1 |
commit: 12a2d73e4d19c323370458405bb93f3fb9f159d4 |
2 |
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sun Jun 4 12:40:16 2017 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Jun 4 12:49:13 2017 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=12a2d73e |
7 |
|
8 |
net-misc/curl: Security cleanup (bug #610572) |
9 |
|
10 |
Package-Manager: Portage-2.3.5, Repoman-2.3.2 |
11 |
|
12 |
net-misc/curl/Manifest | 1 - |
13 |
net-misc/curl/curl-7.52.1-r1.ebuild | 251 ------------------------------------ |
14 |
2 files changed, 252 deletions(-) |
15 |
|
16 |
diff --git a/net-misc/curl/Manifest b/net-misc/curl/Manifest |
17 |
index 51a77a58a2c..8911f8fe0bc 100644 |
18 |
--- a/net-misc/curl/Manifest |
19 |
+++ b/net-misc/curl/Manifest |
20 |
@@ -1,4 +1,3 @@ |
21 |
-DIST curl-7.52.1.tar.bz2 2600476 SHA256 d16185a767cb2c1ba3d5b9096ec54e5ec198b213f45864a38b3bda4bbf87389b SHA512 cf36563c77d096f2c6084354ed6d45ccca7c557828ceab21204e4e8be0d4f0d287839c8cfac906174b86d51a1ee816c2769fc78ef88f039c9645bd2c27982a75 WHIRLPOOL cb0bb74de3fb650e627cf66e23b8126837ddd6d3006934aa1b1a8597182f992b29e80e0c76aef1234f62cfa9688c5b10b781f6b2bc7e5127f8bc5a67d57665c1 |
22 |
DIST curl-7.53.0.tar.bz2 2612491 SHA256 b2345a8bef87b4c229dedf637cb203b5e21db05e20277c8e1094f0d4da180801 SHA512 1fc3264dd52f6f16463de158b4ab4637ba698b1fdbf01b7a3c05ae80b06a5480323b748b31f771c969a5f7062aa9e41a1aad8677be220a411d3cbad24581baf2 WHIRLPOOL 44a7b1d60b097856bc002d7aa1a89d93d5616b33a59a41703dc3dbe369733a63afcfd093b4374e263d05b60bd38e09f955b1921f12798cff3d400311fa4c7bdb |
23 |
DIST curl-7.53.1.tar.bz2 2609559 SHA256 1c7207c06d75e9136a944a2e0528337ce76f15b9ec9ae4bb30d703b59bf530e8 SHA512 c668494d0e795f34b00505ca68ab41fbb475a1bccbcac1d0bbacbbbafa40a994472e100be18a0c10f8fa21b5b9bd3f4e66c1e68ff5423b13b82d829cbaefcd52 WHIRLPOOL bf5f0a795a2612284e84fa7917351b2d41370bda0efc84f2e21456f7110f1f1f6cbf52b0956b0ba586cdcafbbaad5e47bfea82bf37cde39434a18ee5d0dbfdaf |
24 |
DIST curl-7.54.0.tar.bz2 2602286 SHA256 f50ebaf43c507fa7cc32be4b8108fa8bbd0f5022e90794388f3c7694a302ff06 SHA512 2ed8d32a6803ecddcb587495107d9ebce724d34dae5cad1f8be241e93340e913bb8ce9b69259cb84b3d53c2e672e142c3aad471c4a251bd1d42fc06eb9d8f650 WHIRLPOOL 37dc3e01e0466cdfb7ed061bd791b816112ca9af6ed88dfb89e47e814111e5968d980d2a8e6542d1a87882d540d04bac9d4f4ed6f4f7c5861e3f05ee623752e7 |
25 |
|
26 |
diff --git a/net-misc/curl/curl-7.52.1-r1.ebuild b/net-misc/curl/curl-7.52.1-r1.ebuild |
27 |
deleted file mode 100644 |
28 |
index a11b16d3559..00000000000 |
29 |
--- a/net-misc/curl/curl-7.52.1-r1.ebuild |
30 |
+++ /dev/null |
31 |
@@ -1,251 +0,0 @@ |
32 |
-# Copyright 1999-2017 Gentoo Foundation |
33 |
-# Distributed under the terms of the GNU General Public License v2 |
34 |
- |
35 |
-EAPI="6" |
36 |
- |
37 |
-inherit autotools eutils prefix multilib-minimal |
38 |
- |
39 |
-DESCRIPTION="A Client that groks URLs" |
40 |
-HOMEPAGE="https://curl.haxx.se/" |
41 |
-SRC_URI="https://curl.haxx.se/download/${P}.tar.bz2" |
42 |
- |
43 |
-LICENSE="MIT" |
44 |
-SLOT="0" |
45 |
-KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~mips ppc ppc64 sparc x86 ~ppc-aix ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" |
46 |
-#KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~x86-interix ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" |
47 |
-IUSE="adns http2 idn ipv6 kerberos ldap metalink rtmp samba ssh ssl static-libs test threads" |
48 |
-IUSE+=" curl_ssl_axtls curl_ssl_gnutls curl_ssl_libressl curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_polarssl curl_ssl_winssl" |
49 |
-IUSE+=" elibc_Winnt" |
50 |
- |
51 |
-#lead to lots of false negatives, bug #285669 |
52 |
-RESTRICT="test" |
53 |
- |
54 |
-RDEPEND="ldap? ( net-nds/openldap[${MULTILIB_USEDEP}] ) |
55 |
- ssl? ( |
56 |
- curl_ssl_axtls? ( |
57 |
- net-libs/axtls:0=[${MULTILIB_USEDEP}] |
58 |
- app-misc/ca-certificates |
59 |
- ) |
60 |
- curl_ssl_gnutls? ( |
61 |
- net-libs/gnutls:0=[static-libs?,${MULTILIB_USEDEP}] |
62 |
- dev-libs/nettle:0=[${MULTILIB_USEDEP}] |
63 |
- app-misc/ca-certificates |
64 |
- ) |
65 |
- curl_ssl_libressl? ( |
66 |
- dev-libs/libressl:0=[static-libs?,${MULTILIB_USEDEP}] |
67 |
- ) |
68 |
- curl_ssl_mbedtls? ( |
69 |
- net-libs/mbedtls:0=[${MULTILIB_USEDEP}] |
70 |
- app-misc/ca-certificates |
71 |
- ) |
72 |
- curl_ssl_openssl? ( |
73 |
- dev-libs/openssl:0=[static-libs?,${MULTILIB_USEDEP}] |
74 |
- ) |
75 |
- curl_ssl_nss? ( |
76 |
- dev-libs/nss:0[${MULTILIB_USEDEP}] |
77 |
- app-misc/ca-certificates |
78 |
- ) |
79 |
- curl_ssl_polarssl? ( |
80 |
- net-libs/polarssl:0=[${MULTILIB_USEDEP}] |
81 |
- app-misc/ca-certificates |
82 |
- ) |
83 |
- ) |
84 |
- http2? ( net-libs/nghttp2[${MULTILIB_USEDEP}] ) |
85 |
- idn? ( net-dns/libidn2:0[static-libs?,${MULTILIB_USEDEP}] ) |
86 |
- adns? ( net-dns/c-ares:0[${MULTILIB_USEDEP}] ) |
87 |
- kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] ) |
88 |
- metalink? ( >=media-libs/libmetalink-0.1.1[${MULTILIB_USEDEP}] ) |
89 |
- rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] ) |
90 |
- ssh? ( net-libs/libssh2[static-libs?,${MULTILIB_USEDEP}] ) |
91 |
- sys-libs/zlib[${MULTILIB_USEDEP}] |
92 |
- abi_x86_32? ( |
93 |
- !<=app-emulation/emul-linux-x86-baselibs-20140508-r13 |
94 |
- !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] |
95 |
- )" |
96 |
- |
97 |
-# Do we need to enforce the same ssl backend for curl and rtmpdump? Bug #423303 |
98 |
-# rtmp? ( |
99 |
-# media-video/rtmpdump |
100 |
-# curl_ssl_gnutls? ( media-video/rtmpdump[gnutls] ) |
101 |
-# curl_ssl_openssl? ( media-video/rtmpdump[-gnutls,ssl] ) |
102 |
-# ) |
103 |
- |
104 |
-# ssl providers to be added: |
105 |
-# fbopenssl $(use_with spnego) |
106 |
- |
107 |
-DEPEND="${RDEPEND} |
108 |
- >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}] |
109 |
- test? ( |
110 |
- sys-apps/diffutils |
111 |
- dev-lang/perl |
112 |
- )" |
113 |
- |
114 |
-# c-ares must be disabled for threads |
115 |
-# only one ssl provider can be enabled |
116 |
-REQUIRED_USE=" |
117 |
- curl_ssl_winssl? ( elibc_Winnt ) |
118 |
- threads? ( !adns ) |
119 |
- ssl? ( |
120 |
- ^^ ( |
121 |
- curl_ssl_axtls |
122 |
- curl_ssl_gnutls |
123 |
- curl_ssl_libressl |
124 |
- curl_ssl_mbedtls |
125 |
- curl_ssl_nss |
126 |
- curl_ssl_openssl |
127 |
- curl_ssl_polarssl |
128 |
- curl_ssl_winssl |
129 |
- ) |
130 |
- )" |
131 |
- |
132 |
-DOCS=( CHANGES README docs/FEATURES docs/INTERNALS.md \ |
133 |
- docs/MANUAL docs/FAQ docs/BUGS docs/CONTRIBUTE.md ) |
134 |
- |
135 |
-MULTILIB_WRAPPED_HEADERS=( |
136 |
- /usr/include/curl/curlbuild.h |
137 |
-) |
138 |
- |
139 |
-MULTILIB_CHOST_TOOLS=( |
140 |
- /usr/bin/curl-config |
141 |
-) |
142 |
- |
143 |
-src_prepare() { |
144 |
- eapply "${FILESDIR}"/${PN}-7.30.0-prefix.patch |
145 |
- eapply "${FILESDIR}"/${PN}-respect-cflags-3.patch |
146 |
- eapply "${FILESDIR}"/${PN}-fix-gnutls-nettle.patch |
147 |
- eapply "${FILESDIR}"/${P}-fix-openssl.patch |
148 |
- |
149 |
- sed -i '/LD_LIBRARY_PATH=/d' configure.ac || die #382241 |
150 |
- |
151 |
- eapply_user |
152 |
- eprefixify curl-config.in |
153 |
- eautoreconf |
154 |
-} |
155 |
- |
156 |
-multilib_src_configure() { |
157 |
- # We make use of the fact that later flags override earlier ones |
158 |
- # So start with all ssl providers off until proven otherwise |
159 |
- local myconf=() |
160 |
- myconf+=( --without-axtls --without-gnutls --without-mbedtls --without-nss --without-polarssl --without-ssl --without-winssl ) |
161 |
- myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt ) |
162 |
- if use ssl ; then |
163 |
- if use curl_ssl_axtls; then |
164 |
- einfo "SSL provided by axtls" |
165 |
- myconf+=( --with-axtls ) |
166 |
- elif use curl_ssl_gnutls; then |
167 |
- einfo "SSL provided by gnutls" |
168 |
- myconf+=( --with-gnutls --with-nettle ) |
169 |
- elif use curl_ssl_libressl; then |
170 |
- einfo "SSL provided by LibreSSL" |
171 |
- myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs ) |
172 |
- elif use curl_ssl_mbedtls; then |
173 |
- einfo "SSL provided by mbedtls" |
174 |
- myconf+=( --with-mbedtls ) |
175 |
- elif use curl_ssl_nss; then |
176 |
- einfo "SSL provided by nss" |
177 |
- myconf+=( --with-nss ) |
178 |
- elif use curl_ssl_polarssl; then |
179 |
- einfo "SSL provided by polarssl" |
180 |
- myconf+=( --with-polarssl ) |
181 |
- elif use curl_ssl_openssl; then |
182 |
- einfo "SSL provided by openssl" |
183 |
- myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs ) |
184 |
- elif use curl_ssl_winssl; then |
185 |
- einfo "SSL provided by Windows" |
186 |
- myconf+=( --with-winssl ) |
187 |
- else |
188 |
- eerror "We can't be here because of REQUIRED_USE." |
189 |
- fi |
190 |
- else |
191 |
- einfo "SSL disabled" |
192 |
- fi |
193 |
- |
194 |
- # These configuration options are organized alphabetically |
195 |
- # within each category. This should make it easier if we |
196 |
- # ever decide to make any of them contingent on USE flags: |
197 |
- # 1) protocols first. To see them all do |
198 |
- # 'grep SUPPORT_PROTOCOLS configure.ac' |
199 |
- # 2) --enable/disable options second. |
200 |
- # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort |
201 |
- # 3) --with/without options third. |
202 |
- # grep -- --with configure | grep Check | awk '{ print $4 }' | sort |
203 |
- ECONF_SOURCE="${S}" \ |
204 |
- econf \ |
205 |
- --enable-crypto-auth \ |
206 |
- --enable-dict \ |
207 |
- --enable-file \ |
208 |
- --enable-ftp \ |
209 |
- --enable-gopher \ |
210 |
- --enable-http \ |
211 |
- --enable-imap \ |
212 |
- $(use_enable ldap) \ |
213 |
- $(use_enable ldap ldaps) \ |
214 |
- --disable-ntlm-wb \ |
215 |
- --enable-pop3 \ |
216 |
- --enable-rt \ |
217 |
- --enable-rtsp \ |
218 |
- $(use_enable samba smb) \ |
219 |
- $(use_with ssh libssh2) \ |
220 |
- --enable-smtp \ |
221 |
- --enable-telnet \ |
222 |
- --enable-tftp \ |
223 |
- --enable-tls-srp \ |
224 |
- $(use_enable adns ares) \ |
225 |
- --enable-cookies \ |
226 |
- --enable-hidden-symbols \ |
227 |
- $(use_enable ipv6) \ |
228 |
- --enable-largefile \ |
229 |
- --without-libpsl \ |
230 |
- --enable-manual \ |
231 |
- --enable-proxy \ |
232 |
- --disable-soname-bump \ |
233 |
- --disable-sspi \ |
234 |
- $(use_enable static-libs static) \ |
235 |
- $(use_enable threads threaded-resolver) \ |
236 |
- --disable-versioned-symbols \ |
237 |
- --without-cyassl \ |
238 |
- --without-darwinssl \ |
239 |
- $(use_with idn libidn2) \ |
240 |
- $(use_with kerberos gssapi "${EPREFIX}"/usr) \ |
241 |
- $(use_with metalink libmetalink) \ |
242 |
- $(use_with http2 nghttp2) \ |
243 |
- $(use_with rtmp librtmp) \ |
244 |
- --without-spnego \ |
245 |
- --without-winidn \ |
246 |
- --with-zlib \ |
247 |
- "${myconf[@]}" |
248 |
- |
249 |
- if ! multilib_is_native_abi; then |
250 |
- # avoid building the client |
251 |
- sed -i -e '/SUBDIRS/s:src::' Makefile || die |
252 |
- sed -i -e '/SUBDIRS/s:scripts::' Makefile || die |
253 |
- fi |
254 |
- |
255 |
- # Fix up the pkg-config file to be more robust. |
256 |
- # https://github.com/curl/curl/issues/864 |
257 |
- local priv=() libs=() |
258 |
- # We always enable zlib. |
259 |
- libs+=( "-lz" ) |
260 |
- priv+=( "zlib" ) |
261 |
- if use http2; then |
262 |
- libs+=( "-lnghttp2" ) |
263 |
- priv+=( "libnghttp2" ) |
264 |
- fi |
265 |
- if use curl_ssl_openssl; then |
266 |
- libs+=( "-lssl" "-lcrypto" ) |
267 |
- priv+=( "openssl" ) |
268 |
- fi |
269 |
- grep -q Requires.private libcurl.pc && die "need to update ebuild" |
270 |
- libs=$(printf '|%s' "${libs[@]}") |
271 |
- sed -i -r \ |
272 |
- -e "/^Libs.private/s:(${libs#|})( |$)::g" \ |
273 |
- libcurl.pc || die |
274 |
- echo "Requires.private: ${priv[*]}" >> libcurl.pc |
275 |
-} |
276 |
- |
277 |
-multilib_src_install_all() { |
278 |
- einstalldocs |
279 |
- prune_libtool_files --all |
280 |
- |
281 |
- rm -rf "${ED}"/etc/ |
282 |
-} |