new upstream release - 8.18.0

new upstream release - 8.18.0~rc3
new upstream release - 8.18.0~rc2
2026-01-07 11:16:40 +01:00 · 2026-01-05 09:35:50 +01:00 · 2025-12-16 14:49:18 +01:00 · 2025-12-09 08:53:40 +01:00 · 2025-12-07 11:36:05 -08:00 · 2025-12-04 10:44:25 +01:00
19 changed files with 433 additions and 2996 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,6 @@
+/curl-[0-9.]*.tar.lzma
+/curl-[0-9.]*.tar.lzma.asc
 /curl-[0-9.]*.tar.xz
 /curl-[0-9.]*.tar.xz.asc
+/curl-[0-9]*.[0-9]*.[0-9]*/
+/*.src.rpm
--- a/0001-curl-8.0.1-CVE-2023-28322.patch
+++ b/0001-curl-8.0.1-CVE-2023-28322.patch
@ -1,437 +0,0 @@
-From 074adec63f0dd7a8f0d823ee503dfb0626061505 Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Tue, 25 Apr 2023 08:28:01 +0200
-Subject: [PATCH] lib: unify the upload/method handling
-
-By making sure we set state.upload based on the set.method value and not
-independently as set.upload, we reduce confusion and mixup risks, both
-internally and externally.
-
-Closes #11017
-
-(cherry picked from commit 7815647d6582c0a4900be2e1de6c5e61272c496b)
-Signed-off-by: Jan Macku <jamacku@redhat.com>
---
- lib/curl_rtmp.c    | 4 ++--
- lib/file.c         | 4 ++--
- lib/ftp.c          | 8 ++++----
- lib/http.c         | 4 ++--
- lib/imap.c         | 6 +++---
- lib/rtsp.c         | 4 ++--
- lib/setopt.c       | 6 ++----
- lib/smb.c          | 6 +++---
- lib/smtp.c         | 4 ++--
- lib/tftp.c         | 8 ++++----
- lib/transfer.c     | 4 ++--
- lib/urldata.h      | 2 +-
- lib/vssh/libssh.c  | 6 +++---
- lib/vssh/libssh2.c | 6 +++---
- lib/vssh/wolfssh.c | 2 +-
- 15 files changed, 36 insertions(+), 38 deletions(-)
-
-diff --git a/lib/curl_rtmp.c b/lib/curl_rtmp.c
-index 2679a2cdc..406fb42ac 100644
--- a/lib/curl_rtmp.c
-+++ b/lib/curl_rtmp.c
-@@ -231,7 +231,7 @@ static CURLcode rtmp_connect(struct Curl_easy *data, bool *done)
-   /* We have to know if it's a write before we send the
-    * connect request packet
-    */
-  if(data->set.upload)
-+  if(data->state.upload)
-     r->Link.protocol |= RTMP_FEATURE_WRITE;
- 
-   /* For plain streams, use the buffer toggle trick to keep data flowing */
-@@ -263,7 +263,7 @@ static CURLcode rtmp_do(struct Curl_easy *data, bool *done)
-   if(!RTMP_ConnectStream(r, 0))
-     return CURLE_FAILED_INIT;
- 
-  if(data->set.upload) {
-+  if(data->state.upload) {
-     Curl_pgrsSetUploadSize(data, data->state.infilesize);
-     Curl_setup_transfer(data, -1, -1, FALSE, FIRSTSOCKET);
-   }
-diff --git a/lib/file.c b/lib/file.c
-index 51c5d07ce..c751e8861 100644
--- a/lib/file.c
-+++ b/lib/file.c
-@@ -240,7 +240,7 @@ static CURLcode file_connect(struct Curl_easy *data, bool *done)
-   file->freepath = real_path; /* free this when done */
- 
-   file->fd = fd;
-  if(!data->set.upload && (fd == -1)) {
-+  if(!data->state.upload && (fd == -1)) {
-     failf(data, "Couldn't open file %s", data->state.up.path);
-     file_done(data, CURLE_FILE_COULDNT_READ_FILE, FALSE);
-     return CURLE_FILE_COULDNT_READ_FILE;
-@@ -422,7 +422,7 @@ static CURLcode file_do(struct Curl_easy *data, bool *done)
- 
-   Curl_pgrsStartNow(data);
- 
-  if(data->set.upload)
-+  if(data->state.upload)
-     return file_upload(data);
- 
-   file = data->req.p.file;
-diff --git a/lib/ftp.c b/lib/ftp.c
-index caf33d214..0b6e5cd4f 100644
--- a/lib/ftp.c
-+++ b/lib/ftp.c
-@@ -1350,7 +1350,7 @@ static CURLcode ftp_state_prepare_transfer(struct Curl_easy *data)
-                                data->set.str[STRING_CUSTOMREQUEST]?
-                                data->set.str[STRING_CUSTOMREQUEST]:
-                                (data->state.list_only?"NLST":"LIST"));
-      else if(data->set.upload)
-+      else if(data->state.upload)
-         result = Curl_pp_sendf(data, &ftpc->pp, "PRET STOR %s",
-                                conn->proto.ftpc.file);
-       else
-@@ -3386,7 +3386,7 @@ static CURLcode ftp_done(struct Curl_easy *data, CURLcode status,
-     /* the response code from the transfer showed an error already so no
-        use checking further */
-     ;
-  else if(data->set.upload) {
-+  else if(data->state.upload) {
-     if((-1 != data->state.infilesize) &&
-        (data->state.infilesize != data->req.writebytecount) &&
-        !data->set.crlf &&
-@@ -3642,7 +3642,7 @@ static CURLcode ftp_do_more(struct Curl_easy *data, int *completep)
-                            connected back to us */
-       }
-     }
-    else if(data->set.upload) {
-+    else if(data->state.upload) {
-       result = ftp_nb_type(data, conn, data->state.prefer_ascii,
-                            FTP_STOR_TYPE);
-       if(result)
-@@ -4231,7 +4231,7 @@ CURLcode ftp_parse_url_path(struct Curl_easy *data)
-     ftpc->file = NULL; /* instead of point to a zero byte,
-                             we make it a NULL pointer */
- 
-  if(data->set.upload && !ftpc->file && (ftp->transfer == PPTRANSFER_BODY)) {
-+  if(data->state.upload && !ftpc->file && (ftp->transfer == PPTRANSFER_BODY)) {
-     /* We need a file name when uploading. Return error! */
-     failf(data, "Uploading to a URL without a file name");
-     free(rawPath);
-diff --git a/lib/http.c b/lib/http.c
-index faa486cc6..400d2b081 100644
--- a/lib/http.c
-+++ b/lib/http.c
-@@ -1960,7 +1960,7 @@ void Curl_http_method(struct Curl_easy *data, struct connectdata *conn,
-   Curl_HttpReq httpreq = (Curl_HttpReq)data->state.httpreq;
-   const char *request;
-   if((conn->handler->protocol&(PROTO_FAMILY_HTTP|CURLPROTO_FTP)) &&
-     data->set.upload)
-+     data->state.upload)
-     httpreq = HTTPREQ_PUT;
- 
-   /* Now set the 'request' pointer to the proper request string */
-@@ -2277,7 +2277,7 @@ CURLcode Curl_http_body(struct Curl_easy *data, struct connectdata *conn,
-     if((conn->handler->protocol & PROTO_FAMILY_HTTP) &&
-        (((httpreq == HTTPREQ_POST_MIME || httpreq == HTTPREQ_POST_FORM) &&
-          http->postsize < 0) ||
-        ((data->set.upload || httpreq == HTTPREQ_POST) &&
-+        ((data->state.upload || httpreq == HTTPREQ_POST) &&
-          data->state.infilesize == -1))) {
-       if(conn->bits.authneg)
-         /* don't enable chunked during auth neg */
-diff --git a/lib/imap.c b/lib/imap.c
-index c2f675d4b..1952e66a1 100644
--- a/lib/imap.c
-+++ b/lib/imap.c
-@@ -1511,11 +1511,11 @@ static CURLcode imap_done(struct Curl_easy *data, CURLcode status,
-     result = status;         /* use the already set error code */
-   }
-   else if(!data->set.connect_only && !imap->custom &&
-          (imap->uid || imap->mindex || data->set.upload ||
-+          (imap->uid || imap->mindex || data->state.upload ||
-           data->set.mimepost.kind != MIMEKIND_NONE)) {
-     /* Handle responses after FETCH or APPEND transfer has finished */
- 
-    if(!data->set.upload && data->set.mimepost.kind == MIMEKIND_NONE)
-+    if(!data->state.upload && data->set.mimepost.kind == MIMEKIND_NONE)
-       state(data, IMAP_FETCH_FINAL);
-     else {
-       /* End the APPEND command first by sending an empty line */
-@@ -1581,7 +1581,7 @@ static CURLcode imap_perform(struct Curl_easy *data, bool *connected,
-     selected = TRUE;
- 
-   /* Start the first command in the DO phase */
-  if(data->set.upload || data->set.mimepost.kind != MIMEKIND_NONE)
-+  if(data->state.upload || data->set.mimepost.kind != MIMEKIND_NONE)
-     /* APPEND can be executed directly */
-     result = imap_perform_append(data);
-   else if(imap->custom && (selected || !imap->mailbox))
-diff --git a/lib/rtsp.c b/lib/rtsp.c
-index aef3560a9..6df3706b5 100644
--- a/lib/rtsp.c
-+++ b/lib/rtsp.c
-@@ -495,7 +495,7 @@ static CURLcode rtsp_do(struct Curl_easy *data, bool *done)
-      rtspreq == RTSPREQ_SET_PARAMETER ||
-      rtspreq == RTSPREQ_GET_PARAMETER) {
- 
-    if(data->set.upload) {
-+    if(data->state.upload) {
-       putsize = data->state.infilesize;
-       data->state.httpreq = HTTPREQ_PUT;
- 
-@@ -514,7 +514,7 @@ static CURLcode rtsp_do(struct Curl_easy *data, bool *done)
-         result =
-           Curl_dyn_addf(&req_buffer,
-                         "Content-Length: %" CURL_FORMAT_CURL_OFF_T"\r\n",
-                        (data->set.upload ? putsize : postsize));
-+                        (data->state.upload ? putsize : postsize));
-         if(result)
-           return result;
-       }
-diff --git a/lib/setopt.c b/lib/setopt.c
-index 6bb88791c..2cbaf898a 100644
--- a/lib/setopt.c
-+++ b/lib/setopt.c
-@@ -329,8 +329,8 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
-      * We want to sent data to the remote host. If this is HTTP, that equals
-      * using the PUT request.
-      */
-    data->set.upload = (0 != va_arg(param, long)) ? TRUE : FALSE;
-    if(data->set.upload) {
-+    arg = va_arg(param, long);
-+    if(arg) {
-       /* If this is HTTP, PUT is what's needed to "upload" */
-       data->set.method = HTTPREQ_PUT;
-       data->set.opt_no_body = FALSE; /* this is implied */
-@@ -660,7 +660,6 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
-     }
-     else
-       data->set.method = HTTPREQ_GET;
-    data->set.upload = FALSE;
-     break;
- 
- #ifndef CURL_DISABLE_MIME
-@@ -884,7 +883,6 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
-      */
-     if(va_arg(param, long)) {
-       data->set.method = HTTPREQ_GET;
-      data->set.upload = FALSE; /* switch off upload */
-       data->set.opt_no_body = FALSE; /* this is implied */
-     }
-     break;
-diff --git a/lib/smb.c b/lib/smb.c
-index 076200472..2baf764fa 100644
--- a/lib/smb.c
-+++ b/lib/smb.c
-@@ -530,7 +530,7 @@ static CURLcode smb_send_open(struct Curl_easy *data)
-   byte_count = strlen(req->path);
-   msg.name_length = smb_swap16((unsigned short)byte_count);
-   msg.share_access = smb_swap32(SMB_FILE_SHARE_ALL);
-  if(data->set.upload) {
-+  if(data->state.upload) {
-     msg.access = smb_swap32(SMB_GENERIC_READ | SMB_GENERIC_WRITE);
-     msg.create_disposition = smb_swap32(SMB_FILE_OVERWRITE_IF);
-   }
-@@ -762,7 +762,7 @@ static CURLcode smb_request_state(struct Curl_easy *data, bool *done)
-   void *msg = NULL;
-   const struct smb_nt_create_response *smb_m;
- 
-  if(data->set.upload && (data->state.infilesize < 0)) {
-+  if(data->state.upload && (data->state.infilesize < 0)) {
-     failf(data, "SMB upload needs to know the size up front");
-     return CURLE_SEND_ERROR;
-   }
-@@ -813,7 +813,7 @@ static CURLcode smb_request_state(struct Curl_easy *data, bool *done)
-     smb_m = (const struct smb_nt_create_response*) msg;
-     req->fid = smb_swap16(smb_m->fid);
-     data->req.offset = 0;
-    if(data->set.upload) {
-+    if(data->state.upload) {
-       data->req.size = data->state.infilesize;
-       Curl_pgrsSetUploadSize(data, data->req.size);
-       next_state = SMB_UPLOAD;
-diff --git a/lib/smtp.c b/lib/smtp.c
-index 7a030308d..c182cace7 100644
--- a/lib/smtp.c
-+++ b/lib/smtp.c
-@@ -1419,7 +1419,7 @@ static CURLcode smtp_done(struct Curl_easy *data, CURLcode status,
-     result = status;         /* use the already set error code */
-   }
-   else if(!data->set.connect_only && data->set.mail_rcpt &&
-          (data->set.upload || data->set.mimepost.kind)) {
-+          (data->state.upload || data->set.mimepost.kind)) {
-     /* Calculate the EOB taking into account any terminating CRLF from the
-        previous line of the email or the CRLF of the DATA command when there
-        is "no mail data". RFC-5321, sect. 4.1.1.4.
-@@ -1511,7 +1511,7 @@ static CURLcode smtp_perform(struct Curl_easy *data, bool *connected,
-   smtp->eob = 2;
- 
-   /* Start the first command in the DO phase */
-  if((data->set.upload || data->set.mimepost.kind) && data->set.mail_rcpt)
-+  if((data->state.upload || data->set.mimepost.kind) && data->set.mail_rcpt)
-     /* MAIL transfer */
-     result = smtp_perform_mail(data);
-   else
-diff --git a/lib/tftp.c b/lib/tftp.c
-index 164d3c723..8ed1b887b 100644
--- a/lib/tftp.c
-+++ b/lib/tftp.c
-@@ -370,7 +370,7 @@ static CURLcode tftp_parse_option_ack(struct tftp_state_data *state,
- 
-       /* tsize should be ignored on upload: Who cares about the size of the
-          remote file? */
-      if(!data->set.upload) {
-+      if(!data->state.upload) {
-         if(!tsize) {
-           failf(data, "invalid tsize -:%s:- value in OACK packet", value);
-           return CURLE_TFTP_ILLEGAL;
-@@ -451,7 +451,7 @@ static CURLcode tftp_send_first(struct tftp_state_data *state,
-       return result;
-     }
- 
-    if(data->set.upload) {
-+    if(data->state.upload) {
-       /* If we are uploading, send an WRQ */
-       setpacketevent(&state->spacket, TFTP_EVENT_WRQ);
-       state->data->req.upload_fromhere =
-@@ -486,7 +486,7 @@ static CURLcode tftp_send_first(struct tftp_state_data *state,
-     if(!data->set.tftp_no_options) {
-       char buf[64];
-       /* add tsize option */
-      if(data->set.upload && (data->state.infilesize != -1))
-+      if(data->state.upload && (data->state.infilesize != -1))
-         msnprintf(buf, sizeof(buf), "%" CURL_FORMAT_CURL_OFF_T,
-                   data->state.infilesize);
-       else
-@@ -540,7 +540,7 @@ static CURLcode tftp_send_first(struct tftp_state_data *state,
-     break;
- 
-   case TFTP_EVENT_OACK:
-    if(data->set.upload) {
-+    if(data->state.upload) {
-       result = tftp_connect_for_tx(state, event);
-     }
-     else {
-diff --git a/lib/transfer.c b/lib/transfer.c
-index a28395233..85910455c 100644
--- a/lib/transfer.c
-+++ b/lib/transfer.c
-@@ -1294,6 +1294,7 @@ void Curl_init_CONNECT(struct Curl_easy *data)
- {
-   data->state.fread_func = data->set.fread_func_set;
-   data->state.in = data->set.in_set;
-+  data->state.upload = (data->state.httpreq == HTTPREQ_PUT);
- }
- 
- /*
-@@ -1728,7 +1729,6 @@ CURLcode Curl_follow(struct Curl_easy *data,
-          data->state.httpreq != HTTPREQ_POST_MIME) ||
-         !(data->set.keep_post & CURL_REDIR_POST_303))) {
-       data->state.httpreq = HTTPREQ_GET;
-      data->set.upload = false;
-       infof(data, "Switch to %s",
-             data->req.no_body?"HEAD":"GET");
-     }
-@@ -1766,7 +1766,7 @@ CURLcode Curl_retry_request(struct Curl_easy *data, char **url)
- 
-   /* if we're talking upload, we can't do the checks below, unless the protocol
-      is HTTP as when uploading over HTTP we will still get a response */
-  if(data->set.upload &&
-+  if(data->state.upload &&
-      !(conn->handler->protocol&(PROTO_FAMILY_HTTP|CURLPROTO_RTSP)))
-     return CURLE_OK;
- 
-diff --git a/lib/urldata.h b/lib/urldata.h
-index 8b54518d2..f3e782ad3 100644
--- a/lib/urldata.h
-+++ b/lib/urldata.h
-@@ -1446,6 +1446,7 @@ struct UrlState {
-   BIT(rewindbeforesend);/* TRUE when the sending couldn't be stopped even
-                            though it will be discarded. We must call the data
-                            rewind callback before trying to send again. */
-+  BIT(upload);         /* upload request */
- };
- 
- /*
-@@ -1822,7 +1823,6 @@ struct UserDefined {
-   BIT(http_auto_referer); /* set "correct" referer when following
-                              location: */
-   BIT(opt_no_body);    /* as set with CURLOPT_NOBODY */
-  BIT(upload);         /* upload request */
-   BIT(verbose);        /* output verbosity */
-   BIT(krb);            /* Kerberos connection requested */
-   BIT(reuse_forbid);   /* forbidden to be reused, close after use */
-diff --git a/lib/vssh/libssh.c b/lib/vssh/libssh.c
-index b31f741ba..d60edaa30 100644
--- a/lib/vssh/libssh.c
-+++ b/lib/vssh/libssh.c
-@@ -1209,7 +1209,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block)
-     }
- 
-     case SSH_SFTP_TRANS_INIT:
-      if(data->set.upload)
-+      if(data->state.upload)
-         state(data, SSH_SFTP_UPLOAD_INIT);
-       else {
-         if(protop->path[strlen(protop->path)-1] == '/')
-@@ -1802,7 +1802,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block)
-       /* Functions from the SCP subsystem cannot handle/return SSH_AGAIN */
-       ssh_set_blocking(sshc->ssh_session, 1);
- 
-      if(data->set.upload) {
-+      if(data->state.upload) {
-         if(data->state.infilesize < 0) {
-           failf(data, "SCP requires a known file size for upload");
-           sshc->actualcode = CURLE_UPLOAD_FAILED;
-@@ -1907,7 +1907,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block)
-         break;
-       }
-     case SSH_SCP_DONE:
-      if(data->set.upload)
-+      if(data->state.upload)
-         state(data, SSH_SCP_SEND_EOF);
-       else
-         state(data, SSH_SCP_CHANNEL_FREE);
-diff --git a/lib/vssh/libssh2.c b/lib/vssh/libssh2.c
-index f1154dc47..f2e5352d1 100644
--- a/lib/vssh/libssh2.c
-+++ b/lib/vssh/libssh2.c
-@@ -2019,7 +2019,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block)
-     }
- 
-     case SSH_SFTP_TRANS_INIT:
-      if(data->set.upload)
-+      if(data->state.upload)
-         state(data, SSH_SFTP_UPLOAD_INIT);
-       else {
-         if(sshp->path[strlen(sshp->path)-1] == '/')
-@@ -2691,7 +2691,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block)
-         break;
-       }
- 
-      if(data->set.upload) {
-+      if(data->state.upload) {
-         if(data->state.infilesize < 0) {
-           failf(data, "SCP requires a known file size for upload");
-           sshc->actualcode = CURLE_UPLOAD_FAILED;
-@@ -2831,7 +2831,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block)
-     break;
- 
-     case SSH_SCP_DONE:
-      if(data->set.upload)
-+      if(data->state.upload)
-         state(data, SSH_SCP_SEND_EOF);
-       else
-         state(data, SSH_SCP_CHANNEL_FREE);
-diff --git a/lib/vssh/wolfssh.c b/lib/vssh/wolfssh.c
-index 17d59ecd2..2ca91b736 100644
--- a/lib/vssh/wolfssh.c
-+++ b/lib/vssh/wolfssh.c
-@@ -557,7 +557,7 @@ static CURLcode wssh_statemach_act(struct Curl_easy *data, bool *block)
-       }
-       break;
-     case SSH_SFTP_TRANS_INIT:
-      if(data->set.upload)
-+      if(data->state.upload)
-         state(data, SSH_SFTP_UPLOAD_INIT);
-       else {
-         if(sftp_scp->path[strlen(sftp_scp->path)-1] == '/')
-- 
-2.40.1
-
--- a/0002-curl-8.0.1-CVE-2023-28321.patch
+++ b/0002-curl-8.0.1-CVE-2023-28321.patch
@ -1,498 +0,0 @@
-From 9cfc8e3107920116ac31ab1fbf6439d38ab2f30e Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Mon, 24 Apr 2023 21:07:02 +0200
-Subject: [PATCH] hostcheck: fix host name wildcard checking
-
-The leftmost "label" of the host name can now only match against single
-'*'. Like the browsers have worked for a long time.
-
- extended unit test 1397 for this
- move some SOURCE variables from unit/Makefile.am to unit/Makefile.inc
-
-Reported-by: Hiroki Kurosawa
-Closes #11018
-
-(cherry picked from commit 199f2d440d8659b42670c1b796220792b01a97bf)
-Signed-off-by: Jan Macku <jamacku@redhat.com>
---
- lib/vtls/hostcheck.c    |  50 +++++++--------
- tests/data/test1397     |  10 ++-
- tests/unit/Makefile.am  |  88 --------------------------
- tests/unit/Makefile.inc |  94 ++++++++++++++++++++++++++++
- tests/unit/unit1397.c   | 134 ++++++++++++++++++++++++----------------
- 5 files changed, 202 insertions(+), 174 deletions(-)
-
-diff --git a/lib/vtls/hostcheck.c b/lib/vtls/hostcheck.c
-index e827dc58f..d061c6356 100644
--- a/lib/vtls/hostcheck.c
-+++ b/lib/vtls/hostcheck.c
-@@ -71,7 +71,12 @@ static bool pmatch(const char *hostname, size_t hostlen,
-  * apparent distinction between a name and an IP. We need to detect the use of
-  * an IP address and not wildcard match on such names.
-  *
-+ * Only match on "*" being used for the leftmost label, not "a*", "a*b" nor
-+ * "*b".
-+ *
-  * Return TRUE on a match. FALSE if not.
-+ *
-+ * @unittest: 1397
-  */
- 
- static bool hostmatch(const char *hostname,
-@@ -79,53 +84,42 @@ static bool hostmatch(const char *hostname,
-                       const char *pattern,
-                       size_t patternlen)
- {
-  const char *pattern_label_end, *wildcard, *hostname_label_end;
-  size_t prefixlen, suffixlen;
-+  const char *pattern_label_end;
- 
-  /* normalize pattern and hostname by stripping off trailing dots */
-+  DEBUGASSERT(pattern);
-   DEBUGASSERT(patternlen);
-+  DEBUGASSERT(hostname);
-+  DEBUGASSERT(hostlen);
-+
-+  /* normalize pattern and hostname by stripping off trailing dots */
-   if(hostname[hostlen-1]=='.')
-     hostlen--;
-   if(pattern[patternlen-1]=='.')
-     patternlen--;
- 
-  wildcard = memchr(pattern, '*', patternlen);
-  if(!wildcard)
-+  if(strncmp(pattern, "*.", 2))
-     return pmatch(hostname, hostlen, pattern, patternlen);
- 
-   /* detect IP address as hostname and fail the match if so */
-  if(Curl_host_is_ipnum(hostname))
-+  else if(Curl_host_is_ipnum(hostname))
-     return FALSE;
- 
-   /* We require at least 2 dots in the pattern to avoid too wide wildcard
-      match. */
-   pattern_label_end = memchr(pattern, '.', patternlen);
-   if(!pattern_label_end ||
-     (memrchr(pattern, '.', patternlen) == pattern_label_end) ||
-     strncasecompare(pattern, "xn--", 4))
-+     (memrchr(pattern, '.', patternlen) == pattern_label_end))
-     return pmatch(hostname, hostlen, pattern, patternlen);
-
-  hostname_label_end = memchr(hostname, '.', hostlen);
-  if(!hostname_label_end)
-    return FALSE;
-   else {
-    size_t skiphost = hostname_label_end - hostname;
-    size_t skiplen = pattern_label_end - pattern;
-    if(!pmatch(hostname_label_end, hostlen - skiphost,
-               pattern_label_end, patternlen - skiplen))
-      return FALSE;
-+    const char *hostname_label_end = memchr(hostname, '.', hostlen);
-+    if(hostname_label_end) {
-+      size_t skiphost = hostname_label_end - hostname;
-+      size_t skiplen = pattern_label_end - pattern;
-+      return pmatch(hostname_label_end, hostlen - skiphost,
-+                    pattern_label_end, patternlen - skiplen);
-+    }
-   }
-  /* The wildcard must match at least one character, so the left-most
-     label of the hostname is at least as large as the left-most label
-     of the pattern. */
-  if(hostname_label_end - hostname < pattern_label_end - pattern)
-    return FALSE;
-
-  prefixlen = wildcard - pattern;
-  suffixlen = pattern_label_end - (wildcard + 1);
-  return strncasecompare(pattern, hostname, prefixlen) &&
-    strncasecompare(wildcard + 1, hostname_label_end - suffixlen,
-                    suffixlen) ? TRUE : FALSE;
-+  return FALSE;
- }
- 
- /*
-diff --git a/tests/data/test1397 b/tests/data/test1397
-index 84f962abe..f31b2c2a3 100644
--- a/tests/data/test1397
-+++ b/tests/data/test1397
-@@ -2,8 +2,7 @@
- <info>
- <keywords>
- unittest
-ssl
-wildcard
-+Curl_cert_hostcheck
- </keywords>
- </info>
- 
-@@ -16,9 +15,8 @@ none
- <features>
- unittest
- </features>
- <name>
-Check wildcard certificate matching function Curl_cert_hostcheck
- </name>
-+<name>
-+Curl_cert_hostcheck unit tests
-+</name>
- </client>
-
- </testcase>
-diff --git a/tests/unit/Makefile.am b/tests/unit/Makefile.am
-index 4f64ff596..e7a6aa452 100644
--- a/tests/unit/Makefile.am
-+++ b/tests/unit/Makefile.am
-@@ -67,91 +67,3 @@ noinst_PROGRAMS = $(UNITPROGS)
- else
- noinst_PROGRAMS =
- endif
-
-unit1300_SOURCES = unit1300.c $(UNITFILES)
-
-unit1302_SOURCES = unit1302.c $(UNITFILES)
-
-unit1303_SOURCES = unit1303.c $(UNITFILES)
-
-unit1304_SOURCES = unit1304.c $(UNITFILES)
-
-unit1305_SOURCES = unit1305.c $(UNITFILES)
-
-unit1307_SOURCES = unit1307.c $(UNITFILES)
-
-unit1308_SOURCES = unit1308.c $(UNITFILES)
-
-unit1309_SOURCES = unit1309.c $(UNITFILES)
-
-unit1323_SOURCES = unit1323.c $(UNITFILES)
-
-unit1330_SOURCES = unit1330.c $(UNITFILES)
-
-unit1394_SOURCES = unit1394.c $(UNITFILES)
-unit1394_LDADD = $(top_builddir)/lib/libcurl.la @LIBCURL_LIBS@
-unit1394_LDFLAGS = $(top_builddir)/src/libcurltool.la
-unit1394_LIBS =
-
-unit1395_SOURCES = unit1395.c $(UNITFILES)
-
-unit1396_SOURCES = unit1396.c $(UNITFILES)
-
-unit1397_SOURCES = unit1397.c $(UNITFILES)
-
-unit1398_SOURCES = unit1398.c $(UNITFILES)
-
-unit1399_SOURCES = unit1399.c $(UNITFILES)
-
-unit1600_SOURCES = unit1600.c $(UNITFILES)
-
-unit1601_SOURCES = unit1601.c $(UNITFILES)
-
-unit1602_SOURCES = unit1602.c $(UNITFILES)
-
-unit1603_SOURCES = unit1603.c $(UNITFILES)
-
-unit1604_SOURCES = unit1604.c $(UNITFILES)
-
-unit1605_SOURCES = unit1605.c $(UNITFILES)
-
-unit1606_SOURCES = unit1606.c $(UNITFILES)
-
-unit1607_SOURCES = unit1607.c $(UNITFILES)
-
-unit1608_SOURCES = unit1608.c $(UNITFILES)
-
-unit1609_SOURCES = unit1609.c $(UNITFILES)
-
-unit1610_SOURCES = unit1610.c $(UNITFILES)
-
-unit1611_SOURCES = unit1611.c $(UNITFILES)
-
-unit1612_SOURCES = unit1612.c $(UNITFILES)
-
-unit1614_SOURCES = unit1614.c $(UNITFILES)
-
-unit1620_SOURCES = unit1620.c $(UNITFILES)
-
-unit1621_SOURCES = unit1621.c $(UNITFILES)
-unit1621_LDADD = $(top_builddir)/src/libcurltool.la $(top_builddir)/lib/libcurl.la @NSS_LIBS@
-
-unit1650_SOURCES = unit1650.c $(UNITFILES)
-
-unit1651_SOURCES = unit1651.c $(UNITFILES)
-
-unit1652_SOURCES = unit1652.c $(UNITFILES)
-
-unit1653_SOURCES = unit1653.c $(UNITFILES)
-
-unit1654_SOURCES = unit1654.c $(UNITFILES)
-
-unit1655_SOURCES = unit1655.c $(UNITFILES)
-
-unit1660_SOURCES = unit1660.c $(UNITFILES)
-
-unit1661_SOURCES = unit1661.c $(UNITFILES)
-
-unit2600_SOURCES = unit2600.c $(UNITFILES)
-
-unit3200_SOURCES = unit3200.c $(UNITFILES)
-diff --git a/tests/unit/Makefile.inc b/tests/unit/Makefile.inc
-index 4ab15b5db..20a9963d1 100644
--- a/tests/unit/Makefile.inc
-+++ b/tests/unit/Makefile.inc
-@@ -40,3 +40,97 @@ UNITPROGS = unit1300          unit1302 unit1303 unit1304 unit1305 unit1307 \
-  unit1660 unit1661 \
-  unit2600 \
-  unit3200
-+
-+unit1300_SOURCES = unit1300.c $(UNITFILES)
-+
-+unit1302_SOURCES = unit1302.c $(UNITFILES)
-+
-+unit1303_SOURCES = unit1303.c $(UNITFILES)
-+
-+unit1304_SOURCES = unit1304.c $(UNITFILES)
-+
-+unit1305_SOURCES = unit1305.c $(UNITFILES)
-+
-+unit1307_SOURCES = unit1307.c $(UNITFILES)
-+
-+unit1308_SOURCES = unit1308.c $(UNITFILES)
-+
-+unit1309_SOURCES = unit1309.c $(UNITFILES)
-+
-+unit1323_SOURCES = unit1323.c $(UNITFILES)
-+
-+unit1330_SOURCES = unit1330.c $(UNITFILES)
-+
-+unit1394_SOURCES = unit1394.c $(UNITFILES)
-+unit1394_LDADD = $(top_builddir)/lib/libcurl.la @LIBCURL_LIBS@
-+unit1394_LDFLAGS = $(top_builddir)/src/libcurltool.la
-+unit1394_LIBS =
-+
-+unit1395_SOURCES = unit1395.c $(UNITFILES)
-+
-+unit1396_SOURCES = unit1396.c $(UNITFILES)
-+
-+unit1397_SOURCES = unit1397.c $(UNITFILES)
-+
-+unit1398_SOURCES = unit1398.c $(UNITFILES)
-+
-+unit1399_SOURCES = unit1399.c $(UNITFILES)
-+
-+unit1600_SOURCES = unit1600.c $(UNITFILES)
-+
-+unit1601_SOURCES = unit1601.c $(UNITFILES)
-+
-+unit1602_SOURCES = unit1602.c $(UNITFILES)
-+
-+unit1603_SOURCES = unit1603.c $(UNITFILES)
-+
-+unit1604_SOURCES = unit1604.c $(UNITFILES)
-+
-+unit1605_SOURCES = unit1605.c $(UNITFILES)
-+
-+unit1606_SOURCES = unit1606.c $(UNITFILES)
-+
-+unit1607_SOURCES = unit1607.c $(UNITFILES)
-+
-+unit1608_SOURCES = unit1608.c $(UNITFILES)
-+
-+unit1609_SOURCES = unit1609.c $(UNITFILES)
-+
-+unit1610_SOURCES = unit1610.c $(UNITFILES)
-+
-+unit1611_SOURCES = unit1611.c $(UNITFILES)
-+
-+unit1612_SOURCES = unit1612.c $(UNITFILES)
-+
-+unit1614_SOURCES = unit1614.c $(UNITFILES)
-+
-+unit1620_SOURCES = unit1620.c $(UNITFILES)
-+
-+unit1621_SOURCES = unit1621.c $(UNITFILES)
-+unit1621_LDADD = $(top_builddir)/src/libcurltool.la $(top_builddir)/lib/libcurl.la @NSS_LIBS@
-+
-+unit1650_SOURCES = unit1650.c $(UNITFILES)
-+
-+unit1651_SOURCES = unit1651.c $(UNITFILES)
-+
-+unit1652_SOURCES = unit1652.c $(UNITFILES)
-+
-+unit1653_SOURCES = unit1653.c $(UNITFILES)
-+
-+unit1654_SOURCES = unit1654.c $(UNITFILES)
-+
-+unit1655_SOURCES = unit1655.c $(UNITFILES)
-+
-+unit1660_SOURCES = unit1660.c $(UNITFILES)
-+
-+unit1661_SOURCES = unit1661.c $(UNITFILES)
-+
-+unit2600_SOURCES = unit2600.c $(UNITFILES)
-+
-+unit2601_SOURCES = unit2601.c $(UNITFILES)
-+
-+unit2602_SOURCES = unit2602.c $(UNITFILES)
-+
-+unit2603_SOURCES = unit2603.c $(UNITFILES)
-+
-+unit3200_SOURCES = unit3200.c $(UNITFILES)
-diff --git a/tests/unit/unit1397.c b/tests/unit/unit1397.c
-index 2f3d3aa4d..3ae75618d 100644
--- a/tests/unit/unit1397.c
-+++ b/tests/unit/unit1397.c
-@@ -23,7 +23,6 @@
-  ***************************************************************************/
- #include "curlcheck.h"
- 
-#include "vtls/hostcheck.h" /* from the lib dir */
- 
- static CURLcode unit_setup(void)
- {
-@@ -32,63 +31,94 @@ static CURLcode unit_setup(void)
- 
- static void unit_stop(void)
- {
-  /* done before shutting down and exiting */
- }
- 
-UNITTEST_START
-
- /* only these backends define the tested functions */
-#if defined(USE_OPENSSL) || defined(USE_GSKIT)
-
-  /* here you start doing things and checking that the results are good */
-+#if defined(USE_OPENSSL) || defined(USE_GSKIT) || defined(USE_SCHANNEL)
-+#include "vtls/hostcheck.h"
-+struct testcase {
-+  const char *host;
-+  const char *pattern;
-+  bool match;
-+};
- 
-fail_unless(Curl_cert_hostcheck(STRCONST("www.example.com"),
-                                STRCONST("www.example.com")), "good 1");
-fail_unless(Curl_cert_hostcheck(STRCONST("*.example.com"),
-                                STRCONST("www.example.com")),
-            "good 2");
-fail_unless(Curl_cert_hostcheck(STRCONST("xxx*.example.com"),
-                                STRCONST("xxxwww.example.com")), "good 3");
-fail_unless(Curl_cert_hostcheck(STRCONST("f*.example.com"),
-                                STRCONST("foo.example.com")), "good 4");
-fail_unless(Curl_cert_hostcheck(STRCONST("192.168.0.0"),
-                                STRCONST("192.168.0.0")), "good 5");
-+static struct testcase tests[] = {
-+  {"", "", FALSE},
-+  {"a", "", FALSE},
-+  {"", "b", FALSE},
-+  {"a", "b", FALSE},
-+  {"aa", "bb", FALSE},
-+  {"\xff", "\xff", TRUE},
-+  {"aa.aa.aa", "aa.aa.bb", FALSE},
-+  {"aa.aa.aa", "aa.aa.aa", TRUE},
-+  {"aa.aa.aa", "*.aa.bb", FALSE},
-+  {"aa.aa.aa", "*.aa.aa", TRUE},
-+  {"192.168.0.1", "192.168.0.1", TRUE},
-+  {"192.168.0.1", "*.168.0.1", FALSE},
-+  {"192.168.0.1", "*.0.1", FALSE},
-+  {"h.ello", "*.ello", FALSE},
-+  {"h.ello.", "*.ello", FALSE},
-+  {"h.ello", "*.ello.", FALSE},
-+  {"h.e.llo", "*.e.llo", TRUE},
-+  {"h.e.llo", " *.e.llo", FALSE},
-+  {" h.e.llo", "*.e.llo", TRUE},
-+  {"h.e.llo.", "*.e.llo", TRUE},
-+  {"*.e.llo.", "*.e.llo", TRUE},
-+  {"************.e.llo.", "*.e.llo", TRUE},
-+  {"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
-+   "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB"
-+   "CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC"
-+   "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD"
-+   "EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE"
-+   ".e.llo.", "*.e.llo", TRUE},
-+  {"\xfe\xfe.e.llo.", "*.e.llo", TRUE},
-+  {"h.e.llo.", "*.e.llo.", TRUE},
-+  {"h.e.llo", "*.e.llo.", TRUE},
-+  {".h.e.llo", "*.e.llo.", FALSE},
-+  {"h.e.llo", "*.*.llo.", FALSE},
-+  {"h.e.llo", "h.*.llo", FALSE},
-+  {"h.e.llo", "h.e.*", FALSE},
-+  {"hello", "*.ello", FALSE},
-+  {"hello", "**llo", FALSE},
-+  {"bar.foo.example.com", "*.example.com", FALSE},
-+  {"foo.example.com", "*.example.com", TRUE},
-+  {"baz.example.net", "b*z.example.net", FALSE},
-+  {"foobaz.example.net", "*baz.example.net", FALSE},
-+  {"xn--l8j.example.local", "x*.example.local", FALSE},
-+  {"xn--l8j.example.net", "*.example.net", TRUE},
-+  {"xn--l8j.example.net", "*j.example.net", FALSE},
-+  {"xn--l8j.example.net", "xn--l8j.example.net", TRUE},
-+  {"xn--l8j.example.net", "xn--l8j.*.net", FALSE},
-+  {"xl8j.example.net", "*.example.net", TRUE},
-+  {"fe80::3285:a9ff:fe46:b619", "*::3285:a9ff:fe46:b619", FALSE},
-+  {"fe80::3285:a9ff:fe46:b619", "fe80::3285:a9ff:fe46:b619", TRUE},
-+  {NULL, NULL, FALSE}
-+};
- 
-fail_if(Curl_cert_hostcheck(STRCONST("xxx.example.com"),
-                            STRCONST("www.example.com")), "bad 1");
-fail_if(Curl_cert_hostcheck(STRCONST("*"),
-                            STRCONST("www.example.com")),"bad 2");
-fail_if(Curl_cert_hostcheck(STRCONST("*.*.com"),
-                            STRCONST("www.example.com")), "bad 3");
-fail_if(Curl_cert_hostcheck(STRCONST("*.example.com"),
-                            STRCONST("baa.foo.example.com")), "bad 4");
-fail_if(Curl_cert_hostcheck(STRCONST("f*.example.com"),
-                            STRCONST("baa.example.com")), "bad 5");
-fail_if(Curl_cert_hostcheck(STRCONST("*.com"),
-                            STRCONST("example.com")), "bad 6");
-fail_if(Curl_cert_hostcheck(STRCONST("*fail.com"),
-                            STRCONST("example.com")), "bad 7");
-fail_if(Curl_cert_hostcheck(STRCONST("*.example."),
-                            STRCONST("www.example.")), "bad 8");
-fail_if(Curl_cert_hostcheck(STRCONST("*.example."),
-                            STRCONST("www.example")), "bad 9");
-fail_if(Curl_cert_hostcheck(STRCONST(""), STRCONST("www")), "bad 10");
-fail_if(Curl_cert_hostcheck(STRCONST("*"), STRCONST("www")), "bad 11");
-fail_if(Curl_cert_hostcheck(STRCONST("*.168.0.0"),
-                            STRCONST("192.168.0.0")), "bad 12");
-fail_if(Curl_cert_hostcheck(STRCONST("www.example.com"),
-                            STRCONST("192.168.0.0")), "bad 13");
-
-#ifdef ENABLE_IPV6
-fail_if(Curl_cert_hostcheck(STRCONST("*::3285:a9ff:fe46:b619"),
-                            STRCONST("fe80::3285:a9ff:fe46:b619")), "bad 14");
-fail_unless(Curl_cert_hostcheck(STRCONST("fe80::3285:a9ff:fe46:b619"),
-                                STRCONST("fe80::3285:a9ff:fe46:b619")),
-            "good 6");
-#endif
-+UNITTEST_START
-+{
-+  int i;
-+  for(i = 0; tests[i].host; i++) {
-+    if(tests[i].match != Curl_cert_hostcheck(tests[i].pattern,
-+                                             strlen(tests[i].pattern),
-+                                             tests[i].host,
-+                                             strlen(tests[i].host))) {
-+      fprintf(stderr,
-+              "HOST: %s\n"
-+              "PTRN: %s\n"
-+              "did %sMATCH\n",
-+              tests[i].host,
-+              tests[i].pattern,
-+              tests[i].match ? "NOT ": "");
-+      unitfail++;
-+    }
-+  }
-+}
- 
-#endif
-+UNITTEST_STOP
-+#else
- 
-  /* you end the test code like this: */
-+UNITTEST_START
- 
- UNITTEST_STOP
-+#endif
-- 
-2.40.1
-
--- a/0003-curl-8.0.1-CVE-2023-32001.patch
+++ b/0003-curl-8.0.1-CVE-2023-32001.patch
@ -1,40 +0,0 @@
-From 98474a7848e20716935f471f4e48610b00fe9dc0 Mon Sep 17 00:00:00 2001
-From: SaltyMilk <soufiane.elmelcaoui@gmail.com>
-Date: Mon, 10 Jul 2023 21:43:28 +0200
-Subject: [PATCH] fopen: optimize
-
-Closes #11419
-
-(cherry picked from commit 0c667188e0c6cda615a036b8a2b4125f2c404dde)
-Signed-off-by: Jan Macku <jamacku@redhat.com>
---
- lib/fopen.c | 12 ++++++------
- 1 file changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/lib/fopen.c b/lib/fopen.c
-index f710dbf05..8c728f2a8 100644
--- a/lib/fopen.c
-+++ b/lib/fopen.c
-@@ -56,13 +56,13 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char *filename,
-   int fd = -1;
-   *tempname = NULL;
- 
-  if(stat(filename, &sb) == -1 || !S_ISREG(sb.st_mode)) {
-    /* a non-regular file, fallback to direct fopen() */
-    *fh = fopen(filename, FOPEN_WRITETEXT);
-    if(*fh)
-      return CURLE_OK;
-+  *fh = fopen(filename, FOPEN_WRITETEXT);
-+  if(!*fh)
-     goto fail;
-  }
-+  if(fstat(fileno(*fh), &sb) == -1 || !S_ISREG(sb.st_mode))
-+    return CURLE_OK;
-+  fclose(*fh);
-+  *fh = NULL;
- 
-   result = Curl_rand_hex(data, randsuffix, sizeof(randsuffix));
-   if(result)
-- 
-2.41.0
-
--- a/0004-curl-8.0.1-CVE-2023-38039.patch
+++ b/0004-curl-8.0.1-CVE-2023-38039.patch
@ -1,201 +0,0 @@
-From fe13e206a80cee9ffa686ead170980dbdb2cf9e1 Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Wed, 2 Aug 2023 23:34:48 +0200
-Subject: [PATCH] http: return error when receiving too large header set
-
-To avoid abuse. The limit is set to 300 KB for the accumulated size of
-all received HTTP headers for a single response. Incomplete research
-suggests that Chrome uses a 256-300 KB limit, while Firefox allows up to
-1MB.
-
-Closes #11582
-
-(cherry picked from commit 3ee79c1674fd6f99e8efca52cd7510e08b766770)
-Signed-off-by: Jan Macku <jamacku@redhat.com>
---
- lib/c-hyper.c  | 12 +++++++-----
- lib/http.c     | 34 ++++++++++++++++++++++++++++++----
- lib/http.h     |  9 +++++++++
- lib/pingpong.c |  4 +++-
- lib/urldata.h  | 17 ++++++++---------
- 5 files changed, 57 insertions(+), 19 deletions(-)
-
-diff --git a/lib/c-hyper.c b/lib/c-hyper.c
-index 9c7632d35..28f64ef97 100644
--- a/lib/c-hyper.c
-+++ b/lib/c-hyper.c
-@@ -174,8 +174,11 @@ static int hyper_each_header(void *userdata,
-     }
-   }
- 
-  data->info.header_size += (curl_off_t)len;
-  data->req.headerbytecount += (curl_off_t)len;
-+  result = Curl_bump_headersize(data, len, FALSE);
-+  if(result) {
-+    data->state.hresult = result;
-+    return HYPER_ITER_BREAK;
-+  }
-   return HYPER_ITER_CONTINUE;
- }
- 
-@@ -305,9 +308,8 @@ static CURLcode status_line(struct Curl_easy *data,
-     if(result)
-       return result;
-   }
-  data->info.header_size += (curl_off_t)len;
-  data->req.headerbytecount += (curl_off_t)len;
-  return CURLE_OK;
-+  result = Curl_bump_headersize(data, len, FALSE);
-+  return result;
- }
- 
- /*
-diff --git a/lib/http.c b/lib/http.c
-index 400d2b081..d8c3e1eda 100644
--- a/lib/http.c
-+++ b/lib/http.c
-@@ -3760,6 +3760,29 @@ static CURLcode verify_header(struct Curl_easy *data)
-   return CURLE_OK;
- }
- 
-+CURLcode Curl_bump_headersize(struct Curl_easy *data,
-+                              size_t delta,
-+                              bool connect_only)
-+{
-+  size_t bad = 0;
-+  if(delta < MAX_HTTP_RESP_HEADER_SIZE) {
-+    if(!connect_only)
-+      data->req.headerbytecount += (unsigned int)delta;
-+    data->info.header_size += (unsigned int)delta;
-+    if(data->info.header_size > MAX_HTTP_RESP_HEADER_SIZE)
-+      bad = data->info.header_size;
-+  }
-+  else
-+    bad = data->info.header_size + delta;
-+  if(bad) {
-+    failf(data, "Too large response headers: %zu > %zu",
-+          bad, MAX_HTTP_RESP_HEADER_SIZE);
-+    return CURLE_RECV_ERROR;
-+  }
-+  return CURLE_OK;
-+}
-+
-+
- /*
-  * Read any HTTP header lines from the server and pass them to the client app.
-  */
-@@ -4007,8 +4030,9 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data,
-       if(result)
-         return result;
- 
-      data->info.header_size += (long)headerlen;
-      data->req.headerbytecount += (long)headerlen;
-+      result = Curl_bump_headersize(data, headerlen, FALSE);
-+      if(result)
-+        return result;
- 
-       /*
-        * When all the headers have been parsed, see if we should give
-@@ -4330,8 +4354,10 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data,
-     if(result)
-       return result;
- 
-    data->info.header_size += Curl_dyn_len(&data->state.headerb);
-    data->req.headerbytecount += Curl_dyn_len(&data->state.headerb);
-+    result = Curl_bump_headersize(data, Curl_dyn_len(&data->state.headerb),
-+                                  FALSE);
-+    if(result)
-+      return result;
- 
-     Curl_dyn_reset(&data->state.headerb);
-   }
-diff --git a/lib/http.h b/lib/http.h
-index 444abc0be..b29f3b84f 100644
--- a/lib/http.h
-+++ b/lib/http.h
-@@ -61,6 +61,10 @@ extern const struct Curl_handler Curl_handler_wss;
- #endif /* websockets */
- 
- 
-+CURLcode Curl_bump_headersize(struct Curl_easy *data,
-+                              size_t delta,
-+                              bool connect_only);
-+
- /* Header specific functions */
- bool Curl_compareheader(const char *headerline,  /* line to check */
-                         const char *header,   /* header keyword _with_ colon */
-@@ -176,6 +180,11 @@ CURLcode Curl_http_auth_act(struct Curl_easy *data);
- #define EXPECT_100_THRESHOLD (1024*1024)
- #endif
- 
-+/* MAX_HTTP_RESP_HEADER_SIZE is the maximum size of all response headers
-+   combined that libcurl allows for a single HTTP response, any HTTP
-+   version. This count includes CONNECT response headers. */
-+#define MAX_HTTP_RESP_HEADER_SIZE (300*1024)
-+
- #endif /* CURL_DISABLE_HTTP */
- 
- #ifdef USE_NGHTTP3
-diff --git a/lib/pingpong.c b/lib/pingpong.c
-index 2f4aa1c34..189a0b68e 100644
--- a/lib/pingpong.c
-+++ b/lib/pingpong.c
-@@ -341,7 +341,9 @@ CURLcode Curl_pp_readresp(struct Curl_easy *data,
-       ssize_t clipamount = 0;
-       bool restart = FALSE;
- 
-      data->req.headerbytecount += (long)gotbytes;
-+      result = Curl_bump_headersize(data, gotbytes, FALSE);
-+      if(result)
-+        return result;
- 
-       pp->nread_resp += gotbytes;
-       for(i = 0; i < gotbytes; ptr++, i++) {
-diff --git a/lib/urldata.h b/lib/urldata.h
-index f3e782ad3..390c611e2 100644
--- a/lib/urldata.h
-+++ b/lib/urldata.h
-@@ -619,17 +619,16 @@ struct SingleRequest {
-   curl_off_t bytecount;         /* total number of bytes read */
-   curl_off_t writebytecount;    /* number of bytes written */
- 
-  curl_off_t headerbytecount;   /* only count received headers */
-  curl_off_t deductheadercount; /* this amount of bytes doesn't count when we
-                                   check if anything has been transferred at
-                                   the end of a connection. We use this
-                                   counter to make only a 100 reply (without a
-                                   following second response code) result in a
-                                   CURLE_GOT_NOTHING error code */
-
-   curl_off_t pendingheader;      /* this many bytes left to send is actually
-                                     header and not body */
-   struct curltime start;         /* transfer started at this time */
-+  unsigned int headerbytecount;  /* only count received headers */
-+  unsigned int deductheadercount; /* this amount of bytes doesn't count when
-+                                     we check if anything has been transferred
-+                                     at the end of a connection. We use this
-+                                     counter to make only a 100 reply (without
-+                                     a following second response code) result
-+                                     in a CURLE_GOT_NOTHING error code */
-   enum {
-     HEADER_NORMAL,              /* no bad header at all */
-     HEADER_PARTHEADER,          /* part of the chunk is a bad header, the rest
-@@ -1076,7 +1075,6 @@ struct PureInfo {
-   int httpversion; /* the http version number X.Y = X*10+Y */
-   time_t filetime; /* If requested, this is might get set. Set to -1 if the
-                       time was unretrievable. */
-  curl_off_t header_size;  /* size of read header(s) in bytes */
-   curl_off_t request_size; /* the amount of bytes sent in the request(s) */
-   unsigned long proxyauthavail; /* what proxy auth types were announced */
-   unsigned long httpauthavail;  /* what host auth types were announced */
-@@ -1084,6 +1082,7 @@ struct PureInfo {
-   char *contenttype; /* the content type of the object */
-   char *wouldredirect; /* URL this would've been redirected to if asked to */
-   curl_off_t retry_after; /* info from Retry-After: header */
-+  unsigned int header_size;  /* size of read header(s) in bytes */
- 
-   /* PureInfo members 'conn_primary_ip', 'conn_primary_port', 'conn_local_ip'
-      and, 'conn_local_port' are copied over from the connectdata struct in
-- 
-2.41.0
-
--- a/0005-curl-8.0.1-CVE-2023-38545.patch
+++ b/0005-curl-8.0.1-CVE-2023-38545.patch
@ -1,135 +0,0 @@
-From fa4aed65588db8e7c7e3d98f6c5bcf394f3a515d Mon Sep 17 00:00:00 2001
-From: Jay Satiro <raysatiro@yahoo.com>
-Date: Wed, 11 Oct 2023 07:34:19 +0200
-Subject: [PATCH 1/2] socks: return error if hostname too long for remote
- resolve
-
-Prior to this change the state machine attempted to change the remote
-resolve to a local resolve if the hostname was longer than 255
-characters. Unfortunately that did not work as intended and caused a
-security issue.
-
-Bug: https://curl.se/docs/CVE-2023-38545.html
-
-(cherry picked from commit fb4415d8aee6c1045be932a34fe6107c2f5ed147)
-
-Signed-off-by: Jan Macku <jamacku@redhat.com>
---
- lib/socks.c             |  8 +++---
- tests/data/Makefile.inc |  2 +-
- tests/data/test728      | 64 +++++++++++++++++++++++++++++++++++++++++
- 3 files changed, 69 insertions(+), 5 deletions(-)
- create mode 100644 tests/data/test728
-
-diff --git a/lib/socks.c b/lib/socks.c
-index 95c2b004c..8cf694d1d 100644
--- a/lib/socks.c
-+++ b/lib/socks.c
-@@ -588,9 +588,9 @@ static CURLproxycode do_SOCKS5(struct Curl_cfilter *cf,
- 
-     /* RFC1928 chapter 5 specifies max 255 chars for domain name in packet */
-     if(!socks5_resolve_local && hostname_len > 255) {
-      infof(data, "SOCKS5: server resolving disabled for hostnames of "
-            "length > 255 [actual len=%zu]", hostname_len);
-      socks5_resolve_local = TRUE;
-+      failf(data, "SOCKS5: the destination hostname is too long to be "
-+            "resolved remotely by the proxy.");
-+      return CURLPX_LONG_HOSTNAME;
-     }
- 
-     if(auth & ~(CURLAUTH_BASIC | CURLAUTH_GSSAPI))
-@@ -904,7 +904,7 @@ static CURLproxycode do_SOCKS5(struct Curl_cfilter *cf,
-       }
-       else {
-         socksreq[len++] = 3;
-        socksreq[len++] = (char) hostname_len; /* one byte address length */
-+        socksreq[len++] = (unsigned char) hostname_len; /* one byte length */
-         memcpy(&socksreq[len], sx->hostname, hostname_len); /* w/o NULL */
-         len += hostname_len;
-       }
-diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
-index 7ed03a247..eb89437ef 100644
--- a/tests/data/Makefile.inc
-+++ b/tests/data/Makefile.inc
-@@ -100,7 +100,7 @@ test679 test680 test681 test682 test683 test684 test685 test686 \
- \
- test700 test701 test702 test703 test704 test705 test706 test707 test708 \
- test709 test710 test711 test712 test713 test714 test715 test716 test717 \
-test718 test719 test720 test721 \
-+test718 test719 test720 test721 test728 \
- \
- test800 test801 test802 test803 test804 test805 test806 test807 test808 \
- test809 test810 test811 test812 test813 test814 test815 test816 test817 \
-diff --git a/tests/data/test728 b/tests/data/test728
-new file mode 100644
-index 000000000..05bcf2883
--- /dev/null
-+++ b/tests/data/test728
-@@ -0,0 +1,64 @@
-+<testcase>
-+<info>
-+<keywords>
-+HTTP
-+HTTP GET
-+SOCKS5
-+SOCKS5h
-+followlocation
-+</keywords>
-+</info>
-+
-+#
-+# Server-side
-+<reply>
-+# The hostname in this redirect is 256 characters and too long (> 255) for
-+# SOCKS5 remote resolve. curl must return error CURLE_PROXY in this case.
-+<data>
-+HTTP/1.1 301 Moved Permanently
-+Location: http://AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/
-+Content-Length: 0
-+Connection: close
-+
-+</data>
-+</reply>
-+
-+#
-+# Client-side
-+<client>
-+<features>
-+proxy
-+</features>
-+<server>
-+http
-+socks5
-+</server>
-+ <name>
-+SOCKS5h with HTTP redirect to hostname too long
-+ </name>
-+ <command>
-+--no-progress-meter --location --proxy socks5h://%HOSTIP:%SOCKSPORT http://%HOSTIP:%HTTPPORT/%TESTNUMBER
-+</command>
-+</client>
-+
-+#
-+# Verify data after the test has been "shot"
-+<verify>
-+<protocol crlf="yes">
-+GET /%TESTNUMBER HTTP/1.1
-+Host: %HOSTIP:%HTTPPORT
-+User-Agent: curl/%VERSION
-+Accept: */*
-+
-+</protocol>
-+<errorcode>
-+97
-+</errorcode>
-+# the error message is verified because error code CURLE_PROXY (97) may be
-+# returned for any number of reasons and we need to make sure it is
-+# specifically for the reason below so that we know the check is working.
-+<stderr mode="text">
-+curl: (97) SOCKS5: the destination hostname is too long to be resolved remotely by the proxy.
-+</stderr>
-+</verify>
-+</testcase>
-- 
-2.41.0
-
--- a/0006-curl-8.0.1-CVE-2023-38546.patch
+++ b/0006-curl-8.0.1-CVE-2023-38546.patch
@ -1,136 +0,0 @@
-From a9a3f49fc87d4b64f380e19d69c139e9fba676f2 Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Thu, 14 Sep 2023 23:28:32 +0200
-Subject: [PATCH 2/2] cookie: remove unnecessary struct fields
-
-Plus: reduce the hash table size from 256 to 63. It seems unlikely to
-make much of a speed difference for most use cases but saves 1.5KB of
-data per instance.
-
-Closes #11862
-
-(cherry picked from commit 61275672b46d9abb3285740467b882e22ed75da8)
-
-Signed-off-by: Jan Macku <jamacku@redhat.com>
---
- lib/cookie.c | 13 +------------
- lib/cookie.h | 14 ++++----------
- lib/easy.c   |  4 +---
- 3 files changed, 6 insertions(+), 25 deletions(-)
-
-diff --git a/lib/cookie.c b/lib/cookie.c
-index 0c6e0f7cd..d34620351 100644
--- a/lib/cookie.c
-+++ b/lib/cookie.c
-@@ -119,7 +119,6 @@ static void freecookie(struct Cookie *co)
-   free(co->name);
-   free(co->value);
-   free(co->maxage);
-  free(co->version);
-   free(co);
- }
- 
-@@ -726,11 +725,7 @@ Curl_cookie_add(struct Curl_easy *data,
-           }
-         }
-         else if((nlen == 7) && strncasecompare("version", namep, 7)) {
-          strstore(&co->version, valuep, vlen);
-          if(!co->version) {
-            badcookie = TRUE;
-            break;
-          }
-+          /* just ignore */
-         }
-         else if((nlen == 7) && strncasecompare("max-age", namep, 7)) {
-           /*
-@@ -1174,7 +1169,6 @@ Curl_cookie_add(struct Curl_easy *data,
-     free(clist->path);
-     free(clist->spath);
-     free(clist->expirestr);
-    free(clist->version);
-     free(clist->maxage);
- 
-     *clist = *co;  /* then store all the new data */
-@@ -1238,9 +1232,6 @@ struct CookieInfo *Curl_cookie_init(struct Curl_easy *data,
-     c = calloc(1, sizeof(struct CookieInfo));
-     if(!c)
-       return NULL; /* failed to get memory */
-    c->filename = strdup(file?file:"none"); /* copy the name just in case */
-    if(!c->filename)
-      goto fail; /* failed to get memory */
-     /*
-      * Initialize the next_expiration time to signal that we don't have enough
-      * information yet.
-@@ -1394,7 +1385,6 @@ static struct Cookie *dup_cookie(struct Cookie *src)
-     CLONE(name);
-     CLONE(value);
-     CLONE(maxage);
-    CLONE(version);
-     d->expires = src->expires;
-     d->tailmatch = src->tailmatch;
-     d->secure = src->secure;
-@@ -1611,7 +1601,6 @@ void Curl_cookie_cleanup(struct CookieInfo *c)
- {
-   if(c) {
-     unsigned int i;
-    free(c->filename);
-     for(i = 0; i < COOKIE_HASH_SIZE; i++)
-       Curl_cookie_freelist(c->cookies[i]);
-     free(c); /* free the base struct as well */
-diff --git a/lib/cookie.h b/lib/cookie.h
-index 39bb08bc4..3a43bbf33 100644
--- a/lib/cookie.h
-+++ b/lib/cookie.h
-@@ -36,11 +36,7 @@ struct Cookie {
-   char *domain;      /* domain = <this> */
-   curl_off_t expires;  /* expires = <this> */
-   char *expirestr;   /* the plain text version */
-
-  /* RFC 2109 keywords. Version=1 means 2109-compliant cookie sending */
-  char *version;     /* Version = <value> */
-   char *maxage;      /* Max-Age = <value> */
-
-   bool tailmatch;    /* whether we do tail-matching of the domain name */
-   bool secure;       /* whether the 'secure' keyword was used */
-   bool livecookie;   /* updated from a server, not a stored file */
-@@ -56,18 +52,16 @@ struct Cookie {
- #define COOKIE_PREFIX__SECURE (1<<0)
- #define COOKIE_PREFIX__HOST (1<<1)
- 
-#define COOKIE_HASH_SIZE 256
-+#define COOKIE_HASH_SIZE 63
- 
- struct CookieInfo {
-   /* linked list of cookies we know of */
-   struct Cookie *cookies[COOKIE_HASH_SIZE];
-
-  char *filename;  /* file we read from/write to */
-  long numcookies; /* number of cookies in the "jar" */
-+  curl_off_t next_expiration; /* the next time at which expiration happens */
-+  int numcookies;  /* number of cookies in the "jar" */
-+  int lastct;      /* last creation-time used in the jar */
-   bool running;    /* state info, for cookie adding information */
-   bool newsession; /* new session, discard session cookies on load */
-  int lastct;      /* last creation-time used in the jar */
-  curl_off_t next_expiration; /* the next time at which expiration happens */
- };
- 
- /* This is the maximum line length we accept for a cookie line. RFC 2109
-diff --git a/lib/easy.c b/lib/easy.c
-index 27124a72f..fddf047f2 100644
--- a/lib/easy.c
-+++ b/lib/easy.c
-@@ -911,9 +911,7 @@ struct Curl_easy *curl_easy_duphandle(struct Curl_easy *data)
-   if(data->cookies) {
-     /* If cookies are enabled in the parent handle, we enable them
-        in the clone as well! */
-    outcurl->cookies = Curl_cookie_init(data,
-                                        data->cookies->filename,
-                                        outcurl->cookies,
-+    outcurl->cookies = Curl_cookie_init(data, NULL, outcurl->cookies,
-                                         data->set.cookiesession);
-     if(!outcurl->cookies)
-       goto fail;
-- 
-2.41.0
-
--- a/0007-curl-8.0.1-CVE-2023-46218.patch
+++ b/0007-curl-8.0.1-CVE-2023-46218.patch
@ -1,55 +0,0 @@
-From ef4abe34b2b704e2a318063b387b628773b78663 Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Thu, 23 Nov 2023 08:15:47 +0100
-Subject: [PATCH 1/2] cookie: lowercase the domain names before PSL checks
-
-Reported-by: Harry Sintonen
-
-Closes #12387
-
-(cherry picked from commit 2b0994c29a721c91c572cff7808c572a24d251eb)
-
-Signed-off-by: Jan Macku <jamacku@redhat.com>
---
- lib/cookie.c | 24 ++++++++++++++++--------
- 1 file changed, 16 insertions(+), 8 deletions(-)
-
-diff --git a/lib/cookie.c b/lib/cookie.c
-index d34620351..730c3c6f4 100644
--- a/lib/cookie.c
-+++ b/lib/cookie.c
-@@ -1044,15 +1044,23 @@ Curl_cookie_add(struct Curl_easy *data,
-    * dereference it.
-    */
-   if(data && (domain && co->domain && !Curl_host_is_ipnum(co->domain))) {
-    const psl_ctx_t *psl = Curl_psl_use(data);
-    int acceptable;
-
-    if(psl) {
-      acceptable = psl_is_cookie_domain_acceptable(psl, domain, co->domain);
-      Curl_psl_release(data);
-+    bool acceptable = FALSE;
-+    char lcase[256];
-+    char lcookie[256];
-+    size_t dlen = strlen(domain);
-+    size_t clen = strlen(co->domain);
-+    if((dlen < sizeof(lcase)) && (clen < sizeof(lcookie))) {
-+      const psl_ctx_t *psl = Curl_psl_use(data);
-+      if(psl) {
-+        /* the PSL check requires lowercase domain name and pattern */
-+        Curl_strntolower(lcase, domain, dlen + 1);
-+        Curl_strntolower(lcookie, co->domain, clen + 1);
-+        acceptable = psl_is_cookie_domain_acceptable(psl, lcase, lcookie);
-+        Curl_psl_release(data);
-+      }
-+      else
-+        acceptable = !bad_domain(domain, strlen(domain));
-     }
-    else
-      acceptable = !bad_domain(domain, strlen(domain));
- 
-     if(!acceptable) {
-       infof(data, "cookie '%s' dropped, domain '%s' must not "
-- 
-2.43.0
-
--- a/0008-curl-8.0.1-CVE-2023-46219.patch
+++ b/0008-curl-8.0.1-CVE-2023-46219.patch
@ -1,134 +0,0 @@
-From 45ed144efd8b194cc7d0acbe00594f730a2ad62d Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Thu, 23 Nov 2023 08:23:17 +0100
-Subject: [PATCH 2/2] fopen: create short(er) temporary file name
-
-Only using random letters in the name plus a ".tmp" extension. Not by
-appending characters to the final file name.
-
-Reported-by: Maksymilian Arciemowicz
-
-Closes #12388
-
-(cherry picked from commit 73b65e94f3531179de45c6f3c836a610e3d0a846)
-
-Signed-off-by: Jan Macku <jamacku@redhat.com>
---
- lib/fopen.c | 65 ++++++++++++++++++++++++++++++++++++++++++++++++-----
- 1 file changed, 60 insertions(+), 5 deletions(-)
-
-diff --git a/lib/fopen.c b/lib/fopen.c
-index 8c728f2a8..7b9d4022e 100644
--- a/lib/fopen.c
-+++ b/lib/fopen.c
-@@ -39,6 +39,51 @@
- #include "curl_memory.h"
- #include "memdebug.h"
- 
-+/*
-+  The dirslash() function breaks a null-terminated pathname string into
-+  directory and filename components then returns the directory component up
-+  to, *AND INCLUDING*, a final '/'.  If there is no directory in the path,
-+  this instead returns a "" string.
-+
-+  This function returns a pointer to malloc'ed memory.
-+
-+  The input path to this function is expected to have a file name part.
-+*/
-+
-+#ifdef _WIN32
-+#define PATHSEP "\\"
-+#define IS_SEP(x) (((x) == '/') || ((x) == '\\'))
-+#elif defined(MSDOS) || defined(__EMX__) || defined(OS2)
-+#define PATHSEP "\\"
-+#define IS_SEP(x) ((x) == '\\')
-+#else
-+#define PATHSEP "/"
-+#define IS_SEP(x) ((x) == '/')
-+#endif
-+
-+static char *dirslash(const char *path)
-+{
-+  size_t n;
-+  struct dynbuf out;
-+  DEBUGASSERT(path);
-+  Curl_dyn_init(&out, CURL_MAX_INPUT_LENGTH);
-+  n = strlen(path);
-+  if(n) {
-+    /* find the rightmost path separator, if any */
-+    while(n && !IS_SEP(path[n-1]))
-+      --n;
-+    /* skip over all the path separators, if any */
-+    while(n && IS_SEP(path[n-1]))
-+      --n;
-+  }
-+  if(Curl_dyn_addn(&out, path, n))
-+    return NULL;
-+  /* if there was a directory, append a single trailing slash */
-+  if(n && Curl_dyn_addn(&out, PATHSEP, 1))
-+    return NULL;
-+  return Curl_dyn_ptr(&out);
-+}
-+
- /*
-  * Curl_fopen() opens a file for writing with a temp name, to be renamed
-  * to the final name when completed. If there is an existing file using this
-@@ -50,25 +95,34 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char *filename,
-                     FILE **fh, char **tempname)
- {
-   CURLcode result = CURLE_WRITE_ERROR;
-  unsigned char randsuffix[9];
-+  unsigned char randbuf[41];
-   char *tempstore = NULL;
-   struct_stat sb;
-   int fd = -1;
-+  char *dir;
-   *tempname = NULL;
- 
-+  dir = dirslash(filename);
-+  if(!dir)
-+    goto fail;
-+
-   *fh = fopen(filename, FOPEN_WRITETEXT);
-   if(!*fh)
-     goto fail;
-  if(fstat(fileno(*fh), &sb) == -1 || !S_ISREG(sb.st_mode))
-+  if(fstat(fileno(*fh), &sb) == -1 || !S_ISREG(sb.st_mode)) {
-+    free(dir);
-     return CURLE_OK;
-+  }
-   fclose(*fh);
-   *fh = NULL;
- 
-  result = Curl_rand_hex(data, randsuffix, sizeof(randsuffix));
-+  result = Curl_rand_hex(data, randbuf, sizeof(randbuf));
-   if(result)
-     goto fail;
- 
-  tempstore = aprintf("%s.%s.tmp", filename, randsuffix);
-+  /* The temp file name should not end up too long for the target file
-+     system */
-+  tempstore = aprintf("%s%s.tmp", dir, randbuf);
-   if(!tempstore) {
-     result = CURLE_OUT_OF_MEMORY;
-     goto fail;
-@@ -95,6 +149,7 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char *filename,
-   if(!*fh)
-     goto fail;
- 
-+  free(dir);
-   *tempname = tempstore;
-   return CURLE_OK;
- 
-@@ -105,7 +160,7 @@ fail:
-   }
- 
-   free(tempstore);
-
-+  free(dir);
-   return result;
- }
- 
-- 
-2.43.0
-
--- a/0009-curl-8.0.1-fix-openldap-conftest.patch
+++ b/0009-curl-8.0.1-fix-openldap-conftest.patch
@ -1,43 +0,0 @@
-From 0ac6108856b9d500bc376d1d7e0b648d15499837 Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Thu, 22 Jun 2023 14:34:49 +0200
-Subject: [PATCH] configure: add check for ldap_init_fd
-
-... as otherwise the configure script will say it is OpenLDAP in the
-summary, but not set the USE_OPENLDAP define, therefor not using the
-intended OpenLDAP code paths.
-
-Regression since 4d7385446 (7.85.0)
-Fixes #11372
-Closes #11374
-Reported-by: vlkl-sap on github
---
- configure.ac | 7 +++++--
- 1 file changed, 5 insertions(+), 2 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 373e2e0cef6862..696a50505f37ab 100644
--- a/configure.ac
-+++ b/configure.ac
-@@ -1706,16 +1706,19 @@ if test x$CURL_DISABLE_LDAP != x1 ; then
- fi
- 
- if test x$CURL_DISABLE_LDAP != x1 ; then
-  AC_CHECK_FUNCS([ldap_url_parse])
-+  AC_CHECK_FUNCS([ldap_url_parse \
-+                  ldap_init_fd])
- 
-   if test "$LDAPLIBNAME" = "wldap32"; then
-     curl_ldap_msg="enabled (winldap)"
-     AC_DEFINE(USE_WIN32_LDAP, 1, [Use Windows LDAP implementation])
-   else
-    curl_ldap_msg="enabled (OpenLDAP)"
-     if test "x$ac_cv_func_ldap_init_fd" = "xyes"; then
-+      curl_ldap_msg="enabled (OpenLDAP)"
-       AC_DEFINE(USE_OPENLDAP, 1, [Use OpenLDAP-specific code])
-       AC_SUBST(USE_OPENLDAP, [1])
-+    else
-+      curl_ldap_msg="enabled (ancient OpenLDAP)"
-     fi
-   fi
- fi
--- a/0101-curl-7.32.0-multilib.patch
+++ b/0101-curl-7.32.0-multilib.patch
@ -1,84 +1,85 @@
-From 2a4754a3a7cf60ecc36d83cbe50b8c337cb87632 Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Fri, 12 Apr 2013 12:04:05 +0200
+From 6bb4e674cdc953f5c0048aa84172539900725166 Mon Sep 17 00:00:00 2001
+From: Jan Macku <jamacku@redhat.com>
+Date: Tue, 16 Dec 2025 10:04:40 +0100
 Subject: [PATCH] prevent multilib conflicts on the curl-config script

 ---
- curl-config.in     | 23 +++++------------------
- docs/curl-config.1 |  4 +++-
- libcurl.pc.in      |  1 +
+ curl-config.in      | 23 +++++------------------
+ docs/curl-config.md |  4 +++-
+ libcurl.pc.in       |  1 +
 3 files changed, 9 insertions(+), 19 deletions(-)

 diff --git a/curl-config.in b/curl-config.in
-index 150004d..95d0759 100644
+index a1c8185875..bb43ca8335 100644
 --- a/curl-config.in
 +++ b/curl-config.in
-@@ -78,7 +78,7 @@ while test $# -gt 0; do
-         ;;
+@@ -74,7 +74,7 @@ while test "$#" -gt 0; do
+     ;;
 
-     --cc)
-        echo "@CC@"
-+        echo "gcc"
-         ;;
+   --cc)
+-    echo '@CC@'
+    echo 'gcc'
+     ;;
 
-     --prefix)
-@@ -157,32 +157,19 @@ while test $# -gt 0; do
-         ;;
+   --prefix)
+@@ -149,16 +149,7 @@ while test "$#" -gt 0; do
+     ;;
 
-     --libs)
-        if test "X@libdir@" != "X/usr/lib" -a "X@libdir@" != "X/usr/lib64"; then
-           CURLLIBDIR="-L@libdir@ "
-        else
-           CURLLIBDIR=""
-        fi
-        if test "X@ENABLE_SHARED@" = "Xno"; then
-          echo ${CURLLIBDIR}-lcurl @LIBCURL_LIBS@
-        else
-          echo ${CURLLIBDIR}-lcurl
-        fi
-+        echo -lcurl
-         ;;
-     --ssl-backends)
-         echo "@SSL_BACKENDS@"
-         ;;
+   --libs)
+-    if test "@libdir@" != '/usr/lib' && test "@libdir@" != '/usr/lib64'; then
+-      curllibdir="-L@libdir@ "
+-    else
+-      curllibdir=''
+-    fi
+-    if test '@ENABLE_SHARED@' = 'no'; then
+-      echo "${curllibdir}-lcurl @LIBCURL_PC_LIBS_PRIVATE@"
+-    else
+-      echo "${curllibdir}-lcurl"
+-    fi
+    echo '-lcurl'
+     ;;
 
-     --static-libs)
-        if test "X@ENABLE_STATIC@" != "Xno" ; then
-          echo "@libdir@/libcurl.@libext@" @LDFLAGS@ @LIBCURL_LIBS@
-        else
-          echo "curl was built with static libraries disabled" >&2
-          exit 1
-        fi
-+        echo "curl was built with static libraries disabled" >&2
-+        exit 1
-         ;;
+   --ssl-backends)
+@@ -166,16 +157,12 @@ while test "$#" -gt 0; do
+     ;;
 
-     --configure)
-        echo @CONFIGURE_OPTIONS@
-+        pkg-config libcurl --variable=configure_options | sed 's/^"//;s/"$//'
-         ;;
+   --static-libs)
+-    if test '@ENABLE_STATIC@' != 'no'; then
+-      echo "@libdir@/libcurl.@libext@ @LIBCURL_PC_LDFLAGS_PRIVATE@ @LIBCURL_PC_LIBS_PRIVATE@"
+-    else
+-      echo 'curl was built with static libraries disabled' >&2
+-      exit 1
+-    fi
+    echo 'curl was built with static libraries disabled' >&2
+    exit 1
+     ;;
 
-     *)
-diff --git a/docs/curl-config.1 b/docs/curl-config.1
-index 14a9d2b..ffcc004 100644
--- a/docs/curl-config.1
-+++ b/docs/curl-config.1
-@@ -72,7 +72,9 @@ no, one or several names. If more than one name, they will appear
- comma-separated. (Added in 7.58.0)
- .IP "--static-libs"
- Shows the complete set of libs and other linker options you will need in order
-to link your application with libcurl statically. (Added in 7.17.1)
-+to link your application with libcurl statically. Note that Fedora/RHEL libcurl
+   --configure)
+-    echo @CONFIGURE_OPTIONS@
+    pkg-config libcurl --variable=configure_options | sed 's/^"//;s/"$//'
+     ;;
+ 
+   *)
+diff --git a/docs/curl-config.md b/docs/curl-config.md
+index 12ad245b79..fa0e03d273 100644
+--- a/docs/curl-config.md
+++ b/docs/curl-config.md
+@@ -87,7 +87,9 @@ no, one or several names. If more than one name, they appear comma-separated.
+ ## `--static-libs`
+ 
+ Shows the complete set of libs and other linker options you need in order to
+-link your application with libcurl statically. (Added in 7.17.1)
+link your application with libcurl statically. Note that Fedora/RHEL libcurl
 +packages do not provide any static libraries, thus cannot be linked statically.
 +(Added in 7.17.1)
- .IP "--version"
- Outputs version information about the installed libcurl.
- .IP "--vernum"
+ 
+ ## `--version`
+ 
 diff --git a/libcurl.pc.in b/libcurl.pc.in
-index 2ba9c39..f8f8b00 100644
+index c0ba5244a8..f3645e1748 100644
 --- a/libcurl.pc.in
 +++ b/libcurl.pc.in
-@@ -31,6 +31,7 @@ libdir=@libdir@
+@@ -28,6 +28,7 @@ libdir=@libdir@
 includedir=@includedir@
 supported_protocols="@SUPPORT_PROTOCOLS@"
 supported_features="@SUPPORT_FEATURES@"
@ -87,5 +88,5 @@ index 2ba9c39..f8f8b00 100644
 Name: libcurl
 URL: https://curl.se/
 -- 
-2.26.2
+2.52.0

--- a/0102-curl-7.84.0-test3026.patch
+++ b/0102-curl-7.84.0-test3026.patch
@ -1,71 +0,0 @@
-From 279b990727a1fd3e2828fbbd80581777e4200b67 Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Mon, 27 Jun 2022 16:50:57 +0200
-Subject: [PATCH] test3026: disable valgrind
-
-It fails on x86_64 with:
-```
- Use --max-threads=INT to specify a larger number of threads
- and rerun valgrind
- valgrind: the 'impossible' happened:
-    Max number of threads is too low
- host stacktrace:
- ==174357==    at 0x58042F5A: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
- ==174357==    by 0x58043087: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
- ==174357==    by 0x580432EF: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
- ==174357==    by 0x58043310: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
- ==174357==    by 0x58099E77: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
- ==174357==    by 0x580E67E9: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
- ==174357==    by 0x5809D59D: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
- ==174357==    by 0x5809901A: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
- ==174357==    by 0x5809B0B6: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
- ==174357==    by 0x580E4050: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
- sched status:
-   running_tid=1
- Thread 1: status = VgTs_Runnable syscall 56 (lwpid 174357)
- ==174357==    at 0x4A07816: clone (in /usr/lib64/libc.so.6)
- ==174357==    by 0x4A08720: __clone_internal (in /usr/lib64/libc.so.6)
- ==174357==    by 0x4987ACF: create_thread (in /usr/lib64/libc.so.6)
- ==174357==    by 0x49885F6: pthread_create@@GLIBC_2.34 (in /usr/lib64/libc.so.6)
- ==174357==    by 0x1093B5: test.part.0 (lib3026.c:64)
- ==174357==    by 0x492454F: (below main) (in /usr/lib64/libc.so.6)
- client stack range: [0x1FFEFFC000 0x1FFF000FFF] client SP: 0x1FFEFFC998
- valgrind stack range: [0x1002BAA000 0x1002CA9FFF] top usage: 11728 of 1048576
-[...]
-```
---
- tests/data/test3026     | 3 +++
- tests/libtest/lib3026.c | 4 ++--
- 2 files changed, 5 insertions(+), 2 deletions(-)
-
-diff --git a/tests/data/test3026 b/tests/data/test3026
-index fb80cc8..01f2ba5 100644
--- a/tests/data/test3026
-+++ b/tests/data/test3026
-@@ -41,5 +41,8 @@ none
- <errorcode>
- 0
- </errorcode>
-+<valgrind>
-+disable
-+</valgrind>
- </verify>
- </testcase>
-diff --git a/tests/libtest/lib3026.c b/tests/libtest/lib3026.c
-index 43fe335..70cd7a4 100644
--- a/tests/libtest/lib3026.c
-+++ b/tests/libtest/lib3026.c
-@@ -147,8 +147,8 @@ int test(char *URL)
-     results[i] = CURL_LAST; /* initialize with invalid value */
-     res = pthread_create(&tids[i], NULL, run_thread, &results[i]);
-     if(res) {
-      fprintf(stderr, "%s:%d Couldn't create thread, errno %d\n",
-              __FILE__, __LINE__, res);
-+      fprintf(stderr, "%s:%d Couldn't create thread, i=%u, errno %d\n",
-+              __FILE__, __LINE__, i, res);
-       tid_count = i;
-       test_failure = -1;
-       goto cleanup;
-- 
-2.37.1
-
--- a/0103-curl-7.87.0-test3012.patch
+++ b/0103-curl-7.87.0-test3012.patch
@ -1,52 +0,0 @@
-From 0d0a256c8e7f6261d49e1bdd583c04c0e5dfe706 Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Wed, 11 Jan 2023 08:53:05 +0100
-Subject: [PATCH] test3012: disable valgrind
-
-valgrind reports a call to memcpy() with overlapping blocks by mistake:
-```
-test 3012...[--output-dir with -J]
-../libtool --mode=execute /usr/bin/valgrind --tool=memcheck --quiet --leak-check=yes --suppressions=../../tests/valgrind.supp --num-callers=16 --log-file=log/valgrind3012 ../src/curl --trace-ascii log/trace3012 --trace-time http://127.0.0.1:35981/this/is/the/3012 -OJ --output-dir /root/rpmbuild/BUILD/curl-7.86.0/build-minimal/tests/log >log/stdout3012 2>log/stderr3012
-CMD (0): ../libtool --mode=execute /usr/bin/valgrind --tool=memcheck --quiet --leak-check=yes --suppressions=../../tests/valgrind.supp --num-callers=16 --log-file=log/valgrind3012 ../src/curl --trace-ascii log/trace3012 --trace-time http://127.0.0.1:35981/this/is/the/3012 -OJ --output-dir /root/rpmbuild/BUILD/curl-7.86.0/build-minimal/tests/log >log/stdout3012 2>log/stderr3012
- valgrind ERROR ==496584== Source and destination overlap in memcpy_chk(0x54ad1a0, 0x54ad1a1, 11)
-==496584==    at 0x484C332: __memcpy_chk (vg_replace_strmem.c:1741)
-==496584==    by 0x118FDB: UnknownInlinedFun (string_fortified.h:36)
-==496584==    by 0x118FDB: UnknownInlinedFun (tool_cb_hdr.c:301)
-==496584==    by 0x118FDB: tool_header_cb (tool_cb_hdr.c:173)
-==496584==    by 0x489907B: chop_write.lto_priv.0 (sendf.c:620)
-==496584==    by 0x489CDD1: UnknownInlinedFun (http.c:4449)
-==496584==    by 0x489CDD1: UnknownInlinedFun (transfer.c:633)
-==496584==    by 0x489CDD1: Curl_readwrite (transfer.c:1219)
-==496584==    by 0x488C116: multi_runsingle (multi.c:2404)
-==496584==    by 0x488F491: curl_multi_perform (multi.c:2682)
-==496584==    by 0x486A9DA: UnknownInlinedFun (easy.c:663)
-==496584==    by 0x486A9DA: UnknownInlinedFun (easy.c:753)
-==496584==    by 0x486A9DA: curl_easy_perform (easy.c:772)
-==496584==    by 0x114B28: UnknownInlinedFun (tool_operate.c:2406)
-==496584==    by 0x114B28: UnknownInlinedFun (tool_operate.c:2594)
-==496584==    by 0x114B28: UnknownInlinedFun (tool_operate.c:2706)
-==496584==    by 0x114B28: main (tool_main.c:284)
-```
-
-Bug: https://bugzilla.redhat.com/2143040
---
- tests/data/test3012 | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/tests/data/test3012 b/tests/data/test3012
-index 1889c93..ea43a49 100644
--- a/tests/data/test3012
-+++ b/tests/data/test3012
-@@ -56,5 +56,9 @@ Accept: */*
- <file name="log/MMM%TESTNUMBERMMM">
- -foo-
- </file>
-+
-+<valgrind>
-+disable
-+</valgrind>
- </verify>
- </testcase>
-- 
-2.39.0
-
--- a/0104-curl-7.88.0-tests-warnings.patch
+++ b/0104-curl-7.88.0-tests-warnings.patch
@ -1,30 +0,0 @@
-From d506d885aa16b4a87acbac082eea41dccdc7b69f Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Wed, 15 Feb 2023 10:42:38 +0100
-Subject: [PATCH] Revert "runtests: consider warnings fatal and error on them"
-
-While it might be useful for upstream developers, it is not so useful
-for downstream consumers.
-
-This reverts upstream commit 22f795c834cfdbacbb1b55426028a581e3cf67a8.
---
- tests/runtests.pl | 3 +--
- 1 file changed, 1 insertion(+), 2 deletions(-)
-
-diff --git a/tests/runtests.pl b/tests/runtests.pl
-index 71644ad18..0cf85c3fe 100755
--- a/tests/runtests.pl
-+++ b/tests/runtests.pl
-@@ -75,8 +75,7 @@ BEGIN {
- }
- 
- use strict;
-# Promote all warnings to fatal
-use warnings FATAL => 'all';
-+use warnings;
- use Cwd;
- use Digest::MD5 qw(md5);
- use MIME::Base64;
-- 
-2.39.1
-
--- a/0105-curl-8.0.1-tests-stunnel-port.patch
+++ b/0105-curl-8.0.1-tests-stunnel-port.patch
@ -1,97 +0,0 @@
-From c9a1d18e5f8f28b90c1b2fcc1f15699327067e59 Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Fri, 21 Apr 2023 17:44:10 +0200
-Subject: [PATCH] tests/runtests.pl: attempt to fix a conflict on port numbers
-
-... where stunnel listens for legacy HTTPS and HTTP/2, which manifests
-as a hard-to-explain failure of the following tests: 1630 1631 1632 1904
-1941 1945 2050 2055 3028
-```
-[...]
-startnew: perl -I../../tests ../../tests/secureserver.pl --pidfile ".https_server.pid" --logfile "log/https_stunnel.log" --ipv4 --proto https --stunnel "/usr/bin/stunnel" --srcdir "../../tests" --connect 42917 --accept 24642
-RUN: HTTPS server is PID 114398 port 24642
-* pid https => 114398 114402
-[...]
-startnew: perl -I../../tests ../../tests/secureserver.pl --pidfile ".https2_server.pid" --logfile "log/https2_stunnel.log" --id 2 --ipv4 --proto https --stunnel "/usr/bin/stunnel" --srcdir "../../tests" --connect 36763 --accept 24642
-startnew: child process has died, server might start up
-Warning: http2 server unexpectedly alive
-RUN: Process with pid 73992 signalled to die
-RUN: Process with pid 73992 forced to die with SIGKILL
-== Contents of files in the log/ dir after test 1630
-=== Start of file http2_server.log
- 14:01:21.881018 exit_signal_handler: 15
- 14:01:21.881372 signalled to die
- 14:01:21.881511 ========> IPv4 sws (port 36763 pid: 73992) exits with signal (15)
-=== End of file http2_server.log
-=== Start of file https2_stunnel.log
- [ ] Initializing inetd mode configuration
- [ ] Clients allowed=500
- [.] stunnel 5.69 on x86_64-redhat-linux-gnu platform
- [.] Compiled/running with OpenSSL 3.0.8 7 Feb 2023
- [.] Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,FIPS,OCSP,PSK,SNI
- [ ] errno: (*__errno_location ())
- [ ] Initializing inetd mode configuration
- [.] Reading configuration from file /builddir/build/BUILD/curl-8.0.1/build-minimal/tests/https_stunnel.conf
- [.] UTF-8 byte order mark not detected
- [.] FIPS mode disabled
- [ ] Compression disabled
- [ ] No PRNG seeding was required
- [ ] Initializing service [curltest]
- [ ] Using the default TLS minimum version as specified in crypto policies. Not setting explicitly.
- [ ] Using the default TLS maximum version as specified in crypto policies. Not setting explicitly
- [ ] stunnel default security level set: 2
- [ ] Ciphers: PROFILE=SYSTEM
- [ ] TLSv1.3 ciphersuites: TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256
- [ ] TLS options: 0x2100000 (+0x0, -0x0)
- [ ] Session resumption enabled
- [ ] Loading certificate from file: /builddir/build/BUILD/curl-8.0.1/tests/stunnel.pem
- [ ] Certificate loaded from file: /builddir/build/BUILD/curl-8.0.1/tests/stunnel.pem
- [ ] Loading private key from file: /builddir/build/BUILD/curl-8.0.1/tests/stunnel.pem
- [ ] Private key loaded from file: /builddir/build/BUILD/curl-8.0.1/tests/stunnel.pem
- [ ] Private key check succeeded
- [!] No trusted certificates found
- [ ] DH initialization needed for DHE-RSA-AES256-GCM-SHA384
- [ ] DH initialization
- [ ] Could not load DH parameters from /builddir/build/BUILD/curl-8.0.1/tests/stunnel.pem
- [ ] Using dynamic DH parameters
- [ ] ECDH initialization
- [ ] ECDH initialized with curves X25519:P-256:X448:P-521:P-384
- [.] Configuration successful
- [ ] Deallocating deployed section defaults
- [ ] Binding service [curltest]
- [ ] Listening file descriptor created (FD=8)
- [ ] Setting accept socket options (FD=8)
- [ ] Option SO_REUSEADDR set on accept socket
- [.] Binding service [curltest] to 0.0.0.0:24642: Address already in use (98)
- [ ] Listening file descriptor created (FD=8)
- [ ] Setting accept socket options (FD=8)
- [ ] Option SO_REUSEADDR set on accept socket
- [.] Binding service [curltest] to :::24642: Address already in use (98)
- [!] Binding service [curltest] failed
- [ ] Unbinding service [curltest]
- [ ] Service [curltest] closed
- [ ] Deallocating deployed section defaults
- [ ] Deallocating section [curltest]
- [ ] Initializing inetd mode configuration
-=== End of file https2_stunnel.log
-```
---
- tests/runtests.pl | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/tests/runtests.pl b/tests/runtests.pl
-index 54f6923..bb362c9 100755
--- a/tests/runtests.pl
-+++ b/tests/runtests.pl
-@@ -1802,7 +1802,7 @@ sub runhttpsserver {
- 
-     my $pid2;
-     my $httpspid;
-    my $port = 24512; # start attempt
-+    my $port = 24512 * $idnum; # start attempt
-     for (1 .. 10) {
-         $port += int(rand(600));
-         my $options = "$flags --accept $port";
-- 
-2.39.2
-
--- a/curl.rpmlintrc
+++ b/curl.rpmlintrc
@ -0,0 +1,15 @@
+# Intentional stuff we're not concerned about
+addFilter("unversioned-explicit-provides webclient")
+addFilter("package-with-huge-docs")
+addFilter("crypto-policy-non-compliance-openssl /usr/lib(64)?/libcurl.so.4")
+
+# This is just plain wrong (%_configure redefinition)
+addFilter("configure-without-libdir-spec")
+
+# Technical term
+addFilter("E: spelling-error \('kerberos',")
+
+# Artefacts of RemovePathPostfixes: .minimal
+addFilter("W: dangling-relative-symlink /usr/lib/.build-id/.* ../../../../.*curl.*\.minimal")
+#addFilter("W: dangling-relative-symlink /usr/lib.*/libcurl.so.4 libcurl.so.4.*.minimal")
+#addFilter("E: invalid-ldconfig-symlink /usr/lib.*/libcurl.so.4.* libcurl.so.4.*.minimal")
--- a/curl.spec
+++ b/curl.spec
--- a/4
+++ b/4
@ -1,2 +1,2 @@
-SHA512 (curl-8.0.1.tar.xz) = 3bb777982659ed697ae90f113ff7b65d6ce8ba9fe6a8984cfd6769d2f051a72ba953c911abe234c204ec2cc5a35d68b4d033037fad7fba31bb92a52543f8d13d
-SHA512 (curl-8.0.1.tar.xz.asc) = 92c6a0570e9a8a708fe2f717b8b37a68dcb9cd4520ca50c9baafec5891bda103bce2d2dcb67f1387bf11bd7e51e0e64ccd52d196e61d58b598ad3aa1960386cf
+SHA512 (curl-8.18.0.tar.xz) = 50c7a7b0528e0019697b0c59b3e56abb2578c71d77e4c085b56797276094b5611718c0a9cb2b14db7f8ab502fcf8f42a364297a3387fae3870a4d281484ba21c
+SHA512 (curl-8.18.0.tar.xz.asc) = 07e08d1bb3f8bf20b3d22f37fbc19c49c0d9ee4ea9d92da76fa8a9de343023e1b5d416ccc6535a4ff98b08b30eb9334fd856227e37564f6bcd542aa81bced152
--- a/tests/non-root-user-download/runtest.sh
+++ b/tests/non-root-user-download/runtest.sh
@ -31,9 +31,9 @@

 PACKAGE="curl"

-FTP_URL=ftp://ftp.fi.muni.cz/pub/linux/fedora/linux/releases/38/Everything/x86_64/iso/Fedora-Everything-38-1.6-x86_64-CHECKSUM
-HTTP_URL=https://archives.fedoraproject.org/pub/fedora/linux/releases/38/Everything/x86_64/iso/Fedora-Everything-38-1.6-x86_64-CHECKSUM
-CONTENT=4d042dedc8886856db10bc882074b84dcce52f829ea7b3f31d8031db8d84df20
+FTP_URL=ftp://ftp.fi.muni.cz/pub/linux/fedora/linux/releases/42/Everything/x86_64/iso/Fedora-Everything-42-1.1-x86_64-CHECKSUM
+HTTP_URL=https://archives.fedoraproject.org/pub/fedora/linux/releases/42/Everything/x86_64/iso/Fedora-Everything-42-1.1-x86_64-CHECKSUM
+CONTENT=1bd6ab4798983c2fe4a210f9c4ca135fed453d6142ba852c1f8d5fba22e113ab
 PASSWORD=pAssw0rd
 OPTIONS=""
 rlIsRHEL 7 && OPTIONS="--insecure"
Author	SHA1	Message	Date
Jan Macku	3c4947ef97	new upstream release - 8.18.0	2026-01-07 11:16:40 +01:00
Jan Macku	da5bf8f889	new upstream release - 8.18.0~rc3	2026-01-05 09:35:50 +01:00
Jan Macku	9e1a11614b	new upstream release - 8.18.0~rc2	2025-12-16 14:49:18 +01:00
Jan Macku	9d9fd36c2e	new upstream release - 8.18.0~rc1	2025-12-09 08:53:40 +01:00
Aleksei Bavshin	fe73859ecd	Enable HTTP/3 support with ngtcp2	2025-12-07 11:36:05 -08:00
Jan Macku	7d91f53d81	http3: apply upstream patches for valgrind issues Related: #2408809	2025-12-04 10:44:25 +01:00
Jan Macku	6803c01e8d	recommend wcurl package instead of bundled wcurl utility	2025-11-13 16:01:43 +01:00
Jan Macku	b15bd53eb8	remove bundled wcurl utility that was added in 8.14.0~rc1, use wcurl package instead	2025-11-13 09:24:32 +01:00
Jan Macku	d2da397853	new upstream release - 8.17.0	2025-11-06 15:10:09 +01:00
Jan Macku	9bd80279ea	new upstream release - 8.17.0~rc3	2025-10-30 09:37:38 +01:00
Jan Macku	6bf2cb17bf	new upstream release - 8.17.0~rc2	2025-10-21 13:12:51 +02:00
Jan Macku	9776a6bb74	new upstream release - 8.17.0~rc1	2025-10-13 10:25:01 +02:00
Adam Williamson	804c73ca4b	Update test URLs to Fedora 42 to fix tests Tests currently fail because Fedora 38 is archived. This bumps the version to 42 and updates the expected content. This will need updating again annually or so. It'd be safer to use something that doesn't age out frequently instead. Signed-off-by: Adam Williamson <awilliam@redhat.com>	2025-09-12 10:43:27 -07:00
Jan Macku	4335a7a3cb	new upstream release - 8.16.0	2025-09-10 08:56:14 +02:00
Jan Macku	581c1b9ace	new upstream release - 8.16.0~rc3	2025-09-03 10:39:46 +02:00
Jan Macku	e4069769c8	new upstream release - 8.16.0~rc2	2025-08-26 10:01:14 +02:00
Fedora Release Engineering	cc5717f9ec	Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild	2025-07-23 18:56:38 +00:00
Jan Macku	e6d7e2ed2d	new upstream release - 8.15.0	2025-07-16 10:14:01 +02:00
Jan Macku	c602d3aa56	new upstream release - 8.15.0~rc3	2025-07-10 09:21:53 +02:00
Jan Macku	1984beb537	new upstream release - 8.15.0~rc2	2025-06-30 13:44:33 +02:00
Jan Macku	1b9d79c6fd	new upstream release - 8.15.0~rc1	2025-06-23 10:29:25 +02:00
Jan Macku	8077eb733b	new upstream release - 8.14.1	2025-06-04 12:59:43 +02:00
Jan Macku	b8ae67753a	new upstream release - 8.14.0	2025-05-28 14:59:28 +02:00
Jan Macku	ece940a649	new upstream release - 8.14.0~rc1	2025-05-02 09:36:02 +02:00
Jan Macku	4d98bbf51e	new upstream release - 8.13.0	2025-04-03 10:38:50 +02:00
Jan Macku	95664fdd30	new upstream release - 8.13.0~rc3	2025-03-26 10:11:44 +01:00
Jan Macku	4fcaa6c404	new upstream release - 8.13.0~rc2	2025-03-18 09:23:12 +01:00
Jan Macku	5e5bbeb413	fix --cert parameter Resolves: #2351531	2025-03-13 09:30:38 +01:00
Jan Macku	3ce21a370c	new upstream release - 8.13.0~rc1	2025-03-10 14:57:45 +01:00
Jan Macku	9c7fc53ab2	new upstream release - 8.12.1	2025-02-13 08:28:44 +01:00
Jan Macku	057c9e09f0	new upstream release - 8.12.0	2025-02-05 09:44:27 +01:00
Jan Macku	dbdb66e32e	TLS: check connection for SSL use, not handler Resolves: #2324130	2025-01-31 15:01:32 +01:00
Fedora Release Engineering	84d98cb3c3	Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild	2025-01-16 15:05:19 +00:00
Paul Howarth	348d650b12	Fix crash with Unexpected error 9 on netlink descriptor 10 (rhbz#2332350) - https://github.com/curl/curl/issues/15725 - https://github.com/curl/curl/pull/15727	2024-12-15 12:06:23 +00:00
Paul Howarth	60dca4fc32	Add rpmlintrc	2024-12-15 12:05:17 +00:00
Jan Macku	f200f97c28	new upstream release - 8.11.1	2024-12-11 15:04:00 +01:00
Yaakov Selkowitz	0e038361dd	Disable engine support on RHEL 10+ RHEL 10 does not provide the engine header at all. Also, restore compatibility with earlier versions which do not have a separate subpackage for the engine header.	2024-11-06 13:13:17 -05:00
Jan Macku	44fdfebea1	new upstream release - 8.11.0	2024-11-06 15:42:48 +01:00
Zbigniew Jędrzejewski-Szmek	e685607ffd	Make curl-config arch-independent The final /usr/bin/curl-config file had a comment like "prefix=/usr # used in /usr/lib64" or "prefix=/usr # used in /usr/lib", depending on the arch. This causes the following error on upgrades from f40 for people who have both libcurl-devel.i686 and libcurl-devel.x86_64 installed: Transaction failed: Rpm transaction failed. - file /usr/bin/curl-config conflicts between attempted installs of libcurl-devel-8.9.1-2.fc41.i686 and libcurl-devel-8.9.1-2.fc41.x86_64 The comment is actually not useful at all after the variable is expanded, since it's not clear what is meant by "used in /usr/lib64". Just drop it. With this change, the packages are constinstallable again.	2024-10-01 10:16:16 +02:00
Zbigniew Jędrzejewski-Szmek	d92476d332	Move the autoreconf invocation to %build section The %prep section is supposed to extract and possibly patch the sources. In particular, the code provided by the package should not be called here, but only in %build section. This keeps %prep quick and allows the code provided by upstream to be inspected before running it. Also drop space after the redirection operator to match the style elsewhere in the spec file. Having symmetrical whitespace around the operator makes it look like a binary operator, which it very much is not.	2024-09-29 16:07:10 +02:00
Jan Macku	1268eeab81	spec: use tls-ca-bundle.pem instead of ca-bundle.crt Resolves: #2313564	2024-09-24 13:37:40 +02:00
Jan Macku	67e25e1742	new upstream release - 8.10.1	2024-09-18 09:45:38 +02:00
Jan Macku	8669cc0727	new upstream release - 8.10.0	2024-09-11 10:38:41 +02:00
Jacek Migacz	25bb999ab6	Retire depricated ntlm-wb configure option	2024-08-21 18:07:32 +02:00
voidanix	cc42129b02	Add patch due to upstream curl-8.9.1 regression	2024-08-05 16:22:44 +02:00
Jan Macku	40967e47b5	new upstream release - 8.9.1	2024-07-31 09:47:16 +02:00
Jan Macku	27557f0746	new upstream release - 8.9.0	2024-07-24 15:17:24 +02:00
Fedora Release Engineering	ed1f78db34	Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild	2024-07-17 20:23:31 +00:00
Paul Howarth	781fa86ead	adapt for https://fedoraproject.org/wiki/Changes/OpensslDeprecateEngine Added build condition for openssl_engine_support, true by default so as to not change the resulting built package (yet) - With openssl_engine_support true, BR: openssl-devel-engine - With openssl_engine_support false, build with -DOPENSSL_NO_ENGINE	2024-07-12 08:06:48 +01:00
Jan Macku	24a6093c53	new upstream release - 8.8.0	2024-05-22 13:07:32 +02:00
Jan Macku	f9311ae69d	new upstream release - 8.7.1 Resolves: CVE-2024-2004 - Usage of disabled protocol Resolves: CVE-2024-2379 - QUIC certificate check bypass with wolfSSL Resolves: CVE-2024-2398 - HTTP/2 push headers memory-leak Resolves: CVE-2024-2466 - TLS certificate check bypass with mbedTLS	2024-04-02 14:00:38 +02:00
Jan Macku	9a38bdf948	fix: Leftovers after chunking should not be part of the curl buffer output Resolves: #2264220	2024-02-19 13:23:34 +01:00
Jan Macku	e58b8f772b	spec: use `printf` to populate `tests/data/DISABLED` with a newline	2024-02-12 17:34:59 +01:00
Jan Macku	cbc7f6603c	spec: use `echo -e` to populate `tests/data/DISABLED` with a newline	2024-02-12 17:13:40 +01:00
Jan Macku	cbd939da23	spec: don't suggests libcurl-minimal it might break existing setups, tests, etc. Also fedora documentation about suggests is not right about meaning of Suggests macro.	2024-02-12 16:24:35 +01:00
Jan Macku	685f0d3645	temporarily disable test 0313 ``` test 0313...[CRL test] ../libtool --mode=execute /usr/bin/valgrind --tool=memcheck --quiet --leak-check=yes --suppressions=../../tests/valgrind.supp --num-callers=16 --log-file=log/valgrind313 ../src/curl --output log/curl313.out --include --trace-ascii log/trace313 --trace-time --cacert ../../tests/certs/EdelCurlRoot-ca.crt --crlfile ../../tests/certs/Server-localhost-sv.crl https://localhost:37247/313 > log/stdout313 2> log/stderr313 CMD (15360): ../libtool --mode=execute /usr/bin/valgrind --tool=memcheck --quiet --leak-check=yes --suppressions=../../tests/valgrind.supp --num-callers=16 --log-file=log/valgrind313 ../src/curl --output log/curl313.out --include --trace-ascii log/trace313 --trace-time --cacert ../../tests/certs/EdelCurlRoot-ca.crt --crlfile ../../tests/certs/Server-localhost-sv.crl https://localhost:37247/313 > log/stdout313 2> log/stderr313 valgrind ERROR ==89628== 1,795 (248 direct, 1,547 indirect) bytes in 1 blocks are definitely lost in loss record 32 of 32 ==89628== at 0x484280F: malloc (vg_replace_malloc.c:442) ==89628== by 0x4D71B20: CRYPTO_malloc (in /usr/lib64/libcrypto.so.3.2.1) ==89628== by 0x4D71BD4: CRYPTO_zalloc (in /usr/lib64/libcrypto.so.3.2.1) ==89628== by 0x4C67FD3: ??? (in /usr/lib64/libcrypto.so.3.2.1) ==89628== by 0x4C69B00: ??? (in /usr/lib64/libcrypto.so.3.2.1) ==89628== by 0x4C69E3F: ASN1_item_d2i_ex (in /usr/lib64/libcrypto.so.3.2.1) ==89628== by 0x4D944C0: PEM_ASN1_read_bio (in /usr/lib64/libcrypto.so.3.2.1) ==89628== by 0x4DD3C31: X509_load_crl_file (in /usr/lib64/libcrypto.so.3.2.1) ==89628== by 0x48B6D48: UnknownInlinedFun (openssl.c:3284) ==89628== by 0x48B6D48: Curl_ssl_setup_x509_store (openssl.c:3437) ==89628== by 0x48B7445: ossl_bio_cf_in_read (openssl.c:776) ==89628== by 0x4C6DB32: ??? (in /usr/lib64/libcrypto.so.3.2.1) ==89628== by 0x4C71C16: ??? (in /usr/lib64/libcrypto.so.3.2.1) ==89628== by 0x4C71DAA: BIO_read (in /usr/lib64/libcrypto.so.3.2.1) ==89628== by 0x4B9BE92: ??? (in /usr/lib64/libssl.so.3.2.1) ==89628== by 0x4BA0B4A: ??? (in /usr/lib64/libssl.so.3.2.1) ==89628== by 0x4B9B099: ??? (in /usr/lib64/libssl.so.3.2.1) ==89628== == Contents of files in the log/ dir after test 313 === Start of file commands.log ../libtool --mode=execute /usr/bin/valgrind --tool=memcheck --quiet --leak-check=yes --suppressions=../../tests/valgrind.supp --num-callers=16 --log-file=log/valgrind313 ../src/curl --output log/curl313.out --include --trace-ascii log/trace313 --trace-time --cacert ../../tests/certs/EdelCurlRoot-ca.crt --crlfile ../../tests/certs/Server-localhost-sv.crl https://localhost:37247/313 > log/stdout313 2> log/stderr313 === End of file commands.log ``` Related: openssl #2263877 a	2024-02-12 16:24:31 +01:00
Jan Macku	9c77cd7c46	vtls: revert "receive max buffer" + add test case It breaks the test suite of pycurl	2024-02-12 14:06:34 +01:00
Jan Macku	31bc86593e	curl-full: add Provides to curl-minimal	2024-02-12 13:50:03 +01:00
Jan Macku	8cec2e9cc7	drop curl-minimal subpackage in favor of curl-full The reason for maintaining two separate packages for curl is no longer valid. The curl-minimal is currently almost identical to curl-full, so let's drop curl-minimal. Resolves: #2262096	2024-02-07 13:05:39 +01:00
Jan Macku	ec3f7ae8ee	fix: ignore response body to HEAD requests Discovered/Reported by: @lis in FEDORA-2024-634a6662aa	2024-02-05 10:49:10 +01:00
Kamil Dudka	be5d7739cf	deduplicate the --disable-manual configure option No change in behavior intended. Related: #2262373 Closes: https://src.fedoraproject.org/rpms/curl/pull-request/22	2024-02-02 12:04:20 +01:00
Jan Macku	6730b754a9	don't build curl manual feature use man 1 curl instead Resolves: #2262373	2024-02-02 10:22:12 +01:00
Jan Macku	98780da3f8	new upstream release - 8.6.0 Resolves: CVE-2024-0853 - OCSP verification bypass with TLS session reuse	2024-02-01 15:11:39 +01:00
Fedora Release Engineering	3c4671bd88	Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild	2024-01-19 16:32:26 +00:00
Jan Macku	7d149f66f5	new upstream release - 8.5.0 Resolves: CVE-2023-46218 - cookie mixed case PSL bypass Resolves: CVE-2023-46219 - HSTS long file name clears contents	2023-12-06 12:29:18 +01:00
Jan Macku	cb17cbc66a	new upstream release - 8.4.0 Resolves: CVE-2023-38545 - SOCKS5 heap buffer overflow Resolves: CVE-2023-38546 - cookie injection with none file	2023-10-11 15:36:19 +02:00
Lukáš Zaoral	554e13f798	tests: use newer Fedora URLs for testing ... because F36 URLs are no longer available.	2023-10-09 10:48:08 +02:00
Jan Macku	dd8c36f3ea	new upstream release - 8.3.0 Resolves: CVE-2023-38039 - HTTP headers eat all memory	2023-09-13 10:33:22 +02:00
Jan Macku	76f5788cab	enable websockets Resolves: #2224651	2023-08-10 12:44:06 +02:00
Lukáš Zaoral	b64627ff52	new upstream release - 8.2.1 Resolves: rhbz#2226659	2023-07-26 12:40:15 +02:00
Jan Macku	de1364bf2c	new upstream release - 8.2.0 Resolves: CVE-2023-32001 - fopen race condition	2023-07-19 13:44:49 +02:00
Jan Macku	f91221e9d7	new upstream release - 8.1.2 Resolves: #2210976	2023-05-30 10:05:35 +02:00
Jan Macku	d31965bf5b	new upstream release - 8.1.1 Resolves: #2209217	2023-05-23 10:07:28 +02:00
Paul Howarth	dc1838de58	Additional test suite dependencies	2023-05-17 13:14:43 +01:00
Paul Howarth	6beac07229	Ignore lzma-compressed tarballs from old releases	2023-05-17 13:13:21 +01:00
Kamil Dudka	fa58a15ce6	add BR for perl(base) needed by the test-suite	2023-05-17 12:11:00 +02:00
Kamil Dudka	4da3349c05	drop 0103-curl-7.87.0-test3012.patch The related valgrind bug has been fixed https://bugzilla.redhat.com/2143040	2023-05-17 09:55:40 +02:00
Kamil Dudka	c0b70e927f	new upstream release - 8.1.0 Resolves: CVE-2023-28321 - IDN wildcard match Resolves: CVE-2023-28322 - more POST-after-PUT confusion	2023-05-17 09:42:41 +02:00
Kamil Dudka	65d0dfbac5	changelog: trim entries that predate curl-7.29.0 ... which RHEL-7 builds of curl are based on Closes: https://src.fedoraproject.org/rpms/curl/pull-request/16	2023-04-21 18:30:49 +02:00
Kamil Dudka	d8bddc669c	tests: re-enable temporarily disabled test-cases	2023-04-21 18:11:12 +02:00
Kamil Dudka	2d313d8a46	tests: attempt to fix a conflict on port numbers ... where stunnel listens for legacy HTTPS and HTTP/2, which manifests as a hard-to-explain failure of the following tests: 1630 1631 1632 1904 1941 1945 2050 2055 3028 ``` [...] startnew: perl -I../../tests ../../tests/secureserver.pl --pidfile ".https_server.pid" --logfile "log/https_stunnel.log" --ipv4 --proto https --stunnel "/usr/bin/stunnel" --srcdir "../../tests" --connect 42917 --accept 24642 RUN: HTTPS server is PID 114398 port 24642 * pid https => 114398 114402 [...] startnew: perl -I../../tests ../../tests/secureserver.pl --pidfile ".https2_server.pid" --logfile "log/https2_stunnel.log" --id 2 --ipv4 --proto https --stunnel "/usr/bin/stunnel" --srcdir "../../tests" --connect 36763 --accept 24642 startnew: child process has died, server might start up Warning: http2 server unexpectedly alive RUN: Process with pid 73992 signalled to die RUN: Process with pid 73992 forced to die with SIGKILL == Contents of files in the log/ dir after test 1630 === Start of file http2_server.log 14:01:21.881018 exit_signal_handler: 15 14:01:21.881372 signalled to die 14:01:21.881511 ========> IPv4 sws (port 36763 pid: 73992) exits with signal (15) === End of file http2_server.log === Start of file https2_stunnel.log [ ] Initializing inetd mode configuration [ ] Clients allowed=500 [.] stunnel 5.69 on x86_64-redhat-linux-gnu platform [.] Compiled/running with OpenSSL 3.0.8 7 Feb 2023 [.] Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,FIPS,OCSP,PSK,SNI [ ] errno: (*__errno_location ()) [ ] Initializing inetd mode configuration [.] Reading configuration from file /builddir/build/BUILD/curl-8.0.1/build-minimal/tests/https_stunnel.conf [.] UTF-8 byte order mark not detected [.] FIPS mode disabled [ ] Compression disabled [ ] No PRNG seeding was required [ ] Initializing service [curltest] [ ] Using the default TLS minimum version as specified in crypto policies. Not setting explicitly. [ ] Using the default TLS maximum version as specified in crypto policies. Not setting explicitly [ ] stunnel default security level set: 2 [ ] Ciphers: PROFILE=SYSTEM [ ] TLSv1.3 ciphersuites: TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256 [ ] TLS options: 0x2100000 (+0x0, -0x0) [ ] Session resumption enabled [ ] Loading certificate from file: /builddir/build/BUILD/curl-8.0.1/tests/stunnel.pem [ ] Certificate loaded from file: /builddir/build/BUILD/curl-8.0.1/tests/stunnel.pem [ ] Loading private key from file: /builddir/build/BUILD/curl-8.0.1/tests/stunnel.pem [ ] Private key loaded from file: /builddir/build/BUILD/curl-8.0.1/tests/stunnel.pem [ ] Private key check succeeded [!] No trusted certificates found [ ] DH initialization needed for DHE-RSA-AES256-GCM-SHA384 [ ] DH initialization [ ] Could not load DH parameters from /builddir/build/BUILD/curl-8.0.1/tests/stunnel.pem [ ] Using dynamic DH parameters [ ] ECDH initialization [ ] ECDH initialized with curves X25519:P-256:X448:P-521:P-384 [.] Configuration successful [ ] Deallocating deployed section defaults [ ] Binding service [curltest] [ ] Listening file descriptor created (FD=8) [ ] Setting accept socket options (FD=8) [ ] Option SO_REUSEADDR set on accept socket [.] Binding service [curltest] to 0.0.0.0:24642: Address already in use (98) [ ] Listening file descriptor created (FD=8) [ ] Setting accept socket options (FD=8) [ ] Option SO_REUSEADDR set on accept socket [.] Binding service [curltest] to :::24642: Address already in use (98) [!] Binding service [curltest] failed [ ] Unbinding service [curltest] [ ] Service [curltest] closed [ ] Deallocating deployed section defaults [ ] Deallocating section [curltest] [ ] Initializing inetd mode configuration === End of file https2_stunnel.log ```	2023-04-21 18:05:52 +02:00
Kamil Dudka	fb877acc4b	curl.spec: forgot to bump release	2023-04-21 14:41:58 +02:00
Kamil Dudka	449e5165fd	curl.spec: apply patches automatically ... to ease maintenance and to avoid the following warning on Fedora Rawhide: ``` warning: %patchN is deprecated (4 usages found), use %patch N (or %patch -P N) ```	2023-04-21 14:35:22 +02:00
Lukáš Zaoral	54363444c5	migrate to SPDX license	2023-03-21 15:46:58 +01:00
Kamil Dudka	c96705f9dc	new upstream release - 8.0.1	2023-03-20 15:56:09 +01:00
Kamil Dudka	7b0a4d3dfc	new upstream release - 8.0.0 Resolves: CVE-2023-27538 - SSH connection too eager reuse still Resolves: CVE-2023-27537 - HSTS double-free Resolves: CVE-2023-27536 - GSS delegation too eager connection re-use Resolves: CVE-2023-27535 - FTP too eager connection reuse Resolves: CVE-2023-27534 - SFTP path ~ resolving discrepancy Resolves: CVE-2023-27533 - TELNET option IAC injection	2023-03-20 13:46:30 +01:00
Kamil Dudka	d5c1163ef3	new upstream release - 7.88.1	2023-02-20 14:42:32 +01:00
Kamil Dudka	13a96c9b8f	http2: set drain on stream end This is an attempt to fix the following issue in COPR: https://pagure.io/fedora-infrastructure/issue/11133	2023-02-17 14:38:21 +01:00
Kamil Dudka	bdbf01f50c	add glibc-langpack-en BR needed for test1560 to succeed Suggested-by: Paul Howarth	2023-02-15 12:54:31 +01:00
Kamil Dudka	f3c2fe3549	do not fail on warnings in the upstream test driver	2023-02-15 10:46:00 +01:00
Kamil Dudka	98c91c9f34	new upstream release - 7.88.0 Resolves: CVE-2023-23916 - HTTP multi-header compression denial of service Resolves: CVE-2023-23915 - HSTS amnesia with --parallel Resolves: CVE-2023-23914 - HSTS ignored on multiple requests	2023-02-15 10:06:24 +01:00