pool/curl
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- Update to 8.9.0:

Browse Source 
* Security fixes:
    - [bsc#1227888, CVE-2024-6197] curl: freeing stack buffer
      in utf8asn1str
    - [bsc#1228260, CVE-2024-6874] idn: tweak buffer use when
      converting with macidn
  * Changes:
    - curl: add --ip-tos (IP Type of Service / Traffic Class)
    - curl: add --mptcp
    - curl: add --vlan-priority
    - curl: add -w '%{num_retries}
    - gnutls: support CA caching
    - mbedtls: support CURLOPT_CERTINFO
    - noproxy: patterns need to be comma separated
    - socket: support binding to interface *AND* IP
    - tcpkeepalive: add CURLOPT_TCP_KEEPCNT and --keepalive-cnt
    - urlapi: add CURLU_NO_GUESS_SCHEME
    - wolfssl: support CA caching
  * Bugfixes:
    - connection: shutdown TLS (for FTP) better
    - curl-config: revert to backticks to support old target envs
    - curl: allow etag and content-disposition for 3xx reply
    - curl: bsearch the --write-out variable name
    - curl: check for --disable case *sensitively*
    - doh: fix leak and zero-length HTTPS RR crash
    - file: separate fake headers and body with a stand-alone CRLF
    - ftp: remove redundant null pointer check in loop condition
    - gnutls: improve TLS shutdown
    - gnutls: pass in SNI name, not hostname when checking cert
    - hostip: skip error check for infallible function call

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=371
This commit is contained in:
Pedro Monreal Gonzalez 2024-07-24 08:41:57 +00:00 committed by Git OBS Bridge
commit 6c4ee5ecf7
16 changed files with 6941 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.osc

3
_multibuild Normal file
View File

@ -0,0 +1,3 @@
<multibuild>
<package>mini</package>
</multibuild>

6
baselibs.conf Normal file
View File

@ -0,0 +1,6 @@
libcurl4
obsoletes "curl-<targettype> <= <version>"
provides "curl-<targettype> = <version>"
libcurl-devel
requires -curl-<targettype>
requires "libcurl4-<targettype> = <version>"

3
curl-8.8.0.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:0f58bb95fc330c8a46eeb3df5701b0d90c9d9bfcc42bd1cd08791d12551d4400
size 2748860

11
curl-8.8.0.tar.xz.asc Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmZNiQcACgkQXMkI/bce
EsKpxwf/XuUnVCDn7fC0t7I07jjovBc+CTgwMpgvXBHw2CdURhpdCLF3AHARcPLA
zwf8FhM2FB+K7A7JgMy9QZSDNfKkCLYMILqsn9U3sIOzGIinJJq9d89W8CuVhcEK
x4a0c4g0jax8p3EVHN5tio7EZTrfUHvnXY+PLUMx52v/0Q1OWagVYwkg4qTb5fHL
IrfXCQkg8b4kxw5p9d7n0OvyN6W2VdvIlX7ZxXPmjX9tQT6LK7KZj49P09oRzxsM
1UNF0A5YiNgsONJ4l1/tOQub9uE6pu+fhJ97XLzH1K1d1ha98dIE/veudCaqkZDq
CfvkeuN68zsv85MdvD6S16RC2JhhCA==
=ONcR
-----END PGP SIGNATURE-----

3
curl-8.9.0.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:ff09b2791ca56d25fd5c3f3a4927dce7c8a9dc4182200c487ca889fba1fdd412
size 2781828

11
curl-8.9.0.tar.xz.asc Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmagncYACgkQXMkI/bce
EsIf4wf/RVl/4hrfHsntyMCoM/SnY/PZlWommcAnfmSff0OAKV6OvtINkPUAyBdg
T1PGwkbPOLHB93NBFOm7bjSixbNgRL58gR3Rh+kvMKzx7G2Ug/gpWH3c8JHvwsHw
S4TCjuVGYsAWDn9/3y3qQNypmUMV8tIWslXoya5F9GtrnJEFItQ1efPPIra9nTtx
9XRrmB2/EUvPsdKmkztNP8NYaEyYDVPst+1HUv8+UdK5GL1wG8rAp2vPiofvHRDe
l9AiGu+d9U+UuqO8vNhqc46ii+h4Uj8Sk51mNf88TKAhEdKvPUMEaaySQzu23CKr
TCyqjvRyY12mEGT0bOX2xIsf0C665g==
=GGbI
-----END PGP SIGNATURE-----

20
curl-disabled-redirect-protocol-message.patch Normal file
View File

@ -0,0 +1,20 @@
Index: curl-7.82.0/lib/url.c
===================================================================
--- curl-7.82.0.orig/lib/url.c
+++ curl-7.82.0/lib/url.c
@@ -1832,9 +1832,13 @@ static CURLcode findprotocol(struct Curl
/* it is allowed for "normal" request, now do an extra check if this is
the result of a redirect */
if(data->state.this_is_a_follow &&
- !(data->set.redir_protocols & p->protocol))
+ !(data->set.redir_protocols & p->protocol)) {
/* nope, get out */
- ;
+ failf(data, "Redirect to protocol \"%s\" not supported or disabled in "
+ LIBCURL_NAME, protostr);
+
+ return CURLE_UNSUPPORTED_PROTOCOL;
+ }
else {
/* Perform setup complement if some. */
conn->handler = conn->given = p;

26
curl-make-install-curl-config.patch Normal file
View File

@ -0,0 +1,26 @@
From 4cc5657247183a0bc3b0969beeaea9acddb09d22 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 22 May 2024 08:43:43 +0200
Subject: [PATCH] docs/Makefile.am: make curl-config.1 install
on "make install" like it should
Follow-up to 60971d665b9b1df87082
Closes #13741
---
docs/Makefile.am | 1 +
1 file changed, 1 insertion(+)
diff --git a/docs/Makefile.am b/docs/Makefile.am
index 83f5b0c461cc0f..e9ef6284860555 100644
--- a/docs/Makefile.am
+++ b/docs/Makefile.am
@@ -28,6 +28,7 @@ if BUILD_DOCS
# if we disable man page building, ignore these
MK_CA_DOCS = mk-ca-bundle.1
CURLCONF_DOCS = curl-config.1
+man_MANS = curl-config.1
endif
CURLPAGES = curl-config.md mk-ca-bundle.md

41
curl-secure-getenv.patch Normal file
View File

@ -0,0 +1,41 @@
Index: curl-8.5.0/lib/getenv.c
===================================================================
--- curl-8.5.0.orig/lib/getenv.c
+++ curl-8.5.0/lib/getenv.c
@@ -29,6 +29,14 @@
#include "memdebug.h"
+#ifndef HAVE_SECURE_GETENV
+# ifdef HAVE___SECURE_GETENV
+# define secure_getenv __secure_getenv
+# else
+# error neither secure_getenv nor __secure_getenv is available
+# endif
+#endif
+
static char *GetEnv(const char *variable)
{
#if defined(_WIN32_WCE) || defined(CURL_WINDOWS_APP) || \
@@ -69,7 +77,7 @@ static char *GetEnv(const char *variable
/* else rc is bytes needed, try again */
}
#else
- char *env = getenv(variable);
+ char *env = secure_getenv(variable);
return (env && env[0])?strdup(env):NULL;
#endif
}
Index: curl-8.5.0/configure.ac
===================================================================
--- curl-8.5.0.orig/configure.ac
+++ curl-8.5.0/configure.ac
@@ -4767,6 +4767,8 @@ if test "x$want_curldebug_assumed" = "xy
ac_configure_args="$ac_configure_args --enable-curldebug"
fi
+AC_CHECK_FUNCS([__secure_getenv secure_getenv])
+
AC_CONFIG_FILES([Makefile \
docs/Makefile \
docs/examples/Makefile \

6350
curl.changes Normal file
View File

File diff suppressed because it is too large Load Diff

77
curl.keyring Normal file
View File

@ -0,0 +1,77 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2
mQGiBD6tnnoRBACRPnFBVoapBrTpPrCNZ2rq3DcmW6n/soQJW47+zP+vcrcxQ1WJ
QiWSzLGO+QOIUZSYfnliR22r8HkFX9EUSW3IAcRMJMsaO3wMJ0a+78a9QqWLp6RV
0arcQkuuCvG79h+yJ6NnoAXe1geRt8vNGsaWtsS91CtYlTSs6JVtaRLnYwCg/Ly1
EFgvNZ6SJRc/8I5rRv0lrz8D/0goih2kZ5z4SI+r2hgABNcN7g565YwGKaQDbIch
soh3OBzgETWc3wuAZqmCzQXPXMpMx+ziqX6XDzDKNiGL1CdrBJQd0II8UutWVDje
f9UxLfo02YQ8diGYeq0u9k1RezC13w4TVUmQfg0Uqn4xM6DNzO1O6yCK8rlNwsvL
gHNJA/9m1pfzjpvdxtmJNKRU3C4cRCjXhxNdM7laSEj0/wOGaR2QWWEge51orWwo
SLQUIe4BDPvtRStQHC+tI7qr7d12rMMEBXviJC5EkGBOzlgWr9virjM/u/pkGMc2
m5r3pVuWH/JSsHsV952y2kWP64uP4zdLXOpVzX/xs0sYJ9nOPLQnRGFuaWVsIFN0
ZW5iZXJnIChIYXh4KSA8ZGFuaWVsQGhheHguc2U+iF4EExECAB4CHgECF4AFAlQU
ki4FCwkIBwMFFQoJCAsFFgIDAQAACgkQeOEcayedXJEOOwCggCsNHdAQPAlPte3w
i2IZEekkM0YAoOXXPFAWjUwIHjZY41l7WgzACbANiFkEExECABkFAj6tnnoECwcD
AgMVAgMDFgIBAh4BAheAAAoJEHjhHGsnnVyRjngAoO1y3LoSOEgD8vR062cdYDmv
jLvVAJ0dmp1UiuQp+oMyq2VbWyw8LXN1XLkBDQQ+rZ59EAQAmYsA8gPjJ75gOIPb
XNg9Z31QzIz65qS9XdNsFNAdKxnY4b72nhc0oaS9/7Dcdf2Q+1mDa2p72DWk+9iz
7knmBL++csBP2z9eMe5h8oV53prqNOHDHyL3WLOa25ga9381gZnzWoQME74iSBBM
wDw8vbLEgIZ34JaQ7Oe+9N3+6n8AAwcD/Av+Ms+3gCc5pLp4nx36qqi36fodaG9+
dwIcMbr9bivEtjmDHeuPsD6X1J9+Y/ikUBIDpMPv33lJxLoubOtpLhEuN2XN/ojT
rueVPDKA1f+GyfHnyfpf/78IgX1hGVqu/3RBWKPpXFwSZA4q8vFR+FaPC5WbU68t
FLJpYuC9ZO/LiEYEGBECAAYFAj6tnn0ACgkQeOEcayedXJGtPQCgxrbd59afemZ9
OIadZD8kUGC29dUAoJ94aGUkWCwoEiPyEZRGXv9XRlfxmQENBFcGhyIBCAC79AIx
5hHixKmNtqbryuZTDwlt9XXkEn/QSrQD3pzgbsbBiWyqOV4hfscvtmoqA7koOw4h
zZ/b8pJPA36eNzqMFIbkWpIit/BwA5bTKRkKXeD2kBFkjIN+iDuXawwhv7eNKH9O
poAUe0K/esK/kvbMO721q24IgkOjB1Vtr/Y4Xkg7+VWVP0LFh7C/2Nwq6n2bktsA
Ey9uCDD1hl8BdckN/XxpuUqSfxbF85GvYzzON67zOxxo6jqRXXcJ2PdPq0o9Ak0d
6Fe7g9ZxOAeuYEbFTCZHBBccx84K0Bhn5tpqoq8Mq3f3mZfGBoe4J6wr17cxEDC8
tTHUpDqk0CoLERUxABEBAAG0IERhbmllbCBTdGVuYmVyZyA8ZGFuaWVsQGhheHgu
c2U+iQE3BBMBCgAhBQJXBociAhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJ
EPn+r/nTShvbHoAIAJDwb7dcAX4VGPa2oSuQqVnHsjDE7g8ATmcZq2IAzAG6bZg1
svuhNyPQnL7kNrsz6Ew+yE4vH8mOjDUbc3feY4MzmtEMaB6VS0Xlna6cdtWkv4Y+
Us4TuYSdftPZuZgI3nN/sXLlxWJCZgCPJJaGM6dXgyTFatk2P1LE98Qif7+ZMqfv
+BA5L6cy2cAwJ5qbvLtuT25rTxooN54JETfwdhUD1NEIqTQxeC4E5lFvwedjAjLh
Gswau8WMCdM/HzGbuQ9Gp3/RafYoAvMV6r6sskvUrWubCHj0u+uNgOpUHvlrwcFg
rBirzQdElumCWqbJVCH0V5NcP/zSz1U1W8wSRqS5AQ0EVwaHIgEIALyCqpnax0cL
y7EK3UiU2Kkryb7LPsZkia9hTcIZjNg0B8XAdqDYpHiquYtX0cz5I1sSZMBJ/xJP
BF2ce/bmOTJtyW3GaF9a+M2zboZSzx9nlv9xx0o3bXBrBlL2vaG2TW+x2G53GA0/
0chbj35PR+fvJx8ob/fHwCkfzGb1qCzwovhwGVUNHqI5bxK/xVwXfiycbllE3Hmf
09BGeXKR7gQtaal8byKKlqCtayteEaPNQt6czYxZkVAOvY4ZDQKSZJUNwGFog3bG
6rHr1J/0un6nAvX+wMuvRkUDiQxZZCel7e0Qcg3gPrYh+adlr0Tn7wyCP7/BULz8
67fQfzc2ENkAEQEAAYkBHwQYAQoACQUCVwaHIgIbDAAKCRD5/q/500ob27KaB/9H
a+iDip6mxFdoqy7TAefBy7KgbMQxxT926IcFqf70aJDzeVQI3lGCqN9GW03d+wPr
LoyeQBQKNxxfQ9fEOvp1AXGWFIYYtEZIvQBpIqaSaA7W5IzqfDuO9xG89DNn8zKK
nh/mbYJov/fywhBU6JH7bqdFSHbqoG9TY64s0BkV6shIVOubXLSG5G7LxXhw+xrb
0zl4ie2wCeCBOLdbGHc+o2sKo1rBEz6UBK2DesPfkzxBO7lfa9HTcN03UJPHXmzb
2mCbeFV8yPsTAoaGv4qZH1+FX+9Lv374xTSXa4CjQzSxd0dkZGG+YQjocoPftgsC
OVsiqW0WhRVIEJ+hBAMUmQENBFcGiPEBCAC7sCnaZqWxfXNgBC7P28BSDUs9w4y/
PEFsOv9bpgbgZagX1FnhG0eV71nm0p8v9T8Bft1eXaBd977Dq9pgk5qKO0xZo8fC
8prFqB5db7fMUvPZCuJTTb6lGMz4OdfT6aHqUvJ+LFF1mKn8Eqt1Q4snHGSL1PI3
/+435qDRQsU15GdYrj1waNJKk79aes9oguaI2/OTQqzIcOFK5tJjlSOD1ryOIH1e
8vD+5MMpGvsRxv3sQHeTZkfZbkzSLFg/LKpoiQkyql1+BLNhBYq8oaE/jlvQrTEk
bAyKpMScdyHwmkWWKjyZtXTrAtlComnki4yC2lAV9MXINHHvNJBcIXvVABEBAAG0
IERhbmllbCBTdGVuYmVyZyA8ZGFuaWVsQGhheHguc2U+iQE3BBMBCgAhBQJXBojx
AhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEFzJCP23HhLCOKkH/1CyoKiN
2PCgTlWoYQspv/AAmsj+cFwZobI167KowA+o3zxQqxg0MV3ds8G+iig9OIuYurlQ
L5Jr3CbDltaiXdWtVteRh/VKp61EwyXq77vjJbx81hvOuaXWWLSlU0KB3w7Hj6aD
/mt16DpOcY9Aw90mKyvafRTqMF7TcT7J5HeGn2NL45dPkAhiMDEgEnw9yBTxK/x6
UoQGPgiOWxSSN7Foj3mhUOflp8W0rnkLbJ4icpym6WuLKRMKAefDvk8GVlAWuXAb
9gloL1P6u3uNHllq/IODR2bZUBI0QNKhvt0iSj7WKsc/kaqscl+AE9jd/6kXd6vh
TNFWdzeco/2mGlaIRgQQEQoABgUCVwaJ/AAKCRB44RxrJ51ckWcaAKCJ6+arS/3k
IMcO14Jz8dVf2BH3OACgwTenVSsK66qi+VfGCoALpzpiLDO5AQ0EVwaI8QEIAOxQ
AEvF3idxcn80tbUhJg1J98fAS7Hx3WhlFG74uAikZQl1KZrprBu70RWTb7Nm1tvZ
eXW65IlY7kk42bhfYDs1JrIPWOWKvVwKWDxoEbYgW/yvy1TOuXH276zbxLl5OEE8
sQuOfXZsFSX2IPF9hsgNGaNzor8Ke7Y5BuCQLcGZWW5dLFbbKRKjXG8CaWmsJVoI
c2nyXCAss2q9oCJ13X/5z+Ei392rwi1d3NxAYkSiDQan+fkWkCvZH+dHmFjQ1AND
KielxcW1VfilK1hu9ziBBDf8TCEud/q0woIAH7rvIft4i3CqjymonByE4/OjfH8j
4EteQ8qoknMCjjwNVqkAEQEAAYkBHwQYAQoACQUCVwaI8QIbDAAKCRBcyQj9tx4S
wupjB/9TV4anbZK58bN7QJ5qGnU3GNjlvWFZXMw1u1xVc7abDJyqmFeJcJ4qLUkv
BA0OsvlVnMWmeCmzsXhlQVM4Bv6IWyr7JBWgkK5q2CWVB59V7v7znf5kWnMGFhDF
PlLsGbxDWLMoZGH+Iy84whMJFgferwCJy1dND/bHXPztfhvFXi8NNlJUFJa8Xtmu
gm78C+nwNHcFpVC70HPr3oa8U1ODXMp7L8W/dL3eLYXmRCNd0urHgYrzDt6V/zf5
ymvPk5w4HBocn2oRCJj/FXKhFAUptmpTE3g1yvYULmuFcNGAnPAExmAmd6NqsCmb
j/qx4ytjt5uxt6Jm6IXV9cry8i6x
=Phs/
-----END PGP PUBLIC KEY BLOCK-----

258
curl.spec Normal file
View File

@ -0,0 +1,258 @@
#
# spec file for package curl
#
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%bcond_without testsuite
# need ssl always for python-pycurl
%bcond_without openssl
%define target @BUILD_FLAVOR@%{nil}
%if "%{target}" == "mini"
%bcond_without mini
%global psuffix -mini
%else
%bcond_with mini
%global psuffix %{nil}
%endif
Name: curl%{?psuffix}
Version: 8.9.0
Release: 0
Summary: A Tool for Transferring Data from URLs
License: curl
URL: https://curl.se
Source: https://curl.se/download/curl-%{version}.tar.xz
Source2: https://curl.se/download/curl-%{version}.tar.xz.asc
Source3: baselibs.conf
Source4: https://daniel.haxx.se/mykey.asc#/curl.keyring
Patch0: libcurl-ocloexec.patch
Patch1: dont-mess-with-rpmoptflags.patch
Patch2: curl-secure-getenv.patch
#PATCH-FIX-OPENSUSE bsc#1076446 protocol redirection not supported or disabled
Patch3: curl-disabled-redirect-protocol-message.patch
BuildRequires: groff
BuildRequires: libtool
BuildRequires: pkgconfig
BuildRequires: pkgconfig(libidn2)
# Disable metalink [bsc#1188218, CVE-2021-22923][bsc#1188217, CVE-2021-22922]
# BuildRequires: pkgconfig(libmetalink)
BuildRequires: pkgconfig(libnghttp2)
BuildRequires: pkgconfig(libpsl)
BuildRequires: pkgconfig(libzstd)
BuildRequires: pkgconfig(zlib)
Requires: libcurl4 = %{version}
%if %{with openssl}
BuildRequires: pkgconfig(libssl)
%endif
%if !%{with mini}
BuildRequires: openldap2-devel
BuildRequires: pkgconfig(krb5)
BuildRequires: pkgconfig(libbrotlidec)
BuildRequires: pkgconfig(libssh)
%endif
%if 0%{?_with_stunnel:1}
# used by the testsuite
BuildRequires: stunnel
%endif
%description
Curl is a client to get documents and files from or send documents to a
server using any of the supported protocols (HTTP, HTTPS, FTP, FTPS,
TFTP, DICT, TELNET, LDAP, or FILE). The command is designed to work
without user interaction or any kind of interactivity.
%package -n libcurl%{?psuffix}4
Summary: Library for transferring data from URLs
%if %{with mini}
Provides: libcurl4 = %{version}
%else
Obsoletes: libcurl-mini4 <= %{version}
%endif
%description -n libcurl%{?psuffix}4
The cURL shared library for accessing data using different
network protocols.
%if !%{with mini}
%package -n libcurl-devel
Summary: Development files for the curl library
Requires: glibc-devel
Requires: libcurl4 = %{version}
Provides: curl-devel = %{version}
Obsoletes: curl-devel < %{version}
%description -n libcurl-devel
Curl is a client to get documents and files from or send documents to a
server using any of the supported protocols (HTTP, HTTPS, FTP, GOPHER,
DICT, TELNET, LDAP, or FILE). The command is designed to work without
user interaction or any kind of interactivity.
%package -n libcurl-devel-doc
Summary: Manual pages for libcurl
Provides: libcurl-devel:%{_mandir}/man1/curl-config.1%{?ext_man}
BuildArch: noarch
%description -n libcurl-devel-doc
Manual pages for the libcurl C API.
%package fish-completion
Summary: Fish completion for curl
Group: System/Shells
Requires: fish
Supplements: (curl and fish)
BuildArch: noarch
%description fish-completion
Fish command line completion support for %name.
%package zsh-completion
Summary: Zsh Completion for %name
Group: System/Shells
Requires: zsh
Supplements: (curl and zsh)
BuildArch: noarch
%description zsh-completion
ZSH command line completion support for %name.
%endif
%prep
%autosetup -p1 -n curl-%{version}
%build
# curl complains if macro definition is contained in CFLAGS
# see m4/xc-val-flgs.m4
CPPFLAGS="-D_FORTIFY_SOURCE=2"
CFLAGS=$(echo "%{optflags}" | sed -e 's/-D_FORTIFY_SOURCE=2//')
export CPPFLAGS
export CFLAGS="$CFLAGS -fPIE"
export LDFLAGS="$LDFLAGS -Wl,-z,defs,-z,now,-z,relro -pie"
autoreconf -fiv
# local hack to make curl-config --libs stop printing libraries it depends on
# (currently, libtool sets link_all_deplibs=(yes|unknown) everywhere,
# will hopefully change in the future)
sed -i 's/\(link_all_deplibs=\)unknown/\1no/' configure
%configure \
--enable-hsts \
--enable-ipv6 \
%if %{with openssl}
--with-openssl \
--with-ca-fallback \
--without-ca-path \
--without-ca-bundle \
%else
--without-openssl \
%endif
--with-libidn2 \
--with-nghttp2 \
--enable-docs \
%if %{with mini}
--disable-dict \
--disable-ftp \
--disable-gopher \
--disable-imap \
--disable-mqtt \
--disable-ntlm \
--disable-ntlm-wb \
--disable-pop3 \
--disable-rtsp \
--disable-smtp \
--disable-telnet \
--disable-tftp \
--disable-tls-srp \
--disable-websockets \
--without-brotli \
--without-libssh \
%else
--with-gssapi=$(krb5-config --prefix) \
--with-brotli \
--with-libssh \
%endif
--enable-symbol-hiding \
--disable-static \
--enable-threaded-resolver \
--with-zsh-functions-dir=%{_datadir}/zsh/site-functions/ \
--with-fish-functions-dir=%{_datadir}/fish/vendor_completions.d
# if this fails, the above sed hack did not work
./libtool --config | grep -q link_all_deplibs=no
# enable-hidden-symbols needs gcc4 and causes that curl exports only its API
%make_build
%if %{with testsuite}
%check
pushd tests
%make_build
find -type f -name "*.pl" -exec sed -i 's|#!.*/usr/bin/env perl|#!/usr/bin/perl|' "{}" +
find -type f -name "*.py" -exec sed -i 's|#!.*/usr/bin/env python.*|#!/usr/bin/python3|' "{}" +
perl ./runtests.pl -a -v -p '!flaky' || exit
popd
%endif
%install
%make_install
rm -f %{buildroot}%{_libdir}/libcurl.la
%if %{with mini}
rm -rv %{buildroot}%{_includedir}/curl %{buildroot}/%{_libdir}/pkgconfig %{buildroot}%{_datadir}
rm -v %{buildroot}%{_bindir}/curl %{buildroot}%{_bindir}/curl-config %{buildroot}%{_libdir}/libcurl.so
%else
install -Dm 0644 docs/libcurl/libcurl.m4 %{buildroot}%{_datadir}/aclocal/libcurl.m4
pushd scripts
%make_install
popd
%endif
%ldconfig_scriptlets -n libcurl%{?psuffix}4
%files -n libcurl%{?psuffix}4
%license COPYING
%{_libdir}/libcurl.so.4*
%if !%{with mini}
%files
%doc README RELEASE-NOTES CHANGES
%doc docs/{BUGS.md,FAQ,FEATURES.md,TODO,TheArtOfHttpScripting.md}
%{_bindir}/curl
%{_mandir}/man1/curl.1%{?ext_man}
%files zsh-completion
%dir %{_datadir}/zsh
%dir %{_datadir}/zsh/site-functions
%{_datadir}/zsh/site-functions/_curl
%files fish-completion
%dir %{_datadir}/fish/
%dir %{_datadir}/fish/vendor_completions.d/
%{_datadir}/fish/vendor_completions.d/curl.fish
%files -n libcurl-devel
%{_bindir}/curl-config
%{_includedir}/curl
%dir %{_datadir}/aclocal/
%{_datadir}/aclocal/libcurl.m4
%{_libdir}/libcurl.so
%{_libdir}/pkgconfig/libcurl.pc
%files -n libcurl-devel-doc
%{_mandir}/man1/curl-config.1%{?ext_man}
%{_mandir}/man3/*
%doc docs/libcurl/symbols-in-versions
%endif
%changelog

15
dont-mess-with-rpmoptflags.patch Normal file
View File

@ -0,0 +1,15 @@
Index: curl-8.6.0/configure.ac
===================================================================
--- curl-8.6.0.orig/configure.ac
+++ curl-8.6.0/configure.ac
@@ -506,10 +506,6 @@ dnl ************************************
CURL_CHECK_COMPILER
CURL_CHECK_NATIVE_WINDOWS
-CURL_SET_COMPILER_BASIC_OPTS
-CURL_SET_COMPILER_DEBUG_OPTS
-CURL_SET_COMPILER_OPTIMIZE_OPTS
-CURL_SET_COMPILER_WARNING_OPTS
if test "$compiler_id" = "INTEL_UNIX_C"; then
#

93
libcurl-ocloexec.patch Normal file
View File

@ -0,0 +1,93 @@
Open library file descriptors with O_CLOEXEC
This patch is non-portable, it needs linux 2.6.23 and glibc 2.7
or later, different combinations (old linux, new glibc and vice-versa)
will result in a crash.
To make it portable you have to test O_CLOEXEC support at *runtime*
compile time is not enough.
Index: curl-8.9.0/lib/file.c
===================================================================
--- curl-8.9.0.orig/lib/file.c
+++ curl-8.9.0/lib/file.c
@@ -242,7 +242,7 @@ static CURLcode file_connect(struct Curl
}
}
#else
- fd = open_readonly(real_path, O_RDONLY);
+ fd = open_readonly(real_path, O_RDONLY|O_CLOEXEC);
file->path = real_path;
#endif
#endif
@@ -329,7 +329,7 @@ static CURLcode file_upload(struct Curl_
else
mode = MODE_DEFAULT|O_TRUNC;
- fd = open(file->path, mode, data->set.new_file_perms);
+ fd = open(file->path, mode|O_CLOEXEC, data->set.new_file_perms);
if(fd < 0) {
failf(data, "cannot open %s for writing", file->path);
return CURLE_WRITE_ERROR;
Index: curl-8.9.0/lib/if2ip.c
===================================================================
--- curl-8.9.0.orig/lib/if2ip.c
+++ curl-8.9.0/lib/if2ip.c
@@ -208,7 +208,7 @@ if2ip_result_t Curl_if2ip(int af,
if(len >= sizeof(req.ifr_name))
return IF2IP_NOT_FOUND;
- dummy = socket(AF_INET, SOCK_STREAM, 0);
+ dummy = socket(AF_INET, SOCK_STREAM|SOCK_CLOEXEC, 0);
if(CURL_SOCKET_BAD == dummy)
return IF2IP_NOT_FOUND;
Index: curl-8.9.0/configure.ac
===================================================================
--- curl-8.9.0.orig/configure.ac
+++ curl-8.9.0/configure.ac
@@ -441,6 +441,8 @@ AC_DEFINE_UNQUOTED(OS, "${host}", [cpu-m
# Silence warning: ar: 'u' modifier ignored since 'D' is the default
AC_SUBST(AR_FLAGS, [cr])
+AC_USE_SYSTEM_EXTENSIONS
+
dnl This defines _ALL_SOURCE for AIX
CURL_CHECK_AIX_ALL_SOURCE
Index: curl-8.9.0/lib/hostip.c
===================================================================
--- curl-8.9.0.orig/lib/hostip.c
+++ curl-8.9.0/lib/hostip.c
@@ -44,6 +44,7 @@
#include <setjmp.h>
#include <signal.h>
+#include <fcntl.h>
#include "urldata.h"
#include "sendf.h"
#include "hostip.h"
@@ -616,7 +617,7 @@ bool Curl_ipv6works(struct Curl_easy *da
else {
int ipv6_works = -1;
/* probe to see if we have a working IPv6 stack */
- curl_socket_t s = socket(PF_INET6, SOCK_DGRAM, 0);
+ curl_socket_t s = socket(PF_INET6, SOCK_DGRAM|SOCK_CLOEXEC, 0);
if(s == CURL_SOCKET_BAD)
/* an IPv6 address was requested but we cannot get/use one */
ipv6_works = 0;
Index: curl-8.9.0/lib/cf-socket.c
===================================================================
--- curl-8.9.0.orig/lib/cf-socket.c
+++ curl-8.9.0/lib/cf-socket.c
@@ -360,7 +360,9 @@ static CURLcode socket_open(struct Curl_
}
else {
/* opensocket callback not set, so simply create the socket now */
- *sockfd = socket(addr->family, addr->socktype, addr->protocol);
+ *sockfd = socket(addr->family,
+ addr->socktype|SOCK_CLOEXEC,
+ addr->protocol);
}
if(*sockfd == CURL_SOCKET_BAD)