# OpenSSL ENGINE support # This is deprecated by OpenSSL since OpenSSL 3.0 and by Fedora since Fedora 41 # https://fedoraproject.org/wiki/Changes/OpensslDeprecateEngine # Change the bcond to 0 to turn off ENGINE support by default %bcond openssl_engine_support %[%{defined fedora} || 0%{?rhel} < 10] #%%global _smp_mflags -j1 %global _default_patch_fuzz 2 Summary: A utility, built with gnutls, for getting files from remote servers Name: libcurl-gnutls Version: 8.15.0 Release: 2%{?dist} License: curl Source: https://curl.se/download/curl-%{version}.tar.xz Source1: https://curl.se/download/curl-%{version}.tar.xz.asc # The curl download page ( https://curl.se/download.html ) links # to Daniel's address page https://daniel.haxx.se/address.html for the GPG Key, # which points to the GPG key as of April 7th 2016 of https://daniel.haxx.se/mykey.asc Source2: mykey.asc # patch making libcurl multilib ready Patch101: 0101-curl-7.32.0-multilib.patch # test616: disable valgrind Patch105: 0105-curl-8.11.1-test616.patch # debian patch from # https://sources.debian.org/patches/curl/ Patch290: ZZZgnutls-build-8.15.0.patch URL: https://curl.se/ BuildRequires: automake BuildRequires: brotli-devel BuildRequires: coreutils BuildRequires: gcc BuildRequires: groff BuildRequires: krb5-devel BuildRequires: libidn2-devel BuildRequires: libnghttp2-devel BuildRequires: libpsl-devel BuildRequires: libssh-devel BuildRequires: libtool BuildRequires: make BuildRequires: openldap-devel BuildRequires: openssh-clients BuildRequires: openssh-server BuildRequires: openssl-devel %if %{with openssl_engine_support} && 0%{?fedora} >= 41 BuildRequires: openssl-devel-engine %endif BuildRequires: perl-interpreter BuildRequires: pkgconfig BuildRequires: python-unversioned-command BuildRequires: python3-devel BuildRequires: sed BuildRequires: zlib-devel # For gpg verification of source tarball BuildRequires: gnupg2 # needed to compress content of tool_hugehelp.c after changing curl.1 man page BuildRequires: perl(IO::Compress::Gzip) # needed for generation of shell completions BuildRequires: perl(Getopt::Long) BuildRequires: perl(Pod::Usage) BuildRequires: perl(strict) BuildRequires: perl(warnings) # needed for test1560 to succeed BuildRequires: glibc-langpack-en # gnutls-serv is used by the upstream test-suite BuildRequires: gnutls-utils # for ZZZgnutls-build.patch BuildRequires: gnutls-devel # hostname(1) is used by the test-suite but it is missing in armv7hl buildroot BuildRequires: hostname # nghttpx (an HTTP/2 proxy) is used by the upstream test-suite BuildRequires: nghttp2 # perl modules used in the test suite BuildRequires: perl(B) BuildRequires: perl(base) BuildRequires: perl(constant) BuildRequires: perl(Cwd) BuildRequires: perl(Digest::MD5) BuildRequires: perl(Digest::SHA) BuildRequires: perl(Exporter) BuildRequires: perl(File::Basename) BuildRequires: perl(File::Copy) BuildRequires: perl(File::Spec) BuildRequires: perl(I18N::Langinfo) BuildRequires: perl(IPC::Open2) BuildRequires: perl(List::Util) BuildRequires: perl(Memoize) BuildRequires: perl(MIME::Base64) BuildRequires: perl(POSIX) BuildRequires: perl(Storable) BuildRequires: perl(Time::HiRes) BuildRequires: perl(Time::Local) BuildRequires: perl(vars) %if 0%{?fedora} # needed for upstream test 1451 BuildRequires: python3-impacket %endif # The test-suite runs automatically through valgrind if valgrind is available # on the system. By not installing valgrind into mock's chroot, we disable # this feature for production builds on architectures where valgrind is known # to be less reliable, in order to avoid unnecessary build failures (see RHBZ # #810992, #816175, and #886891). Nevertheless developers are free to install # valgrind manually to improve test coverage on any architecture. %ifarch x86_64 BuildRequires: valgrind %endif # stunnel is used by upstream tests but it does not seem to work reliably # on s390x and occasionally breaks some tests (mainly 1561 and 1562) %ifnarch s390x BuildRequires: stunnel %endif # using an older version of libcurl could result in CURLE_UNKNOWN_OPTION Requires: libcurl%{?_isa} >= %{version}-%{release} # Define OPENSSL_NO_ENGINE to avoid inclusion of %if %{without openssl_engine_support} %global _preprocessor_defines %{?_preprocessor_defines} -DOPENSSL_NO_ENGINE %endif # Define OPENSSL_NO_ENGINE to avoid inclusion of %if %{without openssl_engine_support} %global _preprocessor_defines %{?_preprocessor_defines} -DOPENSSL_NO_ENGINE %endif # require at least the version of libnghttp2 that we were built against, # to ensure that we have the necessary symbols available (#2144277) %global libnghttp2_version %(pkg-config --modversion libnghttp2 2>/dev/null || echo 0) # require at least the version of libpsl that we were built against, # to ensure that we have the necessary symbols available (#1631804) %global libpsl_version %(pkg-config --modversion libpsl 2>/dev/null || echo 0) # require at least the version of libssh that we were built against, # to ensure that we have the necessary symbols available (#525002, #642796) %global libssh_version %(pkg-config --modversion libssh 2>/dev/null || echo 0) # require at least the version of gnutls libs that we were built against, # to ensure that we have the necessary symbols available %global gnutls_version %(pkg-config --modversion gnutls 2>/dev/null || echo 0) Requires: libnghttp2%{?_isa} >= %{libnghttp2_version} Requires: libpsl%{?_isa} >= %{libpsl_version} Requires: libssh%{?_isa} >= %{libssh_version} Requires: gnutls%{?_isa} >= %{gnutls_version} %description This package provides libcurl-gnutls required by some VSTs %prep %{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}' %autosetup -n curl-%{version_no_tilde} -p1 # disable test 1801 # printf "1801\n" >> tests/data/DISABLED # test3026: avoid pthread_create() failure due to resource exhaustion on i386 %ifarch %{ix86} sed -e 's|NUM_THREADS 1000$|NUM_THREADS 256|' \ -i tests/libtest/lib3026.c %endif # adapt test 323 for updated OpenSSL sed -e 's|^35$|35,52|' -i tests/data/test323 # use localhost6 instead of ip6-localhost in the curl test-suite ( # avoid glob expansion in the trace output of `bash -x` { set +x; } 2>/dev/null cmd="sed -e 's|ip6-localhost|localhost6|' -i tests/data/test[0-9]*" printf "+ %s\n" "$cmd" >&2 eval "$cmd" ) # avoid unnecessary arch-dependent line in the processed file sed -e '/# Used in @libdir@/d' \ -i curl-config.in ## debian #./buildconf autoreconf -vfi %build mkdir build-gnutls export common_configure_opts=" \ --cache-file=../config.cache \ --disable-manual \ --disable-static \ --enable-hsts \ --enable-ipv6 \ --enable-threaded-resolver \ --without-zstd \ --with-gssapi \ --with-libidn2 \ --with-nghttp2 \ --with-ca-bundle=%{_sysconfdir}/pki/tls/certs/ca-bundle.crt \ --with-zsh-functions-dir" %global _configure ../configure # configure gnutls build ( cd build-gnutls %configure $common_configure_opts \ --disable-dict \ --disable-gopher \ --disable-imap \ --disable-ldap \ --disable-ldaps \ --disable-manual \ --disable-mqtt \ --disable-ntlm \ --disable-ntlm-wb \ --disable-pop3 \ --disable-rtsp \ --disable-smb \ --disable-smtp \ --disable-telnet \ --disable-tftp \ --disable-tls-srp \ --without-brotli \ --without-libpsl \ --without-libssh \ --with-gnutls \ --disable-symbol-hiding \ --enable-versioned-symbols ) # --without-libidn2 \ # --enable-tls-srp \ # --without-libmetalink \ # --with-default-ssl-backend=gnutls # avoid using rpath sed -e 's/^runpath_var=.*/runpath_var=/' \ -e 's/^hardcode_libdir_flag_spec=".*"$/hardcode_libdir_flag_spec=""/' \ -i build-gnutls/libtool %make_build V=1 -C build-gnutls #%%check removed %install # install and rename the library that will be packaged as libcurl-gnutls %make_install -C build-gnutls/lib rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl-gnutls.{la,so,so.4} rename libcurl-gnutls.so libcurl3-gnutls.so ${RPM_BUILD_ROOT}%{_libdir}/libcurl-gnutls.so.4.[0-9].[0-9] pushd ${RPM_BUILD_ROOT}%{_libdir} for i in `ls -1`; do ln -s $i libcurl3-gnutls.so ln -s $i libcurl3-gnutls.so.4 done popd %ldconfig_scriptlets -n libcurl-gnutls %files %license COPYING %{_libdir}/libcurl3-gnutls.so %{_libdir}/libcurl3-gnutls.so.4 %{_libdir}/libcurl3-gnutls.so.4.[0-9].[0-9] %{_libdir}/libcurl-gnutls.so.4 %changelog * Fri Nov 07 2025 Patrick Laimbock - 8.15.0-2 - initial release for F43 - rebase ZZZgnutls-build.patch -> ZZZgnutls-build-8.15.0.patch * Sun Apr 20 2025 Patrick Laimbock - 8.11.1-4 - initial build for F42 - update debian gnutls patch - sync with koji * Thu Oct 31 2024 Patrick Laimbock - 8.9.1-2 - initial build for F41 - update debian gnutls patch - sync with koji * Thu Apr 25 2024 Patrick Laimbock - 8.6.0-8 - initial build for F40 * Wed Apr 03 2024 Jan Macku - 8.6.0-8 - fix Usage of disabled protocol (CVE-2024-2004) - fix HTTP/2 push headers memory-leak (CVE-2024-2398) * Sat Nov 11 2023 Patrick Laimbock - 8.2.1-3 - initial build for F39 - sync with koji * Sun Jun 11 2023 Patrick Laimbock - 8.0.1-2 - sync with koji * Sat May 06 2023 Patrick Laimbock - 8.0.1-1 - sync with koji * Thu Apr 20 2023 Patrick Laimbock - 7.87.0-7 - sync with koji for F38 * Thu Mar 30 2023 Patrick Laimbock - 7.85.0-8 - sync with koji * Tue Nov 22 2022 Patrick Laimbock - 7.85.0-2 - initial build for F37 - sync with koji * Mon Jul 18 2022 Patrick Laimbock - 7.82.0-7 - the 'big thanks to Kamil Dudka' release so gnutls support works again * Wed Jul 13 2022 Patrick Laimbock - 7.82.0-6 - sync with curl from koji - add all missing patches * Sat Mar 26 2022 Patrick Laimbock - 7.82.0-1 - update to version 7.82.0 for Fedora 36 - get updated 90_gnutls.patch from https://sources.debian.org/patches/curl/7.82.0-2/ * Thu Nov 25 2021 Patrick Laimbock - 7.79.1-1 - update to version 7.79.1 for Fedora 35 - sync with koji - rebase 90_gnutls.patch on curl-7.79.1 * Tue Aug 24 2021 Patrick Laimbock - 7.76.1-7 - sync with curl from koji - add patch for CVE-2021-22924 - add patch for CVE-2021-22925 * Sat Jul 17 2021 Patrick Laimbock - 7.76.1-4 - sync with curl in koji - fix SIGSEGV upon disconnect of a ldaps:// transfer (#1941925) - fix TLS session caching disaster (CVE-2021-22901) - fix TELNET stack contents disclosure (CVE-2021-22898) * Sun May 23 2021 Patrick Laimbock - 7.76.1-2 - update to version 7.76.1 and sync curl in koji * Wed Apr 07 2021 Patrick Laimbock - 7.76.0-3 - update to version 7.76 - fixes CVE-2021-22890 and CVE-2021-22876 * Sat Mar 27 2021 Patrick Laimbock - 7.75.0-3 - initial release of libcurl-gnutls for F34