# Detect the distribution in use %global __despace head -n 1 | tr -d '[:space:]' | sed -e 's/[(].*[)]//g' %global __lower4 cut -c 1-4 | tr '[:upper:]' '[:lower:]' %global __distfile %([ -f /etc/SuSE-release ] && echo /etc/SuSE-release || echo /etc/redhat-release) %global __distinit %(sed -e 's/ release .*//' -e 's/\\([A-Za-z]\\)[^ ]*/\\1/g' %{__distfile} | %{__despace} | %{__lower4}) %global __distvers %(sed -e 's/.* release \\([^. ]*\\).*/\\1/' %{__distfile} | %{__despace}) # Identify CentOS Linux and Scientific Linux as rhel %if "%{__distinit}" == "c" || "%{__distinit}" == "cl" || "%{__distinit}" == "sl" || "%{__distinit}" == "sls" %global __distinit rhel %endif # Dist tag for Fedora is still "fc" %if "%{__distinit}" == "f" %global __distinit fc %endif # Set to 0 for regular curl package, 1 for libcurl compatibility package %global compat 1 # Use cert bundle in %%{_sysconfdir}/pki/tls/certs if available %global use_pki %(if [ -f %{_sysconfdir}/pki/tls/certs/ca-bundle.crt ]; then echo 1; else echo 0; fi) %if %{use_pki} %global cert_bundle %{_sysconfdir}/pki/tls/certs/ca-bundle.crt %else %global cert_bundle %{_datadir}/ssl/certs/ca-bundle.crt %endif # Figure out openldap version %global ldap_version %(readlink %{_libdir}/libldap.so | sed 's,.*libldap-\\([0-9.]*\\)\\.so\\..*,\\1,') Version: 7.11.2 Release: 25.cf.%{__distinit}%{__distvers} %if %{compat} Summary: Curl library for compatibility with old applications Name: libcurl%(echo %{version} | tr -d .) Group: System Environment/Libraries Obsoletes: compat-libcurl < %{version}-%{release} Provides: compat-libcurl = %{version}-%{release} %else Summary: Utility for getting files from remote servers (FTP, HTTP, and others) Name: curl Group: Applications/Internet %endif License: MIT URL: http://curl.haxx.se/ Source: http://curl.haxx.se/download/archeology/curl-%{version}.tar.gz Patch1: curl-7.10.4-path.patch Patch2: curl-7.11.2-proftpd.patch Patch3: curl-7.11.2-overfl.patch Patch4: curl-7.11.2-2005-3185.patch Patch5: curl-7.11.2-2005-4077.patch Patch8: curl-7.11.2-CVE-2009-0037.patch Patch9: http://curl.haxx.se/CVE-2009-2417/curl-7.11.0-CVE-2009-2417.patch Patch11: curl-7.11.2-bz563220.patch Patch100: curl-7.11.2-destdir.patch Patch101: http://curl.haxx.se/curl-gssapi-delegation.patch Patch102: curl-7.11.2-CVE-2011-3389.patch Patch103: curl-tailmatch.patch Patch104: libcurl-unescape.patch Patch105: curl-7.11.2-CVE-2014-0015.patch Patch300: curl-7.11.2-utf8.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(id -nu) BuildRequires: openldap-devel, openssl-devel, pkgconfig, zlib-devel, groff Requires: openssl, %{cert_bundle} %if ! %{compat} %description cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity. cURL offers many useful capabilities, like proxy support, user authentication, FTP upload, HTTP post, and file transfer resume. %package devel Group: Development/Libraries Requires: %{name} = %{version}-%{release}, openssl-devel Summary: Files needed for building applications with libcurl %description devel cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict servers, using any of the supported protocols. The curl-devel package includes files needed for developing applications which can use cURL's capabilities internally. %else %description This package provides an old version of cURL's libcurl library, necessary for some old applications that have not been rebuilt against an up to date version of cURL. %endif %prep %setup -q -n curl-%{version} # Fix certificate bundle install path %patch1 -p1 # Workaround for broken ProFTPD SSL auth (#134133) %patch2 -p1 # Fix multiple stack based buffer overflows in curl (CAN-2005-0490, #149322) %patch3 -p1 -b .over # Fix for user+domain name buffer overflow in NTLM code (CAN-2005-3185, #170682) %patch4 -p1 -b .CAN-2005-3185 # Fix libcurl URL buffer overflow (CVE-2005-4077, #175358) %patch5 -p1 -b .CVE-2005-4077 # Fix local file access via unsafe redirects (CVE-2009-0037, #485271) %patch8 -p1 -b .CVE-2009-0037 # Fix incorrect verification of SSL certificate with NUL in name (CVE-2009-2417) %patch9 -p0 -b .CVE-2009-2417 # Fix zlib-compression causing curl to pass more than CURL_MAX_WRITE_SIZE bytes # to write callback (CVE-2010-0734, #563220) %patch11 -p1 -b .bz563220 # Support DESTDIR-style install instead of %%makeinstall %patch100 -p1 -b .destdir # Fix libcurl inappropriate GSSAPI delegation (CVE-2011-2192) %patch101 -p1 -b .CVE-2011-2192 # Fix SSL CBC IV vulnerability with OpenSSL (CVE-2011-3389) %patch102 -p1 -b .CVE-2011-3389 # Fix cookie domain tailmatch vulnerability (CVE-2013-1944) %patch103 -p1 -b .CVE-2013-1944 # Fix libcurl URL decode buffer boundary flaw (CVE-2013-2174) %patch104 -p1 -b .CVE-2013-2174 # Fix NTLM connection re-use flaw (CVE-2014-0015) %patch105 -b .CVE-2014-0015 # Force the particular LDAP library version for a distribution # so that LDAP searches work without openldap-devel being installed. sed -i -e 's,libldap\.so,libldap-%{ldap_version}.so.0,' \ -e 's,liblber\.so,liblber-%{ldap_version}.so.0,' \ lib/ldap.c # Convert docs to UTF-8 %patch300 -p1 %build CPPFLAGS=`pkg-config --cflags openssl`; export CPPFLAGS LDFLAGS=`pkg-config --libs openssl`; export LDFLAGS [ -x /usr/kerberos/bin/krb5-config ] && KERBEROS=/kerberos %configure --with-ssl=/usr \ --enable-ipv6 \ --enable-manual \ --with-ca-bundle=%{cert_bundle} \ --with-gssapi=/usr${KERBEROS} \ --disable-static # Remove bogus rpath sed -i \ -e 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' \ -e 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool make %{_smp_mflags} %install rm -rf %{buildroot} make install DESTDIR=%{buildroot} INSTALL="install -p" %clean rm -rf %{buildroot} %post -p /sbin/ldconfig %postun -p /sbin/ldconfig %files %defattr(-,root,root,-) %doc CHANGES README* COPYING %doc docs/BUGS docs/FAQ docs/FEATURES docs/TODO %doc docs/MANUAL docs/RESOURCES docs/TheArtOfHttpScripting %if ! %{compat} %{_bindir}/curl %{_mandir}/man1/curl.1* %else %exclude %{_bindir}/curl %exclude %{_mandir}/man1/curl.1* %endif %{_libdir}/libcurl.so.* # don't need curl's copy of the certs; use openssl's %exclude %{cert_bundle} %if ! %{compat} %files devel %defattr(-,root,root,-) %doc docs/examples docs/INTERNALS docs/CONTRIBUTE %{_bindir}/curl-config %{_includedir}/curl %{_libdir}/*.so %{_mandir}/man1/curl-config.1* %{_mandir}/man3/* %else %exclude %{_bindir}/curl-config %exclude %{_includedir}/curl %exclude %{_libdir}/*.so %exclude %{_mandir}/man1/curl-config.1* %exclude %{_mandir}/man3/* %endif %exclude %{_libdir}/libcurl.la %changelog * Thu Jan 30 2014 Paul Howarth 7.11.2-25.cf - fix NTLM connection re-use flaw (CVE-2014-0015) * Mon Jun 24 2013 Paul Howarth 7.11.2-24.cf - fix cookie domain tailmatch vulnerability (CVE-2013-1944) - fix libcurl URL decode buffer boundary flaw (CVE-2013-2174) * Tue Jan 24 2012 Paul Howarth 7.11.2-23.cf - fix SSL CBC IV vulnerability (CVE-2011-3389) - use a patch rather than scripted iconv to fix character encoding * Fri Oct 14 2011 Paul Howarth 7.11.2-22.cf - fix dist tag for CentOS 6 and Scientific Linux * Thu Jun 23 2011 Paul Howarth 7.11.2-21.cf - fix libcurl inappropriate GSSAPI delegation (CVE-2011-2192) - nobody else likes macros for commands - use %%global in preference to %%define * Tue May 25 2010 Paul Howarth 7.11.2-20.cf - fix dist tag for RHEL-6 Beta * Wed Apr 7 2010 Paul Howarth 7.11.2-19.cf - fix zlib-compression causing curl to pass more than CURL_MAX_WRITE_SIZE bytes to write callback (CVE-2010-0734, #563220) - add workaround for broken ProFTPD SSL auth (#134133) - renumber patches as per RHEL4 package - handle move of kerberos installation prefix in krb5 >= 1.8 - enable built-in manual for non-compat build (requires buildreq groff) - comment patches in spec file * Sun Feb 21 2010 Paul Howarth 7.11.2-18.cf - dist tag for Rawhide no longer needs special-casing - update source URL to somewhere still valid * Tue Sep 1 2009 Paul Howarth 7.11.2-17.cf - rebuild for openssl 1.0 in Rawhide * Wed Aug 19 2009 Paul Howarth 7.11.2-16.cf - fix CVE-2009-2417 (incorrect verification of SSL certificate with NUL in name) - remake patches on FC2 (autoconf 2.59 / automake 1.8.3 / libtool 1.5.6) to avoid the need to run autotools during package build - drop buildreqs automake and libtool * Thu Mar 5 2009 Paul Howarth 7.11.2-15.cf - add patch for CVE-2009-0037 (#485271), local file access via unsafe redirects - add patch to support DESTDIR-style install instead of %%makeinstall - use a different libtool hack to avoid bogus rpaths, works on RHEL3 too - don't create/ship static libraries (#225671) - honour %%{_smp_mflags} - try to preserve timestamps where possible by using install -p - update to SLES-compatible dist tag macros * Fri Dec 7 2007 Paul Howarth 7.11.2-14.CF - rebuild for new openldap/openssl in Rawhide - convert docs to UTF-8 - move docs/CONTRIBUTE to devel package * Thu Mar 22 2007 Paul Howarth 7.11.2-13.CF - fix dist tag for Fedora 7 onwards - buildreq openldap for LDAP support - fix LDAP library version requirements so that openldap-devel isn't needed at runtime - use versioned obsolete for compat-libcurl * Thu Sep 14 2006 Paul Howarth 7.11.2-12.CF - fix distribution tag for development releases * Wed Aug 16 2006 Paul Howarth 7.11.2-11.CF - fix distribution tag for CentOS and WhiteBox builds - define %%{__id_u} in a more portable way - convert spec to UTF-8 encoding - add buildreq zlib-devel (needed for RHL9) * Wed Dec 14 2005 Paul Howarth 7.11.2-10.cf - updated fix for CVE-2005-4077 patch; previous version was not sufficient (#175358) * Wed Dec 7 2005 Paul Howarth 7.11.2-9.cf - security fix: libcurl URL Buffer Overflow (CVE-2005-4077) http://curl.haxx.se/docs/adv_20051207.html - remove buildroot unconditionally in %%clean and %%install - simplify distribution detection * Fri Oct 14 2005 Paul Howarth 7.11.2-8.cf - compat package renamed to libcurlVERSION for forward compatibility when a new soname is used in upstream curl, so that multiple versions of the libcurl library can be installed in parallel - don't use %%{_bindir} in command paths, use /usr/bin explicitly - spec file cleanup - remove INSTALL from docs - enable GSSAPI auth (#129353) - backport fix for CAN-2005-3185 user+domain name buffer overflow in the NTLM code (#170682) from 7.15.0 * Mon Sep 5 2005 Paul Howarth 7.11.2-7.cf - build fully distro-specific packages to avoid dependency issues * Wed Jul 27 2005 Paul Howarth 7.11.2-6 - different summary, group, and description in compat mode - use the correct cert bundle location for FC4 - use exclude in the file lists rather than deleting files from the buildroot - add explicit requirement for the CA bundle file - license is MIT, not MPL * Thu Jun 30 2005 Paul Howarth 7.11.2-5 - enable building with dist tag if required: e.g. $ rpmbuild --define "dist .fc4" ... * Wed Apr 20 2005 Paul Howarth 7.11.2-4 - update fix for CAN-2005-0490 to cover kerberos authentication problem too (#149323) - further tidying of spec file * Fri Feb 25 2005 Paul Howarth 7.11.2-3 - fix for CAN-2005-0490 * Wed Oct 6 2004 Paul Howarth 7.11.2-2 - include facility to build compat-libcurl package containing only the library - remove certaltname patch completely - include COPYING - general tidy-up of spec file * Tue Apr 27 2004 Paul Howarth 7.11.2-1 - update to 7.11.2 - remove parts of curl-7.10.6-certaltname.patch that fix no-longer-applicable cosmetic issues and rename to curl-7.11.2-certaltname.patch * Mon Mar 22 2004 Paul Howarth 7.11.1-1 - update to 7.11.1 - remove no-longer-applicable curl-7.10.4-nousr.patch * Fri Jan 23 2004 Paul Howarth 7.11.0-1 - update to 7.11.0 * Wed Oct 15 2003 Adrian Havill 7.10.6-7 - aclocal before libtoolize - move OpenLDAP license so it's present as a doc file, present in both the source and binary as per conditions * Mon Oct 13 2003 Adrian Havill 7.10.6-6 - add OpenLDAP copyright notice for usage of code, add OpenLDAP license for this code * Tue Oct 07 2003 Adrian Havill 7.10.6-5 - match serverAltName certs with SSL (#106168) * Tue Sep 16 2003 Adrian Havill 7.10.6-4.1 - bump n-v-r for RHEL * Tue Sep 16 2003 Adrian Havill 7.10.6-4 - restore ca cert bundle (#104400) - require openssl, we want to use its ca-cert bundle * Sun Sep 7 2003 Joe Orton 7.10.6-3 - rebuild * Fri Sep 5 2003 Joe Orton 7.10.6-2.2 - fix to include libcurl.so * Mon Aug 25 2003 Adrian Havill 7.10.6-2.1 - bump n-v-r for RHEL * Mon Aug 25 2003 Adrian Havill 7.10.6-2 - devel subpkg needs openssl-devel as a Require (#102963) * Mon Jul 28 2003 Adrian Havill 7.10.6-1 - bumped version * Tue Jul 01 2003 Adrian Havill 7.10.5-1 - bumped version * Wed Jun 04 2003 Elliot Lee - rebuilt * Sat Apr 12 2003 Florian La Roche - update to 7.10.4 - adapt nousr patch * Wed Jan 22 2003 Tim Powers - rebuilt * Tue Jan 21 2003 Joe Orton 7.9.8-4 - don't add -L/usr/lib to 'curl-config --libs' output * Tue Jan 7 2003 Nalin Dahyabhai 7.9.8-3 - rebuild * Wed Nov 6 2002 Joe Orton 7.9.8-2 - fix `curl-config --libs` output for libdir!=/usr/lib - remove docs/LIBCURL from docs list; remove unpackaged libcurl.la - libtoolize and reconf * Mon Jul 22 2002 Trond Eivind Glomsrød 7.9.8-1 - 7.9.8 (# 69473) * Fri Jun 21 2002 Tim Powers - automated rebuild * Sun May 26 2002 Tim Powers - automated rebuild * Thu May 16 2002 Trond Eivind Glomsrød 7.9.7-1 - 7.9.7 * Wed Apr 24 2002 Trond Eivind Glomsrød 7.9.6-1 - 7.9.6 * Thu Mar 21 2002 Trond Eivind Glomsrød 7.9.5-2 - Stop the curl-config script from printing -I/usr/include and -L/usr/lib (#59497) * Fri Mar 8 2002 Trond Eivind Glomsrød 7.9.5-1 - 7.9.5 * Tue Feb 26 2002 Trond Eivind Glomsrød 7.9.3-2 - Rebuild * Wed Jan 23 2002 Nalin Dahyabhai 7.9.3-1 - update to 7.9.3 * Wed Jan 09 2002 Tim Powers 7.9.2-2 - automated rebuild * Wed Jan 9 2002 Trond Eivind Glomsrød 7.9.2-1 - 7.9.2 * Fri Aug 17 2001 Nalin Dahyabhai - include curl-config in curl-devel - update to 7.8 to fix memory leak and strlcat() symbol pollution from libcurl * Wed Jul 18 2001 Crutcher Dunnavant - added openssl-devel build req * Mon May 21 2001 Tim Powers - built for the distro * Tue Apr 24 2001 Jeff Johnson - upgrade to curl-7.7.2. - enable IPv6. * Fri Mar 2 2001 Tim Powers - rebuilt against openssl-0.9.6-1 * Thu Jan 4 2001 Tim Powers - fixed mising ldconfigs - updated to 7.5.2, bug fixes * Mon Dec 11 2000 Tim Powers - updated to 7.5.1 * Mon Nov 6 2000 Tim Powers - update to 7.4.1 to fix bug #20337, problems with curl -c - not using patch anymore, it's included in the new source. Keeping for reference * Fri Oct 20 2000 Nalin Dahyabhai - fix bogus req in -devel package * Fri Oct 20 2000 Tim Powers - devel package needed defattr so that root owns the files * Mon Oct 16 2000 Nalin Dahyabhai - update to 7.3 - apply vsprintf/vsnprintf patch from Colin Phipps via Debian * Mon Aug 21 2000 Nalin Dahyabhai - enable SSL support - fix packager tag - move buildroot to %%{_tmppath} * Tue Aug 1 2000 Tim Powers - fixed vendor tag for bug #15028 * Mon Jul 24 2000 Prospector - rebuilt * Tue Jul 11 2000 Tim Powers - workaround alpha build problems with optimizations * Mon Jul 10 2000 Tim Powers - rebuilt * Mon Jun 5 2000 Tim Powers - put man pages in correct place - use %%makeinstall * Mon Apr 24 2000 Tim Powers - updated to 6.5.2 * Wed Nov 3 1999 Tim Powers - updated sources to 6.2 - gzip man page * Mon Aug 30 1999 Tim Powers - changed group * Thu Aug 26 1999 Tim Powers - changelog started - general cleanups, changed prefix to /usr, added manpage to files section - including in Powertools