%{?scl:%scl_package nghttp2}
%{!?scl:%global pkg_name %{name}}

Summary: Meta-package that only requires libnghttp2
Name: %{?scl_prefix}nghttp2
Version: 1.7.1
Release: 8%{?dist}
License: MIT
Group: Applications/Internet
URL: https://nghttp2.org/
Source0: https://github.com/tatsuhiro-t/nghttp2/releases/download/v%{version}/nghttp2-%{version}.tar.xz
Patch0: nghttp2-1.7.0-httpd24.patch
Patch1: nghttp2-1.7.1-CVE-2019-9511-and-CVE-2019-9513.patch

BuildRequires: CUnit-devel
BuildRequires: openssl-devel
BuildRequires: zlib-devel
%{?scl:BuildRequires: %{scl}-runtime}

Requires: %{?scl_prefix}libnghttp2%{?_isa} = %{version}-%{release}

%description
This package installs no files.  It only requires the %{?scl_prefix}libnghttp2 package.


%package -n %{?scl_prefix}libnghttp2
Summary: A library implementing the HTTP/2 protocol
Group: Development/Libraries
%{?scl:Requires: %scl_runtime}

%description -n %{?scl_prefix}libnghttp2
libnghttp2 is a library implementing the Hypertext Transfer Protocol
version 2 (HTTP/2) protocol in C.


%package -n %{?scl_prefix}libnghttp2-devel
Summary: Files needed for building applications with libnghttp2
Group: Development/Libraries
Requires: %{?scl_prefix}libnghttp2%{?_isa} = %{version}-%{release}
Requires: pkgconfig

%description -n %{?scl_prefix}libnghttp2-devel
The libnghttp2-devel package includes libraries and header files needed
for building applications with libnghttp2.


%prep
%setup -q -n %{pkg_name}-%{version}

%patch0 -p1 -b .httpd24
%patch1 -p1 -b .CVE-2019-9511-and-CVE-2019-9513

%build
%{?scl:scl enable %{scl} - << \EOF}

%configure                                  \
    --disable-python-bindings               \
    --disable-static                        \
    --without-libxml2                       \
    --without-spdylay                       \
    --disable-app                           \
    --disable-examples

# avoid using rpath
sed -i libtool                              \
    -e 's/^runpath_var=.*/runpath_var=/'    \
    -e 's/^hardcode_libdir_flag_spec=".*"$/hardcode_libdir_flag_spec=""/'

make %{?_smp_mflags} V=1
%{?scl:EOF}


%install
%{?scl:scl enable %{scl} - << \EOF}
%make_install

# not needed on Fedora/RHEL
rm -f "$RPM_BUILD_ROOT%{_libdir}/libnghttp2.la"

# will be installed via %%doc
rm -f "$RPM_BUILD_ROOT%{_datadir}/doc/nghttp2/README.rst"

# do not install man pages and helper scripts for tools that are not available
rm -fr "$RPM_BUILD_ROOT%{_datadir}/nghttp2"
rm -fr "$RPM_BUILD_ROOT%{_mandir}/man1"

mv %{buildroot}%{_libdir}/pkgconfig/libnghttp2.pc %{buildroot}%{_libdir}/pkgconfig/%{scl_prefix}libnghttp2.pc
%{?scl:EOF}

%post -n %{?scl_prefix}libnghttp2 -p /sbin/ldconfig

%postun -n %{?scl_prefix}libnghttp2 -p /sbin/ldconfig


%check
%{?scl:scl enable %{scl} - << \EOF}
# test the just built library instead of the system one, without using rpath
export "LD_LIBRARY_PATH=$RPM_BUILD_ROOT%{_libdir}:${LD_LIBRARY_PATH}"
make %{?_smp_mflags} check
%{?scl:EOF}


%files

%files -n %{?scl_prefix}libnghttp2
%{_libdir}/libnghttp2*.so.*
%{!?_licensedir:%global license %%doc}
%license COPYING

%files -n %{?scl_prefix}libnghttp2-devel
%{_includedir}/nghttp2
%{_libdir}/pkgconfig/%{scl_prefix}libnghttp2.pc
%{_libdir}/libnghttp2*.so
%doc README.rst


%changelog
* Tue Aug 27 2019 Lubos Uhliarik <luhliari@redhat.com> - 1.7.1-8
- Resolves: #1745692 - CVE-2019-9513 httpd24-nghttp2: HTTP/2: flood using
  PRIORITY frames resulting in excessive resource consumption
- Resolves: # 1744825 - CVE-2019-9511 httpd24-nghttp2: HTTP/2: large 
  amount of data request leads to denial of service 

* Thu Sep 13 2018 Luboš Uhliarik <luhliari@redhat.com> - 1.7.1-7
- Resolves: #1540167 - provides without httpd24 pre/in-fix

* Wed May 24 2017 Luboš Uhliarik <luhliari@redhat.com> - 1.7.1-6
- rebuild

* Wed Feb 17 2016 Jan Kaluza <jkaluza@redhat.com> 1.7.1-1
- fix CVE-2016-1544 (out of memory due to unlimited incoming HTTP header)

* Tue Feb 09 2016 Jan Kaluza <jkaluza@redhat.com> 1.7.0-3
- make the package build on RHEL-6 (libnghttp2 only)

* Mon Feb 08 2016 Jan Kaluza <jkaluza@redhat.com> 1.7.0-2
- enable tests

* Mon Jan 25 2016 Kamil Dudka <kdudka@redhat.com> 1.7.0-1
- update to the latest upstream release

* Fri Dec 25 2015 Kamil Dudka <kdudka@redhat.com> 1.6.0-1
- update to the latest upstream release (fixes CVE-2015-8659)

* Thu Nov 26 2015 Kamil Dudka <kdudka@redhat.com> 1.5.0-1
- update to the latest upstream release

* Mon Oct 26 2015 Kamil Dudka <kdudka@redhat.com> 1.4.0-1
- update to the latest upstream release

* Thu Sep 24 2015 Kamil Dudka <kdudka@redhat.com> 1.3.4-1
- update to the latest upstream release

* Wed Sep 23 2015 Kamil Dudka <kdudka@redhat.com> 1.3.3-1
- update to the latest upstream release

* Wed Sep 16 2015 Kamil Dudka <kdudka@redhat.com> 1.3.2-1
- update to the latest upstream release

* Mon Sep 14 2015 Kamil Dudka <kdudka@redhat.com> 1.3.1-1
- update to the latest upstream release

* Mon Aug 31 2015 Kamil Dudka <kdudka@redhat.com> 1.3.0-1
- update to the latest upstream release

* Mon Aug 17 2015 Kamil Dudka <kdudka@redhat.com> 1.2.1-1
- update to the latest upstream release

* Sun Aug 09 2015 Kamil Dudka <kdudka@redhat.com> 1.2.0-1
- update to the latest upstream release

* Wed Jul 15 2015 Kamil Dudka <kdudka@redhat.com> 1.1.1-1
- update to the latest upstream release

* Tue Jun 30 2015 Kamil Dudka <kdudka@redhat.com> 1.0.5-1
- packaged for Fedora (#1237247)