net-misc/curl: add 7.79.0

Bug: https://bugs.gentoo.org/813270
Signed-off-by: Sam James <sam@gentoo.org>

4 files changed, 444 insertions, 0 deletions

diff --git a/net-misc/curl/Manifest b/net-misc/curl/Manifest
index 65ea300bc224..b1b6f556d43f 100644
--- a/net-misc/curl/Manifest
+++ b/net-misc/curl/Manifest
@@ -1 +1,2 @@
 DIST curl-7.78.0.tar.xz 2440640 BLAKE2B 0422071ce22d38b89652c702989674a2257dd18b05004245c4f2d7494ccdd24b5b52f330629ce6a411a059d5990e8c879cbbdf23d873b881141f9d2b9ad07f7f SHA512 f72e822a0b5e28320ef547c7a441c07f3b4870579a70ab4c428751baba435a1385cb89a22b9ed4b84a7fafecf620f155911e4131e3463ec1bdad80ecde47bb7a
+DIST curl-7.79.0.tar.xz 2463072 BLAKE2B c3a8a60d3c04965272b1a439a4719cfaca903daaecd6265869b9188d1b6b13be63817b9daa77260673d67330baa3d9c2d917274f939cdadc467ac64d8fcf3203 SHA512 68bccba61f18de9f94c311b0d92cfa6572bb7e55e8773917c13b25203164a5a9f4ef6b8ad84a14d3d5dcb286271bf18c3dd84c4ca353866763c726f9defce808
diff --git a/net-misc/curl/curl-7.79.0.ebuild b/net-misc/curl/curl-7.79.0.ebuild
new file mode 100644
index 000000000000..380b1da5a4e5
--- /dev/null
+++ b/net-misc/curl/curl-7.79.0.ebuild
@@ -0,0 +1,293 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit autotools prefix multilib-minimal
+
+DESCRIPTION="A Client that groks URLs"
+HOMEPAGE="https://curl.haxx.se/"
+SRC_URI="https://curl.haxx.se/download/${P}.tar.xz"
+
+LICENSE="curl"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap ipv6 kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp samba +smtp ssh ssl sslv3 static-libs test telnet +tftp threads winssl zstd"
+IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_winssl"
+IUSE+=" nghttp3 quiche"
+IUSE+=" elibc_Winnt"
+
+# c-ares must be disabled for threads
+# only one default ssl provider can be enabled
+REQUIRED_USE="
+	winssl? ( elibc_Winnt )
+	threads? ( !adns )
+	ssl? (
+		^^ (
+			curl_ssl_gnutls
+			curl_ssl_mbedtls
+			curl_ssl_nss
+			curl_ssl_openssl
+			curl_ssl_winssl
+		)
+	)"
+
+# lead to lots of false negatives, bug #285669
+RESTRICT="!test? ( test )"
+
+RDEPEND="ldap? ( net-nds/openldap[${MULTILIB_USEDEP}] )
+	brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
+	ssl? (
+		gnutls? (
+			net-libs/gnutls:0=[static-libs?,${MULTILIB_USEDEP}]
+			dev-libs/nettle:0=[${MULTILIB_USEDEP}]
+			app-misc/ca-certificates
+		)
+		mbedtls? (
+			net-libs/mbedtls:0=[${MULTILIB_USEDEP}]
+			app-misc/ca-certificates
+		)
+		openssl? (
+			dev-libs/openssl:0=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
+		)
+		nss? (
+			dev-libs/nss:0[${MULTILIB_USEDEP}]
+			app-misc/ca-certificates
+		)
+	)
+	http2? ( net-libs/nghttp2:=[${MULTILIB_USEDEP}] )
+	nghttp3? (
+		net-libs/nghttp3[${MULTILIB_USEDEP}]
+		net-libs/ngtcp2[ssl,${MULTILIB_USEDEP}]
+	)
+	quiche? ( >=net-libs/quiche-0.3.0[${MULTILIB_USEDEP}] )
+	idn? ( net-dns/libidn2:0=[static-libs?,${MULTILIB_USEDEP}] )
+	adns? ( net-dns/c-ares:0=[${MULTILIB_USEDEP}] )
+	kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
+	rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
+	ssh? ( net-libs/libssh2[${MULTILIB_USEDEP}] )
+	sys-libs/zlib[${MULTILIB_USEDEP}]
+	zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )"
+
+# Do we need to enforce the same ssl backend for curl and rtmpdump? Bug #423303
+#	rtmp? (
+#		media-video/rtmpdump
+#		curl_ssl_gnutls? ( media-video/rtmpdump[gnutls] )
+#		curl_ssl_openssl? ( media-video/rtmpdump[-gnutls,ssl] )
+#	)
+
+# ssl providers to be added:
+# fbopenssl  $(use_with spnego)
+
+DEPEND="${RDEPEND}"
+BDEPEND="virtual/pkgconfig
+	test? (
+		sys-apps/diffutils
+		dev-lang/perl
+	)"
+
+DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
+
+MULTILIB_WRAPPED_HEADERS=(
+	/usr/include/curl/curlbuild.h
+)
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/curl-config
+)
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-7.30.0-prefix.patch
+	"${FILESDIR}"/${PN}-respect-cflags-3.patch
+	# Backported patches to 7.79.0
+	"${FILESDIR}"/${P}-http2-connection-data.patch
+	"${FILESDIR}"/${P}-http-3digit-response-code.patch
+)
+
+src_prepare() {
+	default
+
+	eprefixify curl-config.in
+	eautoreconf
+}
+
+multilib_src_configure() {
+	# We make use of the fact that later flags override earlier ones
+	# So start with all ssl providers off until proven otherwise
+	# TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
+	local myconf=()
+
+	myconf+=( --without-gnutls --without-mbedtls --without-nss --without-polarssl --without-ssl --without-winssl )
+	myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt  )
+	#myconf+=( --without-default-ssl-backend )
+	if use ssl ; then
+		if use gnutls || use curl_ssl_gnutls; then
+			einfo "SSL provided by gnutls"
+			myconf+=( --with-gnutls --with-nettle )
+		fi
+		if use mbedtls || use curl_ssl_mbedtls; then
+			einfo "SSL provided by mbedtls"
+			myconf+=( --with-mbedtls )
+		fi
+		if use nss || use curl_ssl_nss; then
+			einfo "SSL provided by nss"
+			myconf+=( --with-nss )
+		fi
+		if use openssl || use curl_ssl_openssl; then
+			einfo "SSL provided by openssl"
+			myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
+		fi
+		if use winssl || use curl_ssl_winssl; then
+			einfo "SSL provided by Windows"
+			myconf+=( --with-winssl )
+		fi
+
+		if use curl_ssl_gnutls; then
+			einfo "Default SSL provided by gnutls"
+			myconf+=( --with-default-ssl-backend=gnutls )
+		elif use curl_ssl_mbedtls; then
+			einfo "Default SSL provided by mbedtls"
+			myconf+=( --with-default-ssl-backend=mbedtls )
+		elif use curl_ssl_nss; then
+			einfo "Default SSL provided by nss"
+			myconf+=( --with-default-ssl-backend=nss )
+		elif use curl_ssl_openssl; then
+			einfo "Default SSL provided by openssl"
+			myconf+=( --with-default-ssl-backend=openssl )
+		elif use curl_ssl_winssl; then
+			einfo "Default SSL provided by Windows"
+			myconf+=( --with-default-ssl-backend=winssl )
+		else
+			eerror "We can't be here because of REQUIRED_USE."
+		fi
+
+	else
+		einfo "SSL disabled"
+	fi
+
+	# These configuration options are organized alphabetically
+	# within each category.  This should make it easier if we
+	# ever decide to make any of them contingent on USE flags:
+	# 1) protocols first.  To see them all do
+	# 'grep SUPPORT_PROTOCOLS configure.ac'
+	# 2) --enable/disable options second.
+	# 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
+	# 3) --with/without options third.
+	# grep -- --with configure | grep Check | awk '{ print $4 }' | sort
+
+	myconf+=(
+		$(use_enable alt-svc)
+		--enable-crypto-auth
+		--enable-dict
+		--disable-ech
+		--enable-file
+		$(use_enable ftp)
+		$(use_enable gopher)
+		$(use_enable hsts)
+		--enable-http
+		$(use_enable imap)
+		$(use_enable ldap)
+		$(use_enable ldap ldaps)
+		--enable-ntlm
+		--disable-ntlm-wb
+		$(use_enable pop3)
+		--enable-rt
+		--enable-rtsp
+		$(use_enable samba smb)
+		$(use_with ssh libssh2)
+		$(use_enable smtp)
+		$(use_enable telnet)
+		$(use_enable tftp)
+		--enable-tls-srp
+		$(use_enable adns ares)
+		--enable-cookies
+		--enable-dateparse
+		--enable-dnsshuffle
+		--enable-doh
+		--enable-hidden-symbols
+		--enable-http-auth
+		$(use_enable ipv6)
+		--enable-largefile
+		--enable-manual
+		--enable-mime
+		--enable-netrc
+		$(use_enable progress-meter)
+		--enable-proxy
+		--disable-sspi
+		$(use_enable static-libs static)
+		$(use_enable threads threaded-resolver)
+		$(use_enable threads pthreads)
+		--disable-versioned-symbols
+		--without-amissl
+		--without-bearssl
+		$(use_with brotli)
+		--without-cyassl
+		--without-fish-functions-dir
+		$(use_with http2 nghttp2)
+		--without-hyper
+		$(use_with idn libidn2)
+		$(use_with kerberos gssapi "${EPREFIX}"/usr)
+		--without-libgsasl
+		--without-libpsl
+		$(use_with nghttp3)
+		$(use_with nghttp3 ngtcp2)
+		$(use_with quiche)
+		$(use_with rtmp librtmp)
+		--without-rustls
+		--without-schannel
+		--without-secure-transport
+		--without-spnego
+		--without-winidn
+		--without-wolfssl
+		--with-zlib
+		$(use_with zstd)
+	)
+
+	ECONF_SOURCE="${S}" \
+	econf "${myconf[@]}"
+
+	if ! multilib_is_native_abi; then
+		# avoid building the client
+		sed -i -e '/SUBDIRS/s:src::' Makefile || die
+		sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
+	fi
+
+	# Fix up the pkg-config file to be more robust.
+	# https://github.com/curl/curl/issues/864
+	local priv=() libs=()
+	# We always enable zlib.
+	libs+=( "-lz" )
+	priv+=( "zlib" )
+	if use http2; then
+		libs+=( "-lnghttp2" )
+		priv+=( "libnghttp2" )
+	fi
+	if use quiche; then
+		libs+=( "-lquiche" )
+		priv+=( "quiche" )
+	fi
+	if use nghttp3; then
+		libs+=( "-lnghttp3" "-lngtcp2" )
+		priv+=( "libnghttp3" "-libtcp2" )
+	fi
+	if use ssl && use curl_ssl_openssl; then
+		libs+=( "-lssl" "-lcrypto" )
+		priv+=( "openssl" )
+	fi
+	grep -q Requires.private libcurl.pc && die "need to update ebuild"
+	libs=$(printf '|%s' "${libs[@]}")
+	sed -i -r \
+		-e "/^Libs.private/s:(${libs#|})( |$)::g" \
+		libcurl.pc || die
+	echo "Requires.private: ${priv[*]}" >> libcurl.pc
+}
+
+multilib_src_test() {
+	multilib_is_native_abi && default_src_test
+}
+
+multilib_src_install_all() {
+	einstalldocs
+	find "${ED}" -type f -name '*.la' -delete || die
+	rm -rf "${ED}"/etc/ || die
+}
diff --git a/net-misc/curl/files/curl-7.79.0-http-3digit-response-code.patch b/net-misc/curl/files/curl-7.79.0-http-3digit-response-code.patch
new file mode 100644
index 000000000000..1da4cebd4aa4
--- /dev/null
+++ b/net-misc/curl/files/curl-7.79.0-http-3digit-response-code.patch
@@ -0,0 +1,107 @@
+https://github.com/curl/curl/commit/beb8990d934a01acf103871e463d4e61afc9ded2
+
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Fri, 17 Sep 2021 16:31:25 +0200
+Subject: [PATCH] http: fix the broken >3 digit response code detection
+
+When the "reason phrase" in the HTTP status line starts with a digit,
+that was treated as the forth response code digit and curl would claim
+the response to be non-compliant.
+
+Added test 1466 to verify this case.
+
+Regression brought by 5dc594e44f73b17
+Reported-by: Glenn de boer
+Fixes #7738
+Closes #7739
+--- a/lib/http.c
++++ b/lib/http.c
+@@ -4232,9 +4232,9 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data,
+         char separator;
+         char twoorthree[2];
+         int httpversion = 0;
+-        int digit4 = -1; /* should remain untouched to be good */
++        char digit4 = 0;
+         nc = sscanf(HEADER1,
+-                    " HTTP/%1d.%1d%c%3d%1d",
++                    " HTTP/%1d.%1d%c%3d%c",
+                     &httpversion_major,
+                     &httpversion,
+                     &separator,
+@@ -4250,13 +4250,13 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data,
+ 
+         /* There can only be a 4th response code digit stored in 'digit4' if
+            all the other fields were parsed and stored first, so nc is 5 when
+-           digit4 is not -1 */
+-        else if(digit4 != -1) {
++           digit4 a digit */
++        else if(ISDIGIT(digit4)) {
+           failf(data, "Unsupported response code in HTTP response");
+           return CURLE_UNSUPPORTED_PROTOCOL;
+         }
+ 
+-        if((nc == 4) && (' ' == separator)) {
++        if((nc >= 4) && (' ' == separator)) {
+           httpversion += 10 * httpversion_major;
+           switch(httpversion) {
+           case 10:
+--- a/tests/data/Makefile.inc
++++ b/tests/data/Makefile.inc
+@@ -182,7 +182,7 @@ test1432 test1433 test1434 test1435 test1436 test1437 test1438 test1439 \
+ test1440 test1441 test1442 test1443 test1444 test1445 test1446 test1447 \
+ test1448 test1449 test1450 test1451 test1452 test1453 test1454 test1455 \
+ test1456 test1457 test1458 test1459 test1460 test1461 test1462 test1463 \
+-test1464 test1465 \
++test1464 test1465 test1466 \
+ \
+ test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1507 \
+ test1508 test1509 test1510 test1511 test1512 test1513 test1514 test1515 \
+--- /dev/null
++++ b/tests/data/test1466
+@@ -0,0 +1,45 @@
++<testcase>
++<info>
++<keywords>
++HTTP
++HTTP GET
++</keywords>
++</info>
++
++<reply>
++<data>
++HTTP/1.1 405 405
++Content-Length: 6
++Connection: close
++
++-foo-
++</data>
++</reply>
++
++#
++# Client-side
++<client>
++<server>
++http
++</server>
++
++<name>
++HTTP GET with 3-digit response and only digits in reason
++ </name>
++ <command>
++http://%HOSTIP:%HTTPPORT/%TESTNUMBER
++</command>
++</client>
++
++#
++# Verify data after the test has been "shot"
++<verify>
++<protocol>
++GET /%TESTNUMBER HTTP/1.1
++Host: %HOSTIP:%HTTPPORT
++User-Agent: curl/%VERSION
++Accept: */*
++
++</protocol>
++</verify>
++</testcase>
+
diff --git a/net-misc/curl/files/curl-7.79.0-http2-connection-data.patch b/net-misc/curl/files/curl-7.79.0-http2-connection-data.patch
new file mode 100644
index 000000000000..bdb1484d1b16
--- /dev/null
+++ b/net-misc/curl/files/curl-7.79.0-http2-connection-data.patch
@@ -0,0 +1,43 @@
+https://github.com/curl/curl/commit/901804ef95777b8e735a55b77f8dd630a58c575b
+
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 16 Sep 2021 08:50:54 +0200
+Subject: [PATCH] Curl_http2_setup: don't change connection data on repeat
+ invokes
+
+Regression from 3cb8a748670ab88c (releasde in 7.79.0). That change moved
+transfer oriented inits to before the check but also erroneously moved a
+few connection oriented ones, which causes problems.
+
+Reported-by: Evangelos Foutras
+Fixes #7730
+Closes #7731
+--- a/lib/http2.c
++++ b/lib/http2.c
+@@ -2221,12 +2221,6 @@ CURLcode Curl_http2_setup(struct Curl_easy *data,
+   stream->mem = data->state.buffer;
+   stream->len = data->set.buffer_size;
+ 
+-  httpc->inbuflen = 0;
+-  httpc->nread_inbuf = 0;
+-
+-  httpc->pause_stream_id = 0;
+-  httpc->drain_total = 0;
+-
+   multi_connchanged(data->multi);
+   /* below this point only connection related inits are done, which only needs
+      to be done once per connection */
+@@ -2252,6 +2246,12 @@ CURLcode Curl_http2_setup(struct Curl_easy *data,
+   conn->httpversion = 20;
+   conn->bundle->multiuse = BUNDLE_MULTIPLEX;
+ 
++  httpc->inbuflen = 0;
++  httpc->nread_inbuf = 0;
++
++  httpc->pause_stream_id = 0;
++  httpc->drain_total = 0;
++
+   infof(data, "Connection state changed (HTTP/2 confirmed)");
+ 
+   return CURLE_OK;
+