commit: 359fd2822951e6a385ab9e8f464426d44a25daf8 Author: orbea <orbea <AT> riseup <DOT> net> AuthorDate: Sun Nov 10 16:01:27 2024 +0000 Commit: orbea <orbea <AT> riseup <DOT> net> CommitDate: Sun Nov 10 16:01:27 2024 +0000 URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=359fd282
net-misc/curl: add 8.11.0 Signed-off-by: orbea <orbea <AT> riseup.net> net-misc/curl/Manifest | 2 + net-misc/curl/curl-8.11.0.ebuild | 386 +++++++++++++++++++++ .../curl/files/curl-8.11.0-cmdline-ech-docs.patch | 59 ++++ .../files/curl-8.11.0-cookie-case-sensitive.patch | 56 +++ .../curl-8.11.0-curl-libssh-ipv6-brackets.patch | 26 ++ .../files/curl-8.11.0-duphandle-init-netrc.patch | 195 +++++++++++ .../files/curl-8.11.0-mbedtls-global-init.patch | 71 ++++ .../curl/files/curl-8.11.0-netrc-large-file.patch | 25 ++ .../curl-8.11.0-setopt-http_content_decoding.patch | 20 ++ net-misc/curl/files/curl-prefix-3.patch | 34 ++ 10 files changed, 874 insertions(+) diff --git a/net-misc/curl/Manifest b/net-misc/curl/Manifest index 9748763..862b011 100644 --- a/net-misc/curl/Manifest +++ b/net-misc/curl/Manifest @@ -1,4 +1,6 @@ DIST curl-8.10.1.tar.xz 2726748 BLAKE2B bfdfa24f6d652884044c5e8eea5d70daad651b46255c99c9df502f9595a2dcbf8c4034446becf9e87f8e8a3f397a8fda29ab3e0d6020ac0dae62dd42b8136b78 SHA512 f1c7a12492dcfb8ba08be69b96a83ce9074592cbaa6b95c72b3c16fc58ad35e9f9deec7b72baca7d360d013b0b1c7ea38bd4edae464903ac67aa3c76238d8c6c DIST curl-8.10.1.tar.xz.asc 488 BLAKE2B 8e8f2b628d4e8964a76c1c43c5557aacbfc2d2dbc51be8a0fa1b157c257f15f29aedba842cba7cb270c4adcf0b4a5d9c8b0b3d49633c48b061fb3e1472303d66 SHA512 21d6d560c027efc9e3e5db182a77501d6376442221ba910df817e2ec980bee44a9fe2afc698205f8d5e8313ae47915a341d60206a46b46e816d73ee357a894ac +DIST curl-8.11.0.tar.xz 2750684 BLAKE2B 3db13ed558bee332e07e1eab878b5ecae14cd049c115eea3a25fcb78cf28aadfe577dc224df75b62844529994ec478a9a74fed5c9bae338f809d231420ae5d0a SHA512 3a642d421e0a5c09ecb681bea18498f2c6124e9af4d8afdc074dfb85a9b0211d8972ade9cf00ab44b5dfed9303262cd83551dd3b5e0976d11fc19da3c4a0987e +DIST curl-8.11.0.tar.xz.asc 488 BLAKE2B 5d91dc654d6a62c66e344ca92676b42e7a49f437e14f9fb714f7ae64a266d24d9bb7006b4512fc323459072ff0d9e05f627e494f34f845eadbedbd83acacc2ce SHA512 71073dde48e8f0013e392eb88bf70f6b8a4a4f0c955a3fb56db98e74aa10acc1004e2a0483f30be082e61b59a76fa75ae1d90545ace7c6b07bca8164078375f0 DIST curl-8.9.1.tar.xz 2782364 BLAKE2B 6e38e20e2b03ab5bfbb8d9797442dfdd9644fc80d7b1f7c1efb1f44e0d730524e82ccf7413b2c6f4555bd61ae42f91ec7c0201e2c0d563811c85164aa234aada SHA512 a0fe234402875db194aad4e4208b7e67e7ffc1562622eea90948d4b9b0122c95c3dde8bbe2f7445a687cb3de7cb09f20e5819d424570442d976aa4c913227fc7 DIST curl-8.9.1.tar.xz.asc 488 BLAKE2B 437268f6e5ba5db73f205fd87f3ded1e5fc200e8bf63a83cdb7e21dfbf2f4a4620e598cd0bf5d8fa1548ade08d45b386599542cd988df46a238b85790409f42e SHA512 18acd58436d70900ab6912b84774da2c451b9dbfc83d6d00f85bbbe7894b67075918e58956fdb753fcc1486e4f10caa31139d7c68b037d7c83dc2e9c2fae9f9b diff --git a/net-misc/curl/curl-8.11.0.ebuild b/net-misc/curl/curl-8.11.0.ebuild new file mode 100644 index 0000000..87825d6 --- /dev/null +++ b/net-misc/curl/curl-8.11.0.ebuild @@ -0,0 +1,386 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +# Maintainers should subscribe to the 'curl-distros' ML for backports etc +# https://daniel.haxx.se/blog/2024/03/25/curl-distro-report/ +# https://lists.haxx.se/listinfo/curl-distros + +VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/danielstenberg.asc +inherit autotools multilib-minimal multiprocessing prefix toolchain-funcs verify-sig + +DESCRIPTION="A Client that groks URLs" +HOMEPAGE="https://curl.se/" + +if [[ ${PV} == 9999 ]]; then + inherit git-r3 + EGIT_REPO_URI="https://github.com/curl/curl.git" +else + SRC_URI=" + https://curl.se/download/${P}.tar.xz + verify-sig? ( https://curl.se/download/${P}.tar.xz.asc ) + " + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" +fi + +LICENSE="BSD curl ISC test? ( BSD-4 )" +SLOT="0" +IUSE="+adns +alt-svc brotli debug +ftp gnutls gopher +hsts +http2 +http3 idn +imap kerberos ldap mbedtls +openssl +pop3" +IUSE+=" +psl +progress-meter +quic rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp +websockets zstd" +# These select the default tls implementation / which quic impl to use +IUSE+=" +curl_quic_openssl curl_quic_ngtcp2 curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls" +RESTRICT="!test? ( test )" + +# Only one default ssl / quic provider can be enabled +# The default provider needs its USE satisfied +# HTTP/3 and MultiSSL are mutually exclusive; it's not clear if MultiSSL offers any benefit at all in the modern day. +# https://github.com/curl/curl/commit/65ece771f4602107d9cdd339dff4b420280a2c2e +REQUIRED_USE=" + quic? ( + !curl_quic_openssl + curl_quic_ngtcp2 + http3 + ssl + ) + ssl? ( + ^^ ( + curl_ssl_gnutls + curl_ssl_mbedtls + curl_ssl_openssl + curl_ssl_rustls + ) + ) + curl_quic_openssl? ( + curl_ssl_openssl + quic + !gnutls + !mbedtls + !rustls + ) + curl_quic_ngtcp2? ( + quic + !mbedtls + !rustls + ) + curl_ssl_gnutls? ( gnutls ) + curl_ssl_mbedtls? ( mbedtls ) + curl_ssl_openssl? ( openssl ) + curl_ssl_rustls? ( rustls ) + http3? ( alt-svc quic ) +" + +# cURL's docs and CI/CD are great resources for confirming supported versions +# particulary for fast-moving targets like HTTP/2 and TCP/2 e.g.: +# - https://github.com/curl/curl/blob/master/docs/INTERNALS.md (core dependencies + minimum versions) +# - https://github.com/curl/curl/blob/master/docs/HTTP3.md (example of a feature that moves quickly) +# - https://github.com/curl/curl/blob/master/.github/workflows/http3-linux.yml (CI/CD for TCP/2) +# However 'supported' vs 'works' are two entirely different things; be sane but +# don't be afraid to require a later version. +# ngtcp2 = https://bugs.gentoo.org/912029 - can only build with one tls backend at a time. +RDEPEND=" + >=sys-libs/zlib-1.1.4[${MULTILIB_USEDEP}] + adns? ( >=net-dns/c-ares-1.16.0:=[${MULTILIB_USEDEP}] ) + brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] ) + http2? ( >=net-libs/nghttp2-1.15.0:=[${MULTILIB_USEDEP}] ) + http3? ( >=net-libs/nghttp3-1.1.0[${MULTILIB_USEDEP}] ) + idn? ( >=net-dns/libidn2-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] ) + kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] ) + ldap? ( >=net-nds/openldap-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] ) + psl? ( net-libs/libpsl[${MULTILIB_USEDEP}] ) + quic? ( + curl_quic_openssl? ( >=dev-libs/openssl-3.3.0:=[quic,${MULTILIB_USEDEP}] ) + curl_quic_ngtcp2? ( >=net-libs/ngtcp2-1.2.0[ssl,${MULTILIB_USEDEP}] ) + ) + rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] ) + ssh? ( >=net-libs/libssh2-1.0.0[${MULTILIB_USEDEP}] ) + ssl? ( + gnutls? ( + app-misc/ca-certificates + >=net-libs/gnutls-3.1.10:=[static-libs?,${MULTILIB_USEDEP}] + dev-libs/nettle:=[${MULTILIB_USEDEP}] + ) + mbedtls? ( + app-misc/ca-certificates + net-libs/mbedtls:=[${MULTILIB_USEDEP}] + ) + openssl? ( + >=dev-libs/openssl-0.9.7:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}] + ) + rustls? ( + >=net-libs/rustls-ffi-0.14.0:=[${MULTILIB_USEDEP}] + ) + ) + zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] ) +" + +DEPEND="${RDEPEND}" + +BDEPEND=" + dev-lang/perl + virtual/pkgconfig + test? ( + sys-apps/diffutils + http2? ( >=net-libs/nghttp2-1.15.0:=[utils,${MULTILIB_USEDEP}] ) + http3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] ) + ) + verify-sig? ( sec-keys/openpgp-keys-danielstenberg ) +" + +DOCS=( README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} ) + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/curl/curlbuild.h +) + +MULTILIB_CHOST_TOOLS=( + /usr/bin/curl-config +) + +QA_CONFIG_IMPL_DECL_SKIP=( + __builtin_available + closesocket + CloseSocket + getpass_r + ioctlsocket + IoctlSocket + mach_absolute_time + setmode + _fseeki64 + # custom AC_LINK_IFELSE code fails to link even without -Werror + OSSL_QUIC_client_method +) + +PATCHES=( + "${FILESDIR}/${PN}-prefix-3.patch" + "${FILESDIR}/${PN}-respect-cflags-3.patch" + "${FILESDIR}/${P}-cmdline-ech-docs.patch" + "${FILESDIR}/${P}-curl-libssh-ipv6-brackets.patch" + "${FILESDIR}/${P}-mbedtls-global-init.patch" + "${FILESDIR}/${P}-setopt-http_content_decoding.patch" + "${FILESDIR}/${P}-cookie-case-sensitive.patch" + "${FILESDIR}/${P}-duphandle-init-netrc.patch" + "${FILESDIR}/${P}-netrc-large-file.patch" +) + +src_prepare() { + default + + eprefixify curl-config.in + eautoreconf +} + +multilib_src_configure() { + # We make use of the fact that later flags override earlier ones + # So start with all ssl providers off until proven otherwise + # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/) + local myconf=() + + myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt ) + if use ssl; then + myconf+=( --without-gnutls --without-mbedtls --without-rustls ) + + if use gnutls; then + multilib_is_native_abi && einfo "SSL provided by gnutls" + myconf+=( --with-gnutls ) + fi + if use mbedtls; then + multilib_is_native_abi && einfo "SSL provided by mbedtls" + myconf+=( --with-mbedtls ) + fi + if use openssl; then + multilib_is_native_abi && einfo "SSL provided by openssl" + myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs ) + fi + if use rustls; then + multilib_is_native_abi && einfo "SSL provided by rustls" + myconf+=( --with-rustls ) + fi + if use curl_ssl_gnutls; then + multilib_is_native_abi && einfo "Default SSL provided by gnutls" + myconf+=( --with-default-ssl-backend=gnutls ) + elif use curl_ssl_mbedtls; then + multilib_is_native_abi && einfo "Default SSL provided by mbedtls" + myconf+=( --with-default-ssl-backend=mbedtls ) + elif use curl_ssl_openssl; then + multilib_is_native_abi && einfo "Default SSL provided by openssl" + myconf+=( --with-default-ssl-backend=openssl ) + elif use curl_ssl_rustls; then + multilib_is_native_abi && einfo "Default SSL provided by rustls" + myconf+=( --with-default-ssl-backend=rustls ) + else + eerror "We can't be here because of REQUIRED_USE." + die "Please file a bug, hit impossible condition w/ USE=ssl handling." + fi + + else + myconf+=( --without-ssl ) + einfo "SSL disabled" + fi + + # These configuration options are organized alphabetically + # within each category. This should make it easier if we + # ever decide to make any of them contingent on USE flags: + # 1) protocols first. To see them all do + # 'grep SUPPORT_PROTOCOLS configure.ac' + # 2) --enable/disable options second. + # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort + # 3) --with/without options third. + # grep -- --with configure | grep Check | awk '{ print $4 }' | sort + + myconf+=( + $(use_enable alt-svc) + --enable-basic-auth + --enable-bearer-auth + --enable-digest-auth + --enable-kerberos-auth + --enable-negotiate-auth + --enable-aws + --enable-dict + --disable-ech + --enable-file + $(use_enable ftp) + $(use_enable gopher) + $(use_enable hsts) + --enable-http + $(use_enable imap) + $(use_enable ldap) + $(use_enable ldap ldaps) + --enable-ntlm + $(use_enable pop3) + --enable-rt + --enable-rtsp + $(use_enable samba smb) + $(use_with ssh libssh2) + $(use_enable smtp) + $(use_enable telnet) + $(use_enable tftp) + --enable-tls-srp + $(use_enable adns ares) + --enable-cookies + --enable-dateparse + --enable-dnsshuffle + --enable-doh + --enable-symbol-hiding + --enable-http-auth + --enable-ipv6 + --enable-largefile + --enable-manual + --enable-mime + --enable-netrc + $(use_enable progress-meter) + --enable-proxy + --enable-socketpair + --disable-sspi + $(use_enable static-libs static) + --enable-pthreads + --enable-threaded-resolver + --disable-versioned-symbols + --without-amissl + --without-bearssl + $(use_with brotli) + --with-fish-functions-dir="${EPREFIX}"/usr/share/fish/vendor_completions.d + $(use_with http2 nghttp2) + --without-hyper + $(use_with idn libidn2) + $(use_with kerberos gssapi "${EPREFIX}"/usr) + --without-libgsasl + $(use_with psl libpsl) + --without-msh3 + $(use_with http3 nghttp3) + $(use_with curl_quic_ngtcp2 ngtcp2) + $(use_with curl_quic_openssl openssl-quic) + --without-quiche + $(use_with rtmp librtmp) + --without-schannel + --without-secure-transport + --without-test-caddy + --without-test-httpd + --without-test-nghttpx + $(use_enable websockets) + --without-winidn + --without-wolfssl + --with-zlib + $(use_with zstd) + --with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions + ) + + if use debug; then + myconf+=( + --enable-debug + ) + fi + + if use test && multilib_is_native_abi && ( use http2 || use http3 ); then + myconf+=( + --with-test-nghttpx="${BROOT}/usr/bin/nghttpx" + ) + fi + + if [[ ${CHOST} == *mingw* ]] ; then + myconf+=( + --disable-pthreads + ) + fi + + ECONF_SOURCE="${S}" econf "${myconf[@]}" + + if ! multilib_is_native_abi; then + # Avoid building the client (we just want libcurl for multilib) + sed -i -e '/SUBDIRS/s:src::' Makefile || die + sed -i -e '/SUBDIRS/s:scripts::' Makefile || die + fi + +} + +multilib_src_compile() { + default + + if multilib_is_native_abi; then + # Shell completions + ! tc-is-cross-compiler && emake -C scripts + fi +} + +# There is also a pytest harness that tests for bugs in some very specific +# situations; we can rely on upstream for this rather than adding additional test deps. +multilib_src_test() { + # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721 + # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches) + # -v: verbose + # -a: keep going on failure (so we see everything that breaks, not just 1st test) + # -k: keep test files after completion + # -am: automake style TAP output + # -p: print logs if test fails + # Note: if needed, we can skip specific tests. See e.g. Fedora's packaging + # or just read https://github.com/curl/curl/tree/master/tests#run. + # Note: we don't run the testsuite for cross-compilation. + # Upstream recommend 7*nproc as a starting point for parallel tests, but + # this ends up breaking when nproc is huge (like -j80). + # The network sandbox causes tests 241 and 1083 to fail; these are typically skipped + # as most gentoo users don't have an 'ip6-localhost' + multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p -j$((2*$(makeopts_jobs))) !241 !1083" +} + +multilib_src_install() { + emake DESTDIR="${D}" install + + if multilib_is_native_abi; then + # Shell completions + ! tc-is-cross-compiler && emake -C scripts DESTDIR="${D}" install + fi +} + +multilib_src_install_all() { + einstalldocs + find "${ED}" -type f -name '*.la' -delete || die + rm -rf "${ED}"/etc/ || die +} + +pkg_postinst() { + if use debug; then + ewarn "USE=debug has been selected, enabling debug codepaths and making cURL extra verbose." + ewarn "Use this _only_ for testing. Debug builds should _not_ be used in anger." + ewarn "hic sunt dracones; you have been warned." + fi +} diff --git a/net-misc/curl/files/curl-8.11.0-cmdline-ech-docs.patch b/net-misc/curl/files/curl-8.11.0-cmdline-ech-docs.patch new file mode 100644 index 0000000..e6cd109 --- /dev/null +++ b/net-misc/curl/files/curl-8.11.0-cmdline-ech-docs.patch @@ -0,0 +1,59 @@ +https://github.com/curl/curl/commit/f4ee7bafda8d451255e935a3c585220dd3cf58c4 +From: Daniel Stenberg <dan...@haxx.se> +Date: Thu, 7 Nov 2024 23:21:14 +0100 +Subject: [PATCH] cmdline/ech.md: formatting cleanups + +Reported-by: Samuel Henrique +Fixes #15506 +Closes #15517 +--- a/docs/cmdline-opts/ech.md ++++ b/docs/cmdline-opts/ech.md +@@ -20,35 +20,33 @@ Specifies how to do ECH (Encrypted Client Hello). + + The values allowed for \<config\> can be: + +-## "false" (default) ++## `false` + +-Do not attempt ECH ++Do not attempt ECH. The is the default. + +-## "grease" ++## `grease` + + Send a GREASE ECH extension + +-## "true" ++## `true` + + Attempt ECH if possible, but do not fail if ECH is not attempted. + (The connection fails if ECH is attempted but fails.) + +-## "hard" ++## `hard` + +-Attempt ECH and fail if that is not possible. +-ECH only works with TLS 1.3 and also requires using +-DoH or providing an ECHConfigList on the command line. ++Attempt ECH and fail if that is not possible. ECH only works with TLS 1.3 and ++also requires using DoH or providing an ECHConfigList on the command line. + +-## "ecl:<b64val>" ++## `ecl:<b64val>` + + A base64 encoded ECHConfigList that is used for ECH. + +-## "pn:<name>" ++## `pn:<name>` + +-A name to use to over-ride the `public_name` field of an ECHConfigList +-(only available with OpenSSL TLS support) ++A name to use to over-ride the `public_name` field of an ECHConfigList (only ++available with OpenSSL TLS support) + +-## Errors ++## + +-Most errors cause error +-*CURLE_ECH_REQUIRED* (101). ++Most ECH related errors cause error *CURLE_ECH_REQUIRED* (101). diff --git a/net-misc/curl/files/curl-8.11.0-cookie-case-sensitive.patch b/net-misc/curl/files/curl-8.11.0-cookie-case-sensitive.patch new file mode 100644 index 0000000..d906aab --- /dev/null +++ b/net-misc/curl/files/curl-8.11.0-cookie-case-sensitive.patch @@ -0,0 +1,56 @@ +https://github.com/curl/curl/commit/9919149aef67014150e2a1c75a7aa2c79204e30d +From: Daniel Stenberg <dan...@haxx.se> +Date: Wed, 6 Nov 2024 11:26:25 +0100 +Subject: [PATCH] cookie: treat cookie name case sensitively + +Extend test 31 to verify + +Reported-by: delogicsreal on github +Fixes #15492 +Closes #15493 +--- a/lib/cookie.c ++++ b/lib/cookie.c +@@ -989,7 +989,7 @@ replace_existing(struct Curl_easy *data, + size_t myhash = cookiehash(co->domain); + for(n = Curl_llist_head(&ci->cookielist[myhash]); n; n = Curl_node_next(n)) { + struct Cookie *clist = Curl_node_elem(n); +- if(strcasecompare(clist->name, co->name)) { ++ if(!strcmp(clist->name, co->name)) { + /* the names are identical */ + bool matching_domains = FALSE; + +@@ -1029,7 +1029,7 @@ replace_existing(struct Curl_easy *data, + } + } + +- if(!replace_n && strcasecompare(clist->name, co->name)) { ++ if(!replace_n && !strcmp(clist->name, co->name)) { + /* the names are identical */ + + if(clist->domain && co->domain) { +--- a/tests/data/test31 ++++ b/tests/data/test31 +@@ -26,6 +26,7 @@ Set-Cookie: blankdomain=sure; domain=; path=/ + %if !hyper + Set-Cookie: foobar=name; domain=anything.com; path=/ ; secure + Set-Cookie:ismatch=this ; domain=test31.curl; path=/silly/ ++Set-Cookie:ISMATCH=this ; domain=test31.curl; path=/silly/ + Set-Cookie: overwrite=this ; domain=test31.curl; path=/overwrite/ + Set-Cookie: overwrite=this2 ; domain=test31.curl; path=/overwrite + Set-Cookie: sec1value=secure1 ; domain=test31.curl; path=/secure1/ ; secure +@@ -75,6 +76,7 @@ Set-Cookie: securewithspace=after ; secure = + %else + Set-Cookie: foobar=name; domain=anything.com; path=/ ; secure + Set-Cookie: ismatch=this ; domain=test31.curl; path=/silly/ ++Set-Cookie:ISMATCH=this ; domain=test31.curl; path=/silly/ + Set-Cookie: overwrite=this ; domain=test31.curl; path=/overwrite/ + Set-Cookie: overwrite=this2 ; domain=test31.curl; path=/overwrite + Set-Cookie: sec1value=secure1 ; domain=test31.curl; path=/secure1/ ; secure +@@ -181,6 +183,7 @@ test31.curl FALSE /we/want/ FALSE 2118138987 nodomain value + #HttpOnly_.test31.curl TRUE /p2/ FALSE 0 httpo2 value2 + #HttpOnly_.test31.curl TRUE /p1/ FALSE 0 httpo1 value1 + .test31.curl TRUE /overwrite FALSE 0 overwrite this2 ++.test31.curl TRUE /silly/ FALSE 0 ISMATCH this + .test31.curl TRUE /silly/ FALSE 0 ismatch this + test31.curl FALSE / FALSE 0 blankdomain sure + </file> diff --git a/net-misc/curl/files/curl-8.11.0-curl-libssh-ipv6-brackets.patch b/net-misc/curl/files/curl-8.11.0-curl-libssh-ipv6-brackets.patch new file mode 100644 index 0000000..6e1ecc0 --- /dev/null +++ b/net-misc/curl/files/curl-8.11.0-curl-libssh-ipv6-brackets.patch @@ -0,0 +1,26 @@ +https://github.com/curl/curl/commit/93c65c00e52c4c8cdc09b2d9194ce63763c7349e +From: Daniel Stenberg <dan...@haxx.se> +Date: Fri, 8 Nov 2024 16:31:41 +0100 +Subject: [PATCH] libssh: when using IPv6 numerical address, add brackets + +Reported-by: henrikjehgmti on github +Fixes #15522 +Closes #15524 +--- a/lib/vssh/libssh.c ++++ b/lib/vssh/libssh.c +@@ -2191,7 +2191,14 @@ static CURLcode myssh_connect(struct Curl_easy *data, bool *done) + return CURLE_FAILED_INIT; + } + +- rc = ssh_options_set(ssh->ssh_session, SSH_OPTIONS_HOST, conn->host.name); ++ if(conn->bits.ipv6_ip) { ++ char ipv6[MAX_IPADR_LEN]; ++ msnprintf(ipv6, sizeof(ipv6), "[%s]", conn->host.name); ++ rc = ssh_options_set(ssh->ssh_session, SSH_OPTIONS_HOST, ipv6); ++ } ++ else ++ rc = ssh_options_set(ssh->ssh_session, SSH_OPTIONS_HOST, conn->host.name); ++ + if(rc != SSH_OK) { + failf(data, "Could not set remote host"); + return CURLE_FAILED_INIT; diff --git a/net-misc/curl/files/curl-8.11.0-duphandle-init-netrc.patch b/net-misc/curl/files/curl-8.11.0-duphandle-init-netrc.patch new file mode 100644 index 0000000..4a3e82a --- /dev/null +++ b/net-misc/curl/files/curl-8.11.0-duphandle-init-netrc.patch @@ -0,0 +1,195 @@ +https://github.com/curl/curl/commit/f5c616930b5cf148b1b2632da4f5963ff48bdf88 +From: Daniel Stenberg <dan...@haxx.se> +Date: Thu, 7 Nov 2024 08:52:38 +0100 +Subject: [PATCH] duphandle: also init netrc + +The netrc init was only done in the Curl_open, meaning that a duplicated +handle would not get inited properly. + +Added test 2309 to verify. It does netrc auth with a duplicated handle. + +Regression from 3b43a05e000aa8f65bda513f733a + +Reported-by: tranzystorekk on github +Fixes #15496 +Closes #15503 +--- a/lib/easy.c ++++ b/lib/easy.c +@@ -940,6 +940,7 @@ CURL *curl_easy_duphandle(CURL *d) + goto fail; + + Curl_dyn_init(&outcurl->state.headerb, CURL_MAX_HTTP_HEADER); ++ Curl_netrc_init(&outcurl->state.netrc); + + /* the connection pool is setup on demand */ + outcurl->state.lastconnect_id = -1; +--- a/tests/data/Makefile.am ++++ b/tests/data/Makefile.am +@@ -255,7 +255,7 @@ test2100 \ + test2200 test2201 test2202 test2203 test2204 test2205 \ + \ + test2300 test2301 test2302 test2303 test2304 test2305 test2306 test2307 \ +-test2308 \ ++test2308 test2309 \ + \ + test2400 test2401 test2402 test2403 test2404 test2405 test2406 \ + \ +--- /dev/null ++++ b/tests/data/test2309 +@@ -0,0 +1,66 @@ ++<testcase> ++<info> ++<keywords> ++netrc ++HTTP ++</keywords> ++</info> ++# ++# Server-side ++<reply> ++<data crlf="yes" nocheck="yes"> ++HTTP/1.1 200 OK ++Date: Tue, 09 Nov 2010 14:49:00 GMT ++Server: test-server/fake ++Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT ++ETag: "21025-dc7-39462498" ++Accept-Ranges: bytes ++Content-Length: 6 ++Connection: close ++Content-Type: text/html ++Funny-head: yesyes ++ ++-foo- ++</data> ++</reply> ++ ++# ++# Client-side ++<client> ++<server> ++http ++</server> ++<features> ++proxy ++</features> ++ ++# Reproducing issue 15496 ++<name> ++HTTP with .netrc using duped easy handle ++</name> ++<tool> ++lib%TESTNUMBER ++</tool> ++<command> ++http://github.com %LOGDIR/netrc%TESTNUMBER http://%HOSTIP:%HTTPPORT/ ++</command> ++<file name="%LOGDIR/netrc%TESTNUMBER" > ++ ++machine github.com ++ ++login daniel ++password $y$j9T$WUVjiVvDbRAWafDLs6cab1$01NX.oaZKf5lw8MR2Nk9Yaxv4CqbE0IaDF.GpGxPul1 ++</file> ++</client> ++ ++<verify> ++<protocol> ++GET http://github.com/ HTTP/1.1 ++Host: github.com ++Authorization: Basic %b64[daniel:$y$j9T$WUVjiVvDbRAWafDLs6cab1$01NX.oaZKf5lw8MR2Nk9Yaxv4CqbE0IaDF.GpGxPul1]b64% ++Accept: */* ++Proxy-Connection: Keep-Alive ++ ++</protocol> ++</verify> ++</testcase> +--- a/tests/libtest/Makefile.inc ++++ b/tests/libtest/Makefile.inc +@@ -77,7 +77,7 @@ LIBTESTPROGS = libauthretry libntlmconnect libprereq \ + lib1945 lib1946 lib1947 lib1948 lib1955 lib1956 lib1957 lib1958 lib1959 \ + lib1960 lib1964 \ + lib1970 lib1971 lib1972 lib1973 lib1974 lib1975 \ +- lib2301 lib2302 lib2304 lib2305 lib2306 lib2308 \ ++ lib2301 lib2302 lib2304 lib2305 lib2306 lib2308 lib2309 \ + lib2402 lib2404 lib2405 \ + lib2502 \ + lib3010 lib3025 lib3026 lib3027 \ +@@ -683,6 +683,9 @@ lib2306_LDADD = $(TESTUTIL_LIBS) + lib2308_SOURCES = lib2308.c $(SUPPORTFILES) + lib2308_LDADD = $(TESTUTIL_LIBS) + ++lib2309_SOURCES = lib2309.c $(SUPPORTFILES) ++lib2309_LDADD = $(TESTUTIL_LIBS) ++ + lib2402_SOURCES = lib2402.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) + lib2402_LDADD = $(TESTUTIL_LIBS) + +--- /dev/null ++++ b/tests/libtest/lib2309.c +@@ -0,0 +1,66 @@ ++/*************************************************************************** ++ * _ _ ____ _ ++ * Project ___| | | | _ \| | ++ * / __| | | | |_) | | ++ * | (__| |_| | _ <| |___ ++ * \___|\___/|_| \_\_____| ++ * ++ * Copyright (C) Daniel Stenberg, <dan...@haxx.se>, et al. ++ * ++ * This software is licensed as described in the file COPYING, which ++ * you should have received as part of this distribution. The terms ++ * are also available at https://curl.se/docs/copyright.html. ++ * ++ * You may opt to use, copy, modify, merge, publish, distribute and/or sell ++ * copies of the Software, and permit persons to whom the Software is ++ * furnished to do so, under the terms of the COPYING file. ++ * ++ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY ++ * KIND, either express or implied. ++ * ++ * SPDX-License-Identifier: curl ++ * ++ ***************************************************************************/ ++ ++#include "test.h" ++#include "testtrace.h" ++ ++#include <curl/curl.h> ++ ++static size_t cb_ignore(char *buffer, size_t size, size_t nmemb, void *userp) ++{ ++ (void)buffer; ++ (void)size; ++ (void)nmemb; ++ (void)userp; ++ return CURL_WRITEFUNC_ERROR; ++} ++ ++CURLcode test(char *URL) ++{ ++ CURL *curl; ++ CURL *curldupe; ++ CURLcode res = CURLE_OK; ++ ++ global_init(CURL_GLOBAL_ALL); ++ curl = curl_easy_init(); ++ if(curl) { ++ curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, cb_ignore); ++ curl_easy_setopt(curl, CURLOPT_URL, URL); ++ curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L); ++ curl_easy_setopt(curl, CURLOPT_PROXY, libtest_arg3); ++ curl_easy_setopt(curl, CURLOPT_NETRC, (long)CURL_NETRC_REQUIRED); ++ curl_easy_setopt(curl, CURLOPT_NETRC_FILE, libtest_arg2); ++ ++ curldupe = curl_easy_duphandle(curl); ++ if(curldupe) { ++ res = curl_easy_perform(curldupe); ++ printf("Returned %d, should be %d.\n", res, CURLE_WRITE_ERROR); ++ fflush(stdout); ++ curl_easy_cleanup(curldupe); ++ } ++ curl_easy_cleanup(curl); ++ } ++ curl_global_cleanup(); ++ return CURLE_OK; ++} diff --git a/net-misc/curl/files/curl-8.11.0-mbedtls-global-init.patch b/net-misc/curl/files/curl-8.11.0-mbedtls-global-init.patch new file mode 100644 index 0000000..2c60da8 --- /dev/null +++ b/net-misc/curl/files/curl-8.11.0-mbedtls-global-init.patch @@ -0,0 +1,71 @@ +https://github.com/curl/curl/commit/bcf8a848818ca0ca8d292c51c0ddeb93fa17fe62 +From: Stefan Eissing <ste...@eissing.org> +Date: Thu, 7 Nov 2024 10:26:03 +0100 +Subject: [PATCH] mbedtls: call psa_crypt_init() in global init + +Run mbedtls' psa_crypt_init() in the general global init, optionally +protected by mbedtls locks when available. + +CI: when building mbedtls, enabled thread safety + +Reported-by: wxiaoguang on github +Fixes #15500 +Closes #15505 +--- a/lib/vtls/mbedtls.c ++++ b/lib/vtls/mbedtls.c +@@ -54,7 +54,7 @@ + # ifdef MBEDTLS_DEBUG + # include <mbedtls/debug.h> + # endif +-#endif ++#endif /* MBEDTLS_VERSION_MAJOR >= 2 */ + + #include "cipher_suite.h" + #include "strcase.h" +@@ -122,7 +122,7 @@ struct mbed_ssl_backend_data { + #define HAS_SESSION_TICKETS + #endif + +-#if defined(THREADING_SUPPORT) ++#ifdef THREADING_SUPPORT + static mbedtls_entropy_context ts_entropy; + + static int entropy_init_initialized = 0; +@@ -585,16 +585,6 @@ mbed_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) + return CURLE_NOT_BUILT_IN; + } + +-#ifdef TLS13_SUPPORT +- ret = psa_crypto_init(); +- if(ret != PSA_SUCCESS) { +- mbedtls_strerror(ret, errorbuf, sizeof(errorbuf)); +- failf(data, "mbedTLS psa_crypto_init returned (-0x%04X) %s", +- -ret, errorbuf); +- return CURLE_SSL_CONNECT_ERROR; +- } +-#endif /* TLS13_SUPPORT */ +- + #ifdef THREADING_SUPPORT + mbedtls_ctr_drbg_init(&backend->ctr_drbg); + +@@ -1571,6 +1561,20 @@ static int mbedtls_init(void) + #ifdef THREADING_SUPPORT + entropy_init_mutex(&ts_entropy); + #endif ++#ifdef TLS13_SUPPORT ++ { ++ int ret; ++#ifdef THREADING_SUPPORT ++ Curl_mbedtlsthreadlock_lock_function(0); ++#endif ++ ret = psa_crypto_init(); ++#ifdef THREADING_SUPPORT ++ Curl_mbedtlsthreadlock_unlock_function(0); ++#endif ++ if(ret != PSA_SUCCESS) ++ return 0; ++ } ++#endif /* TLS13_SUPPORT */ + return 1; + } + diff --git a/net-misc/curl/files/curl-8.11.0-netrc-large-file.patch b/net-misc/curl/files/curl-8.11.0-netrc-large-file.patch new file mode 100644 index 0000000..ba0e451 --- /dev/null +++ b/net-misc/curl/files/curl-8.11.0-netrc-large-file.patch @@ -0,0 +1,25 @@ +https://github.com/curl/curl/commit/0cdde0fdfbeb8c35420f6d03fa4b77ed73497694 +From: Daniel Stenberg <dan...@haxx.se> +Date: Thu, 7 Nov 2024 17:03:54 +0100 +Subject: [PATCH] netrc: support large file, longer lines, longer tokens + +Regression from 3b43a05e000aa8f6 (shipped in 8.11.0) + +Reported-by: Moritz +Fixes #15513 +Closes #15514 +--- a/lib/netrc.c ++++ b/lib/netrc.c +@@ -58,9 +58,9 @@ enum found_state { + #define NETRC_FAILED -1 + #define NETRC_SUCCESS 0 + +-#define MAX_NETRC_LINE 4096 +-#define MAX_NETRC_FILE (64*1024) +-#define MAX_NETRC_TOKEN 128 ++#define MAX_NETRC_LINE 16384 ++#define MAX_NETRC_FILE (128*1024) ++#define MAX_NETRC_TOKEN 4096 + + static CURLcode file2memory(const char *filename, struct dynbuf *filebuf) + { diff --git a/net-misc/curl/files/curl-8.11.0-setopt-http_content_decoding.patch b/net-misc/curl/files/curl-8.11.0-setopt-http_content_decoding.patch new file mode 100644 index 0000000..68621e8 --- /dev/null +++ b/net-misc/curl/files/curl-8.11.0-setopt-http_content_decoding.patch @@ -0,0 +1,20 @@ +https://github.com/curl/curl/commit/878bc429f26c27294787dc59d7b53345d9edc5aa +From: Jesus Malo Poyatos <jmalo...@opentext.com> +Date: Thu, 7 Nov 2024 14:00:53 +0100 +Subject: [PATCH] setopt: fix CURLOPT_HTTP_CONTENT_DECODING + +Regression from 30da1f5974d34841b30c4f (shipped in 8.11.0) + +Fixes #15511 +Closes #15510 +--- a/lib/setopt.c ++++ b/lib/setopt.c +@@ -1146,7 +1146,7 @@ static CURLcode setopt_long(struct Curl_easy *data, CURLoption option, + /* + * raw data passed to the application when content encoding is used + */ +- data->set.http_ce_skip = enabled; ++ data->set.http_ce_skip = !enabled; /* reversed */ + break; + + #if !defined(CURL_DISABLE_FTP) || defined(USE_SSH) diff --git a/net-misc/curl/files/curl-prefix-3.patch b/net-misc/curl/files/curl-prefix-3.patch new file mode 100644 index 0000000..cebca0b --- /dev/null +++ b/net-misc/curl/files/curl-prefix-3.patch @@ -0,0 +1,34 @@ +From 6927ecf38cf3372d539c88479e97707d855de07e Mon Sep 17 00:00:00 2001 +From: Matt Jolly <kan...@gentoo.org> +Date: Sun, 10 Nov 2024 08:51:02 +1000 +Subject: [PATCH] Update prefix patch for 8.11.0 + +--- + curl-config.in | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/curl-config.in b/curl-config.in +index 2dc40ed..1876d6c 100644 +--- a/curl-config.in ++++ b/curl-config.in +@@ -147,7 +147,7 @@ while test "$#" -gt 0; do + else + CPPFLAG_CURL_STATICLIB='' + fi +- if test "X@includedir@" = 'X/usr/include'; then ++ if test "X@includedir@" = "X@GENTOO_PORTAGE_EPREFIX@/usr/include"; then + echo "${CPPFLAG_CURL_STATICLIB}" + else + echo "${CPPFLAG_CURL_STATICLIB}-I@includedir@" +@@ -155,7 +155,7 @@ while test "$#" -gt 0; do + ;; + + --libs) +- if test "X@libdir@" != 'X/usr/lib' -a "X@libdir@" != 'X/usr/lib64'; then ++ if test "X@libdir@" != "X@GENTOO_PORTAGE_EPREFIX@/usr/lib" -a "X@libdir@" != "X@GENTOO_PORTAGE_EPREFIX@/usr/lib64"; then + CURLLIBDIR="-L@libdir@ " + else + CURLLIBDIR='' +-- +2.47.0 +