Accepting request 1324246 from devel:libraries:c_c++

OBS-URL: https://build.opensuse.org/request/show/1324246
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cpp-httplib?expand=0&rev=15

CVE-2025-66570.patch

@@ -1,438 +0,0 @@
-From ac9ebb0ee333ce8bf13523f487bdfad9518a2aff Mon Sep 17 00:00:00 2001
-From: yhirose <yhirose@users.noreply.github.com>
-Date: Mon, 27 Oct 2025 19:54:12 -0400
-Subject: [PATCH] Merge commit from fork
-
-* Fix "Untrusted HTTP Header Handling (REMOTE*/LOCAL*)"
-
-* Fix "Untrusted HTTP Header Handling (X-Forwarded-For)"
-
-* Fix security problems in docker/main.cc
----
- docker/main.cc |  60 +++++++-----
- httplib.h      |  78 ++++++++++++++-
- test/test.cc   | 260 ++++++++++++++++++++++++++++++++++++++++++++++---
- 3 files changed, 355 insertions(+), 43 deletions(-)
-
-Index: b/httplib.h
-===================================================================
---- a/httplib.h
-+++ b/httplib.h
-@@ -1040,6 +1040,8 @@ public:
-   Server &
-   set_header_writer(std::function<ssize_t(Stream &, Headers &)> const &writer);
- 
-+  Server &set_trusted_proxies(const std::vector<std::string> &proxies);
-+
-   Server &set_keep_alive_max_count(size_t count);
-   Server &set_keep_alive_timeout(time_t sec);
- 
-@@ -1078,6 +1080,9 @@ protected:
-                        const std::function<void(Request &)> &setup_request);
- 
-   std::atomic<socket_t> svr_sock_{INVALID_SOCKET};
-+
-+  std::vector<std::string> trusted_proxies_;
-+
-   size_t keep_alive_max_count_ = CPPHTTPLIB_KEEPALIVE_MAX_COUNT;
-   time_t keep_alive_timeout_sec_ = CPPHTTPLIB_KEEPALIVE_TIMEOUT_SECOND;
-   time_t read_timeout_sec_ = CPPHTTPLIB_SERVER_READ_TIMEOUT_SECOND;
-@@ -4293,13 +4298,35 @@ inline bool zstd_decompressor::decompres
- }
- #endif
- 
-+inline bool is_prohibited_header_name(const std::string &name) {
-+  using udl::operator""_t;
-+
-+  switch (str2tag(name)) {
-+  case "REMOTE_ADDR"_t:
-+  case "REMOTE_PORT"_t:
-+  case "LOCAL_ADDR"_t:
-+  case "LOCAL_PORT"_t: return true;
-+  default: return false;
-+  }
-+}
-+
- inline bool has_header(const Headers &headers, const std::string &key) {
-+  if (is_prohibited_header_name(key)) { return false; }
-   return headers.find(key) != headers.end();
- }
- 
- inline const char *get_header_value(const Headers &headers,
-                                     const std::string &key, const char *def,
-                                     size_t id) {
-+  if (is_prohibited_header_name(key)) {
-+#ifndef CPPHTTPLIB_NO_EXCEPTIONS
-+    std::string msg = "Prohibited header name '" + key + "' is specified.";
-+    throw std::invalid_argument(msg);
-+#else
-+    return "";
-+#endif
-+  }
-+
-   auto rng = headers.equal_range(key);
-   auto it = rng.first;
-   std::advance(it, static_cast<ssize_t>(id));
-@@ -6622,6 +6649,12 @@ inline Server &Server::set_header_writer
-   return *this;
- }
- 
-+inline Server &
-+Server::set_trusted_proxies(const std::vector<std::string> &proxies) {
-+  trusted_proxies_ = proxies;
-+  return *this;
-+}
-+
- inline Server &Server::set_keep_alive_max_count(size_t count) {
-   keep_alive_max_count_ = count;
-   return *this;
-@@ -7376,6 +7409,40 @@ inline bool Server::dispatch_request_for
-   return false;
- }
- 
-+inline std::string
-+get_client_ip(const std::string &x_forwarded_for,
-+              const std::vector<std::string> &trusted_proxies) {
-+  // X-Forwarded-For is a comma-separated list per RFC 7239
-+  std::vector<std::string> ip_list;
-+  detail::split(x_forwarded_for.data(),
-+                x_forwarded_for.data() + x_forwarded_for.size(), ',',
-+                [&](const char *b, const char *e) {
-+                  auto r = detail::trim(b, e, 0, static_cast<size_t>(e - b));
-+                  ip_list.emplace_back(std::string(b + r.first, b + r.second));
-+                });
-+
-+  for (size_t i = 0; i < ip_list.size(); ++i) {
-+    auto ip = ip_list[i];
-+
-+    auto is_trusted_proxy =
-+        std::any_of(trusted_proxies.begin(), trusted_proxies.end(),
-+                    [&](const std::string &proxy) { return ip == proxy; });
-+
-+    if (is_trusted_proxy) {
-+      if (i == 0) {
-+        // If the trusted proxy is the first IP, there's no preceding client IP
-+        return ip;
-+      } else {
-+        // Return the IP immediately before the trusted proxy
-+        return ip_list[i - 1];
-+      }
-+    }
-+  }
-+
-+  // If no trusted proxy is found, return the first IP in the list
-+  return ip_list.front();
-+}
-+
- inline bool
- Server::process_request(Stream &strm, const std::string &remote_addr,
-                         int remote_port, const std::string &local_addr,
-@@ -7419,15 +7486,16 @@ Server::process_request(Stream &strm, co
-     connection_closed = true;
-   }
- 
--  req.remote_addr = remote_addr;
-+  if (!trusted_proxies_.empty() && req.has_header("X-Forwarded-For")) {
-+    auto x_forwarded_for = req.get_header_value("X-Forwarded-For");
-+    req.remote_addr = get_client_ip(x_forwarded_for, trusted_proxies_);
-+  } else {
-+    req.remote_addr = remote_addr;
-+  }
-   req.remote_port = remote_port;
--  req.set_header("REMOTE_ADDR", req.remote_addr);
--  req.set_header("REMOTE_PORT", std::to_string(req.remote_port));
- 
-   req.local_addr = local_addr;
-   req.local_port = local_port;
--  req.set_header("LOCAL_ADDR", req.local_addr);
--  req.set_header("LOCAL_PORT", std::to_string(req.local_port));
- 
-   if (req.has_header("Range")) {
-     const auto &range_header_value = req.get_header_value("Range");
-Index: b/test/test.cc
-===================================================================
---- a/test/test.cc
-+++ b/test/test.cc
-@@ -128,7 +128,7 @@ TEST_F(UnixSocketTest, PeerPid) {
-   std::string remote_port_val;
-   svr.Get(pattern_, [&](const httplib::Request &req, httplib::Response &res) {
-     res.set_content(content_, "text/plain");
--    remote_port_val = req.get_header_value("REMOTE_PORT");
-+    remote_port_val = std::to_string(req.remote_port);
-   });
- 
-   std::thread t{[&] {
-@@ -2588,21 +2588,20 @@ protected:
- #endif
-         .Get("/remote_addr",
-              [&](const Request &req, Response &res) {
--               auto remote_addr = req.headers.find("REMOTE_ADDR")->second;
--               EXPECT_TRUE(req.has_header("REMOTE_PORT"));
--               EXPECT_EQ(req.remote_addr, req.get_header_value("REMOTE_ADDR"));
--               EXPECT_EQ(req.remote_port,
--                         std::stoi(req.get_header_value("REMOTE_PORT")));
--               res.set_content(remote_addr.c_str(), "text/plain");
-+               ASSERT_FALSE(req.has_header("REMOTE_ADDR"));
-+               ASSERT_FALSE(req.has_header("REMOTE_PORT"));
-+               ASSERT_ANY_THROW(req.get_header_value("REMOTE_ADDR"));
-+               ASSERT_ANY_THROW(req.get_header_value("REMOTE_PORT"));
-+               res.set_content(req.remote_addr, "text/plain");
-              })
-         .Get("/local_addr",
-              [&](const Request &req, Response &res) {
--               EXPECT_TRUE(req.has_header("LOCAL_PORT"));
--               EXPECT_TRUE(req.has_header("LOCAL_ADDR"));
--               auto local_addr = req.get_header_value("LOCAL_ADDR");
--               auto local_port = req.get_header_value("LOCAL_PORT");
--               EXPECT_EQ(req.local_addr, local_addr);
--               EXPECT_EQ(req.local_port, std::stoi(local_port));
-+               ASSERT_FALSE(req.has_header("LOCAL_ADDR"));
-+               ASSERT_FALSE(req.has_header("LOCAL_PORT"));
-+               ASSERT_ANY_THROW(req.get_header_value("LOCAL_ADDR"));
-+               ASSERT_ANY_THROW(req.get_header_value("LOCAL_PORT"));
-+               auto local_addr = req.local_addr;
-+               auto local_port = std::to_string(req.local_port);
-                res.set_content(local_addr.append(":").append(local_port),
-                                "text/plain");
-              })
-@@ -9069,3 +9068,240 @@ TEST(ClientInThreadTest, Issue2068) {
-     t.join();
-   }
- }
-+
-+TEST(ForwardedHeadersTest, NoProxiesSetting) {
-+  Server svr;
-+
-+  std::string observed_remote_addr;
-+  std::string observed_xff;
-+
-+  svr.Get("/ip", [&](const Request &req, Response &res) {
-+    observed_remote_addr = req.remote_addr;
-+    observed_xff = req.get_header_value("X-Forwarded-For");
-+    res.set_content("ok", "text/plain");
-+  });
-+
-+  thread t = thread([&]() { svr.listen(HOST, PORT); });
-+  auto se = detail::scope_exit([&] {
-+    svr.stop();
-+    t.join();
-+    ASSERT_FALSE(svr.is_running());
-+  });
-+
-+  svr.wait_until_ready();
-+
-+  Client cli(HOST, PORT);
-+  auto res = cli.Get("/ip", {{"X-Forwarded-For", "203.0.113.66"}});
-+
-+  ASSERT_TRUE(res);
-+  EXPECT_EQ(StatusCode::OK_200, res->status);
-+
-+  EXPECT_EQ(observed_xff, "203.0.113.66");
-+  EXPECT_TRUE(observed_remote_addr == "::1" || observed_remote_addr == "127.0.0.1");
-+}
-+
-+TEST(ForwardedHeadersTest, NoForwardedHeaders) {
-+  Server svr;
-+
-+  svr.set_trusted_proxies({"203.0.113.66"});
-+
-+  std::string observed_remote_addr;
-+  std::string observed_xff;
-+
-+  svr.Get("/ip", [&](const Request &req, Response &res) {
-+    observed_remote_addr = req.remote_addr;
-+    observed_xff = req.get_header_value("X-Forwarded-For");
-+    res.set_content("ok", "text/plain");
-+  });
-+
-+  thread t = thread([&]() { svr.listen(HOST, PORT); });
-+  auto se = detail::scope_exit([&] {
-+    svr.stop();
-+    t.join();
-+    ASSERT_FALSE(svr.is_running());
-+  });
-+
-+  svr.wait_until_ready();
-+
-+  Client cli(HOST, PORT);
-+  auto res = cli.Get("/ip");
-+
-+  ASSERT_TRUE(res);
-+  EXPECT_EQ(StatusCode::OK_200, res->status);
-+
-+  EXPECT_EQ(observed_xff, "");
-+  EXPECT_TRUE(observed_remote_addr == "::1" || observed_remote_addr == "127.0.0.1");
-+}
-+
-+TEST(ForwardedHeadersTest, SingleTrustedProxy_UsesIPBeforeTrusted) {
-+  Server svr;
-+
-+  svr.set_trusted_proxies({"203.0.113.66"});
-+
-+  std::string observed_remote_addr;
-+  std::string observed_xff;
-+
-+  svr.Get("/ip", [&](const Request &req, Response &res) {
-+    observed_remote_addr = req.remote_addr;
-+    observed_xff = req.get_header_value("X-Forwarded-For");
-+    res.set_content("ok", "text/plain");
-+  });
-+
-+  thread t = thread([&]() { svr.listen(HOST, PORT); });
-+  auto se = detail::scope_exit([&] {
-+    svr.stop();
-+    t.join();
-+    ASSERT_FALSE(svr.is_running());
-+  });
-+
-+  svr.wait_until_ready();
-+
-+  Client cli(HOST, PORT);
-+  auto res = cli.Get("/ip", {{"X-Forwarded-For", "198.51.100.23, 203.0.113.66"}});
-+
-+  ASSERT_TRUE(res);
-+  EXPECT_EQ(StatusCode::OK_200, res->status);
-+
-+  EXPECT_EQ(observed_xff, "198.51.100.23, 203.0.113.66");
-+  EXPECT_EQ(observed_remote_addr, "198.51.100.23");
-+}
-+
-+TEST(ForwardedHeadersTest, MultipleTrustedProxies_UsesClientIP) {
-+  Server svr;
-+
-+  svr.set_trusted_proxies({"203.0.113.66", "192.0.2.45"});
-+
-+  std::string observed_remote_addr;
-+  std::string observed_xff;
-+
-+  svr.Get("/ip", [&](const Request &req, Response &res) {
-+    observed_remote_addr = req.remote_addr;
-+    observed_xff = req.get_header_value("X-Forwarded-For");
-+    res.set_content("ok", "text/plain");
-+  });
-+
-+  thread t = thread([&]() { svr.listen(HOST, PORT); });
-+  auto se = detail::scope_exit([&] {
-+    svr.stop();
-+    t.join();
-+    ASSERT_FALSE(svr.is_running());
-+  });
-+
-+  svr.wait_until_ready();
-+
-+  Client cli(HOST, PORT);
-+  auto res = cli.Get(
-+      "/ip",
-+      {{"X-Forwarded-For", "198.51.100.23, 203.0.113.66, 192.0.2.45"}});
-+
-+  ASSERT_TRUE(res);
-+  EXPECT_EQ(StatusCode::OK_200, res->status);
-+
-+  EXPECT_EQ(observed_xff, "198.51.100.23, 203.0.113.66, 192.0.2.45");
-+  EXPECT_EQ(observed_remote_addr, "198.51.100.23");
-+}
-+
-+TEST(ForwardedHeadersTest, TrustedProxyNotInHeader_UsesFirstFromXFF) {
-+  Server svr;
-+
-+  svr.set_trusted_proxies({"192.0.2.45"});
-+
-+  std::string observed_remote_addr;
-+  std::string observed_xff;
-+
-+  svr.Get("/ip", [&](const Request &req, Response &res) {
-+    observed_remote_addr = req.remote_addr;
-+    observed_xff = req.get_header_value("X-Forwarded-For");
-+    res.set_content("ok", "text/plain");
-+  });
-+
-+  thread t = thread([&]() { svr.listen(HOST, PORT); });
-+  auto se = detail::scope_exit([&] {
-+    svr.stop();
-+    t.join();
-+    ASSERT_FALSE(svr.is_running());
-+  });
-+
-+  svr.wait_until_ready();
-+
-+  Client cli(HOST, PORT);
-+  auto res = cli.Get("/ip",
-+                     {{"X-Forwarded-For", "198.51.100.23, 198.51.100.24"}});
-+
-+  ASSERT_TRUE(res);
-+  EXPECT_EQ(StatusCode::OK_200, res->status);
-+
-+  EXPECT_EQ(observed_xff, "198.51.100.23, 198.51.100.24");
-+  EXPECT_EQ(observed_remote_addr, "198.51.100.23");
-+}
-+
-+TEST(ForwardedHeadersTest, LastHopTrusted_SelectsImmediateLeftIP) {
-+  Server svr;
-+
-+  svr.set_trusted_proxies({"192.0.2.45"});
-+
-+  std::string observed_remote_addr;
-+  std::string observed_xff;
-+
-+  svr.Get("/ip", [&](const Request &req, Response &res) {
-+    observed_remote_addr = req.remote_addr;
-+    observed_xff = req.get_header_value("X-Forwarded-For");
-+    res.set_content("ok", "text/plain");
-+  });
-+
-+  thread t = thread([&]() { svr.listen(HOST, PORT); });
-+  auto se = detail::scope_exit([&] {
-+    svr.stop();
-+    t.join();
-+    ASSERT_FALSE(svr.is_running());
-+  });
-+
-+  svr.wait_until_ready();
-+
-+  Client cli(HOST, PORT);
-+  auto res = cli.Get(
-+      "/ip",
-+      {{"X-Forwarded-For", "198.51.100.23, 203.0.113.66, 192.0.2.45"}});
-+
-+  ASSERT_TRUE(res);
-+  EXPECT_EQ(StatusCode::OK_200, res->status);
-+
-+  EXPECT_EQ(observed_xff, "198.51.100.23, 203.0.113.66, 192.0.2.45");
-+  EXPECT_EQ(observed_remote_addr, "203.0.113.66");
-+}
-+
-+TEST(ForwardedHeadersTest, HandlesWhitespaceAroundIPs) {
-+  Server svr;
-+
-+  svr.set_trusted_proxies({"192.0.2.45"});
-+
-+  std::string observed_remote_addr;
-+  std::string observed_xff;
-+
-+  svr.Get("/ip", [&](const Request &req, Response &res) {
-+    observed_remote_addr = req.remote_addr;
-+    observed_xff = req.get_header_value("X-Forwarded-For");
-+    res.set_content("ok", "text/plain");
-+  });
-+
-+  thread t = thread([&]() { svr.listen(HOST, PORT); });
-+  auto se = detail::scope_exit([&] {
-+    svr.stop();
-+    t.join();
-+    ASSERT_FALSE(svr.is_running());
-+  });
-+
-+  svr.wait_until_ready();
-+
-+  Client cli(HOST, PORT);
-+  auto res = cli.Get(
-+      "/ip",
-+      {{"X-Forwarded-For", " 198.51.100.23 , 203.0.113.66 , 192.0.2.45 "}});
-+
-+  ASSERT_TRUE(res);
-+  EXPECT_EQ(StatusCode::OK_200, res->status);
-+
-+  // Header parser trims surrounding whitespace of the header value
-+  EXPECT_EQ(observed_xff, "198.51.100.23 , 203.0.113.66 , 192.0.2.45");
-+  EXPECT_EQ(observed_remote_addr, "203.0.113.66");
-+}

cpp-httplib-0.28.0.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ccb32f9832c906d571f61794f453223dbb724ba738265551e3cd28ca325b529d
+size 1312543

cpp-httplib.changes

@@ -1,8 +1,82 @@
 -------------------------------------------------------------------
-Mon Dec 22 16:51:24 UTC 2025 - Antonio Teixeira <antonio.teixeira@suse.com>
+Mon Dec 22 20:58:05 UTC 2025 - Antonio Teixeira <antonio.teixeira@suse.com>
 
-- Add CVE-2025-66570.patch
-  * Fix CVE-2025-66570 (bsc#1254734) and CVE-2025-66577 (bsc#1254735)
+- Update to 0.28.0
+  * Fix HTTP 414 errors hanging until timeout
+  * CMake: Add HTTPLIB_SHARED option, don't define BUILD_SHARED_LIBS
+  * Add Client methods with both content provider and receiver
+  * Fix struct member initialization issue in getaddrinfo_with_timeout
+  * Add #undef _res after including resolv.h to prevent macro conflicts
+- 0.27.0 changes
+  * SSL Error Reporting Improvements
+  * SSL Client Certificate Authentication
+  * IPv6 Host Header Support
+  * Memory Safety Fix
+  * EventDispatcher Stability
+  * Threading Issues
+  * Build System Enhancements
+  * For full changelog see https://github.com/yhirose/cpp-httplib/releases/tag/v0.27.0
+- 0.26.0 changes
+  * Initialize start time for server to improve timing accuracy
+  * Addressed an unspecified issue reported in #2217
+  * Fix: handle EAI_ALLDONE from gai_suspend in getaddrinfo_with_timeout
+  * Fix #2223: Resolved issue as discussed in #2224
+  * Fix inconsistent use of macro TARGET_OS_OSX on macOS
+  * build(meson): Corrected new build option names for Meson build system
+  * Make code sample compilable
+  * Fix 32-bit MSVC compiler error due to unknown command #warning
+- Upstream release includes fixes for:
+  CVE-2025-66570 (boo#1254734)
+  CVE-2025-66577 (boo#1254735)
+- Add netcfg build requirement to fix tests
+  * The "SNI_AutoDetectionTest.SNI_Logic" test fails if localhost only resolves
+    to 127.0.0.1 (ipv4-only). netcfg provides the needed /etc/hosts config with
+    the ::1 localhost ipv6 entry.
+
+-------------------------------------------------------------------
+Tue Aug 12 12:05:54 UTC 2025 - Marius Grossu <marius.grossu@suse.com>
+
+- updated version to 0.25.0
+ * ErrorLogger Support
+ * Changed 32-bit Windows support from #error to #warning
+ * Unified _WIN64 macros to _WIN32 for better compatibility
+ * Improved Windows environment support
+ * CMake Pointer Size Check #2197
+ * Winndows Version Requirements #2191, #2192
+ * Better build-time compatibility detection
+ * Fixed Chocolatey OpenSSL compatibility issues
+ * Improved SSL functionality stability on Windows
+ * Resolved Windows version check problems
+ * Enhanced platform detection
+
+-------------------------------------------------------------------
+Mon Aug  4 21:10:04 UTC 2025 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- 0.24.0:
+  * URL Encoding/Decoding Improvements
+  * Accept Header Quality Value Parsing Exception Handling
+  * Missing Client::set_max_timeout Method Implementation
+- fix incorrect version in openSUSE package specific .pc file
+
+-------------------------------------------------------------------
+Tue Jul 22 23:58:47 UTC 2025 - Marius Grossu <marius.grossu@suse.com>
+
+- version update to 0.23.1
+  * Fix issue with HTTP handling #2021
+  * Fix specific bug addressed in this release #2111
+  * Resolve issue #366
+  * Resolve issue #1264
+  * Fix getaddrinfo stalling issue when network is down
+  * Fix proxy-related issues
+  * Fix #1656: Improve logging before compression #1656
+  * Add URL encoding helpers for user input in GET requests #2170
+  * Add SSL error access functionality #2169
+  * Cleaner API: API improvements #2166
+  * Add POST with content receiver feature #cfb56c0
+  * Add Params support for PUT/DELETE methods #b2bf172
+  * Complete removal of Windows 8 or lower support #2177
+  * Removal of 32-bit environment support (64-bit only) #2173
+  * Improve form field access methods #2171
 
 -------------------------------------------------------------------
 Tue Jun 24 14:39:29 UTC 2025 - Marius Grossu <marius.grossu@suse.com>

cpp-httplib.pc

@@ -5,7 +5,7 @@ libdir=${prefix}/lib64
 Name: cpp-httplib
 Description: A C++ HTTP/HTTPS server and client library
 URL: https://github.com/yhirose/cpp-httplib
-Version: 0.18.1
+Version: 0.0.0
 Requires.private: openssl >= 3.0.0, zlib, libbrotlicommon, libbrotlidec, libbrotlienc
 Libs: -L${libdir} -lcpp-httplib
 Libs.private: -pthread

cpp-httplib.spec

@@ -1,7 +1,8 @@
 #
 # spec file for package cpp-httplib
 #
-# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2025 SUSE LLC and contributors
+# Copyright (c) 2025 Andreas Stieger <Andreas.Stieger@gmx.de>
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -16,20 +17,19 @@
 #
 
 
-%define         sover 0.22
-%define         libver 0_22
+%define         sover 0.28
+%define         libver 0_28
 Name:           cpp-httplib
-Version:        0.22.0
+Version:        0.28.0
 Release:        0
 Summary:        A C++11 HTTP/HTTPS server and client library
 License:        MIT
 URL:            https://github.com/yhirose/cpp-httplib
 Source0:        %{url}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
 Source1:        %{name}.pc
-# PATCH-FIX-UPSTREAM CVE-2025-66570.patch bsc#1254734 bsc#1254735 antonio.teixeira@suse.com -- CVE-2025-66570, CVE-2025-66577 Untrusted HTTP Header Handling
-Patch0:         CVE-2025-66570.patch
+BuildRequires:  c++_compiler
 BuildRequires:  cmake
-BuildRequires:  gcc-c++
+BuildRequires:  netcfg
 BuildRequires:  pkgconfig(gtest)
 BuildRequires:  pkgconfig(libbrotlidec)
 BuildRequires:  pkgconfig(libbrotlienc)
@@ -70,7 +70,6 @@ sed -i 's|Version: 0.0.0|Version: %{version}|g' %{SOURCE1}
 
 %build
 %cmake \
-  -DBUILD_SHARED_LIBS=ON \
   -DHTTPLIB_REQUIRE_OPENSSL=ON \
   -DHTTPLIB_REQUIRE_ZLIB=ON \
   -DHTTPLIB_REQUIRE_BROTLI=ON \
@@ -98,6 +97,7 @@ rm -r %{buildroot}%{_datadir}/{licenses/httplib,doc/packages/cpp-httplib}
 %{_libdir}/lib%{name}.so.%{version}
 
 %files devel
+%license LICENSE
 %doc README.md example
 %{_libdir}/lib%{name}.so
 %{_includedir}/httplib.h