diff options
| -rw-r--r-- | .gitignore | 9 | ||||
| -rwxr-xr-x | build | 56 | ||||
| -rw-r--r-- | changelog | 45 | ||||
| -rw-r--r-- | control | 10 | ||||
| -rw-r--r-- | copyright | 392 | ||||
| -rw-r--r-- | curl-doc.pkg/control | 12 | ||||
| -rw-r--r-- | curl.4-common.pkg/control | 8 | ||||
| -rw-r--r-- | curl.4-common.pkg/docs | 2 | ||||
| -rw-r--r-- | curl.4-doc.pkg/control | 8 | ||||
| -rw-r--r-- | curl.4-doc.pkg/files (renamed from curl-doc.pkg/files) | 0 | ||||
| -rw-r--r-- | curl.pkg/control | 12 | ||||
| -rwxr-xr-x | extract-copyright-comments | 216 | ||||
| -rw-r--r-- | keyring.gpg | bin | 1524 -> 0 bytes | |||
| -rw-r--r-- | libcurl.4-dev.pkg/control | 8 | ||||
| -rw-r--r-- | libcurl.4-dev.pkg/files | 2 | ||||
| -rw-r--r-- | libcurl.4.pkg/control | 7 | ||||
| -rw-r--r-- | libcurl.4.pkg/docs | 0 | ||||
| -rw-r--r-- | patches/01_fix-undeclared-symbols-without-OPENSSL_EXTRA.patch | 359 | ||||
| -rw-r--r-- | patches/02_fix-undefined-references-with-NO_OLD_TLS-and-NO_SESSION_CACHE.patch | 51 | ||||
| -rwxr-xr-x | release | 13 | ||||
| -rw-r--r-- | source.mk | 50 | ||||
| -rw-r--r-- | substvars | 33 |
22 files changed, 1180 insertions, 113 deletions
@@ -1,11 +1,10 @@ -# Swap and backup files -.*.sw* -.sw* -*~ -Session.vim +# Vim swap and other dot files +.* +!.gitignore # Source archives *-*.orig.tar.* +keyring.gpg # Work area tmp/ @@ -5,16 +5,66 @@ include ../source.mk nop: @: +# Should use "--with-ca-path=/etc/x509/server-auth" instead "--with-ca-bundle", +# but "--with-ca-path only works with OpenSSL, GnuTLS or mbedTLS". build: - oh-autoconfigure + oh-autoconfigure -- \ + --enable-werror \ + --disable-ares \ + --disable-ech \ + --enable-shared \ + --disable-static \ + --disable-ldap \ + --disable-ldaps \ + --disable-rtsp \ + --disable-dict \ + --disable-telnet \ + --disable-tftp \ + --disable-pop3 \ + --disable-imap \ + --disable-smb \ + --disable-smtp \ + --disable-gopher \ + --disable-mqtt \ + --disable-manual \ + --disable-libcurl-option \ + --disable-verbose \ + --disable-unix-sockets \ + --disable-doh \ + --disable-mime \ + --disable-dnsshuffle \ + --disable-alt-svc \ + --with-zlib \ + --without-brotli \ + --without-zstd \ + --without-gssapi \ + --without-ssl \ + --without-gnutls \ + --without-mbedtls \ + --with-wolfssl \ + --without-mesalink \ + --without-bearssl \ + --without-nss \ + --with-ca-bundle=/usr/share/x509/server-auth/nss-certdata.pem \ + --without-libpsl \ + --without-libmetalink \ + --without-libssh2 \ + --without-libssh \ + --without-wolfssh \ + --without-libidn2 \ + --without-nghttp2 \ + --without-ngtcp2 \ + --without-nghttp3 \ + --without-quiche \ + --without-zsh-functions-dir \ + --without-fish-functions-dir oh-autobuild touch $@ install: build oh-autoinstall rm dest/usr/lib/$(OPK_HOST_ARCH)/libcurl.la - rm dest/usr/bin/curl-config - rm dest/usr/share/man/man1/curl-config.1 oh-fixperms oh-strip oh-installfiles + oh-shlibdeps @@ -1,5 +1,48 @@ +curl (7.74.0-3) trunk + + * libcurl.4:$arch: Drop conflict with the older non-architecture- + qualified version. A package by the name "libcurl.4" will be built + by src:malt to allow dependent packages (cmake) to still be + installed. + * libcurl.4-dev: Provide </usr/bin/curl-config>, needed by src:git. + + -- Patrick McDermott <patrick.mcdermott@libiquity.com> Tue, 05 Jan 2021 02:55:30 -0500 + +curl (7.74.0-2) trunk + + * curl.4-common: Fix section, which made all packages uninstallable on + a default ProteanOS system. + * libcurl.4:$arch: Conflict with the older non-architecture-qualified + version. + * Many protocols and features previously enabled are now disabled, to + build a smaller libcurl and curl. + * curl.4-common: Provide COPYING and THANKS files, previously missing. + + -- Patrick McDermott <patrick.mcdermott@libiquity.com> Mon, 04 Jan 2021 19:07:13 -0500 + +curl (7.74.0-1) trunk + + * New upstream version. + * Update maintainer and homepage. + * libcurl.4-dev: Remove static library. + * Link against wolfSSL for HTTPS support and depend on NSS CA root + certificates. + - Add patch to fix undeclared symbol errors when compiling against + wolfSSL built without OPENSSL_EXTRA. + - Add patch to fix undefined references when linking against wolfSSL + built with NO_OLD_TLS and NO_SESSION_CACHE. + * Organize packages into sections. + * Reword package descriptions. + * curl-doc: Rename to curl.4-doc. + * curl.4-common: New common package. This is necessary because + curl.4-doc is Architecture:all and therefore can't depend on + libcurl.4:${Host-Arch}. + * curl, libcurl.4: Use automatic shared library dependencies. + + -- Patrick McDermott <patrick.mcdermott@libiquity.com> Sun, 03 Jan 2021 03:39:57 -0500 + curl (7.38.0-1) trunk * Initial release. - -- "P. J. McDermott" <pj@pehjota.net> Sun, 12 Oct 2014 12:31:32 -0400 + -- "P. J. McDermott" <pj@pehjota.net> Mon, 13 Oct 2014 11:34:04 -0400 @@ -1,4 +1,8 @@ -Maintainer: "P. J. McDermott" <pj@pehjota.net> -Build-Depends: opkhelper-3.0, +Maintainer: Patrick McDermott <patrick.mcdermott@libiquity.com> +Build-Depends: opkbuild (>= 4.2.0), opkhelper-3.0 (>= 3.1.4), + busybox (>= 1.32.0-1), + gpg, dirmngr, gpgconf, gpg-agent, + file, libz.1-dev, -Homepage: http://curl.haxx.se/ + libwolfssl.24-dev, pkgconf, nss-certdata-server-auth, +Homepage: https://curl.se/ @@ -1,65 +1,193 @@ Upstream Source =============== -In General ----------- +include/curl/curl.h, include/curl/curlver.h, include/curl/easy.h, +include/curl/mprintf.h, include/curl/multi.h, include/curl/options.h, +include/curl/stdcheaders.h, include/curl/system.h, include/curl/typecheck-gcc.h, +include/curl/urlapi.h, lib/altsvc.c, lib/altsvc.h, lib/amigaos.c, lib/amigaos.h, +lib/arpa_telnet.h, lib/asyn-ares.c, lib/asyn.h, lib/asyn-thread.c, lib/base64.c, +lib/config-amigaos.h, lib/config-dos.h, lib/config-mac.h, lib/config-os400.h, +lib/config-plan9.h, lib/config-riscos.h, lib/config-tpf.h, lib/config-vxworks.h, +lib/config-win32ce.h, lib/config-win32.h, lib/conncache.c, lib/conncache.h, +lib/connect.c, lib/connect.h, lib/content_encoding.c, lib/content_encoding.h, +lib/cookie.c, lib/cookie.h, lib/curl_addrinfo.c, lib/curl_addrinfo.h, +lib/curl_base64.h, lib/curl_ctype.c, lib/curl_ctype.h, lib/curl_des.c, +lib/curl_des.h, lib/curl_endian.c, lib/curl_endian.h, lib/curl_fnmatch.c, +lib/curl_fnmatch.h, lib/curl_gethostname.c, lib/curl_gethostname.h, +lib/curl_get_line.c, lib/curl_get_line.h, lib/curl_gssapi.c, lib/curl_gssapi.h, +lib/curl_hmac.h, lib/curl_krb5.h, lib/curl_ldap.h, lib/curl_md4.h, +lib/curl_md5.h, lib/curl_memory.h, lib/curl_memrchr.c, lib/curl_memrchr.h, +lib/curl_multibyte.c, lib/curl_multibyte.h, lib/curl_ntlm_core.c, +lib/curl_ntlm_core.h, lib/curl_ntlm_wb.c, lib/curl_ntlm_wb.h, lib/curl_path.h, +lib/curl_printf.h, lib/curl_range.c, lib/curl_range.h, lib/curl_rtmp.c, +lib/curl_rtmp.h, lib/curl_sasl.c, lib/curl_sasl.h, lib/curl_setup.h, +lib/curl_setup_once.h, lib/curl_sha256.h, lib/curl_sspi.c, lib/curl_sspi.h, +lib/curl_threads.c, lib/curl_threads.h, lib/curlx.h, lib/dict.c, lib/dict.h, +lib/doh.c, lib/doh.h, lib/dotdot.c, lib/dotdot.h, lib/dynbuf.c, lib/dynbuf.h, +lib/easy.c, lib/easygetopt.c, lib/easyif.h, lib/easyoptions.c, +lib/easyoptions.h, lib/escape.c, lib/escape.h, lib/file.c, lib/file.h, +lib/fileinfo.c, lib/fileinfo.h, lib/formdata.c, lib/formdata.h, lib/ftp.c, +lib/ftp.h, lib/ftplistparser.c, lib/ftplistparser.h, lib/getenv.c, +lib/getinfo.c, lib/getinfo.h, lib/gopher.c, lib/gopher.h, lib/hash.c, +lib/hash.h, lib/hmac.c, lib/hostasyn.c, lib/hostcheck.c, lib/hostcheck.h, +lib/hostip6.c, lib/hostip.c, lib/hostip.h, lib/hostsyn.c, lib/hsts.c, +lib/hsts.h, lib/http2.c, lib/http2.h, lib/http.c, lib/http_chunks.c, +lib/http_chunks.h, lib/http_digest.c, lib/http_digest.h, lib/http.h, +lib/http_negotiate.c, lib/http_negotiate.h, lib/http_ntlm.c, lib/http_ntlm.h, +lib/http_proxy.c, lib/http_proxy.h, lib/idn_win32.c, lib/if2ip.c, lib/if2ip.h, +lib/imap.c, lib/imap.h, lib/inet_ntop.h, lib/inet_pton.h, lib/ldap.c, +lib/llist.c, lib/llist.h, lib/memdebug.c, lib/memdebug.h, lib/mime.c, +lib/mime.h, lib/mprintf.c, lib/mqtt.c, lib/mqtt.h, lib/multi.c, +lib/multihandle.h, lib/multiif.h, lib/netrc.c, lib/netrc.h, lib/non-ascii.c, +lib/non-ascii.h, lib/nonblock.c, lib/nonblock.h, lib/nwlib.c, lib/nwos.c, +lib/openldap.c, lib/parsedate.c, lib/parsedate.h, lib/pingpong.c, +lib/pingpong.h, lib/pop3.c, lib/pop3.h, lib/progress.c, lib/progress.h, +lib/psl.c, lib/psl.h, lib/quic.h, lib/rand.c, lib/rand.h, lib/rename.c, +lib/rename.h, lib/rtsp.c, lib/rtsp.h, lib/select.c, lib/select.h, lib/sendf.c, +lib/sendf.h, lib/setopt.c, lib/setopt.h, lib/setup-os400.h, lib/setup-vms.h, +lib/setup-win32.h, lib/share.c, lib/share.h, lib/sigpipe.h, lib/slist.c, +lib/slist.h, lib/smb.c, lib/smb.h, lib/smtp.c, lib/smtp.h, lib/sockaddr.h, +lib/socketpair.c, lib/socketpair.h, lib/socks.c, lib/socks_gssapi.c, +lib/socks.h, lib/socks_sspi.c, lib/speedcheck.c, lib/speedcheck.h, lib/splay.c, +lib/splay.h, lib/strcase.c, lib/strcase.h, lib/strdup.c, lib/strdup.h, +lib/strerror.c, lib/strerror.h, lib/strtok.c, lib/strtok.h, lib/strtoofft.c, +lib/strtoofft.h, lib/system_win32.c, lib/system_win32.h, lib/telnet.c, +lib/telnet.h, lib/tftp.c, lib/tftp.h, lib/timeval.c, lib/timeval.h, +lib/transfer.c, lib/transfer.h, lib/urlapi.c, lib/urlapi-int.h, lib/url.c, +lib/urldata.h, lib/url.h, lib/version.c, lib/version_win32.c, +lib/version_win32.h, lib/warnless.c, lib/warnless.h, lib/wildcard.c, +lib/wildcard.h, lib/x509asn1.c, lib/x509asn1.h, lib/vauth/cleartext.c, +lib/vauth/cram.c, lib/vauth/digest.c, lib/vauth/digest.h, +lib/vauth/digest_sspi.c, lib/vauth/krb5_gssapi.c, lib/vauth/krb5_sspi.c, +lib/vauth/ntlm.c, lib/vauth/ntlm.h, lib/vauth/ntlm_sspi.c, lib/vauth/oauth2.c, +lib/vauth/spnego_gssapi.c, lib/vauth/spnego_sspi.c, lib/vauth/vauth.c, +lib/vauth/vauth.h, lib/vquic/ngtcp2.c, lib/vquic/ngtcp2.h, lib/vquic/quiche.c, +lib/vquic/quiche.h, lib/vquic/vquic.c, lib/vquic/vquic.h, lib/vssh/libssh2.c, +lib/vssh/ssh.h, lib/vssh/wolfssh.c, lib/vtls/bearssl.c, lib/vtls/bearssl.h, +lib/vtls/gskit.c, lib/vtls/gskit.h, lib/vtls/gtls.c, lib/vtls/gtls.h, +lib/vtls/keylog.c, lib/vtls/keylog.h, lib/vtls/mbedtls.c, lib/vtls/mbedtls.h, +lib/vtls/mbedtls_threadlock.c, lib/vtls/mbedtls_threadlock.h, +lib/vtls/mesalink.c, lib/vtls/mesalink.h, lib/vtls/nss.c, lib/vtls/nssg.h, +lib/vtls/openssl.c, lib/vtls/openssl.h, lib/vtls/schannel.c, +lib/vtls/schannel.h, lib/vtls/schannel_verify.c, lib/vtls/sectransp.c, +lib/vtls/sectransp.h, lib/vtls/vtls.c, lib/vtls/vtls.h, lib/vtls/wolfssl.c, +lib/vtls/wolfssl.h, src/slist_wc.c, src/slist_wc.h, src/tool_binmode.c, +src/tool_binmode.h, src/tool_bname.c, src/tool_bname.h, src/tool_cb_dbg.c, +src/tool_cb_dbg.h, src/tool_cb_hdr.c, src/tool_cb_hdr.h, src/tool_cb_prg.h, +src/tool_cb_rea.c, src/tool_cb_rea.h, src/tool_cb_see.c, src/tool_cb_see.h, +src/tool_cb_wrt.c, src/tool_cb_wrt.h, src/tool_cfgable.c, src/tool_cfgable.h, +src/tool_convert.c, src/tool_convert.h, src/tool_dirhie.c, src/tool_dirhie.h, +src/tool_doswin.c, src/tool_doswin.h, src/tool_easysrc.c, src/tool_easysrc.h, +src/tool_filetime.c, src/tool_filetime.h, src/tool_formparse.c, +src/tool_formparse.h, src/tool_getparam.c, src/tool_getparam.h, +src/tool_getpass.c, src/tool_getpass.h, src/tool_help.c, src/tool_helpers.c, +src/tool_helpers.h, src/tool_help.h, src/tool_homedir.c, src/tool_homedir.h, +src/tool_hugehelp.c, src/tool_hugehelp.h, src/tool_libinfo.c, +src/tool_libinfo.h, src/tool_main.c, src/tool_main.h, src/tool_metalink.c, +src/tool_metalink.h, src/tool_msgs.c, src/tool_msgs.h, src/tool_operate.c, +src/tool_operate.h, src/tool_operhlp.c, src/tool_operhlp.h, src/tool_panykey.c, +src/tool_panykey.h, src/tool_paramhlp.c, src/tool_paramhlp.h, +src/tool_parsecfg.c, src/tool_parsecfg.h, src/tool_progress.c, +src/tool_progress.h, src/tool_sdecls.h, src/tool_setopt.c, src/tool_setopt.h, +src/tool_setup.h, src/tool_sleep.c, src/tool_sleep.h, src/tool_strdup.c, +src/tool_strdup.h, src/tool_urlglob.c, src/tool_urlglob.h, src/tool_util.c, +src/tool_util.h, src/tool_version.h, src/tool_vms.c, src/tool_vms.h, +src/tool_writeout.c, src/tool_writeout.h, src/tool_writeout_json.c, +src/tool_writeout_json.h, src/tool_xattr.c, src/tool_xattr.h +-------------------------------------------------------------------------------- -Copyright (C) 1996 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al +Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. Copyright (C) 2009, 2011, Markus Moeller, <markus_moeller@compuserve.com> -Copyright (C) 2010, 2011, Hoi-Ho Chan, <hoiho.chan@gmail.com> -Copyright (C) 2010, 2013, Howard Chu, <hyc@openldap.org> -Copyright (C) 2010, DirecTV, Contact: Eric Hu, <ehu@directv.com> -Copyright (C) 2012 - 2014, Linus Nielsen Feltzing, <linus@haxx.se> -Copyright (C) 2012 - 2014, Marc Hoersken, <info@marc-hoersken.de> +Copyright (C) 2010 - 2011, Hoi-Ho Chan, <hoiho.chan@gmail.com> +Copyright (C) 2010 - 2020, Howard Chu, <hyc@highlandsun.com> +Copyright (C) 2012 - 2016, Linus Nielsen Feltzing, <linus@haxx.se> +Copyright (C) 2012 - 2016, Marc Hoersken, <info@marc-hoersken.de> Copyright (C) 2012, Mark Salisbury, <mark.salisbury@hp.com> -Copyright (C) 2012 - 2014, Nick Zitzmann, <nickzman@gmail.com> -Copyright (C) 2014, Steve Holme, <steve_holme@hotmail.com> +Copyright (C) 2012 - 2017, Nick Zitzmann, <nickzman@gmail.com>. +Copyright (C) 2014 - 2020, Steve Holme, <steve_holme@hotmail.com>. +Copyright (C) 2014, Bill Nagel <wnagel@tycoint.com>, Exacq Technologies +Copyright (C) 2017, Florin Petriuc, <petriuc.florin@gmail.com> +Copyright (C) 2019 - 2020, Michael Forney, <mforney@mforney.org> +Copyright (C) 2019 - 2020, Björn Stenberg, <bjorn@haxx.se> -All rights reserved. +This software is licensed as described in the file COPYING, which +you should have received as part of this distribution. The terms +are also available at https://curl.se/docs/copyright.html. -Permission to use, copy, modify, and distribute this software for any purpose -with or without fee is hereby granted, provided that the above copyright -notice and this permission notice appear in all copies. +You may opt to use, copy, modify, merge, publish, distribute and/or sell +copies of the Software, and permit persons to whom the Software is +furnished to do so, under the terms of the COPYING file. -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. IN -NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, -DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR -OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE -OR OTHER DEALINGS IN THE SOFTWARE. +This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +KIND, either express or implied. -Except as contained in this notice, the name of a copyright holder shall not -be used in advertising or otherwise to promote the sale, use or other dealings -in this Software without prior written authorization of the copyright holder. +lib/curl_path.c +--------------- -lib/md4.c ---------- +Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + +This software is licensed as described in the file COPYING, which +you should have received as part of this distribution. The terms +are also available at https://curl.se/docs/copyright.html. + +You may opt to use, copy, modify, merge, publish, distribute and/or sell +copies of the Software, and permit persons to whom the Software is +furnished to do so, under the terms of the COPYING file. + +This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +KIND, either express or implied. + +The get_pathname() function is being borrowed from OpenSSH sftp.c +version 4.6p1. + +Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> -Copyright (C) 1990-2, RSA Data Security, Inc. All rights reserved. +Permission to use, copy, modify, and distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +lib/hostip4.c +------------- + +Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. -License to copy and use this software is granted provided that it -is identified as the "RSA Data Security, Inc. MD4 Message-Digest -Algorithm" in all material mentioning or referencing this software -or this function. +This software is licensed as described in the file COPYING, which +you should have received as part of this distribution. The terms +are also available at https://curl.se/docs/copyright.html. -License is also granted to make and use derivative works provided -that such works are identified as "derived from the RSA Data -Security, Inc. MD4 Message-Digest Algorithm" in all material -mentioning or referencing the derived work. +You may opt to use, copy, modify, merge, publish, distribute and/or sell +copies of the Software, and permit persons to whom the Software is +furnished to do so, under the terms of the COPYING file. -RSA Data Security, Inc. makes no representations concerning either -the merchantability of this software or the suitability of this -software for any particular purpose. It is provided "as is" -without express or implied warranty of any kind. +This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +KIND, either express or implied. -These notices must be retained in any copies of any part of this -documentation and/or software. +Curl_getaddrinfo() - the IPv4 synchronous version. -lib/inet_ntop.c, lib/inet_pton.c --------------------------------- +The original code to this function was from the Dancer source code, written +by Bjorn Reese, it has since been patched and modified considerably. -Copyright (C) 1996-2001 Internet Software Consortium. +gethostbyname_r() is the thread-safe version of the gethostbyname() +function. When we build for plain IPv4, we attempt to use this +function. There are _three_ different gethostbyname_r() versions, and we +detect which one this platform supports in the configure script and set up +the HAVE_GETHOSTBYNAME_R_3, HAVE_GETHOSTBYNAME_R_5 or +HAVE_GETHOSTBYNAME_R_6 defines accordingly. Note that HAVE_GETADDRBYNAME +has the corresponding rules. This is primarily on *nix. Note that some unix +flavours have thread-safe versions of the plain gethostbyname() etc. + +lib/inet_ntop.c +--------------- + +Copyright (C) 1996-2019 Internet Software Consortium. Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above @@ -74,13 +202,47 @@ FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -lib/krb5.c, lib/security.c --------------------------- +lib/inet_pton.c +--------------- -Copyright (c) 1995, 1996, 1997, 1998, 1999, 2013 Kungliga Tekniska Högskolan -(Royal Institute of Technology, Stockholm, Sweden). -Copyright (C) 2001 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al. +Copyright (c) 1996 - 2020 by Internet Software Consortium. + +Permission to use, copy, modify, and distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS +ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES +OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE +CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL +DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR +PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS +ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS +SOFTWARE. + +int +inet_pton(af, src, dst) +author: + Paul Vixie, 1996. + +int +inet_pton4(src, dst) +author: + Paul Vixie, 1996. + +int +inet_pton6(src, dst) +credit: + inspired by Mark Andrews. +author: + Paul Vixie, 1996. +lib/krb5.c +---------- + +Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan +(Royal Institute of Technology, Stockholm, Sweden). +Copyright (c) 2004 - 2020 Daniel Stenberg All rights reserved. Redistribution and use in source and binary forms, with or without @@ -110,11 +272,141 @@ LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +lib/md4.c +--------- + +Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + +This software is licensed as described in the file COPYING, which +you should have received as part of this distribution. The terms +are also available at https://curl.se/docs/copyright.html. + +You may opt to use, copy, modify, merge, publish, distribute and/or sell +copies of the Software, and permit persons to whom the Software is +furnished to do so, under the terms of the COPYING file. + +This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +KIND, either express or implied. + +Homepage: +https://openwall.info/wiki/people/solar/software/public-domain-source-code/md4 + +Author: +Alexander Peslyak, better known as Solar Designer <solar at openwall.com> + +This software was written by Alexander Peslyak in 2001. No copyright is +claimed, and the software is hereby placed in the public domain. In case +this attempt to disclaim copyright and place the software in the public +domain is deemed null and void, then the software is Copyright (c) 2001 +Alexander Peslyak and it is hereby released to the general public under the +following terms: + +Redistribution and use in source and binary forms, with or without +modification, are permitted. + +There's ABSOLUTELY NO WARRANTY, express or implied. + +(This is a heavily cut-down "BSD license".) + +lib/md5.c +--------- + +Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + +This software is licensed as described in the file COPYING, which +you should have received as part of this distribution. The terms +are also available at https://curl.se/docs/copyright.html. + +You may opt to use, copy, modify, merge, publish, distribute and/or sell +copies of the Software, and permit persons to whom the Software is +furnished to do so, under the terms of the COPYING file. + +This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +KIND, either express or implied. + +Homepage: +https://openwall.info/wiki/people/solar/software/public-domain-source-code/md5 + +Author: +Alexander Peslyak, better known as Solar Designer <solar at openwall.com> + +This software was written by Alexander Peslyak in 2001. No copyright is +claimed, and the software is hereby placed in the public domain. +In case this attempt to disclaim copyright and place the software in the +public domain is deemed null and void, then the software is +Copyright (c) 2001 Alexander Peslyak and it is hereby released to the +general public under the following terms: + +Redistribution and use in source and binary forms, with or without +modification, are permitted. + +There's ABSOLUTELY NO WARRANTY, express or implied. + +(This is a heavily cut-down "BSD license".) + +lib/sha256.c +------------ + +Copyright (C) 2017, Florin Petriuc, <petriuc.florin@gmail.com> +Copyright (C) 2018 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + +This software is licensed as described in the file COPYING, which +you should have received as part of this distribution. The terms +are also available at https://curl.se/docs/copyright.html. + +You may opt to use, copy, modify, merge, publish, distribute and/or sell +copies of the Software, and permit persons to whom the Software is +furnished to do so, under the terms of the COPYING file. + +This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +KIND, either express or implied. + +This is based on SHA256 implementation in LibTomCrypt that was released into +public domain by Tom St Denis. + +lib/vssh/libssh.c +----------------- + +Copyright (C) 2017 - 2020 Red Hat, Inc. + +Authors: Nikos Mavrogiannopoulos, Tomas Mraz, Stanislav Zidek, + Robert Kolcun, Andreas Schneider + +This software is licensed as described in the file COPYING, which +you should have received as part of this distribution. The terms +are also available at https://curl.se/docs/copyright.html. + +You may opt to use, copy, modify, merge, publish, distribute and/or sell +copies of the Software, and permit persons to whom the Software is +furnished to do so, under the terms of the COPYING file. + +This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +KIND, either express or implied. + +src/tool_cb_prg.c +----------------- + +Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + +This software is licensed as described in the file COPYING, which +you should have received as part of this distribution. The terms +are also available at https://curl.se/docs/copyright.html. + +You may opt to use, copy, modify, merge, publish, distribute and/or sell +copies of the Software, and permit persons to whom the Software is +furnished to do so, under the terms of the COPYING file. + +This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +KIND, either express or implied. + +The original progress-bar source code was written for curl by Lars Aas, +and this new edition inherits some of his concepts. + Distribution Packaging ====================== -Copyright (C) 2014 Patrick "P. J." McDermott +Copyright (C) 2014, 2019 Patrick McDermott Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright diff --git a/curl-doc.pkg/control b/curl-doc.pkg/control deleted file mode 100644 index 4be06f5..0000000 --- a/curl-doc.pkg/control +++ /dev/null @@ -1,12 +0,0 @@ -Architecture: all -Platform: all -Depends: libcurl.4 (>= ${Source-Version}) -Description: Documentation for the curl command line tool and library - curl is a command line tool and library for transferring data with URL syntax, - supporting DICT, FILE, FTP, FTPS, Gopher, HTTP, HTTPS, IMAP, IMAPS, LDAP, - LDAPS, POP3, POP3S, RTMP, RTSP, SCP, SFTP, SMTP, SMTPS, Telnet and TFTP. curl - supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based - upload, proxies, HTTP/2, cookies, user+password authentication (Basic, Digest, - NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and more. - . - This package provides documentation for the curl command line tool and library. diff --git a/curl.4-common.pkg/control b/curl.4-common.pkg/control new file mode 100644 index 0000000..3ca592e --- /dev/null +++ b/curl.4-common.pkg/control @@ -0,0 +1,8 @@ +Architecture: all +Platform: all +Section: share +Description: curl command-line tool and library - common files + ${Both-Description} + . + This package provides source package documentation for the curl command-line + tool and library. diff --git a/curl.4-common.pkg/docs b/curl.4-common.pkg/docs new file mode 100644 index 0000000..89e0410 --- /dev/null +++ b/curl.4-common.pkg/docs @@ -0,0 +1,2 @@ +src/COPYING +src/docs/THANKS diff --git a/curl.4-doc.pkg/control b/curl.4-doc.pkg/control new file mode 100644 index 0000000..66c5d51 --- /dev/null +++ b/curl.4-doc.pkg/control @@ -0,0 +1,8 @@ +Architecture: all +Platform: all +Section: doc +Depends: curl.4-common (= ${Source-Version}) +Description: curl command-line tool and library - documentation + ${Both-Description} + . + This package provides documentation for the curl command-line tool and library. diff --git a/curl-doc.pkg/files b/curl.4-doc.pkg/files index 0ddb634..0ddb634 100644 --- a/curl-doc.pkg/files +++ b/curl.4-doc.pkg/files diff --git a/curl.pkg/control b/curl.pkg/control index 9fac49c..ab2b0b5 100644 --- a/curl.pkg/control +++ b/curl.pkg/control @@ -1,10 +1,6 @@ Architecture: any Platform: all -Depends: libcurl.4 (= ${Binary-Version}), libz.1 -Description: Command line tool for transferring data with URL syntax - curl is a command line tool for transferring data with URL syntax, supporting - DICT, FILE, FTP, FTPS, Gopher, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, POP3, - POP3S, RTMP, RTSP, SCP, SFTP, SMTP, SMTPS, Telnet and TFTP. curl supports SSL - certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, - proxies, HTTP/2, cookies, user+password authentication (Basic, Digest, NTLM, - Negotiate, kerberos...), file transfer resume, proxy tunneling and more. +Section: util +Depends: curl.4-common (= ${Source-Version}), ${Shlib-Depends} +Description: Command-line tool for transferring data with URL syntax + ${Curl-Description} diff --git a/extract-copyright-comments b/extract-copyright-comments new file mode 100755 index 0000000..0b26731 --- /dev/null +++ b/extract-copyright-comments @@ -0,0 +1,216 @@ +#!/bin/sh +# +# Extract comments containing copyright notices from C/C++ files +# +# Copyright (C) 2020 Patrick McDermott +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +set -eu + +LF=' +' +HT=' ' + +bufc= +bufi= +c= + +getc() +{ + if [ ${bufi} -ge ${bufc} ]; then + c='' + else + eval "c=\${bufv_${bufi}}" + bufi=$((${bufi} + 1)) + fi +} + +extract_cxx_comment() +{ + local indent="${1}" + shift 1 + local comment='//' + + while :; do + getc + case "${c}" in + "${LF}") + break + ;; + '') + printf '\tError: Unterminated C++ comment\n' \ + 1>&2 + return 1 + ;; + *) + comment="${comment}${c}" + ;; + esac + done + + if printf '%s' "${comment}" | grep -Eqi \ + 'copyright|\(c\)|author|written|license|public domain' + then + printf '\t%s\n' "${indent}${comment}" + fi + + return 0 +} + +extract_c_comment() +{ + local indent="${1}" + shift 1 + local comment='/*' + local asterisk=false + + while :; do + getc + case "${c}" in + '*') + asterisk=true + comment="${comment}${c}" + ;; + '/') + comment="${comment}${c}" + if ${asterisk}; then + break + fi + ;; + '') + printf '\tError: Unterminated C comment\n' 1>&2 + return 1 + ;; + *) + asterisk=false + comment="${comment}${c}" + ;; + esac + done + + if printf '%s' "${comment}" | grep -Eqi \ + 'copyright|\(c\)|author|written|license|public domain' + then + printf '%s\n' "${indent}${comment}" | sed 's/^/\t/' + fi + + return 0 +} + +extract() +{ + local fn="${1}" + shift 1 + local newline=true + local indent='' + local quote= + + printf '%s\n' "${fn}" + + # Read file into array + eval "$(awk -v FS='' -v j=0 -v squote="'" -v esc_squote="'\\\\''" ' + { + for (i = 1; i <= NF; ++i) { + sub(squote, esc_squote, $i); + printf("bufv_%d=" squote "%s" squote "\n", + j++, $i); + }; + printf("bufv_%d=" squote "\n" squote "\n", j++); + } + END { + printf("bufc=%d", j); + } + ')" + bufi=0 + + while :; do + getc + case "${c}" in + '/') + newline=false + getc + case "${c}" in + '/') + extract_cxx_comment "${indent}"\ + || return 1 + ;; + '*') + extract_c_comment "${indent}" \ + || return 1 + ;; + esac + ;; + "${LF}") + newline=true + indent='' + ;; + "${HT}" | ' ') + if ${newline}; then + indent="${indent}${c}" + fi + ;; + "'" | '"') + newline=false + quote="${c}" + while :; do + getc + case "${c}" in + "${quote}") + break + ;; + \\) + # This doesn't + # explicitly handle + # octal, hexadecimal, or + # Unicode sequences; but + # it's good enough to + # handle escaped quotes. + getc + ;; + esac + done + ;; + '') + break + ;; + *) + newline=false + ;; + esac + done + + return 0 +} + +main() +{ + local f= + + if [ ${#} -eq 0 ]; then + extract 'INPUT' || return 1 + else + for f in "${@}"; do + if [ x"${f}" = x'-' ]; then + extract 'INPUT' || return 1 + else + extract "${f}" 0<"${f}" || return 1 + fi + done + fi + + return 0 +} + +main "${@}" diff --git a/keyring.gpg b/keyring.gpg Binary files differdeleted file mode 100644 index c0a8d2d..0000000 --- a/keyring.gpg +++ /dev/null diff --git a/libcurl.4-dev.pkg/control b/libcurl.4-dev.pkg/control index 161bbea..d8e23f8 100644 --- a/libcurl.4-dev.pkg/control +++ b/libcurl.4-dev.pkg/control @@ -1,8 +1,10 @@ Architecture: any Platform: all -Depends: libcurl.4 (= ${Binary-Version}) -Description: Multiprotocol file transfer library - development files +Section: libdev +Depends: curl.4-common (= ${Source-Version}), + libcurl.4:${Host-Arch} (= ${Binary-Version}) +Description: Client-side URL transfer library - development files ${Libcurl-Description} . - This package provides development files for the libcurl multiprotocol file + This package provides development files for the libcurl client-side URL transfer library. diff --git a/libcurl.4-dev.pkg/files b/libcurl.4-dev.pkg/files index a4870f7..2c5f5d3 100644 --- a/libcurl.4-dev.pkg/files +++ b/libcurl.4-dev.pkg/files @@ -1,5 +1,5 @@ +/usr/bin/curl-config /usr/include -/usr/lib/*/libcurl.a /usr/lib/*/libcurl.so /usr/lib/*/pkgconfig /usr/share/aclocal diff --git a/libcurl.4.pkg/control b/libcurl.4.pkg/control index c5a8e22..1dd63ad 100644 --- a/libcurl.4.pkg/control +++ b/libcurl.4.pkg/control @@ -1,5 +1,8 @@ Architecture: any Platform: all -Depends: libz.1 -Description: Multiprotocol file transfer library +Section: lib +Depends: curl.4-common (= ${Source-Version}), + libwolfssl.24:${Host-Arch}, ${Shlib-Depends}, + nss-certdata-server-auth +Description: Client-side URL transfer library ${Libcurl-Description} diff --git a/libcurl.4.pkg/docs b/libcurl.4.pkg/docs deleted file mode 100644 index e69de29..0000000 --- a/libcurl.4.pkg/docs +++ /dev/null diff --git a/patches/01_fix-undeclared-symbols-without-OPENSSL_EXTRA.patch b/patches/01_fix-undeclared-symbols-without-OPENSSL_EXTRA.patch new file mode 100644 index 0000000..c62a730 --- /dev/null +++ b/patches/01_fix-undeclared-symbols-without-OPENSSL_EXTRA.patch @@ -0,0 +1,359 @@ +From: Patrick McDermott <patrick.mcdermott@libiquity.com> +Subject: Fix undeclared symbols without OPENSSL_EXTRA + +diff -Naur src.orig/lib/vtls/wolfssl.c src/lib/vtls/wolfssl.c +--- src.orig/lib/vtls/wolfssl.c 2020-12-07 03:24:14.000000000 -0500 ++++ src/lib/vtls/wolfssl.c 2021-01-03 03:05:41.990032879 -0500 +@@ -93,8 +93,8 @@ + #endif + + struct ssl_backend_data { +- SSL_CTX* ctx; +- SSL* handle; ++ WOLFSSL_CTX* ctx; ++ WOLFSSL* handle; + }; + + static Curl_recv wolfssl_recv; +@@ -204,11 +204,11 @@ + static int do_file_type(const char *type) + { + if(!type || !type[0]) +- return SSL_FILETYPE_PEM; ++ return WOLFSSL_FILETYPE_PEM; + if(strcasecompare(type, "PEM")) +- return SSL_FILETYPE_PEM; ++ return WOLFSSL_FILETYPE_PEM; + if(strcasecompare(type, "DER")) +- return SSL_FILETYPE_ASN1; ++ return WOLFSSL_FILETYPE_ASN1; + return -1; + } + +@@ -224,7 +224,7 @@ + struct Curl_easy *data = conn->data; + struct ssl_connect_data *connssl = &conn->ssl[sockindex]; + struct ssl_backend_data *backend = connssl->backend; +- SSL_METHOD* req_method = NULL; ++ WOLFSSL_METHOD* req_method = NULL; + curl_socket_t sockfd = conn->sock[sockindex]; + #ifdef HAVE_SNI + bool sni = FALSE; +@@ -247,17 +247,17 @@ + case CURL_SSLVERSION_TLSv1: + #if LIBWOLFSSL_VERSION_HEX >= 0x03003000 /* >= 3.3.0 */ + /* minimum protocol version is set later after the CTX object is created */ +- req_method = SSLv23_client_method(); ++ req_method = wolfSSLv23_client_method(); + #else + infof(data, "wolfSSL <3.3.0 cannot be configured to use TLS 1.0-1.2, " + "TLS 1.0 is used exclusively\n"); +- req_method = TLSv1_client_method(); ++ req_method = wolfTLSv1_client_method(); + #endif + use_sni(TRUE); + break; + case CURL_SSLVERSION_TLSv1_0: + #ifdef WOLFSSL_ALLOW_TLSV10 +- req_method = TLSv1_client_method(); ++ req_method = wolfTLSv1_client_method(); + use_sni(TRUE); + #else + failf(data, "wolfSSL does not support TLS 1.0"); +@@ -265,11 +265,11 @@ + #endif + break; + case CURL_SSLVERSION_TLSv1_1: +- req_method = TLSv1_1_client_method(); ++ req_method = wolfTLSv1_1_client_method(); + use_sni(TRUE); + break; + case CURL_SSLVERSION_TLSv1_2: +- req_method = TLSv1_2_client_method(); ++ req_method = wolfTLSv1_2_client_method(); + use_sni(TRUE); + break; + case CURL_SSLVERSION_TLSv1_3: +@@ -283,7 +283,7 @@ + #endif + case CURL_SSLVERSION_SSLv3: + #ifdef WOLFSSL_ALLOW_SSLV3 +- req_method = SSLv3_client_method(); ++ req_method = wolfSSLv3_client_method(); + use_sni(FALSE); + #else + failf(data, "wolfSSL does not support SSLv3"); +@@ -304,8 +304,8 @@ + } + + if(backend->ctx) +- SSL_CTX_free(backend->ctx); +- backend->ctx = SSL_CTX_new(req_method); ++ wolfSSL_CTX_free(backend->ctx); ++ backend->ctx = wolfSSL_CTX_new(req_method); + + if(!backend->ctx) { + failf(data, "SSL: couldn't create a context!"); +@@ -338,7 +338,7 @@ + + ciphers = SSL_CONN_CONFIG(cipher_list); + if(ciphers) { +- if(!SSL_CTX_set_cipher_list(backend->ctx, ciphers)) { ++ if(!wolfSSL_CTX_set_cipher_list(backend->ctx, ciphers)) { + failf(data, "failed setting cipher list: %s", ciphers); + return CURLE_SSL_CIPHER; + } +@@ -348,7 +348,7 @@ + #ifndef NO_FILESYSTEM + /* load trusted cacert */ + if(SSL_CONN_CONFIG(CAfile)) { +- if(1 != SSL_CTX_load_verify_locations(backend->ctx, ++ if(1 != wolfSSL_CTX_load_verify_locations(backend->ctx, + SSL_CONN_CONFIG(CAfile), + SSL_CONN_CONFIG(CApath))) { + if(SSL_CONN_CONFIG(verifypeer)) { +@@ -382,7 +382,7 @@ + if(SSL_SET_OPTION(primary.clientcert) && SSL_SET_OPTION(key)) { + int file_type = do_file_type(SSL_SET_OPTION(cert_type)); + +- if(SSL_CTX_use_certificate_file(backend->ctx, ++ if(wolfSSL_CTX_use_certificate_file(backend->ctx, + SSL_SET_OPTION(primary.clientcert), + file_type) != 1) { + failf(data, "unable to use client certificate (no key or wrong pass" +@@ -391,7 +391,7 @@ + } + + file_type = do_file_type(SSL_SET_OPTION(key_type)); +- if(SSL_CTX_use_PrivateKey_file(backend->ctx, SSL_SET_OPTION(key), ++ if(wolfSSL_CTX_use_PrivateKey_file(backend->ctx, SSL_SET_OPTION(key), + file_type) != 1) { + failf(data, "unable to set private key"); + return CURLE_SSL_CONNECT_ERROR; +@@ -403,9 +403,9 @@ + * fail to connect if the verification fails, or if it should continue + * anyway. In the latter case the result of the verification is checked with + * SSL_get_verify_result() below. */ +- SSL_CTX_set_verify(backend->ctx, +- SSL_CONN_CONFIG(verifypeer)?SSL_VERIFY_PEER: +- SSL_VERIFY_NONE, ++ wolfSSL_CTX_set_verify(backend->ctx, ++ SSL_CONN_CONFIG(verifypeer)?WOLFSSL_VERIFY_PEER: ++ WOLFSSL_VERIFY_NONE, + NULL); + + #ifdef HAVE_SNI +@@ -455,8 +455,8 @@ + + /* Let's make an SSL structure */ + if(backend->handle) +- SSL_free(backend->handle); +- backend->handle = SSL_new(backend->ctx); ++ wolfSSL_free(backend->handle); ++ backend->handle = wolfSSL_new(backend->ctx); + if(!backend->handle) { + failf(data, "SSL: couldn't create a context (handle)!"); + return CURLE_OUT_OF_MEMORY; +@@ -482,7 +482,7 @@ + + if(wolfSSL_UseALPN(backend->handle, protocols, + (unsigned)strlen(protocols), +- WOLFSSL_ALPN_CONTINUE_ON_MISMATCH) != SSL_SUCCESS) { ++ WOLFSSL_ALPN_CONTINUE_ON_MISMATCH) != WOLFSSL_SUCCESS) { + failf(data, "SSL: failed setting ALPN protocols"); + return CURLE_SSL_CONNECT_ERROR; + } +@@ -507,11 +507,11 @@ + Curl_ssl_sessionid_lock(conn); + if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL, sockindex)) { + /* we got a session id, use it! */ +- if(!SSL_set_session(backend->handle, ssl_sessionid)) { ++ if(!wolfSSL_set_session(backend->handle, ssl_sessionid)) { + char error_buffer[WOLFSSL_MAX_ERROR_SZ]; + Curl_ssl_sessionid_unlock(conn); +- failf(data, "SSL: SSL_set_session failed: %s", +- ERR_error_string(SSL_get_error(backend->handle, 0), ++ failf(data, "SSL: wolfSSL_set_session failed: %s", ++ ERR_error_string(wolfSSL_get_error(backend->handle, 0), + error_buffer)); + return CURLE_SSL_CONNECT_ERROR; + } +@@ -522,8 +522,8 @@ + } + + /* pass the raw socket into the SSL layer */ +- if(!SSL_set_fd(backend->handle, (int)sockfd)) { +- failf(data, "SSL: SSL_set_fd failed"); ++ if(!wolfSSL_set_fd(backend->handle, (int)sockfd)) { ++ failf(data, "SSL: wolfSSL_set_fd failed"); + return CURLE_SSL_CONNECT_ERROR; + } + +@@ -561,11 +561,11 @@ + /* Enable RFC2818 checks */ + if(SSL_CONN_CONFIG(verifyhost)) { + ret = wolfSSL_check_domain_name(backend->handle, hostname); +- if(ret == SSL_FAILURE) ++ if(ret == WOLFSSL_FAILURE) + return CURLE_OUT_OF_MEMORY; + } + +- ret = SSL_connect(backend->handle); ++ ret = wolfSSL_connect(backend->handle); + + #ifdef OPENSSL_EXTRA + if(Curl_tls_keylog_enabled()) { +@@ -580,7 +580,7 @@ + * Note that OpenSSL SSL_want_read() is always true here. If wolfSSL ever + * changes, the worst case is that no key is logged on error. + */ +- if(ret == SSL_SUCCESS || ++ if(ret == WOLFSSL_SUCCESS || + (!wolfSSL_want_read(backend->handle) && + !wolfSSL_want_write(backend->handle))) { + wolfssl_log_tls12_secret(backend->handle); +@@ -593,13 +593,13 @@ + + if(ret != 1) { + char error_buffer[WOLFSSL_MAX_ERROR_SZ]; +- int detail = SSL_get_error(backend->handle, ret); ++ int detail = wolfSSL_get_error(backend->handle, ret); + +- if(SSL_ERROR_WANT_READ == detail) { ++ if(WOLFSSL_ERROR_WANT_READ == detail) { + connssl->connecting_state = ssl_connect_2_reading; + return CURLE_OK; + } +- else if(SSL_ERROR_WANT_WRITE == detail) { ++ else if(WOLFSSL_ERROR_WANT_WRITE == detail) { + connssl->connecting_state = ssl_connect_2_writing; + return CURLE_OK; + } +@@ -647,7 +647,7 @@ + } + #endif + else { +- failf(data, "SSL_connect failed with error %d: %s", detail, ++ failf(data, "wolfSSL_connect failed with error %d: %s", detail, + ERR_error_string(detail, error_buffer)); + return CURLE_SSL_CONNECT_ERROR; + } +@@ -662,7 +662,7 @@ + struct Curl_asn1Element *pubkey; + CURLcode result; + +- x509 = SSL_get_peer_certificate(backend->handle); ++ x509 = wolfSSL_get_peer_certificate(backend->handle); + if(!x509) { + failf(data, "SSL: failed retrieving server certificate"); + return CURLE_SSL_PINNEDPUBKEYNOTMATCH; +@@ -706,7 +706,7 @@ + + rc = wolfSSL_ALPN_GetProtocol(backend->handle, &protocol, &protocol_len); + +- if(rc == SSL_SUCCESS) { ++ if(rc == WOLFSSL_SUCCESS) { + infof(data, "ALPN, server accepted to use %.*s\n", protocol_len, + protocol); + +@@ -726,7 +726,7 @@ + Curl_multiuse_state(conn, conn->negnpn == CURL_HTTP_VERSION_2 ? + BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE); + } +- else if(rc == SSL_ALPN_NOT_FOUND) ++ else if(rc == WOLFSSL_ALPN_NOT_FOUND) + infof(data, "ALPN, server did not agree to a protocol\n"); + else { + failf(data, "ALPN, failure getting protocol, error %d", rc); +@@ -761,10 +761,10 @@ + + if(SSL_SET_OPTION(primary.sessionid)) { + bool incache; +- SSL_SESSION *our_ssl_sessionid; ++ WOLFSSL_SESSION *our_ssl_sessionid; + void *old_ssl_sessionid = NULL; + +- our_ssl_sessionid = SSL_get_session(backend->handle); ++ our_ssl_sessionid = wolfSSL_get_session(backend->handle); + + Curl_ssl_sessionid_lock(conn); + incache = !(Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL, +@@ -805,15 +805,15 @@ + struct ssl_backend_data *backend = connssl->backend; + char error_buffer[WOLFSSL_MAX_ERROR_SZ]; + int memlen = (len > (size_t)INT_MAX) ? INT_MAX : (int)len; +- int rc = SSL_write(backend->handle, mem, memlen); ++ int rc = wolfSSL_write(backend->handle, mem, memlen); + + if(rc < 0) { +- int err = SSL_get_error(backend->handle, rc); ++ int err = wolfSSL_get_error(backend->handle, rc); + + switch(err) { +- case SSL_ERROR_WANT_READ: +- case SSL_ERROR_WANT_WRITE: +- /* there's data pending, re-invoke SSL_write() */ ++ case WOLFSSL_ERROR_WANT_READ: ++ case WOLFSSL_ERROR_WANT_WRITE: ++ /* there's data pending, re-invoke wolfSSL_write() */ + *curlcode = CURLE_AGAIN; + return -1; + default: +@@ -833,12 +833,12 @@ + struct ssl_backend_data *backend = connssl->backend; + + if(backend->handle) { +- (void)SSL_shutdown(backend->handle); +- SSL_free(backend->handle); ++ (void)wolfSSL_shutdown(backend->handle); ++ wolfSSL_free(backend->handle); + backend->handle = NULL; + } + if(backend->ctx) { +- SSL_CTX_free(backend->ctx); ++ wolfSSL_CTX_free(backend->ctx); + backend->ctx = NULL; + } + } +@@ -853,17 +853,17 @@ + struct ssl_backend_data *backend = connssl->backend; + char error_buffer[WOLFSSL_MAX_ERROR_SZ]; + int buffsize = (buffersize > (size_t)INT_MAX) ? INT_MAX : (int)buffersize; +- int nread = SSL_read(backend->handle, buf, buffsize); ++ int nread = wolfSSL_read(backend->handle, buf, buffsize); + + if(nread < 0) { +- int err = SSL_get_error(backend->handle, nread); ++ int err = wolfSSL_get_error(backend->handle, nread); + + switch(err) { +- case SSL_ERROR_ZERO_RETURN: /* no more data */ ++ case WOLFSSL_ERROR_ZERO_RETURN: /* no more data */ + break; +- case SSL_ERROR_WANT_READ: +- case SSL_ERROR_WANT_WRITE: +- /* there's data pending, re-invoke SSL_read() */ ++ case WOLFSSL_ERROR_WANT_READ: ++ case WOLFSSL_ERROR_WANT_WRITE: ++ /* there's data pending, re-invoke wolfSSL_read() */ + *curlcode = CURLE_AGAIN; + return -1; + default: +@@ -900,7 +900,7 @@ + #ifdef OPENSSL_EXTRA + Curl_tls_keylog_open(); + #endif +- return (wolfSSL_Init() == SSL_SUCCESS); ++ return (wolfSSL_Init() == WOLFSSL_SUCCESS); + } + + +@@ -919,7 +919,7 @@ + const struct ssl_connect_data *connssl = &conn->ssl[connindex]; + struct ssl_backend_data *backend = connssl->backend; + if(backend->handle) /* SSL is in use */ +- return (0 != SSL_pending(backend->handle)) ? TRUE : FALSE; ++ return (0 != wolfSSL_pending(backend->handle)) ? TRUE : FALSE; + else + return FALSE; + } diff --git a/patches/02_fix-undefined-references-with-NO_OLD_TLS-and-NO_SESSION_CACHE.patch b/patches/02_fix-undefined-references-with-NO_OLD_TLS-and-NO_SESSION_CACHE.patch new file mode 100644 index 0000000..3ceeadd --- /dev/null +++ b/patches/02_fix-undefined-references-with-NO_OLD_TLS-and-NO_SESSION_CACHE.patch @@ -0,0 +1,51 @@ +From: Patrick McDermott <patrick.mcdermott@libiquity.com> +Subject: Fix undefined references with NO_OLD_TLS and NO_SESSION_CACHE + +diff -Naur src.orig/lib/vtls/wolfssl.c src/lib/vtls/wolfssl.c +--- src.orig/lib/vtls/wolfssl.c 2021-01-03 03:05:41.990032879 -0500 ++++ src/lib/vtls/wolfssl.c 2021-01-03 03:19:00.108983191 -0500 +@@ -265,8 +265,12 @@ + #endif + break; + case CURL_SSLVERSION_TLSv1_1: ++#ifndef NO_OLD_TLS + req_method = wolfTLSv1_1_client_method(); + use_sni(TRUE); ++#else ++ failf(data, "wolfSSL does not support TLS 1.1"); ++#endif + break; + case CURL_SSLVERSION_TLSv1_2: + req_method = wolfTLSv1_2_client_method(); +@@ -500,6 +504,7 @@ + } + #endif /* OPENSSL_EXTRA */ + ++#ifndef NO_SESSION_CACHE + /* Check if there's a cached ID we can/should use here! */ + if(SSL_SET_OPTION(primary.sessionid)) { + void *ssl_sessionid = NULL; +@@ -520,6 +525,7 @@ + } + Curl_ssl_sessionid_unlock(conn); + } ++#endif + + /* pass the raw socket into the SSL layer */ + if(!wolfSSL_set_fd(backend->handle, (int)sockfd)) { +@@ -759,6 +765,7 @@ + + DEBUGASSERT(ssl_connect_3 == connssl->connecting_state); + ++#ifndef NO_SESSION_CACHE + if(SSL_SET_OPTION(primary.sessionid)) { + bool incache; + WOLFSSL_SESSION *our_ssl_sessionid; +@@ -788,6 +795,7 @@ + } + Curl_ssl_sessionid_unlock(conn); + } ++#endif + + connssl->connecting_state = ssl_connect_done; + @@ -0,0 +1,13 @@ +#!/bin/sh + +set -eu + +read src ver <<-EOF + $(sed '1s/^\(.*\) (\(.*\)) .*$/\1 \2/; q;' changelog) + EOF + +sed '/^ -- .* /{ s/^\( -- .* \).*$/\1'"$(LC_ALL='POSIX' date \ + '+%a, %d %b %Y %H:%M:%S %z')"'/; :l; n; b l; };' changelog >changelog~ +mv changelog~ changelog +git commit -m "changelog: Release ${src} ${ver}" -- changelog +git tag "${src}/${ver}" HEAD @@ -1,19 +1,35 @@ -upstream_archive = $(OPK_SOURCE)-$(OPK_SOURCE_VERSION_UPSTREAM).tar.bz2 -upstream_url = http://curl.haxx.se/download/$(upstream_archive) -source_archive = ../$(OPK_SOURCE)-$(OPK_SOURCE_VERSION_UPSTREAM).orig.tar.bz2 -keys = '914C 533D F9B2 ADA2 204F 586D 78E1 1C6B 279D 5C91' +z = xz +keys = \ + '27ED EAF2 2F3A BCEB 50DB 9A12 5CC9 08FD B71E 12C2' -$(source_archive): - wget -c '$(upstream_url)' - set -e; if gpg --version >/dev/null 2>&1; then \ - wget -c '$(upstream_url).asc'; \ - [ -e ../keyring.gpg ] || \ - gpg --keyring ../keyring.gpg --no-default-keyring \ - --recv-keys $(keys) || true; \ - rm -f ../keyring.gpg~; \ - gpg --verify --keyring ../keyring.gpg \ - '$(upstream_archive).asc'; \ - fi - mv '$(upstream_archive)' '$@' +upstream_archive = $(OPK_SOURCE)-$(OPK_SOURCE_VERSION_UPSTREAM).tar.$(z) +upstream_url = https://curl.se/download/$(upstream_archive) +source_archive = ../$(OPK_SOURCE)-$(OPK_SOURCE_VERSION_UPSTREAM).orig.tar.$(z) -source: $(source_archive) +GNUPGHOME = gnupghome +# TODO: When GnuPG is built with TLS support, delete the second "keyserver" line +# to switch to a non-SKS keyserver. We can't switch yet, because the Web server +# at keys.openpgp.org redirects (HTTP 301) to HTTPS (and enforces it with HSTS). +keyserver = hkps://keys.openpgp.org +keyserver = hkp://pool.sks-keyservers.net +keyring = ../keyring.gpg +cleanup = gpgconf --kill all; rm -Rf '$(GNUPGHOME)'; sleep 5 + +$(keyring): + gpg --recv-keys $(keys) || { rm -Rf '$@'; exit 1; } + rm -f '$@~' + +$(source_archive): $(keyring) + wget -c "$(upstream_url)" "$(upstream_url).asc" + gpg --verify "$(upstream_archive).asc" + mv "$(upstream_archive)" "$(source_archive)" + +source: + install -m 0700 -d '$(GNUPGHOME)' + umask 0177; printf 'keyserver $(keyserver)\n' \ + 1>'$(GNUPGHOME)/dirmngr.conf' + umask 0177; printf 'no-default-keyring\nkeyring $(keyring)\nverbose\n' \ + 1>'$(GNUPGHOME)/gpg.conf' + GNUPGHOME='$(GNUPGHOME)' $(MAKE) -f ../source.mk "$(source_archive)" \ + || { $(cleanup); exit 1; } + $(cleanup) @@ -1,11 +1,28 @@ Libcurl-Description: libcurl is a free and easy-to-use client-side URL transfer library, supporting - DICT, FILE, FTP, FTPS, Gopher, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, POP3, - POP3S, RTMP, RTSP, SCP, SFTP, SMTP, SMTPS, Telnet and TFTP. libcurl supports - SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, - proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, - Kerberos), file transfer resume, http proxy tunneling and more! + DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, + MQTT, POP3, POP3S, RTMP, RTMPS, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, + TELNET, and TFTP. libcurl supports SSL certificates, HTTP POST, HTTP PUT, FTP + uploading, HTTP form based upload, proxies, HTTP/2, HTTP/3, cookies, + user+password authentication (Basic, Digest, NTLM, Negotiate, and Kerberos), + file transfer resume, HTTP proxy tunneling, and more! +Curl-Description: + curl is a command-line tool for getting or sending files using URL syntax, + supporting DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, + LDAP, LDAPS, MQTT, POP3, POP3S, RTMP, RTMPS, RTSP, SCP, SFTP, SMB, SMBS, SMTP, + SMTPS, TELNET, and TFTP. libcurl supports SSL certificates, HTTP POST, HTTP + PUT, FTP uploading, HTTP form based upload, proxies, HTTP/2, HTTP/3, cookies, + user+password authentication (Basic, Digest, NTLM, Negotiate, and Kerberos), + file transfer resume, HTTP proxy tunneling, and more! +Both-Description: + libcurl is a free and easy-to-use client-side URL transfer library, supporting + DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, + MQTT, POP3, POP3S, RTMP, RTMPS, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, + TELNET, and TFTP. libcurl supports SSL certificates, HTTP POST, HTTP PUT, FTP + uploading, HTTP form based upload, proxies, HTTP/2, HTTP/3, cookies, + user+password authentication (Basic, Digest, NTLM, Negotiate, and Kerberos), + file transfer resume, HTTP proxy tunneling, and more! . - libcurl is free, thread-safe, IPv6 compatible, feature rich, well supported, - fast, thoroughly documented and is already used by many known, big and - successful companies and numerous applications. + curl is a command-line tool for getting or sending files using URL syntax. + Since curl uses libcurl, curl supports the same wide range of common Internet + protocols that libcurl does. |