From 04f8286d4a957947b08a02402a6ca6c8f949e26e Mon Sep 17 00:00:00 2001 From: Matt Jolly Date: Thu, 16 Feb 2023 21:14:47 +1100 Subject: net-misc/curl: add 7.88.0-r1 * Add HTTP/2 patchset * Add test fix patchset Bug: https://bugs.gentoo.org/894676 Signed-off-by: Matt Jolly Signed-off-by: Sam James --- net-misc/curl/curl-7.88.0-r1.ebuild | 298 ++++++++++++++++++++++++++++ net-misc/curl/files/curl-7.88.0-http2.patch | 93 +++++++++ net-misc/curl/files/curl-7.88.0-tests.patch | 120 +++++++++++ 3 files changed, 511 insertions(+) create mode 100644 net-misc/curl/curl-7.88.0-r1.ebuild create mode 100644 net-misc/curl/files/curl-7.88.0-http2.patch create mode 100644 net-misc/curl/files/curl-7.88.0-tests.patch (limited to 'net-misc') diff --git a/net-misc/curl/curl-7.88.0-r1.ebuild b/net-misc/curl/curl-7.88.0-r1.ebuild new file mode 100644 index 000000000000..a95ae998050a --- /dev/null +++ b/net-misc/curl/curl-7.88.0-r1.ebuild @@ -0,0 +1,298 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI="8" + +inherit autotools prefix multilib-minimal verify-sig + +DESCRIPTION="A Client that groks URLs" +HOMEPAGE="https://curl.se/" +SRC_URI="https://curl.se/download/${P}.tar.xz + verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )" + +LICENSE="curl" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +IUSE="+adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd" +IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_rustls" +IUSE+=" nghttp3" +VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/danielstenberg.asc + +#Only one default ssl provider can be enabled +REQUIRED_USE=" + ssl? ( + ^^ ( + curl_ssl_gnutls + curl_ssl_mbedtls + curl_ssl_nss + curl_ssl_openssl + curl_ssl_rustls + ) + )" + +# lead to lots of false negatives, bug #285669 +RESTRICT="!test? ( test )" + +RDEPEND="ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] ) + brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] ) + ssl? ( + gnutls? ( + net-libs/gnutls:=[static-libs?,${MULTILIB_USEDEP}] + dev-libs/nettle:=[${MULTILIB_USEDEP}] + app-misc/ca-certificates + ) + mbedtls? ( + net-libs/mbedtls:=[${MULTILIB_USEDEP}] + app-misc/ca-certificates + ) + openssl? ( + dev-libs/openssl:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}] + ) + nss? ( + dev-libs/nss:0[${MULTILIB_USEDEP}] + dev-libs/nss-pem + app-misc/ca-certificates + ) + rustls? ( + net-libs/rustls-ffi:=[${MULTILIB_USEDEP}] + ) + ) + http2? ( net-libs/nghttp2:=[${MULTILIB_USEDEP}] ) + nghttp3? ( + net-libs/nghttp3[${MULTILIB_USEDEP}] + net-libs/ngtcp2[ssl,${MULTILIB_USEDEP}] + ) + idn? ( net-dns/libidn2:=[static-libs?,${MULTILIB_USEDEP}] ) + adns? ( net-dns/c-ares:=[${MULTILIB_USEDEP}] ) + kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] ) + rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] ) + ssh? ( net-libs/libssh2[${MULTILIB_USEDEP}] ) + sys-libs/zlib[${MULTILIB_USEDEP}] + zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )" + +DEPEND="${RDEPEND}" +BDEPEND="dev-lang/perl + virtual/pkgconfig + test? ( + sys-apps/diffutils + ) + verify-sig? ( sec-keys/openpgp-keys-danielstenberg )" + +DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} ) + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/curl/curlbuild.h +) + +MULTILIB_CHOST_TOOLS=( + /usr/bin/curl-config +) + +PATCHES=( + "${FILESDIR}"/${PN}-7.30.0-prefix.patch + "${FILESDIR}"/${PN}-respect-cflags-3.patch + + "${FILESDIR}"/${P}-http2.patch + "${FILESDIR}"/${P}-tests.patch +) + +src_prepare() { + default + + eprefixify curl-config.in + eautoreconf +} + +multilib_src_configure() { + # We make use of the fact that later flags override earlier ones + # So start with all ssl providers off until proven otherwise + # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/) + local myconf=() + + myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt ) + #myconf+=( --without-default-ssl-backend ) + if use ssl ; then + myconf+=( --without-gnutls --without-mbedtls --without-nss --without-rustls ) + + if use gnutls || use curl_ssl_gnutls; then + einfo "SSL provided by gnutls" + myconf+=( --with-gnutls ) + fi + if use mbedtls || use curl_ssl_mbedtls; then + einfo "SSL provided by mbedtls" + myconf+=( --with-mbedtls ) + fi + if use nss || use curl_ssl_nss; then + einfo "SSL provided by nss" + myconf+=( --with-nss --with-nss-deprecated ) + fi + if use openssl || use curl_ssl_openssl; then + einfo "SSL provided by openssl" + myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs ) + fi + if use rustls || use curl_ssl_rustls; then + einfo "SSL provided by rustls" + myconf+=( --with-rustls ) + fi + if use curl_ssl_gnutls; then + einfo "Default SSL provided by gnutls" + myconf+=( --with-default-ssl-backend=gnutls ) + elif use curl_ssl_mbedtls; then + einfo "Default SSL provided by mbedtls" + myconf+=( --with-default-ssl-backend=mbedtls ) + elif use curl_ssl_nss; then + einfo "Default SSL provided by nss" + myconf+=( --with-default-ssl-backend=nss ) + elif use curl_ssl_openssl; then + einfo "Default SSL provided by openssl" + myconf+=( --with-default-ssl-backend=openssl ) + elif use curl_ssl_rustls; then + einfo "Default SSL provided by rustls" + myconf+=( --with-default-ssl-backend=rustls ) + else + eerror "We can't be here because of REQUIRED_USE." + fi + + else + myconf+=( --without-ssl ) + einfo "SSL disabled" + fi + + # These configuration options are organized alphabetically + # within each category. This should make it easier if we + # ever decide to make any of them contingent on USE flags: + # 1) protocols first. To see them all do + # 'grep SUPPORT_PROTOCOLS configure.ac' + # 2) --enable/disable options second. + # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort + # 3) --with/without options third. + # grep -- --with configure | grep Check | awk '{ print $4 }' | sort + + myconf+=( + $(use_enable alt-svc) + --enable-crypto-auth + --enable-dict + --disable-ech + --enable-file + $(use_enable ftp) + $(use_enable gopher) + $(use_enable hsts) + --enable-http + $(use_enable imap) + $(use_enable ldap) + $(use_enable ldap ldaps) + --enable-ntlm + --disable-ntlm-wb + $(use_enable pop3) + --enable-rt + --enable-rtsp + $(use_enable samba smb) + $(use_with ssh libssh2) + $(use_enable smtp) + $(use_enable telnet) + $(use_enable tftp) + --enable-tls-srp + $(use_enable adns ares) + --enable-cookies + --enable-dateparse + --enable-dnsshuffle + --enable-doh + --enable-symbol-hiding + --enable-http-auth + --enable-ipv6 + --enable-largefile + --enable-manual + --enable-mime + --enable-netrc + $(use_enable progress-meter) + --enable-proxy + --disable-sspi + $(use_enable static-libs static) + --enable-pthreads + --enable-threaded-resolver + --disable-versioned-symbols + --without-amissl + --without-bearssl + $(use_with brotli) + --without-fish-functions-dir + $(use_with http2 nghttp2) + --without-hyper + $(use_with idn libidn2) + $(use_with kerberos gssapi "${EPREFIX}"/usr) + --without-libgsasl + --without-libpsl + --without-msh3 + $(use_with nghttp3) + $(use_with nghttp3 ngtcp2) + --without-quiche + $(use_with rtmp librtmp) + --without-schannel + --without-secure-transport + $(use_enable websockets) + --without-winidn + --without-wolfssl + --with-zlib + $(use_with zstd) + ) + + # Do not supply a test httpd/caddy/etc + if use test; then + myconf+=( + --without-test-caddy + --without-test-httpd + --without-test-nghttpx + ) + fi + + ECONF_SOURCE="${S}" econf "${myconf[@]}" + + if ! multilib_is_native_abi; then + # avoid building the client + sed -i -e '/SUBDIRS/s:src::' Makefile || die + sed -i -e '/SUBDIRS/s:scripts::' Makefile || die + fi + + # Fix up the pkg-config file to be more robust. + # https://github.com/curl/curl/issues/864 + local priv=() libs=() + # We always enable zlib. + libs+=( "-lz" ) + priv+=( "zlib" ) + if use http2; then + libs+=( "-lnghttp2" ) + priv+=( "libnghttp2" ) + fi + if use nghttp3; then + libs+=( "-lnghttp3" "-lngtcp2" ) + priv+=( "libnghttp3" "libngtcp2" ) + fi + if use ssl && use curl_ssl_openssl; then + libs+=( "-lssl" "-lcrypto" ) + priv+=( "openssl" ) + fi + grep -q Requires.private libcurl.pc && die "need to update ebuild" + libs=$(printf '|%s' "${libs[@]}") + sed -i -r \ + -e "/^Libs.private/s:(${libs#|})( |$)::g" \ + libcurl.pc || die + echo "Requires.private: ${priv[*]}" >> libcurl.pc || die +} + +multilib_src_test() { + # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721 + # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches) + # -v: verbose + # -a: keep going on failure (so we see everything which breaks, not just 1st test) + # -k: keep test files after completion + # -am: automake style TAP output + # -p: print logs if test fails + # Note: if needed, we can disable tests. See e.g. Fedora's packaging + # or just read https://github.com/curl/curl/tree/master/tests#run. + multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p" +} + +multilib_src_install_all() { + einstalldocs + find "${ED}" -type f -name '*.la' -delete || die + rm -rf "${ED}"/etc/ || die +} diff --git a/net-misc/curl/files/curl-7.88.0-http2.patch b/net-misc/curl/files/curl-7.88.0-http2.patch new file mode 100644 index 000000000000..49d90e901823 --- /dev/null +++ b/net-misc/curl/files/curl-7.88.0-http2.patch @@ -0,0 +1,93 @@ +https://github.com/curl/curl/commit/87ed650d04dc1a6f7944a5d952f7d5b0934a19ac +Author: Harry Sintonen +Date: Thu Feb 16 06:26:26 2023 +0200 + + http2: set drain on stream end + + Ensure that on_frame_recv() stream end will trigger a read if there is + pending data. Without this it could happen that the pending data is + never consumed. + + This combined with https://github.com/curl/curl/pull/10529 should fix + https://github.com/curl/curl/issues/10525 + + Ref: https://github.com/curl/curl/issues/10525 + Closes #10530 + +--- a/lib/http2.c ++++ b/lib/http2.c +@@ -868,6 +868,14 @@ static int on_frame_recv(nghttp2_session *session, const nghttp2_frame *frame, + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + } ++ if(frame->hd.flags & NGHTTP2_FLAG_END_STREAM) { ++ /* Stream has ended. If there is pending data, ensure that read ++ will occur to consume it. */ ++ if(!data->state.drain && stream->memlen) { ++ drain_this(cf, data_s); ++ Curl_expire(data, 0, EXPIRE_RUN_NOW); ++ } ++ } + break; + case NGHTTP2_HEADERS: + DEBUGF(LOG_CF(data_s, cf, "[h2sid=%u] recv frame HEADERS", stream_id)); + +https://github.com/curl/curl/commit/3103de2053ca8cacf9cdbe78764ba6814481709f +Author: Stefan Eissing +Date: Wed Feb 15 22:11:13 2023 +0100 + + http2: buffer/pausedata and output flush fix. + + * do not process pending input data when copying pausedata to the + caller + * return CURLE_AGAIN if the output buffer could not be completely + written out. + + Ref: #10525 + Closes #10529 + +--- a/lib/http2.c ++++ b/lib/http2.c +@@ -467,6 +467,7 @@ static CURLcode flush_output(struct Curl_cfilter *cf, + } + if((size_t)written < buflen) { + Curl_dyn_tail(&ctx->outbuf, buflen - (size_t)written); ++ return CURLE_AGAIN; + } + else { + Curl_dyn_reset(&ctx->outbuf); +@@ -1790,6 +1791,7 @@ static ssize_t cf_h2_recv(struct Curl_cfilter *cf, struct Curl_easy *data, + + stream->pausedata += nread; + stream->pauselen -= nread; ++ drain_this(cf, data); + + if(stream->pauselen == 0) { + DEBUGF(LOG_CF(data, cf, "[h2sid=%u] Unpaused", stream->stream_id)); +@@ -1798,18 +1800,6 @@ static ssize_t cf_h2_recv(struct Curl_cfilter *cf, struct Curl_easy *data, + + stream->pausedata = NULL; + stream->pauselen = 0; +- +- /* When NGHTTP2_ERR_PAUSE is returned from +- data_source_read_callback, we might not process DATA frame +- fully. Calling nghttp2_session_mem_recv() again will +- continue to process DATA frame, but if there is no incoming +- frames, then we have to call it again with 0-length data. +- Without this, on_stream_close callback will not be called, +- and stream could be hanged. */ +- if(h2_process_pending_input(cf, data, err) != 0) { +- nread = -1; +- goto out; +- } + } + DEBUGF(LOG_CF(data, cf, "[h2sid=%u] recv: returns unpaused %zd bytes", + stream->stream_id, nread)); +@@ -1933,6 +1923,7 @@ static ssize_t cf_h2_recv(struct Curl_cfilter *cf, struct Curl_easy *data, + drained_transfer(cf, data); + } + ++ *err = CURLE_OK; + nread = retlen; + DEBUGF(LOG_CF(data, cf, "[h2sid=%u] cf_h2_recv -> %zd", + stream->stream_id, nread)); diff --git a/net-misc/curl/files/curl-7.88.0-tests.patch b/net-misc/curl/files/curl-7.88.0-tests.patch new file mode 100644 index 000000000000..81131dc6bc64 --- /dev/null +++ b/net-misc/curl/files/curl-7.88.0-tests.patch @@ -0,0 +1,120 @@ +https://github.com/curl/curl/commit/f1d09231adfc695d15995b9ef2c8c6e568c28091 +Author: Stefan Eissing +Date: Tue Feb 14 14:29:13 2023 +0100 + + tests: make the telnet server shut down a socket gracefully + + - test 1452 failed occasionally with ECONNRESET errnos in curl when the + server closed the connection in an unclean state. + + Closes #10509 + +--- a/tests/negtelnetserver.py ++++ b/tests/negtelnetserver.py +@@ -29,7 +29,9 @@ from __future__ import (absolute_import, division, print_function, + import argparse + import logging + import os ++import socket + import sys ++import time + + from util import ClosingFileHandler + +@@ -90,7 +92,7 @@ class NegotiatingTelnetHandler(socketserver.BaseRequestHandler): + neg.send_wont("NAWS") + + # Get the data passed through the negotiator +- data = neg.recv(1024) ++ data = neg.recv(4*1024) + log.debug("Incoming data: %r", data) + + if VERIFIED_REQ.encode('utf-8') in data: +@@ -109,6 +111,12 @@ class NegotiatingTelnetHandler(socketserver.BaseRequestHandler): + log.debug("Sending %r", response_data) + self.request.sendall(response_data) + ++ # put some effort into making a clean socket shutdown ++ # that does not give the client ECONNRESET ++ self.request.settimeout(0.1) ++ self.request.recv(4*1024) ++ self.request.shutdown(socket.SHUT_RDWR) ++ + except IOError: + log.exception("IOError hit during request") + + +https://github.com/curl/curl/commit/2fdc1d816ebf3c77f43068103bec1b3a3767881a +Author: Daniel Stenberg +Date: Wed Feb 15 15:04:07 2023 +0100 + + tests: make sure gnuserv-tls has SRP support before using it + + Reported-by: fundawang on github + Fixes #10522 + Closes #10524 + +--- a/tests/runtests.pl ++++ b/tests/runtests.pl +@@ -5382,7 +5382,7 @@ sub startservers { + elsif($what eq "httptls") { + if(!$httptlssrv) { + # for now, we can't run http TLS-EXT tests without gnutls-serv +- return "no gnutls-serv"; ++ return "no gnutls-serv (with SRP support)"; + } + if($torture && $run{'httptls'} && + !responsive_httptls_server($verbose, "IPv4")) { +--- a/tests/sshhelp.pm ++++ b/tests/sshhelp.pm +@@ -408,7 +408,16 @@ sub find_sshkeygen { + # Find httptlssrv (gnutls-serv) and return canonical filename + # + sub find_httptlssrv { +- return find_exe_file_hpath($httptlssrvexe); ++ my $p = find_exe_file_hpath($httptlssrvexe); ++ my @o = `$p -l`; ++ my $found; ++ for(@o) { ++ if(/Key exchange: SRP/) { ++ $found = 1; ++ last; ++ } ++ } ++ return $p if($found); + } + + + +https://github.com/curl/curl/commit/79d0b3c0c0bb00829f10ec139dbf3823c249ae72 +Author: Daniel Stenberg +Date: Wed Feb 15 13:03:21 2023 +0100 + + runtests: fix "uninitialized value $port" + + by using a more appropriate variable + + Reported-by: fundawang on github + Fixes #10518 + Closes #10520 + +--- a/tests/runtests.pl ++++ b/tests/runtests.pl +@@ -1740,7 +1740,7 @@ sub runhttpserver { + } + + # where is it? +- my $port; ++ my $port = 0; + if(!$port_or_path) { + $port = $port_or_path = pidfromfile($portfile); + } +@@ -1758,7 +1758,7 @@ sub runhttpserver { + $pid2 = $pid3; + + if($verbose) { +- logmsg "RUN: $srvrname server is on PID $httppid port $port\n"; ++ logmsg "RUN: $srvrname server is on PID $httppid port $port_or_path\n"; + } + + return ($httppid, $pid2, $port); -- cgit v1.2.3-65-gdbad