jay · April 8, 2025 20:58
diff --git a/curl ubuntu (update installed release).txt b/curl ubuntu (update installed release).txt
 ###############################################################################
 #
 # This is for when we have to update the installed version of curl, libpsl,
 # libssh2, nghttp2, openssl or zlib in Ubuntu 16 LTS. This is not a single
 # script.
 #
 # https://gist.github.com/jay/d88d74b6807544387a6c
 #

 ###############################################################################
 #
 # Set environment variables to latest versions
 # Paths must not have spaces (OpenSSL build process can't handle them)
 #

 show_runpath() { echo -e "\n$1:"; objdump -x "$1" | grep --color=never \
  RUNPATH; }

 show_needed() { echo -e "\n$1:"; readelf -d "$1" | grep --color=never \
  "(NEEDED\|RPATH\|RUNPATH)"; }

 CURL_VER=8.13.0
 CURL_PREFIX=/usr/local

 LIBPSL_VER=0.21.5
 LIBPSL_PREFIX=/usr/local

 LIBSSH2_VER=1.11.1
 LIBSSH2_PREFIX=/usr/local

 NGHTTP2_VER=1.65.0
 NGHTTP2_PREFIX=/usr/local

 OPENSSL_VER=3.5.0
 OPENSSL_PREFIX=/usr/local/ssl
 OPENSSLDIR_PREFIX=/usr/local/ssl

 ZLIB_VER=1.3.1
 ZLIB_PREFIX=/usr/local

 ###############################################################################
 #
 # To install self contained for test purposes, after setting the _VER vars do:
 #

 mkdir -p test && cd test
 CURL_PREFIX=$PWD
 LIBSSH2_PREFIX=$PWD
 NGHTTP2_PREFIX=$PWD
 OPENSSL_PREFIX=$PWD/ssl
 OPENSSLDIR_PREFIX=$PWD/ssl
 ZLIB_PREFIX=$PWD

 ###############################################################################
 #
 # Download zlib, verify, build, test, install. Takes 10 seconds.
 #

 sudo rm -rf "zlib-$ZLIB_VER" && \
 mkdir -p -m 0700 "zlib-$ZLIB_VER/.gnupg" && \
 curl --fail --location --proto-redir =https \
  -O https://zlib.net/zlib-$ZLIB_VER.tar.gz \
  -O https://zlib.net/zlib-$ZLIB_VER.tar.gz.asc && \
 \
 # https://madler.net/madler/pgp.html
 #
 gpg \
  --no-auto-key-locate \
  --no-default-keyring \
  --homedir "$PWD/zlib-$ZLIB_VER/.gnupg" \
  --keyring "$PWD/zlib-$ZLIB_VER/.gnupg/zlib.gpg" \
  --keyserver hkp://keyserver.ubuntu.com \
  --keyserver-options no-auto-key-retrieve \
  --recv-keys \
    5ED46A6721D365587791E2AA783FCD8E58BCAFBA \
  && \
 gpg \
  --no-auto-key-locate \
  --no-default-keyring \
  --homedir "$PWD/zlib-$ZLIB_VER/.gnupg" \
  --keyring "$PWD/zlib-$ZLIB_VER/.gnupg/zlib.gpg" \
  --keyserver hkp://keyserver.ubuntu.com \
  --keyserver-options no-auto-key-retrieve \
  --verify zlib-$ZLIB_VER.tar.gz.asc \
  && \
 tar xvfz zlib-$ZLIB_VER.tar.gz && \
 cd zlib-$ZLIB_VER && \
 \
 LDFLAGS="-Wl,--enable-new-dtags \
  -Wl,-rpath,$ZLIB_PREFIX/lib \
  " \
 ./configure --prefix=$ZLIB_PREFIX && \
 make && \
 make test && \
 sudo make install && \
 cd .. && \
 show_runpath $ZLIB_PREFIX/lib/libz.so && \
 echo -e "\n\nSuccess: Installed zlib $ZLIB_VER in $ZLIB_PREFIX\n"

 ###############################################################################
 #
 # Download libpsl, verify, build, test, install. Takes 10 seconds.
 #

 sudo rm -rf "libpsl-$LIBPSL_VER" && \
 mkdir -p -m 0700 "libpsl-$LIBPSL_VER/.gnupg" && \
 curl --fail --location --proto-redir =https \
  -O https://github.com/rockdaboot/libpsl/releases/download/\
 $LIBPSL_VER/libpsl-$LIBPSL_VER.tar.gz \
  -O https://github.com/rockdaboot/libpsl/releases/download/\
 $LIBPSL_VER/libpsl-$LIBPSL_VER.tar.gz.sig && \
 \
 gpg \
  --no-auto-key-locate \
  --no-default-keyring \
  --homedir "$PWD/libpsl-$LIBPSL_VER/.gnupg" \
  --keyring "$PWD/libpsl-$LIBPSL_VER/.gnupg/libpsl.gpg" \
  --keyserver hkp://keyserver.ubuntu.com \
  --keyserver-options no-auto-key-retrieve \
  --recv-keys \
    1CB27DBC98614B2D5841646D08302DB6A2670428 \
  && \
 gpg \
  --no-auto-key-locate \
  --no-default-keyring \
  --homedir "$PWD/libpsl-$LIBPSL_VER/.gnupg" \
  --keyring "$PWD/libpsl-$LIBPSL_VER/.gnupg/libpsl.gpg" \
  --keyserver hkp://keyserver.ubuntu.com \
  --keyserver-options no-auto-key-retrieve \
  --verify libpsl-$LIBPSL_VER.tar.gz.sig \
  && \
 tar xvfz libpsl-$LIBPSL_VER.tar.gz && \
 cd libpsl-$LIBPSL_VER && \
 \
 LDFLAGS="-Wl,--enable-new-dtags \
  -Wl,-rpath,$LIBPSL_PREFIX/lib \
  " \
 ./configure --prefix=$LIBPSL_PREFIX && \
 make && \
 sudo make install && \
 cd .. && \
 show_runpath $LIBPSL_PREFIX/lib/libpsl.so && \
 echo -e "\n\nSuccess: Installed libpsl $LIBPSL_VER in $LIBPSL_PREFIX\n"

 ###############################################################################
 #
 # Download OpenSSL, verify, build, test, install. Takes 20 minutes.
 #

 sudo rm -rf "openssl-$OPENSSL_VER" && \
 mkdir -p -m 0700 "openssl-$OPENSSL_VER/.gnupg" && \
 curl --fail --location --proto-redir =https \
  -O https://www.openssl.org/source/openssl-$OPENSSL_VER.tar.gz \
  -O https://www.openssl.org/source/openssl-$OPENSSL_VER.tar.gz.asc && \
 \
 # https://openssl-library.org/source/
 #
 gpg \
  --no-auto-key-locate \
  --no-default-keyring \
  --homedir "$PWD/openssl-$OPENSSL_VER/.gnupg" \
  --keyring "$PWD/openssl-$OPENSSL_VER/.gnupg/openssl.gpg" \
  --keyserver hkp://keyserver.ubuntu.com \
  --keyserver-options no-auto-key-retrieve \
  --recv-keys \
    BA5473A2B0587B07FB27CF2D216094DFD0CB81EF \
  && \
 gpg \
  --no-auto-key-locate \
  --no-default-keyring \
  --homedir "$PWD/openssl-$OPENSSL_VER/.gnupg" \
  --keyring "$PWD/openssl-$OPENSSL_VER/.gnupg/openssl.gpg" \
  --keyserver hkp://keyserver.ubuntu.com \
  --keyserver-options no-auto-key-retrieve \
  --verify openssl-$OPENSSL_VER.tar.gz.asc \
  && \
 tar xvfz openssl-$OPENSSL_VER.tar.gz && \
 cd openssl-$OPENSSL_VER && \
 \
 LDFLAGS="-Wl,--enable-new-dtags \
  -Wl,-rpath,$OPENSSL_PREFIX/lib \
  -Wl,-rpath,$ZLIB_PREFIX/lib \
  " \
 ./config shared no-zlib -Wl,--enable-new-dtags,-rpath,'$(LIBRPATH)' \
  --prefix=$OPENSSL_PREFIX --openssldir=$OPENSSLDIR_PREFIX --libdir=lib && \
 make && \
 make test && \
 sudo make install && \
 cd .. && \
 show_runpath $OPENSSL_PREFIX/lib/libcrypto.so && \
 show_runpath $OPENSSL_PREFIX/lib/libssl.so && \
 show_runpath $OPENSSL_PREFIX/bin/openssl && \
 echo -e "\n\n" && \
 $OPENSSL_PREFIX/bin/openssl version -a && \
 echo -e "\n\nSuccess: Installed OpenSSL $OPENSSL_VER in $OPENSSL_PREFIX\n"

 ###############################################################################
 #
 # Download nghttp2, verify, build, test, install. Takes 1 minute.
 #

 sudo rm -rf "nghttp2-$NGHTTP2_VER" && \
 curl --fail --location --proto-redir =https \
  -O https://github.com/tatsuhiro-t/nghttp2/releases/download/\
 v$NGHTTP2_VER/nghttp2-$NGHTTP2_VER.tar.gz && \
 tar xvfz nghttp2-$NGHTTP2_VER.tar.gz && \
 cd nghttp2-$NGHTTP2_VER && \
 \
 OPENSSL_CFLAGS=`PKG_CONFIG_PATH=$OPENSSL_PREFIX/lib/pkgconfig/ \
  pkg-config openssl --cflags` \
 OPENSSL_LIBS=`PKG_CONFIG_PATH=$OPENSSL_PREFIX/lib/pkgconfig/ \
  pkg-config openssl --libs` \
 LDFLAGS="-Wl,--enable-new-dtags \
  -Wl,-rpath,$NGHTTP2_PREFIX/lib \
  -Wl,-rpath,$OPENSSL_PREFIX/lib \
  -Wl,-rpath,$ZLIB_PREFIX/lib \
  " \
 ./configure --enable-lib-only \
  --prefix=$NGHTTP2_PREFIX && \
 make && \
 make check && \
 sudo make install && \
 cd .. && \
 show_runpath $NGHTTP2_PREFIX/lib/libnghttp2.so && \
 echo -e "\n\nSuccess: Installed nghttp2 $NGHTTP2_VER in $NGHTTP2_PREFIX\n"

 ###############################################################################
 #
 # Download libssh2, verify, build, test, install. Takes 1 minute.
 #

 sudo rm -rf "libssh2-$LIBSSH2_VER" && \
 mkdir -p -m 0700 "libssh2-$LIBSSH2_VER/.gnupg" && \
 curl --fail --location --proto-redir =https \
  -O https://libssh2.org/download/libssh2-$LIBSSH2_VER.tar.gz \
  -O https://libssh2.org/download/libssh2-$LIBSSH2_VER.tar.gz.asc && \
 \
 # https://daniel.haxx.se/address.html
 # https://github.com/curl/curl/issues/735
 #
 gpg \
  --no-auto-key-locate \
  --no-default-keyring \
  --homedir "$PWD/libssh2-$LIBSSH2_VER/.gnupg" \
  --keyring "$PWD/libssh2-$LIBSSH2_VER/.gnupg/libssh2.gpg" \
  --keyserver hkp://keyserver.ubuntu.com \
  --keyserver-options no-auto-key-retrieve \
  --recv-keys \
    27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2 \
  && \
 gpg \
  --no-auto-key-locate \
  --no-default-keyring \
  --homedir "$PWD/libssh2-$LIBSSH2_VER/.gnupg" \
  --keyring "$PWD/libssh2-$LIBSSH2_VER/.gnupg/libssh2.gpg" \
  --keyserver hkp://keyserver.ubuntu.com \
  --keyserver-options no-auto-key-retrieve \
  --verify libssh2-$LIBSSH2_VER.tar.gz.asc \
  && \
 tar xvfz libssh2-$LIBSSH2_VER.tar.gz && \
 cd libssh2-$LIBSSH2_VER && \
 \
 # REM configure --disable-rpath prevents rpaths in libssh2.la and libssh2.pc.
 #
 CFLAGS="-Wno-unused-result" \
 LDFLAGS="-Wl,--enable-new-dtags \
  -Wl,-rpath,$LIBSSH2_PREFIX/lib \
  -Wl,-rpath,$OPENSSL_PREFIX/lib \
  -Wl,-rpath,$ZLIB_PREFIX/lib \
  " \
 ./configure --disable-rpath \
  --prefix=$LIBSSH2_PREFIX \
  --with-crypto=openssl \
  --with-libssl-prefix=$OPENSSL_PREFIX \
  --with-libz-prefix=$ZLIB_PREFIX \
  && \
 make && \
 # (mar 2023) tests don't yet run on linux?
 # ignore due to docker problems
 # make check && \
 sudo make install && \
 cd .. && \
 show_runpath $LIBSSH2_PREFIX/lib/libssh2.so && \
 echo -e "\n\nSuccess: Installed libssh2 $LIBSSH2_VER in $LIBSSH2_PREFIX\n"

 ###############################################################################
 #
 # Download curl, verify, build, test, install. Takes 15 minutes.
 #

 sudo rm -rf "curl-$CURL_VER" && \
 mkdir -p -m 0700 "curl-$CURL_VER/.gnupg" && \
 curl --fail --location --proto-redir =https \
  -O https://curl.se/download/curl-$CURL_VER.tar.gz \
  -O https://curl.se/download/curl-$CURL_VER.tar.gz.asc && \
 # https://daniel.haxx.se/address.html
 # https://github.com/curl/curl/issues/735
 #
 gpg \
  --no-auto-key-locate \
  --no-default-keyring \
  --homedir "$PWD/curl-$CURL_VER/.gnupg" \
  --keyring "$PWD/curl-$CURL_VER/.gnupg/curl.gpg" \
  --keyserver hkp://keyserver.ubuntu.com \
  --keyserver-options no-auto-key-retrieve \
  --recv-keys \
    27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2 \
  && \
 gpg \
  --no-auto-key-locate \
  --no-default-keyring \
  --homedir "$PWD/curl-$CURL_VER/.gnupg" \
  --keyring "$PWD/curl-$CURL_VER/.gnupg/curl.gpg" \
  --keyserver hkp://keyserver.ubuntu.com \
  --keyserver-options no-auto-key-retrieve \
  --verify curl-$CURL_VER.tar.gz.asc \
  && \
 tar xvfz curl-$CURL_VER.tar.gz && \
 cd curl-$CURL_VER && \
 \
 # REM workaround patches for rpath ordering are not needed since
 # runpath is used instead (-Wl,--enable-new-dtags sets rpaths as runpaths).
 # https://github.com/curl/curl/issues/432#issuecomment-244818726
 #
 # REM don't use --enable-versioned-symbols, it breaks cmake's dependency.
 #
 LDFLAGS="-Wl,--enable-new-dtags \
  -Wl,-rpath,$CURL_PREFIX/lib \
  -Wl,-rpath,$OPENSSL_PREFIX/lib \
  -Wl,-rpath,$ZLIB_PREFIX/lib \
  -Wl,-rpath,$LIBPSL_PREFIX/lib \
  -Wl,-rpath,$LIBSSH2_PREFIX/lib \
  -Wl,-rpath,$NGHTTP2_PREFIX/lib \
  " \
 ./configure --prefix=$CURL_PREFIX \
  --with-libpsl=$LIBPSL_PREFIX \
  --with-libssh2=$LIBSSH2_PREFIX \
  --with-nghttp2=$NGHTTP2_PREFIX \
  --with-ssl=$OPENSSL_PREFIX \
  --with-zlib=$ZLIB_PREFIX \
  && \
 make && \
 make test-nonflaky TFLAGS=-n && \
 sudo make install && \
 sudo ldconfig && \
 cd .. && \
 show_runpath $CURL_PREFIX/lib/libcurl.so && \
 show_runpath $CURL_PREFIX/bin/curl && \
 echo -e "\n\n" && \
 $CURL_PREFIX/bin/curl --version && \
 echo -e "\n\nSuccess: Installed curl $CURL_VER in $CURL_PREFIX\n"

 #
 # curl won't install if any tests fail, like flaky tests (eg 1510).
 # Determine if failed tests are flaky then run from line 'sudo make install'
 #

 ###############################################################################
diff --git a/workaround_g++_5.patch b/workaround_g++_5.patch
 # This is a workaround patch for nghttp2 that is retrieved and used by old VM
 # snapshots. In recent snapshots the patch is no longer used.
 #
 # Old VM snapshots retrieve this patch directly from this file so do not delete
 # this file.
 #
 --- nghttp2-1.41.0/src/shrpx_api_downstream_connection.cc	2020-06-02 08:08:45.000000000 -0400
 +++ nghttp2/src/shrpx_api_downstream_connection.cc	2020-10-26 23:08:33.016344429 -0400
 @@ -41,7 +41,7 @@
 namespace {
 // List of API endpoints
 const std::array<APIEndpoint, 2> &apis() {
 -  static const auto apis = new std::array<APIEndpoint, 2>{
 +  static const auto apis = new std::array<APIEndpoint, 2>{{
       APIEndpoint{
           StringRef::from_lit("/api/v1beta1/backendconfig"),
           true,
 @@ -54,7 +54,7 @@
           (1 << API_METHOD_GET),
           &APIDownstreamConnection::handle_configrevision,
       },
 -  };
 +  }};
 
   return *apis;
 }
diff --git a/workaround_libtool_bug_24296.patch b/workaround_libtool_bug_24296.patch
 # This is one of two workaround patches for curl that was used by old VM
 # snapshots. In recent snapshots the patches are no longer used.
 #
 # Old VM snapshots retrieve this patch from a generated github diff of branch
 # jay:workaround_libtool_bug_24296 (eb14cc82 from 2017). This file is a backup
 # of the diff.
 #
 # https://github.com/curl/curl/issues/432#issuecomment-244818726
 # https://github.com/curl/curl/compare/master...jay:workaround_libtool_bug_24296.diff
 #
 diff --git a/configure.ac b/configure.ac
 index 083e18c950d89..c7fe88c68d77a 100644
 --- a/configure.ac
 +++ b/configure.ac
 @@ -206,6 +206,10 @@ XC_LIBTOOL
 # Automake conditionals based on libtool related checks
 #
 
 +AM_CONDITIONAL([CURL_LT_BUILD_SHARED],
 +  [test "x$xc_lt_build_shared" = 'xyes'])
 +AM_CONDITIONAL([CURL_LT_BUILD_STATIC],
 +  [test "x$xc_lt_build_static" = 'xyes'])
 AM_CONDITIONAL([CURL_LT_SHLIB_USE_VERSION_INFO],
   [test "x$xc_lt_shlib_use_version_info" = 'xyes'])
 AM_CONDITIONAL([CURL_LT_SHLIB_USE_NO_UNDEFINED],
 diff --git a/scripts/fix_rpath.pl b/scripts/fix_rpath.pl
 new file mode 100755
 index 0000000000000..a6799862f6be2
 --- /dev/null
 +++ b/scripts/fix_rpath.pl
 @@ -0,0 +1,73 @@
 +#!/usr/bin/env perl
 +
 +=begin comment
 +README
 +
 +This script fixes lt-curl so that the first rpath it checks for dependencies
 +will be lib/.libs. Without this fix libtool makes that the last rpath checked.
 +
 +This fix is only necessary if other rpaths were specified during the build.
 +
 +Bug: https://github.com/curl/curl/issues/432
 +
 +Copyright (C) 2016 Jay Satiro <[email protected]>
 +http://curl.haxx.se/docs/copyright.html
 +
 +https://gist.github.com/jay/d88d74b6807544387a6c
 +=end comment
 +=cut
 +
 +use 5.014; # needed for /r regex modifier
 +
 +use strict;
 +use warnings;
 +
 +use File::Spec;
 +
 +defined($ARGV[0]) || die "Usage: fix_rpath.pl <top_builddir>\n";
 +
 +my $abs_top_builddir = File::Spec->rel2abs($ARGV[0]);
 +-e $abs_top_builddir || die "Fatal: Builddir not found: $abs_top_builddir";
 +
 +my $rpath = "$abs_top_builddir/lib/.libs";
 +my $curl = "$abs_top_builddir/src/curl";
 +
 +# Make sure $curl is a libtool wrapper and not a static binary
 +`file "$curl"` =~ /shell script/ || die "Fatal: $curl is not a shell script";
 +
 +# Read in the curl script, modify its relink_command so our rpath comes first
 +open(my $fh, "+<", $curl) || die "Fatal: Can't open $curl: $!";
 +my @lines = map {
 +  if(/^[ \t]*relink_command=\"/) {
 +    my $gccopt = "-Wl,-rpath \\\"-Wl,$rpath\\\"";
 +    s/((?:\(|;) *gcc +)(?!\Q$gccopt\E)/$1$gccopt /gr
 +  }
 +  else {
 +    $_
 +  }
 +} <$fh>;
 +
 +# Write out the modified curl script
 +seek($fh, 0, 0) || die "Fatal: Seek failed: $!";
 +if(@lines) {
 +  print $fh $_ for @lines;
 +}
 +truncate($fh, tell($fh)) || die "Fatal: Failed to truncate $curl: $!";
 +close($fh);
 +
 +# Remove lt-curl
 +my $ltcurl = "$abs_top_builddir/src/.libs/lt-curl";
 +! -e $ltcurl || unlink($ltcurl) || die "Fatal: Removing $ltcurl: $!";
 +
 +# Build lt-curl (the relink command in src/curl rebuilds it since it's missing)
 +`"$curl" -V` || die "Fatal: The curl wrapper script failed";
 +
 +# Confirm lt-curl load path for libcurl.so is our rpath
 +my $soname = "libcurl.so.4";
 +my ($soinfo) = grep {/^\t\Q$soname\E => /} `ldd "$ltcurl"`;
 +defined $soinfo || die "Fatal: Unable to find $soname dependency in $ltcurl";
 +print $soinfo;
 +my $expected = "$rpath/$soname";
 +$soinfo =~ / \Q$expected\E( |$)/ || die "Fatal: $soname path != $expected";
 +
 +print "Success: lt-curl loads $soname from $rpath\n";
 diff --git a/src/Makefile.am b/src/Makefile.am
 index 878bbfef5c422..d3931d0d78de1 100644
 --- a/src/Makefile.am
 +++ b/src/Makefile.am
 @@ -134,5 +134,14 @@ checksrc:
 
 if CURLDEBUG
 # for debug builds, we scan the sources on all regular make invokes
 -all-local: checksrc
 +all-local:: checksrc
 +endif
 +
 +# This script fixes lt-curl so that the first rpath it checks for dependencies
 +# will be lib/.libs. See curl bug https://github.com/curl/curl/issues/432
 +workaround_libtool_bug_24296:
 +	@PERL@ "$(top_srcdir)/scripts/fix_rpath.pl" "$(abs_top_builddir)"
 +
 +if CURL_LT_BUILD_SHARED
 +all-local:: workaround_libtool_bug_24296
 endif
 diff --git a/tests/Makefile.am b/tests/Makefile.am
 index 585d0171d1975..3174e5c5f1e1c 100644
 --- a/tests/Makefile.am
 +++ b/tests/Makefile.am
 @@ -33,6 +33,8 @@ EXTRA_DIST = ftpserver.pl httpserver.pl secureserver.pl runtests.pl getpart.pm \
 
 DISTCLEANFILES = configurehelp.pm
 
 +LDFLAGS = -Wl,-rpath "-Wl,$(abs_top_builddir)/lib/.libs" @LDFLAGS@
 +
 # we have two variables here to make sure DIST_SUBDIRS won't get 'unit'
 # added twice as then targets such as 'distclean' misbehave and try to
 # do things twice in that subdir at times (and thus fails).
 diff --git a/tests/libtest/Makefile.am b/tests/libtest/Makefile.am
 index 826b3d4f5581a..e1fb9b135503f 100644
 --- a/tests/libtest/Makefile.am
 +++ b/tests/libtest/Makefile.am
 @@ -21,6 +21,8 @@
 ###########################################################################
 AUTOMAKE_OPTIONS = foreign nostdinc
 
 +LDFLAGS = -Wl,-rpath "-Wl,$(abs_top_builddir)/lib/.libs" @LDFLAGS@
 +
 # Specify our include paths here, and do it relative to $(top_srcdir) and
 # $(top_builddir), to ensure that these paths which belong to the library
 # being currently built and tested are searched before the library which
 diff --git a/tests/server/Makefile.am b/tests/server/Makefile.am
 index e274c01ab08d2..bac336677d4e4 100644
 --- a/tests/server/Makefile.am
 +++ b/tests/server/Makefile.am
 @@ -21,6 +21,8 @@
 ###########################################################################
 AUTOMAKE_OPTIONS = foreign nostdinc
 
 +LDFLAGS = -Wl,-rpath "-Wl,$(abs_top_builddir)/lib/.libs" @LDFLAGS@
 +
 # Specify our include paths here, and do it relative to $(top_srcdir) and
 # $(top_builddir), to ensure that these paths which belong to the library
 # being currently built and tested are searched before the library which
 diff --git a/tests/unit/Makefile.am b/tests/unit/Makefile.am
 index d4987d69d050d..f5d16c5faad2a 100644
 --- a/tests/unit/Makefile.am
 +++ b/tests/unit/Makefile.am
 @@ -21,6 +21,8 @@
 ###########################################################################
 AUTOMAKE_OPTIONS = foreign nostdinc
 
 +LDFLAGS = -Wl,-rpath "-Wl,$(abs_top_builddir)/lib/.libs" @LDFLAGS@
 +
 # Specify our include paths here, and do it relative to $(top_srcdir) and
 # $(top_builddir), to ensure that these paths which belong to the library
 # being currently built and tested are searched before the library which
diff --git a/workaround_when_buildconf_is_not_used.patch b/workaround_when_buildconf_is_not_used.patch
 # This is one of two workaround patches for curl that was used by old VM
 # snapshots. In recent snapshots the patches are no longer used.
 #
 # Old VM snapshots retrieve this patch directly from this file so do not delete
 # this file.
 #
 # https://github.com/curl/curl/issues/432#issuecomment-244818726
 #
 --- curl-7.50.1/src/Makefile.in	2016-07-21 05:16:37.000000000 -0400
 +++ curl/src/Makefile.in	2016-09-05 03:00:18.929760980 -0400
 @@ -1920,7 +1920,7 @@
 check-am: all-am
 check: $(BUILT_SOURCES)
 	$(MAKE) $(AM_MAKEFLAGS) check-am
 -@CURLDEBUG_FALSE@all-local:
 +@CURLDEBUG_FALSE@@USE_CPPFLAG_CURL_STATICLIB_TRUE@all-local:
 all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) all-local
 installdirs:
 	for dir in "$(DESTDIR)$(bindir)"; do \
 @@ -2084,7 +2084,14 @@
 	-W$(srcdir)/tool_hugehelp.c $(srcdir)/*.[ch]
 
 # for debug builds, we scan the sources on all regular make invokes
 -@CURLDEBUG_TRUE@all-local: checksrc
 +@CURLDEBUG_TRUE@all-local:: checksrc
 +
 +# This script fixes lt-curl so that the first rpath it checks for dependencies
 +# will be lib/.libs. See curl bug https://github.com/curl/curl/issues/432
 +workaround_libtool_bug_24296:
 +	@PERL@ "$(top_srcdir)/scripts/fix_rpath.pl" "$(abs_top_builddir)"
 +
 +@USE_CPPFLAG_CURL_STATICLIB_FALSE@all-local:: workaround_libtool_bug_24296
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
 --- curl-7.50.1/tests/libtest/Makefile.in	2016-07-21 05:16:37.000000000 -0400
 +++ curl/tests/libtest/Makefile.in	2016-09-05 17:48:58.704114175 -0400
 @@ -1488,7 +1488,7 @@
 # Preloading of libhostname allows host name overriding,
 # this is used to make some tests machine independent.
 @BUILD_LIBHOSTNAME_TRUE@noinst_LTLIBRARIES = libhostname.la
 -AM_LDFLAGS = 
 +AM_LDFLAGS = -Wl,-rpath "-Wl,$(abs_top_builddir)/lib/.libs"
 AM_CFLAGS = 
 libhostname_la_CPPFLAGS_EXTRA = $(am__append_4)
 libhostname_la_LDFLAGS_EXTRA = -module -avoid-version -rpath /nowhere \
	###############################################################################
	#
	# This is for when we have to update the installed version of curl, libpsl,
	# libssh2, nghttp2, openssl or zlib in Ubuntu 16 LTS. This is not a single
	# script.
	#
	# https://gist.github.com/jay/d88d74b6807544387a6c
	#

	###############################################################################
	#
	# Set environment variables to latest versions
	# Paths must not have spaces (OpenSSL build process can't handle them)
	#

	show_runpath() { echo -e "\n$1:"; objdump -x "$1" \| grep --color=never \
	RUNPATH; }

	show_needed() { echo -e "\n$1:"; readelf -d "$1" \| grep --color=never \
	"(NEEDED\\|RPATH\\|RUNPATH)"; }

	CURL_VER=8.13.0
	CURL_PREFIX=/usr/local

	LIBPSL_VER=0.21.5
	LIBPSL_PREFIX=/usr/local

	LIBSSH2_VER=1.11.1
	LIBSSH2_PREFIX=/usr/local

	NGHTTP2_VER=1.65.0
	NGHTTP2_PREFIX=/usr/local

	OPENSSL_VER=3.5.0
	OPENSSL_PREFIX=/usr/local/ssl
	OPENSSLDIR_PREFIX=/usr/local/ssl

	ZLIB_VER=1.3.1
	ZLIB_PREFIX=/usr/local

	###############################################################################
	#
	# To install self contained for test purposes, after setting the _VER vars do:
	#

	mkdir -p test && cd test
	CURL_PREFIX=$PWD
	LIBSSH2_PREFIX=$PWD
	NGHTTP2_PREFIX=$PWD
	OPENSSL_PREFIX=$PWD/ssl
	OPENSSLDIR_PREFIX=$PWD/ssl
	ZLIB_PREFIX=$PWD

	###############################################################################
	#
	# Download zlib, verify, build, test, install. Takes 10 seconds.
	#

	sudo rm -rf "zlib-$ZLIB_VER" && \
	mkdir -p -m 0700 "zlib-$ZLIB_VER/.gnupg" && \
	curl --fail --location --proto-redir =https \
	-O https://zlib.net/zlib-$ZLIB_VER.tar.gz \
	-O https://zlib.net/zlib-$ZLIB_VER.tar.gz.asc && \
	\
	# https://madler.net/madler/pgp.html
	#
	gpg \
	--no-auto-key-locate \
	--no-default-keyring \
	--homedir "$PWD/zlib-$ZLIB_VER/.gnupg" \
	--keyring "$PWD/zlib-$ZLIB_VER/.gnupg/zlib.gpg" \
	--keyserver hkp://keyserver.ubuntu.com \
	--keyserver-options no-auto-key-retrieve \
	--recv-keys \
	5ED46A6721D365587791E2AA783FCD8E58BCAFBA \
	&& \
	gpg \
	--no-auto-key-locate \
	--no-default-keyring \
	--homedir "$PWD/zlib-$ZLIB_VER/.gnupg" \
	--keyring "$PWD/zlib-$ZLIB_VER/.gnupg/zlib.gpg" \
	--keyserver hkp://keyserver.ubuntu.com \
	--keyserver-options no-auto-key-retrieve \
	--verify zlib-$ZLIB_VER.tar.gz.asc \
	&& \
	tar xvfz zlib-$ZLIB_VER.tar.gz && \
	cd zlib-$ZLIB_VER && \
	\
	LDFLAGS="-Wl,--enable-new-dtags \
	-Wl,-rpath,$ZLIB_PREFIX/lib \
	" \
	./configure --prefix=$ZLIB_PREFIX && \
	make && \
	make test && \
	sudo make install && \
	cd .. && \
	show_runpath $ZLIB_PREFIX/lib/libz.so && \
	echo -e "\n\nSuccess: Installed zlib $ZLIB_VER in $ZLIB_PREFIX\n"

	###############################################################################
	#
	# Download libpsl, verify, build, test, install. Takes 10 seconds.
	#

	sudo rm -rf "libpsl-$LIBPSL_VER" && \
	mkdir -p -m 0700 "libpsl-$LIBPSL_VER/.gnupg" && \
	curl --fail --location --proto-redir =https \
	-O https://github.com/rockdaboot/libpsl/releases/download/\
	$LIBPSL_VER/libpsl-$LIBPSL_VER.tar.gz \
	-O https://github.com/rockdaboot/libpsl/releases/download/\
	$LIBPSL_VER/libpsl-$LIBPSL_VER.tar.gz.sig && \
	\
	gpg \
	--no-auto-key-locate \
	--no-default-keyring \
	--homedir "$PWD/libpsl-$LIBPSL_VER/.gnupg" \
	--keyring "$PWD/libpsl-$LIBPSL_VER/.gnupg/libpsl.gpg" \
	--keyserver hkp://keyserver.ubuntu.com \
	--keyserver-options no-auto-key-retrieve \
	--recv-keys \
	1CB27DBC98614B2D5841646D08302DB6A2670428 \
	&& \
	gpg \
	--no-auto-key-locate \
	--no-default-keyring \
	--homedir "$PWD/libpsl-$LIBPSL_VER/.gnupg" \
	--keyring "$PWD/libpsl-$LIBPSL_VER/.gnupg/libpsl.gpg" \
	--keyserver hkp://keyserver.ubuntu.com \
	--keyserver-options no-auto-key-retrieve \
	--verify libpsl-$LIBPSL_VER.tar.gz.sig \
	&& \
	tar xvfz libpsl-$LIBPSL_VER.tar.gz && \
	cd libpsl-$LIBPSL_VER && \
	\
	LDFLAGS="-Wl,--enable-new-dtags \
	-Wl,-rpath,$LIBPSL_PREFIX/lib \
	" \
	./configure --prefix=$LIBPSL_PREFIX && \
	make && \
	sudo make install && \
	cd .. && \
	show_runpath $LIBPSL_PREFIX/lib/libpsl.so && \
	echo -e "\n\nSuccess: Installed libpsl $LIBPSL_VER in $LIBPSL_PREFIX\n"

	###############################################################################
	#
	# Download OpenSSL, verify, build, test, install. Takes 20 minutes.
	#

	sudo rm -rf "openssl-$OPENSSL_VER" && \
	mkdir -p -m 0700 "openssl-$OPENSSL_VER/.gnupg" && \
	curl --fail --location --proto-redir =https \
	-O https://www.openssl.org/source/openssl-$OPENSSL_VER.tar.gz \
	-O https://www.openssl.org/source/openssl-$OPENSSL_VER.tar.gz.asc && \
	\
	# https://openssl-library.org/source/
	#
	gpg \
	--no-auto-key-locate \
	--no-default-keyring \
	--homedir "$PWD/openssl-$OPENSSL_VER/.gnupg" \
	--keyring "$PWD/openssl-$OPENSSL_VER/.gnupg/openssl.gpg" \
	--keyserver hkp://keyserver.ubuntu.com \
	--keyserver-options no-auto-key-retrieve \
	--recv-keys \
	BA5473A2B0587B07FB27CF2D216094DFD0CB81EF \
	&& \
	gpg \
	--no-auto-key-locate \
	--no-default-keyring \
	--homedir "$PWD/openssl-$OPENSSL_VER/.gnupg" \
	--keyring "$PWD/openssl-$OPENSSL_VER/.gnupg/openssl.gpg" \
	--keyserver hkp://keyserver.ubuntu.com \
	--keyserver-options no-auto-key-retrieve \
	--verify openssl-$OPENSSL_VER.tar.gz.asc \
	&& \
	tar xvfz openssl-$OPENSSL_VER.tar.gz && \
	cd openssl-$OPENSSL_VER && \
	\
	LDFLAGS="-Wl,--enable-new-dtags \
	-Wl,-rpath,$OPENSSL_PREFIX/lib \
	-Wl,-rpath,$ZLIB_PREFIX/lib \
	" \
	./config shared no-zlib -Wl,--enable-new-dtags,-rpath,'$(LIBRPATH)' \
	--prefix=$OPENSSL_PREFIX --openssldir=$OPENSSLDIR_PREFIX --libdir=lib && \
	make && \
	make test && \
	sudo make install && \
	cd .. && \
	show_runpath $OPENSSL_PREFIX/lib/libcrypto.so && \
	show_runpath $OPENSSL_PREFIX/lib/libssl.so && \
	show_runpath $OPENSSL_PREFIX/bin/openssl && \
	echo -e "\n\n" && \
	$OPENSSL_PREFIX/bin/openssl version -a && \
	echo -e "\n\nSuccess: Installed OpenSSL $OPENSSL_VER in $OPENSSL_PREFIX\n"

	###############################################################################
	#
	# Download nghttp2, verify, build, test, install. Takes 1 minute.
	#

	sudo rm -rf "nghttp2-$NGHTTP2_VER" && \
	curl --fail --location --proto-redir =https \
	-O https://github.com/tatsuhiro-t/nghttp2/releases/download/\
	v$NGHTTP2_VER/nghttp2-$NGHTTP2_VER.tar.gz && \
	tar xvfz nghttp2-$NGHTTP2_VER.tar.gz && \
	cd nghttp2-$NGHTTP2_VER && \
	\
	OPENSSL_CFLAGS=`PKG_CONFIG_PATH=$OPENSSL_PREFIX/lib/pkgconfig/ \
	pkg-config openssl --cflags` \
	OPENSSL_LIBS=`PKG_CONFIG_PATH=$OPENSSL_PREFIX/lib/pkgconfig/ \
	pkg-config openssl --libs` \
	LDFLAGS="-Wl,--enable-new-dtags \
	-Wl,-rpath,$NGHTTP2_PREFIX/lib \
	-Wl,-rpath,$OPENSSL_PREFIX/lib \
	-Wl,-rpath,$ZLIB_PREFIX/lib \
	" \
	./configure --enable-lib-only \
	--prefix=$NGHTTP2_PREFIX && \
	make && \
	make check && \
	sudo make install && \
	cd .. && \
	show_runpath $NGHTTP2_PREFIX/lib/libnghttp2.so && \
	echo -e "\n\nSuccess: Installed nghttp2 $NGHTTP2_VER in $NGHTTP2_PREFIX\n"

	###############################################################################
	#
	# Download libssh2, verify, build, test, install. Takes 1 minute.
	#

	sudo rm -rf "libssh2-$LIBSSH2_VER" && \
	mkdir -p -m 0700 "libssh2-$LIBSSH2_VER/.gnupg" && \
	curl --fail --location --proto-redir =https \
	-O https://libssh2.org/download/libssh2-$LIBSSH2_VER.tar.gz \
	-O https://libssh2.org/download/libssh2-$LIBSSH2_VER.tar.gz.asc && \
	\
	# https://daniel.haxx.se/address.html
	# https://github.com/curl/curl/issues/735
	#
	gpg \
	--no-auto-key-locate \
	--no-default-keyring \
	--homedir "$PWD/libssh2-$LIBSSH2_VER/.gnupg" \
	--keyring "$PWD/libssh2-$LIBSSH2_VER/.gnupg/libssh2.gpg" \
	--keyserver hkp://keyserver.ubuntu.com \
	--keyserver-options no-auto-key-retrieve \
	--recv-keys \
	27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2 \
	&& \
	gpg \
	--no-auto-key-locate \
	--no-default-keyring \
	--homedir "$PWD/libssh2-$LIBSSH2_VER/.gnupg" \
	--keyring "$PWD/libssh2-$LIBSSH2_VER/.gnupg/libssh2.gpg" \
	--keyserver hkp://keyserver.ubuntu.com \
	--keyserver-options no-auto-key-retrieve \
	--verify libssh2-$LIBSSH2_VER.tar.gz.asc \
	&& \
	tar xvfz libssh2-$LIBSSH2_VER.tar.gz && \
	cd libssh2-$LIBSSH2_VER && \
	\
	# REM configure --disable-rpath prevents rpaths in libssh2.la and libssh2.pc.
	#
	CFLAGS="-Wno-unused-result" \
	LDFLAGS="-Wl,--enable-new-dtags \
	-Wl,-rpath,$LIBSSH2_PREFIX/lib \
	-Wl,-rpath,$OPENSSL_PREFIX/lib \
	-Wl,-rpath,$ZLIB_PREFIX/lib \
	" \
	./configure --disable-rpath \
	--prefix=$LIBSSH2_PREFIX \
	--with-crypto=openssl \
	--with-libssl-prefix=$OPENSSL_PREFIX \
	--with-libz-prefix=$ZLIB_PREFIX \
	&& \
	make && \
	# (mar 2023) tests don't yet run on linux?
	# ignore due to docker problems
	# make check && \
	sudo make install && \
	cd .. && \
	show_runpath $LIBSSH2_PREFIX/lib/libssh2.so && \
	echo -e "\n\nSuccess: Installed libssh2 $LIBSSH2_VER in $LIBSSH2_PREFIX\n"

	###############################################################################
	#
	# Download curl, verify, build, test, install. Takes 15 minutes.
	#

	sudo rm -rf "curl-$CURL_VER" && \
	mkdir -p -m 0700 "curl-$CURL_VER/.gnupg" && \
	curl --fail --location --proto-redir =https \
	-O https://curl.se/download/curl-$CURL_VER.tar.gz \
	-O https://curl.se/download/curl-$CURL_VER.tar.gz.asc && \
	# https://daniel.haxx.se/address.html
	# https://github.com/curl/curl/issues/735
	#
	gpg \
	--no-auto-key-locate \
	--no-default-keyring \
	--homedir "$PWD/curl-$CURL_VER/.gnupg" \
	--keyring "$PWD/curl-$CURL_VER/.gnupg/curl.gpg" \
	--keyserver hkp://keyserver.ubuntu.com \
	--keyserver-options no-auto-key-retrieve \
	--recv-keys \
	27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2 \
	&& \
	gpg \
	--no-auto-key-locate \
	--no-default-keyring \
	--homedir "$PWD/curl-$CURL_VER/.gnupg" \
	--keyring "$PWD/curl-$CURL_VER/.gnupg/curl.gpg" \
	--keyserver hkp://keyserver.ubuntu.com \
	--keyserver-options no-auto-key-retrieve \
	--verify curl-$CURL_VER.tar.gz.asc \
	&& \
	tar xvfz curl-$CURL_VER.tar.gz && \
	cd curl-$CURL_VER && \
	\
	# REM workaround patches for rpath ordering are not needed since
	# runpath is used instead (-Wl,--enable-new-dtags sets rpaths as runpaths).
	# https://github.com/curl/curl/issues/432#issuecomment-244818726
	#
	# REM don't use --enable-versioned-symbols, it breaks cmake's dependency.
	#
	LDFLAGS="-Wl,--enable-new-dtags \
	-Wl,-rpath,$CURL_PREFIX/lib \
	-Wl,-rpath,$OPENSSL_PREFIX/lib \
	-Wl,-rpath,$ZLIB_PREFIX/lib \
	-Wl,-rpath,$LIBPSL_PREFIX/lib \
	-Wl,-rpath,$LIBSSH2_PREFIX/lib \
	-Wl,-rpath,$NGHTTP2_PREFIX/lib \
	" \
	./configure --prefix=$CURL_PREFIX \
	--with-libpsl=$LIBPSL_PREFIX \
	--with-libssh2=$LIBSSH2_PREFIX \
	--with-nghttp2=$NGHTTP2_PREFIX \
	--with-ssl=$OPENSSL_PREFIX \
	--with-zlib=$ZLIB_PREFIX \
	&& \
	make && \
	make test-nonflaky TFLAGS=-n && \
	sudo make install && \
	sudo ldconfig && \
	cd .. && \
	show_runpath $CURL_PREFIX/lib/libcurl.so && \
	show_runpath $CURL_PREFIX/bin/curl && \
	echo -e "\n\n" && \
	$CURL_PREFIX/bin/curl --version && \
	echo -e "\n\nSuccess: Installed curl $CURL_VER in $CURL_PREFIX\n"

	#
	# curl won't install if any tests fail, like flaky tests (eg 1510).
	# Determine if failed tests are flaky then run from line 'sudo make install'
	#

	###############################################################################
	# This is a workaround patch for nghttp2 that is retrieved and used by old VM
	# snapshots. In recent snapshots the patch is no longer used.
	#
	# Old VM snapshots retrieve this patch directly from this file so do not delete
	# this file.
	#
	--- nghttp2-1.41.0/src/shrpx_api_downstream_connection.cc 2020-06-02 08:08:45.000000000 -0400
	+++ nghttp2/src/shrpx_api_downstream_connection.cc 2020-10-26 23:08:33.016344429 -0400
	@@ -41,7 +41,7 @@
	namespace {
	// List of API endpoints
	const std::array<APIEndpoint, 2> &apis() {
	- static const auto apis = new std::array<APIEndpoint, 2>{
	+ static const auto apis = new std::array<APIEndpoint, 2>{{
	APIEndpoint{
	StringRef::from_lit("/api/v1beta1/backendconfig"),
	true,
	@@ -54,7 +54,7 @@
	(1 << API_METHOD_GET),
	&APIDownstreamConnection::handle_configrevision,
	},
	- };
	+ }};

	return *apis;
	}
	# This is one of two workaround patches for curl that was used by old VM
	# snapshots. In recent snapshots the patches are no longer used.
	#
	# Old VM snapshots retrieve this patch from a generated github diff of branch
	# jay:workaround_libtool_bug_24296 (eb14cc82 from 2017). This file is a backup
	# of the diff.
	#
	# https://github.com/curl/curl/issues/432#issuecomment-244818726
	# https://github.com/curl/curl/compare/master...jay:workaround_libtool_bug_24296.diff
	#
	diff --git a/configure.ac b/configure.ac
	index 083e18c950d89..c7fe88c68d77a 100644
	--- a/configure.ac
	+++ b/configure.ac
	@@ -206,6 +206,10 @@ XC_LIBTOOL
	# Automake conditionals based on libtool related checks
	#

	+AM_CONDITIONAL([CURL_LT_BUILD_SHARED],
	+ [test "x$xc_lt_build_shared" = 'xyes'])
	+AM_CONDITIONAL([CURL_LT_BUILD_STATIC],
	+ [test "x$xc_lt_build_static" = 'xyes'])
	AM_CONDITIONAL([CURL_LT_SHLIB_USE_VERSION_INFO],
	[test "x$xc_lt_shlib_use_version_info" = 'xyes'])
	AM_CONDITIONAL([CURL_LT_SHLIB_USE_NO_UNDEFINED],
	diff --git a/scripts/fix_rpath.pl b/scripts/fix_rpath.pl
	new file mode 100755
	index 0000000000000..a6799862f6be2
	--- /dev/null
	+++ b/scripts/fix_rpath.pl
	@@ -0,0 +1,73 @@
	+#!/usr/bin/env perl
	+
	+=begin comment
	+README
	+
	+This script fixes lt-curl so that the first rpath it checks for dependencies
	+will be lib/.libs. Without this fix libtool makes that the last rpath checked.
	+
	+This fix is only necessary if other rpaths were specified during the build.
	+
	+Bug: https://github.com/curl/curl/issues/432
	+
	+Copyright (C) 2016 Jay Satiro <[email protected]>
	+http://curl.haxx.se/docs/copyright.html
	+
	+https://gist.github.com/jay/d88d74b6807544387a6c
	+=end comment
	+=cut
	+
	+use 5.014; # needed for /r regex modifier
	+
	+use strict;
	+use warnings;
	+
	+use File::Spec;
	+
	+defined($ARGV[0]) \|\| die "Usage: fix_rpath.pl <top_builddir>\n";
	+
	+my $abs_top_builddir = File::Spec->rel2abs($ARGV[0]);
	+-e $abs_top_builddir \|\| die "Fatal: Builddir not found: $abs_top_builddir";
	+
	+my $rpath = "$abs_top_builddir/lib/.libs";
	+my $curl = "$abs_top_builddir/src/curl";
	+
	+# Make sure $curl is a libtool wrapper and not a static binary
	+`file "$curl"` =~ /shell script/ \|\| die "Fatal: $curl is not a shell script";
	+
	+# Read in the curl script, modify its relink_command so our rpath comes first
	+open(my $fh, "+<", $curl) \|\| die "Fatal: Can't open $curl: $!";
	+my @lines = map {
	+ if(/^[ \t]*relink_command=\"/) {
	+ my $gccopt = "-Wl,-rpath \\\"-Wl,$rpath\\\"";
	+ s/((?:\(\|;) *gcc +)(?!\Q$gccopt\E)/$1$gccopt /gr
	+ }
	+ else {
	+ $_
	+ }
	+} <$fh>;
	+
	+# Write out the modified curl script
	+seek($fh, 0, 0) \|\| die "Fatal: Seek failed: $!";
	+if(@lines) {
	+ print $fh $_ for @lines;
	+}
	+truncate($fh, tell($fh)) \|\| die "Fatal: Failed to truncate $curl: $!";
	+close($fh);
	+
	+# Remove lt-curl
	+my $ltcurl = "$abs_top_builddir/src/.libs/lt-curl";
	+! -e $ltcurl \|\| unlink($ltcurl) \|\| die "Fatal: Removing $ltcurl: $!";
	+
	+# Build lt-curl (the relink command in src/curl rebuilds it since it's missing)
	+`"$curl" -V` \|\| die "Fatal: The curl wrapper script failed";
	+
	+# Confirm lt-curl load path for libcurl.so is our rpath
	+my $soname = "libcurl.so.4";
	+my ($soinfo) = grep {/^\t\Q$soname\E => /} `ldd "$ltcurl"`;
	+defined $soinfo \|\| die "Fatal: Unable to find $soname dependency in $ltcurl";
	+print $soinfo;
	+my $expected = "$rpath/$soname";
	+$soinfo =~ / \Q$expected\E( \|$)/ \|\| die "Fatal: $soname path != $expected";
	+
	+print "Success: lt-curl loads $soname from $rpath\n";
	diff --git a/src/Makefile.am b/src/Makefile.am
	index 878bbfef5c422..d3931d0d78de1 100644
	--- a/src/Makefile.am
	+++ b/src/Makefile.am
	@@ -134,5 +134,14 @@ checksrc:

	if CURLDEBUG
	# for debug builds, we scan the sources on all regular make invokes
	-all-local: checksrc
	+all-local:: checksrc
	+endif
	+
	+# This script fixes lt-curl so that the first rpath it checks for dependencies
	+# will be lib/.libs. See curl bug https://github.com/curl/curl/issues/432
	+workaround_libtool_bug_24296:
	+ @PERL@ "$(top_srcdir)/scripts/fix_rpath.pl" "$(abs_top_builddir)"
	+
	+if CURL_LT_BUILD_SHARED
	+all-local:: workaround_libtool_bug_24296
	endif
	diff --git a/tests/Makefile.am b/tests/Makefile.am
	index 585d0171d1975..3174e5c5f1e1c 100644
	--- a/tests/Makefile.am
	+++ b/tests/Makefile.am
	@@ -33,6 +33,8 @@ EXTRA_DIST = ftpserver.pl httpserver.pl secureserver.pl runtests.pl getpart.pm \

	DISTCLEANFILES = configurehelp.pm

	+LDFLAGS = -Wl,-rpath "-Wl,$(abs_top_builddir)/lib/.libs" @LDFLAGS@
	+
	# we have two variables here to make sure DIST_SUBDIRS won't get 'unit'
	# added twice as then targets such as 'distclean' misbehave and try to
	# do things twice in that subdir at times (and thus fails).
	diff --git a/tests/libtest/Makefile.am b/tests/libtest/Makefile.am
	index 826b3d4f5581a..e1fb9b135503f 100644
	--- a/tests/libtest/Makefile.am
	+++ b/tests/libtest/Makefile.am
	@@ -21,6 +21,8 @@
	###########################################################################
	AUTOMAKE_OPTIONS = foreign nostdinc

	+LDFLAGS = -Wl,-rpath "-Wl,$(abs_top_builddir)/lib/.libs" @LDFLAGS@
	+
	# Specify our include paths here, and do it relative to $(top_srcdir) and
	# $(top_builddir), to ensure that these paths which belong to the library
	# being currently built and tested are searched before the library which
	diff --git a/tests/server/Makefile.am b/tests/server/Makefile.am
	index e274c01ab08d2..bac336677d4e4 100644
	--- a/tests/server/Makefile.am
	+++ b/tests/server/Makefile.am
	@@ -21,6 +21,8 @@
	###########################################################################
	AUTOMAKE_OPTIONS = foreign nostdinc

	+LDFLAGS = -Wl,-rpath "-Wl,$(abs_top_builddir)/lib/.libs" @LDFLAGS@
	+
	# Specify our include paths here, and do it relative to $(top_srcdir) and
	# $(top_builddir), to ensure that these paths which belong to the library
	# being currently built and tested are searched before the library which
	diff --git a/tests/unit/Makefile.am b/tests/unit/Makefile.am
	index d4987d69d050d..f5d16c5faad2a 100644
	--- a/tests/unit/Makefile.am
	+++ b/tests/unit/Makefile.am
	@@ -21,6 +21,8 @@
	###########################################################################
	AUTOMAKE_OPTIONS = foreign nostdinc

	+LDFLAGS = -Wl,-rpath "-Wl,$(abs_top_builddir)/lib/.libs" @LDFLAGS@
	+
	# Specify our include paths here, and do it relative to $(top_srcdir) and
	# $(top_builddir), to ensure that these paths which belong to the library
	# being currently built and tested are searched before the library which