From e9b49484e79d54d15b11d9a204b0051aba4f8a61 Mon Sep 17 00:00:00 2001 From: Dongsu Park Date: Wed, 18 May 2022 13:24:38 +0200 Subject: [PATCH] net-misc/curl: update to 7.83.1 Update net-misc/curl to 7.83.1, mainly to address the following CVEs: CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776, CVE-2022-27778, CVE-2022-27779, CVE-2022-27780, CVE-2022-27781, CVE-2022-27782, CVE-2022-30115 --- .../portage-stable/net-misc/curl/Manifest | 13 +- ...7.78.0-r1.ebuild => curl-7.79.1-r1.ebuild} | 19 +- ...7.78.0-r3.ebuild => curl-7.80.0-r1.ebuild} | 40 +-- ...rl-7.79.0.ebuild => curl-7.81.0-r1.ebuild} | 45 +-- ...rl-7.79.1.ebuild => curl-7.82.0-r2.ebuild} | 47 ++- .../net-misc/curl/curl-7.83.0.ebuild | 290 ++++++++++++++++++ .../net-misc/curl/curl-7.83.1.ebuild | 288 +++++++++++++++++ ...url-7.79.0-http-3digit-response-code.patch | 47 --- .../curl-7.79.0-http2-connection-data.patch | 43 --- .../files/curl-7.82.0-certs-processing.patch | 27 ++ .../curl/files/curl-7.83.0-http2.patch | 30 ++ 11 files changed, 704 insertions(+), 185 deletions(-) rename sdk_container/src/third_party/portage-stable/net-misc/curl/{curl-7.78.0-r1.ebuild => curl-7.79.1-r1.ebuild} (94%) rename sdk_container/src/third_party/portage-stable/net-misc/curl/{curl-7.78.0-r3.ebuild => curl-7.80.0-r1.ebuild} (90%) rename sdk_container/src/third_party/portage-stable/net-misc/curl/{curl-7.79.0.ebuild => curl-7.81.0-r1.ebuild} (88%) rename sdk_container/src/third_party/portage-stable/net-misc/curl/{curl-7.79.1.ebuild => curl-7.82.0-r2.ebuild} (87%) create mode 100644 sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.83.0.ebuild create mode 100644 sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.83.1.ebuild delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-7.79.0-http-3digit-response-code.patch delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-7.79.0-http2-connection-data.patch create mode 100644 sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-7.82.0-certs-processing.patch create mode 100644 sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-7.83.0-http2.patch diff --git a/sdk_container/src/third_party/portage-stable/net-misc/curl/Manifest b/sdk_container/src/third_party/portage-stable/net-misc/curl/Manifest index 6ee95e4498..47dec81c65 100644 --- a/sdk_container/src/third_party/portage-stable/net-misc/curl/Manifest +++ b/sdk_container/src/third_party/portage-stable/net-misc/curl/Manifest @@ -1,3 +1,12 @@ -DIST curl-7.78.0.tar.xz 2440640 BLAKE2B 0422071ce22d38b89652c702989674a2257dd18b05004245c4f2d7494ccdd24b5b52f330629ce6a411a059d5990e8c879cbbdf23d873b881141f9d2b9ad07f7f SHA512 f72e822a0b5e28320ef547c7a441c07f3b4870579a70ab4c428751baba435a1385cb89a22b9ed4b84a7fafecf620f155911e4131e3463ec1bdad80ecde47bb7a -DIST curl-7.79.0.tar.xz 2463072 BLAKE2B c3a8a60d3c04965272b1a439a4719cfaca903daaecd6265869b9188d1b6b13be63817b9daa77260673d67330baa3d9c2d917274f939cdadc467ac64d8fcf3203 SHA512 68bccba61f18de9f94c311b0d92cfa6572bb7e55e8773917c13b25203164a5a9f4ef6b8ad84a14d3d5dcb286271bf18c3dd84c4ca353866763c726f9defce808 DIST curl-7.79.1.tar.xz 2465212 BLAKE2B 2b694f96661c0aa0a136fdae4159e0ca8e811557c5a1f0b47cccaaad122f3ddbdaa6450c3835290955baf9357e872ee105a8cb0912064af3d3e38d16beb124ad SHA512 1edb71647a7f4dbb070baf1a019b4751aefeda793ff523c504410bb5cc74e5bffc52f20dd889697d1585f9ca3c4e81b1a9caadd182c30c8358ffd25f33e4db4d +DIST curl-7.79.1.tar.xz.asc 488 BLAKE2B cf1864b15ee4b47a61a03968c4fd9526d4c8d0c5a8a0a1357de61758640e6dfda57334df1e63afd94c0064b7e61527623dd20446b27fa0130e0bf92c647d9820 SHA512 4f7930fde0a21358cf0bd8d5cbde5a05efc34202265b4744e59f49d9dc269987f47b4ead77c33e2ae03acabd7b6d6a731c69b91999eea70542f49d9ea0c2ba94 +DIST curl-7.80.0.tar.xz 2474492 BLAKE2B 0452ecb6943bc56b20ad8f1223135c9cae68cf31089b0e17e84d81af98dc5a47f5edfc271c5b4c23f232db6cea7ff5a9bffa9c7c319255d9afdb06fa5b8f761f SHA512 e04ddd74b0d5b3607a29bcf5d379d83a01c7dffa4ad3e2f25d8c85a3df7dbdb0625b0df1f04f02351695674502828e0e17e8b46c889cbf1e43f86d6e6dd716ab +DIST curl-7.80.0.tar.xz.asc 488 BLAKE2B 5cde8a91059bb19b9ee9b1aa4c3225522398a0d5837edf3d99b7f9ea758e5df2a729ce1d0a9763967c2319c30d94ba80ff50888dec07665a818216d42b91feee SHA512 e11adb85fb061bba8838f435f6afb200924f24cb7351d9a8208ec3d317d8ef8c1e16f06dedfc623acc749931015c42dcd86236a53602c6632b3a750841345b05 +DIST curl-7.81.0.tar.xz 2486388 BLAKE2B bf8a3a03564648a9d7a5b4e7a523d840230f03237cf9eb5b07dcb4f531b036eb8111c1944bedd0c1df188e09a09468b3487d24ea50781124bc33d194546691f4 SHA512 38355aaee38db04bb2babdc5fd7a88284580c836d15df754f42b104997dd344b7841be8e53b4fc91aea31db170a7d6967c4976833eb4bfe0d265c7275c4800df +DIST curl-7.81.0.tar.xz.asc 488 BLAKE2B 9280f10b14ddd95a1405fda79f8c51528c91c5e86b8f90d16d20d7f11d212e6e4391377eed971d0b0b27f5f4692c702e9d7a11705f0558ad39df38608d6a0648 SHA512 ca32a639900a9f8211005227dfb594f809c5ca5ec1eb87e944ef33cca60e4844f5b6ebe49de79fba53068e5dee9652b1d43a7d3a74e05419a2ffb5b40dab8176 +DIST curl-7.82.0.tar.xz 2446764 BLAKE2B 838accae4a45c090909cff91477a023789a79535691c80e507fd9e9712861b0c08e25ecd26079cb8ac8946cdf429a50991a7521e7b550b43c19e455625bc0750 SHA512 a977d69360d1793f8872096a21f5c0271e7ad145cd69ad45f4056a0657772f0f298b04bdb41aefd4ea5c4478352c60d80b5a118642280a07a7198aa80ffb1d57 +DIST curl-7.82.0.tar.xz.asc 488 BLAKE2B 9da4ea63671621df956aa5dc191cfc6c8d2a8b1958416ca58ffc04d43ed65b89244968588879e6bd3299ca8f60b1eccb34dede012f8a2a37acf3ca34021da958 SHA512 1f14d8ab55360ba735dff916369ee318e98767718394654ce9443b6013509b6d3ed5597685b142e9823cec7496373b709a8656515d66039c06783879655151fe +DIST curl-7.83.0.tar.xz 2472560 BLAKE2B 0669f40265a56e7549e8038ed8421680d7264bff44dcc0692cf9f5248621311be5e228314710149bf9d2ccbe739f929039e04402c1d04a1362d0bbf08cb8cdc7 SHA512 be02bb2a8a3140eff3a9046f27cd4f872ed9ddaa644af49e56e5ef7dfec84a15b01db133469269437cddc937eda73953fa8c51bb758f7e98873822cd2290d3a9 +DIST curl-7.83.0.tar.xz.asc 488 BLAKE2B a8f6dcf00f1b01b457a7eecc8364538393f414df60757f3664709c62b6007023a34ddf4ecb4688734e396031d30905b490dd0c115f09a9428db6a6be97cdf72c SHA512 8fb90f9692f4fdb82ea49f0e5151219b2334da5d3910f28e787bb688fb055b8b028ccf75cdcc15cd9f86d780d479f88f902fef7d7b9e007a4b849cb25c6c13cc +DIST curl-7.83.1.tar.xz 2474940 BLAKE2B 491427b12f082c2246ef6cb2a129340079db28bd93b4381889e7328bef1d61a79bb57cba4b8372759baa4f6e77644966ed95cfa8f839ee9db634786757fb1ce0 SHA512 2f63327d6d3687ba36fb7b8d5d3d15599eca33ebfb08681613612ea9c4b629d3b6ce4d2742fa1ebd7a997ed332001d3a4c798985f9277c83b9e7a9aecdb1b1ee +DIST curl-7.83.1.tar.xz.asc 488 BLAKE2B 78f7a6d9a32cab97e9ce26430eb2be2bc4e20552cf8c59238f30f127e9d7af5b4f9808c3fe0846c18c8f7a67b49f2f75d865d17b7760bb664872934799949441 SHA512 f0d29de315488c844eb81ed5a89ed6334910970224c8cac43e7e6f2d58c35ad0064c0b6122e69b3a34ce91f4b56873c63e2e8aea1c602ef40711bfd62a01b191 diff --git a/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.78.0-r1.ebuild b/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.79.1-r1.ebuild similarity index 94% rename from sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.78.0-r1.ebuild rename to sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.79.1-r1.ebuild index 8711f462b1..ac8292e30c 100644 --- a/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.78.0-r1.ebuild +++ b/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.79.1-r1.ebuild @@ -1,13 +1,14 @@ -# Copyright 1999-2021 Gentoo Authors +# Copyright 1999-2022 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI="7" -inherit autotools prefix multilib-minimal +inherit autotools prefix multilib-minimal verify-sig DESCRIPTION="A Client that groks URLs" HOMEPAGE="https://curl.haxx.se/" -SRC_URI="https://curl.haxx.se/download/${P}.tar.xz" +SRC_URI="https://curl.haxx.se/download/${P}.tar.xz + verify-sig? ( https://curl.haxx.se/download/${P}.tar.xz.asc )" LICENSE="curl" SLOT="0" @@ -15,7 +16,7 @@ KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 s IUSE="adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap ipv6 kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp samba +smtp ssh ssl sslv3 static-libs test telnet +tftp threads winssl zstd" IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_winssl" IUSE+=" nghttp3 quiche" -IUSE+=" elibc_Winnt" +VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/danielstenberg.asc # c-ares must be disabled for threads # only one default ssl provider can be enabled @@ -35,7 +36,7 @@ REQUIRED_USE=" # lead to lots of false negatives, bug #285669 RESTRICT="!test? ( test )" -RDEPEND="ldap? ( net-nds/openldap[${MULTILIB_USEDEP}] ) +RDEPEND="ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] ) brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] ) ssl? ( gnutls? ( @@ -80,11 +81,13 @@ RDEPEND="ldap? ( net-nds/openldap[${MULTILIB_USEDEP}] ) # fbopenssl $(use_with spnego) DEPEND="${RDEPEND}" -BDEPEND="virtual/pkgconfig +BDEPEND="dev-lang/perl + virtual/pkgconfig test? ( sys-apps/diffutils dev-lang/perl - )" + ) + verify-sig? ( sec-keys/openpgp-keys-danielstenberg )" DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} ) @@ -185,7 +188,7 @@ multilib_src_configure() { $(use_enable imap) $(use_enable ldap) $(use_enable ldap ldaps) - --disable-ntlm + --enable-ntlm --disable-ntlm-wb $(use_enable pop3) --enable-rt diff --git a/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.78.0-r3.ebuild b/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.80.0-r1.ebuild similarity index 90% rename from sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.78.0-r3.ebuild rename to sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.80.0-r1.ebuild index 2859ae2efd..f1c2d68386 100644 --- a/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.78.0-r3.ebuild +++ b/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.80.0-r1.ebuild @@ -1,26 +1,26 @@ -# Copyright 1999-2021 Gentoo Authors +# Copyright 1999-2022 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI="7" -inherit autotools prefix multilib-minimal +inherit autotools prefix multilib-minimal verify-sig DESCRIPTION="A Client that groks URLs" HOMEPAGE="https://curl.haxx.se/" -SRC_URI="https://curl.haxx.se/download/${P}.tar.xz" +SRC_URI="https://curl.haxx.se/download/${P}.tar.xz + verify-sig? ( https://curl.haxx.se/download/${P}.tar.xz.asc )" LICENSE="curl" SLOT="0" KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -IUSE="adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap ipv6 kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp samba +smtp ssh ssl sslv3 static-libs test telnet +tftp threads winssl zstd" -IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_winssl" +IUSE="adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap ipv6 kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp samba +smtp ssh ssl sslv3 static-libs test telnet +tftp threads zstd" +IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl" IUSE+=" nghttp3 quiche" -IUSE+=" elibc_Winnt" +VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/danielstenberg.asc # c-ares must be disabled for threads # only one default ssl provider can be enabled REQUIRED_USE=" - winssl? ( elibc_Winnt ) threads? ( !adns ) ssl? ( ^^ ( @@ -28,14 +28,13 @@ REQUIRED_USE=" curl_ssl_mbedtls curl_ssl_nss curl_ssl_openssl - curl_ssl_winssl ) )" # lead to lots of false negatives, bug #285669 RESTRICT="!test? ( test )" -RDEPEND="ldap? ( net-nds/openldap[${MULTILIB_USEDEP}] ) +RDEPEND="ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] ) brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] ) ssl? ( gnutls? ( @@ -76,15 +75,13 @@ RDEPEND="ldap? ( net-nds/openldap[${MULTILIB_USEDEP}] ) # curl_ssl_openssl? ( media-video/rtmpdump[-gnutls,ssl] ) # ) -# ssl providers to be added: -# fbopenssl $(use_with spnego) - DEPEND="${RDEPEND}" -BDEPEND="virtual/pkgconfig +BDEPEND="dev-lang/perl + virtual/pkgconfig test? ( sys-apps/diffutils - dev-lang/perl - )" + ) + verify-sig? ( sec-keys/openpgp-keys-danielstenberg )" DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} ) @@ -114,7 +111,7 @@ multilib_src_configure() { # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/) local myconf=() - myconf+=( --without-gnutls --without-mbedtls --without-nss --without-polarssl --without-ssl --without-winssl ) + myconf+=( --without-gnutls --without-mbedtls --without-nss --without-ssl ) myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt ) #myconf+=( --without-default-ssl-backend ) if use ssl ; then @@ -134,10 +131,6 @@ multilib_src_configure() { einfo "SSL provided by openssl" myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs ) fi - if use winssl || use curl_ssl_winssl; then - einfo "SSL provided by Windows" - myconf+=( --with-winssl ) - fi if use curl_ssl_gnutls; then einfo "Default SSL provided by gnutls" @@ -151,9 +144,6 @@ multilib_src_configure() { elif use curl_ssl_openssl; then einfo "Default SSL provided by openssl" myconf+=( --with-default-ssl-backend=openssl ) - elif use curl_ssl_winssl; then - einfo "Default SSL provided by Windows" - myconf+=( --with-default-ssl-backend=winssl ) else eerror "We can't be here because of REQUIRED_USE." fi @@ -201,7 +191,7 @@ multilib_src_configure() { --enable-dateparse --enable-dnsshuffle --enable-doh - --enable-hidden-symbols + --enable-symbol-hiding --enable-http-auth $(use_enable ipv6) --enable-largefile @@ -218,7 +208,6 @@ multilib_src_configure() { --without-amissl --without-bearssl $(use_with brotli) - --without-cyassl --without-fish-functions-dir $(use_with http2 nghttp2) --without-hyper @@ -233,7 +222,6 @@ multilib_src_configure() { --without-rustls --without-schannel --without-secure-transport - --without-spnego --without-winidn --without-wolfssl --with-zlib diff --git a/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.79.0.ebuild b/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.81.0-r1.ebuild similarity index 88% rename from sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.79.0.ebuild rename to sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.81.0-r1.ebuild index 380b1da5a4..e47b2c09b3 100644 --- a/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.79.0.ebuild +++ b/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.81.0-r1.ebuild @@ -1,26 +1,26 @@ -# Copyright 1999-2021 Gentoo Authors +# Copyright 1999-2022 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI="7" +EAPI="8" -inherit autotools prefix multilib-minimal +inherit autotools prefix multilib-minimal verify-sig DESCRIPTION="A Client that groks URLs" HOMEPAGE="https://curl.haxx.se/" -SRC_URI="https://curl.haxx.se/download/${P}.tar.xz" +SRC_URI="https://curl.haxx.se/download/${P}.tar.xz + verify-sig? ( https://curl.haxx.se/download/${P}.tar.xz.asc )" LICENSE="curl" SLOT="0" KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -IUSE="adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap ipv6 kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp samba +smtp ssh ssl sslv3 static-libs test telnet +tftp threads winssl zstd" -IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_winssl" +IUSE="adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap ipv6 kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp samba +smtp ssh ssl sslv3 static-libs test telnet +tftp threads zstd" +IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl" IUSE+=" nghttp3 quiche" -IUSE+=" elibc_Winnt" +VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/danielstenberg.asc # c-ares must be disabled for threads # only one default ssl provider can be enabled REQUIRED_USE=" - winssl? ( elibc_Winnt ) threads? ( !adns ) ssl? ( ^^ ( @@ -28,14 +28,13 @@ REQUIRED_USE=" curl_ssl_mbedtls curl_ssl_nss curl_ssl_openssl - curl_ssl_winssl ) )" # lead to lots of false negatives, bug #285669 RESTRICT="!test? ( test )" -RDEPEND="ldap? ( net-nds/openldap[${MULTILIB_USEDEP}] ) +RDEPEND="ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] ) brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] ) ssl? ( gnutls? ( @@ -76,15 +75,13 @@ RDEPEND="ldap? ( net-nds/openldap[${MULTILIB_USEDEP}] ) # curl_ssl_openssl? ( media-video/rtmpdump[-gnutls,ssl] ) # ) -# ssl providers to be added: -# fbopenssl $(use_with spnego) - DEPEND="${RDEPEND}" -BDEPEND="virtual/pkgconfig +BDEPEND="dev-lang/perl + virtual/pkgconfig test? ( sys-apps/diffutils - dev-lang/perl - )" + ) + verify-sig? ( sec-keys/openpgp-keys-danielstenberg )" DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} ) @@ -99,9 +96,6 @@ MULTILIB_CHOST_TOOLS=( PATCHES=( "${FILESDIR}"/${PN}-7.30.0-prefix.patch "${FILESDIR}"/${PN}-respect-cflags-3.patch - # Backported patches to 7.79.0 - "${FILESDIR}"/${P}-http2-connection-data.patch - "${FILESDIR}"/${P}-http-3digit-response-code.patch ) src_prepare() { @@ -117,7 +111,7 @@ multilib_src_configure() { # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/) local myconf=() - myconf+=( --without-gnutls --without-mbedtls --without-nss --without-polarssl --without-ssl --without-winssl ) + myconf+=( --without-gnutls --without-mbedtls --without-nss --without-ssl ) myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt ) #myconf+=( --without-default-ssl-backend ) if use ssl ; then @@ -137,10 +131,6 @@ multilib_src_configure() { einfo "SSL provided by openssl" myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs ) fi - if use winssl || use curl_ssl_winssl; then - einfo "SSL provided by Windows" - myconf+=( --with-winssl ) - fi if use curl_ssl_gnutls; then einfo "Default SSL provided by gnutls" @@ -154,9 +144,6 @@ multilib_src_configure() { elif use curl_ssl_openssl; then einfo "Default SSL provided by openssl" myconf+=( --with-default-ssl-backend=openssl ) - elif use curl_ssl_winssl; then - einfo "Default SSL provided by Windows" - myconf+=( --with-default-ssl-backend=winssl ) else eerror "We can't be here because of REQUIRED_USE." fi @@ -204,7 +191,7 @@ multilib_src_configure() { --enable-dateparse --enable-dnsshuffle --enable-doh - --enable-hidden-symbols + --enable-symbol-hiding --enable-http-auth $(use_enable ipv6) --enable-largefile @@ -221,7 +208,6 @@ multilib_src_configure() { --without-amissl --without-bearssl $(use_with brotli) - --without-cyassl --without-fish-functions-dir $(use_with http2 nghttp2) --without-hyper @@ -236,7 +222,6 @@ multilib_src_configure() { --without-rustls --without-schannel --without-secure-transport - --without-spnego --without-winidn --without-wolfssl --with-zlib diff --git a/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.79.1.ebuild b/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.82.0-r2.ebuild similarity index 87% rename from sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.79.1.ebuild rename to sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.82.0-r2.ebuild index 8881f8c3fa..e4a7ea60d9 100644 --- a/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.79.1.ebuild +++ b/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.82.0-r2.ebuild @@ -1,26 +1,26 @@ -# Copyright 1999-2021 Gentoo Authors +# Copyright 1999-2022 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI="7" +EAPI="8" -inherit autotools prefix multilib-minimal +inherit autotools prefix multilib-minimal verify-sig DESCRIPTION="A Client that groks URLs" HOMEPAGE="https://curl.haxx.se/" -SRC_URI="https://curl.haxx.se/download/${P}.tar.xz" +SRC_URI="https://curl.haxx.se/download/${P}.tar.xz + verify-sig? ( https://curl.haxx.se/download/${P}.tar.xz.asc )" LICENSE="curl" SLOT="0" -KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -IUSE="adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap ipv6 kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp samba +smtp ssh ssl sslv3 static-libs test telnet +tftp threads winssl zstd" -IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_winssl" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +IUSE="adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap ipv6 kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp samba +smtp ssh ssl sslv3 static-libs test telnet +tftp threads zstd" +IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl" IUSE+=" nghttp3 quiche" -IUSE+=" elibc_Winnt" +VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/danielstenberg.asc # c-ares must be disabled for threads # only one default ssl provider can be enabled REQUIRED_USE=" - winssl? ( elibc_Winnt ) threads? ( !adns ) ssl? ( ^^ ( @@ -28,14 +28,13 @@ REQUIRED_USE=" curl_ssl_mbedtls curl_ssl_nss curl_ssl_openssl - curl_ssl_winssl ) )" # lead to lots of false negatives, bug #285669 RESTRICT="!test? ( test )" -RDEPEND="ldap? ( net-nds/openldap[${MULTILIB_USEDEP}] ) +RDEPEND="ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] ) brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] ) ssl? ( gnutls? ( @@ -76,15 +75,13 @@ RDEPEND="ldap? ( net-nds/openldap[${MULTILIB_USEDEP}] ) # curl_ssl_openssl? ( media-video/rtmpdump[-gnutls,ssl] ) # ) -# ssl providers to be added: -# fbopenssl $(use_with spnego) - DEPEND="${RDEPEND}" -BDEPEND="virtual/pkgconfig +BDEPEND="dev-lang/perl + virtual/pkgconfig test? ( sys-apps/diffutils - dev-lang/perl - )" + ) + verify-sig? ( sec-keys/openpgp-keys-danielstenberg )" DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} ) @@ -99,6 +96,7 @@ MULTILIB_CHOST_TOOLS=( PATCHES=( "${FILESDIR}"/${PN}-7.30.0-prefix.patch "${FILESDIR}"/${PN}-respect-cflags-3.patch + "${FILESDIR}"/${P}-certs-processing.patch ) src_prepare() { @@ -114,7 +112,7 @@ multilib_src_configure() { # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/) local myconf=() - myconf+=( --without-gnutls --without-mbedtls --without-nss --without-polarssl --without-ssl --without-winssl ) + myconf+=( --without-gnutls --without-mbedtls --without-nss --without-ssl ) myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt ) #myconf+=( --without-default-ssl-backend ) if use ssl ; then @@ -128,16 +126,12 @@ multilib_src_configure() { fi if use nss || use curl_ssl_nss; then einfo "SSL provided by nss" - myconf+=( --with-nss ) + myconf+=( --with-nss --with-nss-deprecated ) fi if use openssl || use curl_ssl_openssl; then einfo "SSL provided by openssl" myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs ) fi - if use winssl || use curl_ssl_winssl; then - einfo "SSL provided by Windows" - myconf+=( --with-winssl ) - fi if use curl_ssl_gnutls; then einfo "Default SSL provided by gnutls" @@ -151,9 +145,6 @@ multilib_src_configure() { elif use curl_ssl_openssl; then einfo "Default SSL provided by openssl" myconf+=( --with-default-ssl-backend=openssl ) - elif use curl_ssl_winssl; then - einfo "Default SSL provided by Windows" - myconf+=( --with-default-ssl-backend=winssl ) else eerror "We can't be here because of REQUIRED_USE." fi @@ -201,7 +192,7 @@ multilib_src_configure() { --enable-dateparse --enable-dnsshuffle --enable-doh - --enable-hidden-symbols + --enable-symbol-hiding --enable-http-auth $(use_enable ipv6) --enable-largefile @@ -218,7 +209,6 @@ multilib_src_configure() { --without-amissl --without-bearssl $(use_with brotli) - --without-cyassl --without-fish-functions-dir $(use_with http2 nghttp2) --without-hyper @@ -233,7 +223,6 @@ multilib_src_configure() { --without-rustls --without-schannel --without-secure-transport - --without-spnego --without-winidn --without-wolfssl --with-zlib diff --git a/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.83.0.ebuild b/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.83.0.ebuild new file mode 100644 index 0000000000..041b6cd5a2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.83.0.ebuild @@ -0,0 +1,290 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI="8" + +inherit autotools prefix multilib-minimal verify-sig + +DESCRIPTION="A Client that groks URLs" +HOMEPAGE="https://curl.haxx.se/" +SRC_URI="https://curl.haxx.se/download/${P}.tar.xz + verify-sig? ( https://curl.haxx.se/download/${P}.tar.xz.asc )" + +LICENSE="curl" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +IUSE="adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap ipv6 kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp samba +smtp ssh ssl sslv3 static-libs test telnet +tftp threads zstd" +IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl" +IUSE+=" nghttp3 quiche" +VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/danielstenberg.asc + +# c-ares must be disabled for threads +# only one default ssl provider can be enabled +REQUIRED_USE=" + threads? ( !adns ) + ssl? ( + ^^ ( + curl_ssl_gnutls + curl_ssl_mbedtls + curl_ssl_nss + curl_ssl_openssl + ) + )" + +# lead to lots of false negatives, bug #285669 +RESTRICT="!test? ( test )" + +RDEPEND="ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] ) + brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] ) + ssl? ( + gnutls? ( + net-libs/gnutls:0=[static-libs?,${MULTILIB_USEDEP}] + dev-libs/nettle:0=[${MULTILIB_USEDEP}] + app-misc/ca-certificates + ) + mbedtls? ( + net-libs/mbedtls:0=[${MULTILIB_USEDEP}] + app-misc/ca-certificates + ) + openssl? ( + dev-libs/openssl:0=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}] + ) + nss? ( + dev-libs/nss:0[${MULTILIB_USEDEP}] + app-misc/ca-certificates + ) + ) + http2? ( net-libs/nghttp2:=[${MULTILIB_USEDEP}] ) + nghttp3? ( + net-libs/nghttp3[${MULTILIB_USEDEP}] + net-libs/ngtcp2[ssl,${MULTILIB_USEDEP}] + ) + quiche? ( >=net-libs/quiche-0.3.0[${MULTILIB_USEDEP}] ) + idn? ( net-dns/libidn2:0=[static-libs?,${MULTILIB_USEDEP}] ) + adns? ( net-dns/c-ares:0=[${MULTILIB_USEDEP}] ) + kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] ) + rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] ) + ssh? ( net-libs/libssh2[${MULTILIB_USEDEP}] ) + sys-libs/zlib[${MULTILIB_USEDEP}] + zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )" + +# Do we need to enforce the same ssl backend for curl and rtmpdump? Bug #423303 +# rtmp? ( +# media-video/rtmpdump +# curl_ssl_gnutls? ( media-video/rtmpdump[gnutls] ) +# curl_ssl_openssl? ( media-video/rtmpdump[-gnutls,ssl] ) +# ) + +DEPEND="${RDEPEND}" +BDEPEND="dev-lang/perl + virtual/pkgconfig + test? ( + sys-apps/diffutils + ) + verify-sig? ( sec-keys/openpgp-keys-danielstenberg )" + +DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} ) + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/curl/curlbuild.h +) + +MULTILIB_CHOST_TOOLS=( + /usr/bin/curl-config +) + +PATCHES=( + "${FILESDIR}"/${PN}-7.30.0-prefix.patch + "${FILESDIR}"/${PN}-respect-cflags-3.patch + # Bug 842780, fixed upstream, drop on next version bump + "${FILESDIR}"/${P}-http2.patch +) + +src_prepare() { + default + + eprefixify curl-config.in + eautoreconf +} + +multilib_src_configure() { + # We make use of the fact that later flags override earlier ones + # So start with all ssl providers off until proven otherwise + # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/) + local myconf=() + + myconf+=( --without-gnutls --without-mbedtls --without-nss --without-ssl ) + myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt ) + #myconf+=( --without-default-ssl-backend ) + if use ssl ; then + if use gnutls || use curl_ssl_gnutls; then + einfo "SSL provided by gnutls" + myconf+=( --with-gnutls --with-nettle ) + fi + if use mbedtls || use curl_ssl_mbedtls; then + einfo "SSL provided by mbedtls" + myconf+=( --with-mbedtls ) + fi + if use nss || use curl_ssl_nss; then + einfo "SSL provided by nss" + myconf+=( --with-nss --with-nss-deprecated ) + fi + if use openssl || use curl_ssl_openssl; then + einfo "SSL provided by openssl" + myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs ) + fi + + if use curl_ssl_gnutls; then + einfo "Default SSL provided by gnutls" + myconf+=( --with-default-ssl-backend=gnutls ) + elif use curl_ssl_mbedtls; then + einfo "Default SSL provided by mbedtls" + myconf+=( --with-default-ssl-backend=mbedtls ) + elif use curl_ssl_nss; then + einfo "Default SSL provided by nss" + myconf+=( --with-default-ssl-backend=nss ) + elif use curl_ssl_openssl; then + einfo "Default SSL provided by openssl" + myconf+=( --with-default-ssl-backend=openssl ) + else + eerror "We can't be here because of REQUIRED_USE." + fi + + else + einfo "SSL disabled" + fi + + # These configuration options are organized alphabetically + # within each category. This should make it easier if we + # ever decide to make any of them contingent on USE flags: + # 1) protocols first. To see them all do + # 'grep SUPPORT_PROTOCOLS configure.ac' + # 2) --enable/disable options second. + # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort + # 3) --with/without options third. + # grep -- --with configure | grep Check | awk '{ print $4 }' | sort + + myconf+=( + $(use_enable alt-svc) + --enable-crypto-auth + --enable-dict + --disable-ech + --enable-file + $(use_enable ftp) + $(use_enable gopher) + $(use_enable hsts) + --enable-http + $(use_enable imap) + $(use_enable ldap) + $(use_enable ldap ldaps) + --enable-ntlm + --disable-ntlm-wb + $(use_enable pop3) + --enable-rt + --enable-rtsp + $(use_enable samba smb) + $(use_with ssh libssh2) + $(use_enable smtp) + $(use_enable telnet) + $(use_enable tftp) + --enable-tls-srp + $(use_enable adns ares) + --enable-cookies + --enable-dateparse + --enable-dnsshuffle + --enable-doh + --enable-symbol-hiding + --enable-http-auth + $(use_enable ipv6) + --enable-largefile + --enable-manual + --enable-mime + --enable-netrc + $(use_enable progress-meter) + --enable-proxy + --disable-sspi + $(use_enable static-libs static) + $(use_enable threads threaded-resolver) + $(use_enable threads pthreads) + --disable-versioned-symbols + --without-amissl + --without-bearssl + $(use_with brotli) + --without-fish-functions-dir + $(use_with http2 nghttp2) + --without-hyper + $(use_with idn libidn2) + $(use_with kerberos gssapi "${EPREFIX}"/usr) + --without-libgsasl + --without-libpsl + --without-msh3 + $(use_with nghttp3) + $(use_with nghttp3 ngtcp2) + $(use_with quiche) + $(use_with rtmp librtmp) + --without-rustls + --without-schannel + --without-secure-transport + --without-winidn + --without-wolfssl + --with-zlib + $(use_with zstd) + ) + + ECONF_SOURCE="${S}" \ + econf "${myconf[@]}" + + if ! multilib_is_native_abi; then + # avoid building the client + sed -i -e '/SUBDIRS/s:src::' Makefile || die + sed -i -e '/SUBDIRS/s:scripts::' Makefile || die + fi + + # Fix up the pkg-config file to be more robust. + # https://github.com/curl/curl/issues/864 + local priv=() libs=() + # We always enable zlib. + libs+=( "-lz" ) + priv+=( "zlib" ) + if use http2; then + libs+=( "-lnghttp2" ) + priv+=( "libnghttp2" ) + fi + if use quiche; then + libs+=( "-lquiche" ) + priv+=( "quiche" ) + fi + if use nghttp3; then + libs+=( "-lnghttp3" "-lngtcp2" ) + priv+=( "libnghttp3" "-libtcp2" ) + fi + if use ssl && use curl_ssl_openssl; then + libs+=( "-lssl" "-lcrypto" ) + priv+=( "openssl" ) + fi + grep -q Requires.private libcurl.pc && die "need to update ebuild" + libs=$(printf '|%s' "${libs[@]}") + sed -i -r \ + -e "/^Libs.private/s:(${libs#|})( |$)::g" \ + libcurl.pc || die + echo "Requires.private: ${priv[*]}" >> libcurl.pc +} + +multilib_src_test() { + # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721 + # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches) + # -v: verbose + # -a: keep going on failure (so we see everything which breaks, not just 1st test) + # -k: keep test files after completion + # -am: automake style TAP output + # -p: print logs if test fails + # Note: if needed, we can disable tests. See e.g. Fedora's packaging + # or just read https://github.com/curl/curl/tree/master/tests#run. + multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p" +} + +multilib_src_install_all() { + einstalldocs + find "${ED}" -type f -name '*.la' -delete || die + rm -rf "${ED}"/etc/ || die +} diff --git a/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.83.1.ebuild b/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.83.1.ebuild new file mode 100644 index 0000000000..aae9efdb79 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.83.1.ebuild @@ -0,0 +1,288 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI="8" + +inherit autotools prefix multilib-minimal verify-sig + +DESCRIPTION="A Client that groks URLs" +HOMEPAGE="https://curl.haxx.se/" +SRC_URI="https://curl.haxx.se/download/${P}.tar.xz + verify-sig? ( https://curl.haxx.se/download/${P}.tar.xz.asc )" + +LICENSE="curl" +SLOT="0" +KEYWORDS="~alpha amd64 arm ~arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +IUSE="adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap ipv6 kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp samba +smtp ssh ssl sslv3 static-libs test telnet +tftp threads zstd" +IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl" +IUSE+=" nghttp3 quiche" +VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/danielstenberg.asc + +# c-ares must be disabled for threads +# only one default ssl provider can be enabled +REQUIRED_USE=" + threads? ( !adns ) + ssl? ( + ^^ ( + curl_ssl_gnutls + curl_ssl_mbedtls + curl_ssl_nss + curl_ssl_openssl + ) + )" + +# lead to lots of false negatives, bug #285669 +RESTRICT="!test? ( test )" + +RDEPEND="ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] ) + brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] ) + ssl? ( + gnutls? ( + net-libs/gnutls:0=[static-libs?,${MULTILIB_USEDEP}] + dev-libs/nettle:0=[${MULTILIB_USEDEP}] + app-misc/ca-certificates + ) + mbedtls? ( + net-libs/mbedtls:0=[${MULTILIB_USEDEP}] + app-misc/ca-certificates + ) + openssl? ( + dev-libs/openssl:0=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}] + ) + nss? ( + dev-libs/nss:0[${MULTILIB_USEDEP}] + app-misc/ca-certificates + ) + ) + http2? ( net-libs/nghttp2:=[${MULTILIB_USEDEP}] ) + nghttp3? ( + net-libs/nghttp3[${MULTILIB_USEDEP}] + net-libs/ngtcp2[ssl,${MULTILIB_USEDEP}] + ) + quiche? ( >=net-libs/quiche-0.3.0[${MULTILIB_USEDEP}] ) + idn? ( net-dns/libidn2:0=[static-libs?,${MULTILIB_USEDEP}] ) + adns? ( net-dns/c-ares:0=[${MULTILIB_USEDEP}] ) + kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] ) + rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] ) + ssh? ( net-libs/libssh2[${MULTILIB_USEDEP}] ) + sys-libs/zlib[${MULTILIB_USEDEP}] + zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )" + +# Do we need to enforce the same ssl backend for curl and rtmpdump? Bug #423303 +# rtmp? ( +# media-video/rtmpdump +# curl_ssl_gnutls? ( media-video/rtmpdump[gnutls] ) +# curl_ssl_openssl? ( media-video/rtmpdump[-gnutls,ssl] ) +# ) + +DEPEND="${RDEPEND}" +BDEPEND="dev-lang/perl + virtual/pkgconfig + test? ( + sys-apps/diffutils + ) + verify-sig? ( sec-keys/openpgp-keys-danielstenberg )" + +DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} ) + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/curl/curlbuild.h +) + +MULTILIB_CHOST_TOOLS=( + /usr/bin/curl-config +) + +PATCHES=( + "${FILESDIR}"/${PN}-7.30.0-prefix.patch + "${FILESDIR}"/${PN}-respect-cflags-3.patch +) + +src_prepare() { + default + + eprefixify curl-config.in + eautoreconf +} + +multilib_src_configure() { + # We make use of the fact that later flags override earlier ones + # So start with all ssl providers off until proven otherwise + # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/) + local myconf=() + + myconf+=( --without-gnutls --without-mbedtls --without-nss --without-ssl ) + myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt ) + #myconf+=( --without-default-ssl-backend ) + if use ssl ; then + if use gnutls || use curl_ssl_gnutls; then + einfo "SSL provided by gnutls" + myconf+=( --with-gnutls --with-nettle ) + fi + if use mbedtls || use curl_ssl_mbedtls; then + einfo "SSL provided by mbedtls" + myconf+=( --with-mbedtls ) + fi + if use nss || use curl_ssl_nss; then + einfo "SSL provided by nss" + myconf+=( --with-nss --with-nss-deprecated ) + fi + if use openssl || use curl_ssl_openssl; then + einfo "SSL provided by openssl" + myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs ) + fi + + if use curl_ssl_gnutls; then + einfo "Default SSL provided by gnutls" + myconf+=( --with-default-ssl-backend=gnutls ) + elif use curl_ssl_mbedtls; then + einfo "Default SSL provided by mbedtls" + myconf+=( --with-default-ssl-backend=mbedtls ) + elif use curl_ssl_nss; then + einfo "Default SSL provided by nss" + myconf+=( --with-default-ssl-backend=nss ) + elif use curl_ssl_openssl; then + einfo "Default SSL provided by openssl" + myconf+=( --with-default-ssl-backend=openssl ) + else + eerror "We can't be here because of REQUIRED_USE." + fi + + else + einfo "SSL disabled" + fi + + # These configuration options are organized alphabetically + # within each category. This should make it easier if we + # ever decide to make any of them contingent on USE flags: + # 1) protocols first. To see them all do + # 'grep SUPPORT_PROTOCOLS configure.ac' + # 2) --enable/disable options second. + # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort + # 3) --with/without options third. + # grep -- --with configure | grep Check | awk '{ print $4 }' | sort + + myconf+=( + $(use_enable alt-svc) + --enable-crypto-auth + --enable-dict + --disable-ech + --enable-file + $(use_enable ftp) + $(use_enable gopher) + $(use_enable hsts) + --enable-http + $(use_enable imap) + $(use_enable ldap) + $(use_enable ldap ldaps) + --enable-ntlm + --disable-ntlm-wb + $(use_enable pop3) + --enable-rt + --enable-rtsp + $(use_enable samba smb) + $(use_with ssh libssh2) + $(use_enable smtp) + $(use_enable telnet) + $(use_enable tftp) + --enable-tls-srp + $(use_enable adns ares) + --enable-cookies + --enable-dateparse + --enable-dnsshuffle + --enable-doh + --enable-symbol-hiding + --enable-http-auth + $(use_enable ipv6) + --enable-largefile + --enable-manual + --enable-mime + --enable-netrc + $(use_enable progress-meter) + --enable-proxy + --disable-sspi + $(use_enable static-libs static) + $(use_enable threads threaded-resolver) + $(use_enable threads pthreads) + --disable-versioned-symbols + --without-amissl + --without-bearssl + $(use_with brotli) + --without-fish-functions-dir + $(use_with http2 nghttp2) + --without-hyper + $(use_with idn libidn2) + $(use_with kerberos gssapi "${EPREFIX}"/usr) + --without-libgsasl + --without-libpsl + --without-msh3 + $(use_with nghttp3) + $(use_with nghttp3 ngtcp2) + $(use_with quiche) + $(use_with rtmp librtmp) + --without-rustls + --without-schannel + --without-secure-transport + --without-winidn + --without-wolfssl + --with-zlib + $(use_with zstd) + ) + + ECONF_SOURCE="${S}" \ + econf "${myconf[@]}" + + if ! multilib_is_native_abi; then + # avoid building the client + sed -i -e '/SUBDIRS/s:src::' Makefile || die + sed -i -e '/SUBDIRS/s:scripts::' Makefile || die + fi + + # Fix up the pkg-config file to be more robust. + # https://github.com/curl/curl/issues/864 + local priv=() libs=() + # We always enable zlib. + libs+=( "-lz" ) + priv+=( "zlib" ) + if use http2; then + libs+=( "-lnghttp2" ) + priv+=( "libnghttp2" ) + fi + if use quiche; then + libs+=( "-lquiche" ) + priv+=( "quiche" ) + fi + if use nghttp3; then + libs+=( "-lnghttp3" "-lngtcp2" ) + priv+=( "libnghttp3" "-libtcp2" ) + fi + if use ssl && use curl_ssl_openssl; then + libs+=( "-lssl" "-lcrypto" ) + priv+=( "openssl" ) + fi + grep -q Requires.private libcurl.pc && die "need to update ebuild" + libs=$(printf '|%s' "${libs[@]}") + sed -i -r \ + -e "/^Libs.private/s:(${libs#|})( |$)::g" \ + libcurl.pc || die + echo "Requires.private: ${priv[*]}" >> libcurl.pc +} + +multilib_src_test() { + # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721 + # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches) + # -v: verbose + # -a: keep going on failure (so we see everything which breaks, not just 1st test) + # -k: keep test files after completion + # -am: automake style TAP output + # -p: print logs if test fails + # Note: if needed, we can disable tests. See e.g. Fedora's packaging + # or just read https://github.com/curl/curl/tree/master/tests#run. + multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p" +} + +multilib_src_install_all() { + einstalldocs + find "${ED}" -type f -name '*.la' -delete || die + rm -rf "${ED}"/etc/ || die +} diff --git a/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-7.79.0-http-3digit-response-code.patch b/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-7.79.0-http-3digit-response-code.patch deleted file mode 100644 index 4fa7011326..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-7.79.0-http-3digit-response-code.patch +++ /dev/null @@ -1,47 +0,0 @@ -https://github.com/curl/curl/commit/beb8990d934a01acf103871e463d4e61afc9ded2 - -From: Daniel Stenberg -Date: Fri, 17 Sep 2021 16:31:25 +0200 -Subject: [PATCH] http: fix the broken >3 digit response code detection - -When the "reason phrase" in the HTTP status line starts with a digit, -that was treated as the forth response code digit and curl would claim -the response to be non-compliant. - -Added test 1466 to verify this case. - -Regression brought by 5dc594e44f73b17 -Reported-by: Glenn de boer -Fixes #7738 -Closes #7739 ---- a/lib/http.c -+++ b/lib/http.c -@@ -4232,9 +4232,9 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, - char separator; - char twoorthree[2]; - int httpversion = 0; -- int digit4 = -1; /* should remain untouched to be good */ -+ char digit4 = 0; - nc = sscanf(HEADER1, -- " HTTP/%1d.%1d%c%3d%1d", -+ " HTTP/%1d.%1d%c%3d%c", - &httpversion_major, - &httpversion, - &separator, -@@ -4250,13 +4250,13 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, - - /* There can only be a 4th response code digit stored in 'digit4' if - all the other fields were parsed and stored first, so nc is 5 when -- digit4 is not -1 */ -- else if(digit4 != -1) { -+ digit4 a digit */ -+ else if(ISDIGIT(digit4)) { - failf(data, "Unsupported response code in HTTP response"); - return CURLE_UNSUPPORTED_PROTOCOL; - } - -- if((nc == 4) && (' ' == separator)) { -+ if((nc >= 4) && (' ' == separator)) { - httpversion += 10 * httpversion_major; - switch(httpversion) { - case 10: diff --git a/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-7.79.0-http2-connection-data.patch b/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-7.79.0-http2-connection-data.patch deleted file mode 100644 index bdb1484d1b..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-7.79.0-http2-connection-data.patch +++ /dev/null @@ -1,43 +0,0 @@ -https://github.com/curl/curl/commit/901804ef95777b8e735a55b77f8dd630a58c575b - -From: Daniel Stenberg -Date: Thu, 16 Sep 2021 08:50:54 +0200 -Subject: [PATCH] Curl_http2_setup: don't change connection data on repeat - invokes - -Regression from 3cb8a748670ab88c (releasde in 7.79.0). That change moved -transfer oriented inits to before the check but also erroneously moved a -few connection oriented ones, which causes problems. - -Reported-by: Evangelos Foutras -Fixes #7730 -Closes #7731 ---- a/lib/http2.c -+++ b/lib/http2.c -@@ -2221,12 +2221,6 @@ CURLcode Curl_http2_setup(struct Curl_easy *data, - stream->mem = data->state.buffer; - stream->len = data->set.buffer_size; - -- httpc->inbuflen = 0; -- httpc->nread_inbuf = 0; -- -- httpc->pause_stream_id = 0; -- httpc->drain_total = 0; -- - multi_connchanged(data->multi); - /* below this point only connection related inits are done, which only needs - to be done once per connection */ -@@ -2252,6 +2246,12 @@ CURLcode Curl_http2_setup(struct Curl_easy *data, - conn->httpversion = 20; - conn->bundle->multiuse = BUNDLE_MULTIPLEX; - -+ httpc->inbuflen = 0; -+ httpc->nread_inbuf = 0; -+ -+ httpc->pause_stream_id = 0; -+ httpc->drain_total = 0; -+ - infof(data, "Connection state changed (HTTP/2 confirmed)"); - - return CURLE_OK; - diff --git a/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-7.82.0-certs-processing.patch b/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-7.82.0-certs-processing.patch new file mode 100644 index 0000000000..a62c1df20b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-7.82.0-certs-processing.patch @@ -0,0 +1,27 @@ +https://github.com/curl/curl/issues/8559 +https://bugs.gentoo.org/836629 + +From 911714d617c106ed5d553bf003e34ec94ab6a136 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Tue, 8 Mar 2022 13:38:13 +0100 +Subject: [PATCH] openssl: fix CN check error code + +Due to a missing 'else' this returns error too easily. + +Regressed in: d15692ebb + +Reported-by: Kristoffer Gleditsch +Fixes #8559 +Closes #8560 +--- a/lib/vtls/openssl.c ++++ b/lib/vtls/openssl.c +@@ -1817,7 +1817,8 @@ CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn, + memcpy(peer_CN, ASN1_STRING_get0_data(tmp), peerlen); + peer_CN[peerlen] = '\0'; + } +- result = CURLE_OUT_OF_MEMORY; ++ else ++ result = CURLE_OUT_OF_MEMORY; + } + } + else /* not a UTF8 name */ diff --git a/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-7.83.0-http2.patch b/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-7.83.0-http2.patch new file mode 100644 index 0000000000..ede69a177b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-7.83.0-http2.patch @@ -0,0 +1,30 @@ +Bug: https://bugs.gentoo.org/842780, https://github.com/curl/curl/pull/8768 +https://github.com/curl/curl/commit/6eb7fb37d901ed1e4ce07cbd628ee11bf02db1f3 + +From 6eb7fb37d901ed1e4ce07cbd628ee11bf02db1f3 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Thu, 28 Apr 2022 17:11:50 +0200 +Subject: [PATCH] mbedtls: fix compile when h2-enabled + +Fixes #8766 +Reported-by: LigH-de on github +Closes #8768 +--- + lib/vtls/mbedtls.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c +index 64f57c5d8321..5f9b87e6b75b 100644 +--- a/lib/vtls/mbedtls.c ++++ b/lib/vtls/mbedtls.c +@@ -815,8 +815,8 @@ mbed_connect_step2(struct Curl_easy *data, struct connectdata *conn, + if(next_protocol) { + infof(data, VTLS_INFOF_ALPN_ACCEPTED_1STR, next_protocol); + #ifdef USE_HTTP2 +- if(!strncmp(next_protocol, ALPN_H2, ALPN_H2_LEN) && +- !next_protocol[ALPN_H2_LEN]) { ++ if(!strncmp(next_protocol, ALPN_H2, ALPN_H2_LENGTH) && ++ !next_protocol[ALPN_H2_LENGTH]) { + conn->negnpn = CURL_HTTP_VERSION_2; + } + else