net-misc/curl: Sync with Gentoo

It's from Gentoo commit 91d61efd7851b7c912c7ce0b45bc10889f2cf61e.
2025-08-16 09:26:58 +02:00 · 2022-11-21 07:16:13 +00:00 · 2022-11-21 07:16:13 +00:00 · f2628ae573
commit f2628ae573
parent 8b460493b2
3 changed files with 91 additions and 2 deletions
--- a/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.86.0-r2.ebuild
+++ b/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.86.0-r2.ebuild
@ -115,7 +115,7 @@ multilib_src_configure() {
 	myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt  )
 	#myconf+=( --without-default-ssl-backend )
 	if use ssl ; then
-		myconf+=( -without-gnutls --without-mbedtls --without-nss )
+		myconf+=( --without-gnutls --without-mbedtls --without-nss )

 		if use gnutls || use curl_ssl_gnutls; then
 			einfo "SSL provided by gnutls"
--- a/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.86.0-r3.ebuild
+++ b/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.86.0-r3.ebuild
@ -95,6 +95,9 @@ MULTILIB_CHOST_TOOLS=(
 PATCHES=(
 	"${FILESDIR}"/${PN}-7.30.0-prefix.patch
 	"${FILESDIR}"/${PN}-respect-cflags-3.patch
+	"${FILESDIR}"/${P}-proxy-noproxy-tailmatching.patch
+	"${FILESDIR}"/${P}-proxy-noproxy-match-comma.patch
+	"${FILESDIR}"/${P}-noproxy-tailmatch-like-in-7.85.0-and-earlier.patch
 )

 src_prepare() {
@ -110,10 +113,11 @@ multilib_src_configure() {
 	# TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
 	local myconf=()

-	myconf+=( --without-gnutls --without-mbedtls --without-nss --without-ssl )
 	myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt  )
 	#myconf+=( --without-default-ssl-backend )
 	if use ssl ; then
+		myconf+=( --without-gnutls --without-mbedtls --without-nss )
+
 		if use gnutls || use curl_ssl_gnutls; then
 			einfo "SSL provided by gnutls"
 			myconf+=( --with-gnutls --with-nettle )
@ -148,6 +152,7 @@ multilib_src_configure() {
 		fi

 	else
+		myconf+=( --without-ssl )
 		einfo "SSL disabled"
 	fi

--- a/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-7.86.0-noproxy-tailmatch-like-in-7.85.0-and-earlier.patch
+++ b/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-7.86.0-noproxy-tailmatch-like-in-7.85.0-and-earlier.patch
@ -0,0 +1,84 @@
+https://github.com/curl/curl/issues/9842
+https://github.com/curl/curl/commit/b1953c1933b369b1217ef0f16053e26da63488c3
+
+From b1953c1933b369b1217ef0f16053e26da63488c3 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Sun, 6 Nov 2022 23:19:51 +0100
+Subject: [PATCH] noproxy: tailmatch like in 7.85.0 and earlier
+
+A regfression in 7.86.0 (via 1e9a538e05c010) made the tailmatch work
+differently than before. This restores the logic to how it used to work:
+
+All names listed in NO_PROXY are tailmatched against the used domain
+name, if the lengths are identical it needs a full match.
+
+Update the docs, update test 1614.
+
+Reported-by: Stuart Henderson
+Fixes #9842
+Closes #9858
+---
+ docs/libcurl/opts/CURLOPT_NOPROXY.3 |  4 ----
+ lib/noproxy.c                       | 32 +++++++++++++++--------------
+ tests/unit/unit1614.c               |  3 ++-
+ 3 files changed, 19 insertions(+), 20 deletions(-)
+
+diff --git a/docs/libcurl/opts/CURLOPT_NOPROXY.3 b/docs/libcurl/opts/CURLOPT_NOPROXY.3
+index 5e4c32130431..dc3cf7c10833 100644
+--- a/docs/libcurl/opts/CURLOPT_NOPROXY.3
+++ b/docs/libcurl/opts/CURLOPT_NOPROXY.3
+@@ -40,10 +40,6 @@ list is matched as either a domain which contains the hostname, or the
+ hostname itself. For example, "ample.com" would match ample.com, ample.com:80,
+ and www.ample.com, but not www.example.com or ample.com.org.
+ 
+-If the name in the \fInoproxy\fP list has a leading period, it is a domain
+-match against the provided host name. This way ".example.com" will switch off
+-proxy use for both "www.example.com" as well as for "foo.example.com".
+-
+ Setting the \fInoproxy\fP string to "" (an empty string) will explicitly
+ enable the proxy for all host names, even if there is an environment variable
+ set for it.
+diff --git a/lib/noproxy.c b/lib/noproxy.c
+index 2832ae166a5b..fb856e4faa72 100644
+--- a/lib/noproxy.c
+++ b/lib/noproxy.c
+@@ -187,22 +187,24 @@ bool Curl_check_noproxy(const char *name, const char *no_proxy)
+             tokenlen--;
+ 
+           if(tokenlen && (*token == '.')) {
+-            /* A: example.com matches '.example.com'
+-               B: www.example.com matches '.example.com'
+-               C: nonexample.com DOES NOT match '.example.com'
+-            */
+-            if((tokenlen - 1) == namelen)
+-              /* case A, exact match without leading dot */
+-              match = strncasecompare(token + 1, name, namelen);
+-            else if(tokenlen < namelen)
+-              /* case B, tailmatch with leading dot */
+-              match = strncasecompare(token, name + (namelen - tokenlen),
+-                                      tokenlen);
+-            /* case C passes through, not a match */
+            /* ignore leading token dot as well */
+            token++;
+            tokenlen--;
+           }
+-          else
+-            match = (tokenlen == namelen) &&
+-              strncasecompare(token, name, namelen);
+          /* A: example.com matches 'example.com'
+             B: www.example.com matches 'example.com'
+             C: nonexample.com DOES NOT match 'example.com'
+          */
+          if(tokenlen == namelen)
+            /* case A, exact match */
+            match = strncasecompare(token, name, namelen);
+          else if(tokenlen < namelen) {
+            /* case B, tailmatch domain */
+            match = (name[namelen - tokenlen - 1] == '.') &&
+              strncasecompare(token, name + (namelen - tokenlen),
+                              tokenlen);
+          }
+          /* case C passes through, not a match */
+           break;
+         case TYPE_IPV4:
+           /* FALLTHROUGH */