Summary: A utility, built with gnutls, for getting files from remote servers Name: libcurl-gnutls Version: 7.76.1 Release: 4%{?dist} License: MIT Source: https://curl.se/download/curl-%{version}.tar.xz # http2: fix resource leaks detected by Coverity Patch1: 0001-curl-7.76.1-resource-leaks.patch # fix TELNET stack contents disclosure (CVE-2021-22898) Patch2: 0002-curl-7.76.1-CVE-2021-22898.patch # fix TLS session caching disaster (CVE-2021-22901) Patch3: 0003-curl-7.76.1-CVE-2021-22901.patch # fix SIGSEGV upon disconnect of a ldaps:// transfer (#1941925) Patch4: 0004-curl-7.76.1-ldaps-segv.patch # patch making libcurl multilib ready Patch101: 0101-curl-7.32.0-multilib.patch # prevent configure script from discarding -g in CFLAGS (#496778) Patch102: 0102-curl-7.36.0-debug.patch # prevent valgrind from reporting false positives on x86_64 Patch105: 0105-curl-7.63.0-lib1560-valgrind.patch Patch290: 90_gnutls.patch URL: https://curl.se/ BuildRequires: automake BuildRequires: brotli-devel BuildRequires: coreutils BuildRequires: gcc BuildRequires: groff BuildRequires: krb5-devel BuildRequires: libidn2-devel BuildRequires: libmetalink-devel BuildRequires: libnghttp2-devel BuildRequires: libpsl-devel BuildRequires: libssh-devel BuildRequires: libtool BuildRequires: make BuildRequires: openldap-devel BuildRequires: openssh-clients BuildRequires: openssh-server #BuildRequires: openssl-devel BuildRequires: perl-interpreter BuildRequires: pkgconfig BuildRequires: python-unversioned-command BuildRequires: python3-devel BuildRequires: sed BuildRequires: zlib-devel # needed to compress content of tool_hugehelp.c after changing curl.1 man page BuildRequires: perl(IO::Compress::Gzip) # needed for generation of shell completions BuildRequires: perl(Getopt::Long) BuildRequires: perl(Pod::Usage) BuildRequires: perl(strict) BuildRequires: perl(warnings) # gnutls-serv is used by the upstream test-suite BuildRequires: gnutls-utils BuildRequires: gnutls-devel # hostname(1) is used by the test-suite but it is missing in armv7hl buildroot BuildRequires: hostname # nghttpx (an HTTP/2 proxy) is used by the upstream test-suite BuildRequires: nghttp2 # perl modules used in the test suite BuildRequires: perl(Cwd) BuildRequires: perl(Digest::MD5) BuildRequires: perl(Exporter) BuildRequires: perl(File::Basename) BuildRequires: perl(File::Copy) BuildRequires: perl(File::Spec) BuildRequires: perl(IPC::Open2) BuildRequires: perl(MIME::Base64) BuildRequires: perl(Time::Local) BuildRequires: perl(Time::HiRes) BuildRequires: perl(vars) %if 0%{?fedora} # needed for upstream test 1451 BuildRequires: python3-impacket %endif # The test-suite runs automatically through valgrind if valgrind is available # on the system. By not installing valgrind into mock's chroot, we disable # this feature for production builds on architectures where valgrind is known # to be less reliable, in order to avoid unnecessary build failures (see RHBZ # #810992, #816175, and #886891). Nevertheless developers are free to install # valgrind manually to improve test coverage on any architecture. %ifarch x86_64 BuildRequires: valgrind %endif # stunnel is used by upstream tests but it does not seem to work reliably # on s390x and occasionally breaks some tests (mainly 1561 and 1562) %ifnarch s390x BuildRequires: stunnel %endif # using an older version of libcurl could result in CURLE_UNKNOWN_OPTION Requires: libcurl%{?_isa} >= %{version}-%{release} # require at least the version of libpsl that we were built against, # to ensure that we have the necessary symbols available (#1631804) %global libpsl_version %(pkg-config --modversion libpsl 2>/dev/null || echo 0) # require at least the version of libssh that we were built against, # to ensure that we have the necessary symbols available (#525002, #642796) %global libssh_version %(pkg-config --modversion libssh 2>/dev/null || echo 0) # require at least the version of gnutls libs that we were built against, # to ensure that we have the necessary symbols available %global gnutls_version %(pkg-config --modversion gnutls 2>/dev/null || echo 0) Requires: libpsl%{?_isa} >= %{libpsl_version} Requires: libssh%{?_isa} >= %{libssh_version} Requires: gnutls%{?_isa} >= %{gnutls_version} %description libcurl is a free and easy-to-use client-side URL transfer library, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. libcurl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, Kerberos4), file transfer resume, http proxy tunneling and more. This version is built with gnutls. %prep %setup -q -n curl-%{version} # upstream patches %patch1 -p1 %patch2 -p1 %patch3 -p1 %patch4 -p1 # Fedora patches %patch101 -p1 %patch102 -p1 %patch105 -p1 # debian %patch290 -p1 # debian ./buildconf ## regenerate the configure script and Makefile.in files #autoreconf -fiv # disable test 1112 (#565305), test 1455 (occasionally fails with 'bind failed # with errno 98: Address already in use' in Koji environment), and test 1801 # printf "1112\n1455\n1801\n" >> tests/data/DISABLED # disable test 1319 on ppc64 (server times out) %ifarch ppc64 echo "1319" >> tests/data/DISABLED %endif # temporarily disable test 582 on s390x (client times out) %ifarch s390x echo "582" >> tests/data/DISABLED %endif # temporarily disable tests 702 703 716 on armv7hl (#1829180) %ifarch armv7hl printf "702\n703\n716\n" >> tests/data/DISABLED %endif # adapt test 323 for updated OpenSSL sed -e 's/^35$/35,52/' -i tests/data/test323 %build mkdir build-gnutls export common_configure_opts=" \ --cache-file=../config.cache \ --disable-static \ --enable-ipv6 \ --enable-threaded-resolver \ --with-gssapi \ --with-nghttp2 \ --with-ca-bundle=%{_sysconfdir}/pki/tls/certs/ca-bundle.crt" %global _configure ../configure # configure gnutls build ( cd build-gnutls %configure $common_configure_opts \ --disable-ldap \ --disable-ldaps \ --disable-manual \ --without-brotli \ --without-libidn2 \ --without-libmetalink \ --without-libpsl \ --without-libssh \ ¦ --without-ssl \ ¦ --with-gnutls \ ¦ --disable-symbol-hiding \ ¦ --enable-versioned-symbols ) # --with-default-ssl-backend=gnutls # avoid using rpath sed -e 's/^runpath_var=.*/runpath_var=/' \ -e 's/^hardcode_libdir_flag_spec=".*"$/hardcode_libdir_flag_spec=""/' \ -i build-gnutls/libtool %make_build V=1 -C build-gnutls %check # we have to override LD_LIBRARY_PATH because we eliminated rpath LD_LIBRARY_PATH="${PWD}/build-full/lib/.libs" export LD_LIBRARY_PATH ## compile upstream test-cases #cd build-full/tests #%make_build V=1 ## relax crypto policy for the test-suite to make it pass again (#1610888) #export OPENSSL_SYSTEM_CIPHERS_OVERRIDE=XXX #export OPENSSL_CONF= ## run the upstream test-suite #srcdir=../../tests perl -I../../tests ../../tests/runtests.pl -a -p -v '!flaky' %install # install and rename the library that will be packaged as libcurl-gnutls %make_install -C build-gnutls/lib rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl-gnutls.{la,so,so.4} rename libcurl-gnutls.so libcurl3-gnutls.so ${RPM_BUILD_ROOT}%{_libdir}/libcurl-gnutls.so.4.[0-9].[0-9] pushd ${RPM_BUILD_ROOT}%{_libdir} for i in `ls -1`; do ln -s $i libcurl3-gnutls.so ln -s $i libcurl3-gnutls.so.4 done popd %ldconfig_scriptlets -n libcurl-gnutls %files %license COPYING %{_libdir}/libcurl3-gnutls.so %{_libdir}/libcurl3-gnutls.so.4 %{_libdir}/libcurl3-gnutls.so.4.[0-9].[0-9] %{_libdir}/libcurl-gnutls.so.4 %changelog * Sat Jul 17 2021 Patrick Laimbock - 7.76.1-4 - sync with curl in koji - fix SIGSEGV upon disconnect of a ldaps:// transfer (#1941925) - fix TLS session caching disaster (CVE-2021-22901) - fix TELNET stack contents disclosure (CVE-2021-22898) * Sun May 23 2021 Patrick Laimbock - 7.76.1-2 - update to version 7.76.1 and sync curl in koji * Wed Apr 07 2021 Patrick Laimbock - 7.76.0-3 - update to version 7.76 - fixes CVE-2021-22890 and CVE-2021-22876 * Sat Mar 27 2021 Patrick Laimbock - 7.75.0-3 - initial release of libcurl-gnutls for F34