net-misc/curl: Sync with Gentoo

It's from Gentoo commit 261b72f05a316d2a9b860315af4b1316b328d7f3.
This commit is contained in:
Flatcar Buildbot 2022-10-31 07:18:05 +00:00 committed by Krzesimir Nowak
parent 0b370ec628
commit 1b09ef3efa
7 changed files with 193 additions and 48 deletions

View File

@ -1,8 +1,6 @@
DIST curl-7.79.1.tar.xz 2465212 BLAKE2B 2b694f96661c0aa0a136fdae4159e0ca8e811557c5a1f0b47cccaaad122f3ddbdaa6450c3835290955baf9357e872ee105a8cb0912064af3d3e38d16beb124ad SHA512 1edb71647a7f4dbb070baf1a019b4751aefeda793ff523c504410bb5cc74e5bffc52f20dd889697d1585f9ca3c4e81b1a9caadd182c30c8358ffd25f33e4db4d
DIST curl-7.79.1.tar.xz.asc 488 BLAKE2B cf1864b15ee4b47a61a03968c4fd9526d4c8d0c5a8a0a1357de61758640e6dfda57334df1e63afd94c0064b7e61527623dd20446b27fa0130e0bf92c647d9820 SHA512 4f7930fde0a21358cf0bd8d5cbde5a05efc34202265b4744e59f49d9dc269987f47b4ead77c33e2ae03acabd7b6d6a731c69b91999eea70542f49d9ea0c2ba94
DIST curl-7.83.1.tar.xz 2474940 BLAKE2B 491427b12f082c2246ef6cb2a129340079db28bd93b4381889e7328bef1d61a79bb57cba4b8372759baa4f6e77644966ed95cfa8f839ee9db634786757fb1ce0 SHA512 2f63327d6d3687ba36fb7b8d5d3d15599eca33ebfb08681613612ea9c4b629d3b6ce4d2742fa1ebd7a997ed332001d3a4c798985f9277c83b9e7a9aecdb1b1ee
DIST curl-7.83.1.tar.xz.asc 488 BLAKE2B 78f7a6d9a32cab97e9ce26430eb2be2bc4e20552cf8c59238f30f127e9d7af5b4f9808c3fe0846c18c8f7a67b49f2f75d865d17b7760bb664872934799949441 SHA512 f0d29de315488c844eb81ed5a89ed6334910970224c8cac43e7e6f2d58c35ad0064c0b6122e69b3a34ce91f4b56873c63e2e8aea1c602ef40711bfd62a01b191
DIST curl-7.84.0.tar.xz 2477944 BLAKE2B 811a63285f39a598bc4fd73ae4b8e23e5146b93dcf3eea805345792b7dddd85bbd54240d9871a0dc9f058d58fd7ea7f4efbcb82727218e8afaaae3600bad55e1 SHA512 86231866a35593a1637fbc0c6af3b6761bdfd99fb35580cc52970c36f19604f93dce59fea67a1d5bb4b455f719307599c7916c77d14f2b661f6bf7fb1ca716ce
DIST curl-7.84.0.tar.xz.asc 488 BLAKE2B d74dea89fa89b6ed0a928e01987669f7dde0bcbb30423ea0f3af9f31eea1e059d458629d80455d772264d744fab236d4f506545afa1bfbd6ded7e2b27192a7c8 SHA512 80ff5274277ad97448fa53511bab6e8a1c302bcb25fc0916d78b8dc6c6af43d944c37c4ed46668b651cc639ec4964780725117ca0e85168ea66ad7cc98d29702
DIST curl-7.85.0.tar.xz 2480648 BLAKE2B 7d0e0212541c05352040391b400e0314e0d38a96b199dfd70ccaaca3fd7f809b7ed96b877c4663c06fc05c483468521458255dcf025226f1bdf4d6c9dd9b8873 SHA512 b57cc31649a4f47cc4b482f56a85c86c8e8aaeaf01bc1b51b065fdb9145a9092bc52535e52a85a66432eb163605b2edbf5bc5c33ea6e40e50f26a69ad1365cbd
DIST curl-7.85.0.tar.xz.asc 488 BLAKE2B 8fb84955ee458af7f2cecef4b48c5375db2e8179e5c17a5215a4a92e28e5ec7dd59a9dc057563643016c683e547a04c494276e16d113dbd498f94b7a7183e1e3 SHA512 7022daf84b330b24112d595edee715cdeb881a4ba8a4fa7eec23aed28292e5d943af778f03aadd036d44d875f9e226096ea142d18afe516b6bdbd475fcd3aca6
DIST curl-7.86.0.tar.xz 2518356 BLAKE2B a1de7feb229de42bf1deeb5017f97df3b1c10c75fac99bcd0cd21a5dc69b6d8b62520744106d6a113c7a86bd6731dba536a263aabfa22be50d520c43e894acce SHA512 18e03a3c00f22125e07bddb18becbf5acdca22baeb7b29f45ef189a5c56f95b2d51247813f7a9a90f04eb051739e9aa7d3a1c5be397bae75d763a2b918d1b656
DIST curl-7.86.0.tar.xz.asc 488 BLAKE2B a9abe2f3af801b3a48be7db09cb82b6bb83bd26a9d5caf51c0d5a4a2e6881fb478f1768a6b71efbd9283563e2c7e2badbc5a6d6df265013e14eee2ec7e9be148 SHA512 9e97d5f44b3c856f401fe30ba713e1ca1f74edfc693dc42f1ce8e43f9f6dd4bf6998c579bc9c5d0f749f475a7d67d232e92ab6f89b95141acdb53e149f2312f0

View File

@ -12,7 +12,7 @@ SRC_URI="https://curl.haxx.se/download/${P}.tar.xz
LICENSE="curl"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
KEYWORDS="~alpha ~amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
IUSE="+adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap ipv6 kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp samba +smtp ssh ssl sslv3 static-libs test telnet +tftp zstd"
IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl"
IUSE+=" nghttp3 quiche"
@ -58,7 +58,7 @@ RDEPEND="ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] )
net-libs/nghttp3[${MULTILIB_USEDEP}]
net-libs/ngtcp2[ssl,${MULTILIB_USEDEP}]
)
quiche? ( >=net-libs/quiche-0.3.0[${MULTILIB_USEDEP}] )
quiche? ( >=net-libs/quiche-0.15.0[${MULTILIB_USEDEP}] )
idn? ( net-dns/libidn2:0=[static-libs?,${MULTILIB_USEDEP}] )
adns? ( net-dns/c-ares:0=[${MULTILIB_USEDEP}] )
kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )

View File

@ -1,7 +1,7 @@
# Copyright 1999-2022 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
EAPI="8"
inherit autotools prefix multilib-minimal verify-sig
@ -12,24 +12,20 @@ SRC_URI="https://curl.haxx.se/download/${P}.tar.xz
LICENSE="curl"
SLOT="0"
KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
IUSE="adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap ipv6 kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp samba +smtp ssh ssl sslv3 static-libs test telnet +tftp threads winssl zstd"
IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_winssl"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
IUSE="+adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap ipv6 kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd"
IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl"
IUSE+=" nghttp3 quiche"
VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/danielstenberg.asc
# c-ares must be disabled for threads
# only one default ssl provider can be enabled
# Only one default ssl provider can be enabled
REQUIRED_USE="
winssl? ( elibc_Winnt )
threads? ( !adns )
ssl? (
^^ (
curl_ssl_gnutls
curl_ssl_mbedtls
curl_ssl_nss
curl_ssl_openssl
curl_ssl_winssl
)
)"
@ -53,6 +49,7 @@ RDEPEND="ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] )
)
nss? (
dev-libs/nss:0[${MULTILIB_USEDEP}]
dev-libs/nss-pem
app-misc/ca-certificates
)
)
@ -77,15 +74,11 @@ RDEPEND="ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] )
# curl_ssl_openssl? ( media-video/rtmpdump[-gnutls,ssl] )
# )
# ssl providers to be added:
# fbopenssl $(use_with spnego)
DEPEND="${RDEPEND}"
BDEPEND="dev-lang/perl
virtual/pkgconfig
test? (
sys-apps/diffutils
dev-lang/perl
)
verify-sig? ( sec-keys/openpgp-keys-danielstenberg )"
@ -102,6 +95,8 @@ MULTILIB_CHOST_TOOLS=(
PATCHES=(
"${FILESDIR}"/${PN}-7.30.0-prefix.patch
"${FILESDIR}"/${PN}-respect-cflags-3.patch
"${FILESDIR}"/${P}-proxy-noproxy-tailmatching.patch
"${FILESDIR}"/${P}-proxy-noproxy-match-comma.patch
)
src_prepare() {
@ -117,7 +112,7 @@ multilib_src_configure() {
# TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
local myconf=()
myconf+=( --without-gnutls --without-mbedtls --without-nss --without-polarssl --without-ssl --without-winssl )
myconf+=( --without-gnutls --without-mbedtls --without-nss --without-ssl )
myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
#myconf+=( --without-default-ssl-backend )
if use ssl ; then
@ -131,16 +126,12 @@ multilib_src_configure() {
fi
if use nss || use curl_ssl_nss; then
einfo "SSL provided by nss"
myconf+=( --with-nss )
myconf+=( --with-nss --with-nss-deprecated )
fi
if use openssl || use curl_ssl_openssl; then
einfo "SSL provided by openssl"
myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
fi
if use winssl || use curl_ssl_winssl; then
einfo "SSL provided by Windows"
myconf+=( --with-winssl )
fi
if use curl_ssl_gnutls; then
einfo "Default SSL provided by gnutls"
@ -154,9 +145,6 @@ multilib_src_configure() {
elif use curl_ssl_openssl; then
einfo "Default SSL provided by openssl"
myconf+=( --with-default-ssl-backend=openssl )
elif use curl_ssl_winssl; then
einfo "Default SSL provided by Windows"
myconf+=( --with-default-ssl-backend=winssl )
else
eerror "We can't be here because of REQUIRED_USE."
fi
@ -204,7 +192,7 @@ multilib_src_configure() {
--enable-dateparse
--enable-dnsshuffle
--enable-doh
--enable-hidden-symbols
--enable-symbol-hiding
--enable-http-auth
$(use_enable ipv6)
--enable-largefile
@ -215,13 +203,12 @@ multilib_src_configure() {
--enable-proxy
--disable-sspi
$(use_enable static-libs static)
$(use_enable threads threaded-resolver)
$(use_enable threads pthreads)
--enable-pthreads
--enable-threaded-resolver
--disable-versioned-symbols
--without-amissl
--without-bearssl
$(use_with brotli)
--without-cyassl
--without-fish-functions-dir
$(use_with http2 nghttp2)
--without-hyper
@ -229,6 +216,7 @@ multilib_src_configure() {
$(use_with kerberos gssapi "${EPREFIX}"/usr)
--without-libgsasl
--without-libpsl
--without-msh3
$(use_with nghttp3)
$(use_with nghttp3 ngtcp2)
$(use_with quiche)
@ -236,15 +224,14 @@ multilib_src_configure() {
--without-rustls
--without-schannel
--without-secure-transport
--without-spnego
$(use_enable websockets)
--without-winidn
--without-wolfssl
--with-zlib
$(use_with zstd)
)
ECONF_SOURCE="${S}" \
econf "${myconf[@]}"
ECONF_SOURCE="${S}" econf "${myconf[@]}"
if ! multilib_is_native_abi; then
# avoid building the client
@ -279,11 +266,20 @@ multilib_src_configure() {
sed -i -r \
-e "/^Libs.private/s:(${libs#|})( |$)::g" \
libcurl.pc || die
echo "Requires.private: ${priv[*]}" >> libcurl.pc
echo "Requires.private: ${priv[*]}" >> libcurl.pc || die
}
multilib_src_test() {
multilib_is_native_abi && default_src_test
# See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
# -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
# -v: verbose
# -a: keep going on failure (so we see everything which breaks, not just 1st test)
# -k: keep test files after completion
# -am: automake style TAP output
# -p: print logs if test fails
# Note: if needed, we can disable tests. See e.g. Fedora's packaging
# or just read https://github.com/curl/curl/tree/master/tests#run.
multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p"
}
multilib_src_install_all() {

View File

@ -12,16 +12,14 @@ SRC_URI="https://curl.haxx.se/download/${P}.tar.xz
LICENSE="curl"
SLOT="0"
KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
IUSE="adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap ipv6 kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp samba +smtp ssh ssl sslv3 static-libs test telnet +tftp threads zstd"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
IUSE="+adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap ipv6 kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd"
IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl"
IUSE+=" nghttp3 quiche"
VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/danielstenberg.asc
# c-ares must be disabled for threads
# only one default ssl provider can be enabled
# Only one default ssl provider can be enabled
REQUIRED_USE="
threads? ( !adns )
ssl? (
^^ (
curl_ssl_gnutls
@ -51,6 +49,7 @@ RDEPEND="ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] )
)
nss? (
dev-libs/nss:0[${MULTILIB_USEDEP}]
dev-libs/nss-pem
app-misc/ca-certificates
)
)
@ -202,8 +201,8 @@ multilib_src_configure() {
--enable-proxy
--disable-sspi
$(use_enable static-libs static)
$(use_enable threads threaded-resolver)
$(use_enable threads pthreads)
--enable-pthreads
--enable-threaded-resolver
--disable-versioned-symbols
--without-amissl
--without-bearssl
@ -223,14 +222,14 @@ multilib_src_configure() {
--without-rustls
--without-schannel
--without-secure-transport
$(use_enable websockets)
--without-winidn
--without-wolfssl
--with-zlib
$(use_with zstd)
)
ECONF_SOURCE="${S}" \
econf "${myconf[@]}"
ECONF_SOURCE="${S}" econf "${myconf[@]}"
if ! multilib_is_native_abi; then
# avoid building the client
@ -265,7 +264,7 @@ multilib_src_configure() {
sed -i -r \
-e "/^Libs.private/s:(${libs#|})( |$)::g" \
libcurl.pc || die
echo "Requires.private: ${priv[*]}" >> libcurl.pc
echo "Requires.private: ${priv[*]}" >> libcurl.pc || die
}
multilib_src_test() {

View File

@ -0,0 +1,86 @@
https://bugs.gentoo.org/878365#c2
https://github.com/curl/curl/issues/9813
https://github.com/curl/curl/commit/efc286b7a62af0568fdcbf3c68791c9955182128
From efc286b7a62af0568fdcbf3c68791c9955182128 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 27 Oct 2022 13:54:27 +0200
Subject: [PATCH] noproxy: also match with adjacent comma
If the host name is an IP address and the noproxy string contained that
IP address with a following comma, it would erroneously not match.
Extended test 1614 to verify this combo as well.
Reported-by: Henning Schild
Fixes #9813
Closes #9814
--- a/lib/noproxy.c
+++ b/lib/noproxy.c
@@ -192,18 +192,22 @@ bool Curl_check_noproxy(const char *name, const char *no_proxy)
/* FALLTHROUGH */
case TYPE_IPV6: {
const char *check = token;
- char *slash = strchr(check, '/');
+ char *slash;
unsigned int bits = 0;
char checkip[128];
+ if(tokenlen >= sizeof(checkip))
+ /* this cannot match */
+ break;
+ /* copy the check name to a temp buffer */
+ memcpy(checkip, check, tokenlen);
+ checkip[tokenlen] = 0;
+ check = checkip;
+
+ slash = strchr(check, '/');
/* if the slash is part of this token, use it */
- if(slash && (slash < &check[tokenlen])) {
+ if(slash) {
bits = atoi(slash + 1);
- /* copy the check name to a temp buffer */
- if(tokenlen >= sizeof(checkip))
- break;
- memcpy(checkip, check, tokenlen);
- checkip[ slash - check ] = 0;
- check = checkip;
+ *slash = 0; /* null terminate there */
}
if(type == TYPE_IPV6)
match = Curl_cidr6_match(name, check, bits);
--- a/tests/data/test1614
+++ b/tests/data/test1614
@@ -16,7 +16,7 @@ unittest
proxy
</features>
<name>
-cidr comparisons
+noproxy and cidr comparisons
</name>
</client>
<errorcode>
--- a/tests/unit/unit1614.c
+++ b/tests/unit/unit1614.c
@@ -77,6 +77,20 @@ UNITTEST_START
{ NULL, NULL, 0, FALSE} /* end marker */
};
struct noproxy list[]= {
+ { "127.0.0.1", "127.0.0.1,localhost", TRUE},
+ { "127.0.0.1", "127.0.0.1,localhost,", TRUE},
+ { "127.0.0.1", "127.0.0.1/8,localhost,", TRUE},
+ { "127.0.0.1", "127.0.0.1/28,localhost,", TRUE},
+ { "127.0.0.1", "127.0.0.1/31,localhost,", TRUE},
+ { "127.0.0.1", "localhost,127.0.0.1", TRUE},
+ { "127.0.0.1", "localhost,127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1."
+ "127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127."
+ "0.0.1.127.0.0.1.127.0.0." /* 128 bytes "address" */, FALSE},
+ { "127.0.0.1", "localhost,127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1."
+ "127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127."
+ "0.0.1.127.0.0.1.127.0.0" /* 127 bytes "address" */, FALSE},
+ { "localhost", "localhost,127.0.0.1", TRUE},
+ { "localhost", "127.0.0.1,localhost", TRUE},
{ "foobar", "barfoo", FALSE},
{ "foobar", "foobar", TRUE},
{ "192.168.0.1", "foobar", FALSE},

View File

@ -0,0 +1,66 @@
https://bugs.gentoo.org/878365#c2
https://github.com/curl/curl/issues/9821
https://github.com/curl/curl/commit/b830f9ba9e94acf672cd191993ff679fa888838b
From b830f9ba9e94acf672cd191993ff679fa888838b Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 28 Oct 2022 10:51:49 +0200
Subject: [PATCH] noproxy: fix tail-matching
Also ignore trailing dots in both host name and comparison pattern.
Regression in 7.86.0 (from 1e9a538e05c0)
Extended test 1614 to verify better.
Reported-by: Henning Schild
Fixes #9821
Closes #9822
--- a/lib/noproxy.c
+++ b/lib/noproxy.c
@@ -153,9 +153,14 @@ bool Curl_check_noproxy(const char *name, const char *no_proxy)
}
else {
unsigned int address;
+ namelen = strlen(name);
if(1 == Curl_inet_pton(AF_INET, name, &address))
type = TYPE_IPV4;
- namelen = strlen(name);
+ else {
+ /* ignore trailing dots in the host name */
+ if(name[namelen - 1] == '.')
+ namelen--;
+ }
}
while(*p) {
@@ -177,12 +182,23 @@ bool Curl_check_noproxy(const char *name, const char *no_proxy)
if(tokenlen) {
switch(type) {
case TYPE_HOST:
- if(*token == '.') {
- ++token;
- --tokenlen;
- /* tailmatch */
- match = (tokenlen <= namelen) &&
- strncasecompare(token, name + (namelen - tokenlen), namelen);
+ /* ignore trailing dots in the token to check */
+ if(token[tokenlen - 1] == '.')
+ tokenlen--;
+
+ if(tokenlen && (*token == '.')) {
+ /* A: example.com matches '.example.com'
+ B: www.example.com matches '.example.com'
+ C: nonexample.com DOES NOT match '.example.com'
+ */
+ if((tokenlen - 1) == namelen)
+ /* case A, exact match without leading dot */
+ match = strncasecompare(token + 1, name, namelen);
+ else if(tokenlen < namelen)
+ /* case B, tailmatch with leading dot */
+ match = strncasecompare(token, name + (namelen - tokenlen),
+ tokenlen);
+ /* case C passes through, not a match */
}
else
match = (tokenlen == namelen) &&

View File

@ -28,7 +28,7 @@
<flag name="sslv3">Support for the old/insecure SSLv3 protocol</flag>
<flag name="telnet">Enable Telnet protocol support</flag>
<flag name="tftp">Enable TFTP support</flag>
<flag name="winssl">Enable winssl ssl backend</flag>
<flag name="websockets">Enable websockets support</flag>
<flag name="zstd">Enable zstd compression</flag>
</use>
<upstream>