do not run test-suite through valgrind on i686 brew builds

The architecture is being decommissioned in Fedora, which makes it
difficult to debug valgrind failures (usually not related to curl
anyway).

0001-curl-7.61.1-test320-gnutls.patch

@@ -1,63 +0,0 @@
-From 3cd5b375e31fb98e4782dc3a77e7316ad9eb26cf Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Thu, 4 Oct 2018 15:34:13 +0200
-Subject: [PATCH] test320: strip out more HTML when comparing
-
-To make the test case work with different gnutls-serv versions better.
-
-Reported-by: Kamil Dudka
-Fixes #3093
-Closes #3094
-
-Upstream-commit: 94ad57b0246b5658c2a9139dbe6a80efa4c4e2f3
-Signed-off-by: Kamil Dudka <kdudka@redhat.com>
----
- tests/data/test320 | 24 ++++--------------------
- 1 file changed, 4 insertions(+), 20 deletions(-)
-
-diff --git a/tests/data/test320 b/tests/data/test320
-index 457a11eb2..87311d4f2 100644
---- a/tests/data/test320
-+++ b/tests/data/test320
-@@ -62,34 +62,18 @@ simple TLS-SRP HTTPS GET, check user in response
- HTTP/1.0 200 OK
- Content-type: text/html
- 
--
--<HTML><BODY>
--<CENTER><H1>This is <a href="http://www.gnu.org/software/gnutls">GnuTLS</a></H1></CENTER>
--
--
--
--<h5>If your browser supports session resuming, then you should see the same session ID, when you press the <b>reload</b> button.</h5>
--<p>Connected as user 'jsmith'.</p>
--<P>
--<TABLE border=1><TR><TD></TD></TR>
--<TR><TD>Key Exchange:</TD><TD>SRP</TD></TR>
--<TR><TD>Compression</TD><TD>NULL</TD></TR>
--<TR><TD>Cipher</TD><TD>AES-NNN-CBC</TD></TR>
--<TR><TD>MAC</TD><TD>SHA1</TD></TR>
--<TR><TD>Ciphersuite</TD><TD>SRP_SHA_AES_NNN_CBC_SHA1</TD></TR></p></TABLE>
--<hr><P>Your HTTP header was:<PRE>Host: %HOSTIP:%HTTPTLSPORT
-+FINE
- User-Agent: curl-test-suite
- Accept: */*
- 
--</PRE></P>
--</BODY></HTML>
--
- </file>
- <stripfile>
--s/^<p>Session ID:.*//
-+s/^<p>Connected as user 'jsmith'.*/FINE/
- s/Protocol version:.*[0-9]//
- s/GNUTLS/GnuTLS/
- s/(AES[-_])\d\d\d([-_]CBC)/$1NNN$2/
-+s/^<.*\n//
-+s/^\n//
- </stripfile>
- </verify>
- 
--- 
-2.17.1
-

0001-curl-7.67.0-upload-glob.patch

@@ -0,0 +1,316 @@
+From 37a36231c5e34ae31b1968481fad2e8d76613fbd Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Wed, 13 Nov 2019 11:33:29 +0100
+Subject: [PATCH] curl: fix -T globbing
+
+Regression from e59371a4936f8 (7.67.0)
+
+Added test 490, 491 and 492 to verify the functionality.
+
+Reported-by: Kamil Dudka
+Reported-by: Anderson Sasaki
+
+Fixes #4588
+Closes #4591
+
+Upstream-commit: 7a46aeb0be3fa00826b0c47a8bc06eddff448659
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ src/tool_operate.c      | 15 ++++---
+ tests/data/Makefile.inc |  2 +
+ tests/data/test490      | 68 +++++++++++++++++++++++++++++++
+ tests/data/test491      | 64 +++++++++++++++++++++++++++++
+ tests/data/test492      | 89 +++++++++++++++++++++++++++++++++++++++++
+ 5 files changed, 232 insertions(+), 6 deletions(-)
+ create mode 100644 tests/data/test490
+ create mode 100644 tests/data/test491
+ create mode 100644 tests/data/test492
+
+diff --git a/src/tool_operate.c b/src/tool_operate.c
+index 3087d2d..4ecb1ed 100644
+--- a/src/tool_operate.c
++++ b/src/tool_operate.c
+@@ -829,12 +829,6 @@ static CURLcode single_transfer(struct GlobalConfig *global,
+       separator = ((!state->outfiles ||
+                     !strcmp(state->outfiles, "-")) && urlnum > 1);
+ 
+-      /* Here's looping around each globbed URL */
+-
+-      if(state->li >= urlnum) {
+-        state->li = 0;
+-        state->up++;
+-      }
+       if(state->up < state->infilenum) {
+         struct per_transfer *per;
+         struct OutStruct *outs;
+@@ -1908,6 +1902,15 @@ static CURLcode single_transfer(struct GlobalConfig *global,
+         per->retrystart = tvnow();
+ 
+         state->li++;
++        /* Here's looping around each globbed URL */
++        if(state->li >= urlnum) {
++          state->li = 0;
++          state->urlnum = 0; /* forced reglob of URLs */
++          glob_cleanup(state->urls);
++          state->urls = NULL;
++          state->up++;
++          Curl_safefree(state->uploadfile); /* clear it to get the next */
++        }
+       }
+       else {
+         /* Free this URL node data without destroying the
+diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
+index 557f928..212900e 100644
+--- a/tests/data/Makefile.inc
++++ b/tests/data/Makefile.inc
+@@ -66,6 +66,8 @@ test393 test394 test395 \
+ test400 test401 test402 test403 test404 test405 test406 test407 test408 \
+ test409 \
+ \
++test490 test491 test492 \
++\
+ test500 test501 test502 test503 test504 test505 test506 test507 test508 \
+ test509 test510 test511 test512 test513 test514 test515 test516 test517 \
+ test518 test519 test520 test521 test522 test523 test524 test525 test526 \
+diff --git a/tests/data/test490 b/tests/data/test490
+new file mode 100644
+index 0000000..a3383a9
+--- /dev/null
++++ b/tests/data/test490
+@@ -0,0 +1,68 @@
++<testcase>
++<info>
++<keywords>
++HTTP
++HTTP PUT
++</keywords>
++</info>
++
++#
++# Server-side
++<reply>
++<data>
++HTTP/1.1 200 OK
++Date: Thu, 09 Nov 2010 14:49:00 GMT
++Server: test-server/fake
++Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
++ETag: "21025-dc7-39462498"
++Accept-Ranges: bytes
++Content-Length: 6
++Connection: close
++Content-Type: text/html
++Funny-head: yesyes
++
++-foo-
++</data>
++</reply>
++
++#
++# Client-side
++<client>
++<server>
++http
++</server>
++ <name>
++Two globbed HTTP PUTs
++ </name>
++ <command>
++http://%HOSTIP:%HTTPPORT/490 -T '{log/in490,log/in490}'
++</command>
++<file name="log/in490">
++surprise!
++</file>
++</client>
++
++#
++# Verify data after the test has been "shot"
++<verify>
++<strip>
++^User-Agent:.*
++</strip>
++<protocol>
++PUT /490 HTTP/1.1
++Host: 127.0.0.1:8990
++Accept: */*
++Content-Length: 10
++Expect: 100-continue
++
++surprise!
++PUT /490 HTTP/1.1
++Host: 127.0.0.1:8990
++Accept: */*
++Content-Length: 10
++Expect: 100-continue
++
++surprise!
++</protocol>
++</verify>
++</testcase>
+diff --git a/tests/data/test491 b/tests/data/test491
+new file mode 100644
+index 0000000..b49c06c
+--- /dev/null
++++ b/tests/data/test491
+@@ -0,0 +1,64 @@
++<testcase>
++<info>
++<keywords>
++HTTP
++HTTP PUT
++</keywords>
++</info>
++
++#
++# Server-side
++<reply>
++<data>
++HTTP/1.1 200 OK
++Date: Thu, 09 Nov 2010 14:49:00 GMT
++Server: test-server/fake
++Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
++ETag: "21025-dc7-39462498"
++Accept-Ranges: bytes
++Content-Length: 6
++Connection: close
++Content-Type: text/html
++Funny-head: yesyes
++
++-foo-
++</data>
++</reply>
++
++#
++# Client-side
++<client>
++<server>
++http
++</server>
++ <name>
++Two globbed HTTP PUTs, the second upload file is missing
++ </name>
++ <command>
++http://%HOSTIP:%HTTPPORT/491 -T '{log/in491,log/bad491}'
++</command>
++<file name="log/in491">
++surprise!
++</file>
++</client>
++
++#
++# Verify data after the test has been "shot"
++<verify>
++<strip>
++^User-Agent:.*
++</strip>
++<protocol>
++PUT /491 HTTP/1.1
++Host: 127.0.0.1:8990
++Accept: */*
++Content-Length: 10
++Expect: 100-continue
++
++surprise!
++</protocol>
++<errorcode>
++26
++</errorcode>
++</verify>
++</testcase>
+diff --git a/tests/data/test492 b/tests/data/test492
+new file mode 100644
+index 0000000..12edd8b
+--- /dev/null
++++ b/tests/data/test492
+@@ -0,0 +1,89 @@
++<testcase>
++<info>
++<keywords>
++HTTP
++HTTP PUT
++</keywords>
++</info>
++
++#
++# Server-side
++<reply>
++<data>
++HTTP/1.1 200 OK
++Date: Thu, 09 Nov 2010 14:49:00 GMT
++Server: test-server/fake
++Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
++ETag: "21025-dc7-39462498"
++Accept-Ranges: bytes
++Content-Length: 6
++Connection: close
++Content-Type: text/html
++Funny-head: yesyes
++
++-foo-
++</data>
++</reply>
++
++#
++# Client-side
++<client>
++<server>
++http
++</server>
++ <name>
++Two globbed HTTP PUTs to two globbed URLs
++ </name>
++ <command>
++'http://%HOSTIP:%HTTPPORT/{one,two}/' -T '{log/first492,log/second492}' -H "Testno: 492"
++</command>
++<file name="log/first492">
++first 492 contents
++</file>
++<file1 name="log/second492">
++second 492 contents
++</file1>
++</client>
++
++#
++# Verify data after the test has been "shot"
++<verify>
++<strip>
++^User-Agent:.*
++</strip>
++<protocol>
++PUT /one/first492 HTTP/1.1
++Host: 127.0.0.1:8990
++Accept: */*
++Testno: 492
++Content-Length: 19
++Expect: 100-continue
++
++first 492 contents
++PUT /two/first492 HTTP/1.1
++Host: 127.0.0.1:8990
++Accept: */*
++Testno: 492
++Content-Length: 19
++Expect: 100-continue
++
++first 492 contents
++PUT /one/second492 HTTP/1.1
++Host: 127.0.0.1:8990
++Accept: */*
++Testno: 492
++Content-Length: 20
++Expect: 100-continue
++
++second 492 contents
++PUT /two/second492 HTTP/1.1
++Host: 127.0.0.1:8990
++Accept: */*
++Testno: 492
++Content-Length: 20
++Expect: 100-continue
++
++second 492 contents
++</protocol>
++</verify>
++</testcase>
+-- 
+2.20.1
+

0002-curl-7.61.1-tlsv1.0-man.patch

@@ -1,28 +0,0 @@
-From c574e05b0035f0d78e6bf6040d3f80430112ab4f Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Fri, 7 Sep 2018 16:50:45 +0200
-Subject: [PATCH] docs/cmdline-opts: update the documentation of --tlsv1.0
-
-... to reflect the changes in 6015cefb1b2cfde4b4850121c42405275e5e77d9
-
-Closes #2955
-
-Upstream-commit: 9ba22ce6b52751ed1e2abdd177b0a1d241819b4e
-Signed-off-by: Kamil Dudka <kdudka@redhat.com>
----
- docs/cmdline-opts/tlsv1.0.d | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/docs/cmdline-opts/tlsv1.0.d b/docs/cmdline-opts/tlsv1.0.d
-index 8789025e0..54e259682 100644
---- a/docs/cmdline-opts/tlsv1.0.d
-+++ b/docs/cmdline-opts/tlsv1.0.d
-@@ -3,4 +3,4 @@ Help: Use TLSv1.0
- Protocols: TLS
- Added: 7.34.0
- ---
--Forces curl to use TLS version 1.0 when connecting to a remote TLS server.
-+Forces curl to use TLS version 1.0 or later when connecting to a remote TLS server.
--- 
-2.17.1
-

0003-curl-7.61.1-TLS-1.3-PHA.patch

@@ -1,46 +0,0 @@
-From bb8ad3da3fb4ab3f6556daa1f67b259c12a3c7de Mon Sep 17 00:00:00 2001
-From: Christian Heimes <christian@python.org>
-Date: Fri, 21 Sep 2018 10:37:43 +0200
-Subject: [PATCH] OpenSSL: enable TLS 1.3 post-handshake auth
-
-OpenSSL 1.1.1 requires clients to opt-in for post-handshake
-authentication.
-
-Fixes: https://github.com/curl/curl/issues/3026
-Signed-off-by: Christian Heimes <christian@python.org>
-
-Closes https://github.com/curl/curl/pull/3027
-
-Upstream-commit: b939bc47b27cd57c6ebb852ad653933e4124b452
-Signed-off-by: Kamil Dudka <kdudka@redhat.com>
----
- lib/vtls/openssl.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
-index a487f55..78970d1 100644
---- a/lib/vtls/openssl.c
-+++ b/lib/vtls/openssl.c
-@@ -178,6 +178,7 @@ static unsigned long OpenSSL_version_num(void)
-      !defined(LIBRESSL_VERSION_NUMBER) &&       \
-      !defined(OPENSSL_IS_BORINGSSL))
- #define HAVE_SSL_CTX_SET_CIPHERSUITES
-+#define HAVE_SSL_CTX_SET_POST_HANDSHAKE_AUTH
- #endif
- 
- #if defined(LIBRESSL_VERSION_NUMBER)
-@@ -2467,6 +2468,11 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
-   }
- #endif
- 
-+#ifdef HAVE_SSL_CTX_SET_POST_HANDSHAKE_AUTH
-+  /* OpenSSL 1.1.1 requires clients to opt-in for PHA */
-+  SSL_CTX_set_post_handshake_auth(BACKEND->ctx, 1);
-+#endif
-+
- #ifdef USE_TLS_SRP
-   if(ssl_authtype == CURL_TLSAUTH_SRP) {
-     char * const ssl_username = SSL_SET_OPTION(username);
--- 
-2.17.1
-

0101-curl-7.32.0-multilib.patch

@@ -22,7 +22,7 @@ index 150004d..95d0759 100644
          ;;
  
      --prefix)
-@@ -143,32 +143,17 @@ while test $# -gt 0; do
+@@ -155,32 +155,17 @@ while test $# -gt 0; do
          ;;
  
      --libs)

0102-curl-7.36.0-debug.patch

@@ -12,7 +12,7 @@ diff --git a/configure b/configure
 index 8f079a3..53b4774 100755
 --- a/configure
 +++ b/configure
-@@ -16414,18 +16414,11 @@ $as_echo "yes" >&6; }
+@@ -16331,18 +16331,11 @@ $as_echo "yes" >&6; }
      gccvhi=`echo $gccver | cut -d . -f1`
      gccvlo=`echo $gccver | cut -d . -f2`
      compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`
@@ -38,7 +38,7 @@ diff --git a/m4/curl-compilers.m4 b/m4/curl-compilers.m4
 index 0cbba7a..9175b5b 100644
 --- a/m4/curl-compilers.m4
 +++ b/m4/curl-compilers.m4
-@@ -157,18 +157,11 @@ AC_DEFUN([CURL_CHECK_COMPILER_GNU_C], [
+@@ -166,18 +166,11 @@ AC_DEFUN([CURL_CHECK_COMPILER_GNU_C], [
      gccvhi=`echo $gccver | cut -d . -f1`
      gccvlo=`echo $gccver | cut -d . -f2`
      compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`

0103-curl-7.59.0-python3.patch

@@ -1,88 +1,22 @@
-From bdba7b54224814055185513de1e7ff6619031553 Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Thu, 15 Mar 2018 13:21:40 +0100
-Subject: [PATCH 1/2] tests/http_pipe.py: migrate to Python 3
-
----
- tests/http_pipe.py | 4 ++--
- tests/runtests.pl  | 2 +-
- 2 files changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/tests/http_pipe.py b/tests/http_pipe.py
-index bc32173..75ac165 100755
---- a/tests/http_pipe.py
-+++ b/tests/http_pipe.py
-@@ -383,13 +383,13 @@ class PipelineRequestHandler(socketserver.BaseRequestHandler):
-           self.request.setblocking(True)
-           if not new_data:
-             return
--          new_requests = self._request_parser.ParseAdditionalData(new_data)
-+          new_requests = self._request_parser.ParseAdditionalData(new_data.decode('utf8'))
-           self._response_builder.QueueRequests(
-               new_requests, self._request_parser.were_all_requests_http_1_1)
-           self._num_queued += len(new_requests)
-           self._last_queued_time = time.time()
-         elif fileno in wlist:
--          num_bytes_sent = self.request.send(self._send_buffer[0:4096])
-+          num_bytes_sent = self.request.send(self._send_buffer[0:4096].encode('utf8'))
-           self._send_buffer = self._send_buffer[num_bytes_sent:]
-           time.sleep(0.05)
- 
-diff --git a/tests/runtests.pl b/tests/runtests.pl
-index d6aa5ca..4d395ef 100755
---- a/tests/runtests.pl
-+++ b/tests/runtests.pl
-@@ -1439,7 +1439,7 @@ sub runhttpserver {
-     elsif($alt eq "pipe") {
-         # basically the same, but another ID
-         $idnum = 3;
--        $exe = "python $srcdir/http_pipe.py";
-+        $exe = "python3 $srcdir/http_pipe.py";
-         $verbose_flag .= "1 ";
-     }
-     elsif($alt eq "unix") {
--- 
-2.14.3
-
-
 From 3c4c7340e455b7256c0786759422f34ec3e2d440 Mon Sep 17 00:00:00 2001
 From: Kamil Dudka <kdudka@redhat.com>
 Date: Thu, 15 Mar 2018 14:49:56 +0100
-Subject: [PATCH 2/2] tests/{negtelnet,smb}server.py: migrate to Python 3
+Subject: [PATCH] tests/{negtelnet,smb}server.py: migrate to Python 3
 
 Unfortunately, smbserver.py does not work with Python 3 because
 there is no 'impacket' module available for Python 3:
 
 https://github.com/CoreSecurity/impacket/issues/61
 ---
- tests/negtelnetserver.py | 12 ++++++------
- tests/smbserver.py       |  4 ++--
- 2 files changed, 8 insertions(+), 8 deletions(-)
+ tests/negtelnetserver.py | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
 
 diff --git a/tests/negtelnetserver.py b/tests/negtelnetserver.py
 index 8cfd409..72ee771 100755
 --- a/tests/negtelnetserver.py
 +++ b/tests/negtelnetserver.py
-@@ -23,7 +23,7 @@ IDENT = "NTEL"
- 
- # The strings that indicate the test framework is checking our aliveness
- VERIFIED_REQ = b"verifiedserver"
--VERIFIED_RSP = b"WE ROOLZ: {pid}"
-+VERIFIED_RSP = "WE ROOLZ: {pid}"
- 
- 
- def telnetserver(options):
-@@ -34,7 +34,7 @@ def telnetserver(options):
-     if options.pidfile:
-         pid = os.getpid()
-         with open(options.pidfile, "w") as f:
--            f.write(b"{0}".format(pid))
-+            f.write("{0}".format(pid))
- 
-     local_bind = (HOST, options.port)
-     log.info("Listening on %s", local_bind)
 @@ -73,11 +73,11 @@ class NegotiatingTelnetHandler(socketserver.BaseRequestHandler):
-                 response_data = VERIFIED_RSP.format(pid=os.getpid())
+                 response_data = response.encode('ascii')
              else:
                  log.debug("Received normal request - echoing back")
 -                response_data = data.strip()
@@ -95,46 +29,6 @@ index 8cfd409..72ee771 100755
  
          except IOError:
              log.exception("IOError hit during request")
-@@ -132,7 +132,7 @@ class Negotiator(object):
-         return buffer
- 
-     def byte_to_int(self, byte):
--        return struct.unpack(b'B', byte)[0]
-+        return int(byte)
- 
-     def no_neg(self, byte, byte_int, buffer):
-         # Not negotiating anything thus far. Check to see if we
-@@ -197,7 +197,7 @@ class Negotiator(object):
-         self.tcp.sendall(packed_message)
- 
-     def pack(self, arr):
--        return struct.pack(b'{0}B'.format(len(arr)), *arr)
-+        return struct.pack('{0}B'.format(len(arr)), *arr)
- 
-     def send_iac(self, arr):
-         message = [NegTokens.IAC]
-diff --git a/tests/smbserver.py b/tests/smbserver.py
-index 195ae39..b09cd44 100755
---- a/tests/smbserver.py
-+++ b/tests/smbserver.py
-@@ -24,7 +24,7 @@
- from __future__ import (absolute_import, division, print_function)
- # unicode_literals)
- import argparse
--import ConfigParser
-+import configparser
- import os
- import sys
- import logging
-@@ -58,7 +58,7 @@ def smbserver(options):
-             f.write("{0}".format(pid))
- 
-     # Here we write a mini config for the server
--    smb_config = ConfigParser.ConfigParser()
-+    smb_config = configparser.ConfigParser()
-     smb_config.add_section("global")
-     smb_config.set("global", "server_name", "SERVICE")
-     smb_config.set("global", "server_os", "UNIX")
 -- 
 2.14.3
 

0104-curl-7.19.7-localhost6.patch

@@ -14,8 +14,8 @@ index e441278..b0958b6 100644
 +-g "http://%HOST6IP:%HTTP6PORT/1083" --interface localhost6
  </command>
  <precheck>
--perl -e "if ('%CLIENT6IP' ne '[::1]') {print 'Test requires default test server host address';} else {exec './server/resolve --ipv6 ip6-localhost'; print 'Cannot run precheck resolve';}"
-+perl -e "if ('%CLIENT6IP' ne '[::1]') {print 'Test requires default test server host address';} else {exec './server/resolve --ipv6 localhost6'; print 'Cannot run precheck resolve';}"
+-perl -e "if ('%CLIENT6IP' ne '[::1]') {print 'Test requires default test client host address';} else {exec './server/resolve --ipv6 ip6-localhost'; print 'Cannot run precheck resolve';}"
++perl -e "if ('%CLIENT6IP' ne '[::1]') {print 'Test requires default test client host address';} else {exec './server/resolve --ipv6 localhost6'; print 'Cannot run precheck resolve';}"
  </precheck>
  </client>
  

0105-curl-7.63.0-lib1560-valgrind.patch

@@ -0,0 +1,39 @@
+From f55cca0e86f59ec11ffafd5c0503c39ca3723e2e Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Mon, 4 Feb 2019 17:32:56 +0100
+Subject: [PATCH] libtest: compile lib1560.c with -fno-builtin-strcmp
+
+... to prevent valgrind from reporting false positives on x86_64:
+
+Conditional jump or move depends on uninitialised value(s)
+   at 0x10BCAA: part2id (lib1560.c:489)
+   by 0x10BCAA: updateurl (lib1560.c:521)
+   by 0x10BCAA: set_parts (lib1560.c:630)
+   by 0x10BCAA: test (lib1560.c:802)
+   by 0x4923412: (below main) (in /usr/lib64/libc-2.28.9000.so)
+
+Conditional jump or move depends on uninitialised value(s)
+   at 0x10BCC3: part2id (lib1560.c:491)
+   by 0x10BCC3: updateurl (lib1560.c:521)
+   by 0x10BCC3: set_parts (lib1560.c:630)
+   by 0x10BCC3: test (lib1560.c:802)
+   by 0x4923412: (below main) (in /usr/lib64/libc-2.28.9000.so)
+---
+ tests/libtest/Makefile.inc | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc
+index 080421b..ea3b806 100644
+--- a/tests/libtest/Makefile.inc
++++ b/tests/libtest/Makefile.inc
+@@ -534,6 +534,7 @@ lib1559_SOURCES = lib1559.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
+ lib1559_LDADD = $(TESTUTIL_LIBS)
+ 
+ lib1560_SOURCES = lib1560.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
++lib1560_CFLAGS = $(AM_CFLAGS) -fno-builtin-strcmp
+ lib1560_LDADD = $(TESTUTIL_LIBS)
+ 
+ lib1591_SOURCES = lib1591.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
+-- 
+2.17.2
+

curl-7.61.1.tar.xz.asc

@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAluPblgACgkQXMkI/bce
-EsJynAgArST/gB9eVYIQTTAdXxCOSnArBK/Ne/UNW83QIgOawj0HvEpj9+1SNfTi
-EwC5YSwymyMuKGTDLNswTnJ0MripRKylekfu1QGGzmIOkqovTiHz60xiFuWYI3vy
-fYuAAse5MJz64GCVFwOM4me8SgEjtb/hIbhiCLqilOyXnqtocDm4FPCMAYQ1mTFy
-RJBbwgDLwtktfBDCQyMXTeETGuk3bTrtvSwRv8+Rq8qehOt5s58Fqeztv8EVNi+B
-Qzsi5NXMulgl3C0P3dN/cC81+OL75ehuE91AFXUmbNOnlYNTOxHR2dioaXaEyhKb
-51KLH2D0G75wlfMbgMhX/rguuXT2rg==
-=vM6i
------END PGP SIGNATURE-----

curl-7.67.0.tar.xz.asc

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAl3CauAACgkQXMkI/bce
+EsKe7Qf+Py/Wufz3AqqpJ1Xr0oigaV1Sa5AAyRD+KX8jwSJTRaRahaECGMhmR9vh
+kBaMFtycctCKcK1masI9GSeTX5nCtmaWzELLsBXynm/l2W+hrW1AD2R++YuM384t
+O078GxgsgRH0m8MacSKoV5yPOv/h9URnVMTavkAIfnW50vw17akDZ9MW2NhJzKpP
+s6GgWTMB5gomTHlnlHjTjtNoVbKKrV4v9YyRwqzI3XHXYtYOA7iufP4wnT+dpSm5
+ZLdbg5Nq+1pCTEiMg3KZKYNriypoLJuWuSF+bKc54CGN63eoUxXgU6js9ViHS5JS
+3dPfzzRA8wgROem58QhHnrR9c2CmdQ==
+=5gov
+-----END PGP SIGNATURE-----

curl.spec

@@ -1,18 +1,12 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
-Version: 7.61.1
-Release: 3%{?dist}
+Version: 7.67.0
+Release: 2%{?dist}
 License: MIT
 Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz
 
-# test320: update expected output for gnutls-3.6.4
-Patch1:   0001-curl-7.61.1-test320-gnutls.patch
-
-# update the documentation of --tlsv1.0 in curl(1) man page
-Patch2:   0002-curl-7.61.1-tlsv1.0-man.patch
-
-# enable TLS 1.3 post-handshake auth in OpenSSL
-Patch3:   0003-curl-7.61.1-TLS-1.3-PHA.patch
+# fix infinite loop on upload using a glob (#1771025)
+Patch1:   0001-curl-7.67.0-upload-glob.patch
 
 # patch making libcurl multilib ready
 Patch101: 0101-curl-7.32.0-multilib.patch
@@ -26,6 +20,9 @@ Patch103: 0103-curl-7.59.0-python3.patch
 # use localhost6 instead of ip6-localhost in the curl test-suite
 Patch104: 0104-curl-7.19.7-localhost6.patch
 
+# prevent valgrind from reporting false positives on x86_64
+Patch105: 0105-curl-7.63.0-lib1560-valgrind.patch
+
 Provides: curl-full = %{version}-%{release}
 Provides: webclient
 URL: https://curl.haxx.se/
@@ -45,6 +42,7 @@ BuildRequires: openldap-devel
 BuildRequires: openssh-clients
 BuildRequires: openssh-server
 BuildRequires: openssl-devel
+BuildRequires: perl-interpreter
 BuildRequires: pkgconfig
 BuildRequires: python3-devel
 BuildRequires: sed
@@ -54,6 +52,12 @@ BuildRequires: zlib-devel
 # needed to compress content of tool_hugehelp.c after changing curl.1 man page
 BuildRequires: perl(IO::Compress::Gzip)
 
+# needed for generation of shell completions
+BuildRequires: perl(Getopt::Long)
+BuildRequires: perl(Pod::Usage)
+BuildRequires: perl(strict)
+BuildRequires: perl(warnings)
+
 # gnutls-serv is used by the upstream test-suite
 BuildRequires: gnutls-utils
 
@@ -69,10 +73,8 @@ BuildRequires: perl(File::Copy)
 BuildRequires: perl(File::Spec)
 BuildRequires: perl(IPC::Open2)
 BuildRequires: perl(MIME::Base64)
-BuildRequires: perl(strict)
 BuildRequires: perl(Time::Local)
 BuildRequires: perl(Time::HiRes)
-BuildRequires: perl(warnings)
 BuildRequires: perl(vars)
 
 # The test-suite runs automatically through valgrind if valgrind is available
@@ -81,7 +83,7 @@ BuildRequires: perl(vars)
 # to be less reliable, in order to avoid unnecessary build failures (see RHBZ
 # #810992, #816175, and #886891).  Nevertheless developers are free to install
 # valgrind manually to improve test coverage on any architecture.
-%ifarch x86_64 %{ix86}
+%ifarch x86_64
 BuildRequires: valgrind
 %endif
 
@@ -173,14 +175,13 @@ be installed.
 
 # upstream patches
 %patch1 -p1
-%patch2 -p1
-%patch3 -p1
 
 # Fedora patches
 %patch101 -p1
 %patch102 -p1
 %patch103 -p1
 %patch104 -p1
+%patch105 -p1
 
 # make tests/*.py use Python 3
 sed -e '1 s|^#!/.*python|#!%{__python3}|' -i tests/*.py
@@ -300,6 +301,10 @@ make DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p" install
 LD_LIBRARY_PATH="$RPM_BUILD_ROOT%{_libdir}:$LD_LIBRARY_PATH" \
     make DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p" install -C scripts
 
+# do not install /usr/share/fish/completions/curl.fish which is also installed
+# by fish-3.0.2-1.module_f31+3716+57207597 and would trigger a conflict
+rm -rf ${RPM_BUILD_ROOT}%{_datadir}/fish
+
 rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 
 %ldconfig_scriptlets -n libcurl
@@ -307,13 +312,17 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 %ldconfig_scriptlets -n libcurl-minimal
 
 %files
-%doc CHANGES README*
-%doc docs/BUGS docs/FAQ docs/FEATURES
-%doc docs/MANUAL docs/RESOURCES
-%doc docs/TheArtOfHttpScripting docs/TODO
+%doc CHANGES
+%doc README
+%doc docs/BUGS
+%doc docs/FAQ
+%doc docs/FEATURES
+%doc docs/RESOURCES
+%doc docs/TODO
+%doc docs/TheArtOfHttpScripting
 %{_bindir}/curl
 %{_mandir}/man1/curl.1*
-%{_datadir}/zsh/site-functions
+%{_datadir}/zsh
 
 %files -n libcurl
 %license COPYING
@@ -341,6 +350,97 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
 
 %changelog
+* Thu Nov 14 2019 Kamil Dudka <kdudka@redhat.com> - 7.67.1-2
+- fix infinite loop on upload using a glob (#1771025)
+
+* Wed Nov 06 2019 Kamil Dudka <kdudka@redhat.com> - 7.67.1-1
+- new upstream release
+
+* Wed Sep 11 2019 Kamil Dudka <kdudka@redhat.com> - 7.66.0-1
+- new upstream release, which fixes the following vulnerabilities
+    CVE-2019-5481 - double free due to subsequent call of realloc()
+    CVE-2019-5482 - heap buffer overflow in function tftp_receive_packet()
+
+* Tue Aug 27 2019 Kamil Dudka <kdudka@redhat.com> - 7.65.3-4
+- avoid reporting spurious error in the HTTP2 framing layer (#1690971)
+
+* Thu Aug 01 2019 Kamil Dudka <kdudka@redhat.com> - 7.65.3-3
+- improve handling of gss_init_sec_context() failures
+
+* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 7.65.3-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Sat Jul 20 2019 Paul Howarth <paul@city-fan.org> - 7.65.3-1
+- new upstream release
+
+* Wed Jul 17 2019 Kamil Dudka <kdudka@redhat.com> - 7.65.2-1
+- new upstream release
+
+* Wed Jun 05 2019 Kamil Dudka <kdudka@redhat.com> - 7.65.1-1
+- new upstream release
+
+* Thu May 30 2019 Kamil Dudka <kdudka@redhat.com> - 7.65.0-2
+- fix spurious timeout events with speed-limit (#1714893)
+
+* Wed May 22 2019 Kamil Dudka <kdudka@redhat.com> - 7.65.0-1
+- new upstream release, which fixes the following vulnerabilities
+    CVE-2019-5436 - TFTP receive buffer overflow
+    CVE-2019-5435 - integer overflows in curl_url_set()
+
+* Thu May 09 2019 Kamil Dudka <kdudka@redhat.com> - 7.64.1-2
+- do not treat failure of gss_init_sec_context() with --negotiate as fatal
+
+* Wed Mar 27 2019 Kamil Dudka <kdudka@redhat.com> - 7.64.1-1
+- new upstream release
+
+* Mon Mar 25 2019 Kamil Dudka <kdudka@redhat.com> - 7.64.0-6
+- remove verbose "Expire in" ... messages (#1690971)
+
+* Thu Mar 21 2019 Kamil Dudka <kdudka@redhat.com> - 7.64.0-5
+- avoid spurious "Could not resolve host: [host name]" error messages
+
+* Wed Feb 27 2019 Kamil Dudka <kdudka@redhat.com> - 7.64.0-4
+- fix NULL dereference if flushing cookies with no CookieInfo set (#1683676)
+
+* Mon Feb 25 2019 Kamil Dudka <kdudka@redhat.com> - 7.64.0-3
+- prevent NetworkManager from leaking file descriptors (#1680198)
+
+* Mon Feb 11 2019 Kamil Dudka <kdudka@redhat.com> - 7.64.0-2
+- make zsh completion work again
+
+* Wed Feb 06 2019 Kamil Dudka <kdudka@redhat.com> - 7.64.0-1
+- new upstream release, which fixes the following vulnerabilities
+    CVE-2019-3823 - SMTP end-of-response out-of-bounds read
+    CVE-2019-3822 - NTLMv2 type-3 header stack buffer overflow
+    CVE-2018-16890 - NTLM type-2 out-of-bounds buffer read
+
+* Mon Feb 04 2019 Kamil Dudka <kdudka@redhat.com> - 7.63.0-7
+- prevent valgrind from reporting false positives on x86_64
+
+* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 7.63.0-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Mon Jan 21 2019 Kamil Dudka <kdudka@redhat.com> - 7.63.0-5
+- xattr: strip credentials from any URL that is stored (CVE-2018-20483)
+
+* Fri Jan 04 2019 Kamil Dudka <kdudka@redhat.com> - 7.63.0-4
+- replace 0105-curl-7.63.0-libstubgss-ldadd.patch by upstream patch
+
+* Wed Dec 19 2018 Kamil Dudka <kdudka@redhat.com> - 7.63.0-3
+- curl -J: do not append to the destination file (#1658574)
+
+* Fri Dec 14 2018 Kamil Dudka <kdudka@redhat.com> - 7.63.0-2
+- revert an upstream commit that broke `fedpkg new-sources` (#1659329)
+
+* Wed Dec 12 2018 Kamil Dudka <kdudka@redhat.com> - 7.63.0-1
+- new upstream release
+
+* Wed Oct 31 2018 Kamil Dudka <kdudka@redhat.com> - 7.62.0-1
+- new upstream release, which fixes the following vulnerabilities
+    CVE-2018-16839 - SASL password overflow via integer overflow
+    CVE-2018-16840 - use-after-free in handle close
+    CVE-2018-16842 - warning message out-of-buffer read
+
 * Thu Oct 11 2018 Kamil Dudka <kdudka@redhat.com> - 7.61.1-3
 - enable TLS 1.3 post-handshake auth in OpenSSL
 - update the documentation of --tlsv1.0 in curl(1) man page

sources

@@ -1 +1 @@
-SHA512 (curl-7.61.1.tar.xz) = e6f82a7292c70841162480c8880d25046bcfa64058f4ff76f7d398c85da569af1c244442c9c58a3478d59264365ff8e39eed2fb564cb137118588f7862e64e9a
+SHA512 (curl-7.67.0.tar.xz) = 1d5a344be92dd61b1ba5189eff0fe337e492f2e850794943570fe71c985d0af60bd412082be646e07aaa8639908593e1ce4bb2d07db35394ec377e8ce8b9ae29