$ git diff --patch-with-stat --summary 9a4564d96e15f9a449cd163d12a6a68735e8d98b..ea0de711d4dcdecfaff2057b6258211ed3f9396f
.abf.yml | 2 +-
check-update.sh | 2 ++
curl.spec | 96 +++++++++++++++++++++++++++++++++++++++++++-------
libcurl-ocloexec.patch | 68 +++++++++++++++++++----------------
4 files changed, 124 insertions(+), 44 deletions(-)
create mode 100755 check-update.sh
diff --git a/.abf.yml b/.abf.yml
index 9e099d0..7b65999 100644
--- a/.abf.yml
+++ b/.abf.yml
@@ -1,2 +1,2 @@
sources:
- curl-7.85.0.tar.xz: 5c1940ff51f6b2137b91ffe672b70d4491a23ea6
+ curl-8.0.1.tar.xz: d7defa8834e240de87ba70abf8c3c7dec61651f9
diff --git a/check-update.sh b/check-update.sh
new file mode 100755
index 0000000..f729b6c
--- /dev/null
+++ b/check-update.sh
@@ -0,0 +1,2 @@
+#!/bin/sh
+curl https://curl.se/ 2>/dev/null |grep 'most recent stable version' |sed -e 's,.*<b>,,;s,</b>.*,,'
diff --git a/curl.spec b/curl.spec
index 26abb30..ad220e2 100644
--- a/curl.spec
+++ b/curl.spec
@@ -1,4 +1,4 @@
-# curl is used by systemd, libsystemd is used by wine
+# curl is used by steam
# We don't need all the different crypto providers for the 32bit
# builds though - one will do.
# Let's go with openssl because it's the most common.
@@ -8,6 +8,8 @@
%bcond_with compat32
%endif
+%global optflags %{optflags} -Oz
+
%define major 4
%define libname %mklibname %{name}
%define gnutlsname %mklibname %{name}-gnutls
@@ -21,16 +23,32 @@
%define lib32name libcurl%{major}
%define dev32name libcurl-devel
+%bcond_without openssl
+%bcond_without gnutls
+%bcond_without mbedtls
+
+%global ssl_implementations %{nil}
+%if %{with mbedtls}
+%global ssl_implementations %{ssl_implementations} mbedtls
+%endif
+%if %{with gnutls}
+%global ssl_implementations %{ssl_implementations} gnutls
+%endif
+%if %{with openssl}
+%global ssl_implementations %{ssl_implementations} openssl
+%endif
+
Summary: Gets a file from a FTP, GOPHER or HTTP server
Name: curl
-Version: 7.85.0
+Version: 8.0.1
Release: 1
License: BSD-like
Group: Networking/Other
Url: http://curl.haxx.se
Source0: http://curl.haxx.se/download/%{name}-%{version}.tar.xz
# (tpg) patches from OpenSuse
-Patch0: libcurl-ocloexec.patch
+# (tpg) temp disable it unless Suse will publish new version of this patch
+# Patch0: libcurl-ocloexec.patch
Patch1: dont-mess-with-rpmoptflags.diff
# (tpg) from Debian
Patch2: 04_workaround_as_needed_bug.patch
@@ -38,6 +56,7 @@ Patch4: %{name}-7.26.0-multilib.patch
# Try to be binary compatible with ancient versions
# used by non-free games such as Civilization Beyond Earth
Patch5: curl-7.66.0-CURL_GNUTLS_3.patch
+
BuildRequires: groff-base
BuildRequires: stunnel
BuildRequires: patchelf
@@ -51,7 +70,7 @@ BuildRequires: pkgconfig(nettle)
BuildRequires: mbedtls-devel
BuildRequires: pkgconfig(zlib)
BuildRequires: pkgconfig(libidn2)
-BuildRequires: pkgconfig(libssh2)
+BuildRequires: pkgconfig(libssh)
BuildRequires: pkgconfig(ext2fs)
BuildRequires: pkgconfig(libzstd)
BuildRequires: pkgconfig(libnghttp2)
@@ -60,7 +79,7 @@ BuildRequires: cmake
BuildRequires: ninja
Provides: webfetch
%if %{with compat32}
-BuildRequires: libc6
+BuildRequires: libc6
BuildRequires: devel(libz)
BuildRequires: devel(libidn2)
BuildRequires: devel(libssl)
@@ -243,9 +262,9 @@ autoreconf -fiv
export CONFIGURE_TOP=$(pwd)
-EXTRA_CONFIG_openssl="--with-ssl --without-gnutls --without-mbedtls"
-EXTRA_CONFIG_gnutls="--without-ssl --with-gnutls --without-mbedtls"
-EXTRA_CONFIG_mbedtls="--without-ssl --without-gnutls --with-mbedtls"
+EXTRA_CONFIG_openssl="--with-openssl --without-gnutls --without-mbedtls"
+EXTRA_CONFIG_gnutls="--without-openssl --with-gnutls --without-mbedtls"
+EXTRA_CONFIG_mbedtls="--without-openssl --without-gnutls --with-mbedtls"
%if %{with compat32}
mkdir build32-openssl
@@ -257,7 +276,7 @@ cd build32-openssl
--enable-hidden-symbols \
--enable-versioned-symbols \
--enable-threaded-resolver \
- --enable-optimize \
+ --disable-optimize \
--enable-nonblocking \
--enable-thread \
--enable-crypto-auth \
@@ -265,12 +284,13 @@ cd build32-openssl
--enable-ipv6 \
--without-brotli \
--without-zstd \
+ --disable-curldebug \
$EXTRA_CONFIG_openssl
%make_build
cd ..
%endif
-for ssl in openssl gnutls mbedtls; do
+for ssl in %{ssl_implementations}; do
mkdir build-$ssl
cd build-$ssl
%configure \
@@ -279,7 +299,7 @@ for ssl in openssl gnutls mbedtls; do
--with-lber-lib=lber \
--with-libidn2 \
--with-nghttp2 \
- --with-libssh2 \
+ --with-libssh \
--with-random='/dev/urandom' \
--enable-hidden-symbols \
--enable-versioned-symbols \
@@ -293,6 +313,7 @@ for ssl in openssl gnutls mbedtls; do
--with-gssapi=%{_prefix} \
--with-zstd \
--disable-ares \
+ --disable-curldebug \
$(eval echo \${EXTRA_CONFIG_$ssl})
%make_build
cd ..
@@ -321,11 +342,18 @@ rm -r docs/examples/.deps ||:
# to cmake for the main build
%ninja_install -C build-cmake
+# Try to be compatible with the legacy FindCURL.cmake file used
+# by a number of projects out there...
+cat >>%{buildroot}%{_libdir}/cmake/CURL/CURLTargets.cmake <<'EOF'
+set(CURL_LIBRARY "-lcurl")
+set(CURL_LIBRARIES "-lcurl")
+EOF
+
%if %{with compat32}
%make_install -C build32-openssl
%endif
-for ssl in mbedtls gnutls openssl; do
+for ssl in %{ssl_implementations}; do
%make_install -C build-$ssl
if [ "$ssl" != "openssl" ]; then
pushd %{buildroot}%{_libdir}
@@ -355,6 +383,36 @@ rm -f %{buildroot}%{_mandir}/man1/mk-ca-bundle.1*
# Does anyone actually use fish?
rm -rf %{buildroot}%{_datadir}/fish
+# (tpg) strip LTO from "LLVM IR bitcode" files
+check_convert_bitcode() {
+ printf '%s\n' "Checking for LLVM IR bitcode"
+ llvm_file_name=$(realpath ${1})
+ llvm_file_type=$(file ${llvm_file_name})
+
+ if printf '%s\n' "${llvm_file_type}" | grep -q "LLVM IR bitcode"; then
+# recompile without LTO
+ clang %{optflags} -fno-lto -Wno-unused-command-line-argument -x ir ${llvm_file_name} -c -o ${llvm_file_name}
+ elif printf '%s\n' "${llvm_file_type}" | grep -q "current ar archive"; then
+ printf '%s\n' "Unpacking ar archive ${llvm_file_name} to check for LLVM bitcode components."
+# create archive stage for objects
+ archive_stage=$(mktemp -d)
+ archive=${llvm_file_name}
+ cd ${archive_stage}
+ ar x ${archive}
+ for archived_file in $(find -not -type d); do
+ check_convert_bitcode ${archived_file}
+ printf '%s\n' "Repacking ${archived_file} into ${archive}."
+ ar r ${archive} ${archived_file}
+ done
+ ranlib ${archive}
+ cd ..
+ fi
+}
+
+for i in $(find %{buildroot} -type f -name "*.[ao]"); do
+ check_convert_bitcode ${i}
+done
+
%files
%{_bindir}/curl
%doc %{_mandir}/man1/curl.1*
@@ -362,11 +420,15 @@ rm -rf %{buildroot}%{_datadir}/fish
%files -n %{libname}
%{_libdir}/libcurl.so.%{major}*
+%if %{with gnutls}
%files -n %{gnutlsname}
%{_libdir}/libcurl-gnutls.so.%{major}*
+%endif
+%if %{with mbedtls}
%files -n %{mbedtlsname}
%{_libdir}/libcurl-mbedtls.so.%{major}*
+%endif
%files -n %{devname}
%doc docs/KNOWN_BUGS docs/FAQ CHANGES
@@ -380,28 +442,38 @@ rm -rf %{buildroot}%{_datadir}/fish
%doc %{_mandir}/man1/curl-config.1*
%doc %{_mandir}/man3/*
+%if %{with gnutls}
%files -n %{gnutlsdev}
%{_libdir}/libcurl-gnutls.so
%{_libdir}/pkgconfig/libcurl-gnutls.pc
+%endif
+%if %{with mbedtls}
%files -n %{mbedtlsdev}
%{_libdir}/libcurl-mbedtls.so
%{_libdir}/pkgconfig/libcurl-mbedtls.pc
+%endif
%files -n %{devstatic}
%{_libdir}/libcurl.a
+%if %{with gnutls}
%files -n %{gnutlsstatic}
%{_libdir}/libcurl-gnutls.a
+%endif
+%if %{with mbedtls}
%files -n %{mbedtlsstatic}
%{_libdir}/libcurl-mbedtls.a
+%endif
%files examples
%doc docs/examples
+%if ! %{cross_compiling}
%files -n zsh-curl
%{_datadir}/zsh/site-functions/_curl
+%endif
%if %{with compat32}
%files -n %{lib32name}
diff --git a/libcurl-ocloexec.patch b/libcurl-ocloexec.patch
index fac2812..8e79550 100644
--- a/libcurl-ocloexec.patch
+++ b/libcurl-ocloexec.patch
@@ -1,7 +1,15 @@
-diff -up curl-7.85.0/configure.ac.1~ curl-7.85.0/configure.ac
---- curl-7.85.0/configure.ac.1~ 2022-08-30 18:19:21.000000000 +0200
-+++ curl-7.85.0/configure.ac 2022-09-28 00:16:02.171182410 +0200
-@@ -335,6 +335,8 @@ AC_DEFINE_UNQUOTED(OS, "${host}", [cpu-m
+Open library file descriptors with O_CLOEXEC
+This patch is non-portable, it needs linux 2.6.23 and glibc 2.7
+or later, different combinations (old linux, new glibc and vice-versa)
+will result in a crash.
+
+To make it portable you have to test O_CLOEXEC support at *runtime*
+compile time is not enough.
+
+diff -up curl-7.88.0/configure.ac.1~ curl-7.88.0/configure.ac
+--- curl-7.88.0/configure.ac.1~ 2023-02-13 08:37:04.000000000 +0100
++++ curl-7.88.0/configure.ac 2023-02-16 19:32:23.678898642 +0100
+@@ -420,6 +420,8 @@ AC_DEFINE_UNQUOTED(OS, "${host}", [cpu-m
# Silence warning: ar: 'u' modifier ignored since 'D' is the default
AC_SUBST(AR_FLAGS, [cr])
@@ -10,24 +18,23 @@ diff -up curl-7.85.0/configure.ac.1~ curl-7.85.0/configure.ac
dnl This defines _ALL_SOURCE for AIX
CURL_CHECK_AIX_ALL_SOURCE
-diff -up curl-7.85.0/lib/connect.c.1~ curl-7.85.0/lib/connect.c
---- curl-7.85.0/lib/connect.c.1~ 2022-08-30 18:19:21.000000000 +0200
-+++ curl-7.85.0/lib/connect.c 2022-09-28 00:16:02.170182405 +0200
-@@ -1651,7 +1651,9 @@ CURLcode Curl_socket(struct Curl_easy *d
+diff -up curl-7.88.0/lib/cf-socket.c.1~ curl-7.88.0/lib/cf-socket.c
+--- curl-7.88.0/lib/cf-socket.c.1~ 2023-02-16 20:37:32.197007015 +0100
++++ curl-7.88.0/lib/cf-socket.c 2023-02-16 20:38:09.996317733 +0100
+@@ -252,7 +252,7 @@ static CURLcode socket_open(struct Curl_
}
- else
+ else {
/* opensocket callback not set, so simply create the socket now */
- *sockfd = socket(addr->family, addr->socktype, addr->protocol);
-+ *sockfd = socket(addr->family,
-+ addr->socktype|SOCK_CLOEXEC,
-+ addr->protocol);
-
- if(*sockfd == CURL_SOCKET_BAD)
- /* no socket, no connection */
-diff -up curl-7.85.0/lib/file.c.1~ curl-7.85.0/lib/file.c
---- curl-7.85.0/lib/file.c.1~ 2022-08-30 18:19:21.000000000 +0200
-+++ curl-7.85.0/lib/file.c 2022-09-28 00:18:05.118792686 +0200
-@@ -222,7 +222,7 @@ static CURLcode file_connect(struct Curl
++ *sockfd = socket(addr->family, addr->socktype|SOCK_CLOEXEC, addr->protocol);
+ if(!*sockfd && addr->socktype == SOCK_DGRAM) {
+ /* This is icky and seems, at least, to happen on macOS:
+ * we get sockfd == 0 and if called again, we get a valid one > 0.
+diff -up curl-7.88.0/lib/connect.c.1~ curl-7.88.0/lib/connect.c
+diff -up curl-7.88.0/lib/file.c.1~ curl-7.88.0/lib/file.c
+--- curl-7.88.0/lib/file.c.1~ 2023-02-13 08:37:04.000000000 +0100
++++ curl-7.88.0/lib/file.c 2023-02-16 19:32:23.677898632 +0100
+@@ -232,7 +232,7 @@ static CURLcode file_connect(struct Curl
}
}
#else
@@ -36,7 +43,7 @@ diff -up curl-7.85.0/lib/file.c.1~ curl-7.85.0/lib/file.c
file->path = real_path;
#endif
#endif
-@@ -307,7 +307,7 @@ static CURLcode file_upload(struct Curl_
+@@ -318,7 +318,7 @@ static CURLcode file_upload(struct Curl_
else
mode = MODE_DEFAULT|O_TRUNC;
@@ -45,19 +52,18 @@ diff -up curl-7.85.0/lib/file.c.1~ curl-7.85.0/lib/file.c
if(fd < 0) {
failf(data, "Can't open %s for writing", file->path);
return CURLE_WRITE_ERROR;
-diff -up curl-7.85.0/lib/hostip.c.1~ curl-7.85.0/lib/hostip.c
---- curl-7.85.0/lib/hostip.c.1~ 2022-08-30 18:19:21.000000000 +0200
-+++ curl-7.85.0/lib/hostip.c 2022-09-28 00:16:02.171182410 +0200
-@@ -51,7 +51,7 @@
- #ifdef HAVE_PROCESS_H
- #include <process.h>
+diff -up curl-7.88.0/lib/hostip.c.1~ curl-7.88.0/lib/hostip.c
+--- curl-7.88.0/lib/hostip.c.1~ 2023-02-13 08:37:04.000000000 +0100
++++ curl-7.88.0/lib/hostip.c 2023-02-16 19:32:23.679898652 +0100
+@@ -48,6 +48,7 @@
+ #include <signal.h>
#endif
--
+
+#include <fcntl.h>
#include "urldata.h"
#include "sendf.h"
#include "hostip.h"
-@@ -551,7 +551,7 @@ bool Curl_ipv6works(struct Curl_easy *da
+@@ -576,7 +577,7 @@ bool Curl_ipv6works(struct Curl_easy *da
else {
int ipv6_works = -1;
/* probe to see if we have a working IPv6 stack */
@@ -66,9 +72,9 @@ diff -up curl-7.85.0/lib/hostip.c.1~ curl-7.85.0/lib/hostip.c
if(s == CURL_SOCKET_BAD)
/* an IPv6 address was requested but we can't get/use one */
ipv6_works = 0;
-diff -up curl-7.85.0/lib/if2ip.c.1~ curl-7.85.0/lib/if2ip.c
---- curl-7.85.0/lib/if2ip.c.1~ 2022-08-13 18:50:57.000000000 +0200
-+++ curl-7.85.0/lib/if2ip.c 2022-09-28 00:16:02.170182405 +0200
+diff -up curl-7.88.0/lib/if2ip.c.1~ curl-7.88.0/lib/if2ip.c
+--- curl-7.88.0/lib/if2ip.c.1~ 2023-02-13 08:37:04.000000000 +0100
++++ curl-7.88.0/lib/if2ip.c 2023-02-16 19:32:23.677898632 +0100
@@ -206,7 +206,7 @@ if2ip_result_t Curl_if2ip(int af,
if(len >= sizeof(req.ifr_name))
return IF2IP_NOT_FOUND;