* [gentoo-commits] repo/proj/libressl:master commit in: net-misc/curl/files/, net-misc/curl/
@ 2024-10-15 23:43 orbea
0 siblings, 0 replies; 8+ messages in thread
From: orbea @ 2024-10-15 23:43 UTC (permalink / raw
To: gentoo-commits
commit: 933387194f2ad524c99a90bd7cb0405d0b30f5aa
Author: orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Tue Oct 15 23:39:13 2024 +0000
Commit: orbea <orbea <AT> riseup <DOT> net>
CommitDate: Tue Oct 15 23:40:26 2024 +0000
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=93338719
net-misc/curl: new package, add 8.9.1-r1, 8.10.1
Make it easier to use quic with LibreSSL via ngtcp2.
Signed-off-by: orbea <orbea <AT> riseup.net>
net-misc/curl/Manifest | 4 +
net-misc/curl/curl-8.10.1.ebuild | 381 ++++++++++++++++++++
net-misc/curl/curl-8.9.1-r1.ebuild | 382 +++++++++++++++++++++
net-misc/curl/files/curl-8.7.1-chunked-post.patch | 57 +++
.../files/curl-8.7.1-fix-compress-option.patch | 153 +++++++++
.../curl/files/curl-8.7.1-http2-git-clone.patch | 342 ++++++++++++++++++
net-misc/curl/files/curl-8.7.1-rustls-fixes.patch | 49 +++
.../curl/files/curl-8.8.0-install-manpage.patch | 22 ++
net-misc/curl/files/curl-8.8.0-mbedtls.patch | 42 +++
.../curl/files/curl-8.8.0-multi_wait-timeout.patch | 75 ++++
net-misc/curl/files/curl-8.9.1-sigpipe.patch | 26 ++
net-misc/curl/files/curl-prefix-2.patch | 34 ++
net-misc/curl/files/curl-prefix.patch | 21 ++
net-misc/curl/files/curl-respect-cflags-3.patch | 14 +
net-misc/curl/metadata.xml | 44 +++
15 files changed, 1646 insertions(+)
diff --git a/net-misc/curl/Manifest b/net-misc/curl/Manifest
new file mode 100644
index 0000000..9748763
--- /dev/null
+++ b/net-misc/curl/Manifest
@@ -0,0 +1,4 @@
+DIST curl-8.10.1.tar.xz 2726748 BLAKE2B bfdfa24f6d652884044c5e8eea5d70daad651b46255c99c9df502f9595a2dcbf8c4034446becf9e87f8e8a3f397a8fda29ab3e0d6020ac0dae62dd42b8136b78 SHA512 f1c7a12492dcfb8ba08be69b96a83ce9074592cbaa6b95c72b3c16fc58ad35e9f9deec7b72baca7d360d013b0b1c7ea38bd4edae464903ac67aa3c76238d8c6c
+DIST curl-8.10.1.tar.xz.asc 488 BLAKE2B 8e8f2b628d4e8964a76c1c43c5557aacbfc2d2dbc51be8a0fa1b157c257f15f29aedba842cba7cb270c4adcf0b4a5d9c8b0b3d49633c48b061fb3e1472303d66 SHA512 21d6d560c027efc9e3e5db182a77501d6376442221ba910df817e2ec980bee44a9fe2afc698205f8d5e8313ae47915a341d60206a46b46e816d73ee357a894ac
+DIST curl-8.9.1.tar.xz 2782364 BLAKE2B 6e38e20e2b03ab5bfbb8d9797442dfdd9644fc80d7b1f7c1efb1f44e0d730524e82ccf7413b2c6f4555bd61ae42f91ec7c0201e2c0d563811c85164aa234aada SHA512 a0fe234402875db194aad4e4208b7e67e7ffc1562622eea90948d4b9b0122c95c3dde8bbe2f7445a687cb3de7cb09f20e5819d424570442d976aa4c913227fc7
+DIST curl-8.9.1.tar.xz.asc 488 BLAKE2B 437268f6e5ba5db73f205fd87f3ded1e5fc200e8bf63a83cdb7e21dfbf2f4a4620e598cd0bf5d8fa1548ade08d45b386599542cd988df46a238b85790409f42e SHA512 18acd58436d70900ab6912b84774da2c451b9dbfc83d6d00f85bbbe7894b67075918e58956fdb753fcc1486e4f10caa31139d7c68b037d7c83dc2e9c2fae9f9b
diff --git a/net-misc/curl/curl-8.10.1.ebuild b/net-misc/curl/curl-8.10.1.ebuild
new file mode 100644
index 0000000..f49ba20
--- /dev/null
+++ b/net-misc/curl/curl-8.10.1.ebuild
@@ -0,0 +1,381 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Maintainers should subscribe to the 'curl-distros' ML for backports etc
+# https://daniel.haxx.se/blog/2024/03/25/curl-distro-report/
+# https://lists.haxx.se/listinfo/curl-distros
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/danielstenberg.asc
+inherit autotools multilib-minimal multiprocessing prefix toolchain-funcs verify-sig
+
+DESCRIPTION="A Client that groks URLs"
+HOMEPAGE="https://curl.se/"
+
+if [[ ${PV} == 9999 ]]; then
+ inherit git-r3
+ EGIT_REPO_URI="https://github.com/curl/curl.git"
+else
+ SRC_URI="
+ https://curl.se/download/${P}.tar.xz
+ verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )
+ "
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+fi
+
+LICENSE="BSD curl ISC test? ( BSD-4 )"
+SLOT="0"
+IUSE="+adns +alt-svc brotli debug +ftp gnutls gopher +hsts +http2 +http3 idn +imap kerberos ldap mbedtls +openssl +pop3"
+IUSE+=" +psl +progress-meter +quic rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp +websockets zstd"
+# These select the default tls implementation / which quic impl to use
+IUSE+=" +curl_quic_openssl curl_quic_ngtcp2 curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls"
+RESTRICT="!test? ( test )"
+
+# Only one default ssl / quic provider can be enabled
+# The default provider needs its USE satisfied
+# HTTP/3 and MultiSSL are mutually exclusive; it's not clear if MultiSSL offers any benefit at all in the modern day.
+# https://github.com/curl/curl/commit/65ece771f4602107d9cdd339dff4b420280a2c2e
+REQUIRED_USE="
+ quic? (
+ ^^ (
+ curl_quic_openssl
+ curl_quic_ngtcp2
+ )
+ http3
+ ssl
+ )
+ ssl? (
+ ^^ (
+ curl_ssl_gnutls
+ curl_ssl_mbedtls
+ curl_ssl_openssl
+ curl_ssl_rustls
+ )
+ )
+ curl_quic_openssl? (
+ curl_ssl_openssl
+ quic
+ !gnutls
+ !mbedtls
+ !rustls
+ )
+ curl_quic_ngtcp2? (
+ quic
+ !mbedtls
+ !rustls
+ )
+ curl_ssl_gnutls? ( gnutls )
+ curl_ssl_mbedtls? ( mbedtls )
+ curl_ssl_openssl? ( openssl )
+ curl_ssl_rustls? ( rustls )
+ http3? ( alt-svc quic )
+"
+
+# cURL's docs and CI/CD are great resources for confirming supported versions
+# particulary for fast-moving targets like HTTP/2 and TCP/2 e.g.:
+# - https://github.com/curl/curl/blob/master/docs/INTERNALS.md (core dependencies + minimum versions)
+# - https://github.com/curl/curl/blob/master/docs/HTTP3.md (example of a feature that moves quickly)
+# - https://github.com/curl/curl/blob/master/.github/workflows/http3-linux.yml (CI/CD for TCP/2)
+# However 'supported' vs 'works' are two entirely different things; be sane but
+# don't be afraid to require a later version.
+# ngtcp2 = https://bugs.gentoo.org/912029 - can only build with one tls backend at a time.
+RDEPEND="
+ >=sys-libs/zlib-1.1.4[${MULTILIB_USEDEP}]
+ adns? ( >=net-dns/c-ares-1.16.0:=[${MULTILIB_USEDEP}] )
+ brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
+ http2? ( >=net-libs/nghttp2-1.15.0:=[${MULTILIB_USEDEP}] )
+ http3? ( >=net-libs/nghttp3-1.1.0[${MULTILIB_USEDEP}] )
+ idn? ( >=net-dns/libidn2-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
+ kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
+ ldap? ( >=net-nds/openldap-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
+ psl? ( net-libs/libpsl[${MULTILIB_USEDEP}] )
+ quic? (
+ curl_quic_openssl? ( >=dev-libs/openssl-3.3.0:=[quic,${MULTILIB_USEDEP}] )
+ curl_quic_ngtcp2? ( >=net-libs/ngtcp2-1.2.0[ssl,${MULTILIB_USEDEP}] )
+ )
+ rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
+ ssh? ( >=net-libs/libssh2-1.0.0[${MULTILIB_USEDEP}] )
+ ssl? (
+ gnutls? (
+ app-misc/ca-certificates
+ >=net-libs/gnutls-3.1.10:=[static-libs?,${MULTILIB_USEDEP}]
+ dev-libs/nettle:=[${MULTILIB_USEDEP}]
+ )
+ mbedtls? (
+ app-misc/ca-certificates
+ net-libs/mbedtls:=[${MULTILIB_USEDEP}]
+ )
+ openssl? (
+ >=dev-libs/openssl-0.9.7:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
+ )
+ rustls? (
+ >=net-libs/rustls-ffi-0.13.0:=[${MULTILIB_USEDEP}]
+ )
+ )
+ zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )
+"
+
+DEPEND="${RDEPEND}"
+
+BDEPEND="
+ dev-lang/perl
+ virtual/pkgconfig
+ test? (
+ sys-apps/diffutils
+ http2? ( >=net-libs/nghttp2-1.15.0:=[utils,${MULTILIB_USEDEP}] )
+ http3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] )
+ )
+ verify-sig? ( sec-keys/openpgp-keys-danielstenberg )
+"
+
+DOCS=( README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
+
+MULTILIB_WRAPPED_HEADERS=(
+ /usr/include/curl/curlbuild.h
+)
+
+MULTILIB_CHOST_TOOLS=(
+ /usr/bin/curl-config
+)
+
+QA_CONFIG_IMPL_DECL_SKIP=(
+ __builtin_available
+ closesocket
+ CloseSocket
+ getpass_r
+ ioctlsocket
+ IoctlSocket
+ mach_absolute_time
+ setmode
+ _fseeki64
+ # custom AC_LINK_IFELSE code fails to link even without -Werror
+ OSSL_QUIC_client_method
+)
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-prefix-2.patch
+ "${FILESDIR}"/${PN}-respect-cflags-3.patch
+)
+
+src_prepare() {
+ default
+
+ eprefixify curl-config.in
+ eautoreconf
+}
+
+multilib_src_configure() {
+ # We make use of the fact that later flags override earlier ones
+ # So start with all ssl providers off until proven otherwise
+ # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
+ local myconf=()
+
+ myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
+ if use ssl; then
+ myconf+=( --without-gnutls --without-mbedtls --without-rustls )
+
+ if use gnutls; then
+ multilib_is_native_abi && einfo "SSL provided by gnutls"
+ myconf+=( --with-gnutls )
+ fi
+ if use mbedtls; then
+ multilib_is_native_abi && einfo "SSL provided by mbedtls"
+ myconf+=( --with-mbedtls )
+ fi
+ if use openssl; then
+ multilib_is_native_abi && einfo "SSL provided by openssl"
+ myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
+ fi
+ if use rustls; then
+ multilib_is_native_abi && einfo "SSL provided by rustls"
+ myconf+=( --with-rustls )
+ fi
+ if use curl_ssl_gnutls; then
+ multilib_is_native_abi && einfo "Default SSL provided by gnutls"
+ myconf+=( --with-default-ssl-backend=gnutls )
+ elif use curl_ssl_mbedtls; then
+ multilib_is_native_abi && einfo "Default SSL provided by mbedtls"
+ myconf+=( --with-default-ssl-backend=mbedtls )
+ elif use curl_ssl_openssl; then
+ multilib_is_native_abi && einfo "Default SSL provided by openssl"
+ myconf+=( --with-default-ssl-backend=openssl )
+ elif use curl_ssl_rustls; then
+ multilib_is_native_abi && einfo "Default SSL provided by rustls"
+ myconf+=( --with-default-ssl-backend=rustls )
+ else
+ eerror "We can't be here because of REQUIRED_USE."
+ die "Please file a bug, hit impossible condition w/ USE=ssl handling."
+ fi
+
+ else
+ myconf+=( --without-ssl )
+ einfo "SSL disabled"
+ fi
+
+ # These configuration options are organized alphabetically
+ # within each category. This should make it easier if we
+ # ever decide to make any of them contingent on USE flags:
+ # 1) protocols first. To see them all do
+ # 'grep SUPPORT_PROTOCOLS configure.ac'
+ # 2) --enable/disable options second.
+ # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
+ # 3) --with/without options third.
+ # grep -- --with configure | grep Check | awk '{ print $4 }' | sort
+
+ myconf+=(
+ $(use_enable alt-svc)
+ --enable-basic-auth
+ --enable-bearer-auth
+ --enable-digest-auth
+ --enable-kerberos-auth
+ --enable-negotiate-auth
+ --enable-aws
+ --enable-dict
+ --disable-ech
+ --enable-file
+ $(use_enable ftp)
+ $(use_enable gopher)
+ $(use_enable hsts)
+ --enable-http
+ $(use_enable imap)
+ $(use_enable ldap)
+ $(use_enable ldap ldaps)
+ --enable-ntlm
+ $(use_enable pop3)
+ --enable-rt
+ --enable-rtsp
+ $(use_enable samba smb)
+ $(use_with ssh libssh2)
+ $(use_enable smtp)
+ $(use_enable telnet)
+ $(use_enable tftp)
+ --enable-tls-srp
+ $(use_enable adns ares)
+ --enable-cookies
+ --enable-dateparse
+ --enable-dnsshuffle
+ --enable-doh
+ --enable-symbol-hiding
+ --enable-http-auth
+ --enable-ipv6
+ --enable-largefile
+ --enable-manual
+ --enable-mime
+ --enable-netrc
+ $(use_enable progress-meter)
+ --enable-proxy
+ --enable-socketpair
+ --disable-sspi
+ $(use_enable static-libs static)
+ --enable-pthreads
+ --enable-threaded-resolver
+ --disable-versioned-symbols
+ --without-amissl
+ --without-bearssl
+ $(use_with brotli)
+ --with-fish-functions-dir="${EPREFIX}"/usr/share/fish/vendor_completions.d
+ $(use_with http2 nghttp2)
+ --without-hyper
+ $(use_with idn libidn2)
+ $(use_with kerberos gssapi "${EPREFIX}"/usr)
+ --without-libgsasl
+ $(use_with psl libpsl)
+ --without-msh3
+ $(use_with http3 nghttp3)
+ $(use_with curl_quic_ngtcp2 ngtcp2)
+ $(use_with curl_quic_openssl openssl-quic)
+ --without-quiche
+ $(use_with rtmp librtmp)
+ --without-schannel
+ --without-secure-transport
+ --without-test-caddy
+ --without-test-httpd
+ --without-test-nghttpx
+ $(use_enable websockets)
+ --without-winidn
+ --without-wolfssl
+ --with-zlib
+ $(use_with zstd)
+ --with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions
+ )
+
+ if use debug; then
+ myconf+=(
+ --enable-debug
+ )
+ fi
+
+ if use test && multilib_is_native_abi && ( use http2 || use http3 ); then
+ myconf+=(
+ --with-test-nghttpx="${BROOT}/usr/bin/nghttpx"
+ )
+ fi
+
+ if [[ ${CHOST} == *mingw* ]] ; then
+ myconf+=(
+ --disable-pthreads
+ )
+ fi
+
+ ECONF_SOURCE="${S}" econf "${myconf[@]}"
+
+ if ! multilib_is_native_abi; then
+ # Avoid building the client (we just want libcurl for multilib)
+ sed -i -e '/SUBDIRS/s:src::' Makefile || die
+ sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
+ fi
+
+}
+
+multilib_src_compile() {
+ default
+
+ if multilib_is_native_abi; then
+ # Shell completions
+ ! tc-is-cross-compiler && emake -C scripts
+ fi
+}
+
+# There is also a pytest harness that tests for bugs in some very specific
+# situations; we can rely on upstream for this rather than adding additional test deps.
+multilib_src_test() {
+ # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
+ # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
+ # -v: verbose
+ # -a: keep going on failure (so we see everything that breaks, not just 1st test)
+ # -k: keep test files after completion
+ # -am: automake style TAP output
+ # -p: print logs if test fails
+ # Note: if needed, we can skip specific tests. See e.g. Fedora's packaging
+ # or just read https://github.com/curl/curl/tree/master/tests#run.
+ # Note: we don't run the testsuite for cross-compilation.
+ # Upstream recommend 7*nproc as a starting point for parallel tests, but
+ # this ends up breaking when nproc is huge (like -j80).
+ # The network sandbox causes tests 241 and 1083 to fail; these are typically skipped
+ # as most gentoo users don't have an 'ip6-localhost'
+ multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p -j$((2*$(makeopts_jobs))) !241 !1083"
+}
+
+multilib_src_install() {
+ emake DESTDIR="${D}" install
+
+ if multilib_is_native_abi; then
+ # Shell completions
+ ! tc-is-cross-compiler && emake -C scripts DESTDIR="${D}" install
+ fi
+}
+
+multilib_src_install_all() {
+ einstalldocs
+ find "${ED}" -type f -name '*.la' -delete || die
+ rm -rf "${ED}"/etc/ || die
+}
+
+pkg_postinst() {
+ if use debug; then
+ ewarn "USE=debug has been selected, enabling debug codepaths and making cURL extra verbose."
+ ewarn "Use this _only_ for testing. Debug builds should _not_ be used in anger."
+ ewarn "hic sunt dracones; you have been warned."
+ fi
+}
diff --git a/net-misc/curl/curl-8.9.1-r1.ebuild b/net-misc/curl/curl-8.9.1-r1.ebuild
new file mode 100644
index 0000000..8f952f6
--- /dev/null
+++ b/net-misc/curl/curl-8.9.1-r1.ebuild
@@ -0,0 +1,382 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Maintainers should subscribe to the 'curl-distros' ML for backports etc
+# https://daniel.haxx.se/blog/2024/03/25/curl-distro-report/
+# https://lists.haxx.se/listinfo/curl-distros
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/danielstenberg.asc
+inherit autotools multilib-minimal multiprocessing prefix toolchain-funcs verify-sig
+
+DESCRIPTION="A Client that groks URLs"
+HOMEPAGE="https://curl.se/"
+
+if [[ ${PV} == 9999 ]]; then
+ inherit git-r3
+ EGIT_REPO_URI="https://github.com/curl/curl.git"
+else
+ SRC_URI="
+ https://curl.se/download/${P}.tar.xz
+ verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )
+ "
+ KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+fi
+
+LICENSE="BSD curl ISC test? ( BSD-4 )"
+SLOT="0"
+IUSE="+adns +alt-svc brotli debug +ftp gnutls gopher +hsts +http2 +http3 idn +imap kerberos ldap mbedtls +openssl +pop3"
+IUSE+=" +psl +progress-meter +quic rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd"
+# These select the default tls implementation / which quic impl to use
+IUSE+=" +curl_quic_openssl curl_quic_ngtcp2 curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls"
+RESTRICT="!test? ( test )"
+
+# Only one default ssl / quic provider can be enabled
+# The default provider needs its USE satisfied
+# HTTP/3 and MultiSSL are mutually exclusive; it's not clear if MultiSSL offers any benefit at all in the modern day.
+# https://github.com/curl/curl/commit/65ece771f4602107d9cdd339dff4b420280a2c2e
+REQUIRED_USE="
+ quic? (
+ ^^ (
+ curl_quic_openssl
+ curl_quic_ngtcp2
+ )
+ http3
+ ssl
+ )
+ ssl? (
+ ^^ (
+ curl_ssl_gnutls
+ curl_ssl_mbedtls
+ curl_ssl_openssl
+ curl_ssl_rustls
+ )
+ )
+ curl_quic_openssl? (
+ curl_ssl_openssl
+ quic
+ !gnutls
+ !mbedtls
+ !rustls
+ )
+ curl_quic_ngtcp2? (
+ quic
+ !mbedtls
+ !rustls
+ )
+ curl_ssl_gnutls? ( gnutls )
+ curl_ssl_mbedtls? ( mbedtls )
+ curl_ssl_openssl? ( openssl )
+ curl_ssl_rustls? ( rustls )
+ http3? ( alt-svc quic )
+"
+
+# cURL's docs and CI/CD are great resources for confirming supported versions
+# particulary for fast-moving targets like HTTP/2 and TCP/2 e.g.:
+# - https://github.com/curl/curl/blob/master/docs/INTERNALS.md (core dependencies + minimum versions)
+# - https://github.com/curl/curl/blob/master/docs/HTTP3.md (example of a feature that moves quickly)
+# - https://github.com/curl/curl/blob/master/.github/workflows/quiche-linux.yml (CI/CD for TCP/2)
+# However 'supported' vs 'works' are two entirely different things; be sane but
+# don't be afraid to require a later version.
+# ngtcp2 = https://bugs.gentoo.org/912029 - can only build with one tls backend at a time.
+RDEPEND="
+ >=sys-libs/zlib-1.1.4[${MULTILIB_USEDEP}]
+ adns? ( >=net-dns/c-ares-1.16.0:=[${MULTILIB_USEDEP}] )
+ brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
+ http2? ( >=net-libs/nghttp2-1.15.0:=[${MULTILIB_USEDEP}] )
+ http3? ( >=net-libs/nghttp3-1.1.0[${MULTILIB_USEDEP}] )
+ idn? ( >=net-dns/libidn2-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
+ kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
+ ldap? ( >=net-nds/openldap-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
+ psl? ( net-libs/libpsl[${MULTILIB_USEDEP}] )
+ quic? (
+ curl_quic_openssl? ( >=dev-libs/openssl-3.3.0:=[quic,${MULTILIB_USEDEP}] )
+ curl_quic_ngtcp2? ( >=net-libs/ngtcp2-1.2.0[ssl,${MULTILIB_USEDEP}] )
+ )
+ rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
+ ssh? ( >=net-libs/libssh2-1.0.0[${MULTILIB_USEDEP}] )
+ ssl? (
+ gnutls? (
+ app-misc/ca-certificates
+ >=net-libs/gnutls-3.1.10:=[static-libs?,${MULTILIB_USEDEP}]
+ dev-libs/nettle:=[${MULTILIB_USEDEP}]
+ )
+ mbedtls? (
+ app-misc/ca-certificates
+ net-libs/mbedtls:=[${MULTILIB_USEDEP}]
+ )
+ openssl? (
+ >=dev-libs/openssl-0.9.7:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
+ )
+ rustls? (
+ >=net-libs/rustls-ffi-0.13.0:=[${MULTILIB_USEDEP}]
+ )
+ )
+ zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )
+"
+
+DEPEND="${RDEPEND}"
+
+BDEPEND="
+ dev-lang/perl
+ virtual/pkgconfig
+ test? (
+ sys-apps/diffutils
+ http2? ( >=net-libs/nghttp2-1.15.0:=[utils,${MULTILIB_USEDEP}] )
+ http3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] )
+ )
+ verify-sig? ( sec-keys/openpgp-keys-danielstenberg )
+"
+
+DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
+
+MULTILIB_WRAPPED_HEADERS=(
+ /usr/include/curl/curlbuild.h
+)
+
+MULTILIB_CHOST_TOOLS=(
+ /usr/bin/curl-config
+)
+
+QA_CONFIG_IMPL_DECL_SKIP=(
+ __builtin_available
+ closesocket
+ CloseSocket
+ getpass_r
+ ioctlsocket
+ IoctlSocket
+ mach_absolute_time
+ setmode
+ _fseeki64
+ # custom AC_LINK_IFELSE code fails to link even without -Werror
+ OSSL_QUIC_client_method
+)
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-prefix-2.patch
+ "${FILESDIR}"/${PN}-respect-cflags-3.patch
+ "${FILESDIR}"/${PN}-8.9.1-sigpipe.patch
+)
+
+src_prepare() {
+ default
+
+ eprefixify curl-config.in
+ eautoreconf
+}
+
+multilib_src_configure() {
+ # We make use of the fact that later flags override earlier ones
+ # So start with all ssl providers off until proven otherwise
+ # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
+ local myconf=()
+
+ myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
+ if use ssl; then
+ myconf+=( --without-gnutls --without-mbedtls --without-rustls )
+
+ if use gnutls; then
+ multilib_is_native_abi && einfo "SSL provided by gnutls"
+ myconf+=( --with-gnutls )
+ fi
+ if use mbedtls; then
+ multilib_is_native_abi && einfo "SSL provided by mbedtls"
+ myconf+=( --with-mbedtls )
+ fi
+ if use openssl; then
+ multilib_is_native_abi && einfo "SSL provided by openssl"
+ myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
+ fi
+ if use rustls; then
+ multilib_is_native_abi && einfo "SSL provided by rustls"
+ myconf+=( --with-rustls )
+ fi
+ if use curl_ssl_gnutls; then
+ multilib_is_native_abi && einfo "Default SSL provided by gnutls"
+ myconf+=( --with-default-ssl-backend=gnutls )
+ elif use curl_ssl_mbedtls; then
+ multilib_is_native_abi && einfo "Default SSL provided by mbedtls"
+ myconf+=( --with-default-ssl-backend=mbedtls )
+ elif use curl_ssl_openssl; then
+ multilib_is_native_abi && einfo "Default SSL provided by openssl"
+ myconf+=( --with-default-ssl-backend=openssl )
+ elif use curl_ssl_rustls; then
+ multilib_is_native_abi && einfo "Default SSL provided by rustls"
+ myconf+=( --with-default-ssl-backend=rustls )
+ else
+ eerror "We can't be here because of REQUIRED_USE."
+ die "Please file a bug, hit impossible condition w/ USE=ssl handling."
+ fi
+
+ else
+ myconf+=( --without-ssl )
+ einfo "SSL disabled"
+ fi
+
+ # These configuration options are organized alphabetically
+ # within each category. This should make it easier if we
+ # ever decide to make any of them contingent on USE flags:
+ # 1) protocols first. To see them all do
+ # 'grep SUPPORT_PROTOCOLS configure.ac'
+ # 2) --enable/disable options second.
+ # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
+ # 3) --with/without options third.
+ # grep -- --with configure | grep Check | awk '{ print $4 }' | sort
+
+ myconf+=(
+ $(use_enable alt-svc)
+ --enable-basic-auth
+ --enable-bearer-auth
+ --enable-digest-auth
+ --enable-kerberos-auth
+ --enable-negotiate-auth
+ --enable-aws
+ --enable-dict
+ --disable-ech
+ --enable-file
+ $(use_enable ftp)
+ $(use_enable gopher)
+ $(use_enable hsts)
+ --enable-http
+ $(use_enable imap)
+ $(use_enable ldap)
+ $(use_enable ldap ldaps)
+ --enable-ntlm
+ $(use_enable pop3)
+ --enable-rt
+ --enable-rtsp
+ $(use_enable samba smb)
+ $(use_with ssh libssh2)
+ $(use_enable smtp)
+ $(use_enable telnet)
+ $(use_enable tftp)
+ --enable-tls-srp
+ $(use_enable adns ares)
+ --enable-cookies
+ --enable-dateparse
+ --enable-dnsshuffle
+ --enable-doh
+ --enable-symbol-hiding
+ --enable-http-auth
+ --enable-ipv6
+ --enable-largefile
+ --enable-manual
+ --enable-mime
+ --enable-netrc
+ $(use_enable progress-meter)
+ --enable-proxy
+ --enable-socketpair
+ --disable-sspi
+ $(use_enable static-libs static)
+ --enable-pthreads
+ --enable-threaded-resolver
+ --disable-versioned-symbols
+ --without-amissl
+ --without-bearssl
+ $(use_with brotli)
+ --with-fish-functions-dir="${EPREFIX}"/usr/share/fish/vendor_completions.d
+ $(use_with http2 nghttp2)
+ --without-hyper
+ $(use_with idn libidn2)
+ $(use_with kerberos gssapi "${EPREFIX}"/usr)
+ --without-libgsasl
+ $(use_with psl libpsl)
+ --without-msh3
+ $(use_with http3 nghttp3)
+ $(use_with curl_quic_ngtcp2 ngtcp2)
+ $(use_with curl_quic_openssl openssl-quic)
+ --without-quiche
+ $(use_with rtmp librtmp)
+ --without-schannel
+ --without-secure-transport
+ --without-test-caddy
+ --without-test-httpd
+ --without-test-nghttpx
+ $(use_enable websockets)
+ --without-winidn
+ --without-wolfssl
+ --with-zlib
+ $(use_with zstd)
+ --with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions
+ )
+
+ if use debug; then
+ myconf+=(
+ --enable-debug
+ )
+ fi
+
+ if use test && multilib_is_native_abi && ( use http2 || use http3 ); then
+ myconf+=(
+ --with-test-nghttpx="${BROOT}/usr/bin/nghttpx"
+ )
+ fi
+
+ if [[ ${CHOST} == *mingw* ]] ; then
+ myconf+=(
+ --disable-pthreads
+ )
+ fi
+
+ ECONF_SOURCE="${S}" econf "${myconf[@]}"
+
+ if ! multilib_is_native_abi; then
+ # Avoid building the client (we just want libcurl for multilib)
+ sed -i -e '/SUBDIRS/s:src::' Makefile || die
+ sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
+ fi
+
+}
+
+multilib_src_compile() {
+ default
+
+ if multilib_is_native_abi; then
+ # Shell completions
+ ! tc-is-cross-compiler && emake -C scripts
+ fi
+}
+
+# There is also a pytest harness that tests for bugs in some very specific
+# situations; we can rely on upstream for this rather than adding additional test deps.
+multilib_src_test() {
+ # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
+ # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
+ # -v: verbose
+ # -a: keep going on failure (so we see everything which breaks, not just 1st test)
+ # -k: keep test files after completion
+ # -am: automake style TAP output
+ # -p: print logs if test fails
+ # Note: if needed, we can skip specific tests. See e.g. Fedora's packaging
+ # or just read https://github.com/curl/curl/tree/master/tests#run.
+ # Note: we don't run the testsuite for cross-compilation.
+ # Upstream recommend 7*nproc as a starting point for parallel tests, but
+ # this ends up breaking when nproc is huge (like -j80).
+ # The network sandbox causes tests 241 and 1083 to fail; these are typically skipped
+ # as most gentoo users don't have an 'ip6-localhost'
+ multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p -j$((2*$(makeopts_jobs))) !241 !1083"
+}
+
+multilib_src_install() {
+ emake DESTDIR="${D}" install
+
+ if multilib_is_native_abi; then
+ # Shell completions
+ ! tc-is-cross-compiler && emake -C scripts DESTDIR="${D}" install
+ fi
+}
+
+multilib_src_install_all() {
+ einstalldocs
+ find "${ED}" -type f -name '*.la' -delete || die
+ rm -rf "${ED}"/etc/ || die
+}
+
+pkg_postinst() {
+ if use debug; then
+ ewarn "USE=debug has been selected, enabling debug codepaths and making cURL extra verbose."
+ ewarn "Use this _only_ for testing. Debug builds should _not_ be used in anger."
+ ewarn "hic sunt dracones; you have been warned."
+ fi
+}
diff --git a/net-misc/curl/files/curl-8.7.1-chunked-post.patch b/net-misc/curl/files/curl-8.7.1-chunked-post.patch
new file mode 100644
index 0000000..9d1fef7
--- /dev/null
+++ b/net-misc/curl/files/curl-8.7.1-chunked-post.patch
@@ -0,0 +1,57 @@
+https://github.com/curl/curl/commit/721941aadf4adf4f6aeb3f4c0ab489bb89610c36
+From: Stefan Eissing <stefan@eissing.org>
+Date: Mon, 1 Apr 2024 15:41:18 +0200
+Subject: [PATCH] http: with chunked POST forced, disable length check on read
+ callback
+
+- when an application forces HTTP/1.1 chunked transfer encoding
+ by setting the corresponding header and instructs curl to use
+ the CURLOPT_READFUNCTION, disregard any POST length information.
+- this establishes backward compatibility with previous curl versions
+
+Applications are encouraged to not force "chunked", but rather
+set length information for a POST. By setting -1, curl will
+auto-select chunked on HTTP/1.1 and work properly on other HTTP
+versions.
+
+Reported-by: Jeff King
+Fixes #13229
+Closes #13257
+--- a/lib/http.c
++++ b/lib/http.c
+@@ -2046,8 +2046,19 @@ static CURLcode set_reader(struct Curl_easy *data, Curl_HttpReq httpreq)
+ else
+ result = Curl_creader_set_null(data);
+ }
+- else { /* we read the bytes from the callback */
+- result = Curl_creader_set_fread(data, postsize);
++ else {
++ /* we read the bytes from the callback. In case "chunked" encoding
++ * is forced by the application, we disregard `postsize`. This is
++ * a backward compatibility decision to earlier versions where
++ * chunking disregarded this. See issue #13229. */
++ bool chunked = FALSE;
++ char *ptr = Curl_checkheaders(data, STRCONST("Transfer-Encoding"));
++ if(ptr) {
++ /* Some kind of TE is requested, check if 'chunked' is chosen */
++ chunked = Curl_compareheader(ptr, STRCONST("Transfer-Encoding:"),
++ STRCONST("chunked"));
++ }
++ result = Curl_creader_set_fread(data, chunked? -1 : postsize);
+ }
+ return result;
+
+@@ -2115,6 +2126,13 @@ CURLcode Curl_http_req_set_reader(struct Curl_easy *data,
+ data->req.upload_chunky =
+ Curl_compareheader(ptr,
+ STRCONST("Transfer-Encoding:"), STRCONST("chunked"));
++ if(data->req.upload_chunky &&
++ Curl_use_http_1_1plus(data, data->conn) &&
++ (data->conn->httpversion >= 20)) {
++ infof(data, "suppressing chunked transfer encoding on connection "
++ "using HTTP version 2 or higher");
++ data->req.upload_chunky = FALSE;
++ }
+ }
+ else {
+ curl_off_t req_clen = Curl_creader_total_length(data);
diff --git a/net-misc/curl/files/curl-8.7.1-fix-compress-option.patch b/net-misc/curl/files/curl-8.7.1-fix-compress-option.patch
new file mode 100644
index 0000000..a06a537
--- /dev/null
+++ b/net-misc/curl/files/curl-8.7.1-fix-compress-option.patch
@@ -0,0 +1,153 @@
+https://github.com/curl/curl/commit/b30d694a027eb771c02a3db0dee0ca03ccab7377
+From: Stefan Eissing <stefan@eissing.org>
+Date: Thu, 28 Mar 2024 11:08:15 +0100
+Subject: [PATCH] content_encoding: brotli and others, pass through 0-length
+ writes
+
+- curl's transfer handling may write 0-length chunks at the end of the
+ download with an EOS flag. (HTTP/2 does this commonly)
+
+- content encoders need to pass-through such a write and not count this
+ as error in case they are finished decoding
+
+Fixes #13209
+Fixes #13212
+Closes #13219
+--- a/lib/content_encoding.c
++++ b/lib/content_encoding.c
+@@ -300,7 +300,7 @@ static CURLcode deflate_do_write(struct Curl_easy *data,
+ struct zlib_writer *zp = (struct zlib_writer *) writer;
+ z_stream *z = &zp->z; /* zlib state structure */
+
+- if(!(type & CLIENTWRITE_BODY))
++ if(!(type & CLIENTWRITE_BODY) || !nbytes)
+ return Curl_cwriter_write(data, writer->next, type, buf, nbytes);
+
+ /* Set the compressed input when this function is called */
+@@ -457,7 +457,7 @@ static CURLcode gzip_do_write(struct Curl_easy *data,
+ struct zlib_writer *zp = (struct zlib_writer *) writer;
+ z_stream *z = &zp->z; /* zlib state structure */
+
+- if(!(type & CLIENTWRITE_BODY))
++ if(!(type & CLIENTWRITE_BODY) || !nbytes)
+ return Curl_cwriter_write(data, writer->next, type, buf, nbytes);
+
+ if(zp->zlib_init == ZLIB_INIT_GZIP) {
+@@ -669,7 +669,7 @@ static CURLcode brotli_do_write(struct Curl_easy *data,
+ CURLcode result = CURLE_OK;
+ BrotliDecoderResult r = BROTLI_DECODER_RESULT_NEEDS_MORE_OUTPUT;
+
+- if(!(type & CLIENTWRITE_BODY))
++ if(!(type & CLIENTWRITE_BODY) || !nbytes)
+ return Curl_cwriter_write(data, writer->next, type, buf, nbytes);
+
+ if(!bp->br)
+@@ -762,7 +762,7 @@ static CURLcode zstd_do_write(struct Curl_easy *data,
+ ZSTD_outBuffer out;
+ size_t errorCode;
+
+- if(!(type & CLIENTWRITE_BODY))
++ if(!(type & CLIENTWRITE_BODY) || !nbytes)
+ return Curl_cwriter_write(data, writer->next, type, buf, nbytes);
+
+ if(!zp->decomp) {
+@@ -916,7 +916,7 @@ static CURLcode error_do_write(struct Curl_easy *data,
+ (void) buf;
+ (void) nbytes;
+
+- if(!(type & CLIENTWRITE_BODY))
++ if(!(type & CLIENTWRITE_BODY) || !nbytes)
+ return Curl_cwriter_write(data, writer->next, type, buf, nbytes);
+
+ failf(data, "Unrecognized content encoding type. "
+--- a/tests/http/test_02_download.py
++++ b/tests/http/test_02_download.py
+@@ -394,6 +394,19 @@ def test_02_27_paused_no_cl(self, env: Env, httpd, nghttpx, repeat):
+ r = client.run(args=[url])
+ r.check_exit_code(0)
+
++ @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])
++ def test_02_28_get_compressed(self, env: Env, httpd, nghttpx, repeat, proto):
++ if proto == 'h3' and not env.have_h3():
++ pytest.skip("h3 not supported")
++ count = 1
++ urln = f'https://{env.authority_for(env.domain1brotli, proto)}/data-100k?[0-{count-1}]'
++ curl = CurlClient(env=env)
++ r = curl.http_download(urls=[urln], alpn_proto=proto, extra_args=[
++ '--compressed'
++ ])
++ r.check_exit_code(code=0)
++ r.check_response(count=count, http_status=200)
++
+ def check_downloads(self, client, srcfile: str, count: int,
+ complete: bool = True):
+ for i in range(count):
+--- a/tests/http/testenv/env.py
++++ b/tests/http/testenv/env.py
+@@ -129,10 +129,11 @@ def __init__(self):
+ self.htdocs_dir = os.path.join(self.gen_dir, 'htdocs')
+ self.tld = 'http.curl.se'
+ self.domain1 = f"one.{self.tld}"
++ self.domain1brotli = f"brotli.one.{self.tld}"
+ self.domain2 = f"two.{self.tld}"
+ self.proxy_domain = f"proxy.{self.tld}"
+ self.cert_specs = [
+- CertificateSpec(domains=[self.domain1, 'localhost'], key_type='rsa2048'),
++ CertificateSpec(domains=[self.domain1, self.domain1brotli, 'localhost'], key_type='rsa2048'),
+ CertificateSpec(domains=[self.domain2], key_type='rsa2048'),
+ CertificateSpec(domains=[self.proxy_domain, '127.0.0.1'], key_type='rsa2048'),
+ CertificateSpec(name="clientsX", sub_specs=[
+@@ -376,6 +377,10 @@ def htdocs_dir(self) -> str:
+ def domain1(self) -> str:
+ return self.CONFIG.domain1
+
++ @property
++ def domain1brotli(self) -> str:
++ return self.CONFIG.domain1brotli
++
+ @property
+ def domain2(self) -> str:
+ return self.CONFIG.domain2
+--- a/tests/http/testenv/httpd.py
++++ b/tests/http/testenv/httpd.py
+@@ -50,6 +50,7 @@ class Httpd:
+ 'alias', 'env', 'filter', 'headers', 'mime', 'setenvif',
+ 'socache_shmcb',
+ 'rewrite', 'http2', 'ssl', 'proxy', 'proxy_http', 'proxy_connect',
++ 'brotli',
+ 'mpm_event',
+ ]
+ COMMON_MODULES_DIRS = [
+@@ -203,6 +204,7 @@ def _mkpath(self, path):
+
+ def _write_config(self):
+ domain1 = self.env.domain1
++ domain1brotli = self.env.domain1brotli
+ creds1 = self.env.get_credentials(domain1)
+ domain2 = self.env.domain2
+ creds2 = self.env.get_credentials(domain2)
+@@ -285,6 +287,24 @@ def _write_config(self):
+ f'</VirtualHost>',
+ f'',
+ ])
++ # Alternate to domain1 with BROTLI compression
++ conf.extend([ # https host for domain1, h1 + h2
++ f'<VirtualHost *:{self.env.https_port}>',
++ f' ServerName {domain1brotli}',
++ f' Protocols h2 http/1.1',
++ f' SSLEngine on',
++ f' SSLCertificateFile {creds1.cert_file}',
++ f' SSLCertificateKeyFile {creds1.pkey_file}',
++ f' DocumentRoot "{self._docs_dir}"',
++ f' SetOutputFilter BROTLI_COMPRESS',
++ ])
++ conf.extend(self._curltest_conf(domain1))
++ if domain1 in self._extra_configs:
++ conf.extend(self._extra_configs[domain1])
++ conf.extend([
++ f'</VirtualHost>',
++ f'',
++ ])
+ conf.extend([ # https host for domain2, no h2
+ f'<VirtualHost *:{self.env.https_port}>',
+ f' ServerName {domain2}',
diff --git a/net-misc/curl/files/curl-8.7.1-http2-git-clone.patch b/net-misc/curl/files/curl-8.7.1-http2-git-clone.patch
new file mode 100644
index 0000000..b07a3b0
--- /dev/null
+++ b/net-misc/curl/files/curl-8.7.1-http2-git-clone.patch
@@ -0,0 +1,342 @@
+https://bugs.gentoo.org/930633
+https://github.com/curl/curl/issues/13474
+--- a/lib/http2.c
++++ b/lib/http2.c
+@@ -187,6 +187,7 @@ struct h2_stream_ctx {
+
+ int status_code; /* HTTP response status code */
+ uint32_t error; /* stream error code */
++ CURLcode xfer_result; /* Result of writing out response */
+ uint32_t local_window_size; /* the local recv window size */
+ int32_t id; /* HTTP/2 protocol identifier for stream */
+ BIT(resp_hds_complete); /* we have a complete, final response */
+@@ -945,12 +946,39 @@ fail:
+ return rv;
+ }
+
+-static CURLcode recvbuf_write_hds(struct Curl_cfilter *cf,
++static void h2_xfer_write_resp_hd(struct Curl_cfilter *cf,
+ struct Curl_easy *data,
+- const char *buf, size_t blen)
++ struct h2_stream_ctx *stream,
++ const char *buf, size_t blen, bool eos)
+ {
+- (void)cf;
+- return Curl_xfer_write_resp(data, (char *)buf, blen, FALSE);
++
++ /* If we already encountered an error, skip further writes */
++ if(!stream->xfer_result) {
++ stream->xfer_result = Curl_xfer_write_resp(data, (char *)buf, blen, eos);
++ if(stream->xfer_result)
++ CURL_TRC_CF(data, cf, "[%d] error %d writing %zu bytes of headers",
++ stream->id, stream->xfer_result, blen);
++ }
++}
++
++static void h2_xfer_write_resp(struct Curl_cfilter *cf,
++ struct Curl_easy *data,
++ struct h2_stream_ctx *stream,
++ const char *buf, size_t blen, bool eos)
++{
++
++ /* If we already encountered an error, skip further writes */
++ if(!stream->xfer_result)
++ stream->xfer_result = Curl_xfer_write_resp(data, (char *)buf, blen, eos);
++ /* If the transfer write is errored, we do not want any more data */
++ if(stream->xfer_result) {
++ struct cf_h2_ctx *ctx = cf->ctx;
++ CURL_TRC_CF(data, cf, "[%d] error %d writing %zu bytes of data, "
++ "RST-ing stream",
++ stream->id, stream->xfer_result, blen);
++ nghttp2_submit_rst_stream(ctx->h2, 0, stream->id,
++ NGHTTP2_ERR_CALLBACK_FAILURE);
++ }
+ }
+
+ static CURLcode on_stream_frame(struct Curl_cfilter *cf,
+@@ -960,7 +988,6 @@ static CURLcode on_stream_frame(struct Curl_cfilter *cf,
+ struct cf_h2_ctx *ctx = cf->ctx;
+ struct h2_stream_ctx *stream = H2_STREAM_CTX(data);
+ int32_t stream_id = frame->hd.stream_id;
+- CURLcode result;
+ int rv;
+
+ if(!stream) {
+@@ -1008,9 +1035,7 @@ static CURLcode on_stream_frame(struct Curl_cfilter *cf,
+ stream->status_code = -1;
+ }
+
+- result = recvbuf_write_hds(cf, data, STRCONST("\r\n"));
+- if(result)
+- return result;
++ h2_xfer_write_resp_hd(cf, data, stream, STRCONST("\r\n"), stream->closed);
+
+ if(stream->status_code / 100 != 1) {
+ stream->resp_hds_complete = TRUE;
+@@ -1229,7 +1254,6 @@ static int on_data_chunk_recv(nghttp2_session *session, uint8_t flags,
+ struct cf_h2_ctx *ctx = cf->ctx;
+ struct h2_stream_ctx *stream;
+ struct Curl_easy *data_s;
+- CURLcode result;
+ (void)flags;
+
+ DEBUGASSERT(stream_id); /* should never be a zero stream ID here */
+@@ -1252,9 +1276,7 @@ static int on_data_chunk_recv(nghttp2_session *session, uint8_t flags,
+ if(!stream)
+ return NGHTTP2_ERR_CALLBACK_FAILURE;
+
+- result = Curl_xfer_write_resp(data_s, (char *)mem, len, FALSE);
+- if(result && result != CURLE_AGAIN)
+- return NGHTTP2_ERR_CALLBACK_FAILURE;
++ h2_xfer_write_resp(cf, data_s, stream, (char *)mem, len, FALSE);
+
+ nghttp2_session_consume(ctx->h2, stream_id, len);
+ stream->nrcvd_data += (curl_off_t)len;
+@@ -1465,16 +1487,12 @@ static int on_header(nghttp2_session *session, const nghttp2_frame *frame,
+ result = Curl_headers_push(data_s, buffer, CURLH_PSEUDO);
+ if(result)
+ return NGHTTP2_ERR_CALLBACK_FAILURE;
+- result = recvbuf_write_hds(cf, data_s, STRCONST("HTTP/2 "));
+- if(result)
+- return NGHTTP2_ERR_CALLBACK_FAILURE;
+- result = recvbuf_write_hds(cf, data_s, (const char *)value, valuelen);
+- if(result)
+- return NGHTTP2_ERR_CALLBACK_FAILURE;
++ h2_xfer_write_resp_hd(cf, data_s, stream, STRCONST("HTTP/2 "), FALSE);
++ h2_xfer_write_resp_hd(cf, data_s, stream,
++ (const char *)value, valuelen, FALSE);
+ /* the space character after the status code is mandatory */
+- result = recvbuf_write_hds(cf, data_s, STRCONST(" \r\n"));
+- if(result)
+- return NGHTTP2_ERR_CALLBACK_FAILURE;
++ h2_xfer_write_resp_hd(cf, data_s, stream, STRCONST(" \r\n"), FALSE);
++
+ /* if we receive data for another handle, wake that up */
+ if(CF_DATA_CURRENT(cf) != data_s)
+ Curl_expire(data_s, 0, EXPIRE_RUN_NOW);
+@@ -1487,18 +1505,13 @@ static int on_header(nghttp2_session *session, const nghttp2_frame *frame,
+ /* nghttp2 guarantees that namelen > 0, and :status was already
+ received, and this is not pseudo-header field . */
+ /* convert to an HTTP1-style header */
+- result = recvbuf_write_hds(cf, data_s, (const char *)name, namelen);
+- if(result)
+- return NGHTTP2_ERR_CALLBACK_FAILURE;
+- result = recvbuf_write_hds(cf, data_s, STRCONST(": "));
+- if(result)
+- return NGHTTP2_ERR_CALLBACK_FAILURE;
+- result = recvbuf_write_hds(cf, data_s, (const char *)value, valuelen);
+- if(result)
+- return NGHTTP2_ERR_CALLBACK_FAILURE;
+- result = recvbuf_write_hds(cf, data_s, STRCONST("\r\n"));
+- if(result)
+- return NGHTTP2_ERR_CALLBACK_FAILURE;
++ h2_xfer_write_resp_hd(cf, data_s, stream,
++ (const char *)name, namelen, FALSE);
++ h2_xfer_write_resp_hd(cf, data_s, stream, STRCONST(": "), FALSE);
++ h2_xfer_write_resp_hd(cf, data_s, stream,
++ (const char *)value, valuelen, FALSE);
++ h2_xfer_write_resp_hd(cf, data_s, stream, STRCONST("\r\n"), FALSE);
++
+ /* if we receive data for another handle, wake that up */
+ if(CF_DATA_CURRENT(cf) != data_s)
+ Curl_expire(data_s, 0, EXPIRE_RUN_NOW);
+@@ -1799,7 +1812,12 @@ static ssize_t stream_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
+
+ (void)buf;
+ *err = CURLE_AGAIN;
+- if(stream->closed) {
++ if(stream->xfer_result) {
++ CURL_TRC_CF(data, cf, "[%d] xfer write failed", stream->id);
++ *err = stream->xfer_result;
++ nread = -1;
++ }
++ else if(stream->closed) {
+ CURL_TRC_CF(data, cf, "[%d] returning CLOSE", stream->id);
+ nread = http2_handle_stream_close(cf, data, stream, err);
+ }
+--- a/lib/vquic/curl_ngtcp2.c
++++ b/lib/vquic/curl_ngtcp2.c
+@@ -152,6 +152,7 @@ struct h3_stream_ctx {
+ uint64_t error3; /* HTTP/3 stream error code */
+ curl_off_t upload_left; /* number of request bytes left to upload */
+ int status_code; /* HTTP status code */
++ CURLcode xfer_result; /* result from xfer_resp_write(_hd) */
+ bool resp_hds_complete; /* we have a complete, final response */
+ bool closed; /* TRUE on stream close */
+ bool reset; /* TRUE on stream reset */
+@@ -759,10 +760,39 @@ static int cb_h3_stream_close(nghttp3_conn *conn, int64_t stream_id,
+ return 0;
+ }
+
+-static CURLcode write_resp_hds(struct Curl_easy *data,
+- const char *buf, size_t blen)
++static void h3_xfer_write_resp_hd(struct Curl_cfilter *cf,
++ struct Curl_easy *data,
++ struct h3_stream_ctx *stream,
++ const char *buf, size_t blen, bool eos)
+ {
+- return Curl_xfer_write_resp(data, (char *)buf, blen, FALSE);
++
++ /* If we already encountered an error, skip further writes */
++ if(!stream->xfer_result) {
++ stream->xfer_result = Curl_xfer_write_resp(data, (char *)buf, blen, eos);
++ if(stream->xfer_result)
++ CURL_TRC_CF(data, cf, "[%"PRId64"] error %d writing %zu "
++ "bytes of headers", stream->id, stream->xfer_result, blen);
++ }
++}
++
++static void h3_xfer_write_resp(struct Curl_cfilter *cf,
++ struct Curl_easy *data,
++ struct h3_stream_ctx *stream,
++ const char *buf, size_t blen, bool eos)
++{
++
++ /* If we already encountered an error, skip further writes */
++ if(!stream->xfer_result)
++ stream->xfer_result = Curl_xfer_write_resp(data, (char *)buf, blen, eos);
++ /* If the transfer write is errored, we do not want any more data */
++ if(stream->xfer_result) {
++ struct cf_ngtcp2_ctx *ctx = cf->ctx;
++ CURL_TRC_CF(data, cf, "[%"PRId64"] error %d writing %zu bytes "
++ "of data, cancelling stream",
++ stream->id, stream->xfer_result, blen);
++ nghttp3_conn_close_stream(ctx->h3conn, stream->id,
++ NGHTTP3_H3_REQUEST_CANCELLED);
++ }
+ }
+
+ static int cb_h3_recv_data(nghttp3_conn *conn, int64_t stream3_id,
+@@ -773,7 +803,6 @@ static int cb_h3_recv_data(nghttp3_conn *conn, int64_t stream3_id,
+ struct cf_ngtcp2_ctx *ctx = cf->ctx;
+ struct Curl_easy *data = stream_user_data;
+ struct h3_stream_ctx *stream = H3_STREAM_CTX(data);
+- CURLcode result;
+
+ (void)conn;
+ (void)stream3_id;
+@@ -781,12 +810,7 @@ static int cb_h3_recv_data(nghttp3_conn *conn, int64_t stream3_id,
+ if(!stream)
+ return NGHTTP3_ERR_CALLBACK_FAILURE;
+
+- result = Curl_xfer_write_resp(data, (char *)buf, blen, FALSE);
+- if(result) {
+- CURL_TRC_CF(data, cf, "[%" PRId64 "] DATA len=%zu, ERROR receiving %d",
+- stream->id, blen, result);
+- return NGHTTP3_ERR_CALLBACK_FAILURE;
+- }
++ h3_xfer_write_resp(cf, data, stream, (char *)buf, blen, FALSE);
+ if(blen) {
+ CURL_TRC_CF(data, cf, "[%" PRId64 "] ACK %zu bytes of DATA",
+ stream->id, blen);
+@@ -819,7 +843,6 @@ static int cb_h3_end_headers(nghttp3_conn *conn, int64_t stream_id,
+ struct Curl_cfilter *cf = user_data;
+ struct Curl_easy *data = stream_user_data;
+ struct h3_stream_ctx *stream = H3_STREAM_CTX(data);
+- CURLcode result = CURLE_OK;
+ (void)conn;
+ (void)stream_id;
+ (void)fin;
+@@ -828,10 +851,7 @@ static int cb_h3_end_headers(nghttp3_conn *conn, int64_t stream_id,
+ if(!stream)
+ return 0;
+ /* add a CRLF only if we've received some headers */
+- result = write_resp_hds(data, "\r\n", 2);
+- if(result) {
+- return -1;
+- }
++ h3_xfer_write_resp_hd(cf, data, stream, STRCONST("\r\n"), stream->closed);
+
+ CURL_TRC_CF(data, cf, "[%" PRId64 "] end_headers, status=%d",
+ stream_id, stream->status_code);
+@@ -874,7 +894,7 @@ static int cb_h3_recv_header(nghttp3_conn *conn, int64_t stream_id,
+ ncopy = msnprintf(line, sizeof(line), "HTTP/3 %03d \r\n",
+ stream->status_code);
+ CURL_TRC_CF(data, cf, "[%" PRId64 "] status: %s", stream_id, line);
+- result = write_resp_hds(data, line, ncopy);
++ h3_xfer_write_resp_hd(cf, data, stream, line, ncopy, FALSE);
+ if(result) {
+ return -1;
+ }
+@@ -884,22 +904,12 @@ static int cb_h3_recv_header(nghttp3_conn *conn, int64_t stream_id,
+ CURL_TRC_CF(data, cf, "[%" PRId64 "] header: %.*s: %.*s",
+ stream_id, (int)h3name.len, h3name.base,
+ (int)h3val.len, h3val.base);
+- result = write_resp_hds(data, (const char *)h3name.base, h3name.len);
+- if(result) {
+- return -1;
+- }
+- result = write_resp_hds(data, ": ", 2);
+- if(result) {
+- return -1;
+- }
+- result = write_resp_hds(data, (const char *)h3val.base, h3val.len);
+- if(result) {
+- return -1;
+- }
+- result = write_resp_hds(data, "\r\n", 2);
+- if(result) {
+- return -1;
+- }
++ h3_xfer_write_resp_hd(cf, data, stream,
++ (const char *)h3name.base, h3name.len, FALSE);
++ h3_xfer_write_resp_hd(cf, data, stream, ": ", 2, FALSE);
++ h3_xfer_write_resp_hd(cf, data, stream, (
++ const char *)h3val.base, h3val.len, FALSE);
++ h3_xfer_write_resp_hd(cf, data, stream, "\r\n", 2, FALSE);
+ }
+ return 0;
+ }
+@@ -1083,7 +1093,13 @@ static ssize_t cf_ngtcp2_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
+ goto out;
+ }
+
+- if(stream->closed) {
++ if(stream->xfer_result) {
++ CURL_TRC_CF(data, cf, "[%" PRId64 "] xfer write failed", stream->id);
++ *err = stream->xfer_result;
++ nread = -1;
++ goto out;
++ }
++ else if(stream->closed) {
+ nread = recv_closed_stream(cf, data, stream, err);
+ goto out;
+ }
+--- a/tests/http/test_02_download.py
++++ b/tests/http/test_02_download.py
+@@ -257,6 +257,34 @@ class TestDownload:
+ ])
+ r.check_response(count=count, http_status=200)
+
++ @pytest.mark.parametrize("proto", ['h2', 'h3'])
++ def test_02_14_not_found(self, env: Env, httpd, nghttpx, repeat, proto):
++ if proto == 'h3' and not env.have_h3():
++ pytest.skip("h3 not supported")
++ if proto == 'h3' and env.curl_uses_lib('msh3'):
++ pytest.skip("msh3 stalls here")
++ count = 10
++ urln = f'https://{env.authority_for(env.domain1, proto)}/not-found?[0-{count-1}]'
++ curl = CurlClient(env=env)
++ r = curl.http_download(urls=[urln], alpn_proto=proto, extra_args=[
++ '--parallel'
++ ])
++ r.check_stats(count=count, http_status=404, exitcode=0)
++
++ @pytest.mark.parametrize("proto", ['h2', 'h3'])
++ def test_02_15_fail_not_found(self, env: Env, httpd, nghttpx, repeat, proto):
++ if proto == 'h3' and not env.have_h3():
++ pytest.skip("h3 not supported")
++ if proto == 'h3' and env.curl_uses_lib('msh3'):
++ pytest.skip("msh3 stalls here")
++ count = 10
++ urln = f'https://{env.authority_for(env.domain1, proto)}/not-found?[0-{count-1}]'
++ curl = CurlClient(env=env)
++ r = curl.http_download(urls=[urln], alpn_proto=proto, extra_args=[
++ '--fail'
++ ])
++ r.check_stats(count=count, http_status=404, exitcode=22)
++
+ @pytest.mark.skipif(condition=Env().slow_network, reason="not suitable for slow network tests")
+ @pytest.mark.skipif(condition=Env().ci_run, reason="not suitable for CI runs")
+ def test_02_20_h2_small_frames(self, env: Env, httpd, repeat):
+
diff --git a/net-misc/curl/files/curl-8.7.1-rustls-fixes.patch b/net-misc/curl/files/curl-8.7.1-rustls-fixes.patch
new file mode 100644
index 0000000..81bcb07
--- /dev/null
+++ b/net-misc/curl/files/curl-8.7.1-rustls-fixes.patch
@@ -0,0 +1,49 @@
+From a866b062b17ab94b16b817ab9969c561364a4d72 Mon Sep 17 00:00:00 2001
+From: Matt Jolly <Matt.Jolly@footclan.ninja>
+Date: Mon, 1 Apr 2024 08:36:51 +1000
+Subject: [PATCH] m4: fix rustls builds
+
+This patch consolidates the following commits to do with rustls
+detection using pkg-config:
+
+- https://github.com/curl/curl/commit/9c4209837094781d5eef69ae6bcad0e86b64bf99
+- https://github.com/curl/curl/commit/5a50cb5a18a141a463148562dab83fa3be1a3b90
+---
+ m4/curl-rustls.m4 | 15 +++++++++++++++
+ 1 file changed, 15 insertions(+)
+
+diff --git a/m4/curl-rustls.m4 b/m4/curl-rustls.m4
+index 7c55230..8082cf9 100644
+--- a/m4/curl-rustls.m4
++++ b/m4/curl-rustls.m4
+@@ -142,6 +142,11 @@ if test "x$OPT_RUSTLS" != xno; then
+ LIBS="$SSL_LIBS $LIBS"
+ USE_RUSTLS="yes"
+ ssl_msg="rustls"
++ AC_DEFINE(USE_RUSTLS, 1, [if rustls is enabled])
++ AC_SUBST(USE_RUSTLS, [1])
++ USE_RUSTLS="yes"
++ RUSTLS_ENABLED=1
++ test rustls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
+ else
+ AC_MSG_ERROR([pkg-config: Could not find rustls])
+ fi
+@@ -174,5 +179,15 @@ if test "x$OPT_RUSTLS" != xno; then
+ fi
+
+ test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
++
++ if test X"$OPT_RUSTLS" != Xno &&
++ test "$RUSTLS_ENABLED" != "1"; then
++ AC_MSG_NOTICE([OPT_RUSTLS: $OPT_RUSTLS])
++ AC_MSG_NOTICE([RUSTLS_ENABLED: $RUSTLS_ENABLED])
++ AC_MSG_ERROR([--with-rustls was given but Rustls could not be detected])
++ fi
+ fi
+ ])
++
++
++RUSTLS_ENABLED
+--
+2.44.0
+
diff --git a/net-misc/curl/files/curl-8.8.0-install-manpage.patch b/net-misc/curl/files/curl-8.8.0-install-manpage.patch
new file mode 100644
index 0000000..f58ddae
--- /dev/null
+++ b/net-misc/curl/files/curl-8.8.0-install-manpage.patch
@@ -0,0 +1,22 @@
+https://patch-diff.githubusercontent.com/raw/curl/curl/pull/13741
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Wed, 22 May 2024 08:43:43 +0200
+Subject: [PATCH] docs/Makefile.am: make curl-config.1 install
+
+on "make install" like it should
+---
+ docs/Makefile.am | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/docs/Makefile.am b/docs/Makefile.am
+index 83f5b0c461cc0f..e9ef6284860555 100644
+--- a/docs/Makefile.am
++++ b/docs/Makefile.am
+@@ -28,6 +28,7 @@ if BUILD_DOCS
+ # if we disable man page building, ignore these
+ MK_CA_DOCS = mk-ca-bundle.1
+ CURLCONF_DOCS = curl-config.1
++man_MANS = curl-config.1
+ endif
+
+ CURLPAGES = curl-config.md mk-ca-bundle.md
diff --git a/net-misc/curl/files/curl-8.8.0-mbedtls.patch b/net-misc/curl/files/curl-8.8.0-mbedtls.patch
new file mode 100644
index 0000000..8fa4d6e
--- /dev/null
+++ b/net-misc/curl/files/curl-8.8.0-mbedtls.patch
@@ -0,0 +1,42 @@
+https://github.com/curl/curl/pull/13749
+From: Stefan Eissing <stefan@eissing.org>
+Date: Wed, 22 May 2024 14:44:56 +0200
+Subject: [PATCH] mbedtls, check version for cipher id
+
+- mbedtls_ssl_get_ciphersuite_id_from_ssl() seems to have
+ been added in mbedtls 3.2.0. Check for that version.
+--- a/lib/vtls/mbedtls.c
++++ b/lib/vtls/mbedtls.c
+@@ -902,8 +902,6 @@ mbed_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data)
+ (struct mbed_ssl_backend_data *)connssl->backend;
+ struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
+ const mbedtls_x509_crt *peercert;
+- char cipher_str[64];
+- uint16_t cipher_id;
+ #ifndef CURL_DISABLE_PROXY
+ const char * const pinnedpubkey = Curl_ssl_cf_is_proxy(cf)?
+ data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY]:
+@@ -932,11 +930,18 @@ mbed_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data)
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+
+- cipher_id = (uint16_t)
+- mbedtls_ssl_get_ciphersuite_id_from_ssl(&backend->ssl);
+- mbed_cipher_suite_get_str(cipher_id, cipher_str, sizeof(cipher_str), true);
+- infof(data, "mbedTLS: Handshake complete, cipher is %s", cipher_str);
+-
++#if MBEDTLS_VERSION_NUMBER >= 0x03020000
++ {
++ char cipher_str[64];
++ uint16_t cipher_id;
++ cipher_id = (uint16_t)
++ mbedtls_ssl_get_ciphersuite_id_from_ssl(&backend->ssl);
++ mbed_cipher_suite_get_str(cipher_id, cipher_str, sizeof(cipher_str), true);
++ infof(data, "mbedTLS: Handshake complete, cipher is %s", cipher_str);
++ }
++#else
++ infof(data, "mbedTLS: Handshake complete");
++#endif
+ ret = mbedtls_ssl_get_verify_result(&backend->ssl);
+
+ if(!conn_config->verifyhost)
diff --git a/net-misc/curl/files/curl-8.8.0-multi_wait-timeout.patch b/net-misc/curl/files/curl-8.8.0-multi_wait-timeout.patch
new file mode 100644
index 0000000..38d8c1b
--- /dev/null
+++ b/net-misc/curl/files/curl-8.8.0-multi_wait-timeout.patch
@@ -0,0 +1,75 @@
+https://github.com/curl/curl/pull/13825
+From: Stefan Eissing <stefan@eissing.org>
+Date: Wed, 29 May 2024 17:13:34 +0200
+Subject: [PATCH] fix multi_wait() timeout handling
+
+- determine the actual poll timeout *after* all sockets
+ have been collected. Protocols and connection filters may
+ install new timeouts during collection.
+- add debug logging to test1533 where the mistake was noticed
+- refs #13782
+--- a/lib/multi.c
++++ b/lib/multi.c
+@@ -1366,13 +1366,6 @@ static CURLMcode multi_wait(struct Curl_multi *multi,
+ if(timeout_ms < 0)
+ return CURLM_BAD_FUNCTION_ARGUMENT;
+
+- /* If the internally desired timeout is actually shorter than requested from
+- the outside, then use the shorter time! But only if the internal timer
+- is actually larger than -1! */
+- (void)multi_timeout(multi, &timeout_internal);
+- if((timeout_internal >= 0) && (timeout_internal < (long)timeout_ms))
+- timeout_ms = (int)timeout_internal;
+-
+ memset(ufds, 0, ufds_len * sizeof(struct pollfd));
+ memset(&ps, 0, sizeof(ps));
+
+@@ -1476,6 +1469,14 @@ static CURLMcode multi_wait(struct Curl_multi *multi,
+ #endif
+ #endif
+
++ /* We check the internal timeout *AFTER* we collected all sockets to
++ * poll. Collecting the sockets may install new timers by protocols
++ * and connection filters.
++ * Use the shorter one of the internal and the caller requested timeout. */
++ (void)multi_timeout(multi, &timeout_internal);
++ if((timeout_internal >= 0) && (timeout_internal < (long)timeout_ms))
++ timeout_ms = (int)timeout_internal;
++
+ #if defined(ENABLE_WAKEUP) && defined(USE_WINSOCK)
+ if(nfds || use_wakeup) {
+ #else
+--- a/tests/libtest/Makefile.inc
++++ b/tests/libtest/Makefile.inc
+@@ -487,7 +487,7 @@ lib1551_SOURCES = lib1551.c $(SUPPORTFILES)
+ lib1552_SOURCES = lib1552.c $(SUPPORTFILES) $(TESTUTIL)
+ lib1552_LDADD = $(TESTUTIL_LIBS)
+
+-lib1553_SOURCES = lib1553.c $(SUPPORTFILES) $(TESTUTIL)
++lib1553_SOURCES = lib1553.c $(SUPPORTFILES) $(TSTTRACE) $(TESTUTIL)
+ lib1553_LDADD = $(TESTUTIL_LIBS)
+
+ lib1554_SOURCES = lib1554.c $(SUPPORTFILES)
+--- a/tests/libtest/lib1553.c
++++ b/tests/libtest/lib1553.c
+@@ -24,6 +24,7 @@
+ #include "test.h"
+
+ #include "testutil.h"
++#include "testtrace.h"
+ #include "warnless.h"
+ #include "memdebug.h"
+
+@@ -74,6 +75,12 @@ CURLcode test(char *URL)
+ easy_setopt(curls, CURLOPT_XFERINFOFUNCTION, xferinfo);
+ easy_setopt(curls, CURLOPT_NOPROGRESS, 1L);
+
++ libtest_debug_config.nohex = 1;
++ libtest_debug_config.tracetime = 1;
++ test_setopt(curls, CURLOPT_DEBUGDATA, &libtest_debug_config);
++ easy_setopt(curls, CURLOPT_DEBUGFUNCTION, libtest_debug_cb);
++ easy_setopt(curls, CURLOPT_VERBOSE, 1L);
++
+ multi_add_handle(multi, curls);
+
+ multi_perform(multi, &still_running);
diff --git a/net-misc/curl/files/curl-8.9.1-sigpipe.patch b/net-misc/curl/files/curl-8.9.1-sigpipe.patch
new file mode 100644
index 0000000..d308fc4
--- /dev/null
+++ b/net-misc/curl/files/curl-8.9.1-sigpipe.patch
@@ -0,0 +1,26 @@
+https://github.com/curl/curl/commit/3eec5afbd0b6377eca893c392569b2faf094d970
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Mon, 5 Aug 2024 00:17:17 +0200
+Subject: [PATCH] sigpipe: init the struct so that first apply ignores
+
+Initializes 'no_signal' to TRUE, so that a call to sigpipe_apply() after
+init ignores the signal (unless CURLOPT_NOSIGNAL) is set.
+
+I have read the existing code multiple times now and I think it gets the
+initial state reversed this missing to ignore.
+
+Regression from 17e6f06ea37136c36d27
+
+Reported-by: Rasmus Thomsen
+Fixes #14344
+Closes #14390
+--- a/lib/sigpipe.h
++++ b/lib/sigpipe.h
+@@ -39,6 +39,7 @@ struct sigpipe_ignore {
+ static void sigpipe_init(struct sigpipe_ignore *ig)
+ {
+ memset(ig, 0, sizeof(*ig));
++ ig->no_signal = TRUE;
+ }
+
+ /*
diff --git a/net-misc/curl/files/curl-prefix-2.patch b/net-misc/curl/files/curl-prefix-2.patch
new file mode 100644
index 0000000..0372038
--- /dev/null
+++ b/net-misc/curl/files/curl-prefix-2.patch
@@ -0,0 +1,34 @@
+From a3033ee39f2cc43cb17386b23cb304b010c2c96f Mon Sep 17 00:00:00 2001
+From: Matt Jolly <Matt.Jolly@footclan.ninja>
+Date: Wed, 22 May 2024 16:18:51 +1000
+Subject: [PATCH] Update prefix patch for 8.8.0
+
+---
+ curl-config.in | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/curl-config.in b/curl-config.in
+index 085bb1e..c0bc6ce 100644
+--- a/curl-config.in
++++ b/curl-config.in
+@@ -145,7 +145,7 @@ while test "$#" -gt 0; do
+ else
+ CPPFLAG_CURL_STATICLIB=""
+ fi
+- if test "X@includedir@" = "X/usr/include"; then
++ if test "X@includedir@" = "X@GENTOO_PORTAGE_EPREFIX@/usr/include"; then
+ echo "${CPPFLAG_CURL_STATICLIB}"
+ else
+ echo "${CPPFLAG_CURL_STATICLIB}-I@includedir@"
+@@ -153,7 +153,7 @@ while test "$#" -gt 0; do
+ ;;
+
+ --libs)
+- if test "X@libdir@" != "X/usr/lib" -a "X@libdir@" != "X/usr/lib64"; then
++ if test "X@libdir@" != "X@GENTOO_PORTAGE_EPREFIX@/usr/lib" -a "X@libdir@" != "X@GENTOO_PORTAGE_EPREFIX@/usr/lib64"; then
+ CURLLIBDIR="-L@libdir@ "
+ else
+ CURLLIBDIR=""
+--
+2.45.0
+
diff --git a/net-misc/curl/files/curl-prefix.patch b/net-misc/curl/files/curl-prefix.patch
new file mode 100644
index 0000000..fd495c4
--- /dev/null
+++ b/net-misc/curl/files/curl-prefix.patch
@@ -0,0 +1,21 @@
+diff -Naur curl-7.30.0.orig/curl-config.in curl-7.30.0/curl-config.in
+--- curl-7.30.0.orig/curl-config.in 2013-02-06 09:44:37.000000000 -0500
++++ curl-7.30.0/curl-config.in 2013-04-17 18:43:56.000000000 -0400
+@@ -134,7 +134,7 @@
+ else
+ CPPFLAG_CURL_STATICLIB=""
+ fi
+- if test "X@includedir@" = "X/usr/include"; then
++ if test "X@includedir@" = "X@GENTOO_PORTAGE_EPREFIX@/usr/include"; then
+ echo "$CPPFLAG_CURL_STATICLIB"
+ else
+ echo "${CPPFLAG_CURL_STATICLIB}-I@includedir@"
+@@ -142,7 +142,7 @@
+ ;;
+
+ --libs)
+- if test "X@libdir@" != "X/usr/lib" -a "X@libdir@" != "X/usr/lib64"; then
++ if test "X@libdir@" != "X@GENTOO_PORTAGE_EPREFIX@/usr/lib" -a "X@libdir@" != "X@GENTOO_PORTAGE_EPREFIX@/usr/lib64"; then
+ CURLLIBDIR="-L@libdir@ "
+ else
+ CURLLIBDIR=""
diff --git a/net-misc/curl/files/curl-respect-cflags-3.patch b/net-misc/curl/files/curl-respect-cflags-3.patch
new file mode 100644
index 0000000..4a4a614
--- /dev/null
+++ b/net-misc/curl/files/curl-respect-cflags-3.patch
@@ -0,0 +1,14 @@
+diff --git a/configure.ac b/configure.ac
+index e9b49c7..e374ab6 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -280,9 +280,6 @@ dnl **********************************************************************
+
+ CURL_CHECK_COMPILER
+ CURL_SET_COMPILER_BASIC_OPTS
+-CURL_SET_COMPILER_DEBUG_OPTS
+-CURL_SET_COMPILER_OPTIMIZE_OPTS
+-CURL_SET_COMPILER_WARNING_OPTS
+
+ if test "$compiler_id" = "INTEL_UNIX_C"; then
+ #
diff --git a/net-misc/curl/metadata.xml b/net-misc/curl/metadata.xml
new file mode 100644
index 0000000..884608c
--- /dev/null
+++ b/net-misc/curl/metadata.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer type="person">
+ <email>kangie@gentoo.org</email>
+ <name>Matt Jolly</name>
+ </maintainer>
+ <maintainer type="project">
+ <email>base-system@gentoo.org</email>
+ <name>Gentoo Base System</name>
+ </maintainer>
+ <use>
+ <flag name="alt-svc">Enable alt-svc support</flag>
+ <flag name="ftp">Enable FTP support</flag>
+ <flag name="gnutls">Enable gnutls ssl backend</flag>
+ <flag name="gopher">Enable Gopher protocol support</flag>
+ <flag name="hsts">Enable HTTP Strict Transport Security</flag>
+ <flag name="imap">Enable Internet Message Access Protocol support</flag>
+ <flag name="mbedtls">Enable mbedtls ssl backend</flag>
+ <flag name="nghttp3">Enable HTTP/3 support using <pkg>net-libs/nghttp3</pkg></flag>
+ <flag name="http3">Enable HTTP/3 support</flag>
+ <flag name="openssl">Enable openssl ssl backend</flag>
+ <flag name="pop3">Enable Post Office Protocol 3 support</flag>
+ <flag name="progress-meter">Enable the progress meter</flag>
+ <flag name="psl">Enable Public Suffix List (PSL) support. See https://daniel.haxx.se/blog/2024/01/10/psl-in-curl/.</flag>
+ <flag name="quic">Enable support for QUIC (RFC 9000); a UDP-based protocol intended to replace TCP</flag>
+ <flag name="rtmp">Enable RTMP Streaming Media support</flag>
+ <flag name="rustls">Enable Rustls ssl backend</flag>
+ <flag name="smtp">Enable Simple Mail Transfer Protocol support</flag>
+ <flag name="ssh">Enable SSH urls in curl using libssh2</flag>
+ <flag name="ssl">Enable crypto engine support (via openssl if USE='-gnutls -nss')</flag>
+ <flag name="sslv3">Support for the old/insecure SSLv3 protocol</flag>
+ <flag name="telnet">Enable Telnet protocol support</flag>
+ <flag name="tftp">Enable TFTP support</flag>
+ <flag name="websockets">Enable websockets support</flag>
+ </use>
+ <upstream>
+ <remote-id type="cpe">cpe:/a:curl:curl</remote-id>
+ <remote-id type="cpe">cpe:/a:curl:libcurl</remote-id>
+ <remote-id type="cpe">cpe:/a:haxx:curl</remote-id>
+ <remote-id type="cpe">cpe:/a:haxx:libcurl</remote-id>
+ <remote-id type="github">curl/curl</remote-id>
+ </upstream>
+</pkgmetadata>
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [gentoo-commits] repo/proj/libressl:master commit in: net-misc/curl/files/, net-misc/curl/
@ 2024-12-13 3:53 orbea
0 siblings, 0 replies; 8+ messages in thread
From: orbea @ 2024-12-13 3:53 UTC (permalink / raw
To: gentoo-commits
commit: 23f44d403521c1e52c18896fec24cd9a7fbee6a8
Author: orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Fri Dec 13 03:51:36 2024 +0000
Commit: orbea <orbea <AT> riseup <DOT> net>
CommitDate: Fri Dec 13 03:51:36 2024 +0000
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=23f44d40
net-misc/curl: add 8.11.1-r1, drop 8.11.1
Signed-off-by: orbea <orbea <AT> riseup.net>
.../{curl-8.11.1.ebuild => curl-8.11.1-r1.ebuild} | 1 +
.../curl-8.11.1-async-thread-close-eventfd.patch | 33 ++++++++++++++++++++++
2 files changed, 34 insertions(+)
diff --git a/net-misc/curl/curl-8.11.1.ebuild b/net-misc/curl/curl-8.11.1-r1.ebuild
similarity index 99%
rename from net-misc/curl/curl-8.11.1.ebuild
rename to net-misc/curl/curl-8.11.1-r1.ebuild
index 60486cb..aca6d0d 100644
--- a/net-misc/curl/curl-8.11.1.ebuild
+++ b/net-misc/curl/curl-8.11.1-r1.ebuild
@@ -154,6 +154,7 @@ QA_CONFIG_IMPL_DECL_SKIP=(
PATCHES=(
"${FILESDIR}/${PN}-prefix-3.patch"
"${FILESDIR}/${PN}-respect-cflags-3.patch"
+ "${FILESDIR}/${P}-async-thread-close-eventfd.patch"
)
src_prepare() {
diff --git a/net-misc/curl/files/curl-8.11.1-async-thread-close-eventfd.patch b/net-misc/curl/files/curl-8.11.1-async-thread-close-eventfd.patch
new file mode 100644
index 0000000..2bdfc51
--- /dev/null
+++ b/net-misc/curl/files/curl-8.11.1-async-thread-close-eventfd.patch
@@ -0,0 +1,33 @@
+https://github.com/curl/curl/commit/ff5091aa9f73802e894b1cbdf24ab84e103200e2
+From: Andy Pan <i@andypan.me>
+Date: Thu, 12 Dec 2024 12:48:56 +0000
+Subject: [PATCH] async-thread: avoid closing eventfd twice
+
+When employing eventfd for socketpair, there is only one file
+descriptor. Closing that fd twice might result in fd corruption.
+Thus, we should avoid closing the eventfd twice, following the
+pattern in lib/multi.c.
+
+Fixes #15725
+Closes #15727
+Reported-by: Christian Heusel
+---
+ lib/asyn-thread.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/lib/asyn-thread.c b/lib/asyn-thread.c
+index a58e4b790494ab..32d496b107cb0a 100644
+--- a/lib/asyn-thread.c
++++ b/lib/asyn-thread.c
+@@ -195,9 +195,11 @@ void destroy_thread_sync_data(struct thread_sync_data *tsd)
+ * close one end of the socket pair (may be done in resolver thread);
+ * the other end (for reading) is always closed in the parent thread.
+ */
++#ifndef USE_EVENTFD
+ if(tsd->sock_pair[1] != CURL_SOCKET_BAD) {
+ wakeup_close(tsd->sock_pair[1]);
+ }
++#endif
+ #endif
+ memset(tsd, 0, sizeof(*tsd));
+ }
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [gentoo-commits] repo/proj/libressl:master commit in: net-misc/curl/files/, net-misc/curl/
@ 2025-02-05 15:02 orbea
0 siblings, 0 replies; 8+ messages in thread
From: orbea @ 2025-02-05 15:02 UTC (permalink / raw
To: gentoo-commits
commit: 17bfa7750dbb8e5aa571112eb30c4cc150d9ee98
Author: orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Wed Feb 5 14:58:00 2025 +0000
Commit: orbea <orbea <AT> riseup <DOT> net>
CommitDate: Wed Feb 5 14:59:11 2025 +0000
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=17bfa775
net-misc/curl: add 8.12.0
Signed-off-by: orbea <orbea <AT> riseup.net>
net-misc/curl/Manifest | 2 +
net-misc/curl/curl-8.12.0.ebuild | 384 ++++++++++++++++++++++++++++++++
net-misc/curl/files/curl-prefix-4.patch | 35 +++
3 files changed, 421 insertions(+)
diff --git a/net-misc/curl/Manifest b/net-misc/curl/Manifest
index b6b6c4c..04a1dbc 100644
--- a/net-misc/curl/Manifest
+++ b/net-misc/curl/Manifest
@@ -4,5 +4,7 @@ DIST curl-8.11.0.tar.xz 2750684 BLAKE2B 3db13ed558bee332e07e1eab878b5ecae14cd049
DIST curl-8.11.0.tar.xz.asc 488 BLAKE2B 5d91dc654d6a62c66e344ca92676b42e7a49f437e14f9fb714f7ae64a266d24d9bb7006b4512fc323459072ff0d9e05f627e494f34f845eadbedbd83acacc2ce SHA512 71073dde48e8f0013e392eb88bf70f6b8a4a4f0c955a3fb56db98e74aa10acc1004e2a0483f30be082e61b59a76fa75ae1d90545ace7c6b07bca8164078375f0
DIST curl-8.11.1.tar.xz 2751236 BLAKE2B a87ec2c78c5d6daf44eee4cf8e3ed124849d067f6c63145205fda18f33ddd3adce386058ead8f9b713f8e595f5e059acd13479eb00edc226247aabd3c2234112 SHA512 7c7c47a49505575b610c56b455f0919ea5082a993bf5483eeb258ead167aadb87078d626b343b417dcfc5439c53556425c8fb4fe3b01b53a87b47c01686a3e57
DIST curl-8.11.1.tar.xz.asc 488 BLAKE2B 53d58ebb8ab722d8394b7ce94b646c876324cd89b3e47d9129bddcfbb6db338c1dbe93a5e72a25caf7be9ddd450c2b0832cfee17beb8ba701bdeefe653235d53 SHA512 c09bedb67e83fb8ca3ad73c5bd0d92fed7fc2c26dbe5a71cccb193fd151c7219713241a9fe74baefcd1d008cfafba78142bf04cec24dd4a88d67179184d35824
+DIST curl-8.12.0.tar.xz 2777552 BLAKE2B b38c7465a38f6bbdc6daa1e8a27dc810f970c9172ddf532881e83965e1fa6001beff1bf358e5138e1a0ae1121d877f6a5a4f38ef7ea7e03c8b06dc46fbf24022 SHA512 ed35f0020541050ce387f4ba80f9e87562ececd99082da1bae85840dee81c49b86a4a55909e15fcbf4eb116106a796c29a9b2678dee11326f80db75992c6edc5
+DIST curl-8.12.0.tar.xz.asc 488 BLAKE2B 8977dabab96b6f188e8b16497e7a4e589f05b5512a9bc6ec0ee36797615c720b9cb5c34bc90df6ee037d898b8fa7f708ad2b2ff789163adcb5308a2e0d7cf9df SHA512 8526554ffb2187b48b6a4c6a0d4a8c73d484ef3ce4c3791add0e759baf953ac7ae0b2f88d688365b1f09c5745198611fa1761aa14d02ddf52823c4ff238779cd
DIST curl-8.9.1.tar.xz 2782364 BLAKE2B 6e38e20e2b03ab5bfbb8d9797442dfdd9644fc80d7b1f7c1efb1f44e0d730524e82ccf7413b2c6f4555bd61ae42f91ec7c0201e2c0d563811c85164aa234aada SHA512 a0fe234402875db194aad4e4208b7e67e7ffc1562622eea90948d4b9b0122c95c3dde8bbe2f7445a687cb3de7cb09f20e5819d424570442d976aa4c913227fc7
DIST curl-8.9.1.tar.xz.asc 488 BLAKE2B 437268f6e5ba5db73f205fd87f3ded1e5fc200e8bf63a83cdb7e21dfbf2f4a4620e598cd0bf5d8fa1548ade08d45b386599542cd988df46a238b85790409f42e SHA512 18acd58436d70900ab6912b84774da2c451b9dbfc83d6d00f85bbbe7894b67075918e58956fdb753fcc1486e4f10caa31139d7c68b037d7c83dc2e9c2fae9f9b
diff --git a/net-misc/curl/curl-8.12.0.ebuild b/net-misc/curl/curl-8.12.0.ebuild
new file mode 100644
index 0000000..7a30204
--- /dev/null
+++ b/net-misc/curl/curl-8.12.0.ebuild
@@ -0,0 +1,384 @@
+# Copyright 1999-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Maintainers should subscribe to the 'curl-distros' ML for backports etc
+# https://daniel.haxx.se/blog/2024/03/25/curl-distro-report/
+# https://lists.haxx.se/listinfo/curl-distros
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/danielstenberg.asc
+inherit autotools multilib-minimal multiprocessing prefix toolchain-funcs verify-sig
+
+DESCRIPTION="A Client that groks URLs"
+HOMEPAGE="https://curl.se/"
+
+if [[ ${PV} == 9999 ]]; then
+ inherit git-r3
+ EGIT_REPO_URI="https://github.com/curl/curl.git"
+else
+ SRC_URI="
+ https://curl.se/download/${P}.tar.xz
+ verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )
+ "
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+fi
+
+LICENSE="BSD curl ISC test? ( BSD-4 )"
+SLOT="0"
+IUSE="+adns +alt-svc brotli debug +ftp gnutls gopher +hsts +http2 +http3 idn +imap kerberos ldap mbedtls +openssl +pop3"
+IUSE+=" +psl +progress-meter +quic rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp +websockets zstd"
+# These select the default tls implementation / which quic impl to use
+IUSE+=" +curl_quic_openssl curl_quic_ngtcp2 curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls"
+RESTRICT="!test? ( test )"
+
+# Only one default ssl / quic provider can be enabled
+# The default provider needs its USE satisfied
+# HTTP/3 and MultiSSL are mutually exclusive; it's not clear if MultiSSL offers any benefit at all in the modern day.
+# https://github.com/curl/curl/commit/65ece771f4602107d9cdd339dff4b420280a2c2e
+REQUIRED_USE="
+ quic? (
+ !curl_quic_openssl
+ curl_quic_ngtcp2
+ http3
+ ssl
+ )
+ ssl? (
+ ^^ (
+ curl_ssl_gnutls
+ curl_ssl_mbedtls
+ curl_ssl_openssl
+ curl_ssl_rustls
+ )
+ )
+ curl_quic_openssl? (
+ curl_ssl_openssl
+ quic
+ !gnutls
+ !mbedtls
+ !rustls
+ )
+ curl_quic_ngtcp2? (
+ quic
+ !mbedtls
+ !rustls
+ )
+ curl_ssl_gnutls? ( gnutls )
+ curl_ssl_mbedtls? ( mbedtls )
+ curl_ssl_openssl? ( openssl )
+ curl_ssl_rustls? ( rustls )
+ http3? ( alt-svc quic )
+"
+
+# cURL's docs and CI/CD are great resources for confirming supported versions
+# particulary for fast-moving targets like HTTP/2 and TCP/2 e.g.:
+# - https://github.com/curl/curl/blob/master/docs/INTERNALS.md (core dependencies + minimum versions)
+# - https://github.com/curl/curl/blob/master/docs/HTTP3.md (example of a feature that moves quickly)
+# - https://github.com/curl/curl/blob/master/.github/workflows/http3-linux.yml (CI/CD for TCP/2)
+# However 'supported' vs 'works' are two entirely different things; be sane but
+# don't be afraid to require a later version.
+# ngtcp2 = https://bugs.gentoo.org/912029 - can only build with one tls backend at a time.
+RDEPEND="
+ >=sys-libs/zlib-1.1.4[${MULTILIB_USEDEP}]
+ adns? ( >=net-dns/c-ares-1.16.0:=[${MULTILIB_USEDEP}] )
+ brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
+ http2? ( >=net-libs/nghttp2-1.15.0:=[${MULTILIB_USEDEP}] )
+ http3? ( >=net-libs/nghttp3-1.1.0[${MULTILIB_USEDEP}] )
+ idn? ( >=net-dns/libidn2-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
+ kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
+ ldap? ( >=net-nds/openldap-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
+ psl? ( net-libs/libpsl[${MULTILIB_USEDEP}] )
+ quic? (
+ curl_quic_openssl? ( >=dev-libs/openssl-3.3.0:=[quic,${MULTILIB_USEDEP}] )
+ curl_quic_ngtcp2? ( >=net-libs/ngtcp2-1.2.0[ssl,${MULTILIB_USEDEP}] )
+ )
+ rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
+ ssh? ( >=net-libs/libssh2-1.0.0[${MULTILIB_USEDEP}] )
+ ssl? (
+ gnutls? (
+ app-misc/ca-certificates
+ >=net-libs/gnutls-3.1.10:=[static-libs?,${MULTILIB_USEDEP}]
+ dev-libs/nettle:=[${MULTILIB_USEDEP}]
+ )
+ mbedtls? (
+ app-misc/ca-certificates
+ net-libs/mbedtls:0=[${MULTILIB_USEDEP}]
+ )
+ openssl? (
+ >=dev-libs/openssl-0.9.7:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
+ )
+ rustls? (
+ >=net-libs/rustls-ffi-0.14.0:=[${MULTILIB_USEDEP}]
+ )
+ )
+ zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )
+"
+
+DEPEND="${RDEPEND}"
+
+BDEPEND="
+ dev-lang/perl
+ virtual/pkgconfig
+ test? (
+ sys-apps/diffutils
+ http2? ( >=net-libs/nghttp2-1.15.0:=[utils,${MULTILIB_USEDEP}] )
+ http3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] )
+ )
+ verify-sig? ( sec-keys/openpgp-keys-danielstenberg )
+"
+
+DOCS=( README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
+
+MULTILIB_WRAPPED_HEADERS=(
+ /usr/include/curl/curlbuild.h
+)
+
+MULTILIB_CHOST_TOOLS=(
+ /usr/bin/curl-config
+)
+
+QA_CONFIG_IMPL_DECL_SKIP=(
+ __builtin_available
+ closesocket
+ CloseSocket
+ getpass_r
+ ioctlsocket
+ IoctlSocket
+ mach_absolute_time
+ setmode
+ _fseeki64
+ # custom AC_LINK_IFELSE code fails to link even without -Werror
+ OSSL_QUIC_client_method
+)
+
+PATCHES=(
+ "${FILESDIR}/${PN}-prefix-4.patch"
+ "${FILESDIR}/${PN}-respect-cflags-3.patch"
+)
+
+src_prepare() {
+ default
+
+ eprefixify curl-config.in
+ eautoreconf
+}
+
+multilib_src_configure() {
+ # We make use of the fact that later flags override earlier ones
+ # So start with all ssl providers off until proven otherwise
+ # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
+ local myconf=()
+
+ myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
+ if use ssl; then
+ myconf+=( --without-gnutls --without-mbedtls --without-rustls )
+
+ if use gnutls; then
+ multilib_is_native_abi && einfo "SSL provided by gnutls"
+ myconf+=( --with-gnutls )
+ fi
+ if use mbedtls; then
+ multilib_is_native_abi && einfo "SSL provided by mbedtls"
+ myconf+=( --with-mbedtls )
+ fi
+ if use openssl; then
+ multilib_is_native_abi && einfo "SSL provided by openssl"
+ myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
+ fi
+ if use rustls; then
+ multilib_is_native_abi && einfo "SSL provided by rustls"
+ myconf+=( --with-rustls )
+ fi
+ if use curl_ssl_gnutls; then
+ multilib_is_native_abi && einfo "Default SSL provided by gnutls"
+ myconf+=( --with-default-ssl-backend=gnutls )
+ elif use curl_ssl_mbedtls; then
+ multilib_is_native_abi && einfo "Default SSL provided by mbedtls"
+ myconf+=( --with-default-ssl-backend=mbedtls )
+ elif use curl_ssl_openssl; then
+ multilib_is_native_abi && einfo "Default SSL provided by openssl"
+ myconf+=( --with-default-ssl-backend=openssl )
+ elif use curl_ssl_rustls; then
+ multilib_is_native_abi && einfo "Default SSL provided by rustls"
+ myconf+=( --with-default-ssl-backend=rustls )
+ else
+ eerror "We can't be here because of REQUIRED_USE."
+ die "Please file a bug, hit impossible condition w/ USE=ssl handling."
+ fi
+
+ else
+ myconf+=( --without-ssl )
+ einfo "SSL disabled"
+ fi
+
+ # These configuration options are organized alphabetically
+ # within each category. This should make it easier if we
+ # ever decide to make any of them contingent on USE flags:
+ # 1) protocols first. To see them all do
+ # 'grep SUPPORT_PROTOCOLS configure.ac'
+ # 2) --enable/disable options second.
+ # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
+ # 3) --with/without options third.
+ # grep -- --with configure | grep Check | awk '{ print $4 }' | sort
+
+ myconf+=(
+ $(use_enable alt-svc)
+ --enable-basic-auth
+ --enable-bearer-auth
+ --enable-digest-auth
+ --enable-kerberos-auth
+ --enable-negotiate-auth
+ --enable-aws
+ --enable-dict
+ --disable-ech
+ --enable-file
+ $(use_enable ftp)
+ $(use_enable gopher)
+ $(use_enable hsts)
+ --enable-http
+ $(use_enable imap)
+ $(use_enable ldap)
+ $(use_enable ldap ldaps)
+ --enable-ntlm
+ $(use_enable pop3)
+ --enable-rt
+ --enable-rtsp
+ $(use_enable samba smb)
+ $(use_with ssh libssh2)
+ $(use_enable smtp)
+ $(use_enable telnet)
+ $(use_enable tftp)
+ --enable-tls-srp
+ $(use_enable adns ares)
+ --enable-cookies
+ --enable-dateparse
+ --enable-dnsshuffle
+ --enable-doh
+ --enable-symbol-hiding
+ --enable-http-auth
+ --enable-ipv6
+ --enable-largefile
+ --enable-manual
+ --enable-mime
+ --enable-netrc
+ $(use_enable progress-meter)
+ --enable-proxy
+ --enable-socketpair
+ --disable-sspi
+ $(use_enable static-libs static)
+ --disable-versioned-symbols
+ --without-amissl
+ --without-bearssl
+ $(use_with brotli)
+ --with-fish-functions-dir="${EPREFIX}"/usr/share/fish/vendor_completions.d
+ $(use_with http2 nghttp2)
+ $(use_with idn libidn2)
+ $(use_with kerberos gssapi "${EPREFIX}"/usr)
+ --without-libgsasl
+ $(use_with psl libpsl)
+ --without-msh3
+ $(use_with http3 nghttp3)
+ $(use_with curl_quic_ngtcp2 ngtcp2)
+ $(use_with curl_quic_openssl openssl-quic)
+ --without-quiche
+ $(use_with rtmp librtmp)
+ --without-schannel
+ --without-secure-transport
+ --without-test-caddy
+ --without-test-httpd
+ --without-test-nghttpx
+ $(use_enable websockets)
+ --without-winidn
+ --without-wolfssl
+ --with-zlib
+ $(use_with zstd)
+ --with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions
+ )
+
+ if use debug; then
+ myconf+=(
+ --enable-debug
+ )
+ fi
+
+ if use test && multilib_is_native_abi && ( use http2 || use http3 ); then
+ myconf+=(
+ --with-test-nghttpx="${BROOT}/usr/bin/nghttpx"
+ )
+ fi
+
+ # Since 8.12.0 adns/c-ares and the threaded resolver are mutually exclusive
+ # This is in support of some work to enable `httpsrr` to use adns and the rest
+ # of curl to use the threaded resolver; we'll just make `httpsrr` conditional on adns
+ # when the time comes.
+ if use adns; then
+ myconf+=(
+ --disable-threaded-resolver
+ )
+ else
+ myconf+=(
+ --enable-threaded-resolver
+ )
+ fi
+
+ ECONF_SOURCE="${S}" econf "${myconf[@]}"
+
+ if ! multilib_is_native_abi; then
+ # Avoid building the client (we just want libcurl for multilib)
+ sed -i -e '/SUBDIRS/s:src::' Makefile || die
+ sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
+ fi
+
+}
+
+multilib_src_compile() {
+ default
+
+ if multilib_is_native_abi; then
+ # Shell completions
+ ! tc-is-cross-compiler && emake -C scripts
+ fi
+}
+
+# There is also a pytest harness that tests for bugs in some very specific
+# situations; we can rely on upstream for this rather than adding additional test deps.
+multilib_src_test() {
+ # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
+ # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
+ # -v: verbose
+ # -a: keep going on failure (so we see everything that breaks, not just 1st test)
+ # -k: keep test files after completion
+ # -am: automake style TAP output
+ # -p: print logs if test fails
+ # Note: if needed, we can skip specific tests. See e.g. Fedora's packaging
+ # or just read https://github.com/curl/curl/tree/master/tests#run.
+ # Note: we don't run the testsuite for cross-compilation.
+ # Upstream recommend 7*nproc as a starting point for parallel tests, but
+ # this ends up breaking when nproc is huge (like -j80).
+ # The network sandbox causes tests 241 and 1083 to fail; these are typically skipped
+ # as most gentoo users don't have an 'ip6-localhost'
+ multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p -j$((2*$(makeopts_jobs))) !241 !1083"
+}
+
+multilib_src_install() {
+ emake DESTDIR="${D}" install
+
+ if multilib_is_native_abi; then
+ # Shell completions
+ ! tc-is-cross-compiler && emake -C scripts DESTDIR="${D}" install
+ fi
+}
+
+multilib_src_install_all() {
+ einstalldocs
+ find "${ED}" -type f -name '*.la' -delete || die
+ rm -rf "${ED}"/etc/ || die
+}
+
+pkg_postinst() {
+ if use debug; then
+ ewarn "USE=debug has been selected, enabling debug codepaths and making cURL extra verbose."
+ ewarn "Use this _only_ for testing. Debug builds should _not_ be used in anger."
+ ewarn "hic sunt dracones; you have been warned."
+ fi
+}
diff --git a/net-misc/curl/files/curl-prefix-4.patch b/net-misc/curl/files/curl-prefix-4.patch
new file mode 100644
index 0000000..796b67f
--- /dev/null
+++ b/net-misc/curl/files/curl-prefix-4.patch
@@ -0,0 +1,35 @@
+From f18f4362d7ca60fb12248a559dab26aea330771c Mon Sep 17 00:00:00 2001
+From: Matt Jolly <kangie@gentoo.org>
+Date: Wed, 5 Feb 2025 17:27:11 +1000
+Subject: [PATCH] Update prefix patch for 8.12.0
+
+Signed-off-by: Matt Jolly <kangie@gentoo.org>
+---
+ curl-config.in | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/curl-config.in b/curl-config.in
+index 55184167b..df31fdb46 100644
+--- a/curl-config.in
++++ b/curl-config.in
+@@ -141,7 +141,7 @@ while test "$#" -gt 0; do
+ ;;
+
+ --cflags)
+- if test "X@includedir@" = 'X/usr/include'; then
++ if test "X@includedir@" = "X@GENTOO_PORTAGE_EPREFIX@/usr/include"; then
+ echo '@LIBCURL_PC_CFLAGS@'
+ else
+ echo "@LIBCURL_PC_CFLAGS@ -I@includedir@"
+@@ -149,7 +149,7 @@ while test "$#" -gt 0; do
+ ;;
+
+ --libs)
+- if test "X@libdir@" != 'X/usr/lib' -a "X@libdir@" != 'X/usr/lib64'; then
++ if test "X@libdir@" != "X@GENTOO_PORTAGE_EPREFIX@/usr/lib" -a "X@libdir@" != "X@GENTOO_PORTAGE_EPREFIX@/usr/lib64"; then
+ curllibdir="-L@libdir@ "
+ else
+ curllibdir=''
+--
+2.48.0
+
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [gentoo-commits] repo/proj/libressl:master commit in: net-misc/curl/files/, net-misc/curl/
@ 2025-04-05 14:08 orbea
0 siblings, 0 replies; 8+ messages in thread
From: orbea @ 2025-04-05 14:08 UTC (permalink / raw
To: gentoo-commits
commit: a77b84ed0d3a7574d7714767214ca576a7eb62dd
Author: orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Sat Apr 5 14:00:11 2025 +0000
Commit: orbea <orbea <AT> riseup <DOT> net>
CommitDate: Sat Apr 5 14:01:41 2025 +0000
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=a77b84ed
net-misc/curl: drop 8.11.1-r2
Signed-off-by: orbea <orbea <AT> riseup.net>
net-misc/curl/Manifest | 2 -
net-misc/curl/curl-8.11.1-r2.ebuild | 380 ---------------------------
net-misc/curl/files/curl-8.12.0-multi.patch | 136 ----------
net-misc/curl/files/curl-8.9.1-sigpipe.patch | 26 --
net-misc/curl/files/curl-prefix-2.patch | 34 ---
5 files changed, 578 deletions(-)
diff --git a/net-misc/curl/Manifest b/net-misc/curl/Manifest
index 0673944..057cbaa 100644
--- a/net-misc/curl/Manifest
+++ b/net-misc/curl/Manifest
@@ -1,5 +1,3 @@
-DIST curl-8.11.1.tar.xz 2751236 BLAKE2B a87ec2c78c5d6daf44eee4cf8e3ed124849d067f6c63145205fda18f33ddd3adce386058ead8f9b713f8e595f5e059acd13479eb00edc226247aabd3c2234112 SHA512 7c7c47a49505575b610c56b455f0919ea5082a993bf5483eeb258ead167aadb87078d626b343b417dcfc5439c53556425c8fb4fe3b01b53a87b47c01686a3e57
-DIST curl-8.11.1.tar.xz.asc 488 BLAKE2B 53d58ebb8ab722d8394b7ce94b646c876324cd89b3e47d9129bddcfbb6db338c1dbe93a5e72a25caf7be9ddd450c2b0832cfee17beb8ba701bdeefe653235d53 SHA512 c09bedb67e83fb8ca3ad73c5bd0d92fed7fc2c26dbe5a71cccb193fd151c7219713241a9fe74baefcd1d008cfafba78142bf04cec24dd4a88d67179184d35824
DIST curl-8.12.1.tar.xz 2768160 BLAKE2B 2b3e3d91041881c0951ad470736266105d3b9720440b808fe382baa493a30075aba52eb1d329fb1f148e27cd76290d82e121e7f4abf695f215456a10e26ade3e SHA512 88915468fa1bb7256e3dd6c9d058ada6894faa1e3e7800c7d9bfee3e8be4081ae57e7f2bf260c5342b709499fc4302ddc2d7864e25bfa3300fa07f118a3de603
DIST curl-8.12.1.tar.xz.asc 488 BLAKE2B 2a6563609c9f7ada84ca2c7048ad9406809eef4cc958760d2ab3d1b7be58d26247e579bd025870609e80ebb00295026aae30614b84e3a81bdf3ed3dbd0f5ed70 SHA512 41fc5582935090d13940d86974fdea3ea901dd5dab156c16029a87f811d2535172c59dc8dc366f2ffc37bcf85accbecb5aa765bc7b83c2991a3ef402bf25af69
DIST curl-8.13.0.tar.xz 2773628 BLAKE2B 6869634ad50f015d5c7526699034d5a3f27d9588bc32eacc8080dbd6c690f63b1f25cee40d3fdf8fd9dd8535c305ea9c5edf1d5a02bc6d9ce60fd8c88230aca0 SHA512 d266e460f162ee455b56726e5b7247b2d1aa5265ae12081513fc0c5c79e785a594097bc71d505dc9bcd2c2f6f1ff6f4bab9dbd9d120bb76d06c5be8521a8ca7d
diff --git a/net-misc/curl/curl-8.11.1-r2.ebuild b/net-misc/curl/curl-8.11.1-r2.ebuild
deleted file mode 100644
index 97b3d42..0000000
--- a/net-misc/curl/curl-8.11.1-r2.ebuild
+++ /dev/null
@@ -1,380 +0,0 @@
-# Copyright 1999-2025 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-# Maintainers should subscribe to the 'curl-distros' ML for backports etc
-# https://daniel.haxx.se/blog/2024/03/25/curl-distro-report/
-# https://lists.haxx.se/listinfo/curl-distros
-
-VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/danielstenberg.asc
-inherit autotools multilib-minimal multiprocessing prefix toolchain-funcs verify-sig
-
-DESCRIPTION="A Client that groks URLs"
-HOMEPAGE="https://curl.se/"
-
-if [[ ${PV} == 9999 ]]; then
- inherit git-r3
- EGIT_REPO_URI="https://github.com/curl/curl.git"
-else
- SRC_URI="
- https://curl.se/download/${P}.tar.xz
- verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )
- "
- KEYWORDS="~alpha amd64 arm arm64 hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
-fi
-
-LICENSE="BSD curl ISC test? ( BSD-4 )"
-SLOT="0"
-IUSE="+adns +alt-svc brotli debug +ftp gnutls gopher +hsts +http2 +http3 idn +imap kerberos ldap mbedtls +openssl +pop3"
-IUSE+=" +psl +progress-meter +quic rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp +websockets zstd"
-# These select the default tls implementation / which quic impl to use
-IUSE+=" curl_quic_openssl +curl_quic_ngtcp2 curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls"
-RESTRICT="!test? ( test )"
-
-# Only one default ssl / quic provider can be enabled
-# The default provider needs its USE satisfied
-# HTTP/3 and MultiSSL are mutually exclusive; it's not clear if MultiSSL offers any benefit at all in the modern day.
-# https://github.com/curl/curl/commit/65ece771f4602107d9cdd339dff4b420280a2c2e
-REQUIRED_USE="
- quic? (
- !curl_quic_openssl
- curl_quic_ngtcp2
- http3
- ssl
- )
- ssl? (
- ^^ (
- curl_ssl_gnutls
- curl_ssl_mbedtls
- curl_ssl_openssl
- curl_ssl_rustls
- )
- )
- curl_quic_openssl? (
- curl_ssl_openssl
- quic
- !gnutls
- !mbedtls
- !rustls
- )
- curl_quic_ngtcp2? (
- quic
- !mbedtls
- !rustls
- )
- curl_ssl_gnutls? ( gnutls )
- curl_ssl_mbedtls? ( mbedtls )
- curl_ssl_openssl? ( openssl )
- curl_ssl_rustls? ( rustls )
- http3? ( alt-svc quic )
-"
-
-# cURL's docs and CI/CD are great resources for confirming supported versions
-# particulary for fast-moving targets like HTTP/2 and TCP/2 e.g.:
-# - https://github.com/curl/curl/blob/master/docs/INTERNALS.md (core dependencies + minimum versions)
-# - https://github.com/curl/curl/blob/master/docs/HTTP3.md (example of a feature that moves quickly)
-# - https://github.com/curl/curl/blob/master/.github/workflows/http3-linux.yml (CI/CD for TCP/2)
-# However 'supported' vs 'works' are two entirely different things; be sane but
-# don't be afraid to require a later version.
-# ngtcp2 = https://bugs.gentoo.org/912029 - can only build with one tls backend at a time.
-RDEPEND="
- >=sys-libs/zlib-1.1.4[${MULTILIB_USEDEP}]
- adns? ( >=net-dns/c-ares-1.16.0:=[${MULTILIB_USEDEP}] )
- brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
- http2? ( >=net-libs/nghttp2-1.15.0:=[${MULTILIB_USEDEP}] )
- http3? ( >=net-libs/nghttp3-1.1.0[${MULTILIB_USEDEP}] )
- idn? ( >=net-dns/libidn2-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
- kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
- ldap? ( >=net-nds/openldap-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
- psl? ( net-libs/libpsl[${MULTILIB_USEDEP}] )
- quic? (
- curl_quic_openssl? ( >=dev-libs/openssl-3.3.0:=[quic,${MULTILIB_USEDEP}] )
- curl_quic_ngtcp2? ( >=net-libs/ngtcp2-1.2.0[ssl,openssl,${MULTILIB_USEDEP}] )
- )
- rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
- ssh? ( >=net-libs/libssh2-1.0.0[${MULTILIB_USEDEP}] )
- ssl? (
- gnutls? (
- app-misc/ca-certificates
- >=net-libs/gnutls-3.1.10:=[static-libs?,${MULTILIB_USEDEP}]
- dev-libs/nettle:=[${MULTILIB_USEDEP}]
- )
- mbedtls? (
- app-misc/ca-certificates
- net-libs/mbedtls:0=[${MULTILIB_USEDEP}]
- )
- openssl? (
- >=dev-libs/openssl-0.9.7:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
- )
- rustls? (
- >=net-libs/rustls-ffi-0.14.0:=[${MULTILIB_USEDEP}]
- )
- )
- zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )
-"
-
-DEPEND="${RDEPEND}"
-
-BDEPEND="
- dev-lang/perl
- virtual/pkgconfig
- test? (
- sys-apps/diffutils
- http2? ( >=net-libs/nghttp2-1.15.0:=[utils,${MULTILIB_USEDEP}] )
- http3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] )
- )
- verify-sig? ( sec-keys/openpgp-keys-danielstenberg )
-"
-
-DOCS=( README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
-
-MULTILIB_WRAPPED_HEADERS=(
- /usr/include/curl/curlbuild.h
-)
-
-MULTILIB_CHOST_TOOLS=(
- /usr/bin/curl-config
-)
-
-QA_CONFIG_IMPL_DECL_SKIP=(
- __builtin_available
- closesocket
- CloseSocket
- getpass_r
- ioctlsocket
- IoctlSocket
- mach_absolute_time
- setmode
- _fseeki64
- # custom AC_LINK_IFELSE code fails to link even without -Werror
- OSSL_QUIC_client_method
-)
-
-PATCHES=(
- "${FILESDIR}/${PN}-prefix-3.patch"
- "${FILESDIR}/${PN}-respect-cflags-3.patch"
- "${FILESDIR}/${P}-async-thread-close-eventfd.patch"
-)
-
-src_prepare() {
- default
-
- eprefixify curl-config.in
- eautoreconf
-}
-
-multilib_src_configure() {
- # We make use of the fact that later flags override earlier ones
- # So start with all ssl providers off until proven otherwise
- # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
- local myconf=()
-
- myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
- if use ssl; then
- myconf+=( --without-gnutls --without-mbedtls --without-rustls )
-
- if use gnutls; then
- multilib_is_native_abi && einfo "SSL provided by gnutls"
- myconf+=( --with-gnutls )
- fi
- if use mbedtls; then
- multilib_is_native_abi && einfo "SSL provided by mbedtls"
- myconf+=( --with-mbedtls )
- fi
- if use openssl; then
- multilib_is_native_abi && einfo "SSL provided by openssl"
- myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
- fi
- if use rustls; then
- multilib_is_native_abi && einfo "SSL provided by rustls"
- myconf+=( --with-rustls )
- fi
- if use curl_ssl_gnutls; then
- multilib_is_native_abi && einfo "Default SSL provided by gnutls"
- myconf+=( --with-default-ssl-backend=gnutls )
- elif use curl_ssl_mbedtls; then
- multilib_is_native_abi && einfo "Default SSL provided by mbedtls"
- myconf+=( --with-default-ssl-backend=mbedtls )
- elif use curl_ssl_openssl; then
- multilib_is_native_abi && einfo "Default SSL provided by openssl"
- myconf+=( --with-default-ssl-backend=openssl )
- elif use curl_ssl_rustls; then
- multilib_is_native_abi && einfo "Default SSL provided by rustls"
- myconf+=( --with-default-ssl-backend=rustls )
- else
- eerror "We can't be here because of REQUIRED_USE."
- die "Please file a bug, hit impossible condition w/ USE=ssl handling."
- fi
-
- else
- myconf+=( --without-ssl )
- einfo "SSL disabled"
- fi
-
- # These configuration options are organized alphabetically
- # within each category. This should make it easier if we
- # ever decide to make any of them contingent on USE flags:
- # 1) protocols first. To see them all do
- # 'grep SUPPORT_PROTOCOLS configure.ac'
- # 2) --enable/disable options second.
- # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
- # 3) --with/without options third.
- # grep -- --with configure | grep Check | awk '{ print $4 }' | sort
-
- myconf+=(
- $(use_enable alt-svc)
- --enable-basic-auth
- --enable-bearer-auth
- --enable-digest-auth
- --enable-kerberos-auth
- --enable-negotiate-auth
- --enable-aws
- --enable-dict
- --disable-ech
- --enable-file
- $(use_enable ftp)
- $(use_enable gopher)
- $(use_enable hsts)
- --enable-http
- $(use_enable imap)
- $(use_enable ldap)
- $(use_enable ldap ldaps)
- --enable-ntlm
- $(use_enable pop3)
- --enable-rt
- --enable-rtsp
- $(use_enable samba smb)
- $(use_with ssh libssh2)
- $(use_enable smtp)
- $(use_enable telnet)
- $(use_enable tftp)
- --enable-tls-srp
- $(use_enable adns ares)
- --enable-cookies
- --enable-dateparse
- --enable-dnsshuffle
- --enable-doh
- --enable-symbol-hiding
- --enable-http-auth
- --enable-ipv6
- --enable-largefile
- --enable-manual
- --enable-mime
- --enable-netrc
- $(use_enable progress-meter)
- --enable-proxy
- --enable-socketpair
- --disable-sspi
- $(use_enable static-libs static)
- --enable-pthreads
- --enable-threaded-resolver
- --disable-versioned-symbols
- --without-amissl
- --without-bearssl
- $(use_with brotli)
- --with-fish-functions-dir="${EPREFIX}"/usr/share/fish/vendor_completions.d
- $(use_with http2 nghttp2)
- --without-hyper
- $(use_with idn libidn2)
- $(use_with kerberos gssapi "${EPREFIX}"/usr)
- --without-libgsasl
- $(use_with psl libpsl)
- --without-msh3
- $(use_with http3 nghttp3)
- $(use_with curl_quic_ngtcp2 ngtcp2)
- $(use_with curl_quic_openssl openssl-quic)
- --without-quiche
- $(use_with rtmp librtmp)
- --without-schannel
- --without-secure-transport
- --without-test-caddy
- --without-test-httpd
- --without-test-nghttpx
- $(use_enable websockets)
- --without-winidn
- --without-wolfssl
- --with-zlib
- $(use_with zstd)
- --with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions
- )
-
- if use debug; then
- myconf+=(
- --enable-debug
- )
- fi
-
- if use test && multilib_is_native_abi && ( use http2 || use http3 ); then
- myconf+=(
- --with-test-nghttpx="${BROOT}/usr/bin/nghttpx"
- )
- fi
-
- if [[ ${CHOST} == *mingw* ]] ; then
- myconf+=(
- --disable-pthreads
- )
- fi
-
- ECONF_SOURCE="${S}" econf "${myconf[@]}"
-
- if ! multilib_is_native_abi; then
- # Avoid building the client (we just want libcurl for multilib)
- sed -i -e '/SUBDIRS/s:src::' Makefile || die
- sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
- fi
-
-}
-
-multilib_src_compile() {
- default
-
- if multilib_is_native_abi; then
- # Shell completions
- ! tc-is-cross-compiler && emake -C scripts
- fi
-}
-
-# There is also a pytest harness that tests for bugs in some very specific
-# situations; we can rely on upstream for this rather than adding additional test deps.
-multilib_src_test() {
- # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
- # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
- # -v: verbose
- # -a: keep going on failure (so we see everything that breaks, not just 1st test)
- # -k: keep test files after completion
- # -am: automake style TAP output
- # -p: print logs if test fails
- # Note: if needed, we can skip specific tests. See e.g. Fedora's packaging
- # or just read https://github.com/curl/curl/tree/master/tests#run.
- # Note: we don't run the testsuite for cross-compilation.
- # Upstream recommend 7*nproc as a starting point for parallel tests, but
- # this ends up breaking when nproc is huge (like -j80).
- # The network sandbox causes tests 241 and 1083 to fail; these are typically skipped
- # as most gentoo users don't have an 'ip6-localhost'
- multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p -j$((2*$(makeopts_jobs))) !241 !1083"
-}
-
-multilib_src_install() {
- emake DESTDIR="${D}" install
-
- if multilib_is_native_abi; then
- # Shell completions
- ! tc-is-cross-compiler && emake -C scripts DESTDIR="${D}" install
- fi
-}
-
-multilib_src_install_all() {
- einstalldocs
- find "${ED}" -type f -name '*.la' -delete || die
- rm -rf "${ED}"/etc/ || die
-}
-
-pkg_postinst() {
- if use debug; then
- ewarn "USE=debug has been selected, enabling debug codepaths and making cURL extra verbose."
- ewarn "Use this _only_ for testing. Debug builds should _not_ be used in anger."
- ewarn "hic sunt dracones; you have been warned."
- fi
-}
diff --git a/net-misc/curl/files/curl-8.12.0-multi.patch b/net-misc/curl/files/curl-8.12.0-multi.patch
deleted file mode 100644
index b9405af..0000000
--- a/net-misc/curl/files/curl-8.12.0-multi.patch
+++ /dev/null
@@ -1,136 +0,0 @@
-https://github.com/curl/curl/issues/16236#issuecomment-2645385845
-https://github.com/curl/curl/commit/242a1439e7d8cdb72ae6a2fa2e705e2d9a2b7501
-
-
---- a/lib/setopt.c
-+++ b/lib/setopt.c
-@@ -1584,10 +1584,6 @@ static CURLcode setopt_pointers(struct Curl_easy *data, CURLoption option,
- if(data->share->hsts == data->hsts)
- data->hsts = NULL;
- #endif
--#ifdef USE_SSL
-- if(data->share->ssl_scache == data->state.ssl_scache)
-- data->state.ssl_scache = data->multi ? data->multi->ssl_scache : NULL;
--#endif
- #ifdef USE_LIBPSL
- if(data->psl == &data->share->psl)
- data->psl = data->multi ? &data->multi->psl : NULL;
-@@ -1628,10 +1624,6 @@ static CURLcode setopt_pointers(struct Curl_easy *data, CURLoption option,
- data->hsts = data->share->hsts;
- }
- #endif
--#ifdef USE_SSL
-- if(data->share->ssl_scache)
-- data->state.ssl_scache = data->share->ssl_scache;
--#endif
- #ifdef USE_LIBPSL
- if(data->share->specifier & (1 << CURL_LOCK_DATA_PSL))
- data->psl = &data->share->psl;
---- a/lib/transfer.c
-+++ b/lib/transfer.c
-@@ -567,12 +567,6 @@ CURLcode Curl_pretransfer(struct Curl_easy *data)
- #endif
- data->state.httpreq = data->set.method;
-
--#ifdef USE_SSL
-- if(!data->state.ssl_scache)
-- /* There was no ssl session cache set via a share, use the multi one */
-- data->state.ssl_scache = data->multi->ssl_scache;
--#endif
--
- data->state.requests = 0;
- data->state.followlocation = 0; /* reset the location-follow counter */
- data->state.this_is_a_follow = FALSE; /* reset this */
---- a/lib/urldata.h
-+++ b/lib/urldata.h
-@@ -1199,7 +1199,6 @@ struct UrlState {
- curl_prot_t first_remote_protocol;
-
- int retrycount; /* number of retries on a new connection */
-- struct Curl_ssl_scache *ssl_scache; /* TLS session pool */
- int os_errno; /* filled in with errno whenever an error occurs */
- long followlocation; /* redirect counter */
- int requests; /* request counter: redirects + authentication retakes */
---- a/lib/vtls/vtls_scache.c
-+++ b/lib/vtls/vtls_scache.c
-@@ -82,6 +82,17 @@ struct Curl_ssl_scache {
- long age;
- };
-
-+static struct Curl_ssl_scache *cf_ssl_scache_get(struct Curl_easy *data)
-+{
-+ struct Curl_ssl_scache *scache = NULL;
-+ /* If a share is present, its ssl_scache has preference over the multi */
-+ if(data->share && data->share->ssl_scache)
-+ scache = data->share->ssl_scache;
-+ else if(data->multi && data->multi->ssl_scache)
-+ scache = data->multi->ssl_scache;
-+ return scache;
-+}
-+
- static void cf_ssl_scache_clear_session(struct Curl_ssl_session *s)
- {
- if(s->sdata) {
-@@ -792,7 +803,7 @@ CURLcode Curl_ssl_scache_put(struct Curl_cfilter *cf,
- const char *ssl_peer_key,
- struct Curl_ssl_session *s)
- {
-- struct Curl_ssl_scache *scache = data->state.ssl_scache;
-+ struct Curl_ssl_scache *scache = cf_ssl_scache_get(data);
- struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data);
- CURLcode result;
- DEBUGASSERT(ssl_config);
-@@ -826,7 +837,7 @@ CURLcode Curl_ssl_scache_take(struct Curl_cfilter *cf,
- const char *ssl_peer_key,
- struct Curl_ssl_session **ps)
- {
-- struct Curl_ssl_scache *scache = data->state.ssl_scache;
-+ struct Curl_ssl_scache *scache = cf_ssl_scache_get(data);
- struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
- struct Curl_ssl_scache_peer *peer = NULL;
- struct Curl_llist_node *n;
-@@ -870,7 +881,7 @@ CURLcode Curl_ssl_scache_add_obj(struct Curl_cfilter *cf,
- void *sobj,
- Curl_ssl_scache_obj_dtor *sobj_free)
- {
-- struct Curl_ssl_scache *scache = data->state.ssl_scache;
-+ struct Curl_ssl_scache *scache = cf_ssl_scache_get(data);
- struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
- struct Curl_ssl_scache_peer *peer = NULL;
- CURLcode result;
-@@ -898,7 +909,7 @@ bool Curl_ssl_scache_get_obj(struct Curl_cfilter *cf,
- const char *ssl_peer_key,
- void **sobj)
- {
-- struct Curl_ssl_scache *scache = data->state.ssl_scache;
-+ struct Curl_ssl_scache *scache = cf_ssl_scache_get(data);
- struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
- struct Curl_ssl_scache_peer *peer = NULL;
- CURLcode result;
-@@ -924,7 +935,7 @@ void Curl_ssl_scache_remove_all(struct Curl_cfilter *cf,
- struct Curl_easy *data,
- const char *ssl_peer_key)
- {
-- struct Curl_ssl_scache *scache = data->state.ssl_scache;
-+ struct Curl_ssl_scache *scache = cf_ssl_scache_get(data);
- struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
- struct Curl_ssl_scache_peer *peer = NULL;
- CURLcode result;
-@@ -1021,7 +1032,7 @@ CURLcode Curl_ssl_session_import(struct Curl_easy *data,
- const unsigned char *shmac, size_t shmac_len,
- const unsigned char *sdata, size_t sdata_len)
- {
-- struct Curl_ssl_scache *scache = data->state.ssl_scache;
-+ struct Curl_ssl_scache *scache = cf_ssl_scache_get(data);
- struct Curl_ssl_scache_peer *peer = NULL;
- struct Curl_ssl_session *s = NULL;
- bool locked = FALSE;
-@@ -1092,7 +1103,7 @@ CURLcode Curl_ssl_session_export(struct Curl_easy *data,
- curl_ssls_export_cb *export_fn,
- void *userptr)
- {
-- struct Curl_ssl_scache *scache = data->state.ssl_scache;
-+ struct Curl_ssl_scache *scache = cf_ssl_scache_get(data);
- struct Curl_ssl_scache_peer *peer;
- struct dynbuf sbuf, hbuf;
- struct Curl_llist_node *n;
diff --git a/net-misc/curl/files/curl-8.9.1-sigpipe.patch b/net-misc/curl/files/curl-8.9.1-sigpipe.patch
deleted file mode 100644
index d308fc4..0000000
--- a/net-misc/curl/files/curl-8.9.1-sigpipe.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-https://github.com/curl/curl/commit/3eec5afbd0b6377eca893c392569b2faf094d970
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Mon, 5 Aug 2024 00:17:17 +0200
-Subject: [PATCH] sigpipe: init the struct so that first apply ignores
-
-Initializes 'no_signal' to TRUE, so that a call to sigpipe_apply() after
-init ignores the signal (unless CURLOPT_NOSIGNAL) is set.
-
-I have read the existing code multiple times now and I think it gets the
-initial state reversed this missing to ignore.
-
-Regression from 17e6f06ea37136c36d27
-
-Reported-by: Rasmus Thomsen
-Fixes #14344
-Closes #14390
---- a/lib/sigpipe.h
-+++ b/lib/sigpipe.h
-@@ -39,6 +39,7 @@ struct sigpipe_ignore {
- static void sigpipe_init(struct sigpipe_ignore *ig)
- {
- memset(ig, 0, sizeof(*ig));
-+ ig->no_signal = TRUE;
- }
-
- /*
diff --git a/net-misc/curl/files/curl-prefix-2.patch b/net-misc/curl/files/curl-prefix-2.patch
deleted file mode 100644
index 0372038..0000000
--- a/net-misc/curl/files/curl-prefix-2.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From a3033ee39f2cc43cb17386b23cb304b010c2c96f Mon Sep 17 00:00:00 2001
-From: Matt Jolly <Matt.Jolly@footclan.ninja>
-Date: Wed, 22 May 2024 16:18:51 +1000
-Subject: [PATCH] Update prefix patch for 8.8.0
-
----
- curl-config.in | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/curl-config.in b/curl-config.in
-index 085bb1e..c0bc6ce 100644
---- a/curl-config.in
-+++ b/curl-config.in
-@@ -145,7 +145,7 @@ while test "$#" -gt 0; do
- else
- CPPFLAG_CURL_STATICLIB=""
- fi
-- if test "X@includedir@" = "X/usr/include"; then
-+ if test "X@includedir@" = "X@GENTOO_PORTAGE_EPREFIX@/usr/include"; then
- echo "${CPPFLAG_CURL_STATICLIB}"
- else
- echo "${CPPFLAG_CURL_STATICLIB}-I@includedir@"
-@@ -153,7 +153,7 @@ while test "$#" -gt 0; do
- ;;
-
- --libs)
-- if test "X@libdir@" != "X/usr/lib" -a "X@libdir@" != "X/usr/lib64"; then
-+ if test "X@libdir@" != "X@GENTOO_PORTAGE_EPREFIX@/usr/lib" -a "X@libdir@" != "X@GENTOO_PORTAGE_EPREFIX@/usr/lib64"; then
- CURLLIBDIR="-L@libdir@ "
- else
- CURLLIBDIR=""
---
-2.45.0
-
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [gentoo-commits] repo/proj/libressl:master commit in: net-misc/curl/files/, net-misc/curl/
@ 2025-06-01 13:49 orbea
0 siblings, 0 replies; 8+ messages in thread
From: orbea @ 2025-06-01 13:49 UTC (permalink / raw
To: gentoo-commits
commit: d5098f91b3053fe95446008c82311f87e35c4f81
Author: orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Sun Jun 1 13:33:05 2025 +0000
Commit: orbea <orbea <AT> riseup <DOT> net>
CommitDate: Sun Jun 1 13:33:05 2025 +0000
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=d5098f91
net-misc/curl: add 8.14.0
Signed-off-by: orbea <orbea <AT> riseup.net>
net-misc/curl/Manifest | 2 +
net-misc/curl/curl-8.14.0.ebuild | 433 +++++++++++++++++++++
.../files/curl-8.14.0-add_handle-resizing.patch | 187 +++++++++
3 files changed, 622 insertions(+)
diff --git a/net-misc/curl/Manifest b/net-misc/curl/Manifest
index 057cbaa..a21c7e3 100644
--- a/net-misc/curl/Manifest
+++ b/net-misc/curl/Manifest
@@ -2,3 +2,5 @@ DIST curl-8.12.1.tar.xz 2768160 BLAKE2B 2b3e3d91041881c0951ad470736266105d3b9720
DIST curl-8.12.1.tar.xz.asc 488 BLAKE2B 2a6563609c9f7ada84ca2c7048ad9406809eef4cc958760d2ab3d1b7be58d26247e579bd025870609e80ebb00295026aae30614b84e3a81bdf3ed3dbd0f5ed70 SHA512 41fc5582935090d13940d86974fdea3ea901dd5dab156c16029a87f811d2535172c59dc8dc366f2ffc37bcf85accbecb5aa765bc7b83c2991a3ef402bf25af69
DIST curl-8.13.0.tar.xz 2773628 BLAKE2B 6869634ad50f015d5c7526699034d5a3f27d9588bc32eacc8080dbd6c690f63b1f25cee40d3fdf8fd9dd8535c305ea9c5edf1d5a02bc6d9ce60fd8c88230aca0 SHA512 d266e460f162ee455b56726e5b7247b2d1aa5265ae12081513fc0c5c79e785a594097bc71d505dc9bcd2c2f6f1ff6f4bab9dbd9d120bb76d06c5be8521a8ca7d
DIST curl-8.13.0.tar.xz.asc 488 BLAKE2B bd568ec32a44ef7c14c38e4830bcc7711dac726e950325292f1e5de76e619839685300c5afac32330127324327e71ce0d6e574f6e95bcc4a48957345152bc86a SHA512 07f79c7fd7c305c96e10a5f52797254aed7d2a1f3577c8626b8d617855ceb82634ac6787bfa0b7130a4ed72c3a9945d3c9ba5b7be54df8bafa07ded1c62ef2be
+DIST curl-8.14.0.tar.xz 2819512 BLAKE2B d8b7d58e6923366265a1d95d3a6f14002729dfb95d88b17ec925d096bd199b206f6c9645e1e4be3bc2d295e8898c35990eda6f45329396f38753725907e402a1 SHA512 d9f49cac0b93dbc53879713cc017392b4277d84b489bbf2ef3b585c6a50eea6c3a7b80043286b34062af04329560f2dc321f315b0038ce93435aa9bbcaec1eea
+DIST curl-8.14.0.tar.xz.asc 488 BLAKE2B 9fa2fe756d7c170b4fc883bd0c23eb103d947e8328d56ea3dea53403d3cd01626ada943595179955f55a77eb8f4da65b5e4d74fe5627fc8c5ab4d88efbb5df3e SHA512 7c147ddb5e141dd9951e2ef6b23fa120318c0e631fb36861b80fce61b4b19ca08273a6b95627f46a8172945fb51bd790ffc74dee0a4b0de860dad518963b4710
diff --git a/net-misc/curl/curl-8.14.0.ebuild b/net-misc/curl/curl-8.14.0.ebuild
new file mode 100644
index 0000000..9d4ca24
--- /dev/null
+++ b/net-misc/curl/curl-8.14.0.ebuild
@@ -0,0 +1,433 @@
+# Copyright 1999-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Maintainers should subscribe to the 'curl-distros' ML for backports etc
+# https://daniel.haxx.se/blog/2024/03/25/curl-distro-report/
+# https://lists.haxx.se/listinfo/curl-distros
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/danielstenberg.asc
+inherit autotools multilib-minimal multiprocessing prefix toolchain-funcs verify-sig
+
+DESCRIPTION="A Client that groks URLs"
+HOMEPAGE="https://curl.se/"
+
+if [[ ${PV} == 9999 ]]; then
+ inherit git-r3
+ EGIT_REPO_URI="https://github.com/curl/curl.git"
+else
+ if [[ ${P} == *rc* ]]; then
+ CURL_URI="https://curl.se/rc/"
+ S="${WORKDIR}/${P//_/-}"
+ else
+ CURL_URI="https://curl.se/download/"
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+ fi
+ SRC_URI="
+ ${CURL_URI}${P//_/-}.tar.xz
+ verify-sig? ( ${CURL_URI}${P//_/-}.tar.xz.asc )
+ "
+fi
+
+LICENSE="BSD curl ISC test? ( BSD-4 )"
+SLOT="0"
+IUSE="+adns +alt-svc brotli debug ech +ftp gnutls gopher +hsts +http2 +http3 +httpsrr idn +imap kerberos ldap"
+IUSE+=" mbedtls +openssl +pop3 +psl +quic rtmp rustls samba sasl-scram +smtp ssh ssl static-libs test"
+IUSE+=" telnet +tftp +websockets zstd"
+# These select the default tls implementation / which quic impl to use
+IUSE+=" curl_quic_openssl +curl_quic_ngtcp2 curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls"
+RESTRICT="!test? ( test )"
+
+# HTTPS RR is technically usable with the threaded resolver, but it still uses c-ares to
+# ask for the HTTPS RR record type; if DoH is in use the HTTPS record will be requested
+# in addition to A and AAAA records.
+
+# To simplify dependency management in the ebuild we'll require c-ares for HTTPS RR (for now?).
+# HTTPS RR in cURL is a dependency for:
+# - ECH (requires patched openssl or gnutls currently, enabled with rustls)
+# - Fetching the ALPN list which should provide a better HTTP/3 experience.
+
+# Only one default ssl / quic provider can be enabled
+# The default provider needs its USE satisfied
+# HTTP/3 and MultiSSL are mutually exclusive; it's not clear if MultiSSL offers any benefit at all in the modern day.
+# https://github.com/curl/curl/commit/65ece771f4602107d9cdd339dff4b420280a2c2e
+REQUIRED_USE="
+ ech? ( rustls )
+ httpsrr? ( adns )
+ quic? (
+ !curl_quic_openssl
+ curl_quic_ngtcp2
+ http3
+ ssl
+ )
+ ssl? (
+ ^^ (
+ curl_ssl_gnutls
+ curl_ssl_mbedtls
+ curl_ssl_openssl
+ curl_ssl_rustls
+ )
+ )
+ curl_quic_openssl? (
+ curl_ssl_openssl
+ quic
+ !gnutls
+ !mbedtls
+ !rustls
+ )
+ curl_quic_ngtcp2? (
+ quic
+ !mbedtls
+ !rustls
+ )
+ curl_ssl_gnutls? ( gnutls )
+ curl_ssl_mbedtls? ( mbedtls )
+ curl_ssl_openssl? ( openssl )
+ curl_ssl_rustls? ( rustls )
+ http3? ( alt-svc httpsrr quic )
+"
+
+# cURL's docs and CI/CD are great resources for confirming supported versions
+# particulary for fast-moving targets like HTTP/2 and TCP/2 e.g.:
+# - https://github.com/curl/curl/blob/master/docs/INTERNALS.md (core dependencies + minimum versions)
+# - https://github.com/curl/curl/blob/master/docs/HTTP3.md (example of a feature that moves quickly)
+# - https://github.com/curl/curl/blob/master/.github/workflows/http3-linux.yml (CI/CD for TCP/2)
+# However 'supported' vs 'works' are two entirely different things; be sane but
+# don't be afraid to require a later version.
+# ngtcp2 = https://bugs.gentoo.org/912029 - can only build with one tls backend at a time.
+RDEPEND="
+ >=sys-libs/zlib-1.2.5[${MULTILIB_USEDEP}]
+ adns? ( >=net-dns/c-ares-1.16.0:=[${MULTILIB_USEDEP}] )
+ brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
+ http2? ( >=net-libs/nghttp2-1.15.0:=[${MULTILIB_USEDEP}] )
+ http3? ( >=net-libs/nghttp3-1.1.0[${MULTILIB_USEDEP}] )
+ idn? ( >=net-dns/libidn2-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
+ kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
+ ldap? ( >=net-nds/openldap-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
+ psl? ( net-libs/libpsl[${MULTILIB_USEDEP}] )
+ quic? (
+ curl_quic_openssl? ( >=dev-libs/openssl-3.3.0:=[quic,${MULTILIB_USEDEP}] )
+ curl_quic_ngtcp2? ( >=net-libs/ngtcp2-1.2.0[ssl,openssl,${MULTILIB_USEDEP}] )
+ )
+ rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
+ ssh? ( >=net-libs/libssh2-1.2.8[${MULTILIB_USEDEP}] )
+ sasl-scram? ( >=net-misc/gsasl-2.2.0[static-libs?,${MULTILIB_USEDEP}] )
+ ssl? (
+ gnutls? (
+ app-misc/ca-certificates
+ >=net-libs/gnutls-3.1.10:=[static-libs?,${MULTILIB_USEDEP}]
+ dev-libs/nettle:=[${MULTILIB_USEDEP}]
+ )
+ mbedtls? (
+ app-misc/ca-certificates
+ net-libs/mbedtls:0=[${MULTILIB_USEDEP}]
+ )
+ openssl? (
+ >=dev-libs/openssl-1.0.2:=[static-libs?,${MULTILIB_USEDEP}]
+ )
+ rustls? (
+ >=net-libs/rustls-ffi-0.15.0:=[${MULTILIB_USEDEP}]
+ )
+ )
+ zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )
+"
+
+DEPEND="${RDEPEND}"
+
+BDEPEND="
+ dev-lang/perl
+ virtual/pkgconfig
+ test? (
+ sys-apps/diffutils
+ http2? ( >=net-libs/nghttp2-1.15.0:=[utils,${MULTILIB_USEDEP}] )
+ http3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] )
+ )
+ verify-sig? ( sec-keys/openpgp-keys-danielstenberg )
+"
+
+DOCS=( README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
+
+MULTILIB_WRAPPED_HEADERS=(
+ /usr/include/curl/curlbuild.h
+)
+
+MULTILIB_CHOST_TOOLS=(
+ /usr/bin/curl-config
+)
+
+QA_CONFIG_IMPL_DECL_SKIP=(
+ __builtin_available
+ closesocket
+ CloseSocket
+ getpass_r
+ ioctlsocket
+ IoctlSocket
+ mach_absolute_time
+ setmode
+ _fseeki64
+ # custom AC_LINK_IFELSE code fails to link even without -Werror
+ OSSL_QUIC_client_method
+)
+
+PATCHES=(
+ "${FILESDIR}/${PN}-prefix-4.patch"
+ "${FILESDIR}/${PN}-respect-cflags-3.patch"
+ "${FILESDIR}/${P}-add_handle-resizing.patch"
+)
+
+src_prepare() {
+ default
+
+ eprefixify curl-config.in
+ eautoreconf
+}
+
+# Generates TLS-related configure options based on USE flags.
+# Outputs options suitable for appending to a configure options array.
+_get_curl_tls_configure_opts() {
+ local tls_opts=()
+
+ local backend flag_name
+ for backend in gnutls mbedtls openssl rustls; do
+ if [[ "$backend" == "openssl" ]]; then
+ flag_name="ssl"
+ tls_opts+=( "--with-ca-path=${EPREFIX}/etc/ssl/certs")
+ else
+ flag_name="$backend"
+ fi
+
+ if use "$backend"; then
+ tls_opts+=( "--with-${flag_name}" )
+ else
+ # If a single backend is enabled, 'ssl' is required, openssl is the default / fallback
+ if ! [[ "$backend" == "openssl" ]]; then
+ tls_opts+=( "--without-${flag_name}" )
+ fi
+ fi
+ done
+
+ if use curl_ssl_gnutls; then
+ multilib_is_native_abi && einfo "Default TLS backend: gnutls"
+ tls_opts+=( "--with-default-ssl-backend=gnutls" )
+ elif use curl_ssl_mbedtls; then
+ multilib_is_native_abi && einfo "Default TLS backend: mbedtls"
+ tls_opts+=( "--with-default-ssl-backend=mbedtls" )
+ elif use curl_ssl_openssl; then
+ multilib_is_native_abi && einfo "Default TLS backend: openssl"
+ tls_opts+=( "--with-default-ssl-backend=openssl" )
+ elif use curl_ssl_rustls; then
+ multilib_is_native_abi && einfo "Default TLS backend: rustls"
+ tls_opts+=( "--with-default-ssl-backend=rustls" )
+ else
+ eerror "We can't be here because of REQUIRED_USE."
+ die "Please file a bug, hit impossible condition w/ USE=ssl handling."
+ fi
+
+ # Explicitly Disable unimplemented b
+ tls_opts+=(
+ --without-amissl
+ --without-bearssl
+ --without-wolfssl
+ )
+
+ printf "%s\n" "${tls_opts[@]}"
+}
+
+multilib_src_configure() {
+ # We make use of the fact that later flags override earlier ones
+ # So start with all ssl providers off until proven otherwise
+ # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
+ local myconf=()
+
+ myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
+ if use ssl; then
+ local -a tls_backend_opts
+ readarray -t tls_backend_opts < <(_get_curl_tls_configure_opts)
+ myconf+=("${tls_backend_opts[@]}")
+ else
+ myconf+=( --without-ssl )
+ einfo "SSL disabled"
+ fi
+
+ # These configuration options are organised alphabetically by category/type
+
+ # Protocols
+ # `grep SUPPORT_PROTOCOLS=\" configure.ac | awk '{ print substr($2, 1, length($2)-1)}' | sort`
+ # Assume that anything omitted (that is not new!) is enabled by default with no deps
+ myconf+=(
+ --enable-file
+ $(use_enable ftp)
+ $(use_enable gopher)
+ --enable-http
+ $(use_enable imap) # Automatic IMAPS if TLS is enabled
+ $(use_enable ldap ldaps)
+ $(use_enable ldap)
+ $(use_enable pop3)
+ $(use_enable samba smb)
+ $(use_with ssh libssh2) # enables scp/sftp
+ $(use_with rtmp librtmp)
+ --enable-rtsp
+ $(use_enable smtp)
+ $(use_enable telnet)
+ $(use_enable tftp)
+ $(use_enable websockets)
+ )
+
+ # Keep various 'HTTP-flavoured' options together
+ myconf+=(
+ $(use_enable alt-svc)
+ $(use_enable hsts)
+ $(use_enable httpsrr)
+ $(use_with http2 nghttp2)
+ $(use_with http3 nghttp3)
+ $(use_with curl_quic_ngtcp2 ngtcp2)
+ $(use_with curl_quic_openssl openssl-quic)
+ )
+
+ # --enable/disable options
+ # `grep -- --enable configure | grep Check | awk '{ print $4 }' | sort`
+ myconf+=(
+ $(use_enable adns ares)
+ --enable-aws
+ --enable-basic-auth
+ --enable-bearer-auth
+ --enable-cookies
+ --enable-dateparse
+ --enable-dict
+ --enable-digest-auth
+ --enable-dnsshuffle
+ --enable-doh
+ $(use_enable ech)
+ --enable-http-auth
+ --enable-ipv6
+ --enable-kerberos-auth
+ --enable-largefile
+ --enable-manual
+ --enable-mime
+ --enable-negotiate-auth
+ --enable-netrc
+ --enable-ntlm
+ --enable-progress-meter
+ --enable-proxy
+ --enable-rt
+ --enable-socketpair
+ --disable-sspi
+ $(use_enable static-libs static)
+ --enable-symbol-hiding
+ --enable-tls-srp
+ --disable-versioned-symbols
+ )
+
+ # --with/without options
+ # `grep -- --with configure | grep Check | awk '{ print $4 }' | sort`
+ myconf+=(
+ $(use_with brotli)
+ --with-fish-functions-dir="${EPREFIX}"/usr/share/fish/vendor_completions.d
+ $(use_with idn libidn2)
+ $(use_with kerberos gssapi "${EPREFIX}"/usr)
+ $(use_with sasl-scram libgsasl)
+ $(use_with psl libpsl)
+ --without-msh3
+ --without-quiche
+ --without-schannel
+ --without-secure-transport
+ --without-winidn
+ --with-zlib
+ --with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions
+ $(use_with zstd)
+ )
+
+ # Test deps (disabled)
+ myconf+=(
+ --without-test-caddy
+ --without-test-httpd
+ --without-test-nghttpx
+ )
+
+ if use debug; then
+ myconf+=(
+ --enable-debug
+ )
+ fi
+
+ if use test && multilib_is_native_abi && ( use http2 || use http3 ); then
+ myconf+=(
+ --with-test-nghttpx="${BROOT}/usr/bin/nghttpx"
+ )
+ fi
+
+ # Since 8.12.0 adns/c-ares and the threaded resolver are mutually exclusive
+ # This is in support of some work to enable `httpsrr` to use adns and the rest
+ # of curl to use the threaded resolver; for us `httpsrr` is conditional on adns.
+ if use adns; then
+ myconf+=(
+ --disable-threaded-resolver
+ )
+ else
+ myconf+=(
+ --enable-threaded-resolver
+ )
+ fi
+
+ ECONF_SOURCE="${S}" econf "${myconf[@]}"
+
+ if ! multilib_is_native_abi; then
+ # Avoid building the client (we just want libcurl for multilib)
+ sed -i -e '/SUBDIRS/s:src::' Makefile || die
+ sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
+ fi
+
+}
+
+multilib_src_compile() {
+ default
+
+ if multilib_is_native_abi; then
+ # Shell completions
+ ! tc-is-cross-compiler && emake -C scripts
+ fi
+}
+
+# There is also a pytest harness that tests for bugs in some very specific
+# situations; we can rely on upstream for this rather than adding additional test deps.
+multilib_src_test() {
+ # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
+ # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
+ # -v: verbose
+ # -a: keep going on failure (so we see everything that breaks, not just 1st test)
+ # -k: keep test files after completion
+ # -am: automake style TAP output
+ # -p: print logs if test fails
+ # Note: if needed, we can skip specific tests. See e.g. Fedora's packaging
+ # or just read https://github.com/curl/curl/tree/master/tests#run.
+ # Note: we don't run the testsuite for cross-compilation.
+ # Upstream recommend 7*nproc as a starting point for parallel tests, but
+ # this ends up breaking when nproc is huge (like -j80).
+ # The network sandbox causes tests 241 and 1083 to fail; these are typically skipped
+ # as most gentoo users don't have an 'ip6-localhost'
+ multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p -j$((2*$(makeopts_jobs))) !241 !1083"
+}
+
+multilib_src_install() {
+ emake DESTDIR="${D}" install
+
+ if multilib_is_native_abi; then
+ # Shell completions
+ ! tc-is-cross-compiler && emake -C scripts DESTDIR="${D}" install
+ fi
+}
+
+multilib_src_install_all() {
+ einstalldocs
+ find "${ED}" -type f -name '*.la' -delete || die
+ rm -rf "${ED}"/etc/ || die
+}
+
+pkg_postinst() {
+ if use debug; then
+ ewarn "USE=debug has been selected, enabling debug codepaths and making cURL extra verbose."
+ ewarn "Use this _only_ for testing. Debug builds should _not_ be used in anger."
+ ewarn "hic sunt dracones; you have been warned."
+ fi
+}
diff --git a/net-misc/curl/files/curl-8.14.0-add_handle-resizing.patch b/net-misc/curl/files/curl-8.14.0-add_handle-resizing.patch
new file mode 100644
index 0000000..0bbf026
--- /dev/null
+++ b/net-misc/curl/files/curl-8.14.0-add_handle-resizing.patch
@@ -0,0 +1,187 @@
+https://github.com/curl/curl/commit/d16ccbd55de80c271fe822f4ba8b6271fd9166ff
+From: Stefan Eissing <stefan@eissing.org>
+Date: Wed, 28 May 2025 14:04:31 +0200
+Subject: [PATCH] multi: fix add_handle resizing
+
+Due to someone being stupid, the resizing of the multi's transfer
+table was actually shrinking it. Oh my.
+
+Add test751 to reproduce, add code assertion.
+
+Fixes #17473
+Reported-by: Jeroen Ooms
+Closes #17475
+--- a/lib/multi.c
++++ b/lib/multi.c
+@@ -347,7 +347,8 @@ static CURLMcode multi_xfers_add(struct Curl_multi *multi,
+ if(unused <= min_unused) {
+ /* make it a 64 multiple, since our bitsets frow by that and
+ * small (easy_multi) grows to at least 64 on first resize. */
+- unsigned int newsize = ((capacity + min_unused) + 63) / 64;
++ unsigned int newsize = (((capacity + min_unused) + 63) / 64) * 64;
++ DEBUGASSERT(newsize > capacity);
+ /* Grow the bitsets first. Should one fail, we do not need
+ * to downsize the already resized ones. The sets continue
+ * to work properly when larger than the table, but not
+--- a/tests/data/Makefile.am
++++ b/tests/data/Makefile.am
+@@ -107,7 +107,7 @@ test709 test710 test711 test712 test713 test714 test715 test716 test717 \
+ test718 test719 test720 test721 test722 test723 test724 test725 test726 \
+ test727 test728 test729 test730 test731 test732 test733 test734 test735 \
+ test736 test737 test738 test739 test740 test741 test742 test743 test744 \
+-test745 test746 test747 test748 test749 test750 \
++test745 test746 test747 test748 test749 test750 test751 \
+ \
+ test780 test781 test782 test783 test784 test785 test786 test787 test788 \
+ test789 test790 test791 \
+--- /dev/null
++++ b/tests/data/test751
+@@ -0,0 +1,33 @@
++<testcase>
++<info>
++<keywords>
++MULTI
++</keywords>
++</info>
++<reply>
++<data>
++</data>
++</reply>
++
++# Client-side
++<client>
++<server>
++none
++</server>
++# tool is what to use instead of 'curl'
++<tool>
++lib%TESTNUMBER
++</tool>
++
++<name>
++multi - add many easy handles
++</name>
++<command>
++</command>
++</file>
++</client>
++
++# Verify data after the test has been "shot"
++<verify>
++</verify>
++</testcase>
+--- a/tests/libtest/Makefile.inc
++++ b/tests/libtest/Makefile.inc
+@@ -50,6 +50,7 @@ LIBTESTPROGS = libauthretry libntlmconnect libprereq \
+ lib659 lib661 lib666 lib667 lib668 \
+ lib670 lib671 lib672 lib673 lib674 lib676 lib677 lib678 lib694 lib695 \
+ lib696 \
++ lib751 \
+ lib1156 \
+ lib1301 \
+ lib1308 \
+@@ -349,6 +350,9 @@ lib695_SOURCES = lib695.c $(SUPPORTFILES)
+ lib696_SOURCES = lib556.c $(SUPPORTFILES) $(WARNLESS)
+ lib696_CPPFLAGS = $(AM_CPPFLAGS) -DLIB696
+
++lib751_SOURCES = lib751.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
++lib751_LDADD = $(TESTUTIL_LIBS)
++
+ lib1301_SOURCES = lib1301.c $(SUPPORTFILES) $(TESTUTIL)
+ lib1301_LDADD = $(TESTUTIL_LIBS)
+
+--- /dev/null
++++ b/tests/libtest/lib751.c
+@@ -0,0 +1,92 @@
++/***************************************************************************
++ * _ _ ____ _
++ * Project ___| | | | _ \| |
++ * / __| | | | |_) | |
++ * | (__| |_| | _ <| |___
++ * \___|\___/|_| \_\_____|
++ *
++ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
++ *
++ * This software is licensed as described in the file COPYING, which
++ * you should have received as part of this distribution. The terms
++ * are also available at https://curl.se/docs/copyright.html.
++ *
++ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
++ * copies of the Software, and permit persons to whom the Software is
++ * furnished to do so, under the terms of the COPYING file.
++ *
++ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
++ * KIND, either express or implied.
++ *
++ * SPDX-License-Identifier: curl
++ *
++ ***************************************************************************/
++#include "test.h"
++
++#include "testutil.h"
++#include "warnless.h"
++#include "memdebug.h"
++
++#define TEST_HANG_TIMEOUT 60 * 1000
++
++/*
++ * Get a single URL without select().
++ */
++
++CURLcode test(char *URL)
++{
++ CURL *easies[1000];
++ CURLM *m;
++ CURLcode res = CURLE_FAILED_INIT;
++ CURLMcode mres;
++ int i;
++
++ (void)URL;
++ memset(easies, 0, sizeof(easies));
++
++ curl_global_init(CURL_GLOBAL_DEFAULT);
++ m = curl_multi_init();
++ if(!m) {
++ res = CURLE_OUT_OF_MEMORY;
++ goto test_cleanup;
++ }
++
++ for(i = 0; i < 1000; i++) {
++ CURL *e = curl_easy_init();
++ if(!e) {
++ res = CURLE_OUT_OF_MEMORY;
++ goto test_cleanup;
++ }
++ easies[i] = e;
++
++ res = curl_easy_setopt(e, CURLOPT_URL, "https://www.example.com/");
++ if(!res)
++ res = curl_easy_setopt(e, CURLOPT_VERBOSE, 1L);
++ if(res)
++ goto test_cleanup;
++
++ mres = curl_multi_add_handle(m, e);
++ if(mres != CURLM_OK) {
++ printf("MULTI ERROR: %s\n", curl_multi_strerror(mres));
++ res = CURLE_FAILED_INIT;
++ goto test_cleanup;
++ }
++ }
++
++test_cleanup:
++
++ if(res)
++ printf("ERROR: %s\n", curl_easy_strerror(res));
++
++ for(i = 0; i < 1000; i++) {
++ if(easies[i]) {
++ curl_multi_add_handle(m, easies[i]);
++ curl_easy_cleanup(easies[i]);
++ easies[i] = NULL;
++ }
++ }
++ curl_multi_cleanup(m);
++ curl_global_cleanup();
++
++ return res;
++}
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [gentoo-commits] repo/proj/libressl:master commit in: net-misc/curl/files/, net-misc/curl/
@ 2025-07-14 19:18 orbea
0 siblings, 0 replies; 8+ messages in thread
From: orbea @ 2025-07-14 19:18 UTC (permalink / raw
To: gentoo-commits
commit: 6831c5ae15d1c49342b6c00e91b86d568a3a9b84
Author: orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Mon Jul 14 16:17:38 2025 +0000
Commit: orbea <orbea <AT> riseup <DOT> net>
CommitDate: Mon Jul 14 16:17:38 2025 +0000
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=6831c5ae
net-misc/curl: drop 8.14.0
Signed-off-by: orbea <orbea <AT> riseup.net>
net-misc/curl/Manifest | 2 -
net-misc/curl/curl-8.14.0.ebuild | 433 ---------------------
.../files/curl-8.14.0-add_handle-resizing.patch | 187 ---------
3 files changed, 622 deletions(-)
diff --git a/net-misc/curl/Manifest b/net-misc/curl/Manifest
index 76ff82a..eb45f3d 100644
--- a/net-misc/curl/Manifest
+++ b/net-misc/curl/Manifest
@@ -2,7 +2,5 @@ DIST curl-8.12.1.tar.xz 2768160 BLAKE2B 2b3e3d91041881c0951ad470736266105d3b9720
DIST curl-8.12.1.tar.xz.asc 488 BLAKE2B 2a6563609c9f7ada84ca2c7048ad9406809eef4cc958760d2ab3d1b7be58d26247e579bd025870609e80ebb00295026aae30614b84e3a81bdf3ed3dbd0f5ed70 SHA512 41fc5582935090d13940d86974fdea3ea901dd5dab156c16029a87f811d2535172c59dc8dc366f2ffc37bcf85accbecb5aa765bc7b83c2991a3ef402bf25af69
DIST curl-8.13.0.tar.xz 2773628 BLAKE2B 6869634ad50f015d5c7526699034d5a3f27d9588bc32eacc8080dbd6c690f63b1f25cee40d3fdf8fd9dd8535c305ea9c5edf1d5a02bc6d9ce60fd8c88230aca0 SHA512 d266e460f162ee455b56726e5b7247b2d1aa5265ae12081513fc0c5c79e785a594097bc71d505dc9bcd2c2f6f1ff6f4bab9dbd9d120bb76d06c5be8521a8ca7d
DIST curl-8.13.0.tar.xz.asc 488 BLAKE2B bd568ec32a44ef7c14c38e4830bcc7711dac726e950325292f1e5de76e619839685300c5afac32330127324327e71ce0d6e574f6e95bcc4a48957345152bc86a SHA512 07f79c7fd7c305c96e10a5f52797254aed7d2a1f3577c8626b8d617855ceb82634ac6787bfa0b7130a4ed72c3a9945d3c9ba5b7be54df8bafa07ded1c62ef2be
-DIST curl-8.14.0.tar.xz 2819512 BLAKE2B d8b7d58e6923366265a1d95d3a6f14002729dfb95d88b17ec925d096bd199b206f6c9645e1e4be3bc2d295e8898c35990eda6f45329396f38753725907e402a1 SHA512 d9f49cac0b93dbc53879713cc017392b4277d84b489bbf2ef3b585c6a50eea6c3a7b80043286b34062af04329560f2dc321f315b0038ce93435aa9bbcaec1eea
-DIST curl-8.14.0.tar.xz.asc 488 BLAKE2B 9fa2fe756d7c170b4fc883bd0c23eb103d947e8328d56ea3dea53403d3cd01626ada943595179955f55a77eb8f4da65b5e4d74fe5627fc8c5ab4d88efbb5df3e SHA512 7c147ddb5e141dd9951e2ef6b23fa120318c0e631fb36861b80fce61b4b19ca08273a6b95627f46a8172945fb51bd790ffc74dee0a4b0de860dad518963b4710
DIST curl-8.14.1.tar.xz 2817248 BLAKE2B 4ce2277d143084823855b714e86047a94d4c52a686b8d16d9ab76c31168f1a74d63dfa7608cff36706a8a0b9bf9cc611a9b99860b176a227bca580cd95e9cff2 SHA512 7f6eae04cc23c50fc41d448aa28dfa59141018009e42c5b1e3f4e0d40c0633460b4e6eec05dfc290f7953671096abfa70a8b5443fccdd3f1be6be32ac10b31d9
DIST curl-8.14.1.tar.xz.asc 488 BLAKE2B f664f526dbffa0a1af2b28f51982445f7d9064b3c3b3e6dd04322003db22da2acde5d493c80204b36a9219d42959543c5a0aee47f2365eb713490ff2fc5f475f SHA512 663b1652bb27338310d1475a8b0422f04e68fca74be11a4b7120de948af4fc0c2b08b75ce5372d657aa89504a27b36b937b5091cb2d932297a7490d5e390d99f
diff --git a/net-misc/curl/curl-8.14.0.ebuild b/net-misc/curl/curl-8.14.0.ebuild
deleted file mode 100644
index 9d4ca24..0000000
--- a/net-misc/curl/curl-8.14.0.ebuild
+++ /dev/null
@@ -1,433 +0,0 @@
-# Copyright 1999-2025 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-# Maintainers should subscribe to the 'curl-distros' ML for backports etc
-# https://daniel.haxx.se/blog/2024/03/25/curl-distro-report/
-# https://lists.haxx.se/listinfo/curl-distros
-
-VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/danielstenberg.asc
-inherit autotools multilib-minimal multiprocessing prefix toolchain-funcs verify-sig
-
-DESCRIPTION="A Client that groks URLs"
-HOMEPAGE="https://curl.se/"
-
-if [[ ${PV} == 9999 ]]; then
- inherit git-r3
- EGIT_REPO_URI="https://github.com/curl/curl.git"
-else
- if [[ ${P} == *rc* ]]; then
- CURL_URI="https://curl.se/rc/"
- S="${WORKDIR}/${P//_/-}"
- else
- CURL_URI="https://curl.se/download/"
- KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
- fi
- SRC_URI="
- ${CURL_URI}${P//_/-}.tar.xz
- verify-sig? ( ${CURL_URI}${P//_/-}.tar.xz.asc )
- "
-fi
-
-LICENSE="BSD curl ISC test? ( BSD-4 )"
-SLOT="0"
-IUSE="+adns +alt-svc brotli debug ech +ftp gnutls gopher +hsts +http2 +http3 +httpsrr idn +imap kerberos ldap"
-IUSE+=" mbedtls +openssl +pop3 +psl +quic rtmp rustls samba sasl-scram +smtp ssh ssl static-libs test"
-IUSE+=" telnet +tftp +websockets zstd"
-# These select the default tls implementation / which quic impl to use
-IUSE+=" curl_quic_openssl +curl_quic_ngtcp2 curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls"
-RESTRICT="!test? ( test )"
-
-# HTTPS RR is technically usable with the threaded resolver, but it still uses c-ares to
-# ask for the HTTPS RR record type; if DoH is in use the HTTPS record will be requested
-# in addition to A and AAAA records.
-
-# To simplify dependency management in the ebuild we'll require c-ares for HTTPS RR (for now?).
-# HTTPS RR in cURL is a dependency for:
-# - ECH (requires patched openssl or gnutls currently, enabled with rustls)
-# - Fetching the ALPN list which should provide a better HTTP/3 experience.
-
-# Only one default ssl / quic provider can be enabled
-# The default provider needs its USE satisfied
-# HTTP/3 and MultiSSL are mutually exclusive; it's not clear if MultiSSL offers any benefit at all in the modern day.
-# https://github.com/curl/curl/commit/65ece771f4602107d9cdd339dff4b420280a2c2e
-REQUIRED_USE="
- ech? ( rustls )
- httpsrr? ( adns )
- quic? (
- !curl_quic_openssl
- curl_quic_ngtcp2
- http3
- ssl
- )
- ssl? (
- ^^ (
- curl_ssl_gnutls
- curl_ssl_mbedtls
- curl_ssl_openssl
- curl_ssl_rustls
- )
- )
- curl_quic_openssl? (
- curl_ssl_openssl
- quic
- !gnutls
- !mbedtls
- !rustls
- )
- curl_quic_ngtcp2? (
- quic
- !mbedtls
- !rustls
- )
- curl_ssl_gnutls? ( gnutls )
- curl_ssl_mbedtls? ( mbedtls )
- curl_ssl_openssl? ( openssl )
- curl_ssl_rustls? ( rustls )
- http3? ( alt-svc httpsrr quic )
-"
-
-# cURL's docs and CI/CD are great resources for confirming supported versions
-# particulary for fast-moving targets like HTTP/2 and TCP/2 e.g.:
-# - https://github.com/curl/curl/blob/master/docs/INTERNALS.md (core dependencies + minimum versions)
-# - https://github.com/curl/curl/blob/master/docs/HTTP3.md (example of a feature that moves quickly)
-# - https://github.com/curl/curl/blob/master/.github/workflows/http3-linux.yml (CI/CD for TCP/2)
-# However 'supported' vs 'works' are two entirely different things; be sane but
-# don't be afraid to require a later version.
-# ngtcp2 = https://bugs.gentoo.org/912029 - can only build with one tls backend at a time.
-RDEPEND="
- >=sys-libs/zlib-1.2.5[${MULTILIB_USEDEP}]
- adns? ( >=net-dns/c-ares-1.16.0:=[${MULTILIB_USEDEP}] )
- brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
- http2? ( >=net-libs/nghttp2-1.15.0:=[${MULTILIB_USEDEP}] )
- http3? ( >=net-libs/nghttp3-1.1.0[${MULTILIB_USEDEP}] )
- idn? ( >=net-dns/libidn2-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
- kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
- ldap? ( >=net-nds/openldap-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
- psl? ( net-libs/libpsl[${MULTILIB_USEDEP}] )
- quic? (
- curl_quic_openssl? ( >=dev-libs/openssl-3.3.0:=[quic,${MULTILIB_USEDEP}] )
- curl_quic_ngtcp2? ( >=net-libs/ngtcp2-1.2.0[ssl,openssl,${MULTILIB_USEDEP}] )
- )
- rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
- ssh? ( >=net-libs/libssh2-1.2.8[${MULTILIB_USEDEP}] )
- sasl-scram? ( >=net-misc/gsasl-2.2.0[static-libs?,${MULTILIB_USEDEP}] )
- ssl? (
- gnutls? (
- app-misc/ca-certificates
- >=net-libs/gnutls-3.1.10:=[static-libs?,${MULTILIB_USEDEP}]
- dev-libs/nettle:=[${MULTILIB_USEDEP}]
- )
- mbedtls? (
- app-misc/ca-certificates
- net-libs/mbedtls:0=[${MULTILIB_USEDEP}]
- )
- openssl? (
- >=dev-libs/openssl-1.0.2:=[static-libs?,${MULTILIB_USEDEP}]
- )
- rustls? (
- >=net-libs/rustls-ffi-0.15.0:=[${MULTILIB_USEDEP}]
- )
- )
- zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )
-"
-
-DEPEND="${RDEPEND}"
-
-BDEPEND="
- dev-lang/perl
- virtual/pkgconfig
- test? (
- sys-apps/diffutils
- http2? ( >=net-libs/nghttp2-1.15.0:=[utils,${MULTILIB_USEDEP}] )
- http3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] )
- )
- verify-sig? ( sec-keys/openpgp-keys-danielstenberg )
-"
-
-DOCS=( README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
-
-MULTILIB_WRAPPED_HEADERS=(
- /usr/include/curl/curlbuild.h
-)
-
-MULTILIB_CHOST_TOOLS=(
- /usr/bin/curl-config
-)
-
-QA_CONFIG_IMPL_DECL_SKIP=(
- __builtin_available
- closesocket
- CloseSocket
- getpass_r
- ioctlsocket
- IoctlSocket
- mach_absolute_time
- setmode
- _fseeki64
- # custom AC_LINK_IFELSE code fails to link even without -Werror
- OSSL_QUIC_client_method
-)
-
-PATCHES=(
- "${FILESDIR}/${PN}-prefix-4.patch"
- "${FILESDIR}/${PN}-respect-cflags-3.patch"
- "${FILESDIR}/${P}-add_handle-resizing.patch"
-)
-
-src_prepare() {
- default
-
- eprefixify curl-config.in
- eautoreconf
-}
-
-# Generates TLS-related configure options based on USE flags.
-# Outputs options suitable for appending to a configure options array.
-_get_curl_tls_configure_opts() {
- local tls_opts=()
-
- local backend flag_name
- for backend in gnutls mbedtls openssl rustls; do
- if [[ "$backend" == "openssl" ]]; then
- flag_name="ssl"
- tls_opts+=( "--with-ca-path=${EPREFIX}/etc/ssl/certs")
- else
- flag_name="$backend"
- fi
-
- if use "$backend"; then
- tls_opts+=( "--with-${flag_name}" )
- else
- # If a single backend is enabled, 'ssl' is required, openssl is the default / fallback
- if ! [[ "$backend" == "openssl" ]]; then
- tls_opts+=( "--without-${flag_name}" )
- fi
- fi
- done
-
- if use curl_ssl_gnutls; then
- multilib_is_native_abi && einfo "Default TLS backend: gnutls"
- tls_opts+=( "--with-default-ssl-backend=gnutls" )
- elif use curl_ssl_mbedtls; then
- multilib_is_native_abi && einfo "Default TLS backend: mbedtls"
- tls_opts+=( "--with-default-ssl-backend=mbedtls" )
- elif use curl_ssl_openssl; then
- multilib_is_native_abi && einfo "Default TLS backend: openssl"
- tls_opts+=( "--with-default-ssl-backend=openssl" )
- elif use curl_ssl_rustls; then
- multilib_is_native_abi && einfo "Default TLS backend: rustls"
- tls_opts+=( "--with-default-ssl-backend=rustls" )
- else
- eerror "We can't be here because of REQUIRED_USE."
- die "Please file a bug, hit impossible condition w/ USE=ssl handling."
- fi
-
- # Explicitly Disable unimplemented b
- tls_opts+=(
- --without-amissl
- --without-bearssl
- --without-wolfssl
- )
-
- printf "%s\n" "${tls_opts[@]}"
-}
-
-multilib_src_configure() {
- # We make use of the fact that later flags override earlier ones
- # So start with all ssl providers off until proven otherwise
- # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
- local myconf=()
-
- myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
- if use ssl; then
- local -a tls_backend_opts
- readarray -t tls_backend_opts < <(_get_curl_tls_configure_opts)
- myconf+=("${tls_backend_opts[@]}")
- else
- myconf+=( --without-ssl )
- einfo "SSL disabled"
- fi
-
- # These configuration options are organised alphabetically by category/type
-
- # Protocols
- # `grep SUPPORT_PROTOCOLS=\" configure.ac | awk '{ print substr($2, 1, length($2)-1)}' | sort`
- # Assume that anything omitted (that is not new!) is enabled by default with no deps
- myconf+=(
- --enable-file
- $(use_enable ftp)
- $(use_enable gopher)
- --enable-http
- $(use_enable imap) # Automatic IMAPS if TLS is enabled
- $(use_enable ldap ldaps)
- $(use_enable ldap)
- $(use_enable pop3)
- $(use_enable samba smb)
- $(use_with ssh libssh2) # enables scp/sftp
- $(use_with rtmp librtmp)
- --enable-rtsp
- $(use_enable smtp)
- $(use_enable telnet)
- $(use_enable tftp)
- $(use_enable websockets)
- )
-
- # Keep various 'HTTP-flavoured' options together
- myconf+=(
- $(use_enable alt-svc)
- $(use_enable hsts)
- $(use_enable httpsrr)
- $(use_with http2 nghttp2)
- $(use_with http3 nghttp3)
- $(use_with curl_quic_ngtcp2 ngtcp2)
- $(use_with curl_quic_openssl openssl-quic)
- )
-
- # --enable/disable options
- # `grep -- --enable configure | grep Check | awk '{ print $4 }' | sort`
- myconf+=(
- $(use_enable adns ares)
- --enable-aws
- --enable-basic-auth
- --enable-bearer-auth
- --enable-cookies
- --enable-dateparse
- --enable-dict
- --enable-digest-auth
- --enable-dnsshuffle
- --enable-doh
- $(use_enable ech)
- --enable-http-auth
- --enable-ipv6
- --enable-kerberos-auth
- --enable-largefile
- --enable-manual
- --enable-mime
- --enable-negotiate-auth
- --enable-netrc
- --enable-ntlm
- --enable-progress-meter
- --enable-proxy
- --enable-rt
- --enable-socketpair
- --disable-sspi
- $(use_enable static-libs static)
- --enable-symbol-hiding
- --enable-tls-srp
- --disable-versioned-symbols
- )
-
- # --with/without options
- # `grep -- --with configure | grep Check | awk '{ print $4 }' | sort`
- myconf+=(
- $(use_with brotli)
- --with-fish-functions-dir="${EPREFIX}"/usr/share/fish/vendor_completions.d
- $(use_with idn libidn2)
- $(use_with kerberos gssapi "${EPREFIX}"/usr)
- $(use_with sasl-scram libgsasl)
- $(use_with psl libpsl)
- --without-msh3
- --without-quiche
- --without-schannel
- --without-secure-transport
- --without-winidn
- --with-zlib
- --with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions
- $(use_with zstd)
- )
-
- # Test deps (disabled)
- myconf+=(
- --without-test-caddy
- --without-test-httpd
- --without-test-nghttpx
- )
-
- if use debug; then
- myconf+=(
- --enable-debug
- )
- fi
-
- if use test && multilib_is_native_abi && ( use http2 || use http3 ); then
- myconf+=(
- --with-test-nghttpx="${BROOT}/usr/bin/nghttpx"
- )
- fi
-
- # Since 8.12.0 adns/c-ares and the threaded resolver are mutually exclusive
- # This is in support of some work to enable `httpsrr` to use adns and the rest
- # of curl to use the threaded resolver; for us `httpsrr` is conditional on adns.
- if use adns; then
- myconf+=(
- --disable-threaded-resolver
- )
- else
- myconf+=(
- --enable-threaded-resolver
- )
- fi
-
- ECONF_SOURCE="${S}" econf "${myconf[@]}"
-
- if ! multilib_is_native_abi; then
- # Avoid building the client (we just want libcurl for multilib)
- sed -i -e '/SUBDIRS/s:src::' Makefile || die
- sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
- fi
-
-}
-
-multilib_src_compile() {
- default
-
- if multilib_is_native_abi; then
- # Shell completions
- ! tc-is-cross-compiler && emake -C scripts
- fi
-}
-
-# There is also a pytest harness that tests for bugs in some very specific
-# situations; we can rely on upstream for this rather than adding additional test deps.
-multilib_src_test() {
- # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
- # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
- # -v: verbose
- # -a: keep going on failure (so we see everything that breaks, not just 1st test)
- # -k: keep test files after completion
- # -am: automake style TAP output
- # -p: print logs if test fails
- # Note: if needed, we can skip specific tests. See e.g. Fedora's packaging
- # or just read https://github.com/curl/curl/tree/master/tests#run.
- # Note: we don't run the testsuite for cross-compilation.
- # Upstream recommend 7*nproc as a starting point for parallel tests, but
- # this ends up breaking when nproc is huge (like -j80).
- # The network sandbox causes tests 241 and 1083 to fail; these are typically skipped
- # as most gentoo users don't have an 'ip6-localhost'
- multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p -j$((2*$(makeopts_jobs))) !241 !1083"
-}
-
-multilib_src_install() {
- emake DESTDIR="${D}" install
-
- if multilib_is_native_abi; then
- # Shell completions
- ! tc-is-cross-compiler && emake -C scripts DESTDIR="${D}" install
- fi
-}
-
-multilib_src_install_all() {
- einstalldocs
- find "${ED}" -type f -name '*.la' -delete || die
- rm -rf "${ED}"/etc/ || die
-}
-
-pkg_postinst() {
- if use debug; then
- ewarn "USE=debug has been selected, enabling debug codepaths and making cURL extra verbose."
- ewarn "Use this _only_ for testing. Debug builds should _not_ be used in anger."
- ewarn "hic sunt dracones; you have been warned."
- fi
-}
diff --git a/net-misc/curl/files/curl-8.14.0-add_handle-resizing.patch b/net-misc/curl/files/curl-8.14.0-add_handle-resizing.patch
deleted file mode 100644
index 0bbf026..0000000
--- a/net-misc/curl/files/curl-8.14.0-add_handle-resizing.patch
+++ /dev/null
@@ -1,187 +0,0 @@
-https://github.com/curl/curl/commit/d16ccbd55de80c271fe822f4ba8b6271fd9166ff
-From: Stefan Eissing <stefan@eissing.org>
-Date: Wed, 28 May 2025 14:04:31 +0200
-Subject: [PATCH] multi: fix add_handle resizing
-
-Due to someone being stupid, the resizing of the multi's transfer
-table was actually shrinking it. Oh my.
-
-Add test751 to reproduce, add code assertion.
-
-Fixes #17473
-Reported-by: Jeroen Ooms
-Closes #17475
---- a/lib/multi.c
-+++ b/lib/multi.c
-@@ -347,7 +347,8 @@ static CURLMcode multi_xfers_add(struct Curl_multi *multi,
- if(unused <= min_unused) {
- /* make it a 64 multiple, since our bitsets frow by that and
- * small (easy_multi) grows to at least 64 on first resize. */
-- unsigned int newsize = ((capacity + min_unused) + 63) / 64;
-+ unsigned int newsize = (((capacity + min_unused) + 63) / 64) * 64;
-+ DEBUGASSERT(newsize > capacity);
- /* Grow the bitsets first. Should one fail, we do not need
- * to downsize the already resized ones. The sets continue
- * to work properly when larger than the table, but not
---- a/tests/data/Makefile.am
-+++ b/tests/data/Makefile.am
-@@ -107,7 +107,7 @@ test709 test710 test711 test712 test713 test714 test715 test716 test717 \
- test718 test719 test720 test721 test722 test723 test724 test725 test726 \
- test727 test728 test729 test730 test731 test732 test733 test734 test735 \
- test736 test737 test738 test739 test740 test741 test742 test743 test744 \
--test745 test746 test747 test748 test749 test750 \
-+test745 test746 test747 test748 test749 test750 test751 \
- \
- test780 test781 test782 test783 test784 test785 test786 test787 test788 \
- test789 test790 test791 \
---- /dev/null
-+++ b/tests/data/test751
-@@ -0,0 +1,33 @@
-+<testcase>
-+<info>
-+<keywords>
-+MULTI
-+</keywords>
-+</info>
-+<reply>
-+<data>
-+</data>
-+</reply>
-+
-+# Client-side
-+<client>
-+<server>
-+none
-+</server>
-+# tool is what to use instead of 'curl'
-+<tool>
-+lib%TESTNUMBER
-+</tool>
-+
-+<name>
-+multi - add many easy handles
-+</name>
-+<command>
-+</command>
-+</file>
-+</client>
-+
-+# Verify data after the test has been "shot"
-+<verify>
-+</verify>
-+</testcase>
---- a/tests/libtest/Makefile.inc
-+++ b/tests/libtest/Makefile.inc
-@@ -50,6 +50,7 @@ LIBTESTPROGS = libauthretry libntlmconnect libprereq \
- lib659 lib661 lib666 lib667 lib668 \
- lib670 lib671 lib672 lib673 lib674 lib676 lib677 lib678 lib694 lib695 \
- lib696 \
-+ lib751 \
- lib1156 \
- lib1301 \
- lib1308 \
-@@ -349,6 +350,9 @@ lib695_SOURCES = lib695.c $(SUPPORTFILES)
- lib696_SOURCES = lib556.c $(SUPPORTFILES) $(WARNLESS)
- lib696_CPPFLAGS = $(AM_CPPFLAGS) -DLIB696
-
-+lib751_SOURCES = lib751.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
-+lib751_LDADD = $(TESTUTIL_LIBS)
-+
- lib1301_SOURCES = lib1301.c $(SUPPORTFILES) $(TESTUTIL)
- lib1301_LDADD = $(TESTUTIL_LIBS)
-
---- /dev/null
-+++ b/tests/libtest/lib751.c
-@@ -0,0 +1,92 @@
-+/***************************************************************************
-+ * _ _ ____ _
-+ * Project ___| | | | _ \| |
-+ * / __| | | | |_) | |
-+ * | (__| |_| | _ <| |___
-+ * \___|\___/|_| \_\_____|
-+ *
-+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
-+ *
-+ * This software is licensed as described in the file COPYING, which
-+ * you should have received as part of this distribution. The terms
-+ * are also available at https://curl.se/docs/copyright.html.
-+ *
-+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
-+ * copies of the Software, and permit persons to whom the Software is
-+ * furnished to do so, under the terms of the COPYING file.
-+ *
-+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
-+ * KIND, either express or implied.
-+ *
-+ * SPDX-License-Identifier: curl
-+ *
-+ ***************************************************************************/
-+#include "test.h"
-+
-+#include "testutil.h"
-+#include "warnless.h"
-+#include "memdebug.h"
-+
-+#define TEST_HANG_TIMEOUT 60 * 1000
-+
-+/*
-+ * Get a single URL without select().
-+ */
-+
-+CURLcode test(char *URL)
-+{
-+ CURL *easies[1000];
-+ CURLM *m;
-+ CURLcode res = CURLE_FAILED_INIT;
-+ CURLMcode mres;
-+ int i;
-+
-+ (void)URL;
-+ memset(easies, 0, sizeof(easies));
-+
-+ curl_global_init(CURL_GLOBAL_DEFAULT);
-+ m = curl_multi_init();
-+ if(!m) {
-+ res = CURLE_OUT_OF_MEMORY;
-+ goto test_cleanup;
-+ }
-+
-+ for(i = 0; i < 1000; i++) {
-+ CURL *e = curl_easy_init();
-+ if(!e) {
-+ res = CURLE_OUT_OF_MEMORY;
-+ goto test_cleanup;
-+ }
-+ easies[i] = e;
-+
-+ res = curl_easy_setopt(e, CURLOPT_URL, "https://www.example.com/");
-+ if(!res)
-+ res = curl_easy_setopt(e, CURLOPT_VERBOSE, 1L);
-+ if(res)
-+ goto test_cleanup;
-+
-+ mres = curl_multi_add_handle(m, e);
-+ if(mres != CURLM_OK) {
-+ printf("MULTI ERROR: %s\n", curl_multi_strerror(mres));
-+ res = CURLE_FAILED_INIT;
-+ goto test_cleanup;
-+ }
-+ }
-+
-+test_cleanup:
-+
-+ if(res)
-+ printf("ERROR: %s\n", curl_easy_strerror(res));
-+
-+ for(i = 0; i < 1000; i++) {
-+ if(easies[i]) {
-+ curl_multi_add_handle(m, easies[i]);
-+ curl_easy_cleanup(easies[i]);
-+ easies[i] = NULL;
-+ }
-+ }
-+ curl_multi_cleanup(m);
-+ curl_global_cleanup();
-+
-+ return res;
-+}
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [gentoo-commits] repo/proj/libressl:master commit in: net-misc/curl/files/, net-misc/curl/
@ 2025-09-13 2:57 orbea
0 siblings, 0 replies; 8+ messages in thread
From: orbea @ 2025-09-13 2:57 UTC (permalink / raw
To: gentoo-commits
commit: 5225a8c7ae2a0833686d2aec37dbc4608f35a33c
Author: orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Thu Sep 11 14:10:09 2025 +0000
Commit: orbea <orbea <AT> riseup <DOT> net>
CommitDate: Thu Sep 11 14:10:09 2025 +0000
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=5225a8c7
net-misc/curl: add 8.16.0
Signed-off-by: orbea <orbea <AT> riseup.net>
net-misc/curl/Manifest | 2 +
net-misc/curl/curl-8.16.0.ebuild | 435 ++++++++++++++++++++++++++++++++
net-misc/curl/files/curl-prefix-5.patch | 29 +++
3 files changed, 466 insertions(+)
diff --git a/net-misc/curl/Manifest b/net-misc/curl/Manifest
index 8d7ac6d..4b4076c 100644
--- a/net-misc/curl/Manifest
+++ b/net-misc/curl/Manifest
@@ -6,3 +6,5 @@ DIST curl-8.14.1.tar.xz 2817248 BLAKE2B 4ce2277d143084823855b714e86047a94d4c52a6
DIST curl-8.14.1.tar.xz.asc 488 BLAKE2B f664f526dbffa0a1af2b28f51982445f7d9064b3c3b3e6dd04322003db22da2acde5d493c80204b36a9219d42959543c5a0aee47f2365eb713490ff2fc5f475f SHA512 663b1652bb27338310d1475a8b0422f04e68fca74be11a4b7120de948af4fc0c2b08b75ce5372d657aa89504a27b36b937b5091cb2d932297a7490d5e390d99f
DIST curl-8.15.0.tar.xz 2773156 BLAKE2B ae809be87f34d079413129c27e618a6d15c2bf9087fd7e679cefe9b6d8645f0dd092e8c3e1f62b7bd0dffdd0b77e0bc5ac031ffce4e50060ec20b280618c8e68 SHA512 d27e316d70973906ac4b8d2c280f7e99b7528966aa1220c13a38ed45fca2ed6bbde54b8a9d7bed9e283171b92edb621f7b95162ef7d392e6383b0ee469de3191
DIST curl-8.15.0.tar.xz.asc 488 BLAKE2B 4b0bab065a1d2d5b7e5d49989bd4953344d844cafd3036b4cb2ed2dec82e59031832f05c06dc6a801e4668d92c936df74aeff7a5f2c15ff614da4b1673a67501 SHA512 b6aef1c6a1f32c60401494df565a748fa96c1d5098138772c22f6208bafeb8e61402f3077cbc274ea2c05f35ff376d8f736c58554520f8d20fded36d876499a5
+DIST curl-8.16.0.tar.xz 2788632 BLAKE2B 573d56779481abf0b7d20225bba4f068cb726f23f69ce10076438e32cc6c16d1229c211aee05fc5e3e9cb9d78bbfdc5da0d8b73e730c0865879000eb90accf6a SHA512 8262c3dc113cfd5744ef1b82dbccaa69448a9395ad5c094c22df5cf537a047a927d3332db2cb3be12a31a68a60d8d0fa8485b916e975eda36a4ebd860da4f621
+DIST curl-8.16.0.tar.xz.asc 488 BLAKE2B d213bd447c668118b49b7356dc99e710de927b93f81325802bae5e286b61481da6ed30f23c7f4f3cfb0f01222db88602ff4e510f4a1401e98511eb0c72ac6abb SHA512 591568e997c0d955a00152ce5bdfb4586d84b42f5c1e15df503514fb4eb4bf289a98b1ebdad23913119c67c27d51a6e6f4065ee6f7657b971c3a581c928a0d82
diff --git a/net-misc/curl/curl-8.16.0.ebuild b/net-misc/curl/curl-8.16.0.ebuild
new file mode 100644
index 0000000..f7eafa5
--- /dev/null
+++ b/net-misc/curl/curl-8.16.0.ebuild
@@ -0,0 +1,435 @@
+# Copyright 1999-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Maintainers should subscribe to the 'curl-distros' ML for backports etc
+# https://daniel.haxx.se/blog/2024/03/25/curl-distro-report/
+# https://lists.haxx.se/listinfo/curl-distros
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/danielstenberg.asc
+inherit autotools multilib-minimal multiprocessing prefix toolchain-funcs verify-sig
+
+DESCRIPTION="A Client that groks URLs"
+HOMEPAGE="https://curl.se/"
+
+if [[ ${PV} == 9999 ]]; then
+ inherit git-r3
+ EGIT_REPO_URI="https://github.com/curl/curl.git"
+else
+ if [[ ${P} == *rc* ]]; then
+ CURL_URI="https://curl.se/rc/"
+ S="${WORKDIR}/${P//_/-}"
+ else
+ CURL_URI="https://curl.se/download/"
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+ fi
+ SRC_URI="
+ ${CURL_URI}${P//_/-}.tar.xz
+ verify-sig? ( ${CURL_URI}${P//_/-}.tar.xz.asc )
+ "
+fi
+
+LICENSE="BSD curl ISC test? ( BSD-4 )"
+SLOT="0"
+IUSE="+adns +alt-svc brotli debug ech +ftp gnutls gopher +hsts +http2 +http3 +httpsrr idn +imap kerberos ldap"
+IUSE+=" mbedtls +openssl +pop3 +psl +quic rtmp rustls samba sasl-scram +smtp ssh ssl static-libs test"
+IUSE+=" telnet +tftp +websockets zstd"
+# These select the default tls implementation / which quic impl to use
+IUSE+=" curl_quic_openssl +curl_quic_ngtcp2 curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls"
+RESTRICT="!test? ( test )"
+
+# HTTPS RR is technically usable with the threaded resolver, but it still uses c-ares to
+# ask for the HTTPS RR record type; if DoH is in use the HTTPS record will be requested
+# in addition to A and AAAA records.
+
+# To simplify dependency management in the ebuild we'll require c-ares for HTTPS RR (for now?).
+# HTTPS RR in cURL is a dependency for:
+# - ECH (requires patched openssl or gnutls currently, enabled with rustls)
+# - Fetching the ALPN list which should provide a better HTTP/3 experience.
+
+# Only one default ssl / quic provider can be enabled
+# The default provider needs its USE satisfied
+# HTTP/3 and MultiSSL are mutually exclusive; it's not clear if MultiSSL offers any benefit at all in the modern day.
+# https://github.com/curl/curl/commit/65ece771f4602107d9cdd339dff4b420280a2c2e
+REQUIRED_USE="
+ ech? ( rustls )
+ httpsrr? ( adns )
+ quic? (
+ !curl_quic_openssl
+ curl_quic_ngtcp2
+ http3
+ ssl
+ )
+ ssl? (
+ ^^ (
+ curl_ssl_gnutls
+ curl_ssl_mbedtls
+ curl_ssl_openssl
+ curl_ssl_rustls
+ )
+ )
+ curl_quic_openssl? (
+ curl_ssl_openssl
+ !gnutls
+ !mbedtls
+ !rustls
+ )
+ curl_quic_ngtcp2? (
+ !mbedtls
+ !rustls
+ )
+ curl_ssl_gnutls? ( gnutls )
+ curl_ssl_mbedtls? ( mbedtls )
+ curl_ssl_openssl? ( openssl )
+ curl_ssl_rustls? ( rustls )
+ http3? ( alt-svc httpsrr quic )
+"
+
+# cURL's docs and CI/CD are great resources for confirming supported versions
+# particulary for fast-moving targets like HTTP/2 and TCP/2 e.g.:
+# - https://github.com/curl/curl/blob/master/docs/INTERNALS.md (core dependencies + minimum versions)
+# - https://github.com/curl/curl/blob/master/docs/HTTP3.md (example of a feature that moves quickly)
+# - https://github.com/curl/curl/blob/master/.github/workflows/http3-linux.yml (CI/CD for TCP/2)
+# However 'supported' vs 'works' are two entirely different things; be sane but
+# don't be afraid to require a later version.
+# ngtcp2 = https://bugs.gentoo.org/912029 - can only build with one tls backend at a time.
+RDEPEND="
+ >=sys-libs/zlib-1.2.5[${MULTILIB_USEDEP}]
+ adns? ( >=net-dns/c-ares-1.16.0:=[${MULTILIB_USEDEP}] )
+ brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
+ http2? ( >=net-libs/nghttp2-1.15.0:=[${MULTILIB_USEDEP}] )
+ http3? ( >=net-libs/nghttp3-1.1.0[${MULTILIB_USEDEP}] )
+ idn? ( >=net-dns/libidn2-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
+ kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
+ ldap? ( >=net-nds/openldap-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
+ psl? ( net-libs/libpsl[${MULTILIB_USEDEP}] )
+ quic? (
+ curl_quic_openssl? ( >=dev-libs/openssl-3.3.0:=[quic,${MULTILIB_USEDEP}] )
+ curl_quic_ngtcp2? ( >=net-libs/ngtcp2-1.2.0[ssl,openssl,${MULTILIB_USEDEP}] )
+ )
+ rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
+ ssh? ( >=net-libs/libssh2-1.2.8[${MULTILIB_USEDEP}] )
+ sasl-scram? ( >=net-misc/gsasl-2.2.0[static-libs?,${MULTILIB_USEDEP}] )
+ ssl? (
+ gnutls? (
+ app-misc/ca-certificates
+ >=net-libs/gnutls-3.1.10:=[static-libs?,${MULTILIB_USEDEP}]
+ dev-libs/nettle:=[${MULTILIB_USEDEP}]
+ )
+ mbedtls? (
+ app-misc/ca-certificates
+ net-libs/mbedtls:0=[${MULTILIB_USEDEP}]
+ )
+ openssl? (
+ >=dev-libs/openssl-1.0.2:=[static-libs?,${MULTILIB_USEDEP}]
+ )
+ rustls? (
+ >=net-libs/rustls-ffi-0.15.0:=[${MULTILIB_USEDEP}]
+ )
+ )
+ zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )
+"
+
+DEPEND="${RDEPEND}"
+
+BDEPEND="
+ dev-lang/perl
+ virtual/pkgconfig
+ test? (
+ sys-apps/diffutils
+ http2? ( >=net-libs/nghttp2-1.15.0:=[utils,${MULTILIB_USEDEP}] )
+ http3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] )
+ )
+ verify-sig? ( sec-keys/openpgp-keys-danielstenberg )
+"
+
+DOCS=( README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
+
+MULTILIB_WRAPPED_HEADERS=(
+ /usr/include/curl/curlbuild.h
+)
+
+MULTILIB_CHOST_TOOLS=(
+ /usr/bin/curl-config
+)
+
+QA_CONFIG_IMPL_DECL_SKIP=(
+ __builtin_available
+ closesocket
+ CloseSocket
+ getpass_r
+ ioctlsocket
+ IoctlSocket
+ mach_absolute_time
+ setmode
+ _fseeki64
+ # custom AC_LINK_IFELSE code fails to link even without -Werror
+ OSSL_QUIC_client_method
+)
+
+PATCHES=(
+ "${FILESDIR}/${PN}-prefix-5.patch"
+ "${FILESDIR}/${PN}-respect-cflags-3.patch"
+)
+
+src_prepare() {
+ default
+
+ eprefixify curl-config.in
+ eautoreconf
+}
+
+# Generates TLS-related configure options based on USE flags.
+# Outputs options suitable for appending to a configure options array.
+_get_curl_tls_configure_opts() {
+ local tls_opts=()
+
+ local backend flag_name
+ for backend in gnutls mbedtls openssl rustls; do
+ if [[ "$backend" == "openssl" ]]; then
+ flag_name="ssl"
+ tls_opts+=( "--with-ca-path=${EPREFIX}/etc/ssl/certs")
+ else
+ flag_name="$backend"
+ fi
+
+ if use "$backend"; then
+ tls_opts+=( "--with-${flag_name}" )
+ else
+ # If a single backend is enabled, 'ssl' is required, openssl is the default / fallback
+ if ! [[ "$backend" == "openssl" ]]; then
+ tls_opts+=( "--without-${flag_name}" )
+ fi
+ fi
+ done
+
+ if use curl_ssl_gnutls; then
+ multilib_is_native_abi && einfo "Default TLS backend: gnutls"
+ tls_opts+=( "--with-default-ssl-backend=gnutls" )
+ elif use curl_ssl_mbedtls; then
+ multilib_is_native_abi && einfo "Default TLS backend: mbedtls"
+ tls_opts+=( "--with-default-ssl-backend=mbedtls" )
+ elif use curl_ssl_openssl; then
+ multilib_is_native_abi && einfo "Default TLS backend: openssl"
+ tls_opts+=( "--with-default-ssl-backend=openssl" )
+ elif use curl_ssl_rustls; then
+ multilib_is_native_abi && einfo "Default TLS backend: rustls"
+ tls_opts+=( "--with-default-ssl-backend=rustls" )
+ else
+ eerror "We can't be here because of REQUIRED_USE."
+ die "Please file a bug, hit impossible condition w/ USE=ssl handling."
+ fi
+
+ # Explicitly Disable unimplemented backends
+ tls_opts+=(
+ --without-amissl
+ --without-wolfssl
+ )
+
+ printf "%s\n" "${tls_opts[@]}"
+}
+
+multilib_src_configure() {
+ # We make use of the fact that later flags override earlier ones
+ # So start with all ssl providers off until proven otherwise
+ # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
+ local myconf=()
+
+ myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
+ if use ssl; then
+ local -a tls_backend_opts
+ readarray -t tls_backend_opts < <(_get_curl_tls_configure_opts)
+ myconf+=("${tls_backend_opts[@]}")
+ if use quic; then
+ myconf+=(
+ $(use_with curl_quic_ngtcp2 ngtcp2)
+ $(use_with curl_quic_openssl openssl-quic)
+ )
+ else
+ # Without a REQUIRED_USE to ensure that QUIC was requested when at least one default backend is
+ # enabled we need ensure that we don't try to build QUIC support
+ myconf+=( --without-ngtcp2 --without-openssl-quic )
+ fi
+ else
+ myconf+=( --without-ssl )
+ einfo "SSL disabled"
+ fi
+
+ # These configuration options are organised alphabetically by category/type
+
+ # Protocols
+ # `grep SUPPORT_PROTOCOLS=\" configure.ac | awk '{ print substr($2, 1, length($2)-1)}' | sort`
+ # Assume that anything omitted (that is not new!) is enabled by default with no deps
+ myconf+=(
+ --enable-file
+ $(use_enable ftp)
+ $(use_enable gopher)
+ --enable-http
+ $(use_enable imap) # Automatic IMAPS if TLS is enabled
+ $(use_enable ldap ldaps)
+ $(use_enable ldap)
+ $(use_enable pop3)
+ $(use_enable samba smb)
+ $(use_with ssh libssh2) # enables scp/sftp
+ $(use_with rtmp librtmp)
+ --enable-rtsp
+ $(use_enable smtp)
+ $(use_enable telnet)
+ $(use_enable tftp)
+ $(use_enable websockets)
+ )
+
+ # Keep various 'HTTP-flavoured' options together
+ myconf+=(
+ $(use_enable alt-svc)
+ $(use_enable hsts)
+ $(use_enable httpsrr)
+ $(use_with http2 nghttp2)
+ $(use_with http3 nghttp3)
+ )
+
+ # --enable/disable options
+ # `grep -- --enable configure | grep Check | awk '{ print $4 }' | sort`
+ myconf+=(
+ $(use_enable adns ares)
+ --enable-aws
+ --enable-basic-auth
+ --enable-bearer-auth
+ --enable-cookies
+ --enable-dateparse
+ --enable-dict
+ --enable-digest-auth
+ --enable-dnsshuffle
+ --enable-doh
+ $(use_enable ech)
+ --enable-http-auth
+ --enable-ipv6
+ --enable-kerberos-auth
+ --enable-largefile
+ --enable-manual
+ --enable-mime
+ --enable-negotiate-auth
+ --enable-netrc
+ --enable-ntlm
+ --enable-progress-meter
+ --enable-proxy
+ --enable-rt
+ --enable-socketpair
+ --disable-sspi
+ $(use_enable static-libs static)
+ --enable-symbol-hiding
+ --enable-tls-srp
+ --disable-versioned-symbols
+ )
+
+ # --with/without options
+ # `grep -- --with configure | grep Check | awk '{ print $4 }' | sort`
+ myconf+=(
+ $(use_with brotli)
+ --with-fish-functions-dir="${EPREFIX}"/usr/share/fish/vendor_completions.d
+ $(use_with idn libidn2)
+ $(use_with kerberos gssapi "${EPREFIX}"/usr)
+ $(use_with sasl-scram libgsasl)
+ $(use_with psl libpsl)
+ --without-quiche
+ --without-schannel
+ --without-winidn
+ --with-zlib
+ --with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions
+ $(use_with zstd)
+ )
+
+ # Test deps (disabled)
+ myconf+=(
+ --without-test-caddy
+ --without-test-httpd
+ --without-test-nghttpx
+ )
+
+ if use debug; then
+ myconf+=(
+ --enable-debug
+ )
+ fi
+
+ if use test && multilib_is_native_abi && ( use http2 || use http3 ); then
+ myconf+=(
+ --with-test-nghttpx="${BROOT}/usr/bin/nghttpx"
+ )
+ fi
+
+ # Since 8.12.0 adns/c-ares and the threaded resolver are mutually exclusive
+ # This is in support of some work to enable `httpsrr` to use adns and the rest
+ # of curl to use the threaded resolver; for us `httpsrr` is conditional on adns.
+ if use adns; then
+ myconf+=(
+ --disable-threaded-resolver
+ )
+ else
+ myconf+=(
+ --enable-threaded-resolver
+ )
+ fi
+
+ ECONF_SOURCE="${S}" econf "${myconf[@]}"
+
+ if ! multilib_is_native_abi; then
+ # Avoid building the client (we just want libcurl for multilib)
+ sed -i -e '/SUBDIRS/s:src::' Makefile || die
+ sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
+ fi
+
+}
+
+multilib_src_compile() {
+ default
+
+ if multilib_is_native_abi; then
+ # Shell completions
+ ! tc-is-cross-compiler && emake -C scripts
+ fi
+}
+
+# There is also a pytest harness that tests for bugs in some very specific
+# situations; we can rely on upstream for this rather than adding additional test deps.
+multilib_src_test() {
+ # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
+ # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
+ # -v: verbose
+ # -a: keep going on failure (so we see everything that breaks, not just 1st test)
+ # -k: keep test files after completion
+ # -am: automake style TAP output
+ # -p: print logs if test fails
+ # Note: if needed, we can skip specific tests. See e.g. Fedora's packaging
+ # or just read https://github.com/curl/curl/tree/master/tests#run.
+ # Note: we don't run the testsuite for cross-compilation.
+ # Upstream recommend 7*nproc as a starting point for parallel tests, but
+ # this ends up breaking when nproc is huge (like -j80).
+ # The network sandbox causes tests 241 and 1083 to fail; these are typically skipped
+ # as most gentoo users don't have an 'ip6-localhost'
+ multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p -j$((2*$(makeopts_jobs))) !241 !1083"
+}
+
+multilib_src_install() {
+ emake DESTDIR="${D}" install
+
+ if multilib_is_native_abi; then
+ # Shell completions
+ ! tc-is-cross-compiler && emake -C scripts DESTDIR="${D}" install
+ fi
+}
+
+multilib_src_install_all() {
+ einstalldocs
+ find "${ED}" -type f -name '*.la' -delete || die
+ rm -rf "${ED}"/etc/ || die
+}
+
+pkg_postinst() {
+ if use debug; then
+ ewarn "USE=debug has been selected, enabling debug codepaths and making cURL extra verbose."
+ ewarn "Use this _only_ for testing. Debug builds should _not_ be used in anger."
+ ewarn "hic sunt dracones; you have been warned."
+ fi
+}
diff --git a/net-misc/curl/files/curl-prefix-5.patch b/net-misc/curl/files/curl-prefix-5.patch
new file mode 100644
index 0000000..7707017
--- /dev/null
+++ b/net-misc/curl/files/curl-prefix-5.patch
@@ -0,0 +1,29 @@
+From 05d97da1f669a1486489897128c2374b562ab176 Mon Sep 17 00:00:00 2001
+From: Matt Jolly <kangie@gentoo.org>
+Date: Tue, 2 Sep 2025 08:41:51 +1000
+Subject: [PATCH] Update prefix patch for 8.16.0
+
+Signed-off-by: Matt Jolly <kangie@gentoo.org>
+--- a/curl-config.in
++++ b/curl-config.in
+@@ -141,7 +141,7 @@ while test "$#" -gt 0; do
+ ;;
+
+ --cflags)
+- if test "@includedir@" = '/usr/include'; then
++ if test "@includedir@" = "GENTOO_PORTAGE_EPREFIX@/usr/include"; then
+ echo '@LIBCURL_PC_CFLAGS@'
+ else
+ echo "@LIBCURL_PC_CFLAGS@ -I@includedir@"
+@@ -149,7 +149,7 @@ while test "$#" -gt 0; do
+ ;;
+
+ --libs)
+- if test "@libdir@" != '/usr/lib' -a "@libdir@" != '/usr/lib64'; then
++ if test "@libdir@" != "@GENTOO_PORTAGE_EPREFIX@/usr/lib" -a "@libdir@" != "@GENTOO_PORTAGE_EPREFIX@/usr/lib64"; then
+ curllibdir="-L@libdir@ "
+ else
+ curllibdir=''
+--
+2.50.1
+
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [gentoo-commits] repo/proj/libressl:master commit in: net-misc/curl/files/, net-misc/curl/
@ 2025-09-20 14:48 orbea
0 siblings, 0 replies; 8+ messages in thread
From: orbea @ 2025-09-20 14:48 UTC (permalink / raw
To: gentoo-commits
commit: baed721bb3600b9b4fd796d706864c1db31319f2
Author: orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Sat Sep 20 14:44:20 2025 +0000
Commit: orbea <orbea <AT> riseup <DOT> net>
CommitDate: Sat Sep 20 14:44:20 2025 +0000
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=baed721b
net-misc/curl: add 8.16.0-r1, drop 8.16.0
Signed-off-by: orbea <orbea <AT> riseup.net>
.../{curl-8.16.0.ebuild => curl-8.16.0-r1.ebuild} | 2 +
.../curl/files/curl-8.16.0-pthread_cancel.patch | 399 +++++++++++++++++++++
.../curl/files/curl-8.16.0-ssl_verifyhost.patch | 63 ++++
3 files changed, 464 insertions(+)
diff --git a/net-misc/curl/curl-8.16.0.ebuild b/net-misc/curl/curl-8.16.0-r1.ebuild
similarity index 99%
rename from net-misc/curl/curl-8.16.0.ebuild
rename to net-misc/curl/curl-8.16.0-r1.ebuild
index f7eafa5..60dbb36 100644
--- a/net-misc/curl/curl-8.16.0.ebuild
+++ b/net-misc/curl/curl-8.16.0-r1.ebuild
@@ -171,6 +171,8 @@ QA_CONFIG_IMPL_DECL_SKIP=(
PATCHES=(
"${FILESDIR}/${PN}-prefix-5.patch"
"${FILESDIR}/${PN}-respect-cflags-3.patch"
+ "${FILESDIR}/${P}-ssl_verifyhost.patch"
+ "${FILESDIR}/${P}-pthread_cancel.patch"
)
src_prepare() {
diff --git a/net-misc/curl/files/curl-8.16.0-pthread_cancel.patch b/net-misc/curl/files/curl-8.16.0-pthread_cancel.patch
new file mode 100644
index 0000000..1cc185c
--- /dev/null
+++ b/net-misc/curl/files/curl-8.16.0-pthread_cancel.patch
@@ -0,0 +1,399 @@
+https://github.com/curl/curl/commit/de3fc1d7adb78c078e4cc7ccc48e550758094ad3
+From: Stefan Eissing <stefan@eissing.org>
+Date: Sat, 13 Sep 2025 15:25:53 +0200
+Subject: [PATCH] asyn-thrdd: drop pthread_cancel
+
+Remove use of pthread_cancel in asnyc threaded resolving. While there
+are system where this works, others might leak to resource leakage
+(memory, files, etc.). The popular nsswitch is one example where resolve
+code can be dragged in that is not prepared.
+
+The overall promise and mechanism of pthread_cancel() is just too
+brittle and the historcal design of getaddrinfo() continues to haunt us.
+
+Fixes #18532
+Reported-by: Javier Blazquez
+Closes #18540
+--- a/docs/libcurl/libcurl-env-dbg.md
++++ b/docs/libcurl/libcurl-env-dbg.md
+@@ -83,11 +83,6 @@ When built with c-ares for name resolving, setting this environment variable
+ to `[IP:port]` makes libcurl use that DNS server instead of the system
+ default. This is used by the curl test suite.
+
+-## `CURL_DNS_DELAY_MS`
+-
+-Delay the DNS resolve by this many milliseconds. This is used in the test
+-suite to check proper handling of CURLOPT_CONNECTTIMEOUT(3).
+-
+ ## `CURL_FTP_PWD_STOP`
+
+ When set, the first transfer - when using ftp: - returns before sending
+--- a/lib/asyn-thrdd.c
++++ b/lib/asyn-thrdd.c
+@@ -199,14 +199,6 @@ addr_ctx_create(struct Curl_easy *data,
+ return NULL;
+ }
+
+-static void async_thrd_cleanup(void *arg)
+-{
+- struct async_thrdd_addr_ctx *addr_ctx = arg;
+-
+- Curl_thread_disable_cancel();
+- addr_ctx_unlink(&addr_ctx, NULL);
+-}
+-
+ #ifdef HAVE_GETADDRINFO
+
+ /*
+@@ -220,15 +212,6 @@ static CURL_THREAD_RETURN_T CURL_STDCALL getaddrinfo_thread(void *arg)
+ struct async_thrdd_addr_ctx *addr_ctx = arg;
+ bool do_abort;
+
+-/* clang complains about empty statements and the pthread_cleanup* macros
+- * are pretty ill defined. */
+-#if defined(__clang__)
+-#pragma clang diagnostic push
+-#pragma clang diagnostic ignored "-Wextra-semi-stmt"
+-#endif
+-
+- Curl_thread_push_cleanup(async_thrd_cleanup, addr_ctx);
+-
+ Curl_mutex_acquire(&addr_ctx->mutx);
+ do_abort = addr_ctx->do_abort;
+ Curl_mutex_release(&addr_ctx->mutx);
+@@ -237,9 +220,6 @@ static CURL_THREAD_RETURN_T CURL_STDCALL getaddrinfo_thread(void *arg)
+ char service[12];
+ int rc;
+
+-#ifdef DEBUGBUILD
+- Curl_resolve_test_delay();
+-#endif
+ msnprintf(service, sizeof(service), "%d", addr_ctx->port);
+
+ rc = Curl_getaddrinfo_ex(addr_ctx->hostname, service,
+@@ -274,11 +254,6 @@ static CURL_THREAD_RETURN_T CURL_STDCALL getaddrinfo_thread(void *arg)
+
+ }
+
+- Curl_thread_pop_cleanup();
+-#if defined(__clang__)
+-#pragma clang diagnostic pop
+-#endif
+-
+ addr_ctx_unlink(&addr_ctx, NULL);
+ return 0;
+ }
+@@ -293,24 +268,11 @@ static CURL_THREAD_RETURN_T CURL_STDCALL gethostbyname_thread(void *arg)
+ struct async_thrdd_addr_ctx *addr_ctx = arg;
+ bool do_abort;
+
+-/* clang complains about empty statements and the pthread_cleanup* macros
+- * are pretty ill defined. */
+-#if defined(__clang__)
+-#pragma clang diagnostic push
+-#pragma clang diagnostic ignored "-Wextra-semi-stmt"
+-#endif
+-
+- Curl_thread_push_cleanup(async_thrd_cleanup, addr_ctx);
+-
+ Curl_mutex_acquire(&addr_ctx->mutx);
+ do_abort = addr_ctx->do_abort;
+ Curl_mutex_release(&addr_ctx->mutx);
+
+ if(!do_abort) {
+-#ifdef DEBUGBUILD
+- Curl_resolve_test_delay();
+-#endif
+-
+ addr_ctx->res = Curl_ipv4_resolve_r(addr_ctx->hostname, addr_ctx->port);
+ if(!addr_ctx->res) {
+ addr_ctx->sock_error = SOCKERRNO;
+@@ -337,12 +299,7 @@ static CURL_THREAD_RETURN_T CURL_STDCALL gethostbyname_thread(void *arg)
+ #endif
+ }
+
+- Curl_thread_pop_cleanup();
+-#if defined(__clang__)
+-#pragma clang diagnostic pop
+-#endif
+-
+- async_thrd_cleanup(addr_ctx);
++ addr_ctx_unlink(&addr_ctx, NULL);
+ return 0;
+ }
+
+@@ -381,12 +338,12 @@ static void async_thrdd_destroy(struct Curl_easy *data)
+ CURL_TRC_DNS(data, "async_thrdd_destroy, thread joined");
+ }
+ else {
+- /* thread is still running. Detach the thread while mutexed, it will
+- * trigger the cleanup when it releases its reference. */
++ /* thread is still running. Detach it. */
+ Curl_thread_destroy(&addr->thread_hnd);
+ CURL_TRC_DNS(data, "async_thrdd_destroy, thread detached");
+ }
+ }
++ /* release our reference to the shared context */
+ addr_ctx_unlink(&thrdd->addr, data);
+ }
+
+@@ -532,10 +489,12 @@ static void async_thrdd_shutdown(struct Curl_easy *data)
+ done = addr_ctx->thrd_done;
+ Curl_mutex_release(&addr_ctx->mutx);
+
+- DEBUGASSERT(addr_ctx->thread_hnd != curl_thread_t_null);
+- if(!done && (addr_ctx->thread_hnd != curl_thread_t_null)) {
+- CURL_TRC_DNS(data, "cancelling resolve thread");
+- (void)Curl_thread_cancel(&addr_ctx->thread_hnd);
++ /* Wait for the thread to terminate if it is already marked done. If it is
++ not done yet we cannot do anything here. We had tried pthread_cancel but
++ it caused hanging and resource leaks (#18532). */
++ if(done && (addr_ctx->thread_hnd != curl_thread_t_null)) {
++ Curl_thread_join(&addr_ctx->thread_hnd);
++ CURL_TRC_DNS(data, "async_thrdd_shutdown, thread joined");
+ }
+ }
+
+@@ -553,9 +512,11 @@ static CURLcode asyn_thrdd_await(struct Curl_easy *data,
+ if(!entry)
+ async_thrdd_shutdown(data);
+
+- CURL_TRC_DNS(data, "resolve, wait for thread to finish");
+- if(!Curl_thread_join(&addr_ctx->thread_hnd)) {
+- DEBUGASSERT(0);
++ if(addr_ctx->thread_hnd != curl_thread_t_null) {
++ CURL_TRC_DNS(data, "resolve, wait for thread to finish");
++ if(!Curl_thread_join(&addr_ctx->thread_hnd)) {
++ DEBUGASSERT(0);
++ }
+ }
+
+ if(entry)
+--- a/lib/curl_threads.c
++++ b/lib/curl_threads.c
+@@ -100,34 +100,6 @@ int Curl_thread_join(curl_thread_t *hnd)
+ return ret;
+ }
+
+-/* do not use pthread_cancel if:
+- * - pthread_cancel seems to be absent
+- * - on FreeBSD, as we see hangers in CI testing
+- * - this is a -fsanitize=thread build
+- * (clang sanitizer reports false positive when functions to not return)
+- */
+-#if defined(PTHREAD_CANCEL_ENABLE) && !defined(__FreeBSD__)
+-#if defined(__has_feature)
+-# if !__has_feature(thread_sanitizer)
+-#define USE_PTHREAD_CANCEL
+-# endif
+-#else /* __has_feature */
+-#define USE_PTHREAD_CANCEL
+-#endif /* !__has_feature */
+-#endif /* PTHREAD_CANCEL_ENABLE && !__FreeBSD__ */
+-
+-int Curl_thread_cancel(curl_thread_t *hnd)
+-{
+- (void)hnd;
+- if(*hnd != curl_thread_t_null)
+-#ifdef USE_PTHREAD_CANCEL
+- return pthread_cancel(**hnd);
+-#else
+- return 1; /* not supported */
+-#endif
+- return 0;
+-}
+-
+ #elif defined(USE_THREADS_WIN32)
+
+ curl_thread_t Curl_thread_create(CURL_THREAD_RETURN_T
+@@ -182,12 +154,4 @@ int Curl_thread_join(curl_thread_t *hnd)
+ return ret;
+ }
+
+-int Curl_thread_cancel(curl_thread_t *hnd)
+-{
+- if(*hnd != curl_thread_t_null) {
+- return 1; /* not supported */
+- }
+- return 0;
+-}
+-
+ #endif /* USE_THREADS_* */
+--- a/lib/curl_threads.h
++++ b/lib/curl_threads.h
+@@ -66,22 +66,6 @@ void Curl_thread_destroy(curl_thread_t *hnd);
+
+ int Curl_thread_join(curl_thread_t *hnd);
+
+-int Curl_thread_cancel(curl_thread_t *hnd);
+-
+-#if defined(USE_THREADS_POSIX) && defined(PTHREAD_CANCEL_ENABLE)
+-#define Curl_thread_push_cleanup(a,b) pthread_cleanup_push(a,b)
+-#define Curl_thread_pop_cleanup() pthread_cleanup_pop(0)
+-#define Curl_thread_enable_cancel() \
+- pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, NULL)
+-#define Curl_thread_disable_cancel() \
+- pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, NULL)
+-#else
+-#define Curl_thread_push_cleanup(a,b) ((void)a,(void)b)
+-#define Curl_thread_pop_cleanup() Curl_nop_stmt
+-#define Curl_thread_enable_cancel() Curl_nop_stmt
+-#define Curl_thread_disable_cancel() Curl_nop_stmt
+-#endif
+-
+ #endif /* USE_THREADS_POSIX || USE_THREADS_WIN32 */
+
+ #endif /* HEADER_CURL_THREADS_H */
+--- a/lib/hostip.c
++++ b/lib/hostip.c
+@@ -1132,10 +1132,6 @@ CURLcode Curl_resolv_timeout(struct Curl_easy *data,
+ prev_alarm = alarm(curlx_sltoui(timeout/1000L));
+ }
+
+-#ifdef DEBUGBUILD
+- Curl_resolve_test_delay();
+-#endif
+-
+ #else /* !USE_ALARM_TIMEOUT */
+ #ifndef CURLRES_ASYNCH
+ if(timeoutms)
+@@ -1639,18 +1635,3 @@ CURLcode Curl_resolver_error(struct Curl_easy *data, const char *detail)
+ return result;
+ }
+ #endif /* USE_CURL_ASYNC */
+-
+-#ifdef DEBUGBUILD
+-#include "curlx/wait.h"
+-
+-void Curl_resolve_test_delay(void)
+-{
+- const char *p = getenv("CURL_DNS_DELAY_MS");
+- if(p) {
+- curl_off_t l;
+- if(!curlx_str_number(&p, &l, TIME_T_MAX) && l) {
+- curlx_wait_ms((timediff_t)l);
+- }
+- }
+-}
+-#endif
+--- a/lib/hostip.h
++++ b/lib/hostip.h
+@@ -216,8 +216,4 @@ struct Curl_addrinfo *Curl_sync_getaddrinfo(struct Curl_easy *data,
+
+ #endif
+
+-#ifdef DEBUGBUILD
+-void Curl_resolve_test_delay(void);
+-#endif
+-
+ #endif /* HEADER_CURL_HOSTIP_H */
+--- a/tests/data/Makefile.am
++++ b/tests/data/Makefile.am
+@@ -112,7 +112,7 @@ test754 test755 test756 test757 test758 test759 test760 test761 test762 \
+ test763 \
+ \
+ test780 test781 test782 test783 test784 test785 test786 test787 test788 \
+-test789 test790 test791 test792 test793 test794 test795 test796 test797 \
++test789 test790 test791 test792 test793 test794 test796 test797 \
+ \
+ test799 test800 test801 test802 test803 test804 test805 test806 test807 \
+ test808 test809 test810 test811 test812 test813 test814 test815 test816 \
+--- a/tests/data/test795
++++ /dev/null
+@@ -1,36 +0,0 @@
+-<testcase>
+-<info>
+-<keywords>
+-DNS
+-</keywords>
+-</info>
+-
+-# Client-side
+-<client>
+-<features>
+-http
+-Debug
+-!c-ares
+-!win32
+-</features>
+-<name>
+-Delayed resolve --connect-timeout check
+-</name>
+-<setenv>
+-CURL_DNS_DELAY_MS=5000
+-</setenv>
+-<command>
+-http://test.invalid -v --no-progress-meter --trace-config dns --connect-timeout 1 -w \%{time_total}
+-</command>
+-</client>
+-
+-# Verify data after the test has been "shot"
+-<verify>
+-<errorcode>
+-28
+-</errorcode>
+-<postcheck>
+-%SRCDIR/libtest/test795.pl %LOGDIR/stdout%TESTNUMBER 2 >> %LOGDIR/stderr%TESTNUMBER
+-</postcheck>
+-</verify>
+-</testcase>
+--- a/tests/libtest/Makefile.am
++++ b/tests/libtest/Makefile.am
+@@ -42,7 +42,7 @@ AM_CPPFLAGS = -I$(top_srcdir)/include \
+ include Makefile.inc
+
+ EXTRA_DIST = CMakeLists.txt $(FIRST_C) $(FIRST_H) $(UTILS_C) $(UTILS_H) $(TESTS_C) \
+- test307.pl test610.pl test613.pl test795.pl test1013.pl test1022.pl mk-lib1521.pl
++ test307.pl test610.pl test613.pl test1013.pl test1022.pl mk-lib1521.pl
+
+ CFLAGS += @CURL_CFLAG_EXTRAS@
+
+--- a/tests/libtest/test795.pl
++++ /dev/null
+@@ -1,46 +0,0 @@
+-#!/usr/bin/env perl
+-#***************************************************************************
+-# _ _ ____ _
+-# Project ___| | | | _ \| |
+-# / __| | | | |_) | |
+-# | (__| |_| | _ <| |___
+-# \___|\___/|_| \_\_____|
+-#
+-# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+-#
+-# This software is licensed as described in the file COPYING, which
+-# you should have received as part of this distribution. The terms
+-# are also available at https://curl.se/docs/copyright.html.
+-#
+-# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+-# copies of the Software, and permit persons to whom the Software is
+-# furnished to do so, under the terms of the COPYING file.
+-#
+-# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+-# KIND, either express or implied.
+-#
+-# SPDX-License-Identifier: curl
+-#
+-###########################################################################
+-use strict;
+-use warnings;
+-
+-my $ok = 1;
+-my $exp_duration = $ARGV[1] + 0.0;
+-
+-# Read the output of curl --version
+-open(F, $ARGV[0]) || die "Can't open test result from $ARGV[0]\n";
+-$_ = <F>;
+-chomp;
+-/\s*([\.\d]+)\s*/;
+-my $duration = $1 + 0.0;
+-close F;
+-
+-if ($duration <= $exp_duration) {
+- print "OK: duration of $duration in expected range\n";
+- $ok = 0;
+-}
+-else {
+- print "FAILED: duration of $duration is larger than $exp_duration\n";
+-}
+-exit $ok;
diff --git a/net-misc/curl/files/curl-8.16.0-ssl_verifyhost.patch b/net-misc/curl/files/curl-8.16.0-ssl_verifyhost.patch
new file mode 100644
index 0000000..4d08f7f
--- /dev/null
+++ b/net-misc/curl/files/curl-8.16.0-ssl_verifyhost.patch
@@ -0,0 +1,63 @@
+https://github.com/curl/curl/commit/f7cac7cc07a45481b246c875e8113d741ba2a6e1
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Sun, 14 Sep 2025 23:28:03 +0200
+Subject: [PATCH] setopt: accept *_SSL_VERIFYHOST set to 2L
+
+... without outputing a verbose message about it. In the early days we
+had 2L and 1L have different functionalities.
+
+Reported-by: Jicea
+Bug: https://curl.se/mail/lib-2025-09/0031.html
+Closes #18547
+--- a/lib/setopt.c
++++ b/lib/setopt.c
+@@ -443,6 +443,7 @@ static CURLcode setopt_bool(struct Curl_easy *data, CURLoption option,
+ long arg, bool *set)
+ {
+ bool enabled = !!arg;
++ int ok = 1;
+ struct UserDefined *s = &data->set;
+ switch(option) {
+ case CURLOPT_FORBID_REUSE:
+@@ -619,7 +620,7 @@ static CURLcode setopt_bool(struct Curl_easy *data, CURLoption option,
+ * Enable verification of the hostname in the peer certificate for proxy
+ */
+ s->proxy_ssl.primary.verifyhost = enabled;
+-
++ ok = 2;
+ /* Update the current connection proxy_ssl_config. */
+ Curl_ssl_conn_config_update(data, TRUE);
+ break;
+@@ -723,6 +724,7 @@ static CURLcode setopt_bool(struct Curl_easy *data, CURLoption option,
+ * Enable verification of the hostname in the peer certificate for DoH
+ */
+ s->doh_verifyhost = enabled;
++ ok = 2;
+ break;
+ case CURLOPT_DOH_SSL_VERIFYSTATUS:
+ /*
+@@ -732,6 +734,7 @@ static CURLcode setopt_bool(struct Curl_easy *data, CURLoption option,
+ return CURLE_NOT_BUILT_IN;
+
+ s->doh_verifystatus = enabled;
++ ok = 2;
+ break;
+ #endif /* ! CURL_DISABLE_DOH */
+ case CURLOPT_SSL_VERIFYHOST:
+@@ -743,6 +746,7 @@ static CURLcode setopt_bool(struct Curl_easy *data, CURLoption option,
+ this argument took a boolean when it was not and misused it.
+ Treat 1 and 2 the same */
+ s->ssl.primary.verifyhost = enabled;
++ ok = 2;
+
+ /* Update the current connection ssl_config. */
+ Curl_ssl_conn_config_update(data, FALSE);
+@@ -844,7 +848,7 @@ static CURLcode setopt_bool(struct Curl_easy *data, CURLoption option,
+ default:
+ return CURLE_OK;
+ }
+- if((arg > 1) || (arg < 0))
++ if((arg > ok) || (arg < 0))
+ /* reserve other values for future use */
+ infof(data, "boolean setopt(%d) got unsupported argument %ld,"
+ " treated as %d", option, arg, enabled);
^ permalink raw reply related [flat|nested] 8+ messages in thread
end of thread, other threads:[~2025-09-20 14:48 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-09-13 2:57 [gentoo-commits] repo/proj/libressl:master commit in: net-misc/curl/files/, net-misc/curl/ orbea
-- strict thread matches above, loose matches on Subject: below --
2025-09-20 14:48 orbea
2025-07-14 19:18 orbea
2025-06-01 13:49 orbea
2025-04-05 14:08 orbea
2025-02-05 15:02 orbea
2024-12-13 3:53 orbea
2024-10-15 23:43 orbea
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox