From d008daad0408ddef46a43091bf03fa2eaa1e3057 Mon Sep 17 00:00:00 2001
From: Jacek Migacz <jmigacz@redhat.com>
Date: Wed, 27 Mar 2024 15:12:16 +0100
Subject: [PATCH] Disable OpenSSL Engine API support in RHEL 10

Resolves: RHEL-30436
---
 curl.spec | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/curl.spec b/curl.spec
index 6d59afa..e621183 100644
--- a/curl.spec
+++ b/curl.spec
@@ -1,7 +1,7 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
 Version: 8.6.0
-Release: 7%{?dist}
+Release: 8%{?dist}
 License: curl
 Source0: https://curl.se/download/%{name}-%{version}.tar.xz
 Source1: https://curl.se/download/%{name}-%{version}.tar.xz.asc
@@ -165,6 +165,8 @@ uploading, HTTP form based upload, proxies, cookies, user+password
 authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer
 resume, proxy tunneling and a busload of other useful tricks. 
 
+%bcond openssl_engine %[!(0%{?rhel} >= 10)]
+
 %package -n libcurl
 Summary: A library for getting files from web servers
 Requires: libnghttp2%{?_isa} >= %{libnghttp2_version}
@@ -245,6 +247,11 @@ sed -e 's|^35$|35,52|' -i tests/data/test323
 autoreconf -fiv
 
 %build
+
+%if %{without openssl_engine}
+export CPPFLAGS="$CPPFLAGS -DOPENSSL_NO_ENGINE"
+%endif
+
 mkdir build-{full,minimal}
 export common_configure_opts="          \
     --cache-file=../config.cache        \
@@ -418,6 +425,11 @@ rm -f ${RPM_BUILD_ROOT}%{_mandir}/man1/mk-ca-bundle.1*
 %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
 
 %changelog
+* Tue Jul 9 2024 Jacek Migacz <jmigacz@redhat.com> - 8.6.0-8
+- disable OpenSSL Engine API support (RHEL-30436)
+- setopt: Fix disabling all protocols (CVE-2024-2004)
+- http2: push headers better cleanup (CVE-2024-2398)
+
 * Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 8.6.0-7
 - Bump release for June 2024 mass rebuild