Patched 7.18.2 for the NSS threadsafe issue (Bug #230413), and added 7.19.0 which is unaffected by the bug.

(Portage version: 2.2_rc13/cvs/Linux 2.6.26-gentoo-r1 x86_64)

4 files changed, 205 insertions, 2 deletions

diff --git a/net-misc/curl/ChangeLog b/net-misc/curl/ChangeLog
index b445866602fe..65e546e67330 100644
--- a/net-misc/curl/ChangeLog
+++ b/net-misc/curl/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for net-misc/curl
 # Copyright 2002-2008 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/curl/ChangeLog,v 1.126 2008/08/25 20:22:46 jer Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/curl/ChangeLog,v 1.127 2008/11/03 22:10:18 lack Exp $
+
+*curl-7.19.0 (03 Nov 2008)
+
+  03 Nov 2008; Jim Ramsay <lack@gentoo.org>
+  +files/curl-7.18.2-nss-threadsafe.patch, curl-7.18.2.ebuild,
+  +curl-7.19.0.ebuild:
+  Patched 7.18.2 for the NSS threadsafe issue (Bug #230413), and added
+  7.19.0 which is unaffected by the bug.
 
   25 Aug 2008; Jeroen Roovers <jer@gentoo.org> curl-7.18.2.ebuild:
   Stable for HPPA (bug #233122).
diff --git a/net-misc/curl/curl-7.18.2.ebuild b/net-misc/curl/curl-7.18.2.ebuild
index 69ab44bc5706..7f0d9f9d3f1a 100644
--- a/net-misc/curl/curl-7.18.2.ebuild
+++ b/net-misc/curl/curl-7.18.2.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2008 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/curl/curl-7.18.2.ebuild,v 1.7 2008/08/25 20:22:46 jer Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/curl/curl-7.18.2.ebuild,v 1.8 2008/11/03 22:10:18 lack Exp $
 
 # NOTE: If you bump this ebuild, make sure you bump dev-python/pycurl!
 
@@ -45,6 +45,7 @@ src_unpack() {
 	unpack ${A}
 	cd "${S}"
 	epatch "${FILESDIR}"/curl-7.17.0-strip-ldflags.patch
+	epatch "${FILESDIR}"/curl-7.18.2-nss-threadsafe.patch
 }
 
 src_compile() {
diff --git a/net-misc/curl/curl-7.19.0.ebuild b/net-misc/curl/curl-7.19.0.ebuild
new file mode 100644
index 000000000000..1e17538603c0
--- /dev/null
+++ b/net-misc/curl/curl-7.19.0.ebuild
@@ -0,0 +1,117 @@
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/curl/curl-7.19.0.ebuild,v 1.1 2008/11/03 22:10:18 lack Exp $
+
+# NOTE: If you bump this ebuild, make sure you bump dev-python/pycurl!
+
+inherit multilib
+
+#MY_P=${P/_pre/-}
+DESCRIPTION="A Client that groks URLs"
+HOMEPAGE="http://curl.haxx.se/ http://curl.planetmirror.com"
+#SRC_URI="http://cool.haxx.se/curl-daily/${MY_P}.tar.bz2"
+#SRC_URI="http://curl.planetmirror.com/download/${P}.tar.bz2"
+SRC_URI="http://curl.haxx.se/download/${P}.tar.bz2"
+
+LICENSE="MIT X11"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~sparc-fbsd ~x86 ~x86-fbsd"
+#IUSE="ssl ipv6 ldap ares gnutls nss idn kerberos test"
+IUSE="ssl ipv6 ldap ares gnutls libssh2 nss idn kerberos test"
+
+# TODO - change to openssl USE flag in the not too distant future
+# https://bugs.gentoo.org/show_bug.cgi?id=207653#c3 (April 2008)
+
+RDEPEND="gnutls? ( net-libs/gnutls app-misc/ca-certificates )
+	nss? ( !gnutls? ( dev-libs/nss app-misc/ca-certificates ) )
+	ssl? ( !gnutls? ( !nss? ( dev-libs/openssl app-misc/ca-certificates ) ) )
+	ldap? ( net-nds/openldap )
+	idn? ( net-dns/libidn )
+	ares? ( >=net-dns/c-ares-1.4.0 )
+	kerberos? ( virtual/krb5 )
+	libssh2? ( >=net-libs/libssh2-0.16 )"
+
+# fbopenssl (not in gentoo) --with-spnego
+# krb4 http://web.mit.edu/kerberos/www/krb4-end-of-life.html
+
+DEPEND="${RDEPEND}
+	test? (
+		sys-apps/diffutils
+		dev-lang/perl
+	)"
+# used - but can do without in self test: net-misc/stunnel
+#S="${WORKDIR}"/${MY_P}
+
+src_unpack() {
+	unpack ${A}
+	cd "${S}"
+	epatch "${FILESDIR}"/curl-7.17.0-strip-ldflags.patch
+}
+
+src_compile() {
+
+	myconf="$(use_enable ldap)
+		$(use_enable ldap ldaps)
+		$(use_with idn libidn)
+		$(use_with kerberos gssapi /usr)
+		$(use_with libssh2)
+		$(use_enable ipv6)
+		--enable-http
+		--enable-ftp
+		--enable-gopher
+		--enable-file
+		--enable-dict
+		--enable-manual
+		--enable-telnet
+		--enable-nonblocking
+		--enable-largefile
+		--enable-maintainer-mode
+		--disable-sspi
+		--without-krb4
+		--without-spnego"
+
+	if use ipv6 && use ares; then
+		elog "c-ares support disabled because it is incompatible with ipv6."
+		myconf="${myconf} --disable-ares"
+	else
+		myconf="${myconf} $(use_enable ares)"
+	fi
+
+	if use gnutls; then
+		myconf="${myconf} --without-ssl --with-gnutls --without-nss"
+		myconf="${myconf} --with-ca-bundle=/etc/ssl/certs/ca-certificates.crt"
+	elif use nss; then
+		myconf="${myconf} --without-ssl --without-gnutls --with-nss"
+		myconf="${myconf} --with-ca-bundle=/etc/ssl/certs/ca-certificates.crt"
+	elif use ssl; then
+		myconf="${myconf} --without-gnutls --without-nss --with-ssl"
+		myconf="${myconf} --without-ca-bundle --with-ca-path=/etc/ssl/certs"
+	else
+		myconf="${myconf} --without-gnutls --without-nss --without-ssl"
+	fi
+
+	econf ${myconf} || die 'configure failed'
+
+	emake || die "install failed for current version"
+}
+
+src_install() {
+	emake DESTDIR="${D}" install || die "installed failed for current version"
+	rm -rf "${D}"/etc/
+
+	# https://sourceforge.net/tracker/index.php?func=detail&aid=1705197&group_id=976&atid=350976
+	insinto /usr/share/aclocal
+	doins docs/libcurl/libcurl.m4
+
+	dodoc CHANGES README
+	dodoc docs/FEATURES docs/INTERNALS
+	dodoc docs/MANUAL docs/FAQ docs/BUGS docs/CONTRIBUTE
+}
+
+pkg_postinst() {
+	if [[ -e "${ROOT}"/usr/$(get_libdir)/libcurl.so.3 ]] ; then
+		elog "You must re-compile all packages that are linked against"
+		elog "curl-7.15.* by using revdep-rebuild from gentoolkit:"
+		elog "# revdep-rebuild --library libcurl.so.3"
+	fi
+}
diff --git a/net-misc/curl/files/curl-7.18.2-nss-threadsafe.patch b/net-misc/curl/files/curl-7.18.2-nss-threadsafe.patch
new file mode 100644
index 000000000000..a45120283c13
--- /dev/null
+++ b/net-misc/curl/files/curl-7.18.2-nss-threadsafe.patch
@@ -0,0 +1,77 @@
+===================================================================
+RCS file: /cvsroot/curl/curl/lib/nss.c,v
+retrieving revision 1.33
+retrieving revision 1.34
+diff -u -r1.33 -r1.34
+--- curl/lib/nss.c	2008/09/06 05:29:06	1.33
++++ curl/lib/nss.c	2008/09/23 10:27:04	1.34
+@@ -78,7 +78,9 @@
+ 
+ PRFileDesc *PR_ImportTCPSocket(PRInt32 osfd);
+ 
+-int initialized = 0;
++PRLock * nss_initlock = NULL;
++
++volatile int initialized = 0;
+ 
+ #define HANDSHAKE_TIMEOUT 30
+ 
+@@ -837,8 +839,11 @@
+  */
+ int Curl_nss_init(void)
+ {
+-  if(!initialized)
++  /* curl_global_init() is not thread-safe so this test is ok */
++  if (nss_initlock == NULL) {
+     PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 256);
++    nss_initlock = PR_NewLock();
++  }
+ 
+   /* We will actually initialize NSS later */
+ 
+@@ -848,7 +853,17 @@
+ /* Global cleanup */
+ void Curl_nss_cleanup(void)
+ {
+-  NSS_Shutdown();
++  /* This function isn't required to be threadsafe and this is only done
++   * as a safety feature.
++   */
++  PR_Lock(nss_initlock);
++  if (initialized)
++    NSS_Shutdown();
++  PR_Unlock(nss_initlock);
++
++  PR_DestroyLock(nss_initlock);
++  nss_initlock = NULL;
++
+   initialized = 0;
+ }
+ 
+@@ -926,7 +941,8 @@
+     return CURLE_OK;
+ 
+   /* FIXME. NSS doesn't support multiple databases open at the same time. */
+-  if(!initialized) {
++  PR_Lock(nss_initlock);
++  if(!initialized && !NSS_IsInitialized()) {
+     initialized = 1;
+ 
+     certDir = getenv("SSL_DIR"); /* Look in $SSL_DIR */
+@@ -950,6 +966,8 @@
+     if(rv != SECSuccess) {
+       infof(conn->data, "Unable to initialize NSS database\n");
+       curlerr = CURLE_SSL_CACERT_BADFILE;
++      initialized = 0;
++      PR_Unlock(nss_initlock);
+       goto error;
+     }
+ 
+@@ -972,6 +990,7 @@
+     }
+ #endif
+   }
++  PR_Unlock(nss_initlock);
+ 
+   model = PR_NewTCPSocket();
+   if(!model)