From 5d5f78f2acf3dc11a26188250bbc3b70bad80d00 Mon Sep 17 00:00:00 2001 From: Bertrand Jacquin Date: Sat, 16 Feb 2008 00:27:06 +0100 Subject: add curl with correct gnutls error handshake and -k --- net-misc/curl/Manifest | 9 ++ net-misc/curl/curl-7.17.1.ebuild | 115 +++++++++++++++++++++ net-misc/curl/files/curl-7.15-strip-ldflags.patch | 20 ++++ net-misc/curl/files/curl-7.15.1-test62.patch | 15 +++ .../curl/files/curl-7.16.2-strip-ldflags.patch | 24 +++++ .../curl/files/curl-7.17.0-strip-ldflags.patch | 24 +++++ .../files/curl-7.17.1-null-handler-segfault.patch | 69 +++++++++++++ .../curl/files/curl-correct-gnutls-madness.patch | 70 +++++++++++++ net-misc/curl/files/libcurl-gnutlscert.patch | 51 +++++++++ 9 files changed, 397 insertions(+) create mode 100644 net-misc/curl/Manifest create mode 100644 net-misc/curl/curl-7.17.1.ebuild create mode 100644 net-misc/curl/files/curl-7.15-strip-ldflags.patch create mode 100644 net-misc/curl/files/curl-7.15.1-test62.patch create mode 100644 net-misc/curl/files/curl-7.16.2-strip-ldflags.patch create mode 100644 net-misc/curl/files/curl-7.17.0-strip-ldflags.patch create mode 100644 net-misc/curl/files/curl-7.17.1-null-handler-segfault.patch create mode 100644 net-misc/curl/files/curl-correct-gnutls-madness.patch create mode 100644 net-misc/curl/files/libcurl-gnutlscert.patch diff --git a/net-misc/curl/Manifest b/net-misc/curl/Manifest new file mode 100644 index 00000000..22d029fb --- /dev/null +++ b/net-misc/curl/Manifest @@ -0,0 +1,9 @@ +AUX curl-7.15-strip-ldflags.patch 636 RMD160 da2a9e8137eb71f0d077d66b9e1580235027f537 SHA1 b8ab23f437d09be49a8f368be8b1822432ab2a93 SHA256 b86804e3a9e3ba9d841e85b2832dc1323dd52895e1b533d0a5782ab668a9609f +AUX curl-7.15.1-test62.patch 673 RMD160 4f9bd6355cc2289755892ae4142f9853b870a50a SHA1 4c2a0312d9f07ef42493a7138954cab53e8a7d9d SHA256 907e23481083da32f2f85d586067d1f51e3eddc1dd11157c70a2573bea66eec1 +AUX curl-7.16.2-strip-ldflags.patch 844 RMD160 2a4efcf28a438fb8a397f40ff75a49e78f77b4e8 SHA1 abb778120ef4f928f6a0bf4616f7e489768f044c SHA256 f1ae7d976648287b6b083c76b1fa87eb43850396831f43ac33c3e60c3e729ed6 +AUX curl-7.17.0-strip-ldflags.patch 796 RMD160 1bcb5af41c63b0afb7758e3c4c8f9bea5e52c29c SHA1 c63330a3505adb684dd2f1cfa89eae5159cb9cc6 SHA256 f3892c3d2a16f96319fd11cb516f66b5df0ece18ca8271cf3b9c1f286e9b5d73 +AUX curl-7.17.1-null-handler-segfault.patch 2560 RMD160 3f1ce2cab67588b132fa6ad30e49f887e6d16f0a SHA1 e6b20baa6306b26c3dc8ffe78fc0d34c5b531b1b SHA256 6f696c4b1d6ae216225fb2cd9e95527d7513872aae06abef05c35758a3d30887 +AUX curl-correct-gnutls-madness.patch 3084 RMD160 5471e25480fe023efbbce3e65b9edd4868323c6d SHA1 cbc26c0c4d4bd611696a6d7332565b66ce507952 SHA256 466079b63f47a630757063e86e2c44ddd586636756f698f5ab2316395f0863dd +AUX libcurl-gnutlscert.patch 1498 RMD160 286859e0870c6e5aa21047b28b2c256f7b7bfffe SHA1 6ef8e0887431e62328cc020cad5fb10673336ad3 SHA256 4b0a9db99ddc698c39484a95cba1f52c0dc17ed34f2d7e1dd780f925bf21761b +DIST curl-7.17.1.tar.bz2 1721551 RMD160 8ab8dc7a33a5265dfe25eb0725248c3cd6519510 SHA1 ad34b9386e7fd1c8f2a8025e2716a8047b194970 SHA256 7f668ec49506ffc968a54fde9404183212bb40b226626e9417d941594e06e57b +EBUILD curl-7.17.1.ebuild 3438 RMD160 d5c59f4dc7b55d138058b28912e4305e4e643238 SHA1 250dadf1b03d3fdda49f23aaa89082d2edca1000 SHA256 4cca27e9fb9a4ff92fcf7337e60901f4f63b9967410dc08c9201c1a9989d9050 diff --git a/net-misc/curl/curl-7.17.1.ebuild b/net-misc/curl/curl-7.17.1.ebuild new file mode 100644 index 00000000..43d6c7cb --- /dev/null +++ b/net-misc/curl/curl-7.17.1.ebuild @@ -0,0 +1,115 @@ +# Copyright 1999-2008 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/curl/curl-7.17.1.ebuild,v 1.6 2008/02/10 09:12:28 dertobi123 Exp $ + +# NOTE: If you bump this ebuild, make sure you bump dev-python/pycurl! + +inherit libtool eutils + +#MY_P=${P/_pre/-} +DESCRIPTION="A Client that groks URLs" +HOMEPAGE="http://curl.haxx.se/ http://curl.planetmirror.com" +#SRC_URI="http://cool.haxx.se/curl-daily/${MY_P}.tar.bz2" +SRC_URI="http://curl.planetmirror.com/download/${P}.tar.bz2" + +LICENSE="MIT X11" +SLOT="0" +KEYWORDS="alpha amd64 ~arm hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc ~sparc-fbsd x86 ~x86-fbsd" +IUSE="ssl ipv6 ldap ares gnutls nss idn kerberos test" +#IUSE="ssl ipv6 ldap ares gnutls libssh2 nss idn kerberos test" + +RDEPEND="gnutls? ( net-libs/gnutls app-misc/ca-certificates ) + nss? ( !gnutls? ( dev-libs/nss app-misc/ca-certificates ) ) + ssl? ( !gnutls? ( !nss? ( dev-libs/openssl app-misc/ca-certificates ) ) ) + ldap? ( net-nds/openldap ) + idn? ( net-dns/libidn ) + ares? ( >=net-dns/c-ares-1.4.0 ) + kerberos? ( virtual/krb5 )" +# libssh2? ( >=net-libs/libssh2-0.16 )" + +# net-libs/libssh2 (masked) --with-libssh2 +# fbopenssl (not in gentoo) --with-spnego +# krb4 http://web.mit.edu/kerberos/www/krb4-end-of-life.html + +DEPEND="${RDEPEND} + test? ( + sys-apps/diffutils + dev-lang/perl + )" +# used - but can do without in self test: net-misc/stunnel +#S="${WORKDIR}"/${MY_P} + +src_unpack() { + unpack ${A} + cd "${S}" +# epatch "${FILESDIR}"/${P}-strip-ldflags.patch + epatch "${FILESDIR}"/curl-7.16.2-strip-ldflags.patch + epatch "${FILESDIR}"/${P}-null-handler-segfault.patch + eptach "${FILESDIR}"/curl-correct-gnutls-madness.patch + elibtoolize +} + +src_compile() { + + myconf="$(use_enable ldap) + $(use_with idn libidn) + $(use_enable kerberos gssapi) + $(use_enable ipv6) + --enable-http + --enable-ftp + --enable-gopher + --enable-file + --enable-dict + --enable-manual + --enable-telnet + --enable-nonblocking + --enable-largefile + --enable-maintainer-mode + --disable-sspi + --with-ca-bundle=/etc/ssl/certs/ca-certificates.crt + --without-krb4 + --without-libssh2 + --without-spnego" +# $(use_with libssh2) + + if use ipv6 && use ares; then + elog "c-ares support disabled because it is incompatible with ipv6." + myconf="${myconf} --disable-ares" + else + myconf="${myconf} $(use_enable ares)" + fi + + if use gnutls; then + myconf="${myconf} --without-ssl --with-gnutls --without-nss" + elif use nss; then + myconf="${myconf} --without-ssl --without-gnutls --with-nss" + elif use ssl; then + myconf="${myconf} --without-gnutls --without-nss --with-ssl" + else + myconf="${myconf} --without-gnutls --without-nss --without-ssl" + fi + + econf ${myconf} || die 'configure failed' + emake || die "install failed for current version" +} + +src_install() { + emake DESTDIR="${D}" install || die "installed failed for current version" + rm -rf "${D}"/etc/ + + # https://sourceforge.net/tracker/index.php?func=detail&aid=1705197&group_id=976&atid=350976 + insinto /usr/share/aclocal + doins docs/libcurl/libcurl.m4 + + dodoc CHANGES README + dodoc docs/FEATURES docs/INTERNALS + dodoc docs/MANUAL docs/FAQ docs/BUGS docs/CONTRIBUTE +} + +pkg_postinst() { + if [[ -e "${ROOT}"/usr/$(get_libdir)/libcurl.so.3 ]] ; then + elog "You must re-compile all packages that are linked against" + elog "curl-7.15.* by using revdep-rebuild from gentoolkit:" + elog "# revdep-rebuild --library libcurl.so.3" + fi +} diff --git a/net-misc/curl/files/curl-7.15-strip-ldflags.patch b/net-misc/curl/files/curl-7.15-strip-ldflags.patch new file mode 100644 index 00000000..5c5999ae --- /dev/null +++ b/net-misc/curl/files/curl-7.15-strip-ldflags.patch @@ -0,0 +1,20 @@ +--- curl-7.15.4/curl-config.in 2006-05-02 23:48:22.000000000 +0100 ++++ curl-7.15.4/curl-config.in 2006-07-17 12:32:59.000000000 +0100 +@@ -181,7 +181,7 @@ + ;; + + --libs) +- echo -L@libdir@ -lcurl @LDFLAGS@ @LIBS@ ++ echo -L@libdir@ -lcurl @LIBS@ + ;; + + *) +--- curl-7.15.4/libcurl.pc.in 2004-12-11 18:46:40.000000000 +0000 ++++ curl-7.15.4/libcurl.pc.in 2006-07-17 12:33:10.000000000 +0100 +@@ -6,5 +6,5 @@ + Name: libcurl + Description: Library to transfer files with ftp, http, etc. + Version: @VERSION@ +-Libs: -L${libdir} -lcurl @LDFLAGS@ @LIBS@ ++Libs: -L${libdir} -lcurl @LIBS@ + Cflags: -I${includedir} diff --git a/net-misc/curl/files/curl-7.15.1-test62.patch b/net-misc/curl/files/curl-7.15.1-test62.patch new file mode 100644 index 00000000..15ec3637 --- /dev/null +++ b/net-misc/curl/files/curl-7.15.1-test62.patch @@ -0,0 +1,15 @@ +--- curl-7.15.5/tests/data/test62.orig 2007-02-11 13:56:10.000000000 +1100 ++++ curl-7.15.5/tests/data/test62 2007-02-11 14:01:18.000000000 +1100 +@@ -32,9 +32,9 @@ + # http://www.netscape.com/newsref/std/cookie_spec.html + # This file was generated by libcurl! Edit at your own risk. + +-.foo.com TRUE /we/want/ FALSE 1170327387 test yes +-.host.foo.com TRUE /we/want/ FALSE 1170327387 test2 yes +-.fake.host.foo.com TRUE /we/want/ FALSE 1170327387 test4 yes ++.foo.com TRUE /we/want/ FALSE 1577802600 test yes ++.host.foo.com TRUE /we/want/ FALSE 1577802600 test2 yes ++.fake.host.foo.com TRUE /we/want/ FALSE 1577802600 test4 yes + + .foo.com TRUE /moo TRUE 0 test3 maybe + diff --git a/net-misc/curl/files/curl-7.16.2-strip-ldflags.patch b/net-misc/curl/files/curl-7.16.2-strip-ldflags.patch new file mode 100644 index 00000000..1c33fc5f --- /dev/null +++ b/net-misc/curl/files/curl-7.16.2-strip-ldflags.patch @@ -0,0 +1,24 @@ +--- curl-7.16.2/libcurl.pc.in.orig 2007-04-14 10:11:14.000000000 +1000 ++++ curl-7.16.2/libcurl.pc.in 2007-04-14 10:11:26.000000000 +1000 +@@ -33,6 +33,6 @@ + URL: http://curl.haxx.se/ + Description: Library to transfer files with ftp, http, etc. + Version: @VERSION@ +-Libs: -L${libdir} -lcurl @LDFLAGS@ @LIBS@ ++Libs: -L${libdir} -lcurl @LIBS@ + Libs.private: @LIBCURL_LIBS@ @LIBS@ + Cflags: -I${includedir} +--- curl-7.16.3/curl-config.in.orig 2007-06-28 22:22:51.000000000 +1000 ++++ curl-7.16.3/curl-config.in 2007-06-28 22:23:10.000000000 +1000 +@@ -187,9 +187,9 @@ + CURLLIBDIR="" + fi + if test "X@REQUIRE_LIB_DEPS@" = "Xyes"; then +- echo ${CURLLIBDIR}-lcurl @LDFLAGS@ @LIBCURL_LIBS@ @LIBS@ ++ echo ${CURLLIBDIR}-lcurl @LIBCURL_LIBS@ @LIBS@ + else +- echo ${CURLLIBDIR}-lcurl @LDFLAGS@ @LIBS@ ++ echo ${CURLLIBDIR}-lcurl @LIBS@ + fi + ;; + diff --git a/net-misc/curl/files/curl-7.17.0-strip-ldflags.patch b/net-misc/curl/files/curl-7.17.0-strip-ldflags.patch new file mode 100644 index 00000000..ac11500a --- /dev/null +++ b/net-misc/curl/files/curl-7.17.0-strip-ldflags.patch @@ -0,0 +1,24 @@ +--- libcurl.pc.in.orig 2007-09-14 07:36:31.000000000 +1000 ++++ libcurl.pc.in 2007-09-14 07:36:49.000000000 +1000 +@@ -33,6 +33,6 @@ + URL: http://curl.haxx.se/ + Description: Library to transfer files with ftp, http, etc. + Version: @VERSION@ +-Libs: -L${libdir} -lcurl @LDFLAGS@ @LIBS@ ++Libs: -L${libdir} -lcurl @LIBS@ + Libs.private: @LIBCURL_LIBS@ @LIBS@ + Cflags: -I${includedir} +--- curl-config.in.orig 2007-09-14 07:36:18.000000000 +1000 ++++ curl-config.in 2007-09-14 07:37:14.000000000 +1000 +@@ -187,9 +187,9 @@ + CURLLIBDIR="" + fi + if test "X@REQUIRE_LIB_DEPS@" = "Xyes"; then +- echo ${CURLLIBDIR}-lcurl @LDFLAGS@ @LIBCURL_LIBS@ @LIBS@ ++ echo ${CURLLIBDIR}-lcurl @LIBCURL_LIBS@ @LIBS@ + else +- echo ${CURLLIBDIR}-lcurl @LDFLAGS@ @LIBS@ ++ echo ${CURLLIBDIR}-lcurl @LIBS@ + fi + ;; + diff --git a/net-misc/curl/files/curl-7.17.1-null-handler-segfault.patch b/net-misc/curl/files/curl-7.17.1-null-handler-segfault.patch new file mode 100644 index 00000000..0d3b766e --- /dev/null +++ b/net-misc/curl/files/curl-7.17.1-null-handler-segfault.patch @@ -0,0 +1,69 @@ +Segfault in CURL (used from PHP) +Found by Robin H. Johnson +This was because of an invalid URL: /hash/597cfbe5740d2bf91eb4b037e6750bacd76d3729/added + +#0 0x00002b33e61ba166 in Curl_disconnect (conn=0xe46210) at url.c:2077 +2077 if(conn->handler->disconnect) +(gdb) print conn->handler +$1 = (const struct Curl_handler *) 0x0 +(gdb) bt full +#0 0x00002b33e61ba166 in Curl_disconnect (conn=0xe46210) at url.c:2077 + data = (struct SessionHandle *) 0xe363d0 +#1 0x00002b33e61bc27e in Curl_connect (data=0xe363d0, in_connect=0x7fffc6067818, asyncp=0x7fffc6067827, protocol_done=0x7fffc6067826) at url.c:4255 + connected = false + code = CURLE_OK + dns = (struct Curl_dns_entry *) 0x0 +#2 0x00002b33e61c67db in Curl_perform (data=0xe363d0) at transfer.c:2333 + res = CURLE_OK + res2 = + conn = (struct connectdata *) 0xe46210 + newurl = 0x0 + retry = 232 +#3 0x0000000000472005 in zif_curl_exec () +#4 0x000000000061bd42 in ?? () +#5 0x000000000061ae23 in execute () +#6 0x000000000061b815 in ?? () +#7 0x000000000061ae23 in execute () +#8 0x00000000005fcef3 in zend_execute_scripts () +#9 0x00000000005bd468 in php_execute_script () +#10 0x00000000006791ab in main () + +diff -Nuar curl-7.17.1-20071013.orig/lib/url.c curl-7.17.1-20071013/lib/url.c +--- curl-7.17.1-20071013.orig/lib/url.c 2007-10-13 02:00:02.000000000 +0000 ++++ curl-7.17.1-20071013/lib/url.c 2007-11-12 13:13:37.401514781 +0000 +@@ -2594,7 +2594,7 @@ + curl_socket_t *socks, + int numsocks) + { +- if(conn->handler->proto_getsock) ++ if(conn && conn->handler && conn->handler->proto_getsock) + return conn->handler->proto_getsock(conn, socks, numsocks); + return GETSOCK_BLANK; + } +@@ -4325,7 +4325,7 @@ + } + + /* this calls the protocol-specific function pointer previously set */ +- if(conn->handler->done) ++ if(conn->handler && conn->handler->done) + result = conn->handler->done(conn, status, premature); + else + result = CURLE_OK; +@@ -4378,7 +4378,7 @@ + conn->bits.done = FALSE; /* Curl_done() is not called yet */ + conn->bits.do_more = FALSE; /* by default there's no curl_do_more() to use */ + +- if(conn->handler->do_it) { ++ if(conn->handler && conn->handler->do_it) { + /* generic protocol-specific function pointer set in curl_connect() */ + result = conn->handler->do_it(conn, done); + +@@ -4441,7 +4441,7 @@ + { + CURLcode result=CURLE_OK; + +- if(conn->handler->do_more) ++ if(conn->handler && conn->handler->do_more) + result = conn->handler->do_more(conn); + + return result; diff --git a/net-misc/curl/files/curl-correct-gnutls-madness.patch b/net-misc/curl/files/curl-correct-gnutls-madness.patch new file mode 100644 index 00000000..a9aeec3b --- /dev/null +++ b/net-misc/curl/files/curl-correct-gnutls-madness.patch @@ -0,0 +1,70 @@ +Index: gtls.c +=================================================================== +RCS file: /cvsroot/curl/curl/lib/gtls.c,v +retrieving revision 1.37 +diff -u -r1.37 gtls.c +--- gtls.c 8 Feb 2008 22:02:00 -0000 1.37 ++++ gtls.c 15 Feb 2008 22:32:45 -0000 +@@ -336,38 +336,42 @@ + + chainp = gnutls_certificate_get_peers(session, &cert_list_size); + if(!chainp) { +- if(data->set.ssl.verifyhost) { ++ if(data->set.ssl.verifypeer) { + failf(data, "failed to get server cert"); + return CURLE_PEER_FAILED_VERIFICATION; + } + infof(data, "\t common name: WARNING couldn't obtain\n"); + } + +- /* This function will try to verify the peer's certificate and return its +- status (trusted, invalid etc.). The value of status should be one or more +- of the gnutls_certificate_status_t enumerated elements bitwise or'd. To +- avoid denial of service attacks some default upper limits regarding the +- certificate key size and chain size are set. To override them use +- gnutls_certificate_set_verify_limits(). */ ++ if(data->set.ssl.verifypeer) { ++ /* This function will try to verify the peer's certificate and return its ++ status (trusted, invalid etc.). The value of status should be one or ++ more of the gnutls_certificate_status_t enumerated elements bitwise ++ or'd. To avoid denial of service attacks some default upper limits ++ regarding the certificate key size and chain size are set. To override ++ them use gnutls_certificate_set_verify_limits(). */ + +- rc = gnutls_certificate_verify_peers2(session, &verify_status); +- if(rc < 0) { +- failf(data, "server cert verify failed: %d", rc); +- return CURLE_SSL_CONNECT_ERROR; +- } ++ rc = gnutls_certificate_verify_peers2(session, &verify_status); ++ if(rc < 0) { ++ failf(data, "server cert verify failed: %d", rc); ++ return CURLE_SSL_CONNECT_ERROR; ++ } + +- /* verify_status is a bitmask of gnutls_certificate_status bits */ +- if(verify_status & GNUTLS_CERT_INVALID) { +- if(data->set.ssl.verifypeer) { +- failf(data, "server certificate verification failed. CAfile: %s", +- data->set.ssl.CAfile?data->set.ssl.CAfile:"none"); +- return CURLE_SSL_CACERT; ++ /* verify_status is a bitmask of gnutls_certificate_status bits */ ++ if(verify_status & GNUTLS_CERT_INVALID) { ++ if(data->set.ssl.verifypeer) { ++ failf(data, "server certificate verification failed. CAfile: %s", ++ data->set.ssl.CAfile?data->set.ssl.CAfile:"none"); ++ return CURLE_SSL_CACERT; ++ } ++ else ++ infof(data, "\t server certificate verification FAILED\n"); + } + else +- infof(data, "\t server certificate verification FAILED\n"); ++ infof(data, "\t server certificate verification OK\n"); + } + else +- infof(data, "\t server certificate verification OK\n"); ++ infof(data, "\t server certificate verification SKIPPED\n"); + + /* initialize an X.509 certificate structure. */ + gnutls_x509_crt_init(&x509_cert); diff --git a/net-misc/curl/files/libcurl-gnutlscert.patch b/net-misc/curl/files/libcurl-gnutlscert.patch new file mode 100644 index 00000000..f905701c --- /dev/null +++ b/net-misc/curl/files/libcurl-gnutlscert.patch @@ -0,0 +1,51 @@ +Index: lib/gtls.c +=================================================================== +RCS file: /cvsroot/curl/curl/lib/gtls.c,v +retrieving revision 1.27 +diff -u -r1.27 gtls.c +--- lib/gtls.c 28 Apr 2007 21:01:30 -0000 1.27 ++++ lib/gtls.c 10 Jul 2007 20:27:43 -0000 +@@ -420,6 +420,43 @@ + else + infof(data, "\t common name: %s (matched)\n", certbuf); + ++ /* Check for time-based validity */ ++ clock = gnutls_x509_crt_get_expiration_time(x509_cert); ++ ++ if(clock == (time_t)-1) { ++ failf(data, "server cert expiration date verify failed"); ++ return CURLE_SSL_CONNECT_ERROR; ++ } ++ ++ if(clock < time(NULL)) { ++ if (data->set.ssl.verifypeer) { ++ failf(data, "server certificate expiration date has passed."); ++ return CURLE_SSL_PEER_CERTIFICATE; ++ } ++ else ++ infof(data, "\t server certificate expiration date FAILED\n"); ++ } ++ else ++ infof(data, "\t server certificate expiration date OK\n"); ++ ++ clock = gnutls_x509_crt_get_activation_time(x509_cert); ++ ++ if(clock == (time_t)-1) { ++ failf(data, "server cert activation date verify failed"); ++ return CURLE_SSL_CONNECT_ERROR; ++ } ++ ++ if(clock > time(NULL)) { ++ if (data->set.ssl.verifypeer) { ++ failf(data, "server certificate not activated yet."); ++ return CURLE_SSL_PEER_CERTIFICATE; ++ } ++ else ++ infof(data, "\t server certificate activation date FAILED\n"); ++ } ++ else ++ infof(data, "\t server certificate activation date OK\n"); ++ + /* Show: + + - ciphers used -- cgit v1.2.3