From f87e201a9b26ffc2cd2178e2b6cdb7b379ff2a1b Mon Sep 17 00:00:00 2001 From: Flatcar Buildbot Date: Mon, 5 Jun 2023 07:14:27 +0000 Subject: [PATCH] net-misc/curl: Sync with Gentoo It's from Gentoo commit eca7a62a071f953c342f310591a6b8dc9a11cdd1. --- .../portage-stable/net-misc/curl/Manifest | 4 + .../net-misc/curl/curl-8.0.1.ebuild | 4 +- ...curl-8.1.0.ebuild => curl-8.1.0-r1.ebuild} | 7 +- .../net-misc/curl/curl-8.1.1.ebuild | 332 ++++++++++++++++++ .../net-misc/curl/curl-8.1.2.ebuild | 330 +++++++++++++++++ .../net-misc/curl/curl-9999.ebuild | 328 +++++++++++++++++ .../curl/files/curl-8.1.0-header-length.patch | 86 +++++ .../files/curl-8.1.0-numeric-hostname.patch | 227 ++++++++++++ .../files/curl-8.1.1-configure-compiler.patch | 73 ++++ .../curl/files/curl-8.1.1-hanging-http2.patch | 36 ++ ...-7.30.0-prefix.patch => curl-prefix.patch} | 0 11 files changed, 1423 insertions(+), 4 deletions(-) rename sdk_container/src/third_party/portage-stable/net-misc/curl/{curl-8.1.0.ebuild => curl-8.1.0-r1.ebuild} (97%) create mode 100644 sdk_container/src/third_party/portage-stable/net-misc/curl/curl-8.1.1.ebuild create mode 100644 sdk_container/src/third_party/portage-stable/net-misc/curl/curl-8.1.2.ebuild create mode 100644 sdk_container/src/third_party/portage-stable/net-misc/curl/curl-9999.ebuild create mode 100644 sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-8.1.0-header-length.patch create mode 100644 sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-8.1.0-numeric-hostname.patch create mode 100644 sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-8.1.1-configure-compiler.patch create mode 100644 sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-8.1.1-hanging-http2.patch rename sdk_container/src/third_party/portage-stable/net-misc/curl/files/{curl-7.30.0-prefix.patch => curl-prefix.patch} (100%) diff --git a/sdk_container/src/third_party/portage-stable/net-misc/curl/Manifest b/sdk_container/src/third_party/portage-stable/net-misc/curl/Manifest index 23d9927115..11654edee6 100644 --- a/sdk_container/src/third_party/portage-stable/net-misc/curl/Manifest +++ b/sdk_container/src/third_party/portage-stable/net-misc/curl/Manifest @@ -2,3 +2,7 @@ DIST curl-8.0.1.tar.xz 2575544 BLAKE2B 67d82e9d71f0a351b5c2ed3ad5eab02e367ded872 DIST curl-8.0.1.tar.xz.asc 488 BLAKE2B 452e1bebe1028e7621bbf8829e50cf56e254cd63a8cf2a4c0332176b9f18fb2821304ae556a203996d273c986bddbd04db2218c18fd34dee66e9155861ba50ce SHA512 92c6a0570e9a8a708fe2f717b8b37a68dcb9cd4520ca50c9baafec5891bda103bce2d2dcb67f1387bf11bd7e51e0e64ccd52d196e61d58b598ad3aa1960386cf DIST curl-8.1.0.tar.xz 2612568 BLAKE2B 768a824b8f5f6ddaa073599c4106f07a8134bcbe0e0d666390be1bce16ba25386d85930853bb47bc90b2c8a499a0b2abb9c685042563801e0fe58b9c315ac6cc SHA512 b99926f372ddd715cd1d2b54d8fb96b26b085e6501715e25aa57b6c6a7f8452473506ddb284e2f280f8afdb301b7f0c3bfde7ad7ed393b12c022430a9301096d DIST curl-8.1.0.tar.xz.asc 488 BLAKE2B c1a8e50eddc7dd140af2af29736eb486e96a6d3b67a9161244daa86558f65522527380c92597a5f10e5dad187f0bda6ac5b9cadc29386bef4492bc047c77b423 SHA512 191a74c7a6b6aa78b7f36e1535fda0701bde8b333a61c90343e1f1b2d65cc5097b5febc5fa42b2f373795ef1b34078790deaaa71c8aaa45eed1c753729a45f3d +DIST curl-8.1.1.tar.xz 2613348 BLAKE2B 465a3237335e73665086ac43f5c66cfbab7e9b163e1ae0e2345da82f9c736d87fccf4d76369cc069abc29621f10db7ddbf22d0337db9ca85042bb12438d4aaed SHA512 d034b1ab9c00e8a0acf7ba6c6344734945d45666b4f38394f5456fcd9b22623146a897270861b7411412ca25c912e1bbf24eb139a6dfc1a8c00d098b3b925399 +DIST curl-8.1.1.tar.xz.asc 488 BLAKE2B c92017d0fe4933d6c27d833944c231967263607a7871a658e0cbb9de46f7df8dfbec141e269296caf17ced004fb2b237b8311ec9f7bf98f03fb405b5755950fc SHA512 6a71c18d67de8c340b5d80c7452a82c00f7ef466f690eec12edcd6123aee6866e8a0e757e1cc6c9af87a63fdeaafbc9fc1b1a4e2e0fd8a75b5952d4738fd0b27 +DIST curl-8.1.2.tar.xz 2612652 BLAKE2B 66d0828912bb9971dac99025aa8b5c1c2fac1f8b568f2a8a97bd9f66986bdb164b603b539ec3e123cd6a26ea65829e58c90fc9852be88b42074cf40c89c566d1 SHA512 532ab96eba6dea66d272f3be56f5af5c5da922480f9a10e203de98037c311f12f8145ba6bf813831e42815e068874ccfd108f84f7650743f5dbb3ebc3bc9c4f4 +DIST curl-8.1.2.tar.xz.asc 488 BLAKE2B 304dbdb51aa113c0b70b2662e29b1be3294b04f5f00264ce60703756363999cd567dcd0301e27b294d1d53f16ecc016ba429fcbea240949b372750f7e6e7375a SHA512 d120299a2d59259aeb19ae0fa3a3e181e25b6927677187037c61a0901879956177ce8dda10764073a47848f81dcbbcb94e0b6008742994042b6b8fd194e169c3 diff --git a/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-8.0.1.ebuild b/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-8.0.1.ebuild index 9158a1ed7a..4f21364a91 100644 --- a/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-8.0.1.ebuild +++ b/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-8.0.1.ebuild @@ -15,7 +15,7 @@ SRC_URI=" LICENSE="curl" SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" IUSE="+adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd" IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_rustls" IUSE+=" nghttp3" @@ -106,7 +106,7 @@ QA_CONFIG_IMPL_DECL_SKIP=( ) PATCHES=( - "${FILESDIR}"/${PN}-7.30.0-prefix.patch + "${FILESDIR}"/${PN}-prefix.patch "${FILESDIR}"/${PN}-respect-cflags-3.patch # Backports diff --git a/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-8.1.0.ebuild b/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-8.1.0-r1.ebuild similarity index 97% rename from sdk_container/src/third_party/portage-stable/net-misc/curl/curl-8.1.0.ebuild rename to sdk_container/src/third_party/portage-stable/net-misc/curl/curl-8.1.0-r1.ebuild index 12be62edfe..cf964b638b 100644 --- a/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-8.1.0.ebuild +++ b/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-8.1.0-r1.ebuild @@ -15,7 +15,7 @@ SRC_URI=" LICENSE="curl" SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" IUSE="+adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd" IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_rustls" IUSE+=" nghttp3" @@ -106,8 +106,11 @@ QA_CONFIG_IMPL_DECL_SKIP=( ) PATCHES=( - "${FILESDIR}"/${PN}-7.30.0-prefix.patch + "${FILESDIR}"/${PN}-prefix.patch "${FILESDIR}"/${PN}-respect-cflags-3.patch + ### Backports + "${FILESDIR}"/${P}-numeric-hostname.patch + "${FILESDIR}"/${P}-header-length.patch ) src_prepare() { diff --git a/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-8.1.1.ebuild b/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-8.1.1.ebuild new file mode 100644 index 0000000000..e59f768b09 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-8.1.1.ebuild @@ -0,0 +1,332 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/danielstenberg.asc +inherit autotools multilib-minimal prefix verify-sig + +DESCRIPTION="A Client that groks URLs" +HOMEPAGE="https://curl.se/" + +if [[ ${PV} == 9999 ]]; then + inherit git-r3 + EGIT_REPO_URI="https://github.com/curl/curl.git" +else + SRC_URI=" + https://curl.se/download/${P}.tar.xz + verify-sig? ( https://curl.se/download/${P}.tar.xz.asc ) + " + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" +fi + +LICENSE="curl" +SLOT="0" +IUSE="+adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd" +# These select the default SSL implementation +IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_rustls" +IUSE+=" nghttp3" +RESTRICT="!test? ( test )" + +# Only one default ssl provider can be enabled +# The default ssl provider needs its USE satisfied +REQUIRED_USE=" + ssl? ( + ^^ ( + curl_ssl_gnutls + curl_ssl_mbedtls + curl_ssl_nss + curl_ssl_openssl + curl_ssl_rustls + ) + ) + curl_ssl_gnutls? ( gnutls ) + curl_ssl_mbedtls? ( mbedtls ) + curl_ssl_nss? ( nss ) + curl_ssl_openssl? ( openssl ) + curl_ssl_rustls? ( rustls ) +" + +RDEPEND=" + sys-libs/zlib[${MULTILIB_USEDEP}] + adns? ( net-dns/c-ares:=[${MULTILIB_USEDEP}] ) + brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] ) + http2? ( net-libs/nghttp2:=[${MULTILIB_USEDEP}] ) + idn? ( net-dns/libidn2:=[static-libs?,${MULTILIB_USEDEP}] ) + kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] ) + ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] ) + nghttp3? ( + net-libs/nghttp3[${MULTILIB_USEDEP}] + net-libs/ngtcp2[ssl,${MULTILIB_USEDEP}] + ) + rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] ) + ssh? ( net-libs/libssh2[${MULTILIB_USEDEP}] ) + ssl? ( + gnutls? ( + app-misc/ca-certificates + net-libs/gnutls:=[static-libs?,${MULTILIB_USEDEP}] + dev-libs/nettle:=[${MULTILIB_USEDEP}] + ) + mbedtls? ( + app-misc/ca-certificates + net-libs/mbedtls:=[${MULTILIB_USEDEP}] + ) + nss? ( + app-misc/ca-certificates + dev-libs/nss[${MULTILIB_USEDEP}] + dev-libs/nss-pem + ) + openssl? ( + dev-libs/openssl:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}] + ) + rustls? ( + net-libs/rustls-ffi:=[${MULTILIB_USEDEP}] + ) + ) + zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] ) +" +DEPEND="${RDEPEND}" +BDEPEND=" + dev-lang/perl + virtual/pkgconfig + test? ( + sys-apps/diffutils + http2? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] ) + nghttp3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] ) + ) + verify-sig? ( sec-keys/openpgp-keys-danielstenberg ) +" + +DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} ) + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/curl/curlbuild.h +) + +MULTILIB_CHOST_TOOLS=( + /usr/bin/curl-config +) + +QA_CONFIG_IMPL_DECL_SKIP=( + __builtin_available + closesocket + CloseSocket + getpass_r + ioctlsocket + IoctlSocket + mach_absolute_time + setmode +) + +PATCHES=( + "${FILESDIR}"/${PN}-prefix.patch + "${FILESDIR}"/${PN}-respect-cflags-3.patch + + ### Backports + "${FILESDIR}"/${P}-hanging-http2.patch + "${FILESDIR}"/${P}-configure-compiler.patch +) + +src_prepare() { + default + + eprefixify curl-config.in + eautoreconf +} + +multilib_src_configure() { + # We make use of the fact that later flags override earlier ones + # So start with all ssl providers off until proven otherwise + # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/) + local myconf=() + + myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt ) + if use ssl ; then + myconf+=( --without-gnutls --without-mbedtls --without-nss --without-rustls ) + + if use gnutls; then + einfo "SSL provided by gnutls" + myconf+=( --with-gnutls ) + fi + if use mbedtls; then + einfo "SSL provided by mbedtls" + myconf+=( --with-mbedtls ) + fi + if use nss; then + einfo "SSL provided by nss" + myconf+=( --with-nss --with-nss-deprecated ) + fi + if use openssl; then + einfo "SSL provided by openssl" + myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs ) + fi + if use rustls; then + einfo "SSL provided by rustls" + myconf+=( --with-rustls ) + fi + if use curl_ssl_gnutls; then + einfo "Default SSL provided by gnutls" + myconf+=( --with-default-ssl-backend=gnutls ) + elif use curl_ssl_mbedtls; then + einfo "Default SSL provided by mbedtls" + myconf+=( --with-default-ssl-backend=mbedtls ) + elif use curl_ssl_nss; then + einfo "Default SSL provided by nss" + myconf+=( --with-default-ssl-backend=nss ) + elif use curl_ssl_openssl; then + einfo "Default SSL provided by openssl" + myconf+=( --with-default-ssl-backend=openssl ) + elif use curl_ssl_rustls; then + einfo "Default SSL provided by rustls" + myconf+=( --with-default-ssl-backend=rustls ) + else + eerror "We can't be here because of REQUIRED_USE." + fi + + else + myconf+=( --without-ssl ) + einfo "SSL disabled" + fi + + # These configuration options are organized alphabetically + # within each category. This should make it easier if we + # ever decide to make any of them contingent on USE flags: + # 1) protocols first. To see them all do + # 'grep SUPPORT_PROTOCOLS configure.ac' + # 2) --enable/disable options second. + # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort + # 3) --with/without options third. + # grep -- --with configure | grep Check | awk '{ print $4 }' | sort + + myconf+=( + $(use_enable alt-svc) + --enable-crypto-auth + --enable-dict + --disable-ech + --enable-file + $(use_enable ftp) + $(use_enable gopher) + $(use_enable hsts) + --enable-http + $(use_enable imap) + $(use_enable ldap) + $(use_enable ldap ldaps) + --enable-ntlm + --disable-ntlm-wb + $(use_enable pop3) + --enable-rt + --enable-rtsp + $(use_enable samba smb) + $(use_with ssh libssh2) + $(use_enable smtp) + $(use_enable telnet) + $(use_enable tftp) + --enable-tls-srp + $(use_enable adns ares) + --enable-cookies + --enable-dateparse + --enable-dnsshuffle + --enable-doh + --enable-symbol-hiding + --enable-http-auth + --enable-ipv6 + --enable-largefile + --enable-manual + --enable-mime + --enable-netrc + $(use_enable progress-meter) + --enable-proxy + --enable-socketpair + --disable-sspi + $(use_enable static-libs static) + --enable-pthreads + --enable-threaded-resolver + --disable-versioned-symbols + --without-amissl + --without-bearssl + $(use_with brotli) + --without-fish-functions-dir + $(use_with http2 nghttp2) + --without-hyper + $(use_with idn libidn2) + $(use_with kerberos gssapi "${EPREFIX}"/usr) + --without-libgsasl + --without-libpsl + --without-msh3 + $(use_with nghttp3) + $(use_with nghttp3 ngtcp2) + --without-quiche + $(use_with rtmp librtmp) + --without-schannel + --without-secure-transport + --without-test-caddy + --without-test-httpd + --without-test-nghttpx + $(use_enable websockets) + --without-winidn + --without-wolfssl + --with-zlib + $(use_with zstd) + ) + + if use test && multilib_is_native_abi && ( use http2 || use nghttp3 ); then + myconf+=( + --with-test-nghttpx="${BROOT}/usr/bin/nghttpx" + ) + fi + + ECONF_SOURCE="${S}" econf "${myconf[@]}" + + if ! multilib_is_native_abi; then + # Avoid building the client (we just want libcurl for multilib) + sed -i -e '/SUBDIRS/s:src::' Makefile || die + sed -i -e '/SUBDIRS/s:scripts::' Makefile || die + fi + + # Fix up the pkg-config file to be more robust. + # https://github.com/curl/curl/issues/864 + local priv=() libs=() + # We always enable zlib. + libs+=( "-lz" ) + priv+=( "zlib" ) + if use http2; then + libs+=( "-lnghttp2" ) + priv+=( "libnghttp2" ) + fi + if use nghttp3; then + libs+=( "-lnghttp3" "-lngtcp2" ) + priv+=( "libnghttp3" "libngtcp2" ) + fi + if use ssl && use curl_ssl_openssl; then + libs+=( "-lssl" "-lcrypto" ) + priv+=( "openssl" ) + fi + grep -q Requires.private libcurl.pc && die "need to update ebuild" + libs=$(printf '|%s' "${libs[@]}") + sed -i -r \ + -e "/^Libs.private/s:(${libs#|})( |$)::g" \ + libcurl.pc || die + echo "Requires.private: ${priv[*]}" >> libcurl.pc || die +} + +multilib_src_test() { + # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721 + # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches) + # -v: verbose + # -a: keep going on failure (so we see everything which breaks, not just 1st test) + # -k: keep test files after completion + # -am: automake style TAP output + # -p: print logs if test fails + # Note: if needed, we can skip specific tests. See e.g. Fedora's packaging + # or just read https://github.com/curl/curl/tree/master/tests#run. + # Note: we don't run the testsuite for cross-compilation. + # The network sandbox causes tests 241 and 1083 to fail; these are typically skipped + # as most gentoo users don't have an 'ip6-localhost' + multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p !241 !1083" +} + +multilib_src_install_all() { + einstalldocs + find "${ED}" -type f -name '*.la' -delete || die + rm -rf "${ED}"/etc/ || die +} diff --git a/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-8.1.2.ebuild b/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-8.1.2.ebuild new file mode 100644 index 0000000000..550db16e60 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-8.1.2.ebuild @@ -0,0 +1,330 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/danielstenberg.asc +inherit autotools multilib-minimal prefix verify-sig + +DESCRIPTION="A Client that groks URLs" +HOMEPAGE="https://curl.se/" + +if [[ ${PV} == 9999 ]]; then + inherit git-r3 + EGIT_REPO_URI="https://github.com/curl/curl.git" +else + SRC_URI=" + https://curl.se/download/${P}.tar.xz + verify-sig? ( https://curl.se/download/${P}.tar.xz.asc ) + " + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" +fi + +LICENSE="curl" +SLOT="0" +IUSE="+adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd" +# These select the default SSL implementation +IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_rustls" +IUSE+=" nghttp3" +RESTRICT="!test? ( test )" + +# Only one default ssl provider can be enabled +# The default ssl provider needs its USE satisfied +REQUIRED_USE=" + ssl? ( + ^^ ( + curl_ssl_gnutls + curl_ssl_mbedtls + curl_ssl_nss + curl_ssl_openssl + curl_ssl_rustls + ) + ) + curl_ssl_gnutls? ( gnutls ) + curl_ssl_mbedtls? ( mbedtls ) + curl_ssl_nss? ( nss ) + curl_ssl_openssl? ( openssl ) + curl_ssl_rustls? ( rustls ) +" + +RDEPEND=" + sys-libs/zlib[${MULTILIB_USEDEP}] + adns? ( net-dns/c-ares:=[${MULTILIB_USEDEP}] ) + brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] ) + http2? ( net-libs/nghttp2:=[${MULTILIB_USEDEP}] ) + idn? ( net-dns/libidn2:=[static-libs?,${MULTILIB_USEDEP}] ) + kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] ) + ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] ) + nghttp3? ( + net-libs/nghttp3[${MULTILIB_USEDEP}] + net-libs/ngtcp2[ssl,${MULTILIB_USEDEP}] + ) + rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] ) + ssh? ( net-libs/libssh2[${MULTILIB_USEDEP}] ) + ssl? ( + gnutls? ( + app-misc/ca-certificates + net-libs/gnutls:=[static-libs?,${MULTILIB_USEDEP}] + dev-libs/nettle:=[${MULTILIB_USEDEP}] + ) + mbedtls? ( + app-misc/ca-certificates + net-libs/mbedtls:=[${MULTILIB_USEDEP}] + ) + nss? ( + app-misc/ca-certificates + dev-libs/nss[${MULTILIB_USEDEP}] + dev-libs/nss-pem + ) + openssl? ( + dev-libs/openssl:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}] + ) + rustls? ( + net-libs/rustls-ffi:=[${MULTILIB_USEDEP}] + ) + ) + zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] ) +" +DEPEND="${RDEPEND}" +BDEPEND=" + dev-lang/perl + virtual/pkgconfig + test? ( + sys-apps/diffutils + http2? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] ) + nghttp3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] ) + ) + verify-sig? ( sec-keys/openpgp-keys-danielstenberg ) +" + +DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} ) + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/curl/curlbuild.h +) + +MULTILIB_CHOST_TOOLS=( + /usr/bin/curl-config +) + +QA_CONFIG_IMPL_DECL_SKIP=( + __builtin_available + closesocket + CloseSocket + getpass_r + ioctlsocket + IoctlSocket + mach_absolute_time + setmode +) + +PATCHES=( + "${FILESDIR}"/${PN}-prefix.patch + "${FILESDIR}"/${PN}-respect-cflags-3.patch +) + +src_prepare() { + default + + eprefixify curl-config.in + eautoreconf +} + +multilib_src_configure() { + # We make use of the fact that later flags override earlier ones + # So start with all ssl providers off until proven otherwise + # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/) + local myconf=() + + myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt ) + if use ssl ; then + myconf+=( --without-gnutls --without-mbedtls --without-nss --without-rustls ) + + if use gnutls; then + multilib_is_native_abi && einfo "SSL provided by gnutls" + myconf+=( --with-gnutls ) + fi + if use mbedtls; then + multilib_is_native_abi && einfo "SSL provided by mbedtls" + myconf+=( --with-mbedtls ) + fi + if use nss; then + multilib_is_native_abi && einfo "SSL provided by nss" + myconf+=( --with-nss --with-nss-deprecated ) + fi + if use openssl; then + multilib_is_native_abi && einfo "SSL provided by openssl" + myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs ) + fi + if use rustls; then + multilib_is_native_abi && einfo "SSL provided by rustls" + myconf+=( --with-rustls ) + fi + if use curl_ssl_gnutls; then + multilib_is_native_abi && einfo "Default SSL provided by gnutls" + myconf+=( --with-default-ssl-backend=gnutls ) + elif use curl_ssl_mbedtls; then + multilib_is_native_abi && einfo "Default SSL provided by mbedtls" + myconf+=( --with-default-ssl-backend=mbedtls ) + elif use curl_ssl_nss; then + multilib_is_native_abi && einfo "Default SSL provided by nss" + myconf+=( --with-default-ssl-backend=nss ) + elif use curl_ssl_openssl; then + multilib_is_native_abi && einfo "Default SSL provided by openssl" + myconf+=( --with-default-ssl-backend=openssl ) + elif use curl_ssl_rustls; then + multilib_is_native_abi && einfo "Default SSL provided by rustls" + myconf+=( --with-default-ssl-backend=rustls ) + else + eerror "We can't be here because of REQUIRED_USE." + fi + + else + myconf+=( --without-ssl ) + einfo "SSL disabled" + fi + + # These configuration options are organized alphabetically + # within each category. This should make it easier if we + # ever decide to make any of them contingent on USE flags: + # 1) protocols first. To see them all do + # 'grep SUPPORT_PROTOCOLS configure.ac' + # 2) --enable/disable options second. + # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort + # 3) --with/without options third. + # grep -- --with configure | grep Check | awk '{ print $4 }' | sort + + myconf+=( + $(use_enable alt-svc) + --enable-crypto-auth + --enable-dict + --disable-ech + --enable-file + $(use_enable ftp) + $(use_enable gopher) + $(use_enable hsts) + --enable-http + $(use_enable imap) + $(use_enable ldap) + $(use_enable ldap ldaps) + --enable-ntlm + --disable-ntlm-wb + $(use_enable pop3) + --enable-rt + --enable-rtsp + $(use_enable samba smb) + $(use_with ssh libssh2) + $(use_enable smtp) + $(use_enable telnet) + $(use_enable tftp) + --enable-tls-srp + $(use_enable adns ares) + --enable-cookies + --enable-dateparse + --enable-dnsshuffle + --enable-doh + --enable-symbol-hiding + --enable-http-auth + --enable-ipv6 + --enable-largefile + --enable-manual + --enable-mime + --enable-netrc + $(use_enable progress-meter) + --enable-proxy + --enable-socketpair + --disable-sspi + $(use_enable static-libs static) + --enable-pthreads + --enable-threaded-resolver + --disable-versioned-symbols + --without-amissl + --without-bearssl + $(use_with brotli) + --without-fish-functions-dir + $(use_with http2 nghttp2) + --without-hyper + $(use_with idn libidn2) + $(use_with kerberos gssapi "${EPREFIX}"/usr) + --without-libgsasl + --without-libpsl + --without-msh3 + $(use_with nghttp3) + $(use_with nghttp3 ngtcp2) + --without-quiche + $(use_with rtmp librtmp) + --without-schannel + --without-secure-transport + --without-test-caddy + --without-test-httpd + --without-test-nghttpx + $(use_enable websockets) + --without-winidn + --without-wolfssl + --with-zlib + $(use_with zstd) + ) + + if use test && multilib_is_native_abi && ( use http2 || use nghttp3 ); then + myconf+=( + --with-test-nghttpx="${BROOT}/usr/bin/nghttpx" + ) + fi + + ECONF_SOURCE="${S}" econf "${myconf[@]}" + + if ! multilib_is_native_abi; then + # Avoid building the client (we just want libcurl for multilib) + sed -i -e '/SUBDIRS/s:src::' Makefile || die + sed -i -e '/SUBDIRS/s:scripts::' Makefile || die + fi + + # Fix up the pkg-config file to be more robust. + # https://github.com/curl/curl/issues/864 + local priv=() libs=() + # We always enable zlib. + libs+=( "-lz" ) + priv+=( "zlib" ) + if use http2; then + libs+=( "-lnghttp2" ) + priv+=( "libnghttp2" ) + fi + if use nghttp3; then + libs+=( "-lnghttp3" "-lngtcp2" ) + priv+=( "libnghttp3" "libngtcp2" ) + fi + if use ssl && use curl_ssl_openssl; then + libs+=( "-lssl" "-lcrypto" ) + priv+=( "openssl" ) + fi + grep -q Requires.private libcurl.pc && die "need to update ebuild" + libs=$(printf '|%s' "${libs[@]}") + sed -i -r \ + -e "/^Libs.private/s:(${libs#|})( |$)::g" \ + libcurl.pc || die + echo "Requires.private: ${priv[*]}" >> libcurl.pc || die +} + +# There is also a pytest harness that tests for bugs in some very specific +# situations; we can rely on upstream for this rather than adding additional test deps. +multilib_src_test() { + # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721 + # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches) + # -v: verbose + # -a: keep going on failure (so we see everything which breaks, not just 1st test) + # -k: keep test files after completion + # -am: automake style TAP output + # -p: print logs if test fails + # Note: if needed, we can skip specific tests. See e.g. Fedora's packaging + # or just read https://github.com/curl/curl/tree/master/tests#run. + # Note: we don't run the testsuite for cross-compilation. + # The network sandbox causes tests 241 and 1083 to fail; these are typically skipped + # as most gentoo users don't have an 'ip6-localhost' + multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p !241 !1083" +} + +multilib_src_install_all() { + einstalldocs + find "${ED}" -type f -name '*.la' -delete || die + rm -rf "${ED}"/etc/ || die +} diff --git a/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-9999.ebuild b/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-9999.ebuild new file mode 100644 index 0000000000..bd074d8035 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-9999.ebuild @@ -0,0 +1,328 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/danielstenberg.asc +inherit autotools multilib-minimal prefix verify-sig + +DESCRIPTION="A Client that groks URLs" +HOMEPAGE="https://curl.se/" + +if [[ ${PV} == 9999 ]]; then + inherit git-r3 + EGIT_REPO_URI="https://github.com/curl/curl.git" +else + SRC_URI=" + https://curl.se/download/${P}.tar.xz + verify-sig? ( https://curl.se/download/${P}.tar.xz.asc ) + " + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" +fi + +LICENSE="curl" +SLOT="0" +IUSE="+adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd" +# These select the default SSL implementation +IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_rustls" +IUSE+=" nghttp3" +RESTRICT="!test? ( test )" + +# Only one default ssl provider can be enabled +# The default ssl provider needs its USE satisfied +REQUIRED_USE=" + ssl? ( + ^^ ( + curl_ssl_gnutls + curl_ssl_mbedtls + curl_ssl_nss + curl_ssl_openssl + curl_ssl_rustls + ) + ) + curl_ssl_gnutls? ( gnutls ) + curl_ssl_mbedtls? ( mbedtls ) + curl_ssl_nss? ( nss ) + curl_ssl_openssl? ( openssl ) + curl_ssl_rustls? ( rustls ) +" + +RDEPEND=" + sys-libs/zlib[${MULTILIB_USEDEP}] + adns? ( net-dns/c-ares:=[${MULTILIB_USEDEP}] ) + brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] ) + http2? ( net-libs/nghttp2:=[${MULTILIB_USEDEP}] ) + idn? ( net-dns/libidn2:=[static-libs?,${MULTILIB_USEDEP}] ) + kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] ) + ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] ) + nghttp3? ( + net-libs/nghttp3[${MULTILIB_USEDEP}] + net-libs/ngtcp2[ssl,${MULTILIB_USEDEP}] + ) + rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] ) + ssh? ( net-libs/libssh2[${MULTILIB_USEDEP}] ) + ssl? ( + gnutls? ( + app-misc/ca-certificates + net-libs/gnutls:=[static-libs?,${MULTILIB_USEDEP}] + dev-libs/nettle:=[${MULTILIB_USEDEP}] + ) + mbedtls? ( + app-misc/ca-certificates + net-libs/mbedtls:=[${MULTILIB_USEDEP}] + ) + nss? ( + app-misc/ca-certificates + dev-libs/nss[${MULTILIB_USEDEP}] + dev-libs/nss-pem + ) + openssl? ( + dev-libs/openssl:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}] + ) + rustls? ( + net-libs/rustls-ffi:=[${MULTILIB_USEDEP}] + ) + ) + zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] ) +" +DEPEND="${RDEPEND}" +BDEPEND=" + dev-lang/perl + virtual/pkgconfig + test? ( + sys-apps/diffutils + http2? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] ) + nghttp3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] ) + ) + verify-sig? ( sec-keys/openpgp-keys-danielstenberg ) +" + +DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} ) + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/curl/curlbuild.h +) + +MULTILIB_CHOST_TOOLS=( + /usr/bin/curl-config +) + +QA_CONFIG_IMPL_DECL_SKIP=( + __builtin_available + closesocket + CloseSocket + getpass_r + ioctlsocket + IoctlSocket + mach_absolute_time + setmode +) + +PATCHES=( + "${FILESDIR}"/${PN}-prefix.patch + "${FILESDIR}"/${PN}-respect-cflags-3.patch +) + +src_prepare() { + default + + eprefixify curl-config.in + eautoreconf +} + +multilib_src_configure() { + # We make use of the fact that later flags override earlier ones + # So start with all ssl providers off until proven otherwise + # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/) + local myconf=() + + myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt ) + if use ssl ; then + myconf+=( --without-gnutls --without-mbedtls --without-nss --without-rustls ) + + if use gnutls; then + multilib_is_native_abi && einfo "SSL provided by gnutls" + myconf+=( --with-gnutls ) + fi + if use mbedtls; then + multilib_is_native_abi && einfo "SSL provided by mbedtls" + myconf+=( --with-mbedtls ) + fi + if use nss; then + multilib_is_native_abi && einfo "SSL provided by nss" + myconf+=( --with-nss --with-nss-deprecated ) + fi + if use openssl; then + multilib_is_native_abi && einfo "SSL provided by openssl" + myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs ) + fi + if use rustls; then + multilib_is_native_abi && einfo "SSL provided by rustls" + myconf+=( --with-rustls ) + fi + if use curl_ssl_gnutls; then + multilib_is_native_abi && einfo "Default SSL provided by gnutls" + myconf+=( --with-default-ssl-backend=gnutls ) + elif use curl_ssl_mbedtls; then + multilib_is_native_abi && einfo "Default SSL provided by mbedtls" + myconf+=( --with-default-ssl-backend=mbedtls ) + elif use curl_ssl_nss; then + multilib_is_native_abi && einfo "Default SSL provided by nss" + myconf+=( --with-default-ssl-backend=nss ) + elif use curl_ssl_openssl; then + multilib_is_native_abi && einfo "Default SSL provided by openssl" + myconf+=( --with-default-ssl-backend=openssl ) + elif use curl_ssl_rustls; then + multilib_is_native_abi && einfo "Default SSL provided by rustls" + myconf+=( --with-default-ssl-backend=rustls ) + else + eerror "We can't be here because of REQUIRED_USE." + fi + + else + myconf+=( --without-ssl ) + einfo "SSL disabled" + fi + + # These configuration options are organized alphabetically + # within each category. This should make it easier if we + # ever decide to make any of them contingent on USE flags: + # 1) protocols first. To see them all do + # 'grep SUPPORT_PROTOCOLS configure.ac' + # 2) --enable/disable options second. + # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort + # 3) --with/without options third. + # grep -- --with configure | grep Check | awk '{ print $4 }' | sort + + myconf+=( + $(use_enable alt-svc) + --enable-crypto-auth + --enable-dict + --disable-ech + --enable-file + $(use_enable ftp) + $(use_enable gopher) + $(use_enable hsts) + --enable-http + $(use_enable imap) + $(use_enable ldap) + $(use_enable ldap ldaps) + --enable-ntlm + --disable-ntlm-wb + $(use_enable pop3) + --enable-rt + --enable-rtsp + $(use_enable samba smb) + $(use_with ssh libssh2) + $(use_enable smtp) + $(use_enable telnet) + $(use_enable tftp) + --enable-tls-srp + $(use_enable adns ares) + --enable-cookies + --enable-dateparse + --enable-dnsshuffle + --enable-doh + --enable-symbol-hiding + --enable-http-auth + --enable-ipv6 + --enable-largefile + --enable-manual + --enable-mime + --enable-netrc + $(use_enable progress-meter) + --enable-proxy + --enable-socketpair + --disable-sspi + $(use_enable static-libs static) + --enable-pthreads + --enable-threaded-resolver + --disable-versioned-symbols + --without-amissl + --without-bearssl + $(use_with brotli) + --without-fish-functions-dir + $(use_with http2 nghttp2) + --without-hyper + $(use_with idn libidn2) + $(use_with kerberos gssapi "${EPREFIX}"/usr) + --without-libgsasl + --without-libpsl + --without-msh3 + $(use_with nghttp3) + $(use_with nghttp3 ngtcp2) + --without-quiche + $(use_with rtmp librtmp) + --without-schannel + --without-secure-transport + --without-test-caddy + --without-test-httpd + --without-test-nghttpx + $(use_enable websockets) + --without-winidn + --without-wolfssl + --with-zlib + $(use_with zstd) + ) + + if use test && multilib_is_native_abi && ( use http2 || use nghttp3 ); then + myconf+=( + --with-test-nghttpx="${BROOT}/usr/bin/nghttpx" + ) + fi + + ECONF_SOURCE="${S}" econf "${myconf[@]}" + + if ! multilib_is_native_abi; then + # Avoid building the client (we just want libcurl for multilib) + sed -i -e '/SUBDIRS/s:src::' Makefile || die + sed -i -e '/SUBDIRS/s:scripts::' Makefile || die + fi + + # Fix up the pkg-config file to be more robust. + # https://github.com/curl/curl/issues/864 + local priv=() libs=() + # We always enable zlib. + libs+=( "-lz" ) + priv+=( "zlib" ) + if use http2; then + libs+=( "-lnghttp2" ) + priv+=( "libnghttp2" ) + fi + if use nghttp3; then + libs+=( "-lnghttp3" "-lngtcp2" ) + priv+=( "libnghttp3" "libngtcp2" ) + fi + if use ssl && use curl_ssl_openssl; then + libs+=( "-lssl" "-lcrypto" ) + priv+=( "openssl" ) + fi + grep -q Requires.private libcurl.pc && die "need to update ebuild" + libs=$(printf '|%s' "${libs[@]}") + sed -i -r \ + -e "/^Libs.private/s:(${libs#|})( |$)::g" \ + libcurl.pc || die + echo "Requires.private: ${priv[*]}" >> libcurl.pc || die +} + +# There is also a pytest harness that tests for bugs in some very specific +# situations; we can rely on upstream for this rather than adding additional test deps. +multilib_src_test() { + # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721 + # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches) + # -v: verbose + # -a: keep going on failure (so we see everything which breaks, not just 1st test) + # -k: keep test files after completion + # -am: automake style TAP output + # -p: print logs if test fails + # Note: if needed, we can skip specific tests. See e.g. Fedora's packaging + # or just read https://github.com/curl/curl/tree/master/tests#run. + # Note: we don't run the testsuite for cross-compilation. + multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p" +} + +multilib_src_install_all() { + einstalldocs + find "${ED}" -type f -name '*.la' -delete || die + rm -rf "${ED}"/etc/ || die +} diff --git a/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-8.1.0-header-length.patch b/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-8.1.0-header-length.patch new file mode 100644 index 0000000000..6229fd817f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-8.1.0-header-length.patch @@ -0,0 +1,86 @@ +https://github.com/curl/curl/commit/77c9a9845bbee66f3aff158b8452dc8cd963cbd5.patch +From: =?UTF-8?q?Emilio=20Cobos=20=C3=81lvarez?= +Date: Thu, 18 May 2023 18:22:57 +0200 +Subject: [PATCH] http2: double http request parser max line length + +This works around #11138, by doubling the limit, and should be a +relatively safe fix. + +Ideally the buffer would grow as needed and there would be no need for a +limit? But that might be follow-up material. + +Fixes #11138 +Closes #11139 +--- + lib/http1.h | 2 ++ + lib/http2.c | 2 +- + lib/vquic/curl_msh3.c | 2 +- + lib/vquic/curl_ngtcp2.c | 2 +- + lib/vquic/curl_quiche.c | 2 +- + 5 files changed, 6 insertions(+), 4 deletions(-) + +diff --git a/lib/http1.h b/lib/http1.h +index c2d107587a6f8..8acb9db401a95 100644 +--- a/lib/http1.h ++++ b/lib/http1.h +@@ -33,6 +33,8 @@ + #define H1_PARSE_OPT_NONE (0) + #define H1_PARSE_OPT_STRICT (1 << 0) + ++#define H1_PARSE_DEFAULT_MAX_LINE_LEN (8 * 1024) ++ + struct h1_req_parser { + struct http_req *req; + struct bufq scratch; +diff --git a/lib/http2.c b/lib/http2.c +index 47e6f71393156..4e3b182b8d815 100644 +--- a/lib/http2.c ++++ b/lib/http2.c +@@ -1860,7 +1860,7 @@ static ssize_t h2_submit(struct stream_ctx **pstream, + nghttp2_priority_spec pri_spec; + ssize_t nwritten; + +- Curl_h1_req_parse_init(&h1, (4*1024)); ++ Curl_h1_req_parse_init(&h1, H1_PARSE_DEFAULT_MAX_LINE_LEN); + Curl_dynhds_init(&h2_headers, 0, DYN_HTTP_REQUEST); + + *err = http2_data_setup(cf, data, &stream); +diff --git a/lib/vquic/curl_msh3.c b/lib/vquic/curl_msh3.c +index 40e89379fc402..173886739b6dc 100644 +--- a/lib/vquic/curl_msh3.c ++++ b/lib/vquic/curl_msh3.c +@@ -575,7 +575,7 @@ static ssize_t cf_msh3_send(struct Curl_cfilter *cf, struct Curl_easy *data, + + CF_DATA_SAVE(save, cf, data); + +- Curl_h1_req_parse_init(&h1, (4*1024)); ++ Curl_h1_req_parse_init(&h1, H1_PARSE_DEFAULT_MAX_LINE_LEN); + Curl_dynhds_init(&h2_headers, 0, DYN_HTTP_REQUEST); + + /* Sizes must match for cast below to work" */ +diff --git a/lib/vquic/curl_ngtcp2.c b/lib/vquic/curl_ngtcp2.c +index 05f960afdffa1..7794f148c6ec9 100644 +--- a/lib/vquic/curl_ngtcp2.c ++++ b/lib/vquic/curl_ngtcp2.c +@@ -1550,7 +1550,7 @@ static ssize_t h3_stream_open(struct Curl_cfilter *cf, + nghttp3_data_reader reader; + nghttp3_data_reader *preader = NULL; + +- Curl_h1_req_parse_init(&h1, (4*1024)); ++ Curl_h1_req_parse_init(&h1, H1_PARSE_DEFAULT_MAX_LINE_LEN); + Curl_dynhds_init(&h2_headers, 0, DYN_HTTP_REQUEST); + + *err = h3_data_setup(cf, data); +diff --git a/lib/vquic/curl_quiche.c b/lib/vquic/curl_quiche.c +index 392b9beb83c59..c63e8e10a22e0 100644 +--- a/lib/vquic/curl_quiche.c ++++ b/lib/vquic/curl_quiche.c +@@ -913,7 +913,7 @@ static ssize_t h3_open_stream(struct Curl_cfilter *cf, + DEBUGASSERT(stream); + } + +- Curl_h1_req_parse_init(&h1, (4*1024)); ++ Curl_h1_req_parse_init(&h1, H1_PARSE_DEFAULT_MAX_LINE_LEN); + Curl_dynhds_init(&h2_headers, 0, DYN_HTTP_REQUEST); + + DEBUGASSERT(stream); diff --git a/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-8.1.0-numeric-hostname.patch b/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-8.1.0-numeric-hostname.patch new file mode 100644 index 0000000000..6a0dd1382d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-8.1.0-numeric-hostname.patch @@ -0,0 +1,227 @@ +https://github.com/curl/curl/commit/92772e6d395bbdda0e7822d980caf86e8c4aa51c.patch +From: Daniel Stenberg +Date: Thu, 18 May 2023 00:31:17 +0200 +Subject: [PATCH] urlapi: allow numerical parts in the host name + +It can only be an IPv4 address if all parts are all digits and no more than +four parts, otherwise it is a host name. Even slightly wrong IPv4 will now be +passed through as a host name. + +Regression from 17a15d88467 shipped in 8.1.0 + +Extended test 1560 accordingly. + +Reported-by: Pavel Kalyugin +Fixes #11129 +Closes #11131 +--- a/lib/urlapi.c ++++ b/lib/urlapi.c +@@ -34,6 +34,7 @@ + #include "inet_ntop.h" + #include "strdup.h" + #include "idn.h" ++#include "curl_memrchr.h" + + /* The last 3 #include files should be in this order */ + #include "curl_printf.h" +@@ -643,8 +644,8 @@ static CURLUcode hostname_check(struct Curl_URL *u, char *hostname, + * Handle partial IPv4 numerical addresses and different bases, like + * '16843009', '0x7f', '0x7f.1' '0177.1.1.1' etc. + * +- * If the given input string is syntactically wrong or any part for example is +- * too big, this function returns FALSE and doesn't create any output. ++ * If the given input string is syntactically wrong IPv4 or any part for ++ * example is too big, this function returns HOST_NAME. + * + * Output the "normalized" version of that input string in plain quad decimal + * integers. +@@ -675,7 +676,7 @@ static int ipv4_normalize(struct dynbuf *host) + unsigned long l; + if(!ISDIGIT(*c)) + /* most importantly this doesn't allow a leading plus or minus */ +- return n ? HOST_BAD : HOST_NAME; ++ return HOST_NAME; + l = strtoul(c, &endp, 0); + + parts[n] = l; +@@ -684,7 +685,7 @@ static int ipv4_normalize(struct dynbuf *host) + switch(*c) { + case '.': + if(n == 3) +- return HOST_BAD; ++ return HOST_NAME; + n++; + c++; + break; +@@ -694,39 +695,40 @@ static int ipv4_normalize(struct dynbuf *host) + break; + + default: +- return n ? HOST_BAD : HOST_NAME; ++ return HOST_NAME; + } + + /* overflow */ + if((l == ULONG_MAX) && (errno == ERANGE)) +- return HOST_BAD; ++ return HOST_NAME; + + #if SIZEOF_LONG > 4 + /* a value larger than 32 bits */ + if(l > UINT_MAX) +- return HOST_BAD; ++ return HOST_NAME; + #endif + } + +- /* this is a valid IPv4 numerical address */ +- Curl_dyn_reset(host); +- + switch(n) { + case 0: /* a -- 32 bits */ ++ Curl_dyn_reset(host); ++ + result = Curl_dyn_addf(host, "%u.%u.%u.%u", + parts[0] >> 24, (parts[0] >> 16) & 0xff, + (parts[0] >> 8) & 0xff, parts[0] & 0xff); + break; + case 1: /* a.b -- 8.24 bits */ + if((parts[0] > 0xff) || (parts[1] > 0xffffff)) +- return HOST_BAD; ++ return HOST_NAME; ++ Curl_dyn_reset(host); + result = Curl_dyn_addf(host, "%u.%u.%u.%u", + parts[0], (parts[1] >> 16) & 0xff, + (parts[1] >> 8) & 0xff, parts[1] & 0xff); + break; + case 2: /* a.b.c -- 8.8.16 bits */ + if((parts[0] > 0xff) || (parts[1] > 0xff) || (parts[2] > 0xffff)) +- return HOST_BAD; ++ return HOST_NAME; ++ Curl_dyn_reset(host); + result = Curl_dyn_addf(host, "%u.%u.%u.%u", + parts[0], parts[1], (parts[2] >> 8) & 0xff, + parts[2] & 0xff); +@@ -734,7 +736,8 @@ static int ipv4_normalize(struct dynbuf *host) + case 3: /* a.b.c.d -- 8.8.8.8 bits */ + if((parts[0] > 0xff) || (parts[1] > 0xff) || (parts[2] > 0xff) || + (parts[3] > 0xff)) +- return HOST_BAD; ++ return HOST_NAME; ++ Curl_dyn_reset(host); + result = Curl_dyn_addf(host, "%u.%u.%u.%u", + parts[0], parts[1], parts[2], parts[3]); + break; +@@ -796,6 +799,9 @@ static CURLUcode parse_authority(struct Curl_URL *u, + if(result) + goto out; + ++ if(!Curl_dyn_len(host)) ++ return CURLUE_NO_HOST; ++ + switch(ipv4_normalize(host)) { + case HOST_IPV4: + break; +--- a/tests/libtest/lib1560.c ++++ b/tests/libtest/lib1560.c +@@ -474,6 +474,13 @@ static const struct testcase get_parts_list[] ={ + }; + + static const struct urltestcase get_url_list[] = { ++ {"https://1.0x1000000", "https://1.0x1000000/", 0, 0, CURLUE_OK}, ++ {"https://0x7f.1", "https://127.0.0.1/", 0, 0, CURLUE_OK}, ++ {"https://1.2.3.256.com", "https://1.2.3.256.com/", 0, 0, CURLUE_OK}, ++ {"https://10.com", "https://10.com/", 0, 0, CURLUE_OK}, ++ {"https://1.2.com", "https://1.2.com/", 0, 0, CURLUE_OK}, ++ {"https://1.2.3.com", "https://1.2.3.com/", 0, 0, CURLUE_OK}, ++ {"https://1.2.com.99", "https://1.2.com.99/", 0, 0, CURLUE_OK}, + {"https://[fe80::0000:20c:29ff:fe9c:409b]:80/moo", + "https://[fe80::20c:29ff:fe9c:409b]:80/moo", + 0, 0, CURLUE_OK}, +@@ -522,22 +529,24 @@ static const struct urltestcase get_url_list[] = { + + /* IPv4 trickeries */ + {"https://16843009", "https://1.1.1.1/", 0, 0, CURLUE_OK}, +- {"https://0x7f.1", "https://127.0.0.1/", 0, 0, CURLUE_OK}, + {"https://0177.1", "https://127.0.0.1/", 0, 0, CURLUE_OK}, + {"https://0111.02.0x3", "https://73.2.0.3/", 0, 0, CURLUE_OK}, ++ {"https://0111.02.0x3.", "https://0111.02.0x3./", 0, 0, CURLUE_OK}, ++ {"https://0111.02.030", "https://73.2.0.24/", 0, 0, CURLUE_OK}, ++ {"https://0111.02.030.", "https://0111.02.030./", 0, 0, CURLUE_OK}, + {"https://0xff.0xff.0377.255", "https://255.255.255.255/", 0, 0, CURLUE_OK}, + {"https://1.0xffffff", "https://1.255.255.255/", 0, 0, CURLUE_OK}, + /* IPv4 numerical overflows or syntax errors will not normalize */ + {"https://a127.0.0.1", "https://a127.0.0.1/", 0, 0, CURLUE_OK}, + {"https://\xff.127.0.0.1", "https://%FF.127.0.0.1/", 0, CURLU_URLENCODE, + CURLUE_OK}, +- {"https://127.-0.0.1", "https://127.-0.0.1/", 0, 0, CURLUE_BAD_HOSTNAME}, ++ {"https://127.-0.0.1", "https://127.-0.0.1/", 0, 0, CURLUE_OK}, + {"https://127.0. 1", "https://127.0.0.1/", 0, 0, CURLUE_MALFORMED_INPUT}, +- {"https://1.0x1000000", "https://1.0x1000000/", 0, 0, CURLUE_BAD_HOSTNAME}, +- {"https://1.2.3.256", "https://1.2.3.256/", 0, 0, CURLUE_BAD_HOSTNAME}, +- {"https://1.2.3.4.5", "https://1.2.3.4.5/", 0, 0, CURLUE_BAD_HOSTNAME}, +- {"https://1.2.0x100.3", "https://1.2.0x100.3/", 0, 0, CURLUE_BAD_HOSTNAME}, +- {"https://4294967296", "https://4294967296/", 0, 0, CURLUE_BAD_HOSTNAME}, ++ {"https://1.2.3.256", "https://1.2.3.256/", 0, 0, CURLUE_OK}, ++ {"https://1.2.3.256.", "https://1.2.3.256./", 0, 0, CURLUE_OK}, ++ {"https://1.2.3.4.5", "https://1.2.3.4.5/", 0, 0, CURLUE_OK}, ++ {"https://1.2.0x100.3", "https://1.2.0x100.3/", 0, 0, CURLUE_OK}, ++ {"https://4294967296", "https://4294967296/", 0, 0, CURLUE_OK}, + {"https://123host", "https://123host/", 0, 0, CURLUE_OK}, + /* 40 bytes scheme is the max allowed */ + {"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA://hostname/path", +@@ -599,20 +608,11 @@ static const struct urltestcase get_url_list[] = { + 0, 0, CURLUE_OK}, + /* here the password has the semicolon */ + {"http://user:pass;word@host/file", +- "http://user:pass;word@host/file", +- 0, 0, CURLUE_OK}, +- {"file:///file.txt#moo", +- "file:///file.txt#moo", +- 0, 0, CURLUE_OK}, +- {"file:////file.txt", +- "file:////file.txt", +- 0, 0, CURLUE_OK}, +- {"file:///file.txt", +- "file:///file.txt", +- 0, 0, CURLUE_OK}, +- {"file:./", +- "file://", +- 0, 0, CURLUE_BAD_SCHEME}, ++ "http://user:pass;word@host/file", 0, 0, CURLUE_OK}, ++ {"file:///file.txt#moo", "file:///file.txt#moo", 0, 0, CURLUE_OK}, ++ {"file:////file.txt", "file:////file.txt", 0, 0, CURLUE_OK}, ++ {"file:///file.txt", "file:///file.txt", 0, 0, CURLUE_OK}, ++ {"file:./", "file://", 0, 0, CURLUE_OK}, + {"http://example.com/hello/../here", + "http://example.com/hello/../here", + CURLU_PATH_AS_IS, 0, CURLUE_OK}, +@@ -1124,7 +1124,7 @@ static int get_url(void) + } + curl_free(url); + } +- else if(rc != get_url_list[i].ucode) { ++ if(rc != get_url_list[i].ucode) { + fprintf(stderr, "Get URL\nin: %s\nreturned %d (expected %d)\n", + get_url_list[i].in, (int)rc, get_url_list[i].ucode); + error++; +@@ -1515,6 +1515,9 @@ int test(char *URL) + { + (void)URL; /* not used */ + ++ if(get_url()) ++ return 3; ++ + if(huge()) + return 9; + +@@ -1533,9 +1536,6 @@ int test(char *URL) + if(set_parts()) + return 2; + +- if(get_url()) +- return 3; +- + if(get_parts()) + return 4; + diff --git a/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-8.1.1-configure-compiler.patch b/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-8.1.1-configure-compiler.patch new file mode 100644 index 0000000000..f769b35880 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-8.1.1-configure-compiler.patch @@ -0,0 +1,73 @@ +The check for "basic compiler options" hangs otherwise. + +https://github.com/curl/curl/commit/471dab2da0c6b2b08ca2b96a1da0a4825e2c3c36 +https://github.com/curl/curl/commit/c4a019603b82a08c3572591a9393df0818ee02f6 + +From 471dab2da0c6b2b08ca2b96a1da0a4825e2c3c36 Mon Sep 17 00:00:00 2001 +From: Christian Hesse +Date: Tue, 23 May 2023 09:40:18 +0200 +Subject: [PATCH] configure: quote the assignments for run-compiler + +Building for multilib failed, as the compiler command contains an +extra argument. That needs quoting. + +Regression from b78ca50cb3dda361f9c1 + +Fixes #11179 +Closes #11180 +--- a/configure.ac ++++ b/configure.ac +@@ -193,8 +193,8 @@ dnl something different but only have that affect the execution of the results + dnl of the compile, not change the libraries for the compiler itself. + dnl + compilersh="run-compiler" +-echo "CC=$CC" > $compilersh +-echo "LD_LIBRARY_PATH=$LD_LIBRARY_PATH" >> $compilersh ++echo "CC=\"$CC\"" > $compilersh ++echo "LD_LIBRARY_PATH=\"$LD_LIBRARY_PATH\"" >> $compilersh + echo 'exec $CC $@' >> $compilersh + + dnl ********************************************************************** + +From c4a019603b82a08c3572591a9393df0818ee02f6 Mon Sep 17 00:00:00 2001 +From: Emanuele Torre +Date: Tue, 23 May 2023 11:59:59 +0200 +Subject: [PATCH] configure: fix build with arbitrary CC and LD_LIBRARY_PATH + +Since ./configure and processes that inherit its environment variables +are the only callers of the run-compiler script, we can just save the +current value of the LD_LIBRARY_PATH and CC variables to another pair of +environment variables, and make run-compiler a static script that +simply restores CC and LD_LIBRARY_PATH to the saved value, and before +running the compiler. + +This avoids having to inject the values of the variables in the script, +possibly causing problems if they contains spaces, quotes, and other +special characters. + +Also add exports in the script just in case LD_LIBRARY_PATH and CC are +not already in the environment. + +follow-up from 471dab2 + +Closes #11182 +--- a/configure.ac ++++ b/configure.ac +@@ -193,9 +193,13 @@ dnl something different but only have that affect the execution of the results + dnl of the compile, not change the libraries for the compiler itself. + dnl + compilersh="run-compiler" +-echo "CC=\"$CC\"" > $compilersh +-echo "LD_LIBRARY_PATH=\"$LD_LIBRARY_PATH\"" >> $compilersh +-echo 'exec $CC $@' >> $compilersh ++export "CURL_SAVED_CC=$CC" ++export "CURL_SAVED_LD_LIBRARY_PATH=$LD_LIBRARY_PATH" ++cat <<\EOF > "$compilersh" ++export "CC=$CURL_SAVED_CC" ++export "LD_LIBRARY_PATH=$CURL_SAVED_LD_LIBRARY_PATH" ++exec $CC "$@" ++EOF + + dnl ********************************************************************** + dnl See which TLS backend(s) that are requested. Just do all the + diff --git a/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-8.1.1-hanging-http2.patch b/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-8.1.1-hanging-http2.patch new file mode 100644 index 0000000000..4777c4dd35 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-8.1.1-hanging-http2.patch @@ -0,0 +1,36 @@ +https://github.com/curl/curl/commit/5c58cb0212bcf63cce33a974906bf9905948b4bb +From: Stefan Eissing +Date: Wed, 24 May 2023 18:48:16 +0200 +Subject: [PATCH] http2: fix EOF handling on uploads with auth negotiation + +- doing a POST with `--digest` does an override on the initial request + with `Content-Length: 0`, but the http2 filter was unaware of that + and expected the originally request body. It did therefore not + send a final DATA frame with EOF flag to the server. +- The fix overrides any initial notion of post size when the `done_send` + event is triggered by the transfer loop, leading to the EOF that + is necessary. +- refs #11194. The fault did not happen in testing, as Apache httpd + never tries to read the request body of the initial request, + sends the 401 reply and closes the stream. The server used in the + reported issue however tried to read the EOF and timed out on the + request. + +Reported-by: Aleksander Mazur +Fixes #11194 +Cloes #11200 +--- a/lib/http2.c ++++ b/lib/http2.c +@@ -1527,10 +1527,8 @@ static CURLcode http2_data_done_send(struct Curl_cfilter *cf, + if(!stream->send_closed) { + stream->send_closed = TRUE; + if(stream->upload_left) { +- /* If we operated with unknown length, we now know that everything +- * that is buffered is all we have to send. */ +- if(stream->upload_left == -1) +- stream->upload_left = Curl_bufq_len(&stream->sendbuf); ++ /* we now know that everything that is buffered is all there is. */ ++ stream->upload_left = Curl_bufq_len(&stream->sendbuf); + /* resume sending here to trigger the callback to get called again so + that it can signal EOF to nghttp2 */ + (void)nghttp2_session_resume_data(ctx->h2, stream->id); diff --git a/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-7.30.0-prefix.patch b/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-prefix.patch similarity index 100% rename from sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-7.30.0-prefix.patch rename to sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-prefix.patch