When enabling http3 support using quiche, that conflicts with the openssl flag. If both are linked into the binary, the wrong ssl lib seems to get picked up for the SSL_new symbol. This then causes a crash, since the ssl_method field is initialized to an invalid value when trying to do a http3 connection. This is because quiche uses a bundled boringssl library with the same symbol. Reproducible: Always Steps to Reproduce: 1. Build curl with openssl and quiche 2. curl --http3 (some http3 host here) 3. Segfault Actual Results: It crashes gentoo:~ % curl -vvvvv --http3 https://quic.rocks:4433/ * Trying 216.155.158.183:4433... * CAfile: /etc/ssl/certs/ca-certificates.crt * CApath: /etc/ssl/certs zsh: segmentation fault curl -vvvvv --http3 https://quic.rocks:4433/ Expected Results: It does the same as with http2, just that curl uses http3 You can work around this by using curl with the gnutls and nghttp3 backends or just not enabling quiche. net-misc/curl-7.86.0-r3::gentoo was built with the following: USE="adns alt-svc ftp http2 imap ipv6 openssl pop3 progress-meter quiche smtp ssl tftp websockets zstd -brotli -gnutls -gopher -hsts -idn -kerberos -ldap -mbedtls -nghttp3 -nss -rtmp -samba -ssh -sslv3 -static-libs -telnet -test -verify-sig" ABI_X86="32 (64) (-x32)" CURL_SSL="openssl -gnutls -mbedtls -nss" FEATURES="usersync buildpkg usersandbox multilib-strict assume-digests parallel-fetch userpriv sandbox unknown-features-warn unmerge-logs pid-sandbox userfetch preserve-libs sfperms binpkg-multi-instance fixlafiles candy distlocks strict ccache config-protect-if-modified buildpkg-live unmerge-orphans qa-unresolved-soname-deps protect-owned ebuild-locks binpkg-dostrip news binpkg-docompress ipc-sandbox binpkg-logs network-sandbox parallel-install merge-sync"
Repro'd on 7.87 and reported upstream.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1c6ec8d4579f9fbb2b3fbfb93de2abb7893cb42f commit 1c6ec8d4579f9fbb2b3fbfb93de2abb7893cb42f Author: Matt Jolly <Matt.Jolly@footclan.ninja> AuthorDate: 2023-02-09 23:37:40 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-02-16 05:08:27 +0000 net-misc/curl: add 7.88.0 drop ipv6 and quiche USE Using quiche requires building cURL with the same SSL flavour as the quiche library (i.e. BoringSSL). This is currently unsupported on Gentoo. Drop `ipv6` USE; it doesn't require additional deps and `--ipv4` can be used at runtime to force connectivity in dual-stack configurations. Closes: https://bugs.gentoo.org/881711 Closes: https://bugs.gentoo.org/792234 Closes: https://bugs.gentoo.org/847451 Closes: https://bugs.gentoo.org/867985 Closes: https://bugs.gentoo.org/835851 Signed-off-by: Matt Jolly <Matt.Jolly@footclan.ninja> Closes: https://github.com/gentoo/gentoo/pull/29511 Signed-off-by: Sam James <sam@gentoo.org> net-misc/curl/Manifest | 2 + net-misc/curl/curl-7.88.0.ebuild | 298 +++++++++++++++++++++ .../files/curl-7.88.0-test-gnuserv-tls-srp.patch | 39 +++ .../curl-7.88.0-test-uninitialised-value.patch | 30 +++ 4 files changed, 369 insertions(+)
