fix curl: tool_read_cb(): curl killed by SIGSEGV

Resolves: #2417738

0001-curl-8.15.0-curl-tool_read_cb-fix-of-segfault.patch

@@ -0,0 +1,100 @@
+From 4bdb4d2f9eaad5d75094e6f6e8441c6844333963 Mon Sep 17 00:00:00 2001
+From: Stefan Eissing <stefan@eissing.org>
+Date: Mon, 21 Jul 2025 15:56:19 +0200
+Subject: [PATCH] curl: tool_read_cb fix of segfault
+
+When transfers read client input without an upload file, the check if
+upload file is '.' strcompared a NULL.
+
+Add test 1548 to reproduce and verify fix.
+
+Reported-by: d1r3ct0r
+Fixes #17978
+Closes #17987
+
+(cherry picked from commit 9657a2041e7745aecd5b16c5c6d812424edfc6fd)
+---
+ src/tool_cb_rea.c      |  2 +-
+ tests/data/Makefile.am |  2 +-
+ tests/data/test1548    | 43 ++++++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 45 insertions(+), 2 deletions(-)
+ create mode 100644 tests/data/test1548
+
+diff --git a/src/tool_cb_rea.c b/src/tool_cb_rea.c
+index 2ceca242b..8268d0a1a 100644
+--- a/src/tool_cb_rea.c
++++ b/src/tool_cb_rea.c
+@@ -90,7 +90,7 @@ size_t tool_read_cb(char *buffer, size_t sz, size_t nmemb, void *userdata)
+    Make sure we are in non-blocking mode and infd is not regular stdin
+    On Linux per->infd should be stdin (0) and the block below should not
+    execute */
+-  if(!strcmp(per->uploadfile, ".") && per->infd > 0) {
++  if(per->uploadfile && !strcmp(per->uploadfile, ".") && per->infd > 0) {
+ #if defined(_WIN32) && !defined(CURL_WINDOWS_UWP) && !defined(UNDER_CE)
+     rc = recv(per->infd, buffer, curlx_uztosi(sz * nmemb), 0);
+     if(rc < 0) {
+diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am
+index a72f6740f..7d8e8c7fc 100644
+--- a/tests/data/Makefile.am
++++ b/tests/data/Makefile.am
+@@ -203,7 +203,7 @@ test1516 test1517 test1518 test1519 test1520 test1521 test1522 test1523 \
+ test1524 test1525 test1526 test1527 test1528 test1529 test1530 test1531 \
+ test1532 test1533 test1534 test1535 test1536 test1537 test1538 test1539 \
+ test1540 test1541 test1542 test1543 test1544 test1545 test1546 test1547 \
+-\
++test1548 \
+ test1550 test1551 test1552 test1553 test1554 test1555 test1556 test1557 \
+ test1558 test1559 test1560 test1561 test1562 test1563 test1564 test1565 \
+ test1566 test1567 test1568 test1569 test1570 test1571 test1572 test1573 \
+diff --git a/tests/data/test1548 b/tests/data/test1548
+new file mode 100644
+index 000000000..e888b5563
+--- /dev/null
++++ b/tests/data/test1548
+@@ -0,0 +1,43 @@
++<testcase>
++<info>
++<keywords>
++TELNET
++</keywords>
++</info>
++
++#
++# Server-side
++<reply>
++<data>
++</data>
++</reply>
++
++#
++# Client-side
++<client>
++<server>
++http
++</server>
++<features>
++telnet
++</features>
++<name>
++TELNET read stdin without upload file
++</name>
++<stdin>
++GET /we/want/%TESTNUMBER HTTP/1.0
++
++</stdin>
++<command>
++-m 1 telnet://%HOSTIP:%HTTPPORT
++</command>
++</client>
++
++#
++# Verify data after the test has been "shot"
++<verify>
++<errorcode>
++28
++</errorcode>
++</verify>
++</testcase>
+-- 
+2.52.0
+

0101-curl-7.32.0-multilib.patch

@@ -1,6 +1,6 @@
-From 6bb4e674cdc953f5c0048aa84172539900725166 Mon Sep 17 00:00:00 2001
+From 495c771a6f9be008b783c5f59285d30fdc15fd63 Mon Sep 17 00:00:00 2001
 From: Jan Macku <jamacku@redhat.com>
-Date: Tue, 16 Dec 2025 10:04:40 +0100
+Date: Mon, 10 Mar 2025 14:23:59 +0100
 Subject: [PATCH] prevent multilib conflicts on the curl-config script
 
 ---
@@ -10,7 +10,7 @@ Subject: [PATCH] prevent multilib conflicts on the curl-config script
  3 files changed, 9 insertions(+), 19 deletions(-)
 
 diff --git a/curl-config.in b/curl-config.in
-index a1c8185875..bb43ca8335 100644
+index 5518416..324e0b7 100644
 --- a/curl-config.in
 +++ b/curl-config.in
 @@ -74,7 +74,7 @@ while test "$#" -gt 0; do
@@ -26,12 +26,12 @@ index a1c8185875..bb43ca8335 100644
      ;;
  
    --libs)
--    if test "@libdir@" != '/usr/lib' && test "@libdir@" != '/usr/lib64'; then
+-    if test "X@libdir@" != 'X/usr/lib' -a "X@libdir@" != 'X/usr/lib64'; then
 -      curllibdir="-L@libdir@ "
 -    else
 -      curllibdir=''
 -    fi
--    if test '@ENABLE_SHARED@' = 'no'; then
+-    if test 'X@ENABLE_SHARED@' = 'Xno'; then
 -      echo "${curllibdir}-lcurl @LIBCURL_PC_LIBS_PRIVATE@"
 -    else
 -      echo "${curllibdir}-lcurl"
@@ -44,7 +44,7 @@ index a1c8185875..bb43ca8335 100644
      ;;
  
    --static-libs)
--    if test '@ENABLE_STATIC@' != 'no'; then
+-    if test 'X@ENABLE_STATIC@' != 'Xno'; then
 -      echo "@libdir@/libcurl.@libext@ @LIBCURL_PC_LDFLAGS_PRIVATE@ @LIBCURL_PC_LIBS_PRIVATE@"
 -    else
 -      echo 'curl was built with static libraries disabled' >&2
@@ -61,7 +61,7 @@ index a1c8185875..bb43ca8335 100644
  
    *)
 diff --git a/docs/curl-config.md b/docs/curl-config.md
-index 12ad245b79..fa0e03d273 100644
+index 12ad245..fa0e03d 100644
 --- a/docs/curl-config.md
 +++ b/docs/curl-config.md
 @@ -87,7 +87,9 @@ no, one or several names. If more than one name, they appear comma-separated.
@@ -76,7 +76,7 @@ index 12ad245b79..fa0e03d273 100644
  ## `--version`
  
 diff --git a/libcurl.pc.in b/libcurl.pc.in
-index c0ba5244a8..f3645e1748 100644
+index c0ba524..f3645e1 100644
 --- a/libcurl.pc.in
 +++ b/libcurl.pc.in
 @@ -28,6 +28,7 @@ libdir=@libdir@
@@ -88,5 +88,5 @@ index c0ba5244a8..f3645e1748 100644
  Name: libcurl
  URL: https://curl.se/
 -- 
-2.52.0
+2.48.1
 

0105-curl-8.11.1-test616.patch

@@ -0,0 +1,48 @@
+From 82baec8c7cd40361585d8793dfe4531f7aad30e3 Mon Sep 17 00:00:00 2001
+From: Jan Macku <jamacku@redhat.com>
+Date: Wed, 11 Dec 2024 13:16:12 +0100
+Subject: [PATCH] test616: disable valgrind
+
+Valgrind disable was removed in upstream in https://github.com/curl/curl/commit/c91c37b6e87ceee760b7bb334c8e97e03ee93e93#diff-e01fd8774cf5b26329c7dc7dc03ec49745469205f3d501ced72c9d133455d5e7L35
+But test 616 is still failing under valgrind, so disable valgrind for this test.
+
+```
+ valgrind ERROR ==188588== 144 bytes in 1 blocks are definitely lost in loss record 1 of 1
+==188588==    at 0x484B133: calloc (vg_replace_malloc.c:1675)
+==188588==    by 0x4BB7575: ??? (in /usr/lib64/libssh.so.4.10.1)
+==188588==    by 0x4BB8CC6: sftp_fstat (in /usr/lib64/libssh.so.4.10.1)
+==188588==    by 0x48EEAFB: myssh_statemach_act (libssh.c:1610)
+==188588==    by 0x48F1B9D: myssh_multi_statemach.lto_priv.0 (libssh.c:2095)
+==188588==    by 0x48BA971: UnknownInlinedFun (multi.c:1643)
+==188588==    by 0x48BA971: UnknownInlinedFun (multi.c:2314)
+==188588==    by 0x48BA971: multi_runsingle (multi.c:2768)
+==188588==    by 0x48BCCA4: curl_multi_perform (multi.c:3016)
+==188588==    by 0x4884E4A: UnknownInlinedFun (easy.c:701)
+==188588==    by 0x4884E4A: UnknownInlinedFun (easy.c:796)
+==188588==    by 0x4884E4A: curl_easy_perform (easy.c:815)
+==188588==    by 0x10C12B: UnknownInlinedFun (tool_operate.c:2902)
+==188588==    by 0x10C12B: UnknownInlinedFun (tool_operate.c:3127)
+==188588==    by 0x10C12B: UnknownInlinedFun (tool_operate.c:3249)
+==188588==    by 0x10C12B: main (tool_main.c:271)
+==188588==
+```
+---
+ tests/data/test616 | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/tests/data/test616 b/tests/data/test616
+index f76c68a..0ebc734 100644
+--- a/tests/data/test616
++++ b/tests/data/test616
+@@ -32,5 +32,8 @@ SFTP retrieval of empty file
+ #
+ # Verify data after the test has been "shot"
+ <verify>
++<valgrind>
++disable
++</valgrind>
+ </verify>
+ </testcase>
+-- 
+2.47.1
+

curl.spec

@@ -4,15 +4,10 @@
 # Change the bcond to 0 to turn off ENGINE support by default
 %bcond openssl_engine_support %[%{defined fedora} || 0%{?rhel} < 10]
 
-# HTTP/3 support
-# This is using ngtcp2 with OpenSSL 3.5 QUIC support instead of curl's
-# experimental native OpenSSL 3.5 support.
-%bcond http3 %[0%{?fedora} >= 43]
-
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
-Version: 8.18.0
-Release: 1%{?dist}
+Version: 8.15.0
+Release: 4%{?dist}
 License: curl
 Source0: https://curl.se/download/%{name}-%{version_no_tilde}.tar.xz
 Source1: https://curl.se/download/%{name}-%{version_no_tilde}.tar.xz.asc
@@ -21,9 +16,15 @@ Source1: https://curl.se/download/%{name}-%{version_no_tilde}.tar.xz.asc
 # which points to the GPG key as of April 7th 2016 of https://daniel.haxx.se/mykey.asc
 Source2: mykey.asc
 
+# fix curl: tool_read_cb(): curl killed by SIGSEGV
+Patch001: 0001-curl-8.15.0-curl-tool_read_cb-fix-of-segfault.patch
+
 # patch making libcurl multilib ready
 Patch101: 0101-curl-7.32.0-multilib.patch
 
+# test616: disable valgrind
+Patch105: 0105-curl-8.11.1-test616.patch
+
 Provides: curl-full = %{version}-%{release}
 # do not fail when trying to install curl-minimal after drop
 Provides: curl-minimal = %{version}-%{release}
@@ -48,16 +49,10 @@ BuildRequires: groff
 BuildRequires: krb5-devel
 BuildRequires: libidn2-devel
 BuildRequires: libnghttp2-devel
-%if %{with http3}
-BuildRequires: libnghttp3-devel
-%endif
 BuildRequires: libpsl-devel
 BuildRequires: libssh-devel
 BuildRequires: libtool
 BuildRequires: make
-%if %{with http3}
-BuildRequires: ngtcp2-crypto-ossl-devel
-%endif
 BuildRequires: openldap-devel
 BuildRequires: openssh-clients
 BuildRequires: openssh-server
@@ -152,10 +147,6 @@ Requires: libcurl%{?_isa} >= %{version}-%{release}
 # to ensure that we have the necessary symbols available (#2144277)
 %global libnghttp2_version %(pkg-config --modversion libnghttp2 2>/dev/null || echo 0)
 
-# require at least the version of libnghttp3 that we were built against,
-# to ensure that we have the necessary symbols available
-%global libnghttp3_version %(pkg-config --modversion libnghttp3 2>/dev/null || echo 0)
-
 # require at least the version of libpsl that we were built against,
 # to ensure that we have the necessary symbols available (#1631804)
 %global libpsl_version %(pkg-config --modversion libpsl 2>/dev/null || echo 0)
@@ -164,10 +155,6 @@ Requires: libcurl%{?_isa} >= %{version}-%{release}
 # to ensure that we have the necessary symbols available (#525002, #642796)
 %global libssh_version %(pkg-config --modversion libssh 2>/dev/null || echo 0)
 
-# require at least the version of ngtcp2 that we were built against,
-# to ensure that we have the necessary symbols available
-%global ngtcp2_version %(pkg-config --modversion libngtcp2 2>/dev/null || echo 0)
-
 # require at least the version of openssl-libs that we were built against,
 # to ensure that we have the necessary symbols available (#1462184, #1462211)
 # (we need to translate 3.0.0-alpha16 -> 3.0.0-0.alpha16 and 3.0.0-beta1 -> 3.0.0-0.beta1 though)
@@ -184,14 +171,8 @@ resume, proxy tunneling and a busload of other useful tricks.
 %package -n libcurl
 Summary: A library for getting files from web servers
 Requires: libnghttp2%{?_isa} >= %{libnghttp2_version}
-%if %{with http3}
-Requires: libnghttp3%{?_isa} >= %{libnghttp3_version}
-%endif
 Requires: libpsl%{?_isa} >= %{libpsl_version}
 Requires: libssh%{?_isa} >= %{libssh_version}
-%if %{with http3}
-Requires: ngtcp2%{?_isa} >= %{ngtcp2_version}
-%endif
 Requires: openssl-libs%{?_isa} >= 1:%{openssl_version}
 Provides: libcurl-full = %{version}-%{release}
 Provides: libcurl-full%{?_isa} = %{version}-%{release}
@@ -331,11 +312,7 @@ export common_configure_opts="          \
         --enable-websockets             \
         --with-brotli                   \
         --with-libpsl                   \
-        --with-libssh                   \
-%if %{with http3}
-        --with-nghttp3                  \
-        --with-ngtcp2                   \
-%endif
+        --with-libssh
 )
 
 # avoid using rpath
@@ -411,10 +388,9 @@ rm -f ${RPM_BUILD_ROOT}%{_mandir}/man1/wcurl.1*
 %doc README
 %doc docs/BUGS.md
 %doc docs/DISTROS.md
-%doc docs/FAQ.md
+%doc docs/FAQ
 %doc docs/FEATURES.md
-%doc docs/KNOWN_BUGS.md
-%doc docs/TODO.md
+%doc docs/TODO
 %doc docs/TheArtOfHttpScripting.md
 %{_bindir}/curl
 %{_mandir}/man1/curl.1*
@@ -442,53 +418,12 @@ rm -f ${RPM_BUILD_ROOT}%{_mandir}/man1/wcurl.1*
 %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
 
 %changelog
-* Wed Jan 07 2026 Jan Macku <jamacku@redhat.com> - 8.18.0-1
-- new upstream release
+* Thu Dec 04 2025 Jan Macku <jamacku@redhat.com> - 8.15.0-4
+- fix curl: tool_read_cb(): curl killed by SIGSEGV (#2417738)
 
-* Mon Jan 05 2026 Jan Macku <jamacku@redhat.com> - 8.18.0~rc3-1
-- new upstream release candidate
-
-* Tue Dec 16 2025 Jan Macku <jamacku@redhat.com> - 8.18.0~rc2-1
-- new upstream release candidate
-- reenable valgrind on test 616
-
-* Tue Dec 09 2025 Jan Macku <jamacku@redhat.com> - 8.18.0~rc1-1
-- new upstream release candidate
-- drop upstreamed patches
-
-* Sun Dec 07 2025 Aleksei Bavshin <alebastr@fedoraproject.org> - 8.17.0-5
-- Enable HTTP/3 support with ngtcp2
-
-* Thu Dec 04 2025 Jan Macku <jamacku@redhat.com> - 8.17.0-4
-- apply upstream patches for valgrind issues in HTTP/3 (#2408809)
-
-* Thu Nov 13 2025 Jan Macku <jamacku@redhat.com> - 8.17.0-3
-- recommend wcurl package instead of bundled wcurl utility
-
-* Thu Nov 13 2025 Jan Macku <jamacku@redhat.com> - 8.17.0-2
+* Thu Nov 13 2025 Jan Macku <jamacku@redhat.com> - 8.15.0-3
 - remove bundled wcurl utility that was added in 8.14.0~rc1, use wcurl package instead
 
-* Mon Nov 10 2025 Jan Macku <jamacku@redhat.com> - 8.17.0-1
-- new upstream release
-
-* Thu Oct 30 2025 Jan Macku <jamacku@redhat.com> - 8.17.0~rc3-1
-- new upstream release candidate
-
-* Tue Oct 21 2025 Jan Macku <jamacku@redhat.com> - 8.17.0~rc2-1
-- new upstream release candidate
-
-* Mon Oct 13 2025 Jan Macku <jamacku@redhat.com> - 8.17.0~rc1-1
-- new upstream release candidate
-
-* Wed Sep 10 2025 Jan Macku <jamacku@redhat.com> - 8.16.0-1
-- new upstream release
-
-* Wed Sep 03 2025 Jan Macku <jamacku@redhat.com> - 8.16.0~rc3-1
-- new upstream release candidate
-
-* Tue Aug 26 2025 Jan Macku <jamacku@redhat.com> - 8.16.0~rc2-1
-- new upstream release candidate
-
 * Wed Jul 23 2025 Fedora Release Engineering <releng@fedoraproject.org> - 8.15.0-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
 

sources

@@ -1,2 +1,2 @@
-SHA512 (curl-8.18.0.tar.xz) = 50c7a7b0528e0019697b0c59b3e56abb2578c71d77e4c085b56797276094b5611718c0a9cb2b14db7f8ab502fcf8f42a364297a3387fae3870a4d281484ba21c
-SHA512 (curl-8.18.0.tar.xz.asc) = 07e08d1bb3f8bf20b3d22f37fbc19c49c0d9ee4ea9d92da76fa8a9de343023e1b5d416ccc6535a4ff98b08b30eb9334fd856227e37564f6bcd542aa81bced152
+SHA512 (curl-8.15.0.tar.xz) = d27e316d70973906ac4b8d2c280f7e99b7528966aa1220c13a38ed45fca2ed6bbde54b8a9d7bed9e283171b92edb621f7b95162ef7d392e6383b0ee469de3191
+SHA512 (curl-8.15.0.tar.xz.asc) = b6aef1c6a1f32c60401494df565a748fa96c1d5098138772c22f6208bafeb8e61402f3077cbc274ea2c05f35ff376d8f736c58554520f8d20fded36d876499a5

tests/non-root-user-download/runtest.sh

@@ -31,9 +31,9 @@
 
 PACKAGE="curl"
 
-FTP_URL=ftp://ftp.fi.muni.cz/pub/linux/fedora/linux/releases/42/Everything/x86_64/iso/Fedora-Everything-42-1.1-x86_64-CHECKSUM
-HTTP_URL=https://archives.fedoraproject.org/pub/fedora/linux/releases/42/Everything/x86_64/iso/Fedora-Everything-42-1.1-x86_64-CHECKSUM
-CONTENT=1bd6ab4798983c2fe4a210f9c4ca135fed453d6142ba852c1f8d5fba22e113ab
+FTP_URL=ftp://ftp.fi.muni.cz/pub/linux/fedora/linux/releases/38/Everything/x86_64/iso/Fedora-Everything-38-1.6-x86_64-CHECKSUM
+HTTP_URL=https://archives.fedoraproject.org/pub/fedora/linux/releases/38/Everything/x86_64/iso/Fedora-Everything-38-1.6-x86_64-CHECKSUM
+CONTENT=4d042dedc8886856db10bc882074b84dcce52f829ea7b3f31d8031db8d84df20
 PASSWORD=pAssw0rd
 OPTIONS=""
 rlIsRHEL 7 && OPTIONS="--insecure"