From 1536d928ae095e00db8775fecca580c10adc0af8 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Thu, 17 Nov 2022 06:56:15 +0000 Subject: gentoo auto-resync : 17:11:2022 - 06:56:15 --- net-misc/Manifest.gz | Bin 55405 -> 55407 bytes net-misc/curl/Manifest | 3 +- net-misc/curl/curl-7.86.0-r3.ebuild | 292 +++++++++++++++++++++ net-misc/curl/curl-7.86.0.ebuild | 287 -------------------- ...roxy-tailmatch-like-in-7.85.0-and-earlier.patch | 84 ++++++ 5 files changed, 378 insertions(+), 288 deletions(-) create mode 100644 net-misc/curl/curl-7.86.0-r3.ebuild delete mode 100644 net-misc/curl/curl-7.86.0.ebuild create mode 100644 net-misc/curl/files/curl-7.86.0-noproxy-tailmatch-like-in-7.85.0-and-earlier.patch (limited to 'net-misc') diff --git a/net-misc/Manifest.gz b/net-misc/Manifest.gz index ccad7ed603ac..36c8d99c1d23 100644 Binary files a/net-misc/Manifest.gz and b/net-misc/Manifest.gz differ diff --git a/net-misc/curl/Manifest b/net-misc/curl/Manifest index e29cbe094eba..adfb35e33f0b 100644 --- a/net-misc/curl/Manifest +++ b/net-misc/curl/Manifest @@ -1,6 +1,7 @@ AUX curl-7.30.0-prefix.patch 880 BLAKE2B 5b7552a8339014221864a585d174b02a96ec7dd7fe8762d331d1981834044f8ec4db64d527a4ded3f5f4cccc86f281576668de092439eb19f5477d5fcf8369cf SHA512 c7cd13b9ccbd12ed01ea121ffece9c23b898a5b34698bae59ae1dd23b1cf2445180b84d80c4a640981f16dba5018df944f405dd5c660addab54ca21e0e673b7f AUX curl-7.84.0-easylock.patch 856 BLAKE2B a77854a75a06ad66ef4dc7d6a2555fe2678f4bfd170e961c35e5ad2a82a62891d125ead2d15a311e2a8951404732c755a03636dd4bf4dd3ad16e8bf32ff4f7ca SHA512 7b94f941577d5b0a240e4e879a7e4c659dbdd4ff50d67465bd1a0adf30f5e37a0af7f15b71810feb05d19b833359b069f86aa3ac4c396fd8ba8ed2012b60fb8f AUX curl-7.84.0-include-sched.patch 625 BLAKE2B 8c7ecdbc8ffd7cafac915c2d12db1ea98acbd166f18eba538ecd4666152653c36784569f1945b095480120c61124573b094e26ce26c8b85f62baedb40e20d758 SHA512 4be64eff67e56c2584f6c9ee0c9c7b7aca55fc15c8d4be6f9f79da9bb3c1bb1532bcb80eb4f87be2db1058dd41a32e366bfe83988d28b4b263fbb6679b5ec806 +AUX curl-7.86.0-noproxy-tailmatch-like-in-7.85.0-and-earlier.patch 3609 BLAKE2B 6f7e80c915d8592b93349d8aade7670f37bf37803ee02130245905636de30a70be51272b2d06392397ffcf76bfda78cfc2fbb671971ab3d18b20677239944544 SHA512 20999f12d5316be5854c9ab09a0f9e887edb7878f157069759c8404d31bfd23db352894c0dca6ce871618d0088f0320ebaa1b6166b54facce0e5faf74600232b AUX curl-7.86.0-proxy-noproxy-match-comma.patch 3143 BLAKE2B 1aa8d62e6082601eae9e3ae7690a1e7ddce7f12be4cf9f20010f32aa51cd5b1c4206be0b731935a9ddd45bb5654ceed3cba3eabb6a1b9dc60112052d7e79ffa7 SHA512 1a0c67bdabeb1ea8cba7a0f93c12ea626bdc329bbe8c3978f03cb25a78c74fa3257a36f2ed53c177b3a256bca2c0dd8081bab1536b0670e1ec9c0541ac23fc11 AUX curl-7.86.0-proxy-noproxy-tailmatching.patch 2302 BLAKE2B c4199bc1eb04c8c69f8c72397ce526df6c2186151f77d5e13551e589712e9032e1a52720bd1b946a1b5b984f49a01b297410f4cf74814a58bf4bf43701435c76 SHA512 aa211a5428cc746d07cfd37571169d59ccc97560a69e7c6d21cc8b4a133182366264470de540e1813eee51b376d9056ec8dd01f8e95957e58a83f33d37db0442 AUX curl-respect-cflags-3.patch 406 BLAKE2B 1b533144858aff5566150c4a2648ad2e48e8ff29849ae285592edfee4b3332d06e750395dea7190ee6a01d2b5ee2c2c42c10400c2e5defa09963a90a1a10417d SHA512 3219e4e67d534e35012909243fc8d69d58989462db44dd507c502e7aaa299f1d9a01392e2c83797cc2bdb53d503470c5d6e7bf94572a6ccc6e5eafcc0466bc54 @@ -13,5 +14,5 @@ DIST curl-7.86.0.tar.xz.asc 488 BLAKE2B a9abe2f3af801b3a48be7db09cb82b6bb83bd26a EBUILD curl-7.84.0.ebuild 8365 BLAKE2B 60758e9c23ab94612542434e0adb6602602128e455aff50c8f9da2cbdb58e27fa396bfd0011a3c461ac519e6faa25712ec80351bad3b45a7faf758aefdcbade6 SHA512 9d53b069da866f1acf875ee8615a11c8e0d5f8a88011f85ab7c8ec6e301de0d693df09d265670f0ae758aac5b923bd02a79ee0beffe5bc1454830ac876d1a652 EBUILD curl-7.85.0-r2.ebuild 8204 BLAKE2B ca20481a8128774d80ec96082c8d6c2ec4f469d871952643819e85db0ed1fdbfaf63d5a2b162697e97a9a77e0662da1e7635a3cf831c1ee76efedddbf9650a40 SHA512 ab0805b4f80d6b58b4c8f1faad3a958da334c69e49e1a3c855a3adabd23d0e45fa274ac0c770e05a77334b4d37d36410b30c64abaff35992ce95b93d24106eb1 EBUILD curl-7.86.0-r2.ebuild 8367 BLAKE2B c7463df2a9da87728a6dec7b241e87e9b79eac01ec997f03548b2fc2c3e63749fff1b4b29fbbc317c6fbf2be784ba1b7e4599bb6e030a1dbd5692b89e1753667 SHA512 3f1d304dcde76fd82e7718cd393453bf772eede1627e594726627ade378f8e18b05073c6769d4cf5c6b553504dfa15c95e9e9e75b4aa6681e57a467d3be983f5 -EBUILD curl-7.86.0.ebuild 8253 BLAKE2B da0ca8206baead3da48b2a63ba6311933fa5fd8710a54cc4448a221596cdab57b86f1bfd67368c5357e06053de591b21575b7fe655fec6f7569375d569ff639b SHA512 a70e80311df4cd5eee6eaa0960390df71982c3d5465e6392c7e1068abbe97aacef1dddb1a3b1572063f0c7daf383a3bf31e8ea8f96b2c3291829a1bd9944dd3b +EBUILD curl-7.86.0-r3.ebuild 8445 BLAKE2B aa331efcc7afe9d27b61bfbe6ca1b59cacf913a71baffb7fbc60fbfaa6c728aaabaddb1ddbb1941d9781242bacdd38d70cff95d4a99331aa4140212436803a22 SHA512 12035bb45c2fceb13c853f87814032e662475d96e1665144bdfa702aac748495d66f12ec49fa65132ad8ecae0f514a665dc88dee96d65d4b29c72fac65df53fc MISC metadata.xml 2103 BLAKE2B beb97305069a47f8eee68278dca5c0f10467d374c9fdab2ea27808b79a68cd921e2ab60bbb2455cbce2cdcada72e8c68290b40ec87ba31dad6ea580820f5c800 SHA512 27c15624622b074926307369bb41ad6cf532300154a70573618a072418358f5fc543eb56873e9836703073e8b42134a0387f3077e741377827a685cbf69faaab diff --git a/net-misc/curl/curl-7.86.0-r3.ebuild b/net-misc/curl/curl-7.86.0-r3.ebuild new file mode 100644 index 000000000000..cd08376dee7b --- /dev/null +++ b/net-misc/curl/curl-7.86.0-r3.ebuild @@ -0,0 +1,292 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI="8" + +inherit autotools prefix multilib-minimal verify-sig + +DESCRIPTION="A Client that groks URLs" +HOMEPAGE="https://curl.haxx.se/" +SRC_URI="https://curl.haxx.se/download/${P}.tar.xz + verify-sig? ( https://curl.haxx.se/download/${P}.tar.xz.asc )" + +LICENSE="curl" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +IUSE="+adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap ipv6 kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd" +IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl" +IUSE+=" nghttp3 quiche" +VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/danielstenberg.asc + +# Only one default ssl provider can be enabled +REQUIRED_USE=" + ssl? ( + ^^ ( + curl_ssl_gnutls + curl_ssl_mbedtls + curl_ssl_nss + curl_ssl_openssl + ) + )" + +# lead to lots of false negatives, bug #285669 +RESTRICT="!test? ( test )" + +RDEPEND="ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] ) + brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] ) + ssl? ( + gnutls? ( + net-libs/gnutls:0=[static-libs?,${MULTILIB_USEDEP}] + dev-libs/nettle:0=[${MULTILIB_USEDEP}] + app-misc/ca-certificates + ) + mbedtls? ( + net-libs/mbedtls:0=[${MULTILIB_USEDEP}] + app-misc/ca-certificates + ) + openssl? ( + dev-libs/openssl:0=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}] + ) + nss? ( + dev-libs/nss:0[${MULTILIB_USEDEP}] + dev-libs/nss-pem + app-misc/ca-certificates + ) + ) + http2? ( net-libs/nghttp2:=[${MULTILIB_USEDEP}] ) + nghttp3? ( + net-libs/nghttp3[${MULTILIB_USEDEP}] + net-libs/ngtcp2[ssl,${MULTILIB_USEDEP}] + ) + quiche? ( >=net-libs/quiche-0.3.0[${MULTILIB_USEDEP}] ) + idn? ( net-dns/libidn2:0=[static-libs?,${MULTILIB_USEDEP}] ) + adns? ( net-dns/c-ares:0=[${MULTILIB_USEDEP}] ) + kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] ) + rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] ) + ssh? ( net-libs/libssh2[${MULTILIB_USEDEP}] ) + sys-libs/zlib[${MULTILIB_USEDEP}] + zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )" + +# Do we need to enforce the same ssl backend for curl and rtmpdump? Bug #423303 +# rtmp? ( +# media-video/rtmpdump +# curl_ssl_gnutls? ( media-video/rtmpdump[gnutls] ) +# curl_ssl_openssl? ( media-video/rtmpdump[-gnutls,ssl] ) +# ) + +DEPEND="${RDEPEND}" +BDEPEND="dev-lang/perl + virtual/pkgconfig + test? ( + sys-apps/diffutils + ) + verify-sig? ( sec-keys/openpgp-keys-danielstenberg )" + +DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} ) + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/curl/curlbuild.h +) + +MULTILIB_CHOST_TOOLS=( + /usr/bin/curl-config +) + +PATCHES=( + "${FILESDIR}"/${PN}-7.30.0-prefix.patch + "${FILESDIR}"/${PN}-respect-cflags-3.patch + "${FILESDIR}"/${P}-proxy-noproxy-tailmatching.patch + "${FILESDIR}"/${P}-proxy-noproxy-match-comma.patch + "${FILESDIR}"/${P}-noproxy-tailmatch-like-in-7.85.0-and-earlier.patch +) + +src_prepare() { + default + + eprefixify curl-config.in + eautoreconf +} + +multilib_src_configure() { + # We make use of the fact that later flags override earlier ones + # So start with all ssl providers off until proven otherwise + # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/) + local myconf=() + + myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt ) + #myconf+=( --without-default-ssl-backend ) + if use ssl ; then + myconf+=( --without-gnutls --without-mbedtls --without-nss ) + + if use gnutls || use curl_ssl_gnutls; then + einfo "SSL provided by gnutls" + myconf+=( --with-gnutls --with-nettle ) + fi + if use mbedtls || use curl_ssl_mbedtls; then + einfo "SSL provided by mbedtls" + myconf+=( --with-mbedtls ) + fi + if use nss || use curl_ssl_nss; then + einfo "SSL provided by nss" + myconf+=( --with-nss --with-nss-deprecated ) + fi + if use openssl || use curl_ssl_openssl; then + einfo "SSL provided by openssl" + myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs ) + fi + + if use curl_ssl_gnutls; then + einfo "Default SSL provided by gnutls" + myconf+=( --with-default-ssl-backend=gnutls ) + elif use curl_ssl_mbedtls; then + einfo "Default SSL provided by mbedtls" + myconf+=( --with-default-ssl-backend=mbedtls ) + elif use curl_ssl_nss; then + einfo "Default SSL provided by nss" + myconf+=( --with-default-ssl-backend=nss ) + elif use curl_ssl_openssl; then + einfo "Default SSL provided by openssl" + myconf+=( --with-default-ssl-backend=openssl ) + else + eerror "We can't be here because of REQUIRED_USE." + fi + + else + myconf+=( --without-ssl ) + einfo "SSL disabled" + fi + + # These configuration options are organized alphabetically + # within each category. This should make it easier if we + # ever decide to make any of them contingent on USE flags: + # 1) protocols first. To see them all do + # 'grep SUPPORT_PROTOCOLS configure.ac' + # 2) --enable/disable options second. + # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort + # 3) --with/without options third. + # grep -- --with configure | grep Check | awk '{ print $4 }' | sort + + myconf+=( + $(use_enable alt-svc) + --enable-crypto-auth + --enable-dict + --disable-ech + --enable-file + $(use_enable ftp) + $(use_enable gopher) + $(use_enable hsts) + --enable-http + $(use_enable imap) + $(use_enable ldap) + $(use_enable ldap ldaps) + --enable-ntlm + --disable-ntlm-wb + $(use_enable pop3) + --enable-rt + --enable-rtsp + $(use_enable samba smb) + $(use_with ssh libssh2) + $(use_enable smtp) + $(use_enable telnet) + $(use_enable tftp) + --enable-tls-srp + $(use_enable adns ares) + --enable-cookies + --enable-dateparse + --enable-dnsshuffle + --enable-doh + --enable-symbol-hiding + --enable-http-auth + $(use_enable ipv6) + --enable-largefile + --enable-manual + --enable-mime + --enable-netrc + $(use_enable progress-meter) + --enable-proxy + --disable-sspi + $(use_enable static-libs static) + --enable-pthreads + --enable-threaded-resolver + --disable-versioned-symbols + --without-amissl + --without-bearssl + $(use_with brotli) + --without-fish-functions-dir + $(use_with http2 nghttp2) + --without-hyper + $(use_with idn libidn2) + $(use_with kerberos gssapi "${EPREFIX}"/usr) + --without-libgsasl + --without-libpsl + --without-msh3 + $(use_with nghttp3) + $(use_with nghttp3 ngtcp2) + $(use_with quiche) + $(use_with rtmp librtmp) + --without-rustls + --without-schannel + --without-secure-transport + $(use_enable websockets) + --without-winidn + --without-wolfssl + --with-zlib + $(use_with zstd) + ) + + ECONF_SOURCE="${S}" econf "${myconf[@]}" + + if ! multilib_is_native_abi; then + # avoid building the client + sed -i -e '/SUBDIRS/s:src::' Makefile || die + sed -i -e '/SUBDIRS/s:scripts::' Makefile || die + fi + + # Fix up the pkg-config file to be more robust. + # https://github.com/curl/curl/issues/864 + local priv=() libs=() + # We always enable zlib. + libs+=( "-lz" ) + priv+=( "zlib" ) + if use http2; then + libs+=( "-lnghttp2" ) + priv+=( "libnghttp2" ) + fi + if use quiche; then + libs+=( "-lquiche" ) + priv+=( "quiche" ) + fi + if use nghttp3; then + libs+=( "-lnghttp3" "-lngtcp2" ) + priv+=( "libnghttp3" "-libtcp2" ) + fi + if use ssl && use curl_ssl_openssl; then + libs+=( "-lssl" "-lcrypto" ) + priv+=( "openssl" ) + fi + grep -q Requires.private libcurl.pc && die "need to update ebuild" + libs=$(printf '|%s' "${libs[@]}") + sed -i -r \ + -e "/^Libs.private/s:(${libs#|})( |$)::g" \ + libcurl.pc || die + echo "Requires.private: ${priv[*]}" >> libcurl.pc || die +} + +multilib_src_test() { + # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721 + # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches) + # -v: verbose + # -a: keep going on failure (so we see everything which breaks, not just 1st test) + # -k: keep test files after completion + # -am: automake style TAP output + # -p: print logs if test fails + # Note: if needed, we can disable tests. See e.g. Fedora's packaging + # or just read https://github.com/curl/curl/tree/master/tests#run. + multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p" +} + +multilib_src_install_all() { + einstalldocs + find "${ED}" -type f -name '*.la' -delete || die + rm -rf "${ED}"/etc/ || die +} diff --git a/net-misc/curl/curl-7.86.0.ebuild b/net-misc/curl/curl-7.86.0.ebuild deleted file mode 100644 index 4dbd6a99bbe3..000000000000 --- a/net-misc/curl/curl-7.86.0.ebuild +++ /dev/null @@ -1,287 +0,0 @@ -# Copyright 1999-2022 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI="8" - -inherit autotools prefix multilib-minimal verify-sig - -DESCRIPTION="A Client that groks URLs" -HOMEPAGE="https://curl.haxx.se/" -SRC_URI="https://curl.haxx.se/download/${P}.tar.xz - verify-sig? ( https://curl.haxx.se/download/${P}.tar.xz.asc )" - -LICENSE="curl" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -IUSE="+adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap ipv6 kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd" -IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl" -IUSE+=" nghttp3 quiche" -VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/danielstenberg.asc - -# Only one default ssl provider can be enabled -REQUIRED_USE=" - ssl? ( - ^^ ( - curl_ssl_gnutls - curl_ssl_mbedtls - curl_ssl_nss - curl_ssl_openssl - ) - )" - -# lead to lots of false negatives, bug #285669 -RESTRICT="!test? ( test )" - -RDEPEND="ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] ) - brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] ) - ssl? ( - gnutls? ( - net-libs/gnutls:0=[static-libs?,${MULTILIB_USEDEP}] - dev-libs/nettle:0=[${MULTILIB_USEDEP}] - app-misc/ca-certificates - ) - mbedtls? ( - net-libs/mbedtls:0=[${MULTILIB_USEDEP}] - app-misc/ca-certificates - ) - openssl? ( - dev-libs/openssl:0=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}] - ) - nss? ( - dev-libs/nss:0[${MULTILIB_USEDEP}] - dev-libs/nss-pem - app-misc/ca-certificates - ) - ) - http2? ( net-libs/nghttp2:=[${MULTILIB_USEDEP}] ) - nghttp3? ( - net-libs/nghttp3[${MULTILIB_USEDEP}] - net-libs/ngtcp2[ssl,${MULTILIB_USEDEP}] - ) - quiche? ( >=net-libs/quiche-0.3.0[${MULTILIB_USEDEP}] ) - idn? ( net-dns/libidn2:0=[static-libs?,${MULTILIB_USEDEP}] ) - adns? ( net-dns/c-ares:0=[${MULTILIB_USEDEP}] ) - kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] ) - rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] ) - ssh? ( net-libs/libssh2[${MULTILIB_USEDEP}] ) - sys-libs/zlib[${MULTILIB_USEDEP}] - zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )" - -# Do we need to enforce the same ssl backend for curl and rtmpdump? Bug #423303 -# rtmp? ( -# media-video/rtmpdump -# curl_ssl_gnutls? ( media-video/rtmpdump[gnutls] ) -# curl_ssl_openssl? ( media-video/rtmpdump[-gnutls,ssl] ) -# ) - -DEPEND="${RDEPEND}" -BDEPEND="dev-lang/perl - virtual/pkgconfig - test? ( - sys-apps/diffutils - ) - verify-sig? ( sec-keys/openpgp-keys-danielstenberg )" - -DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} ) - -MULTILIB_WRAPPED_HEADERS=( - /usr/include/curl/curlbuild.h -) - -MULTILIB_CHOST_TOOLS=( - /usr/bin/curl-config -) - -PATCHES=( - "${FILESDIR}"/${PN}-7.30.0-prefix.patch - "${FILESDIR}"/${PN}-respect-cflags-3.patch -) - -src_prepare() { - default - - eprefixify curl-config.in - eautoreconf -} - -multilib_src_configure() { - # We make use of the fact that later flags override earlier ones - # So start with all ssl providers off until proven otherwise - # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/) - local myconf=() - - myconf+=( --without-gnutls --without-mbedtls --without-nss --without-ssl ) - myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt ) - #myconf+=( --without-default-ssl-backend ) - if use ssl ; then - if use gnutls || use curl_ssl_gnutls; then - einfo "SSL provided by gnutls" - myconf+=( --with-gnutls --with-nettle ) - fi - if use mbedtls || use curl_ssl_mbedtls; then - einfo "SSL provided by mbedtls" - myconf+=( --with-mbedtls ) - fi - if use nss || use curl_ssl_nss; then - einfo "SSL provided by nss" - myconf+=( --with-nss --with-nss-deprecated ) - fi - if use openssl || use curl_ssl_openssl; then - einfo "SSL provided by openssl" - myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs ) - fi - - if use curl_ssl_gnutls; then - einfo "Default SSL provided by gnutls" - myconf+=( --with-default-ssl-backend=gnutls ) - elif use curl_ssl_mbedtls; then - einfo "Default SSL provided by mbedtls" - myconf+=( --with-default-ssl-backend=mbedtls ) - elif use curl_ssl_nss; then - einfo "Default SSL provided by nss" - myconf+=( --with-default-ssl-backend=nss ) - elif use curl_ssl_openssl; then - einfo "Default SSL provided by openssl" - myconf+=( --with-default-ssl-backend=openssl ) - else - eerror "We can't be here because of REQUIRED_USE." - fi - - else - einfo "SSL disabled" - fi - - # These configuration options are organized alphabetically - # within each category. This should make it easier if we - # ever decide to make any of them contingent on USE flags: - # 1) protocols first. To see them all do - # 'grep SUPPORT_PROTOCOLS configure.ac' - # 2) --enable/disable options second. - # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort - # 3) --with/without options third. - # grep -- --with configure | grep Check | awk '{ print $4 }' | sort - - myconf+=( - $(use_enable alt-svc) - --enable-crypto-auth - --enable-dict - --disable-ech - --enable-file - $(use_enable ftp) - $(use_enable gopher) - $(use_enable hsts) - --enable-http - $(use_enable imap) - $(use_enable ldap) - $(use_enable ldap ldaps) - --enable-ntlm - --disable-ntlm-wb - $(use_enable pop3) - --enable-rt - --enable-rtsp - $(use_enable samba smb) - $(use_with ssh libssh2) - $(use_enable smtp) - $(use_enable telnet) - $(use_enable tftp) - --enable-tls-srp - $(use_enable adns ares) - --enable-cookies - --enable-dateparse - --enable-dnsshuffle - --enable-doh - --enable-symbol-hiding - --enable-http-auth - $(use_enable ipv6) - --enable-largefile - --enable-manual - --enable-mime - --enable-netrc - $(use_enable progress-meter) - --enable-proxy - --disable-sspi - $(use_enable static-libs static) - --enable-pthreads - --enable-threaded-resolver - --disable-versioned-symbols - --without-amissl - --without-bearssl - $(use_with brotli) - --without-fish-functions-dir - $(use_with http2 nghttp2) - --without-hyper - $(use_with idn libidn2) - $(use_with kerberos gssapi "${EPREFIX}"/usr) - --without-libgsasl - --without-libpsl - --without-msh3 - $(use_with nghttp3) - $(use_with nghttp3 ngtcp2) - $(use_with quiche) - $(use_with rtmp librtmp) - --without-rustls - --without-schannel - --without-secure-transport - $(use_enable websockets) - --without-winidn - --without-wolfssl - --with-zlib - $(use_with zstd) - ) - - ECONF_SOURCE="${S}" econf "${myconf[@]}" - - if ! multilib_is_native_abi; then - # avoid building the client - sed -i -e '/SUBDIRS/s:src::' Makefile || die - sed -i -e '/SUBDIRS/s:scripts::' Makefile || die - fi - - # Fix up the pkg-config file to be more robust. - # https://github.com/curl/curl/issues/864 - local priv=() libs=() - # We always enable zlib. - libs+=( "-lz" ) - priv+=( "zlib" ) - if use http2; then - libs+=( "-lnghttp2" ) - priv+=( "libnghttp2" ) - fi - if use quiche; then - libs+=( "-lquiche" ) - priv+=( "quiche" ) - fi - if use nghttp3; then - libs+=( "-lnghttp3" "-lngtcp2" ) - priv+=( "libnghttp3" "-libtcp2" ) - fi - if use ssl && use curl_ssl_openssl; then - libs+=( "-lssl" "-lcrypto" ) - priv+=( "openssl" ) - fi - grep -q Requires.private libcurl.pc && die "need to update ebuild" - libs=$(printf '|%s' "${libs[@]}") - sed -i -r \ - -e "/^Libs.private/s:(${libs#|})( |$)::g" \ - libcurl.pc || die - echo "Requires.private: ${priv[*]}" >> libcurl.pc || die -} - -multilib_src_test() { - # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721 - # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches) - # -v: verbose - # -a: keep going on failure (so we see everything which breaks, not just 1st test) - # -k: keep test files after completion - # -am: automake style TAP output - # -p: print logs if test fails - # Note: if needed, we can disable tests. See e.g. Fedora's packaging - # or just read https://github.com/curl/curl/tree/master/tests#run. - multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p" -} - -multilib_src_install_all() { - einstalldocs - find "${ED}" -type f -name '*.la' -delete || die - rm -rf "${ED}"/etc/ || die -} diff --git a/net-misc/curl/files/curl-7.86.0-noproxy-tailmatch-like-in-7.85.0-and-earlier.patch b/net-misc/curl/files/curl-7.86.0-noproxy-tailmatch-like-in-7.85.0-and-earlier.patch new file mode 100644 index 000000000000..1f04f22f9b1b --- /dev/null +++ b/net-misc/curl/files/curl-7.86.0-noproxy-tailmatch-like-in-7.85.0-and-earlier.patch @@ -0,0 +1,84 @@ +https://github.com/curl/curl/issues/9842 +https://github.com/curl/curl/commit/b1953c1933b369b1217ef0f16053e26da63488c3 + +From b1953c1933b369b1217ef0f16053e26da63488c3 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Sun, 6 Nov 2022 23:19:51 +0100 +Subject: [PATCH] noproxy: tailmatch like in 7.85.0 and earlier + +A regfression in 7.86.0 (via 1e9a538e05c010) made the tailmatch work +differently than before. This restores the logic to how it used to work: + +All names listed in NO_PROXY are tailmatched against the used domain +name, if the lengths are identical it needs a full match. + +Update the docs, update test 1614. + +Reported-by: Stuart Henderson +Fixes #9842 +Closes #9858 +--- + docs/libcurl/opts/CURLOPT_NOPROXY.3 | 4 ---- + lib/noproxy.c | 32 +++++++++++++++-------------- + tests/unit/unit1614.c | 3 ++- + 3 files changed, 19 insertions(+), 20 deletions(-) + +diff --git a/docs/libcurl/opts/CURLOPT_NOPROXY.3 b/docs/libcurl/opts/CURLOPT_NOPROXY.3 +index 5e4c32130431..dc3cf7c10833 100644 +--- a/docs/libcurl/opts/CURLOPT_NOPROXY.3 ++++ b/docs/libcurl/opts/CURLOPT_NOPROXY.3 +@@ -40,10 +40,6 @@ list is matched as either a domain which contains the hostname, or the + hostname itself. For example, "ample.com" would match ample.com, ample.com:80, + and www.ample.com, but not www.example.com or ample.com.org. + +-If the name in the \fInoproxy\fP list has a leading period, it is a domain +-match against the provided host name. This way ".example.com" will switch off +-proxy use for both "www.example.com" as well as for "foo.example.com". +- + Setting the \fInoproxy\fP string to "" (an empty string) will explicitly + enable the proxy for all host names, even if there is an environment variable + set for it. +diff --git a/lib/noproxy.c b/lib/noproxy.c +index 2832ae166a5b..fb856e4faa72 100644 +--- a/lib/noproxy.c ++++ b/lib/noproxy.c +@@ -187,22 +187,24 @@ bool Curl_check_noproxy(const char *name, const char *no_proxy) + tokenlen--; + + if(tokenlen && (*token == '.')) { +- /* A: example.com matches '.example.com' +- B: www.example.com matches '.example.com' +- C: nonexample.com DOES NOT match '.example.com' +- */ +- if((tokenlen - 1) == namelen) +- /* case A, exact match without leading dot */ +- match = strncasecompare(token + 1, name, namelen); +- else if(tokenlen < namelen) +- /* case B, tailmatch with leading dot */ +- match = strncasecompare(token, name + (namelen - tokenlen), +- tokenlen); +- /* case C passes through, not a match */ ++ /* ignore leading token dot as well */ ++ token++; ++ tokenlen--; + } +- else +- match = (tokenlen == namelen) && +- strncasecompare(token, name, namelen); ++ /* A: example.com matches 'example.com' ++ B: www.example.com matches 'example.com' ++ C: nonexample.com DOES NOT match 'example.com' ++ */ ++ if(tokenlen == namelen) ++ /* case A, exact match */ ++ match = strncasecompare(token, name, namelen); ++ else if(tokenlen < namelen) { ++ /* case B, tailmatch domain */ ++ match = (name[namelen - tokenlen - 1] == '.') && ++ strncasecompare(token, name + (namelen - tokenlen), ++ tokenlen); ++ } ++ /* case C passes through, not a match */ + break; + case TYPE_IPV4: + /* FALLTHROUGH */ -- cgit v1.2.3