!296 [sync] PR-293: backport some patches from community

From: @openeuler-sync-bot 
Reviewed-by: @jiangheng12 
Signed-off-by: @jiangheng12

backport-0001-CVE-2023-46219.patch

@@ -0,0 +1,134 @@
+From 73b65e94f3531179de45c6f3c836a610e3d0a846 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 23 Nov 2023 08:23:17 +0100
+Subject: [PATCH] fopen: create short(er) temporary file name
+
+Only using random letters in the name plus a ".tmp" extension. Not by
+appending characters to the final file name.
+
+Reported-by: Maksymilian Arciemowicz
+
+Closes #12388
+
+Conflict:Curl_rand_alnum -> Curl_rand_hex
+Context adapt
+Reference:https://github.com/curl/curl/commit/73b65e94f3531179de45c6f3c836a610e3d0a846
+---
+ lib/fopen.c | 65 ++++++++++++++++++++++++++++++++++++++++++++++++-----
+ 1 file changed, 60 insertions(+), 5 deletions(-)
+
+diff --git a/lib/fopen.c b/lib/fopen.c
+index 75b8a7aa5..a73ac068e 100644
+--- a/lib/fopen.c
++++ b/lib/fopen.c
+@@ -39,6 +39,51 @@
+ #include "curl_memory.h"
+ #include "memdebug.h"
+ 
++/*
++  The dirslash() function breaks a null-terminated pathname string into
++  directory and filename components then returns the directory component up
++  to, *AND INCLUDING*, a final '/'.  If there is no directory in the path,
++  this instead returns a "" string.
++
++  This function returns a pointer to malloc'ed memory.
++
++  The input path to this function is expected to have a file name part.
++*/
++
++#ifdef _WIN32
++#define PATHSEP "\\"
++#define IS_SEP(x) (((x) == '/') || ((x) == '\\'))
++#elif defined(MSDOS) || defined(__EMX__) || defined(OS2)
++#define PATHSEP "\\"
++#define IS_SEP(x) ((x) == '\\')
++#else
++#define PATHSEP "/"
++#define IS_SEP(x) ((x) == '/')
++#endif
++
++static char *dirslash(const char *path)
++{
++  size_t n;
++  struct dynbuf out;
++  DEBUGASSERT(path);
++  Curl_dyn_init(&out, CURL_MAX_INPUT_LENGTH);
++  n = strlen(path);
++  if(n) {
++    /* find the rightmost path separator, if any */
++    while(n && !IS_SEP(path[n-1]))
++      --n;
++    /* skip over all the path separators, if any */
++    while(n && IS_SEP(path[n-1]))
++      --n;
++  }
++  if(Curl_dyn_addn(&out, path, n))
++    return NULL;
++  /* if there was a directory, append a single trailing slash */
++  if(n && Curl_dyn_addn(&out, PATHSEP, 1))
++    return NULL;
++  return Curl_dyn_ptr(&out);
++}
++
+ /*
+  * Curl_fopen() opens a file for writing with a temp name, to be renamed
+  * to the final name when completed. If there is an existing file using this
+@@ -50,25 +95,34 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char *filename,
+                     FILE **fh, char **tempname)
+ {
+   CURLcode result = CURLE_WRITE_ERROR;
+-  unsigned char randsuffix[9];
++  unsigned char randbuf[41];
+   char *tempstore = NULL;
+   struct_stat sb;
+   int fd = -1;
++  char *dir;
+   *tempname = NULL;
+ 
++  dir = dirslash(filename);
++  if(!dir)
++    goto fail;
++
+   *fh = fopen(filename, FOPEN_WRITETEXT);
+   if(!*fh)
+     goto fail;
+-  if(fstat(fileno(*fh), &sb) == -1 || !S_ISREG(sb.st_mode))
++  if(fstat(fileno(*fh), &sb) == -1 || !S_ISREG(sb.st_mode)) {
++    free(dir);
+     return CURLE_OK;
++  }
+   fclose(*fh);
+   *fh = NULL;
+ 
+-  result = Curl_rand_hex(data, randsuffix, sizeof(randsuffix));
++  result = Curl_rand_hex(data, randbuf, sizeof(randbuf));
+   if(result)
+     goto fail;
+ 
+-  tempstore = aprintf("%s.%s.tmp", filename, randsuffix);
++  /* The temp file name should not end up too long for the target file
++     system */
++  tempstore = aprintf("%s%s.tmp", dir, randbuf);
+   if(!tempstore) {
+     result = CURLE_OUT_OF_MEMORY;
+     goto fail;
+@@ -95,6 +149,7 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char *filename,
+   if(!*fh)
+     goto fail;
+ 
++  free(dir);
+   *tempname = tempstore;
+   return CURLE_OK;
+ 
+@@ -105,7 +160,7 @@ fail:
+   }
+ 
+   free(tempstore);
+-
++  free(dir);
+   *tempname = NULL;
+   return result;
+ }
+-- 
+2.33.0
+

backport-0002-CVE-2023-46219.patch

@@ -0,0 +1,80 @@
+From f27b8dba73295cb5296a50f2c19c0739b502eb94 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Fri, 24 Nov 2023 09:46:32 +0100
+Subject: [PATCH] fopen: allocate the dir after fopen
+
+Move the allocation of the directory name down to after the fopen() call
+to allow that shortcut code path to avoid a superfluous malloc+free
+cycle.
+
+Follow-up to 73b65e94f35311
+
+Closes #12398
+
+Conflict:Context adapt
+Reference:https://github.com/curl/curl/commit/f27b8dba73295cb5296a50f2c19c0739b502eb94
+---
+ lib/fopen.c | 20 +++++++++-----------
+ 1 file changed, 9 insertions(+), 11 deletions(-)
+
+diff --git a/lib/fopen.c b/lib/fopen.c
+index 2e726cc95..851279fe1 100644
+--- a/lib/fopen.c
++++ b/lib/fopen.c
+@@ -99,18 +99,13 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char *filename,
+   char *tempstore = NULL;
+   struct_stat sb;
+   int fd = -1;
+-  char *dir;
++  char *dir = NULL;
+   *tempname = NULL;
+ 
+-  dir = dirslash(filename);
+-  if(!dir)
+-    goto fail;
+-
+   *fh = fopen(filename, FOPEN_WRITETEXT);
+   if(!*fh)
+     goto fail;
+   if(fstat(fileno(*fh), &sb) == -1 || !S_ISREG(sb.st_mode)) {
+-    free(dir);
+     return CURLE_OK;
+   }
+   fclose(*fh);
+@@ -120,9 +115,14 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char *filename,
+   if(result)
+     goto fail;
+ 
+-  /* The temp file name should not end up too long for the target file
+-     system */
+-  tempstore = aprintf("%s%s.tmp", dir, randbuf);
++  dir = dirslash(filename);
++  if(dir) {
++    /* The temp file name should not end up too long for the target file
++       system */
++    tempstore = aprintf("%s%s.tmp", dir, randbuf);
++    free(dir);
++  }
++
+   if(!tempstore) {
+     result = CURLE_OUT_OF_MEMORY;
+     goto fail;
+@@ -137,7 +137,6 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char *filename,
+   if(!*fh)
+     goto fail;
+ 
+-  free(dir);
+   *tempname = tempstore;
+   return CURLE_OK;
+ 
+@@ -148,7 +147,6 @@ fail:
+   }
+ 
+   free(tempstore);
+-  free(dir);
+   *tempname = NULL;
+   return result;
+ }
+-- 
+2.33.0
+

backport-CVE-2023-46218.patch

@@ -0,0 +1,51 @@
+From 2b0994c29a721c91c572cff7808c572a24d251eb Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 23 Nov 2023 08:15:47 +0100
+Subject: [PATCH] cookie: lowercase the domain names before PSL checks
+
+Reported-by: Harry Sintonen
+
+Closes #12387
+
+Conflict:acceptable = !bad_domain(domain, strlen(domain)); -> acceptable = !bad_domain(domain);
+Reference:https://github.com/curl/curl/commit/2b0994c29a721c91c57
+---
+ lib/cookie.c | 24 ++++++++++++++++--------
+ 1 file changed, 16 insertions(+), 8 deletions(-)
+
+diff --git a/lib/cookie.c b/lib/cookie.c
+index 568cf537ad1b1f..9095cea3e97f22 100644
+--- a/lib/cookie.c
++++ b/lib/cookie.c
+@@ -1027,15 +1027,23 @@ Curl_cookie_add(struct Curl_easy *data,
+    * dereference it.
+    */
+   if(data && (domain && co->domain && !Curl_host_is_ipnum(co->domain))) {
+-    const psl_ctx_t *psl = Curl_psl_use(data);
+-    int acceptable;
+-
+-    if(psl) {
+-      acceptable = psl_is_cookie_domain_acceptable(psl, domain, co->domain);
+-      Curl_psl_release(data);
++    bool acceptable = FALSE;
++    char lcase[256];
++    char lcookie[256];
++    size_t dlen = strlen(domain);
++    size_t clen = strlen(co->domain);
++    if((dlen < sizeof(lcase)) && (clen < sizeof(lcookie))) {
++      const psl_ctx_t *psl = Curl_psl_use(data);
++      if(psl) {
++        /* the PSL check requires lowercase domain name and pattern */
++        Curl_strntolower(lcase, domain, dlen + 1);
++        Curl_strntolower(lcookie, co->domain, clen + 1);
++        acceptable = psl_is_cookie_domain_acceptable(psl, lcase, lcookie);
++        Curl_psl_release(data);
++      }
++      else
++        acceptable = !bad_domain(domain);
+     }
+-    else
+-      acceptable = !bad_domain(domain);
+ 
+     if(!acceptable) {
+       infof(data, "cookie '%s' dropped, domain '%s' must not "

backport-CVE-2024-2398.patch

@@ -0,0 +1,89 @@
+From deca8039991886a559b67bcd6701db800a5cf764 Mon Sep 17 00:00:00 2001
+From: Stefan Eissing <stefan@eissing.org>
+Date: Wed, 6 Mar 2024 09:36:08 +0100
+Subject: [PATCH] http2: push headers better cleanup
+ 
+- provide common cleanup method for push headers
+ 
+Closes #13054
+ 
+Conflict:NA
+Reference:http://archive.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.81.0-1ubuntu1.16.debian.tar.xz
+---
+ lib/http2.c | 32 ++++++++++++++------------------
+ 1 file changed, 14 insertions(+), 18 deletions(-)
+ 
+diff --git a/lib/http2.c b/lib/http2.c
+index 6d63f43..f5c6013 100644
+--- a/lib/http2.c
++++ b/lib/http2.c
+@@ -547,6 +547,15 @@ static int set_transfer_url(struct Curl_easy *data,
+   return 0;
+ }
+ 
++static void free_push_headers(struct HTTP *stream)
++{
++  size_t i;
++  for(i = 0; i<stream->push_headers_used; i++)
++    free(stream->push_headers[i]);
++  Curl_safefree(stream->push_headers);
++  stream->push_headers_used = 0;
++}
++
+ static int push_promise(struct Curl_easy *data,
+                         struct connectdata *conn,
+                         const nghttp2_push_promise *frame)
+@@ -560,7 +569,6 @@ static int push_promise(struct Curl_easy *data,
+     struct curl_pushheaders heads;
+     CURLMcode rc;
+     struct http_conn *httpc;
+-    size_t i;
+     /* clone the parent */
+     struct Curl_easy *newhandle = duphandle(data);
+     if(!newhandle) {
+@@ -596,11 +604,7 @@ static int push_promise(struct Curl_easy *data,
+     Curl_set_in_callback(data, false);
+ 
+     /* free the headers again */
+-    for(i = 0; i<stream->push_headers_used; i++)
+-      free(stream->push_headers[i]);
+-    free(stream->push_headers);
+-    stream->push_headers = NULL;
+-    stream->push_headers_used = 0;
++    free_push_headers(stream);
+ 
+     if(rv) {
+       DEBUGASSERT((rv > CURL_PUSH_OK) && (rv <= CURL_PUSH_ERROROUT));
+@@ -1037,10 +1041,10 @@ static int on_header(nghttp2_session *session, const nghttp2_frame *frame,
+             stream->push_headers_alloc) {
+       char **headp;
+       stream->push_headers_alloc *= 2;
+-      headp = Curl_saferealloc(stream->push_headers,
+-                               stream->push_headers_alloc * sizeof(char *));
++      headp = realloc(stream->push_headers,
++                      stream->push_headers_alloc * sizeof(char *));
+       if(!headp) {
+-        stream->push_headers = NULL;
++        free_push_headers(stream);
+         return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE;
+       }
+       stream->push_headers = headp;
+@@ -1206,15 +1210,7 @@ void Curl_http2_done(struct Curl_easy *data, bool premature)
+      setup */
+   Curl_dyn_free(&http->header_recvbuf);
+   Curl_dyn_free(&http->trailer_recvbuf);
+-  if(http->push_headers) {
+-    /* if they weren't used and then freed before */
+-    for(; http->push_headers_used > 0; --http->push_headers_used) {
+-      free(http->push_headers[http->push_headers_used - 1]);
+-    }
+-    free(http->push_headers);
+-    http->push_headers = NULL;
+-  }
+-
++  free_push_headers(http);
+   if(!(data->conn->handler->protocol&PROTO_FAMILY_HTTP) ||
+      !httpc->h2) /* not HTTP/2 ? */
+     return;
+-- 
+2.33.0

backport-Curl_close-call-Curl_resolver_cancel-to-avoid-memory.patch

@@ -0,0 +1,30 @@
+From 37dbbbb6c14bcbd696441e15b41cc3d1c74c486c Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Mon, 15 Aug 2022 16:36:33 +0200
+Subject: [PATCH] Curl_close: call Curl_resolver_cancel to avoid memory-leak
+
+There might be a pending (c-ares) resolve that isn't free'd up yet.
+
+Closes #9310
+
+Conflict: NA
+Reference: https://github.com/curl/curl/commit/37dbbbb6c14bcbd696441e15b41cc3d1c74c486c
+---
+ lib/url.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/lib/url.c b/lib/url.c
+index 359e20a7c..44c1d3f37 100644
+--- a/lib/url.c
++++ b/lib/url.c
+@@ -440,6 +440,7 @@ CURLcode Curl_close(struct Curl_easy **datap)
+   Curl_safefree(data->info.wouldredirect);
+ 
+   /* this destroys the channel and we cannot use it anymore after this */
++  Curl_resolver_cancel(data);
+   Curl_resolver_cleanup(data->state.async.resolver);
+ 
+   Curl_http2_cleanup_dependencies(data);
+-- 
+2.33.0
+

backport-curl_path-bring-back-support-for-SFTP-path-ending-in.patch

@@ -0,0 +1,71 @@
+From 91b53efa4b6854dc3688f55bfb329b0cafcf5325 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Tue, 25 Apr 2023 13:06:01 +0200
+Subject: [PATCH] curl_path: bring back support for SFTP path ending in /~
+
+libcurl used to do a directory listing for this case (even though the
+documentation says a URL needs to end in a slash for this), but
+4e2b52b5f7a3 modified the behavior.
+
+This change brings back a directory listing for SFTP paths that are
+specified exactly as /~ in the URL.
+
+Reported-by: Pavel Mayorov
+Fixes #11001
+Closes #11023
+
+Conflict: NA
+Reference: https://github.com/curl/curl/commit/91b53efa4b6854dc3688f55bfb329b0cafcf5325
+---
+ lib/curl_path.c | 31 +++++++++++++++++--------------
+ 1 file changed, 17 insertions(+), 14 deletions(-)
+
+diff --git a/lib/curl_path.c b/lib/curl_path.c
+index 977e5336f..b4b48fe86 100644
+--- a/lib/curl_path.c
++++ b/lib/curl_path.c
+@@ -62,24 +62,27 @@ CURLcode Curl_getworkingpath(struct Curl_easy *data,
+     }
+   }
+   else if((data->conn->handler->protocol & CURLPROTO_SFTP) &&
+-          (working_path_len > 2) && !memcmp(working_path, "/~/", 3)) {
+-    size_t len;
+-    const char *p;
+-    int copyfrom = 3;
++          (!strcmp("/~", working_path) ||
++           ((working_path_len > 2) && !memcmp(working_path, "/~/", 3)))) {
+     if(Curl_dyn_add(&npath, homedir)) {
+       free(working_path);
+       return CURLE_OUT_OF_MEMORY;
+     }
+-    /* Copy a separating '/' if homedir does not end with one */
+-    len = Curl_dyn_len(&npath);
+-    p = Curl_dyn_ptr(&npath);
+-    if(len && (p[len-1] != '/'))
+-      copyfrom = 2;
+-
+-    if(Curl_dyn_addn(&npath,
+-                     &working_path[copyfrom], working_path_len - copyfrom)) {
+-      free(working_path);
+-      return CURLE_OUT_OF_MEMORY;
++    if(working_path_len > 2) {
++      size_t len;
++      const char *p;
++      int copyfrom = 3;
++      /* Copy a separating '/' if homedir does not end with one */
++      len = Curl_dyn_len(&npath);
++      p = Curl_dyn_ptr(&npath);
++      if(len && (p[len-1] != '/'))
++        copyfrom = 2;
++
++      if(Curl_dyn_addn(&npath,
++                       &working_path[copyfrom], working_path_len - copyfrom)) {
++        free(working_path);
++        return CURLE_OUT_OF_MEMORY;
++      }
+     }
+   }
+ 
+-- 
+2.33.0
+

backport-digest-pass-over-leading-spaces-in-qop-values.patch

@@ -0,0 +1,216 @@
+From 0ad7c8d7d599a7b63fb7117b2c59999b55c54c2d Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Mon, 8 Aug 2022 00:30:58 +0200
+Subject: [PATCH] digest: pass over leading spaces in qop values
+
+When parsing the "qop=" parameter of the digest authentication, and the
+value is provided within quotes, the list of values can have leading
+white space which the parser previously did not handle correctly.
+
+Add test case 388 to verify.
+
+Reported-by: vlubart on github
+Fixes #9264
+Closes #9270
+
+Conflict: context adapt for lib/vauth/digest.c and tests/data/Makefile.inc
+Reference: https://github.com/curl/curl/commit/0ad7c8d7d599a7b63fb7117b2c59999b55c54c2d
+---
+ lib/vauth/digest.c      |   3 +
+ tests/data/Makefile.inc |   2 +-
+ tests/data/test388      | 156 ++++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 160 insertions(+), 1 deletion(-)
+ create mode 100644 tests/data/test388
+
+diff --git a/lib/vauth/digest.c b/lib/vauth/digest.c
+index a04ffab..07b9d46 100644
+--- a/lib/vauth/digest.c
++++ b/lib/vauth/digest.c
+@@ -557,6 +557,9 @@ CURLcode Curl_auth_decode_digest_http_message(const char *chlg,
+ 
+         token = strtok_r(tmp, ",", &tok_buf);
+         while(token != NULL) {
++	  /* Pass additional spaces here */
++          while(*token && ISSPACE(*token))
++            token++;
+           if(strcasecompare(token, DIGEST_QOP_VALUE_STRING_AUTH)) {
+             foundAuth = TRUE;
+           }
+diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
+index 4ae1b8f..3c3a4cc 100644
+--- a/tests/data/Makefile.inc
++++ b/tests/data/Makefile.inc
+@@ -61,7 +61,7 @@ test334 test335 test336 test337 test338 test339 test340 test341 test342 \
+ test343 test344 test345 test346 test347 test348 test349 test350 test351 \
+ test352 test353 test354 test355 test356 test357 test358 test359 test360 \
+ test361 test362 test363 test364 test365 test366 \
+-test387 \
++test387 test388 \
+ \
+ test392 test393 test394 test395 test396 test397 \
+ \
+diff --git a/tests/data/test388 b/tests/data/test388
+new file mode 100644
+index 0000000..3a0214a
+--- /dev/null
++++ b/tests/data/test388
+@@ -0,0 +1,156 @@
++<testcase>
++<info>
++<keywords>
++HTTP
++HTTP GET
++HTTP Digest auth
++</keywords>
++</info>
++
++# Server-side
++<reply>
++# First reply back and ask for Digest auth
++<data1>
++HTTP/1.1 401 Authorization Required swsclose
++Server: Apache/1.3.27 (Darwin) PHP/4.1.2
++WWW-Authenticate: Digest realm="testrealm", nonce="1053604145"
++Content-Type: text/html; charset=iso-8859-1
++Content-Length: 26
++
++This is not the real page
++</data1>
++
++# second reply back
++<data2>
++HTTP/1.1 401 Authorization Required swsclose
++Server: Apache/1.3.27 (Darwin) PHP/4.1.2
++WWW-Authenticate: Digest realm="testrealm", nonce="1053604145"
++Content-Type: text/html; charset=iso-8859-1
++Content-Length: 26
++
++This is not the real page
++</data2>
++
++# This is supposed to be returned when the server gets a
++# Authorization: Digest line passed-in from the client
++<data1001>
++HTTP/1.1 200 OK
++Server: Apache/1.3.27 (Darwin) PHP/4.1.2
++Content-Type: text/html; charset=iso-8859-1
++Content-Length: 23
++
++This IS the real page!
++</data1001>
++
++#
++# This is the second request, and this sends back a response saying that
++# the request contained stale data. We want an update. Set swsbounce to
++# bounce on to data1003 on the second request.
++<data1002>
++HTTP/1.1 401 Authorization re-negotiation please swsbounce
++Server: Apache/1.3.27 (Darwin) PHP/4.1.2
++WWW-Authenticate: Digest realm="testrealm", algorithm=MD5, nonce="999999", stale=true, qop="crazy, auth"
++Content-Type: text/html; charset=iso-8859-1
++Content-Length: 26
++
++This is not the real page
++</data1002>
++
++# The second request to the 1002 section will bounce this one back instead
++# thanks to the swsbounce keyword up there
++<data1003>
++HTTP/1.1 200 OK
++Server: Apache/1.3.27 (Darwin) PHP/4.1.2
++Content-Type: text/html; charset=iso-8859-1
++Content-Length: 30
++
++This IS the second real page!
++</data1003>
++</reply>
++
++# Client-side
++<client>
++<server>
++http
++</server>
++<features>
++!SSPI
++crypto
++</features>
++ <name>
++HTTP with Digest and multiple qop values with leading space
++ </name>
++ <command>
++http://%HOSTIP:%HTTPPORT/%TESTNUMBER0001 -u testuser:testpass --digest http://%HOSTIP:%HTTPPORT/%TESTNUMBER0002
++</command>
++</client>
++
++# Verify data after the test has been "shot"
++<verify>
++<strip>
++^Authorization.*cnonce
++</strip>
++<protocol>
++GET /%TESTNUMBER0001 HTTP/1.1
++Host: %HOSTIP:%HTTPPORT
++User-Agent: curl/%VERSION
++Accept: */*
++
++GET /%TESTNUMBER0001 HTTP/1.1
++Host: %HOSTIP:%HTTPPORT
++Authorization: Digest username="testuser", realm="testrealm", nonce="1053604145", uri="/%TESTNUMBER0001", response="ea598bbfdb5c54b7352c977e3885e44d"
++User-Agent: curl/%VERSION
++Accept: */*
++
++GET /%TESTNUMBER0002 HTTP/1.1
++Host: %HOSTIP:%HTTPPORT
++User-Agent: curl/%VERSION
++Accept: */*
++
++GET /%TESTNUMBER0002 HTTP/1.1
++Host: %HOSTIP:%HTTPPORT
++Authorization: Digest username="testuser", realm="testrealm", nonce="1053604145", uri="/%TESTNUMBER0002", response="921a8e6db782d6359db1f40d9ed7e6a6"
++User-Agent: curl/%VERSION
++Accept: */*
++
++GET /%TESTNUMBER0002 HTTP/1.1
++Host: %HOSTIP:%HTTPPORT
++Authorization: Digest username="testuser", realm="testrealm", nonce="999999", uri="/%TESTNUMBER0002", cnonce="MTA4MzIy", nc="00000001", qop="auth", response="25291c357671604a16c0242f56721c07", algorithm=MD5
++User-Agent: curl/%VERSION
++Accept: */*
++
++</protocol>
++<stdout>
++HTTP/1.1 401 Authorization Required swsclose
++Server: Apache/1.3.27 (Darwin) PHP/4.1.2
++WWW-Authenticate: Digest realm="testrealm", nonce="1053604145"
++Content-Type: text/html; charset=iso-8859-1
++Content-Length: 26
++
++HTTP/1.1 200 OK
++Server: Apache/1.3.27 (Darwin) PHP/4.1.2
++Content-Type: text/html; charset=iso-8859-1
++Content-Length: 23
++
++This IS the real page!
++HTTP/1.1 401 Authorization Required swsclose
++Server: Apache/1.3.27 (Darwin) PHP/4.1.2
++WWW-Authenticate: Digest realm="testrealm", nonce="1053604145"
++Content-Type: text/html; charset=iso-8859-1
++Content-Length: 26
++
++HTTP/1.1 401 Authorization re-negotiation please swsbounce
++Server: Apache/1.3.27 (Darwin) PHP/4.1.2
++WWW-Authenticate: Digest realm="testrealm", algorithm=MD5, nonce="999999", stale=true, qop="crazy, auth"
++Content-Type: text/html; charset=iso-8859-1
++Content-Length: 26
++
++HTTP/1.1 200 OK
++Server: Apache/1.3.27 (Darwin) PHP/4.1.2
++Content-Type: text/html; charset=iso-8859-1
++Content-Length: 30
++
++This IS the second real page!
++</stdout>
++</verify>
++</testcase>
+-- 
+2.33.0
+

backport-easy-fix-the-altsvc-init-for-curl_easy_duphandle.patch

@@ -0,0 +1,31 @@
+From bbdeb4c6736a6e3923765197f0f4659f9d3b44c7 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 29 Sep 2022 22:50:45 +0200
+Subject: [PATCH] easy: fix the altsvc init for curl_easy_duphandle
+
+It was using the old #ifdef which nothing sets anymore
+
+Closes #9624
+
+Conflict: NA
+Reference: https://github.com/curl/curl/commit/bbdeb4c6736a6e3923765197f0f4659f9d3b44c7
+---
+ lib/easy.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/easy.c b/lib/easy.c
+index 88159f474..93e8acc8d 100644
+--- a/lib/easy.c
++++ b/lib/easy.c
+@@ -944,7 +944,7 @@ struct Curl_easy *curl_easy_duphandle(struct Curl_easy *data)
+       goto fail;
+   }
+ 
+-#ifdef USE_ALTSVC
++#ifndef CURL_DISABLE_ALTSVC
+   if(data->asi) {
+     outcurl->asi = Curl_altsvc_init();
+     if(!outcurl->asi)
+-- 
+2.33.0
+

backport-ftp-support-growing-files-with-CURLOPT_IGNORE_CONTEN.patch

@@ -0,0 +1,39 @@
+From 76b3f5f2cf0f091720413690c49f8d0ada5bfae5 Mon Sep 17 00:00:00 2001
+From: fractal-access <116177727+fractal-access@users.noreply.github.com>
+Date: Wed, 19 Oct 2022 14:37:44 +0100
+Subject: [PATCH] ftp: support growing files with CURLOPT_IGNORE_CONTENT_LENGTH
+
+When using the option CURLOPT_IGNORE_CONTENT_LENGTH (set.ignorecl in
+code) to support growing files in FTP, the code should ignore the
+initial size it gets from the server as this will not be the final size
+of the file. This is done in ftp_state_quote() to prevent a size request
+being issued in the initial sequence. However, in a later call to
+ftp_state_get_resp() the code attempts to get the size of the content
+again if it doesn't already have it, by parsing the response from the
+RETR request. This fix prevents this parsing of the response to get the
+size when the set.ignorecl option is set. This should maintain the size
+value as -1, unknown, in this situation.
+
+Closes #9772
+
+Conflict: NA
+Reference: https://github.com/curl/curl/commit/76b3f5f2cf0f091720413690c49f8d0ada5bfae5
+---
+ lib/ftp.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/lib/ftp.c b/lib/ftp.c
+index c6e31e1b6..c07bafe17 100644
+--- a/lib/ftp.c
++++ b/lib/ftp.c
+@@ -2448,6 +2448,7 @@ static CURLcode ftp_state_get_resp(struct Curl_easy *data,
+ 
+     if((instate != FTP_LIST) &&
+        !data->state.prefer_ascii &&
++       !data->set.ignorecl &&
+        (ftp->downloadsize < 1)) {
+       /*
+        * It seems directory listings either don't show the size or very
+-- 
+2.33.0
+

backport-http-fix-the-1-comparison-for-IPv6-localhost-for-coo.patch

@@ -0,0 +1,45 @@
+From 565d0ca2b19682e41878e473d3895f89ba3412cf Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Tue, 20 Dec 2022 10:07:36 +0100
+Subject: [PATCH] http: fix the ::1 comparison for IPv6 localhost for cookies
+
+When checking if there is a "secure context", which it is if the
+connection is to localhost even if the protocol is HTTP, the comparison
+for ::1 was done incorrectly and included brackets.
+
+Reported-by: BratSinot on github
+
+Fixes #10120
+Closes #10121
+
+Conflict: context adapt
+Reference: https://github.com/curl/curl/commit/565d0ca2b19682e41878e473d3895f89ba3412cf
+---
+ lib/http.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/lib/http.c b/lib/http.c
+index 328dafa..1afbad0 100644
+--- a/lib/http.c
++++ b/lib/http.c
+@@ -2729,7 +2729,7 @@ CURLcode Curl_http_cookies(struct Curl_easy *data,
+         conn->handler->protocol&CURLPROTO_HTTPS ||
+         strcasecompare("localhost", host) ||
+         !strcmp(host, "127.0.0.1") ||
+-        !strcmp(host, "[::1]") ? TRUE : FALSE;
++        !strcmp(host, "::1") ? TRUE : FALSE;
+       Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE);
+       co = Curl_cookie_getlist(data, data->cookies, host, data->state.up.path,
+                                secure_context);
+@@ -3604,7 +3604,7 @@ CURLcode Curl_http_header(struct Curl_easy *data, struct connectdata *conn,
+       conn->handler->protocol&CURLPROTO_HTTPS ||
+       strcasecompare("localhost", host) ||
+       !strcmp(host, "127.0.0.1") ||
+-      !strcmp(host, "[::1]") ? TRUE : FALSE;
++      !strcmp(host, "::1") ? TRUE : FALSE;
+ 
+     Curl_share_lock(data, CURL_LOCK_DATA_COOKIE,
+                     CURL_LOCK_ACCESS_SINGLE);
+-- 
+2.33.0
+

backport-http-free-the-url-before-storing-a-new-copy.patch

@@ -0,0 +1,33 @@
+From f7170a8f2ed4dc5a4cfb3ef3c002d218c4bcecad Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Tue, 9 May 2023 08:31:11 +0200
+Subject: [PATCH] http: free the url before storing a new copy
+
+To avoid a memory-leak.
+
+Reported-by: Hiroki Kurosawa
+
+Closes #11093
+
+Conflict: NA
+Reference: https://github.com/curl/curl/commit/f7170a8f2ed4dc5a4cfb3ef3c002d218c4bcecad
+---
+ lib/http.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/http.c b/lib/http.c
+index bffdd3468..15cf22c5e 100644
+--- a/lib/http.c
++++ b/lib/http.c
+@@ -1010,7 +1010,7 @@ CURLcode Curl_http_input_auth(struct Curl_easy *data, bool proxy,
+         if(authp->picked == CURLAUTH_NEGOTIATE) {
+           CURLcode result = Curl_input_negotiate(data, conn, proxy, auth);
+           if(!result) {
+-            DEBUGASSERT(!data->req.newurl);
++            free(data->req.newurl);
+             data->req.newurl = strdup(data->state.url);
+             if(!data->req.newurl)
+               return CURLE_OUT_OF_MEMORY;
+-- 
+2.33.0
+

backport-libssh-if-sftp_init-fails-don-t-get-the-sftp-error-c.patch

@@ -0,0 +1,38 @@
+From bdaa6dd5ba9ad63379c73b53fc639ea39df505c4 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Sun, 16 Oct 2022 12:58:55 +0200
+Subject: [PATCH] libssh: if sftp_init fails, don't get the sftp error code
+
+This flow extracted the wrong code (sftp code instead of ssh code), and
+the code is sometimes (erroneously) returned as zero anyway, so skip
+getting it and set a generic error.
+
+Reported-by: David McLaughlin
+Fixes #9737
+Closes #9740
+
+Conflict: NA
+Reference: https://github.com/curl/curl/commit/bdaa6dd5ba9ad63379c73b53fc639ea39df505c4
+---
+ lib/vssh/libssh.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/lib/vssh/libssh.c b/lib/vssh/libssh.c
+index 1afadbfa5..0105e4079 100644
+--- a/lib/vssh/libssh.c
++++ b/lib/vssh/libssh.c
+@@ -963,10 +963,9 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block)
+ 
+       rc = sftp_init(sshc->sftp_session);
+       if(rc != SSH_OK) {
+-        rc = sftp_get_error(sshc->sftp_session);
+         failf(data, "Failure initializing sftp session: %s",
+               ssh_get_error(sshc->ssh_session));
+-        MOVE_TO_ERROR_STATE(sftp_error_to_CURLE(rc));
++        MOVE_TO_ERROR_STATE(sftp_error_to_CURLE(SSH_FX_FAILURE));
+         break;
+       }
+       state(data, SSH_SFTP_REALPATH);
+-- 
+2.33.0
+

backport-libssh2-set-length-to-0-if-strdup-failed.patch

@@ -0,0 +1,31 @@
+From 6f3204820052263f488f86e02c206e1d24c4da2c Mon Sep 17 00:00:00 2001
+From: Tobias Stoeckmann <tobias@stoeckmann.org>
+Date: Thu, 28 Mar 2024 00:38:09 +0100
+Subject: [PATCH] libssh2: set length to 0 if strdup failed
+
+Internally, libssh2 dereferences the NULL pointer if length is non-zero.
+The callback function cannot return the error condition, so at least
+prevent subsequent crash.
+
+Closes #13213
+
+Conflict:NA
+Reference:https://github.com/curl/curl/commit/6f3204820052263f488f86e02c206e1d24c4da2c
+---
+ lib/vssh/libssh2.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/lib/vssh/libssh2.c b/lib/vssh/libssh2.c
+index 3cfbe126c69df3..7d8d5f46571e9f 100644
+--- a/lib/vssh/libssh2.c
++++ b/lib/vssh/libssh2.c
+@@ -201,7 +201,8 @@ kbd_callback(const char *name, int name_len, const char *instruction,
+   if(num_prompts == 1) {
+     struct connectdata *conn = data->conn;
+     responses[0].text = strdup(conn->passwd);
+-    responses[0].length = curlx_uztoui(strlen(conn->passwd));
++    responses[0].length =
++      responses[0].text == NULL ? 0 : curlx_uztoui(strlen(conn->passwd));
+   }
+   (void)prompts;
+ } /* kbd_callback */

backport-multi-avoid-memory-leak-risk.patch

@@ -0,0 +1,46 @@
+From 3572dd65bb233fc2720634804312192e3bdf4adf Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 25 Apr 2024 09:52:51 +0200
+Subject: [PATCH] multi: avoid memory-leak risk
+
+'newurl' is allocated in some conditions and used in a few scenarios,
+but there were theoretical combinations in which it would not get freed.
+Move the free to happen unconditionally. Never triggered by tests, but
+spotted by Coverity.
+
+Closes #13471
+
+Conflict:Context adapt
+Reference:https://github.com/curl/curl/commit/3572dd65bb233fc2720634804312192e3bdf4adf
+---
+ lib/multi.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/lib/multi.c b/lib/multi.c
+index fb98d80639f3b7..7e7590d60f8bcb 100644
+--- a/lib/multi.c
++++ b/lib/multi.c
+@@ -2530,7 +2530,6 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
+             multistate(data, MSTATE_CONNECT);
+             rc = CURLM_CALL_MULTI_PERFORM;
+           }
+-          free(newurl);
+         }
+         else {
+           /* after the transfer is done, go DONE */
+@@ -2542,7 +2541,6 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
+             newurl = data->req.location;
+             data->req.location = NULL;
+             result = Curl_follow(data, newurl, FOLLOW_FAKE);
+-            free(newurl);
+             if(result) {
+               stream_error = TRUE;
+               result = multi_done(data, result, TRUE);
+@@ -2561,6 +2559,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
+         Curl_expire(data, 0, EXPIRE_RUN_NOW);
+         rc = CURLM_OK;
+       }
++      free(newurl);
+       break;
+     }
+

backport-multi-free-up-more-data-earleier-in-DONE.patch

@@ -0,0 +1,59 @@
+From 81b2b577df40262716ff0e1c0e1cebabb99f012d Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Sat, 15 Apr 2023 21:11:36 +0200
+Subject: [PATCH] multi: free up more data earleier in DONE
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Before checking for more users of the connection and possibly bailing
+out.
+
+Fixes #10971
+Reported-by: Paweł Wegner
+Closes #10972
+
+Conflict: context adapt
+Reference: https://github.com/curl/curl/commit/81b2b577df40262716ff0e1c0e1cebabb99f012d
+---
+ lib/multi.c | 17 +++++++++--------
+ 1 file changed, 9 insertions(+), 8 deletions(-)
+
+diff --git a/lib/multi.c b/lib/multi.c
+index b2b1d65a3..0be8d0c40 100644
+--- a/lib/multi.c
++++ b/lib/multi.c
+@@ -699,6 +699,15 @@ static CURLcode multi_done(struct Curl_easy *data,
+ 
+   process_pending_handles(data->multi); /* connection / multiplex */
+ 
++  Curl_safefree(data->state.ulbuf);
++
++  /* if the transfer was completed in a paused state there can be buffered
++     data left to free */
++  for(i = 0; i < data->state.tempcount; i++) {
++    Curl_dyn_free(&data->state.tempwrite[i].b);
++  }
++  data->state.tempcount = 0;
++
+   CONNCACHE_LOCK(data);
+   Curl_detach_connnection(data);
+   if(CONN_INUSE(conn)) {
+@@ -717,14 +726,6 @@ static CURLcode multi_done(struct Curl_easy *data,
+     conn->dns_entry = NULL;
+   }
+   Curl_hostcache_prune(data);
+-  Curl_safefree(data->state.ulbuf);
+-
+-  /* if the transfer was completed in a paused state there can be buffered
+-     data left to free */
+-  for(i = 0; i < data->state.tempcount; i++) {
+-    Curl_dyn_free(&data->state.tempwrite[i].b);
+-  }
+-  data->state.tempcount = 0;
+ 
+   /* if data->set.reuse_forbid is TRUE, it means the libcurl client has
+      forced us to close this connection. This is ignored for requests taking
+-- 
+2.33.0
+

backport-openldap-create-ldap-URLs-correctly-for-IPv6-addresses.patch

@@ -0,0 +1,37 @@
+From 56935a7dada6975d5a46aa494de0af195e4e8659 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Sat, 30 Mar 2024 11:14:54 +0100
+Subject: [PATCH] openldap: create ldap URLs correctly for IPv6 addresses
+
+Reported-by: Sergio Durigan Junior
+Fixes #13228
+Closes #13235
+
+Conflict:hosturl = aprintf("%s://%s%s%s:%d", conn->handler->scheme, conn->bits.ipv6_ip? "[": "", conn->host.name, conn->bits.ipv6_ip? "]": "", conn->remote_port); => msnprintf(ptr, sizeof(hosturl)-(ptr-hosturl), "://%s%s%s:%d", conn->bits.ipv6_ip? "[": "", conn->host.name, conn->bits.ipv6_ip? "]": "", conn->remote_port);
+Context adapt
+Reference:https://github.com/curl/curl/commit/56935a7dada6975d5a46aa494de0af195e4e8659
+---
+ lib/openldap.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/lib/openldap.c b/lib/openldap.c
+index fb5e743..a3e81ea 100644
+--- a/lib/openldap.c
++++ b/lib/openldap.c
+@@ -223,8 +223,11 @@ static CURLcode oldap_connect(struct Curl_easy *data, bool *done)
+   ptr = hosturl + 4;
+   if(conn->handler->flags & PROTOPT_SSL)
+     *ptr++ = 's';
+-  msnprintf(ptr, sizeof(hosturl)-(ptr-hosturl), "://%s:%d",
+-            conn->host.name, conn->remote_port);
++  msnprintf(ptr, sizeof(hosturl)-(ptr-hosturl), "://%s%s%s:%d",
++            conn->bits.ipv6_ip? "[": "",
++            conn->host.name,
++            conn->bits.ipv6_ip? "]": "",
++            conn->remote_port);
+
+ #ifdef CURL_OPENLDAP_DEBUG
+   static int do_trace = 0;
+--
+2.33.0
+

backport-openssl-avoid-BN_num_bits-NULL-pointer-derefs.patch

@@ -0,0 +1,37 @@
+From b9f832edcce9db2de31070e76c3cbe59ca9ef512 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 12 Oct 2023 16:00:38 +0200
+Subject: [PATCH] openssl: avoid BN_num_bits() NULL pointer derefs
+
+Reported-by: icy17 on github
+Fixes #12099
+Closes #12100
+
+Conflict: context adapt
+Reference: https://github.com/curl/curl/commit/b9f832edcce9db2de31070e76c3cbe59ca9ef512
+---
+ lib/vtls/openssl.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
+index 00b56e2..50c3553 100644
+--- a/lib/vtls/openssl.c
++++ b/lib/vtls/openssl.c
+@@ -3676,13 +3676,13 @@ static CURLcode get_cert_chain(struct Curl_easy *data,
+           const BIGNUM *e;
+
+           RSA_get0_key(rsa, &n, &e, NULL);
+-          BIO_printf(mem, "%d", BN_num_bits(n));
++          BIO_printf(mem, "%d", n ? BN_num_bits(n) : 0);
+           push_certinfo("RSA Public Key", i);
+           print_pubkey_BN(rsa, n, i);
+           print_pubkey_BN(rsa, e, i);
+         }
+ #else
+-        BIO_printf(mem, "%d", BN_num_bits(rsa->n));
++        BIO_printf(mem, "%d", rsa->n ? BN_num_bits(rsa->n) : 0);
+         push_certinfo("RSA Public Key", i);
+         print_pubkey_BN(rsa, n, i);
+         print_pubkey_BN(rsa, e, i);
+--
+2.33.0

backport-paramhlp-fix-CRLF-stripping-files-with-d-file.patch

@@ -0,0 +1,102 @@
+From 923f7f8ce51b7f2f20282883cdafeb283310f3d9 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Wed, 6 Mar 2024 15:39:09 +0100
+Subject: [PATCH] paramhlp: fix CRLF-stripping files with "-d @file"
+
+All CR and LF bytes should be stripped, as documented, and all other
+bytes are inluded in the data. Starting now, it also excludes null bytes
+as they would otherwise also cut the data short.
+
+Reported-by: Simon K
+Fixes #13063
+Closes #13064
+
+Conflict:remove change of docs/cmdline-opts/data.md which is not exist
+return PARAM_READ_ERROR => return PARAM_NO_MEM
+Context adapt
+Reference:https://github.com/curl/curl/commit/923f7f8ce51b7f2f20282883cdafeb283310f3d9
+---
+ src/tool_paramhlp.c       | 59 +++++++++++++++++++++++++++++++--------
+ 1 files changed, 51 insertions(+), 12 deletions(-)
+
+diff --git a/src/tool_paramhlp.c b/src/tool_paramhlp.c
+index 2725815000dc95..c26f6bbefd775c 100644
+--- a/src/tool_paramhlp.c
++++ b/src/tool_paramhlp.c
+@@ -63,6 +63,33 @@ struct getout *new_getout(struct OperationConfig *config)
+   return node;
+ }
+
++#define ISCRLF(x) (((x) == '\r') || ((x) == '\n') || ((x) == '\0'))
++
++/* memcrlf() has two modes. Both operate on a given memory area with
++   a specified size.
++
++   countcrlf FALSE - return number of bytes from the start that DO NOT include
++   any CR or LF or NULL
++
++   countcrlf TRUE - return number of bytes from the start that are ONLY CR or
++   LF or NULL.
++
++*/
++static size_t memcrlf(char *orig,
++                      bool countcrlf, /* TRUE if we count CRLF, FALSE
++                                         if we count non-CRLF */
++                      size_t max)
++{
++  char *ptr = orig;
++  size_t total = max;
++  for(ptr = orig; max; max--, ptr++) {
++    bool crlf = ISCRLF(*ptr);
++    if(countcrlf ^ crlf)
++      return ptr - orig;
++  }
++  return total; /* no delimiter found */
++}
++
+ #define MAX_FILE2STRING (256*1024*1024) /* big enough ? */
+
+ ParameterError file2string(char **bufp, FILE *file)
+@@ -71,18 +98,30 @@ ParameterError file2string(char **bufp, FILE *file)
+   struct curlx_dynbuf dyn;
+   curlx_dyn_init(&dyn, MAX_FILE2STRING);
+   if(file) {
+-    char buffer[256];
+-
+-    while(fgets(buffer, sizeof(buffer), file)) {
+-      char *ptr = strchr(buffer, '\r');
+-      if(ptr)
+-        *ptr = '\0';
+-      ptr = strchr(buffer, '\n');
+-      if(ptr)
+-        *ptr = '\0';
+-      if(curlx_dyn_add(&dyn, buffer))
+-        return PARAM_NO_MEM;
+-    }
++    do {
++      char buffer[4096];
++      char *ptr;
++      size_t nread = fread(buffer, 1, sizeof(buffer), file);
++      if(ferror(file)) {
++        curlx_dyn_free(&dyn);
++        *bufp = NULL;
++        return PARAM_NO_MEM;
++      }
++      ptr = buffer;
++      while(nread) {
++        size_t nlen = memcrlf(ptr, FALSE, nread);
++        if(curlx_dyn_addn(&dyn, ptr, nlen))
++          return PARAM_NO_MEM;
++        nread -= nlen;
++
++        if(nread) {
++          ptr += nlen;
++          nlen = memcrlf(ptr, TRUE, nread);
++          ptr += nlen;
++          nread -= nlen;
++        }
++      }
++    } while(!feof(file));
+   }
+   *bufp = curlx_dyn_ptr(&dyn);
+   return PARAM_OK;

backport-tool_cb_rea-limit-rate-unpause-for-T-.-uploads.patch

@@ -0,0 +1,70 @@
+From 5f4aaf8b66ef04208c1c2121d4b780c792303f32 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Tue, 30 Apr 2024 11:07:28 +0200
+Subject: [PATCH] tool_cb_rea: limit rate unpause for -T . uploads
+
+To avoid getting stuck in a busy-loop when nothing is read from stdin,
+this function now checks the call rate and might enforce a short sleep
+when called repeatedly without uploading anything. It is a crude
+work-around to avoid a 100% busy CPU.
+
+Reported-by: magisterquis on hackerone
+Fixes #13174
+Closes #13506
+
+Conflict:Context adapt
+add #include "tool_util.h" for tvdiff
+Reference:https://github.com/curl/curl/commit/5f4aaf8b66ef04208c1c2121d4b780c792303f32
+---
+ src/tool_cb_rea.c | 31 ++++++++++++++++++++++++++++--
+ 1 file changed, 29 insertions(+), 2 deletions(-)
+
+diff --git a/src/tool_cb_rea.c b/src/tool_cb_rea.c
+index 8cb5bbe8ac1d11..961dd113bc519d 100644
+--- a/src/tool_cb_rea.c
++++ b/src/tool_cb_rea.c
+@@ -36,6 +36,8 @@
+ #include "tool_cfgable.h"
+ #include "tool_cb_rea.h"
+ #include "tool_operate.h"
++#include "tool_util.h"
++#include "tool_sleep.h"
+
+ #include "memdebug.h" /* keep this as LAST include */
+
+@@ -124,8 +125,33 @@ int tool_readbusy_cb(void *clientp,
+   (void)ulnow;  /* unused */
+
+   if(config->readbusy) {
+-    config->readbusy = FALSE;
+-    curl_easy_pause(per->curl, CURLPAUSE_CONT);
++    /* lame code to keep the rate down because the input might not deliver
++       anything, get paused again and come back here immediately */
++    static long rate = 500;
++    static struct timeval prev;
++    static curl_off_t ulprev;
++
++    if(ulprev == ulnow) {
++      /* it did not upload anything since last call */
++      struct timeval now = tvnow();
++      if(prev.tv_sec)
++        /* get a rolling average rate */
++        /* rate = rate - rate/4 + tvdiff(now, prev)/4; */
++        rate -= rate/4 - tvdiff(now, prev)/4;
++      prev = now;
++    }
++    else {
++      rate = 50;
++      ulprev = ulnow;
++    }
++    if(rate >= 50) {
++      /* keeps the looping down to 20 times per second in the crazy case */
++      config->readbusy = FALSE;
++      curl_easy_pause(per->curl, CURLPAUSE_CONT);
++    }
++    else
++      /* sleep half a period */
++      tool_go_sleep(25);
+   }
+
+   return per->noprogress? 0 : CURL_PROGRESSFUNC_CONTINUE;

backport-tool_cfgable-free-proxy_-cipher13_list-on-exit.patch

@@ -0,0 +1,28 @@
+From 87d14e77b7d59a961eb56500017c0580f89f252b Mon Sep 17 00:00:00 2001
+From: Jan Venekamp <1422460+jan2000@users.noreply.github.com>
+Date: Sat, 4 May 2024 03:05:51 +0200
+Subject: [PATCH] tool_cfgable: free {proxy_}cipher13_list on exit
+
+Author: Jan Venekamp
+Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
+Closes: #13531
+
+Conflict:NA
+Reference:https://github.com/curl/curl/commit/87d14e77b7d59a961eb56500017c0580f89f252b
+---
+ src/tool_cfgable.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/tool_cfgable.c b/src/tool_cfgable.c
+index bb271583263db3..5564e250d33782 100644
+--- a/src/tool_cfgable.c
++++ b/src/tool_cfgable.c
+@@ -114,6 +114,8 @@ static void free_config_fields(struct OperationConfig *config)
+   Curl_safefree(config->doh_url);
+   Curl_safefree(config->cipher_list);
+   Curl_safefree(config->proxy_cipher_list);
++  Curl_safefree(config->cipher13_list);
++  Curl_safefree(config->proxy_cipher13_list);
+   Curl_safefree(config->cert);
+   Curl_safefree(config->proxy_cert);
+   Curl_safefree(config->cert_type);

backport-tool_operate-refuse-data-or-form-and-continue-at-com.patch

@@ -0,0 +1,124 @@
+rom 39a33fcac0e4530ef0c60d3319504e078ea2f137 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Mon, 8 May 2023 00:14:33 +0200
+Subject: [PATCH] tool_operate: refuse (--data or --form) and --continue-at
+ combo
+
+libcurl assumes that a --continue-at resumption is done to continue an
+upload using the read callback and neither --data nor --form use
+that and thus won't do what the user wants. Whatever the user wants
+with this strange combination.
+
+Add test 426 to verify.
+
+Reported-by: Smackd0wn on github
+Fixes #11081
+Closes #11083
+
+Conflict: context adapt for tests/data/Makefile.inc
+Reference: https://github.com/curl/curl/commit/39a33fcac0e4530ef0c60d3319504e078ea2f137
+---
+ src/tool_operate.c      | 27 +++++++++++++++++++--------
+ tests/data/Makefile.inc |  1 +
+ tests/data/test426      | 34 ++++++++++++++++++++++++++++++++++
+ 3 files changed, 54 insertions(+), 8 deletions(-)
+ create mode 100644 tests/data/test426
+
+diff --git a/src/tool_operate.c b/src/tool_operate.c
+index a9f93ef..c97addc 100644
+--- a/src/tool_operate.c
++++ b/src/tool_operate.c
+@@ -1310,19 +1310,30 @@ static CURLcode single_transfer(struct GlobalConfig *global,
+ 
+         switch(config->httpreq) {
+         case HTTPREQ_SIMPLEPOST:
+-          my_setopt_str(curl, CURLOPT_POSTFIELDS,
+-                        config->postfields);
+-          my_setopt(curl, CURLOPT_POSTFIELDSIZE_LARGE,
+-                    config->postfieldsize);
++          if(config->resume_from) {
++            errorf(global, "cannot mix --continue-at with --data\n");
++            result = CURLE_FAILED_INIT;
++          }
++          else {
++            my_setopt_str(curl, CURLOPT_POSTFIELDS,
++                          config->postfields);
++            my_setopt(curl, CURLOPT_POSTFIELDSIZE_LARGE,
++                      config->postfieldsize);
++          }
+           break;
+         case HTTPREQ_MIMEPOST:
+           /* free previous remainders */
+           curl_mime_free(config->mimepost);
+           config->mimepost = NULL;
+-          result = tool2curlmime(curl, config->mimeroot, &config->mimepost);
+-          if(result)
+-            break;
+-          my_setopt_mimepost(curl, CURLOPT_MIMEPOST, config->mimepost);
++          if(config->resume_from) {
++            errorf(global, "cannot mix --continue-at with --form\n");
++            result = CURLE_FAILED_INIT;
++          }
++          else {
++            result = tool2curlmime(curl, config->mimeroot, &config->mimepost);
++            if(!result)
++              my_setopt_mimepost(curl, CURLOPT_MIMEPOST, config->mimepost);
++          }
+           break;
+         default:
+           break;
+diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
+index d681f92..2d62a6b 100644
+--- a/tests/data/Makefile.inc
++++ b/tests/data/Makefile.inc
+@@ -68,6 +68,7 @@ test392 test393 test394 test395 test396 test397 \
+ test400 test401 test402 test403 test404 test405 test406 test407 test408 \
+ test409 test410 \
+ test418 \
++test426 \
+ test430 test431 test432 test433 test434 test435 test445 test446\
+ \
+ test442 test443 test444 \
+diff --git a/tests/data/test426 b/tests/data/test426
+new file mode 100644
+index 0000000..34c80c6
+--- /dev/null
++++ b/tests/data/test426
+@@ -0,0 +1,34 @@
++<testcase>
++<info>
++<keywords>
++error detection
++</keywords>
++</info>
++
++#
++# Server-side
++<reply>
++</reply>
++
++#
++# Client-side
++<client>
++<server>
++http
++</server>
++<name>
++try --data with --continue-at
++</name>
++<command>
++http://%HOSTIP:%HTTPPORT/%TESTNUMBER -d foobar -C 3
++</command>
++</client>
++
++#
++# Verify data after the test has been "shot"
++<verify>
++<errorcode>
++2
++</errorcode>
++</verify>
++</testcase>
+-- 
+2.33.0
+

backport-tool_progress-avoid-division-by-zero-in-parallel-pro.patch

@@ -0,0 +1,32 @@
+From 0defae2fe524230f8b818d406d19e56f360bcc54 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Sat, 2 Jul 2022 00:02:04 +0200
+Subject: [PATCH] tool_progress: avoid division by zero in parallel progress
+ meter
+
+Reported-by: Brian Carpenter
+Fixes #9082
+Closes #9083
+
+Conflict: NA
+Reference: https://github.com/curl/curl/commit/0defae2fe524230f8b818d406d19e56f360bcc54
+---
+ src/tool_progress.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/tool_progress.c b/src/tool_progress.c
+index da5317b92..46185c0d3 100644
+--- a/src/tool_progress.c
++++ b/src/tool_progress.c
+@@ -268,6 +268,8 @@ bool progress_meter(struct GlobalConfig *global,
+         dl = all_dlnow;
+         ul = all_ulnow;
+       }
++      if(!deltams) /* no division by zero please */
++        deltams++;
+       dls = (curl_off_t)((double)dl / ((double)deltams/1000.0));
+       uls = (curl_off_t)((double)ul / ((double)deltams/1000.0));
+       speed = dls > uls ? dls : uls;
+-- 
+2.33.0
+

backport-transfer-also-stop-the-sending-on-closed-connection.patch

@@ -0,0 +1,46 @@
+From 95a865b462195d9d847f7f2676f0c789179e2073 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Mon, 4 Sep 2023 14:14:32 +0200
+Subject: [PATCH] transfer: also stop the sending on closed connection
+
+Previously this cleared the receiving bit only but in some cases it is
+also still sending (like a request-body) when disconnected and neither
+direction can continue then.
+
+Fixes #11769
+Reported-by: Oleg Jukovec
+Closes #11795
+
+Conflict: context adapt
+Reference: https://github.com/curl/curl/commit/95a865b462195d9d847f7f2676f0c789179e2073
+---
+ lib/transfer.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/lib/transfer.c b/lib/transfer.c
+index fdfa6b1..c8db8d9 100644
+--- a/lib/transfer.c
++++ b/lib/transfer.c
+@@ -633,7 +633,7 @@ static CURLcode readwrite_data(struct Curl_easy *data,
+     if(0 < nread || is_empty_data) {
+       buf[nread] = 0;
+     }
+-    else {
++    if(!nread) {
+       /* if we receive 0 or less here, either the http2 stream is closed or the
+          server closed the connection and we bail out from this! */
+ #ifdef USE_NGHTTP2
+@@ -642,8 +642,9 @@ static CURLcode readwrite_data(struct Curl_easy *data,
+       else
+ #endif
+         DEBUGF(infof(data, "nread <= 0, server closed connection, bailing"));
+-      k->keepon &= ~KEEP_RECV;
+-      break;
++      k->keepon = 0; /* stop sending as well */
++      if(!is_empty_data)
++        break;
+     }
+
+     /* Default buffer to use when we write the buffer, it may be changed
+--
+2.33.0

backport-transfer-refuse-POSTFIELDS-RESUME_FROM-combo.patch

@@ -0,0 +1,42 @@
+From fb7886b9c95009a837f584caf4943a455f3daa60 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Mon, 8 May 2023 00:12:25 +0200
+Subject: [PATCH] transfer: refuse POSTFIELDS + RESUME_FROM combo
+
+The code assumes that such a resume is wanting to continue an upload
+using the read callback, and since POSTFIELDS is done without callback
+libcurl will just misbehave.
+
+This combo will make the transfer fail with CURLE_BAD_FUNCTION_ARGUMENT
+with an explanation in the error message.
+
+Reported-by: Smackd0wn on github
+Fixes #11081
+Closes #11083
+
+Conflict: NA
+Reference: https://github.com/curl/curl/commit/fb7886b9c95009a837f584caf4943a455f3daa60
+---
+ lib/transfer.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/lib/transfer.c b/lib/transfer.c
+index 947070956..d2ff0c24c 100644
+--- a/lib/transfer.c
++++ b/lib/transfer.c
+@@ -1325,6 +1325,12 @@ CURLcode Curl_pretransfer(struct Curl_easy *data)
+     }
+   }
+ 
++  if(data->set.postfields && data->set.set_resume_from) {
++    /* we can't */
++    failf(data, "cannot mix POSTFIELDS with RESUME_FROM");
++    return CURLE_BAD_FUNCTION_ARGUMENT;
++  }
++
+   data->state.prefer_ascii = data->set.prefer_ascii;
+   data->state.list_only = data->set.list_only;
+   data->state.httpreq = data->set.method;
+-- 
+2.33.0
+

backport-url-fix-null-dispname-for-connect-to-option.patch

@@ -0,0 +1,44 @@
+From ac5ad5214261a2237bdbe344708f9d32c9393fd6 Mon Sep 17 00:00:00 2001
+From: Shohei Maeda <11495867+smaeda-ks@users.noreply.github.com>
+Date: Fri, 12 May 2023 21:06:26 +0900
+Subject: [PATCH] url: fix null dispname for --connect-to option
+
+Closes #11106
+
+Conflict: context adapt
+Reference: https://github.com/curl/curl/commit/ac5ad5214261a2237bdbe344708f9d32c9393fd6
+---
+ lib/url.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/lib/url.c b/lib/url.c
+index 71ca1b64e..de70eee23 100644
+--- a/lib/url.c
++++ b/lib/url.c
+@@ -1816,11 +1816,6 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data,
+   result = Curl_idnconvert_hostname(data, &conn->host);
+   if(result)
+     return result;
+-  if(conn->bits.conn_to_host) {
+-    result = Curl_idnconvert_hostname(data, &conn->conn_to_host);
+-    if(result)
+-      return result;
+-  }
+ 
+ #ifndef CURL_DISABLE_HSTS
+   /* HSTS upgrade */
+@@ -3480,6 +3475,11 @@ static CURLcode create_conn(struct Curl_easy *data,
+       return result;
+   }
+ #endif
++  if(conn->bits.conn_to_host) {
++    result = Curl_idnconvert_hostname(data, &conn->conn_to_host);
++    if(result)
++      return result;
++  }
+ 
+   /*************************************************************
+    * Check whether the host and the "connect to host" are equal.
+-- 
+2.33.0
+

backport-url-move-back-the-IDN-conversion-of-proxy-names.patch

@@ -0,0 +1,72 @@
+From 37ca6f0f9a0040b6dc2d5f108cebaa4f7f6abced Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 17 Nov 2022 23:55:26 +0100
+Subject: [PATCH] url: move back the IDN conversion of proxy names
+
+Regression: in commit 53bcf55 we moved the IDN conversion calls to
+happen before the HSTS checks. But the HSTS checks are only done on the
+server host name, not the proxy names. By moving the proxy name IDN
+conversions, we accidentally broke the verbose output showing the proxy
+name.
+
+This change moves back the IDN conversions for the proxy names to the
+place in the code path they were before 53bcf55.
+
+Reported-by: Andy Stamp
+Fixes #9937
+Closes #9939
+
+Conflict: NA
+Reference: https://github.com/curl/curl/commit/37ca6f0f9a0040b6dc2d5f108cebaa4f7f6abced
+---
+ lib/url.c | 27 +++++++++++++++------------
+ 1 file changed, 15 insertions(+), 12 deletions(-)
+
+diff --git a/lib/url.c b/lib/url.c
+index f2ad31742..78f01c442 100644
+--- a/lib/url.c
++++ b/lib/url.c
+@@ -2060,18 +2060,6 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data,
+     if(result)
+       return result;
+   }
+-#ifndef CURL_DISABLE_PROXY
+-  if(conn->bits.httpproxy) {
+-    result = Curl_idnconvert_hostname(data, &conn->http_proxy.host);
+-    if(result)
+-      return result;
+-  }
+-  if(conn->bits.socksproxy) {
+-    result = Curl_idnconvert_hostname(data, &conn->socks_proxy.host);
+-    if(result)
+-      return result;
+-  }
+-#endif
+ 
+ #ifndef CURL_DISABLE_HSTS
+   /* HSTS upgrade */
+@@ -3731,6 +3719,21 @@ static CURLcode create_conn(struct Curl_easy *data,
+   if(result)
+     goto out;
+ 
++  /*************************************************************
++   * IDN-convert the proxy hostnames
++   *************************************************************/
++#ifndef CURL_DISABLE_PROXY
++  if(conn->bits.httpproxy) {
++    result = Curl_idnconvert_hostname(data, &conn->http_proxy.host);
++    if(result)
++      return result;
++  }
++  if(conn->bits.socksproxy) {
++    result = Curl_idnconvert_hostname(data, &conn->socks_proxy.host);
++    if(result)
++      return result;
++  }
++#endif
+ 
+   /*************************************************************
+    * Check whether the host and the "connect to host" are equal.
+-- 
+2.33.0
+

backport-urlapi-make-sure-zoneid-is-also-duplicated-in-curl_u.patch

@@ -0,0 +1,116 @@
+From 49e244318672c688097c1bf601a110005cd9a6a8 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Mon, 31 Jul 2023 10:07:35 +0200
+Subject: [PATCH] urlapi: make sure zoneid is also duplicated in curl_url_dup
+
+Add several curl_url_dup() tests to the general lib1560 test.
+
+Reported-by: Rutger Broekhoff
+Bug: https://curl.se/mail/lib-2023-07/0047.html
+Closes #11549
+
+Conflict: tests/libtest/lib1560.c for context adapt
+Reference: https://github.com/curl/curl/commit/49e244318672c688097c1bf601a110005cd9a6a8
+---
+ lib/urlapi.c            |  1 +
+ tests/libtest/lib1560.c | 68 +++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 69 insertions(+)
+
+diff --git a/lib/urlapi.c b/lib/urlapi.c
+index 7f03862..b676c4d 100644
+--- a/lib/urlapi.c
++++ b/lib/urlapi.c
+@@ -1096,6 +1096,7 @@ CURLU *curl_url_dup(CURLU *in)
+     DUP(u, in, path);
+     DUP(u, in, query);
+     DUP(u, in, fragment);
++    DUP(u, in, zoneid);
+     u->portnum = in->portnum;
+   }
+   return u;
+diff --git a/tests/libtest/lib1560.c b/tests/libtest/lib1560.c
+index b822004..960ee50 100644
+--- a/tests/libtest/lib1560.c
++++ b/tests/libtest/lib1560.c
+@@ -1129,10 +1129,78 @@ static int scopeid(void)
+   return error;
+ }
+ 
++
++static int urldup(void)
++{
++  const char *url[] = {
++    "http://"
++    "user:pwd@"
++    "[2a04:4e42:e00::347%25eth0]"
++    ":80"
++    "/path"
++    "?query"
++    "#fraggie",
++    "https://example.com",
++    "https://user@example.com",
++    "https://user.pwd@example.com",
++    "https://user.pwd@example.com:1234",
++    "https://example.com:1234",
++    "example.com:1234",
++    "https://user.pwd@example.com:1234/path?query#frag",
++    NULL
++  };
++  CURLU *copy = NULL;
++  char *h_str = NULL, *copy_str = NULL;
++  CURLU *h = curl_url();
++  int i;
++
++  if(!h)
++    goto err;
++
++  for(i = 0; url[i]; i++) {
++    CURLUcode rc = curl_url_set(h, CURLUPART_URL, url[i],
++                                CURLU_GUESS_SCHEME);
++    if(rc)
++      goto err;
++    copy = curl_url_dup(h);
++
++    rc = curl_url_get(h, CURLUPART_URL, &h_str, 0);
++    if(rc)
++      goto err;
++
++    rc = curl_url_get(copy, CURLUPART_URL, &copy_str, 0);
++    if(rc)
++      goto err;
++
++    if(strcmp(h_str, copy_str)) {
++      printf("Original:  %s\nParsed:    %s\nCopy:      %s\n",
++             url[i], h_str, copy_str);
++      goto err;
++    }
++    curl_free(copy_str);
++    curl_free(h_str);
++    curl_url_cleanup(copy);
++    copy_str = NULL;
++    h_str = NULL;
++    copy = NULL;
++  }
++  curl_url_cleanup(h);
++  return 0;
++err:
++  curl_free(copy_str);
++  curl_free(h_str);
++  curl_url_cleanup(copy);
++  curl_url_cleanup(h);
++  return 1;
++}
++
+ int test(char *URL)
+ {
+   (void)URL; /* not used */
+ 
++  if(urldup())
++    return 11;
++
+   if(scopeid())
+     return 6;
+ 
+-- 
+2.33.0
+

backport-vtls-avoid-memory-leak-if-sha256-call-fails.patch

@@ -0,0 +1,44 @@
+From a4a5e438ae533c9af5e97457ae424c9189545105 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Mon, 12 Jun 2023 14:10:37 +0200
+Subject: [PATCH] vtls: avoid memory leak if sha256 call fails
+
+... in the pinned public key handling function.
+
+Reported-by: lizhuang0630 on github
+Fixes #11306
+Closes #11307
+
+Conflict: Curl_base64_encode function adapt
+Reference: https://github.com/curl/curl/commit/a4a5e438ae533c9af5e97457ae424c9189545105
+---
+ lib/vtls/vtls.c | 12 +++++-------
+ 1 file changed, 5 insertions(+), 7 deletions(-)
+
+diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c
+index a4ff7d61a..cdd3a4fdc 100644
+--- a/lib/vtls/vtls.c
++++ b/lib/vtls/vtls.c
+@@ -907,14 +907,12 @@ CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data,
+     if(!sha256sumdigest)
+       return CURLE_OUT_OF_MEMORY;
+     encode = Curl_ssl->sha256sum(pubkey, pubkeylen,
+-                        sha256sumdigest, CURL_SHA256_DIGEST_LENGTH);
++                                 sha256sumdigest, CURL_SHA256_DIGEST_LENGTH);
+ 
+-    if(encode != CURLE_OK)
+-      return encode;
+-
+-    encode = Curl_base64_encode(data, (char *)sha256sumdigest,
+-                                CURL_SHA256_DIGEST_LENGTH, &encoded,
+-                                &encodedlen);
++    if(!encode)
++      encode = Curl_base64_encode(data, (char *)sha256sumdigest,
++                                  CURL_SHA256_DIGEST_LENGTH, &encoded,
++                                  &encodedlen);
+     Curl_safefree(sha256sumdigest);
+ 
+     if(encode)
+-- 
+2.33.0
+

curl.spec

@@ -6,7 +6,7 @@
 
 Name:           curl
 Version:        7.79.1
-Release:        24
+Release:        29
 Summary:        Curl is used in command lines or scripts to transfer data
 License:        MIT
 URL:            https://curl.haxx.se/
@@ -75,6 +75,34 @@ Patch61:        backport-hostcheck-fix-host-name-wildcard-checking.patch
 Patch62:        backport-CVE-2023-32001.patch
 Patch63:	backport-CVE-2023-38545.patch
 Patch64:	backport-CVE-2023-38546.patch
+Patch65:        backport-CVE-2023-46218.patch
+Patch66:        backport-0001-CVE-2023-46219.patch
+Patch67:        backport-0002-CVE-2023-46219.patch
+Patch68:        backport-tool_progress-avoid-division-by-zero-in-parallel-pro.patch
+Patch69:        backport-digest-pass-over-leading-spaces-in-qop-values.patch
+Patch70:        backport-Curl_close-call-Curl_resolver_cancel-to-avoid-memory.patch
+Patch71:        backport-easy-fix-the-altsvc-init-for-curl_easy_duphandle.patch
+Patch72:        backport-libssh-if-sftp_init-fails-don-t-get-the-sftp-error-c.patch
+Patch73:        backport-url-move-back-the-IDN-conversion-of-proxy-names.patch
+Patch74:        backport-ftp-support-growing-files-with-CURLOPT_IGNORE_CONTEN.patch
+Patch75:        backport-http-fix-the-1-comparison-for-IPv6-localhost-for-coo.patch
+Patch76:        backport-multi-free-up-more-data-earleier-in-DONE.patch
+Patch77:        backport-curl_path-bring-back-support-for-SFTP-path-ending-in.patch
+Patch78:        backport-transfer-refuse-POSTFIELDS-RESUME_FROM-combo.patch
+Patch79:        backport-tool_operate-refuse-data-or-form-and-continue-at-com.patch
+Patch80:        backport-http-free-the-url-before-storing-a-new-copy.patch
+Patch81:        backport-url-fix-null-dispname-for-connect-to-option.patch
+Patch82:        backport-vtls-avoid-memory-leak-if-sha256-call-fails.patch
+Patch83:        backport-urlapi-make-sure-zoneid-is-also-duplicated-in-curl_u.patch
+Patch84:        backport-transfer-also-stop-the-sending-on-closed-connection.patch
+Patch85:        backport-openssl-avoid-BN_num_bits-NULL-pointer-derefs.patch
+Patch86:        backport-CVE-2024-2398.patch
+Patch87:        backport-paramhlp-fix-CRLF-stripping-files-with-d-file.patch
+Patch88:        backport-libssh2-set-length-to-0-if-strdup-failed.patch
+Patch89:        backport-openldap-create-ldap-URLs-correctly-for-IPv6-addresses.patch
+Patch90:        backport-multi-avoid-memory-leak-risk.patch
+Patch91:        backport-tool_cb_rea-limit-rate-unpause-for-T-.-uploads.patch
+Patch92:        backport-tool_cfgable-free-proxy_-cipher13_list-on-exit.patch
 
 BuildRequires:  automake brotli-devel coreutils gcc groff krb5-devel
 BuildRequires:  libidn2-devel libnghttp2-devel libpsl-devel
@@ -243,6 +271,57 @@ rm -rf ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 %{_mandir}/man3/*
 
 %changelog
+* Mon Jun 24 2024 zhouyihang <zhouyihang3@h-partners.com> - 7.79.1-29
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:paramhlp: fix CRLF-stripping files with "-d @file"
+       libssh2: set length to 0 if strdup failed
+       openldap: create ldap URLs correctly for IPv6 addresses
+       multi: avoid memory-leak risk
+       tool_cb_rea: limit rate unpause for -T . uploads
+       tool_cfgable: free {proxy_}cipher13_list on exit
+
+* Fri Mar 29 2024 zhouyihang <zhouyihang3@h-partners.com> - 7.79.1-28
+- Type:CVE
+- CVE:CVE-2024-2398
+- SUG:NA
+- DESC:fix CVE-2024-2398
+
+* Fri Jan 05 2024 zhouyihang <zhouyihang3@h-partners.com> - 7.79.1-27
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:transfer: also stop the sending on closed connection
+       openssl: avoid BN_num_bits() NULL pointer derefs
+
+* Wed Jan 03 2024 zhouyihang <zhouyihang3@h-partners.com> - 7.79.1-26
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:tool_progress: avoid division by zero in parallel progress
+       digest: pass over leading spaces in qop values
+       Curl_close: call Curl_resolver_cancel to avoid memory-leak
+       easy: fix the altsvc init for curl_easy_duphandle
+       libssh: if sftp_init fails, don't get the sftp error code
+       url: move back the IDN conversion of proxy names
+       ftp: support growing files with CURLOPT_IGNORE_CONTENT_LENGTH
+       http: fix the ::1 comparison for IPv6 localhost for cookies
+       multi: free up more data earleier in DONE
+       curl_path: bring back support for SFTP path ending in /~
+       transfer: refuse POSTFIELDS + RESUME_FROM combo
+       tool_operate: refuse (--data or --form) and --continue-at
+       http: free the url before storing a new copy
+       url: fix null dispname for --connect-to option
+       vtls: avoid memory leak if sha256 call fails
+       urlapi: make sure zoneid is also duplicated in curl_url_dup
+
+* Fri Dec 08 2023 zhouyihang <zhouyihang3@h-partners.com> - 7.79.1-25
+- Type:CVE
+- CVE:CVE-2023-46218 CVE-2023-46219
+- SUG:NA
+- DESC:fix CVE-2023-46218 CVE-2023-46219
+
 * Wed Oct 11 2023 Funda Wang <fundawang@yeah.net> - 7.79.1-24
 - Type:CVE
 - CVE:CVE-2023-38545, CVE-2023-38546