diff --git a/changelog/security/2022-07-15-curl-7.84.0.md b/changelog/security/2022-07-15-curl-7.84.0.md new file mode 100644 index 0000000000..2f842ccde5 --- /dev/null +++ b/changelog/security/2022-07-15-curl-7.84.0.md @@ -0,0 +1 @@ +- curl ([CVE-2022-32205](https://nvd.nist.gov/vuln/detail/CVE-2022-32205), [CVE-2022-32206](https://nvd.nist.gov/vuln/detail/CVE-2022-32206), [CVE-2022-32207](https://nvd.nist.gov/vuln/detail/CVE-2022-32207), [CVE-2022-32208](https://nvd.nist.gov/vuln/detail/CVE-2022-32208)) diff --git a/changelog/updates/2022-07-15-curl-7.84.0.md b/changelog/updates/2022-07-15-curl-7.84.0.md new file mode 100644 index 0000000000..a6e2635ddb --- /dev/null +++ b/changelog/updates/2022-07-15-curl-7.84.0.md @@ -0,0 +1 @@ +- curl ([7.84.0](https://github.com/curl/curl/releases/tag/curl-7_84_0)) diff --git a/net-misc/curl/Manifest b/net-misc/curl/Manifest index 47dec81c65..b649227f05 100644 --- a/net-misc/curl/Manifest +++ b/net-misc/curl/Manifest @@ -1,12 +1,6 @@ DIST curl-7.79.1.tar.xz 2465212 BLAKE2B 2b694f96661c0aa0a136fdae4159e0ca8e811557c5a1f0b47cccaaad122f3ddbdaa6450c3835290955baf9357e872ee105a8cb0912064af3d3e38d16beb124ad SHA512 1edb71647a7f4dbb070baf1a019b4751aefeda793ff523c504410bb5cc74e5bffc52f20dd889697d1585f9ca3c4e81b1a9caadd182c30c8358ffd25f33e4db4d DIST curl-7.79.1.tar.xz.asc 488 BLAKE2B cf1864b15ee4b47a61a03968c4fd9526d4c8d0c5a8a0a1357de61758640e6dfda57334df1e63afd94c0064b7e61527623dd20446b27fa0130e0bf92c647d9820 SHA512 4f7930fde0a21358cf0bd8d5cbde5a05efc34202265b4744e59f49d9dc269987f47b4ead77c33e2ae03acabd7b6d6a731c69b91999eea70542f49d9ea0c2ba94 -DIST curl-7.80.0.tar.xz 2474492 BLAKE2B 0452ecb6943bc56b20ad8f1223135c9cae68cf31089b0e17e84d81af98dc5a47f5edfc271c5b4c23f232db6cea7ff5a9bffa9c7c319255d9afdb06fa5b8f761f SHA512 e04ddd74b0d5b3607a29bcf5d379d83a01c7dffa4ad3e2f25d8c85a3df7dbdb0625b0df1f04f02351695674502828e0e17e8b46c889cbf1e43f86d6e6dd716ab -DIST curl-7.80.0.tar.xz.asc 488 BLAKE2B 5cde8a91059bb19b9ee9b1aa4c3225522398a0d5837edf3d99b7f9ea758e5df2a729ce1d0a9763967c2319c30d94ba80ff50888dec07665a818216d42b91feee SHA512 e11adb85fb061bba8838f435f6afb200924f24cb7351d9a8208ec3d317d8ef8c1e16f06dedfc623acc749931015c42dcd86236a53602c6632b3a750841345b05 -DIST curl-7.81.0.tar.xz 2486388 BLAKE2B bf8a3a03564648a9d7a5b4e7a523d840230f03237cf9eb5b07dcb4f531b036eb8111c1944bedd0c1df188e09a09468b3487d24ea50781124bc33d194546691f4 SHA512 38355aaee38db04bb2babdc5fd7a88284580c836d15df754f42b104997dd344b7841be8e53b4fc91aea31db170a7d6967c4976833eb4bfe0d265c7275c4800df -DIST curl-7.81.0.tar.xz.asc 488 BLAKE2B 9280f10b14ddd95a1405fda79f8c51528c91c5e86b8f90d16d20d7f11d212e6e4391377eed971d0b0b27f5f4692c702e9d7a11705f0558ad39df38608d6a0648 SHA512 ca32a639900a9f8211005227dfb594f809c5ca5ec1eb87e944ef33cca60e4844f5b6ebe49de79fba53068e5dee9652b1d43a7d3a74e05419a2ffb5b40dab8176 -DIST curl-7.82.0.tar.xz 2446764 BLAKE2B 838accae4a45c090909cff91477a023789a79535691c80e507fd9e9712861b0c08e25ecd26079cb8ac8946cdf429a50991a7521e7b550b43c19e455625bc0750 SHA512 a977d69360d1793f8872096a21f5c0271e7ad145cd69ad45f4056a0657772f0f298b04bdb41aefd4ea5c4478352c60d80b5a118642280a07a7198aa80ffb1d57 -DIST curl-7.82.0.tar.xz.asc 488 BLAKE2B 9da4ea63671621df956aa5dc191cfc6c8d2a8b1958416ca58ffc04d43ed65b89244968588879e6bd3299ca8f60b1eccb34dede012f8a2a37acf3ca34021da958 SHA512 1f14d8ab55360ba735dff916369ee318e98767718394654ce9443b6013509b6d3ed5597685b142e9823cec7496373b709a8656515d66039c06783879655151fe -DIST curl-7.83.0.tar.xz 2472560 BLAKE2B 0669f40265a56e7549e8038ed8421680d7264bff44dcc0692cf9f5248621311be5e228314710149bf9d2ccbe739f929039e04402c1d04a1362d0bbf08cb8cdc7 SHA512 be02bb2a8a3140eff3a9046f27cd4f872ed9ddaa644af49e56e5ef7dfec84a15b01db133469269437cddc937eda73953fa8c51bb758f7e98873822cd2290d3a9 -DIST curl-7.83.0.tar.xz.asc 488 BLAKE2B a8f6dcf00f1b01b457a7eecc8364538393f414df60757f3664709c62b6007023a34ddf4ecb4688734e396031d30905b490dd0c115f09a9428db6a6be97cdf72c SHA512 8fb90f9692f4fdb82ea49f0e5151219b2334da5d3910f28e787bb688fb055b8b028ccf75cdcc15cd9f86d780d479f88f902fef7d7b9e007a4b849cb25c6c13cc DIST curl-7.83.1.tar.xz 2474940 BLAKE2B 491427b12f082c2246ef6cb2a129340079db28bd93b4381889e7328bef1d61a79bb57cba4b8372759baa4f6e77644966ed95cfa8f839ee9db634786757fb1ce0 SHA512 2f63327d6d3687ba36fb7b8d5d3d15599eca33ebfb08681613612ea9c4b629d3b6ce4d2742fa1ebd7a997ed332001d3a4c798985f9277c83b9e7a9aecdb1b1ee DIST curl-7.83.1.tar.xz.asc 488 BLAKE2B 78f7a6d9a32cab97e9ce26430eb2be2bc4e20552cf8c59238f30f127e9d7af5b4f9808c3fe0846c18c8f7a67b49f2f75d865d17b7760bb664872934799949441 SHA512 f0d29de315488c844eb81ed5a89ed6334910970224c8cac43e7e6f2d58c35ad0064c0b6122e69b3a34ce91f4b56873c63e2e8aea1c602ef40711bfd62a01b191 +DIST curl-7.84.0.tar.xz 2477944 BLAKE2B 811a63285f39a598bc4fd73ae4b8e23e5146b93dcf3eea805345792b7dddd85bbd54240d9871a0dc9f058d58fd7ea7f4efbcb82727218e8afaaae3600bad55e1 SHA512 86231866a35593a1637fbc0c6af3b6761bdfd99fb35580cc52970c36f19604f93dce59fea67a1d5bb4b455f719307599c7916c77d14f2b661f6bf7fb1ca716ce +DIST curl-7.84.0.tar.xz.asc 488 BLAKE2B d74dea89fa89b6ed0a928e01987669f7dde0bcbb30423ea0f3af9f31eea1e059d458629d80455d772264d744fab236d4f506545afa1bfbd6ded7e2b27192a7c8 SHA512 80ff5274277ad97448fa53511bab6e8a1c302bcb25fc0916d78b8dc6c6af43d944c37c4ed46668b651cc639ec4964780725117ca0e85168ea66ad7cc98d29702 diff --git a/net-misc/curl/curl-7.80.0-r1.ebuild b/net-misc/curl/curl-7.80.0-r1.ebuild deleted file mode 100644 index f1c2d68386..0000000000 --- a/net-misc/curl/curl-7.80.0-r1.ebuild +++ /dev/null @@ -1,278 +0,0 @@ -# Copyright 1999-2022 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI="7" - -inherit autotools prefix multilib-minimal verify-sig - -DESCRIPTION="A Client that groks URLs" -HOMEPAGE="https://curl.haxx.se/" -SRC_URI="https://curl.haxx.se/download/${P}.tar.xz - verify-sig? ( https://curl.haxx.se/download/${P}.tar.xz.asc )" - -LICENSE="curl" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -IUSE="adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap ipv6 kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp samba +smtp ssh ssl sslv3 static-libs test telnet +tftp threads zstd" -IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl" -IUSE+=" nghttp3 quiche" -VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/danielstenberg.asc - -# c-ares must be disabled for threads -# only one default ssl provider can be enabled -REQUIRED_USE=" - threads? ( !adns ) - ssl? ( - ^^ ( - curl_ssl_gnutls - curl_ssl_mbedtls - curl_ssl_nss - curl_ssl_openssl - ) - )" - -# lead to lots of false negatives, bug #285669 -RESTRICT="!test? ( test )" - -RDEPEND="ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] ) - brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] ) - ssl? ( - gnutls? ( - net-libs/gnutls:0=[static-libs?,${MULTILIB_USEDEP}] - dev-libs/nettle:0=[${MULTILIB_USEDEP}] - app-misc/ca-certificates - ) - mbedtls? ( - net-libs/mbedtls:0=[${MULTILIB_USEDEP}] - app-misc/ca-certificates - ) - openssl? ( - dev-libs/openssl:0=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}] - ) - nss? ( - dev-libs/nss:0[${MULTILIB_USEDEP}] - app-misc/ca-certificates - ) - ) - http2? ( net-libs/nghttp2:=[${MULTILIB_USEDEP}] ) - nghttp3? ( - net-libs/nghttp3[${MULTILIB_USEDEP}] - net-libs/ngtcp2[ssl,${MULTILIB_USEDEP}] - ) - quiche? ( >=net-libs/quiche-0.3.0[${MULTILIB_USEDEP}] ) - idn? ( net-dns/libidn2:0=[static-libs?,${MULTILIB_USEDEP}] ) - adns? ( net-dns/c-ares:0=[${MULTILIB_USEDEP}] ) - kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] ) - rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] ) - ssh? ( net-libs/libssh2[${MULTILIB_USEDEP}] ) - sys-libs/zlib[${MULTILIB_USEDEP}] - zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )" - -# Do we need to enforce the same ssl backend for curl and rtmpdump? Bug #423303 -# rtmp? ( -# media-video/rtmpdump -# curl_ssl_gnutls? ( media-video/rtmpdump[gnutls] ) -# curl_ssl_openssl? ( media-video/rtmpdump[-gnutls,ssl] ) -# ) - -DEPEND="${RDEPEND}" -BDEPEND="dev-lang/perl - virtual/pkgconfig - test? ( - sys-apps/diffutils - ) - verify-sig? ( sec-keys/openpgp-keys-danielstenberg )" - -DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} ) - -MULTILIB_WRAPPED_HEADERS=( - /usr/include/curl/curlbuild.h -) - -MULTILIB_CHOST_TOOLS=( - /usr/bin/curl-config -) - -PATCHES=( - "${FILESDIR}"/${PN}-7.30.0-prefix.patch - "${FILESDIR}"/${PN}-respect-cflags-3.patch -) - -src_prepare() { - default - - eprefixify curl-config.in - eautoreconf -} - -multilib_src_configure() { - # We make use of the fact that later flags override earlier ones - # So start with all ssl providers off until proven otherwise - # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/) - local myconf=() - - myconf+=( --without-gnutls --without-mbedtls --without-nss --without-ssl ) - myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt ) - #myconf+=( --without-default-ssl-backend ) - if use ssl ; then - if use gnutls || use curl_ssl_gnutls; then - einfo "SSL provided by gnutls" - myconf+=( --with-gnutls --with-nettle ) - fi - if use mbedtls || use curl_ssl_mbedtls; then - einfo "SSL provided by mbedtls" - myconf+=( --with-mbedtls ) - fi - if use nss || use curl_ssl_nss; then - einfo "SSL provided by nss" - myconf+=( --with-nss ) - fi - if use openssl || use curl_ssl_openssl; then - einfo "SSL provided by openssl" - myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs ) - fi - - if use curl_ssl_gnutls; then - einfo "Default SSL provided by gnutls" - myconf+=( --with-default-ssl-backend=gnutls ) - elif use curl_ssl_mbedtls; then - einfo "Default SSL provided by mbedtls" - myconf+=( --with-default-ssl-backend=mbedtls ) - elif use curl_ssl_nss; then - einfo "Default SSL provided by nss" - myconf+=( --with-default-ssl-backend=nss ) - elif use curl_ssl_openssl; then - einfo "Default SSL provided by openssl" - myconf+=( --with-default-ssl-backend=openssl ) - else - eerror "We can't be here because of REQUIRED_USE." - fi - - else - einfo "SSL disabled" - fi - - # These configuration options are organized alphabetically - # within each category. This should make it easier if we - # ever decide to make any of them contingent on USE flags: - # 1) protocols first. To see them all do - # 'grep SUPPORT_PROTOCOLS configure.ac' - # 2) --enable/disable options second. - # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort - # 3) --with/without options third. - # grep -- --with configure | grep Check | awk '{ print $4 }' | sort - - myconf+=( - $(use_enable alt-svc) - --enable-crypto-auth - --enable-dict - --disable-ech - --enable-file - $(use_enable ftp) - $(use_enable gopher) - $(use_enable hsts) - --enable-http - $(use_enable imap) - $(use_enable ldap) - $(use_enable ldap ldaps) - --enable-ntlm - --disable-ntlm-wb - $(use_enable pop3) - --enable-rt - --enable-rtsp - $(use_enable samba smb) - $(use_with ssh libssh2) - $(use_enable smtp) - $(use_enable telnet) - $(use_enable tftp) - --enable-tls-srp - $(use_enable adns ares) - --enable-cookies - --enable-dateparse - --enable-dnsshuffle - --enable-doh - --enable-symbol-hiding - --enable-http-auth - $(use_enable ipv6) - --enable-largefile - --enable-manual - --enable-mime - --enable-netrc - $(use_enable progress-meter) - --enable-proxy - --disable-sspi - $(use_enable static-libs static) - $(use_enable threads threaded-resolver) - $(use_enable threads pthreads) - --disable-versioned-symbols - --without-amissl - --without-bearssl - $(use_with brotli) - --without-fish-functions-dir - $(use_with http2 nghttp2) - --without-hyper - $(use_with idn libidn2) - $(use_with kerberos gssapi "${EPREFIX}"/usr) - --without-libgsasl - --without-libpsl - $(use_with nghttp3) - $(use_with nghttp3 ngtcp2) - $(use_with quiche) - $(use_with rtmp librtmp) - --without-rustls - --without-schannel - --without-secure-transport - --without-winidn - --without-wolfssl - --with-zlib - $(use_with zstd) - ) - - ECONF_SOURCE="${S}" \ - econf "${myconf[@]}" - - if ! multilib_is_native_abi; then - # avoid building the client - sed -i -e '/SUBDIRS/s:src::' Makefile || die - sed -i -e '/SUBDIRS/s:scripts::' Makefile || die - fi - - # Fix up the pkg-config file to be more robust. - # https://github.com/curl/curl/issues/864 - local priv=() libs=() - # We always enable zlib. - libs+=( "-lz" ) - priv+=( "zlib" ) - if use http2; then - libs+=( "-lnghttp2" ) - priv+=( "libnghttp2" ) - fi - if use quiche; then - libs+=( "-lquiche" ) - priv+=( "quiche" ) - fi - if use nghttp3; then - libs+=( "-lnghttp3" "-lngtcp2" ) - priv+=( "libnghttp3" "-libtcp2" ) - fi - if use ssl && use curl_ssl_openssl; then - libs+=( "-lssl" "-lcrypto" ) - priv+=( "openssl" ) - fi - grep -q Requires.private libcurl.pc && die "need to update ebuild" - libs=$(printf '|%s' "${libs[@]}") - sed -i -r \ - -e "/^Libs.private/s:(${libs#|})( |$)::g" \ - libcurl.pc || die - echo "Requires.private: ${priv[*]}" >> libcurl.pc -} - -multilib_src_test() { - multilib_is_native_abi && default_src_test -} - -multilib_src_install_all() { - einstalldocs - find "${ED}" -type f -name '*.la' -delete || die - rm -rf "${ED}"/etc/ || die -} diff --git a/net-misc/curl/curl-7.81.0-r1.ebuild b/net-misc/curl/curl-7.81.0-r1.ebuild deleted file mode 100644 index e47b2c09b3..0000000000 --- a/net-misc/curl/curl-7.81.0-r1.ebuild +++ /dev/null @@ -1,278 +0,0 @@ -# Copyright 1999-2022 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI="8" - -inherit autotools prefix multilib-minimal verify-sig - -DESCRIPTION="A Client that groks URLs" -HOMEPAGE="https://curl.haxx.se/" -SRC_URI="https://curl.haxx.se/download/${P}.tar.xz - verify-sig? ( https://curl.haxx.se/download/${P}.tar.xz.asc )" - -LICENSE="curl" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -IUSE="adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap ipv6 kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp samba +smtp ssh ssl sslv3 static-libs test telnet +tftp threads zstd" -IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl" -IUSE+=" nghttp3 quiche" -VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/danielstenberg.asc - -# c-ares must be disabled for threads -# only one default ssl provider can be enabled -REQUIRED_USE=" - threads? ( !adns ) - ssl? ( - ^^ ( - curl_ssl_gnutls - curl_ssl_mbedtls - curl_ssl_nss - curl_ssl_openssl - ) - )" - -# lead to lots of false negatives, bug #285669 -RESTRICT="!test? ( test )" - -RDEPEND="ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] ) - brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] ) - ssl? ( - gnutls? ( - net-libs/gnutls:0=[static-libs?,${MULTILIB_USEDEP}] - dev-libs/nettle:0=[${MULTILIB_USEDEP}] - app-misc/ca-certificates - ) - mbedtls? ( - net-libs/mbedtls:0=[${MULTILIB_USEDEP}] - app-misc/ca-certificates - ) - openssl? ( - dev-libs/openssl:0=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}] - ) - nss? ( - dev-libs/nss:0[${MULTILIB_USEDEP}] - app-misc/ca-certificates - ) - ) - http2? ( net-libs/nghttp2:=[${MULTILIB_USEDEP}] ) - nghttp3? ( - net-libs/nghttp3[${MULTILIB_USEDEP}] - net-libs/ngtcp2[ssl,${MULTILIB_USEDEP}] - ) - quiche? ( >=net-libs/quiche-0.3.0[${MULTILIB_USEDEP}] ) - idn? ( net-dns/libidn2:0=[static-libs?,${MULTILIB_USEDEP}] ) - adns? ( net-dns/c-ares:0=[${MULTILIB_USEDEP}] ) - kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] ) - rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] ) - ssh? ( net-libs/libssh2[${MULTILIB_USEDEP}] ) - sys-libs/zlib[${MULTILIB_USEDEP}] - zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )" - -# Do we need to enforce the same ssl backend for curl and rtmpdump? Bug #423303 -# rtmp? ( -# media-video/rtmpdump -# curl_ssl_gnutls? ( media-video/rtmpdump[gnutls] ) -# curl_ssl_openssl? ( media-video/rtmpdump[-gnutls,ssl] ) -# ) - -DEPEND="${RDEPEND}" -BDEPEND="dev-lang/perl - virtual/pkgconfig - test? ( - sys-apps/diffutils - ) - verify-sig? ( sec-keys/openpgp-keys-danielstenberg )" - -DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} ) - -MULTILIB_WRAPPED_HEADERS=( - /usr/include/curl/curlbuild.h -) - -MULTILIB_CHOST_TOOLS=( - /usr/bin/curl-config -) - -PATCHES=( - "${FILESDIR}"/${PN}-7.30.0-prefix.patch - "${FILESDIR}"/${PN}-respect-cflags-3.patch -) - -src_prepare() { - default - - eprefixify curl-config.in - eautoreconf -} - -multilib_src_configure() { - # We make use of the fact that later flags override earlier ones - # So start with all ssl providers off until proven otherwise - # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/) - local myconf=() - - myconf+=( --without-gnutls --without-mbedtls --without-nss --without-ssl ) - myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt ) - #myconf+=( --without-default-ssl-backend ) - if use ssl ; then - if use gnutls || use curl_ssl_gnutls; then - einfo "SSL provided by gnutls" - myconf+=( --with-gnutls --with-nettle ) - fi - if use mbedtls || use curl_ssl_mbedtls; then - einfo "SSL provided by mbedtls" - myconf+=( --with-mbedtls ) - fi - if use nss || use curl_ssl_nss; then - einfo "SSL provided by nss" - myconf+=( --with-nss ) - fi - if use openssl || use curl_ssl_openssl; then - einfo "SSL provided by openssl" - myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs ) - fi - - if use curl_ssl_gnutls; then - einfo "Default SSL provided by gnutls" - myconf+=( --with-default-ssl-backend=gnutls ) - elif use curl_ssl_mbedtls; then - einfo "Default SSL provided by mbedtls" - myconf+=( --with-default-ssl-backend=mbedtls ) - elif use curl_ssl_nss; then - einfo "Default SSL provided by nss" - myconf+=( --with-default-ssl-backend=nss ) - elif use curl_ssl_openssl; then - einfo "Default SSL provided by openssl" - myconf+=( --with-default-ssl-backend=openssl ) - else - eerror "We can't be here because of REQUIRED_USE." - fi - - else - einfo "SSL disabled" - fi - - # These configuration options are organized alphabetically - # within each category. This should make it easier if we - # ever decide to make any of them contingent on USE flags: - # 1) protocols first. To see them all do - # 'grep SUPPORT_PROTOCOLS configure.ac' - # 2) --enable/disable options second. - # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort - # 3) --with/without options third. - # grep -- --with configure | grep Check | awk '{ print $4 }' | sort - - myconf+=( - $(use_enable alt-svc) - --enable-crypto-auth - --enable-dict - --disable-ech - --enable-file - $(use_enable ftp) - $(use_enable gopher) - $(use_enable hsts) - --enable-http - $(use_enable imap) - $(use_enable ldap) - $(use_enable ldap ldaps) - --enable-ntlm - --disable-ntlm-wb - $(use_enable pop3) - --enable-rt - --enable-rtsp - $(use_enable samba smb) - $(use_with ssh libssh2) - $(use_enable smtp) - $(use_enable telnet) - $(use_enable tftp) - --enable-tls-srp - $(use_enable adns ares) - --enable-cookies - --enable-dateparse - --enable-dnsshuffle - --enable-doh - --enable-symbol-hiding - --enable-http-auth - $(use_enable ipv6) - --enable-largefile - --enable-manual - --enable-mime - --enable-netrc - $(use_enable progress-meter) - --enable-proxy - --disable-sspi - $(use_enable static-libs static) - $(use_enable threads threaded-resolver) - $(use_enable threads pthreads) - --disable-versioned-symbols - --without-amissl - --without-bearssl - $(use_with brotli) - --without-fish-functions-dir - $(use_with http2 nghttp2) - --without-hyper - $(use_with idn libidn2) - $(use_with kerberos gssapi "${EPREFIX}"/usr) - --without-libgsasl - --without-libpsl - $(use_with nghttp3) - $(use_with nghttp3 ngtcp2) - $(use_with quiche) - $(use_with rtmp librtmp) - --without-rustls - --without-schannel - --without-secure-transport - --without-winidn - --without-wolfssl - --with-zlib - $(use_with zstd) - ) - - ECONF_SOURCE="${S}" \ - econf "${myconf[@]}" - - if ! multilib_is_native_abi; then - # avoid building the client - sed -i -e '/SUBDIRS/s:src::' Makefile || die - sed -i -e '/SUBDIRS/s:scripts::' Makefile || die - fi - - # Fix up the pkg-config file to be more robust. - # https://github.com/curl/curl/issues/864 - local priv=() libs=() - # We always enable zlib. - libs+=( "-lz" ) - priv+=( "zlib" ) - if use http2; then - libs+=( "-lnghttp2" ) - priv+=( "libnghttp2" ) - fi - if use quiche; then - libs+=( "-lquiche" ) - priv+=( "quiche" ) - fi - if use nghttp3; then - libs+=( "-lnghttp3" "-lngtcp2" ) - priv+=( "libnghttp3" "-libtcp2" ) - fi - if use ssl && use curl_ssl_openssl; then - libs+=( "-lssl" "-lcrypto" ) - priv+=( "openssl" ) - fi - grep -q Requires.private libcurl.pc && die "need to update ebuild" - libs=$(printf '|%s' "${libs[@]}") - sed -i -r \ - -e "/^Libs.private/s:(${libs#|})( |$)::g" \ - libcurl.pc || die - echo "Requires.private: ${priv[*]}" >> libcurl.pc -} - -multilib_src_test() { - multilib_is_native_abi && default_src_test -} - -multilib_src_install_all() { - einstalldocs - find "${ED}" -type f -name '*.la' -delete || die - rm -rf "${ED}"/etc/ || die -} diff --git a/net-misc/curl/curl-7.82.0-r2.ebuild b/net-misc/curl/curl-7.82.0-r2.ebuild deleted file mode 100644 index e4a7ea60d9..0000000000 --- a/net-misc/curl/curl-7.82.0-r2.ebuild +++ /dev/null @@ -1,279 +0,0 @@ -# Copyright 1999-2022 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI="8" - -inherit autotools prefix multilib-minimal verify-sig - -DESCRIPTION="A Client that groks URLs" -HOMEPAGE="https://curl.haxx.se/" -SRC_URI="https://curl.haxx.se/download/${P}.tar.xz - verify-sig? ( https://curl.haxx.se/download/${P}.tar.xz.asc )" - -LICENSE="curl" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -IUSE="adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap ipv6 kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp samba +smtp ssh ssl sslv3 static-libs test telnet +tftp threads zstd" -IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl" -IUSE+=" nghttp3 quiche" -VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/danielstenberg.asc - -# c-ares must be disabled for threads -# only one default ssl provider can be enabled -REQUIRED_USE=" - threads? ( !adns ) - ssl? ( - ^^ ( - curl_ssl_gnutls - curl_ssl_mbedtls - curl_ssl_nss - curl_ssl_openssl - ) - )" - -# lead to lots of false negatives, bug #285669 -RESTRICT="!test? ( test )" - -RDEPEND="ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] ) - brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] ) - ssl? ( - gnutls? ( - net-libs/gnutls:0=[static-libs?,${MULTILIB_USEDEP}] - dev-libs/nettle:0=[${MULTILIB_USEDEP}] - app-misc/ca-certificates - ) - mbedtls? ( - net-libs/mbedtls:0=[${MULTILIB_USEDEP}] - app-misc/ca-certificates - ) - openssl? ( - dev-libs/openssl:0=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}] - ) - nss? ( - dev-libs/nss:0[${MULTILIB_USEDEP}] - app-misc/ca-certificates - ) - ) - http2? ( net-libs/nghttp2:=[${MULTILIB_USEDEP}] ) - nghttp3? ( - net-libs/nghttp3[${MULTILIB_USEDEP}] - net-libs/ngtcp2[ssl,${MULTILIB_USEDEP}] - ) - quiche? ( >=net-libs/quiche-0.3.0[${MULTILIB_USEDEP}] ) - idn? ( net-dns/libidn2:0=[static-libs?,${MULTILIB_USEDEP}] ) - adns? ( net-dns/c-ares:0=[${MULTILIB_USEDEP}] ) - kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] ) - rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] ) - ssh? ( net-libs/libssh2[${MULTILIB_USEDEP}] ) - sys-libs/zlib[${MULTILIB_USEDEP}] - zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )" - -# Do we need to enforce the same ssl backend for curl and rtmpdump? Bug #423303 -# rtmp? ( -# media-video/rtmpdump -# curl_ssl_gnutls? ( media-video/rtmpdump[gnutls] ) -# curl_ssl_openssl? ( media-video/rtmpdump[-gnutls,ssl] ) -# ) - -DEPEND="${RDEPEND}" -BDEPEND="dev-lang/perl - virtual/pkgconfig - test? ( - sys-apps/diffutils - ) - verify-sig? ( sec-keys/openpgp-keys-danielstenberg )" - -DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} ) - -MULTILIB_WRAPPED_HEADERS=( - /usr/include/curl/curlbuild.h -) - -MULTILIB_CHOST_TOOLS=( - /usr/bin/curl-config -) - -PATCHES=( - "${FILESDIR}"/${PN}-7.30.0-prefix.patch - "${FILESDIR}"/${PN}-respect-cflags-3.patch - "${FILESDIR}"/${P}-certs-processing.patch -) - -src_prepare() { - default - - eprefixify curl-config.in - eautoreconf -} - -multilib_src_configure() { - # We make use of the fact that later flags override earlier ones - # So start with all ssl providers off until proven otherwise - # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/) - local myconf=() - - myconf+=( --without-gnutls --without-mbedtls --without-nss --without-ssl ) - myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt ) - #myconf+=( --without-default-ssl-backend ) - if use ssl ; then - if use gnutls || use curl_ssl_gnutls; then - einfo "SSL provided by gnutls" - myconf+=( --with-gnutls --with-nettle ) - fi - if use mbedtls || use curl_ssl_mbedtls; then - einfo "SSL provided by mbedtls" - myconf+=( --with-mbedtls ) - fi - if use nss || use curl_ssl_nss; then - einfo "SSL provided by nss" - myconf+=( --with-nss --with-nss-deprecated ) - fi - if use openssl || use curl_ssl_openssl; then - einfo "SSL provided by openssl" - myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs ) - fi - - if use curl_ssl_gnutls; then - einfo "Default SSL provided by gnutls" - myconf+=( --with-default-ssl-backend=gnutls ) - elif use curl_ssl_mbedtls; then - einfo "Default SSL provided by mbedtls" - myconf+=( --with-default-ssl-backend=mbedtls ) - elif use curl_ssl_nss; then - einfo "Default SSL provided by nss" - myconf+=( --with-default-ssl-backend=nss ) - elif use curl_ssl_openssl; then - einfo "Default SSL provided by openssl" - myconf+=( --with-default-ssl-backend=openssl ) - else - eerror "We can't be here because of REQUIRED_USE." - fi - - else - einfo "SSL disabled" - fi - - # These configuration options are organized alphabetically - # within each category. This should make it easier if we - # ever decide to make any of them contingent on USE flags: - # 1) protocols first. To see them all do - # 'grep SUPPORT_PROTOCOLS configure.ac' - # 2) --enable/disable options second. - # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort - # 3) --with/without options third. - # grep -- --with configure | grep Check | awk '{ print $4 }' | sort - - myconf+=( - $(use_enable alt-svc) - --enable-crypto-auth - --enable-dict - --disable-ech - --enable-file - $(use_enable ftp) - $(use_enable gopher) - $(use_enable hsts) - --enable-http - $(use_enable imap) - $(use_enable ldap) - $(use_enable ldap ldaps) - --enable-ntlm - --disable-ntlm-wb - $(use_enable pop3) - --enable-rt - --enable-rtsp - $(use_enable samba smb) - $(use_with ssh libssh2) - $(use_enable smtp) - $(use_enable telnet) - $(use_enable tftp) - --enable-tls-srp - $(use_enable adns ares) - --enable-cookies - --enable-dateparse - --enable-dnsshuffle - --enable-doh - --enable-symbol-hiding - --enable-http-auth - $(use_enable ipv6) - --enable-largefile - --enable-manual - --enable-mime - --enable-netrc - $(use_enable progress-meter) - --enable-proxy - --disable-sspi - $(use_enable static-libs static) - $(use_enable threads threaded-resolver) - $(use_enable threads pthreads) - --disable-versioned-symbols - --without-amissl - --without-bearssl - $(use_with brotli) - --without-fish-functions-dir - $(use_with http2 nghttp2) - --without-hyper - $(use_with idn libidn2) - $(use_with kerberos gssapi "${EPREFIX}"/usr) - --without-libgsasl - --without-libpsl - $(use_with nghttp3) - $(use_with nghttp3 ngtcp2) - $(use_with quiche) - $(use_with rtmp librtmp) - --without-rustls - --without-schannel - --without-secure-transport - --without-winidn - --without-wolfssl - --with-zlib - $(use_with zstd) - ) - - ECONF_SOURCE="${S}" \ - econf "${myconf[@]}" - - if ! multilib_is_native_abi; then - # avoid building the client - sed -i -e '/SUBDIRS/s:src::' Makefile || die - sed -i -e '/SUBDIRS/s:scripts::' Makefile || die - fi - - # Fix up the pkg-config file to be more robust. - # https://github.com/curl/curl/issues/864 - local priv=() libs=() - # We always enable zlib. - libs+=( "-lz" ) - priv+=( "zlib" ) - if use http2; then - libs+=( "-lnghttp2" ) - priv+=( "libnghttp2" ) - fi - if use quiche; then - libs+=( "-lquiche" ) - priv+=( "quiche" ) - fi - if use nghttp3; then - libs+=( "-lnghttp3" "-lngtcp2" ) - priv+=( "libnghttp3" "-libtcp2" ) - fi - if use ssl && use curl_ssl_openssl; then - libs+=( "-lssl" "-lcrypto" ) - priv+=( "openssl" ) - fi - grep -q Requires.private libcurl.pc && die "need to update ebuild" - libs=$(printf '|%s' "${libs[@]}") - sed -i -r \ - -e "/^Libs.private/s:(${libs#|})( |$)::g" \ - libcurl.pc || die - echo "Requires.private: ${priv[*]}" >> libcurl.pc -} - -multilib_src_test() { - multilib_is_native_abi && default_src_test -} - -multilib_src_install_all() { - einstalldocs - find "${ED}" -type f -name '*.la' -delete || die - rm -rf "${ED}"/etc/ || die -} diff --git a/net-misc/curl/curl-7.83.1.ebuild b/net-misc/curl/curl-7.83.1.ebuild index aae9efdb79..a3fd859195 100644 --- a/net-misc/curl/curl-7.83.1.ebuild +++ b/net-misc/curl/curl-7.83.1.ebuild @@ -12,7 +12,7 @@ SRC_URI="https://curl.haxx.se/download/${P}.tar.xz LICENSE="curl" SLOT="0" -KEYWORDS="~alpha amd64 arm ~arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" IUSE="adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap ipv6 kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp samba +smtp ssh ssl sslv3 static-libs test telnet +tftp threads zstd" IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl" IUSE+=" nghttp3 quiche" diff --git a/net-misc/curl/curl-7.83.0.ebuild b/net-misc/curl/curl-7.84.0.ebuild similarity index 96% rename from net-misc/curl/curl-7.83.0.ebuild rename to net-misc/curl/curl-7.84.0.ebuild index 041b6cd5a2..645a223aed 100644 --- a/net-misc/curl/curl-7.83.0.ebuild +++ b/net-misc/curl/curl-7.84.0.ebuild @@ -12,7 +12,7 @@ SRC_URI="https://curl.haxx.se/download/${P}.tar.xz LICENSE="curl" SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" IUSE="adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap ipv6 kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp samba +smtp ssh ssl sslv3 static-libs test telnet +tftp threads zstd" IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl" IUSE+=" nghttp3 quiche" @@ -95,9 +95,9 @@ MULTILIB_CHOST_TOOLS=( PATCHES=( "${FILESDIR}"/${PN}-7.30.0-prefix.patch + "${FILESDIR}"/${PN}-7.84.0-easylock.patch "${FILESDIR}"/${PN}-respect-cflags-3.patch - # Bug 842780, fixed upstream, drop on next version bump - "${FILESDIR}"/${P}-http2.patch + "${FILESDIR}"/${PN}-7.84.0-include-sched.patch ) src_prepare() { diff --git a/net-misc/curl/files/curl-7.82.0-certs-processing.patch b/net-misc/curl/files/curl-7.82.0-certs-processing.patch deleted file mode 100644 index a62c1df20b..0000000000 --- a/net-misc/curl/files/curl-7.82.0-certs-processing.patch +++ /dev/null @@ -1,27 +0,0 @@ -https://github.com/curl/curl/issues/8559 -https://bugs.gentoo.org/836629 - -From 911714d617c106ed5d553bf003e34ec94ab6a136 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Tue, 8 Mar 2022 13:38:13 +0100 -Subject: [PATCH] openssl: fix CN check error code - -Due to a missing 'else' this returns error too easily. - -Regressed in: d15692ebb - -Reported-by: Kristoffer Gleditsch -Fixes #8559 -Closes #8560 ---- a/lib/vtls/openssl.c -+++ b/lib/vtls/openssl.c -@@ -1817,7 +1817,8 @@ CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn, - memcpy(peer_CN, ASN1_STRING_get0_data(tmp), peerlen); - peer_CN[peerlen] = '\0'; - } -- result = CURLE_OUT_OF_MEMORY; -+ else -+ result = CURLE_OUT_OF_MEMORY; - } - } - else /* not a UTF8 name */ diff --git a/net-misc/curl/files/curl-7.83.0-http2.patch b/net-misc/curl/files/curl-7.83.0-http2.patch deleted file mode 100644 index ede69a177b..0000000000 --- a/net-misc/curl/files/curl-7.83.0-http2.patch +++ /dev/null @@ -1,30 +0,0 @@ -Bug: https://bugs.gentoo.org/842780, https://github.com/curl/curl/pull/8768 -https://github.com/curl/curl/commit/6eb7fb37d901ed1e4ce07cbd628ee11bf02db1f3 - -From 6eb7fb37d901ed1e4ce07cbd628ee11bf02db1f3 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Thu, 28 Apr 2022 17:11:50 +0200 -Subject: [PATCH] mbedtls: fix compile when h2-enabled - -Fixes #8766 -Reported-by: LigH-de on github -Closes #8768 ---- - lib/vtls/mbedtls.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c -index 64f57c5d8321..5f9b87e6b75b 100644 ---- a/lib/vtls/mbedtls.c -+++ b/lib/vtls/mbedtls.c -@@ -815,8 +815,8 @@ mbed_connect_step2(struct Curl_easy *data, struct connectdata *conn, - if(next_protocol) { - infof(data, VTLS_INFOF_ALPN_ACCEPTED_1STR, next_protocol); - #ifdef USE_HTTP2 -- if(!strncmp(next_protocol, ALPN_H2, ALPN_H2_LEN) && -- !next_protocol[ALPN_H2_LEN]) { -+ if(!strncmp(next_protocol, ALPN_H2, ALPN_H2_LENGTH) && -+ !next_protocol[ALPN_H2_LENGTH]) { - conn->negnpn = CURL_HTTP_VERSION_2; - } - else diff --git a/net-misc/curl/files/curl-7.84.0-easylock.patch b/net-misc/curl/files/curl-7.84.0-easylock.patch new file mode 100644 index 0000000000..77ee610fc1 --- /dev/null +++ b/net-misc/curl/files/curl-7.84.0-easylock.patch @@ -0,0 +1,30 @@ +From 50efb0822aa0e0ab165158dd0a26e65a2290e6d2 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Tue, 28 Jun 2022 09:00:25 +0200 +Subject: [PATCH] easy_lock: switch to using atomic_int instead of bool + +To work with more compilers without requiring separate libs to +link. Like with gcc-12 for RISC-V on Linux. + +Reported-by: Adam Sampson +Fixes #9055 +Closes #9061 +--- + lib/easy_lock.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/lib/easy_lock.h b/lib/easy_lock.h +index 07c85c5ffdd19..9c11bc50c5f20 100644 +--- a/lib/easy_lock.h ++++ b/lib/easy_lock.h +@@ -40,8 +40,8 @@ + #include + #endif + +-#define curl_simple_lock atomic_bool +-#define CURL_SIMPLE_LOCK_INIT false ++#define curl_simple_lock atomic_int ++#define CURL_SIMPLE_LOCK_INIT 0 + + static inline void curl_simple_lock_lock(curl_simple_lock *lock) + { diff --git a/net-misc/curl/files/curl-7.84.0-include-sched.patch b/net-misc/curl/files/curl-7.84.0-include-sched.patch new file mode 100644 index 0000000000..842310d2ea --- /dev/null +++ b/net-misc/curl/files/curl-7.84.0-include-sched.patch @@ -0,0 +1,24 @@ +https://github.com/curl/curl/commit/e2e7f54b7bea521fa8373095d0f43261a720cda0 +https://bugs.gentoo.org/855710 + +From e2e7f54b7bea521fa8373095d0f43261a720cda0 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Mon, 27 Jun 2022 08:46:21 +0200 +Subject: [PATCH] easy_lock.h: include sched.h if available to fix build + +Patched-by: Harry Sintonen + +Closes #9054 +--- a/lib/easy_lock.h ++++ b/lib/easy_lock.h +@@ -36,6 +36,9 @@ + + #elif defined (HAVE_ATOMIC) + #include ++#if defined(HAVE_SCHED_YIELD) ++#include ++#endif + + #define curl_simple_lock atomic_bool + #define CURL_SIMPLE_LOCK_INIT false +