mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-31 19:31:07 +02:00
Code Issues Packages Projects Releases Wiki Activity

net-misc/curl: Sync with Gentoo

Browse Source 
It's from Gentoo commit 22f2a7e6f0b4ca1bdf316ebfe828ed406300ec09.
This commit is contained in:
Flatcar Buildbot 2025-01-13 07:09:30 +00:00 committed by Krzesimir Nowak
parent acbbc31833
commit 5375e022e5
14 changed files with 429 additions and 1009 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
sdk_container/src/third_party/portage-stable/net-misc/curl/Manifest vendored
View File

@ -2,8 +2,8 @@ DIST curl-8.10.1.tar.xz 2726748 BLAKE2B bfdfa24f6d652884044c5e8eea5d70daad651b46
DIST curl-8.10.1.tar.xz.asc 488 BLAKE2B 8e8f2b628d4e8964a76c1c43c5557aacbfc2d2dbc51be8a0fa1b157c257f15f29aedba842cba7cb270c4adcf0b4a5d9c8b0b3d49633c48b061fb3e1472303d66 SHA512 21d6d560c027efc9e3e5db182a77501d6376442221ba910df817e2ec980bee44a9fe2afc698205f8d5e8313ae47915a341d60206a46b46e816d73ee357a894ac
DIST curl-8.11.0.tar.xz 2750684 BLAKE2B 3db13ed558bee332e07e1eab878b5ecae14cd049c115eea3a25fcb78cf28aadfe577dc224df75b62844529994ec478a9a74fed5c9bae338f809d231420ae5d0a SHA512 3a642d421e0a5c09ecb681bea18498f2c6124e9af4d8afdc074dfb85a9b0211d8972ade9cf00ab44b5dfed9303262cd83551dd3b5e0976d11fc19da3c4a0987e
DIST curl-8.11.0.tar.xz.asc 488 BLAKE2B 5d91dc654d6a62c66e344ca92676b42e7a49f437e14f9fb714f7ae64a266d24d9bb7006b4512fc323459072ff0d9e05f627e494f34f845eadbedbd83acacc2ce SHA512 71073dde48e8f0013e392eb88bf70f6b8a4a4f0c955a3fb56db98e74aa10acc1004e2a0483f30be082e61b59a76fa75ae1d90545ace7c6b07bca8164078375f0
DIST curl-8.7.1.tar.xz 2707016 BLAKE2B a2a9f48d0b69c0d92fcbbda535ce55082a5243abe3ab2db80d6fa3f32fb2c98b65026d69fc45c94e966398cf9ba8d9c95b6b91f4768b54749ed3275dd21838ef SHA512 5bbde9d5648e9226f5490fa951690aaf159149345f3a315df2ba58b2468f3e59ca32e8a49734338afc861803a4f81caac6d642a4699b72c6310ebfb1f618aad2
DIST curl-8.7.1.tar.xz.asc 488 BLAKE2B 1c91d116aecc8e98d8ec3aad68b7c96f11151e6c2716f531e5d2989e9b6b1199e180603673891d7967cdcdaee1d6b5e15160ccabe9b51590e2887022db03c2ed SHA512 f98c393997c4a32f545a8982226e8cd612395210915a4576c2ce227d0f650cff341be7bf15e989d1789abf32ac4fd9c190b9250b81e650b569e8532048746b37
DIST curl-8.11.1.tar.xz 2751236 BLAKE2B a87ec2c78c5d6daf44eee4cf8e3ed124849d067f6c63145205fda18f33ddd3adce386058ead8f9b713f8e595f5e059acd13479eb00edc226247aabd3c2234112 SHA512 7c7c47a49505575b610c56b455f0919ea5082a993bf5483eeb258ead167aadb87078d626b343b417dcfc5439c53556425c8fb4fe3b01b53a87b47c01686a3e57
DIST curl-8.11.1.tar.xz.asc 488 BLAKE2B 53d58ebb8ab722d8394b7ce94b646c876324cd89b3e47d9129bddcfbb6db338c1dbe93a5e72a25caf7be9ddd450c2b0832cfee17beb8ba701bdeefe653235d53 SHA512 c09bedb67e83fb8ca3ad73c5bd0d92fed7fc2c26dbe5a71cccb193fd151c7219713241a9fe74baefcd1d008cfafba78142bf04cec24dd4a88d67179184d35824
DIST curl-8.8.0.tar.xz 2748860 BLAKE2B c14903bad4cbd1752a5335afa6bcc78be1a484692fce0e0a6c2061963e0e6b4e56defb8332cef32d0dbddb481ad0443b71faf3a52a6e9d945c89ecbce373d2a3 SHA512 9d2c0d3a0d8f6c31ba4fabe48f801910f886fde43dc198dc4213708d6967ed5e040a1bb7348aa1cb126577ee508a3ec36fe65256d027d861d6ffb70f6383967a
DIST curl-8.8.0.tar.xz.asc 488 BLAKE2B d80c0ff357b344d7ec2b975a92f1eeb7557993b61a69e7adaaeab89c9b5a53ddade5104fe1a0ad260145db9c90fc0aae36dfc22320492db6696f290da9ff675b SHA512 37b501770225dff6b1e7bde1157f556f10ec1c597fcbbb5c8b8c370efb97a3a70f585f2f5c201b96380d68466696474a5f65a07da59b704678d6927567d25359
DIST curl-8.9.1.tar.xz 2782364 BLAKE2B 6e38e20e2b03ab5bfbb8d9797442dfdd9644fc80d7b1f7c1efb1f44e0d730524e82ccf7413b2c6f4555bd61ae42f91ec7c0201e2c0d563811c85164aa234aada SHA512 a0fe234402875db194aad4e4208b7e67e7ffc1562622eea90948d4b9b0122c95c3dde8bbe2f7445a687cb3de7cb09f20e5819d424570442d976aa4c913227fc7

4
sdk_container/src/third_party/portage-stable/net-misc/curl/curl-8.10.1-r1.ebuild → sdk_container/src/third_party/portage-stable/net-misc/curl/curl-8.10.1-r2.ebuild vendored
View File

@ -1,4 +1,4 @@
# Copyright 1999-2024 Gentoo Authors
# Copyright 1999-2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
@ -106,7 +106,7 @@ RDEPEND="
)
mbedtls? (
app-misc/ca-certificates
net-libs/mbedtls:=[${MULTILIB_USEDEP}]
net-libs/mbedtls:0=[${MULTILIB_USEDEP}]
)
openssl? (
>=dev-libs/openssl-0.9.7:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]

4
sdk_container/src/third_party/portage-stable/net-misc/curl/curl-8.11.0.ebuild → sdk_container/src/third_party/portage-stable/net-misc/curl/curl-8.11.0-r1.ebuild vendored
View File

@ -1,4 +1,4 @@
# Copyright 1999-2024 Gentoo Authors
# Copyright 1999-2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
@ -106,7 +106,7 @@ RDEPEND="
)
mbedtls? (
app-misc/ca-certificates
net-libs/mbedtls:=[${MULTILIB_USEDEP}]
net-libs/mbedtls:0=[${MULTILIB_USEDEP}]
)
openssl? (
>=dev-libs/openssl-0.9.7:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]

384
sdk_container/src/third_party/portage-stable/net-misc/curl/curl-8.11.1-r2.ebuild vendored Normal file
View File

@ -0,0 +1,384 @@
# Copyright 1999-2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
# Maintainers should subscribe to the 'curl-distros' ML for backports etc
# https://daniel.haxx.se/blog/2024/03/25/curl-distro-report/
# https://lists.haxx.se/listinfo/curl-distros
VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/danielstenberg.asc
inherit autotools multilib-minimal multiprocessing prefix toolchain-funcs verify-sig
DESCRIPTION="A Client that groks URLs"
HOMEPAGE="https://curl.se/"
if [[ ${PV} == 9999 ]]; then
inherit git-r3
EGIT_REPO_URI="https://github.com/curl/curl.git"
else
SRC_URI="
https://curl.se/download/${P}.tar.xz
verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )
"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
fi
LICENSE="BSD curl ISC test? ( BSD-4 )"
SLOT="0"
IUSE="+adns +alt-svc brotli debug +ftp gnutls gopher +hsts +http2 +http3 idn +imap kerberos ldap mbedtls +openssl +pop3"
IUSE+=" +psl +progress-meter +quic rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp +websockets zstd"
# These select the default tls implementation / which quic impl to use
IUSE+=" +curl_quic_openssl curl_quic_ngtcp2 curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls"
RESTRICT="!test? ( test )"
# Only one default ssl / quic provider can be enabled
# The default provider needs its USE satisfied
# HTTP/3 and MultiSSL are mutually exclusive; it's not clear if MultiSSL offers any benefit at all in the modern day.
# https://github.com/curl/curl/commit/65ece771f4602107d9cdd339dff4b420280a2c2e
REQUIRED_USE="
quic? (
^^ (
curl_quic_openssl
curl_quic_ngtcp2
)
http3
ssl
)
ssl? (
^^ (
curl_ssl_gnutls
curl_ssl_mbedtls
curl_ssl_openssl
curl_ssl_rustls
)
)
curl_quic_openssl? (
curl_ssl_openssl
quic
!gnutls
!mbedtls
!rustls
)
curl_quic_ngtcp2? (
curl_ssl_gnutls
quic
!mbedtls
!openssl
!rustls
)
curl_ssl_gnutls? ( gnutls )
curl_ssl_mbedtls? ( mbedtls )
curl_ssl_openssl? ( openssl )
curl_ssl_rustls? ( rustls )
http3? ( alt-svc quic )
"
# cURL's docs and CI/CD are great resources for confirming supported versions
# particulary for fast-moving targets like HTTP/2 and TCP/2 e.g.:
# - https://github.com/curl/curl/blob/master/docs/INTERNALS.md (core dependencies + minimum versions)
# - https://github.com/curl/curl/blob/master/docs/HTTP3.md (example of a feature that moves quickly)
# - https://github.com/curl/curl/blob/master/.github/workflows/http3-linux.yml (CI/CD for TCP/2)
# However 'supported' vs 'works' are two entirely different things; be sane but
# don't be afraid to require a later version.
# ngtcp2 = https://bugs.gentoo.org/912029 - can only build with one tls backend at a time.
RDEPEND="
>=sys-libs/zlib-1.1.4[${MULTILIB_USEDEP}]
adns? ( >=net-dns/c-ares-1.16.0:=[${MULTILIB_USEDEP}] )
brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
http2? ( >=net-libs/nghttp2-1.15.0:=[${MULTILIB_USEDEP}] )
http3? ( >=net-libs/nghttp3-1.1.0[${MULTILIB_USEDEP}] )
idn? ( >=net-dns/libidn2-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
ldap? ( >=net-nds/openldap-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
psl? ( net-libs/libpsl[${MULTILIB_USEDEP}] )
quic? (
curl_quic_openssl? ( >=dev-libs/openssl-3.3.0:=[quic,${MULTILIB_USEDEP}] )
curl_quic_ngtcp2? ( >=net-libs/ngtcp2-1.2.0[gnutls,ssl,-openssl,${MULTILIB_USEDEP}] )
)
rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
ssh? ( >=net-libs/libssh2-1.0.0[${MULTILIB_USEDEP}] )
ssl? (
gnutls? (
app-misc/ca-certificates
>=net-libs/gnutls-3.1.10:=[static-libs?,${MULTILIB_USEDEP}]
dev-libs/nettle:=[${MULTILIB_USEDEP}]
)
mbedtls? (
app-misc/ca-certificates
net-libs/mbedtls:0=[${MULTILIB_USEDEP}]
)
openssl? (
>=dev-libs/openssl-0.9.7:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
)
rustls? (
>=net-libs/rustls-ffi-0.14.0:=[${MULTILIB_USEDEP}]
)
)
zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )
"
DEPEND="${RDEPEND}"
BDEPEND="
dev-lang/perl
virtual/pkgconfig
test? (
sys-apps/diffutils
http2? ( >=net-libs/nghttp2-1.15.0:=[utils,${MULTILIB_USEDEP}] )
http3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] )
)
verify-sig? ( sec-keys/openpgp-keys-danielstenberg )
"
DOCS=( README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
MULTILIB_WRAPPED_HEADERS=(
/usr/include/curl/curlbuild.h
)
MULTILIB_CHOST_TOOLS=(
/usr/bin/curl-config
)
QA_CONFIG_IMPL_DECL_SKIP=(
__builtin_available
closesocket
CloseSocket
getpass_r
ioctlsocket
IoctlSocket
mach_absolute_time
setmode
_fseeki64
# custom AC_LINK_IFELSE code fails to link even without -Werror
OSSL_QUIC_client_method
)
PATCHES=(
"${FILESDIR}/${PN}-prefix-3.patch"
"${FILESDIR}/${PN}-respect-cflags-3.patch"
"${FILESDIR}/${P}-async-thread-close-eventfd.patch"
)
src_prepare() {
default
eprefixify curl-config.in
eautoreconf
}
multilib_src_configure() {
# We make use of the fact that later flags override earlier ones
# So start with all ssl providers off until proven otherwise
# TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
local myconf=()
myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
if use ssl; then
myconf+=( --without-gnutls --without-mbedtls --without-rustls )
if use gnutls; then
multilib_is_native_abi && einfo "SSL provided by gnutls"
myconf+=( --with-gnutls )
fi
if use mbedtls; then
multilib_is_native_abi && einfo "SSL provided by mbedtls"
myconf+=( --with-mbedtls )
fi
if use openssl; then
multilib_is_native_abi && einfo "SSL provided by openssl"
myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
fi
if use rustls; then
multilib_is_native_abi && einfo "SSL provided by rustls"
myconf+=( --with-rustls )
fi
if use curl_ssl_gnutls; then
multilib_is_native_abi && einfo "Default SSL provided by gnutls"
myconf+=( --with-default-ssl-backend=gnutls )
elif use curl_ssl_mbedtls; then
multilib_is_native_abi && einfo "Default SSL provided by mbedtls"
myconf+=( --with-default-ssl-backend=mbedtls )
elif use curl_ssl_openssl; then
multilib_is_native_abi && einfo "Default SSL provided by openssl"
myconf+=( --with-default-ssl-backend=openssl )
elif use curl_ssl_rustls; then
multilib_is_native_abi && einfo "Default SSL provided by rustls"
myconf+=( --with-default-ssl-backend=rustls )
else
eerror "We can't be here because of REQUIRED_USE."
die "Please file a bug, hit impossible condition w/ USE=ssl handling."
fi
else
myconf+=( --without-ssl )
einfo "SSL disabled"
fi
# These configuration options are organized alphabetically
# within each category. This should make it easier if we
# ever decide to make any of them contingent on USE flags:
# 1) protocols first. To see them all do
# 'grep SUPPORT_PROTOCOLS configure.ac'
# 2) --enable/disable options second.
# 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
# 3) --with/without options third.
# grep -- --with configure | grep Check | awk '{ print $4 }' | sort
myconf+=(
$(use_enable alt-svc)
--enable-basic-auth
--enable-bearer-auth
--enable-digest-auth
--enable-kerberos-auth
--enable-negotiate-auth
--enable-aws
--enable-dict
--disable-ech
--enable-file
$(use_enable ftp)
$(use_enable gopher)
$(use_enable hsts)
--enable-http
$(use_enable imap)
$(use_enable ldap)
$(use_enable ldap ldaps)
--enable-ntlm
$(use_enable pop3)
--enable-rt
--enable-rtsp
$(use_enable samba smb)
$(use_with ssh libssh2)
$(use_enable smtp)
$(use_enable telnet)
$(use_enable tftp)
--enable-tls-srp
$(use_enable adns ares)
--enable-cookies
--enable-dateparse
--enable-dnsshuffle
--enable-doh
--enable-symbol-hiding
--enable-http-auth
--enable-ipv6
--enable-largefile
--enable-manual
--enable-mime
--enable-netrc
$(use_enable progress-meter)
--enable-proxy
--enable-socketpair
--disable-sspi
$(use_enable static-libs static)
--enable-pthreads
--enable-threaded-resolver
--disable-versioned-symbols
--without-amissl
--without-bearssl
$(use_with brotli)
--with-fish-functions-dir="${EPREFIX}"/usr/share/fish/vendor_completions.d
$(use_with http2 nghttp2)
--without-hyper
$(use_with idn libidn2)
$(use_with kerberos gssapi "${EPREFIX}"/usr)
--without-libgsasl
$(use_with psl libpsl)
--without-msh3
$(use_with http3 nghttp3)
$(use_with curl_quic_ngtcp2 ngtcp2)
$(use_with curl_quic_openssl openssl-quic)
--without-quiche
$(use_with rtmp librtmp)
--without-schannel
--without-secure-transport
--without-test-caddy
--without-test-httpd
--without-test-nghttpx
$(use_enable websockets)
--without-winidn
--without-wolfssl
--with-zlib
$(use_with zstd)
--with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions
)
if use debug; then
myconf+=(
--enable-debug
)
fi
if use test && multilib_is_native_abi && ( use http2 || use http3 ); then
myconf+=(
--with-test-nghttpx="${BROOT}/usr/bin/nghttpx"
)
fi
if [[ ${CHOST} == *mingw* ]] ; then
myconf+=(
--disable-pthreads
)
fi
ECONF_SOURCE="${S}" econf "${myconf[@]}"
if ! multilib_is_native_abi; then
# Avoid building the client (we just want libcurl for multilib)
sed -i -e '/SUBDIRS/s:src::' Makefile || die
sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
fi
}
multilib_src_compile() {
default
if multilib_is_native_abi; then
# Shell completions
! tc-is-cross-compiler && emake -C scripts
fi
}
# There is also a pytest harness that tests for bugs in some very specific
# situations; we can rely on upstream for this rather than adding additional test deps.
multilib_src_test() {
# See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
# -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
# -v: verbose
# -a: keep going on failure (so we see everything that breaks, not just 1st test)
# -k: keep test files after completion
# -am: automake style TAP output
# -p: print logs if test fails
# Note: if needed, we can skip specific tests. See e.g. Fedora's packaging
# or just read https://github.com/curl/curl/tree/master/tests#run.
# Note: we don't run the testsuite for cross-compilation.
# Upstream recommend 7*nproc as a starting point for parallel tests, but
# this ends up breaking when nproc is huge (like -j80).
# The network sandbox causes tests 241 and 1083 to fail; these are typically skipped
# as most gentoo users don't have an 'ip6-localhost'
multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p -j$((2*$(makeopts_jobs))) !241 !1083"
}
multilib_src_install() {
emake DESTDIR="${D}" install
if multilib_is_native_abi; then
# Shell completions
! tc-is-cross-compiler && emake -C scripts DESTDIR="${D}" install
fi
}
multilib_src_install_all() {
einstalldocs
find "${ED}" -type f -name '*.la' -delete || die
rm -rf "${ED}"/etc/ || die
}
pkg_postinst() {
if use debug; then
ewarn "USE=debug has been selected, enabling debug codepaths and making cURL extra verbose."
ewarn "Use this _only_ for testing. Debug builds should _not_ be used in anger."
ewarn "hic sunt dracones; you have been warned."
fi
}

375
sdk_container/src/third_party/portage-stable/net-misc/curl/curl-8.7.1-r4.ebuild vendored
View File

@ -1,375 +0,0 @@
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
# Maintainers should subscribe to the 'curl-distros' ML for backports etc
# https://daniel.haxx.se/blog/2024/03/25/curl-distro-report/
# https://lists.haxx.se/listinfo/curl-distros
VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/danielstenberg.asc
inherit autotools multilib-minimal multiprocessing prefix toolchain-funcs verify-sig
DESCRIPTION="A Client that groks URLs"
HOMEPAGE="https://curl.se/"
if [[ ${PV} == 9999 ]]; then
inherit git-r3
EGIT_REPO_URI="https://github.com/curl/curl.git"
else
SRC_URI="
https://curl.se/download/${P}.tar.xz
verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )
"
KEYWORDS="~alpha amd64 arm arm64 hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
fi
LICENSE="BSD curl ISC test? ( BSD-4 )"
SLOT="0"
IUSE="+adns +alt-svc brotli +ftp gnutls gopher +hsts +http2 idn +imap kerberos ldap mbedtls nghttp3 +openssl +pop3"
IUSE+=" +psl +progress-meter rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd"
# These select the default SSL implementation
IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls"
RESTRICT="!test? ( test )"
# Only one default ssl provider can be enabled
# The default ssl provider needs its USE satisfied
# nghttp3 = https://bugs.gentoo.org/912029
REQUIRED_USE="
ssl? (
^^ (
curl_ssl_gnutls
curl_ssl_mbedtls
curl_ssl_openssl
curl_ssl_rustls
)
)
curl_ssl_gnutls? ( gnutls )
curl_ssl_mbedtls? ( mbedtls )
curl_ssl_openssl? ( openssl )
curl_ssl_rustls? ( rustls )
nghttp3? (
!openssl
alt-svc )
"
# cURL's docs and CI/CD are great resources for confirming supported versions
# particulary for fast-moving targets like HTTP/2 and TCP/2 e.g.:
# - https://github.com/curl/curl/blob/master/docs/INTERNALS.md (core dependencies + minimum versions)
# - https://github.com/curl/curl/blob/master/docs/HTTP3.md (example of a feature that moves quickly)
# - https://github.com/curl/curl/blob/master/.github/workflows/quiche-linux.yml (CI/CD for TCP/2)
# However 'supported' vs 'works' are two entirely different things; be sane but
# don't be afraid to require a later version.
RDEPEND="
>=sys-libs/zlib-1.1.4[${MULTILIB_USEDEP}]
adns? ( net-dns/c-ares:=[${MULTILIB_USEDEP}] )
brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
http2? ( >=net-libs/nghttp2-1.12.0:=[${MULTILIB_USEDEP}] )
idn? ( net-dns/libidn2:=[static-libs?,${MULTILIB_USEDEP}] )
kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
ldap? ( >=net-nds/openldap-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
nghttp3? (
>=net-libs/nghttp3-0.15.0[${MULTILIB_USEDEP}]
>=net-libs/ngtcp2-0.19.1[gnutls,ssl,-openssl,${MULTILIB_USEDEP}]
)
psl? ( net-libs/libpsl[${MULTILIB_USEDEP}] )
rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
ssh? ( >=net-libs/libssh2-1.0.0[${MULTILIB_USEDEP}] )
ssl? (
gnutls? (
app-misc/ca-certificates
>=net-libs/gnutls-3.1.10:=[static-libs?,${MULTILIB_USEDEP}]
dev-libs/nettle:=[${MULTILIB_USEDEP}]
)
mbedtls? (
app-misc/ca-certificates
net-libs/mbedtls:=[${MULTILIB_USEDEP}]
)
openssl? (
>=dev-libs/openssl-0.9.7:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
)
rustls? ( >=net-libs/rustls-ffi-0.12.1:=[${MULTILIB_USEDEP}]
<net-libs/rustls-ffi-0.13.0:=[${MULTILIB_USEDEP}]
)
)
zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )
"
DEPEND="${RDEPEND}"
BDEPEND="
dev-lang/perl
virtual/pkgconfig
test? (
sys-apps/diffutils
http2? ( >=net-libs/nghttp2-1.15.0:=[utils,${MULTILIB_USEDEP}] )
nghttp3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] )
)
verify-sig? ( sec-keys/openpgp-keys-danielstenberg )
"
DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
MULTILIB_WRAPPED_HEADERS=(
/usr/include/curl/curlbuild.h
)
MULTILIB_CHOST_TOOLS=(
/usr/bin/curl-config
)
QA_CONFIG_IMPL_DECL_SKIP=(
__builtin_available
closesocket
CloseSocket
getpass_r
ioctlsocket
IoctlSocket
mach_absolute_time
setmode
_fseeki64
# custom AC_LINK_IFELSE code fails to link even without -Werror
OSSL_QUIC_client_method
)
PATCHES=(
"${FILESDIR}"/${PN}-prefix.patch
"${FILESDIR}"/${PN}-respect-cflags-3.patch
"${FILESDIR}"/${PN}-8.7.1-rustls-fixes.patch
"${FILESDIR}"/${P}-chunked-post.patch
"${FILESDIR}"/${P}-fix-compress-option.patch
"${FILESDIR}"/${P}-http2-git-clone.patch
)
src_prepare() {
default
eprefixify curl-config.in
eautoreconf
}
multilib_src_configure() {
# We make use of the fact that later flags override earlier ones
# So start with all ssl providers off until proven otherwise
# TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
local myconf=()
myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
if use ssl; then
myconf+=( --without-gnutls --without-mbedtls --without-rustls )
if use gnutls; then
multilib_is_native_abi && einfo "SSL provided by gnutls"
myconf+=( --with-gnutls )
fi
if use mbedtls; then
multilib_is_native_abi && einfo "SSL provided by mbedtls"
myconf+=( --with-mbedtls )
fi
if use openssl; then
multilib_is_native_abi && einfo "SSL provided by openssl"
myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
fi
if use rustls; then
multilib_is_native_abi && einfo "SSL provided by rustls"
myconf+=( --with-rustls )
fi
if use curl_ssl_gnutls; then
multilib_is_native_abi && einfo "Default SSL provided by gnutls"
myconf+=( --with-default-ssl-backend=gnutls )
elif use curl_ssl_mbedtls; then
multilib_is_native_abi && einfo "Default SSL provided by mbedtls"
myconf+=( --with-default-ssl-backend=mbedtls )
elif use curl_ssl_openssl; then
multilib_is_native_abi && einfo "Default SSL provided by openssl"
myconf+=( --with-default-ssl-backend=openssl )
elif use curl_ssl_rustls; then
multilib_is_native_abi && einfo "Default SSL provided by rustls"
myconf+=( --with-default-ssl-backend=rustls )
else
eerror "We can't be here because of REQUIRED_USE."
die "Please file a bug, hit impossible condition w/ USE=ssl handling."
fi
else
myconf+=( --without-ssl )
einfo "SSL disabled"
fi
# These configuration options are organized alphabetically
# within each category. This should make it easier if we
# ever decide to make any of them contingent on USE flags:
# 1) protocols first. To see them all do
# 'grep SUPPORT_PROTOCOLS configure.ac'
# 2) --enable/disable options second.
# 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
# 3) --with/without options third.
# grep -- --with configure | grep Check | awk '{ print $4 }' | sort
myconf+=(
$(use_enable alt-svc)
--enable-basic-auth
--enable-bearer-auth
--enable-digest-auth
--enable-kerberos-auth
--enable-negotiate-auth
--enable-aws
--enable-dict
--disable-ech
--enable-file
$(use_enable ftp)
$(use_enable gopher)
$(use_enable hsts)
--enable-http
$(use_enable imap)
$(use_enable ldap)
$(use_enable ldap ldaps)
--enable-ntlm
--disable-ntlm-wb
$(use_enable pop3)
--enable-rt
--enable-rtsp
$(use_enable samba smb)
$(use_with ssh libssh2)
$(use_enable smtp)
$(use_enable telnet)
$(use_enable tftp)
--enable-tls-srp
$(use_enable adns ares)
--enable-cookies
--enable-dateparse
--enable-dnsshuffle
--enable-doh
--enable-symbol-hiding
--enable-http-auth
--enable-ipv6
--enable-largefile
--enable-manual
--enable-mime
--enable-netrc
$(use_enable progress-meter)
--enable-proxy
--enable-socketpair
--disable-sspi
$(use_enable static-libs static)
--enable-pthreads
--enable-threaded-resolver
--disable-versioned-symbols
--without-amissl
--without-bearssl
$(use_with brotli)
--with-fish-functions-dir="${EPREFIX}"/usr/share/fish/vendor_completions.d
$(use_with http2 nghttp2)
--without-hyper
$(use_with idn libidn2)
$(use_with kerberos gssapi "${EPREFIX}"/usr)
--without-libgsasl
$(use_with psl libpsl)
--without-msh3
$(use_with nghttp3)
$(use_with nghttp3 ngtcp2)
--without-quiche
$(use_with rtmp librtmp)
--without-schannel
--without-secure-transport
--without-test-caddy
--without-test-httpd
--without-test-nghttpx
$(use_enable websockets)
--without-winidn
--without-wolfssl
--with-zlib
$(use_with zstd)
--with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions
)
if use test && multilib_is_native_abi && ( use http2 || use nghttp3 ); then
myconf+=(
--with-test-nghttpx="${BROOT}/usr/bin/nghttpx"
)
fi
if [[ ${CHOST} == *mingw* ]] ; then
myconf+=(
--disable-pthreads
)
fi
ECONF_SOURCE="${S}" econf "${myconf[@]}"
if ! multilib_is_native_abi; then
# Avoid building the client (we just want libcurl for multilib)
sed -i -e '/SUBDIRS/s:src::' Makefile || die
sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
fi
# Fix up the pkg-config file to be more robust.
# https://github.com/curl/curl/issues/864
local priv=() libs=()
# We always enable zlib.
libs+=( "-lz" )
priv+=( "zlib" )
if use http2; then
libs+=( "-lnghttp2" )
priv+=( "libnghttp2" )
fi
if use nghttp3; then
libs+=( "-lnghttp3" "-lngtcp2" )
priv+=( "libnghttp3" "libngtcp2" )
fi
if use ssl && use curl_ssl_openssl; then
libs+=( "-lssl" "-lcrypto" )
priv+=( "openssl" )
fi
grep -q Requires.private libcurl.pc && die "need to update ebuild"
libs=$(printf '|%s' "${libs[@]}")
sed -i -r \
-e "/^Libs.private/s:(${libs#|})( |$)::g" \
libcurl.pc || die
echo "Requires.private: ${priv[*]}" >> libcurl.pc || die
}
multilib_src_compile() {
default
if multilib_is_native_abi; then
# Shell completions
! tc-is-cross-compiler && emake -C scripts
fi
}
# There is also a pytest harness that tests for bugs in some very specific
# situations; we can rely on upstream for this rather than adding additional test deps.
multilib_src_test() {
# See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
# -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
# -v: verbose
# -a: keep going on failure (so we see everything which breaks, not just 1st test)
# -k: keep test files after completion
# -am: automake style TAP output
# -p: print logs if test fails
# Note: if needed, we can skip specific tests. See e.g. Fedora's packaging
# or just read https://github.com/curl/curl/tree/master/tests#run.
# Note: we don't run the testsuite for cross-compilation.
# Upstream recommend 7*nproc as a starting point for parallel tests, but
# this ends up breaking when nproc is huge (like -j80).
# The network sandbox causes tests 241 and 1083 to fail; these are typically skipped
# as most gentoo users don't have an 'ip6-localhost'
multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p -j$((2*$(makeopts_jobs))) !241 !1083"
}
multilib_src_install() {
emake DESTDIR="${D}" install
if multilib_is_native_abi; then
# Shell completions
! tc-is-cross-compiler && emake -C scripts DESTDIR="${D}" install
fi
}
multilib_src_install_all() {
einstalldocs
find "${ED}" -type f -name '*.la' -delete || die
rm -rf "${ED}"/etc/ || die
}

4
sdk_container/src/third_party/portage-stable/net-misc/curl/curl-8.8.0-r1.ebuild → sdk_container/src/third_party/portage-stable/net-misc/curl/curl-8.8.0-r2.ebuild vendored
View File

@ -1,4 +1,4 @@
# Copyright 1999-2024 Gentoo Authors
# Copyright 1999-2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
@ -84,7 +84,7 @@ RDEPEND="
)
mbedtls? (
app-misc/ca-certificates
net-libs/mbedtls:=[${MULTILIB_USEDEP}]
net-libs/mbedtls:0=[${MULTILIB_USEDEP}]
)
openssl? (
>=dev-libs/openssl-0.9.7:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]

4
sdk_container/src/third_party/portage-stable/net-misc/curl/curl-8.9.1-r1.ebuild → sdk_container/src/third_party/portage-stable/net-misc/curl/curl-8.9.1-r2.ebuild vendored
View File

@ -1,4 +1,4 @@
# Copyright 1999-2024 Gentoo Authors
# Copyright 1999-2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
@ -106,7 +106,7 @@ RDEPEND="
)
mbedtls? (
app-misc/ca-certificates
net-libs/mbedtls:=[${MULTILIB_USEDEP}]
net-libs/mbedtls:0=[${MULTILIB_USEDEP}]
)
openssl? (
>=dev-libs/openssl-0.9.7:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]

4
sdk_container/src/third_party/portage-stable/net-misc/curl/curl-9999.ebuild vendored
View File

@ -1,4 +1,4 @@
# Copyright 1999-2024 Gentoo Authors
# Copyright 1999-2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
@ -106,7 +106,7 @@ RDEPEND="
)
mbedtls? (
app-misc/ca-certificates
net-libs/mbedtls:=[${MULTILIB_USEDEP}]
net-libs/mbedtls:0=[${MULTILIB_USEDEP}]
)
openssl? (
>=dev-libs/openssl-0.9.7:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]

33
sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-8.11.1-async-thread-close-eventfd.patch vendored Normal file
View File

@ -0,0 +1,33 @@
https://github.com/curl/curl/commit/ff5091aa9f73802e894b1cbdf24ab84e103200e2
From: Andy Pan <i@andypan.me>
Date: Thu, 12 Dec 2024 12:48:56 +0000
Subject: [PATCH] async-thread: avoid closing eventfd twice
When employing eventfd for socketpair, there is only one file
descriptor. Closing that fd twice might result in fd corruption.
Thus, we should avoid closing the eventfd twice, following the
pattern in lib/multi.c.
Fixes #15725
Closes #15727
Reported-by: Christian Heusel
---
lib/asyn-thread.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lib/asyn-thread.c b/lib/asyn-thread.c
index a58e4b790494ab..32d496b107cb0a 100644
--- a/lib/asyn-thread.c
+++ b/lib/asyn-thread.c
@@ -195,9 +195,11 @@ void destroy_thread_sync_data(struct thread_sync_data *tsd)
* close one end of the socket pair (may be done in resolver thread);
* the other end (for reading) is always closed in the parent thread.
*/
+#ifndef USE_EVENTFD
if(tsd->sock_pair[1] != CURL_SOCKET_BAD) {
wakeup_close(tsd->sock_pair[1]);
}
+#endif
#endif
memset(tsd, 0, sizeof(*tsd));
}

57
sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-8.7.1-chunked-post.patch vendored
View File

@ -1,57 +0,0 @@
https://github.com/curl/curl/commit/721941aadf4adf4f6aeb3f4c0ab489bb89610c36
From: Stefan Eissing <stefan@eissing.org>
Date: Mon, 1 Apr 2024 15:41:18 +0200
Subject: [PATCH] http: with chunked POST forced, disable length check on read
callback
- when an application forces HTTP/1.1 chunked transfer encoding
by setting the corresponding header and instructs curl to use
the CURLOPT_READFUNCTION, disregard any POST length information.
- this establishes backward compatibility with previous curl versions
Applications are encouraged to not force "chunked", but rather
set length information for a POST. By setting -1, curl will
auto-select chunked on HTTP/1.1 and work properly on other HTTP
versions.
Reported-by: Jeff King
Fixes #13229
Closes #13257
--- a/lib/http.c
+++ b/lib/http.c
@@ -2046,8 +2046,19 @@ static CURLcode set_reader(struct Curl_easy *data, Curl_HttpReq httpreq)
else
result = Curl_creader_set_null(data);
}
- else { /* we read the bytes from the callback */
- result = Curl_creader_set_fread(data, postsize);
+ else {
+ /* we read the bytes from the callback. In case "chunked" encoding
+ * is forced by the application, we disregard `postsize`. This is
+ * a backward compatibility decision to earlier versions where
+ * chunking disregarded this. See issue #13229. */
+ bool chunked = FALSE;
+ char *ptr = Curl_checkheaders(data, STRCONST("Transfer-Encoding"));
+ if(ptr) {
+ /* Some kind of TE is requested, check if 'chunked' is chosen */
+ chunked = Curl_compareheader(ptr, STRCONST("Transfer-Encoding:"),
+ STRCONST("chunked"));
+ }
+ result = Curl_creader_set_fread(data, chunked? -1 : postsize);
}
return result;
@@ -2115,6 +2126,13 @@ CURLcode Curl_http_req_set_reader(struct Curl_easy *data,
data->req.upload_chunky =
Curl_compareheader(ptr,
STRCONST("Transfer-Encoding:"), STRCONST("chunked"));
+ if(data->req.upload_chunky &&
+ Curl_use_http_1_1plus(data, data->conn) &&
+ (data->conn->httpversion >= 20)) {
+ infof(data, "suppressing chunked transfer encoding on connection "
+ "using HTTP version 2 or higher");
+ data->req.upload_chunky = FALSE;
+ }
}
else {
curl_off_t req_clen = Curl_creader_total_length(data);

153
sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-8.7.1-fix-compress-option.patch vendored
View File

@ -1,153 +0,0 @@
https://github.com/curl/curl/commit/b30d694a027eb771c02a3db0dee0ca03ccab7377
From: Stefan Eissing <stefan@eissing.org>
Date: Thu, 28 Mar 2024 11:08:15 +0100
Subject: [PATCH] content_encoding: brotli and others, pass through 0-length
writes
- curl's transfer handling may write 0-length chunks at the end of the
download with an EOS flag. (HTTP/2 does this commonly)
- content encoders need to pass-through such a write and not count this
as error in case they are finished decoding
Fixes #13209
Fixes #13212
Closes #13219
--- a/lib/content_encoding.c
+++ b/lib/content_encoding.c
@@ -300,7 +300,7 @@ static CURLcode deflate_do_write(struct Curl_easy *data,
struct zlib_writer *zp = (struct zlib_writer *) writer;
z_stream *z = &zp->z; /* zlib state structure */
- if(!(type & CLIENTWRITE_BODY))
+ if(!(type & CLIENTWRITE_BODY) || !nbytes)
return Curl_cwriter_write(data, writer->next, type, buf, nbytes);
/* Set the compressed input when this function is called */
@@ -457,7 +457,7 @@ static CURLcode gzip_do_write(struct Curl_easy *data,
struct zlib_writer *zp = (struct zlib_writer *) writer;
z_stream *z = &zp->z; /* zlib state structure */
- if(!(type & CLIENTWRITE_BODY))
+ if(!(type & CLIENTWRITE_BODY) || !nbytes)
return Curl_cwriter_write(data, writer->next, type, buf, nbytes);
if(zp->zlib_init == ZLIB_INIT_GZIP) {
@@ -669,7 +669,7 @@ static CURLcode brotli_do_write(struct Curl_easy *data,
CURLcode result = CURLE_OK;
BrotliDecoderResult r = BROTLI_DECODER_RESULT_NEEDS_MORE_OUTPUT;
- if(!(type & CLIENTWRITE_BODY))
+ if(!(type & CLIENTWRITE_BODY) || !nbytes)
return Curl_cwriter_write(data, writer->next, type, buf, nbytes);
if(!bp->br)
@@ -762,7 +762,7 @@ static CURLcode zstd_do_write(struct Curl_easy *data,
ZSTD_outBuffer out;
size_t errorCode;
- if(!(type & CLIENTWRITE_BODY))
+ if(!(type & CLIENTWRITE_BODY) || !nbytes)
return Curl_cwriter_write(data, writer->next, type, buf, nbytes);
if(!zp->decomp) {
@@ -916,7 +916,7 @@ static CURLcode error_do_write(struct Curl_easy *data,
(void) buf;
(void) nbytes;
- if(!(type & CLIENTWRITE_BODY))
+ if(!(type & CLIENTWRITE_BODY) || !nbytes)
return Curl_cwriter_write(data, writer->next, type, buf, nbytes);
failf(data, "Unrecognized content encoding type. "
--- a/tests/http/test_02_download.py
+++ b/tests/http/test_02_download.py
@@ -394,6 +394,19 @@ def test_02_27_paused_no_cl(self, env: Env, httpd, nghttpx, repeat):
r = client.run(args=[url])
r.check_exit_code(0)
+ @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])
+ def test_02_28_get_compressed(self, env: Env, httpd, nghttpx, repeat, proto):
+ if proto == 'h3' and not env.have_h3():
+ pytest.skip("h3 not supported")
+ count = 1
+ urln = f'https://{env.authority_for(env.domain1brotli, proto)}/data-100k?[0-{count-1}]'
+ curl = CurlClient(env=env)
+ r = curl.http_download(urls=[urln], alpn_proto=proto, extra_args=[
+ '--compressed'
+ ])
+ r.check_exit_code(code=0)
+ r.check_response(count=count, http_status=200)
+
def check_downloads(self, client, srcfile: str, count: int,
complete: bool = True):
for i in range(count):
--- a/tests/http/testenv/env.py
+++ b/tests/http/testenv/env.py
@@ -129,10 +129,11 @@ def __init__(self):
self.htdocs_dir = os.path.join(self.gen_dir, 'htdocs')
self.tld = 'http.curl.se'
self.domain1 = f"one.{self.tld}"
+ self.domain1brotli = f"brotli.one.{self.tld}"
self.domain2 = f"two.{self.tld}"
self.proxy_domain = f"proxy.{self.tld}"
self.cert_specs = [
- CertificateSpec(domains=[self.domain1, 'localhost'], key_type='rsa2048'),
+ CertificateSpec(domains=[self.domain1, self.domain1brotli, 'localhost'], key_type='rsa2048'),
CertificateSpec(domains=[self.domain2], key_type='rsa2048'),
CertificateSpec(domains=[self.proxy_domain, '127.0.0.1'], key_type='rsa2048'),
CertificateSpec(name="clientsX", sub_specs=[
@@ -376,6 +377,10 @@ def htdocs_dir(self) -> str:
def domain1(self) -> str:
return self.CONFIG.domain1
+ @property
+ def domain1brotli(self) -> str:
+ return self.CONFIG.domain1brotli
+
@property
def domain2(self) -> str:
return self.CONFIG.domain2
--- a/tests/http/testenv/httpd.py
+++ b/tests/http/testenv/httpd.py
@@ -50,6 +50,7 @@ class Httpd:
'alias', 'env', 'filter', 'headers', 'mime', 'setenvif',
'socache_shmcb',
'rewrite', 'http2', 'ssl', 'proxy', 'proxy_http', 'proxy_connect',
+ 'brotli',
'mpm_event',
]
COMMON_MODULES_DIRS = [
@@ -203,6 +204,7 @@ def _mkpath(self, path):
def _write_config(self):
domain1 = self.env.domain1
+ domain1brotli = self.env.domain1brotli
creds1 = self.env.get_credentials(domain1)
domain2 = self.env.domain2
creds2 = self.env.get_credentials(domain2)
@@ -285,6 +287,24 @@ def _write_config(self):
f'</VirtualHost>',
f'',
])
+ # Alternate to domain1 with BROTLI compression
+ conf.extend([ # https host for domain1, h1 + h2
+ f'<VirtualHost *:{self.env.https_port}>',
+ f' ServerName {domain1brotli}',
+ f' Protocols h2 http/1.1',
+ f' SSLEngine on',
+ f' SSLCertificateFile {creds1.cert_file}',
+ f' SSLCertificateKeyFile {creds1.pkey_file}',
+ f' DocumentRoot "{self._docs_dir}"',
+ f' SetOutputFilter BROTLI_COMPRESS',
+ ])
+ conf.extend(self._curltest_conf(domain1))
+ if domain1 in self._extra_configs:
+ conf.extend(self._extra_configs[domain1])
+ conf.extend([
+ f'</VirtualHost>',
+ f'',
+ ])
conf.extend([ # https host for domain2, no h2
f'<VirtualHost *:{self.env.https_port}>',
f' ServerName {domain2}',

342
sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-8.7.1-http2-git-clone.patch vendored
View File

@ -1,342 +0,0 @@
https://bugs.gentoo.org/930633
https://github.com/curl/curl/issues/13474
--- a/lib/http2.c
+++ b/lib/http2.c
@@ -187,6 +187,7 @@ struct h2_stream_ctx {
int status_code; /* HTTP response status code */
uint32_t error; /* stream error code */
+ CURLcode xfer_result; /* Result of writing out response */
uint32_t local_window_size; /* the local recv window size */
int32_t id; /* HTTP/2 protocol identifier for stream */
BIT(resp_hds_complete); /* we have a complete, final response */
@@ -945,12 +946,39 @@ fail:
return rv;
}
-static CURLcode recvbuf_write_hds(struct Curl_cfilter *cf,
+static void h2_xfer_write_resp_hd(struct Curl_cfilter *cf,
struct Curl_easy *data,
- const char *buf, size_t blen)
+ struct h2_stream_ctx *stream,
+ const char *buf, size_t blen, bool eos)
{
- (void)cf;
- return Curl_xfer_write_resp(data, (char *)buf, blen, FALSE);
+
+ /* If we already encountered an error, skip further writes */
+ if(!stream->xfer_result) {
+ stream->xfer_result = Curl_xfer_write_resp(data, (char *)buf, blen, eos);
+ if(stream->xfer_result)
+ CURL_TRC_CF(data, cf, "[%d] error %d writing %zu bytes of headers",
+ stream->id, stream->xfer_result, blen);
+ }
+}
+
+static void h2_xfer_write_resp(struct Curl_cfilter *cf,
+ struct Curl_easy *data,
+ struct h2_stream_ctx *stream,
+ const char *buf, size_t blen, bool eos)
+{
+
+ /* If we already encountered an error, skip further writes */
+ if(!stream->xfer_result)
+ stream->xfer_result = Curl_xfer_write_resp(data, (char *)buf, blen, eos);
+ /* If the transfer write is errored, we do not want any more data */
+ if(stream->xfer_result) {
+ struct cf_h2_ctx *ctx = cf->ctx;
+ CURL_TRC_CF(data, cf, "[%d] error %d writing %zu bytes of data, "
+ "RST-ing stream",
+ stream->id, stream->xfer_result, blen);
+ nghttp2_submit_rst_stream(ctx->h2, 0, stream->id,
+ NGHTTP2_ERR_CALLBACK_FAILURE);
+ }
}
static CURLcode on_stream_frame(struct Curl_cfilter *cf,
@@ -960,7 +988,6 @@ static CURLcode on_stream_frame(struct Curl_cfilter *cf,
struct cf_h2_ctx *ctx = cf->ctx;
struct h2_stream_ctx *stream = H2_STREAM_CTX(data);
int32_t stream_id = frame->hd.stream_id;
- CURLcode result;
int rv;
if(!stream) {
@@ -1008,9 +1035,7 @@ static CURLcode on_stream_frame(struct Curl_cfilter *cf,
stream->status_code = -1;
}
- result = recvbuf_write_hds(cf, data, STRCONST("\r\n"));
- if(result)
- return result;
+ h2_xfer_write_resp_hd(cf, data, stream, STRCONST("\r\n"), stream->closed);
if(stream->status_code / 100 != 1) {
stream->resp_hds_complete = TRUE;
@@ -1229,7 +1254,6 @@ static int on_data_chunk_recv(nghttp2_session *session, uint8_t flags,
struct cf_h2_ctx *ctx = cf->ctx;
struct h2_stream_ctx *stream;
struct Curl_easy *data_s;
- CURLcode result;
(void)flags;
DEBUGASSERT(stream_id); /* should never be a zero stream ID here */
@@ -1252,9 +1276,7 @@ static int on_data_chunk_recv(nghttp2_session *session, uint8_t flags,
if(!stream)
return NGHTTP2_ERR_CALLBACK_FAILURE;
- result = Curl_xfer_write_resp(data_s, (char *)mem, len, FALSE);
- if(result && result != CURLE_AGAIN)
- return NGHTTP2_ERR_CALLBACK_FAILURE;
+ h2_xfer_write_resp(cf, data_s, stream, (char *)mem, len, FALSE);
nghttp2_session_consume(ctx->h2, stream_id, len);
stream->nrcvd_data += (curl_off_t)len;
@@ -1465,16 +1487,12 @@ static int on_header(nghttp2_session *session, const nghttp2_frame *frame,
result = Curl_headers_push(data_s, buffer, CURLH_PSEUDO);
if(result)
return NGHTTP2_ERR_CALLBACK_FAILURE;
- result = recvbuf_write_hds(cf, data_s, STRCONST("HTTP/2 "));
- if(result)
- return NGHTTP2_ERR_CALLBACK_FAILURE;
- result = recvbuf_write_hds(cf, data_s, (const char *)value, valuelen);
- if(result)
- return NGHTTP2_ERR_CALLBACK_FAILURE;
+ h2_xfer_write_resp_hd(cf, data_s, stream, STRCONST("HTTP/2 "), FALSE);
+ h2_xfer_write_resp_hd(cf, data_s, stream,
+ (const char *)value, valuelen, FALSE);
/* the space character after the status code is mandatory */
- result = recvbuf_write_hds(cf, data_s, STRCONST(" \r\n"));
- if(result)
- return NGHTTP2_ERR_CALLBACK_FAILURE;
+ h2_xfer_write_resp_hd(cf, data_s, stream, STRCONST(" \r\n"), FALSE);
+
/* if we receive data for another handle, wake that up */
if(CF_DATA_CURRENT(cf) != data_s)
Curl_expire(data_s, 0, EXPIRE_RUN_NOW);
@@ -1487,18 +1505,13 @@ static int on_header(nghttp2_session *session, const nghttp2_frame *frame,
/* nghttp2 guarantees that namelen > 0, and :status was already
received, and this is not pseudo-header field . */
/* convert to an HTTP1-style header */
- result = recvbuf_write_hds(cf, data_s, (const char *)name, namelen);
- if(result)
- return NGHTTP2_ERR_CALLBACK_FAILURE;
- result = recvbuf_write_hds(cf, data_s, STRCONST(": "));
- if(result)
- return NGHTTP2_ERR_CALLBACK_FAILURE;
- result = recvbuf_write_hds(cf, data_s, (const char *)value, valuelen);
- if(result)
- return NGHTTP2_ERR_CALLBACK_FAILURE;
- result = recvbuf_write_hds(cf, data_s, STRCONST("\r\n"));
- if(result)
- return NGHTTP2_ERR_CALLBACK_FAILURE;
+ h2_xfer_write_resp_hd(cf, data_s, stream,
+ (const char *)name, namelen, FALSE);
+ h2_xfer_write_resp_hd(cf, data_s, stream, STRCONST(": "), FALSE);
+ h2_xfer_write_resp_hd(cf, data_s, stream,
+ (const char *)value, valuelen, FALSE);
+ h2_xfer_write_resp_hd(cf, data_s, stream, STRCONST("\r\n"), FALSE);
+
/* if we receive data for another handle, wake that up */
if(CF_DATA_CURRENT(cf) != data_s)
Curl_expire(data_s, 0, EXPIRE_RUN_NOW);
@@ -1799,7 +1812,12 @@ static ssize_t stream_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
(void)buf;
*err = CURLE_AGAIN;
- if(stream->closed) {
+ if(stream->xfer_result) {
+ CURL_TRC_CF(data, cf, "[%d] xfer write failed", stream->id);
+ *err = stream->xfer_result;
+ nread = -1;
+ }
+ else if(stream->closed) {
CURL_TRC_CF(data, cf, "[%d] returning CLOSE", stream->id);
nread = http2_handle_stream_close(cf, data, stream, err);
}
--- a/lib/vquic/curl_ngtcp2.c
+++ b/lib/vquic/curl_ngtcp2.c
@@ -152,6 +152,7 @@ struct h3_stream_ctx {
uint64_t error3; /* HTTP/3 stream error code */
curl_off_t upload_left; /* number of request bytes left to upload */
int status_code; /* HTTP status code */
+ CURLcode xfer_result; /* result from xfer_resp_write(_hd) */
bool resp_hds_complete; /* we have a complete, final response */
bool closed; /* TRUE on stream close */
bool reset; /* TRUE on stream reset */
@@ -759,10 +760,39 @@ static int cb_h3_stream_close(nghttp3_conn *conn, int64_t stream_id,
return 0;
}
-static CURLcode write_resp_hds(struct Curl_easy *data,
- const char *buf, size_t blen)
+static void h3_xfer_write_resp_hd(struct Curl_cfilter *cf,
+ struct Curl_easy *data,
+ struct h3_stream_ctx *stream,
+ const char *buf, size_t blen, bool eos)
{
- return Curl_xfer_write_resp(data, (char *)buf, blen, FALSE);
+
+ /* If we already encountered an error, skip further writes */
+ if(!stream->xfer_result) {
+ stream->xfer_result = Curl_xfer_write_resp(data, (char *)buf, blen, eos);
+ if(stream->xfer_result)
+ CURL_TRC_CF(data, cf, "[%"PRId64"] error %d writing %zu "
+ "bytes of headers", stream->id, stream->xfer_result, blen);
+ }
+}
+
+static void h3_xfer_write_resp(struct Curl_cfilter *cf,
+ struct Curl_easy *data,
+ struct h3_stream_ctx *stream,
+ const char *buf, size_t blen, bool eos)
+{
+
+ /* If we already encountered an error, skip further writes */
+ if(!stream->xfer_result)
+ stream->xfer_result = Curl_xfer_write_resp(data, (char *)buf, blen, eos);
+ /* If the transfer write is errored, we do not want any more data */
+ if(stream->xfer_result) {
+ struct cf_ngtcp2_ctx *ctx = cf->ctx;
+ CURL_TRC_CF(data, cf, "[%"PRId64"] error %d writing %zu bytes "
+ "of data, cancelling stream",
+ stream->id, stream->xfer_result, blen);
+ nghttp3_conn_close_stream(ctx->h3conn, stream->id,
+ NGHTTP3_H3_REQUEST_CANCELLED);
+ }
}
static int cb_h3_recv_data(nghttp3_conn *conn, int64_t stream3_id,
@@ -773,7 +803,6 @@ static int cb_h3_recv_data(nghttp3_conn *conn, int64_t stream3_id,
struct cf_ngtcp2_ctx *ctx = cf->ctx;
struct Curl_easy *data = stream_user_data;
struct h3_stream_ctx *stream = H3_STREAM_CTX(data);
- CURLcode result;
(void)conn;
(void)stream3_id;
@@ -781,12 +810,7 @@ static int cb_h3_recv_data(nghttp3_conn *conn, int64_t stream3_id,
if(!stream)
return NGHTTP3_ERR_CALLBACK_FAILURE;
- result = Curl_xfer_write_resp(data, (char *)buf, blen, FALSE);
- if(result) {
- CURL_TRC_CF(data, cf, "[%" PRId64 "] DATA len=%zu, ERROR receiving %d",
- stream->id, blen, result);
- return NGHTTP3_ERR_CALLBACK_FAILURE;
- }
+ h3_xfer_write_resp(cf, data, stream, (char *)buf, blen, FALSE);
if(blen) {
CURL_TRC_CF(data, cf, "[%" PRId64 "] ACK %zu bytes of DATA",
stream->id, blen);
@@ -819,7 +843,6 @@ static int cb_h3_end_headers(nghttp3_conn *conn, int64_t stream_id,
struct Curl_cfilter *cf = user_data;
struct Curl_easy *data = stream_user_data;
struct h3_stream_ctx *stream = H3_STREAM_CTX(data);
- CURLcode result = CURLE_OK;
(void)conn;
(void)stream_id;
(void)fin;
@@ -828,10 +851,7 @@ static int cb_h3_end_headers(nghttp3_conn *conn, int64_t stream_id,
if(!stream)
return 0;
/* add a CRLF only if we've received some headers */
- result = write_resp_hds(data, "\r\n", 2);
- if(result) {
- return -1;
- }
+ h3_xfer_write_resp_hd(cf, data, stream, STRCONST("\r\n"), stream->closed);
CURL_TRC_CF(data, cf, "[%" PRId64 "] end_headers, status=%d",
stream_id, stream->status_code);
@@ -874,7 +894,7 @@ static int cb_h3_recv_header(nghttp3_conn *conn, int64_t stream_id,
ncopy = msnprintf(line, sizeof(line), "HTTP/3 %03d \r\n",
stream->status_code);
CURL_TRC_CF(data, cf, "[%" PRId64 "] status: %s", stream_id, line);
- result = write_resp_hds(data, line, ncopy);
+ h3_xfer_write_resp_hd(cf, data, stream, line, ncopy, FALSE);
if(result) {
return -1;
}
@@ -884,22 +904,12 @@ static int cb_h3_recv_header(nghttp3_conn *conn, int64_t stream_id,
CURL_TRC_CF(data, cf, "[%" PRId64 "] header: %.*s: %.*s",
stream_id, (int)h3name.len, h3name.base,
(int)h3val.len, h3val.base);
- result = write_resp_hds(data, (const char *)h3name.base, h3name.len);
- if(result) {
- return -1;
- }
- result = write_resp_hds(data, ": ", 2);
- if(result) {
- return -1;
- }
- result = write_resp_hds(data, (const char *)h3val.base, h3val.len);
- if(result) {
- return -1;
- }
- result = write_resp_hds(data, "\r\n", 2);
- if(result) {
- return -1;
- }
+ h3_xfer_write_resp_hd(cf, data, stream,
+ (const char *)h3name.base, h3name.len, FALSE);
+ h3_xfer_write_resp_hd(cf, data, stream, ": ", 2, FALSE);
+ h3_xfer_write_resp_hd(cf, data, stream, (
+ const char *)h3val.base, h3val.len, FALSE);
+ h3_xfer_write_resp_hd(cf, data, stream, "\r\n", 2, FALSE);
}
return 0;
}
@@ -1083,7 +1093,13 @@ static ssize_t cf_ngtcp2_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
goto out;
}
- if(stream->closed) {
+ if(stream->xfer_result) {
+ CURL_TRC_CF(data, cf, "[%" PRId64 "] xfer write failed", stream->id);
+ *err = stream->xfer_result;
+ nread = -1;
+ goto out;
+ }
+ else if(stream->closed) {
nread = recv_closed_stream(cf, data, stream, err);
goto out;
}
--- a/tests/http/test_02_download.py
+++ b/tests/http/test_02_download.py
@@ -257,6 +257,34 @@ class TestDownload:
])
r.check_response(count=count, http_status=200)
+ @pytest.mark.parametrize("proto", ['h2', 'h3'])
+ def test_02_14_not_found(self, env: Env, httpd, nghttpx, repeat, proto):
+ if proto == 'h3' and not env.have_h3():
+ pytest.skip("h3 not supported")
+ if proto == 'h3' and env.curl_uses_lib('msh3'):
+ pytest.skip("msh3 stalls here")
+ count = 10
+ urln = f'https://{env.authority_for(env.domain1, proto)}/not-found?[0-{count-1}]'
+ curl = CurlClient(env=env)
+ r = curl.http_download(urls=[urln], alpn_proto=proto, extra_args=[
+ '--parallel'
+ ])
+ r.check_stats(count=count, http_status=404, exitcode=0)
+
+ @pytest.mark.parametrize("proto", ['h2', 'h3'])
+ def test_02_15_fail_not_found(self, env: Env, httpd, nghttpx, repeat, proto):
+ if proto == 'h3' and not env.have_h3():
+ pytest.skip("h3 not supported")
+ if proto == 'h3' and env.curl_uses_lib('msh3'):
+ pytest.skip("msh3 stalls here")
+ count = 10
+ urln = f'https://{env.authority_for(env.domain1, proto)}/not-found?[0-{count-1}]'
+ curl = CurlClient(env=env)
+ r = curl.http_download(urls=[urln], alpn_proto=proto, extra_args=[
+ '--fail'
+ ])
+ r.check_stats(count=count, http_status=404, exitcode=22)
+
@pytest.mark.skipif(condition=Env().slow_network, reason="not suitable for slow network tests")
@pytest.mark.skipif(condition=Env().ci_run, reason="not suitable for CI runs")
def test_02_20_h2_small_frames(self, env: Env, httpd, repeat):

49
sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-8.7.1-rustls-fixes.patch vendored
View File

@ -1,49 +0,0 @@
From a866b062b17ab94b16b817ab9969c561364a4d72 Mon Sep 17 00:00:00 2001
From: Matt Jolly <Matt.Jolly@footclan.ninja>
Date: Mon, 1 Apr 2024 08:36:51 +1000
Subject: [PATCH] m4: fix rustls builds
This patch consolidates the following commits to do with rustls
detection using pkg-config:
- https://github.com/curl/curl/commit/9c4209837094781d5eef69ae6bcad0e86b64bf99
- https://github.com/curl/curl/commit/5a50cb5a18a141a463148562dab83fa3be1a3b90
---
m4/curl-rustls.m4 | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/m4/curl-rustls.m4 b/m4/curl-rustls.m4
index 7c55230..8082cf9 100644
--- a/m4/curl-rustls.m4
+++ b/m4/curl-rustls.m4
@@ -142,6 +142,11 @@ if test "x$OPT_RUSTLS" != xno; then
LIBS="$SSL_LIBS $LIBS"
USE_RUSTLS="yes"
ssl_msg="rustls"
+ AC_DEFINE(USE_RUSTLS, 1, [if rustls is enabled])
+ AC_SUBST(USE_RUSTLS, [1])
+ USE_RUSTLS="yes"
+ RUSTLS_ENABLED=1
+ test rustls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
else
AC_MSG_ERROR([pkg-config: Could not find rustls])
fi
@@ -174,5 +179,15 @@ if test "x$OPT_RUSTLS" != xno; then
fi
test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
+
+ if test X"$OPT_RUSTLS" != Xno &&
+ test "$RUSTLS_ENABLED" != "1"; then
+ AC_MSG_NOTICE([OPT_RUSTLS: $OPT_RUSTLS])
+ AC_MSG_NOTICE([RUSTLS_ENABLED: $RUSTLS_ENABLED])
+ AC_MSG_ERROR([--with-rustls was given but Rustls could not be detected])
+ fi
fi
])
+
+
+RUSTLS_ENABLED
--
2.44.0

21
sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-prefix.patch vendored
View File

@ -1,21 +0,0 @@
diff -Naur curl-7.30.0.orig/curl-config.in curl-7.30.0/curl-config.in
--- curl-7.30.0.orig/curl-config.in 2013-02-06 09:44:37.000000000 -0500
+++ curl-7.30.0/curl-config.in 2013-04-17 18:43:56.000000000 -0400
@@ -134,7 +134,7 @@
else
CPPFLAG_CURL_STATICLIB=""
fi
- if test "X@includedir@" = "X/usr/include"; then
+ if test "X@includedir@" = "X@GENTOO_PORTAGE_EPREFIX@/usr/include"; then
echo "$CPPFLAG_CURL_STATICLIB"
else
echo "${CPPFLAG_CURL_STATICLIB}-I@includedir@"
@@ -142,7 +142,7 @@
;;
--libs)
- if test "X@libdir@" != "X/usr/lib" -a "X@libdir@" != "X/usr/lib64"; then
+ if test "X@libdir@" != "X@GENTOO_PORTAGE_EPREFIX@/usr/lib" -a "X@libdir@" != "X@GENTOO_PORTAGE_EPREFIX@/usr/lib64"; then
CURLLIBDIR="-L@libdir@ "
else
CURLLIBDIR=""