File curl.spec of Package curl.12450

#
# spec file for package curl
#
# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via https://bugs.opensuse.org/
#


%bcond_without openssl
%bcond_with mozilla_nss
%bcond_without testsuite

Name:           curl
Version:        7.37.0
Release:        0
Summary:        A Tool for Transferring Data from URLs
License:        BSD-3-Clause AND MIT
Group:          Productivity/Networking/Web/Utilities
Url:            http://curl.haxx.se/
Source:         http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
Source2:        http://curl.haxx.se/download/%{name}-%{version}.tar.lzma.asc
Source3:        baselibs.conf
Source4:        %{name}.keyring
Patch:          libcurl-ocloexec.patch
Patch1:         dont-mess-with-rpmoptflags.diff
Patch3:         curl-secure-getenv.patch
Patch6:         curl-DEFAULT_CIPHER_SELECTION.patch
Patch7:         curl-CVE-2014-3613.patch
Patch8:         curl-CVE-2014-3620.patch
Patch9:         curl-CVE-2014-8150.patch
Patch10:        curl-CVE-2014-3707.patch
Patch11:        curl-allow_md4_and_md5_in_fips_mode.patch
Patch12:        curl-CVE-2015-3143.patch
Patch13:        curl-CVE-2015-3144.patch
Patch14:        curl-CVE-2015-3145.patch
Patch15:        curl-CVE-2015-3148.patch
Patch16:        curl-CVE-2015-3153.patch
Patch17:        0001-test46-update-cookie-expire-time.patch
Patch18:        curl-CVE-2016-0755.patch
Patch19:        curl-disable_failing_tests.patch
# PATCH-FIX-UPSTREAM fix-return-status-in-Curl_is_connected.patch -- Fixes error handling in Curl_is_connected by backporting some code from upstream
Patch20:        fix-return-status-in-Curl_is_connected.patch
# PATCH-FIX-UPSTREAM 0001-Fix-invalid-Network-is-unreachable-errors.patch -- Fixes "network is unreachable" errors in valid situations when ipv6 is not working but ipv4 is
Patch21:        0001-Fix-invalid-Network-is-unreachable-errors.patch
Patch22:        curl-CVE-2016-5419.patch
Patch23:        curl-CVE-2016-5420.patch
Patch24:        curl-CVE-2016-5421.patch
Patch25:        curl-bsc991746.patch
# Project cURL Security Advisory, November 2, 2016
Patch26:        curl-CVE-2016-8615.patch
Patch27:        curl-CVE-2016-8617.patch
Patch28:        curl-CVE-2016-8618.patch
Patch29:        curl-CVE-2016-8619.patch
Patch32:        curl-CVE-2016-8616.patch
Patch33:        curl-CVE-2016-7167.patch
Patch40:        curl-CVE-2016-8620.patch
Patch41:        curl-CVE-2016-8621.patch
Patch42:        curl-CVE-2016-8622.patch
Patch43:        curl-CVE-2016-8623.patch
Patch44:        curl-CVE-2016-8624.patch
# PATCH-FIX-UPSTREAM Bug 1015332
Patch45:        curl-7.37-CVE-2016-9586.patch
# PATCH-FIX-UPSTREAM Bug 1032309
Patch46:        curl-7.37-CVE-2017-7407.patch
# PATCH-FIX-SUSE Bug 1027712
Patch47:        curl-DEFAULT_SUSE_SELECTION.patch
# PATCH-FIX-UPSTREAM bsc#1051644 VUL-0: CVE-2017-1000100 - TFTP sends more than buffer size
Patch48:        curl-7.37.0-CVE-2017-1000100.patch
# PATCH-FIX-UPSTREAM bsc#1051643 VUL-0: CVE-2017-1000101 - URL globbing out of bounds read
Patch49:        curl-CVE-2017-1000101.patch
# PATCH-FIX-UPSTREAM bsc#1061876 VUL-0: CVE-2017-1000254 - FTP PWD response parser out of bounds read
Patch50:        curl-7.37-CVE-2017-1000254.patch
# PATCH-FIX-UPSTREAM bsc#1060653 "error:1408F10B:SSL routines" when connecting to ftps via proxy
Patch51:        curl-7.37.0-connect-ftps-via-proxy.patch
# PATCH-FIX-UPSTREAM bsc#1063824 VUL-0: CVE-2017-1000257 - IMAP FETCH response out of bounds read
Patch52:        curl-CVE-2017-1000257.patch
# PATCH-FIX-UPSTREAM bsc#1069226 VUL-0: CVE-2017-8816 NTLM buffer overflow via integer overflow
Patch53:        curl-7.37.0-CVE-2017-8816.patch
# PATCH-FIX-UPSTREAM bsc#1069222 VUL-0: CVE-2017-8817 FTP wildcard out of bounds read
Patch54:        curl-7.37.0-CVE-2017-8817.patch
# PATCH-FIX-UPSTREAM bsc#1077001 VUL-0: CVE-2018-1000007 HTTP authentication leak in redirects
Patch55:        curl-7.37.0-CVE-2018-1000007.patch
# PATCH-FIX-UPSTREAM bsc#1084521 CVE-2018-1000120 VUL-1: FTP path trickery leads to NIL byte out of bounds write
Patch56:        curl-7.37.0-CVE-2018-1000120.patch
# PATCH-FIX-UPSTREAM bsc#1084524 CVE-2018-1000121 VUL-1: LDAP NULL pointer dereference
Patch57:        curl-7.37.0-CVE-2018-1000121.patch
# PATCH-FIX-UPSTREAM bsc#1084532 CVE-2018-1000122 VUL-0: RTSP RTP buffer over-read
Patch58:        curl-7.37.0-CVE-2018-1000122.patch
# PATCH-FIX-SUSE bsc#1086825 curl-HIGH-cipher-fallback.patch
Patch59:        curl-HIGH-cipher-fallback.patch
# PATCH-FIX-UPSTREAM bsc#1092098 CVE-2018-1000301 curl-CVE-2018-1000301.patch
Patch60:        curl-CVE-2018-1000301.patch
# PATCH-FIX-UPSTREAM bsc#1089533 curl-openssl-skip-trace-outputs.patch
Patch61:        curl-openssl-skip-trace-outputs.patch
# PATCH-FIX-UPSTREAM bsc#1106019 CVE-2018-14618 - NTLM password overflow via integer overflow
Patch62:        curl-7.37.0-CVE-2018-14618.patch
# PATCH-FIX-UPSTREAM bsc#1112758 CVE-2018-16840 use-after-free in handle close
Patch63:        curl-CVE-2018-16840.patch
# PATCH-FIX-UPSTREAM bsc#1113660 CVE-2018-16842 Out-of-bounds Read
Patch64:        curl-7.37.0-CVE-2018-16842.patch
# PATCH-FIX-UPSTREAM bsc#1123371 CVE-2018-16890 NTLM type-2 out-of-bounds buffer read
Patch65:        curl-CVE-2018-16890.patch
# PATCH-FIX-UPSTREAM bsc#1123377 CVE-2019-3822 NTLMv2 type-3 header stack buffer overflow
Patch66:        curl-CVE-2019-3822.patch
# PATCH-FIX-UPSTREAM bsc#1123378 CVE-2019-3823 SMTP end-of-response out-of-bounds read
Patch67:        curl-CVE-2019-3823.patch
# PATCH-FIX-UPSTREAM bsc#1112758 CVE-2018-16839 SASL password overflow via integer overflow
Patch68:        curl-CVE-2018-16839.patch
# PATCH-FIX-UPSTREAM bsc#1135170 CVE-2019-5436 heap buffer overflow in tftp_receive_packet
Patch69:        curl-CVE-2019-5436.patch
# PATCH-FIX-UPSTREAM bsc#1149496 CVE-2019-5482 TFTP small blocksize heap buffer overflow
Patch70:        curl-CVE-2019-5482.patch
# Use rpmbuild -D 'VERIFY_SIG 1' to verify signature during build or run one-shot check by "gpg-offline --verify --package=curl curl-*.asc".
%if 0%{?VERIFY_SIG}
BuildRequires:  gpg-offline
%endif
BuildRequires:  libidn-devel
BuildRequires:  libtool
BuildRequires:  lzma
BuildRequires:  openldap2-devel
BuildRequires:  pkg-config
BuildRequires:  zlib-devel
%if %{with openssl}
BuildRequires:  openssl-devel
%endif
%if %{with mozilla_nss}
BuildRequires:  mozilla-nss-devel
%endif
BuildRequires:  krb5-mini-devel
BuildRequires:  libssh2-devel
#BuildRequires:  openssh
%if 0%{?_with_stunnel:1}
# used by the testsuite
BuildRequires:  stunnel
%endif
BuildRoot:      %{_tmppath}/%{name}-%{version}-build
# bug437293
%ifarch ppc64
Obsoletes:      curl-64bit
%endif

%description
Curl is a client to get documents and files from or send documents to a
server using any of the supported protocols (HTTP, HTTPS, FTP, FTPS,
TFTP, DICT, TELNET, LDAP, or FILE). The command is designed to work
without user interaction or any kind of interactivity.

%package -n libcurl4
Summary:        Version 4 of cURL shared library
Group:          Productivity/Networking/Web/Utilities

%description -n libcurl4
The cURL shared library version 4 for accessing data using different
network protocols.

%package -n libcurl-devel
Summary:        A Tool for Transferring Data from URLs
Group:          Development/Libraries/C and C++
Requires:       glibc-devel
Requires:       libcurl4 = %{version}
# curl-devel (v 7.15.5) was last used in 10.2
Provides:       curl-devel <= 7.15.5
Obsoletes:      curl-devel < 7.16.2

%description -n libcurl-devel
Curl is a client to get documents and files from or send documents to a
server using any of the supported protocols (HTTP, HTTPS, FTP, GOPHER,
DICT, TELNET, LDAP, or FILE). The command is designed to work without
user interaction or any kind of interactivity.

%prep
%if 0%{?VERIFY_SIG}
%gpg_verify %{S:2}
%endif
%setup -q
%patch
%patch1
%patch3
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch18 -p1
%patch19 -p1
%patch20 -p1
%patch21 -p1
%patch22 -p1
%patch23 -p1
%patch24 -p1
%patch25 -p1
%patch26 -p1
%patch27 -p1
%patch28 -p1
%patch29 -p1
%patch32 -p1
%patch33 -p1
%patch40 -p1
%patch41 -p1
%patch42 -p1
%patch43 -p1
%patch44 -p1
%patch45 -p1
%patch46 -p1
%patch47 -p1
%patch48 -p1
%patch49 -p1
%patch50 -p1
%patch51 -p1
%patch52 -p1
%patch53 -p1
%patch54 -p1
%patch55 -p1
%patch56 -p1
%patch57 -p1
%patch58 -p1
%patch59 -p1
%patch60 -p1
%patch61
%patch62 -p1
%patch63 -p1
%patch64 -p1
%patch65 -p1
%patch66 -p1
%patch67 -p1
%patch68 -p1
%patch69 -p1
%patch70 -p1

%build
# curl complains if macro definition is contained in CFLAGS
# see m4/xc-val-flgs.m4
CPPFLAGS="-D_FORTIFY_SOURCE=2"
CFLAGS=$(echo $RPM_OPT_FLAGS | sed 's/-D_FORTIFY_SOURCE=2//')
export CPPFLAGS CFLAGS
autoreconf -fi
# local hack to make curl-config --libs stop printing libraries it depends on
# (currently, libtool sets link_all_deplibs=(yes|unknown) everywhere,
# will hopefully change in the future)
sed -i 's/link_all_deplibs=unknown/link_all_deplibs=no/' configure
%configure \
	--enable-ipv6 \
%if %{with openssl}
	--with-ssl \
	--with-ca-path=/etc/ssl/certs/ \
%else
	--without-ssl \
%if %{with mozilla_nss}
	--with-nss \
%endif
%endif
	--with-gssapi=/usr/lib/mit \
	--with-libssh2\
	--enable-hidden-symbols \
	--disable-static \
	--enable-threaded-resolver

: if this fails, the above sed hack did not work
./libtool --config | grep -q link_all_deplibs=no
# enable-hidden-symbols needs gcc4 and causes that curl exports only its API
make %{?_smp_mflags}

%if %{with testsuite}

%check
cd tests
make
# make sure the testsuite runs don't race on MP machines in autobuild
if test -z "$BUILD_INCARNATION" -a -r /.buildenv; then
	. /.buildenv
fi
if test -z "$BUILD_INCARNATION"; then
	BUILD_INCARNATION=0
fi

base=$((8990 + $BUILD_INCARNATION * 20))
# bug940009 do not run flaky tests for any architecture
# at least test 1510 does fail for i586 and ppc64le
perl ./runtests.pl -a -b$base '!flaky' || exit
%endif

%install
%{makeinstall}
rm $RPM_BUILD_ROOT%_libdir/libcurl.la
install -d $RPM_BUILD_ROOT/usr/share/aclocal
install -m 644 docs/libcurl/libcurl.m4 $RPM_BUILD_ROOT/usr/share/aclocal/

%post -n libcurl4 -p /sbin/ldconfig

%postun -n libcurl4 -p /sbin/ldconfig

%files
%defattr(-,root,root)
%doc README RELEASE-NOTES
%doc docs/{BUGS,FAQ,FEATURES,MANUAL,RESOURCES,TODO,TheArtOfHttpScripting}
%doc lib/README.curl_off_t
%{_prefix}/bin/curl
%doc %{_mandir}/man1/curl.1%{ext_man}

%files -n libcurl4
%defattr(-,root,root)
%{_libdir}/libcurl.so.4*

%files -n libcurl-devel
%defattr(-,root,root)
%{_prefix}/bin/curl-config
%{_prefix}/include/curl
%dir %{_prefix}/share/aclocal
%{_prefix}/share/aclocal/libcurl.m4
%{_libdir}/libcurl.so
%{_libdir}/pkgconfig/libcurl.pc
%{_mandir}/man1/curl-config.1%{ext_man}
%{_mandir}/man3/*
%doc docs/libcurl/symbols-in-versions

%changelog
openSUSE Build Service is sponsored by