diff --git a/0001-tool_getparam-i-is-not-OK-if-J-is-used.patch b/0001-tool_getparam-i-is-not-OK-if-J-is-used.patch
deleted file mode 100644
index 112bebc583ebe9f96cf63aa54412ee7c0ffebeb3..0000000000000000000000000000000000000000
--- a/0001-tool_getparam-i-is-not-OK-if-J-is-used.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-From a923456e77edf732de8ad842ebe6e17d5d9e3a13 Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Sun, 31 May 2020 23:09:59 +0200
-Subject: [PATCH 1/2] tool_getparam: -i is not OK if -J is used
-
-Reported-by: sn on hackerone
-Bug: https://curl.haxx.se/docs/CVE-2020-8177.html
----
- src/tool_cb_hdr.c   | 22 ++++------------------
- src/tool_getparam.c |  5 +++++
- 2 files changed, 9 insertions(+), 18 deletions(-)
-
-diff --git a/src/tool_cb_hdr.c b/src/tool_cb_hdr.c
-index 3b10238..b80707f 100644
---- a/src/tool_cb_hdr.c
-+++ b/src/tool_cb_hdr.c
-@@ -186,25 +186,11 @@ size_t tool_header_cb(char *ptr, size_t size, size_t nmemb, void *userdata)
-       filename = parse_filename(p, len);
-       if(filename) {
-         if(outs->stream) {
--          int rc;
--          /* already opened and possibly written to */
--          if(outs->fopened)
--            fclose(outs->stream);
--          outs->stream = NULL;
--
--          /* rename the initial file name to the new file name */
--          rc = rename(outs->filename, filename);
--          if(rc != 0) {
--            warnf(per->config->global, "Failed to rename %s -> %s: %s\n",
--                  outs->filename, filename, strerror(errno));
--          }
--          if(outs->alloc_filename)
--            Curl_safefree(outs->filename);
--          if(rc != 0) {
--            free(filename);
--            return failure;
--          }
-+          /* indication of problem, get out! */
-+          free(filename);
-+          return failure;
-         }
-+
-         outs->is_cd_filename = TRUE;
-         outs->s_isreg = TRUE;
-         outs->fopened = FALSE;
-diff --git a/src/tool_getparam.c b/src/tool_getparam.c
-index 764caa2..c5c7429 100644
---- a/src/tool_getparam.c
-+++ b/src/tool_getparam.c
-@@ -1807,6 +1807,11 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
-       }
-       break;
-     case 'i':
-+      if(config->content_disposition) {
-+        warnf(global,
-+              "--include and --remote-header-name cannot be combined.\n");
-+        return PARAM_BAD_USE;
-+      }
-       config->show_headers = toggle; /* show the headers as well in the
-                                         general output stream */
-       break;
--- 
-1.8.3.1
-
diff --git a/0002-url-make-the-updated-credentials-URL-encoded-in-the-.patch b/0002-url-make-the-updated-credentials-URL-encoded-in-the-.patch
deleted file mode 100644
index b3162d97f7805413f5670dd4184727e400910e87..0000000000000000000000000000000000000000
--- a/0002-url-make-the-updated-credentials-URL-encoded-in-the-.patch
+++ /dev/null
@@ -1,137 +0,0 @@
-From 0f3072ed6f40daa9d059b6c553979d42b6b566e2 Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Thu, 14 May 2020 14:37:12 +0200
-Subject: [PATCH 2/2] url: make the updated credentials URL-encoded in the URL
-
-Found-by: Gregory Jefferis
-Reported-by: Jeroen Ooms
-Added test 1168 to verify. Bug spotted when doing a redirect.
-Bug: https://github.com/jeroen/curl/issues/224
-Closes #5400
----
- lib/url.c               |  6 ++--
- tests/data/Makefile.inc |  1 +
- tests/data/test1168     | 78 +++++++++++++++++++++++++++++++++++++++++++++++++
- 3 files changed, 83 insertions(+), 2 deletions(-)
- create mode 100644 tests/data/test1168
-
-diff --git a/lib/url.c b/lib/url.c
-index 47fc66a..a826f8a 100644
---- a/lib/url.c
-+++ b/lib/url.c
-@@ -2776,12 +2776,14 @@ static CURLcode override_login(struct Curl_easy *data,
- 
-   /* for updated strings, we update them in the URL */
-   if(user_changed) {
--    uc = curl_url_set(data->state.uh, CURLUPART_USER, *userp, 0);
-+    uc = curl_url_set(data->state.uh, CURLUPART_USER, *userp,
-+                      CURLU_URLENCODE);
-     if(uc)
-       return Curl_uc_to_curlcode(uc);
-   }
-   if(passwd_changed) {
--    uc = curl_url_set(data->state.uh, CURLUPART_PASSWORD, *passwdp, 0);
-+    uc = curl_url_set(data->state.uh, CURLUPART_PASSWORD, *passwdp,
-+                      CURLU_URLENCODE);
-     if(uc)
-       return Curl_uc_to_curlcode(uc);
-   }
-diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
-index 3d8565c..f9535a6 100644
---- a/tests/data/Makefile.inc
-+++ b/tests/data/Makefile.inc
-@@ -133,6 +133,7 @@ test1136 test1137 test1138 test1139 test1140 test1141 test1142 test1143 \
- test1144 test1145 test1146 test1147 test1148 test1149 test1150 test1151 \
- test1152 test1153 test1154 test1155 test1156 test1157 test1158 test1159 \
- test1160 test1161 test1162 test1163 test1164 test1165 test1166 test1167 \
-+test1168 \
- \
- test1170 test1171 test1172 test1173 test1174 test1175 test1176 \
- \
-diff --git a/tests/data/test1168 b/tests/data/test1168
-new file mode 100644
-index 0000000..eb121ba
---- /dev/null
-+++ b/tests/data/test1168
-@@ -0,0 +1,78 @@
-+<testcase>
-+<info>
-+<keywords>
-+HTTP
-+HTTP GET
-+followlocation
-+</keywords>
-+</info>
-+# Server-side
-+<reply>
-+<data>
-+HTTP/1.1 301 This is a weirdo text message swsclose
-+Date: Thu, 09 Nov 2010 14:49:00 GMT
-+Server: test-server/fake
-+Location: /data/11680002.txt
-+Connection: close
-+
-+This server reply is for testing a simple Location: following
-+
-+</data>
-+<data2>
-+HTTP/1.1 200 Followed here fine swsclose
-+Date: Thu, 09 Nov 2010 14:49:00 GMT
-+Server: test-server/fake
-+Content-Length: 52
-+
-+If this is received, the location following worked
-+
-+</data2>
-+<datacheck>
-+HTTP/1.1 301 This is a weirdo text message swsclose
-+Date: Thu, 09 Nov 2010 14:49:00 GMT
-+Server: test-server/fake
-+Location: /data/11680002.txt
-+Connection: close
-+
-+HTTP/1.1 200 Followed here fine swsclose
-+Date: Thu, 09 Nov 2010 14:49:00 GMT
-+Server: test-server/fake
-+Content-Length: 52
-+
-+If this is received, the location following worked
-+
-+</datacheck>
-+</reply>
-+
-+# Client-side
-+<client>
-+<server>
-+http
-+</server>
-+ <name>
-+HTTP redirect with credentials using # in user and password
-+ </name>
-+ <command>
-+http://%HOSTIP:%HTTPPORT/want/1168 -L -u "catmai#d:#DZaRJYrixKE*gFY"
-+</command>
-+</client>
-+
-+# Verify data after the test has been "shot"
-+<verify>
-+<strip>
-+^User-Agent:.*
-+</strip>
-+<protocol>
-+GET /want/1168 HTTP/1.1
-+Host: %HOSTIP:%HTTPPORT
-+Authorization: Basic Y2F0bWFpI2Q6I0RaYVJKWXJpeEtFKmdGWQ==
-+Accept: */*
-+
-+GET /data/11680002.txt HTTP/1.1
-+Host: %HOSTIP:%HTTPPORT
-+Authorization: Basic Y2F0bWFpI2Q6I0RaYVJKWXJpeEtFKmdGWQ==
-+Accept: */*
-+
-+</protocol>
-+</verify>
-+</testcase>
--- 
-1.8.3.1
-
diff --git a/0101-curl-7.32.0-multilib.patch b/0101-curl-7.32.0-multilib.patch
index 613106dab3313d021dfea2b9cf6bcc989f9e0f3b..b07dca0f69ed51ed4382c579bd84e6499831cca8 100644
--- a/0101-curl-7.32.0-multilib.patch
+++ b/0101-curl-7.32.0-multilib.patch
@@ -31,7 +31,7 @@ index 150004d..95d0759 100644
 -        else
 -           CURLLIBDIR=""
 -        fi
--        if test "X@REQUIRE_LIB_DEPS@" = "Xyes"; then
+-        if test "X@ENABLE_SHARED@" = "Xno" -o "X@REQUIRE_LIB_DEPS@" = "Xyes"; then
 -          echo ${CURLLIBDIR}-lcurl @LIBCURL_LIBS@
 -        else
 -          echo ${CURLLIBDIR}-lcurl
diff --git a/0103-curl-7.59.0-python3.patch b/0103-curl-7.59.0-python3.patch
deleted file mode 100644
index 65a5634e2d5a984f657c3ed213ba37c58c19ca55..0000000000000000000000000000000000000000
--- a/0103-curl-7.59.0-python3.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 3c4c7340e455b7256c0786759422f34ec3e2d440 Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Thu, 15 Mar 2018 14:49:56 +0100
-Subject: [PATCH] tests/{negtelnet,smb}server.py: migrate to Python 3
-
-Unfortunately, smbserver.py does not work with Python 3 because
-there is no 'impacket' module available for Python 3:
-
-https://github.com/CoreSecurity/impacket/issues/61
----
- tests/negtelnetserver.py | 4 ++--
- 1 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/tests/negtelnetserver.py b/tests/negtelnetserver.py
-index 8cfd409..72ee771 100755
---- a/tests/negtelnetserver.py
-+++ b/tests/negtelnetserver.py
-@@ -73,11 +73,11 @@ class NegotiatingTelnetHandler(socketserver.BaseRequestHandler):
-                 response_data = response.encode('ascii')
-             else:
-                 log.debug("Received normal request - echoing back")
--                response_data = data.strip()
-+                response_data = data.decode('utf8').strip()
- 
-             if response_data:
-                 log.debug("Sending %r", response_data)
--                self.request.sendall(response_data)
-+                self.request.sendall(response_data.encode('utf8'))
- 
-         except IOError:
-             log.exception("IOError hit during request")
-
---
-2.14.3
-
diff --git a/0105-curl-7.63.0-lib1560-valgrind.patch b/0105-curl-7.63.0-lib1560-valgrind.patch
index f3fe75a49a48eb5c4f78ff59a015e7d02265def8..efdfd35df087e62349f8abf802f001978ce3e2bd 100644
--- a/0105-curl-7.63.0-lib1560-valgrind.patch
+++ b/0105-curl-7.63.0-lib1560-valgrind.patch
@@ -2,16 +2,16 @@ From f55cca0e86f59ec11ffafd5c0503c39ca3723e2e Mon Sep 17 00:00:00 2001
 From: Kamil Dudka <kdudka@redhat.com>
 Date: Mon, 4 Feb 2019 17:32:56 +0100
 Subject: [PATCH] libtest: compile lib1560.c with -fno-builtin-strcmp
- 
+
 ... to prevent valgrind from reporting false positives on x86_64:
- 
+
 Conditional jump or move depends on uninitialised value(s)
    at 0x10BCAA: part2id (lib1560.c:489)
    by 0x10BCAA: updateurl (lib1560.c:521)
    by 0x10BCAA: set_parts (lib1560.c:630)
    by 0x10BCAA: test (lib1560.c:802)
    by 0x4923412: (below main) (in /usr/lib64/libc-2.28.9000.so)
- 
+
 Conditional jump or move depends on uninitialised value(s)
    at 0x10BCC3: part2id (lib1560.c:491)
    by 0x10BCC3: updateurl (lib1560.c:521)
@@ -21,12 +21,12 @@ Conditional jump or move depends on uninitialised value(s)
 ---
  tests/libtest/Makefile.inc | 1 +
  1 file changed, 1 insertion(+)
- 
+
 diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc
 index 080421b..ea3b806 100644
 --- a/tests/libtest/Makefile.inc
 +++ b/tests/libtest/Makefile.inc
-@@ -562,6 +562,7 @@ lib1559_SOURCES = lib1559.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
+@@ -531,6 +531,7 @@ lib1559_SOURCES = lib1559.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
  lib1559_LDADD = $(TESTUTIL_LIBS)
  
  lib1560_SOURCES = lib1560.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
@@ -36,3 +36,4 @@ index 080421b..ea3b806 100644
  lib1564_SOURCES = lib1564.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 -- 
 2.17.2
+
diff --git a/0106-curl-fix-CVE-2019-15601.patch b/0106-curl-fix-CVE-2019-15601.patch
new file mode 100644
index 0000000000000000000000000000000000000000..2ca2ab9d255ed83f34d9ac6855f039f5337da234
--- /dev/null
+++ b/0106-curl-fix-CVE-2019-15601.patch
@@ -0,0 +1,45 @@
+From 1b71bc532bde8621fd3260843f8197182a467ff2 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 7 Nov 2019 10:13:01 +0100
+Subject: [PATCH] file: on Windows, refuse paths that start with \\
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+... as that might cause an unexpected SMB connection to a given host
+name.
+
+Reported-by: Fernando Muñoz
+CVE-2019-15601
+Bug: https://curl.haxx.se/docs/CVE-2019-15601.html
+---
+ lib/file.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/lib/file.c b/lib/file.c
+index d349cd9..166931d 100644
+--- a/lib/file.c
++++ b/lib/file.c
+@@ -136,7 +136,7 @@ static CURLcode file_connect(struct connectdata *conn, bool *done)
+   struct Curl_easy *data = conn->data;
+   char *real_path;
+   struct FILEPROTO *file = data->req.protop;
+-  int fd;
++  int fd = -1;
+ #ifdef DOS_FILESYSTEM
+   size_t i;
+   char *actual_path;
+@@ -181,7 +181,9 @@ static CURLcode file_connect(struct connectdata *conn, bool *done)
+       return CURLE_URL_MALFORMAT;
+     }
+ 
+-  fd = open_readonly(actual_path, O_RDONLY|O_BINARY);
++  if(strncmp("\\\\", actual_path, 2))
++    /* refuse to open path that starts with two backslashes */
++    fd = open_readonly(actual_path, O_RDONLY|O_BINARY);
+   file->path = actual_path;
+ #else
+   if(memchr(real_path, 0, real_path_len)) {
+-- 
+1.8.3.1
+
diff --git a/curl-7.69.1.tar.gz b/curl-7.69.1.tar.gz
deleted file mode 100644
index b0da6908f690127543188dbbbd36b9d41b69ba6a..0000000000000000000000000000000000000000
Binary files a/curl-7.69.1.tar.gz and /dev/null differ
diff --git a/curl-7.71.1.tar.xz b/curl-7.71.1.tar.xz
new file mode 100644
index 0000000000000000000000000000000000000000..ceeca1883a5ccd03a8ed2a34595cf128ccaddf04
Binary files /dev/null and b/curl-7.71.1.tar.xz differ
diff --git a/curl.spec b/curl.spec
index ad405155851dc23824f323acff482f138852d61a..ddde69f2ec433abbe22fafaf928c982b636615d7 100644
--- a/curl.spec
+++ b/curl.spec
@@ -5,20 +5,18 @@
 %global _configure ../configure
 
 Name:           curl
-Version:        7.69.1
-Release:        2
+Version:        7.71.1
+Release:        1
 Summary:        Curl is used in command lines or scripts to transfer data
 License:        MIT
 URL:            https://curl.haxx.se/
-Source:         https://curl.haxx.se/download/curl-%{version}.tar.gz
+Source:         https://curl.haxx.se/download/curl-%{version}.tar.xz
 
-Patch6000:      0101-curl-7.32.0-multilib.patch
-Patch6001:      0102-curl-7.36.0-debug.patch
-Patch6002:      0103-curl-7.59.0-python3.patch
-Patch6003:      0104-curl-7.19.7-localhost6.patch
-Patch6004:      0105-curl-7.63.0-lib1560-valgrind.patch
-Patch6005:      0001-tool_getparam-i-is-not-OK-if-J-is-used.patch 
-Patch6006:      0002-url-make-the-updated-credentials-URL-encoded-in-the-.patch 
+Patch101:       0101-curl-7.32.0-multilib.patch
+Patch102:       0102-curl-7.36.0-debug.patch
+Patch104:       0104-curl-7.19.7-localhost6.patch
+Patch105:       0105-curl-7.63.0-lib1560-valgrind.patch
+Patch106:       0106-curl-fix-CVE-2019-15601.patch
 
 BuildRequires:  automake brotli-devel coreutils gcc groff krb5-devel
 BuildRequires:  libidn2-devel libmetalink-devel libnghttp2-devel libpsl-devel
@@ -33,15 +31,14 @@ BuildRequires:  perl(Time::Local) perl(Time::HiRes) perl(vars)
 BuildRequires:  valgrind
 %endif
 
-Requires:	libcurl == %{version}-%{release}
-Provides:       curl-full = %{version}-%{release} webclient = %{version}-%{release}
-Obsoletes:	curl-full < %{version}-%{release} webclient < %{version}-%{release}
+Requires:       libcurl = %{version}-%{release}
+Provides:	curl-full = %{version}-%{release} webclient
 
 %description
 cURL is a computer software project providing a library (libcurl) and
 command-line tool (curl) for transferring data using various protocols.
 
-%package	-n libcurl
+%package -n 	libcurl
 Summary:	A library for getting files from web servers
 Requires:	libssh >= %{libssh_version} libpsl >= %{libpsl_version}
 Requires:       openssl-libs >= 1:%{openssl_version}
@@ -83,6 +80,8 @@ export common_configure_opts="--cache-file=../config.cache \
     --with-gssapi  --with-nghttp2  --with-ssl \
     --with-ca-bundle=%{_sysconfdir}/pki/tls/certs/ca-bundle.crt"
 
+%global _configure ../configure
+
 # configure full build
 (
     cd build-full
@@ -121,7 +120,7 @@ LD_LIBRARY_PATH="$RPM_BUILD_ROOT%{_libdir}:$LD_LIBRARY_PATH" %make_install -C sc
 rm -rf ${RPM_BUILD_ROOT}%{_datadir}/fish
 
 rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.a
-rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
+rm -rf ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 
 %ldconfig_scriptlets
 
@@ -141,7 +140,7 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 %files -n libcurl-devel
 %defattr(-,root,root)
 %doc docs/examples/*.c docs/examples/Makefile.example docs/INTERNALS.md
-%doc docs/CONTRIBUTE.md docs/libcurl/ABI
+%doc docs/CONTRIBUTE.md docs/libcurl/ABI.md
 %{_bindir}/curl-config*
 %{_includedir}/curl
 %{_libdir}/*.so
@@ -158,6 +157,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 %{_mandir}/man3/*
 
 %changelog
+* Fri Aug 28 2020 xiaoweiwei <xiaoweiwei5@huawei.com> - 7.71.1-1
+- Upgrade to 7.71.1
+
 * Tue Aug 4 2020 hanzhijun <hanzhijun12@huawei.com> - 7.69.1-2
 - Type:cves
 - ID:NA
@@ -193,3 +195,4 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 
 * Wed Sep 18 2019 guanyanjie <guanyanjie@huawei.com> - 7.61.1-3
 - Init for openEuler
+