commit: 931a75d893debd7a88d4b949e6a872463e798642
Author: Matt Jolly <Matt.Jolly <AT> footclan <DOT> ninja>
AuthorDate: Sat Jul 22 22:58:54 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Jul 23 01:36:55 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=931a75d8
net-misc/curl: add 8.2.0-r1
Signed-off-by: Matt Jolly <Matt.Jolly <AT> footclan.ninja>
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-misc/curl/curl-8.2.0-r1.ebuild | 353 ++++++++++++++++++++++++
net-misc/curl/files/curl-8.2.0-basic-auth.patch | 127 +++++++++
net-misc/curl/files/curl-8.2.0-http2-eof.patch | 32 +++
3 files changed, 512 insertions(+)
diff --git a/net-misc/curl/curl-8.2.0-r1.ebuild
b/net-misc/curl/curl-8.2.0-r1.ebuild
new file mode 100644
index 000000000000..11500ccb756e
--- /dev/null
+++ b/net-misc/curl/curl-8.2.0-r1.ebuild
@@ -0,0 +1,353 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/danielstenberg.asc
+inherit autotools multilib-minimal multiprocessing prefix toolchain-funcs
verify-sig
+
+DESCRIPTION="A Client that groks URLs"
+HOMEPAGE="https://curl.se/";
+
+if [[ ${PV} == 9999 ]]; then
+ inherit git-r3
+ EGIT_REPO_URI="https://github.com/curl/curl.git";
+else
+ SRC_URI="
+ https://curl.se/download/${P}.tar.xz
+ verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )
+ "
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc
~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos
~x64-macos ~x64-solaris"
+fi
+
+LICENSE="curl"
+SLOT="0"
+IUSE="+adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap kerberos
ldap mbedtls nss +openssl +pop3 +progress-meter rtmp rustls samba +smtp ssh ssl
sslv3 static-libs test telnet +tftp websockets zstd"
+# These select the default SSL implementation
+IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl
curl_ssl_rustls"
+IUSE+=" nghttp3"
+RESTRICT="!test? ( test )"
+
+# Only one default ssl provider can be enabled
+# The default ssl provider needs its USE satisfied
+REQUIRED_USE="
+ ssl? (
+ ^^ (
+ curl_ssl_gnutls
+ curl_ssl_mbedtls
+ curl_ssl_nss
+ curl_ssl_openssl
+ curl_ssl_rustls
+ )
+ )
+ curl_ssl_gnutls? ( gnutls )
+ curl_ssl_mbedtls? ( mbedtls )
+ curl_ssl_nss? ( nss )
+ curl_ssl_openssl? ( openssl )
+ curl_ssl_rustls? ( rustls )
+"
+
+RDEPEND="
+ sys-libs/zlib[${MULTILIB_USEDEP}]
+ adns? ( net-dns/c-ares:=[${MULTILIB_USEDEP}] )
+ brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
+ http2? ( >=net-libs/nghttp2-1.15.0:=[${MULTILIB_USEDEP}] )
+ idn? ( net-dns/libidn2:=[static-libs?,${MULTILIB_USEDEP}] )
+ kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
+ ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] )
+ nghttp3? (
+ net-libs/nghttp3[${MULTILIB_USEDEP}]
+ net-libs/ngtcp2[ssl,${MULTILIB_USEDEP}]
+ )
+ rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
+ ssh? ( net-libs/libssh2[${MULTILIB_USEDEP}] )
+ ssl? (
+ gnutls? (
+ app-misc/ca-certificates
+ net-libs/gnutls:=[static-libs?,${MULTILIB_USEDEP}]
+ dev-libs/nettle:=[${MULTILIB_USEDEP}]
+ )
+ mbedtls? (
+ app-misc/ca-certificates
+ net-libs/mbedtls:=[${MULTILIB_USEDEP}]
+ )
+ nss? (
+ app-misc/ca-certificates
+ dev-libs/nss[${MULTILIB_USEDEP}]
+ dev-libs/nss-pem
+ )
+ openssl? (
+
dev-libs/openssl:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
+ )
+ rustls? (
+ net-libs/rustls-ffi:=[${MULTILIB_USEDEP}]
+ )
+ )
+ zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )
+"
+DEPEND="${RDEPEND}"
+BDEPEND="
+ dev-lang/perl
+ virtual/pkgconfig
+ test? (
+ sys-apps/diffutils
+ http2? ( >=net-libs/nghttp2-1.15.0:=[utils,${MULTILIB_USEDEP}] )
+ nghttp3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] )
+ )
+ verify-sig? ( sec-keys/openpgp-keys-danielstenberg )
+"
+
+DOCS=( CHANGES README
docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
+
+MULTILIB_WRAPPED_HEADERS=(
+ /usr/include/curl/curlbuild.h
+)
+
+MULTILIB_CHOST_TOOLS=(
+ /usr/bin/curl-config
+)
+
+QA_CONFIG_IMPL_DECL_SKIP=(
+ __builtin_available
+ closesocket
+ CloseSocket
+ getpass_r
+ ioctlsocket
+ IoctlSocket
+ mach_absolute_time
+ setmode
+)
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-prefix.patch
+ "${FILESDIR}"/${PN}-respect-cflags-3.patch
+ "${FILESDIR}"/${PN}-8.2.0-basic-auth.patch
+ "${FILESDIR}"/${PN}-8.2.0-http2-eof.patch
+)
+
+src_prepare() {
+ default
+
+ eprefixify curl-config.in
+ eautoreconf
+}
+
+multilib_src_configure() {
+ # We make use of the fact that later flags override earlier ones
+ # So start with all ssl providers off until proven otherwise
+ # TODO: in the future, we may want to add wolfssl
(https://www.wolfssl.com/)
+ local myconf=()
+
+ myconf+=( --without-ca-fallback
--with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
+ if use ssl; then
+ myconf+=( --without-gnutls --without-mbedtls --without-nss
--without-rustls )
+
+ if use gnutls; then
+ multilib_is_native_abi && einfo "SSL provided by gnutls"
+ myconf+=( --with-gnutls )
+ fi
+ if use mbedtls; then
+ multilib_is_native_abi && einfo "SSL provided by
mbedtls"
+ myconf+=( --with-mbedtls )
+ fi
+ if use nss; then
+ multilib_is_native_abi && einfo "SSL provided by nss"
+ myconf+=( --with-nss --with-nss-deprecated )
+ fi
+ if use openssl; then
+ multilib_is_native_abi && einfo "SSL provided by
openssl"
+ myconf+=( --with-ssl
--with-ca-path="${EPREFIX}"/etc/ssl/certs )
+ fi
+ if use rustls; then
+ multilib_is_native_abi && einfo "SSL provided by rustls"
+ myconf+=( --with-rustls )
+ fi
+ if use curl_ssl_gnutls; then
+ multilib_is_native_abi && einfo "Default SSL provided
by gnutls"
+ myconf+=( --with-default-ssl-backend=gnutls )
+ elif use curl_ssl_mbedtls; then
+ multilib_is_native_abi && einfo "Default SSL provided
by mbedtls"
+ myconf+=( --with-default-ssl-backend=mbedtls )
+ elif use curl_ssl_nss; then
+ multilib_is_native_abi && einfo "Default SSL provided
by nss"
+ myconf+=( --with-default-ssl-backend=nss )
+ elif use curl_ssl_openssl; then
+ multilib_is_native_abi && einfo "Default SSL provided
by openssl"
+ myconf+=( --with-default-ssl-backend=openssl )
+ elif use curl_ssl_rustls; then
+ multilib_is_native_abi && einfo "Default SSL provided
by rustls"
+ myconf+=( --with-default-ssl-backend=rustls )
+ else
+ eerror "We can't be here because of REQUIRED_USE."
+ die "Please file a bug, hit impossible condition w/
USE=ssl handling."
+ fi
+
+ else
+ myconf+=( --without-ssl )
+ einfo "SSL disabled"
+ fi
+
+ # These configuration options are organized alphabetically
+ # within each category. This should make it easier if we
+ # ever decide to make any of them contingent on USE flags:
+ # 1) protocols first. To see them all do
+ # 'grep SUPPORT_PROTOCOLS configure.ac'
+ # 2) --enable/disable options second.
+ # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
+ # 3) --with/without options third.
+ # grep -- --with configure | grep Check | awk '{ print $4 }' | sort
+
+ myconf+=(
+ $(use_enable alt-svc)
+ --enable-crypto-auth
+ --enable-dict
+ --disable-ech
+ --enable-file
+ $(use_enable ftp)
+ $(use_enable gopher)
+ $(use_enable hsts)
+ --enable-http
+ $(use_enable imap)
+ $(use_enable ldap)
+ $(use_enable ldap ldaps)
+ --enable-ntlm
+ --disable-ntlm-wb
+ $(use_enable pop3)
+ --enable-rt
+ --enable-rtsp
+ $(use_enable samba smb)
+ $(use_with ssh libssh2)
+ $(use_enable smtp)
+ $(use_enable telnet)
+ $(use_enable tftp)
+ --enable-tls-srp
+ $(use_enable adns ares)
+ --enable-cookies
+ --enable-dateparse
+ --enable-dnsshuffle
+ --enable-doh
+ --enable-symbol-hiding
+ --enable-http-auth
+ --enable-ipv6
+ --enable-largefile
+ --enable-manual
+ --enable-mime
+ --enable-netrc
+ $(use_enable progress-meter)
+ --enable-proxy
+ --enable-socketpair
+ --disable-sspi
+ $(use_enable static-libs static)
+ --enable-pthreads
+ --enable-threaded-resolver
+ --disable-versioned-symbols
+ --without-amissl
+ --without-bearssl
+ $(use_with brotli)
+
--with-fish-functions-dir="${EPREFIX}"/usr/share/fish/vendor_completions.d
+ $(use_with http2 nghttp2)
+ --without-hyper
+ $(use_with idn libidn2)
+ $(use_with kerberos gssapi "${EPREFIX}"/usr)
+ --without-libgsasl
+ --without-libpsl
+ --without-msh3
+ $(use_with nghttp3)
+ $(use_with nghttp3 ngtcp2)
+ --without-quiche
+ $(use_with rtmp librtmp)
+ --without-schannel
+ --without-secure-transport
+ --without-test-caddy
+ --without-test-httpd
+ --without-test-nghttpx
+ $(use_enable websockets)
+ --without-winidn
+ --without-wolfssl
+ --with-zlib
+ $(use_with zstd)
+
--with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions
+ )
+
+ if use test && multilib_is_native_abi && ( use http2 || use nghttp3 );
then
+ myconf+=(
+ --with-test-nghttpx="${BROOT}/usr/bin/nghttpx"
+ )
+ fi
+
+ ECONF_SOURCE="${S}" econf "${myconf[@]}"
+
+ if ! multilib_is_native_abi; then
+ # Avoid building the client (we just want libcurl for multilib)
+ sed -i -e '/SUBDIRS/s:src::' Makefile || die
+ sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
+ fi
+
+ # Fix up the pkg-config file to be more robust.
+ # https://github.com/curl/curl/issues/864
+ local priv=() libs=()
+ # We always enable zlib.
+ libs+=( "-lz" )
+ priv+=( "zlib" )
+ if use http2; then
+ libs+=( "-lnghttp2" )
+ priv+=( "libnghttp2" )
+ fi
+ if use nghttp3; then
+ libs+=( "-lnghttp3" "-lngtcp2" )
+ priv+=( "libnghttp3" "libngtcp2" )
+ fi
+ if use ssl && use curl_ssl_openssl; then
+ libs+=( "-lssl" "-lcrypto" )
+ priv+=( "openssl" )
+ fi
+ grep -q Requires.private libcurl.pc && die "need to update ebuild"
+ libs=$(printf '|%s' "${libs[@]}")
+ sed -i -r \
+ -e "/^Libs.private/s:(${libs#|})( |$)::g" \
+ libcurl.pc || die
+ echo "Requires.private: ${priv[*]}" >> libcurl.pc || die
+}
+
+multilib_src_compile() {
+ default
+
+ if multilib_is_native_abi; then
+ # Shell completions
+ ! tc-is-cross-compiler && emake -C scripts
+ fi
+}
+
+# There is also a pytest harness that tests for bugs in some very specific
+# situations; we can rely on upstream for this rather than adding additional
test deps.
+multilib_src_test() {
+ # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
+ # -n: no valgrind (unreliable in sandbox and doesn't work correctly on
all arches)
+ # -v: verbose
+ # -a: keep going on failure (so we see everything which breaks, not
just 1st test)
+ # -k: keep test files after completion
+ # -am: automake style TAP output
+ # -p: print logs if test fails
+ # Note: if needed, we can skip specific tests. See e.g. Fedora's
packaging
+ # or just read https://github.com/curl/curl/tree/master/tests#run.
+ # Note: we don't run the testsuite for cross-compilation.
+ # Upstream recommend 7*nproc as a starting point for parallel tests.
+ # The network sandbox causes tests 241 and 1083 to fail; these are
typically skipped
+ # as most gentoo users don't have an 'ip6-localhost'
+ multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p
-j$((7*$(makeopts_jobs))) !241 !1083"
+}
+
+multilib_src_install() {
+ emake DESTDIR="${D}" install
+
+ if multilib_is_native_abi; then
+ # Shell completions
+ ! tc-is-cross-compiler && emake -C scripts DESTDIR="${D}"
install
+ fi
+}
+
+multilib_src_install_all() {
+ einstalldocs
+ find "${ED}" -type f -name '*.la' -delete || die
+ rm -rf "${ED}"/etc/ || die
+}
diff --git a/net-misc/curl/files/curl-8.2.0-basic-auth.patch
b/net-misc/curl/files/curl-8.2.0-basic-auth.patch
new file mode 100644
index 000000000000..899ffb75a878
--- /dev/null
+++ b/net-misc/curl/files/curl-8.2.0-basic-auth.patch
@@ -0,0 +1,127 @@
+Patch-Source: https://github.com/curl/curl/pull/11492
+--
+From 0470577eb4524f09d245e9e6afd42ba8677a5a19 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <[email protected]>
+Date: Thu, 20 Jul 2023 23:20:50 +0200
+Subject: [PATCH 1/2] test979: test -u with redirect to (the same) absolute
+ host
+
+---
+ tests/data/Makefile.inc | 1 +
+ tests/data/test979 | 64 +++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 65 insertions(+)
+ create mode 100644 tests/data/test979
+
+diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
+index 8ee1394d4e562..12aefb14c0d1b 100644
+--- a/tests/data/Makefile.inc
++++ b/tests/data/Makefile.inc
+@@ -122,6 +122,7 @@ test943 test944 test945 test946 test947 test948 test949
test950 test951 \
+ test952 test953 test954 test955 test956 test957 test958 test959 test960 \
+ test961 test962 test963 test964 test965 test966 test967 test968 test969 \
+ test970 test971 test972 test973 test974 test975 test976 test977 test978 \
++test979 \
+ \
+ test980 test981 test982 test983 test984 test985 test986 test987 test988 \
+ test989 \
+diff --git a/tests/data/test979 b/tests/data/test979
+new file mode 100644
+index 0000000000000..40cc35044d9f6
+--- /dev/null
++++ b/tests/data/test979
+@@ -0,0 +1,64 @@
++<testcase>
++<info>
++<keywords>
++HTTP
++HTTP GET
++Basic
++</keywords>
++</info>
++
++#
++# Server-side
++<reply>
++<data crlf="yes" nocheck="yes">
++HTTP/1.1 302 go go go
++Content-Length: 8
++Location: http://%HOSTIP:%HTTPPORT/user/%TESTNUMBER0002
++Content-Type: text/html
++Funny-head: yesyes
++
++notreal
++</data>
++<data2 crlf="yes">
++HTTP/1.1 200 OK
++Content-Length: 6
++Content-Type: text/html
++Funny-head: yesyes
++
++final
++</data2>
++</reply>
++
++#
++# Client-side
++<client>
++<server>
++http
++</server>
++<name>
++-u with redirect to absolute URL using same origin and auth
++</name>
++<command>
++http://first:secret@%HOSTIP:%HTTPPORT/%TESTNUMBER -L -u smith:doggie
++</command>
++</client>
++
++#
++# Verify data after the test has been "shot"
++<verify>
++<protocol crlf="yes">
++GET /%TESTNUMBER HTTP/1.1
++Host: %HOSTIP:%HTTPPORT
++Authorization: Basic c21pdGg6ZG9nZ2ll
++User-Agent: curl/%VERSION
++Accept: */*
++
++GET /user/%TESTNUMBER0002 HTTP/1.1
++Host: %HOSTIP:%HTTPPORT
++Authorization: Basic c21pdGg6ZG9nZ2ll
++User-Agent: curl/%VERSION
++Accept: */*
++
++</protocol>
++</verify>
++</testcase>
+
+From c1effdfe658ae505e8ea65e5f46d810c4b8d81cb Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <[email protected]>
+Date: Thu, 20 Jul 2023 23:28:19 +0200
+Subject: [PATCH 2/2] transfer: do not clear the credentials on redirect to
+ absolute URL
+
+Makes test 979 work. Regression shipped in 8.2.0 from commit
+dd4d1a26959f63a2c
+
+Fixes #11486
+Reported-by: Cloudogu Siebels
+---
+ lib/transfer.c | 4 ----
+ 1 file changed, 4 deletions(-)
+
+diff --git a/lib/transfer.c b/lib/transfer.c
+index 52cd6a0153673..b678004b95ad2 100644
+--- a/lib/transfer.c
++++ b/lib/transfer.c
+@@ -1558,10 +1558,6 @@ CURLcode Curl_follow(struct Curl_easy *data,
+ /* If this is not redirect due to a 401 or 407 response and an absolute
+ URL: don't allow a custom port number */
+ disallowport = TRUE;
+- if(!data->set.allow_auth_to_other_hosts) {
+- Curl_safefree(data->state.aptr.user);
+- Curl_safefree(data->state.aptr.passwd);
+- }
+ }
+
+ DEBUGASSERT(data->state.uh);
diff --git a/net-misc/curl/files/curl-8.2.0-http2-eof.patch
b/net-misc/curl/files/curl-8.2.0-http2-eof.patch
new file mode 100644
index 000000000000..0040a3c6560e
--- /dev/null
+++ b/net-misc/curl/files/curl-8.2.0-http2-eof.patch
@@ -0,0 +1,32 @@
+Patch-Source:
https://github.com/curl/curl/commit/f9314f317f017e19e1802ce04ceeae620ca2cd71
+--
+From: Stefan Eissing <[email protected]>
+Date: Thu, 20 Jul 2023 13:08:00 +0200
+Subject: [PATCH] http2: fix regression on upload EOF handling
+
+- a regression introduced by c9ec85121110d7cbbbed2990024222c8f5b8afe5
+ where optimization of small POST bodies leads to a new code path
+ for such uploads that did not trigger the "done sending" event
+- add triggering this event for early "upload_done" situations
+
+Fixes #11485
+Closes #11487
+Reported-by: Aleksander Mazur
+---
+ lib/http.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/lib/http.c b/lib/http.c
+index f851bcd4a3443..e04028b3fec54 100644
+--- a/lib/http.c
++++ b/lib/http.c
+@@ -3380,6 +3380,9 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done)
+ }
+ }
+
++ if(data->req.upload_done)
++ Curl_conn_ev_data_done_send(data);
++
+ if((conn->httpversion >= 20) && data->req.upload_chunky)
+ /* upload_chunky was set above to set up the request in a chunky fashion,
+ but is disabled here again to avoid that the chunked encoded version is
