5 changed files with 61 additions and 588 deletions
--- a/SOURCES/0053-curl-7.61.1-password-when-keyboard-interactive-fails.patch
+++ b/SOURCES/0053-curl-7.61.1-password-when-keyboard-interactive-fails.patch
@ -153,7 +153,7 @@ index 7ebe61321419f..1cecb649cb623 100644
       if(rc == SSH_OK) {
         sshc->authed = TRUE;
         infof(data, "completed keyboard interactive authentication\n");
-+        state(conn, SSH_AUTH_DONE);
+        state(data, SSH_AUTH_DONE);
 +      }
 +      else {
 +        MOVE_TO_PASSWD_AUTH;
--- a/SOURCES/0061-curl-7.61.1-CVE-2024-2398.patch
+++ b/SOURCES/0061-curl-7.61.1-CVE-2024-2398.patch
@ -1,80 +0,0 @@
 From deca8039991886a559b67bcd6701db800a5cf764 Mon Sep 17 00:00:00 2001
 From: Stefan Eissing <stefan@eissing.org>
 Date: Wed, 6 Mar 2024 09:36:08 +0100
 Subject: [PATCH] http2: push headers better cleanup
 - provide common cleanup method for push headers
 Closes #13054
 ---
 lib/http2.c | 34 +++++++++++++++-------------------
 1 file changed, 15 insertions(+), 19 deletions(-)
 diff --git a/lib/http2.c b/lib/http2.c
 index c63ecd38371ab4..96868728a53a1f 100644
 --- a/lib/http2.c
 +++ b/lib/http2.c
@@ -271,6 +271,15 @@ static CURLcode http2_data_setup(struct Curl_cfilter *cf,
   return http2_perform_getsock(conn, sock, numsocks);
 }
 +static void free_push_headers(struct HTTP *http)
 +{
 +  size_t i;
 +  for(i = 0; i<http->push_headers_used; i++)
 +    free(http->push_headers[i]);
 +  Curl_safefree(http->push_headers);
 +  http->push_headers_used = 0;
 +}
 +
 /*
  * http2_stream_free() free HTTP2 stream related data
  */
@@ -306,11 +315,7 @@ static void http2_data_done(struct Curl_cfilter *cf,
     http->header_recvbuf = NULL; /* clear the pointer */
     Curl_add_buffer_free(http->trailer_recvbuf);
     http->trailer_recvbuf = NULL; /* clear the pointer */
 -    for(; http->push_headers_used > 0; --http->push_headers_used) {
 -      free(http->push_headers[http->push_headers_used - 1]);
 -    }
 -    free(http->push_headers);
 -    http->push_headers = NULL;
 +    free_push_headers(http);
   }
 }
@@ -860,7 +861,6 @@ static int push_promise(struct Curl_cfilter *cf,
     struct curl_pushheaders heads;
     CURLMcode rc;
     struct http_conn *httpc;
 -    size_t i;
     /* clone the parent */
     struct Curl_easy *newhandle = duphandle(data);
     if(!newhandle) {
@@ -904,11 +904,7 @@ static int push_promise(struct Curl_cfilter *cf,
     Curl_set_in_callback(data, false);
     /* free the headers again */
 -    for(i = 0; i<stream->push_headers_used; i++)
 -      free(stream->push_headers[i]);
 -    free(stream->push_headers);
 -    stream->push_headers = NULL;
 -    stream->push_headers_used = 0;
 +    free_push_headers(stream);
     if(rv) {
       /* denied, kill off the new handle again */
@@ -1426,10 +1422,10 @@ static int on_header(nghttp2_session *session, const nghttp2_frame *frame,
             stream->push_headers_alloc) {
       char **headp;
       stream->push_headers_alloc *= 2;
 -      headp = Curl_saferealloc(stream->push_headers,
 -                               stream->push_headers_alloc * sizeof(char *));
 +      headp = realloc(stream->push_headers,
 +                      stream->push_headers_alloc * sizeof(char *));
       if(!headp) {
 -        stream->push_headers = NULL;
 +        free_push_headers(stream);
         return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE;
       }
       stream->push_headers = headp;
--- a/SOURCES/0062-curl-7.61.1-socketpair-to-wait-on.patch
+++ b/SOURCES/0062-curl-7.61.1-socketpair-to-wait-on.patch
@ -1,146 +0,0 @@
 From eb9a604f8d7db859555adc0ddacdabd1ed986106 Mon Sep 17 00:00:00 2001
 From: amkatyal <amkatyal@cisco.com>
 Date: Fri, 26 Jul 2019 21:28:41 +0530
 Subject: [PATCH] asyn-thread: create a socketpair to wait on
 Closes #4157
 ---
 lib/asyn-thread.c | 76 ++++++++++++++++++++++++++++++++++++++++-------
 lib/multi.c       |  0
 2 files changed, 65 insertions(+), 11 deletions(-)
 mode change 100644 => 100755 lib/asyn-thread.c
 mode change 100644 => 100755 lib/multi.c
 diff --git a/lib/asyn-thread.c b/lib/asyn-thread.c
 old mode 100644
 new mode 100755
 index 5f33c9affd0f27..f17638e44e6b18
 --- a/lib/asyn-thread.c
 +++ b/lib/asyn-thread.c
@@ -163,6 +163,9 @@ struct thread_sync_data {
   char *hostname;        /* hostname to resolve, Curl_async.hostname
                             duplicate */
   int port;
 +#ifdef HAVE_SOCKETPAIR
 +  curl_socket_t sock_pair[2]; /* socket pair */
 +#endif
   int sock_error;
   Curl_addrinfo *res;
 #ifdef HAVE_GETADDRINFO
@@ -197,6 +200,16 @@ void destroy_thread_sync_data(struct thread_sync_data * tsd)
   if(tsd->res)
     Curl_freeaddrinfo(tsd->res);
 +#ifdef HAVE_SOCKETPAIR
 +  /* close socket pair */
 +  if(tsd->sock_pair[0] != CURL_SOCKET_BAD) {
 +    sclose(tsd->sock_pair[0]);
 +  }
 +
 +  if(tsd->sock_pair[1] != CURL_SOCKET_BAD) {
 +    sclose(tsd->sock_pair[1]);
 +  }
 +#endif
   memset(tsd, 0, sizeof(*tsd));
 }
@@ -230,6 +243,14 @@ int init_thread_sync_data(struct thread_data * td,
   Curl_mutex_init(tsd->mtx);
 +#ifdef HAVE_SOCKETPAIR
 +  /* create socket pair */
 +  if(socketpair(AF_LOCAL, SOCK_STREAM, 0, &tsd->sock_pair[0]) < 0) {
 +    tsd->sock_pair[0] = CURL_SOCKET_BAD;
 +    tsd->sock_pair[1] = CURL_SOCKET_BAD;
 +    goto err_exit;
 +  }
 +#endif
   tsd->sock_error = CURL_ASYNC_SUCCESS;
   /* Copying hostname string because original can be destroyed by parent
@@ -297,6 +318,9 @@ static unsigned int CURL_STDCALL getaddrinfo_thread(void *arg)
   struct thread_data *td = tsd->td;
   char service[12];
   int rc;
 +#ifdef HAVE_SOCKETPAIR
 +  char buf[1];
 +#endif
   snprintf(service, sizeof(service), "%d", tsd->port);
@@ -298,6 +322,16 @@ static unsigned int CURL_STDCALL getaddrinfo_thread(void *arg)
     free(td);
   }
   else {
 +#ifdef HAVE_SOCKETPAIR
 +    if(tsd->sock_pair[1] != CURL_SOCKET_BAD) {
 +      /* DNS has been resolved, signal client task */
 +      buf[0] = 1;
 +      if(write(tsd->sock_pair[1],  buf, sizeof(buf)) < 0) {
 +        /* update sock_erro to errno */
 +        tsd->sock_error = SOCKERRNO;
 +      }
 +    }
 +#endif
     tsd->done = 1;
     Curl_mutex_release(tsd->mtx);
   }
@@ -595,23 +629,43 @@ int Curl_resolver_getsock(struct connectdata *conn,
                           curl_socket_t *socks,
                           int numsocks)
 {
 +  int ret_val = 0;
   time_t milli;
   timediff_t ms;
   struct Curl_easy *data = conn->data;
   struct resdata *reslv = (struct resdata *)data->state.resolver;
 +#ifdef HAVE_SOCKETPAIR
 +  struct thread_data *td = (struct thread_data*)conn->async.os_specific;
 +  int loop_idx;
 +#else
   (void)socks;
   (void)numsocks;
 -  ms = Curl_timediff(Curl_now(), reslv->start);
 -  if(ms < 3)
 -    milli = 0;
 -  else if(ms <= 50)
 -    milli = ms/3;
 -  else if(ms <= 250)
 -    milli = 50;
 -  else
 -    milli = 200;
 -  Curl_expire(data, milli, EXPIRE_ASYNC_NAME);
 -  return 0;
 +#endif
 +
 +#ifdef HAVE_SOCKETPAIR
 +  if(td) {
 +    /* return read fd to client for polling the DNS resolution status */
 +    socks[0] = td->tsd.sock_pair[0];
 +    ret_val = GETSOCK_READSOCK(0);
 +  }
 +  else {
 +#endif
 +    ms = Curl_timediff(Curl_now(), reslv->start);
 +    if(ms < 3)
 +      milli = 0;
 +    else if(ms <= 50)
 +      milli = ms/3;
 +    else if(ms <= 250)
 +      milli = 50;
 +    else
 +      milli = 200;
 +    Curl_expire(data, milli, EXPIRE_ASYNC_NAME);
 +#ifdef HAVE_SOCKETPAIR
 +  }
 +#endif
 +
 +
 +  return ret_val;
 }
 #ifndef HAVE_GETADDRINFO
 diff --git a/lib/multi.c b/lib/multi.c
 old mode 100644
 new mode 100755
--- a/SOURCES/0063-curl-7.61.1-native-md5.patch
+++ b/SOURCES/0063-curl-7.61.1-native-md5.patch
@ -1,279 +0,0 @@
 diff -up curl-7.61.1/lib/curl_md5.h.RHEL-32335 curl-7.61.1/lib/curl_md5.h
 --- curl-7.61.1/lib/curl_md5.h.RHEL-32335	2024-04-10 10:09:36.758098940 +0200
 +++ curl-7.61.1/lib/curl_md5.h	2024-04-10 10:10:22.426370509 +0200
@@ -49,8 +49,8 @@ typedef struct {
 extern const MD5_params Curl_DIGEST_MD5[1];
 extern const HMAC_params Curl_HMAC_MD5[1];
 -void Curl_md5it(unsigned char *output,
 -                const unsigned char *input);
 +void Curl_md5it(unsigned char *output, const unsigned char *input,
 +                const size_t len);
 MD5_context * Curl_MD5_init(const MD5_params *md5params);
 int Curl_MD5_update(MD5_context *context,
 diff -up curl-7.61.1/lib/curl_ntlm_core.h.RHEL-32335 curl-7.61.1/lib/curl_ntlm_core.h
 --- curl-7.61.1/lib/curl_ntlm_core.h.RHEL-32335	2024-04-10 09:52:39.872042425 +0200
 +++ curl-7.61.1/lib/curl_ntlm_core.h	2024-04-10 09:54:46.230795176 +0200
@@ -48,9 +48,9 @@
 #endif
 /* Define USE_NTLM2SESSION in order to make the type-3 message include the
 -   NTLM2Session response message, requires USE_NTRESPONSES defined to 1 and a
 -   Crypto engine that we have curl_ssl_md5sum() for. */
 -#if defined(USE_NTRESPONSES) && !defined(USE_WIN32_CRYPTO)
 +   NTLM2Session response message, requires USE_NTRESPONSES defined to 1 and
 +   MD5 support */
 +#if defined(USE_NTRESPONSES) && !defined(CURL_DISABLE_CRYPTO_AUTH)
 #define USE_NTLM2SESSION
 #endif
 diff -up curl-7.61.1/lib/curl_sha256.h.RHEL-32335 curl-7.61.1/lib/curl_sha256.h
 --- curl-7.61.1/lib/curl_sha256.h.RHEL-32335	2024-04-10 10:13:40.975551190 +0200
 +++ curl-7.61.1/lib/curl_sha256.h	2024-04-10 10:14:00.251665815 +0200
@@ -24,8 +24,8 @@
 #ifndef CURL_DISABLE_CRYPTO_AUTH
 -void Curl_sha256it(unsigned char *outbuffer,
 -                const unsigned char *input);
 +void Curl_sha256it(unsigned char *outbuffer, const unsigned char *input,
 +                   const size_t len);
 #endif
 diff -up curl-7.61.1/lib/md5.c.RHEL-32335 curl-7.61.1/lib/md5.c
 --- curl-7.61.1/lib/md5.c.RHEL-32335	2024-04-10 10:10:39.831474009 +0200
 +++ curl-7.61.1/lib/md5.c	2024-04-10 10:13:29.963485706 +0200
@@ -519,12 +519,13 @@ const MD5_params Curl_DIGEST_MD5[] = {
 /*
  * @unittest: 1601
  */
 -void Curl_md5it(unsigned char *outbuffer, /* 16 bytes */
 -                const unsigned char *input)
 +void Curl_md5it(unsigned char *outbuffer, const unsigned char *input,
 +                const size_t len)
 {
   MD5_CTX ctx;
 +
   MD5_Init(&ctx);
 -  MD5_Update(&ctx, input, curlx_uztoui(strlen((char *)input)));
 +  MD5_Update(&ctx, input, curlx_uztoui(len));
   MD5_Final(outbuffer, &ctx);
 }
 diff -up curl-7.61.1/lib/sha256.c.RHEL-32335 curl-7.61.1/lib/sha256.c
 --- curl-7.61.1/lib/sha256.c.RHEL-32335	2024-04-10 10:14:32.047854892 +0200
 +++ curl-7.61.1/lib/sha256.c	2024-04-10 10:15:23.010157942 +0200
@@ -255,12 +255,13 @@ static int SHA256_Final(unsigned char *o
 #endif
 -void Curl_sha256it(unsigned char *outbuffer, /* 32 unsigned chars */
 -                   const unsigned char *input)
 +void Curl_sha256it(unsigned char *outbuffer, const unsigned char *input,
 +                   const size_t len)
 {
   SHA256_CTX ctx;
 +
   SHA256_Init(&ctx);
 -  SHA256_Update(&ctx, input, curlx_uztoui(strlen((char *)input)));
 +  SHA256_Update(&ctx, input, curlx_uztoui(len));
   SHA256_Final(outbuffer, &ctx);
 }
 diff -up curl-7.61.1/lib/vauth/digest.c.RHEL-32335 curl-7.61.1/lib/vauth/digest.c
 --- curl-7.61.1/lib/vauth/digest.c.RHEL-32335	2024-04-10 10:15:31.737209838 +0200
 +++ curl-7.61.1/lib/vauth/digest.c	2024-04-10 10:20:11.293872233 +0200
@@ -62,7 +62,7 @@
    what ultimately goes over the network.
 */
 #define CURL_OUTPUT_DIGEST_CONV(a, b) \
 -  result = Curl_convert_to_network(a, (char *)b, strlen((const char *)b)); \
 +  result = Curl_convert_to_network(a, b, strlen(b)); \
   if(result) { \
     free(b); \
     return result; \
@@ -687,12 +687,12 @@ static CURLcode _Curl_auth_create_digest
                   struct digestdata *digest,
                   char **outptr, size_t *outlen,
                   void (*convert_to_ascii)(unsigned char *, unsigned char *),
 -                  void (*hash)(unsigned char *, const unsigned char *))
 +                  void (*hash)(unsigned char *, const unsigned char *,
 +                               const size_t))
 {
   CURLcode result;
   unsigned char hashbuf[32]; /* 32 bytes/256 bits */
   unsigned char request_digest[65];
 -  unsigned char *hashthis;
   unsigned char ha1[65];    /* 64 digits and 1 zero byte */
   unsigned char ha2[65];    /* 64 digits and 1 zero byte */
   char userh[65];
@@ -700,6 +700,7 @@ static CURLcode _Curl_auth_create_digest
   size_t cnonce_sz = 0;
   char *userp_quoted;
   char *response = NULL;
 +  char *hashthis = NULL;
   char *tmp = NULL;
   if(!digest->nc)
@@ -721,12 +722,12 @@ static CURLcode _Curl_auth_create_digest
   }
   if(digest->userhash) {
 -    hashthis = (unsigned char *) aprintf("%s:%s", userp, digest->realm);
 +    hashthis = aprintf("%s:%s", userp, digest->realm);
     if(!hashthis)
       return CURLE_OUT_OF_MEMORY;
     CURL_OUTPUT_DIGEST_CONV(data, hashthis);
 -    hash(hashbuf, hashthis);
 +    hash(hashbuf, (unsigned char *) hashthis, strlen(hashthis));
     free(hashthis);
     convert_to_ascii(hashbuf, (unsigned char *)userh);
   }
@@ -742,14 +743,13 @@ static CURLcode _Curl_auth_create_digest
            unq(nonce-value) ":" unq(cnonce-value)
   */
 -  hashthis = (unsigned char *)
 -    aprintf("%s:%s:%s", digest->userhash ? userh : userp,
 -                                    digest->realm, passwdp);
 +  hashthis = aprintf("%s:%s:%s", digest->userhash ? userh : userp,
 +                                 digest->realm, passwdp);
   if(!hashthis)
     return CURLE_OUT_OF_MEMORY;
   CURL_OUTPUT_DIGEST_CONV(data, hashthis); /* convert on non-ASCII machines */
 -  hash(hashbuf, hashthis);
 +  hash(hashbuf, (unsigned char *) hashthis, strlen(hashthis));
   free(hashthis);
   convert_to_ascii(hashbuf, ha1);
@@ -762,7 +762,7 @@ static CURLcode _Curl_auth_create_digest
       return CURLE_OUT_OF_MEMORY;
     CURL_OUTPUT_DIGEST_CONV(data, tmp); /* Convert on non-ASCII machines */
 -    hash(hashbuf, (unsigned char *) tmp);
 +    hash(hashbuf, (unsigned char *) tmp, strlen(tmp));
     free(tmp);
     convert_to_ascii(hashbuf, ha1);
   }
@@ -780,18 +780,18 @@ static CURLcode _Curl_auth_create_digest
     5.1.1 of RFC 2616)
   */
 -  hashthis = (unsigned char *) aprintf("%s:%s", request, uripath);
 +  hashthis = aprintf("%s:%s", request, uripath);
   if(digest->qop && strcasecompare(digest->qop, "auth-int")) {
     /* We don't support auth-int for PUT or POST at the moment.
        TODO: replace hash of empty string with entity-body for PUT/POST */
     char hashed[65];
 -    unsigned char *hashthis2;
 +    char *hashthis2;
 -    hash(hashbuf, (const unsigned char *)"");
 +    hash(hashbuf, (const unsigned char *)"", 0);
     convert_to_ascii(hashbuf, (unsigned char *)hashed);
 -    hashthis2 = (unsigned char *)aprintf("%s:%s", hashthis, hashed);
 +    hashthis2 = aprintf("%s:%s", hashthis, hashed);
     free(hashthis);
     hashthis = hashthis2;
   }
@@ -800,31 +800,23 @@ static CURLcode _Curl_auth_create_digest
     return CURLE_OUT_OF_MEMORY;
   CURL_OUTPUT_DIGEST_CONV(data, hashthis); /* convert on non-ASCII machines */
 -  hash(hashbuf, hashthis);
 +  hash(hashbuf, (unsigned char *) hashthis, strlen(hashthis));
   free(hashthis);
   convert_to_ascii(hashbuf, ha2);
   if(digest->qop) {
 -    hashthis = (unsigned char *) aprintf("%s:%s:%08x:%s:%s:%s",
 -                                        ha1,
 -                                        digest->nonce,
 -                                        digest->nc,
 -                                        digest->cnonce,
 -                                        digest->qop,
 -                                        ha2);
 +    hashthis = aprintf("%s:%s:%08x:%s:%s:%s", ha1, digest->nonce, digest->nc,
 +                       digest->cnonce, digest->qop, ha2);
   }
   else {
 -    hashthis = (unsigned char *) aprintf("%s:%s:%s",
 -                                        ha1,
 -                                        digest->nonce,
 -                                        ha2);
 +    hashthis = aprintf("%s:%s:%s", ha1, digest->nonce, ha2);
   }
   if(!hashthis)
     return CURLE_OUT_OF_MEMORY;
   CURL_OUTPUT_DIGEST_CONV(data, hashthis); /* convert on non-ASCII machines */
 -  hash(hashbuf, hashthis);
 +  hash(hashbuf, (unsigned char *) hashthis, strlen(hashthis));
   free(hashthis);
   convert_to_ascii(hashbuf, request_digest);
 diff -up curl-7.61.1/lib/vauth/ntlm.c.RHEL-32335 curl-7.61.1/lib/vauth/ntlm.c
 --- curl-7.61.1/lib/vauth/ntlm.c.RHEL-32335	2024-04-10 09:51:15.114537483 +0200
 +++ curl-7.61.1/lib/vauth/ntlm.c	2024-04-10 09:52:26.411962237 +0200
@@ -40,6 +40,7 @@
 #include "curl_ntlm_core.h"
 #include "curl_gethostname.h"
 #include "curl_multibyte.h"
 +#include "curl_md5.h"
 #include "warnless.h"
 #include "rand.h"
 #include "vtls/vtls.h"
@@ -621,11 +622,10 @@ CURLcode Curl_auth_create_ntlm_type3_mes
     memcpy(tmp, &ntlm->nonce[0], 8);
     memcpy(tmp + 8, entropy, 8);
 -    result = Curl_ssl_md5sum(tmp, 16, md5sum, MD5_DIGEST_LENGTH);
 -    if(!result)
 -      /* We shall only use the first 8 bytes of md5sum, but the des code in
 -         Curl_ntlm_core_lm_resp only encrypt the first 8 bytes */
 -      result = Curl_ntlm_core_mk_nt_hash(data, passwdp, ntbuffer);
 +    Curl_md5it(md5sum, tmp, 16);
 +    /* We shall only use the first 8 bytes of md5sum, but the des code in
 +       Curl_ntlm_core_lm_resp only encrypt the first 8 bytes */
 +    result = Curl_ntlm_core_mk_nt_hash(data, passwdp, ntbuffer);
     if(result)
       return result;
 diff -up curl-7.61.1/tests/unit/unit1601.c.RHEL-32335 curl-7.61.1/tests/unit/unit1601.c
 --- curl-7.61.1/tests/unit/unit1601.c.RHEL-32335	2024-04-10 10:20:19.347920127 +0200
 +++ curl-7.61.1/tests/unit/unit1601.c	2024-04-10 10:21:53.606480641 +0200
@@ -36,18 +36,19 @@ static void unit_stop(void)
 UNITTEST_START
 #ifndef CURL_DISABLE_CRYPTO_AUTH
 -  unsigned char output[16];
 +  const char string1[] = "1";
 +  const char string2[] = "hello-you-fool";
 +  unsigned char output[MD5_DIGEST_LEN];
   unsigned char *testp = output;
 -  Curl_md5it(output, (const unsigned char *)"1");
 -/* !checksrc! disable LONGLINE 2 */
 -  verify_memory(testp,
 -                "\xc4\xca\x42\x38\xa0\xb9\x23\x82\x0d\xcc\x50\x9a\x6f\x75\x84\x9b", 16);
 +  Curl_md5it(output, (const unsigned char *) string1, strlen(string1));
 +  verify_memory(testp, "\xc4\xca\x42\x38\xa0\xb9\x23\x82\x0d\xcc\x50\x9a\x6f"
 +                "\x75\x84\x9b", MD5_DIGEST_LEN);
 -  Curl_md5it(output, (const unsigned char *)"hello-you-fool");
 +  Curl_md5it(output, (const unsigned char *) string2, strlen(string2));
 -  verify_memory(testp,
 -                "\x88\x67\x0b\x6d\x5d\x74\x2f\xad\xa5\xcd\xf9\xb6\x82\x87\x5f\x22", 16);
 +  verify_memory(testp, "\x88\x67\x0b\x6d\x5d\x74\x2f\xad\xa5\xcd\xf9\xb6\x82"
 +                "\x87\x5f\x22", MD5_DIGEST_LEN);
 #endif
--- a/SPECS/curl.spec
+++ b/SPECS/curl.spec
@ -1,7 +1,7 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
 Version: 7.61.1
-Release: 34%{?dist}.3
+Release: 34%{?dist}
 License: MIT
 Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz
@ -175,15 +175,6 @@ Patch59:  0059-curl-7.61.1-CVE-2023-46218.patch
 # lowercase headernames
 Patch60:  0060-curl-7.61.1-lowercase-headernames.patch
 # provide common cleanup method for push headers (CVE-2024-2398)
 Patch61:  0061-curl-7.61.1-CVE-2024-2398.patch
 # asyn-thread: create a socketpair to wait on
 Patch62:  0062-curl-7.61.1-socketpair-to-wait-on.patch
 # fix crash, when talking to a NTLM proxy in FIPS mode
 Patch63:  0063-curl-7.61.1-native-md5.patch
 # patch making libcurl multilib ready
 Patch101: 0101-curl-7.32.0-multilib.patch
@ -344,82 +335,79 @@ be installed.
 %setup -q
 # upstream patches
-%patch -P 1 -p1
+%patch1 -p1
-%patch -P 2 -p1
+%patch2 -p1
-%patch -P 3 -p1
+%patch3 -p1
 git init
 git apply %{PATCH4}
-%patch -P 5 -p1
+%patch5 -p1
-%patch -P 6 -p1
+%patch6 -p1
-%patch -P 7 -p1
+%patch7 -p1
-%patch -P 8 -p1
+%patch8 -p1
-%patch -P 9 -p1
+%patch9 -p1
-%patch -P 10 -p1
+%patch10 -p1
-%patch -P 11 -p1
+%patch11 -p1
-%patch -P 14 -p1
+%patch14 -p1
 # Fedora patches
-%patch -P 101 -p1
+%patch101 -p1
-%patch -P 102 -p1
+%patch102 -p1
-%patch -P 103 -p1
+%patch103 -p1
-%patch -P 104 -p1
+%patch104 -p1
 # use different port range for 32bit and 64bit builds, thus make it possible
 # to run both the builds in parallel on the same machine
-%patch -P 105 -p1
+%patch105 -p1
 sed -e 's|%%HTTPPORT|%{?__isa_bits}90|g' -i tests/data/test1448
 # upstream patches
-%patch -P 17 -p1
+%patch17 -p1
-%patch -P 18 -p1
+%patch18 -p1
-%patch -P 19 -p1
+%patch19 -p1
-%patch -P 20 -p1
+%patch20 -p1
-%patch -P 21 -p1
+%patch21 -p1
-%patch -P 22 -p1
+%patch22 -p1
-%patch -P 23 -p1
+%patch23 -p1
-%patch -P 24 -p1
+%patch24 -p1
-%patch -P 25 -p1
+%patch25 -p1
-%patch -P 26 -p1
+%patch26 -p1
-%patch -P 27 -p1
+%patch27 -p1
-%patch -P 28 -p1
+%patch28 -p1
-%patch -P 29 -p1
+%patch29 -p1
-%patch -P 30 -p1
+%patch30 -p1
-%patch -P 31 -p1
+%patch31 -p1
-%patch -P 32 -p1
+%patch32 -p1
-%patch -P 33 -p1
+%patch33 -p1
-%patch -P 34 -p1
+%patch34 -p1
-%patch -P 35 -p1
+%patch35 -p1
-%patch -P 36 -p1
+%patch36 -p1
-%patch -P 37 -p1
+%patch37 -p1
-%patch -P 38 -p1
+%patch38 -p1
 sed -e 's|:8992/|:%{?__isa_bits}92/|g' -i tests/data/test97{3..6}
-%patch -P 39 -p1
+%patch39 -p1
-%patch -P 40 -p1
+%patch40 -p1
-%patch -P 41 -p1
+%patch41 -p1
-%patch -P 42 -p1
+%patch42 -p1
-%patch -P 43 -p1
+%patch43 -p1
-%patch -P 44 -p1
+%patch44 -p1
-%patch -P 45 -p1
+%patch45 -p1
-%patch -P 46 -p1
+%patch46 -p1
-%patch -P 47 -p1
+%patch47 -p1
-%patch -P 48 -p1
+%patch48 -p1
-%patch -P 49 -p1
+%patch49 -p1
-%patch -P 50 -p1
+%patch50 -p1
-%patch -P 51 -p1
+%patch51 -p1
 git apply %{PATCH52}
-%patch -P 53 -p1
+%patch53 -p1
-%patch -P 54 -p1
+%patch54 -p1
-%patch -P 55 -p1
+%patch55 -p1
-%patch -P 56 -p1
+%patch56 -p1
-%patch -P 57 -p1
+%patch57 -p1
-%patch -P 58 -p1
+%patch58 -p1
-%patch -P 59 -p1
+%patch59 -p1
-%patch -P 60 -p1
+%patch60 -p1
 %patch -P 61 -p1
 %patch -P 62 -p1
 %patch -P 63 -p1
 # make tests/*.py use Python 3
 sed -e '1 s|^#!/.*python|#!%{__python3}|' -i tests/*.py
@ -582,16 +570,6 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
 %changelog
 * Wed Oct 30 2024 Jacek Migacz <jmigacz@redhat.com> - 7.61.1-34.el8_10.3
 - asyn-thread: create a socketpair to wait on (RHEL-34906)
 - fix crash, when talking to a NTLM proxy in FIPS mode (RHEL-32641)
 * Wed Aug 14 2024 Jacek Migacz <jmigacz@redhat.com> - 7.61.1-34.el8_10.2
 - provide common cleanup method for push headers (CVE-2024-2398)
 * Tue Jun 25 2024 Jacek Migacz <jmigacz@redhat.com> - 7.61.1-34.el8_10.1
 - fix incorrect backport of bz2229800 (RHEL-44684)
 * Tue Sep 19 2023 Jacek Migacz <jmigacz@redhat.com> - 7.61.1-34
 - when keyboard-interactive auth fails, try password (#2229800)
 - cap SFTP packet size sent (RHEL-5311)