From 3501daee0ba664ab3667dc0a56560a2a4b4b2113 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Wed, 26 Oct 2022 14:24:08 +0200
Subject: [PATCH] new upstream release - 7.86.0

Resolves: CVE-2022-42916 - HSTS bypass via IDN
Resolves: CVE-2022-42915 - HTTP proxy double-free
Resolves: CVE-2022-35260 - .netrc parser out-of-bounds access
Resolves: CVE-2022-32221 - POST following PUT confusion
---
 0102-curl-7.84.0-test3026.patch | 2 +-
 curl.spec                       | 9 ++++++++-
 sources                         | 4 ++--
 3 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/0102-curl-7.84.0-test3026.patch b/0102-curl-7.84.0-test3026.patch
index 8c4ddb5..56b10c6 100644
--- a/0102-curl-7.84.0-test3026.patch
+++ b/0102-curl-7.84.0-test3026.patch
@@ -55,7 +55,7 @@ diff --git a/tests/libtest/lib3026.c b/tests/libtest/lib3026.c
 index 43fe335..70cd7a4 100644
 --- a/tests/libtest/lib3026.c
 +++ b/tests/libtest/lib3026.c
-@@ -123,8 +123,8 @@ int test(char *URL)
+@@ -139,8 +139,8 @@ int test(char *URL)
      results[i] = CURL_LAST; /* initialize with invalid value */
      res = pthread_create(&tids[i], NULL, run_thread, &results[i]);
      if(res) {
diff --git a/curl.spec b/curl.spec
index 6625b13..3e17984 100644
--- a/curl.spec
+++ b/curl.spec
@@ -1,6 +1,6 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
-Version: 7.85.0
+Version: 7.86.0
 Release: 1%{?dist}
 License: MIT
 Source0: https://curl.se/download/%{name}-%{version}.tar.xz
@@ -421,6 +421,13 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
 
 %changelog
+* Wed Oct 26 2022 Kamil Dudka <kdudka@redhat.com> - 7.86.0-1
+- new upstream release, which fixes the following vulnerabilities
+    CVE-2022-42916 - HSTS bypass via IDN
+    CVE-2022-42915 - HTTP proxy double-free
+    CVE-2022-35260 - .netrc parser out-of-bounds access
+    CVE-2022-32221 - POST following PUT confusion
+
 * Thu Sep 01 2022 Kamil Dudka <kdudka@redhat.com> - 7.85.0-1
 - new upstream release, which fixes the following vulnerability
     CVE-2022-35252 - control code in cookie denial of service
diff --git a/sources b/sources
index 3662440..45ced88 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-SHA512 (curl-7.85.0.tar.xz) = b57cc31649a4f47cc4b482f56a85c86c8e8aaeaf01bc1b51b065fdb9145a9092bc52535e52a85a66432eb163605b2edbf5bc5c33ea6e40e50f26a69ad1365cbd
-SHA512 (curl-7.85.0.tar.xz.asc) = 7022daf84b330b24112d595edee715cdeb881a4ba8a4fa7eec23aed28292e5d943af778f03aadd036d44d875f9e226096ea142d18afe516b6bdbd475fcd3aca6
+SHA512 (curl-7.86.0.tar.xz) = 18e03a3c00f22125e07bddb18becbf5acdca22baeb7b29f45ef189a5c56f95b2d51247813f7a9a90f04eb051739e9aa7d3a1c5be397bae75d763a2b918d1b656
+SHA512 (curl-7.86.0.tar.xz.asc) = 9e97d5f44b3c856f401fe30ba713e1ca1f74edfc693dc42f1ce8e43f9f6dd4bf6998c579bc9c5d0f749f475a7d67d232e92ab6f89b95141acdb53e149f2312f0