* [gentoo-commits] repo/proj/libressl:master commit in: net-misc/curl/files/, net-misc/curl/
@ 2024-10-15 23:43 orbea
0 siblings, 0 replies; 3+ messages in thread
From: orbea @ 2024-10-15 23:43 UTC (permalink / raw
To: gentoo-commits
commit: 933387194f2ad524c99a90bd7cb0405d0b30f5aa
Author: orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Tue Oct 15 23:39:13 2024 +0000
Commit: orbea <orbea <AT> riseup <DOT> net>
CommitDate: Tue Oct 15 23:40:26 2024 +0000
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=93338719
net-misc/curl: new package, add 8.9.1-r1, 8.10.1
Make it easier to use quic with LibreSSL via ngtcp2.
Signed-off-by: orbea <orbea <AT> riseup.net>
net-misc/curl/Manifest | 4 +
net-misc/curl/curl-8.10.1.ebuild | 381 ++++++++++++++++++++
net-misc/curl/curl-8.9.1-r1.ebuild | 382 +++++++++++++++++++++
net-misc/curl/files/curl-8.7.1-chunked-post.patch | 57 +++
.../files/curl-8.7.1-fix-compress-option.patch | 153 +++++++++
.../curl/files/curl-8.7.1-http2-git-clone.patch | 342 ++++++++++++++++++
net-misc/curl/files/curl-8.7.1-rustls-fixes.patch | 49 +++
.../curl/files/curl-8.8.0-install-manpage.patch | 22 ++
net-misc/curl/files/curl-8.8.0-mbedtls.patch | 42 +++
.../curl/files/curl-8.8.0-multi_wait-timeout.patch | 75 ++++
net-misc/curl/files/curl-8.9.1-sigpipe.patch | 26 ++
net-misc/curl/files/curl-prefix-2.patch | 34 ++
net-misc/curl/files/curl-prefix.patch | 21 ++
net-misc/curl/files/curl-respect-cflags-3.patch | 14 +
net-misc/curl/metadata.xml | 44 +++
15 files changed, 1646 insertions(+)
diff --git a/net-misc/curl/Manifest b/net-misc/curl/Manifest
new file mode 100644
index 0000000..9748763
--- /dev/null
+++ b/net-misc/curl/Manifest
@@ -0,0 +1,4 @@
+DIST curl-8.10.1.tar.xz 2726748 BLAKE2B bfdfa24f6d652884044c5e8eea5d70daad651b46255c99c9df502f9595a2dcbf8c4034446becf9e87f8e8a3f397a8fda29ab3e0d6020ac0dae62dd42b8136b78 SHA512 f1c7a12492dcfb8ba08be69b96a83ce9074592cbaa6b95c72b3c16fc58ad35e9f9deec7b72baca7d360d013b0b1c7ea38bd4edae464903ac67aa3c76238d8c6c
+DIST curl-8.10.1.tar.xz.asc 488 BLAKE2B 8e8f2b628d4e8964a76c1c43c5557aacbfc2d2dbc51be8a0fa1b157c257f15f29aedba842cba7cb270c4adcf0b4a5d9c8b0b3d49633c48b061fb3e1472303d66 SHA512 21d6d560c027efc9e3e5db182a77501d6376442221ba910df817e2ec980bee44a9fe2afc698205f8d5e8313ae47915a341d60206a46b46e816d73ee357a894ac
+DIST curl-8.9.1.tar.xz 2782364 BLAKE2B 6e38e20e2b03ab5bfbb8d9797442dfdd9644fc80d7b1f7c1efb1f44e0d730524e82ccf7413b2c6f4555bd61ae42f91ec7c0201e2c0d563811c85164aa234aada SHA512 a0fe234402875db194aad4e4208b7e67e7ffc1562622eea90948d4b9b0122c95c3dde8bbe2f7445a687cb3de7cb09f20e5819d424570442d976aa4c913227fc7
+DIST curl-8.9.1.tar.xz.asc 488 BLAKE2B 437268f6e5ba5db73f205fd87f3ded1e5fc200e8bf63a83cdb7e21dfbf2f4a4620e598cd0bf5d8fa1548ade08d45b386599542cd988df46a238b85790409f42e SHA512 18acd58436d70900ab6912b84774da2c451b9dbfc83d6d00f85bbbe7894b67075918e58956fdb753fcc1486e4f10caa31139d7c68b037d7c83dc2e9c2fae9f9b
diff --git a/net-misc/curl/curl-8.10.1.ebuild b/net-misc/curl/curl-8.10.1.ebuild
new file mode 100644
index 0000000..f49ba20
--- /dev/null
+++ b/net-misc/curl/curl-8.10.1.ebuild
@@ -0,0 +1,381 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Maintainers should subscribe to the 'curl-distros' ML for backports etc
+# https://daniel.haxx.se/blog/2024/03/25/curl-distro-report/
+# https://lists.haxx.se/listinfo/curl-distros
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/danielstenberg.asc
+inherit autotools multilib-minimal multiprocessing prefix toolchain-funcs verify-sig
+
+DESCRIPTION="A Client that groks URLs"
+HOMEPAGE="https://curl.se/"
+
+if [[ ${PV} == 9999 ]]; then
+ inherit git-r3
+ EGIT_REPO_URI="https://github.com/curl/curl.git"
+else
+ SRC_URI="
+ https://curl.se/download/${P}.tar.xz
+ verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )
+ "
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+fi
+
+LICENSE="BSD curl ISC test? ( BSD-4 )"
+SLOT="0"
+IUSE="+adns +alt-svc brotli debug +ftp gnutls gopher +hsts +http2 +http3 idn +imap kerberos ldap mbedtls +openssl +pop3"
+IUSE+=" +psl +progress-meter +quic rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp +websockets zstd"
+# These select the default tls implementation / which quic impl to use
+IUSE+=" +curl_quic_openssl curl_quic_ngtcp2 curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls"
+RESTRICT="!test? ( test )"
+
+# Only one default ssl / quic provider can be enabled
+# The default provider needs its USE satisfied
+# HTTP/3 and MultiSSL are mutually exclusive; it's not clear if MultiSSL offers any benefit at all in the modern day.
+# https://github.com/curl/curl/commit/65ece771f4602107d9cdd339dff4b420280a2c2e
+REQUIRED_USE="
+ quic? (
+ ^^ (
+ curl_quic_openssl
+ curl_quic_ngtcp2
+ )
+ http3
+ ssl
+ )
+ ssl? (
+ ^^ (
+ curl_ssl_gnutls
+ curl_ssl_mbedtls
+ curl_ssl_openssl
+ curl_ssl_rustls
+ )
+ )
+ curl_quic_openssl? (
+ curl_ssl_openssl
+ quic
+ !gnutls
+ !mbedtls
+ !rustls
+ )
+ curl_quic_ngtcp2? (
+ quic
+ !mbedtls
+ !rustls
+ )
+ curl_ssl_gnutls? ( gnutls )
+ curl_ssl_mbedtls? ( mbedtls )
+ curl_ssl_openssl? ( openssl )
+ curl_ssl_rustls? ( rustls )
+ http3? ( alt-svc quic )
+"
+
+# cURL's docs and CI/CD are great resources for confirming supported versions
+# particulary for fast-moving targets like HTTP/2 and TCP/2 e.g.:
+# - https://github.com/curl/curl/blob/master/docs/INTERNALS.md (core dependencies + minimum versions)
+# - https://github.com/curl/curl/blob/master/docs/HTTP3.md (example of a feature that moves quickly)
+# - https://github.com/curl/curl/blob/master/.github/workflows/http3-linux.yml (CI/CD for TCP/2)
+# However 'supported' vs 'works' are two entirely different things; be sane but
+# don't be afraid to require a later version.
+# ngtcp2 = https://bugs.gentoo.org/912029 - can only build with one tls backend at a time.
+RDEPEND="
+ >=sys-libs/zlib-1.1.4[${MULTILIB_USEDEP}]
+ adns? ( >=net-dns/c-ares-1.16.0:=[${MULTILIB_USEDEP}] )
+ brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
+ http2? ( >=net-libs/nghttp2-1.15.0:=[${MULTILIB_USEDEP}] )
+ http3? ( >=net-libs/nghttp3-1.1.0[${MULTILIB_USEDEP}] )
+ idn? ( >=net-dns/libidn2-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
+ kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
+ ldap? ( >=net-nds/openldap-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
+ psl? ( net-libs/libpsl[${MULTILIB_USEDEP}] )
+ quic? (
+ curl_quic_openssl? ( >=dev-libs/openssl-3.3.0:=[quic,${MULTILIB_USEDEP}] )
+ curl_quic_ngtcp2? ( >=net-libs/ngtcp2-1.2.0[ssl,${MULTILIB_USEDEP}] )
+ )
+ rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
+ ssh? ( >=net-libs/libssh2-1.0.0[${MULTILIB_USEDEP}] )
+ ssl? (
+ gnutls? (
+ app-misc/ca-certificates
+ >=net-libs/gnutls-3.1.10:=[static-libs?,${MULTILIB_USEDEP}]
+ dev-libs/nettle:=[${MULTILIB_USEDEP}]
+ )
+ mbedtls? (
+ app-misc/ca-certificates
+ net-libs/mbedtls:=[${MULTILIB_USEDEP}]
+ )
+ openssl? (
+ >=dev-libs/openssl-0.9.7:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
+ )
+ rustls? (
+ >=net-libs/rustls-ffi-0.13.0:=[${MULTILIB_USEDEP}]
+ )
+ )
+ zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )
+"
+
+DEPEND="${RDEPEND}"
+
+BDEPEND="
+ dev-lang/perl
+ virtual/pkgconfig
+ test? (
+ sys-apps/diffutils
+ http2? ( >=net-libs/nghttp2-1.15.0:=[utils,${MULTILIB_USEDEP}] )
+ http3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] )
+ )
+ verify-sig? ( sec-keys/openpgp-keys-danielstenberg )
+"
+
+DOCS=( README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
+
+MULTILIB_WRAPPED_HEADERS=(
+ /usr/include/curl/curlbuild.h
+)
+
+MULTILIB_CHOST_TOOLS=(
+ /usr/bin/curl-config
+)
+
+QA_CONFIG_IMPL_DECL_SKIP=(
+ __builtin_available
+ closesocket
+ CloseSocket
+ getpass_r
+ ioctlsocket
+ IoctlSocket
+ mach_absolute_time
+ setmode
+ _fseeki64
+ # custom AC_LINK_IFELSE code fails to link even without -Werror
+ OSSL_QUIC_client_method
+)
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-prefix-2.patch
+ "${FILESDIR}"/${PN}-respect-cflags-3.patch
+)
+
+src_prepare() {
+ default
+
+ eprefixify curl-config.in
+ eautoreconf
+}
+
+multilib_src_configure() {
+ # We make use of the fact that later flags override earlier ones
+ # So start with all ssl providers off until proven otherwise
+ # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
+ local myconf=()
+
+ myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
+ if use ssl; then
+ myconf+=( --without-gnutls --without-mbedtls --without-rustls )
+
+ if use gnutls; then
+ multilib_is_native_abi && einfo "SSL provided by gnutls"
+ myconf+=( --with-gnutls )
+ fi
+ if use mbedtls; then
+ multilib_is_native_abi && einfo "SSL provided by mbedtls"
+ myconf+=( --with-mbedtls )
+ fi
+ if use openssl; then
+ multilib_is_native_abi && einfo "SSL provided by openssl"
+ myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
+ fi
+ if use rustls; then
+ multilib_is_native_abi && einfo "SSL provided by rustls"
+ myconf+=( --with-rustls )
+ fi
+ if use curl_ssl_gnutls; then
+ multilib_is_native_abi && einfo "Default SSL provided by gnutls"
+ myconf+=( --with-default-ssl-backend=gnutls )
+ elif use curl_ssl_mbedtls; then
+ multilib_is_native_abi && einfo "Default SSL provided by mbedtls"
+ myconf+=( --with-default-ssl-backend=mbedtls )
+ elif use curl_ssl_openssl; then
+ multilib_is_native_abi && einfo "Default SSL provided by openssl"
+ myconf+=( --with-default-ssl-backend=openssl )
+ elif use curl_ssl_rustls; then
+ multilib_is_native_abi && einfo "Default SSL provided by rustls"
+ myconf+=( --with-default-ssl-backend=rustls )
+ else
+ eerror "We can't be here because of REQUIRED_USE."
+ die "Please file a bug, hit impossible condition w/ USE=ssl handling."
+ fi
+
+ else
+ myconf+=( --without-ssl )
+ einfo "SSL disabled"
+ fi
+
+ # These configuration options are organized alphabetically
+ # within each category. This should make it easier if we
+ # ever decide to make any of them contingent on USE flags:
+ # 1) protocols first. To see them all do
+ # 'grep SUPPORT_PROTOCOLS configure.ac'
+ # 2) --enable/disable options second.
+ # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
+ # 3) --with/without options third.
+ # grep -- --with configure | grep Check | awk '{ print $4 }' | sort
+
+ myconf+=(
+ $(use_enable alt-svc)
+ --enable-basic-auth
+ --enable-bearer-auth
+ --enable-digest-auth
+ --enable-kerberos-auth
+ --enable-negotiate-auth
+ --enable-aws
+ --enable-dict
+ --disable-ech
+ --enable-file
+ $(use_enable ftp)
+ $(use_enable gopher)
+ $(use_enable hsts)
+ --enable-http
+ $(use_enable imap)
+ $(use_enable ldap)
+ $(use_enable ldap ldaps)
+ --enable-ntlm
+ $(use_enable pop3)
+ --enable-rt
+ --enable-rtsp
+ $(use_enable samba smb)
+ $(use_with ssh libssh2)
+ $(use_enable smtp)
+ $(use_enable telnet)
+ $(use_enable tftp)
+ --enable-tls-srp
+ $(use_enable adns ares)
+ --enable-cookies
+ --enable-dateparse
+ --enable-dnsshuffle
+ --enable-doh
+ --enable-symbol-hiding
+ --enable-http-auth
+ --enable-ipv6
+ --enable-largefile
+ --enable-manual
+ --enable-mime
+ --enable-netrc
+ $(use_enable progress-meter)
+ --enable-proxy
+ --enable-socketpair
+ --disable-sspi
+ $(use_enable static-libs static)
+ --enable-pthreads
+ --enable-threaded-resolver
+ --disable-versioned-symbols
+ --without-amissl
+ --without-bearssl
+ $(use_with brotli)
+ --with-fish-functions-dir="${EPREFIX}"/usr/share/fish/vendor_completions.d
+ $(use_with http2 nghttp2)
+ --without-hyper
+ $(use_with idn libidn2)
+ $(use_with kerberos gssapi "${EPREFIX}"/usr)
+ --without-libgsasl
+ $(use_with psl libpsl)
+ --without-msh3
+ $(use_with http3 nghttp3)
+ $(use_with curl_quic_ngtcp2 ngtcp2)
+ $(use_with curl_quic_openssl openssl-quic)
+ --without-quiche
+ $(use_with rtmp librtmp)
+ --without-schannel
+ --without-secure-transport
+ --without-test-caddy
+ --without-test-httpd
+ --without-test-nghttpx
+ $(use_enable websockets)
+ --without-winidn
+ --without-wolfssl
+ --with-zlib
+ $(use_with zstd)
+ --with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions
+ )
+
+ if use debug; then
+ myconf+=(
+ --enable-debug
+ )
+ fi
+
+ if use test && multilib_is_native_abi && ( use http2 || use http3 ); then
+ myconf+=(
+ --with-test-nghttpx="${BROOT}/usr/bin/nghttpx"
+ )
+ fi
+
+ if [[ ${CHOST} == *mingw* ]] ; then
+ myconf+=(
+ --disable-pthreads
+ )
+ fi
+
+ ECONF_SOURCE="${S}" econf "${myconf[@]}"
+
+ if ! multilib_is_native_abi; then
+ # Avoid building the client (we just want libcurl for multilib)
+ sed -i -e '/SUBDIRS/s:src::' Makefile || die
+ sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
+ fi
+
+}
+
+multilib_src_compile() {
+ default
+
+ if multilib_is_native_abi; then
+ # Shell completions
+ ! tc-is-cross-compiler && emake -C scripts
+ fi
+}
+
+# There is also a pytest harness that tests for bugs in some very specific
+# situations; we can rely on upstream for this rather than adding additional test deps.
+multilib_src_test() {
+ # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
+ # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
+ # -v: verbose
+ # -a: keep going on failure (so we see everything that breaks, not just 1st test)
+ # -k: keep test files after completion
+ # -am: automake style TAP output
+ # -p: print logs if test fails
+ # Note: if needed, we can skip specific tests. See e.g. Fedora's packaging
+ # or just read https://github.com/curl/curl/tree/master/tests#run.
+ # Note: we don't run the testsuite for cross-compilation.
+ # Upstream recommend 7*nproc as a starting point for parallel tests, but
+ # this ends up breaking when nproc is huge (like -j80).
+ # The network sandbox causes tests 241 and 1083 to fail; these are typically skipped
+ # as most gentoo users don't have an 'ip6-localhost'
+ multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p -j$((2*$(makeopts_jobs))) !241 !1083"
+}
+
+multilib_src_install() {
+ emake DESTDIR="${D}" install
+
+ if multilib_is_native_abi; then
+ # Shell completions
+ ! tc-is-cross-compiler && emake -C scripts DESTDIR="${D}" install
+ fi
+}
+
+multilib_src_install_all() {
+ einstalldocs
+ find "${ED}" -type f -name '*.la' -delete || die
+ rm -rf "${ED}"/etc/ || die
+}
+
+pkg_postinst() {
+ if use debug; then
+ ewarn "USE=debug has been selected, enabling debug codepaths and making cURL extra verbose."
+ ewarn "Use this _only_ for testing. Debug builds should _not_ be used in anger."
+ ewarn "hic sunt dracones; you have been warned."
+ fi
+}
diff --git a/net-misc/curl/curl-8.9.1-r1.ebuild b/net-misc/curl/curl-8.9.1-r1.ebuild
new file mode 100644
index 0000000..8f952f6
--- /dev/null
+++ b/net-misc/curl/curl-8.9.1-r1.ebuild
@@ -0,0 +1,382 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Maintainers should subscribe to the 'curl-distros' ML for backports etc
+# https://daniel.haxx.se/blog/2024/03/25/curl-distro-report/
+# https://lists.haxx.se/listinfo/curl-distros
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/danielstenberg.asc
+inherit autotools multilib-minimal multiprocessing prefix toolchain-funcs verify-sig
+
+DESCRIPTION="A Client that groks URLs"
+HOMEPAGE="https://curl.se/"
+
+if [[ ${PV} == 9999 ]]; then
+ inherit git-r3
+ EGIT_REPO_URI="https://github.com/curl/curl.git"
+else
+ SRC_URI="
+ https://curl.se/download/${P}.tar.xz
+ verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )
+ "
+ KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+fi
+
+LICENSE="BSD curl ISC test? ( BSD-4 )"
+SLOT="0"
+IUSE="+adns +alt-svc brotli debug +ftp gnutls gopher +hsts +http2 +http3 idn +imap kerberos ldap mbedtls +openssl +pop3"
+IUSE+=" +psl +progress-meter +quic rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd"
+# These select the default tls implementation / which quic impl to use
+IUSE+=" +curl_quic_openssl curl_quic_ngtcp2 curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls"
+RESTRICT="!test? ( test )"
+
+# Only one default ssl / quic provider can be enabled
+# The default provider needs its USE satisfied
+# HTTP/3 and MultiSSL are mutually exclusive; it's not clear if MultiSSL offers any benefit at all in the modern day.
+# https://github.com/curl/curl/commit/65ece771f4602107d9cdd339dff4b420280a2c2e
+REQUIRED_USE="
+ quic? (
+ ^^ (
+ curl_quic_openssl
+ curl_quic_ngtcp2
+ )
+ http3
+ ssl
+ )
+ ssl? (
+ ^^ (
+ curl_ssl_gnutls
+ curl_ssl_mbedtls
+ curl_ssl_openssl
+ curl_ssl_rustls
+ )
+ )
+ curl_quic_openssl? (
+ curl_ssl_openssl
+ quic
+ !gnutls
+ !mbedtls
+ !rustls
+ )
+ curl_quic_ngtcp2? (
+ quic
+ !mbedtls
+ !rustls
+ )
+ curl_ssl_gnutls? ( gnutls )
+ curl_ssl_mbedtls? ( mbedtls )
+ curl_ssl_openssl? ( openssl )
+ curl_ssl_rustls? ( rustls )
+ http3? ( alt-svc quic )
+"
+
+# cURL's docs and CI/CD are great resources for confirming supported versions
+# particulary for fast-moving targets like HTTP/2 and TCP/2 e.g.:
+# - https://github.com/curl/curl/blob/master/docs/INTERNALS.md (core dependencies + minimum versions)
+# - https://github.com/curl/curl/blob/master/docs/HTTP3.md (example of a feature that moves quickly)
+# - https://github.com/curl/curl/blob/master/.github/workflows/quiche-linux.yml (CI/CD for TCP/2)
+# However 'supported' vs 'works' are two entirely different things; be sane but
+# don't be afraid to require a later version.
+# ngtcp2 = https://bugs.gentoo.org/912029 - can only build with one tls backend at a time.
+RDEPEND="
+ >=sys-libs/zlib-1.1.4[${MULTILIB_USEDEP}]
+ adns? ( >=net-dns/c-ares-1.16.0:=[${MULTILIB_USEDEP}] )
+ brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
+ http2? ( >=net-libs/nghttp2-1.15.0:=[${MULTILIB_USEDEP}] )
+ http3? ( >=net-libs/nghttp3-1.1.0[${MULTILIB_USEDEP}] )
+ idn? ( >=net-dns/libidn2-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
+ kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
+ ldap? ( >=net-nds/openldap-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
+ psl? ( net-libs/libpsl[${MULTILIB_USEDEP}] )
+ quic? (
+ curl_quic_openssl? ( >=dev-libs/openssl-3.3.0:=[quic,${MULTILIB_USEDEP}] )
+ curl_quic_ngtcp2? ( >=net-libs/ngtcp2-1.2.0[ssl,${MULTILIB_USEDEP}] )
+ )
+ rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
+ ssh? ( >=net-libs/libssh2-1.0.0[${MULTILIB_USEDEP}] )
+ ssl? (
+ gnutls? (
+ app-misc/ca-certificates
+ >=net-libs/gnutls-3.1.10:=[static-libs?,${MULTILIB_USEDEP}]
+ dev-libs/nettle:=[${MULTILIB_USEDEP}]
+ )
+ mbedtls? (
+ app-misc/ca-certificates
+ net-libs/mbedtls:=[${MULTILIB_USEDEP}]
+ )
+ openssl? (
+ >=dev-libs/openssl-0.9.7:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
+ )
+ rustls? (
+ >=net-libs/rustls-ffi-0.13.0:=[${MULTILIB_USEDEP}]
+ )
+ )
+ zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )
+"
+
+DEPEND="${RDEPEND}"
+
+BDEPEND="
+ dev-lang/perl
+ virtual/pkgconfig
+ test? (
+ sys-apps/diffutils
+ http2? ( >=net-libs/nghttp2-1.15.0:=[utils,${MULTILIB_USEDEP}] )
+ http3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] )
+ )
+ verify-sig? ( sec-keys/openpgp-keys-danielstenberg )
+"
+
+DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
+
+MULTILIB_WRAPPED_HEADERS=(
+ /usr/include/curl/curlbuild.h
+)
+
+MULTILIB_CHOST_TOOLS=(
+ /usr/bin/curl-config
+)
+
+QA_CONFIG_IMPL_DECL_SKIP=(
+ __builtin_available
+ closesocket
+ CloseSocket
+ getpass_r
+ ioctlsocket
+ IoctlSocket
+ mach_absolute_time
+ setmode
+ _fseeki64
+ # custom AC_LINK_IFELSE code fails to link even without -Werror
+ OSSL_QUIC_client_method
+)
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-prefix-2.patch
+ "${FILESDIR}"/${PN}-respect-cflags-3.patch
+ "${FILESDIR}"/${PN}-8.9.1-sigpipe.patch
+)
+
+src_prepare() {
+ default
+
+ eprefixify curl-config.in
+ eautoreconf
+}
+
+multilib_src_configure() {
+ # We make use of the fact that later flags override earlier ones
+ # So start with all ssl providers off until proven otherwise
+ # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
+ local myconf=()
+
+ myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
+ if use ssl; then
+ myconf+=( --without-gnutls --without-mbedtls --without-rustls )
+
+ if use gnutls; then
+ multilib_is_native_abi && einfo "SSL provided by gnutls"
+ myconf+=( --with-gnutls )
+ fi
+ if use mbedtls; then
+ multilib_is_native_abi && einfo "SSL provided by mbedtls"
+ myconf+=( --with-mbedtls )
+ fi
+ if use openssl; then
+ multilib_is_native_abi && einfo "SSL provided by openssl"
+ myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
+ fi
+ if use rustls; then
+ multilib_is_native_abi && einfo "SSL provided by rustls"
+ myconf+=( --with-rustls )
+ fi
+ if use curl_ssl_gnutls; then
+ multilib_is_native_abi && einfo "Default SSL provided by gnutls"
+ myconf+=( --with-default-ssl-backend=gnutls )
+ elif use curl_ssl_mbedtls; then
+ multilib_is_native_abi && einfo "Default SSL provided by mbedtls"
+ myconf+=( --with-default-ssl-backend=mbedtls )
+ elif use curl_ssl_openssl; then
+ multilib_is_native_abi && einfo "Default SSL provided by openssl"
+ myconf+=( --with-default-ssl-backend=openssl )
+ elif use curl_ssl_rustls; then
+ multilib_is_native_abi && einfo "Default SSL provided by rustls"
+ myconf+=( --with-default-ssl-backend=rustls )
+ else
+ eerror "We can't be here because of REQUIRED_USE."
+ die "Please file a bug, hit impossible condition w/ USE=ssl handling."
+ fi
+
+ else
+ myconf+=( --without-ssl )
+ einfo "SSL disabled"
+ fi
+
+ # These configuration options are organized alphabetically
+ # within each category. This should make it easier if we
+ # ever decide to make any of them contingent on USE flags:
+ # 1) protocols first. To see them all do
+ # 'grep SUPPORT_PROTOCOLS configure.ac'
+ # 2) --enable/disable options second.
+ # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
+ # 3) --with/without options third.
+ # grep -- --with configure | grep Check | awk '{ print $4 }' | sort
+
+ myconf+=(
+ $(use_enable alt-svc)
+ --enable-basic-auth
+ --enable-bearer-auth
+ --enable-digest-auth
+ --enable-kerberos-auth
+ --enable-negotiate-auth
+ --enable-aws
+ --enable-dict
+ --disable-ech
+ --enable-file
+ $(use_enable ftp)
+ $(use_enable gopher)
+ $(use_enable hsts)
+ --enable-http
+ $(use_enable imap)
+ $(use_enable ldap)
+ $(use_enable ldap ldaps)
+ --enable-ntlm
+ $(use_enable pop3)
+ --enable-rt
+ --enable-rtsp
+ $(use_enable samba smb)
+ $(use_with ssh libssh2)
+ $(use_enable smtp)
+ $(use_enable telnet)
+ $(use_enable tftp)
+ --enable-tls-srp
+ $(use_enable adns ares)
+ --enable-cookies
+ --enable-dateparse
+ --enable-dnsshuffle
+ --enable-doh
+ --enable-symbol-hiding
+ --enable-http-auth
+ --enable-ipv6
+ --enable-largefile
+ --enable-manual
+ --enable-mime
+ --enable-netrc
+ $(use_enable progress-meter)
+ --enable-proxy
+ --enable-socketpair
+ --disable-sspi
+ $(use_enable static-libs static)
+ --enable-pthreads
+ --enable-threaded-resolver
+ --disable-versioned-symbols
+ --without-amissl
+ --without-bearssl
+ $(use_with brotli)
+ --with-fish-functions-dir="${EPREFIX}"/usr/share/fish/vendor_completions.d
+ $(use_with http2 nghttp2)
+ --without-hyper
+ $(use_with idn libidn2)
+ $(use_with kerberos gssapi "${EPREFIX}"/usr)
+ --without-libgsasl
+ $(use_with psl libpsl)
+ --without-msh3
+ $(use_with http3 nghttp3)
+ $(use_with curl_quic_ngtcp2 ngtcp2)
+ $(use_with curl_quic_openssl openssl-quic)
+ --without-quiche
+ $(use_with rtmp librtmp)
+ --without-schannel
+ --without-secure-transport
+ --without-test-caddy
+ --without-test-httpd
+ --without-test-nghttpx
+ $(use_enable websockets)
+ --without-winidn
+ --without-wolfssl
+ --with-zlib
+ $(use_with zstd)
+ --with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions
+ )
+
+ if use debug; then
+ myconf+=(
+ --enable-debug
+ )
+ fi
+
+ if use test && multilib_is_native_abi && ( use http2 || use http3 ); then
+ myconf+=(
+ --with-test-nghttpx="${BROOT}/usr/bin/nghttpx"
+ )
+ fi
+
+ if [[ ${CHOST} == *mingw* ]] ; then
+ myconf+=(
+ --disable-pthreads
+ )
+ fi
+
+ ECONF_SOURCE="${S}" econf "${myconf[@]}"
+
+ if ! multilib_is_native_abi; then
+ # Avoid building the client (we just want libcurl for multilib)
+ sed -i -e '/SUBDIRS/s:src::' Makefile || die
+ sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
+ fi
+
+}
+
+multilib_src_compile() {
+ default
+
+ if multilib_is_native_abi; then
+ # Shell completions
+ ! tc-is-cross-compiler && emake -C scripts
+ fi
+}
+
+# There is also a pytest harness that tests for bugs in some very specific
+# situations; we can rely on upstream for this rather than adding additional test deps.
+multilib_src_test() {
+ # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
+ # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
+ # -v: verbose
+ # -a: keep going on failure (so we see everything which breaks, not just 1st test)
+ # -k: keep test files after completion
+ # -am: automake style TAP output
+ # -p: print logs if test fails
+ # Note: if needed, we can skip specific tests. See e.g. Fedora's packaging
+ # or just read https://github.com/curl/curl/tree/master/tests#run.
+ # Note: we don't run the testsuite for cross-compilation.
+ # Upstream recommend 7*nproc as a starting point for parallel tests, but
+ # this ends up breaking when nproc is huge (like -j80).
+ # The network sandbox causes tests 241 and 1083 to fail; these are typically skipped
+ # as most gentoo users don't have an 'ip6-localhost'
+ multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p -j$((2*$(makeopts_jobs))) !241 !1083"
+}
+
+multilib_src_install() {
+ emake DESTDIR="${D}" install
+
+ if multilib_is_native_abi; then
+ # Shell completions
+ ! tc-is-cross-compiler && emake -C scripts DESTDIR="${D}" install
+ fi
+}
+
+multilib_src_install_all() {
+ einstalldocs
+ find "${ED}" -type f -name '*.la' -delete || die
+ rm -rf "${ED}"/etc/ || die
+}
+
+pkg_postinst() {
+ if use debug; then
+ ewarn "USE=debug has been selected, enabling debug codepaths and making cURL extra verbose."
+ ewarn "Use this _only_ for testing. Debug builds should _not_ be used in anger."
+ ewarn "hic sunt dracones; you have been warned."
+ fi
+}
diff --git a/net-misc/curl/files/curl-8.7.1-chunked-post.patch b/net-misc/curl/files/curl-8.7.1-chunked-post.patch
new file mode 100644
index 0000000..9d1fef7
--- /dev/null
+++ b/net-misc/curl/files/curl-8.7.1-chunked-post.patch
@@ -0,0 +1,57 @@
+https://github.com/curl/curl/commit/721941aadf4adf4f6aeb3f4c0ab489bb89610c36
+From: Stefan Eissing <stefan@eissing.org>
+Date: Mon, 1 Apr 2024 15:41:18 +0200
+Subject: [PATCH] http: with chunked POST forced, disable length check on read
+ callback
+
+- when an application forces HTTP/1.1 chunked transfer encoding
+ by setting the corresponding header and instructs curl to use
+ the CURLOPT_READFUNCTION, disregard any POST length information.
+- this establishes backward compatibility with previous curl versions
+
+Applications are encouraged to not force "chunked", but rather
+set length information for a POST. By setting -1, curl will
+auto-select chunked on HTTP/1.1 and work properly on other HTTP
+versions.
+
+Reported-by: Jeff King
+Fixes #13229
+Closes #13257
+--- a/lib/http.c
++++ b/lib/http.c
+@@ -2046,8 +2046,19 @@ static CURLcode set_reader(struct Curl_easy *data, Curl_HttpReq httpreq)
+ else
+ result = Curl_creader_set_null(data);
+ }
+- else { /* we read the bytes from the callback */
+- result = Curl_creader_set_fread(data, postsize);
++ else {
++ /* we read the bytes from the callback. In case "chunked" encoding
++ * is forced by the application, we disregard `postsize`. This is
++ * a backward compatibility decision to earlier versions where
++ * chunking disregarded this. See issue #13229. */
++ bool chunked = FALSE;
++ char *ptr = Curl_checkheaders(data, STRCONST("Transfer-Encoding"));
++ if(ptr) {
++ /* Some kind of TE is requested, check if 'chunked' is chosen */
++ chunked = Curl_compareheader(ptr, STRCONST("Transfer-Encoding:"),
++ STRCONST("chunked"));
++ }
++ result = Curl_creader_set_fread(data, chunked? -1 : postsize);
+ }
+ return result;
+
+@@ -2115,6 +2126,13 @@ CURLcode Curl_http_req_set_reader(struct Curl_easy *data,
+ data->req.upload_chunky =
+ Curl_compareheader(ptr,
+ STRCONST("Transfer-Encoding:"), STRCONST("chunked"));
++ if(data->req.upload_chunky &&
++ Curl_use_http_1_1plus(data, data->conn) &&
++ (data->conn->httpversion >= 20)) {
++ infof(data, "suppressing chunked transfer encoding on connection "
++ "using HTTP version 2 or higher");
++ data->req.upload_chunky = FALSE;
++ }
+ }
+ else {
+ curl_off_t req_clen = Curl_creader_total_length(data);
diff --git a/net-misc/curl/files/curl-8.7.1-fix-compress-option.patch b/net-misc/curl/files/curl-8.7.1-fix-compress-option.patch
new file mode 100644
index 0000000..a06a537
--- /dev/null
+++ b/net-misc/curl/files/curl-8.7.1-fix-compress-option.patch
@@ -0,0 +1,153 @@
+https://github.com/curl/curl/commit/b30d694a027eb771c02a3db0dee0ca03ccab7377
+From: Stefan Eissing <stefan@eissing.org>
+Date: Thu, 28 Mar 2024 11:08:15 +0100
+Subject: [PATCH] content_encoding: brotli and others, pass through 0-length
+ writes
+
+- curl's transfer handling may write 0-length chunks at the end of the
+ download with an EOS flag. (HTTP/2 does this commonly)
+
+- content encoders need to pass-through such a write and not count this
+ as error in case they are finished decoding
+
+Fixes #13209
+Fixes #13212
+Closes #13219
+--- a/lib/content_encoding.c
++++ b/lib/content_encoding.c
+@@ -300,7 +300,7 @@ static CURLcode deflate_do_write(struct Curl_easy *data,
+ struct zlib_writer *zp = (struct zlib_writer *) writer;
+ z_stream *z = &zp->z; /* zlib state structure */
+
+- if(!(type & CLIENTWRITE_BODY))
++ if(!(type & CLIENTWRITE_BODY) || !nbytes)
+ return Curl_cwriter_write(data, writer->next, type, buf, nbytes);
+
+ /* Set the compressed input when this function is called */
+@@ -457,7 +457,7 @@ static CURLcode gzip_do_write(struct Curl_easy *data,
+ struct zlib_writer *zp = (struct zlib_writer *) writer;
+ z_stream *z = &zp->z; /* zlib state structure */
+
+- if(!(type & CLIENTWRITE_BODY))
++ if(!(type & CLIENTWRITE_BODY) || !nbytes)
+ return Curl_cwriter_write(data, writer->next, type, buf, nbytes);
+
+ if(zp->zlib_init == ZLIB_INIT_GZIP) {
+@@ -669,7 +669,7 @@ static CURLcode brotli_do_write(struct Curl_easy *data,
+ CURLcode result = CURLE_OK;
+ BrotliDecoderResult r = BROTLI_DECODER_RESULT_NEEDS_MORE_OUTPUT;
+
+- if(!(type & CLIENTWRITE_BODY))
++ if(!(type & CLIENTWRITE_BODY) || !nbytes)
+ return Curl_cwriter_write(data, writer->next, type, buf, nbytes);
+
+ if(!bp->br)
+@@ -762,7 +762,7 @@ static CURLcode zstd_do_write(struct Curl_easy *data,
+ ZSTD_outBuffer out;
+ size_t errorCode;
+
+- if(!(type & CLIENTWRITE_BODY))
++ if(!(type & CLIENTWRITE_BODY) || !nbytes)
+ return Curl_cwriter_write(data, writer->next, type, buf, nbytes);
+
+ if(!zp->decomp) {
+@@ -916,7 +916,7 @@ static CURLcode error_do_write(struct Curl_easy *data,
+ (void) buf;
+ (void) nbytes;
+
+- if(!(type & CLIENTWRITE_BODY))
++ if(!(type & CLIENTWRITE_BODY) || !nbytes)
+ return Curl_cwriter_write(data, writer->next, type, buf, nbytes);
+
+ failf(data, "Unrecognized content encoding type. "
+--- a/tests/http/test_02_download.py
++++ b/tests/http/test_02_download.py
+@@ -394,6 +394,19 @@ def test_02_27_paused_no_cl(self, env: Env, httpd, nghttpx, repeat):
+ r = client.run(args=[url])
+ r.check_exit_code(0)
+
++ @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])
++ def test_02_28_get_compressed(self, env: Env, httpd, nghttpx, repeat, proto):
++ if proto == 'h3' and not env.have_h3():
++ pytest.skip("h3 not supported")
++ count = 1
++ urln = f'https://{env.authority_for(env.domain1brotli, proto)}/data-100k?[0-{count-1}]'
++ curl = CurlClient(env=env)
++ r = curl.http_download(urls=[urln], alpn_proto=proto, extra_args=[
++ '--compressed'
++ ])
++ r.check_exit_code(code=0)
++ r.check_response(count=count, http_status=200)
++
+ def check_downloads(self, client, srcfile: str, count: int,
+ complete: bool = True):
+ for i in range(count):
+--- a/tests/http/testenv/env.py
++++ b/tests/http/testenv/env.py
+@@ -129,10 +129,11 @@ def __init__(self):
+ self.htdocs_dir = os.path.join(self.gen_dir, 'htdocs')
+ self.tld = 'http.curl.se'
+ self.domain1 = f"one.{self.tld}"
++ self.domain1brotli = f"brotli.one.{self.tld}"
+ self.domain2 = f"two.{self.tld}"
+ self.proxy_domain = f"proxy.{self.tld}"
+ self.cert_specs = [
+- CertificateSpec(domains=[self.domain1, 'localhost'], key_type='rsa2048'),
++ CertificateSpec(domains=[self.domain1, self.domain1brotli, 'localhost'], key_type='rsa2048'),
+ CertificateSpec(domains=[self.domain2], key_type='rsa2048'),
+ CertificateSpec(domains=[self.proxy_domain, '127.0.0.1'], key_type='rsa2048'),
+ CertificateSpec(name="clientsX", sub_specs=[
+@@ -376,6 +377,10 @@ def htdocs_dir(self) -> str:
+ def domain1(self) -> str:
+ return self.CONFIG.domain1
+
++ @property
++ def domain1brotli(self) -> str:
++ return self.CONFIG.domain1brotli
++
+ @property
+ def domain2(self) -> str:
+ return self.CONFIG.domain2
+--- a/tests/http/testenv/httpd.py
++++ b/tests/http/testenv/httpd.py
+@@ -50,6 +50,7 @@ class Httpd:
+ 'alias', 'env', 'filter', 'headers', 'mime', 'setenvif',
+ 'socache_shmcb',
+ 'rewrite', 'http2', 'ssl', 'proxy', 'proxy_http', 'proxy_connect',
++ 'brotli',
+ 'mpm_event',
+ ]
+ COMMON_MODULES_DIRS = [
+@@ -203,6 +204,7 @@ def _mkpath(self, path):
+
+ def _write_config(self):
+ domain1 = self.env.domain1
++ domain1brotli = self.env.domain1brotli
+ creds1 = self.env.get_credentials(domain1)
+ domain2 = self.env.domain2
+ creds2 = self.env.get_credentials(domain2)
+@@ -285,6 +287,24 @@ def _write_config(self):
+ f'</VirtualHost>',
+ f'',
+ ])
++ # Alternate to domain1 with BROTLI compression
++ conf.extend([ # https host for domain1, h1 + h2
++ f'<VirtualHost *:{self.env.https_port}>',
++ f' ServerName {domain1brotli}',
++ f' Protocols h2 http/1.1',
++ f' SSLEngine on',
++ f' SSLCertificateFile {creds1.cert_file}',
++ f' SSLCertificateKeyFile {creds1.pkey_file}',
++ f' DocumentRoot "{self._docs_dir}"',
++ f' SetOutputFilter BROTLI_COMPRESS',
++ ])
++ conf.extend(self._curltest_conf(domain1))
++ if domain1 in self._extra_configs:
++ conf.extend(self._extra_configs[domain1])
++ conf.extend([
++ f'</VirtualHost>',
++ f'',
++ ])
+ conf.extend([ # https host for domain2, no h2
+ f'<VirtualHost *:{self.env.https_port}>',
+ f' ServerName {domain2}',
diff --git a/net-misc/curl/files/curl-8.7.1-http2-git-clone.patch b/net-misc/curl/files/curl-8.7.1-http2-git-clone.patch
new file mode 100644
index 0000000..b07a3b0
--- /dev/null
+++ b/net-misc/curl/files/curl-8.7.1-http2-git-clone.patch
@@ -0,0 +1,342 @@
+https://bugs.gentoo.org/930633
+https://github.com/curl/curl/issues/13474
+--- a/lib/http2.c
++++ b/lib/http2.c
+@@ -187,6 +187,7 @@ struct h2_stream_ctx {
+
+ int status_code; /* HTTP response status code */
+ uint32_t error; /* stream error code */
++ CURLcode xfer_result; /* Result of writing out response */
+ uint32_t local_window_size; /* the local recv window size */
+ int32_t id; /* HTTP/2 protocol identifier for stream */
+ BIT(resp_hds_complete); /* we have a complete, final response */
+@@ -945,12 +946,39 @@ fail:
+ return rv;
+ }
+
+-static CURLcode recvbuf_write_hds(struct Curl_cfilter *cf,
++static void h2_xfer_write_resp_hd(struct Curl_cfilter *cf,
+ struct Curl_easy *data,
+- const char *buf, size_t blen)
++ struct h2_stream_ctx *stream,
++ const char *buf, size_t blen, bool eos)
+ {
+- (void)cf;
+- return Curl_xfer_write_resp(data, (char *)buf, blen, FALSE);
++
++ /* If we already encountered an error, skip further writes */
++ if(!stream->xfer_result) {
++ stream->xfer_result = Curl_xfer_write_resp(data, (char *)buf, blen, eos);
++ if(stream->xfer_result)
++ CURL_TRC_CF(data, cf, "[%d] error %d writing %zu bytes of headers",
++ stream->id, stream->xfer_result, blen);
++ }
++}
++
++static void h2_xfer_write_resp(struct Curl_cfilter *cf,
++ struct Curl_easy *data,
++ struct h2_stream_ctx *stream,
++ const char *buf, size_t blen, bool eos)
++{
++
++ /* If we already encountered an error, skip further writes */
++ if(!stream->xfer_result)
++ stream->xfer_result = Curl_xfer_write_resp(data, (char *)buf, blen, eos);
++ /* If the transfer write is errored, we do not want any more data */
++ if(stream->xfer_result) {
++ struct cf_h2_ctx *ctx = cf->ctx;
++ CURL_TRC_CF(data, cf, "[%d] error %d writing %zu bytes of data, "
++ "RST-ing stream",
++ stream->id, stream->xfer_result, blen);
++ nghttp2_submit_rst_stream(ctx->h2, 0, stream->id,
++ NGHTTP2_ERR_CALLBACK_FAILURE);
++ }
+ }
+
+ static CURLcode on_stream_frame(struct Curl_cfilter *cf,
+@@ -960,7 +988,6 @@ static CURLcode on_stream_frame(struct Curl_cfilter *cf,
+ struct cf_h2_ctx *ctx = cf->ctx;
+ struct h2_stream_ctx *stream = H2_STREAM_CTX(data);
+ int32_t stream_id = frame->hd.stream_id;
+- CURLcode result;
+ int rv;
+
+ if(!stream) {
+@@ -1008,9 +1035,7 @@ static CURLcode on_stream_frame(struct Curl_cfilter *cf,
+ stream->status_code = -1;
+ }
+
+- result = recvbuf_write_hds(cf, data, STRCONST("\r\n"));
+- if(result)
+- return result;
++ h2_xfer_write_resp_hd(cf, data, stream, STRCONST("\r\n"), stream->closed);
+
+ if(stream->status_code / 100 != 1) {
+ stream->resp_hds_complete = TRUE;
+@@ -1229,7 +1254,6 @@ static int on_data_chunk_recv(nghttp2_session *session, uint8_t flags,
+ struct cf_h2_ctx *ctx = cf->ctx;
+ struct h2_stream_ctx *stream;
+ struct Curl_easy *data_s;
+- CURLcode result;
+ (void)flags;
+
+ DEBUGASSERT(stream_id); /* should never be a zero stream ID here */
+@@ -1252,9 +1276,7 @@ static int on_data_chunk_recv(nghttp2_session *session, uint8_t flags,
+ if(!stream)
+ return NGHTTP2_ERR_CALLBACK_FAILURE;
+
+- result = Curl_xfer_write_resp(data_s, (char *)mem, len, FALSE);
+- if(result && result != CURLE_AGAIN)
+- return NGHTTP2_ERR_CALLBACK_FAILURE;
++ h2_xfer_write_resp(cf, data_s, stream, (char *)mem, len, FALSE);
+
+ nghttp2_session_consume(ctx->h2, stream_id, len);
+ stream->nrcvd_data += (curl_off_t)len;
+@@ -1465,16 +1487,12 @@ static int on_header(nghttp2_session *session, const nghttp2_frame *frame,
+ result = Curl_headers_push(data_s, buffer, CURLH_PSEUDO);
+ if(result)
+ return NGHTTP2_ERR_CALLBACK_FAILURE;
+- result = recvbuf_write_hds(cf, data_s, STRCONST("HTTP/2 "));
+- if(result)
+- return NGHTTP2_ERR_CALLBACK_FAILURE;
+- result = recvbuf_write_hds(cf, data_s, (const char *)value, valuelen);
+- if(result)
+- return NGHTTP2_ERR_CALLBACK_FAILURE;
++ h2_xfer_write_resp_hd(cf, data_s, stream, STRCONST("HTTP/2 "), FALSE);
++ h2_xfer_write_resp_hd(cf, data_s, stream,
++ (const char *)value, valuelen, FALSE);
+ /* the space character after the status code is mandatory */
+- result = recvbuf_write_hds(cf, data_s, STRCONST(" \r\n"));
+- if(result)
+- return NGHTTP2_ERR_CALLBACK_FAILURE;
++ h2_xfer_write_resp_hd(cf, data_s, stream, STRCONST(" \r\n"), FALSE);
++
+ /* if we receive data for another handle, wake that up */
+ if(CF_DATA_CURRENT(cf) != data_s)
+ Curl_expire(data_s, 0, EXPIRE_RUN_NOW);
+@@ -1487,18 +1505,13 @@ static int on_header(nghttp2_session *session, const nghttp2_frame *frame,
+ /* nghttp2 guarantees that namelen > 0, and :status was already
+ received, and this is not pseudo-header field . */
+ /* convert to an HTTP1-style header */
+- result = recvbuf_write_hds(cf, data_s, (const char *)name, namelen);
+- if(result)
+- return NGHTTP2_ERR_CALLBACK_FAILURE;
+- result = recvbuf_write_hds(cf, data_s, STRCONST(": "));
+- if(result)
+- return NGHTTP2_ERR_CALLBACK_FAILURE;
+- result = recvbuf_write_hds(cf, data_s, (const char *)value, valuelen);
+- if(result)
+- return NGHTTP2_ERR_CALLBACK_FAILURE;
+- result = recvbuf_write_hds(cf, data_s, STRCONST("\r\n"));
+- if(result)
+- return NGHTTP2_ERR_CALLBACK_FAILURE;
++ h2_xfer_write_resp_hd(cf, data_s, stream,
++ (const char *)name, namelen, FALSE);
++ h2_xfer_write_resp_hd(cf, data_s, stream, STRCONST(": "), FALSE);
++ h2_xfer_write_resp_hd(cf, data_s, stream,
++ (const char *)value, valuelen, FALSE);
++ h2_xfer_write_resp_hd(cf, data_s, stream, STRCONST("\r\n"), FALSE);
++
+ /* if we receive data for another handle, wake that up */
+ if(CF_DATA_CURRENT(cf) != data_s)
+ Curl_expire(data_s, 0, EXPIRE_RUN_NOW);
+@@ -1799,7 +1812,12 @@ static ssize_t stream_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
+
+ (void)buf;
+ *err = CURLE_AGAIN;
+- if(stream->closed) {
++ if(stream->xfer_result) {
++ CURL_TRC_CF(data, cf, "[%d] xfer write failed", stream->id);
++ *err = stream->xfer_result;
++ nread = -1;
++ }
++ else if(stream->closed) {
+ CURL_TRC_CF(data, cf, "[%d] returning CLOSE", stream->id);
+ nread = http2_handle_stream_close(cf, data, stream, err);
+ }
+--- a/lib/vquic/curl_ngtcp2.c
++++ b/lib/vquic/curl_ngtcp2.c
+@@ -152,6 +152,7 @@ struct h3_stream_ctx {
+ uint64_t error3; /* HTTP/3 stream error code */
+ curl_off_t upload_left; /* number of request bytes left to upload */
+ int status_code; /* HTTP status code */
++ CURLcode xfer_result; /* result from xfer_resp_write(_hd) */
+ bool resp_hds_complete; /* we have a complete, final response */
+ bool closed; /* TRUE on stream close */
+ bool reset; /* TRUE on stream reset */
+@@ -759,10 +760,39 @@ static int cb_h3_stream_close(nghttp3_conn *conn, int64_t stream_id,
+ return 0;
+ }
+
+-static CURLcode write_resp_hds(struct Curl_easy *data,
+- const char *buf, size_t blen)
++static void h3_xfer_write_resp_hd(struct Curl_cfilter *cf,
++ struct Curl_easy *data,
++ struct h3_stream_ctx *stream,
++ const char *buf, size_t blen, bool eos)
+ {
+- return Curl_xfer_write_resp(data, (char *)buf, blen, FALSE);
++
++ /* If we already encountered an error, skip further writes */
++ if(!stream->xfer_result) {
++ stream->xfer_result = Curl_xfer_write_resp(data, (char *)buf, blen, eos);
++ if(stream->xfer_result)
++ CURL_TRC_CF(data, cf, "[%"PRId64"] error %d writing %zu "
++ "bytes of headers", stream->id, stream->xfer_result, blen);
++ }
++}
++
++static void h3_xfer_write_resp(struct Curl_cfilter *cf,
++ struct Curl_easy *data,
++ struct h3_stream_ctx *stream,
++ const char *buf, size_t blen, bool eos)
++{
++
++ /* If we already encountered an error, skip further writes */
++ if(!stream->xfer_result)
++ stream->xfer_result = Curl_xfer_write_resp(data, (char *)buf, blen, eos);
++ /* If the transfer write is errored, we do not want any more data */
++ if(stream->xfer_result) {
++ struct cf_ngtcp2_ctx *ctx = cf->ctx;
++ CURL_TRC_CF(data, cf, "[%"PRId64"] error %d writing %zu bytes "
++ "of data, cancelling stream",
++ stream->id, stream->xfer_result, blen);
++ nghttp3_conn_close_stream(ctx->h3conn, stream->id,
++ NGHTTP3_H3_REQUEST_CANCELLED);
++ }
+ }
+
+ static int cb_h3_recv_data(nghttp3_conn *conn, int64_t stream3_id,
+@@ -773,7 +803,6 @@ static int cb_h3_recv_data(nghttp3_conn *conn, int64_t stream3_id,
+ struct cf_ngtcp2_ctx *ctx = cf->ctx;
+ struct Curl_easy *data = stream_user_data;
+ struct h3_stream_ctx *stream = H3_STREAM_CTX(data);
+- CURLcode result;
+
+ (void)conn;
+ (void)stream3_id;
+@@ -781,12 +810,7 @@ static int cb_h3_recv_data(nghttp3_conn *conn, int64_t stream3_id,
+ if(!stream)
+ return NGHTTP3_ERR_CALLBACK_FAILURE;
+
+- result = Curl_xfer_write_resp(data, (char *)buf, blen, FALSE);
+- if(result) {
+- CURL_TRC_CF(data, cf, "[%" PRId64 "] DATA len=%zu, ERROR receiving %d",
+- stream->id, blen, result);
+- return NGHTTP3_ERR_CALLBACK_FAILURE;
+- }
++ h3_xfer_write_resp(cf, data, stream, (char *)buf, blen, FALSE);
+ if(blen) {
+ CURL_TRC_CF(data, cf, "[%" PRId64 "] ACK %zu bytes of DATA",
+ stream->id, blen);
+@@ -819,7 +843,6 @@ static int cb_h3_end_headers(nghttp3_conn *conn, int64_t stream_id,
+ struct Curl_cfilter *cf = user_data;
+ struct Curl_easy *data = stream_user_data;
+ struct h3_stream_ctx *stream = H3_STREAM_CTX(data);
+- CURLcode result = CURLE_OK;
+ (void)conn;
+ (void)stream_id;
+ (void)fin;
+@@ -828,10 +851,7 @@ static int cb_h3_end_headers(nghttp3_conn *conn, int64_t stream_id,
+ if(!stream)
+ return 0;
+ /* add a CRLF only if we've received some headers */
+- result = write_resp_hds(data, "\r\n", 2);
+- if(result) {
+- return -1;
+- }
++ h3_xfer_write_resp_hd(cf, data, stream, STRCONST("\r\n"), stream->closed);
+
+ CURL_TRC_CF(data, cf, "[%" PRId64 "] end_headers, status=%d",
+ stream_id, stream->status_code);
+@@ -874,7 +894,7 @@ static int cb_h3_recv_header(nghttp3_conn *conn, int64_t stream_id,
+ ncopy = msnprintf(line, sizeof(line), "HTTP/3 %03d \r\n",
+ stream->status_code);
+ CURL_TRC_CF(data, cf, "[%" PRId64 "] status: %s", stream_id, line);
+- result = write_resp_hds(data, line, ncopy);
++ h3_xfer_write_resp_hd(cf, data, stream, line, ncopy, FALSE);
+ if(result) {
+ return -1;
+ }
+@@ -884,22 +904,12 @@ static int cb_h3_recv_header(nghttp3_conn *conn, int64_t stream_id,
+ CURL_TRC_CF(data, cf, "[%" PRId64 "] header: %.*s: %.*s",
+ stream_id, (int)h3name.len, h3name.base,
+ (int)h3val.len, h3val.base);
+- result = write_resp_hds(data, (const char *)h3name.base, h3name.len);
+- if(result) {
+- return -1;
+- }
+- result = write_resp_hds(data, ": ", 2);
+- if(result) {
+- return -1;
+- }
+- result = write_resp_hds(data, (const char *)h3val.base, h3val.len);
+- if(result) {
+- return -1;
+- }
+- result = write_resp_hds(data, "\r\n", 2);
+- if(result) {
+- return -1;
+- }
++ h3_xfer_write_resp_hd(cf, data, stream,
++ (const char *)h3name.base, h3name.len, FALSE);
++ h3_xfer_write_resp_hd(cf, data, stream, ": ", 2, FALSE);
++ h3_xfer_write_resp_hd(cf, data, stream, (
++ const char *)h3val.base, h3val.len, FALSE);
++ h3_xfer_write_resp_hd(cf, data, stream, "\r\n", 2, FALSE);
+ }
+ return 0;
+ }
+@@ -1083,7 +1093,13 @@ static ssize_t cf_ngtcp2_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
+ goto out;
+ }
+
+- if(stream->closed) {
++ if(stream->xfer_result) {
++ CURL_TRC_CF(data, cf, "[%" PRId64 "] xfer write failed", stream->id);
++ *err = stream->xfer_result;
++ nread = -1;
++ goto out;
++ }
++ else if(stream->closed) {
+ nread = recv_closed_stream(cf, data, stream, err);
+ goto out;
+ }
+--- a/tests/http/test_02_download.py
++++ b/tests/http/test_02_download.py
+@@ -257,6 +257,34 @@ class TestDownload:
+ ])
+ r.check_response(count=count, http_status=200)
+
++ @pytest.mark.parametrize("proto", ['h2', 'h3'])
++ def test_02_14_not_found(self, env: Env, httpd, nghttpx, repeat, proto):
++ if proto == 'h3' and not env.have_h3():
++ pytest.skip("h3 not supported")
++ if proto == 'h3' and env.curl_uses_lib('msh3'):
++ pytest.skip("msh3 stalls here")
++ count = 10
++ urln = f'https://{env.authority_for(env.domain1, proto)}/not-found?[0-{count-1}]'
++ curl = CurlClient(env=env)
++ r = curl.http_download(urls=[urln], alpn_proto=proto, extra_args=[
++ '--parallel'
++ ])
++ r.check_stats(count=count, http_status=404, exitcode=0)
++
++ @pytest.mark.parametrize("proto", ['h2', 'h3'])
++ def test_02_15_fail_not_found(self, env: Env, httpd, nghttpx, repeat, proto):
++ if proto == 'h3' and not env.have_h3():
++ pytest.skip("h3 not supported")
++ if proto == 'h3' and env.curl_uses_lib('msh3'):
++ pytest.skip("msh3 stalls here")
++ count = 10
++ urln = f'https://{env.authority_for(env.domain1, proto)}/not-found?[0-{count-1}]'
++ curl = CurlClient(env=env)
++ r = curl.http_download(urls=[urln], alpn_proto=proto, extra_args=[
++ '--fail'
++ ])
++ r.check_stats(count=count, http_status=404, exitcode=22)
++
+ @pytest.mark.skipif(condition=Env().slow_network, reason="not suitable for slow network tests")
+ @pytest.mark.skipif(condition=Env().ci_run, reason="not suitable for CI runs")
+ def test_02_20_h2_small_frames(self, env: Env, httpd, repeat):
+
diff --git a/net-misc/curl/files/curl-8.7.1-rustls-fixes.patch b/net-misc/curl/files/curl-8.7.1-rustls-fixes.patch
new file mode 100644
index 0000000..81bcb07
--- /dev/null
+++ b/net-misc/curl/files/curl-8.7.1-rustls-fixes.patch
@@ -0,0 +1,49 @@
+From a866b062b17ab94b16b817ab9969c561364a4d72 Mon Sep 17 00:00:00 2001
+From: Matt Jolly <Matt.Jolly@footclan.ninja>
+Date: Mon, 1 Apr 2024 08:36:51 +1000
+Subject: [PATCH] m4: fix rustls builds
+
+This patch consolidates the following commits to do with rustls
+detection using pkg-config:
+
+- https://github.com/curl/curl/commit/9c4209837094781d5eef69ae6bcad0e86b64bf99
+- https://github.com/curl/curl/commit/5a50cb5a18a141a463148562dab83fa3be1a3b90
+---
+ m4/curl-rustls.m4 | 15 +++++++++++++++
+ 1 file changed, 15 insertions(+)
+
+diff --git a/m4/curl-rustls.m4 b/m4/curl-rustls.m4
+index 7c55230..8082cf9 100644
+--- a/m4/curl-rustls.m4
++++ b/m4/curl-rustls.m4
+@@ -142,6 +142,11 @@ if test "x$OPT_RUSTLS" != xno; then
+ LIBS="$SSL_LIBS $LIBS"
+ USE_RUSTLS="yes"
+ ssl_msg="rustls"
++ AC_DEFINE(USE_RUSTLS, 1, [if rustls is enabled])
++ AC_SUBST(USE_RUSTLS, [1])
++ USE_RUSTLS="yes"
++ RUSTLS_ENABLED=1
++ test rustls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
+ else
+ AC_MSG_ERROR([pkg-config: Could not find rustls])
+ fi
+@@ -174,5 +179,15 @@ if test "x$OPT_RUSTLS" != xno; then
+ fi
+
+ test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
++
++ if test X"$OPT_RUSTLS" != Xno &&
++ test "$RUSTLS_ENABLED" != "1"; then
++ AC_MSG_NOTICE([OPT_RUSTLS: $OPT_RUSTLS])
++ AC_MSG_NOTICE([RUSTLS_ENABLED: $RUSTLS_ENABLED])
++ AC_MSG_ERROR([--with-rustls was given but Rustls could not be detected])
++ fi
+ fi
+ ])
++
++
++RUSTLS_ENABLED
+--
+2.44.0
+
diff --git a/net-misc/curl/files/curl-8.8.0-install-manpage.patch b/net-misc/curl/files/curl-8.8.0-install-manpage.patch
new file mode 100644
index 0000000..f58ddae
--- /dev/null
+++ b/net-misc/curl/files/curl-8.8.0-install-manpage.patch
@@ -0,0 +1,22 @@
+https://patch-diff.githubusercontent.com/raw/curl/curl/pull/13741
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Wed, 22 May 2024 08:43:43 +0200
+Subject: [PATCH] docs/Makefile.am: make curl-config.1 install
+
+on "make install" like it should
+---
+ docs/Makefile.am | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/docs/Makefile.am b/docs/Makefile.am
+index 83f5b0c461cc0f..e9ef6284860555 100644
+--- a/docs/Makefile.am
++++ b/docs/Makefile.am
+@@ -28,6 +28,7 @@ if BUILD_DOCS
+ # if we disable man page building, ignore these
+ MK_CA_DOCS = mk-ca-bundle.1
+ CURLCONF_DOCS = curl-config.1
++man_MANS = curl-config.1
+ endif
+
+ CURLPAGES = curl-config.md mk-ca-bundle.md
diff --git a/net-misc/curl/files/curl-8.8.0-mbedtls.patch b/net-misc/curl/files/curl-8.8.0-mbedtls.patch
new file mode 100644
index 0000000..8fa4d6e
--- /dev/null
+++ b/net-misc/curl/files/curl-8.8.0-mbedtls.patch
@@ -0,0 +1,42 @@
+https://github.com/curl/curl/pull/13749
+From: Stefan Eissing <stefan@eissing.org>
+Date: Wed, 22 May 2024 14:44:56 +0200
+Subject: [PATCH] mbedtls, check version for cipher id
+
+- mbedtls_ssl_get_ciphersuite_id_from_ssl() seems to have
+ been added in mbedtls 3.2.0. Check for that version.
+--- a/lib/vtls/mbedtls.c
++++ b/lib/vtls/mbedtls.c
+@@ -902,8 +902,6 @@ mbed_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data)
+ (struct mbed_ssl_backend_data *)connssl->backend;
+ struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
+ const mbedtls_x509_crt *peercert;
+- char cipher_str[64];
+- uint16_t cipher_id;
+ #ifndef CURL_DISABLE_PROXY
+ const char * const pinnedpubkey = Curl_ssl_cf_is_proxy(cf)?
+ data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY]:
+@@ -932,11 +930,18 @@ mbed_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data)
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+
+- cipher_id = (uint16_t)
+- mbedtls_ssl_get_ciphersuite_id_from_ssl(&backend->ssl);
+- mbed_cipher_suite_get_str(cipher_id, cipher_str, sizeof(cipher_str), true);
+- infof(data, "mbedTLS: Handshake complete, cipher is %s", cipher_str);
+-
++#if MBEDTLS_VERSION_NUMBER >= 0x03020000
++ {
++ char cipher_str[64];
++ uint16_t cipher_id;
++ cipher_id = (uint16_t)
++ mbedtls_ssl_get_ciphersuite_id_from_ssl(&backend->ssl);
++ mbed_cipher_suite_get_str(cipher_id, cipher_str, sizeof(cipher_str), true);
++ infof(data, "mbedTLS: Handshake complete, cipher is %s", cipher_str);
++ }
++#else
++ infof(data, "mbedTLS: Handshake complete");
++#endif
+ ret = mbedtls_ssl_get_verify_result(&backend->ssl);
+
+ if(!conn_config->verifyhost)
diff --git a/net-misc/curl/files/curl-8.8.0-multi_wait-timeout.patch b/net-misc/curl/files/curl-8.8.0-multi_wait-timeout.patch
new file mode 100644
index 0000000..38d8c1b
--- /dev/null
+++ b/net-misc/curl/files/curl-8.8.0-multi_wait-timeout.patch
@@ -0,0 +1,75 @@
+https://github.com/curl/curl/pull/13825
+From: Stefan Eissing <stefan@eissing.org>
+Date: Wed, 29 May 2024 17:13:34 +0200
+Subject: [PATCH] fix multi_wait() timeout handling
+
+- determine the actual poll timeout *after* all sockets
+ have been collected. Protocols and connection filters may
+ install new timeouts during collection.
+- add debug logging to test1533 where the mistake was noticed
+- refs #13782
+--- a/lib/multi.c
++++ b/lib/multi.c
+@@ -1366,13 +1366,6 @@ static CURLMcode multi_wait(struct Curl_multi *multi,
+ if(timeout_ms < 0)
+ return CURLM_BAD_FUNCTION_ARGUMENT;
+
+- /* If the internally desired timeout is actually shorter than requested from
+- the outside, then use the shorter time! But only if the internal timer
+- is actually larger than -1! */
+- (void)multi_timeout(multi, &timeout_internal);
+- if((timeout_internal >= 0) && (timeout_internal < (long)timeout_ms))
+- timeout_ms = (int)timeout_internal;
+-
+ memset(ufds, 0, ufds_len * sizeof(struct pollfd));
+ memset(&ps, 0, sizeof(ps));
+
+@@ -1476,6 +1469,14 @@ static CURLMcode multi_wait(struct Curl_multi *multi,
+ #endif
+ #endif
+
++ /* We check the internal timeout *AFTER* we collected all sockets to
++ * poll. Collecting the sockets may install new timers by protocols
++ * and connection filters.
++ * Use the shorter one of the internal and the caller requested timeout. */
++ (void)multi_timeout(multi, &timeout_internal);
++ if((timeout_internal >= 0) && (timeout_internal < (long)timeout_ms))
++ timeout_ms = (int)timeout_internal;
++
+ #if defined(ENABLE_WAKEUP) && defined(USE_WINSOCK)
+ if(nfds || use_wakeup) {
+ #else
+--- a/tests/libtest/Makefile.inc
++++ b/tests/libtest/Makefile.inc
+@@ -487,7 +487,7 @@ lib1551_SOURCES = lib1551.c $(SUPPORTFILES)
+ lib1552_SOURCES = lib1552.c $(SUPPORTFILES) $(TESTUTIL)
+ lib1552_LDADD = $(TESTUTIL_LIBS)
+
+-lib1553_SOURCES = lib1553.c $(SUPPORTFILES) $(TESTUTIL)
++lib1553_SOURCES = lib1553.c $(SUPPORTFILES) $(TSTTRACE) $(TESTUTIL)
+ lib1553_LDADD = $(TESTUTIL_LIBS)
+
+ lib1554_SOURCES = lib1554.c $(SUPPORTFILES)
+--- a/tests/libtest/lib1553.c
++++ b/tests/libtest/lib1553.c
+@@ -24,6 +24,7 @@
+ #include "test.h"
+
+ #include "testutil.h"
++#include "testtrace.h"
+ #include "warnless.h"
+ #include "memdebug.h"
+
+@@ -74,6 +75,12 @@ CURLcode test(char *URL)
+ easy_setopt(curls, CURLOPT_XFERINFOFUNCTION, xferinfo);
+ easy_setopt(curls, CURLOPT_NOPROGRESS, 1L);
+
++ libtest_debug_config.nohex = 1;
++ libtest_debug_config.tracetime = 1;
++ test_setopt(curls, CURLOPT_DEBUGDATA, &libtest_debug_config);
++ easy_setopt(curls, CURLOPT_DEBUGFUNCTION, libtest_debug_cb);
++ easy_setopt(curls, CURLOPT_VERBOSE, 1L);
++
+ multi_add_handle(multi, curls);
+
+ multi_perform(multi, &still_running);
diff --git a/net-misc/curl/files/curl-8.9.1-sigpipe.patch b/net-misc/curl/files/curl-8.9.1-sigpipe.patch
new file mode 100644
index 0000000..d308fc4
--- /dev/null
+++ b/net-misc/curl/files/curl-8.9.1-sigpipe.patch
@@ -0,0 +1,26 @@
+https://github.com/curl/curl/commit/3eec5afbd0b6377eca893c392569b2faf094d970
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Mon, 5 Aug 2024 00:17:17 +0200
+Subject: [PATCH] sigpipe: init the struct so that first apply ignores
+
+Initializes 'no_signal' to TRUE, so that a call to sigpipe_apply() after
+init ignores the signal (unless CURLOPT_NOSIGNAL) is set.
+
+I have read the existing code multiple times now and I think it gets the
+initial state reversed this missing to ignore.
+
+Regression from 17e6f06ea37136c36d27
+
+Reported-by: Rasmus Thomsen
+Fixes #14344
+Closes #14390
+--- a/lib/sigpipe.h
++++ b/lib/sigpipe.h
+@@ -39,6 +39,7 @@ struct sigpipe_ignore {
+ static void sigpipe_init(struct sigpipe_ignore *ig)
+ {
+ memset(ig, 0, sizeof(*ig));
++ ig->no_signal = TRUE;
+ }
+
+ /*
diff --git a/net-misc/curl/files/curl-prefix-2.patch b/net-misc/curl/files/curl-prefix-2.patch
new file mode 100644
index 0000000..0372038
--- /dev/null
+++ b/net-misc/curl/files/curl-prefix-2.patch
@@ -0,0 +1,34 @@
+From a3033ee39f2cc43cb17386b23cb304b010c2c96f Mon Sep 17 00:00:00 2001
+From: Matt Jolly <Matt.Jolly@footclan.ninja>
+Date: Wed, 22 May 2024 16:18:51 +1000
+Subject: [PATCH] Update prefix patch for 8.8.0
+
+---
+ curl-config.in | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/curl-config.in b/curl-config.in
+index 085bb1e..c0bc6ce 100644
+--- a/curl-config.in
++++ b/curl-config.in
+@@ -145,7 +145,7 @@ while test "$#" -gt 0; do
+ else
+ CPPFLAG_CURL_STATICLIB=""
+ fi
+- if test "X@includedir@" = "X/usr/include"; then
++ if test "X@includedir@" = "X@GENTOO_PORTAGE_EPREFIX@/usr/include"; then
+ echo "${CPPFLAG_CURL_STATICLIB}"
+ else
+ echo "${CPPFLAG_CURL_STATICLIB}-I@includedir@"
+@@ -153,7 +153,7 @@ while test "$#" -gt 0; do
+ ;;
+
+ --libs)
+- if test "X@libdir@" != "X/usr/lib" -a "X@libdir@" != "X/usr/lib64"; then
++ if test "X@libdir@" != "X@GENTOO_PORTAGE_EPREFIX@/usr/lib" -a "X@libdir@" != "X@GENTOO_PORTAGE_EPREFIX@/usr/lib64"; then
+ CURLLIBDIR="-L@libdir@ "
+ else
+ CURLLIBDIR=""
+--
+2.45.0
+
diff --git a/net-misc/curl/files/curl-prefix.patch b/net-misc/curl/files/curl-prefix.patch
new file mode 100644
index 0000000..fd495c4
--- /dev/null
+++ b/net-misc/curl/files/curl-prefix.patch
@@ -0,0 +1,21 @@
+diff -Naur curl-7.30.0.orig/curl-config.in curl-7.30.0/curl-config.in
+--- curl-7.30.0.orig/curl-config.in 2013-02-06 09:44:37.000000000 -0500
++++ curl-7.30.0/curl-config.in 2013-04-17 18:43:56.000000000 -0400
+@@ -134,7 +134,7 @@
+ else
+ CPPFLAG_CURL_STATICLIB=""
+ fi
+- if test "X@includedir@" = "X/usr/include"; then
++ if test "X@includedir@" = "X@GENTOO_PORTAGE_EPREFIX@/usr/include"; then
+ echo "$CPPFLAG_CURL_STATICLIB"
+ else
+ echo "${CPPFLAG_CURL_STATICLIB}-I@includedir@"
+@@ -142,7 +142,7 @@
+ ;;
+
+ --libs)
+- if test "X@libdir@" != "X/usr/lib" -a "X@libdir@" != "X/usr/lib64"; then
++ if test "X@libdir@" != "X@GENTOO_PORTAGE_EPREFIX@/usr/lib" -a "X@libdir@" != "X@GENTOO_PORTAGE_EPREFIX@/usr/lib64"; then
+ CURLLIBDIR="-L@libdir@ "
+ else
+ CURLLIBDIR=""
diff --git a/net-misc/curl/files/curl-respect-cflags-3.patch b/net-misc/curl/files/curl-respect-cflags-3.patch
new file mode 100644
index 0000000..4a4a614
--- /dev/null
+++ b/net-misc/curl/files/curl-respect-cflags-3.patch
@@ -0,0 +1,14 @@
+diff --git a/configure.ac b/configure.ac
+index e9b49c7..e374ab6 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -280,9 +280,6 @@ dnl **********************************************************************
+
+ CURL_CHECK_COMPILER
+ CURL_SET_COMPILER_BASIC_OPTS
+-CURL_SET_COMPILER_DEBUG_OPTS
+-CURL_SET_COMPILER_OPTIMIZE_OPTS
+-CURL_SET_COMPILER_WARNING_OPTS
+
+ if test "$compiler_id" = "INTEL_UNIX_C"; then
+ #
diff --git a/net-misc/curl/metadata.xml b/net-misc/curl/metadata.xml
new file mode 100644
index 0000000..884608c
--- /dev/null
+++ b/net-misc/curl/metadata.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer type="person">
+ <email>kangie@gentoo.org</email>
+ <name>Matt Jolly</name>
+ </maintainer>
+ <maintainer type="project">
+ <email>base-system@gentoo.org</email>
+ <name>Gentoo Base System</name>
+ </maintainer>
+ <use>
+ <flag name="alt-svc">Enable alt-svc support</flag>
+ <flag name="ftp">Enable FTP support</flag>
+ <flag name="gnutls">Enable gnutls ssl backend</flag>
+ <flag name="gopher">Enable Gopher protocol support</flag>
+ <flag name="hsts">Enable HTTP Strict Transport Security</flag>
+ <flag name="imap">Enable Internet Message Access Protocol support</flag>
+ <flag name="mbedtls">Enable mbedtls ssl backend</flag>
+ <flag name="nghttp3">Enable HTTP/3 support using <pkg>net-libs/nghttp3</pkg></flag>
+ <flag name="http3">Enable HTTP/3 support</flag>
+ <flag name="openssl">Enable openssl ssl backend</flag>
+ <flag name="pop3">Enable Post Office Protocol 3 support</flag>
+ <flag name="progress-meter">Enable the progress meter</flag>
+ <flag name="psl">Enable Public Suffix List (PSL) support. See https://daniel.haxx.se/blog/2024/01/10/psl-in-curl/.</flag>
+ <flag name="quic">Enable support for QUIC (RFC 9000); a UDP-based protocol intended to replace TCP</flag>
+ <flag name="rtmp">Enable RTMP Streaming Media support</flag>
+ <flag name="rustls">Enable Rustls ssl backend</flag>
+ <flag name="smtp">Enable Simple Mail Transfer Protocol support</flag>
+ <flag name="ssh">Enable SSH urls in curl using libssh2</flag>
+ <flag name="ssl">Enable crypto engine support (via openssl if USE='-gnutls -nss')</flag>
+ <flag name="sslv3">Support for the old/insecure SSLv3 protocol</flag>
+ <flag name="telnet">Enable Telnet protocol support</flag>
+ <flag name="tftp">Enable TFTP support</flag>
+ <flag name="websockets">Enable websockets support</flag>
+ </use>
+ <upstream>
+ <remote-id type="cpe">cpe:/a:curl:curl</remote-id>
+ <remote-id type="cpe">cpe:/a:curl:libcurl</remote-id>
+ <remote-id type="cpe">cpe:/a:haxx:curl</remote-id>
+ <remote-id type="cpe">cpe:/a:haxx:libcurl</remote-id>
+ <remote-id type="github">curl/curl</remote-id>
+ </upstream>
+</pkgmetadata>
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [gentoo-commits] repo/proj/libressl:master commit in: net-misc/curl/files/, net-misc/curl/
@ 2024-12-13 3:53 orbea
0 siblings, 0 replies; 3+ messages in thread
From: orbea @ 2024-12-13 3:53 UTC (permalink / raw
To: gentoo-commits
commit: 23f44d403521c1e52c18896fec24cd9a7fbee6a8
Author: orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Fri Dec 13 03:51:36 2024 +0000
Commit: orbea <orbea <AT> riseup <DOT> net>
CommitDate: Fri Dec 13 03:51:36 2024 +0000
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=23f44d40
net-misc/curl: add 8.11.1-r1, drop 8.11.1
Signed-off-by: orbea <orbea <AT> riseup.net>
.../{curl-8.11.1.ebuild => curl-8.11.1-r1.ebuild} | 1 +
.../curl-8.11.1-async-thread-close-eventfd.patch | 33 ++++++++++++++++++++++
2 files changed, 34 insertions(+)
diff --git a/net-misc/curl/curl-8.11.1.ebuild b/net-misc/curl/curl-8.11.1-r1.ebuild
similarity index 99%
rename from net-misc/curl/curl-8.11.1.ebuild
rename to net-misc/curl/curl-8.11.1-r1.ebuild
index 60486cb..aca6d0d 100644
--- a/net-misc/curl/curl-8.11.1.ebuild
+++ b/net-misc/curl/curl-8.11.1-r1.ebuild
@@ -154,6 +154,7 @@ QA_CONFIG_IMPL_DECL_SKIP=(
PATCHES=(
"${FILESDIR}/${PN}-prefix-3.patch"
"${FILESDIR}/${PN}-respect-cflags-3.patch"
+ "${FILESDIR}/${P}-async-thread-close-eventfd.patch"
)
src_prepare() {
diff --git a/net-misc/curl/files/curl-8.11.1-async-thread-close-eventfd.patch b/net-misc/curl/files/curl-8.11.1-async-thread-close-eventfd.patch
new file mode 100644
index 0000000..2bdfc51
--- /dev/null
+++ b/net-misc/curl/files/curl-8.11.1-async-thread-close-eventfd.patch
@@ -0,0 +1,33 @@
+https://github.com/curl/curl/commit/ff5091aa9f73802e894b1cbdf24ab84e103200e2
+From: Andy Pan <i@andypan.me>
+Date: Thu, 12 Dec 2024 12:48:56 +0000
+Subject: [PATCH] async-thread: avoid closing eventfd twice
+
+When employing eventfd for socketpair, there is only one file
+descriptor. Closing that fd twice might result in fd corruption.
+Thus, we should avoid closing the eventfd twice, following the
+pattern in lib/multi.c.
+
+Fixes #15725
+Closes #15727
+Reported-by: Christian Heusel
+---
+ lib/asyn-thread.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/lib/asyn-thread.c b/lib/asyn-thread.c
+index a58e4b790494ab..32d496b107cb0a 100644
+--- a/lib/asyn-thread.c
++++ b/lib/asyn-thread.c
+@@ -195,9 +195,11 @@ void destroy_thread_sync_data(struct thread_sync_data *tsd)
+ * close one end of the socket pair (may be done in resolver thread);
+ * the other end (for reading) is always closed in the parent thread.
+ */
++#ifndef USE_EVENTFD
+ if(tsd->sock_pair[1] != CURL_SOCKET_BAD) {
+ wakeup_close(tsd->sock_pair[1]);
+ }
++#endif
+ #endif
+ memset(tsd, 0, sizeof(*tsd));
+ }
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [gentoo-commits] repo/proj/libressl:master commit in: net-misc/curl/files/, net-misc/curl/
@ 2025-02-05 15:02 orbea
0 siblings, 0 replies; 3+ messages in thread
From: orbea @ 2025-02-05 15:02 UTC (permalink / raw
To: gentoo-commits
commit: 17bfa7750dbb8e5aa571112eb30c4cc150d9ee98
Author: orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Wed Feb 5 14:58:00 2025 +0000
Commit: orbea <orbea <AT> riseup <DOT> net>
CommitDate: Wed Feb 5 14:59:11 2025 +0000
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=17bfa775
net-misc/curl: add 8.12.0
Signed-off-by: orbea <orbea <AT> riseup.net>
net-misc/curl/Manifest | 2 +
net-misc/curl/curl-8.12.0.ebuild | 384 ++++++++++++++++++++++++++++++++
net-misc/curl/files/curl-prefix-4.patch | 35 +++
3 files changed, 421 insertions(+)
diff --git a/net-misc/curl/Manifest b/net-misc/curl/Manifest
index b6b6c4c..04a1dbc 100644
--- a/net-misc/curl/Manifest
+++ b/net-misc/curl/Manifest
@@ -4,5 +4,7 @@ DIST curl-8.11.0.tar.xz 2750684 BLAKE2B 3db13ed558bee332e07e1eab878b5ecae14cd049
DIST curl-8.11.0.tar.xz.asc 488 BLAKE2B 5d91dc654d6a62c66e344ca92676b42e7a49f437e14f9fb714f7ae64a266d24d9bb7006b4512fc323459072ff0d9e05f627e494f34f845eadbedbd83acacc2ce SHA512 71073dde48e8f0013e392eb88bf70f6b8a4a4f0c955a3fb56db98e74aa10acc1004e2a0483f30be082e61b59a76fa75ae1d90545ace7c6b07bca8164078375f0
DIST curl-8.11.1.tar.xz 2751236 BLAKE2B a87ec2c78c5d6daf44eee4cf8e3ed124849d067f6c63145205fda18f33ddd3adce386058ead8f9b713f8e595f5e059acd13479eb00edc226247aabd3c2234112 SHA512 7c7c47a49505575b610c56b455f0919ea5082a993bf5483eeb258ead167aadb87078d626b343b417dcfc5439c53556425c8fb4fe3b01b53a87b47c01686a3e57
DIST curl-8.11.1.tar.xz.asc 488 BLAKE2B 53d58ebb8ab722d8394b7ce94b646c876324cd89b3e47d9129bddcfbb6db338c1dbe93a5e72a25caf7be9ddd450c2b0832cfee17beb8ba701bdeefe653235d53 SHA512 c09bedb67e83fb8ca3ad73c5bd0d92fed7fc2c26dbe5a71cccb193fd151c7219713241a9fe74baefcd1d008cfafba78142bf04cec24dd4a88d67179184d35824
+DIST curl-8.12.0.tar.xz 2777552 BLAKE2B b38c7465a38f6bbdc6daa1e8a27dc810f970c9172ddf532881e83965e1fa6001beff1bf358e5138e1a0ae1121d877f6a5a4f38ef7ea7e03c8b06dc46fbf24022 SHA512 ed35f0020541050ce387f4ba80f9e87562ececd99082da1bae85840dee81c49b86a4a55909e15fcbf4eb116106a796c29a9b2678dee11326f80db75992c6edc5
+DIST curl-8.12.0.tar.xz.asc 488 BLAKE2B 8977dabab96b6f188e8b16497e7a4e589f05b5512a9bc6ec0ee36797615c720b9cb5c34bc90df6ee037d898b8fa7f708ad2b2ff789163adcb5308a2e0d7cf9df SHA512 8526554ffb2187b48b6a4c6a0d4a8c73d484ef3ce4c3791add0e759baf953ac7ae0b2f88d688365b1f09c5745198611fa1761aa14d02ddf52823c4ff238779cd
DIST curl-8.9.1.tar.xz 2782364 BLAKE2B 6e38e20e2b03ab5bfbb8d9797442dfdd9644fc80d7b1f7c1efb1f44e0d730524e82ccf7413b2c6f4555bd61ae42f91ec7c0201e2c0d563811c85164aa234aada SHA512 a0fe234402875db194aad4e4208b7e67e7ffc1562622eea90948d4b9b0122c95c3dde8bbe2f7445a687cb3de7cb09f20e5819d424570442d976aa4c913227fc7
DIST curl-8.9.1.tar.xz.asc 488 BLAKE2B 437268f6e5ba5db73f205fd87f3ded1e5fc200e8bf63a83cdb7e21dfbf2f4a4620e598cd0bf5d8fa1548ade08d45b386599542cd988df46a238b85790409f42e SHA512 18acd58436d70900ab6912b84774da2c451b9dbfc83d6d00f85bbbe7894b67075918e58956fdb753fcc1486e4f10caa31139d7c68b037d7c83dc2e9c2fae9f9b
diff --git a/net-misc/curl/curl-8.12.0.ebuild b/net-misc/curl/curl-8.12.0.ebuild
new file mode 100644
index 0000000..7a30204
--- /dev/null
+++ b/net-misc/curl/curl-8.12.0.ebuild
@@ -0,0 +1,384 @@
+# Copyright 1999-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Maintainers should subscribe to the 'curl-distros' ML for backports etc
+# https://daniel.haxx.se/blog/2024/03/25/curl-distro-report/
+# https://lists.haxx.se/listinfo/curl-distros
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/danielstenberg.asc
+inherit autotools multilib-minimal multiprocessing prefix toolchain-funcs verify-sig
+
+DESCRIPTION="A Client that groks URLs"
+HOMEPAGE="https://curl.se/"
+
+if [[ ${PV} == 9999 ]]; then
+ inherit git-r3
+ EGIT_REPO_URI="https://github.com/curl/curl.git"
+else
+ SRC_URI="
+ https://curl.se/download/${P}.tar.xz
+ verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )
+ "
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+fi
+
+LICENSE="BSD curl ISC test? ( BSD-4 )"
+SLOT="0"
+IUSE="+adns +alt-svc brotli debug +ftp gnutls gopher +hsts +http2 +http3 idn +imap kerberos ldap mbedtls +openssl +pop3"
+IUSE+=" +psl +progress-meter +quic rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp +websockets zstd"
+# These select the default tls implementation / which quic impl to use
+IUSE+=" +curl_quic_openssl curl_quic_ngtcp2 curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls"
+RESTRICT="!test? ( test )"
+
+# Only one default ssl / quic provider can be enabled
+# The default provider needs its USE satisfied
+# HTTP/3 and MultiSSL are mutually exclusive; it's not clear if MultiSSL offers any benefit at all in the modern day.
+# https://github.com/curl/curl/commit/65ece771f4602107d9cdd339dff4b420280a2c2e
+REQUIRED_USE="
+ quic? (
+ !curl_quic_openssl
+ curl_quic_ngtcp2
+ http3
+ ssl
+ )
+ ssl? (
+ ^^ (
+ curl_ssl_gnutls
+ curl_ssl_mbedtls
+ curl_ssl_openssl
+ curl_ssl_rustls
+ )
+ )
+ curl_quic_openssl? (
+ curl_ssl_openssl
+ quic
+ !gnutls
+ !mbedtls
+ !rustls
+ )
+ curl_quic_ngtcp2? (
+ quic
+ !mbedtls
+ !rustls
+ )
+ curl_ssl_gnutls? ( gnutls )
+ curl_ssl_mbedtls? ( mbedtls )
+ curl_ssl_openssl? ( openssl )
+ curl_ssl_rustls? ( rustls )
+ http3? ( alt-svc quic )
+"
+
+# cURL's docs and CI/CD are great resources for confirming supported versions
+# particulary for fast-moving targets like HTTP/2 and TCP/2 e.g.:
+# - https://github.com/curl/curl/blob/master/docs/INTERNALS.md (core dependencies + minimum versions)
+# - https://github.com/curl/curl/blob/master/docs/HTTP3.md (example of a feature that moves quickly)
+# - https://github.com/curl/curl/blob/master/.github/workflows/http3-linux.yml (CI/CD for TCP/2)
+# However 'supported' vs 'works' are two entirely different things; be sane but
+# don't be afraid to require a later version.
+# ngtcp2 = https://bugs.gentoo.org/912029 - can only build with one tls backend at a time.
+RDEPEND="
+ >=sys-libs/zlib-1.1.4[${MULTILIB_USEDEP}]
+ adns? ( >=net-dns/c-ares-1.16.0:=[${MULTILIB_USEDEP}] )
+ brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
+ http2? ( >=net-libs/nghttp2-1.15.0:=[${MULTILIB_USEDEP}] )
+ http3? ( >=net-libs/nghttp3-1.1.0[${MULTILIB_USEDEP}] )
+ idn? ( >=net-dns/libidn2-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
+ kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
+ ldap? ( >=net-nds/openldap-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
+ psl? ( net-libs/libpsl[${MULTILIB_USEDEP}] )
+ quic? (
+ curl_quic_openssl? ( >=dev-libs/openssl-3.3.0:=[quic,${MULTILIB_USEDEP}] )
+ curl_quic_ngtcp2? ( >=net-libs/ngtcp2-1.2.0[ssl,${MULTILIB_USEDEP}] )
+ )
+ rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
+ ssh? ( >=net-libs/libssh2-1.0.0[${MULTILIB_USEDEP}] )
+ ssl? (
+ gnutls? (
+ app-misc/ca-certificates
+ >=net-libs/gnutls-3.1.10:=[static-libs?,${MULTILIB_USEDEP}]
+ dev-libs/nettle:=[${MULTILIB_USEDEP}]
+ )
+ mbedtls? (
+ app-misc/ca-certificates
+ net-libs/mbedtls:0=[${MULTILIB_USEDEP}]
+ )
+ openssl? (
+ >=dev-libs/openssl-0.9.7:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
+ )
+ rustls? (
+ >=net-libs/rustls-ffi-0.14.0:=[${MULTILIB_USEDEP}]
+ )
+ )
+ zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )
+"
+
+DEPEND="${RDEPEND}"
+
+BDEPEND="
+ dev-lang/perl
+ virtual/pkgconfig
+ test? (
+ sys-apps/diffutils
+ http2? ( >=net-libs/nghttp2-1.15.0:=[utils,${MULTILIB_USEDEP}] )
+ http3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] )
+ )
+ verify-sig? ( sec-keys/openpgp-keys-danielstenberg )
+"
+
+DOCS=( README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
+
+MULTILIB_WRAPPED_HEADERS=(
+ /usr/include/curl/curlbuild.h
+)
+
+MULTILIB_CHOST_TOOLS=(
+ /usr/bin/curl-config
+)
+
+QA_CONFIG_IMPL_DECL_SKIP=(
+ __builtin_available
+ closesocket
+ CloseSocket
+ getpass_r
+ ioctlsocket
+ IoctlSocket
+ mach_absolute_time
+ setmode
+ _fseeki64
+ # custom AC_LINK_IFELSE code fails to link even without -Werror
+ OSSL_QUIC_client_method
+)
+
+PATCHES=(
+ "${FILESDIR}/${PN}-prefix-4.patch"
+ "${FILESDIR}/${PN}-respect-cflags-3.patch"
+)
+
+src_prepare() {
+ default
+
+ eprefixify curl-config.in
+ eautoreconf
+}
+
+multilib_src_configure() {
+ # We make use of the fact that later flags override earlier ones
+ # So start with all ssl providers off until proven otherwise
+ # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
+ local myconf=()
+
+ myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
+ if use ssl; then
+ myconf+=( --without-gnutls --without-mbedtls --without-rustls )
+
+ if use gnutls; then
+ multilib_is_native_abi && einfo "SSL provided by gnutls"
+ myconf+=( --with-gnutls )
+ fi
+ if use mbedtls; then
+ multilib_is_native_abi && einfo "SSL provided by mbedtls"
+ myconf+=( --with-mbedtls )
+ fi
+ if use openssl; then
+ multilib_is_native_abi && einfo "SSL provided by openssl"
+ myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
+ fi
+ if use rustls; then
+ multilib_is_native_abi && einfo "SSL provided by rustls"
+ myconf+=( --with-rustls )
+ fi
+ if use curl_ssl_gnutls; then
+ multilib_is_native_abi && einfo "Default SSL provided by gnutls"
+ myconf+=( --with-default-ssl-backend=gnutls )
+ elif use curl_ssl_mbedtls; then
+ multilib_is_native_abi && einfo "Default SSL provided by mbedtls"
+ myconf+=( --with-default-ssl-backend=mbedtls )
+ elif use curl_ssl_openssl; then
+ multilib_is_native_abi && einfo "Default SSL provided by openssl"
+ myconf+=( --with-default-ssl-backend=openssl )
+ elif use curl_ssl_rustls; then
+ multilib_is_native_abi && einfo "Default SSL provided by rustls"
+ myconf+=( --with-default-ssl-backend=rustls )
+ else
+ eerror "We can't be here because of REQUIRED_USE."
+ die "Please file a bug, hit impossible condition w/ USE=ssl handling."
+ fi
+
+ else
+ myconf+=( --without-ssl )
+ einfo "SSL disabled"
+ fi
+
+ # These configuration options are organized alphabetically
+ # within each category. This should make it easier if we
+ # ever decide to make any of them contingent on USE flags:
+ # 1) protocols first. To see them all do
+ # 'grep SUPPORT_PROTOCOLS configure.ac'
+ # 2) --enable/disable options second.
+ # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
+ # 3) --with/without options third.
+ # grep -- --with configure | grep Check | awk '{ print $4 }' | sort
+
+ myconf+=(
+ $(use_enable alt-svc)
+ --enable-basic-auth
+ --enable-bearer-auth
+ --enable-digest-auth
+ --enable-kerberos-auth
+ --enable-negotiate-auth
+ --enable-aws
+ --enable-dict
+ --disable-ech
+ --enable-file
+ $(use_enable ftp)
+ $(use_enable gopher)
+ $(use_enable hsts)
+ --enable-http
+ $(use_enable imap)
+ $(use_enable ldap)
+ $(use_enable ldap ldaps)
+ --enable-ntlm
+ $(use_enable pop3)
+ --enable-rt
+ --enable-rtsp
+ $(use_enable samba smb)
+ $(use_with ssh libssh2)
+ $(use_enable smtp)
+ $(use_enable telnet)
+ $(use_enable tftp)
+ --enable-tls-srp
+ $(use_enable adns ares)
+ --enable-cookies
+ --enable-dateparse
+ --enable-dnsshuffle
+ --enable-doh
+ --enable-symbol-hiding
+ --enable-http-auth
+ --enable-ipv6
+ --enable-largefile
+ --enable-manual
+ --enable-mime
+ --enable-netrc
+ $(use_enable progress-meter)
+ --enable-proxy
+ --enable-socketpair
+ --disable-sspi
+ $(use_enable static-libs static)
+ --disable-versioned-symbols
+ --without-amissl
+ --without-bearssl
+ $(use_with brotli)
+ --with-fish-functions-dir="${EPREFIX}"/usr/share/fish/vendor_completions.d
+ $(use_with http2 nghttp2)
+ $(use_with idn libidn2)
+ $(use_with kerberos gssapi "${EPREFIX}"/usr)
+ --without-libgsasl
+ $(use_with psl libpsl)
+ --without-msh3
+ $(use_with http3 nghttp3)
+ $(use_with curl_quic_ngtcp2 ngtcp2)
+ $(use_with curl_quic_openssl openssl-quic)
+ --without-quiche
+ $(use_with rtmp librtmp)
+ --without-schannel
+ --without-secure-transport
+ --without-test-caddy
+ --without-test-httpd
+ --without-test-nghttpx
+ $(use_enable websockets)
+ --without-winidn
+ --without-wolfssl
+ --with-zlib
+ $(use_with zstd)
+ --with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions
+ )
+
+ if use debug; then
+ myconf+=(
+ --enable-debug
+ )
+ fi
+
+ if use test && multilib_is_native_abi && ( use http2 || use http3 ); then
+ myconf+=(
+ --with-test-nghttpx="${BROOT}/usr/bin/nghttpx"
+ )
+ fi
+
+ # Since 8.12.0 adns/c-ares and the threaded resolver are mutually exclusive
+ # This is in support of some work to enable `httpsrr` to use adns and the rest
+ # of curl to use the threaded resolver; we'll just make `httpsrr` conditional on adns
+ # when the time comes.
+ if use adns; then
+ myconf+=(
+ --disable-threaded-resolver
+ )
+ else
+ myconf+=(
+ --enable-threaded-resolver
+ )
+ fi
+
+ ECONF_SOURCE="${S}" econf "${myconf[@]}"
+
+ if ! multilib_is_native_abi; then
+ # Avoid building the client (we just want libcurl for multilib)
+ sed -i -e '/SUBDIRS/s:src::' Makefile || die
+ sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
+ fi
+
+}
+
+multilib_src_compile() {
+ default
+
+ if multilib_is_native_abi; then
+ # Shell completions
+ ! tc-is-cross-compiler && emake -C scripts
+ fi
+}
+
+# There is also a pytest harness that tests for bugs in some very specific
+# situations; we can rely on upstream for this rather than adding additional test deps.
+multilib_src_test() {
+ # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
+ # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
+ # -v: verbose
+ # -a: keep going on failure (so we see everything that breaks, not just 1st test)
+ # -k: keep test files after completion
+ # -am: automake style TAP output
+ # -p: print logs if test fails
+ # Note: if needed, we can skip specific tests. See e.g. Fedora's packaging
+ # or just read https://github.com/curl/curl/tree/master/tests#run.
+ # Note: we don't run the testsuite for cross-compilation.
+ # Upstream recommend 7*nproc as a starting point for parallel tests, but
+ # this ends up breaking when nproc is huge (like -j80).
+ # The network sandbox causes tests 241 and 1083 to fail; these are typically skipped
+ # as most gentoo users don't have an 'ip6-localhost'
+ multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p -j$((2*$(makeopts_jobs))) !241 !1083"
+}
+
+multilib_src_install() {
+ emake DESTDIR="${D}" install
+
+ if multilib_is_native_abi; then
+ # Shell completions
+ ! tc-is-cross-compiler && emake -C scripts DESTDIR="${D}" install
+ fi
+}
+
+multilib_src_install_all() {
+ einstalldocs
+ find "${ED}" -type f -name '*.la' -delete || die
+ rm -rf "${ED}"/etc/ || die
+}
+
+pkg_postinst() {
+ if use debug; then
+ ewarn "USE=debug has been selected, enabling debug codepaths and making cURL extra verbose."
+ ewarn "Use this _only_ for testing. Debug builds should _not_ be used in anger."
+ ewarn "hic sunt dracones; you have been warned."
+ fi
+}
diff --git a/net-misc/curl/files/curl-prefix-4.patch b/net-misc/curl/files/curl-prefix-4.patch
new file mode 100644
index 0000000..796b67f
--- /dev/null
+++ b/net-misc/curl/files/curl-prefix-4.patch
@@ -0,0 +1,35 @@
+From f18f4362d7ca60fb12248a559dab26aea330771c Mon Sep 17 00:00:00 2001
+From: Matt Jolly <kangie@gentoo.org>
+Date: Wed, 5 Feb 2025 17:27:11 +1000
+Subject: [PATCH] Update prefix patch for 8.12.0
+
+Signed-off-by: Matt Jolly <kangie@gentoo.org>
+---
+ curl-config.in | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/curl-config.in b/curl-config.in
+index 55184167b..df31fdb46 100644
+--- a/curl-config.in
++++ b/curl-config.in
+@@ -141,7 +141,7 @@ while test "$#" -gt 0; do
+ ;;
+
+ --cflags)
+- if test "X@includedir@" = 'X/usr/include'; then
++ if test "X@includedir@" = "X@GENTOO_PORTAGE_EPREFIX@/usr/include"; then
+ echo '@LIBCURL_PC_CFLAGS@'
+ else
+ echo "@LIBCURL_PC_CFLAGS@ -I@includedir@"
+@@ -149,7 +149,7 @@ while test "$#" -gt 0; do
+ ;;
+
+ --libs)
+- if test "X@libdir@" != 'X/usr/lib' -a "X@libdir@" != 'X/usr/lib64'; then
++ if test "X@libdir@" != "X@GENTOO_PORTAGE_EPREFIX@/usr/lib" -a "X@libdir@" != "X@GENTOO_PORTAGE_EPREFIX@/usr/lib64"; then
+ curllibdir="-L@libdir@ "
+ else
+ curllibdir=''
+--
+2.48.0
+
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2025-02-05 15:02 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-02-05 15:02 [gentoo-commits] repo/proj/libressl:master commit in: net-misc/curl/files/, net-misc/curl/ orbea
-- strict thread matches above, loose matches on Subject: below --
2024-12-13 3:53 orbea
2024-10-15 23:43 orbea
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox