fix CVE-2022-32221

(cherry picked from commit 72fa409730d908b1b753e32d6e94a21f0d2d0940)

backport-CVE-2022-32221.patch

@@ -0,0 +1,28 @@
+From a64e3e59938abd7d667e4470a18072a24d7e9de9 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 15 Sep 2022 09:22:45 +0200
+Subject: [PATCH] setopt: when POST is set, reset the 'upload' field
+
+Reported-by: RobBotic1 on github
+Fixes #9507
+Closes #9511
+
+Conflict: case CURLOPT_HTTPPOST => case CURLOPT_COPYPOSTFIELDS
+Reference: https://github.com/curl/curl/commit/a64e3e59938abd7d667e4470a18072a24d7e9de9
+
+---
+ lib/setopt.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/lib/setopt.c b/lib/setopt.c
+index 03c4efdbf1e58..7289a4e78bdd0 100644
+--- a/lib/setopt.c
++++ b/lib/setopt.c
+@@ -700,6 +700,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
+     }
+     else
+       data->set.method = HTTPREQ_GET;
++    data->set.upload = FALSE;
+     break;
+ 
+   case CURLOPT_COPYPOSTFIELDS:

curl.spec

@@ -6,7 +6,7 @@
 
 Name:           curl
 Version:        7.71.1
-Release:        18
+Release:        19
 Summary:        Curl is used in command lines or scripts to transfer data
 License:        MIT
 URL:            https://curl.haxx.se/
@@ -48,6 +48,7 @@ Patch134:       backport-CVE-2022-32207.patch
 Patch135:       backport-CVE-2022-32208.patch
 Patch136:       backport-fix-configure-disable-http-auth-build-error.patch
 Patch137:       backport-CVE-2022-35252-cookie-reject-cookies-with-control-bytes.patch
+Patch138:       backport-CVE-2022-32221.patch
 
 BuildRequires:  automake brotli-devel coreutils gcc groff krb5-devel
 BuildRequires:  libidn2-devel libnghttp2-devel libpsl-devel
@@ -189,6 +190,12 @@ rm -rf ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 %{_mandir}/man3/*
 
 %changelog
+* Thu Oct 27 2022 yanglu <yanglu72@h-partners.com> - 7.71.1-19
+- Type:cves
+- CVE:CVE-2022-32221
+- SUG:NA
+- DESC:fix CVE-2022-32221
+
 * Thu Sep 01 2022 zhouyihang <zhouyihang3@h-partners.com> - 7.71.1-18
 - Type:cves
 - CVE:CVE-2022-35252