Tests currently fail because Fedora 38 is archived. This bumps
the version to 42 and updates the expected content.
This will need updating again annually or so. It'd be safer to
use something that doesn't age out frequently instead.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
RHEL 10 does not provide the engine header at all. Also, restore
compatibility with earlier versions which do not have a separate subpackage
for the engine header.
The final /usr/bin/curl-config file had a comment like
"prefix=/usr # used in /usr/lib64" or "prefix=/usr # used in /usr/lib",
depending on the arch. This causes the following error on upgrades from f40
for people who have both libcurl-devel.i686 and libcurl-devel.x86_64
installed:
Transaction failed: Rpm transaction failed.
- file /usr/bin/curl-config conflicts between attempted installs of
libcurl-devel-8.9.1-2.fc41.i686 and libcurl-devel-8.9.1-2.fc41.x86_64
The comment is actually not useful at all after the variable is expanded,
since it's not clear what is meant by "used in /usr/lib64". Just drop it.
With this change, the packages are constinstallable again.
The %prep section is supposed to extract and possibly patch the sources. In
particular, the code provided by the package should not be called here, but
only in %build section. This keeps %prep quick and allows the code provided by
upstream to be inspected before running it.
Also drop space after the redirection operator to match the style elsewhere in
the spec file. Having symmetrical whitespace around the operator makes it look
like a binary operator, which it very much is not.
Added build condition for openssl_engine_support, true by default so as to
not change the resulting built package (yet)
- With openssl_engine_support true, BR: openssl-devel-engine
- With openssl_engine_support false, build with -DOPENSSL_NO_ENGINE
```
test 0313...[CRL test]
../libtool --mode=execute /usr/bin/valgrind --tool=memcheck --quiet
--leak-check=yes --suppressions=../../tests/valgrind.supp --num-callers=16
--log-file=log/valgrind313 ../src/curl --output log/curl313.out --include
--trace-ascii log/trace313 --trace-time --cacert
../../tests/certs/EdelCurlRoot-ca.crt --crlfile
../../tests/certs/Server-localhost-sv.crl https://localhost:37247/313 >
log/stdout313 2> log/stderr313
CMD (15360): ../libtool --mode=execute /usr/bin/valgrind --tool=memcheck
--quiet --leak-check=yes --suppressions=../../tests/valgrind.supp
--num-callers=16 --log-file=log/valgrind313 ../src/curl --output
log/curl313.out --include --trace-ascii log/trace313 --trace-time --cacert
../../tests/certs/EdelCurlRoot-ca.crt --crlfile
../../tests/certs/Server-localhost-sv.crl https://localhost:37247/313 >
log/stdout313 2> log/stderr313
valgrind ERROR ==89628== 1,795 (248 direct, 1,547 indirect) bytes in 1 blocks
are definitely lost in loss record 32 of 32
==89628== at 0x484280F: malloc (vg_replace_malloc.c:442)
==89628== by 0x4D71B20: CRYPTO_malloc (in /usr/lib64/libcrypto.so.3.2.1)
==89628== by 0x4D71BD4: CRYPTO_zalloc (in /usr/lib64/libcrypto.so.3.2.1)
==89628== by 0x4C67FD3: ??? (in /usr/lib64/libcrypto.so.3.2.1)
==89628== by 0x4C69B00: ??? (in /usr/lib64/libcrypto.so.3.2.1)
==89628== by 0x4C69E3F: ASN1_item_d2i_ex (in /usr/lib64/libcrypto.so.3.2.1)
==89628== by 0x4D944C0: PEM_ASN1_read_bio (in /usr/lib64/libcrypto.so.3.2.1)
==89628== by 0x4DD3C31: X509_load_crl_file (in
/usr/lib64/libcrypto.so.3.2.1)
==89628== by 0x48B6D48: UnknownInlinedFun (openssl.c:3284)
==89628== by 0x48B6D48: Curl_ssl_setup_x509_store (openssl.c:3437)
==89628== by 0x48B7445: ossl_bio_cf_in_read (openssl.c:776)
==89628== by 0x4C6DB32: ??? (in /usr/lib64/libcrypto.so.3.2.1)
==89628== by 0x4C71C16: ??? (in /usr/lib64/libcrypto.so.3.2.1)
==89628== by 0x4C71DAA: BIO_read (in /usr/lib64/libcrypto.so.3.2.1)
==89628== by 0x4B9BE92: ??? (in /usr/lib64/libssl.so.3.2.1)
==89628== by 0x4BA0B4A: ??? (in /usr/lib64/libssl.so.3.2.1)
==89628== by 0x4B9B099: ??? (in /usr/lib64/libssl.so.3.2.1)
==89628==
== Contents of files in the log/ dir after test 313
=== Start of file commands.log
../libtool --mode=execute /usr/bin/valgrind --tool=memcheck --quiet
--leak-check=yes --suppressions=../../tests/valgrind.supp --num-callers=16
--log-file=log/valgrind313 ../src/curl --output log/curl313.out --include
--trace-ascii log/trace313 --trace-time --cacert
../../tests/certs/EdelCurlRoot-ca.crt --crlfile
../../tests/certs/Server-localhost-sv.crl https://localhost:37247/313 >
log/stdout313 2> log/stderr313
=== End of file commands.log
```
Related: openssl #2263877
a
The reason for maintaining two separate packages for curl is no longer valid.
The curl-minimal is currently almost identical to curl-full, so let's drop curl-minimal.
Resolves: #2262096
... to ease maintenance and to avoid the following warning on Fedora
Rawhide:
```
warning: %patchN is deprecated (4 usages found), use %patch N (or %patch -P N)
```
It fails on x86_64 with:
```
Use --max-threads=INT to specify a larger number of threads
and rerun valgrind
valgrind: the 'impossible' happened:
Max number of threads is too low
host stacktrace:
==174357== at 0x58042F5A: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
==174357== by 0x58043087: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
==174357== by 0x580432EF: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
==174357== by 0x58043310: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
==174357== by 0x58099E77: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
==174357== by 0x580E67E9: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
==174357== by 0x5809D59D: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
==174357== by 0x5809901A: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
==174357== by 0x5809B0B6: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
==174357== by 0x580E4050: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
sched status:
running_tid=1
Thread 1: status = VgTs_Runnable syscall 56 (lwpid 174357)
==174357== at 0x4A07816: clone (in /usr/lib64/libc.so.6)
==174357== by 0x4A08720: __clone_internal (in /usr/lib64/libc.so.6)
==174357== by 0x4987ACF: create_thread (in /usr/lib64/libc.so.6)
==174357== by 0x49885F6: pthread_create@@GLIBC_2.34 (in /usr/lib64/libc.so.6)
==174357== by 0x1093B5: test.part.0 (lib3026.c:64)
==174357== by 0x492454F: (below main) (in /usr/lib64/libc.so.6)
client stack range: [0x1FFEFFC000 0x1FFF000FFF] client SP: 0x1FFEFFC998
valgrind stack range: [0x1002BAA000 0x1002CA9FFF] top usage: 11728 of 1048576
[...]
```
Resolves: CVE-2022-27782 - fix too eager reuse of TLS and SSH connections
Resolves: CVE-2022-27779 - do not accept cookies for TLD with trailing dot
Resolves: CVE-2022-27778 - do not remove wrong file on error
Resolves: CVE-2022-30115 - hsts: ignore trailing dots when comparing hosts names
Resolves: CVE-2022-27780 - reject percent-encoded path separator in URL host
curl-minimal has an automatically generated dependency on libcurl.so.4(), so it'd
pull in either libcurl or libcurl-minimal. Let's make the second one preferred.
$ sudo dnf install --releasever=rawhide --installroot=/var/tmp/f36-test --setopt install_weak_deps=False curl-minimal
...
Total download size: 21 M
Installed size: 64 M
$ sudo dnf install --releasever=rawhide --installroot=/var/tmp/f36-test --setopt install_weak_deps=False curl-minimal libcurl-minimal
...
Total download size: 18 M
Installed size: 57 M
As we made libcurl-minimal more minimal, it differs more from
libcurl-full and it should be tested separately. On the other
hand, the test-suite for libcurl-minimal runs faster now because
more tests are skipped.
