195 lines
6.5 KiB
RPMSpec
195 lines
6.5 KiB
RPMSpec
#
|
|
# spec file for package curl
|
|
#
|
|
# Copyright (c) 2022-2023 ZhuningOS
|
|
#
|
|
|
|
|
|
%bcond_without testsuite
|
|
%bcond_with mozilla_nss
|
|
# need ssl always for python-pycurl
|
|
%bcond_without openssl
|
|
Name: curl
|
|
Version: 8.0.1
|
|
Release: 150400.5.41.1
|
|
Summary: A Tool for Transferring Data from URLs
|
|
License: curl
|
|
URL: https://curl.se
|
|
Source: https://curl.se/download/curl-%{version}.tar.xz
|
|
Source2: https://curl.se/download/curl-%{version}.tar.xz.asc
|
|
Source3: baselibs.conf
|
|
Source4: https://daniel.haxx.se/mykey.asc#/curl.keyring
|
|
Patch0: libcurl-ocloexec.patch
|
|
Patch1: dont-mess-with-rpmoptflags.patch
|
|
Patch2: curl-secure-getenv.patch
|
|
#PATCH-FIX-OPENSUSE bsc#1076446 protocol redirection not supported or disabled
|
|
Patch3: curl-disabled-redirect-protocol-message.patch
|
|
#PATCH-FIX-UPSTREAM bsc#1211230 CVE-2023-28319 use-after-free in SSH sha256 fingerprint check
|
|
Patch4: curl-CVE-2023-28319.patch
|
|
#PATCH-FIX-UPSTREAM bsc#1211231 CVE-2023-28320 siglongjmp race condition
|
|
Patch5: curl-CVE-2023-28320.patch
|
|
#PATCH-FIX-UPSTREAM bsc#1211232 CVE-2023-28321 IDN wildcard match
|
|
Patch6: curl-CVE-2023-28321.patch
|
|
#PATCH-FIX-UPSTREAM bsc#1211233 CVE-2023-28322 POST-after-PUT confusion
|
|
Patch7: curl-CVE-2023-28322.patch
|
|
#PATCH-FIX-UPSTREAM bsc#1213237 CVE-2023-32001 fopen race condition
|
|
Patch8: curl-CVE-2023-32001.patch
|
|
#PATCH-FIX-UPSTREAM bsc#1215026 CVE-2023-38039 HTTP headers eat all memory
|
|
Patch9: curl-CVE-2023-38039.patch
|
|
#PATCH-FIX-UPSTREAM bsc#1215888 CVE-2023-38545 SOCKS5 heap buffer overflow
|
|
Patch10: curl-CVE-2023-38545.patch
|
|
#PATCH-FIX-UPSTREAM bsc#1215889 CVE-2023-38546 cookie injection with none file
|
|
Patch11: curl-CVE-2023-38546.patch
|
|
#PATCH-FIX-UPSTREAM bsc#1217573 CVE-2023-46218 cookie mixed case PSL bypass
|
|
Patch12: curl-CVE-2023-46218.patch
|
|
#PATCH-FIX-UPSTREAM bsc#1217574 CVE-2023-46219 HSTS long file name clears contents
|
|
Patch13: curl-CVE-2023-46219.patch
|
|
#PATCH-FIX-UPSTREAM bsc#1216987 libssh: Implement SFTP packet size limit
|
|
Patch14: curl-libssh_Implement_SFTP_packet_size_limit.patch
|
|
BuildRequires: libtool
|
|
BuildRequires: pkgconfig
|
|
Requires: libcurl4 = %{version}
|
|
BuildRequires: groff
|
|
BuildRequires: lzma
|
|
BuildRequires: openldap2-devel
|
|
BuildRequires: pkgconfig(krb5)
|
|
BuildRequires: pkgconfig(libbrotlidec)
|
|
BuildRequires: pkgconfig(libidn2)
|
|
# Disable metalink [bsc#1188217, CVE-2021-22922][bsc#1188218, CVE-2021-22923]
|
|
# BuildRequires: pkgconfig(libmetalink)
|
|
BuildRequires: pkgconfig(libnghttp2)
|
|
BuildRequires: pkgconfig(libpsl)
|
|
BuildRequires: pkgconfig(libssh)
|
|
BuildRequires: pkgconfig(libzstd)
|
|
BuildRequires: pkgconfig(zlib)
|
|
%if %{with openssl}
|
|
BuildRequires: pkgconfig(libssl)
|
|
%endif
|
|
%if %{with mozilla_nss}
|
|
BuildRequires: mozilla-nss-devel
|
|
%endif
|
|
#BuildRequires: openssh
|
|
%if 0%{?_with_stunnel:1}
|
|
# used by the testsuite
|
|
BuildRequires: stunnel
|
|
%endif
|
|
|
|
%description
|
|
Curl is a client to get documents and files from or send documents to a
|
|
server using any of the supported protocols (HTTP, HTTPS, FTP, FTPS,
|
|
TFTP, DICT, TELNET, LDAP, or FILE). The command is designed to work
|
|
without user interaction or any kind of interactivity.
|
|
|
|
%package -n libcurl4
|
|
Summary: Library for transferring data from URLs
|
|
|
|
%description -n libcurl4
|
|
The cURL shared library for accessing data using different
|
|
network protocols.
|
|
|
|
%package -n libcurl-devel
|
|
Summary: Development files for the curl library
|
|
Requires: glibc-devel
|
|
Requires: libcurl4 = %{version}
|
|
Provides: curl-devel = %{version}
|
|
Obsoletes: curl-devel < %{version}
|
|
|
|
%description -n libcurl-devel
|
|
Curl is a client to get documents and files from or send documents to a
|
|
server using any of the supported protocols (HTTP, HTTPS, FTP, GOPHER,
|
|
DICT, TELNET, LDAP, or FILE). The command is designed to work without
|
|
user interaction or any kind of interactivity.
|
|
|
|
%prep
|
|
%setup -q -n curl-%{version}
|
|
%autopatch -p1
|
|
|
|
%build
|
|
# curl complains if macro definition is contained in CFLAGS
|
|
# see m4/xc-val-flgs.m4
|
|
CPPFLAGS="-D_FORTIFY_SOURCE=2"
|
|
CFLAGS=$(echo "%{optflags}" | sed -e 's/-D_FORTIFY_SOURCE=2//')
|
|
export CPPFLAGS CFLAGS
|
|
export CFLAGS="$CFLAGS -fPIE"
|
|
export LDFLAGS="$LDFLAGS -Wl,-z,defs,-z,now,-z,relro -pie"
|
|
autoreconf -fiv
|
|
# local hack to make curl-config --libs stop printing libraries it depends on
|
|
# (currently, libtool sets link_all_deplibs=(yes|unknown) everywhere,
|
|
# will hopefully change in the future)
|
|
sed -i 's/\(link_all_deplibs=\)unknown/\1no/' configure
|
|
%configure \
|
|
--enable-ipv6 \
|
|
%if %{with openssl}
|
|
--with-openssl \
|
|
--with-ca-fallback \
|
|
--without-ca-path \
|
|
--without-ca-bundle \
|
|
%else
|
|
--without-openssl \
|
|
%if %{with mozilla_nss}
|
|
--with-nss \
|
|
%endif
|
|
%endif
|
|
--with-gssapi=%{_libexecdir}/mit \
|
|
--with-libidn2 \
|
|
--with-libssh \
|
|
--enable-symbol-hiding \
|
|
--disable-static \
|
|
--enable-threaded-resolver
|
|
|
|
# if this fails, the above sed hack did not work
|
|
./libtool --config | grep -q link_all_deplibs=no
|
|
# enable-hidden-symbols needs gcc4 and causes that curl exports only its API
|
|
%make_build
|
|
|
|
%if %{with testsuite}
|
|
%check
|
|
pushd tests
|
|
%make_build
|
|
|
|
find -type f -name "*.pl" -exec sed -i 's|#!.*/usr/bin/env perl|#!/usr/bin/perl|' "{}" +
|
|
find -type f -name "*.py" -exec sed -i 's|#!.*/usr/bin/env python.*|#!/usr/bin/python3|' "{}" +
|
|
|
|
perl ./runtests.pl -a -v -p '!flaky' || exit
|
|
popd
|
|
%endif
|
|
|
|
%install
|
|
%make_install
|
|
rm -f %{buildroot}%{_libdir}/libcurl.la
|
|
install -Dm 0644 docs/libcurl/libcurl.m4 %{buildroot}%{_datadir}/aclocal/libcurl.m4
|
|
pushd scripts
|
|
%make_install
|
|
popd
|
|
|
|
%post -n libcurl4 -p /sbin/ldconfig
|
|
%postun -n libcurl4 -p /sbin/ldconfig
|
|
|
|
%files
|
|
%doc README RELEASE-NOTES CHANGES
|
|
%doc docs/{BUGS.md,FAQ,FEATURES.md,TODO,TheArtOfHttpScripting.md}
|
|
%{_bindir}/curl
|
|
%{_datadir}/zsh/site-functions/_curl
|
|
%{_mandir}/man1/curl.1%{?ext_man}
|
|
%dir %{_datadir}/zsh
|
|
%dir %{_datadir}/zsh/site-functions
|
|
%dir %{_datadir}/fish/
|
|
%dir %{_datadir}/fish/vendor_completions.d/
|
|
%{_datadir}/fish/vendor_completions.d/curl.fish
|
|
|
|
%files -n libcurl4
|
|
%license COPYING
|
|
%{_libdir}/libcurl.so.4*
|
|
|
|
%files -n libcurl-devel
|
|
%{_bindir}/curl-config
|
|
%{_includedir}/curl
|
|
%dir %{_datadir}/aclocal/
|
|
%{_datadir}/aclocal/libcurl.m4
|
|
%{_libdir}/libcurl.so
|
|
%{_libdir}/pkgconfig/libcurl.pc
|
|
%{_mandir}/man1/curl-config.1%{?ext_man}
|
|
%{_mandir}/man3/*
|
|
%doc docs/libcurl/symbols-in-versions
|
|
|
|
%changelog
|