commit: 9886665e4f3d22da1d722509fd5de9000a36d4d6 Author: Sam James <sam <AT> gentoo <DOT> org> AuthorDate: Sat Sep 18 02:52:49 2021 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Sat Sep 18 02:52:49 2021 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9886665e
net-misc/curl: add 7.79.0 Bug: https://bugs.gentoo.org/813270 Signed-off-by: Sam James <sam <AT> gentoo.org> net-misc/curl/Manifest | 1 + net-misc/curl/curl-7.79.0.ebuild | 293 +++++++++++++++++++++ .../curl-7.79.0-http-3digit-response-code.patch | 107 ++++++++ .../files/curl-7.79.0-http2-connection-data.patch | 43 +++ 4 files changed, 444 insertions(+) diff --git a/net-misc/curl/Manifest b/net-misc/curl/Manifest index 65ea300bc22..b1b6f556d43 100644 --- a/net-misc/curl/Manifest +++ b/net-misc/curl/Manifest @@ -1 +1,2 @@ DIST curl-7.78.0.tar.xz 2440640 BLAKE2B 0422071ce22d38b89652c702989674a2257dd18b05004245c4f2d7494ccdd24b5b52f330629ce6a411a059d5990e8c879cbbdf23d873b881141f9d2b9ad07f7f SHA512 f72e822a0b5e28320ef547c7a441c07f3b4870579a70ab4c428751baba435a1385cb89a22b9ed4b84a7fafecf620f155911e4131e3463ec1bdad80ecde47bb7a +DIST curl-7.79.0.tar.xz 2463072 BLAKE2B c3a8a60d3c04965272b1a439a4719cfaca903daaecd6265869b9188d1b6b13be63817b9daa77260673d67330baa3d9c2d917274f939cdadc467ac64d8fcf3203 SHA512 68bccba61f18de9f94c311b0d92cfa6572bb7e55e8773917c13b25203164a5a9f4ef6b8ad84a14d3d5dcb286271bf18c3dd84c4ca353866763c726f9defce808 diff --git a/net-misc/curl/curl-7.79.0.ebuild b/net-misc/curl/curl-7.79.0.ebuild new file mode 100644 index 00000000000..380b1da5a4e --- /dev/null +++ b/net-misc/curl/curl-7.79.0.ebuild @@ -0,0 +1,293 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI="7" + +inherit autotools prefix multilib-minimal + +DESCRIPTION="A Client that groks URLs" +HOMEPAGE="https://curl.haxx.se/"; +SRC_URI="https://curl.haxx.se/download/${P}.tar.xz"; + +LICENSE="curl" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +IUSE="adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap ipv6 kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp samba +smtp ssh ssl sslv3 static-libs test telnet +tftp threads winssl zstd" +IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_winssl" +IUSE+=" nghttp3 quiche" +IUSE+=" elibc_Winnt" + +# c-ares must be disabled for threads +# only one default ssl provider can be enabled +REQUIRED_USE=" + winssl? ( elibc_Winnt ) + threads? ( !adns ) + ssl? ( + ^^ ( + curl_ssl_gnutls + curl_ssl_mbedtls + curl_ssl_nss + curl_ssl_openssl + curl_ssl_winssl + ) + )" + +# lead to lots of false negatives, bug #285669 +RESTRICT="!test? ( test )" + +RDEPEND="ldap? ( net-nds/openldap[${MULTILIB_USEDEP}] ) + brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] ) + ssl? ( + gnutls? ( + net-libs/gnutls:0=[static-libs?,${MULTILIB_USEDEP}] + dev-libs/nettle:0=[${MULTILIB_USEDEP}] + app-misc/ca-certificates + ) + mbedtls? ( + net-libs/mbedtls:0=[${MULTILIB_USEDEP}] + app-misc/ca-certificates + ) + openssl? ( + dev-libs/openssl:0=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}] + ) + nss? ( + dev-libs/nss:0[${MULTILIB_USEDEP}] + app-misc/ca-certificates + ) + ) + http2? ( net-libs/nghttp2:=[${MULTILIB_USEDEP}] ) + nghttp3? ( + net-libs/nghttp3[${MULTILIB_USEDEP}] + net-libs/ngtcp2[ssl,${MULTILIB_USEDEP}] + ) + quiche? ( >=net-libs/quiche-0.3.0[${MULTILIB_USEDEP}] ) + idn? ( net-dns/libidn2:0=[static-libs?,${MULTILIB_USEDEP}] ) + adns? ( net-dns/c-ares:0=[${MULTILIB_USEDEP}] ) + kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] ) + rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] ) + ssh? ( net-libs/libssh2[${MULTILIB_USEDEP}] ) + sys-libs/zlib[${MULTILIB_USEDEP}] + zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )" + +# Do we need to enforce the same ssl backend for curl and rtmpdump? Bug #423303 +# rtmp? ( +# media-video/rtmpdump +# curl_ssl_gnutls? ( media-video/rtmpdump[gnutls] ) +# curl_ssl_openssl? ( media-video/rtmpdump[-gnutls,ssl] ) +# ) + +# ssl providers to be added: +# fbopenssl $(use_with spnego) + +DEPEND="${RDEPEND}" +BDEPEND="virtual/pkgconfig + test? ( + sys-apps/diffutils + dev-lang/perl + )" + +DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} ) + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/curl/curlbuild.h +) + +MULTILIB_CHOST_TOOLS=( + /usr/bin/curl-config +) + +PATCHES=( + "${FILESDIR}"/${PN}-7.30.0-prefix.patch + "${FILESDIR}"/${PN}-respect-cflags-3.patch + # Backported patches to 7.79.0 + "${FILESDIR}"/${P}-http2-connection-data.patch + "${FILESDIR}"/${P}-http-3digit-response-code.patch +) + +src_prepare() { + default + + eprefixify curl-config.in + eautoreconf +} + +multilib_src_configure() { + # We make use of the fact that later flags override earlier ones + # So start with all ssl providers off until proven otherwise + # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/) + local myconf=() + + myconf+=( --without-gnutls --without-mbedtls --without-nss --without-polarssl --without-ssl --without-winssl ) + myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt ) + #myconf+=( --without-default-ssl-backend ) + if use ssl ; then + if use gnutls || use curl_ssl_gnutls; then + einfo "SSL provided by gnutls" + myconf+=( --with-gnutls --with-nettle ) + fi + if use mbedtls || use curl_ssl_mbedtls; then + einfo "SSL provided by mbedtls" + myconf+=( --with-mbedtls ) + fi + if use nss || use curl_ssl_nss; then + einfo "SSL provided by nss" + myconf+=( --with-nss ) + fi + if use openssl || use curl_ssl_openssl; then + einfo "SSL provided by openssl" + myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs ) + fi + if use winssl || use curl_ssl_winssl; then + einfo "SSL provided by Windows" + myconf+=( --with-winssl ) + fi + + if use curl_ssl_gnutls; then + einfo "Default SSL provided by gnutls" + myconf+=( --with-default-ssl-backend=gnutls ) + elif use curl_ssl_mbedtls; then + einfo "Default SSL provided by mbedtls" + myconf+=( --with-default-ssl-backend=mbedtls ) + elif use curl_ssl_nss; then + einfo "Default SSL provided by nss" + myconf+=( --with-default-ssl-backend=nss ) + elif use curl_ssl_openssl; then + einfo "Default SSL provided by openssl" + myconf+=( --with-default-ssl-backend=openssl ) + elif use curl_ssl_winssl; then + einfo "Default SSL provided by Windows" + myconf+=( --with-default-ssl-backend=winssl ) + else + eerror "We can't be here because of REQUIRED_USE." + fi + + else + einfo "SSL disabled" + fi + + # These configuration options are organized alphabetically + # within each category. This should make it easier if we + # ever decide to make any of them contingent on USE flags: + # 1) protocols first. To see them all do + # 'grep SUPPORT_PROTOCOLS configure.ac' + # 2) --enable/disable options second. + # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort + # 3) --with/without options third. + # grep -- --with configure | grep Check | awk '{ print $4 }' | sort + + myconf+=( + $(use_enable alt-svc) + --enable-crypto-auth + --enable-dict + --disable-ech + --enable-file + $(use_enable ftp) + $(use_enable gopher) + $(use_enable hsts) + --enable-http + $(use_enable imap) + $(use_enable ldap) + $(use_enable ldap ldaps) + --enable-ntlm + --disable-ntlm-wb + $(use_enable pop3) + --enable-rt + --enable-rtsp + $(use_enable samba smb) + $(use_with ssh libssh2) + $(use_enable smtp) + $(use_enable telnet) + $(use_enable tftp) + --enable-tls-srp + $(use_enable adns ares) + --enable-cookies + --enable-dateparse + --enable-dnsshuffle + --enable-doh + --enable-hidden-symbols + --enable-http-auth + $(use_enable ipv6) + --enable-largefile + --enable-manual + --enable-mime + --enable-netrc + $(use_enable progress-meter) + --enable-proxy + --disable-sspi + $(use_enable static-libs static) + $(use_enable threads threaded-resolver) + $(use_enable threads pthreads) + --disable-versioned-symbols + --without-amissl + --without-bearssl + $(use_with brotli) + --without-cyassl + --without-fish-functions-dir + $(use_with http2 nghttp2) + --without-hyper + $(use_with idn libidn2) + $(use_with kerberos gssapi "${EPREFIX}"/usr) + --without-libgsasl + --without-libpsl + $(use_with nghttp3) + $(use_with nghttp3 ngtcp2) + $(use_with quiche) + $(use_with rtmp librtmp) + --without-rustls + --without-schannel + --without-secure-transport + --without-spnego + --without-winidn + --without-wolfssl + --with-zlib + $(use_with zstd) + ) + + ECONF_SOURCE="${S}" \ + econf "${myconf[@]}" + + if ! multilib_is_native_abi; then + # avoid building the client + sed -i -e '/SUBDIRS/s:src::' Makefile || die + sed -i -e '/SUBDIRS/s:scripts::' Makefile || die + fi + + # Fix up the pkg-config file to be more robust. + # https://github.com/curl/curl/issues/864 + local priv=() libs=() + # We always enable zlib. + libs+=( "-lz" ) + priv+=( "zlib" ) + if use http2; then + libs+=( "-lnghttp2" ) + priv+=( "libnghttp2" ) + fi + if use quiche; then + libs+=( "-lquiche" ) + priv+=( "quiche" ) + fi + if use nghttp3; then + libs+=( "-lnghttp3" "-lngtcp2" ) + priv+=( "libnghttp3" "-libtcp2" ) + fi + if use ssl && use curl_ssl_openssl; then + libs+=( "-lssl" "-lcrypto" ) + priv+=( "openssl" ) + fi + grep -q Requires.private libcurl.pc && die "need to update ebuild" + libs=$(printf '|%s' "${libs[@]}") + sed -i -r \ + -e "/^Libs.private/s:(${libs#|})( |$)::g" \ + libcurl.pc || die + echo "Requires.private: ${priv[*]}" >> libcurl.pc +} + +multilib_src_test() { + multilib_is_native_abi && default_src_test +} + +multilib_src_install_all() { + einstalldocs + find "${ED}" -type f -name '*.la' -delete || die + rm -rf "${ED}"/etc/ || die +} diff --git a/net-misc/curl/files/curl-7.79.0-http-3digit-response-code.patch b/net-misc/curl/files/curl-7.79.0-http-3digit-response-code.patch new file mode 100644 index 00000000000..1da4cebd4aa --- /dev/null +++ b/net-misc/curl/files/curl-7.79.0-http-3digit-response-code.patch @@ -0,0 +1,107 @@ +https://github.com/curl/curl/commit/beb8990d934a01acf103871e463d4e61afc9ded2 + +From: Daniel Stenberg <[email protected]> +Date: Fri, 17 Sep 2021 16:31:25 +0200 +Subject: [PATCH] http: fix the broken >3 digit response code detection + +When the "reason phrase" in the HTTP status line starts with a digit, +that was treated as the forth response code digit and curl would claim +the response to be non-compliant. + +Added test 1466 to verify this case. + +Regression brought by 5dc594e44f73b17 +Reported-by: Glenn de boer +Fixes #7738 +Closes #7739 +--- a/lib/http.c ++++ b/lib/http.c +@@ -4232,9 +4232,9 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, + char separator; + char twoorthree[2]; + int httpversion = 0; +- int digit4 = -1; /* should remain untouched to be good */ ++ char digit4 = 0; + nc = sscanf(HEADER1, +- " HTTP/%1d.%1d%c%3d%1d", ++ " HTTP/%1d.%1d%c%3d%c", + &httpversion_major, + &httpversion, + &separator, +@@ -4250,13 +4250,13 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, + + /* There can only be a 4th response code digit stored in 'digit4' if + all the other fields were parsed and stored first, so nc is 5 when +- digit4 is not -1 */ +- else if(digit4 != -1) { ++ digit4 a digit */ ++ else if(ISDIGIT(digit4)) { + failf(data, "Unsupported response code in HTTP response"); + return CURLE_UNSUPPORTED_PROTOCOL; + } + +- if((nc == 4) && (' ' == separator)) { ++ if((nc >= 4) && (' ' == separator)) { + httpversion += 10 * httpversion_major; + switch(httpversion) { + case 10: +--- a/tests/data/Makefile.inc ++++ b/tests/data/Makefile.inc +@@ -182,7 +182,7 @@ test1432 test1433 test1434 test1435 test1436 test1437 test1438 test1439 \ + test1440 test1441 test1442 test1443 test1444 test1445 test1446 test1447 \ + test1448 test1449 test1450 test1451 test1452 test1453 test1454 test1455 \ + test1456 test1457 test1458 test1459 test1460 test1461 test1462 test1463 \ +-test1464 test1465 \ ++test1464 test1465 test1466 \ + \ + test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1507 \ + test1508 test1509 test1510 test1511 test1512 test1513 test1514 test1515 \ +--- /dev/null ++++ b/tests/data/test1466 +@@ -0,0 +1,45 @@ ++<testcase> ++<info> ++<keywords> ++HTTP ++HTTP GET ++</keywords> ++</info> ++ ++<reply> ++<data> ++HTTP/1.1 405 405 ++Content-Length: 6 ++Connection: close ++ ++-foo- ++</data> ++</reply> ++ ++# ++# Client-side ++<client> ++<server> ++http ++</server> ++ ++<name> ++HTTP GET with 3-digit response and only digits in reason ++ </name> ++ <command> ++http://%HOSTIP:%HTTPPORT/%TESTNUMBER ++</command> ++</client> ++ ++# ++# Verify data after the test has been "shot" ++<verify> ++<protocol> ++GET /%TESTNUMBER HTTP/1.1 ++Host: %HOSTIP:%HTTPPORT ++User-Agent: curl/%VERSION ++Accept: */* ++ ++</protocol> ++</verify> ++</testcase> + diff --git a/net-misc/curl/files/curl-7.79.0-http2-connection-data.patch b/net-misc/curl/files/curl-7.79.0-http2-connection-data.patch new file mode 100644 index 00000000000..bdb1484d1b1 --- /dev/null +++ b/net-misc/curl/files/curl-7.79.0-http2-connection-data.patch @@ -0,0 +1,43 @@ +https://github.com/curl/curl/commit/901804ef95777b8e735a55b77f8dd630a58c575b + +From: Daniel Stenberg <[email protected]> +Date: Thu, 16 Sep 2021 08:50:54 +0200 +Subject: [PATCH] Curl_http2_setup: don't change connection data on repeat + invokes + +Regression from 3cb8a748670ab88c (releasde in 7.79.0). That change moved +transfer oriented inits to before the check but also erroneously moved a +few connection oriented ones, which causes problems. + +Reported-by: Evangelos Foutras +Fixes #7730 +Closes #7731 +--- a/lib/http2.c ++++ b/lib/http2.c +@@ -2221,12 +2221,6 @@ CURLcode Curl_http2_setup(struct Curl_easy *data, + stream->mem = data->state.buffer; + stream->len = data->set.buffer_size; + +- httpc->inbuflen = 0; +- httpc->nread_inbuf = 0; +- +- httpc->pause_stream_id = 0; +- httpc->drain_total = 0; +- + multi_connchanged(data->multi); + /* below this point only connection related inits are done, which only needs + to be done once per connection */ +@@ -2252,6 +2246,12 @@ CURLcode Curl_http2_setup(struct Curl_easy *data, + conn->httpversion = 20; + conn->bundle->multiuse = BUNDLE_MULTIPLEX; + ++ httpc->inbuflen = 0; ++ httpc->nread_inbuf = 0; ++ ++ httpc->pause_stream_id = 0; ++ httpc->drain_total = 0; ++ + infof(data, "Connection state changed (HTTP/2 confirmed)"); + + return CURLE_OK; +
