automatic import of curlopeneuler22.03_LTS_SP2openeuler22.03_LTSopeneuler20.03

7 files changed, 648 insertions, 0 deletions

diff --git a/.gitignore b/.gitignore
index e69de29..18eb6b8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1 @@
+/curl-8.1.2.tar.xz
diff --git a/backport-0101-curl-7.32.0-multilib.patch b/backport-0101-curl-7.32.0-multilib.patch
new file mode 100644
index 0000000..b4f8e2a
--- /dev/null
+++ b/backport-0101-curl-7.32.0-multilib.patch
@@ -0,0 +1,91 @@
+From 2a4754a3a7cf60ecc36d83cbe50b8c337cb87632 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Fri, 12 Apr 2013 12:04:05 +0200
+Subject: [PATCH] prevent multilib conflicts on the curl-config script
+
+---
+ curl-config.in     | 23 +++++------------------
+ docs/curl-config.1 |  4 +++-
+ libcurl.pc.in      |  1 +
+ 3 files changed, 9 insertions(+), 19 deletions(-)
+
+diff --git a/curl-config.in b/curl-config.in
+index 150004d..95d0759 100644
+--- a/curl-config.in
++++ b/curl-config.in
+@@ -78,7 +78,7 @@ while test $# -gt 0; do
+         ;;
+ 
+     --cc)
+-        echo "@CC@"
++        echo "gcc"
+         ;;
+ 
+     --prefix)
+@@ -157,32 +157,19 @@ while test $# -gt 0; do
+         ;;
+ 
+     --libs)
+-        if test "X@libdir@" != "X/usr/lib" -a "X@libdir@" != "X/usr/lib64"; then
+-           CURLLIBDIR="-L@libdir@ "
+-        else
+-           CURLLIBDIR=""
+-        fi
+-        if test "X@ENABLE_SHARED@" = "Xno"; then
+-          echo ${CURLLIBDIR}-lcurl @LIBCURL_LIBS@
+-        else
+-          echo ${CURLLIBDIR}-lcurl
+-        fi
++        echo -lcurl
+         ;;
+     --ssl-backends)
+         echo "@SSL_BACKENDS@"
+         ;;
+ 
+     --static-libs)
+-        if test "X@ENABLE_STATIC@" != "Xno" ; then
+-          echo "@libdir@/libcurl.@libext@" @LDFLAGS@ @LIBCURL_LIBS@
+-        else
+-          echo "curl was built with static libraries disabled" >&2
+-          exit 1
+-        fi
++        echo "curl was built with static libraries disabled" >&2
++        exit 1
+         ;;
+ 
+     --configure)
+-        echo @CONFIGURE_OPTIONS@
++        pkg-config libcurl --variable=configure_options | sed 's/^"//;s/"$//'
+         ;;
+ 
+     *)
+diff --git a/docs/curl-config.1 b/docs/curl-config.1
+index 14a9d2b..ffcc004 100644
+--- a/docs/curl-config.1
++++ b/docs/curl-config.1
+@@ -72,7 +72,9 @@ no, one or several names. If more than one name, they will appear
+ comma-separated. (Added in 7.58.0)
+ .IP "--static-libs"
+ Shows the complete set of libs and other linker options you will need in order
+-to link your application with libcurl statically. (Added in 7.17.1)
++to link your application with libcurl statically. Note that Fedora/RHEL libcurl
++packages do not provide any static libraries, thus cannot be linked statically.
++(Added in 7.17.1)
+ .IP "--version"
+ Outputs version information about the installed libcurl.
+ .IP "--vernum"
+diff --git a/libcurl.pc.in b/libcurl.pc.in
+index 2ba9c39..f8f8b00 100644
+--- a/libcurl.pc.in
++++ b/libcurl.pc.in
+@@ -31,6 +31,7 @@ libdir=@libdir@
+ includedir=@includedir@
+ supported_protocols="@SUPPORT_PROTOCOLS@"
+ supported_features="@SUPPORT_FEATURES@"
++configure_options=@CONFIGURE_OPTIONS@
+ 
+ Name: libcurl
+ URL: https://curl.se/
+-- 
+2.26.2
+
diff --git a/backport-CVE-2023-32001.patch b/backport-CVE-2023-32001.patch
new file mode 100644
index 0000000..8827596
--- /dev/null
+++ b/backport-CVE-2023-32001.patch
@@ -0,0 +1,37 @@
+From 0c667188e0c6cda615a036b8a2b4125f2c404dde Mon Sep 17 00:00:00 2001
+From: SaltyMilk <soufiane.elmelcaoui@gmail.com>
+Date: Mon, 10 Jul 2023 21:43:28 +0200
+Subject: [PATCH] fopen: optimize
+
+Closes #11419
+---
+ lib/fopen.c | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/lib/fopen.c b/lib/fopen.c
+index c9c9e3d6e..b6e3caddd 100644
+--- a/lib/fopen.c
++++ b/lib/fopen.c
+@@ -56,13 +56,13 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char *filename,
+   int fd = -1;
+   *tempname = NULL;
+ 
+-  if(stat(filename, &sb) == -1 || !S_ISREG(sb.st_mode)) {
+-    /* a non-regular file, fallback to direct fopen() */
+-    *fh = fopen(filename, FOPEN_WRITETEXT);
+-    if(*fh)
+-      return CURLE_OK;
++  *fh = fopen(filename, FOPEN_WRITETEXT);
++  if(!*fh)
+     goto fail;
+-  }
++  if(fstat(fileno(*fh), &sb) == -1 || !S_ISREG(sb.st_mode))
++    return CURLE_OK;
++  fclose(*fh);
++  *fh = NULL;
+ 
+   result = Curl_rand_hex(data, randsuffix, sizeof(randsuffix));
+   if(result)
+-- 
+2.33.0
+
diff --git a/backport-curl-7.84.0-test3026.patch b/backport-curl-7.84.0-test3026.patch
new file mode 100644
index 0000000..1098583
--- /dev/null
+++ b/backport-curl-7.84.0-test3026.patch
@@ -0,0 +1,71 @@
+From 279b990727a1fd3e2828fbbd80581777e4200b67 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Mon, 27 Jun 2022 16:50:57 +0200
+Subject: [PATCH] test3026: disable valgrind
+
+It fails on x86_64 with:
+```
+ Use --max-threads=INT to specify a larger number of threads
+ and rerun valgrind
+ valgrind: the 'impossible' happened:
+    Max number of threads is too low
+ host stacktrace:
+ ==174357==    at 0x58042F5A: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
+ ==174357==    by 0x58043087: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
+ ==174357==    by 0x580432EF: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
+ ==174357==    by 0x58043310: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
+ ==174357==    by 0x58099E77: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
+ ==174357==    by 0x580E67E9: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
+ ==174357==    by 0x5809D59D: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
+ ==174357==    by 0x5809901A: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
+ ==174357==    by 0x5809B0B6: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
+ ==174357==    by 0x580E4050: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
+ sched status:
+   running_tid=1
+ Thread 1: status = VgTs_Runnable syscall 56 (lwpid 174357)
+ ==174357==    at 0x4A07816: clone (in /usr/lib64/libc.so.6)
+ ==174357==    by 0x4A08720: __clone_internal (in /usr/lib64/libc.so.6)
+ ==174357==    by 0x4987ACF: create_thread (in /usr/lib64/libc.so.6)
+ ==174357==    by 0x49885F6: pthread_create@@GLIBC_2.34 (in /usr/lib64/libc.so.6)
+ ==174357==    by 0x1093B5: test.part.0 (lib3026.c:64)
+ ==174357==    by 0x492454F: (below main) (in /usr/lib64/libc.so.6)
+ client stack range: [0x1FFEFFC000 0x1FFF000FFF] client SP: 0x1FFEFFC998
+ valgrind stack range: [0x1002BAA000 0x1002CA9FFF] top usage: 11728 of 1048576
+[...]
+```
+---
+ tests/data/test3026     | 3 +++
+ tests/libtest/lib3026.c | 4 ++--
+ 2 files changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/tests/data/test3026 b/tests/data/test3026
+index fb80cc8..01f2ba5 100644
+--- a/tests/data/test3026
++++ b/tests/data/test3026
+@@ -41,5 +41,8 @@ none
+ <errorcode>
+ 0
+ </errorcode>
++<valgrind>
++disable
++</valgrind>
+ </verify>
+ </testcase>
+diff --git a/tests/libtest/lib3026.c b/tests/libtest/lib3026.c
+index 43fe335..70cd7a4 100644
+--- a/tests/libtest/lib3026.c
++++ b/tests/libtest/lib3026.c
+@@ -147,8 +147,8 @@ int test(char *URL)
+     results[i] = CURL_LAST; /* initialize with invalid value */
+     res = pthread_create(&tids[i], NULL, run_thread, &results[i]);
+     if(res) {
+-      fprintf(stderr, "%s:%d Couldn't create thread, errno %d\n",
+-              __FILE__, __LINE__, res);
++      fprintf(stderr, "%s:%d Couldn't create thread, i=%u, errno %d\n",
++              __FILE__, __LINE__, i, res);
+       tid_count = i;
+       test_failure = -1;
+       goto cleanup;
+-- 
+2.37.1
+
diff --git a/backport-curl-7.88.0-tests-warnings.patch b/backport-curl-7.88.0-tests-warnings.patch
new file mode 100644
index 0000000..04b2ba2
--- /dev/null
+++ b/backport-curl-7.88.0-tests-warnings.patch
@@ -0,0 +1,30 @@
+From d506d885aa16b4a87acbac082eea41dccdc7b69f Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Wed, 15 Feb 2023 10:42:38 +0100
+Subject: [PATCH] Revert "runtests: consider warnings fatal and error on them"
+
+While it might be useful for upstream developers, it is not so useful
+for downstream consumers.
+
+This reverts upstream commit 22f795c834cfdbacbb1b55426028a581e3cf67a8.
+---
+ tests/runtests.pl | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/tests/runtests.pl b/tests/runtests.pl
+index 71644ad18..0cf85c3fe 100755
+--- a/tests/runtests.pl
++++ b/tests/runtests.pl
+@@ -55,8 +55,7 @@
+ # given, this won't be a problem.
+ 
+ use strict;
+-# Promote all warnings to fatal
+-use warnings FATAL => 'all';
++use warnings;
+ use 5.006;
+ 
+ # These should be the only variables that might be needed to get edited:
+-- 
+2.39.1
+
diff --git a/curl.spec b/curl.spec
new file mode 100644
index 0000000..5c88cd8
--- /dev/null
+++ b/curl.spec
@@ -0,0 +1,417 @@
+#Global macro or variable
+%global libpsl_version %(pkg-config --modversion libpsl 2>/dev/null || echo 0)
+%global libssh_version %(pkg-config --modversion libssh 2>/dev/null || echo 0)
+%global openssl_version %({ pkg-config --modversion openssl 2>/dev/null || echo 0;} | sed 's|-|-0.|')
+%global _configure ../configure
+
+Name:           curl
+Version:        8.1.2
+Release:        2
+Summary:        Curl is used in command lines or scripts to transfer data
+License:        curl
+URL:            https://curl.se/
+Source:         https://curl.se/download/curl-%{version}.tar.xz
+
+Patch1:         backport-0101-curl-7.32.0-multilib.patch
+Patch2:         backport-curl-7.84.0-test3026.patch
+Patch4:         backport-curl-7.88.0-tests-warnings.patch
+Patch5:         backport-CVE-2023-32001.patch
+
+BuildRequires:  automake brotli-devel coreutils gcc groff krb5-devel
+BuildRequires:  libidn2-devel libnghttp2-devel libpsl-devel
+BuildRequires:  libssh-devel make openldap-devel openssh-clients openssh-server
+BuildRequires:  openssl-devel perl-interpreter pkgconfig python3-devel sed
+BuildRequires:  zlib-devel gnutls-utils nghttp2 perl(IO::Compress::Gzip)
+BuildRequires:  perl(Getopt::Long) perl(Pod::Usage) perl(strict) perl(warnings)
+BuildRequires:  perl(Cwd) perl(Digest::MD5) perl(Exporter) perl(File::Basename)
+BuildRequires:  perl(File::Copy) perl(File::Spec) perl(IPC::Open2) perl(MIME::Base64)
+BuildRequires:  perl(Time::Local) perl(Time::HiRes) perl(vars) perl(Digest::SHA)
+
+%ifnarch aarch64
+BuildRequires:  stunnel
+%endif
+
+Requires:       libcurl = %{version}-%{release}
+Provides:       curl-full = %{version}-%{release} webclient
+
+%description
+cURL is a computer software project providing a library (libcurl) and
+command-line tool (curl) for transferring data using various protocols.
+
+%package -n 	libcurl
+Summary:	A library for getting files from web servers
+Requires:	libssh >= %{libssh_version} libpsl >= %{libpsl_version}
+Requires:       openssl-libs >= 1:%{openssl_version}
+Provides:	libcurl-full = %{version}-%{release} 
+Conflicts:	curl < 7.66.0-3
+
+%description -n libcurl
+A library for getting files from web servers.
+
+%package -n 	libcurl-devel
+Summary:	Header files for libcurl
+Requires:	libcurl = %{version}-%{release}
+Provides:	curl-devel = %{version}-%{release}
+Obsoletes:	curl-devel < %{version}-%{release}
+	
+%description -n libcurl-devel
+Header files for libcurl.
+
+%package_help
+
+%prep
+%autosetup -n %{name}-%{version} -p1
+
+echo "1801" >> tests/data/DISABLED
+
+# adapt test 323 for updated OpenSSL
+sed -e 's/^35$/35,52/' -i tests/data/test323
+# use localhost6 instead of ip6-localhost in the curl test-suite
+(
+    # avoid glob expansion in the trace output of `bash -x`
+    { set +x; } 2>/dev/null
+    cmd="sed -e 's|ip6-localhost|localhost6|' -i tests/data/test[0-9]*"
+    printf "+ %s\n" "$cmd" >&2
+    eval "$cmd"
+)
+
+%build
+# regenerate Makefile.in files
+aclocal -I m4
+automake
+
+install -d build-full
+export common_configure_opts="--cache-file=../config.cache \
+    --enable-hsts --enable-ipv6 --enable-symbol-hiding --enable-threaded-resolver \
+    --without-zstd --with-gssapi --with-libidn2 --with-nghttp2 --with-ssl \
+    --with-ca-bundle=%{_sysconfdir}/pki/tls/certs/ca-bundle.crt"
+
+%global _configure ../configure
+
+# configure full build
+(
+    cd build-full
+    %configure $common_configure_opts   \
+	--enable-dict                   \
+	--enable-gopher                 \
+	--enable-imap                   \
+	--enable-ldap                   \
+	--enable-ldaps                  \
+	--enable-manual                 \
+	--enable-mqtt                   \
+	--enable-ntlm                   \
+	--enable-ntlm-wb                \
+	--enable-pop3                   \
+	--enable-rtsp                   \
+	--enable-smb                    \
+	--enable-smtp                   \
+	--enable-telnet                 \
+	--enable-tftp                   \
+	--enable-tls-srp                \
+	--with-brotli                   \
+	--with-libpsl                   \
+	--with-libssh
+)
+
+sed -e 's/^runpath_var=.*/runpath_var=/' \
+    -e 's/^hardcode_libdir_flag_spec=".*"$/hardcode_libdir_flag_spec=""/' \
+    -i build-full/libtool
+
+%make_build V=1 -C build-full
+
+%check
+# compile upstream test-cases
+%make_build V=1 -C build-full/tests
+ 
+# relax crypto policy for the test-suite to make it pass again (#1610888)
+export OPENSSL_SYSTEM_CIPHERS_OVERRIDE=XXX
+export OPENSSL_CONF=
+ 
+# make runtests.pl work for out-of-tree builds
+export srcdir=../../tests
+ 
+# prevent valgrind from being extremely slow (#1662656)
+unset DEBUGINFOD_URLS
+ 
+# run the upstream test-suite for curl-full
+for size in full; do (
+    cd build-${size}
+ 
+    # we have to override LD_LIBRARY_PATH because we eliminated rpath
+    export LD_LIBRARY_PATH="${PWD}/lib/.libs"
+ 
+    cd tests
+    perl -I../../tests ../../tests/runtests.pl -a -n -p -v '!flaky'
+)
+done
+
+%install
+rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.{la,so}
+
+# install libcurl.m4 for devel
+install -D -m 644 docs/libcurl/libcurl.m4 $RPM_BUILD_ROOT%{_datadir}/aclocal/libcurl.m4
+
+# curl file install
+cd build-full
+%make_install
+
+# install zsh completion for curl
+LD_LIBRARY_PATH="$RPM_BUILD_ROOT%{_libdir}:$LD_LIBRARY_PATH" %make_install -C scripts
+
+# do not install /usr/share/fish/completions/curl.fish which is also installed
+# by fish-3.0.2-1.module_f31+3716+57207597 and would trigger a conflict
+rm -rf ${RPM_BUILD_ROOT}%{_datadir}/fish
+
+rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.a
+rm -rf ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
+
+%ldconfig_scriptlets
+
+%ldconfig_scriptlets -n libcurl
+
+%files
+%defattr(-,root,root)
+%license COPYING
+%{_bindir}/curl
+%{_datadir}/zsh
+
+%files -n libcurl
+%defattr(-,root,root)
+%{_libdir}/libcurl.so.4
+%{_libdir}/libcurl.so.4.[0-9].[0-9]
+
+%files -n libcurl-devel
+%defattr(-,root,root)
+%doc docs/examples/*.c docs/examples/Makefile.example docs/INTERNALS.md
+%doc docs/CONTRIBUTE.md docs/libcurl/ABI.md
+%{_bindir}/curl-config*
+%{_includedir}/curl
+%{_libdir}/*.so
+%{_libdir}/pkgconfig/*.pc
+%{_datadir}/aclocal/libcurl.m4
+
+%files help
+%defattr(-,root,root)
+%doc CHANGES README*
+%doc docs/BUGS.md docs/FAQ docs/FEATURES.md
+%doc docs/TheArtOfHttpScripting.md docs/TODO
+%{_mandir}/man1/curl.1*
+%{_mandir}/man1/curl-config.1*
+%{_mandir}/man3/*
+
+%changelog
+* Thu Jul 20 2023 zhouyihang <zhouyihang3@h-partners.com> - 8.1.2-2
+- Type:CVE
+- CVE:CVE-2023-32001
+- SUG:NA
+- DESC:fix CVE-2023-32001
+
+* Sat Jul 15 2023 gaihuiying <eaglegai@163.com> - 8.1.2-1
+- Type:requirement
+- CVE:NA
+- SUG:NA
+- DESC:update to curl 8.1.2
+
+* Sat Jun 10 2023 zhouyihang <zhouyihang3@h-partners.com> - 7.88.1-4
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:disable valgrind in tests
+
+* Thu Jun 08 2023 xingwei <xingwei14@h-partners.com> - 7.88.1-3
+- Type:CVE
+- CVE:CVE-2023-28320,CVE-2023-28321,CVE-2023-28322
+- SUG:NA
+- DESC:fix CVE-2023-28320,CVE-2023-28321,CVE-2023-28322
+
+* Wed Mar 22 2023 zengwefeng <zwfeng@huawei.com> - 7.88.1-2
+- Type:cves
+- ID:CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27537 CVE-2023-27538
+- SUG:NA
+- DESC:fix CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27537 CVE-2023-27538
+
+
+* Thu Mar 02 2023 xinghe <xinghe2@h-partners.com> - 7.88.1-1
+- Type:requirements
+- ID:NA
+- SUG:NA
+- DESC:upgrade to 7.88.1
+
+* Sat Feb 18 2023 xinghe <xinghe2@h-partners.com> - 7.86.0-3
+- Type:cves
+- ID:CVE-2023-23914 CVE-2023-23915 CVE-2023-23916
+- SUG:NA
+- DESC:fix CVE-2023-23914 CVE-2023-23915 CVE-2023-23916
+
+* Thu Dec 22 2022 zhouyihang <zhouyihang3@h-partners.com> - 7.86.0-2
+- Type:cves
+- ID:CVE-2022-43551 CVE-2022-43552
+- SUG:NA
+- DESC:fix CVE-2022-43551 CVE-2022-43552
+
+* Wed Nov 16 2022 xinghe <xinghe2@h-partners.com> - 7.86.0-1
+- Type:requirements
+- ID:NA
+- SUG:NA
+- DESC:upgrade to 7.86.0
+
+* Thu Oct 27 2022 yanglu <yanglu72@h-partners.com> - 7.79.1-12
+- Type:cves
+- CVE:CVE-2022-32221 CVE-2022-42915 CVE-2022-42916
+- SUG:NA
+- DESC:fix CVE-2022-32221 CVE-2022-42915 CVE-2022-42916
+
+* Tue Oct 11 2022 huangduirong <huangduirong@huawei.com> - 7.79.1-11
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:Move autoreconf to build
+
+* Thu Sep 01 2022 zhouyihang <zhouyihang@h-partners.com> - 7.79.1-10
+- Type:cves
+- CVE:CVE-2022-35252
+- SUG:NA
+- DESC:fix CVE-2022-35252
+
+* Thu Jul 28 2022 gaihuiying <eaglegai@163.com> - 7.79.1-9
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:just rebuild release to 7.79.1-9
+
+* Mon Jul 25 2022 gaihuiying <eaglegai@163.com> - 7.79.1-8
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:fix build error when add --disable-http-auth configure option
+
+* Tue Jul 05 2022 gaihuiying <eaglegai@163.com> - 7.79.1-7
+- Type:cves
+- CVE:CVE-2022-32207
+- SUG:NA
+- DESC:fix CVE-2022-32207 better
+
+* Wed Jun 29 2022 gaihuiying <eaglegai@163.com> - 7.79.1-6
+- Type:cves
+- CVE:CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208
+- SUG:NA
+- DESC:fix CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208
+
+* Tue May 17 2022 gaihuiying <eaglegai@163.com> - 7.79.1-5
+- Type:cves
+- CVE:CVE-2022-27781 CVE-2022-27782
+- SUG:NA
+- DESC:fix CVE-2022-27781 CVE-2022-27782
+
+* Sat May 14 2022 gaoxingwang <gaoxingwang1@huawei.com> - 7.79.1-4
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:fix dict and neg telnet server start fail in upstream testcase
+
+* Fri May 06 2022 gaihuiying <eaglegai@163.com> - 7.79.1-3
+- Type:cves
+- CVE:CVE-2022-22576 CVE-2022-27774 CVE-2022-27775 CVE-2022-27776
+- SUG:NA
+- DESC:fix CVE-2022-22576 CVE-2022-27774 CVE-2022-27775 CVE-2022-27776
+
+* Mon Apr 25 2022 gaoxingwang <gaoxingwang1@huawei.com> - 7.79.1-2
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:enable check in spec
+
+* Thu Jan 20 2022 gaoxingwang <gaoxingwang@huawei.com> - 7.79.1-1
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:update curl to 7.79.1
+* Wed Sep 29 2021 yanglu <yanglu72@huawei.com> - 7.77.0-3
+- Type:CVE
+- CVE:CVE-2021-22945 CVE-2021-22946 CVE-2021-22947
+- SUG:NA
+- DESC:fix CVE-2021-22945 CVE-2021-22946CVE-2021-22947
+
+* Fri Aug 13 2021 gaihuiying <gaihuiying1@huawei.com> - 7.77.0-2
+- Type:CVE
+- CVE:CVE-2021-22925 CVE-2021-22926
+- SUG:NA
+- DESC:fix CVE-2021-22925 CVE-2021-22926
+
+* Thu Jul 8 2021 gaihuiying <gaihuiying1@huawei.com> - 7.77.0-1
+- Type:requirement
+- CVE:NA
+- SUG:NA
+- DESC:update curl to 7.77.0
+
+* Tue Jun 8 2021 gaihuiying <gaihuiying1@huawei.com> - 7.71.1-9
+- Type:CVE
+- CVE:CVE-2021-22897 CVE-2021-22898
+- SUG:NA
+- DESC:fix CVE-2021-22897 CVE-2021-22898
+
+* Tue Apr 20 2021 gaihuiying <gaihuiying1@huawei.com> - 7.71.1-8
+- Type:CVE
+- CVE:CVE-2021-22890
+- SUG:NA
+- DESC:fix CVE-2021-22890
+
+* Thu Apr 8 2021 xieliuhua <xieliuhua@huawei.com> - 7.71.1-7
+- Type:CVE
+- CVE:CVE-2021-22876
+- SUG:NA
+- DESC:fix CVE-2021-22876
+
+* Tue Jan 26 2021 wangxiaopeng <wangxiaopeng7@huawei.com> - 7.71.1-6
+- Type:CVE
+- CVE:CVE-2020-8285
+- SUG:NA
+- DESC:fix CVE-2020-8285
+
+* Tue Jan 19 2021 xielh2000 <xielh2000@163.com> - 7.71.1-5
+- Type:CVE
+- CVE:CVE-2020-8286
+- SUG:NA
+- DESC:fix CVE-2020-8286
+
+* Mon Jan 18 2021 xihaochen <xihaochen@huawei.com> - 7.71.1-4
+- Type:CVE
+- CVE:CVE-2020-8284
+- SUG:NA
+- DESC:fix CVE-2020-8284
+
+* Tue Jan 5 2021 gaihuiying <gaihuiying1@huawei.com> - 7.71.1-3
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:fix downgrade error
+
+* Mon Dec 28 2020 liuxin <liuxin264@huawei.com> - 7.71.1-2
+- Type:cves
+- ID:CVE-2020-8231
+- SUG:NA
+- DESC:fix CVE-2020-8231
+
+* Fri Jul 24 2020 zhujunhao <zhujunhao8@huawei.com> - 7.71.1-1
+- Update to 7.71.1
+
+* Thu Apr 9 2020 songnannan <songnannan2@huawei.com> - 7.66.0-3
+- split out the libcurl and libcurl-devel package 
+
+* Tue Mar 17 2020 chenzhen <chenzhen44@huawei.com> - 7.66.0-2
+- Type:cves
+- ID:CVE-2019-15601
+- SUG:NA
+- DESC:fix CVE-2019-15601
+
+* Sat Jan 11 2020 openEuler Buildteam <buildteam@openeuler.org> - 7.66.0-1
+- update to 7.66.0
+
+* Sat Dec 21 2019 openEuler Buildteam <buildteam@openeuler.org> - 7.61.1-4
+- Type:cves
+- ID:CVE-2019-5481 CVE-2019-5482
+- SUG:NA
+- DESC:fix CVE-2019-5481 CVE-2019-5482
+
+* Wed Sep 18 2019 guanyanjie <guanyanjie@huawei.com> - 7.61.1-3
+- Init for openEuler
diff --git a/sources b/sources
new file mode 100644
index 0000000..fcc429b
--- /dev/null
+++ b/sources
@@ -0,0 +1 @@
+1f7f6678b1342ad78f30e1dedd015fe2  curl-8.1.2.tar.xz