diff --git a/.curl.checksum b/.curl.checksum
index dfba0881e9ce388b204cf2e18faee2e36a71d231..54495baf385b08cfc246a8116667929d5c223345 100644
--- a/.curl.checksum
+++ b/.curl.checksum
@@ -1 +1 @@
-041ce8183798bc2a0df672adf54830ab71cbf73474233d8a0818eda07f4d0df7
+Direct Git Import
diff --git a/SOURCES/0051-curl-7.61.1-CVE-2023-28321.patch b/SOURCES/0051-curl-7.61.1-CVE-2023-28321.patch
index bd668218f1b6f6d1b3909c6c7aea9205142b1f54..e3909b3fb3a434ac549b533a0585a4315581124d 100644
--- a/SOURCES/0051-curl-7.61.1-CVE-2023-28321.patch
+++ b/SOURCES/0051-curl-7.61.1-CVE-2023-28321.patch
@@ -41,7 +41,7 @@ index e827dc58f378c..d061c6356f97f 100644
/*
* Match a hostname against a wildcard pattern.
* E.g.
-@@ -65,26 +76,27 @@
+@@ -65,26 +76,31 @@
static int hostmatch(char *hostname, char *pattern)
{
@@ -73,10 +73,14 @@ index e827dc58f378c..d061c6356f97f 100644
- if(pattern_wildcard == NULL)
- return strcasecompare(pattern, hostname) ?
- CURL_HOST_MATCH : CURL_HOST_NOMATCH;
-+ if(hostname[hostlen-1]=='.')
++ if(hostname[hostlen-1]=='.') {
+ hostname[hostlen-1] = 0;
-+ if(pattern[patternlen-1]=='.')
++ hostlen--;
++ }
++ if(pattern[patternlen-1]=='.') {
+ pattern[patternlen-1] = 0;
++ patternlen--;
++ }
+
+ if(strncmp(pattern, "*.", 2))
+ return pmatch(hostname, hostlen, pattern, patternlen);
@@ -170,7 +174,7 @@ index 2f3d3aa4d09e1..3ae75618d5d10 100644
static CURLcode unit_setup(void)
{
return CURLE_OK;
-@@ -30,50 +28,93 @@ static CURLcode unit_setup(void)
+@@ -30,50 +28,91 @@ static CURLcode unit_setup(void)
static void unit_stop(void)
{
@@ -281,9 +285,7 @@ index 2f3d3aa4d09e1..3ae75618d5d10 100644
+ int i;
+ for(i = 0; tests[i].host; i++) {
+ if(tests[i].match != Curl_cert_hostcheck(tests[i].pattern,
-+ strlen(tests[i].pattern),
-+ tests[i].host,
-+ strlen(tests[i].host))) {
++ tests[i].host)) {
+ fprintf(stderr,
+ "HOST: %s\n"
+ "PTRN: %s\n"
diff --git a/SOURCES/0062-curl-7.61.1-socketpair-to-wait-on.patch b/SOURCES/0062-curl-7.61.1-socketpair-to-wait-on.patch
new file mode 100644
index 0000000000000000000000000000000000000000..eda14f882ac5012a6c0c57be75fa577b7e8006fd
--- /dev/null
+++ b/SOURCES/0062-curl-7.61.1-socketpair-to-wait-on.patch
@@ -0,0 +1,146 @@
+From eb9a604f8d7db859555adc0ddacdabd1ed986106 Mon Sep 17 00:00:00 2001
+From: amkatyal <amkatyal@cisco.com>
+Date: Fri, 26 Jul 2019 21:28:41 +0530
+Subject: [PATCH] asyn-thread: create a socketpair to wait on
+
+Closes #4157
+---
+ lib/asyn-thread.c | 76 ++++++++++++++++++++++++++++++++++++++++-------
+ lib/multi.c | 0
+ 2 files changed, 65 insertions(+), 11 deletions(-)
+ mode change 100644 => 100755 lib/asyn-thread.c
+ mode change 100644 => 100755 lib/multi.c
+
+diff --git a/lib/asyn-thread.c b/lib/asyn-thread.c
+old mode 100644
+new mode 100755
+index 5f33c9affd0f27..f17638e44e6b18
+--- a/lib/asyn-thread.c
++++ b/lib/asyn-thread.c
+@@ -163,6 +163,9 @@ struct thread_sync_data {
+ char *hostname; /* hostname to resolve, Curl_async.hostname
+ duplicate */
+ int port;
++#ifdef HAVE_SOCKETPAIR
++ curl_socket_t sock_pair[2]; /* socket pair */
++#endif
+ int sock_error;
+ Curl_addrinfo *res;
+ #ifdef HAVE_GETADDRINFO
+@@ -197,6 +200,16 @@ void destroy_thread_sync_data(struct thread_sync_data * tsd)
+ if(tsd->res)
+ Curl_freeaddrinfo(tsd->res);
+
++#ifdef HAVE_SOCKETPAIR
++ /* close socket pair */
++ if(tsd->sock_pair[0] != CURL_SOCKET_BAD) {
++ sclose(tsd->sock_pair[0]);
++ }
++
++ if(tsd->sock_pair[1] != CURL_SOCKET_BAD) {
++ sclose(tsd->sock_pair[1]);
++ }
++#endif
+ memset(tsd, 0, sizeof(*tsd));
+ }
+
+@@ -230,6 +243,14 @@ int init_thread_sync_data(struct thread_data * td,
+
+ Curl_mutex_init(tsd->mtx);
+
++#ifdef HAVE_SOCKETPAIR
++ /* create socket pair */
++ if(socketpair(AF_LOCAL, SOCK_STREAM, 0, &tsd->sock_pair[0]) < 0) {
++ tsd->sock_pair[0] = CURL_SOCKET_BAD;
++ tsd->sock_pair[1] = CURL_SOCKET_BAD;
++ goto err_exit;
++ }
++#endif
+ tsd->sock_error = CURL_ASYNC_SUCCESS;
+
+ /* Copying hostname string because original can be destroyed by parent
+@@ -297,6 +318,9 @@ static unsigned int CURL_STDCALL getaddrinfo_thread(void *arg)
+ struct thread_data *td = tsd->td;
+ char service[12];
+ int rc;
++#ifdef HAVE_SOCKETPAIR
++ char buf[1];
++#endif
+
+ snprintf(service, sizeof(service), "%d", tsd->port);
+
+@@ -298,6 +322,16 @@ static unsigned int CURL_STDCALL getaddrinfo_thread(void *arg)
+ free(td);
+ }
+ else {
++#ifdef HAVE_SOCKETPAIR
++ if(tsd->sock_pair[1] != CURL_SOCKET_BAD) {
++ /* DNS has been resolved, signal client task */
++ buf[0] = 1;
++ if(write(tsd->sock_pair[1], buf, sizeof(buf)) < 0) {
++ /* update sock_erro to errno */
++ tsd->sock_error = SOCKERRNO;
++ }
++ }
++#endif
+ tsd->done = 1;
+ Curl_mutex_release(tsd->mtx);
+ }
+@@ -595,23 +629,43 @@ int Curl_resolver_getsock(struct connectdata *conn,
+ curl_socket_t *socks,
+ int numsocks)
+ {
++ int ret_val = 0;
+ time_t milli;
+ timediff_t ms;
+ struct Curl_easy *data = conn->data;
+ struct resdata *reslv = (struct resdata *)data->state.resolver;
++#ifdef HAVE_SOCKETPAIR
++ struct thread_data *td = (struct thread_data*)conn->async.os_specific;
++ int loop_idx;
++#else
+ (void)socks;
+ (void)numsocks;
+- ms = Curl_timediff(Curl_now(), reslv->start);
+- if(ms < 3)
+- milli = 0;
+- else if(ms <= 50)
+- milli = ms/3;
+- else if(ms <= 250)
+- milli = 50;
+- else
+- milli = 200;
+- Curl_expire(data, milli, EXPIRE_ASYNC_NAME);
+- return 0;
++#endif
++
++#ifdef HAVE_SOCKETPAIR
++ if(td) {
++ /* return read fd to client for polling the DNS resolution status */
++ socks[0] = td->tsd.sock_pair[0];
++ ret_val = GETSOCK_READSOCK(0);
++ }
++ else {
++#endif
++ ms = Curl_timediff(Curl_now(), reslv->start);
++ if(ms < 3)
++ milli = 0;
++ else if(ms <= 50)
++ milli = ms/3;
++ else if(ms <= 250)
++ milli = 50;
++ else
++ milli = 200;
++ Curl_expire(data, milli, EXPIRE_ASYNC_NAME);
++#ifdef HAVE_SOCKETPAIR
++ }
++#endif
++
++
++ return ret_val;
+ }
+
+ #ifndef HAVE_GETADDRINFO
+diff --git a/lib/multi.c b/lib/multi.c
+old mode 100644
+new mode 100755
diff --git a/SOURCES/0063-curl-7.61.1-native-md5.patch b/SOURCES/0063-curl-7.61.1-native-md5.patch
new file mode 100644
index 0000000000000000000000000000000000000000..97fd5a280e48ab3ab452eb2ef0b2382fcf05401f
--- /dev/null
+++ b/SOURCES/0063-curl-7.61.1-native-md5.patch
@@ -0,0 +1,279 @@
+diff -up curl-7.61.1/lib/curl_md5.h.RHEL-32335 curl-7.61.1/lib/curl_md5.h
+--- curl-7.61.1/lib/curl_md5.h.RHEL-32335 2024-04-10 10:09:36.758098940 +0200
++++ curl-7.61.1/lib/curl_md5.h 2024-04-10 10:10:22.426370509 +0200
+@@ -49,8 +49,8 @@ typedef struct {
+ extern const MD5_params Curl_DIGEST_MD5[1];
+ extern const HMAC_params Curl_HMAC_MD5[1];
+
+-void Curl_md5it(unsigned char *output,
+- const unsigned char *input);
++void Curl_md5it(unsigned char *output, const unsigned char *input,
++ const size_t len);
+
+ MD5_context * Curl_MD5_init(const MD5_params *md5params);
+ int Curl_MD5_update(MD5_context *context,
+diff -up curl-7.61.1/lib/curl_ntlm_core.h.RHEL-32335 curl-7.61.1/lib/curl_ntlm_core.h
+--- curl-7.61.1/lib/curl_ntlm_core.h.RHEL-32335 2024-04-10 09:52:39.872042425 +0200
++++ curl-7.61.1/lib/curl_ntlm_core.h 2024-04-10 09:54:46.230795176 +0200
+@@ -48,9 +48,9 @@
+ #endif
+
+ /* Define USE_NTLM2SESSION in order to make the type-3 message include the
+- NTLM2Session response message, requires USE_NTRESPONSES defined to 1 and a
+- Crypto engine that we have curl_ssl_md5sum() for. */
+-#if defined(USE_NTRESPONSES) && !defined(USE_WIN32_CRYPTO)
++ NTLM2Session response message, requires USE_NTRESPONSES defined to 1 and
++ MD5 support */
++#if defined(USE_NTRESPONSES) && !defined(CURL_DISABLE_CRYPTO_AUTH)
+ #define USE_NTLM2SESSION
+ #endif
+
+diff -up curl-7.61.1/lib/curl_sha256.h.RHEL-32335 curl-7.61.1/lib/curl_sha256.h
+--- curl-7.61.1/lib/curl_sha256.h.RHEL-32335 2024-04-10 10:13:40.975551190 +0200
++++ curl-7.61.1/lib/curl_sha256.h 2024-04-10 10:14:00.251665815 +0200
+@@ -24,8 +24,8 @@
+
+ #ifndef CURL_DISABLE_CRYPTO_AUTH
+
+-void Curl_sha256it(unsigned char *outbuffer,
+- const unsigned char *input);
++void Curl_sha256it(unsigned char *outbuffer, const unsigned char *input,
++ const size_t len);
+
+ #endif
+
+diff -up curl-7.61.1/lib/md5.c.RHEL-32335 curl-7.61.1/lib/md5.c
+--- curl-7.61.1/lib/md5.c.RHEL-32335 2024-04-10 10:10:39.831474009 +0200
++++ curl-7.61.1/lib/md5.c 2024-04-10 10:13:29.963485706 +0200
+@@ -519,12 +519,13 @@ const MD5_params Curl_DIGEST_MD5[] = {
+ /*
+ * @unittest: 1601
+ */
+-void Curl_md5it(unsigned char *outbuffer, /* 16 bytes */
+- const unsigned char *input)
++void Curl_md5it(unsigned char *outbuffer, const unsigned char *input,
++ const size_t len)
+ {
+ MD5_CTX ctx;
++
+ MD5_Init(&ctx);
+- MD5_Update(&ctx, input, curlx_uztoui(strlen((char *)input)));
++ MD5_Update(&ctx, input, curlx_uztoui(len));
+ MD5_Final(outbuffer, &ctx);
+ }
+
+diff -up curl-7.61.1/lib/sha256.c.RHEL-32335 curl-7.61.1/lib/sha256.c
+--- curl-7.61.1/lib/sha256.c.RHEL-32335 2024-04-10 10:14:32.047854892 +0200
++++ curl-7.61.1/lib/sha256.c 2024-04-10 10:15:23.010157942 +0200
+@@ -255,12 +255,13 @@ static int SHA256_Final(unsigned char *o
+
+ #endif
+
+-void Curl_sha256it(unsigned char *outbuffer, /* 32 unsigned chars */
+- const unsigned char *input)
++void Curl_sha256it(unsigned char *outbuffer, const unsigned char *input,
++ const size_t len)
+ {
+ SHA256_CTX ctx;
++
+ SHA256_Init(&ctx);
+- SHA256_Update(&ctx, input, curlx_uztoui(strlen((char *)input)));
++ SHA256_Update(&ctx, input, curlx_uztoui(len));
+ SHA256_Final(outbuffer, &ctx);
+ }
+
+diff -up curl-7.61.1/lib/vauth/digest.c.RHEL-32335 curl-7.61.1/lib/vauth/digest.c
+--- curl-7.61.1/lib/vauth/digest.c.RHEL-32335 2024-04-10 10:15:31.737209838 +0200
++++ curl-7.61.1/lib/vauth/digest.c 2024-04-10 10:20:11.293872233 +0200
+@@ -62,7 +62,7 @@
+ what ultimately goes over the network.
+ */
+ #define CURL_OUTPUT_DIGEST_CONV(a, b) \
+- result = Curl_convert_to_network(a, (char *)b, strlen((const char *)b)); \
++ result = Curl_convert_to_network(a, b, strlen(b)); \
+ if(result) { \
+ free(b); \
+ return result; \
+@@ -687,12 +687,12 @@ static CURLcode _Curl_auth_create_digest
+ struct digestdata *digest,
+ char **outptr, size_t *outlen,
+ void (*convert_to_ascii)(unsigned char *, unsigned char *),
+- void (*hash)(unsigned char *, const unsigned char *))
++ void (*hash)(unsigned char *, const unsigned char *,
++ const size_t))
+ {
+ CURLcode result;
+ unsigned char hashbuf[32]; /* 32 bytes/256 bits */
+ unsigned char request_digest[65];
+- unsigned char *hashthis;
+ unsigned char ha1[65]; /* 64 digits and 1 zero byte */
+ unsigned char ha2[65]; /* 64 digits and 1 zero byte */
+ char userh[65];
+@@ -700,6 +700,7 @@ static CURLcode _Curl_auth_create_digest
+ size_t cnonce_sz = 0;
+ char *userp_quoted;
+ char *response = NULL;
++ char *hashthis = NULL;
+ char *tmp = NULL;
+
+ if(!digest->nc)
+@@ -721,12 +722,12 @@ static CURLcode _Curl_auth_create_digest
+ }
+
+ if(digest->userhash) {
+- hashthis = (unsigned char *) aprintf("%s:%s", userp, digest->realm);
++ hashthis = aprintf("%s:%s", userp, digest->realm);
+ if(!hashthis)
+ return CURLE_OUT_OF_MEMORY;
+
+ CURL_OUTPUT_DIGEST_CONV(data, hashthis);
+- hash(hashbuf, hashthis);
++ hash(hashbuf, (unsigned char *) hashthis, strlen(hashthis));
+ free(hashthis);
+ convert_to_ascii(hashbuf, (unsigned char *)userh);
+ }
+@@ -742,14 +743,13 @@ static CURLcode _Curl_auth_create_digest
+ unq(nonce-value) ":" unq(cnonce-value)
+ */
+
+- hashthis = (unsigned char *)
+- aprintf("%s:%s:%s", digest->userhash ? userh : userp,
+- digest->realm, passwdp);
++ hashthis = aprintf("%s:%s:%s", digest->userhash ? userh : userp,
++ digest->realm, passwdp);
+ if(!hashthis)
+ return CURLE_OUT_OF_MEMORY;
+
+ CURL_OUTPUT_DIGEST_CONV(data, hashthis); /* convert on non-ASCII machines */
+- hash(hashbuf, hashthis);
++ hash(hashbuf, (unsigned char *) hashthis, strlen(hashthis));
+ free(hashthis);
+ convert_to_ascii(hashbuf, ha1);
+
+@@ -762,7 +762,7 @@ static CURLcode _Curl_auth_create_digest
+ return CURLE_OUT_OF_MEMORY;
+
+ CURL_OUTPUT_DIGEST_CONV(data, tmp); /* Convert on non-ASCII machines */
+- hash(hashbuf, (unsigned char *) tmp);
++ hash(hashbuf, (unsigned char *) tmp, strlen(tmp));
+ free(tmp);
+ convert_to_ascii(hashbuf, ha1);
+ }
+@@ -780,18 +780,18 @@ static CURLcode _Curl_auth_create_digest
+ 5.1.1 of RFC 2616)
+ */
+
+- hashthis = (unsigned char *) aprintf("%s:%s", request, uripath);
++ hashthis = aprintf("%s:%s", request, uripath);
+
+ if(digest->qop && strcasecompare(digest->qop, "auth-int")) {
+ /* We don't support auth-int for PUT or POST at the moment.
+ TODO: replace hash of empty string with entity-body for PUT/POST */
+ char hashed[65];
+- unsigned char *hashthis2;
++ char *hashthis2;
+
+- hash(hashbuf, (const unsigned char *)"");
++ hash(hashbuf, (const unsigned char *)"", 0);
+ convert_to_ascii(hashbuf, (unsigned char *)hashed);
+
+- hashthis2 = (unsigned char *)aprintf("%s:%s", hashthis, hashed);
++ hashthis2 = aprintf("%s:%s", hashthis, hashed);
+ free(hashthis);
+ hashthis = hashthis2;
+ }
+@@ -800,31 +800,23 @@ static CURLcode _Curl_auth_create_digest
+ return CURLE_OUT_OF_MEMORY;
+
+ CURL_OUTPUT_DIGEST_CONV(data, hashthis); /* convert on non-ASCII machines */
+- hash(hashbuf, hashthis);
++ hash(hashbuf, (unsigned char *) hashthis, strlen(hashthis));
+ free(hashthis);
+ convert_to_ascii(hashbuf, ha2);
+
+ if(digest->qop) {
+- hashthis = (unsigned char *) aprintf("%s:%s:%08x:%s:%s:%s",
+- ha1,
+- digest->nonce,
+- digest->nc,
+- digest->cnonce,
+- digest->qop,
+- ha2);
++ hashthis = aprintf("%s:%s:%08x:%s:%s:%s", ha1, digest->nonce, digest->nc,
++ digest->cnonce, digest->qop, ha2);
+ }
+ else {
+- hashthis = (unsigned char *) aprintf("%s:%s:%s",
+- ha1,
+- digest->nonce,
+- ha2);
++ hashthis = aprintf("%s:%s:%s", ha1, digest->nonce, ha2);
+ }
+
+ if(!hashthis)
+ return CURLE_OUT_OF_MEMORY;
+
+ CURL_OUTPUT_DIGEST_CONV(data, hashthis); /* convert on non-ASCII machines */
+- hash(hashbuf, hashthis);
++ hash(hashbuf, (unsigned char *) hashthis, strlen(hashthis));
+ free(hashthis);
+ convert_to_ascii(hashbuf, request_digest);
+
+diff -up curl-7.61.1/lib/vauth/ntlm.c.RHEL-32335 curl-7.61.1/lib/vauth/ntlm.c
+--- curl-7.61.1/lib/vauth/ntlm.c.RHEL-32335 2024-04-10 09:51:15.114537483 +0200
++++ curl-7.61.1/lib/vauth/ntlm.c 2024-04-10 09:52:26.411962237 +0200
+@@ -40,6 +40,7 @@
+ #include "curl_ntlm_core.h"
+ #include "curl_gethostname.h"
+ #include "curl_multibyte.h"
++#include "curl_md5.h"
+ #include "warnless.h"
+ #include "rand.h"
+ #include "vtls/vtls.h"
+@@ -621,11 +622,10 @@ CURLcode Curl_auth_create_ntlm_type3_mes
+ memcpy(tmp, &ntlm->nonce[0], 8);
+ memcpy(tmp + 8, entropy, 8);
+
+- result = Curl_ssl_md5sum(tmp, 16, md5sum, MD5_DIGEST_LENGTH);
+- if(!result)
+- /* We shall only use the first 8 bytes of md5sum, but the des code in
+- Curl_ntlm_core_lm_resp only encrypt the first 8 bytes */
+- result = Curl_ntlm_core_mk_nt_hash(data, passwdp, ntbuffer);
++ Curl_md5it(md5sum, tmp, 16);
++ /* We shall only use the first 8 bytes of md5sum, but the des code in
++ Curl_ntlm_core_lm_resp only encrypt the first 8 bytes */
++ result = Curl_ntlm_core_mk_nt_hash(data, passwdp, ntbuffer);
+ if(result)
+ return result;
+
+diff -up curl-7.61.1/tests/unit/unit1601.c.RHEL-32335 curl-7.61.1/tests/unit/unit1601.c
+--- curl-7.61.1/tests/unit/unit1601.c.RHEL-32335 2024-04-10 10:20:19.347920127 +0200
++++ curl-7.61.1/tests/unit/unit1601.c 2024-04-10 10:21:53.606480641 +0200
+@@ -36,18 +36,19 @@ static void unit_stop(void)
+ UNITTEST_START
+
+ #ifndef CURL_DISABLE_CRYPTO_AUTH
+- unsigned char output[16];
++ const char string1[] = "1";
++ const char string2[] = "hello-you-fool";
++ unsigned char output[MD5_DIGEST_LEN];
+ unsigned char *testp = output;
+- Curl_md5it(output, (const unsigned char *)"1");
+
+-/* !checksrc! disable LONGLINE 2 */
+- verify_memory(testp,
+- "\xc4\xca\x42\x38\xa0\xb9\x23\x82\x0d\xcc\x50\x9a\x6f\x75\x84\x9b", 16);
++ Curl_md5it(output, (const unsigned char *) string1, strlen(string1));
++ verify_memory(testp, "\xc4\xca\x42\x38\xa0\xb9\x23\x82\x0d\xcc\x50\x9a\x6f"
++ "\x75\x84\x9b", MD5_DIGEST_LEN);
+
+- Curl_md5it(output, (const unsigned char *)"hello-you-fool");
++ Curl_md5it(output, (const unsigned char *) string2, strlen(string2));
+
+- verify_memory(testp,
+- "\x88\x67\x0b\x6d\x5d\x74\x2f\xad\xa5\xcd\xf9\xb6\x82\x87\x5f\x22", 16);
++ verify_memory(testp, "\x88\x67\x0b\x6d\x5d\x74\x2f\xad\xa5\xcd\xf9\xb6\x82"
++ "\x87\x5f\x22", MD5_DIGEST_LEN);
+ #endif
+
+
diff --git a/SPECS/curl.spec b/SPECS/curl.spec
index 6a05e4d489271867a173f9cb085b6217ef98135f..d69959ef1c8f2aa0ecf82386924b5cf788d11875 100644
--- a/SPECS/curl.spec
+++ b/SPECS/curl.spec
@@ -1,7 +1,7 @@
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
Name: curl
Version: 7.61.1
-Release: 34%{?dist}.2
+Release: 34%{?dist}.3
License: MIT
Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz
@@ -178,6 +178,12 @@ Patch60: 0060-curl-7.61.1-lowercase-headernames.patch
# provide common cleanup method for push headers (CVE-2024-2398)
Patch61: 0061-curl-7.61.1-CVE-2024-2398.patch
+# asyn-thread: create a socketpair to wait on
+Patch62: 0062-curl-7.61.1-socketpair-to-wait-on.patch
+
+# fix crash, when talking to a NTLM proxy in FIPS mode
+Patch63: 0063-curl-7.61.1-native-md5.patch
+
# patch making libcurl multilib ready
Patch101: 0101-curl-7.32.0-multilib.patch
@@ -338,80 +344,82 @@ be installed.
%setup -q
# upstream patches
-%patch1 -p1
-%patch2 -p1
-%patch3 -p1
+%patch -P 1 -p1
+%patch -P 2 -p1
+%patch -P 3 -p1
git init
git apply %{PATCH4}
-%patch5 -p1
-%patch6 -p1
-%patch7 -p1
-%patch8 -p1
-%patch9 -p1
-%patch10 -p1
-%patch11 -p1
-%patch14 -p1
+%patch -P 5 -p1
+%patch -P 6 -p1
+%patch -P 7 -p1
+%patch -P 8 -p1
+%patch -P 9 -p1
+%patch -P 10 -p1
+%patch -P 11 -p1
+%patch -P 14 -p1
# Fedora patches
-%patch101 -p1
-%patch102 -p1
-%patch103 -p1
-%patch104 -p1
+%patch -P 101 -p1
+%patch -P 102 -p1
+%patch -P 103 -p1
+%patch -P 104 -p1
# use different port range for 32bit and 64bit builds, thus make it possible
# to run both the builds in parallel on the same machine
-%patch105 -p1
+%patch -P 105 -p1
sed -e 's|%%HTTPPORT|%{?__isa_bits}90|g' -i tests/data/test1448
# upstream patches
-%patch17 -p1
-%patch18 -p1
-%patch19 -p1
-%patch20 -p1
-%patch21 -p1
-%patch22 -p1
-%patch23 -p1
-%patch24 -p1
-%patch25 -p1
-%patch26 -p1
-%patch27 -p1
-%patch28 -p1
-%patch29 -p1
-%patch30 -p1
-%patch31 -p1
-%patch32 -p1
-%patch33 -p1
-%patch34 -p1
-%patch35 -p1
-%patch36 -p1
-%patch37 -p1
-
-%patch38 -p1
+%patch -P 17 -p1
+%patch -P 18 -p1
+%patch -P 19 -p1
+%patch -P 20 -p1
+%patch -P 21 -p1
+%patch -P 22 -p1
+%patch -P 23 -p1
+%patch -P 24 -p1
+%patch -P 25 -p1
+%patch -P 26 -p1
+%patch -P 27 -p1
+%patch -P 28 -p1
+%patch -P 29 -p1
+%patch -P 30 -p1
+%patch -P 31 -p1
+%patch -P 32 -p1
+%patch -P 33 -p1
+%patch -P 34 -p1
+%patch -P 35 -p1
+%patch -P 36 -p1
+%patch -P 37 -p1
+
+%patch -P 38 -p1
sed -e 's|:8992/|:%{?__isa_bits}92/|g' -i tests/data/test97{3..6}
-%patch39 -p1
-%patch40 -p1
-%patch41 -p1
-%patch42 -p1
-%patch43 -p1
-%patch44 -p1
-%patch45 -p1
-%patch46 -p1
-%patch47 -p1
-%patch48 -p1
-%patch49 -p1
-%patch50 -p1
-%patch51 -p1
+%patch -P 39 -p1
+%patch -P 40 -p1
+%patch -P 41 -p1
+%patch -P 42 -p1
+%patch -P 43 -p1
+%patch -P 44 -p1
+%patch -P 45 -p1
+%patch -P 46 -p1
+%patch -P 47 -p1
+%patch -P 48 -p1
+%patch -P 49 -p1
+%patch -P 50 -p1
+%patch -P 51 -p1
git apply %{PATCH52}
-%patch53 -p1
-%patch54 -p1
-%patch55 -p1
-%patch56 -p1
-%patch57 -p1
-%patch58 -p1
-%patch59 -p1
-%patch60 -p1
-%patch61 -p1
+%patch -P 53 -p1
+%patch -P 54 -p1
+%patch -P 55 -p1
+%patch -P 56 -p1
+%patch -P 57 -p1
+%patch -P 58 -p1
+%patch -P 59 -p1
+%patch -P 60 -p1
+%patch -P 61 -p1
+%patch -P 62 -p1
+%patch -P 63 -p1
# make tests/*.py use Python 3
sed -e '1 s|^#!/.*python|#!%{__python3}|' -i tests/*.py
@@ -574,6 +582,13 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
%changelog
+* Wed Jan 08 2025 Jacek Migacz <jmigacz@redhat.com> - 7.61.1-34.el8_10.4
+- make up incomplete patch for host name wildcard checking (RHEL-5680)
+
+* Wed Oct 30 2024 Jacek Migacz <jmigacz@redhat.com> - 7.61.1-34.el8_10.3
+- asyn-thread: create a socketpair to wait on (RHEL-34906)
+- fix crash, when talking to a NTLM proxy in FIPS mode (RHEL-32641)
+
* Wed Aug 14 2024 Jacek Migacz <jmigacz@redhat.com> - 7.61.1-34.el8_10.2
- provide common cleanup method for push headers (CVE-2024-2398)