From c9f82120ba1fb5624f110cbe22d5664c01e289648b182e3e2af064db861d1ea9 Mon Sep 17 00:00:00 2001
From: Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
Date: Wed, 31 Aug 2022 11:55:07 +0000
Subject: [PATCH] Accepting request 1000420 from
 home:pmonrealgonzalez:branches:devel:libraries:c_c++

- Update to 7.85.0:
  * Security fixes: [bsc#1202593, CVE-2022-35252]
    - control code in cookie denial of service
  * Changes:
    - quic: add support via wolfSSL
    - schannel: Add TLS 1.3 support
    - setopt: add CURLOPT_PROTOCOLS_STR and CURLOPT_REDIR_PROTOCOLS_STR
  * Bugfixes:
    - asyn-thread: fix socket leak on OOM
    - asyn-thread: make getaddrinfo_complete return CURLcode
    - base64: base64url encoding has no padding
    - configure: fix broken m4 syntax in TLS options
    - configure: if asked to use TLS, fail if no TLS lib was detected
    - connect: add quic connection information
    - connect: set socktype/protocol correctly
    - cookie: reject cookies with "control bytes"
    - cookie: treat a blank domain in Set-Cookie: as non-existing
    - curl: output warning when a cookie is dropped due to size
    - Curl_close: call Curl_resolver_cancel to avoid memory-leak
    - digest: fix memory leak, fix not quoted 'opaque'
    - digest: fix missing increment of 'nc' value for auth-int
    - digest: pass over leading spaces in qop values
    - digest: reject broken header with session protocol but without qop
    - doh: use https protocol by default
    - easy_lock.h: include sched.h if available to fix build
    - easy_lock.h: use __asm__ instead of asm to fix build
    - easy_lock: switch to using atomic_int instead of bool
    - ftp: use a correct expire ID for timer expiry
    - h2h3: fix overriding the 'TE: Trailers' header
    - hostip: resolve *.localhost to 127.0.0.1/::1

OBS-URL: https://build.opensuse.org/request/show/1000420
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=317
---
 curl-7.84.0.tar.xz     |  3 ---
 curl-7.84.0.tar.xz.asc | 11 --------
 curl-7.85.0.tar.xz     |  3 +++
 curl-7.85.0.tar.xz.asc | 11 ++++++++
 curl.changes           | 60 ++++++++++++++++++++++++++++++++++++++++++
 curl.spec              |  3 +--
 libcurl-ocloexec.patch | 50 +++++++++++++++++------------------
 tests-for-32bit.patch  | 30 ---------------------
 8 files changed, 100 insertions(+), 71 deletions(-)
 delete mode 100644 curl-7.84.0.tar.xz
 delete mode 100644 curl-7.84.0.tar.xz.asc
 create mode 100644 curl-7.85.0.tar.xz
 create mode 100644 curl-7.85.0.tar.xz.asc
 delete mode 100644 tests-for-32bit.patch

diff --git a/curl-7.84.0.tar.xz b/curl-7.84.0.tar.xz
deleted file mode 100644
index 1002b6a..0000000
--- a/curl-7.84.0.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:2d118b43f547bfe5bae806d8d47b4e596ea5b25a6c1f080aef49fbcd817c5db8
-size 2477944
diff --git a/curl-7.84.0.tar.xz.asc b/curl-7.84.0.tar.xz.asc
deleted file mode 100644
index bd39fcc..0000000
--- a/curl-7.84.0.tar.xz.asc
+++ /dev/null
@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmK5SoUACgkQXMkI/bce
-EsKDNQgAhJOD5v9j8Njhb09goLU4rHW4qCQjfhmWPEHyWqFSw4WUaBpZkNR5SzIO
-wpEGgCbxbpmsfQuGeguc100hESCCjHlZlUcNDfCF0YoWt+cRKvCyR278GcqLJajH
-DL5kXeq8QCkL9o1M7lmNfJn5Dmd7CcU+ALryKz6O1T7vYeZZzAYA9zZ5D0NORsil
-F9n1ZjwI6r7m+S73qkI5+7LQHgtP5EkwJODVorEhmZPZAPldMxCv3yn3HwSmtzaq
-JbYKsHrDh1BFCo1auSpK4LBKWBOIpYCqW0jvwnsShw72dgYGHR9uu/YMgDz18OeS
-hWWVocRxW2GW+Y3dBi1PF9an3/J0nQ==
-=Oe40
------END PGP SIGNATURE-----
diff --git a/curl-7.85.0.tar.xz b/curl-7.85.0.tar.xz
new file mode 100644
index 0000000..92341d3
--- /dev/null
+++ b/curl-7.85.0.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:88b54a6d4b9a48cb4d873c7056dcba997ddd5b7be5a2d537a4acb55c20b04be6
+size 2480648
diff --git a/curl-7.85.0.tar.xz.asc b/curl-7.85.0.tar.xz.asc
new file mode 100644
index 0000000..dae7ee7
--- /dev/null
+++ b/curl-7.85.0.tar.xz.asc
@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmMO/LoACgkQXMkI/bce
+EsK14Af+L+0de5NTHNuXkryTcHZ35nGUhBcYJxE1Gyf0Or7IpX0rYsqpE6T1B6gm
+/NwJb4yDzCPbtekHBmwhQNNj91p5BCEtOlcwOYaT6rgWiXvCNMtWydmPZWrwg9Pk
+zVp+CVNOVoUDI2x2EAZc6IrxagKuvEzy29MFsRmXy/17D5XKkRH0QUJE3XfxorgV
+LshtSVlxzlZXmer3jGqCKqyJJc+8du92rggDhs7W8e1JZ6M6ujc9p6LfO+HaW5c+
+RPcLdScjzuOurAKwhWRWYcW3hukHGZ68iZYgfT2B43iLtRiwo2hQlHkt5Jg6WYmi
+jKO6tKo1uF+bm7/5PWipWCTjvR8F3g==
+=TXWE
+-----END PGP SIGNATURE-----
diff --git a/curl.changes b/curl.changes
index 41d2a5e..7f276fe 100644
--- a/curl.changes
+++ b/curl.changes
@@ -1,3 +1,63 @@
+-------------------------------------------------------------------
+Wed Aug 31 07:34:20 UTC 2022 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to 7.85.0:
+  * Security fixes: [bsc#1202593, CVE-2022-35252]
+    - control code in cookie denial of service
+  * Changes:
+    - quic: add support via wolfSSL
+    - schannel: Add TLS 1.3 support
+    - setopt: add CURLOPT_PROTOCOLS_STR and CURLOPT_REDIR_PROTOCOLS_STR
+  * Bugfixes:
+    - asyn-thread: fix socket leak on OOM
+    - asyn-thread: make getaddrinfo_complete return CURLcode
+    - base64: base64url encoding has no padding
+    - configure: fix broken m4 syntax in TLS options
+    - configure: if asked to use TLS, fail if no TLS lib was detected
+    - connect: add quic connection information
+    - connect: set socktype/protocol correctly
+    - cookie: reject cookies with "control bytes"
+    - cookie: treat a blank domain in Set-Cookie: as non-existing
+    - curl: output warning when a cookie is dropped due to size
+    - Curl_close: call Curl_resolver_cancel to avoid memory-leak
+    - digest: fix memory leak, fix not quoted 'opaque'
+    - digest: fix missing increment of 'nc' value for auth-int
+    - digest: pass over leading spaces in qop values
+    - digest: reject broken header with session protocol but without qop
+    - doh: use https protocol by default
+    - easy_lock.h: include sched.h if available to fix build
+    - easy_lock.h: use __asm__ instead of asm to fix build
+    - easy_lock: switch to using atomic_int instead of bool
+    - ftp: use a correct expire ID for timer expiry
+    - h2h3: fix overriding the 'TE: Trailers' header
+    - hostip: resolve *.localhost to 127.0.0.1/::1
+    - HTTP3.md: update to msh3 v0.4.0
+    - hyper: use wakers for curl pause/resume
+    - lib3026: reduce the number of threads to 100
+    - libssh2: make atime/mtime date overflow return error
+    - libssh2: provide symlink name in SFTP dir listing
+    - multi: have curl_multi_remove_handle close CONNECT_ONLY transfer
+    - multi: use larger dns hash table for multi interface
+    - multi_wait: fix skipping to populate revents for extra_fds
+    - netrc: Use the password from lines without login
+    - ngtcp2: Fix build error due to change in nghttp3 prototypes
+    - ngtcp2: fix stall or busy loop on STOP_SENDING with upload data
+    - ngtcp2: implement cb_h3_stop_sending and cb_h3_reset_stream callbacks
+    - openssl: add 'CURL_BORINGSSL_VERSION' to identify BoringSSL
+    - openssl: add cert path in error message
+    - openssl: add details to "unable to set client certificate" error
+    - openssl: fix BoringSSL symbol conflicts with LDAP and Schannel
+    - select: do not return fatal error on EINTR from poll()
+    - sendf: fix paused header writes since after the header API
+    - sendf: skip storing HTTP headers if HTTP disabled
+    - url: really use the user provided in the url when netrc entry exists
+    - url: reject URLs with hostnames longer than 65535 bytes
+    - url: treat missing usernames in netrc as empty
+    - urldata: reduce size of several struct fields
+    - vtls: make Curl_ssl_backend() return the enum type curl_sslbackend
+  * Remove tests-for-32bit.patch fixed in the update
+  * Rebase libcurl-ocloexec.patch
+
 -------------------------------------------------------------------
 Sun Jul 24 19:37:01 UTC 2022 - Dirk Müller <dmueller@suse.com>
 
diff --git a/curl.spec b/curl.spec
index c3c5248..846528a 100644
--- a/curl.spec
+++ b/curl.spec
@@ -21,7 +21,7 @@
 # need ssl always for python-pycurl
 %bcond_without openssl
 Name:           curl
-Version:        7.84.0
+Version:        7.85.0
 Release:        0
 Summary:        A Tool for Transferring Data from URLs
 License:        curl
@@ -35,7 +35,6 @@ Patch1:         dont-mess-with-rpmoptflags.patch
 Patch2:         curl-secure-getenv.patch
 #PATCH-FIX-OPENSUSE bsc#1076446 protocol redirection not supported or disabled
 Patch3:         curl-disabled-redirect-protocol-message.patch
-Patch4:         https://github.com/curl/curl/commit/0484127805dc2cb7c743b67e017a725b5369227d.patch#/tests-for-32bit.patch
 BuildRequires:  libtool
 BuildRequires:  pkgconfig
 Requires:       libcurl4 = %{version}
diff --git a/libcurl-ocloexec.patch b/libcurl-ocloexec.patch
index 9a54a5d..d9d5759 100644
--- a/libcurl-ocloexec.patch
+++ b/libcurl-ocloexec.patch
@@ -7,20 +7,20 @@ To make it portable you have to test O_CLOEXEC support at *runtime*
 compile time is not enough.
 
 
-Index: curl-7.82.0/lib/file.c
+Index: curl-7.85.0/lib/file.c
 ===================================================================
---- curl-7.82.0.orig/lib/file.c
-+++ curl-7.82.0/lib/file.c
-@@ -194,7 +194,7 @@ static CURLcode file_connect(struct Curl
-     return CURLE_URL_MALFORMAT;
+--- curl-7.85.0.orig/lib/file.c
++++ curl-7.85.0/lib/file.c
+@@ -222,7 +222,7 @@ static CURLcode file_connect(struct Curl
+     }
    }
- 
+   #else
 -  fd = open_readonly(real_path, O_RDONLY);
 +  fd = open_readonly(real_path, O_RDONLY|O_CLOEXEC);
    file->path = real_path;
+   #endif
  #endif
-   file->freepath = real_path; /* free this when done */
-@@ -278,7 +278,7 @@ static CURLcode file_upload(struct Curl_
+@@ -307,7 +307,7 @@ static CURLcode file_upload(struct Curl_
    else
      mode = MODE_DEFAULT|O_TRUNC;
  
@@ -29,11 +29,11 @@ Index: curl-7.82.0/lib/file.c
    if(fd < 0) {
      failf(data, "Can't open %s for writing", file->path);
      return CURLE_WRITE_ERROR;
-Index: curl-7.82.0/lib/if2ip.c
+Index: curl-7.85.0/lib/if2ip.c
 ===================================================================
---- curl-7.82.0.orig/lib/if2ip.c
-+++ curl-7.82.0/lib/if2ip.c
-@@ -204,7 +204,7 @@ if2ip_result_t Curl_if2ip(int af,
+--- curl-7.85.0.orig/lib/if2ip.c
++++ curl-7.85.0/lib/if2ip.c
+@@ -206,7 +206,7 @@ if2ip_result_t Curl_if2ip(int af,
    if(len >= sizeof(req.ifr_name))
      return IF2IP_NOT_FOUND;
  
@@ -42,11 +42,11 @@ Index: curl-7.82.0/lib/if2ip.c
    if(CURL_SOCKET_BAD == dummy)
      return IF2IP_NOT_FOUND;
  
-Index: curl-7.82.0/lib/connect.c
+Index: curl-7.85.0/lib/connect.c
 ===================================================================
---- curl-7.82.0.orig/lib/connect.c
-+++ curl-7.82.0/lib/connect.c
-@@ -1622,7 +1622,9 @@ CURLcode Curl_socket(struct Curl_easy *d
+--- curl-7.85.0.orig/lib/connect.c
++++ curl-7.85.0/lib/connect.c
+@@ -1651,7 +1651,9 @@ CURLcode Curl_socket(struct Curl_easy *d
    }
    else
      /* opensocket callback not set, so simply create the socket now */
@@ -57,11 +57,11 @@ Index: curl-7.82.0/lib/connect.c
  
    if(*sockfd == CURL_SOCKET_BAD)
      /* no socket, no connection */
-Index: curl-7.82.0/configure.ac
+Index: curl-7.85.0/configure.ac
 ===================================================================
---- curl-7.82.0.orig/configure.ac
-+++ curl-7.82.0/configure.ac
-@@ -320,6 +320,8 @@ AC_DEFINE_UNQUOTED(OS, "${host}", [cpu-m
+--- curl-7.85.0.orig/configure.ac
++++ curl-7.85.0/configure.ac
+@@ -335,6 +335,8 @@ AC_DEFINE_UNQUOTED(OS, "${host}", [cpu-m
  # Silence warning: ar: 'u' modifier ignored since 'D' is the default
  AC_SUBST(AR_FLAGS, [cr])
  
@@ -70,11 +70,11 @@ Index: curl-7.82.0/configure.ac
  dnl This defines _ALL_SOURCE for AIX
  CURL_CHECK_AIX_ALL_SOURCE
  
-Index: curl-7.82.0/lib/hostip.c
+Index: curl-7.85.0/lib/hostip.c
 ===================================================================
---- curl-7.82.0.orig/lib/hostip.c
-+++ curl-7.82.0/lib/hostip.c
-@@ -49,7 +49,7 @@
+--- curl-7.85.0.orig/lib/hostip.c
++++ curl-7.85.0/lib/hostip.c
+@@ -51,7 +51,7 @@
  #ifdef HAVE_PROCESS_H
  #include <process.h>
  #endif
@@ -83,7 +83,7 @@ Index: curl-7.82.0/lib/hostip.c
  #include "urldata.h"
  #include "sendf.h"
  #include "hostip.h"
-@@ -549,7 +549,7 @@ bool Curl_ipv6works(struct Curl_easy *da
+@@ -551,7 +551,7 @@ bool Curl_ipv6works(struct Curl_easy *da
    else {
      int ipv6_works = -1;
      /* probe to see if we have a working IPv6 stack */
diff --git a/tests-for-32bit.patch b/tests-for-32bit.patch
deleted file mode 100644
index a9bc906..0000000
--- a/tests-for-32bit.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 0484127805dc2cb7c743b67e017a725b5369227d Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Sun, 17 Jul 2022 23:48:22 +0200
-Subject: [PATCH] lib3026: reduce the number of threads to 100
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Down from 1000, to make it run and work in more systems.
-
-Fixes #9172
-Reported-by: Érico Nogueira Rolim
-Closes #9173
----
- tests/libtest/lib3026.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/tests/libtest/lib3026.c b/tests/libtest/lib3026.c
-index 43fe33529e1f0..496a23f3cabd6 100644
---- a/tests/libtest/lib3026.c
-+++ b/tests/libtest/lib3026.c
-@@ -30,7 +30,7 @@
- #include <pthread.h>
- #include <unistd.h>
- 
--#define NUM_THREADS 1000
-+#define NUM_THREADS 100
- 
- static void *run_thread(void *ptr)
- {