commit: 933387194f2ad524c99a90bd7cb0405d0b30f5aa Author: orbea <orbea <AT> riseup <DOT> net> AuthorDate: Tue Oct 15 23:39:13 2024 +0000 Commit: orbea <orbea <AT> riseup <DOT> net> CommitDate: Tue Oct 15 23:40:26 2024 +0000 URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=93338719
net-misc/curl: new package, add 8.9.1-r1, 8.10.1 Make it easier to use quic with LibreSSL via ngtcp2. Signed-off-by: orbea <orbea <AT> riseup.net> net-misc/curl/Manifest | 4 + net-misc/curl/curl-8.10.1.ebuild | 381 ++++++++++++++++++++ net-misc/curl/curl-8.9.1-r1.ebuild | 382 +++++++++++++++++++++ net-misc/curl/files/curl-8.7.1-chunked-post.patch | 57 +++ .../files/curl-8.7.1-fix-compress-option.patch | 153 +++++++++ .../curl/files/curl-8.7.1-http2-git-clone.patch | 342 ++++++++++++++++++ net-misc/curl/files/curl-8.7.1-rustls-fixes.patch | 49 +++ .../curl/files/curl-8.8.0-install-manpage.patch | 22 ++ net-misc/curl/files/curl-8.8.0-mbedtls.patch | 42 +++ .../curl/files/curl-8.8.0-multi_wait-timeout.patch | 75 ++++ net-misc/curl/files/curl-8.9.1-sigpipe.patch | 26 ++ net-misc/curl/files/curl-prefix-2.patch | 34 ++ net-misc/curl/files/curl-prefix.patch | 21 ++ net-misc/curl/files/curl-respect-cflags-3.patch | 14 + net-misc/curl/metadata.xml | 44 +++ 15 files changed, 1646 insertions(+) diff --git a/net-misc/curl/Manifest b/net-misc/curl/Manifest new file mode 100644 index 0000000..9748763 --- /dev/null +++ b/net-misc/curl/Manifest @@ -0,0 +1,4 @@ +DIST curl-8.10.1.tar.xz 2726748 BLAKE2B bfdfa24f6d652884044c5e8eea5d70daad651b46255c99c9df502f9595a2dcbf8c4034446becf9e87f8e8a3f397a8fda29ab3e0d6020ac0dae62dd42b8136b78 SHA512 f1c7a12492dcfb8ba08be69b96a83ce9074592cbaa6b95c72b3c16fc58ad35e9f9deec7b72baca7d360d013b0b1c7ea38bd4edae464903ac67aa3c76238d8c6c +DIST curl-8.10.1.tar.xz.asc 488 BLAKE2B 8e8f2b628d4e8964a76c1c43c5557aacbfc2d2dbc51be8a0fa1b157c257f15f29aedba842cba7cb270c4adcf0b4a5d9c8b0b3d49633c48b061fb3e1472303d66 SHA512 21d6d560c027efc9e3e5db182a77501d6376442221ba910df817e2ec980bee44a9fe2afc698205f8d5e8313ae47915a341d60206a46b46e816d73ee357a894ac +DIST curl-8.9.1.tar.xz 2782364 BLAKE2B 6e38e20e2b03ab5bfbb8d9797442dfdd9644fc80d7b1f7c1efb1f44e0d730524e82ccf7413b2c6f4555bd61ae42f91ec7c0201e2c0d563811c85164aa234aada SHA512 a0fe234402875db194aad4e4208b7e67e7ffc1562622eea90948d4b9b0122c95c3dde8bbe2f7445a687cb3de7cb09f20e5819d424570442d976aa4c913227fc7 +DIST curl-8.9.1.tar.xz.asc 488 BLAKE2B 437268f6e5ba5db73f205fd87f3ded1e5fc200e8bf63a83cdb7e21dfbf2f4a4620e598cd0bf5d8fa1548ade08d45b386599542cd988df46a238b85790409f42e SHA512 18acd58436d70900ab6912b84774da2c451b9dbfc83d6d00f85bbbe7894b67075918e58956fdb753fcc1486e4f10caa31139d7c68b037d7c83dc2e9c2fae9f9b diff --git a/net-misc/curl/curl-8.10.1.ebuild b/net-misc/curl/curl-8.10.1.ebuild new file mode 100644 index 0000000..f49ba20 --- /dev/null +++ b/net-misc/curl/curl-8.10.1.ebuild @@ -0,0 +1,381 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +# Maintainers should subscribe to the 'curl-distros' ML for backports etc +# https://daniel.haxx.se/blog/2024/03/25/curl-distro-report/ +# https://lists.haxx.se/listinfo/curl-distros + +VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/danielstenberg.asc +inherit autotools multilib-minimal multiprocessing prefix toolchain-funcs verify-sig + +DESCRIPTION="A Client that groks URLs" +HOMEPAGE="https://curl.se/"; + +if [[ ${PV} == 9999 ]]; then + inherit git-r3 + EGIT_REPO_URI="https://github.com/curl/curl.git"; +else + SRC_URI=" + https://curl.se/download/${P}.tar.xz + verify-sig? ( https://curl.se/download/${P}.tar.xz.asc ) + " + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" +fi + +LICENSE="BSD curl ISC test? ( BSD-4 )" +SLOT="0" +IUSE="+adns +alt-svc brotli debug +ftp gnutls gopher +hsts +http2 +http3 idn +imap kerberos ldap mbedtls +openssl +pop3" +IUSE+=" +psl +progress-meter +quic rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp +websockets zstd" +# These select the default tls implementation / which quic impl to use +IUSE+=" +curl_quic_openssl curl_quic_ngtcp2 curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls" +RESTRICT="!test? ( test )" + +# Only one default ssl / quic provider can be enabled +# The default provider needs its USE satisfied +# HTTP/3 and MultiSSL are mutually exclusive; it's not clear if MultiSSL offers any benefit at all in the modern day. +# https://github.com/curl/curl/commit/65ece771f4602107d9cdd339dff4b420280a2c2e +REQUIRED_USE=" + quic? ( + ^^ ( + curl_quic_openssl + curl_quic_ngtcp2 + ) + http3 + ssl + ) + ssl? ( + ^^ ( + curl_ssl_gnutls + curl_ssl_mbedtls + curl_ssl_openssl + curl_ssl_rustls + ) + ) + curl_quic_openssl? ( + curl_ssl_openssl + quic + !gnutls + !mbedtls + !rustls + ) + curl_quic_ngtcp2? ( + quic + !mbedtls + !rustls + ) + curl_ssl_gnutls? ( gnutls ) + curl_ssl_mbedtls? ( mbedtls ) + curl_ssl_openssl? ( openssl ) + curl_ssl_rustls? ( rustls ) + http3? ( alt-svc quic ) +" + +# cURL's docs and CI/CD are great resources for confirming supported versions +# particulary for fast-moving targets like HTTP/2 and TCP/2 e.g.: +# - https://github.com/curl/curl/blob/master/docs/INTERNALS.md (core dependencies + minimum versions) +# - https://github.com/curl/curl/blob/master/docs/HTTP3.md (example of a feature that moves quickly) +# - https://github.com/curl/curl/blob/master/.github/workflows/http3-linux.yml (CI/CD for TCP/2) +# However 'supported' vs 'works' are two entirely different things; be sane but +# don't be afraid to require a later version. +# ngtcp2 = https://bugs.gentoo.org/912029 - can only build with one tls backend at a time. +RDEPEND=" + >=sys-libs/zlib-1.1.4[${MULTILIB_USEDEP}] + adns? ( >=net-dns/c-ares-1.16.0:=[${MULTILIB_USEDEP}] ) + brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] ) + http2? ( >=net-libs/nghttp2-1.15.0:=[${MULTILIB_USEDEP}] ) + http3? ( >=net-libs/nghttp3-1.1.0[${MULTILIB_USEDEP}] ) + idn? ( >=net-dns/libidn2-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] ) + kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] ) + ldap? ( >=net-nds/openldap-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] ) + psl? ( net-libs/libpsl[${MULTILIB_USEDEP}] ) + quic? ( + curl_quic_openssl? ( >=dev-libs/openssl-3.3.0:=[quic,${MULTILIB_USEDEP}] ) + curl_quic_ngtcp2? ( >=net-libs/ngtcp2-1.2.0[ssl,${MULTILIB_USEDEP}] ) + ) + rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] ) + ssh? ( >=net-libs/libssh2-1.0.0[${MULTILIB_USEDEP}] ) + ssl? ( + gnutls? ( + app-misc/ca-certificates + >=net-libs/gnutls-3.1.10:=[static-libs?,${MULTILIB_USEDEP}] + dev-libs/nettle:=[${MULTILIB_USEDEP}] + ) + mbedtls? ( + app-misc/ca-certificates + net-libs/mbedtls:=[${MULTILIB_USEDEP}] + ) + openssl? ( + >=dev-libs/openssl-0.9.7:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}] + ) + rustls? ( + >=net-libs/rustls-ffi-0.13.0:=[${MULTILIB_USEDEP}] + ) + ) + zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] ) +" + +DEPEND="${RDEPEND}" + +BDEPEND=" + dev-lang/perl + virtual/pkgconfig + test? ( + sys-apps/diffutils + http2? ( >=net-libs/nghttp2-1.15.0:=[utils,${MULTILIB_USEDEP}] ) + http3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] ) + ) + verify-sig? ( sec-keys/openpgp-keys-danielstenberg ) +" + +DOCS=( README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} ) + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/curl/curlbuild.h +) + +MULTILIB_CHOST_TOOLS=( + /usr/bin/curl-config +) + +QA_CONFIG_IMPL_DECL_SKIP=( + __builtin_available + closesocket + CloseSocket + getpass_r + ioctlsocket + IoctlSocket + mach_absolute_time + setmode + _fseeki64 + # custom AC_LINK_IFELSE code fails to link even without -Werror + OSSL_QUIC_client_method +) + +PATCHES=( + "${FILESDIR}"/${PN}-prefix-2.patch + "${FILESDIR}"/${PN}-respect-cflags-3.patch +) + +src_prepare() { + default + + eprefixify curl-config.in + eautoreconf +} + +multilib_src_configure() { + # We make use of the fact that later flags override earlier ones + # So start with all ssl providers off until proven otherwise + # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/) + local myconf=() + + myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt ) + if use ssl; then + myconf+=( --without-gnutls --without-mbedtls --without-rustls ) + + if use gnutls; then + multilib_is_native_abi && einfo "SSL provided by gnutls" + myconf+=( --with-gnutls ) + fi + if use mbedtls; then + multilib_is_native_abi && einfo "SSL provided by mbedtls" + myconf+=( --with-mbedtls ) + fi + if use openssl; then + multilib_is_native_abi && einfo "SSL provided by openssl" + myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs ) + fi + if use rustls; then + multilib_is_native_abi && einfo "SSL provided by rustls" + myconf+=( --with-rustls ) + fi + if use curl_ssl_gnutls; then + multilib_is_native_abi && einfo "Default SSL provided by gnutls" + myconf+=( --with-default-ssl-backend=gnutls ) + elif use curl_ssl_mbedtls; then + multilib_is_native_abi && einfo "Default SSL provided by mbedtls" + myconf+=( --with-default-ssl-backend=mbedtls ) + elif use curl_ssl_openssl; then + multilib_is_native_abi && einfo "Default SSL provided by openssl" + myconf+=( --with-default-ssl-backend=openssl ) + elif use curl_ssl_rustls; then + multilib_is_native_abi && einfo "Default SSL provided by rustls" + myconf+=( --with-default-ssl-backend=rustls ) + else + eerror "We can't be here because of REQUIRED_USE." + die "Please file a bug, hit impossible condition w/ USE=ssl handling." + fi + + else + myconf+=( --without-ssl ) + einfo "SSL disabled" + fi + + # These configuration options are organized alphabetically + # within each category. This should make it easier if we + # ever decide to make any of them contingent on USE flags: + # 1) protocols first. To see them all do + # 'grep SUPPORT_PROTOCOLS configure.ac' + # 2) --enable/disable options second. + # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort + # 3) --with/without options third. + # grep -- --with configure | grep Check | awk '{ print $4 }' | sort + + myconf+=( + $(use_enable alt-svc) + --enable-basic-auth + --enable-bearer-auth + --enable-digest-auth + --enable-kerberos-auth + --enable-negotiate-auth + --enable-aws + --enable-dict + --disable-ech + --enable-file + $(use_enable ftp) + $(use_enable gopher) + $(use_enable hsts) + --enable-http + $(use_enable imap) + $(use_enable ldap) + $(use_enable ldap ldaps) + --enable-ntlm + $(use_enable pop3) + --enable-rt + --enable-rtsp + $(use_enable samba smb) + $(use_with ssh libssh2) + $(use_enable smtp) + $(use_enable telnet) + $(use_enable tftp) + --enable-tls-srp + $(use_enable adns ares) + --enable-cookies + --enable-dateparse + --enable-dnsshuffle + --enable-doh + --enable-symbol-hiding + --enable-http-auth + --enable-ipv6 + --enable-largefile + --enable-manual + --enable-mime + --enable-netrc + $(use_enable progress-meter) + --enable-proxy + --enable-socketpair + --disable-sspi + $(use_enable static-libs static) + --enable-pthreads + --enable-threaded-resolver + --disable-versioned-symbols + --without-amissl + --without-bearssl + $(use_with brotli) + --with-fish-functions-dir="${EPREFIX}"/usr/share/fish/vendor_completions.d + $(use_with http2 nghttp2) + --without-hyper + $(use_with idn libidn2) + $(use_with kerberos gssapi "${EPREFIX}"/usr) + --without-libgsasl + $(use_with psl libpsl) + --without-msh3 + $(use_with http3 nghttp3) + $(use_with curl_quic_ngtcp2 ngtcp2) + $(use_with curl_quic_openssl openssl-quic) + --without-quiche + $(use_with rtmp librtmp) + --without-schannel + --without-secure-transport + --without-test-caddy + --without-test-httpd + --without-test-nghttpx + $(use_enable websockets) + --without-winidn + --without-wolfssl + --with-zlib + $(use_with zstd) + --with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions + ) + + if use debug; then + myconf+=( + --enable-debug + ) + fi + + if use test && multilib_is_native_abi && ( use http2 || use http3 ); then + myconf+=( + --with-test-nghttpx="${BROOT}/usr/bin/nghttpx" + ) + fi + + if [[ ${CHOST} == *mingw* ]] ; then + myconf+=( + --disable-pthreads + ) + fi + + ECONF_SOURCE="${S}" econf "${myconf[@]}" + + if ! multilib_is_native_abi; then + # Avoid building the client (we just want libcurl for multilib) + sed -i -e '/SUBDIRS/s:src::' Makefile || die + sed -i -e '/SUBDIRS/s:scripts::' Makefile || die + fi + +} + +multilib_src_compile() { + default + + if multilib_is_native_abi; then + # Shell completions + ! tc-is-cross-compiler && emake -C scripts + fi +} + +# There is also a pytest harness that tests for bugs in some very specific +# situations; we can rely on upstream for this rather than adding additional test deps. +multilib_src_test() { + # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721 + # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches) + # -v: verbose + # -a: keep going on failure (so we see everything that breaks, not just 1st test) + # -k: keep test files after completion + # -am: automake style TAP output + # -p: print logs if test fails + # Note: if needed, we can skip specific tests. See e.g. Fedora's packaging + # or just read https://github.com/curl/curl/tree/master/tests#run. + # Note: we don't run the testsuite for cross-compilation. + # Upstream recommend 7*nproc as a starting point for parallel tests, but + # this ends up breaking when nproc is huge (like -j80). + # The network sandbox causes tests 241 and 1083 to fail; these are typically skipped + # as most gentoo users don't have an 'ip6-localhost' + multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p -j$((2*$(makeopts_jobs))) !241 !1083" +} + +multilib_src_install() { + emake DESTDIR="${D}" install + + if multilib_is_native_abi; then + # Shell completions + ! tc-is-cross-compiler && emake -C scripts DESTDIR="${D}" install + fi +} + +multilib_src_install_all() { + einstalldocs + find "${ED}" -type f -name '*.la' -delete || die + rm -rf "${ED}"/etc/ || die +} + +pkg_postinst() { + if use debug; then + ewarn "USE=debug has been selected, enabling debug codepaths and making cURL extra verbose." + ewarn "Use this _only_ for testing. Debug builds should _not_ be used in anger." + ewarn "hic sunt dracones; you have been warned." + fi +} diff --git a/net-misc/curl/curl-8.9.1-r1.ebuild b/net-misc/curl/curl-8.9.1-r1.ebuild new file mode 100644 index 0000000..8f952f6 --- /dev/null +++ b/net-misc/curl/curl-8.9.1-r1.ebuild @@ -0,0 +1,382 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +# Maintainers should subscribe to the 'curl-distros' ML for backports etc +# https://daniel.haxx.se/blog/2024/03/25/curl-distro-report/ +# https://lists.haxx.se/listinfo/curl-distros + +VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/danielstenberg.asc +inherit autotools multilib-minimal multiprocessing prefix toolchain-funcs verify-sig + +DESCRIPTION="A Client that groks URLs" +HOMEPAGE="https://curl.se/"; + +if [[ ${PV} == 9999 ]]; then + inherit git-r3 + EGIT_REPO_URI="https://github.com/curl/curl.git"; +else + SRC_URI=" + https://curl.se/download/${P}.tar.xz + verify-sig? ( https://curl.se/download/${P}.tar.xz.asc ) + " + KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" +fi + +LICENSE="BSD curl ISC test? ( BSD-4 )" +SLOT="0" +IUSE="+adns +alt-svc brotli debug +ftp gnutls gopher +hsts +http2 +http3 idn +imap kerberos ldap mbedtls +openssl +pop3" +IUSE+=" +psl +progress-meter +quic rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd" +# These select the default tls implementation / which quic impl to use +IUSE+=" +curl_quic_openssl curl_quic_ngtcp2 curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls" +RESTRICT="!test? ( test )" + +# Only one default ssl / quic provider can be enabled +# The default provider needs its USE satisfied +# HTTP/3 and MultiSSL are mutually exclusive; it's not clear if MultiSSL offers any benefit at all in the modern day. +# https://github.com/curl/curl/commit/65ece771f4602107d9cdd339dff4b420280a2c2e +REQUIRED_USE=" + quic? ( + ^^ ( + curl_quic_openssl + curl_quic_ngtcp2 + ) + http3 + ssl + ) + ssl? ( + ^^ ( + curl_ssl_gnutls + curl_ssl_mbedtls + curl_ssl_openssl + curl_ssl_rustls + ) + ) + curl_quic_openssl? ( + curl_ssl_openssl + quic + !gnutls + !mbedtls + !rustls + ) + curl_quic_ngtcp2? ( + quic + !mbedtls + !rustls + ) + curl_ssl_gnutls? ( gnutls ) + curl_ssl_mbedtls? ( mbedtls ) + curl_ssl_openssl? ( openssl ) + curl_ssl_rustls? ( rustls ) + http3? ( alt-svc quic ) +" + +# cURL's docs and CI/CD are great resources for confirming supported versions +# particulary for fast-moving targets like HTTP/2 and TCP/2 e.g.: +# - https://github.com/curl/curl/blob/master/docs/INTERNALS.md (core dependencies + minimum versions) +# - https://github.com/curl/curl/blob/master/docs/HTTP3.md (example of a feature that moves quickly) +# - https://github.com/curl/curl/blob/master/.github/workflows/quiche-linux.yml (CI/CD for TCP/2) +# However 'supported' vs 'works' are two entirely different things; be sane but +# don't be afraid to require a later version. +# ngtcp2 = https://bugs.gentoo.org/912029 - can only build with one tls backend at a time. +RDEPEND=" + >=sys-libs/zlib-1.1.4[${MULTILIB_USEDEP}] + adns? ( >=net-dns/c-ares-1.16.0:=[${MULTILIB_USEDEP}] ) + brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] ) + http2? ( >=net-libs/nghttp2-1.15.0:=[${MULTILIB_USEDEP}] ) + http3? ( >=net-libs/nghttp3-1.1.0[${MULTILIB_USEDEP}] ) + idn? ( >=net-dns/libidn2-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] ) + kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] ) + ldap? ( >=net-nds/openldap-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] ) + psl? ( net-libs/libpsl[${MULTILIB_USEDEP}] ) + quic? ( + curl_quic_openssl? ( >=dev-libs/openssl-3.3.0:=[quic,${MULTILIB_USEDEP}] ) + curl_quic_ngtcp2? ( >=net-libs/ngtcp2-1.2.0[ssl,${MULTILIB_USEDEP}] ) + ) + rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] ) + ssh? ( >=net-libs/libssh2-1.0.0[${MULTILIB_USEDEP}] ) + ssl? ( + gnutls? ( + app-misc/ca-certificates + >=net-libs/gnutls-3.1.10:=[static-libs?,${MULTILIB_USEDEP}] + dev-libs/nettle:=[${MULTILIB_USEDEP}] + ) + mbedtls? ( + app-misc/ca-certificates + net-libs/mbedtls:=[${MULTILIB_USEDEP}] + ) + openssl? ( + >=dev-libs/openssl-0.9.7:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}] + ) + rustls? ( + >=net-libs/rustls-ffi-0.13.0:=[${MULTILIB_USEDEP}] + ) + ) + zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] ) +" + +DEPEND="${RDEPEND}" + +BDEPEND=" + dev-lang/perl + virtual/pkgconfig + test? ( + sys-apps/diffutils + http2? ( >=net-libs/nghttp2-1.15.0:=[utils,${MULTILIB_USEDEP}] ) + http3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] ) + ) + verify-sig? ( sec-keys/openpgp-keys-danielstenberg ) +" + +DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} ) + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/curl/curlbuild.h +) + +MULTILIB_CHOST_TOOLS=( + /usr/bin/curl-config +) + +QA_CONFIG_IMPL_DECL_SKIP=( + __builtin_available + closesocket + CloseSocket + getpass_r + ioctlsocket + IoctlSocket + mach_absolute_time + setmode + _fseeki64 + # custom AC_LINK_IFELSE code fails to link even without -Werror + OSSL_QUIC_client_method +) + +PATCHES=( + "${FILESDIR}"/${PN}-prefix-2.patch + "${FILESDIR}"/${PN}-respect-cflags-3.patch + "${FILESDIR}"/${PN}-8.9.1-sigpipe.patch +) + +src_prepare() { + default + + eprefixify curl-config.in + eautoreconf +} + +multilib_src_configure() { + # We make use of the fact that later flags override earlier ones + # So start with all ssl providers off until proven otherwise + # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/) + local myconf=() + + myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt ) + if use ssl; then + myconf+=( --without-gnutls --without-mbedtls --without-rustls ) + + if use gnutls; then + multilib_is_native_abi && einfo "SSL provided by gnutls" + myconf+=( --with-gnutls ) + fi + if use mbedtls; then + multilib_is_native_abi && einfo "SSL provided by mbedtls" + myconf+=( --with-mbedtls ) + fi + if use openssl; then + multilib_is_native_abi && einfo "SSL provided by openssl" + myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs ) + fi + if use rustls; then + multilib_is_native_abi && einfo "SSL provided by rustls" + myconf+=( --with-rustls ) + fi + if use curl_ssl_gnutls; then + multilib_is_native_abi && einfo "Default SSL provided by gnutls" + myconf+=( --with-default-ssl-backend=gnutls ) + elif use curl_ssl_mbedtls; then + multilib_is_native_abi && einfo "Default SSL provided by mbedtls" + myconf+=( --with-default-ssl-backend=mbedtls ) + elif use curl_ssl_openssl; then + multilib_is_native_abi && einfo "Default SSL provided by openssl" + myconf+=( --with-default-ssl-backend=openssl ) + elif use curl_ssl_rustls; then + multilib_is_native_abi && einfo "Default SSL provided by rustls" + myconf+=( --with-default-ssl-backend=rustls ) + else + eerror "We can't be here because of REQUIRED_USE." + die "Please file a bug, hit impossible condition w/ USE=ssl handling." + fi + + else + myconf+=( --without-ssl ) + einfo "SSL disabled" + fi + + # These configuration options are organized alphabetically + # within each category. This should make it easier if we + # ever decide to make any of them contingent on USE flags: + # 1) protocols first. To see them all do + # 'grep SUPPORT_PROTOCOLS configure.ac' + # 2) --enable/disable options second. + # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort + # 3) --with/without options third. + # grep -- --with configure | grep Check | awk '{ print $4 }' | sort + + myconf+=( + $(use_enable alt-svc) + --enable-basic-auth + --enable-bearer-auth + --enable-digest-auth + --enable-kerberos-auth + --enable-negotiate-auth + --enable-aws + --enable-dict + --disable-ech + --enable-file + $(use_enable ftp) + $(use_enable gopher) + $(use_enable hsts) + --enable-http + $(use_enable imap) + $(use_enable ldap) + $(use_enable ldap ldaps) + --enable-ntlm + $(use_enable pop3) + --enable-rt + --enable-rtsp + $(use_enable samba smb) + $(use_with ssh libssh2) + $(use_enable smtp) + $(use_enable telnet) + $(use_enable tftp) + --enable-tls-srp + $(use_enable adns ares) + --enable-cookies + --enable-dateparse + --enable-dnsshuffle + --enable-doh + --enable-symbol-hiding + --enable-http-auth + --enable-ipv6 + --enable-largefile + --enable-manual + --enable-mime + --enable-netrc + $(use_enable progress-meter) + --enable-proxy + --enable-socketpair + --disable-sspi + $(use_enable static-libs static) + --enable-pthreads + --enable-threaded-resolver + --disable-versioned-symbols + --without-amissl + --without-bearssl + $(use_with brotli) + --with-fish-functions-dir="${EPREFIX}"/usr/share/fish/vendor_completions.d + $(use_with http2 nghttp2) + --without-hyper + $(use_with idn libidn2) + $(use_with kerberos gssapi "${EPREFIX}"/usr) + --without-libgsasl + $(use_with psl libpsl) + --without-msh3 + $(use_with http3 nghttp3) + $(use_with curl_quic_ngtcp2 ngtcp2) + $(use_with curl_quic_openssl openssl-quic) + --without-quiche + $(use_with rtmp librtmp) + --without-schannel + --without-secure-transport + --without-test-caddy + --without-test-httpd + --without-test-nghttpx + $(use_enable websockets) + --without-winidn + --without-wolfssl + --with-zlib + $(use_with zstd) + --with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions + ) + + if use debug; then + myconf+=( + --enable-debug + ) + fi + + if use test && multilib_is_native_abi && ( use http2 || use http3 ); then + myconf+=( + --with-test-nghttpx="${BROOT}/usr/bin/nghttpx" + ) + fi + + if [[ ${CHOST} == *mingw* ]] ; then + myconf+=( + --disable-pthreads + ) + fi + + ECONF_SOURCE="${S}" econf "${myconf[@]}" + + if ! multilib_is_native_abi; then + # Avoid building the client (we just want libcurl for multilib) + sed -i -e '/SUBDIRS/s:src::' Makefile || die + sed -i -e '/SUBDIRS/s:scripts::' Makefile || die + fi + +} + +multilib_src_compile() { + default + + if multilib_is_native_abi; then + # Shell completions + ! tc-is-cross-compiler && emake -C scripts + fi +} + +# There is also a pytest harness that tests for bugs in some very specific +# situations; we can rely on upstream for this rather than adding additional test deps. +multilib_src_test() { + # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721 + # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches) + # -v: verbose + # -a: keep going on failure (so we see everything which breaks, not just 1st test) + # -k: keep test files after completion + # -am: automake style TAP output + # -p: print logs if test fails + # Note: if needed, we can skip specific tests. See e.g. Fedora's packaging + # or just read https://github.com/curl/curl/tree/master/tests#run. + # Note: we don't run the testsuite for cross-compilation. + # Upstream recommend 7*nproc as a starting point for parallel tests, but + # this ends up breaking when nproc is huge (like -j80). + # The network sandbox causes tests 241 and 1083 to fail; these are typically skipped + # as most gentoo users don't have an 'ip6-localhost' + multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p -j$((2*$(makeopts_jobs))) !241 !1083" +} + +multilib_src_install() { + emake DESTDIR="${D}" install + + if multilib_is_native_abi; then + # Shell completions + ! tc-is-cross-compiler && emake -C scripts DESTDIR="${D}" install + fi +} + +multilib_src_install_all() { + einstalldocs + find "${ED}" -type f -name '*.la' -delete || die + rm -rf "${ED}"/etc/ || die +} + +pkg_postinst() { + if use debug; then + ewarn "USE=debug has been selected, enabling debug codepaths and making cURL extra verbose." + ewarn "Use this _only_ for testing. Debug builds should _not_ be used in anger." + ewarn "hic sunt dracones; you have been warned." + fi +} diff --git a/net-misc/curl/files/curl-8.7.1-chunked-post.patch b/net-misc/curl/files/curl-8.7.1-chunked-post.patch new file mode 100644 index 0000000..9d1fef7 --- /dev/null +++ b/net-misc/curl/files/curl-8.7.1-chunked-post.patch @@ -0,0 +1,57 @@ +https://github.com/curl/curl/commit/721941aadf4adf4f6aeb3f4c0ab489bb89610c36 +From: Stefan Eissing <ste...@eissing.org> +Date: Mon, 1 Apr 2024 15:41:18 +0200 +Subject: [PATCH] http: with chunked POST forced, disable length check on read + callback + +- when an application forces HTTP/1.1 chunked transfer encoding + by setting the corresponding header and instructs curl to use + the CURLOPT_READFUNCTION, disregard any POST length information. +- this establishes backward compatibility with previous curl versions + +Applications are encouraged to not force "chunked", but rather +set length information for a POST. By setting -1, curl will +auto-select chunked on HTTP/1.1 and work properly on other HTTP +versions. + +Reported-by: Jeff King +Fixes #13229 +Closes #13257 +--- a/lib/http.c ++++ b/lib/http.c +@@ -2046,8 +2046,19 @@ static CURLcode set_reader(struct Curl_easy *data, Curl_HttpReq httpreq) + else + result = Curl_creader_set_null(data); + } +- else { /* we read the bytes from the callback */ +- result = Curl_creader_set_fread(data, postsize); ++ else { ++ /* we read the bytes from the callback. In case "chunked" encoding ++ * is forced by the application, we disregard `postsize`. This is ++ * a backward compatibility decision to earlier versions where ++ * chunking disregarded this. See issue #13229. */ ++ bool chunked = FALSE; ++ char *ptr = Curl_checkheaders(data, STRCONST("Transfer-Encoding")); ++ if(ptr) { ++ /* Some kind of TE is requested, check if 'chunked' is chosen */ ++ chunked = Curl_compareheader(ptr, STRCONST("Transfer-Encoding:"), ++ STRCONST("chunked")); ++ } ++ result = Curl_creader_set_fread(data, chunked? -1 : postsize); + } + return result; + +@@ -2115,6 +2126,13 @@ CURLcode Curl_http_req_set_reader(struct Curl_easy *data, + data->req.upload_chunky = + Curl_compareheader(ptr, + STRCONST("Transfer-Encoding:"), STRCONST("chunked")); ++ if(data->req.upload_chunky && ++ Curl_use_http_1_1plus(data, data->conn) && ++ (data->conn->httpversion >= 20)) { ++ infof(data, "suppressing chunked transfer encoding on connection " ++ "using HTTP version 2 or higher"); ++ data->req.upload_chunky = FALSE; ++ } + } + else { + curl_off_t req_clen = Curl_creader_total_length(data); diff --git a/net-misc/curl/files/curl-8.7.1-fix-compress-option.patch b/net-misc/curl/files/curl-8.7.1-fix-compress-option.patch new file mode 100644 index 0000000..a06a537 --- /dev/null +++ b/net-misc/curl/files/curl-8.7.1-fix-compress-option.patch @@ -0,0 +1,153 @@ +https://github.com/curl/curl/commit/b30d694a027eb771c02a3db0dee0ca03ccab7377 +From: Stefan Eissing <ste...@eissing.org> +Date: Thu, 28 Mar 2024 11:08:15 +0100 +Subject: [PATCH] content_encoding: brotli and others, pass through 0-length + writes + +- curl's transfer handling may write 0-length chunks at the end of the + download with an EOS flag. (HTTP/2 does this commonly) + +- content encoders need to pass-through such a write and not count this + as error in case they are finished decoding + +Fixes #13209 +Fixes #13212 +Closes #13219 +--- a/lib/content_encoding.c ++++ b/lib/content_encoding.c +@@ -300,7 +300,7 @@ static CURLcode deflate_do_write(struct Curl_easy *data, + struct zlib_writer *zp = (struct zlib_writer *) writer; + z_stream *z = &zp->z; /* zlib state structure */ + +- if(!(type & CLIENTWRITE_BODY)) ++ if(!(type & CLIENTWRITE_BODY) || !nbytes) + return Curl_cwriter_write(data, writer->next, type, buf, nbytes); + + /* Set the compressed input when this function is called */ +@@ -457,7 +457,7 @@ static CURLcode gzip_do_write(struct Curl_easy *data, + struct zlib_writer *zp = (struct zlib_writer *) writer; + z_stream *z = &zp->z; /* zlib state structure */ + +- if(!(type & CLIENTWRITE_BODY)) ++ if(!(type & CLIENTWRITE_BODY) || !nbytes) + return Curl_cwriter_write(data, writer->next, type, buf, nbytes); + + if(zp->zlib_init == ZLIB_INIT_GZIP) { +@@ -669,7 +669,7 @@ static CURLcode brotli_do_write(struct Curl_easy *data, + CURLcode result = CURLE_OK; + BrotliDecoderResult r = BROTLI_DECODER_RESULT_NEEDS_MORE_OUTPUT; + +- if(!(type & CLIENTWRITE_BODY)) ++ if(!(type & CLIENTWRITE_BODY) || !nbytes) + return Curl_cwriter_write(data, writer->next, type, buf, nbytes); + + if(!bp->br) +@@ -762,7 +762,7 @@ static CURLcode zstd_do_write(struct Curl_easy *data, + ZSTD_outBuffer out; + size_t errorCode; + +- if(!(type & CLIENTWRITE_BODY)) ++ if(!(type & CLIENTWRITE_BODY) || !nbytes) + return Curl_cwriter_write(data, writer->next, type, buf, nbytes); + + if(!zp->decomp) { +@@ -916,7 +916,7 @@ static CURLcode error_do_write(struct Curl_easy *data, + (void) buf; + (void) nbytes; + +- if(!(type & CLIENTWRITE_BODY)) ++ if(!(type & CLIENTWRITE_BODY) || !nbytes) + return Curl_cwriter_write(data, writer->next, type, buf, nbytes); + + failf(data, "Unrecognized content encoding type. " +--- a/tests/http/test_02_download.py ++++ b/tests/http/test_02_download.py +@@ -394,6 +394,19 @@ def test_02_27_paused_no_cl(self, env: Env, httpd, nghttpx, repeat): + r = client.run(args=[url]) + r.check_exit_code(0) + ++ @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3']) ++ def test_02_28_get_compressed(self, env: Env, httpd, nghttpx, repeat, proto): ++ if proto == 'h3' and not env.have_h3(): ++ pytest.skip("h3 not supported") ++ count = 1 ++ urln = f'https://{env.authority_for(env.domain1brotli, proto)}/data-100k?[0-{count-1}]' ++ curl = CurlClient(env=env) ++ r = curl.http_download(urls=[urln], alpn_proto=proto, extra_args=[ ++ '--compressed' ++ ]) ++ r.check_exit_code(code=0) ++ r.check_response(count=count, http_status=200) ++ + def check_downloads(self, client, srcfile: str, count: int, + complete: bool = True): + for i in range(count): +--- a/tests/http/testenv/env.py ++++ b/tests/http/testenv/env.py +@@ -129,10 +129,11 @@ def __init__(self): + self.htdocs_dir = os.path.join(self.gen_dir, 'htdocs') + self.tld = 'http.curl.se' + self.domain1 = f"one.{self.tld}" ++ self.domain1brotli = f"brotli.one.{self.tld}" + self.domain2 = f"two.{self.tld}" + self.proxy_domain = f"proxy.{self.tld}" + self.cert_specs = [ +- CertificateSpec(domains=[self.domain1, 'localhost'], key_type='rsa2048'), ++ CertificateSpec(domains=[self.domain1, self.domain1brotli, 'localhost'], key_type='rsa2048'), + CertificateSpec(domains=[self.domain2], key_type='rsa2048'), + CertificateSpec(domains=[self.proxy_domain, '127.0.0.1'], key_type='rsa2048'), + CertificateSpec(name="clientsX", sub_specs=[ +@@ -376,6 +377,10 @@ def htdocs_dir(self) -> str: + def domain1(self) -> str: + return self.CONFIG.domain1 + ++ @property ++ def domain1brotli(self) -> str: ++ return self.CONFIG.domain1brotli ++ + @property + def domain2(self) -> str: + return self.CONFIG.domain2 +--- a/tests/http/testenv/httpd.py ++++ b/tests/http/testenv/httpd.py +@@ -50,6 +50,7 @@ class Httpd: + 'alias', 'env', 'filter', 'headers', 'mime', 'setenvif', + 'socache_shmcb', + 'rewrite', 'http2', 'ssl', 'proxy', 'proxy_http', 'proxy_connect', ++ 'brotli', + 'mpm_event', + ] + COMMON_MODULES_DIRS = [ +@@ -203,6 +204,7 @@ def _mkpath(self, path): + + def _write_config(self): + domain1 = self.env.domain1 ++ domain1brotli = self.env.domain1brotli + creds1 = self.env.get_credentials(domain1) + domain2 = self.env.domain2 + creds2 = self.env.get_credentials(domain2) +@@ -285,6 +287,24 @@ def _write_config(self): + f'</VirtualHost>', + f'', + ]) ++ # Alternate to domain1 with BROTLI compression ++ conf.extend([ # https host for domain1, h1 + h2 ++ f'<VirtualHost *:{self.env.https_port}>', ++ f' ServerName {domain1brotli}', ++ f' Protocols h2 http/1.1', ++ f' SSLEngine on', ++ f' SSLCertificateFile {creds1.cert_file}', ++ f' SSLCertificateKeyFile {creds1.pkey_file}', ++ f' DocumentRoot "{self._docs_dir}"', ++ f' SetOutputFilter BROTLI_COMPRESS', ++ ]) ++ conf.extend(self._curltest_conf(domain1)) ++ if domain1 in self._extra_configs: ++ conf.extend(self._extra_configs[domain1]) ++ conf.extend([ ++ f'</VirtualHost>', ++ f'', ++ ]) + conf.extend([ # https host for domain2, no h2 + f'<VirtualHost *:{self.env.https_port}>', + f' ServerName {domain2}', diff --git a/net-misc/curl/files/curl-8.7.1-http2-git-clone.patch b/net-misc/curl/files/curl-8.7.1-http2-git-clone.patch new file mode 100644 index 0000000..b07a3b0 --- /dev/null +++ b/net-misc/curl/files/curl-8.7.1-http2-git-clone.patch @@ -0,0 +1,342 @@ +https://bugs.gentoo.org/930633 +https://github.com/curl/curl/issues/13474 +--- a/lib/http2.c ++++ b/lib/http2.c +@@ -187,6 +187,7 @@ struct h2_stream_ctx { + + int status_code; /* HTTP response status code */ + uint32_t error; /* stream error code */ ++ CURLcode xfer_result; /* Result of writing out response */ + uint32_t local_window_size; /* the local recv window size */ + int32_t id; /* HTTP/2 protocol identifier for stream */ + BIT(resp_hds_complete); /* we have a complete, final response */ +@@ -945,12 +946,39 @@ fail: + return rv; + } + +-static CURLcode recvbuf_write_hds(struct Curl_cfilter *cf, ++static void h2_xfer_write_resp_hd(struct Curl_cfilter *cf, + struct Curl_easy *data, +- const char *buf, size_t blen) ++ struct h2_stream_ctx *stream, ++ const char *buf, size_t blen, bool eos) + { +- (void)cf; +- return Curl_xfer_write_resp(data, (char *)buf, blen, FALSE); ++ ++ /* If we already encountered an error, skip further writes */ ++ if(!stream->xfer_result) { ++ stream->xfer_result = Curl_xfer_write_resp(data, (char *)buf, blen, eos); ++ if(stream->xfer_result) ++ CURL_TRC_CF(data, cf, "[%d] error %d writing %zu bytes of headers", ++ stream->id, stream->xfer_result, blen); ++ } ++} ++ ++static void h2_xfer_write_resp(struct Curl_cfilter *cf, ++ struct Curl_easy *data, ++ struct h2_stream_ctx *stream, ++ const char *buf, size_t blen, bool eos) ++{ ++ ++ /* If we already encountered an error, skip further writes */ ++ if(!stream->xfer_result) ++ stream->xfer_result = Curl_xfer_write_resp(data, (char *)buf, blen, eos); ++ /* If the transfer write is errored, we do not want any more data */ ++ if(stream->xfer_result) { ++ struct cf_h2_ctx *ctx = cf->ctx; ++ CURL_TRC_CF(data, cf, "[%d] error %d writing %zu bytes of data, " ++ "RST-ing stream", ++ stream->id, stream->xfer_result, blen); ++ nghttp2_submit_rst_stream(ctx->h2, 0, stream->id, ++ NGHTTP2_ERR_CALLBACK_FAILURE); ++ } + } + + static CURLcode on_stream_frame(struct Curl_cfilter *cf, +@@ -960,7 +988,6 @@ static CURLcode on_stream_frame(struct Curl_cfilter *cf, + struct cf_h2_ctx *ctx = cf->ctx; + struct h2_stream_ctx *stream = H2_STREAM_CTX(data); + int32_t stream_id = frame->hd.stream_id; +- CURLcode result; + int rv; + + if(!stream) { +@@ -1008,9 +1035,7 @@ static CURLcode on_stream_frame(struct Curl_cfilter *cf, + stream->status_code = -1; + } + +- result = recvbuf_write_hds(cf, data, STRCONST("\r\n")); +- if(result) +- return result; ++ h2_xfer_write_resp_hd(cf, data, stream, STRCONST("\r\n"), stream->closed); + + if(stream->status_code / 100 != 1) { + stream->resp_hds_complete = TRUE; +@@ -1229,7 +1254,6 @@ static int on_data_chunk_recv(nghttp2_session *session, uint8_t flags, + struct cf_h2_ctx *ctx = cf->ctx; + struct h2_stream_ctx *stream; + struct Curl_easy *data_s; +- CURLcode result; + (void)flags; + + DEBUGASSERT(stream_id); /* should never be a zero stream ID here */ +@@ -1252,9 +1276,7 @@ static int on_data_chunk_recv(nghttp2_session *session, uint8_t flags, + if(!stream) + return NGHTTP2_ERR_CALLBACK_FAILURE; + +- result = Curl_xfer_write_resp(data_s, (char *)mem, len, FALSE); +- if(result && result != CURLE_AGAIN) +- return NGHTTP2_ERR_CALLBACK_FAILURE; ++ h2_xfer_write_resp(cf, data_s, stream, (char *)mem, len, FALSE); + + nghttp2_session_consume(ctx->h2, stream_id, len); + stream->nrcvd_data += (curl_off_t)len; +@@ -1465,16 +1487,12 @@ static int on_header(nghttp2_session *session, const nghttp2_frame *frame, + result = Curl_headers_push(data_s, buffer, CURLH_PSEUDO); + if(result) + return NGHTTP2_ERR_CALLBACK_FAILURE; +- result = recvbuf_write_hds(cf, data_s, STRCONST("HTTP/2 ")); +- if(result) +- return NGHTTP2_ERR_CALLBACK_FAILURE; +- result = recvbuf_write_hds(cf, data_s, (const char *)value, valuelen); +- if(result) +- return NGHTTP2_ERR_CALLBACK_FAILURE; ++ h2_xfer_write_resp_hd(cf, data_s, stream, STRCONST("HTTP/2 "), FALSE); ++ h2_xfer_write_resp_hd(cf, data_s, stream, ++ (const char *)value, valuelen, FALSE); + /* the space character after the status code is mandatory */ +- result = recvbuf_write_hds(cf, data_s, STRCONST(" \r\n")); +- if(result) +- return NGHTTP2_ERR_CALLBACK_FAILURE; ++ h2_xfer_write_resp_hd(cf, data_s, stream, STRCONST(" \r\n"), FALSE); ++ + /* if we receive data for another handle, wake that up */ + if(CF_DATA_CURRENT(cf) != data_s) + Curl_expire(data_s, 0, EXPIRE_RUN_NOW); +@@ -1487,18 +1505,13 @@ static int on_header(nghttp2_session *session, const nghttp2_frame *frame, + /* nghttp2 guarantees that namelen > 0, and :status was already + received, and this is not pseudo-header field . */ + /* convert to an HTTP1-style header */ +- result = recvbuf_write_hds(cf, data_s, (const char *)name, namelen); +- if(result) +- return NGHTTP2_ERR_CALLBACK_FAILURE; +- result = recvbuf_write_hds(cf, data_s, STRCONST(": ")); +- if(result) +- return NGHTTP2_ERR_CALLBACK_FAILURE; +- result = recvbuf_write_hds(cf, data_s, (const char *)value, valuelen); +- if(result) +- return NGHTTP2_ERR_CALLBACK_FAILURE; +- result = recvbuf_write_hds(cf, data_s, STRCONST("\r\n")); +- if(result) +- return NGHTTP2_ERR_CALLBACK_FAILURE; ++ h2_xfer_write_resp_hd(cf, data_s, stream, ++ (const char *)name, namelen, FALSE); ++ h2_xfer_write_resp_hd(cf, data_s, stream, STRCONST(": "), FALSE); ++ h2_xfer_write_resp_hd(cf, data_s, stream, ++ (const char *)value, valuelen, FALSE); ++ h2_xfer_write_resp_hd(cf, data_s, stream, STRCONST("\r\n"), FALSE); ++ + /* if we receive data for another handle, wake that up */ + if(CF_DATA_CURRENT(cf) != data_s) + Curl_expire(data_s, 0, EXPIRE_RUN_NOW); +@@ -1799,7 +1812,12 @@ static ssize_t stream_recv(struct Curl_cfilter *cf, struct Curl_easy *data, + + (void)buf; + *err = CURLE_AGAIN; +- if(stream->closed) { ++ if(stream->xfer_result) { ++ CURL_TRC_CF(data, cf, "[%d] xfer write failed", stream->id); ++ *err = stream->xfer_result; ++ nread = -1; ++ } ++ else if(stream->closed) { + CURL_TRC_CF(data, cf, "[%d] returning CLOSE", stream->id); + nread = http2_handle_stream_close(cf, data, stream, err); + } +--- a/lib/vquic/curl_ngtcp2.c ++++ b/lib/vquic/curl_ngtcp2.c +@@ -152,6 +152,7 @@ struct h3_stream_ctx { + uint64_t error3; /* HTTP/3 stream error code */ + curl_off_t upload_left; /* number of request bytes left to upload */ + int status_code; /* HTTP status code */ ++ CURLcode xfer_result; /* result from xfer_resp_write(_hd) */ + bool resp_hds_complete; /* we have a complete, final response */ + bool closed; /* TRUE on stream close */ + bool reset; /* TRUE on stream reset */ +@@ -759,10 +760,39 @@ static int cb_h3_stream_close(nghttp3_conn *conn, int64_t stream_id, + return 0; + } + +-static CURLcode write_resp_hds(struct Curl_easy *data, +- const char *buf, size_t blen) ++static void h3_xfer_write_resp_hd(struct Curl_cfilter *cf, ++ struct Curl_easy *data, ++ struct h3_stream_ctx *stream, ++ const char *buf, size_t blen, bool eos) + { +- return Curl_xfer_write_resp(data, (char *)buf, blen, FALSE); ++ ++ /* If we already encountered an error, skip further writes */ ++ if(!stream->xfer_result) { ++ stream->xfer_result = Curl_xfer_write_resp(data, (char *)buf, blen, eos); ++ if(stream->xfer_result) ++ CURL_TRC_CF(data, cf, "[%"PRId64"] error %d writing %zu " ++ "bytes of headers", stream->id, stream->xfer_result, blen); ++ } ++} ++ ++static void h3_xfer_write_resp(struct Curl_cfilter *cf, ++ struct Curl_easy *data, ++ struct h3_stream_ctx *stream, ++ const char *buf, size_t blen, bool eos) ++{ ++ ++ /* If we already encountered an error, skip further writes */ ++ if(!stream->xfer_result) ++ stream->xfer_result = Curl_xfer_write_resp(data, (char *)buf, blen, eos); ++ /* If the transfer write is errored, we do not want any more data */ ++ if(stream->xfer_result) { ++ struct cf_ngtcp2_ctx *ctx = cf->ctx; ++ CURL_TRC_CF(data, cf, "[%"PRId64"] error %d writing %zu bytes " ++ "of data, cancelling stream", ++ stream->id, stream->xfer_result, blen); ++ nghttp3_conn_close_stream(ctx->h3conn, stream->id, ++ NGHTTP3_H3_REQUEST_CANCELLED); ++ } + } + + static int cb_h3_recv_data(nghttp3_conn *conn, int64_t stream3_id, +@@ -773,7 +803,6 @@ static int cb_h3_recv_data(nghttp3_conn *conn, int64_t stream3_id, + struct cf_ngtcp2_ctx *ctx = cf->ctx; + struct Curl_easy *data = stream_user_data; + struct h3_stream_ctx *stream = H3_STREAM_CTX(data); +- CURLcode result; + + (void)conn; + (void)stream3_id; +@@ -781,12 +810,7 @@ static int cb_h3_recv_data(nghttp3_conn *conn, int64_t stream3_id, + if(!stream) + return NGHTTP3_ERR_CALLBACK_FAILURE; + +- result = Curl_xfer_write_resp(data, (char *)buf, blen, FALSE); +- if(result) { +- CURL_TRC_CF(data, cf, "[%" PRId64 "] DATA len=%zu, ERROR receiving %d", +- stream->id, blen, result); +- return NGHTTP3_ERR_CALLBACK_FAILURE; +- } ++ h3_xfer_write_resp(cf, data, stream, (char *)buf, blen, FALSE); + if(blen) { + CURL_TRC_CF(data, cf, "[%" PRId64 "] ACK %zu bytes of DATA", + stream->id, blen); +@@ -819,7 +843,6 @@ static int cb_h3_end_headers(nghttp3_conn *conn, int64_t stream_id, + struct Curl_cfilter *cf = user_data; + struct Curl_easy *data = stream_user_data; + struct h3_stream_ctx *stream = H3_STREAM_CTX(data); +- CURLcode result = CURLE_OK; + (void)conn; + (void)stream_id; + (void)fin; +@@ -828,10 +851,7 @@ static int cb_h3_end_headers(nghttp3_conn *conn, int64_t stream_id, + if(!stream) + return 0; + /* add a CRLF only if we've received some headers */ +- result = write_resp_hds(data, "\r\n", 2); +- if(result) { +- return -1; +- } ++ h3_xfer_write_resp_hd(cf, data, stream, STRCONST("\r\n"), stream->closed); + + CURL_TRC_CF(data, cf, "[%" PRId64 "] end_headers, status=%d", + stream_id, stream->status_code); +@@ -874,7 +894,7 @@ static int cb_h3_recv_header(nghttp3_conn *conn, int64_t stream_id, + ncopy = msnprintf(line, sizeof(line), "HTTP/3 %03d \r\n", + stream->status_code); + CURL_TRC_CF(data, cf, "[%" PRId64 "] status: %s", stream_id, line); +- result = write_resp_hds(data, line, ncopy); ++ h3_xfer_write_resp_hd(cf, data, stream, line, ncopy, FALSE); + if(result) { + return -1; + } +@@ -884,22 +904,12 @@ static int cb_h3_recv_header(nghttp3_conn *conn, int64_t stream_id, + CURL_TRC_CF(data, cf, "[%" PRId64 "] header: %.*s: %.*s", + stream_id, (int)h3name.len, h3name.base, + (int)h3val.len, h3val.base); +- result = write_resp_hds(data, (const char *)h3name.base, h3name.len); +- if(result) { +- return -1; +- } +- result = write_resp_hds(data, ": ", 2); +- if(result) { +- return -1; +- } +- result = write_resp_hds(data, (const char *)h3val.base, h3val.len); +- if(result) { +- return -1; +- } +- result = write_resp_hds(data, "\r\n", 2); +- if(result) { +- return -1; +- } ++ h3_xfer_write_resp_hd(cf, data, stream, ++ (const char *)h3name.base, h3name.len, FALSE); ++ h3_xfer_write_resp_hd(cf, data, stream, ": ", 2, FALSE); ++ h3_xfer_write_resp_hd(cf, data, stream, ( ++ const char *)h3val.base, h3val.len, FALSE); ++ h3_xfer_write_resp_hd(cf, data, stream, "\r\n", 2, FALSE); + } + return 0; + } +@@ -1083,7 +1093,13 @@ static ssize_t cf_ngtcp2_recv(struct Curl_cfilter *cf, struct Curl_easy *data, + goto out; + } + +- if(stream->closed) { ++ if(stream->xfer_result) { ++ CURL_TRC_CF(data, cf, "[%" PRId64 "] xfer write failed", stream->id); ++ *err = stream->xfer_result; ++ nread = -1; ++ goto out; ++ } ++ else if(stream->closed) { + nread = recv_closed_stream(cf, data, stream, err); + goto out; + } +--- a/tests/http/test_02_download.py ++++ b/tests/http/test_02_download.py +@@ -257,6 +257,34 @@ class TestDownload: + ]) + r.check_response(count=count, http_status=200) + ++ @pytest.mark.parametrize("proto", ['h2', 'h3']) ++ def test_02_14_not_found(self, env: Env, httpd, nghttpx, repeat, proto): ++ if proto == 'h3' and not env.have_h3(): ++ pytest.skip("h3 not supported") ++ if proto == 'h3' and env.curl_uses_lib('msh3'): ++ pytest.skip("msh3 stalls here") ++ count = 10 ++ urln = f'https://{env.authority_for(env.domain1, proto)}/not-found?[0-{count-1}]' ++ curl = CurlClient(env=env) ++ r = curl.http_download(urls=[urln], alpn_proto=proto, extra_args=[ ++ '--parallel' ++ ]) ++ r.check_stats(count=count, http_status=404, exitcode=0) ++ ++ @pytest.mark.parametrize("proto", ['h2', 'h3']) ++ def test_02_15_fail_not_found(self, env: Env, httpd, nghttpx, repeat, proto): ++ if proto == 'h3' and not env.have_h3(): ++ pytest.skip("h3 not supported") ++ if proto == 'h3' and env.curl_uses_lib('msh3'): ++ pytest.skip("msh3 stalls here") ++ count = 10 ++ urln = f'https://{env.authority_for(env.domain1, proto)}/not-found?[0-{count-1}]' ++ curl = CurlClient(env=env) ++ r = curl.http_download(urls=[urln], alpn_proto=proto, extra_args=[ ++ '--fail' ++ ]) ++ r.check_stats(count=count, http_status=404, exitcode=22) ++ + @pytest.mark.skipif(condition=Env().slow_network, reason="not suitable for slow network tests") + @pytest.mark.skipif(condition=Env().ci_run, reason="not suitable for CI runs") + def test_02_20_h2_small_frames(self, env: Env, httpd, repeat): + diff --git a/net-misc/curl/files/curl-8.7.1-rustls-fixes.patch b/net-misc/curl/files/curl-8.7.1-rustls-fixes.patch new file mode 100644 index 0000000..81bcb07 --- /dev/null +++ b/net-misc/curl/files/curl-8.7.1-rustls-fixes.patch @@ -0,0 +1,49 @@ +From a866b062b17ab94b16b817ab9969c561364a4d72 Mon Sep 17 00:00:00 2001 +From: Matt Jolly <Matt.Jolly@footclan.ninja> +Date: Mon, 1 Apr 2024 08:36:51 +1000 +Subject: [PATCH] m4: fix rustls builds + +This patch consolidates the following commits to do with rustls +detection using pkg-config: + +- https://github.com/curl/curl/commit/9c4209837094781d5eef69ae6bcad0e86b64bf99 +- https://github.com/curl/curl/commit/5a50cb5a18a141a463148562dab83fa3be1a3b90 +--- + m4/curl-rustls.m4 | 15 +++++++++++++++ + 1 file changed, 15 insertions(+) + +diff --git a/m4/curl-rustls.m4 b/m4/curl-rustls.m4 +index 7c55230..8082cf9 100644 +--- a/m4/curl-rustls.m4 ++++ b/m4/curl-rustls.m4 +@@ -142,6 +142,11 @@ if test "x$OPT_RUSTLS" != xno; then + LIBS="$SSL_LIBS $LIBS" + USE_RUSTLS="yes" + ssl_msg="rustls" ++ AC_DEFINE(USE_RUSTLS, 1, [if rustls is enabled]) ++ AC_SUBST(USE_RUSTLS, [1]) ++ USE_RUSTLS="yes" ++ RUSTLS_ENABLED=1 ++ test rustls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes + else + AC_MSG_ERROR([pkg-config: Could not find rustls]) + fi +@@ -174,5 +179,15 @@ if test "x$OPT_RUSTLS" != xno; then + fi + + test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg" ++ ++ if test X"$OPT_RUSTLS" != Xno && ++ test "$RUSTLS_ENABLED" != "1"; then ++ AC_MSG_NOTICE([OPT_RUSTLS: $OPT_RUSTLS]) ++ AC_MSG_NOTICE([RUSTLS_ENABLED: $RUSTLS_ENABLED]) ++ AC_MSG_ERROR([--with-rustls was given but Rustls could not be detected]) ++ fi + fi + ]) ++ ++ ++RUSTLS_ENABLED +-- +2.44.0 + diff --git a/net-misc/curl/files/curl-8.8.0-install-manpage.patch b/net-misc/curl/files/curl-8.8.0-install-manpage.patch new file mode 100644 index 0000000..f58ddae --- /dev/null +++ b/net-misc/curl/files/curl-8.8.0-install-manpage.patch @@ -0,0 +1,22 @@ +https://patch-diff.githubusercontent.com/raw/curl/curl/pull/13741 +From: Daniel Stenberg <dan...@haxx.se> +Date: Wed, 22 May 2024 08:43:43 +0200 +Subject: [PATCH] docs/Makefile.am: make curl-config.1 install + +on "make install" like it should +--- + docs/Makefile.am | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/docs/Makefile.am b/docs/Makefile.am +index 83f5b0c461cc0f..e9ef6284860555 100644 +--- a/docs/Makefile.am ++++ b/docs/Makefile.am +@@ -28,6 +28,7 @@ if BUILD_DOCS + # if we disable man page building, ignore these + MK_CA_DOCS = mk-ca-bundle.1 + CURLCONF_DOCS = curl-config.1 ++man_MANS = curl-config.1 + endif + + CURLPAGES = curl-config.md mk-ca-bundle.md diff --git a/net-misc/curl/files/curl-8.8.0-mbedtls.patch b/net-misc/curl/files/curl-8.8.0-mbedtls.patch new file mode 100644 index 0000000..8fa4d6e --- /dev/null +++ b/net-misc/curl/files/curl-8.8.0-mbedtls.patch @@ -0,0 +1,42 @@ +https://github.com/curl/curl/pull/13749 +From: Stefan Eissing <ste...@eissing.org> +Date: Wed, 22 May 2024 14:44:56 +0200 +Subject: [PATCH] mbedtls, check version for cipher id + +- mbedtls_ssl_get_ciphersuite_id_from_ssl() seems to have + been added in mbedtls 3.2.0. Check for that version. +--- a/lib/vtls/mbedtls.c ++++ b/lib/vtls/mbedtls.c +@@ -902,8 +902,6 @@ mbed_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) + (struct mbed_ssl_backend_data *)connssl->backend; + struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); + const mbedtls_x509_crt *peercert; +- char cipher_str[64]; +- uint16_t cipher_id; + #ifndef CURL_DISABLE_PROXY + const char * const pinnedpubkey = Curl_ssl_cf_is_proxy(cf)? + data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY]: +@@ -932,11 +930,18 @@ mbed_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) + return CURLE_SSL_CONNECT_ERROR; + } + +- cipher_id = (uint16_t) +- mbedtls_ssl_get_ciphersuite_id_from_ssl(&backend->ssl); +- mbed_cipher_suite_get_str(cipher_id, cipher_str, sizeof(cipher_str), true); +- infof(data, "mbedTLS: Handshake complete, cipher is %s", cipher_str); +- ++#if MBEDTLS_VERSION_NUMBER >= 0x03020000 ++ { ++ char cipher_str[64]; ++ uint16_t cipher_id; ++ cipher_id = (uint16_t) ++ mbedtls_ssl_get_ciphersuite_id_from_ssl(&backend->ssl); ++ mbed_cipher_suite_get_str(cipher_id, cipher_str, sizeof(cipher_str), true); ++ infof(data, "mbedTLS: Handshake complete, cipher is %s", cipher_str); ++ } ++#else ++ infof(data, "mbedTLS: Handshake complete"); ++#endif + ret = mbedtls_ssl_get_verify_result(&backend->ssl); + + if(!conn_config->verifyhost) diff --git a/net-misc/curl/files/curl-8.8.0-multi_wait-timeout.patch b/net-misc/curl/files/curl-8.8.0-multi_wait-timeout.patch new file mode 100644 index 0000000..38d8c1b --- /dev/null +++ b/net-misc/curl/files/curl-8.8.0-multi_wait-timeout.patch @@ -0,0 +1,75 @@ +https://github.com/curl/curl/pull/13825 +From: Stefan Eissing <ste...@eissing.org> +Date: Wed, 29 May 2024 17:13:34 +0200 +Subject: [PATCH] fix multi_wait() timeout handling + +- determine the actual poll timeout *after* all sockets + have been collected. Protocols and connection filters may + install new timeouts during collection. +- add debug logging to test1533 where the mistake was noticed +- refs #13782 +--- a/lib/multi.c ++++ b/lib/multi.c +@@ -1366,13 +1366,6 @@ static CURLMcode multi_wait(struct Curl_multi *multi, + if(timeout_ms < 0) + return CURLM_BAD_FUNCTION_ARGUMENT; + +- /* If the internally desired timeout is actually shorter than requested from +- the outside, then use the shorter time! But only if the internal timer +- is actually larger than -1! */ +- (void)multi_timeout(multi, &timeout_internal); +- if((timeout_internal >= 0) && (timeout_internal < (long)timeout_ms)) +- timeout_ms = (int)timeout_internal; +- + memset(ufds, 0, ufds_len * sizeof(struct pollfd)); + memset(&ps, 0, sizeof(ps)); + +@@ -1476,6 +1469,14 @@ static CURLMcode multi_wait(struct Curl_multi *multi, + #endif + #endif + ++ /* We check the internal timeout *AFTER* we collected all sockets to ++ * poll. Collecting the sockets may install new timers by protocols ++ * and connection filters. ++ * Use the shorter one of the internal and the caller requested timeout. */ ++ (void)multi_timeout(multi, &timeout_internal); ++ if((timeout_internal >= 0) && (timeout_internal < (long)timeout_ms)) ++ timeout_ms = (int)timeout_internal; ++ + #if defined(ENABLE_WAKEUP) && defined(USE_WINSOCK) + if(nfds || use_wakeup) { + #else +--- a/tests/libtest/Makefile.inc ++++ b/tests/libtest/Makefile.inc +@@ -487,7 +487,7 @@ lib1551_SOURCES = lib1551.c $(SUPPORTFILES) + lib1552_SOURCES = lib1552.c $(SUPPORTFILES) $(TESTUTIL) + lib1552_LDADD = $(TESTUTIL_LIBS) + +-lib1553_SOURCES = lib1553.c $(SUPPORTFILES) $(TESTUTIL) ++lib1553_SOURCES = lib1553.c $(SUPPORTFILES) $(TSTTRACE) $(TESTUTIL) + lib1553_LDADD = $(TESTUTIL_LIBS) + + lib1554_SOURCES = lib1554.c $(SUPPORTFILES) +--- a/tests/libtest/lib1553.c ++++ b/tests/libtest/lib1553.c +@@ -24,6 +24,7 @@ + #include "test.h" + + #include "testutil.h" ++#include "testtrace.h" + #include "warnless.h" + #include "memdebug.h" + +@@ -74,6 +75,12 @@ CURLcode test(char *URL) + easy_setopt(curls, CURLOPT_XFERINFOFUNCTION, xferinfo); + easy_setopt(curls, CURLOPT_NOPROGRESS, 1L); + ++ libtest_debug_config.nohex = 1; ++ libtest_debug_config.tracetime = 1; ++ test_setopt(curls, CURLOPT_DEBUGDATA, &libtest_debug_config); ++ easy_setopt(curls, CURLOPT_DEBUGFUNCTION, libtest_debug_cb); ++ easy_setopt(curls, CURLOPT_VERBOSE, 1L); ++ + multi_add_handle(multi, curls); + + multi_perform(multi, &still_running); diff --git a/net-misc/curl/files/curl-8.9.1-sigpipe.patch b/net-misc/curl/files/curl-8.9.1-sigpipe.patch new file mode 100644 index 0000000..d308fc4 --- /dev/null +++ b/net-misc/curl/files/curl-8.9.1-sigpipe.patch @@ -0,0 +1,26 @@ +https://github.com/curl/curl/commit/3eec5afbd0b6377eca893c392569b2faf094d970 +From: Daniel Stenberg <dan...@haxx.se> +Date: Mon, 5 Aug 2024 00:17:17 +0200 +Subject: [PATCH] sigpipe: init the struct so that first apply ignores + +Initializes 'no_signal' to TRUE, so that a call to sigpipe_apply() after +init ignores the signal (unless CURLOPT_NOSIGNAL) is set. + +I have read the existing code multiple times now and I think it gets the +initial state reversed this missing to ignore. + +Regression from 17e6f06ea37136c36d27 + +Reported-by: Rasmus Thomsen +Fixes #14344 +Closes #14390 +--- a/lib/sigpipe.h ++++ b/lib/sigpipe.h +@@ -39,6 +39,7 @@ struct sigpipe_ignore { + static void sigpipe_init(struct sigpipe_ignore *ig) + { + memset(ig, 0, sizeof(*ig)); ++ ig->no_signal = TRUE; + } + + /* diff --git a/net-misc/curl/files/curl-prefix-2.patch b/net-misc/curl/files/curl-prefix-2.patch new file mode 100644 index 0000000..0372038 --- /dev/null +++ b/net-misc/curl/files/curl-prefix-2.patch @@ -0,0 +1,34 @@ +From a3033ee39f2cc43cb17386b23cb304b010c2c96f Mon Sep 17 00:00:00 2001 +From: Matt Jolly <Matt.Jolly@footclan.ninja> +Date: Wed, 22 May 2024 16:18:51 +1000 +Subject: [PATCH] Update prefix patch for 8.8.0 + +--- + curl-config.in | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/curl-config.in b/curl-config.in +index 085bb1e..c0bc6ce 100644 +--- a/curl-config.in ++++ b/curl-config.in +@@ -145,7 +145,7 @@ while test "$#" -gt 0; do + else + CPPFLAG_CURL_STATICLIB="" + fi +- if test "X@includedir@" = "X/usr/include"; then ++ if test "X@includedir@" = "X@GENTOO_PORTAGE_EPREFIX@/usr/include"; then + echo "${CPPFLAG_CURL_STATICLIB}" + else + echo "${CPPFLAG_CURL_STATICLIB}-I@includedir@" +@@ -153,7 +153,7 @@ while test "$#" -gt 0; do + ;; + + --libs) +- if test "X@libdir@" != "X/usr/lib" -a "X@libdir@" != "X/usr/lib64"; then ++ if test "X@libdir@" != "X@GENTOO_PORTAGE_EPREFIX@/usr/lib" -a "X@libdir@" != "X@GENTOO_PORTAGE_EPREFIX@/usr/lib64"; then + CURLLIBDIR="-L@libdir@ " + else + CURLLIBDIR="" +-- +2.45.0 + diff --git a/net-misc/curl/files/curl-prefix.patch b/net-misc/curl/files/curl-prefix.patch new file mode 100644 index 0000000..fd495c4 --- /dev/null +++ b/net-misc/curl/files/curl-prefix.patch @@ -0,0 +1,21 @@ +diff -Naur curl-7.30.0.orig/curl-config.in curl-7.30.0/curl-config.in +--- curl-7.30.0.orig/curl-config.in 2013-02-06 09:44:37.000000000 -0500 ++++ curl-7.30.0/curl-config.in 2013-04-17 18:43:56.000000000 -0400 +@@ -134,7 +134,7 @@ + else + CPPFLAG_CURL_STATICLIB="" + fi +- if test "X@includedir@" = "X/usr/include"; then ++ if test "X@includedir@" = "X@GENTOO_PORTAGE_EPREFIX@/usr/include"; then + echo "$CPPFLAG_CURL_STATICLIB" + else + echo "${CPPFLAG_CURL_STATICLIB}-I@includedir@" +@@ -142,7 +142,7 @@ + ;; + + --libs) +- if test "X@libdir@" != "X/usr/lib" -a "X@libdir@" != "X/usr/lib64"; then ++ if test "X@libdir@" != "X@GENTOO_PORTAGE_EPREFIX@/usr/lib" -a "X@libdir@" != "X@GENTOO_PORTAGE_EPREFIX@/usr/lib64"; then + CURLLIBDIR="-L@libdir@ " + else + CURLLIBDIR="" diff --git a/net-misc/curl/files/curl-respect-cflags-3.patch b/net-misc/curl/files/curl-respect-cflags-3.patch new file mode 100644 index 0000000..4a4a614 --- /dev/null +++ b/net-misc/curl/files/curl-respect-cflags-3.patch @@ -0,0 +1,14 @@ +diff --git a/configure.ac b/configure.ac +index e9b49c7..e374ab6 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -280,9 +280,6 @@ dnl ********************************************************************** + + CURL_CHECK_COMPILER + CURL_SET_COMPILER_BASIC_OPTS +-CURL_SET_COMPILER_DEBUG_OPTS +-CURL_SET_COMPILER_OPTIMIZE_OPTS +-CURL_SET_COMPILER_WARNING_OPTS + + if test "$compiler_id" = "INTEL_UNIX_C"; then + # diff --git a/net-misc/curl/metadata.xml b/net-misc/curl/metadata.xml new file mode 100644 index 0000000..884608c --- /dev/null +++ b/net-misc/curl/metadata.xml @@ -0,0 +1,44 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd";> +<pkgmetadata> + <maintainer type="person"> + <email>kan...@gentoo.org</email> + <name>Matt Jolly</name> + </maintainer> + <maintainer type="project"> + <email>base-sys...@gentoo.org</email> + <name>Gentoo Base System</name> + </maintainer> + <use> + <flag name="alt-svc">Enable alt-svc support</flag> + <flag name="ftp">Enable FTP support</flag> + <flag name="gnutls">Enable gnutls ssl backend</flag> + <flag name="gopher">Enable Gopher protocol support</flag> + <flag name="hsts">Enable HTTP Strict Transport Security</flag> + <flag name="imap">Enable Internet Message Access Protocol support</flag> + <flag name="mbedtls">Enable mbedtls ssl backend</flag> + <flag name="nghttp3">Enable HTTP/3 support using <pkg>net-libs/nghttp3</pkg></flag> + <flag name="http3">Enable HTTP/3 support</flag> + <flag name="openssl">Enable openssl ssl backend</flag> + <flag name="pop3">Enable Post Office Protocol 3 support</flag> + <flag name="progress-meter">Enable the progress meter</flag> + <flag name="psl">Enable Public Suffix List (PSL) support. See https://daniel.haxx.se/blog/2024/01/10/psl-in-curl/.</flag> + <flag name="quic">Enable support for QUIC (RFC 9000); a UDP-based protocol intended to replace TCP</flag> + <flag name="rtmp">Enable RTMP Streaming Media support</flag> + <flag name="rustls">Enable Rustls ssl backend</flag> + <flag name="smtp">Enable Simple Mail Transfer Protocol support</flag> + <flag name="ssh">Enable SSH urls in curl using libssh2</flag> + <flag name="ssl">Enable crypto engine support (via openssl if USE='-gnutls -nss')</flag> + <flag name="sslv3">Support for the old/insecure SSLv3 protocol</flag> + <flag name="telnet">Enable Telnet protocol support</flag> + <flag name="tftp">Enable TFTP support</flag> + <flag name="websockets">Enable websockets support</flag> + </use> + <upstream> + <remote-id type="cpe">cpe:/a:curl:curl</remote-id> + <remote-id type="cpe">cpe:/a:curl:libcurl</remote-id> + <remote-id type="cpe">cpe:/a:haxx:curl</remote-id> + <remote-id type="cpe">cpe:/a:haxx:libcurl</remote-id> + <remote-id type="github">curl/curl</remote-id> + </upstream> +</pkgmetadata>
