diff --git a/SOURCES/0031-curl-7.76.1-CVE-2023-28321.patch b/SOURCES/0031-curl-7.76.1-CVE-2023-28321.patch
index b306e91..10450e0 100644
--- a/SOURCES/0031-curl-7.76.1-CVE-2023-28321.patch
+++ b/SOURCES/0031-curl-7.76.1-CVE-2023-28321.patch
@@ -41,7 +41,7 @@ index e827dc58f378c..d061c6356f97f 100644
/*
* Match a hostname against a wildcard pattern.
* E.g.
-@@ -65,26 +76,27 @@
+@@ -65,26 +76,31 @@
static int hostmatch(char *hostname, char *pattern)
{
@@ -73,10 +73,14 @@ index e827dc58f378c..d061c6356f97f 100644
- if(pattern_wildcard == NULL)
- return strcasecompare(pattern, hostname) ?
- CURL_HOST_MATCH : CURL_HOST_NOMATCH;
-+ if(hostname[hostlen-1]=='.')
++ if(hostname[hostlen-1]=='.') {
+ hostname[hostlen-1] = 0;
-+ if(pattern[patternlen-1]=='.')
++ hostlen--;
++ }
++ if(pattern[patternlen-1]=='.') {
+ pattern[patternlen-1] = 0;
++ patternlen--;
++ }
+
+ if(strncmp(pattern, "*.", 2))
+ return pmatch(hostname, hostlen, pattern, patternlen);
@@ -143,7 +147,7 @@ index 84f962abebee3..f31b2c2a3f330 100644
-@@ -15,9 +14,9 @@ none
+@@ -14,9 +13,9 @@ none
unittest
@@ -154,7 +158,7 @@ index 84f962abebee3..f31b2c2a3f330 100644
+Curl_cert_hostcheck unit tests
+
-
+
diff --git a/tests/unit/unit1397.c b/tests/unit/unit1397.c
index 2f3d3aa4d09e1..3ae75618d5d10 100644
@@ -169,7 +173,7 @@ index 2f3d3aa4d09e1..3ae75618d5d10 100644
static CURLcode unit_setup(void)
{
return CURLE_OK;
-@@ -30,50 +28,93 @@ static CURLcode unit_setup(void)
+@@ -30,50 +28,91 @@ static CURLcode unit_setup(void)
static void unit_stop(void)
{
@@ -280,9 +284,7 @@ index 2f3d3aa4d09e1..3ae75618d5d10 100644
+ int i;
+ for(i = 0; tests[i].host; i++) {
+ if(tests[i].match != Curl_cert_hostcheck(tests[i].pattern,
-+ strlen(tests[i].pattern),
-+ tests[i].host,
-+ strlen(tests[i].host))) {
++ tests[i].host)) {
+ fprintf(stderr,
+ "HOST: %s\n"
+ "PTRN: %s\n"
diff --git a/SOURCES/0039-curl-7.76.1-pause-on-http.patch b/SOURCES/0039-curl-7.76.1-pause-on-http.patch
new file mode 100644
index 0000000..96ddcd4
--- /dev/null
+++ b/SOURCES/0039-curl-7.76.1-pause-on-http.patch
@@ -0,0 +1,28 @@
+From badcf275bc5e7a13128734968102a48c93962cef Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg
+Date: Mon, 17 May 2021 09:05:39 +0200
+Subject: [PATCH] http2: make sure pause is done on HTTP
+
+Since the function is called for any protocol, we can't assume that the
+HTTP struct is there without first making sure it is HTTP.
+
+Reported-by: Denis Goleshchikhin
+Fixes #7079
+---
+ lib/http2.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/lib/http2.c b/lib/http2.c
+index ac04d348c495..bc604ce1551a 100644
+--- a/lib/http2.c
++++ b/lib/http2.c
+@@ -2353,7 +2353,8 @@ CURLcode Curl_http2_stream_pause(struct Curl_easy *data, bool pause)
+ DEBUGASSERT(data);
+ DEBUGASSERT(data->conn);
+ /* if it isn't HTTP/2, we're done */
+- if(!data->conn->proto.httpc.h2)
++ if(!(data->conn->handler->protocol & PROTO_FAMILY_HTTP) ||
++ !data->conn->proto.httpc.h2)
+ return CURLE_OK;
+ #ifdef NGHTTP2_HAS_SET_LOCAL_WINDOW_SIZE
+ else {
diff --git a/SPECS/curl.spec b/SPECS/curl.spec
index a8a96a6..814ec49 100644
--- a/SPECS/curl.spec
+++ b/SPECS/curl.spec
@@ -1,7 +1,7 @@
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
Name: curl
Version: 7.76.1
-Release: 31%{?dist}
+Release: 31%{?dist}.1
License: MIT
Source: https://curl.se/download/%{name}-%{version}.tar.xz
@@ -116,6 +116,9 @@ Patch37: 0037-curl-7.76.1-ignore-unexpected-eof.patch
# provide common cleanup method for push headers (CVE-2024-2398)
Patch38: 0038-curl-7.76.1-CVE-2024-2398.patch
+# make sure pause is done on HTTP
+Patch39: 0039-curl-7.76.1-pause-on-http.patch
+
# patch making libcurl multilib ready
Patch101: 0101-curl-7.32.0-multilib.patch
@@ -291,48 +294,49 @@ be installed.
%setup -q
# upstream patches
-%patch1 -p1
-%patch2 -p1
-%patch3 -p1
-%patch4 -p1
-%patch5 -p1
-%patch6 -p1
-%patch7 -p1
-%patch8 -p1
-%patch9 -p1
-%patch10 -p1
-%patch11 -p1
-%patch12 -p1
-%patch13 -p1
-%patch14 -p1
-%patch15 -p1
-%patch16 -p1
-%patch17 -p1
-%patch19 -p1
-%patch20 -p1
-%patch21 -p1
-%patch22 -p1
-%patch23 -p1
-%patch24 -p1
-%patch25 -p1
-%patch26 -p1
-%patch27 -p1
-%patch28 -p1
-%patch29 -p1
-%patch30 -p1
-%patch31 -p1
-%patch32 -p1
-%patch33 -p1
-%patch34 -p1
-%patch35 -p1
-%patch36 -p1
-%patch37 -p1
-%patch38 -p1
+%patch -P 1 -p1
+%patch -P 2 -p1
+%patch -P 3 -p1
+%patch -P 4 -p1
+%patch -P 5 -p1
+%patch -P 6 -p1
+%patch -P 7 -p1
+%patch -P 8 -p1
+%patch -P 9 -p1
+%patch -P 10 -p1
+%patch -P 11 -p1
+%patch -P 12 -p1
+%patch -P 13 -p1
+%patch -P 14 -p1
+%patch -P 15 -p1
+%patch -P 16 -p1
+%patch -P 17 -p1
+%patch -P 19 -p1
+%patch -P 20 -p1
+%patch -P 21 -p1
+%patch -P 22 -p1
+%patch -P 23 -p1
+%patch -P 24 -p1
+%patch -P 25 -p1
+%patch -P 26 -p1
+%patch -P 27 -p1
+%patch -P 28 -p1
+%patch -P 29 -p1
+%patch -P 30 -p1
+%patch -P 31 -p1
+%patch -P 32 -p1
+%patch -P 33 -p1
+%patch -P 34 -p1
+%patch -P 35 -p1
+%patch -P 36 -p1
+%patch -P 37 -p1
+%patch -P 38 -p1
+%patch -P 39 -p1
# Fedora patches
-%patch101 -p1
-%patch102 -p1
-%patch105 -p1
+%patch -P 101 -p1
+%patch -P 102 -p1
+%patch -P 105 -p1
# disable test 1112 (#565305), test 1455 (occasionally fails with 'bind failed
# with errno 98: Address already in use' in Koji environment), and test 1801
@@ -586,6 +590,11 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
%changelog
+* Tue Dec 17 2024 Jacek Migacz - 7.76.1-31.el9_6.1
+- make up incomplete patch for host name wildcard checking (RHEL-5675)
+- eliminate use of obsolete patch syntax (RHEL-65791)
+- http2: make sure pause is done on HTTP (RHEL-86805)
+
* Thu Aug 22 2024 Jacek Migacz - 7.76.1-31
- provide common cleanup method for push headers (CVE-2024-2398)