mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-09-24 23:21:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

net-misc/curl: Sync with Gentoo

Browse Source 
It's from Gentoo commit c2acfc873a430b3d5faa5d266667743416a49939.
This commit is contained in:
Flatcar Buildbot 2024-01-15 07:14:31 +00:00 committed by Krzesimir Nowak
parent 1f1a92a986
commit a4559af075
9 changed files with 487 additions and 401 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sdk_container/src/third_party/portage-stable/net-misc/curl/Manifest vendored
View File

@ -1,5 +1,3 @@
DIST curl-8.3.0.tar.xz 2641764 BLAKE2B 6875b20e27ed86f9b6ab256210d85e9fb3b39645e8be710b2e6fe29fba40220f870e06bc21e8a92244670fed0a08c7716e4806a267ede49c4ed6d66e03f5fcd4 SHA512 6404b4c74fe1185cb482631ca3a143996cb7298d0d8a76bfafd7696e7729c00559999a069bdba782dee3f3eb273fb678a4438cb27d3deca54022878cdff83a51
DIST curl-8.3.0.tar.xz.asc 488 BLAKE2B ef5a749e579710d45db9f73da0cbcb58d77a9dfe73be622536496997fa792fe5cbd0331a31f01e21cbdb36c6384dca44baa647c9f3d20effabb5bfc275b1b491 SHA512 b7d45722640ac50181b20a6d663168ec6eec6691c5604ddfe9c7177f07da598cb2de688c631043dc428c311774d781ccd16bd1e2fb4f038be651e3bee383aec4
DIST curl-8.4.0.tar.xz 2658376 BLAKE2B ea5ebecc3c1aeac3ae8fd0cf7d8ff3298149b9c4c556fb85ed8d9310e3613228eb6fca133b0dfb9268988f93d694779fab8d53510cfa5710c1320bb6638f05eb SHA512 7027dbf3b759b39d6ec9c4da58fadd254e84bb93bff599541b3bc3135bad4c2955c6237d7ddd60973f9f1a6948bc32d7e312985fb50658bc958b9f22fee74f2b
DIST curl-8.4.0.tar.xz.asc 488 BLAKE2B 0fd4ea46a0942b9bc440e91e8f9323bba6d0eb02fbc87c227004c90e5be14cc644446bc235ab67f857b617975cdeada6ce38a647da9e0bd783e57d58f354cdb4 SHA512 b8b7a5b76be816e7b1552354f267f335fdc608cdadbd2c40ab44faf6450c6bbd2853b6de5c2746a1292aad33a8ee1c367380d32bb1a8282540b38c3b985a320e
DIST curl-8.5.0.tar.xz 2658520 BLAKE2B cfd591f9703b9c63712dbe74494b05a80ce5a4fc4f8fc0fbf57058578eed5f33d71277f688d5d9f409bcd82e3a4cacaa5615a44f2a7c554559c6be7dd5188893 SHA512 acffa2cf61d9b8e4188575a1b40227da8d722df2e5fe8bb82a222b4eb2fd64bf8aebd90852ce050c79fb5e517d5cee2546bf7de92ede1dd394263e231cb741a3

34
sdk_container/src/third_party/portage-stable/net-misc/curl/curl-8.3.0-r2.ebuild → sdk_container/src/third_party/portage-stable/net-misc/curl/curl-8.5.0-r1.ebuild vendored
View File

@ -1,4 +1,4 @@
# Copyright 1999-2023 Gentoo Authors
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
@ -17,15 +17,15 @@ else
https://curl.se/download/${P}.tar.xz
verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )
"
KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
fi
LICENSE="BSD curl ISC test? ( BSD-4 )"
SLOT="0"
IUSE="+adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap kerberos ldap mbedtls +openssl +pop3 +progress-meter rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd"
IUSE="+adns +alt-svc brotli +ftp gnutls gopher +hsts +http2 idn +imap kerberos ldap mbedtls nghttp3 +openssl +pop3"
IUSE+=" +progress-meter rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd"
# These select the default SSL implementation
IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls"
IUSE+=" nghttp3"
RESTRICT="!test? ( test )"
# Only one default ssl provider can be enabled
@ -44,34 +44,37 @@ REQUIRED_USE="
curl_ssl_mbedtls? ( mbedtls )
curl_ssl_openssl? ( openssl )
curl_ssl_rustls? ( rustls )
nghttp3? ( !openssl )
nghttp3? (
!openssl
alt-svc )
"
# cURL's docs and CI/CD are great resources for confirming supported versions
# particulary for fast-moving targets like HTTP/2 and TCP/2 e.g.:
# - https://github.com/curl/curl/blob/master/docs/HTTP3.md
# - https://github.com/curl/curl/blob/master/.github/workflows/quiche-linux.yml
# - https://github.com/curl/curl/blob/master/docs/INTERNALS.md (core dependencies + minimum versions)
# - https://github.com/curl/curl/blob/master/docs/HTTP3.md (example of a feature that moves quickly)
# - https://github.com/curl/curl/blob/master/.github/workflows/quiche-linux.yml (CI/CD for TCP/2)
# However 'supported' vs 'works' are two entirely different things; be sane but
# don't be afraid to require a later version.
RDEPEND="
sys-libs/zlib[${MULTILIB_USEDEP}]
>=sys-libs/zlib-1.1.4[${MULTILIB_USEDEP}]
adns? ( net-dns/c-ares:=[${MULTILIB_USEDEP}] )
brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
http2? ( >=net-libs/nghttp2-1.12.0:=[${MULTILIB_USEDEP}] )
idn? ( net-dns/libidn2:=[static-libs?,${MULTILIB_USEDEP}] )
kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
ldap? ( net-nds/openldap:=[static-libs?,${MULTILIB_USEDEP}] )
ldap? ( >=net-nds/openldap-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
nghttp3? (
>=net-libs/nghttp3-0.15.0[${MULTILIB_USEDEP}]
>=net-libs/ngtcp2-0.19.1[gnutls,ssl,-openssl,${MULTILIB_USEDEP}]
)
rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
ssh? ( net-libs/libssh2[${MULTILIB_USEDEP}] )
ssh? ( >=net-libs/libssh2-1.0.0[${MULTILIB_USEDEP}] )
ssl? (
gnutls? (
app-misc/ca-certificates
net-libs/gnutls:=[static-libs?,${MULTILIB_USEDEP}]
>=net-libs/gnutls-3.1.10:=[static-libs?,${MULTILIB_USEDEP}]
dev-libs/nettle:=[${MULTILIB_USEDEP}]
)
mbedtls? (
@ -79,7 +82,7 @@ RDEPEND="
net-libs/mbedtls:=[${MULTILIB_USEDEP}]
)
openssl? (
dev-libs/openssl:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
>=dev-libs/openssl-0.9.7:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
)
rustls? (
net-libs/rustls-ffi:=[${MULTILIB_USEDEP}]
@ -125,9 +128,7 @@ QA_CONFIG_IMPL_DECL_SKIP=(
PATCHES=(
"${FILESDIR}"/${PN}-prefix.patch
"${FILESDIR}"/${PN}-respect-cflags-3.patch
"${FILESDIR}"/${P}-tests-arm-musl.patch
"${FILESDIR}"/${P}-CVE-2023-38545.patch
"${FILESDIR}"/${P}-CVE-2023-38546.patch
"${FILESDIR}"/${P}-ipv6-configure-c99.patch
)
src_prepare() {
@ -344,7 +345,8 @@ multilib_src_test() {
# this ends up breaking when nproc is huge (like -j80).
# The network sandbox causes tests 241 and 1083 to fail; these are typically skipped
# as most gentoo users don't have an 'ip6-localhost'
multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p -j$((2*$(makeopts_jobs))) !241 !1083"
# Required deps for 1477 are not included in the release tarball for 8.5.0
multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p -j$((2*$(makeopts_jobs))) !241 !1083 !1477"
}
multilib_src_install() {

367
sdk_container/src/third_party/portage-stable/net-misc/curl/curl-8.5.0-r2.ebuild vendored Normal file
View File

@ -0,0 +1,367 @@
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/danielstenberg.asc
inherit autotools multilib-minimal multiprocessing prefix toolchain-funcs verify-sig
DESCRIPTION="A Client that groks URLs"
HOMEPAGE="https://curl.se/"
if [[ ${PV} == 9999 ]]; then
inherit git-r3
EGIT_REPO_URI="https://github.com/curl/curl.git"
else
SRC_URI="
https://curl.se/download/${P}.tar.xz
verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )
"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
fi
LICENSE="BSD curl ISC test? ( BSD-4 )"
SLOT="0"
IUSE="+adns +alt-svc brotli +ftp gnutls gopher +hsts +http2 idn +imap kerberos ldap mbedtls nghttp3 +openssl +pop3"
IUSE+=" +progress-meter rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd"
# These select the default SSL implementation
IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls"
RESTRICT="!test? ( test )"
# Only one default ssl provider can be enabled
# The default ssl provider needs its USE satisfied
# nghttp3 = https://bugs.gentoo.org/912029
REQUIRED_USE="
ssl? (
^^ (
curl_ssl_gnutls
curl_ssl_mbedtls
curl_ssl_openssl
curl_ssl_rustls
)
)
curl_ssl_gnutls? ( gnutls )
curl_ssl_mbedtls? ( mbedtls )
curl_ssl_openssl? ( openssl )
curl_ssl_rustls? ( rustls )
nghttp3? (
!openssl
alt-svc )
"
# cURL's docs and CI/CD are great resources for confirming supported versions
# particulary for fast-moving targets like HTTP/2 and TCP/2 e.g.:
# - https://github.com/curl/curl/blob/master/docs/INTERNALS.md (core dependencies + minimum versions)
# - https://github.com/curl/curl/blob/master/docs/HTTP3.md (example of a feature that moves quickly)
# - https://github.com/curl/curl/blob/master/.github/workflows/quiche-linux.yml (CI/CD for TCP/2)
# However 'supported' vs 'works' are two entirely different things; be sane but
# don't be afraid to require a later version.
RDEPEND="
>=sys-libs/zlib-1.1.4[${MULTILIB_USEDEP}]
adns? ( net-dns/c-ares:=[${MULTILIB_USEDEP}] )
brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
http2? ( >=net-libs/nghttp2-1.12.0:=[${MULTILIB_USEDEP}] )
idn? ( net-dns/libidn2:=[static-libs?,${MULTILIB_USEDEP}] )
kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
ldap? ( >=net-nds/openldap-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
nghttp3? (
>=net-libs/nghttp3-0.15.0[${MULTILIB_USEDEP}]
>=net-libs/ngtcp2-0.19.1[gnutls,ssl,-openssl,${MULTILIB_USEDEP}]
)
rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
ssh? ( >=net-libs/libssh2-1.0.0[${MULTILIB_USEDEP}] )
ssl? (
gnutls? (
app-misc/ca-certificates
>=net-libs/gnutls-3.1.10:=[static-libs?,${MULTILIB_USEDEP}]
dev-libs/nettle:=[${MULTILIB_USEDEP}]
)
mbedtls? (
app-misc/ca-certificates
net-libs/mbedtls:=[${MULTILIB_USEDEP}]
)
openssl? (
>=dev-libs/openssl-0.9.7:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
)
rustls? (
net-libs/rustls-ffi:=[${MULTILIB_USEDEP}]
)
)
zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )
"
DEPEND="${RDEPEND}"
BDEPEND="
dev-lang/perl
virtual/pkgconfig
test? (
sys-apps/diffutils
http2? ( >=net-libs/nghttp2-1.15.0:=[utils,${MULTILIB_USEDEP}] )
nghttp3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] )
)
verify-sig? ( sec-keys/openpgp-keys-danielstenberg )
"
DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
MULTILIB_WRAPPED_HEADERS=(
/usr/include/curl/curlbuild.h
)
MULTILIB_CHOST_TOOLS=(
/usr/bin/curl-config
)
QA_CONFIG_IMPL_DECL_SKIP=(
__builtin_available
closesocket
CloseSocket
getpass_r
ioctlsocket
IoctlSocket
mach_absolute_time
setmode
_fseeki64
)
PATCHES=(
"${FILESDIR}"/${PN}-prefix.patch
"${FILESDIR}"/${PN}-respect-cflags-3.patch
"${FILESDIR}"/${P}-ipv6-configure-c99.patch
"${FILESDIR}"/${P}-mpd-stream-http-adjust_pollset.patch
)
src_prepare() {
default
eprefixify curl-config.in
eautoreconf
}
multilib_src_configure() {
# We make use of the fact that later flags override earlier ones
# So start with all ssl providers off until proven otherwise
# TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
local myconf=()
myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
if use ssl; then
myconf+=( --without-gnutls --without-mbedtls --without-rustls )
if use gnutls; then
multilib_is_native_abi && einfo "SSL provided by gnutls"
myconf+=( --with-gnutls )
fi
if use mbedtls; then
multilib_is_native_abi && einfo "SSL provided by mbedtls"
myconf+=( --with-mbedtls )
fi
if use openssl; then
multilib_is_native_abi && einfo "SSL provided by openssl"
myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
fi
if use rustls; then
multilib_is_native_abi && einfo "SSL provided by rustls"
myconf+=( --with-rustls )
fi
if use curl_ssl_gnutls; then
multilib_is_native_abi && einfo "Default SSL provided by gnutls"
myconf+=( --with-default-ssl-backend=gnutls )
elif use curl_ssl_mbedtls; then
multilib_is_native_abi && einfo "Default SSL provided by mbedtls"
myconf+=( --with-default-ssl-backend=mbedtls )
elif use curl_ssl_openssl; then
multilib_is_native_abi && einfo "Default SSL provided by openssl"
myconf+=( --with-default-ssl-backend=openssl )
elif use curl_ssl_rustls; then
multilib_is_native_abi && einfo "Default SSL provided by rustls"
myconf+=( --with-default-ssl-backend=rustls )
else
eerror "We can't be here because of REQUIRED_USE."
die "Please file a bug, hit impossible condition w/ USE=ssl handling."
fi
else
myconf+=( --without-ssl )
einfo "SSL disabled"
fi
# These configuration options are organized alphabetically
# within each category. This should make it easier if we
# ever decide to make any of them contingent on USE flags:
# 1) protocols first. To see them all do
# 'grep SUPPORT_PROTOCOLS configure.ac'
# 2) --enable/disable options second.
# 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
# 3) --with/without options third.
# grep -- --with configure | grep Check | awk '{ print $4 }' | sort
myconf+=(
$(use_enable alt-svc)
--enable-basic-auth
--enable-bearer-auth
--enable-digest-auth
--enable-kerberos-auth
--enable-negotiate-auth
--enable-aws
--enable-dict
--disable-ech
--enable-file
$(use_enable ftp)
$(use_enable gopher)
$(use_enable hsts)
--enable-http
$(use_enable imap)
$(use_enable ldap)
$(use_enable ldap ldaps)
--enable-ntlm
--disable-ntlm-wb
$(use_enable pop3)
--enable-rt
--enable-rtsp
$(use_enable samba smb)
$(use_with ssh libssh2)
$(use_enable smtp)
$(use_enable telnet)
$(use_enable tftp)
--enable-tls-srp
$(use_enable adns ares)
--enable-cookies
--enable-dateparse
--enable-dnsshuffle
--enable-doh
--enable-symbol-hiding
--enable-http-auth
--enable-ipv6
--enable-largefile
--enable-manual
--enable-mime
--enable-netrc
$(use_enable progress-meter)
--enable-proxy
--enable-socketpair
--disable-sspi
$(use_enable static-libs static)
--enable-pthreads
--enable-threaded-resolver
--disable-versioned-symbols
--without-amissl
--without-bearssl
$(use_with brotli)
--with-fish-functions-dir="${EPREFIX}"/usr/share/fish/vendor_completions.d
$(use_with http2 nghttp2)
--without-hyper
$(use_with idn libidn2)
$(use_with kerberos gssapi "${EPREFIX}"/usr)
--without-libgsasl
--without-libpsl
--without-msh3
$(use_with nghttp3)
$(use_with nghttp3 ngtcp2)
--without-quiche
$(use_with rtmp librtmp)
--without-schannel
--without-secure-transport
--without-test-caddy
--without-test-httpd
--without-test-nghttpx
$(use_enable websockets)
--without-winidn
--without-wolfssl
--with-zlib
$(use_with zstd)
--with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions
)
if use test && multilib_is_native_abi && ( use http2 || use nghttp3 ); then
myconf+=(
--with-test-nghttpx="${BROOT}/usr/bin/nghttpx"
)
fi
if [[ ${CHOST} == *mingw* ]] ; then
myconf+=(
--disable-pthreads
)
fi
ECONF_SOURCE="${S}" econf "${myconf[@]}"
if ! multilib_is_native_abi; then
# Avoid building the client (we just want libcurl for multilib)
sed -i -e '/SUBDIRS/s:src::' Makefile || die
sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
fi
# Fix up the pkg-config file to be more robust.
# https://github.com/curl/curl/issues/864
local priv=() libs=()
# We always enable zlib.
libs+=( "-lz" )
priv+=( "zlib" )
if use http2; then
libs+=( "-lnghttp2" )
priv+=( "libnghttp2" )
fi
if use nghttp3; then
libs+=( "-lnghttp3" "-lngtcp2" )
priv+=( "libnghttp3" "libngtcp2" )
fi
if use ssl && use curl_ssl_openssl; then
libs+=( "-lssl" "-lcrypto" )
priv+=( "openssl" )
fi
grep -q Requires.private libcurl.pc && die "need to update ebuild"
libs=$(printf '|%s' "${libs[@]}")
sed -i -r \
-e "/^Libs.private/s:(${libs#|})( |$)::g" \
libcurl.pc || die
echo "Requires.private: ${priv[*]}" >> libcurl.pc || die
}
multilib_src_compile() {
default
if multilib_is_native_abi; then
# Shell completions
! tc-is-cross-compiler && emake -C scripts
fi
}
# There is also a pytest harness that tests for bugs in some very specific
# situations; we can rely on upstream for this rather than adding additional test deps.
multilib_src_test() {
# See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
# -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
# -v: verbose
# -a: keep going on failure (so we see everything which breaks, not just 1st test)
# -k: keep test files after completion
# -am: automake style TAP output
# -p: print logs if test fails
# Note: if needed, we can skip specific tests. See e.g. Fedora's packaging
# or just read https://github.com/curl/curl/tree/master/tests#run.
# Note: we don't run the testsuite for cross-compilation.
# Upstream recommend 7*nproc as a starting point for parallel tests, but
# this ends up breaking when nproc is huge (like -j80).
# The network sandbox causes tests 241 and 1083 to fail; these are typically skipped
# as most gentoo users don't have an 'ip6-localhost'
# Required deps for 1477 are not included in the release tarball for 8.5.0
multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p -j$((2*$(makeopts_jobs))) !241 !1083 !1477"
}
multilib_src_install() {
emake DESTDIR="${D}" install
if multilib_is_native_abi; then
# Shell completions
! tc-is-cross-compiler && emake -C scripts DESTDIR="${D}" install
fi
}
multilib_src_install_all() {
einstalldocs
find "${ED}" -type f -name '*.la' -delete || die
rm -rf "${ED}"/etc/ || die
}

3
sdk_container/src/third_party/portage-stable/net-misc/curl/curl-9999.ebuild vendored
View File

@ -1,4 +1,4 @@
# Copyright 1999-2023 Gentoo Authors
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
@ -123,6 +123,7 @@ QA_CONFIG_IMPL_DECL_SKIP=(
IoctlSocket
mach_absolute_time
setmode
_fseeki64
)
PATCHES=(

136
sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-8.3.0-CVE-2023-38545.patch vendored
View File

@ -1,136 +0,0 @@
https://bugs.gentoo.org/915195
From 1e1f915b73ab0895a68348ad1f96a5283a44ffd7 Mon Sep 17 00:00:00 2001
From: Jay Satiro <raysatiro@yahoo.com>
Date: Mon, 9 Oct 2023 17:45:07 -0400
Subject: [PATCH] socks: return error if hostname too long for remote resolve
Prior to this change the state machine attempted to change the remote
resolve to a local resolve if the hostname was longer than 255
characters. Unfortunately that did not work as intended and caused a
security issue.
This patch applies to curl versions 8.2.0 - 8.3.0. Other versions
that are affected take a different patch. Refer to the CVE advisory
for more information.
Bug: https://curl.se/docs/CVE-2023-38545.html
---
lib/socks.c | 8 +++----
tests/data/Makefile.inc | 2 +-
tests/data/test728 | 64 +++++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 69 insertions(+), 5 deletions(-)
create mode 100644 tests/data/test728
diff --git a/lib/socks.c b/lib/socks.c
index 25a3578..3d41c93 100644
--- a/lib/socks.c
+++ b/lib/socks.c
@@ -588,9 +588,9 @@ static CURLproxycode do_SOCKS5(struct Curl_cfilter *cf,
/* RFC1928 chapter 5 specifies max 255 chars for domain name in packet */
if(!socks5_resolve_local && hostname_len > 255) {
- infof(data, "SOCKS5: server resolving disabled for hostnames of "
- "length > 255 [actual len=%zu]", hostname_len);
- socks5_resolve_local = TRUE;
+ failf(data, "SOCKS5: the destination hostname is too long to be "
+ "resolved remotely by the proxy.");
+ return CURLPX_LONG_HOSTNAME;
}
if(auth & ~(CURLAUTH_BASIC | CURLAUTH_GSSAPI))
@@ -904,7 +904,7 @@ CONNECT_RESOLVE_REMOTE:
}
else {
socksreq[len++] = 3;
- socksreq[len++] = (char) hostname_len; /* one byte address length */
+ socksreq[len++] = (unsigned char) hostname_len; /* one byte length */
memcpy(&socksreq[len], sx->hostname, hostname_len); /* w/o NULL */
len += hostname_len;
}
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index 8ee1394..3e2094e 100644
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -100,7 +100,7 @@ test679 test680 test681 test682 test683 test684 test685 test686 \
\
test700 test701 test702 test703 test704 test705 test706 test707 test708 \
test709 test710 test711 test712 test713 test714 test715 test716 test717 \
-test718 test719 test720 test721 \
+test718 test719 test720 test721 test728 \
\
test799 test800 test801 test802 test803 test804 test805 test806 test807 \
test808 test809 test810 test811 test812 test813 test814 test815 test816 \
diff --git a/tests/data/test728 b/tests/data/test728
new file mode 100644
index 0000000..05bcf28
--- /dev/null
+++ b/tests/data/test728
@@ -0,0 +1,64 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP GET
+SOCKS5
+SOCKS5h
+followlocation
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+# The hostname in this redirect is 256 characters and too long (> 255) for
+# SOCKS5 remote resolve. curl must return error CURLE_PROXY in this case.
+<data>
+HTTP/1.1 301 Moved Permanently
+Location: http://AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/
+Content-Length: 0
+Connection: close
+
+</data>
+</reply>
+
+#
+# Client-side
+<client>
+<features>
+proxy
+</features>
+<server>
+http
+socks5
+</server>
+ <name>
+SOCKS5h with HTTP redirect to hostname too long
+ </name>
+ <command>
+--no-progress-meter --location --proxy socks5h://%HOSTIP:%SOCKSPORT http://%HOSTIP:%HTTPPORT/%TESTNUMBER
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<protocol crlf="yes">
+GET /%TESTNUMBER HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+User-Agent: curl/%VERSION
+Accept: */*
+
+</protocol>
+<errorcode>
+97
+</errorcode>
+# the error message is verified because error code CURLE_PROXY (97) may be
+# returned for any number of reasons and we need to make sure it is
+# specifically for the reason below so that we know the check is working.
+<stderr mode="text">
+curl: (97) SOCKS5: the destination hostname is too long to be resolved remotely by the proxy.
+</stderr>
+</verify>
+</testcase>
--
2.7.4

131
sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-8.3.0-CVE-2023-38546.patch vendored
View File

@ -1,131 +0,0 @@
https://bugs.gentoo.org/915195
https://github.com/curl/curl/commit/61275672b46d9abb3285740467b882e22ed75da8
From 61275672b46d9abb3285740467b882e22ed75da8 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 14 Sep 2023 23:28:32 +0200
Subject: [PATCH] cookie: remove unnecessary struct fields
Plus: reduce the hash table size from 256 to 63. It seems unlikely to
make much of a speed difference for most use cases but saves 1.5KB of
data per instance.
Closes #11862
---
lib/cookie.c | 13 +------------
lib/cookie.h | 13 ++++---------
lib/easy.c | 4 +---
3 files changed, 6 insertions(+), 24 deletions(-)
diff --git a/lib/cookie.c b/lib/cookie.c
index 4345a84c6fd9d..e39c89a94a960 100644
--- a/lib/cookie.c
+++ b/lib/cookie.c
@@ -119,7 +119,6 @@ static void freecookie(struct Cookie *co)
free(co->name);
free(co->value);
free(co->maxage);
- free(co->version);
free(co);
}
@@ -718,11 +717,7 @@ Curl_cookie_add(struct Curl_easy *data,
}
}
else if((nlen == 7) && strncasecompare("version", namep, 7)) {
- strstore(&co->version, valuep, vlen);
- if(!co->version) {
- badcookie = TRUE;
- break;
- }
+ /* just ignore */
}
else if((nlen == 7) && strncasecompare("max-age", namep, 7)) {
/*
@@ -1160,7 +1155,6 @@ Curl_cookie_add(struct Curl_easy *data,
free(clist->path);
free(clist->spath);
free(clist->expirestr);
- free(clist->version);
free(clist->maxage);
*clist = *co; /* then store all the new data */
@@ -1224,9 +1218,6 @@ struct CookieInfo *Curl_cookie_init(struct Curl_easy *data,
c = calloc(1, sizeof(struct CookieInfo));
if(!c)
return NULL; /* failed to get memory */
- c->filename = strdup(file?file:"none"); /* copy the name just in case */
- if(!c->filename)
- goto fail; /* failed to get memory */
/*
* Initialize the next_expiration time to signal that we don't have enough
* information yet.
@@ -1378,7 +1369,6 @@ static struct Cookie *dup_cookie(struct Cookie *src)
CLONE(name);
CLONE(value);
CLONE(maxage);
- CLONE(version);
d->expires = src->expires;
d->tailmatch = src->tailmatch;
d->secure = src->secure;
@@ -1595,7 +1585,6 @@ void Curl_cookie_cleanup(struct CookieInfo *c)
{
if(c) {
unsigned int i;
- free(c->filename);
for(i = 0; i < COOKIE_HASH_SIZE; i++)
Curl_cookie_freelist(c->cookies[i]);
free(c); /* free the base struct as well */
diff --git a/lib/cookie.h b/lib/cookie.h
index b3c0063b2cfb2..41e9e7a6914e0 100644
--- a/lib/cookie.h
+++ b/lib/cookie.h
@@ -36,11 +36,7 @@ struct Cookie {
char *domain; /* domain = <this> */
curl_off_t expires; /* expires = <this> */
char *expirestr; /* the plain text version */
-
- /* RFC 2109 keywords. Version=1 means 2109-compliant cookie sending */
- char *version; /* Version = <value> */
char *maxage; /* Max-Age = <value> */
-
bool tailmatch; /* whether we do tail-matching of the domain name */
bool secure; /* whether the 'secure' keyword was used */
bool livecookie; /* updated from a server, not a stored file */
@@ -56,17 +52,16 @@ struct Cookie {
#define COOKIE_PREFIX__SECURE (1<<0)
#define COOKIE_PREFIX__HOST (1<<1)
-#define COOKIE_HASH_SIZE 256
+#define COOKIE_HASH_SIZE 63
struct CookieInfo {
/* linked list of cookies we know of */
struct Cookie *cookies[COOKIE_HASH_SIZE];
- char *filename; /* file we read from/write to */
- long numcookies; /* number of cookies in the "jar" */
+ curl_off_t next_expiration; /* the next time at which expiration happens */
+ int numcookies; /* number of cookies in the "jar" */
+ int lastct; /* last creation-time used in the jar */
bool running; /* state info, for cookie adding information */
bool newsession; /* new session, discard session cookies on load */
- int lastct; /* last creation-time used in the jar */
- curl_off_t next_expiration; /* the next time at which expiration happens */
};
/* The maximum sizes we accept for cookies. RFC 6265 section 6.1 says
diff --git a/lib/easy.c b/lib/easy.c
index 16bbd35251d40..03195481f9780 100644
--- a/lib/easy.c
+++ b/lib/easy.c
@@ -925,9 +925,7 @@ struct Curl_easy *curl_easy_duphandle(struct Curl_easy *data)
if(data->cookies) {
/* If cookies are enabled in the parent handle, we enable them
in the clone as well! */
- outcurl->cookies = Curl_cookie_init(data,
- data->cookies->filename,
- outcurl->cookies,
+ outcurl->cookies = Curl_cookie_init(data, NULL, outcurl->cookies,
data->set.cookiesession);
if(!outcurl->cookies)
goto fail;

115
sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-8.3.0-tests-arm-musl.patch vendored
View File

@ -1,115 +0,0 @@
https://github.com/curl/curl/issues/11900
https://github.com/curl/curl/commit/b226bd679a68b8bf94cbb6d58837f00251560e63
https://github.com/curl/curl/commit/9c7165e96a3a9a2d0b7059c87c699b5ca8cdae93
From b226bd679a68b8bf94cbb6d58837f00251560e63 Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Mon, 25 Sep 2023 13:03:26 +0200
Subject: [PATCH] configure: sort AC_CHECK_FUNCS
No functional changes.
---
configure.ac | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/configure.ac b/configure.ac
index 2fc9f2f01783c..a6f9066a133a4 100644
--- a/configure.ac
+++ b/configure.ac
@@ -3583,8 +3583,10 @@ AC_CHECK_DECLS([getpwuid_r], [], [AC_DEFINE(HAVE_DECL_GETPWUID_R_MISSING, 1, "Se
#include <sys/types.h>]])
-AC_CHECK_FUNCS([fnmatch \
+AC_CHECK_FUNCS([\
+ arc4random \
fchmod \
+ fnmatch \
fork \
geteuid \
getpass_r \
@@ -3604,7 +3606,6 @@ AC_CHECK_FUNCS([fnmatch \
snprintf \
utime \
utimes \
- arc4random
],[
],[
func="$ac_func"
From 9c7165e96a3a9a2d0b7059c87c699b5ca8cdae93 Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Fri, 22 Sep 2023 13:58:49 +0000
Subject: [PATCH] lib: use wrapper for curl_mime_data fseek callback
fseek uses long offset which does not match with curl_off_t. This leads
to undefined behavior when calling the callback and caused failure on
arm 32 bit.
Use a wrapper to solve this and use fseeko which uses off_t instead of
long.
Thanks to the nice people at Libera IRC #musl for helping finding this
out.
Fixes #11882
Fixes #11900
Closes #11918
---
configure.ac | 2 ++
lib/formdata.c | 17 +++++++++++++++--
3 files changed, 20 insertions(+), 2 deletions(-)
diff --git a/configure.ac b/configure.ac
index a6f9066a133a4..5fa7c45c47430 100644
--- a/configure.ac
+++ b/configure.ac
@@ -3584,10 +3584,12 @@ AC_CHECK_DECLS([getpwuid_r], [], [AC_DEFINE(HAVE_DECL_GETPWUID_R_MISSING, 1, "Se
AC_CHECK_FUNCS([\
+ _fseeki64 \
arc4random \
fchmod \
fnmatch \
fork \
+ fseeko \
geteuid \
getpass_r \
getppid \
diff --git a/lib/formdata.c b/lib/formdata.c
index 8984b63223cc0..f370ce6854b5f 100644
--- a/lib/formdata.c
+++ b/lib/formdata.c
@@ -789,6 +789,20 @@ static CURLcode setname(curl_mimepart *part, const char *name, size_t len)
return res;
}
+/* wrap call to fseeko so it matches the calling convetion of callback */
+static int fseeko_wrapper(void *stream, curl_off_t offset, int whence)
+{
+#if defined(HAVE_FSEEKO)
+ return fseeko(stream, (off_t)offset, whence);
+#elif defined(HAVE__FSEEKI64)
+ return _fseeki64(stream, (__int64)offset, whence);
+#else
+ if(offset > LONG_MAX)
+ return -1;
+ return fseek(stream, (long)offset, whence);
+#endif
+}
+
/*
* Curl_getformdata() converts a linked list of "meta data" into a mime
* structure. The input list is in 'post', while the output is stored in
@@ -874,8 +888,7 @@ CURLcode Curl_getformdata(struct Curl_easy *data,
compatibility: use of "-" pseudo file name should be avoided. */
result = curl_mime_data_cb(part, (curl_off_t) -1,
(curl_read_callback) fread,
- CURLX_FUNCTION_CAST(curl_seek_callback,
- fseek),
+ fseeko_wrapper,
NULL, (void *) stdin);
}
else

31
sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-8.5.0-ipv6-configure-c99.patch vendored Normal file
View File

@ -0,0 +1,31 @@
https://github.com/curl/curl/commit/ae75db3527461248b0a7b1686df52200d28d83b9
From ae75db3527461248b0a7b1686df52200d28d83b9 Mon Sep 17 00:00:00 2001
From: annalee <150648636+a-n-n-a-l-e-e@users.noreply.github.com>
Date: Fri, 29 Dec 2023 05:43:33 +0000
Subject: [PATCH] configure: fix no default int compile error in ipv6 detection
Closes #12607
--- a/configure.ac
+++ b/configure.ac
@@ -1655,15 +1655,12 @@ AS_HELP_STRING([--disable-ipv6],[Disable IPv6 support]),
# include <netinet/in6.h>
#endif
#endif
-#include <stdlib.h> /* for exit() */
-main()
+
+int main(void)
{
struct sockaddr_in6 s;
(void)s;
- if (socket(AF_INET6, SOCK_STREAM, 0) < 0)
- exit(1);
- else
- exit(0);
+ return socket(AF_INET6, SOCK_STREAM, 0) < 0;
}
]])
],

69
sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-8.5.0-mpd-stream-http-adjust_pollset.patch vendored Normal file
View File

@ -0,0 +1,69 @@
https://github.com/MusicPlayerDaemon/MPD/issues/1952
https://github.com/curl/curl/issues/12632
https://github.com/curl/curl/commit/8e2d7b9fa4264b94bd1d9838c84d16e4cd33fbea
From 8e2d7b9fa4264b94bd1d9838c84d16e4cd33fbea Mon Sep 17 00:00:00 2001
From: Stefan Eissing <stefan@eissing.org>
Date: Thu, 4 Jan 2024 10:06:17 +0100
Subject: [PATCH] http: adjust_pollset fix
do not add a socket for POLLIN when the transfer does not want to send
(for example is paused).
Follow-up to 47f5b1a
Reported-by: bubbleguuum on github
Fixes #12632
Closes #12633
--- a/lib/cf-socket.c
+++ b/lib/cf-socket.c
@@ -1243,7 +1243,7 @@ static void cf_socket_adjust_pollset(struct Curl_cfilter *cf,
if(ctx->sock != CURL_SOCKET_BAD) {
if(!cf->connected)
Curl_pollset_set_out_only(data, ps, ctx->sock);
- else
+ else if(CURL_WANT_RECV(data))
Curl_pollset_add_in(data, ps, ctx->sock);
CURL_TRC_CF(data, cf, "adjust_pollset -> %d socks", ps->num);
}
--- a/lib/http2.c
+++ b/lib/http2.c
@@ -2341,8 +2341,8 @@ static void cf_h2_adjust_pollset(struct Curl_cfilter *cf,
bool c_exhaust, s_exhaust;
CF_DATA_SAVE(save, cf, data);
- c_exhaust = !nghttp2_session_get_remote_window_size(ctx->h2);
- s_exhaust = stream && stream->id >= 0 &&
+ c_exhaust = want_send && !nghttp2_session_get_remote_window_size(ctx->h2);
+ s_exhaust = want_send && stream && stream->id >= 0 &&
!nghttp2_session_get_stream_remote_window_size(ctx->h2,
stream->id);
want_recv = (want_recv || c_exhaust || s_exhaust);
--- a/lib/vquic/curl_ngtcp2.c
+++ b/lib/vquic/curl_ngtcp2.c
@@ -1166,9 +1166,10 @@ static void cf_ngtcp2_adjust_pollset(struct Curl_cfilter *cf,
bool c_exhaust, s_exhaust;
CF_DATA_SAVE(save, cf, data);
- c_exhaust = !ngtcp2_conn_get_cwnd_left(ctx->qconn) ||
- !ngtcp2_conn_get_max_data_left(ctx->qconn);
- s_exhaust = stream && stream->id >= 0 && stream->quic_flow_blocked;
+ c_exhaust = want_send && (!ngtcp2_conn_get_cwnd_left(ctx->qconn) ||
+ !ngtcp2_conn_get_max_data_left(ctx->qconn));
+ s_exhaust = want_send && stream && stream->id >= 0 &&
+ stream->quic_flow_blocked;
want_recv = (want_recv || c_exhaust || s_exhaust);
want_send = (!s_exhaust && want_send) ||
!Curl_bufq_is_empty(&ctx->q.sendbuf);
--- a/lib/vquic/curl_quiche.c
+++ b/lib/vquic/curl_quiche.c
@@ -1189,7 +1189,7 @@ static void cf_quiche_adjust_pollset(struct Curl_cfilter *cf,
c_exhaust = FALSE; /* Have not found any call in quiche that tells
us if the connection itself is blocked */
- s_exhaust = stream && stream->id >= 0 &&
+ s_exhaust = want_send && stream && stream->id >= 0 &&
(stream->quic_flow_blocked || !stream_is_writeable(cf, data));
want_recv = (want_recv || c_exhaust || s_exhaust);
want_send = (!s_exhaust && want_send) ||