do not run test-suite through valgrind on i686 brew builds

The architecture is being decommissioned in Fedora, which makes it
difficult to debug valgrind failures (usually not related to curl
anyway).

0001-curl-7.58.0-ftp-typo-in-recursive-callback-detection.patch

@@ -1,29 +0,0 @@
-From 1b02cb2b51148915b2ba025bb262ef34f369fa4b Mon Sep 17 00:00:00 2001
-From: dasimx <g9264140@trbvm.com>
-Date: Wed, 14 Mar 2018 11:02:05 +0100
-Subject: [PATCH] FTP: fix typo in recursive callback detection for seeking
-
-Fixes #2380
-
-Upstream-commit: 920f73a6906dce87c6ee87c32b109a287189965d
-Signed-off-by: Kamil Dudka <kdudka@redhat.com>
----
- lib/ftp.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/lib/ftp.c b/lib/ftp.c
-index e2cc38b..0cc583b 100644
---- a/lib/ftp.c
-+++ b/lib/ftp.c
-@@ -1621,7 +1621,7 @@ static CURLcode ftp_state_ul_setup(struct connectdata *conn,
-       Curl_set_in_callback(data, true);
-       seekerr = conn->seek_func(conn->seek_client, data->state.resume_from,
-                                 SEEK_SET);
--      Curl_set_in_callback(data, true);
-+      Curl_set_in_callback(data, false);
-     }
- 
-     if(seekerr != CURL_SEEKFUNC_OK) {
--- 
-2.14.3
-

0001-curl-7.67.0-upload-glob.patch

@@ -0,0 +1,316 @@
+From 37a36231c5e34ae31b1968481fad2e8d76613fbd Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Wed, 13 Nov 2019 11:33:29 +0100
+Subject: [PATCH] curl: fix -T globbing
+
+Regression from e59371a4936f8 (7.67.0)
+
+Added test 490, 491 and 492 to verify the functionality.
+
+Reported-by: Kamil Dudka
+Reported-by: Anderson Sasaki
+
+Fixes #4588
+Closes #4591
+
+Upstream-commit: 7a46aeb0be3fa00826b0c47a8bc06eddff448659
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ src/tool_operate.c      | 15 ++++---
+ tests/data/Makefile.inc |  2 +
+ tests/data/test490      | 68 +++++++++++++++++++++++++++++++
+ tests/data/test491      | 64 +++++++++++++++++++++++++++++
+ tests/data/test492      | 89 +++++++++++++++++++++++++++++++++++++++++
+ 5 files changed, 232 insertions(+), 6 deletions(-)
+ create mode 100644 tests/data/test490
+ create mode 100644 tests/data/test491
+ create mode 100644 tests/data/test492
+
+diff --git a/src/tool_operate.c b/src/tool_operate.c
+index 3087d2d..4ecb1ed 100644
+--- a/src/tool_operate.c
++++ b/src/tool_operate.c
+@@ -829,12 +829,6 @@ static CURLcode single_transfer(struct GlobalConfig *global,
+       separator = ((!state->outfiles ||
+                     !strcmp(state->outfiles, "-")) && urlnum > 1);
+ 
+-      /* Here's looping around each globbed URL */
+-
+-      if(state->li >= urlnum) {
+-        state->li = 0;
+-        state->up++;
+-      }
+       if(state->up < state->infilenum) {
+         struct per_transfer *per;
+         struct OutStruct *outs;
+@@ -1908,6 +1902,15 @@ static CURLcode single_transfer(struct GlobalConfig *global,
+         per->retrystart = tvnow();
+ 
+         state->li++;
++        /* Here's looping around each globbed URL */
++        if(state->li >= urlnum) {
++          state->li = 0;
++          state->urlnum = 0; /* forced reglob of URLs */
++          glob_cleanup(state->urls);
++          state->urls = NULL;
++          state->up++;
++          Curl_safefree(state->uploadfile); /* clear it to get the next */
++        }
+       }
+       else {
+         /* Free this URL node data without destroying the
+diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
+index 557f928..212900e 100644
+--- a/tests/data/Makefile.inc
++++ b/tests/data/Makefile.inc
+@@ -66,6 +66,8 @@ test393 test394 test395 \
+ test400 test401 test402 test403 test404 test405 test406 test407 test408 \
+ test409 \
+ \
++test490 test491 test492 \
++\
+ test500 test501 test502 test503 test504 test505 test506 test507 test508 \
+ test509 test510 test511 test512 test513 test514 test515 test516 test517 \
+ test518 test519 test520 test521 test522 test523 test524 test525 test526 \
+diff --git a/tests/data/test490 b/tests/data/test490
+new file mode 100644
+index 0000000..a3383a9
+--- /dev/null
++++ b/tests/data/test490
+@@ -0,0 +1,68 @@
++<testcase>
++<info>
++<keywords>
++HTTP
++HTTP PUT
++</keywords>
++</info>
++
++#
++# Server-side
++<reply>
++<data>
++HTTP/1.1 200 OK
++Date: Thu, 09 Nov 2010 14:49:00 GMT
++Server: test-server/fake
++Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
++ETag: "21025-dc7-39462498"
++Accept-Ranges: bytes
++Content-Length: 6
++Connection: close
++Content-Type: text/html
++Funny-head: yesyes
++
++-foo-
++</data>
++</reply>
++
++#
++# Client-side
++<client>
++<server>
++http
++</server>
++ <name>
++Two globbed HTTP PUTs
++ </name>
++ <command>
++http://%HOSTIP:%HTTPPORT/490 -T '{log/in490,log/in490}'
++</command>
++<file name="log/in490">
++surprise!
++</file>
++</client>
++
++#
++# Verify data after the test has been "shot"
++<verify>
++<strip>
++^User-Agent:.*
++</strip>
++<protocol>
++PUT /490 HTTP/1.1
++Host: 127.0.0.1:8990
++Accept: */*
++Content-Length: 10
++Expect: 100-continue
++
++surprise!
++PUT /490 HTTP/1.1
++Host: 127.0.0.1:8990
++Accept: */*
++Content-Length: 10
++Expect: 100-continue
++
++surprise!
++</protocol>
++</verify>
++</testcase>
+diff --git a/tests/data/test491 b/tests/data/test491
+new file mode 100644
+index 0000000..b49c06c
+--- /dev/null
++++ b/tests/data/test491
+@@ -0,0 +1,64 @@
++<testcase>
++<info>
++<keywords>
++HTTP
++HTTP PUT
++</keywords>
++</info>
++
++#
++# Server-side
++<reply>
++<data>
++HTTP/1.1 200 OK
++Date: Thu, 09 Nov 2010 14:49:00 GMT
++Server: test-server/fake
++Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
++ETag: "21025-dc7-39462498"
++Accept-Ranges: bytes
++Content-Length: 6
++Connection: close
++Content-Type: text/html
++Funny-head: yesyes
++
++-foo-
++</data>
++</reply>
++
++#
++# Client-side
++<client>
++<server>
++http
++</server>
++ <name>
++Two globbed HTTP PUTs, the second upload file is missing
++ </name>
++ <command>
++http://%HOSTIP:%HTTPPORT/491 -T '{log/in491,log/bad491}'
++</command>
++<file name="log/in491">
++surprise!
++</file>
++</client>
++
++#
++# Verify data after the test has been "shot"
++<verify>
++<strip>
++^User-Agent:.*
++</strip>
++<protocol>
++PUT /491 HTTP/1.1
++Host: 127.0.0.1:8990
++Accept: */*
++Content-Length: 10
++Expect: 100-continue
++
++surprise!
++</protocol>
++<errorcode>
++26
++</errorcode>
++</verify>
++</testcase>
+diff --git a/tests/data/test492 b/tests/data/test492
+new file mode 100644
+index 0000000..12edd8b
+--- /dev/null
++++ b/tests/data/test492
+@@ -0,0 +1,89 @@
++<testcase>
++<info>
++<keywords>
++HTTP
++HTTP PUT
++</keywords>
++</info>
++
++#
++# Server-side
++<reply>
++<data>
++HTTP/1.1 200 OK
++Date: Thu, 09 Nov 2010 14:49:00 GMT
++Server: test-server/fake
++Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
++ETag: "21025-dc7-39462498"
++Accept-Ranges: bytes
++Content-Length: 6
++Connection: close
++Content-Type: text/html
++Funny-head: yesyes
++
++-foo-
++</data>
++</reply>
++
++#
++# Client-side
++<client>
++<server>
++http
++</server>
++ <name>
++Two globbed HTTP PUTs to two globbed URLs
++ </name>
++ <command>
++'http://%HOSTIP:%HTTPPORT/{one,two}/' -T '{log/first492,log/second492}' -H "Testno: 492"
++</command>
++<file name="log/first492">
++first 492 contents
++</file>
++<file1 name="log/second492">
++second 492 contents
++</file1>
++</client>
++
++#
++# Verify data after the test has been "shot"
++<verify>
++<strip>
++^User-Agent:.*
++</strip>
++<protocol>
++PUT /one/first492 HTTP/1.1
++Host: 127.0.0.1:8990
++Accept: */*
++Testno: 492
++Content-Length: 19
++Expect: 100-continue
++
++first 492 contents
++PUT /two/first492 HTTP/1.1
++Host: 127.0.0.1:8990
++Accept: */*
++Testno: 492
++Content-Length: 19
++Expect: 100-continue
++
++first 492 contents
++PUT /one/second492 HTTP/1.1
++Host: 127.0.0.1:8990
++Accept: */*
++Testno: 492
++Content-Length: 20
++Expect: 100-continue
++
++second 492 contents
++PUT /two/second492 HTTP/1.1
++Host: 127.0.0.1:8990
++Accept: */*
++Testno: 492
++Content-Length: 20
++Expect: 100-continue
++
++second 492 contents
++</protocol>
++</verify>
++</testcase>
+-- 
+2.20.1
+

0101-curl-7.32.0-multilib.patch

@@ -22,7 +22,7 @@ index 150004d..95d0759 100644
          ;;
  
      --prefix)
-@@ -143,32 +143,17 @@ while test $# -gt 0; do
+@@ -155,32 +155,17 @@ while test $# -gt 0; do
          ;;
  
      --libs)

0102-curl-7.36.0-debug.patch

@@ -12,7 +12,7 @@ diff --git a/configure b/configure
 index 8f079a3..53b4774 100755
 --- a/configure
 +++ b/configure
-@@ -16524,18 +16524,11 @@ $as_echo "yes" >&6; }
+@@ -16331,18 +16331,11 @@ $as_echo "yes" >&6; }
      gccvhi=`echo $gccver | cut -d . -f1`
      gccvlo=`echo $gccver | cut -d . -f2`
      compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`
@@ -38,7 +38,7 @@ diff --git a/m4/curl-compilers.m4 b/m4/curl-compilers.m4
 index 0cbba7a..9175b5b 100644
 --- a/m4/curl-compilers.m4
 +++ b/m4/curl-compilers.m4
-@@ -157,18 +157,11 @@ AC_DEFUN([CURL_CHECK_COMPILER_GNU_C], [
+@@ -166,18 +166,11 @@ AC_DEFUN([CURL_CHECK_COMPILER_GNU_C], [
      gccvhi=`echo $gccver | cut -d . -f1`
      gccvlo=`echo $gccver | cut -d . -f2`
      compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`

0103-curl-7.59.0-python3.patch

@@ -0,0 +1,34 @@
+From 3c4c7340e455b7256c0786759422f34ec3e2d440 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Thu, 15 Mar 2018 14:49:56 +0100
+Subject: [PATCH] tests/{negtelnet,smb}server.py: migrate to Python 3
+
+Unfortunately, smbserver.py does not work with Python 3 because
+there is no 'impacket' module available for Python 3:
+
+https://github.com/CoreSecurity/impacket/issues/61
+---
+ tests/negtelnetserver.py | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/tests/negtelnetserver.py b/tests/negtelnetserver.py
+index 8cfd409..72ee771 100755
+--- a/tests/negtelnetserver.py
++++ b/tests/negtelnetserver.py
+@@ -73,11 +73,11 @@ class NegotiatingTelnetHandler(socketserver.BaseRequestHandler):
+                 response_data = response.encode('ascii')
+             else:
+                 log.debug("Received normal request - echoing back")
+-                response_data = data.strip()
++                response_data = data.decode('utf8').strip()
+ 
+             if response_data:
+                 log.debug("Sending %r", response_data)
+-                self.request.sendall(response_data)
++                self.request.sendall(response_data.encode('utf8'))
+ 
+         except IOError:
+             log.exception("IOError hit during request")
+-- 
+2.14.3
+

0104-curl-7.19.7-localhost6.patch

@@ -14,8 +14,8 @@ index e441278..b0958b6 100644
 +-g "http://%HOST6IP:%HTTP6PORT/1083" --interface localhost6
  </command>
  <precheck>
--perl -e "if ('%CLIENT6IP' ne '[::1]') {print 'Test requires default test server host address';} else {exec './server/resolve --ipv6 ip6-localhost'; print 'Cannot run precheck resolve';}"
-+perl -e "if ('%CLIENT6IP' ne '[::1]') {print 'Test requires default test server host address';} else {exec './server/resolve --ipv6 localhost6'; print 'Cannot run precheck resolve';}"
+-perl -e "if ('%CLIENT6IP' ne '[::1]') {print 'Test requires default test client host address';} else {exec './server/resolve --ipv6 ip6-localhost'; print 'Cannot run precheck resolve';}"
++perl -e "if ('%CLIENT6IP' ne '[::1]') {print 'Test requires default test client host address';} else {exec './server/resolve --ipv6 localhost6'; print 'Cannot run precheck resolve';}"
  </precheck>
  </client>
  

0105-curl-7.63.0-lib1560-valgrind.patch

@@ -0,0 +1,39 @@
+From f55cca0e86f59ec11ffafd5c0503c39ca3723e2e Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Mon, 4 Feb 2019 17:32:56 +0100
+Subject: [PATCH] libtest: compile lib1560.c with -fno-builtin-strcmp
+
+... to prevent valgrind from reporting false positives on x86_64:
+
+Conditional jump or move depends on uninitialised value(s)
+   at 0x10BCAA: part2id (lib1560.c:489)
+   by 0x10BCAA: updateurl (lib1560.c:521)
+   by 0x10BCAA: set_parts (lib1560.c:630)
+   by 0x10BCAA: test (lib1560.c:802)
+   by 0x4923412: (below main) (in /usr/lib64/libc-2.28.9000.so)
+
+Conditional jump or move depends on uninitialised value(s)
+   at 0x10BCC3: part2id (lib1560.c:491)
+   by 0x10BCC3: updateurl (lib1560.c:521)
+   by 0x10BCC3: set_parts (lib1560.c:630)
+   by 0x10BCC3: test (lib1560.c:802)
+   by 0x4923412: (below main) (in /usr/lib64/libc-2.28.9000.so)
+---
+ tests/libtest/Makefile.inc | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc
+index 080421b..ea3b806 100644
+--- a/tests/libtest/Makefile.inc
++++ b/tests/libtest/Makefile.inc
+@@ -534,6 +534,7 @@ lib1559_SOURCES = lib1559.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
+ lib1559_LDADD = $(TESTUTIL_LIBS)
+ 
+ lib1560_SOURCES = lib1560.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
++lib1560_CFLAGS = $(AM_CFLAGS) -fno-builtin-strcmp
+ lib1560_LDADD = $(TESTUTIL_LIBS)
+ 
+ lib1591_SOURCES = lib1591.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
+-- 
+2.17.2
+

curl-7.59.0.tar.xz.asc

@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAlqoxTwACgkQXMkI/bce
-EsJrHQf7B0ik8F5dfGYumYWkXHc9poJU+dJ0o6pwzg4QsP+4mwVTw/gnrXDm1hVk
-iFPIAdgTkxiIDZi+6mDfZA9dZ8Aq38XbYjRIwXTW4KrjTtEFQXtwlEClrHrJyXfl
-+2YC52BcY0D2JVDqUAB9cVSSgaHHf1jd4h32a8YMrwco4jP5rSxbmZe4psU2m8TC
-skaZEoSIRJzg5oV+AgDSQMrq+fLsc5lIDKTl+7v6sjnGlcYeRC1SiBePyrh5g/o5
-w4JJH839MyjrYvi6MyCBHeyCFYDrxKvQw8zRwivfZ1oipM2SaSVq8c60PdR85Zw5
-/SNOU/7Qpvhua0GhAfaI/CTwwewy6w==
-=OcVv
------END PGP SIGNATURE-----

curl-7.67.0.tar.xz.asc

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAl3CauAACgkQXMkI/bce
+EsKe7Qf+Py/Wufz3AqqpJ1Xr0oigaV1Sa5AAyRD+KX8jwSJTRaRahaECGMhmR9vh
+kBaMFtycctCKcK1masI9GSeTX5nCtmaWzELLsBXynm/l2W+hrW1AD2R++YuM384t
+O078GxgsgRH0m8MacSKoV5yPOv/h9URnVMTavkAIfnW50vw17akDZ9MW2NhJzKpP
+s6GgWTMB5gomTHlnlHjTjtNoVbKKrV4v9YyRwqzI3XHXYtYOA7iufP4wnT+dpSm5
+ZLdbg5Nq+1pCTEiMg3KZKYNriypoLJuWuSF+bKc54CGN63eoUxXgU6js9ViHS5JS
+3dPfzzRA8wgROem58QhHnrR9c2CmdQ==
+=5gov
+-----END PGP SIGNATURE-----

curl.spec

@@ -1,12 +1,12 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
-Version: 7.59.0
+Version: 7.67.0
 Release: 2%{?dist}
 License: MIT
 Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz
 
-# ftp: fix typo in recursive callback detection for seeking
-Patch1:   0001-curl-7.58.0-ftp-typo-in-recursive-callback-detection.patch
+# fix infinite loop on upload using a glob (#1771025)
+Patch1:   0001-curl-7.67.0-upload-glob.patch
 
 # patch making libcurl multilib ready
 Patch101: 0101-curl-7.32.0-multilib.patch
@@ -14,13 +14,20 @@ Patch101: 0101-curl-7.32.0-multilib.patch
 # prevent configure script from discarding -g in CFLAGS (#496778)
 Patch102: 0102-curl-7.36.0-debug.patch
 
+# migrate tests/http_pipe.py to Python 3
+Patch103: 0103-curl-7.59.0-python3.patch
+
 # use localhost6 instead of ip6-localhost in the curl test-suite
 Patch104: 0104-curl-7.19.7-localhost6.patch
 
+# prevent valgrind from reporting false positives on x86_64
+Patch105: 0105-curl-7.63.0-lib1560-valgrind.patch
+
 Provides: curl-full = %{version}-%{release}
 Provides: webclient
 URL: https://curl.haxx.se/
-#BuildRequires: automake
+BuildRequires: automake
+BuildRequires: brotli-devel
 BuildRequires: coreutils
 BuildRequires: gcc
 BuildRequires: groff
@@ -35,12 +42,22 @@ BuildRequires: openldap-devel
 BuildRequires: openssh-clients
 BuildRequires: openssh-server
 BuildRequires: openssl-devel
+BuildRequires: perl-interpreter
 BuildRequires: pkgconfig
-BuildRequires: python
+BuildRequires: python3-devel
 BuildRequires: sed
 BuildRequires: stunnel
 BuildRequires: zlib-devel
 
+# needed to compress content of tool_hugehelp.c after changing curl.1 man page
+BuildRequires: perl(IO::Compress::Gzip)
+
+# needed for generation of shell completions
+BuildRequires: perl(Getopt::Long)
+BuildRequires: perl(Pod::Usage)
+BuildRequires: perl(strict)
+BuildRequires: perl(warnings)
+
 # gnutls-serv is used by the upstream test-suite
 BuildRequires: gnutls-utils
 
@@ -56,10 +73,8 @@ BuildRequires: perl(File::Copy)
 BuildRequires: perl(File::Spec)
 BuildRequires: perl(IPC::Open2)
 BuildRequires: perl(MIME::Base64)
-BuildRequires: perl(strict)
 BuildRequires: perl(Time::Local)
 BuildRequires: perl(Time::HiRes)
-BuildRequires: perl(warnings)
 BuildRequires: perl(vars)
 
 # The test-suite runs automatically through valgrind if valgrind is available
@@ -68,13 +83,17 @@ BuildRequires: perl(vars)
 # to be less reliable, in order to avoid unnecessary build failures (see RHBZ
 # #810992, #816175, and #886891).  Nevertheless developers are free to install
 # valgrind manually to improve test coverage on any architecture.
-%ifarch x86_64 %{ix86}
+%ifarch x86_64
 BuildRequires: valgrind
 %endif
 
 # using an older version of libcurl could result in CURLE_UNKNOWN_OPTION
 Requires: libcurl%{?_isa} >= %{version}-%{release}
 
+# require at least the version of libpsl that we were built against,
+# to ensure that we have the necessary symbols available (#1631804)
+%global libpsl_version %(pkg-config --modversion libpsl 2>/dev/null || echo 0)
+
 # require at least the version of libssh that we were built against,
 # to ensure that we have the necessary symbols available (#525002, #642796)
 %global libssh_version %(pkg-config --modversion libssh 2>/dev/null || echo 0)
@@ -93,6 +112,7 @@ resume, proxy tunneling and a busload of other useful tricks.
 
 %package -n libcurl
 Summary: A library for getting files from web servers
+Requires: libpsl%{?_isa} >= %{libpsl_version}
 Requires: libssh%{?_isa} >= %{libssh_version}
 Requires: openssl-libs%{?_isa} >= 1:%{openssl_version}
 Provides: libcurl-full = %{version}-%{release}
@@ -159,21 +179,37 @@ be installed.
 # Fedora patches
 %patch101 -p1
 %patch102 -p1
+%patch103 -p1
 %patch104 -p1
+%patch105 -p1
+
+# make tests/*.py use Python 3
+sed -e '1 s|^#!/.*python|#!%{__python3}|' -i tests/*.py
 
 # regenerate Makefile.in files
-#aclocal -I m4
-#automake
+aclocal -I m4
+automake
 
-# disable test 1112 (#565305) and test 1801
+# disable test 1112 (#565305), test 1455 (occasionally fails with 'bind failed
+# with errno 98: Address already in use' in Koji environment), and test 1801
 # <https://github.com/bagder/curl/commit/21e82bd6#commitcomment-12226582>
-printf "1112\n1801\n" >> tests/data/DISABLED
+# and test 1900, which is flaky and covers a deprecated feature of libcurl
+# <https://github.com/curl/curl/pull/2705>
+printf "1112\n1455\n1801\n1900\n" >> tests/data/DISABLED
 
 # disable test 1319 on ppc64 (server times out)
 %ifarch ppc64
 echo "1319" >> tests/data/DISABLED
 %endif
 
+# temporarily disable test 582 on s390x (client times out)
+%ifarch s390x
+echo "582" >> tests/data/DISABLED
+%endif
+
+# adapt test 323 for updated OpenSSL
+sed -e 's/^35$/35,52/' -i tests/data/test323
+
 %build
 mkdir build-{full,minimal}
 export common_configure_opts=" \
@@ -195,6 +231,7 @@ export common_configure_opts=" \
         --disable-ldap \
         --disable-ldaps \
         --disable-manual \
+        --without-brotli \
         --without-libidn2 \
         --without-libmetalink \
         --without-libpsl \
@@ -208,6 +245,7 @@ export common_configure_opts=" \
         --enable-ldap \
         --enable-ldaps \
         --enable-manual \
+        --with-brotli \
         --with-libidn2 \
         --with-libmetalink \
         --with-libpsl \
@@ -231,6 +269,10 @@ export LD_LIBRARY_PATH
 cd build-full/tests
 make %{?_smp_mflags} V=1
 
+# relax crypto policy for the test-suite to make it pass again (#1610888)
+export OPENSSL_SYSTEM_CIPHERS_OVERRIDE=XXX
+export OPENSSL_CONF=
+
 # run the upstream test-suite
 srcdir=../../tests perl -I../../tests ../../tests/runtests.pl -a -p -v '!flaky'
 
@@ -259,6 +301,10 @@ make DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p" install
 LD_LIBRARY_PATH="$RPM_BUILD_ROOT%{_libdir}:$LD_LIBRARY_PATH" \
     make DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p" install -C scripts
 
+# do not install /usr/share/fish/completions/curl.fish which is also installed
+# by fish-3.0.2-1.module_f31+3716+57207597 and would trigger a conflict
+rm -rf ${RPM_BUILD_ROOT}%{_datadir}/fish
+
 rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 
 %ldconfig_scriptlets -n libcurl
@@ -266,13 +312,17 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 %ldconfig_scriptlets -n libcurl-minimal
 
 %files
-%doc CHANGES README*
-%doc docs/BUGS docs/FAQ docs/FEATURES
-%doc docs/MANUAL docs/RESOURCES
-%doc docs/TheArtOfHttpScripting docs/TODO
+%doc CHANGES
+%doc README
+%doc docs/BUGS
+%doc docs/FAQ
+%doc docs/FEATURES
+%doc docs/RESOURCES
+%doc docs/TODO
+%doc docs/TheArtOfHttpScripting
 %{_bindir}/curl
 %{_mandir}/man1/curl.1*
-%{_datadir}/zsh/site-functions
+%{_datadir}/zsh
 
 %files -n libcurl
 %license COPYING
@@ -300,6 +350,150 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
 
 %changelog
+* Thu Nov 14 2019 Kamil Dudka <kdudka@redhat.com> - 7.67.1-2
+- fix infinite loop on upload using a glob (#1771025)
+
+* Wed Nov 06 2019 Kamil Dudka <kdudka@redhat.com> - 7.67.1-1
+- new upstream release
+
+* Wed Sep 11 2019 Kamil Dudka <kdudka@redhat.com> - 7.66.0-1
+- new upstream release, which fixes the following vulnerabilities
+    CVE-2019-5481 - double free due to subsequent call of realloc()
+    CVE-2019-5482 - heap buffer overflow in function tftp_receive_packet()
+
+* Tue Aug 27 2019 Kamil Dudka <kdudka@redhat.com> - 7.65.3-4
+- avoid reporting spurious error in the HTTP2 framing layer (#1690971)
+
+* Thu Aug 01 2019 Kamil Dudka <kdudka@redhat.com> - 7.65.3-3
+- improve handling of gss_init_sec_context() failures
+
+* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 7.65.3-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Sat Jul 20 2019 Paul Howarth <paul@city-fan.org> - 7.65.3-1
+- new upstream release
+
+* Wed Jul 17 2019 Kamil Dudka <kdudka@redhat.com> - 7.65.2-1
+- new upstream release
+
+* Wed Jun 05 2019 Kamil Dudka <kdudka@redhat.com> - 7.65.1-1
+- new upstream release
+
+* Thu May 30 2019 Kamil Dudka <kdudka@redhat.com> - 7.65.0-2
+- fix spurious timeout events with speed-limit (#1714893)
+
+* Wed May 22 2019 Kamil Dudka <kdudka@redhat.com> - 7.65.0-1
+- new upstream release, which fixes the following vulnerabilities
+    CVE-2019-5436 - TFTP receive buffer overflow
+    CVE-2019-5435 - integer overflows in curl_url_set()
+
+* Thu May 09 2019 Kamil Dudka <kdudka@redhat.com> - 7.64.1-2
+- do not treat failure of gss_init_sec_context() with --negotiate as fatal
+
+* Wed Mar 27 2019 Kamil Dudka <kdudka@redhat.com> - 7.64.1-1
+- new upstream release
+
+* Mon Mar 25 2019 Kamil Dudka <kdudka@redhat.com> - 7.64.0-6
+- remove verbose "Expire in" ... messages (#1690971)
+
+* Thu Mar 21 2019 Kamil Dudka <kdudka@redhat.com> - 7.64.0-5
+- avoid spurious "Could not resolve host: [host name]" error messages
+
+* Wed Feb 27 2019 Kamil Dudka <kdudka@redhat.com> - 7.64.0-4
+- fix NULL dereference if flushing cookies with no CookieInfo set (#1683676)
+
+* Mon Feb 25 2019 Kamil Dudka <kdudka@redhat.com> - 7.64.0-3
+- prevent NetworkManager from leaking file descriptors (#1680198)
+
+* Mon Feb 11 2019 Kamil Dudka <kdudka@redhat.com> - 7.64.0-2
+- make zsh completion work again
+
+* Wed Feb 06 2019 Kamil Dudka <kdudka@redhat.com> - 7.64.0-1
+- new upstream release, which fixes the following vulnerabilities
+    CVE-2019-3823 - SMTP end-of-response out-of-bounds read
+    CVE-2019-3822 - NTLMv2 type-3 header stack buffer overflow
+    CVE-2018-16890 - NTLM type-2 out-of-bounds buffer read
+
+* Mon Feb 04 2019 Kamil Dudka <kdudka@redhat.com> - 7.63.0-7
+- prevent valgrind from reporting false positives on x86_64
+
+* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 7.63.0-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Mon Jan 21 2019 Kamil Dudka <kdudka@redhat.com> - 7.63.0-5
+- xattr: strip credentials from any URL that is stored (CVE-2018-20483)
+
+* Fri Jan 04 2019 Kamil Dudka <kdudka@redhat.com> - 7.63.0-4
+- replace 0105-curl-7.63.0-libstubgss-ldadd.patch by upstream patch
+
+* Wed Dec 19 2018 Kamil Dudka <kdudka@redhat.com> - 7.63.0-3
+- curl -J: do not append to the destination file (#1658574)
+
+* Fri Dec 14 2018 Kamil Dudka <kdudka@redhat.com> - 7.63.0-2
+- revert an upstream commit that broke `fedpkg new-sources` (#1659329)
+
+* Wed Dec 12 2018 Kamil Dudka <kdudka@redhat.com> - 7.63.0-1
+- new upstream release
+
+* Wed Oct 31 2018 Kamil Dudka <kdudka@redhat.com> - 7.62.0-1
+- new upstream release, which fixes the following vulnerabilities
+    CVE-2018-16839 - SASL password overflow via integer overflow
+    CVE-2018-16840 - use-after-free in handle close
+    CVE-2018-16842 - warning message out-of-buffer read
+
+* Thu Oct 11 2018 Kamil Dudka <kdudka@redhat.com> - 7.61.1-3
+- enable TLS 1.3 post-handshake auth in OpenSSL
+- update the documentation of --tlsv1.0 in curl(1) man page
+
+* Thu Oct 04 2018 Kamil Dudka <kdudka@redhat.com> - 7.61.1-2
+- enforce versioned libpsl dependency for libcurl (#1631804)
+- test320: update expected output for gnutls-3.6.4
+- drop 0105-curl-7.61.0-tests-ssh-keygen.patch no longer needed (#1622594)
+
+* Wed Sep 05 2018 Kamil Dudka <kdudka@redhat.com> - 7.61.1-1
+- new upstream release, which fixes the following vulnerability
+    CVE-2018-14618 - NTLM password overflow via integer overflow
+
+* Tue Sep 04 2018 Kamil Dudka <kdudka@redhat.com> - 7.61.0-8
+- make the --tls13-ciphers option work
+
+* Mon Aug 27 2018 Kamil Dudka <kdudka@redhat.com> - 7.61.0-7
+- tests: make ssh-keygen always produce PEM format (#1622594)
+
+* Wed Aug 15 2018 Kamil Dudka <kdudka@redhat.com> - 7.61.0-6
+- scp/sftp: fix infinite connect loop on invalid private key (#1595135)
+
+* Thu Aug 09 2018 Kamil Dudka <kdudka@redhat.com> - 7.61.0-5
+- ssl: set engine implicitly when a PKCS#11 URI is provided (#1219544)
+
+* Tue Aug 07 2018 Kamil Dudka <kdudka@redhat.com> - 7.61.0-4
+- relax crypto policy for the test-suite to make it pass again (#1610888)
+
+* Tue Jul 31 2018 Kamil Dudka <kdudka@redhat.com> - 7.61.0-3
+- disable flaky test 1900, which covers deprecated HTTP pipelining
+- adapt test 323 for updated OpenSSL
+
+* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 7.61.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Wed Jul 11 2018 Kamil Dudka <kdudka@redhat.com> - 7.61.0-1
+- new upstream release, which fixes the following vulnerability
+    CVE-2018-0500 - SMTP send heap buffer overflow
+
+* Tue Jul 10 2018 Kamil Dudka <kdudka@redhat.com> - 7.60.0-3
+- enable support for brotli compression in libcurl-full
+
+* Wed Jul 04 2018 Kamil Dudka <kdudka@redhat.com> - 7.60.0-2
+- do not hard-wire path of the Python 3 interpreter
+
+* Wed May 16 2018 Kamil Dudka <kdudka@redhat.com> - 7.60.0-1
+- new upstream release, which fixes the following vulnerabilities
+    CVE-2018-1000300 - FTP shutdown response buffer overflow
+    CVE-2018-1000301 - RTSP bad headers buffer over-read
+
+* Thu Mar 15 2018 Kamil Dudka <kdudka@redhat.com> - 7.59.0-3
+- make the test-suite use Python 3
+
 * Wed Mar 14 2018 Kamil Dudka <kdudka@redhat.com> - 7.59.0-2
 - ftp: fix typo in recursive callback detection for seeking
 

sources

@@ -1 +1 @@
-SHA512 (curl-7.59.0.tar.xz) = 6982a5950b564d6b2a4f4b96296b6db3db24a096acc68aa96966821b57f66362f5a69d9f2da762b5d2b1011a4a47478ebacaf05e26604f78bb013098749dd8a6
+SHA512 (curl-7.67.0.tar.xz) = 1d5a344be92dd61b1ba5189eff0fe337e492f2e850794943570fe71c985d0af60bd412082be646e07aaa8639908593e1ce4bb2d07db35394ec377e8ce8b9ae29