diff --git a/sdk_container/src/third_party/portage-stable/net-misc/curl/Manifest b/sdk_container/src/third_party/portage-stable/net-misc/curl/Manifest index 51a46b81b6..e32343230d 100644 --- a/sdk_container/src/third_party/portage-stable/net-misc/curl/Manifest +++ b/sdk_container/src/third_party/portage-stable/net-misc/curl/Manifest @@ -1,2 +1,4 @@ DIST curl-7.87.0.tar.xz 2547932 BLAKE2B b272ec928c5ef1728434630d8910f58834327a30570913df9d47921a2810d002bd88b81371005197db857d3a53386420c1e28b1e463e6241d46c1e50fbce0c13 SHA512 aa125991592667280dce3788aabe81487cf8c55b0afc59d675cc30b76055bb7114f5380b4a0e3b6461a8f81bf9812fa26d493a85f7e01d84263d484a0d699ee7 DIST curl-7.87.0.tar.xz.asc 488 BLAKE2B 031d8236b357bd3c519548b181254dc0aea1efc1375738bce04f4f331d35bafe99d1ca394ecf5943ede7cae040854b6d2b478fd305147eb7330f8d50e5d95c96 SHA512 0bcc12bafc4ae50d80128af2cf4bf1a1ec6018ebb8d5b9c49f52b51c0c25acc77e820858965656549ef43c1f923f4e5fe75b0a3523623154b4cfb9dc8a1d76e4 +DIST curl-7.88.1.tar.xz 2581032 BLAKE2B ed7e7aa29efb02fd89a53d5c8d0ec79b4d17612ea07d2a6b5a951f0ca651b4cf7264704344b1a0c2d82196f4cb5c08525e06b4cdd432bc3278ff23c7a6580839 SHA512 b8d30c52a6d1c3e272608a7a8db78dfd79aef21330f34d6f1df43839a400e13ac6aac72a383526db0b711a70ecbec89a3b934677d7ecf5094fd64d3dbcb3492f +DIST curl-7.88.1.tar.xz.asc 488 BLAKE2B ea90d840846fca3f0b17838a84431cb44d6e3f8d2b42c3eced1fb1c929a58e8899b303c93d27ca3cafcaa52e7269ac440e7102191d6b2c2751729a6c4116e82f SHA512 d6dc720533004c4d533cc4fb3dd33ac28d95e114f440ec011e4b58f65d1f4c40cfa10ba26d2e2f2f1f9de99511632578b4758c5e79593c7c30d29788fdf1cbb6 diff --git a/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.88.1-r1.ebuild b/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.88.1-r1.ebuild new file mode 100644 index 0000000000..9857f3a4d3 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.88.1-r1.ebuild @@ -0,0 +1,306 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI="8" + +inherit autotools multilib-minimal prefix verify-sig + +DESCRIPTION="A Client that groks URLs" +HOMEPAGE="https://curl.se/" +SRC_URI="https://curl.se/download/${P}.tar.xz + verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )" + +LICENSE="curl" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +IUSE="+adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd" +IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_rustls" +IUSE+=" nghttp3" +VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/danielstenberg.asc + +#Only one default ssl provider can be enabled +REQUIRED_USE=" + ssl? ( + ^^ ( + curl_ssl_gnutls + curl_ssl_mbedtls + curl_ssl_nss + curl_ssl_openssl + curl_ssl_rustls + ) + )" + +# lead to lots of false negatives, bug #285669 +RESTRICT="!test? ( test )" + +RDEPEND="ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] ) + brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] ) + ssl? ( + gnutls? ( + net-libs/gnutls:=[static-libs?,${MULTILIB_USEDEP}] + dev-libs/nettle:=[${MULTILIB_USEDEP}] + app-misc/ca-certificates + ) + mbedtls? ( + net-libs/mbedtls:=[${MULTILIB_USEDEP}] + app-misc/ca-certificates + ) + openssl? ( + dev-libs/openssl:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}] + ) + nss? ( + dev-libs/nss:0[${MULTILIB_USEDEP}] + dev-libs/nss-pem + app-misc/ca-certificates + ) + rustls? ( + net-libs/rustls-ffi:=[${MULTILIB_USEDEP}] + ) + ) + http2? ( net-libs/nghttp2:=[${MULTILIB_USEDEP}] ) + nghttp3? ( + net-libs/nghttp3[${MULTILIB_USEDEP}] + net-libs/ngtcp2[ssl,${MULTILIB_USEDEP}] + ) + idn? ( net-dns/libidn2:=[static-libs?,${MULTILIB_USEDEP}] ) + adns? ( net-dns/c-ares:=[${MULTILIB_USEDEP}] ) + kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] ) + rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] ) + ssh? ( net-libs/libssh2[${MULTILIB_USEDEP}] ) + sys-libs/zlib[${MULTILIB_USEDEP}] + zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )" + +DEPEND="${RDEPEND}" +BDEPEND="dev-lang/perl + virtual/pkgconfig + test? ( + sys-apps/diffutils + http2? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] ) + nghttp3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] ) + ) + verify-sig? ( sec-keys/openpgp-keys-danielstenberg )" + +DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} ) + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/curl/curlbuild.h +) + +MULTILIB_CHOST_TOOLS=( + /usr/bin/curl-config +) + +PATCHES=( + "${FILESDIR}"/${PN}-7.30.0-prefix.patch + "${FILESDIR}"/${PN}-respect-cflags-3.patch + + "${FILESDIR}"/${P}-header-dump-segfault.patch + "${FILESDIR}"/${P}-pipewait.patch + "${FILESDIR}"/${P}-silent-parallel.patch +) + +src_prepare() { + default + + # Some tests (HTTP/#) rely on ssl certificates that are stored VCS which breaks + # with out-of-tree builds. + sed -i "s:my \$path = getcwd():my \$path = \"${S}/tests\":" tests/http*-server.pl \ + || die "Unable to update test locations" + eprefixify curl-config.in + eautoreconf +} + +multilib_src_configure() { + # We make use of the fact that later flags override earlier ones + # So start with all ssl providers off until proven otherwise + # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/) + local myconf=() + + myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt ) + #myconf+=( --without-default-ssl-backend ) + if use ssl ; then + myconf+=( --without-gnutls --without-mbedtls --without-nss --without-rustls ) + + if use gnutls || use curl_ssl_gnutls; then + einfo "SSL provided by gnutls" + myconf+=( --with-gnutls ) + fi + if use mbedtls || use curl_ssl_mbedtls; then + einfo "SSL provided by mbedtls" + myconf+=( --with-mbedtls ) + fi + if use nss || use curl_ssl_nss; then + einfo "SSL provided by nss" + myconf+=( --with-nss --with-nss-deprecated ) + fi + if use openssl || use curl_ssl_openssl; then + einfo "SSL provided by openssl" + myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs ) + fi + if use rustls || use curl_ssl_rustls; then + einfo "SSL provided by rustls" + myconf+=( --with-rustls ) + fi + if use curl_ssl_gnutls; then + einfo "Default SSL provided by gnutls" + myconf+=( --with-default-ssl-backend=gnutls ) + elif use curl_ssl_mbedtls; then + einfo "Default SSL provided by mbedtls" + myconf+=( --with-default-ssl-backend=mbedtls ) + elif use curl_ssl_nss; then + einfo "Default SSL provided by nss" + myconf+=( --with-default-ssl-backend=nss ) + elif use curl_ssl_openssl; then + einfo "Default SSL provided by openssl" + myconf+=( --with-default-ssl-backend=openssl ) + elif use curl_ssl_rustls; then + einfo "Default SSL provided by rustls" + myconf+=( --with-default-ssl-backend=rustls ) + else + eerror "We can't be here because of REQUIRED_USE." + fi + + else + myconf+=( --without-ssl ) + einfo "SSL disabled" + fi + + # These configuration options are organized alphabetically + # within each category. This should make it easier if we + # ever decide to make any of them contingent on USE flags: + # 1) protocols first. To see them all do + # 'grep SUPPORT_PROTOCOLS configure.ac' + # 2) --enable/disable options second. + # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort + # 3) --with/without options third. + # grep -- --with configure | grep Check | awk '{ print $4 }' | sort + + myconf+=( + $(use_enable alt-svc) + --enable-crypto-auth + --enable-dict + --disable-ech + --enable-file + $(use_enable ftp) + $(use_enable gopher) + $(use_enable hsts) + --enable-http + $(use_enable imap) + $(use_enable ldap) + $(use_enable ldap ldaps) + --enable-ntlm + --disable-ntlm-wb + $(use_enable pop3) + --enable-rt + --enable-rtsp + $(use_enable samba smb) + $(use_with ssh libssh2) + $(use_enable smtp) + $(use_enable telnet) + $(use_enable tftp) + --enable-tls-srp + $(use_enable adns ares) + --enable-cookies + --enable-dateparse + --enable-dnsshuffle + --enable-doh + --enable-symbol-hiding + --enable-http-auth + --enable-ipv6 + --enable-largefile + --enable-manual + --enable-mime + --enable-netrc + $(use_enable progress-meter) + --enable-proxy + --enable-socketpair + --disable-sspi + $(use_enable static-libs static) + --enable-pthreads + --enable-threaded-resolver + --disable-versioned-symbols + --without-amissl + --without-bearssl + $(use_with brotli) + --without-fish-functions-dir + $(use_with http2 nghttp2) + --without-hyper + $(use_with idn libidn2) + $(use_with kerberos gssapi "${EPREFIX}"/usr) + --without-libgsasl + --without-libpsl + --without-msh3 + $(use_with nghttp3) + $(use_with nghttp3 ngtcp2) + --without-quiche + $(use_with rtmp librtmp) + --without-schannel + --without-secure-transport + --without-test-caddy + --without-test-httpd + --without-test-nghttpx + $(use_enable websockets) + --without-winidn + --without-wolfssl + --with-zlib + $(use_with zstd) + ) + + if use test && multilib_is_native_abi && ( use http2 || use nghttp3 ); then + myconf+=( + --with-test-nghttpx="${BROOT}/usr/bin/nghttpx" + ) + fi + + ECONF_SOURCE="${S}" econf "${myconf[@]}" + + if ! multilib_is_native_abi; then + # avoid building the client + sed -i -e '/SUBDIRS/s:src::' Makefile || die + sed -i -e '/SUBDIRS/s:scripts::' Makefile || die + fi + + # Fix up the pkg-config file to be more robust. + # https://github.com/curl/curl/issues/864 + local priv=() libs=() + # We always enable zlib. + libs+=( "-lz" ) + priv+=( "zlib" ) + if use http2; then + libs+=( "-lnghttp2" ) + priv+=( "libnghttp2" ) + fi + if use nghttp3; then + libs+=( "-lnghttp3" "-lngtcp2" ) + priv+=( "libnghttp3" "libngtcp2" ) + fi + if use ssl && use curl_ssl_openssl; then + libs+=( "-lssl" "-lcrypto" ) + priv+=( "openssl" ) + fi + grep -q Requires.private libcurl.pc && die "need to update ebuild" + libs=$(printf '|%s' "${libs[@]}") + sed -i -r \ + -e "/^Libs.private/s:(${libs#|})( |$)::g" \ + libcurl.pc || die + echo "Requires.private: ${priv[*]}" >> libcurl.pc || die +} + +multilib_src_test() { + # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721 + # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches) + # -v: verbose + # -a: keep going on failure (so we see everything which breaks, not just 1st test) + # -k: keep test files after completion + # -am: automake style TAP output + # -p: print logs if test fails + # Note: if needed, we can disable tests. See e.g. Fedora's packaging + # or just read https://github.com/curl/curl/tree/master/tests#run. + multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p" +} + +multilib_src_install_all() { + einstalldocs + find "${ED}" -type f -name '*.la' -delete || die + rm -rf "${ED}"/etc/ || die +} diff --git a/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.88.1.ebuild b/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.88.1.ebuild new file mode 100644 index 0000000000..74340e55cd --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.88.1.ebuild @@ -0,0 +1,302 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI="8" + +inherit autotools multilib-minimal prefix verify-sig + +DESCRIPTION="A Client that groks URLs" +HOMEPAGE="https://curl.se/" +SRC_URI="https://curl.se/download/${P}.tar.xz + verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )" + +LICENSE="curl" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +IUSE="+adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd" +IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_rustls" +IUSE+=" nghttp3" +VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/danielstenberg.asc + +#Only one default ssl provider can be enabled +REQUIRED_USE=" + ssl? ( + ^^ ( + curl_ssl_gnutls + curl_ssl_mbedtls + curl_ssl_nss + curl_ssl_openssl + curl_ssl_rustls + ) + )" + +# lead to lots of false negatives, bug #285669 +RESTRICT="!test? ( test )" + +RDEPEND="ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] ) + brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] ) + ssl? ( + gnutls? ( + net-libs/gnutls:=[static-libs?,${MULTILIB_USEDEP}] + dev-libs/nettle:=[${MULTILIB_USEDEP}] + app-misc/ca-certificates + ) + mbedtls? ( + net-libs/mbedtls:=[${MULTILIB_USEDEP}] + app-misc/ca-certificates + ) + openssl? ( + dev-libs/openssl:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}] + ) + nss? ( + dev-libs/nss:0[${MULTILIB_USEDEP}] + dev-libs/nss-pem + app-misc/ca-certificates + ) + rustls? ( + net-libs/rustls-ffi:=[${MULTILIB_USEDEP}] + ) + ) + http2? ( net-libs/nghttp2:=[${MULTILIB_USEDEP}] ) + nghttp3? ( + net-libs/nghttp3[${MULTILIB_USEDEP}] + net-libs/ngtcp2[ssl,${MULTILIB_USEDEP}] + ) + idn? ( net-dns/libidn2:=[static-libs?,${MULTILIB_USEDEP}] ) + adns? ( net-dns/c-ares:=[${MULTILIB_USEDEP}] ) + kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] ) + rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] ) + ssh? ( net-libs/libssh2[${MULTILIB_USEDEP}] ) + sys-libs/zlib[${MULTILIB_USEDEP}] + zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )" + +DEPEND="${RDEPEND}" +BDEPEND="dev-lang/perl + virtual/pkgconfig + test? ( + sys-apps/diffutils + http2? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] ) + nghttp3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] ) + ) + verify-sig? ( sec-keys/openpgp-keys-danielstenberg )" + +DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} ) + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/curl/curlbuild.h +) + +MULTILIB_CHOST_TOOLS=( + /usr/bin/curl-config +) + +PATCHES=( + "${FILESDIR}"/${PN}-7.30.0-prefix.patch + "${FILESDIR}"/${PN}-respect-cflags-3.patch +) + +src_prepare() { + default + + # Some tests (HTTP/#) rely on ssl certificates that are stored VCS which breaks + # with out-of-tree builds. + sed -i "s:my \$path = getcwd():my \$path = \"${S}/tests\":" tests/http*-server.pl \ + || die "Unable to update test locations" + eprefixify curl-config.in + eautoreconf +} + +multilib_src_configure() { + # We make use of the fact that later flags override earlier ones + # So start with all ssl providers off until proven otherwise + # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/) + local myconf=() + + myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt ) + #myconf+=( --without-default-ssl-backend ) + if use ssl ; then + myconf+=( --without-gnutls --without-mbedtls --without-nss --without-rustls ) + + if use gnutls || use curl_ssl_gnutls; then + einfo "SSL provided by gnutls" + myconf+=( --with-gnutls ) + fi + if use mbedtls || use curl_ssl_mbedtls; then + einfo "SSL provided by mbedtls" + myconf+=( --with-mbedtls ) + fi + if use nss || use curl_ssl_nss; then + einfo "SSL provided by nss" + myconf+=( --with-nss --with-nss-deprecated ) + fi + if use openssl || use curl_ssl_openssl; then + einfo "SSL provided by openssl" + myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs ) + fi + if use rustls || use curl_ssl_rustls; then + einfo "SSL provided by rustls" + myconf+=( --with-rustls ) + fi + if use curl_ssl_gnutls; then + einfo "Default SSL provided by gnutls" + myconf+=( --with-default-ssl-backend=gnutls ) + elif use curl_ssl_mbedtls; then + einfo "Default SSL provided by mbedtls" + myconf+=( --with-default-ssl-backend=mbedtls ) + elif use curl_ssl_nss; then + einfo "Default SSL provided by nss" + myconf+=( --with-default-ssl-backend=nss ) + elif use curl_ssl_openssl; then + einfo "Default SSL provided by openssl" + myconf+=( --with-default-ssl-backend=openssl ) + elif use curl_ssl_rustls; then + einfo "Default SSL provided by rustls" + myconf+=( --with-default-ssl-backend=rustls ) + else + eerror "We can't be here because of REQUIRED_USE." + fi + + else + myconf+=( --without-ssl ) + einfo "SSL disabled" + fi + + # These configuration options are organized alphabetically + # within each category. This should make it easier if we + # ever decide to make any of them contingent on USE flags: + # 1) protocols first. To see them all do + # 'grep SUPPORT_PROTOCOLS configure.ac' + # 2) --enable/disable options second. + # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort + # 3) --with/without options third. + # grep -- --with configure | grep Check | awk '{ print $4 }' | sort + + myconf+=( + $(use_enable alt-svc) + --enable-crypto-auth + --enable-dict + --disable-ech + --enable-file + $(use_enable ftp) + $(use_enable gopher) + $(use_enable hsts) + --enable-http + $(use_enable imap) + $(use_enable ldap) + $(use_enable ldap ldaps) + --enable-ntlm + --disable-ntlm-wb + $(use_enable pop3) + --enable-rt + --enable-rtsp + $(use_enable samba smb) + $(use_with ssh libssh2) + $(use_enable smtp) + $(use_enable telnet) + $(use_enable tftp) + --enable-tls-srp + $(use_enable adns ares) + --enable-cookies + --enable-dateparse + --enable-dnsshuffle + --enable-doh + --enable-symbol-hiding + --enable-http-auth + --enable-ipv6 + --enable-largefile + --enable-manual + --enable-mime + --enable-netrc + $(use_enable progress-meter) + --enable-proxy + --enable-socketpair + --disable-sspi + $(use_enable static-libs static) + --enable-pthreads + --enable-threaded-resolver + --disable-versioned-symbols + --without-amissl + --without-bearssl + $(use_with brotli) + --without-fish-functions-dir + $(use_with http2 nghttp2) + --without-hyper + $(use_with idn libidn2) + $(use_with kerberos gssapi "${EPREFIX}"/usr) + --without-libgsasl + --without-libpsl + --without-msh3 + $(use_with nghttp3) + $(use_with nghttp3 ngtcp2) + --without-quiche + $(use_with rtmp librtmp) + --without-schannel + --without-secure-transport + --without-test-caddy + --without-test-httpd + --without-test-nghttpx + $(use_enable websockets) + --without-winidn + --without-wolfssl + --with-zlib + $(use_with zstd) + ) + + if use test && multilib_is_native_abi && ( use http2 || use nghttp3 ); then + myconf+=( + --with-test-nghttpx="${BROOT}/usr/bin/nghttpx" + ) + fi + + ECONF_SOURCE="${S}" econf "${myconf[@]}" + + if ! multilib_is_native_abi; then + # avoid building the client + sed -i -e '/SUBDIRS/s:src::' Makefile || die + sed -i -e '/SUBDIRS/s:scripts::' Makefile || die + fi + + # Fix up the pkg-config file to be more robust. + # https://github.com/curl/curl/issues/864 + local priv=() libs=() + # We always enable zlib. + libs+=( "-lz" ) + priv+=( "zlib" ) + if use http2; then + libs+=( "-lnghttp2" ) + priv+=( "libnghttp2" ) + fi + if use nghttp3; then + libs+=( "-lnghttp3" "-lngtcp2" ) + priv+=( "libnghttp3" "libngtcp2" ) + fi + if use ssl && use curl_ssl_openssl; then + libs+=( "-lssl" "-lcrypto" ) + priv+=( "openssl" ) + fi + grep -q Requires.private libcurl.pc && die "need to update ebuild" + libs=$(printf '|%s' "${libs[@]}") + sed -i -r \ + -e "/^Libs.private/s:(${libs#|})( |$)::g" \ + libcurl.pc || die + echo "Requires.private: ${priv[*]}" >> libcurl.pc || die +} + +multilib_src_test() { + # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721 + # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches) + # -v: verbose + # -a: keep going on failure (so we see everything which breaks, not just 1st test) + # -k: keep test files after completion + # -am: automake style TAP output + # -p: print logs if test fails + # Note: if needed, we can disable tests. See e.g. Fedora's packaging + # or just read https://github.com/curl/curl/tree/master/tests#run. + multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p" +} + +multilib_src_install_all() { + einstalldocs + find "${ED}" -type f -name '*.la' -delete || die + rm -rf "${ED}"/etc/ || die +} diff --git a/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-7.86.0-noproxy-tailmatch-like-in-7.85.0-and-earlier.patch b/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-7.86.0-noproxy-tailmatch-like-in-7.85.0-and-earlier.patch deleted file mode 100644 index 1f04f22f9b..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-7.86.0-noproxy-tailmatch-like-in-7.85.0-and-earlier.patch +++ /dev/null @@ -1,84 +0,0 @@ -https://github.com/curl/curl/issues/9842 -https://github.com/curl/curl/commit/b1953c1933b369b1217ef0f16053e26da63488c3 - -From b1953c1933b369b1217ef0f16053e26da63488c3 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Sun, 6 Nov 2022 23:19:51 +0100 -Subject: [PATCH] noproxy: tailmatch like in 7.85.0 and earlier - -A regfression in 7.86.0 (via 1e9a538e05c010) made the tailmatch work -differently than before. This restores the logic to how it used to work: - -All names listed in NO_PROXY are tailmatched against the used domain -name, if the lengths are identical it needs a full match. - -Update the docs, update test 1614. - -Reported-by: Stuart Henderson -Fixes #9842 -Closes #9858 ---- - docs/libcurl/opts/CURLOPT_NOPROXY.3 | 4 ---- - lib/noproxy.c | 32 +++++++++++++++-------------- - tests/unit/unit1614.c | 3 ++- - 3 files changed, 19 insertions(+), 20 deletions(-) - -diff --git a/docs/libcurl/opts/CURLOPT_NOPROXY.3 b/docs/libcurl/opts/CURLOPT_NOPROXY.3 -index 5e4c32130431..dc3cf7c10833 100644 ---- a/docs/libcurl/opts/CURLOPT_NOPROXY.3 -+++ b/docs/libcurl/opts/CURLOPT_NOPROXY.3 -@@ -40,10 +40,6 @@ list is matched as either a domain which contains the hostname, or the - hostname itself. For example, "ample.com" would match ample.com, ample.com:80, - and www.ample.com, but not www.example.com or ample.com.org. - --If the name in the \fInoproxy\fP list has a leading period, it is a domain --match against the provided host name. This way ".example.com" will switch off --proxy use for both "www.example.com" as well as for "foo.example.com". -- - Setting the \fInoproxy\fP string to "" (an empty string) will explicitly - enable the proxy for all host names, even if there is an environment variable - set for it. -diff --git a/lib/noproxy.c b/lib/noproxy.c -index 2832ae166a5b..fb856e4faa72 100644 ---- a/lib/noproxy.c -+++ b/lib/noproxy.c -@@ -187,22 +187,24 @@ bool Curl_check_noproxy(const char *name, const char *no_proxy) - tokenlen--; - - if(tokenlen && (*token == '.')) { -- /* A: example.com matches '.example.com' -- B: www.example.com matches '.example.com' -- C: nonexample.com DOES NOT match '.example.com' -- */ -- if((tokenlen - 1) == namelen) -- /* case A, exact match without leading dot */ -- match = strncasecompare(token + 1, name, namelen); -- else if(tokenlen < namelen) -- /* case B, tailmatch with leading dot */ -- match = strncasecompare(token, name + (namelen - tokenlen), -- tokenlen); -- /* case C passes through, not a match */ -+ /* ignore leading token dot as well */ -+ token++; -+ tokenlen--; - } -- else -- match = (tokenlen == namelen) && -- strncasecompare(token, name, namelen); -+ /* A: example.com matches 'example.com' -+ B: www.example.com matches 'example.com' -+ C: nonexample.com DOES NOT match 'example.com' -+ */ -+ if(tokenlen == namelen) -+ /* case A, exact match */ -+ match = strncasecompare(token, name, namelen); -+ else if(tokenlen < namelen) { -+ /* case B, tailmatch domain */ -+ match = (name[namelen - tokenlen - 1] == '.') && -+ strncasecompare(token, name + (namelen - tokenlen), -+ tokenlen); -+ } -+ /* case C passes through, not a match */ - break; - case TYPE_IPV4: - /* FALLTHROUGH */ diff --git a/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-7.86.0-proxy-noproxy-match-comma.patch b/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-7.86.0-proxy-noproxy-match-comma.patch deleted file mode 100644 index 6c8f4067e8..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-7.86.0-proxy-noproxy-match-comma.patch +++ /dev/null @@ -1,86 +0,0 @@ -https://bugs.gentoo.org/878365#c2 -https://github.com/curl/curl/issues/9813 -https://github.com/curl/curl/commit/efc286b7a62af0568fdcbf3c68791c9955182128 - -From efc286b7a62af0568fdcbf3c68791c9955182128 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Thu, 27 Oct 2022 13:54:27 +0200 -Subject: [PATCH] noproxy: also match with adjacent comma - -If the host name is an IP address and the noproxy string contained that -IP address with a following comma, it would erroneously not match. - -Extended test 1614 to verify this combo as well. - -Reported-by: Henning Schild - -Fixes #9813 -Closes #9814 ---- a/lib/noproxy.c -+++ b/lib/noproxy.c -@@ -192,18 +192,22 @@ bool Curl_check_noproxy(const char *name, const char *no_proxy) - /* FALLTHROUGH */ - case TYPE_IPV6: { - const char *check = token; -- char *slash = strchr(check, '/'); -+ char *slash; - unsigned int bits = 0; - char checkip[128]; -+ if(tokenlen >= sizeof(checkip)) -+ /* this cannot match */ -+ break; -+ /* copy the check name to a temp buffer */ -+ memcpy(checkip, check, tokenlen); -+ checkip[tokenlen] = 0; -+ check = checkip; -+ -+ slash = strchr(check, '/'); - /* if the slash is part of this token, use it */ -- if(slash && (slash < &check[tokenlen])) { -+ if(slash) { - bits = atoi(slash + 1); -- /* copy the check name to a temp buffer */ -- if(tokenlen >= sizeof(checkip)) -- break; -- memcpy(checkip, check, tokenlen); -- checkip[ slash - check ] = 0; -- check = checkip; -+ *slash = 0; /* null terminate there */ - } - if(type == TYPE_IPV6) - match = Curl_cidr6_match(name, check, bits); ---- a/tests/data/test1614 -+++ b/tests/data/test1614 -@@ -16,7 +16,7 @@ unittest - proxy - - --cidr comparisons -+noproxy and cidr comparisons - - - ---- a/tests/unit/unit1614.c -+++ b/tests/unit/unit1614.c -@@ -77,6 +77,20 @@ UNITTEST_START - { NULL, NULL, 0, FALSE} /* end marker */ - }; - struct noproxy list[]= { -+ { "127.0.0.1", "127.0.0.1,localhost", TRUE}, -+ { "127.0.0.1", "127.0.0.1,localhost,", TRUE}, -+ { "127.0.0.1", "127.0.0.1/8,localhost,", TRUE}, -+ { "127.0.0.1", "127.0.0.1/28,localhost,", TRUE}, -+ { "127.0.0.1", "127.0.0.1/31,localhost,", TRUE}, -+ { "127.0.0.1", "localhost,127.0.0.1", TRUE}, -+ { "127.0.0.1", "localhost,127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1." -+ "127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127." -+ "0.0.1.127.0.0.1.127.0.0." /* 128 bytes "address" */, FALSE}, -+ { "127.0.0.1", "localhost,127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1." -+ "127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127." -+ "0.0.1.127.0.0.1.127.0.0" /* 127 bytes "address" */, FALSE}, -+ { "localhost", "localhost,127.0.0.1", TRUE}, -+ { "localhost", "127.0.0.1,localhost", TRUE}, - { "foobar", "barfoo", FALSE}, - { "foobar", "foobar", TRUE}, - { "192.168.0.1", "foobar", FALSE}, - diff --git a/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-7.86.0-proxy-noproxy-tailmatching.patch b/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-7.86.0-proxy-noproxy-tailmatching.patch deleted file mode 100644 index 15f5e64c91..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-7.86.0-proxy-noproxy-tailmatching.patch +++ /dev/null @@ -1,66 +0,0 @@ -https://bugs.gentoo.org/878365#c2 -https://github.com/curl/curl/issues/9821 -https://github.com/curl/curl/commit/b830f9ba9e94acf672cd191993ff679fa888838b - -From b830f9ba9e94acf672cd191993ff679fa888838b Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Fri, 28 Oct 2022 10:51:49 +0200 -Subject: [PATCH] noproxy: fix tail-matching - -Also ignore trailing dots in both host name and comparison pattern. - -Regression in 7.86.0 (from 1e9a538e05c0) - -Extended test 1614 to verify better. - -Reported-by: Henning Schild -Fixes #9821 -Closes #9822 ---- a/lib/noproxy.c -+++ b/lib/noproxy.c -@@ -153,9 +153,14 @@ bool Curl_check_noproxy(const char *name, const char *no_proxy) - } - else { - unsigned int address; -+ namelen = strlen(name); - if(1 == Curl_inet_pton(AF_INET, name, &address)) - type = TYPE_IPV4; -- namelen = strlen(name); -+ else { -+ /* ignore trailing dots in the host name */ -+ if(name[namelen - 1] == '.') -+ namelen--; -+ } - } - - while(*p) { -@@ -177,12 +182,23 @@ bool Curl_check_noproxy(const char *name, const char *no_proxy) - if(tokenlen) { - switch(type) { - case TYPE_HOST: -- if(*token == '.') { -- ++token; -- --tokenlen; -- /* tailmatch */ -- match = (tokenlen <= namelen) && -- strncasecompare(token, name + (namelen - tokenlen), namelen); -+ /* ignore trailing dots in the token to check */ -+ if(token[tokenlen - 1] == '.') -+ tokenlen--; -+ -+ if(tokenlen && (*token == '.')) { -+ /* A: example.com matches '.example.com' -+ B: www.example.com matches '.example.com' -+ C: nonexample.com DOES NOT match '.example.com' -+ */ -+ if((tokenlen - 1) == namelen) -+ /* case A, exact match without leading dot */ -+ match = strncasecompare(token + 1, name, namelen); -+ else if(tokenlen < namelen) -+ /* case B, tailmatch with leading dot */ -+ match = strncasecompare(token, name + (namelen - tokenlen), -+ tokenlen); -+ /* case C passes through, not a match */ - } - else - match = (tokenlen == namelen) && diff --git a/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-7.88.1-header-dump-segfault.patch b/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-7.88.1-header-dump-segfault.patch new file mode 100644 index 0000000000..48ebb7a5e4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-7.88.1-header-dump-segfault.patch @@ -0,0 +1,29 @@ +https://github.com/curl/curl/commit/1c9cfb7af368feefb522caf81b052ee742a76da8 +From: Daniel Stenberg +Date: Mon, 20 Feb 2023 18:35:13 +0100 +Subject: [PATCH] tool_operate: avoid fclose(NULL) on bad header dump file +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Fixes #10570 +Reported-by: Jérémy Rabasco +Closes #10571 +--- a/src/tool_operate.c ++++ b/src/tool_operate.c +@@ -984,12 +984,13 @@ static CURLcode single_transfer(struct GlobalConfig *global, + */ + if(!per->prev || per->prev->config != config) { + newfile = fopen(config->headerfile, "wb+"); +- fclose(newfile); ++ if(newfile) ++ fclose(newfile); + } + newfile = fopen(config->headerfile, "ab+"); + + if(!newfile) { +- warnf(global, "Failed to open %s\n", config->headerfile); ++ errorf(global, "Failed to open %s\n", config->headerfile); + result = CURLE_WRITE_ERROR; + break; + } diff --git a/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-7.88.1-pipewait.patch b/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-7.88.1-pipewait.patch new file mode 100644 index 0000000000..6c626a86c8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-7.88.1-pipewait.patch @@ -0,0 +1,64 @@ +https://github.com/curl/curl/commit/821f6e2a89de8aec1c7da3c0f381b92b2b801efc +From: Stefan Eissing +Date: Thu, 9 Feb 2023 16:07:34 +0100 +Subject: [PATCH] CURLOPT_PIPEWAIT: allow waited reuse also for subsequent + connections + +note: Dropped test portion of patch; not shipped in source tarball! + +As tested in test_02_07, when firing off 200 urls with --parallel, 199 +wait for the first connection to be established. if that is multiuse, +urls are added up to its capacity. + +The first url over capacity opens another connection. But subsequent +urls found the same situation and open a connection too. They should +have waited for the second connection to actually connect and make its +capacity known. + +This change fixes that by + +- setting `connkeep()` early in the HTTP setup handler. as otherwise + a new connection is marked as closeit by default and not considered + for multiuse at all +- checking the "connected" status for a candidate always and continuing + to PIPEWAIT if no alternative is found. + +pytest: +- removed "skip" from test_02_07 +- added test_02_07b to check that http/1.1 continues to work as before + +Closes #10456 +--- a/lib/http.c ++++ b/lib/http.c +@@ -233,6 +233,7 @@ static CURLcode http_setup_conn(struct Curl_easy *data, + + Curl_mime_initpart(&http->form); + data->req.p.http = http; ++ connkeep(conn, "HTTP default"); + + if((data->state.httpwant == CURL_HTTP_VERSION_3) + || (data->state.httpwant == CURL_HTTP_VERSION_3ONLY)) { +--- a/lib/url.c ++++ b/lib/url.c +@@ -1170,14 +1170,14 @@ ConnectionExists(struct Curl_easy *data, + continue; + } + } ++ } + +- if(!Curl_conn_is_connected(check, FIRSTSOCKET)) { +- foundPendingCandidate = TRUE; +- /* Don't pick a connection that hasn't connected yet */ +- infof(data, "Connection #%ld isn't open enough, can't reuse", +- check->connection_id); +- continue; +- } ++ if(!Curl_conn_is_connected(check, FIRSTSOCKET)) { ++ foundPendingCandidate = TRUE; ++ /* Don't pick a connection that hasn't connected yet */ ++ infof(data, "Connection #%ld isn't open enough, can't reuse", ++ check->connection_id); ++ continue; + } + + #ifdef USE_UNIX_SOCKETS diff --git a/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-7.88.1-silent-parallel.patch b/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-7.88.1-silent-parallel.patch new file mode 100644 index 0000000000..1162067f73 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-7.88.1-silent-parallel.patch @@ -0,0 +1,20 @@ +https://github.com/curl/curl/commit/475207c1c834ecf203dc4f3bc1917ae87628b6d0 +From: Daniel Stenberg +Date: Tue, 21 Feb 2023 11:38:03 +0100 +Subject: [PATCH] tool_progress: shut off progress meter for --silent in + parallel + +Reported-by: finkjsc on github +Fixes #10573 +Closes #10579 +--- a/src/tool_progress.c ++++ b/src/tool_progress.c +@@ -173,7 +173,7 @@ bool progress_meter(struct GlobalConfig *global, + struct timeval now; + long diff; + +- if(global->noprogress) ++ if(global->noprogress || global->silent) + return FALSE; + + now = tvnow();