diff options
Diffstat (limited to 'net-misc/curl')
| -rw-r--r-- | net-misc/curl/Manifest | 9 | ||||
| -rw-r--r-- | net-misc/curl/curl-8.13.0-r1.ebuild | 442 | ||||
| -rw-r--r-- | net-misc/curl/files/curl-8.11.1-async-thread-close-eventfd.patch | 33 | ||||
| -rw-r--r-- | net-misc/curl/files/curl-8.13.0-gssapi-non-ssl-build.patch | 28 | ||||
| -rw-r--r-- | net-misc/curl/files/curl-8.13.0-hostip-correct-proxy-name.patch | 46 | ||||
| -rw-r--r-- | net-misc/curl/files/curl-8.13.0-http2-stream-window-size.patch | 143 | ||||
| -rw-r--r-- | net-misc/curl/files/curl-8.13.0-httpsrr-target-check.patch | 22 | ||||
| -rw-r--r-- | net-misc/curl/files/curl-8.13.0-krb5-ftp.patch | 19 | ||||
| -rw-r--r-- | net-misc/curl/files/curl-8.13.0-openssl-quic-stream-shutdown.patch | 44 | ||||
| -rw-r--r-- | net-misc/curl/files/curl-prefix-3.patch | 34 |
10 files changed, 751 insertions, 69 deletions
diff --git a/net-misc/curl/Manifest b/net-misc/curl/Manifest index 13ed33dc6b71..f851dc60ac20 100644 --- a/net-misc/curl/Manifest +++ b/net-misc/curl/Manifest @@ -1,5 +1,9 @@ -AUX curl-8.11.1-async-thread-close-eventfd.patch 1080 BLAKE2B fa1ff8ff20870c80a4c7dd0ef2ec116ce78a987b9659a77f513c44b6237f0b0b6bf48e547cefd6e157d85ee6113669bffe02e6f7321b19a8ffec12caa2d655f4 SHA512 a4662fbea884a05e151c0d100e012e9f1c1f8de53f70f20c9df6fc54ea9d293211475dd084bae32bf0508c7438971f921f6840cae4e9424589511dbe44584609 -AUX curl-prefix-3.patch 1068 BLAKE2B dbaf21f38874a308557997d6a3a7a1f9fdb817b22d9846b4d6bd2bae413b7177650f20f17b10bfcc4a6747a89470dc2672ce79ba67d08fc92ebbbba353ba6c3a SHA512 c10a0062564be885f36e7c37bb58f3aa59c387369b9aae6342f818d4671e31cec99fd9ddda3577f03d1f8e87b926b8d75b006ca543f41a264e8595af79242b62 +AUX curl-8.13.0-gssapi-non-ssl-build.patch 1051 BLAKE2B fdf0a76c3656cd08390c74dc8a7b11fdcfd6b03de1aa0a94829a632de7c0610d089b14d8fb338a3d04a19bdca1b5e4af8f5aba98e8b403ff6bbed8dd159e8a3c SHA512 252998c9026f70d0bcd63af0d8eeb73673b7713203612ad2974331616506f588296449bc4949d3eff067aa1580fc36945300f5855703fa14b44782470918f493 +AUX curl-8.13.0-hostip-correct-proxy-name.patch 1412 BLAKE2B 90e8ea550abccf1063a082b5dc02dea9cd34202496e9ab2dc13b844802ad0f9b8607b35f2f13129b25dfa76b7a94ef934da550987d7f709b187bb7019b2a834f SHA512 40f111c3c494bbbf0dea6a823fae8f8571a65f065d15251c3bc252d8f4c8b38289adcec044153cf171441cbd4562c775268cdc175be6fa6d2c048b4aa8f6c1ba +AUX curl-8.13.0-http2-stream-window-size.patch 5872 BLAKE2B 90a14fdfba6502ec92247547a7b2aa4ad619867a98663bbd42dc830c4db960ec545ebc82fa243b88d6cdce7c400e13f3d881daae20fc7ee44a8be917a9613500 SHA512 f11e079c42be142dc6fbf664096588001afbbd3832dca204500597049cb9e39f5bc59636f7caf777ebb8d728268ca522df3c935f420045c6d3240107bb067ae0 +AUX curl-8.13.0-httpsrr-target-check.patch 948 BLAKE2B c442305ecf92b2f54da52bc7c1eaaa0058ae59330ae0a1d6abc92c7e56f42d937103e49adbc3856fb48bf40207a48b4e7a3b2de54880bcd1fb8a6671d05d5d18 SHA512 3a36000dbd50052f4b8aa6e58f68489e83be0ce1051667c15bd4955b2a997bff19767c26b18167604287dbb7c99fe37faf2734ae02e2f95473cec95c5a08c67b +AUX curl-8.13.0-krb5-ftp.patch 685 BLAKE2B 258d7e0e40d43337fb67a2f8941d6015c134c73192ad405750fc6179baababaf7acb3014422fdd82a01ddd736474dd917b78009171f150459b0e778119b09499 SHA512 d882a086e0fd899044ecaa25a794489041a918fb1bb76b203bb4c558adac410b01405b2f7e6d2af4823dc9811c74e0ebc4542e4e5cb6648dfad3cc229a678fb3 +AUX curl-8.13.0-openssl-quic-stream-shutdown.patch 1878 BLAKE2B 019ce80d247e199eb23ce072e2ccc188663e5338b2cf8bdd2891e94572fd704ece01cd9ae4522fd39857c1f36f9ed70f3c8c2b97292b6a358c46b38d735ae241 SHA512 f9a8b549193a21a7befab29c4672343f0adcc0fc2bbf2d5361b15abf1157f05b89bf9a0ab597e7d8de2465526111ed9b5c7a7277f382c8e30a33847fbc23c725 AUX curl-prefix-4.patch 1078 BLAKE2B 3211f94da95bb4299c3ffb34db160f92ca5ffaf2995854a97f5fa935895d31e39fe52bc9a9459071f2ba844a8bb86cbacf6fe9dc0e337499138507420d4cbf91 SHA512 ca2cec79636d69d38da41292d8da6d682c5522f0afc883b3210506f8c9c532e8231c205b7b940272de2d085be28cc3838ac721302377fef634751bb40b3b3941 AUX curl-respect-cflags-3.patch 406 BLAKE2B 1b533144858aff5566150c4a2648ad2e48e8ff29849ae285592edfee4b3332d06e750395dea7190ee6a01d2b5ee2c2c42c10400c2e5defa09963a90a1a10417d SHA512 3219e4e67d534e35012909243fc8d69d58989462db44dd507c502e7aaa299f1d9a01392e2c83797cc2bdb53d503470c5d6e7bf94572a6ccc6e5eafcc0466bc54 DIST curl-8.12.1.tar.xz 2768160 BLAKE2B 2b3e3d91041881c0951ad470736266105d3b9720440b808fe382baa493a30075aba52eb1d329fb1f148e27cd76290d82e121e7f4abf695f215456a10e26ade3e SHA512 88915468fa1bb7256e3dd6c9d058ada6894faa1e3e7800c7d9bfee3e8be4081ae57e7f2bf260c5342b709499fc4302ddc2d7864e25bfa3300fa07f118a3de603 @@ -7,6 +11,7 @@ DIST curl-8.12.1.tar.xz.asc 488 BLAKE2B 2a6563609c9f7ada84ca2c7048ad9406809eef4c DIST curl-8.13.0.tar.xz 2773628 BLAKE2B 6869634ad50f015d5c7526699034d5a3f27d9588bc32eacc8080dbd6c690f63b1f25cee40d3fdf8fd9dd8535c305ea9c5edf1d5a02bc6d9ce60fd8c88230aca0 SHA512 d266e460f162ee455b56726e5b7247b2d1aa5265ae12081513fc0c5c79e785a594097bc71d505dc9bcd2c2f6f1ff6f4bab9dbd9d120bb76d06c5be8521a8ca7d DIST curl-8.13.0.tar.xz.asc 488 BLAKE2B bd568ec32a44ef7c14c38e4830bcc7711dac726e950325292f1e5de76e619839685300c5afac32330127324327e71ce0d6e574f6e95bcc4a48957345152bc86a SHA512 07f79c7fd7c305c96e10a5f52797254aed7d2a1f3577c8626b8d617855ceb82634ac6787bfa0b7130a4ed72c3a9945d3c9ba5b7be54df8bafa07ded1c62ef2be EBUILD curl-8.12.1.ebuild 11629 BLAKE2B 3de0fe436f0d733fd18a93911678c4383a33cb8600ffb9e3739ce1763712971631bc410da11489ab992887c70706d83235cd214f5c03076280c999cdb1ffc05e SHA512 5536f39147536ae064d4613fb7bc76afde032d1e175355c9236838c15341df6f4a38869c4c5341f8524c522c376552e0e28b5017e428e984ef3f7fe25879935b +EBUILD curl-8.13.0-r1.ebuild 13171 BLAKE2B cfbd51dd2ffe242e2434ea36cf9ae899d338cebc98dd2a2f4bf4b326eb4f26fe123e3bbe91f99866bb7b0d5742f7a2bc146f2eab90c2e7202498b51bd420838a SHA512 19befd99e9fb9a4540bbc342cf031a911b4a34120043cb30f9a51a2babd41af50af8731f772d61ab0dfbca4f4199c5c96575e827ff4b913001a9e4eb67bc94ea EBUILD curl-8.13.0.ebuild 12884 BLAKE2B 67afaa65d36face2d44b5f2f425eb3a6ffbe9b3dc689c239c3ebb6800377a313099c1bbe9484ed563e0b2a4858436e221a36a3d6a33b41e21d4bb557ea703328 SHA512 f9d6085ecad1ae293bcadb9da861235ccd5865ba064e2c897426b4673f661e6dffcd6af7ff971f4a1a0cedb53caad96285ca3a16ba25ada7665ae28e54358c36 EBUILD curl-9999.ebuild 12884 BLAKE2B 67afaa65d36face2d44b5f2f425eb3a6ffbe9b3dc689c239c3ebb6800377a313099c1bbe9484ed563e0b2a4858436e221a36a3d6a33b41e21d4bb557ea703328 SHA512 f9d6085ecad1ae293bcadb9da861235ccd5865ba064e2c897426b4673f661e6dffcd6af7ff971f4a1a0cedb53caad96285ca3a16ba25ada7665ae28e54358c36 MISC metadata.xml 2392 BLAKE2B b00c099dddba47b3873118bde600d5ef994b35a8b0a95f3e3186f749f5fe2e31f5c5f7d52266e664c81919323b5da7c583a7666ecc1d99d0b09f8d7ca20cf1b9 SHA512 eb435d7f6fe61b7154461a0c280d7c84049a8ebdc0dd2fdd529f784072d66dacb3b20bea7437979247b002bf6f7de336e32cde0fad1b5ff1ab1198896e42a1d6 diff --git a/net-misc/curl/curl-8.13.0-r1.ebuild b/net-misc/curl/curl-8.13.0-r1.ebuild new file mode 100644 index 000000000000..0f146fdc07c2 --- /dev/null +++ b/net-misc/curl/curl-8.13.0-r1.ebuild @@ -0,0 +1,442 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +# Maintainers should subscribe to the 'curl-distros' ML for backports etc +# https://daniel.haxx.se/blog/2024/03/25/curl-distro-report/ +# https://lists.haxx.se/listinfo/curl-distros + +VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/danielstenberg.asc +inherit autotools multilib-minimal multiprocessing prefix toolchain-funcs verify-sig + +DESCRIPTION="A Client that groks URLs" +HOMEPAGE="https://curl.se/" + +if [[ ${PV} == 9999 ]]; then + inherit git-r3 + EGIT_REPO_URI="https://github.com/curl/curl.git" +else + if [[ ${P} == *rc* ]]; then + CURL_URI="https://curl.se/rc/" + S="${WORKDIR}/${P//_/-}" + else + CURL_URI="https://curl.se/download/" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" + fi + SRC_URI=" + ${CURL_URI}${P//_/-}.tar.xz + verify-sig? ( ${CURL_URI}${P//_/-}.tar.xz.asc ) + " +fi + +LICENSE="BSD curl ISC test? ( BSD-4 )" +SLOT="0" +IUSE="+adns +alt-svc brotli debug ech +ftp gnutls gopher +hsts +http2 +http3 +httpsrr idn +imap kerberos ldap" +IUSE+=" mbedtls +openssl +pop3 +psl +quic rtmp rustls samba sasl-scram +smtp ssh ssl static-libs test" +IUSE+=" telnet +tftp +websockets zstd" +# These select the default tls implementation / which quic impl to use +IUSE+=" +curl_quic_openssl curl_quic_ngtcp2 curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls" +RESTRICT="!test? ( test )" + +# HTTPS RR is technically usable with the threaded resolver, but it still uses c-ares to +# ask for the HTTPS RR record type; if DoH is in use the HTTPS record will be requested +# in addition to A and AAAA records. + +# To simplify dependency management in the ebuild we'll require c-ares for HTTPS RR (for now?). +# HTTPS RR in cURL is a dependency for: +# - ECH (requires patched openssl or gnutls currently, enabled with rustls) +# - Fetching the ALPN list which should provide a better HTTP/3 experience. + +# Only one default ssl / quic provider can be enabled +# The default provider needs its USE satisfied +# HTTP/3 and MultiSSL are mutually exclusive; it's not clear if MultiSSL offers any benefit at all in the modern day. +# https://github.com/curl/curl/commit/65ece771f4602107d9cdd339dff4b420280a2c2e +REQUIRED_USE=" + ech? ( rustls ) + httpsrr? ( adns ) + quic? ( + ^^ ( + curl_quic_openssl + curl_quic_ngtcp2 + ) + http3 + ssl + ) + ssl? ( + ^^ ( + curl_ssl_gnutls + curl_ssl_mbedtls + curl_ssl_openssl + curl_ssl_rustls + ) + ) + curl_quic_openssl? ( + curl_ssl_openssl + quic + !gnutls + !mbedtls + !rustls + ) + curl_quic_ngtcp2? ( + curl_ssl_gnutls + quic + !mbedtls + !openssl + !rustls + ) + curl_ssl_gnutls? ( gnutls ) + curl_ssl_mbedtls? ( mbedtls ) + curl_ssl_openssl? ( openssl ) + curl_ssl_rustls? ( rustls ) + http3? ( alt-svc httpsrr quic ) +" + +# cURL's docs and CI/CD are great resources for confirming supported versions +# particulary for fast-moving targets like HTTP/2 and TCP/2 e.g.: +# - https://github.com/curl/curl/blob/master/docs/INTERNALS.md (core dependencies + minimum versions) +# - https://github.com/curl/curl/blob/master/docs/HTTP3.md (example of a feature that moves quickly) +# - https://github.com/curl/curl/blob/master/.github/workflows/http3-linux.yml (CI/CD for TCP/2) +# However 'supported' vs 'works' are two entirely different things; be sane but +# don't be afraid to require a later version. +# ngtcp2 = https://bugs.gentoo.org/912029 - can only build with one tls backend at a time. +RDEPEND=" + >=sys-libs/zlib-1.2.5[${MULTILIB_USEDEP}] + adns? ( >=net-dns/c-ares-1.16.0:=[${MULTILIB_USEDEP}] ) + brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] ) + http2? ( >=net-libs/nghttp2-1.15.0:=[${MULTILIB_USEDEP}] ) + http3? ( >=net-libs/nghttp3-1.1.0[${MULTILIB_USEDEP}] ) + idn? ( >=net-dns/libidn2-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] ) + kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] ) + ldap? ( >=net-nds/openldap-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] ) + psl? ( net-libs/libpsl[${MULTILIB_USEDEP}] ) + quic? ( + curl_quic_openssl? ( >=dev-libs/openssl-3.3.0:=[quic,${MULTILIB_USEDEP}] ) + curl_quic_ngtcp2? ( >=net-libs/ngtcp2-1.2.0[gnutls,ssl,-openssl,${MULTILIB_USEDEP}] ) + ) + rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] ) + ssh? ( >=net-libs/libssh2-1.2.8[${MULTILIB_USEDEP}] ) + sasl-scram? ( >=net-misc/gsasl-2.2.0[static-libs?,${MULTILIB_USEDEP}] ) + ssl? ( + gnutls? ( + app-misc/ca-certificates + >=net-libs/gnutls-3.1.10:=[static-libs?,${MULTILIB_USEDEP}] + dev-libs/nettle:=[${MULTILIB_USEDEP}] + ) + mbedtls? ( + app-misc/ca-certificates + net-libs/mbedtls:0=[${MULTILIB_USEDEP}] + ) + openssl? ( + >=dev-libs/openssl-1.0.2:=[static-libs?,${MULTILIB_USEDEP}] + ) + rustls? ( + >=net-libs/rustls-ffi-0.15.0:=[${MULTILIB_USEDEP}] + ) + ) + zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] ) +" + +DEPEND="${RDEPEND}" + +BDEPEND=" + dev-lang/perl + virtual/pkgconfig + test? ( + sys-apps/diffutils + http2? ( >=net-libs/nghttp2-1.15.0:=[utils,${MULTILIB_USEDEP}] ) + http3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] ) + ) + verify-sig? ( sec-keys/openpgp-keys-danielstenberg ) +" + +DOCS=( README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} ) + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/curl/curlbuild.h +) + +MULTILIB_CHOST_TOOLS=( + /usr/bin/curl-config +) + +QA_CONFIG_IMPL_DECL_SKIP=( + __builtin_available + closesocket + CloseSocket + getpass_r + ioctlsocket + IoctlSocket + mach_absolute_time + setmode + _fseeki64 + # custom AC_LINK_IFELSE code fails to link even without -Werror + OSSL_QUIC_client_method +) + +PATCHES=( + "${FILESDIR}/${PN}-prefix-4.patch" + "${FILESDIR}/${PN}-respect-cflags-3.patch" + "${FILESDIR}/${P}-gssapi-non-ssl-build.patch" + "${FILESDIR}/${P}-hostip-correct-proxy-name.patch" + "${FILESDIR}/${P}-http2-stream-window-size.patch" + "${FILESDIR}/${P}-httpsrr-target-check.patch" + "${FILESDIR}/${P}-krb5-ftp.patch" + "${FILESDIR}/${P}-openssl-quic-stream-shutdown.patch" +) + +src_prepare() { + default + + eprefixify curl-config.in + eautoreconf +} + +# Generates TLS-related configure options based on USE flags. +# Outputs options suitable for appending to a configure options array. +_get_curl_tls_configure_opts() { + local tls_opts=() + + local backend flag_name + for backend in gnutls mbedtls openssl rustls; do + if [[ "$backend" == "openssl" ]]; then + flag_name="ssl" + tls_opts+=( "--with-ca-path=${EPREFIX}/etc/ssl/certs") + else + flag_name="$backend" + fi + + if use "$backend"; then + tls_opts+=( "--with-${flag_name}" ) + else + # If a single backend is enabled, 'ssl' is required, openssl is the default / fallback + if ! [[ "$backend" == "openssl" ]]; then + tls_opts+=( "--without-${flag_name}" ) + fi + fi + done + + if use curl_ssl_gnutls; then + multilib_is_native_abi && einfo "Default TLS backend: gnutls" + tls_opts+=( "--with-default-ssl-backend=gnutls" ) + elif use curl_ssl_mbedtls; then + multilib_is_native_abi && einfo "Default TLS backend: mbedtls" + tls_opts+=( "--with-default-ssl-backend=mbedtls" ) + elif use curl_ssl_openssl; then + multilib_is_native_abi && einfo "Default TLS backend: openssl" + tls_opts+=( "--with-default-ssl-backend=openssl" ) + elif use curl_ssl_rustls; then + multilib_is_native_abi && einfo "Default TLS backend: rustls" + tls_opts+=( "--with-default-ssl-backend=rustls" ) + else + eerror "We can't be here because of REQUIRED_USE." + die "Please file a bug, hit impossible condition w/ USE=ssl handling." + fi + + # Explicitly Disable unimplemented b + tls_opts+=( + --without-amissl + --without-bearssl + --without-wolfssl + ) + + printf "%s\n" "${tls_opts[@]}" +} + +multilib_src_configure() { + # We make use of the fact that later flags override earlier ones + # So start with all ssl providers off until proven otherwise + # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/) + local myconf=() + + myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt ) + if use ssl; then + local -a tls_backend_opts + readarray -t tls_backend_opts < <(_get_curl_tls_configure_opts) + myconf+=("${tls_backend_opts[@]}") + else + myconf+=( --without-ssl ) + einfo "SSL disabled" + fi + + # These configuration options are organised alphabetically by category/type + + # Protocols + # `grep SUPPORT_PROTOCOLS=\" configure.ac | awk '{ print substr($2, 1, length($2)-1)}' | sort` + # Assume that anything omitted (that is not new!) is enabled by default with no deps + myconf+=( + --enable-file + $(use_enable ftp) + $(use_enable gopher) + --enable-http + $(use_enable imap) # Automatic IMAPS if TLS is enabled + $(use_enable ldap ldaps) + $(use_enable ldap) + $(use_enable pop3) + $(use_enable samba smb) + $(use_with ssh libssh2) # enables scp/sftp + $(use_with rtmp librtmp) + --enable-rtsp + $(use_enable smtp) + $(use_enable telnet) + $(use_enable tftp) + $(use_enable websockets) + ) + + # Keep various 'HTTP-flavoured' options together + myconf+=( + $(use_enable alt-svc) + $(use_enable hsts) + $(use_enable httpsrr) + $(use_with http2 nghttp2) + $(use_with http3 nghttp3) + $(use_with curl_quic_ngtcp2 ngtcp2) + $(use_with curl_quic_openssl openssl-quic) + ) + + # --enable/disable options + # `grep -- --enable configure | grep Check | awk '{ print $4 }' | sort` + myconf+=( + $(use_enable adns ares) + --enable-aws + --enable-basic-auth + --enable-bearer-auth + --enable-cookies + --enable-dateparse + --enable-dict + --enable-digest-auth + --enable-dnsshuffle + --enable-doh + $(use_enable ech) + --enable-http-auth + --enable-ipv6 + --enable-kerberos-auth + --enable-largefile + --enable-manual + --enable-mime + --enable-negotiate-auth + --enable-netrc + --enable-ntlm + --enable-progress-meter + --enable-proxy + --enable-rt + --enable-socketpair + --disable-sspi + $(use_enable static-libs static) + --enable-symbol-hiding + --enable-tls-srp + --disable-versioned-symbols + ) + + # --with/without options + # `grep -- --with configure | grep Check | awk '{ print $4 }' | sort` + myconf+=( + $(use_with brotli) + --with-fish-functions-dir="${EPREFIX}"/usr/share/fish/vendor_completions.d + $(use_with idn libidn2) + $(use_with kerberos gssapi "${EPREFIX}"/usr) + $(use_with sasl-scram libgsasl) + $(use_with psl libpsl) + --without-msh3 + --without-quiche + --without-schannel + --without-secure-transport + --without-winidn + --with-zlib + --with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions + $(use_with zstd) + ) + + # Test deps (disabled) + myconf+=( + --without-test-caddy + --without-test-httpd + --without-test-nghttpx + ) + + if use debug; then + myconf+=( + --enable-debug + ) + fi + + if use test && multilib_is_native_abi && ( use http2 || use http3 ); then + myconf+=( + --with-test-nghttpx="${BROOT}/usr/bin/nghttpx" + ) + fi + + # Since 8.12.0 adns/c-ares and the threaded resolver are mutually exclusive + # This is in support of some work to enable `httpsrr` to use adns and the rest + # of curl to use the threaded resolver; for us `httpsrr` is conditional on adns. + if use adns; then + myconf+=( + --disable-threaded-resolver + ) + else + myconf+=( + --enable-threaded-resolver + ) + fi + + ECONF_SOURCE="${S}" econf "${myconf[@]}" + + if ! multilib_is_native_abi; then + # Avoid building the client (we just want libcurl for multilib) + sed -i -e '/SUBDIRS/s:src::' Makefile || die + sed -i -e '/SUBDIRS/s:scripts::' Makefile || die + fi + +} + +multilib_src_compile() { + default + + if multilib_is_native_abi; then + # Shell completions + ! tc-is-cross-compiler && emake -C scripts + fi +} + +# There is also a pytest harness that tests for bugs in some very specific +# situations; we can rely on upstream for this rather than adding additional test deps. +multilib_src_test() { + # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721 + # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches) + # -v: verbose + # -a: keep going on failure (so we see everything that breaks, not just 1st test) + # -k: keep test files after completion + # -am: automake style TAP output + # -p: print logs if test fails + # Note: if needed, we can skip specific tests. See e.g. Fedora's packaging + # or just read https://github.com/curl/curl/tree/master/tests#run. + # Note: we don't run the testsuite for cross-compilation. + # Upstream recommend 7*nproc as a starting point for parallel tests, but + # this ends up breaking when nproc is huge (like -j80). + # The network sandbox causes tests 241 and 1083 to fail; these are typically skipped + # as most gentoo users don't have an 'ip6-localhost' + multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p -j$((2*$(makeopts_jobs))) !241 !1083" +} + +multilib_src_install() { + emake DESTDIR="${D}" install + + if multilib_is_native_abi; then + # Shell completions + ! tc-is-cross-compiler && emake -C scripts DESTDIR="${D}" install + fi +} + +multilib_src_install_all() { + einstalldocs + find "${ED}" -type f -name '*.la' -delete || die + rm -rf "${ED}"/etc/ || die +} + +pkg_postinst() { + if use debug; then + ewarn "USE=debug has been selected, enabling debug codepaths and making cURL extra verbose." + ewarn "Use this _only_ for testing. Debug builds should _not_ be used in anger." + ewarn "hic sunt dracones; you have been warned." + fi +} diff --git a/net-misc/curl/files/curl-8.11.1-async-thread-close-eventfd.patch b/net-misc/curl/files/curl-8.11.1-async-thread-close-eventfd.patch deleted file mode 100644 index 2bdfc51838d7..000000000000 --- a/net-misc/curl/files/curl-8.11.1-async-thread-close-eventfd.patch +++ /dev/null @@ -1,33 +0,0 @@ -https://github.com/curl/curl/commit/ff5091aa9f73802e894b1cbdf24ab84e103200e2 -From: Andy Pan <i@andypan.me> -Date: Thu, 12 Dec 2024 12:48:56 +0000 -Subject: [PATCH] async-thread: avoid closing eventfd twice - -When employing eventfd for socketpair, there is only one file -descriptor. Closing that fd twice might result in fd corruption. -Thus, we should avoid closing the eventfd twice, following the -pattern in lib/multi.c. - -Fixes #15725 -Closes #15727 -Reported-by: Christian Heusel ---- - lib/asyn-thread.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/lib/asyn-thread.c b/lib/asyn-thread.c -index a58e4b790494ab..32d496b107cb0a 100644 ---- a/lib/asyn-thread.c -+++ b/lib/asyn-thread.c -@@ -195,9 +195,11 @@ void destroy_thread_sync_data(struct thread_sync_data *tsd) - * close one end of the socket pair (may be done in resolver thread); - * the other end (for reading) is always closed in the parent thread. - */ -+#ifndef USE_EVENTFD - if(tsd->sock_pair[1] != CURL_SOCKET_BAD) { - wakeup_close(tsd->sock_pair[1]); - } -+#endif - #endif - memset(tsd, 0, sizeof(*tsd)); - } diff --git a/net-misc/curl/files/curl-8.13.0-gssapi-non-ssl-build.patch b/net-misc/curl/files/curl-8.13.0-gssapi-non-ssl-build.patch new file mode 100644 index 000000000000..cd9bde14def5 --- /dev/null +++ b/net-misc/curl/files/curl-8.13.0-gssapi-non-ssl-build.patch @@ -0,0 +1,28 @@ +https://github.com/curl/curl/commit/fe5f435b42a6c928b57c61db5d57f96b5c5a39be +From: Andrew <akirillo@uk.ibm.com> +Date: Wed, 2 Apr 2025 13:45:21 +0100 +Subject: [PATCH] http_negotiate: fix non-SSL build with GSSAPI + +Fixes #16919 +Closes #16921 +--- a/lib/http_negotiate.c ++++ b/lib/http_negotiate.c +@@ -110,8 +110,8 @@ CURLcode Curl_input_negotiate(struct Curl_easy *data, struct connectdata *conn, + #endif + /* Check if the connection is using SSL and get the channel binding data */ + #ifdef HAVE_GSSAPI +- Curl_dyn_init(&neg_ctx->channel_binding_data, SSL_CB_MAX_SIZE + 1); + #ifdef USE_SSL ++ Curl_dyn_init(&neg_ctx->channel_binding_data, SSL_CB_MAX_SIZE + 1); + if(Curl_conn_is_ssl(conn, FIRSTSOCKET)) { + result = Curl_ssl_get_channel_binding( + data, FIRSTSOCKET, &neg_ctx->channel_binding_data); +@@ -120,6 +120,8 @@ CURLcode Curl_input_negotiate(struct Curl_easy *data, struct connectdata *conn, + return result; + } + } ++#else ++ Curl_dyn_init(&neg_ctx->channel_binding_data, 1); + #endif /* USE_SSL */ + #endif /* HAVE_GSSAPI */ + diff --git a/net-misc/curl/files/curl-8.13.0-hostip-correct-proxy-name.patch b/net-misc/curl/files/curl-8.13.0-hostip-correct-proxy-name.patch new file mode 100644 index 000000000000..18965c9b94ad --- /dev/null +++ b/net-misc/curl/files/curl-8.13.0-hostip-correct-proxy-name.patch @@ -0,0 +1,46 @@ +https://github.com/curl/curl/commit/db3e7a24b5339860fb91cf0d932e8ae13a01e472 +From: Daniel Stenberg <daniel@haxx.se> +Date: Fri, 4 Apr 2025 12:34:09 +0200 +Subject: [PATCH] hostip: show the correct name on proxy resolve error + +Regression, probably from 8ded8e5f3f4b6586399 (#16451) + +Fixes #16958 +Reported-by: Jean-Christophe Amiel +Closes #16961 +--- a/lib/hostip.c ++++ b/lib/hostip.c +@@ -1494,25 +1494,21 @@ CURLcode Curl_once_resolved(struct Curl_easy *data, bool *protocol_done) + #ifdef USE_CURL_ASYNC + CURLcode Curl_resolver_error(struct Curl_easy *data) + { +- const char *host_or_proxy; +- CURLcode result; ++ struct connectdata *conn = data->conn; ++ const char *host_or_proxy = "host"; ++ const char *name = conn->host.dispname; ++ CURLcode result = CURLE_COULDNT_RESOLVE_HOST; + + #ifndef CURL_DISABLE_PROXY +- struct connectdata *conn = data->conn; +- if(conn->bits.httpproxy) { ++ if(conn->bits.proxy) { + host_or_proxy = "proxy"; + result = CURLE_COULDNT_RESOLVE_PROXY; ++ name = conn->socks_proxy.host.name ? conn->socks_proxy.host.dispname : ++ conn->http_proxy.host.dispname; + } +- else + #endif +- { +- host_or_proxy = "host"; +- result = CURLE_COULDNT_RESOLVE_HOST; +- } +- +- failf(data, "Could not resolve %s: %s", host_or_proxy, +- data->conn->host.dispname); + ++ failf(data, "Could not resolve %s: %s", host_or_proxy, name); + return result; + } + #endif /* USE_CURL_ASYNC */ diff --git a/net-misc/curl/files/curl-8.13.0-http2-stream-window-size.patch b/net-misc/curl/files/curl-8.13.0-http2-stream-window-size.patch new file mode 100644 index 000000000000..f16c13738a70 --- /dev/null +++ b/net-misc/curl/files/curl-8.13.0-http2-stream-window-size.patch @@ -0,0 +1,143 @@ +https://github.com/curl/curl/commit/5fbd78eb2dc4afbd8884e8eed27147fc3d4318f6 +From: Stefan Eissing <stefan@eissing.org> +Date: Fri, 4 Apr 2025 10:43:13 +0200 +Subject: [PATCH] http2: fix stream window size after unpausing + +When pausing a HTTP/2 transfer, the stream's local window size +is reduced to 0 to prevent the server from sending further data +which curl cannot write out to the application. + +When unpausing again, the stream's window size was not correctly +increased again. The attempt to trigger a window update was +ignored by nghttp2, the server never received it and the transfer +stalled. + +Add a debug feature to allow use of small window sizes which +reproduces this bug in test_02_21. + +Fixes #16955 +Closes #16960 +--- a/docs/libcurl/libcurl-env-dbg.md ++++ b/docs/libcurl/libcurl-env-dbg.md +@@ -147,3 +147,8 @@ Make a blocking, graceful shutdown of all remaining connections when + a multi handle is destroyed. This implicitly triggers for easy handles + that are run via easy_perform. The value of the environment variable + gives the shutdown timeout in milliseconds. ++ ++## `CURL_H2_STREAM_WIN_MAX` ++ ++Set to a positive 32-bit number to override the HTTP/2 stream window's ++default of 10MB. Used in testing to verify correct window update handling. +--- a/lib/http2.c ++++ b/lib/http2.c +@@ -44,6 +44,7 @@ + #include "connect.h" + #include "rand.h" + #include "strdup.h" ++#include "strparse.h" + #include "transfer.h" + #include "dynbuf.h" + #include "headers.h" +@@ -141,6 +142,9 @@ struct cf_h2_ctx { + uint32_t goaway_error; /* goaway error code from server */ + int32_t remote_max_sid; /* max id processed by server */ + int32_t local_max_sid; /* max id processed by us */ ++#ifdef DEBUGBUILD ++ int32_t stream_win_max; /* max h2 stream window size */ ++#endif + BIT(initialized); + BIT(via_h1_upgrade); + BIT(conn_closed); +@@ -166,6 +170,18 @@ static void cf_h2_ctx_init(struct cf_h2_ctx *ctx, bool via_h1_upgrade) + Curl_hash_offt_init(&ctx->streams, 63, h2_stream_hash_free); + ctx->remote_max_sid = 2147483647; + ctx->via_h1_upgrade = via_h1_upgrade; ++#ifdef DEBUGBUILD ++ { ++ const char *p = getenv("CURL_H2_STREAM_WIN_MAX"); ++ ++ ctx->stream_win_max = H2_STREAM_WINDOW_SIZE_MAX; ++ if(p) { ++ curl_off_t l; ++ if(!Curl_str_number(&p, &l, INT_MAX)) ++ ctx->stream_win_max = (int32_t)l; ++ } ++ } ++#endif + ctx->initialized = TRUE; + } + +@@ -285,7 +301,15 @@ static int32_t cf_h2_get_desired_local_win(struct Curl_cfilter *cf, + * This gets less precise the higher the latency. */ + return (int32_t)data->set.max_recv_speed; + } ++#ifdef DEBUGBUILD ++ else { ++ struct cf_h2_ctx *ctx = cf->ctx; ++ CURL_TRC_CF(data, cf, "stream_win_max=%d", ctx->stream_win_max); ++ return ctx->stream_win_max; ++ } ++#else + return H2_STREAM_WINDOW_SIZE_MAX; ++#endif + } + + static CURLcode cf_h2_update_local_win(struct Curl_cfilter *cf, +@@ -302,6 +326,13 @@ static CURLcode cf_h2_update_local_win(struct Curl_cfilter *cf, + int32_t wsize = nghttp2_session_get_stream_effective_local_window_size( + ctx->h2, stream->id); + if(dwsize > wsize) { ++ rv = nghttp2_session_set_local_window_size(ctx->h2, NGHTTP2_FLAG_NONE, ++ stream->id, dwsize); ++ if(rv) { ++ failf(data, "[%d] nghttp2 set_local_window_size(%d) failed: " ++ "%s(%d)", stream->id, dwsize, nghttp2_strerror(rv), rv); ++ return CURLE_HTTP2; ++ } + rv = nghttp2_submit_window_update(ctx->h2, NGHTTP2_FLAG_NONE, + stream->id, dwsize - wsize); + if(rv) { +--- a/tests/http/test_02_download.py ++++ b/tests/http/test_02_download.py +@@ -313,9 +313,9 @@ def test_02_20_h2_small_frames(self, env: Env, httpd): + assert httpd.stop() + assert httpd.start() + +- # download via lib client, 1 at a time, pause/resume at different offsets ++ # download serial via lib client, pause/resume at different offsets + @pytest.mark.parametrize("pause_offset", [0, 10*1024, 100*1023, 640000]) +- @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3']) ++ @pytest.mark.parametrize("proto", ['http/1.1', 'h3']) + def test_02_21_lib_serial(self, env: Env, httpd, nghttpx, proto, pause_offset): + if proto == 'h3' and not env.have_h3(): + pytest.skip("h3 not supported") +@@ -332,6 +332,29 @@ def test_02_21_lib_serial(self, env: Env, httpd, nghttpx, proto, pause_offset): + srcfile = os.path.join(httpd.docs_dir, docname) + self.check_downloads(client, srcfile, count) + ++ # h2 download parallel via lib client, pause/resume at different offsets ++ # debug-override stream window size to reproduce #16955 ++ @pytest.mark.parametrize("pause_offset", [0, 10*1024, 100*1023, 640000]) ++ @pytest.mark.parametrize("swin_max", [0, 10*1024]) ++ def test_02_21_h2_lib_serial(self, env: Env, httpd, pause_offset, swin_max): ++ proto = 'h2' ++ count = 2 ++ docname = 'data-10m' ++ url = f'https://localhost:{env.https_port}/{docname}' ++ run_env = os.environ.copy() ++ run_env['CURL_DEBUG'] = 'multi,http/2' ++ if swin_max > 0: ++ run_env['CURL_H2_STREAM_WIN_MAX'] = f'{swin_max}' ++ client = LocalClient(name='hx-download', env=env, run_env=run_env) ++ if not client.exists(): ++ pytest.skip(f'example client not built: {client.name}') ++ r = client.run(args=[ ++ '-n', f'{count}', '-P', f'{pause_offset}', '-V', proto, url ++ ]) ++ r.check_exit_code(0) ++ srcfile = os.path.join(httpd.docs_dir, docname) ++ self.check_downloads(client, srcfile, count) ++ + # download via lib client, several at a time, pause/resume + @pytest.mark.parametrize("pause_offset", [100*1023]) + @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3']) diff --git a/net-misc/curl/files/curl-8.13.0-httpsrr-target-check.patch b/net-misc/curl/files/curl-8.13.0-httpsrr-target-check.patch new file mode 100644 index 000000000000..880a676ea80b --- /dev/null +++ b/net-misc/curl/files/curl-8.13.0-httpsrr-target-check.patch @@ -0,0 +1,22 @@ +https://github.com/curl/curl/commit/4f3c22d77d752fea6ff9ab2706f70d58882ea466 +From: Stefan Eissing <stefan@eissing.org> +Date: Fri, 4 Apr 2025 18:10:28 +0200 +Subject: [PATCH] https-connect, fix httpsrr target check + +The HTTPSRR check on the record's target was not working as it used the +wrong index on the NUL byte if the target was not NULL. + +Fixes #16966 +Reported-by: Pavel Kropachev +Closes #16968 +--- a/lib/cf-https-connect.c ++++ b/lib/cf-https-connect.c +@@ -673,7 +673,7 @@ CURLcode Curl_cf_https_setup(struct Curl_easy *data, + (!conn->dns_entry->hinfo->target || /* for same host */ + !conn->dns_entry->hinfo->target[0] || + (conn->dns_entry->hinfo->target[0] == '.' && +- !conn->dns_entry->hinfo->target[0])) && ++ !conn->dns_entry->hinfo->target[1])) && + (conn->dns_entry->hinfo->port < 0 || /* for same port */ + conn->dns_entry->hinfo->port == conn->remote_port)) { + size_t i; diff --git a/net-misc/curl/files/curl-8.13.0-krb5-ftp.patch b/net-misc/curl/files/curl-8.13.0-krb5-ftp.patch new file mode 100644 index 000000000000..5d59ed9a9c1a --- /dev/null +++ b/net-misc/curl/files/curl-8.13.0-krb5-ftp.patch @@ -0,0 +1,19 @@ +https://github.com/curl/curl/commit/5caba3bd97a14b64d906ece77bc0e2b339161a1f +From: Daniel Stenberg <daniel@haxx.se> +Date: Thu, 3 Apr 2025 08:49:20 +0200 +Subject: [PATCH] curl_krb5: only use functions if FTP is still enabled + +Reported-by: x1sc0 on github +Fixes #16925 +Closes #16931 +--- a/lib/curl_krb5.h ++++ b/lib/curl_krb5.h +@@ -39,7 +39,7 @@ struct Curl_sec_client_mech { + #define AUTH_CONTINUE 1 + #define AUTH_ERROR 2 + +-#ifdef HAVE_GSSAPI ++#if defined(HAVE_GSSAPI) && !defined(CURL_DISABLE_FTP) + void Curl_sec_conn_init(struct connectdata *); + void Curl_sec_conn_destroy(struct connectdata *); + int Curl_sec_read_msg(struct Curl_easy *data, struct connectdata *conn, char *, diff --git a/net-misc/curl/files/curl-8.13.0-openssl-quic-stream-shutdown.patch b/net-misc/curl/files/curl-8.13.0-openssl-quic-stream-shutdown.patch new file mode 100644 index 000000000000..acb8fa9b1006 --- /dev/null +++ b/net-misc/curl/files/curl-8.13.0-openssl-quic-stream-shutdown.patch @@ -0,0 +1,44 @@ +https://github.com/curl/curl/commit/219302b4e64e2337c50d86056e9af2103b281e7e +From: Stefan Eissing <stefan@eissing.org> +Date: Wed, 9 Apr 2025 11:01:54 +0200 +Subject: [PATCH] openssl-quic: fix shutdown when stream not open + +Check that h3 stream had been opened before telling nghttp3 to +shut it down. + +Fixes #16998 +Reported-by: Demi Marie Obenour +Closes #17003 +--- a/lib/vquic/curl_osslq.c ++++ b/lib/vquic/curl_osslq.c +@@ -654,7 +654,7 @@ static void h3_data_done(struct Curl_cfilter *cf, struct Curl_easy *data) + if(stream) { + CURL_TRC_CF(data, cf, "[%"FMT_PRId64"] easy handle is done", + stream->s.id); +- if(ctx->h3.conn && !stream->closed) { ++ if(ctx->h3.conn && (stream->s.id >= 0) && !stream->closed) { + nghttp3_conn_shutdown_stream_read(ctx->h3.conn, stream->s.id); + nghttp3_conn_close_stream(ctx->h3.conn, stream->s.id, + NGHTTP3_H3_REQUEST_CANCELLED); +--- a/tests/http/test_01_basic.py ++++ b/tests/http/test_01_basic.py +@@ -242,3 +242,19 @@ def test_01_15_gigalarge_resp_headers(self, env: Env, httpd, proto): + r.check_exit_code(16) # CURLE_HTTP2 + else: + r.check_exit_code(100) # CURLE_TOO_LARGE ++ ++ # http: invalid request headers, GET, issue #16998 ++ @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3']) ++ def test_01_16_inv_req_get(self, env: Env, httpd, proto): ++ if proto == 'h3' and not env.have_h3(): ++ pytest.skip("h3 not supported") ++ curl = CurlClient(env=env) ++ url = f'https://{env.authority_for(env.domain1, proto)}/curltest/echo' ++ r = curl.http_get(url=url, alpn_proto=proto, extra_args=[ ++ '-H', "a: a\x0ab" ++ ]) ++ # on h1, request is sent, h2/h3 reject ++ if proto == 'http/1.1': ++ r.check_exit_code(0) ++ else: ++ r.check_exit_code(43) diff --git a/net-misc/curl/files/curl-prefix-3.patch b/net-misc/curl/files/curl-prefix-3.patch deleted file mode 100644 index cebca0bbfa99..000000000000 --- a/net-misc/curl/files/curl-prefix-3.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 6927ecf38cf3372d539c88479e97707d855de07e Mon Sep 17 00:00:00 2001 -From: Matt Jolly <kangie@gentoo.org> -Date: Sun, 10 Nov 2024 08:51:02 +1000 -Subject: [PATCH] Update prefix patch for 8.11.0 - ---- - curl-config.in | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/curl-config.in b/curl-config.in -index 2dc40ed..1876d6c 100644 ---- a/curl-config.in -+++ b/curl-config.in -@@ -147,7 +147,7 @@ while test "$#" -gt 0; do - else - CPPFLAG_CURL_STATICLIB='' - fi -- if test "X@includedir@" = 'X/usr/include'; then -+ if test "X@includedir@" = "X@GENTOO_PORTAGE_EPREFIX@/usr/include"; then - echo "${CPPFLAG_CURL_STATICLIB}" - else - echo "${CPPFLAG_CURL_STATICLIB}-I@includedir@" -@@ -155,7 +155,7 @@ while test "$#" -gt 0; do - ;; - - --libs) -- if test "X@libdir@" != 'X/usr/lib' -a "X@libdir@" != 'X/usr/lib64'; then -+ if test "X@libdir@" != "X@GENTOO_PORTAGE_EPREFIX@/usr/lib" -a "X@libdir@" != "X@GENTOO_PORTAGE_EPREFIX@/usr/lib64"; then - CURLLIBDIR="-L@libdir@ " - else - CURLLIBDIR='' --- -2.47.0 - |