# OpenSSL ENGINE support # This is deprecated by OpenSSL since OpenSSL 3.0 and by Fedora since Fedora 41 # https://fedoraproject.org/wiki/Changes/OpensslDeprecateEngine # Change the bcond to 0 to turn off ENGINE support by default %bcond openssl_engine_support 1 #%%global _smp_mflags -j1 %global _default_patch_fuzz 2 Summary: A utility, built with gnutls, for getting files from remote servers Name: libcurl-gnutls Version: 8.9.1 Release: 2%{?dist} License: curl Source: https://curl.se/download/curl-%{version}.tar.xz Source1: https://curl.se/download/curl-%{version}.tar.xz.asc # The curl download page ( https://curl.se/download.html ) links # to Daniel's address page https://daniel.haxx.se/address.html for the GPG Key, # which points to the GPG key as of April 7th 2016 of https://daniel.haxx.se/mykey.asc Source2: mykey.asc # patch making libcurl multilib ready Patch101: 0101-curl-7.32.0-multilib.patch # test3026: disable valgrind Patch102: 0102-curl-7.84.0-test3026.patch # do not fail on warnings in the upstream test driver Patch104: 0104-curl-7.88.0-tests-warnings.patch # Fix crashes with transmission due to SIGPIPE # https://github.com/curl/curl/commit/3eec5afbd0b6377eca893c392569b2faf094d970 Patch001: 0001-curl-8.9.1-sigpipe.patch # debian patch from # https://sources.debian.org/patches/curl/ #Patch290: ZZZgnutls-build.patch Patch290: ZZZgnutls-build_rebased_20241031.patch URL: https://curl.se/ BuildRequires: automake BuildRequires: brotli-devel BuildRequires: coreutils BuildRequires: gcc BuildRequires: groff BuildRequires: krb5-devel BuildRequires: libidn2-devel BuildRequires: libnghttp2-devel BuildRequires: libpsl-devel BuildRequires: libssh-devel BuildRequires: libtool BuildRequires: make BuildRequires: openldap-devel BuildRequires: openssh-clients BuildRequires: openssh-server BuildRequires: openssl-devel %if %{with openssl_engine_support} BuildRequires: openssl-devel-engine %endif BuildRequires: perl-interpreter BuildRequires: pkgconfig BuildRequires: python-unversioned-command BuildRequires: python3-devel BuildRequires: sed BuildRequires: zlib-devel # For gpg verification of source tarball BuildRequires: gnupg2 # needed to compress content of tool_hugehelp.c after changing curl.1 man page BuildRequires: perl(IO::Compress::Gzip) # needed for generation of shell completions BuildRequires: perl(Getopt::Long) BuildRequires: perl(Pod::Usage) BuildRequires: perl(strict) BuildRequires: perl(warnings) # needed for test1560 to succeed BuildRequires: glibc-langpack-en # gnutls-serv is used by the upstream test-suite BuildRequires: gnutls-utils BuildRequires: gnutls-devel # hostname(1) is used by the test-suite but it is missing in armv7hl buildroot BuildRequires: hostname # nghttpx (an HTTP/2 proxy) is used by the upstream test-suite BuildRequires: nghttp2 # perl modules used in the test suite BuildRequires: perl(B) BuildRequires: perl(base) BuildRequires: perl(constant) BuildRequires: perl(Cwd) BuildRequires: perl(Digest::MD5) BuildRequires: perl(Digest::SHA) BuildRequires: perl(Exporter) BuildRequires: perl(File::Basename) BuildRequires: perl(File::Copy) BuildRequires: perl(File::Spec) BuildRequires: perl(IPC::Open2) BuildRequires: perl(List::Util) BuildRequires: perl(Memoize) BuildRequires: perl(MIME::Base64) BuildRequires: perl(POSIX) BuildRequires: perl(Storable) BuildRequires: perl(Time::HiRes) BuildRequires: perl(Time::Local) BuildRequires: perl(vars) %if 0%{?fedora} # needed for upstream test 1451 BuildRequires: python3-impacket %endif # The test-suite runs automatically through valgrind if valgrind is available # on the system. By not installing valgrind into mock's chroot, we disable # this feature for production builds on architectures where valgrind is known # to be less reliable, in order to avoid unnecessary build failures (see RHBZ # #810992, #816175, and #886891). Nevertheless developers are free to install # valgrind manually to improve test coverage on any architecture. %ifarch x86_64 BuildRequires: valgrind %endif # stunnel is used by upstream tests but it does not seem to work reliably # on s390x and occasionally breaks some tests (mainly 1561 and 1562) %ifnarch s390x BuildRequires: stunnel %endif # using an older version of libcurl could result in CURLE_UNKNOWN_OPTION Requires: libcurl%{?_isa} >= %{version}-%{release} # Define OPENSSL_NO_ENGINE to avoid inclusion of %if %{without openssl_engine_support} %global _preprocessor_defines %{?_preprocessor_defines} -DOPENSSL_NO_ENGINE %endif # require at least the version of libnghttp2 that we were built against, # to ensure that we have the necessary symbols available (#2144277) %global libnghttp2_version %(pkg-config --modversion libnghttp2 2>/dev/null || echo 0) # require at least the version of libpsl that we were built against, # to ensure that we have the necessary symbols available (#1631804) %global libpsl_version %(pkg-config --modversion libpsl 2>/dev/null || echo 0) # require at least the version of libssh that we were built against, # to ensure that we have the necessary symbols available (#525002, #642796) %global libssh_version %(pkg-config --modversion libssh 2>/dev/null || echo 0) # require at least the version of gnutls libs that we were built against, # to ensure that we have the necessary symbols available %global gnutls_version %(pkg-config --modversion gnutls 2>/dev/null || echo 0) Requires: libnghttp2%{?_isa} >= %{libnghttp2_version} Requires: libpsl%{?_isa} >= %{libpsl_version} Requires: libssh%{?_isa} >= %{libssh_version} Requires: gnutls%{?_isa} >= %{gnutls_version} %description libcurl is a free and easy-to-use client-side URL transfer library, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. libcurl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, Kerberos4), file transfer resume, http proxy tunneling and more. This version is built with gnutls. %prep %{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}' %autosetup -p1 -n curl-%{version} # disable test 1801 # printf "1801\n" >> tests/data/DISABLED # test3026: avoid pthread_create() failure due to resource exhaustion on i386 %ifarch %{ix86} sed -e 's|NUM_THREADS 1000$|NUM_THREADS 256|' \ -i tests/libtest/lib3026.c %endif # adapt test 323 for updated OpenSSL sed -e 's|^35$|35,52|' -i tests/data/test323 # use localhost6 instead of ip6-localhost in the curl test-suite ( # avoid glob expansion in the trace output of `bash -x` { set +x; } 2>/dev/null cmd="sed -e 's|ip6-localhost|localhost6|' -i tests/data/test[0-9]*" printf "+ %s\n" "$cmd" >&2 eval "$cmd" ) # regenerate the configure script and Makefile.in files #autoreconf -fiv ## debian #./buildconf autoreconf -vfi %build mkdir build-gnutls export common_configure_opts=" \ --cache-file=../config.cache \ --disable-manual \ --disable-static \ --enable-hsts \ --enable-ipv6 \ --enable-threaded-resolver \ --without-zstd \ --with-gssapi \ --with-libidn2 \ --with-nghttp2 \ --with-ca-bundle=%{_sysconfdir}/pki/tls/certs/ca-bundle.crt \ --with-zsh-functions-dir" %global _configure ../configure # configure gnutls build ( cd build-gnutls %configure $common_configure_opts \ --disable-dict \ --disable-gopher \ --disable-imap \ --disable-ldap \ --disable-ldaps \ --disable-manual \ --disable-mqtt \ --disable-ntlm \ --disable-ntlm-wb \ --disable-pop3 \ --disable-rtsp \ --disable-smb \ --disable-smtp \ --disable-telnet \ --disable-tftp \ --disable-tls-srp \ --without-brotli \ --without-libpsl \ --without-libssh \ --with-gnutls \ --disable-symbol-hiding \ --enable-versioned-symbols ) # --without-libidn2 \ # --enable-tls-srp \ # --without-libmetalink \ # --with-default-ssl-backend=gnutls # avoid using rpath sed -e 's/^runpath_var=.*/runpath_var=/' \ -e 's/^hardcode_libdir_flag_spec=".*"$/hardcode_libdir_flag_spec=""/' \ -i build-gnutls/libtool %make_build V=1 -C build-gnutls %install # install and rename the library that will be packaged as libcurl-gnutls %make_install -C build-gnutls/lib rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl-gnutls.{la,so,so.4} rename libcurl-gnutls.so libcurl3-gnutls.so ${RPM_BUILD_ROOT}%{_libdir}/libcurl-gnutls.so.4.[0-9].[0-9] pushd ${RPM_BUILD_ROOT}%{_libdir} for i in `ls -1`; do ln -s $i libcurl3-gnutls.so ln -s $i libcurl3-gnutls.so.4 done popd %ldconfig_scriptlets -n libcurl-gnutls %files %license COPYING %{_libdir}/libcurl3-gnutls.so %{_libdir}/libcurl3-gnutls.so.4 %{_libdir}/libcurl3-gnutls.so.4.[0-9].[0-9] %{_libdir}/libcurl-gnutls.so.4 %changelog * Thu Oct 31 2024 Patrick Laimbock - 8.9.1-2 - initial build for F41 - update debian gnutls patch - sync with koji * Thu Apr 25 2024 Patrick Laimbock - 8.6.0-8 - initial build for F40 * Wed Apr 03 2024 Jan Macku - 8.6.0-8 - fix Usage of disabled protocol (CVE-2024-2004) - fix HTTP/2 push headers memory-leak (CVE-2024-2398) * Sat Nov 11 2023 Patrick Laimbock - 8.2.1-3 - initial build for F39 - sync with koji * Sun Jun 11 2023 Patrick Laimbock - 8.0.1-2 - sync with koji * Sat May 06 2023 Patrick Laimbock - 8.0.1-1 - sync with koji * Thu Apr 20 2023 Patrick Laimbock - 7.87.0-7 - sync with koji for F38 * Thu Mar 30 2023 Patrick Laimbock - 7.85.0-8 - sync with koji * Tue Nov 22 2022 Patrick Laimbock - 7.85.0-2 - initial build for F37 - sync with koji * Mon Jul 18 2022 Patrick Laimbock - 7.82.0-7 - the 'big thanks to Kamil Dudka' release so gnutls support works again * Wed Jul 13 2022 Patrick Laimbock - 7.82.0-6 - sync with curl from koji - add all missing patches * Sat Mar 26 2022 Patrick Laimbock - 7.82.0-1 - update to version 7.82.0 for Fedora 36 - get updated 90_gnutls.patch from https://sources.debian.org/patches/curl/7.82.0-2/ * Thu Nov 25 2021 Patrick Laimbock - 7.79.1-1 - update to version 7.79.1 for Fedora 35 - sync with koji - rebase 90_gnutls.patch on curl-7.79.1 * Tue Aug 24 2021 Patrick Laimbock - 7.76.1-7 - sync with curl from koji - add patch for CVE-2021-22924 - add patch for CVE-2021-22925 * Sat Jul 17 2021 Patrick Laimbock - 7.76.1-4 - sync with curl in koji - fix SIGSEGV upon disconnect of a ldaps:// transfer (#1941925) - fix TLS session caching disaster (CVE-2021-22901) - fix TELNET stack contents disclosure (CVE-2021-22898) * Sun May 23 2021 Patrick Laimbock - 7.76.1-2 - update to version 7.76.1 and sync curl in koji * Wed Apr 07 2021 Patrick Laimbock - 7.76.0-3 - update to version 7.76 - fixes CVE-2021-22890 and CVE-2021-22876 * Sat Mar 27 2021 Patrick Laimbock - 7.75.0-3 - initial release of libcurl-gnutls for F34