From 7cf87a2dac41a1bc2993162736794e8f11cc6481 Mon Sep 17 00:00:00 2001 From: cr1symo <187496241+cr1symo@users.noreply.github.com> Date: Wed, 6 Nov 2024 11:46:52 +0200 Subject: [PATCH 1/2] Fixes in patches - cURL 8.7.1 patch libcurl.def, scripts/singleuse.pl only exists in newer versions - BoringSSL (SSL_CTX_set_extension_order and SSL_CTX_set_key_usage_check_enabled) twice re-declared fail gcc - BoringSSL unsigned ext_index initial value https://github.com/lexiforest/curl-impersonate/issues/81 --- chrome/patches/boringssl.patch | 35 +++------ chrome/patches/curl-impersonate.patch | 100 ++++++++++++-------------- 2 files changed, 55 insertions(+), 80 deletions(-) diff --git a/chrome/patches/boringssl.patch b/chrome/patches/boringssl.patch index d3adf2de..f02b9734 100644 --- a/chrome/patches/boringssl.patch +++ b/chrome/patches/boringssl.patch @@ -1,6 +1,6 @@ diff --git a/export.sh b/export.sh new file mode 100755 -index 000000000..678d1ca41 +index 0000000..678d1ca --- /dev/null +++ b/export.sh @@ -0,0 +1,4 @@ @@ -9,27 +9,14 @@ index 000000000..678d1ca41 +git diff d24a382 > boringssl.patch +mv boringssl.patch ../curl-impersonate/chrome/patches/boringssl.patch diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h -index e500dd76e..e75bca26b 100644 +index e500dd7..f5f072c 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h -@@ -1560,6 +1560,12 @@ OPENSSL_EXPORT int SSL_CTX_set_strict_cipher_list(SSL_CTX *ctx, - // garbage inputs, unless an empty cipher list results. - OPENSSL_EXPORT int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str); - -+// curl-impersonate: set the extension order by given string -+OPENSSL_EXPORT int SSL_CTX_set_extension_order(SSL_CTX *ctx, char *order); -+ -+// curl-impersonate -+OPENSSL_EXPORT int SSL_CTX_set_key_usage_check_enabled(SSL_CTX *ctx, int enabled); -+ - // SSL_set_strict_cipher_list configures the cipher list for |ssl|, evaluating - // |str| as a cipher string and returning error if |str| contains anything - // meaningless. It returns one on success and zero on failure. -@@ -4583,6 +4589,12 @@ OPENSSL_EXPORT void SSL_CTX_set_grease_enabled(SSL_CTX *ctx, int enabled); +@@ -4583,6 +4583,12 @@ OPENSSL_EXPORT void SSL_CTX_set_grease_enabled(SSL_CTX *ctx, int enabled); // permute extensions. For now, this is only implemented for the ClientHello. OPENSSL_EXPORT void SSL_CTX_set_permute_extensions(SSL_CTX *ctx, int enabled); -+// curl-impersonate ++// curl-impersonate: set the extension order by given string +OPENSSL_EXPORT int SSL_CTX_set_extension_order(SSL_CTX *ctx, char *order); + +// curl-impersonate @@ -39,7 +26,7 @@ index e500dd76e..e75bca26b 100644 // permute extensions. For now, this is only implemented for the ClientHello. OPENSSL_EXPORT void SSL_set_permute_extensions(SSL *ssl, int enabled); diff --git a/ssl/extensions.cc b/ssl/extensions.cc -index b13400097..8b457b873 100644 +index b134000..4315c1b 100644 --- a/ssl/extensions.cc +++ b/ssl/extensions.cc @@ -3313,6 +3313,7 @@ bool ssl_setup_extension_permutation(SSL_HANDSHAKE *hs) { @@ -91,7 +78,7 @@ index b13400097..8b457b873 100644 + char *ext = strtok(tmp, delimiter); + size_t idx = 0; + while (ext != nullptr) { -+ unsigned ext_index; ++ unsigned ext_index = 0; // bugfix gcc https://github.com/lexiforest/curl-impersonate/issues/81 + tls_extension_find(&ext_index, atoi(ext)); + // fprintf(stderr, "found %d -> %d, ", atoi(ext), ext_index); + order[idx] = ext_index; @@ -132,7 +119,7 @@ index b13400097..8b457b873 100644 if (!kExtensions[i].add_clienthello(hs, &extensions, &extensions, type)) { OPENSSL_PUT_ERROR(SSL, SSL_R_ERROR_ADDING_EXTENSION); diff --git a/ssl/handshake_client.cc b/ssl/handshake_client.cc -index 971ebd0b1..effe5c920 100644 +index 971ebd0..effe5c9 100644 --- a/ssl/handshake_client.cc +++ b/ssl/handshake_client.cc @@ -215,14 +215,6 @@ static void ssl_get_client_disabled(const SSL_HANDSHAKE *hs, @@ -199,7 +186,7 @@ index 971ebd0b1..effe5c920 100644 EVP_PKEY_id(hs->peer_pubkey.get()) != EVP_PKEY_RSA) { return ssl_hs_error; diff --git a/ssl/internal.h b/ssl/internal.h -index c9facb699..a32e9b4ba 100644 +index c9facb6..a32e9b4 100644 --- a/ssl/internal.h +++ b/ssl/internal.h @@ -574,9 +574,14 @@ BSSL_NAMESPACE_BEGIN @@ -258,7 +245,7 @@ index c9facb699..a32e9b4ba 100644 LHASH_OF(SSL_SESSION) *sessions = nullptr; // Most session-ids that will be cached, default is diff --git a/ssl/ssl_cipher.cc b/ssl/ssl_cipher.cc -index fd8cef95d..3d2c8ff6d 100644 +index fd8cef9..3d2c8ff 100644 --- a/ssl/ssl_cipher.cc +++ b/ssl/ssl_cipher.cc @@ -197,6 +197,37 @@ static constexpr SSL_CIPHER kCiphers[] = { @@ -488,7 +475,7 @@ index fd8cef95d..3d2c8ff6d 100644 "Not all ciphers are included in the cipher order"); diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc -index 58b68e675..455ee4dd0 100644 +index 58b68e6..455ee4d 100644 --- a/ssl/ssl_lib.cc +++ b/ssl/ssl_lib.cc @@ -657,6 +657,8 @@ SSL *SSL_new(SSL_CTX *ctx) { @@ -519,7 +506,7 @@ index 58b68e675..455ee4dd0 100644 if (!ssl->config) { return; diff --git a/ssl/ssl_privkey.cc b/ssl/ssl_privkey.cc -index 57116cd6c..fa1652832 100644 +index 57116cd..fa16528 100644 --- a/ssl/ssl_privkey.cc +++ b/ssl/ssl_privkey.cc @@ -594,7 +594,7 @@ static bool sigalgs_unique(Span in_sigalgs) { diff --git a/chrome/patches/curl-impersonate.patch b/chrome/patches/curl-impersonate.patch index 77dc199e..71839d6f 100644 --- a/chrome/patches/curl-impersonate.patch +++ b/chrome/patches/curl-impersonate.patch @@ -1,5 +1,5 @@ diff --git a/CMakeLists.txt b/CMakeLists.txt -index 656aa7c74..594e9574a 100644 +index 656aa7c..594e957 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -627,6 +627,29 @@ macro(openssl_check_symbol_exists SYMBOL FILES VARIABLE) @@ -33,7 +33,7 @@ index 656aa7c74..594e9574a 100644 macro(openssl_check_quic) if(NOT DEFINED HAVE_SSL_CTX_SET_QUIC_METHOD) diff --git a/Makefile.am b/Makefile.am -index 658189e47..1ebc38b5a 100644 +index 658189e..1ebc38b 100644 --- a/Makefile.am +++ b/Makefile.am @@ -132,13 +132,13 @@ CLEANFILES = $(VC14_LIBVCXPROJ) $(VC14_SRCVCXPROJ) \ @@ -53,7 +53,7 @@ index 658189e47..1ebc38b5a 100644 # List of files required to generate VC IDE .dsp, .vcproj and .vcxproj files include lib/Makefile.inc diff --git a/configure.ac b/configure.ac -index 49371a755..a19c12b95 100644 +index 49371a7..a19c12b 100644 --- a/configure.ac +++ b/configure.ac @@ -1422,7 +1422,8 @@ if test X"$OPT_BROTLI" != Xno; then @@ -120,7 +120,7 @@ index 49371a755..a19c12b95 100644 AC_OUTPUT diff --git a/curl-config.in b/curl-config.in -index 54f92d931..ea5895e9b 100644 +index 54f92d9..ea5895e 100644 --- a/curl-config.in +++ b/curl-config.in @@ -163,9 +163,9 @@ while test $# -gt 0; do @@ -146,7 +146,7 @@ index 54f92d931..ea5895e9b 100644 exit 1 diff --git a/export.sh b/export.sh new file mode 100755 -index 000000000..7bced6879 +index 0000000..7bced68 --- /dev/null +++ b/export.sh @@ -0,0 +1,9 @@ @@ -160,7 +160,7 @@ index 000000000..7bced6879 +git df curl-8_7_1 > chrome.patch +mv chrome.patch ../curl-impersonate/chrome/patches/curl-impersonate.patch diff --git a/include/curl/curl.h b/include/curl/curl.h -index b2377b789..d695b803e 100644 +index b2377b7..d695b80 100644 --- a/include/curl/curl.h +++ b/include/curl/curl.h @@ -632,6 +632,7 @@ typedef enum { @@ -258,7 +258,7 @@ index b2377b789..d695b803e 100644 } CURLoption; diff --git a/include/curl/easy.h b/include/curl/easy.h -index 1285101c5..c620065dc 100644 +index 1285101..c620065 100644 --- a/include/curl/easy.h +++ b/include/curl/easy.h @@ -43,6 +43,16 @@ CURL_EXTERN CURLcode curl_easy_setopt(CURL *curl, CURLoption option, ...); @@ -279,7 +279,7 @@ index 1285101c5..c620065dc 100644 * NAME curl_easy_getinfo() * diff --git a/include/curl/typecheck-gcc.h b/include/curl/typecheck-gcc.h -index b880f3dc6..79074e011 100644 +index b880f3d..79074e0 100644 --- a/include/curl/typecheck-gcc.h +++ b/include/curl/typecheck-gcc.h @@ -275,6 +275,7 @@ CURLWARNING(_curl_easy_getinfo_err_curl_off_t, @@ -291,7 +291,7 @@ index b880f3dc6..79074e011 100644 (option) == CURLOPT_FTP_ACCOUNT || \ (option) == CURLOPT_FTP_ALTERNATIVE_TO_USER || \ diff --git a/lib/Makefile.am b/lib/Makefile.am -index 1237c8e99..6b2961018 100644 +index 1237c8e..6b29610 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -31,7 +31,7 @@ EXTRA_DIST = Makefile.mk config-win32.h config-win32ce.h config-plan9.h \ @@ -372,7 +372,7 @@ index 1237c8e99..6b2961018 100644 libcurlu_la_CPPFLAGS = $(AM_CPPFLAGS) -DCURL_STATICLIB -DUNITTESTS libcurlu_la_LDFLAGS = $(AM_LDFLAGS) -static $(LIBCURL_LIBS) diff --git a/lib/Makefile.inc b/lib/Makefile.inc -index 400e2b1ac..ff3e479aa 100644 +index 400e2b1..ff3e479 100644 --- a/lib/Makefile.inc +++ b/lib/Makefile.inc @@ -177,6 +177,7 @@ LIB_CFILES = \ @@ -384,7 +384,7 @@ index 400e2b1ac..ff3e479aa 100644 inet_pton.c \ krb5.c \ diff --git a/lib/content_encoding.c b/lib/content_encoding.c -index c1abf24e8..8e926dd2e 100644 +index c1abf24..8e926dd 100644 --- a/lib/content_encoding.c +++ b/lib/content_encoding.c @@ -300,7 +300,7 @@ static CURLcode deflate_do_write(struct Curl_easy *data, @@ -433,7 +433,7 @@ index c1abf24e8..8e926dd2e 100644 failf(data, "Unrecognized content encoding type. " diff --git a/lib/curl_config.h.cmake b/lib/curl_config.h.cmake -index 0f4db6982..dfabbefca 100644 +index 0f4db69..dfabbef 100644 --- a/lib/curl_config.h.cmake +++ b/lib/curl_config.h.cmake @@ -796,3 +796,6 @@ ${SIZEOF_TIME_T_CODE} @@ -444,7 +444,7 @@ index 0f4db6982..dfabbefca 100644 +/* if ECH support is available */ +#cmakedefine USE_ECH 1 diff --git a/lib/dynhds.c b/lib/dynhds.c -index d7548959b..00f97506b 100644 +index d754895..00f9750 100644 --- a/lib/dynhds.c +++ b/lib/dynhds.c @@ -56,6 +56,8 @@ entry_new(const char *name, size_t namelen, @@ -474,7 +474,7 @@ index d7548959b..00f97506b 100644 { DEBUGASSERT(dynhds); diff --git a/lib/dynhds.h b/lib/dynhds.h -index 3b536000a..d7135698f 100644 +index 3b53600..d713569 100644 --- a/lib/dynhds.h +++ b/lib/dynhds.h @@ -53,6 +53,7 @@ struct dynhds { @@ -495,7 +495,7 @@ index 3b536000a..d7135698f 100644 /** * Return the n-th header entry or NULL if it does not exist. diff --git a/lib/easy.c b/lib/easy.c -index dc4870608..4746133e9 100644 +index dc48706..4746133 100644 --- a/lib/easy.c +++ b/lib/easy.c @@ -75,6 +75,8 @@ @@ -817,7 +817,7 @@ index dc4870608..4746133e9 100644 /* diff --git a/lib/easyoptions.c b/lib/easyoptions.c -index 9c4438a10..56eabf082 100644 +index 9c4438a..56eabf0 100644 --- a/lib/easyoptions.c +++ b/lib/easyoptions.c @@ -86,6 +86,7 @@ struct curl_easyoption Curl_easyopts[] = { @@ -893,7 +893,7 @@ index 9c4438a10..56eabf082 100644 } #endif diff --git a/lib/http.c b/lib/http.c -index 92c04e69c..84ece2a16 100644 +index 92c04e6..84ece2a 100644 --- a/lib/http.c +++ b/lib/http.c @@ -91,6 +91,7 @@ @@ -1181,7 +1181,7 @@ index 92c04e69c..84ece2a16 100644 } diff --git a/lib/http2.c b/lib/http2.c -index 99d7f3b0e..88419cfca 100644 +index 99d7f3b..88419cf 100644 --- a/lib/http2.c +++ b/lib/http2.c @@ -51,6 +51,7 @@ @@ -1507,7 +1507,7 @@ index 99d7f3b0e..88419cfca 100644 ctx->nw_out_blocked = 0; diff --git a/lib/http2.h b/lib/http2.h -index 80e183480..8ee390b7e 100644 +index 80e1834..8ee390b 100644 --- a/lib/http2.h +++ b/lib/http2.h @@ -31,7 +31,8 @@ @@ -1522,7 +1522,7 @@ index 80e183480..8ee390b7e 100644 * Store nghttp2 version info in this buffer. diff --git a/lib/impersonate.c b/lib/impersonate.c new file mode 100644 -index 000000000..3054870de +index 0000000..3054870 --- /dev/null +++ b/lib/impersonate.c @@ -0,0 +1,1127 @@ @@ -2655,7 +2655,7 @@ index 000000000..3054870de +}; diff --git a/lib/impersonate.h b/lib/impersonate.h new file mode 100644 -index 000000000..988a7f86a +index 0000000..988a7f8 --- /dev/null +++ b/lib/impersonate.h @@ -0,0 +1,52 @@ @@ -2712,7 +2712,7 @@ index 000000000..988a7f86a + +#endif /* HEADER_CURL_IMPERSONATE_H */ diff --git a/lib/multi.c b/lib/multi.c -index ed9cac796..6ca666e4a 100644 +index ed9cac7..6ca666e 100644 --- a/lib/multi.c +++ b/lib/multi.c @@ -401,7 +401,8 @@ struct Curl_multi *Curl_multi_handle(int hashsize, /* socket hash */ @@ -2726,7 +2726,7 @@ index ed9cac796..6ca666e4a 100644 #ifdef USE_WINSOCK multi->wsa_event = WSACreateEvent(); diff --git a/lib/setopt.c b/lib/setopt.c -index 8a5a5d7c3..feddeeccb 100644 +index 8a5a5d7..feddeec 100644 --- a/lib/setopt.c +++ b/lib/setopt.c @@ -51,6 +51,7 @@ @@ -2890,7 +2890,7 @@ index 8a5a5d7c3..feddeeccb 100644 case CURLOPT_QUICK_EXIT: data->set.quick_exit = (0 != va_arg(param, long)) ? 1L:0L; diff --git a/lib/strerror.c b/lib/strerror.c -index a900e78d1..e7d54905a 100644 +index a900e78..e7d5490 100644 --- a/lib/strerror.c +++ b/lib/strerror.c @@ -322,6 +322,11 @@ curl_easy_strerror(CURLcode error) @@ -2906,7 +2906,7 @@ index a900e78d1..e7d54905a 100644 case CURLE_OBSOLETE20: case CURLE_OBSOLETE24: diff --git a/lib/transfer.c b/lib/transfer.c -index e31d1d6db..66e106901 100644 +index e31d1d6..66e1069 100644 --- a/lib/transfer.c +++ b/lib/transfer.c @@ -105,7 +105,15 @@ char *Curl_checkheaders(const struct Curl_easy *data, @@ -2927,7 +2927,7 @@ index e31d1d6db..66e106901 100644 Curl_headersep(head->data[thislen]) ) return head->data; diff --git a/lib/url.c b/lib/url.c -index 224b9f3e2..db07bfa40 100644 +index 224b9f3..db07bfa 100644 --- a/lib/url.c +++ b/lib/url.c @@ -320,6 +320,20 @@ CURLcode Curl_close(struct Curl_easy **datap) @@ -2973,7 +2973,7 @@ index 224b9f3e2..db07bfa40 100644 if(waitpipe) diff --git a/lib/urldata.h b/lib/urldata.h -index ce28f25bb..c61641d5a 100644 +index ce28f25..c61641d 100644 --- a/lib/urldata.h +++ b/lib/urldata.h @@ -53,6 +53,15 @@ @@ -3081,7 +3081,7 @@ index ce28f25bb..c61641d5a 100644 #ifndef CURL_DISABLE_MIME diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c -index a3953f6c3..a3421e2bb 100644 +index a3953f6..a3421e2 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -79,9 +79,24 @@ @@ -3603,7 +3603,7 @@ index a3953f6c3..a3421e2bb 100644 /* Sets data and len to negotiated protocol, len is 0 if no protocol was * negotiated diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c -index d13a3cb1b..5ec3db492 100644 +index d13a3cb..5ec3db4 100644 --- a/lib/vtls/vtls.c +++ b/lib/vtls/vtls.c @@ -139,6 +139,9 @@ static const struct alpn_spec ALPN_SPEC_H11 = { @@ -3721,7 +3721,7 @@ index d13a3cb1b..5ec3db492 100644 result = CURLE_OUT_OF_MEMORY; goto out; diff --git a/lib/vtls/vtls.h b/lib/vtls/vtls.h -index 744bbf8fd..3bd42ee9d 100644 +index 744bbf8..3bd42ee 100644 --- a/lib/vtls/vtls.h +++ b/lib/vtls/vtls.h @@ -44,6 +44,8 @@ struct Curl_ssl_session; @@ -3734,7 +3734,7 @@ index 744bbf8fd..3bd42ee9d 100644 ALPN_ACCEPTED "%s" #define VTLS_INFOF_ALPN_ACCEPTED_LEN_1STR \ diff --git a/lib/vtls/vtls_int.h b/lib/vtls/vtls_int.h -index 0361fa95a..417e6a689 100644 +index 0361fa9..417e6a6 100644 --- a/lib/vtls/vtls_int.h +++ b/lib/vtls/vtls_int.h @@ -70,6 +70,7 @@ struct ssl_connect_data { @@ -3746,7 +3746,7 @@ index 0361fa95a..417e6a689 100644 struct cf_call_data call_data; /* data handle used in current call */ struct curltime handshake_done; /* time when handshake finished */ diff --git a/libcurl.def b/libcurl.def -index c6c96063a..ac52a596d 100644 +index c6c9606..ac52a59 100644 --- a/libcurl.def +++ b/libcurl.def @@ -5,6 +5,7 @@ curl_easy_escape @@ -3758,7 +3758,7 @@ index c6c96063a..ac52a596d 100644 curl_easy_option_by_id curl_easy_option_by_name diff --git a/libcurl.pc.in b/libcurl.pc.in -index 9db6b0f89..14c2f23e0 100644 +index 9db6b0f..14c2f23 100644 --- a/libcurl.pc.in +++ b/libcurl.pc.in @@ -36,6 +36,6 @@ Name: libcurl @@ -3770,7 +3770,7 @@ index 9db6b0f89..14c2f23e0 100644 Libs.private: @LIBCURL_LIBS@ Cflags: -I${includedir} @CPPFLAG_CURL_STATICLIB@ diff --git a/m4/curl-compilers.m4 b/m4/curl-compilers.m4 -index 9a4547709..42bc87373 100644 +index 9a45477..42bc873 100644 --- a/m4/curl-compilers.m4 +++ b/m4/curl-compilers.m4 @@ -381,42 +381,55 @@ AC_DEFUN([CURL_CONVERT_INCLUDE_TO_ISYSTEM], [ @@ -3864,20 +3864,8 @@ index 9a4547709..42bc87373 100644 ]) -diff --git a/scripts/singleuse.pl b/scripts/singleuse.pl -index 064990226..172bdc2d0 100755 ---- a/scripts/singleuse.pl -+++ b/scripts/singleuse.pl -@@ -56,6 +56,7 @@ my %api = ( - 'curl_easy_escape' => 'API', - 'curl_easy_getinfo' => 'API', - 'curl_easy_init' => 'API', -+ 'curl_easy_impersonate' => 'API', - 'curl_easy_pause' => 'API', - 'curl_easy_perform' => 'API', - 'curl_easy_recv' => 'API', diff --git a/src/Makefile.am b/src/Makefile.am -index fcc9cfdf9..18766b7dc 100644 +index fcc9cfd..18766b7 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -43,7 +43,7 @@ AM_CPPFLAGS = -I$(top_srcdir)/include \ @@ -3914,7 +3902,7 @@ index fcc9cfdf9..18766b7dc 100644 # if unit tests are enabled, build a static library to link them with diff --git a/src/tool_cfgable.c b/src/tool_cfgable.c -index 3259bc7a5..e46fd7539 100644 +index 3259bc7..e46fd75 100644 --- a/src/tool_cfgable.c +++ b/src/tool_cfgable.c @@ -96,6 +96,14 @@ static void free_config_fields(struct OperationConfig *config) @@ -3948,7 +3936,7 @@ index 3259bc7a5..e46fd7539 100644 void config_free(struct OperationConfig *config) diff --git a/src/tool_cfgable.h b/src/tool_cfgable.h -index dfa74d81f..349a46af6 100644 +index dfa74d8..349a46a 100644 --- a/src/tool_cfgable.h +++ b/src/tool_cfgable.h @@ -161,8 +161,18 @@ struct OperationConfig { @@ -4000,7 +3988,7 @@ index dfa74d81f..349a46af6 100644 struct GlobalConfig { diff --git a/src/tool_getparam.c b/src/tool_getparam.c -index c6a9c9358..2234eb78d 100644 +index c6a9c93..2234eb7 100644 --- a/src/tool_getparam.c +++ b/src/tool_getparam.c @@ -77,6 +77,7 @@ static ParameterError getstr(char **str, const char *val, bool allowblank) @@ -4227,7 +4215,7 @@ index c6a9c9358..2234eb78d 100644 global->showerror = toggle; break; diff --git a/src/tool_listhelp.c b/src/tool_listhelp.c -index 5d9364405..f346f8e0c 100644 +index 5d93644..f346f8e 100644 --- a/src/tool_listhelp.c +++ b/src/tool_listhelp.c @@ -111,6 +111,27 @@ const struct helptxt helptext[] = { @@ -4281,7 +4269,7 @@ index 5d9364405..f346f8e0c 100644 "Disable buffering of the output stream", CURLHELP_CURL}, diff --git a/src/tool_operate.c b/src/tool_operate.c -index 7e2c1eefe..8f96c7b08 100644 +index 7e2c1ee..8f96c7b 100644 --- a/src/tool_operate.c +++ b/src/tool_operate.c @@ -1510,6 +1510,36 @@ static CURLcode single_transfer(struct GlobalConfig *global, @@ -4393,7 +4381,7 @@ index 7e2c1eefe..8f96c7b08 100644 per->retry_sleep_default = (config->retry_delay) ? config->retry_delay*1000L : RETRY_SLEEP_DEFAULT; /* ms */ diff --git a/src/tool_setopt.c b/src/tool_setopt.c -index 656adbda8..d149ae238 100644 +index 656adbd..d149ae2 100644 --- a/src/tool_setopt.c +++ b/src/tool_setopt.c @@ -163,6 +163,10 @@ static const struct NameValue setopt_nv_CURLNONZERODEFAULTS[] = { @@ -4408,7 +4396,7 @@ index 656adbda8..d149ae238 100644 NV1(CURLOPT_PROXY_SSL_VERIFYPEER, 1), NV1(CURLOPT_PROXY_SSL_VERIFYHOST, 1), diff --git a/tests/http/test_02_download.py b/tests/http/test_02_download.py -index 4db9c9d36..395fc862f 100644 +index 4db9c9d..395fc86 100644 --- a/tests/http/test_02_download.py +++ b/tests/http/test_02_download.py @@ -394,6 +394,19 @@ class TestDownload: @@ -4432,7 +4420,7 @@ index 4db9c9d36..395fc862f 100644 complete: bool = True): for i in range(count): diff --git a/tests/http/testenv/env.py b/tests/http/testenv/env.py -index a207059dc..13c5d6bd4 100644 +index a207059..13c5d6b 100644 --- a/tests/http/testenv/env.py +++ b/tests/http/testenv/env.py @@ -129,10 +129,11 @@ class EnvConfig: @@ -4460,7 +4448,7 @@ index a207059dc..13c5d6bd4 100644 def domain2(self) -> str: return self.CONFIG.domain2 diff --git a/tests/http/testenv/httpd.py b/tests/http/testenv/httpd.py -index c04c22699..b8615875a 100644 +index c04c226..b861587 100644 --- a/tests/http/testenv/httpd.py +++ b/tests/http/testenv/httpd.py @@ -50,6 +50,7 @@ class Httpd: From 8b501681cb36db45d42eb5bc99cfaec1413e67b8 Mon Sep 17 00:00:00 2001 From: cr1symo <187496241+cr1symo@users.noreply.github.com> Date: Wed, 6 Nov 2024 12:36:31 +0200 Subject: [PATCH 2/2] debian dockerfile patchine "boringssl-*.patch" error --- docker/alpine.dockerfile | 54 +++++++++++++++---------------- docker/debian.dockerfile | 64 ++++++++++++++++++------------------- docker/dockerfile.mustache | 65 ++++++++++++++++++-------------------- docker/generate.sh | 4 +-- 4 files changed, 88 insertions(+), 99 deletions(-) diff --git a/docker/alpine.dockerfile b/docker/alpine.dockerfile index 08d74713..10440676 100644 --- a/docker/alpine.dockerfile +++ b/docker/alpine.dockerfile @@ -10,16 +10,13 @@ FROM alpine:3.18 as builder WORKDIR /build # Common dependencies -RUN apk add git bash build-base make cmake ninja curl zlib-dev patch linux-headers python3 python3-dev - -# The following are needed because we are going to change some autoconf scripts, -# both for libnghttp2 and curl. -RUN apk add autoconf automake pkgconfig libtool - - - -# Dependencies for downloading and building BoringSSL -RUN apk add g++ go unzip +RUN apk add --update \ + git bash build-base make cmake ninja curl zlib-dev patch linux-headers python3 python3-dev zstd zstd-dev \ + # The following are needed because we are going to change some autoconf scripts, + # both for libnghttp2 and curl. + autoconf automake pkgconfig libtool \ + # Dependencies for downloading and building BoringSSL + g++ go unzip # Download and compile libbrotli ARG BROTLI_VERSION=1.1.0 @@ -55,37 +52,37 @@ RUN mkdir boringssl/build/lib && \ ln -s ../ssl/libssl.a boringssl/build/lib/libssl.a && \ cp -R boringssl/include boringssl/build -ARG NGHTTP2_VERSION=nghttp2-1.63.0 -ARG NGHTTP2_URL=https://github.com/nghttp2/nghttp2/releases/download/v1.63.0/nghttp2-1.63.0.tar.bz2 +ARG NGHTTP2_VERSION=1.63.0 +ARG NGHTTP2_URL=https://github.com/nghttp2/nghttp2/releases/download/v${NGHTTP2_VERSION}/nghttp2-${NGHTTP2_VERSION}.tar.bz2 # Download nghttp2 for HTTP/2.0 support. -RUN curl -o ${NGHTTP2_VERSION}.tar.bz2 -L ${NGHTTP2_URL} -RUN tar xf ${NGHTTP2_VERSION}.tar.bz2 +RUN curl -o nghttp2-${NGHTTP2_VERSION}.tar.bz2 -L ${NGHTTP2_URL} +RUN tar xf nghttp2-${NGHTTP2_VERSION}.tar.bz2 # Compile nghttp2 -RUN cd ${NGHTTP2_VERSION} && \ - ./configure --prefix=/build/${NGHTTP2_VERSION}/installed --with-pic --disable-shared && \ +RUN cd nghttp2-${NGHTTP2_VERSION} && \ + ./configure --prefix=/build/nghttp2-${NGHTTP2_VERSION}/installed --with-pic --disable-shared && \ make && make install # Download curl. -ARG CURL_VERSION=curl-8.7.1 -RUN curl -o ${CURL_VERSION}.tar.xz https://curl.se/download/${CURL_VERSION}.tar.xz -RUN tar xf ${CURL_VERSION}.tar.xz +ARG CURL_VERSION=8.7.1 +RUN curl -o curl-${CURL_VERSION}.tar.xz https://curl.se/download/curl-${CURL_VERSION}.tar.xz +RUN tar xf curl-${CURL_VERSION}.tar.xz # Patch curl and re-generate the configure script -COPY patches/curl-*.patch ${CURL_VERSION}/ -RUN cd ${CURL_VERSION} && \ +COPY patches/curl-*.patch curl-${CURL_VERSION}/ +RUN cd curl-${CURL_VERSION} && \ for p in $(ls curl-*.patch); do patch -p1 < $p; done && \ autoreconf -fi -# Compile curl with nghttp2, libbrotli and boringssl (chrome). +# Compile curl with nghttp2, libbrotli and boringssl. # Enable keylogfile for debugging of TLS traffic. -RUN cd ${CURL_VERSION} && \ +RUN cd curl-${CURL_VERSION} && \ ./configure --prefix=/build/install \ --enable-static \ --disable-shared \ --enable-websockets \ - --with-nghttp2=/build/${NGHTTP2_VERSION}/installed \ + --with-nghttp2=/build/nghttp2-${NGHTTP2_VERSION}/installed \ --with-brotli=/build/brotli-${BROTLI_VERSION}/build/installed \ --with-zstd \ --enable-ech \ @@ -112,9 +109,9 @@ RUN ! (ldd ./out/curl-impersonate | grep -q -e libcurl -e nghttp2 -e brotli -e s RUN rm -Rf /build/install # Re-compile libcurl dynamically -RUN cd ${CURL_VERSION} && \ +RUN cd curl-${CURL_VERSION} && \ ./configure --prefix=/build/install \ - --with-nghttp2=/build/${NGHTTP2_VERSION}/installed \ + --with-nghttp2=/build/nghttp2-${NGHTTP2_VERSION}/installed \ --with-brotli=/build/brotli-${BROTLI_VERSION}/build/installed \ --with-zstd \ --enable-ech \ @@ -127,7 +124,7 @@ RUN cd ${CURL_VERSION} && \ # Copy libcurl-impersonate and symbolic links RUN cp -d /build/install/lib/libcurl-impersonate* /build/out -RUN ver=$(readlink -f ${CURL_VERSION}/lib/.libs/libcurl-impersonate-chrome.so | sed 's/.*so\.//') && \ +RUN ver=$(readlink -f curl-${CURL_VERSION}/lib/.libs/libcurl-impersonate-chrome.so | sed 's/.*so\.//') && \ major=$(echo -n $ver | cut -d'.' -f1) && \ ln -s "libcurl-impersonate-chrome.so.$ver" "out/libcurl-impersonate.so.$ver" && \ ln -s "libcurl-impersonate.so.$ver" "out/libcurl-impersonate.so" && \ @@ -143,8 +140,7 @@ COPY curl_chrome* curl_edge* curl_safari* out/ RUN sed -i 's@/usr/bin/env bash@/usr/bin/env ash@' out/curl_* RUN chmod +x out/curl_* -# Create a final, minimal image with the compiled binaries -# only. +# Create a final, minimal image with the compiled binaries only. FROM alpine:3.18 # Copy curl-impersonate from the builder image COPY --from=builder /build/install /usr/local diff --git a/docker/debian.dockerfile b/docker/debian.dockerfile index e7f599ef..13f70fdf 100644 --- a/docker/debian.dockerfile +++ b/docker/debian.dockerfile @@ -12,20 +12,17 @@ WORKDIR /build # Common dependencies RUN apt-get update && \ - apt-get install -y git ninja-build cmake curl zlib1g-dev - -# The following are needed because we are going to change some autoconf scripts, -# both for libnghttp2 and curl. -RUN apt-get install -y autoconf automake autotools-dev pkg-config libtool git - -# Dependencies for downloading and building nghttp2 -RUN apt-get install -y bzip2 - -# Dependencies for downloading and building curl -RUN apt-get install -y xz-utils - -# Dependencies for downloading and building BoringSSL -RUN apt-get install -y g++ golang-go unzip + apt-get install -y \ + git ninja-build cmake curl zlib1g-dev zstd libzstd-dev \ + # The following are needed because we are going to change some autoconf scripts, + # both for libnghttp2 and curl. + autoconf automake autotools-dev pkg-config libtool git \ + # Dependencies for downloading and building nghttp2 + bzip2 \ + # Dependencies for downloading and building curl + xz-utils \ + # Dependencies for downloading and building BoringSSL + g++ golang-go unzip # Download and compile libbrotli ARG BROTLI_VERSION=1.1.0 @@ -47,7 +44,7 @@ RUN curl -L https://github.com/google/boringssl/archive/${BORING_SSL_COMMIT}.zip # See https://boringssl.googlesource.com/boringssl/+/HEAD/BUILDING.md COPY patches/boringssl.patch boringssl/ RUN cd boringssl && \ - for p in $(ls boringssl-*.patch); do patch -p1 < $p; done && \ + for p in $(ls boringssl.patch); do patch -p1 < $p; done && \ mkdir build && cd build && \ cmake \ -DCMAKE_C_FLAGS="-Wno-error=array-bounds -Wno-error=stringop-overflow" \ @@ -61,37 +58,37 @@ RUN mkdir boringssl/build/lib && \ ln -s ../ssl/libssl.a boringssl/build/lib/libssl.a && \ cp -R boringssl/include boringssl/build -ARG NGHTTP2_VERSION=nghttp2-1.63.0 -ARG NGHTTP2_URL=https://github.com/nghttp2/nghttp2/releases/download/v1.63.0/nghttp2-1.63.0.tar.bz2 +ARG NGHTTP2_VERSION=1.63.0 +ARG NGHTTP2_URL=https://github.com/nghttp2/nghttp2/releases/download/v${NGHTTP2_VERSION}/nghttp2-${NGHTTP2_VERSION}.tar.bz2 # Download nghttp2 for HTTP/2.0 support. -RUN curl -o ${NGHTTP2_VERSION}.tar.bz2 -L ${NGHTTP2_URL} -RUN tar xf ${NGHTTP2_VERSION}.tar.bz2 +RUN curl -o nghttp2-${NGHTTP2_VERSION}.tar.bz2 -L ${NGHTTP2_URL} +RUN tar xf nghttp2-${NGHTTP2_VERSION}.tar.bz2 # Compile nghttp2 -RUN cd ${NGHTTP2_VERSION} && \ - ./configure --prefix=/build/${NGHTTP2_VERSION}/installed --with-pic --disable-shared && \ +RUN cd nghttp2-${NGHTTP2_VERSION} && \ + ./configure --prefix=/build/nghttp2-${NGHTTP2_VERSION}/installed --with-pic --disable-shared && \ make && make install # Download curl. -ARG CURL_VERSION=curl-8.7.1 -RUN curl -o ${CURL_VERSION}.tar.xz https://curl.se/download/${CURL_VERSION}.tar.xz -RUN tar xf ${CURL_VERSION}.tar.xz +ARG CURL_VERSION=8.7.1 +RUN curl -o curl-${CURL_VERSION}.tar.xz https://curl.se/download/curl-${CURL_VERSION}.tar.xz +RUN tar xf curl-${CURL_VERSION}.tar.xz # Patch curl and re-generate the configure script -COPY patches/curl-*.patch ${CURL_VERSION}/ -RUN cd ${CURL_VERSION} && \ +COPY patches/curl-*.patch curl-${CURL_VERSION}/ +RUN cd curl-${CURL_VERSION} && \ for p in $(ls curl-*.patch); do patch -p1 < $p; done && \ autoreconf -fi -# Compile curl with nghttp2, libbrotli and boringssl (chrome). +# Compile curl with nghttp2, libbrotli and boringssl. # Enable keylogfile for debugging of TLS traffic. -RUN cd ${CURL_VERSION} && \ +RUN cd curl-${CURL_VERSION} && \ ./configure --prefix=/build/install \ --enable-static \ --disable-shared \ --enable-websockets \ - --with-nghttp2=/build/${NGHTTP2_VERSION}/installed \ + --with-nghttp2=/build/nghttp2-${NGHTTP2_VERSION}/installed \ --with-brotli=/build/brotli-${BROTLI_VERSION}/build/installed \ --with-zstd \ --enable-ech \ @@ -118,9 +115,9 @@ RUN ! (ldd ./out/curl-impersonate | grep -q -e libcurl -e nghttp2 -e brotli -e s RUN rm -Rf /build/install # Re-compile libcurl dynamically -RUN cd ${CURL_VERSION} && \ +RUN cd curl-${CURL_VERSION} && \ ./configure --prefix=/build/install \ - --with-nghttp2=/build/${NGHTTP2_VERSION}/installed \ + --with-nghttp2=/build/nghttp2-${NGHTTP2_VERSION}/installed \ --with-brotli=/build/brotli-${BROTLI_VERSION}/build/installed \ --with-zstd \ --enable-ech \ @@ -133,7 +130,7 @@ RUN cd ${CURL_VERSION} && \ # Copy libcurl-impersonate and symbolic links RUN cp -d /build/install/lib/libcurl-impersonate* /build/out -RUN ver=$(readlink -f ${CURL_VERSION}/lib/.libs/libcurl-impersonate-chrome.so | sed 's/.*so\.//') && \ +RUN ver=$(readlink -f curl-${CURL_VERSION}/lib/.libs/libcurl-impersonate-chrome.so | sed 's/.*so\.//') && \ major=$(echo -n $ver | cut -d'.' -f1) && \ ln -s "libcurl-impersonate-chrome.so.$ver" "out/libcurl-impersonate.so.$ver" && \ ln -s "libcurl-impersonate.so.$ver" "out/libcurl-impersonate.so" && \ @@ -147,8 +144,7 @@ RUN ! (ldd ./out/curl-impersonate | grep -q -e nghttp2 -e brotli -e ssl -e crypt COPY curl_chrome* curl_edge* curl_safari* out/ RUN chmod +x out/curl_* -# Create a final, minimal image with the compiled binaries -# only. +# Create a final, minimal image with the compiled binaries only. FROM debian:bookworm-slim RUN apt-get update && apt-get install -y ca-certificates \ && rm -rf /var/lib/apt/lists/* diff --git a/docker/dockerfile.mustache b/docker/dockerfile.mustache index 2f67dfed..c79eb7b7 100644 --- a/docker/dockerfile.mustache +++ b/docker/dockerfile.mustache @@ -9,7 +9,6 @@ # Use it as a common base. FROM python:3.11-slim-bookworm as builder {{/debian}} - {{#alpine}} FROM alpine:3.18 as builder {{/alpine}} @@ -19,37 +18,35 @@ WORKDIR /build # Common dependencies {{#debian}} RUN apt-get update && \ - apt-get install -y git ninja-build cmake curl zlib1g-dev zstd libzstd-dev + apt-get install -y \ + git ninja-build cmake curl zlib1g-dev zstd libzstd-dev \ {{/debian}} {{#alpine}} -RUN apk add git bash build-base make cmake ninja curl zlib-dev patch linux-headers python3 python3-dev zstd zstd-dev +RUN apk add --update \ + git bash build-base make cmake ninja curl zlib-dev patch linux-headers python3 python3-dev zstd zstd-dev \ {{/alpine}} - -# The following are needed because we are going to change some autoconf scripts, -# both for libnghttp2 and curl. + # The following are needed because we are going to change some autoconf scripts, + # both for libnghttp2 and curl. {{#debian}} -RUN apt-get install -y autoconf automake autotools-dev pkg-config libtool git + autoconf automake autotools-dev pkg-config libtool git \ {{/debian}} {{#alpine}} -RUN apk add autoconf automake pkgconfig libtool + autoconf automake pkgconfig libtool \ {{/alpine}} - {{#debian}} -# Dependencies for downloading and building nghttp2 -RUN apt-get install -y bzip2 + # Dependencies for downloading and building nghttp2 + bzip2 \ {{/debian}} - {{#debian}} -# Dependencies for downloading and building curl -RUN apt-get install -y xz-utils + # Dependencies for downloading and building curl + xz-utils \ {{/debian}} - -# Dependencies for downloading and building BoringSSL + # Dependencies for downloading and building BoringSSL {{#debian}} -RUN apt-get install -y g++ golang-go unzip + g++ golang-go unzip {{/debian}} {{#alpine}} -RUN apk add g++ go unzip + g++ go unzip {{/alpine}} # Download and compile libbrotli @@ -86,37 +83,37 @@ RUN mkdir boringssl/build/lib && \ ln -s ../ssl/libssl.a boringssl/build/lib/libssl.a && \ cp -R boringssl/include boringssl/build -ARG NGHTTP2_VERSION=nghttp2-1.63.0 -ARG NGHTTP2_URL=https://github.com/nghttp2/nghttp2/releases/download/v1.63.0/nghttp2-1.63.0.tar.bz2 +ARG NGHTTP2_VERSION=1.63.0 +ARG NGHTTP2_URL=https://github.com/nghttp2/nghttp2/releases/download/v${NGHTTP2_VERSION}/nghttp2-${NGHTTP2_VERSION}.tar.bz2 # Download nghttp2 for HTTP/2.0 support. -RUN curl -o ${NGHTTP2_VERSION}.tar.bz2 -L ${NGHTTP2_URL} -RUN tar xf ${NGHTTP2_VERSION}.tar.bz2 +RUN curl -o nghttp2-${NGHTTP2_VERSION}.tar.bz2 -L ${NGHTTP2_URL} +RUN tar xf nghttp2-${NGHTTP2_VERSION}.tar.bz2 # Compile nghttp2 -RUN cd ${NGHTTP2_VERSION} && \ - ./configure --prefix=/build/${NGHTTP2_VERSION}/installed --with-pic --disable-shared && \ +RUN cd nghttp2-${NGHTTP2_VERSION} && \ + ./configure --prefix=/build/nghttp2-${NGHTTP2_VERSION}/installed --with-pic --disable-shared && \ make && make install # Download curl. -ARG CURL_VERSION=curl-8.7.1 -RUN curl -o ${CURL_VERSION}.tar.xz https://curl.se/download/${CURL_VERSION}.tar.xz -RUN tar xf ${CURL_VERSION}.tar.xz +ARG CURL_VERSION=8.7.1 +RUN curl -o curl-${CURL_VERSION}.tar.xz https://curl.se/download/curl-${CURL_VERSION}.tar.xz +RUN tar xf curl-${CURL_VERSION}.tar.xz # Patch curl and re-generate the configure script -COPY patches/curl-*.patch ${CURL_VERSION}/ -RUN cd ${CURL_VERSION} && \ +COPY patches/curl-*.patch curl-${CURL_VERSION}/ +RUN cd curl-${CURL_VERSION} && \ for p in $(ls curl-*.patch); do patch -p1 < $p; done && \ autoreconf -fi # Compile curl with nghttp2, libbrotli and boringssl. # Enable keylogfile for debugging of TLS traffic. -RUN cd ${CURL_VERSION} && \ +RUN cd curl-${CURL_VERSION} && \ ./configure --prefix=/build/install \ --enable-static \ --disable-shared \ --enable-websockets \ - --with-nghttp2=/build/${NGHTTP2_VERSION}/installed \ + --with-nghttp2=/build/nghttp2-${NGHTTP2_VERSION}/installed \ --with-brotli=/build/brotli-${BROTLI_VERSION}/build/installed \ --with-zstd \ --enable-ech \ @@ -143,9 +140,9 @@ RUN ! (ldd ./out/curl-impersonate | grep -q -e libcurl -e nghttp2 -e brotli -e s RUN rm -Rf /build/install # Re-compile libcurl dynamically -RUN cd ${CURL_VERSION} && \ +RUN cd curl-${CURL_VERSION} && \ ./configure --prefix=/build/install \ - --with-nghttp2=/build/${NGHTTP2_VERSION}/installed \ + --with-nghttp2=/build/nghttp2-${NGHTTP2_VERSION}/installed \ --with-brotli=/build/brotli-${BROTLI_VERSION}/build/installed \ --with-zstd \ --enable-ech \ @@ -158,7 +155,7 @@ RUN cd ${CURL_VERSION} && \ # Copy libcurl-impersonate and symbolic links RUN cp -d /build/install/lib/libcurl-impersonate* /build/out -RUN ver=$(readlink -f ${CURL_VERSION}/lib/.libs/libcurl-impersonate-chrome.so | sed 's/.*so\.//') && \ +RUN ver=$(readlink -f curl-${CURL_VERSION}/lib/.libs/libcurl-impersonate-chrome.so | sed 's/.*so\.//') && \ major=$(echo -n $ver | cut -d'.' -f1) && \ ln -s "libcurl-impersonate-chrome.so.$ver" "out/libcurl-impersonate.so.$ver" && \ ln -s "libcurl-impersonate.so.$ver" "out/libcurl-impersonate.so" && \ diff --git a/docker/generate.sh b/docker/generate.sh index d9bd415f..8374d64d 100755 --- a/docker/generate.sh +++ b/docker/generate.sh @@ -1,12 +1,12 @@ #!/bin/sh -cat < docker/debian.dockerfile +cat < debian.dockerfile --- debian: true --- EOF -cat < chrome/alpine.dockerfile +cat < alpine.dockerfile --- alpine: true ---