Forward-port patches

2025-10-15 15:13:00 +00:00 · 2018-05-02 22:37:18 +02:00 · 2018-05-02 22:37:18 +02:00 · 55fdf8e503
commit 55fdf8e503
parent 4c8b307474
4 changed files with 122 additions and 116 deletions
--- a/debian/patches/Use-curl-for-TLS.patch
+++ b/debian/patches/Use-curl-for-TLS.patch
@ -0,0 +1,121 @@
+Subject: Use curl for TLS
+Forwarded: no
+Applied-Upstream: no
+From: Nicolas Braud-Santoni <nicolas@braud-santoni.eu>
+Reviewed-by: Nicolas Braud-Santoni <nicolas@braud-santoni.eu>
+Last-Update: 2018-05-02
+
+The original Debian patchset was authored by Ximin Luo <infinity0@debian.org>
+---
+ src/CMakeLists.txt    |  3 +++
+ src/streams/curl.c    | 14 +++++++++++---
+ src/streams/curl.h    |  2 +-
+ src/streams/openssl.c |  2 +-
+ src/streams/tls.c     |  2 ++
+ src/transports/http.c |  2 +-
+ 6 files changed, 19 insertions(+), 6 deletions(-)
+
+diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
+index b03b96a..2739fb5 100644
+--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
+@@ -124,6 +124,9 @@ ELSE ()
+ 
+ 	IF (CURL_FOUND)
+ 		SET(GIT_CURL 1)
+		IF (USE_CURL_SSL)
+			ADD_DEFINITIONS(-DGIT_CURL_SSL)
+		ENDIF()
+ 		LIST(APPEND LIBGIT2_INCLUDES ${CURL_INCLUDE_DIRS})
+ 		LIST(APPEND LIBGIT2_LIBDIRS ${CURL_LIBRARY_DIRS})
+ 		LIST(APPEND LIBGIT2_LIBS ${CURL_LIBRARIES})
+diff --git a/src/streams/curl.c b/src/streams/curl.c
+index ee13be1..afb3775 100644
+--- a/src/streams/curl.c
+++ b/src/streams/curl.c
+@@ -314,7 +314,7 @@ static void curls_free(git_stream *stream)
+ 	git__free(s);
+ }
+ 
+-int git_curl_stream_new(git_stream **out, const char *host, const char *port)
+int git_curl_stream_new(git_stream **out, const char *host, const char *port, int encrypted)
+ {
+ 	curl_stream *st;
+ 	CURL *handle;
+@@ -335,7 +335,15 @@ int git_curl_stream_new(git_stream **out, const char *host, const char *port)
+ 		return error;
+ 	}
+ 
+-	curl_easy_setopt(handle, CURLOPT_URL, host);
+	if (encrypted) {
+		git_buf buf = GIT_BUF_INIT;
+		git_buf_printf(&buf, "https://%s", host);
+		curl_easy_setopt(handle, CURLOPT_URL, buf.ptr);
+		git_buf_free(&buf);
+	} else {
+		curl_easy_setopt(handle, CURLOPT_URL, host);
+	}
+
+ 	curl_easy_setopt(handle, CURLOPT_ERRORBUFFER, st->curl_error);
+ 	curl_easy_setopt(handle, CURLOPT_PORT, iport);
+ 	curl_easy_setopt(handle, CURLOPT_CONNECT_ONLY, 1);
+@@ -347,7 +355,7 @@ int git_curl_stream_new(git_stream **out, const char *host, const char *port)
+ 	/* curl_easy_setopt(handle, CURLOPT_VERBOSE, 1); */
+ 
+ 	st->parent.version = GIT_STREAM_VERSION;
+-	st->parent.encrypted = 0; /* we don't encrypt ourselves */
+	st->parent.encrypted = encrypt; /* we don't encrypt ourselves */
+ 	st->parent.proxy_support = 1;
+ 	st->parent.connect = curls_connect;
+ 	st->parent.certificate = curls_certificate;
+diff --git a/src/streams/curl.h b/src/streams/curl.h
+index 511cd89..ac0df1c 100644
+--- a/src/streams/curl.h
+++ b/src/streams/curl.h
+@@ -12,6 +12,6 @@
+ #include "git2/sys/stream.h"
+ 
+ extern int git_curl_stream_global_init(void);
+-extern int git_curl_stream_new(git_stream **out, const char *host, const char *port);
+extern int git_curl_stream_new(git_stream **out, const char *host, const char *port, int encrypted);
+ 
+ #endif
+diff --git a/src/streams/openssl.c b/src/streams/openssl.c
+index 9cbb274..063750f 100644
+--- a/src/streams/openssl.c
+++ b/src/streams/openssl.c
+@@ -607,7 +607,7 @@ int git_openssl_stream_new(git_stream **out, const char *host, const char *port)
+ 
+ 	st->io = NULL;
+ #ifdef GIT_CURL
+-	error = git_curl_stream_new(&st->io, host, port);
+	error = git_curl_stream_new(&st->io, host, port, false);
+ #else
+ 	error = git_socket_stream_new(&st->io, host, port);
+ #endif
+diff --git a/src/streams/tls.c b/src/streams/tls.c
+index d6ca7d4..7279306 100644
+--- a/src/streams/tls.c
+++ b/src/streams/tls.c
+@@ -31,6 +31,8 @@ int git_tls_stream_new(git_stream **out, const char *host, const char *port)
+ 	return git_stransport_stream_new(out, host, port);
+ #elif defined(GIT_OPENSSL)
+ 	return git_openssl_stream_new(out, host, port);
+#elif defined(GIT_CURL_SSL)
+	return git_curl_stream_new(out, host, port, true);
+ #else
+ 	GIT_UNUSED(out);
+ 	GIT_UNUSED(host);
+diff --git a/src/transports/http.c b/src/transports/http.c
+index e051c8a..984be08 100644
+--- a/src/transports/http.c
+++ b/src/transports/http.c
+@@ -605,7 +605,7 @@ static int http_connect(http_subtransport *t)
+ 		error = git_tls_stream_new(&t->io, t->connection_data.host, t->connection_data.port);
+ 	} else {
+ #ifdef GIT_CURL
+-		error = git_curl_stream_new(&t->io, t->connection_data.host, t->connection_data.port);
+		error = git_curl_stream_new(&t->io, t->connection_data.host, t->connection_data.port, false);
+ #else
+ 		error = git_socket_stream_new(&t->io,  t->connection_data.host, t->connection_data.port);
+ #endif
--- a/debian/patches/revert-curl-no-encrypt.patch
+++ b/debian/patches/revert-curl-no-encrypt.patch
@ -1,85 +0,0 @@
-commit e96800420abf894673e8eeca4af5277dbb12d730
-Author: Ximin Luo <infinity0@pwned.gg>
-Date:   Tue Aug 1 16:07:35 2017 +0200
-
-    Revert "curl: remove the encrypted param to the constructor"
-    
-    This reverts commit 8443f492dd53451c1c74f61c0e51ddb32c5e6ba0.
-
-diff --git a/src/curl_stream.c b/src/curl_stream.c
-index 4e0455cca..346b0c00d 100644
--- a/src/curl_stream.c
-+++ b/src/curl_stream.c
-@@ -296,7 +296,7 @@ static void curls_free(git_stream *stream)
- 	git__free(s);
- }
- 
-int git_curl_stream_new(git_stream **out, const char *host, const char *port)
-+int git_curl_stream_new(git_stream **out, const char *host, const char *port, int encrypted)
- {
- 	curl_stream *st;
- 	CURL *handle;
-@@ -317,7 +317,15 @@ int git_curl_stream_new(git_stream **out, const char *host, const char *port)
- 		return error;
- 	}
- 
-	curl_easy_setopt(handle, CURLOPT_URL, host);
-+	if (encrypted) {
-+		git_buf buf = GIT_BUF_INIT;
-+		git_buf_printf(&buf, "https://%s", host);
-+		curl_easy_setopt(handle, CURLOPT_URL, buf.ptr);
-+		git_buf_free(&buf);
-+	} else {
-+		curl_easy_setopt(handle, CURLOPT_URL, host);
-+	}
-+
- 	curl_easy_setopt(handle, CURLOPT_ERRORBUFFER, st->curl_error);
- 	curl_easy_setopt(handle, CURLOPT_PORT, iport);
- 	curl_easy_setopt(handle, CURLOPT_CONNECT_ONLY, 1);
-@@ -329,7 +337,7 @@ int git_curl_stream_new(git_stream **out, const char *host, const char *port)
- 	/* curl_easy_setopt(handle, CURLOPT_VERBOSE, 1); */
- 
- 	st->parent.version = GIT_STREAM_VERSION;
-	st->parent.encrypted = 0; /* we don't encrypt ourselves */
-+	st->parent.encrypted = encrypted;
- 	st->parent.proxy_support = 1;
- 	st->parent.connect = curls_connect;
- 	st->parent.certificate = curls_certificate;
-diff --git a/src/curl_stream.h b/src/curl_stream.h
-index 283f0fe40..168fbe8c4 100644
--- a/src/curl_stream.h
-+++ b/src/curl_stream.h
-@@ -9,6 +9,6 @@
- 
- #include "git2/sys/stream.h"
- 
-extern int git_curl_stream_new(git_stream **out, const char *host, const char *port);
-+extern int git_curl_stream_new(git_stream **out, const char *host, const char *port, bool encrypted);
- 
- #endif
-diff --git a/src/openssl_stream.c b/src/openssl_stream.c
-index 759c5015f..f567347a1 100644
--- a/src/openssl_stream.c
-+++ b/src/openssl_stream.c
-@@ -588,7 +588,7 @@ int git_openssl_stream_new(git_stream **out, const char *host, const char *port)
- 
- 	st->io = NULL;
- #ifdef GIT_CURL
-	error = git_curl_stream_new(&st->io, host, port);
-+	error = git_curl_stream_new(&st->io, host, port, false);
- #else
- 	error = git_socket_stream_new(&st->io, host, port);
- #endif
-diff --git a/src/transports/http.c b/src/transports/http.c
-index cb4a6d0d5..e4535b6db 100644
--- a/src/transports/http.c
-+++ b/src/transports/http.c
-@@ -609,7 +609,7 @@ static int http_connect(http_subtransport *t)
- 		error = git_tls_stream_new(&t->io, t->connection_data.host, t->connection_data.port);
- 	} else {
- #ifdef GIT_CURL
-		error = git_curl_stream_new(&t->io, t->connection_data.host, t->connection_data.port);
-+		error = git_curl_stream_new(&t->io, t->connection_data.host, t->connection_data.port, false);
- #else
- 		error = git_socket_stream_new(&t->io,  t->connection_data.host, t->connection_data.port);
- #endif
--- a/debian/patches/series
+++ b/debian/patches/series
@ -1,2 +1 @@
-revert-curl-no-encrypt.patch
-use-curl-stream.patch
+Use-curl-for-TLS.patch
--- a/debian/patches/use-curl-stream.patch
+++ b/debian/patches/use-curl-stream.patch
@ -1,29 +0,0 @@
-Description: Add -DUSE_CURL_SSL to allow distros to avoid OpenSSL
-Author: Ximin Luo <infinity0@pwned.gg>
-Forwarded: https://github.com/libgit2/libgit2/pull/4325
--- a/src/transports/http.c
-+++ b/src/transports/http.c
-@@ -606,7 +606,11 @@
- 	}
- 
- 	if (t->connection_data.use_ssl) {
-+#ifdef GIT_CURL_SSL
-+		error = git_curl_stream_new(&t->io, t->connection_data.host, t->connection_data.port, true);
-+#else
- 		error = git_tls_stream_new(&t->io, t->connection_data.host, t->connection_data.port);
-+#endif
- 	} else {
- #ifdef GIT_CURL
- 		error = git_curl_stream_new(&t->io, t->connection_data.host, t->connection_data.port, false);
--- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -285,6 +285,9 @@
- 	ENDIF ()
- 
- 	IF (CURL_FOUND)
-+		IF (USE_CURL_SSL)
-+			ADD_DEFINITIONS(-DGIT_CURL_SSL)
-+		ENDIF()
- 		ADD_DEFINITIONS(-DGIT_CURL)
- 		INCLUDE_DIRECTORIES(${CURL_INCLUDE_DIRS})
- 		LINK_DIRECTORIES(${CURL_LIBRARY_DIRS})