST curl-8.5.0.tar.xz 2658520 BLAKE2B cfd591f9703b9c63712dbe74494b05a80ce5a4fc4f8fc0fbf57058578eed5f33d71277f688d5d9f409bcd82e3a4cacaa5615a44f2a7c554559c6be7dd5188893 SHA512 acffa2cf61d9b8e4188575a1b40227da8d722df2e5fe8bb82a222b4eb2fd64bf8aebd90852ce050c79fb5e517d5cee2546bf7de92ede1dd394263e231cb741a3
-DIST curl-8.5.0.tar.xz.asc 488 BLAKE2B d706c401aecf345398411b94c87b8f1ecc752d73d24e1a578c8c0e62732e8e476333a2a4772428c6425eb0d124b1ceee8e377cf41d60a54b6f2df5cccc0b9f23 SHA512 9c6a2e61860878cd731d951fac1bb52cd314db20439a5173a95b48da1742737e02bfb9978d65e25de6535f839e281235203599a29f252e78e0d7a83769727329
DIST curl-8.7.1.tar.xz 2707016 BLAKE2B a2a9f48d0b69c0d92fcbbda535ce55082a5243abe3ab2db80d6fa3f32fb2c98b65026d69fc45c94e966398cf9ba8d9c95b6b91f4768b54749ed3275dd21838ef SHA512 5bbde9d5648e9226f5490fa951690aaf159149345f3a315df2ba58b2468f3e59ca32e8a49734338afc861803a4f81caac6d642a4699b72c6310ebfb1f618aad2
DIST curl-8.7.1.tar.xz.asc 488 BLAKE2B 1c91d116aecc8e98d8ec3aad68b7c96f11151e6c2716f531e5d2989e9b6b1199e180603673891d7967cdcdaee1d6b5e15160ccabe9b51590e2887022db03c2ed SHA512 f98c393997c4a32f545a8982226e8cd612395210915a4576c2ce227d0f650cff341be7bf15e989d1789abf32ac4fd9c190b9250b81e650b569e8532048746b37
DIST curl-8.8.0.tar.xz 2748860 BLAKE2B c14903bad4cbd1752a5335afa6bcc78be1a484692fce0e0a6c2061963e0e6b4e56defb8332cef32d0dbddb481ad0443b71faf3a52a6e9d945c89ecbce373d2a3 SHA512 9d2c0d3a0d8f6c31ba4fabe48f801910f886fde43dc198dc4213708d6967ed5e040a1bb7348aa1cb126577ee508a3ec36fe65256d027d861d6ffb70f6383967a
diff --git a/net-misc/curl/curl-8.5.0-r3.ebuild b/net-misc/curl/curl-8.5.0-r3.ebuild
deleted file mode 100644
index 1ea9264041c8..000000000000
--- a/net-misc/curl/curl-8.5.0-r3.ebuild
+++ /dev/null
@@ -1,370 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/danielstenberg.asc
-inherit autotools multilib-minimal multiprocessing prefix toolchain-funcs verify-sig
-
-DESCRIPTION="A Client that groks URLs"
-HOMEPAGE="https://curl.se/"
-
-if [[ ${PV} == 9999 ]]; then
- inherit git-r3
- EGIT_REPO_URI="https://github.com/curl/curl.git"
-else
- SRC_URI="
- https://curl.se/download/${P}.tar.xz
- verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )
- "
- KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
-fi
-
-LICENSE="BSD curl ISC test? ( BSD-4 )"
-SLOT="0"
-IUSE="+adns +alt-svc brotli +ftp gnutls gopher +hsts +http2 idn +imap kerberos ldap mbedtls nghttp3 +openssl +pop3"
-IUSE+=" +psl +progress-meter rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd"
-# These select the default SSL implementation
-IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls"
-RESTRICT="!test? ( test )"
-
-# Only one default ssl provider can be enabled
-# The default ssl provider needs its USE satisfied
-# nghttp3 = https://bugs.gentoo.org/912029
-REQUIRED_USE="
- ssl? (
- ^^ (
- curl_ssl_gnutls
- curl_ssl_mbedtls
- curl_ssl_openssl
- curl_ssl_rustls
- )
- )
- curl_ssl_gnutls? ( gnutls )
- curl_ssl_mbedtls? ( mbedtls )
- curl_ssl_openssl? ( openssl )
- curl_ssl_rustls? ( rustls )
- nghttp3? (
- !openssl
- alt-svc )
-"
-
-# cURL's docs and CI/CD are great resources for confirming supported versions
-# particulary for fast-moving targets like HTTP/2 and TCP/2 e.g.:
-# - https://github.com/curl/curl/blob/master/docs/INTERNALS.md (core dependencies + minimum versions)
-# - https://github.com/curl/curl/blob/master/docs/HTTP3.md (example of a feature that moves quickly)
-# - https://github.com/curl/curl/blob/master/.github/workflows/quiche-linux.yml (CI/CD for TCP/2)
-# However 'supported' vs 'works' are two entirely different things; be sane but
-# don't be afraid to require a later version.
-
-RDEPEND="
- >=sys-libs/zlib-1.1.4[${MULTILIB_USEDEP}]
- adns? ( net-dns/c-ares:=[${MULTILIB_USEDEP}] )
- brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
- http2? ( >=net-libs/nghttp2-1.12.0:=[${MULTILIB_USEDEP}] )
- idn? ( net-dns/libidn2:=[static-libs?,${MULTILIB_USEDEP}] )
- kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
- ldap? ( >=net-nds/openldap-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
- nghttp3? (
- >=net-libs/nghttp3-0.15.0[${MULTILIB_USEDEP}]
- >=net-libs/ngtcp2-0.19.1[gnutls,ssl,-openssl,${MULTILIB_USEDEP}]
- )
- psl? ( net-libs/libpsl[${MULTILIB_USEDEP}] )
- rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
- ssh? ( >=net-libs/libssh2-1.0.0[${MULTILIB_USEDEP}] )
- ssl? (
- gnutls? (
- app-misc/ca-certificates
- >=net-libs/gnutls-3.1.10:=[static-libs?,${MULTILIB_USEDEP}]
- dev-libs/nettle:=[${MULTILIB_USEDEP}]
- )
- mbedtls? (
- app-misc/ca-certificates
- net-libs/mbedtls:=[${MULTILIB_USEDEP}]
- )
- openssl? (
- >=dev-libs/openssl-0.9.7:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
- )
- rustls? (
- ~net-libs/rustls-ffi-0.10.0:=[${MULTILIB_USEDEP}]
- )
- )
- zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )
-"
-
-DEPEND="${RDEPEND}"
-
-BDEPEND="
- dev-lang/perl
- virtual/pkgconfig
- test? (
- sys-apps/diffutils
- http2? ( >=net-libs/nghttp2-1.15.0:=[utils,${MULTILIB_USEDEP}] )
- nghttp3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] )
- )
- verify-sig? ( sec-keys/openpgp-keys-danielstenberg )
-"
-
-DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
-
-MULTILIB_WRAPPED_HEADERS=(
- /usr/include/curl/curlbuild.h
-)
-
-MULTILIB_CHOST_TOOLS=(
- /usr/bin/curl-config
-)
-
-QA_CONFIG_IMPL_DECL_SKIP=(
- __builtin_available
- closesocket
- CloseSocket
- getpass_r
- ioctlsocket
- IoctlSocket
- mach_absolute_time
- setmode
- _fseeki64
-)
-
-PATCHES=(
- "${FILESDIR}"/${PN}-prefix.patch
- "${FILESDIR}"/${PN}-respect-cflags-3.patch
- "${FILESDIR}"/${P}-ipv6-configure-c99.patch
- "${FILESDIR}"/${P}-mpd-stream-http-adjust_pollset.patch
- "${FILESDIR}"/${PN}-8.6.0-rustls-fixes.patch
-)
-
-src_prepare() {
- default
-
- eprefixify curl-config.in
- eautoreconf
-}
-
-multilib_src_configure() {
- # We make use of the fact that later flags override earlier ones
- # So start with all ssl providers off until proven otherwise
- # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
- local myconf=()
-
- myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
- if use ssl; then
- myconf+=( --without-gnutls --without-mbedtls --without-rustls )
-
- if use gnutls; then
- multilib_is_native_abi && einfo "SSL provided by gnutls"
- myconf+=( --with-gnutls )
- fi
- if use mbedtls; then
- multilib_is_native_abi && einfo "SSL provided by mbedtls"
- myconf+=( --with-mbedtls )
- fi
- if use openssl; then
- multilib_is_native_abi && einfo "SSL provided by openssl"
- myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
- fi
- if use rustls; then
- multilib_is_native_abi && einfo "SSL provided by rustls"
- myconf+=( --with-rustls )
- fi
- if use curl_ssl_gnutls; then
- multilib_is_native_abi && einfo "Default SSL provided by gnutls"
- myconf+=( --with-default-ssl-backend=gnutls )
- elif use curl_ssl_mbedtls; then
- multilib_is_native_abi && einfo "Default SSL provided by mbedtls"
- myconf+=( --with-default-ssl-backend=mbedtls )
- elif use curl_ssl_openssl; then
- multilib_is_native_abi && einfo "Default SSL provided by openssl"
- myconf+=( --with-default-ssl-backend=openssl )
- elif use curl_ssl_rustls; then
- multilib_is_native_abi && einfo "Default SSL provided by rustls"
- myconf+=( --with-default-ssl-backend=rustls )
- else
- eerror "We can't be here because of REQUIRED_USE."
- die "Please file a bug, hit impossible condition w/ USE=ssl handling."
- fi
-
- else
- myconf+=( --without-ssl )
- einfo "SSL disabled"
- fi
-
- # These configuration options are organized alphabetically
- # within each category. This should make it easier if we
- # ever decide to make any of them contingent on USE flags:
- # 1) protocols first. To see them all do
- # 'grep SUPPORT_PROTOCOLS configure.ac'
- # 2) --enable/disable options second.
- # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
- # 3) --with/without options third.
- # grep -- --with configure | grep Check | awk '{ print $4 }' | sort
-
- myconf+=(
- $(use_enable alt-svc)
- --enable-basic-auth
- --enable-bearer-auth
- --enable-digest-auth
- --enable-kerberos-auth
- --enable-negotiate-auth
- --enable-aws
- --enable-dict
- --disable-ech
- --enable-file
- $(use_enable ftp)
- $(use_enable gopher)
- $(use_enable hsts)
- --enable-http
- $(use_enable imap)
- $(use_enable ldap)
- $(use_enable ldap ldaps)
- --enable-ntlm
- --disable-ntlm-wb
- $(use_enable pop3)
- --enable-rt
- --enable-rtsp
- $(use_enable samba smb)
- $(use_with ssh libssh2)
- $(use_enable smtp)
- $(use_enable telnet)
- $(use_enable tftp)
- --enable-tls-srp
- $(use_enable adns ares)
- --enable-cookies
- --enable-dateparse
- --enable-dnsshuffle
- --enable-doh
- --enable-symbol-hiding
- --enable-http-auth
- --enable-ipv6
- --enable-largefile
- --enable-manual
- --enable-mime
- --enable-netrc
- $(use_enable progress-meter)
- --enable-proxy
- --enable-socketpair
- --disable-sspi
- $(use_enable static-libs static)
- --enable-pthreads
- --enable-threaded-resolver
- --disable-versioned-symbols
- --without-amissl
- --without-bearssl
- $(use_with brotli)
- --with-fish-functions-dir="${EPREFIX}"/usr/share/fish/vendor_completions.d
- $(use_with http2 nghttp2)
- --without-hyper
- $(use_with idn libidn2)
- $(use_with kerberos gssapi "${EPREFIX}"/usr)
- --without-libgsasl
- $(use_with psl libpsl)
- --without-msh3
- $(use_with nghttp3)
- $(use_with nghttp3 ngtcp2)
- --without-quiche
- $(use_with rtmp librtmp)
- --without-schannel
- --without-secure-transport
- --without-test-caddy
- --without-test-httpd
- --without-test-nghttpx
- $(use_enable websockets)
- --without-winidn
- --without-wolfssl
- --with-zlib
- $(use_with zstd)
- --with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions
- )
-
- if use test && multilib_is_native_abi && ( use http2 || use nghttp3 ); then
- myconf+=(
- --with-test-nghttpx="${BROOT}/usr/bin/nghttpx"
- )
- fi
-
- if [[ ${CHOST} == *mingw* ]] ; then
- myconf+=(
- --disable-pthreads
- )
- fi
-
- ECONF_SOURCE="${S}" econf "${myconf[@]}"
-
- if ! multilib_is_native_abi; then
- # Avoid building the client (we just want libcurl for multilib)
- sed -i -e '/SUBDIRS/s:src::' Makefile || die
- sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
- fi
-
- # Fix up the pkg-config file to be more robust.
- # https://github.com/curl/curl/issues/864
- local priv=() libs=()
- # We always enable zlib.
- libs+=( "-lz" )
- priv+=( "zlib" )
- if use http2; then
- libs+=( "-lnghttp2" )
- priv+=( "libnghttp2" )
- fi
- if use nghttp3; then
- libs+=( "-lnghttp3" "-lngtcp2" )
- priv+=( "libnghttp3" "libngtcp2" )
- fi
- if use ssl && use curl_ssl_openssl; then
- libs+=( "-lssl" "-lcrypto" )
- priv+=( "openssl" )
- fi
- grep -q Requires.private libcurl.pc && die "need to update ebuild"
- libs=$(printf '|%s' "${libs[@]}")
- sed -i -r \
- -e "/^Libs.private/s:(${libs#|})( |$)::g" \
- libcurl.pc || die
- echo "Requires.private: ${priv[*]}" >> libcurl.pc || die
-}
-
-multilib_src_compile() {
- default
-
- if multilib_is_native_abi; then
- # Shell completions
- ! tc-is-cross-compiler && emake -C scripts
- fi
-}
-
-# There is also a pytest harness that tests for bugs in some very specific
-# situations; we can rely on upstream for this rather than adding additional test deps.
-multilib_src_test() {
- # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
- # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
- # -v: verbose
- # -a: keep going on failure (so we see everything which breaks, not just 1st test)
- # -k: keep test files after completion
- # -am: automake style TAP output
- # -p: print logs if test fails
- # Note: if needed, we can skip specific tests. See e.g. Fedora's packaging
- # or just read https://github.com/curl/curl/tree/master/tests#run.
- # Note: we don't run the testsuite for cross-compilation.
- # Upstream recommend 7*nproc as a starting point for parallel tests, but
- # this ends up breaking when nproc is huge (like -j80).
- # The network sandbox causes tests 241 and 1083 to fail; these are typically skipped
- # as most gentoo users don't have an 'ip6-localhost'
- # Required deps for 1477 are not included in the release tarball for 8.5.0
- # 1474 is flaky and has been removed upstream after the 8.5.0 release.
- multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p -j$((2*$(makeopts_jobs))) !241 !1083 !1477 !1474"
-}
-
-multilib_src_install() {
- emake DESTDIR="${D}" install
-
- if multilib_is_native_abi; then
- # Shell completions
- ! tc-is-cross-compiler && emake -C scripts DESTDIR="${D}" install
- fi
-}
-
-multilib_src_install_all() {
- einstalldocs
- find "${ED}" -type f -name '*.la' -delete || die
- rm -rf "${ED}"/etc/ || die
-}
diff --git a/net-misc/curl/files/curl-8.5.0-ipv6-configure-c99.patch b/net-misc/curl/files/curl-8.5.0-ipv6-configure-c99.patch
deleted file mode 100644
index 68830f8f4717..000000000000
--- a/net-misc/curl/files/curl-8.5.0-ipv6-configure-c99.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-https://github.com/curl/curl/commit/ae75db3527461248b0a7b1686df52200d28d83b9
-
-From ae75db3527461248b0a7b1686df52200d28d83b9 Mon Sep 17 00:00:00 2001
-From: annalee <150648636+a-n-n-a-l-e-e@users.noreply.github.com>
-Date: Fri, 29 Dec 2023 05:43:33 +0000
-Subject: [PATCH] configure: fix no default int compile error in ipv6 detection
-
-Closes #12607
---- a/configure.ac
-+++ b/configure.ac
-@@ -1655,15 +1655,12 @@ AS_HELP_STRING([--disable-ipv6],[Disable IPv6 support]),
- # include <netinet/in6.h>
- #endif
- #endif
--#include <stdlib.h> /* for exit() */
--main()
-+
-+int main(void)
- {
- struct sockaddr_in6 s;
- (void)s;
-- if (socket(AF_INET6, SOCK_STREAM, 0) < 0)
-- exit(1);
-- else
-- exit(0);
-+ return socket(AF_INET6, SOCK_STREAM, 0) < 0;
- }
- ]])
- ],
-
-
diff --git a/net-misc/curl/files/curl-8.5.0-mpd-stream-http-adjust_pollset.patch b/net-misc/curl/files/curl-8.5.0-mpd-stream-http-adjust_pollset.patch
deleted file mode 100644
index 79a16a2cc7b4..000000000000
--- a/net-misc/curl/files/curl-8.5.0-mpd-stream-http-adjust_pollset.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-https://github.com/MusicPlayerDaemon/MPD/issues/1952
-https://github.com/curl/curl/issues/12632
-https://github.com/curl/curl/commit/8e2d7b9fa4264b94bd1d9838c84d16e4cd33fbea
-
-From 8e2d7b9fa4264b94bd1d9838c84d16e4cd33fbea Mon Sep 17 00:00:00 2001
-From: Stefan Eissing <stefan@eissing.org>
-Date: Thu, 4 Jan 2024 10:06:17 +0100
-Subject: [PATCH] http: adjust_pollset fix
-
-do not add a socket for POLLIN when the transfer does not want to send
-(for example is paused).
-
-Follow-up to 47f5b1a
-
-Reported-by: bubbleguuum on github
-Fixes #12632
-Closes #12633
---- a/lib/cf-socket.c
-+++ b/lib/cf-socket.c
-@@ -1243,7 +1243,7 @@ static void cf_socket_adjust_pollset(struct Curl_cfilter *cf,
- if(ctx->sock != CURL_SOCKET_BAD) {
- if(!cf->connected)
- Curl_pollset_set_out_only(data, ps, ctx->sock);
-- else
-+ else if(CURL_WANT_RECV(data))
- Curl_pollset_add_in(data, ps, ctx->sock);
- CURL_TRC_CF(data, cf, "adjust_pollset -> %d socks", ps->num);
- }
---- a/lib/http2.c
-+++ b/lib/http2.c
-@@ -2341,8 +2341,8 @@ static void cf_h2_adjust_pollset(struct Curl_cfilter *cf,
- bool c_exhaust, s_exhaust;
-
- CF_DATA_SAVE(save, cf, data);
-- c_exhaust = !nghttp2_session_get_remote_window_size(ctx->h2);
-- s_exhaust = stream && stream->id >= 0 &&
-+ c_exhaust = want_send && !nghttp2_session_get_remote_window_size(ctx->h2);
-+ s_exhaust = want_send && stream && stream->id >= 0 &&
- !nghttp2_session_get_stream_remote_window_size(ctx->h2,
- stream->id);
- want_recv = (want_recv || c_exhaust || s_exhaust);
---- a/lib/vquic/curl_ngtcp2.c
-+++ b/lib/vquic/curl_ngtcp2.c
-@@ -1166,9 +1166,10 @@ static void cf_ngtcp2_adjust_pollset(struct Curl_cfilter *cf,
- bool c_exhaust, s_exhaust;
-
- CF_DATA_SAVE(save, cf, data);
-- c_exhaust = !ngtcp2_conn_get_cwnd_left(ctx->qconn) ||
-- !ngtcp2_conn_get_max_data_left(ctx->qconn);
-- s_exhaust = stream && stream->id >= 0 && stream->quic_flow_blocked;
-+ c_exhaust = want_send && (!ngtcp2_conn_get_cwnd_left(ctx->qconn) ||
-+ !ngtcp2_conn_get_max_data_left(ctx->qconn));
-+ s_exhaust = want_send && stream && stream->id >= 0 &&
-+ stream->quic_flow_blocked;
- want_recv = (want_recv || c_exhaust || s_exhaust);
- want_send = (!s_exhaust && want_send) ||
- !Curl_bufq_is_empty(&ctx->q.sendbuf);
---- a/lib/vquic/curl_quiche.c
-+++ b/lib/vquic/curl_quiche.c
-@@ -1189,7 +1189,7 @@ static void cf_quiche_adjust_pollset(struct Curl_cfilter *cf,
-
- c_exhaust = FALSE; /* Have not found any call in quiche that tells
- us if the connection itself is blocked */
-- s_exhaust = stream && stream->id >= 0 &&
-+ s_exhaust = want_send && stream && stream->id >= 0 &&
- (stream->quic_flow_blocked || !stream_is_writeable(cf, data));
- want_recv = (want_recv || c_exhaust || s_exhaust);
- want_send = (!s_exhaust && want_send) ||
-
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/curl/files/, net-misc/curl/
@ 2024-05-22 13:19 Matt Jolly
0 siblings, 0 replies; 18+ messages in thread
From: Matt Jolly @ 2024-05-22 13:19 UTC (permalink / raw
To: gentoo-commits
commit: cab1437c13dadf532dca4697e6f3402043bfefae
Author: Matt Jolly <kangie <AT> gentoo <DOT> org>
AuthorDate: Wed May 22 11:46:01 2024 +0000
Commit: Matt Jolly <kangie <AT> gentoo <DOT> org>
CommitDate: Wed May 22 13:17:23 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cab1437c
net-misc/curl: 8.8.0: fix builds with mbedtls 2.x
- Drop `--disable-ntlm-wb` from configure options
- Bring minimum versions in line with 8.8.0/current master
- Update live template to match
Closes: https://bugs.gentoo.org/932442
Closes: https://bugs.gentoo.org/932443
Signed-off-by: Matt Jolly <kangie <AT> gentoo.org>
net-misc/curl/curl-8.8.0.ebuild | 2 +-
net-misc/curl/curl-9999.ebuild | 10 +++----
net-misc/curl/files/curl-8.8.0-mbedtls.patch | 42 ++++++++++++++++++++++++++++
3 files changed, 48 insertions(+), 6 deletions(-)
diff --git a/net-misc/curl/curl-8.8.0.ebuild b/net-misc/curl/curl-8.8.0.ebuild
index 2f3f1a6fc7ae..3910b39f6284 100644
--- a/net-misc/curl/curl-8.8.0.ebuild
+++ b/net-misc/curl/curl-8.8.0.ebuild
@@ -135,6 +135,7 @@ PATCHES=(
"${FILESDIR}"/${PN}-prefix-2.patch
"${FILESDIR}"/${PN}-respect-cflags-3.patch
"${FILESDIR}"/${P}-install-manpage.patch
+ "${FILESDIR}"/${P}-mbedtls.patch
)
src_prepare() {
@@ -221,7 +222,6 @@ multilib_src_configure() {
$(use_enable ldap)
$(use_enable ldap ldaps)
--enable-ntlm
- --disable-ntlm-wb
$(use_enable pop3)
--enable-rt
--enable-rtsp
diff --git a/net-misc/curl/curl-9999.ebuild b/net-misc/curl/curl-9999.ebuild
index 3edcf42e2eb6..ce9a18e91913 100644
--- a/net-misc/curl/curl-9999.ebuild
+++ b/net-misc/curl/curl-9999.ebuild
@@ -63,15 +63,15 @@ REQUIRED_USE="
RDEPEND="
>=sys-libs/zlib-1.1.4[${MULTILIB_USEDEP}]
- adns? ( net-dns/c-ares:=[${MULTILIB_USEDEP}] )
+ adns? ( >=net-dns/c-ares-1.16.0:=[${MULTILIB_USEDEP}] )
brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
http2? ( >=net-libs/nghttp2-1.12.0:=[${MULTILIB_USEDEP}] )
idn? ( net-dns/libidn2:=[static-libs?,${MULTILIB_USEDEP}] )
kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
ldap? ( >=net-nds/openldap-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
nghttp3? (
- >=net-libs/nghttp3-0.15.0[${MULTILIB_USEDEP}]
- >=net-libs/ngtcp2-0.19.1[gnutls,ssl,-openssl,${MULTILIB_USEDEP}]
+ >=net-libs/nghttp3-1.1.0[${MULTILIB_USEDEP}]
+ >=net-libs/ngtcp2-1.2.0[gnutls,ssl,-openssl,${MULTILIB_USEDEP}]
)
psl? ( net-libs/libpsl[${MULTILIB_USEDEP}] )
rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
@@ -90,7 +90,7 @@ RDEPEND="
>=dev-libs/openssl-0.9.7:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
)
rustls? (
- net-libs/rustls-ffi:=[${MULTILIB_USEDEP}]
+ >=net-libs/rustls-ffi-0.13.0:=[${MULTILIB_USEDEP}]
)
)
zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )
@@ -134,6 +134,7 @@ QA_CONFIG_IMPL_DECL_SKIP=(
PATCHES=(
"${FILESDIR}"/${PN}-prefix-2.patch
"${FILESDIR}"/${PN}-respect-cflags-3.patch
+ "${FILESDIR}"/${P}-install-manpage.patch
)
src_prepare() {
@@ -220,7 +221,6 @@ multilib_src_configure() {
$(use_enable ldap)
$(use_enable ldap ldaps)
--enable-ntlm
- --disable-ntlm-wb
$(use_enable pop3)
--enable-rt
--enable-rtsp
diff --git a/net-misc/curl/files/curl-8.8.0-mbedtls.patch b/net-misc/curl/files/curl-8.8.0-mbedtls.patch
new file mode 100644
index 000000000000..8fa4d6ef7cfe
--- /dev/null
+++ b/net-misc/curl/files/curl-8.8.0-mbedtls.patch
@@ -0,0 +1,42 @@
+https://github.com/curl/curl/pull/13749
+From: Stefan Eissing <stefan@eissing.org>
+Date: Wed, 22 May 2024 14:44:56 +0200
+Subject: [PATCH] mbedtls, check version for cipher id
+
+- mbedtls_ssl_get_ciphersuite_id_from_ssl() seems to have
+ been added in mbedtls 3.2.0. Check for that version.
+--- a/lib/vtls/mbedtls.c
++++ b/lib/vtls/mbedtls.c
+@@ -902,8 +902,6 @@ mbed_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data)
+ (struct mbed_ssl_backend_data *)connssl->backend;
+ struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
+ const mbedtls_x509_crt *peercert;
+- char cipher_str[64];
+- uint16_t cipher_id;
+ #ifndef CURL_DISABLE_PROXY
+ const char * const pinnedpubkey = Curl_ssl_cf_is_proxy(cf)?
+ data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY]:
+@@ -932,11 +930,18 @@ mbed_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data)
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+
+- cipher_id = (uint16_t)
+- mbedtls_ssl_get_ciphersuite_id_from_ssl(&backend->ssl);
+- mbed_cipher_suite_get_str(cipher_id, cipher_str, sizeof(cipher_str), true);
+- infof(data, "mbedTLS: Handshake complete, cipher is %s", cipher_str);
+-
++#if MBEDTLS_VERSION_NUMBER >= 0x03020000
++ {
++ char cipher_str[64];
++ uint16_t cipher_id;
++ cipher_id = (uint16_t)
++ mbedtls_ssl_get_ciphersuite_id_from_ssl(&backend->ssl);
++ mbed_cipher_suite_get_str(cipher_id, cipher_str, sizeof(cipher_str), true);
++ infof(data, "mbedTLS: Handshake complete, cipher is %s", cipher_str);
++ }
++#else
++ infof(data, "mbedTLS: Handshake complete");
++#endif
+ ret = mbedtls_ssl_get_verify_result(&backend->ssl);
+
+ if(!conn_config->verifyhost)
^ permalink raw reply related [flat|nested] 18+ messages in thread
end of thread, other threads:[~2024-05-22 13:19 UTC | newest]
Thread overview: 18+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-03-15 5:05 [gentoo-commits] repo/gentoo:master commit in: net-misc/curl/files/, net-misc/curl/ Sam James
-- strict thread matches above, loose matches on Subject: below --
2024-05-22 13:19 Matt Jolly
2024-05-22 7:03 Matt Jolly
2024-05-22 7:03 Matt Jolly
2024-04-01 3:59 Matt Jolly
2024-03-31 6:04 Matt Jolly
2024-01-05 6:10 Sam James
2023-10-10 4:29 Sam James
2023-07-23 1:52 Sam James
2023-05-26 4:30 Sam James
2023-05-26 2:07 Sam James
2023-02-17 5:14 Sam James
2023-02-16 5:08 Sam James
2023-01-13 5:51 Sam James
2022-11-17 1:06 Sam James
2020-07-27 3:15 Sam James
2017-08-18 16:33 Anthony G. Basile
2016-12-30 1:45 Anthony G. Basile
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox