summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRemi Collet <fedora@famillecollet.com>2011-08-16 14:54:44 +0200
committerRemi Collet <fedora@famillecollet.com>2011-08-16 14:54:44 +0200
commit68c18b79288431ab4e477cc3f59ef4ccfe3e7355 (patch)
treee8ec04eaa888f78e1772bf959ee76461e3252d69
import curl-7.15.5-9.el5_6.3 from EL-5
-rw-r--r--curl-7.14.1-nousr.patch33
-rw-r--r--curl-7.15.0-curl_config-version.patch12
-rw-r--r--curl-7.15.3-multilib.patch20
-rw-r--r--curl-7.15.5-CVE-2009-0037.patch214
-rw-r--r--curl-7.15.5-CVE-2009-2417.patch80
-rw-r--r--curl-7.15.5-CVE-2011-2192.patch30
-rw-r--r--curl-7.15.5-bz473128.patch12
-rw-r--r--curl-7.15.5-bz479967.patch12
-rw-r--r--curl-7.15.5-bz517084.patch12
-rw-r--r--curl-7.15.5-bz517199.patch38
-rw-r--r--curl-7.15.5-bz532069.patch159
-rw-r--r--curl-7.15.5-bz563220.patch13
-rw-r--r--curl-7.15.5-bz655073.patch71
-rw-r--r--curl.spec430
14 files changed, 1136 insertions, 0 deletions
diff --git a/curl-7.14.1-nousr.patch b/curl-7.14.1-nousr.patch
new file mode 100644
index 0000000..bc3b4f1
--- /dev/null
+++ b/curl-7.14.1-nousr.patch
@@ -0,0 +1,33 @@
+--- curl-7.14.1/configure.ac.orig 2005-09-01 22:29:20.000000000 +0200
++++ curl-7.14.1/configure.ac 2005-10-13 09:55:19.395539032 +0200
+@@ -813,7 +813,7 @@
+ PKGTEST="no"
+ PREFIX_OPENSSL=$OPT_SSL
+ LIB_OPENSSL="$PREFIX_OPENSSL/lib$libsuff"
+- LDFLAGS="$LDFLAGS -L$LIB_OPENSSL"
++ #LDFLAGS="$LDFLAGS -L$LIB_OPENSSL"
+ CPPFLAGS="$CPPFLAGS -I$PREFIX_OPENSSL/include/openssl -I$PREFIX_OPENSSL/include"
+ ;;
+ esac
+@@ -867,7 +867,7 @@
+ HAVECRYPTO="yes"
+ LIBS="-lcrypto $LIBS"
+ ],[
+- LDFLAGS="$CLEANLDFLAGS -L$LIB_OPENSSL"
++ LDFLAGS="$CLEANLDFLAGS"
+ CPPFLAGS="$CLEANCPPFLAGS -I$PREFIX_OPENSSL/include/openssl -I$PREFIX_OPENSSL/include"
+ AC_CHECK_LIB(crypto, CRYPTO_add_lock,[
+ HAVECRYPTO="yes"
+--- curl-7.14.1/lib/Makefile.am.orig 2005-03-31 09:02:03.000000000 +0200
++++ curl-7.14.1/lib/Makefile.am 2005-10-13 09:51:55.244574696 +0200
+@@ -107,8 +107,8 @@
+
+ install-data-hook:
+ @if test -n "@CURL_CA_BUNDLE@"; then \
+- $(mkinstalldirs) `dirname $(DESTDIR)@CURL_CA_BUNDLE@`; \
+- @INSTALL_DATA@ $(srcdir)/ca-bundle.crt $(DESTDIR)@CURL_CA_BUNDLE@; \
++ $(mkinstalldirs) `dirname $(prefix)/../@CURL_CA_BUNDLE@`; \
++ @INSTALL_DATA@ $(srcdir)/ca-bundle.crt $(prefix)/../@CURL_CA_BUNDLE@; \
+ fi
+
+ # this hook is mainly for non-unix systems to build even if configure
diff --git a/curl-7.15.0-curl_config-version.patch b/curl-7.15.0-curl_config-version.patch
new file mode 100644
index 0000000..c1a4fb3
--- /dev/null
+++ b/curl-7.15.0-curl_config-version.patch
@@ -0,0 +1,12 @@
+--- curl-7.15.0/configure.ac.ver 2005-11-30 13:33:54.360624896 +0100
++++ curl-7.15.0/configure.ac 2005-11-30 13:34:14.009637792 +0100
+@@ -43,7 +43,8 @@
+
+ dnl
+ dnl we extract the numerical version for curl-config only
+-VERSIONNUM=`$SED -ne 's/^#define LIBCURL_VERSION_NUM 0x\(.*\)/\1/p' ${srcdir}/include/curl/curlver.h`
++VERSIONNUM=`$SED -rne 's/^#define LIBCURL_VERSION_(MAJOR|MINOR|PATCH) ([^ ]*)$/\2/p' ${srcdir}/include/curl/curlver.h | xargs -n1 printf %02x; echo`
++
+ AC_SUBST(VERSIONNUM)
+
+ dnl Solaris pkgadd support definitions
diff --git a/curl-7.15.3-multilib.patch b/curl-7.15.3-multilib.patch
new file mode 100644
index 0000000..8650913
--- /dev/null
+++ b/curl-7.15.3-multilib.patch
@@ -0,0 +1,20 @@
+--- curl-7.15.1/curl-config.in.pom 2005-09-04 20:15:24.000000000 +0200
++++ curl-7.15.1/curl-config.in 2006-03-20 14:12:04.485640816 +0100
+@@ -50,7 +50,7 @@
+ ;;
+
+ --cc)
+- echo "@CC@"
++ echo "gcc"
+ ;;
+
+ --prefix)
+@@ -143,7 +143,7 @@
+ ;;
+
+ --libs)
+- echo -L@libdir@ -lcurl @LDFLAGS@ @LIBS@
++ pkg-config libcurl --libs
+ ;;
+
+ *)
diff --git a/curl-7.15.5-CVE-2009-0037.patch b/curl-7.15.5-CVE-2009-0037.patch
new file mode 100644
index 0000000..d23cb86
--- /dev/null
+++ b/curl-7.15.5-CVE-2009-0037.patch
@@ -0,0 +1,214 @@
+diff -pruN curl-7.15.5.orig/docs/libcurl/curl_easy_setopt.3 curl-7.15.5/docs/libcurl/curl_easy_setopt.3
+--- curl-7.15.5.orig/docs/libcurl/curl_easy_setopt.3 2006-08-02 11:33:32.000000000 +0200
++++ curl-7.15.5/docs/libcurl/curl_easy_setopt.3 2009-03-13 15:04:52.000000000 +0100
+@@ -346,6 +346,26 @@ The string given to CURLOPT_URL must be
+
+ \fICURLOPT_URL\fP is the only option that \fBmust\fP be set before
+ \fIcurl_easy_perform(3)\fP is called.
++
++\fICURLOPT_PROTOCOLS\fP can be used to limit what protocols libcurl will use
++for this transfer, independent of what libcurl has been compiled to
++support. That may be useful if you accept the URL from an external source and
++want to limit the accessibility.
++.IP CURLOPT_PROTOCOLS
++Pass a long that holds a bitmask of CURLPROTO_* defines. If used, this bitmask
++limits what protocols libcurl may use in the transfer. This allows you to have
++a libcurl built to support a wide range of protocols but still limit specific
++transfers to only be allowed to use a subset of them. By default libcurl will
++accept all protocols it supports. See also
++\fICURLOPT_REDIR_PROTOCOLS\fP. (Added in 7.19.4)
++.IP CURLOPT_REDIR_PROTOCOLS
++Pass a long that holds a bitmask of CURLPROTO_* defines. If used, this bitmask
++limits what protocols libcurl may use in a transfer that it follows to in a
++redirect when \fICURLOPT_FOLLOWLOCATION\fP is enabled. This allows you to
++limit specific transfers to only be allowed to use a subset of protocols in
++redirections. By default libcurl will allow all protocols except for FILE and
++SCP. This is a difference compared to pre-7.19.4 versions which
++unconditionally would follow to all protocols supported. (Added in 7.19.4)
+ .IP CURLOPT_PROXY
+ Set HTTP proxy to use. The parameter should be a char * to a zero terminated
+ string holding the host name or dotted IP address. To specify port number in
+@@ -574,6 +594,10 @@ This means that the library will re-send
+ and follow new Location: headers all the way until no more such headers are
+ returned. \fICURLOPT_MAXREDIRS\fP can be used to limit the number of redirects
+ libcurl will follow.
++
++NOTE: since 7.19.4, libcurl can limit to what protocols it will automatically
++follow. The accepted protocols are set with \fICURLOPT_REDIR_PROTOCOLS\fP and
++it excludes the FILE protocol by default.
+ .IP CURLOPT_UNRESTRICTED_AUTH
+ A non-zero parameter tells the library it can continue to send authentication
+ (user+password) when following locations, even when hostname changed. This
+diff -pruN curl-7.15.5.orig/include/curl/curl.h curl-7.15.5/include/curl/curl.h
+--- curl-7.15.5.orig/include/curl/curl.h 2006-08-06 22:45:34.000000000 +0200
++++ curl-7.15.5/include/curl/curl.h 2009-03-13 15:04:52.000000000 +0100
+@@ -414,6 +414,19 @@ typedef enum {
+ CURLFTPMETHOD_LAST /* not an option, never use */
+ } curl_ftpmethod;
+
++/* CURLPROTO_ defines are for the CURLOPT_*PROTOCOLS options */
++#define CURLPROTO_HTTP (1<<0)
++#define CURLPROTO_HTTPS (1<<1)
++#define CURLPROTO_FTP (1<<2)
++#define CURLPROTO_FTPS (1<<3)
++#define CURLPROTO_TELNET (1<<6)
++#define CURLPROTO_LDAP (1<<7)
++#define CURLPROTO_LDAPS (1<<8)
++#define CURLPROTO_DICT (1<<9)
++#define CURLPROTO_FILE (1<<10)
++#define CURLPROTO_TFTP (1<<11)
++#define CURLPROTO_ALL (~0) /* enable everything */
++
+ /* long may be 32 or 64 bits, but we should never depend on anything else
+ but 32 */
+ #define CURLOPTTYPE_LONG 0
+@@ -982,6 +995,18 @@ typedef enum {
+ /* Pointer to command string to send if USER/PASS fails. */
+ CINIT(FTP_ALTERNATIVE_TO_USER, OBJECTPOINT, 147),
+
++ /* set the bitmask for the protocols that are allowed to be used for the
++ transfer, which thus helps the app which takes URLs from users or other
++ external inputs and want to restrict what protocol(s) to deal
++ with. Defaults to CURLPROTO_ALL. */
++ CINIT(PROTOCOLS, LONG, 181),
++
++ /* set the bitmask for the protocols that libcurl is allowed to follow to,
++ as a subset of the CURLOPT_PROTOCOLS ones. That means the protocol needs
++ to be set in both bitmasks to be allowed to get redirected to. Defaults
++ to CURLPROTO_ALL & ~CURLPROTO_FILE. */
++ CINIT(REDIR_PROTOCOLS, LONG, 182),
++
+ CURLOPT_LASTENTRY /* the last unused */
+ } CURLoption;
+
+diff -pruN curl-7.15.5.orig/lib/url.c curl-7.15.5/lib/url.c
+--- curl-7.15.5.orig/lib/url.c 2006-08-02 20:08:06.000000000 +0200
++++ curl-7.15.5/lib/url.c 2009-03-13 15:04:52.000000000 +0100
+@@ -367,6 +367,13 @@ CURLcode Curl_open(struct SessionHandle
+ data->set.httpauth = CURLAUTH_BASIC; /* defaults to basic */
+ data->set.proxyauth = CURLAUTH_BASIC; /* defaults to basic */
+
++ /* for the *protocols fields we don't use the CURLPROTO_ALL convenience
++ define since we internally only use the lower 16 bits for the passed
++ in bitmask to not conflict with the private bits */
++ data->set.allowed_protocols = PROT_EXTMASK;
++ data->set.redir_protocols =
++ (PROT_EXTMASK & ~CURLPROTO_FILE); /* not FILE */
++
+ /* create an array with connection data struct pointers */
+ data->state.numconnects = 5; /* hard-coded right now */
+ data->state.connects = (struct connectdata **)
+@@ -1551,6 +1558,22 @@ CURLcode Curl_setopt(struct SessionHandl
+ data->set.ftp_alternative_to_user = va_arg(param, char *);
+ break;
+
++ case CURLOPT_PROTOCOLS:
++ /* set the bitmask for the protocols that are allowed to be used for the
++ transfer, which thus helps the app which takes URLs from users or other
++ external inputs and want to restrict what protocol(s) to deal
++ with. Defaults to CURLPROTO_ALL. */
++ data->set.allowed_protocols = va_arg(param, long) & PROT_EXTMASK;
++ break;
++
++ case CURLOPT_REDIR_PROTOCOLS:
++ /* set the bitmask for the protocols that libcurl is allowed to follow to,
++ as a subset of the CURLOPT_PROTOCOLS ones. That means the protocol needs
++ to be set in both bitmasks to be allowed to get redirected to. Defaults
++ to CURLPROTO_ALL & ~CURLPROTO_FILE. */
++ data->set.redir_protocols = va_arg(param, long) & PROT_EXTMASK;
++ break;
++
+ default:
+ /* unknown tag and its companion, just ignore: */
+ result = CURLE_FAILED_INIT; /* correct this */
+@@ -3198,8 +3221,6 @@ static CURLcode CreateConnection(struct
+ result = Curl_Transfer(conn, -1, -1, FALSE, NULL, /* no download */
+ -1, NULL); /* no upload */
+ }
+-
+- return result;
+ #else
+ failf(data, LIBCURL_NAME
+ " was built with FILE disabled!");
+@@ -3249,6 +3270,17 @@ static CURLcode CreateConnection(struct
+ failf(data, "Unsupported protocol: %s", conn->protostr);
+ return CURLE_UNSUPPORTED_PROTOCOL;
+ }
++ /* Protocol found. Check if allowed */
++ if(!(data->set.allowed_protocols & conn->protocol) ||
++ /* it is allowed for "normal" request, now do an extra check if this is
++ the result of a redirect */
++ (data->state.this_is_a_follow &&
++ !(data->set.redir_protocols & conn->protocol))) {
++ failf(data, "Unsupported protocol: %s", conn->protostr);
++ return CURLE_UNSUPPORTED_PROTOCOL;
++ }
++ if (conn->protocol & PROT_FILE)
++ return result;
+
+ if(data->change.proxy && *data->change.proxy) {
+ /* If this is supposed to use a proxy, we need to figure out the proxy
+diff -pruN curl-7.15.5.orig/lib/urldata.h curl-7.15.5/lib/urldata.h
+--- curl-7.15.5.orig/lib/urldata.h 2006-07-26 00:46:38.000000000 +0200
++++ curl-7.15.5/lib/urldata.h 2009-03-13 15:04:52.000000000 +0100
+@@ -563,17 +563,23 @@ struct connectdata {
+ struct has */
+
+ long protocol; /* PROT_* flags concerning the protocol set */
+-#define PROT_MISSING (1<<0)
+-#define PROT_HTTP (1<<2)
+-#define PROT_HTTPS (1<<3)
+-#define PROT_FTP (1<<4)
+-#define PROT_TELNET (1<<5)
+-#define PROT_DICT (1<<6)
+-#define PROT_LDAP (1<<7)
+-#define PROT_FILE (1<<8)
+-#define PROT_TFTP (1<<11)
+-#define PROT_FTPS (1<<9)
+-#define PROT_SSL (1<<10) /* protocol requires SSL */
++#define PROT_HTTP CURLPROTO_HTTP
++#define PROT_HTTPS CURLPROTO_HTTPS
++#define PROT_FTP CURLPROTO_FTP
++#define PROT_TELNET CURLPROTO_TELNET
++#define PROT_DICT CURLPROTO_DICT
++#define PROT_LDAP CURLPROTO_LDAP
++#define PROT_FILE CURLPROTO_FILE
++#define PROT_FTPS CURLPROTO_FTPS
++#define PROT_TFTP CURLPROTO_TFTP
++/* CURLPROTO_TFTP (1<<11) is currently the highest used bit in the public
++ bitmask. We make sure we use "private bits" above the first 16 to make
++ things easier. */
++
++#define PROT_EXTMASK 0xfff
++
++#define PROT_SSL (1<<22) /* protocol requires SSL */
++#define PROT_MISSING (1<<23)
+
+ /* 'dns_entry' is the particular host we use. This points to an entry in the
+ DNS cache and it will not get pruned while locked. It gets unlocked in
+@@ -1147,6 +1153,8 @@ struct UserDefined {
+ bool ftp_skip_ip; /* skip the IP address the FTP server passes on to
+ us */
+ bool connect_only; /* make connection, let application use the socket */
++ long allowed_protocols;
++ long redir_protocols;
+ };
+
+ struct Names {
+diff -pruN curl-7.15.5.orig/lib/easy.c curl-7.15.5/lib/easy.c
+--- curl-7.15.5.orig/lib/easy.c 2006-07-25 20:39:22.000000000 +0200
++++ curl-7.15.5/lib/easy.c 2009-03-13 15:04:52.000000000 +0100
+@@ -670,6 +670,13 @@ void curl_easy_reset(CURL *curl)
+ data->set.httpauth = CURLAUTH_BASIC; /* defaults to basic */
+ data->set.proxyauth = CURLAUTH_BASIC; /* defaults to basic */
+
++ /* for the *protocols fields we don't use the CURLPROTO_ALL convenience
++ define since we internally only use the lower 16 bits for the passed
++ in bitmask to not conflict with the private bits */
++ data->set.allowed_protocols = PROT_EXTMASK;
++ data->set.redir_protocols =
++ (PROT_EXTMASK & ~CURLPROTO_FILE); /* not FILE */
++
+ /*
+ * libcurl 7.10 introduced SSL verification *by default*! This needs to be
+ * switched off unless wanted.
diff --git a/curl-7.15.5-CVE-2009-2417.patch b/curl-7.15.5-CVE-2009-2417.patch
new file mode 100644
index 0000000..b479d91
--- /dev/null
+++ b/curl-7.15.5-CVE-2009-2417.patch
@@ -0,0 +1,80 @@
+diff -rup curl-7.15.5.orig/lib/ssluse.c curl-7.15.5/lib/ssluse.c
+--- curl-7.15.5.orig/lib/ssluse.c 2006-07-20 22:05:54.000000000 +0200
++++ curl-7.15.5/lib/ssluse.c 2009-08-07 11:41:18.181920711 +0200
+@@ -929,7 +929,7 @@ static CURLcode verifyhost(struct connec
+ if(check->type == target) {
+ /* get data and length */
+ const char *altptr = (char *)ASN1_STRING_data(check->d.ia5);
+- int altlen;
++ size_t altlen = (size_t) ASN1_STRING_length(check->d.ia5);
+
+ switch(target) {
+ case GEN_DNS: /* name/pattern comparison */
+@@ -943,14 +943,16 @@ static CURLcode verifyhost(struct connec
+ "I checked the 0.9.6 and 0.9.8 sources before my patch and
+ it always 0-terminates an IA5String."
+ */
+- if (cert_hostcheck(altptr, conn->host.name))
++ if((altlen == strlen(altptr)) &&
++ /* if this isn't true, there was an embedded zero in the name
++ string and we cannot match it. */
++ cert_hostcheck(altptr, conn->host.name))
+ matched = TRUE;
+ break;
+
+ case GEN_IPADD: /* IP address comparison */
+ /* compare alternative IP address if the data chunk is the same size
+ our server IP address is */
+- altlen = ASN1_STRING_length(check->d.ia5);
+ if((altlen == addrlen) && !memcmp(altptr, &addr, altlen))
+ matched = TRUE;
+ break;
+@@ -990,18 +992,27 @@ static CURLcode verifyhost(struct connec
+ string manually to avoid the problem. This code can be made
+ conditional in the future when OpenSSL has been fixed. Work-around
+ brought by Alexis S. L. Carvalho. */
+- if (tmp && ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) {
+- j = ASN1_STRING_length(tmp);
+- if (j >= 0) {
+- peer_CN = OPENSSL_malloc(j+1);
+- if (peer_CN) {
+- memcpy(peer_CN, ASN1_STRING_data(tmp), j);
+- peer_CN[j] = '\0';
++ if(tmp) {
++ if(ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) {
++ j = ASN1_STRING_length(tmp);
++ if(j >= 0) {
++ peer_CN = OPENSSL_malloc(j+1);
++ if(peer_CN) {
++ memcpy(peer_CN, ASN1_STRING_data(tmp), j);
++ peer_CN[j] = '\0';
++ }
+ }
+ }
++ else /* not a UTF8 name */
++ j = ASN1_STRING_to_UTF8(&peer_CN, tmp);
++
++ if(peer_CN && ((int)strlen((char *)peer_CN) != j)) {
++ /* there was a terminating zero before the end of string, this
++ cannot match and we return failure! */
++ failf(data, "SSL: illegal cert name field");
++ res = CURLE_SSL_PEER_CERTIFICATE;
++ }
+ }
+- else /* not a UTF8 name */
+- j = ASN1_STRING_to_UTF8(&peer_CN, tmp);
+ }
+
+ if (peer_CN == nulstr)
+@@ -1018,7 +1029,10 @@ static CURLcode verifyhost(struct connec
+ }
+ #endif /* CURL_DOES_CONVERSIONS */
+
+- if (!peer_CN) {
++ if(res)
++ /* error already detected, pass through */
++ ;
++ else if(!peer_CN) {
+ if(data->set.ssl.verifyhost > 1) {
+ failf(data,
+ "SSL: unable to obtain common name from peer certificate");
diff --git a/curl-7.15.5-CVE-2011-2192.patch b/curl-7.15.5-CVE-2011-2192.patch
new file mode 100644
index 0000000..6d36cdc
--- /dev/null
+++ b/curl-7.15.5-CVE-2011-2192.patch
@@ -0,0 +1,30 @@
+From b9c6df58e821977a0be886f6847311a4ffc7124e Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Wed, 8 Jun 2011 00:10:26 +0200
+Subject: [PATCH] Curl_input_negotiate: do not delegate GSSAPI credentials
+
+This is a security flaw. See curl advisory 20110623 for details.
+
+Reported by: Richard Silverman
+
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/http_negotiate.c | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c
+index 08064d6..4015e2f 100644
+--- a/lib/http_negotiate.c
++++ b/lib/http_negotiate.c
+@@ -216,7 +216,7 @@ int Curl_input_negotiate(struct connectdata *conn, char *header)
+ &neg_ctx->context,
+ neg_ctx->server_name,
+ GSS_C_NO_OID,
+- GSS_C_DELEG_FLAG,
++ 0,
+ 0,
+ GSS_C_NO_CHANNEL_BINDINGS,
+ &input_token,
+--
+1.7.4.4
+
diff --git a/curl-7.15.5-bz473128.patch b/curl-7.15.5-bz473128.patch
new file mode 100644
index 0000000..4fcd6b0
--- /dev/null
+++ b/curl-7.15.5-bz473128.patch
@@ -0,0 +1,12 @@
+diff -rup curl-7.15.5.orig/docs/curl.1 curl-7.15.5/docs/curl.1
+--- curl-7.15.5.orig/docs/curl.1 2006-07-27 01:20:47.000000000 +0200
++++ curl-7.15.5/docs/curl.1 2009-10-27 13:27:18.996742031 +0100
+@@ -924,6 +924,8 @@ mutually exclusive.
+ If this option is used several times, the last one will be used. (This option
+ was previously wrongly documented and used as --socks without the number
+ appended.)
++
++This option (as well as \fI--socks4\fP) does not work with IPv6, FTPS or LDAP.
+ .IP "--stderr <file>"
+ Redirect all writes to stderr to the specified file instead. If the file name
+ is a plain '-', it is instead written to stdout. This option has no point when
diff --git a/curl-7.15.5-bz479967.patch b/curl-7.15.5-bz479967.patch
new file mode 100644
index 0000000..b530121
--- /dev/null
+++ b/curl-7.15.5-bz479967.patch
@@ -0,0 +1,12 @@
+diff -rup curl-7.15.5.orig/lib/select.c curl-7.15.5/lib/select.c
+--- curl-7.15.5.orig/lib/select.c 2006-05-05 12:24:27.000000000 +0200
++++ curl-7.15.5/lib/select.c 2009-10-27 15:17:49.144741885 +0100
+@@ -113,7 +113,7 @@ int Curl_select(curl_socket_t readfd, cu
+ if (writefd != CURL_SOCKET_BAD) {
+ if (pfd[num].revents & POLLOUT)
+ ret |= CSELECT_OUT;
+- if (pfd[num].revents & POLLERR)
++ if (pfd[num].revents & (POLLERR|POLLHUP))
+ ret |= CSELECT_ERR;
+ }
+
diff --git a/curl-7.15.5-bz517084.patch b/curl-7.15.5-bz517084.patch
new file mode 100644
index 0000000..b8db8ec
--- /dev/null
+++ b/curl-7.15.5-bz517084.patch
@@ -0,0 +1,12 @@
+diff -rup curl-7.15.5.orig/src/main.c curl-7.15.5/src/main.c
+--- curl-7.15.5.orig/src/main.c 2006-07-27 01:20:48.000000000 +0200
++++ curl-7.15.5/src/main.c 2009-10-27 15:55:59.627758853 +0100
+@@ -513,6 +513,8 @@ static void help(void)
+ " --create-dirs Create necessary local directory hierarchy",
+ " --crlf Convert LF to CRLF in upload",
+ " -f/--fail Fail silently (no output at all) on HTTP errors (H)",
++ " --ftp-account <data> Account data to send when requested by server (F)",
++ " --ftp-alternative-to-user <cmd> String to replace \"USER [name]\" (F)",
+ " --ftp-create-dirs Create the remote dirs if not present (F)",
+ " --ftp-method [multicwd/nocwd/singlecwd] Control CWD usage (F)",
+ " --ftp-pasv Use PASV/EPSV instead of PORT (F)",
diff --git a/curl-7.15.5-bz517199.patch b/curl-7.15.5-bz517199.patch
new file mode 100644
index 0000000..799d177
--- /dev/null
+++ b/curl-7.15.5-bz517199.patch
@@ -0,0 +1,38 @@
+diff -rup curl-7.15.5.orig/lib/http.c curl-7.15.5/lib/http.c
+--- curl-7.15.5.orig/lib/http.c 2009-08-14 13:04:26.830607819 +0200
++++ curl-7.15.5/lib/http.c 2009-08-14 13:04:46.772482970 +0200
+@@ -1967,6 +1967,14 @@ CURLcode Curl_http(struct connectdata *c
+ te
+ );
+
++ /*
++ * Free userpwd now --- cannot reuse this for Negotiate and possibly NTLM
++ * with basic and digest, it will be freed anyway by the next request
++ */
++
++ Curl_safefree (conn->allocptr.userpwd);
++ conn->allocptr.userpwd = NULL;
++
+ if(result)
+ return result;
+
+diff -rup curl-7.15.5.orig/lib/http_negotiate.c curl-7.15.5/lib/http_negotiate.c
+--- curl-7.15.5.orig/lib/http_negotiate.c 2009-08-14 13:04:26.846608324 +0200
++++ curl-7.15.5/lib/http_negotiate.c 2009-08-14 13:05:15.467037550 +0200
+@@ -248,7 +248,6 @@ int Curl_input_negotiate(struct connectd
+ CURLcode Curl_output_negotiate(struct connectdata *conn)
+ {
+ struct negotiatedata *neg_ctx = &conn->data->state.negotiate;
+- OM_uint32 minor_status;
+ char *encoded = NULL;
+ int len;
+
+@@ -300,7 +299,7 @@ CURLcode Curl_output_negotiate(struct co
+ conn->allocptr.userpwd =
+ aprintf("Authorization: %s %s\r\n", neg_ctx->protocol, encoded);
+ free(encoded);
+- gss_release_buffer(&minor_status, &neg_ctx->output_token);
++ Curl_cleanup_negotiate (conn->data);
+ return (conn->allocptr.userpwd == NULL) ? CURLE_OUT_OF_MEMORY : CURLE_OK;
+ }
+
diff --git a/curl-7.15.5-bz532069.patch b/curl-7.15.5-bz532069.patch
new file mode 100644
index 0000000..f3f682d
--- /dev/null
+++ b/curl-7.15.5-bz532069.patch
@@ -0,0 +1,159 @@
+diff -rup curl-7.15.5.orig/CHANGES curl-7.15.5/CHANGES
+--- curl-7.15.5.orig/CHANGES 2006-08-07 08:27:59.000000000 +0200
++++ curl-7.15.5/CHANGES 2009-10-30 23:42:35.373803847 +0100
+@@ -6,6 +6,16 @@
+
+ Changelog
+
++Daniel Stenberg (25 Sep 2009)
++- Chris Mumford filed bug report #2861587
++ (http://curl.haxx.se/bug/view.cgi?id=2861587) identifying that libcurl used
++ the OpenSSL function X509_load_crl_file() wrongly and failed if it would
++ load a CRL file with more than one certificate within. This is now fixed.
++
++Daniel Stenberg (6 Jun 2008)
++- Axel Tillequin and Arnaud Ebalard added support for CURLOPT_CRLFILE, for
++ OpenSSL, NSS and GnuTLS-built libcurls.
++
+ Version 7.15.5 (7 August 2006)
+
+ Daniel (2 August 2006)
+diff -rup curl-7.15.5.orig/docs/libcurl/curl_easy_setopt.3 curl-7.15.5/docs/libcurl/curl_easy_setopt.3
+--- curl-7.15.5.orig/docs/libcurl/curl_easy_setopt.3 2009-10-30 23:41:03.845741285 +0100
++++ curl-7.15.5/docs/libcurl/curl_easy_setopt.3 2009-10-30 23:42:35.374803796 +0100
+@@ -1260,6 +1260,24 @@ makes sense only when used in combinatio
+ is zero, \fICURLOPT_CAPATH\fP need not even indicate an accessible
+ path. The \fICURLOPT_CAPATH\fP function apparently does not work in
+ Windows due to some limitation in openssl. (Added in 7.9.8)
++.IP CURLOPT_CRLFILE
++Pass a char * to a zero terminated string naming a file with the concatenation
++of CRL (in PEM format) to use in the certificate validation that occurs during
++the SSL exchange.
++
++When curl is built to use NSS or GnuTLS, there is no way to influence the use
++of CRL passed to help in the verification process. When libcurl is built with
++OpenSSL support, X509_V_FLAG_CRL_CHECK and X509_V_FLAG_CRL_CHECK_ALL are both
++set, requiring CRL check against all the elements of the certificate chain if
++a CRL file is passed.
++
++This option makes sense only when used in combination with the
++\fICURLOPT_SSL_VERIFYPEER\fP option.
++
++A specific error code (CURLE_SSL_CRL_BADFILE) is defined with the option. It
++is returned when the SSL exchange fails because the CRL file cannot be loaded.
++Note that a failure in certificate verification due to a revocation information
++found in the CRL does not trigger this specific error.
+ .IP CURLOPT_RANDOM_FILE
+ Pass a char * to a zero terminated file name. The file will be used to read
+ from to seed the random engine for SSL. The more random the specified file is,
+diff -rup curl-7.15.5.orig/docs/libcurl/libcurl-errors.3 curl-7.15.5/docs/libcurl/libcurl-errors.3
+--- curl-7.15.5.orig/docs/libcurl/libcurl-errors.3 2006-06-24 23:49:40.000000000 +0200
++++ curl-7.15.5/docs/libcurl/libcurl-errors.3 2009-10-30 23:42:35.374803796 +0100
+@@ -208,6 +208,8 @@ No such TFTP user
+ Character conversion failed
+ .IP "CURLE_CONV_REQD (76)"
+ Caller must register conversion callbacks
++.IP "CURLE_SSL_CRL_BADFILE (82)"
++Failed to load CRL file (Added in 7.19.0)
+ .SH "CURLMcode"
+ This is the generic return code used by functions in the libcurl multi
+ interface. Also consider \fIcurl_multi_strerror(3)\fP.
+diff -rup curl-7.15.5.orig/include/curl/curl.h curl-7.15.5/include/curl/curl.h
+--- curl-7.15.5.orig/include/curl/curl.h 2009-10-30 23:41:03.846741384 +0100
++++ curl-7.15.5/include/curl/curl.h 2009-10-30 23:42:35.375803976 +0100
+@@ -339,6 +339,8 @@ typedef enum {
+ CURLOPT_CONV_FROM_NETWORK_FUNCTION,
+ CURLOPT_CONV_TO_NETWORK_FUNCTION, and
+ CURLOPT_CONV_FROM_UTF8_FUNCTION */
++ CURLE_SSL_CRL_BADFILE = 82, /* 82 - could not load CRL file, missing or
++ wrong format (Added in 7.19.0) */
+ CURL_LAST /* never use! */
+ } CURLcode;
+
+@@ -995,6 +997,9 @@ typedef enum {
+ /* Pointer to command string to send if USER/PASS fails. */
+ CINIT(FTP_ALTERNATIVE_TO_USER, OBJECTPOINT, 147),
+
++ /* CRL file */
++ CINIT(CRLFILE, OBJECTPOINT, 169),
++
+ /* set the bitmask for the protocols that are allowed to be used for the
+ transfer, which thus helps the app which takes URLs from users or other
+ external inputs and want to restrict what protocol(s) to deal
+diff -rup curl-7.15.5.orig/lib/ssluse.c curl-7.15.5/lib/ssluse.c
+--- curl-7.15.5.orig/lib/ssluse.c 2009-10-30 23:41:03.852866415 +0100
++++ curl-7.15.5/lib/ssluse.c 2009-10-30 23:45:20.895778697 +0100
+@@ -1305,6 +1305,32 @@ Curl_ossl_connect_step1(struct connectda
+ data->set.ssl.CAfile ? data->set.ssl.CAfile : "none",
+ data->set.ssl.CApath ? data->set.ssl.CApath : "none");
+ }
++
++ if (data->set.ssl.CRLfile) {
++ /* tell SSL where to find CRL file that is used to check certificate
++ * revocation */
++ X509_LOOKUP *lookup =
++ X509_STORE_add_lookup(connssl->ctx->cert_store,X509_LOOKUP_file());
++ if ( !lookup ||
++ (!X509_load_crl_file(lookup,data->set.ssl.CRLfile,
++ X509_FILETYPE_PEM)) ) {
++ failf(data,"error loading CRL file :\n"
++ " CRLfile: %s\n",
++ data->set.ssl.CRLfile?
++ data->set.ssl.CRLfile: "none");
++ return CURLE_SSL_CRL_BADFILE;
++ }
++ else {
++ /* Everything is fine. */
++ infof(data, "successfully load CRL file:\n");
++ X509_STORE_set_flags(connssl->ctx->cert_store,
++ X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
++ }
++ infof(data,
++ " CRLfile: %s\n", data->set.ssl.CRLfile ?
++ data->set.ssl.CRLfile: "none");
++ }
++
+ /* SSL always tries to verify the peer, this only says whether it should
+ * fail to connect if the verification fails, or if it should continue
+ * anyway. In the latter case the result of the verification is checked with
+diff -rup curl-7.15.5.orig/lib/strerror.c curl-7.15.5/lib/strerror.c
+--- curl-7.15.5.orig/lib/strerror.c 2006-08-01 11:39:01.000000000 +0200
++++ curl-7.15.5/lib/strerror.c 2009-10-30 23:42:35.376803807 +0100
+@@ -241,6 +241,9 @@ curl_easy_strerror(CURLcode error)
+ case CURLE_FTP_SSL_FAILED:
+ return "Requested FTP SSL level failed";
+
++ case CURLE_SSL_CRL_BADFILE:
++ return "Failed to load CRL file (path? access rights?, format?)";
++
+ case CURLE_SEND_FAIL_REWIND:
+ return "Send failed since rewinding of the data stream failed";
+
+diff -rup curl-7.15.5.orig/lib/url.c curl-7.15.5/lib/url.c
+--- curl-7.15.5.orig/lib/url.c 2009-10-30 23:41:03.848741261 +0100
++++ curl-7.15.5/lib/url.c 2009-10-30 23:42:35.378944509 +0100
+@@ -1360,6 +1360,13 @@ CURLcode Curl_setopt(struct SessionHandl
+ /* This does not work on windows. */
+ data->set.ssl.CApath = va_arg(param, char *);
+ break;
++ case CURLOPT_CRLFILE:
++ /*
++ * Set CRL file info for SSL connection. Specify file name of the CRL
++ * to check certificates revocation
++ */
++ data->set.ssl.CRLfile = va_arg(param, char *);
++ break;
+ case CURLOPT_TELNETOPTIONS:
+ /*
+ * Set a linked list of telnet options
+diff -rup curl-7.15.5.orig/lib/urldata.h curl-7.15.5/lib/urldata.h
+--- curl-7.15.5.orig/lib/urldata.h 2009-10-30 23:41:03.849741307 +0100
++++ curl-7.15.5/lib/urldata.h 2009-10-30 23:42:35.379944623 +0100
+@@ -171,6 +171,7 @@ struct ssl_config_data {
+ 2: CN must match hostname */
+ char *CApath; /* DOES NOT WORK ON WINDOWS */
+ char *CAfile; /* cerficate to verify peer against */
++ char *CRLfile; /* CRL to check cerficate revocation */
+ char *random_file; /* path to file containing "random" data */
+ char *egdsocket; /* path to file containing the EGD daemon socket */
+ char *cipher_list; /* list of ciphers to use */
diff --git a/curl-7.15.5-bz563220.patch b/curl-7.15.5-bz563220.patch
new file mode 100644
index 0000000..e9d7f88
--- /dev/null
+++ b/curl-7.15.5-bz563220.patch
@@ -0,0 +1,13 @@
+diff --git a/lib/content_encoding.c b/lib/content_encoding.c
+index fd27f30..7be16b0 100644
+--- a/lib/content_encoding.c
++++ b/lib/content_encoding.c
+@@ -40,7 +40,7 @@
+ (doing so will reduce code size slightly). */
+ #define OLD_ZLIB_SUPPORT 1
+
+-#define DSIZ 0x10000 /* buffer size for decompressed data */
++#define DSIZ CURL_MAX_WRITE_SIZE /* buffer size for decompressed data */
+
+ #define GZIP_MAGIC_0 0x1f
+ #define GZIP_MAGIC_1 0x8b
diff --git a/curl-7.15.5-bz655073.patch b/curl-7.15.5-bz655073.patch
new file mode 100644
index 0000000..82199bd
--- /dev/null
+++ b/curl-7.15.5-bz655073.patch
@@ -0,0 +1,71 @@
+From ab76eba3c4dcb076f33ae3b6a8ce3fab98bad9d5 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Sun, 23 Jan 2011 16:42:31 +0100
+Subject: [PATCH] ldap: bz#655073
+
+Patch originally written by Pierre Carrier.
+---
+ lib/ldap.c | 26 ++++++++++++++++++++++++--
+ 1 files changed, 24 insertions(+), 2 deletions(-)
+
+diff --git a/lib/ldap.c b/lib/ldap.c
+index 5b845a4..69b8aa9 100644
+--- a/lib/ldap.c
++++ b/lib/ldap.c
+@@ -63,6 +63,7 @@
+ #include "ldap.h"
+ #include "memory.h"
+ #include "base64.h"
++#include "http.h"
+
+ #define _MPRINTF_REPLACE /* use our functions only */
+ #include <curl/mprintf.h>
+@@ -253,6 +254,7 @@ CURLcode Curl_ldap(struct connectdata *conn, bool *done)
+ void (*ldap_free_urldesc)(void *);
+ #endif
+ void *(__cdecl *ldap_init)(char *, int);
++ int (__cdecl *ldap_init_fd)(int, int, char *, void *);
+ int (__cdecl *ldap_simple_bind_s)(void *, char *, char *);
+ int (__cdecl *ldap_unbind_s)(void *);
+ int (__cdecl *ldap_search_s)(void *, char *, int, char *, char **,
+@@ -269,7 +271,7 @@ CURLcode Curl_ldap(struct connectdata *conn, bool *done)
+ void (__cdecl *ber_free)(void *, int);
+ int (__cdecl *ldap_set_option)(void *, int, void *);
+
+- void *server;
++ void *server = NULL;
+ LDAPURLDesc *ludp = NULL;
+ const char *mod_name;
+ void *result;
+@@ -316,7 +318,27 @@ CURLcode Curl_ldap(struct connectdata *conn, bool *done)
+ DYNA_GET_FUNCTION(void (__cdecl *)(void *, int), ber_free);
+ DYNA_GET_FUNCTION(int (__cdecl *)(void *, int, void *), ldap_set_option);
+
+- server = (*ldap_init)(conn->host.name, (int)conn->port);
++ if(conn->bits.tunnel_proxy && conn->bits.httpproxy) {
++ /* for LDAP over HTTP proxy */
++ ldap_init_fd = (int (__cdecl *)(int, int, char *, void *))
++ DynaGetFunction("ldap_init_fd");
++ if(!ldap_init_fd) {
++ failf(data, "Cannot use ldap_init_fd (%s), your openldap version is "
++ "probably too old for HTTP proxying", dlerror());
++ status = CURLE_COULDNT_CONNECT;
++ goto quit;
++ }
++ if(CURLE_OK != Curl_proxyCONNECT(conn, FIRSTSOCKET, conn->host.name,
++ conn->remote_port)) {
++ status = CURLE_COULDNT_CONNECT;
++ goto quit;
++ }
++ if((*ldap_init_fd)(conn->sock[FIRSTSOCKET], /* LDAP_PROTO_TCP */1, NULL,
++ &server))
++ server = NULL;
++ } else {
++ server = (*ldap_init)(conn->host.name, (int)conn->port);
++ }
+ if (server == NULL) {
+ failf(data, "LDAP local: Cannot connect to %s:%d",
+ conn->host.name, conn->port);
+--
+1.7.3.4
+
diff --git a/curl.spec b/curl.spec
new file mode 100644
index 0000000..0cbf4ea
--- /dev/null
+++ b/curl.spec
@@ -0,0 +1,430 @@
+Summary: A utility for getting files from remote servers (FTP, HTTP, and others).
+Name: curl
+Version: 7.15.5
+Release: 9%{?dist}.3
+License: MIT
+Group: Applications/Internet
+Source: http://curl.haxx.se/download/%{name}-%{version}.tar.bz2
+Patch0: curl-7.14.1-nousr.patch
+Patch1: curl-7.15.0-curl_config-version.patch
+Patch2: curl-7.15.3-multilib.patch
+Patch3: curl-7.15.5-CVE-2009-0037.patch
+Patch4: curl-7.15.5-CVE-2009-2417.patch
+Patch5: curl-7.15.5-bz473128.patch
+Patch6: curl-7.15.5-bz479967.patch
+Patch7: curl-7.15.5-bz517084.patch
+Patch8: curl-7.15.5-bz517199.patch
+Patch9: curl-7.15.5-bz532069.patch
+Patch10: curl-7.15.5-bz563220.patch
+Patch11: curl-7.15.5-bz655073.patch
+Patch12: curl-7.15.5-CVE-2011-2192.patch
+URL: http://curl.haxx.se/
+BuildRoot: %{_tmppath}/%{name}-%{version}-root
+BuildRequires: openssl-devel, libtool, pkgconfig, libidn-devel
+Requires: openssl
+
+%description
+cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and
+Dict servers, using any of the supported protocols. cURL is designed
+to work without user interaction or any kind of interactivity. cURL
+offers many useful capabilities, like proxy support, user
+authentication, FTP upload, HTTP post, and file transfer resume.
+
+%package devel
+Group: Development/Libraries
+Requires: %{name} = %{version}-%{release}, openssl-devel, libidn-devel
+Summary: Files needed for building applications with libcurl.
+
+%description devel
+cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and
+Dict servers, using any of the supported protocols. The curl-devel
+package includes files needed for developing applications which can
+use cURL's capabilities internally.
+
+%prep
+rm -rf $RPM_BUILD_ROOT
+
+%setup -q
+%patch0 -p1 -b .nousr
+%patch1 -p1 -b .ver
+%patch2 -p1 -b .multilib
+%patch3 -p1 -b .CVE-2009-0037
+%patch4 -p1 -b .CVE-2009-2417
+%patch5 -p1 -b .bz473128
+%patch6 -p1 -b .bz479967
+%patch7 -p1 -b .bz517084
+%patch8 -p1 -b .bz517199
+%patch9 -p1 -b .bz532069
+%patch10 -p1 -b .bz563220
+%patch11 -p1 -b .bz655073
+%patch12 -p1 -b .CVE-2011-2192
+
+%build
+aclocal
+libtoolize --force
+./reconf
+
+if pkg-config openssl ; then
+ CPPFLAGS=`pkg-config --cflags openssl`; export CPPFLAGS
+ LDFLAGS=`pkg-config --libs openssl`; export LDFLAGS
+fi
+%configure --with-ssl=/usr --enable-ipv6 \
+ --with-ca-bundle=%{_sysconfdir}/pki/tls/certs/ca-bundle.crt \
+ --with-gssapi=/usr/kerberos --with-libidn
+make
+
+%install
+rm -rf $RPM_BUILD_ROOT
+%makeinstall
+rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
+
+
+# don't need curl's copy of the certs; use openssl's
+find ${RPM_BUILD_ROOT} -name ca-bundle.crt -exec rm -f '{}' \;
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%post
+/sbin/ldconfig
+
+%postun
+/sbin/ldconfig
+
+%files
+%defattr(-,root,root)
+%doc CHANGES README* COPYING
+%doc docs/BUGS docs/FAQ docs/FEATURES
+%doc docs/MANUAL docs/RESOURCES
+%doc docs/TheArtOfHttpScripting docs/TODO
+%{_bindir}/curl
+%{_mandir}/man1/curl.1*
+%{_libdir}/libcurl.so.*
+#%{_datadir}/ssl/certs/ca-bundle.crt
+
+%files devel
+%defattr(-,root,root)
+%doc docs/examples/*.c docs/examples/Makefile.example docs/INTERNALS
+%{_bindir}/curl-config*
+%{_includedir}/curl
+%{_libdir}/*.a
+%{_libdir}/*.so
+%{_libdir}/pkgconfig/*.pc
+%{_mandir}/man1/curl-config.1*
+%{_mandir}/man3/*
+
+%changelog
+* Thu Jun 23 2011 Kamil Dudka <kdudka@redhat.com> 7.15.5-9.el5_6.3
+- do not delegate GSSAPI credentials (CVE-2011-2192)
+
+* Mon Jan 24 2011 Kamil Dudka <kdudka@redhat.com> - 7.15.5-9.el5_6.2
+- avoid use of uninitialized variable on failure of a LDAP request (#670523)
+
+* Tue Jan 18 2011 Kamil Dudka <kdudka@redhat.com> - 7.15.5-9.el5_6.1
+- proxy tunnel support for LDAP requests (#670523)
+
+* Mon Feb 15 2010 Kamil Dudka <kdudka@redhat.com> - 7.15.5-9
+- http://curl.haxx.se/docs/adv_20100209.html (#565408)
+
+* Tue Oct 27 2009 Kamil Dudka <kdudka@redhat.com> - 7.15.5-8
+- mention lack of IPv6, FTPS and LDAP support while using a socks proxy
+ (#473128)
+- avoid tight loop if an upload connection is broken (#479967)
+- add options --ftp-account and --ftp-alternative-to-user to program help
+ (#517084)
+- fix crash when reusing connection after negotiate-auth (#517199)
+- support for CRL loading from a PEM file (#532069)
+
+* Tue Aug 11 2009 Jindrich Novy <jnovy@redhat.com> - 7.15.5-7
+- sync patch for CVE-2007-0037 with 5.3.Z
+Related: #485290
+
+* Mon Aug 10 2009 Kamil Dudka <kdudka@redhat.com> - 7.15.5-6
+- fix CVE-2009-2417
+Resolves: #516258
+
+* Tue Mar 10 2009 Jindrich Novy <jnovy@redhat.com> - 7.15.5-5
+- forwardport one hunk from upstream curl-7.15.1
+Related: #485290
+
+* Fri Mar 06 2009 Jindrich Novy <jnovy@redhat.com> - 7.15.5-4
+- fix hunk applied to wrong place due to nonzero patch fuzz
+Related: #485290
+
+* Tue Mar 03 2009 Jindrich Novy <jnovy@redhat.com> - 7.15.5-3
+- fix CVE-2007-0037
+Resolves: #485290
+
+* Tue Jan 16 2007 Jindrich Novy <jnovy@redhat.com> - 7.15.5-2
+- don't package generated makefiles for docs/examples to avoid
+ multiarch conflicts (#222718)
+
+* Thu Aug 24 2006 Jindrich Novy <jnovy@redhat.com> - 7.15.5-1.fc6
+- update to curl-7.15.5
+- use %%{?dist}
+
+* Fri Jun 30 2006 Ivana Varekova <varekova@redhat.com> - 7.15.4-1
+- update to 7.15.4
+
+* Mon Mar 20 2006 Ivana Varekova <varekova@redhat.com> - 7.15.3-1
+- fix multilib problem using pkg-config
+- update to 7.15.3
+
+* Thu Feb 23 2006 Ivana Varekova <varekova@redhat.com> - 7.15.1-2
+- fix multilib problem - #181290 -
+ curl-devel.i386 not installable together with curl-devel.x86-64
+
+* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 7.15.1-1.2.1
+- bump again for double-long bug on ppc(64)
+
+* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 7.15.1-1.2
+- rebuilt for new gcc4.1 snapshot and glibc changes
+
+* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
+- rebuilt
+
+* Thu Dec 8 2005 Ivana Varekova <varekova@redhat.com> 7.15.1-1
+- update to 7.15.1 (bug 175191)
+
+* Wed Nov 30 2005 Ivana Varekova <varekova@redhat.com> 7.15.0-3
+- fix curl-config bug 174556 - missing vernum value
+
+* Wed Nov 9 2005 Ivana Varekova <varekova@redhat.com> 7.15.0-2
+- rebuilt
+
+* Tue Oct 18 2005 Ivana Varekova <varekova@redhat.com> 7.15.0-1
+- update to 7.15.0
+
+* Thu Oct 13 2005 Ivana Varekova <varekova@redhat.com> 7.14.1-1
+- update to 7.14.1
+
+* Thu Jun 16 2005 Ivana Varekova <varekova@redhat.com> 7.14.0-1
+- rebuild new version
+
+* Tue May 03 2005 Ivana Varekova <varekova@redhat.com> 7.13.1-3
+- fix bug 150768 - curl-7.12.3-2 breaks basic authentication
+ used Daniel Stenberg patch
+
+* Mon Apr 25 2005 Joe Orton <jorton@redhat.com> 7.13.1-2
+- update to use ca-bundle in /etc/pki
+- mark License as MIT not MPL
+
+* Mon Mar 9 2005 Ivana Varekova <varekova@redhat.com> 7.13.1-1
+- rebuilt (7.13.1)
+
+* Tue Mar 1 2005 Tomas Mraz <tmraz@redhat.com> 7.13.0-2
+- rebuild with openssl-0.9.7e
+
+* Sun Feb 13 2005 Florian La Roche <laroche@redhat.com>
+- 7.13.0
+
+* Wed Feb 9 2005 Joe Orton <jorton@redhat.com> 7.12.3-3
+- don't pass /usr to --with-libidn to remove "-L/usr/lib" from
+ 'curl-config --libs' output on x86_64.
+
+* Fri Jan 28 2005 Adrian Havill <havill@redhat.com> 7.12.3-1
+- Upgrade to 7.12.3, which uses poll() for FDSETSIZE limit (#134794)
+- require libidn-devel for devel subpkg (#141341)
+- remove proftpd kludge; included upstream
+
+* Wed Oct 06 2004 Adrian Havill <havill@redhat.com> 7.12.1-1
+- upgrade to 7.12.1
+- enable GSSAPI auth (#129353)
+- enable I18N domain names (#134595)
+- workaround for broken ProFTPD SSL auth (#134133). Thanks to
+ Aleksandar Milivojevic
+
+* Wed Sep 29 2004 Adrian Havill <havill@redhat.com> 7.12.0-4
+- move new docs position so defattr gets applied
+
+* Mon Sep 27 2004 Warren Togami <wtogami@redhat.com> 7.12.0-3
+- remove INSTALL, move libcurl docs to -devel
+
+* Fri Jul 26 2004 Jindrich Novy <jnovy@redhat.com>
+- updated to 7.12.0
+- updated nousr patch
+
+* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
+- rebuilt
+
+* Wed Apr 07 2004 Adrian Havill <havill@redhat.com> 7.11.1-1
+- upgraded; updated nousr patch
+- added COPYING (#115956)
+-
+
+* Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com>
+- rebuilt
+
+* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
+- rebuilt
+
+* Sat Jan 31 2004 Florian La Roche <Florian.LaRoche@redhat.de>
+- update to 7.10.8
+- remove patch2, already upstream
+
+* Wed Oct 15 2003 Adrian Havill <havill@redhat.com> 7.10.6-7
+- aclocal before libtoolize
+- move OpenLDAP license so it's present as a doc file, present in
+ both the source and binary as per conditions
+
+* Mon Oct 13 2003 Adrian Havill <havill@redhat.com> 7.10.6-6
+- add OpenLDAP copyright notice for usage of code, add OpenLDAP
+ license for this code
+
+* Tue Oct 07 2003 Adrian Havill <havill@redhat.com> 7.10.6-5
+- match serverAltName certs with SSL (#106168)
+
+* Mon Sep 16 2003 Adrian Havill <havill@redhat.com> 7.10.6-4.1
+- bump n-v-r for RHEL
+
+* Mon Sep 16 2003 Adrian Havill <havill@redhat.com> 7.10.6-4
+- restore ca cert bundle (#104400)
+- require openssl, we want to use its ca-cert bundle
+
+* Sun Sep 7 2003 Joe Orton <jorton@redhat.com> 7.10.6-3
+- rebuild
+
+* Fri Sep 5 2003 Joe Orton <jorton@redhat.com> 7.10.6-2.2
+- fix to include libcurl.so
+
+* Mon Aug 25 2003 Adrian Havill <havill@redhat.com> 7.10.6-2.1
+- bump n-v-r for RHEL
+
+* Mon Aug 25 2003 Adrian Havill <havill@redhat.com> 7.10.6-2
+- devel subpkg needs openssl-devel as a Require (#102963)
+
+* Tue Jul 28 2003 Adrian Havill <havill@redhat.com> 7.10.6-1
+- bumped version
+
+* Tue Jul 01 2003 Adrian Havill <havill@redhat.com> 7.10.5-1
+- bumped version
+
+* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
+- rebuilt
+
+* Sat Apr 12 2003 Florian La Roche <Florian.LaRoche@redhat.de>
+- update to 7.10.4
+- adapt nousr patch
+
+* Wed Jan 22 2003 Tim Powers <timp@redhat.com>
+- rebuilt
+
+* Tue Jan 21 2003 Joe Orton <jorton@redhat.com> 7.9.8-4
+- don't add -L/usr/lib to 'curl-config --libs' output
+
+* Mon Jan 7 2003 Nalin Dahyabhai <nalin@redhat.com> 7.9.8-3
+- rebuild
+
+* Wed Nov 6 2002 Joe Orton <jorton@redhat.com> 7.9.8-2
+- fix `curl-config --libs` output for libdir!=/usr/lib
+- remove docs/LIBCURL from docs list; remove unpackaged libcurl.la
+- libtoolize and reconf
+
+* Mon Jul 22 2002 Trond Eivind Glomsrød <teg@redhat.com> 7.9.8-1
+- 7.9.8 (# 69473)
+
+* Fri Jun 21 2002 Tim Powers <timp@redhat.com>
+- automated rebuild
+
+* Sun May 26 2002 Tim Powers <timp@redhat.com>
+- automated rebuild
+
+* Thu May 16 2002 Trond Eivind Glomsrød <teg@redhat.com> 7.9.7-1
+- 7.9.7
+
+* Wed Apr 24 2002 Trond Eivind Glomsrød <teg@redhat.com> 7.9.6-1
+- 7.9.6
+
+* Thu Mar 21 2002 Trond Eivind Glomsrød <teg@redhat.com> 7.9.5-2
+- Stop the curl-config script from printing -I/usr/include
+ and -L/usr/lib (#59497)
+
+* Fri Mar 8 2002 Trond Eivind Glomsrød <teg@redhat.com> 7.9.5-1
+- 7.9.5
+
+* Tue Feb 26 2002 Trond Eivind Glomsrød <teg@redhat.com> 7.9.3-2
+- Rebuild
+
+* Wed Jan 23 2002 Nalin Dahyabhai <nalin@redhat.com> 7.9.3-1
+- update to 7.9.3
+
+* Wed Jan 09 2002 Tim Powers <timp@redhat.com> 7.9.2-2
+- automated rebuild
+
+* Wed Jan 9 2002 Trond Eivind Glomsrød <teg@redhat.com> 7.9.2-1
+- 7.9.2
+
+* Fri Aug 17 2001 Nalin Dahyabhai <nalin@redhat.com>
+- include curl-config in curl-devel
+- update to 7.8 to fix memory leak and strlcat() symbol pollution from libcurl
+
+* Wed Jul 18 2001 Crutcher Dunnavant <crutcher@redhat.com>
+- added openssl-devel build req
+
+* Mon May 21 2001 Tim Powers <timp@redhat.com>
+- built for the distro
+
+* Tue Apr 24 2001 Jeff Johnson <jbj@redhat.com>
+- upgrade to curl-7.7.2.
+- enable IPv6.
+
+* Fri Mar 2 2001 Tim Powers <timp@redhat.com>
+- rebuilt against openssl-0.9.6-1
+
+* Thu Jan 4 2001 Tim Powers <timp@redhat.com>
+- fixed mising ldconfigs
+- updated to 7.5.2, bug fixes
+
+* Mon Dec 11 2000 Tim Powers <timp@redhat.com>
+- updated to 7.5.1
+
+* Mon Nov 6 2000 Tim Powers <timp@redhat.com>
+- update to 7.4.1 to fix bug #20337, problems with curl -c
+- not using patch anymore, it's included in the new source. Keeping
+ for reference
+
+* Fri Oct 20 2000 Nalin Dahyabhai <nalin@redhat.com>
+- fix bogus req in -devel package
+
+* Fri Oct 20 2000 Tim Powers <timp@redhat.com>
+- devel package needed defattr so that root owns the files
+
+* Mon Oct 16 2000 Nalin Dahyabhai <nalin@redhat.com>
+- update to 7.3
+- apply vsprintf/vsnprintf patch from Colin Phipps via Debian
+
+* Mon Aug 21 2000 Nalin Dahyabhai <nalin@redhat.com>
+- enable SSL support
+- fix packager tag
+- move buildroot to %%{_tmppath}
+
+* Tue Aug 1 2000 Tim Powers <timp@redhat.com>
+- fixed vendor tag for bug #15028
+
+* Mon Jul 24 2000 Prospector <prospector@redhat.com>
+- rebuilt
+
+* Tue Jul 11 2000 Tim Powers <timp@redhat.com>
+- workaround alpha build problems with optimizations
+
+* Mon Jul 10 2000 Tim Powers <timp@redhat.com>
+- rebuilt
+
+* Mon Jun 5 2000 Tim Powers <timp@redhat.com>
+- put man pages in correct place
+- use %%makeinstall
+
+* Mon Apr 24 2000 Tim Powers <timp@redhat.com>
+- updated to 6.5.2
+
+* Wed Nov 3 1999 Tim Powers <timp@redhat.com>
+- updated sources to 6.2
+- gzip man page
+
+* Mon Aug 30 1999 Tim Powers <timp@redhat.com>
+- changed group
+
+* Thu Aug 26 1999 Tim Powers <timp@redhat.com>
+- changelog started
+- general cleanups, changed prefix to /usr, added manpage to files section
+- including in Powertools