diff --git a/SOURCES/0029-curl-7.61.1-CVE-2021-22876.patch b/SOURCES/0029-curl-7.61.1-CVE-2021-22876.patch
new file mode 100644
index 0000000..dbd2496
--- /dev/null
+++ b/SOURCES/0029-curl-7.61.1-CVE-2021-22876.patch
@@ -0,0 +1,116 @@
+From 239f8d93866605b05f4e6b551f4327dc7fcb922b Mon Sep 17 00:00:00 2001
+From: Viktor Szakats <commit@vsz.me>
+Date: Tue, 23 Feb 2021 14:54:46 +0100
+Subject: [PATCH 1/2] transfer: strip credentials from the auto-referer header
+ field
+
+Added test 2081 to verify.
+
+CVE-2021-22876
+
+Bug: https://curl.se/docs/CVE-2021-22876.html
+
+Upstream-commit: 7214288898f5625a6cc196e22a74232eada7861c
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/transfer.c | 25 +++++++++++++++++++++++--
+ 1 file changed, 23 insertions(+), 2 deletions(-)
+
+diff --git a/lib/transfer.c b/lib/transfer.c
+index ecd1063..263b178 100644
+--- a/lib/transfer.c
++++ b/lib/transfer.c
+@@ -1473,6 +1473,7 @@ CURLcode Curl_follow(struct Curl_easy *data,
+ /* Location: redirect */
+ bool disallowport = FALSE;
+ bool reachedmax = FALSE;
++ CURLUcode uc;
+
+ if(type == FOLLOW_REDIR) {
+ if((data->set.maxredirs != -1) &&
+@@ -1488,6 +1489,9 @@ CURLcode Curl_follow(struct Curl_easy *data,
+ data->set.followlocation++; /* count location-followers */
+
+ if(data->set.http_auto_referer) {
++ CURLU *u;
++ char *referer;
++
+ /* We are asked to automatically set the previous URL as the referer
+ when we get the next URL. We pick the ->url field, which may or may
+ not be 100% correct */
+@@ -1497,9 +1501,26 @@ CURLcode Curl_follow(struct Curl_easy *data,
+ data->change.referer_alloc = FALSE;
+ }
+
+- data->change.referer = strdup(data->change.url);
+- if(!data->change.referer)
++ /* Make a copy of the URL without crenditals and fragment */
++ u = curl_url();
++ if(!u)
++ return CURLE_OUT_OF_MEMORY;
++
++ uc = curl_url_set(u, CURLUPART_URL, data->change.url, 0);
++ if(!uc)
++ uc = curl_url_set(u, CURLUPART_FRAGMENT, NULL, 0);
++ if(!uc)
++ uc = curl_url_set(u, CURLUPART_USER, NULL, 0);
++ if(!uc)
++ uc = curl_url_set(u, CURLUPART_PASSWORD, NULL, 0);
++ if(!uc)
++ uc = curl_url_get(u, CURLUPART_URL, &referer, 0);
++
++ curl_url_cleanup(u);
++
++ if(uc || referer == NULL)
+ return CURLE_OUT_OF_MEMORY;
++ data->change.referer = referer;
+ data->change.referer_alloc = TRUE; /* yes, free this later */
+ }
+ }
+--
+2.30.2
+
+
+From f7d1d478b87499ce31d6aa3251830b78447ad952 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Mon, 29 Mar 2021 09:32:14 +0200
+Subject: [PATCH 2/2] transfer: clear 'referer' in declaration
+
+To silence (false positive) compiler warnings about it.
+
+Follow-up to 7214288898f5625
+
+Reviewed-by: Marcel Raad
+Closes #6810
+
+Upstream-commit: 6bb028dbda6cbfe83f66de773544f71e4813160f
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/transfer.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/lib/transfer.c b/lib/transfer.c
+index 263b178..ad5a7ba 100644
+--- a/lib/transfer.c
++++ b/lib/transfer.c
+@@ -1490,7 +1490,7 @@ CURLcode Curl_follow(struct Curl_easy *data,
+
+ if(data->set.http_auto_referer) {
+ CURLU *u;
+- char *referer;
++ char *referer = NULL;
+
+ /* We are asked to automatically set the previous URL as the referer
+ when we get the next URL. We pick the ->url field, which may or may
+@@ -1518,7 +1518,7 @@ CURLcode Curl_follow(struct Curl_easy *data,
+
+ curl_url_cleanup(u);
+
+- if(uc || referer == NULL)
++ if(uc || !referer)
+ return CURLE_OUT_OF_MEMORY;
+ data->change.referer = referer;
+ data->change.referer_alloc = TRUE; /* yes, free this later */
+--
+2.30.2
+
diff --git a/SOURCES/0030-curl-7.61.1-file-head.patch b/SOURCES/0030-curl-7.61.1-file-head.patch
new file mode 100644
index 0000000..e545e8e
--- /dev/null
+++ b/SOURCES/0030-curl-7.61.1-file-head.patch
@@ -0,0 +1,693 @@
+From 87e3d094e0dc00efc1abeb2b142d453024cbca69 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 4 Oct 2018 23:53:32 +0200
+Subject: [PATCH] FILE: fix CURLOPT_NOBODY and CURLOPT_HEADER output
+
+Now FILE transfers send headers to the header callback like HTTP and
+other protocols. Also made curl_easy_getinfo(...CURLINFO_PROTOCOL...)
+work for FILE in the callbacks.
+
+Makes "curl -i file://.." and "curl -I file://.." work like before
+again. Applied the bold header logic to them too.
+
+Regression from c1c2762 (7.61.0)
+
+Reported-by: Shaun Jackman
+Fixes #3083
+Closes #3101
+
+Upstream-commit: e50a2002bd450a4800a165d2874ed79c95b33a07
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/file.c | 27 +++++++++++++--------------
+ lib/getinfo.c | 1 -
+ lib/url.c | 1 +
+ src/tool_cb_hdr.c | 5 +++--
+ tests/data/test1016 | 2 +-
+ tests/data/test1017 | 2 +-
+ tests/data/test1018 | 2 +-
+ tests/data/test1019 | 2 +-
+ tests/data/test1020 | 2 +-
+ tests/data/test1029 | 2 +-
+ tests/data/test1146 | 2 +-
+ tests/data/test1220 | 2 +-
+ tests/data/test200 | 2 +-
+ tests/data/test2000 | 2 +-
+ tests/data/test2001 | 13 +------------
+ tests/data/test2002 | 13 +------------
+ tests/data/test2003 | 26 ++------------------------
+ tests/data/test2004 | 2 +-
+ tests/data/test2006 | 8 ++++++++
+ tests/data/test2007 | 8 ++++++++
+ tests/data/test2008 | 8 ++++++++
+ tests/data/test2009 | 8 ++++++++
+ tests/data/test2010 | 8 ++++++++
+ tests/data/test202 | 2 +-
+ tests/data/test203 | 2 +-
+ tests/data/test204 | 2 +-
+ tests/data/test205 | 2 +-
+ tests/data/test2070 | 2 +-
+ tests/data/test2071 | 2 +-
+ tests/data/test2072 | 2 +-
+ tests/data/test210 | 2 +-
+ tests/data/test231 | 2 +-
+ tests/data/test288 | 2 +-
+ 33 files changed, 82 insertions(+), 86 deletions(-)
+
+diff --git a/lib/file.c b/lib/file.c
+index e50e988..f780658 100644
+--- a/lib/file.c
++++ b/lib/file.c
+@@ -386,7 +386,6 @@ static CURLcode file_do(struct connectdata *conn, bool *done)
+
+ *done = TRUE; /* unconditionally */
+
+- Curl_initinfo(data);
+ Curl_pgrsStartNow(data);
+
+ if(data->set.upload)
+@@ -413,21 +412,18 @@ static CURLcode file_do(struct connectdata *conn, bool *done)
+ }
+ }
+
+- /* If we have selected NOBODY and HEADER, it means that we only want file
+- information. Which for FILE can't be much more than the file size and
+- date. */
+- if(data->set.opt_no_body && data->set.include_header && fstated) {
++ if(fstated) {
+ time_t filetime;
+ struct tm buffer;
+ const struct tm *tm = &buffer;
+ char header[80];
+ snprintf(header, sizeof(header),
+ "Content-Length: %" CURL_FORMAT_CURL_OFF_T "\r\n", expected_size);
+- result = Curl_client_write(conn, CLIENTWRITE_BOTH, header, 0);
++ result = Curl_client_write(conn, CLIENTWRITE_HEADER, header, 0);
+ if(result)
+ return result;
+
+- result = Curl_client_write(conn, CLIENTWRITE_BOTH,
++ result = Curl_client_write(conn, CLIENTWRITE_HEADER,
+ (char *)"Accept-ranges: bytes\r\n", 0);
+ if(result)
+ return result;
+@@ -439,19 +435,22 @@ static CURLcode file_do(struct connectdata *conn, bool *done)
+
+ /* format: "Tue, 15 Nov 1994 12:45:26 GMT" */
+ snprintf(header, sizeof(header),
+- "Last-Modified: %s, %02d %s %4d %02d:%02d:%02d GMT\r\n",
++ "Last-Modified: %s, %02d %s %4d %02d:%02d:%02d GMT\r\n%s",
+ Curl_wkday[tm->tm_wday?tm->tm_wday-1:6],
+ tm->tm_mday,
+ Curl_month[tm->tm_mon],
+ tm->tm_year + 1900,
+ tm->tm_hour,
+ tm->tm_min,
+- tm->tm_sec);
+- result = Curl_client_write(conn, CLIENTWRITE_BOTH, header, 0);
+- if(!result)
+- /* set the file size to make it available post transfer */
+- Curl_pgrsSetDownloadSize(data, expected_size);
+- return result;
++ tm->tm_sec,
++ data->set.opt_no_body ? "": "\r\n");
++ result = Curl_client_write(conn, CLIENTWRITE_HEADER, header, 0);
++ if(result)
++ return result;
++ /* set the file size to make it available post transfer */
++ Curl_pgrsSetDownloadSize(data, expected_size);
++ if(data->set.opt_no_body)
++ return result;
+ }
+
+ /* Check whether file range has been specified */
+diff --git a/lib/getinfo.c b/lib/getinfo.c
+index 14b4562..54c2c2f 100644
+--- a/lib/getinfo.c
++++ b/lib/getinfo.c
+@@ -85,7 +85,6 @@ CURLcode Curl_initinfo(struct Curl_easy *data)
+ #ifdef USE_SSL
+ Curl_ssl_free_certinfo(data);
+ #endif
+-
+ return CURLE_OK;
+ }
+
+diff --git a/lib/url.c b/lib/url.c
+index b18db25..bb9d107 100644
+--- a/lib/url.c
++++ b/lib/url.c
+@@ -4290,6 +4290,7 @@ static CURLcode create_conn(struct Curl_easy *data,
+ /* this is supposed to be the connect function so we better at least check
+ that the file is present here! */
+ DEBUGASSERT(conn->handler->connect_it);
++ Curl_persistconninfo(conn);
+ result = conn->handler->connect_it(conn, &done);
+
+ /* Setup a "faked" transfer that'll do nothing */
+diff --git a/src/tool_cb_hdr.c b/src/tool_cb_hdr.c
+index e91e8ac..4f21221 100644
+--- a/src/tool_cb_hdr.c
++++ b/src/tool_cb_hdr.c
+@@ -153,8 +153,9 @@ size_t tool_header_cb(char *ptr, size_t size, size_t nmemb, void *userdata)
+ }
+
+ if(hdrcbdata->config->show_headers &&
+- (protocol & (CURLPROTO_HTTP|CURLPROTO_HTTPS|CURLPROTO_RTSP))) {
+- /* bold headers only happen for HTTP(S) and RTSP */
++ (protocol &
++ (CURLPROTO_HTTP|CURLPROTO_HTTPS|CURLPROTO_RTSP|CURLPROTO_FILE))) {
++ /* bold headers only for selected protocols */
+ char *value = NULL;
+
+ if(!outs->stream && !tool_create_output_file(outs))
+diff --git a/tests/data/test1016 b/tests/data/test1016
+index b404cac..4927f9e 100644
+--- a/tests/data/test1016
++++ b/tests/data/test1016
+@@ -22,7 +22,7 @@ file
+ <name>
+ X-Y range on a file:// URL to stdout
+ </name>
+- <command>
++<command option="no-include">
+ -r 1-4 file://localhost/%PWD/log/test1016.txt
+ </command>
+ <file name="log/test1016.txt">
+diff --git a/tests/data/test1017 b/tests/data/test1017
+index 6fbc38a..cfdd80f 100644
+--- a/tests/data/test1017
++++ b/tests/data/test1017
+@@ -23,7 +23,7 @@ file
+ <name>
+ 0-Y range on a file:// URL to stdout
+ </name>
+- <command>
++<command option="no-include">
+ -r 0-3 file://localhost/%PWD/log/test1017.txt
+ </command>
+ <file name="log/test1017.txt">
+diff --git a/tests/data/test1018 b/tests/data/test1018
+index 28a7027..5748701 100644
+--- a/tests/data/test1018
++++ b/tests/data/test1018
+@@ -22,7 +22,7 @@ file
+ <name>
+ X-X range on a file:// URL to stdout
+ </name>
+- <command>
++<command option="no-include">
+ -r 4-4 file://localhost/%PWD/log/test1018.txt
+ </command>
+ <file name="log/test1018.txt">
+diff --git a/tests/data/test1019 b/tests/data/test1019
+index 4d9872a..054e38d 100644
+--- a/tests/data/test1019
++++ b/tests/data/test1019
+@@ -23,7 +23,7 @@ file
+ <name>
+ X- range on a file:// URL to stdout
+ </name>
+- <command>
++<command option="no-include">
+ -r 7- file://localhost/%PWD/log/test1019.txt
+ </command>
+ <file name="log/test1019.txt">
+diff --git a/tests/data/test1020 b/tests/data/test1020
+index 735871d..e924529 100644
+--- a/tests/data/test1020
++++ b/tests/data/test1020
+@@ -23,7 +23,7 @@ file
+ <name>
+ -Y range on a file:// URL to stdout
+ </name>
+- <command>
++<command option="no-include">
+ -r -9 file://localhost/%PWD/log/test1020.txt
+ </command>
+ <file name="log/test1020.txt">
+diff --git a/tests/data/test1029 b/tests/data/test1029
+index 2ffc7c6..c77209c 100644
+--- a/tests/data/test1029
++++ b/tests/data/test1029
+@@ -29,7 +29,7 @@ http
+ <name>
+ HTTP Location: and 'redirect_url' check
+ </name>
+- <command>
++<command>
+ http://%HOSTIP:%HTTPPORT/we/want/our/1029 -w '%{redirect_url}\n'
+ </command>
+ </client>
+diff --git a/tests/data/test1146 b/tests/data/test1146
+index 43f33b7..636748e 100644
+--- a/tests/data/test1146
++++ b/tests/data/test1146
+@@ -24,7 +24,7 @@ file
+ <name>
+ --proto-default file
+ </name>
+-<command>
++<command option="no-include">
+ --proto-default file %PWD/log/test1146.txt
+ </command>
+ <file name="log/test1146.txt">
+diff --git a/tests/data/test1220 b/tests/data/test1220
+index 959abbf..6752eb5 100644
+--- a/tests/data/test1220
++++ b/tests/data/test1220
+@@ -20,7 +20,7 @@ file
+ <name>
+ file:// URLs with query string
+ </name>
+- <command>
++<command option="no-include">
+ file://localhost/%PWD/log/test1220.txt?a_query=foobar#afragment
+ </command>
+ <file name="log/test1220.txt">
+diff --git a/tests/data/test200 b/tests/data/test200
+index 8be1de0..c27f7c0 100644
+--- a/tests/data/test200
++++ b/tests/data/test200
+@@ -23,7 +23,7 @@ file
+ <name>
+ basic file:// file
+ </name>
+- <command>
++<command option="no-include">
+ file://localhost/%PWD/log/test200.txt
+ </command>
+ <file name="log/test200.txt">
+diff --git a/tests/data/test2000 b/tests/data/test2000
+index d3edb16..db1ba13 100644
+--- a/tests/data/test2000
++++ b/tests/data/test2000
+@@ -31,7 +31,7 @@ file
+ <name>
+ FTP RETR followed by FILE
+ </name>
+- <command>
++<command option="no-include">
+ ftp://%HOSTIP:%FTPPORT/2000 file://localhost/%PWD/log/test2000.txt
+ </command>
+ <file name="log/test2000.txt">
+diff --git a/tests/data/test2001 b/tests/data/test2001
+index 68c0df7..88a258e 100644
+--- a/tests/data/test2001
++++ b/tests/data/test2001
+@@ -48,7 +48,7 @@ file
+ <name>
+ HTTP GET followed by FTP RETR followed by FILE
+ </name>
+- <command>
++<command option="no-include">
+ http://%HOSTIP:%HTTPPORT/20010001 ftp://%HOSTIP:%FTPPORT/20010002 file://localhost/%PWD/log/test2001.txt
+ </command>
+ <file name="log/test2001.txt">
+@@ -81,17 +81,6 @@ RETR 20010002
+ QUIT
+ </protocol>
+ <stdout>
+-HTTP/1.1 200 OK
+-Date: Thu, 09 Nov 2010 14:49:00 GMT
+-Server: test-server/fake
+-Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
+-ETag: "21025-dc7-39462498"
+-Accept-Ranges: bytes
+-Content-Length: 6
+-Connection: close
+-Content-Type: text/html
+-Funny-head: yesyes
+-
+ -foo-
+ data
+ to
+diff --git a/tests/data/test2002 b/tests/data/test2002
+index db96bfe..6dd2f93 100644
+--- a/tests/data/test2002
++++ b/tests/data/test2002
+@@ -57,7 +57,7 @@ tftp
+ <name>
+ HTTP GET followed by FTP RETR followed by FILE followed by TFTP RRQ
+ </name>
+- <command>
++<command option="no-include">
+ http://%HOSTIP:%HTTPPORT/20020001 ftp://%HOSTIP:%FTPPORT/20020002 file://localhost/%PWD/log/test2002.txt tftp://%HOSTIP:%TFTPPORT//20020003
+ </command>
+ <file name="log/test2002.txt">
+@@ -96,17 +96,6 @@ filename: /20020003
+ QUIT
+ </protocol>
+ <stdout>
+-HTTP/1.1 200 OK
+-Date: Thu, 09 Nov 2010 14:49:00 GMT
+-Server: test-server/fake
+-Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
+-ETag: "21025-dc7-39462498"
+-Accept-Ranges: bytes
+-Content-Length: 6
+-Connection: close
+-Content-Type: text/html
+-Funny-head: yesyes
+-
+ -foo-
+ data
+ to
+diff --git a/tests/data/test2003 b/tests/data/test2003
+index 59a743f..09bee8e 100644
+--- a/tests/data/test2003
++++ b/tests/data/test2003
+@@ -57,8 +57,8 @@ tftp
+ <name>
+ HTTP GET followed by FTP RETR followed by FILE followed by TFTP RRQ then again in reverse order
+ </name>
+- <command>
+-http://%HOSTIP:%HTTPPORT/20030001 ftp://%HOSTIP:%FTPPORT/20030002 file://localhost/%PWD/log/test2003.txt tftp://%HOSTIP:%TFTPPORT//20030003 tftp://%HOSTIP:%TFTPPORT//20030003 file://localhost/%PWD/log/test2003.txt ftp://%HOSTIP:%FTPPORT/20030002 http://%HOSTIP:%HTTPPORT/20030001
++<command option="no-include">
++http://%HOSTIP:%HTTPPORT/20030001 ftp://%HOSTIP:%FTPPORT/20030002 file://localhost/%PWD/log/test2003.txt tftp://%HOSTIP:%TFTPPORT//20030003 tftp://%HOSTIP:%TFTPPORT//20030003 file://localhost/%PWD/log/test2003.txt ftp://%HOSTIP:%FTPPORT/20030002 http://%HOSTIP:%HTTPPORT/20030001
+ </command>
+ <file name="log/test2003.txt">
+ foo
+@@ -109,17 +109,6 @@ Accept: */*
+ QUIT
+ </protocol>
+ <stdout>
+-HTTP/1.1 200 OK
+-Date: Thu, 09 Nov 2010 14:49:00 GMT
+-Server: test-server/fake
+-Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
+-ETag: "21025-dc7-39462498"
+-Accept-Ranges: bytes
+-Content-Length: 6
+-Connection: close
+-Content-Type: text/html
+-Funny-head: yesyes
+-
+ -foo-
+ data
+ to
+@@ -151,17 +140,6 @@ data
+ that FTP
+ works
+ so does it?
+-HTTP/1.1 200 OK
+-Date: Thu, 09 Nov 2010 14:49:00 GMT
+-Server: test-server/fake
+-Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
+-ETag: "21025-dc7-39462498"
+-Accept-Ranges: bytes
+-Content-Length: 6
+-Connection: close
+-Content-Type: text/html
+-Funny-head: yesyes
+-
+ -foo-
+ </stdout>
+ </verify>
+diff --git a/tests/data/test2004 b/tests/data/test2004
+index 4773f69..b17890b 100644
+--- a/tests/data/test2004
++++ b/tests/data/test2004
+@@ -29,7 +29,7 @@ sftp
+ <name>
+ TFTP RRQ followed by SFTP retrieval followed by FILE followed by SCP retrieval then again in reverse order
+ </name>
+- <command>
++<command option="no-include">
+ --key curl_client_key --pubkey curl_client_key.pub -u %USER: tftp://%HOSTIP:%TFTPPORT//2004 sftp://%HOSTIP:%SSHPORT%POSIX_PWD/log/test2004.txt file://localhost/%PWD/log/test2004.txt scp://%HOSTIP:%SSHPORT%POSIX_PWD/log/test2004.txt file://localhost/%PWD/log/test2004.txt sftp://%HOSTIP:%SSHPORT%POSIX_PWD/log/test2004.txt tftp://%HOSTIP:%TFTPPORT//2004 --insecure
+ </command>
+ <file name="log/test2004.txt">
+diff --git a/tests/data/test2006 b/tests/data/test2006
+index e25556f..3acbdae 100644
+--- a/tests/data/test2006
++++ b/tests/data/test2006
+@@ -4,6 +4,7 @@
+ Metalink
+ HTTP
+ HTTP GET
++FILE
+ </keywords>
+ </info>
+
+@@ -85,6 +86,10 @@ Accept: */*
+ Some data delivered from an HTTP resource
+ </file1>
+ <file2 name="log/heads2006">
++Content-Length: 496
++Accept-ranges: bytes
++
++
+ HTTP/1.1 200 OK
+ Date: Thu, 21 Jun 2012 14:49:01 GMT
+ Server: test-server/fake
+@@ -105,6 +110,9 @@ Metalink: fetching (log/download2006) from (http://%HOSTIP:%HTTPPORT/2006) OK
+ Metalink: validating (log/download2006)...
+ Metalink: validating (log/download2006) [sha-256] OK
+ </file4>
++<stripfile2>
++s/Last-Modified:.*//
++</stripfile2>
+ <stripfile4>
+ $_ = '' if (($_ !~ /^Metalink: /) && ($_ !~ /error/i) && ($_ !~ /warn/i))
+ </stripfile4>
+diff --git a/tests/data/test2007 b/tests/data/test2007
+index cc4bd8c..b169c49 100644
+--- a/tests/data/test2007
++++ b/tests/data/test2007
+@@ -5,6 +5,7 @@ Metalink
+ HTTP
+ HTTP GET
+ -J
++FILE
+ </keywords>
+ </info>
+
+@@ -85,7 +86,14 @@ Accept: */*
+ <file1 name="log/download2007">
+ Something delivered from an HTTP resource
+ </file1>
++<stripfile2>
++s/Last-Modified:.*//
++</stripfile2>
+ <file2 name="log/heads2007">
++Content-Length: 496
++Accept-ranges: bytes
++
++
+ HTTP/1.1 200 OK
+ Date: Thu, 21 Jun 2012 14:50:02 GMT
+ Server: test-server/fake
+diff --git a/tests/data/test2008 b/tests/data/test2008
+index 5843792..012f221 100644
+--- a/tests/data/test2008
++++ b/tests/data/test2008
+@@ -4,6 +4,7 @@
+ Metalink
+ HTTP
+ HTTP GET
++FILE
+ </keywords>
+ </info>
+
+@@ -77,7 +78,14 @@ Accept: */*
+ <file1 name="log/download2008">
+ Some stuff delivered from an HTTP resource
+ </file1>
++<stripfile2>
++s/Last-Modified:.*//
++</stripfile2>
+ <file2 name="log/heads2008">
++Content-Length: 496
++Accept-ranges: bytes
++
++
+ HTTP/1.1 200 OK
+ Date: Thu, 21 Jun 2012 15:23:48 GMT
+ Server: test-server/fake
+diff --git a/tests/data/test2009 b/tests/data/test2009
+index 84482ce..b0e5c6c 100644
+--- a/tests/data/test2009
++++ b/tests/data/test2009
+@@ -5,6 +5,7 @@ Metalink
+ HTTP
+ HTTP GET
+ -J
++FILE
+ </keywords>
+ </info>
+
+@@ -78,7 +79,14 @@ Accept: */*
+ <file1 name="log/download2009">
+ Some contents delivered from an HTTP resource
+ </file1>
++<stripfile2>
++s/Last-Modified:.*//
++</stripfile2>
+ <file2 name="log/heads2009">
++Content-Length: 496
++Accept-ranges: bytes
++
++
+ HTTP/1.1 200 OK
+ Date: Thu, 21 Jun 2012 16:27:17 GMT
+ Server: test-server/fake
+diff --git a/tests/data/test2010 b/tests/data/test2010
+index 91a83f4..33bb309 100644
+--- a/tests/data/test2010
++++ b/tests/data/test2010
+@@ -4,6 +4,7 @@
+ Metalink
+ HTTP
+ HTTP GET
++FILE
+ </keywords>
+ </info>
+
+@@ -77,7 +78,14 @@ Accept: */*
+ <file1 name="log/download2010">
+ Contents delivered from an HTTP resource
+ </file1>
++<stripfile2>
++s/Last-Modified:.*//
++</stripfile2>
+ <file2 name="log/heads2010">
++Content-Length: 496
++Accept-ranges: bytes
++
++
+ HTTP/1.1 200 OK
+ Date: Thu, 21 Jun 2012 17:37:27 GMT
+ Server: test-server/fake
+diff --git a/tests/data/test202 b/tests/data/test202
+index f863ec5..0b324b1 100644
+--- a/tests/data/test202
++++ b/tests/data/test202
+@@ -19,7 +19,7 @@ file
+ <name>
+ two file:// URLs to stdout
+ </name>
+- <command>
++<command option="no-include">
+ file://localhost/%PWD/log/test202.txt FILE://localhost/%PWD/log/test202.txt
+ </command>
+ <file name="log/test202.txt">
+diff --git a/tests/data/test203 b/tests/data/test203
+index 366cc2c..3938426 100644
+--- a/tests/data/test203
++++ b/tests/data/test203
+@@ -24,7 +24,7 @@ file
+ <name>
+ file:/path URL with a single slash
+ </name>
+- <command>
++<command option="no-include">
+ file:%PWD/log/test203.txt
+ </command>
+ <file name="log/test203.txt">
+diff --git a/tests/data/test204 b/tests/data/test204
+index 9cc7b01..0ed9451 100644
+--- a/tests/data/test204
++++ b/tests/data/test204
+@@ -15,7 +15,7 @@ file
+ <name>
+ "upload" with file://
+ </name>
+- <command>
++<command option="no-include">
+ file://localhost/%PWD/log/result204.txt -T log/upload204.txt
+ </command>
+ <file name="log/upload204.txt">
+diff --git a/tests/data/test205 b/tests/data/test205
+index 4af93f6..f83c531 100644
+--- a/tests/data/test205
++++ b/tests/data/test205
+@@ -16,7 +16,7 @@ file
+ <name>
+ "upload" with file://
+ </name>
+- <command>
++<command option="no-include">
+ file://localhost/%PWD/log/nonexisting/result205.txt -T log/upload205.txt
+ </command>
+ <file name="log/upload205.txt">
+diff --git a/tests/data/test2070 b/tests/data/test2070
+index bc3898a..655cd8a 100644
+--- a/tests/data/test2070
++++ b/tests/data/test2070
+@@ -23,7 +23,7 @@ file
+ <name>
+ basic file:// file with no authority
+ </name>
+- <command>
++<command option="no-include">
+ file:%PWD/log/test2070.txt
+ </command>
+ <file name="log/test2070.txt">
+diff --git a/tests/data/test2071 b/tests/data/test2071
+index 997dfff..eddfa4d 100644
+--- a/tests/data/test2071
++++ b/tests/data/test2071
+@@ -23,7 +23,7 @@ file
+ <name>
+ basic file:// file with "127.0.0.1" hostname
+ </name>
+- <command>
++<command option="no-include">
+ file://127.0.0.1/%PWD/log/test2070.txt
+ </command>
+ <file name="log/test2070.txt">
+diff --git a/tests/data/test2072 b/tests/data/test2072
+index cd26f22..1bab158 100644
+--- a/tests/data/test2072
++++ b/tests/data/test2072
+@@ -23,7 +23,7 @@ file
+ <name>
+ file:// with unix path resolution behavior for the case of extra slashes
+ </name>
+-<command>
++<command option="no-include">
+ file:////%PWD/log/test2072.txt
+ </command>
+ <precheck>
+diff --git a/tests/data/test210 b/tests/data/test210
+index e904567..c6fb703 100644
+--- a/tests/data/test210
++++ b/tests/data/test210
+@@ -22,7 +22,7 @@ ftp
+ <name>
+ Get two FTP files from the same remote dir: no second CWD
+ </name>
+- <command>
++<command option="no-include">
+ ftp://%HOSTIP:%FTPPORT/a/path/210 ftp://%HOSTIP:%FTPPORT/a/path/210
+ </command>
+ <stdout>
+diff --git a/tests/data/test231 b/tests/data/test231
+index 6994957..3d4bc77 100644
+--- a/tests/data/test231
++++ b/tests/data/test231
+@@ -22,7 +22,7 @@ file
+ <name>
+ file:// with resume
+ </name>
+- <command>
++<command option="no-include">
+ file://localhost/%PWD/log/test231.txt -C 10
+ </command>
+ <file name="log/test231.txt">
+diff --git a/tests/data/test288 b/tests/data/test288
+index ff4db6a..9f8f6e1 100644
+--- a/tests/data/test288
++++ b/tests/data/test288
+@@ -30,7 +30,7 @@ file:// with (unsupported) proxy, authentication and range
+ <setenv>
+ all_proxy=http://fake:user@%HOSTIP:%HTTPPORT/
+ </setenv>
+- <command>
++<command option="no-include">
+ file://localhost/%PWD/log/test288.txt
+ </command>
+ <file name="log/test288.txt">
+--
+2.30.2
+
diff --git a/SOURCES/0031-curl-7.61.1-CVE-2021-22924.patch b/SOURCES/0031-curl-7.61.1-CVE-2021-22924.patch
new file mode 100644
index 0000000..990d32f
--- /dev/null
+++ b/SOURCES/0031-curl-7.61.1-CVE-2021-22924.patch
@@ -0,0 +1,662 @@
+From 74ba80e293eb2521d28916b24c3be59b3baf688a Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 18 Feb 2021 10:13:56 +0100
+Subject: [PATCH 1/2] urldata: remove the _ORIG suffix from string names
+
+It doesn't provide any useful info but only makes the names longer.
+
+Closes #6624
+
+Upstream-commit: 70472a44deaff387cf8c8c197e04f3add2a96e2e
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/setopt.c | 32 ++++++++++++++++----------------
+ lib/url.c | 32 ++++++++++++++++----------------
+ lib/urldata.h | 28 ++++++++++++++--------------
+ lib/vtls/cyassl.c | 2 +-
+ lib/vtls/darwinssl.c | 4 ++--
+ lib/vtls/gskit.c | 2 +-
+ lib/vtls/gtls.c | 2 +-
+ lib/vtls/mbedtls.c | 2 +-
+ lib/vtls/nss.c | 2 +-
+ lib/vtls/openssl.c | 2 +-
+ lib/vtls/polarssl.c | 2 +-
+ lib/vtls/schannel.c | 2 +-
+ 12 files changed, 56 insertions(+), 56 deletions(-)
+
+diff --git a/lib/setopt.c b/lib/setopt.c
+index 4f04962..b07ccfe 100644
+--- a/lib/setopt.c
++++ b/lib/setopt.c
+@@ -133,7 +133,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option,
+ break;
+ case CURLOPT_SSL_CIPHER_LIST:
+ /* set a list of cipher we want to use in the SSL connection */
+- result = Curl_setstropt(&data->set.str[STRING_SSL_CIPHER_LIST_ORIG],
++ result = Curl_setstropt(&data->set.str[STRING_SSL_CIPHER_LIST],
+ va_arg(param, char *));
+ break;
+ case CURLOPT_PROXY_SSL_CIPHER_LIST:
+@@ -145,7 +145,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option,
+ case CURLOPT_TLS13_CIPHERS:
+ if(Curl_ssl_tls13_ciphersuites()) {
+ /* set preferred list of TLS 1.3 cipher suites */
+- result = Curl_setstropt(&data->set.str[STRING_SSL_CIPHER13_LIST_ORIG],
++ result = Curl_setstropt(&data->set.str[STRING_SSL_CIPHER13_LIST],
+ va_arg(param, char *));
+ }
+ else
+@@ -1532,7 +1532,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option,
+ /*
+ * String that holds file name of the SSL certificate to use
+ */
+- result = Curl_setstropt(&data->set.str[STRING_CERT_ORIG],
++ result = Curl_setstropt(&data->set.str[STRING_CERT],
+ va_arg(param, char *));
+ break;
+ case CURLOPT_PROXY_SSLCERT:
+@@ -1546,7 +1546,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option,
+ /*
+ * String that holds file type of the SSL certificate to use
+ */
+- result = Curl_setstropt(&data->set.str[STRING_CERT_TYPE_ORIG],
++ result = Curl_setstropt(&data->set.str[STRING_CERT_TYPE],
+ va_arg(param, char *));
+ break;
+ case CURLOPT_PROXY_SSLCERTTYPE:
+@@ -1560,7 +1560,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option,
+ /*
+ * String that holds file name of the SSL key to use
+ */
+- result = Curl_setstropt(&data->set.str[STRING_KEY_ORIG],
++ result = Curl_setstropt(&data->set.str[STRING_KEY],
+ va_arg(param, char *));
+ break;
+ case CURLOPT_PROXY_SSLKEY:
+@@ -1574,7 +1574,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option,
+ /*
+ * String that holds file type of the SSL key to use
+ */
+- result = Curl_setstropt(&data->set.str[STRING_KEY_TYPE_ORIG],
++ result = Curl_setstropt(&data->set.str[STRING_KEY_TYPE],
+ va_arg(param, char *));
+ break;
+ case CURLOPT_PROXY_SSLKEYTYPE:
+@@ -1588,7 +1588,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option,
+ /*
+ * String that holds the SSL or SSH private key password.
+ */
+- result = Curl_setstropt(&data->set.str[STRING_KEY_PASSWD_ORIG],
++ result = Curl_setstropt(&data->set.str[STRING_KEY_PASSWD],
+ va_arg(param, char *));
+ break;
+ case CURLOPT_PROXY_KEYPASSWD:
+@@ -1815,7 +1815,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option,
+ */
+ #ifdef USE_SSL
+ if(Curl_ssl->supports & SSLSUPP_PINNEDPUBKEY)
+- result = Curl_setstropt(&data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG],
++ result = Curl_setstropt(&data->set.str[STRING_SSL_PINNEDPUBLICKEY],
+ va_arg(param, char *));
+ else
+ #endif
+@@ -1838,7 +1838,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option,
+ /*
+ * Set CA info for SSL connection. Specify file name of the CA certificate
+ */
+- result = Curl_setstropt(&data->set.str[STRING_SSL_CAFILE_ORIG],
++ result = Curl_setstropt(&data->set.str[STRING_SSL_CAFILE],
+ va_arg(param, char *));
+ break;
+ case CURLOPT_PROXY_CAINFO:
+@@ -1857,7 +1857,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option,
+ #ifdef USE_SSL
+ if(Curl_ssl->supports & SSLSUPP_CA_PATH)
+ /* This does not work on windows. */
+- result = Curl_setstropt(&data->set.str[STRING_SSL_CAPATH_ORIG],
++ result = Curl_setstropt(&data->set.str[STRING_SSL_CAPATH],
+ va_arg(param, char *));
+ else
+ #endif
+@@ -1882,7 +1882,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option,
+ * Set CRL file info for SSL connection. Specify file name of the CRL
+ * to check certificates revocation
+ */
+- result = Curl_setstropt(&data->set.str[STRING_SSL_CRLFILE_ORIG],
++ result = Curl_setstropt(&data->set.str[STRING_SSL_CRLFILE],
+ va_arg(param, char *));
+ break;
+ case CURLOPT_PROXY_CRLFILE:
+@@ -1898,7 +1898,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option,
+ * Set Issuer certificate file
+ * to check certificates issuer
+ */
+- result = Curl_setstropt(&data->set.str[STRING_SSL_ISSUERCERT_ORIG],
++ result = Curl_setstropt(&data->set.str[STRING_SSL_ISSUERCERT],
+ va_arg(param, char *));
+ break;
+ case CURLOPT_TELNETOPTIONS:
+@@ -2449,9 +2449,9 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option,
+ break;
+ #ifdef USE_TLS_SRP
+ case CURLOPT_TLSAUTH_USERNAME:
+- result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_USERNAME_ORIG],
++ result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_USERNAME],
+ va_arg(param, char *));
+- if(data->set.str[STRING_TLSAUTH_USERNAME_ORIG] && !data->set.ssl.authtype)
++ if(data->set.str[STRING_TLSAUTH_USERNAME] && !data->set.ssl.authtype)
+ data->set.ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */
+ break;
+ case CURLOPT_PROXY_TLSAUTH_USERNAME:
+@@ -2462,9 +2462,9 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option,
+ data->set.proxy_ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */
+ break;
+ case CURLOPT_TLSAUTH_PASSWORD:
+- result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_PASSWORD_ORIG],
++ result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_PASSWORD],
+ va_arg(param, char *));
+- if(data->set.str[STRING_TLSAUTH_USERNAME_ORIG] && !data->set.ssl.authtype)
++ if(data->set.str[STRING_TLSAUTH_USERNAME] && !data->set.ssl.authtype)
+ data->set.ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */
+ break;
+ case CURLOPT_PROXY_TLSAUTH_PASSWORD:
+diff --git a/lib/url.c b/lib/url.c
+index bb9d107..a6bc012 100644
+--- a/lib/url.c
++++ b/lib/url.c
+@@ -496,7 +496,7 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data)
+ */
+ if(Curl_ssl_backend() != CURLSSLBACKEND_SCHANNEL) {
+ #if defined(CURL_CA_BUNDLE)
+- result = Curl_setstropt(&set->str[STRING_SSL_CAFILE_ORIG], CURL_CA_BUNDLE);
++ result = Curl_setstropt(&set->str[STRING_SSL_CAFILE], CURL_CA_BUNDLE);
+ if(result)
+ return result;
+
+@@ -506,7 +506,7 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data)
+ return result;
+ #endif
+ #if defined(CURL_CA_PATH)
+- result = Curl_setstropt(&set->str[STRING_SSL_CAPATH_ORIG], CURL_CA_PATH);
++ result = Curl_setstropt(&set->str[STRING_SSL_CAPATH], CURL_CA_PATH);
+ if(result)
+ return result;
+
+@@ -4333,9 +4333,9 @@ static CURLcode create_conn(struct Curl_easy *data,
+ that will be freed as part of the Curl_easy struct, but all cloned
+ copies will be separately allocated.
+ */
+- data->set.ssl.primary.CApath = data->set.str[STRING_SSL_CAPATH_ORIG];
++ data->set.ssl.primary.CApath = data->set.str[STRING_SSL_CAPATH];
+ data->set.proxy_ssl.primary.CApath = data->set.str[STRING_SSL_CAPATH_PROXY];
+- data->set.ssl.primary.CAfile = data->set.str[STRING_SSL_CAFILE_ORIG];
++ data->set.ssl.primary.CAfile = data->set.str[STRING_SSL_CAFILE];
+ data->set.proxy_ssl.primary.CAfile = data->set.str[STRING_SSL_CAFILE_PROXY];
+ data->set.ssl.primary.random_file = data->set.str[STRING_SSL_RANDOM_FILE];
+ data->set.proxy_ssl.primary.random_file =
+@@ -4343,34 +4343,34 @@ static CURLcode create_conn(struct Curl_easy *data,
+ data->set.ssl.primary.egdsocket = data->set.str[STRING_SSL_EGDSOCKET];
+ data->set.proxy_ssl.primary.egdsocket = data->set.str[STRING_SSL_EGDSOCKET];
+ data->set.ssl.primary.cipher_list =
+- data->set.str[STRING_SSL_CIPHER_LIST_ORIG];
++ data->set.str[STRING_SSL_CIPHER_LIST];
+ data->set.proxy_ssl.primary.cipher_list =
+ data->set.str[STRING_SSL_CIPHER_LIST_PROXY];
+ data->set.ssl.primary.cipher_list13 =
+- data->set.str[STRING_SSL_CIPHER13_LIST_ORIG];
++ data->set.str[STRING_SSL_CIPHER13_LIST];
+ data->set.proxy_ssl.primary.cipher_list13 =
+ data->set.str[STRING_SSL_CIPHER13_LIST_PROXY];
+
+- data->set.ssl.CRLfile = data->set.str[STRING_SSL_CRLFILE_ORIG];
++ data->set.ssl.CRLfile = data->set.str[STRING_SSL_CRLFILE];
+ data->set.proxy_ssl.CRLfile = data->set.str[STRING_SSL_CRLFILE_PROXY];
+- data->set.ssl.issuercert = data->set.str[STRING_SSL_ISSUERCERT_ORIG];
++ data->set.ssl.issuercert = data->set.str[STRING_SSL_ISSUERCERT];
+ data->set.proxy_ssl.issuercert = data->set.str[STRING_SSL_ISSUERCERT_PROXY];
+- data->set.ssl.cert = data->set.str[STRING_CERT_ORIG];
++ data->set.ssl.cert = data->set.str[STRING_CERT];
+ data->set.proxy_ssl.cert = data->set.str[STRING_CERT_PROXY];
+- data->set.ssl.cert_type = data->set.str[STRING_CERT_TYPE_ORIG];
++ data->set.ssl.cert_type = data->set.str[STRING_CERT_TYPE];
+ data->set.proxy_ssl.cert_type = data->set.str[STRING_CERT_TYPE_PROXY];
+- data->set.ssl.key = data->set.str[STRING_KEY_ORIG];
++ data->set.ssl.key = data->set.str[STRING_KEY];
+ data->set.proxy_ssl.key = data->set.str[STRING_KEY_PROXY];
+- data->set.ssl.key_type = data->set.str[STRING_KEY_TYPE_ORIG];
++ data->set.ssl.key_type = data->set.str[STRING_KEY_TYPE];
+ data->set.proxy_ssl.key_type = data->set.str[STRING_KEY_TYPE_PROXY];
+- data->set.ssl.key_passwd = data->set.str[STRING_KEY_PASSWD_ORIG];
++ data->set.ssl.key_passwd = data->set.str[STRING_KEY_PASSWD];
+ data->set.proxy_ssl.key_passwd = data->set.str[STRING_KEY_PASSWD_PROXY];
+- data->set.ssl.primary.clientcert = data->set.str[STRING_CERT_ORIG];
++ data->set.ssl.primary.clientcert = data->set.str[STRING_CERT];
+ data->set.proxy_ssl.primary.clientcert = data->set.str[STRING_CERT_PROXY];
+ #ifdef USE_TLS_SRP
+- data->set.ssl.username = data->set.str[STRING_TLSAUTH_USERNAME_ORIG];
++ data->set.ssl.username = data->set.str[STRING_TLSAUTH_USERNAME];
+ data->set.proxy_ssl.username = data->set.str[STRING_TLSAUTH_USERNAME_PROXY];
+- data->set.ssl.password = data->set.str[STRING_TLSAUTH_PASSWORD_ORIG];
++ data->set.ssl.password = data->set.str[STRING_TLSAUTH_PASSWORD];
+ data->set.proxy_ssl.password = data->set.str[STRING_TLSAUTH_PASSWORD_PROXY];
+ #endif
+
+diff --git a/lib/urldata.h b/lib/urldata.h
+index c70290a..1f8f364 100644
+--- a/lib/urldata.h
++++ b/lib/urldata.h
+@@ -1366,9 +1366,9 @@ struct DynamicStatic {
+ struct Curl_multi; /* declared and used only in multi.c */
+
+ enum dupstring {
+- STRING_CERT_ORIG, /* client certificate file name */
++ STRING_CERT, /* client certificate file name */
+ STRING_CERT_PROXY, /* client certificate file name */
+- STRING_CERT_TYPE_ORIG, /* format for certificate (default: PEM)*/
++ STRING_CERT_TYPE, /* format for certificate (default: PEM)*/
+ STRING_CERT_TYPE_PROXY, /* format for certificate (default: PEM)*/
+ STRING_COOKIE, /* HTTP cookie string to send */
+ STRING_COOKIEJAR, /* dump all cookies to this file */
+@@ -1379,11 +1379,11 @@ enum dupstring {
+ STRING_FTP_ACCOUNT, /* ftp account data */
+ STRING_FTP_ALTERNATIVE_TO_USER, /* command to send if USER/PASS fails */
+ STRING_FTPPORT, /* port to send with the FTP PORT command */
+- STRING_KEY_ORIG, /* private key file name */
++ STRING_KEY, /* private key file name */
+ STRING_KEY_PROXY, /* private key file name */
+- STRING_KEY_PASSWD_ORIG, /* plain text private key password */
++ STRING_KEY_PASSWD, /* plain text private key password */
+ STRING_KEY_PASSWD_PROXY, /* plain text private key password */
+- STRING_KEY_TYPE_ORIG, /* format for private key (default: PEM) */
++ STRING_KEY_TYPE, /* format for private key (default: PEM) */
+ STRING_KEY_TYPE_PROXY, /* format for private key (default: PEM) */
+ STRING_KRB_LEVEL, /* krb security level */
+ STRING_NETRC_FILE, /* if not NULL, use this instead of trying to find
+@@ -1393,22 +1393,22 @@ enum dupstring {
+ STRING_SET_RANGE, /* range, if used */
+ STRING_SET_REFERER, /* custom string for the HTTP referer field */
+ STRING_SET_URL, /* what original URL to work on */
+- STRING_SSL_CAPATH_ORIG, /* CA directory name (doesn't work on windows) */
++ STRING_SSL_CAPATH, /* CA directory name (doesn't work on windows) */
+ STRING_SSL_CAPATH_PROXY, /* CA directory name (doesn't work on windows) */
+- STRING_SSL_CAFILE_ORIG, /* certificate file to verify peer against */
++ STRING_SSL_CAFILE, /* certificate file to verify peer against */
+ STRING_SSL_CAFILE_PROXY, /* certificate file to verify peer against */
+- STRING_SSL_PINNEDPUBLICKEY_ORIG, /* public key file to verify peer against */
++ STRING_SSL_PINNEDPUBLICKEY, /* public key file to verify peer against */
+ STRING_SSL_PINNEDPUBLICKEY_PROXY, /* public key file to verify proxy */
+- STRING_SSL_CIPHER_LIST_ORIG, /* list of ciphers to use */
++ STRING_SSL_CIPHER_LIST, /* list of ciphers to use */
+ STRING_SSL_CIPHER_LIST_PROXY, /* list of ciphers to use */
+- STRING_SSL_CIPHER13_LIST_ORIG, /* list of TLS 1.3 ciphers to use */
++ STRING_SSL_CIPHER13_LIST, /* list of TLS 1.3 ciphers to use */
+ STRING_SSL_CIPHER13_LIST_PROXY, /* list of TLS 1.3 ciphers to use */
+ STRING_SSL_EGDSOCKET, /* path to file containing the EGD daemon socket */
+ STRING_SSL_RANDOM_FILE, /* path to file containing "random" data */
+ STRING_USERAGENT, /* User-Agent string */
+- STRING_SSL_CRLFILE_ORIG, /* crl file to check certificate */
++ STRING_SSL_CRLFILE, /* crl file to check certificate */
+ STRING_SSL_CRLFILE_PROXY, /* crl file to check certificate */
+- STRING_SSL_ISSUERCERT_ORIG, /* issuer cert file to check certificate */
++ STRING_SSL_ISSUERCERT, /* issuer cert file to check certificate */
+ STRING_SSL_ISSUERCERT_PROXY, /* issuer cert file to check certificate */
+ STRING_SSL_ENGINE, /* name of ssl engine */
+ STRING_USERNAME, /* <username>, if used */
+@@ -1433,9 +1433,9 @@ enum dupstring {
+ STRING_MAIL_AUTH,
+
+ #ifdef USE_TLS_SRP
+- STRING_TLSAUTH_USERNAME_ORIG, /* TLS auth <username> */
++ STRING_TLSAUTH_USERNAME, /* TLS auth <username> */
+ STRING_TLSAUTH_USERNAME_PROXY, /* TLS auth <username> */
+- STRING_TLSAUTH_PASSWORD_ORIG, /* TLS auth <password> */
++ STRING_TLSAUTH_PASSWORD, /* TLS auth <password> */
+ STRING_TLSAUTH_PASSWORD_PROXY, /* TLS auth <password> */
+ #endif
+ STRING_BEARER, /* <bearer>, if used */
+diff --git a/lib/vtls/cyassl.c b/lib/vtls/cyassl.c
+index e10398a..ffd116d 100644
+--- a/lib/vtls/cyassl.c
++++ b/lib/vtls/cyassl.c
+@@ -474,7 +474,7 @@ cyassl_connect_step2(struct connectdata *conn,
+ conn->http_proxy.host.dispname : conn->host.dispname;
+ const char * const pinnedpubkey = SSL_IS_PROXY() ?
+ data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] :
+- data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG];
++ data->set.str[STRING_SSL_PINNEDPUBLICKEY];
+
+ conn->recv[sockindex] = cyassl_recv;
+ conn->send[sockindex] = cyassl_send;
+diff --git a/lib/vtls/darwinssl.c b/lib/vtls/darwinssl.c
+index 1aea0dc..572e8bf 100644
+--- a/lib/vtls/darwinssl.c
++++ b/lib/vtls/darwinssl.c
+@@ -2449,9 +2449,9 @@ darwinssl_connect_step2(struct connectdata *conn, int sockindex)
+ connssl->connecting_state = ssl_connect_3;
+
+ #ifdef DARWIN_SSL_PINNEDPUBKEY
+- if(data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG]) {
++ if(data->set.str[STRING_SSL_PINNEDPUBLICKEY]) {
+ CURLcode result = pkp_pin_peer_pubkey(data, BACKEND->ssl_ctx,
+- data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG]);
++ data->set.str[STRING_SSL_PINNEDPUBLICKEY]);
+ if(result) {
+ failf(data, "SSL: public key does not match pinned public key!");
+ return result;
+diff --git a/lib/vtls/gskit.c b/lib/vtls/gskit.c
+index a0b4960..b4c7b8a 100644
+--- a/lib/vtls/gskit.c
++++ b/lib/vtls/gskit.c
+@@ -1136,7 +1136,7 @@ static CURLcode gskit_connect_step3(struct connectdata *conn, int sockindex)
+
+ /* Check pinned public key. */
+ ptr = SSL_IS_PROXY() ? data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] :
+- data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG];
++ data->set.str[STRING_SSL_PINNEDPUBLICKEY];
+ if(!result && ptr) {
+ curl_X509certificate x509;
+ curl_asn1Element *p;
+diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
+index 207b0fd..c5eb948 100644
+--- a/lib/vtls/gtls.c
++++ b/lib/vtls/gtls.c
+@@ -1329,7 +1329,7 @@ gtls_connect_step3(struct connectdata *conn,
+ }
+
+ ptr = SSL_IS_PROXY() ? data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] :
+- data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG];
++ data->set.str[STRING_SSL_PINNEDPUBLICKEY];
+ if(ptr) {
+ result = pkp_pin_peer_pubkey(data, x509_cert, ptr);
+ if(result != CURLE_OK) {
+diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c
+index d7759dc..48010ae 100644
+--- a/lib/vtls/mbedtls.c
++++ b/lib/vtls/mbedtls.c
+@@ -540,7 +540,7 @@ mbed_connect_step2(struct connectdata *conn,
+ const mbedtls_x509_crt *peercert;
+ const char * const pinnedpubkey = SSL_IS_PROXY() ?
+ data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] :
+- data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG];
++ data->set.str[STRING_SSL_PINNEDPUBLICKEY];
+
+ #ifdef HAS_ALPN
+ const char *next_protocol;
+diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
+index 89f8183..366bf9e 100644
+--- a/lib/vtls/nss.c
++++ b/lib/vtls/nss.c
+@@ -2067,7 +2067,7 @@ static CURLcode nss_do_connect(struct connectdata *conn, int sockindex)
+ &data->set.proxy_ssl.certverifyresult : &data->set.ssl.certverifyresult;
+ const char * const pinnedpubkey = SSL_IS_PROXY() ?
+ data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] :
+- data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG];
++ data->set.str[STRING_SSL_PINNEDPUBLICKEY];
+
+
+ /* check timeout situation */
+diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
+index 35cd652..8c97c1d 100644
+--- a/lib/vtls/openssl.c
++++ b/lib/vtls/openssl.c
+@@ -3388,7 +3388,7 @@ static CURLcode servercert(struct connectdata *conn,
+ result = CURLE_OK;
+
+ ptr = SSL_IS_PROXY() ? data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] :
+- data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG];
++ data->set.str[STRING_SSL_PINNEDPUBLICKEY];
+ if(!result && ptr) {
+ result = pkp_pin_peer_pubkey(data, BACKEND->server_cert, ptr);
+ if(result)
+diff --git a/lib/vtls/polarssl.c b/lib/vtls/polarssl.c
+index 604cb4c..f284ad1 100644
+--- a/lib/vtls/polarssl.c
++++ b/lib/vtls/polarssl.c
+@@ -459,7 +459,7 @@ polarssl_connect_step2(struct connectdata *conn,
+ char buffer[1024];
+ const char * const pinnedpubkey = SSL_IS_PROXY() ?
+ data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] :
+- data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG];
++ data->set.str[STRING_SSL_PINNEDPUBLICKEY];
+
+
+ char errorbuf[128];
+diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c
+index 8f6c301..95c060b 100644
+--- a/lib/vtls/schannel.c
++++ b/lib/vtls/schannel.c
+@@ -1060,7 +1060,7 @@ schannel_connect_step2(struct connectdata *conn, int sockindex)
+
+ pubkey_ptr = SSL_IS_PROXY() ?
+ data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] :
+- data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG];
++ data->set.str[STRING_SSL_PINNEDPUBLICKEY];
+ if(pubkey_ptr) {
+ result = pkp_pin_peer_pubkey(conn, sockindex, pubkey_ptr);
+ if(result) {
+--
+2.31.1
+
+
+From 040fa4f60f9b809972d51184dfa4980ba44d8b6b Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Sat, 19 Jun 2021 00:42:28 +0200
+Subject: [PATCH 2/2] vtls: fix connection reuse checks for issuer cert and
+ case sensitivity
+
+CVE-2021-22924
+
+Reported-by: Harry Sintonen
+Bug: https://curl.se/docs/CVE-2021-22924.html
+
+Upstream-commit: 5ea3145850ebff1dc2b13d17440300a01ca38161
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/url.c | 5 +++--
+ lib/urldata.h | 2 +-
+ lib/vtls/gtls.c | 10 +++++-----
+ lib/vtls/nss.c | 4 ++--
+ lib/vtls/openssl.c | 12 ++++++------
+ lib/vtls/vtls.c | 21 ++++++++++++++++-----
+ 6 files changed, 33 insertions(+), 21 deletions(-)
+
+diff --git a/lib/url.c b/lib/url.c
+index a6bc012..4803653 100644
+--- a/lib/url.c
++++ b/lib/url.c
+@@ -4337,6 +4337,9 @@ static CURLcode create_conn(struct Curl_easy *data,
+ data->set.proxy_ssl.primary.CApath = data->set.str[STRING_SSL_CAPATH_PROXY];
+ data->set.ssl.primary.CAfile = data->set.str[STRING_SSL_CAFILE];
+ data->set.proxy_ssl.primary.CAfile = data->set.str[STRING_SSL_CAFILE_PROXY];
++ data->set.ssl.primary.issuercert = data->set.str[STRING_SSL_ISSUERCERT];
++ data->set.proxy_ssl.primary.issuercert =
++ data->set.str[STRING_SSL_ISSUERCERT_PROXY];
+ data->set.ssl.primary.random_file = data->set.str[STRING_SSL_RANDOM_FILE];
+ data->set.proxy_ssl.primary.random_file =
+ data->set.str[STRING_SSL_RANDOM_FILE];
+@@ -4353,8 +4356,6 @@ static CURLcode create_conn(struct Curl_easy *data,
+
+ data->set.ssl.CRLfile = data->set.str[STRING_SSL_CRLFILE];
+ data->set.proxy_ssl.CRLfile = data->set.str[STRING_SSL_CRLFILE_PROXY];
+- data->set.ssl.issuercert = data->set.str[STRING_SSL_ISSUERCERT];
+- data->set.proxy_ssl.issuercert = data->set.str[STRING_SSL_ISSUERCERT_PROXY];
+ data->set.ssl.cert = data->set.str[STRING_CERT];
+ data->set.proxy_ssl.cert = data->set.str[STRING_CERT_PROXY];
+ data->set.ssl.cert_type = data->set.str[STRING_CERT_TYPE];
+diff --git a/lib/urldata.h b/lib/urldata.h
+index 1f8f364..72a36fb 100644
+--- a/lib/urldata.h
++++ b/lib/urldata.h
+@@ -223,6 +223,7 @@ struct ssl_primary_config {
+ bool sessionid; /* cache session IDs or not */
+ char *CApath; /* certificate dir (doesn't work on windows) */
+ char *CAfile; /* certificate to verify peer against */
++ char *issuercert; /* optional issuer certificate filename */
+ char *clientcert;
+ char *random_file; /* path to file containing "random" data */
+ char *egdsocket; /* path to file containing the EGD daemon socket */
+@@ -238,7 +239,6 @@ struct ssl_config_data {
+ bool no_partialchain; /* don't accept partial certificate chains */
+ long certverifyresult; /* result from the certificate verification */
+ char *CRLfile; /* CRL to check certificate revocation */
+- char *issuercert;/* optional issuer certificate filename */
+ curl_ssl_ctx_callback fsslctx; /* function to initialize ssl ctx */
+ void *fsslctxp; /* parameter for call back */
+ bool certinfo; /* gather lots of certificate info */
+diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
+index c5eb948..0cb59c8 100644
+--- a/lib/vtls/gtls.c
++++ b/lib/vtls/gtls.c
+@@ -1002,7 +1002,7 @@ gtls_connect_step3(struct connectdata *conn,
+ if(!chainp) {
+ if(SSL_CONN_CONFIG(verifypeer) ||
+ SSL_CONN_CONFIG(verifyhost) ||
+- SSL_SET_OPTION(issuercert)) {
++ SSL_CONN_CONFIG(issuercert)) {
+ #ifdef USE_TLS_SRP
+ if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP
+ && SSL_SET_OPTION(username) != NULL
+@@ -1184,21 +1184,21 @@ gtls_connect_step3(struct connectdata *conn,
+ gnutls_x509_crt_t format */
+ gnutls_x509_crt_import(x509_cert, chainp, GNUTLS_X509_FMT_DER);
+
+- if(SSL_SET_OPTION(issuercert)) {
++ if(SSL_CONN_CONFIG(issuercert)) {
+ gnutls_x509_crt_init(&x509_issuer);
+- issuerp = load_file(SSL_SET_OPTION(issuercert));
++ issuerp = load_file(SSL_CONN_CONFIG(issuercert));
+ gnutls_x509_crt_import(x509_issuer, &issuerp, GNUTLS_X509_FMT_PEM);
+ rc = gnutls_x509_crt_check_issuer(x509_cert, x509_issuer);
+ gnutls_x509_crt_deinit(x509_issuer);
+ unload_file(issuerp);
+ if(rc <= 0) {
+ failf(data, "server certificate issuer check failed (IssuerCert: %s)",
+- SSL_SET_OPTION(issuercert)?SSL_SET_OPTION(issuercert):"none");
++ SSL_CONN_CONFIG(issuercert)?SSL_CONN_CONFIG(issuercert):"none");
+ gnutls_x509_crt_deinit(x509_cert);
+ return CURLE_SSL_ISSUER_ERROR;
+ }
+ infof(data, "\t server certificate issuer check OK (Issuer Cert: %s)\n",
+- SSL_SET_OPTION(issuercert)?SSL_SET_OPTION(issuercert):"none");
++ SSL_CONN_CONFIG(issuercert)?SSL_CONN_CONFIG(issuercert):"none");
+ }
+
+ size = sizeof(certbuf);
+diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
+index 366bf9e..2d9581d 100644
+--- a/lib/vtls/nss.c
++++ b/lib/vtls/nss.c
+@@ -2095,9 +2095,9 @@ static CURLcode nss_do_connect(struct connectdata *conn, int sockindex)
+ if(result)
+ goto error;
+
+- if(SSL_SET_OPTION(issuercert)) {
++ if(SSL_CONN_CONFIG(issuercert)) {
+ SECStatus ret = SECFailure;
+- char *nickname = dup_nickname(data, SSL_SET_OPTION(issuercert));
++ char *nickname = dup_nickname(data, SSL_CONN_CONFIG(issuercert));
+ if(nickname) {
+ /* we support only nicknames in case of issuercert for now */
+ ret = check_issuer_cert(BACKEND->handle, nickname);
+diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
+index 8c97c1d..28eaa6d 100644
+--- a/lib/vtls/openssl.c
++++ b/lib/vtls/openssl.c
+@@ -3311,11 +3311,11 @@ static CURLcode servercert(struct connectdata *conn,
+ deallocating the certificate. */
+
+ /* e.g. match issuer name with provided issuer certificate */
+- if(SSL_SET_OPTION(issuercert)) {
+- if(BIO_read_filename(fp, SSL_SET_OPTION(issuercert)) <= 0) {
++ if(SSL_CONN_CONFIG(issuercert)) {
++ if(BIO_read_filename(fp, SSL_CONN_CONFIG(issuercert)) <= 0) {
+ if(strict)
+ failf(data, "SSL: Unable to open issuer cert (%s)",
+- SSL_SET_OPTION(issuercert));
++ SSL_CONN_CONFIG(issuercert));
+ BIO_free(fp);
+ X509_free(BACKEND->server_cert);
+ BACKEND->server_cert = NULL;
+@@ -3326,7 +3326,7 @@ static CURLcode servercert(struct connectdata *conn,
+ if(!issuer) {
+ if(strict)
+ failf(data, "SSL: Unable to read issuer cert (%s)",
+- SSL_SET_OPTION(issuercert));
++ SSL_CONN_CONFIG(issuercert));
+ BIO_free(fp);
+ X509_free(issuer);
+ X509_free(BACKEND->server_cert);
+@@ -3337,7 +3337,7 @@ static CURLcode servercert(struct connectdata *conn,
+ if(X509_check_issued(issuer, BACKEND->server_cert) != X509_V_OK) {
+ if(strict)
+ failf(data, "SSL: Certificate issuer check failed (%s)",
+- SSL_SET_OPTION(issuercert));
++ SSL_CONN_CONFIG(issuercert));
+ BIO_free(fp);
+ X509_free(issuer);
+ X509_free(BACKEND->server_cert);
+@@ -3346,7 +3346,7 @@ static CURLcode servercert(struct connectdata *conn,
+ }
+
+ infof(data, " SSL certificate issuer check ok (%s)\n",
+- SSL_SET_OPTION(issuercert));
++ SSL_CONN_CONFIG(issuercert));
+ X509_free(issuer);
+ }
+
+diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c
+index b61c640..18672a5 100644
+--- a/lib/vtls/vtls.c
++++ b/lib/vtls/vtls.c
+@@ -82,6 +82,15 @@
+ else \
+ dest->var = NULL;
+
++static bool safecmp(char *a, char *b)
++{
++ if(a && b)
++ return !strcmp(a, b);
++ else if(!a && !b)
++ return TRUE; /* match */
++ return FALSE; /* no match */
++}
++
+ bool
+ Curl_ssl_config_matches(struct ssl_primary_config* data,
+ struct ssl_primary_config* needle)
+@@ -91,11 +100,11 @@ Curl_ssl_config_matches(struct ssl_primary_config* data,
+ (data->verifypeer == needle->verifypeer) &&
+ (data->verifyhost == needle->verifyhost) &&
+ (data->verifystatus == needle->verifystatus) &&
+- Curl_safe_strcasecompare(data->CApath, needle->CApath) &&
+- Curl_safe_strcasecompare(data->CAfile, needle->CAfile) &&
+- Curl_safe_strcasecompare(data->clientcert, needle->clientcert) &&
+- Curl_safe_strcasecompare(data->random_file, needle->random_file) &&
+- Curl_safe_strcasecompare(data->egdsocket, needle->egdsocket) &&
++ safecmp(data->CApath, needle->CApath) &&
++ safecmp(data->CAfile, needle->CAfile) &&
++ safecmp(data->clientcert, needle->clientcert) &&
++ safecmp(data->random_file, needle->random_file) &&
++ safecmp(data->egdsocket, needle->egdsocket) &&
+ Curl_safe_strcasecompare(data->cipher_list, needle->cipher_list) &&
+ Curl_safe_strcasecompare(data->cipher_list13, needle->cipher_list13))
+ return TRUE;
+@@ -116,6 +125,7 @@ Curl_clone_primary_ssl_config(struct ssl_primary_config *source,
+
+ CLONE_STRING(CApath);
+ CLONE_STRING(CAfile);
++ CLONE_STRING(issuercert);
+ CLONE_STRING(clientcert);
+ CLONE_STRING(random_file);
+ CLONE_STRING(egdsocket);
+@@ -129,6 +139,7 @@ void Curl_free_primary_ssl_config(struct ssl_primary_config* sslc)
+ {
+ Curl_safefree(sslc->CApath);
+ Curl_safefree(sslc->CAfile);
++ Curl_safefree(sslc->issuercert);
+ Curl_safefree(sslc->clientcert);
+ Curl_safefree(sslc->random_file);
+ Curl_safefree(sslc->egdsocket);
+--
+2.31.1
+
diff --git a/SOURCES/0032-curl-7.61.1-CVE-2021-22898.patch b/SOURCES/0032-curl-7.61.1-CVE-2021-22898.patch
new file mode 100644
index 0000000..42e1ccd
--- /dev/null
+++ b/SOURCES/0032-curl-7.61.1-CVE-2021-22898.patch
@@ -0,0 +1,31 @@
+From ae2dc830fb37e9243dbdaf8b92e41df91f43b3f2 Mon Sep 17 00:00:00 2001
+From: Harry Sintonen <sintonen@iki.fi>
+Date: Fri, 7 May 2021 13:09:57 +0200
+Subject: [PATCH] telnet: check sscanf() for correct number of matches
+
+CVE-2021-22898
+
+Bug: https://curl.se/docs/CVE-2021-22898.html
+
+Upstream-commit: 39ce47f219b09c380b81f89fe54ac586c8db6bde
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/telnet.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/telnet.c b/lib/telnet.c
+index 1fc5af1..ea6bc71 100644
+--- a/lib/telnet.c
++++ b/lib/telnet.c
+@@ -967,7 +967,7 @@ static void suboption(struct connectdata *conn)
+ size_t tmplen = (strlen(v->data) + 1);
+ /* Add the variable only if it fits */
+ if(len + tmplen < (int)sizeof(temp)-6) {
+- if(sscanf(v->data, "%127[^,],%127s", varname, varval)) {
++ if(sscanf(v->data, "%127[^,],%127s", varname, varval) == 2) {
+ snprintf((char *)&temp[len], sizeof(temp) - len,
+ "%c%s%c%s", CURL_NEW_ENV_VAR, varname,
+ CURL_NEW_ENV_VALUE, varval);
+--
+2.31.1
+
diff --git a/SOURCES/0033-curl-7.61.1-CVE-2021-22925.patch b/SOURCES/0033-curl-7.61.1-CVE-2021-22925.patch
new file mode 100644
index 0000000..391abbd
--- /dev/null
+++ b/SOURCES/0033-curl-7.61.1-CVE-2021-22925.patch
@@ -0,0 +1,47 @@
+From 2fbbf282e42ae476459f7efe68a88dcb63dcc43b Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Sat, 12 Jun 2021 18:25:15 +0200
+Subject: [PATCH] telnet: fix option parser to not send uninitialized contents
+
+CVE-2021-22925
+
+Reported-by: Red Hat Product Security
+Bug: https://curl.se/docs/CVE-2021-22925.html
+
+Upstream-commit: 894f6ec730597eb243618d33cc84d71add8d6a8a
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/telnet.c | 17 +++++++++++------
+ 1 file changed, 11 insertions(+), 6 deletions(-)
+
+diff --git a/lib/telnet.c b/lib/telnet.c
+index ea6bc71..f8428b8 100644
+--- a/lib/telnet.c
++++ b/lib/telnet.c
+@@ -967,12 +967,17 @@ static void suboption(struct connectdata *conn)
+ size_t tmplen = (strlen(v->data) + 1);
+ /* Add the variable only if it fits */
+ if(len + tmplen < (int)sizeof(temp)-6) {
+- if(sscanf(v->data, "%127[^,],%127s", varname, varval) == 2) {
+- snprintf((char *)&temp[len], sizeof(temp) - len,
+- "%c%s%c%s", CURL_NEW_ENV_VAR, varname,
+- CURL_NEW_ENV_VALUE, varval);
+- len += tmplen;
+- }
++ int rv;
++ char sep[2] = "";
++ varval[0] = 0;
++ rv = sscanf(v->data, "%127[^,]%1[,]%127s", varname, sep, varval);
++ if(rv == 1)
++ len += snprintf((char *)&temp[len], sizeof(temp) - len,
++ "%c%s", CURL_NEW_ENV_VAR, varname);
++ else if(rv >= 2)
++ len += snprintf((char *)&temp[len], sizeof(temp) - len,
++ "%c%s%c%s", CURL_NEW_ENV_VAR, varname,
++ CURL_NEW_ENV_VALUE, varval);
+ }
+ }
+ snprintf((char *)&temp[len], sizeof(temp) - len,
+--
+2.31.1
+
diff --git a/SPECS/curl.spec b/SPECS/curl.spec
index 8f28ad1..be2443a 100644
--- a/SPECS/curl.spec
+++ b/SPECS/curl.spec
@@ -1,7 +1,7 @@
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
Name: curl
Version: 7.61.1
-Release: 18%{?dist}
+Release: 21%{?dist}
License: MIT
Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz
@@ -79,6 +79,21 @@ Patch27: 0027-curl-7.61.1-CVE-2020-8286.patch
# http: send payload when (proxy) authentication is done (#1918692)
Patch28: 0028-curl-7.61.1-http-auth-payload.patch
+# prevent automatic referer from leaking credentials (CVE-2021-22876)
+Patch29: 0029-curl-7.61.1-CVE-2021-22876.patch
+
+# make `curl --head file://` work as expected (#1947493)
+Patch30: 0030-curl-7.61.1-file-head.patch
+
+# fix bad connection reuse due to flawed path name checks (CVE-2021-22924)
+Patch31: 0031-curl-7.61.1-CVE-2021-22924.patch
+
+# fix TELNET stack contents disclosure (CVE-2021-22898)
+Patch32: 0032-curl-7.61.1-CVE-2021-22898.patch
+
+# fix TELNET stack contents disclosure again (CVE-2021-22925)
+Patch33: 0033-curl-7.61.1-CVE-2021-22925.patch
+
# patch making libcurl multilib ready
Patch101: 0101-curl-7.32.0-multilib.patch
@@ -104,7 +119,6 @@ BuildRequires: gcc
BuildRequires: groff
BuildRequires: krb5-devel
BuildRequires: libidn2-devel
-BuildRequires: libmetalink-devel
BuildRequires: libnghttp2-devel
BuildRequires: libpsl-devel
BuildRequires: libssh-devel
@@ -278,6 +292,11 @@ sed -e 's|%%HTTPPORT|%{?__isa_bits}90|g' -i tests/data/test1448
%patch26 -p1
%patch27 -p1
%patch28 -p1
+%patch29 -p1
+%patch30 -p1
+%patch31 -p1
+%patch32 -p1
+%patch33 -p1
# make tests/*.py use Python 3
sed -e '1 s|^#!/.*python|#!%{__python3}|' -i tests/*.py
@@ -314,6 +333,7 @@ export common_configure_opts=" \
--enable-symbol-hiding \
--enable-ipv6 \
--enable-threaded-resolver \
+ --without-libmetalink \
--with-gssapi \
--with-nghttp2 \
--with-ssl --with-ca-bundle=%{_sysconfdir}/pki/tls/certs/ca-bundle.crt"
@@ -329,7 +349,6 @@ export common_configure_opts=" \
--disable-manual \
--without-brotli \
--without-libidn2 \
- --without-libmetalink \
--without-libpsl \
--without-libssh
)
@@ -343,7 +362,6 @@ export common_configure_opts=" \
--enable-manual \
--with-brotli \
--with-libidn2 \
- --with-libmetalink \
--with-libpsl \
--with-libssh
)
@@ -441,6 +459,21 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
%changelog
+* Thu Aug 05 2021 Kamil Dudka <kdudka@redhat.com> - 7.61.1-21
+- fix TELNET stack contents disclosure again (CVE-2021-22925)
+- fix TELNET stack contents disclosure (CVE-2021-22898)
+- fix bad connection reuse due to flawed path name checks (CVE-2021-22924)
+- disable metalink support to fix the following vulnerabilities
+ CVE-2021-22923 - metalink download sends credentials
+ CVE-2021-22922 - wrong content via metalink not discarded
+
+* Fri Apr 23 2021 Kamil Dudka <kdudka@redhat.com> - 7.61.1-20
+- fix a cppcheck's false positive in 0029-curl-7.61.1-CVE-2021-22876.patch
+
+* Fri Apr 23 2021 Kamil Dudka <kdudka@redhat.com> - 7.61.1-19
+- make `curl --head file://` work as expected (#1947493)
+- prevent automatic referer from leaking credentials (CVE-2021-22876)
+
* Thu Jan 28 2021 Kamil Dudka <kdudka@redhat.com> - 7.61.1-18
- http: send payload when (proxy) authentication is done (#1918692)
- curl: Inferior OCSP verification (CVE-2020-8286)