gentoo auto-resync : 10:11:2024 - 03:03:09

11 files changed, 890 insertions, 3 deletions

diff --git a/net-misc/curl/Manifest b/net-misc/curl/Manifest
index 76b20535124a..05a0125999f1 100644
--- a/net-misc/curl/Manifest
+++ b/net-misc/curl/Manifest
@@ -1,3 +1,10 @@
+AUX curl-8.11.0-cmdline-ech-docs.patch 1583 BLAKE2B 706d497ad6eaec7a57f52c0bd731e47fc715b884e643ea045420f66136703adb3465fd1406a4d6e2d5ed802ea8dce88d3c7391868d282390d3b9a5a985c69bda SHA512 45d821709029cb9c7d67f58e43262a927c7c79106c3a79f21f7b6c5b76233557028a403089d3490edb04fbe22cb92f266ff1f0df753d981148ca0c96b81baff7
+AUX curl-8.11.0-cookie-case-sensitive.patch 2426 BLAKE2B 75d8e6a1110efb13090f8001511d437984ff14152b5167e3d5341190c065ac859fdae3e8ddbe15ef3d48aa7f4316d9af9eb924ffd43dc85fa55ce789a0bd362a SHA512 49b1d0ee63af26110038035ae15504b5fe8a03d71578a03450cbefd6dd3bc44720f8870297cd9edd0f460c59d4ecd7bfb8501b641c47543d65156e500fed61d3
+AUX curl-8.11.0-curl-libssh-ipv6-brackets.patch 928 BLAKE2B 1f2abce6972b6040630c38459c90f5c14691358599133e3d46a423772b5d7b340d4c116cbfa145def72d9497de7dcd396290bb81a706f9fb6dddfcb810172ace SHA512 a2fb87795ee81f94926d5171bad3a49eba43283a9800a454b70d397ec0ec0ce48b685cb6b929e6b47f9b8d25f714ef3630ecf244283870a598452f0d5ed45ff2
+AUX curl-8.11.0-duphandle-init-netrc.patch 5422 BLAKE2B 6e2fe6e3e9995dcff165a1b28b117a0519cb1026fbb680577c8ac3b1c39b5f01fd5e57b78752a13bc7874b8d01294d3b5e5fd05ad59e5d31c78cb23603155c06 SHA512 2a5c07173906d0be330ced15fa039cf43bb3470a237ee2770c179f3df9eff5565fd8c0a7d3c6a752c0947b6673a4c16c6bcdb0decac4c02a8cd34b644f8f713c
+AUX curl-8.11.0-mbedtls-global-init.patch 1868 BLAKE2B 722959cd1f70d336f093ae83304bbb2800cc3d38eead28493955770e7e8f8e2f3d7cbf8eacfd6b8631b554768b618eb5278a3bd856d58d0e68e72864333c91c3 SHA512 316eb357b06a46484103f47c46a9103e80d5131463a17248ca1000f035e6c34acc73d78a73ab931d7a9710feacb859ff641bfac7912bda40b4d61536bf7b1208
+AUX curl-8.11.0-netrc-large-file.patch 719 BLAKE2B b7a838f76a6c6eba341bacb7826caf1c7ca73c57a3b60f8136b47b32e91bfe3b0663d47b3273095b8a93736ceda96833d25f106d82efbc7afe6315020bfca798 SHA512 ef0d4204e6ca7bee17ccebf20ea6873076a571819bcece058eae7e6c3a62bff431d6161aa4da0725ea1e8b278f121d682361f4df1fe4adc58a1375e611a510a8
+AUX curl-8.11.0-setopt-http_content_decoding.patch 691 BLAKE2B a812c178c0a3a4f5dc78fc576c9aef247de70eb32ab02b96e2e1e5b9428e6928c538e0a981ac98ae2f1428ae4c12bad767e1efc32a48a21ed99e0afc50180ec6 SHA512 9ef6fca7ae98bce6cee40ca5c25e7a22e937e0118bcee948e95cb8a8c5e6ca3f7e8b2327716cf7d55d976bfd6d30d57617d7da52ff971b82b22ff33878fa1d3e
 AUX curl-8.7.1-chunked-post.patch 2389 BLAKE2B d283816be5dca19ab0058db1937d686b4f9056caf3c46a8dcd731bc69ae91df1b01d10f643ce127eeec7aac0e9282f8b5c5109fe1cea82b30d2cf3270e93ae24 SHA512 3b1a67010704f4863f973e79d6a695e6e13b938fbaa695a05bc92b1a577fa5852c310b38f9c88518275f82c7d088474f5e4c585ac5ff790043e6ca969b0dc1d9
 AUX curl-8.7.1-fix-compress-option.patch 6222 BLAKE2B 7ff5c096fa6cc5cc039f47188a85c49364cdfe6cfeae3a9c58b38939eb59896bcf204c682f36e89ace37a0753236593307e1af45bc2d0f099ff685af8e366713 SHA512 1622adf015a016a205d4bf621715ed06fd345cd45f032ad44b6d9324d398c0e2004f04fe734401b12007c3eb145dac84aa3ce90bdaa9b16e09b5908da75f902f
 AUX curl-8.7.1-http2-git-clone.patch 14120 BLAKE2B 5bc2c0765ebd400f2e79d0552621c98640c757f189ae0fa029d8fb6d9fa74ac0e4fd93948fed6bc7f93b329e30948a585be1f20dde18423acf162cd36b4fb166 SHA512 278720daae7d4d3288502e0dd2b591ada66a559040eb341b0cf5673094e9d214eb166772279378487da96f43912313e04d3b174fdcb2b2cbfa766f241df62f34
@@ -7,10 +14,13 @@ AUX curl-8.8.0-mbedtls.patch 1686 BLAKE2B 6bafbfcf8c418e0507dc910aafe8667c3a71c5
 AUX curl-8.8.0-multi_wait-timeout.patch 2732 BLAKE2B ae2f40f6dcec16761d959fe5eeaff531ff3ac2c2cd26d676261ecac406653c3d560941455f6d46dd1552f20429582173e45f05865cbdd009c28f21de6a98a458 SHA512 1fbb5506ce1b87c90ea2d029adb9eaccb9930203c8aa0c119666cbee6fc1fc190423f02592bb2620ca3fa1b60822fc704bbc6f671152e877b2383173260acb04
 AUX curl-8.9.1-sigpipe.patch 773 BLAKE2B 7ef3bbd4ca9558621b4f1ea5cb9847705cd6331b7f3d5d2a950642d090c789b802c0ff4f96ff2805b9e1dfe807b14daaee223dbcb2ff1426458dadb3e71d1e79 SHA512 55e55da046425e9a60064ff79ec3f8ab37a10275210f46cfb10ad29e9a29cb137a28ba6a0effa90bfc46d687aab929565b97bfa7549ac8a202746e332d1fa6ed
 AUX curl-prefix-2.patch 1075 BLAKE2B 657ac450c9d50a08f62be72dc9d1bc68c494dcc0c8153f1a89d5cb50d240aa6bcd56b48242ed3ea1352da5cd5d98b8c6daaff6fdcc672a95a0233db1f8d27bdd SHA512 91a531291426477a68108dcc40656e6a56caabfda26f351d4b7cdb39e66f500ffd532f2417a81c5a789ea624b4f6325aa8006155292910612e54ab3d9daa3620
+AUX curl-prefix-3.patch 1068 BLAKE2B dbaf21f38874a308557997d6a3a7a1f9fdb817b22d9846b4d6bd2bae413b7177650f20f17b10bfcc4a6747a89470dc2672ce79ba67d08fc92ebbbba353ba6c3a SHA512 c10a0062564be885f36e7c37bb58f3aa59c387369b9aae6342f818d4671e31cec99fd9ddda3577f03d1f8e87b926b8d75b006ca543f41a264e8595af79242b62
 AUX curl-prefix.patch 880 BLAKE2B 5b7552a8339014221864a585d174b02a96ec7dd7fe8762d331d1981834044f8ec4db64d527a4ded3f5f4cccc86f281576668de092439eb19f5477d5fcf8369cf SHA512 c7cd13b9ccbd12ed01ea121ffece9c23b898a5b34698bae59ae1dd23b1cf2445180b84d80c4a640981f16dba5018df944f405dd5c660addab54ca21e0e673b7f
 AUX curl-respect-cflags-3.patch 406 BLAKE2B 1b533144858aff5566150c4a2648ad2e48e8ff29849ae285592edfee4b3332d06e750395dea7190ee6a01d2b5ee2c2c42c10400c2e5defa09963a90a1a10417d SHA512 3219e4e67d534e35012909243fc8d69d58989462db44dd507c502e7aaa299f1d9a01392e2c83797cc2bdb53d503470c5d6e7bf94572a6ccc6e5eafcc0466bc54
 DIST curl-8.10.1.tar.xz 2726748 BLAKE2B bfdfa24f6d652884044c5e8eea5d70daad651b46255c99c9df502f9595a2dcbf8c4034446becf9e87f8e8a3f397a8fda29ab3e0d6020ac0dae62dd42b8136b78 SHA512 f1c7a12492dcfb8ba08be69b96a83ce9074592cbaa6b95c72b3c16fc58ad35e9f9deec7b72baca7d360d013b0b1c7ea38bd4edae464903ac67aa3c76238d8c6c
 DIST curl-8.10.1.tar.xz.asc 488 BLAKE2B 8e8f2b628d4e8964a76c1c43c5557aacbfc2d2dbc51be8a0fa1b157c257f15f29aedba842cba7cb270c4adcf0b4a5d9c8b0b3d49633c48b061fb3e1472303d66 SHA512 21d6d560c027efc9e3e5db182a77501d6376442221ba910df817e2ec980bee44a9fe2afc698205f8d5e8313ae47915a341d60206a46b46e816d73ee357a894ac
+DIST curl-8.11.0.tar.xz 2750684 BLAKE2B 3db13ed558bee332e07e1eab878b5ecae14cd049c115eea3a25fcb78cf28aadfe577dc224df75b62844529994ec478a9a74fed5c9bae338f809d231420ae5d0a SHA512 3a642d421e0a5c09ecb681bea18498f2c6124e9af4d8afdc074dfb85a9b0211d8972ade9cf00ab44b5dfed9303262cd83551dd3b5e0976d11fc19da3c4a0987e
+DIST curl-8.11.0.tar.xz.asc 488 BLAKE2B 5d91dc654d6a62c66e344ca92676b42e7a49f437e14f9fb714f7ae64a266d24d9bb7006b4512fc323459072ff0d9e05f627e494f34f845eadbedbd83acacc2ce SHA512 71073dde48e8f0013e392eb88bf70f6b8a4a4f0c955a3fb56db98e74aa10acc1004e2a0483f30be082e61b59a76fa75ae1d90545ace7c6b07bca8164078375f0
 DIST curl-8.7.1.tar.xz 2707016 BLAKE2B a2a9f48d0b69c0d92fcbbda535ce55082a5243abe3ab2db80d6fa3f32fb2c98b65026d69fc45c94e966398cf9ba8d9c95b6b91f4768b54749ed3275dd21838ef SHA512 5bbde9d5648e9226f5490fa951690aaf159149345f3a315df2ba58b2468f3e59ca32e8a49734338afc861803a4f81caac6d642a4699b72c6310ebfb1f618aad2
 DIST curl-8.7.1.tar.xz.asc 488 BLAKE2B 1c91d116aecc8e98d8ec3aad68b7c96f11151e6c2716f531e5d2989e9b6b1199e180603673891d7967cdcdaee1d6b5e15160ccabe9b51590e2887022db03c2ed SHA512 f98c393997c4a32f545a8982226e8cd612395210915a4576c2ce227d0f650cff341be7bf15e989d1789abf32ac4fd9c190b9250b81e650b569e8532048746b37
 DIST curl-8.8.0.tar.xz 2748860 BLAKE2B c14903bad4cbd1752a5335afa6bcc78be1a484692fce0e0a6c2061963e0e6b4e56defb8332cef32d0dbddb481ad0443b71faf3a52a6e9d945c89ecbce373d2a3 SHA512 9d2c0d3a0d8f6c31ba4fabe48f801910f886fde43dc198dc4213708d6967ed5e040a1bb7348aa1cb126577ee508a3ec36fe65256d027d861d6ffb70f6383967a
@@ -18,8 +28,9 @@ DIST curl-8.8.0.tar.xz.asc 488 BLAKE2B d80c0ff357b344d7ec2b975a92f1eeb7557993b61
 DIST curl-8.9.1.tar.xz 2782364 BLAKE2B 6e38e20e2b03ab5bfbb8d9797442dfdd9644fc80d7b1f7c1efb1f44e0d730524e82ccf7413b2c6f4555bd61ae42f91ec7c0201e2c0d563811c85164aa234aada SHA512 a0fe234402875db194aad4e4208b7e67e7ffc1562622eea90948d4b9b0122c95c3dde8bbe2f7445a687cb3de7cb09f20e5819d424570442d976aa4c913227fc7
 DIST curl-8.9.1.tar.xz.asc 488 BLAKE2B 437268f6e5ba5db73f205fd87f3ded1e5fc200e8bf63a83cdb7e21dfbf2f4a4620e598cd0bf5d8fa1548ade08d45b386599542cd988df46a238b85790409f42e SHA512 18acd58436d70900ab6912b84774da2c451b9dbfc83d6d00f85bbbe7894b67075918e58956fdb753fcc1486e4f10caa31139d7c68b037d7c83dc2e9c2fae9f9b
 EBUILD curl-8.10.1-r1.ebuild 11385 BLAKE2B 0f09cc5b469e9edebd995a6130d923bf4671c5cfbc6c3ce457410be96e76dafa4a46bfa775c3794cf7d1d4b7cae78b022de68e310f213d75e5c9622f6e7333df SHA512 0fca00398603ad0f3bc567813a93e44b58256960e453e2a92ff8df8d27426aac840d79a2f3a2fb253b39059c8fb5e79fe7a015d4443510fe8b816a72c9c165c6
+EBUILD curl-8.11.0.ebuild 11726 BLAKE2B c6fd58bc7434bea257db5919b1f9f8fa2b44b31dc97de0b214ab94d35ed66c345ae8324cdf7d770e6ad5b53a6581b48d13209925a3a3ad634c38956ca9e01ee7 SHA512 cbcbcee909da5c8b52400edaf8053b42f399d85459115590be24af153a8245a7a4c42936df77ccf52f7c4c1b24688c6506f660a4093215c2dc04d19786fd1997
 EBUILD curl-8.7.1-r4.ebuild 11261 BLAKE2B 0d1acdce1b58e97d83ee0e67ac0e145894a1bd19e23635649bec06bcd6a45e6487954b497992a7039243ca6860393d2b5115caf2d9edab1a3fbefc46451e2c6f SHA512 687aa43ec10a118f2d53d8532423bf3ffc6eb1ee60f509c3677cc4afcfe1f871b87e18fa5bd045fa86570ae4285432da59adb5f0b548e7da6ed46c9d8a9ad3e5
 EBUILD curl-8.8.0-r1.ebuild 11486 BLAKE2B 78e181625ecccde5701d54c9bdc7e695b8e54c5b7a7e2218ed49a163a23f9f43cedf202aec23662be82efd983d48722545332d23c2a66a051f37efd6dd355e3e SHA512 6d0130b4eb2ee00e49b6cf90adafcdc29e4522abbb928771a6b8c2aa6b80a298e0919550615e6810a24347484f20921c5bf1b6e237ec442744fabdbb92b5b553
 EBUILD curl-8.9.1-r1.ebuild 11435 BLAKE2B c54e700dbd603d459b7ec54da874c0fa9f27ad6192caa4057d83858599e1b9c0f8744268e689fc98942aff850b65d6638fa2081c43be19fb6018cc31c4c54f8c SHA512 bf5211f859acfc46b7903df7ca0edc2b88c10efb1343f55d2c21ef30c5e2f1844657babb9efb81ea28960c2b69174992c903181d9cf6d213f0ea72db14343b24
-EBUILD curl-9999.ebuild 11392 BLAKE2B 96e62ac544a62fbf3cdfac8213fbbb36b6e0aa2cc443f981dad73f423650f764fd231cfd0ab11fe40674b54ff5ee886cc89e0abde9c9271ed495c7700c60739f SHA512 04c99030ca14f30adcd0ecffc777e230f6be49b7eaa9b70065b5b7fd505eb777872bd9d7121375b689efed70747fc9bbddf9d9715a95e06ab377245b71c29fc4
+EBUILD curl-9999.ebuild 11392 BLAKE2B 12be74dfe0743353d6f03ff2ab8eb18cf5fa28ff6021632943b6a56743c6d07410494a0dbf017e075c30c3e6ba381d0ae4c2193f0910a259ed90a9d17287009d SHA512 163515c9094f91135226569336bfc7ed7c76d83c77dac1a4c3bed6d9cbfa859af2e170c937cd3f2f2913aae036af2c21885e33cd07187c532c5a164c42e5c431
 MISC metadata.xml 2215 BLAKE2B aa0851849ffda831aeec7a6315d23892c35680ab42c0bc9a5662238e7b8289d5f48d5f2a60ab0bacba06f71271bf60d14958bfec029a048f732d22fdc60faded SHA512 7da9247a1bbb533ae0bdc919f5bd2ad7ed298a7f9e986dce6d2471cedeee9f1542a8ef79b1fdbca5a1a0d33194b99ff3d3f5c27054ac01a3f1e40a1e94d6c1b2
diff --git a/net-misc/curl/curl-8.11.0.ebuild b/net-misc/curl/curl-8.11.0.ebuild
new file mode 100644
index 000000000000..35717336263a
--- /dev/null
+++ b/net-misc/curl/curl-8.11.0.ebuild
@@ -0,0 +1,390 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Maintainers should subscribe to the 'curl-distros' ML for backports etc
+# https://daniel.haxx.se/blog/2024/03/25/curl-distro-report/
+# https://lists.haxx.se/listinfo/curl-distros
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/danielstenberg.asc
+inherit autotools multilib-minimal multiprocessing prefix toolchain-funcs verify-sig
+
+DESCRIPTION="A Client that groks URLs"
+HOMEPAGE="https://curl.se/"
+
+if [[ ${PV} == 9999 ]]; then
+	inherit git-r3
+	EGIT_REPO_URI="https://github.com/curl/curl.git"
+else
+	SRC_URI="
+		https://curl.se/download/${P}.tar.xz
+		verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )
+	"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+fi
+
+LICENSE="BSD curl ISC test? ( BSD-4 )"
+SLOT="0"
+IUSE="+adns +alt-svc brotli debug +ftp gnutls gopher +hsts +http2 +http3 idn +imap kerberos ldap mbedtls +openssl +pop3"
+IUSE+=" +psl +progress-meter +quic rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp +websockets zstd"
+# These select the default tls implementation / which quic impl to use
+IUSE+=" +curl_quic_openssl curl_quic_ngtcp2 curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls"
+RESTRICT="!test? ( test )"
+
+# Only one default ssl / quic provider can be enabled
+# The default provider needs its USE satisfied
+# HTTP/3 and MultiSSL are mutually exclusive; it's not clear if MultiSSL offers any benefit at all in the modern day.
+# https://github.com/curl/curl/commit/65ece771f4602107d9cdd339dff4b420280a2c2e
+REQUIRED_USE="
+	quic? (
+		^^ (
+			curl_quic_openssl
+			curl_quic_ngtcp2
+		)
+		http3
+		ssl
+	)
+	ssl? (
+		^^ (
+			curl_ssl_gnutls
+			curl_ssl_mbedtls
+			curl_ssl_openssl
+			curl_ssl_rustls
+		)
+	)
+	curl_quic_openssl? (
+		curl_ssl_openssl
+		quic
+		!gnutls
+		!mbedtls
+		!rustls
+	)
+	curl_quic_ngtcp2? (
+		curl_ssl_gnutls
+		quic
+		!mbedtls
+		!openssl
+		!rustls
+	)
+	curl_ssl_gnutls? ( gnutls )
+	curl_ssl_mbedtls? ( mbedtls )
+	curl_ssl_openssl? ( openssl )
+	curl_ssl_rustls? ( rustls )
+	http3? ( alt-svc quic )
+"
+
+# cURL's docs and CI/CD are great resources for confirming supported versions
+# particulary for fast-moving targets like HTTP/2 and TCP/2 e.g.:
+# - https://github.com/curl/curl/blob/master/docs/INTERNALS.md (core dependencies + minimum versions)
+# - https://github.com/curl/curl/blob/master/docs/HTTP3.md (example of a feature that moves quickly)
+# - https://github.com/curl/curl/blob/master/.github/workflows/http3-linux.yml (CI/CD for TCP/2)
+# However 'supported' vs 'works' are two entirely different things; be sane but
+# don't be afraid to require a later version.
+# ngtcp2 = https://bugs.gentoo.org/912029 - can only build with one tls backend at a time.
+RDEPEND="
+	>=sys-libs/zlib-1.1.4[${MULTILIB_USEDEP}]
+	adns? ( >=net-dns/c-ares-1.16.0:=[${MULTILIB_USEDEP}] )
+	brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
+	http2? ( >=net-libs/nghttp2-1.15.0:=[${MULTILIB_USEDEP}] )
+	http3? ( >=net-libs/nghttp3-1.1.0[${MULTILIB_USEDEP}] )
+	idn? ( >=net-dns/libidn2-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
+	kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
+	ldap? ( >=net-nds/openldap-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
+	psl? ( net-libs/libpsl[${MULTILIB_USEDEP}] )
+	quic? (
+		curl_quic_openssl? ( >=dev-libs/openssl-3.3.0:=[quic,${MULTILIB_USEDEP}] )
+		curl_quic_ngtcp2? ( >=net-libs/ngtcp2-1.2.0[gnutls,ssl,-openssl,${MULTILIB_USEDEP}] )
+	)
+	rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
+	ssh? ( >=net-libs/libssh2-1.0.0[${MULTILIB_USEDEP}] )
+	ssl? (
+		gnutls? (
+			app-misc/ca-certificates
+			>=net-libs/gnutls-3.1.10:=[static-libs?,${MULTILIB_USEDEP}]
+			dev-libs/nettle:=[${MULTILIB_USEDEP}]
+		)
+		mbedtls? (
+			app-misc/ca-certificates
+			net-libs/mbedtls:=[${MULTILIB_USEDEP}]
+		)
+		openssl? (
+			>=dev-libs/openssl-0.9.7:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
+		)
+		rustls? (
+			>=net-libs/rustls-ffi-0.14.0:=[${MULTILIB_USEDEP}]
+		)
+	)
+	zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )
+"
+
+DEPEND="${RDEPEND}"
+
+BDEPEND="
+	dev-lang/perl
+	virtual/pkgconfig
+	test? (
+		sys-apps/diffutils
+		http2? ( >=net-libs/nghttp2-1.15.0:=[utils,${MULTILIB_USEDEP}] )
+		http3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] )
+	)
+	verify-sig? ( sec-keys/openpgp-keys-danielstenberg )
+"
+
+DOCS=( README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
+
+MULTILIB_WRAPPED_HEADERS=(
+	/usr/include/curl/curlbuild.h
+)
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/curl-config
+)
+
+QA_CONFIG_IMPL_DECL_SKIP=(
+	__builtin_available
+	closesocket
+	CloseSocket
+	getpass_r
+	ioctlsocket
+	IoctlSocket
+	mach_absolute_time
+	setmode
+	_fseeki64
+	# custom AC_LINK_IFELSE code fails to link even without -Werror
+	OSSL_QUIC_client_method
+)
+
+PATCHES=(
+	"${FILESDIR}/${PN}-prefix-3.patch"
+	"${FILESDIR}/${PN}-respect-cflags-3.patch"
+	"${FILESDIR}/${P}-cmdline-ech-docs.patch"
+	"${FILESDIR}/${P}-curl-libssh-ipv6-brackets.patch"
+	"${FILESDIR}/${P}-mbedtls-global-init.patch"
+	"${FILESDIR}/${P}-setopt-http_content_decoding.patch"
+	"${FILESDIR}/${P}-cookie-case-sensitive.patch"
+	"${FILESDIR}/${P}-duphandle-init-netrc.patch"
+	"${FILESDIR}/${P}-netrc-large-file.patch"
+)
+
+src_prepare() {
+	default
+
+	eprefixify curl-config.in
+	eautoreconf
+}
+
+multilib_src_configure() {
+	# We make use of the fact that later flags override earlier ones
+	# So start with all ssl providers off until proven otherwise
+	# TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
+	local myconf=()
+
+	myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt  )
+	if use ssl; then
+		myconf+=( --without-gnutls --without-mbedtls --without-rustls )
+
+		if use gnutls; then
+			multilib_is_native_abi && einfo "SSL provided by gnutls"
+			myconf+=( --with-gnutls )
+		fi
+		if use mbedtls; then
+			multilib_is_native_abi && einfo "SSL provided by mbedtls"
+			myconf+=( --with-mbedtls )
+		fi
+		if use openssl; then
+			multilib_is_native_abi && einfo "SSL provided by openssl"
+			myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
+		fi
+		if use rustls; then
+			multilib_is_native_abi && einfo "SSL provided by rustls"
+			myconf+=( --with-rustls )
+		fi
+		if use curl_ssl_gnutls; then
+			multilib_is_native_abi && einfo "Default SSL provided by gnutls"
+			myconf+=( --with-default-ssl-backend=gnutls )
+		elif use curl_ssl_mbedtls; then
+			multilib_is_native_abi && einfo "Default SSL provided by mbedtls"
+			myconf+=( --with-default-ssl-backend=mbedtls )
+		elif use curl_ssl_openssl; then
+			multilib_is_native_abi && einfo "Default SSL provided by openssl"
+			myconf+=( --with-default-ssl-backend=openssl )
+		elif use curl_ssl_rustls; then
+			multilib_is_native_abi && einfo "Default SSL provided by rustls"
+			myconf+=( --with-default-ssl-backend=rustls )
+		else
+			eerror "We can't be here because of REQUIRED_USE."
+			die "Please file a bug, hit impossible condition w/ USE=ssl handling."
+		fi
+
+	else
+		myconf+=( --without-ssl )
+		einfo "SSL disabled"
+	fi
+
+	# These configuration options are organized alphabetically
+	# within each category.  This should make it easier if we
+	# ever decide to make any of them contingent on USE flags:
+	# 1) protocols first.  To see them all do
+	# 'grep SUPPORT_PROTOCOLS configure.ac'
+	# 2) --enable/disable options second.
+	# 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
+	# 3) --with/without options third.
+	# grep -- --with configure | grep Check | awk '{ print $4 }' | sort
+
+	myconf+=(
+		$(use_enable alt-svc)
+		--enable-basic-auth
+		--enable-bearer-auth
+		--enable-digest-auth
+		--enable-kerberos-auth
+		--enable-negotiate-auth
+		--enable-aws
+		--enable-dict
+		--disable-ech
+		--enable-file
+		$(use_enable ftp)
+		$(use_enable gopher)
+		$(use_enable hsts)
+		--enable-http
+		$(use_enable imap)
+		$(use_enable ldap)
+		$(use_enable ldap ldaps)
+		--enable-ntlm
+		$(use_enable pop3)
+		--enable-rt
+		--enable-rtsp
+		$(use_enable samba smb)
+		$(use_with ssh libssh2)
+		$(use_enable smtp)
+		$(use_enable telnet)
+		$(use_enable tftp)
+		--enable-tls-srp
+		$(use_enable adns ares)
+		--enable-cookies
+		--enable-dateparse
+		--enable-dnsshuffle
+		--enable-doh
+		--enable-symbol-hiding
+		--enable-http-auth
+		--enable-ipv6
+		--enable-largefile
+		--enable-manual
+		--enable-mime
+		--enable-netrc
+		$(use_enable progress-meter)
+		--enable-proxy
+		--enable-socketpair
+		--disable-sspi
+		$(use_enable static-libs static)
+		--enable-pthreads
+		--enable-threaded-resolver
+		--disable-versioned-symbols
+		--without-amissl
+		--without-bearssl
+		$(use_with brotli)
+		--with-fish-functions-dir="${EPREFIX}"/usr/share/fish/vendor_completions.d
+		$(use_with http2 nghttp2)
+		--without-hyper
+		$(use_with idn libidn2)
+		$(use_with kerberos gssapi "${EPREFIX}"/usr)
+		--without-libgsasl
+		$(use_with psl libpsl)
+		--without-msh3
+		$(use_with http3 nghttp3)
+		$(use_with curl_quic_ngtcp2 ngtcp2)
+		$(use_with curl_quic_openssl openssl-quic)
+		--without-quiche
+		$(use_with rtmp librtmp)
+		--without-schannel
+		--without-secure-transport
+		--without-test-caddy
+		--without-test-httpd
+		--without-test-nghttpx
+		$(use_enable websockets)
+		--without-winidn
+		--without-wolfssl
+		--with-zlib
+		$(use_with zstd)
+		--with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions
+	)
+
+	if use debug; then
+		myconf+=(
+			--enable-debug
+		)
+	fi
+
+	if use test && multilib_is_native_abi && ( use http2 || use http3 ); then
+		myconf+=(
+			--with-test-nghttpx="${BROOT}/usr/bin/nghttpx"
+		)
+	fi
+
+	if [[ ${CHOST} == *mingw* ]] ; then
+		myconf+=(
+			--disable-pthreads
+		)
+	fi
+
+	ECONF_SOURCE="${S}" econf "${myconf[@]}"
+
+	if ! multilib_is_native_abi; then
+		# Avoid building the client (we just want libcurl for multilib)
+		sed -i -e '/SUBDIRS/s:src::' Makefile || die
+		sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
+	fi
+
+}
+
+multilib_src_compile() {
+	default
+
+	if multilib_is_native_abi; then
+		# Shell completions
+		! tc-is-cross-compiler && emake -C scripts
+	fi
+}
+
+# There is also a pytest harness that tests for bugs in some very specific
+# situations; we can rely on upstream for this rather than adding additional test deps.
+multilib_src_test() {
+	# See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
+	# -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
+	# -v: verbose
+	# -a: keep going on failure (so we see everything that breaks, not just 1st test)
+	# -k: keep test files after completion
+	# -am: automake style TAP output
+	# -p: print logs if test fails
+	# Note: if needed, we can skip specific tests. See e.g. Fedora's packaging
+	# or just read https://github.com/curl/curl/tree/master/tests#run.
+	# Note: we don't run the testsuite for cross-compilation.
+	# Upstream recommend 7*nproc as a starting point for parallel tests, but
+	# this ends up breaking when nproc is huge (like -j80).
+	# The network sandbox causes tests 241 and 1083 to fail; these are typically skipped
+	# as most gentoo users don't have an 'ip6-localhost'
+	multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p -j$((2*$(makeopts_jobs))) !241 !1083"
+}
+
+multilib_src_install() {
+	emake DESTDIR="${D}" install
+
+	if multilib_is_native_abi; then
+		# Shell completions
+		! tc-is-cross-compiler && emake -C scripts DESTDIR="${D}" install
+	fi
+}
+
+multilib_src_install_all() {
+	einstalldocs
+	find "${ED}" -type f -name '*.la' -delete || die
+	rm -rf "${ED}"/etc/ || die
+}
+
+pkg_postinst() {
+	if use debug; then
+		ewarn "USE=debug has been selected, enabling debug codepaths and making cURL extra verbose."
+		ewarn "Use this _only_ for testing. Debug builds should _not_ be used in anger."
+		ewarn "hic sunt dracones; you have been warned."
+	fi
+}
diff --git a/net-misc/curl/curl-9999.ebuild b/net-misc/curl/curl-9999.ebuild
index 78cab3a439db..09179eadd2f2 100644
--- a/net-misc/curl/curl-9999.ebuild
+++ b/net-misc/curl/curl-9999.ebuild
@@ -156,8 +156,8 @@ QA_CONFIG_IMPL_DECL_SKIP=(
 )
 
 PATCHES=(
-	"${FILESDIR}"/${PN}-prefix-2.patch
-	"${FILESDIR}"/${PN}-respect-cflags-3.patch
+	"${FILESDIR}/${PN}-prefix-3.patch"
+	"${FILESDIR}/${PN}-respect-cflags-3.patch"
 )
 
 src_prepare() {
diff --git a/net-misc/curl/files/curl-8.11.0-cmdline-ech-docs.patch b/net-misc/curl/files/curl-8.11.0-cmdline-ech-docs.patch
new file mode 100644
index 000000000000..e6cd10937b06
--- /dev/null
+++ b/net-misc/curl/files/curl-8.11.0-cmdline-ech-docs.patch
@@ -0,0 +1,59 @@
+https://github.com/curl/curl/commit/f4ee7bafda8d451255e935a3c585220dd3cf58c4
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 7 Nov 2024 23:21:14 +0100
+Subject: [PATCH] cmdline/ech.md: formatting cleanups
+
+Reported-by: Samuel Henrique
+Fixes #15506
+Closes #15517
+--- a/docs/cmdline-opts/ech.md
++++ b/docs/cmdline-opts/ech.md
+@@ -20,35 +20,33 @@ Specifies how to do ECH (Encrypted Client Hello).
+ 
+ The values allowed for \<config\> can be:
+ 
+-## "false" (default)
++## `false`
+ 
+-Do not attempt ECH
++Do not attempt ECH. The is the default.
+ 
+-## "grease"
++## `grease`
+ 
+ Send a GREASE ECH extension
+ 
+-## "true"
++## `true`
+ 
+ Attempt ECH if possible, but do not fail if ECH is not attempted.
+ (The connection fails if ECH is attempted but fails.)
+ 
+-## "hard"
++## `hard`
+ 
+-Attempt ECH and fail if that is not possible.
+-ECH only works with TLS 1.3 and also requires using
+-DoH or providing an ECHConfigList on the command line.
++Attempt ECH and fail if that is not possible. ECH only works with TLS 1.3 and
++also requires using DoH or providing an ECHConfigList on the command line.
+ 
+-## "ecl:<b64val>"
++## `ecl:<b64val>`
+ 
+ A base64 encoded ECHConfigList that is used for ECH.
+ 
+-## "pn:<name>"
++## `pn:<name>`
+ 
+-A name to use to over-ride the `public_name` field of an ECHConfigList
+-(only available with OpenSSL TLS support)
++A name to use to over-ride the `public_name` field of an ECHConfigList (only
++available with OpenSSL TLS support)
+ 
+-## Errors
++##
+ 
+-Most errors cause error
+-*CURLE_ECH_REQUIRED* (101).
++Most ECH related errors cause error *CURLE_ECH_REQUIRED* (101).
diff --git a/net-misc/curl/files/curl-8.11.0-cookie-case-sensitive.patch b/net-misc/curl/files/curl-8.11.0-cookie-case-sensitive.patch
new file mode 100644
index 000000000000..d906aab7e909
--- /dev/null
+++ b/net-misc/curl/files/curl-8.11.0-cookie-case-sensitive.patch
@@ -0,0 +1,56 @@
+https://github.com/curl/curl/commit/9919149aef67014150e2a1c75a7aa2c79204e30d
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Wed, 6 Nov 2024 11:26:25 +0100
+Subject: [PATCH] cookie: treat cookie name case sensitively
+
+Extend test 31 to verify
+
+Reported-by: delogicsreal on github
+Fixes #15492
+Closes #15493
+--- a/lib/cookie.c
++++ b/lib/cookie.c
+@@ -989,7 +989,7 @@ replace_existing(struct Curl_easy *data,
+   size_t myhash = cookiehash(co->domain);
+   for(n = Curl_llist_head(&ci->cookielist[myhash]); n; n = Curl_node_next(n)) {
+     struct Cookie *clist = Curl_node_elem(n);
+-    if(strcasecompare(clist->name, co->name)) {
++    if(!strcmp(clist->name, co->name)) {
+       /* the names are identical */
+       bool matching_domains = FALSE;
+ 
+@@ -1029,7 +1029,7 @@ replace_existing(struct Curl_easy *data,
+       }
+     }
+ 
+-    if(!replace_n && strcasecompare(clist->name, co->name)) {
++    if(!replace_n && !strcmp(clist->name, co->name)) {
+       /* the names are identical */
+ 
+       if(clist->domain && co->domain) {
+--- a/tests/data/test31
++++ b/tests/data/test31
+@@ -26,6 +26,7 @@ Set-Cookie: blankdomain=sure; domain=; path=/
+ %if !hyper
+ Set-Cookie: foobar=name; domain=anything.com; path=/ ; secure

+ Set-Cookie:ismatch=this  ; domain=test31.curl; path=/silly/

++Set-Cookie:ISMATCH=this  ; domain=test31.curl; path=/silly/

+ Set-Cookie: overwrite=this  ; domain=test31.curl; path=/overwrite/

+ Set-Cookie: overwrite=this2  ; domain=test31.curl; path=/overwrite

+ Set-Cookie: sec1value=secure1  ; domain=test31.curl; path=/secure1/ ; secure

+@@ -75,6 +76,7 @@ Set-Cookie: securewithspace=after    ; secure =
+ %else
+ Set-Cookie: foobar=name; domain=anything.com; path=/ ; secure

+ Set-Cookie: ismatch=this  ; domain=test31.curl; path=/silly/

++Set-Cookie:ISMATCH=this  ; domain=test31.curl; path=/silly/

+ Set-Cookie: overwrite=this  ; domain=test31.curl; path=/overwrite/

+ Set-Cookie: overwrite=this2  ; domain=test31.curl; path=/overwrite

+ Set-Cookie: sec1value=secure1  ; domain=test31.curl; path=/secure1/ ; secure

+@@ -181,6 +183,7 @@ test31.curl	FALSE	/we/want/	FALSE	2118138987	nodomain	value
+ #HttpOnly_.test31.curl	TRUE	/p2/	FALSE	0	httpo2	value2
+ #HttpOnly_.test31.curl	TRUE	/p1/	FALSE	0	httpo1	value1
+ .test31.curl	TRUE	/overwrite	FALSE	0	overwrite	this2
++.test31.curl	TRUE	/silly/	FALSE	0	ISMATCH	this
+ .test31.curl	TRUE	/silly/	FALSE	0	ismatch	this
+ test31.curl	FALSE	/	FALSE	0	blankdomain	sure
+ </file>
diff --git a/net-misc/curl/files/curl-8.11.0-curl-libssh-ipv6-brackets.patch b/net-misc/curl/files/curl-8.11.0-curl-libssh-ipv6-brackets.patch
new file mode 100644
index 000000000000..6e1ecc0dd097
--- /dev/null
+++ b/net-misc/curl/files/curl-8.11.0-curl-libssh-ipv6-brackets.patch
@@ -0,0 +1,26 @@
+https://github.com/curl/curl/commit/93c65c00e52c4c8cdc09b2d9194ce63763c7349e
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Fri, 8 Nov 2024 16:31:41 +0100
+Subject: [PATCH] libssh: when using IPv6 numerical address, add brackets
+
+Reported-by: henrikjehgmti on github
+Fixes #15522
+Closes #15524
+--- a/lib/vssh/libssh.c
++++ b/lib/vssh/libssh.c
+@@ -2191,7 +2191,14 @@ static CURLcode myssh_connect(struct Curl_easy *data, bool *done)
+     return CURLE_FAILED_INIT;
+   }
+ 
+-  rc = ssh_options_set(ssh->ssh_session, SSH_OPTIONS_HOST, conn->host.name);
++  if(conn->bits.ipv6_ip) {
++    char ipv6[MAX_IPADR_LEN];
++    msnprintf(ipv6, sizeof(ipv6), "[%s]", conn->host.name);
++    rc = ssh_options_set(ssh->ssh_session, SSH_OPTIONS_HOST, ipv6);
++  }
++  else
++    rc = ssh_options_set(ssh->ssh_session, SSH_OPTIONS_HOST, conn->host.name);
++
+   if(rc != SSH_OK) {
+     failf(data, "Could not set remote host");
+     return CURLE_FAILED_INIT;
diff --git a/net-misc/curl/files/curl-8.11.0-duphandle-init-netrc.patch b/net-misc/curl/files/curl-8.11.0-duphandle-init-netrc.patch
new file mode 100644
index 000000000000..4a3e82a477fe
--- /dev/null
+++ b/net-misc/curl/files/curl-8.11.0-duphandle-init-netrc.patch
@@ -0,0 +1,195 @@
+https://github.com/curl/curl/commit/f5c616930b5cf148b1b2632da4f5963ff48bdf88
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 7 Nov 2024 08:52:38 +0100
+Subject: [PATCH] duphandle: also init netrc
+
+The netrc init was only done in the Curl_open, meaning that a duplicated
+handle would not get inited properly.
+
+Added test 2309 to verify. It does netrc auth with a duplicated handle.
+
+Regression from 3b43a05e000aa8f65bda513f733a
+
+Reported-by: tranzystorekk on github
+Fixes #15496
+Closes #15503
+--- a/lib/easy.c
++++ b/lib/easy.c
+@@ -940,6 +940,7 @@ CURL *curl_easy_duphandle(CURL *d)
+     goto fail;
+ 
+   Curl_dyn_init(&outcurl->state.headerb, CURL_MAX_HTTP_HEADER);
++  Curl_netrc_init(&outcurl->state.netrc);
+ 
+   /* the connection pool is setup on demand */
+   outcurl->state.lastconnect_id = -1;
+--- a/tests/data/Makefile.am
++++ b/tests/data/Makefile.am
+@@ -255,7 +255,7 @@ test2100 \
+ test2200 test2201 test2202 test2203 test2204 test2205 \
+ \
+ test2300 test2301 test2302 test2303 test2304 test2305 test2306 test2307 \
+-test2308 \
++test2308 test2309 \
+ \
+ test2400 test2401 test2402 test2403 test2404 test2405 test2406 \
+ \
+--- /dev/null
++++ b/tests/data/test2309
+@@ -0,0 +1,66 @@
++<testcase>
++<info>
++<keywords>
++netrc
++HTTP
++</keywords>
++</info>
++#
++# Server-side
++<reply>
++<data crlf="yes" nocheck="yes">
++HTTP/1.1 200 OK
++Date: Tue, 09 Nov 2010 14:49:00 GMT
++Server: test-server/fake
++Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
++ETag: "21025-dc7-39462498"
++Accept-Ranges: bytes
++Content-Length: 6
++Connection: close
++Content-Type: text/html
++Funny-head: yesyes
++
++-foo-
++</data>
++</reply>
++
++#
++# Client-side
++<client>
++<server>
++http
++</server>
++<features>
++proxy
++</features>
++
++# Reproducing issue 15496
++<name>
++HTTP with .netrc using duped easy handle
++</name>
++<tool>
++lib%TESTNUMBER
++</tool>
++<command>
++http://github.com %LOGDIR/netrc%TESTNUMBER http://%HOSTIP:%HTTPPORT/
++</command>
++<file name="%LOGDIR/netrc%TESTNUMBER" >
++
++machine github.com
++
++login daniel
++password $y$j9T$WUVjiVvDbRAWafDLs6cab1$01NX.oaZKf5lw8MR2Nk9Yaxv4CqbE0IaDF.GpGxPul1
++</file>
++</client>
++
++<verify>
++<protocol>
++GET http://github.com/ HTTP/1.1

++Host: github.com

++Authorization: Basic %b64[daniel:$y$j9T$WUVjiVvDbRAWafDLs6cab1$01NX.oaZKf5lw8MR2Nk9Yaxv4CqbE0IaDF.GpGxPul1]b64%

++Accept: */*

++Proxy-Connection: Keep-Alive

++

++</protocol>
++</verify>
++</testcase>
+--- a/tests/libtest/Makefile.inc
++++ b/tests/libtest/Makefile.inc
+@@ -77,7 +77,7 @@ LIBTESTPROGS = libauthretry libntlmconnect libprereq                     \
+  lib1945 lib1946 lib1947 lib1948 lib1955 lib1956 lib1957 lib1958 lib1959 \
+  lib1960 lib1964 \
+  lib1970 lib1971 lib1972 lib1973 lib1974 lib1975 \
+- lib2301 lib2302 lib2304 lib2305 lib2306         lib2308 \
++ lib2301 lib2302 lib2304 lib2305 lib2306         lib2308 lib2309 \
+  lib2402 lib2404 lib2405 \
+  lib2502 \
+  lib3010 lib3025 lib3026 lib3027 \
+@@ -683,6 +683,9 @@ lib2306_LDADD = $(TESTUTIL_LIBS)
+ lib2308_SOURCES = lib2308.c $(SUPPORTFILES)
+ lib2308_LDADD = $(TESTUTIL_LIBS)
+ 
++lib2309_SOURCES = lib2309.c $(SUPPORTFILES)
++lib2309_LDADD = $(TESTUTIL_LIBS)
++
+ lib2402_SOURCES = lib2402.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
+ lib2402_LDADD = $(TESTUTIL_LIBS)
+ 
+--- /dev/null
++++ b/tests/libtest/lib2309.c
+@@ -0,0 +1,66 @@
++/***************************************************************************
++ *                                  _   _ ____  _
++ *  Project                     ___| | | |  _ \| |
++ *                             / __| | | | |_) | |
++ *                            | (__| |_| |  _ <| |___
++ *                             \___|\___/|_| \_\_____|
++ *
++ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
++ *
++ * This software is licensed as described in the file COPYING, which
++ * you should have received as part of this distribution. The terms
++ * are also available at https://curl.se/docs/copyright.html.
++ *
++ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
++ * copies of the Software, and permit persons to whom the Software is
++ * furnished to do so, under the terms of the COPYING file.
++ *
++ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
++ * KIND, either express or implied.
++ *
++ * SPDX-License-Identifier: curl
++ *
++ ***************************************************************************/
++
++#include "test.h"
++#include "testtrace.h"
++
++#include <curl/curl.h>
++
++static size_t cb_ignore(char *buffer, size_t size, size_t nmemb, void *userp)
++{
++  (void)buffer;
++  (void)size;
++  (void)nmemb;
++  (void)userp;
++  return CURL_WRITEFUNC_ERROR;
++}
++
++CURLcode test(char *URL)
++{
++  CURL *curl;
++  CURL *curldupe;
++  CURLcode res = CURLE_OK;
++
++  global_init(CURL_GLOBAL_ALL);
++  curl = curl_easy_init();
++  if(curl) {
++    curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, cb_ignore);
++    curl_easy_setopt(curl, CURLOPT_URL, URL);
++    curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
++    curl_easy_setopt(curl, CURLOPT_PROXY, libtest_arg3);
++    curl_easy_setopt(curl, CURLOPT_NETRC, (long)CURL_NETRC_REQUIRED);
++    curl_easy_setopt(curl, CURLOPT_NETRC_FILE, libtest_arg2);
++
++    curldupe = curl_easy_duphandle(curl);
++    if(curldupe) {
++      res = curl_easy_perform(curldupe);
++      printf("Returned %d, should be %d.\n", res, CURLE_WRITE_ERROR);
++      fflush(stdout);
++      curl_easy_cleanup(curldupe);
++    }
++    curl_easy_cleanup(curl);
++  }
++  curl_global_cleanup();
++  return CURLE_OK;
++}
diff --git a/net-misc/curl/files/curl-8.11.0-mbedtls-global-init.patch b/net-misc/curl/files/curl-8.11.0-mbedtls-global-init.patch
new file mode 100644
index 000000000000..2c60da8ca6cd
--- /dev/null
+++ b/net-misc/curl/files/curl-8.11.0-mbedtls-global-init.patch
@@ -0,0 +1,71 @@
+https://github.com/curl/curl/commit/bcf8a848818ca0ca8d292c51c0ddeb93fa17fe62
+From: Stefan Eissing <stefan@eissing.org>
+Date: Thu, 7 Nov 2024 10:26:03 +0100
+Subject: [PATCH] mbedtls: call psa_crypt_init() in global init
+
+Run mbedtls' psa_crypt_init() in the general global init, optionally
+protected by mbedtls locks when available.
+
+CI: when building mbedtls, enabled thread safety
+
+Reported-by: wxiaoguang on github
+Fixes #15500
+Closes #15505
+--- a/lib/vtls/mbedtls.c
++++ b/lib/vtls/mbedtls.c
+@@ -54,7 +54,7 @@
+ #  ifdef MBEDTLS_DEBUG
+ #    include <mbedtls/debug.h>
+ #  endif
+-#endif
++#endif /* MBEDTLS_VERSION_MAJOR >= 2 */
+ 
+ #include "cipher_suite.h"
+ #include "strcase.h"
+@@ -122,7 +122,7 @@ struct mbed_ssl_backend_data {
+ #define HAS_SESSION_TICKETS
+ #endif
+ 
+-#if defined(THREADING_SUPPORT)
++#ifdef THREADING_SUPPORT
+ static mbedtls_entropy_context ts_entropy;
+ 
+ static int entropy_init_initialized = 0;
+@@ -585,16 +585,6 @@ mbed_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data)
+     return CURLE_NOT_BUILT_IN;
+   }
+ 
+-#ifdef TLS13_SUPPORT
+-  ret = psa_crypto_init();
+-  if(ret != PSA_SUCCESS) {
+-    mbedtls_strerror(ret, errorbuf, sizeof(errorbuf));
+-    failf(data, "mbedTLS psa_crypto_init returned (-0x%04X) %s",
+-          -ret, errorbuf);
+-    return CURLE_SSL_CONNECT_ERROR;
+-  }
+-#endif /* TLS13_SUPPORT */
+-
+ #ifdef THREADING_SUPPORT
+   mbedtls_ctr_drbg_init(&backend->ctr_drbg);
+ 
+@@ -1571,6 +1561,20 @@ static int mbedtls_init(void)
+ #ifdef THREADING_SUPPORT
+   entropy_init_mutex(&ts_entropy);
+ #endif
++#ifdef TLS13_SUPPORT
++  {
++    int ret;
++#ifdef THREADING_SUPPORT
++    Curl_mbedtlsthreadlock_lock_function(0);
++#endif
++    ret = psa_crypto_init();
++#ifdef THREADING_SUPPORT
++    Curl_mbedtlsthreadlock_unlock_function(0);
++#endif
++    if(ret != PSA_SUCCESS)
++      return 0;
++  }
++#endif /* TLS13_SUPPORT */
+   return 1;
+ }
+ 
diff --git a/net-misc/curl/files/curl-8.11.0-netrc-large-file.patch b/net-misc/curl/files/curl-8.11.0-netrc-large-file.patch
new file mode 100644
index 000000000000..ba0e45140640
--- /dev/null
+++ b/net-misc/curl/files/curl-8.11.0-netrc-large-file.patch
@@ -0,0 +1,25 @@
+https://github.com/curl/curl/commit/0cdde0fdfbeb8c35420f6d03fa4b77ed73497694
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 7 Nov 2024 17:03:54 +0100
+Subject: [PATCH] netrc: support large file, longer lines, longer tokens
+
+Regression from 3b43a05e000aa8f6 (shipped in 8.11.0)
+
+Reported-by: Moritz
+Fixes #15513
+Closes #15514
+--- a/lib/netrc.c
++++ b/lib/netrc.c
+@@ -58,9 +58,9 @@ enum found_state {
+ #define NETRC_FAILED -1
+ #define NETRC_SUCCESS 0
+ 
+-#define MAX_NETRC_LINE 4096
+-#define MAX_NETRC_FILE (64*1024)
+-#define MAX_NETRC_TOKEN 128
++#define MAX_NETRC_LINE 16384
++#define MAX_NETRC_FILE (128*1024)
++#define MAX_NETRC_TOKEN 4096
+ 
+ static CURLcode file2memory(const char *filename, struct dynbuf *filebuf)
+ {
diff --git a/net-misc/curl/files/curl-8.11.0-setopt-http_content_decoding.patch b/net-misc/curl/files/curl-8.11.0-setopt-http_content_decoding.patch
new file mode 100644
index 000000000000..68621e85ba00
--- /dev/null
+++ b/net-misc/curl/files/curl-8.11.0-setopt-http_content_decoding.patch
@@ -0,0 +1,20 @@
+https://github.com/curl/curl/commit/878bc429f26c27294787dc59d7b53345d9edc5aa
+From: Jesus Malo Poyatos <jmalopoy@opentext.com>
+Date: Thu, 7 Nov 2024 14:00:53 +0100
+Subject: [PATCH] setopt: fix CURLOPT_HTTP_CONTENT_DECODING
+
+Regression from 30da1f5974d34841b30c4f (shipped in 8.11.0)
+
+Fixes #15511
+Closes #15510
+--- a/lib/setopt.c
++++ b/lib/setopt.c
+@@ -1146,7 +1146,7 @@ static CURLcode setopt_long(struct Curl_easy *data, CURLoption option,
+     /*
+      * raw data passed to the application when content encoding is used
+      */
+-    data->set.http_ce_skip = enabled;
++    data->set.http_ce_skip = !enabled; /* reversed */
+     break;
+ 
+ #if !defined(CURL_DISABLE_FTP) || defined(USE_SSH)
diff --git a/net-misc/curl/files/curl-prefix-3.patch b/net-misc/curl/files/curl-prefix-3.patch
new file mode 100644
index 000000000000..cebca0bbfa99
--- /dev/null
+++ b/net-misc/curl/files/curl-prefix-3.patch
@@ -0,0 +1,34 @@
+From 6927ecf38cf3372d539c88479e97707d855de07e Mon Sep 17 00:00:00 2001
+From: Matt Jolly <kangie@gentoo.org>
+Date: Sun, 10 Nov 2024 08:51:02 +1000
+Subject: [PATCH] Update prefix patch for 8.11.0
+
+---
+ curl-config.in | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/curl-config.in b/curl-config.in
+index 2dc40ed..1876d6c 100644
+--- a/curl-config.in
++++ b/curl-config.in
+@@ -147,7 +147,7 @@ while test "$#" -gt 0; do
+     else
+       CPPFLAG_CURL_STATICLIB=''
+     fi
+-    if test "X@includedir@" = 'X/usr/include'; then
++    if test "X@includedir@" = "X@GENTOO_PORTAGE_EPREFIX@/usr/include"; then
+       echo "${CPPFLAG_CURL_STATICLIB}"
+     else
+       echo "${CPPFLAG_CURL_STATICLIB}-I@includedir@"
+@@ -155,7 +155,7 @@ while test "$#" -gt 0; do
+     ;;
+ 
+   --libs)
+-    if test "X@libdir@" != 'X/usr/lib' -a "X@libdir@" != 'X/usr/lib64'; then
++    if test "X@libdir@" != "X@GENTOO_PORTAGE_EPREFIX@/usr/lib" -a "X@libdir@" != "X@GENTOO_PORTAGE_EPREFIX@/usr/lib64"; then
+       CURLLIBDIR="-L@libdir@ "
+     else
+       CURLLIBDIR=''
+-- 
+2.47.0
+