mirror of
https://github.com/flatcar/scripts.git
synced 2025-08-15 08:56:58 +02:00
net-misc/curl: Sync with Gentoo
It's from Gentoo commit 261b72f05a316d2a9b860315af4b1316b328d7f3.
This commit is contained in:
parent
0b370ec628
commit
1b09ef3efa
@ -1,8 +1,6 @@
|
||||
DIST curl-7.79.1.tar.xz 2465212 BLAKE2B 2b694f96661c0aa0a136fdae4159e0ca8e811557c5a1f0b47cccaaad122f3ddbdaa6450c3835290955baf9357e872ee105a8cb0912064af3d3e38d16beb124ad SHA512 1edb71647a7f4dbb070baf1a019b4751aefeda793ff523c504410bb5cc74e5bffc52f20dd889697d1585f9ca3c4e81b1a9caadd182c30c8358ffd25f33e4db4d
|
||||
DIST curl-7.79.1.tar.xz.asc 488 BLAKE2B cf1864b15ee4b47a61a03968c4fd9526d4c8d0c5a8a0a1357de61758640e6dfda57334df1e63afd94c0064b7e61527623dd20446b27fa0130e0bf92c647d9820 SHA512 4f7930fde0a21358cf0bd8d5cbde5a05efc34202265b4744e59f49d9dc269987f47b4ead77c33e2ae03acabd7b6d6a731c69b91999eea70542f49d9ea0c2ba94
|
||||
DIST curl-7.83.1.tar.xz 2474940 BLAKE2B 491427b12f082c2246ef6cb2a129340079db28bd93b4381889e7328bef1d61a79bb57cba4b8372759baa4f6e77644966ed95cfa8f839ee9db634786757fb1ce0 SHA512 2f63327d6d3687ba36fb7b8d5d3d15599eca33ebfb08681613612ea9c4b629d3b6ce4d2742fa1ebd7a997ed332001d3a4c798985f9277c83b9e7a9aecdb1b1ee
|
||||
DIST curl-7.83.1.tar.xz.asc 488 BLAKE2B 78f7a6d9a32cab97e9ce26430eb2be2bc4e20552cf8c59238f30f127e9d7af5b4f9808c3fe0846c18c8f7a67b49f2f75d865d17b7760bb664872934799949441 SHA512 f0d29de315488c844eb81ed5a89ed6334910970224c8cac43e7e6f2d58c35ad0064c0b6122e69b3a34ce91f4b56873c63e2e8aea1c602ef40711bfd62a01b191
|
||||
DIST curl-7.84.0.tar.xz 2477944 BLAKE2B 811a63285f39a598bc4fd73ae4b8e23e5146b93dcf3eea805345792b7dddd85bbd54240d9871a0dc9f058d58fd7ea7f4efbcb82727218e8afaaae3600bad55e1 SHA512 86231866a35593a1637fbc0c6af3b6761bdfd99fb35580cc52970c36f19604f93dce59fea67a1d5bb4b455f719307599c7916c77d14f2b661f6bf7fb1ca716ce
|
||||
DIST curl-7.84.0.tar.xz.asc 488 BLAKE2B d74dea89fa89b6ed0a928e01987669f7dde0bcbb30423ea0f3af9f31eea1e059d458629d80455d772264d744fab236d4f506545afa1bfbd6ded7e2b27192a7c8 SHA512 80ff5274277ad97448fa53511bab6e8a1c302bcb25fc0916d78b8dc6c6af43d944c37c4ed46668b651cc639ec4964780725117ca0e85168ea66ad7cc98d29702
|
||||
DIST curl-7.85.0.tar.xz 2480648 BLAKE2B 7d0e0212541c05352040391b400e0314e0d38a96b199dfd70ccaaca3fd7f809b7ed96b877c4663c06fc05c483468521458255dcf025226f1bdf4d6c9dd9b8873 SHA512 b57cc31649a4f47cc4b482f56a85c86c8e8aaeaf01bc1b51b065fdb9145a9092bc52535e52a85a66432eb163605b2edbf5bc5c33ea6e40e50f26a69ad1365cbd
|
||||
DIST curl-7.85.0.tar.xz.asc 488 BLAKE2B 8fb84955ee458af7f2cecef4b48c5375db2e8179e5c17a5215a4a92e28e5ec7dd59a9dc057563643016c683e547a04c494276e16d113dbd498f94b7a7183e1e3 SHA512 7022daf84b330b24112d595edee715cdeb881a4ba8a4fa7eec23aed28292e5d943af778f03aadd036d44d875f9e226096ea142d18afe516b6bdbd475fcd3aca6
|
||||
DIST curl-7.86.0.tar.xz 2518356 BLAKE2B a1de7feb229de42bf1deeb5017f97df3b1c10c75fac99bcd0cd21a5dc69b6d8b62520744106d6a113c7a86bd6731dba536a263aabfa22be50d520c43e894acce SHA512 18e03a3c00f22125e07bddb18becbf5acdca22baeb7b29f45ef189a5c56f95b2d51247813f7a9a90f04eb051739e9aa7d3a1c5be397bae75d763a2b918d1b656
|
||||
DIST curl-7.86.0.tar.xz.asc 488 BLAKE2B a9abe2f3af801b3a48be7db09cb82b6bb83bd26a9d5caf51c0d5a4a2e6881fb478f1768a6b71efbd9283563e2c7e2badbc5a6d6df265013e14eee2ec7e9be148 SHA512 9e97d5f44b3c856f401fe30ba713e1ca1f74edfc693dc42f1ce8e43f9f6dd4bf6998c579bc9c5d0f749f475a7d67d232e92ab6f89b95141acdb53e149f2312f0
|
||||
|
@ -12,7 +12,7 @@ SRC_URI="https://curl.haxx.se/download/${P}.tar.xz
|
||||
|
||||
LICENSE="curl"
|
||||
SLOT="0"
|
||||
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
|
||||
KEYWORDS="~alpha ~amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
|
||||
IUSE="+adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap ipv6 kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp samba +smtp ssh ssl sslv3 static-libs test telnet +tftp zstd"
|
||||
IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl"
|
||||
IUSE+=" nghttp3 quiche"
|
||||
@ -58,7 +58,7 @@ RDEPEND="ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] )
|
||||
net-libs/nghttp3[${MULTILIB_USEDEP}]
|
||||
net-libs/ngtcp2[ssl,${MULTILIB_USEDEP}]
|
||||
)
|
||||
quiche? ( >=net-libs/quiche-0.3.0[${MULTILIB_USEDEP}] )
|
||||
quiche? ( >=net-libs/quiche-0.15.0[${MULTILIB_USEDEP}] )
|
||||
idn? ( net-dns/libidn2:0=[static-libs?,${MULTILIB_USEDEP}] )
|
||||
adns? ( net-dns/c-ares:0=[${MULTILIB_USEDEP}] )
|
||||
kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
|
||||
|
@ -1,7 +1,7 @@
|
||||
# Copyright 1999-2022 Gentoo Authors
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
|
||||
EAPI="7"
|
||||
EAPI="8"
|
||||
|
||||
inherit autotools prefix multilib-minimal verify-sig
|
||||
|
||||
@ -12,24 +12,20 @@ SRC_URI="https://curl.haxx.se/download/${P}.tar.xz
|
||||
|
||||
LICENSE="curl"
|
||||
SLOT="0"
|
||||
KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
|
||||
IUSE="adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap ipv6 kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp samba +smtp ssh ssl sslv3 static-libs test telnet +tftp threads winssl zstd"
|
||||
IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_winssl"
|
||||
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
|
||||
IUSE="+adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap ipv6 kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd"
|
||||
IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl"
|
||||
IUSE+=" nghttp3 quiche"
|
||||
VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/danielstenberg.asc
|
||||
|
||||
# c-ares must be disabled for threads
|
||||
# only one default ssl provider can be enabled
|
||||
# Only one default ssl provider can be enabled
|
||||
REQUIRED_USE="
|
||||
winssl? ( elibc_Winnt )
|
||||
threads? ( !adns )
|
||||
ssl? (
|
||||
^^ (
|
||||
curl_ssl_gnutls
|
||||
curl_ssl_mbedtls
|
||||
curl_ssl_nss
|
||||
curl_ssl_openssl
|
||||
curl_ssl_winssl
|
||||
)
|
||||
)"
|
||||
|
||||
@ -53,6 +49,7 @@ RDEPEND="ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] )
|
||||
)
|
||||
nss? (
|
||||
dev-libs/nss:0[${MULTILIB_USEDEP}]
|
||||
dev-libs/nss-pem
|
||||
app-misc/ca-certificates
|
||||
)
|
||||
)
|
||||
@ -77,15 +74,11 @@ RDEPEND="ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] )
|
||||
# curl_ssl_openssl? ( media-video/rtmpdump[-gnutls,ssl] )
|
||||
# )
|
||||
|
||||
# ssl providers to be added:
|
||||
# fbopenssl $(use_with spnego)
|
||||
|
||||
DEPEND="${RDEPEND}"
|
||||
BDEPEND="dev-lang/perl
|
||||
virtual/pkgconfig
|
||||
test? (
|
||||
sys-apps/diffutils
|
||||
dev-lang/perl
|
||||
)
|
||||
verify-sig? ( sec-keys/openpgp-keys-danielstenberg )"
|
||||
|
||||
@ -102,6 +95,8 @@ MULTILIB_CHOST_TOOLS=(
|
||||
PATCHES=(
|
||||
"${FILESDIR}"/${PN}-7.30.0-prefix.patch
|
||||
"${FILESDIR}"/${PN}-respect-cflags-3.patch
|
||||
"${FILESDIR}"/${P}-proxy-noproxy-tailmatching.patch
|
||||
"${FILESDIR}"/${P}-proxy-noproxy-match-comma.patch
|
||||
)
|
||||
|
||||
src_prepare() {
|
||||
@ -117,7 +112,7 @@ multilib_src_configure() {
|
||||
# TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
|
||||
local myconf=()
|
||||
|
||||
myconf+=( --without-gnutls --without-mbedtls --without-nss --without-polarssl --without-ssl --without-winssl )
|
||||
myconf+=( --without-gnutls --without-mbedtls --without-nss --without-ssl )
|
||||
myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
|
||||
#myconf+=( --without-default-ssl-backend )
|
||||
if use ssl ; then
|
||||
@ -131,16 +126,12 @@ multilib_src_configure() {
|
||||
fi
|
||||
if use nss || use curl_ssl_nss; then
|
||||
einfo "SSL provided by nss"
|
||||
myconf+=( --with-nss )
|
||||
myconf+=( --with-nss --with-nss-deprecated )
|
||||
fi
|
||||
if use openssl || use curl_ssl_openssl; then
|
||||
einfo "SSL provided by openssl"
|
||||
myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
|
||||
fi
|
||||
if use winssl || use curl_ssl_winssl; then
|
||||
einfo "SSL provided by Windows"
|
||||
myconf+=( --with-winssl )
|
||||
fi
|
||||
|
||||
if use curl_ssl_gnutls; then
|
||||
einfo "Default SSL provided by gnutls"
|
||||
@ -154,9 +145,6 @@ multilib_src_configure() {
|
||||
elif use curl_ssl_openssl; then
|
||||
einfo "Default SSL provided by openssl"
|
||||
myconf+=( --with-default-ssl-backend=openssl )
|
||||
elif use curl_ssl_winssl; then
|
||||
einfo "Default SSL provided by Windows"
|
||||
myconf+=( --with-default-ssl-backend=winssl )
|
||||
else
|
||||
eerror "We can't be here because of REQUIRED_USE."
|
||||
fi
|
||||
@ -204,7 +192,7 @@ multilib_src_configure() {
|
||||
--enable-dateparse
|
||||
--enable-dnsshuffle
|
||||
--enable-doh
|
||||
--enable-hidden-symbols
|
||||
--enable-symbol-hiding
|
||||
--enable-http-auth
|
||||
$(use_enable ipv6)
|
||||
--enable-largefile
|
||||
@ -215,13 +203,12 @@ multilib_src_configure() {
|
||||
--enable-proxy
|
||||
--disable-sspi
|
||||
$(use_enable static-libs static)
|
||||
$(use_enable threads threaded-resolver)
|
||||
$(use_enable threads pthreads)
|
||||
--enable-pthreads
|
||||
--enable-threaded-resolver
|
||||
--disable-versioned-symbols
|
||||
--without-amissl
|
||||
--without-bearssl
|
||||
$(use_with brotli)
|
||||
--without-cyassl
|
||||
--without-fish-functions-dir
|
||||
$(use_with http2 nghttp2)
|
||||
--without-hyper
|
||||
@ -229,6 +216,7 @@ multilib_src_configure() {
|
||||
$(use_with kerberos gssapi "${EPREFIX}"/usr)
|
||||
--without-libgsasl
|
||||
--without-libpsl
|
||||
--without-msh3
|
||||
$(use_with nghttp3)
|
||||
$(use_with nghttp3 ngtcp2)
|
||||
$(use_with quiche)
|
||||
@ -236,15 +224,14 @@ multilib_src_configure() {
|
||||
--without-rustls
|
||||
--without-schannel
|
||||
--without-secure-transport
|
||||
--without-spnego
|
||||
$(use_enable websockets)
|
||||
--without-winidn
|
||||
--without-wolfssl
|
||||
--with-zlib
|
||||
$(use_with zstd)
|
||||
)
|
||||
|
||||
ECONF_SOURCE="${S}" \
|
||||
econf "${myconf[@]}"
|
||||
ECONF_SOURCE="${S}" econf "${myconf[@]}"
|
||||
|
||||
if ! multilib_is_native_abi; then
|
||||
# avoid building the client
|
||||
@ -279,11 +266,20 @@ multilib_src_configure() {
|
||||
sed -i -r \
|
||||
-e "/^Libs.private/s:(${libs#|})( |$)::g" \
|
||||
libcurl.pc || die
|
||||
echo "Requires.private: ${priv[*]}" >> libcurl.pc
|
||||
echo "Requires.private: ${priv[*]}" >> libcurl.pc || die
|
||||
}
|
||||
|
||||
multilib_src_test() {
|
||||
multilib_is_native_abi && default_src_test
|
||||
# See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
|
||||
# -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
|
||||
# -v: verbose
|
||||
# -a: keep going on failure (so we see everything which breaks, not just 1st test)
|
||||
# -k: keep test files after completion
|
||||
# -am: automake style TAP output
|
||||
# -p: print logs if test fails
|
||||
# Note: if needed, we can disable tests. See e.g. Fedora's packaging
|
||||
# or just read https://github.com/curl/curl/tree/master/tests#run.
|
||||
multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p"
|
||||
}
|
||||
|
||||
multilib_src_install_all() {
|
@ -12,16 +12,14 @@ SRC_URI="https://curl.haxx.se/download/${P}.tar.xz
|
||||
|
||||
LICENSE="curl"
|
||||
SLOT="0"
|
||||
KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
|
||||
IUSE="adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap ipv6 kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp samba +smtp ssh ssl sslv3 static-libs test telnet +tftp threads zstd"
|
||||
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
|
||||
IUSE="+adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap ipv6 kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd"
|
||||
IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl"
|
||||
IUSE+=" nghttp3 quiche"
|
||||
VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/danielstenberg.asc
|
||||
|
||||
# c-ares must be disabled for threads
|
||||
# only one default ssl provider can be enabled
|
||||
# Only one default ssl provider can be enabled
|
||||
REQUIRED_USE="
|
||||
threads? ( !adns )
|
||||
ssl? (
|
||||
^^ (
|
||||
curl_ssl_gnutls
|
||||
@ -51,6 +49,7 @@ RDEPEND="ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] )
|
||||
)
|
||||
nss? (
|
||||
dev-libs/nss:0[${MULTILIB_USEDEP}]
|
||||
dev-libs/nss-pem
|
||||
app-misc/ca-certificates
|
||||
)
|
||||
)
|
||||
@ -202,8 +201,8 @@ multilib_src_configure() {
|
||||
--enable-proxy
|
||||
--disable-sspi
|
||||
$(use_enable static-libs static)
|
||||
$(use_enable threads threaded-resolver)
|
||||
$(use_enable threads pthreads)
|
||||
--enable-pthreads
|
||||
--enable-threaded-resolver
|
||||
--disable-versioned-symbols
|
||||
--without-amissl
|
||||
--without-bearssl
|
||||
@ -223,14 +222,14 @@ multilib_src_configure() {
|
||||
--without-rustls
|
||||
--without-schannel
|
||||
--without-secure-transport
|
||||
$(use_enable websockets)
|
||||
--without-winidn
|
||||
--without-wolfssl
|
||||
--with-zlib
|
||||
$(use_with zstd)
|
||||
)
|
||||
|
||||
ECONF_SOURCE="${S}" \
|
||||
econf "${myconf[@]}"
|
||||
ECONF_SOURCE="${S}" econf "${myconf[@]}"
|
||||
|
||||
if ! multilib_is_native_abi; then
|
||||
# avoid building the client
|
||||
@ -265,7 +264,7 @@ multilib_src_configure() {
|
||||
sed -i -r \
|
||||
-e "/^Libs.private/s:(${libs#|})( |$)::g" \
|
||||
libcurl.pc || die
|
||||
echo "Requires.private: ${priv[*]}" >> libcurl.pc
|
||||
echo "Requires.private: ${priv[*]}" >> libcurl.pc || die
|
||||
}
|
||||
|
||||
multilib_src_test() {
|
@ -0,0 +1,86 @@
|
||||
https://bugs.gentoo.org/878365#c2
|
||||
https://github.com/curl/curl/issues/9813
|
||||
https://github.com/curl/curl/commit/efc286b7a62af0568fdcbf3c68791c9955182128
|
||||
|
||||
From efc286b7a62af0568fdcbf3c68791c9955182128 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Stenberg <daniel@haxx.se>
|
||||
Date: Thu, 27 Oct 2022 13:54:27 +0200
|
||||
Subject: [PATCH] noproxy: also match with adjacent comma
|
||||
|
||||
If the host name is an IP address and the noproxy string contained that
|
||||
IP address with a following comma, it would erroneously not match.
|
||||
|
||||
Extended test 1614 to verify this combo as well.
|
||||
|
||||
Reported-by: Henning Schild
|
||||
|
||||
Fixes #9813
|
||||
Closes #9814
|
||||
--- a/lib/noproxy.c
|
||||
+++ b/lib/noproxy.c
|
||||
@@ -192,18 +192,22 @@ bool Curl_check_noproxy(const char *name, const char *no_proxy)
|
||||
/* FALLTHROUGH */
|
||||
case TYPE_IPV6: {
|
||||
const char *check = token;
|
||||
- char *slash = strchr(check, '/');
|
||||
+ char *slash;
|
||||
unsigned int bits = 0;
|
||||
char checkip[128];
|
||||
+ if(tokenlen >= sizeof(checkip))
|
||||
+ /* this cannot match */
|
||||
+ break;
|
||||
+ /* copy the check name to a temp buffer */
|
||||
+ memcpy(checkip, check, tokenlen);
|
||||
+ checkip[tokenlen] = 0;
|
||||
+ check = checkip;
|
||||
+
|
||||
+ slash = strchr(check, '/');
|
||||
/* if the slash is part of this token, use it */
|
||||
- if(slash && (slash < &check[tokenlen])) {
|
||||
+ if(slash) {
|
||||
bits = atoi(slash + 1);
|
||||
- /* copy the check name to a temp buffer */
|
||||
- if(tokenlen >= sizeof(checkip))
|
||||
- break;
|
||||
- memcpy(checkip, check, tokenlen);
|
||||
- checkip[ slash - check ] = 0;
|
||||
- check = checkip;
|
||||
+ *slash = 0; /* null terminate there */
|
||||
}
|
||||
if(type == TYPE_IPV6)
|
||||
match = Curl_cidr6_match(name, check, bits);
|
||||
--- a/tests/data/test1614
|
||||
+++ b/tests/data/test1614
|
||||
@@ -16,7 +16,7 @@ unittest
|
||||
proxy
|
||||
</features>
|
||||
<name>
|
||||
-cidr comparisons
|
||||
+noproxy and cidr comparisons
|
||||
</name>
|
||||
</client>
|
||||
<errorcode>
|
||||
--- a/tests/unit/unit1614.c
|
||||
+++ b/tests/unit/unit1614.c
|
||||
@@ -77,6 +77,20 @@ UNITTEST_START
|
||||
{ NULL, NULL, 0, FALSE} /* end marker */
|
||||
};
|
||||
struct noproxy list[]= {
|
||||
+ { "127.0.0.1", "127.0.0.1,localhost", TRUE},
|
||||
+ { "127.0.0.1", "127.0.0.1,localhost,", TRUE},
|
||||
+ { "127.0.0.1", "127.0.0.1/8,localhost,", TRUE},
|
||||
+ { "127.0.0.1", "127.0.0.1/28,localhost,", TRUE},
|
||||
+ { "127.0.0.1", "127.0.0.1/31,localhost,", TRUE},
|
||||
+ { "127.0.0.1", "localhost,127.0.0.1", TRUE},
|
||||
+ { "127.0.0.1", "localhost,127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1."
|
||||
+ "127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127."
|
||||
+ "0.0.1.127.0.0.1.127.0.0." /* 128 bytes "address" */, FALSE},
|
||||
+ { "127.0.0.1", "localhost,127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1."
|
||||
+ "127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127."
|
||||
+ "0.0.1.127.0.0.1.127.0.0" /* 127 bytes "address" */, FALSE},
|
||||
+ { "localhost", "localhost,127.0.0.1", TRUE},
|
||||
+ { "localhost", "127.0.0.1,localhost", TRUE},
|
||||
{ "foobar", "barfoo", FALSE},
|
||||
{ "foobar", "foobar", TRUE},
|
||||
{ "192.168.0.1", "foobar", FALSE},
|
||||
|
@ -0,0 +1,66 @@
|
||||
https://bugs.gentoo.org/878365#c2
|
||||
https://github.com/curl/curl/issues/9821
|
||||
https://github.com/curl/curl/commit/b830f9ba9e94acf672cd191993ff679fa888838b
|
||||
|
||||
From b830f9ba9e94acf672cd191993ff679fa888838b Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Stenberg <daniel@haxx.se>
|
||||
Date: Fri, 28 Oct 2022 10:51:49 +0200
|
||||
Subject: [PATCH] noproxy: fix tail-matching
|
||||
|
||||
Also ignore trailing dots in both host name and comparison pattern.
|
||||
|
||||
Regression in 7.86.0 (from 1e9a538e05c0)
|
||||
|
||||
Extended test 1614 to verify better.
|
||||
|
||||
Reported-by: Henning Schild
|
||||
Fixes #9821
|
||||
Closes #9822
|
||||
--- a/lib/noproxy.c
|
||||
+++ b/lib/noproxy.c
|
||||
@@ -153,9 +153,14 @@ bool Curl_check_noproxy(const char *name, const char *no_proxy)
|
||||
}
|
||||
else {
|
||||
unsigned int address;
|
||||
+ namelen = strlen(name);
|
||||
if(1 == Curl_inet_pton(AF_INET, name, &address))
|
||||
type = TYPE_IPV4;
|
||||
- namelen = strlen(name);
|
||||
+ else {
|
||||
+ /* ignore trailing dots in the host name */
|
||||
+ if(name[namelen - 1] == '.')
|
||||
+ namelen--;
|
||||
+ }
|
||||
}
|
||||
|
||||
while(*p) {
|
||||
@@ -177,12 +182,23 @@ bool Curl_check_noproxy(const char *name, const char *no_proxy)
|
||||
if(tokenlen) {
|
||||
switch(type) {
|
||||
case TYPE_HOST:
|
||||
- if(*token == '.') {
|
||||
- ++token;
|
||||
- --tokenlen;
|
||||
- /* tailmatch */
|
||||
- match = (tokenlen <= namelen) &&
|
||||
- strncasecompare(token, name + (namelen - tokenlen), namelen);
|
||||
+ /* ignore trailing dots in the token to check */
|
||||
+ if(token[tokenlen - 1] == '.')
|
||||
+ tokenlen--;
|
||||
+
|
||||
+ if(tokenlen && (*token == '.')) {
|
||||
+ /* A: example.com matches '.example.com'
|
||||
+ B: www.example.com matches '.example.com'
|
||||
+ C: nonexample.com DOES NOT match '.example.com'
|
||||
+ */
|
||||
+ if((tokenlen - 1) == namelen)
|
||||
+ /* case A, exact match without leading dot */
|
||||
+ match = strncasecompare(token + 1, name, namelen);
|
||||
+ else if(tokenlen < namelen)
|
||||
+ /* case B, tailmatch with leading dot */
|
||||
+ match = strncasecompare(token, name + (namelen - tokenlen),
|
||||
+ tokenlen);
|
||||
+ /* case C passes through, not a match */
|
||||
}
|
||||
else
|
||||
match = (tokenlen == namelen) &&
|
@ -28,7 +28,7 @@
|
||||
<flag name="sslv3">Support for the old/insecure SSLv3 protocol</flag>
|
||||
<flag name="telnet">Enable Telnet protocol support</flag>
|
||||
<flag name="tftp">Enable TFTP support</flag>
|
||||
<flag name="winssl">Enable winssl ssl backend</flag>
|
||||
<flag name="websockets">Enable websockets support</flag>
|
||||
<flag name="zstd">Enable zstd compression</flag>
|
||||
</use>
|
||||
<upstream>
|
||||
|
Loading…
Reference in New Issue
Block a user