Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
curl.28253
curl.spec
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File curl.spec of Package curl.28253
# # spec file for package curl # # Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via https://bugs.opensuse.org/ # %bcond_without openssl %bcond_with mozilla_nss %bcond_without testsuite Name: curl Version: 7.37.0 Release: 0 Summary: A Tool for Transferring Data from URLs License: BSD-3-Clause AND MIT Group: Productivity/Networking/Web/Utilities URL: http://curl.haxx.se/ Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma Source2: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma.asc Source3: baselibs.conf Source4: %{name}.keyring Patch: libcurl-ocloexec.patch Patch1: dont-mess-with-rpmoptflags.diff Patch3: curl-secure-getenv.patch Patch6: curl-DEFAULT_CIPHER_SELECTION.patch Patch7: curl-CVE-2014-3613.patch Patch8: curl-CVE-2014-3620.patch Patch9: curl-CVE-2014-8150.patch Patch10: curl-CVE-2014-3707.patch Patch11: curl-allow_md4_and_md5_in_fips_mode.patch Patch12: curl-CVE-2015-3143.patch Patch13: curl-CVE-2015-3144.patch Patch14: curl-CVE-2015-3145.patch Patch15: curl-CVE-2015-3148.patch Patch16: curl-CVE-2015-3153.patch Patch17: 0001-test46-update-cookie-expire-time.patch Patch18: curl-CVE-2016-0755.patch Patch19: curl-disable_failing_tests.patch # PATCH-FIX-UPSTREAM fix-return-status-in-Curl_is_connected.patch -- Fixes error handling in Curl_is_connected by backporting some code from upstream Patch20: fix-return-status-in-Curl_is_connected.patch # PATCH-FIX-UPSTREAM 0001-Fix-invalid-Network-is-unreachable-errors.patch -- Fixes "network is unreachable" errors in valid situations when ipv6 is not working but ipv4 is Patch21: 0001-Fix-invalid-Network-is-unreachable-errors.patch Patch22: curl-CVE-2016-5419.patch Patch23: curl-CVE-2016-5420.patch Patch24: curl-CVE-2016-5421.patch Patch25: curl-bsc991746.patch # Project cURL Security Advisory, November 2, 2016 Patch26: curl-CVE-2016-8615.patch Patch27: curl-CVE-2016-8617.patch Patch28: curl-CVE-2016-8618.patch Patch29: curl-CVE-2016-8619.patch Patch32: curl-CVE-2016-8616.patch Patch33: curl-CVE-2016-7167.patch Patch40: curl-CVE-2016-8620.patch Patch41: curl-CVE-2016-8621.patch Patch42: curl-CVE-2016-8622.patch Patch43: curl-CVE-2016-8623.patch Patch44: curl-CVE-2016-8624.patch # PATCH-FIX-UPSTREAM Bug 1015332 Patch45: curl-7.37-CVE-2016-9586.patch # PATCH-FIX-UPSTREAM Bug 1032309 Patch46: curl-7.37-CVE-2017-7407.patch # PATCH-FIX-SUSE Bug 1027712 Patch47: curl-DEFAULT_SUSE_SELECTION.patch # PATCH-FIX-UPSTREAM bsc#1051644 VUL-0: CVE-2017-1000100 - TFTP sends more than buffer size Patch48: curl-7.37.0-CVE-2017-1000100.patch # PATCH-FIX-UPSTREAM bsc#1051643 VUL-0: CVE-2017-1000101 - URL globbing out of bounds read Patch49: curl-CVE-2017-1000101.patch # PATCH-FIX-UPSTREAM bsc#1061876 VUL-0: CVE-2017-1000254 - FTP PWD response parser out of bounds read Patch50: curl-7.37-CVE-2017-1000254.patch # PATCH-FIX-UPSTREAM bsc#1060653 "error:1408F10B:SSL routines" when connecting to ftps via proxy Patch51: curl-7.37.0-connect-ftps-via-proxy.patch # PATCH-FIX-UPSTREAM bsc#1063824 VUL-0: CVE-2017-1000257 - IMAP FETCH response out of bounds read Patch52: curl-CVE-2017-1000257.patch # PATCH-FIX-UPSTREAM bsc#1069226 VUL-0: CVE-2017-8816 NTLM buffer overflow via integer overflow Patch53: curl-7.37.0-CVE-2017-8816.patch # PATCH-FIX-UPSTREAM bsc#1069222 VUL-0: CVE-2017-8817 FTP wildcard out of bounds read Patch54: curl-7.37.0-CVE-2017-8817.patch # PATCH-FIX-UPSTREAM bsc#1077001 VUL-0: CVE-2018-1000007 HTTP authentication leak in redirects Patch55: curl-7.37.0-CVE-2018-1000007.patch # PATCH-FIX-UPSTREAM bsc#1084521 CVE-2018-1000120 VUL-1: FTP path trickery leads to NIL byte out of bounds write Patch56: curl-7.37.0-CVE-2018-1000120.patch # PATCH-FIX-UPSTREAM bsc#1084524 CVE-2018-1000121 VUL-1: LDAP NULL pointer dereference Patch57: curl-7.37.0-CVE-2018-1000121.patch # PATCH-FIX-UPSTREAM bsc#1084532 CVE-2018-1000122 VUL-0: RTSP RTP buffer over-read Patch58: curl-7.37.0-CVE-2018-1000122.patch # PATCH-FIX-SUSE bsc#1086825 curl-HIGH-cipher-fallback.patch Patch59: curl-HIGH-cipher-fallback.patch # PATCH-FIX-UPSTREAM bsc#1092098 CVE-2018-1000301 curl-CVE-2018-1000301.patch Patch60: curl-CVE-2018-1000301.patch # PATCH-FIX-UPSTREAM bsc#1089533 curl-openssl-skip-trace-outputs.patch Patch61: curl-openssl-skip-trace-outputs.patch # PATCH-FIX-UPSTREAM bsc#1106019 CVE-2018-14618 - NTLM password overflow via integer overflow Patch62: curl-7.37.0-CVE-2018-14618.patch # PATCH-FIX-UPSTREAM bsc#1112758 CVE-2018-16840 use-after-free in handle close Patch63: curl-CVE-2018-16840.patch # PATCH-FIX-UPSTREAM bsc#1113660 CVE-2018-16842 Out-of-bounds Read Patch64: curl-7.37.0-CVE-2018-16842.patch # PATCH-FIX-UPSTREAM bsc#1123371 CVE-2018-16890 NTLM type-2 out-of-bounds buffer read Patch65: curl-CVE-2018-16890.patch # PATCH-FIX-UPSTREAM bsc#1123377 CVE-2019-3822 NTLMv2 type-3 header stack buffer overflow Patch66: curl-CVE-2019-3822.patch # PATCH-FIX-UPSTREAM bsc#1123378 CVE-2019-3823 SMTP end-of-response out-of-bounds read Patch67: curl-CVE-2019-3823.patch # PATCH-FIX-UPSTREAM bsc#1112758 CVE-2018-16839 SASL password overflow via integer overflow Patch68: curl-CVE-2018-16839.patch # PATCH-FIX-UPSTREAM bsc#1135170 CVE-2019-5436 heap buffer overflow in tftp_receive_packet Patch69: curl-CVE-2019-5436.patch # PATCH-FIX-UPSTREAM bsc#1149496 CVE-2019-5482 TFTP small blocksize heap buffer overflow Patch70: curl-CVE-2019-5482.patch # Use rpmbuild -D 'VERIFY_SIG 1' to verify signature during build or run one-shot check by "gpg-offline --verify --package=curl curl-*.asc". # PATCH-FIX-UPSTREAM bsc#1173027 CVE-2020-8177 Curl overwrites local files when using -J with -i Patch71: curl-CVE-2020-8177.patch # PATCH-FIX-UPSTREAM bsc#1175109 CVE-2020-8231 Wrong connect-only connection Patch72: curl-CVE-2020-8231.patch # PATCH-FIX-UPSTREAM bsc#1179398 CVE-2020-8284 Trusting FTP PASV responses Patch73: curl-CVE-2020-8284.patch # PATCH-FIX-UPSTREAM bsc#1179399 CVE-2020-8285 FTP wildcard stack overflow Patch74: curl-CVE-2020-8285.patch # PATCH-FIX-UPSTREAM bsc#1183933 CVE-2021-22876 Automatic referer leaks credentials Patch75: curl-CVE-2021-22876-URL-API.patch Patch76: curl-CVE-2021-22876.patch # PATCH-FIX-UPSTREAM bsc#1186114 CVE-2021-22898 TELNET stack contents disclosure Patch77: curl-CVE-2021-22898.patch # PATCH-FIX-UPSTREAM bsc#1188219 CVE-2021-22924 Bad connection reuse due to flawed path name checks Patch78: curl-CVE-2021-22924.patch # PATCH-FIX-UPSTREAM bsc#1188220 CVE-2021-22925 TELNET stack contents disclosure again Patch79: curl-CVE-2021-22925.patch # PATCH-FIX-UPSTREAM bsc#1190373 CVE-2021-22946 Protocol downgrade required TLS bypassed Patch80: curl-CVE-2021-22946.patch # PATCH-FIX-UPSTREAM bsc#1190374 CVE-2021-22947 STARTTLS protocol injection via MITM Patch81: curl-CVE-2021-22947.patch # PATCH-FIX-UPSTREAM [bsc#1198614, CVE-2022-22576] - OAUTH2 bearer bypass in connection re-use Patch82: curl-CVE-2022-22576.patch # # PATCH-FIX-UPSTREAM [bsc#1198766, CVE-2022-27776] - Auth/cookie leak on redirect Patch83: curl-CVE-2022-27776-strcasecompare.patch Patch84: curl-CVE-2022-27776.patch # [bsc#1199223, CVE-2022-27781] - CERTINFO never-ending busy-loop Patch85: curl-CVE-2022-27781.patch # [bsc#1199224, CVE-2022-27782] - TLS and SSH connection too eager reuse Patch86: curl-CVE-2022-27782.patch # [bsc#1200737, CVE-2022-32208] - FTP-KRB bad message verification Patch87: curl-CVE-2022-32208.patch #PATCH-FIX-UPSTREAM bsc#1202593 CVE-2022-35252 Reject cookies with control bytes Patch88: curl-CVE-2022-35252.patch #PATCH-FIX-UPSTREAM bsc#1204383 CVE-2022-32221 POST following PUT confusion Patch89: curl-CVE-2022-32221.patch #PATCH-FIX-UPSTREAM bsc#1206309 CVE-2022-43552 HTTP Proxy deny use-after-free Patch90: curl-CVE-2022-43552.patch #PATCH-FIX-UPSTREAM bsc#1209209 CVE-2023-27533 TELNET option IAC injection Patch91: curl-CVE-2023-27533-no-sscanf.patch Patch92: curl-CVE-2023-27533.patch #PATCH-FIX-UPSTREAM bsc#1209210 CVE-2023-27534 SFTP path ~ resolving discrepancy Patch93: curl-CVE-2023-27534.patch Patch94: curl-CVE-2023-27534-dynbuf.patch #PATCH-FIX-UPSTREAM bsc#1209211 CVE-2023-27535 FTP too eager connection reuse Patch95: curl-CVE-2023-27535.patch #PATCH-FIX-UPSTREAM bsc#1209212 CVE-2023-27536 GSS delegation too eager connection re-use Patch96: curl-CVE-2023-27536.patch #PATCH-FIX-UPSTREAM bsc#1209214 CVE-2023-27538 SSH connection too eager reuse still Patch97: curl-CVE-2023-27538.patch %if 0%{?VERIFY_SIG} BuildRequires: gpg-offline %endif BuildRequires: libidn-devel BuildRequires: libtool BuildRequires: lzma BuildRequires: openldap2-devel BuildRequires: pkg-config BuildRequires: zlib-devel %if %{with openssl} BuildRequires: openssl-devel %endif %if %{with mozilla_nss} BuildRequires: mozilla-nss-devel %endif BuildRequires: krb5-mini-devel BuildRequires: libssh2-devel #BuildRequires: openssh %if 0%{?_with_stunnel:1} # used by the testsuite BuildRequires: stunnel %endif BuildRoot: %{_tmppath}/%{name}-%{version}-build # bug437293 %ifarch ppc64 Obsoletes: curl-64bit %endif %description Curl is a client to get documents and files from or send documents to a server using any of the supported protocols (HTTP, HTTPS, FTP, FTPS, TFTP, DICT, TELNET, LDAP, or FILE). The command is designed to work without user interaction or any kind of interactivity. %package -n libcurl4 Summary: Version 4 of cURL shared library Group: Productivity/Networking/Web/Utilities %description -n libcurl4 The cURL shared library version 4 for accessing data using different network protocols. %package -n libcurl-devel Summary: A Tool for Transferring Data from URLs Group: Development/Libraries/C and C++ Requires: glibc-devel Requires: libcurl4 = %{version} # curl-devel (v 7.15.5) was last used in 10.2 Provides: curl-devel <= 7.15.5 Obsoletes: curl-devel < 7.16.2 %description -n libcurl-devel Curl is a client to get documents and files from or send documents to a server using any of the supported protocols (HTTP, HTTPS, FTP, GOPHER, DICT, TELNET, LDAP, or FILE). The command is designed to work without user interaction or any kind of interactivity. %prep %if 0%{?VERIFY_SIG} %gpg_verify %{S:2} %endif %setup -q %patch %patch1 %patch3 %patch6 -p1 %patch7 -p1 %patch8 -p1 %patch9 -p1 %patch10 -p1 %patch11 -p1 %patch12 -p1 %patch13 -p1 %patch14 -p1 %patch15 -p1 %patch16 -p1 %patch17 -p1 %patch18 -p1 %patch19 -p1 %patch20 -p1 %patch21 -p1 %patch22 -p1 %patch23 -p1 %patch24 -p1 %patch25 -p1 %patch26 -p1 %patch27 -p1 %patch28 -p1 %patch29 -p1 %patch32 -p1 %patch33 -p1 %patch40 -p1 %patch41 -p1 %patch42 -p1 %patch43 -p1 %patch44 -p1 %patch45 -p1 %patch46 -p1 %patch47 -p1 %patch48 -p1 %patch49 -p1 %patch50 -p1 %patch51 -p1 %patch52 -p1 %patch53 -p1 %patch54 -p1 %patch55 -p1 %patch56 -p1 %patch57 -p1 %patch58 -p1 %patch59 -p1 %patch60 -p1 %patch61 %patch62 -p1 %patch63 -p1 %patch64 -p1 %patch65 -p1 %patch66 -p1 %patch67 -p1 %patch68 -p1 %patch69 -p1 %patch70 -p1 %patch71 -p1 %patch72 -p1 %patch73 -p1 %patch74 -p1 %patch75 -p1 %patch76 -p1 %patch77 -p1 %patch78 -p1 %patch79 -p1 %patch80 -p1 %patch81 -p1 %patch82 -p1 %patch83 -p1 %patch84 -p1 %patch85 -p1 %patch86 -p1 %patch87 -p1 %patch88 -p1 %patch89 -p1 %patch90 -p1 %patch91 -p1 %patch92 -p1 %patch93 -p1 %patch94 -p1 %patch95 -p1 %patch96 -p1 %patch97 -p1 %build # curl complains if macro definition is contained in CFLAGS # see m4/xc-val-flgs.m4 CPPFLAGS="-D_FORTIFY_SOURCE=2" CFLAGS=$(echo $RPM_OPT_FLAGS | sed 's/-D_FORTIFY_SOURCE=2//') export CPPFLAGS CFLAGS autoreconf -fi # local hack to make curl-config --libs stop printing libraries it depends on # (currently, libtool sets link_all_deplibs=(yes|unknown) everywhere, # will hopefully change in the future) sed -i 's/link_all_deplibs=unknown/link_all_deplibs=no/' configure # Disable metalink [bsc#1188217, CVE-2021-22922][bsc#1188218, CVE-2021-22923] %configure \ --enable-ipv6 \ %if %{with openssl} --with-ssl \ --with-ca-path=/etc/ssl/certs/ \ %else --without-ssl \ %if %{with mozilla_nss} --with-nss \ %endif %endif --with-gssapi=/usr/lib/mit \ --with-libssh2\ --without-libmetalink \ --enable-hidden-symbols \ --disable-static \ --enable-threaded-resolver : if this fails, the above sed hack did not work ./libtool --config | grep -q link_all_deplibs=no # enable-hidden-symbols needs gcc4 and causes that curl exports only its API make %{?_smp_mflags} %if %{with testsuite} %check cd tests make # make sure the testsuite runs don't race on MP machines in autobuild if test -z "$BUILD_INCARNATION" -a -r /.buildenv; then . /.buildenv fi if test -z "$BUILD_INCARNATION"; then BUILD_INCARNATION=0 fi base=$((8990 + $BUILD_INCARNATION * 20)) # bug940009 do not run flaky tests for any architecture # at least test 1510 does fail for i586 and ppc64le perl ./runtests.pl -a -b$base '!flaky' || exit %endif %install %{makeinstall} rm $RPM_BUILD_ROOT%_libdir/libcurl.la install -d $RPM_BUILD_ROOT/usr/share/aclocal install -m 644 docs/libcurl/libcurl.m4 $RPM_BUILD_ROOT/usr/share/aclocal/ %post -n libcurl4 -p /sbin/ldconfig %postun -n libcurl4 -p /sbin/ldconfig %files %defattr(-,root,root) %doc README RELEASE-NOTES %doc docs/{BUGS,FAQ,FEATURES,MANUAL,RESOURCES,TODO,TheArtOfHttpScripting} %doc lib/README.curl_off_t %{_prefix}/bin/curl %doc %{_mandir}/man1/curl.1%{ext_man} %files -n libcurl4 %defattr(-,root,root) %{_libdir}/libcurl.so.4* %files -n libcurl-devel %defattr(-,root,root) %{_prefix}/bin/curl-config %{_prefix}/include/curl %dir %{_prefix}/share/aclocal %{_prefix}/share/aclocal/libcurl.m4 %{_libdir}/libcurl.so %{_libdir}/pkgconfig/libcurl.pc %{_mandir}/man1/curl-config.1%{ext_man} %{_mandir}/man3/* %doc docs/libcurl/symbols-in-versions %changelog
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor