mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-17 01:46:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

net-misc/curl: update to 7.74.0

Browse Source 
We need to update net-misc/curl to 7.74.0, mainly to address the
following security issues:

* CVE-2020-8169
* CVE-2020-8231
* CVE-2020-8284
* CVE-2020-8285
* CVE-2020-8286
This commit is contained in:
Dongsu Park 2021-01-13 09:44:42 +01:00
parent d961e5519e
commit 2b2694a871
6 changed files with 82 additions and 792 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
sdk_container/src/third_party/portage-stable/net-misc/curl/Manifest vendored
View File

@ -1,4 +1 @@
DIST curl-7.65.0.tar.xz 2392324 BLAKE2B e5aec8c6cb6f6baabd035ce2ea159dba1541011658892bb883e917541aaffe6ebfb0d2b9f18e2357059a7bc1e3a8db47b2aed7a74597b21c14f0892ad6e9eb68 SHA512 032c065c1d4bd07ba028625f8fab6a09e7cb8505a5f19339b3abdee5a9cda7d091c11f075fe3fc227d082690a66c558c770a4cd9fb17b52acc13794976a770c5
DIST curl-7.65.3.tar.xz 2392472 BLAKE2B 25726e1f1568fad6a8419b29dde41bed4d9de4be70740119879beeb08ff2a6ace7737efe1fb6d96ecaacaf8f90dc0142ceede2b90c84275ea8f72bcd09f21dba SHA512 fc4f041d3d6682378ce9eef2c6081e6ad83bb2502ea4c992c760266584c09e9ebca7c6d35958bd32a888702d9308cbce7aef69c431f97994107d7ff6b953941b
DIST curl-7.66.0.tar.xz 2414840 BLAKE2B f5d731c304c826442a8509016d00b9c68438ef9102b3c844c15315181c307e338f79930dc548d7f189b944dd74cc7eeb19d130b5a967ea2efa9862d15ae78bab SHA512 81170e7e4fa9d99ee2038d96d7f2ab10dcf52435331c818c7565c1a733891720f845a08029915e52ba532c6a344c346e1678474624aac1cc333aea6d1eacde35
DIST curl-7.67.0.tar.xz 2418548 BLAKE2B 818b3d03ac8c4adb8a629147feccebcbd3d89164a77d7cb457924bd44c3069f1b03326861b73c51a6427d7169d40485a509f74edd89b99b760649e7adcdce693 SHA512 1d5a344be92dd61b1ba5189eff0fe337e492f2e850794943570fe71c985d0af60bd412082be646e07aaa8639908593e1ce4bb2d07db35394ec377e8ce8b9ae29
DIST curl-7.74.0.tar.xz 2400972 BLAKE2B bef9e01493994afc933549a78b41065708aeaa9f6f5cdd1dbf2f43bbb03bbc97b17308b8bda5f11599c3cc0c6c77903e6fa6f1310ff874fad902a59566b51e8a SHA512 5d987f0b4d051c9e254f14d4e2a05f7cda9fb0f0ac7b3ca3664a25a51ee5ffe092ee072c0d9a613fcd3f34727d75bba14b70f5500cb110ca818591e071c3e6f4

238
sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.65.0.ebuild vendored
View File

@ -1,238 +0,0 @@
# Copyright 1999-2019 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
inherit autotools eutils prefix multilib-minimal
DESCRIPTION="A Client that groks URLs"
HOMEPAGE="https://curl.haxx.se/"
SRC_URI="https://curl.haxx.se/download/${P}.tar.xz"
LICENSE="MIT"
SLOT="0"
KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~riscv s390 ~sh sparc x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
IUSE="adns brotli http2 idn ipv6 kerberos ldap metalink rtmp samba ssh ssl static-libs test threads"
IUSE+=" curl_ssl_gnutls curl_ssl_libressl curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_winssl"
IUSE+=" elibc_Winnt"
#lead to lots of false negatives, bug #285669
RESTRICT="test"
RDEPEND="ldap? ( net-nds/openldap[${MULTILIB_USEDEP}] )
brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
ssl? (
curl_ssl_gnutls? (
net-libs/gnutls:0=[static-libs?,${MULTILIB_USEDEP}]
dev-libs/nettle:0=[${MULTILIB_USEDEP}]
app-misc/ca-certificates
)
curl_ssl_libressl? (
dev-libs/libressl:0=[static-libs?,${MULTILIB_USEDEP}]
)
curl_ssl_mbedtls? (
net-libs/mbedtls:0=[${MULTILIB_USEDEP}]
app-misc/ca-certificates
)
curl_ssl_openssl? (
dev-libs/openssl:0=[static-libs?,${MULTILIB_USEDEP}]
)
curl_ssl_nss? (
dev-libs/nss:0[${MULTILIB_USEDEP}]
app-misc/ca-certificates
)
)
http2? ( net-libs/nghttp2[${MULTILIB_USEDEP}] )
idn? ( net-dns/libidn2:0=[static-libs?,${MULTILIB_USEDEP}] )
adns? ( net-dns/c-ares:0[${MULTILIB_USEDEP}] )
kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
metalink? ( >=media-libs/libmetalink-0.1.1[${MULTILIB_USEDEP}] )
rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
ssh? ( net-libs/libssh2[${MULTILIB_USEDEP}] )
sys-libs/zlib[${MULTILIB_USEDEP}]"
# Do we need to enforce the same ssl backend for curl and rtmpdump? Bug #423303
# rtmp? (
# media-video/rtmpdump
# curl_ssl_gnutls? ( media-video/rtmpdump[gnutls] )
# curl_ssl_openssl? ( media-video/rtmpdump[-gnutls,ssl] )
# )
# ssl providers to be added:
# fbopenssl $(use_with spnego)
DEPEND="${RDEPEND}
>=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
test? (
sys-apps/diffutils
dev-lang/perl
)"
# c-ares must be disabled for threads
# only one ssl provider can be enabled
REQUIRED_USE="
curl_ssl_winssl? ( elibc_Winnt )
threads? ( !adns )
ssl? (
^^ (
curl_ssl_gnutls
curl_ssl_libressl
curl_ssl_mbedtls
curl_ssl_nss
curl_ssl_openssl
curl_ssl_winssl
)
)"
DOCS=( CHANGES README docs/FEATURES docs/INTERNALS.md \
docs/FAQ docs/BUGS docs/CONTRIBUTE.md )
MULTILIB_WRAPPED_HEADERS=(
/usr/include/curl/curlbuild.h
)
MULTILIB_CHOST_TOOLS=(
/usr/bin/curl-config
)
src_prepare() {
eapply "${FILESDIR}"/${PN}-7.30.0-prefix.patch
eapply "${FILESDIR}"/${PN}-respect-cflags-3.patch
eapply "${FILESDIR}"/${PN}-fix-gnutls-nettle.patch
sed -i '/LD_LIBRARY_PATH=/d' configure.ac || die #382241
sed -i '/CURL_MAC_CFLAGS/d' configure.ac || die #637252
eapply_user
eprefixify curl-config.in
eautoreconf
}
multilib_src_configure() {
# We make use of the fact that later flags override earlier ones
# So start with all ssl providers off until proven otherwise
# TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
local myconf=()
myconf+=( --without-gnutls --without-mbedtls --without-nss --without-polarssl --without-ssl --without-winssl )
myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
if use ssl ; then
if use curl_ssl_gnutls; then
einfo "SSL provided by gnutls"
myconf+=( --with-gnutls --with-nettle )
elif use curl_ssl_libressl; then
einfo "SSL provided by LibreSSL"
myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
elif use curl_ssl_mbedtls; then
einfo "SSL provided by mbedtls"
myconf+=( --with-mbedtls )
elif use curl_ssl_nss; then
einfo "SSL provided by nss"
myconf+=( --with-nss )
elif use curl_ssl_openssl; then
einfo "SSL provided by openssl"
myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
elif use curl_ssl_winssl; then
einfo "SSL provided by Windows"
myconf+=( --with-winssl )
else
eerror "We can't be here because of REQUIRED_USE."
fi
else
einfo "SSL disabled"
fi
# These configuration options are organized alphabetically
# within each category. This should make it easier if we
# ever decide to make any of them contingent on USE flags:
# 1) protocols first. To see them all do
# 'grep SUPPORT_PROTOCOLS configure.ac'
# 2) --enable/disable options second.
# 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
# 3) --with/without options third.
# grep -- --with configure | grep Check | awk '{ print $4 }' | sort
ECONF_SOURCE="${S}" \
econf \
--disable-alt-svc \
--enable-crypto-auth \
--enable-dict \
--enable-file \
--enable-ftp \
--enable-gopher \
--enable-http \
--enable-imap \
$(use_enable ldap) \
$(use_enable ldap ldaps) \
--disable-ntlm-wb \
--enable-pop3 \
--enable-rt \
--enable-rtsp \
$(use_enable samba smb) \
$(use_with ssh libssh2) \
--enable-smtp \
--enable-telnet \
--enable-tftp \
--enable-tls-srp \
$(use_enable adns ares) \
--enable-cookies \
--enable-hidden-symbols \
$(use_enable ipv6) \
--enable-largefile \
--without-libpsl \
--enable-manual \
--enable-proxy \
--disable-sspi \
$(use_enable static-libs static) \
$(use_enable threads threaded-resolver) \
$(use_enable threads pthreads) \
--disable-versioned-symbols \
--without-amissl \
--without-cyassl \
--without-darwinssl \
--without-fish-functions-dir \
$(use_with idn libidn2) \
$(use_with kerberos gssapi "${EPREFIX}"/usr) \
$(use_with metalink libmetalink) \
$(use_with http2 nghttp2) \
$(use_with rtmp librtmp) \
$(use_with brotli) \
--without-schannel \
--without-secure-transport \
--without-spnego \
--without-winidn \
--without-wolfssl \
--with-zlib \
"${myconf[@]}"
if ! multilib_is_native_abi; then
# avoid building the client
sed -i -e '/SUBDIRS/s:src::' Makefile || die
sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
fi
# Fix up the pkg-config file to be more robust.
# https://github.com/curl/curl/issues/864
local priv=() libs=()
# We always enable zlib.
libs+=( "-lz" )
priv+=( "zlib" )
if use http2; then
libs+=( "-lnghttp2" )
priv+=( "libnghttp2" )
fi
if use ssl && use curl_ssl_openssl; then
libs+=( "-lssl" "-lcrypto" )
priv+=( "openssl" )
fi
grep -q Requires.private libcurl.pc && die "need to update ebuild"
libs=$(printf '|%s' "${libs[@]}")
sed -i -r \
-e "/^Libs.private/s:(${libs#|})( |$)::g" \
libcurl.pc || die
echo "Requires.private: ${priv[*]}" >> libcurl.pc
}
multilib_src_install_all() {
einstalldocs
find "${ED}" -type f -name '*.la' -delete
rm -rf "${ED}"/etc/
}

246
sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.65.3.ebuild vendored
View File

@ -1,246 +0,0 @@
# Copyright 1999-2019 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
inherit autotools eutils prefix multilib-minimal
DESCRIPTION="A Client that groks URLs"
HOMEPAGE="https://curl.haxx.se/"
SRC_URI="https://curl.haxx.se/download/${P}.tar.xz"
LICENSE="MIT"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
IUSE="adns brotli http2 idn ipv6 kerberos ldap metalink +progress-meter rtmp samba ssh ssl static-libs test threads"
IUSE+=" curl_ssl_gnutls curl_ssl_libressl curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_winssl"
IUSE+=" elibc_Winnt"
#lead to lots of false negatives, bug #285669
RESTRICT="test"
RDEPEND="ldap? ( net-nds/openldap[${MULTILIB_USEDEP}] )
brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
ssl? (
curl_ssl_gnutls? (
net-libs/gnutls:0=[static-libs?,${MULTILIB_USEDEP}]
dev-libs/nettle:0=[${MULTILIB_USEDEP}]
app-misc/ca-certificates
)
curl_ssl_libressl? (
dev-libs/libressl:0=[static-libs?,${MULTILIB_USEDEP}]
)
curl_ssl_mbedtls? (
net-libs/mbedtls:0=[${MULTILIB_USEDEP}]
app-misc/ca-certificates
)
curl_ssl_openssl? (
dev-libs/openssl:0=[static-libs?,${MULTILIB_USEDEP}]
)
curl_ssl_nss? (
dev-libs/nss:0[${MULTILIB_USEDEP}]
app-misc/ca-certificates
)
)
http2? ( net-libs/nghttp2[${MULTILIB_USEDEP}] )
idn? ( net-dns/libidn2:0=[static-libs?,${MULTILIB_USEDEP}] )
adns? ( net-dns/c-ares:0[${MULTILIB_USEDEP}] )
kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
metalink? ( >=media-libs/libmetalink-0.1.1[${MULTILIB_USEDEP}] )
rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
ssh? ( net-libs/libssh2[${MULTILIB_USEDEP}] )
sys-libs/zlib[${MULTILIB_USEDEP}]"
# Do we need to enforce the same ssl backend for curl and rtmpdump? Bug #423303
# rtmp? (
# media-video/rtmpdump
# curl_ssl_gnutls? ( media-video/rtmpdump[gnutls] )
# curl_ssl_openssl? ( media-video/rtmpdump[-gnutls,ssl] )
# )
# ssl providers to be added:
# fbopenssl $(use_with spnego)
DEPEND="${RDEPEND}
>=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
test? (
sys-apps/diffutils
dev-lang/perl
)"
# c-ares must be disabled for threads
# only one ssl provider can be enabled
REQUIRED_USE="
curl_ssl_winssl? ( elibc_Winnt )
threads? ( !adns )
ssl? (
^^ (
curl_ssl_gnutls
curl_ssl_libressl
curl_ssl_mbedtls
curl_ssl_nss
curl_ssl_openssl
curl_ssl_winssl
)
)"
DOCS=( CHANGES README docs/FEATURES docs/INTERNALS.md \
docs/FAQ docs/BUGS docs/CONTRIBUTE.md )
MULTILIB_WRAPPED_HEADERS=(
/usr/include/curl/curlbuild.h
)
MULTILIB_CHOST_TOOLS=(
/usr/bin/curl-config
)
src_prepare() {
eapply "${FILESDIR}"/${PN}-7.30.0-prefix.patch
eapply "${FILESDIR}"/${PN}-respect-cflags-3.patch
eapply "${FILESDIR}"/${PN}-fix-gnutls-nettle.patch
sed -i '/LD_LIBRARY_PATH=/d' configure.ac || die #382241
sed -i '/CURL_MAC_CFLAGS/d' configure.ac || die #637252
eapply_user
eprefixify curl-config.in
eautoreconf
}
multilib_src_configure() {
# We make use of the fact that later flags override earlier ones
# So start with all ssl providers off until proven otherwise
# TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
local myconf=()
myconf+=( --without-gnutls --without-mbedtls --without-nss --without-polarssl --without-ssl --without-winssl )
myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
if use ssl ; then
if use curl_ssl_gnutls; then
einfo "SSL provided by gnutls"
myconf+=( --with-gnutls --with-nettle )
elif use curl_ssl_libressl; then
einfo "SSL provided by LibreSSL"
myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
elif use curl_ssl_mbedtls; then
einfo "SSL provided by mbedtls"
myconf+=( --with-mbedtls )
elif use curl_ssl_nss; then
einfo "SSL provided by nss"
myconf+=( --with-nss )
elif use curl_ssl_openssl; then
einfo "SSL provided by openssl"
myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
elif use curl_ssl_winssl; then
einfo "SSL provided by Windows"
myconf+=( --with-winssl )
else
eerror "We can't be here because of REQUIRED_USE."
fi
else
einfo "SSL disabled"
fi
# These configuration options are organized alphabetically
# within each category. This should make it easier if we
# ever decide to make any of them contingent on USE flags:
# 1) protocols first. To see them all do
# 'grep SUPPORT_PROTOCOLS configure.ac'
# 2) --enable/disable options second.
# 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
# 3) --with/without options third.
# grep -- --with configure | grep Check | awk '{ print $4 }' | sort
ECONF_SOURCE="${S}" \
econf \
--disable-alt-svc \
--enable-crypto-auth \
--enable-dict \
--enable-file \
--enable-ftp \
--enable-gopher \
--enable-http \
--enable-imap \
$(use_enable ldap) \
$(use_enable ldap ldaps) \
--disable-ntlm-wb \
--enable-pop3 \
--enable-rt \
--enable-rtsp \
$(use_enable samba smb) \
$(use_with ssh libssh2) \
--enable-smtp \
--enable-telnet \
--enable-tftp \
--enable-tls-srp \
$(use_enable adns ares) \
--enable-cookies \
--enable-dateparse \
--enable-dnsshuffle \
--enable-doh \
--enable-hidden-symbols \
--enable-http-auth \
$(use_enable ipv6) \
--enable-largefile \
--without-libpsl \
--enable-manual \
--enable-mime \
--enable-netrc \
$(use_enable progress-meter) \
--enable-proxy \
--disable-sspi \
$(use_enable static-libs static) \
$(use_enable threads threaded-resolver) \
$(use_enable threads pthreads) \
--disable-versioned-symbols \
--without-amissl \
--without-cyassl \
--without-darwinssl \
--without-fish-functions-dir \
$(use_with idn libidn2) \
$(use_with kerberos gssapi "${EPREFIX}"/usr) \
$(use_with metalink libmetalink) \
$(use_with http2 nghttp2) \
$(use_with rtmp librtmp) \
$(use_with brotli) \
--without-schannel \
--without-secure-transport \
--without-spnego \
--without-winidn \
--without-wolfssl \
--with-zlib \
"${myconf[@]}"
if ! multilib_is_native_abi; then
# avoid building the client
sed -i -e '/SUBDIRS/s:src::' Makefile || die
sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
fi
# Fix up the pkg-config file to be more robust.
# https://github.com/curl/curl/issues/864
local priv=() libs=()
# We always enable zlib.
libs+=( "-lz" )
priv+=( "zlib" )
if use http2; then
libs+=( "-lnghttp2" )
priv+=( "libnghttp2" )
fi
if use ssl && use curl_ssl_openssl; then
libs+=( "-lssl" "-lcrypto" )
priv+=( "openssl" )
fi
grep -q Requires.private libcurl.pc && die "need to update ebuild"
libs=$(printf '|%s' "${libs[@]}")
sed -i -r \
-e "/^Libs.private/s:(${libs#|})( |$)::g" \
libcurl.pc || die
echo "Requires.private: ${priv[*]}" >> libcurl.pc
}
multilib_src_install_all() {
einstalldocs
find "${ED}" -type f -name '*.la' -delete
rm -rf "${ED}"/etc/
}

264
sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.67.0.ebuild vendored
View File

@ -1,264 +0,0 @@
# Copyright 1999-2019 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
inherit autotools eutils prefix multilib-minimal
DESCRIPTION="A Client that groks URLs"
HOMEPAGE="https://curl.haxx.se/"
SRC_URI="https://curl.haxx.se/download/${P}.tar.xz"
LICENSE="MIT"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
IUSE="adns alt-svc brotli esni http2 idn ipv6 kerberos ldap metalink +progress-meter rtmp samba ssh ssl static-libs test threads"
IUSE+=" curl_ssl_gnutls curl_ssl_libressl curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_winssl"
IUSE+=" nghttp3 quiche"
IUSE+=" elibc_Winnt"
#lead to lots of false negatives, bug #285669
RESTRICT="test"
RDEPEND="ldap? ( net-nds/openldap[${MULTILIB_USEDEP}] )
brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
ssl? (
curl_ssl_gnutls? (
net-libs/gnutls:0=[static-libs?,${MULTILIB_USEDEP}]
dev-libs/nettle:0=[${MULTILIB_USEDEP}]
app-misc/ca-certificates
)
curl_ssl_libressl? (
dev-libs/libressl:0=[static-libs?,${MULTILIB_USEDEP}]
)
curl_ssl_mbedtls? (
net-libs/mbedtls:0=[${MULTILIB_USEDEP}]
app-misc/ca-certificates
)
curl_ssl_openssl? (
dev-libs/openssl:0=[static-libs?,${MULTILIB_USEDEP}]
)
curl_ssl_nss? (
dev-libs/nss:0[${MULTILIB_USEDEP}]
app-misc/ca-certificates
)
)
http2? ( net-libs/nghttp2[${MULTILIB_USEDEP}] )
nghttp3? (
net-libs/nghttp3[${MULTILIB_USEDEP}]
net-libs/ngtcp2[ssl,${MULTILIB_USEDEP}]
)
quiche? ( net-libs/quiche[${MULTILIB_USEDEP}] )
idn? ( net-dns/libidn2:0=[static-libs?,${MULTILIB_USEDEP}] )
adns? ( net-dns/c-ares:0[${MULTILIB_USEDEP}] )
kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
metalink? ( >=media-libs/libmetalink-0.1.1[${MULTILIB_USEDEP}] )
rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
ssh? ( net-libs/libssh2[${MULTILIB_USEDEP}] )
sys-libs/zlib[${MULTILIB_USEDEP}]"
# Do we need to enforce the same ssl backend for curl and rtmpdump? Bug #423303
# rtmp? (
# media-video/rtmpdump
# curl_ssl_gnutls? ( media-video/rtmpdump[gnutls] )
# curl_ssl_openssl? ( media-video/rtmpdump[-gnutls,ssl] )
# )
# ssl providers to be added:
# fbopenssl $(use_with spnego)
DEPEND="${RDEPEND}"
BDEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
test? (
sys-apps/diffutils
dev-lang/perl
)"
# c-ares must be disabled for threads
# only one ssl provider can be enabled
REQUIRED_USE="
curl_ssl_winssl? ( elibc_Winnt )
threads? ( !adns )
ssl? (
^^ (
curl_ssl_gnutls
curl_ssl_libressl
curl_ssl_mbedtls
curl_ssl_nss
curl_ssl_openssl
curl_ssl_winssl
)
)"
DOCS=( CHANGES README docs/FEATURES docs/INTERNALS.md \
docs/FAQ docs/BUGS docs/CONTRIBUTE.md )
MULTILIB_WRAPPED_HEADERS=(
/usr/include/curl/curlbuild.h
)
MULTILIB_CHOST_TOOLS=(
/usr/bin/curl-config
)
src_prepare() {
eapply "${FILESDIR}"/${PN}-7.30.0-prefix.patch
eapply "${FILESDIR}"/${PN}-respect-cflags-3.patch
eapply "${FILESDIR}"/${PN}-fix-gnutls-nettle.patch
sed -i '/LD_LIBRARY_PATH=/d' configure.ac || die #382241
sed -i '/CURL_MAC_CFLAGS/d' configure.ac || die #637252
eapply_user
eprefixify curl-config.in
eautoreconf
}
multilib_src_configure() {
# We make use of the fact that later flags override earlier ones
# So start with all ssl providers off until proven otherwise
# TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
local myconf=()
myconf+=( --without-gnutls --without-mbedtls --without-nss --without-polarssl --without-ssl --without-winssl )
myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
if use ssl ; then
if use curl_ssl_gnutls; then
einfo "SSL provided by gnutls"
myconf+=( --with-gnutls --with-nettle )
elif use curl_ssl_libressl; then
einfo "SSL provided by LibreSSL"
myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
elif use curl_ssl_mbedtls; then
einfo "SSL provided by mbedtls"
myconf+=( --with-mbedtls )
elif use curl_ssl_nss; then
einfo "SSL provided by nss"
myconf+=( --with-nss )
elif use curl_ssl_openssl; then
einfo "SSL provided by openssl"
myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
elif use curl_ssl_winssl; then
einfo "SSL provided by Windows"
myconf+=( --with-winssl )
else
eerror "We can't be here because of REQUIRED_USE."
fi
else
einfo "SSL disabled"
fi
# These configuration options are organized alphabetically
# within each category. This should make it easier if we
# ever decide to make any of them contingent on USE flags:
# 1) protocols first. To see them all do
# 'grep SUPPORT_PROTOCOLS configure.ac'
# 2) --enable/disable options second.
# 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
# 3) --with/without options third.
# grep -- --with configure | grep Check | awk '{ print $4 }' | sort
ECONF_SOURCE="${S}" \
econf \
$(use_enable alt-svc) \
--enable-crypto-auth \
--enable-dict \
$(use_enable esni) \
--enable-file \
--enable-ftp \
--enable-gopher \
--enable-http \
--enable-imap \
$(use_enable ldap) \
$(use_enable ldap ldaps) \
--disable-ntlm-wb \
--enable-pop3 \
--enable-rt \
--enable-rtsp \
$(use_enable samba smb) \
$(use_with ssh libssh2) \
--enable-smtp \
--enable-telnet \
--enable-tftp \
--enable-tls-srp \
$(use_enable adns ares) \
--enable-cookies \
--enable-dateparse \
--enable-dnsshuffle \
--enable-doh \
--enable-hidden-symbols \
--enable-http-auth \
$(use_enable ipv6) \
--enable-largefile \
--without-libpsl \
--enable-manual \
--enable-mime \
--enable-netrc \
$(use_enable progress-meter) \
--enable-proxy \
--disable-sspi \
$(use_enable static-libs static) \
$(use_enable threads threaded-resolver) \
$(use_enable threads pthreads) \
--disable-versioned-symbols \
--without-amissl \
--without-cyassl \
--without-darwinssl \
--without-fish-functions-dir \
$(use_with idn libidn2) \
$(use_with kerberos gssapi "${EPREFIX}"/usr) \
$(use_with metalink libmetalink) \
$(use_with http2 nghttp2) \
$(use_with nghttp3) \
$(use_with nghttp3 ngtcp2) \
$(use_with quiche) \
$(use_with rtmp librtmp) \
$(use_with brotli) \
--without-schannel \
--without-secure-transport \
--without-spnego \
--without-winidn \
--without-wolfssl \
--with-zlib \
"${myconf[@]}"
if ! multilib_is_native_abi; then
# avoid building the client
sed -i -e '/SUBDIRS/s:src::' Makefile || die
sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
fi
# Fix up the pkg-config file to be more robust.
# https://github.com/curl/curl/issues/864
local priv=() libs=()
# We always enable zlib.
libs+=( "-lz" )
priv+=( "zlib" )
if use http2; then
libs+=( "-lnghttp2" )
priv+=( "libnghttp2" )
fi
if use quiche; then
libs+=( "-lquiche" )
priv+=( "libquiche" )
fi
if use nghttp3; then
libs+=( "-lnghttp3" "-lngtcp2" )
priv+=( "libnghttp3" "-libtcp2" )
fi
if use ssl && use curl_ssl_openssl; then
libs+=( "-lssl" "-lcrypto" )
priv+=( "openssl" )
fi
grep -q Requires.private libcurl.pc && die "need to update ebuild"
libs=$(printf '|%s' "${libs[@]}")
sed -i -r \
-e "/^Libs.private/s:(${libs#|})( |$)::g" \
libcurl.pc || die
echo "Requires.private: ${priv[*]}" >> libcurl.pc
}
multilib_src_install_all() {
einstalldocs
find "${ED}" -type f -name '*.la' -delete
rm -rf "${ED}"/etc/
}

102
sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.66.0.ebuild → sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.74.0-r2.ebuild vendored
View File

@ -1,4 +1,4 @@
# Copyright 1999-2019 Gentoo Authors
# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
@ -9,36 +9,35 @@ DESCRIPTION="A Client that groks URLs"
HOMEPAGE="https://curl.haxx.se/"
SRC_URI="https://curl.haxx.se/download/${P}.tar.xz"
LICENSE="MIT"
LICENSE="curl"
SLOT="0"
KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~riscv s390 ~sh sparc x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
IUSE="adns alt-svc brotli http2 idn ipv6 kerberos ldap metalink +progress-meter rtmp samba ssh ssl static-libs test threads"
#KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
IUSE="adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap ipv6 kerberos ldap libressl mbedtls metalink nss +openssl +pop3 +progress-meter rtmp samba +smtp ssh ssl static-libs test telnet +tftp threads winssl zstd"
IUSE+=" curl_ssl_gnutls curl_ssl_libressl curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_winssl"
IUSE+=" nghttp3 quiche"
IUSE+=" elibc_Winnt"
#lead to lots of false negatives, bug #285669
RESTRICT="test"
RESTRICT="!test? ( test )"
RDEPEND="ldap? ( net-nds/openldap[${MULTILIB_USEDEP}] )
brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
ssl? (
curl_ssl_gnutls? (
gnutls? (
net-libs/gnutls:0=[static-libs?,${MULTILIB_USEDEP}]
dev-libs/nettle:0=[${MULTILIB_USEDEP}]
app-misc/ca-certificates
)
curl_ssl_libressl? (
dev-libs/libressl:0=[static-libs?,${MULTILIB_USEDEP}]
)
curl_ssl_mbedtls? (
mbedtls? (
net-libs/mbedtls:0=[${MULTILIB_USEDEP}]
app-misc/ca-certificates
)
curl_ssl_openssl? (
dev-libs/openssl:0=[static-libs?,${MULTILIB_USEDEP}]
openssl? (
!libressl? ( dev-libs/openssl:0=[static-libs?,${MULTILIB_USEDEP}] )
libressl? ( dev-libs/libressl:0=[static-libs?,${MULTILIB_USEDEP}] )
)
curl_ssl_nss? (
nss? (
dev-libs/nss:0[${MULTILIB_USEDEP}]
app-misc/ca-certificates
)
@ -48,14 +47,15 @@ RDEPEND="ldap? ( net-nds/openldap[${MULTILIB_USEDEP}] )
net-libs/nghttp3[${MULTILIB_USEDEP}]
net-libs/ngtcp2[ssl,${MULTILIB_USEDEP}]
)
quiche? ( net-libs/quiche[${MULTILIB_USEDEP}] )
quiche? ( >=net-libs/quiche-0.3.0[${MULTILIB_USEDEP}] )
idn? ( net-dns/libidn2:0=[static-libs?,${MULTILIB_USEDEP}] )
adns? ( net-dns/c-ares:0[${MULTILIB_USEDEP}] )
kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
metalink? ( >=media-libs/libmetalink-0.1.1[${MULTILIB_USEDEP}] )
rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
ssh? ( net-libs/libssh2[${MULTILIB_USEDEP}] )
sys-libs/zlib[${MULTILIB_USEDEP}]"
sys-libs/zlib[${MULTILIB_USEDEP}]
zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )"
# Do we need to enforce the same ssl backend for curl and rtmpdump? Bug #423303
# rtmp? (
@ -68,16 +68,16 @@ RDEPEND="ldap? ( net-nds/openldap[${MULTILIB_USEDEP}] )
# fbopenssl $(use_with spnego)
DEPEND="${RDEPEND}"
BDEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
BDEPEND="virtual/pkgconfig
test? (
sys-apps/diffutils
dev-lang/perl
)"
# c-ares must be disabled for threads
# only one ssl provider can be enabled
# only one default ssl provider can be enabled
REQUIRED_USE="
curl_ssl_winssl? ( elibc_Winnt )
winssl? ( elibc_Winnt )
threads? ( !adns )
ssl? (
^^ (
@ -90,8 +90,8 @@ REQUIRED_USE="
)
)"
DOCS=( CHANGES README docs/FEATURES docs/INTERNALS.md \
docs/FAQ docs/BUGS docs/CONTRIBUTE.md )
DOCS=( CHANGES README docs/FEATURES.md docs/INTERNALS.md \
docs/FAQ docs/BUGS.md docs/CONTRIBUTE.md )
MULTILIB_WRAPPED_HEADERS=(
/usr/include/curl/curlbuild.h
@ -119,30 +119,54 @@ multilib_src_configure() {
# So start with all ssl providers off until proven otherwise
# TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
local myconf=()
myconf+=( --without-gnutls --without-mbedtls --without-nss --without-polarssl --without-ssl --without-winssl )
myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
#myconf+=( --without-default-ssl-backend )
if use ssl ; then
if use curl_ssl_gnutls; then
if use gnutls || use curl_ssl_gnutls; then
einfo "SSL provided by gnutls"
myconf+=( --with-gnutls --with-nettle )
elif use curl_ssl_libressl; then
einfo "SSL provided by LibreSSL"
myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
elif use curl_ssl_mbedtls; then
fi
if use mbedtls || use curl_ssl_mbedtls; then
einfo "SSL provided by mbedtls"
myconf+=( --with-mbedtls )
elif use curl_ssl_nss; then
fi
if use nss || use curl_ssl_nss; then
einfo "SSL provided by nss"
myconf+=( --with-nss )
elif use curl_ssl_openssl; then
fi
if use openssl || use curl_ssl_openssl || use curl_ssl_libressl; then
einfo "SSL provided by openssl"
myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
elif use curl_ssl_winssl; then
fi
if use winssl || use curl_ssl_winssl; then
einfo "SSL provided by Windows"
myconf+=( --with-winssl )
fi
if use curl_ssl_gnutls; then
einfo "Default SSL provided by gnutls"
myconf+=( --with-default-ssl-backend=gnutls )
elif use curl_ssl_libressl; then
einfo "Default SSL provided by LibreSSL"
myconf+=( --with-default-ssl-backend=openssl ) # NOTE THE HACK HERE
elif use curl_ssl_mbedtls; then
einfo "Default SSL provided by mbedtls"
myconf+=( --with-default-ssl-backend=mbedtls )
elif use curl_ssl_nss; then
einfo "Default SSL provided by nss"
myconf+=( --with-default-ssl-backend=nss )
elif use curl_ssl_openssl; then
einfo "Default SSL provided by openssl"
myconf+=( --with-default-ssl-backend=openssl )
elif use curl_ssl_winssl; then
einfo "Default SSL provided by Windows"
myconf+=( --with-default-ssl-backend=winssl )
else
eerror "We can't be here because of REQUIRED_USE."
fi
else
einfo "SSL disabled"
fi
@ -162,22 +186,24 @@ multilib_src_configure() {
$(use_enable alt-svc) \
--enable-crypto-auth \
--enable-dict \
--disable-ech \
--enable-file \
--enable-ftp \
--enable-gopher \
$(use_enable ftp) \
$(use_enable gopher) \
$(use_enable hsts) \
--enable-http \
--enable-imap \
$(use_enable imap) \
$(use_enable ldap) \
$(use_enable ldap ldaps) \
--disable-ntlm-wb \
--enable-pop3 \
$(use_enable pop3) \
--enable-rt \
--enable-rtsp \
$(use_enable samba smb) \
$(use_with ssh libssh2) \
--enable-smtp \
--enable-telnet \
--enable-tftp \
$(use_enable smtp) \
$(use_enable telnet) \
$(use_enable tftp) \
--enable-tls-srp \
$(use_enable adns ares) \
--enable-cookies \
@ -188,7 +214,6 @@ multilib_src_configure() {
--enable-http-auth \
$(use_enable ipv6) \
--enable-largefile \
--without-libpsl \
--enable-manual \
--enable-mime \
--enable-netrc \
@ -200,6 +225,7 @@ multilib_src_configure() {
$(use_enable threads pthreads) \
--disable-versioned-symbols \
--without-amissl \
--without-bearssl \
--without-cyassl \
--without-darwinssl \
--without-fish-functions-dir \
@ -207,6 +233,7 @@ multilib_src_configure() {
$(use_with kerberos gssapi "${EPREFIX}"/usr) \
$(use_with metalink libmetalink) \
$(use_with http2 nghttp2) \
--without-libpsl \
$(use_with nghttp3) \
$(use_with nghttp3 ngtcp2) \
$(use_with quiche) \
@ -218,6 +245,7 @@ multilib_src_configure() {
--without-winidn \
--without-wolfssl \
--with-zlib \
$(use_with zstd) \
"${myconf[@]}"
if ! multilib_is_native_abi; then
@ -238,7 +266,7 @@ multilib_src_configure() {
fi
if use quiche; then
libs+=( "-lquiche" )
priv+=( "libquiche" )
priv+=( "quiche" )
fi
if use nghttp3; then
libs+=( "-lnghttp3" "-lngtcp2" )

19
sdk_container/src/third_party/portage-stable/net-misc/curl/metadata.xml vendored
View File

@ -8,15 +8,28 @@
<use>
<flag name="alt-svc">Enable alt-svc support</flag>
<flag name="brotli">Enable brotli compression support</flag>
<flag name="esni">Enable Encrypted Server Name Indication support</flag>
<flag name="ftp">Enable FTP support</flag>
<flag name="gnutls">Enable gnutls ssl backend</flag>
<flag name="gopher">Enable Gopher protocol support</flag>
<flag name="hsts">Enable HTTP Strict Transport Security</flag>
<flag name="http2">Enable HTTP/2.0 support</flag>
<flag name="imap">Enable Internet Message Access Protocol support</flag>
<flag name="mbedtls">Enable mbedtls ssl backend</flag>
<flag name="nghttp3">Enable HTTP/3.0 support using <pkg>net-libs/nghttp3</pkg> and <pkg>net-libs/ngtcp2</pkg></flag>
<flag name="quiche">Enable HTTP/3.0 support using <pkg>net-libs/quiche</pkg></flag>
<flag name="ssh">Enable SSH urls in curl using libssh2</flag>
<flag name="metalink">Enable metalink support</flag>
<flag name="nss">Enable nss ssl backend</flag>
<flag name="openssl">Enable openssl ssl backend</flag>
<flag name="pop3">Enable Post Office Protocol 3 support</flag>
<flag name="progress-meter">Enable the progress meter</flag>
<flag name="ssl">Enable crypto engine support (via openssl if USE='-gnutls -nss')</flag>
<flag name="rtmp">Enable RTMP Streaming Media support</flag>
<flag name="smtp">Enable Simple Mail Transfer Protocol support</flag>
<flag name="ssh">Enable SSH urls in curl using libssh2</flag>
<flag name="ssl">Enable crypto engine support (via openssl if USE='-gnutls -nss')</flag>
<flag name="telnet">Enable Telnet protocol support</flag>
<flag name="tftp">Enable TFTP support</flag>
<flag name="winssl">Enable winssl ssl backend</flag>
<flag name="zstd">Enable zstd compression</flag>
</use>
<upstream>
<remote-id type="cpe">cpe:/a:curl:curl</remote-id>