Merge branch 'master' into private-kdudka-libcurl-minimal

keep the HTTP/2 support in libcurl-minimal, too
fixup: we use libidn2 in Fedora curl now
2017-04-12 10:35:14 +02:00 · 2017-04-05 17:04:59 +02:00 · 2017-04-05 16:26:47 +02:00 · 2017-04-05 14:17:50 +02:00 · 2017-03-14 14:22:08 +01:00 · 2017-03-14 14:00:15 +01:00
20 changed files with 334 additions and 1250 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1 @@
 /curl-[0-9.]*.tar.lzma
-/curl-[0-9.]*.tar.xz
--- a/0001-curl-7.53.1-CVE-2017-7407.patch
+++ b/0001-curl-7.53.1-CVE-2017-7407.patch
@ -0,0 +1,225 @@
+From eb160abce0ac45a8e070d9fa995c61a416a58ddd Mon Sep 17 00:00:00 2001
+From: Dan Fandrich <dan@coneharvesters.com>
+Date: Sat, 11 Mar 2017 10:59:34 +0100
+Subject: [PATCH 1/2] tool_writeout: fixed a buffer read overrun on --write-out
+
+If a % ended the statement, the string's trailing NUL would be skipped
+and memory past the end of the buffer would be accessed and potentially
+displayed as part of the --write-out output. Added tests 1440 and 1441
+to check for this kind of condition.
+
+Reported-by: Brian Carpenter
+
+Upstream-commit: 1890d59905414ab84a35892b2e45833654aa5c13
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ src/tool_writeout.c     |  2 +-
+ tests/data/Makefile.inc |  2 +-
+ tests/data/test1440     | 31 +++++++++++++++++++++++++++++++
+ tests/data/test1441     | 31 +++++++++++++++++++++++++++++++
+ 4 files changed, 64 insertions(+), 2 deletions(-)
+ create mode 100644 tests/data/test1440
+ create mode 100644 tests/data/test1441
+
+diff --git a/src/tool_writeout.c b/src/tool_writeout.c
+index 2fb7774..7843182 100644
+--- a/src/tool_writeout.c
+++ b/src/tool_writeout.c
+@@ -113,7 +113,7 @@ void ourWriteOut(CURL *curl, struct OutStruct *outs, const char *writeinfo)
+   double doubleinfo;
+ 
+   while(ptr && *ptr) {
+-    if('%' == *ptr) {
+    if('%' == *ptr && ptr[1]) {
+       if('%' == ptr[1]) {
+         /* an escaped %-letter */
+         fputc('%', stream);
+diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
+index 8251ab9..2e70895 100644
+--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
+@@ -151,7 +151,7 @@ test1408 test1409 test1410 test1411 test1412 test1413 test1414 test1415 \
+ test1416 test1417 test1418 test1419 test1420 test1421 test1422 test1423 \
+ test1424 \
+ test1428 test1429 test1430 test1431 test1432 test1433 test1434 test1435 \
+-test1436 test1437 test1438 test1439 \
+test1436 test1437 test1438 test1439 test1440 test1441 \
+ \
+ test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1507 \
+ test1508 test1509 test1510 test1511 test1512 test1513 test1514 test1515 \
+diff --git a/tests/data/test1440 b/tests/data/test1440
+new file mode 100644
+index 0000000..7ed0c4d
+--- /dev/null
+++ b/tests/data/test1440
+@@ -0,0 +1,31 @@
+<testcase>
+<info>
+<keywords>
+--write-out
+</keywords>
+</info>
+# Server-side
+<reply>
+</reply>
+
+# Client-side
+<client>
+<server>
+file
+</server>
+
+<name>
+Check --write-out with trailing %{
+</name>
+<command>
+file://localhost/%PWD/log/ --write-out '%{'
+</command>
+</client>
+
+# Verify data
+<verify>
+<stdout nonewline="yes">
+%{
+</stdout>
+</verify>
+</testcase>
+diff --git a/tests/data/test1441 b/tests/data/test1441
+new file mode 100644
+index 0000000..6e253a6
+--- /dev/null
+++ b/tests/data/test1441
+@@ -0,0 +1,31 @@
+<testcase>
+<info>
+<keywords>
+--write-out
+</keywords>
+</info>
+# Server-side
+<reply>
+</reply>
+
+# Client-side
+<client>
+<server>
+file
+</server>
+
+<name>
+Check --write-out with trailing %
+</name>
+<command>
+file://localhost/%PWD/log/ --write-out '%'
+</command>
+</client>
+
+# Verify data
+<verify>
+<stdout nonewline="yes">
+%
+</stdout>
+</verify>
+</testcase>
+-- 
+2.9.3
+
+
+From 67bee1434a17065da7db3fc2915c494f289f46de Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Fri, 24 Mar 2017 10:14:21 +0100
+Subject: [PATCH 2/2] curl: check for end of input in writeout backslash
+ handling
+
+Reported-by: Brian Carpenter
+
+Added test 1442 to verify
+
+Upstream-commit: 8e65877870c1fac920b65219adec720df810aab9
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ src/tool_writeout.c     |  4 ++--
+ tests/data/Makefile.inc |  2 +-
+ tests/data/test1442     | 35 +++++++++++++++++++++++++++++++++++
+ 3 files changed, 38 insertions(+), 3 deletions(-)
+ create mode 100644 tests/data/test1442
+
+diff --git a/src/tool_writeout.c b/src/tool_writeout.c
+index 7843182..5d92bd2 100644
+--- a/src/tool_writeout.c
+++ b/src/tool_writeout.c
+@@ -5,7 +5,7 @@
+  *                            | (__| |_| |  _ <| |___
+  *                             \___|\___/|_| \_\_____|
+  *
+- * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+  *
+  * This software is licensed as described in the file COPYING, which
+  * you should have received as part of this distribution. The terms
+@@ -341,7 +341,7 @@ void ourWriteOut(CURL *curl, struct OutStruct *outs, const char *writeinfo)
+         }
+       }
+     }
+-    else if('\\' == *ptr) {
+    else if('\\' == *ptr && ptr[1]) {
+       switch(ptr[1]) {
+       case 'r':
+         fputc('\r', stream);
+diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
+index 2e70895..267ff6a 100644
+--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
+@@ -151,7 +151,7 @@ test1408 test1409 test1410 test1411 test1412 test1413 test1414 test1415 \
+ test1416 test1417 test1418 test1419 test1420 test1421 test1422 test1423 \
+ test1424 \
+ test1428 test1429 test1430 test1431 test1432 test1433 test1434 test1435 \
+-test1436 test1437 test1438 test1439 test1440 test1441 \
+test1436 test1437 test1438 test1439 test1440 test1441 test1442 \
+ \
+ test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1507 \
+ test1508 test1509 test1510 test1511 test1512 test1513 test1514 test1515 \
+diff --git a/tests/data/test1442 b/tests/data/test1442
+new file mode 100644
+index 0000000..255a4c9
+--- /dev/null
+++ b/tests/data/test1442
+@@ -0,0 +1,35 @@
+<testcase>
+<info>
+<keywords>
+--write-out
+FILE
+</keywords>
+</info>
+# Server-side
+<reply>
+</reply>
+
+# Client-side
+<client>
+<server>
+file
+</server>
+
+<name>
+Check --write-out with trailing \
+</name>
+<command>
+file://localhost/%PWD/log/non-existent-file.txt --write-out '\'
+</command>
+</client>
+
+# Verify data
+<verify>
+<errorcode>
+37
+</errorcode>
+<stdout nonewline="yes">
+\
+</stdout>
+</verify>
+</testcase>
+-- 
+2.9.3
+
--- a/0001-curl-7.67.0-upload-glob.patch
+++ b/0001-curl-7.67.0-upload-glob.patch
@ -1,316 +0,0 @@
-From 37a36231c5e34ae31b1968481fad2e8d76613fbd Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Wed, 13 Nov 2019 11:33:29 +0100
-Subject: [PATCH] curl: fix -T globbing
-
-Regression from e59371a4936f8 (7.67.0)
-
-Added test 490, 491 and 492 to verify the functionality.
-
-Reported-by: Kamil Dudka
-Reported-by: Anderson Sasaki
-
-Fixes #4588
-Closes #4591
-
-Upstream-commit: 7a46aeb0be3fa00826b0c47a8bc06eddff448659
-Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
- src/tool_operate.c      | 15 ++++---
- tests/data/Makefile.inc |  2 +
- tests/data/test490      | 68 +++++++++++++++++++++++++++++++
- tests/data/test491      | 64 +++++++++++++++++++++++++++++
- tests/data/test492      | 89 +++++++++++++++++++++++++++++++++++++++++
- 5 files changed, 232 insertions(+), 6 deletions(-)
- create mode 100644 tests/data/test490
- create mode 100644 tests/data/test491
- create mode 100644 tests/data/test492
-
-diff --git a/src/tool_operate.c b/src/tool_operate.c
-index 3087d2d..4ecb1ed 100644
--- a/src/tool_operate.c
-+++ b/src/tool_operate.c
-@@ -829,12 +829,6 @@ static CURLcode single_transfer(struct GlobalConfig *global,
-       separator = ((!state->outfiles ||
-                     !strcmp(state->outfiles, "-")) && urlnum > 1);
- 
-      /* Here's looping around each globbed URL */
-
-      if(state->li >= urlnum) {
-        state->li = 0;
-        state->up++;
-      }
-       if(state->up < state->infilenum) {
-         struct per_transfer *per;
-         struct OutStruct *outs;
-@@ -1908,6 +1902,15 @@ static CURLcode single_transfer(struct GlobalConfig *global,
-         per->retrystart = tvnow();
- 
-         state->li++;
-+        /* Here's looping around each globbed URL */
-+        if(state->li >= urlnum) {
-+          state->li = 0;
-+          state->urlnum = 0; /* forced reglob of URLs */
-+          glob_cleanup(state->urls);
-+          state->urls = NULL;
-+          state->up++;
-+          Curl_safefree(state->uploadfile); /* clear it to get the next */
-+        }
-       }
-       else {
-         /* Free this URL node data without destroying the
-diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
-index 557f928..212900e 100644
--- a/tests/data/Makefile.inc
-+++ b/tests/data/Makefile.inc
-@@ -66,6 +66,8 @@ test393 test394 test395 \
- test400 test401 test402 test403 test404 test405 test406 test407 test408 \
- test409 \
- \
-+test490 test491 test492 \
-+\
- test500 test501 test502 test503 test504 test505 test506 test507 test508 \
- test509 test510 test511 test512 test513 test514 test515 test516 test517 \
- test518 test519 test520 test521 test522 test523 test524 test525 test526 \
-diff --git a/tests/data/test490 b/tests/data/test490
-new file mode 100644
-index 0000000..a3383a9
--- /dev/null
-+++ b/tests/data/test490
-@@ -0,0 +1,68 @@
-+<testcase>
-+<info>
-+<keywords>
-+HTTP
-+HTTP PUT
-+</keywords>
-+</info>
-+
-+#
-+# Server-side
-+<reply>
-+<data>
-+HTTP/1.1 200 OK
-+Date: Thu, 09 Nov 2010 14:49:00 GMT
-+Server: test-server/fake
-+Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
-+ETag: "21025-dc7-39462498"
-+Accept-Ranges: bytes
-+Content-Length: 6
-+Connection: close
-+Content-Type: text/html
-+Funny-head: yesyes
-+
-+-foo-
-+</data>
-+</reply>
-+
-+#
-+# Client-side
-+<client>
-+<server>
-+http
-+</server>
-+ <name>
-+Two globbed HTTP PUTs
-+ </name>
-+ <command>
-+http://%HOSTIP:%HTTPPORT/490 -T '{log/in490,log/in490}'
-+</command>
-+<file name="log/in490">
-+surprise!
-+</file>
-+</client>
-+
-+#
-+# Verify data after the test has been "shot"
-+<verify>
-+<strip>
-+^User-Agent:.*
-+</strip>
-+<protocol>
-+PUT /490 HTTP/1.1
-+Host: 127.0.0.1:8990
-+Accept: */*
-+Content-Length: 10
-+Expect: 100-continue
-+
-+surprise!
-+PUT /490 HTTP/1.1
-+Host: 127.0.0.1:8990
-+Accept: */*
-+Content-Length: 10
-+Expect: 100-continue
-+
-+surprise!
-+</protocol>
-+</verify>
-+</testcase>
-diff --git a/tests/data/test491 b/tests/data/test491
-new file mode 100644
-index 0000000..b49c06c
--- /dev/null
-+++ b/tests/data/test491
-@@ -0,0 +1,64 @@
-+<testcase>
-+<info>
-+<keywords>
-+HTTP
-+HTTP PUT
-+</keywords>
-+</info>
-+
-+#
-+# Server-side
-+<reply>
-+<data>
-+HTTP/1.1 200 OK
-+Date: Thu, 09 Nov 2010 14:49:00 GMT
-+Server: test-server/fake
-+Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
-+ETag: "21025-dc7-39462498"
-+Accept-Ranges: bytes
-+Content-Length: 6
-+Connection: close
-+Content-Type: text/html
-+Funny-head: yesyes
-+
-+-foo-
-+</data>
-+</reply>
-+
-+#
-+# Client-side
-+<client>
-+<server>
-+http
-+</server>
-+ <name>
-+Two globbed HTTP PUTs, the second upload file is missing
-+ </name>
-+ <command>
-+http://%HOSTIP:%HTTPPORT/491 -T '{log/in491,log/bad491}'
-+</command>
-+<file name="log/in491">
-+surprise!
-+</file>
-+</client>
-+
-+#
-+# Verify data after the test has been "shot"
-+<verify>
-+<strip>
-+^User-Agent:.*
-+</strip>
-+<protocol>
-+PUT /491 HTTP/1.1
-+Host: 127.0.0.1:8990
-+Accept: */*
-+Content-Length: 10
-+Expect: 100-continue
-+
-+surprise!
-+</protocol>
-+<errorcode>
-+26
-+</errorcode>
-+</verify>
-+</testcase>
-diff --git a/tests/data/test492 b/tests/data/test492
-new file mode 100644
-index 0000000..12edd8b
--- /dev/null
-+++ b/tests/data/test492
-@@ -0,0 +1,89 @@
-+<testcase>
-+<info>
-+<keywords>
-+HTTP
-+HTTP PUT
-+</keywords>
-+</info>
-+
-+#
-+# Server-side
-+<reply>
-+<data>
-+HTTP/1.1 200 OK
-+Date: Thu, 09 Nov 2010 14:49:00 GMT
-+Server: test-server/fake
-+Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
-+ETag: "21025-dc7-39462498"
-+Accept-Ranges: bytes
-+Content-Length: 6
-+Connection: close
-+Content-Type: text/html
-+Funny-head: yesyes
-+
-+-foo-
-+</data>
-+</reply>
-+
-+#
-+# Client-side
-+<client>
-+<server>
-+http
-+</server>
-+ <name>
-+Two globbed HTTP PUTs to two globbed URLs
-+ </name>
-+ <command>
-+'http://%HOSTIP:%HTTPPORT/{one,two}/' -T '{log/first492,log/second492}' -H "Testno: 492"
-+</command>
-+<file name="log/first492">
-+first 492 contents
-+</file>
-+<file1 name="log/second492">
-+second 492 contents
-+</file1>
-+</client>
-+
-+#
-+# Verify data after the test has been "shot"
-+<verify>
-+<strip>
-+^User-Agent:.*
-+</strip>
-+<protocol>
-+PUT /one/first492 HTTP/1.1
-+Host: 127.0.0.1:8990
-+Accept: */*
-+Testno: 492
-+Content-Length: 19
-+Expect: 100-continue
-+
-+first 492 contents
-+PUT /two/first492 HTTP/1.1
-+Host: 127.0.0.1:8990
-+Accept: */*
-+Testno: 492
-+Content-Length: 19
-+Expect: 100-continue
-+
-+first 492 contents
-+PUT /one/second492 HTTP/1.1
-+Host: 127.0.0.1:8990
-+Accept: */*
-+Testno: 492
-+Content-Length: 20
-+Expect: 100-continue
-+
-+second 492 contents
-+PUT /two/second492 HTTP/1.1
-+Host: 127.0.0.1:8990
-+Accept: */*
-+Testno: 492
-+Content-Length: 20
-+Expect: 100-continue
-+
-+second 492 contents
-+</protocol>
-+</verify>
-+</testcase>
-- 
-2.20.1
-
--- a/0101-curl-7.32.0-multilib.patch
+++ b/0101-curl-7.32.0-multilib.patch
@ -13,7 +13,7 @@ diff --git a/curl-config.in b/curl-config.in
 index 150004d..95d0759 100644
 --- a/curl-config.in
 +++ b/curl-config.in
-@@ -76,7 +76,7 @@ while test $# -gt 0; do
+@@ -75,7 +75,7 @@ while test $# -gt 0; do
         ;;
 
     --cc)
@ -22,7 +22,7 @@ index 150004d..95d0759 100644
         ;;
 
     --prefix)
-@@ -155,32 +155,17 @@ while test $# -gt 0; do
+@@ -142,29 +142,14 @@ while test $# -gt 0; do
         ;;
 
     --libs)
@ -38,9 +38,6 @@ index 150004d..95d0759 100644
 -        fi
 +        echo -lcurl
         ;;
-     --ssl-backends)
-         echo "@SSL_BACKENDS@"
-         ;;
 
     --static-libs)
 -        if test "X@ENABLE_STATIC@" != "Xno" ; then
@ -61,8 +58,8 @@ diff --git a/docs/curl-config.1 b/docs/curl-config.1
 index 14a9d2b..ffcc004 100644
 --- a/docs/curl-config.1
 +++ b/docs/curl-config.1
-@@ -70,7 +70,9 @@ no, one or several names. If more than one name, they will appear
- comma-separated. (Added in 7.58.0)
+@@ -65,7 +65,9 @@ be listed using uppercase and are separated by newlines. There may be none,
+ one, or several protocols in the list. (Added in 7.13.0)
 .IP "--static-libs"
 Shows the complete set of libs and other linker options you will need in order
 -to link your application with libcurl statically. (Added in 7.17.1)
--- a/0102-curl-7.36.0-debug.patch
+++ b/0102-curl-7.36.0-debug.patch
@ -12,7 +12,7 @@ diff --git a/configure b/configure
 index 8f079a3..53b4774 100755
 --- a/configure
 +++ b/configure
-@@ -16331,18 +16331,11 @@ $as_echo "yes" >&6; }
+@@ -16623,18 +16623,11 @@ $as_echo "yes" >&6; }
     gccvhi=`echo $gccver | cut -d . -f1`
     gccvlo=`echo $gccver | cut -d . -f2`
     compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`
@ -27,7 +27,7 @@ index 8f079a3..53b4774 100755
 +    flags_dbg_all=""
     flags_dbg_yes="-g"
     flags_dbg_off=""
-    flags_opt_all="-O -O0 -O1 -O2 -O3 -Os -Og -Ofast"
+-    flags_opt_all="-O -O0 -O1 -O2 -O3 -Os"
 -    flags_opt_yes="-O2"
 +    flags_opt_all=""
 +    flags_opt_yes=""
@ -38,7 +38,7 @@ diff --git a/m4/curl-compilers.m4 b/m4/curl-compilers.m4
 index 0cbba7a..9175b5b 100644
 --- a/m4/curl-compilers.m4
 +++ b/m4/curl-compilers.m4
-@@ -166,18 +166,11 @@ AC_DEFUN([CURL_CHECK_COMPILER_GNU_C], [
+@@ -148,18 +148,11 @@ AC_DEFUN([CURL_CHECK_COMPILER_GNU_C], [
     gccvhi=`echo $gccver | cut -d . -f1`
     gccvlo=`echo $gccver | cut -d . -f2`
     compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`
@ -53,7 +53,7 @@ index 0cbba7a..9175b5b 100644
 +    flags_dbg_all=""
     flags_dbg_yes="-g"
     flags_dbg_off=""
-    flags_opt_all="-O -O0 -O1 -O2 -O3 -Os -Og -Ofast"
+-    flags_opt_all="-O -O0 -O1 -O2 -O3 -Os"
 -    flags_opt_yes="-O2"
 +    flags_opt_all=""
 +    flags_opt_yes=""
--- a/0103-curl-7.59.0-python3.patch
+++ b/0103-curl-7.59.0-python3.patch
@ -1,34 +0,0 @@
-From 3c4c7340e455b7256c0786759422f34ec3e2d440 Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Thu, 15 Mar 2018 14:49:56 +0100
-Subject: [PATCH] tests/{negtelnet,smb}server.py: migrate to Python 3
-
-Unfortunately, smbserver.py does not work with Python 3 because
-there is no 'impacket' module available for Python 3:
-
-https://github.com/CoreSecurity/impacket/issues/61
---
- tests/negtelnetserver.py | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/tests/negtelnetserver.py b/tests/negtelnetserver.py
-index 8cfd409..72ee771 100755
--- a/tests/negtelnetserver.py
-+++ b/tests/negtelnetserver.py
-@@ -73,11 +73,11 @@ class NegotiatingTelnetHandler(socketserver.BaseRequestHandler):
-                 response_data = response.encode('ascii')
-             else:
-                 log.debug("Received normal request - echoing back")
-                response_data = data.strip()
-+                response_data = data.decode('utf8').strip()
- 
-             if response_data:
-                 log.debug("Sending %r", response_data)
-                self.request.sendall(response_data)
-+                self.request.sendall(response_data.encode('utf8'))
- 
-         except IOError:
-             log.exception("IOError hit during request")
-- 
-2.14.3
-
--- a/0104-curl-7.19.7-localhost6.patch
+++ b/0104-curl-7.19.7-localhost6.patch
@ -14,8 +14,8 @@ index e441278..b0958b6 100644
 +-g "http://%HOST6IP:%HTTP6PORT/1083" --interface localhost6
 </command>
 <precheck>
-perl -e "if ('%CLIENT6IP' ne '[::1]') {print 'Test requires default test client host address';} else {exec './server/resolve --ipv6 ip6-localhost'; print 'Cannot run precheck resolve';}"
-+perl -e "if ('%CLIENT6IP' ne '[::1]') {print 'Test requires default test client host address';} else {exec './server/resolve --ipv6 localhost6'; print 'Cannot run precheck resolve';}"
+-perl -e "if ('%CLIENT6IP' ne '[::1]') {print 'Test requires default test server host address';} else {exec './server/resolve --ipv6 ip6-localhost'; print 'Cannot run precheck resolve';}"
+perl -e "if ('%CLIENT6IP' ne '[::1]') {print 'Test requires default test server host address';} else {exec './server/resolve --ipv6 localhost6'; print 'Cannot run precheck resolve';}"
 </precheck>
 </client>
 
--- a/0105-curl-7.63.0-lib1560-valgrind.patch
+++ b/0105-curl-7.63.0-lib1560-valgrind.patch
@ -1,39 +0,0 @@
-From f55cca0e86f59ec11ffafd5c0503c39ca3723e2e Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Mon, 4 Feb 2019 17:32:56 +0100
-Subject: [PATCH] libtest: compile lib1560.c with -fno-builtin-strcmp
-
-... to prevent valgrind from reporting false positives on x86_64:
-
-Conditional jump or move depends on uninitialised value(s)
-   at 0x10BCAA: part2id (lib1560.c:489)
-   by 0x10BCAA: updateurl (lib1560.c:521)
-   by 0x10BCAA: set_parts (lib1560.c:630)
-   by 0x10BCAA: test (lib1560.c:802)
-   by 0x4923412: (below main) (in /usr/lib64/libc-2.28.9000.so)
-
-Conditional jump or move depends on uninitialised value(s)
-   at 0x10BCC3: part2id (lib1560.c:491)
-   by 0x10BCC3: updateurl (lib1560.c:521)
-   by 0x10BCC3: set_parts (lib1560.c:630)
-   by 0x10BCC3: test (lib1560.c:802)
-   by 0x4923412: (below main) (in /usr/lib64/libc-2.28.9000.so)
---
- tests/libtest/Makefile.inc | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc
-index 080421b..ea3b806 100644
--- a/tests/libtest/Makefile.inc
-+++ b/tests/libtest/Makefile.inc
-@@ -534,6 +534,7 @@ lib1559_SOURCES = lib1559.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
- lib1559_LDADD = $(TESTUTIL_LIBS)
- 
- lib1560_SOURCES = lib1560.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
-+lib1560_CFLAGS = $(AM_CFLAGS) -fno-builtin-strcmp
- lib1560_LDADD = $(TESTUTIL_LIBS)
- 
- lib1591_SOURCES = lib1591.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
-- 
-2.17.2
-
--- a/curl-7.53.1.tar.lzma.asc
+++ b/curl-7.53.1.tar.lzma.asc
@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAliv5c0ACgkQXMkI/bce
+EsIhQAf+MnT0c/mIi2ADpOgYq4+3Hf8hypkuWkICSWwyH8j2mRJCRDPO3yAOU8U9
+RlVEzPm+Tb13zCLWPLgRu1T75YMHPwJ6+q9wnNNGzBFJ5ShWs/JxL1rhj21ZFQoA
+3l/as6qm8iXkbZOfePWNbgr7W+NyasxHjf9L6O31oWauY3X9FYLcYr9nzUTFHFSh
+gzOAxb7/oYkZTtYccvRSI75Eohqi2kSx6gAkMhcWwbqU1QCU80c+vX2PlptaPNP/
+GGpe3IH66q8v/ExfIL/Tu6LfhdV+ulP2c3m++dYiOvT3wUMSuqHt0WzosOHEUjh5
+SFi75fQRJLkA0fn/3luoj9B+PO7G8g==
+=xg39
+-----END PGP SIGNATURE-----
--- a/curl-7.67.0.tar.xz.asc
+++ b/curl-7.67.0.tar.xz.asc
@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAl3CauAACgkQXMkI/bce
-EsKe7Qf+Py/Wufz3AqqpJ1Xr0oigaV1Sa5AAyRD+KX8jwSJTRaRahaECGMhmR9vh
-kBaMFtycctCKcK1masI9GSeTX5nCtmaWzELLsBXynm/l2W+hrW1AD2R++YuM384t
-O078GxgsgRH0m8MacSKoV5yPOv/h9URnVMTavkAIfnW50vw17akDZ9MW2NhJzKpP
-s6GgWTMB5gomTHlnlHjTjtNoVbKKrV4v9YyRwqzI3XHXYtYOA7iufP4wnT+dpSm5
-ZLdbg5Nq+1pCTEiMg3KZKYNriypoLJuWuSF+bKc54CGN63eoUxXgU6js9ViHS5JS
-3dPfzzRA8wgROem58QhHnrR9c2CmdQ==
-=5gov
-----END PGP SIGNATURE-----
--- a/curl.spec
+++ b/curl.spec
@ -1,12 +1,13 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
-Version: 7.67.0
-Release: 2%{?dist}
+Version: 7.53.1
+Release: 3.6%{?dist}
 License: MIT
-Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz
+Group: Applications/Internet
+Source: https://curl.haxx.se/download/%{name}-%{version}.tar.lzma

-# fix infinite loop on upload using a glob (#1771025)
-Patch1:   0001-curl-7.67.0-upload-glob.patch
+# fix out of bounds read in curl --write-out (CVE-2017-7407)
+Patch1:   0001-curl-7.53.1-CVE-2017-7407.patch

 # patch making libcurl multilib ready
 Patch101: 0101-curl-7.32.0-multilib.patch
@ -14,53 +15,30 @@ Patch101: 0101-curl-7.32.0-multilib.patch
 # prevent configure script from discarding -g in CFLAGS (#496778)
 Patch102: 0102-curl-7.36.0-debug.patch

-# migrate tests/http_pipe.py to Python 3
-Patch103: 0103-curl-7.59.0-python3.patch
-
 # use localhost6 instead of ip6-localhost in the curl test-suite
 Patch104: 0104-curl-7.19.7-localhost6.patch

-# prevent valgrind from reporting false positives on x86_64
-Patch105: 0105-curl-7.63.0-lib1560-valgrind.patch
-
-Provides: curl-full = %{version}-%{release}
 Provides: webclient
 URL: https://curl.haxx.se/
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(id -nu)
 BuildRequires: automake
-BuildRequires: brotli-devel
-BuildRequires: coreutils
-BuildRequires: gcc
 BuildRequires: groff
 BuildRequires: krb5-devel
 BuildRequires: libidn2-devel
 BuildRequires: libmetalink-devel
 BuildRequires: libnghttp2-devel
 BuildRequires: libpsl-devel
-BuildRequires: libssh-devel
-BuildRequires: make
+BuildRequires: libssh2-devel
+BuildRequires: multilib-rpm-config
 BuildRequires: openldap-devel
+BuildRequires: openssl-devel
 BuildRequires: openssh-clients
 BuildRequires: openssh-server
-BuildRequires: openssl-devel
-BuildRequires: perl-interpreter
 BuildRequires: pkgconfig
-BuildRequires: python3-devel
-BuildRequires: sed
+BuildRequires: python
 BuildRequires: stunnel
 BuildRequires: zlib-devel

-# needed to compress content of tool_hugehelp.c after changing curl.1 man page
-BuildRequires: perl(IO::Compress::Gzip)
-
-# needed for generation of shell completions
-BuildRequires: perl(Getopt::Long)
-BuildRequires: perl(Pod::Usage)
-BuildRequires: perl(strict)
-BuildRequires: perl(warnings)
-
-# gnutls-serv is used by the upstream test-suite
-BuildRequires: gnutls-utils
-
 # nghttpx (an HTTP/2 proxy) is used by the upstream test-suite
 BuildRequires: nghttp2

@ -73,34 +51,27 @@ BuildRequires: perl(File::Copy)
 BuildRequires: perl(File::Spec)
 BuildRequires: perl(IPC::Open2)
 BuildRequires: perl(MIME::Base64)
+BuildRequires: perl(strict)
 BuildRequires: perl(Time::Local)
 BuildRequires: perl(Time::HiRes)
+BuildRequires: perl(warnings)
 BuildRequires: perl(vars)

-# The test-suite runs automatically through valgrind if valgrind is available
+# The test-suite runs automatically trough valgrind if valgrind is available
 # on the system.  By not installing valgrind into mock's chroot, we disable
 # this feature for production builds on architectures where valgrind is known
 # to be less reliable, in order to avoid unnecessary build failures (see RHBZ
 # #810992, #816175, and #886891).  Nevertheless developers are free to install
 # valgrind manually to improve test coverage on any architecture.
-%ifarch x86_64
+%ifarch x86_64 %{ix86}
 BuildRequires: valgrind
 %endif

-# using an older version of libcurl could result in CURLE_UNKNOWN_OPTION
-Requires: libcurl%{?_isa} >= %{version}-%{release}
+Requires: libcurl%{?_isa} = %{version}-%{release}

-# require at least the version of libpsl that we were built against,
-# to ensure that we have the necessary symbols available (#1631804)
-%global libpsl_version %(pkg-config --modversion libpsl 2>/dev/null || echo 0)
-
-# require at least the version of libssh that we were built against,
+# require at least the version of libssh2 that we were built against,
 # to ensure that we have the necessary symbols available (#525002, #642796)
-%global libssh_version %(pkg-config --modversion libssh 2>/dev/null || echo 0)
-
-# require at least the version of openssl-libs that we were built against,
-# to ensure that we have the necessary symbols available (#1462184, #1462211)
-%global openssl_version %(pkg-config --modversion openssl 2>/dev/null || echo 0)
+%global libssh2_version %(pkg-config --modversion libssh2 2>/dev/null || echo 0)

 %description
 curl is a command line tool for transferring data with URL syntax, supporting
@ -112,11 +83,8 @@ resume, proxy tunneling and a busload of other useful tricks.

 %package -n libcurl
 Summary: A library for getting files from web servers
-Requires: libpsl%{?_isa} >= %{libpsl_version}
-Requires: libssh%{?_isa} >= %{libssh_version}
-Requires: openssl-libs%{?_isa} >= 1:%{openssl_version}
-Provides: libcurl-full = %{version}-%{release}
-Provides: libcurl-full%{?_isa} = %{version}-%{release}
+Group: Development/Libraries
+Requires: libssh2%{?_isa} >= %{libssh2_version}

 %description -n libcurl
 libcurl is a free and easy-to-use client-side URL transfer library, supporting
@ -128,8 +96,19 @@ resume, http proxy tunneling and more.

 %package -n libcurl-devel
 Summary: Files needed for building applications with libcurl
+Group: Development/Libraries
 Requires: libcurl%{?_isa} = %{version}-%{release}

+# From Fedora 14, %%{_datadir}/aclocal is included in the filesystem package
+%if 0%{?fedora} < 14
+Requires: %{_datadir}/aclocal
+%endif
+
+# From Fedora 11, RHEL-6, pkgconfig dependency is auto-detected
+%if 0%{?fedora} < 11 && 0%{?rhel} < 6
+Requires: pkgconfig
+%endif
+
 Provides: curl-devel = %{version}-%{release}
 Provides: curl-devel%{?_isa} = %{version}-%{release}
 Obsoletes: curl-devel < %{version}-%{release}
@ -140,14 +119,11 @@ developing programs which use the libcurl library. It contains the API
 documentation of the library, too.

 %package -n curl-minimal
-Summary: Conservatively configured build of curl for minimal installations
+Summary: Conservatively configured build of curl for minimal installations.
 Provides: curl = %{version}-%{release}
 Conflicts: curl
 RemovePathPostfixes: .minimal

-# using an older version of libcurl could result in CURLE_UNKNOWN_OPTION
-Requires: libcurl%{?_isa} >= %{version}-%{release}
-
 %description -n curl-minimal
 This is a replacement of the 'curl' package for minimal installations.  It
 comes with a limited set of features compared to the 'curl' package.  On the
@ -155,14 +131,10 @@ other hand, the package is smaller and requires fewer run-time dependencies to
 be installed.

 %package -n libcurl-minimal
-Summary: Conservatively configured build of libcurl for minimal installations
-Requires: openssl-libs%{?_isa} >= 1:%{openssl_version}
-Provides: libcurl = %{version}-%{release}
+Summary: Conservatively configured build of libcurl for minimal installations.
 Provides: libcurl%{?_isa} = %{version}-%{release}
 Conflicts: libcurl
 RemovePathPostfixes: .minimal
-# needed for RemovePathPostfixes to work with shared libraries
-%undefine __brp_ldconfig

 %description -n libcurl-minimal
 This is a replacement of the 'libcurl' package for minimal installations.  It
@ -179,38 +151,27 @@ be installed.
 # Fedora patches
 %patch101 -p1
 %patch102 -p1
-%patch103 -p1
 %patch104 -p1
-%patch105 -p1
-
-# make tests/*.py use Python 3
-sed -e '1 s|^#!/.*python|#!%{__python3}|' -i tests/*.py

 # regenerate Makefile.in files
 aclocal -I m4
 automake

-# disable test 1112 (#565305), test 1455 (occasionally fails with 'bind failed
-# with errno 98: Address already in use' in Koji environment), and test 1801
+# disable test 1112 (#565305) and test 1801
 # <https://github.com/bagder/curl/commit/21e82bd6#commitcomment-12226582>
-# and test 1900, which is flaky and covers a deprecated feature of libcurl
-# <https://github.com/curl/curl/pull/2705>
-printf "1112\n1455\n1801\n1900\n" >> tests/data/DISABLED
+# and test 2033, which is a flaky test for HTTP/1 pipelining
+printf "1112\n1801\n2033\n" >> tests/data/DISABLED

 # disable test 1319 on ppc64 (server times out)
 %ifarch ppc64
 echo "1319" >> tests/data/DISABLED
 %endif

-# temporarily disable test 582 on s390x (client times out)
-%ifarch s390x
-echo "582" >> tests/data/DISABLED
-%endif
-
-# adapt test 323 for updated OpenSSL
-sed -e 's/^35$/35,52/' -i tests/data/test323
+# temporarily disable failing libidn2 test-cases
+printf "1034\n1035\n2046\n2047\n" >> tests/data/DISABLED

 %build
+[ -x /usr/kerberos/bin/krb5-config ] && KRB5_PREFIX="=/usr/kerberos"
 mkdir build-{full,minimal}
 export common_configure_opts=" \
    --cache-file=../config.cache \
@ -218,9 +179,10 @@ export common_configure_opts=" \
    --enable-symbol-hiding \
    --enable-ipv6 \
    --enable-threaded-resolver \
-    --with-gssapi \
+    --with-ca-bundle=%{_sysconfdir}/pki/tls/certs/ca-bundle.crt \
+    --with-gssapi${KRB5_PREFIX} \
    --with-nghttp2 \
-    --with-ssl --with-ca-bundle=%{_sysconfdir}/pki/tls/certs/ca-bundle.crt"
+    --with-ssl"

 %global _configure ../configure

@ -231,11 +193,10 @@ export common_configure_opts=" \
        --disable-ldap \
        --disable-ldaps \
        --disable-manual \
-        --without-brotli \
        --without-libidn2 \
        --without-libmetalink \
        --without-libpsl \
-        --without-libssh
+        --without-libssh2
 )

 # configure full build
@ -245,11 +206,10 @@ export common_configure_opts=" \
        --enable-ldap \
        --enable-ldaps \
        --enable-manual \
-        --with-brotli \
        --with-libidn2 \
        --with-libmetalink \
        --with-libpsl \
-        --with-libssh
+        --with-libssh2
 )

 # avoid using rpath
@ -269,14 +229,15 @@ export LD_LIBRARY_PATH
 cd build-full/tests
 make %{?_smp_mflags} V=1

-# relax crypto policy for the test-suite to make it pass again (#1610888)
-export OPENSSL_SYSTEM_CIPHERS_OVERRIDE=XXX
-export OPENSSL_CONF=
+# TODO: fix tests/manpage-scan.pl upstream to support out of source tree builds
+ln -s ../../docs/curl.1 ../docs

 # run the upstream test-suite
 srcdir=../../tests perl -I../../tests ../../tests/runtests.pl -a -p -v '!flaky'

 %install
+rm -rf $RPM_BUILD_ROOT
+
 # install and rename the library that will be packaged as libcurl-minimal
 make DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p" install -C build-minimal/lib
 rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.{la,so}
@ -288,46 +249,43 @@ done
 make DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p" install -C build-minimal/src
 mv -v ${RPM_BUILD_ROOT}%{_bindir}/curl{,.minimal}

-# install libcurl.m4
-install -d $RPM_BUILD_ROOT%{_datadir}/aclocal
-install -m 644 docs/libcurl/libcurl.m4 $RPM_BUILD_ROOT%{_datadir}/aclocal
-
-# install the executable and library that will be packaged as curl and libcurl
-cd build-full
-make DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p" install
+make DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p" install -C build-full

 # install zsh completion for curl
 # (we have to override LD_LIBRARY_PATH because we eliminated rpath)
 LD_LIBRARY_PATH="$RPM_BUILD_ROOT%{_libdir}:$LD_LIBRARY_PATH" \
-    make DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p" install -C scripts
-
-# do not install /usr/share/fish/completions/curl.fish which is also installed
-# by fish-3.0.2-1.module_f31+3716+57207597 and would trigger a conflict
-rm -rf ${RPM_BUILD_ROOT}%{_datadir}/fish
+    make DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p" \
+    install -C build-full/scripts

 rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la

-%ldconfig_scriptlets -n libcurl
+install -d $RPM_BUILD_ROOT%{_datadir}/aclocal
+install -m 644 docs/libcurl/libcurl.m4 $RPM_BUILD_ROOT%{_datadir}/aclocal

-%ldconfig_scriptlets -n libcurl-minimal
+# Make libcurl-devel multilib-ready (bug #488922)
+%multilib_fix_c_header --file %{_includedir}/curl/curlbuild.h
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%post -n libcurl -p /sbin/ldconfig
+
+%postun -n libcurl -p /sbin/ldconfig

 %files
-%doc CHANGES
-%doc README
-%doc docs/BUGS
-%doc docs/FAQ
-%doc docs/FEATURES
-%doc docs/RESOURCES
-%doc docs/TODO
-%doc docs/TheArtOfHttpScripting
+%doc CHANGES README*
+%doc docs/BUGS docs/FAQ docs/FEATURES
+%doc docs/MANUAL docs/RESOURCES
+%doc docs/TheArtOfHttpScripting docs/TODO
 %{_bindir}/curl
 %{_mandir}/man1/curl.1*
-%{_datadir}/zsh
+%{_datadir}/zsh/site-functions

 %files -n libcurl
+%{!?_licensedir:%global license %%doc}
 %license COPYING
-%{_libdir}/libcurl.so.4
-%{_libdir}/libcurl.so.4.[0-9].[0-9]
+%{_libdir}/libcurl.so.[0-9]
+%{_libdir}/libcurl.so.[0-9].[0-9].[0-9]

 %files -n libcurl-devel
 %doc docs/examples/*.c docs/examples/Makefile.example docs/INTERNALS.md
@ -345,282 +303,23 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 %{_mandir}/man1/curl.1*

 %files -n libcurl-minimal
+%{!?_licensedir:%global license %%doc}
 %license COPYING
-%{_libdir}/libcurl.so.4.minimal
-%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
+%{_libdir}/libcurl.so.[0-9].minimal
+%{_libdir}/libcurl.so.[0-9].[0-9].[0-9].minimal

 %changelog
-* Thu Nov 14 2019 Kamil Dudka <kdudka@redhat.com> - 7.67.1-2
- fix infinite loop on upload using a glob (#1771025)
+* Wed Apr 12 2017 Kamil Dudka <kdudka@redhat.com> 7.53.1-3.6
+- rebase on top of current master

-* Wed Nov 06 2019 Kamil Dudka <kdudka@redhat.com> - 7.67.1-1
- new upstream release
+* Wed Apr 05 2017 Kamil Dudka <kdudka@redhat.com> 7.53.1-3.5
+- keep the HTTP/2 support in libcurl-minimal, too

-* Wed Sep 11 2019 Kamil Dudka <kdudka@redhat.com> - 7.66.0-1
- new upstream release, which fixes the following vulnerabilities
-    CVE-2019-5481 - double free due to subsequent call of realloc()
-    CVE-2019-5482 - heap buffer overflow in function tftp_receive_packet()
+* Wed Apr 05 2017 Kamil Dudka <kdudka@redhat.com> 7.53.1-3.4
+- switch the TLS backend back to OpenSSL

-* Tue Aug 27 2019 Kamil Dudka <kdudka@redhat.com> - 7.65.3-4
- avoid reporting spurious error in the HTTP2 framing layer (#1690971)
-
-* Thu Aug 01 2019 Kamil Dudka <kdudka@redhat.com> - 7.65.3-3
- improve handling of gss_init_sec_context() failures
-
-* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 7.65.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
-
-* Sat Jul 20 2019 Paul Howarth <paul@city-fan.org> - 7.65.3-1
- new upstream release
-
-* Wed Jul 17 2019 Kamil Dudka <kdudka@redhat.com> - 7.65.2-1
- new upstream release
-
-* Wed Jun 05 2019 Kamil Dudka <kdudka@redhat.com> - 7.65.1-1
- new upstream release
-
-* Thu May 30 2019 Kamil Dudka <kdudka@redhat.com> - 7.65.0-2
- fix spurious timeout events with speed-limit (#1714893)
-
-* Wed May 22 2019 Kamil Dudka <kdudka@redhat.com> - 7.65.0-1
- new upstream release, which fixes the following vulnerabilities
-    CVE-2019-5436 - TFTP receive buffer overflow
-    CVE-2019-5435 - integer overflows in curl_url_set()
-
-* Thu May 09 2019 Kamil Dudka <kdudka@redhat.com> - 7.64.1-2
- do not treat failure of gss_init_sec_context() with --negotiate as fatal
-
-* Wed Mar 27 2019 Kamil Dudka <kdudka@redhat.com> - 7.64.1-1
- new upstream release
-
-* Mon Mar 25 2019 Kamil Dudka <kdudka@redhat.com> - 7.64.0-6
- remove verbose "Expire in" ... messages (#1690971)
-
-* Thu Mar 21 2019 Kamil Dudka <kdudka@redhat.com> - 7.64.0-5
- avoid spurious "Could not resolve host: [host name]" error messages
-
-* Wed Feb 27 2019 Kamil Dudka <kdudka@redhat.com> - 7.64.0-4
- fix NULL dereference if flushing cookies with no CookieInfo set (#1683676)
-
-* Mon Feb 25 2019 Kamil Dudka <kdudka@redhat.com> - 7.64.0-3
- prevent NetworkManager from leaking file descriptors (#1680198)
-
-* Mon Feb 11 2019 Kamil Dudka <kdudka@redhat.com> - 7.64.0-2
- make zsh completion work again
-
-* Wed Feb 06 2019 Kamil Dudka <kdudka@redhat.com> - 7.64.0-1
- new upstream release, which fixes the following vulnerabilities
-    CVE-2019-3823 - SMTP end-of-response out-of-bounds read
-    CVE-2019-3822 - NTLMv2 type-3 header stack buffer overflow
-    CVE-2018-16890 - NTLM type-2 out-of-bounds buffer read
-
-* Mon Feb 04 2019 Kamil Dudka <kdudka@redhat.com> - 7.63.0-7
- prevent valgrind from reporting false positives on x86_64
-
-* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 7.63.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
-
-* Mon Jan 21 2019 Kamil Dudka <kdudka@redhat.com> - 7.63.0-5
- xattr: strip credentials from any URL that is stored (CVE-2018-20483)
-
-* Fri Jan 04 2019 Kamil Dudka <kdudka@redhat.com> - 7.63.0-4
- replace 0105-curl-7.63.0-libstubgss-ldadd.patch by upstream patch
-
-* Wed Dec 19 2018 Kamil Dudka <kdudka@redhat.com> - 7.63.0-3
- curl -J: do not append to the destination file (#1658574)
-
-* Fri Dec 14 2018 Kamil Dudka <kdudka@redhat.com> - 7.63.0-2
- revert an upstream commit that broke `fedpkg new-sources` (#1659329)
-
-* Wed Dec 12 2018 Kamil Dudka <kdudka@redhat.com> - 7.63.0-1
- new upstream release
-
-* Wed Oct 31 2018 Kamil Dudka <kdudka@redhat.com> - 7.62.0-1
- new upstream release, which fixes the following vulnerabilities
-    CVE-2018-16839 - SASL password overflow via integer overflow
-    CVE-2018-16840 - use-after-free in handle close
-    CVE-2018-16842 - warning message out-of-buffer read
-
-* Thu Oct 11 2018 Kamil Dudka <kdudka@redhat.com> - 7.61.1-3
- enable TLS 1.3 post-handshake auth in OpenSSL
- update the documentation of --tlsv1.0 in curl(1) man page
-
-* Thu Oct 04 2018 Kamil Dudka <kdudka@redhat.com> - 7.61.1-2
- enforce versioned libpsl dependency for libcurl (#1631804)
- test320: update expected output for gnutls-3.6.4
- drop 0105-curl-7.61.0-tests-ssh-keygen.patch no longer needed (#1622594)
-
-* Wed Sep 05 2018 Kamil Dudka <kdudka@redhat.com> - 7.61.1-1
- new upstream release, which fixes the following vulnerability
-    CVE-2018-14618 - NTLM password overflow via integer overflow
-
-* Tue Sep 04 2018 Kamil Dudka <kdudka@redhat.com> - 7.61.0-8
- make the --tls13-ciphers option work
-
-* Mon Aug 27 2018 Kamil Dudka <kdudka@redhat.com> - 7.61.0-7
- tests: make ssh-keygen always produce PEM format (#1622594)
-
-* Wed Aug 15 2018 Kamil Dudka <kdudka@redhat.com> - 7.61.0-6
- scp/sftp: fix infinite connect loop on invalid private key (#1595135)
-
-* Thu Aug 09 2018 Kamil Dudka <kdudka@redhat.com> - 7.61.0-5
- ssl: set engine implicitly when a PKCS#11 URI is provided (#1219544)
-
-* Tue Aug 07 2018 Kamil Dudka <kdudka@redhat.com> - 7.61.0-4
- relax crypto policy for the test-suite to make it pass again (#1610888)
-
-* Tue Jul 31 2018 Kamil Dudka <kdudka@redhat.com> - 7.61.0-3
- disable flaky test 1900, which covers deprecated HTTP pipelining
- adapt test 323 for updated OpenSSL
-
-* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 7.61.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
-
-* Wed Jul 11 2018 Kamil Dudka <kdudka@redhat.com> - 7.61.0-1
- new upstream release, which fixes the following vulnerability
-    CVE-2018-0500 - SMTP send heap buffer overflow
-
-* Tue Jul 10 2018 Kamil Dudka <kdudka@redhat.com> - 7.60.0-3
- enable support for brotli compression in libcurl-full
-
-* Wed Jul 04 2018 Kamil Dudka <kdudka@redhat.com> - 7.60.0-2
- do not hard-wire path of the Python 3 interpreter
-
-* Wed May 16 2018 Kamil Dudka <kdudka@redhat.com> - 7.60.0-1
- new upstream release, which fixes the following vulnerabilities
-    CVE-2018-1000300 - FTP shutdown response buffer overflow
-    CVE-2018-1000301 - RTSP bad headers buffer over-read
-
-* Thu Mar 15 2018 Kamil Dudka <kdudka@redhat.com> - 7.59.0-3
- make the test-suite use Python 3
-
-* Wed Mar 14 2018 Kamil Dudka <kdudka@redhat.com> - 7.59.0-2
- ftp: fix typo in recursive callback detection for seeking
-
-* Wed Mar 14 2018 Kamil Dudka <kdudka@redhat.com> - 7.59.0-1
- new upstream release, which fixes the following vulnerabilities
-    CVE-2018-1000120 - FTP path trickery leads to NIL byte out of bounds write
-    CVE-2018-1000121 - LDAP NULL pointer dereference
-    CVE-2018-1000122 - RTSP RTP buffer over-read
-
-* Mon Mar 12 2018 Kamil Dudka <kdudka@redhat.com> - 7.58.0-8
- http2: mark the connection for close on GOAWAY
-
-* Mon Feb 19 2018 Paul Howarth <paul@city-fan.org> - 7.58.0-7
- Add explicity-used build requirements
- Fix libcurl soname version number in %%files list to avoid accidental soname
-  bumps
-
-* Thu Feb 15 2018 Paul Howarth <paul@city-fan.org> - 7.58.0-6
- switch to %%ldconfig_scriptlets
- drop legacy BuildRoot: and Group: tags
- enforce versioned libssh dependency for libcurl
-
-* Tue Feb 13 2018 Kamil Dudka <kdudka@redhat.com> - 7.58.0-5
- drop temporary workaround for #1540549
-
-* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 7.58.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
-
-* Wed Jan 31 2018 Kamil Dudka <kdudka@redhat.com> - 7.58.0-3
- temporarily work around internal compiler error on x86_64 (#1540549)
- disable brp-ldconfig to make RemovePathPostfixes work with shared libs again
-
-* Wed Jan 24 2018 Andreas Schneider <asn@redhat.com> - 7.58.0-2
- use libssh (instead of libssh2) to implement SCP/SFTP in libcurl (#1531483)
-
-* Wed Jan 24 2018 Kamil Dudka <kdudka@redhat.com> - 7.58.0-1
- new upstream release, which fixes the following vulnerabilities
-    CVE-2018-1000005 - curl: HTTP/2 trailer out-of-bounds read
-    CVE-2018-1000007 - curl: HTTP authentication leak in redirects
-
-* Wed Nov 29 2017 Kamil Dudka <kdudka@redhat.com> - 7.57.0-1
- new upstream release, which fixes the following vulnerabilities
-    CVE-2017-8816 - curl: NTLM buffer overflow via integer overflow
-    CVE-2017-8817 - curl: FTP wildcard out of bounds read
-    CVE-2017-8818 - curl: SSL out of buffer access
-
-* Mon Oct 23 2017 Kamil Dudka <kdudka@redhat.com> - 7.56.1-1
- new upstream release (fixes CVE-2017-1000257)
-
-* Wed Oct 04 2017 Kamil Dudka <kdudka@redhat.com> - 7.56.0-1
- new upstream release (fixes CVE-2017-1000254)
-
-* Mon Aug 28 2017 Kamil Dudka <kdudka@redhat.com> - 7.55.1-5
- apply the patch for the previous commit and fix its name (#1485702)
-
-* Mon Aug 28 2017 Bastien Nocera <bnocera@redhat.com> - 7.55.1-4
- Fix NetworkManager connectivity check not working (#1485702)
-
-* Tue Aug 22 2017 Kamil Dudka <kdudka@redhat.com> 7.55.1-3
- utilize system wide crypto policies for TLS (#1483972)
-
-* Tue Aug 15 2017 Kamil Dudka <kdudka@redhat.com> 7.55.1-2
- make zsh completion work again
-
-* Mon Aug 14 2017 Kamil Dudka <kdudka@redhat.com> 7.55.1-1
- new upstream release
-
-* Wed Aug 09 2017 Kamil Dudka <kdudka@redhat.com> 7.55.0-1
- drop multilib fix for libcurl header files no longer needed
- new upstream release, which fixes the following vulnerabilities
-    CVE-2017-1000099 - FILE buffer read out of bounds
-    CVE-2017-1000100 - TFTP sends more than buffer size
-    CVE-2017-1000101 - URL globbing out of bounds read
-
-* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 7.54.1-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
-
-* Fri Jul 28 2017 Florian Weimer <fweimer@redhat.com> - 7.54.1-7
- Rebuild with fixed binutils (#1475636)
-
-* Fri Jul 28 2017 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 7.54.1-6
- Enable separate debuginfo back
-
-* Thu Jul 27 2017 Kamil Dudka <kdudka@redhat.com> 7.54.1-5
- rebuild to fix broken linkage of cmake on ppc64le
-
-* Wed Jul 26 2017 Kamil Dudka <kdudka@redhat.com> 7.54.1-4
- avoid build failure caused broken RPM code that produces debuginfo packages
-
-* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 7.54.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
-
-* Mon Jun 19 2017 Kamil Dudka <kdudka@redhat.com> 7.54.1-2
- enforce versioned openssl-libs dependency for libcurl (#1462184)
-
-* Wed Jun 14 2017 Kamil Dudka <kdudka@redhat.com> 7.54.1-1
- new upstream release
-
-* Tue May 16 2017 Kamil Dudka <kdudka@redhat.com> 7.54.0-5
- add *-full provides for curl and libcurl to make them explicitly installable
-
-* Thu May 04 2017 Kamil Dudka <kdudka@redhat.com> 7.54.0-4
- make curl-minimal require a new enough version of libcurl
-
-* Thu Apr 27 2017 Kamil Dudka <kdudka@redhat.com> 7.54.0-3
- switch the TLS backend back to OpenSSL (#1445153)
-
-* Tue Apr 25 2017 Kamil Dudka <kdudka@redhat.com> 7.54.0-2
- nss: use libnssckbi.so as the default source of trust
- nss: do not leak PKCS #11 slot while loading a key (#1444860)
-
-* Thu Apr 20 2017 Kamil Dudka <kdudka@redhat.com> 7.54.0-1
- new upstream release (fixes CVE-2017-7468)
-
-* Thu Apr 13 2017 Paul Howarth <paul@city-fan.org> 7.53.1-7
- add %%post and %%postun scriptlets for libcurl-minimal
- libcurl-minimal provides both libcurl and libcurl%%{?_isa}
- remove some legacy spec file cruft
-
-* Wed Apr 12 2017 Kamil Dudka <kdudka@redhat.com> 7.53.1-6
- provide (lib)curl-minimal subpackages with lightweight build of (lib)curl
-
-* Mon Apr 10 2017 Kamil Dudka <kdudka@redhat.com> 7.53.1-5
- disable upstream test 2033 (flaky test for HTTP/1 pipelining)
-
-* Fri Apr 07 2017 Kamil Dudka <kdudka@redhat.com> 7.53.1-4
- fix out of bounds read in curl --write-out (CVE-2017-7407)
+* Tue Mar 14 2017 Kamil Dudka <kdudka@redhat.com> 7.53.1-3.3
+- rebase on top of current master

 * Mon Mar 06 2017 Kamil Dudka <kdudka@redhat.com> 7.53.1-3
 - make the dependency on nss-pem arch-specific (#1428550)
@ -707,6 +406,12 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 * Wed Mar 23 2016 Kamil Dudka <kdudka@redhat.com> 7.48.0-1
 - new upstream release

+* Thu Mar 17 2016 Kamil Dudka <kdudka@redhat.com> 7.47.1-4.2
+- keep the GSS-API support in libcurl-minimal, too
+
+* Wed Mar 16 2016 Kamil Dudka <kdudka@redhat.com> 7.47.1-4.1
+- provide curl-minimal and libcurl-minimal subpkgs with a minimal build of curl
+
 * Wed Mar 02 2016 Kamil Dudka <kdudka@redhat.com> 7.47.1-4
 - do not refuse cookies for localhost (#1308791)

--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (curl-7.67.0.tar.xz) = 1d5a344be92dd61b1ba5189eff0fe337e492f2e850794943570fe71c985d0af60bd412082be646e07aaa8639908593e1ce4bb2d07db35394ec377e8ce8b9ae29
+SHA512 (curl-7.53.1.tar.lzma) = 1a04904a32b3c8767bcdc629c08446495ed40b7ed20e96d74101a0539bc88eba9a2350712afda94d886520f480172f532f020f0c730deb2bbec0bdc2eb5371ea
--- a/tests/non-root-user-download/Makefile
+++ b/tests/non-root-user-download/Makefile
@ -1,63 +0,0 @@
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Makefile of /CoreOS/curl/Sanity/non-root-user-download
-#   Description: various download methods with non-root user
-#   Author: Karel Srot <ksrot@redhat.com>
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Copyright (c) 2013 Red Hat, Inc. All rights reserved.
-#
-#   This copyrighted material is made available to anyone wishing
-#   to use, modify, copy, or redistribute it subject to the terms
-#   and conditions of the GNU General Public License version 2.
-#
-#   This program is distributed in the hope that it will be
-#   useful, but WITHOUT ANY WARRANTY; without even the implied
-#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
-#   PURPOSE. See the GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU General Public
-#   License along with this program; if not, write to the Free
-#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
-#   Boston, MA 02110-1301, USA.
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-export TEST=/CoreOS/curl/Sanity/non-root-user-download
-export TESTVERSION=1.0
-
-BUILT_FILES=
-
-FILES=$(METADATA) runtest.sh Makefile PURPOSE
-
-.PHONY: all install download clean
-
-run: $(FILES) build
-	./runtest.sh
-
-build: $(BUILT_FILES)
-	test -x runtest.sh || chmod a+x runtest.sh
-
-clean:
-	rm -f *~ $(BUILT_FILES)
-
-
-include /usr/share/rhts/lib/rhts-make.include
-
-$(METADATA): Makefile
-	@echo "Owner:           Karel Srot <ksrot@redhat.com>" > $(METADATA)
-	@echo "Name:            $(TEST)" >> $(METADATA)
-	@echo "TestVersion:     $(TESTVERSION)" >> $(METADATA)
-	@echo "Path:            $(TEST_DIR)" >> $(METADATA)
-	@echo "Description:     various download methods with non-root user" >> $(METADATA)
-	@echo "Type:            Sanity" >> $(METADATA)
-	@echo "TestTime:        5m" >> $(METADATA)
-	@echo "RunFor:          curl" >> $(METADATA)
-	@echo "Requires:        curl" >> $(METADATA)
-	@echo "Priority:        Normal" >> $(METADATA)
-	@echo "License:         GPLv2" >> $(METADATA)
-	@echo "Confidential:    no" >> $(METADATA)
-	@echo "Destructive:     no" >> $(METADATA)
-
-	rhts-lint $(METADATA)
--- a/tests/non-root-user-download/PURPOSE
+++ b/tests/non-root-user-download/PURPOSE
@ -1,3 +0,0 @@
-PURPOSE of /CoreOS/curl/Sanity/non-root-user-download
-Description: various download methods with non-root user
-Author: Karel Srot <ksrot@redhat.com>
--- a/tests/non-root-user-download/runtest.sh
+++ b/tests/non-root-user-download/runtest.sh
@ -1,92 +0,0 @@
-#!/bin/bash
-# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   runtest.sh of /CoreOS/curl/Sanity/non-root-user-download
-#   Description: various download methods with non-root user
-#   Author: Karel Srot <ksrot@redhat.com>
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Copyright (c) 2013 Red Hat, Inc. All rights reserved.
-#
-#   This copyrighted material is made available to anyone wishing
-#   to use, modify, copy, or redistribute it subject to the terms
-#   and conditions of the GNU General Public License version 2.
-#
-#   This program is distributed in the hope that it will be
-#   useful, but WITHOUT ANY WARRANTY; without even the implied
-#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
-#   PURPOSE. See the GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU General Public
-#   License along with this program; if not, write to the Free
-#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
-#   Boston, MA 02110-1301, USA.
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-# Include Beaker environment
-. /usr/bin/rhts-environment.sh || exit 1
-. /usr/share/beakerlib/beakerlib.sh || exit 1
-
-PACKAGE="curl"
-
-FTP_URL=ftp://ftp.scientificlinux.org/linux/fedora/releases/18/Live/x86_64/Fedora-18-x86_64-Live-CHECKSUM
-HTTP_URL=https://archives.fedoraproject.org/pub/archive/fedora/linux/releases/18/Live/x86_64/Fedora-18-x86_64-Live-CHECKSUM
-CONTENT=a276e06d244e04b765f0a35532d9036ad84f340b0bdcc32e0233a8fbc31d5bed
-PASSWORD=pAssw0rd
-OPTIONS=""
-rlIsRHEL 7 && OPTIONS="--insecure"
-
-rlJournalStart
-    rlPhaseStartSetup
-        rlAssertRpm $PACKAGE
-        rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
-        rlRun "pushd $TmpDir"
-        rlRun "useradd -m curltester" 0 "Adding the test user"
-        rlRun "echo $PASSWORD | passwd --stdin curltester" 0 "Setting the password for the test user"
-        rlRun "su - curltester -c 'echo $CONTENT > ~/testfile'" 0 "Creating ~curltester/testfile"
-        [ -d $HOME/.ssh ] || ( mkdir $HOME/.ssh && restorecon HOME/.ssh )
-        rlFileBackup $HOME/.ssh/known_hosts /etc/hosts
-        ssh-keygen -F localhost -f $HOME/.ssh/known_hosts || rlRun "ssh-keyscan localhost >> $HOME/.ssh/known_hosts"
-    rlPhaseEnd
-
-    rlPhaseStartTest "http download"
-        rlRun "su - curltester -c 'curl $HTTP_URL' &> http.log"
-        cat http.log
-        rlAssertGrep "$CONTENT" http.log
-    rlPhaseEnd
-
-    rlPhaseStartTest "ftp download"
-        rlRun "su - curltester -c 'curl $FTP_URL' &> ftp.log"
-        cat ftp.log
-        rlAssertGrep "$CONTENT" ftp.log
-    rlPhaseEnd
-
-if ! rlIsRHEL 5; then
-# scp sftp not supported on RHEL5
-
-    rlPhaseStartTest "scp download"
-        rlRun "curl -u curltester:$PASSWORD $OPTIONS scp://localhost/home/curltester/testfile &> scp.log"
-        cat scp.log
-        rlAssertGrep "$CONTENT" scp.log
-    rlPhaseEnd
-
-    rlPhaseStartTest "sftp download"
-        rlRun "curl -u curltester:$PASSWORD $OPTIONS sftp://localhost/home/curltester/testfile &> sftp.log"
-        cat sftp.log
-        rlAssertGrep "$CONTENT" sftp.log
-    rlPhaseEnd
-
-fi
-
-    rlPhaseStartCleanup
-        rlRun "rm -f $HOME/.ssh/known_hosts"
-        rlFileRestore
-        rlRun "popd"
-        rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
-        rlRun "userdel -r --force curltester"
-    rlPhaseEnd
-rlJournalPrintText
-rlJournalEnd
--- a/tests/non-root-user-download/runtest.yml
+++ b/tests/non-root-user-download/runtest.yml
@ -1,64 +0,0 @@
- hosts: '{{ hosts | default("localhost") }}'
-  vars:
-    package: "curl"
-  tasks:
-    - name: "Set Content variables"
-      set_fact:
-        content: "a276e06d244e04b765f0a35532d9036ad84f340b0bdcc32e0233a8fbc31d5bed"
-        password: "pAssw0rd"
-        crypt_password: "$6$/5GE87XLYLLfB3qx$w84Kct34UZG/4buTSXWkaaVIsw2xGXSAdmnS2QYdG8TtRgTsBnHdFdSkhoy.tKIE6A6LKlxczIZjQbpB19k7B1"
-    - name: "Create user curltester"
-      user: 
-        name: "curltester"
-        password: "{{ crypt_password }}"
-    - name: "Copy testfile"
-      copy:
-          dest: "/home/curltester/testfile"
-          content: "{{ content }}"
-    - block:
-      - name: "http download"
-        command: "curl https://archives.fedoraproject.org/pub/archive/fedora/linux/releases/18/Live/x86_64/Fedora-18-x86_64-Live-CHECKSUM"
-        args:
-            warn: false
-        register: http
-        become: yes
-        become_user: curltester
-      - name: "Compare http output"
-        fail:
-            msg: "{{ content }} not in {{ http.stdout }}"
-        when: content not in http.stdout
-      - name: "ftp download"
-        command: "curl ftp://ftp.scientificlinux.org/linux/fedora/releases/18/Live/x86_64/Fedora-18-x86_64-Live-CHECKSUM"
-        args:
-            warn: false
-        register: ftp
-        become: yes
-        become_user: curltester
-      - name: "Compare ftp output"
-        fail:
-            msg: "{{ content }} not in {{ ftp.stdout }}"
-        when: content not in ftp.stdout
-      - name: "scp download"
-        command: "curl -u curltester:{{ password }} --insecure scp://localhost/home/curltester/testfile"
-        args:
-            warn: false
-        register: scp
-      - name: "Compare scp output"
-        fail:
-            msg: "{{ content }} not in {{ scp.stdout }}"
-        when: content not in scp.stdout
-      - name: "sftp download"
-        command: "curl -u curltester:{{ password }} --insecure sftp://localhost/home/curltester/testfile"
-        args:
-            warn: false
-        register: sftp
-      - name: "Compare sftp output"
-        fail:
-            msg: "{{ content }} not in {{ sftp.stdout }}"
-        when: content not in sftp.stdout
-      always:
-      - name: "Remove user curltester"
-        user: 
-            name: "curltester"
-            remove: yes
-            state: absent
--- a/tests/scp-and-sftp-download-test/Makefile
+++ b/tests/scp-and-sftp-download-test/Makefile
@ -1,63 +0,0 @@
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Makefile of /CoreOS/curl/Sanity/scp-and-sftp-download-test
-#   Description: downloads test file through scp and sftp
-#   Author: Karel Srot <ksrot@redhat.com>
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Copyright (c) 2012 Red Hat, Inc. All rights reserved.
-#
-#   This copyrighted material is made available to anyone wishing
-#   to use, modify, copy, or redistribute it subject to the terms
-#   and conditions of the GNU General Public License version 2.
-#
-#   This program is distributed in the hope that it will be
-#   useful, but WITHOUT ANY WARRANTY; without even the implied
-#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
-#   PURPOSE. See the GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU General Public
-#   License along with this program; if not, write to the Free
-#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
-#   Boston, MA 02110-1301, USA.
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-export TEST=/CoreOS/curl/Sanity/scp-and-sftp-download-test
-export TESTVERSION=1.0
-
-BUILT_FILES=
-
-FILES=$(METADATA) runtest.sh Makefile PURPOSE
-
-.PHONY: all install download clean
-
-run: $(FILES) build
-	./runtest.sh
-
-build: $(BUILT_FILES)
-	test -x runtest.sh || chmod a+x runtest.sh
-
-clean:
-	rm -f *~ $(BUILT_FILES)
-
-
-include /usr/share/rhts/lib/rhts-make.include
-
-$(METADATA): Makefile
-	@echo "Owner:           Karel Srot <ksrot@redhat.com>" > $(METADATA)
-	@echo "Name:            $(TEST)" >> $(METADATA)
-	@echo "TestVersion:     $(TESTVERSION)" >> $(METADATA)
-	@echo "Path:            $(TEST_DIR)" >> $(METADATA)
-	@echo "Description:     downloads test file through scp and sftp" >> $(METADATA)
-	@echo "Type:            Sanity" >> $(METADATA)
-	@echo "TestTime:        10m" >> $(METADATA)
-	@echo "RunFor:          curl" >> $(METADATA)
-	@echo "Requires:        curl openssh" >> $(METADATA)
-	@echo "Priority:        Normal" >> $(METADATA)
-	@echo "License:         GPLv2" >> $(METADATA)
-	@echo "Confidential:    no" >> $(METADATA)
-	@echo "Destructive:     no" >> $(METADATA)
-
-	rhts-lint $(METADATA)
--- a/tests/scp-and-sftp-download-test/PURPOSE
+++ b/tests/scp-and-sftp-download-test/PURPOSE
@ -1,12 +0,0 @@
-PURPOSE of /CoreOS/curl/Sanity/scp-and-sftp-download-test
-Description: downloads test file through scp and sftp
-Author: Karel Srot <ksrot@redhat.com>
-
-Test scenario:
- scp download
- sftp download
- scp upload
- sftp upload
-
-When PUBKEY_PARAM global variable is set to 'empty' or 'none', scenarios are executed
-with empty --pubkey parameter (--pubkey "") or with the paramiter omitted
--- a/tests/scp-and-sftp-download-test/runtest.sh
+++ b/tests/scp-and-sftp-download-test/runtest.sh
@ -1,130 +0,0 @@
-#!/bin/bash
-# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   runtest.sh of /CoreOS/curl/Sanity/scp-and-sftp-download-test
-#   Description: downloads test file through scp and sftp
-#   Author: Karel Srot <ksrot@redhat.com>
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Copyright (c) 2012 Red Hat, Inc. All rights reserved.
-#
-#   This copyrighted material is made available to anyone wishing
-#   to use, modify, copy, or redistribute it subject to the terms
-#   and conditions of the GNU General Public License version 2.
-#
-#   This program is distributed in the hope that it will be
-#   useful, but WITHOUT ANY WARRANTY; without even the implied
-#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
-#   PURPOSE. See the GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU General Public
-#   License along with this program; if not, write to the Free
-#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
-#   Boston, MA 02110-1301, USA.
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-# Include Beaker environment
-. /usr/bin/rhts-environment.sh
-. /usr/lib/beakerlib/beakerlib.sh
-
-PACKAGE="curl"
-
-# GLOBAL/ENVIRONMENT VARIABLE:
-# PUBKEY_PARAM
-
-if [ "$PUBKEY_PARAM" == 'none' ]; then
-  PUBKEY_PARAM=""
-elif [ "$PUBKEY_PARAM" == 'empty' ]; then
-  PUBKEY_PARAM="--pubkey ''"
-else
-  PUBKEY_PARAM='--pubkey /root/.ssh/id_rsa.pub'
-fi
-
-FILESIZE=200 #MB
-OPTIONS=""
-rlIsRHEL 7 && OPTIONS="--insecure"
-
-rlJournalStart
-    rlPhaseStartSetup
-        rlAssertRpm $PACKAGE
-        rlFileBackup --clean  /root/.ssh/known_hosts /root/.ssh
-        rlFileBackup --clean  /etc/ssh/sshd_config
-        rlRun "useradd -m curltestuser"
-
-        # In FIPS-140 we need to explicitly allow one of libssh2-implemented
-        # Kex algorithms (eg. DH14-SHA1).
-        rlRun "echo 'KexAlgorithms +diffie-hellman-group14-sha1' >> /etc/ssh/sshd_config" 0
-        rlServiceStop "sshd"
-        rlRun "service sshd start && sleep 5" 0
-
-        # file for download test
-        rlRun "su - curltestuser -c 'dd if=/dev/zero of=testfile bs=1M count=200'" 0 "Creating $FILESIZE MB large test file"
-        SUM=`sha256sum /home/curltestuser/testfile | cut -d ' ' -f 1`
-        rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
-        rlRun "pushd $TmpDir"
-        rlRun "rm -vf /root/.ssh/*"
-        rlRun "ssh-keygen -t rsa -f /root/.ssh/id_rsa -N ''" 0 "Generate ssh key"
-        rlRun "mkdir /home/curltestuser/.ssh && cat /root/.ssh/id_rsa.pub > /home/curltestuser/.ssh/authorized_keys && chown -R curltestuser.curltestuser /home/curltestuser/.ssh/" 0 "Save the key to .ssh/authorized_keys"
-
-        # this is a workaround as libssh2 is not able to use newer hashes
-        #rlRun "ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/root/.ssh/known_hosts curltestuser@localhost 'exit'" 0 "First ssh login to add localhost to known_hosts"
-        rlRun "ssh-keyscan localhost >>/root/.ssh/known_hosts"
-
-        # files for upload test
-        rlRun "dd if=/dev/zero of=uploadfile1 bs=1M count=50" 0 "Creating 50 MB large test file"
-        UPSUM1=`sha256sum uploadfile1 | cut -d ' ' -f 1`
-        rlRun "dd if=/dev/zero of=uploadfile2 bs=1M count=20" 0 "Creating 20 MB large test file"
-        UPSUM2=`sha256sum uploadfile2 | cut -d ' ' -f 1`
-    rlPhaseEnd
-
-    rlPhaseStartTest "scp download test"
-        rlRun "curl -o ./scp_file -u curltestuser: --key /root/.ssh/id_rsa $PUBKEY_PARAM $OPTIONS scp://localhost/home/curltestuser/testfile" 0 "Initiate curl scp download"
-        rlAssertExists scp_file
-        SCPSUM=`sha256sum ./scp_file | cut -d ' ' -f 1`
-        rlAssertEquals "Checking that whole file was properly downloaded" $SUM $SCPSUM
-        rm -f ./scp_file
-    rlPhaseEnd
-
-    rlPhaseStartTest "sftp download test"
-        rlRun "curl -o ./sftp_file -u curltestuser: --key /root/.ssh/id_rsa $PUBKEY_PARAM $OPTIONS sftp://localhost/home/curltestuser/testfile" 0 "Initiate curl scp download"
-        rlAssertExists sftp_file
-        SFTPSUM=`sha256sum ./sftp_file | cut -d ' ' -f 1`
-        rlAssertEquals "Checking that whole file was properly downloaded" $SUM $SFTPSUM
-        rm -f ./sftp_file
-    rlPhaseEnd
-
-    rlPhaseStartTest "scp upload test"
-        rlRun "curl -T '{uploadfile1,uploadfile2}' scp://localhost/home/curltestuser/ -u curltestuser: --key /root/.ssh/id_rsa $PUBKEY_PARAM $OPTIONS" 0 "Initiate curl scp upload"
-        rlAssertExists /home/curltestuser/uploadfile1
-        rlAssertExists /home/curltestuser/uploadfile2
-        SCPUPSUM1=`sha256sum /home/curltestuser/uploadfile1 | cut -d ' ' -f 1`
-        SCPUPSUM2=`sha256sum /home/curltestuser/uploadfile2 | cut -d ' ' -f 1`
-        rlAssertEquals "Checking that 1st file was properly uploaded" ${UPSUM1} ${SCPUPSUM1}
-        rlAssertEquals "Checking that 2nd file was properly uploaded" ${UPSUM2} ${SCPUPSUM2}
-        rm -f /home/curltestuser/uploadfile1 /home/curltestuser/uploadfile2
-    rlPhaseEnd
-
-    rlPhaseStartTest "sftp upload test"
-        rlRun "curl -T '{uploadfile1,uploadfile2}' sftp://localhost/home/curltestuser/ -u curltestuser: --key /root/.ssh/id_rsa $PUBKEY_PARAM $OPTIONS" 0 "Initiate curl sftp upload"
-        rlAssertExists /home/curltestuser/uploadfile1
-        rlAssertExists /home/curltestuser/uploadfile2
-        SFTPUPSUM1=`sha256sum /home/curltestuser/uploadfile1 | cut -d ' ' -f 1`
-        SFTPUPSUM2=`sha256sum /home/curltestuser/uploadfile2 | cut -d ' ' -f 1`
-        rlAssertEquals "Checking that 1st file was properly uploaded" ${UPSUM1} ${SFTPUPSUM1}
-        rlAssertEquals "Checking that 2nd file was properly uploaded" ${UPSUM2} ${SFTPUPSUM2}
-        rm -f /home/curltestuser/uploadfile1 /home/curltestuser/uploadfile2
-    rlPhaseEnd
-
-
-    rlPhaseStartCleanup
-        rlRun "userdel -r --force curltestuser"
-        rlRun "popd"
-        rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
-        rlFileRestore
-        rlServiceRestore "sshd"
-    rlPhaseEnd
-rlJournalPrintText
-rlJournalEnd
--- a/tests/tests.yml
+++ b/tests/tests.yml
@ -1,26 +0,0 @@
---
-# Tests for Classic
- hosts: localhost
-  roles:
-  - role: standard-test-beakerlib
-    tags:
-    - classic
-    tests:
-    - scp-and-sftp-download-test
-    - non-root-user-download
-    required_packages:
-    - findutils         # non-root-user-download needs find command
-                        # scp-and-sftp-download-test needs find command
-    - passwd            # non-root-user-download needs passwd command
-    - openssh-clients   # non-root-user-download needs ssh-keyscan command
-
-# Tests for Atomic
- hosts: localhost
-  roles:
-  - role: standard-test-beakerlib
-    tags:
-    - atomic
-    tests:
-    - scp-and-sftp-download-test
-    - non-root-user-download
-
Author	SHA1	Message	Date
Kamil Dudka	f0e11fe97a	Merge branch 'master' into private-kdudka-libcurl-minimal	2017-04-12 10:35:14 +02:00
Kamil Dudka	e8208d3e4a	keep the HTTP/2 support in libcurl-minimal, too	2017-04-05 17:04:59 +02:00
Kamil Dudka	10c005f19a	fixup: we use libidn2 in Fedora curl now	2017-04-05 16:26:47 +02:00
Kamil Dudka	7c3b67bb15	switch the TLS backend back to OpenSSL	2017-04-05 14:17:50 +02:00
Kamil Dudka	1426ff4f4a	make test1139 pass with out of source tree builds	2017-03-14 14:22:08 +01:00
Kamil Dudka	8bab5c452b	Merge branch 'master' into private-kdudka-libcurl-minimal	2017-03-14 14:00:15 +01:00
Kamil Dudka	927009397f	keep the GSS-API support in libcurl-minimal, too	2016-03-17 09:14:20 +01:00
Kamil Dudka	68237ca69d	Merge branch 'master' into private-kdudka-libcurl-minimal	2016-03-16 15:53:23 +01:00
Kamil Dudka	526ad85741	*-minimal: initial draft of summary and description	2016-02-26 16:41:15 +01:00
Kamil Dudka	c9160a8bb4	provide the curl-minimal subpackage with a lightweight build of curl	2016-02-26 14:43:32 +01:00
Kamil Dudka	ec95edb890	libcurl-minimal: initial draft	2016-02-11 09:28:17 +01:00