diff --git a/curl.spec b/curl.spec index 22bac0a..73720e9 100644 --- a/curl.spec +++ b/curl.spec @@ -28,10 +28,11 @@ BuildRequires: libpsl-devel BuildRequires: libssh-devel BuildRequires: libtool BuildRequires: make +BuildRequires: nss-devel BuildRequires: openldap-devel BuildRequires: openssh-clients BuildRequires: openssh-server -BuildRequires: openssl-devel +BuildRequires: openssl BuildRequires: perl-interpreter BuildRequires: pkgconfig BuildRequires: python-unversioned-command @@ -106,11 +107,6 @@ Requires: libcurl%{?_isa} >= %{version}-%{release} # to ensure that we have the necessary symbols available (#525002, #642796) %global libssh_version %(pkg-config --modversion libssh 2>/dev/null || echo 0) -# require at least the version of openssl-libs that we were built against, -# to ensure that we have the necessary symbols available (#1462184, #1462211) -# (we need to translate 3.0.0-alpha16 -> 3.0.0-0.alpha16 and 3.0.0-beta1 -> 3.0.0-0.beta1 though) -%global openssl_version %({ pkg-config --modversion openssl 2>/dev/null || echo 0;} | sed 's|-|-0.|') - %description curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, @@ -123,10 +119,13 @@ resume, proxy tunneling and a busload of other useful tricks. Summary: A library for getting files from web servers Requires: libpsl%{?_isa} >= %{libpsl_version} Requires: libssh%{?_isa} >= %{libssh_version} -Requires: openssl-libs%{?_isa} >= 1:%{openssl_version} Provides: libcurl-full = %{version}-%{release} Provides: libcurl-full%{?_isa} = %{version}-%{release} +# libnsspem.so is no longer included in the nss package (#1347336) +BuildRequires: nss-pem +Requires: nss-pem%{?_isa} + %description -n libcurl libcurl is a free and easy-to-use client-side URL transfer library, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, @@ -166,7 +165,6 @@ be installed. %package -n libcurl-minimal Summary: Conservatively configured build of libcurl for minimal installations -Requires: openssl-libs%{?_isa} >= 1:%{openssl_version} Provides: libcurl = %{version}-%{release} Provides: libcurl%{?_isa} = %{version}-%{release} Conflicts: libcurl%{?_isa} @@ -174,6 +172,9 @@ RemovePathPostfixes: .minimal # needed for RemovePathPostfixes to work with shared libraries %undefine __brp_ldconfig +# libnsspem.so is no longer included in the nss package (#1347336) +Requires: nss-pem%{?_isa} + %description -n libcurl-minimal This is a replacement of the 'libcurl' package for minimal installations. It comes with a limited set of features compared to the 'libcurl' package. On the @@ -247,7 +248,7 @@ export common_configure_opts=" \ --with-gssapi \ --with-libidn2 \ --with-nghttp2 \ - --with-ssl --with-ca-bundle=%{_sysconfdir}/pki/tls/certs/ca-bundle.crt" + --without-ssl --with-nss-deprecated --without-ca-bundle" %global _configure ../configure @@ -411,6 +412,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +* Thu Jun 23 2022 Kamil Dudka - 7.83.1-1.1 +- switch the TLS backend back to NSS (#1445153) + * Wed May 11 2022 Kamil Dudka - 7.83.1-1 - new upstream release, which fixes the following vulnerabilities CVE-2022-27782 - fix too eager reuse of TLS and SSH connections