205 lines
6.8 KiB
RPMSpec
205 lines
6.8 KiB
RPMSpec
#
|
|
# spec file for package curl
|
|
#
|
|
# Copyright (c) 2024 SUSE LLC
|
|
#
|
|
# All modifications and additions to the file contributed by third parties
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
# upon. The license for this file, and modifications and additions to the
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
# license for the pristine package is not an Open Source License, in which
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
# published by the Open Source Initiative.
|
|
|
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
|
#
|
|
|
|
|
|
%bcond_without testsuite
|
|
%bcond_with mozilla_nss
|
|
# need ssl always for python-pycurl
|
|
%bcond_without openssl
|
|
Name: curl
|
|
Version: 8.6.0
|
|
Release: 0
|
|
Summary: A Tool for Transferring Data from URLs
|
|
License: curl
|
|
URL: https://curl.se
|
|
Source: https://curl.se/download/curl-%{version}.tar.xz
|
|
Source2: https://curl.se/download/curl-%{version}.tar.xz.asc
|
|
Source3: baselibs.conf
|
|
Source4: https://daniel.haxx.se/mykey.asc#/curl.keyring
|
|
Patch0: libcurl-ocloexec.patch
|
|
Patch1: dont-mess-with-rpmoptflags.patch
|
|
Patch2: curl-secure-getenv.patch
|
|
#PATCH-FIX-OPENSUSE bsc#1076446 protocol redirection not supported or disabled
|
|
Patch3: curl-disabled-redirect-protocol-message.patch
|
|
# PATCH-FIX-UPSTREAM
|
|
Patch4: 0001-vtls-revert-receive-max-buffer-add-test-case.patch
|
|
#PATCH-FIX-UPSTREAM bsc#1221665 CVE-2024-2004 Usage of disabled protocol
|
|
Patch5: curl-CVE-2024-2004.patch
|
|
#PATCH-FIX-UPSTREAM bsc#1221667 CVE-2024-2398 HTTP/2 push headers memory-leak
|
|
Patch6: curl-CVE-2024-2398.patch
|
|
#PATCH-FIX-UPSTREAM bsc#1221666 CVE-2024-2379 QUIC certificate check bypass with wolfSSL
|
|
Patch7: curl-CVE-2024-2379.patch
|
|
#PATCH-FIX-UPSTREAM bsc#1221668 CVE-2024-2466 TLS certificate check bypass with mbedTLS
|
|
Patch8: curl-CVE-2024-2466.patch
|
|
#PATCH-FIX-UPSTREAM bsc#1227888 CVE-2024-6197 Freeing stack buffer in utf8asn1str
|
|
Patch9: curl-CVE-2024-6197.patch
|
|
#PATCH-FIX-UPSTREAM bsc#1228535 CVE-2024-7264 ASN.1 date parser overread
|
|
Patch10: curl-CVE-2024-7264.patch
|
|
#PATCH-FIX-UPSTREAM bsc#1230093 CVE-2024-8096 OCSP stapling bypass with GnuTLS
|
|
Patch11: curl-CVE-2024-8096.patch
|
|
#PATCH-FIX-UPSTREAM bsc#1230516 Make special characters in URL work with aws-sigv4
|
|
Patch12: curl-aws_sigv4-url-encode-the-canonical-path.patch
|
|
#PATCH-FIX-UPSTREAM bsc#1232528 CVE-2024-9681 HSTS subdomain overwrites parent cache entry
|
|
Patch13: curl-CVE-2024-9681.patch
|
|
BuildRequires: libtool
|
|
BuildRequires: pkgconfig
|
|
Requires: libcurl4 = %{version}
|
|
BuildRequires: groff
|
|
BuildRequires: lzma
|
|
BuildRequires: openldap2-devel
|
|
BuildRequires: pkgconfig(krb5)
|
|
BuildRequires: pkgconfig(libbrotlidec)
|
|
BuildRequires: pkgconfig(libidn2)
|
|
# Disable metalink [bsc#1188218, CVE-2021-22923][bsc#1188217, CVE-2021-22922]
|
|
# BuildRequires: pkgconfig(libmetalink)
|
|
BuildRequires: pkgconfig(libnghttp2)
|
|
BuildRequires: pkgconfig(libpsl)
|
|
BuildRequires: pkgconfig(libssh)
|
|
BuildRequires: pkgconfig(libzstd)
|
|
BuildRequires: pkgconfig(zlib)
|
|
%if %{with openssl}
|
|
BuildRequires: pkgconfig(libssl)
|
|
%endif
|
|
%if %{with mozilla_nss}
|
|
BuildRequires: mozilla-nss-devel
|
|
%endif
|
|
#BuildRequires: openssh
|
|
%if 0%{?_with_stunnel:1}
|
|
# used by the testsuite
|
|
BuildRequires: stunnel
|
|
%endif
|
|
|
|
%description
|
|
Curl is a client to get documents and files from or send documents to a
|
|
server using any of the supported protocols (HTTP, HTTPS, FTP, FTPS,
|
|
TFTP, DICT, TELNET, LDAP, or FILE). The command is designed to work
|
|
without user interaction or any kind of interactivity.
|
|
|
|
%package -n libcurl4
|
|
Summary: Library for transferring data from URLs
|
|
|
|
%description -n libcurl4
|
|
The cURL shared library for accessing data using different
|
|
network protocols.
|
|
|
|
%package -n libcurl-devel
|
|
Summary: Development files for the curl library
|
|
Requires: glibc-devel
|
|
Requires: libcurl4 = %{version}
|
|
Provides: curl-devel = %{version}
|
|
Obsoletes: curl-devel < %{version}
|
|
|
|
%description -n libcurl-devel
|
|
Curl is a client to get documents and files from or send documents to a
|
|
server using any of the supported protocols (HTTP, HTTPS, FTP, GOPHER,
|
|
DICT, TELNET, LDAP, or FILE). The command is designed to work without
|
|
user interaction or any kind of interactivity.
|
|
|
|
%prep
|
|
%autosetup -p1
|
|
|
|
%build
|
|
# curl complains if macro definition is contained in CFLAGS
|
|
# see m4/xc-val-flgs.m4
|
|
CPPFLAGS="-D_FORTIFY_SOURCE=2"
|
|
CFLAGS=$(echo "%{optflags}" | sed -e 's/-D_FORTIFY_SOURCE=2//')
|
|
export CPPFLAGS
|
|
export CFLAGS="$CFLAGS -fPIE"
|
|
export LDFLAGS="$LDFLAGS -Wl,-z,defs,-z,now,-z,relro -pie"
|
|
autoreconf -fiv
|
|
# local hack to make curl-config --libs stop printing libraries it depends on
|
|
# (currently, libtool sets link_all_deplibs=(yes|unknown) everywhere,
|
|
# will hopefully change in the future)
|
|
sed -i 's/\(link_all_deplibs=\)unknown/\1no/' configure
|
|
%configure \
|
|
--enable-ipv6 \
|
|
%if %{with openssl}
|
|
--with-openssl \
|
|
--with-ca-fallback \
|
|
--without-ca-path \
|
|
--without-ca-bundle \
|
|
%else
|
|
--without-openssl \
|
|
%if %{with mozilla_nss}
|
|
--with-nss \
|
|
%endif
|
|
%endif
|
|
--with-gssapi=$(krb5-config --prefix) \
|
|
--with-libidn2 \
|
|
--with-libssh \
|
|
--enable-symbol-hiding \
|
|
--disable-static \
|
|
--enable-threaded-resolver
|
|
|
|
# if this fails, the above sed hack did not work
|
|
./libtool --config | grep -q link_all_deplibs=no
|
|
# enable-hidden-symbols needs gcc4 and causes that curl exports only its API
|
|
%make_build
|
|
|
|
%if %{with testsuite}
|
|
%check
|
|
pushd tests
|
|
%make_build
|
|
|
|
find -type f -name "*.pl" -exec sed -i 's|#!.*/usr/bin/env perl|#!/usr/bin/perl|' "{}" +
|
|
find -type f -name "*.py" -exec sed -i 's|#!.*/usr/bin/env python.*|#!/usr/bin/python3|' "{}" +
|
|
|
|
perl ./runtests.pl -a -v -p '!flaky' || exit
|
|
popd
|
|
%endif
|
|
|
|
%install
|
|
%make_install
|
|
rm -f %{buildroot}%{_libdir}/libcurl.la
|
|
install -Dm 0644 docs/libcurl/libcurl.m4 %{buildroot}%{_datadir}/aclocal/libcurl.m4
|
|
pushd scripts
|
|
%make_install
|
|
popd
|
|
|
|
%post -n libcurl4 -p /sbin/ldconfig
|
|
%postun -n libcurl4 -p /sbin/ldconfig
|
|
|
|
%files
|
|
%doc README RELEASE-NOTES CHANGES
|
|
%doc docs/{BUGS.md,FAQ,FEATURES.md,TODO,TheArtOfHttpScripting.md}
|
|
%{_bindir}/curl
|
|
%{_datadir}/zsh/site-functions/_curl
|
|
%{_mandir}/man1/curl.1%{?ext_man}
|
|
%{_mandir}/man1/mk-ca-bundle.1%{?ext_man}
|
|
%dir %{_datadir}/zsh
|
|
%dir %{_datadir}/zsh/site-functions
|
|
%dir %{_datadir}/fish/
|
|
%dir %{_datadir}/fish/vendor_completions.d/
|
|
%{_datadir}/fish/vendor_completions.d/curl.fish
|
|
|
|
%files -n libcurl4
|
|
%license COPYING
|
|
%{_libdir}/libcurl.so.4*
|
|
|
|
%files -n libcurl-devel
|
|
%{_bindir}/curl-config
|
|
%{_includedir}/curl
|
|
%dir %{_datadir}/aclocal/
|
|
%{_datadir}/aclocal/libcurl.m4
|
|
%{_libdir}/libcurl.so
|
|
%{_libdir}/pkgconfig/libcurl.pc
|
|
%{_mandir}/man1/curl-config.1%{?ext_man}
|
|
%{_mandir}/man3/*
|
|
%doc docs/libcurl/symbols-in-versions
|
|
|
|
%changelog
|