From f0cf742462897b3ddeb3705b7d606e0f98bf2c5e Mon Sep 17 00:00:00 2001 From: Sam James Date: Mon, 27 Jul 2020 02:33:27 +0000 Subject: net-misc/curl: security cleanup Closes: https://bugs.gentoo.org/729374 Package-Manager: Portage-3.0.0, Repoman-2.3.23 Signed-off-by: Sam James --- net-misc/curl/Manifest | 3 - net-misc/curl/curl-7.68.0.ebuild | 265 --------------------------- net-misc/curl/curl-7.69.1.ebuild | 265 --------------------------- net-misc/curl/curl-7.70.0-r1.ebuild | 267 ---------------------------- net-misc/curl/files/curl-fix-cpu-load.patch | 94 ---------- 5 files changed, 894 deletions(-) delete mode 100644 net-misc/curl/curl-7.68.0.ebuild delete mode 100644 net-misc/curl/curl-7.69.1.ebuild delete mode 100644 net-misc/curl/curl-7.70.0-r1.ebuild delete mode 100644 net-misc/curl/files/curl-fix-cpu-load.patch (limited to 'net-misc') diff --git a/net-misc/curl/Manifest b/net-misc/curl/Manifest index 11d6b199f880..4ae3273fda08 100644 --- a/net-misc/curl/Manifest +++ b/net-misc/curl/Manifest @@ -1,5 +1,2 @@ -DIST curl-7.68.0.tar.xz 2442788 BLAKE2B d72dbf3c4d6ef7259f0dc9b5347f9289067807246ce6aaab03f3a9c04c17328a8315261dbc08390096571bcad3bbb185a70d15ce83687d7e792bee37318bf269 SHA512 bf365609c9a66a05b3a263d02bcd3f81f905570c5739c8ec522a296b4b8e2a479d64d5524e8345e14eafad28995ee22d923522f1a45fa40eb46db38759c2eb2c -DIST curl-7.69.1.tar.xz 2467272 BLAKE2B 71eee2a8f511ea698f4ebf879bcdccabe11439b2f6c7812cde640f944af93b33dc797c6f4990ddd2a7051d33584dacc005ae011c16a6c1f7ab7fc7258c891937 SHA512 dcb917ce9a6f34b30adae10e2e635d7a8c67781d69789cc5617ab2b49e898394ecfeee546453b14ab168d4b3b52baf974b2ec07e7a4b199addbc1ba57274d8fa -DIST curl-7.70.0.tar.xz 2348780 BLAKE2B 6b505d87242bcaa554c4ee6994eb97ca70453521c1e77b5e757677475328c70f41e23e22b3a0eb9be7a299a94d4f1f85a46f7f999f3db8439072626320352ecf SHA512 ab8796af1bd6f35ae704fd5e3639a8153482615a05c24e2e6d0b9cef8ed9a1e0d497ead2dbf5972cc53f632c2d87f0bf79e9e7cac625452dd24e6c7d8045cfc6 DIST curl-7.71.0.tar.xz 2379056 BLAKE2B 50d7369e4335823c3032b8801b270f7d8e687b0552f25ed5f9752549483cf68870e0422132ecf86e756e1c7c27cdf60048a7765850608c3a1b734cffb1fe7b99 SHA512 f1ea045f23b6a7e2c84ea83954d3299c612f57c3b1e5fee0b39493dc92fc4e95e7af2a5424c2e5bc480659e80cf1adce1fc528fc816f8ff2d0e7bfcfe4c5830a DIST curl-7.71.1.tar.xz 2387660 BLAKE2B 47b3a4704ae8b09b37f7a9d8850fd7d692d91db3dd4ad776aad9a57d0162e0f4091e0387a850eb048f834e6dfee5bcb36da56493a106696c72072c612b47f623 SHA512 631e0ee8562e5029fe022bfab4222836a3e6d666e82e2bfbd78311fe5985105218a36d1ea68c93472fc57a12b713957a3bcca6e385eda4e58a47ca8d5d50265b diff --git a/net-misc/curl/curl-7.68.0.ebuild b/net-misc/curl/curl-7.68.0.ebuild deleted file mode 100644 index 0141a4e0a48d..000000000000 --- a/net-misc/curl/curl-7.68.0.ebuild +++ /dev/null @@ -1,265 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI="7" - -inherit autotools eutils prefix multilib-minimal - -DESCRIPTION="A Client that groks URLs" -HOMEPAGE="https://curl.haxx.se/" -SRC_URI="https://curl.haxx.se/download/${P}.tar.xz" - -LICENSE="curl" -SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -IUSE="adns alt-svc brotli http2 idn ipv6 kerberos ldap metalink +progress-meter rtmp samba ssh ssl static-libs test threads" -IUSE+=" curl_ssl_gnutls curl_ssl_libressl curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_winssl" -IUSE+=" nghttp3 quiche" -IUSE+=" elibc_Winnt" - -#lead to lots of false negatives, bug #285669 -RESTRICT="test" - -RDEPEND="ldap? ( net-nds/openldap[${MULTILIB_USEDEP}] ) - brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] ) - ssl? ( - curl_ssl_gnutls? ( - net-libs/gnutls:0=[static-libs?,${MULTILIB_USEDEP}] - dev-libs/nettle:0=[${MULTILIB_USEDEP}] - app-misc/ca-certificates - ) - curl_ssl_libressl? ( - dev-libs/libressl:0=[static-libs?,${MULTILIB_USEDEP}] - ) - curl_ssl_mbedtls? ( - net-libs/mbedtls:0=[${MULTILIB_USEDEP}] - app-misc/ca-certificates - ) - curl_ssl_openssl? ( - dev-libs/openssl:0=[static-libs?,${MULTILIB_USEDEP}] - ) - curl_ssl_nss? ( - dev-libs/nss:0[${MULTILIB_USEDEP}] - app-misc/ca-certificates - ) - ) - http2? ( net-libs/nghttp2[${MULTILIB_USEDEP}] ) - nghttp3? ( - net-libs/nghttp3[${MULTILIB_USEDEP}] - net-libs/ngtcp2[ssl,${MULTILIB_USEDEP}] - ) - quiche? ( net-libs/quiche[${MULTILIB_USEDEP}] ) - idn? ( net-dns/libidn2:0=[static-libs?,${MULTILIB_USEDEP}] ) - adns? ( net-dns/c-ares:0[${MULTILIB_USEDEP}] ) - kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] ) - metalink? ( >=media-libs/libmetalink-0.1.1[${MULTILIB_USEDEP}] ) - rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] ) - ssh? ( net-libs/libssh2[${MULTILIB_USEDEP}] ) - sys-libs/zlib[${MULTILIB_USEDEP}]" - -# Do we need to enforce the same ssl backend for curl and rtmpdump? Bug #423303 -# rtmp? ( -# media-video/rtmpdump -# curl_ssl_gnutls? ( media-video/rtmpdump[gnutls] ) -# curl_ssl_openssl? ( media-video/rtmpdump[-gnutls,ssl] ) -# ) - -# ssl providers to be added: -# fbopenssl $(use_with spnego) - -DEPEND="${RDEPEND}" -BDEPEND="virtual/pkgconfig - test? ( - sys-apps/diffutils - dev-lang/perl - )" - -# c-ares must be disabled for threads -# only one ssl provider can be enabled -REQUIRED_USE=" - curl_ssl_winssl? ( elibc_Winnt ) - threads? ( !adns ) - ssl? ( - ^^ ( - curl_ssl_gnutls - curl_ssl_libressl - curl_ssl_mbedtls - curl_ssl_nss - curl_ssl_openssl - curl_ssl_winssl - ) - )" - -DOCS=( CHANGES README docs/FEATURES docs/INTERNALS.md \ - docs/FAQ docs/BUGS docs/CONTRIBUTE.md ) - -MULTILIB_WRAPPED_HEADERS=( - /usr/include/curl/curlbuild.h -) - -MULTILIB_CHOST_TOOLS=( - /usr/bin/curl-config -) - -src_prepare() { - eapply "${FILESDIR}"/${PN}-7.30.0-prefix.patch - eapply "${FILESDIR}"/${PN}-respect-cflags-3.patch - eapply "${FILESDIR}"/${PN}-fix-gnutls-nettle.patch - - sed -i '/LD_LIBRARY_PATH=/d' configure.ac || die #382241 - sed -i '/CURL_MAC_CFLAGS/d' configure.ac || die #637252 - - eapply_user - eprefixify curl-config.in - eautoreconf -} - -multilib_src_configure() { - # We make use of the fact that later flags override earlier ones - # So start with all ssl providers off until proven otherwise - # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/) - local myconf=() - myconf+=( --without-gnutls --without-mbedtls --without-nss --without-polarssl --without-ssl --without-winssl ) - myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt ) - if use ssl ; then - if use curl_ssl_gnutls; then - einfo "SSL provided by gnutls" - myconf+=( --with-gnutls --with-nettle ) - elif use curl_ssl_libressl; then - einfo "SSL provided by LibreSSL" - myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs ) - elif use curl_ssl_mbedtls; then - einfo "SSL provided by mbedtls" - myconf+=( --with-mbedtls ) - elif use curl_ssl_nss; then - einfo "SSL provided by nss" - myconf+=( --with-nss ) - elif use curl_ssl_openssl; then - einfo "SSL provided by openssl" - myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs ) - elif use curl_ssl_winssl; then - einfo "SSL provided by Windows" - myconf+=( --with-winssl ) - else - eerror "We can't be here because of REQUIRED_USE." - fi - else - einfo "SSL disabled" - fi - - # These configuration options are organized alphabetically - # within each category. This should make it easier if we - # ever decide to make any of them contingent on USE flags: - # 1) protocols first. To see them all do - # 'grep SUPPORT_PROTOCOLS configure.ac' - # 2) --enable/disable options second. - # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort - # 3) --with/without options third. - # grep -- --with configure | grep Check | awk '{ print $4 }' | sort - - ECONF_SOURCE="${S}" \ - econf \ - $(use_enable alt-svc) \ - --enable-crypto-auth \ - --enable-dict \ - --disable-esni \ - --enable-file \ - --enable-ftp \ - --enable-gopher \ - --enable-http \ - --enable-imap \ - $(use_enable ldap) \ - $(use_enable ldap ldaps) \ - --disable-ntlm-wb \ - --enable-pop3 \ - --enable-rt \ - --enable-rtsp \ - $(use_enable samba smb) \ - $(use_with ssh libssh2) \ - --enable-smtp \ - --enable-telnet \ - --enable-tftp \ - --enable-tls-srp \ - $(use_enable adns ares) \ - --enable-cookies \ - --enable-dateparse \ - --enable-dnsshuffle \ - --enable-doh \ - --enable-hidden-symbols \ - --enable-http-auth \ - $(use_enable ipv6) \ - --enable-largefile \ - --without-libpsl \ - --enable-manual \ - --enable-mime \ - --enable-netrc \ - $(use_enable progress-meter) \ - --enable-proxy \ - --disable-sspi \ - $(use_enable static-libs static) \ - $(use_enable threads threaded-resolver) \ - $(use_enable threads pthreads) \ - --disable-versioned-symbols \ - --without-amissl \ - --without-bearssl \ - --without-cyassl \ - --without-darwinssl \ - --without-fish-functions-dir \ - $(use_with idn libidn2) \ - $(use_with kerberos gssapi "${EPREFIX}"/usr) \ - $(use_with metalink libmetalink) \ - $(use_with http2 nghttp2) \ - $(use_with nghttp3) \ - $(use_with nghttp3 ngtcp2) \ - $(use_with quiche) \ - $(use_with rtmp librtmp) \ - $(use_with brotli) \ - --without-schannel \ - --without-secure-transport \ - --without-spnego \ - --without-winidn \ - --without-wolfssl \ - --with-zlib \ - "${myconf[@]}" - - if ! multilib_is_native_abi; then - # avoid building the client - sed -i -e '/SUBDIRS/s:src::' Makefile || die - sed -i -e '/SUBDIRS/s:scripts::' Makefile || die - fi - - # Fix up the pkg-config file to be more robust. - # https://github.com/curl/curl/issues/864 - local priv=() libs=() - # We always enable zlib. - libs+=( "-lz" ) - priv+=( "zlib" ) - if use http2; then - libs+=( "-lnghttp2" ) - priv+=( "libnghttp2" ) - fi - if use quiche; then - libs+=( "-lquiche" ) - priv+=( "quiche" ) - fi - if use nghttp3; then - libs+=( "-lnghttp3" "-lngtcp2" ) - priv+=( "libnghttp3" "-libtcp2" ) - fi - if use ssl && use curl_ssl_openssl; then - libs+=( "-lssl" "-lcrypto" ) - priv+=( "openssl" ) - fi - grep -q Requires.private libcurl.pc && die "need to update ebuild" - libs=$(printf '|%s' "${libs[@]}") - sed -i -r \ - -e "/^Libs.private/s:(${libs#|})( |$)::g" \ - libcurl.pc || die - echo "Requires.private: ${priv[*]}" >> libcurl.pc -} - -multilib_src_install_all() { - einstalldocs - find "${ED}" -type f -name '*.la' -delete - rm -rf "${ED}"/etc/ -} diff --git a/net-misc/curl/curl-7.69.1.ebuild b/net-misc/curl/curl-7.69.1.ebuild deleted file mode 100644 index c787559e0302..000000000000 --- a/net-misc/curl/curl-7.69.1.ebuild +++ /dev/null @@ -1,265 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI="7" - -inherit autotools eutils prefix multilib-minimal - -DESCRIPTION="A Client that groks URLs" -HOMEPAGE="https://curl.haxx.se/" -SRC_URI="https://curl.haxx.se/download/${P}.tar.xz" - -LICENSE="curl" -SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -IUSE="adns alt-svc brotli +ftp gopher http2 idn +imap ipv6 kerberos ldap metalink +pop3 +progress-meter rtmp samba +smtp ssh ssl static-libs test telnet +tftp threads" -IUSE+=" curl_ssl_gnutls curl_ssl_libressl curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_winssl" -IUSE+=" nghttp3 quiche" -IUSE+=" elibc_Winnt" - -#lead to lots of false negatives, bug #285669 -RESTRICT="test" - -RDEPEND="ldap? ( net-nds/openldap[${MULTILIB_USEDEP}] ) - brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] ) - ssl? ( - curl_ssl_gnutls? ( - net-libs/gnutls:0=[static-libs?,${MULTILIB_USEDEP}] - dev-libs/nettle:0=[${MULTILIB_USEDEP}] - app-misc/ca-certificates - ) - curl_ssl_libressl? ( - dev-libs/libressl:0=[static-libs?,${MULTILIB_USEDEP}] - ) - curl_ssl_mbedtls? ( - net-libs/mbedtls:0=[${MULTILIB_USEDEP}] - app-misc/ca-certificates - ) - curl_ssl_openssl? ( - dev-libs/openssl:0=[static-libs?,${MULTILIB_USEDEP}] - ) - curl_ssl_nss? ( - dev-libs/nss:0[${MULTILIB_USEDEP}] - app-misc/ca-certificates - ) - ) - http2? ( net-libs/nghttp2[${MULTILIB_USEDEP}] ) - nghttp3? ( - net-libs/nghttp3[${MULTILIB_USEDEP}] - net-libs/ngtcp2[ssl,${MULTILIB_USEDEP}] - ) - quiche? ( >=net-libs/quiche-0.3.0[${MULTILIB_USEDEP}] ) - idn? ( net-dns/libidn2:0=[static-libs?,${MULTILIB_USEDEP}] ) - adns? ( net-dns/c-ares:0[${MULTILIB_USEDEP}] ) - kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] ) - metalink? ( >=media-libs/libmetalink-0.1.1[${MULTILIB_USEDEP}] ) - rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] ) - ssh? ( net-libs/libssh2[${MULTILIB_USEDEP}] ) - sys-libs/zlib[${MULTILIB_USEDEP}]" - -# Do we need to enforce the same ssl backend for curl and rtmpdump? Bug #423303 -# rtmp? ( -# media-video/rtmpdump -# curl_ssl_gnutls? ( media-video/rtmpdump[gnutls] ) -# curl_ssl_openssl? ( media-video/rtmpdump[-gnutls,ssl] ) -# ) - -# ssl providers to be added: -# fbopenssl $(use_with spnego) - -DEPEND="${RDEPEND}" -BDEPEND="virtual/pkgconfig - test? ( - sys-apps/diffutils - dev-lang/perl - )" - -# c-ares must be disabled for threads -# only one ssl provider can be enabled -REQUIRED_USE=" - curl_ssl_winssl? ( elibc_Winnt ) - threads? ( !adns ) - ssl? ( - ^^ ( - curl_ssl_gnutls - curl_ssl_libressl - curl_ssl_mbedtls - curl_ssl_nss - curl_ssl_openssl - curl_ssl_winssl - ) - )" - -DOCS=( CHANGES README docs/FEATURES docs/INTERNALS.md \ - docs/FAQ docs/BUGS docs/CONTRIBUTE.md ) - -MULTILIB_WRAPPED_HEADERS=( - /usr/include/curl/curlbuild.h -) - -MULTILIB_CHOST_TOOLS=( - /usr/bin/curl-config -) - -src_prepare() { - eapply "${FILESDIR}"/${PN}-7.30.0-prefix.patch - eapply "${FILESDIR}"/${PN}-respect-cflags-3.patch - eapply "${FILESDIR}"/${PN}-fix-gnutls-nettle.patch - - sed -i '/LD_LIBRARY_PATH=/d' configure.ac || die #382241 - sed -i '/CURL_MAC_CFLAGS/d' configure.ac || die #637252 - - eapply_user - eprefixify curl-config.in - eautoreconf -} - -multilib_src_configure() { - # We make use of the fact that later flags override earlier ones - # So start with all ssl providers off until proven otherwise - # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/) - local myconf=() - myconf+=( --without-gnutls --without-mbedtls --without-nss --without-polarssl --without-ssl --without-winssl ) - myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt ) - if use ssl ; then - if use curl_ssl_gnutls; then - einfo "SSL provided by gnutls" - myconf+=( --with-gnutls --with-nettle ) - elif use curl_ssl_libressl; then - einfo "SSL provided by LibreSSL" - myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs ) - elif use curl_ssl_mbedtls; then - einfo "SSL provided by mbedtls" - myconf+=( --with-mbedtls ) - elif use curl_ssl_nss; then - einfo "SSL provided by nss" - myconf+=( --with-nss ) - elif use curl_ssl_openssl; then - einfo "SSL provided by openssl" - myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs ) - elif use curl_ssl_winssl; then - einfo "SSL provided by Windows" - myconf+=( --with-winssl ) - else - eerror "We can't be here because of REQUIRED_USE." - fi - else - einfo "SSL disabled" - fi - - # These configuration options are organized alphabetically - # within each category. This should make it easier if we - # ever decide to make any of them contingent on USE flags: - # 1) protocols first. To see them all do - # 'grep SUPPORT_PROTOCOLS configure.ac' - # 2) --enable/disable options second. - # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort - # 3) --with/without options third. - # grep -- --with configure | grep Check | awk '{ print $4 }' | sort - - ECONF_SOURCE="${S}" \ - econf \ - $(use_enable alt-svc) \ - --enable-crypto-auth \ - --enable-dict \ - --disable-esni \ - --enable-file \ - $(use_enable ftp) \ - $(use_enable gopher) \ - --enable-http \ - $(use_enable imap) \ - $(use_enable ldap) \ - $(use_enable ldap ldaps) \ - --disable-ntlm-wb \ - $(use_enable pop3) \ - --enable-rt \ - --enable-rtsp \ - $(use_enable samba smb) \ - $(use_with ssh libssh2) \ - $(use_enable smtp) \ - $(use_enable telnet) \ - $(use_enable tftp) \ - --enable-tls-srp \ - $(use_enable adns ares) \ - --enable-cookies \ - --enable-dateparse \ - --enable-dnsshuffle \ - --enable-doh \ - --enable-hidden-symbols \ - --enable-http-auth \ - $(use_enable ipv6) \ - --enable-largefile \ - --enable-manual \ - --enable-mime \ - --enable-netrc \ - $(use_enable progress-meter) \ - --enable-proxy \ - --disable-sspi \ - $(use_enable static-libs static) \ - $(use_enable threads threaded-resolver) \ - $(use_enable threads pthreads) \ - --disable-versioned-symbols \ - --without-amissl \ - --without-bearssl \ - --without-cyassl \ - --without-darwinssl \ - --without-fish-functions-dir \ - $(use_with idn libidn2) \ - $(use_with kerberos gssapi "${EPREFIX}"/usr) \ - $(use_with metalink libmetalink) \ - $(use_with http2 nghttp2) \ - --without-libpsl \ - $(use_with nghttp3) \ - $(use_with nghttp3 ngtcp2) \ - $(use_with quiche) \ - $(use_with rtmp librtmp) \ - $(use_with brotli) \ - --without-schannel \ - --without-secure-transport \ - --without-spnego \ - --without-winidn \ - --without-wolfssl \ - --with-zlib \ - "${myconf[@]}" - - if ! multilib_is_native_abi; then - # avoid building the client - sed -i -e '/SUBDIRS/s:src::' Makefile || die - sed -i -e '/SUBDIRS/s:scripts::' Makefile || die - fi - - # Fix up the pkg-config file to be more robust. - # https://github.com/curl/curl/issues/864 - local priv=() libs=() - # We always enable zlib. - libs+=( "-lz" ) - priv+=( "zlib" ) - if use http2; then - libs+=( "-lnghttp2" ) - priv+=( "libnghttp2" ) - fi - if use quiche; then - libs+=( "-lquiche" ) - priv+=( "quiche" ) - fi - if use nghttp3; then - libs+=( "-lnghttp3" "-lngtcp2" ) - priv+=( "libnghttp3" "-libtcp2" ) - fi - if use ssl && use curl_ssl_openssl; then - libs+=( "-lssl" "-lcrypto" ) - priv+=( "openssl" ) - fi - grep -q Requires.private libcurl.pc && die "need to update ebuild" - libs=$(printf '|%s' "${libs[@]}") - sed -i -r \ - -e "/^Libs.private/s:(${libs#|})( |$)::g" \ - libcurl.pc || die - echo "Requires.private: ${priv[*]}" >> libcurl.pc -} - -multilib_src_install_all() { - einstalldocs - find "${ED}" -type f -name '*.la' -delete - rm -rf "${ED}"/etc/ -} diff --git a/net-misc/curl/curl-7.70.0-r1.ebuild b/net-misc/curl/curl-7.70.0-r1.ebuild deleted file mode 100644 index d10edbee2152..000000000000 --- a/net-misc/curl/curl-7.70.0-r1.ebuild +++ /dev/null @@ -1,267 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI="7" - -inherit autotools eutils prefix multilib-minimal - -DESCRIPTION="A Client that groks URLs" -HOMEPAGE="https://curl.haxx.se/" -SRC_URI="https://curl.haxx.se/download/${P}.tar.xz" - -LICENSE="curl" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -IUSE="adns alt-svc brotli +ftp gopher http2 idn +imap ipv6 kerberos ldap metalink +pop3 +progress-meter rtmp samba +smtp ssh ssl static-libs test telnet +tftp threads" -IUSE+=" curl_ssl_gnutls curl_ssl_libressl curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_winssl" -IUSE+=" nghttp3 quiche" -IUSE+=" elibc_Winnt" - -#lead to lots of false negatives, bug #285669 -RESTRICT="test" - -RDEPEND="ldap? ( net-nds/openldap[${MULTILIB_USEDEP}] ) - brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] ) - ssl? ( - curl_ssl_gnutls? ( - net-libs/gnutls:0=[static-libs?,${MULTILIB_USEDEP}] - dev-libs/nettle:0=[${MULTILIB_USEDEP}] - app-misc/ca-certificates - ) - curl_ssl_libressl? ( - dev-libs/libressl:0=[static-libs?,${MULTILIB_USEDEP}] - ) - curl_ssl_mbedtls? ( - net-libs/mbedtls:0=[${MULTILIB_USEDEP}] - app-misc/ca-certificates - ) - curl_ssl_openssl? ( - dev-libs/openssl:0=[static-libs?,${MULTILIB_USEDEP}] - ) - curl_ssl_nss? ( - dev-libs/nss:0[${MULTILIB_USEDEP}] - app-misc/ca-certificates - ) - ) - http2? ( net-libs/nghttp2[${MULTILIB_USEDEP}] ) - nghttp3? ( - net-libs/nghttp3[${MULTILIB_USEDEP}] - net-libs/ngtcp2[ssl,${MULTILIB_USEDEP}] - ) - quiche? ( >=net-libs/quiche-0.3.0[${MULTILIB_USEDEP}] ) - idn? ( net-dns/libidn2:0=[static-libs?,${MULTILIB_USEDEP}] ) - adns? ( net-dns/c-ares:0[${MULTILIB_USEDEP}] ) - kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] ) - metalink? ( >=media-libs/libmetalink-0.1.1[${MULTILIB_USEDEP}] ) - rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] ) - ssh? ( net-libs/libssh2[${MULTILIB_USEDEP}] ) - sys-libs/zlib[${MULTILIB_USEDEP}]" - -# Do we need to enforce the same ssl backend for curl and rtmpdump? Bug #423303 -# rtmp? ( -# media-video/rtmpdump -# curl_ssl_gnutls? ( media-video/rtmpdump[gnutls] ) -# curl_ssl_openssl? ( media-video/rtmpdump[-gnutls,ssl] ) -# ) - -# ssl providers to be added: -# fbopenssl $(use_with spnego) - -DEPEND="${RDEPEND}" -BDEPEND="virtual/pkgconfig - test? ( - sys-apps/diffutils - dev-lang/perl - )" - -# c-ares must be disabled for threads -# only one ssl provider can be enabled -REQUIRED_USE=" - curl_ssl_winssl? ( elibc_Winnt ) - threads? ( !adns ) - ssl? ( - ^^ ( - curl_ssl_gnutls - curl_ssl_libressl - curl_ssl_mbedtls - curl_ssl_nss - curl_ssl_openssl - curl_ssl_winssl - ) - )" - -DOCS=( CHANGES README docs/FEATURES docs/INTERNALS.md \ - docs/FAQ docs/BUGS docs/CONTRIBUTE.md ) - -MULTILIB_WRAPPED_HEADERS=( - /usr/include/curl/curlbuild.h -) - -MULTILIB_CHOST_TOOLS=( - /usr/bin/curl-config -) - -src_prepare() { - eapply "${FILESDIR}"/${PN}-7.30.0-prefix.patch - eapply "${FILESDIR}"/${PN}-respect-cflags-3.patch - eapply "${FILESDIR}"/${PN}-fix-gnutls-nettle.patch - eapply "${FILESDIR}"/${PN}-fix-cpu-load.patch - - sed -i '/LD_LIBRARY_PATH=/d' configure.ac || die #382241 - sed -i '/CURL_MAC_CFLAGS/d' configure.ac || die #637252 - - eapply_user - eprefixify curl-config.in - eautoreconf -} - -multilib_src_configure() { - # We make use of the fact that later flags override earlier ones - # So start with all ssl providers off until proven otherwise - # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/) - local myconf=() - myconf+=( --without-gnutls --without-mbedtls --without-nss --without-polarssl --without-ssl --without-winssl ) - myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt ) - if use ssl ; then - if use curl_ssl_gnutls; then - einfo "SSL provided by gnutls" - myconf+=( --with-gnutls --with-nettle ) - elif use curl_ssl_libressl; then - einfo "SSL provided by LibreSSL" - myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs ) - elif use curl_ssl_mbedtls; then - einfo "SSL provided by mbedtls" - myconf+=( --with-mbedtls ) - elif use curl_ssl_nss; then - einfo "SSL provided by nss" - myconf+=( --with-nss ) - elif use curl_ssl_openssl; then - einfo "SSL provided by openssl" - myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs ) - elif use curl_ssl_winssl; then - einfo "SSL provided by Windows" - myconf+=( --with-winssl ) - else - eerror "We can't be here because of REQUIRED_USE." - fi - else - einfo "SSL disabled" - fi - - # These configuration options are organized alphabetically - # within each category. This should make it easier if we - # ever decide to make any of them contingent on USE flags: - # 1) protocols first. To see them all do - # 'grep SUPPORT_PROTOCOLS configure.ac' - # 2) --enable/disable options second. - # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort - # 3) --with/without options third. - # grep -- --with configure | grep Check | awk '{ print $4 }' | sort - - ECONF_SOURCE="${S}" \ - econf \ - $(use_enable alt-svc) \ - --enable-crypto-auth \ - --enable-dict \ - --disable-esni \ - --enable-file \ - $(use_enable ftp) \ - $(use_enable gopher) \ - --enable-http \ - $(use_enable imap) \ - $(use_enable ldap) \ - $(use_enable ldap ldaps) \ - --disable-mqtt \ - --disable-ntlm-wb \ - $(use_enable pop3) \ - --enable-rt \ - --enable-rtsp \ - $(use_enable samba smb) \ - $(use_with ssh libssh2) \ - $(use_enable smtp) \ - $(use_enable telnet) \ - $(use_enable tftp) \ - --enable-tls-srp \ - $(use_enable adns ares) \ - --enable-cookies \ - --enable-dateparse \ - --enable-dnsshuffle \ - --enable-doh \ - --enable-hidden-symbols \ - --enable-http-auth \ - $(use_enable ipv6) \ - --enable-largefile \ - --enable-manual \ - --enable-mime \ - --enable-netrc \ - $(use_enable progress-meter) \ - --enable-proxy \ - --disable-sspi \ - $(use_enable static-libs static) \ - $(use_enable threads threaded-resolver) \ - $(use_enable threads pthreads) \ - --disable-versioned-symbols \ - --without-amissl \ - --without-bearssl \ - --without-cyassl \ - --without-darwinssl \ - --without-fish-functions-dir \ - $(use_with idn libidn2) \ - $(use_with kerberos gssapi "${EPREFIX}"/usr) \ - $(use_with metalink libmetalink) \ - $(use_with http2 nghttp2) \ - --without-libpsl \ - $(use_with nghttp3) \ - $(use_with nghttp3 ngtcp2) \ - $(use_with quiche) \ - $(use_with rtmp librtmp) \ - $(use_with brotli) \ - --without-schannel \ - --without-secure-transport \ - --without-spnego \ - --without-winidn \ - --without-wolfssl \ - --with-zlib \ - "${myconf[@]}" - - if ! multilib_is_native_abi; then - # avoid building the client - sed -i -e '/SUBDIRS/s:src::' Makefile || die - sed -i -e '/SUBDIRS/s:scripts::' Makefile || die - fi - - # Fix up the pkg-config file to be more robust. - # https://github.com/curl/curl/issues/864 - local priv=() libs=() - # We always enable zlib. - libs+=( "-lz" ) - priv+=( "zlib" ) - if use http2; then - libs+=( "-lnghttp2" ) - priv+=( "libnghttp2" ) - fi - if use quiche; then - libs+=( "-lquiche" ) - priv+=( "quiche" ) - fi - if use nghttp3; then - libs+=( "-lnghttp3" "-lngtcp2" ) - priv+=( "libnghttp3" "-libtcp2" ) - fi - if use ssl && use curl_ssl_openssl; then - libs+=( "-lssl" "-lcrypto" ) - priv+=( "openssl" ) - fi - grep -q Requires.private libcurl.pc && die "need to update ebuild" - libs=$(printf '|%s' "${libs[@]}") - sed -i -r \ - -e "/^Libs.private/s:(${libs#|})( |$)::g" \ - libcurl.pc || die - echo "Requires.private: ${priv[*]}" >> libcurl.pc -} - -multilib_src_install_all() { - einstalldocs - find "${ED}" -type f -name '*.la' -delete - rm -rf "${ED}"/etc/ -} diff --git a/net-misc/curl/files/curl-fix-cpu-load.patch b/net-misc/curl/files/curl-fix-cpu-load.patch deleted file mode 100644 index fb20641b5b22..000000000000 --- a/net-misc/curl/files/curl-fix-cpu-load.patch +++ /dev/null @@ -1,94 +0,0 @@ -Fixes https://bugs.gentoo.org/727352 - -From 2a41e236716da4c41ebc1132bd36d9273bd0321f Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Mon, 8 Jun 2020 14:05:22 +0200 -Subject: [PATCH] socks: detect connection close during handshake - -The SOCKS4/5 state machines weren't properly terminated when the proxy -connection got closed, leading to a busy-loop. - -Reported-By: zloi-user on github -Fixes #5532 -Closes #5542 ---- - lib/socks.c | 32 ++++++++++++++++++++++++++++---- - 1 file changed, 28 insertions(+), 4 deletions(-) - -diff --git a/lib/socks.c b/lib/socks.c -index 4c1af7b9de7..b2215fef30c 100644 ---- a/lib/socks.c -+++ b/lib/socks.c -@@ -382,6 +382,11 @@ CURLcode Curl_SOCKS4(const char *proxy_user, - curl_easy_strerror(result)); - return CURLE_COULDNT_CONNECT; - } -+ else if(!result && !actualread) { -+ /* connection closed */ -+ failf(data, "connection to proxy closed"); -+ return CURLE_COULDNT_CONNECT; -+ } - else if(actualread != sx->outstanding) { - /* remain in reading state */ - sx->outstanding -= actualread; -@@ -592,6 +597,11 @@ CURLcode Curl_SOCKS5(const char *proxy_user, - failf(data, "Unable to receive initial SOCKS5 response."); - return CURLE_COULDNT_CONNECT; - } -+ else if(!result && !actualread) { -+ /* connection closed */ -+ failf(data, "Connection to proxy closed"); -+ return CURLE_COULDNT_CONNECT; -+ } - else if(actualread != sx->outstanding) { - /* remain in reading state */ - sx->outstanding -= actualread; -@@ -717,15 +727,19 @@ CURLcode Curl_SOCKS5(const char *proxy_user, - failf(data, "Unable to receive SOCKS5 sub-negotiation response."); - return CURLE_COULDNT_CONNECT; - } -- if(actualread != sx->outstanding) { -+ else if(!result && !actualread) { -+ /* connection closed */ -+ failf(data, "connection to proxy closed"); -+ return CURLE_COULDNT_CONNECT; -+ } -+ else if(actualread != sx->outstanding) { - /* remain in state */ - sx->outstanding -= actualread; - sx->outp += actualread; - return CURLE_OK; - } -- - /* ignore the first (VER) byte */ -- if(socksreq[1] != 0) { /* status */ -+ else if(socksreq[1] != 0) { /* status */ - failf(data, "User was rejected by the SOCKS5 server (%d %d).", - socksreq[0], socksreq[1]); - return CURLE_COULDNT_CONNECT; -@@ -890,6 +904,11 @@ CURLcode Curl_SOCKS5(const char *proxy_user, - failf(data, "Failed to receive SOCKS5 connect request ack."); - return CURLE_COULDNT_CONNECT; - } -+ else if(!result && !actualread) { -+ /* connection closed */ -+ failf(data, "connection to proxy closed"); -+ return CURLE_COULDNT_CONNECT; -+ } - else if(actualread != sx->outstanding) { - /* remain in state */ - sx->outstanding -= actualread; -@@ -967,7 +986,12 @@ CURLcode Curl_SOCKS5(const char *proxy_user, - failf(data, "Failed to receive SOCKS5 connect request ack."); - return CURLE_COULDNT_CONNECT; - } -- if(actualread != sx->outstanding) { -+ else if(!result && !actualread) { -+ /* connection closed */ -+ failf(data, "connection to proxy closed"); -+ return CURLE_COULDNT_CONNECT; -+ } -+ else if(actualread != sx->outstanding) { - /* remain in state */ - sx->outstanding -= actualread; - sx->outp += actualread; -- cgit v1.2.3-65-gdbad