File curl.spec of Package curl.27750

#
# spec file for package curl
#
# Copyright (c) 2021 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via https://bugs.opensuse.org/
#


%bcond_without testsuite
%bcond_with mozilla_nss
# need ssl always for python-pycurl
%bcond_without openssl
Name:           curl
Version:        7.79.1
Release:        0
Summary:        A Tool for Transferring Data from URLs
License:        curl
URL:            https://curl.se
Source:         https://curl.se/download/curl-%{version}.tar.xz
Source2:        https://curl.se/download/curl-%{version}.tar.xz.asc
Source3:        baselibs.conf
Source4:        https://daniel.haxx.se/mykey.asc#/curl.keyring
Patch0:         libcurl-ocloexec.patch
Patch1:         dont-mess-with-rpmoptflags.diff
Patch2:         curl-secure-getenv.patch
# PATCH-FIX-OPENSUSE bsc#1076446 protocol redirection not supported or disabled
Patch3:         curl-disabled-redirect-protocol-message.patch
# [bsc#1198614, CVE-2022-22576] - OAUTH2 bearer bypass in connection re-use
Patch4:         curl-CVE-2022-22576.patch
# [bsc#1198608, CVE-2022-27774] - Credential leak on redirect
Patch5:         curl-CVE-2022-27774.patch
Patch6:         curl-CVE-2022-27774-disabletest-1568.patch
# [bsc#1198723, CVE-2022-27775] - Bad local IPv6 connection reuse
Patch7:         curl-CVE-2022-27775.patch
# [bsc#1198766, CVE-2022-27776] - Auth/cookie leak on redirect
Patch8:         curl-CVE-2022-27776.patch
# [bsc#1198608, CVE-2022-27774] - Credential leak on redirect
# Follow up patch: don't leak the SRP credentials in redirects either 
Patch9:         curl-CVE-2022-27774-2.patch
# [bsc#1199223, CVE-2022-27781] - CERTINFO never-ending busy-loop
Patch10:        curl-CVE-2022-27781.patch
# [bsc#1199224, CVE-2022-27782] - TLS and SSH connection too eager reuse
Patch11:        curl-CVE-2022-27782.patch
# [bsc#1200734, CVE-2022-32205] - Set-Cookie denial of service
Patch12:        curl-CVE-2022-32205.patch
# [bsc#1200735, CVE-2022-32206] - HTTP compression denial of service
Patch13:        curl-CVE-2022-32206.patch
# [bsc#1200736, CVE-2022-32207] - Unpreserved file permissions
Patch14:        curl-CVE-2022-32207.patch
# [bsc#1200737, CVE-2022-32208] - FTP-KRB bad message verification
Patch15:        curl-CVE-2022-32208.patch
#PATCH-FIX-UPSTREAM bsc#1202593 CVE-2022-35252 Reject cookies with control bytes
Patch16:        curl-CVE-2022-35252.patch
#PATCH-FIX-UPSTREAM bsc#1204383 CVE-2022-32221 POST following PUT confusion
Patch17:        curl-CVE-2022-32221.patch
#PATCH-FIX-UPSTREAM bsc#1204386 CVE-2022-42916 HSTS bypass via IDN
Patch18:        curl-CVE-2022-42916.patch
#PATCH-FIX-UPSTREAM bsc#1206308 CVE-2022-43551 Another HSTS bypass via IDN
Patch19:        curl-CVE-2022-43551.patch
#PATCH-FIX-UPSTREAM bsc#1206309 CVE-2022-43552 HTTP Proxy deny use-after-free
Patch20:        curl-CVE-2022-43552.patch
#PATCH-FIX-UPSTREAM bsc#1207990 CVE-2023-23914 HSTS ignored on multiple requests
#PATCH-FIX-UPSTREAM bsc#1207991 CVE-2023-23915 HSTS amnesia with --parallel
Patch21:        curl-CVE-2023-23914-23915.patch
#PATCH-FIX-UPSTREAM bsc#1207992 CVE-2023-23916 HTTP multi-header compression DoS
Patch22:        curl-CVE-2023-23916.patch
BuildRequires:  libtool
BuildRequires:  pkgconfig
Requires:       libcurl4 = %{version}
BuildRequires:  groff
BuildRequires:  lzma
BuildRequires:  openldap2-devel
BuildRequires:  pkgconfig(krb5)
BuildRequires:  pkgconfig(libbrotlidec)
BuildRequires:  pkgconfig(libidn2)
# Disable metalink [bsc#1188217, CVE-2021-22922][bsc#1188218, CVE-2021-22923]
# BuildRequires:  pkgconfig(libmetalink)
BuildRequires:  pkgconfig(libnghttp2)
BuildRequires:  pkgconfig(libpsl)
BuildRequires:  pkgconfig(libssh)
BuildRequires:  pkgconfig(libzstd)
BuildRequires:  pkgconfig(zlib)
%if %{with openssl}
BuildRequires:  pkgconfig(libssl)
%endif
%if %{with mozilla_nss}
BuildRequires:  mozilla-nss-devel
%endif
#BuildRequires:  openssh
%if 0%{?_with_stunnel:1}
# used by the testsuite
BuildRequires:  stunnel
%endif

%description
Curl is a client to get documents and files from or send documents to a
server using any of the supported protocols (HTTP, HTTPS, FTP, FTPS,
TFTP, DICT, TELNET, LDAP, or FILE). The command is designed to work
without user interaction or any kind of interactivity.

%package -n libcurl4
Summary:        Library for transferring data from URLs

%description -n libcurl4
The cURL shared library for accessing data using different
network protocols.

%package -n libcurl-devel
Summary:        Development files for the curl library
Requires:       glibc-devel
Requires:       libcurl4 = %{version}
Provides:       curl-devel = %{version}
Obsoletes:      curl-devel < %{version}

%description -n libcurl-devel
Curl is a client to get documents and files from or send documents to a
server using any of the supported protocols (HTTP, HTTPS, FTP, GOPHER,
DICT, TELNET, LDAP, or FILE). The command is designed to work without
user interaction or any kind of interactivity.

%prep
%setup -q -n curl-%{version}
%patch0 -p1
%patch1
%patch2
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch18 -p1
%patch19 -p1
%patch20 -p1
%patch21 -p1
%patch22 -p1

%build
# curl complains if macro definition is contained in CFLAGS
# see m4/xc-val-flgs.m4
CPPFLAGS="-D_FORTIFY_SOURCE=2"
CFLAGS=$(echo "%{optflags}" | sed -e 's/-D_FORTIFY_SOURCE=2//')
export CPPFLAGS CFLAGS
export CFLAGS="$CFLAGS -fPIE"
export LDFLAGS="$LDFLAGS -Wl,-z,defs,-z,now,-z,relro -pie"
autoreconf -fiv
# local hack to make curl-config --libs stop printing libraries it depends on
# (currently, libtool sets link_all_deplibs=(yes|unknown) everywhere,
# will hopefully change in the future)
sed -i 's/\(link_all_deplibs=\)unknown/\1no/' configure
%configure \
    --enable-ipv6 \
%if %{with openssl}
    --with-openssl \
    --with-ca-fallback \
    --without-ca-path \
    --without-ca-bundle \
%else
    --without-openssl \
%if %{with mozilla_nss}
    --with-nss \
%endif
%endif
    --with-gssapi=%{_libexecdir}/mit \
    --with-libidn2 \
    --with-libssh \
    --enable-hidden-symbols \
    --disable-static \
    --enable-threaded-resolver

# if this fails, the above sed hack did not work
./libtool --config | grep -q link_all_deplibs=no
# enable-hidden-symbols needs gcc4 and causes that curl exports only its API
%make_build

%if %{with testsuite}
%check
pushd tests
%make_build

find -type f -name "*.pl" -exec sed -i 's|#!.*/usr/bin/env perl|#!/usr/bin/perl|' "{}" +
find -type f -name "*.py" -exec sed -i 's|#!.*/usr/bin/env python.*|#!/usr/bin/python3|' "{}" +

perl ./runtests.pl -a -v -p '!flaky' || exit
popd
%endif

%install
%make_install
rm -f %{buildroot}%{_libdir}/libcurl.la
install -Dm 0644 docs/libcurl/libcurl.m4 %{buildroot}%{_datadir}/aclocal/libcurl.m4
pushd scripts
%make_install
popd

%post -n libcurl4 -p /sbin/ldconfig
%postun -n libcurl4 -p /sbin/ldconfig

%files
%doc README RELEASE-NOTES CHANGES
%doc docs/{BUGS.md,FAQ,FEATURES.md,TODO,TheArtOfHttpScripting.md}
%{_bindir}/curl
%{_datadir}/zsh/site-functions/_curl
%{_mandir}/man1/curl.1%{?ext_man}
%dir %{_datadir}/zsh
%dir %{_datadir}/zsh/site-functions
%dir %{_datadir}/fish/
%dir %{_datadir}/fish/vendor_completions.d/
%{_datadir}/fish/vendor_completions.d/curl.fish

%files -n libcurl4
%license COPYING
%{_libdir}/libcurl.so.4*

%files -n libcurl-devel
%{_bindir}/curl-config
%{_includedir}/curl
%dir %{_datadir}/aclocal/
%{_datadir}/aclocal/libcurl.m4
%{_libdir}/libcurl.so
%{_libdir}/pkgconfig/libcurl.pc
%{_mandir}/man1/curl-config.1%{?ext_man}
%{_mandir}/man3/*
%doc docs/libcurl/symbols-in-versions

%changelog
openSUSE Build Service is sponsored by