new upstream release - 8.18.0

new upstream release - 8.18.0~rc3
new upstream release - 8.18.0~rc2
2026-01-07 11:16:40 +01:00 · 2026-01-05 09:35:50 +01:00 · 2025-12-16 14:49:18 +01:00 · 2025-12-09 08:53:40 +01:00 · 2025-12-07 11:36:05 -08:00 · 2025-12-04 10:44:25 +01:00
18 changed files with 1392 additions and 1340 deletions
--- a/.fmf/version
+++ b/.fmf/version
@ -0,0 +1 @@
+1
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,6 @@
 /curl-[0-9.]*.tar.lzma
+/curl-[0-9.]*.tar.lzma.asc
 /curl-[0-9.]*.tar.xz
+/curl-[0-9.]*.tar.xz.asc
+/curl-[0-9]*.[0-9]*.[0-9]*/
+/*.src.rpm
--- a/0001-curl-7.55.1-zsh-completion.patch
+++ b/0001-curl-7.55.1-zsh-completion.patch
@ -1,67 +0,0 @@
-From 918eb4c10b60a58ea6b14bea7b9fbfba4d29598c Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Mon, 14 Aug 2017 16:13:32 +0200
-Subject: [PATCH] zsh.pl: produce a working completion script again
-
-Commit curl-7_54_0-118-g8b2f22e changed the output format of curl --help
-to use <file> and <dir> instead of FILE and DIR, which caused zsh.pl to
-produce a broken completion script:
-
-% curl --<TAB>
-_curl:10: no such file or directory: seconds
-
-Closes #1779
-
-Upstream-commit: ab2a7079cd2a1ec279b1e6b587ba48e50c155e91
-Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
- docs/cmdline-opts/cacert.d | 2 +-
- scripts/zsh.pl             | 5 +++--
- src/tool_help.c            | 2 +-
- 3 files changed, 5 insertions(+), 4 deletions(-)
-
-diff --git a/docs/cmdline-opts/cacert.d b/docs/cmdline-opts/cacert.d
-index 04e1139..b2ecf90 100644
--- a/docs/cmdline-opts/cacert.d
-+++ b/docs/cmdline-opts/cacert.d
-@@ -1,5 +1,5 @@
- Long: cacert
-Arg: <CA certificate>
-+Arg: <file>
- Help: CA certificate to verify peer against
- Protocols: TLS
- ---
-diff --git a/scripts/zsh.pl b/scripts/zsh.pl
-index f0d8c19..82b4d9f 100755
--- a/scripts/zsh.pl
-+++ b/scripts/zsh.pl
-@@ -54,10 +54,11 @@ sub parse_main_opts {
-         $option .= '}' if defined $short;
-         $option .= '\'[' . trim($desc) . ']\'' if defined $desc;
- 
-        $option .= ":$arg" if defined $arg;
-+        $option .= ":'$arg'" if defined $arg;
- 
-         $option .= ':_files'
-            if defined $arg and ($arg eq 'FILE' || $arg eq 'DIR');
-+            if defined $arg and ($arg eq '<file>' || $arg eq '<filename>'
-+                || $arg eq '<dir>');
- 
-         push @list, $option;
-     }
-diff --git a/src/tool_help.c b/src/tool_help.c
-index 42dc779..a5bfaba 100644
--- a/src/tool_help.c
-+++ b/src/tool_help.c
-@@ -54,7 +54,7 @@ static const struct helptxt helptext[] = {
-    "Append to target file when uploading"},
-   {"    --basic",
-    "Use HTTP Basic Authentication"},
-  {"    --cacert <CA certificate>",
-+  {"    --cacert <file>",
-    "CA certificate to verify peer against"},
-   {"    --capath <dir>",
-    "CA directory to verify peer against"},
-- 
-2.9.5
-
--- a/0002-curl-7.55.1-proxy-connect.patch
+++ b/0002-curl-7.55.1-proxy-connect.patch
@ -1,40 +0,0 @@
-From 74dac344b2feb2e0f4baddb70532dc8e45d2d817 Mon Sep 17 00:00:00 2001
-From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com>
-Date: Fri, 18 Aug 2017 10:43:02 +0200
-Subject: [PATCH] http: Don't wait on CONNECT when there is no proxy
-
-Since curl 7.55.0, NetworkManager almost always failed its connectivity
-check by timeout. I bisected this to 5113ad04 (http-proxy: do the HTTP
-CONNECT process entirely non-blocking).
-
-This patch replaces !Curl_connect_complete with Curl_connect_ongoing,
-which returns false if the CONNECT state was left uninitialized and lets
-the connection continue.
-
-Closes #1803
-Fixes #1804
-
-Also-fixed-by: Gergely Nagy
-
-Upstream-commit: 74dac344b2feb2e0f4baddb70532dc8e45d2d817
-Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
- lib/http.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/lib/http.c b/lib/http.c
-index 35c7c3d43..3e3313278 100644
--- a/lib/http.c
-+++ b/lib/http.c
-@@ -1371,7 +1371,7 @@ CURLcode Curl_http_connect(struct connectdata *conn, bool *done)
-   if(CONNECT_FIRSTSOCKET_PROXY_SSL())
-     return CURLE_OK; /* wait for HTTPS proxy SSL initialization to complete */
- 
-  if(!Curl_connect_complete(conn))
-+  if(Curl_connect_ongoing(conn))
-     /* nothing else to do except wait right now - we're not done here. */
-     return CURLE_OK;
- 
-- 
-2.13.5
-
--- a/0101-curl-7.32.0-multilib.patch
+++ b/0101-curl-7.32.0-multilib.patch
@ -1,86 +1,92 @@
-From 2a4754a3a7cf60ecc36d83cbe50b8c337cb87632 Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Fri, 12 Apr 2013 12:04:05 +0200
+From 6bb4e674cdc953f5c0048aa84172539900725166 Mon Sep 17 00:00:00 2001
+From: Jan Macku <jamacku@redhat.com>
+Date: Tue, 16 Dec 2025 10:04:40 +0100
 Subject: [PATCH] prevent multilib conflicts on the curl-config script

 ---
- curl-config.in     |   21 +++------------------
- docs/curl-config.1 |    4 +++-
- libcurl.pc.in      |    1 +
- 3 files changed, 7 insertions(+), 19 deletions(-)
+ curl-config.in      | 23 +++++------------------
+ docs/curl-config.md |  4 +++-
+ libcurl.pc.in       |  1 +
+ 3 files changed, 9 insertions(+), 19 deletions(-)

 diff --git a/curl-config.in b/curl-config.in
-index 150004d..95d0759 100644
+index a1c8185875..bb43ca8335 100644
 --- a/curl-config.in
 +++ b/curl-config.in
-@@ -75,7 +75,7 @@ while test $# -gt 0; do
-         ;;
+@@ -74,7 +74,7 @@ while test "$#" -gt 0; do
+     ;;
 
-     --cc)
-        echo "@CC@"
-+        echo "gcc"
-         ;;
+   --cc)
+-    echo '@CC@'
+    echo 'gcc'
+     ;;
 
-     --prefix)
-@@ -142,29 +142,14 @@ while test $# -gt 0; do
-         ;;
+   --prefix)
+@@ -149,16 +149,7 @@ while test "$#" -gt 0; do
+     ;;
 
-     --libs)
-        if test "X@libdir@" != "X/usr/lib" -a "X@libdir@" != "X/usr/lib64"; then
-           CURLLIBDIR="-L@libdir@ "
-        else
-           CURLLIBDIR=""
-        fi
-        if test "X@REQUIRE_LIB_DEPS@" = "Xyes"; then
-          echo ${CURLLIBDIR}-lcurl @LIBCURL_LIBS@
-        else
-          echo ${CURLLIBDIR}-lcurl
-        fi
-+        echo -lcurl
-         ;;
+   --libs)
+-    if test "@libdir@" != '/usr/lib' && test "@libdir@" != '/usr/lib64'; then
+-      curllibdir="-L@libdir@ "
+-    else
+-      curllibdir=''
+-    fi
+-    if test '@ENABLE_SHARED@' = 'no'; then
+-      echo "${curllibdir}-lcurl @LIBCURL_PC_LIBS_PRIVATE@"
+-    else
+-      echo "${curllibdir}-lcurl"
+-    fi
+    echo '-lcurl'
+     ;;
 
-     --static-libs)
-        if test "X@ENABLE_STATIC@" != "Xno" ; then
-          echo @libdir@/libcurl.@libext@ @LDFLAGS@ @LIBCURL_LIBS@
-        else
-          echo "curl was built with static libraries disabled" >&2
-          exit 1
-        fi
-         ;;
+   --ssl-backends)
+@@ -166,16 +157,12 @@ while test "$#" -gt 0; do
+     ;;
 
-     --configure)
-        echo @CONFIGURE_OPTIONS@
-+        pkg-config libcurl --variable=configure_options | sed 's/^"//;s/"$//'
-         ;;
+   --static-libs)
+-    if test '@ENABLE_STATIC@' != 'no'; then
+-      echo "@libdir@/libcurl.@libext@ @LIBCURL_PC_LDFLAGS_PRIVATE@ @LIBCURL_PC_LIBS_PRIVATE@"
+-    else
+-      echo 'curl was built with static libraries disabled' >&2
+-      exit 1
+-    fi
+    echo 'curl was built with static libraries disabled' >&2
+    exit 1
+     ;;
 
-     *)
-diff --git a/docs/curl-config.1 b/docs/curl-config.1
-index 14a9d2b..ffcc004 100644
--- a/docs/curl-config.1
-+++ b/docs/curl-config.1
-@@ -66,7 +66,9 @@ be listed using uppercase and are separated by newlines. There may be none,
- one, or several protocols in the list. (Added in 7.13.0)
- .IP "--static-libs"
- Shows the complete set of libs and other linker options you will need in order
-to link your application with libcurl statically. (Added in 7.17.1)
-+to link your application with libcurl statically. Note that Fedora/RHEL libcurl
+   --configure)
+-    echo @CONFIGURE_OPTIONS@
+    pkg-config libcurl --variable=configure_options | sed 's/^"//;s/"$//'
+     ;;
+ 
+   *)
+diff --git a/docs/curl-config.md b/docs/curl-config.md
+index 12ad245b79..fa0e03d273 100644
+--- a/docs/curl-config.md
+++ b/docs/curl-config.md
+@@ -87,7 +87,9 @@ no, one or several names. If more than one name, they appear comma-separated.
+ ## `--static-libs`
+ 
+ Shows the complete set of libs and other linker options you need in order to
+-link your application with libcurl statically. (Added in 7.17.1)
+link your application with libcurl statically. Note that Fedora/RHEL libcurl
 +packages do not provide any static libraries, thus cannot be linked statically.
 +(Added in 7.17.1)
- .IP "--version"
- Outputs version information about the installed libcurl.
- .IP "--vernum"
+ 
+ ## `--version`
+ 
 diff --git a/libcurl.pc.in b/libcurl.pc.in
-index 2ba9c39..f8f8b00 100644
+index c0ba5244a8..f3645e1748 100644
 --- a/libcurl.pc.in
 +++ b/libcurl.pc.in
-@@ -29,6 +29,7 @@ libdir=@libdir@
+@@ -28,6 +28,7 @@ libdir=@libdir@
 includedir=@includedir@
 supported_protocols="@SUPPORT_PROTOCOLS@"
 supported_features="@SUPPORT_FEATURES@"
 +configure_options=@CONFIGURE_OPTIONS@
 
 Name: libcurl
- URL: https://curl.haxx.se/
+ URL: https://curl.se/
 -- 
-2.5.0
+2.52.0

--- a/0102-curl-7.36.0-debug.patch
+++ b/0102-curl-7.36.0-debug.patch
@ -1,65 +0,0 @@
-From 6710648c2b270c9ce68a7d9f1bba1222c7be8b58 Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Wed, 31 Oct 2012 11:38:30 +0100
-Subject: [PATCH] prevent configure script from discarding -g in CFLAGS (#496778)
-
---
- configure            |   13 +++----------
- m4/curl-compilers.m4 |   13 +++----------
- 2 files changed, 6 insertions(+), 20 deletions(-)
-
-diff --git a/configure b/configure
-index 8f079a3..53b4774 100755
--- a/configure
-+++ b/configure
-@@ -17079,18 +17079,11 @@ $as_echo "yes" >&6; }
-     gccvhi=`echo $gccver | cut -d . -f1`
-     gccvlo=`echo $gccver | cut -d . -f2`
-     compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`
-    flags_dbg_all="-g -g0 -g1 -g2 -g3"
-    flags_dbg_all="$flags_dbg_all -ggdb"
-    flags_dbg_all="$flags_dbg_all -gstabs"
-    flags_dbg_all="$flags_dbg_all -gstabs+"
-    flags_dbg_all="$flags_dbg_all -gcoff"
-    flags_dbg_all="$flags_dbg_all -gxcoff"
-    flags_dbg_all="$flags_dbg_all -gdwarf-2"
-    flags_dbg_all="$flags_dbg_all -gvms"
-+    flags_dbg_all=""
-     flags_dbg_yes="-g"
-     flags_dbg_off=""
-    flags_opt_all="-O -O0 -O1 -O2 -O3 -Os -Og -Ofast"
-    flags_opt_yes="-O2"
-+    flags_opt_all=""
-+    flags_opt_yes=""
-     flags_opt_off="-O0"
- 
-     OLDCPPFLAGS=$CPPFLAGS
-diff --git a/m4/curl-compilers.m4 b/m4/curl-compilers.m4
-index 0cbba7a..9175b5b 100644
--- a/m4/curl-compilers.m4
-+++ b/m4/curl-compilers.m4
-@@ -157,18 +157,11 @@ AC_DEFUN([CURL_CHECK_COMPILER_GNU_C], [
-     gccvhi=`echo $gccver | cut -d . -f1`
-     gccvlo=`echo $gccver | cut -d . -f2`
-     compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`
-    flags_dbg_all="-g -g0 -g1 -g2 -g3"
-    flags_dbg_all="$flags_dbg_all -ggdb"
-    flags_dbg_all="$flags_dbg_all -gstabs"
-    flags_dbg_all="$flags_dbg_all -gstabs+"
-    flags_dbg_all="$flags_dbg_all -gcoff"
-    flags_dbg_all="$flags_dbg_all -gxcoff"
-    flags_dbg_all="$flags_dbg_all -gdwarf-2"
-    flags_dbg_all="$flags_dbg_all -gvms"
-+    flags_dbg_all=""
-     flags_dbg_yes="-g"
-     flags_dbg_off=""
-    flags_opt_all="-O -O0 -O1 -O2 -O3 -Os -Og -Ofast"
-    flags_opt_yes="-O2"
-+    flags_opt_all=""
-+    flags_opt_yes=""
-     flags_opt_off="-O0"
-     CURL_CHECK_DEF([_WIN32], [], [silent])
-   else
-- 
-1.7.1
-
--- a/0103-curl-7.55.1-system-crypto-policy.patch
+++ b/0103-curl-7.55.1-system-crypto-policy.patch
@ -1,27 +0,0 @@
-From 7271547cb46a4dc28004febaea19e5edaa2250d2 Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Tue, 22 Aug 2017 17:02:26 +0200
-Subject: [PATCH] openssl: utilize system wide crypto policies
-
-... unless explicitly overridden via libcurl API
---
- lib/vtls/openssl.h | 3 +--
- 1 file changed, 1 insertion(+), 2 deletions(-)
-
-diff --git a/lib/vtls/openssl.h b/lib/vtls/openssl.h
-index b9648d5..48036e1 100644
--- a/lib/vtls/openssl.h
-+++ b/lib/vtls/openssl.h
-@@ -119,8 +119,7 @@ bool Curl_ossl_cert_status_request(void);
- #endif
- #define curlssl_cert_status_request() Curl_ossl_cert_status_request()
- 
-#define DEFAULT_CIPHER_SELECTION \
-  "ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH"
-+#define DEFAULT_CIPHER_SELECTION "PROFILE=SYSTEM"
- 
- #endif /* USE_OPENSSL */
- #endif /* HEADER_CURL_SSLUSE_H */
-- 
-2.9.5
-
--- a/0104-curl-7.19.7-localhost6.patch
+++ b/0104-curl-7.19.7-localhost6.patch
@ -1,51 +0,0 @@
-diff --git a/tests/data/test1083 b/tests/data/test1083
-index e441278..b0958b6 100644
--- a/tests/data/test1083
-+++ b/tests/data/test1083
-@@ -33,13 +33,13 @@ ipv6
- http-ipv6
- </server>
-  <name>
-HTTP-IPv6 GET with ip6-localhost --interface
-+HTTP-IPv6 GET with localhost6 --interface
-  </name>
-  <command>
--g "http://%HOST6IP:%HTTP6PORT/1083" --interface ip6-localhost
-+-g "http://%HOST6IP:%HTTP6PORT/1083" --interface localhost6
- </command>
- <precheck>
-perl -e "if ('%CLIENT6IP' ne '[::1]') {print 'Test requires default test server host address';} else {exec './server/resolve --ipv6 ip6-localhost'; print 'Cannot run precheck resolve';}"
-+perl -e "if ('%CLIENT6IP' ne '[::1]') {print 'Test requires default test server host address';} else {exec './server/resolve --ipv6 localhost6'; print 'Cannot run precheck resolve';}"
- </precheck>
- </client>
- 
-diff --git a/tests/data/test241 b/tests/data/test241
-index 46eae1f..4e1632c 100644
--- a/tests/data/test241
-+++ b/tests/data/test241
-@@ -30,13 +30,13 @@ ipv6
- http-ipv6
- </server>
-  <name>
-HTTP-IPv6 GET (using ip6-localhost)
-+HTTP-IPv6 GET (using localhost6)
-  </name>
-  <command>
--g "http://ip6-localhost:%HTTP6PORT/241"
-+-g "http://localhost6:%HTTP6PORT/241"
- </command>
- <precheck>
-./server/resolve --ipv6 ip6-localhost
-+./server/resolve --ipv6 localhost6
- </precheck>
- </client>
- 
-@@ -48,7 +48,7 @@ HTTP-IPv6 GET (using ip6-localhost)
- </strip>
- <protocol>
- GET /241 HTTP/1.1
-Host: ip6-localhost:%HTTP6PORT
-+Host: localhost6:%HTTP6PORT
- Accept: */*
- 
- </protocol>
--- a/ci.fmf
+++ b/ci.fmf
@ -0,0 +1,9 @@
+discover:
+  how: fmf
+prepare:
+  how: install
+  exclude:
+    - libcurl-minimal
+    - curl-minimal
+execute:
+  how: tmt
--- a/curl-7.55.1.tar.xz.asc
+++ b/curl-7.55.1.tar.xz.asc
@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAlmRPboACgkQXMkI/bce
-EsIxOAf9GPx5uj4rzy5VW8UhHgZXJl97S9mEVt8I6DnwpLrlCsV7jf4CHpys0Ymt
-kaRoqudjCfjfm2BRtoTZq9ZmWv6vMwuwKrfGwQSmtyNiVFnCZ2hX4QEErMDP27pn
-yJnlxO0MQVXCpKAxvmx2yRQ/qoGX18dGENBGe5USBOzh3QWArIN8vIaGsINvCmcM
-StMzgzNs+x4MP75xt6Wf+MH2biMfyXoq4zFsVKRYDlwZyr495uT9Zms4HzxPLlap
-LPotKQTj1ZcmC0tVLGDWXEx/aE65tLhsJjyLrIlIx+VvkKPwxN8rBntAAC8jh6az
-5bhonUTL94v5XnKySk7srhNP7ds8qQ==
-=3zTB
-----END PGP SIGNATURE-----
--- a/curl.rpmlintrc
+++ b/curl.rpmlintrc
@ -0,0 +1,15 @@
+# Intentional stuff we're not concerned about
+addFilter("unversioned-explicit-provides webclient")
+addFilter("package-with-huge-docs")
+addFilter("crypto-policy-non-compliance-openssl /usr/lib(64)?/libcurl.so.4")
+
+# This is just plain wrong (%_configure redefinition)
+addFilter("configure-without-libdir-spec")
+
+# Technical term
+addFilter("E: spelling-error \('kerberos',")
+
+# Artefacts of RemovePathPostfixes: .minimal
+addFilter("W: dangling-relative-symlink /usr/lib/.build-id/.* ../../../../.*curl.*\.minimal")
+#addFilter("W: dangling-relative-symlink /usr/lib.*/libcurl.so.4 libcurl.so.4.*.minimal")
+#addFilter("E: invalid-ldconfig-symlink /usr/lib.*/libcurl.so.4.* libcurl.so.4.*.minimal")
--- a/curl.spec
+++ b/curl.spec
--- a/mykey.asc
+++ b/mykey.asc
@ -0,0 +1,77 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2
+
+mQGiBD6tnnoRBACRPnFBVoapBrTpPrCNZ2rq3DcmW6n/soQJW47+zP+vcrcxQ1WJ
+QiWSzLGO+QOIUZSYfnliR22r8HkFX9EUSW3IAcRMJMsaO3wMJ0a+78a9QqWLp6RV
+0arcQkuuCvG79h+yJ6NnoAXe1geRt8vNGsaWtsS91CtYlTSs6JVtaRLnYwCg/Ly1
+EFgvNZ6SJRc/8I5rRv0lrz8D/0goih2kZ5z4SI+r2hgABNcN7g565YwGKaQDbIch
+soh3OBzgETWc3wuAZqmCzQXPXMpMx+ziqX6XDzDKNiGL1CdrBJQd0II8UutWVDje
+f9UxLfo02YQ8diGYeq0u9k1RezC13w4TVUmQfg0Uqn4xM6DNzO1O6yCK8rlNwsvL
+gHNJA/9m1pfzjpvdxtmJNKRU3C4cRCjXhxNdM7laSEj0/wOGaR2QWWEge51orWwo
+SLQUIe4BDPvtRStQHC+tI7qr7d12rMMEBXviJC5EkGBOzlgWr9virjM/u/pkGMc2
+m5r3pVuWH/JSsHsV952y2kWP64uP4zdLXOpVzX/xs0sYJ9nOPLQnRGFuaWVsIFN0
+ZW5iZXJnIChIYXh4KSA8ZGFuaWVsQGhheHguc2U+iF4EExECAB4CHgECF4AFAlQU
+ki4FCwkIBwMFFQoJCAsFFgIDAQAACgkQeOEcayedXJEOOwCggCsNHdAQPAlPte3w
+i2IZEekkM0YAoOXXPFAWjUwIHjZY41l7WgzACbANiFkEExECABkFAj6tnnoECwcD
+AgMVAgMDFgIBAh4BAheAAAoJEHjhHGsnnVyRjngAoO1y3LoSOEgD8vR062cdYDmv
+jLvVAJ0dmp1UiuQp+oMyq2VbWyw8LXN1XLkBDQQ+rZ59EAQAmYsA8gPjJ75gOIPb
+XNg9Z31QzIz65qS9XdNsFNAdKxnY4b72nhc0oaS9/7Dcdf2Q+1mDa2p72DWk+9iz
+7knmBL++csBP2z9eMe5h8oV53prqNOHDHyL3WLOa25ga9381gZnzWoQME74iSBBM
+wDw8vbLEgIZ34JaQ7Oe+9N3+6n8AAwcD/Av+Ms+3gCc5pLp4nx36qqi36fodaG9+
+dwIcMbr9bivEtjmDHeuPsD6X1J9+Y/ikUBIDpMPv33lJxLoubOtpLhEuN2XN/ojT
+rueVPDKA1f+GyfHnyfpf/78IgX1hGVqu/3RBWKPpXFwSZA4q8vFR+FaPC5WbU68t
+FLJpYuC9ZO/LiEYEGBECAAYFAj6tnn0ACgkQeOEcayedXJGtPQCgxrbd59afemZ9
+OIadZD8kUGC29dUAoJ94aGUkWCwoEiPyEZRGXv9XRlfxmQENBFcGhyIBCAC79AIx
+5hHixKmNtqbryuZTDwlt9XXkEn/QSrQD3pzgbsbBiWyqOV4hfscvtmoqA7koOw4h
+zZ/b8pJPA36eNzqMFIbkWpIit/BwA5bTKRkKXeD2kBFkjIN+iDuXawwhv7eNKH9O
+poAUe0K/esK/kvbMO721q24IgkOjB1Vtr/Y4Xkg7+VWVP0LFh7C/2Nwq6n2bktsA
+Ey9uCDD1hl8BdckN/XxpuUqSfxbF85GvYzzON67zOxxo6jqRXXcJ2PdPq0o9Ak0d
+6Fe7g9ZxOAeuYEbFTCZHBBccx84K0Bhn5tpqoq8Mq3f3mZfGBoe4J6wr17cxEDC8
+tTHUpDqk0CoLERUxABEBAAG0IERhbmllbCBTdGVuYmVyZyA8ZGFuaWVsQGhheHgu
+c2U+iQE3BBMBCgAhBQJXBociAhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJ
+EPn+r/nTShvbHoAIAJDwb7dcAX4VGPa2oSuQqVnHsjDE7g8ATmcZq2IAzAG6bZg1
+svuhNyPQnL7kNrsz6Ew+yE4vH8mOjDUbc3feY4MzmtEMaB6VS0Xlna6cdtWkv4Y+
+Us4TuYSdftPZuZgI3nN/sXLlxWJCZgCPJJaGM6dXgyTFatk2P1LE98Qif7+ZMqfv
+BA5L6cy2cAwJ5qbvLtuT25rTxooN54JETfwdhUD1NEIqTQxeC4E5lFvwedjAjLh
+Gswau8WMCdM/HzGbuQ9Gp3/RafYoAvMV6r6sskvUrWubCHj0u+uNgOpUHvlrwcFg
+rBirzQdElumCWqbJVCH0V5NcP/zSz1U1W8wSRqS5AQ0EVwaHIgEIALyCqpnax0cL
+y7EK3UiU2Kkryb7LPsZkia9hTcIZjNg0B8XAdqDYpHiquYtX0cz5I1sSZMBJ/xJP
+BF2ce/bmOTJtyW3GaF9a+M2zboZSzx9nlv9xx0o3bXBrBlL2vaG2TW+x2G53GA0/
+0chbj35PR+fvJx8ob/fHwCkfzGb1qCzwovhwGVUNHqI5bxK/xVwXfiycbllE3Hmf
+09BGeXKR7gQtaal8byKKlqCtayteEaPNQt6czYxZkVAOvY4ZDQKSZJUNwGFog3bG
+6rHr1J/0un6nAvX+wMuvRkUDiQxZZCel7e0Qcg3gPrYh+adlr0Tn7wyCP7/BULz8
+67fQfzc2ENkAEQEAAYkBHwQYAQoACQUCVwaHIgIbDAAKCRD5/q/500ob27KaB/9H
+a+iDip6mxFdoqy7TAefBy7KgbMQxxT926IcFqf70aJDzeVQI3lGCqN9GW03d+wPr
+LoyeQBQKNxxfQ9fEOvp1AXGWFIYYtEZIvQBpIqaSaA7W5IzqfDuO9xG89DNn8zKK
+nh/mbYJov/fywhBU6JH7bqdFSHbqoG9TY64s0BkV6shIVOubXLSG5G7LxXhw+xrb
+0zl4ie2wCeCBOLdbGHc+o2sKo1rBEz6UBK2DesPfkzxBO7lfa9HTcN03UJPHXmzb
+2mCbeFV8yPsTAoaGv4qZH1+FX+9Lv374xTSXa4CjQzSxd0dkZGG+YQjocoPftgsC
+OVsiqW0WhRVIEJ+hBAMUmQENBFcGiPEBCAC7sCnaZqWxfXNgBC7P28BSDUs9w4y/
+PEFsOv9bpgbgZagX1FnhG0eV71nm0p8v9T8Bft1eXaBd977Dq9pgk5qKO0xZo8fC
+8prFqB5db7fMUvPZCuJTTb6lGMz4OdfT6aHqUvJ+LFF1mKn8Eqt1Q4snHGSL1PI3
+/+435qDRQsU15GdYrj1waNJKk79aes9oguaI2/OTQqzIcOFK5tJjlSOD1ryOIH1e
+8vD+5MMpGvsRxv3sQHeTZkfZbkzSLFg/LKpoiQkyql1+BLNhBYq8oaE/jlvQrTEk
+bAyKpMScdyHwmkWWKjyZtXTrAtlComnki4yC2lAV9MXINHHvNJBcIXvVABEBAAG0
+IERhbmllbCBTdGVuYmVyZyA8ZGFuaWVsQGhheHguc2U+iQE3BBMBCgAhBQJXBojx
+AhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEFzJCP23HhLCOKkH/1CyoKiN
+2PCgTlWoYQspv/AAmsj+cFwZobI167KowA+o3zxQqxg0MV3ds8G+iig9OIuYurlQ
+L5Jr3CbDltaiXdWtVteRh/VKp61EwyXq77vjJbx81hvOuaXWWLSlU0KB3w7Hj6aD
+/mt16DpOcY9Aw90mKyvafRTqMF7TcT7J5HeGn2NL45dPkAhiMDEgEnw9yBTxK/x6
+UoQGPgiOWxSSN7Foj3mhUOflp8W0rnkLbJ4icpym6WuLKRMKAefDvk8GVlAWuXAb
+9gloL1P6u3uNHllq/IODR2bZUBI0QNKhvt0iSj7WKsc/kaqscl+AE9jd/6kXd6vh
+TNFWdzeco/2mGlaIRgQQEQoABgUCVwaJ/AAKCRB44RxrJ51ckWcaAKCJ6+arS/3k
+IMcO14Jz8dVf2BH3OACgwTenVSsK66qi+VfGCoALpzpiLDO5AQ0EVwaI8QEIAOxQ
+AEvF3idxcn80tbUhJg1J98fAS7Hx3WhlFG74uAikZQl1KZrprBu70RWTb7Nm1tvZ
+eXW65IlY7kk42bhfYDs1JrIPWOWKvVwKWDxoEbYgW/yvy1TOuXH276zbxLl5OEE8
+sQuOfXZsFSX2IPF9hsgNGaNzor8Ke7Y5BuCQLcGZWW5dLFbbKRKjXG8CaWmsJVoI
+c2nyXCAss2q9oCJ13X/5z+Ei392rwi1d3NxAYkSiDQan+fkWkCvZH+dHmFjQ1AND
+KielxcW1VfilK1hu9ziBBDf8TCEud/q0woIAH7rvIft4i3CqjymonByE4/OjfH8j
+4EteQ8qoknMCjjwNVqkAEQEAAYkBHwQYAQoACQUCVwaI8QIbDAAKCRBcyQj9tx4S
+wupjB/9TV4anbZK58bN7QJ5qGnU3GNjlvWFZXMw1u1xVc7abDJyqmFeJcJ4qLUkv
+BA0OsvlVnMWmeCmzsXhlQVM4Bv6IWyr7JBWgkK5q2CWVB59V7v7znf5kWnMGFhDF
+PlLsGbxDWLMoZGH+Iy84whMJFgferwCJy1dND/bHXPztfhvFXi8NNlJUFJa8Xtmu
+gm78C+nwNHcFpVC70HPr3oa8U1ODXMp7L8W/dL3eLYXmRCNd0urHgYrzDt6V/zf5
+ymvPk5w4HBocn2oRCJj/FXKhFAUptmpTE3g1yvYULmuFcNGAnPAExmAmd6NqsCmb
+j/qx4ytjt5uxt6Jm6IXV9cry8i6x
+=Phs/
+-----END PGP PUBLIC KEY BLOCK-----
--- a/3
+++ b/3
@ -1 +1,2 @@
-SHA512 (curl-7.55.1.tar.xz) = 69f906655064b9cfef5b8763a893a658b25fcc4e595141ef122ac2b12158c5dc3b9535cb392f6f5af8346b6d495eb0609a08b5a6e638d4b10b82a15a0e8a7517
+SHA512 (curl-8.18.0.tar.xz) = 50c7a7b0528e0019697b0c59b3e56abb2578c71d77e4c085b56797276094b5611718c0a9cb2b14db7f8ab502fcf8f42a364297a3387fae3870a4d281484ba21c
+SHA512 (curl-8.18.0.tar.xz.asc) = 07e08d1bb3f8bf20b3d22f37fbc19c49c0d9ee4ea9d92da76fa8a9de343023e1b5d416ccc6535a4ff98b08b30eb9334fd856227e37564f6bcd542aa81bced152
--- a/tests/non-root-user-download/main.fmf
+++ b/tests/non-root-user-download/main.fmf
@ -0,0 +1,18 @@
+summary: various download methods with non-root user
+description: ''
+contact: Daniel Rusek <drusek@redhat.com>
+component:
+  - curl
+require:
+  - findutils
+  - libselinux-utils
+  - openssh-clients
+  - openssh-server
+  - passwd
+test: ./runtest.sh
+framework: beakerlib
+duration: 5m
+enabled: true
+tier: '1'
+link:
+  - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1049921
--- a/tests/non-root-user-download/runtest.sh
+++ b/tests/non-root-user-download/runtest.sh
@ -0,0 +1,93 @@
+#!/bin/bash
+# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   runtest.sh of /CoreOS/curl/Sanity/non-root-user-download
+#   Description: various download methods with non-root user
+#   Author: Karel Srot <ksrot@redhat.com>
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Copyright (c) 2013 Red Hat, Inc. All rights reserved.
+#
+#   This copyrighted material is made available to anyone wishing
+#   to use, modify, copy, or redistribute it subject to the terms
+#   and conditions of the GNU General Public License version 2.
+#
+#   This program is distributed in the hope that it will be
+#   useful, but WITHOUT ANY WARRANTY; without even the implied
+#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+#   PURPOSE. See the GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public
+#   License along with this program; if not, write to the Free
+#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+#   Boston, MA 02110-1301, USA.
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+# Include Beaker environment
+. /usr/share/beakerlib/beakerlib.sh || exit 1
+
+PACKAGE="curl"
+
+FTP_URL=ftp://ftp.fi.muni.cz/pub/linux/fedora/linux/releases/42/Everything/x86_64/iso/Fedora-Everything-42-1.1-x86_64-CHECKSUM
+HTTP_URL=https://archives.fedoraproject.org/pub/fedora/linux/releases/42/Everything/x86_64/iso/Fedora-Everything-42-1.1-x86_64-CHECKSUM
+CONTENT=1bd6ab4798983c2fe4a210f9c4ca135fed453d6142ba852c1f8d5fba22e113ab
+PASSWORD=pAssw0rd
+OPTIONS=""
+rlIsRHEL 7 && OPTIONS="--insecure"
+
+rlJournalStart
+    rlPhaseStartSetup
+        rlAssertRpm $PACKAGE
+        rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
+        rlRun "pushd $TmpDir"
+        rlRun "useradd -m curltester" 0 "Adding the test user"
+        rlRun "echo $PASSWORD | passwd --stdin curltester" 0 "Setting the password for the test user"
+        rlRun "su - curltester -c 'echo $CONTENT > ~/testfile'" 0 "Creating ~curltester/testfile"
+        rlFileBackup --clean --missing-ok $HOME/.ssh /etc/hosts
+        rlRun "rm -f $HOME/.ssh/*"
+        [ -d $HOME/.ssh ] || ( mkdir $HOME/.ssh && restorecon HOME/.ssh )
+        rlRun "rlServiceStart sshd"
+        rlRun "ssh-keyscan localhost >> $HOME/.ssh/known_hosts"
+    rlPhaseEnd
+
+    rlPhaseStartTest "http download"
+        rlRun "su - curltester -c 'curl $HTTP_URL' &> http.log"
+        cat http.log
+        rlAssertGrep "$CONTENT" http.log
+    rlPhaseEnd
+
+    rlPhaseStartTest "ftp download"
+        rlRun "su - curltester -c 'curl $FTP_URL' &> ftp.log"
+        cat ftp.log
+        rlAssertGrep "$CONTENT" ftp.log
+    rlPhaseEnd
+
+if ! rlIsRHEL 5; then
+# scp sftp not supported on RHEL5
+
+    rlPhaseStartTest "scp download"
+        rlRun "curl -u curltester:$PASSWORD $OPTIONS scp://localhost/home/curltester/testfile &> scp.log"
+        cat scp.log
+        rlAssertGrep "$CONTENT" scp.log
+    rlPhaseEnd
+
+    rlPhaseStartTest "sftp download"
+        rlRun "curl -u curltester:$PASSWORD $OPTIONS sftp://localhost/home/curltester/testfile &> sftp.log"
+        cat sftp.log
+        rlAssertGrep "$CONTENT" sftp.log
+    rlPhaseEnd
+
+fi
+
+    rlPhaseStartCleanup
+        rlRun "rlServiceRestore"
+        rlFileRestore
+        rlRun "popd"
+        rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
+        rlRun "userdel -r --force curltester"
+    rlPhaseEnd
+rlJournalPrintText
+rlJournalEnd
--- a/tests/scp-and-sftp-download-test/main.fmf
+++ b/tests/scp-and-sftp-download-test/main.fmf
@ -0,0 +1,20 @@
+summary: downloads test file through scp and sftp
+description: |
+    Test scenario:
+    - scp download
+    - sftp download
+    - scp upload
+    - sftp upload
+
+    When PUBKEY_PARAM global variable is set to 'empty' or 'none', scenarios are executed
+    with empty --pubkey parameter (--pubkey "") or with the paramiter omitted
+contact: Daniel Rusek <drusek@redhat.com>
+require:
+  - findutils
+component:
+  - curl
+test: ./runtest.sh
+path: /tests/scp-and-sftp-download-test
+framework: beakerlib
+duration: 10m
+enabled: true
--- a/tests/scp-and-sftp-download-test/runtest.sh
+++ b/tests/scp-and-sftp-download-test/runtest.sh
@ -0,0 +1,129 @@
+#!/bin/bash
+# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   runtest.sh of /CoreOS/curl/Sanity/scp-and-sftp-download-test
+#   Description: downloads test file through scp and sftp
+#   Author: Karel Srot <ksrot@redhat.com>
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Copyright (c) 2012 Red Hat, Inc. All rights reserved.
+#
+#   This copyrighted material is made available to anyone wishing
+#   to use, modify, copy, or redistribute it subject to the terms
+#   and conditions of the GNU General Public License version 2.
+#
+#   This program is distributed in the hope that it will be
+#   useful, but WITHOUT ANY WARRANTY; without even the implied
+#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+#   PURPOSE. See the GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public
+#   License along with this program; if not, write to the Free
+#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+#   Boston, MA 02110-1301, USA.
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+# Include Beaker environment
+. /usr/share/beakerlib/beakerlib.sh || exit 1
+
+PACKAGE="curl"
+
+# GLOBAL/ENVIRONMENT VARIABLE:
+# PUBKEY_PARAM
+
+if [ "$PUBKEY_PARAM" == 'none' ]; then
+  PUBKEY_PARAM=""
+elif [ "$PUBKEY_PARAM" == 'empty' ]; then
+  PUBKEY_PARAM="--pubkey ''"
+else
+  PUBKEY_PARAM='--pubkey /root/.ssh/id_rsa.pub'
+fi
+
+FILESIZE=200 #MB
+OPTIONS=""
+rlIsRHEL 7 && OPTIONS="--insecure"
+
+rlJournalStart
+    rlPhaseStartSetup
+        rlAssertRpm $PACKAGE
+        rlFileBackup --clean  /root/.ssh/known_hosts /root/.ssh
+        rlFileBackup --clean  /etc/ssh/sshd_config
+        rlRun "useradd -m curltestuser"
+
+        # In FIPS-140 we need to explicitly allow one of libssh2-implemented
+        # Kex algorithms (eg. DH14-SHA1).
+        rlRun "echo 'KexAlgorithms +diffie-hellman-group14-sha1' >> /etc/ssh/sshd_config" 0
+        rlServiceStop "sshd"
+        rlRun "service sshd start && sleep 5" 0
+
+        # file for download test
+        rlRun "su - curltestuser -c 'dd if=/dev/zero of=testfile bs=1M count=200'" 0 "Creating $FILESIZE MB large test file"
+        SUM=`sha256sum /home/curltestuser/testfile | cut -d ' ' -f 1`
+        rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
+        rlRun "pushd $TmpDir"
+        rlRun "rm -vf /root/.ssh/*"
+        rlRun "ssh-keygen -t rsa -f /root/.ssh/id_rsa -N ''" 0 "Generate ssh key"
+        rlRun "mkdir /home/curltestuser/.ssh && cat /root/.ssh/id_rsa.pub > /home/curltestuser/.ssh/authorized_keys && chown -R curltestuser.curltestuser /home/curltestuser/.ssh/" 0 "Save the key to .ssh/authorized_keys"
+
+        # this is a workaround as libssh2 is not able to use newer hashes
+        #rlRun "ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/root/.ssh/known_hosts curltestuser@localhost 'exit'" 0 "First ssh login to add localhost to known_hosts"
+        rlRun "ssh-keyscan localhost >>/root/.ssh/known_hosts"
+
+        # files for upload test
+        rlRun "dd if=/dev/zero of=uploadfile1 bs=1M count=50" 0 "Creating 50 MB large test file"
+        UPSUM1=`sha256sum uploadfile1 | cut -d ' ' -f 1`
+        rlRun "dd if=/dev/zero of=uploadfile2 bs=1M count=20" 0 "Creating 20 MB large test file"
+        UPSUM2=`sha256sum uploadfile2 | cut -d ' ' -f 1`
+    rlPhaseEnd
+
+    rlPhaseStartTest "scp download test"
+        rlRun "curl -o ./scp_file -u curltestuser: --key /root/.ssh/id_rsa $PUBKEY_PARAM $OPTIONS scp://localhost/home/curltestuser/testfile" 0 "Initiate curl scp download"
+        rlAssertExists scp_file
+        SCPSUM=`sha256sum ./scp_file | cut -d ' ' -f 1`
+        rlAssertEquals "Checking that whole file was properly downloaded" $SUM $SCPSUM
+        rm -f ./scp_file
+    rlPhaseEnd
+
+    rlPhaseStartTest "sftp download test"
+        rlRun "curl -o ./sftp_file -u curltestuser: --key /root/.ssh/id_rsa $PUBKEY_PARAM $OPTIONS sftp://localhost/home/curltestuser/testfile" 0 "Initiate curl scp download"
+        rlAssertExists sftp_file
+        SFTPSUM=`sha256sum ./sftp_file | cut -d ' ' -f 1`
+        rlAssertEquals "Checking that whole file was properly downloaded" $SUM $SFTPSUM
+        rm -f ./sftp_file
+    rlPhaseEnd
+
+    rlPhaseStartTest "scp upload test"
+        rlRun "curl -T '{uploadfile1,uploadfile2}' scp://localhost/home/curltestuser/ -u curltestuser: --key /root/.ssh/id_rsa $PUBKEY_PARAM $OPTIONS" 0 "Initiate curl scp upload"
+        rlAssertExists /home/curltestuser/uploadfile1
+        rlAssertExists /home/curltestuser/uploadfile2
+        SCPUPSUM1=`sha256sum /home/curltestuser/uploadfile1 | cut -d ' ' -f 1`
+        SCPUPSUM2=`sha256sum /home/curltestuser/uploadfile2 | cut -d ' ' -f 1`
+        rlAssertEquals "Checking that 1st file was properly uploaded" ${UPSUM1} ${SCPUPSUM1}
+        rlAssertEquals "Checking that 2nd file was properly uploaded" ${UPSUM2} ${SCPUPSUM2}
+        rm -f /home/curltestuser/uploadfile1 /home/curltestuser/uploadfile2
+    rlPhaseEnd
+
+    rlPhaseStartTest "sftp upload test"
+        rlRun "curl -T '{uploadfile1,uploadfile2}' sftp://localhost/home/curltestuser/ -u curltestuser: --key /root/.ssh/id_rsa $PUBKEY_PARAM $OPTIONS" 0 "Initiate curl sftp upload"
+        rlAssertExists /home/curltestuser/uploadfile1
+        rlAssertExists /home/curltestuser/uploadfile2
+        SFTPUPSUM1=`sha256sum /home/curltestuser/uploadfile1 | cut -d ' ' -f 1`
+        SFTPUPSUM2=`sha256sum /home/curltestuser/uploadfile2 | cut -d ' ' -f 1`
+        rlAssertEquals "Checking that 1st file was properly uploaded" ${UPSUM1} ${SFTPUPSUM1}
+        rlAssertEquals "Checking that 2nd file was properly uploaded" ${UPSUM2} ${SFTPUPSUM2}
+        rm -f /home/curltestuser/uploadfile1 /home/curltestuser/uploadfile2
+    rlPhaseEnd
+
+
+    rlPhaseStartCleanup
+        rlRun "userdel -r --force curltestuser"
+        rlRun "popd"
+        rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
+        rlFileRestore
+        rlServiceRestore "sshd"
+    rlPhaseEnd
+rlJournalPrintText
+rlJournalEnd