# # spec file for package curl # # Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via https://bugs.opensuse.org/ # %bcond_without testsuite %bcond_with mozilla_nss # need ssl always for python-pycurl %bcond_without openssl Name: curl Version: 8.6.0 Release: 0 Summary: A Tool for Transferring Data from URLs License: curl URL: https://curl.se Source: https://curl.se/download/curl-%{version}.tar.xz Source2: https://curl.se/download/curl-%{version}.tar.xz.asc Source3: baselibs.conf Source4: https://daniel.haxx.se/mykey.asc#/curl.keyring Patch0: libcurl-ocloexec.patch Patch1: dont-mess-with-rpmoptflags.patch Patch2: curl-secure-getenv.patch #PATCH-FIX-OPENSUSE bsc#1076446 protocol redirection not supported or disabled Patch3: curl-disabled-redirect-protocol-message.patch # PATCH-FIX-UPSTREAM Patch4: 0001-vtls-revert-receive-max-buffer-add-test-case.patch #PATCH-FIX-UPSTREAM bsc#1221665 CVE-2024-2004 Usage of disabled protocol Patch5: curl-CVE-2024-2004.patch #PATCH-FIX-UPSTREAM bsc#1221667 CVE-2024-2398 HTTP/2 push headers memory-leak Patch6: curl-CVE-2024-2398.patch #PATCH-FIX-UPSTREAM bsc#1221666 CVE-2024-2379 QUIC certificate check bypass with wolfSSL Patch7: curl-CVE-2024-2379.patch #PATCH-FIX-UPSTREAM bsc#1221668 CVE-2024-2466 TLS certificate check bypass with mbedTLS Patch8: curl-CVE-2024-2466.patch #PATCH-FIX-UPSTREAM bsc#1227888 CVE-2024-6197 Freeing stack buffer in utf8asn1str Patch9: curl-CVE-2024-6197.patch #PATCH-FIX-UPSTREAM bsc#1228535 CVE-2024-7264 ASN.1 date parser overread Patch10: curl-CVE-2024-7264.patch #PATCH-FIX-UPSTREAM bsc#1230093 CVE-2024-8096 OCSP stapling bypass with GnuTLS Patch11: curl-CVE-2024-8096.patch #PATCH-FIX-UPSTREAM bsc#1230516 Make special characters in URL work with aws-sigv4 Patch12: curl-aws_sigv4-url-encode-the-canonical-path.patch #PATCH-FIX-UPSTREAM bsc#1232528 CVE-2024-9681 HSTS subdomain overwrites parent cache entry Patch13: curl-CVE-2024-9681.patch BuildRequires: libtool BuildRequires: pkgconfig Requires: libcurl4 = %{version} BuildRequires: groff BuildRequires: lzma BuildRequires: openldap2-devel BuildRequires: pkgconfig(krb5) BuildRequires: pkgconfig(libbrotlidec) BuildRequires: pkgconfig(libidn2) # Disable metalink [bsc#1188218, CVE-2021-22923][bsc#1188217, CVE-2021-22922] # BuildRequires: pkgconfig(libmetalink) BuildRequires: pkgconfig(libnghttp2) BuildRequires: pkgconfig(libpsl) BuildRequires: pkgconfig(libssh) BuildRequires: pkgconfig(libzstd) BuildRequires: pkgconfig(zlib) %if %{with openssl} BuildRequires: pkgconfig(libssl) %endif %if %{with mozilla_nss} BuildRequires: mozilla-nss-devel %endif #BuildRequires: openssh %if 0%{?_with_stunnel:1} # used by the testsuite BuildRequires: stunnel %endif %description Curl is a client to get documents and files from or send documents to a server using any of the supported protocols (HTTP, HTTPS, FTP, FTPS, TFTP, DICT, TELNET, LDAP, or FILE). The command is designed to work without user interaction or any kind of interactivity. %package -n libcurl4 Summary: Library for transferring data from URLs %description -n libcurl4 The cURL shared library for accessing data using different network protocols. %package -n libcurl-devel Summary: Development files for the curl library Requires: glibc-devel Requires: libcurl4 = %{version} Provides: curl-devel = %{version} Obsoletes: curl-devel < %{version} %description -n libcurl-devel Curl is a client to get documents and files from or send documents to a server using any of the supported protocols (HTTP, HTTPS, FTP, GOPHER, DICT, TELNET, LDAP, or FILE). The command is designed to work without user interaction or any kind of interactivity. %prep %autosetup -p1 %build # curl complains if macro definition is contained in CFLAGS # see m4/xc-val-flgs.m4 CPPFLAGS="-D_FORTIFY_SOURCE=2" CFLAGS=$(echo "%{optflags}" | sed -e 's/-D_FORTIFY_SOURCE=2//') export CPPFLAGS export CFLAGS="$CFLAGS -fPIE" export LDFLAGS="$LDFLAGS -Wl,-z,defs,-z,now,-z,relro -pie" autoreconf -fiv # local hack to make curl-config --libs stop printing libraries it depends on # (currently, libtool sets link_all_deplibs=(yes|unknown) everywhere, # will hopefully change in the future) sed -i 's/\(link_all_deplibs=\)unknown/\1no/' configure %configure \ --enable-ipv6 \ %if %{with openssl} --with-openssl \ --with-ca-fallback \ --without-ca-path \ --without-ca-bundle \ %else --without-openssl \ %if %{with mozilla_nss} --with-nss \ %endif %endif --with-gssapi=$(krb5-config --prefix) \ --with-libidn2 \ --with-libssh \ --enable-symbol-hiding \ --disable-static \ --enable-threaded-resolver # if this fails, the above sed hack did not work ./libtool --config | grep -q link_all_deplibs=no # enable-hidden-symbols needs gcc4 and causes that curl exports only its API %make_build %if %{with testsuite} %check pushd tests %make_build find -type f -name "*.pl" -exec sed -i 's|#!.*/usr/bin/env perl|#!/usr/bin/perl|' "{}" + find -type f -name "*.py" -exec sed -i 's|#!.*/usr/bin/env python.*|#!/usr/bin/python3|' "{}" + perl ./runtests.pl -a -v -p '!flaky' || exit popd %endif %install %make_install rm -f %{buildroot}%{_libdir}/libcurl.la install -Dm 0644 docs/libcurl/libcurl.m4 %{buildroot}%{_datadir}/aclocal/libcurl.m4 pushd scripts %make_install popd %post -n libcurl4 -p /sbin/ldconfig %postun -n libcurl4 -p /sbin/ldconfig %files %doc README RELEASE-NOTES CHANGES %doc docs/{BUGS.md,FAQ,FEATURES.md,TODO,TheArtOfHttpScripting.md} %{_bindir}/curl %{_datadir}/zsh/site-functions/_curl %{_mandir}/man1/curl.1%{?ext_man} %{_mandir}/man1/mk-ca-bundle.1%{?ext_man} %dir %{_datadir}/zsh %dir %{_datadir}/zsh/site-functions %dir %{_datadir}/fish/ %dir %{_datadir}/fish/vendor_completions.d/ %{_datadir}/fish/vendor_completions.d/curl.fish %files -n libcurl4 %license COPYING %{_libdir}/libcurl.so.4* %files -n libcurl-devel %{_bindir}/curl-config %{_includedir}/curl %dir %{_datadir}/aclocal/ %{_datadir}/aclocal/libcurl.m4 %{_libdir}/libcurl.so %{_libdir}/pkgconfig/libcurl.pc %{_mandir}/man1/curl-config.1%{?ext_man} %{_mandir}/man3/* %doc docs/libcurl/symbols-in-versions %changelog