gentoo auto-resync : 26:04:2024 - 23:59:36

author: V3n3RiX <venerix@koprulu.sector> 2024-04-26 23:59:37 +0100
committer: V3n3RiX <venerix@koprulu.sector> 2024-04-26 23:59:37 +0100
commit: 3e42d1577189af123b773dc0f11e5419035308c8 (patch)
tree: 95d77507c924544b12363e6da6aa741c444f3e8a /net-misc
parent: 6243676c91946098c06d42bc87b5eb99aac40bf0 (diff)
6 files changed, 724 insertions, 3 deletions
diff --git a/net-misc/Manifest.gz b/net-misc/Manifest.gz
index d28c485b6311..b1f349110acd 100644
--- a/net-misc/Manifest.gz
+++ b/net-misc/Manifest.gz
diff --git a/net-misc/curl/Manifest b/net-misc/curl/Manifest
index 2632014fb8d3..9f6608a3637a 100644
--- a/net-misc/curl/Manifest
+++ b/net-misc/curl/Manifest
@@ -4,6 +4,7 @@ AUX curl-8.6.0-rustls-fixes.patch 8210 BLAKE2B 8c25023f84ba897eca22d53937259131d
 AUX curl-8.6.0-vtls-revert-receive-max-buffer-add-test-case.patch 2028 BLAKE2B b018e0fc5649b558e732a903eafe1249575829613b129ceaaaeeae3c7fc9f5c237c3688067c2370dc3ad1d67632acdfb805efa93db4e8bd8d6dd8b2f5043e2b5 SHA512 d8d4eb0b294d243f5c241e0243ca41e28b12aa8804a4f8c73e2ab70edd52de9be2b7a26b706085e10ae4a9c31545112cd4b68dcda6647571bb8d5528b7625de6
 AUX curl-8.7.1-chunked-post.patch 2389 BLAKE2B d283816be5dca19ab0058db1937d686b4f9056caf3c46a8dcd731bc69ae91df1b01d10f643ce127eeec7aac0e9282f8b5c5109fe1cea82b30d2cf3270e93ae24 SHA512 3b1a67010704f4863f973e79d6a695e6e13b938fbaa695a05bc92b1a577fa5852c310b38f9c88518275f82c7d088474f5e4c585ac5ff790043e6ca969b0dc1d9
 AUX curl-8.7.1-fix-compress-option.patch 6222 BLAKE2B 7ff5c096fa6cc5cc039f47188a85c49364cdfe6cfeae3a9c58b38939eb59896bcf204c682f36e89ace37a0753236593307e1af45bc2d0f099ff685af8e366713 SHA512 1622adf015a016a205d4bf621715ed06fd345cd45f032ad44b6d9324d398c0e2004f04fe734401b12007c3eb145dac84aa3ce90bdaa9b16e09b5908da75f902f
+AUX curl-8.7.1-http2-git-clone.patch 14120 BLAKE2B 5bc2c0765ebd400f2e79d0552621c98640c757f189ae0fa029d8fb6d9fa74ac0e4fd93948fed6bc7f93b329e30948a585be1f20dde18423acf162cd36b4fb166 SHA512 278720daae7d4d3288502e0dd2b591ada66a559040eb341b0cf5673094e9d214eb166772279378487da96f43912313e04d3b174fdcb2b2cbfa766f241df62f34
 AUX curl-8.7.1-rustls-fixes.patch 1526 BLAKE2B c1ce730bc1d78d9655378a174b32706bc964e07b1b4fde5385212542bf0c85b2adfa8110266410b6d8766bb2ca5c46a58295d7098ab4acb71acb0a5dbd6d5d20 SHA512 7ca3004306595ead6057bbbfa6dcbb5d7b8b7782a7627e5607a916fff8626b4c3bfb2cbac48aa0e65a93b3c4fb0f87a7ee09273f1f9b1eadb9126fbcc4a72ce2
 AUX curl-prefix.patch 880 BLAKE2B 5b7552a8339014221864a585d174b02a96ec7dd7fe8762d331d1981834044f8ec4db64d527a4ded3f5f4cccc86f281576668de092439eb19f5477d5fcf8369cf SHA512 c7cd13b9ccbd12ed01ea121ffece9c23b898a5b34698bae59ae1dd23b1cf2445180b84d80c4a640981f16dba5018df944f405dd5c660addab54ca21e0e673b7f
 AUX curl-respect-cflags-3.patch 406 BLAKE2B 1b533144858aff5566150c4a2648ad2e48e8ff29849ae285592edfee4b3332d06e750395dea7190ee6a01d2b5ee2c2c42c10400c2e5defa09963a90a1a10417d SHA512 3219e4e67d534e35012909243fc8d69d58989462db44dd507c502e7aaa299f1d9a01392e2c83797cc2bdb53d503470c5d6e7bf94572a6ccc6e5eafcc0466bc54
@@ -16,6 +17,7 @@ DIST curl-8.7.1.tar.xz.asc 488 BLAKE2B 1c91d116aecc8e98d8ec3aad68b7c96f11151e6c2
 EBUILD curl-8.5.0-r3.ebuild 11079 BLAKE2B 6d975ad2d3591ea6de6a248ddd1acb049f0cd5d0a371eb487c6a4d193084a5e684673bd55860ac838a48a4c66d11f778b37a253bd325abba5ab545a65bd1bfb5 SHA512 33b5a05de99819327fac0af5ec94790be3953086b2996cb6628cbfb6be959f64a6b5a8d2015371eacd6945be768e3fe1bae67773b512599d127c298c66858c91
 EBUILD curl-8.6.0-r2.ebuild 10882 BLAKE2B 1d706f59390420fae5c19b6615aa6cf07387e0d53ef90d5dcabc9aa75c1435eb89f587f9dda1c9a179b5c71a86897a80008a847145bce2216bcb6a22e1345ad2 SHA512 5f48ab69e84695c8b25675ba5bf32072a74f12e488d30dce653447a65d21f1be0f2a2a34f77608939ed0bd2763e3a86c1ab8b57312f691815b6ce93bf424383d
 EBUILD curl-8.7.1-r1.ebuild 10869 BLAKE2B 405e8cc4d0c6ec696d7b6fa97330d3ff6cfb6420cc7239cd56df3416066f6309093f6eba23a3cca964b6ca98850b7e9de785c81a2a42a4fafc31e70a1258dfe1 SHA512 c1914cae9f108a386c39bd1def774e77acfeb617da093fd2ad48c1e47cdd75b53cf5dd20bfdd4f4201518b76f76798013d99e3e27c337d7e2f91d619018a1335
-EBUILD curl-8.7.1-r3.ebuild 10955 BLAKE2B b826006125caf7b41e0051eab00d56741adbcd9dc6159a218e61b0abaf197d4d612de4b57e9a012310f55b5e7f4d54f7394b64098c330ac002795156bf0f05e1 SHA512 07f7ac96841a721da67020573544a06759b4c557c216a140115a4f02a275e8d0d211d80ee1b5479eeecfffcc5caeb0e203e65a2195749d262d16dacfe9c0b712
-EBUILD curl-9999.ebuild 10771 BLAKE2B 48c610c3ea379320360d48a6473b9db17f7d8ffb895fde8e602e14822f5d8d56d2a9fc499f1302a4bb941581a9b8e082b1aa799222c8aa9c9faf546776ba671a SHA512 9afd073cdbb994726349e8ffd33ab994e64b0fc1f19574343bb0f22953dbb16471b332271478bf0d016c709f82acdf633075c9b55daf286dea9ffa5a927bb6de
+EBUILD curl-8.7.1-r3.ebuild 10954 BLAKE2B 80d0149578ff9c98088c7bc807c490fcafa214036ee98c17d45a76ba8e86dfe00a180c91c3dccb4d5492c45f03737b3021e5481dbfa10683fc643dd5787dc2b7 SHA512 f295ea7679239236db7fcadc71da0a95920bd168a4cc8b117d09fdf5d6df80e0c3f9552c6f40ee2f6ed301a9e02d7f1eb1287f9b0ed5865722e659da3a9c18d6
+EBUILD curl-8.7.1-r4.ebuild 11178 BLAKE2B f0217ed0532b6fca7c0fb3a8dacd6d5fe480f48e6b6ac2dd48d57ba56b84cc5e46cb580bca4f25eeff8c2fd606a19c3def2163fbd53a3a41fb184286cd625913 SHA512 99f842289d178f9daed2d509702655c469c337525344ad13e91318434041415e76c21d2505352f3f9975313df06c1050bfd4c6901aff7a3adc45a0e98b73a6f0
+EBUILD curl-9999.ebuild 10953 BLAKE2B d0c7d0551a1a6ee1f634e821151bc68f017f8e5da22a2f13c4d277c0f7a209876a366ea59629ee7fa3de6f7266d204fa78f99836b3d5be17ce8848e5551e3298 SHA512 486aa5f62626147bff91a511262b57859e65e50de04f51ab3daa06b4bcb560018e7a1a31fab506cdd2b280f241587e33ca59a5156dca7a484c585f6a0848e35b
 MISC metadata.xml 2090 BLAKE2B 54d366aadfc25650c40081ff10eb150bcb9811a29f802c418afce166c384e2bafc999ff7e69ceeb25a96e952d4875d808e8e89240b437741cd363fab46267a25 SHA512 2103a849b67f9a14a85eb769b870e7272bf8f9c78ca579b4271150be01f26787a884614bff874d50f90be99af4a6ecb136510fca2837463e0bc91611ddbeae40
diff --git a/net-misc/curl/curl-8.7.1-r3.ebuild b/net-misc/curl/curl-8.7.1-r3.ebuild
index f32362f42468..9b0fa3517f54 100644
--- a/net-misc/curl/curl-8.7.1-r3.ebuild
+++ b/net-misc/curl/curl-8.7.1-r3.ebuild
@@ -17,7 +17,7 @@ else
 		https://curl.se/download/${P}.tar.xz
 		verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )
 	"
-	KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 fi
 
 LICENSE="BSD curl ISC test? ( BSD-4 )"
diff --git a/net-misc/curl/curl-8.7.1-r4.ebuild b/net-misc/curl/curl-8.7.1-r4.ebuild
new file mode 100644
index 000000000000..aefd425553b9
--- /dev/null
+++ b/net-misc/curl/curl-8.7.1-r4.ebuild
@@ -0,0 +1,373 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Maintainers should subscribe to the 'curl-distros' ML for backports etc
+# https://daniel.haxx.se/blog/2024/03/25/curl-distro-report/
+# https://lists.haxx.se/listinfo/curl-distros
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/danielstenberg.asc
+inherit autotools multilib-minimal multiprocessing prefix toolchain-funcs verify-sig
+
+DESCRIPTION="A Client that groks URLs"
+HOMEPAGE="https://curl.se/"
+
+if [[ ${PV} == 9999 ]]; then
+	inherit git-r3
+	EGIT_REPO_URI="https://github.com/curl/curl.git"
+else
+	SRC_URI="
+		https://curl.se/download/${P}.tar.xz
+		verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )
+	"
+	KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+fi
+
+LICENSE="BSD curl ISC test? ( BSD-4 )"
+SLOT="0"
+IUSE="+adns +alt-svc brotli +ftp gnutls gopher +hsts +http2 idn +imap kerberos ldap mbedtls nghttp3 +openssl +pop3"
+IUSE+=" +psl +progress-meter rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd"
+# These select the default SSL implementation
+IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls"
+RESTRICT="!test? ( test )"
+
+# Only one default ssl provider can be enabled
+# The default ssl provider needs its USE satisfied
+# nghttp3 = https://bugs.gentoo.org/912029
+REQUIRED_USE="
+	ssl? (
+		^^ (
+			curl_ssl_gnutls
+			curl_ssl_mbedtls
+			curl_ssl_openssl
+			curl_ssl_rustls
+		)
+	)
+	curl_ssl_gnutls? ( gnutls )
+	curl_ssl_mbedtls? ( mbedtls )
+	curl_ssl_openssl? ( openssl )
+	curl_ssl_rustls? ( rustls )
+	nghttp3? (
+		!openssl
+		alt-svc )
+"
+
+# cURL's docs and CI/CD are great resources for confirming supported versions
+# particulary for fast-moving targets like HTTP/2 and TCP/2 e.g.:
+# - https://github.com/curl/curl/blob/master/docs/INTERNALS.md (core dependencies + minimum versions)
+# - https://github.com/curl/curl/blob/master/docs/HTTP3.md (example of a feature that moves quickly)
+# - https://github.com/curl/curl/blob/master/.github/workflows/quiche-linux.yml (CI/CD for TCP/2)
+# However 'supported' vs 'works' are two entirely different things; be sane but
+# don't be afraid to require a later version.
+
+RDEPEND="
+	>=sys-libs/zlib-1.1.4[${MULTILIB_USEDEP}]
+	adns? ( net-dns/c-ares:=[${MULTILIB_USEDEP}] )
+	brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
+	http2? ( >=net-libs/nghttp2-1.12.0:=[${MULTILIB_USEDEP}] )
+	idn? ( net-dns/libidn2:=[static-libs?,${MULTILIB_USEDEP}] )
+	kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
+	ldap? ( >=net-nds/openldap-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
+	nghttp3? (
+		>=net-libs/nghttp3-0.15.0[${MULTILIB_USEDEP}]
+		>=net-libs/ngtcp2-0.19.1[gnutls,ssl,-openssl,${MULTILIB_USEDEP}]
+	)
+	psl? ( net-libs/libpsl[${MULTILIB_USEDEP}] )
+	rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
+	ssh? ( >=net-libs/libssh2-1.0.0[${MULTILIB_USEDEP}] )
+	ssl? (
+		gnutls? (
+			app-misc/ca-certificates
+			>=net-libs/gnutls-3.1.10:=[static-libs?,${MULTILIB_USEDEP}]
+			dev-libs/nettle:=[${MULTILIB_USEDEP}]
+		)
+		mbedtls? (
+			app-misc/ca-certificates
+			net-libs/mbedtls:=[${MULTILIB_USEDEP}]
+		)
+		openssl? (
+			>=dev-libs/openssl-0.9.7:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
+		)
+		rustls? ( >=net-libs/rustls-ffi-0.12.1:=[${MULTILIB_USEDEP}]
+			<net-libs/rustls-ffi-0.13.0:=[${MULTILIB_USEDEP}]
+		)
+	)
+	zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )
+"
+
+DEPEND="${RDEPEND}"
+
+BDEPEND="
+	dev-lang/perl
+	virtual/pkgconfig
+	test? (
+		sys-apps/diffutils
+		http2? ( >=net-libs/nghttp2-1.15.0:=[utils,${MULTILIB_USEDEP}] )
+		nghttp3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] )
+	)
+	verify-sig? ( sec-keys/openpgp-keys-danielstenberg )
+"
+
+DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
+
+MULTILIB_WRAPPED_HEADERS=(
+	/usr/include/curl/curlbuild.h
+)
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/curl-config
+)
+
+QA_CONFIG_IMPL_DECL_SKIP=(
+	__builtin_available
+	closesocket
+	CloseSocket
+	getpass_r
+	ioctlsocket
+	IoctlSocket
+	mach_absolute_time
+	setmode
+	_fseeki64
+)
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-prefix.patch
+	"${FILESDIR}"/${PN}-respect-cflags-3.patch
+	"${FILESDIR}"/${PN}-8.7.1-rustls-fixes.patch
+	"${FILESDIR}"/${P}-chunked-post.patch
+	"${FILESDIR}"/${P}-fix-compress-option.patch
+	"${FILESDIR}"/${P}-http2-git-clone.patch
+)
+
+src_prepare() {
+	default
+
+	eprefixify curl-config.in
+	eautoreconf
+}
+
+multilib_src_configure() {
+	# We make use of the fact that later flags override earlier ones
+	# So start with all ssl providers off until proven otherwise
+	# TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
+	local myconf=()
+
+	myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt  )
+	if use ssl; then
+		myconf+=( --without-gnutls --without-mbedtls --without-rustls )
+
+		if use gnutls; then
+			multilib_is_native_abi && einfo "SSL provided by gnutls"
+			myconf+=( --with-gnutls )
+		fi
+		if use mbedtls; then
+			multilib_is_native_abi && einfo "SSL provided by mbedtls"
+			myconf+=( --with-mbedtls )
+		fi
+		if use openssl; then
+			multilib_is_native_abi && einfo "SSL provided by openssl"
+			myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
+		fi
+		if use rustls; then
+			multilib_is_native_abi && einfo "SSL provided by rustls"
+			myconf+=( --with-rustls )
+		fi
+		if use curl_ssl_gnutls; then
+			multilib_is_native_abi && einfo "Default SSL provided by gnutls"
+			myconf+=( --with-default-ssl-backend=gnutls )
+		elif use curl_ssl_mbedtls; then
+			multilib_is_native_abi && einfo "Default SSL provided by mbedtls"
+			myconf+=( --with-default-ssl-backend=mbedtls )
+		elif use curl_ssl_openssl; then
+			multilib_is_native_abi && einfo "Default SSL provided by openssl"
+			myconf+=( --with-default-ssl-backend=openssl )
+		elif use curl_ssl_rustls; then
+			multilib_is_native_abi && einfo "Default SSL provided by rustls"
+			myconf+=( --with-default-ssl-backend=rustls )
+		else
+			eerror "We can't be here because of REQUIRED_USE."
+			die "Please file a bug, hit impossible condition w/ USE=ssl handling."
+		fi
+
+	else
+		myconf+=( --without-ssl )
+		einfo "SSL disabled"
+	fi
+
+	# These configuration options are organized alphabetically
+	# within each category.  This should make it easier if we
+	# ever decide to make any of them contingent on USE flags:
+	# 1) protocols first.  To see them all do
+	# 'grep SUPPORT_PROTOCOLS configure.ac'
+	# 2) --enable/disable options second.
+	# 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
+	# 3) --with/without options third.
+	# grep -- --with configure | grep Check | awk '{ print $4 }' | sort
+
+	myconf+=(
+		$(use_enable alt-svc)
+		--enable-basic-auth
+		--enable-bearer-auth
+		--enable-digest-auth
+		--enable-kerberos-auth
+		--enable-negotiate-auth
+		--enable-aws
+		--enable-dict
+		--disable-ech
+		--enable-file
+		$(use_enable ftp)
+		$(use_enable gopher)
+		$(use_enable hsts)
+		--enable-http
+		$(use_enable imap)
+		$(use_enable ldap)
+		$(use_enable ldap ldaps)
+		--enable-ntlm
+		--disable-ntlm-wb
+		$(use_enable pop3)
+		--enable-rt
+		--enable-rtsp
+		$(use_enable samba smb)
+		$(use_with ssh libssh2)
+		$(use_enable smtp)
+		$(use_enable telnet)
+		$(use_enable tftp)
+		--enable-tls-srp
+		$(use_enable adns ares)
+		--enable-cookies
+		--enable-dateparse
+		--enable-dnsshuffle
+		--enable-doh
+		--enable-symbol-hiding
+		--enable-http-auth
+		--enable-ipv6
+		--enable-largefile
+		--enable-manual
+		--enable-mime
+		--enable-netrc
+		$(use_enable progress-meter)
+		--enable-proxy
+		--enable-socketpair
+		--disable-sspi
+		$(use_enable static-libs static)
+		--enable-pthreads
+		--enable-threaded-resolver
+		--disable-versioned-symbols
+		--without-amissl
+		--without-bearssl
+		$(use_with brotli)
+		--with-fish-functions-dir="${EPREFIX}"/usr/share/fish/vendor_completions.d
+		$(use_with http2 nghttp2)
+		--without-hyper
+		$(use_with idn libidn2)
+		$(use_with kerberos gssapi "${EPREFIX}"/usr)
+		--without-libgsasl
+		$(use_with psl libpsl)
+		--without-msh3
+		$(use_with nghttp3)
+		$(use_with nghttp3 ngtcp2)
+		--without-quiche
+		$(use_with rtmp librtmp)
+		--without-schannel
+		--without-secure-transport
+		--without-test-caddy
+		--without-test-httpd
+		--without-test-nghttpx
+		$(use_enable websockets)
+		--without-winidn
+		--without-wolfssl
+		--with-zlib
+		$(use_with zstd)
+		--with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions
+	)
+
+	if use test && multilib_is_native_abi && ( use http2 || use nghttp3 ); then
+		myconf+=(
+			--with-test-nghttpx="${BROOT}/usr/bin/nghttpx"
+		)
+	fi
+
+	if [[ ${CHOST} == *mingw* ]] ; then
+		myconf+=(
+			--disable-pthreads
+		)
+	fi
+
+	ECONF_SOURCE="${S}" econf "${myconf[@]}"
+
+	if ! multilib_is_native_abi; then
+		# Avoid building the client (we just want libcurl for multilib)
+		sed -i -e '/SUBDIRS/s:src::' Makefile || die
+		sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
+	fi
+
+	# Fix up the pkg-config file to be more robust.
+	# https://github.com/curl/curl/issues/864
+	local priv=() libs=()
+	# We always enable zlib.
+	libs+=( "-lz" )
+	priv+=( "zlib" )
+	if use http2; then
+		libs+=( "-lnghttp2" )
+		priv+=( "libnghttp2" )
+	fi
+	if use nghttp3; then
+		libs+=( "-lnghttp3" "-lngtcp2" )
+		priv+=( "libnghttp3" "libngtcp2" )
+	fi
+	if use ssl && use curl_ssl_openssl; then
+		libs+=( "-lssl" "-lcrypto" )
+		priv+=( "openssl" )
+	fi
+	grep -q Requires.private libcurl.pc && die "need to update ebuild"
+	libs=$(printf '|%s' "${libs[@]}")
+	sed -i -r \
+		-e "/^Libs.private/s:(${libs#|})( |$)::g" \
+		libcurl.pc || die
+	echo "Requires.private: ${priv[*]}" >> libcurl.pc || die
+}
+
+multilib_src_compile() {
+	default
+
+	if multilib_is_native_abi; then
+		# Shell completions
+		! tc-is-cross-compiler && emake -C scripts
+	fi
+}
+
+# There is also a pytest harness that tests for bugs in some very specific
+# situations; we can rely on upstream for this rather than adding additional test deps.
+multilib_src_test() {
+	# See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
+	# -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
+	# -v: verbose
+	# -a: keep going on failure (so we see everything which breaks, not just 1st test)
+	# -k: keep test files after completion
+	# -am: automake style TAP output
+	# -p: print logs if test fails
+	# Note: if needed, we can skip specific tests. See e.g. Fedora's packaging
+	# or just read https://github.com/curl/curl/tree/master/tests#run.
+	# Note: we don't run the testsuite for cross-compilation.
+	# Upstream recommend 7*nproc as a starting point for parallel tests, but
+	# this ends up breaking when nproc is huge (like -j80).
+	# The network sandbox causes tests 241 and 1083 to fail; these are typically skipped
+	# as most gentoo users don't have an 'ip6-localhost'
+	multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p -j$((2*$(makeopts_jobs))) !241 !1083"
+}
+
+multilib_src_install() {
+	emake DESTDIR="${D}" install
+
+	if multilib_is_native_abi; then
+		# Shell completions
+		! tc-is-cross-compiler && emake -C scripts DESTDIR="${D}" install
+	fi
+}
+
+multilib_src_install_all() {
+	einstalldocs
+	find "${ED}" -type f -name '*.la' -delete || die
+	rm -rf "${ED}"/etc/ || die
+}
diff --git a/net-misc/curl/curl-9999.ebuild b/net-misc/curl/curl-9999.ebuild
index df12594ad066..684c38ec8a8e 100644
--- a/net-misc/curl/curl-9999.ebuild
+++ b/net-misc/curl/curl-9999.ebuild
@@ -3,6 +3,10 @@
 
 EAPI=8
 
+# Maintainers should subscribe to the 'curl-distros' ML for backports etc
+# https://daniel.haxx.se/blog/2024/03/25/curl-distro-report/
+# https://lists.haxx.se/listinfo/curl-distros
+
 VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/danielstenberg.asc
 inherit autotools multilib-minimal multiprocessing prefix toolchain-funcs verify-sig
 
diff --git a/net-misc/curl/files/curl-8.7.1-http2-git-clone.patch b/net-misc/curl/files/curl-8.7.1-http2-git-clone.patch
new file mode 100644
index 000000000000..b07a3b0a8817
--- /dev/null
+++ b/net-misc/curl/files/curl-8.7.1-http2-git-clone.patch
@@ -0,0 +1,342 @@
+https://bugs.gentoo.org/930633
+https://github.com/curl/curl/issues/13474
+--- a/lib/http2.c
++++ b/lib/http2.c
+@@ -187,6 +187,7 @@ struct h2_stream_ctx {
+ 
+   int status_code; /* HTTP response status code */
+   uint32_t error; /* stream error code */
++  CURLcode xfer_result; /* Result of writing out response */
+   uint32_t local_window_size; /* the local recv window size */
+   int32_t id; /* HTTP/2 protocol identifier for stream */
+   BIT(resp_hds_complete); /* we have a complete, final response */
+@@ -945,12 +946,39 @@ fail:
+   return rv;
+ }
+ 
+-static CURLcode recvbuf_write_hds(struct Curl_cfilter *cf,
++static void h2_xfer_write_resp_hd(struct Curl_cfilter *cf,
+                                   struct Curl_easy *data,
+-                                  const char *buf, size_t blen)
++                                  struct h2_stream_ctx *stream,
++                                  const char *buf, size_t blen, bool eos)
+ {
+-  (void)cf;
+-  return Curl_xfer_write_resp(data, (char *)buf, blen, FALSE);
++
++  /* If we already encountered an error, skip further writes */
++  if(!stream->xfer_result) {
++    stream->xfer_result = Curl_xfer_write_resp(data, (char *)buf, blen, eos);
++    if(stream->xfer_result)
++      CURL_TRC_CF(data, cf, "[%d] error %d writing %zu bytes of headers",
++                  stream->id, stream->xfer_result, blen);
++  }
++}
++
++static void h2_xfer_write_resp(struct Curl_cfilter *cf,
++                               struct Curl_easy *data,
++                               struct h2_stream_ctx *stream,
++                               const char *buf, size_t blen, bool eos)
++{
++
++  /* If we already encountered an error, skip further writes */
++  if(!stream->xfer_result)
++    stream->xfer_result = Curl_xfer_write_resp(data, (char *)buf, blen, eos);
++  /* If the transfer write is errored, we do not want any more data */
++  if(stream->xfer_result) {
++    struct cf_h2_ctx *ctx = cf->ctx;
++    CURL_TRC_CF(data, cf, "[%d] error %d writing %zu bytes of data, "
++                "RST-ing stream",
++                stream->id, stream->xfer_result, blen);
++    nghttp2_submit_rst_stream(ctx->h2, 0, stream->id,
++                              NGHTTP2_ERR_CALLBACK_FAILURE);
++  }
+ }
+ 
+ static CURLcode on_stream_frame(struct Curl_cfilter *cf,
+@@ -960,7 +988,6 @@ static CURLcode on_stream_frame(struct Curl_cfilter *cf,
+   struct cf_h2_ctx *ctx = cf->ctx;
+   struct h2_stream_ctx *stream = H2_STREAM_CTX(data);
+   int32_t stream_id = frame->hd.stream_id;
+-  CURLcode result;
+   int rv;
+ 
+   if(!stream) {
+@@ -1008,9 +1035,7 @@ static CURLcode on_stream_frame(struct Curl_cfilter *cf,
+       stream->status_code = -1;
+     }
+ 
+-    result = recvbuf_write_hds(cf, data, STRCONST("\r\n"));
+-    if(result)
+-      return result;
++    h2_xfer_write_resp_hd(cf, data, stream, STRCONST("\r\n"), stream->closed);
+ 
+     if(stream->status_code / 100 != 1) {
+       stream->resp_hds_complete = TRUE;
+@@ -1229,7 +1254,6 @@ static int on_data_chunk_recv(nghttp2_session *session, uint8_t flags,
+   struct cf_h2_ctx *ctx = cf->ctx;
+   struct h2_stream_ctx *stream;
+   struct Curl_easy *data_s;
+-  CURLcode result;
+   (void)flags;
+ 
+   DEBUGASSERT(stream_id); /* should never be a zero stream ID here */
+@@ -1252,9 +1276,7 @@ static int on_data_chunk_recv(nghttp2_session *session, uint8_t flags,
+   if(!stream)
+     return NGHTTP2_ERR_CALLBACK_FAILURE;
+ 
+-  result = Curl_xfer_write_resp(data_s, (char *)mem, len, FALSE);
+-  if(result && result != CURLE_AGAIN)
+-    return NGHTTP2_ERR_CALLBACK_FAILURE;
++  h2_xfer_write_resp(cf, data_s, stream, (char *)mem, len, FALSE);
+ 
+   nghttp2_session_consume(ctx->h2, stream_id, len);
+   stream->nrcvd_data += (curl_off_t)len;
+@@ -1465,16 +1487,12 @@ static int on_header(nghttp2_session *session, const nghttp2_frame *frame,
+     result = Curl_headers_push(data_s, buffer, CURLH_PSEUDO);
+     if(result)
+       return NGHTTP2_ERR_CALLBACK_FAILURE;
+-    result = recvbuf_write_hds(cf, data_s, STRCONST("HTTP/2 "));
+-    if(result)
+-      return NGHTTP2_ERR_CALLBACK_FAILURE;
+-    result = recvbuf_write_hds(cf, data_s, (const char *)value, valuelen);
+-    if(result)
+-      return NGHTTP2_ERR_CALLBACK_FAILURE;
++    h2_xfer_write_resp_hd(cf, data_s, stream, STRCONST("HTTP/2 "), FALSE);
++    h2_xfer_write_resp_hd(cf, data_s, stream,
++                          (const char *)value, valuelen, FALSE);
+     /* the space character after the status code is mandatory */
+-    result = recvbuf_write_hds(cf, data_s, STRCONST(" \r\n"));
+-    if(result)
+-      return NGHTTP2_ERR_CALLBACK_FAILURE;
++    h2_xfer_write_resp_hd(cf, data_s, stream, STRCONST(" \r\n"), FALSE);
++
+     /* if we receive data for another handle, wake that up */
+     if(CF_DATA_CURRENT(cf) != data_s)
+       Curl_expire(data_s, 0, EXPIRE_RUN_NOW);
+@@ -1487,18 +1505,13 @@ static int on_header(nghttp2_session *session, const nghttp2_frame *frame,
+   /* nghttp2 guarantees that namelen > 0, and :status was already
+      received, and this is not pseudo-header field . */
+   /* convert to an HTTP1-style header */
+-  result = recvbuf_write_hds(cf, data_s, (const char *)name, namelen);
+-  if(result)
+-    return NGHTTP2_ERR_CALLBACK_FAILURE;
+-  result = recvbuf_write_hds(cf, data_s, STRCONST(": "));
+-  if(result)
+-    return NGHTTP2_ERR_CALLBACK_FAILURE;
+-  result = recvbuf_write_hds(cf, data_s, (const char *)value, valuelen);
+-  if(result)
+-    return NGHTTP2_ERR_CALLBACK_FAILURE;
+-  result = recvbuf_write_hds(cf, data_s, STRCONST("\r\n"));
+-  if(result)
+-    return NGHTTP2_ERR_CALLBACK_FAILURE;
++  h2_xfer_write_resp_hd(cf, data_s, stream,
++                        (const char *)name, namelen, FALSE);
++  h2_xfer_write_resp_hd(cf, data_s, stream, STRCONST(": "), FALSE);
++  h2_xfer_write_resp_hd(cf, data_s, stream,
++                        (const char *)value, valuelen, FALSE);
++  h2_xfer_write_resp_hd(cf, data_s, stream, STRCONST("\r\n"), FALSE);
++
+   /* if we receive data for another handle, wake that up */
+   if(CF_DATA_CURRENT(cf) != data_s)
+     Curl_expire(data_s, 0, EXPIRE_RUN_NOW);
+@@ -1799,7 +1812,12 @@ static ssize_t stream_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
+ 
+   (void)buf;
+   *err = CURLE_AGAIN;
+-  if(stream->closed) {
++  if(stream->xfer_result) {
++    CURL_TRC_CF(data, cf, "[%d] xfer write failed", stream->id);
++    *err = stream->xfer_result;
++    nread = -1;
++  }
++  else if(stream->closed) {
+     CURL_TRC_CF(data, cf, "[%d] returning CLOSE", stream->id);
+     nread = http2_handle_stream_close(cf, data, stream, err);
+   }
+--- a/lib/vquic/curl_ngtcp2.c
++++ b/lib/vquic/curl_ngtcp2.c
+@@ -152,6 +152,7 @@ struct h3_stream_ctx {
+   uint64_t error3; /* HTTP/3 stream error code */
+   curl_off_t upload_left; /* number of request bytes left to upload */
+   int status_code; /* HTTP status code */
++  CURLcode xfer_result; /* result from xfer_resp_write(_hd) */
+   bool resp_hds_complete; /* we have a complete, final response */
+   bool closed; /* TRUE on stream close */
+   bool reset;  /* TRUE on stream reset */
+@@ -759,10 +760,39 @@ static int cb_h3_stream_close(nghttp3_conn *conn, int64_t stream_id,
+   return 0;
+ }
+ 
+-static CURLcode write_resp_hds(struct Curl_easy *data,
+-                               const char *buf, size_t blen)
++static void h3_xfer_write_resp_hd(struct Curl_cfilter *cf,
++                                  struct Curl_easy *data,
++                                  struct h3_stream_ctx *stream,
++                                  const char *buf, size_t blen, bool eos)
+ {
+-  return Curl_xfer_write_resp(data, (char *)buf, blen, FALSE);
++
++  /* If we already encountered an error, skip further writes */
++  if(!stream->xfer_result) {
++    stream->xfer_result = Curl_xfer_write_resp(data, (char *)buf, blen, eos);
++    if(stream->xfer_result)
++      CURL_TRC_CF(data, cf, "[%"PRId64"] error %d writing %zu "
++                  "bytes of headers", stream->id, stream->xfer_result, blen);
++  }
++}
++
++static void h3_xfer_write_resp(struct Curl_cfilter *cf,
++                               struct Curl_easy *data,
++                               struct h3_stream_ctx *stream,
++                               const char *buf, size_t blen, bool eos)
++{
++
++  /* If we already encountered an error, skip further writes */
++  if(!stream->xfer_result)
++    stream->xfer_result = Curl_xfer_write_resp(data, (char *)buf, blen, eos);
++  /* If the transfer write is errored, we do not want any more data */
++  if(stream->xfer_result) {
++    struct cf_ngtcp2_ctx *ctx = cf->ctx;
++    CURL_TRC_CF(data, cf, "[%"PRId64"] error %d writing %zu bytes "
++                "of data, cancelling stream",
++                stream->id, stream->xfer_result, blen);
++    nghttp3_conn_close_stream(ctx->h3conn, stream->id,
++                              NGHTTP3_H3_REQUEST_CANCELLED);
++  }
+ }
+ 
+ static int cb_h3_recv_data(nghttp3_conn *conn, int64_t stream3_id,
+@@ -773,7 +803,6 @@ static int cb_h3_recv_data(nghttp3_conn *conn, int64_t stream3_id,
+   struct cf_ngtcp2_ctx *ctx = cf->ctx;
+   struct Curl_easy *data = stream_user_data;
+   struct h3_stream_ctx *stream = H3_STREAM_CTX(data);
+-  CURLcode result;
+ 
+   (void)conn;
+   (void)stream3_id;
+@@ -781,12 +810,7 @@ static int cb_h3_recv_data(nghttp3_conn *conn, int64_t stream3_id,
+   if(!stream)
+     return NGHTTP3_ERR_CALLBACK_FAILURE;
+ 
+-  result = Curl_xfer_write_resp(data, (char *)buf, blen, FALSE);
+-  if(result) {
+-    CURL_TRC_CF(data, cf, "[%" PRId64 "] DATA len=%zu, ERROR receiving %d",
+-                stream->id, blen, result);
+-    return NGHTTP3_ERR_CALLBACK_FAILURE;
+-  }
++  h3_xfer_write_resp(cf, data, stream, (char *)buf, blen, FALSE);
+   if(blen) {
+     CURL_TRC_CF(data, cf, "[%" PRId64 "] ACK %zu bytes of DATA",
+                 stream->id, blen);
+@@ -819,7 +843,6 @@ static int cb_h3_end_headers(nghttp3_conn *conn, int64_t stream_id,
+   struct Curl_cfilter *cf = user_data;
+   struct Curl_easy *data = stream_user_data;
+   struct h3_stream_ctx *stream = H3_STREAM_CTX(data);
+-  CURLcode result = CURLE_OK;
+   (void)conn;
+   (void)stream_id;
+   (void)fin;
+@@ -828,10 +851,7 @@ static int cb_h3_end_headers(nghttp3_conn *conn, int64_t stream_id,
+   if(!stream)
+     return 0;
+   /* add a CRLF only if we've received some headers */
+-  result = write_resp_hds(data, "\r\n", 2);
+-  if(result) {
+-    return -1;
+-  }
++  h3_xfer_write_resp_hd(cf, data, stream, STRCONST("\r\n"), stream->closed);
+ 
+   CURL_TRC_CF(data, cf, "[%" PRId64 "] end_headers, status=%d",
+               stream_id, stream->status_code);
+@@ -874,7 +894,7 @@ static int cb_h3_recv_header(nghttp3_conn *conn, int64_t stream_id,
+     ncopy = msnprintf(line, sizeof(line), "HTTP/3 %03d \r\n",
+                       stream->status_code);
+     CURL_TRC_CF(data, cf, "[%" PRId64 "] status: %s", stream_id, line);
+-    result = write_resp_hds(data, line, ncopy);
++    h3_xfer_write_resp_hd(cf, data, stream, line, ncopy, FALSE);
+     if(result) {
+       return -1;
+     }
+@@ -884,22 +904,12 @@ static int cb_h3_recv_header(nghttp3_conn *conn, int64_t stream_id,
+     CURL_TRC_CF(data, cf, "[%" PRId64 "] header: %.*s: %.*s",
+                 stream_id, (int)h3name.len, h3name.base,
+                 (int)h3val.len, h3val.base);
+-    result = write_resp_hds(data, (const char *)h3name.base, h3name.len);
+-    if(result) {
+-      return -1;
+-    }
+-    result = write_resp_hds(data, ": ", 2);
+-    if(result) {
+-      return -1;
+-    }
+-    result = write_resp_hds(data, (const char *)h3val.base, h3val.len);
+-    if(result) {
+-      return -1;
+-    }
+-    result = write_resp_hds(data, "\r\n", 2);
+-    if(result) {
+-      return -1;
+-    }
++    h3_xfer_write_resp_hd(cf, data, stream,
++                          (const char *)h3name.base, h3name.len, FALSE);
++    h3_xfer_write_resp_hd(cf, data, stream, ": ", 2, FALSE);
++    h3_xfer_write_resp_hd(cf, data, stream, (
++                          const char *)h3val.base, h3val.len, FALSE);
++    h3_xfer_write_resp_hd(cf, data, stream, "\r\n", 2, FALSE);
+   }
+   return 0;
+ }
+@@ -1083,7 +1093,13 @@ static ssize_t cf_ngtcp2_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
+     goto out;
+   }
+ 
+-  if(stream->closed) {
++  if(stream->xfer_result) {
++    CURL_TRC_CF(data, cf, "[%" PRId64 "] xfer write failed", stream->id);
++    *err = stream->xfer_result;
++    nread = -1;
++    goto out;
++  }
++  else if(stream->closed) {
+     nread = recv_closed_stream(cf, data, stream, err);
+     goto out;
+   }
+--- a/tests/http/test_02_download.py
++++ b/tests/http/test_02_download.py
+@@ -257,6 +257,34 @@ class TestDownload:
+         ])
+         r.check_response(count=count, http_status=200)
+ 
++    @pytest.mark.parametrize("proto", ['h2', 'h3'])
++    def test_02_14_not_found(self, env: Env, httpd, nghttpx, repeat, proto):
++        if proto == 'h3' and not env.have_h3():
++            pytest.skip("h3 not supported")
++        if proto == 'h3' and env.curl_uses_lib('msh3'):
++            pytest.skip("msh3 stalls here")
++        count = 10
++        urln = f'https://{env.authority_for(env.domain1, proto)}/not-found?[0-{count-1}]'
++        curl = CurlClient(env=env)
++        r = curl.http_download(urls=[urln], alpn_proto=proto, extra_args=[
++            '--parallel'
++        ])
++        r.check_stats(count=count, http_status=404, exitcode=0)
++
++    @pytest.mark.parametrize("proto", ['h2', 'h3'])
++    def test_02_15_fail_not_found(self, env: Env, httpd, nghttpx, repeat, proto):
++        if proto == 'h3' and not env.have_h3():
++            pytest.skip("h3 not supported")
++        if proto == 'h3' and env.curl_uses_lib('msh3'):
++            pytest.skip("msh3 stalls here")
++        count = 10
++        urln = f'https://{env.authority_for(env.domain1, proto)}/not-found?[0-{count-1}]'
++        curl = CurlClient(env=env)
++        r = curl.http_download(urls=[urln], alpn_proto=proto, extra_args=[
++            '--fail'
++        ])
++        r.check_stats(count=count, http_status=404, exitcode=22)
++
+     @pytest.mark.skipif(condition=Env().slow_network, reason="not suitable for slow network tests")
+     @pytest.mark.skipif(condition=Env().ci_run, reason="not suitable for CI runs")
+     def test_02_20_h2_small_frames(self, env: Env, httpd, repeat):
+
author	V3n3RiX <venerix@koprulu.sector>	2024-04-26 23:59:37 +0100
committer	V3n3RiX <venerix@koprulu.sector>	2024-04-26 23:59:37 +0100
commit	3e42d1577189af123b773dc0f11e5419035308c8 (patch)
tree	95d77507c924544b12363e6da6aa741c444f3e8a /net-misc
parent	6243676c91946098c06d42bc87b5eb99aac40bf0 (diff)