From 29f5f3246308dab1bc7d971a687f104849898115 Mon Sep 17 00:00:00 2001
From: naddy <naddy@openbsd.org>
Date: Wed, 6 May 2026 13:52:52 +0000
Subject: [PATCH] net/curl: update to 8.20.0

Changes:
* drop support for SMB

Includes fixes for
CVE-2026-4873: connection reuse ignores TLS requirement
CVE-2026-5545: wrong reuse of HTTP Negotiate connection
CVE-2026-5773: wrong reuse of SMB connection
CVE-2026-6253: proxy credentials leak over redirect-to proxy
CVE-2026-6276: stale custom cookie host causes cookie leak
CVE-2026-6429: netrc credential leak with reused proxy connection
CVE-2026-7168: cross-proxy Digest auth state leak
---
 net/curl/Makefile                           | 6 ++++--
 net/curl/distinfo                           | 4 ++--
 net/curl/patches/patch-m4_curl-compilers_m4 | 4 ++--
 net/curl/pkg/PLIST                          | 3 +++
 4 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/net/curl/Makefile b/net/curl/Makefile
index d19d515d0ea..4fbb6b13a5a 100644
--- a/net/curl/Makefile
+++ b/net/curl/Makefile
@@ -1,7 +1,7 @@
 COMMENT=	transfer files with FTP, HTTP, HTTPS, etc.
 
-DISTNAME=	curl-8.19.0
-SHARED_LIBS=	curl                 26.34    # 12.0
+DISTNAME=	curl-8.20.0
+SHARED_LIBS=	curl                 26.35    # 12.0
 CATEGORIES=	net
 HOMEPAGE=	https://curl.se/
 
@@ -32,6 +32,8 @@ CONFIGURE_ARGS=	--disable-ldap \
 		--without-zstd \
 		--with-zsh-functions-dir \
 		--with-fish-functions-dir
+# disabled by default, enable in -stable
+#CONFIGURE_ARGS+=--enable-ntlm --enable-smb
 
 DEBUG_PACKAGES=	${BUILD_PACKAGES}
 
diff --git a/net/curl/distinfo b/net/curl/distinfo
index a6f3ad5afe4..a51ea4fbdd7 100644
--- a/net/curl/distinfo
+++ b/net/curl/distinfo
@@ -1,2 +1,2 @@
-SHA256 (curl-8.19.0.tar.xz) = TrQUiXkNGeGQ16x+GOgoV83Wivj05mspLO1WLTM/Ed8=
-SIZE (curl-8.19.0.tar.xz) = 2787584
+SHA256 (curl-8.20.0.tar.xz) = Y/4twUi6DOromSLvg49+XJRicsLni3xZ+rS3nTziuJY=
+SIZE (curl-8.20.0.tar.xz) = 2834456
diff --git a/net/curl/patches/patch-m4_curl-compilers_m4 b/net/curl/patches/patch-m4_curl-compilers_m4
index b7ae5137f81..ddc6f6f9dde 100644
--- a/net/curl/patches/patch-m4_curl-compilers_m4
+++ b/net/curl/patches/patch-m4_curl-compilers_m4
@@ -9,12 +9,12 @@ Do not override optimization flags in CFLAGS.
 Index: m4/curl-compilers.m4
 --- m4/curl-compilers.m4.orig
 +++ m4/curl-compilers.m4
-@@ -711,7 +711,7 @@ AC_DEFUN([CURL_SET_COMPILER_OPTIMIZE_OPTS], [
+@@ -709,7 +709,7 @@ AC_DEFUN([CURL_SET_COMPILER_OPTIMIZE_OPTS], [
      tmp_options=""
      tmp_CFLAGS="$CFLAGS"
      tmp_CPPFLAGS="$CPPFLAGS"
 -    honor_optimize_option="yes"
 +    honor_optimize_option="no"
-     #
+ 
      dnl If optimization request setting has not been explicitly specified,
      dnl it has been derived from the debug setting and initially assumed.
diff --git a/net/curl/pkg/PLIST b/net/curl/pkg/PLIST
index d87b43bbf59..8d959a45686 100644
--- a/net/curl/pkg/PLIST
+++ b/net/curl/pkg/PLIST
@@ -82,6 +82,7 @@ lib/pkgconfig/libcurl.pc
 @man man/man3/CURLINFO_RTSP_SERVER_CSEQ.3
 @man man/man3/CURLINFO_RTSP_SESSION_ID.3
 @man man/man3/CURLINFO_SCHEME.3
+@man man/man3/CURLINFO_SIZE_DELIVERED.3
 @man man/man3/CURLINFO_SIZE_DOWNLOAD.3
 @man man/man3/CURLINFO_SIZE_DOWNLOAD_T.3
 @man man/man3/CURLINFO_SIZE_UPLOAD.3
@@ -120,6 +121,8 @@ lib/pkgconfig/libcurl.pc
 @man man/man3/CURLMOPT_PIPELINING_SITE_BL.3
 @man man/man3/CURLMOPT_PUSHDATA.3
 @man man/man3/CURLMOPT_PUSHFUNCTION.3
+@man man/man3/CURLMOPT_QUICK_EXIT.3
+@man man/man3/CURLMOPT_RESOLVE_THREADS_MAX.3
 @man man/man3/CURLMOPT_SOCKETDATA.3
 @man man/man3/CURLMOPT_SOCKETFUNCTION.3
 @man man/man3/CURLMOPT_TIMERDATA.3