diff --git a/sdk_container/src/third_party/portage-stable/net-misc/curl/Manifest b/sdk_container/src/third_party/portage-stable/net-misc/curl/Manifest index ade38f0e36..69bad276f1 100644 --- a/sdk_container/src/third_party/portage-stable/net-misc/curl/Manifest +++ b/sdk_container/src/third_party/portage-stable/net-misc/curl/Manifest @@ -1,8 +1,6 @@ -DIST curl-7.79.1.tar.xz 2465212 BLAKE2B 2b694f96661c0aa0a136fdae4159e0ca8e811557c5a1f0b47cccaaad122f3ddbdaa6450c3835290955baf9357e872ee105a8cb0912064af3d3e38d16beb124ad SHA512 1edb71647a7f4dbb070baf1a019b4751aefeda793ff523c504410bb5cc74e5bffc52f20dd889697d1585f9ca3c4e81b1a9caadd182c30c8358ffd25f33e4db4d -DIST curl-7.79.1.tar.xz.asc 488 BLAKE2B cf1864b15ee4b47a61a03968c4fd9526d4c8d0c5a8a0a1357de61758640e6dfda57334df1e63afd94c0064b7e61527623dd20446b27fa0130e0bf92c647d9820 SHA512 4f7930fde0a21358cf0bd8d5cbde5a05efc34202265b4744e59f49d9dc269987f47b4ead77c33e2ae03acabd7b6d6a731c69b91999eea70542f49d9ea0c2ba94 -DIST curl-7.83.1.tar.xz 2474940 BLAKE2B 491427b12f082c2246ef6cb2a129340079db28bd93b4381889e7328bef1d61a79bb57cba4b8372759baa4f6e77644966ed95cfa8f839ee9db634786757fb1ce0 SHA512 2f63327d6d3687ba36fb7b8d5d3d15599eca33ebfb08681613612ea9c4b629d3b6ce4d2742fa1ebd7a997ed332001d3a4c798985f9277c83b9e7a9aecdb1b1ee -DIST curl-7.83.1.tar.xz.asc 488 BLAKE2B 78f7a6d9a32cab97e9ce26430eb2be2bc4e20552cf8c59238f30f127e9d7af5b4f9808c3fe0846c18c8f7a67b49f2f75d865d17b7760bb664872934799949441 SHA512 f0d29de315488c844eb81ed5a89ed6334910970224c8cac43e7e6f2d58c35ad0064c0b6122e69b3a34ce91f4b56873c63e2e8aea1c602ef40711bfd62a01b191 DIST curl-7.84.0.tar.xz 2477944 BLAKE2B 811a63285f39a598bc4fd73ae4b8e23e5146b93dcf3eea805345792b7dddd85bbd54240d9871a0dc9f058d58fd7ea7f4efbcb82727218e8afaaae3600bad55e1 SHA512 86231866a35593a1637fbc0c6af3b6761bdfd99fb35580cc52970c36f19604f93dce59fea67a1d5bb4b455f719307599c7916c77d14f2b661f6bf7fb1ca716ce DIST curl-7.84.0.tar.xz.asc 488 BLAKE2B d74dea89fa89b6ed0a928e01987669f7dde0bcbb30423ea0f3af9f31eea1e059d458629d80455d772264d744fab236d4f506545afa1bfbd6ded7e2b27192a7c8 SHA512 80ff5274277ad97448fa53511bab6e8a1c302bcb25fc0916d78b8dc6c6af43d944c37c4ed46668b651cc639ec4964780725117ca0e85168ea66ad7cc98d29702 DIST curl-7.85.0.tar.xz 2480648 BLAKE2B 7d0e0212541c05352040391b400e0314e0d38a96b199dfd70ccaaca3fd7f809b7ed96b877c4663c06fc05c483468521458255dcf025226f1bdf4d6c9dd9b8873 SHA512 b57cc31649a4f47cc4b482f56a85c86c8e8aaeaf01bc1b51b065fdb9145a9092bc52535e52a85a66432eb163605b2edbf5bc5c33ea6e40e50f26a69ad1365cbd DIST curl-7.85.0.tar.xz.asc 488 BLAKE2B 8fb84955ee458af7f2cecef4b48c5375db2e8179e5c17a5215a4a92e28e5ec7dd59a9dc057563643016c683e547a04c494276e16d113dbd498f94b7a7183e1e3 SHA512 7022daf84b330b24112d595edee715cdeb881a4ba8a4fa7eec23aed28292e5d943af778f03aadd036d44d875f9e226096ea142d18afe516b6bdbd475fcd3aca6 +DIST curl-7.86.0.tar.xz 2518356 BLAKE2B a1de7feb229de42bf1deeb5017f97df3b1c10c75fac99bcd0cd21a5dc69b6d8b62520744106d6a113c7a86bd6731dba536a263aabfa22be50d520c43e894acce SHA512 18e03a3c00f22125e07bddb18becbf5acdca22baeb7b29f45ef189a5c56f95b2d51247813f7a9a90f04eb051739e9aa7d3a1c5be397bae75d763a2b918d1b656 +DIST curl-7.86.0.tar.xz.asc 488 BLAKE2B a9abe2f3af801b3a48be7db09cb82b6bb83bd26a9d5caf51c0d5a4a2e6881fb478f1768a6b71efbd9283563e2c7e2badbc5a6d6df265013e14eee2ec7e9be148 SHA512 9e97d5f44b3c856f401fe30ba713e1ca1f74edfc693dc42f1ce8e43f9f6dd4bf6998c579bc9c5d0f749f475a7d67d232e92ab6f89b95141acdb53e149f2312f0 diff --git a/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.85.0-r2.ebuild b/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.85.0-r2.ebuild index 76793e314e..e3072f28ea 100644 --- a/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.85.0-r2.ebuild +++ b/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.85.0-r2.ebuild @@ -12,7 +12,7 @@ SRC_URI="https://curl.haxx.se/download/${P}.tar.xz LICENSE="curl" SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +KEYWORDS="~alpha ~amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" IUSE="+adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap ipv6 kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp samba +smtp ssh ssl sslv3 static-libs test telnet +tftp zstd" IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl" IUSE+=" nghttp3 quiche" @@ -58,7 +58,7 @@ RDEPEND="ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] ) net-libs/nghttp3[${MULTILIB_USEDEP}] net-libs/ngtcp2[ssl,${MULTILIB_USEDEP}] ) - quiche? ( >=net-libs/quiche-0.3.0[${MULTILIB_USEDEP}] ) + quiche? ( >=net-libs/quiche-0.15.0[${MULTILIB_USEDEP}] ) idn? ( net-dns/libidn2:0=[static-libs?,${MULTILIB_USEDEP}] ) adns? ( net-dns/c-ares:0=[${MULTILIB_USEDEP}] ) kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] ) diff --git a/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.79.1-r1.ebuild b/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.86.0-r1.ebuild similarity index 82% rename from sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.79.1-r1.ebuild rename to sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.86.0-r1.ebuild index ac8292e30c..5ab554508b 100644 --- a/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.79.1-r1.ebuild +++ b/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.86.0-r1.ebuild @@ -1,7 +1,7 @@ # Copyright 1999-2022 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI="7" +EAPI="8" inherit autotools prefix multilib-minimal verify-sig @@ -12,24 +12,20 @@ SRC_URI="https://curl.haxx.se/download/${P}.tar.xz LICENSE="curl" SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -IUSE="adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap ipv6 kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp samba +smtp ssh ssl sslv3 static-libs test telnet +tftp threads winssl zstd" -IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_winssl" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +IUSE="+adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap ipv6 kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd" +IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl" IUSE+=" nghttp3 quiche" VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/danielstenberg.asc -# c-ares must be disabled for threads -# only one default ssl provider can be enabled +# Only one default ssl provider can be enabled REQUIRED_USE=" - winssl? ( elibc_Winnt ) - threads? ( !adns ) ssl? ( ^^ ( curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss curl_ssl_openssl - curl_ssl_winssl ) )" @@ -53,6 +49,7 @@ RDEPEND="ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] ) ) nss? ( dev-libs/nss:0[${MULTILIB_USEDEP}] + dev-libs/nss-pem app-misc/ca-certificates ) ) @@ -77,15 +74,11 @@ RDEPEND="ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] ) # curl_ssl_openssl? ( media-video/rtmpdump[-gnutls,ssl] ) # ) -# ssl providers to be added: -# fbopenssl $(use_with spnego) - DEPEND="${RDEPEND}" BDEPEND="dev-lang/perl virtual/pkgconfig test? ( sys-apps/diffutils - dev-lang/perl ) verify-sig? ( sec-keys/openpgp-keys-danielstenberg )" @@ -102,6 +95,8 @@ MULTILIB_CHOST_TOOLS=( PATCHES=( "${FILESDIR}"/${PN}-7.30.0-prefix.patch "${FILESDIR}"/${PN}-respect-cflags-3.patch + "${FILESDIR}"/${P}-proxy-noproxy-tailmatching.patch + "${FILESDIR}"/${P}-proxy-noproxy-match-comma.patch ) src_prepare() { @@ -117,7 +112,7 @@ multilib_src_configure() { # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/) local myconf=() - myconf+=( --without-gnutls --without-mbedtls --without-nss --without-polarssl --without-ssl --without-winssl ) + myconf+=( --without-gnutls --without-mbedtls --without-nss --without-ssl ) myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt ) #myconf+=( --without-default-ssl-backend ) if use ssl ; then @@ -131,16 +126,12 @@ multilib_src_configure() { fi if use nss || use curl_ssl_nss; then einfo "SSL provided by nss" - myconf+=( --with-nss ) + myconf+=( --with-nss --with-nss-deprecated ) fi if use openssl || use curl_ssl_openssl; then einfo "SSL provided by openssl" myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs ) fi - if use winssl || use curl_ssl_winssl; then - einfo "SSL provided by Windows" - myconf+=( --with-winssl ) - fi if use curl_ssl_gnutls; then einfo "Default SSL provided by gnutls" @@ -154,9 +145,6 @@ multilib_src_configure() { elif use curl_ssl_openssl; then einfo "Default SSL provided by openssl" myconf+=( --with-default-ssl-backend=openssl ) - elif use curl_ssl_winssl; then - einfo "Default SSL provided by Windows" - myconf+=( --with-default-ssl-backend=winssl ) else eerror "We can't be here because of REQUIRED_USE." fi @@ -204,7 +192,7 @@ multilib_src_configure() { --enable-dateparse --enable-dnsshuffle --enable-doh - --enable-hidden-symbols + --enable-symbol-hiding --enable-http-auth $(use_enable ipv6) --enable-largefile @@ -215,13 +203,12 @@ multilib_src_configure() { --enable-proxy --disable-sspi $(use_enable static-libs static) - $(use_enable threads threaded-resolver) - $(use_enable threads pthreads) + --enable-pthreads + --enable-threaded-resolver --disable-versioned-symbols --without-amissl --without-bearssl $(use_with brotli) - --without-cyassl --without-fish-functions-dir $(use_with http2 nghttp2) --without-hyper @@ -229,6 +216,7 @@ multilib_src_configure() { $(use_with kerberos gssapi "${EPREFIX}"/usr) --without-libgsasl --without-libpsl + --without-msh3 $(use_with nghttp3) $(use_with nghttp3 ngtcp2) $(use_with quiche) @@ -236,15 +224,14 @@ multilib_src_configure() { --without-rustls --without-schannel --without-secure-transport - --without-spnego + $(use_enable websockets) --without-winidn --without-wolfssl --with-zlib $(use_with zstd) ) - ECONF_SOURCE="${S}" \ - econf "${myconf[@]}" + ECONF_SOURCE="${S}" econf "${myconf[@]}" if ! multilib_is_native_abi; then # avoid building the client @@ -279,11 +266,20 @@ multilib_src_configure() { sed -i -r \ -e "/^Libs.private/s:(${libs#|})( |$)::g" \ libcurl.pc || die - echo "Requires.private: ${priv[*]}" >> libcurl.pc + echo "Requires.private: ${priv[*]}" >> libcurl.pc || die } multilib_src_test() { - multilib_is_native_abi && default_src_test + # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721 + # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches) + # -v: verbose + # -a: keep going on failure (so we see everything which breaks, not just 1st test) + # -k: keep test files after completion + # -am: automake style TAP output + # -p: print logs if test fails + # Note: if needed, we can disable tests. See e.g. Fedora's packaging + # or just read https://github.com/curl/curl/tree/master/tests#run. + multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p" } multilib_src_install_all() { diff --git a/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.83.1.ebuild b/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.86.0.ebuild similarity index 91% rename from sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.83.1.ebuild rename to sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.86.0.ebuild index a3fd859195..4dbd6a99bb 100644 --- a/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.83.1.ebuild +++ b/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.86.0.ebuild @@ -12,16 +12,14 @@ SRC_URI="https://curl.haxx.se/download/${P}.tar.xz LICENSE="curl" SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -IUSE="adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap ipv6 kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp samba +smtp ssh ssl sslv3 static-libs test telnet +tftp threads zstd" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +IUSE="+adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap ipv6 kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd" IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl" IUSE+=" nghttp3 quiche" VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/danielstenberg.asc -# c-ares must be disabled for threads -# only one default ssl provider can be enabled +# Only one default ssl provider can be enabled REQUIRED_USE=" - threads? ( !adns ) ssl? ( ^^ ( curl_ssl_gnutls @@ -51,6 +49,7 @@ RDEPEND="ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] ) ) nss? ( dev-libs/nss:0[${MULTILIB_USEDEP}] + dev-libs/nss-pem app-misc/ca-certificates ) ) @@ -202,8 +201,8 @@ multilib_src_configure() { --enable-proxy --disable-sspi $(use_enable static-libs static) - $(use_enable threads threaded-resolver) - $(use_enable threads pthreads) + --enable-pthreads + --enable-threaded-resolver --disable-versioned-symbols --without-amissl --without-bearssl @@ -223,14 +222,14 @@ multilib_src_configure() { --without-rustls --without-schannel --without-secure-transport + $(use_enable websockets) --without-winidn --without-wolfssl --with-zlib $(use_with zstd) ) - ECONF_SOURCE="${S}" \ - econf "${myconf[@]}" + ECONF_SOURCE="${S}" econf "${myconf[@]}" if ! multilib_is_native_abi; then # avoid building the client @@ -265,7 +264,7 @@ multilib_src_configure() { sed -i -r \ -e "/^Libs.private/s:(${libs#|})( |$)::g" \ libcurl.pc || die - echo "Requires.private: ${priv[*]}" >> libcurl.pc + echo "Requires.private: ${priv[*]}" >> libcurl.pc || die } multilib_src_test() { diff --git a/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-7.86.0-proxy-noproxy-match-comma.patch b/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-7.86.0-proxy-noproxy-match-comma.patch new file mode 100644 index 0000000000..6c8f4067e8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-7.86.0-proxy-noproxy-match-comma.patch @@ -0,0 +1,86 @@ +https://bugs.gentoo.org/878365#c2 +https://github.com/curl/curl/issues/9813 +https://github.com/curl/curl/commit/efc286b7a62af0568fdcbf3c68791c9955182128 + +From efc286b7a62af0568fdcbf3c68791c9955182128 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Thu, 27 Oct 2022 13:54:27 +0200 +Subject: [PATCH] noproxy: also match with adjacent comma + +If the host name is an IP address and the noproxy string contained that +IP address with a following comma, it would erroneously not match. + +Extended test 1614 to verify this combo as well. + +Reported-by: Henning Schild + +Fixes #9813 +Closes #9814 +--- a/lib/noproxy.c ++++ b/lib/noproxy.c +@@ -192,18 +192,22 @@ bool Curl_check_noproxy(const char *name, const char *no_proxy) + /* FALLTHROUGH */ + case TYPE_IPV6: { + const char *check = token; +- char *slash = strchr(check, '/'); ++ char *slash; + unsigned int bits = 0; + char checkip[128]; ++ if(tokenlen >= sizeof(checkip)) ++ /* this cannot match */ ++ break; ++ /* copy the check name to a temp buffer */ ++ memcpy(checkip, check, tokenlen); ++ checkip[tokenlen] = 0; ++ check = checkip; ++ ++ slash = strchr(check, '/'); + /* if the slash is part of this token, use it */ +- if(slash && (slash < &check[tokenlen])) { ++ if(slash) { + bits = atoi(slash + 1); +- /* copy the check name to a temp buffer */ +- if(tokenlen >= sizeof(checkip)) +- break; +- memcpy(checkip, check, tokenlen); +- checkip[ slash - check ] = 0; +- check = checkip; ++ *slash = 0; /* null terminate there */ + } + if(type == TYPE_IPV6) + match = Curl_cidr6_match(name, check, bits); +--- a/tests/data/test1614 ++++ b/tests/data/test1614 +@@ -16,7 +16,7 @@ unittest + proxy + + +-cidr comparisons ++noproxy and cidr comparisons + + + +--- a/tests/unit/unit1614.c ++++ b/tests/unit/unit1614.c +@@ -77,6 +77,20 @@ UNITTEST_START + { NULL, NULL, 0, FALSE} /* end marker */ + }; + struct noproxy list[]= { ++ { "127.0.0.1", "127.0.0.1,localhost", TRUE}, ++ { "127.0.0.1", "127.0.0.1,localhost,", TRUE}, ++ { "127.0.0.1", "127.0.0.1/8,localhost,", TRUE}, ++ { "127.0.0.1", "127.0.0.1/28,localhost,", TRUE}, ++ { "127.0.0.1", "127.0.0.1/31,localhost,", TRUE}, ++ { "127.0.0.1", "localhost,127.0.0.1", TRUE}, ++ { "127.0.0.1", "localhost,127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1." ++ "127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127." ++ "0.0.1.127.0.0.1.127.0.0." /* 128 bytes "address" */, FALSE}, ++ { "127.0.0.1", "localhost,127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1." ++ "127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127." ++ "0.0.1.127.0.0.1.127.0.0" /* 127 bytes "address" */, FALSE}, ++ { "localhost", "localhost,127.0.0.1", TRUE}, ++ { "localhost", "127.0.0.1,localhost", TRUE}, + { "foobar", "barfoo", FALSE}, + { "foobar", "foobar", TRUE}, + { "192.168.0.1", "foobar", FALSE}, + diff --git a/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-7.86.0-proxy-noproxy-tailmatching.patch b/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-7.86.0-proxy-noproxy-tailmatching.patch new file mode 100644 index 0000000000..15f5e64c91 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-7.86.0-proxy-noproxy-tailmatching.patch @@ -0,0 +1,66 @@ +https://bugs.gentoo.org/878365#c2 +https://github.com/curl/curl/issues/9821 +https://github.com/curl/curl/commit/b830f9ba9e94acf672cd191993ff679fa888838b + +From b830f9ba9e94acf672cd191993ff679fa888838b Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Fri, 28 Oct 2022 10:51:49 +0200 +Subject: [PATCH] noproxy: fix tail-matching + +Also ignore trailing dots in both host name and comparison pattern. + +Regression in 7.86.0 (from 1e9a538e05c0) + +Extended test 1614 to verify better. + +Reported-by: Henning Schild +Fixes #9821 +Closes #9822 +--- a/lib/noproxy.c ++++ b/lib/noproxy.c +@@ -153,9 +153,14 @@ bool Curl_check_noproxy(const char *name, const char *no_proxy) + } + else { + unsigned int address; ++ namelen = strlen(name); + if(1 == Curl_inet_pton(AF_INET, name, &address)) + type = TYPE_IPV4; +- namelen = strlen(name); ++ else { ++ /* ignore trailing dots in the host name */ ++ if(name[namelen - 1] == '.') ++ namelen--; ++ } + } + + while(*p) { +@@ -177,12 +182,23 @@ bool Curl_check_noproxy(const char *name, const char *no_proxy) + if(tokenlen) { + switch(type) { + case TYPE_HOST: +- if(*token == '.') { +- ++token; +- --tokenlen; +- /* tailmatch */ +- match = (tokenlen <= namelen) && +- strncasecompare(token, name + (namelen - tokenlen), namelen); ++ /* ignore trailing dots in the token to check */ ++ if(token[tokenlen - 1] == '.') ++ tokenlen--; ++ ++ if(tokenlen && (*token == '.')) { ++ /* A: example.com matches '.example.com' ++ B: www.example.com matches '.example.com' ++ C: nonexample.com DOES NOT match '.example.com' ++ */ ++ if((tokenlen - 1) == namelen) ++ /* case A, exact match without leading dot */ ++ match = strncasecompare(token + 1, name, namelen); ++ else if(tokenlen < namelen) ++ /* case B, tailmatch with leading dot */ ++ match = strncasecompare(token, name + (namelen - tokenlen), ++ tokenlen); ++ /* case C passes through, not a match */ + } + else + match = (tokenlen == namelen) && diff --git a/sdk_container/src/third_party/portage-stable/net-misc/curl/metadata.xml b/sdk_container/src/third_party/portage-stable/net-misc/curl/metadata.xml index a6e835644b..1ed68e6f53 100644 --- a/sdk_container/src/third_party/portage-stable/net-misc/curl/metadata.xml +++ b/sdk_container/src/third_party/portage-stable/net-misc/curl/metadata.xml @@ -28,7 +28,7 @@ Support for the old/insecure SSLv3 protocol Enable Telnet protocol support Enable TFTP support - Enable winssl ssl backend + Enable websockets support Enable zstd compression