File curl.spec of Package curl.17565

# spec file for package curl
# Copyright (c) 2020 SUSE LLC
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via

%define bootstrap 0
%define mini %{nil}
%if 0%{?bootstrap}
%bcond_with testsuite
%bcond_without testsuite
%bcond_with mozilla_nss
# need ssl always for python-pycurl
%bcond_without openssl
Name:           curl
Version:        7.60.0
Release:        0
Summary:        A Tool for Transferring Data from URLs
License:        curl
Group:          Productivity/Networking/Web/Utilities
Source3:        baselibs.conf
Patch0:         libcurl-ocloexec.patch
Patch1:         dont-mess-with-rpmoptflags.diff
Patch2:         curl-secure-getenv.patch
Patch3:         ignore_runtests_failure.patch
# PATCH-FIX-OPENSUSE bsc#1076446 protocol redirection not supported or disabled
Patch4:         curl-disabled-redirect-protocol-message.patch
Patch5:         curl-use_OPENSSL_config.patch
Patch6:         curl-CVE-2018-0500.patch
Patch7:         curl-CVE-2018-14618.patch
# PATCH-FIX-UPSTREAM bsc#1112758 CVE-2018-16839 SASL password overflow via integer overflow
Patch8:         curl-CVE-2018-16839.patch
# PATCH-FIX-UPSTREAM bsc#1113029 CVE-2018-16840 use-after-free in handle close
Patch9:         curl-CVE-2018-16840.patch
# PATCH-FIX-UPSTREAM bsc#1113660 CVE-2018-16842 Out-of-bounds Read
Patch10:        curl-CVE-2018-16842.patch
# PATCH-FIX-UPSTREAM bsc#1123371 CVE-2018-16890 NTLM type-2 out-of-bounds buffer read
Patch11:        curl-CVE-2018-16890.patch
# PATCH-FIX-UPSTREAM bsc#1123377 CVE-2019-3822 NTLMv2 type-3 header stack buffer overflow
Patch12:        curl-CVE-2019-3822.patch
# PATCH-FIX-UPSTREAM bsc#1123378 CVE-2019-3823 SMTP end-of-response out-of-bounds read
Patch13:        curl-CVE-2019-3823.patch
# PATCH-FIX-UPSTREAM bsc#1135170 CVE-2019-5436 heap buffer overflow in tftp_receive_packet
Patch14:        curl-CVE-2019-5436.patch
# PATCH-FIX-UPSTREAM bsc#1149495 CVE-2019-5481 FTP-KRB double-free
Patch15:        curl-CVE-2019-5481.patch
# PATCH-FIX-UPSTREAM bsc#1149496 CVE-2019-5482 TFTP small blocksize heap buffer overflow
Patch16:        curl-CVE-2019-5482.patch
# PATCH-FIX-UPSTREAM bsc#1173027 CVE-2020-8177 Curl overwrites local files when using -J with -i
Patch17:        curl-CVE-2020-8177.patch
# PATCH-FIX-UPSTREAM bsc#1175109 CVE-2020-8231 Wrong connect-only connection
Patch18:        curl-CVE-2020-8231.patch
# PATCH-FIX-UPSTREAM bsc#1179398 CVE-2020-8284 Trusting FTP PASV responses
Patch19:        curl-CVE-2020-8284.patch
# PATCH-FIX-UPSTREAM bsc#1179399 CVE-2020-8285 FTP wildcard stack overflow
Patch20:        curl-CVE-2020-8285.patch
# PATCH-FIX-UPSTREAM bsc#1179593 CVE-2020-8286 Inferior OCSP verification
Patch21:        curl-CVE-2020-8286.patch
BuildRequires:  libtool
BuildRequires:  pkgconfig
Requires:       libcurl4%{?mini} = %{version}
%if !0%{?bootstrap}
BuildRequires:  groff
BuildRequires:  krb5-mini-devel
BuildRequires:  libidn2-devel
BuildRequires:  lzma
BuildRequires:  openldap2-devel
BuildRequires:  pkgconfig(libmetalink)
BuildRequires:  pkgconfig(libnghttp2)
BuildRequires:  pkgconfig(libpsl)
BuildRequires:  pkgconfig(libssh)
BuildRequires:  pkgconfig(zlib)
Requires:       this-is-only-for-build-envs
Conflicts:      curl
# The -mini package is sufficient for the build hosts
Provides:       curl = %{version}
%if %{with openssl}
BuildRequires:  pkgconfig(libssl)
%if %{with mozilla_nss}
BuildRequires:  mozilla-nss-devel
#BuildRequires:  openssh
%if 0%{?_with_stunnel:1}
# used by the testsuite
BuildRequires:  stunnel

Curl is a client to get documents and files from or send documents to a
server using any of the supported protocols (HTTP, HTTPS, FTP, FTPS,
TFTP, DICT, TELNET, LDAP, or FILE). The command is designed to work
without user interaction or any kind of interactivity.

%package -n libcurl4%{?mini}
Summary:        Version 4 of cURL shared library
Group:          Productivity/Networking/Web/Utilities
%if 0%{?bootstrap}
Requires:       this-is-only-for-build-envs
Conflicts:      libcurl4

%description -n libcurl4%{?mini}
The cURL shared library version 4 for accessing data using different
network protocols.

%package -n libcurl%{?mini}-devel
Summary:        A Tool for Transferring Data from URLs
Group:          Development/Libraries/C and C++
Requires:       glibc-devel
Requires:       libcurl4%{?mini} = %{version}
# curl-devel (v 7.15.5) was last used in 10.2
Provides:       curl-devel <= 7.15.5
Obsoletes:      curl-devel < 7.16.2
%if 0%{?bootstrap}
Requires:       this-is-only-for-build-envs
Conflicts:      libcurl-devel
Provides:       libcurl-devel = %{version}-%{release}

%description -n libcurl%{?mini}-devel
Curl is a client to get documents and files from or send documents to a
server using any of the supported protocols (HTTP, HTTPS, FTP, GOPHER,
DICT, TELNET, LDAP, or FILE). The command is designed to work without
user interaction or any kind of interactivity.

%setup -q -n curl-%{version}
%ifarch ppc ppc64 ppc64le
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch18 -p1
%patch19 -p1
%patch20 -p1
%patch21 -p1

# disable flaky test 1456 bsc#1154019
echo "1456" >> tests/data/DISABLED

# curl complains if macro definition is contained in CFLAGS
# see m4/xc-val-flgs.m4
CFLAGS=$(echo "%{optflags}" | sed -e 's/-D_FORTIFY_SOURCE=2//')
export LDFLAGS="$LDFLAGS -pie"
autoreconf -fiv
# local hack to make curl-config --libs stop printing libraries it depends on
# (currently, libtool sets link_all_deplibs=(yes|unknown) everywhere,
# will hopefully change in the future)
sed -i 's/\(link_all_deplibs=\)unknown/\1no/' configure
%configure \
    --enable-ipv6 \
%if %{with openssl}
    --with-ssl \
    --with-ca-fallback \
    --without-ca-path \
    --without-ca-bundle \
    --without-ssl \
%if %{with mozilla_nss}
    --with-nss \
%if !0%{?bootstrap}
    --with-gssapi=%{_libexecdir}/mit \
    --with-libidn2 \
    --with-libssh \
    --with-libmetalink \
    --enable-hidden-symbols \
    --disable-static \

# if this fails, the above sed hack did not work
./libtool --config | grep -q link_all_deplibs=no
# enable-hidden-symbols needs gcc4 and causes that curl exports only its API
make %{?_smp_mflags} V=1

%if %{with testsuite}
pushd tests
make %{?_smp_mflags}
# make sure the testsuite runs don't race on MP machines in autobuild
if test -z "$BUILD_INCARNATION" -a -r /.buildenv; then
	. /.buildenv
if test -z "$BUILD_INCARNATION"; then

base=$((8990 + $BUILD_INCARNATION * 20))
# bug940009 do not run flaky tests for any architecture
# at least test 1510 do fail for i586 and ppc64le
perl ./ -a -b$base '!flaky' || exit


rm -f %{buildroot}%{_libdir}/
install -Dm 0644 docs/libcurl/libcurl.m4 %{buildroot}%{_datadir}/aclocal/libcurl.m4
pushd scripts

%post -n libcurl4%{?mini} -p /sbin/ldconfig
%postun -n libcurl4%{?mini} -p /sbin/ldconfig

%dir %{_datadir}/zsh
%dir %{_datadir}/zsh/site-functions

%files -n libcurl4%{?mini}
%license COPYING

%files -n libcurl%{?mini}-devel
%dir %{_datadir}/aclocal/
%doc docs/libcurl/symbols-in-versions

openSUSE Build Service is sponsored by