From 91252b5be554362200eb7f4b5ad6f868b7b3cff2 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Mon, 20 Sep 2021 14:54:20 +0200
Subject: [PATCH] Resolves: #2005874 - disable more protocols and features in
 libcurl-minimal

... to limit vulnerability exposure in case there is a CVE in curl
in some of the rarer protocols
---
 curl.spec | 33 ++++++++++++++++++++++++++++++++-
 1 file changed, 32 insertions(+), 1 deletion(-)

diff --git a/curl.spec b/curl.spec
index 4c0088a..6073878 100644
--- a/curl.spec
+++ b/curl.spec
@@ -1,7 +1,7 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
 Version: 7.76.1
-Release: 12%{?dist}
+Release: 13%{?dist}
 License: MIT
 Source: https://curl.se/download/%{name}-%{version}.tar.xz
 
@@ -277,9 +277,23 @@ export common_configure_opts="          \
 (
     cd build-minimal
     %configure $common_configure_opts   \
+        --disable-dict                  \
+        --disable-gopher                \
+        --disable-hsts                  \
+        --disable-imap                  \
         --disable-ldap                  \
         --disable-ldaps                 \
         --disable-manual                \
+        --disable-mqtt                  \
+        --disable-ntlm                  \
+        --disable-ntlm-wb               \
+        --disable-pop3                  \
+        --disable-rtsp                  \
+        --disable-smb                   \
+        --disable-smtp                  \
+        --disable-telnet                \
+        --disable-tftp                  \
+        --disable-tls-srp               \
         --without-brotli                \
         --without-libidn2               \
         --without-libpsl                \
@@ -290,9 +304,23 @@ export common_configure_opts="          \
 (
     cd build-full
     %configure $common_configure_opts   \
+        --enable-dict                   \
+        --enable-gopher                 \
+        --enable-hsts                   \
+        --enable-imap                   \
         --enable-ldap                   \
         --enable-ldaps                  \
         --enable-manual                 \
+        --enable-mqtt                   \
+        --enable-ntlm                   \
+        --enable-ntlm-wb                \
+        --enable-pop3                   \
+        --enable-rtsp                   \
+        --enable-smb                    \
+        --enable-smtp                   \
+        --enable-telnet                 \
+        --enable-tftp                   \
+        --enable-tls-srp                \
         --with-brotli                   \
         --with-libidn2                  \
         --with-libpsl                   \
@@ -396,6 +424,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
 
 %changelog
+* Mon Oct 04 2021 Kamil Dudka <kdudka@redhat.com> - 7.76.1-13
+- disable more protocols and features in libcurl-minimal (#2005874)
+
 * Fri Sep 17 2021 Kamil Dudka <kdudka@redhat.com> - 7.76.1-12
 - fix STARTTLS protocol injection via MITM (CVE-2021-22947)
 - fix protocol downgrade required TLS bypass (CVE-2021-22946)