LTS Refresh: Merge upto 9689a70d02e6b86e35be23f8c50171e5e46dabb2 (buildnumber: 13310.1498.0) from main-R85-13310.B to release-R85-13310.B.
BUG=b/238366064
TEST=presubmit
RELEASE_NOTE=LTS Refresh from main-R85-13310.B to release-R85-13310.B
Signed-off-by: He Gao <hegao@google.com>
Change-Id: I2249074500c7536cf13bcf66c71df0accc3a568d
diff --git a/metadata/md5-cache/net-dns/c-ares-1.15.0 b/metadata/md5-cache/net-dns/c-ares-1.15.0
deleted file mode 100644
index 8ce047f..0000000
--- a/metadata/md5-cache/net-dns/c-ares-1.15.0
+++ /dev/null
@@ -1,12 +0,0 @@
-DEFINED_PHASES=compile configure install prepare test
-DEPEND=>=app-portage/elt-patches-20170815 !<sys-devel/gettext-0.18.1.1-r3 || ( >=sys-devel/automake-1.16.1:1.16 >=sys-devel/automake-1.15.1:1.15 ) >=sys-devel/autoconf-2.69 >=sys-devel/libtool-2.4
-DESCRIPTION=C library that resolves names asynchronously
-EAPI=6
-HOMEPAGE=https://c-ares.haxx.se/
-IUSE=static-libs abi_x86_32 abi_x86_64 abi_x86_x32 abi_mips_n32 abi_mips_n64 abi_mips_o32 abi_ppc_32 abi_ppc_64 abi_s390_32 abi_s390_64 abi_arm_32 abi_arm_64
-KEYWORDS=*
-LICENSE=MIT
-SLOT=0/2
-SRC_URI=https://c-ares.haxx.se/download/c-ares-1.15.0.tar.gz
-_eclasses_=autotools d0e5375d47f4c809f406eb892e531513 eutils 06133990e861be0fe60c2b428fd025d9 libtool f143db5a74ccd9ca28c1234deffede96 ltprune 2770eed66a9b8ef944714cd0e968182e multibuild 40fe59465edacd730c644ec2bc197809 multilib b2f01ad412baf81650c23fcf0975fa33 multilib-build 1979aa0ff4d356d32507ca4650d9f37d multilib-minimal 8bddda43703ba94d8341f4e247f97566 toolchain-funcs 209edad4a5c4812e7b2f8021650974f0
-_md5_=1270ae4584aa500192bff262559602c5
diff --git a/metadata/md5-cache/net-dns/c-ares-1.17.2 b/metadata/md5-cache/net-dns/c-ares-1.17.2
new file mode 100644
index 0000000..03a13bc
--- /dev/null
+++ b/metadata/md5-cache/net-dns/c-ares-1.17.2
@@ -0,0 +1,12 @@
+DEFINED_PHASES=compile configure install test
+DESCRIPTION=C library that resolves names asynchronously
+EAPI=7
+HOMEPAGE=https://c-ares.haxx.se/
+IUSE=static-libs test abi_x86_32 abi_x86_64 abi_x86_x32 abi_mips_n32 abi_mips_n64 abi_mips_o32 abi_ppc_32 abi_ppc_64 abi_s390_32 abi_s390_64 abi_arm_32 abi_arm_64
+KEYWORDS=*
+LICENSE=MIT
+RESTRICT=!test? ( test )
+SLOT=0/2
+SRC_URI=https://c-ares.haxx.se/download/c-ares-1.17.2.tar.gz
+_eclasses_=multibuild 40fe59465edacd730c644ec2bc197809 multilib 2477ebe553d3e4d2c606191fe6c33602 multilib-build 1979aa0ff4d356d32507ca4650d9f37d multilib-minimal 8bddda43703ba94d8341f4e247f97566 toolchain-funcs 605c126bed8d87e4378d5ff1645330cb
+_md5_=f814c73163cb7134141011e0cb441dd5
diff --git a/net-dns/c-ares/Manifest b/net-dns/c-ares/Manifest
index 7cc582b..5cde624 100644
--- a/net-dns/c-ares/Manifest
+++ b/net-dns/c-ares/Manifest
@@ -1 +1,2 @@
-DIST c-ares-1.15.0.tar.gz 1347687 BLAKE2B c4028bb2840af23274b79c73600bfcf73a348c7ab63ae3c215829e0fe2cf149f4ad38a3ec657c3997bad818ced3cacaed0579dd0dd2ef42eaffd074bdc4f22ed SHA512 a1de6c5e7e1a6a13c926aae690e83d5caa51e7313d63da1cf2af6bc757c41d585aad5466bc3ba7b7f7793cb1748fa589f40972b196728851c8b059cfc8c3be50
+DIST c-ares-1.17.2.tar.gz 1538276 BLAKE2B c6f5ad65ca75f8467b624daf3caaee2f35d6e4714ce46ebe1bbf79447feecf8615915b00fa5e7bd1e97c6232864e06c53a792fbadf36a5399883529769273e24 SHA512 f625e0ef8508af6475d3e83b51ab29be8a4878e2a87e7f518bea046b76a74bfde7043ca6ec2a9e714c898ab9e5d4a5a678c3347a9f9eb68980438f7ca8ae3fc8
+DIST c-ares-1.18.1.tar.gz 1560165 BLAKE2B c03a572726c6bbb24a3e4773673d0c87f4833bb9582aed57a424eea8c965beb6e232f502b61922b124d37403d91ebfefe0db7373673fc22e0d752c4e5036eb07 SHA512 1276ec0799916019f8c0af6b55a139701bd15e0ca4a00811d07963893978bc96c107b980f0fd49f81aa70bc8b3b8cd671195ba357c390772d4c2c5643c50c5a5
diff --git a/net-dns/c-ares/c-ares-1.15.0.ebuild b/net-dns/c-ares/c-ares-1.15.0.ebuild
deleted file mode 100644
index 7e4b287..0000000
--- a/net-dns/c-ares/c-ares-1.15.0.ebuild
+++ /dev/null
@@ -1,42 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit autotools eutils ltprune multilib-minimal
-
-DESCRIPTION="C library that resolves names asynchronously"
-HOMEPAGE="https://c-ares.haxx.se/"
-SRC_URI="https://${PN}.haxx.se/download/${P}.tar.gz"
-
-LICENSE="MIT"
-KEYWORDS="*"
-IUSE="static-libs"
-
-# Subslot = SONAME of libcares.so.2
-SLOT="0/2"
-
-DOCS=( AUTHORS CHANGES NEWS README.md RELEASE-NOTES TODO )
-
-MULTILIB_WRAPPED_HEADERS=(
- /usr/include/ares_build.h
-)
-
-src_prepare() {
- eapply "${FILESDIR}"/${PN}-1.12.0-remove-tests.patch
- eapply_user
- eautoreconf
-}
-
-multilib_src_configure() {
- ECONF_SOURCE=${S} \
- econf \
- --enable-nonblocking \
- --enable-symbol-hiding \
- $(use_enable static-libs static)
-}
-
-multilib_src_install_all() {
- einstalldocs
- prune_libtool_files --all
-}
diff --git a/net-dns/c-ares/c-ares-1.17.2.ebuild b/net-dns/c-ares/c-ares-1.17.2.ebuild
new file mode 100644
index 0000000..87f7faa
--- /dev/null
+++ b/net-dns/c-ares/c-ares-1.17.2.ebuild
@@ -0,0 +1,62 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit multilib-minimal
+
+DESCRIPTION="C library that resolves names asynchronously"
+HOMEPAGE="https://c-ares.haxx.se/"
+SRC_URI="https://${PN}.haxx.se/download/${P}.tar.gz"
+
+# Subslot = SONAME of libcares.so.2
+SLOT="0/2"
+LICENSE="MIT"
+KEYWORDS="*"
+IUSE="static-libs test"
+RESTRICT="!test? ( test )"
+
+DOCS=( AUTHORS CHANGES NEWS README.md RELEASE-NOTES TODO )
+
+MULTILIB_WRAPPED_HEADERS=(
+ /usr/include/ares_build.h
+)
+
+multilib_src_configure() {
+ # Needed for running unit tests only
+ # Violates sandbox and tests pass fine without
+ ax_cv_uts_namespace=no \
+ ax_cv_user_namespace=no \
+ ECONF_SOURCE="${S}" \
+ econf \
+ --enable-nonblocking \
+ --enable-symbol-hiding \
+ $(use_enable static-libs static) \
+ $(use_enable test tests)
+}
+
+multilib_src_test() {
+ cd "${BUILD_DIR}"/test || die
+
+ # We're skipping the "real" network tests with the filter
+ # see https://github.com/c-ares/c-ares/tree/main/test
+ local network_tests=(
+ # Most live tests have Live in the name
+ *Live*
+ # These don't but are still in ares-test-live.cc => live
+ *GetTCPSock*
+ *TimeoutValue*
+ *GetSock*
+ *GetSock_virtualized*
+ )
+
+ # The format for disabling test1, test2, and test3 looks like:
+ # -test1:test2:test3
+ ./arestest --gtest_filter=-$(echo $(IFS=:; echo "${network_tests[*]}")) || die "arestest failed!"
+}
+
+multilib_src_install_all() {
+ einstalldocs
+
+ find "${ED}" -name "*.la" -delete || die
+}
diff --git a/net-dns/c-ares/files/c-ares-1.12.0-remove-tests.patch b/net-dns/c-ares/files/c-ares-1.12.0-remove-tests.patch
deleted file mode 100644
index 826eb85..0000000
--- a/net-dns/c-ares/files/c-ares-1.12.0-remove-tests.patch
+++ /dev/null
@@ -1,14 +0,0 @@
-diff -Naur c-ares-1.12.0.orig/configure.ac c-ares-1.12.0/configure.ac
---- c-ares-1.12.0.orig/configure.ac 2016-09-29 07:43:01.000000000 -0400
-+++ c-ares-1.12.0/configure.ac 2016-10-14 03:10:36.253342032 -0400
-@@ -837,10 +837,6 @@
- fi
- AC_MSG_RESULT([$build_tests])
-
--if test "x$build_tests" = "xyes" ; then
-- AC_CONFIG_SUBDIRS([test])
--fi
--
- AC_CONFIG_FILES([Makefile libcares.pc])
- AC_OUTPUT
- XC_AMEND_DISTCLEAN(['.'])
diff --git a/net-dns/c-ares/metadata.xml b/net-dns/c-ares/metadata.xml
index 1b514de..61b0198 100644
--- a/net-dns/c-ares/metadata.xml
+++ b/net-dns/c-ares/metadata.xml
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="person">
<email>blueness@gentoo.org</email>
diff --git a/net-misc/curl/Manifest b/net-misc/curl/Manifest
index 4b880df..cb44481 100644
--- a/net-misc/curl/Manifest
+++ b/net-misc/curl/Manifest
@@ -1,2 +1,2 @@
-DIST curl-7.77.0.tar.xz 2439336 BLAKE2B 433b3179dcf2c3363514b72bf9c54286873d8e5559b33e543ba8f3e7df25a619c5be13a8aacb9361c4464b646af4d1fb214d4de57a17f3de7e8f379777214d13 SHA512 aef92a0e3f8ce8491b258a9a1c4dcea3c07c29b139a1f68f08619caa0295cfde76335d2dfb9cdf434525daea7dd05d8acd22f203f5ccc7735bd317964ec1da76
-DIST curl-7.78.0.tar.xz 2440640 BLAKE2B 0422071ce22d38b89652c702989674a2257dd18b05004245c4f2d7494ccdd24b5b52f330629ce6a411a059d5990e8c879cbbdf23d873b881141f9d2b9ad07f7f SHA512 f72e822a0b5e28320ef547c7a441c07f3b4870579a70ab4c428751baba435a1385cb89a22b9ed4b84a7fafecf620f155911e4131e3463ec1bdad80ecde47bb7a
+DIST curl-7.83.1.tar.xz 2474940 BLAKE2B 491427b12f082c2246ef6cb2a129340079db28bd93b4381889e7328bef1d61a79bb57cba4b8372759baa4f6e77644966ed95cfa8f839ee9db634786757fb1ce0 SHA512 2f63327d6d3687ba36fb7b8d5d3d15599eca33ebfb08681613612ea9c4b629d3b6ce4d2742fa1ebd7a997ed332001d3a4c798985f9277c83b9e7a9aecdb1b1ee
+DIST curl-7.83.1.tar.xz.asc 488 BLAKE2B 78f7a6d9a32cab97e9ce26430eb2be2bc4e20552cf8c59238f30f127e9d7af5b4f9808c3fe0846c18c8f7a67b49f2f75d865d17b7760bb664872934799949441 SHA512 f0d29de315488c844eb81ed5a89ed6334910970224c8cac43e7e6f2d58c35ad0064c0b6122e69b3a34ce91f4b56873c63e2e8aea1c602ef40711bfd62a01b191
diff --git a/net-misc/curl/curl-7.78.0-r2.ebuild b/net-misc/curl/curl-7.83.1.ebuild
similarity index 84%
rename from net-misc/curl/curl-7.78.0-r2.ebuild
rename to net-misc/curl/curl-7.83.1.ebuild
index 0f19051..ea7796d 100644
--- a/net-misc/curl/curl-7.78.0-r2.ebuild
+++ b/net-misc/curl/curl-7.83.1.ebuild
@@ -1,26 +1,27 @@
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2022 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
+# lakitu: use EAPI 7 to get this to emerge, rather than EAPI 8 like upstream.
EAPI="7"
-inherit autotools prefix multilib-minimal
+inherit autotools prefix multilib-minimal verify-sig
DESCRIPTION="A Client that groks URLs"
HOMEPAGE="https://curl.haxx.se/"
-SRC_URI="https://curl.haxx.se/download/${P}.tar.xz"
+SRC_URI="https://curl.haxx.se/download/${P}.tar.xz
+ verify-sig? ( https://curl.haxx.se/download/${P}.tar.xz.asc )"
LICENSE="curl"
SLOT="0"
KEYWORDS="*"
-IUSE="adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap ipv6 kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp samba +smtp ssh ssl sslv3 static-libs test telnet +tftp threads winssl zstd"
-IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_winssl"
+IUSE="adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap ipv6 kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp samba +smtp ssh ssl sslv3 static-libs test telnet +tftp threads zstd"
+IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl"
IUSE+=" nghttp3 quiche"
-IUSE+=" elibc_Winnt"
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/danielstenberg.asc
# c-ares must be disabled for threads
# only one default ssl provider can be enabled
REQUIRED_USE="
- winssl? ( elibc_Winnt )
threads? ( !adns )
ssl? (
^^ (
@@ -28,14 +29,13 @@
curl_ssl_mbedtls
curl_ssl_nss
curl_ssl_openssl
- curl_ssl_winssl
)
)"
# lead to lots of false negatives, bug #285669
RESTRICT="!test? ( test )"
-RDEPEND="ldap? ( net-nds/openldap[${MULTILIB_USEDEP}] )
+RDEPEND="ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] )
brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
ssl? (
gnutls? (
@@ -76,15 +76,13 @@
# curl_ssl_openssl? ( media-video/rtmpdump[-gnutls,ssl] )
# )
-# ssl providers to be added:
-# fbopenssl $(use_with spnego)
-
DEPEND="${RDEPEND}"
-BDEPEND="virtual/pkgconfig
+BDEPEND="dev-lang/perl
+ virtual/pkgconfig
test? (
sys-apps/diffutils
- dev-lang/perl
- )"
+ )
+ verify-sig? ( sec-keys/openpgp-keys-danielstenberg )"
DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
@@ -99,9 +97,6 @@
PATCHES=(
"${FILESDIR}"/${PN}-7.30.0-prefix.patch
"${FILESDIR}"/${PN}-respect-cflags-3.patch
- # lakitu: apply upstream patch to resolve CVE-2021-22945
- # https://github.com/curl/curl/commit/43157490a5054bd
- "${FILESDIR}"/${PN}-mqtt-clear-leftover-pointer-on-send-success.patch
)
src_prepare() {
@@ -117,7 +112,7 @@
# TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
local myconf=()
- myconf+=( --without-gnutls --without-mbedtls --without-nss --without-polarssl --without-ssl --without-winssl )
+ myconf+=( --without-gnutls --without-mbedtls --without-nss --without-ssl )
myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
#myconf+=( --without-default-ssl-backend )
if use ssl ; then
@@ -131,16 +126,12 @@
fi
if use nss || use curl_ssl_nss; then
einfo "SSL provided by nss"
- myconf+=( --with-nss )
+ myconf+=( --with-nss --with-nss-deprecated )
fi
if use openssl || use curl_ssl_openssl; then
einfo "SSL provided by openssl"
myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
fi
- if use winssl || use curl_ssl_winssl; then
- einfo "SSL provided by Windows"
- myconf+=( --with-winssl )
- fi
if use curl_ssl_gnutls; then
einfo "Default SSL provided by gnutls"
@@ -154,9 +145,6 @@
elif use curl_ssl_openssl; then
einfo "Default SSL provided by openssl"
myconf+=( --with-default-ssl-backend=openssl )
- elif use curl_ssl_winssl; then
- einfo "Default SSL provided by Windows"
- myconf+=( --with-default-ssl-backend=winssl )
else
eerror "We can't be here because of REQUIRED_USE."
fi
@@ -188,7 +176,7 @@
$(use_enable imap)
$(use_enable ldap)
$(use_enable ldap ldaps)
- --disable-ntlm
+ --enable-ntlm
--disable-ntlm-wb
$(use_enable pop3)
--enable-rt
@@ -204,7 +192,7 @@
--enable-dateparse
--enable-dnsshuffle
--enable-doh
- --enable-hidden-symbols
+ --enable-symbol-hiding
--enable-http-auth
$(use_enable ipv6)
--enable-largefile
@@ -221,7 +209,6 @@
--without-amissl
--without-bearssl
$(use_with brotli)
- --without-cyassl
--without-fish-functions-dir
$(use_with http2 nghttp2)
--without-hyper
@@ -229,6 +216,7 @@
$(use_with kerberos gssapi "${EPREFIX}"/usr)
--without-libgsasl
--without-libpsl
+ --without-msh3
$(use_with nghttp3)
$(use_with nghttp3 ngtcp2)
$(use_with quiche)
@@ -236,7 +224,6 @@
--without-rustls
--without-schannel
--without-secure-transport
- --without-spnego
--without-winidn
--without-wolfssl
--with-zlib
@@ -283,7 +270,16 @@
}
multilib_src_test() {
- multilib_is_native_abi && default_src_test
+ # See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
+ # -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
+ # -v: verbose
+ # -a: keep going on failure (so we see everything which breaks, not just 1st test)
+ # -k: keep test files after completion
+ # -am: automake style TAP output
+ # -p: print logs if test fails
+ # Note: if needed, we can disable tests. See e.g. Fedora's packaging
+ # or just read https://github.com/curl/curl/tree/master/tests#run.
+ multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p"
}
multilib_src_install_all() {
diff --git a/net-misc/curl/files/curl-mqtt-clear-leftover-pointer-on-send-success.patch b/net-misc/curl/files/curl-mqtt-clear-leftover-pointer-on-send-success.patch
deleted file mode 100644
index ffa020e..0000000
--- a/net-misc/curl/files/curl-mqtt-clear-leftover-pointer-on-send-success.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 43157490a5054bd24256fe12876931e8abc9df49 Mon Sep 17 00:00:00 2001
-From: z2_ on hackerone <>
-Date: Tue, 24 Aug 2021 09:50:33 +0200
-Subject: [PATCH] mqtt: clear the leftovers pointer when sending succeeds
-
-CVE-2021-22945
-
-Bug: https://curl.se/docs/CVE-2021-22945.html
----
- lib/mqtt.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/lib/mqtt.c b/lib/mqtt.c
-index f077e6c3d..fcd40b41e 100644
---- a/lib/mqtt.c
-+++ b/lib/mqtt.c
-@@ -128,6 +128,10 @@ static CURLcode mqtt_send(struct Curl_easy *data,
- mq->sendleftovers = sendleftovers;
- mq->nsend = nsend;
- }
-+ else {
-+ mq->sendleftovers = NULL;
-+ mq->nsend = 0;
-+ }
- return result;
- }
-
---
-2.33.0.1079.g6e70778dc9-goog
-