Merge branch 'rawhide' into private-kdudka-libcurl-nss

... and revert the libssh2 -> libssh change, too

curl.spec

@@ -28,10 +28,11 @@ BuildRequires: libpsl-devel
 BuildRequires: libssh-devel
 BuildRequires: libtool
 BuildRequires: make
+BuildRequires: nss-devel
 BuildRequires: openldap-devel
 BuildRequires: openssh-clients
 BuildRequires: openssh-server
-BuildRequires: openssl-devel
+BuildRequires: openssl
 BuildRequires: perl-interpreter
 BuildRequires: pkgconfig
 BuildRequires: python-unversioned-command
@@ -106,11 +107,6 @@ Requires: libcurl%{?_isa} >= %{version}-%{release}
 # to ensure that we have the necessary symbols available (#525002, #642796)
 %global libssh_version %(pkg-config --modversion libssh 2>/dev/null || echo 0)
 
-# require at least the version of openssl-libs that we were built against,
-# to ensure that we have the necessary symbols available (#1462184, #1462211)
-# (we need to translate 3.0.0-alpha16 -> 3.0.0-0.alpha16 and 3.0.0-beta1 -> 3.0.0-0.beta1 though)
-%global openssl_version %({ pkg-config --modversion openssl 2>/dev/null || echo 0;} | sed 's|-|-0.|')
-
 %description
 curl is a command line tool for transferring data with URL syntax, supporting
 FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP,
@@ -123,10 +119,13 @@ resume, proxy tunneling and a busload of other useful tricks.
 Summary: A library for getting files from web servers
 Requires: libpsl%{?_isa} >= %{libpsl_version}
 Requires: libssh%{?_isa} >= %{libssh_version}
-Requires: openssl-libs%{?_isa} >= 1:%{openssl_version}
 Provides: libcurl-full = %{version}-%{release}
 Provides: libcurl-full%{?_isa} = %{version}-%{release}
 
+# libnsspem.so is no longer included in the nss package (#1347336)
+BuildRequires: nss-pem
+Requires: nss-pem%{?_isa}
+
 %description -n libcurl
 libcurl is a free and easy-to-use client-side URL transfer library, supporting
 FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP,
@@ -166,7 +165,6 @@ be installed.
 
 %package -n libcurl-minimal
 Summary: Conservatively configured build of libcurl for minimal installations
-Requires: openssl-libs%{?_isa} >= 1:%{openssl_version}
 Provides: libcurl = %{version}-%{release}
 Provides: libcurl%{?_isa} = %{version}-%{release}
 Conflicts: libcurl%{?_isa}
@@ -174,6 +172,9 @@ RemovePathPostfixes: .minimal
 # needed for RemovePathPostfixes to work with shared libraries
 %undefine __brp_ldconfig
 
+# libnsspem.so is no longer included in the nss package (#1347336)
+Requires: nss-pem%{?_isa}
+
 %description -n libcurl-minimal
 This is a replacement of the 'libcurl' package for minimal installations.  It
 comes with a limited set of features compared to the 'libcurl' package.  On the
@@ -247,7 +248,7 @@ export common_configure_opts="          \
     --with-gssapi                       \
     --with-libidn2                      \
     --with-nghttp2                      \
-    --with-ssl --with-ca-bundle=%{_sysconfdir}/pki/tls/certs/ca-bundle.crt"
+    --without-ssl --with-nss-deprecated --without-ca-bundle"
 
 %global _configure ../configure
 
@@ -411,6 +412,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
 
 %changelog
+* Thu Jun 23 2022 Kamil Dudka <kdudka@redhat.com> - 7.83.1-1.1
+- switch the TLS backend back to NSS (#1445153)
+
 * Wed May 11 2022 Kamil Dudka <kdudka@redhat.com> - 7.83.1-1
 - new upstream release, which fixes the following vulnerabilities
     CVE-2022-27782 - fix too eager reuse of TLS and SSH connections