commit:     359fd2822951e6a385ab9e8f464426d44a25daf8
Author:     orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Sun Nov 10 16:01:27 2024 +0000
Commit:     orbea <orbea <AT> riseup <DOT> net>
CommitDate: Sun Nov 10 16:01:27 2024 +0000
URL:        https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=359fd282

net-misc/curl: add 8.11.0

Signed-off-by: orbea <orbea <AT> riseup.net>

 net-misc/curl/Manifest                             |   2 +
 net-misc/curl/curl-8.11.0.ebuild                   | 386 +++++++++++++++++++++
 .../curl/files/curl-8.11.0-cmdline-ech-docs.patch  |  59 ++++
 .../files/curl-8.11.0-cookie-case-sensitive.patch  |  56 +++
 .../curl-8.11.0-curl-libssh-ipv6-brackets.patch    |  26 ++
 .../files/curl-8.11.0-duphandle-init-netrc.patch   | 195 +++++++++++
 .../files/curl-8.11.0-mbedtls-global-init.patch    |  71 ++++
 .../curl/files/curl-8.11.0-netrc-large-file.patch  |  25 ++
 .../curl-8.11.0-setopt-http_content_decoding.patch |  20 ++
 net-misc/curl/files/curl-prefix-3.patch            |  34 ++
 10 files changed, 874 insertions(+)

diff --git a/net-misc/curl/Manifest b/net-misc/curl/Manifest
index 9748763..862b011 100644
--- a/net-misc/curl/Manifest
+++ b/net-misc/curl/Manifest
@@ -1,4 +1,6 @@
 DIST curl-8.10.1.tar.xz 2726748 BLAKE2B 
bfdfa24f6d652884044c5e8eea5d70daad651b46255c99c9df502f9595a2dcbf8c4034446becf9e87f8e8a3f397a8fda29ab3e0d6020ac0dae62dd42b8136b78
 SHA512 
f1c7a12492dcfb8ba08be69b96a83ce9074592cbaa6b95c72b3c16fc58ad35e9f9deec7b72baca7d360d013b0b1c7ea38bd4edae464903ac67aa3c76238d8c6c
 DIST curl-8.10.1.tar.xz.asc 488 BLAKE2B 
8e8f2b628d4e8964a76c1c43c5557aacbfc2d2dbc51be8a0fa1b157c257f15f29aedba842cba7cb270c4adcf0b4a5d9c8b0b3d49633c48b061fb3e1472303d66
 SHA512 
21d6d560c027efc9e3e5db182a77501d6376442221ba910df817e2ec980bee44a9fe2afc698205f8d5e8313ae47915a341d60206a46b46e816d73ee357a894ac
+DIST curl-8.11.0.tar.xz 2750684 BLAKE2B 
3db13ed558bee332e07e1eab878b5ecae14cd049c115eea3a25fcb78cf28aadfe577dc224df75b62844529994ec478a9a74fed5c9bae338f809d231420ae5d0a
 SHA512 
3a642d421e0a5c09ecb681bea18498f2c6124e9af4d8afdc074dfb85a9b0211d8972ade9cf00ab44b5dfed9303262cd83551dd3b5e0976d11fc19da3c4a0987e
+DIST curl-8.11.0.tar.xz.asc 488 BLAKE2B 
5d91dc654d6a62c66e344ca92676b42e7a49f437e14f9fb714f7ae64a266d24d9bb7006b4512fc323459072ff0d9e05f627e494f34f845eadbedbd83acacc2ce
 SHA512 
71073dde48e8f0013e392eb88bf70f6b8a4a4f0c955a3fb56db98e74aa10acc1004e2a0483f30be082e61b59a76fa75ae1d90545ace7c6b07bca8164078375f0
 DIST curl-8.9.1.tar.xz 2782364 BLAKE2B 
6e38e20e2b03ab5bfbb8d9797442dfdd9644fc80d7b1f7c1efb1f44e0d730524e82ccf7413b2c6f4555bd61ae42f91ec7c0201e2c0d563811c85164aa234aada
 SHA512 
a0fe234402875db194aad4e4208b7e67e7ffc1562622eea90948d4b9b0122c95c3dde8bbe2f7445a687cb3de7cb09f20e5819d424570442d976aa4c913227fc7
 DIST curl-8.9.1.tar.xz.asc 488 BLAKE2B 
437268f6e5ba5db73f205fd87f3ded1e5fc200e8bf63a83cdb7e21dfbf2f4a4620e598cd0bf5d8fa1548ade08d45b386599542cd988df46a238b85790409f42e
 SHA512 
18acd58436d70900ab6912b84774da2c451b9dbfc83d6d00f85bbbe7894b67075918e58956fdb753fcc1486e4f10caa31139d7c68b037d7c83dc2e9c2fae9f9b

diff --git a/net-misc/curl/curl-8.11.0.ebuild b/net-misc/curl/curl-8.11.0.ebuild
new file mode 100644
index 0000000..87825d6
--- /dev/null
+++ b/net-misc/curl/curl-8.11.0.ebuild
@@ -0,0 +1,386 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Maintainers should subscribe to the 'curl-distros' ML for backports etc
+# https://daniel.haxx.se/blog/2024/03/25/curl-distro-report/
+# https://lists.haxx.se/listinfo/curl-distros
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/danielstenberg.asc
+inherit autotools multilib-minimal multiprocessing prefix toolchain-funcs 
verify-sig
+
+DESCRIPTION="A Client that groks URLs"
+HOMEPAGE="https://curl.se/";
+
+if [[ ${PV} == 9999 ]]; then
+       inherit git-r3
+       EGIT_REPO_URI="https://github.com/curl/curl.git";
+else
+       SRC_URI="
+               https://curl.se/download/${P}.tar.xz
+               verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )
+       "
+       KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc 
~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos 
~x64-macos ~x64-solaris"
+fi
+
+LICENSE="BSD curl ISC test? ( BSD-4 )"
+SLOT="0"
+IUSE="+adns +alt-svc brotli debug +ftp gnutls gopher +hsts +http2 +http3 idn 
+imap kerberos ldap mbedtls +openssl +pop3"
+IUSE+=" +psl +progress-meter +quic rtmp rustls samba +smtp ssh ssl sslv3 
static-libs test telnet +tftp +websockets zstd"
+# These select the default tls implementation / which quic impl to use
+IUSE+=" +curl_quic_openssl curl_quic_ngtcp2 curl_ssl_gnutls curl_ssl_mbedtls 
+curl_ssl_openssl curl_ssl_rustls"
+RESTRICT="!test? ( test )"
+
+# Only one default ssl / quic provider can be enabled
+# The default provider needs its USE satisfied
+# HTTP/3 and MultiSSL are mutually exclusive; it's not clear if MultiSSL 
offers any benefit at all in the modern day.
+# https://github.com/curl/curl/commit/65ece771f4602107d9cdd339dff4b420280a2c2e
+REQUIRED_USE="
+       quic? (
+               !curl_quic_openssl
+               curl_quic_ngtcp2
+               http3
+               ssl
+       )
+       ssl? (
+               ^^ (
+                       curl_ssl_gnutls
+                       curl_ssl_mbedtls
+                       curl_ssl_openssl
+                       curl_ssl_rustls
+               )
+       )
+       curl_quic_openssl? (
+               curl_ssl_openssl
+               quic
+               !gnutls
+               !mbedtls
+               !rustls
+       )
+       curl_quic_ngtcp2? (
+               quic
+               !mbedtls
+               !rustls
+       )
+       curl_ssl_gnutls? ( gnutls )
+       curl_ssl_mbedtls? ( mbedtls )
+       curl_ssl_openssl? ( openssl )
+       curl_ssl_rustls? ( rustls )
+       http3? ( alt-svc quic )
+"
+
+# cURL's docs and CI/CD are great resources for confirming supported versions
+# particulary for fast-moving targets like HTTP/2 and TCP/2 e.g.:
+# - https://github.com/curl/curl/blob/master/docs/INTERNALS.md (core 
dependencies + minimum versions)
+# - https://github.com/curl/curl/blob/master/docs/HTTP3.md (example of a 
feature that moves quickly)
+# - https://github.com/curl/curl/blob/master/.github/workflows/http3-linux.yml 
(CI/CD for TCP/2)
+# However 'supported' vs 'works' are two entirely different things; be sane but
+# don't be afraid to require a later version.
+# ngtcp2 = https://bugs.gentoo.org/912029 - can only build with one tls 
backend at a time.
+RDEPEND="
+       >=sys-libs/zlib-1.1.4[${MULTILIB_USEDEP}]
+       adns? ( >=net-dns/c-ares-1.16.0:=[${MULTILIB_USEDEP}] )
+       brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
+       http2? ( >=net-libs/nghttp2-1.15.0:=[${MULTILIB_USEDEP}] )
+       http3? ( >=net-libs/nghttp3-1.1.0[${MULTILIB_USEDEP}] )
+       idn? ( >=net-dns/libidn2-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
+       kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
+       ldap? ( >=net-nds/openldap-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
+       psl? ( net-libs/libpsl[${MULTILIB_USEDEP}] )
+       quic? (
+               curl_quic_openssl? ( 
>=dev-libs/openssl-3.3.0:=[quic,${MULTILIB_USEDEP}] )
+               curl_quic_ngtcp2? ( 
>=net-libs/ngtcp2-1.2.0[ssl,${MULTILIB_USEDEP}] )
+       )
+       rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
+       ssh? ( >=net-libs/libssh2-1.0.0[${MULTILIB_USEDEP}] )
+       ssl? (
+               gnutls? (
+                       app-misc/ca-certificates
+                       
>=net-libs/gnutls-3.1.10:=[static-libs?,${MULTILIB_USEDEP}]
+                       dev-libs/nettle:=[${MULTILIB_USEDEP}]
+               )
+               mbedtls? (
+                       app-misc/ca-certificates
+                       net-libs/mbedtls:=[${MULTILIB_USEDEP}]
+               )
+               openssl? (
+                       
>=dev-libs/openssl-0.9.7:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
+               )
+               rustls? (
+                       >=net-libs/rustls-ffi-0.14.0:=[${MULTILIB_USEDEP}]
+               )
+       )
+       zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )
+"
+
+DEPEND="${RDEPEND}"
+
+BDEPEND="
+       dev-lang/perl
+       virtual/pkgconfig
+       test? (
+               sys-apps/diffutils
+               http2? ( >=net-libs/nghttp2-1.15.0:=[utils,${MULTILIB_USEDEP}] )
+               http3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] )
+       )
+       verify-sig? ( sec-keys/openpgp-keys-danielstenberg )
+"
+
+DOCS=( README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
+
+MULTILIB_WRAPPED_HEADERS=(
+       /usr/include/curl/curlbuild.h
+)
+
+MULTILIB_CHOST_TOOLS=(
+       /usr/bin/curl-config
+)
+
+QA_CONFIG_IMPL_DECL_SKIP=(
+       __builtin_available
+       closesocket
+       CloseSocket
+       getpass_r
+       ioctlsocket
+       IoctlSocket
+       mach_absolute_time
+       setmode
+       _fseeki64
+       # custom AC_LINK_IFELSE code fails to link even without -Werror
+       OSSL_QUIC_client_method
+)
+
+PATCHES=(
+       "${FILESDIR}/${PN}-prefix-3.patch"
+       "${FILESDIR}/${PN}-respect-cflags-3.patch"
+       "${FILESDIR}/${P}-cmdline-ech-docs.patch"
+       "${FILESDIR}/${P}-curl-libssh-ipv6-brackets.patch"
+       "${FILESDIR}/${P}-mbedtls-global-init.patch"
+       "${FILESDIR}/${P}-setopt-http_content_decoding.patch"
+       "${FILESDIR}/${P}-cookie-case-sensitive.patch"
+       "${FILESDIR}/${P}-duphandle-init-netrc.patch"
+       "${FILESDIR}/${P}-netrc-large-file.patch"
+)
+
+src_prepare() {
+       default
+
+       eprefixify curl-config.in
+       eautoreconf
+}
+
+multilib_src_configure() {
+       # We make use of the fact that later flags override earlier ones
+       # So start with all ssl providers off until proven otherwise
+       # TODO: in the future, we may want to add wolfssl 
(https://www.wolfssl.com/)
+       local myconf=()
+
+       myconf+=( --without-ca-fallback 
--with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt  )
+       if use ssl; then
+               myconf+=( --without-gnutls --without-mbedtls --without-rustls )
+
+               if use gnutls; then
+                       multilib_is_native_abi && einfo "SSL provided by gnutls"
+                       myconf+=( --with-gnutls )
+               fi
+               if use mbedtls; then
+                       multilib_is_native_abi && einfo "SSL provided by 
mbedtls"
+                       myconf+=( --with-mbedtls )
+               fi
+               if use openssl; then
+                       multilib_is_native_abi && einfo "SSL provided by 
openssl"
+                       myconf+=( --with-ssl 
--with-ca-path="${EPREFIX}"/etc/ssl/certs )
+               fi
+               if use rustls; then
+                       multilib_is_native_abi && einfo "SSL provided by rustls"
+                       myconf+=( --with-rustls )
+               fi
+               if use curl_ssl_gnutls; then
+                       multilib_is_native_abi && einfo "Default SSL provided 
by gnutls"
+                       myconf+=( --with-default-ssl-backend=gnutls )
+               elif use curl_ssl_mbedtls; then
+                       multilib_is_native_abi && einfo "Default SSL provided 
by mbedtls"
+                       myconf+=( --with-default-ssl-backend=mbedtls )
+               elif use curl_ssl_openssl; then
+                       multilib_is_native_abi && einfo "Default SSL provided 
by openssl"
+                       myconf+=( --with-default-ssl-backend=openssl )
+               elif use curl_ssl_rustls; then
+                       multilib_is_native_abi && einfo "Default SSL provided 
by rustls"
+                       myconf+=( --with-default-ssl-backend=rustls )
+               else
+                       eerror "We can't be here because of REQUIRED_USE."
+                       die "Please file a bug, hit impossible condition w/ 
USE=ssl handling."
+               fi
+
+       else
+               myconf+=( --without-ssl )
+               einfo "SSL disabled"
+       fi
+
+       # These configuration options are organized alphabetically
+       # within each category.  This should make it easier if we
+       # ever decide to make any of them contingent on USE flags:
+       # 1) protocols first.  To see them all do
+       # 'grep SUPPORT_PROTOCOLS configure.ac'
+       # 2) --enable/disable options second.
+       # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
+       # 3) --with/without options third.
+       # grep -- --with configure | grep Check | awk '{ print $4 }' | sort
+
+       myconf+=(
+               $(use_enable alt-svc)
+               --enable-basic-auth
+               --enable-bearer-auth
+               --enable-digest-auth
+               --enable-kerberos-auth
+               --enable-negotiate-auth
+               --enable-aws
+               --enable-dict
+               --disable-ech
+               --enable-file
+               $(use_enable ftp)
+               $(use_enable gopher)
+               $(use_enable hsts)
+               --enable-http
+               $(use_enable imap)
+               $(use_enable ldap)
+               $(use_enable ldap ldaps)
+               --enable-ntlm
+               $(use_enable pop3)
+               --enable-rt
+               --enable-rtsp
+               $(use_enable samba smb)
+               $(use_with ssh libssh2)
+               $(use_enable smtp)
+               $(use_enable telnet)
+               $(use_enable tftp)
+               --enable-tls-srp
+               $(use_enable adns ares)
+               --enable-cookies
+               --enable-dateparse
+               --enable-dnsshuffle
+               --enable-doh
+               --enable-symbol-hiding
+               --enable-http-auth
+               --enable-ipv6
+               --enable-largefile
+               --enable-manual
+               --enable-mime
+               --enable-netrc
+               $(use_enable progress-meter)
+               --enable-proxy
+               --enable-socketpair
+               --disable-sspi
+               $(use_enable static-libs static)
+               --enable-pthreads
+               --enable-threaded-resolver
+               --disable-versioned-symbols
+               --without-amissl
+               --without-bearssl
+               $(use_with brotli)
+               
--with-fish-functions-dir="${EPREFIX}"/usr/share/fish/vendor_completions.d
+               $(use_with http2 nghttp2)
+               --without-hyper
+               $(use_with idn libidn2)
+               $(use_with kerberos gssapi "${EPREFIX}"/usr)
+               --without-libgsasl
+               $(use_with psl libpsl)
+               --without-msh3
+               $(use_with http3 nghttp3)
+               $(use_with curl_quic_ngtcp2 ngtcp2)
+               $(use_with curl_quic_openssl openssl-quic)
+               --without-quiche
+               $(use_with rtmp librtmp)
+               --without-schannel
+               --without-secure-transport
+               --without-test-caddy
+               --without-test-httpd
+               --without-test-nghttpx
+               $(use_enable websockets)
+               --without-winidn
+               --without-wolfssl
+               --with-zlib
+               $(use_with zstd)
+               
--with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions
+       )
+
+       if use debug; then
+               myconf+=(
+                       --enable-debug
+               )
+       fi
+
+       if use test && multilib_is_native_abi && ( use http2 || use http3 ); 
then
+               myconf+=(
+                       --with-test-nghttpx="${BROOT}/usr/bin/nghttpx"
+               )
+       fi
+
+       if [[ ${CHOST} == *mingw* ]] ; then
+               myconf+=(
+                       --disable-pthreads
+               )
+       fi
+
+       ECONF_SOURCE="${S}" econf "${myconf[@]}"
+
+       if ! multilib_is_native_abi; then
+               # Avoid building the client (we just want libcurl for multilib)
+               sed -i -e '/SUBDIRS/s:src::' Makefile || die
+               sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
+       fi
+
+}
+
+multilib_src_compile() {
+       default
+
+       if multilib_is_native_abi; then
+               # Shell completions
+               ! tc-is-cross-compiler && emake -C scripts
+       fi
+}
+
+# There is also a pytest harness that tests for bugs in some very specific
+# situations; we can rely on upstream for this rather than adding additional 
test deps.
+multilib_src_test() {
+       # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
+       # -n: no valgrind (unreliable in sandbox and doesn't work correctly on 
all arches)
+       # -v: verbose
+       # -a: keep going on failure (so we see everything that breaks, not just 
1st test)
+       # -k: keep test files after completion
+       # -am: automake style TAP output
+       # -p: print logs if test fails
+       # Note: if needed, we can skip specific tests. See e.g. Fedora's 
packaging
+       # or just read https://github.com/curl/curl/tree/master/tests#run.
+       # Note: we don't run the testsuite for cross-compilation.
+       # Upstream recommend 7*nproc as a starting point for parallel tests, but
+       # this ends up breaking when nproc is huge (like -j80).
+       # The network sandbox causes tests 241 and 1083 to fail; these are 
typically skipped
+       # as most gentoo users don't have an 'ip6-localhost'
+       multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p 
-j$((2*$(makeopts_jobs))) !241 !1083"
+}
+
+multilib_src_install() {
+       emake DESTDIR="${D}" install
+
+       if multilib_is_native_abi; then
+               # Shell completions
+               ! tc-is-cross-compiler && emake -C scripts DESTDIR="${D}" 
install
+       fi
+}
+
+multilib_src_install_all() {
+       einstalldocs
+       find "${ED}" -type f -name '*.la' -delete || die
+       rm -rf "${ED}"/etc/ || die
+}
+
+pkg_postinst() {
+       if use debug; then
+               ewarn "USE=debug has been selected, enabling debug codepaths 
and making cURL extra verbose."
+               ewarn "Use this _only_ for testing. Debug builds should _not_ 
be used in anger."
+               ewarn "hic sunt dracones; you have been warned."
+       fi
+}

diff --git a/net-misc/curl/files/curl-8.11.0-cmdline-ech-docs.patch 
b/net-misc/curl/files/curl-8.11.0-cmdline-ech-docs.patch
new file mode 100644
index 0000000..e6cd109
--- /dev/null
+++ b/net-misc/curl/files/curl-8.11.0-cmdline-ech-docs.patch
@@ -0,0 +1,59 @@
+https://github.com/curl/curl/commit/f4ee7bafda8d451255e935a3c585220dd3cf58c4
+From: Daniel Stenberg <dan...@haxx.se>
+Date: Thu, 7 Nov 2024 23:21:14 +0100
+Subject: [PATCH] cmdline/ech.md: formatting cleanups
+
+Reported-by: Samuel Henrique
+Fixes #15506
+Closes #15517
+--- a/docs/cmdline-opts/ech.md
++++ b/docs/cmdline-opts/ech.md
+@@ -20,35 +20,33 @@ Specifies how to do ECH (Encrypted Client Hello).
+ 
+ The values allowed for \<config\> can be:
+ 
+-## "false" (default)
++## `false`
+ 
+-Do not attempt ECH
++Do not attempt ECH. The is the default.
+ 
+-## "grease"
++## `grease`
+ 
+ Send a GREASE ECH extension
+ 
+-## "true"
++## `true`
+ 
+ Attempt ECH if possible, but do not fail if ECH is not attempted.
+ (The connection fails if ECH is attempted but fails.)
+ 
+-## "hard"
++## `hard`
+ 
+-Attempt ECH and fail if that is not possible.
+-ECH only works with TLS 1.3 and also requires using
+-DoH or providing an ECHConfigList on the command line.
++Attempt ECH and fail if that is not possible. ECH only works with TLS 1.3 and
++also requires using DoH or providing an ECHConfigList on the command line.
+ 
+-## "ecl:<b64val>"
++## `ecl:<b64val>`
+ 
+ A base64 encoded ECHConfigList that is used for ECH.
+ 
+-## "pn:<name>"
++## `pn:<name>`
+ 
+-A name to use to over-ride the `public_name` field of an ECHConfigList
+-(only available with OpenSSL TLS support)
++A name to use to over-ride the `public_name` field of an ECHConfigList (only
++available with OpenSSL TLS support)
+ 
+-## Errors
++##
+ 
+-Most errors cause error
+-*CURLE_ECH_REQUIRED* (101).
++Most ECH related errors cause error *CURLE_ECH_REQUIRED* (101).

diff --git a/net-misc/curl/files/curl-8.11.0-cookie-case-sensitive.patch 
b/net-misc/curl/files/curl-8.11.0-cookie-case-sensitive.patch
new file mode 100644
index 0000000..d906aab
--- /dev/null
+++ b/net-misc/curl/files/curl-8.11.0-cookie-case-sensitive.patch
@@ -0,0 +1,56 @@
+https://github.com/curl/curl/commit/9919149aef67014150e2a1c75a7aa2c79204e30d
+From: Daniel Stenberg <dan...@haxx.se>
+Date: Wed, 6 Nov 2024 11:26:25 +0100
+Subject: [PATCH] cookie: treat cookie name case sensitively
+
+Extend test 31 to verify
+
+Reported-by: delogicsreal on github
+Fixes #15492
+Closes #15493
+--- a/lib/cookie.c
++++ b/lib/cookie.c
+@@ -989,7 +989,7 @@ replace_existing(struct Curl_easy *data,
+   size_t myhash = cookiehash(co->domain);
+   for(n = Curl_llist_head(&ci->cookielist[myhash]); n; n = Curl_node_next(n)) 
{
+     struct Cookie *clist = Curl_node_elem(n);
+-    if(strcasecompare(clist->name, co->name)) {
++    if(!strcmp(clist->name, co->name)) {
+       /* the names are identical */
+       bool matching_domains = FALSE;
+ 
+@@ -1029,7 +1029,7 @@ replace_existing(struct Curl_easy *data,
+       }
+     }
+ 
+-    if(!replace_n && strcasecompare(clist->name, co->name)) {
++    if(!replace_n && !strcmp(clist->name, co->name)) {
+       /* the names are identical */
+ 
+       if(clist->domain && co->domain) {
+--- a/tests/data/test31
++++ b/tests/data/test31
+@@ -26,6 +26,7 @@ Set-Cookie: blankdomain=sure; domain=; path=/
+ %if !hyper
+ Set-Cookie: foobar=name; domain=anything.com; path=/ ; secure
+ Set-Cookie:ismatch=this  ; domain=test31.curl; path=/silly/
++Set-Cookie:ISMATCH=this  ; domain=test31.curl; path=/silly/
+ Set-Cookie: overwrite=this  ; domain=test31.curl; path=/overwrite/
+ Set-Cookie: overwrite=this2  ; domain=test31.curl; path=/overwrite
+ Set-Cookie: sec1value=secure1  ; domain=test31.curl; path=/secure1/ ; secure
+@@ -75,6 +76,7 @@ Set-Cookie: securewithspace=after    ; secure =
+ %else
+ Set-Cookie: foobar=name; domain=anything.com; path=/ ; secure
+ Set-Cookie: ismatch=this  ; domain=test31.curl; path=/silly/
++Set-Cookie:ISMATCH=this  ; domain=test31.curl; path=/silly/
+ Set-Cookie: overwrite=this  ; domain=test31.curl; path=/overwrite/
+ Set-Cookie: overwrite=this2  ; domain=test31.curl; path=/overwrite
+ Set-Cookie: sec1value=secure1  ; domain=test31.curl; path=/secure1/ ; secure
+@@ -181,6 +183,7 @@ test31.curl        FALSE   /we/want/       FALSE   
2118138987      nodomain        value
+ #HttpOnly_.test31.curl        TRUE    /p2/    FALSE   0       httpo2  value2
+ #HttpOnly_.test31.curl        TRUE    /p1/    FALSE   0       httpo1  value1
+ .test31.curl  TRUE    /overwrite      FALSE   0       overwrite       this2
++.test31.curl  TRUE    /silly/ FALSE   0       ISMATCH this
+ .test31.curl  TRUE    /silly/ FALSE   0       ismatch this
+ test31.curl   FALSE   /       FALSE   0       blankdomain     sure
+ </file>

diff --git a/net-misc/curl/files/curl-8.11.0-curl-libssh-ipv6-brackets.patch 
b/net-misc/curl/files/curl-8.11.0-curl-libssh-ipv6-brackets.patch
new file mode 100644
index 0000000..6e1ecc0
--- /dev/null
+++ b/net-misc/curl/files/curl-8.11.0-curl-libssh-ipv6-brackets.patch
@@ -0,0 +1,26 @@
+https://github.com/curl/curl/commit/93c65c00e52c4c8cdc09b2d9194ce63763c7349e
+From: Daniel Stenberg <dan...@haxx.se>
+Date: Fri, 8 Nov 2024 16:31:41 +0100
+Subject: [PATCH] libssh: when using IPv6 numerical address, add brackets
+
+Reported-by: henrikjehgmti on github
+Fixes #15522
+Closes #15524
+--- a/lib/vssh/libssh.c
++++ b/lib/vssh/libssh.c
+@@ -2191,7 +2191,14 @@ static CURLcode myssh_connect(struct Curl_easy *data, 
bool *done)
+     return CURLE_FAILED_INIT;
+   }
+ 
+-  rc = ssh_options_set(ssh->ssh_session, SSH_OPTIONS_HOST, conn->host.name);
++  if(conn->bits.ipv6_ip) {
++    char ipv6[MAX_IPADR_LEN];
++    msnprintf(ipv6, sizeof(ipv6), "[%s]", conn->host.name);
++    rc = ssh_options_set(ssh->ssh_session, SSH_OPTIONS_HOST, ipv6);
++  }
++  else
++    rc = ssh_options_set(ssh->ssh_session, SSH_OPTIONS_HOST, conn->host.name);
++
+   if(rc != SSH_OK) {
+     failf(data, "Could not set remote host");
+     return CURLE_FAILED_INIT;

diff --git a/net-misc/curl/files/curl-8.11.0-duphandle-init-netrc.patch 
b/net-misc/curl/files/curl-8.11.0-duphandle-init-netrc.patch
new file mode 100644
index 0000000..4a3e82a
--- /dev/null
+++ b/net-misc/curl/files/curl-8.11.0-duphandle-init-netrc.patch
@@ -0,0 +1,195 @@
+https://github.com/curl/curl/commit/f5c616930b5cf148b1b2632da4f5963ff48bdf88
+From: Daniel Stenberg <dan...@haxx.se>
+Date: Thu, 7 Nov 2024 08:52:38 +0100
+Subject: [PATCH] duphandle: also init netrc
+
+The netrc init was only done in the Curl_open, meaning that a duplicated
+handle would not get inited properly.
+
+Added test 2309 to verify. It does netrc auth with a duplicated handle.
+
+Regression from 3b43a05e000aa8f65bda513f733a
+
+Reported-by: tranzystorekk on github
+Fixes #15496
+Closes #15503
+--- a/lib/easy.c
++++ b/lib/easy.c
+@@ -940,6 +940,7 @@ CURL *curl_easy_duphandle(CURL *d)
+     goto fail;
+ 
+   Curl_dyn_init(&outcurl->state.headerb, CURL_MAX_HTTP_HEADER);
++  Curl_netrc_init(&outcurl->state.netrc);
+ 
+   /* the connection pool is setup on demand */
+   outcurl->state.lastconnect_id = -1;
+--- a/tests/data/Makefile.am
++++ b/tests/data/Makefile.am
+@@ -255,7 +255,7 @@ test2100 \
+ test2200 test2201 test2202 test2203 test2204 test2205 \
+ \
+ test2300 test2301 test2302 test2303 test2304 test2305 test2306 test2307 \
+-test2308 \
++test2308 test2309 \
+ \
+ test2400 test2401 test2402 test2403 test2404 test2405 test2406 \
+ \
+--- /dev/null
++++ b/tests/data/test2309
+@@ -0,0 +1,66 @@
++<testcase>
++<info>
++<keywords>
++netrc
++HTTP
++</keywords>
++</info>
++#
++# Server-side
++<reply>
++<data crlf="yes" nocheck="yes">
++HTTP/1.1 200 OK
++Date: Tue, 09 Nov 2010 14:49:00 GMT
++Server: test-server/fake
++Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
++ETag: "21025-dc7-39462498"
++Accept-Ranges: bytes
++Content-Length: 6
++Connection: close
++Content-Type: text/html
++Funny-head: yesyes
++
++-foo-
++</data>
++</reply>
++
++#
++# Client-side
++<client>
++<server>
++http
++</server>
++<features>
++proxy
++</features>
++
++# Reproducing issue 15496
++<name>
++HTTP with .netrc using duped easy handle
++</name>
++<tool>
++lib%TESTNUMBER
++</tool>
++<command>
++http://github.com %LOGDIR/netrc%TESTNUMBER http://%HOSTIP:%HTTPPORT/
++</command>
++<file name="%LOGDIR/netrc%TESTNUMBER" >
++
++machine github.com
++
++login daniel
++password 
$y$j9T$WUVjiVvDbRAWafDLs6cab1$01NX.oaZKf5lw8MR2Nk9Yaxv4CqbE0IaDF.GpGxPul1
++</file>
++</client>
++
++<verify>
++<protocol>
++GET http://github.com/ HTTP/1.1
++Host: github.com
++Authorization: Basic 
%b64[daniel:$y$j9T$WUVjiVvDbRAWafDLs6cab1$01NX.oaZKf5lw8MR2Nk9Yaxv4CqbE0IaDF.GpGxPul1]b64%
++Accept: */*
++Proxy-Connection: Keep-Alive
++
++</protocol>
++</verify>
++</testcase>
+--- a/tests/libtest/Makefile.inc
++++ b/tests/libtest/Makefile.inc
+@@ -77,7 +77,7 @@ LIBTESTPROGS = libauthretry libntlmconnect libprereq         
            \
+  lib1945 lib1946 lib1947 lib1948 lib1955 lib1956 lib1957 lib1958 lib1959 \
+  lib1960 lib1964 \
+  lib1970 lib1971 lib1972 lib1973 lib1974 lib1975 \
+- lib2301 lib2302 lib2304 lib2305 lib2306         lib2308 \
++ lib2301 lib2302 lib2304 lib2305 lib2306         lib2308 lib2309 \
+  lib2402 lib2404 lib2405 \
+  lib2502 \
+  lib3010 lib3025 lib3026 lib3027 \
+@@ -683,6 +683,9 @@ lib2306_LDADD = $(TESTUTIL_LIBS)
+ lib2308_SOURCES = lib2308.c $(SUPPORTFILES)
+ lib2308_LDADD = $(TESTUTIL_LIBS)
+ 
++lib2309_SOURCES = lib2309.c $(SUPPORTFILES)
++lib2309_LDADD = $(TESTUTIL_LIBS)
++
+ lib2402_SOURCES = lib2402.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
+ lib2402_LDADD = $(TESTUTIL_LIBS)
+ 
+--- /dev/null
++++ b/tests/libtest/lib2309.c
+@@ -0,0 +1,66 @@
++/***************************************************************************
++ *                                  _   _ ____  _
++ *  Project                     ___| | | |  _ \| |
++ *                             / __| | | | |_) | |
++ *                            | (__| |_| |  _ <| |___
++ *                             \___|\___/|_| \_\_____|
++ *
++ * Copyright (C) Daniel Stenberg, <dan...@haxx.se>, et al.
++ *
++ * This software is licensed as described in the file COPYING, which
++ * you should have received as part of this distribution. The terms
++ * are also available at https://curl.se/docs/copyright.html.
++ *
++ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
++ * copies of the Software, and permit persons to whom the Software is
++ * furnished to do so, under the terms of the COPYING file.
++ *
++ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
++ * KIND, either express or implied.
++ *
++ * SPDX-License-Identifier: curl
++ *
++ ***************************************************************************/
++
++#include "test.h"
++#include "testtrace.h"
++
++#include <curl/curl.h>
++
++static size_t cb_ignore(char *buffer, size_t size, size_t nmemb, void *userp)
++{
++  (void)buffer;
++  (void)size;
++  (void)nmemb;
++  (void)userp;
++  return CURL_WRITEFUNC_ERROR;
++}
++
++CURLcode test(char *URL)
++{
++  CURL *curl;
++  CURL *curldupe;
++  CURLcode res = CURLE_OK;
++
++  global_init(CURL_GLOBAL_ALL);
++  curl = curl_easy_init();
++  if(curl) {
++    curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, cb_ignore);
++    curl_easy_setopt(curl, CURLOPT_URL, URL);
++    curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
++    curl_easy_setopt(curl, CURLOPT_PROXY, libtest_arg3);
++    curl_easy_setopt(curl, CURLOPT_NETRC, (long)CURL_NETRC_REQUIRED);
++    curl_easy_setopt(curl, CURLOPT_NETRC_FILE, libtest_arg2);
++
++    curldupe = curl_easy_duphandle(curl);
++    if(curldupe) {
++      res = curl_easy_perform(curldupe);
++      printf("Returned %d, should be %d.\n", res, CURLE_WRITE_ERROR);
++      fflush(stdout);
++      curl_easy_cleanup(curldupe);
++    }
++    curl_easy_cleanup(curl);
++  }
++  curl_global_cleanup();
++  return CURLE_OK;
++}

diff --git a/net-misc/curl/files/curl-8.11.0-mbedtls-global-init.patch 
b/net-misc/curl/files/curl-8.11.0-mbedtls-global-init.patch
new file mode 100644
index 0000000..2c60da8
--- /dev/null
+++ b/net-misc/curl/files/curl-8.11.0-mbedtls-global-init.patch
@@ -0,0 +1,71 @@
+https://github.com/curl/curl/commit/bcf8a848818ca0ca8d292c51c0ddeb93fa17fe62
+From: Stefan Eissing <ste...@eissing.org>
+Date: Thu, 7 Nov 2024 10:26:03 +0100
+Subject: [PATCH] mbedtls: call psa_crypt_init() in global init
+
+Run mbedtls' psa_crypt_init() in the general global init, optionally
+protected by mbedtls locks when available.
+
+CI: when building mbedtls, enabled thread safety
+
+Reported-by: wxiaoguang on github
+Fixes #15500
+Closes #15505
+--- a/lib/vtls/mbedtls.c
++++ b/lib/vtls/mbedtls.c
+@@ -54,7 +54,7 @@
+ #  ifdef MBEDTLS_DEBUG
+ #    include <mbedtls/debug.h>
+ #  endif
+-#endif
++#endif /* MBEDTLS_VERSION_MAJOR >= 2 */
+ 
+ #include "cipher_suite.h"
+ #include "strcase.h"
+@@ -122,7 +122,7 @@ struct mbed_ssl_backend_data {
+ #define HAS_SESSION_TICKETS
+ #endif
+ 
+-#if defined(THREADING_SUPPORT)
++#ifdef THREADING_SUPPORT
+ static mbedtls_entropy_context ts_entropy;
+ 
+ static int entropy_init_initialized = 0;
+@@ -585,16 +585,6 @@ mbed_connect_step1(struct Curl_cfilter *cf, struct 
Curl_easy *data)
+     return CURLE_NOT_BUILT_IN;
+   }
+ 
+-#ifdef TLS13_SUPPORT
+-  ret = psa_crypto_init();
+-  if(ret != PSA_SUCCESS) {
+-    mbedtls_strerror(ret, errorbuf, sizeof(errorbuf));
+-    failf(data, "mbedTLS psa_crypto_init returned (-0x%04X) %s",
+-          -ret, errorbuf);
+-    return CURLE_SSL_CONNECT_ERROR;
+-  }
+-#endif /* TLS13_SUPPORT */
+-
+ #ifdef THREADING_SUPPORT
+   mbedtls_ctr_drbg_init(&backend->ctr_drbg);
+ 
+@@ -1571,6 +1561,20 @@ static int mbedtls_init(void)
+ #ifdef THREADING_SUPPORT
+   entropy_init_mutex(&ts_entropy);
+ #endif
++#ifdef TLS13_SUPPORT
++  {
++    int ret;
++#ifdef THREADING_SUPPORT
++    Curl_mbedtlsthreadlock_lock_function(0);
++#endif
++    ret = psa_crypto_init();
++#ifdef THREADING_SUPPORT
++    Curl_mbedtlsthreadlock_unlock_function(0);
++#endif
++    if(ret != PSA_SUCCESS)
++      return 0;
++  }
++#endif /* TLS13_SUPPORT */
+   return 1;
+ }
+ 

diff --git a/net-misc/curl/files/curl-8.11.0-netrc-large-file.patch 
b/net-misc/curl/files/curl-8.11.0-netrc-large-file.patch
new file mode 100644
index 0000000..ba0e451
--- /dev/null
+++ b/net-misc/curl/files/curl-8.11.0-netrc-large-file.patch
@@ -0,0 +1,25 @@
+https://github.com/curl/curl/commit/0cdde0fdfbeb8c35420f6d03fa4b77ed73497694
+From: Daniel Stenberg <dan...@haxx.se>
+Date: Thu, 7 Nov 2024 17:03:54 +0100
+Subject: [PATCH] netrc: support large file, longer lines, longer tokens
+
+Regression from 3b43a05e000aa8f6 (shipped in 8.11.0)
+
+Reported-by: Moritz
+Fixes #15513
+Closes #15514
+--- a/lib/netrc.c
++++ b/lib/netrc.c
+@@ -58,9 +58,9 @@ enum found_state {
+ #define NETRC_FAILED -1
+ #define NETRC_SUCCESS 0
+ 
+-#define MAX_NETRC_LINE 4096
+-#define MAX_NETRC_FILE (64*1024)
+-#define MAX_NETRC_TOKEN 128
++#define MAX_NETRC_LINE 16384
++#define MAX_NETRC_FILE (128*1024)
++#define MAX_NETRC_TOKEN 4096
+ 
+ static CURLcode file2memory(const char *filename, struct dynbuf *filebuf)
+ {

diff --git a/net-misc/curl/files/curl-8.11.0-setopt-http_content_decoding.patch 
b/net-misc/curl/files/curl-8.11.0-setopt-http_content_decoding.patch
new file mode 100644
index 0000000..68621e8
--- /dev/null
+++ b/net-misc/curl/files/curl-8.11.0-setopt-http_content_decoding.patch
@@ -0,0 +1,20 @@
+https://github.com/curl/curl/commit/878bc429f26c27294787dc59d7b53345d9edc5aa
+From: Jesus Malo Poyatos <jmalo...@opentext.com>
+Date: Thu, 7 Nov 2024 14:00:53 +0100
+Subject: [PATCH] setopt: fix CURLOPT_HTTP_CONTENT_DECODING
+
+Regression from 30da1f5974d34841b30c4f (shipped in 8.11.0)
+
+Fixes #15511
+Closes #15510
+--- a/lib/setopt.c
++++ b/lib/setopt.c
+@@ -1146,7 +1146,7 @@ static CURLcode setopt_long(struct Curl_easy *data, 
CURLoption option,
+     /*
+      * raw data passed to the application when content encoding is used
+      */
+-    data->set.http_ce_skip = enabled;
++    data->set.http_ce_skip = !enabled; /* reversed */
+     break;
+ 
+ #if !defined(CURL_DISABLE_FTP) || defined(USE_SSH)

diff --git a/net-misc/curl/files/curl-prefix-3.patch 
b/net-misc/curl/files/curl-prefix-3.patch
new file mode 100644
index 0000000..cebca0b
--- /dev/null
+++ b/net-misc/curl/files/curl-prefix-3.patch
@@ -0,0 +1,34 @@
+From 6927ecf38cf3372d539c88479e97707d855de07e Mon Sep 17 00:00:00 2001
+From: Matt Jolly <kan...@gentoo.org>
+Date: Sun, 10 Nov 2024 08:51:02 +1000
+Subject: [PATCH] Update prefix patch for 8.11.0
+
+---
+ curl-config.in | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/curl-config.in b/curl-config.in
+index 2dc40ed..1876d6c 100644
+--- a/curl-config.in
++++ b/curl-config.in
+@@ -147,7 +147,7 @@ while test "$#" -gt 0; do
+     else
+       CPPFLAG_CURL_STATICLIB=''
+     fi
+-    if test "X@includedir@" = 'X/usr/include'; then
++    if test "X@includedir@" = "X@GENTOO_PORTAGE_EPREFIX@/usr/include"; then
+       echo "${CPPFLAG_CURL_STATICLIB}"
+     else
+       echo "${CPPFLAG_CURL_STATICLIB}-I@includedir@"
+@@ -155,7 +155,7 @@ while test "$#" -gt 0; do
+     ;;
+ 
+   --libs)
+-    if test "X@libdir@" != 'X/usr/lib' -a "X@libdir@" != 'X/usr/lib64'; then
++    if test "X@libdir@" != "X@GENTOO_PORTAGE_EPREFIX@/usr/lib" -a "X@libdir@" 
!= "X@GENTOO_PORTAGE_EPREFIX@/usr/lib64"; then
+       CURLLIBDIR="-L@libdir@ "
+     else
+       CURLLIBDIR=''
+-- 
+2.47.0
+

Reply via email to