From bb007f0b04c719fd2b846d177c3c4739fdb7c318 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Wed, 15 Mar 2023 06:20:30 +0000 Subject: gentoo auto-resync : 15:03:2023 - 06:20:30 --- net-misc/curl/Manifest | 3 +- net-misc/curl/curl-7.88.1-r2.ebuild | 307 +++++++++++++++++++++ net-misc/curl/curl-7.88.1.ebuild | 302 -------------------- .../curl/files/curl-7.88.1-onion-resolution.patch | 132 +++++++++ 4 files changed, 441 insertions(+), 303 deletions(-) create mode 100644 net-misc/curl/curl-7.88.1-r2.ebuild delete mode 100644 net-misc/curl/curl-7.88.1.ebuild create mode 100644 net-misc/curl/files/curl-7.88.1-onion-resolution.patch (limited to 'net-misc/curl') diff --git a/net-misc/curl/Manifest b/net-misc/curl/Manifest index ff3ec89424d1..2232664e179f 100644 --- a/net-misc/curl/Manifest +++ b/net-misc/curl/Manifest @@ -2,6 +2,7 @@ AUX curl-7.30.0-prefix.patch 880 BLAKE2B 5b7552a8339014221864a585d174b02a96ec7dd AUX curl-7.87.0-gnutls-openssl-build.patch 1010 BLAKE2B 716760a38a7a61420e3e508f976c14776d5f3313c4305e8c2fcff9af1744bcaab61bae643546d625448cc613933f8a7137a783e6313a53799485f432d8b9791f SHA512 2a94cf409f33683ca53a347a99faec3c51ba05c4f531be4e784401e4ed977d1142b5d5bc153dd2444311cdeafd3c406ae4a27e515b875f978f5402487d177e9a AUX curl-7.87.0-typecheck-deprecated.patch 2437 BLAKE2B e04b6cf9b9b4073e2d2762f9c0336d35ef58cbc7b754144ea37a8fba73705e035e1b2f5a05987666f2f0f8a34ef0420a7d5977a9202ea5fe026ee536a44a1b0f SHA512 a7abeb4ab1e0381f78da3732c1ab8ab399e7eed1340efe12c6c9038f811b30095c08794b40ec346db27892fea1f6a240d190b6b655981d5262095569bf9ab815 AUX curl-7.88.1-header-dump-segfault.patch 1068 BLAKE2B 208f5ae192b4bda173e2ac20311bc578d9cd09092990ab43a4674b18465a34e5fa5bc2da81cc322a904eed8e70a5398ff46172eb52d0da8f75fec6bba651c490 SHA512 f0dd88eb50a11bcbc39f67a810d274df53760a8b47711b5f79545726bdfe303b73a037d39a59ca8fe0e4d7c7f28cb2437bbcba1fe9fd19f620e772c7fb793f11 +AUX curl-7.88.1-onion-resolution.patch 2952 BLAKE2B 2efa4c74985bf7e2c2d35e97e3edf449349700f432200aa2f6f2f9cb785345cdf77aa44be41d70589552b1f48de426f0e97aa32fed479aa5de57c0dd3691a150 SHA512 6a38ae05d767158cc82bafa78a3249fa4843e1a16818fcdb1dc9ae11ac16bde2b39fb93246203309184185876377738eb27b18f940edd6aa56ffadb85cd85661 AUX curl-7.88.1-pipewait.patch 2265 BLAKE2B 325dd8eb9188014331cd0cfb34b6bea95d9b26f9c8819b03f4d7bd8caa6c5386669b82d5e02c49394b5b57ed6e15867afe3ef448c88ed4e5d2a49263758b7cc2 SHA512 3ed7574194b90504e887f624a0ae5e1fb3694647cdbf31bb414c808fc20c4fcf31f098c3a65648f8778c3705ab20ded8e964197e12d9f64ffc6833f99a2a3199 AUX curl-7.88.1-silent-parallel.patch 564 BLAKE2B ef25cd4baea31a6894d1baf7d17357f512d09d924e50214a40d1ceb8f5d1c3adc292b6d3cb840def19974dc891c720708bf751b2c023fa0d668eddb468f90a1e SHA512 cc4b62ccb7f64482fd07656344ea84a0af07363094cd3b465fcc60f5c8b695369ca11f3eabf0b53ea80ff78753e64395390db06f191c9ec7efb865347497bce8 AUX curl-respect-cflags-3.patch 406 BLAKE2B 1b533144858aff5566150c4a2648ad2e48e8ff29849ae285592edfee4b3332d06e750395dea7190ee6a01d2b5ee2c2c42c10400c2e5defa09963a90a1a10417d SHA512 3219e4e67d534e35012909243fc8d69d58989462db44dd507c502e7aaa299f1d9a01392e2c83797cc2bdb53d503470c5d6e7bf94572a6ccc6e5eafcc0466bc54 @@ -11,5 +12,5 @@ DIST curl-7.88.1.tar.xz 2581032 BLAKE2B ed7e7aa29efb02fd89a53d5c8d0ec79b4d17612e DIST curl-7.88.1.tar.xz.asc 488 BLAKE2B ea90d840846fca3f0b17838a84431cb44d6e3f8d2b42c3eced1fb1c929a58e8899b303c93d27ca3cafcaa52e7269ac440e7102191d6b2c2751729a6c4116e82f SHA512 d6dc720533004c4d533cc4fb3dd33ac28d95e114f440ec011e4b58f65d1f4c40cfa10ba26d2e2f2f1f9de99511632578b4758c5e79593c7c30d29788fdf1cbb6 EBUILD curl-7.87.0-r2.ebuild 8660 BLAKE2B ce66897406af36dfd872020b5db67428a65954392393529da1678d0b9dec061d05bf52c7debe03d7dab8c051936ab7634f73dea443e094048cd052c76a0f89cb SHA512 b3a9805fab31995d9162f1bdb6159af9f69532c48c6a966be1b08c8a3c21ac3e7ff7f0513a8c33d2973173e1e5400d6e34abca1aa79581fad178e6a98c375adf EBUILD curl-7.88.1-r1.ebuild 8921 BLAKE2B 87313b0462d84f49ac2aaa6dd2627980701c4ad915a95a79639394cc56c8b59060be6c00c5a23cc77e1370142e7e4ec2df898c051fa755c19372e88c598fcf67 SHA512 e5f63f9ab209d6b3524819c1a8900f2be82b67fa4a5dbcaa311f45bfb198d79155d0239de4c304ec7e93393e7cce4ea882d70a950bf12dd00a4245e245958cff -EBUILD curl-7.88.1.ebuild 8795 BLAKE2B 9b433087de129c545c8b7546c33544e0c3ff77cb9c3ffc62237b06fc449f9199c6fe4631702ef5847495f3c32cdcc7260dfabd8a51e7244c5165c2b28da249d9 SHA512 8a1562b11c696d4fa31e19bbfa9e380442b53404238786053b7c7df24991a43241b1c9cbd44b34115b983897b048dbc08e448d8f909cf0d7b297ec2310a41b16 +EBUILD curl-7.88.1-r2.ebuild 8963 BLAKE2B bee346613f8a3cd17e5aeadd2e7d7f5c3dbda118391897cc0b921ab5ba32a861d1cd2bdf4fd50fe40ec2d3651a43bb96dacd9a50bec9a078e8ac1e09cd2eb433 SHA512 592f438871c47c80880897d3af77b2a079ed93c91a9b9a63df75f37ca03e36537470b28a9e53c3ac35bf79a1affabc989b1468f2c6eb948188da1ee458efb112 MISC metadata.xml 2289 BLAKE2B a351f315d1913abff2fec9c559b2b74ddc0a60bfb293d20a62e20a2072e820f88295dc88ab32a622855cd962b90b739b0270ba88e097ca6b41c21f7f4f72987b SHA512 45cafa3eac6aaf777de55e025ef64ac039e6d300a760fc86b2eb1b77153f5242181a09082e443e525923e30e804a9ae90e902fb7f252a24214ac88929c3b89fe diff --git a/net-misc/curl/curl-7.88.1-r2.ebuild b/net-misc/curl/curl-7.88.1-r2.ebuild new file mode 100644 index 000000000000..d1a2c5b2213a --- /dev/null +++ b/net-misc/curl/curl-7.88.1-r2.ebuild @@ -0,0 +1,307 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI="8" + +inherit autotools multilib-minimal prefix verify-sig + +DESCRIPTION="A Client that groks URLs" +HOMEPAGE="https://curl.se/" +SRC_URI="https://curl.se/download/${P}.tar.xz + verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )" + +LICENSE="curl" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +IUSE="+adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd" +IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_rustls" +IUSE+=" nghttp3" +VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/danielstenberg.asc + +#Only one default ssl provider can be enabled +REQUIRED_USE=" + ssl? ( + ^^ ( + curl_ssl_gnutls + curl_ssl_mbedtls + curl_ssl_nss + curl_ssl_openssl + curl_ssl_rustls + ) + )" + +# lead to lots of false negatives, bug #285669 +RESTRICT="!test? ( test )" + +RDEPEND="ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] ) + brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] ) + ssl? ( + gnutls? ( + net-libs/gnutls:=[static-libs?,${MULTILIB_USEDEP}] + dev-libs/nettle:=[${MULTILIB_USEDEP}] + app-misc/ca-certificates + ) + mbedtls? ( + net-libs/mbedtls:=[${MULTILIB_USEDEP}] + app-misc/ca-certificates + ) + openssl? ( + dev-libs/openssl:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}] + ) + nss? ( + dev-libs/nss:0[${MULTILIB_USEDEP}] + dev-libs/nss-pem + app-misc/ca-certificates + ) + rustls? ( + net-libs/rustls-ffi:=[${MULTILIB_USEDEP}] + ) + ) + http2? ( net-libs/nghttp2:=[${MULTILIB_USEDEP}] ) + nghttp3? ( + net-libs/nghttp3[${MULTILIB_USEDEP}] + net-libs/ngtcp2[ssl,${MULTILIB_USEDEP}] + ) + idn? ( net-dns/libidn2:=[static-libs?,${MULTILIB_USEDEP}] ) + adns? ( net-dns/c-ares:=[${MULTILIB_USEDEP}] ) + kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] ) + rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] ) + ssh? ( net-libs/libssh2[${MULTILIB_USEDEP}] ) + sys-libs/zlib[${MULTILIB_USEDEP}] + zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )" + +DEPEND="${RDEPEND}" +BDEPEND="dev-lang/perl + virtual/pkgconfig + test? ( + sys-apps/diffutils + http2? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] ) + nghttp3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] ) + ) + verify-sig? ( sec-keys/openpgp-keys-danielstenberg )" + +DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} ) + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/curl/curlbuild.h +) + +MULTILIB_CHOST_TOOLS=( + /usr/bin/curl-config +) + +PATCHES=( + "${FILESDIR}"/${PN}-7.30.0-prefix.patch + "${FILESDIR}"/${PN}-respect-cflags-3.patch + + "${FILESDIR}"/${P}-header-dump-segfault.patch + "${FILESDIR}"/${P}-onion-resolution.patch + "${FILESDIR}"/${P}-pipewait.patch + "${FILESDIR}"/${P}-silent-parallel.patch +) + +src_prepare() { + default + + # Some tests (HTTP/#) rely on ssl certificates that are stored VCS which breaks + # with out-of-tree builds. + sed -i "s:my \$path = getcwd():my \$path = \"${S}/tests\":" tests/http*-server.pl \ + || die "Unable to update test locations" + eprefixify curl-config.in + eautoreconf +} + +multilib_src_configure() { + # We make use of the fact that later flags override earlier ones + # So start with all ssl providers off until proven otherwise + # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/) + local myconf=() + + myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt ) + #myconf+=( --without-default-ssl-backend ) + if use ssl ; then + myconf+=( --without-gnutls --without-mbedtls --without-nss --without-rustls ) + + if use gnutls || use curl_ssl_gnutls; then + einfo "SSL provided by gnutls" + myconf+=( --with-gnutls ) + fi + if use mbedtls || use curl_ssl_mbedtls; then + einfo "SSL provided by mbedtls" + myconf+=( --with-mbedtls ) + fi + if use nss || use curl_ssl_nss; then + einfo "SSL provided by nss" + myconf+=( --with-nss --with-nss-deprecated ) + fi + if use openssl || use curl_ssl_openssl; then + einfo "SSL provided by openssl" + myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs ) + fi + if use rustls || use curl_ssl_rustls; then + einfo "SSL provided by rustls" + myconf+=( --with-rustls ) + fi + if use curl_ssl_gnutls; then + einfo "Default SSL provided by gnutls" + myconf+=( --with-default-ssl-backend=gnutls ) + elif use curl_ssl_mbedtls; then + einfo "Default SSL provided by mbedtls" + myconf+=( --with-default-ssl-backend=mbedtls ) + elif use curl_ssl_nss; then + einfo "Default SSL provided by nss" + myconf+=( --with-default-ssl-backend=nss ) + elif use curl_ssl_openssl; then + einfo "Default SSL provided by openssl" + myconf+=( --with-default-ssl-backend=openssl ) + elif use curl_ssl_rustls; then + einfo "Default SSL provided by rustls" + myconf+=( --with-default-ssl-backend=rustls ) + else + eerror "We can't be here because of REQUIRED_USE." + fi + + else + myconf+=( --without-ssl ) + einfo "SSL disabled" + fi + + # These configuration options are organized alphabetically + # within each category. This should make it easier if we + # ever decide to make any of them contingent on USE flags: + # 1) protocols first. To see them all do + # 'grep SUPPORT_PROTOCOLS configure.ac' + # 2) --enable/disable options second. + # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort + # 3) --with/without options third. + # grep -- --with configure | grep Check | awk '{ print $4 }' | sort + + myconf+=( + $(use_enable alt-svc) + --enable-crypto-auth + --enable-dict + --disable-ech + --enable-file + $(use_enable ftp) + $(use_enable gopher) + $(use_enable hsts) + --enable-http + $(use_enable imap) + $(use_enable ldap) + $(use_enable ldap ldaps) + --enable-ntlm + --disable-ntlm-wb + $(use_enable pop3) + --enable-rt + --enable-rtsp + $(use_enable samba smb) + $(use_with ssh libssh2) + $(use_enable smtp) + $(use_enable telnet) + $(use_enable tftp) + --enable-tls-srp + $(use_enable adns ares) + --enable-cookies + --enable-dateparse + --enable-dnsshuffle + --enable-doh + --enable-symbol-hiding + --enable-http-auth + --enable-ipv6 + --enable-largefile + --enable-manual + --enable-mime + --enable-netrc + $(use_enable progress-meter) + --enable-proxy + --enable-socketpair + --disable-sspi + $(use_enable static-libs static) + --enable-pthreads + --enable-threaded-resolver + --disable-versioned-symbols + --without-amissl + --without-bearssl + $(use_with brotli) + --without-fish-functions-dir + $(use_with http2 nghttp2) + --without-hyper + $(use_with idn libidn2) + $(use_with kerberos gssapi "${EPREFIX}"/usr) + --without-libgsasl + --without-libpsl + --without-msh3 + $(use_with nghttp3) + $(use_with nghttp3 ngtcp2) + --without-quiche + $(use_with rtmp librtmp) + --without-schannel + --without-secure-transport + --without-test-caddy + --without-test-httpd + --without-test-nghttpx + $(use_enable websockets) + --without-winidn + --without-wolfssl + --with-zlib + $(use_with zstd) + ) + + if use test && multilib_is_native_abi && ( use http2 || use nghttp3 ); then + myconf+=( + --with-test-nghttpx="${BROOT}/usr/bin/nghttpx" + ) + fi + + ECONF_SOURCE="${S}" econf "${myconf[@]}" + + if ! multilib_is_native_abi; then + # avoid building the client + sed -i -e '/SUBDIRS/s:src::' Makefile || die + sed -i -e '/SUBDIRS/s:scripts::' Makefile || die + fi + + # Fix up the pkg-config file to be more robust. + # https://github.com/curl/curl/issues/864 + local priv=() libs=() + # We always enable zlib. + libs+=( "-lz" ) + priv+=( "zlib" ) + if use http2; then + libs+=( "-lnghttp2" ) + priv+=( "libnghttp2" ) + fi + if use nghttp3; then + libs+=( "-lnghttp3" "-lngtcp2" ) + priv+=( "libnghttp3" "libngtcp2" ) + fi + if use ssl && use curl_ssl_openssl; then + libs+=( "-lssl" "-lcrypto" ) + priv+=( "openssl" ) + fi + grep -q Requires.private libcurl.pc && die "need to update ebuild" + libs=$(printf '|%s' "${libs[@]}") + sed -i -r \ + -e "/^Libs.private/s:(${libs#|})( |$)::g" \ + libcurl.pc || die + echo "Requires.private: ${priv[*]}" >> libcurl.pc || die +} + +multilib_src_test() { + # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721 + # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches) + # -v: verbose + # -a: keep going on failure (so we see everything which breaks, not just 1st test) + # -k: keep test files after completion + # -am: automake style TAP output + # -p: print logs if test fails + # Note: if needed, we can disable tests. See e.g. Fedora's packaging + # or just read https://github.com/curl/curl/tree/master/tests#run. + multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p" +} + +multilib_src_install_all() { + einstalldocs + find "${ED}" -type f -name '*.la' -delete || die + rm -rf "${ED}"/etc/ || die +} diff --git a/net-misc/curl/curl-7.88.1.ebuild b/net-misc/curl/curl-7.88.1.ebuild deleted file mode 100644 index 74340e55cd1f..000000000000 --- a/net-misc/curl/curl-7.88.1.ebuild +++ /dev/null @@ -1,302 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI="8" - -inherit autotools multilib-minimal prefix verify-sig - -DESCRIPTION="A Client that groks URLs" -HOMEPAGE="https://curl.se/" -SRC_URI="https://curl.se/download/${P}.tar.xz - verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )" - -LICENSE="curl" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -IUSE="+adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd" -IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_rustls" -IUSE+=" nghttp3" -VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/danielstenberg.asc - -#Only one default ssl provider can be enabled -REQUIRED_USE=" - ssl? ( - ^^ ( - curl_ssl_gnutls - curl_ssl_mbedtls - curl_ssl_nss - curl_ssl_openssl - curl_ssl_rustls - ) - )" - -# lead to lots of false negatives, bug #285669 -RESTRICT="!test? ( test )" - -RDEPEND="ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] ) - brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] ) - ssl? ( - gnutls? ( - net-libs/gnutls:=[static-libs?,${MULTILIB_USEDEP}] - dev-libs/nettle:=[${MULTILIB_USEDEP}] - app-misc/ca-certificates - ) - mbedtls? ( - net-libs/mbedtls:=[${MULTILIB_USEDEP}] - app-misc/ca-certificates - ) - openssl? ( - dev-libs/openssl:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}] - ) - nss? ( - dev-libs/nss:0[${MULTILIB_USEDEP}] - dev-libs/nss-pem - app-misc/ca-certificates - ) - rustls? ( - net-libs/rustls-ffi:=[${MULTILIB_USEDEP}] - ) - ) - http2? ( net-libs/nghttp2:=[${MULTILIB_USEDEP}] ) - nghttp3? ( - net-libs/nghttp3[${MULTILIB_USEDEP}] - net-libs/ngtcp2[ssl,${MULTILIB_USEDEP}] - ) - idn? ( net-dns/libidn2:=[static-libs?,${MULTILIB_USEDEP}] ) - adns? ( net-dns/c-ares:=[${MULTILIB_USEDEP}] ) - kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] ) - rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] ) - ssh? ( net-libs/libssh2[${MULTILIB_USEDEP}] ) - sys-libs/zlib[${MULTILIB_USEDEP}] - zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )" - -DEPEND="${RDEPEND}" -BDEPEND="dev-lang/perl - virtual/pkgconfig - test? ( - sys-apps/diffutils - http2? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] ) - nghttp3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] ) - ) - verify-sig? ( sec-keys/openpgp-keys-danielstenberg )" - -DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} ) - -MULTILIB_WRAPPED_HEADERS=( - /usr/include/curl/curlbuild.h -) - -MULTILIB_CHOST_TOOLS=( - /usr/bin/curl-config -) - -PATCHES=( - "${FILESDIR}"/${PN}-7.30.0-prefix.patch - "${FILESDIR}"/${PN}-respect-cflags-3.patch -) - -src_prepare() { - default - - # Some tests (HTTP/#) rely on ssl certificates that are stored VCS which breaks - # with out-of-tree builds. - sed -i "s:my \$path = getcwd():my \$path = \"${S}/tests\":" tests/http*-server.pl \ - || die "Unable to update test locations" - eprefixify curl-config.in - eautoreconf -} - -multilib_src_configure() { - # We make use of the fact that later flags override earlier ones - # So start with all ssl providers off until proven otherwise - # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/) - local myconf=() - - myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt ) - #myconf+=( --without-default-ssl-backend ) - if use ssl ; then - myconf+=( --without-gnutls --without-mbedtls --without-nss --without-rustls ) - - if use gnutls || use curl_ssl_gnutls; then - einfo "SSL provided by gnutls" - myconf+=( --with-gnutls ) - fi - if use mbedtls || use curl_ssl_mbedtls; then - einfo "SSL provided by mbedtls" - myconf+=( --with-mbedtls ) - fi - if use nss || use curl_ssl_nss; then - einfo "SSL provided by nss" - myconf+=( --with-nss --with-nss-deprecated ) - fi - if use openssl || use curl_ssl_openssl; then - einfo "SSL provided by openssl" - myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs ) - fi - if use rustls || use curl_ssl_rustls; then - einfo "SSL provided by rustls" - myconf+=( --with-rustls ) - fi - if use curl_ssl_gnutls; then - einfo "Default SSL provided by gnutls" - myconf+=( --with-default-ssl-backend=gnutls ) - elif use curl_ssl_mbedtls; then - einfo "Default SSL provided by mbedtls" - myconf+=( --with-default-ssl-backend=mbedtls ) - elif use curl_ssl_nss; then - einfo "Default SSL provided by nss" - myconf+=( --with-default-ssl-backend=nss ) - elif use curl_ssl_openssl; then - einfo "Default SSL provided by openssl" - myconf+=( --with-default-ssl-backend=openssl ) - elif use curl_ssl_rustls; then - einfo "Default SSL provided by rustls" - myconf+=( --with-default-ssl-backend=rustls ) - else - eerror "We can't be here because of REQUIRED_USE." - fi - - else - myconf+=( --without-ssl ) - einfo "SSL disabled" - fi - - # These configuration options are organized alphabetically - # within each category. This should make it easier if we - # ever decide to make any of them contingent on USE flags: - # 1) protocols first. To see them all do - # 'grep SUPPORT_PROTOCOLS configure.ac' - # 2) --enable/disable options second. - # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort - # 3) --with/without options third. - # grep -- --with configure | grep Check | awk '{ print $4 }' | sort - - myconf+=( - $(use_enable alt-svc) - --enable-crypto-auth - --enable-dict - --disable-ech - --enable-file - $(use_enable ftp) - $(use_enable gopher) - $(use_enable hsts) - --enable-http - $(use_enable imap) - $(use_enable ldap) - $(use_enable ldap ldaps) - --enable-ntlm - --disable-ntlm-wb - $(use_enable pop3) - --enable-rt - --enable-rtsp - $(use_enable samba smb) - $(use_with ssh libssh2) - $(use_enable smtp) - $(use_enable telnet) - $(use_enable tftp) - --enable-tls-srp - $(use_enable adns ares) - --enable-cookies - --enable-dateparse - --enable-dnsshuffle - --enable-doh - --enable-symbol-hiding - --enable-http-auth - --enable-ipv6 - --enable-largefile - --enable-manual - --enable-mime - --enable-netrc - $(use_enable progress-meter) - --enable-proxy - --enable-socketpair - --disable-sspi - $(use_enable static-libs static) - --enable-pthreads - --enable-threaded-resolver - --disable-versioned-symbols - --without-amissl - --without-bearssl - $(use_with brotli) - --without-fish-functions-dir - $(use_with http2 nghttp2) - --without-hyper - $(use_with idn libidn2) - $(use_with kerberos gssapi "${EPREFIX}"/usr) - --without-libgsasl - --without-libpsl - --without-msh3 - $(use_with nghttp3) - $(use_with nghttp3 ngtcp2) - --without-quiche - $(use_with rtmp librtmp) - --without-schannel - --without-secure-transport - --without-test-caddy - --without-test-httpd - --without-test-nghttpx - $(use_enable websockets) - --without-winidn - --without-wolfssl - --with-zlib - $(use_with zstd) - ) - - if use test && multilib_is_native_abi && ( use http2 || use nghttp3 ); then - myconf+=( - --with-test-nghttpx="${BROOT}/usr/bin/nghttpx" - ) - fi - - ECONF_SOURCE="${S}" econf "${myconf[@]}" - - if ! multilib_is_native_abi; then - # avoid building the client - sed -i -e '/SUBDIRS/s:src::' Makefile || die - sed -i -e '/SUBDIRS/s:scripts::' Makefile || die - fi - - # Fix up the pkg-config file to be more robust. - # https://github.com/curl/curl/issues/864 - local priv=() libs=() - # We always enable zlib. - libs+=( "-lz" ) - priv+=( "zlib" ) - if use http2; then - libs+=( "-lnghttp2" ) - priv+=( "libnghttp2" ) - fi - if use nghttp3; then - libs+=( "-lnghttp3" "-lngtcp2" ) - priv+=( "libnghttp3" "libngtcp2" ) - fi - if use ssl && use curl_ssl_openssl; then - libs+=( "-lssl" "-lcrypto" ) - priv+=( "openssl" ) - fi - grep -q Requires.private libcurl.pc && die "need to update ebuild" - libs=$(printf '|%s' "${libs[@]}") - sed -i -r \ - -e "/^Libs.private/s:(${libs#|})( |$)::g" \ - libcurl.pc || die - echo "Requires.private: ${priv[*]}" >> libcurl.pc || die -} - -multilib_src_test() { - # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721 - # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches) - # -v: verbose - # -a: keep going on failure (so we see everything which breaks, not just 1st test) - # -k: keep test files after completion - # -am: automake style TAP output - # -p: print logs if test fails - # Note: if needed, we can disable tests. See e.g. Fedora's packaging - # or just read https://github.com/curl/curl/tree/master/tests#run. - multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p" -} - -multilib_src_install_all() { - einstalldocs - find "${ED}" -type f -name '*.la' -delete || die - rm -rf "${ED}"/etc/ || die -} diff --git a/net-misc/curl/files/curl-7.88.1-onion-resolution.patch b/net-misc/curl/files/curl-7.88.1-onion-resolution.patch new file mode 100644 index 000000000000..05519884653c --- /dev/null +++ b/net-misc/curl/files/curl-7.88.1-onion-resolution.patch @@ -0,0 +1,132 @@ +https://github.com/curl/curl/pull/10705 +From: Matt Jolly +Date: Wed, 8 Mar 2023 02:16:45 +1100 +Subject: [PATCH] Refuse to resolve the .onion TLD. + +RFC 7686 states that: + +> Applications that do not implement the Tor +> protocol SHOULD generate an error upon the use of .onion and +> SHOULD NOT perform a DNS lookup. + +Let's do that. + +See curl/curl#543 +https://www.rfc-editor.org/rfc/rfc7686#section-2 +--- a/lib/hostip.c ++++ b/lib/hostip.c +@@ -652,6 +652,14 @@ enum resolve_t Curl_resolv(struct Curl_easy *data, + CURLcode result; + enum resolve_t rc = CURLRESOLV_ERROR; /* default to failure */ + struct connectdata *conn = data->conn; ++ /* We should intentionally error and not resolve .onion TLDs */ ++ size_t hostname_len = strlen(hostname); ++ if(hostname_len >= 7 && ++ (curl_strequal(&hostname[hostname_len-6], ".onion") || ++ curl_strequal(&hostname[hostname_len-7], ".onion."))) { ++ failf(data, "Not resolving .onion address (RFC 7686)"); ++ return CURLRESOLV_ERROR; ++ } + *entry = NULL; + #ifndef CURL_DISABLE_DOH + conn->bits.doh = FALSE; /* default is not */ +--- a/tests/data/Makefile.inc ++++ b/tests/data/Makefile.inc +@@ -186,8 +186,8 @@ test1432 test1433 test1434 test1435 test1436 test1437 test1438 test1439 \ + test1440 test1441 test1442 test1443 test1444 test1445 test1446 test1447 \ + test1448 test1449 test1450 test1451 test1452 test1453 test1454 test1455 \ + test1456 test1457 test1458 test1459 test1460 test1461 test1462 test1463 \ +-test1464 test1465 test1466 test1467 test1468 test1469 \ +-\ ++test1464 test1465 test1466 test1467 test1468 test1469 test1471 \ ++test1472 \ + test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1507 \ + test1508 test1509 test1510 test1511 test1512 test1513 test1514 test1515 \ + test1516 test1517 test1518 test1519 test1520 test1521 test1522 test1523 \ +--- /dev/null ++++ b/tests/data/test1471 +@@ -0,0 +1,39 @@ ++ ++ ++ ++Onion ++Tor ++FAILURE ++ ++ ++# ++# Server-side ++ ++ ++ ++# ++# Client-side ++ ++ ++none ++ ++ ++Fail to resolve .onion TLD ++ ++ ++red.onion ++ ++ ++ ++# ++# Verify data after the test has been "shot" ++ ++# Couldn't resolve host name ++ ++6 ++ ++ ++curl: (6) Not resolving .onion address (RFC 7686) ++ ++ ++ +--- /dev/null ++++ b/tests/data/test1472 +@@ -0,0 +1,39 @@ ++ ++ ++ ++Onion ++Tor ++FAILURE ++ ++ ++# ++# Server-side ++ ++ ++ ++# ++# Client-side ++ ++ ++none ++ ++ ++Fail to resolve .onion. TLD ++ ++ ++tasty.onion. ++ ++ ++ ++# ++# Verify data after the test has been "shot" ++ ++# Couldn't resolve host name ++ ++6 ++ ++ ++curl: (6) Not resolving .onion address (RFC 7686) ++ ++ ++ +-- +2.39.2 + -- cgit v1.2.3