From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 5604A15800A for ; Sun, 23 Jul 2023 01:52:30 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 2D32CE07EC; Sun, 23 Jul 2023 01:52:29 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 02C4CE07EA for ; Sun, 23 Jul 2023 01:52:28 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id B89A9340D4D for ; Sun, 23 Jul 2023 01:52:27 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 19F27BF3 for ; Sun, 23 Jul 2023 01:52:26 +0000 (UTC) From: "Sam James" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sam James" Message-ID: <1690076215.931a75d893debd7a88d4b949e6a872463e798642.sam@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: net-misc/curl/files/, net-misc/curl/ X-VCS-Repository: repo/gentoo X-VCS-Files: net-misc/curl/curl-8.2.0-r1.ebuild net-misc/curl/files/curl-8.2.0-basic-auth.patch net-misc/curl/files/curl-8.2.0-http2-eof.patch X-VCS-Directories: net-misc/curl/files/ net-misc/curl/ X-VCS-Committer: sam X-VCS-Committer-Name: Sam James X-VCS-Revision: 931a75d893debd7a88d4b949e6a872463e798642 X-VCS-Branch: master Date: Sun, 23 Jul 2023 01:52:26 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: cdc94bfc-17a3-4df6-83fe-50de2079e527 X-Archives-Hash: 7444315dec9d412b223f4d80ac05e8d7 commit: 931a75d893debd7a88d4b949e6a872463e798642 Author: Matt Jolly footclan ninja> AuthorDate: Sat Jul 22 22:58:54 2023 +0000 Commit: Sam James gentoo org> CommitDate: Sun Jul 23 01:36:55 2023 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=931a75d8 net-misc/curl: add 8.2.0-r1 Signed-off-by: Matt Jolly footclan.ninja> Signed-off-by: Sam James gentoo.org> net-misc/curl/curl-8.2.0-r1.ebuild | 353 ++++++++++++++++++++++++ net-misc/curl/files/curl-8.2.0-basic-auth.patch | 127 +++++++++ net-misc/curl/files/curl-8.2.0-http2-eof.patch | 32 +++ 3 files changed, 512 insertions(+) diff --git a/net-misc/curl/curl-8.2.0-r1.ebuild b/net-misc/curl/curl-8.2.0-r1.ebuild new file mode 100644 index 000000000000..11500ccb756e --- /dev/null +++ b/net-misc/curl/curl-8.2.0-r1.ebuild @@ -0,0 +1,353 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/danielstenberg.asc +inherit autotools multilib-minimal multiprocessing prefix toolchain-funcs verify-sig + +DESCRIPTION="A Client that groks URLs" +HOMEPAGE="https://curl.se/" + +if [[ ${PV} == 9999 ]]; then + inherit git-r3 + EGIT_REPO_URI="https://github.com/curl/curl.git" +else + SRC_URI=" + https://curl.se/download/${P}.tar.xz + verify-sig? ( https://curl.se/download/${P}.tar.xz.asc ) + " + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" +fi + +LICENSE="curl" +SLOT="0" +IUSE="+adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd" +# These select the default SSL implementation +IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_rustls" +IUSE+=" nghttp3" +RESTRICT="!test? ( test )" + +# Only one default ssl provider can be enabled +# The default ssl provider needs its USE satisfied +REQUIRED_USE=" + ssl? ( + ^^ ( + curl_ssl_gnutls + curl_ssl_mbedtls + curl_ssl_nss + curl_ssl_openssl + curl_ssl_rustls + ) + ) + curl_ssl_gnutls? ( gnutls ) + curl_ssl_mbedtls? ( mbedtls ) + curl_ssl_nss? ( nss ) + curl_ssl_openssl? ( openssl ) + curl_ssl_rustls? ( rustls ) +" + +RDEPEND=" + sys-libs/zlib[${MULTILIB_USEDEP}] + adns? ( net-dns/c-ares:=[${MULTILIB_USEDEP}] ) + brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] ) + http2? ( >=net-libs/nghttp2-1.15.0:=[${MULTILIB_USEDEP}] ) + idn? ( net-dns/libidn2:=[static-libs?,${MULTILIB_USEDEP}] ) + kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] ) + ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] ) + nghttp3? ( + net-libs/nghttp3[${MULTILIB_USEDEP}] + net-libs/ngtcp2[ssl,${MULTILIB_USEDEP}] + ) + rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] ) + ssh? ( net-libs/libssh2[${MULTILIB_USEDEP}] ) + ssl? ( + gnutls? ( + app-misc/ca-certificates + net-libs/gnutls:=[static-libs?,${MULTILIB_USEDEP}] + dev-libs/nettle:=[${MULTILIB_USEDEP}] + ) + mbedtls? ( + app-misc/ca-certificates + net-libs/mbedtls:=[${MULTILIB_USEDEP}] + ) + nss? ( + app-misc/ca-certificates + dev-libs/nss[${MULTILIB_USEDEP}] + dev-libs/nss-pem + ) + openssl? ( + dev-libs/openssl:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}] + ) + rustls? ( + net-libs/rustls-ffi:=[${MULTILIB_USEDEP}] + ) + ) + zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] ) +" +DEPEND="${RDEPEND}" +BDEPEND=" + dev-lang/perl + virtual/pkgconfig + test? ( + sys-apps/diffutils + http2? ( >=net-libs/nghttp2-1.15.0:=[utils,${MULTILIB_USEDEP}] ) + nghttp3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] ) + ) + verify-sig? ( sec-keys/openpgp-keys-danielstenberg ) +" + +DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} ) + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/curl/curlbuild.h +) + +MULTILIB_CHOST_TOOLS=( + /usr/bin/curl-config +) + +QA_CONFIG_IMPL_DECL_SKIP=( + __builtin_available + closesocket + CloseSocket + getpass_r + ioctlsocket + IoctlSocket + mach_absolute_time + setmode +) + +PATCHES=( + "${FILESDIR}"/${PN}-prefix.patch + "${FILESDIR}"/${PN}-respect-cflags-3.patch + "${FILESDIR}"/${PN}-8.2.0-basic-auth.patch + "${FILESDIR}"/${PN}-8.2.0-http2-eof.patch +) + +src_prepare() { + default + + eprefixify curl-config.in + eautoreconf +} + +multilib_src_configure() { + # We make use of the fact that later flags override earlier ones + # So start with all ssl providers off until proven otherwise + # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/) + local myconf=() + + myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt ) + if use ssl; then + myconf+=( --without-gnutls --without-mbedtls --without-nss --without-rustls ) + + if use gnutls; then + multilib_is_native_abi && einfo "SSL provided by gnutls" + myconf+=( --with-gnutls ) + fi + if use mbedtls; then + multilib_is_native_abi && einfo "SSL provided by mbedtls" + myconf+=( --with-mbedtls ) + fi + if use nss; then + multilib_is_native_abi && einfo "SSL provided by nss" + myconf+=( --with-nss --with-nss-deprecated ) + fi + if use openssl; then + multilib_is_native_abi && einfo "SSL provided by openssl" + myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs ) + fi + if use rustls; then + multilib_is_native_abi && einfo "SSL provided by rustls" + myconf+=( --with-rustls ) + fi + if use curl_ssl_gnutls; then + multilib_is_native_abi && einfo "Default SSL provided by gnutls" + myconf+=( --with-default-ssl-backend=gnutls ) + elif use curl_ssl_mbedtls; then + multilib_is_native_abi && einfo "Default SSL provided by mbedtls" + myconf+=( --with-default-ssl-backend=mbedtls ) + elif use curl_ssl_nss; then + multilib_is_native_abi && einfo "Default SSL provided by nss" + myconf+=( --with-default-ssl-backend=nss ) + elif use curl_ssl_openssl; then + multilib_is_native_abi && einfo "Default SSL provided by openssl" + myconf+=( --with-default-ssl-backend=openssl ) + elif use curl_ssl_rustls; then + multilib_is_native_abi && einfo "Default SSL provided by rustls" + myconf+=( --with-default-ssl-backend=rustls ) + else + eerror "We can't be here because of REQUIRED_USE." + die "Please file a bug, hit impossible condition w/ USE=ssl handling." + fi + + else + myconf+=( --without-ssl ) + einfo "SSL disabled" + fi + + # These configuration options are organized alphabetically + # within each category. This should make it easier if we + # ever decide to make any of them contingent on USE flags: + # 1) protocols first. To see them all do + # 'grep SUPPORT_PROTOCOLS configure.ac' + # 2) --enable/disable options second. + # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort + # 3) --with/without options third. + # grep -- --with configure | grep Check | awk '{ print $4 }' | sort + + myconf+=( + $(use_enable alt-svc) + --enable-crypto-auth + --enable-dict + --disable-ech + --enable-file + $(use_enable ftp) + $(use_enable gopher) + $(use_enable hsts) + --enable-http + $(use_enable imap) + $(use_enable ldap) + $(use_enable ldap ldaps) + --enable-ntlm + --disable-ntlm-wb + $(use_enable pop3) + --enable-rt + --enable-rtsp + $(use_enable samba smb) + $(use_with ssh libssh2) + $(use_enable smtp) + $(use_enable telnet) + $(use_enable tftp) + --enable-tls-srp + $(use_enable adns ares) + --enable-cookies + --enable-dateparse + --enable-dnsshuffle + --enable-doh + --enable-symbol-hiding + --enable-http-auth + --enable-ipv6 + --enable-largefile + --enable-manual + --enable-mime + --enable-netrc + $(use_enable progress-meter) + --enable-proxy + --enable-socketpair + --disable-sspi + $(use_enable static-libs static) + --enable-pthreads + --enable-threaded-resolver + --disable-versioned-symbols + --without-amissl + --without-bearssl + $(use_with brotli) + --with-fish-functions-dir="${EPREFIX}"/usr/share/fish/vendor_completions.d + $(use_with http2 nghttp2) + --without-hyper + $(use_with idn libidn2) + $(use_with kerberos gssapi "${EPREFIX}"/usr) + --without-libgsasl + --without-libpsl + --without-msh3 + $(use_with nghttp3) + $(use_with nghttp3 ngtcp2) + --without-quiche + $(use_with rtmp librtmp) + --without-schannel + --without-secure-transport + --without-test-caddy + --without-test-httpd + --without-test-nghttpx + $(use_enable websockets) + --without-winidn + --without-wolfssl + --with-zlib + $(use_with zstd) + --with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions + ) + + if use test && multilib_is_native_abi && ( use http2 || use nghttp3 ); then + myconf+=( + --with-test-nghttpx="${BROOT}/usr/bin/nghttpx" + ) + fi + + ECONF_SOURCE="${S}" econf "${myconf[@]}" + + if ! multilib_is_native_abi; then + # Avoid building the client (we just want libcurl for multilib) + sed -i -e '/SUBDIRS/s:src::' Makefile || die + sed -i -e '/SUBDIRS/s:scripts::' Makefile || die + fi + + # Fix up the pkg-config file to be more robust. + # https://github.com/curl/curl/issues/864 + local priv=() libs=() + # We always enable zlib. + libs+=( "-lz" ) + priv+=( "zlib" ) + if use http2; then + libs+=( "-lnghttp2" ) + priv+=( "libnghttp2" ) + fi + if use nghttp3; then + libs+=( "-lnghttp3" "-lngtcp2" ) + priv+=( "libnghttp3" "libngtcp2" ) + fi + if use ssl && use curl_ssl_openssl; then + libs+=( "-lssl" "-lcrypto" ) + priv+=( "openssl" ) + fi + grep -q Requires.private libcurl.pc && die "need to update ebuild" + libs=$(printf '|%s' "${libs[@]}") + sed -i -r \ + -e "/^Libs.private/s:(${libs#|})( |$)::g" \ + libcurl.pc || die + echo "Requires.private: ${priv[*]}" >> libcurl.pc || die +} + +multilib_src_compile() { + default + + if multilib_is_native_abi; then + # Shell completions + ! tc-is-cross-compiler && emake -C scripts + fi +} + +# There is also a pytest harness that tests for bugs in some very specific +# situations; we can rely on upstream for this rather than adding additional test deps. +multilib_src_test() { + # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721 + # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches) + # -v: verbose + # -a: keep going on failure (so we see everything which breaks, not just 1st test) + # -k: keep test files after completion + # -am: automake style TAP output + # -p: print logs if test fails + # Note: if needed, we can skip specific tests. See e.g. Fedora's packaging + # or just read https://github.com/curl/curl/tree/master/tests#run. + # Note: we don't run the testsuite for cross-compilation. + # Upstream recommend 7*nproc as a starting point for parallel tests. + # The network sandbox causes tests 241 and 1083 to fail; these are typically skipped + # as most gentoo users don't have an 'ip6-localhost' + multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p -j$((7*$(makeopts_jobs))) !241 !1083" +} + +multilib_src_install() { + emake DESTDIR="${D}" install + + if multilib_is_native_abi; then + # Shell completions + ! tc-is-cross-compiler && emake -C scripts DESTDIR="${D}" install + fi +} + +multilib_src_install_all() { + einstalldocs + find "${ED}" -type f -name '*.la' -delete || die + rm -rf "${ED}"/etc/ || die +} diff --git a/net-misc/curl/files/curl-8.2.0-basic-auth.patch b/net-misc/curl/files/curl-8.2.0-basic-auth.patch new file mode 100644 index 000000000000..899ffb75a878 --- /dev/null +++ b/net-misc/curl/files/curl-8.2.0-basic-auth.patch @@ -0,0 +1,127 @@ +Patch-Source: https://github.com/curl/curl/pull/11492 +-- +From 0470577eb4524f09d245e9e6afd42ba8677a5a19 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Thu, 20 Jul 2023 23:20:50 +0200 +Subject: [PATCH 1/2] test979: test -u with redirect to (the same) absolute + host + +--- + tests/data/Makefile.inc | 1 + + tests/data/test979 | 64 +++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 65 insertions(+) + create mode 100644 tests/data/test979 + +diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc +index 8ee1394d4e562..12aefb14c0d1b 100644 +--- a/tests/data/Makefile.inc ++++ b/tests/data/Makefile.inc +@@ -122,6 +122,7 @@ test943 test944 test945 test946 test947 test948 test949 test950 test951 \ + test952 test953 test954 test955 test956 test957 test958 test959 test960 \ + test961 test962 test963 test964 test965 test966 test967 test968 test969 \ + test970 test971 test972 test973 test974 test975 test976 test977 test978 \ ++test979 \ + \ + test980 test981 test982 test983 test984 test985 test986 test987 test988 \ + test989 \ +diff --git a/tests/data/test979 b/tests/data/test979 +new file mode 100644 +index 0000000000000..40cc35044d9f6 +--- /dev/null ++++ b/tests/data/test979 +@@ -0,0 +1,64 @@ ++ ++ ++ ++HTTP ++HTTP GET ++Basic ++ ++ ++ ++# ++# Server-side ++ ++ ++HTTP/1.1 302 go go go ++Content-Length: 8 ++Location: http://%HOSTIP:%HTTPPORT/user/%TESTNUMBER0002 ++Content-Type: text/html ++Funny-head: yesyes ++ ++notreal ++ ++ ++HTTP/1.1 200 OK ++Content-Length: 6 ++Content-Type: text/html ++Funny-head: yesyes ++ ++final ++ ++ ++ ++# ++# Client-side ++ ++ ++http ++ ++ ++-u with redirect to absolute URL using same origin and auth ++ ++ ++http://first:secret@%HOSTIP:%HTTPPORT/%TESTNUMBER -L -u smith:doggie ++ ++ ++ ++# ++# Verify data after the test has been "shot" ++ ++ ++GET /%TESTNUMBER HTTP/1.1 ++Host: %HOSTIP:%HTTPPORT ++Authorization: Basic c21pdGg6ZG9nZ2ll ++User-Agent: curl/%VERSION ++Accept: */* ++ ++GET /user/%TESTNUMBER0002 HTTP/1.1 ++Host: %HOSTIP:%HTTPPORT ++Authorization: Basic c21pdGg6ZG9nZ2ll ++User-Agent: curl/%VERSION ++Accept: */* ++ ++ ++ ++ + +From c1effdfe658ae505e8ea65e5f46d810c4b8d81cb Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Thu, 20 Jul 2023 23:28:19 +0200 +Subject: [PATCH 2/2] transfer: do not clear the credentials on redirect to + absolute URL + +Makes test 979 work. Regression shipped in 8.2.0 from commit +dd4d1a26959f63a2c + +Fixes #11486 +Reported-by: Cloudogu Siebels +--- + lib/transfer.c | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/lib/transfer.c b/lib/transfer.c +index 52cd6a0153673..b678004b95ad2 100644 +--- a/lib/transfer.c ++++ b/lib/transfer.c +@@ -1558,10 +1558,6 @@ CURLcode Curl_follow(struct Curl_easy *data, + /* If this is not redirect due to a 401 or 407 response and an absolute + URL: don't allow a custom port number */ + disallowport = TRUE; +- if(!data->set.allow_auth_to_other_hosts) { +- Curl_safefree(data->state.aptr.user); +- Curl_safefree(data->state.aptr.passwd); +- } + } + + DEBUGASSERT(data->state.uh); diff --git a/net-misc/curl/files/curl-8.2.0-http2-eof.patch b/net-misc/curl/files/curl-8.2.0-http2-eof.patch new file mode 100644 index 000000000000..0040a3c6560e --- /dev/null +++ b/net-misc/curl/files/curl-8.2.0-http2-eof.patch @@ -0,0 +1,32 @@ +Patch-Source: https://github.com/curl/curl/commit/f9314f317f017e19e1802ce04ceeae620ca2cd71 +-- +From: Stefan Eissing +Date: Thu, 20 Jul 2023 13:08:00 +0200 +Subject: [PATCH] http2: fix regression on upload EOF handling + +- a regression introduced by c9ec85121110d7cbbbed2990024222c8f5b8afe5 + where optimization of small POST bodies leads to a new code path + for such uploads that did not trigger the "done sending" event +- add triggering this event for early "upload_done" situations + +Fixes #11485 +Closes #11487 +Reported-by: Aleksander Mazur +--- + lib/http.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/lib/http.c b/lib/http.c +index f851bcd4a3443..e04028b3fec54 100644 +--- a/lib/http.c ++++ b/lib/http.c +@@ -3380,6 +3380,9 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) + } + } + ++ if(data->req.upload_done) ++ Curl_conn_ev_data_done_send(data); ++ + if((conn->httpversion >= 20) && data->req.upload_chunky) + /* upload_chunky was set above to set up the request in a chunky fashion, + but is disabled here again to avoid that the chunked encoded version is