commit: 8053e78f154e174b5a1b8192fa7b3182a36b1534 Author: Matt Jolly <kangie <AT> gentoo <DOT> org> AuthorDate: Thu Sep 18 06:27:48 2025 +0000 Commit: Matt Jolly <kangie <AT> gentoo <DOT> org> CommitDate: Thu Sep 18 06:30:40 2025 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8053e78f
net-misc/curl: drop 8.12.1, 8.13.0-r1 Signed-off-by: Matt Jolly <kangie <AT> gentoo.org> net-misc/curl/Manifest | 4 - net-misc/curl/curl-8.12.1.ebuild | 386 ------------------ net-misc/curl/curl-8.13.0-r1.ebuild | 448 --------------------- .../files/curl-8.13.0-gssapi-non-ssl-build.patch | 28 -- .../curl-8.13.0-hostip-correct-proxy-name.patch | 46 --- .../curl-8.13.0-http2-stream-window-size.patch | 143 ------- .../files/curl-8.13.0-httpsrr-target-check.patch | 22 - net-misc/curl/files/curl-8.13.0-krb5-ftp.patch | 19 - .../curl-8.13.0-openssl-quic-stream-shutdown.patch | 44 -- net-misc/curl/metadata.xml | 2 - 10 files changed, 1142 deletions(-) diff --git a/net-misc/curl/Manifest b/net-misc/curl/Manifest index 4b4076cb267c..7ce5cf50377b 100644 --- a/net-misc/curl/Manifest +++ b/net-misc/curl/Manifest @@ -1,7 +1,3 @@ -DIST curl-8.12.1.tar.xz 2768160 BLAKE2B 2b3e3d91041881c0951ad470736266105d3b9720440b808fe382baa493a30075aba52eb1d329fb1f148e27cd76290d82e121e7f4abf695f215456a10e26ade3e SHA512 88915468fa1bb7256e3dd6c9d058ada6894faa1e3e7800c7d9bfee3e8be4081ae57e7f2bf260c5342b709499fc4302ddc2d7864e25bfa3300fa07f118a3de603 -DIST curl-8.12.1.tar.xz.asc 488 BLAKE2B 2a6563609c9f7ada84ca2c7048ad9406809eef4cc958760d2ab3d1b7be58d26247e579bd025870609e80ebb00295026aae30614b84e3a81bdf3ed3dbd0f5ed70 SHA512 41fc5582935090d13940d86974fdea3ea901dd5dab156c16029a87f811d2535172c59dc8dc366f2ffc37bcf85accbecb5aa765bc7b83c2991a3ef402bf25af69 -DIST curl-8.13.0.tar.xz 2773628 BLAKE2B 6869634ad50f015d5c7526699034d5a3f27d9588bc32eacc8080dbd6c690f63b1f25cee40d3fdf8fd9dd8535c305ea9c5edf1d5a02bc6d9ce60fd8c88230aca0 SHA512 d266e460f162ee455b56726e5b7247b2d1aa5265ae12081513fc0c5c79e785a594097bc71d505dc9bcd2c2f6f1ff6f4bab9dbd9d120bb76d06c5be8521a8ca7d -DIST curl-8.13.0.tar.xz.asc 488 BLAKE2B bd568ec32a44ef7c14c38e4830bcc7711dac726e950325292f1e5de76e619839685300c5afac32330127324327e71ce0d6e574f6e95bcc4a48957345152bc86a SHA512 07f79c7fd7c305c96e10a5f52797254aed7d2a1f3577c8626b8d617855ceb82634ac6787bfa0b7130a4ed72c3a9945d3c9ba5b7be54df8bafa07ded1c62ef2be DIST curl-8.14.1.tar.xz 2817248 BLAKE2B 4ce2277d143084823855b714e86047a94d4c52a686b8d16d9ab76c31168f1a74d63dfa7608cff36706a8a0b9bf9cc611a9b99860b176a227bca580cd95e9cff2 SHA512 7f6eae04cc23c50fc41d448aa28dfa59141018009e42c5b1e3f4e0d40c0633460b4e6eec05dfc290f7953671096abfa70a8b5443fccdd3f1be6be32ac10b31d9 DIST curl-8.14.1.tar.xz.asc 488 BLAKE2B f664f526dbffa0a1af2b28f51982445f7d9064b3c3b3e6dd04322003db22da2acde5d493c80204b36a9219d42959543c5a0aee47f2365eb713490ff2fc5f475f SHA512 663b1652bb27338310d1475a8b0422f04e68fca74be11a4b7120de948af4fc0c2b08b75ce5372d657aa89504a27b36b937b5091cb2d932297a7490d5e390d99f DIST curl-8.15.0.tar.xz 2773156 BLAKE2B ae809be87f34d079413129c27e618a6d15c2bf9087fd7e679cefe9b6d8645f0dd092e8c3e1f62b7bd0dffdd0b77e0bc5ac031ffce4e50060ec20b280618c8e68 SHA512 d27e316d70973906ac4b8d2c280f7e99b7528966aa1220c13a38ed45fca2ed6bbde54b8a9d7bed9e283171b92edb621f7b95162ef7d392e6383b0ee469de3191 diff --git a/net-misc/curl/curl-8.12.1.ebuild b/net-misc/curl/curl-8.12.1.ebuild deleted file mode 100644 index 0fd4d01a6676..000000000000 --- a/net-misc/curl/curl-8.12.1.ebuild +++ /dev/null @@ -1,386 +0,0 @@ -# Copyright 1999-2025 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -# Maintainers should subscribe to the 'curl-distros' ML for backports etc -# https://daniel.haxx.se/blog/2024/03/25/curl-distro-report/ -# https://lists.haxx.se/listinfo/curl-distros - -VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/danielstenberg.asc -inherit autotools multilib-minimal multiprocessing prefix toolchain-funcs verify-sig - -DESCRIPTION="A Client that groks URLs" -HOMEPAGE="https://curl.se/" - -if [[ ${PV} == 9999 ]]; then - inherit git-r3 - EGIT_REPO_URI="https://github.com/curl/curl.git" -else - SRC_URI=" - https://curl.se/download/${P}.tar.xz - verify-sig? ( https://curl.se/download/${P}.tar.xz.asc ) - " - KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" -fi - -LICENSE="BSD curl ISC test? ( BSD-4 )" -SLOT="0" -IUSE="+adns +alt-svc brotli debug +ftp gnutls gopher +hsts +http2 +http3 idn +imap kerberos ldap mbedtls +openssl +pop3" -IUSE+=" +psl +progress-meter +quic rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp +websockets zstd" -# These select the default tls implementation / which quic impl to use -IUSE+=" +curl_quic_openssl curl_quic_ngtcp2 curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls" -RESTRICT="!test? ( test )" - -# Only one default ssl / quic provider can be enabled -# The default provider needs its USE satisfied -# HTTP/3 and MultiSSL are mutually exclusive; it's not clear if MultiSSL offers any benefit at all in the modern day. -# https://github.com/curl/curl/commit/65ece771f4602107d9cdd339dff4b420280a2c2e -REQUIRED_USE=" - quic? ( - ^^ ( - curl_quic_openssl - curl_quic_ngtcp2 - ) - http3 - ssl - ) - ssl? ( - ^^ ( - curl_ssl_gnutls - curl_ssl_mbedtls - curl_ssl_openssl - curl_ssl_rustls - ) - ) - curl_quic_openssl? ( - curl_ssl_openssl - !gnutls - !mbedtls - !rustls - ) - curl_quic_ngtcp2? ( - curl_ssl_gnutls - !mbedtls - !openssl - !rustls - ) - curl_ssl_gnutls? ( gnutls ) - curl_ssl_mbedtls? ( mbedtls ) - curl_ssl_openssl? ( openssl ) - curl_ssl_rustls? ( rustls ) - http3? ( alt-svc quic ) -" - -# cURL's docs and CI/CD are great resources for confirming supported versions -# particulary for fast-moving targets like HTTP/2 and TCP/2 e.g.: -# - https://github.com/curl/curl/blob/master/docs/INTERNALS.md (core dependencies + minimum versions) -# - https://github.com/curl/curl/blob/master/docs/HTTP3.md (example of a feature that moves quickly) -# - https://github.com/curl/curl/blob/master/.github/workflows/http3-linux.yml (CI/CD for TCP/2) -# However 'supported' vs 'works' are two entirely different things; be sane but -# don't be afraid to require a later version. -# ngtcp2 = https://bugs.gentoo.org/912029 - can only build with one tls backend at a time. -RDEPEND=" - >=sys-libs/zlib-1.1.4[${MULTILIB_USEDEP}] - adns? ( >=net-dns/c-ares-1.16.0:=[${MULTILIB_USEDEP}] ) - brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] ) - http2? ( >=net-libs/nghttp2-1.15.0:=[${MULTILIB_USEDEP}] ) - http3? ( >=net-libs/nghttp3-1.1.0[${MULTILIB_USEDEP}] ) - idn? ( >=net-dns/libidn2-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] ) - kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] ) - ldap? ( >=net-nds/openldap-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] ) - psl? ( net-libs/libpsl[${MULTILIB_USEDEP}] ) - quic? ( - curl_quic_openssl? ( >=dev-libs/openssl-3.3.0:=[quic,${MULTILIB_USEDEP}] ) - curl_quic_ngtcp2? ( >=net-libs/ngtcp2-1.2.0[gnutls,ssl,-openssl,${MULTILIB_USEDEP}] ) - ) - rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] ) - ssh? ( >=net-libs/libssh2-1.0.0[${MULTILIB_USEDEP}] ) - ssl? ( - gnutls? ( - app-misc/ca-certificates - >=net-libs/gnutls-3.1.10:=[static-libs?,${MULTILIB_USEDEP}] - dev-libs/nettle:=[${MULTILIB_USEDEP}] - ) - mbedtls? ( - app-misc/ca-certificates - net-libs/mbedtls:0=[${MULTILIB_USEDEP}] - ) - openssl? ( - >=dev-libs/openssl-0.9.7:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}] - ) - rustls? ( - >=net-libs/rustls-ffi-0.14.0:=[${MULTILIB_USEDEP}] - ) - ) - zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] ) -" - -DEPEND="${RDEPEND}" - -BDEPEND=" - dev-lang/perl - virtual/pkgconfig - test? ( - sys-apps/diffutils - http2? ( >=net-libs/nghttp2-1.15.0:=[utils,${MULTILIB_USEDEP}] ) - http3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] ) - ) - verify-sig? ( sec-keys/openpgp-keys-danielstenberg ) -" - -DOCS=( README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} ) - -MULTILIB_WRAPPED_HEADERS=( - /usr/include/curl/curlbuild.h -) - -MULTILIB_CHOST_TOOLS=( - /usr/bin/curl-config -) - -QA_CONFIG_IMPL_DECL_SKIP=( - __builtin_available - closesocket - CloseSocket - getpass_r - ioctlsocket - IoctlSocket - mach_absolute_time - setmode - _fseeki64 - # custom AC_LINK_IFELSE code fails to link even without -Werror - OSSL_QUIC_client_method -) - -PATCHES=( - "${FILESDIR}/${PN}-prefix-4.patch" - "${FILESDIR}/${PN}-respect-cflags-3.patch" -) - -src_prepare() { - default - - eprefixify curl-config.in - eautoreconf -} - -multilib_src_configure() { - # We make use of the fact that later flags override earlier ones - # So start with all ssl providers off until proven otherwise - # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/) - local myconf=() - - myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt ) - if use ssl; then - myconf+=( --without-gnutls --without-mbedtls --without-rustls ) - - if use gnutls; then - multilib_is_native_abi && einfo "SSL provided by gnutls" - myconf+=( --with-gnutls ) - fi - if use mbedtls; then - multilib_is_native_abi && einfo "SSL provided by mbedtls" - myconf+=( --with-mbedtls ) - fi - if use openssl; then - multilib_is_native_abi && einfo "SSL provided by openssl" - myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs ) - fi - if use rustls; then - multilib_is_native_abi && einfo "SSL provided by rustls" - myconf+=( --with-rustls ) - fi - if use curl_ssl_gnutls; then - multilib_is_native_abi && einfo "Default SSL provided by gnutls" - myconf+=( --with-default-ssl-backend=gnutls ) - elif use curl_ssl_mbedtls; then - multilib_is_native_abi && einfo "Default SSL provided by mbedtls" - myconf+=( --with-default-ssl-backend=mbedtls ) - elif use curl_ssl_openssl; then - multilib_is_native_abi && einfo "Default SSL provided by openssl" - myconf+=( --with-default-ssl-backend=openssl ) - elif use curl_ssl_rustls; then - multilib_is_native_abi && einfo "Default SSL provided by rustls" - myconf+=( --with-default-ssl-backend=rustls ) - else - eerror "We can't be here because of REQUIRED_USE." - die "Please file a bug, hit impossible condition w/ USE=ssl handling." - fi - - else - myconf+=( --without-ssl ) - einfo "SSL disabled" - fi - - # These configuration options are organized alphabetically - # within each category. This should make it easier if we - # ever decide to make any of them contingent on USE flags: - # 1) protocols first. To see them all do - # 'grep SUPPORT_PROTOCOLS configure.ac' - # 2) --enable/disable options second. - # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort - # 3) --with/without options third. - # grep -- --with configure | grep Check | awk '{ print $4 }' | sort - - myconf+=( - $(use_enable alt-svc) - --enable-basic-auth - --enable-bearer-auth - --enable-digest-auth - --enable-kerberos-auth - --enable-negotiate-auth - --enable-aws - --enable-dict - --disable-ech - --enable-file - $(use_enable ftp) - $(use_enable gopher) - $(use_enable hsts) - --enable-http - $(use_enable imap) - $(use_enable ldap) - $(use_enable ldap ldaps) - --enable-ntlm - $(use_enable pop3) - --enable-rt - --enable-rtsp - $(use_enable samba smb) - $(use_with ssh libssh2) - $(use_enable smtp) - $(use_enable telnet) - $(use_enable tftp) - --enable-tls-srp - $(use_enable adns ares) - --enable-cookies - --enable-dateparse - --enable-dnsshuffle - --enable-doh - --enable-symbol-hiding - --enable-http-auth - --enable-ipv6 - --enable-largefile - --enable-manual - --enable-mime - --enable-netrc - $(use_enable progress-meter) - --enable-proxy - --enable-socketpair - --disable-sspi - $(use_enable static-libs static) - --disable-versioned-symbols - --without-amissl - --without-bearssl - $(use_with brotli) - --with-fish-functions-dir="${EPREFIX}"/usr/share/fish/vendor_completions.d - $(use_with http2 nghttp2) - $(use_with idn libidn2) - $(use_with kerberos gssapi "${EPREFIX}"/usr) - --without-libgsasl - $(use_with psl libpsl) - --without-msh3 - $(use_with http3 nghttp3) - $(use_with curl_quic_ngtcp2 ngtcp2) - $(use_with curl_quic_openssl openssl-quic) - --without-quiche - $(use_with rtmp librtmp) - --without-schannel - --without-secure-transport - --without-test-caddy - --without-test-httpd - --without-test-nghttpx - $(use_enable websockets) - --without-winidn - --without-wolfssl - --with-zlib - $(use_with zstd) - --with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions - ) - - if use debug; then - myconf+=( - --enable-debug - ) - fi - - if use test && multilib_is_native_abi && ( use http2 || use http3 ); then - myconf+=( - --with-test-nghttpx="${BROOT}/usr/bin/nghttpx" - ) - fi - - # Since 8.12.0 adns/c-ares and the threaded resolver are mutually exclusive - # This is in support of some work to enable `httpsrr` to use adns and the rest - # of curl to use the threaded resolver; we'll just make `httpsrr` conditional on adns - # when the time comes. - if use adns; then - myconf+=( - --disable-threaded-resolver - ) - else - myconf+=( - --enable-threaded-resolver - ) - fi - - ECONF_SOURCE="${S}" econf "${myconf[@]}" - - if ! multilib_is_native_abi; then - # Avoid building the client (we just want libcurl for multilib) - sed -i -e '/SUBDIRS/s:src::' Makefile || die - sed -i -e '/SUBDIRS/s:scripts::' Makefile || die - fi - -} - -multilib_src_compile() { - default - - if multilib_is_native_abi; then - # Shell completions - ! tc-is-cross-compiler && emake -C scripts - fi -} - -# There is also a pytest harness that tests for bugs in some very specific -# situations; we can rely on upstream for this rather than adding additional test deps. -multilib_src_test() { - # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721 - # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches) - # -v: verbose - # -a: keep going on failure (so we see everything that breaks, not just 1st test) - # -k: keep test files after completion - # -am: automake style TAP output - # -p: print logs if test fails - # Note: if needed, we can skip specific tests. See e.g. Fedora's packaging - # or just read https://github.com/curl/curl/tree/master/tests#run. - # Note: we don't run the testsuite for cross-compilation. - # Upstream recommend 7*nproc as a starting point for parallel tests, but - # this ends up breaking when nproc is huge (like -j80). - # The network sandbox causes tests 241 and 1083 to fail; these are typically skipped - # as most gentoo users don't have an 'ip6-localhost' - multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p -j$((2*$(makeopts_jobs))) !241 !1083" -} - -multilib_src_install() { - emake DESTDIR="${D}" install - - if multilib_is_native_abi; then - # Shell completions - ! tc-is-cross-compiler && emake -C scripts DESTDIR="${D}" install - fi -} - -multilib_src_install_all() { - einstalldocs - find "${ED}" -type f -name '*.la' -delete || die - rm -rf "${ED}"/etc/ || die -} - -pkg_postinst() { - if use debug; then - ewarn "USE=debug has been selected, enabling debug codepaths and making cURL extra verbose." - ewarn "Use this _only_ for testing. Debug builds should _not_ be used in anger." - ewarn "hic sunt dracones; you have been warned." - fi -} diff --git a/net-misc/curl/curl-8.13.0-r1.ebuild b/net-misc/curl/curl-8.13.0-r1.ebuild deleted file mode 100644 index d5551349f325..000000000000 --- a/net-misc/curl/curl-8.13.0-r1.ebuild +++ /dev/null @@ -1,448 +0,0 @@ -# Copyright 1999-2025 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -# Maintainers should subscribe to the 'curl-distros' ML for backports etc -# https://daniel.haxx.se/blog/2024/03/25/curl-distro-report/ -# https://lists.haxx.se/listinfo/curl-distros - -VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/danielstenberg.asc -inherit autotools multilib-minimal multiprocessing prefix toolchain-funcs verify-sig - -DESCRIPTION="A Client that groks URLs" -HOMEPAGE="https://curl.se/" - -if [[ ${PV} == 9999 ]]; then - inherit git-r3 - EGIT_REPO_URI="https://github.com/curl/curl.git" -else - if [[ ${P} == *rc* ]]; then - CURL_URI="https://curl.se/rc/" - S="${WORKDIR}/${P//_/-}" - else - CURL_URI="https://curl.se/download/" - KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" - fi - SRC_URI=" - ${CURL_URI}${P//_/-}.tar.xz - verify-sig? ( ${CURL_URI}${P//_/-}.tar.xz.asc ) - " -fi - -LICENSE="BSD curl ISC test? ( BSD-4 )" -SLOT="0" -IUSE="+adns +alt-svc brotli debug ech +ftp gnutls gopher +hsts +http2 +http3 +httpsrr idn +imap kerberos ldap" -IUSE+=" mbedtls +openssl +pop3 +psl +quic rtmp rustls samba sasl-scram +smtp ssh ssl static-libs test" -IUSE+=" telnet +tftp +websockets zstd" -# These select the default tls implementation / which quic impl to use -IUSE+=" +curl_quic_openssl curl_quic_ngtcp2 curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls" -RESTRICT="!test? ( test )" - -# HTTPS RR is technically usable with the threaded resolver, but it still uses c-ares to -# ask for the HTTPS RR record type; if DoH is in use the HTTPS record will be requested -# in addition to A and AAAA records. - -# To simplify dependency management in the ebuild we'll require c-ares for HTTPS RR (for now?). -# HTTPS RR in cURL is a dependency for: -# - ECH (requires patched openssl or gnutls currently, enabled with rustls) -# - Fetching the ALPN list which should provide a better HTTP/3 experience. - -# Only one default ssl / quic provider can be enabled -# The default provider needs its USE satisfied -# HTTP/3 and MultiSSL are mutually exclusive; it's not clear if MultiSSL offers any benefit at all in the modern day. -# https://github.com/curl/curl/commit/65ece771f4602107d9cdd339dff4b420280a2c2e -REQUIRED_USE=" - ech? ( rustls ) - httpsrr? ( adns ) - quic? ( - ^^ ( - curl_quic_openssl - curl_quic_ngtcp2 - ) - http3 - ssl - ) - ssl? ( - ^^ ( - curl_ssl_gnutls - curl_ssl_mbedtls - curl_ssl_openssl - curl_ssl_rustls - ) - ) - curl_quic_openssl? ( - curl_ssl_openssl - !gnutls - !mbedtls - !rustls - ) - curl_quic_ngtcp2? ( - curl_ssl_gnutls - !mbedtls - !openssl - !rustls - ) - curl_ssl_gnutls? ( gnutls ) - curl_ssl_mbedtls? ( mbedtls ) - curl_ssl_openssl? ( openssl ) - curl_ssl_rustls? ( rustls ) - http3? ( alt-svc httpsrr quic ) -" - -# cURL's docs and CI/CD are great resources for confirming supported versions -# particulary for fast-moving targets like HTTP/2 and TCP/2 e.g.: -# - https://github.com/curl/curl/blob/master/docs/INTERNALS.md (core dependencies + minimum versions) -# - https://github.com/curl/curl/blob/master/docs/HTTP3.md (example of a feature that moves quickly) -# - https://github.com/curl/curl/blob/master/.github/workflows/http3-linux.yml (CI/CD for TCP/2) -# However 'supported' vs 'works' are two entirely different things; be sane but -# don't be afraid to require a later version. -# ngtcp2 = https://bugs.gentoo.org/912029 - can only build with one tls backend at a time. -RDEPEND=" - >=sys-libs/zlib-1.2.5[${MULTILIB_USEDEP}] - adns? ( >=net-dns/c-ares-1.16.0:=[${MULTILIB_USEDEP}] ) - brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] ) - http2? ( >=net-libs/nghttp2-1.15.0:=[${MULTILIB_USEDEP}] ) - http3? ( >=net-libs/nghttp3-1.1.0[${MULTILIB_USEDEP}] ) - idn? ( >=net-dns/libidn2-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] ) - kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] ) - ldap? ( >=net-nds/openldap-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] ) - psl? ( net-libs/libpsl[${MULTILIB_USEDEP}] ) - quic? ( - curl_quic_openssl? ( >=dev-libs/openssl-3.3.0:=[quic,${MULTILIB_USEDEP}] ) - curl_quic_ngtcp2? ( >=net-libs/ngtcp2-1.2.0[gnutls,ssl,-openssl,${MULTILIB_USEDEP}] ) - ) - rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] ) - ssh? ( >=net-libs/libssh2-1.2.8[${MULTILIB_USEDEP}] ) - sasl-scram? ( >=net-misc/gsasl-2.2.0[static-libs?,${MULTILIB_USEDEP}] ) - ssl? ( - gnutls? ( - app-misc/ca-certificates - >=net-libs/gnutls-3.1.10:=[static-libs?,${MULTILIB_USEDEP}] - dev-libs/nettle:=[${MULTILIB_USEDEP}] - ) - mbedtls? ( - app-misc/ca-certificates - net-libs/mbedtls:0=[${MULTILIB_USEDEP}] - ) - openssl? ( - >=dev-libs/openssl-1.0.2:=[static-libs?,${MULTILIB_USEDEP}] - ) - rustls? ( - >=net-libs/rustls-ffi-0.15.0:=[${MULTILIB_USEDEP}] - ) - ) - zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] ) -" - -DEPEND="${RDEPEND}" - -BDEPEND=" - dev-lang/perl - virtual/pkgconfig - test? ( - sys-apps/diffutils - http2? ( >=net-libs/nghttp2-1.15.0:=[utils,${MULTILIB_USEDEP}] ) - http3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] ) - ) - verify-sig? ( sec-keys/openpgp-keys-danielstenberg ) -" - -DOCS=( README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} ) - -MULTILIB_WRAPPED_HEADERS=( - /usr/include/curl/curlbuild.h -) - -MULTILIB_CHOST_TOOLS=( - /usr/bin/curl-config -) - -QA_CONFIG_IMPL_DECL_SKIP=( - __builtin_available - closesocket - CloseSocket - getpass_r - ioctlsocket - IoctlSocket - mach_absolute_time - setmode - _fseeki64 - # custom AC_LINK_IFELSE code fails to link even without -Werror - OSSL_QUIC_client_method -) - -PATCHES=( - "${FILESDIR}/${PN}-prefix-4.patch" - "${FILESDIR}/${PN}-respect-cflags-3.patch" - "${FILESDIR}/${P}-gssapi-non-ssl-build.patch" - "${FILESDIR}/${P}-hostip-correct-proxy-name.patch" - "${FILESDIR}/${P}-http2-stream-window-size.patch" - "${FILESDIR}/${P}-httpsrr-target-check.patch" - "${FILESDIR}/${P}-krb5-ftp.patch" - "${FILESDIR}/${P}-openssl-quic-stream-shutdown.patch" -) - -src_prepare() { - default - - eprefixify curl-config.in - eautoreconf -} - -# Generates TLS-related configure options based on USE flags. -# Outputs options suitable for appending to a configure options array. -_get_curl_tls_configure_opts() { - local tls_opts=() - - local backend flag_name - for backend in gnutls mbedtls openssl rustls; do - if [[ "$backend" == "openssl" ]]; then - flag_name="ssl" - tls_opts+=( "--with-ca-path=${EPREFIX}/etc/ssl/certs") - else - flag_name="$backend" - fi - - if use "$backend"; then - tls_opts+=( "--with-${flag_name}" ) - else - # If a single backend is enabled, 'ssl' is required, openssl is the default / fallback - if ! [[ "$backend" == "openssl" ]]; then - tls_opts+=( "--without-${flag_name}" ) - fi - fi - done - - if use curl_ssl_gnutls; then - multilib_is_native_abi && einfo "Default TLS backend: gnutls" - tls_opts+=( "--with-default-ssl-backend=gnutls" ) - elif use curl_ssl_mbedtls; then - multilib_is_native_abi && einfo "Default TLS backend: mbedtls" - tls_opts+=( "--with-default-ssl-backend=mbedtls" ) - elif use curl_ssl_openssl; then - multilib_is_native_abi && einfo "Default TLS backend: openssl" - tls_opts+=( "--with-default-ssl-backend=openssl" ) - elif use curl_ssl_rustls; then - multilib_is_native_abi && einfo "Default TLS backend: rustls" - tls_opts+=( "--with-default-ssl-backend=rustls" ) - else - eerror "We can't be here because of REQUIRED_USE." - die "Please file a bug, hit impossible condition w/ USE=ssl handling." - fi - - # Explicitly Disable unimplemented b - tls_opts+=( - --without-amissl - --without-bearssl - --without-wolfssl - ) - - printf "%s\n" "${tls_opts[@]}" -} - -multilib_src_configure() { - # We make use of the fact that later flags override earlier ones - # So start with all ssl providers off until proven otherwise - # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/) - local myconf=() - - myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt ) - if use ssl; then - local -a tls_backend_opts - readarray -t tls_backend_opts < <(_get_curl_tls_configure_opts) - myconf+=("${tls_backend_opts[@]}") - if use quic; then - myconf+=( - $(use_with curl_quic_ngtcp2 ngtcp2) - $(use_with curl_quic_openssl openssl-quic) - ) - else - # Without a REQUIRED_USE to ensure that QUIC was requested when at least one default backend is - # enabled we need ensure that we don't try to build QUIC support - myconf+=( --without-ngtcp2 --without-openssl-quic ) - fi - else - myconf+=( --without-ssl ) - einfo "SSL disabled" - fi - - # These configuration options are organised alphabetically by category/type - - # Protocols - # `grep SUPPORT_PROTOCOLS=\" configure.ac | awk '{ print substr($2, 1, length($2)-1)}' | sort` - # Assume that anything omitted (that is not new!) is enabled by default with no deps - myconf+=( - --enable-file - $(use_enable ftp) - $(use_enable gopher) - --enable-http - $(use_enable imap) # Automatic IMAPS if TLS is enabled - $(use_enable ldap ldaps) - $(use_enable ldap) - $(use_enable pop3) - $(use_enable samba smb) - $(use_with ssh libssh2) # enables scp/sftp - $(use_with rtmp librtmp) - --enable-rtsp - $(use_enable smtp) - $(use_enable telnet) - $(use_enable tftp) - $(use_enable websockets) - ) - - # Keep various 'HTTP-flavoured' options together - myconf+=( - $(use_enable alt-svc) - $(use_enable hsts) - $(use_enable httpsrr) - $(use_with http2 nghttp2) - $(use_with http3 nghttp3) - ) - - # --enable/disable options - # `grep -- --enable configure | grep Check | awk '{ print $4 }' | sort` - myconf+=( - $(use_enable adns ares) - --enable-aws - --enable-basic-auth - --enable-bearer-auth - --enable-cookies - --enable-dateparse - --enable-dict - --enable-digest-auth - --enable-dnsshuffle - --enable-doh - $(use_enable ech) - --enable-http-auth - --enable-ipv6 - --enable-kerberos-auth - --enable-largefile - --enable-manual - --enable-mime - --enable-negotiate-auth - --enable-netrc - --enable-ntlm - --enable-progress-meter - --enable-proxy - --enable-rt - --enable-socketpair - --disable-sspi - $(use_enable static-libs static) - --enable-symbol-hiding - --enable-tls-srp - --disable-versioned-symbols - ) - - # --with/without options - # `grep -- --with configure | grep Check | awk '{ print $4 }' | sort` - myconf+=( - $(use_with brotli) - --with-fish-functions-dir="${EPREFIX}"/usr/share/fish/vendor_completions.d - $(use_with idn libidn2) - $(use_with kerberos gssapi "${EPREFIX}"/usr) - $(use_with sasl-scram libgsasl) - $(use_with psl libpsl) - --without-msh3 - --without-quiche - --without-schannel - --without-secure-transport - --without-winidn - --with-zlib - --with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions - $(use_with zstd) - ) - - # Test deps (disabled) - myconf+=( - --without-test-caddy - --without-test-httpd - --without-test-nghttpx - ) - - if use debug; then - myconf+=( - --enable-debug - ) - fi - - if use test && multilib_is_native_abi && ( use http2 || use http3 ); then - myconf+=( - --with-test-nghttpx="${BROOT}/usr/bin/nghttpx" - ) - fi - - # Since 8.12.0 adns/c-ares and the threaded resolver are mutually exclusive - # This is in support of some work to enable `httpsrr` to use adns and the rest - # of curl to use the threaded resolver; for us `httpsrr` is conditional on adns. - if use adns; then - myconf+=( - --disable-threaded-resolver - ) - else - myconf+=( - --enable-threaded-resolver - ) - fi - - ECONF_SOURCE="${S}" econf "${myconf[@]}" - - if ! multilib_is_native_abi; then - # Avoid building the client (we just want libcurl for multilib) - sed -i -e '/SUBDIRS/s:src::' Makefile || die - sed -i -e '/SUBDIRS/s:scripts::' Makefile || die - fi - -} - -multilib_src_compile() { - default - - if multilib_is_native_abi; then - # Shell completions - ! tc-is-cross-compiler && emake -C scripts - fi -} - -# There is also a pytest harness that tests for bugs in some very specific -# situations; we can rely on upstream for this rather than adding additional test deps. -multilib_src_test() { - # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721 - # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches) - # -v: verbose - # -a: keep going on failure (so we see everything that breaks, not just 1st test) - # -k: keep test files after completion - # -am: automake style TAP output - # -p: print logs if test fails - # Note: if needed, we can skip specific tests. See e.g. Fedora's packaging - # or just read https://github.com/curl/curl/tree/master/tests#run. - # Note: we don't run the testsuite for cross-compilation. - # Upstream recommend 7*nproc as a starting point for parallel tests, but - # this ends up breaking when nproc is huge (like -j80). - # The network sandbox causes tests 241 and 1083 to fail; these are typically skipped - # as most gentoo users don't have an 'ip6-localhost' - multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p -j$((2*$(makeopts_jobs))) !241 !1083" -} - -multilib_src_install() { - emake DESTDIR="${D}" install - - if multilib_is_native_abi; then - # Shell completions - ! tc-is-cross-compiler && emake -C scripts DESTDIR="${D}" install - fi -} - -multilib_src_install_all() { - einstalldocs - find "${ED}" -type f -name '*.la' -delete || die - rm -rf "${ED}"/etc/ || die -} - -pkg_postinst() { - if use debug; then - ewarn "USE=debug has been selected, enabling debug codepaths and making cURL extra verbose." - ewarn "Use this _only_ for testing. Debug builds should _not_ be used in anger." - ewarn "hic sunt dracones; you have been warned." - fi -} diff --git a/net-misc/curl/files/curl-8.13.0-gssapi-non-ssl-build.patch b/net-misc/curl/files/curl-8.13.0-gssapi-non-ssl-build.patch deleted file mode 100644 index cd9bde14def5..000000000000 --- a/net-misc/curl/files/curl-8.13.0-gssapi-non-ssl-build.patch +++ /dev/null @@ -1,28 +0,0 @@ -https://github.com/curl/curl/commit/fe5f435b42a6c928b57c61db5d57f96b5c5a39be -From: Andrew <[email protected]> -Date: Wed, 2 Apr 2025 13:45:21 +0100 -Subject: [PATCH] http_negotiate: fix non-SSL build with GSSAPI - -Fixes #16919 -Closes #16921 ---- a/lib/http_negotiate.c -+++ b/lib/http_negotiate.c -@@ -110,8 +110,8 @@ CURLcode Curl_input_negotiate(struct Curl_easy *data, struct connectdata *conn, - #endif - /* Check if the connection is using SSL and get the channel binding data */ - #ifdef HAVE_GSSAPI -- Curl_dyn_init(&neg_ctx->channel_binding_data, SSL_CB_MAX_SIZE + 1); - #ifdef USE_SSL -+ Curl_dyn_init(&neg_ctx->channel_binding_data, SSL_CB_MAX_SIZE + 1); - if(Curl_conn_is_ssl(conn, FIRSTSOCKET)) { - result = Curl_ssl_get_channel_binding( - data, FIRSTSOCKET, &neg_ctx->channel_binding_data); -@@ -120,6 +120,8 @@ CURLcode Curl_input_negotiate(struct Curl_easy *data, struct connectdata *conn, - return result; - } - } -+#else -+ Curl_dyn_init(&neg_ctx->channel_binding_data, 1); - #endif /* USE_SSL */ - #endif /* HAVE_GSSAPI */ - diff --git a/net-misc/curl/files/curl-8.13.0-hostip-correct-proxy-name.patch b/net-misc/curl/files/curl-8.13.0-hostip-correct-proxy-name.patch deleted file mode 100644 index 18965c9b94ad..000000000000 --- a/net-misc/curl/files/curl-8.13.0-hostip-correct-proxy-name.patch +++ /dev/null @@ -1,46 +0,0 @@ -https://github.com/curl/curl/commit/db3e7a24b5339860fb91cf0d932e8ae13a01e472 -From: Daniel Stenberg <[email protected]> -Date: Fri, 4 Apr 2025 12:34:09 +0200 -Subject: [PATCH] hostip: show the correct name on proxy resolve error - -Regression, probably from 8ded8e5f3f4b6586399 (#16451) - -Fixes #16958 -Reported-by: Jean-Christophe Amiel -Closes #16961 ---- a/lib/hostip.c -+++ b/lib/hostip.c -@@ -1494,25 +1494,21 @@ CURLcode Curl_once_resolved(struct Curl_easy *data, bool *protocol_done) - #ifdef USE_CURL_ASYNC - CURLcode Curl_resolver_error(struct Curl_easy *data) - { -- const char *host_or_proxy; -- CURLcode result; -+ struct connectdata *conn = data->conn; -+ const char *host_or_proxy = "host"; -+ const char *name = conn->host.dispname; -+ CURLcode result = CURLE_COULDNT_RESOLVE_HOST; - - #ifndef CURL_DISABLE_PROXY -- struct connectdata *conn = data->conn; -- if(conn->bits.httpproxy) { -+ if(conn->bits.proxy) { - host_or_proxy = "proxy"; - result = CURLE_COULDNT_RESOLVE_PROXY; -+ name = conn->socks_proxy.host.name ? conn->socks_proxy.host.dispname : -+ conn->http_proxy.host.dispname; - } -- else - #endif -- { -- host_or_proxy = "host"; -- result = CURLE_COULDNT_RESOLVE_HOST; -- } -- -- failf(data, "Could not resolve %s: %s", host_or_proxy, -- data->conn->host.dispname); - -+ failf(data, "Could not resolve %s: %s", host_or_proxy, name); - return result; - } - #endif /* USE_CURL_ASYNC */ diff --git a/net-misc/curl/files/curl-8.13.0-http2-stream-window-size.patch b/net-misc/curl/files/curl-8.13.0-http2-stream-window-size.patch deleted file mode 100644 index f16c13738a70..000000000000 --- a/net-misc/curl/files/curl-8.13.0-http2-stream-window-size.patch +++ /dev/null @@ -1,143 +0,0 @@ -https://github.com/curl/curl/commit/5fbd78eb2dc4afbd8884e8eed27147fc3d4318f6 -From: Stefan Eissing <[email protected]> -Date: Fri, 4 Apr 2025 10:43:13 +0200 -Subject: [PATCH] http2: fix stream window size after unpausing - -When pausing a HTTP/2 transfer, the stream's local window size -is reduced to 0 to prevent the server from sending further data -which curl cannot write out to the application. - -When unpausing again, the stream's window size was not correctly -increased again. The attempt to trigger a window update was -ignored by nghttp2, the server never received it and the transfer -stalled. - -Add a debug feature to allow use of small window sizes which -reproduces this bug in test_02_21. - -Fixes #16955 -Closes #16960 ---- a/docs/libcurl/libcurl-env-dbg.md -+++ b/docs/libcurl/libcurl-env-dbg.md -@@ -147,3 +147,8 @@ Make a blocking, graceful shutdown of all remaining connections when - a multi handle is destroyed. This implicitly triggers for easy handles - that are run via easy_perform. The value of the environment variable - gives the shutdown timeout in milliseconds. -+ -+## `CURL_H2_STREAM_WIN_MAX` -+ -+Set to a positive 32-bit number to override the HTTP/2 stream window's -+default of 10MB. Used in testing to verify correct window update handling. ---- a/lib/http2.c -+++ b/lib/http2.c -@@ -44,6 +44,7 @@ - #include "connect.h" - #include "rand.h" - #include "strdup.h" -+#include "strparse.h" - #include "transfer.h" - #include "dynbuf.h" - #include "headers.h" -@@ -141,6 +142,9 @@ struct cf_h2_ctx { - uint32_t goaway_error; /* goaway error code from server */ - int32_t remote_max_sid; /* max id processed by server */ - int32_t local_max_sid; /* max id processed by us */ -+#ifdef DEBUGBUILD -+ int32_t stream_win_max; /* max h2 stream window size */ -+#endif - BIT(initialized); - BIT(via_h1_upgrade); - BIT(conn_closed); -@@ -166,6 +170,18 @@ static void cf_h2_ctx_init(struct cf_h2_ctx *ctx, bool via_h1_upgrade) - Curl_hash_offt_init(&ctx->streams, 63, h2_stream_hash_free); - ctx->remote_max_sid = 2147483647; - ctx->via_h1_upgrade = via_h1_upgrade; -+#ifdef DEBUGBUILD -+ { -+ const char *p = getenv("CURL_H2_STREAM_WIN_MAX"); -+ -+ ctx->stream_win_max = H2_STREAM_WINDOW_SIZE_MAX; -+ if(p) { -+ curl_off_t l; -+ if(!Curl_str_number(&p, &l, INT_MAX)) -+ ctx->stream_win_max = (int32_t)l; -+ } -+ } -+#endif - ctx->initialized = TRUE; - } - -@@ -285,7 +301,15 @@ static int32_t cf_h2_get_desired_local_win(struct Curl_cfilter *cf, - * This gets less precise the higher the latency. */ - return (int32_t)data->set.max_recv_speed; - } -+#ifdef DEBUGBUILD -+ else { -+ struct cf_h2_ctx *ctx = cf->ctx; -+ CURL_TRC_CF(data, cf, "stream_win_max=%d", ctx->stream_win_max); -+ return ctx->stream_win_max; -+ } -+#else - return H2_STREAM_WINDOW_SIZE_MAX; -+#endif - } - - static CURLcode cf_h2_update_local_win(struct Curl_cfilter *cf, -@@ -302,6 +326,13 @@ static CURLcode cf_h2_update_local_win(struct Curl_cfilter *cf, - int32_t wsize = nghttp2_session_get_stream_effective_local_window_size( - ctx->h2, stream->id); - if(dwsize > wsize) { -+ rv = nghttp2_session_set_local_window_size(ctx->h2, NGHTTP2_FLAG_NONE, -+ stream->id, dwsize); -+ if(rv) { -+ failf(data, "[%d] nghttp2 set_local_window_size(%d) failed: " -+ "%s(%d)", stream->id, dwsize, nghttp2_strerror(rv), rv); -+ return CURLE_HTTP2; -+ } - rv = nghttp2_submit_window_update(ctx->h2, NGHTTP2_FLAG_NONE, - stream->id, dwsize - wsize); - if(rv) { ---- a/tests/http/test_02_download.py -+++ b/tests/http/test_02_download.py -@@ -313,9 +313,9 @@ def test_02_20_h2_small_frames(self, env: Env, httpd): - assert httpd.stop() - assert httpd.start() - -- # download via lib client, 1 at a time, pause/resume at different offsets -+ # download serial via lib client, pause/resume at different offsets - @pytest.mark.parametrize("pause_offset", [0, 10*1024, 100*1023, 640000]) -- @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3']) -+ @pytest.mark.parametrize("proto", ['http/1.1', 'h3']) - def test_02_21_lib_serial(self, env: Env, httpd, nghttpx, proto, pause_offset): - if proto == 'h3' and not env.have_h3(): - pytest.skip("h3 not supported") -@@ -332,6 +332,29 @@ def test_02_21_lib_serial(self, env: Env, httpd, nghttpx, proto, pause_offset): - srcfile = os.path.join(httpd.docs_dir, docname) - self.check_downloads(client, srcfile, count) - -+ # h2 download parallel via lib client, pause/resume at different offsets -+ # debug-override stream window size to reproduce #16955 -+ @pytest.mark.parametrize("pause_offset", [0, 10*1024, 100*1023, 640000]) -+ @pytest.mark.parametrize("swin_max", [0, 10*1024]) -+ def test_02_21_h2_lib_serial(self, env: Env, httpd, pause_offset, swin_max): -+ proto = 'h2' -+ count = 2 -+ docname = 'data-10m' -+ url = f'https://localhost:{env.https_port}/{docname}' -+ run_env = os.environ.copy() -+ run_env['CURL_DEBUG'] = 'multi,http/2' -+ if swin_max > 0: -+ run_env['CURL_H2_STREAM_WIN_MAX'] = f'{swin_max}' -+ client = LocalClient(name='hx-download', env=env, run_env=run_env) -+ if not client.exists(): -+ pytest.skip(f'example client not built: {client.name}') -+ r = client.run(args=[ -+ '-n', f'{count}', '-P', f'{pause_offset}', '-V', proto, url -+ ]) -+ r.check_exit_code(0) -+ srcfile = os.path.join(httpd.docs_dir, docname) -+ self.check_downloads(client, srcfile, count) -+ - # download via lib client, several at a time, pause/resume - @pytest.mark.parametrize("pause_offset", [100*1023]) - @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3']) diff --git a/net-misc/curl/files/curl-8.13.0-httpsrr-target-check.patch b/net-misc/curl/files/curl-8.13.0-httpsrr-target-check.patch deleted file mode 100644 index 880a676ea80b..000000000000 --- a/net-misc/curl/files/curl-8.13.0-httpsrr-target-check.patch +++ /dev/null @@ -1,22 +0,0 @@ -https://github.com/curl/curl/commit/4f3c22d77d752fea6ff9ab2706f70d58882ea466 -From: Stefan Eissing <[email protected]> -Date: Fri, 4 Apr 2025 18:10:28 +0200 -Subject: [PATCH] https-connect, fix httpsrr target check - -The HTTPSRR check on the record's target was not working as it used the -wrong index on the NUL byte if the target was not NULL. - -Fixes #16966 -Reported-by: Pavel Kropachev -Closes #16968 ---- a/lib/cf-https-connect.c -+++ b/lib/cf-https-connect.c -@@ -673,7 +673,7 @@ CURLcode Curl_cf_https_setup(struct Curl_easy *data, - (!conn->dns_entry->hinfo->target || /* for same host */ - !conn->dns_entry->hinfo->target[0] || - (conn->dns_entry->hinfo->target[0] == '.' && -- !conn->dns_entry->hinfo->target[0])) && -+ !conn->dns_entry->hinfo->target[1])) && - (conn->dns_entry->hinfo->port < 0 || /* for same port */ - conn->dns_entry->hinfo->port == conn->remote_port)) { - size_t i; diff --git a/net-misc/curl/files/curl-8.13.0-krb5-ftp.patch b/net-misc/curl/files/curl-8.13.0-krb5-ftp.patch deleted file mode 100644 index 5d59ed9a9c1a..000000000000 --- a/net-misc/curl/files/curl-8.13.0-krb5-ftp.patch +++ /dev/null @@ -1,19 +0,0 @@ -https://github.com/curl/curl/commit/5caba3bd97a14b64d906ece77bc0e2b339161a1f -From: Daniel Stenberg <[email protected]> -Date: Thu, 3 Apr 2025 08:49:20 +0200 -Subject: [PATCH] curl_krb5: only use functions if FTP is still enabled - -Reported-by: x1sc0 on github -Fixes #16925 -Closes #16931 ---- a/lib/curl_krb5.h -+++ b/lib/curl_krb5.h -@@ -39,7 +39,7 @@ struct Curl_sec_client_mech { - #define AUTH_CONTINUE 1 - #define AUTH_ERROR 2 - --#ifdef HAVE_GSSAPI -+#if defined(HAVE_GSSAPI) && !defined(CURL_DISABLE_FTP) - void Curl_sec_conn_init(struct connectdata *); - void Curl_sec_conn_destroy(struct connectdata *); - int Curl_sec_read_msg(struct Curl_easy *data, struct connectdata *conn, char *, diff --git a/net-misc/curl/files/curl-8.13.0-openssl-quic-stream-shutdown.patch b/net-misc/curl/files/curl-8.13.0-openssl-quic-stream-shutdown.patch deleted file mode 100644 index acb8fa9b1006..000000000000 --- a/net-misc/curl/files/curl-8.13.0-openssl-quic-stream-shutdown.patch +++ /dev/null @@ -1,44 +0,0 @@ -https://github.com/curl/curl/commit/219302b4e64e2337c50d86056e9af2103b281e7e -From: Stefan Eissing <[email protected]> -Date: Wed, 9 Apr 2025 11:01:54 +0200 -Subject: [PATCH] openssl-quic: fix shutdown when stream not open - -Check that h3 stream had been opened before telling nghttp3 to -shut it down. - -Fixes #16998 -Reported-by: Demi Marie Obenour -Closes #17003 ---- a/lib/vquic/curl_osslq.c -+++ b/lib/vquic/curl_osslq.c -@@ -654,7 +654,7 @@ static void h3_data_done(struct Curl_cfilter *cf, struct Curl_easy *data) - if(stream) { - CURL_TRC_CF(data, cf, "[%"FMT_PRId64"] easy handle is done", - stream->s.id); -- if(ctx->h3.conn && !stream->closed) { -+ if(ctx->h3.conn && (stream->s.id >= 0) && !stream->closed) { - nghttp3_conn_shutdown_stream_read(ctx->h3.conn, stream->s.id); - nghttp3_conn_close_stream(ctx->h3.conn, stream->s.id, - NGHTTP3_H3_REQUEST_CANCELLED); ---- a/tests/http/test_01_basic.py -+++ b/tests/http/test_01_basic.py -@@ -242,3 +242,19 @@ def test_01_15_gigalarge_resp_headers(self, env: Env, httpd, proto): - r.check_exit_code(16) # CURLE_HTTP2 - else: - r.check_exit_code(100) # CURLE_TOO_LARGE -+ -+ # http: invalid request headers, GET, issue #16998 -+ @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3']) -+ def test_01_16_inv_req_get(self, env: Env, httpd, proto): -+ if proto == 'h3' and not env.have_h3(): -+ pytest.skip("h3 not supported") -+ curl = CurlClient(env=env) -+ url = f'https://{env.authority_for(env.domain1, proto)}/curltest/echo' -+ r = curl.http_get(url=url, alpn_proto=proto, extra_args=[ -+ '-H', "a: a\x0ab" -+ ]) -+ # on h1, request is sent, h2/h3 reject -+ if proto == 'http/1.1': -+ r.check_exit_code(0) -+ else: -+ r.check_exit_code(43) diff --git a/net-misc/curl/metadata.xml b/net-misc/curl/metadata.xml index 2fa671c41f74..48bc5a58dd0c 100644 --- a/net-misc/curl/metadata.xml +++ b/net-misc/curl/metadata.xml @@ -22,7 +22,6 @@ <flag name="mbedtls">Enable mbedtls ssl backend</flag> <flag name="openssl">Enable openssl ssl backend</flag> <flag name="pop3">Enable Post Office Protocol 3 support</flag> - <flag name="progress-meter">Enable the progress meter</flag> <flag name="psl">Enable Public Suffix List (PSL) support. See https://daniel.haxx.se/blog/2024/01/10/psl-in-curl/.</flag> <flag name="quic">Enable support for QUIC (RFC 9000); a UDP-based protocol intended to replace TCP</flag> <flag name="rtmp">Enable RTMP Streaming Media support</flag> @@ -31,7 +30,6 @@ <flag name="smtp">Enable Simple Mail Transfer Protocol support</flag> <flag name="ssh">Enable SSH urls in curl using libssh2</flag> <flag name="ssl">Enable crypto engine support (via openssl if USE='-gnutls -nss')</flag> - <flag name="sslv3">Support for the old/insecure SSLv3 protocol</flag> <flag name="telnet">Enable Telnet protocol support</flag> <flag name="tftp">Enable TFTP support</flag> <flag name="websockets">Enable websockets support</flag>
