new upstream release - 8.18.0

Related: #2408809

.gitignore

@@ -2,3 +2,5 @@
 /curl-[0-9.]*.tar.lzma.asc
 /curl-[0-9.]*.tar.xz
 /curl-[0-9.]*.tar.xz.asc
+/curl-[0-9]*.[0-9]*.[0-9]*/
+/*.src.rpm

0101-curl-7.32.0-multilib.patch

@@ -1,84 +1,85 @@
-From 2a4754a3a7cf60ecc36d83cbe50b8c337cb87632 Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Fri, 12 Apr 2013 12:04:05 +0200
+From 6bb4e674cdc953f5c0048aa84172539900725166 Mon Sep 17 00:00:00 2001
+From: Jan Macku <jamacku@redhat.com>
+Date: Tue, 16 Dec 2025 10:04:40 +0100
 Subject: [PATCH] prevent multilib conflicts on the curl-config script
 
 ---
- curl-config.in     | 23 +++++------------------
- docs/curl-config.1 |  4 +++-
- libcurl.pc.in      |  1 +
+ curl-config.in      | 23 +++++------------------
+ docs/curl-config.md |  4 +++-
+ libcurl.pc.in       |  1 +
  3 files changed, 9 insertions(+), 19 deletions(-)
 
 diff --git a/curl-config.in b/curl-config.in
-index 150004d..95d0759 100644
+index a1c8185875..bb43ca8335 100644
 --- a/curl-config.in
 +++ b/curl-config.in
-@@ -78,7 +78,7 @@ while test $# -gt 0; do
-         ;;
+@@ -74,7 +74,7 @@ while test "$#" -gt 0; do
+     ;;
  
-     --cc)
--        echo "@CC@"
-+        echo "gcc"
-         ;;
+   --cc)
+-    echo '@CC@'
++    echo 'gcc'
+     ;;
  
-     --prefix)
-@@ -157,32 +157,19 @@ while test $# -gt 0; do
-         ;;
+   --prefix)
+@@ -149,16 +149,7 @@ while test "$#" -gt 0; do
+     ;;
  
-     --libs)
--        if test "X@libdir@" != "X/usr/lib" -a "X@libdir@" != "X/usr/lib64"; then
--           CURLLIBDIR="-L@libdir@ "
--        else
--           CURLLIBDIR=""
--        fi
--        if test "X@ENABLE_SHARED@" = "Xno"; then
--          echo ${CURLLIBDIR}-lcurl @LIBCURL_LIBS@
--        else
--          echo ${CURLLIBDIR}-lcurl
--        fi
-+        echo -lcurl
-         ;;
-     --ssl-backends)
-         echo "@SSL_BACKENDS@"
-         ;;
+   --libs)
+-    if test "@libdir@" != '/usr/lib' && test "@libdir@" != '/usr/lib64'; then
+-      curllibdir="-L@libdir@ "
+-    else
+-      curllibdir=''
+-    fi
+-    if test '@ENABLE_SHARED@' = 'no'; then
+-      echo "${curllibdir}-lcurl @LIBCURL_PC_LIBS_PRIVATE@"
+-    else
+-      echo "${curllibdir}-lcurl"
+-    fi
++    echo '-lcurl'
+     ;;
  
-     --static-libs)
--        if test "X@ENABLE_STATIC@" != "Xno" ; then
--          echo "@libdir@/libcurl.@libext@" @LDFLAGS@ @LIBCURL_LIBS@
--        else
--          echo "curl was built with static libraries disabled" >&2
--          exit 1
--        fi
-+        echo "curl was built with static libraries disabled" >&2
-+        exit 1
-         ;;
+   --ssl-backends)
+@@ -166,16 +157,12 @@ while test "$#" -gt 0; do
+     ;;
  
-     --configure)
--        echo @CONFIGURE_OPTIONS@
-+        pkg-config libcurl --variable=configure_options | sed 's/^"//;s/"$//'
-         ;;
+   --static-libs)
+-    if test '@ENABLE_STATIC@' != 'no'; then
+-      echo "@libdir@/libcurl.@libext@ @LIBCURL_PC_LDFLAGS_PRIVATE@ @LIBCURL_PC_LIBS_PRIVATE@"
+-    else
+-      echo 'curl was built with static libraries disabled' >&2
+-      exit 1
+-    fi
++    echo 'curl was built with static libraries disabled' >&2
++    exit 1
+     ;;
  
-     *)
-diff --git a/docs/curl-config.1 b/docs/curl-config.1
-index 14a9d2b..ffcc004 100644
---- a/docs/curl-config.1
-+++ b/docs/curl-config.1
-@@ -72,7 +72,9 @@ no, one or several names. If more than one name, they will appear
- comma-separated. (Added in 7.58.0)
- .IP "--static-libs"
- Shows the complete set of libs and other linker options you will need in order
--to link your application with libcurl statically. (Added in 7.17.1)
-+to link your application with libcurl statically. Note that Fedora/RHEL libcurl
+   --configure)
+-    echo @CONFIGURE_OPTIONS@
++    pkg-config libcurl --variable=configure_options | sed 's/^"//;s/"$//'
+     ;;
+ 
+   *)
+diff --git a/docs/curl-config.md b/docs/curl-config.md
+index 12ad245b79..fa0e03d273 100644
+--- a/docs/curl-config.md
++++ b/docs/curl-config.md
+@@ -87,7 +87,9 @@ no, one or several names. If more than one name, they appear comma-separated.
+ ## `--static-libs`
+ 
+ Shows the complete set of libs and other linker options you need in order to
+-link your application with libcurl statically. (Added in 7.17.1)
++link your application with libcurl statically. Note that Fedora/RHEL libcurl
 +packages do not provide any static libraries, thus cannot be linked statically.
 +(Added in 7.17.1)
- .IP "--version"
- Outputs version information about the installed libcurl.
- .IP "--vernum"
+ 
+ ## `--version`
+ 
 diff --git a/libcurl.pc.in b/libcurl.pc.in
-index 2ba9c39..f8f8b00 100644
+index c0ba5244a8..f3645e1748 100644
 --- a/libcurl.pc.in
 +++ b/libcurl.pc.in
-@@ -31,6 +31,7 @@ libdir=@libdir@
+@@ -28,6 +28,7 @@ libdir=@libdir@
  includedir=@includedir@
  supported_protocols="@SUPPORT_PROTOCOLS@"
  supported_features="@SUPPORT_FEATURES@"
@@ -87,5 +88,5 @@ index 2ba9c39..f8f8b00 100644
  Name: libcurl
  URL: https://curl.se/
 -- 
-2.26.2
+2.52.0
 

0102-curl-7.84.0-test3026.patch

@@ -1,71 +0,0 @@
-From 279b990727a1fd3e2828fbbd80581777e4200b67 Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Mon, 27 Jun 2022 16:50:57 +0200
-Subject: [PATCH] test3026: disable valgrind
-
-It fails on x86_64 with:
-```
- Use --max-threads=INT to specify a larger number of threads
- and rerun valgrind
- valgrind: the 'impossible' happened:
-    Max number of threads is too low
- host stacktrace:
- ==174357==    at 0x58042F5A: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
- ==174357==    by 0x58043087: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
- ==174357==    by 0x580432EF: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
- ==174357==    by 0x58043310: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
- ==174357==    by 0x58099E77: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
- ==174357==    by 0x580E67E9: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
- ==174357==    by 0x5809D59D: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
- ==174357==    by 0x5809901A: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
- ==174357==    by 0x5809B0B6: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
- ==174357==    by 0x580E4050: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
- sched status:
-   running_tid=1
- Thread 1: status = VgTs_Runnable syscall 56 (lwpid 174357)
- ==174357==    at 0x4A07816: clone (in /usr/lib64/libc.so.6)
- ==174357==    by 0x4A08720: __clone_internal (in /usr/lib64/libc.so.6)
- ==174357==    by 0x4987ACF: create_thread (in /usr/lib64/libc.so.6)
- ==174357==    by 0x49885F6: pthread_create@@GLIBC_2.34 (in /usr/lib64/libc.so.6)
- ==174357==    by 0x1093B5: test.part.0 (lib3026.c:64)
- ==174357==    by 0x492454F: (below main) (in /usr/lib64/libc.so.6)
- client stack range: [0x1FFEFFC000 0x1FFF000FFF] client SP: 0x1FFEFFC998
- valgrind stack range: [0x1002BAA000 0x1002CA9FFF] top usage: 11728 of 1048576
-[...]
-```
----
- tests/data/test3026     | 3 +++
- tests/libtest/lib3026.c | 4 ++--
- 2 files changed, 5 insertions(+), 2 deletions(-)
-
-diff --git a/tests/data/test3026 b/tests/data/test3026
-index fb80cc8..01f2ba5 100644
---- a/tests/data/test3026
-+++ b/tests/data/test3026
-@@ -41,5 +41,8 @@ none
- <errorcode>
- 0
- </errorcode>
-+<valgrind>
-+disable
-+</valgrind>
- </verify>
- </testcase>
-diff --git a/tests/libtest/lib3026.c b/tests/libtest/lib3026.c
-index 43fe335..70cd7a4 100644
---- a/tests/libtest/lib3026.c
-+++ b/tests/libtest/lib3026.c
-@@ -147,8 +147,8 @@ int test(char *URL)
-     results[i] = CURL_LAST; /* initialize with invalid value */
-     res = pthread_create(&tids[i], NULL, run_thread, &results[i]);
-     if(res) {
--      fprintf(stderr, "%s:%d Couldn't create thread, errno %d\n",
--              __FILE__, __LINE__, res);
-+      fprintf(stderr, "%s:%d Couldn't create thread, i=%u, errno %d\n",
-+              __FILE__, __LINE__, i, res);
-       tid_count = i;
-       test_failure = -1;
-       goto cleanup;
--- 
-2.37.1
-

0104-curl-7.88.0-tests-warnings.patch

@@ -1,30 +0,0 @@
-From d506d885aa16b4a87acbac082eea41dccdc7b69f Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Wed, 15 Feb 2023 10:42:38 +0100
-Subject: [PATCH] Revert "runtests: consider warnings fatal and error on them"
-
-While it might be useful for upstream developers, it is not so useful
-for downstream consumers.
-
-This reverts upstream commit 22f795c834cfdbacbb1b55426028a581e3cf67a8.
----
- tests/runtests.pl | 3 +--
- 1 file changed, 1 insertion(+), 2 deletions(-)
-
-diff --git a/tests/runtests.pl b/tests/runtests.pl
-index 71644ad18..0cf85c3fe 100755
---- a/tests/runtests.pl
-+++ b/tests/runtests.pl
-@@ -55,8 +55,7 @@
- # given, this won't be a problem.
- 
- use strict;
--# Promote all warnings to fatal
--use warnings FATAL => 'all';
-+use warnings;
- use 5.006;
- 
- # These should be the only variables that might be needed to get edited:
--- 
-2.39.1
-

curl.rpmlintrc

@@ -0,0 +1,15 @@
+# Intentional stuff we're not concerned about
+addFilter("unversioned-explicit-provides webclient")
+addFilter("package-with-huge-docs")
+addFilter("crypto-policy-non-compliance-openssl /usr/lib(64)?/libcurl.so.4")
+
+# This is just plain wrong (%_configure redefinition)
+addFilter("configure-without-libdir-spec")
+
+# Technical term
+addFilter("E: spelling-error \('kerberos',")
+
+# Artefacts of RemovePathPostfixes: .minimal
+addFilter("W: dangling-relative-symlink /usr/lib/.build-id/.* ../../../../.*curl.*\.minimal")
+#addFilter("W: dangling-relative-symlink /usr/lib.*/libcurl.so.4 libcurl.so.4.*.minimal")
+#addFilter("E: invalid-ldconfig-symlink /usr/lib.*/libcurl.so.4.* libcurl.so.4.*.minimal")

curl.spec

@@ -1,10 +1,21 @@
+# OpenSSL ENGINE support
+# This is deprecated by OpenSSL since OpenSSL 3.0 and by Fedora since Fedora 41
+# https://fedoraproject.org/wiki/Changes/OpensslDeprecateEngine
+# Change the bcond to 0 to turn off ENGINE support by default
+%bcond openssl_engine_support %[%{defined fedora} || 0%{?rhel} < 10]
+
+# HTTP/3 support
+# This is using ngtcp2 with OpenSSL 3.5 QUIC support instead of curl's
+# experimental native OpenSSL 3.5 support.
+%bcond http3 %[0%{?fedora} >= 43]
+
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
-Version: 8.2.1
+Version: 8.18.0
 Release: 1%{?dist}
 License: curl
-Source0: https://curl.se/download/%{name}-%{version}.tar.xz
-Source1: https://curl.se/download/%{name}-%{version}.tar.xz.asc
+Source0: https://curl.se/download/%{name}-%{version_no_tilde}.tar.xz
+Source1: https://curl.se/download/%{name}-%{version_no_tilde}.tar.xz.asc
 # The curl download page ( https://curl.se/download.html ) links
 # to Daniel's address page https://daniel.haxx.se/address.html for the GPG Key,
 # which points to the GPG key as of April 7th 2016 of https://daniel.haxx.se/mykey.asc
@@ -13,15 +24,22 @@ Source2: mykey.asc
 # patch making libcurl multilib ready
 Patch101: 0101-curl-7.32.0-multilib.patch
 
-# test3026: disable valgrind
-Patch102: 0102-curl-7.84.0-test3026.patch
-
-# do not fail on warnings in the upstream test driver
-Patch104: 0104-curl-7.88.0-tests-warnings.patch
-
 Provides: curl-full = %{version}-%{release}
+# do not fail when trying to install curl-minimal after drop
+Provides: curl-minimal = %{version}-%{release}
 Provides: webclient
 URL: https://curl.se/
+
+%if 0%{?fedora}
+# instead of bundled wcurl utility, recommend wcurl package
+Recommends: wcurl
+%endif
+
+# The reason for maintaining two separate packages for curl is no longer valid.
+# The curl-minimal is currently almost identical to curl-full, so let's drop curl-minimal.
+# For more details, see https://bugzilla.redhat.com/show_bug.cgi?id=2262096
+Obsoletes: curl-minimal < 8.6.0-4
+
 BuildRequires: automake
 BuildRequires: brotli-devel
 BuildRequires: coreutils
@@ -30,14 +48,24 @@ BuildRequires: groff
 BuildRequires: krb5-devel
 BuildRequires: libidn2-devel
 BuildRequires: libnghttp2-devel
+%if %{with http3}
+BuildRequires: libnghttp3-devel
+%endif
 BuildRequires: libpsl-devel
 BuildRequires: libssh-devel
 BuildRequires: libtool
 BuildRequires: make
+%if %{with http3}
+BuildRequires: ngtcp2-crypto-ossl-devel
+%endif
 BuildRequires: openldap-devel
 BuildRequires: openssh-clients
 BuildRequires: openssh-server
+BuildRequires: openssl
 BuildRequires: openssl-devel
+%if %{with openssl_engine_support} && 0%{?fedora} >= 41
+BuildRequires:  openssl-devel-engine
+%endif
 BuildRequires: perl-interpreter
 BuildRequires: pkgconfig
 BuildRequires: python-unversioned-command
@@ -80,6 +108,7 @@ BuildRequires: perl(Exporter)
 BuildRequires: perl(File::Basename)
 BuildRequires: perl(File::Copy)
 BuildRequires: perl(File::Spec)
+BuildRequires: perl(I18N::Langinfo)
 BuildRequires: perl(IPC::Open2)
 BuildRequires: perl(List::Util)
 BuildRequires: perl(Memoize)
@@ -114,10 +143,19 @@ BuildRequires: stunnel
 # using an older version of libcurl could result in CURLE_UNKNOWN_OPTION
 Requires: libcurl%{?_isa} >= %{version}-%{release}
 
+# Define OPENSSL_NO_ENGINE to avoid inclusion of <openssl/engine.h>
+%if %{without openssl_engine_support}
+%global _preprocessor_defines %{?_preprocessor_defines} -DOPENSSL_NO_ENGINE
+%endif
+
 # require at least the version of libnghttp2 that we were built against,
 # to ensure that we have the necessary symbols available (#2144277)
 %global libnghttp2_version %(pkg-config --modversion libnghttp2 2>/dev/null || echo 0)
 
+# require at least the version of libnghttp3 that we were built against,
+# to ensure that we have the necessary symbols available
+%global libnghttp3_version %(pkg-config --modversion libnghttp3 2>/dev/null || echo 0)
+
 # require at least the version of libpsl that we were built against,
 # to ensure that we have the necessary symbols available (#1631804)
 %global libpsl_version %(pkg-config --modversion libpsl 2>/dev/null || echo 0)
@@ -126,6 +164,10 @@ Requires: libcurl%{?_isa} >= %{version}-%{release}
 # to ensure that we have the necessary symbols available (#525002, #642796)
 %global libssh_version %(pkg-config --modversion libssh 2>/dev/null || echo 0)
 
+# require at least the version of ngtcp2 that we were built against,
+# to ensure that we have the necessary symbols available
+%global ngtcp2_version %(pkg-config --modversion libngtcp2 2>/dev/null || echo 0)
+
 # require at least the version of openssl-libs that we were built against,
 # to ensure that we have the necessary symbols available (#1462184, #1462211)
 # (we need to translate 3.0.0-alpha16 -> 3.0.0-0.alpha16 and 3.0.0-beta1 -> 3.0.0-0.beta1 though)
@@ -142,8 +184,14 @@ resume, proxy tunneling and a busload of other useful tricks.
 %package -n libcurl
 Summary: A library for getting files from web servers
 Requires: libnghttp2%{?_isa} >= %{libnghttp2_version}
+%if %{with http3}
+Requires: libnghttp3%{?_isa} >= %{libnghttp3_version}
+%endif
 Requires: libpsl%{?_isa} >= %{libpsl_version}
 Requires: libssh%{?_isa} >= %{libssh_version}
+%if %{with http3}
+Requires: ngtcp2%{?_isa} >= %{ngtcp2_version}
+%endif
 Requires: openssl-libs%{?_isa} >= 1:%{openssl_version}
 Provides: libcurl-full = %{version}-%{release}
 Provides: libcurl-full%{?_isa} = %{version}-%{release}
@@ -169,22 +217,6 @@ The libcurl-devel package includes header files and libraries necessary for
 developing programs which use the libcurl library. It contains the API
 documentation of the library, too.
 
-%package -n curl-minimal
-Summary: Conservatively configured build of curl for minimal installations
-Provides: curl = %{version}-%{release}
-Conflicts: curl
-Suggests: libcurl-minimal
-RemovePathPostfixes: .minimal
-
-# using an older version of libcurl could result in CURLE_UNKNOWN_OPTION
-Requires: libcurl%{?_isa} >= %{version}-%{release}
-
-%description -n curl-minimal
-This is a replacement of the 'curl' package for minimal installations.  It
-comes with a limited set of features compared to the 'curl' package.  On the
-other hand, the package is smaller and requires fewer run-time dependencies to
-be installed.
-
 %package -n libcurl-minimal
 Summary: Conservatively configured build of libcurl for minimal installations
 Requires: libnghttp2%{?_isa} >= %{libnghttp2_version}
@@ -204,11 +236,11 @@ be installed.
 
 %prep
 %{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
-%autosetup -p1
+%autosetup -n %{name}-%{version_no_tilde} -p1
 
 # disable test 1801
 # <https://github.com/bagder/curl/commit/21e82bd6#commitcomment-12226582>
-echo "1801" >> tests/data/DISABLED
+printf "1801\n" >>tests/data/DISABLED
 
 # test3026: avoid pthread_create() failure due to resource exhaustion on i386
 %ifarch %{ix86}
@@ -228,13 +260,18 @@ sed -e 's|^35$|35,52|' -i tests/data/test323
     eval "$cmd"
 )
 
+# avoid unnecessary arch-dependent line in the processed file
+sed -e '/# Used in @libdir@/d' \
+    -i curl-config.in
+
+%build
 # regenerate the configure script and Makefile.in files
 autoreconf -fiv
 
-%build
 mkdir build-{full,minimal}
 export common_configure_opts="          \
     --cache-file=../config.cache        \
+    --disable-manual                    \
     --disable-static                    \
     --enable-hsts                       \
     --enable-ipv6                       \
@@ -244,7 +281,8 @@ export common_configure_opts="          \
     --with-gssapi                       \
     --with-libidn2                      \
     --with-nghttp2                      \
-    --with-ssl --with-ca-bundle=%{_sysconfdir}/pki/tls/certs/ca-bundle.crt"
+    --with-ssl --with-ca-bundle=%{_sysconfdir}/pki/ca-trust/extracted/pem/tls-ca-bundle.pem \
+    --with-zsh-functions-dir"
 
 %global _configure ../configure
 
@@ -257,10 +295,8 @@ export common_configure_opts="          \
         --disable-imap                  \
         --disable-ldap                  \
         --disable-ldaps                 \
-        --disable-manual                \
         --disable-mqtt                  \
         --disable-ntlm                  \
-        --disable-ntlm-wb               \
         --disable-pop3                  \
         --disable-rtsp                  \
         --disable-smb                   \
@@ -268,6 +304,7 @@ export common_configure_opts="          \
         --disable-telnet                \
         --disable-tftp                  \
         --disable-tls-srp               \
+        --disable-websockets            \
         --without-brotli                \
         --without-libpsl                \
         --without-libssh
@@ -282,10 +319,8 @@ export common_configure_opts="          \
         --enable-imap                   \
         --enable-ldap                   \
         --enable-ldaps                  \
-        --enable-manual                 \
         --enable-mqtt                   \
         --enable-ntlm                   \
-        --enable-ntlm-wb                \
         --enable-pop3                   \
         --enable-rtsp                   \
         --enable-smb                    \
@@ -293,9 +328,14 @@ export common_configure_opts="          \
         --enable-telnet                 \
         --enable-tftp                   \
         --enable-tls-srp                \
+        --enable-websockets             \
         --with-brotli                   \
         --with-libpsl                   \
-        --with-libssh
+        --with-libssh                   \
+%if %{with http3}
+        --with-nghttp3                  \
+        --with-ngtcp2                   \
+%endif
 )
 
 # avoid using rpath
@@ -343,10 +383,6 @@ for i in ${RPM_BUILD_ROOT}%{_libdir}/*; do
     mv -v $i $i.minimal
 done
 
-# install and rename the executable that will be packaged as curl-minimal
-%make_install -C build-minimal/src
-mv -v ${RPM_BUILD_ROOT}%{_bindir}/curl{,.minimal}
-
 # install libcurl.m4
 install -d $RPM_BUILD_ROOT%{_datadir}/aclocal
 install -m 644 docs/libcurl/libcurl.m4 $RPM_BUILD_ROOT%{_datadir}/aclocal
@@ -355,28 +391,30 @@ install -m 644 docs/libcurl/libcurl.m4 $RPM_BUILD_ROOT%{_datadir}/aclocal
 cd build-full
 %make_install
 
-# install zsh completion for curl
-# (we have to override LD_LIBRARY_PATH because we eliminated rpath)
-LD_LIBRARY_PATH="$RPM_BUILD_ROOT%{_libdir}:$LD_LIBRARY_PATH" \
-    %make_install -C scripts
-
 # do not install /usr/share/fish/completions/curl.fish which is also installed
 # by fish-3.0.2-1.module_f31+3716+57207597 and would trigger a conflict
 rm -rf ${RPM_BUILD_ROOT}%{_datadir}/fish
 
 rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 
+# do not install bundled wcurl utility
+# it is provided by the wcurl package
+rm -f ${RPM_BUILD_ROOT}%{_bindir}/wcurl
+rm -f ${RPM_BUILD_ROOT}%{_mandir}/man1/wcurl.1*
+
 %ldconfig_scriptlets -n libcurl
 
 %ldconfig_scriptlets -n libcurl-minimal
 
 %files
-%doc CHANGES
+%doc CHANGES.md
 %doc README
 %doc docs/BUGS.md
-%doc docs/FAQ
+%doc docs/DISTROS.md
+%doc docs/FAQ.md
 %doc docs/FEATURES.md
-%doc docs/TODO
+%doc docs/KNOWN_BUGS.md
+%doc docs/TODO.md
 %doc docs/TheArtOfHttpScripting.md
 %{_bindir}/curl
 %{_mandir}/man1/curl.1*
@@ -398,16 +436,229 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 %{_mandir}/man3/*
 %{_datadir}/aclocal/libcurl.m4
 
-%files -n curl-minimal
-%{_bindir}/curl.minimal
-%{_mandir}/man1/curl.1*
-
 %files -n libcurl-minimal
 %license COPYING
 %{_libdir}/libcurl.so.4.minimal
 %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
 
 %changelog
+* Wed Jan 07 2026 Jan Macku <jamacku@redhat.com> - 8.18.0-1
+- new upstream release
+
+* Mon Jan 05 2026 Jan Macku <jamacku@redhat.com> - 8.18.0~rc3-1
+- new upstream release candidate
+
+* Tue Dec 16 2025 Jan Macku <jamacku@redhat.com> - 8.18.0~rc2-1
+- new upstream release candidate
+- reenable valgrind on test 616
+
+* Tue Dec 09 2025 Jan Macku <jamacku@redhat.com> - 8.18.0~rc1-1
+- new upstream release candidate
+- drop upstreamed patches
+
+* Sun Dec 07 2025 Aleksei Bavshin <alebastr@fedoraproject.org> - 8.17.0-5
+- Enable HTTP/3 support with ngtcp2
+
+* Thu Dec 04 2025 Jan Macku <jamacku@redhat.com> - 8.17.0-4
+- apply upstream patches for valgrind issues in HTTP/3 (#2408809)
+
+* Thu Nov 13 2025 Jan Macku <jamacku@redhat.com> - 8.17.0-3
+- recommend wcurl package instead of bundled wcurl utility
+
+* Thu Nov 13 2025 Jan Macku <jamacku@redhat.com> - 8.17.0-2
+- remove bundled wcurl utility that was added in 8.14.0~rc1, use wcurl package instead
+
+* Mon Nov 10 2025 Jan Macku <jamacku@redhat.com> - 8.17.0-1
+- new upstream release
+
+* Thu Oct 30 2025 Jan Macku <jamacku@redhat.com> - 8.17.0~rc3-1
+- new upstream release candidate
+
+* Tue Oct 21 2025 Jan Macku <jamacku@redhat.com> - 8.17.0~rc2-1
+- new upstream release candidate
+
+* Mon Oct 13 2025 Jan Macku <jamacku@redhat.com> - 8.17.0~rc1-1
+- new upstream release candidate
+
+* Wed Sep 10 2025 Jan Macku <jamacku@redhat.com> - 8.16.0-1
+- new upstream release
+
+* Wed Sep 03 2025 Jan Macku <jamacku@redhat.com> - 8.16.0~rc3-1
+- new upstream release candidate
+
+* Tue Aug 26 2025 Jan Macku <jamacku@redhat.com> - 8.16.0~rc2-1
+- new upstream release candidate
+
+* Wed Jul 23 2025 Fedora Release Engineering <releng@fedoraproject.org> - 8.15.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
+
+* Wed Jul 16 2025 Jan Macku <jamacku@redhat.com> - 8.15.0-1
+- new upstream release
+
+* Thu Jul 10 2025 Jan Macku <jamacku@redhat.com> - 8.15.0~rc3-1
+- new upstream release candidate
+
+* Mon Jun 30 2025 Jan Macku <jamacku@redhat.com> - 8.15.0~rc2-1
+- new upstream release candidate
+
+* Mon Jun 23 2025 Jan Macku <jamacku@redhat.com> - 8.15.0~rc1-1
+- new upstream release candidate
+
+* Wed Jun 04 2025 Jan Macku <jamacku@redhat.com> - 8.14.1-1
+- new upstream release
+- drop: 0001-curl-8.14.0-multi-fix-add_handle-resizing.patch (no longer needed)
+
+* Wed May 28 2025 Jan Macku <jamacku@redhat.com> - 8.14.0-1
+- new upstream release, which fixes the following vulnerabilities
+    CVE-2025-5025 - No QUIC certificate pinning with wolfSSL
+    CVE-2025-4947 - QUIC certificate check skip with wolfSSL
+- fix regression: curl_multi_add_handle() returning OOM when using more than 400 handles
+
+* Fri May 02 2025 Jan Macku <jamacku@redhat.com> - 8.14.0~rc1-1
+- new upstream release candidate
+- new utility: wcurl which lets you download URLs without having to remember any parameters
+
+* Wed Apr 02 2025 Jan Macku <jamacku@redhat.com> - 8.13.0-1
+- new upstream release
+- add build time dependency on openssl (required by tests)
+
+* Wed Mar 26 2025 Jan Macku <jamacku@redhat.com> - 8.13.0~rc3-1
+- new upstream release candidate
+- drop: 0102-curl-7.84.0-test3026.patch (no longer needed)
+
+* Tue Mar 18 2025 Jan Macku <jamacku@redhat.com> - 8.13.0~rc2-1
+- new upstream release candidate
+
+* Thu Mar 13 2025 Jan Macku <jamacku@redhat.com> - 8.13.0~rc1-2
+- fix --cert parameter (#2351531)
+
+* Mon Mar 10 2025 Jan Macku <jamacku@redhat.com> - 8.13.0~rc1-1
+- new upstream release candidate
+
+* Wed Feb 05 2025 Jan Macku <jamacku@redhat.com> - 8.12.0-1
+- new upstream release, which fixes the following vulnerabilities
+    CVE-2025-0725 - gzip integer overflow
+    CVE-2025-0665 - eventfd double close
+    CVE-2025-0167 - netrc and default credential leak
+- drop upstreamed patches
+
+* Fri Jan 31 2025 Jan Macku <jamacku@redhat.com> - 8.11.1-4
+- TLS: check connection for SSL use, not handler (#2324130#c7)
+
+* Thu Jan 16 2025 Fedora Release Engineering <releng@fedoraproject.org> - 8.11.1-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
+
+* Sun Dec 15 2024 Paul Howarth <paul@city-fan.org> - 8.11.1-2
+- Fix crash with Unexpected error 9 on netlink descriptor 10 (rhbz#2332350)
+  - https://github.com/curl/curl/issues/15725
+  - https://github.com/curl/curl/pull/15727
+
+* Wed Dec 11 2024 Jan Macku <jamacku@redhat.com> - 8.11.1-1
+- new upstream release, which fixes the following vulnerabilities
+    CVE-2024-11053 - netrc and redirect credential leak
+
+* Wed Nov 06 2024 Yaakov Selkowitz <yselkowi@redhat.com> - 8.11.0-2
+- Disable engine support on RHEL 10+
+
+* Wed Nov 06 2024 Jan Macku <jamacku@redhat.com> - 8.11.0-1
+- new upstream release, which fixes the following vulnerabilities
+    CVE-2024-9681 - HSTS subdomain overwrites parent cache entry
+
+* Tue Sep 24 2024 Jan Macku <jamacku@redhat.com> - 8.10.1-2
+- Use tls-ca-bundle.pem instead of ca-bundle.crt (OpenSSL specific) (#2313564)
+
+* Wed Sep 18 2024 Jan Macku <jamacku@redhat.com> - 8.10.1-1
+- new upstream release
+
+* Wed Sep 11 2024 Jan Macku <jamacku@redhat.com> - 8.10.0-1
+- new upstream release
+
+* Wed Aug 21 2024 Jacek Migacz <jmigacz@redhat.com> - 8.9.1-3
+- Retire deprecated ntlm-wb configure option
+
+* Mon Aug 5 2024 voidanix <voidanix@keyedlimepie.org> - 8.9.1-2
+- Apply SIGPIPE-related patch due to upstream regression
+
+* Wed Jul 24 2024 Jan Macku <jamacku@redhat.com> - 8.9.1-1
+- new upstream release
+
+* Wed Jul 24 2024 Jan Macku <jamacku@redhat.com> - 8.9.0-1
+- new upstream release, which fixes the following vulnerabilities
+    CVE-2024-6874 - macidn punycode buffer overread
+    CVE-2024-6197 - freeing stack buffer in utf8asn1str
+- drop upstreamed patches
+
+* Wed Jul 17 2024 Fedora Release Engineering <releng@fedoraproject.org> - 8.8.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
+
+* Fri Jul 12 2024 Paul Howarth <paul@city-fan.org> - 8.8.0-2
+- adapt for https://fedoraproject.org/wiki/Changes/OpensslDeprecateEngine
+- added build condition for openssl_engine_support, true by default so as to
+  not change the resulting built package (yet)
+- with openssl_engine_support true, BR: openssl-devel-engine
+- with openssl_engine_support false, build with -DOPENSSL_NO_ENGINE
+
+* Wed May 22 2024 Jan Macku <jamacku@redhat.com> - 8.8.0-1
+- new upstream release
+- drop upstreamed patches
+
+* Wed Mar 27 2024 Jan Macku <jamacku@redhat.com> - 8.7.1-1
+- new upstream release, which fixes the following vulnerabilities
+    CVE-2024-2004 - Usage of disabled protocol
+    CVE-2024-2379 - QUIC certificate check bypass with wolfSSL
+    CVE-2024-2398 - HTTP/2 push headers memory-leak
+    CVE-2024-2466 - TLS certificate check bypass with mbedTLS
+- drop upstreamed patches
+- reenable test 0313
+- fix zsh completions, use --with-zsh-functions-dir
+- apply upstream patches for 8.7.1 issues and regressions
+
+* Mon Feb 19 2024 Jan Macku <jamacku@redhat.com> - 8.6.0-7
+- Fix: Leftovers after chunking should not be part of the curl buffer output (#2264220)
+
+* Mon Feb 12 2024 Jan Macku <jamacku@redhat.com> - 8.6.0-6
+- revert "receive max buffer" + add test case
+- temporarily disable test 0313
+- remove suggests of libcurl-minimal in curl-full
+
+* Mon Feb 12 2024 Jan Macku <jamacku@redhat.com> - 8.6.0-5
+- add Provides to curl-minimal
+
+* Wed Feb 07 2024 Jan Macku <jamacku@redhat.com> - 8.6.0-4
+- drop curl-minimal subpackage in favor of curl-full (#2262096)
+
+* Mon Feb 05 2024 Jan Macku <jamacku@redhat.com> - 8.6.0-3
+- ignore response body to HEAD requests
+
+* Fri Feb 02 2024 Jan Macku <jamacku@redhat.com> - 8.6.0-2
+- don't build manual for curl-full - use man 1 curl instead (#2262373)
+
+* Thu Feb 01 2024 Jan Macku <jamacku@redhat.com> - 8.6.0-1
+- new upstream release, which fixes the following vulnerabilities
+    CVE-2024-0853 - OCSP verification bypass with TLS session reuse
+- drop 001-dist-add-tests-errorcodes.pl-to-the-tarball.patch (replaced by upstream fix)
+- remove accidentally included mk-ca-bundle.1 man page (upstream bug #12843)
+
+* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 8.5.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Wed Dec 06 2023 Jan Macku <jamacku@redhat.com> - 8.5.0-1
+- new upstream release, which fixes the following vulnerabilities
+    CVE-2023-46218 - cookie mixed case PSL bypass
+    CVE-2023-46219 - HSTS long file name clears contents
+
+* Wed Oct 11 2023 Jan Macku <jamacku@redhat.com> - 8.4.0-1
+- new upstream release, which fixes the following vulnerabilities
+    CVE-2023-38545 - SOCKS5 heap buffer overflow
+    CVE-2023-38546 - cookie injection with none file
+
+* Wed Sep 13 2023 Jan Macku <jamacku@redhat.com> - 8.3.0-1
+- new upstream release, which fixes the following vulnerabilities
+    CVE-2023-38039 - HTTP headers eat all memory
+
+* Wed Aug 02 2023 Jan Macku <jamacku@redhat.com> - 8.2.1-2
+- enable websockets (#2224651)
+
 * Wed Jul 26 2023 Lukáš Zaoral <lzaoral@redhat.com> - 8.2.1-1
 - new upstream release (rhbz#2226659)
 

sources

@@ -1,2 +1,2 @@
-SHA512 (curl-8.2.1.tar.xz) = 3f78c9330c52d32b166f17829fc2be13418ef925e88f75aacad7f369e7afe00dc4a56566418730dbb845b2b284d721b08f639df322e2e1ef2dfab165c4189094
-SHA512 (curl-8.2.1.tar.xz.asc) = 31ee66a09e7bd14de949ae991c23a0b905d38407b73ae39bae6d01854d8708355c14bc4d0eab3ff931b85986d0236dd34e934eef6061f4b70739137fd0525084
+SHA512 (curl-8.18.0.tar.xz) = 50c7a7b0528e0019697b0c59b3e56abb2578c71d77e4c085b56797276094b5611718c0a9cb2b14db7f8ab502fcf8f42a364297a3387fae3870a4d281484ba21c
+SHA512 (curl-8.18.0.tar.xz.asc) = 07e08d1bb3f8bf20b3d22f37fbc19c49c0d9ee4ea9d92da76fa8a9de343023e1b5d416ccc6535a4ff98b08b30eb9334fd856227e37564f6bcd542aa81bced152

tests/non-root-user-download/runtest.sh

@@ -31,9 +31,9 @@
 
 PACKAGE="curl"
 
-FTP_URL=ftp://ftp.fi.muni.cz/pub/linux/fedora/linux/releases/36/Everything/x86_64/iso/Fedora-Everything-36-1.5-x86_64-CHECKSUM
-HTTP_URL=https://archives.fedoraproject.org/pub/fedora/linux/releases/36/Everything/x86_64/iso/Fedora-Everything-36-1.5-x86_64-CHECKSUM
-CONTENT=85cb450443d68d513b41e57b0bd818a740279dac5dfc09c68e681ff8a3006404
+FTP_URL=ftp://ftp.fi.muni.cz/pub/linux/fedora/linux/releases/42/Everything/x86_64/iso/Fedora-Everything-42-1.1-x86_64-CHECKSUM
+HTTP_URL=https://archives.fedoraproject.org/pub/fedora/linux/releases/42/Everything/x86_64/iso/Fedora-Everything-42-1.1-x86_64-CHECKSUM
+CONTENT=1bd6ab4798983c2fe4a210f9c4ca135fed453d6142ba852c1f8d5fba22e113ab
 PASSWORD=pAssw0rd
 OPTIONS=""
 rlIsRHEL 7 && OPTIONS="--insecure"