1 |
commit: a957bace24527ebae083d99b115f83b1b6e59b38 |
2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
3 |
AuthorDate: Fri Jul 1 16:28:06 2022 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Fri Jul 1 16:28:18 2022 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a957bace |
7 |
|
8 |
net-misc/curl: security version bump to 7.84.0, bug #854708 |
9 |
|
10 |
Package-Manager: Portage-3.0.30, Repoman-3.0.3 |
11 |
Signed-off-by: Anthony G. Basile <blueness <AT> gentoo.org> |
12 |
|
13 |
net-misc/curl/Manifest | 2 + |
14 |
net-misc/curl/curl-7.84.0.ebuild | 288 +++++++++++++++++++++++++++++++++++++++ |
15 |
2 files changed, 290 insertions(+) |
16 |
|
17 |
diff --git a/net-misc/curl/Manifest b/net-misc/curl/Manifest |
18 |
index 26281353165e..b649227f055b 100644 |
19 |
--- a/net-misc/curl/Manifest |
20 |
+++ b/net-misc/curl/Manifest |
21 |
@@ -2,3 +2,5 @@ DIST curl-7.79.1.tar.xz 2465212 BLAKE2B 2b694f96661c0aa0a136fdae4159e0ca8e811557 |
22 |
DIST curl-7.79.1.tar.xz.asc 488 BLAKE2B cf1864b15ee4b47a61a03968c4fd9526d4c8d0c5a8a0a1357de61758640e6dfda57334df1e63afd94c0064b7e61527623dd20446b27fa0130e0bf92c647d9820 SHA512 4f7930fde0a21358cf0bd8d5cbde5a05efc34202265b4744e59f49d9dc269987f47b4ead77c33e2ae03acabd7b6d6a731c69b91999eea70542f49d9ea0c2ba94 |
23 |
DIST curl-7.83.1.tar.xz 2474940 BLAKE2B 491427b12f082c2246ef6cb2a129340079db28bd93b4381889e7328bef1d61a79bb57cba4b8372759baa4f6e77644966ed95cfa8f839ee9db634786757fb1ce0 SHA512 2f63327d6d3687ba36fb7b8d5d3d15599eca33ebfb08681613612ea9c4b629d3b6ce4d2742fa1ebd7a997ed332001d3a4c798985f9277c83b9e7a9aecdb1b1ee |
24 |
DIST curl-7.83.1.tar.xz.asc 488 BLAKE2B 78f7a6d9a32cab97e9ce26430eb2be2bc4e20552cf8c59238f30f127e9d7af5b4f9808c3fe0846c18c8f7a67b49f2f75d865d17b7760bb664872934799949441 SHA512 f0d29de315488c844eb81ed5a89ed6334910970224c8cac43e7e6f2d58c35ad0064c0b6122e69b3a34ce91f4b56873c63e2e8aea1c602ef40711bfd62a01b191 |
25 |
+DIST curl-7.84.0.tar.xz 2477944 BLAKE2B 811a63285f39a598bc4fd73ae4b8e23e5146b93dcf3eea805345792b7dddd85bbd54240d9871a0dc9f058d58fd7ea7f4efbcb82727218e8afaaae3600bad55e1 SHA512 86231866a35593a1637fbc0c6af3b6761bdfd99fb35580cc52970c36f19604f93dce59fea67a1d5bb4b455f719307599c7916c77d14f2b661f6bf7fb1ca716ce |
26 |
+DIST curl-7.84.0.tar.xz.asc 488 BLAKE2B d74dea89fa89b6ed0a928e01987669f7dde0bcbb30423ea0f3af9f31eea1e059d458629d80455d772264d744fab236d4f506545afa1bfbd6ded7e2b27192a7c8 SHA512 80ff5274277ad97448fa53511bab6e8a1c302bcb25fc0916d78b8dc6c6af43d944c37c4ed46668b651cc639ec4964780725117ca0e85168ea66ad7cc98d29702 |
27 |
|
28 |
diff --git a/net-misc/curl/curl-7.84.0.ebuild b/net-misc/curl/curl-7.84.0.ebuild |
29 |
new file mode 100644 |
30 |
index 000000000000..150319f8e7d6 |
31 |
--- /dev/null |
32 |
+++ b/net-misc/curl/curl-7.84.0.ebuild |
33 |
@@ -0,0 +1,288 @@ |
34 |
+# Copyright 1999-2022 Gentoo Authors |
35 |
+# Distributed under the terms of the GNU General Public License v2 |
36 |
+ |
37 |
+EAPI="8" |
38 |
+ |
39 |
+inherit autotools prefix multilib-minimal verify-sig |
40 |
+ |
41 |
+DESCRIPTION="A Client that groks URLs" |
42 |
+HOMEPAGE="https://curl.haxx.se/" |
43 |
+SRC_URI="https://curl.haxx.se/download/${P}.tar.xz |
44 |
+ verify-sig? ( https://curl.haxx.se/download/${P}.tar.xz.asc )" |
45 |
+ |
46 |
+LICENSE="curl" |
47 |
+SLOT="0" |
48 |
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" |
49 |
+IUSE="adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap ipv6 kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp samba +smtp ssh ssl sslv3 static-libs test telnet +tftp threads zstd" |
50 |
+IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl" |
51 |
+IUSE+=" nghttp3 quiche" |
52 |
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/danielstenberg.asc |
53 |
+ |
54 |
+# c-ares must be disabled for threads |
55 |
+# only one default ssl provider can be enabled |
56 |
+REQUIRED_USE=" |
57 |
+ threads? ( !adns ) |
58 |
+ ssl? ( |
59 |
+ ^^ ( |
60 |
+ curl_ssl_gnutls |
61 |
+ curl_ssl_mbedtls |
62 |
+ curl_ssl_nss |
63 |
+ curl_ssl_openssl |
64 |
+ ) |
65 |
+ )" |
66 |
+ |
67 |
+# lead to lots of false negatives, bug #285669 |
68 |
+RESTRICT="!test? ( test )" |
69 |
+ |
70 |
+RDEPEND="ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] ) |
71 |
+ brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] ) |
72 |
+ ssl? ( |
73 |
+ gnutls? ( |
74 |
+ net-libs/gnutls:0=[static-libs?,${MULTILIB_USEDEP}] |
75 |
+ dev-libs/nettle:0=[${MULTILIB_USEDEP}] |
76 |
+ app-misc/ca-certificates |
77 |
+ ) |
78 |
+ mbedtls? ( |
79 |
+ net-libs/mbedtls:0=[${MULTILIB_USEDEP}] |
80 |
+ app-misc/ca-certificates |
81 |
+ ) |
82 |
+ openssl? ( |
83 |
+ dev-libs/openssl:0=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}] |
84 |
+ ) |
85 |
+ nss? ( |
86 |
+ dev-libs/nss:0[${MULTILIB_USEDEP}] |
87 |
+ app-misc/ca-certificates |
88 |
+ ) |
89 |
+ ) |
90 |
+ http2? ( net-libs/nghttp2:=[${MULTILIB_USEDEP}] ) |
91 |
+ nghttp3? ( |
92 |
+ net-libs/nghttp3[${MULTILIB_USEDEP}] |
93 |
+ net-libs/ngtcp2[ssl,${MULTILIB_USEDEP}] |
94 |
+ ) |
95 |
+ quiche? ( >=net-libs/quiche-0.3.0[${MULTILIB_USEDEP}] ) |
96 |
+ idn? ( net-dns/libidn2:0=[static-libs?,${MULTILIB_USEDEP}] ) |
97 |
+ adns? ( net-dns/c-ares:0=[${MULTILIB_USEDEP}] ) |
98 |
+ kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] ) |
99 |
+ rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] ) |
100 |
+ ssh? ( net-libs/libssh2[${MULTILIB_USEDEP}] ) |
101 |
+ sys-libs/zlib[${MULTILIB_USEDEP}] |
102 |
+ zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )" |
103 |
+ |
104 |
+# Do we need to enforce the same ssl backend for curl and rtmpdump? Bug #423303 |
105 |
+# rtmp? ( |
106 |
+# media-video/rtmpdump |
107 |
+# curl_ssl_gnutls? ( media-video/rtmpdump[gnutls] ) |
108 |
+# curl_ssl_openssl? ( media-video/rtmpdump[-gnutls,ssl] ) |
109 |
+# ) |
110 |
+ |
111 |
+DEPEND="${RDEPEND}" |
112 |
+BDEPEND="dev-lang/perl |
113 |
+ virtual/pkgconfig |
114 |
+ test? ( |
115 |
+ sys-apps/diffutils |
116 |
+ ) |
117 |
+ verify-sig? ( sec-keys/openpgp-keys-danielstenberg )" |
118 |
+ |
119 |
+DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} ) |
120 |
+ |
121 |
+MULTILIB_WRAPPED_HEADERS=( |
122 |
+ /usr/include/curl/curlbuild.h |
123 |
+) |
124 |
+ |
125 |
+MULTILIB_CHOST_TOOLS=( |
126 |
+ /usr/bin/curl-config |
127 |
+) |
128 |
+ |
129 |
+PATCHES=( |
130 |
+ "${FILESDIR}"/${PN}-7.30.0-prefix.patch |
131 |
+ "${FILESDIR}"/${PN}-respect-cflags-3.patch |
132 |
+) |
133 |
+ |
134 |
+src_prepare() { |
135 |
+ default |
136 |
+ |
137 |
+ eprefixify curl-config.in |
138 |
+ eautoreconf |
139 |
+} |
140 |
+ |
141 |
+multilib_src_configure() { |
142 |
+ # We make use of the fact that later flags override earlier ones |
143 |
+ # So start with all ssl providers off until proven otherwise |
144 |
+ # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/) |
145 |
+ local myconf=() |
146 |
+ |
147 |
+ myconf+=( --without-gnutls --without-mbedtls --without-nss --without-ssl ) |
148 |
+ myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt ) |
149 |
+ #myconf+=( --without-default-ssl-backend ) |
150 |
+ if use ssl ; then |
151 |
+ if use gnutls || use curl_ssl_gnutls; then |
152 |
+ einfo "SSL provided by gnutls" |
153 |
+ myconf+=( --with-gnutls --with-nettle ) |
154 |
+ fi |
155 |
+ if use mbedtls || use curl_ssl_mbedtls; then |
156 |
+ einfo "SSL provided by mbedtls" |
157 |
+ myconf+=( --with-mbedtls ) |
158 |
+ fi |
159 |
+ if use nss || use curl_ssl_nss; then |
160 |
+ einfo "SSL provided by nss" |
161 |
+ myconf+=( --with-nss --with-nss-deprecated ) |
162 |
+ fi |
163 |
+ if use openssl || use curl_ssl_openssl; then |
164 |
+ einfo "SSL provided by openssl" |
165 |
+ myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs ) |
166 |
+ fi |
167 |
+ |
168 |
+ if use curl_ssl_gnutls; then |
169 |
+ einfo "Default SSL provided by gnutls" |
170 |
+ myconf+=( --with-default-ssl-backend=gnutls ) |
171 |
+ elif use curl_ssl_mbedtls; then |
172 |
+ einfo "Default SSL provided by mbedtls" |
173 |
+ myconf+=( --with-default-ssl-backend=mbedtls ) |
174 |
+ elif use curl_ssl_nss; then |
175 |
+ einfo "Default SSL provided by nss" |
176 |
+ myconf+=( --with-default-ssl-backend=nss ) |
177 |
+ elif use curl_ssl_openssl; then |
178 |
+ einfo "Default SSL provided by openssl" |
179 |
+ myconf+=( --with-default-ssl-backend=openssl ) |
180 |
+ else |
181 |
+ eerror "We can't be here because of REQUIRED_USE." |
182 |
+ fi |
183 |
+ |
184 |
+ else |
185 |
+ einfo "SSL disabled" |
186 |
+ fi |
187 |
+ |
188 |
+ # These configuration options are organized alphabetically |
189 |
+ # within each category. This should make it easier if we |
190 |
+ # ever decide to make any of them contingent on USE flags: |
191 |
+ # 1) protocols first. To see them all do |
192 |
+ # 'grep SUPPORT_PROTOCOLS configure.ac' |
193 |
+ # 2) --enable/disable options second. |
194 |
+ # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort |
195 |
+ # 3) --with/without options third. |
196 |
+ # grep -- --with configure | grep Check | awk '{ print $4 }' | sort |
197 |
+ |
198 |
+ myconf+=( |
199 |
+ $(use_enable alt-svc) |
200 |
+ --enable-crypto-auth |
201 |
+ --enable-dict |
202 |
+ --disable-ech |
203 |
+ --enable-file |
204 |
+ $(use_enable ftp) |
205 |
+ $(use_enable gopher) |
206 |
+ $(use_enable hsts) |
207 |
+ --enable-http |
208 |
+ $(use_enable imap) |
209 |
+ $(use_enable ldap) |
210 |
+ $(use_enable ldap ldaps) |
211 |
+ --enable-ntlm |
212 |
+ --disable-ntlm-wb |
213 |
+ $(use_enable pop3) |
214 |
+ --enable-rt |
215 |
+ --enable-rtsp |
216 |
+ $(use_enable samba smb) |
217 |
+ $(use_with ssh libssh2) |
218 |
+ $(use_enable smtp) |
219 |
+ $(use_enable telnet) |
220 |
+ $(use_enable tftp) |
221 |
+ --enable-tls-srp |
222 |
+ $(use_enable adns ares) |
223 |
+ --enable-cookies |
224 |
+ --enable-dateparse |
225 |
+ --enable-dnsshuffle |
226 |
+ --enable-doh |
227 |
+ --enable-symbol-hiding |
228 |
+ --enable-http-auth |
229 |
+ $(use_enable ipv6) |
230 |
+ --enable-largefile |
231 |
+ --enable-manual |
232 |
+ --enable-mime |
233 |
+ --enable-netrc |
234 |
+ $(use_enable progress-meter) |
235 |
+ --enable-proxy |
236 |
+ --disable-sspi |
237 |
+ $(use_enable static-libs static) |
238 |
+ $(use_enable threads threaded-resolver) |
239 |
+ $(use_enable threads pthreads) |
240 |
+ --disable-versioned-symbols |
241 |
+ --without-amissl |
242 |
+ --without-bearssl |
243 |
+ $(use_with brotli) |
244 |
+ --without-fish-functions-dir |
245 |
+ $(use_with http2 nghttp2) |
246 |
+ --without-hyper |
247 |
+ $(use_with idn libidn2) |
248 |
+ $(use_with kerberos gssapi "${EPREFIX}"/usr) |
249 |
+ --without-libgsasl |
250 |
+ --without-libpsl |
251 |
+ --without-msh3 |
252 |
+ $(use_with nghttp3) |
253 |
+ $(use_with nghttp3 ngtcp2) |
254 |
+ $(use_with quiche) |
255 |
+ $(use_with rtmp librtmp) |
256 |
+ --without-rustls |
257 |
+ --without-schannel |
258 |
+ --without-secure-transport |
259 |
+ --without-winidn |
260 |
+ --without-wolfssl |
261 |
+ --with-zlib |
262 |
+ $(use_with zstd) |
263 |
+ ) |
264 |
+ |
265 |
+ ECONF_SOURCE="${S}" \ |
266 |
+ econf "${myconf[@]}" |
267 |
+ |
268 |
+ if ! multilib_is_native_abi; then |
269 |
+ # avoid building the client |
270 |
+ sed -i -e '/SUBDIRS/s:src::' Makefile || die |
271 |
+ sed -i -e '/SUBDIRS/s:scripts::' Makefile || die |
272 |
+ fi |
273 |
+ |
274 |
+ # Fix up the pkg-config file to be more robust. |
275 |
+ # https://github.com/curl/curl/issues/864 |
276 |
+ local priv=() libs=() |
277 |
+ # We always enable zlib. |
278 |
+ libs+=( "-lz" ) |
279 |
+ priv+=( "zlib" ) |
280 |
+ if use http2; then |
281 |
+ libs+=( "-lnghttp2" ) |
282 |
+ priv+=( "libnghttp2" ) |
283 |
+ fi |
284 |
+ if use quiche; then |
285 |
+ libs+=( "-lquiche" ) |
286 |
+ priv+=( "quiche" ) |
287 |
+ fi |
288 |
+ if use nghttp3; then |
289 |
+ libs+=( "-lnghttp3" "-lngtcp2" ) |
290 |
+ priv+=( "libnghttp3" "-libtcp2" ) |
291 |
+ fi |
292 |
+ if use ssl && use curl_ssl_openssl; then |
293 |
+ libs+=( "-lssl" "-lcrypto" ) |
294 |
+ priv+=( "openssl" ) |
295 |
+ fi |
296 |
+ grep -q Requires.private libcurl.pc && die "need to update ebuild" |
297 |
+ libs=$(printf '|%s' "${libs[@]}") |
298 |
+ sed -i -r \ |
299 |
+ -e "/^Libs.private/s:(${libs#|})( |$)::g" \ |
300 |
+ libcurl.pc || die |
301 |
+ echo "Requires.private: ${priv[*]}" >> libcurl.pc |
302 |
+} |
303 |
+ |
304 |
+multilib_src_test() { |
305 |
+ # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721 |
306 |
+ # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches) |
307 |
+ # -v: verbose |
308 |
+ # -a: keep going on failure (so we see everything which breaks, not just 1st test) |
309 |
+ # -k: keep test files after completion |
310 |
+ # -am: automake style TAP output |
311 |
+ # -p: print logs if test fails |
312 |
+ # Note: if needed, we can disable tests. See e.g. Fedora's packaging |
313 |
+ # or just read https://github.com/curl/curl/tree/master/tests#run. |
314 |
+ multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p" |
315 |
+} |
316 |
+ |
317 |
+multilib_src_install_all() { |
318 |
+ einstalldocs |
319 |
+ find "${ED}" -type f -name '*.la' -delete || die |
320 |
+ rm -rf "${ED}"/etc/ || die |
321 |
+} |