summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSam James <sam@gentoo.org>2020-07-27 02:33:27 +0000
committerSam James <sam@gentoo.org>2020-07-27 03:15:18 +0000
commitf0cf742462897b3ddeb3705b7d606e0f98bf2c5e (patch)
tree81f2b8f1618f8165f01e1d343e4c12ed2f84f3c7
parentsys-fs/fuseiso: security cleanup (diff)
downloadgentoo-f0cf742462897b3ddeb3705b7d606e0f98bf2c5e.tar.gz
gentoo-f0cf742462897b3ddeb3705b7d606e0f98bf2c5e.tar.bz2
gentoo-f0cf742462897b3ddeb3705b7d606e0f98bf2c5e.zip
net-misc/curl: security cleanup
Closes: https://bugs.gentoo.org/729374 Package-Manager: Portage-3.0.0, Repoman-2.3.23 Signed-off-by: Sam James <sam@gentoo.org>
-rw-r--r--net-misc/curl/Manifest3
-rw-r--r--net-misc/curl/curl-7.68.0.ebuild265
-rw-r--r--net-misc/curl/curl-7.69.1.ebuild265
-rw-r--r--net-misc/curl/curl-7.70.0-r1.ebuild267
-rw-r--r--net-misc/curl/files/curl-fix-cpu-load.patch94
5 files changed, 0 insertions, 894 deletions
diff --git a/net-misc/curl/Manifest b/net-misc/curl/Manifest
index 11d6b199f88..4ae3273fda0 100644
--- a/net-misc/curl/Manifest
+++ b/net-misc/curl/Manifest
@@ -1,5 +1,2 @@
-DIST curl-7.68.0.tar.xz 2442788 BLAKE2B d72dbf3c4d6ef7259f0dc9b5347f9289067807246ce6aaab03f3a9c04c17328a8315261dbc08390096571bcad3bbb185a70d15ce83687d7e792bee37318bf269 SHA512 bf365609c9a66a05b3a263d02bcd3f81f905570c5739c8ec522a296b4b8e2a479d64d5524e8345e14eafad28995ee22d923522f1a45fa40eb46db38759c2eb2c
-DIST curl-7.69.1.tar.xz 2467272 BLAKE2B 71eee2a8f511ea698f4ebf879bcdccabe11439b2f6c7812cde640f944af93b33dc797c6f4990ddd2a7051d33584dacc005ae011c16a6c1f7ab7fc7258c891937 SHA512 dcb917ce9a6f34b30adae10e2e635d7a8c67781d69789cc5617ab2b49e898394ecfeee546453b14ab168d4b3b52baf974b2ec07e7a4b199addbc1ba57274d8fa
-DIST curl-7.70.0.tar.xz 2348780 BLAKE2B 6b505d87242bcaa554c4ee6994eb97ca70453521c1e77b5e757677475328c70f41e23e22b3a0eb9be7a299a94d4f1f85a46f7f999f3db8439072626320352ecf SHA512 ab8796af1bd6f35ae704fd5e3639a8153482615a05c24e2e6d0b9cef8ed9a1e0d497ead2dbf5972cc53f632c2d87f0bf79e9e7cac625452dd24e6c7d8045cfc6
DIST curl-7.71.0.tar.xz 2379056 BLAKE2B 50d7369e4335823c3032b8801b270f7d8e687b0552f25ed5f9752549483cf68870e0422132ecf86e756e1c7c27cdf60048a7765850608c3a1b734cffb1fe7b99 SHA512 f1ea045f23b6a7e2c84ea83954d3299c612f57c3b1e5fee0b39493dc92fc4e95e7af2a5424c2e5bc480659e80cf1adce1fc528fc816f8ff2d0e7bfcfe4c5830a
DIST curl-7.71.1.tar.xz 2387660 BLAKE2B 47b3a4704ae8b09b37f7a9d8850fd7d692d91db3dd4ad776aad9a57d0162e0f4091e0387a850eb048f834e6dfee5bcb36da56493a106696c72072c612b47f623 SHA512 631e0ee8562e5029fe022bfab4222836a3e6d666e82e2bfbd78311fe5985105218a36d1ea68c93472fc57a12b713957a3bcca6e385eda4e58a47ca8d5d50265b
diff --git a/net-misc/curl/curl-7.68.0.ebuild b/net-misc/curl/curl-7.68.0.ebuild
deleted file mode 100644
index 0141a4e0a48..00000000000
--- a/net-misc/curl/curl-7.68.0.ebuild
+++ /dev/null
@@ -1,265 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit autotools eutils prefix multilib-minimal
-
-DESCRIPTION="A Client that groks URLs"
-HOMEPAGE="https://curl.haxx.se/"
-SRC_URI="https://curl.haxx.se/download/${P}.tar.xz"
-
-LICENSE="curl"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="adns alt-svc brotli http2 idn ipv6 kerberos ldap metalink +progress-meter rtmp samba ssh ssl static-libs test threads"
-IUSE+=" curl_ssl_gnutls curl_ssl_libressl curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_winssl"
-IUSE+=" nghttp3 quiche"
-IUSE+=" elibc_Winnt"
-
-#lead to lots of false negatives, bug #285669
-RESTRICT="test"
-
-RDEPEND="ldap? ( net-nds/openldap[${MULTILIB_USEDEP}] )
- brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
- ssl? (
- curl_ssl_gnutls? (
- net-libs/gnutls:0=[static-libs?,${MULTILIB_USEDEP}]
- dev-libs/nettle:0=[${MULTILIB_USEDEP}]
- app-misc/ca-certificates
- )
- curl_ssl_libressl? (
- dev-libs/libressl:0=[static-libs?,${MULTILIB_USEDEP}]
- )
- curl_ssl_mbedtls? (
- net-libs/mbedtls:0=[${MULTILIB_USEDEP}]
- app-misc/ca-certificates
- )
- curl_ssl_openssl? (
- dev-libs/openssl:0=[static-libs?,${MULTILIB_USEDEP}]
- )
- curl_ssl_nss? (
- dev-libs/nss:0[${MULTILIB_USEDEP}]
- app-misc/ca-certificates
- )
- )
- http2? ( net-libs/nghttp2[${MULTILIB_USEDEP}] )
- nghttp3? (
- net-libs/nghttp3[${MULTILIB_USEDEP}]
- net-libs/ngtcp2[ssl,${MULTILIB_USEDEP}]
- )
- quiche? ( net-libs/quiche[${MULTILIB_USEDEP}] )
- idn? ( net-dns/libidn2:0=[static-libs?,${MULTILIB_USEDEP}] )
- adns? ( net-dns/c-ares:0[${MULTILIB_USEDEP}] )
- kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
- metalink? ( >=media-libs/libmetalink-0.1.1[${MULTILIB_USEDEP}] )
- rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
- ssh? ( net-libs/libssh2[${MULTILIB_USEDEP}] )
- sys-libs/zlib[${MULTILIB_USEDEP}]"
-
-# Do we need to enforce the same ssl backend for curl and rtmpdump? Bug #423303
-# rtmp? (
-# media-video/rtmpdump
-# curl_ssl_gnutls? ( media-video/rtmpdump[gnutls] )
-# curl_ssl_openssl? ( media-video/rtmpdump[-gnutls,ssl] )
-# )
-
-# ssl providers to be added:
-# fbopenssl $(use_with spnego)
-
-DEPEND="${RDEPEND}"
-BDEPEND="virtual/pkgconfig
- test? (
- sys-apps/diffutils
- dev-lang/perl
- )"
-
-# c-ares must be disabled for threads
-# only one ssl provider can be enabled
-REQUIRED_USE="
- curl_ssl_winssl? ( elibc_Winnt )
- threads? ( !adns )
- ssl? (
- ^^ (
- curl_ssl_gnutls
- curl_ssl_libressl
- curl_ssl_mbedtls
- curl_ssl_nss
- curl_ssl_openssl
- curl_ssl_winssl
- )
- )"
-
-DOCS=( CHANGES README docs/FEATURES docs/INTERNALS.md \
- docs/FAQ docs/BUGS docs/CONTRIBUTE.md )
-
-MULTILIB_WRAPPED_HEADERS=(
- /usr/include/curl/curlbuild.h
-)
-
-MULTILIB_CHOST_TOOLS=(
- /usr/bin/curl-config
-)
-
-src_prepare() {
- eapply "${FILESDIR}"/${PN}-7.30.0-prefix.patch
- eapply "${FILESDIR}"/${PN}-respect-cflags-3.patch
- eapply "${FILESDIR}"/${PN}-fix-gnutls-nettle.patch
-
- sed -i '/LD_LIBRARY_PATH=/d' configure.ac || die #382241
- sed -i '/CURL_MAC_CFLAGS/d' configure.ac || die #637252
-
- eapply_user
- eprefixify curl-config.in
- eautoreconf
-}
-
-multilib_src_configure() {
- # We make use of the fact that later flags override earlier ones
- # So start with all ssl providers off until proven otherwise
- # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
- local myconf=()
- myconf+=( --without-gnutls --without-mbedtls --without-nss --without-polarssl --without-ssl --without-winssl )
- myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
- if use ssl ; then
- if use curl_ssl_gnutls; then
- einfo "SSL provided by gnutls"
- myconf+=( --with-gnutls --with-nettle )
- elif use curl_ssl_libressl; then
- einfo "SSL provided by LibreSSL"
- myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
- elif use curl_ssl_mbedtls; then
- einfo "SSL provided by mbedtls"
- myconf+=( --with-mbedtls )
- elif use curl_ssl_nss; then
- einfo "SSL provided by nss"
- myconf+=( --with-nss )
- elif use curl_ssl_openssl; then
- einfo "SSL provided by openssl"
- myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
- elif use curl_ssl_winssl; then
- einfo "SSL provided by Windows"
- myconf+=( --with-winssl )
- else
- eerror "We can't be here because of REQUIRED_USE."
- fi
- else
- einfo "SSL disabled"
- fi
-
- # These configuration options are organized alphabetically
- # within each category. This should make it easier if we
- # ever decide to make any of them contingent on USE flags:
- # 1) protocols first. To see them all do
- # 'grep SUPPORT_PROTOCOLS configure.ac'
- # 2) --enable/disable options second.
- # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
- # 3) --with/without options third.
- # grep -- --with configure | grep Check | awk '{ print $4 }' | sort
-
- ECONF_SOURCE="${S}" \
- econf \
- $(use_enable alt-svc) \
- --enable-crypto-auth \
- --enable-dict \
- --disable-esni \
- --enable-file \
- --enable-ftp \
- --enable-gopher \
- --enable-http \
- --enable-imap \
- $(use_enable ldap) \
- $(use_enable ldap ldaps) \
- --disable-ntlm-wb \
- --enable-pop3 \
- --enable-rt \
- --enable-rtsp \
- $(use_enable samba smb) \
- $(use_with ssh libssh2) \
- --enable-smtp \
- --enable-telnet \
- --enable-tftp \
- --enable-tls-srp \
- $(use_enable adns ares) \
- --enable-cookies \
- --enable-dateparse \
- --enable-dnsshuffle \
- --enable-doh \
- --enable-hidden-symbols \
- --enable-http-auth \
- $(use_enable ipv6) \
- --enable-largefile \
- --without-libpsl \
- --enable-manual \
- --enable-mime \
- --enable-netrc \
- $(use_enable progress-meter) \
- --enable-proxy \
- --disable-sspi \
- $(use_enable static-libs static) \
- $(use_enable threads threaded-resolver) \
- $(use_enable threads pthreads) \
- --disable-versioned-symbols \
- --without-amissl \
- --without-bearssl \
- --without-cyassl \
- --without-darwinssl \
- --without-fish-functions-dir \
- $(use_with idn libidn2) \
- $(use_with kerberos gssapi "${EPREFIX}"/usr) \
- $(use_with metalink libmetalink) \
- $(use_with http2 nghttp2) \
- $(use_with nghttp3) \
- $(use_with nghttp3 ngtcp2) \
- $(use_with quiche) \
- $(use_with rtmp librtmp) \
- $(use_with brotli) \
- --without-schannel \
- --without-secure-transport \
- --without-spnego \
- --without-winidn \
- --without-wolfssl \
- --with-zlib \
- "${myconf[@]}"
-
- if ! multilib_is_native_abi; then
- # avoid building the client
- sed -i -e '/SUBDIRS/s:src::' Makefile || die
- sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
- fi
-
- # Fix up the pkg-config file to be more robust.
- # https://github.com/curl/curl/issues/864
- local priv=() libs=()
- # We always enable zlib.
- libs+=( "-lz" )
- priv+=( "zlib" )
- if use http2; then
- libs+=( "-lnghttp2" )
- priv+=( "libnghttp2" )
- fi
- if use quiche; then
- libs+=( "-lquiche" )
- priv+=( "quiche" )
- fi
- if use nghttp3; then
- libs+=( "-lnghttp3" "-lngtcp2" )
- priv+=( "libnghttp3" "-libtcp2" )
- fi
- if use ssl && use curl_ssl_openssl; then
- libs+=( "-lssl" "-lcrypto" )
- priv+=( "openssl" )
- fi
- grep -q Requires.private libcurl.pc && die "need to update ebuild"
- libs=$(printf '|%s' "${libs[@]}")
- sed -i -r \
- -e "/^Libs.private/s:(${libs#|})( |$)::g" \
- libcurl.pc || die
- echo "Requires.private: ${priv[*]}" >> libcurl.pc
-}
-
-multilib_src_install_all() {
- einstalldocs
- find "${ED}" -type f -name '*.la' -delete
- rm -rf "${ED}"/etc/
-}
diff --git a/net-misc/curl/curl-7.69.1.ebuild b/net-misc/curl/curl-7.69.1.ebuild
deleted file mode 100644
index c787559e030..00000000000
--- a/net-misc/curl/curl-7.69.1.ebuild
+++ /dev/null
@@ -1,265 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit autotools eutils prefix multilib-minimal
-
-DESCRIPTION="A Client that groks URLs"
-HOMEPAGE="https://curl.haxx.se/"
-SRC_URI="https://curl.haxx.se/download/${P}.tar.xz"
-
-LICENSE="curl"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="adns alt-svc brotli +ftp gopher http2 idn +imap ipv6 kerberos ldap metalink +pop3 +progress-meter rtmp samba +smtp ssh ssl static-libs test telnet +tftp threads"
-IUSE+=" curl_ssl_gnutls curl_ssl_libressl curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_winssl"
-IUSE+=" nghttp3 quiche"
-IUSE+=" elibc_Winnt"
-
-#lead to lots of false negatives, bug #285669
-RESTRICT="test"
-
-RDEPEND="ldap? ( net-nds/openldap[${MULTILIB_USEDEP}] )
- brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
- ssl? (
- curl_ssl_gnutls? (
- net-libs/gnutls:0=[static-libs?,${MULTILIB_USEDEP}]
- dev-libs/nettle:0=[${MULTILIB_USEDEP}]
- app-misc/ca-certificates
- )
- curl_ssl_libressl? (
- dev-libs/libressl:0=[static-libs?,${MULTILIB_USEDEP}]
- )
- curl_ssl_mbedtls? (
- net-libs/mbedtls:0=[${MULTILIB_USEDEP}]
- app-misc/ca-certificates
- )
- curl_ssl_openssl? (
- dev-libs/openssl:0=[static-libs?,${MULTILIB_USEDEP}]
- )
- curl_ssl_nss? (
- dev-libs/nss:0[${MULTILIB_USEDEP}]
- app-misc/ca-certificates
- )
- )
- http2? ( net-libs/nghttp2[${MULTILIB_USEDEP}] )
- nghttp3? (
- net-libs/nghttp3[${MULTILIB_USEDEP}]
- net-libs/ngtcp2[ssl,${MULTILIB_USEDEP}]
- )
- quiche? ( >=net-libs/quiche-0.3.0[${MULTILIB_USEDEP}] )
- idn? ( net-dns/libidn2:0=[static-libs?,${MULTILIB_USEDEP}] )
- adns? ( net-dns/c-ares:0[${MULTILIB_USEDEP}] )
- kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
- metalink? ( >=media-libs/libmetalink-0.1.1[${MULTILIB_USEDEP}] )
- rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
- ssh? ( net-libs/libssh2[${MULTILIB_USEDEP}] )
- sys-libs/zlib[${MULTILIB_USEDEP}]"
-
-# Do we need to enforce the same ssl backend for curl and rtmpdump? Bug #423303
-# rtmp? (
-# media-video/rtmpdump
-# curl_ssl_gnutls? ( media-video/rtmpdump[gnutls] )
-# curl_ssl_openssl? ( media-video/rtmpdump[-gnutls,ssl] )
-# )
-
-# ssl providers to be added:
-# fbopenssl $(use_with spnego)
-
-DEPEND="${RDEPEND}"
-BDEPEND="virtual/pkgconfig
- test? (
- sys-apps/diffutils
- dev-lang/perl
- )"
-
-# c-ares must be disabled for threads
-# only one ssl provider can be enabled
-REQUIRED_USE="
- curl_ssl_winssl? ( elibc_Winnt )
- threads? ( !adns )
- ssl? (
- ^^ (
- curl_ssl_gnutls
- curl_ssl_libressl
- curl_ssl_mbedtls
- curl_ssl_nss
- curl_ssl_openssl
- curl_ssl_winssl
- )
- )"
-
-DOCS=( CHANGES README docs/FEATURES docs/INTERNALS.md \
- docs/FAQ docs/BUGS docs/CONTRIBUTE.md )
-
-MULTILIB_WRAPPED_HEADERS=(
- /usr/include/curl/curlbuild.h
-)
-
-MULTILIB_CHOST_TOOLS=(
- /usr/bin/curl-config
-)
-
-src_prepare() {
- eapply "${FILESDIR}"/${PN}-7.30.0-prefix.patch
- eapply "${FILESDIR}"/${PN}-respect-cflags-3.patch
- eapply "${FILESDIR}"/${PN}-fix-gnutls-nettle.patch
-
- sed -i '/LD_LIBRARY_PATH=/d' configure.ac || die #382241
- sed -i '/CURL_MAC_CFLAGS/d' configure.ac || die #637252
-
- eapply_user
- eprefixify curl-config.in
- eautoreconf
-}
-
-multilib_src_configure() {
- # We make use of the fact that later flags override earlier ones
- # So start with all ssl providers off until proven otherwise
- # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
- local myconf=()
- myconf+=( --without-gnutls --without-mbedtls --without-nss --without-polarssl --without-ssl --without-winssl )
- myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
- if use ssl ; then
- if use curl_ssl_gnutls; then
- einfo "SSL provided by gnutls"
- myconf+=( --with-gnutls --with-nettle )
- elif use curl_ssl_libressl; then
- einfo "SSL provided by LibreSSL"
- myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
- elif use curl_ssl_mbedtls; then
- einfo "SSL provided by mbedtls"
- myconf+=( --with-mbedtls )
- elif use curl_ssl_nss; then
- einfo "SSL provided by nss"
- myconf+=( --with-nss )
- elif use curl_ssl_openssl; then
- einfo "SSL provided by openssl"
- myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
- elif use curl_ssl_winssl; then
- einfo "SSL provided by Windows"
- myconf+=( --with-winssl )
- else
- eerror "We can't be here because of REQUIRED_USE."
- fi
- else
- einfo "SSL disabled"
- fi
-
- # These configuration options are organized alphabetically
- # within each category. This should make it easier if we
- # ever decide to make any of them contingent on USE flags:
- # 1) protocols first. To see them all do
- # 'grep SUPPORT_PROTOCOLS configure.ac'
- # 2) --enable/disable options second.
- # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
- # 3) --with/without options third.
- # grep -- --with configure | grep Check | awk '{ print $4 }' | sort
-
- ECONF_SOURCE="${S}" \
- econf \
- $(use_enable alt-svc) \
- --enable-crypto-auth \
- --enable-dict \
- --disable-esni \
- --enable-file \
- $(use_enable ftp) \
- $(use_enable gopher) \
- --enable-http \
- $(use_enable imap) \
- $(use_enable ldap) \
- $(use_enable ldap ldaps) \
- --disable-ntlm-wb \
- $(use_enable pop3) \
- --enable-rt \
- --enable-rtsp \
- $(use_enable samba smb) \
- $(use_with ssh libssh2) \
- $(use_enable smtp) \
- $(use_enable telnet) \
- $(use_enable tftp) \
- --enable-tls-srp \
- $(use_enable adns ares) \
- --enable-cookies \
- --enable-dateparse \
- --enable-dnsshuffle \
- --enable-doh \
- --enable-hidden-symbols \
- --enable-http-auth \
- $(use_enable ipv6) \
- --enable-largefile \
- --enable-manual \
- --enable-mime \
- --enable-netrc \
- $(use_enable progress-meter) \
- --enable-proxy \
- --disable-sspi \
- $(use_enable static-libs static) \
- $(use_enable threads threaded-resolver) \
- $(use_enable threads pthreads) \
- --disable-versioned-symbols \
- --without-amissl \
- --without-bearssl \
- --without-cyassl \
- --without-darwinssl \
- --without-fish-functions-dir \
- $(use_with idn libidn2) \
- $(use_with kerberos gssapi "${EPREFIX}"/usr) \
- $(use_with metalink libmetalink) \
- $(use_with http2 nghttp2) \
- --without-libpsl \
- $(use_with nghttp3) \
- $(use_with nghttp3 ngtcp2) \
- $(use_with quiche) \
- $(use_with rtmp librtmp) \
- $(use_with brotli) \
- --without-schannel \
- --without-secure-transport \
- --without-spnego \
- --without-winidn \
- --without-wolfssl \
- --with-zlib \
- "${myconf[@]}"
-
- if ! multilib_is_native_abi; then
- # avoid building the client
- sed -i -e '/SUBDIRS/s:src::' Makefile || die
- sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
- fi
-
- # Fix up the pkg-config file to be more robust.
- # https://github.com/curl/curl/issues/864
- local priv=() libs=()
- # We always enable zlib.
- libs+=( "-lz" )
- priv+=( "zlib" )
- if use http2; then
- libs+=( "-lnghttp2" )
- priv+=( "libnghttp2" )
- fi
- if use quiche; then
- libs+=( "-lquiche" )
- priv+=( "quiche" )
- fi
- if use nghttp3; then
- libs+=( "-lnghttp3" "-lngtcp2" )
- priv+=( "libnghttp3" "-libtcp2" )
- fi
- if use ssl && use curl_ssl_openssl; then
- libs+=( "-lssl" "-lcrypto" )
- priv+=( "openssl" )
- fi
- grep -q Requires.private libcurl.pc && die "need to update ebuild"
- libs=$(printf '|%s' "${libs[@]}")
- sed -i -r \
- -e "/^Libs.private/s:(${libs#|})( |$)::g" \
- libcurl.pc || die
- echo "Requires.private: ${priv[*]}" >> libcurl.pc
-}
-
-multilib_src_install_all() {
- einstalldocs
- find "${ED}" -type f -name '*.la' -delete
- rm -rf "${ED}"/etc/
-}
diff --git a/net-misc/curl/curl-7.70.0-r1.ebuild b/net-misc/curl/curl-7.70.0-r1.ebuild
deleted file mode 100644
index d10edbee215..00000000000
--- a/net-misc/curl/curl-7.70.0-r1.ebuild
+++ /dev/null
@@ -1,267 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit autotools eutils prefix multilib-minimal
-
-DESCRIPTION="A Client that groks URLs"
-HOMEPAGE="https://curl.haxx.se/"
-SRC_URI="https://curl.haxx.se/download/${P}.tar.xz"
-
-LICENSE="curl"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="adns alt-svc brotli +ftp gopher http2 idn +imap ipv6 kerberos ldap metalink +pop3 +progress-meter rtmp samba +smtp ssh ssl static-libs test telnet +tftp threads"
-IUSE+=" curl_ssl_gnutls curl_ssl_libressl curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_winssl"
-IUSE+=" nghttp3 quiche"
-IUSE+=" elibc_Winnt"
-
-#lead to lots of false negatives, bug #285669
-RESTRICT="test"
-
-RDEPEND="ldap? ( net-nds/openldap[${MULTILIB_USEDEP}] )
- brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
- ssl? (
- curl_ssl_gnutls? (
- net-libs/gnutls:0=[static-libs?,${MULTILIB_USEDEP}]
- dev-libs/nettle:0=[${MULTILIB_USEDEP}]
- app-misc/ca-certificates
- )
- curl_ssl_libressl? (
- dev-libs/libressl:0=[static-libs?,${MULTILIB_USEDEP}]
- )
- curl_ssl_mbedtls? (
- net-libs/mbedtls:0=[${MULTILIB_USEDEP}]
- app-misc/ca-certificates
- )
- curl_ssl_openssl? (
- dev-libs/openssl:0=[static-libs?,${MULTILIB_USEDEP}]
- )
- curl_ssl_nss? (
- dev-libs/nss:0[${MULTILIB_USEDEP}]
- app-misc/ca-certificates
- )
- )
- http2? ( net-libs/nghttp2[${MULTILIB_USEDEP}] )
- nghttp3? (
- net-libs/nghttp3[${MULTILIB_USEDEP}]
- net-libs/ngtcp2[ssl,${MULTILIB_USEDEP}]
- )
- quiche? ( >=net-libs/quiche-0.3.0[${MULTILIB_USEDEP}] )
- idn? ( net-dns/libidn2:0=[static-libs?,${MULTILIB_USEDEP}] )
- adns? ( net-dns/c-ares:0[${MULTILIB_USEDEP}] )
- kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
- metalink? ( >=media-libs/libmetalink-0.1.1[${MULTILIB_USEDEP}] )
- rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
- ssh? ( net-libs/libssh2[${MULTILIB_USEDEP}] )
- sys-libs/zlib[${MULTILIB_USEDEP}]"
-
-# Do we need to enforce the same ssl backend for curl and rtmpdump? Bug #423303
-# rtmp? (
-# media-video/rtmpdump
-# curl_ssl_gnutls? ( media-video/rtmpdump[gnutls] )
-# curl_ssl_openssl? ( media-video/rtmpdump[-gnutls,ssl] )
-# )
-
-# ssl providers to be added:
-# fbopenssl $(use_with spnego)
-
-DEPEND="${RDEPEND}"
-BDEPEND="virtual/pkgconfig
- test? (
- sys-apps/diffutils
- dev-lang/perl
- )"
-
-# c-ares must be disabled for threads
-# only one ssl provider can be enabled
-REQUIRED_USE="
- curl_ssl_winssl? ( elibc_Winnt )
- threads? ( !adns )
- ssl? (
- ^^ (
- curl_ssl_gnutls
- curl_ssl_libressl
- curl_ssl_mbedtls
- curl_ssl_nss
- curl_ssl_openssl
- curl_ssl_winssl
- )
- )"
-
-DOCS=( CHANGES README docs/FEATURES docs/INTERNALS.md \
- docs/FAQ docs/BUGS docs/CONTRIBUTE.md )
-
-MULTILIB_WRAPPED_HEADERS=(
- /usr/include/curl/curlbuild.h
-)
-
-MULTILIB_CHOST_TOOLS=(
- /usr/bin/curl-config
-)
-
-src_prepare() {
- eapply "${FILESDIR}"/${PN}-7.30.0-prefix.patch
- eapply "${FILESDIR}"/${PN}-respect-cflags-3.patch
- eapply "${FILESDIR}"/${PN}-fix-gnutls-nettle.patch
- eapply "${FILESDIR}"/${PN}-fix-cpu-load.patch
-
- sed -i '/LD_LIBRARY_PATH=/d' configure.ac || die #382241
- sed -i '/CURL_MAC_CFLAGS/d' configure.ac || die #637252
-
- eapply_user
- eprefixify curl-config.in
- eautoreconf
-}
-
-multilib_src_configure() {
- # We make use of the fact that later flags override earlier ones
- # So start with all ssl providers off until proven otherwise
- # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
- local myconf=()
- myconf+=( --without-gnutls --without-mbedtls --without-nss --without-polarssl --without-ssl --without-winssl )
- myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
- if use ssl ; then
- if use curl_ssl_gnutls; then
- einfo "SSL provided by gnutls"
- myconf+=( --with-gnutls --with-nettle )
- elif use curl_ssl_libressl; then
- einfo "SSL provided by LibreSSL"
- myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
- elif use curl_ssl_mbedtls; then
- einfo "SSL provided by mbedtls"
- myconf+=( --with-mbedtls )
- elif use curl_ssl_nss; then
- einfo "SSL provided by nss"
- myconf+=( --with-nss )
- elif use curl_ssl_openssl; then
- einfo "SSL provided by openssl"
- myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
- elif use curl_ssl_winssl; then
- einfo "SSL provided by Windows"
- myconf+=( --with-winssl )
- else
- eerror "We can't be here because of REQUIRED_USE."
- fi
- else
- einfo "SSL disabled"
- fi
-
- # These configuration options are organized alphabetically
- # within each category. This should make it easier if we
- # ever decide to make any of them contingent on USE flags:
- # 1) protocols first. To see them all do
- # 'grep SUPPORT_PROTOCOLS configure.ac'
- # 2) --enable/disable options second.
- # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
- # 3) --with/without options third.
- # grep -- --with configure | grep Check | awk '{ print $4 }' | sort
-
- ECONF_SOURCE="${S}" \
- econf \
- $(use_enable alt-svc) \
- --enable-crypto-auth \
- --enable-dict \
- --disable-esni \
- --enable-file \
- $(use_enable ftp) \
- $(use_enable gopher) \
- --enable-http \
- $(use_enable imap) \
- $(use_enable ldap) \
- $(use_enable ldap ldaps) \
- --disable-mqtt \
- --disable-ntlm-wb \
- $(use_enable pop3) \
- --enable-rt \
- --enable-rtsp \
- $(use_enable samba smb) \
- $(use_with ssh libssh2) \
- $(use_enable smtp) \
- $(use_enable telnet) \
- $(use_enable tftp) \
- --enable-tls-srp \
- $(use_enable adns ares) \
- --enable-cookies \
- --enable-dateparse \
- --enable-dnsshuffle \
- --enable-doh \
- --enable-hidden-symbols \
- --enable-http-auth \
- $(use_enable ipv6) \
- --enable-largefile \
- --enable-manual \
- --enable-mime \
- --enable-netrc \
- $(use_enable progress-meter) \
- --enable-proxy \
- --disable-sspi \
- $(use_enable static-libs static) \
- $(use_enable threads threaded-resolver) \
- $(use_enable threads pthreads) \
- --disable-versioned-symbols \
- --without-amissl \
- --without-bearssl \
- --without-cyassl \
- --without-darwinssl \
- --without-fish-functions-dir \
- $(use_with idn libidn2) \
- $(use_with kerberos gssapi "${EPREFIX}"/usr) \
- $(use_with metalink libmetalink) \
- $(use_with http2 nghttp2) \
- --without-libpsl \
- $(use_with nghttp3) \
- $(use_with nghttp3 ngtcp2) \
- $(use_with quiche) \
- $(use_with rtmp librtmp) \
- $(use_with brotli) \
- --without-schannel \
- --without-secure-transport \
- --without-spnego \
- --without-winidn \
- --without-wolfssl \
- --with-zlib \
- "${myconf[@]}"
-
- if ! multilib_is_native_abi; then
- # avoid building the client
- sed -i -e '/SUBDIRS/s:src::' Makefile || die
- sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
- fi
-
- # Fix up the pkg-config file to be more robust.
- # https://github.com/curl/curl/issues/864
- local priv=() libs=()
- # We always enable zlib.
- libs+=( "-lz" )
- priv+=( "zlib" )
- if use http2; then
- libs+=( "-lnghttp2" )
- priv+=( "libnghttp2" )
- fi
- if use quiche; then
- libs+=( "-lquiche" )
- priv+=( "quiche" )
- fi
- if use nghttp3; then
- libs+=( "-lnghttp3" "-lngtcp2" )
- priv+=( "libnghttp3" "-libtcp2" )
- fi
- if use ssl && use curl_ssl_openssl; then
- libs+=( "-lssl" "-lcrypto" )
- priv+=( "openssl" )
- fi
- grep -q Requires.private libcurl.pc && die "need to update ebuild"
- libs=$(printf '|%s' "${libs[@]}")
- sed -i -r \
- -e "/^Libs.private/s:(${libs#|})( |$)::g" \
- libcurl.pc || die
- echo "Requires.private: ${priv[*]}" >> libcurl.pc
-}
-
-multilib_src_install_all() {
- einstalldocs
- find "${ED}" -type f -name '*.la' -delete
- rm -rf "${ED}"/etc/
-}
diff --git a/net-misc/curl/files/curl-fix-cpu-load.patch b/net-misc/curl/files/curl-fix-cpu-load.patch
deleted file mode 100644
index fb20641b5b2..00000000000
--- a/net-misc/curl/files/curl-fix-cpu-load.patch
+++ /dev/null
@@ -1,94 +0,0 @@
-Fixes https://bugs.gentoo.org/727352
-
-From 2a41e236716da4c41ebc1132bd36d9273bd0321f Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Mon, 8 Jun 2020 14:05:22 +0200
-Subject: [PATCH] socks: detect connection close during handshake
-
-The SOCKS4/5 state machines weren't properly terminated when the proxy
-connection got closed, leading to a busy-loop.
-
-Reported-By: zloi-user on github
-Fixes #5532
-Closes #5542
----
- lib/socks.c | 32 ++++++++++++++++++++++++++++----
- 1 file changed, 28 insertions(+), 4 deletions(-)
-
-diff --git a/lib/socks.c b/lib/socks.c
-index 4c1af7b9de7..b2215fef30c 100644
---- a/lib/socks.c
-+++ b/lib/socks.c
-@@ -382,6 +382,11 @@ CURLcode Curl_SOCKS4(const char *proxy_user,
- curl_easy_strerror(result));
- return CURLE_COULDNT_CONNECT;
- }
-+ else if(!result && !actualread) {
-+ /* connection closed */
-+ failf(data, "connection to proxy closed");
-+ return CURLE_COULDNT_CONNECT;
-+ }
- else if(actualread != sx->outstanding) {
- /* remain in reading state */
- sx->outstanding -= actualread;
-@@ -592,6 +597,11 @@ CURLcode Curl_SOCKS5(const char *proxy_user,
- failf(data, "Unable to receive initial SOCKS5 response.");
- return CURLE_COULDNT_CONNECT;
- }
-+ else if(!result && !actualread) {
-+ /* connection closed */
-+ failf(data, "Connection to proxy closed");
-+ return CURLE_COULDNT_CONNECT;
-+ }
- else if(actualread != sx->outstanding) {
- /* remain in reading state */
- sx->outstanding -= actualread;
-@@ -717,15 +727,19 @@ CURLcode Curl_SOCKS5(const char *proxy_user,
- failf(data, "Unable to receive SOCKS5 sub-negotiation response.");
- return CURLE_COULDNT_CONNECT;
- }
-- if(actualread != sx->outstanding) {
-+ else if(!result && !actualread) {
-+ /* connection closed */
-+ failf(data, "connection to proxy closed");
-+ return CURLE_COULDNT_CONNECT;
-+ }
-+ else if(actualread != sx->outstanding) {
- /* remain in state */
- sx->outstanding -= actualread;
- sx->outp += actualread;
- return CURLE_OK;
- }
--
- /* ignore the first (VER) byte */
-- if(socksreq[1] != 0) { /* status */
-+ else if(socksreq[1] != 0) { /* status */
- failf(data, "User was rejected by the SOCKS5 server (%d %d).",
- socksreq[0], socksreq[1]);
- return CURLE_COULDNT_CONNECT;
-@@ -890,6 +904,11 @@ CURLcode Curl_SOCKS5(const char *proxy_user,
- failf(data, "Failed to receive SOCKS5 connect request ack.");
- return CURLE_COULDNT_CONNECT;
- }
-+ else if(!result && !actualread) {
-+ /* connection closed */
-+ failf(data, "connection to proxy closed");
-+ return CURLE_COULDNT_CONNECT;
-+ }
- else if(actualread != sx->outstanding) {
- /* remain in state */
- sx->outstanding -= actualread;
-@@ -967,7 +986,12 @@ CURLcode Curl_SOCKS5(const char *proxy_user,
- failf(data, "Failed to receive SOCKS5 connect request ack.");
- return CURLE_COULDNT_CONNECT;
- }
-- if(actualread != sx->outstanding) {
-+ else if(!result && !actualread) {
-+ /* connection closed */
-+ failf(data, "connection to proxy closed");
-+ return CURLE_COULDNT_CONNECT;
-+ }
-+ else if(actualread != sx->outstanding) {
- /* remain in state */
- sx->outstanding -= actualread;
- sx->outp += actualread;