net-misc/curl: updated package to 7.84.0
cros_portage_upgrade command fails to update this package, since
upstream uses EAPI=8 which is still not available in COS. Upgraded
manually and changed EAPI to 7.
BUG=b/239161450,b/239161410,b/239161800,b/239161711
TEST=presubmit, validation tests.
RELEASE_NOTE=Updated net-misc/curl package to 7.84.0. This fixes
CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208.
Change-Id: Ie12b6c5d4b157589e5f44f62ec587f0ece5fb01b
Reviewed-on: https://cos-review.googlesource.com/c/third_party/overlays/portage-stable/+/34820
Tested-by: Cusky Presubmit Bot <presubmit@cos-infra-prod.iam.gserviceaccount.com>
Reviewed-by: Meena Shanmugam <meenashanmugam@google.com>
diff --git a/net-misc/curl/Manifest b/net-misc/curl/Manifest
index cb44481..58fc927 100644
--- a/net-misc/curl/Manifest
+++ b/net-misc/curl/Manifest
@@ -1,2 +1,2 @@
-DIST curl-7.83.1.tar.xz 2474940 BLAKE2B 491427b12f082c2246ef6cb2a129340079db28bd93b4381889e7328bef1d61a79bb57cba4b8372759baa4f6e77644966ed95cfa8f839ee9db634786757fb1ce0 SHA512 2f63327d6d3687ba36fb7b8d5d3d15599eca33ebfb08681613612ea9c4b629d3b6ce4d2742fa1ebd7a997ed332001d3a4c798985f9277c83b9e7a9aecdb1b1ee
-DIST curl-7.83.1.tar.xz.asc 488 BLAKE2B 78f7a6d9a32cab97e9ce26430eb2be2bc4e20552cf8c59238f30f127e9d7af5b4f9808c3fe0846c18c8f7a67b49f2f75d865d17b7760bb664872934799949441 SHA512 f0d29de315488c844eb81ed5a89ed6334910970224c8cac43e7e6f2d58c35ad0064c0b6122e69b3a34ce91f4b56873c63e2e8aea1c602ef40711bfd62a01b191
+DIST curl-7.84.0.tar.xz 2477944 BLAKE2B 811a63285f39a598bc4fd73ae4b8e23e5146b93dcf3eea805345792b7dddd85bbd54240d9871a0dc9f058d58fd7ea7f4efbcb82727218e8afaaae3600bad55e1 SHA512 86231866a35593a1637fbc0c6af3b6761bdfd99fb35580cc52970c36f19604f93dce59fea67a1d5bb4b455f719307599c7916c77d14f2b661f6bf7fb1ca716ce
+DIST curl-7.84.0.tar.xz.asc 488 BLAKE2B d74dea89fa89b6ed0a928e01987669f7dde0bcbb30423ea0f3af9f31eea1e059d458629d80455d772264d744fab236d4f506545afa1bfbd6ded7e2b27192a7c8 SHA512 80ff5274277ad97448fa53511bab6e8a1c302bcb25fc0916d78b8dc6c6af43d944c37c4ed46668b651cc639ec4964780725117ca0e85168ea66ad7cc98d29702
diff --git a/net-misc/curl/curl-7.83.1.ebuild b/net-misc/curl/curl-7.84.0.ebuild
similarity index 98%
rename from net-misc/curl/curl-7.83.1.ebuild
rename to net-misc/curl/curl-7.84.0.ebuild
index ea7796d..b14f77c 100644
--- a/net-misc/curl/curl-7.83.1.ebuild
+++ b/net-misc/curl/curl-7.84.0.ebuild
@@ -96,7 +96,9 @@
PATCHES=(
"${FILESDIR}"/${PN}-7.30.0-prefix.patch
+ "${FILESDIR}"/${PN}-7.84.0-easylock.patch
"${FILESDIR}"/${PN}-respect-cflags-3.patch
+ "${FILESDIR}"/${PN}-7.84.0-include-sched.patch
)
src_prepare() {
diff --git a/net-misc/curl/files/curl-7.79.0-http-3digit-response-code.patch b/net-misc/curl/files/curl-7.79.0-http-3digit-response-code.patch
deleted file mode 100644
index 4fa7011..0000000
--- a/net-misc/curl/files/curl-7.79.0-http-3digit-response-code.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-https://github.com/curl/curl/commit/beb8990d934a01acf103871e463d4e61afc9ded2
-
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Fri, 17 Sep 2021 16:31:25 +0200
-Subject: [PATCH] http: fix the broken >3 digit response code detection
-
-When the "reason phrase" in the HTTP status line starts with a digit,
-that was treated as the forth response code digit and curl would claim
-the response to be non-compliant.
-
-Added test 1466 to verify this case.
-
-Regression brought by 5dc594e44f73b17
-Reported-by: Glenn de boer
-Fixes #7738
-Closes #7739
---- a/lib/http.c
-+++ b/lib/http.c
-@@ -4232,9 +4232,9 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data,
- char separator;
- char twoorthree[2];
- int httpversion = 0;
-- int digit4 = -1; /* should remain untouched to be good */
-+ char digit4 = 0;
- nc = sscanf(HEADER1,
-- " HTTP/%1d.%1d%c%3d%1d",
-+ " HTTP/%1d.%1d%c%3d%c",
- &httpversion_major,
- &httpversion,
- &separator,
-@@ -4250,13 +4250,13 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data,
-
- /* There can only be a 4th response code digit stored in 'digit4' if
- all the other fields were parsed and stored first, so nc is 5 when
-- digit4 is not -1 */
-- else if(digit4 != -1) {
-+ digit4 a digit */
-+ else if(ISDIGIT(digit4)) {
- failf(data, "Unsupported response code in HTTP response");
- return CURLE_UNSUPPORTED_PROTOCOL;
- }
-
-- if((nc == 4) && (' ' == separator)) {
-+ if((nc >= 4) && (' ' == separator)) {
- httpversion += 10 * httpversion_major;
- switch(httpversion) {
- case 10:
diff --git a/net-misc/curl/files/curl-7.79.0-http2-connection-data.patch b/net-misc/curl/files/curl-7.79.0-http2-connection-data.patch
deleted file mode 100644
index bdb1484..0000000
--- a/net-misc/curl/files/curl-7.79.0-http2-connection-data.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-https://github.com/curl/curl/commit/901804ef95777b8e735a55b77f8dd630a58c575b
-
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Thu, 16 Sep 2021 08:50:54 +0200
-Subject: [PATCH] Curl_http2_setup: don't change connection data on repeat
- invokes
-
-Regression from 3cb8a748670ab88c (releasde in 7.79.0). That change moved
-transfer oriented inits to before the check but also erroneously moved a
-few connection oriented ones, which causes problems.
-
-Reported-by: Evangelos Foutras
-Fixes #7730
-Closes #7731
---- a/lib/http2.c
-+++ b/lib/http2.c
-@@ -2221,12 +2221,6 @@ CURLcode Curl_http2_setup(struct Curl_easy *data,
- stream->mem = data->state.buffer;
- stream->len = data->set.buffer_size;
-
-- httpc->inbuflen = 0;
-- httpc->nread_inbuf = 0;
--
-- httpc->pause_stream_id = 0;
-- httpc->drain_total = 0;
--
- multi_connchanged(data->multi);
- /* below this point only connection related inits are done, which only needs
- to be done once per connection */
-@@ -2252,6 +2246,12 @@ CURLcode Curl_http2_setup(struct Curl_easy *data,
- conn->httpversion = 20;
- conn->bundle->multiuse = BUNDLE_MULTIPLEX;
-
-+ httpc->inbuflen = 0;
-+ httpc->nread_inbuf = 0;
-+
-+ httpc->pause_stream_id = 0;
-+ httpc->drain_total = 0;
-+
- infof(data, "Connection state changed (HTTP/2 confirmed)");
-
- return CURLE_OK;
-
diff --git a/net-misc/curl/files/curl-7.84.0-easylock.patch b/net-misc/curl/files/curl-7.84.0-easylock.patch
new file mode 100644
index 0000000..77ee610
--- /dev/null
+++ b/net-misc/curl/files/curl-7.84.0-easylock.patch
@@ -0,0 +1,30 @@
+From 50efb0822aa0e0ab165158dd0a26e65a2290e6d2 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Tue, 28 Jun 2022 09:00:25 +0200
+Subject: [PATCH] easy_lock: switch to using atomic_int instead of bool
+
+To work with more compilers without requiring separate libs to
+link. Like with gcc-12 for RISC-V on Linux.
+
+Reported-by: Adam Sampson
+Fixes #9055
+Closes #9061
+---
+ lib/easy_lock.h | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/lib/easy_lock.h b/lib/easy_lock.h
+index 07c85c5ffdd19..9c11bc50c5f20 100644
+--- a/lib/easy_lock.h
++++ b/lib/easy_lock.h
+@@ -40,8 +40,8 @@
+ #include <sched.h>
+ #endif
+
+-#define curl_simple_lock atomic_bool
+-#define CURL_SIMPLE_LOCK_INIT false
++#define curl_simple_lock atomic_int
++#define CURL_SIMPLE_LOCK_INIT 0
+
+ static inline void curl_simple_lock_lock(curl_simple_lock *lock)
+ {
diff --git a/net-misc/curl/files/curl-7.84.0-include-sched.patch b/net-misc/curl/files/curl-7.84.0-include-sched.patch
new file mode 100644
index 0000000..842310d
--- /dev/null
+++ b/net-misc/curl/files/curl-7.84.0-include-sched.patch
@@ -0,0 +1,24 @@
+https://github.com/curl/curl/commit/e2e7f54b7bea521fa8373095d0f43261a720cda0
+https://bugs.gentoo.org/855710
+
+From e2e7f54b7bea521fa8373095d0f43261a720cda0 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Mon, 27 Jun 2022 08:46:21 +0200
+Subject: [PATCH] easy_lock.h: include sched.h if available to fix build
+
+Patched-by: Harry Sintonen
+
+Closes #9054
+--- a/lib/easy_lock.h
++++ b/lib/easy_lock.h
+@@ -36,6 +36,9 @@
+
+ #elif defined (HAVE_ATOMIC)
+ #include <stdatomic.h>
++#if defined(HAVE_SCHED_YIELD)
++#include <sched.h>
++#endif
+
+ #define curl_simple_lock atomic_bool
+ #define CURL_SIMPLE_LOCK_INIT false
+