diff --git a/0022-curl-7.76.1-CVE-2022-32221.patch b/0022-curl-7.76.1-CVE-2022-32221.patch
new file mode 100644
index 0000000..4359c47
--- /dev/null
+++ b/0022-curl-7.76.1-CVE-2022-32221.patch
@@ -0,0 +1,251 @@
+From 08a53016db649bdf4f65c42a9704d35e052be7eb Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 15 Sep 2022 09:22:45 +0200
+Subject: [PATCH 1/2] setopt: when POST is set, reset the 'upload' field
+
+Reported-by: RobBotic1 on github
+Fixes #9507
+Closes #9511
+
+Upstream-commit: a64e3e59938abd7d667e4470a18072a24d7e9de9
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/setopt.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/lib/setopt.c b/lib/setopt.c
+index d5e3b50..b8793b4 100644
+--- a/lib/setopt.c
++++ b/lib/setopt.c
+@@ -628,6 +628,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
+     }
+     else
+       data->set.method = HTTPREQ_GET;
++    data->set.upload = FALSE;
+     break;
+ 
+   case CURLOPT_HTTPPOST:
+-- 
+2.37.3
+
+
+From a5e36349807b98d31a16bd220f6434289465e16a Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 15 Sep 2022 09:23:33 +0200
+Subject: [PATCH 2/2] test1948: verify PUT + POST reusing the same handle
+
+Reproduced #9507, verifies the fix
+
+Upstream-commit: 1edb15925e350be3b891f8a8de86600b22c0bb20
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ tests/data/Makefile.inc    |  1 +
+ tests/data/test1948        | 73 +++++++++++++++++++++++++++++++++++
+ tests/libtest/Makefile.inc |  5 +++
+ tests/libtest/lib1948.c    | 79 ++++++++++++++++++++++++++++++++++++++
+ 4 files changed, 158 insertions(+)
+ create mode 100644 tests/data/test1948
+ create mode 100644 tests/libtest/lib1948.c
+
+diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
+index 818ee08..0cfab9b 100644
+--- a/tests/data/Makefile.inc
++++ b/tests/data/Makefile.inc
+@@ -217,6 +217,7 @@ test1908 test1909 test1910 test1911 test1912 test1913 test1914 test1915 \
+ test1916 test1917 test1918 \
+ \
+ test1933 test1934 test1935 test1936 \
++test1948 \
+ \
+ test2000 test2001 test2002 test2003 test2004 test2005 test2006 test2007 \
+ test2008 test2009 test2010 test2011 test2012 test2013 test2014 test2015 \
+diff --git a/tests/data/test1948 b/tests/data/test1948
+new file mode 100644
+index 0000000..639523d
+--- /dev/null
++++ b/tests/data/test1948
+@@ -0,0 +1,73 @@
++<testcase>
++<info>
++<keywords>
++HTTP
++HTTP POST
++HTTP PUT
++</keywords>
++</info>
++
++# Server-side
++<reply>
++<data>
++HTTP/1.1 200 OK
++Date: Thu, 01 Nov 2001 14:49:00 GMT
++Content-Type: text/html
++Content-Length: 6
++
++hello
++</data>
++<datacheck>
++HTTP/1.1 200 OK
++Date: Thu, 01 Nov 2001 14:49:00 GMT
++Content-Type: text/html
++Content-Length: 6
++
++hello
++HTTP/1.1 200 OK
++Date: Thu, 01 Nov 2001 14:49:00 GMT
++Content-Type: text/html
++Content-Length: 6
++
++hello
++</datacheck>
++</reply>
++
++# Client-side
++<client>
++<server>
++http
++</server>
++
++<name>
++CURLOPT_POST after CURLOPT_UPLOAD reusing handle
++</name>
++<tool>
++lib%TESTNUMBER
++</tool>
++
++<command>
++http://%HOSTIP:%HTTPPORT/%TESTNUMBER
++</command>
++</client>
++
++# Verify data after the test has been "shot"
++<verify>
++<protocol>
++PUT /%TESTNUMBER HTTP/1.1
++Host: %HOSTIP:%HTTPPORT
++Accept: */*
++Content-Length: 22
++Expect: 100-continue
++
++This is test PUT data
++POST /1948 HTTP/1.1
++Host: %HOSTIP:%HTTPPORT
++Accept: */*
++Content-Length: 22
++Content-Type: application/x-www-form-urlencoded
++
++This is test PUT data
++</protocol>
++</verify>
++</testcase>
+diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc
+index 83a8af4..3192eca 100644
+--- a/tests/libtest/Makefile.inc
++++ b/tests/libtest/Makefile.inc
+@@ -61,6 +61,7 @@ noinst_PROGRAMS = chkhostname libauthretry libntlmconnect                \
+  lib1591 lib1592 lib1593 lib1594 lib1596 \
+          lib1905 lib1906 lib1907 lib1908 lib1910 lib1911 lib1912 lib1913 \
+          lib1915 lib1916 lib1917 lib1918 lib1933 lib1934 lib1935 lib1936 \
++ lib1948 \
+          lib3010
+ 
+ chkdecimalpoint_SOURCES = chkdecimalpoint.c ../../lib/mprintf.c \
+@@ -690,6 +691,10 @@ lib1936_SOURCES = lib1936.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
+ lib1936_LDADD = $(TESTUTIL_LIBS)
+ lib1936_CPPFLAGS = $(AM_CPPFLAGS)
+ 
++lib1948_SOURCES = lib1948.c $(SUPPORTFILES)
++lib1948_LDADD = $(TESTUTIL_LIBS)
++lib1948_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1948
++
+ lib3010_SOURCES = lib3010.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
+ lib3010_LDADD = $(TESTUTIL_LIBS)
+ lib3010_CPPFLAGS = $(AM_CPPFLAGS)
+diff --git a/tests/libtest/lib1948.c b/tests/libtest/lib1948.c
+new file mode 100644
+index 0000000..7c891a2
+--- /dev/null
++++ b/tests/libtest/lib1948.c
+@@ -0,0 +1,79 @@
++/***************************************************************************
++ *                                  _   _ ____  _
++ *  Project                     ___| | | |  _ \| |
++ *                             / __| | | | |_) | |
++ *                            | (__| |_| |  _ <| |___
++ *                             \___|\___/|_| \_\_____|
++ *
++ * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
++ *
++ * This software is licensed as described in the file COPYING, which
++ * you should have received as part of this distribution. The terms
++ * are also available at https://curl.haxx.se/docs/copyright.html.
++ *
++ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
++ * copies of the Software, and permit persons to whom the Software is
++ * furnished to do so, under the terms of the COPYING file.
++ *
++ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
++ * KIND, either express or implied.
++ *
++ * SPDX-License-Identifier: curl
++ *
++ ***************************************************************************/
++
++#include "test.h"
++
++typedef struct
++{
++  char *buf;
++  size_t len;
++} put_buffer;
++
++static size_t put_callback(char *ptr, size_t size, size_t nmemb, void *stream)
++{
++  put_buffer *putdata = (put_buffer *)stream;
++  size_t totalsize = size * nmemb;
++  size_t tocopy = (putdata->len < totalsize) ? putdata->len : totalsize;
++  memcpy(ptr, putdata->buf, tocopy);
++  putdata->len -= tocopy;
++  putdata->buf += tocopy;
++  return tocopy;
++}
++
++int test(char *URL)
++{
++  CURL *curl;
++  CURLcode res = CURLE_OUT_OF_MEMORY;
++
++  curl_global_init(CURL_GLOBAL_DEFAULT);
++
++  curl = curl_easy_init();
++  if(curl) {
++    const char *testput = "This is test PUT data\n";
++    put_buffer pbuf;
++
++    /* PUT */
++    curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L);
++    curl_easy_setopt(curl, CURLOPT_HEADER, 1L);
++    curl_easy_setopt(curl, CURLOPT_READFUNCTION, put_callback);
++    pbuf.buf = (char *)testput;
++    pbuf.len = strlen(testput);
++    curl_easy_setopt(curl, CURLOPT_READDATA, &pbuf);
++    curl_easy_setopt(curl, CURLOPT_INFILESIZE, (long)strlen(testput));
++    res = curl_easy_setopt(curl, CURLOPT_URL, URL);
++    if(!res)
++      res = curl_easy_perform(curl);
++    if(!res) {
++      /* POST */
++      curl_easy_setopt(curl, CURLOPT_POST, 1L);
++      curl_easy_setopt(curl, CURLOPT_POSTFIELDS, testput);
++      curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, (long)strlen(testput));
++      res = curl_easy_perform(curl);
++    }
++    curl_easy_cleanup(curl);
++  }
++
++  curl_global_cleanup();
++  return (int)res;
++}
+-- 
+2.37.3
+
diff --git a/0105-curl-7.63.0-lib1560-valgrind.patch b/0105-curl-7.63.0-lib1560-valgrind.patch
index f492ac5..ae24828 100644
--- a/0105-curl-7.63.0-lib1560-valgrind.patch
+++ b/0105-curl-7.63.0-lib1560-valgrind.patch
@@ -26,7 +26,7 @@ diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc
 index 080421b..ea3b806 100644
 --- a/tests/libtest/Makefile.inc
 +++ b/tests/libtest/Makefile.inc
-@@ -592,6 +592,7 @@ lib1559_SOURCES = lib1559.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
+@@ -593,6 +593,7 @@ lib1559_SOURCES = lib1559.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
  lib1559_LDADD = $(TESTUTIL_LIBS)
  
  lib1560_SOURCES = lib1560.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
diff --git a/curl.spec b/curl.spec
index e38c1e7..e0c86ac 100644
--- a/curl.spec
+++ b/curl.spec
@@ -1,7 +1,7 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
 Version: 7.76.1
-Release: 20%{?dist}
+Release: 21%{?dist}
 License: MIT
 Source: https://curl.se/download/%{name}-%{version}.tar.xz
 
@@ -65,6 +65,9 @@ Patch20:  0020-curl-7.76.1-openldap-rebase.patch
 # control code in cookie denial of service (CVE-2022-35252)
 Patch21:  0021-curl-7.76.1-CVE-2022-35252.patch
 
+# fix POST following PUT confusion (CVE-2022-32221)
+Patch22:  0022-curl-7.76.1-CVE-2022-32221.patch
+
 # patch making libcurl multilib ready
 Patch101: 0101-curl-7.32.0-multilib.patch
 
@@ -260,6 +263,7 @@ be installed.
 %patch19 -p1
 %patch20 -p1
 %patch21 -p1
+%patch22 -p1
 
 # Fedora patches
 %patch101 -p1
@@ -480,6 +484,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
 
 %changelog
+* Wed Oct 26 2022 Kamil Dudka <kdudka@redhat.com> - 7.76.1-21
+- fix POST following PUT confusion (CVE-2022-32221)
+
 * Fri Sep 02 2022 Kamil Dudka <kdudka@redhat.com> - 7.76.1-20
 - control code in cookie denial of service (CVE-2022-35252)