new upstream release - 8.18.0

Related: #2408809

.gitignore

@@ -1,2 +1,6 @@
 /curl-[0-9.]*.tar.lzma
+/curl-[0-9.]*.tar.lzma.asc
 /curl-[0-9.]*.tar.xz
+/curl-[0-9.]*.tar.xz.asc
+/curl-[0-9]*.[0-9]*.[0-9]*/
+/*.src.rpm

0002-curl-7.82.0-CVE-2022-22576.patch

@@ -1,148 +0,0 @@
-From 85d1103c2fc0c9b1bdfae470dbafd45758e1c2f0 Mon Sep 17 00:00:00 2001
-From: Patrick Monnerat <patrick@monnerat.net>
-Date: Mon, 25 Apr 2022 11:44:05 +0200
-Subject: [PATCH] url: check sasl additional parameters for connection reuse.
-
-Also move static function safecmp() as non-static Curl_safecmp() since
-its purpose is needed at several places.
-
-Bug: https://curl.se/docs/CVE-2022-22576.html
-
-CVE-2022-22576
-
-Closes #8746
-
-Upstream-commit: 852aa5ad351ea53e5f01d2f44b5b4370c2bf5425
-Signed-off-by: Kamil Dudka <kdudka@redhat.com>
----
- lib/strcase.c   | 10 ++++++++++
- lib/strcase.h   |  2 ++
- lib/url.c       | 13 ++++++++++++-
- lib/urldata.h   |  1 +
- lib/vtls/vtls.c | 21 ++++++---------------
- 5 files changed, 31 insertions(+), 16 deletions(-)
-
-diff --git a/lib/strcase.c b/lib/strcase.c
-index dd46ca1..692a3f1 100644
---- a/lib/strcase.c
-+++ b/lib/strcase.c
-@@ -251,6 +251,16 @@ void Curl_strntolower(char *dest, const char *src, size_t n)
-   } while(*src++ && --n);
- }
- 
-+/* Compare case-sensitive NUL-terminated strings, taking care of possible
-+ * null pointers. Return true if arguments match.
-+ */
-+bool Curl_safecmp(char *a, char *b)
-+{
-+  if(a && b)
-+    return !strcmp(a, b);
-+  return !a && !b;
-+}
-+
- /* --- public functions --- */
- 
- int curl_strequal(const char *first, const char *second)
-diff --git a/lib/strcase.h b/lib/strcase.h
-index b628656..382b80a 100644
---- a/lib/strcase.h
-+++ b/lib/strcase.h
-@@ -48,4 +48,6 @@ char Curl_raw_toupper(char in);
- void Curl_strntoupper(char *dest, const char *src, size_t n);
- void Curl_strntolower(char *dest, const char *src, size_t n);
- 
-+bool Curl_safecmp(char *a, char *b);
-+
- #endif /* HEADER_CURL_STRCASE_H */
-diff --git a/lib/url.c b/lib/url.c
-index adef2cd..94e3406 100644
---- a/lib/url.c
-+++ b/lib/url.c
-@@ -784,6 +784,7 @@ static void conn_free(struct connectdata *conn)
-   Curl_safefree(conn->passwd);
-   Curl_safefree(conn->sasl_authzid);
-   Curl_safefree(conn->options);
-+  Curl_safefree(conn->oauth_bearer);
-   Curl_dyn_free(&conn->trailer);
-   Curl_safefree(conn->host.rawalloc); /* host name buffer */
-   Curl_safefree(conn->conn_to_host.rawalloc); /* host name buffer */
-@@ -1332,7 +1333,9 @@ ConnectionExists(struct Curl_easy *data,
-         /* This protocol requires credentials per connection,
-            so verify that we're using the same name and password as well */
-         if(strcmp(needle->user, check->user) ||
--           strcmp(needle->passwd, check->passwd)) {
-+           strcmp(needle->passwd, check->passwd) ||
-+           !Curl_safecmp(needle->sasl_authzid, check->sasl_authzid) ||
-+           !Curl_safecmp(needle->oauth_bearer, check->oauth_bearer)) {
-           /* one of them was different */
-           continue;
-         }
-@@ -3596,6 +3599,14 @@ static CURLcode create_conn(struct Curl_easy *data,
-     }
-   }
- 
-+  if(data->set.str[STRING_BEARER]) {
-+    conn->oauth_bearer = strdup(data->set.str[STRING_BEARER]);
-+    if(!conn->oauth_bearer) {
-+      result = CURLE_OUT_OF_MEMORY;
-+      goto out;
-+    }
-+  }
-+
- #ifdef USE_UNIX_SOCKETS
-   if(data->set.str[STRING_UNIX_SOCKET_PATH]) {
-     conn->unix_domain_socket = strdup(data->set.str[STRING_UNIX_SOCKET_PATH]);
-diff --git a/lib/urldata.h b/lib/urldata.h
-index cc8a600..03da59a 100644
---- a/lib/urldata.h
-+++ b/lib/urldata.h
-@@ -980,6 +980,7 @@ struct connectdata {
-   char *passwd;  /* password string, allocated */
-   char *options; /* options string, allocated */
-   char *sasl_authzid;     /* authorisation identity string, allocated */
-+  char *oauth_bearer; /* OAUTH2 bearer, allocated */
-   unsigned char httpversion; /* the HTTP version*10 reported by the server */
-   struct curltime now;     /* "current" time */
-   struct curltime created; /* creation time */
-diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c
-index 03b85ba..a40ac06 100644
---- a/lib/vtls/vtls.c
-+++ b/lib/vtls/vtls.c
-@@ -125,15 +125,6 @@ static bool blobcmp(struct curl_blob *first, struct curl_blob *second)
-   return !memcmp(first->data, second->data, first->len); /* same data */
- }
- 
--static bool safecmp(char *a, char *b)
--{
--  if(a && b)
--    return !strcmp(a, b);
--  else if(!a && !b)
--    return TRUE; /* match */
--  return FALSE; /* no match */
--}
--
- 
- bool
- Curl_ssl_config_matches(struct ssl_primary_config *data,
-@@ -147,12 +138,12 @@ Curl_ssl_config_matches(struct ssl_primary_config *data,
-      blobcmp(data->cert_blob, needle->cert_blob) &&
-      blobcmp(data->ca_info_blob, needle->ca_info_blob) &&
-      blobcmp(data->issuercert_blob, needle->issuercert_blob) &&
--     safecmp(data->CApath, needle->CApath) &&
--     safecmp(data->CAfile, needle->CAfile) &&
--     safecmp(data->issuercert, needle->issuercert) &&
--     safecmp(data->clientcert, needle->clientcert) &&
--     safecmp(data->random_file, needle->random_file) &&
--     safecmp(data->egdsocket, needle->egdsocket) &&
-+     Curl_safecmp(data->CApath, needle->CApath) &&
-+     Curl_safecmp(data->CAfile, needle->CAfile) &&
-+     Curl_safecmp(data->issuercert, needle->issuercert) &&
-+     Curl_safecmp(data->clientcert, needle->clientcert) &&
-+     Curl_safecmp(data->random_file, needle->random_file) &&
-+     Curl_safecmp(data->egdsocket, needle->egdsocket) &&
-      Curl_safe_strcasecompare(data->cipher_list, needle->cipher_list) &&
-      Curl_safe_strcasecompare(data->cipher_list13, needle->cipher_list13) &&
-      Curl_safe_strcasecompare(data->curves, needle->curves) &&
--- 
-2.34.1
-

0003-curl-7.82.0-CVE-2022-27775.patch

@@ -1,40 +0,0 @@
-From 187d0795030ccb4f410eb6089e265ac3571e56dd Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Mon, 25 Apr 2022 11:48:00 +0200
-Subject: [PATCH] conncache: include the zone id in the "bundle" hashkey
-
-Make connections to two separate IPv6 zone ids create separate
-connections.
-
-Reported-by: Harry Sintonen
-Bug: https://curl.se/docs/CVE-2022-27775.html
-Closes #8747
-
-Upstream-commit: 058f98dc3fe595f21dc26a5b9b1699e519ba5705
-Signed-off-by: Kamil Dudka <kdudka@redhat.com>
----
- lib/conncache.c | 8 ++++++--
- 1 file changed, 6 insertions(+), 2 deletions(-)
-
-diff --git a/lib/conncache.c b/lib/conncache.c
-index cd5756a..9b9f683 100644
---- a/lib/conncache.c
-+++ b/lib/conncache.c
-@@ -160,8 +160,12 @@ static void hashkey(struct connectdata *conn, char *buf,
-     /* report back which name we used */
-     *hostp = hostname;
- 
--  /* put the number first so that the hostname gets cut off if too long */
--  msnprintf(buf, len, "%ld%s", port, hostname);
-+  /* put the numbers first so that the hostname gets cut off if too long */
-+#ifdef ENABLE_IPV6
-+  msnprintf(buf, len, "%u/%ld/%s", conn->scope_id, port, hostname);
-+#else
-+  msnprintf(buf, len, "%ld/%s", port, hostname);
-+#endif
-   Curl_strntolower(buf, buf, len);
- }
- 
--- 
-2.34.1
-

0004-curl-7.82.0-CVE-2022-27776.patch

@@ -1,246 +0,0 @@
-From 2be87227d4b4024c91ff6c856520cac9c9619555 Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Mon, 25 Apr 2022 13:05:40 +0200
-Subject: [PATCH 1/2] http: avoid auth/cookie on redirects same host diff port
-
-CVE-2022-27776
-
-Reported-by: Harry Sintonen
-Bug: https://curl.se/docs/CVE-2022-27776.html
-Closes #8749
-
-Upstream-commit: 6e659993952aa5f90f48864be84a1bbb047fc258
-Signed-off-by: Kamil Dudka <kdudka@redhat.com>
----
- lib/http.c    | 34 ++++++++++++++++++++++------------
- lib/urldata.h | 16 +++++++++-------
- 2 files changed, 31 insertions(+), 19 deletions(-)
-
-diff --git a/lib/http.c b/lib/http.c
-index 799d4fb..0791dcf 100644
---- a/lib/http.c
-+++ b/lib/http.c
-@@ -775,6 +775,21 @@ output_auth_headers(struct Curl_easy *data,
-   return CURLE_OK;
- }
- 
-+/*
-+ * allow_auth_to_host() tells if autentication, cookies or other "sensitive
-+ * data" can (still) be sent to this host.
-+ */
-+static bool allow_auth_to_host(struct Curl_easy *data)
-+{
-+  struct connectdata *conn = data->conn;
-+  return (!data->state.this_is_a_follow ||
-+          data->set.allow_auth_to_other_hosts ||
-+          (data->state.first_host &&
-+           strcasecompare(data->state.first_host, conn->host.name) &&
-+           (data->state.first_remote_port == conn->remote_port) &&
-+           (data->state.first_remote_protocol == conn->handler->protocol)));
-+}
-+
- /**
-  * Curl_http_output_auth() setups the authentication headers for the
-  * host/proxy and the correct authentication
-@@ -847,17 +862,14 @@ Curl_http_output_auth(struct Curl_easy *data,
-        with it */
-     authproxy->done = TRUE;
- 
--  /* To prevent the user+password to get sent to other than the original
--     host due to a location-follow, we do some weirdo checks here */
--  if(!data->state.this_is_a_follow ||
-+  /* To prevent the user+password to get sent to other than the original host
-+     due to a location-follow */
-+  if(allow_auth_to_host(data)
- #ifndef CURL_DISABLE_NETRC
--     conn->bits.netrc ||
-+     || conn->bits.netrc
- #endif
--     !data->state.first_host ||
--     data->set.allow_auth_to_other_hosts ||
--     strcasecompare(data->state.first_host, conn->host.name)) {
-+    )
-     result = output_auth_headers(data, conn, authhost, request, path, FALSE);
--  }
-   else
-     authhost->done = TRUE;
- 
-@@ -1913,10 +1925,7 @@ CURLcode Curl_add_custom_headers(struct Curl_easy *data,
-                    checkprefix("Cookie:", compare)) &&
-                   /* be careful of sending this potentially sensitive header to
-                      other hosts */
--                  (data->state.this_is_a_follow &&
--                   data->state.first_host &&
--                   !data->set.allow_auth_to_other_hosts &&
--                   !strcasecompare(data->state.first_host, conn->host.name)))
-+                  !allow_auth_to_host(data))
-             ;
-           else {
- #ifdef USE_HYPER
-@@ -2088,6 +2097,7 @@ CURLcode Curl_http_host(struct Curl_easy *data, struct connectdata *conn)
-       return CURLE_OUT_OF_MEMORY;
- 
-     data->state.first_remote_port = conn->remote_port;
-+    data->state.first_remote_protocol = conn->handler->protocol;
-   }
-   Curl_safefree(data->state.aptr.host);
- 
-diff --git a/lib/urldata.h b/lib/urldata.h
-index 03da59a..f92052a 100644
---- a/lib/urldata.h
-+++ b/lib/urldata.h
-@@ -1325,14 +1325,16 @@ struct UrlState {
-   char *ulbuf; /* allocated upload buffer or NULL */
-   curl_off_t current_speed;  /* the ProgressShow() function sets this,
-                                 bytes / second */
--  char *first_host; /* host name of the first (not followed) request.
--                       if set, this should be the host name that we will
--                       sent authorization to, no else. Used to make Location:
--                       following not keep sending user+password... This is
--                       strdup() data.
--                    */
-+
-+  /* host name, port number and protocol of the first (not followed) request.
-+     if set, this should be the host name that we will sent authorization to,
-+     no else. Used to make Location: following not keep sending user+password.
-+     This is strdup()ed data. */
-+  char *first_host;
-+  int first_remote_port;
-+  unsigned int first_remote_protocol;
-+
-   int retrycount; /* number of retries on a new connection */
--  int first_remote_port; /* remote port of the first (not followed) request */
-   struct Curl_ssl_session *session; /* array of 'max_ssl_sessions' size */
-   long sessionage;                  /* number of the most recent session */
-   struct tempbuf tempwrite[3]; /* BOTH, HEADER, BODY */
--- 
-2.34.1
-
-
-From c0d12f1634785596746e5d461319dcb95b5b6ae8 Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Mon, 25 Apr 2022 13:05:47 +0200
-Subject: [PATCH 2/2] test898: verify the fix for CVE-2022-27776
-
-Do not pass on Authorization headers on redirects to another port
-
-Upstream-commit: afe752e0504ab60bf63787ede0b992cbe1065f78
-Signed-off-by: Kamil Dudka <kdudka@redhat.com>
----
- tests/data/Makefile.inc |  2 +-
- tests/data/test898      | 90 +++++++++++++++++++++++++++++++++++++++++
- 2 files changed, 91 insertions(+), 1 deletion(-)
- create mode 100644 tests/data/test898
-
-diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
-index 59d46bc..7ae2cf8 100644
---- a/tests/data/Makefile.inc
-+++ b/tests/data/Makefile.inc
-@@ -106,7 +106,7 @@ test854 test855 test856 test857 test858 test859 test860 test861 test862 \
- test863 test864 test865 test866 test867 test868 test869 test870 test871 \
- test872 test873 test874 test875 test876 test877 test878 test879 test880 \
- test881 test882 test883 test884 test885 test886 test887 test888 test889 \
--test890 test891 test892 test893 test894 test895 test896 test897 \
-+test890 test891 test892 test893 test894 test895 test896 test897 test898 \
- \
- test900 test901 test902 test903 test904 test905 test906 test907 test908 \
- test909 test910 test911 test912 test913 test914 test915 test916 test917 \
-diff --git a/tests/data/test898 b/tests/data/test898
-new file mode 100644
-index 0000000..5cbb7d8
---- /dev/null
-+++ b/tests/data/test898
-@@ -0,0 +1,90 @@
-+<testcase>
-+<info>
-+<keywords>
-+HTTP
-+--location
-+Authorization
-+Cookie
-+</keywords>
-+</info>
-+
-+#
-+# Server-side
-+<reply>
-+<data>
-+HTTP/1.1 301 redirect
-+Date: Tue, 09 Nov 2010 14:49:00 GMT
-+Server: test-server/fake
-+Content-Length: 0
-+Connection: close
-+Content-Type: text/html
-+Location: http://firsthost.com:9999/a/path/%TESTNUMBER0002
-+
-+</data>
-+<data2>
-+HTTP/1.1 200 OK
-+Date: Tue, 09 Nov 2010 14:49:00 GMT
-+Server: test-server/fake
-+Content-Length: 4
-+Connection: close
-+Content-Type: text/html
-+
-+hey
-+</data2>
-+
-+<datacheck>
-+HTTP/1.1 301 redirect
-+Date: Tue, 09 Nov 2010 14:49:00 GMT
-+Server: test-server/fake
-+Content-Length: 0
-+Connection: close
-+Content-Type: text/html
-+Location: http://firsthost.com:9999/a/path/%TESTNUMBER0002
-+
-+HTTP/1.1 200 OK
-+Date: Tue, 09 Nov 2010 14:49:00 GMT
-+Server: test-server/fake
-+Content-Length: 4
-+Connection: close
-+Content-Type: text/html
-+
-+hey
-+</datacheck>
-+
-+</reply>
-+
-+#
-+# Client-side
-+<client>
-+<server>
-+http
-+</server>
-+ <name>
-+HTTP with custom auth and cookies redirected to HTTP on a diff port
-+ </name>
-+ <command>
-+-x http://%HOSTIP:%HTTPPORT http://firsthost.com -L -H "Authorization: Basic am9lOnNlY3JldA==" -H "Cookie: userpwd=am9lOnNlY3JldA=="
-+</command>
-+</client>
-+
-+#
-+# Verify data after the test has been "shot"
-+<verify>
-+<protocol>
-+GET http://firsthost.com/ HTTP/1.1
-+Host: firsthost.com
-+User-Agent: curl/%VERSION
-+Accept: */*
-+Proxy-Connection: Keep-Alive
-+Authorization: Basic am9lOnNlY3JldA==
-+Cookie: userpwd=am9lOnNlY3JldA==
-+
-+GET http://firsthost.com:9999/a/path/%TESTNUMBER0002 HTTP/1.1
-+Host: firsthost.com:9999
-+User-Agent: curl/%VERSION
-+Accept: */*
-+Proxy-Connection: Keep-Alive
-+
-+</protocol>
-+</verify>
-+</testcase>
--- 
-2.34.1
-

0005-curl-7.82.0-CVE-2022-27774.patch

@@ -1,636 +0,0 @@
-From ecee0926868d138312e9608531b232f697e50cad Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Mon, 25 Apr 2022 16:24:33 +0200
-Subject: [PATCH 1/4] connect: store "conn_remote_port" in the info struct
-
-To make it available after the connection ended.
-
-Upstream-commit: 08b8ef4e726ba10f45081ecda5b3cea788d3c839
-Signed-off-by: Kamil Dudka <kdudka@redhat.com>
----
- lib/connect.c | 1 +
- lib/urldata.h | 6 +++++-
- 2 files changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/lib/connect.c b/lib/connect.c
-index 64f9511..7518807 100644
---- a/lib/connect.c
-+++ b/lib/connect.c
-@@ -617,6 +617,7 @@ void Curl_persistconninfo(struct Curl_easy *data, struct connectdata *conn,
-   data->info.conn_scheme = conn->handler->scheme;
-   data->info.conn_protocol = conn->handler->protocol;
-   data->info.conn_primary_port = conn->port;
-+  data->info.conn_remote_port = conn->remote_port;
-   data->info.conn_local_port = local_port;
- }
- 
-diff --git a/lib/urldata.h b/lib/urldata.h
-index f92052a..5218f76 100644
---- a/lib/urldata.h
-+++ b/lib/urldata.h
-@@ -1156,7 +1156,11 @@ struct PureInfo {
-      reused, in the connection cache. */
- 
-   char conn_primary_ip[MAX_IPADR_LEN];
--  int conn_primary_port;
-+  int conn_primary_port; /* this is the destination port to the connection,
-+                            which might have been a proxy */
-+  int conn_remote_port;  /* this is the "remote port", which is the port
-+                            number of the used URL, independent of proxy or
-+                            not */
-   char conn_local_ip[MAX_IPADR_LEN];
-   int conn_local_port;
-   const char *conn_scheme;
--- 
-2.34.1
-
-
-From 12c129f8d0b165d83ed954f68717d88ffc1cfc5f Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Mon, 25 Apr 2022 16:24:33 +0200
-Subject: [PATCH 2/4] transfer: redirects to other protocols or ports clear
- auth
-
-... unless explicitly permitted.
-
-Bug: https://curl.se/docs/CVE-2022-27774.html
-Reported-by: Harry Sintonen
-Closes #8748
-
-Upstream-commit: 620ea21410030a9977396b4661806bc187231b79
-Signed-off-by: Kamil Dudka <kdudka@redhat.com>
----
- lib/transfer.c | 49 ++++++++++++++++++++++++++++++++++++++++++++++++-
- 1 file changed, 48 insertions(+), 1 deletion(-)
-
-diff --git a/lib/transfer.c b/lib/transfer.c
-index 1f8019b..752fe14 100644
---- a/lib/transfer.c
-+++ b/lib/transfer.c
-@@ -1652,10 +1652,57 @@ CURLcode Curl_follow(struct Curl_easy *data,
-       return CURLE_OUT_OF_MEMORY;
-   }
-   else {
--
-     uc = curl_url_get(data->state.uh, CURLUPART_URL, &newurl, 0);
-     if(uc)
-       return Curl_uc_to_curlcode(uc);
-+
-+    /* Clear auth if this redirects to a different port number or protocol,
-+       unless permitted */
-+    if(!data->set.allow_auth_to_other_hosts && (type != FOLLOW_FAKE)) {
-+      char *portnum;
-+      int port;
-+      bool clear = FALSE;
-+
-+      if(data->set.use_port && data->state.allow_port)
-+        /* a custom port is used */
-+        port = (int)data->set.use_port;
-+      else {
-+        uc = curl_url_get(data->state.uh, CURLUPART_PORT, &portnum,
-+                          CURLU_DEFAULT_PORT);
-+        if(uc) {
-+          free(newurl);
-+          return Curl_uc_to_curlcode(uc);
-+        }
-+        port = atoi(portnum);
-+        free(portnum);
-+      }
-+      if(port != data->info.conn_remote_port) {
-+        infof(data, "Clear auth, redirects to port from %u to %u",
-+              data->info.conn_remote_port, port);
-+        clear = TRUE;
-+      }
-+      else {
-+        char *scheme;
-+        const struct Curl_handler *p;
-+        uc = curl_url_get(data->state.uh, CURLUPART_SCHEME, &scheme, 0);
-+        if(uc) {
-+          free(newurl);
-+          return Curl_uc_to_curlcode(uc);
-+        }
-+
-+        p = Curl_builtin_scheme(scheme);
-+        if(p && (p->protocol != data->info.conn_protocol)) {
-+          infof(data, "Clear auth, redirects scheme from %s to %s",
-+                data->info.conn_scheme, scheme);
-+          clear = TRUE;
-+        }
-+        free(scheme);
-+      }
-+      if(clear) {
-+        Curl_safefree(data->state.aptr.user);
-+        Curl_safefree(data->state.aptr.passwd);
-+      }
-+    }
-   }
- 
-   if(type == FOLLOW_FAKE) {
--- 
-2.34.1
-
-
-From 83bf4314d88cc16469afeaaefd6686a50371d1b7 Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Mon, 25 Apr 2022 16:24:33 +0200
-Subject: [PATCH 3/4] tests: verify the fix for CVE-2022-27774
-
- - Test 973 redirects from HTTP to FTP, clear auth
- - Test 974 redirects from HTTP to HTTP different port, clear auth
- - Test 975 redirects from HTTP to FTP, permitted to keep auth
- - Test 976 redirects from HTTP to HTTP different port, permitted to keep
-   auth
-
-Upstream-commit: 5295e8d64ac6949ecb3f9e564317a608f51b90d8
-Signed-off-by: Kamil Dudka <kdudka@redhat.com>
----
- tests/data/Makefile.inc |  2 +-
- tests/data/test973      | 88 +++++++++++++++++++++++++++++++++++++++++
- tests/data/test974      | 87 ++++++++++++++++++++++++++++++++++++++++
- tests/data/test975      | 88 +++++++++++++++++++++++++++++++++++++++++
- tests/data/test976      | 88 +++++++++++++++++++++++++++++++++++++++++
- 5 files changed, 352 insertions(+), 1 deletion(-)
- create mode 100644 tests/data/test973
- create mode 100644 tests/data/test974
- create mode 100644 tests/data/test975
- create mode 100644 tests/data/test976
-
-diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
-index 7ae2cf8..175fc43 100644
---- a/tests/data/Makefile.inc
-+++ b/tests/data/Makefile.inc
-@@ -116,7 +116,7 @@ test936 test937 test938 test939 test940 test941 test942 test943 test944 \
- test945 test946 test947 test948 test949 test950 test951 test952 test953 \
- test954 test955 test956 test957 test958 test959 test960 test961 test962 \
- test963 test964 test965 test966 test967 test968 test969 test970 test971 \
--test972 \
-+test972 test973 test974 test975 test976 \
- \
- test980 test981 test982 test983 test984 test985 test986 \
- \
-diff --git a/tests/data/test973 b/tests/data/test973
-new file mode 100644
-index 0000000..6ced107
---- /dev/null
-+++ b/tests/data/test973
-@@ -0,0 +1,88 @@
-+<testcase>
-+<info>
-+<keywords>
-+HTTP
-+FTP
-+--location
-+</keywords>
-+</info>
-+
-+#
-+# Server-side
-+<reply>
-+<data>
-+HTTP/1.1 301 redirect
-+Date: Tue, 09 Nov 2010 14:49:00 GMT
-+Server: test-server/fake
-+Content-Length: 0
-+Connection: close
-+Content-Type: text/html
-+Location: ftp://%HOSTIP:%FTPPORT/a/path/%TESTNUMBER0002
-+
-+</data>
-+<data2>
-+data
-+    to
-+      see
-+that FTP
-+works
-+  so does it?
-+</data2>
-+
-+<datacheck>
-+HTTP/1.1 301 redirect
-+Date: Tue, 09 Nov 2010 14:49:00 GMT
-+Server: test-server/fake
-+Content-Length: 0
-+Connection: close
-+Content-Type: text/html
-+Location: ftp://%HOSTIP:%FTPPORT/a/path/%TESTNUMBER0002
-+
-+data
-+    to
-+      see
-+that FTP
-+works
-+  so does it?
-+</datacheck>
-+
-+</reply>
-+
-+#
-+# Client-side
-+<client>
-+<server>
-+http
-+ftp
-+</server>
-+ <name>
-+HTTP with auth redirected to FTP w/o auth
-+ </name>
-+ <command>
-+http://%HOSTIP:%HTTPPORT/%TESTNUMBER -L -u joe:secret
-+</command>
-+</client>
-+
-+#
-+# Verify data after the test has been "shot"
-+<verify>
-+<protocol>
-+GET /%TESTNUMBER HTTP/1.1
-+Host: %HOSTIP:%HTTPPORT
-+Authorization: Basic am9lOnNlY3JldA==
-+User-Agent: curl/%VERSION
-+Accept: */*
-+
-+USER anonymous
-+PASS ftp@example.com
-+PWD
-+CWD a
-+CWD path
-+EPSV
-+TYPE I
-+SIZE %TESTNUMBER0002
-+RETR %TESTNUMBER0002
-+QUIT
-+</protocol>
-+</verify>
-+</testcase>
-diff --git a/tests/data/test974 b/tests/data/test974
-new file mode 100644
-index 0000000..ac4e641
---- /dev/null
-+++ b/tests/data/test974
-@@ -0,0 +1,87 @@
-+<testcase>
-+<info>
-+<keywords>
-+HTTP
-+--location
-+</keywords>
-+</info>
-+
-+#
-+# Server-side
-+<reply>
-+<data>
-+HTTP/1.1 301 redirect
-+Date: Tue, 09 Nov 2010 14:49:00 GMT
-+Server: test-server/fake
-+Content-Length: 0
-+Connection: close
-+Content-Type: text/html
-+Location: http://firsthost.com:9999/a/path/%TESTNUMBER0002
-+
-+</data>
-+<data2>
-+HTTP/1.1 200 OK
-+Date: Tue, 09 Nov 2010 14:49:00 GMT
-+Server: test-server/fake
-+Content-Length: 4
-+Connection: close
-+Content-Type: text/html
-+
-+hey
-+</data2>
-+
-+<datacheck>
-+HTTP/1.1 301 redirect
-+Date: Tue, 09 Nov 2010 14:49:00 GMT
-+Server: test-server/fake
-+Content-Length: 0
-+Connection: close
-+Content-Type: text/html
-+Location: http://firsthost.com:9999/a/path/%TESTNUMBER0002
-+
-+HTTP/1.1 200 OK
-+Date: Tue, 09 Nov 2010 14:49:00 GMT
-+Server: test-server/fake
-+Content-Length: 4
-+Connection: close
-+Content-Type: text/html
-+
-+hey
-+</datacheck>
-+
-+</reply>
-+
-+#
-+# Client-side
-+<client>
-+<server>
-+http
-+</server>
-+ <name>
-+HTTP with auth redirected to HTTP on a diff port w/o auth
-+ </name>
-+ <command>
-+-x http://%HOSTIP:%HTTPPORT http://firsthost.com -L -u joe:secret
-+</command>
-+</client>
-+
-+#
-+# Verify data after the test has been "shot"
-+<verify>
-+<protocol>
-+GET http://firsthost.com/ HTTP/1.1
-+Host: firsthost.com
-+Authorization: Basic am9lOnNlY3JldA==
-+User-Agent: curl/%VERSION
-+Accept: */*
-+Proxy-Connection: Keep-Alive
-+
-+GET http://firsthost.com:9999/a/path/%TESTNUMBER0002 HTTP/1.1
-+Host: firsthost.com:9999
-+User-Agent: curl/%VERSION
-+Accept: */*
-+Proxy-Connection: Keep-Alive
-+
-+</protocol>
-+</verify>
-+</testcase>
-diff --git a/tests/data/test975 b/tests/data/test975
-new file mode 100644
-index 0000000..85e03e4
---- /dev/null
-+++ b/tests/data/test975
-@@ -0,0 +1,88 @@
-+<testcase>
-+<info>
-+<keywords>
-+HTTP
-+FTP
-+--location-trusted
-+</keywords>
-+</info>
-+
-+#
-+# Server-side
-+<reply>
-+<data>
-+HTTP/1.1 301 redirect
-+Date: Tue, 09 Nov 2010 14:49:00 GMT
-+Server: test-server/fake
-+Content-Length: 0
-+Connection: close
-+Content-Type: text/html
-+Location: ftp://%HOSTIP:%FTPPORT/a/path/%TESTNUMBER0002
-+
-+</data>
-+<data2>
-+data
-+    to
-+      see
-+that FTP
-+works
-+  so does it?
-+</data2>
-+
-+<datacheck>
-+HTTP/1.1 301 redirect
-+Date: Tue, 09 Nov 2010 14:49:00 GMT
-+Server: test-server/fake
-+Content-Length: 0
-+Connection: close
-+Content-Type: text/html
-+Location: ftp://%HOSTIP:%FTPPORT/a/path/%TESTNUMBER0002
-+
-+data
-+    to
-+      see
-+that FTP
-+works
-+  so does it?
-+</datacheck>
-+
-+</reply>
-+
-+#
-+# Client-side
-+<client>
-+<server>
-+http
-+ftp
-+</server>
-+ <name>
-+HTTP with auth redirected to FTP allowing auth to continue
-+ </name>
-+ <command>
-+http://%HOSTIP:%HTTPPORT/%TESTNUMBER --location-trusted -u joe:secret
-+</command>
-+</client>
-+
-+#
-+# Verify data after the test has been "shot"
-+<verify>
-+<protocol>
-+GET /%TESTNUMBER HTTP/1.1
-+Host: %HOSTIP:%HTTPPORT
-+Authorization: Basic am9lOnNlY3JldA==
-+User-Agent: curl/%VERSION
-+Accept: */*
-+
-+USER joe
-+PASS secret
-+PWD
-+CWD a
-+CWD path
-+EPSV
-+TYPE I
-+SIZE %TESTNUMBER0002
-+RETR %TESTNUMBER0002
-+QUIT
-+</protocol>
-+</verify>
-+</testcase>
-diff --git a/tests/data/test976 b/tests/data/test976
-new file mode 100644
-index 0000000..c4dd61e
---- /dev/null
-+++ b/tests/data/test976
-@@ -0,0 +1,88 @@
-+<testcase>
-+<info>
-+<keywords>
-+HTTP
-+--location-trusted
-+</keywords>
-+</info>
-+
-+#
-+# Server-side
-+<reply>
-+<data>
-+HTTP/1.1 301 redirect
-+Date: Tue, 09 Nov 2010 14:49:00 GMT
-+Server: test-server/fake
-+Content-Length: 0
-+Connection: close
-+Content-Type: text/html
-+Location: http://firsthost.com:9999/a/path/%TESTNUMBER0002
-+
-+</data>
-+<data2>
-+HTTP/1.1 200 OK
-+Date: Tue, 09 Nov 2010 14:49:00 GMT
-+Server: test-server/fake
-+Content-Length: 4
-+Connection: close
-+Content-Type: text/html
-+
-+hey
-+</data2>
-+
-+<datacheck>
-+HTTP/1.1 301 redirect
-+Date: Tue, 09 Nov 2010 14:49:00 GMT
-+Server: test-server/fake
-+Content-Length: 0
-+Connection: close
-+Content-Type: text/html
-+Location: http://firsthost.com:9999/a/path/%TESTNUMBER0002
-+
-+HTTP/1.1 200 OK
-+Date: Tue, 09 Nov 2010 14:49:00 GMT
-+Server: test-server/fake
-+Content-Length: 4
-+Connection: close
-+Content-Type: text/html
-+
-+hey
-+</datacheck>
-+
-+</reply>
-+
-+#
-+# Client-side
-+<client>
-+<server>
-+http
-+</server>
-+ <name>
-+HTTP with auth redirected to HTTP on a diff port --location-trusted
-+ </name>
-+ <command>
-+-x http://%HOSTIP:%HTTPPORT http://firsthost.com --location-trusted -u joe:secret
-+</command>
-+</client>
-+
-+#
-+# Verify data after the test has been "shot"
-+<verify>
-+<protocol>
-+GET http://firsthost.com/ HTTP/1.1
-+Host: firsthost.com
-+Authorization: Basic am9lOnNlY3JldA==
-+User-Agent: curl/%VERSION
-+Accept: */*
-+Proxy-Connection: Keep-Alive
-+
-+GET http://firsthost.com:9999/a/path/%TESTNUMBER0002 HTTP/1.1
-+Host: firsthost.com:9999
-+Authorization: Basic am9lOnNlY3JldA==
-+User-Agent: curl/%VERSION
-+Accept: */*
-+Proxy-Connection: Keep-Alive
-+
-+</protocol>
-+</verify>
-+</testcase>
--- 
-2.34.1
-
-
-From 443ce415aa60caaf8b1c9b0b71fff8d26263daca Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Mon, 25 Apr 2022 17:59:15 +0200
-Subject: [PATCH 4/4] openssl: don't leak the SRP credentials in redirects
- either
-
-Follow-up to 620ea21410030
-
-Reported-by: Harry Sintonen
-Closes #8751
-
-Upstream-commit: 139a54ed0a172adaaf1a78d6f4fff50b2c3f9e08
-Signed-off-by: Kamil Dudka <kdudka@redhat.com>
----
- lib/http.c         | 10 +++++-----
- lib/http.h         |  6 ++++++
- lib/vtls/openssl.c |  3 ++-
- 3 files changed, 13 insertions(+), 6 deletions(-)
-
-diff --git a/lib/http.c b/lib/http.c
-index 0791dcf..4433824 100644
---- a/lib/http.c
-+++ b/lib/http.c
-@@ -776,10 +776,10 @@ output_auth_headers(struct Curl_easy *data,
- }
- 
- /*
-- * allow_auth_to_host() tells if autentication, cookies or other "sensitive
-- * data" can (still) be sent to this host.
-+ * Curl_allow_auth_to_host() tells if authentication, cookies or other
-+ * "sensitive data" can (still) be sent to this host.
-  */
--static bool allow_auth_to_host(struct Curl_easy *data)
-+bool Curl_allow_auth_to_host(struct Curl_easy *data)
- {
-   struct connectdata *conn = data->conn;
-   return (!data->state.this_is_a_follow ||
-@@ -864,7 +864,7 @@ Curl_http_output_auth(struct Curl_easy *data,
- 
-   /* To prevent the user+password to get sent to other than the original host
-      due to a location-follow */
--  if(allow_auth_to_host(data)
-+  if(Curl_allow_auth_to_host(data)
- #ifndef CURL_DISABLE_NETRC
-      || conn->bits.netrc
- #endif
-@@ -1925,7 +1925,7 @@ CURLcode Curl_add_custom_headers(struct Curl_easy *data,
-                    checkprefix("Cookie:", compare)) &&
-                   /* be careful of sending this potentially sensitive header to
-                      other hosts */
--                  !allow_auth_to_host(data))
-+                  !Curl_allow_auth_to_host(data))
-             ;
-           else {
- #ifdef USE_HYPER
-diff --git a/lib/http.h b/lib/http.h
-index 07e963d..9000bae 100644
---- a/lib/http.h
-+++ b/lib/http.h
-@@ -319,4 +319,10 @@ Curl_http_output_auth(struct Curl_easy *data,
-                       bool proxytunnel); /* TRUE if this is the request setting
-                                             up the proxy tunnel */
- 
-+/*
-+ * Curl_allow_auth_to_host() tells if authentication, cookies or other
-+ * "sensitive data" can (still) be sent to this host.
-+ */
-+bool Curl_allow_auth_to_host(struct Curl_easy *data);
-+
- #endif /* HEADER_CURL_HTTP_H */
-diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
-index 1bafe96..97c5666 100644
---- a/lib/vtls/openssl.c
-+++ b/lib/vtls/openssl.c
-@@ -2869,7 +2869,8 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data,
- #endif
- 
- #ifdef USE_OPENSSL_SRP
--  if(ssl_authtype == CURL_TLSAUTH_SRP) {
-+  if((ssl_authtype == CURL_TLSAUTH_SRP) &&
-+     Curl_allow_auth_to_host(data)) {
-     char * const ssl_username = SSL_SET_OPTION(username);
- 
-     infof(data, "Using TLS-SRP username: %s", ssl_username);
--- 
-2.34.1
-

0009-curl-7.82.0-CVE-2022-27782.patch

@@ -1,566 +0,0 @@
-From 50481ac42b4beae6ea85345e37b051124ac00f11 Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Fri, 28 Jan 2022 16:48:38 +0100
-Subject: [PATCH 1/3] setopt: fix the TLSAUTH #ifdefs for proxy-disabled builds
-
-Closes #8350
-
-Upstream-commit: 96629ba2c212cda2bd1b7b04e2a9fc01ef70b75d
-Signed-off-by: Kamil Dudka <kdudka@redhat.com>
----
- lib/setopt.c | 10 +++++-----
- 1 file changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/lib/setopt.c b/lib/setopt.c
-index 08827d1..9eaa187 100644
---- a/lib/setopt.c
-+++ b/lib/setopt.c
-@@ -5,7 +5,7 @@
-  *                            | (__| |_| |  _ <| |___
-  *                             \___|\___/|_| \_\_____|
-  *
-- * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
-+ * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
-  *
-  * This software is licensed as described in the file COPYING, which
-  * you should have received as part of this distribution. The terms
-@@ -2743,30 +2743,30 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
-     if(data->set.str[STRING_TLSAUTH_USERNAME] && !data->set.ssl.authtype)
-       data->set.ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */
-     break;
-+#ifndef CURL_DISABLE_PROXY
-   case CURLOPT_PROXY_TLSAUTH_USERNAME:
-     result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_USERNAME_PROXY],
-                             va_arg(param, char *));
--#ifndef CURL_DISABLE_PROXY
-     if(data->set.str[STRING_TLSAUTH_USERNAME_PROXY] &&
-        !data->set.proxy_ssl.authtype)
-       data->set.proxy_ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */
--#endif
-     break;
-+#endif
-   case CURLOPT_TLSAUTH_PASSWORD:
-     result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_PASSWORD],
-                             va_arg(param, char *));
-     if(data->set.str[STRING_TLSAUTH_USERNAME] && !data->set.ssl.authtype)
-       data->set.ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */
-     break;
-+#ifndef CURL_DISABLE_PROXY
-   case CURLOPT_PROXY_TLSAUTH_PASSWORD:
-     result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_PASSWORD_PROXY],
-                             va_arg(param, char *));
--#ifndef CURL_DISABLE_PROXY
-     if(data->set.str[STRING_TLSAUTH_USERNAME_PROXY] &&
-        !data->set.proxy_ssl.authtype)
-       data->set.proxy_ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */
--#endif
-     break;
-+#endif
-   case CURLOPT_TLSAUTH_TYPE:
-     argptr = va_arg(param, char *);
-     if(!argptr ||
--- 
-2.34.1
-
-
-From 931fbabcae0b5d1a91657e6bb85f4f23fce7ac3d Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Mon, 9 May 2022 23:13:53 +0200
-Subject: [PATCH 2/3] tls: check more TLS details for connection reuse
-
-CVE-2022-27782
-
-Reported-by: Harry Sintonen
-Bug: https://curl.se/docs/CVE-2022-27782.html
-Closes #8825
-
-Upstream-commit: f18af4f874cecab82a9797e8c7541e0990c7a64c
-Signed-off-by: Kamil Dudka <kdudka@redhat.com>
----
- lib/setopt.c       | 29 +++++++++++++++++------------
- lib/url.c          | 23 ++++++++++++++++-------
- lib/urldata.h      | 13 +++++++------
- lib/vtls/gtls.c    | 19 ++++++++++---------
- lib/vtls/mbedtls.c |  2 +-
- lib/vtls/nss.c     |  6 +++---
- lib/vtls/openssl.c | 10 +++++-----
- lib/vtls/vtls.c    | 21 +++++++++++++++++++++
- 8 files changed, 80 insertions(+), 43 deletions(-)
-
-diff --git a/lib/setopt.c b/lib/setopt.c
-index 8e1bf12..7aa6fdb 100644
---- a/lib/setopt.c
-+++ b/lib/setopt.c
-@@ -2311,6 +2311,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
- 
-   case CURLOPT_SSL_OPTIONS:
-     arg = va_arg(param, long);
-+    data->set.ssl.primary.ssl_options = (unsigned char)(arg & 0xff);
-     data->set.ssl.enable_beast = !!(arg & CURLSSLOPT_ALLOW_BEAST);
-     data->set.ssl.no_revoke = !!(arg & CURLSSLOPT_NO_REVOKE);
-     data->set.ssl.no_partialchain = !!(arg & CURLSSLOPT_NO_PARTIALCHAIN);
-@@ -2324,6 +2325,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
- #ifndef CURL_DISABLE_PROXY
-   case CURLOPT_PROXY_SSL_OPTIONS:
-     arg = va_arg(param, long);
-+    data->set.proxy_ssl.primary.ssl_options = (unsigned char)(arg & 0xff);
-     data->set.proxy_ssl.enable_beast = !!(arg & CURLSSLOPT_ALLOW_BEAST);
-     data->set.proxy_ssl.no_revoke = !!(arg & CURLSSLOPT_NO_REVOKE);
-     data->set.proxy_ssl.no_partialchain = !!(arg & CURLSSLOPT_NO_PARTIALCHAIN);
-@@ -2740,49 +2742,52 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
-   case CURLOPT_TLSAUTH_USERNAME:
-     result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_USERNAME],
-                             va_arg(param, char *));
--    if(data->set.str[STRING_TLSAUTH_USERNAME] && !data->set.ssl.authtype)
--      data->set.ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */
-+    if(data->set.str[STRING_TLSAUTH_USERNAME] &&
-+       !data->set.ssl.primary.authtype)
-+      data->set.ssl.primary.authtype = CURL_TLSAUTH_SRP; /* default to SRP */
-     break;
- #ifndef CURL_DISABLE_PROXY
-   case CURLOPT_PROXY_TLSAUTH_USERNAME:
-     result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_USERNAME_PROXY],
-                             va_arg(param, char *));
-     if(data->set.str[STRING_TLSAUTH_USERNAME_PROXY] &&
--       !data->set.proxy_ssl.authtype)
--      data->set.proxy_ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */
-+       !data->set.proxy_ssl.primary.authtype)
-+      data->set.proxy_ssl.primary.authtype = CURL_TLSAUTH_SRP; /* default to
-+                                                                  SRP */
-     break;
- #endif
-   case CURLOPT_TLSAUTH_PASSWORD:
-     result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_PASSWORD],
-                             va_arg(param, char *));
--    if(data->set.str[STRING_TLSAUTH_USERNAME] && !data->set.ssl.authtype)
--      data->set.ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */
-+    if(data->set.str[STRING_TLSAUTH_USERNAME] &&
-+       !data->set.ssl.primary.authtype)
-+      data->set.ssl.primary.authtype = CURL_TLSAUTH_SRP; /* default */
-     break;
- #ifndef CURL_DISABLE_PROXY
-   case CURLOPT_PROXY_TLSAUTH_PASSWORD:
-     result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_PASSWORD_PROXY],
-                             va_arg(param, char *));
-     if(data->set.str[STRING_TLSAUTH_USERNAME_PROXY] &&
--       !data->set.proxy_ssl.authtype)
--      data->set.proxy_ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */
-+       !data->set.proxy_ssl.primary.authtype)
-+      data->set.proxy_ssl.primary.authtype = CURL_TLSAUTH_SRP; /* default */
-     break;
- #endif
-   case CURLOPT_TLSAUTH_TYPE:
-     argptr = va_arg(param, char *);
-     if(!argptr ||
-        strncasecompare(argptr, "SRP", strlen("SRP")))
--      data->set.ssl.authtype = CURL_TLSAUTH_SRP;
-+      data->set.ssl.primary.authtype = CURL_TLSAUTH_SRP;
-     else
--      data->set.ssl.authtype = CURL_TLSAUTH_NONE;
-+      data->set.ssl.primary.authtype = CURL_TLSAUTH_NONE;
-     break;
- #ifndef CURL_DISABLE_PROXY
-   case CURLOPT_PROXY_TLSAUTH_TYPE:
-     argptr = va_arg(param, char *);
-     if(!argptr ||
-        strncasecompare(argptr, "SRP", strlen("SRP")))
--      data->set.proxy_ssl.authtype = CURL_TLSAUTH_SRP;
-+      data->set.proxy_ssl.primary.authtype = CURL_TLSAUTH_SRP;
-     else
--      data->set.proxy_ssl.authtype = CURL_TLSAUTH_NONE;
-+      data->set.proxy_ssl.primary.authtype = CURL_TLSAUTH_NONE;
-     break;
- #endif
- #endif
-diff --git a/lib/url.c b/lib/url.c
-index 94e3406..5ebf5e2 100644
---- a/lib/url.c
-+++ b/lib/url.c
-@@ -547,7 +547,7 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data)
-   set->ssl.primary.verifypeer = TRUE;
-   set->ssl.primary.verifyhost = TRUE;
- #ifdef USE_TLS_SRP
--  set->ssl.authtype = CURL_TLSAUTH_NONE;
-+  set->ssl.primary.authtype = CURL_TLSAUTH_NONE;
- #endif
-   set->ssh_auth_types = CURLSSH_AUTH_DEFAULT; /* defaults to any auth
-                                                       type */
-@@ -1748,11 +1748,17 @@ static struct connectdata *allocate_conn(struct Curl_easy *data)
-   conn->ssl_config.verifystatus = data->set.ssl.primary.verifystatus;
-   conn->ssl_config.verifypeer = data->set.ssl.primary.verifypeer;
-   conn->ssl_config.verifyhost = data->set.ssl.primary.verifyhost;
-+  conn->ssl_config.ssl_options = data->set.ssl.primary.ssl_options;
-+#ifdef USE_TLS_SRP
-+#endif
- #ifndef CURL_DISABLE_PROXY
-   conn->proxy_ssl_config.verifystatus =
-     data->set.proxy_ssl.primary.verifystatus;
-   conn->proxy_ssl_config.verifypeer = data->set.proxy_ssl.primary.verifypeer;
-   conn->proxy_ssl_config.verifyhost = data->set.proxy_ssl.primary.verifyhost;
-+  conn->proxy_ssl_config.ssl_options = data->set.proxy_ssl.primary.ssl_options;
-+#ifdef USE_TLS_SRP
-+#endif
- #endif
-   conn->ip_version = data->set.ipver;
-   conn->bits.connect_only = data->set.connect_only;
-@@ -3809,7 +3815,8 @@ static CURLcode create_conn(struct Curl_easy *data,
-     data->set.str[STRING_SSL_ISSUERCERT_PROXY];
-   data->set.proxy_ssl.primary.issuercert_blob =
-     data->set.blobs[BLOB_SSL_ISSUERCERT_PROXY];
--  data->set.proxy_ssl.CRLfile = data->set.str[STRING_SSL_CRLFILE_PROXY];
-+  data->set.proxy_ssl.primary.CRLfile =
-+    data->set.str[STRING_SSL_CRLFILE_PROXY];
-   data->set.proxy_ssl.cert_type = data->set.str[STRING_CERT_TYPE_PROXY];
-   data->set.proxy_ssl.key = data->set.str[STRING_KEY_PROXY];
-   data->set.proxy_ssl.key_type = data->set.str[STRING_KEY_TYPE_PROXY];
-@@ -3817,18 +3824,20 @@ static CURLcode create_conn(struct Curl_easy *data,
-   data->set.proxy_ssl.primary.clientcert = data->set.str[STRING_CERT_PROXY];
-   data->set.proxy_ssl.key_blob = data->set.blobs[BLOB_KEY_PROXY];
- #endif
--  data->set.ssl.CRLfile = data->set.str[STRING_SSL_CRLFILE];
-+  data->set.ssl.primary.CRLfile = data->set.str[STRING_SSL_CRLFILE];
-   data->set.ssl.cert_type = data->set.str[STRING_CERT_TYPE];
-   data->set.ssl.key = data->set.str[STRING_KEY];
-   data->set.ssl.key_type = data->set.str[STRING_KEY_TYPE];
-   data->set.ssl.key_passwd = data->set.str[STRING_KEY_PASSWD];
-   data->set.ssl.primary.clientcert = data->set.str[STRING_CERT];
- #ifdef USE_TLS_SRP
--  data->set.ssl.username = data->set.str[STRING_TLSAUTH_USERNAME];
--  data->set.ssl.password = data->set.str[STRING_TLSAUTH_PASSWORD];
-+  data->set.ssl.primary.username = data->set.str[STRING_TLSAUTH_USERNAME];
-+  data->set.ssl.primary.password = data->set.str[STRING_TLSAUTH_PASSWORD];
- #ifndef CURL_DISABLE_PROXY
--  data->set.proxy_ssl.username = data->set.str[STRING_TLSAUTH_USERNAME_PROXY];
--  data->set.proxy_ssl.password = data->set.str[STRING_TLSAUTH_PASSWORD_PROXY];
-+  data->set.proxy_ssl.primary.username =
-+    data->set.str[STRING_TLSAUTH_USERNAME_PROXY];
-+  data->set.proxy_ssl.primary.password =
-+    data->set.str[STRING_TLSAUTH_PASSWORD_PROXY];
- #endif
- #endif
-   data->set.ssl.key_blob = data->set.blobs[BLOB_KEY];
-diff --git a/lib/urldata.h b/lib/urldata.h
-index 5218f76..e006495 100644
---- a/lib/urldata.h
-+++ b/lib/urldata.h
-@@ -253,10 +253,17 @@ struct ssl_primary_config {
-   char *cipher_list;     /* list of ciphers to use */
-   char *cipher_list13;   /* list of TLS 1.3 cipher suites to use */
-   char *pinned_key;
-+  char *CRLfile;         /* CRL to check certificate revocation */
-   struct curl_blob *cert_blob;
-   struct curl_blob *ca_info_blob;
-   struct curl_blob *issuercert_blob;
-+#ifdef USE_TLS_SRP
-+  char *username; /* TLS username (for, e.g., SRP) */
-+  char *password; /* TLS password (for, e.g., SRP) */
-+  enum CURL_TLSAUTH authtype; /* TLS authentication type (default SRP) */
-+#endif
-   char *curves;          /* list of curves to use */
-+  unsigned char ssl_options;  /* the CURLOPT_SSL_OPTIONS bitmask */
-   BIT(verifypeer);       /* set TRUE if this is desired */
-   BIT(verifyhost);       /* set TRUE if CN/SAN must match hostname */
-   BIT(verifystatus);     /* set TRUE if certificate status must be checked */
-@@ -266,7 +273,6 @@ struct ssl_primary_config {
- struct ssl_config_data {
-   struct ssl_primary_config primary;
-   long certverifyresult; /* result from the certificate verification */
--  char *CRLfile;   /* CRL to check certificate revocation */
-   curl_ssl_ctx_callback fsslctx; /* function to initialize ssl ctx */
-   void *fsslctxp;        /* parameter for call back */
-   char *cert_type; /* format for certificate (default: PEM)*/
-@@ -274,11 +280,6 @@ struct ssl_config_data {
-   struct curl_blob *key_blob;
-   char *key_type; /* format for private key (default: PEM) */
-   char *key_passwd; /* plain text private key password */
--#ifdef USE_TLS_SRP
--  char *username; /* TLS username (for, e.g., SRP) */
--  char *password; /* TLS password (for, e.g., SRP) */
--  enum CURL_TLSAUTH authtype; /* TLS authentication type (default SRP) */
--#endif
-   BIT(certinfo);     /* gather lots of certificate info */
-   BIT(falsestart);
-   BIT(enable_beast); /* allow this flaw for interoperability's sake*/
-diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
-index 5749376..ec6be16 100644
---- a/lib/vtls/gtls.c
-+++ b/lib/vtls/gtls.c
-@@ -443,8 +443,8 @@ gtls_connect_step1(struct Curl_easy *data,
-     }
- 
-     rc = gnutls_srp_set_client_credentials(backend->srp_client_cred,
--                                           SSL_SET_OPTION(username),
--                                           SSL_SET_OPTION(password));
-+                                           SSL_SET_OPTION(primary.username),
-+                                           SSL_SET_OPTION(primary.password));
-     if(rc != GNUTLS_E_SUCCESS) {
-       failf(data, "gnutls_srp_set_client_cred() failed: %s",
-             gnutls_strerror(rc));
-@@ -500,19 +500,19 @@ gtls_connect_step1(struct Curl_easy *data,
-   }
- #endif
- 
--  if(SSL_SET_OPTION(CRLfile)) {
-+  if(SSL_SET_OPTION(primary.CRLfile)) {
-     /* set the CRL list file */
-     rc = gnutls_certificate_set_x509_crl_file(backend->cred,
--                                              SSL_SET_OPTION(CRLfile),
-+                                              SSL_SET_OPTION(primary.CRLfile),
-                                               GNUTLS_X509_FMT_PEM);
-     if(rc < 0) {
-       failf(data, "error reading crl file %s (%s)",
--            SSL_SET_OPTION(CRLfile), gnutls_strerror(rc));
-+            SSL_SET_OPTION(primary.CRLfile), gnutls_strerror(rc));
-       return CURLE_SSL_CRL_BADFILE;
-     }
-     else
-       infof(data, "found %d CRL in %s",
--            rc, SSL_SET_OPTION(CRLfile));
-+            rc, SSL_SET_OPTION(primary.CRLfile));
-   }
- 
-   /* Initialize TLS session as a client */
-@@ -585,7 +585,7 @@ gtls_connect_step1(struct Curl_easy *data,
- #ifdef HAVE_GNUTLS_SRP
-   /* Only add SRP to the cipher list if SRP is requested. Otherwise
-    * GnuTLS will disable TLS 1.3 support. */
--  if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP) {
-+  if(SSL_SET_OPTION(primary.authtype) == CURL_TLSAUTH_SRP) {
-     size_t len = strlen(prioritylist);
- 
-     char *prioritysrp = malloc(len + sizeof(GNUTLS_SRP) + 1);
-@@ -677,7 +677,7 @@ gtls_connect_step1(struct Curl_easy *data,
- 
- #ifdef HAVE_GNUTLS_SRP
-   /* put the credentials to the current session */
--  if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP) {
-+  if(SSL_SET_OPTION(primary.authtype) == CURL_TLSAUTH_SRP) {
-     rc = gnutls_credentials_set(session, GNUTLS_CRD_SRP,
-                                 backend->srp_client_cred);
-     if(rc != GNUTLS_E_SUCCESS) {
-@@ -917,7 +917,8 @@ gtls_connect_step3(struct Curl_easy *data,
-         failf(data, "server certificate verification failed. CAfile: %s "
-               "CRLfile: %s", SSL_CONN_CONFIG(CAfile) ? SSL_CONN_CONFIG(CAfile):
-               "none",
--              SSL_SET_OPTION(CRLfile)?SSL_SET_OPTION(CRLfile):"none");
-+              SSL_SET_OPTION(primary.CRLfile) ?
-+              SSL_SET_OPTION(primary.CRLfile) : "none");
-         return CURLE_PEER_FAILED_VERIFICATION;
-       }
-       else
-diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c
-index b9fd26a..bd4ad8f 100644
---- a/lib/vtls/mbedtls.c
-+++ b/lib/vtls/mbedtls.c
-@@ -275,7 +275,7 @@ mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn,
-   const char * const ssl_capath = SSL_CONN_CONFIG(CApath);
-   char * const ssl_cert = SSL_SET_OPTION(primary.clientcert);
-   const struct curl_blob *ssl_cert_blob = SSL_SET_OPTION(primary.cert_blob);
--  const char * const ssl_crlfile = SSL_SET_OPTION(CRLfile);
-+  const char * const ssl_crlfile = SSL_SET_OPTION(primary.CRLfile);
-   const char * const hostname = SSL_HOST_NAME();
- #ifndef CURL_DISABLE_VERBOSE_STRINGS
-   const long int port = SSL_HOST_PORT();
-diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
-index 558e3be..892e7d8 100644
---- a/lib/vtls/nss.c
-+++ b/lib/vtls/nss.c
-@@ -1986,13 +1986,13 @@ static CURLcode nss_setup_connect(struct Curl_easy *data,
-     }
-   }
- 
--  if(SSL_SET_OPTION(CRLfile)) {
--    const CURLcode rv = nss_load_crl(SSL_SET_OPTION(CRLfile));
-+  if(SSL_SET_OPTION(primary.CRLfile)) {
-+    const CURLcode rv = nss_load_crl(SSL_SET_OPTION(primary.CRLfile));
-     if(rv) {
-       result = rv;
-       goto error;
-     }
--    infof(data, "  CRLfile: %s", SSL_SET_OPTION(CRLfile));
-+    infof(data, "  CRLfile: %s", SSL_SET_OPTION(primary.CRLfile));
-   }
- 
-   if(SSL_SET_OPTION(primary.clientcert)) {
-diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
-index 97c5666..a4ef9d1 100644
---- a/lib/vtls/openssl.c
-+++ b/lib/vtls/openssl.c
-@@ -2609,7 +2609,7 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data,
- #endif
-   const long int ssl_version = SSL_CONN_CONFIG(version);
- #ifdef USE_OPENSSL_SRP
--  const enum CURL_TLSAUTH ssl_authtype = SSL_SET_OPTION(authtype);
-+  const enum CURL_TLSAUTH ssl_authtype = SSL_SET_OPTION(primary.authtype);
- #endif
-   char * const ssl_cert = SSL_SET_OPTION(primary.clientcert);
-   const struct curl_blob *ssl_cert_blob = SSL_SET_OPTION(primary.cert_blob);
-@@ -2620,7 +2620,7 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data,
-     (ca_info_blob ? NULL : SSL_CONN_CONFIG(CAfile));
-   const char * const ssl_capath = SSL_CONN_CONFIG(CApath);
-   const bool verifypeer = SSL_CONN_CONFIG(verifypeer);
--  const char * const ssl_crlfile = SSL_SET_OPTION(CRLfile);
-+  const char * const ssl_crlfile = SSL_SET_OPTION(primary.CRLfile);
-   char error_buffer[256];
-   struct ssl_backend_data *backend = connssl->backend;
-   bool imported_native_ca = false;
-@@ -2871,15 +2871,15 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data,
- #ifdef USE_OPENSSL_SRP
-   if((ssl_authtype == CURL_TLSAUTH_SRP) &&
-      Curl_allow_auth_to_host(data)) {
--    char * const ssl_username = SSL_SET_OPTION(username);
--
-+    char * const ssl_username = SSL_SET_OPTION(primary.username);
-+    char * const ssl_password = SSL_SET_OPTION(primary.password);
-     infof(data, "Using TLS-SRP username: %s", ssl_username);
- 
-     if(!SSL_CTX_set_srp_username(backend->ctx, ssl_username)) {
-       failf(data, "Unable to set SRP user name");
-       return CURLE_BAD_FUNCTION_ARGUMENT;
-     }
--    if(!SSL_CTX_set_srp_password(backend->ctx, SSL_SET_OPTION(password))) {
-+    if(!SSL_CTX_set_srp_password(backend->ctx, ssl_password)) {
-       failf(data, "failed setting SRP password");
-       return CURLE_BAD_FUNCTION_ARGUMENT;
-     }
-diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c
-index a40ac06..e2d3438 100644
---- a/lib/vtls/vtls.c
-+++ b/lib/vtls/vtls.c
-@@ -132,6 +132,7 @@ Curl_ssl_config_matches(struct ssl_primary_config *data,
- {
-   if((data->version == needle->version) &&
-      (data->version_max == needle->version_max) &&
-+     (data->ssl_options == needle->ssl_options) &&
-      (data->verifypeer == needle->verifypeer) &&
-      (data->verifyhost == needle->verifyhost) &&
-      (data->verifystatus == needle->verifystatus) &&
-@@ -144,9 +145,15 @@ Curl_ssl_config_matches(struct ssl_primary_config *data,
-      Curl_safecmp(data->clientcert, needle->clientcert) &&
-      Curl_safecmp(data->random_file, needle->random_file) &&
-      Curl_safecmp(data->egdsocket, needle->egdsocket) &&
-+#ifdef USE_TLS_SRP
-+     Curl_safecmp(data->username, needle->username) &&
-+     Curl_safecmp(data->password, needle->password) &&
-+     (data->authtype == needle->authtype) &&
-+#endif
-      Curl_safe_strcasecompare(data->cipher_list, needle->cipher_list) &&
-      Curl_safe_strcasecompare(data->cipher_list13, needle->cipher_list13) &&
-      Curl_safe_strcasecompare(data->curves, needle->curves) &&
-+     Curl_safe_strcasecompare(data->CRLfile, needle->CRLfile) &&
-      Curl_safe_strcasecompare(data->pinned_key, needle->pinned_key))
-     return TRUE;
- 
-@@ -163,6 +170,10 @@ Curl_clone_primary_ssl_config(struct ssl_primary_config *source,
-   dest->verifyhost = source->verifyhost;
-   dest->verifystatus = source->verifystatus;
-   dest->sessionid = source->sessionid;
-+  dest->ssl_options = source->ssl_options;
-+#ifdef USE_TLS_SRP
-+  dest->authtype = source->authtype;
-+#endif
- 
-   CLONE_BLOB(cert_blob);
-   CLONE_BLOB(ca_info_blob);
-@@ -177,6 +188,11 @@ Curl_clone_primary_ssl_config(struct ssl_primary_config *source,
-   CLONE_STRING(cipher_list13);
-   CLONE_STRING(pinned_key);
-   CLONE_STRING(curves);
-+  CLONE_STRING(CRLfile);
-+#ifdef USE_TLS_SRP
-+  CLONE_STRING(username);
-+  CLONE_STRING(password);
-+#endif
- 
-   return TRUE;
- }
-@@ -196,6 +212,11 @@ void Curl_free_primary_ssl_config(struct ssl_primary_config *sslc)
-   Curl_safefree(sslc->ca_info_blob);
-   Curl_safefree(sslc->issuercert_blob);
-   Curl_safefree(sslc->curves);
-+  Curl_safefree(sslc->CRLfile);
-+#ifdef USE_TLS_SRP
-+  Curl_safefree(sslc->username);
-+  Curl_safefree(sslc->password);
-+#endif
- }
- 
- #ifdef USE_SSL
--- 
-2.34.1
-
-
-From 5e9832048b30492e02dd222cd8bfe997e03cffa1 Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Mon, 9 May 2022 23:13:53 +0200
-Subject: [PATCH 3/3] url: check SSH config match on connection reuse
-
-CVE-2022-27782
-
-Reported-by: Harry Sintonen
-Bug: https://curl.se/docs/CVE-2022-27782.html
-Closes #8825
-
-Upstream-commit: 1645e9b44505abd5cbaf65da5282c3f33b5924a5
-Signed-off-by: Kamil Dudka <kdudka@redhat.com>
----
- lib/url.c      | 11 +++++++++++
- lib/vssh/ssh.h |  6 +++---
- 2 files changed, 14 insertions(+), 3 deletions(-)
-
-diff --git a/lib/url.c b/lib/url.c
-index 5ebf5e2..c713e54 100644
---- a/lib/url.c
-+++ b/lib/url.c
-@@ -1089,6 +1089,12 @@ static void prune_dead_connections(struct Curl_easy *data)
-   }
- }
- 
-+static bool ssh_config_matches(struct connectdata *one,
-+                               struct connectdata *two)
-+{
-+  return (Curl_safecmp(one->proto.sshc.rsa, two->proto.sshc.rsa) &&
-+          Curl_safecmp(one->proto.sshc.rsa_pub, two->proto.sshc.rsa_pub));
-+}
- /*
-  * Given one filled in connection struct (named needle), this function should
-  * detect if there already is one that has all the significant details
-@@ -1348,6 +1354,11 @@ ConnectionExists(struct Curl_easy *data,
-          (data->state.httpwant < CURL_HTTP_VERSION_2_0))
-         continue;
- 
-+      if(get_protocol_family(needle->handler) == PROTO_FAMILY_SSH) {
-+        if(!ssh_config_matches(needle, check))
-+          continue;
-+      }
-+
-       if((needle->handler->flags&PROTOPT_SSL)
- #ifndef CURL_DISABLE_PROXY
-          || !needle->bits.httpproxy || needle->bits.tunnel_proxy
-diff --git a/lib/vssh/ssh.h b/lib/vssh/ssh.h
-index 7972081..30d82e5 100644
---- a/lib/vssh/ssh.h
-+++ b/lib/vssh/ssh.h
-@@ -7,7 +7,7 @@
-  *                            | (__| |_| |  _ <| |___
-  *                             \___|\___/|_| \_\_____|
-  *
-- * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
-+ * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
-  *
-  * This software is licensed as described in the file COPYING, which
-  * you should have received as part of this distribution. The terms
-@@ -131,8 +131,8 @@ struct ssh_conn {
- 
-   /* common */
-   const char *passphrase;     /* pass-phrase to use */
--  char *rsa_pub;              /* path name */
--  char *rsa;                  /* path name */
-+  char *rsa_pub;              /* strdup'ed public key file */
-+  char *rsa;                  /* strdup'ed private key file */
-   bool authed;                /* the connection has been authenticated fine */
-   bool acceptfail;            /* used by the SFTP_QUOTE (continue if
-                                  quote command fails) */
--- 
-2.34.1
-

0010-curl-7.82.0-CVE-2022-32208.patch

@@ -1,70 +0,0 @@
-From d36661703e16bd740a3a928041b1e697a6617b98 Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Thu, 9 Jun 2022 09:27:24 +0200
-Subject: [PATCH] krb5: return error properly on decode errors
-
-Bug: https://curl.se/docs/CVE-2022-32208.html
-CVE-2022-32208
-Reported-by: Harry Sintonen
-Closes #9051
-
-Upstream-commit: 6ecdf5136b52af747e7bda08db9a748256b1cd09
-Signed-off-by: Kamil Dudka <kdudka@redhat.com>
----
- lib/krb5.c | 18 +++++++++++-------
- 1 file changed, 11 insertions(+), 7 deletions(-)
-
-diff --git a/lib/krb5.c b/lib/krb5.c
-index 787137c..6f9e1f7 100644
---- a/lib/krb5.c
-+++ b/lib/krb5.c
-@@ -146,11 +146,8 @@ krb5_decode(void *app_data, void *buf, int len,
-   enc.value = buf;
-   enc.length = len;
-   maj = gss_unwrap(&min, *context, &enc, &dec, NULL, NULL);
--  if(maj != GSS_S_COMPLETE) {
--    if(len >= 4)
--      strcpy(buf, "599 ");
-+  if(maj != GSS_S_COMPLETE)
-     return -1;
--  }
- 
-   memcpy(buf, dec.value, dec.length);
-   len = curlx_uztosi(dec.length);
-@@ -512,6 +509,7 @@ static CURLcode read_data(struct connectdata *conn,
- {
-   int len;
-   CURLcode result;
-+  int nread;
- 
-   result = socket_read(fd, &len, sizeof(len));
-   if(result)
-@@ -520,7 +518,10 @@ static CURLcode read_data(struct connectdata *conn,
-   if(len) {
-     /* only realloc if there was a length */
-     len = ntohl(len);
--    buf->data = Curl_saferealloc(buf->data, len);
-+    if(len > CURL_MAX_INPUT_LENGTH)
-+      len = 0;
-+    else
-+      buf->data = Curl_saferealloc(buf->data, len);
-   }
-   if(!len || !buf->data)
-     return CURLE_OUT_OF_MEMORY;
-@@ -528,8 +529,11 @@ static CURLcode read_data(struct connectdata *conn,
-   result = socket_read(fd, buf->data, len);
-   if(result)
-     return result;
--  buf->size = conn->mech->decode(conn->app_data, buf->data, len,
--                                 conn->data_prot, conn);
-+  nread = conn->mech->decode(conn->app_data, buf->data, len,
-+                             conn->data_prot, conn);
-+  if(nread < 0)
-+    return CURLE_RECV_ERROR;
-+  buf->size = (size_t)nread;
-   buf->index = 0;
-   return CURLE_OK;
- }
--- 
-2.35.3
-

0011-curl-7.82.0-CVE-2022-32206.patch

@@ -1,144 +0,0 @@
-From 24dedf9b260eebb7feae6fc273208b551fe54a79 Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Mon, 16 May 2022 16:28:13 +0200
-Subject: [PATCH 1/2] content_encoding: return error on too many compression
- steps
-
-The max allowed steps is arbitrarily set to 5.
-
-Bug: https://curl.se/docs/CVE-2022-32206.html
-CVE-2022-32206
-Reported-by: Harry Sintonen
-Closes #9049
-
-Upstream-commit: 3a09fbb7f264c67c438d01a30669ce325aa508e2
-Signed-off-by: Kamil Dudka <kdudka@redhat.com>
----
- lib/content_encoding.c | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/lib/content_encoding.c b/lib/content_encoding.c
-index c03637a..6f994b3 100644
---- a/lib/content_encoding.c
-+++ b/lib/content_encoding.c
-@@ -1025,12 +1025,16 @@ static const struct content_encoding *find_encoding(const char *name,
-   return NULL;
- }
- 
-+/* allow no more than 5 "chained" compression steps */
-+#define MAX_ENCODE_STACK 5
-+
- /* Set-up the unencoding stack from the Content-Encoding header value.
-  * See RFC 7231 section 3.1.2.2. */
- CURLcode Curl_build_unencoding_stack(struct Curl_easy *data,
-                                      const char *enclist, int maybechunked)
- {
-   struct SingleRequest *k = &data->req;
-+  int counter = 0;
- 
-   do {
-     const char *name;
-@@ -1065,6 +1069,11 @@ CURLcode Curl_build_unencoding_stack(struct Curl_easy *data,
-       if(!encoding)
-         encoding = &error_encoding;  /* Defer error at stack use. */
- 
-+      if(++counter >= MAX_ENCODE_STACK) {
-+        failf(data, "Reject response due to %u content encodings",
-+              counter);
-+        return CURLE_BAD_CONTENT_ENCODING;
-+      }
-       /* Stack the unencoding stage. */
-       writer = new_unencoding_writer(data, encoding, k->writer_stack);
-       if(!writer)
--- 
-2.35.3
-
-
-From b3cd74f01871281f0989860e04c546d896f0e72f Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Mon, 16 May 2022 16:29:07 +0200
-Subject: [PATCH 2/2] test387: verify rejection of compression chain attack
-
-Upstream-commit: 7230b19a2e17a164f61f82e4e409a9777ea2421a
-Signed-off-by: Kamil Dudka <kdudka@redhat.com>
----
- tests/data/Makefile.inc |  2 +-
- tests/data/test387      | 53 +++++++++++++++++++++++++++++++++++++++++
- 2 files changed, 54 insertions(+), 1 deletion(-)
- create mode 100644 tests/data/test387
-
-diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
-index 98d5516..9b5f4fb 100644
---- a/tests/data/Makefile.inc
-+++ b/tests/data/Makefile.inc
-@@ -61,7 +61,7 @@ test334 test335 test336 test337 test338 test339 test340 test341 test342 \
- test343 test344 test345 test346 test347 test348 test349 test350 test351 \
- test352 test353 test354 test355 test356 test357 test358 test359 test360 \
- test361 test362 test363 test364 test365 test366 \
--\
-+test387 \
- test392 test393 test394 test395 test396 test397 \
- \
- test400 test401 test402 test403 test404 test405 test406 test407 test408 \
-diff --git a/tests/data/test387 b/tests/data/test387
-new file mode 100644
-index 0000000..015ec25
---- /dev/null
-+++ b/tests/data/test387
-@@ -0,0 +1,53 @@
-+<testcase>
-+<info>
-+<keywords>
-+HTTP
-+gzip
-+</keywords>
-+</info>
-+
-+#
-+# Server-side
-+<reply>
-+<data nocheck="yes">
-+HTTP/1.1 200 OK
-+Transfer-Encoding: gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip
-+
-+-foo-
-+</data>
-+</reply>
-+
-+#
-+# Client-side
-+<client>
-+<server>
-+http
-+</server>
-+ <name>
-+Response with overly long compression chain
-+ </name>
-+ <command>
-+http://%HOSTIP:%HTTPPORT/%TESTNUMBER -sS
-+</command>
-+</client>
-+
-+#
-+# Verify data after the test has been "shot"
-+<verify>
-+<protocol>
-+GET /%TESTNUMBER HTTP/1.1
-+Host: %HOSTIP:%HTTPPORT
-+User-Agent: curl/%VERSION
-+Accept: */*
-+
-+</protocol>
-+
-+# CURLE_BAD_CONTENT_ENCODING is 61
-+<errorcode>
-+61
-+</errorcode>
-+<stderr mode="text">
-+curl: (61) Reject response due to 5 content encodings
-+</stderr>
-+</verify>
-+</testcase>
--- 
-2.35.3
-

0013-curl-7.82.0-CVE-2022-32207.patch

@@ -1,428 +0,0 @@
-From 36b47377c2d1a8d141d1ef810102748f27384f5c Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Wed, 25 May 2022 10:09:53 +0200
-Subject: [PATCH 1/3] fopen: add Curl_fopen() for better overwriting of files
-
-Bug: https://curl.se/docs/CVE-2022-32207.html
-CVE-2022-32207
-Reported-by: Harry Sintonen
-Closes #9050
-
-Upstream-commit: 20f9dd6bae50b7223171b17ba7798946e74f877f
-Signed-off-by: Kamil Dudka <kdudka@redhat.com>
----
- CMakeLists.txt          |   1 +
- configure.ac            |   1 +
- lib/Makefile.inc        |   2 +
- lib/cookie.c            |  19 ++-----
- lib/curl_config.h.cmake |   3 ++
- lib/fopen.c             | 113 ++++++++++++++++++++++++++++++++++++++++
- lib/fopen.h             |  30 +++++++++++
- 7 files changed, 154 insertions(+), 15 deletions(-)
- create mode 100644 lib/fopen.c
- create mode 100644 lib/fopen.h
-
-diff --git a/CMakeLists.txt b/CMakeLists.txt
-index b77de6d..a0bfaad 100644
---- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -1013,6 +1013,7 @@ elseif(HAVE_LIBSOCKET)
-   set(CMAKE_REQUIRED_LIBRARIES socket)
- endif()
- 
-+check_symbol_exists(fchmod        "${CURL_INCLUDES}" HAVE_FCHMOD)
- check_symbol_exists(basename      "${CURL_INCLUDES}" HAVE_BASENAME)
- check_symbol_exists(socket        "${CURL_INCLUDES}" HAVE_SOCKET)
- check_symbol_exists(select        "${CURL_INCLUDES}" HAVE_SELECT)
-diff --git a/configure.ac b/configure.ac
-index d431870..7433bb9 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -3320,6 +3320,7 @@ AC_CHECK_DECLS([getpwuid_r], [], [AC_DEFINE(HAVE_DECL_GETPWUID_R_MISSING, 1, "Se
- 
- 
- AC_CHECK_FUNCS([fnmatch \
-+  fchmod \
-   geteuid \
-   getpass_r \
-   getppid \
-diff --git a/lib/Makefile.inc b/lib/Makefile.inc
-index e8f110f..5139b03 100644
---- a/lib/Makefile.inc
-+++ b/lib/Makefile.inc
-@@ -131,6 +131,7 @@ LIB_CFILES =         \
-   escape.c           \
-   file.c             \
-   fileinfo.c         \
-+  fopen.c            \
-   formdata.c         \
-   ftp.c              \
-   ftplistparser.c    \
-@@ -263,6 +264,7 @@ LIB_HFILES =         \
-   escape.h           \
-   file.h             \
-   fileinfo.h         \
-+  fopen.h            \
-   formdata.h         \
-   ftp.h              \
-   ftplistparser.h    \
-diff --git a/lib/cookie.c b/lib/cookie.c
-index 8a6aa1a..cb0c03b 100644
---- a/lib/cookie.c
-+++ b/lib/cookie.c
-@@ -96,8 +96,8 @@ Example set of cookies:
- #include "curl_get_line.h"
- #include "curl_memrchr.h"
- #include "parsedate.h"
--#include "rand.h"
- #include "rename.h"
-+#include "fopen.h"
- 
- /* The last 3 #include files should be in this order */
- #include "curl_printf.h"
-@@ -1612,20 +1612,9 @@ static CURLcode cookie_output(struct Curl_easy *data,
-     use_stdout = TRUE;
-   }
-   else {
--    unsigned char randsuffix[9];
--
--    if(Curl_rand_hex(data, randsuffix, sizeof(randsuffix)))
--      return 2;
--
--    tempstore = aprintf("%s.%s.tmp", filename, randsuffix);
--    if(!tempstore)
--      return CURLE_OUT_OF_MEMORY;
--
--    out = fopen(tempstore, FOPEN_WRITETEXT);
--    if(!out) {
--      error = CURLE_WRITE_ERROR;
-+    error = Curl_fopen(data, filename, &out, &tempstore);
-+    if(error)
-       goto error;
--    }
-   }
- 
-   fputs("# Netscape HTTP Cookie File\n"
-@@ -1672,7 +1661,7 @@ static CURLcode cookie_output(struct Curl_easy *data,
-   if(!use_stdout) {
-     fclose(out);
-     out = NULL;
--    if(Curl_rename(tempstore, filename)) {
-+    if(tempstore && Curl_rename(tempstore, filename)) {
-       unlink(tempstore);
-       error = CURLE_WRITE_ERROR;
-       goto error;
-diff --git a/lib/curl_config.h.cmake b/lib/curl_config.h.cmake
-index d2a0f43..c254359 100644
---- a/lib/curl_config.h.cmake
-+++ b/lib/curl_config.h.cmake
-@@ -157,6 +157,9 @@
- /* Define to 1 if you have the <assert.h> header file. */
- #cmakedefine HAVE_ASSERT_H 1
- 
-+/* Define to 1 if you have the `fchmod' function. */
-+#cmakedefine HAVE_FCHMOD 1
-+
- /* Define to 1 if you have the `basename' function. */
- #cmakedefine HAVE_BASENAME 1
- 
-diff --git a/lib/fopen.c b/lib/fopen.c
-new file mode 100644
-index 0000000..ad3691b
---- /dev/null
-+++ b/lib/fopen.c
-@@ -0,0 +1,113 @@
-+/***************************************************************************
-+ *                                  _   _ ____  _
-+ *  Project                     ___| | | |  _ \| |
-+ *                             / __| | | | |_) | |
-+ *                            | (__| |_| |  _ <| |___
-+ *                             \___|\___/|_| \_\_____|
-+ *
-+ * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
-+ *
-+ * This software is licensed as described in the file COPYING, which
-+ * you should have received as part of this distribution. The terms
-+ * are also available at https://curl.se/docs/copyright.html.
-+ *
-+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
-+ * copies of the Software, and permit persons to whom the Software is
-+ * furnished to do so, under the terms of the COPYING file.
-+ *
-+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
-+ * KIND, either express or implied.
-+ *
-+ * SPDX-License-Identifier: curl
-+ *
-+ ***************************************************************************/
-+
-+#include "curl_setup.h"
-+
-+#if !defined(CURL_DISABLE_COOKIES) || !defined(CURL_DISABLE_ALTSVC) ||  \
-+  !defined(CURL_DISABLE_HSTS)
-+
-+#ifdef HAVE_FCNTL_H
-+#include <fcntl.h>
-+#endif
-+
-+#include "urldata.h"
-+#include "rand.h"
-+#include "fopen.h"
-+/* The last 3 #include files should be in this order */
-+#include "curl_printf.h"
-+#include "curl_memory.h"
-+#include "memdebug.h"
-+
-+/*
-+ * Curl_fopen() opens a file for writing with a temp name, to be renamed
-+ * to the final name when completed. If there is an existing file using this
-+ * name at the time of the open, this function will clone the mode from that
-+ * file.  if 'tempname' is non-NULL, it needs a rename after the file is
-+ * written.
-+ */
-+CURLcode Curl_fopen(struct Curl_easy *data, const char *filename,
-+                    FILE **fh, char **tempname)
-+{
-+  CURLcode result = CURLE_WRITE_ERROR;
-+  unsigned char randsuffix[9];
-+  char *tempstore = NULL;
-+  struct_stat sb;
-+  int fd = -1;
-+  *tempname = NULL;
-+
-+  if(stat(filename, &sb) == -1 || !S_ISREG(sb.st_mode)) {
-+    /* a non-regular file, fallback to direct fopen() */
-+    *fh = fopen(filename, FOPEN_WRITETEXT);
-+    if(*fh)
-+      return CURLE_OK;
-+    goto fail;
-+  }
-+
-+  result = Curl_rand_hex(data, randsuffix, sizeof(randsuffix));
-+  if(result)
-+    goto fail;
-+
-+  tempstore = aprintf("%s.%s.tmp", filename, randsuffix);
-+  if(!tempstore) {
-+    result = CURLE_OUT_OF_MEMORY;
-+    goto fail;
-+  }
-+
-+  result = CURLE_WRITE_ERROR;
-+  fd = open(tempstore, O_WRONLY | O_CREAT | O_EXCL, 0600);
-+  if(fd == -1)
-+    goto fail;
-+
-+#ifdef HAVE_FCHMOD
-+  {
-+    struct_stat nsb;
-+    if((fstat(fd, &nsb) != -1) &&
-+       (nsb.st_uid == sb.st_uid) && (nsb.st_gid == sb.st_gid)) {
-+      /* if the user and group are the same, clone the original mode */
-+      if(fchmod(fd, sb.st_mode) == -1)
-+        goto fail;
-+    }
-+  }
-+#endif
-+
-+  *fh = fdopen(fd, FOPEN_WRITETEXT);
-+  if(!*fh)
-+    goto fail;
-+
-+  *tempname = tempstore;
-+  return CURLE_OK;
-+
-+fail:
-+  if(fd != -1) {
-+    close(fd);
-+    unlink(tempstore);
-+  }
-+
-+  free(tempstore);
-+
-+  *tempname = NULL;
-+  return result;
-+}
-+
-+#endif /* ! disabled */
-diff --git a/lib/fopen.h b/lib/fopen.h
-new file mode 100644
-index 0000000..289e55f
---- /dev/null
-+++ b/lib/fopen.h
-@@ -0,0 +1,30 @@
-+#ifndef HEADER_CURL_FOPEN_H
-+#define HEADER_CURL_FOPEN_H
-+/***************************************************************************
-+ *                                  _   _ ____  _
-+ *  Project                     ___| | | |  _ \| |
-+ *                             / __| | | | |_) | |
-+ *                            | (__| |_| |  _ <| |___
-+ *                             \___|\___/|_| \_\_____|
-+ *
-+ * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
-+ *
-+ * This software is licensed as described in the file COPYING, which
-+ * you should have received as part of this distribution. The terms
-+ * are also available at https://curl.se/docs/copyright.html.
-+ *
-+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
-+ * copies of the Software, and permit persons to whom the Software is
-+ * furnished to do so, under the terms of the COPYING file.
-+ *
-+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
-+ * KIND, either express or implied.
-+ *
-+ * SPDX-License-Identifier: curl
-+ *
-+ ***************************************************************************/
-+
-+CURLcode Curl_fopen(struct Curl_easy *data, const char *filename,
-+                    FILE **fh, char **tempname);
-+
-+#endif
--- 
-2.35.3
-
-
-From bd7af48238b058e9b46fdf2e1333b355920c341c Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Wed, 25 May 2022 10:09:53 +0200
-Subject: [PATCH 2/3] altsvc: use Curl_fopen()
-
-Upstream-commit: fab970a5d19c1faa2052239ec1e2602b892cbeb2
-Signed-off-by: Kamil Dudka <kdudka@redhat.com>
----
- lib/altsvc.c | 22 ++++++----------------
- 1 file changed, 6 insertions(+), 16 deletions(-)
-
-diff --git a/lib/altsvc.c b/lib/altsvc.c
-index 242733b..4dc4078 100644
---- a/lib/altsvc.c
-+++ b/lib/altsvc.c
-@@ -34,7 +34,7 @@
- #include "parsedate.h"
- #include "sendf.h"
- #include "warnless.h"
--#include "rand.h"
-+#include "fopen.h"
- #include "rename.h"
- 
- /* The last 3 #include files should be in this order */
-@@ -329,8 +329,7 @@ CURLcode Curl_altsvc_save(struct Curl_easy *data,
-   struct Curl_llist_element *n;
-   CURLcode result = CURLE_OK;
-   FILE *out;
--  char *tempstore;
--  unsigned char randsuffix[9];
-+  char *tempstore = NULL;
- 
-   if(!altsvc)
-     /* no cache activated */
-@@ -344,17 +343,8 @@ CURLcode Curl_altsvc_save(struct Curl_easy *data,
-     /* marked as read-only, no file or zero length file name */
-     return CURLE_OK;
- 
--  if(Curl_rand_hex(data, randsuffix, sizeof(randsuffix)))
--    return CURLE_FAILED_INIT;
--
--  tempstore = aprintf("%s.%s.tmp", file, randsuffix);
--  if(!tempstore)
--    return CURLE_OUT_OF_MEMORY;
--
--  out = fopen(tempstore, FOPEN_WRITETEXT);
--  if(!out)
--    result = CURLE_WRITE_ERROR;
--  else {
-+  result = Curl_fopen(data, file, &out, &tempstore);
-+  if(!result) {
-     fputs("# Your alt-svc cache. https://curl.se/docs/alt-svc.html\n"
-           "# This file was generated by libcurl! Edit at your own risk.\n",
-           out);
-@@ -366,10 +356,10 @@ CURLcode Curl_altsvc_save(struct Curl_easy *data,
-         break;
-     }
-     fclose(out);
--    if(!result && Curl_rename(tempstore, file))
-+    if(!result && tempstore && Curl_rename(tempstore, file))
-       result = CURLE_WRITE_ERROR;
- 
--    if(result)
-+    if(result && tempstore)
-       unlink(tempstore);
-   }
-   free(tempstore);
--- 
-2.35.3
-
-
-From 2011622a36fa715f38277422241e77e25dfdf0d0 Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Wed, 25 May 2022 10:09:54 +0200
-Subject: [PATCH 3/3] hsts: use Curl_fopen()
-
-Upstream-commit: d64115d7bb8ae4c136b620912da523c063f1d2ee
-Signed-off-by: Kamil Dudka <kdudka@redhat.com>
----
- lib/hsts.c | 22 ++++++----------------
- 1 file changed, 6 insertions(+), 16 deletions(-)
-
-diff --git a/lib/hsts.c b/lib/hsts.c
-index b9fa6f7..9d54c82 100644
---- a/lib/hsts.c
-+++ b/lib/hsts.c
-@@ -35,7 +35,7 @@
- #include "sendf.h"
- #include "strtoofft.h"
- #include "parsedate.h"
--#include "rand.h"
-+#include "fopen.h"
- #include "rename.h"
- #include "strtoofft.h"
- 
-@@ -334,8 +334,7 @@ CURLcode Curl_hsts_save(struct Curl_easy *data, struct hsts *h,
-   struct Curl_llist_element *n;
-   CURLcode result = CURLE_OK;
-   FILE *out;
--  char *tempstore;
--  unsigned char randsuffix[9];
-+  char *tempstore = NULL;
- 
-   if(!h)
-     /* no cache activated */
-@@ -349,17 +348,8 @@ CURLcode Curl_hsts_save(struct Curl_easy *data, struct hsts *h,
-     /* marked as read-only, no file or zero length file name */
-     goto skipsave;
- 
--  if(Curl_rand_hex(data, randsuffix, sizeof(randsuffix)))
--    return CURLE_FAILED_INIT;
--
--  tempstore = aprintf("%s.%s.tmp", file, randsuffix);
--  if(!tempstore)
--    return CURLE_OUT_OF_MEMORY;
--
--  out = fopen(tempstore, FOPEN_WRITETEXT);
--  if(!out)
--    result = CURLE_WRITE_ERROR;
--  else {
-+  result = Curl_fopen(data, file, &out, &tempstore);
-+  if(!result) {
-     fputs("# Your HSTS cache. https://curl.se/docs/hsts.html\n"
-           "# This file was generated by libcurl! Edit at your own risk.\n",
-           out);
-@@ -371,10 +361,10 @@ CURLcode Curl_hsts_save(struct Curl_easy *data, struct hsts *h,
-         break;
-     }
-     fclose(out);
--    if(!result && Curl_rename(tempstore, file))
-+    if(!result && tempstore && Curl_rename(tempstore, file))
-       result = CURLE_WRITE_ERROR;
- 
--    if(result)
-+    if(result && tempstore)
-       unlink(tempstore);
-   }
-   free(tempstore);
--- 
-2.35.3
-

0014-curl-7.82.0-CVE-2022-35252.patch

@@ -1,136 +0,0 @@
-From fbc2ac6f06ec13cc872ce7adb870f4d7c7d5dded Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Mon, 29 Aug 2022 00:09:17 +0200
-Subject: [PATCH 1/2] cookie: reject cookies with "control bytes"
-
-Rejects 0x01 - 0x1f (except 0x09) plus 0x7f
-
-Reported-by: Axel Chong
-
-Bug: https://curl.se/docs/CVE-2022-35252.html
-
-CVE-2022-35252
-
-Closes #9381
-
-Upstream-commit: 8dfc93e573ca740544a2d79ebb0ed786592c65c3
-Signed-off-by: Kamil Dudka <kdudka@redhat.com>
----
- lib/cookie.c | 29 +++++++++++++++++++++++++++++
- 1 file changed, 29 insertions(+)
-
-diff --git a/lib/cookie.c b/lib/cookie.c
-index cb0c03b..e0470a1 100644
---- a/lib/cookie.c
-+++ b/lib/cookie.c
-@@ -430,6 +430,30 @@ static bool bad_domain(const char *domain)
-   return !strchr(domain, '.') && !strcasecompare(domain, "localhost");
- }
- 
-+/*
-+  RFC 6265 section 4.1.1 says a server should accept this range:
-+
-+  cookie-octet    = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
-+
-+  But Firefox and Chrome as of June 2022 accept space, comma and double-quotes
-+  fine. The prime reason for filtering out control bytes is that some HTTP
-+  servers return 400 for requests that contain such.
-+*/
-+static int invalid_octets(const char *p)
-+{
-+  /* Reject all bytes \x01 - \x1f (*except* \x09, TAB) + \x7f */
-+  static const char badoctets[] = {
-+    "\x01\x02\x03\x04\x05\x06\x07\x08\x0a"
-+    "\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14"
-+    "\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x7f"
-+  };
-+  size_t vlen, len;
-+  /* scan for all the octets that are *not* in cookie-octet */
-+  len = strcspn(p, badoctets);
-+  vlen = strlen(p);
-+  return (len != vlen);
-+}
-+
- /*
-  * Curl_cookie_add
-  *
-@@ -582,6 +606,11 @@ Curl_cookie_add(struct Curl_easy *data,
-             badcookie = TRUE;
-             break;
-           }
-+          if(invalid_octets(whatptr) || invalid_octets(name)) {
-+            infof(data, "invalid octets in name/value, cookie dropped");
-+            badcookie = TRUE;
-+            break;
-+          }
-         }
-         else if(!len) {
-           /*
--- 
-2.37.1
-
-
-From 1a3e2bd48572761236934651091c899a4d460ef5 Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Mon, 29 Aug 2022 00:09:17 +0200
-Subject: [PATCH 2/2] test8: verify that "ctrl-byte cookies" are ignored
-
-Upstream-commit: 2fc031d834d488854ffc58bf7dbcef7fa7c1fc28
-Signed-off-by: Kamil Dudka <kdudka@redhat.com>
----
- tests/data/test8 | 32 +++++++++++++++++++++++++++++++-
- 1 file changed, 31 insertions(+), 1 deletion(-)
-
-diff --git a/tests/data/test8 b/tests/data/test8
-index a8548e6..8587611 100644
---- a/tests/data/test8
-+++ b/tests/data/test8
-@@ -46,6 +46,36 @@ Set-Cookie: trailingspace    = removed; path=/we/want;
- Set-Cookie: nocookie=yes; path=/WE;
- Set-Cookie: blexp=yesyes; domain=%HOSTIP; domain=%HOSTIP; expiry=totally bad;
- Set-Cookie: partialip=nono; domain=.0.0.1;
-+Set-Cookie: cookie1=%hex[%01-junk]hex%
-+Set-Cookie: cookie2=%hex[%02-junk]hex%
-+Set-Cookie: cookie3=%hex[%03-junk]hex%
-+Set-Cookie: cookie4=%hex[%04-junk]hex%
-+Set-Cookie: cookie5=%hex[%05-junk]hex%
-+Set-Cookie: cookie6=%hex[%06-junk]hex%
-+Set-Cookie: cookie7=%hex[%07-junk]hex%
-+Set-Cookie: cookie8=%hex[%08-junk]hex%
-+Set-Cookie: cookie9=%hex[junk-%09-]hex%
-+Set-Cookie: cookie11=%hex[%0b-junk]hex%
-+Set-Cookie: cookie12=%hex[%0c-junk]hex%
-+Set-Cookie: cookie14=%hex[%0e-junk]hex%
-+Set-Cookie: cookie15=%hex[%0f-junk]hex%
-+Set-Cookie: cookie16=%hex[%10-junk]hex%
-+Set-Cookie: cookie17=%hex[%11-junk]hex%
-+Set-Cookie: cookie18=%hex[%12-junk]hex%
-+Set-Cookie: cookie19=%hex[%13-junk]hex%
-+Set-Cookie: cookie20=%hex[%14-junk]hex%
-+Set-Cookie: cookie21=%hex[%15-junk]hex%
-+Set-Cookie: cookie22=%hex[%16-junk]hex%
-+Set-Cookie: cookie23=%hex[%17-junk]hex%
-+Set-Cookie: cookie24=%hex[%18-junk]hex%
-+Set-Cookie: cookie25=%hex[%19-junk]hex%
-+Set-Cookie: cookie26=%hex[%1a-junk]hex%
-+Set-Cookie: cookie27=%hex[%1b-junk]hex%
-+Set-Cookie: cookie28=%hex[%1c-junk]hex%
-+Set-Cookie: cookie29=%hex[%1d-junk]hex%
-+Set-Cookie: cookie30=%hex[%1e-junk]hex%
-+Set-Cookie: cookie31=%hex[%1f-junk]hex%
-+Set-Cookie: cookie31=%hex[%7f-junk]hex%
- 
- </file>
- <precheck>
-@@ -60,7 +90,7 @@ GET /we/want/%TESTNUMBER HTTP/1.1
- Host: %HOSTIP:%HTTPPORT
- User-Agent: curl/%VERSION
- Accept: */*
--Cookie: name with space=is weird but; trailingspace=removed; cookie=perhaps; cookie=yes; foobar=name; blexp=yesyes
-+Cookie: name with space=is weird but; trailingspace=removed; cookie=perhaps; cookie=yes; foobar=name; blexp=yesyes; cookie9=junk-	-
- 
- </protocol>
- </verify>
--- 
-2.37.1
-

0015-curl-7.82.0-CVE-2022-32221.patch

@@ -1,251 +0,0 @@
-From 08a53016db649bdf4f65c42a9704d35e052be7eb Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Thu, 15 Sep 2022 09:22:45 +0200
-Subject: [PATCH 1/2] setopt: when POST is set, reset the 'upload' field
-
-Reported-by: RobBotic1 on github
-Fixes #9507
-Closes #9511
-
-Upstream-commit: a64e3e59938abd7d667e4470a18072a24d7e9de9
-Signed-off-by: Kamil Dudka <kdudka@redhat.com>
----
- lib/setopt.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/lib/setopt.c b/lib/setopt.c
-index d5e3b50..b8793b4 100644
---- a/lib/setopt.c
-+++ b/lib/setopt.c
-@@ -630,6 +630,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
-     }
-     else
-       data->set.method = HTTPREQ_GET;
-+    data->set.upload = FALSE;
-     break;
- 
-   case CURLOPT_HTTPPOST:
--- 
-2.37.3
-
-
-From a5e36349807b98d31a16bd220f6434289465e16a Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Thu, 15 Sep 2022 09:23:33 +0200
-Subject: [PATCH 2/2] test1948: verify PUT + POST reusing the same handle
-
-Reproduced #9507, verifies the fix
-
-Upstream-commit: 1edb15925e350be3b891f8a8de86600b22c0bb20
-Signed-off-by: Kamil Dudka <kdudka@redhat.com>
----
- tests/data/Makefile.inc    |  1 +
- tests/data/test1948        | 73 +++++++++++++++++++++++++++++++++++
- tests/libtest/Makefile.inc |  5 +++
- tests/libtest/lib1948.c    | 79 ++++++++++++++++++++++++++++++++++++++
- 4 files changed, 158 insertions(+)
- create mode 100644 tests/data/test1948
- create mode 100644 tests/libtest/lib1948.c
-
-diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
-index 818ee08..0cfab9b 100644
---- a/tests/data/Makefile.inc
-+++ b/tests/data/Makefile.inc
-@@ -218,6 +218,7 @@ test1908 test1909 test1910 test1911 test1912 test1913 test1914 test1915 \
- test1916 test1917 test1918 \
- \
- test1933 test1934 test1935 test1936 \
-+test1948 \
- \
- test2000 test2001 test2002 test2003 test2004 \
- \
-diff --git a/tests/data/test1948 b/tests/data/test1948
-new file mode 100644
-index 0000000..639523d
---- /dev/null
-+++ b/tests/data/test1948
-@@ -0,0 +1,73 @@
-+<testcase>
-+<info>
-+<keywords>
-+HTTP
-+HTTP POST
-+HTTP PUT
-+</keywords>
-+</info>
-+
-+# Server-side
-+<reply>
-+<data>
-+HTTP/1.1 200 OK
-+Date: Thu, 01 Nov 2001 14:49:00 GMT
-+Content-Type: text/html
-+Content-Length: 6
-+
-+hello
-+</data>
-+<datacheck>
-+HTTP/1.1 200 OK
-+Date: Thu, 01 Nov 2001 14:49:00 GMT
-+Content-Type: text/html
-+Content-Length: 6
-+
-+hello
-+HTTP/1.1 200 OK
-+Date: Thu, 01 Nov 2001 14:49:00 GMT
-+Content-Type: text/html
-+Content-Length: 6
-+
-+hello
-+</datacheck>
-+</reply>
-+
-+# Client-side
-+<client>
-+<server>
-+http
-+</server>
-+
-+<name>
-+CURLOPT_POST after CURLOPT_UPLOAD reusing handle
-+</name>
-+<tool>
-+lib%TESTNUMBER
-+</tool>
-+
-+<command>
-+http://%HOSTIP:%HTTPPORT/%TESTNUMBER
-+</command>
-+</client>
-+
-+# Verify data after the test has been "shot"
-+<verify>
-+<protocol>
-+PUT /%TESTNUMBER HTTP/1.1
-+Host: %HOSTIP:%HTTPPORT
-+Accept: */*
-+Content-Length: 22
-+Expect: 100-continue
-+
-+This is test PUT data
-+POST /1948 HTTP/1.1
-+Host: %HOSTIP:%HTTPPORT
-+Accept: */*
-+Content-Length: 22
-+Content-Type: application/x-www-form-urlencoded
-+
-+This is test PUT data
-+</protocol>
-+</verify>
-+</testcase>
-diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc
-index 83a8af4..3192eca 100644
---- a/tests/libtest/Makefile.inc
-+++ b/tests/libtest/Makefile.inc
-@@ -61,6 +61,7 @@ noinst_PROGRAMS = chkhostname libauthretry libntlmconnect                \
-  lib1591 lib1592 lib1593 lib1594 lib1596 \
-          lib1905 lib1906 lib1907 lib1908 lib1910 lib1911 lib1912 lib1913 \
-          lib1915 lib1916 lib1917 lib1918 lib1933 lib1934 lib1935 lib1936 \
-+ lib1948 \
-          lib3010
- 
- chkdecimalpoint_SOURCES = chkdecimalpoint.c ../../lib/mprintf.c \
-@@ -699,6 +700,10 @@ lib1936_SOURCES = lib1936.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
- lib1936_LDADD = $(TESTUTIL_LIBS)
- lib1936_CPPFLAGS = $(AM_CPPFLAGS)
- 
-+lib1948_SOURCES = lib1948.c $(SUPPORTFILES)
-+lib1948_LDADD = $(TESTUTIL_LIBS)
-+lib1948_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1948
-+
- lib3010_SOURCES = lib3010.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
- lib3010_LDADD = $(TESTUTIL_LIBS)
- lib3010_CPPFLAGS = $(AM_CPPFLAGS)
-diff --git a/tests/libtest/lib1948.c b/tests/libtest/lib1948.c
-new file mode 100644
-index 0000000..7c891a2
---- /dev/null
-+++ b/tests/libtest/lib1948.c
-@@ -0,0 +1,79 @@
-+/***************************************************************************
-+ *                                  _   _ ____  _
-+ *  Project                     ___| | | |  _ \| |
-+ *                             / __| | | | |_) | |
-+ *                            | (__| |_| |  _ <| |___
-+ *                             \___|\___/|_| \_\_____|
-+ *
-+ * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
-+ *
-+ * This software is licensed as described in the file COPYING, which
-+ * you should have received as part of this distribution. The terms
-+ * are also available at https://curl.haxx.se/docs/copyright.html.
-+ *
-+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
-+ * copies of the Software, and permit persons to whom the Software is
-+ * furnished to do so, under the terms of the COPYING file.
-+ *
-+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
-+ * KIND, either express or implied.
-+ *
-+ * SPDX-License-Identifier: curl
-+ *
-+ ***************************************************************************/
-+
-+#include "test.h"
-+
-+typedef struct
-+{
-+  char *buf;
-+  size_t len;
-+} put_buffer;
-+
-+static size_t put_callback(char *ptr, size_t size, size_t nmemb, void *stream)
-+{
-+  put_buffer *putdata = (put_buffer *)stream;
-+  size_t totalsize = size * nmemb;
-+  size_t tocopy = (putdata->len < totalsize) ? putdata->len : totalsize;
-+  memcpy(ptr, putdata->buf, tocopy);
-+  putdata->len -= tocopy;
-+  putdata->buf += tocopy;
-+  return tocopy;
-+}
-+
-+int test(char *URL)
-+{
-+  CURL *curl;
-+  CURLcode res = CURLE_OUT_OF_MEMORY;
-+
-+  curl_global_init(CURL_GLOBAL_DEFAULT);
-+
-+  curl = curl_easy_init();
-+  if(curl) {
-+    const char *testput = "This is test PUT data\n";
-+    put_buffer pbuf;
-+
-+    /* PUT */
-+    curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L);
-+    curl_easy_setopt(curl, CURLOPT_HEADER, 1L);
-+    curl_easy_setopt(curl, CURLOPT_READFUNCTION, put_callback);
-+    pbuf.buf = (char *)testput;
-+    pbuf.len = strlen(testput);
-+    curl_easy_setopt(curl, CURLOPT_READDATA, &pbuf);
-+    curl_easy_setopt(curl, CURLOPT_INFILESIZE, (long)strlen(testput));
-+    res = curl_easy_setopt(curl, CURLOPT_URL, URL);
-+    if(!res)
-+      res = curl_easy_perform(curl);
-+    if(!res) {
-+      /* POST */
-+      curl_easy_setopt(curl, CURLOPT_POST, 1L);
-+      curl_easy_setopt(curl, CURLOPT_POSTFIELDS, testput);
-+      curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, (long)strlen(testput));
-+      res = curl_easy_perform(curl);
-+    }
-+    curl_easy_cleanup(curl);
-+  }
-+
-+  curl_global_cleanup();
-+  return (int)res;
-+}
--- 
-2.37.3
-

0016-curl-7.82.0-CVE-2022-35260.patch

@@ -1,76 +0,0 @@
-From 54dcd2334220ad965ef81130ba8ddf90b30c987c Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Tue, 4 Oct 2022 14:37:24 +0200
-Subject: [PATCH] netrc: replace fgets with Curl_get_line
-
-Make the parser only accept complete lines and avoid problems with
-overly long lines.
-
-Reported-by: Hiroki Kurosawa
-
-Closes #9789
-
-Upstream-commit: c97ec984fb2bc919a3aa863e0476dffa377b184c
-Signed-off-by: Kamil Dudka <kdudka@redhat.com>
----
- lib/curl_get_line.c | 6 +++---
- lib/netrc.c         | 5 +++--
- 2 files changed, 6 insertions(+), 5 deletions(-)
-
-diff --git a/lib/curl_get_line.c b/lib/curl_get_line.c
-index 6a26bb2..22e3705 100644
---- a/lib/curl_get_line.c
-+++ b/lib/curl_get_line.c
-@@ -23,7 +23,7 @@
- #include "curl_setup.h"
- 
- #if !defined(CURL_DISABLE_COOKIES) || !defined(CURL_DISABLE_ALTSVC) ||  \
--  !defined(CURL_DISABLE_HSTS)
-+  !defined(CURL_DISABLE_HSTS) || !defined(CURL_DISABLE_NETRC)
- 
- #include "curl_get_line.h"
- #include "curl_memory.h"
-@@ -31,8 +31,8 @@
- #include "memdebug.h"
- 
- /*
-- * get_line() makes sure to only return complete whole lines that fit in 'len'
-- * bytes and end with a newline.
-+ * Curl_get_line() makes sure to only return complete whole lines that fit in
-+ * 'len' bytes and end with a newline.
-  */
- char *Curl_get_line(char *buf, int len, FILE *input)
- {
-diff --git a/lib/netrc.c b/lib/netrc.c
-index 62a6a10..5d17482 100644
---- a/lib/netrc.c
-+++ b/lib/netrc.c
-@@ -31,6 +31,7 @@
- #include "netrc.h"
- #include "strtok.h"
- #include "strcase.h"
-+#include "curl_get_line.h"
- 
- /* The last 3 #include files should be in this order */
- #include "curl_printf.h"
-@@ -84,7 +85,7 @@ static int parsenetrc(const char *host,
-     char netrcbuffer[4096];
-     int  netrcbuffsize = (int)sizeof(netrcbuffer);
- 
--    while(!done && fgets(netrcbuffer, netrcbuffsize, file)) {
-+    while(!done && Curl_get_line(netrcbuffer, netrcbuffsize, file)) {
-       if(state == MACDEF) {
-         if((netrcbuffer[0] == '\n') || (netrcbuffer[0] == '\r'))
-           state = NOTHING;
-@@ -186,7 +187,7 @@ static int parsenetrc(const char *host,
- 
-         tok = strtok_r(NULL, " \t\n", &tok_buf);
-       } /* while(tok) */
--    } /* while fgets() */
-+    } /* while Curl_get_line() */
- 
-     out:
-     if(!retcode) {
--- 
-2.37.3
-

0017-curl-7.82.0-CVE-2022-42915.patch

@@ -1,152 +0,0 @@
-From 3c54eaf986d62a1f7482b8d5fff2d6ac42d19f23 Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Thu, 6 Oct 2022 14:13:36 +0200
-Subject: [PATCH 1/2] http_proxy: restore the protocol pointer on error
-
-Reported-by: Trail of Bits
-
-Closes #9790
-
-Upstream-commit: 55e1875729f9d9fc7315cec611bffbd2c817ad89
-Signed-off-by: Kamil Dudka <kdudka@redhat.com>
----
- lib/http_proxy.c | 3 +--
- lib/url.c        | 9 ---------
- 2 files changed, 1 insertion(+), 11 deletions(-)
-
-diff --git a/lib/http_proxy.c b/lib/http_proxy.c
-index 1f87f6c..cc20b3a 100644
---- a/lib/http_proxy.c
-+++ b/lib/http_proxy.c
-@@ -207,9 +207,8 @@ static void connect_done(struct Curl_easy *data)
-     Curl_dyn_free(&s->rcvbuf);
-     Curl_dyn_free(&s->req);
- 
--    /* retore the protocol pointer */
-+    /* restore the protocol pointer */
-     data->req.p.http = s->prot_save;
--    s->prot_save = NULL;
-     infof(data, "CONNECT phase completed!");
-   }
- }
-diff --git a/lib/url.c b/lib/url.c
-index bfc784f..61c99d2 100644
---- a/lib/url.c
-+++ b/lib/url.c
-@@ -735,15 +735,6 @@ static void conn_shutdown(struct Curl_easy *data, struct connectdata *conn)
-   DEBUGASSERT(data);
-   infof(data, "Closing connection %ld", conn->connection_id);
- 
--#ifndef USE_HYPER
--  if(conn->connect_state && conn->connect_state->prot_save) {
--    /* If this was closed with a CONNECT in progress, cleanup this temporary
--       struct arrangement */
--    data->req.p.http = NULL;
--    Curl_safefree(conn->connect_state->prot_save);
--  }
--#endif
--
-   /* possible left-overs from the async name resolvers */
-   Curl_resolver_cancel(data);
- 
--- 
-2.37.3
-
-
-From 5fdb5e8433c132dbb1e31a48d39a4a54ba4d7a9e Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Thu, 6 Oct 2022 14:14:25 +0200
-Subject: [PATCH 2/2] test445: verifies the protocols-over-http-proxy flaw and
- fix
-
-Upstream-commit: 038bfb8522a93328b7e65bd2b6b8387c974b9ac8
-Signed-off-by: Kamil Dudka <kdudka@redhat.com>
----
- tests/data/Makefile.inc |  2 +-
- tests/data/test445      | 61 +++++++++++++++++++++++++++++++++++++++++
- 2 files changed, 62 insertions(+), 1 deletion(-)
- create mode 100644 tests/data/test445
-
-diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
-index 0cfab9b..14c1b0c 100644
---- a/tests/data/Makefile.inc
-+++ b/tests/data/Makefile.inc
-@@ -69,7 +69,7 @@ test409 test410 \
- \
- test430 test431 test432 test433 test434 test435 \
- \
--test442 test443 test444 \
-+test442 test443 test444 test445 \
- \
- test490 test491 test492 test493 test494 \
- \
-diff --git a/tests/data/test445 b/tests/data/test445
-new file mode 100644
-index 0000000..0406c0f
---- /dev/null
-+++ b/tests/data/test445
-@@ -0,0 +1,61 @@
-+<testcase>
-+<info>
-+<keywords>
-+HTTP
-+HTTP proxy
-+</keywords>
-+</info>
-+
-+#
-+# Server-side
-+<reply>
-+<connect>
-+HTTP/1.1 503 no just no
-+Date: Tue, 09 Nov 2010 14:49:00 GMT
-+Server: test-server/fake
-+Accept-Ranges: bytes
-+Content-Length: 6
-+Connection: close
-+
-+-foo-
-+</connect>
-+</reply>
-+
-+#
-+# Client-side
-+<client>
-+<features>
-+gopher
-+dict
-+http
-+ftp
-+imap
-+ldap
-+mqtt
-+pop3
-+rtsp
-+scp
-+sftp
-+smb
-+smtp
-+</features>
-+<server>
-+http-proxy
-+</server>
-+ <name>
-+Refuse tunneling protocols through HTTP proxy
-+ </name>
-+ <command>
-+-x http://%HOSTIP:%PROXYPORT/%TESTNUMBER -p gopher://127.0.0.1 dict://127.0.0.1 http://moo https://example telnet://another ftp://yes ftps://again imap://more ldap://perhaps mqtt://yes pop3://mail rtsp://harder scp://copy sftp://files smb://wird smtp://send
-+</command>
-+</client>
-+
-+#
-+# Verify data after the test has been "shot"
-+<verify>
-+# refused in the CONNECT
-+<errorcode>
-+56
-+</errorcode>
-+</verify>
-+</testcase>
--- 
-2.37.3
-

0018-curl-7.82.0-CVE-2022-42916.patch

@@ -1,137 +0,0 @@
-From 8c1f295ec343bad073a41f62de5f4c4ddd579e41 Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Wed, 12 Oct 2022 10:47:59 +0200
-Subject: [PATCH] url: use IDN decoded names for HSTS checks
-
-Reported-by: Hiroki Kurosawa
-
-Closes #9791
-
-Upstream-commit: 53bcf55b4538067e6dc36242168866becb987bb7
-Signed-off-by: Kamil Dudka <kdudka@redhat.com>
----
- lib/url.c | 91 ++++++++++++++++++++++++++++---------------------------
- 1 file changed, 47 insertions(+), 44 deletions(-)
-
-diff --git a/lib/url.c b/lib/url.c
-index 61c99d2..6426fa7 100644
---- a/lib/url.c
-+++ b/lib/url.c
-@@ -1988,10 +1988,56 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data,
-     if(!strcasecompare("file", data->state.up.scheme))
-       return CURLE_OUT_OF_MEMORY;
-   }
-+  hostname = data->state.up.hostname;
-+
-+  if(hostname && hostname[0] == '[') {
-+    /* This looks like an IPv6 address literal. See if there is an address
-+       scope. */
-+    size_t hlen;
-+    conn->bits.ipv6_ip = TRUE;
-+    /* cut off the brackets! */
-+    hostname++;
-+    hlen = strlen(hostname);
-+    hostname[hlen - 1] = 0;
-+
-+    zonefrom_url(uh, data, conn);
-+  }
-+
-+  /* make sure the connect struct gets its own copy of the host name */
-+  conn->host.rawalloc = strdup(hostname ? hostname : "");
-+  if(!conn->host.rawalloc)
-+    return CURLE_OUT_OF_MEMORY;
-+  conn->host.name = conn->host.rawalloc;
-+
-+  /*************************************************************
-+   * IDN-convert the hostnames
-+   *************************************************************/
-+  result = Curl_idnconvert_hostname(data, &conn->host);
-+  if(result)
-+    return result;
-+  if(conn->bits.conn_to_host) {
-+    result = Curl_idnconvert_hostname(data, &conn->conn_to_host);
-+    if(result)
-+      return result;
-+  }
-+#ifndef CURL_DISABLE_PROXY
-+  if(conn->bits.httpproxy) {
-+    result = Curl_idnconvert_hostname(data, &conn->http_proxy.host);
-+    if(result)
-+      return result;
-+  }
-+  if(conn->bits.socksproxy) {
-+    result = Curl_idnconvert_hostname(data, &conn->socks_proxy.host);
-+    if(result)
-+      return result;
-+  }
-+#endif
- 
- #ifndef CURL_DISABLE_HSTS
-+  /* HSTS upgrade */
-   if(data->hsts && strcasecompare("http", data->state.up.scheme)) {
--    if(Curl_hsts(data->hsts, data->state.up.hostname, TRUE)) {
-+    /* This MUST use the IDN decoded name */
-+    if(Curl_hsts(data->hsts, conn->host.name, TRUE)) {
-       char *url;
-       Curl_safefree(data->state.up.scheme);
-       uc = curl_url_set(uh, CURLUPART_SCHEME, "https", 0);
-@@ -2094,26 +2140,6 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data,
- 
-   (void)curl_url_get(uh, CURLUPART_QUERY, &data->state.up.query, 0);
- 
--  hostname = data->state.up.hostname;
--  if(hostname && hostname[0] == '[') {
--    /* This looks like an IPv6 address literal. See if there is an address
--       scope. */
--    size_t hlen;
--    conn->bits.ipv6_ip = TRUE;
--    /* cut off the brackets! */
--    hostname++;
--    hlen = strlen(hostname);
--    hostname[hlen - 1] = 0;
--
--    zonefrom_url(uh, data, conn);
--  }
--
--  /* make sure the connect struct gets its own copy of the host name */
--  conn->host.rawalloc = strdup(hostname ? hostname : "");
--  if(!conn->host.rawalloc)
--    return CURLE_OUT_OF_MEMORY;
--  conn->host.name = conn->host.rawalloc;
--
-   if(data->set.scope_id)
-     /* Override any scope that was set above.  */
-     conn->scope_id = data->set.scope_id;
-@@ -3666,29 +3692,6 @@ static CURLcode create_conn(struct Curl_easy *data,
-   if(result)
-     goto out;
- 
--  /*************************************************************
--   * IDN-convert the hostnames
--   *************************************************************/
--  result = Curl_idnconvert_hostname(data, &conn->host);
--  if(result)
--    goto out;
--  if(conn->bits.conn_to_host) {
--    result = Curl_idnconvert_hostname(data, &conn->conn_to_host);
--    if(result)
--      goto out;
--  }
--#ifndef CURL_DISABLE_PROXY
--  if(conn->bits.httpproxy) {
--    result = Curl_idnconvert_hostname(data, &conn->http_proxy.host);
--    if(result)
--      goto out;
--  }
--  if(conn->bits.socksproxy) {
--    result = Curl_idnconvert_hostname(data, &conn->socks_proxy.host);
--    if(result)
--      goto out;
--  }
--#endif
- 
-   /*************************************************************
-    * Check whether the host and the "connect to host" are equal.
--- 
-2.37.3
-

0101-curl-7.32.0-multilib.patch

@@ -1,84 +1,85 @@
-From 2a4754a3a7cf60ecc36d83cbe50b8c337cb87632 Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Fri, 12 Apr 2013 12:04:05 +0200
+From 6bb4e674cdc953f5c0048aa84172539900725166 Mon Sep 17 00:00:00 2001
+From: Jan Macku <jamacku@redhat.com>
+Date: Tue, 16 Dec 2025 10:04:40 +0100
 Subject: [PATCH] prevent multilib conflicts on the curl-config script
 
 ---
- curl-config.in     | 23 +++++------------------
- docs/curl-config.1 |  4 +++-
- libcurl.pc.in      |  1 +
+ curl-config.in      | 23 +++++------------------
+ docs/curl-config.md |  4 +++-
+ libcurl.pc.in       |  1 +
  3 files changed, 9 insertions(+), 19 deletions(-)
 
 diff --git a/curl-config.in b/curl-config.in
-index 150004d..95d0759 100644
+index a1c8185875..bb43ca8335 100644
 --- a/curl-config.in
 +++ b/curl-config.in
-@@ -76,7 +76,7 @@ while test $# -gt 0; do
-         ;;
+@@ -74,7 +74,7 @@ while test "$#" -gt 0; do
+     ;;
  
-     --cc)
--        echo "@CC@"
-+        echo "gcc"
-         ;;
+   --cc)
+-    echo '@CC@'
++    echo 'gcc'
+     ;;
  
-     --prefix)
-@@ -155,32 +155,19 @@ while test $# -gt 0; do
-         ;;
+   --prefix)
+@@ -149,16 +149,7 @@ while test "$#" -gt 0; do
+     ;;
  
-     --libs)
--        if test "X@libdir@" != "X/usr/lib" -a "X@libdir@" != "X/usr/lib64"; then
--           CURLLIBDIR="-L@libdir@ "
--        else
--           CURLLIBDIR=""
--        fi
--        if test "X@ENABLE_SHARED@" = "Xno"; then
--          echo ${CURLLIBDIR}-lcurl @LIBCURL_LIBS@
--        else
--          echo ${CURLLIBDIR}-lcurl
--        fi
-+        echo -lcurl
-         ;;
-     --ssl-backends)
-         echo "@SSL_BACKENDS@"
-         ;;
+   --libs)
+-    if test "@libdir@" != '/usr/lib' && test "@libdir@" != '/usr/lib64'; then
+-      curllibdir="-L@libdir@ "
+-    else
+-      curllibdir=''
+-    fi
+-    if test '@ENABLE_SHARED@' = 'no'; then
+-      echo "${curllibdir}-lcurl @LIBCURL_PC_LIBS_PRIVATE@"
+-    else
+-      echo "${curllibdir}-lcurl"
+-    fi
++    echo '-lcurl'
+     ;;
  
-     --static-libs)
--        if test "X@ENABLE_STATIC@" != "Xno" ; then
--          echo @libdir@/libcurl.@libext@ @LDFLAGS@ @LIBCURL_LIBS@
--        else
--          echo "curl was built with static libraries disabled" >&2
--          exit 1
--        fi
-+        echo "curl was built with static libraries disabled" >&2
-+        exit 1
-         ;;
+   --ssl-backends)
+@@ -166,16 +157,12 @@ while test "$#" -gt 0; do
+     ;;
  
-     --configure)
--        echo @CONFIGURE_OPTIONS@
-+        pkg-config libcurl --variable=configure_options | sed 's/^"//;s/"$//'
-         ;;
+   --static-libs)
+-    if test '@ENABLE_STATIC@' != 'no'; then
+-      echo "@libdir@/libcurl.@libext@ @LIBCURL_PC_LDFLAGS_PRIVATE@ @LIBCURL_PC_LIBS_PRIVATE@"
+-    else
+-      echo 'curl was built with static libraries disabled' >&2
+-      exit 1
+-    fi
++    echo 'curl was built with static libraries disabled' >&2
++    exit 1
+     ;;
  
-     *)
-diff --git a/docs/curl-config.1 b/docs/curl-config.1
-index 14a9d2b..ffcc004 100644
---- a/docs/curl-config.1
-+++ b/docs/curl-config.1
-@@ -70,7 +70,9 @@ no, one or several names. If more than one name, they will appear
- comma-separated. (Added in 7.58.0)
- .IP "--static-libs"
- Shows the complete set of libs and other linker options you will need in order
--to link your application with libcurl statically. (Added in 7.17.1)
-+to link your application with libcurl statically. Note that Fedora/RHEL libcurl
+   --configure)
+-    echo @CONFIGURE_OPTIONS@
++    pkg-config libcurl --variable=configure_options | sed 's/^"//;s/"$//'
+     ;;
+ 
+   *)
+diff --git a/docs/curl-config.md b/docs/curl-config.md
+index 12ad245b79..fa0e03d273 100644
+--- a/docs/curl-config.md
++++ b/docs/curl-config.md
+@@ -87,7 +87,9 @@ no, one or several names. If more than one name, they appear comma-separated.
+ ## `--static-libs`
+ 
+ Shows the complete set of libs and other linker options you need in order to
+-link your application with libcurl statically. (Added in 7.17.1)
++link your application with libcurl statically. Note that Fedora/RHEL libcurl
 +packages do not provide any static libraries, thus cannot be linked statically.
 +(Added in 7.17.1)
- .IP "--version"
- Outputs version information about the installed libcurl.
- .IP "--vernum"
+ 
+ ## `--version`
+ 
 diff --git a/libcurl.pc.in b/libcurl.pc.in
-index 2ba9c39..f8f8b00 100644
+index c0ba5244a8..f3645e1748 100644
 --- a/libcurl.pc.in
 +++ b/libcurl.pc.in
-@@ -29,6 +29,7 @@ libdir=@libdir@
+@@ -28,6 +28,7 @@ libdir=@libdir@
  includedir=@includedir@
  supported_protocols="@SUPPORT_PROTOCOLS@"
  supported_features="@SUPPORT_FEATURES@"
@@ -87,5 +88,5 @@ index 2ba9c39..f8f8b00 100644
  Name: libcurl
  URL: https://curl.se/
 -- 
-2.26.2
+2.52.0
 

curl-7.79.1.tar.xz.asc

@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmFKyZYACgkQXMkI/bce
-EsKyewgAivvAdC3J5DBsXlR7NMWpdbVVbT87m8ONxaIflFjwrIPdaazgiX/dsiS9
-zNaPQe5k5JH0DoQipiebrg4Zi248TTqH8GXi1sAlsqBFjWroYoeKxeCkSLOsFDVj
-ahZp2UM6FZTTUAQElw92+xlHJ1eD5L5CzIc+VLeVi4PAysrB1L4tPDmOFEfS1iZl
-wLzxKHuNnuDMWaizfxt9F2yc/ct++sNNuBZ8FHv4nJRIEANY/nCpttQFGgjS8V8l
-b22q5yIQez7zsCc9o7phS+CWLYEEgrcM+Qw7bmj1ANPgNlQ/dP5FKIwreZB1s5uV
-FBq4pS30d/CfaaE0vZ27D1G6ZoLvyA==
-=oayQ
------END PGP SIGNATURE-----

curl.rpmlintrc

@@ -0,0 +1,15 @@
+# Intentional stuff we're not concerned about
+addFilter("unversioned-explicit-provides webclient")
+addFilter("package-with-huge-docs")
+addFilter("crypto-policy-non-compliance-openssl /usr/lib(64)?/libcurl.so.4")
+
+# This is just plain wrong (%_configure redefinition)
+addFilter("configure-without-libdir-spec")
+
+# Technical term
+addFilter("E: spelling-error \('kerberos',")
+
+# Artefacts of RemovePathPostfixes: .minimal
+addFilter("W: dangling-relative-symlink /usr/lib/.build-id/.* ../../../../.*curl.*\.minimal")
+#addFilter("W: dangling-relative-symlink /usr/lib.*/libcurl.so.4 libcurl.so.4.*.minimal")
+#addFilter("E: invalid-ldconfig-symlink /usr/lib.*/libcurl.so.4.* libcurl.so.4.*.minimal")

sources

@@ -1 +1,2 @@
-SHA512 (curl-7.79.1.tar.xz) = 1edb71647a7f4dbb070baf1a019b4751aefeda793ff523c504410bb5cc74e5bffc52f20dd889697d1585f9ca3c4e81b1a9caadd182c30c8358ffd25f33e4db4d
+SHA512 (curl-8.18.0.tar.xz) = 50c7a7b0528e0019697b0c59b3e56abb2578c71d77e4c085b56797276094b5611718c0a9cb2b14db7f8ab502fcf8f42a364297a3387fae3870a4d281484ba21c
+SHA512 (curl-8.18.0.tar.xz.asc) = 07e08d1bb3f8bf20b3d22f37fbc19c49c0d9ee4ea9d92da76fa8a9de343023e1b5d416ccc6535a4ff98b08b30eb9334fd856227e37564f6bcd542aa81bced152

tests/non-root-user-download/runtest.sh

@@ -31,9 +31,9 @@
 
 PACKAGE="curl"
 
-FTP_URL=ftp://ftp.fi.muni.cz/pub/linux/fedora/linux/releases/36/Everything/x86_64/iso/Fedora-Everything-36-1.5-x86_64-CHECKSUM
-HTTP_URL=https://archives.fedoraproject.org/pub/fedora/linux/releases/36/Everything/x86_64/iso/Fedora-Everything-36-1.5-x86_64-CHECKSUM
-CONTENT=85cb450443d68d513b41e57b0bd818a740279dac5dfc09c68e681ff8a3006404
+FTP_URL=ftp://ftp.fi.muni.cz/pub/linux/fedora/linux/releases/42/Everything/x86_64/iso/Fedora-Everything-42-1.1-x86_64-CHECKSUM
+HTTP_URL=https://archives.fedoraproject.org/pub/fedora/linux/releases/42/Everything/x86_64/iso/Fedora-Everything-42-1.1-x86_64-CHECKSUM
+CONTENT=1bd6ab4798983c2fe4a210f9c4ca135fed453d6142ba852c1f8d5fba22e113ab
 PASSWORD=pAssw0rd
 OPTIONS=""
 rlIsRHEL 7 && OPTIONS="--insecure"