File curl.spec of Package curl

# spec file for package curl
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via

%bcond_without openssl
%bcond_with mozilla_nss
%bcond_without testsuite

Name:           curl
Version:        7.37.0
Release:        0
Summary:        A Tool for Transferring Data from URLs
License:        BSD-3-Clause and MIT
Group:          Productivity/Networking/Web/Utilities
Source3:        baselibs.conf
Source4:        %{name}.keyring
Patch:          libcurl-ocloexec.patch
Patch1:         dont-mess-with-rpmoptflags.diff
Patch3:         curl-secure-getenv.patch
Patch6:         curl-DEFAULT_CIPHER_SELECTION.patch
Patch7:         curl-CVE-2014-3613.patch
Patch8:         curl-CVE-2014-3620.patch
Patch9:         curl-CVE-2014-8150.patch
Patch10:        curl-CVE-2014-3707.patch
Patch11:        curl-allow_md4_and_md5_in_fips_mode.patch
Patch12:        curl-CVE-2015-3143.patch
Patch13:        curl-CVE-2015-3144.patch
Patch14:        curl-CVE-2015-3145.patch
Patch15:        curl-CVE-2015-3148.patch
Patch16:        curl-CVE-2015-3153.patch
Patch17:        0001-test46-update-cookie-expire-time.patch
Patch18:        curl-CVE-2016-0755.patch
Patch19:        curl-disable_failing_tests.patch
# PATCH-FIX-UPSTREAM fix-return-status-in-Curl_is_connected.patch -- Fixes error handling in Curl_is_connected by backporting some code from upstream
Patch20:        fix-return-status-in-Curl_is_connected.patch
# PATCH-FIX-UPSTREAM 0001-Fix-invalid-Network-is-unreachable-errors.patch -- Fixes "network is unreachable" errors in valid situations when ipv6 is not working but ipv4 is
Patch21:        0001-Fix-invalid-Network-is-unreachable-errors.patch
Patch22:        curl-CVE-2016-5419.patch
Patch23:        curl-CVE-2016-5420.patch
Patch24:        curl-CVE-2016-5421.patch
Patch25:        curl-bsc991746.patch
# Project cURL Security Advisory, November 2, 2016
Patch26:        curl-CVE-2016-8615.patch
Patch27:        curl-CVE-2016-8617.patch
Patch28:        curl-CVE-2016-8618.patch
Patch29:        curl-CVE-2016-8619.patch
Patch32:        curl-CVE-2016-8616.patch
Patch33:        curl-CVE-2016-7167.patch
Patch40:        curl-CVE-2016-8620.patch
Patch41:        curl-CVE-2016-8621.patch
Patch42:        curl-CVE-2016-8622.patch
Patch43:        curl-CVE-2016-8623.patch
Patch44:        curl-CVE-2016-8624.patch
Patch45:        curl-7.37-CVE-2016-9586.patch
Patch46:        curl-7.37-CVE-2017-7407.patch
# PATCH-FIX-SUSE Bug 1027712
Patch47:        curl-DEFAULT_SUSE_SELECTION.patch
# PATCH-FIX-UPSTREAM bsc#1051644 VUL-0: CVE-2017-1000100 - TFTP sends more than buffer size
Patch48:        curl-7.37.0-CVE-2017-1000100.patch
# PATCH-FIX-UPSTREAM bsc#1051643 VUL-0: CVE-2017-1000101 - URL globbing out of bounds read
Patch49:        curl-CVE-2017-1000101.patch
# PATCH-FIX-UPSTREAM bsc#1061876 VUL-0: CVE-2017-1000254 - FTP PWD response parser out of bounds read
Patch50:        curl-7.37-CVE-2017-1000254.patch
# PATCH-FIX-UPSTREAM bsc#1060653 "error:1408F10B:SSL routines" when connecting to ftps via proxy
Patch51:        curl-7.37.0-connect-ftps-via-proxy.patch
# PATCH-FIX-UPSTREAM bsc#1063824 VUL-0: CVE-2017-1000257 - IMAP FETCH response out of bounds read
Patch52:        curl-CVE-2017-1000257.patch

# Use rpmbuild -D 'VERIFY_SIG 1' to verify signature during build or run one-shot check by "gpg-offline --verify --package=curl curl-*.asc".
%if 0%{?VERIFY_SIG}
BuildRequires:  gpg-offline
BuildRequires:  libidn-devel
BuildRequires:  libtool
BuildRequires:  lzma
BuildRequires:  openldap2-devel
BuildRequires:  pkg-config
BuildRequires:  zlib-devel
%if %{with openssl}
BuildRequires:  openssl-devel
%if %{with mozilla_nss}
BuildRequires:  mozilla-nss-devel
BuildRequires:  krb5-mini-devel
BuildRequires:  libssh2-devel
#BuildRequires:  openssh
%if 0%{?_with_stunnel:1}
# used by the testsuite
BuildRequires:  stunnel
BuildRoot:      %{_tmppath}/%{name}-%{version}-build
# bug437293
%ifarch ppc64
Obsoletes:      curl-64bit

Curl is a client to get documents and files from or send documents to a
server using any of the supported protocols (HTTP, HTTPS, FTP, FTPS,
TFTP, DICT, TELNET, LDAP, or FILE). The command is designed to work
without user interaction or any kind of interactivity.

%package -n libcurl-static
Summary:        Version 4 of cURL library, static
Group:          Productivity/Networking/Web/Utilities

%description -n libcurl-static
The cURL library version 4 for accessing data using different
network protocols, static file.

%package -n libcurl4
Summary:        Version 4 of cURL shared library
Group:          Productivity/Networking/Web/Utilities

%description -n libcurl4
The cURL shared library version 4 for accessing data using different
network protocols.

%package -n libcurl-devel
Summary:        A Tool for Transferring Data from URLs
Group:          Development/Libraries/C and C++
Requires:       glibc-devel
Requires:       libcurl4 = %{version}
# curl-devel (v 7.15.5) was last used in 10.2
Provides:       curl-devel <= 7.15.5
Obsoletes:      curl-devel < 7.16.2

%description -n libcurl-devel
Curl is a client to get documents and files from or send documents to a
server using any of the supported protocols (HTTP, HTTPS, FTP, GOPHER,
DICT, TELNET, LDAP, or FILE). The command is designed to work without
user interaction or any kind of interactivity.

%if 0%{?VERIFY_SIG}
%gpg_verify %{S:2}
%setup -q
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch18 -p1
%patch19 -p1
%patch20 -p1
%patch21 -p1
%patch22 -p1
%patch23 -p1
%patch24 -p1
%patch25 -p1
%patch26 -p1
%patch27 -p1
%patch28 -p1
%patch29 -p1
%patch32 -p1
%patch33 -p1
%patch40 -p1
%patch41 -p1
%patch42 -p1
%patch43 -p1
%patch44 -p1
%patch45 -p1
%patch46 -p1
%patch47 -p1
%patch48 -p1
%patch49 -p1
%patch50 -p1
%patch51 -p1
%patch52 -p1

# curl complains if macro definition is contained in CFLAGS
# see m4/xc-val-flgs.m4
autoreconf -fi
# local hack to make curl-config --libs stop printing libraries it depends on
# (currently, libtool sets link_all_deplibs=(yes|unknown) everywhere,
# will hopefully change in the future)
sed -i 's/link_all_deplibs=unknown/link_all_deplibs=no/' configure
%configure \
	--enable-ipv6 \
%if %{with openssl}
	--with-ssl \
	--with-ca-path=/etc/ssl/certs/ \
	--without-ssl \
%if %{with mozilla_nss}
	--with-nss \
	--with-gssapi=/usr/lib/mit \
	--enable-hidden-symbols \
	--enable-static \

: if this fails, the above sed hack did not work
./libtool --config | grep -q link_all_deplibs=no
# enable-hidden-symbols needs gcc4 and causes that curl exports only its API
make %{?_smp_mflags}

%if %{with testsuite}

cd tests
# make sure the testsuite runs don't race on MP machines in autobuild
if test -z "$BUILD_INCARNATION" -a -r /.buildenv; then
	. /.buildenv
if test -z "$BUILD_INCARNATION"; then

base=$((8990 + $BUILD_INCARNATION * 20))
# bug940009 do not run flaky tests for any architecture
# at least test 1510 does fail for i586 and ppc64le
perl ./ -a -b$base '!flaky' || exit

rm $RPM_BUILD_ROOT%_libdir/
install -d $RPM_BUILD_ROOT/usr/share/aclocal
install -m 644 docs/libcurl/libcurl.m4 $RPM_BUILD_ROOT/usr/share/aclocal/

%post -n libcurl4 -p /sbin/ldconfig

%postun -n libcurl4 -p /sbin/ldconfig

%doc lib/README.curl_off_t
%doc %{_mandir}/man1/curl.1%{ext_man}

%files -n libcurl4

%files -n libcurl-static

%files -n libcurl-devel
%dir %{_prefix}/share/aclocal
%doc docs/libcurl/symbols-in-versions