- Add patch to fix libcurl when netrc parsing is enabled.

curl_easy_duphandle did not init netrc which broke applications such
  as for example git. gh#curl/curl#15496
  * 0001-duphandle-also-init-netrc.patch

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=383

.gitattributes

@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text

.gitignore

@@ -0,0 +1 @@
+.osc

0001-duphandle-also-init-netrc.patch

@@ -0,0 +1,222 @@
+From 616224dab350adff4a19e47769369e7f6db55f8c Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 7 Nov 2024 08:52:38 +0100
+Subject: [PATCH] duphandle: also init netrc
+
+The netrc init was only done in the Curl_open, meaning that a duplicated
+handle would not get inited properly.
+
+Added test 2309 to verify. It does netrc auth with a duplicated handle.
+
+Regression from 3b43a05e000aa8f65bda513f733a
+
+Reported-by: tranzystorekk on github
+Fixes #15496
+Closes #15503
+
+(cherry picked from commit f5c616930b5cf148b1b2632da4f5963ff48bdf88)
+---
+ lib/easy.c                 |  1 +
+ tests/data/Makefile.am     |  2 +-
+ tests/data/test2309        | 66 ++++++++++++++++++++++++++++++++++++++
+ tests/libtest/Makefile.inc |  5 ++-
+ tests/libtest/lib2309.c    | 66 ++++++++++++++++++++++++++++++++++++++
+ 5 files changed, 138 insertions(+), 2 deletions(-)
+ create mode 100644 tests/data/test2309
+ create mode 100644 tests/libtest/lib2309.c
+
+diff --git a/lib/easy.c b/lib/easy.c
+index d16fa8c07..ac8fab342 100644
+--- a/lib/easy.c
++++ b/lib/easy.c
+@@ -940,6 +940,7 @@ CURL *curl_easy_duphandle(CURL *d)
+     goto fail;
+ 
+   Curl_dyn_init(&outcurl->state.headerb, CURL_MAX_HTTP_HEADER);
++  Curl_netrc_init(&outcurl->state.netrc);
+ 
+   /* the connection pool is setup on demand */
+   outcurl->state.lastconnect_id = -1;
+diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am
+index 02bf2ae25..ea5221c00 100644
+--- a/tests/data/Makefile.am
++++ b/tests/data/Makefile.am
+@@ -255,7 +255,7 @@ test2100 \
+ test2200 test2201 test2202 test2203 test2204 test2205 \
+ \
+ test2300 test2301 test2302 test2303 test2304 test2305 test2306 test2307 \
+-test2308 \
++test2308 test2309 \
+ \
+ test2400 test2401 test2402 test2403 test2404 test2405 test2406 \
+ \
+diff --git a/tests/data/test2309 b/tests/data/test2309
+new file mode 100644
+index 000000000..4ba78ee91
+--- /dev/null
++++ b/tests/data/test2309
+@@ -0,0 +1,66 @@
++<testcase>
++<info>
++<keywords>
++netrc
++HTTP
++</keywords>
++</info>
++#
++# Server-side
++<reply>
++<data crlf="yes" nocheck="yes">
++HTTP/1.1 200 OK
++Date: Tue, 09 Nov 2010 14:49:00 GMT
++Server: test-server/fake
++Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
++ETag: "21025-dc7-39462498"
++Accept-Ranges: bytes
++Content-Length: 6
++Connection: close
++Content-Type: text/html
++Funny-head: yesyes
++
++-foo-
++</data>
++</reply>
++
++#
++# Client-side
++<client>
++<server>
++http
++</server>
++<features>
++proxy
++</features>
++
++# Reproducing issue 15496
++<name>
++HTTP with .netrc using duped easy handle
++</name>
++<tool>
++lib%TESTNUMBER
++</tool>
++<command>
++http://github.com %LOGDIR/netrc%TESTNUMBER http://%HOSTIP:%HTTPPORT/
++</command>
++<file name="%LOGDIR/netrc%TESTNUMBER" >
++
++machine github.com
++
++login daniel
++password $y$j9T$WUVjiVvDbRAWafDLs6cab1$01NX.oaZKf5lw8MR2Nk9Yaxv4CqbE0IaDF.GpGxPul1
++</file>
++</client>
++
++<verify>
++<protocol>
++GET http://github.com/ HTTP/1.1
++Host: github.com
++Authorization: Basic %b64[daniel:$y$j9T$WUVjiVvDbRAWafDLs6cab1$01NX.oaZKf5lw8MR2Nk9Yaxv4CqbE0IaDF.GpGxPul1]b64%
++Accept: */*
++Proxy-Connection: Keep-Alive
++
++</protocol>
++</verify>
++</testcase>
+diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc
+index 339a00fc4..8f58fd642 100644
+--- a/tests/libtest/Makefile.inc
++++ b/tests/libtest/Makefile.inc
+@@ -77,7 +77,7 @@ LIBTESTPROGS = libauthretry libntlmconnect libprereq                     \
+  lib1945 lib1946 lib1947 lib1948 lib1955 lib1956 lib1957 lib1958 lib1959 \
+  lib1960 lib1964 \
+  lib1970 lib1971 lib1972 lib1973 lib1974 lib1975 \
+- lib2301 lib2302 lib2304 lib2305 lib2306         lib2308 \
++ lib2301 lib2302 lib2304 lib2305 lib2306         lib2308 lib2309 \
+  lib2402 lib2404 lib2405 \
+  lib2502 \
+  lib3010 lib3025 lib3026 lib3027 \
+@@ -683,6 +683,9 @@ lib2306_LDADD = $(TESTUTIL_LIBS)
+ lib2308_SOURCES = lib2308.c $(SUPPORTFILES)
+ lib2308_LDADD = $(TESTUTIL_LIBS)
+ 
++lib2309_SOURCES = lib2309.c $(SUPPORTFILES)
++lib2309_LDADD = $(TESTUTIL_LIBS)
++
+ lib2402_SOURCES = lib2402.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
+ lib2402_LDADD = $(TESTUTIL_LIBS)
+ 
+diff --git a/tests/libtest/lib2309.c b/tests/libtest/lib2309.c
+new file mode 100644
+index 000000000..11f1c1fbd
+--- /dev/null
++++ b/tests/libtest/lib2309.c
+@@ -0,0 +1,66 @@
++/***************************************************************************
++ *                                  _   _ ____  _
++ *  Project                     ___| | | |  _ \| |
++ *                             / __| | | | |_) | |
++ *                            | (__| |_| |  _ <| |___
++ *                             \___|\___/|_| \_\_____|
++ *
++ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
++ *
++ * This software is licensed as described in the file COPYING, which
++ * you should have received as part of this distribution. The terms
++ * are also available at https://curl.se/docs/copyright.html.
++ *
++ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
++ * copies of the Software, and permit persons to whom the Software is
++ * furnished to do so, under the terms of the COPYING file.
++ *
++ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
++ * KIND, either express or implied.
++ *
++ * SPDX-License-Identifier: curl
++ *
++ ***************************************************************************/
++
++#include "test.h"
++#include "testtrace.h"
++
++#include <curl/curl.h>
++
++static size_t cb_ignore(char *buffer, size_t size, size_t nmemb, void *userp)
++{
++  (void)buffer;
++  (void)size;
++  (void)nmemb;
++  (void)userp;
++  return CURL_WRITEFUNC_ERROR;
++}
++
++CURLcode test(char *URL)
++{
++  CURL *curl;
++  CURL *curldupe;
++  CURLcode res = CURLE_OK;
++
++  global_init(CURL_GLOBAL_ALL);
++  curl = curl_easy_init();
++  if(curl) {
++    curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, cb_ignore);
++    curl_easy_setopt(curl, CURLOPT_URL, URL);
++    curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
++    curl_easy_setopt(curl, CURLOPT_PROXY, libtest_arg3);
++    curl_easy_setopt(curl, CURLOPT_NETRC, (long)CURL_NETRC_REQUIRED);
++    curl_easy_setopt(curl, CURLOPT_NETRC_FILE, libtest_arg2);
++
++    curldupe = curl_easy_duphandle(curl);
++    if(curldupe) {
++      res = curl_easy_perform(curldupe);
++      printf("Returned %d, should be %d.\n", res, CURLE_WRITE_ERROR);
++      fflush(stdout);
++      curl_easy_cleanup(curldupe);
++    }
++    curl_easy_cleanup(curl);
++  }
++  curl_global_cleanup();
++  return CURLE_OK;
++}
+-- 
+2.47.0
+

_multibuild

@@ -0,0 +1,3 @@
+<multibuild>
+  <package>mini</package>
+</multibuild>

baselibs.conf

@@ -0,0 +1,6 @@
+libcurl4
+  obsoletes "curl-<targettype> <= <version>"
+  provides "curl-<targettype> = <version>"
+libcurl-devel
+  requires -curl-<targettype>
+  requires "libcurl4-<targettype> = <version>"

curl-8.10.0.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e6b142f0e85e954759d37e26a3627e2278137595be80e3a860c4353e4335e5a0
+size 2729448

curl-8.10.0.tar.xz.asc

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmbhLPgACgkQXMkI/bce
+EsKvcAf/X90bZOG4ufZdq0z7l1i++7tLMG9zd8MjMX14XEBlHsTSqhgqu18i/FDY
+sIlK/6fQH5RJbbP9LtX68ptDnzZ31SmIpOWngyadkJTQ1n6oTa1jSUf469ALWHmX
+nwEPvgX8YXdVDrNpVbAUy3EElKoSH/9JSyXGmpi5whaHb1jzTyUAcR2QbKyxwZi3
+Md+XKAbdrhXBfDicoLbWN2N8NlzyV5rt78DMh1UZPOspWo8fSMUIZeB6uSoi0Ey0
+mY1Vv+b4L0dricODFSprfN9BZNe5lv9Ciit4GJmMf28k896Zw4nV+yngUhEs9lfm
+8tmBTI2oX6kPAULU+xZ2iR61MuW5ZA==
+=S6zn
+-----END PGP SIGNATURE-----

curl-8.11.0.tar.xz.asc

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmcrFoYACgkQXMkI/bce
+EsIHCAf/fcpnxxtl7XTgSXF3V2tntKZJskiiTuXsJtBCJoDWiOOjrM3gnafXC3Bt
+CcncdGHIubKuUTc+JeuQowr6e+oXWPX5k45SF35U9n1EvWgF/s8uxAF8vJdDQme9
+z30M6UjMkEB7tbADUt1Q7Dyh8ZWWsFC5emekYnMQVDvzmad76Z3o4ZeQAly7xUhd
+V++5Il3Ql44nyMeTDTlHOuOc3jiA5rCmoLr4mMbRqAO8wF+Y2KCDYd5BaNvXZOln
+snEM496m3p0S1sliiEnRwDeccepUpkAyHPQgESS/ATCIvFZb4/MDrLSc5HSr5K+8
+MNYxBV03wmfR5QUqihbH8KXZKpYDnw==
+=9DLI
+-----END PGP SIGNATURE-----

curl-8.8.0.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:0f58bb95fc330c8a46eeb3df5701b0d90c9d9bfcc42bd1cd08791d12551d4400
+size 2748860

curl-8.8.0.tar.xz.asc

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmZNiQcACgkQXMkI/bce
+EsKpxwf/XuUnVCDn7fC0t7I07jjovBc+CTgwMpgvXBHw2CdURhpdCLF3AHARcPLA
+zwf8FhM2FB+K7A7JgMy9QZSDNfKkCLYMILqsn9U3sIOzGIinJJq9d89W8CuVhcEK
+x4a0c4g0jax8p3EVHN5tio7EZTrfUHvnXY+PLUMx52v/0Q1OWagVYwkg4qTb5fHL
+IrfXCQkg8b4kxw5p9d7n0OvyN6W2VdvIlX7ZxXPmjX9tQT6LK7KZj49P09oRzxsM
+1UNF0A5YiNgsONJ4l1/tOQub9uE6pu+fhJ97XLzH1K1d1ha98dIE/veudCaqkZDq
+CfvkeuN68zsv85MdvD6S16RC2JhhCA==
+=ONcR
+-----END PGP SIGNATURE-----

curl-8.9.1.tar.xz.asc

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmap30kACgkQXMkI/bce
+EsKX+wf/brccw5rGTAbmjj7WGBfbAmwrSsDexTXRiEBXT/+qhkWIplN6wdtsZ86I
+tUraaapoyvRKLa3Wxlv9fSF/xXji+5lhO/W9pfWxwZNeSZFiOgKcK/Li4Fx0c7t4
+WpxkAbRvbJreA40BR32qSgnNNjKU5QX/ivf67B1EFL71kgsCW/QczB6mcuxszlkN
+ro39Jb8hDtnAD3hHXrTEaW3lOEgf/Jo/a1Zii3+W3OkW+uZHwzUoqe+HLGHYM2vW
+Q3hBVQaEWmNIwArA73s/kOiFATLthUTvSJO56ebLQJFHJf61cwqSsg2o07i5SqEc
+QlKzV/h7ydbBWdHiSTpCMxue7tLUZw==
+=EiUG
+-----END PGP SIGNATURE-----

curl-disabled-redirect-protocol-message.patch

@@ -0,0 +1,20 @@
+Index: curl-7.82.0/lib/url.c
+===================================================================
+--- curl-7.82.0.orig/lib/url.c
++++ curl-7.82.0/lib/url.c
+@@ -1832,9 +1832,13 @@ static CURLcode findprotocol(struct Curl
+     /* it is allowed for "normal" request, now do an extra check if this is
+        the result of a redirect */
+     if(data->state.this_is_a_follow &&
+-       !(data->set.redir_protocols & p->protocol))
++       !(data->set.redir_protocols & p->protocol)) {
+       /* nope, get out */
+-      ;
++       failf(data, "Redirect to protocol \"%s\" not supported or disabled in "
++             LIBCURL_NAME, protostr);
++
++       return CURLE_UNSUPPORTED_PROTOCOL;
++    }
+     else {
+       /* Perform setup complement if some. */
+       conn->handler = conn->given = p;

curl-make-install-curl-config.patch

@@ -0,0 +1,26 @@
+From 4cc5657247183a0bc3b0969beeaea9acddb09d22 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Wed, 22 May 2024 08:43:43 +0200
+Subject: [PATCH] docs/Makefile.am: make curl-config.1 install
+
+on "make install" like it should
+
+Follow-up to 60971d665b9b1df87082
+
+Closes #13741
+---
+ docs/Makefile.am | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/docs/Makefile.am b/docs/Makefile.am
+index 83f5b0c461cc0f..e9ef6284860555 100644
+--- a/docs/Makefile.am
++++ b/docs/Makefile.am
+@@ -28,6 +28,7 @@ if BUILD_DOCS
+ # if we disable man page building, ignore these
+ MK_CA_DOCS = mk-ca-bundle.1
+ CURLCONF_DOCS = curl-config.1
++man_MANS = curl-config.1
+ endif
+ 
+ CURLPAGES = curl-config.md mk-ca-bundle.md

curl-secure-getenv.patch

@@ -0,0 +1,41 @@
+Index: curl-8.11.0/lib/getenv.c
+===================================================================
+--- curl-8.11.0.orig/lib/getenv.c
++++ curl-8.11.0/lib/getenv.c
+@@ -29,6 +29,14 @@
+ 
+ #include "memdebug.h"
+ 
++#ifndef HAVE_SECURE_GETENV
++#  ifdef HAVE___SECURE_GETENV
++#    define secure_getenv __secure_getenv
++#  else
++#    error neither secure_getenv nor __secure_getenv is available
++#  endif
++#endif
++
+ static char *GetEnv(const char *variable)
+ {
+ #if defined(_WIN32_WCE) || defined(CURL_WINDOWS_UWP) || \
+@@ -69,7 +77,7 @@ static char *GetEnv(const char *variable
+     /* else rc is bytes needed, try again */
+   }
+ #else
+-  char *env = getenv(variable);
++  char *env = secure_getenv(variable);
+   return (env && env[0]) ? strdup(env) : NULL;
+ #endif
+ }
+Index: curl-8.11.0/configure.ac
+===================================================================
+--- curl-8.11.0.orig/configure.ac
++++ curl-8.11.0/configure.ac
+@@ -5370,6 +5370,8 @@ fi
+ 
+ CURL_PREPARE_CONFIGUREHELP_PM
+ 
++AC_CHECK_FUNCS([__secure_getenv secure_getenv])
++
+ AC_CONFIG_FILES([\
+   Makefile \
+   docs/Makefile \

curl-sigpipe.patch

@@ -0,0 +1,32 @@
+From 3eec5afbd0b6377eca893c392569b2faf094d970 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Mon, 5 Aug 2024 00:17:17 +0200
+Subject: [PATCH] sigpipe: init the struct so that first apply ignores
+
+Initializes 'no_signal' to TRUE, so that a call to sigpipe_apply() after
+init ignores the signal (unless CURLOPT_NOSIGNAL) is set.
+
+I have read the existing code multiple times now and I think it gets the
+initial state reversed this missing to ignore.
+
+Regression from 17e6f06ea37136c36d27
+
+Reported-by: Rasmus Thomsen
+Fixes #14344
+Closes #14390
+---
+ lib/sigpipe.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/lib/sigpipe.h b/lib/sigpipe.h
+index b91a2f51333956..d78afd905d3414 100644
+--- a/lib/sigpipe.h
++++ b/lib/sigpipe.h
+@@ -39,6 +39,7 @@ struct sigpipe_ignore {
+ static void sigpipe_init(struct sigpipe_ignore *ig)
+ {
+   memset(ig, 0, sizeof(*ig));
++  ig->no_signal = TRUE;
+ }
+ 
+ /*

curl.keyring

@@ -0,0 +1,77 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2
+
+mQGiBD6tnnoRBACRPnFBVoapBrTpPrCNZ2rq3DcmW6n/soQJW47+zP+vcrcxQ1WJ
+QiWSzLGO+QOIUZSYfnliR22r8HkFX9EUSW3IAcRMJMsaO3wMJ0a+78a9QqWLp6RV
+0arcQkuuCvG79h+yJ6NnoAXe1geRt8vNGsaWtsS91CtYlTSs6JVtaRLnYwCg/Ly1
+EFgvNZ6SJRc/8I5rRv0lrz8D/0goih2kZ5z4SI+r2hgABNcN7g565YwGKaQDbIch
+soh3OBzgETWc3wuAZqmCzQXPXMpMx+ziqX6XDzDKNiGL1CdrBJQd0II8UutWVDje
+f9UxLfo02YQ8diGYeq0u9k1RezC13w4TVUmQfg0Uqn4xM6DNzO1O6yCK8rlNwsvL
+gHNJA/9m1pfzjpvdxtmJNKRU3C4cRCjXhxNdM7laSEj0/wOGaR2QWWEge51orWwo
+SLQUIe4BDPvtRStQHC+tI7qr7d12rMMEBXviJC5EkGBOzlgWr9virjM/u/pkGMc2
+m5r3pVuWH/JSsHsV952y2kWP64uP4zdLXOpVzX/xs0sYJ9nOPLQnRGFuaWVsIFN0
+ZW5iZXJnIChIYXh4KSA8ZGFuaWVsQGhheHguc2U+iF4EExECAB4CHgECF4AFAlQU
+ki4FCwkIBwMFFQoJCAsFFgIDAQAACgkQeOEcayedXJEOOwCggCsNHdAQPAlPte3w
+i2IZEekkM0YAoOXXPFAWjUwIHjZY41l7WgzACbANiFkEExECABkFAj6tnnoECwcD
+AgMVAgMDFgIBAh4BAheAAAoJEHjhHGsnnVyRjngAoO1y3LoSOEgD8vR062cdYDmv
+jLvVAJ0dmp1UiuQp+oMyq2VbWyw8LXN1XLkBDQQ+rZ59EAQAmYsA8gPjJ75gOIPb
+XNg9Z31QzIz65qS9XdNsFNAdKxnY4b72nhc0oaS9/7Dcdf2Q+1mDa2p72DWk+9iz
+7knmBL++csBP2z9eMe5h8oV53prqNOHDHyL3WLOa25ga9381gZnzWoQME74iSBBM
+wDw8vbLEgIZ34JaQ7Oe+9N3+6n8AAwcD/Av+Ms+3gCc5pLp4nx36qqi36fodaG9+
+dwIcMbr9bivEtjmDHeuPsD6X1J9+Y/ikUBIDpMPv33lJxLoubOtpLhEuN2XN/ojT
+rueVPDKA1f+GyfHnyfpf/78IgX1hGVqu/3RBWKPpXFwSZA4q8vFR+FaPC5WbU68t
+FLJpYuC9ZO/LiEYEGBECAAYFAj6tnn0ACgkQeOEcayedXJGtPQCgxrbd59afemZ9
+OIadZD8kUGC29dUAoJ94aGUkWCwoEiPyEZRGXv9XRlfxmQENBFcGhyIBCAC79AIx
+5hHixKmNtqbryuZTDwlt9XXkEn/QSrQD3pzgbsbBiWyqOV4hfscvtmoqA7koOw4h
+zZ/b8pJPA36eNzqMFIbkWpIit/BwA5bTKRkKXeD2kBFkjIN+iDuXawwhv7eNKH9O
+poAUe0K/esK/kvbMO721q24IgkOjB1Vtr/Y4Xkg7+VWVP0LFh7C/2Nwq6n2bktsA
+Ey9uCDD1hl8BdckN/XxpuUqSfxbF85GvYzzON67zOxxo6jqRXXcJ2PdPq0o9Ak0d
+6Fe7g9ZxOAeuYEbFTCZHBBccx84K0Bhn5tpqoq8Mq3f3mZfGBoe4J6wr17cxEDC8
+tTHUpDqk0CoLERUxABEBAAG0IERhbmllbCBTdGVuYmVyZyA8ZGFuaWVsQGhheHgu
+c2U+iQE3BBMBCgAhBQJXBociAhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJ
+EPn+r/nTShvbHoAIAJDwb7dcAX4VGPa2oSuQqVnHsjDE7g8ATmcZq2IAzAG6bZg1
+svuhNyPQnL7kNrsz6Ew+yE4vH8mOjDUbc3feY4MzmtEMaB6VS0Xlna6cdtWkv4Y+
+Us4TuYSdftPZuZgI3nN/sXLlxWJCZgCPJJaGM6dXgyTFatk2P1LE98Qif7+ZMqfv
++BA5L6cy2cAwJ5qbvLtuT25rTxooN54JETfwdhUD1NEIqTQxeC4E5lFvwedjAjLh
+Gswau8WMCdM/HzGbuQ9Gp3/RafYoAvMV6r6sskvUrWubCHj0u+uNgOpUHvlrwcFg
+rBirzQdElumCWqbJVCH0V5NcP/zSz1U1W8wSRqS5AQ0EVwaHIgEIALyCqpnax0cL
+y7EK3UiU2Kkryb7LPsZkia9hTcIZjNg0B8XAdqDYpHiquYtX0cz5I1sSZMBJ/xJP
+BF2ce/bmOTJtyW3GaF9a+M2zboZSzx9nlv9xx0o3bXBrBlL2vaG2TW+x2G53GA0/
+0chbj35PR+fvJx8ob/fHwCkfzGb1qCzwovhwGVUNHqI5bxK/xVwXfiycbllE3Hmf
+09BGeXKR7gQtaal8byKKlqCtayteEaPNQt6czYxZkVAOvY4ZDQKSZJUNwGFog3bG
+6rHr1J/0un6nAvX+wMuvRkUDiQxZZCel7e0Qcg3gPrYh+adlr0Tn7wyCP7/BULz8
+67fQfzc2ENkAEQEAAYkBHwQYAQoACQUCVwaHIgIbDAAKCRD5/q/500ob27KaB/9H
+a+iDip6mxFdoqy7TAefBy7KgbMQxxT926IcFqf70aJDzeVQI3lGCqN9GW03d+wPr
+LoyeQBQKNxxfQ9fEOvp1AXGWFIYYtEZIvQBpIqaSaA7W5IzqfDuO9xG89DNn8zKK
+nh/mbYJov/fywhBU6JH7bqdFSHbqoG9TY64s0BkV6shIVOubXLSG5G7LxXhw+xrb
+0zl4ie2wCeCBOLdbGHc+o2sKo1rBEz6UBK2DesPfkzxBO7lfa9HTcN03UJPHXmzb
+2mCbeFV8yPsTAoaGv4qZH1+FX+9Lv374xTSXa4CjQzSxd0dkZGG+YQjocoPftgsC
+OVsiqW0WhRVIEJ+hBAMUmQENBFcGiPEBCAC7sCnaZqWxfXNgBC7P28BSDUs9w4y/
+PEFsOv9bpgbgZagX1FnhG0eV71nm0p8v9T8Bft1eXaBd977Dq9pgk5qKO0xZo8fC
+8prFqB5db7fMUvPZCuJTTb6lGMz4OdfT6aHqUvJ+LFF1mKn8Eqt1Q4snHGSL1PI3
+/+435qDRQsU15GdYrj1waNJKk79aes9oguaI2/OTQqzIcOFK5tJjlSOD1ryOIH1e
+8vD+5MMpGvsRxv3sQHeTZkfZbkzSLFg/LKpoiQkyql1+BLNhBYq8oaE/jlvQrTEk
+bAyKpMScdyHwmkWWKjyZtXTrAtlComnki4yC2lAV9MXINHHvNJBcIXvVABEBAAG0
+IERhbmllbCBTdGVuYmVyZyA8ZGFuaWVsQGhheHguc2U+iQE3BBMBCgAhBQJXBojx
+AhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEFzJCP23HhLCOKkH/1CyoKiN
+2PCgTlWoYQspv/AAmsj+cFwZobI167KowA+o3zxQqxg0MV3ds8G+iig9OIuYurlQ
+L5Jr3CbDltaiXdWtVteRh/VKp61EwyXq77vjJbx81hvOuaXWWLSlU0KB3w7Hj6aD
+/mt16DpOcY9Aw90mKyvafRTqMF7TcT7J5HeGn2NL45dPkAhiMDEgEnw9yBTxK/x6
+UoQGPgiOWxSSN7Foj3mhUOflp8W0rnkLbJ4icpym6WuLKRMKAefDvk8GVlAWuXAb
+9gloL1P6u3uNHllq/IODR2bZUBI0QNKhvt0iSj7WKsc/kaqscl+AE9jd/6kXd6vh
+TNFWdzeco/2mGlaIRgQQEQoABgUCVwaJ/AAKCRB44RxrJ51ckWcaAKCJ6+arS/3k
+IMcO14Jz8dVf2BH3OACgwTenVSsK66qi+VfGCoALpzpiLDO5AQ0EVwaI8QEIAOxQ
+AEvF3idxcn80tbUhJg1J98fAS7Hx3WhlFG74uAikZQl1KZrprBu70RWTb7Nm1tvZ
+eXW65IlY7kk42bhfYDs1JrIPWOWKvVwKWDxoEbYgW/yvy1TOuXH276zbxLl5OEE8
+sQuOfXZsFSX2IPF9hsgNGaNzor8Ke7Y5BuCQLcGZWW5dLFbbKRKjXG8CaWmsJVoI
+c2nyXCAss2q9oCJ13X/5z+Ei392rwi1d3NxAYkSiDQan+fkWkCvZH+dHmFjQ1AND
+KielxcW1VfilK1hu9ziBBDf8TCEud/q0woIAH7rvIft4i3CqjymonByE4/OjfH8j
+4EteQ8qoknMCjjwNVqkAEQEAAYkBHwQYAQoACQUCVwaI8QIbDAAKCRBcyQj9tx4S
+wupjB/9TV4anbZK58bN7QJ5qGnU3GNjlvWFZXMw1u1xVc7abDJyqmFeJcJ4qLUkv
+BA0OsvlVnMWmeCmzsXhlQVM4Bv6IWyr7JBWgkK5q2CWVB59V7v7znf5kWnMGFhDF
+PlLsGbxDWLMoZGH+Iy84whMJFgferwCJy1dND/bHXPztfhvFXi8NNlJUFJa8Xtmu
+gm78C+nwNHcFpVC70HPr3oa8U1ODXMp7L8W/dL3eLYXmRCNd0urHgYrzDt6V/zf5
+ymvPk5w4HBocn2oRCJj/FXKhFAUptmpTE3g1yvYULmuFcNGAnPAExmAmd6NqsCmb
+j/qx4ytjt5uxt6Jm6IXV9cry8i6x
+=Phs/
+-----END PGP PUBLIC KEY BLOCK-----

curl.spec

@@ -0,0 +1,260 @@
+#
+# spec file for package curl
+#
+# Copyright (c) 2024 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+%bcond_without testsuite
+# need ssl always for python-pycurl
+%bcond_without openssl
+%define target @BUILD_FLAVOR@%{nil}
+%if "%{target}" == "mini"
+%bcond_without mini
+%global psuffix -mini
+%else
+%bcond_with mini
+%global psuffix %{nil}
+%endif
+
+Name:           curl%{?psuffix}
+Version:        8.11.0
+Release:        0
+Summary:        A Tool for Transferring Data from URLs
+License:        curl
+URL:            https://curl.se
+Source:         https://curl.se/download/curl-%{version}.tar.xz
+Source2:        https://curl.se/download/curl-%{version}.tar.xz.asc
+Source3:        baselibs.conf
+Source4:        https://daniel.haxx.se/mykey.asc#/curl.keyring
+Patch0:         libcurl-ocloexec.patch
+Patch1:         dont-mess-with-rpmoptflags.patch
+Patch2:         curl-secure-getenv.patch
+#PATCH-FIX-OPENSUSE bsc#1076446 protocol redirection not supported or disabled
+Patch3:         curl-disabled-redirect-protocol-message.patch
+#PATCH-FIX-UPSTREAM fix parsingg of netrc in libcurl ghub#curl/curl#15496
+Patch4:         0001-duphandle-also-init-netrc.patch
+BuildRequires:  groff
+BuildRequires:  libtool
+BuildRequires:  pkgconfig
+BuildRequires:  pkgconfig(libidn2)
+# Disable metalink [bsc#1188218, CVE-2021-22923][bsc#1188217, CVE-2021-22922]
+# BuildRequires:  pkgconfig(libmetalink)
+BuildRequires:  pkgconfig(libnghttp2)
+BuildRequires:  pkgconfig(libpsl)
+BuildRequires:  pkgconfig(libzstd)
+BuildRequires:  pkgconfig(zlib)
+Requires:       libcurl4 = %{version}
+%if %{with openssl}
+BuildRequires:  pkgconfig(libssl)
+%endif
+%if !%{with mini}
+BuildRequires:  openldap2-devel
+BuildRequires:  pkgconfig(krb5)
+BuildRequires:  pkgconfig(libbrotlidec)
+BuildRequires:  pkgconfig(libssh)
+%endif
+%if 0%{?_with_stunnel:1}
+# used by the testsuite
+BuildRequires:  stunnel
+%endif
+
+%description
+Curl is a client to get documents and files from or send documents to a
+server using any of the supported protocols (HTTP, HTTPS, FTP, FTPS,
+TFTP, DICT, TELNET, LDAP, or FILE). The command is designed to work
+without user interaction or any kind of interactivity.
+
+%package -n libcurl%{?psuffix}4
+Summary:        Library for transferring data from URLs
+%if %{with mini}
+Provides:       libcurl4 = %{version}
+%else
+Obsoletes:      libcurl-mini4 <= %{version}
+%endif
+
+%description -n libcurl%{?psuffix}4
+The cURL shared library for accessing data using different
+network protocols.
+
+%if !%{with mini}
+%package -n libcurl-devel
+Summary:        Development files for the curl library
+Requires:       glibc-devel
+Requires:       libcurl4 = %{version}
+Provides:       curl-devel = %{version}
+Obsoletes:      curl-devel < %{version}
+
+%description -n libcurl-devel
+Curl is a client to get documents and files from or send documents to a
+server using any of the supported protocols (HTTP, HTTPS, FTP, GOPHER,
+DICT, TELNET, LDAP, or FILE). The command is designed to work without
+user interaction or any kind of interactivity.
+
+%package -n libcurl-devel-doc
+Summary:        Manual pages for libcurl
+Provides:       libcurl-devel:%{_mandir}/man1/curl-config.1%{?ext_man}
+BuildArch:      noarch
+
+%description -n libcurl-devel-doc
+Manual pages for the libcurl C API.
+
+%package        fish-completion
+Summary:        Fish completion for curl
+Group:          System/Shells
+Requires:       fish
+Supplements:    (curl and fish)
+BuildArch:      noarch
+
+%description    fish-completion
+Fish command line completion support for %name.
+
+%package        zsh-completion
+Summary:        Zsh Completion for %name
+Group:          System/Shells
+Requires:       zsh
+Supplements:    (curl and zsh)
+BuildArch:      noarch
+
+%description zsh-completion
+ZSH command line completion support for %name.
+%endif
+
+%prep
+%autosetup -p1 -n curl-%{version}
+
+%build
+# curl complains if macro definition is contained in CFLAGS
+# see m4/xc-val-flgs.m4
+CPPFLAGS="-D_FORTIFY_SOURCE=2"
+CFLAGS=$(echo "%{optflags}" | sed -e 's/-D_FORTIFY_SOURCE=2//')
+export CPPFLAGS
+export CFLAGS="$CFLAGS -fPIE"
+export LDFLAGS="$LDFLAGS -Wl,-z,defs,-z,now,-z,relro -pie"
+autoreconf -fiv
+# local hack to make curl-config --libs stop printing libraries it depends on
+# (currently, libtool sets link_all_deplibs=(yes|unknown) everywhere,
+# will hopefully change in the future)
+sed -i 's/\(link_all_deplibs=\)unknown/\1no/' configure
+
+%configure \
+    --enable-hsts \
+    --enable-ipv6 \
+%if %{with openssl}
+    --with-openssl \
+    --with-ca-fallback \
+    --without-ca-path \
+    --without-ca-bundle \
+%else
+    --without-openssl \
+%endif
+    --with-libidn2 \
+    --with-nghttp2 \
+    --enable-docs \
+%if %{with mini}
+    --disable-dict \
+    --disable-ftp \
+    --disable-gopher \
+    --disable-imap \
+    --disable-mqtt \
+    --disable-ntlm \
+    --disable-ntlm-wb \
+    --disable-pop3 \
+    --disable-rtsp \
+    --disable-smtp \
+    --disable-telnet \
+    --disable-tftp \
+    --disable-tls-srp \
+    --disable-websockets \
+    --without-brotli \
+    --without-libssh \
+%else
+    --with-gssapi=$(krb5-config --prefix) \
+    --with-brotli \
+    --with-libssh \
+%endif
+    --enable-symbol-hiding \
+    --disable-static \
+    --enable-threaded-resolver \
+    --with-zsh-functions-dir=%{_datadir}/zsh/site-functions/ \
+    --with-fish-functions-dir=%{_datadir}/fish/vendor_completions.d
+
+# if this fails, the above sed hack did not work
+./libtool --config | grep -q link_all_deplibs=no
+# enable-hidden-symbols needs gcc4 and causes that curl exports only its API
+%make_build
+
+%if %{with testsuite}
+%check
+pushd tests
+%make_build
+
+find -type f -name "*.pl" -exec sed -i 's|#!.*/usr/bin/env perl|#!/usr/bin/perl|' "{}" +
+find -type f -name "*.py" -exec sed -i 's|#!.*/usr/bin/env python.*|#!/usr/bin/python3|' "{}" +
+
+perl ./runtests.pl -a -v -p '!flaky' || exit
+popd
+%endif
+
+%install
+%make_install
+rm -f %{buildroot}%{_libdir}/libcurl.la
+%if %{with mini}
+rm -rv %{buildroot}%{_includedir}/curl %{buildroot}/%{_libdir}/pkgconfig %{buildroot}%{_datadir}
+rm -v %{buildroot}%{_bindir}/curl %{buildroot}%{_bindir}/curl-config %{buildroot}%{_libdir}/libcurl.so
+%else
+install -Dm 0644 docs/libcurl/libcurl.m4 %{buildroot}%{_datadir}/aclocal/libcurl.m4
+pushd scripts
+%make_install
+popd
+%endif
+
+%ldconfig_scriptlets -n libcurl%{?psuffix}4
+
+%files -n libcurl%{?psuffix}4
+%license COPYING
+%{_libdir}/libcurl.so.4*
+
+%if !%{with mini}
+%files
+%doc README RELEASE-NOTES CHANGES.md
+%doc docs/{BUGS.md,FAQ,FEATURES.md,TODO,TheArtOfHttpScripting.md}
+%{_bindir}/curl
+%{_mandir}/man1/curl.1%{?ext_man}
+
+%files zsh-completion
+%dir %{_datadir}/zsh
+%dir %{_datadir}/zsh/site-functions
+%{_datadir}/zsh/site-functions/_curl
+
+%files fish-completion
+%dir %{_datadir}/fish/
+%dir %{_datadir}/fish/vendor_completions.d/
+%{_datadir}/fish/vendor_completions.d/curl.fish
+
+%files -n libcurl-devel
+%{_bindir}/curl-config
+%{_includedir}/curl
+%dir %{_datadir}/aclocal/
+%{_datadir}/aclocal/libcurl.m4
+%{_libdir}/libcurl.so
+%{_libdir}/pkgconfig/libcurl.pc
+
+%files -n libcurl-devel-doc
+%{_mandir}/man1/curl-config.1%{?ext_man}
+%{_mandir}/man3/*
+%doc docs/libcurl/symbols-in-versions
+%endif
+
+%changelog

dont-mess-with-rpmoptflags.patch

@@ -0,0 +1,15 @@
+Index: curl-8.6.0/configure.ac
+===================================================================
+--- curl-8.6.0.orig/configure.ac
++++ curl-8.6.0/configure.ac
+@@ -506,10 +506,6 @@ dnl ************************************
+ 
+ CURL_CHECK_COMPILER
+ CURL_CHECK_NATIVE_WINDOWS
+-CURL_SET_COMPILER_BASIC_OPTS
+-CURL_SET_COMPILER_DEBUG_OPTS
+-CURL_SET_COMPILER_OPTIMIZE_OPTS
+-CURL_SET_COMPILER_WARNING_OPTS
+ 
+ if test "$compiler_id" = "INTEL_UNIX_C"; then
+   #

libcurl-ocloexec.patch

@@ -0,0 +1,93 @@
+Open library file descriptors with O_CLOEXEC
+This patch is non-portable, it needs linux 2.6.23 and glibc 2.7
+or later, different combinations (old linux, new glibc and vice-versa)
+will result in a crash.
+
+To make it portable you have to test O_CLOEXEC support at *runtime*
+compile time is not enough.
+
+
+Index: curl-8.9.0/lib/file.c
+===================================================================
+--- curl-8.9.0.orig/lib/file.c
++++ curl-8.9.0/lib/file.c
+@@ -242,7 +242,7 @@ static CURLcode file_connect(struct Curl
+     }
+   }
+   #else
+-  fd = open_readonly(real_path, O_RDONLY);
++  fd = open_readonly(real_path, O_RDONLY|O_CLOEXEC);
+   file->path = real_path;
+   #endif
+ #endif
+@@ -329,7 +329,7 @@ static CURLcode file_upload(struct Curl_
+   else
+     mode = MODE_DEFAULT|O_TRUNC;
+ 
+-  fd = open(file->path, mode, data->set.new_file_perms);
++  fd = open(file->path, mode|O_CLOEXEC, data->set.new_file_perms);
+   if(fd < 0) {
+     failf(data, "cannot open %s for writing", file->path);
+     return CURLE_WRITE_ERROR;
+Index: curl-8.9.0/lib/if2ip.c
+===================================================================
+--- curl-8.9.0.orig/lib/if2ip.c
++++ curl-8.9.0/lib/if2ip.c
+@@ -208,7 +208,7 @@ if2ip_result_t Curl_if2ip(int af,
+   if(len >= sizeof(req.ifr_name))
+     return IF2IP_NOT_FOUND;
+ 
+-  dummy = socket(AF_INET, SOCK_STREAM, 0);
++  dummy = socket(AF_INET, SOCK_STREAM|SOCK_CLOEXEC, 0);
+   if(CURL_SOCKET_BAD == dummy)
+     return IF2IP_NOT_FOUND;
+ 
+Index: curl-8.9.0/configure.ac
+===================================================================
+--- curl-8.9.0.orig/configure.ac
++++ curl-8.9.0/configure.ac
+@@ -441,6 +441,8 @@ AC_DEFINE_UNQUOTED(OS, "${host}", [cpu-m
+ # Silence warning: ar: 'u' modifier ignored since 'D' is the default
+ AC_SUBST(AR_FLAGS, [cr])
+ 
++AC_USE_SYSTEM_EXTENSIONS
++
+ dnl This defines _ALL_SOURCE for AIX
+ CURL_CHECK_AIX_ALL_SOURCE
+ 
+Index: curl-8.9.0/lib/hostip.c
+===================================================================
+--- curl-8.9.0.orig/lib/hostip.c
++++ curl-8.9.0/lib/hostip.c
+@@ -44,6 +44,7 @@
+ #include <setjmp.h>
+ #include <signal.h>
+ 
++#include <fcntl.h>
+ #include "urldata.h"
+ #include "sendf.h"
+ #include "hostip.h"
+@@ -616,7 +617,7 @@ bool Curl_ipv6works(struct Curl_easy *da
+   else {
+     int ipv6_works = -1;
+     /* probe to see if we have a working IPv6 stack */
+-    curl_socket_t s = socket(PF_INET6, SOCK_DGRAM, 0);
++    curl_socket_t s = socket(PF_INET6, SOCK_DGRAM|SOCK_CLOEXEC, 0);
+     if(s == CURL_SOCKET_BAD)
+       /* an IPv6 address was requested but we cannot get/use one */
+       ipv6_works = 0;
+Index: curl-8.9.0/lib/cf-socket.c
+===================================================================
+--- curl-8.9.0.orig/lib/cf-socket.c
++++ curl-8.9.0/lib/cf-socket.c
+@@ -360,7 +360,9 @@ static CURLcode socket_open(struct Curl_
+   }
+   else {
+     /* opensocket callback not set, so simply create the socket now */
+-    *sockfd = socket(addr->family, addr->socktype, addr->protocol);
++    *sockfd = socket(addr->family,
++		     addr->socktype|SOCK_CLOEXEC,
++		     addr->protocol);
+   }
+ 
+   if(*sockfd == CURL_SOCKET_BAD)