commit: efd0fd9246b35bc1fe33747ab4bb1e4b04599040 Author: Matt Jolly <kangie <AT> gentoo <DOT> org> AuthorDate: Mon Feb 23 12:08:10 2026 +0000 Commit: Matt Jolly <kangie <AT> gentoo <DOT> org> CommitDate: Mon Feb 23 12:10:39 2026 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=efd0fd92
net-misc/curl: add 8.19.0_rc2; sync live This release drops the use of the curl_quic USE_EXPAND after upstream changes dropped our choice of backends to one (net-libs/ngtcp2), configured depending on the selected/supported TLS impl. Technically Quiche is an option too, but we don't support that in Gentoo. Closes: https://bugs.gentoo.org/963706 Signed-off-by: Matt Jolly <kangie <AT> gentoo.org> net-misc/curl/Manifest | 2 + .../{curl-9999.ebuild => curl-8.19.0_rc2.ebuild} | 47 +++++++--------------- net-misc/curl/curl-9999.ebuild | 47 +++++++--------------- 3 files changed, 30 insertions(+), 66 deletions(-) diff --git a/net-misc/curl/Manifest b/net-misc/curl/Manifest index 46403a55c092..a654b9aaba17 100644 --- a/net-misc/curl/Manifest +++ b/net-misc/curl/Manifest @@ -6,3 +6,5 @@ DIST curl-8.17.0.tar.xz 2797000 BLAKE2B a7a804afe058f323b40177bcb4ffc523decde92d DIST curl-8.17.0.tar.xz.asc 488 BLAKE2B 88b72cb9c0acd8a06956eca31047dfadfe110dc07290adbe50b9451a71d4282acaa05c8a149787d71cf13cf1b42e8df9594d0e8a2b1cadbfca5eb50550f32609 SHA512 e77d4cb1f4961aa0df3d76f1a8c55a0b9005ed557adf745f3ab24d33cee2d0e4bd06cecb9d911e76409852e7755129873cc7d24936c846ff1b854903c0f086b2 DIST curl-8.18.0.tar.xz 2801444 BLAKE2B 16e1539616c1800dfa08a5bd3e38ff75d2906a4a574b1541509c69200aebe680b0a5efdf1b1e0c89f3cccb6001bfe1c1459b9fd815053c964e1a1434be1e2e0e SHA512 50c7a7b0528e0019697b0c59b3e56abb2578c71d77e4c085b56797276094b5611718c0a9cb2b14db7f8ab502fcf8f42a364297a3387fae3870a4d281484ba21c DIST curl-8.18.0.tar.xz.asc 488 BLAKE2B 68c2ce9777ba51962139e70e48c4b24d404682a6ad530843791cc188b2656dc26a19f0757f97ead2ff492f7b8a4e4116707df901e81bf8efb28658ff4df99ae0 SHA512 07e08d1bb3f8bf20b3d22f37fbc19c49c0d9ee4ea9d92da76fa8a9de343023e1b5d416ccc6535a4ff98b08b30eb9334fd856227e37564f6bcd542aa81bced152 +DIST curl-8.19.0-rc2.tar.xz 2782276 BLAKE2B 28ca64b9c42ba14b6ae73260822e2c7b59b16f6a1bf186ec8ee696a2f7f4d6f23d6a18ba580092f8d9e513b8b7eb5523f22cf03a414441a7dcb4932b8b77c252 SHA512 ad3fff8477dbf3487d7978ac1bef9622203a477ab30592923c18009a5292e9df83d8653c84cc4b1a0448891e9b9c9135e60a7524982809da7dd656272ecc76b7 +DIST curl-8.19.0-rc2.tar.xz.asc 488 BLAKE2B cc8e16325a3ecbd5ce95df0df4a8f73d2622daa6e3162ba3bd2cec044ac1d38b392d8bccb1be017d0ae494e278a7b974130663af7d670f01e89946034c5500f0 SHA512 593109ecad8e420416e7debec254ee3e29eaffaaefdbd5aa63f90e960eb479ac424b28e82075344744517560f4e74bb7a45d991c15363972b57e4634693ebac3 diff --git a/net-misc/curl/curl-9999.ebuild b/net-misc/curl/curl-8.19.0_rc2.ebuild similarity index 90% copy from net-misc/curl/curl-9999.ebuild copy to net-misc/curl/curl-8.19.0_rc2.ebuild index ef136f2ef641..20096ddf96cc 100644 --- a/net-misc/curl/curl-9999.ebuild +++ b/net-misc/curl/curl-8.19.0_rc2.ebuild @@ -36,7 +36,7 @@ IUSE="+adns +alt-svc brotli debug ech +ftp gnutls gopher +hsts +http2 +http3 +ht IUSE+=" mbedtls +openssl +pop3 +psl +quic rtmp rustls samba sasl-scram +smtp ssh ssl static-libs test" IUSE+=" telnet +tftp +websockets zstd" # These select the default tls implementation / which quic impl to use -IUSE+=" +curl_quic_openssl curl_quic_ngtcp2 curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls" +IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls" RESTRICT="!test? ( test )" # HTTPS RR is technically usable with the threaded resolver, but it still uses c-ares to @@ -57,9 +57,12 @@ REQUIRED_USE=" httpsrr? ( adns ) quic? ( ^^ ( - curl_quic_openssl - curl_quic_ngtcp2 + openssl + gnutls ) + !gnutls + !mbedtls + !rustls http3 ssl ) @@ -71,18 +74,6 @@ REQUIRED_USE=" curl_ssl_rustls ) ) - curl_quic_openssl? ( - curl_ssl_openssl - !gnutls - !mbedtls - !rustls - ) - curl_quic_ngtcp2? ( - curl_ssl_gnutls - !mbedtls - !openssl - !rustls - ) curl_ssl_gnutls? ( gnutls ) curl_ssl_mbedtls? ( mbedtls ) curl_ssl_openssl? ( openssl ) @@ -98,9 +89,6 @@ REQUIRED_USE=" # However 'supported' vs 'works' are two entirely different things; be sane but # don't be afraid to require a later version. # ngtcp2 = https://bugs.gentoo.org/912029 - can only build with one tls backend at a time. -# TODO: OpenSSL-QUIC support is going to be removed in 2026; depend on ngtcp2[{gnutls,openssl}] before that point. -# - https://github.com/curl/curl/pull/18820 (Deprecate OpenSSL QUIC support) -# - https://github.com/curl/curl/issues/18336 (curl w/ OpenSSL QUIC fails to fetch Google.com) RDEPEND=" >=virtual/zlib-1.2.5:=[${MULTILIB_USEDEP}] adns? ( >=net-dns/c-ares-1.16.0:=[${MULTILIB_USEDEP}] ) @@ -112,8 +100,8 @@ RDEPEND=" ldap? ( >=net-nds/openldap-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] ) psl? ( net-libs/libpsl[${MULTILIB_USEDEP}] ) quic? ( - curl_quic_openssl? ( >=dev-libs/openssl-3.3.0:=[quic,${MULTILIB_USEDEP}] ) - curl_quic_ngtcp2? ( >=net-libs/ngtcp2-1.2.0[gnutls,ssl,-openssl,${MULTILIB_USEDEP}] ) + gnutls? ( >=net-libs/ngtcp2-1.20.0-r1[gnutls,ssl,${MULTILIB_USEDEP}] ) + openssl? ( >=net-libs/ngtcp2-1.20.0-r1[openssl,ssl,${MULTILIB_USEDEP}] ) ) rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] ) ssh? ( >=net-libs/libssh2-1.2.8[${MULTILIB_USEDEP}] ) @@ -151,7 +139,7 @@ BDEPEND=" verify-sig? ( sec-keys/openpgp-keys-danielstenberg ) " -DOCS=( README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} ) +DOCS=( README docs/{FEATURES.md,INTERNALS.md,FAQ.md,BUGS.md,CONTRIBUTE.md} ) MULTILIB_WRAPPED_HEADERS=( /usr/include/curl/curlbuild.h @@ -176,7 +164,7 @@ QA_CONFIG_IMPL_DECL_SKIP=( ) PATCHES=( - "${FILESDIR}/${PN}-prefix-5.patch" + "${FILESDIR}/${PN}-prefix-6.patch" "${FILESDIR}/${PN}-respect-cflags-3.patch" ) @@ -248,17 +236,10 @@ multilib_src_configure() { if use ssl; then local -a tls_backend_opts readarray -t tls_backend_opts < <(_get_curl_tls_configure_opts) - myconf+=("${tls_backend_opts[@]}") - if use quic; then - myconf+=( - $(use_with curl_quic_ngtcp2 ngtcp2) - $(use_with curl_quic_openssl openssl-quic) - ) - else - # Without a REQUIRED_USE to ensure that QUIC was requested when at least one default backend is - # enabled we need ensure that we don't try to build QUIC support - myconf+=( --without-ngtcp2 --without-openssl-quic ) - fi + myconf+=( + "${tls_backend_opts[@]}" + $(use_with quic ngtcp2) + ) else myconf+=( --without-ssl ) einfo "SSL disabled" diff --git a/net-misc/curl/curl-9999.ebuild b/net-misc/curl/curl-9999.ebuild index ef136f2ef641..20096ddf96cc 100644 --- a/net-misc/curl/curl-9999.ebuild +++ b/net-misc/curl/curl-9999.ebuild @@ -36,7 +36,7 @@ IUSE="+adns +alt-svc brotli debug ech +ftp gnutls gopher +hsts +http2 +http3 +ht IUSE+=" mbedtls +openssl +pop3 +psl +quic rtmp rustls samba sasl-scram +smtp ssh ssl static-libs test" IUSE+=" telnet +tftp +websockets zstd" # These select the default tls implementation / which quic impl to use -IUSE+=" +curl_quic_openssl curl_quic_ngtcp2 curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls" +IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls" RESTRICT="!test? ( test )" # HTTPS RR is technically usable with the threaded resolver, but it still uses c-ares to @@ -57,9 +57,12 @@ REQUIRED_USE=" httpsrr? ( adns ) quic? ( ^^ ( - curl_quic_openssl - curl_quic_ngtcp2 + openssl + gnutls ) + !gnutls + !mbedtls + !rustls http3 ssl ) @@ -71,18 +74,6 @@ REQUIRED_USE=" curl_ssl_rustls ) ) - curl_quic_openssl? ( - curl_ssl_openssl - !gnutls - !mbedtls - !rustls - ) - curl_quic_ngtcp2? ( - curl_ssl_gnutls - !mbedtls - !openssl - !rustls - ) curl_ssl_gnutls? ( gnutls ) curl_ssl_mbedtls? ( mbedtls ) curl_ssl_openssl? ( openssl ) @@ -98,9 +89,6 @@ REQUIRED_USE=" # However 'supported' vs 'works' are two entirely different things; be sane but # don't be afraid to require a later version. # ngtcp2 = https://bugs.gentoo.org/912029 - can only build with one tls backend at a time. -# TODO: OpenSSL-QUIC support is going to be removed in 2026; depend on ngtcp2[{gnutls,openssl}] before that point. -# - https://github.com/curl/curl/pull/18820 (Deprecate OpenSSL QUIC support) -# - https://github.com/curl/curl/issues/18336 (curl w/ OpenSSL QUIC fails to fetch Google.com) RDEPEND=" >=virtual/zlib-1.2.5:=[${MULTILIB_USEDEP}] adns? ( >=net-dns/c-ares-1.16.0:=[${MULTILIB_USEDEP}] ) @@ -112,8 +100,8 @@ RDEPEND=" ldap? ( >=net-nds/openldap-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] ) psl? ( net-libs/libpsl[${MULTILIB_USEDEP}] ) quic? ( - curl_quic_openssl? ( >=dev-libs/openssl-3.3.0:=[quic,${MULTILIB_USEDEP}] ) - curl_quic_ngtcp2? ( >=net-libs/ngtcp2-1.2.0[gnutls,ssl,-openssl,${MULTILIB_USEDEP}] ) + gnutls? ( >=net-libs/ngtcp2-1.20.0-r1[gnutls,ssl,${MULTILIB_USEDEP}] ) + openssl? ( >=net-libs/ngtcp2-1.20.0-r1[openssl,ssl,${MULTILIB_USEDEP}] ) ) rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] ) ssh? ( >=net-libs/libssh2-1.2.8[${MULTILIB_USEDEP}] ) @@ -151,7 +139,7 @@ BDEPEND=" verify-sig? ( sec-keys/openpgp-keys-danielstenberg ) " -DOCS=( README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} ) +DOCS=( README docs/{FEATURES.md,INTERNALS.md,FAQ.md,BUGS.md,CONTRIBUTE.md} ) MULTILIB_WRAPPED_HEADERS=( /usr/include/curl/curlbuild.h @@ -176,7 +164,7 @@ QA_CONFIG_IMPL_DECL_SKIP=( ) PATCHES=( - "${FILESDIR}/${PN}-prefix-5.patch" + "${FILESDIR}/${PN}-prefix-6.patch" "${FILESDIR}/${PN}-respect-cflags-3.patch" ) @@ -248,17 +236,10 @@ multilib_src_configure() { if use ssl; then local -a tls_backend_opts readarray -t tls_backend_opts < <(_get_curl_tls_configure_opts) - myconf+=("${tls_backend_opts[@]}") - if use quic; then - myconf+=( - $(use_with curl_quic_ngtcp2 ngtcp2) - $(use_with curl_quic_openssl openssl-quic) - ) - else - # Without a REQUIRED_USE to ensure that QUIC was requested when at least one default backend is - # enabled we need ensure that we don't try to build QUIC support - myconf+=( --without-ngtcp2 --without-openssl-quic ) - fi + myconf+=( + "${tls_backend_opts[@]}" + $(use_with quic ngtcp2) + ) else myconf+=( --without-ssl ) einfo "SSL disabled"
