commit: b5a048d520b9fe74be7d34a7e5ff7929668c359a Author: Matt Jolly <Matt.Jolly <AT> footclan <DOT> ninja> AuthorDate: Wed May 24 11:30:22 2023 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Fri May 26 02:06:50 2023 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b5a048d5
net-misc/curl: add 8.1.1, 9999 Bugfix release for 8.1.0 which already has the important fixes backported. Additional `REQUIRED_USE` checks to ensure that the default SSL provider is actually enabled. Rename the prefix patch; it hasn't changed in a major version and won't for a while Closes: https://bugs.gentoo.org/905222 Closes: https://bugs.gentoo.org/742641 Closes: https://bugs.gentoo.org/750752 Signed-off-by: Matt Jolly <Matt.Jolly <AT> footclan.ninja> Closes: https://github.com/gentoo/gentoo/pull/31152 Signed-off-by: Sam James <sam <AT> gentoo.org> net-misc/curl/Manifest | 2 + net-misc/curl/curl-8.0.1.ebuild | 2 +- net-misc/curl/curl-8.1.0-r1.ebuild | 2 +- .../{curl-8.1.0-r1.ebuild => curl-8.1.1.ebuild} | 46 ++++++++++++++-------- .../curl/{curl-8.0.1.ebuild => curl-9999.ebuild} | 40 ++++++++++++------- net-misc/curl/files/curl-8.1.1-hanging-http2.patch | 36 +++++++++++++++++ ...{curl-7.30.0-prefix.patch => curl-prefix.patch} | 0 7 files changed, 94 insertions(+), 34 deletions(-) diff --git a/net-misc/curl/Manifest b/net-misc/curl/Manifest index 23d992711598..2d5667e3574a 100644 --- a/net-misc/curl/Manifest +++ b/net-misc/curl/Manifest @@ -2,3 +2,5 @@ DIST curl-8.0.1.tar.xz 2575544 BLAKE2B 67d82e9d71f0a351b5c2ed3ad5eab02e367ded872 DIST curl-8.0.1.tar.xz.asc 488 BLAKE2B 452e1bebe1028e7621bbf8829e50cf56e254cd63a8cf2a4c0332176b9f18fb2821304ae556a203996d273c986bddbd04db2218c18fd34dee66e9155861ba50ce SHA512 92c6a0570e9a8a708fe2f717b8b37a68dcb9cd4520ca50c9baafec5891bda103bce2d2dcb67f1387bf11bd7e51e0e64ccd52d196e61d58b598ad3aa1960386cf DIST curl-8.1.0.tar.xz 2612568 BLAKE2B 768a824b8f5f6ddaa073599c4106f07a8134bcbe0e0d666390be1bce16ba25386d85930853bb47bc90b2c8a499a0b2abb9c685042563801e0fe58b9c315ac6cc SHA512 b99926f372ddd715cd1d2b54d8fb96b26b085e6501715e25aa57b6c6a7f8452473506ddb284e2f280f8afdb301b7f0c3bfde7ad7ed393b12c022430a9301096d DIST curl-8.1.0.tar.xz.asc 488 BLAKE2B c1a8e50eddc7dd140af2af29736eb486e96a6d3b67a9161244daa86558f65522527380c92597a5f10e5dad187f0bda6ac5b9cadc29386bef4492bc047c77b423 SHA512 191a74c7a6b6aa78b7f36e1535fda0701bde8b333a61c90343e1f1b2d65cc5097b5febc5fa42b2f373795ef1b34078790deaaa71c8aaa45eed1c753729a45f3d +DIST curl-8.1.1.tar.xz 2613348 BLAKE2B 465a3237335e73665086ac43f5c66cfbab7e9b163e1ae0e2345da82f9c736d87fccf4d76369cc069abc29621f10db7ddbf22d0337db9ca85042bb12438d4aaed SHA512 d034b1ab9c00e8a0acf7ba6c6344734945d45666b4f38394f5456fcd9b22623146a897270861b7411412ca25c912e1bbf24eb139a6dfc1a8c00d098b3b925399 +DIST curl-8.1.1.tar.xz.asc 488 BLAKE2B c92017d0fe4933d6c27d833944c231967263607a7871a658e0cbb9de46f7df8dfbec141e269296caf17ced004fb2b237b8311ec9f7bf98f03fb405b5755950fc SHA512 6a71c18d67de8c340b5d80c7452a82c00f7ef466f690eec12edcd6123aee6866e8a0e757e1cc6c9af87a63fdeaafbc9fc1b1a4e2e0fd8a75b5952d4738fd0b27 diff --git a/net-misc/curl/curl-8.0.1.ebuild b/net-misc/curl/curl-8.0.1.ebuild index 4b4b1f3aac45..4f21364a91e4 100644 --- a/net-misc/curl/curl-8.0.1.ebuild +++ b/net-misc/curl/curl-8.0.1.ebuild @@ -106,7 +106,7 @@ QA_CONFIG_IMPL_DECL_SKIP=( ) PATCHES=( - "${FILESDIR}"/${PN}-7.30.0-prefix.patch + "${FILESDIR}"/${PN}-prefix.patch "${FILESDIR}"/${PN}-respect-cflags-3.patch # Backports diff --git a/net-misc/curl/curl-8.1.0-r1.ebuild b/net-misc/curl/curl-8.1.0-r1.ebuild index 1121646ce126..cf964b638bcd 100644 --- a/net-misc/curl/curl-8.1.0-r1.ebuild +++ b/net-misc/curl/curl-8.1.0-r1.ebuild @@ -106,7 +106,7 @@ QA_CONFIG_IMPL_DECL_SKIP=( ) PATCHES=( - "${FILESDIR}"/${PN}-7.30.0-prefix.patch + "${FILESDIR}"/${PN}-prefix.patch "${FILESDIR}"/${PN}-respect-cflags-3.patch ### Backports "${FILESDIR}"/${P}-numeric-hostname.patch diff --git a/net-misc/curl/curl-8.1.0-r1.ebuild b/net-misc/curl/curl-8.1.1.ebuild similarity index 88% copy from net-misc/curl/curl-8.1.0-r1.ebuild copy to net-misc/curl/curl-8.1.1.ebuild index 1121646ce126..1f799eeab629 100644 --- a/net-misc/curl/curl-8.1.0-r1.ebuild +++ b/net-misc/curl/curl-8.1.1.ebuild @@ -8,20 +8,28 @@ inherit autotools multilib-minimal prefix verify-sig DESCRIPTION="A Client that groks URLs" HOMEPAGE="https://curl.se/"; -SRC_URI=" - https://curl.se/download/${P}.tar.xz - verify-sig? ( https://curl.se/download/${P}.tar.xz.asc ) -" + +if [[ ${PV} == 9999 ]]; then + inherit git-r3 + EGIT_REPO_URI="https://github.com/curl/curl.git"; +else + SRC_URI=" + https://curl.se/download/${P}.tar.xz + verify-sig? ( https://curl.se/download/${P}.tar.xz.asc ) + " + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +fi LICENSE="curl" SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" IUSE="+adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd" +# These select the default SSL implementation IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_rustls" IUSE+=" nghttp3" RESTRICT="!test? ( test )" # Only one default ssl provider can be enabled +# The default ssl provider needs its USE satisfied REQUIRED_USE=" ssl? ( ^^ ( @@ -32,6 +40,11 @@ REQUIRED_USE=" curl_ssl_rustls ) ) + curl_ssl_gnutls? ( gnutls ) + curl_ssl_mbedtls? ( mbedtls ) + curl_ssl_nss? ( nss ) + curl_ssl_openssl? ( openssl ) + curl_ssl_rustls? ( rustls ) " RDEPEND=" @@ -106,11 +119,11 @@ QA_CONFIG_IMPL_DECL_SKIP=( ) PATCHES=( - "${FILESDIR}"/${PN}-7.30.0-prefix.patch + "${FILESDIR}"/${PN}-prefix.patch "${FILESDIR}"/${PN}-respect-cflags-3.patch + ### Backports - "${FILESDIR}"/${P}-numeric-hostname.patch - "${FILESDIR}"/${P}-header-length.patch + "${FILESDIR}"/${P}-hanging-http2.patch ) src_prepare() { @@ -127,27 +140,26 @@ multilib_src_configure() { local myconf=() myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt ) - #myconf+=( --without-default-ssl-backend ) if use ssl ; then myconf+=( --without-gnutls --without-mbedtls --without-nss --without-rustls ) - if use gnutls || use curl_ssl_gnutls; then + if use gnutls; then einfo "SSL provided by gnutls" myconf+=( --with-gnutls ) fi - if use mbedtls || use curl_ssl_mbedtls; then + if use mbedtls; then einfo "SSL provided by mbedtls" myconf+=( --with-mbedtls ) fi - if use nss || use curl_ssl_nss; then + if use nss; then einfo "SSL provided by nss" myconf+=( --with-nss --with-nss-deprecated ) fi - if use openssl || use curl_ssl_openssl; then + if use openssl; then einfo "SSL provided by openssl" myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs ) fi - if use rustls || use curl_ssl_rustls; then + if use rustls; then einfo "SSL provided by rustls" myconf+=( --with-rustls ) fi @@ -304,9 +316,9 @@ multilib_src_test() { # -k: keep test files after completion # -am: automake style TAP output # -p: print logs if test fails - # Note: if needed, we can skip specific tests. Prefix the test number in TFLAGS - # with a '!'. For example, to skip test 241 and 1083, use '!241 !1083'. - # See https://github.com/curl/curl/tree/master/tests#run for advanced test selection. + # Note: if needed, we can skip specific tests. See e.g. Fedora's packaging + # or just read https://github.com/curl/curl/tree/master/tests#run. + # Note: we don't run the testsuite for cross-compilation. # The network sandbox causes tests 241 and 1083 to fail; these are typically skipped # as most gentoo users don't have an 'ip6-localhost' multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p !241 !1083" diff --git a/net-misc/curl/curl-8.0.1.ebuild b/net-misc/curl/curl-9999.ebuild similarity index 90% copy from net-misc/curl/curl-8.0.1.ebuild copy to net-misc/curl/curl-9999.ebuild index 4b4b1f3aac45..780b2f6446f1 100644 --- a/net-misc/curl/curl-8.0.1.ebuild +++ b/net-misc/curl/curl-9999.ebuild @@ -8,20 +8,28 @@ inherit autotools multilib-minimal prefix verify-sig DESCRIPTION="A Client that groks URLs" HOMEPAGE="https://curl.se/"; -SRC_URI=" - https://curl.se/download/${P}.tar.xz - verify-sig? ( https://curl.se/download/${P}.tar.xz.asc ) -" + +if [[ ${PV} == 9999 ]]; then + inherit git-r3 + EGIT_REPO_URI="https://github.com/curl/curl.git"; +else + SRC_URI=" + https://curl.se/download/${P}.tar.xz + verify-sig? ( https://curl.se/download/${P}.tar.xz.asc ) + " + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +fi LICENSE="curl" SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" IUSE="+adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd" +# These select the default SSL implementation IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_rustls" IUSE+=" nghttp3" RESTRICT="!test? ( test )" # Only one default ssl provider can be enabled +# The default ssl provider needs its USE satisfied REQUIRED_USE=" ssl? ( ^^ ( @@ -32,6 +40,11 @@ REQUIRED_USE=" curl_ssl_rustls ) ) + curl_ssl_gnutls? ( gnutls ) + curl_ssl_mbedtls? ( mbedtls ) + curl_ssl_nss? ( nss ) + curl_ssl_openssl? ( openssl ) + curl_ssl_rustls? ( rustls ) " RDEPEND=" @@ -106,11 +119,8 @@ QA_CONFIG_IMPL_DECL_SKIP=( ) PATCHES=( - "${FILESDIR}"/${PN}-7.30.0-prefix.patch + "${FILESDIR}"/${PN}-prefix.patch "${FILESDIR}"/${PN}-respect-cflags-3.patch - - # Backports - "${FILESDIR}"/${PN}-8.0.1-onion-resolution.patch ) src_prepare() { @@ -127,27 +137,26 @@ multilib_src_configure() { local myconf=() myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt ) - #myconf+=( --without-default-ssl-backend ) if use ssl ; then myconf+=( --without-gnutls --without-mbedtls --without-nss --without-rustls ) - if use gnutls || use curl_ssl_gnutls; then + if use gnutls; then einfo "SSL provided by gnutls" myconf+=( --with-gnutls ) fi - if use mbedtls || use curl_ssl_mbedtls; then + if use mbedtls; then einfo "SSL provided by mbedtls" myconf+=( --with-mbedtls ) fi - if use nss || use curl_ssl_nss; then + if use nss; then einfo "SSL provided by nss" myconf+=( --with-nss --with-nss-deprecated ) fi - if use openssl || use curl_ssl_openssl; then + if use openssl; then einfo "SSL provided by openssl" myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs ) fi - if use rustls || use curl_ssl_rustls; then + if use rustls; then einfo "SSL provided by rustls" myconf+=( --with-rustls ) fi @@ -306,6 +315,7 @@ multilib_src_test() { # -p: print logs if test fails # Note: if needed, we can skip specific tests. See e.g. Fedora's packaging # or just read https://github.com/curl/curl/tree/master/tests#run. + # Note: we don't run the testsuite for cross-compilation. multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p" } diff --git a/net-misc/curl/files/curl-8.1.1-hanging-http2.patch b/net-misc/curl/files/curl-8.1.1-hanging-http2.patch new file mode 100644 index 000000000000..4777c4dd35ed --- /dev/null +++ b/net-misc/curl/files/curl-8.1.1-hanging-http2.patch @@ -0,0 +1,36 @@ +https://github.com/curl/curl/commit/5c58cb0212bcf63cce33a974906bf9905948b4bb +From: Stefan Eissing <ste...@eissing.org> +Date: Wed, 24 May 2023 18:48:16 +0200 +Subject: [PATCH] http2: fix EOF handling on uploads with auth negotiation + +- doing a POST with `--digest` does an override on the initial request + with `Content-Length: 0`, but the http2 filter was unaware of that + and expected the originally request body. It did therefore not + send a final DATA frame with EOF flag to the server. +- The fix overrides any initial notion of post size when the `done_send` + event is triggered by the transfer loop, leading to the EOF that + is necessary. +- refs #11194. The fault did not happen in testing, as Apache httpd + never tries to read the request body of the initial request, + sends the 401 reply and closes the stream. The server used in the + reported issue however tried to read the EOF and timed out on the + request. + +Reported-by: Aleksander Mazur +Fixes #11194 +Cloes #11200 +--- a/lib/http2.c ++++ b/lib/http2.c +@@ -1527,10 +1527,8 @@ static CURLcode http2_data_done_send(struct Curl_cfilter *cf, + if(!stream->send_closed) { + stream->send_closed = TRUE; + if(stream->upload_left) { +- /* If we operated with unknown length, we now know that everything +- * that is buffered is all we have to send. */ +- if(stream->upload_left == -1) +- stream->upload_left = Curl_bufq_len(&stream->sendbuf); ++ /* we now know that everything that is buffered is all there is. */ ++ stream->upload_left = Curl_bufq_len(&stream->sendbuf); + /* resume sending here to trigger the callback to get called again so + that it can signal EOF to nghttp2 */ + (void)nghttp2_session_resume_data(ctx->h2, stream->id); diff --git a/net-misc/curl/files/curl-7.30.0-prefix.patch b/net-misc/curl/files/curl-prefix.patch similarity index 100% rename from net-misc/curl/files/curl-7.30.0-prefix.patch rename to net-misc/curl/files/curl-prefix.patch
