diff --git a/backport-CVE-2021-22876.patch b/backport-CVE-2021-22876.patch
index e4f0be7..e81f1d6 100644
--- a/backport-CVE-2021-22876.patch
+++ b/backport-CVE-2021-22876.patch
@@ -9,12 +9,12 @@ Added test 2081 to verify.
CVE-2021-22876
Bug: https://curl.se/docs/CVE-2021-22876.html
+
+Conflict: remove tests/data/Makefile.inc tests/data/test2081
+Reference: https://github.com/curl/curl/commit/7214288898f5625a6cc196e22a74232eada7861c
---
lib/transfer.c | 25 ++++++++++++++--
- tests/data/Makefile.inc | 2 +-
- tests/data/test2081 | 66 +++++++++++++++++++++++++++++++++++++++++
- 3 files changed, 90 insertions(+), 3 deletions(-)
- create mode 100644 tests/data/test2081
+ 1 files changed, 23 insertions(+), 3 deletions(-)
diff --git a/lib/transfer.c b/lib/transfer.c
index 1976bc033..a68c021c8 100644
@@ -60,91 +60,5 @@ index 1976bc033..a68c021c8 100644
data->change.referer_alloc = TRUE; /* yes, free this later */
}
}
-diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
-index 2c7a0ca89..ea52683d2 100644
---- a/tests/data/Makefile.inc
-+++ b/tests/data/Makefile.inc
-@@ -221,7 +221,7 @@ test2064 test2065 test2066 test2067 test2068 test2069 \
- test2064 test2065 test2066 test2067 test2068 test2069 test2070 \
- test2071 test2072 test2073 test2074 test2075 test2076 test2077 \
- test2078 \
--test2080 \
-+test2080 test2081 \
- test2100 \
- \
- test3000 test3001 \
-diff --git a/tests/data/test2081 b/tests/data/test2081
-new file mode 100644
-index 000000000..a6733e737
---- /dev/null
-+++ b/tests/data/test2081
-@@ -0,0 +1,66 @@
-+
-+
-+
-+HTTP
-+HTTP GET
-+referer
-+followlocation
-+--write-out
-+
-+
-+
-+# Server-side
-+
-+
-+HTTP/1.1 301 This is a weirdo text message swsclose
-+Location: data/%TESTNUMBER0002.txt?coolsite=yes
-+Content-Length: 62
-+Connection: close
-+
-+This server reply is for testing a simple Location: following
-+
-+
-+
-+# Client-side
-+
-+
-+http
-+
-+
-+Automatic referrer credential and anchor stripping check
-+
-+
-+http://user:pass@%HOSTIP:%HTTPPORT/we/want/our/%TESTNUMBER#anchor --location --referer ';auto' --write-out '%{referer}\n'
-+
-+
-+
-+# Verify data after the test has been "shot"
-+
-+
-+52
-+
-+
-+GET /we/want/our/%TESTNUMBER HTTP/1.1
-+Host: %HOSTIP:%HTTPPORT
-+Authorization: Basic dXNlcjpwYXNz
-+User-Agent: curl/%VERSION
-+Accept: */*
-+
-+GET /we/want/our/data/%TESTNUMBER0002.txt?coolsite=yes HTTP/1.1
-+Host: %HOSTIP:%HTTPPORT
-+Authorization: Basic dXNlcjpwYXNz
-+User-Agent: curl/%VERSION
-+Accept: */*
-+Referer: http://%HOSTIP:%HTTPPORT/we/want/our/%TESTNUMBER
-+
-+
-+
-+HTTP/1.1 301 This is a weirdo text message swsclose
-+Location: data/%TESTNUMBER0002.txt?coolsite=yes
-+Content-Length: 62
-+Connection: close
-+
-+http://%HOSTIP:%HTTPPORT/we/want/our/%TESTNUMBER
-+
-+
-+
--
-2.23.0
-
+2.23.0
\ No newline at end of file
diff --git a/backport-CVE-2023-23916.patch b/backport-CVE-2023-23916.patch
index a9089cc..affe116 100644
--- a/backport-CVE-2023-23916.patch
+++ b/backport-CVE-2023-23916.patch
@@ -1,229 +1,55 @@
-From 119fb187192a9ea13dc90d9d20c215fc82799ab9 Mon Sep 17 00:00:00 2001
-From: Patrick Monnerat
-Date: Mon, 13 Feb 2023 08:33:09 +0100
-Subject: [PATCH] content_encoding: do not reset stage counter for each header
-
-Test 418 verifies
-
-Closes #10492
-
-Conflict: remove tests/data/test387
-Reference: https://github.com/curl/curl/commit/119fb187192a9ea13dc
----
- lib/content_encoding.c | 7 +-
- lib/urldata.h | 1 +
- tests/data/Makefile.inc | 2 +-
- tests/data/test418 | 152 ++++++++++++++++++++++++++++++++++++++++
- 4 files changed, 157 insertions(+), 5 deletions(-)
- create mode 100644 tests/data/test418
-
-diff --git a/lib/content_encoding.c b/lib/content_encoding.c
-index 4a20142..3633791 100644
---- a/lib/content_encoding.c
-+++ b/lib/content_encoding.c
-@@ -945,7 +945,6 @@ CURLcode Curl_build_unencoding_stack(struct connectdata *conn,
- {
- struct Curl_easy *data = conn->data;
- struct SingleRequest *k = &data->req;
-- int counter = 0;
-
- do {
- const char *name;
-@@ -980,9 +979,9 @@ CURLcode Curl_build_unencoding_stack(struct connectdata *conn,
- if(!encoding)
- encoding = &error_encoding; /* Defer error at stack use. */
-
-- if(++counter >= MAX_ENCODE_STACK) {
-- failf(data, "Reject response due to %u content encodings",
-- counter);
-+ if(k->writer_stack_depth++ >= MAX_ENCODE_STACK) {
-+ failf(data, "Reject response due to more than %u content encodings",
-+ MAX_ENCODE_STACK);
- return CURLE_BAD_CONTENT_ENCODING;
- }
- /* Stack the unencoding stage. */
-diff --git a/lib/urldata.h b/lib/urldata.h
-index dc77061..27ee1b5 100644
---- a/lib/urldata.h
-+++ b/lib/urldata.h
-@@ -653,6 +653,7 @@ struct SingleRequest {
- struct dohdata doh; /* DoH specific data for this request */
- #endif
- unsigned char setcookies;
-+ unsigned char writer_stack_depth; /* Unencoding stack depth. */
- BIT(header); /* incoming data has HTTP header */
- BIT(content_range); /* set TRUE if Content-Range: was found */
- BIT(upload_done); /* set to TRUE when doing chunked transfer-encoding
-diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
-index f57f45e..5b943ab 100644
---- a/tests/data/Makefile.inc
-+++ b/tests/data/Makefile.inc
-@@ -65,7 +65,7 @@ test393 test394 test395 \
- \
- test400 test401 test402 test403 test404 test405 test406 test407 test408 \
- test409 \
--\
-+test418 \
- test430 test431 test432 \
- \
- test490 test491 test492 \
-diff --git a/tests/data/test418 b/tests/data/test418
-new file mode 100644
-index 0000000..50e974e
---- /dev/null
-+++ b/tests/data/test418
-@@ -0,0 +1,152 @@
-+
-+
-+
-+HTTP
-+gzip
-+
-+
-+
-+#
-+# Server-side
-+
-+
-+HTTP/1.1 200 OK
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+Transfer-Encoding: gzip
-+
-+-foo-
-+
-+
-+
-+#
-+# Client-side
-+
-+
-+http
-+
-+
-+Response with multiple Transfer-Encoding headers
-+
-+
-+http://%HOSTIP:%HTTPPORT/%TESTNUMBER -sS
-+
-+
-+
-+#
-+# Verify data after the test has been "shot"
-+
-+
-+GET /%TESTNUMBER HTTP/1.1
-+Host: %HOSTIP:%HTTPPORT
-+User-Agent: curl/%VERSION
-+Accept: */*
-+
-+
-+
-+# CURLE_BAD_CONTENT_ENCODING is 61
-+
-+61
-+
-+
-+curl: (61) Reject response due to more than 5 content encodings
-+
-+
-+
---
-2.27.0
+From 119fb187192a9ea13dc90d9d20c215fc82799ab9 Mon Sep 17 00:00:00 2001
+From: Patrick Monnerat
+Date: Mon, 13 Feb 2023 08:33:09 +0100
+Subject: [PATCH] content_encoding: do not reset stage counter for each header
+
+Test 418 verifies
+
+Closes #10492
+
+Conflict: remove tests/data/test387 tests/data/test418 tests/data/Makefile.inc
+Reference: https://github.com/curl/curl/commit/119fb187192a9ea13dc
+---
+ lib/content_encoding.c | 7 +-
+ lib/urldata.h | 1 +
+ 2 files changed, 7 insertions(+), 1 deletions(-)
+
+diff --git a/lib/content_encoding.c b/lib/content_encoding.c
+index 4a20142..3633791 100644
+--- a/lib/content_encoding.c
++++ b/lib/content_encoding.c
+@@ -945,7 +945,6 @@ CURLcode Curl_build_unencoding_stack(struct connectdata *conn,
+ {
+ struct Curl_easy *data = conn->data;
+ struct SingleRequest *k = &data->req;
+- int counter = 0;
+
+ do {
+ const char *name;
+@@ -980,9 +979,9 @@ CURLcode Curl_build_unencoding_stack(struct connectdata *conn,
+ if(!encoding)
+ encoding = &error_encoding; /* Defer error at stack use. */
+
+- if(++counter >= MAX_ENCODE_STACK) {
+- failf(data, "Reject response due to %u content encodings",
+- counter);
++ if(k->writer_stack_depth++ >= MAX_ENCODE_STACK) {
++ failf(data, "Reject response due to more than %u content encodings",
++ MAX_ENCODE_STACK);
+ return CURLE_BAD_CONTENT_ENCODING;
+ }
+ /* Stack the unencoding stage. */
+diff --git a/lib/urldata.h b/lib/urldata.h
+index dc77061..27ee1b5 100644
+--- a/lib/urldata.h
++++ b/lib/urldata.h
+@@ -653,6 +653,7 @@ struct SingleRequest {
+ struct dohdata doh; /* DoH specific data for this request */
+ #endif
+ unsigned char setcookies;
++ unsigned char writer_stack_depth; /* Unencoding stack depth. */
+ BIT(header); /* incoming data has HTTP header */
+ BIT(content_range); /* set TRUE if Content-Range: was found */
+ BIT(upload_done); /* set to TRUE when doing chunked transfer-encoding
+--
+2.27.0
\ No newline at end of file
diff --git a/backport-fix-test973-test974-test975-test976.patch b/backport-fix-test973-test974-test975-test976.patch
new file mode 100644
index 0000000..9dfa699
--- /dev/null
+++ b/backport-fix-test973-test974-test975-test976.patch
@@ -0,0 +1,50 @@
+From 6d2b603c9f0d7b97f235b4b9930f3192c8b809a0 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg
+Date: Wed, 8 Mar 2023 16:23:04 +0800
+Subject: [PATCH] fix test973 test974 test975 test976
+
+e6b21d runtests: provide curl's version string as %VERSION for tests
+f60f51 runtests: init $VERSION to avoid warnings when using -l
+
+merge f60f51721c656a96afa5ba9b6a5913a705f6bc60 and e6b21d422e631a7c0cc81abf956af179b3b4c5e8
+
+Conflict: remove all files in the tests/data directory, remove tests/FILEFORMAT.md
+Reference: https://github.com/curl/curl/commit/f60f51721c656a96afa5ba9b6a5913a705f6bc60
+https://github.com/curl/curl/commit/e6b21d422e631a7c0cc81abf956af179b3b4c5e8
+---
+ tests/runtests.pl | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/tests/runtests.pl b/tests/runtests.pl
+index 0743d49..94f265a 100755
+--- a/tests/runtests.pl
++++ b/tests/runtests.pl
+@@ -166,6 +166,7 @@ my $NEGTELNETPORT=$noport; # TELNET server port with negotiation
+ my $HTTPUNIXPATH; # HTTP server Unix domain socket path
+
+ my $SSHSRVMD5 = "[uninitialized]"; # MD5 of ssh server public key
++my $VERSION=""; # curl's reported version number
+
+ my $srcdir = $ENV{'srcdir'} || '.';
+ my $CURL="../src/curl".exe_ext('TOOL'); # what curl executable to run on the tests
+@@ -2897,8 +2898,9 @@ sub checksystem {
+ for(@version) {
+ chomp;
+
+- if($_ =~ /^curl/) {
++ if($_ =~ /^curl ([^ ]*)/) {
+ $curl = $_;
++ $VERSION = $1;
+ $curl =~ s/^(.*)(libcurl.*)/$1/g;
+
+ $libcurl = $2;
+@@ -3302,6 +3304,7 @@ sub subVariables {
+ $$thing =~ s/${prefix}CURL/$CURL/g;
+ $$thing =~ s/${prefix}PWD/$pwd/g;
+ $$thing =~ s/${prefix}POSIX_PWD/$posix_pwd/g;
++ $$thing =~ s/${prefix}VERSION/$VERSION/g;
+
+ my $file_pwd = $pwd;
+ if($file_pwd !~ /^\//) {
+--
+2.27.0
diff --git a/curl.spec b/curl.spec
index c67091b..669ab2e 100644
--- a/curl.spec
+++ b/curl.spec
@@ -6,7 +6,7 @@
Name: curl
Version: 7.71.1
-Release: 21
+Release: 22
Summary: Curl is used in command lines or scripts to transfer data
License: MIT
URL: https://curl.haxx.se/
@@ -51,6 +51,7 @@ Patch137: backport-CVE-2022-35252-cookie-reject-cookies-with-control-bytes
Patch138: backport-CVE-2022-32221.patch
Patch139: backport-CVE-2022-43552-smb-telnet-do-not-free-the-protocol-struct-in-_done.patch
Patch140: backport-CVE-2023-23916.patch
+Patch141: backport-fix-test973-test974-test975-test976.patch
BuildRequires: automake brotli-devel coreutils gcc groff krb5-devel
BuildRequires: libidn2-devel libnghttp2-devel libpsl-devel
@@ -61,9 +62,6 @@ BuildRequires: perl(Getopt::Long) perl(Pod::Usage) perl(strict) perl(warnings)
BuildRequires: perl(Cwd) perl(Digest::MD5) perl(Exporter) perl(File::Basename)
BuildRequires: perl(File::Copy) perl(File::Spec) perl(IPC::Open2) perl(MIME::Base64)
BuildRequires: perl(Time::Local) perl(Time::HiRes) perl(vars)
-%ifarch x86_64
-BuildRequires: valgrind
-%endif
Requires: libcurl = %{version}-%{release}
Provides: curl-full = %{version}-%{release} webclient
@@ -137,6 +135,32 @@ sed -e 's/^runpath_var=.*/runpath_var=/' \
%make_build V=1 -C build-full
+%check
+# compile upstream test-cases
+%make_build V=1 -C build-full/tests
+
+# relax crypto policy for the test-suite to make it pass again (#1610888)
+export OPENSSL_SYSTEM_CIPHERS_OVERRIDE=XXX
+export OPENSSL_CONF=
+
+# make runtests.pl work for out-of-tree builds
+export srcdir=../../tests
+
+# prevent valgrind from being extremely slow (#1662656)
+unset DEBUGINFOD_URLS
+
+# run the upstream test-suite for curl-full
+for size in full; do (
+ cd build-${size}
+
+ # we have to override LD_LIBRARY_PATH because we eliminated rpath
+ export LD_LIBRARY_PATH="${PWD}/lib/.libs"
+
+ cd tests
+ perl -I../../tests ../../tests/runtests.pl -a -p -v '!flaky'
+)
+done
+
%install
rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.{la,so}
@@ -192,6 +216,12 @@ rm -rf ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
%{_mandir}/man3/*
%changelog
+* Thu Mar 09 2023 xinghe - 7.71.1-22
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:enable test
+
* Sat Feb 18 2023 xinghe - 7.71.1-21
- Type:cves
- CVE:CVE-2023-23916