new upstream release - 7.85.0

Resolves: CVE-2022-35252 - control code in cookie denial of service

.fmf/version

@@ -0,0 +1 @@
+1

.gitignore

@@ -1,2 +1,2 @@
-/curl-[0-9.]*.tar.lzma
 /curl-[0-9.]*.tar.xz
+/curl-[0-9.]*.tar.xz.asc

0001-curl-7.67.0-upload-glob.patch

@@ -1,316 +0,0 @@
-From 37a36231c5e34ae31b1968481fad2e8d76613fbd Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Wed, 13 Nov 2019 11:33:29 +0100
-Subject: [PATCH] curl: fix -T globbing
-
-Regression from e59371a4936f8 (7.67.0)
-
-Added test 490, 491 and 492 to verify the functionality.
-
-Reported-by: Kamil Dudka
-Reported-by: Anderson Sasaki
-
-Fixes #4588
-Closes #4591
-
-Upstream-commit: 7a46aeb0be3fa00826b0c47a8bc06eddff448659
-Signed-off-by: Kamil Dudka <kdudka@redhat.com>
----
- src/tool_operate.c      | 15 ++++---
- tests/data/Makefile.inc |  2 +
- tests/data/test490      | 68 +++++++++++++++++++++++++++++++
- tests/data/test491      | 64 +++++++++++++++++++++++++++++
- tests/data/test492      | 89 +++++++++++++++++++++++++++++++++++++++++
- 5 files changed, 232 insertions(+), 6 deletions(-)
- create mode 100644 tests/data/test490
- create mode 100644 tests/data/test491
- create mode 100644 tests/data/test492
-
-diff --git a/src/tool_operate.c b/src/tool_operate.c
-index 3087d2d..4ecb1ed 100644
---- a/src/tool_operate.c
-+++ b/src/tool_operate.c
-@@ -829,12 +829,6 @@ static CURLcode single_transfer(struct GlobalConfig *global,
-       separator = ((!state->outfiles ||
-                     !strcmp(state->outfiles, "-")) && urlnum > 1);
- 
--      /* Here's looping around each globbed URL */
--
--      if(state->li >= urlnum) {
--        state->li = 0;
--        state->up++;
--      }
-       if(state->up < state->infilenum) {
-         struct per_transfer *per;
-         struct OutStruct *outs;
-@@ -1908,6 +1902,15 @@ static CURLcode single_transfer(struct GlobalConfig *global,
-         per->retrystart = tvnow();
- 
-         state->li++;
-+        /* Here's looping around each globbed URL */
-+        if(state->li >= urlnum) {
-+          state->li = 0;
-+          state->urlnum = 0; /* forced reglob of URLs */
-+          glob_cleanup(state->urls);
-+          state->urls = NULL;
-+          state->up++;
-+          Curl_safefree(state->uploadfile); /* clear it to get the next */
-+        }
-       }
-       else {
-         /* Free this URL node data without destroying the
-diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
-index 557f928..212900e 100644
---- a/tests/data/Makefile.inc
-+++ b/tests/data/Makefile.inc
-@@ -66,6 +66,8 @@ test393 test394 test395 \
- test400 test401 test402 test403 test404 test405 test406 test407 test408 \
- test409 \
- \
-+test490 test491 test492 \
-+\
- test500 test501 test502 test503 test504 test505 test506 test507 test508 \
- test509 test510 test511 test512 test513 test514 test515 test516 test517 \
- test518 test519 test520 test521 test522 test523 test524 test525 test526 \
-diff --git a/tests/data/test490 b/tests/data/test490
-new file mode 100644
-index 0000000..a3383a9
---- /dev/null
-+++ b/tests/data/test490
-@@ -0,0 +1,68 @@
-+<testcase>
-+<info>
-+<keywords>
-+HTTP
-+HTTP PUT
-+</keywords>
-+</info>
-+
-+#
-+# Server-side
-+<reply>
-+<data>
-+HTTP/1.1 200 OK
-+Date: Thu, 09 Nov 2010 14:49:00 GMT
-+Server: test-server/fake
-+Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
-+ETag: "21025-dc7-39462498"
-+Accept-Ranges: bytes
-+Content-Length: 6
-+Connection: close
-+Content-Type: text/html
-+Funny-head: yesyes
-+
-+-foo-
-+</data>
-+</reply>
-+
-+#
-+# Client-side
-+<client>
-+<server>
-+http
-+</server>
-+ <name>
-+Two globbed HTTP PUTs
-+ </name>
-+ <command>
-+http://%HOSTIP:%HTTPPORT/490 -T '{log/in490,log/in490}'
-+</command>
-+<file name="log/in490">
-+surprise!
-+</file>
-+</client>
-+
-+#
-+# Verify data after the test has been "shot"
-+<verify>
-+<strip>
-+^User-Agent:.*
-+</strip>
-+<protocol>
-+PUT /490 HTTP/1.1
-+Host: 127.0.0.1:8990
-+Accept: */*
-+Content-Length: 10
-+Expect: 100-continue
-+
-+surprise!
-+PUT /490 HTTP/1.1
-+Host: 127.0.0.1:8990
-+Accept: */*
-+Content-Length: 10
-+Expect: 100-continue
-+
-+surprise!
-+</protocol>
-+</verify>
-+</testcase>
-diff --git a/tests/data/test491 b/tests/data/test491
-new file mode 100644
-index 0000000..b49c06c
---- /dev/null
-+++ b/tests/data/test491
-@@ -0,0 +1,64 @@
-+<testcase>
-+<info>
-+<keywords>
-+HTTP
-+HTTP PUT
-+</keywords>
-+</info>
-+
-+#
-+# Server-side
-+<reply>
-+<data>
-+HTTP/1.1 200 OK
-+Date: Thu, 09 Nov 2010 14:49:00 GMT
-+Server: test-server/fake
-+Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
-+ETag: "21025-dc7-39462498"
-+Accept-Ranges: bytes
-+Content-Length: 6
-+Connection: close
-+Content-Type: text/html
-+Funny-head: yesyes
-+
-+-foo-
-+</data>
-+</reply>
-+
-+#
-+# Client-side
-+<client>
-+<server>
-+http
-+</server>
-+ <name>
-+Two globbed HTTP PUTs, the second upload file is missing
-+ </name>
-+ <command>
-+http://%HOSTIP:%HTTPPORT/491 -T '{log/in491,log/bad491}'
-+</command>
-+<file name="log/in491">
-+surprise!
-+</file>
-+</client>
-+
-+#
-+# Verify data after the test has been "shot"
-+<verify>
-+<strip>
-+^User-Agent:.*
-+</strip>
-+<protocol>
-+PUT /491 HTTP/1.1
-+Host: 127.0.0.1:8990
-+Accept: */*
-+Content-Length: 10
-+Expect: 100-continue
-+
-+surprise!
-+</protocol>
-+<errorcode>
-+26
-+</errorcode>
-+</verify>
-+</testcase>
-diff --git a/tests/data/test492 b/tests/data/test492
-new file mode 100644
-index 0000000..12edd8b
---- /dev/null
-+++ b/tests/data/test492
-@@ -0,0 +1,89 @@
-+<testcase>
-+<info>
-+<keywords>
-+HTTP
-+HTTP PUT
-+</keywords>
-+</info>
-+
-+#
-+# Server-side
-+<reply>
-+<data>
-+HTTP/1.1 200 OK
-+Date: Thu, 09 Nov 2010 14:49:00 GMT
-+Server: test-server/fake
-+Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
-+ETag: "21025-dc7-39462498"
-+Accept-Ranges: bytes
-+Content-Length: 6
-+Connection: close
-+Content-Type: text/html
-+Funny-head: yesyes
-+
-+-foo-
-+</data>
-+</reply>
-+
-+#
-+# Client-side
-+<client>
-+<server>
-+http
-+</server>
-+ <name>
-+Two globbed HTTP PUTs to two globbed URLs
-+ </name>
-+ <command>
-+'http://%HOSTIP:%HTTPPORT/{one,two}/' -T '{log/first492,log/second492}' -H "Testno: 492"
-+</command>
-+<file name="log/first492">
-+first 492 contents
-+</file>
-+<file1 name="log/second492">
-+second 492 contents
-+</file1>
-+</client>
-+
-+#
-+# Verify data after the test has been "shot"
-+<verify>
-+<strip>
-+^User-Agent:.*
-+</strip>
-+<protocol>
-+PUT /one/first492 HTTP/1.1
-+Host: 127.0.0.1:8990
-+Accept: */*
-+Testno: 492
-+Content-Length: 19
-+Expect: 100-continue
-+
-+first 492 contents
-+PUT /two/first492 HTTP/1.1
-+Host: 127.0.0.1:8990
-+Accept: */*
-+Testno: 492
-+Content-Length: 19
-+Expect: 100-continue
-+
-+first 492 contents
-+PUT /one/second492 HTTP/1.1
-+Host: 127.0.0.1:8990
-+Accept: */*
-+Testno: 492
-+Content-Length: 20
-+Expect: 100-continue
-+
-+second 492 contents
-+PUT /two/second492 HTTP/1.1
-+Host: 127.0.0.1:8990
-+Accept: */*
-+Testno: 492
-+Content-Length: 20
-+Expect: 100-continue
-+
-+second 492 contents
-+</protocol>
-+</verify>
-+</testcase>
--- 
-2.20.1
-

0101-curl-7.32.0-multilib.patch

@@ -4,16 +4,16 @@ Date: Fri, 12 Apr 2013 12:04:05 +0200
 Subject: [PATCH] prevent multilib conflicts on the curl-config script
 
 ---
- curl-config.in     |   21 +++------------------
- docs/curl-config.1 |    4 +++-
- libcurl.pc.in      |    1 +
- 3 files changed, 7 insertions(+), 19 deletions(-)
+ curl-config.in     | 23 +++++------------------
+ docs/curl-config.1 |  4 +++-
+ libcurl.pc.in      |  1 +
+ 3 files changed, 9 insertions(+), 19 deletions(-)
 
 diff --git a/curl-config.in b/curl-config.in
 index 150004d..95d0759 100644
 --- a/curl-config.in
 +++ b/curl-config.in
-@@ -76,7 +76,7 @@ while test $# -gt 0; do
+@@ -78,7 +78,7 @@ while test $# -gt 0; do
          ;;
  
      --cc)
@@ -22,7 +22,7 @@ index 150004d..95d0759 100644
          ;;
  
      --prefix)
-@@ -155,32 +155,17 @@ while test $# -gt 0; do
+@@ -157,32 +157,19 @@ while test $# -gt 0; do
          ;;
  
      --libs)
@@ -31,7 +31,7 @@ index 150004d..95d0759 100644
 -        else
 -           CURLLIBDIR=""
 -        fi
--        if test "X@REQUIRE_LIB_DEPS@" = "Xyes"; then
+-        if test "X@ENABLE_SHARED@" = "Xno"; then
 -          echo ${CURLLIBDIR}-lcurl @LIBCURL_LIBS@
 -        else
 -          echo ${CURLLIBDIR}-lcurl
@@ -44,11 +44,13 @@ index 150004d..95d0759 100644
  
      --static-libs)
 -        if test "X@ENABLE_STATIC@" != "Xno" ; then
--          echo @libdir@/libcurl.@libext@ @LDFLAGS@ @LIBCURL_LIBS@
+-          echo "@libdir@/libcurl.@libext@" @LDFLAGS@ @LIBCURL_LIBS@
 -        else
 -          echo "curl was built with static libraries disabled" >&2
 -          exit 1
 -        fi
++        echo "curl was built with static libraries disabled" >&2
++        exit 1
          ;;
  
      --configure)
@@ -61,7 +63,7 @@ diff --git a/docs/curl-config.1 b/docs/curl-config.1
 index 14a9d2b..ffcc004 100644
 --- a/docs/curl-config.1
 +++ b/docs/curl-config.1
-@@ -70,7 +70,9 @@ no, one or several names. If more than one name, they will appear
+@@ -72,7 +72,9 @@ no, one or several names. If more than one name, they will appear
  comma-separated. (Added in 7.58.0)
  .IP "--static-libs"
  Shows the complete set of libs and other linker options you will need in order
@@ -76,14 +78,14 @@ diff --git a/libcurl.pc.in b/libcurl.pc.in
 index 2ba9c39..f8f8b00 100644
 --- a/libcurl.pc.in
 +++ b/libcurl.pc.in
-@@ -29,6 +29,7 @@ libdir=@libdir@
+@@ -31,6 +31,7 @@ libdir=@libdir@
  includedir=@includedir@
  supported_protocols="@SUPPORT_PROTOCOLS@"
  supported_features="@SUPPORT_FEATURES@"
 +configure_options=@CONFIGURE_OPTIONS@
  
  Name: libcurl
- URL: https://curl.haxx.se/
+ URL: https://curl.se/
 -- 
-2.5.0
+2.26.2
 

0102-curl-7.36.0-debug.patch

@@ -1,65 +0,0 @@
-From 6710648c2b270c9ce68a7d9f1bba1222c7be8b58 Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Wed, 31 Oct 2012 11:38:30 +0100
-Subject: [PATCH] prevent configure script from discarding -g in CFLAGS (#496778)
-
----
- configure            |   13 +++----------
- m4/curl-compilers.m4 |   13 +++----------
- 2 files changed, 6 insertions(+), 20 deletions(-)
-
-diff --git a/configure b/configure
-index 8f079a3..53b4774 100755
---- a/configure
-+++ b/configure
-@@ -16331,18 +16331,11 @@ $as_echo "yes" >&6; }
-     gccvhi=`echo $gccver | cut -d . -f1`
-     gccvlo=`echo $gccver | cut -d . -f2`
-     compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`
--    flags_dbg_all="-g -g0 -g1 -g2 -g3"
--    flags_dbg_all="$flags_dbg_all -ggdb"
--    flags_dbg_all="$flags_dbg_all -gstabs"
--    flags_dbg_all="$flags_dbg_all -gstabs+"
--    flags_dbg_all="$flags_dbg_all -gcoff"
--    flags_dbg_all="$flags_dbg_all -gxcoff"
--    flags_dbg_all="$flags_dbg_all -gdwarf-2"
--    flags_dbg_all="$flags_dbg_all -gvms"
-+    flags_dbg_all=""
-     flags_dbg_yes="-g"
-     flags_dbg_off=""
--    flags_opt_all="-O -O0 -O1 -O2 -O3 -Os -Og -Ofast"
--    flags_opt_yes="-O2"
-+    flags_opt_all=""
-+    flags_opt_yes=""
-     flags_opt_off="-O0"
- 
-     OLDCPPFLAGS=$CPPFLAGS
-diff --git a/m4/curl-compilers.m4 b/m4/curl-compilers.m4
-index 0cbba7a..9175b5b 100644
---- a/m4/curl-compilers.m4
-+++ b/m4/curl-compilers.m4
-@@ -166,18 +166,11 @@ AC_DEFUN([CURL_CHECK_COMPILER_GNU_C], [
-     gccvhi=`echo $gccver | cut -d . -f1`
-     gccvlo=`echo $gccver | cut -d . -f2`
-     compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`
--    flags_dbg_all="-g -g0 -g1 -g2 -g3"
--    flags_dbg_all="$flags_dbg_all -ggdb"
--    flags_dbg_all="$flags_dbg_all -gstabs"
--    flags_dbg_all="$flags_dbg_all -gstabs+"
--    flags_dbg_all="$flags_dbg_all -gcoff"
--    flags_dbg_all="$flags_dbg_all -gxcoff"
--    flags_dbg_all="$flags_dbg_all -gdwarf-2"
--    flags_dbg_all="$flags_dbg_all -gvms"
-+    flags_dbg_all=""
-     flags_dbg_yes="-g"
-     flags_dbg_off=""
--    flags_opt_all="-O -O0 -O1 -O2 -O3 -Os -Og -Ofast"
--    flags_opt_yes="-O2"
-+    flags_opt_all=""
-+    flags_opt_yes=""
-     flags_opt_off="-O0"
-     CURL_CHECK_DEF([_WIN32], [], [silent])
-   else
--- 
-1.7.1
-

0102-curl-7.84.0-test3026.patch

@@ -0,0 +1,71 @@
+From 279b990727a1fd3e2828fbbd80581777e4200b67 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Mon, 27 Jun 2022 16:50:57 +0200
+Subject: [PATCH] test3026: disable valgrind
+
+It fails on x86_64 with:
+```
+ Use --max-threads=INT to specify a larger number of threads
+ and rerun valgrind
+ valgrind: the 'impossible' happened:
+    Max number of threads is too low
+ host stacktrace:
+ ==174357==    at 0x58042F5A: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
+ ==174357==    by 0x58043087: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
+ ==174357==    by 0x580432EF: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
+ ==174357==    by 0x58043310: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
+ ==174357==    by 0x58099E77: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
+ ==174357==    by 0x580E67E9: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
+ ==174357==    by 0x5809D59D: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
+ ==174357==    by 0x5809901A: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
+ ==174357==    by 0x5809B0B6: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
+ ==174357==    by 0x580E4050: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
+ sched status:
+   running_tid=1
+ Thread 1: status = VgTs_Runnable syscall 56 (lwpid 174357)
+ ==174357==    at 0x4A07816: clone (in /usr/lib64/libc.so.6)
+ ==174357==    by 0x4A08720: __clone_internal (in /usr/lib64/libc.so.6)
+ ==174357==    by 0x4987ACF: create_thread (in /usr/lib64/libc.so.6)
+ ==174357==    by 0x49885F6: pthread_create@@GLIBC_2.34 (in /usr/lib64/libc.so.6)
+ ==174357==    by 0x1093B5: test.part.0 (lib3026.c:64)
+ ==174357==    by 0x492454F: (below main) (in /usr/lib64/libc.so.6)
+ client stack range: [0x1FFEFFC000 0x1FFF000FFF] client SP: 0x1FFEFFC998
+ valgrind stack range: [0x1002BAA000 0x1002CA9FFF] top usage: 11728 of 1048576
+[...]
+```
+---
+ tests/data/test3026     | 3 +++
+ tests/libtest/lib3026.c | 4 ++--
+ 2 files changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/tests/data/test3026 b/tests/data/test3026
+index fb80cc8..01f2ba5 100644
+--- a/tests/data/test3026
++++ b/tests/data/test3026
+@@ -41,5 +41,8 @@ none
+ <errorcode>
+ 0
+ </errorcode>
++<valgrind>
++disable
++</valgrind>
+ </verify>
+ </testcase>
+diff --git a/tests/libtest/lib3026.c b/tests/libtest/lib3026.c
+index 43fe335..70cd7a4 100644
+--- a/tests/libtest/lib3026.c
++++ b/tests/libtest/lib3026.c
+@@ -123,8 +123,8 @@ int test(char *URL)
+     results[i] = CURL_LAST; /* initialize with invalid value */
+     res = pthread_create(&tids[i], NULL, run_thread, &results[i]);
+     if(res) {
+-      fprintf(stderr, "%s:%d Couldn't create thread, errno %d\n",
+-              __FILE__, __LINE__, res);
++      fprintf(stderr, "%s:%d Couldn't create thread, i=%u, errno %d\n",
++              __FILE__, __LINE__, i, res);
+       tid_count = i;
+       test_failure = -1;
+       goto cleanup;
+-- 
+2.37.1
+

0103-curl-7.59.0-python3.patch

@@ -1,34 +0,0 @@
-From 3c4c7340e455b7256c0786759422f34ec3e2d440 Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Thu, 15 Mar 2018 14:49:56 +0100
-Subject: [PATCH] tests/{negtelnet,smb}server.py: migrate to Python 3
-
-Unfortunately, smbserver.py does not work with Python 3 because
-there is no 'impacket' module available for Python 3:
-
-https://github.com/CoreSecurity/impacket/issues/61
----
- tests/negtelnetserver.py | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/tests/negtelnetserver.py b/tests/negtelnetserver.py
-index 8cfd409..72ee771 100755
---- a/tests/negtelnetserver.py
-+++ b/tests/negtelnetserver.py
-@@ -73,11 +73,11 @@ class NegotiatingTelnetHandler(socketserver.BaseRequestHandler):
-                 response_data = response.encode('ascii')
-             else:
-                 log.debug("Received normal request - echoing back")
--                response_data = data.strip()
-+                response_data = data.decode('utf8').strip()
- 
-             if response_data:
-                 log.debug("Sending %r", response_data)
--                self.request.sendall(response_data)
-+                self.request.sendall(response_data.encode('utf8'))
- 
-         except IOError:
-             log.exception("IOError hit during request")
--- 
-2.14.3
-

0104-curl-7.19.7-localhost6.patch

@@ -1,51 +0,0 @@
-diff --git a/tests/data/test1083 b/tests/data/test1083
-index e441278..b0958b6 100644
---- a/tests/data/test1083
-+++ b/tests/data/test1083
-@@ -33,13 +33,13 @@ ipv6
- http-ipv6
- </server>
-  <name>
--HTTP-IPv6 GET with ip6-localhost --interface
-+HTTP-IPv6 GET with localhost6 --interface
-  </name>
-  <command>
---g "http://%HOST6IP:%HTTP6PORT/1083" --interface ip6-localhost
-+-g "http://%HOST6IP:%HTTP6PORT/1083" --interface localhost6
- </command>
- <precheck>
--perl -e "if ('%CLIENT6IP' ne '[::1]') {print 'Test requires default test client host address';} else {exec './server/resolve --ipv6 ip6-localhost'; print 'Cannot run precheck resolve';}"
-+perl -e "if ('%CLIENT6IP' ne '[::1]') {print 'Test requires default test client host address';} else {exec './server/resolve --ipv6 localhost6'; print 'Cannot run precheck resolve';}"
- </precheck>
- </client>
- 
-diff --git a/tests/data/test241 b/tests/data/test241
-index 46eae1f..4e1632c 100644
---- a/tests/data/test241
-+++ b/tests/data/test241
-@@ -30,13 +30,13 @@ ipv6
- http-ipv6
- </server>
-  <name>
--HTTP-IPv6 GET (using ip6-localhost)
-+HTTP-IPv6 GET (using localhost6)
-  </name>
-  <command>
---g "http://ip6-localhost:%HTTP6PORT/241"
-+-g "http://localhost6:%HTTP6PORT/241"
- </command>
- <precheck>
--./server/resolve --ipv6 ip6-localhost
-+./server/resolve --ipv6 localhost6
- </precheck>
- </client>
- 
-@@ -48,7 +48,7 @@ HTTP-IPv6 GET (using ip6-localhost)
- </strip>
- <protocol>
- GET /241 HTTP/1.1
--Host: ip6-localhost:%HTTP6PORT
-+Host: localhost6:%HTTP6PORT
- Accept: */*
- 
- </protocol>

0105-curl-7.63.0-lib1560-valgrind.patch

@@ -1,39 +0,0 @@
-From f55cca0e86f59ec11ffafd5c0503c39ca3723e2e Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Mon, 4 Feb 2019 17:32:56 +0100
-Subject: [PATCH] libtest: compile lib1560.c with -fno-builtin-strcmp
-
-... to prevent valgrind from reporting false positives on x86_64:
-
-Conditional jump or move depends on uninitialised value(s)
-   at 0x10BCAA: part2id (lib1560.c:489)
-   by 0x10BCAA: updateurl (lib1560.c:521)
-   by 0x10BCAA: set_parts (lib1560.c:630)
-   by 0x10BCAA: test (lib1560.c:802)
-   by 0x4923412: (below main) (in /usr/lib64/libc-2.28.9000.so)
-
-Conditional jump or move depends on uninitialised value(s)
-   at 0x10BCC3: part2id (lib1560.c:491)
-   by 0x10BCC3: updateurl (lib1560.c:521)
-   by 0x10BCC3: set_parts (lib1560.c:630)
-   by 0x10BCC3: test (lib1560.c:802)
-   by 0x4923412: (below main) (in /usr/lib64/libc-2.28.9000.so)
----
- tests/libtest/Makefile.inc | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc
-index 080421b..ea3b806 100644
---- a/tests/libtest/Makefile.inc
-+++ b/tests/libtest/Makefile.inc
-@@ -534,6 +534,7 @@ lib1559_SOURCES = lib1559.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
- lib1559_LDADD = $(TESTUTIL_LIBS)
- 
- lib1560_SOURCES = lib1560.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
-+lib1560_CFLAGS = $(AM_CFLAGS) -fno-builtin-strcmp
- lib1560_LDADD = $(TESTUTIL_LIBS)
- 
- lib1591_SOURCES = lib1591.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
--- 
-2.17.2
-

ci.fmf

@@ -0,0 +1,9 @@
+discover:
+  how: fmf
+prepare:
+  how: install
+  exclude:
+    - libcurl-minimal
+    - curl-minimal
+execute:
+  how: tmt

curl-7.67.0.tar.xz.asc

@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAl3CauAACgkQXMkI/bce
-EsKe7Qf+Py/Wufz3AqqpJ1Xr0oigaV1Sa5AAyRD+KX8jwSJTRaRahaECGMhmR9vh
-kBaMFtycctCKcK1masI9GSeTX5nCtmaWzELLsBXynm/l2W+hrW1AD2R++YuM384t
-O078GxgsgRH0m8MacSKoV5yPOv/h9URnVMTavkAIfnW50vw17akDZ9MW2NhJzKpP
-s6GgWTMB5gomTHlnlHjTjtNoVbKKrV4v9YyRwqzI3XHXYtYOA7iufP4wnT+dpSm5
-ZLdbg5Nq+1pCTEiMg3KZKYNriypoLJuWuSF+bKc54CGN63eoUxXgU6js9ViHS5JS
-3dPfzzRA8wgROem58QhHnrR9c2CmdQ==
-=5gov
------END PGP SIGNATURE-----

curl.spec

@@ -1,31 +1,24 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
-Version: 7.67.0
-Release: 2%{?dist}
+Version: 7.85.0
+Release: 1%{?dist}
 License: MIT
-Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz
-
-# fix infinite loop on upload using a glob (#1771025)
-Patch1:   0001-curl-7.67.0-upload-glob.patch
+Source0: https://curl.se/download/%{name}-%{version}.tar.xz
+Source1: https://curl.se/download/%{name}-%{version}.tar.xz.asc
+# The curl download page ( https://curl.se/download.html ) links
+# to Daniel's address page https://daniel.haxx.se/address.html for the GPG Key,
+# which points to the GPG key as of April 7th 2016 of https://daniel.haxx.se/mykey.asc
+Source2: mykey.asc
 
 # patch making libcurl multilib ready
 Patch101: 0101-curl-7.32.0-multilib.patch
 
-# prevent configure script from discarding -g in CFLAGS (#496778)
-Patch102: 0102-curl-7.36.0-debug.patch
-
-# migrate tests/http_pipe.py to Python 3
-Patch103: 0103-curl-7.59.0-python3.patch
-
-# use localhost6 instead of ip6-localhost in the curl test-suite
-Patch104: 0104-curl-7.19.7-localhost6.patch
-
-# prevent valgrind from reporting false positives on x86_64
-Patch105: 0105-curl-7.63.0-lib1560-valgrind.patch
+# test3026: disable valgrind
+Patch102: 0102-curl-7.84.0-test3026.patch
 
 Provides: curl-full = %{version}-%{release}
 Provides: webclient
-URL: https://curl.haxx.se/
+URL: https://curl.se/
 BuildRequires: automake
 BuildRequires: brotli-devel
 BuildRequires: coreutils
@@ -33,10 +26,10 @@ BuildRequires: gcc
 BuildRequires: groff
 BuildRequires: krb5-devel
 BuildRequires: libidn2-devel
-BuildRequires: libmetalink-devel
 BuildRequires: libnghttp2-devel
 BuildRequires: libpsl-devel
 BuildRequires: libssh-devel
+BuildRequires: libtool
 BuildRequires: make
 BuildRequires: openldap-devel
 BuildRequires: openssh-clients
@@ -44,11 +37,14 @@ BuildRequires: openssh-server
 BuildRequires: openssl-devel
 BuildRequires: perl-interpreter
 BuildRequires: pkgconfig
+BuildRequires: python-unversioned-command
 BuildRequires: python3-devel
 BuildRequires: sed
-BuildRequires: stunnel
 BuildRequires: zlib-devel
 
+# For gpg verification of source tarball
+BuildRequires: gnupg2
+
 # needed to compress content of tool_hugehelp.c after changing curl.1 man page
 BuildRequires: perl(IO::Compress::Gzip)
 
@@ -61,12 +57,16 @@ BuildRequires: perl(warnings)
 # gnutls-serv is used by the upstream test-suite
 BuildRequires: gnutls-utils
 
+# hostname(1) is used by the test-suite but it is missing in armv7hl buildroot
+BuildRequires: hostname
+
 # nghttpx (an HTTP/2 proxy) is used by the upstream test-suite
 BuildRequires: nghttp2
 
 # perl modules used in the test suite
 BuildRequires: perl(Cwd)
 BuildRequires: perl(Digest::MD5)
+BuildRequires: perl(Digest::SHA)
 BuildRequires: perl(Exporter)
 BuildRequires: perl(File::Basename)
 BuildRequires: perl(File::Copy)
@@ -77,6 +77,11 @@ BuildRequires: perl(Time::Local)
 BuildRequires: perl(Time::HiRes)
 BuildRequires: perl(vars)
 
+%if 0%{?fedora}
+# needed for upstream test 1451
+BuildRequires: python3-impacket
+%endif
+
 # The test-suite runs automatically through valgrind if valgrind is available
 # on the system.  By not installing valgrind into mock's chroot, we disable
 # this feature for production builds on architectures where valgrind is known
@@ -87,6 +92,12 @@ BuildRequires: perl(vars)
 BuildRequires: valgrind
 %endif
 
+# stunnel is used by upstream tests but it does not seem to work reliably
+# on s390x and occasionally breaks some tests (mainly 1561 and 1562)
+%ifnarch s390x
+BuildRequires: stunnel
+%endif
+
 # using an older version of libcurl could result in CURLE_UNKNOWN_OPTION
 Requires: libcurl%{?_isa} >= %{version}-%{release}
 
@@ -100,7 +111,8 @@ Requires: libcurl%{?_isa} >= %{version}-%{release}
 
 # require at least the version of openssl-libs that we were built against,
 # to ensure that we have the necessary symbols available (#1462184, #1462211)
-%global openssl_version %(pkg-config --modversion openssl 2>/dev/null || echo 0)
+# (we need to translate 3.0.0-alpha16 -> 3.0.0-0.alpha16 and 3.0.0-beta1 -> 3.0.0-0.beta1 though)
+%global openssl_version %({ pkg-config --modversion openssl 2>/dev/null || echo 0;} | sed 's|-|-0.|')
 
 %description
 curl is a command line tool for transferring data with URL syntax, supporting
@@ -143,6 +155,7 @@ documentation of the library, too.
 Summary: Conservatively configured build of curl for minimal installations
 Provides: curl = %{version}-%{release}
 Conflicts: curl
+Suggests: libcurl-minimal
 RemovePathPostfixes: .minimal
 
 # using an older version of libcurl could result in CURLE_UNKNOWN_OPTION
@@ -159,7 +172,7 @@ Summary: Conservatively configured build of libcurl for minimal installations
 Requires: openssl-libs%{?_isa} >= 1:%{openssl_version}
 Provides: libcurl = %{version}-%{release}
 Provides: libcurl%{?_isa} = %{version}-%{release}
-Conflicts: libcurl
+Conflicts: libcurl%{?_isa}
 RemovePathPostfixes: .minimal
 # needed for RemovePathPostfixes to work with shared libraries
 %undefine __brp_ldconfig
@@ -171,55 +184,79 @@ other hand, the package is smaller and requires fewer run-time dependencies to
 be installed.
 
 %prep
+%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
 %setup -q
 
 # upstream patches
-%patch1 -p1
 
 # Fedora patches
 %patch101 -p1
 %patch102 -p1
-%patch103 -p1
-%patch104 -p1
-%patch105 -p1
-
-# make tests/*.py use Python 3
-sed -e '1 s|^#!/.*python|#!%{__python3}|' -i tests/*.py
-
-# regenerate Makefile.in files
-aclocal -I m4
-automake
 
 # disable test 1112 (#565305), test 1455 (occasionally fails with 'bind failed
 # with errno 98: Address already in use' in Koji environment), and test 1801
 # <https://github.com/bagder/curl/commit/21e82bd6#commitcomment-12226582>
-# and test 1900, which is flaky and covers a deprecated feature of libcurl
-# <https://github.com/curl/curl/pull/2705>
-printf "1112\n1455\n1801\n1900\n" >> tests/data/DISABLED
+printf "1112\n1455\n1184\n1801\n" >> tests/data/DISABLED
 
 # disable test 1319 on ppc64 (server times out)
 %ifarch ppc64
 echo "1319" >> tests/data/DISABLED
 %endif
 
-# temporarily disable test 582 on s390x (client times out)
+# disable tests 320..322 on ppc64le where it started to hang/fail
+%ifarch ppc64le
+printf "320\n321\n322\n" >> tests/data/DISABLED
+%endif
+
+# temporarily disable tests 582 and 1452 on s390x (client times out)
 %ifarch s390x
-echo "582" >> tests/data/DISABLED
+printf "582\n1452\n" >> tests/data/DISABLED
+%endif
+
+# temporarily disable tests 702 703 716 on armv7hl (#1829180)
+%ifarch armv7hl
+printf "702\n703\n716\n" >> tests/data/DISABLED
+%endif
+
+# temporarily disable tests 300{0,1} on x86_64 (stunnel clashes with itself)
+%ifarch x86_64
+printf "3000\n3001\n" >> tests/data/DISABLED
+%endif
+
+# test3026: avoid pthread_create() failure due to resource exhaustion on i386
+%ifarch %{ix86}
+sed -e 's|NUM_THREADS 1000$|NUM_THREADS 256|' \
+    -i tests/libtest/lib3026.c
 %endif
 
 # adapt test 323 for updated OpenSSL
-sed -e 's/^35$/35,52/' -i tests/data/test323
+sed -e 's|^35$|35,52|' -i tests/data/test323
+
+# use localhost6 instead of ip6-localhost in the curl test-suite
+(
+    # avoid glob expansion in the trace output of `bash -x`
+    { set +x; } 2>/dev/null
+    cmd="sed -e 's|ip6-localhost|localhost6|' -i tests/data/test[0-9]*"
+    printf "+ %s\n" "$cmd" >&2
+    eval "$cmd"
+)
+
+# regenerate the configure script and Makefile.in files
+autoreconf -fiv
 
 %build
 mkdir build-{full,minimal}
-export common_configure_opts=" \
-    --cache-file=../config.cache \
-    --disable-static \
-    --enable-symbol-hiding \
-    --enable-ipv6 \
-    --enable-threaded-resolver \
-    --with-gssapi \
-    --with-nghttp2 \
+export common_configure_opts="          \
+    --cache-file=../config.cache        \
+    --disable-static                    \
+    --enable-hsts                       \
+    --enable-ipv6                       \
+    --enable-symbol-hiding              \
+    --enable-threaded-resolver          \
+    --without-zstd                      \
+    --with-gssapi                       \
+    --with-libidn2                      \
+    --with-nghttp2                      \
     --with-ssl --with-ca-bundle=%{_sysconfdir}/pki/tls/certs/ca-bundle.crt"
 
 %global _configure ../configure
@@ -227,28 +264,50 @@ export common_configure_opts=" \
 # configure minimal build
 (
     cd build-minimal
-    %configure $common_configure_opts \
-        --disable-ldap \
-        --disable-ldaps \
-        --disable-manual \
-        --without-brotli \
-        --without-libidn2 \
-        --without-libmetalink \
-        --without-libpsl \
+    %configure $common_configure_opts   \
+        --disable-dict                  \
+        --disable-gopher                \
+        --disable-imap                  \
+        --disable-ldap                  \
+        --disable-ldaps                 \
+        --disable-manual                \
+        --disable-mqtt                  \
+        --disable-ntlm                  \
+        --disable-ntlm-wb               \
+        --disable-pop3                  \
+        --disable-rtsp                  \
+        --disable-smb                   \
+        --disable-smtp                  \
+        --disable-telnet                \
+        --disable-tftp                  \
+        --disable-tls-srp               \
+        --without-brotli                \
+        --without-libpsl                \
         --without-libssh
 )
 
 # configure full build
 (
     cd build-full
-    %configure $common_configure_opts \
-        --enable-ldap \
-        --enable-ldaps \
-        --enable-manual \
-        --with-brotli \
-        --with-libidn2 \
-        --with-libmetalink \
-        --with-libpsl \
+    %configure $common_configure_opts   \
+        --enable-dict                   \
+        --enable-gopher                 \
+        --enable-imap                   \
+        --enable-ldap                   \
+        --enable-ldaps                  \
+        --enable-manual                 \
+        --enable-mqtt                   \
+        --enable-ntlm                   \
+        --enable-ntlm-wb                \
+        --enable-pop3                   \
+        --enable-rtsp                   \
+        --enable-smb                    \
+        --enable-smtp                   \
+        --enable-telnet                 \
+        --enable-tftp                   \
+        --enable-tls-srp                \
+        --with-brotli                   \
+        --with-libpsl                   \
         --with-libssh
 )
 
@@ -257,35 +316,48 @@ sed -e 's/^runpath_var=.*/runpath_var=/' \
     -e 's/^hardcode_libdir_flag_spec=".*"$/hardcode_libdir_flag_spec=""/' \
     -i build-{full,minimal}/libtool
 
-make %{?_smp_mflags} V=1 -C build-minimal
-make %{?_smp_mflags} V=1 -C build-full
+%make_build V=1 -C build-minimal
+%make_build V=1 -C build-full
 
 %check
-# we have to override LD_LIBRARY_PATH because we eliminated rpath
-LD_LIBRARY_PATH="$RPM_BUILD_ROOT%{_libdir}:$LD_LIBRARY_PATH"
-export LD_LIBRARY_PATH
-
 # compile upstream test-cases
-cd build-full/tests
-make %{?_smp_mflags} V=1
+%make_build V=1 -C build-minimal/tests
+%make_build V=1 -C build-full/tests
 
 # relax crypto policy for the test-suite to make it pass again (#1610888)
 export OPENSSL_SYSTEM_CIPHERS_OVERRIDE=XXX
 export OPENSSL_CONF=
 
-# run the upstream test-suite
-srcdir=../../tests perl -I../../tests ../../tests/runtests.pl -a -p -v '!flaky'
+# make runtests.pl work for out-of-tree builds
+export srcdir=../../tests
+
+# prevent valgrind from being extremely slow (#1662656)
+# https://fedoraproject.org/wiki/Changes/DebuginfodByDefault
+unset DEBUGINFOD_URLS
+
+# run the upstream test-suite for both curl-minimal and curl-full
+for size in minimal full; do (
+    cd build-${size}
+
+    # we have to override LD_LIBRARY_PATH because we eliminated rpath
+    export LD_LIBRARY_PATH="${PWD}/lib/.libs"
+
+    cd tests
+    perl -I../../tests ../../tests/runtests.pl -a -p -v '!flaky'
+)
+done
+
 
 %install
 # install and rename the library that will be packaged as libcurl-minimal
-make DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p" install -C build-minimal/lib
+%make_install -C build-minimal/lib
 rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.{la,so}
 for i in ${RPM_BUILD_ROOT}%{_libdir}/*; do
     mv -v $i $i.minimal
 done
 
 # install and rename the executable that will be packaged as curl-minimal
-make DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p" install -C build-minimal/src
+%make_install -C build-minimal/src
 mv -v ${RPM_BUILD_ROOT}%{_bindir}/curl{,.minimal}
 
 # install libcurl.m4
@@ -294,12 +366,12 @@ install -m 644 docs/libcurl/libcurl.m4 $RPM_BUILD_ROOT%{_datadir}/aclocal
 
 # install the executable and library that will be packaged as curl and libcurl
 cd build-full
-make DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p" install
+%make_install
 
 # install zsh completion for curl
 # (we have to override LD_LIBRARY_PATH because we eliminated rpath)
 LD_LIBRARY_PATH="$RPM_BUILD_ROOT%{_libdir}:$LD_LIBRARY_PATH" \
-    make DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p" install -C scripts
+    %make_install -C scripts
 
 # do not install /usr/share/fish/completions/curl.fish which is also installed
 # by fish-3.0.2-1.module_f31+3716+57207597 and would trigger a conflict
@@ -314,12 +386,11 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 %files
 %doc CHANGES
 %doc README
-%doc docs/BUGS
+%doc docs/BUGS.md
 %doc docs/FAQ
-%doc docs/FEATURES
-%doc docs/RESOURCES
+%doc docs/FEATURES.md
 %doc docs/TODO
-%doc docs/TheArtOfHttpScripting
+%doc docs/TheArtOfHttpScripting.md
 %{_bindir}/curl
 %{_mandir}/man1/curl.1*
 %{_datadir}/zsh
@@ -331,7 +402,7 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 
 %files -n libcurl-devel
 %doc docs/examples/*.c docs/examples/Makefile.example docs/INTERNALS.md
-%doc docs/CONTRIBUTE.md docs/libcurl/ABI
+%doc docs/CONTRIBUTE.md docs/libcurl/ABI.md
 %{_bindir}/curl-config*
 %{_includedir}/curl
 %{_libdir}/*.so
@@ -350,10 +421,207 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
 
 %changelog
-* Thu Nov 14 2019 Kamil Dudka <kdudka@redhat.com> - 7.67.1-2
+* Thu Sep 01 2022 Kamil Dudka <kdudka@redhat.com> - 7.85.0-3
+- new upstream release, which fixes the following vulnerability
+    CVE-2022-35252 - control code in cookie denial of service
+
+* Thu Aug 25 2022 Kamil Dudka <kdudka@redhat.com> - 7.84.0-3
+- tests: fix http2 tests to use CRLF headers to make it work with nghttp2-1.49.0
+
+* Wed Jul 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 7.84.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Mon Jun 27 2022 Kamil Dudka <kdudka@redhat.com> - 7.84.0-1
+- new upstream release, which fixes the following vulnerabilities
+    CVE-2022-32207 - Unpreserved file permissions
+    CVE-2022-32205 - Set-Cookie denial of service
+    CVE-2022-32206 - HTTP compression denial of service
+    CVE-2022-32208 - FTP-KRB bad message verification
+
+* Wed May 11 2022 Kamil Dudka <kdudka@redhat.com> - 7.83.1-1
+- new upstream release, which fixes the following vulnerabilities
+    CVE-2022-27782 - fix too eager reuse of TLS and SSH connections
+    CVE-2022-27779 - do not accept cookies for TLD with trailing dot
+    CVE-2022-27778 - do not remove wrong file on error
+    CVE-2022-30115 - hsts: ignore trailing dots when comparing hosts names
+    CVE-2022-27780 - reject percent-encoded path separator in URL host
+
+* Wed Apr 27 2022 Kamil Dudka <kdudka@redhat.com> - 7.83.0-1
+- new upstream release, which fixes the following vulnerabilities
+    CVE-2022-27774 - curl credential leak on redirect
+    CVE-2022-27776 - curl auth/cookie leak on redirect
+    CVE-2022-27775 - curl bad local IPv6 connection reuse
+    CVE-2022-22576 - curl OAUTH2 bearer bypass in connection re-use
+
+* Tue Mar 15 2022 Kamil Dudka <kdudka@redhat.com> - 7.82.0-2
+- openssl: fix incorrect CURLE_OUT_OF_MEMORY error on CN check failure
+
+* Sat Mar 05 2022 Kamil Dudka <kdudka@redhat.com> - 7.82.0-1
+- new upstream release
+
+* Thu Feb 24 2022 Kamil Dudka <kdudka@redhat.com> - 7.81.0-4
+- enable IDN support also in libcurl-minimal
+
+* Thu Feb 10 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 7.81.0-3
+- Suggest libcurl-minimal in curl-minimal
+
+* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 7.81.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Wed Jan 05 2022 Kamil Dudka <kdudka@redhat.com> - 7.81.0-1
+- new upstream release
+
+* Sun Nov 14 2021 Paul Howarth <paul@city-fan.org> - 7.80.0-2
+- sshserver.pl (used in test suite) now requires the Digest::SHA perl module
+
+* Wed Nov 10 2021 Kamil Dudka <kdudka@redhat.com> - 7.80.0-1
+- new upstream release
+
+* Tue Oct 26 2021 Kamil Dudka <kdudka@redhat.com> - 7.79.1-3
+- re-enable HSTS in libcurl-minimal as a security feature (#2005874)
+
+* Mon Oct 04 2021 Kamil Dudka <kdudka@redhat.com> - 7.79.1-2
+- disable more protocols and features in libcurl-minimal (#2005874)
+
+* Wed Sep 22 2021 Kamil Dudka <kdudka@redhat.com> - 7.79.1-1
+- new upstream release
+
+* Thu Sep 16 2021 Kamil Dudka <kdudka@redhat.com> - 7.79.0-4
+- fix regression in http2 implementation introduced in the last release
+
+* Thu Sep 16 2021 Sahana Prasad <sahana@redhat.com> - 7.79.0-3
+- Rebuilt with OpenSSL 3.0.0
+
+* Thu Sep 16 2021 Kamil Dudka <kdudka@redhat.com> - 7.79.0-2
+- make SCP/SFTP tests work with openssh-8.7p1
+
+* Wed Sep 15 2021 Kamil Dudka <kdudka@redhat.com> - 7.79.0-1
+- new upstream release, which fixes the following vulnerabilities
+    CVE-2021-22947 - STARTTLS protocol injection via MITM
+    CVE-2021-22946 - protocol downgrade required TLS bypassed
+    CVE-2021-22945 - use-after-free and double-free in MQTT sending
+
+* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 7.78.0-4
+- Rebuilt with OpenSSL 3.0.0
+
+* Fri Jul 23 2021 Kamil Dudka <kdudka@redhat.com> - 7.78.0-3
+- make explicit dependency on openssl work with alpha/beta builds of openssl
+
+* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 7.78.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Wed Jul 21 2021 Kamil Dudka <kdudka@redhat.com> - 7.78.0-1
+- new upstream release, which fixes the following vulnerabilities
+    CVE-2021-22925 - TELNET stack contents disclosure again
+    CVE-2021-22924 - bad connection reuse due to flawed path name checks
+    CVE-2021-22923 - metalink download sends credentials
+    CVE-2021-22922 - wrong content via metalink not discarded
+
+* Wed Jun 02 2021 Kamil Dudka <kdudka@redhat.com> - 7.77.0-2
+- build the curl tool without metalink support (#1967213)
+
+* Wed May 26 2021 Kamil Dudka <kdudka@redhat.com> - 7.77.0-1
+- new upstream release, which fixes the following vulnerabilities
+    CVE-2021-22901 - TLS session caching disaster
+    CVE-2021-22898 - TELNET stack contents disclosure
+
+* Mon May 03 2021 Kamil Dudka <kdudka@redhat.com> - 7.76.1-2
+- http2: fix resource leaks detected by Coverity
+
+* Wed Apr 14 2021 Kamil Dudka <kdudka@redhat.com> - 7.76.1-1
+- new upstream release
+
+* Wed Mar 31 2021 Kamil Dudka <kdudka@redhat.com> - 7.76.0-1
+- new upstream release, which fixes the following vulnerabilities
+    CVE-2021-22890 - TLS 1.3 session ticket proxy host mixup
+    CVE-2021-22876 - Automatic referer leaks credentials
+
+* Wed Mar 24 2021 Kamil Dudka <kdudka@redhat.com> - 7.75.0-3
+- fix SIGSEGV upon disconnect of a ldaps:// transfer
+
+* Tue Feb 23 2021 Kamil Dudka <kdudka@redhat.com> - 7.75.0-2
+- build-require python3-impacket only on Fedora
+
+* Wed Feb 03 2021 Kamil Dudka <kdudka@redhat.com> - 7.75.0-1
+- new upstream release
+
+* Tue Jan 26 2021 Kamil Dudka <kdudka@redhat.com> - 7.74.0-4
+- do not use stunnel for tests on s390x builds to avoid spurious failures
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 7.74.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Wed Dec 09 2020 Kamil Dudka <kdudka@redhat.com> - 7.74.0-2
+- do not rewrite shebangs in test-suite to use python3 explicitly
+
+* Wed Dec 09 2020 Kamil Dudka <kdudka@redhat.com> - 7.74.0-1
+- new upstream release, which fixes the following vulnerabilities
+    CVE-2020-8286 - curl: Inferior OCSP verification
+    CVE-2020-8285 - libcurl: FTP wildcard stack overflow
+    CVE-2020-8284 - curl: trusting FTP PASV responses
+
+* Wed Oct 14 2020 Kamil Dudka <kdudka@redhat.com> - 7.73.0-2
+- prevent upstream test 1451 from being skipped
+
+* Wed Oct 14 2020 Kamil Dudka <kdudka@redhat.com> - 7.73.0-1
+- new upstream release
+
+* Thu Sep 10 2020 Jinoh Kang <aurhb20@protonmail.ch> - 7.72.0-2
+- fix multiarch conflicts in libcurl-minimal (#1877671)
+
+* Wed Aug 19 2020 Kamil Dudka <kdudka@redhat.com> - 7.72.0-1
+- new upstream release, which fixes the following vulnerability
+    CVE-2020-8231 - libcurl: wrong connect-only connection
+
+* Thu Aug 06 2020 Kamil Dudka <kdudka@redhat.com> - 7.71.1-5
+- setopt: unset NOBODY switches to GET if still HEAD
+
+* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 7.71.1-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Mon Jul 13 2020 Tom Stellard <tstellar@redhat.com> - 7.71.1-3
+- Use make macros
+- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
+
+* Fri Jul 03 2020 Kamil Dudka <kdudka@redhat.com> - 7.71.1-2
+- curl: make the --krb option work again (#1833193)
+
+* Wed Jul 01 2020 Kamil Dudka <kdudka@redhat.com> - 7.71.1-1
+- new upstream release
+
+* Wed Jun 24 2020 Kamil Dudka <kdudka@redhat.com> - 7.71.0-1
+- new upstream release, which fixes the following vulnerabilities
+    CVE-2020-8169 - curl: Partial password leak over DNS on HTTP redirect
+    CVE-2020-8177 - curl: overwrite local file with -J
+
+* Wed Apr 29 2020 Kamil Dudka <kdudka@redhat.com> - 7.70.0-1
+- new upstream release
+
+* Mon Apr 20 2020 Kamil Dudka <kdudka@redhat.com> - 7.69.1-3
+- SSH: use new ECDSA key types to check known hosts (#1824926)
+
+* Fri Apr 17 2020 Tom Stellard <tstellar@redhat.com> - 7.69.1-2
+- Prevent discarding of -g when compiling with clang
+
+* Wed Mar 11 2020 Kamil Dudka <kdudka@redhat.com> - 7.69.1-1
+- new upstream release
+
+* Mon Mar 09 2020 Kamil Dudka <kdudka@redhat.com> - 7.69.0-2
+- make Flatpak work again (#1810989)
+
+* Wed Mar 04 2020 Kamil Dudka <kdudka@redhat.com> - 7.69.0-1
+- new upstream release
+
+* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 7.68.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Wed Jan 08 2020 Kamil Dudka <kdudka@redhat.com> - 7.68.0-1
+- new upstream release
+
+* Thu Nov 14 2019 Kamil Dudka <kdudka@redhat.com> - 7.67.0-2
 - fix infinite loop on upload using a glob (#1771025)
 
-* Wed Nov 06 2019 Kamil Dudka <kdudka@redhat.com> - 7.67.1-1
+* Wed Nov 06 2019 Kamil Dudka <kdudka@redhat.com> - 7.67.0-1
 - new upstream release
 
 * Wed Sep 11 2019 Kamil Dudka <kdudka@redhat.com> - 7.66.0-1

mykey.asc

@@ -0,0 +1,77 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2
+
+mQGiBD6tnnoRBACRPnFBVoapBrTpPrCNZ2rq3DcmW6n/soQJW47+zP+vcrcxQ1WJ
+QiWSzLGO+QOIUZSYfnliR22r8HkFX9EUSW3IAcRMJMsaO3wMJ0a+78a9QqWLp6RV
+0arcQkuuCvG79h+yJ6NnoAXe1geRt8vNGsaWtsS91CtYlTSs6JVtaRLnYwCg/Ly1
+EFgvNZ6SJRc/8I5rRv0lrz8D/0goih2kZ5z4SI+r2hgABNcN7g565YwGKaQDbIch
+soh3OBzgETWc3wuAZqmCzQXPXMpMx+ziqX6XDzDKNiGL1CdrBJQd0II8UutWVDje
+f9UxLfo02YQ8diGYeq0u9k1RezC13w4TVUmQfg0Uqn4xM6DNzO1O6yCK8rlNwsvL
+gHNJA/9m1pfzjpvdxtmJNKRU3C4cRCjXhxNdM7laSEj0/wOGaR2QWWEge51orWwo
+SLQUIe4BDPvtRStQHC+tI7qr7d12rMMEBXviJC5EkGBOzlgWr9virjM/u/pkGMc2
+m5r3pVuWH/JSsHsV952y2kWP64uP4zdLXOpVzX/xs0sYJ9nOPLQnRGFuaWVsIFN0
+ZW5iZXJnIChIYXh4KSA8ZGFuaWVsQGhheHguc2U+iF4EExECAB4CHgECF4AFAlQU
+ki4FCwkIBwMFFQoJCAsFFgIDAQAACgkQeOEcayedXJEOOwCggCsNHdAQPAlPte3w
+i2IZEekkM0YAoOXXPFAWjUwIHjZY41l7WgzACbANiFkEExECABkFAj6tnnoECwcD
+AgMVAgMDFgIBAh4BAheAAAoJEHjhHGsnnVyRjngAoO1y3LoSOEgD8vR062cdYDmv
+jLvVAJ0dmp1UiuQp+oMyq2VbWyw8LXN1XLkBDQQ+rZ59EAQAmYsA8gPjJ75gOIPb
+XNg9Z31QzIz65qS9XdNsFNAdKxnY4b72nhc0oaS9/7Dcdf2Q+1mDa2p72DWk+9iz
+7knmBL++csBP2z9eMe5h8oV53prqNOHDHyL3WLOa25ga9381gZnzWoQME74iSBBM
+wDw8vbLEgIZ34JaQ7Oe+9N3+6n8AAwcD/Av+Ms+3gCc5pLp4nx36qqi36fodaG9+
+dwIcMbr9bivEtjmDHeuPsD6X1J9+Y/ikUBIDpMPv33lJxLoubOtpLhEuN2XN/ojT
+rueVPDKA1f+GyfHnyfpf/78IgX1hGVqu/3RBWKPpXFwSZA4q8vFR+FaPC5WbU68t
+FLJpYuC9ZO/LiEYEGBECAAYFAj6tnn0ACgkQeOEcayedXJGtPQCgxrbd59afemZ9
+OIadZD8kUGC29dUAoJ94aGUkWCwoEiPyEZRGXv9XRlfxmQENBFcGhyIBCAC79AIx
+5hHixKmNtqbryuZTDwlt9XXkEn/QSrQD3pzgbsbBiWyqOV4hfscvtmoqA7koOw4h
+zZ/b8pJPA36eNzqMFIbkWpIit/BwA5bTKRkKXeD2kBFkjIN+iDuXawwhv7eNKH9O
+poAUe0K/esK/kvbMO721q24IgkOjB1Vtr/Y4Xkg7+VWVP0LFh7C/2Nwq6n2bktsA
+Ey9uCDD1hl8BdckN/XxpuUqSfxbF85GvYzzON67zOxxo6jqRXXcJ2PdPq0o9Ak0d
+6Fe7g9ZxOAeuYEbFTCZHBBccx84K0Bhn5tpqoq8Mq3f3mZfGBoe4J6wr17cxEDC8
+tTHUpDqk0CoLERUxABEBAAG0IERhbmllbCBTdGVuYmVyZyA8ZGFuaWVsQGhheHgu
+c2U+iQE3BBMBCgAhBQJXBociAhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJ
+EPn+r/nTShvbHoAIAJDwb7dcAX4VGPa2oSuQqVnHsjDE7g8ATmcZq2IAzAG6bZg1
+svuhNyPQnL7kNrsz6Ew+yE4vH8mOjDUbc3feY4MzmtEMaB6VS0Xlna6cdtWkv4Y+
+Us4TuYSdftPZuZgI3nN/sXLlxWJCZgCPJJaGM6dXgyTFatk2P1LE98Qif7+ZMqfv
++BA5L6cy2cAwJ5qbvLtuT25rTxooN54JETfwdhUD1NEIqTQxeC4E5lFvwedjAjLh
+Gswau8WMCdM/HzGbuQ9Gp3/RafYoAvMV6r6sskvUrWubCHj0u+uNgOpUHvlrwcFg
+rBirzQdElumCWqbJVCH0V5NcP/zSz1U1W8wSRqS5AQ0EVwaHIgEIALyCqpnax0cL
+y7EK3UiU2Kkryb7LPsZkia9hTcIZjNg0B8XAdqDYpHiquYtX0cz5I1sSZMBJ/xJP
+BF2ce/bmOTJtyW3GaF9a+M2zboZSzx9nlv9xx0o3bXBrBlL2vaG2TW+x2G53GA0/
+0chbj35PR+fvJx8ob/fHwCkfzGb1qCzwovhwGVUNHqI5bxK/xVwXfiycbllE3Hmf
+09BGeXKR7gQtaal8byKKlqCtayteEaPNQt6czYxZkVAOvY4ZDQKSZJUNwGFog3bG
+6rHr1J/0un6nAvX+wMuvRkUDiQxZZCel7e0Qcg3gPrYh+adlr0Tn7wyCP7/BULz8
+67fQfzc2ENkAEQEAAYkBHwQYAQoACQUCVwaHIgIbDAAKCRD5/q/500ob27KaB/9H
+a+iDip6mxFdoqy7TAefBy7KgbMQxxT926IcFqf70aJDzeVQI3lGCqN9GW03d+wPr
+LoyeQBQKNxxfQ9fEOvp1AXGWFIYYtEZIvQBpIqaSaA7W5IzqfDuO9xG89DNn8zKK
+nh/mbYJov/fywhBU6JH7bqdFSHbqoG9TY64s0BkV6shIVOubXLSG5G7LxXhw+xrb
+0zl4ie2wCeCBOLdbGHc+o2sKo1rBEz6UBK2DesPfkzxBO7lfa9HTcN03UJPHXmzb
+2mCbeFV8yPsTAoaGv4qZH1+FX+9Lv374xTSXa4CjQzSxd0dkZGG+YQjocoPftgsC
+OVsiqW0WhRVIEJ+hBAMUmQENBFcGiPEBCAC7sCnaZqWxfXNgBC7P28BSDUs9w4y/
+PEFsOv9bpgbgZagX1FnhG0eV71nm0p8v9T8Bft1eXaBd977Dq9pgk5qKO0xZo8fC
+8prFqB5db7fMUvPZCuJTTb6lGMz4OdfT6aHqUvJ+LFF1mKn8Eqt1Q4snHGSL1PI3
+/+435qDRQsU15GdYrj1waNJKk79aes9oguaI2/OTQqzIcOFK5tJjlSOD1ryOIH1e
+8vD+5MMpGvsRxv3sQHeTZkfZbkzSLFg/LKpoiQkyql1+BLNhBYq8oaE/jlvQrTEk
+bAyKpMScdyHwmkWWKjyZtXTrAtlComnki4yC2lAV9MXINHHvNJBcIXvVABEBAAG0
+IERhbmllbCBTdGVuYmVyZyA8ZGFuaWVsQGhheHguc2U+iQE3BBMBCgAhBQJXBojx
+AhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEFzJCP23HhLCOKkH/1CyoKiN
+2PCgTlWoYQspv/AAmsj+cFwZobI167KowA+o3zxQqxg0MV3ds8G+iig9OIuYurlQ
+L5Jr3CbDltaiXdWtVteRh/VKp61EwyXq77vjJbx81hvOuaXWWLSlU0KB3w7Hj6aD
+/mt16DpOcY9Aw90mKyvafRTqMF7TcT7J5HeGn2NL45dPkAhiMDEgEnw9yBTxK/x6
+UoQGPgiOWxSSN7Foj3mhUOflp8W0rnkLbJ4icpym6WuLKRMKAefDvk8GVlAWuXAb
+9gloL1P6u3uNHllq/IODR2bZUBI0QNKhvt0iSj7WKsc/kaqscl+AE9jd/6kXd6vh
+TNFWdzeco/2mGlaIRgQQEQoABgUCVwaJ/AAKCRB44RxrJ51ckWcaAKCJ6+arS/3k
+IMcO14Jz8dVf2BH3OACgwTenVSsK66qi+VfGCoALpzpiLDO5AQ0EVwaI8QEIAOxQ
+AEvF3idxcn80tbUhJg1J98fAS7Hx3WhlFG74uAikZQl1KZrprBu70RWTb7Nm1tvZ
+eXW65IlY7kk42bhfYDs1JrIPWOWKvVwKWDxoEbYgW/yvy1TOuXH276zbxLl5OEE8
+sQuOfXZsFSX2IPF9hsgNGaNzor8Ke7Y5BuCQLcGZWW5dLFbbKRKjXG8CaWmsJVoI
+c2nyXCAss2q9oCJ13X/5z+Ei392rwi1d3NxAYkSiDQan+fkWkCvZH+dHmFjQ1AND
+KielxcW1VfilK1hu9ziBBDf8TCEud/q0woIAH7rvIft4i3CqjymonByE4/OjfH8j
+4EteQ8qoknMCjjwNVqkAEQEAAYkBHwQYAQoACQUCVwaI8QIbDAAKCRBcyQj9tx4S
+wupjB/9TV4anbZK58bN7QJ5qGnU3GNjlvWFZXMw1u1xVc7abDJyqmFeJcJ4qLUkv
+BA0OsvlVnMWmeCmzsXhlQVM4Bv6IWyr7JBWgkK5q2CWVB59V7v7znf5kWnMGFhDF
+PlLsGbxDWLMoZGH+Iy84whMJFgferwCJy1dND/bHXPztfhvFXi8NNlJUFJa8Xtmu
+gm78C+nwNHcFpVC70HPr3oa8U1ODXMp7L8W/dL3eLYXmRCNd0urHgYrzDt6V/zf5
+ymvPk5w4HBocn2oRCJj/FXKhFAUptmpTE3g1yvYULmuFcNGAnPAExmAmd6NqsCmb
+j/qx4ytjt5uxt6Jm6IXV9cry8i6x
+=Phs/
+-----END PGP PUBLIC KEY BLOCK-----

sources

@@ -1 +1,2 @@
-SHA512 (curl-7.67.0.tar.xz) = 1d5a344be92dd61b1ba5189eff0fe337e492f2e850794943570fe71c985d0af60bd412082be646e07aaa8639908593e1ce4bb2d07db35394ec377e8ce8b9ae29
+SHA512 (curl-7.85.0.tar.xz) = b57cc31649a4f47cc4b482f56a85c86c8e8aaeaf01bc1b51b065fdb9145a9092bc52535e52a85a66432eb163605b2edbf5bc5c33ea6e40e50f26a69ad1365cbd
+SHA512 (curl-7.85.0.tar.xz.asc) = 7022daf84b330b24112d595edee715cdeb881a4ba8a4fa7eec23aed28292e5d943af778f03aadd036d44d875f9e226096ea142d18afe516b6bdbd475fcd3aca6

tests/non-root-user-download/Makefile

@@ -1,63 +0,0 @@
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Makefile of /CoreOS/curl/Sanity/non-root-user-download
-#   Description: various download methods with non-root user
-#   Author: Karel Srot <ksrot@redhat.com>
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Copyright (c) 2013 Red Hat, Inc. All rights reserved.
-#
-#   This copyrighted material is made available to anyone wishing
-#   to use, modify, copy, or redistribute it subject to the terms
-#   and conditions of the GNU General Public License version 2.
-#
-#   This program is distributed in the hope that it will be
-#   useful, but WITHOUT ANY WARRANTY; without even the implied
-#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
-#   PURPOSE. See the GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU General Public
-#   License along with this program; if not, write to the Free
-#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
-#   Boston, MA 02110-1301, USA.
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-export TEST=/CoreOS/curl/Sanity/non-root-user-download
-export TESTVERSION=1.0
-
-BUILT_FILES=
-
-FILES=$(METADATA) runtest.sh Makefile PURPOSE
-
-.PHONY: all install download clean
-
-run: $(FILES) build
-	./runtest.sh
-
-build: $(BUILT_FILES)
-	test -x runtest.sh || chmod a+x runtest.sh
-
-clean:
-	rm -f *~ $(BUILT_FILES)
-
-
-include /usr/share/rhts/lib/rhts-make.include
-
-$(METADATA): Makefile
-	@echo "Owner:           Karel Srot <ksrot@redhat.com>" > $(METADATA)
-	@echo "Name:            $(TEST)" >> $(METADATA)
-	@echo "TestVersion:     $(TESTVERSION)" >> $(METADATA)
-	@echo "Path:            $(TEST_DIR)" >> $(METADATA)
-	@echo "Description:     various download methods with non-root user" >> $(METADATA)
-	@echo "Type:            Sanity" >> $(METADATA)
-	@echo "TestTime:        5m" >> $(METADATA)
-	@echo "RunFor:          curl" >> $(METADATA)
-	@echo "Requires:        curl" >> $(METADATA)
-	@echo "Priority:        Normal" >> $(METADATA)
-	@echo "License:         GPLv2" >> $(METADATA)
-	@echo "Confidential:    no" >> $(METADATA)
-	@echo "Destructive:     no" >> $(METADATA)
-
-	rhts-lint $(METADATA)

tests/non-root-user-download/PURPOSE

@@ -1,3 +0,0 @@
-PURPOSE of /CoreOS/curl/Sanity/non-root-user-download
-Description: various download methods with non-root user
-Author: Karel Srot <ksrot@redhat.com>

tests/non-root-user-download/main.fmf

@@ -0,0 +1,18 @@
+summary: various download methods with non-root user
+description: ''
+contact: Daniel Rusek <drusek@redhat.com>
+component:
+  - curl
+require:
+  - findutils
+  - libselinux-utils
+  - openssh-clients
+  - openssh-server
+  - passwd
+test: ./runtest.sh
+framework: beakerlib
+duration: 5m
+enabled: true
+tier: '1'
+link:
+  - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1049921

tests/non-root-user-download/runtest.sh

@@ -27,14 +27,13 @@
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 # Include Beaker environment
-. /usr/bin/rhts-environment.sh || exit 1
 . /usr/share/beakerlib/beakerlib.sh || exit 1
 
 PACKAGE="curl"
 
-FTP_URL=ftp://ftp.scientificlinux.org/linux/fedora/releases/18/Live/x86_64/Fedora-18-x86_64-Live-CHECKSUM
-HTTP_URL=https://archives.fedoraproject.org/pub/archive/fedora/linux/releases/18/Live/x86_64/Fedora-18-x86_64-Live-CHECKSUM
-CONTENT=a276e06d244e04b765f0a35532d9036ad84f340b0bdcc32e0233a8fbc31d5bed
+FTP_URL=ftp://ftp.fi.muni.cz/pub/linux/fedora/linux/releases/36/Everything/x86_64/iso/Fedora-Everything-36-1.5-x86_64-CHECKSUM
+HTTP_URL=https://archives.fedoraproject.org/pub/fedora/linux/releases/36/Everything/x86_64/iso/Fedora-Everything-36-1.5-x86_64-CHECKSUM
+CONTENT=85cb450443d68d513b41e57b0bd818a740279dac5dfc09c68e681ff8a3006404
 PASSWORD=pAssw0rd
 OPTIONS=""
 rlIsRHEL 7 && OPTIONS="--insecure"
@@ -47,9 +46,11 @@ rlJournalStart
         rlRun "useradd -m curltester" 0 "Adding the test user"
         rlRun "echo $PASSWORD | passwd --stdin curltester" 0 "Setting the password for the test user"
         rlRun "su - curltester -c 'echo $CONTENT > ~/testfile'" 0 "Creating ~curltester/testfile"
+        rlFileBackup --clean --missing-ok $HOME/.ssh /etc/hosts
+        rlRun "rm -f $HOME/.ssh/*"
         [ -d $HOME/.ssh ] || ( mkdir $HOME/.ssh && restorecon HOME/.ssh )
-        rlFileBackup $HOME/.ssh/known_hosts /etc/hosts
-        ssh-keygen -F localhost -f $HOME/.ssh/known_hosts || rlRun "ssh-keyscan localhost >> $HOME/.ssh/known_hosts"
+        rlRun "rlServiceStart sshd"
+        rlRun "ssh-keyscan localhost >> $HOME/.ssh/known_hosts"
     rlPhaseEnd
 
     rlPhaseStartTest "http download"
@@ -82,7 +83,7 @@ if ! rlIsRHEL 5; then
 fi
 
     rlPhaseStartCleanup
-        rlRun "rm -f $HOME/.ssh/known_hosts"
+        rlRun "rlServiceRestore"
         rlFileRestore
         rlRun "popd"
         rlRun "rm -r $TmpDir" 0 "Removing tmp directory"

tests/non-root-user-download/runtest.yml

@@ -1,64 +0,0 @@
-- hosts: '{{ hosts | default("localhost") }}'
-  vars:
-    package: "curl"
-  tasks:
-    - name: "Set Content variables"
-      set_fact:
-        content: "a276e06d244e04b765f0a35532d9036ad84f340b0bdcc32e0233a8fbc31d5bed"
-        password: "pAssw0rd"
-        crypt_password: "$6$/5GE87XLYLLfB3qx$w84Kct34UZG/4buTSXWkaaVIsw2xGXSAdmnS2QYdG8TtRgTsBnHdFdSkhoy.tKIE6A6LKlxczIZjQbpB19k7B1"
-    - name: "Create user curltester"
-      user: 
-        name: "curltester"
-        password: "{{ crypt_password }}"
-    - name: "Copy testfile"
-      copy:
-          dest: "/home/curltester/testfile"
-          content: "{{ content }}"
-    - block:
-      - name: "http download"
-        command: "curl https://archives.fedoraproject.org/pub/archive/fedora/linux/releases/18/Live/x86_64/Fedora-18-x86_64-Live-CHECKSUM"
-        args:
-            warn: false
-        register: http
-        become: yes
-        become_user: curltester
-      - name: "Compare http output"
-        fail:
-            msg: "{{ content }} not in {{ http.stdout }}"
-        when: content not in http.stdout
-      - name: "ftp download"
-        command: "curl ftp://ftp.scientificlinux.org/linux/fedora/releases/18/Live/x86_64/Fedora-18-x86_64-Live-CHECKSUM"
-        args:
-            warn: false
-        register: ftp
-        become: yes
-        become_user: curltester
-      - name: "Compare ftp output"
-        fail:
-            msg: "{{ content }} not in {{ ftp.stdout }}"
-        when: content not in ftp.stdout
-      - name: "scp download"
-        command: "curl -u curltester:{{ password }} --insecure scp://localhost/home/curltester/testfile"
-        args:
-            warn: false
-        register: scp
-      - name: "Compare scp output"
-        fail:
-            msg: "{{ content }} not in {{ scp.stdout }}"
-        when: content not in scp.stdout
-      - name: "sftp download"
-        command: "curl -u curltester:{{ password }} --insecure sftp://localhost/home/curltester/testfile"
-        args:
-            warn: false
-        register: sftp
-      - name: "Compare sftp output"
-        fail:
-            msg: "{{ content }} not in {{ sftp.stdout }}"
-        when: content not in sftp.stdout
-      always:
-      - name: "Remove user curltester"
-        user: 
-            name: "curltester"
-            remove: yes
-            state: absent

tests/scp-and-sftp-download-test/Makefile

@@ -1,63 +0,0 @@
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Makefile of /CoreOS/curl/Sanity/scp-and-sftp-download-test
-#   Description: downloads test file through scp and sftp
-#   Author: Karel Srot <ksrot@redhat.com>
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Copyright (c) 2012 Red Hat, Inc. All rights reserved.
-#
-#   This copyrighted material is made available to anyone wishing
-#   to use, modify, copy, or redistribute it subject to the terms
-#   and conditions of the GNU General Public License version 2.
-#
-#   This program is distributed in the hope that it will be
-#   useful, but WITHOUT ANY WARRANTY; without even the implied
-#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
-#   PURPOSE. See the GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU General Public
-#   License along with this program; if not, write to the Free
-#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
-#   Boston, MA 02110-1301, USA.
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-export TEST=/CoreOS/curl/Sanity/scp-and-sftp-download-test
-export TESTVERSION=1.0
-
-BUILT_FILES=
-
-FILES=$(METADATA) runtest.sh Makefile PURPOSE
-
-.PHONY: all install download clean
-
-run: $(FILES) build
-	./runtest.sh
-
-build: $(BUILT_FILES)
-	test -x runtest.sh || chmod a+x runtest.sh
-
-clean:
-	rm -f *~ $(BUILT_FILES)
-
-
-include /usr/share/rhts/lib/rhts-make.include
-
-$(METADATA): Makefile
-	@echo "Owner:           Karel Srot <ksrot@redhat.com>" > $(METADATA)
-	@echo "Name:            $(TEST)" >> $(METADATA)
-	@echo "TestVersion:     $(TESTVERSION)" >> $(METADATA)
-	@echo "Path:            $(TEST_DIR)" >> $(METADATA)
-	@echo "Description:     downloads test file through scp and sftp" >> $(METADATA)
-	@echo "Type:            Sanity" >> $(METADATA)
-	@echo "TestTime:        10m" >> $(METADATA)
-	@echo "RunFor:          curl" >> $(METADATA)
-	@echo "Requires:        curl openssh" >> $(METADATA)
-	@echo "Priority:        Normal" >> $(METADATA)
-	@echo "License:         GPLv2" >> $(METADATA)
-	@echo "Confidential:    no" >> $(METADATA)
-	@echo "Destructive:     no" >> $(METADATA)
-
-	rhts-lint $(METADATA)

tests/scp-and-sftp-download-test/PURPOSE

@@ -1,12 +0,0 @@
-PURPOSE of /CoreOS/curl/Sanity/scp-and-sftp-download-test
-Description: downloads test file through scp and sftp
-Author: Karel Srot <ksrot@redhat.com>
-
-Test scenario:
-- scp download
-- sftp download
-- scp upload
-- sftp upload
-
-When PUBKEY_PARAM global variable is set to 'empty' or 'none', scenarios are executed
-with empty --pubkey parameter (--pubkey "") or with the paramiter omitted

tests/scp-and-sftp-download-test/main.fmf

@@ -0,0 +1,20 @@
+summary: downloads test file through scp and sftp
+description: |
+    Test scenario:
+    - scp download
+    - sftp download
+    - scp upload
+    - sftp upload
+
+    When PUBKEY_PARAM global variable is set to 'empty' or 'none', scenarios are executed
+    with empty --pubkey parameter (--pubkey "") or with the paramiter omitted
+contact: Daniel Rusek <drusek@redhat.com>
+require:
+  - findutils
+component:
+  - curl
+test: ./runtest.sh
+path: /tests/scp-and-sftp-download-test
+framework: beakerlib
+duration: 10m
+enabled: true

tests/scp-and-sftp-download-test/runtest.sh

@@ -27,8 +27,7 @@
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 # Include Beaker environment
-. /usr/bin/rhts-environment.sh
-. /usr/lib/beakerlib/beakerlib.sh
+. /usr/share/beakerlib/beakerlib.sh || exit 1
 
 PACKAGE="curl"
 

tests/tests.yml

@@ -1,26 +0,0 @@
----
-# Tests for Classic
-- hosts: localhost
-  roles:
-  - role: standard-test-beakerlib
-    tags:
-    - classic
-    tests:
-    - scp-and-sftp-download-test
-    - non-root-user-download
-    required_packages:
-    - findutils         # non-root-user-download needs find command
-                        # scp-and-sftp-download-test needs find command
-    - passwd            # non-root-user-download needs passwd command
-    - openssh-clients   # non-root-user-download needs ssh-keyscan command
-
-# Tests for Atomic
-- hosts: localhost
-  roles:
-  - role: standard-test-beakerlib
-    tags:
-    - atomic
-    tests:
-    - scp-and-sftp-download-test
-    - non-root-user-download
-