libressl de portage

2021-05-02 04:27:59 -05:00 · 2021-05-02 04:27:59 -05:00 · cd934d6b12
commit cd934d6b12
parent b9477ba9e7
6 changed files with 411 additions and 0 deletions
--- a/net-misc/curl/Manifest
+++ b/net-misc/curl/Manifest
@ -0,0 +1,13 @@
+AUX curl-7.30.0-prefix.patch 880 BLAKE2B 5b7552a8339014221864a585d174b02a96ec7dd7fe8762d331d1981834044f8ec4db64d527a4ded3f5f4cccc86f281576668de092439eb19f5477d5fcf8369cf SHA512 c7cd13b9ccbd12ed01ea121ffece9c23b898a5b34698bae59ae1dd23b1cf2445180b84d80c4a640981f16dba5018df944f405dd5c660addab54ca21e0e673b7f
+AUX curl-fix-gnutls-nettle.patch 1186 BLAKE2B 5a7ea1ab68e8e314cda5b957335caf84e5b0e9b2b65c1eacfe94349139ff27903d55ae608a71a0389bf9f8bfbda92184c4cc30ca0b96b13b11f0d77cbf4c7b53 SHA512 b88d4d71a1d55626aedea620e94a5b6064141c6ff0d8a64c784705d44d4a00dc789dd0a55a56320ca4c9f2b9914e72285447c9310bb4563b45d7f3430b18a0fa
+AUX curl-respect-cflags-3.patch 406 BLAKE2B 1b533144858aff5566150c4a2648ad2e48e8ff29849ae285592edfee4b3332d06e750395dea7190ee6a01d2b5ee2c2c42c10400c2e5defa09963a90a1a10417d SHA512 3219e4e67d534e35012909243fc8d69d58989462db44dd507c502e7aaa299f1d9a01392e2c83797cc2bdb53d503470c5d6e7bf94572a6ccc6e5eafcc0466bc54
+DIST curl-7.74.0.tar.xz 2400972 BLAKE2B bef9e01493994afc933549a78b41065708aeaa9f6f5cdd1dbf2f43bbb03bbc97b17308b8bda5f11599c3cc0c6c77903e6fa6f1310ff874fad902a59566b51e8a SHA512 5d987f0b4d051c9e254f14d4e2a05f7cda9fb0f0ac7b3ca3664a25a51ee5ffe092ee072c0d9a613fcd3f34727d75bba14b70f5500cb110ca818591e071c3e6f4
+DIST curl-7.75.0.tar.xz 2418816 BLAKE2B 74889ede1b57a6685eef0f504d4c261c0b271b36ab3290bfc895efe9a6fffe4bfd433eaae438cd2b54a920671a2ebc2ca5e73bd88f6be40b4f46ef281028f1d8 SHA512 4c2fc6658379b8b93dd50665b70f3000b63d3bcafd2df60b7e651a8edf4735b3decb06c338b84cb22058191aa9f8f4dc85760a42f9987210b59300758304b746
+DIST curl-7.76.0.tar.xz 2428552 BLAKE2B 7c02bbd3c86a5de38990f7ef63e92804fc02977bf34eb4372e7ac95aa091689094193bcf58e30d76114341f930777787cbfbbf83f02c5037f7ac7599296a6735 SHA512 a67e5078b48150c6f5331e76b25a6b197f1e916be1db900bf9455b032b3af5a71610b47e607546ecbae510d196a0cfcb75a14dac549288797af1701b7b587ece
+DIST curl-7.76.1.tar.xz 2427636 BLAKE2B 56452871fbd998f0c9a5af86b3853ed1dfc956c39380e5da472b4f382db45926ac3aa9e395ae7d2812aac0f0f29bee28343218810a169beb592c5224e0a4f018 SHA512 5fe85d2e776789aa8117c57fe7648e375b7fa92d5ead5d69855f19ca9a2624d77a1f9ab91766ecb72bbc17e82862248cd07e48917884d6fd856b93fb00d83e28
+EBUILD curl-7.74.0-r2.ebuild 8751 BLAKE2B fe6c5cb4ed83d798928d6f8a32a4cf54a8e3ba05d9145519c347f86690d0334e741fc7b497468fcc569a4a848a27ae408a5c1cfb6f4cfcc1bad3d71b03f8c28e SHA512 35a6e766cd708a97b191e68566941a86253d180824ca29502d5f6c7438ddf849966a9aeb4682b03f1980d342670f82e33af70917115330423d55c36ed31af91a
+EBUILD curl-7.74.0-r4.ebuild 8113 BLAKE2B fbe25717bdfc5f72378663c6ca5d789ed804f9f781b681021fe673ecbc8b6610529f04e9a85651fef8b06c82a705c90733cd0b0f87f8a230ee542d0476127271 SHA512 80c82de586872712446702ddf9a69971f378ce253ea2511a07a6d0daad756254cc543a64e47034ed4e08099210b06fd2bb432e1269bfbdf62c53c55a9d526a5a
+EBUILD curl-7.75.0.ebuild 8131 BLAKE2B 2eea96c28eb050bbce674de4922484b0ee269e7a2da55d964596dead5efafdc9638e102abd7bbb1b59a26ece7f78aa77cbec2feca05ea5d08d6172c3367b62b8 SHA512 a87d56e727c0bf9d9cd819ca9c8290581cd4eda32c1e3f20804845122e7be0a49492aec395048604fc16f9110b0be0c7464528069f7c0a78882e124cbf5c24d3
+EBUILD curl-7.76.0.ebuild 8126 BLAKE2B 7c13dd8eebeb6f4faa739491cb472f2f51072fce44afc3f1bdcab4b89299ab0fc2db136d02f9fb8857da561174710271f15c37002c477ba356f1a6e669a8cc05 SHA512 c4691af18330e43d8526784e0e796bae9b8acd33acf72ea491d32ea08efabfb6e97f049563cd1516d1af9378a395963390f16964a2cd104ba6a186e353cb45b6
+EBUILD curl-7.76.1.ebuild 8189 BLAKE2B 3d6856679fb9559354573437e2891f916279d18566273de097e71e1cd66c3f0917bf39462f43c2e96d5e9e7bc02818fc24fde7aed5e69e6204e100861e01c803 SHA512 b9726621a7190ef207c35488a7fb12c947dfea0fce4b5908550ae274d1d368481a25ce6b7c8493c35a1cd48470dcd361eb19118daac7a62f9aaf80dceb94ea60
+MISC metadata.xml 2104 BLAKE2B cd965737bacd5cde978fdcb652559c3c29eee0083bdee82e00cf78055e681571e77a2deaf4ab6ef5a9aba0c33689356fc2299c346c4c1e6b4afda9c675b9f3b1 SHA512 a2e9ba5358d115b18fa089bd222f026a7553505a154e1d865af0cde1004a0a427f58ed38d802815d96453d5d58628aa91d8cd5d082fe059cb1afd4dc9d312052
--- a/net-misc/curl/curl-7.76.1.ebuild
+++ b/net-misc/curl/curl-7.76.1.ebuild
@ -0,0 +1,295 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit autotools prefix multilib-minimal
+
+DESCRIPTION="A Client that groks URLs"
+HOMEPAGE="https://curl.haxx.se/"
+SRC_URI="https://curl.haxx.se/download/${P}.tar.xz"
+
+LICENSE="curl"
+SLOT="0"
+KEYWORDS="~alpha amd64 ~arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap ipv6 kerberos ldap mbedtls metalink nss +openssl +pop3 +progress-meter rtmp samba +smtp ssh ssl sslv3 static-libs test telnet +tftp threads winssl zstd"
+IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_winssl"
+IUSE+=" nghttp3 quiche"
+IUSE+=" elibc_Winnt"
+
+# c-ares must be disabled for threads
+# only one default ssl provider can be enabled
+REQUIRED_USE="
+	winssl? ( elibc_Winnt )
+	threads? ( !adns )
+	ssl? (
+		^^ (
+			curl_ssl_gnutls
+			curl_ssl_mbedtls
+			curl_ssl_nss
+			curl_ssl_openssl
+			curl_ssl_winssl
+		)
+	)"
+
+# lead to lots of false negatives, bug #285669
+RESTRICT="!test? ( test )"
+
+RDEPEND="ldap? ( net-nds/openldap[${MULTILIB_USEDEP}] )
+	brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
+	ssl? (
+		gnutls? (
+			net-libs/gnutls:0=[static-libs?,${MULTILIB_USEDEP}]
+			dev-libs/nettle:0=[${MULTILIB_USEDEP}]
+			app-misc/ca-certificates
+		)
+		mbedtls? (
+			net-libs/mbedtls:0=[${MULTILIB_USEDEP}]
+			app-misc/ca-certificates
+		)
+		openssl? (
+			dev-libs/openssl:0=[sslv3=,static-libs?,${MULTILIB_USEDEP}]
+		)
+		nss? (
+			dev-libs/nss:0[${MULTILIB_USEDEP}]
+			app-misc/ca-certificates
+		)
+	)
+	http2? ( net-libs/nghttp2[${MULTILIB_USEDEP}] )
+	nghttp3? (
+		net-libs/nghttp3[${MULTILIB_USEDEP}]
+		net-libs/ngtcp2[ssl,${MULTILIB_USEDEP}]
+	)
+	quiche? ( >=net-libs/quiche-0.3.0[${MULTILIB_USEDEP}] )
+	idn? ( net-dns/libidn2:0=[static-libs?,${MULTILIB_USEDEP}] )
+	adns? ( net-dns/c-ares:0[${MULTILIB_USEDEP}] )
+	kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
+	metalink? ( >=media-libs/libmetalink-0.1.1[${MULTILIB_USEDEP}] )
+	rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
+	ssh? ( net-libs/libssh2[${MULTILIB_USEDEP}] )
+	sys-libs/zlib[${MULTILIB_USEDEP}]
+	zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )"
+
+# Do we need to enforce the same ssl backend for curl and rtmpdump? Bug #423303
+#	rtmp? (
+#		media-video/rtmpdump
+#		curl_ssl_gnutls? ( media-video/rtmpdump[gnutls] )
+#		curl_ssl_openssl? ( media-video/rtmpdump[-gnutls,ssl] )
+#	)
+
+# ssl providers to be added:
+# fbopenssl  $(use_with spnego)
+
+DEPEND="${RDEPEND}"
+BDEPEND="virtual/pkgconfig
+	test? (
+		sys-apps/diffutils
+		dev-lang/perl
+	)"
+
+DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
+
+MULTILIB_WRAPPED_HEADERS=(
+	/usr/include/curl/curlbuild.h
+)
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/curl-config
+)
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-7.30.0-prefix.patch
+	"${FILESDIR}"/${PN}-respect-cflags-3.patch
+)
+
+src_prepare() {
+	default
+
+	sed -i '/LD_LIBRARY_PATH=/d' configure.ac || die #382241
+	sed -i '/CURL_MAC_CFLAGS/d' configure.ac || die #637252
+
+	eprefixify curl-config.in
+	eautoreconf
+}
+
+multilib_src_configure() {
+	# We make use of the fact that later flags override earlier ones
+	# So start with all ssl providers off until proven otherwise
+	# TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
+	local myconf=()
+
+	myconf+=( --without-gnutls --without-mbedtls --without-nss --without-polarssl --without-ssl --without-winssl )
+	myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt  )
+	#myconf+=( --without-default-ssl-backend )
+	if use ssl ; then
+		if use gnutls || use curl_ssl_gnutls; then
+			einfo "SSL provided by gnutls"
+			myconf+=( --with-gnutls --with-nettle )
+		fi
+		if use mbedtls || use curl_ssl_mbedtls; then
+			einfo "SSL provided by mbedtls"
+			myconf+=( --with-mbedtls )
+		fi
+		if use nss || use curl_ssl_nss; then
+			einfo "SSL provided by nss"
+			myconf+=( --with-nss )
+		fi
+		if use openssl || use curl_ssl_openssl; then
+			einfo "SSL provided by openssl"
+			myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
+		fi
+		if use winssl || use curl_ssl_winssl; then
+			einfo "SSL provided by Windows"
+			myconf+=( --with-winssl )
+		fi
+
+		if use curl_ssl_gnutls; then
+			einfo "Default SSL provided by gnutls"
+			myconf+=( --with-default-ssl-backend=gnutls )
+		elif use curl_ssl_mbedtls; then
+			einfo "Default SSL provided by mbedtls"
+			myconf+=( --with-default-ssl-backend=mbedtls )
+		elif use curl_ssl_nss; then
+			einfo "Default SSL provided by nss"
+			myconf+=( --with-default-ssl-backend=nss )
+		elif use curl_ssl_openssl; then
+			einfo "Default SSL provided by openssl"
+			myconf+=( --with-default-ssl-backend=openssl )
+		elif use curl_ssl_winssl; then
+			einfo "Default SSL provided by Windows"
+			myconf+=( --with-default-ssl-backend=winssl )
+		else
+			eerror "We can't be here because of REQUIRED_USE."
+		fi
+
+	else
+		einfo "SSL disabled"
+	fi
+
+	# These configuration options are organized alphabetically
+	# within each category.  This should make it easier if we
+	# ever decide to make any of them contingent on USE flags:
+	# 1) protocols first.  To see them all do
+	# 'grep SUPPORT_PROTOCOLS configure.ac'
+	# 2) --enable/disable options second.
+	# 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
+	# 3) --with/without options third.
+	# grep -- --with configure | grep Check | awk '{ print $4 }' | sort
+
+	myconf+=(
+		$(use_enable alt-svc)
+		--enable-crypto-auth
+		--enable-dict
+		--disable-ech
+		--enable-file
+		$(use_enable ftp)
+		$(use_enable gopher)
+		$(use_enable hsts)
+		--enable-http
+		$(use_enable imap)
+		$(use_enable ldap)
+		$(use_enable ldap ldaps)
+		--disable-ntlm-wb
+		$(use_enable pop3)
+		--enable-rt
+		--enable-rtsp
+		$(use_enable samba smb)
+		$(use_with ssh libssh2)
+		$(use_enable smtp)
+		$(use_enable telnet)
+		$(use_enable tftp)
+		--enable-tls-srp
+		$(use_enable adns ares)
+		--enable-cookies
+		--enable-dateparse
+		--enable-dnsshuffle
+		--enable-doh
+		--enable-hidden-symbols
+		--enable-http-auth
+		$(use_enable ipv6)
+		--enable-largefile
+		--enable-manual
+		--enable-mime
+		--enable-netrc
+		$(use_enable progress-meter)
+		--enable-proxy
+		--disable-sspi
+		$(use_enable static-libs static)
+		$(use_enable threads threaded-resolver)
+		$(use_enable threads pthreads)
+		--disable-versioned-symbols
+		--without-amissl
+		--without-bearssl
+		$(use_with brotli)
+		--without-cyassl
+		--without-darwinssl
+		--without-fish-functions-dir
+		$(use_with http2 nghttp2)
+		--without-hyper
+		$(use_with idn libidn2)
+		$(use_with kerberos gssapi "${EPREFIX}"/usr)
+		$(use_with metalink libmetalink)
+		--without-libgsasl
+		--without-libpsl
+		$(use_with nghttp3)
+		$(use_with nghttp3 ngtcp2)
+		$(use_with quiche)
+		$(use_with rtmp librtmp)
+		--without-rustls
+		--without-schannel
+		--without-secure-transport
+		--without-spnego
+		--without-winidn
+		--without-wolfssl
+		--with-zlib
+		$(use_with zstd)
+	)
+
+	ECONF_SOURCE="${S}" \
+	econf "${myconf[@]}"
+
+	if ! multilib_is_native_abi; then
+		# avoid building the client
+		sed -i -e '/SUBDIRS/s:src::' Makefile || die
+		sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
+	fi
+
+	# Fix up the pkg-config file to be more robust.
+	# https://github.com/curl/curl/issues/864
+	local priv=() libs=()
+	# We always enable zlib.
+	libs+=( "-lz" )
+	priv+=( "zlib" )
+	if use http2; then
+		libs+=( "-lnghttp2" )
+		priv+=( "libnghttp2" )
+	fi
+	if use quiche; then
+		libs+=( "-lquiche" )
+		priv+=( "quiche" )
+	fi
+	if use nghttp3; then
+		libs+=( "-lnghttp3" "-lngtcp2" )
+		priv+=( "libnghttp3" "-libtcp2" )
+	fi
+	if use ssl && use curl_ssl_openssl; then
+		libs+=( "-lssl" "-lcrypto" )
+		priv+=( "openssl" )
+	fi
+	grep -q Requires.private libcurl.pc && die "need to update ebuild"
+	libs=$(printf '|%s' "${libs[@]}")
+	sed -i -r \
+		-e "/^Libs.private/s:(${libs#|})( |$)::g" \
+		libcurl.pc || die
+	echo "Requires.private: ${priv[*]}" >> libcurl.pc
+}
+
+multilib_src_test() {
+	multilib_is_native_abi && default_src_test
+}
+
+multilib_src_install_all() {
+	einstalldocs
+	find "${ED}" -type f -name '*.la' -delete || die
+	rm -rf "${ED}"/etc/ || die
+}
--- a/net-misc/curl/files/curl-7.30.0-prefix.patch
+++ b/net-misc/curl/files/curl-7.30.0-prefix.patch
@ -0,0 +1,21 @@
+diff -Naur curl-7.30.0.orig/curl-config.in curl-7.30.0/curl-config.in
+--- curl-7.30.0.orig/curl-config.in	2013-02-06 09:44:37.000000000 -0500
+++ curl-7.30.0/curl-config.in	2013-04-17 18:43:56.000000000 -0400
+@@ -134,7 +134,7 @@
+         else
+           CPPFLAG_CURL_STATICLIB=""
+         fi
+-        if test "X@includedir@" = "X/usr/include"; then
+        if test "X@includedir@" = "X@GENTOO_PORTAGE_EPREFIX@/usr/include"; then
+           echo "$CPPFLAG_CURL_STATICLIB"
+         else
+           echo "${CPPFLAG_CURL_STATICLIB}-I@includedir@"
+@@ -142,7 +142,7 @@
+         ;;
+ 
+     --libs)
+-        if test "X@libdir@" != "X/usr/lib" -a "X@libdir@" != "X/usr/lib64"; then
+        if test "X@libdir@" != "X@GENTOO_PORTAGE_EPREFIX@/usr/lib" -a "X@libdir@" != "X@GENTOO_PORTAGE_EPREFIX@/usr/lib64"; then
+            CURLLIBDIR="-L@libdir@ "
+         else
+            CURLLIBDIR=""
--- a/net-misc/curl/files/curl-fix-gnutls-nettle.patch
+++ b/net-misc/curl/files/curl-fix-gnutls-nettle.patch
@ -0,0 +1,27 @@
+diff -Naur curl-7.25.0.orig//configure.ac curl-7.25.0/configure.ac
+--- curl-7.25.0.orig//configure.ac	2012-04-04 17:24:48.000000000 -0400
+++ curl-7.25.0/configure.ac	2012-04-04 17:23:07.000000000 -0400
+@@ -1823,20 +1823,9 @@
+ 
+ if test "$GNUTLS_ENABLED" = "1"; then
+   USE_GNUTLS_NETTLE=
+-  # First check if we can detect either crypto library via transitive linking
+-  AC_CHECK_LIB(gnutls, nettle_MD5Init, [ USE_GNUTLS_NETTLE=1 ])
+-  if test "$USE_GNUTLS_NETTLE" = ""; then
+-    AC_CHECK_LIB(gnutls, gcry_control, [ USE_GNUTLS_NETTLE=0 ])
+-  fi
+-  # If not, try linking directly to both of them to see if they are available
+-  if test "$USE_GNUTLS_NETTLE" = ""; then
+-    AC_CHECK_LIB(nettle, nettle_MD5Init, [ USE_GNUTLS_NETTLE=1 ])
+-  fi
+-  if test "$USE_GNUTLS_NETTLE" = ""; then
+-    AC_CHECK_LIB(gcrypt, gcry_control, [ USE_GNUTLS_NETTLE=0 ])
+-  fi
+-  if test "$USE_GNUTLS_NETTLE" = ""; then
+-    AC_MSG_ERROR([GnuTLS found, but neither gcrypt nor nettle found])
+  AC_ARG_WITH(nettle)
+  if test "x$withval" = "xyes"; then
+    USE_GNUTLS_NETTLE=1
+   fi
+   if test "$USE_GNUTLS_NETTLE" = "1"; then
+     AC_DEFINE(USE_GNUTLS_NETTLE, 1, [if GnuTLS uses nettle as crypto backend])
--- a/net-misc/curl/files/curl-respect-cflags-3.patch
+++ b/net-misc/curl/files/curl-respect-cflags-3.patch
@ -0,0 +1,14 @@
+diff --git a/configure.ac b/configure.ac
+index e9b49c7..e374ab6 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -280,9 +280,6 @@ dnl **********************************************************************
+ 
+ CURL_CHECK_COMPILER
+ CURL_SET_COMPILER_BASIC_OPTS
+-CURL_SET_COMPILER_DEBUG_OPTS
+-CURL_SET_COMPILER_OPTIMIZE_OPTS
+-CURL_SET_COMPILER_WARNING_OPTS
+ 
+ if test "$compiler_id" = "INTEL_UNIX_C"; then
+   #
--- a/net-misc/curl/metadata.xml
+++ b/net-misc/curl/metadata.xml
@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="person">
+		<email>blueness@gentoo.org</email>
+		<name>Anthony G. Basile</name>
+	</maintainer>
+	<use>
+		<flag name="alt-svc">Enable alt-svc support</flag>
+		<flag name="brotli">Enable brotli compression support</flag>
+		<flag name="ftp">Enable FTP support</flag>
+		<flag name="gnutls">Enable gnutls ssl backend</flag>
+		<flag name="gopher">Enable Gopher protocol support</flag>
+		<flag name="hsts">Enable HTTP Strict Transport Security</flag>
+		<flag name="http2">Enable HTTP/2.0 support</flag>
+		<flag name="imap">Enable Internet Message Access Protocol support</flag>
+		<flag name="mbedtls">Enable mbedtls ssl backend</flag>
+		<flag name="nghttp3">Enable HTTP/3.0 support using <pkg>net-libs/nghttp3</pkg> and <pkg>net-libs/ngtcp2</pkg></flag>
+		<flag name="quiche">Enable HTTP/3.0 support using <pkg>net-libs/quiche</pkg></flag>
+		<flag name="metalink">Enable metalink support</flag>
+		<flag name="nss">Enable nss ssl backend</flag>
+		<flag name="openssl">Enable openssl ssl backend</flag>
+		<flag name="pop3">Enable Post Office Protocol 3 support</flag>
+		<flag name="progress-meter">Enable the progress meter</flag>
+		<flag name="rtmp">Enable RTMP Streaming Media support</flag>
+		<flag name="smtp">Enable Simple Mail Transfer Protocol support</flag>
+		<flag name="ssh">Enable SSH urls in curl using libssh2</flag>
+		<flag name="ssl">Enable crypto engine support (via openssl if USE='-gnutls -nss')</flag>
+		<flag name="sslv3">Support for the old/insecure SSLv3 protocol</flag>
+		<flag name="telnet">Enable Telnet protocol support</flag>
+		<flag name="tftp">Enable TFTP support</flag>
+		<flag name="winssl">Enable winssl ssl backend</flag>
+		<flag name="zstd">Enable zstd compression</flag>
+	</use>
+	<upstream>
+		<remote-id type="cpe">cpe:/a:curl:curl</remote-id>
+		<remote-id type="cpe">cpe:/a:curl:libcurl</remote-id>
+		<remote-id type="cpe">cpe:/a:haxx:curl</remote-id>
+		<remote-id type="cpe">cpe:/a:haxx:libcurl</remote-id>
+	</upstream>
+</pkgmetadata>