diff --git a/0103-curl-7.87.0-test3012.patch b/0103-curl-7.87.0-test3012.patch
new file mode 100644
index 0000000..108d715
--- /dev/null
+++ b/0103-curl-7.87.0-test3012.patch
@@ -0,0 +1,52 @@
+From 0d0a256c8e7f6261d49e1bdd583c04c0e5dfe706 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Wed, 11 Jan 2023 08:53:05 +0100
+Subject: [PATCH] test3012: disable valgrind
+
+valgrind reports a call to memcpy() with overlapping blocks by mistake:
+```
+test 3012...[--output-dir with -J]
+../libtool --mode=execute /usr/bin/valgrind --tool=memcheck --quiet --leak-check=yes --suppressions=../../tests/valgrind.supp --num-callers=16 --log-file=log/valgrind3012 ../src/curl --trace-ascii log/trace3012 --trace-time http://127.0.0.1:35981/this/is/the/3012 -OJ --output-dir /root/rpmbuild/BUILD/curl-7.86.0/build-minimal/tests/log >log/stdout3012 2>log/stderr3012
+CMD (0): ../libtool --mode=execute /usr/bin/valgrind --tool=memcheck --quiet --leak-check=yes --suppressions=../../tests/valgrind.supp --num-callers=16 --log-file=log/valgrind3012 ../src/curl --trace-ascii log/trace3012 --trace-time http://127.0.0.1:35981/this/is/the/3012 -OJ --output-dir /root/rpmbuild/BUILD/curl-7.86.0/build-minimal/tests/log >log/stdout3012 2>log/stderr3012
+ valgrind ERROR ==496584== Source and destination overlap in memcpy_chk(0x54ad1a0, 0x54ad1a1, 11)
+==496584==    at 0x484C332: __memcpy_chk (vg_replace_strmem.c:1741)
+==496584==    by 0x118FDB: UnknownInlinedFun (string_fortified.h:36)
+==496584==    by 0x118FDB: UnknownInlinedFun (tool_cb_hdr.c:301)
+==496584==    by 0x118FDB: tool_header_cb (tool_cb_hdr.c:173)
+==496584==    by 0x489907B: chop_write.lto_priv.0 (sendf.c:620)
+==496584==    by 0x489CDD1: UnknownInlinedFun (http.c:4449)
+==496584==    by 0x489CDD1: UnknownInlinedFun (transfer.c:633)
+==496584==    by 0x489CDD1: Curl_readwrite (transfer.c:1219)
+==496584==    by 0x488C116: multi_runsingle (multi.c:2404)
+==496584==    by 0x488F491: curl_multi_perform (multi.c:2682)
+==496584==    by 0x486A9DA: UnknownInlinedFun (easy.c:663)
+==496584==    by 0x486A9DA: UnknownInlinedFun (easy.c:753)
+==496584==    by 0x486A9DA: curl_easy_perform (easy.c:772)
+==496584==    by 0x114B28: UnknownInlinedFun (tool_operate.c:2406)
+==496584==    by 0x114B28: UnknownInlinedFun (tool_operate.c:2594)
+==496584==    by 0x114B28: UnknownInlinedFun (tool_operate.c:2706)
+==496584==    by 0x114B28: main (tool_main.c:284)
+```
+
+Bug: https://bugzilla.redhat.com/2143040
+---
+ tests/data/test3012 | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/tests/data/test3012 b/tests/data/test3012
+index 1889c93..ea43a49 100644
+--- a/tests/data/test3012
++++ b/tests/data/test3012
+@@ -56,5 +56,9 @@ Accept: */*
+ <file name="log/MMM%TESTNUMBERMMM">
+ -foo-
+ </file>
++
++<valgrind>
++disable
++</valgrind>
+ </verify>
+ </testcase>
+-- 
+2.39.0
+
diff --git a/curl.spec b/curl.spec
index 06caa54..0101e2a 100644
--- a/curl.spec
+++ b/curl.spec
@@ -1,7 +1,7 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
 Version: 7.87.0
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: MIT
 Source0: https://curl.se/download/%{name}-%{version}.tar.xz
 Source1: https://curl.se/download/%{name}-%{version}.tar.xz.asc
@@ -16,6 +16,9 @@ Patch101: 0101-curl-7.32.0-multilib.patch
 # test3026: disable valgrind
 Patch102: 0102-curl-7.84.0-test3026.patch
 
+# test3012: temporarily disable valgrind (#2143040)
+Patch103: 0103-curl-7.87.0-test3012.patch
+
 Provides: curl-full = %{version}-%{release}
 Provides: webclient
 URL: https://curl.se/
@@ -198,6 +201,7 @@ be installed.
 # Fedora patches
 %patch101 -p1
 %patch102 -p1
+%patch103 -p1
 
 # disable test 1112 (#565305), test 1455 (occasionally fails with 'bind failed
 # with errno 98: Address already in use' in Koji environment), and test 1801
@@ -427,6 +431,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
 
 %changelog
+* Wed Jan 11 2023 Kamil Dudka <kdudka@redhat.com> - 7.87.0-2
+- test3012: temporarily disable valgrind (#2143040)
+
 * Wed Dec 21 2022 Kamil Dudka <kdudka@redhat.com> - 7.87.0-1
 - new upstream release, which fixes the following vulnerabilities
     CVE-2022-43552 - HTTP Proxy deny use-after-free