upg curl krb5 nspr nss ca-cer-moz s-mail

curl/0001-http2-handle-DONE-called-for-the-paused-stream.patch

@@ -0,0 +1,34 @@
+From b5a9680577925a65477a666174a8e021ab418693 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Fri, 1 Apr 2022 13:22:58 +0200
+Subject: [PATCH 1/3] http2: handle DONE called for the paused stream
+
+As it could otherwise stall all streams on the connection
+
+Reported-by: Evangelos Foutras
+Fixes #8626
+Closes #8664
+---
+ lib/http2.c | 9 ++++-----
+ 1 file changed, 4 insertions(+), 5 deletions(-)
+
+diff --git a/lib/http2.c b/lib/http2.c
+index 82a993930..34daaf17c 100644
+--- a/lib/http2.c
++++ b/lib/http2.c
+@@ -1240,11 +1240,10 @@ void Curl_http2_done(struct Curl_easy *data, bool premature)
+     if(!nghttp2_submit_rst_stream(httpc->h2, NGHTTP2_FLAG_NONE,
+                                   http->stream_id, NGHTTP2_STREAM_CLOSED))
+       (void)nghttp2_session_send(httpc->h2);
+-
+-    if(http->stream_id == httpc->pause_stream_id) {
+-      H2BUGF(infof(data, "stopped the pause stream!"));
+-      httpc->pause_stream_id = 0;
+-    }
++  }
++  if(http->stream_id == httpc->pause_stream_id) {
++    H2BUGF(infof(data, "DONE the pause stream!"));
++    httpc->pause_stream_id = 0;
+   }
+ 
+   if(data->state.drain)

curl/0002-http-close-the-stream-not-connection-on-time-conditi.patch

@@ -0,0 +1,24 @@
+From 3fa634a33742c1c585a7d43e354cc227423ffb29 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Fri, 1 Apr 2022 13:22:58 +0200
+Subject: [PATCH 2/3] http: close the stream (not connection) on time condition
+ abort
+
+Closes #8664
+---
+ lib/http.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/http.c b/lib/http.c
+index 6445f98f8..63cc748e8 100644
+--- a/lib/http.c
++++ b/lib/http.c
+@@ -2955,7 +2955,7 @@ CURLcode Curl_http_firstwrite(struct Curl_easy *data,
+       infof(data, "Simulate a HTTP 304 response!");
+       /* we abort the transfer before it is completed == we ruin the
+          re-use ability. Close the connection */
+-      connclose(conn, "Simulated 304 handling");
++      streamclose(conn, "Simulated 304 handling");
+       return CURLE_OK;
+     }
+   } /* we have a time condition */

curl/0003-http2-RST-the-stream-if-we-stop-it-on-our-own-will.patch

@@ -0,0 +1,62 @@
+From fda4b81635672568efc716889d79e446bccc90ed Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Fri, 1 Apr 2022 13:23:04 +0200
+Subject: [PATCH 3/3] http2: RST the stream if we stop it on our own will
+
+For the "simulated 304" case the done-call isn't considered "premature"
+but since the server didn't close the stream it needs to be reset to
+stop delivering data.
+
+Closes #8664
+---
+ lib/http2.c | 24 +++++++++++++++---------
+ 1 file changed, 15 insertions(+), 9 deletions(-)
+
+diff --git a/lib/http2.c b/lib/http2.c
+index 34daaf17c..34031f17c 100644
+--- a/lib/http2.c
++++ b/lib/http2.c
+@@ -825,10 +825,14 @@ static int on_data_chunk_recv(nghttp2_session *session, uint8_t flags,
+ 
+   /* get the stream from the hash based on Stream ID */
+   data_s = nghttp2_session_get_stream_user_data(session, stream_id);
+-  if(!data_s)
+-    /* Receiving a Stream ID not in the hash should not happen, this is an
+-       internal error more than anything else! */
+-    return NGHTTP2_ERR_CALLBACK_FAILURE;
++  if(!data_s) {
++    /* Receiving a Stream ID not in the hash should not happen - unless
++       we have aborted a transfer artificially and there were more data
++       in the pipeline. Silently ignore. */
++    H2BUGF(fprintf(stderr, "Data for stream %u but it doesn't exist\n",
++                   stream_id));
++    return 0;
++  }
+ 
+   stream = data_s->req.p.http;
+   if(!stream)
+@@ -1234,17 +1238,19 @@ void Curl_http2_done(struct Curl_easy *data, bool premature)
+      !httpc->h2) /* not HTTP/2 ? */
+     return;
+ 
+-  if(premature) {
++  /* do this before the reset handling, as that might clear ->stream_id */
++  if(http->stream_id == httpc->pause_stream_id) {
++    H2BUGF(infof(data, "DONE the pause stream (%x)", http->stream_id));
++    httpc->pause_stream_id = 0;
++  }
++  if(premature || (!http->closed && http->stream_id)) {
+     /* RST_STREAM */
+     set_transfer(httpc, data); /* set the transfer */
++    H2BUGF(infof(data, "RST stream %x", http->stream_id));
+     if(!nghttp2_submit_rst_stream(httpc->h2, NGHTTP2_FLAG_NONE,
+                                   http->stream_id, NGHTTP2_STREAM_CLOSED))
+       (void)nghttp2_session_send(httpc->h2);
+   }
+-  if(http->stream_id == httpc->pause_stream_id) {
+-    H2BUGF(infof(data, "DONE the pause stream!"));
+-    httpc->pause_stream_id = 0;
+-  }
+ 
+   if(data->state.drain)
+     drained_transfer(data, httpc);

curl/PKGBUILD

@@ -7,7 +7,7 @@
 pkgbase=curl
 pkgname=(curl libcurl-compat libcurl-gnutls)
 pkgver=7.82.0
-pkgrel=01
+pkgrel=02
 pkgdesc='An URL retrieval utility and library - w/o ipv6 & zstd'
 arch=('x86_64')
 url='https://curl.haxx.se'
@@ -17,7 +17,11 @@ depends=('ca-certificates' 'brotli' 'libbrotlidec.so' 'krb5' 'libgssapi_krb5.so'
          'openssl' 'zlib')
 provides=('libcurl.so')
 
-source=("https://curl.haxx.se/download/${pkgname}-${pkgver}.tar.gz"{,.asc})
+source=("https://curl.haxx.se/download/${pkgname}-${pkgver}.tar.gz"{,.asc}
+        0001-http2-handle-DONE-called-for-the-paused-stream.patch
+        0002-http-close-the-stream-not-connection-on-time-conditi.patch
+        0003-http2-RST-the-stream-if-we-stop-it-on-our-own-will.patch)
+
 
 _configure_options=(
   --prefix='/usr'
@@ -36,6 +40,14 @@ _configure_options=(
   --with-ca-bundle='/etc/ssl/certs/ca-certificates.crt'
 )
 
+prepare() {
+  cd "${srcdir}/${pkgbase}-${pkgver}"
+  # https://github.com/curl/curl/issues/8626
+  patch -Np1 -i ../0001-http2-handle-DONE-called-for-the-paused-stream.patch
+  patch -Np1 -i ../0002-http-close-the-stream-not-connection-on-time-conditi.patch
+  patch -Np1 -i ../0003-http2-RST-the-stream-if-we-stop-it-on-our-own-will.patch
+}
+
 build() {
   mkdir build-curl{,-compat,-gnutls}
 
@@ -124,4 +136,7 @@ license=('MIT')
 validpgpkeys=('27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2') # Daniel Stenberg
 
 sha256sums=(910cc5fe279dc36e2cca534172c94364cf3fcf7d6494ba56e6c61a390881ddce # curl-7.82.0.tar.gz
-	c1799877d4d45e733f2c88373d5b6399f169133551e8968f131bb8447e673004) # curl-7.82.0.tar.gz.asc
+	c1799877d4d45e733f2c88373d5b6399f169133551e8968f131bb8447e673004 # curl-7.82.0.tar.gz.asc
+	ee63885393f548166e08a85ce20b21b680cd654ecb26594aad4e5d7f3299c496 # 0001-http2-handle-DONE-called-for-the-paused-stream.patch
+	9d93b236d302fc4c8115317139c6d8454d3c76b5ee4767266f8dbcfbf82a61f9 # 0002-http-close-the-stream-not-connection-on-time-conditi.patch
+	d3262ade60f214e2bd7b7cb1b705256e69fc7e79e162cc4b6c59dbf5a1b7b987) # 0003-http2-RST-the-stream-if-we-stop-it-on-our-own-will.patch

curl/PKGBUILD-arch

@@ -7,7 +7,7 @@
 pkgbase=curl
 pkgname=(curl libcurl-compat libcurl-gnutls)
 pkgver=7.82.0
-pkgrel=1
+pkgrel=2
 pkgdesc='An URL retrieval utility and library'
 arch=('x86_64')
 url='https://curl.haxx.se'
@@ -17,9 +17,15 @@ depends=('ca-certificates' 'brotli' 'libbrotlidec.so' 'krb5' 'libgssapi_krb5.so'
          'libidn2' 'libidn2.so' 'libnghttp2' 'libpsl' 'libpsl.so' 'libssh2' 'libssh2.so'
          'openssl' 'zlib' 'zstd' 'libzstd.so')
 provides=('libcurl.so')
-source=("https://curl.haxx.se/download/${pkgname}-${pkgver}.tar.gz"{,.asc})
+source=("https://curl.haxx.se/download/${pkgname}-${pkgver}.tar.gz"{,.asc}
+        0001-http2-handle-DONE-called-for-the-paused-stream.patch
+        0002-http-close-the-stream-not-connection-on-time-conditi.patch
+        0003-http2-RST-the-stream-if-we-stop-it-on-our-own-will.patch)
 sha512sums=('d4c4a785876e0d1ba1c1adbe65528d56a8b81fc03ff724e87819cfe51aca60f8a7bf2ac9384f30c3a6bbd28669b2bd3e9a6794737243c836c4902d085a72c474'
-            'SKIP')
+            'SKIP'
+            '0d883c3fc267c4c5d82078e03689db31f83292cb41f3f6fab26d05fa9cbaa77ae75cfd3bbb4f6953bbc4bc9760c54b49bdfdae219cd48af92312abbb1ba70ec6'
+            '422df75880b107a5c457d25ca1488166f5e61cc2876ad0193a742ad6cf4cae5363b0c7bd00cbaf9f49a5e5d503159cb2d2fd3d602abf3935dc3f77f14e9027dc'
+            '394f27e8721c23b82924064df8f72aa33f6e5064d0a3798a59543fd7d9660939437f1a6f45f03370d517edf5d4a218a9d41b4d62e7498d4f520f026da68007b1')
 validpgpkeys=('27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2') # Daniel Stenberg
 
 _configure_options=(
@@ -37,6 +43,14 @@ _configure_options=(
   --with-ca-bundle='/etc/ssl/certs/ca-certificates.crt'
 )
 
+prepare() {
+  cd "${srcdir}/${pkgbase}-${pkgver}"
+  # https://github.com/curl/curl/issues/8626
+  patch -Np1 -i ../0001-http2-handle-DONE-called-for-the-paused-stream.patch
+  patch -Np1 -i ../0002-http-close-the-stream-not-connection-on-time-conditi.patch
+  patch -Np1 -i ../0003-http2-RST-the-stream-if-we-stop-it-on-our-own-will.patch
+}
+
 build() {
   mkdir build-curl{,-compat,-gnutls}
 

curl/time

@@ -1,4 +1,5 @@
-real	2m14.693s
-user	4m24.129s
-sys	0m31.718s
+
+real	1m59.832s
+user	4m7.754s
+sys	0m27.322s
 

krb5/PKGBUILD

@@ -7,13 +7,13 @@
 
 pkgname=krb5
 _pkgvermajor=1.19
-pkgver=1.19.2
-pkgrel=02
+pkgver=1.19.3
+pkgrel=01
 pkgdesc='The Kerberos network authentication system w/o systemd'
 url='https://web.mit.edu/kerberos/'
-arch=('x86_64')
-depends=('glibc' 'e2fsprogs' 'libss.so' 'libcom_err.so' 'libldap' 'keyutils')
-makedepends=('perl' 'bison' 'gettext')
+arch=(x86_64)
+depends=(glibc e2fsprogs libss.so libcom_err.so libldap keyutils)
+makedepends=(perl bison gettext)
 provides=(
   libgssapi_krb5.so
   libgssrpc.so
@@ -83,11 +83,12 @@ package() {
 
 #---- license gpg-key sha256sums ----
 
-license=('custom')
+license=(custom)
 
-validpgpkeys=('2C732B1C0DBEF678AB3AF606A32F17FD0055C305'  # Tom Yu <tlyu@mit.edu>
-              'C4493CB739F4A89F9852CBC20CBA08575F8372DF') # Greg Hudson <ghudson@mit.edu>
+validpgpkeys=(2C732B1C0DBEF678AB3AF606A32F17FD0055C305  # Tom Yu <tlyu@mit.edu>
+              C4493CB739F4A89F9852CBC20CBA08575F8372DF) # Greg Hudson <ghudson@mit.edu>
 
-sha256sums=(10453fee4e3a8f8ce6129059e5c050b8a65dab1c257df68b99b3112eaa0cdf6a # krb5-1.19.2.tar.gz
-	afaa581a1551eba22c1f193c04f913193785e2dce12677ff2aed80503a99a8f8 # krb5-1.19.2.tar.gz.asc
+sha256sums=(56d04863cfddc9d9eb7af17556e043e3537d41c6e545610778676cf551b9dcd0 # krb5-1.19.3.tar.gz
+	65367b953d832f1a3d894a7b9b4062bc68fd7a455df3ab84c58dfa02227045c9 # krb5-1.19.3.tar.gz.asc
 	84007c7423f67db7a8b248b9643c49ef25f2d56ce15c2574eb41ecbf51bcd3f2) # krb5-config_LDFLAGS.patch
+

krb5/PKGBUILD-arch

@@ -2,13 +2,14 @@
 
 pkgname=krb5
 _pkgvermajor=1.19
-pkgver=1.19.2
-pkgrel=2
+pkgver=1.19.3
+pkgrel=1
 pkgdesc='The Kerberos network authentication system'
 url='https://web.mit.edu/kerberos/'
 arch=('x86_64')
 license=('custom')
-depends=('glibc' 'e2fsprogs' 'libss.so' 'libcom_err.so' 'libldap' 'keyutils')
+depends=('glibc' 'e2fsprogs' 'libldap' 'keyutils'
+         libkeyutils.so libss.so libcom_err.so)
 makedepends=('perl')
 provides=(
   libgssapi_krb5.so
@@ -35,7 +36,7 @@ source=(https://web.mit.edu/kerberos/dist/krb5/${_pkgvermajor}/${pkgname}-${pkgv
         krb5-kpropd.service
         krb5-kpropd@.service
         krb5-kpropd.socket)
-sha512sums=('b90d6ed0e1e8a87eb5cb2c36d88b823a6a6caabf85e5d419adb8a930f7eea09a5f8491464e7e454cca7ba88be09d19415962fe0036ad2e31fc584f9fc0bbd470'
+sha512sums=('18235440d6f7d8a72c5d7ca5cd8c6465e8adf091d85c483225c7b00d64b4688c1c7924cb800c2fc17e590b2709f1a9de48e6ec79f6debd11dcb7d6fa16c6f351'
             'SKIP'
             '5a3782ff17b383f8cd0415fd13538ab56afd788130d6ad640e9f2682b7deaae7f25713ce358058ed771091040dccf62a3bc87e6fd473d505ec189a95debcc801'
             'ae1fa980e8e30a83dfef7fe233be70a9ec530ebaffc344a0e7eba61e7de4c800421b45cf203f1e526cc8351754038d6539184b30aa049a567e2a9e80f0d39841'

krb5/deps

@@ -1,2 +1,3 @@
 bison
 gettext
+

krb5/time

@@ -1,8 +1,5 @@
 
-real	1m10.603s
-user	2m39.861s
-sys	0m14.208s
+real	1m5.642s
+user	2m23.215s
+sys	0m15.775s
 
-real	1m38.936s
-user	2m41.312s
-sys	0m15.232s

nspr/PKGBUILD

@@ -6,18 +6,19 @@
 
 pkgname=nspr
 pkgver=4.33
-pkgrel=01
+pkgrel=02
 pkgdesc="Netscape Portable Runtime"
 url="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSPR"
 arch=(x86_64)
 depends=(glibc sh)
+#options=(debug)  # uncomment this line to produce the debug pkg
 makedepends=(zip mercurial)
 _revision=5f753966dc01e1872eb4fee6e7b6d0a4fd3daad2
 source=("hg+https://hg.mozilla.org/projects/nspr#revision=$_revision")
 
 pkgver() {
   cd nspr
-  hg id -t | sed 's/^NSPR_//;s/_RTM$//;s/_/./g'
+  hg id -t -r. | sed 's/^NSPR_//;s/_RTM$//;s/_/./g'
 }
 
 prepare() {
@@ -53,4 +54,3 @@ package() {
 license=(MPL GPL)
 
 sha256sums=(SKIP)
-

nspr/PKGBUILD-arch

@@ -4,20 +4,21 @@
 
 pkgname=nspr
 pkgver=4.33
-pkgrel=1
+pkgrel=2
 pkgdesc="Netscape Portable Runtime"
 url="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSPR"
 arch=(x86_64)
 license=(MPL GPL)
 depends=(glibc sh)
 makedepends=(zip mercurial)
+options=(debug)
 _revision=5f753966dc01e1872eb4fee6e7b6d0a4fd3daad2
 source=("hg+https://hg.mozilla.org/projects/nspr#revision=$_revision")
 sha256sums=('SKIP')
 
 pkgver() {
   cd nspr
-  hg id -t | sed 's/^NSPR_//;s/_RTM$//;s/_/./g'
+  hg id -t -r. | sed 's/^NSPR_//;s/_RTM$//;s/_/./g'
 }
 
 prepare() {

nspr/deps

@@ -1,3 +1,2 @@
 zip 
 mercurial
-

nss/PKGBUILD

@@ -7,7 +7,7 @@
 
 pkgbase=nss
 pkgname=(nss ca-certificates-mozilla)
-pkgver=3.76.1
+pkgver=3.77
 pkgrel=01
 pkgdesc="Network Security Services - zstd mandatory here!"
 # experiment without zstd
@@ -15,7 +15,9 @@ url="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
 arch=(x86_64)
 depends=(nspr sqlite zlib sh 'p11-kit>=0.23.19')
 makedepends=(perl python gyp mercurial)
-_revision=0e6c67470eed5044ace519e2405ddfa7186f0dc2
+#options=(debug) # uncomment this if you need to build the nss debug pkg
+_revision=270cfaea32850b30e16a720207a43168d6b64863
+
 source=("hg+https://hg.mozilla.org/projects/nss#revision=$_revision"
         certdata2pem.py
 	bundle.sh)

nss/PKGBUILD-arch

@@ -3,7 +3,7 @@
 
 pkgbase=nss
 pkgname=(nss ca-certificates-mozilla)
-pkgver=3.76
+pkgver=3.77
 pkgrel=1
 pkgdesc="Network Security Services"
 url="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
@@ -11,7 +11,8 @@ arch=(x86_64)
 license=(MPL GPL)
 depends=(nspr sqlite zlib sh 'p11-kit>=0.23.19')
 makedepends=(perl python gyp mercurial)
-_revision=b5b9832a38988f8b6ad58c81235ee85a62bdc8e0
+options=(debug)
+_revision=270cfaea32850b30e16a720207a43168d6b64863
 source=("hg+https://hg.mozilla.org/projects/nss#revision=$_revision"
         certdata2pem.py bundle.sh)
 sha256sums=('SKIP'

nss/deps

@@ -2,3 +2,4 @@ nspr
 python
 gyp
 mercurial
+

s-nail/PKGBUILD

@@ -5,7 +5,7 @@
 #-----------------------------------------| DESCRIPTION |---------------------------------------
 
 pkgname=s-nail
-pkgver=14.9.23
+pkgver=14.9.24
 pkgrel=01
 pkgdesc='Environment for sending and receiving mail'
 url='https://www.sdaoden.eu/code.html#s-nail'
@@ -53,5 +53,5 @@ license=('custom:BSD')
 
 validpgpkeys=('EE19E1C1F2F7054F8D3954D8308964B51883A0DD')
 
-sha256sums=(2c717b22f4cd8719b82b6618640da6031382d2bf8eb51283bca2c6266957bca8 # s-nail-14.9.23.tar.xz
-	d7210946dbf4080e04042aa577a95b47793c072238152d13b8073a759114cc7f) # s-nail-14.9.23.tar.xz.asc
+sha256sums=(2714d6b8fb2af3b363fc7c79b76d058753716345d1b6ebcd8870ecd0e4f7ef8c # s-nail-14.9.24.tar.xz
+	f6c5772fc4c14c92748c5d915c4d7371f734e6f62e88f724d86c6f8aabd5dfb1) # s-nail-14.9.24.tar.xz.asc

s-nail/PKGBUILD-arch

@@ -4,7 +4,7 @@
 # Contributor: Andreas Wagner <Andreas.Wagner@em.uni-frankfurt.de>
 
 pkgname=s-nail
-pkgver=14.9.23
+pkgver=14.9.24
 pkgrel=1
 pkgdesc='Environment for sending and receiving mail'
 url='https://www.sdaoden.eu/code.html#s-nail'
@@ -14,7 +14,7 @@ depends=('openssl' 'krb5' 'libidn2')
 optdepends=('smtp-forwarder: for sending mail')
 validpgpkeys=('EE19E1C1F2F7054F8D3954D8308964B51883A0DD')
 source=("https://www.sdaoden.eu/downloads/${pkgname}-${pkgver}.tar.xz"{,.asc})
-sha512sums=('6977554b116c9cf92ab0a5923c0e05eadbb3c0c435a8dee7f848c6999b6c6e02d775b5510531a6737cd64f76de8ff335ea3fac76e8fcdd8655a2a03c320ed7e8'
+sha512sums=('03f6a6f446391b6f91ed3c8875c3e7fdfac9d4e77ea1d52a7e98aa84cfd0edae137d5b9afba3bdc9a31ab67cee5237930b74b42ae3acb54aee4758553a4f1df2'
             'SKIP')
 
 backup=('etc/mail.rc')

s-nail/deps

@@ -0,0 +1 @@
+