enable test

(cherry picked from commit a6541b26e510bc2d966c031d3808ed8a0e851c13)

backport-CVE-2021-22876.patch

@@ -9,12 +9,12 @@ Added test 2081 to verify.
 CVE-2021-22876
 
 Bug: https://curl.se/docs/CVE-2021-22876.html
+
+Conflict: remove tests/data/Makefile.inc tests/data/test2081
+Reference: https://github.com/curl/curl/commit/7214288898f5625a6cc196e22a74232eada7861c
 ---
  lib/transfer.c          | 25 ++++++++++++++--
- tests/data/Makefile.inc |  2 +-
- tests/data/test2081     | 66 +++++++++++++++++++++++++++++++++++++++++
- 3 files changed, 90 insertions(+), 3 deletions(-)
- create mode 100644 tests/data/test2081
+ 1 files changed, 23 insertions(+), 3 deletions(-)
 
 diff --git a/lib/transfer.c b/lib/transfer.c
 index 1976bc033..a68c021c8 100644
@@ -60,91 +60,5 @@ index 1976bc033..a68c021c8 100644
          data->change.referer_alloc = TRUE; /* yes, free this later */
        }
      }
-diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
-index 2c7a0ca89..ea52683d2 100644
---- a/tests/data/Makefile.inc
-+++ b/tests/data/Makefile.inc
-@@ -221,7 +221,7 @@ test2064 test2065 test2066 test2067 test2068 test2069 \
- test2064 test2065 test2066 test2067 test2068 test2069 test2070 \
-          test2071 test2072 test2073 test2074 test2075 test2076 test2077 \
- test2078 \
--test2080 \
-+test2080 test2081 \
- test2100 \
- \
- test3000 test3001 \
-diff --git a/tests/data/test2081 b/tests/data/test2081
-new file mode 100644
-index 000000000..a6733e737
---- /dev/null
-+++ b/tests/data/test2081
-@@ -0,0 +1,66 @@
-+<testcase>
-+<info>
-+<keywords>
-+HTTP
-+HTTP GET
-+referer
-+followlocation
-+--write-out
-+</keywords>
-+</info>
-+
-+# Server-side
-+<reply>
-+<data nocheck="yes">
-+HTTP/1.1 301 This is a weirdo text message swsclose
-+Location: data/%TESTNUMBER0002.txt?coolsite=yes
-+Content-Length: 62
-+Connection: close
-+
-+This server reply is for testing a simple Location: following
-+</data>
-+</reply>
-+
-+# Client-side
-+<client>
-+<server>
-+http
-+</server>
-+ <name>
-+Automatic referrer credential and anchor stripping check
-+ </name>
-+ <command>
-+http://user:pass@%HOSTIP:%HTTPPORT/we/want/our/%TESTNUMBER#anchor --location --referer ';auto' --write-out '%{referer}\n'
-+</command>
-+</client>
-+
-+# Verify data after the test has been "shot"
-+<verify>
-+<errorcode>
-+52
-+</errorcode>
-+<protocol>
-+GET /we/want/our/%TESTNUMBER HTTP/1.1
-+Host: %HOSTIP:%HTTPPORT
-+Authorization: Basic dXNlcjpwYXNz
-+User-Agent: curl/%VERSION
-+Accept: */*
-+
-+GET /we/want/our/data/%TESTNUMBER0002.txt?coolsite=yes HTTP/1.1
-+Host: %HOSTIP:%HTTPPORT
-+Authorization: Basic dXNlcjpwYXNz
-+User-Agent: curl/%VERSION
-+Accept: */*
-+Referer: http://%HOSTIP:%HTTPPORT/we/want/our/%TESTNUMBER
-+
-+</protocol>
-+<stdout>
-+HTTP/1.1 301 This is a weirdo text message swsclose
-+Location: data/%TESTNUMBER0002.txt?coolsite=yes
-+Content-Length: 62
-+Connection: close
-+
-+http://%HOSTIP:%HTTPPORT/we/want/our/%TESTNUMBER
-+</stdout>
-+</verify>
-+</testcase>
 -- 
-2.23.0
-
+2.23.0

backport-CVE-2023-23916.patch

@@ -1,229 +1,55 @@
-From 119fb187192a9ea13dc90d9d20c215fc82799ab9 Mon Sep 17 00:00:00 2001
-From: Patrick Monnerat <patrick@monnerat.net>
-Date: Mon, 13 Feb 2023 08:33:09 +0100
-Subject: [PATCH] content_encoding: do not reset stage counter for each header
-
-Test 418 verifies
-
-Closes #10492
-
-Conflict: remove tests/data/test387
-Reference: https://github.com/curl/curl/commit/119fb187192a9ea13dc
----
- lib/content_encoding.c  |   7 +-
- lib/urldata.h           |   1 +
- tests/data/Makefile.inc |   2 +-
- tests/data/test418      | 152 ++++++++++++++++++++++++++++++++++++++++
- 4 files changed, 157 insertions(+), 5 deletions(-)
- create mode 100644 tests/data/test418
-
-diff --git a/lib/content_encoding.c b/lib/content_encoding.c
-index 4a20142..3633791 100644
---- a/lib/content_encoding.c
-+++ b/lib/content_encoding.c
-@@ -945,7 +945,6 @@ CURLcode Curl_build_unencoding_stack(struct connectdata *conn,
- {
-   struct Curl_easy *data = conn->data;
-   struct SingleRequest *k = &data->req;
--  int counter = 0;
- 
-   do {
-     const char *name;
-@@ -980,9 +979,9 @@ CURLcode Curl_build_unencoding_stack(struct connectdata *conn,
-       if(!encoding)
-         encoding = &error_encoding;  /* Defer error at stack use. */
- 
--      if(++counter >= MAX_ENCODE_STACK) {
--        failf(data, "Reject response due to %u content encodings",
--              counter);
-+      if(k->writer_stack_depth++ >= MAX_ENCODE_STACK) {
-+        failf(data, "Reject response due to more than %u content encodings",
-+              MAX_ENCODE_STACK);
-         return CURLE_BAD_CONTENT_ENCODING;
-       }
-       /* Stack the unencoding stage. */
-diff --git a/lib/urldata.h b/lib/urldata.h
-index dc77061..27ee1b5 100644
---- a/lib/urldata.h
-+++ b/lib/urldata.h
-@@ -653,6 +653,7 @@ struct SingleRequest {
-   struct dohdata doh; /* DoH specific data for this request */
- #endif
-   unsigned char setcookies;
-+  unsigned char writer_stack_depth; /* Unencoding stack depth. */
-   BIT(header);       /* incoming data has HTTP header */
-   BIT(content_range); /* set TRUE if Content-Range: was found */
-   BIT(upload_done);  /* set to TRUE when doing chunked transfer-encoding
-diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
-index f57f45e..5b943ab 100644
---- a/tests/data/Makefile.inc
-+++ b/tests/data/Makefile.inc
-@@ -65,7 +65,7 @@ test393 test394 test395 \
- \
- test400 test401 test402 test403 test404 test405 test406 test407 test408 \
- test409 \
--\
-+test418 \
- test430 test431 test432 \
- \
- test490 test491 test492 \
-diff --git a/tests/data/test418 b/tests/data/test418
-new file mode 100644
-index 0000000..50e974e
---- /dev/null
-+++ b/tests/data/test418
-@@ -0,0 +1,152 @@
-+<testcase>
-+<info>
-+<keywords>
-+HTTP
-+gzip
-+</keywords>
-+</info>
-+
-+#
-+# Server-side
-+<reply>
-+<data nocheck="yes">
-+HTTP/1.1 200 OK
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+
-+-foo-
-+</data>
-+</reply>
-+
-+#
-+# Client-side
-+<client>
-+<server>
-+http
-+</server>
-+ <name>
-+Response with multiple Transfer-Encoding headers
-+ </name>
-+ <command>
-+http://%HOSTIP:%HTTPPORT/%TESTNUMBER -sS
-+</command>
-+</client>
-+
-+#
-+# Verify data after the test has been "shot"
-+<verify>
-+<protocol crlf="yes">
-+GET /%TESTNUMBER HTTP/1.1
-+Host: %HOSTIP:%HTTPPORT
-+User-Agent: curl/%VERSION
-+Accept: */*
-+
-+</protocol>
-+
-+# CURLE_BAD_CONTENT_ENCODING is 61
-+<errorcode>
-+61
-+</errorcode>
-+<stderr mode="text">
-+curl: (61) Reject response due to more than 5 content encodings
-+</stderr>
-+</verify>
-+</testcase>
--- 
-2.27.0
+From 119fb187192a9ea13dc90d9d20c215fc82799ab9 Mon Sep 17 00:00:00 2001
+From: Patrick Monnerat <patrick@monnerat.net>
+Date: Mon, 13 Feb 2023 08:33:09 +0100
+Subject: [PATCH] content_encoding: do not reset stage counter for each header
+
+Test 418 verifies
+
+Closes #10492
+
+Conflict: remove tests/data/test387 tests/data/test418 tests/data/Makefile.inc
+Reference: https://github.com/curl/curl/commit/119fb187192a9ea13dc
+---
+ lib/content_encoding.c  |   7 +-
+ lib/urldata.h           |   1 +
+ 2 files changed, 7 insertions(+), 1 deletions(-)
+
+diff --git a/lib/content_encoding.c b/lib/content_encoding.c
+index 4a20142..3633791 100644
+--- a/lib/content_encoding.c
++++ b/lib/content_encoding.c
+@@ -945,7 +945,6 @@ CURLcode Curl_build_unencoding_stack(struct connectdata *conn,
+ {
+   struct Curl_easy *data = conn->data;
+   struct SingleRequest *k = &data->req;
+-  int counter = 0;
+ 
+   do {
+     const char *name;
+@@ -980,9 +979,9 @@ CURLcode Curl_build_unencoding_stack(struct connectdata *conn,
+       if(!encoding)
+         encoding = &error_encoding;  /* Defer error at stack use. */
+ 
+-      if(++counter >= MAX_ENCODE_STACK) {
+-        failf(data, "Reject response due to %u content encodings",
+-              counter);
++      if(k->writer_stack_depth++ >= MAX_ENCODE_STACK) {
++        failf(data, "Reject response due to more than %u content encodings",
++              MAX_ENCODE_STACK);
+         return CURLE_BAD_CONTENT_ENCODING;
+       }
+       /* Stack the unencoding stage. */
+diff --git a/lib/urldata.h b/lib/urldata.h
+index dc77061..27ee1b5 100644
+--- a/lib/urldata.h
++++ b/lib/urldata.h
+@@ -653,6 +653,7 @@ struct SingleRequest {
+   struct dohdata doh; /* DoH specific data for this request */
+ #endif
+   unsigned char setcookies;
++  unsigned char writer_stack_depth; /* Unencoding stack depth. */
+   BIT(header);       /* incoming data has HTTP header */
+   BIT(content_range); /* set TRUE if Content-Range: was found */
+   BIT(upload_done);  /* set to TRUE when doing chunked transfer-encoding
+-- 
+2.27.0

backport-fix-test973-test974-test975-test976.patch

@@ -0,0 +1,50 @@
+From 6d2b603c9f0d7b97f235b4b9930f3192c8b809a0 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Wed, 8 Mar 2023 16:23:04 +0800
+Subject: [PATCH] fix test973 test974 test975 test976
+
+e6b21d runtests: provide curl's version string as %VERSION for tests
+f60f51 runtests: init $VERSION to avoid warnings when using -l
+
+merge f60f51721c656a96afa5ba9b6a5913a705f6bc60 and e6b21d422e631a7c0cc81abf956af179b3b4c5e8
+
+Conflict: remove all files in the tests/data directory, remove tests/FILEFORMAT.md
+Reference: https://github.com/curl/curl/commit/f60f51721c656a96afa5ba9b6a5913a705f6bc60
+https://github.com/curl/curl/commit/e6b21d422e631a7c0cc81abf956af179b3b4c5e8
+---
+ tests/runtests.pl | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/tests/runtests.pl b/tests/runtests.pl
+index 0743d49..94f265a 100755
+--- a/tests/runtests.pl
++++ b/tests/runtests.pl
+@@ -166,6 +166,7 @@ my $NEGTELNETPORT=$noport; # TELNET server port with negotiation
+ my $HTTPUNIXPATH;        # HTTP server Unix domain socket path
+
+ my $SSHSRVMD5 = "[uninitialized]"; # MD5 of ssh server public key
++my $VERSION="";          # curl's reported version number
+
+ my $srcdir = $ENV{'srcdir'} || '.';
+ my $CURL="../src/curl".exe_ext('TOOL'); # what curl executable to run on the tests
+@@ -2897,8 +2898,9 @@ sub checksystem {
+     for(@version) {
+         chomp;
+
+-        if($_ =~ /^curl/) {
++       if($_ =~ /^curl ([^ ]*)/) {
+             $curl = $_;
++           $VERSION = $1;
+             $curl =~ s/^(.*)(libcurl.*)/$1/g;
+
+             $libcurl = $2;
+@@ -3302,6 +3304,7 @@ sub subVariables {
+     $$thing =~ s/${prefix}CURL/$CURL/g;
+     $$thing =~ s/${prefix}PWD/$pwd/g;
+     $$thing =~ s/${prefix}POSIX_PWD/$posix_pwd/g;
++    $$thing =~ s/${prefix}VERSION/$VERSION/g;
+
+     my $file_pwd = $pwd;
+     if($file_pwd !~ /^\//) {
+--
+2.27.0

curl.spec

@@ -6,7 +6,7 @@
 
 Name:           curl
 Version:        7.71.1
-Release:        21
+Release:        22
 Summary:        Curl is used in command lines or scripts to transfer data
 License:        MIT
 URL:            https://curl.haxx.se/
@@ -51,6 +51,7 @@ Patch137:       backport-CVE-2022-35252-cookie-reject-cookies-with-control-bytes
 Patch138:       backport-CVE-2022-32221.patch
 Patch139:       backport-CVE-2022-43552-smb-telnet-do-not-free-the-protocol-struct-in-_done.patch
 Patch140:       backport-CVE-2023-23916.patch
+Patch141:       backport-fix-test973-test974-test975-test976.patch
 
 BuildRequires:  automake brotli-devel coreutils gcc groff krb5-devel
 BuildRequires:  libidn2-devel libnghttp2-devel libpsl-devel
@@ -61,9 +62,6 @@ BuildRequires:  perl(Getopt::Long) perl(Pod::Usage) perl(strict) perl(warnings)
 BuildRequires:  perl(Cwd) perl(Digest::MD5) perl(Exporter) perl(File::Basename)
 BuildRequires:  perl(File::Copy) perl(File::Spec) perl(IPC::Open2) perl(MIME::Base64)
 BuildRequires:  perl(Time::Local) perl(Time::HiRes) perl(vars)
-%ifarch x86_64
-BuildRequires:  valgrind
-%endif
 
 Requires:       libcurl = %{version}-%{release}
 Provides:	curl-full = %{version}-%{release} webclient
@@ -137,6 +135,32 @@ sed -e 's/^runpath_var=.*/runpath_var=/' \
 
 %make_build V=1 -C build-full
 
+%check
+# compile upstream test-cases
+%make_build V=1 -C build-full/tests
+ 
+# relax crypto policy for the test-suite to make it pass again (#1610888)
+export OPENSSL_SYSTEM_CIPHERS_OVERRIDE=XXX
+export OPENSSL_CONF=
+ 
+# make runtests.pl work for out-of-tree builds
+export srcdir=../../tests
+ 
+# prevent valgrind from being extremely slow (#1662656)
+unset DEBUGINFOD_URLS
+ 
+# run the upstream test-suite for curl-full
+for size in full; do (
+    cd build-${size}
+ 
+    # we have to override LD_LIBRARY_PATH because we eliminated rpath
+    export LD_LIBRARY_PATH="${PWD}/lib/.libs"
+ 
+    cd tests
+    perl -I../../tests ../../tests/runtests.pl -a -p -v '!flaky'
+)
+done
+
 %install
 rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.{la,so}
 
@@ -192,6 +216,12 @@ rm -rf ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 %{_mandir}/man3/*
 
 %changelog
+* Thu Mar 09 2023 xinghe <xinghe2@h-partners.com> - 7.71.1-22
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:enable test
+
 * Sat Feb 18 2023 xinghe <xinghe2@h-partners.com> - 7.71.1-21
 - Type:cves
 - CVE:CVE-2023-23916