From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1634182-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id BEFD11581D3
	for <garchives@archives.gentoo.org>; Wed, 22 May 2024 13:19:36 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 05635E2A2D;
	Wed, 22 May 2024 13:19:35 +0000 (UTC)
Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id A26FBE2A2F
	for <gentoo-commits@lists.gentoo.org>; Wed, 22 May 2024 13:19:34 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id E4877341214
	for <gentoo-commits@lists.gentoo.org>; Wed, 22 May 2024 13:19:33 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 48DCD1B32
	for <gentoo-commits@lists.gentoo.org>; Wed, 22 May 2024 13:19:31 +0000 (UTC)
From: "Matt Jolly" <kangie@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Matt Jolly" <kangie@gentoo.org>
Message-ID: <1716383843.cab1437c13dadf532dca4697e6f3402043bfefae.kangie@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: net-misc/curl/files/, net-misc/curl/
X-VCS-Repository: repo/gentoo
X-VCS-Files: net-misc/curl/curl-8.8.0.ebuild net-misc/curl/curl-9999.ebuild net-misc/curl/files/curl-8.8.0-mbedtls.patch
X-VCS-Directories: net-misc/curl/files/ net-misc/curl/
X-VCS-Committer: kangie
X-VCS-Committer-Name: Matt Jolly
X-VCS-Revision: cab1437c13dadf532dca4697e6f3402043bfefae
X-VCS-Branch: master
Date: Wed, 22 May 2024 13:19:31 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: d548436b-9e30-4b1f-bc5d-c3d84c0fa08c
X-Archives-Hash: af75a177a79c65cc5f0ca02e7c41af7d

commit:     cab1437c13dadf532dca4697e6f3402043bfefae
Author:     Matt Jolly <kangie <AT> gentoo <DOT> org>
AuthorDate: Wed May 22 11:46:01 2024 +0000
Commit:     Matt Jolly <kangie <AT> gentoo <DOT> org>
CommitDate: Wed May 22 13:17:23 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cab1437c

net-misc/curl: 8.8.0: fix builds with mbedtls 2.x

- Drop `--disable-ntlm-wb` from configure options
- Bring minimum versions in line with 8.8.0/current master
- Update live template to match

Closes: https://bugs.gentoo.org/932442
Closes: https://bugs.gentoo.org/932443
Signed-off-by: Matt Jolly <kangie <AT> gentoo.org>

 net-misc/curl/curl-8.8.0.ebuild              |  2 +-
 net-misc/curl/curl-9999.ebuild               | 10 +++----
 net-misc/curl/files/curl-8.8.0-mbedtls.patch | 42 ++++++++++++++++++++++++++++
 3 files changed, 48 insertions(+), 6 deletions(-)

diff --git a/net-misc/curl/curl-8.8.0.ebuild b/net-misc/curl/curl-8.8.0.ebuild
index 2f3f1a6fc7ae..3910b39f6284 100644
--- a/net-misc/curl/curl-8.8.0.ebuild
+++ b/net-misc/curl/curl-8.8.0.ebuild
@@ -135,6 +135,7 @@ PATCHES=(
 	"${FILESDIR}"/${PN}-prefix-2.patch
 	"${FILESDIR}"/${PN}-respect-cflags-3.patch
 	"${FILESDIR}"/${P}-install-manpage.patch
+	"${FILESDIR}"/${P}-mbedtls.patch
 )
 
 src_prepare() {
@@ -221,7 +222,6 @@ multilib_src_configure() {
 		$(use_enable ldap)
 		$(use_enable ldap ldaps)
 		--enable-ntlm
-		--disable-ntlm-wb
 		$(use_enable pop3)
 		--enable-rt
 		--enable-rtsp

diff --git a/net-misc/curl/curl-9999.ebuild b/net-misc/curl/curl-9999.ebuild
index 3edcf42e2eb6..ce9a18e91913 100644
--- a/net-misc/curl/curl-9999.ebuild
+++ b/net-misc/curl/curl-9999.ebuild
@@ -63,15 +63,15 @@ REQUIRED_USE="
 
 RDEPEND="
 	>=sys-libs/zlib-1.1.4[${MULTILIB_USEDEP}]
-	adns? ( net-dns/c-ares:=[${MULTILIB_USEDEP}] )
+	adns? ( >=net-dns/c-ares-1.16.0:=[${MULTILIB_USEDEP}] )
 	brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
 	http2? ( >=net-libs/nghttp2-1.12.0:=[${MULTILIB_USEDEP}] )
 	idn? ( net-dns/libidn2:=[static-libs?,${MULTILIB_USEDEP}] )
 	kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
 	ldap? ( >=net-nds/openldap-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
 	nghttp3? (
-		>=net-libs/nghttp3-0.15.0[${MULTILIB_USEDEP}]
-		>=net-libs/ngtcp2-0.19.1[gnutls,ssl,-openssl,${MULTILIB_USEDEP}]
+		>=net-libs/nghttp3-1.1.0[${MULTILIB_USEDEP}]
+		>=net-libs/ngtcp2-1.2.0[gnutls,ssl,-openssl,${MULTILIB_USEDEP}]
 	)
 	psl? ( net-libs/libpsl[${MULTILIB_USEDEP}] )
 	rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
@@ -90,7 +90,7 @@ RDEPEND="
 			>=dev-libs/openssl-0.9.7:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
 		)
 		rustls? (
-			net-libs/rustls-ffi:=[${MULTILIB_USEDEP}]
+			>=net-libs/rustls-ffi-0.13.0:=[${MULTILIB_USEDEP}]
 		)
 	)
 	zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )
@@ -134,6 +134,7 @@ QA_CONFIG_IMPL_DECL_SKIP=(
 PATCHES=(
 	"${FILESDIR}"/${PN}-prefix-2.patch
 	"${FILESDIR}"/${PN}-respect-cflags-3.patch
+	"${FILESDIR}"/${P}-install-manpage.patch
 )
 
 src_prepare() {
@@ -220,7 +221,6 @@ multilib_src_configure() {
 		$(use_enable ldap)
 		$(use_enable ldap ldaps)
 		--enable-ntlm
-		--disable-ntlm-wb
 		$(use_enable pop3)
 		--enable-rt
 		--enable-rtsp

diff --git a/net-misc/curl/files/curl-8.8.0-mbedtls.patch b/net-misc/curl/files/curl-8.8.0-mbedtls.patch
new file mode 100644
index 000000000000..8fa4d6ef7cfe
--- /dev/null
+++ b/net-misc/curl/files/curl-8.8.0-mbedtls.patch
@@ -0,0 +1,42 @@
+https://github.com/curl/curl/pull/13749
+From: Stefan Eissing <stefan@eissing.org>
+Date: Wed, 22 May 2024 14:44:56 +0200
+Subject: [PATCH] mbedtls, check version for cipher id
+
+- mbedtls_ssl_get_ciphersuite_id_from_ssl() seems to have
+  been added in mbedtls 3.2.0. Check for that version.
+--- a/lib/vtls/mbedtls.c
++++ b/lib/vtls/mbedtls.c
+@@ -902,8 +902,6 @@ mbed_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data)
+     (struct mbed_ssl_backend_data *)connssl->backend;
+   struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
+   const mbedtls_x509_crt *peercert;
+-  char cipher_str[64];
+-  uint16_t cipher_id;
+ #ifndef CURL_DISABLE_PROXY
+   const char * const pinnedpubkey = Curl_ssl_cf_is_proxy(cf)?
+     data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY]:
+@@ -932,11 +930,18 @@ mbed_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data)
+     return CURLE_SSL_CONNECT_ERROR;
+   }
+ 
+-  cipher_id = (uint16_t)
+-              mbedtls_ssl_get_ciphersuite_id_from_ssl(&backend->ssl);
+-  mbed_cipher_suite_get_str(cipher_id, cipher_str, sizeof(cipher_str), true);
+-  infof(data, "mbedTLS: Handshake complete, cipher is %s", cipher_str);
+-
++#if MBEDTLS_VERSION_NUMBER >= 0x03020000
++  {
++    char cipher_str[64];
++    uint16_t cipher_id;
++    cipher_id = (uint16_t)
++                mbedtls_ssl_get_ciphersuite_id_from_ssl(&backend->ssl);
++    mbed_cipher_suite_get_str(cipher_id, cipher_str, sizeof(cipher_str), true);
++    infof(data, "mbedTLS: Handshake complete, cipher is %s", cipher_str);
++  }
++#else
++  infof(data, "mbedTLS: Handshake complete");
++#endif
+   ret = mbedtls_ssl_get_verify_result(&backend->ssl);
+ 
+   if(!conn_config->verifyhost)