File curl.spec of Package curl.28980

#
# spec file for package curl
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via https://bugs.opensuse.org/
#


%define bootstrap 0
%define mini %{nil}
%if 0%{?bootstrap}
%bcond_with testsuite
%else
%bcond_without testsuite
%endif
%bcond_with mozilla_nss
# need ssl always for python-pycurl
%bcond_without openssl
Name:           curl
Version:        7.66.0
Release:        0
Summary:        A Tool for Transferring Data from URLs
License:        curl
Group:          Productivity/Networking/Web/Utilities
URL:            https://curl.haxx.se/
Source:         https://curl.haxx.se/download/curl-%{version}.tar.xz
Source2:        https://curl.haxx.se/download/curl-%{version}.tar.xz.asc
Source3:        baselibs.conf
Source4:        https://daniel.haxx.se/mykey.asc#/curl.keyring
Patch0:         libcurl-ocloexec.patch
Patch1:         dont-mess-with-rpmoptflags.diff
Patch2:         curl-secure-getenv.patch
Patch3:         ignore_runtests_failure.patch
# PATCH-FIX-OPENSUSE bsc#1076446 protocol redirection not supported or disabled
Patch4:         curl-disabled-redirect-protocol-message.patch
Patch5:         curl-use_OPENSSL_config.patch
# PATCH-FIX-UPSTREAM bsc#1156481
Patch6:         curl-expire-clear.patch
# PATCH-FIX-UPSTREAM bsc#1173026 CVE-2020-8169 Partial password leak over DNS on HTTP redirect
Patch7:         curl-CVE-2020-8169.patch
# PATCH-FIX-UPSTREAM bsc#1173027 CVE-2020-8177 Curl overwrites local files when using -J with -i
Patch8:         curl-CVE-2020-8177.patch
# PATCH-FIX-UPSTREAM bsc#1175109 CVE-2020-8231 Wrong connect-only connection
Patch9:         curl-CVE-2020-8231.patch
# PATCH-FIX-UPSTREAM bsc#1179398 CVE-2020-8284 Trusting FTP PASV responses
Patch10:        curl-CVE-2020-8284.patch
# PATCH-FIX-UPSTREAM bsc#1179399 CVE-2020-8285 FTP wildcard stack overflow
Patch11:        curl-CVE-2020-8285.patch
# PATCH-FIX-UPSTREAM bsc#1179593 CVE-2020-8286 Inferior OCSP verification
Patch12:        curl-CVE-2020-8286.patch
# PATCH-FIX-UPSTREAM bsc#1183933 CVE-2021-22876 Automatic referer leaks credentials
Patch13:        curl-CVE-2021-22876.patch
# PATCH-FIX-UPSTREAM bsc#1183934 CVE-2021-22890 TLS 1.3 session ticket proxy host mixup
Patch14:        curl-CVE-2021-22890.patch
# PATCH-FIX-UPSTREAM jsc#SLE-17956 Allow partial chain verification
Patch15:        curl-X509_V_FLAG_PARTIAL_CHAIN.patch
# PATCH-FIX-UPSTREAM bsc#1186114 CVE-2021-22898 TELNET stack contents disclosure
Patch16:        curl-CVE-2021-22898.patch
# PATCH-FIX-UPSTREAM bsc#1188219 CVE-2021-22924 Bad connection reuse due to flawed path name checks
Patch17:        curl-CVE-2021-22924.patch
# PATCH-FIX-UPSTREAM bsc#1188220 CVE-2021-22925 TELNET stack contents disclosure again
Patch18:        curl-CVE-2021-22925.patch
# PATCH-FIX-UPSTREAM bsc#1190373 CVE-2021-22946 Protocol downgrade required TLS bypassed
Patch19:        curl-CVE-2021-22946.patch
# PATCH-FIX-UPSTREAM bsc#1190374 CVE-2021-22947 STARTTLS protocol injection via MITM
Patch20:        curl-CVE-2021-22947.patch
# PATCH-FIX-UPSTREAM bsc#1190153 MIME: Properly check Content-Type
Patch21:        curl-check-content-type.patch
# [bsc#1198614, CVE-2022-22576] - OAUTH2 bearer bypass in connection re-use
Patch22:        curl-CVE-2022-22576.patch
# [bsc#1198723, CVE-2022-27775] - Bad local IPv6 connection reuse
Patch25:        curl-CVE-2022-27775.patch
# [bsc#1198766, CVE-2022-27776] - Auth/cookie leak on redirect
Patch26:        curl-CVE-2022-27776.patch
# [bsc#1199223, CVE-2022-27781] - CERTINFO never-ending busy-loop
Patch27:        curl-CVE-2022-27781.patch
# [bsc#1199224, CVE-2022-27782] - TLS and SSH connection too eager reuse
Patch28:        curl-CVE-2022-27782.patch
# [bsc#1200735, CVE-2022-32206] - HTTP compression denial of service
Patch29:        curl-CVE-2022-32206.patch
# [bsc#1200737, CVE-2022-32208] - FTP-KRB bad message verification
Patch30:        curl-CVE-2022-32208.patch
#PATCH-FIX-UPSTREAM bsc#1202593 CVE-2022-35252 Reject cookies with control bytes
Patch31:        curl-CVE-2022-35252.patch
#PATCH-FIX-UPSTREAM bsc#1204383 CVE-2022-32221 POST following PUT confusion
Patch32:        curl-CVE-2022-32221.patch
#PATCH-FIX-UPSTREAM bsc#1206309 CVE-2022-43552 HTTP Proxy deny use-after-free
Patch33:        curl-CVE-2022-43552.patch
#PATCH-FIX-UPSTREAM bsc#1207992 CVE-2023-23916 HTTP multi-header compression DoS
Patch34:        curl-CVE-2023-23916.patch
#PATCH-FIX-UPSTREAM bsc#1209209 CVE-2023-27533 TELNET option IAC injection
Patch35:        curl-CVE-2023-27533-no-sscanf.patch
Patch36:        curl-CVE-2023-27533.patch
#PATCH-FIX-UPSTREAM bsc#1209210 CVE-2023-27534 SFTP path ~ resolving discrepancy
Patch37:        curl-CVE-2023-27534.patch
Patch38:        curl-CVE-2023-27534-dynbuf.patch
#PATCH-FIX-UPSTREAM bsc#1209211 CVE-2023-27535 FTP too eager connection reuse
Patch39:        curl-CVE-2023-27535.patch
#PATCH-FIX-UPSTREAM bsc#1209212 CVE-2023-27536 GSS delegation too eager connection re-use
Patch40:        curl-CVE-2023-27536.patch
#PATCH-FIX-UPSTREAM bsc#1209214 CVE-2023-27538 SSH connection too eager reuse still
Patch41:        curl-CVE-2023-27538.patch
#PATCH-FIX-UPSTREAM bsc#1211231 CVE-2023-28320 siglongjmp race condition
Patch42:        curl-CVE-2023-28320.patch
#PATCH-FIX-UPSTREAM bsc#1211232 CVE-2023-28321 IDN wildcard match
Patch43:        curl-CVE-2023-28321.patch
#PATCH-FIX-UPSTREAM bsc#1211233 CVE-2023-28322 POST-after-PUT confusion
Patch44:        curl-CVE-2023-28322.patch
BuildRequires:  libtool
BuildRequires:  pkgconfig
Requires:       libcurl4%{?mini} = %{version}
%if !0%{?bootstrap}
BuildRequires:  groff
BuildRequires:  krb5-mini-devel
BuildRequires:  libidn2-devel
BuildRequires:  lzma
BuildRequires:  openldap2-devel
# Disable metalink [bsc#1188217, CVE-2021-22922][bsc#1188218, CVE-2021-22923]
#BuildRequires:  pkgconfig(libmetalink)
BuildRequires:  pkgconfig(libnghttp2)
BuildRequires:  pkgconfig(libpsl)
BuildRequires:  pkgconfig(libssh)
BuildRequires:  pkgconfig(zlib)
# avoid our own libcurl4 pulled in by cmake
#!BuildRequires: libcurl4-mini
%else
Requires:       this-is-only-for-build-envs
Conflicts:      curl
# The -mini package is sufficient for the build hosts
Provides:       curl = %{version}
%endif
%if %{with openssl}
BuildRequires:  pkgconfig(libssl)
%endif
%if %{with mozilla_nss}
BuildRequires:  mozilla-nss-devel
%endif
#BuildRequires:  openssh
%if 0%{?_with_stunnel:1}
# used by the testsuite
BuildRequires:  stunnel
%endif

%description
Curl is a client to get documents and files from or send documents to a
server using any of the supported protocols (HTTP, HTTPS, FTP, FTPS,
TFTP, DICT, TELNET, LDAP, or FILE). The command is designed to work
without user interaction or any kind of interactivity.

%package -n libcurl4%{?mini}
Summary:        Library for transferring data from URLs
Group:          Productivity/Networking/Web/Utilities
%if 0%{?bootstrap}
Provides:       libcurl4 = %{version}
Requires:       this-is-only-for-build-envs
Conflicts:      libcurl4
%endif

%description -n libcurl4%{?mini}
The cURL shared library for accessing data using different
network protocols.

%package -n libcurl%{?mini}-devel
Summary:        Development files for the curl library
Group:          Development/Libraries/C and C++
Requires:       glibc-devel
Requires:       libcurl4%{?mini} = %{version}
# curl-devel (v 7.15.5) was last used in 10.2
Provides:       curl-devel <= 7.15.5
Obsoletes:      curl-devel < 7.16.2
%if 0%{?bootstrap}
Requires:       this-is-only-for-build-envs
Conflicts:      libcurl-devel
Provides:       libcurl-devel = %{version}-%{release}
%endif

%description -n libcurl%{?mini}-devel
Curl is a client to get documents and files from or send documents to a
server using any of the supported protocols (HTTP, HTTPS, FTP, GOPHER,
DICT, TELNET, LDAP, or FILE). The command is designed to work without
user interaction or any kind of interactivity.

%prep
%setup -q -n curl-%{version}
%patch0 -p1
%patch1
%patch2
%ifarch ppc ppc64 ppc64le
%patch3 -p1
%endif
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch18 -p1
%patch19 -p1
%patch20 -p1
%patch21 -p1
%patch22 -p1
%patch25 -p1
%patch26 -p1
%patch27 -p1
%patch28 -p1
%patch29 -p1
%patch30 -p1
%patch31 -p1
%patch32 -p1
%patch33 -p1
%patch34 -p1
%patch35 -p1
%patch36 -p1
%patch37 -p1
%patch38 -p1
%patch39 -p1
%patch40 -p1
%patch41 -p1
%patch42 -p1
%patch43 -p1
%patch44 -p1

# disable new failing test 1165
echo "1165" >> tests/data/DISABLED

%build
# curl complains if macro definition is contained in CFLAGS
# see m4/xc-val-flgs.m4
CPPFLAGS="-D_FORTIFY_SOURCE=2"
CFLAGS=$(echo "%{optflags}" | sed -e 's/-D_FORTIFY_SOURCE=2//')
export CPPFLAGS CFLAGS
export CFLAGS="$CFLAGS -fPIE"
export LDFLAGS="$LDFLAGS -pie"
autoreconf -fiv
# local hack to make curl-config --libs stop printing libraries it depends on
# (currently, libtool sets link_all_deplibs=(yes|unknown) everywhere,
# will hopefully change in the future)
sed -i 's/\(link_all_deplibs=\)unknown/\1no/' configure
%configure \
    --enable-ipv6 \
%if %{with openssl}
    --with-ssl \
    --with-ca-fallback \
    --without-ca-path \
    --without-ca-bundle \
%else
    --without-ssl \
%if %{with mozilla_nss}
    --with-nss \
%endif
%endif
%if !0%{?bootstrap}
    --with-gssapi=%{_libexecdir}/mit \
    --with-libidn2 \
    --with-libssh \
    --without-libmetalink \
%endif
    --enable-hidden-symbols \
    --disable-static \
    --enable-threaded-resolver

# if this fails, the above sed hack did not work
./libtool --config | grep -q link_all_deplibs=no
# enable-hidden-symbols needs gcc4 and causes that curl exports only its API
make %{?_smp_mflags} V=1

%if %{with testsuite}
%check
pushd tests
make %{?_smp_mflags}
# make sure the testsuite runs don't race on MP machines in autobuild
if test -z "$BUILD_INCARNATION" -a -r /.buildenv; then
	. /.buildenv
fi
if test -z "$BUILD_INCARNATION"; then
	BUILD_INCARNATION=0
fi

base=$((8990 + $BUILD_INCARNATION * 20))
# bug940009 do not run flaky tests for any architecture
# at least test 1510 do fail for i586 and ppc64le
perl ./runtests.pl -a -b$base '!flaky' || exit

popd
%endif

%install
%make_install
rm -f %{buildroot}%{_libdir}/libcurl.la
install -Dm 0644 docs/libcurl/libcurl.m4 %{buildroot}%{_datadir}/aclocal/libcurl.m4
pushd scripts
%make_install
popd

%post -n libcurl4%{?mini} -p /sbin/ldconfig
%postun -n libcurl4%{?mini} -p /sbin/ldconfig

%files
%doc README RELEASE-NOTES
%doc docs/{BUGS,FAQ,FEATURES,MANUAL,RESOURCES,TODO,TheArtOfHttpScripting}
%{_bindir}/curl
%{_datadir}/zsh/site-functions/_curl
%{_mandir}/man1/curl.1%{ext_man}
%dir %{_datadir}/zsh
%dir %{_datadir}/zsh/site-functions
%dir %{_datadir}/fish/
%dir %{_datadir}/fish/vendor_completions.d/
%{_datadir}/fish/vendor_completions.d/curl.fish

%files -n libcurl4%{?mini}
%license COPYING
%{_libdir}/libcurl.so.4*

%files -n libcurl%{?mini}-devel
%{_bindir}/curl-config
%{_includedir}/curl
%dir %{_datadir}/aclocal/
%{_datadir}/aclocal/libcurl.m4
%{_libdir}/libcurl.so
%{_libdir}/pkgconfig/libcurl.pc
%{_mandir}/man1/curl-config.1%{ext_man}
%{_mandir}/man3/*
%doc docs/libcurl/symbols-in-versions

%changelog
openSUSE Build Service is sponsored by