diff options
Diffstat (limited to 'net-misc/curl/files')
7 files changed, 213 insertions, 305 deletions
diff --git a/net-misc/curl/files/curl-7.86.0-noproxy-tailmatch-like-in-7.85.0-and-earlier.patch b/net-misc/curl/files/curl-7.86.0-noproxy-tailmatch-like-in-7.85.0-and-earlier.patch deleted file mode 100644 index 1f04f22f9b1b..000000000000 --- a/net-misc/curl/files/curl-7.86.0-noproxy-tailmatch-like-in-7.85.0-and-earlier.patch +++ /dev/null @@ -1,84 +0,0 @@ -https://github.com/curl/curl/issues/9842 -https://github.com/curl/curl/commit/b1953c1933b369b1217ef0f16053e26da63488c3 - -From b1953c1933b369b1217ef0f16053e26da63488c3 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg <daniel@haxx.se> -Date: Sun, 6 Nov 2022 23:19:51 +0100 -Subject: [PATCH] noproxy: tailmatch like in 7.85.0 and earlier - -A regfression in 7.86.0 (via 1e9a538e05c010) made the tailmatch work -differently than before. This restores the logic to how it used to work: - -All names listed in NO_PROXY are tailmatched against the used domain -name, if the lengths are identical it needs a full match. - -Update the docs, update test 1614. - -Reported-by: Stuart Henderson -Fixes #9842 -Closes #9858 ---- - docs/libcurl/opts/CURLOPT_NOPROXY.3 | 4 ---- - lib/noproxy.c | 32 +++++++++++++++-------------- - tests/unit/unit1614.c | 3 ++- - 3 files changed, 19 insertions(+), 20 deletions(-) - -diff --git a/docs/libcurl/opts/CURLOPT_NOPROXY.3 b/docs/libcurl/opts/CURLOPT_NOPROXY.3 -index 5e4c32130431..dc3cf7c10833 100644 ---- a/docs/libcurl/opts/CURLOPT_NOPROXY.3 -+++ b/docs/libcurl/opts/CURLOPT_NOPROXY.3 -@@ -40,10 +40,6 @@ list is matched as either a domain which contains the hostname, or the - hostname itself. For example, "ample.com" would match ample.com, ample.com:80, - and www.ample.com, but not www.example.com or ample.com.org. - --If the name in the \fInoproxy\fP list has a leading period, it is a domain --match against the provided host name. This way ".example.com" will switch off --proxy use for both "www.example.com" as well as for "foo.example.com". -- - Setting the \fInoproxy\fP string to "" (an empty string) will explicitly - enable the proxy for all host names, even if there is an environment variable - set for it. -diff --git a/lib/noproxy.c b/lib/noproxy.c -index 2832ae166a5b..fb856e4faa72 100644 ---- a/lib/noproxy.c -+++ b/lib/noproxy.c -@@ -187,22 +187,24 @@ bool Curl_check_noproxy(const char *name, const char *no_proxy) - tokenlen--; - - if(tokenlen && (*token == '.')) { -- /* A: example.com matches '.example.com' -- B: www.example.com matches '.example.com' -- C: nonexample.com DOES NOT match '.example.com' -- */ -- if((tokenlen - 1) == namelen) -- /* case A, exact match without leading dot */ -- match = strncasecompare(token + 1, name, namelen); -- else if(tokenlen < namelen) -- /* case B, tailmatch with leading dot */ -- match = strncasecompare(token, name + (namelen - tokenlen), -- tokenlen); -- /* case C passes through, not a match */ -+ /* ignore leading token dot as well */ -+ token++; -+ tokenlen--; - } -- else -- match = (tokenlen == namelen) && -- strncasecompare(token, name, namelen); -+ /* A: example.com matches 'example.com' -+ B: www.example.com matches 'example.com' -+ C: nonexample.com DOES NOT match 'example.com' -+ */ -+ if(tokenlen == namelen) -+ /* case A, exact match */ -+ match = strncasecompare(token, name, namelen); -+ else if(tokenlen < namelen) { -+ /* case B, tailmatch domain */ -+ match = (name[namelen - tokenlen - 1] == '.') && -+ strncasecompare(token, name + (namelen - tokenlen), -+ tokenlen); -+ } -+ /* case C passes through, not a match */ - break; - case TYPE_IPV4: - /* FALLTHROUGH */ diff --git a/net-misc/curl/files/curl-7.86.0-proxy-noproxy-match-comma.patch b/net-misc/curl/files/curl-7.86.0-proxy-noproxy-match-comma.patch deleted file mode 100644 index 6c8f4067e8d5..000000000000 --- a/net-misc/curl/files/curl-7.86.0-proxy-noproxy-match-comma.patch +++ /dev/null @@ -1,86 +0,0 @@ -https://bugs.gentoo.org/878365#c2 -https://github.com/curl/curl/issues/9813 -https://github.com/curl/curl/commit/efc286b7a62af0568fdcbf3c68791c9955182128 - -From efc286b7a62af0568fdcbf3c68791c9955182128 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg <daniel@haxx.se> -Date: Thu, 27 Oct 2022 13:54:27 +0200 -Subject: [PATCH] noproxy: also match with adjacent comma - -If the host name is an IP address and the noproxy string contained that -IP address with a following comma, it would erroneously not match. - -Extended test 1614 to verify this combo as well. - -Reported-by: Henning Schild - -Fixes #9813 -Closes #9814 ---- a/lib/noproxy.c -+++ b/lib/noproxy.c -@@ -192,18 +192,22 @@ bool Curl_check_noproxy(const char *name, const char *no_proxy) - /* FALLTHROUGH */ - case TYPE_IPV6: { - const char *check = token; -- char *slash = strchr(check, '/'); -+ char *slash; - unsigned int bits = 0; - char checkip[128]; -+ if(tokenlen >= sizeof(checkip)) -+ /* this cannot match */ -+ break; -+ /* copy the check name to a temp buffer */ -+ memcpy(checkip, check, tokenlen); -+ checkip[tokenlen] = 0; -+ check = checkip; -+ -+ slash = strchr(check, '/'); - /* if the slash is part of this token, use it */ -- if(slash && (slash < &check[tokenlen])) { -+ if(slash) { - bits = atoi(slash + 1); -- /* copy the check name to a temp buffer */ -- if(tokenlen >= sizeof(checkip)) -- break; -- memcpy(checkip, check, tokenlen); -- checkip[ slash - check ] = 0; -- check = checkip; -+ *slash = 0; /* null terminate there */ - } - if(type == TYPE_IPV6) - match = Curl_cidr6_match(name, check, bits); ---- a/tests/data/test1614 -+++ b/tests/data/test1614 -@@ -16,7 +16,7 @@ unittest - proxy - </features> - <name> --cidr comparisons -+noproxy and cidr comparisons - </name> - </client> - <errorcode> ---- a/tests/unit/unit1614.c -+++ b/tests/unit/unit1614.c -@@ -77,6 +77,20 @@ UNITTEST_START - { NULL, NULL, 0, FALSE} /* end marker */ - }; - struct noproxy list[]= { -+ { "127.0.0.1", "127.0.0.1,localhost", TRUE}, -+ { "127.0.0.1", "127.0.0.1,localhost,", TRUE}, -+ { "127.0.0.1", "127.0.0.1/8,localhost,", TRUE}, -+ { "127.0.0.1", "127.0.0.1/28,localhost,", TRUE}, -+ { "127.0.0.1", "127.0.0.1/31,localhost,", TRUE}, -+ { "127.0.0.1", "localhost,127.0.0.1", TRUE}, -+ { "127.0.0.1", "localhost,127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1." -+ "127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127." -+ "0.0.1.127.0.0.1.127.0.0." /* 128 bytes "address" */, FALSE}, -+ { "127.0.0.1", "localhost,127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1." -+ "127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127." -+ "0.0.1.127.0.0.1.127.0.0" /* 127 bytes "address" */, FALSE}, -+ { "localhost", "localhost,127.0.0.1", TRUE}, -+ { "localhost", "127.0.0.1,localhost", TRUE}, - { "foobar", "barfoo", FALSE}, - { "foobar", "foobar", TRUE}, - { "192.168.0.1", "foobar", FALSE}, - diff --git a/net-misc/curl/files/curl-7.86.0-proxy-noproxy-tailmatching.patch b/net-misc/curl/files/curl-7.86.0-proxy-noproxy-tailmatching.patch deleted file mode 100644 index 15f5e64c91f3..000000000000 --- a/net-misc/curl/files/curl-7.86.0-proxy-noproxy-tailmatching.patch +++ /dev/null @@ -1,66 +0,0 @@ -https://bugs.gentoo.org/878365#c2 -https://github.com/curl/curl/issues/9821 -https://github.com/curl/curl/commit/b830f9ba9e94acf672cd191993ff679fa888838b - -From b830f9ba9e94acf672cd191993ff679fa888838b Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg <daniel@haxx.se> -Date: Fri, 28 Oct 2022 10:51:49 +0200 -Subject: [PATCH] noproxy: fix tail-matching - -Also ignore trailing dots in both host name and comparison pattern. - -Regression in 7.86.0 (from 1e9a538e05c0) - -Extended test 1614 to verify better. - -Reported-by: Henning Schild -Fixes #9821 -Closes #9822 ---- a/lib/noproxy.c -+++ b/lib/noproxy.c -@@ -153,9 +153,14 @@ bool Curl_check_noproxy(const char *name, const char *no_proxy) - } - else { - unsigned int address; -+ namelen = strlen(name); - if(1 == Curl_inet_pton(AF_INET, name, &address)) - type = TYPE_IPV4; -- namelen = strlen(name); -+ else { -+ /* ignore trailing dots in the host name */ -+ if(name[namelen - 1] == '.') -+ namelen--; -+ } - } - - while(*p) { -@@ -177,12 +182,23 @@ bool Curl_check_noproxy(const char *name, const char *no_proxy) - if(tokenlen) { - switch(type) { - case TYPE_HOST: -- if(*token == '.') { -- ++token; -- --tokenlen; -- /* tailmatch */ -- match = (tokenlen <= namelen) && -- strncasecompare(token, name + (namelen - tokenlen), namelen); -+ /* ignore trailing dots in the token to check */ -+ if(token[tokenlen - 1] == '.') -+ tokenlen--; -+ -+ if(tokenlen && (*token == '.')) { -+ /* A: example.com matches '.example.com' -+ B: www.example.com matches '.example.com' -+ C: nonexample.com DOES NOT match '.example.com' -+ */ -+ if((tokenlen - 1) == namelen) -+ /* case A, exact match without leading dot */ -+ match = strncasecompare(token + 1, name, namelen); -+ else if(tokenlen < namelen) -+ /* case B, tailmatch with leading dot */ -+ match = strncasecompare(token, name + (namelen - tokenlen), -+ tokenlen); -+ /* case C passes through, not a match */ - } - else - match = (tokenlen == namelen) && diff --git a/net-misc/curl/files/curl-7.88.0-http2.patch b/net-misc/curl/files/curl-7.88.0-http2.patch new file mode 100644 index 000000000000..49d90e901823 --- /dev/null +++ b/net-misc/curl/files/curl-7.88.0-http2.patch @@ -0,0 +1,93 @@ +https://github.com/curl/curl/commit/87ed650d04dc1a6f7944a5d952f7d5b0934a19ac +Author: Harry Sintonen <sintonen@iki.fi> +Date: Thu Feb 16 06:26:26 2023 +0200 + + http2: set drain on stream end + + Ensure that on_frame_recv() stream end will trigger a read if there is + pending data. Without this it could happen that the pending data is + never consumed. + + This combined with https://github.com/curl/curl/pull/10529 should fix + https://github.com/curl/curl/issues/10525 + + Ref: https://github.com/curl/curl/issues/10525 + Closes #10530 + +--- a/lib/http2.c ++++ b/lib/http2.c +@@ -868,6 +868,14 @@ static int on_frame_recv(nghttp2_session *session, const nghttp2_frame *frame, + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + } ++ if(frame->hd.flags & NGHTTP2_FLAG_END_STREAM) { ++ /* Stream has ended. If there is pending data, ensure that read ++ will occur to consume it. */ ++ if(!data->state.drain && stream->memlen) { ++ drain_this(cf, data_s); ++ Curl_expire(data, 0, EXPIRE_RUN_NOW); ++ } ++ } + break; + case NGHTTP2_HEADERS: + DEBUGF(LOG_CF(data_s, cf, "[h2sid=%u] recv frame HEADERS", stream_id)); + +https://github.com/curl/curl/commit/3103de2053ca8cacf9cdbe78764ba6814481709f +Author: Stefan Eissing <stefan@eissing.org> +Date: Wed Feb 15 22:11:13 2023 +0100 + + http2: buffer/pausedata and output flush fix. + + * do not process pending input data when copying pausedata to the + caller + * return CURLE_AGAIN if the output buffer could not be completely + written out. + + Ref: #10525 + Closes #10529 + +--- a/lib/http2.c ++++ b/lib/http2.c +@@ -467,6 +467,7 @@ static CURLcode flush_output(struct Curl_cfilter *cf, + } + if((size_t)written < buflen) { + Curl_dyn_tail(&ctx->outbuf, buflen - (size_t)written); ++ return CURLE_AGAIN; + } + else { + Curl_dyn_reset(&ctx->outbuf); +@@ -1790,6 +1791,7 @@ static ssize_t cf_h2_recv(struct Curl_cfilter *cf, struct Curl_easy *data, + + stream->pausedata += nread; + stream->pauselen -= nread; ++ drain_this(cf, data); + + if(stream->pauselen == 0) { + DEBUGF(LOG_CF(data, cf, "[h2sid=%u] Unpaused", stream->stream_id)); +@@ -1798,18 +1800,6 @@ static ssize_t cf_h2_recv(struct Curl_cfilter *cf, struct Curl_easy *data, + + stream->pausedata = NULL; + stream->pauselen = 0; +- +- /* When NGHTTP2_ERR_PAUSE is returned from +- data_source_read_callback, we might not process DATA frame +- fully. Calling nghttp2_session_mem_recv() again will +- continue to process DATA frame, but if there is no incoming +- frames, then we have to call it again with 0-length data. +- Without this, on_stream_close callback will not be called, +- and stream could be hanged. */ +- if(h2_process_pending_input(cf, data, err) != 0) { +- nread = -1; +- goto out; +- } + } + DEBUGF(LOG_CF(data, cf, "[h2sid=%u] recv: returns unpaused %zd bytes", + stream->stream_id, nread)); +@@ -1933,6 +1923,7 @@ static ssize_t cf_h2_recv(struct Curl_cfilter *cf, struct Curl_easy *data, + drained_transfer(cf, data); + } + ++ *err = CURLE_OK; + nread = retlen; + DEBUGF(LOG_CF(data, cf, "[h2sid=%u] cf_h2_recv -> %zd", + stream->stream_id, nread)); diff --git a/net-misc/curl/files/curl-7.88.0-test-gnuserv-tls-srp.patch b/net-misc/curl/files/curl-7.88.0-test-gnuserv-tls-srp.patch deleted file mode 100644 index fb9e89fd48cb..000000000000 --- a/net-misc/curl/files/curl-7.88.0-test-gnuserv-tls-srp.patch +++ /dev/null @@ -1,39 +0,0 @@ -https://github.com/curl/curl/commit/2fdc1d816ebf3c77f43068103bec1b3a3767881a.patch -From: Daniel Stenberg <daniel@haxx.se> -Date: Wed, 15 Feb 2023 15:04:07 +0100 -Subject: [PATCH] tests: make sure gnuserv-tls has SRP support before using it - -Reported-by: fundawang on github -Fixes #10522 -Closes #10524 ---- a/tests/runtests.pl -+++ b/tests/runtests.pl -@@ -5382,7 +5382,7 @@ sub startservers { - elsif($what eq "httptls") { - if(!$httptlssrv) { - # for now, we can't run http TLS-EXT tests without gnutls-serv -- return "no gnutls-serv"; -+ return "no gnutls-serv (with SRP support)"; - } - if($torture && $run{'httptls'} && - !responsive_httptls_server($verbose, "IPv4")) { ---- a/tests/sshhelp.pm -+++ b/tests/sshhelp.pm -@@ -408,7 +408,16 @@ sub find_sshkeygen { - # Find httptlssrv (gnutls-serv) and return canonical filename - # - sub find_httptlssrv { -- return find_exe_file_hpath($httptlssrvexe); -+ my $p = find_exe_file_hpath($httptlssrvexe); -+ my @o = `$p -l`; -+ my $found; -+ for(@o) { -+ if(/Key exchange: SRP/) { -+ $found = 1; -+ last; -+ } -+ } -+ return $p if($found); - } - - diff --git a/net-misc/curl/files/curl-7.88.0-test-uninitialised-value.patch b/net-misc/curl/files/curl-7.88.0-test-uninitialised-value.patch deleted file mode 100644 index c5ce31d4e427..000000000000 --- a/net-misc/curl/files/curl-7.88.0-test-uninitialised-value.patch +++ /dev/null @@ -1,30 +0,0 @@ -https://github.com/curl/curl/commit/f1d09231adfc695d15995b9ef2c8c6e568c28091 -From: Daniel Stenberg <daniel@haxx.se> -Date: Wed, 15 Feb 2023 13:03:21 +0100 -Subject: [PATCH] runtests: fix "uninitialized value $port" - -by using a more appropriate variable - -Reported-by: fundawang on github -Fixes #10518 -Closes #10520 ---- a/tests/runtests.pl -+++ b/tests/runtests.pl -@@ -1740,7 +1740,7 @@ sub runhttpserver { - } - - # where is it? -- my $port; -+ my $port = 0; - if(!$port_or_path) { - $port = $port_or_path = pidfromfile($portfile); - } -@@ -1758,7 +1758,7 @@ sub runhttpserver { - $pid2 = $pid3; - - if($verbose) { -- logmsg "RUN: $srvrname server is on PID $httppid port $port\n"; -+ logmsg "RUN: $srvrname server is on PID $httppid port $port_or_path\n"; - } - - return ($httppid, $pid2, $port); diff --git a/net-misc/curl/files/curl-7.88.0-tests.patch b/net-misc/curl/files/curl-7.88.0-tests.patch new file mode 100644 index 000000000000..81131dc6bc64 --- /dev/null +++ b/net-misc/curl/files/curl-7.88.0-tests.patch @@ -0,0 +1,120 @@ +https://github.com/curl/curl/commit/f1d09231adfc695d15995b9ef2c8c6e568c28091 +Author: Stefan Eissing <stefan@eissing.org> +Date: Tue Feb 14 14:29:13 2023 +0100 + + tests: make the telnet server shut down a socket gracefully + + - test 1452 failed occasionally with ECONNRESET errnos in curl when the + server closed the connection in an unclean state. + + Closes #10509 + +--- a/tests/negtelnetserver.py ++++ b/tests/negtelnetserver.py +@@ -29,7 +29,9 @@ from __future__ import (absolute_import, division, print_function, + import argparse + import logging + import os ++import socket + import sys ++import time + + from util import ClosingFileHandler + +@@ -90,7 +92,7 @@ class NegotiatingTelnetHandler(socketserver.BaseRequestHandler): + neg.send_wont("NAWS") + + # Get the data passed through the negotiator +- data = neg.recv(1024) ++ data = neg.recv(4*1024) + log.debug("Incoming data: %r", data) + + if VERIFIED_REQ.encode('utf-8') in data: +@@ -109,6 +111,12 @@ class NegotiatingTelnetHandler(socketserver.BaseRequestHandler): + log.debug("Sending %r", response_data) + self.request.sendall(response_data) + ++ # put some effort into making a clean socket shutdown ++ # that does not give the client ECONNRESET ++ self.request.settimeout(0.1) ++ self.request.recv(4*1024) ++ self.request.shutdown(socket.SHUT_RDWR) ++ + except IOError: + log.exception("IOError hit during request") + + +https://github.com/curl/curl/commit/2fdc1d816ebf3c77f43068103bec1b3a3767881a +Author: Daniel Stenberg <daniel@haxx.se> +Date: Wed Feb 15 15:04:07 2023 +0100 + + tests: make sure gnuserv-tls has SRP support before using it + + Reported-by: fundawang on github + Fixes #10522 + Closes #10524 + +--- a/tests/runtests.pl ++++ b/tests/runtests.pl +@@ -5382,7 +5382,7 @@ sub startservers { + elsif($what eq "httptls") { + if(!$httptlssrv) { + # for now, we can't run http TLS-EXT tests without gnutls-serv +- return "no gnutls-serv"; ++ return "no gnutls-serv (with SRP support)"; + } + if($torture && $run{'httptls'} && + !responsive_httptls_server($verbose, "IPv4")) { +--- a/tests/sshhelp.pm ++++ b/tests/sshhelp.pm +@@ -408,7 +408,16 @@ sub find_sshkeygen { + # Find httptlssrv (gnutls-serv) and return canonical filename + # + sub find_httptlssrv { +- return find_exe_file_hpath($httptlssrvexe); ++ my $p = find_exe_file_hpath($httptlssrvexe); ++ my @o = `$p -l`; ++ my $found; ++ for(@o) { ++ if(/Key exchange: SRP/) { ++ $found = 1; ++ last; ++ } ++ } ++ return $p if($found); + } + + + +https://github.com/curl/curl/commit/79d0b3c0c0bb00829f10ec139dbf3823c249ae72 +Author: Daniel Stenberg <daniel@haxx.se> +Date: Wed Feb 15 13:03:21 2023 +0100 + + runtests: fix "uninitialized value $port" + + by using a more appropriate variable + + Reported-by: fundawang on github + Fixes #10518 + Closes #10520 + +--- a/tests/runtests.pl ++++ b/tests/runtests.pl +@@ -1740,7 +1740,7 @@ sub runhttpserver { + } + + # where is it? +- my $port; ++ my $port = 0; + if(!$port_or_path) { + $port = $port_or_path = pidfromfile($portfile); + } +@@ -1758,7 +1758,7 @@ sub runhttpserver { + $pid2 = $pid3; + + if($verbose) { +- logmsg "RUN: $srvrname server is on PID $httppid port $port\n"; ++ logmsg "RUN: $srvrname server is on PID $httppid port $port_or_path\n"; + } + + return ($httppid, $pid2, $port); |