import curl-7.15.5-9.el5_6.3 from EL-5

14 files changed, 1136 insertions, 0 deletions

diff --git a/curl-7.14.1-nousr.patch b/curl-7.14.1-nousr.patch
new file mode 100644
index 0000000..bc3b4f1
--- /dev/null
+++ b/curl-7.14.1-nousr.patch
@@ -0,0 +1,33 @@
+--- curl-7.14.1/configure.ac.orig	2005-09-01 22:29:20.000000000 +0200
++++ curl-7.14.1/configure.ac	2005-10-13 09:55:19.395539032 +0200
+@@ -813,7 +813,7 @@
+     PKGTEST="no"
+     PREFIX_OPENSSL=$OPT_SSL
+     LIB_OPENSSL="$PREFIX_OPENSSL/lib$libsuff"
+-    LDFLAGS="$LDFLAGS -L$LIB_OPENSSL"
++    #LDFLAGS="$LDFLAGS -L$LIB_OPENSSL"
+     CPPFLAGS="$CPPFLAGS -I$PREFIX_OPENSSL/include/openssl -I$PREFIX_OPENSSL/include"
+     ;;
+   esac
+@@ -867,7 +867,7 @@
+      HAVECRYPTO="yes"
+      LIBS="-lcrypto $LIBS"
+      ],[
+-     LDFLAGS="$CLEANLDFLAGS -L$LIB_OPENSSL"
++     LDFLAGS="$CLEANLDFLAGS"
+      CPPFLAGS="$CLEANCPPFLAGS -I$PREFIX_OPENSSL/include/openssl -I$PREFIX_OPENSSL/include"
+      AC_CHECK_LIB(crypto, CRYPTO_add_lock,[
+        HAVECRYPTO="yes"
+--- curl-7.14.1/lib/Makefile.am.orig	2005-03-31 09:02:03.000000000 +0200
++++ curl-7.14.1/lib/Makefile.am	2005-10-13 09:51:55.244574696 +0200
+@@ -107,8 +107,8 @@
+ 
+ install-data-hook:
+ 	@if test -n "@CURL_CA_BUNDLE@"; then \
+-	  $(mkinstalldirs) `dirname $(DESTDIR)@CURL_CA_BUNDLE@`; \
+-	  @INSTALL_DATA@ $(srcdir)/ca-bundle.crt $(DESTDIR)@CURL_CA_BUNDLE@; \
++	  $(mkinstalldirs) `dirname $(prefix)/../@CURL_CA_BUNDLE@`; \
++	  @INSTALL_DATA@ $(srcdir)/ca-bundle.crt $(prefix)/../@CURL_CA_BUNDLE@; \
+         fi
+ 
+ # this hook is mainly for non-unix systems to build even if configure
diff --git a/curl-7.15.0-curl_config-version.patch b/curl-7.15.0-curl_config-version.patch
new file mode 100644
index 0000000..c1a4fb3
--- /dev/null
+++ b/curl-7.15.0-curl_config-version.patch
@@ -0,0 +1,12 @@
+--- curl-7.15.0/configure.ac.ver	2005-11-30 13:33:54.360624896 +0100
++++ curl-7.15.0/configure.ac	2005-11-30 13:34:14.009637792 +0100
+@@ -43,7 +43,8 @@
+ 
+ dnl
+ dnl we extract the numerical version for curl-config only
+-VERSIONNUM=`$SED -ne 's/^#define LIBCURL_VERSION_NUM 0x\(.*\)/\1/p' ${srcdir}/include/curl/curlver.h`
++VERSIONNUM=`$SED  -rne 's/^#define LIBCURL_VERSION_(MAJOR|MINOR|PATCH) ([^ ]*)$/\2/p' ${srcdir}/include/curl/curlver.h | xargs -n1 printf %02x; echo`
++ 
+ AC_SUBST(VERSIONNUM)
+ 
+ dnl Solaris pkgadd support definitions
diff --git a/curl-7.15.3-multilib.patch b/curl-7.15.3-multilib.patch
new file mode 100644
index 0000000..8650913
--- /dev/null
+++ b/curl-7.15.3-multilib.patch
@@ -0,0 +1,20 @@
+--- curl-7.15.1/curl-config.in.pom	2005-09-04 20:15:24.000000000 +0200
++++ curl-7.15.1/curl-config.in	2006-03-20 14:12:04.485640816 +0100
+@@ -50,7 +50,7 @@
+ 	;;
+ 
+     --cc)
+-	echo "@CC@"
++	echo "gcc"
+ 	;;
+ 
+     --prefix)
+@@ -143,7 +143,7 @@
+        	;;
+ 
+     --libs)
+-       	echo -L@libdir@ -lcurl @LDFLAGS@ @LIBS@
++        pkg-config libcurl --libs
+        	;;
+ 
+     *)
diff --git a/curl-7.15.5-CVE-2009-0037.patch b/curl-7.15.5-CVE-2009-0037.patch
new file mode 100644
index 0000000..d23cb86
--- /dev/null
+++ b/curl-7.15.5-CVE-2009-0037.patch
@@ -0,0 +1,214 @@
+diff -pruN curl-7.15.5.orig/docs/libcurl/curl_easy_setopt.3 curl-7.15.5/docs/libcurl/curl_easy_setopt.3
+--- curl-7.15.5.orig/docs/libcurl/curl_easy_setopt.3	2006-08-02 11:33:32.000000000 +0200
++++ curl-7.15.5/docs/libcurl/curl_easy_setopt.3	2009-03-13 15:04:52.000000000 +0100
+@@ -346,6 +346,26 @@ The string given to CURLOPT_URL must be 
+ 
+ \fICURLOPT_URL\fP is the only option that \fBmust\fP be set before
+ \fIcurl_easy_perform(3)\fP is called.
++
++\fICURLOPT_PROTOCOLS\fP can be used to limit what protocols libcurl will use
++for this transfer, independent of what libcurl has been compiled to
++support. That may be useful if you accept the URL from an external source and
++want to limit the accessibility.
++.IP CURLOPT_PROTOCOLS
++Pass a long that holds a bitmask of CURLPROTO_* defines. If used, this bitmask
++limits what protocols libcurl may use in the transfer. This allows you to have
++a libcurl built to support a wide range of protocols but still limit specific
++transfers to only be allowed to use a subset of them. By default libcurl will
++accept all protocols it supports. See also
++\fICURLOPT_REDIR_PROTOCOLS\fP. (Added in 7.19.4)
++.IP CURLOPT_REDIR_PROTOCOLS
++Pass a long that holds a bitmask of CURLPROTO_* defines. If used, this bitmask
++limits what protocols libcurl may use in a transfer that it follows to in a
++redirect when \fICURLOPT_FOLLOWLOCATION\fP is enabled. This allows you to
++limit specific transfers to only be allowed to use a subset of protocols in
++redirections. By default libcurl will allow all protocols except for FILE and
++SCP. This is a difference compared to pre-7.19.4 versions which
++unconditionally would follow to all protocols supported. (Added in 7.19.4)
+ .IP CURLOPT_PROXY
+ Set HTTP proxy to use. The parameter should be a char * to a zero terminated
+ string holding the host name or dotted IP address. To specify port number in
+@@ -574,6 +594,10 @@ This means that the library will re-send
+ and follow new Location: headers all the way until no more such headers are
+ returned. \fICURLOPT_MAXREDIRS\fP can be used to limit the number of redirects
+ libcurl will follow.
++
++NOTE: since 7.19.4, libcurl can limit to what protocols it will automatically
++follow. The accepted protocols are set with \fICURLOPT_REDIR_PROTOCOLS\fP and
++it excludes the FILE protocol by default.
+ .IP CURLOPT_UNRESTRICTED_AUTH
+ A non-zero parameter tells the library it can continue to send authentication
+ (user+password) when following locations, even when hostname changed. This
+diff -pruN curl-7.15.5.orig/include/curl/curl.h curl-7.15.5/include/curl/curl.h
+--- curl-7.15.5.orig/include/curl/curl.h	2006-08-06 22:45:34.000000000 +0200
++++ curl-7.15.5/include/curl/curl.h	2009-03-13 15:04:52.000000000 +0100
+@@ -414,6 +414,19 @@ typedef enum {
+   CURLFTPMETHOD_LAST       /* not an option, never use */
+ } curl_ftpmethod;
+ 
++/* CURLPROTO_ defines are for the CURLOPT_*PROTOCOLS options */
++#define CURLPROTO_HTTP   (1<<0)
++#define CURLPROTO_HTTPS  (1<<1)
++#define CURLPROTO_FTP    (1<<2)
++#define CURLPROTO_FTPS   (1<<3)
++#define CURLPROTO_TELNET (1<<6)
++#define CURLPROTO_LDAP   (1<<7)
++#define CURLPROTO_LDAPS  (1<<8)
++#define CURLPROTO_DICT   (1<<9)
++#define CURLPROTO_FILE   (1<<10)
++#define CURLPROTO_TFTP   (1<<11)
++#define CURLPROTO_ALL    (~0) /* enable everything */
++
+ /* long may be 32 or 64 bits, but we should never depend on anything else
+    but 32 */
+ #define CURLOPTTYPE_LONG          0
+@@ -982,6 +995,18 @@ typedef enum {
+   /* Pointer to command string to send if USER/PASS fails. */
+   CINIT(FTP_ALTERNATIVE_TO_USER, OBJECTPOINT, 147),
+ 
++  /* set the bitmask for the protocols that are allowed to be used for the
++     transfer, which thus helps the app which takes URLs from users or other
++     external inputs and want to restrict what protocol(s) to deal
++     with. Defaults to CURLPROTO_ALL. */
++  CINIT(PROTOCOLS, LONG, 181),
++
++  /* set the bitmask for the protocols that libcurl is allowed to follow to,
++     as a subset of the CURLOPT_PROTOCOLS ones. That means the protocol needs
++     to be set in both bitmasks to be allowed to get redirected to. Defaults
++     to CURLPROTO_ALL & ~CURLPROTO_FILE. */
++  CINIT(REDIR_PROTOCOLS, LONG, 182),
++
+   CURLOPT_LASTENTRY /* the last unused */
+ } CURLoption;
+ 
+diff -pruN curl-7.15.5.orig/lib/url.c curl-7.15.5/lib/url.c
+--- curl-7.15.5.orig/lib/url.c	2006-08-02 20:08:06.000000000 +0200
++++ curl-7.15.5/lib/url.c	2009-03-13 15:04:52.000000000 +0100
+@@ -367,6 +367,13 @@ CURLcode Curl_open(struct SessionHandle 
+     data->set.httpauth = CURLAUTH_BASIC;  /* defaults to basic */
+     data->set.proxyauth = CURLAUTH_BASIC; /* defaults to basic */
+ 
++    /* for the *protocols fields we don't use the CURLPROTO_ALL convenience
++       define since we internally only use the lower 16 bits for the passed
++       in bitmask to not conflict with the private bits */
++    data->set.allowed_protocols = PROT_EXTMASK;
++    data->set.redir_protocols =
++      (PROT_EXTMASK & ~CURLPROTO_FILE); /* not FILE */
++
+     /* create an array with connection data struct pointers */
+     data->state.numconnects = 5; /* hard-coded right now */
+     data->state.connects = (struct connectdata **)
+@@ -1551,6 +1558,22 @@ CURLcode Curl_setopt(struct SessionHandl
+     data->set.ftp_alternative_to_user = va_arg(param, char *);
+     break;
+ 
++  case CURLOPT_PROTOCOLS:
++    /* set the bitmask for the protocols that are allowed to be used for the
++       transfer, which thus helps the app which takes URLs from users or other
++       external inputs and want to restrict what protocol(s) to deal
++       with. Defaults to CURLPROTO_ALL. */
++    data->set.allowed_protocols = va_arg(param, long) & PROT_EXTMASK;
++    break;
++
++  case CURLOPT_REDIR_PROTOCOLS:
++    /* set the bitmask for the protocols that libcurl is allowed to follow to,
++       as a subset of the CURLOPT_PROTOCOLS ones. That means the protocol needs
++       to be set in both bitmasks to be allowed to get redirected to. Defaults
++       to CURLPROTO_ALL & ~CURLPROTO_FILE. */
++    data->set.redir_protocols = va_arg(param, long) & PROT_EXTMASK;
++    break;
++
+   default:
+     /* unknown tag and its companion, just ignore: */
+     result = CURLE_FAILED_INIT; /* correct this */
+@@ -3198,8 +3221,6 @@ static CURLcode CreateConnection(struct 
+       result = Curl_Transfer(conn, -1, -1, FALSE, NULL, /* no download */
+                              -1, NULL); /* no upload */
+     }
+-
+-    return result;
+ #else
+     failf(data, LIBCURL_NAME
+           " was built with FILE disabled!");
+@@ -3249,6 +3270,17 @@ static CURLcode CreateConnection(struct 
+     failf(data, "Unsupported protocol: %s", conn->protostr);
+     return CURLE_UNSUPPORTED_PROTOCOL;
+   }
++  /* Protocol found. Check if allowed */
++  if(!(data->set.allowed_protocols & conn->protocol) ||
++    /* it is allowed for "normal" request, now do an extra check if this is
++       the result of a redirect */
++      (data->state.this_is_a_follow &&
++      !(data->set.redir_protocols & conn->protocol))) {
++    failf(data, "Unsupported protocol: %s", conn->protostr);
++    return CURLE_UNSUPPORTED_PROTOCOL;
++  }
++  if (conn->protocol & PROT_FILE)
++    return result;
+ 
+   if(data->change.proxy && *data->change.proxy) {
+     /* If this is supposed to use a proxy, we need to figure out the proxy
+diff -pruN curl-7.15.5.orig/lib/urldata.h curl-7.15.5/lib/urldata.h
+--- curl-7.15.5.orig/lib/urldata.h	2006-07-26 00:46:38.000000000 +0200
++++ curl-7.15.5/lib/urldata.h	2009-03-13 15:04:52.000000000 +0100
+@@ -563,17 +563,23 @@ struct connectdata {
+                        struct has */
+ 
+   long protocol; /* PROT_* flags concerning the protocol set */
+-#define PROT_MISSING (1<<0)
+-#define PROT_HTTP    (1<<2)
+-#define PROT_HTTPS   (1<<3)
+-#define PROT_FTP     (1<<4)
+-#define PROT_TELNET  (1<<5)
+-#define PROT_DICT    (1<<6)
+-#define PROT_LDAP    (1<<7)
+-#define PROT_FILE    (1<<8)
+-#define PROT_TFTP    (1<<11)
+-#define PROT_FTPS    (1<<9)
+-#define PROT_SSL     (1<<10) /* protocol requires SSL */
++#define PROT_HTTP    CURLPROTO_HTTP
++#define PROT_HTTPS   CURLPROTO_HTTPS
++#define PROT_FTP     CURLPROTO_FTP
++#define PROT_TELNET  CURLPROTO_TELNET
++#define PROT_DICT    CURLPROTO_DICT
++#define PROT_LDAP    CURLPROTO_LDAP
++#define PROT_FILE    CURLPROTO_FILE
++#define PROT_FTPS    CURLPROTO_FTPS
++#define PROT_TFTP    CURLPROTO_TFTP
++/* CURLPROTO_TFTP (1<<11) is currently the highest used bit in the public
++   bitmask. We make sure we use "private bits" above the first 16 to make
++   things easier. */
++
++#define PROT_EXTMASK 0xfff
++
++#define PROT_SSL     (1<<22) /* protocol requires SSL */
++#define PROT_MISSING (1<<23)
+ 
+   /* 'dns_entry' is the particular host we use. This points to an entry in the
+      DNS cache and it will not get pruned while locked. It gets unlocked in
+@@ -1147,6 +1153,8 @@ struct UserDefined {
+   bool ftp_skip_ip;      /* skip the IP address the FTP server passes on to
+                             us */
+   bool connect_only;     /* make connection, let application use the socket */
++  long allowed_protocols;
++  long redir_protocols;
+ };
+ 
+ struct Names {
+diff -pruN curl-7.15.5.orig/lib/easy.c curl-7.15.5/lib/easy.c
+--- curl-7.15.5.orig/lib/easy.c	2006-07-25 20:39:22.000000000 +0200
++++ curl-7.15.5/lib/easy.c	2009-03-13 15:04:52.000000000 +0100
+@@ -670,6 +670,13 @@ void curl_easy_reset(CURL *curl)
+   data->set.httpauth = CURLAUTH_BASIC;  /* defaults to basic */
+   data->set.proxyauth = CURLAUTH_BASIC; /* defaults to basic */
+ 
++  /* for the *protocols fields we don't use the CURLPROTO_ALL convenience
++     define since we internally only use the lower 16 bits for the passed
++     in bitmask to not conflict with the private bits */
++  data->set.allowed_protocols = PROT_EXTMASK;
++  data->set.redir_protocols =
++    (PROT_EXTMASK & ~CURLPROTO_FILE); /* not FILE */
++
+   /*
+    * libcurl 7.10 introduced SSL verification *by default*! This needs to be
+    * switched off unless wanted.
diff --git a/curl-7.15.5-CVE-2009-2417.patch b/curl-7.15.5-CVE-2009-2417.patch
new file mode 100644
index 0000000..b479d91
--- /dev/null
+++ b/curl-7.15.5-CVE-2009-2417.patch
@@ -0,0 +1,80 @@
+diff -rup curl-7.15.5.orig/lib/ssluse.c curl-7.15.5/lib/ssluse.c
+--- curl-7.15.5.orig/lib/ssluse.c	2006-07-20 22:05:54.000000000 +0200
++++ curl-7.15.5/lib/ssluse.c	2009-08-07 11:41:18.181920711 +0200
+@@ -929,7 +929,7 @@ static CURLcode verifyhost(struct connec
+       if(check->type == target) {
+         /* get data and length */
+         const char *altptr = (char *)ASN1_STRING_data(check->d.ia5);
+-        int altlen;
++        size_t altlen = (size_t) ASN1_STRING_length(check->d.ia5);
+ 
+         switch(target) {
+         case GEN_DNS: /* name/pattern comparison */
+@@ -943,14 +943,16 @@ static CURLcode verifyhost(struct connec
+              "I checked the 0.9.6 and 0.9.8 sources before my patch and
+              it always 0-terminates an IA5String."
+           */
+-          if (cert_hostcheck(altptr, conn->host.name))
++          if((altlen == strlen(altptr)) &&
++             /* if this isn't true, there was an embedded zero in the name
++                string and we cannot match it. */
++             cert_hostcheck(altptr, conn->host.name))
+             matched = TRUE;
+           break;
+ 
+         case GEN_IPADD: /* IP address comparison */
+           /* compare alternative IP address if the data chunk is the same size
+              our server IP address is */
+-          altlen = ASN1_STRING_length(check->d.ia5);
+           if((altlen == addrlen) && !memcmp(altptr, &addr, altlen))
+             matched = TRUE;
+           break;
+@@ -990,18 +992,27 @@ static CURLcode verifyhost(struct connec
+          string manually to avoid the problem. This code can be made
+          conditional in the future when OpenSSL has been fixed. Work-around
+          brought by Alexis S. L. Carvalho. */
+-      if (tmp && ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) {
+-        j = ASN1_STRING_length(tmp);
+-        if (j >= 0) {
+-          peer_CN = OPENSSL_malloc(j+1);
+-          if (peer_CN) {
+-            memcpy(peer_CN, ASN1_STRING_data(tmp), j);
+-            peer_CN[j] = '\0';
++      if(tmp) {
++        if(ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) {
++          j = ASN1_STRING_length(tmp);
++          if(j >= 0) {
++            peer_CN = OPENSSL_malloc(j+1);
++            if(peer_CN) {
++              memcpy(peer_CN, ASN1_STRING_data(tmp), j);
++              peer_CN[j] = '\0';
++            }
+           }
+         }
++        else /* not a UTF8 name */
++          j = ASN1_STRING_to_UTF8(&peer_CN, tmp);
++
++        if(peer_CN && ((int)strlen((char *)peer_CN) != j)) {
++          /* there was a terminating zero before the end of string, this
++             cannot match and we return failure! */
++          failf(data, "SSL: illegal cert name field");
++          res = CURLE_SSL_PEER_CERTIFICATE;
++        }
+       }
+-      else /* not a UTF8 name */
+-        j = ASN1_STRING_to_UTF8(&peer_CN, tmp);
+     }
+ 
+     if (peer_CN == nulstr)
+@@ -1018,7 +1029,10 @@ static CURLcode verifyhost(struct connec
+     }
+ #endif /* CURL_DOES_CONVERSIONS */
+ 
+-    if (!peer_CN) {
++    if(res)
++      /* error already detected, pass through */
++      ;
++    else if(!peer_CN) {
+       if(data->set.ssl.verifyhost > 1) {
+         failf(data,
+               "SSL: unable to obtain common name from peer certificate");
diff --git a/curl-7.15.5-CVE-2011-2192.patch b/curl-7.15.5-CVE-2011-2192.patch
new file mode 100644
index 0000000..6d36cdc
--- /dev/null
+++ b/curl-7.15.5-CVE-2011-2192.patch
@@ -0,0 +1,30 @@
+From b9c6df58e821977a0be886f6847311a4ffc7124e Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Wed, 8 Jun 2011 00:10:26 +0200
+Subject: [PATCH] Curl_input_negotiate: do not delegate GSSAPI credentials
+
+This is a security flaw. See curl advisory 20110623 for details.
+
+Reported by: Richard Silverman
+
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/http_negotiate.c |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c
+index 08064d6..4015e2f 100644
+--- a/lib/http_negotiate.c
++++ b/lib/http_negotiate.c
+@@ -216,7 +216,7 @@ int Curl_input_negotiate(struct connectdata *conn, char *header)
+                                       &neg_ctx->context,
+                                       neg_ctx->server_name,
+                                       GSS_C_NO_OID,
+-                                      GSS_C_DELEG_FLAG,
++                                      0,
+                                       0,
+                                       GSS_C_NO_CHANNEL_BINDINGS,
+                                       &input_token,
+-- 
+1.7.4.4
+
diff --git a/curl-7.15.5-bz473128.patch b/curl-7.15.5-bz473128.patch
new file mode 100644
index 0000000..4fcd6b0
--- /dev/null
+++ b/curl-7.15.5-bz473128.patch
@@ -0,0 +1,12 @@
+diff -rup curl-7.15.5.orig/docs/curl.1 curl-7.15.5/docs/curl.1
+--- curl-7.15.5.orig/docs/curl.1	2006-07-27 01:20:47.000000000 +0200
++++ curl-7.15.5/docs/curl.1	2009-10-27 13:27:18.996742031 +0100
+@@ -924,6 +924,8 @@ mutually exclusive.
+ If this option is used several times, the last one will be used. (This option
+ was previously wrongly documented and used as --socks without the number
+ appended.)
++
++This option (as well as \fI--socks4\fP) does not work with IPv6, FTPS or LDAP.
+ .IP "--stderr <file>"
+ Redirect all writes to stderr to the specified file instead. If the file name
+ is a plain '-', it is instead written to stdout. This option has no point when
diff --git a/curl-7.15.5-bz479967.patch b/curl-7.15.5-bz479967.patch
new file mode 100644
index 0000000..b530121
--- /dev/null
+++ b/curl-7.15.5-bz479967.patch
@@ -0,0 +1,12 @@
+diff -rup curl-7.15.5.orig/lib/select.c curl-7.15.5/lib/select.c
+--- curl-7.15.5.orig/lib/select.c	2006-05-05 12:24:27.000000000 +0200
++++ curl-7.15.5/lib/select.c	2009-10-27 15:17:49.144741885 +0100
+@@ -113,7 +113,7 @@ int Curl_select(curl_socket_t readfd, cu
+   if (writefd != CURL_SOCKET_BAD) {
+     if (pfd[num].revents & POLLOUT)
+       ret |= CSELECT_OUT;
+-    if (pfd[num].revents & POLLERR)
++    if (pfd[num].revents & (POLLERR|POLLHUP))
+       ret |= CSELECT_ERR;
+   }
+ 
diff --git a/curl-7.15.5-bz517084.patch b/curl-7.15.5-bz517084.patch
new file mode 100644
index 0000000..b8db8ec
--- /dev/null
+++ b/curl-7.15.5-bz517084.patch
@@ -0,0 +1,12 @@
+diff -rup curl-7.15.5.orig/src/main.c curl-7.15.5/src/main.c
+--- curl-7.15.5.orig/src/main.c	2006-07-27 01:20:48.000000000 +0200
++++ curl-7.15.5/src/main.c	2009-10-27 15:55:59.627758853 +0100
+@@ -513,6 +513,8 @@ static void help(void)
+     "    --create-dirs   Create necessary local directory hierarchy",
+     "    --crlf          Convert LF to CRLF in upload",
+     " -f/--fail          Fail silently (no output at all) on HTTP errors (H)",
++    "    --ftp-account <data> Account data to send when requested by server (F)",
++    "    --ftp-alternative-to-user <cmd> String to replace \"USER [name]\" (F)",
+     "    --ftp-create-dirs Create the remote dirs if not present (F)",
+     "    --ftp-method [multicwd/nocwd/singlecwd] Control CWD usage (F)",
+     "    --ftp-pasv      Use PASV/EPSV instead of PORT (F)",
diff --git a/curl-7.15.5-bz517199.patch b/curl-7.15.5-bz517199.patch
new file mode 100644
index 0000000..799d177
--- /dev/null
+++ b/curl-7.15.5-bz517199.patch
@@ -0,0 +1,38 @@
+diff -rup curl-7.15.5.orig/lib/http.c curl-7.15.5/lib/http.c
+--- curl-7.15.5.orig/lib/http.c	2009-08-14 13:04:26.830607819 +0200
++++ curl-7.15.5/lib/http.c	2009-08-14 13:04:46.772482970 +0200
+@@ -1967,6 +1967,14 @@ CURLcode Curl_http(struct connectdata *c
+                 te
+                 );
+ 
++    /*
++     * Free userpwd now --- cannot reuse this for Negotiate and possibly NTLM
++     * with basic and digest, it will be freed anyway by the next request
++     */
++
++    Curl_safefree (conn->allocptr.userpwd);
++    conn->allocptr.userpwd = NULL;
++
+     if(result)
+       return result;
+ 
+diff -rup curl-7.15.5.orig/lib/http_negotiate.c curl-7.15.5/lib/http_negotiate.c
+--- curl-7.15.5.orig/lib/http_negotiate.c	2009-08-14 13:04:26.846608324 +0200
++++ curl-7.15.5/lib/http_negotiate.c	2009-08-14 13:05:15.467037550 +0200
+@@ -248,7 +248,6 @@ int Curl_input_negotiate(struct connectd
+ CURLcode Curl_output_negotiate(struct connectdata *conn)
+ {
+   struct negotiatedata *neg_ctx = &conn->data->state.negotiate;
+-  OM_uint32 minor_status;
+   char *encoded = NULL;
+   int len;
+ 
+@@ -300,7 +299,7 @@ CURLcode Curl_output_negotiate(struct co
+   conn->allocptr.userpwd =
+     aprintf("Authorization: %s %s\r\n", neg_ctx->protocol, encoded);
+   free(encoded);
+-  gss_release_buffer(&minor_status, &neg_ctx->output_token);
++  Curl_cleanup_negotiate (conn->data);
+   return (conn->allocptr.userpwd == NULL) ? CURLE_OUT_OF_MEMORY : CURLE_OK;
+ }
+ 
diff --git a/curl-7.15.5-bz532069.patch b/curl-7.15.5-bz532069.patch
new file mode 100644
index 0000000..f3f682d
--- /dev/null
+++ b/curl-7.15.5-bz532069.patch
@@ -0,0 +1,159 @@
+diff -rup curl-7.15.5.orig/CHANGES curl-7.15.5/CHANGES
+--- curl-7.15.5.orig/CHANGES	2006-08-07 08:27:59.000000000 +0200
++++ curl-7.15.5/CHANGES	2009-10-30 23:42:35.373803847 +0100
+@@ -6,6 +6,16 @@
+ 
+                                   Changelog
+ 
++Daniel Stenberg (25 Sep 2009)
++- Chris Mumford filed bug report #2861587
++  (http://curl.haxx.se/bug/view.cgi?id=2861587) identifying that libcurl used
++  the OpenSSL function X509_load_crl_file() wrongly and failed if it would
++  load a CRL file with more than one certificate within. This is now fixed.
++  
++Daniel Stenberg (6 Jun 2008)
++- Axel Tillequin and Arnaud Ebalard added support for CURLOPT_CRLFILE, for
++  OpenSSL, NSS and GnuTLS-built libcurls.
++
+ Version 7.15.5 (7 August 2006)
+ 
+ Daniel (2 August 2006)
+diff -rup curl-7.15.5.orig/docs/libcurl/curl_easy_setopt.3 curl-7.15.5/docs/libcurl/curl_easy_setopt.3
+--- curl-7.15.5.orig/docs/libcurl/curl_easy_setopt.3	2009-10-30 23:41:03.845741285 +0100
++++ curl-7.15.5/docs/libcurl/curl_easy_setopt.3	2009-10-30 23:42:35.374803796 +0100
+@@ -1260,6 +1260,24 @@ makes sense only when used in combinatio
+ is zero, \fICURLOPT_CAPATH\fP need not even indicate an accessible
+ path.  The \fICURLOPT_CAPATH\fP function apparently does not work in
+ Windows due to some limitation in openssl. (Added in 7.9.8)
++.IP CURLOPT_CRLFILE
++Pass a char * to a zero terminated string naming a file with the concatenation
++of CRL (in PEM format) to use in the certificate validation that occurs during
++the SSL exchange.
++
++When curl is built to use NSS or GnuTLS, there is no way to influence the use
++of CRL passed to help in the verification process. When libcurl is built with
++OpenSSL support, X509_V_FLAG_CRL_CHECK and X509_V_FLAG_CRL_CHECK_ALL are both
++set, requiring CRL check against all the elements of the certificate chain if
++a CRL file is passed.
++
++This option makes sense only when used in combination with the
++\fICURLOPT_SSL_VERIFYPEER\fP option.
++
++A specific error code (CURLE_SSL_CRL_BADFILE) is defined with the option. It
++is returned when the SSL exchange fails because the CRL file cannot be loaded.
++Note that a failure in certificate verification due to a revocation information
++found in the CRL does not trigger this specific error.
+ .IP CURLOPT_RANDOM_FILE
+ Pass a char * to a zero terminated file name. The file will be used to read
+ from to seed the random engine for SSL. The more random the specified file is,
+diff -rup curl-7.15.5.orig/docs/libcurl/libcurl-errors.3 curl-7.15.5/docs/libcurl/libcurl-errors.3
+--- curl-7.15.5.orig/docs/libcurl/libcurl-errors.3	2006-06-24 23:49:40.000000000 +0200
++++ curl-7.15.5/docs/libcurl/libcurl-errors.3	2009-10-30 23:42:35.374803796 +0100
+@@ -208,6 +208,8 @@ No such TFTP user
+ Character conversion failed
+ .IP "CURLE_CONV_REQD (76)"
+ Caller must register conversion callbacks
++.IP "CURLE_SSL_CRL_BADFILE (82)"
++Failed to load CRL file (Added in 7.19.0)
+ .SH "CURLMcode"
+ This is the generic return code used by functions in the libcurl multi
+ interface. Also consider \fIcurl_multi_strerror(3)\fP.
+diff -rup curl-7.15.5.orig/include/curl/curl.h curl-7.15.5/include/curl/curl.h
+--- curl-7.15.5.orig/include/curl/curl.h	2009-10-30 23:41:03.846741384 +0100
++++ curl-7.15.5/include/curl/curl.h	2009-10-30 23:42:35.375803976 +0100
+@@ -339,6 +339,8 @@ typedef enum {
+                                     CURLOPT_CONV_FROM_NETWORK_FUNCTION,
+                                     CURLOPT_CONV_TO_NETWORK_FUNCTION, and
+                                     CURLOPT_CONV_FROM_UTF8_FUNCTION */
++  CURLE_SSL_CRL_BADFILE = 82,    /* 82 - could not load CRL file, missing or
++                                    wrong format (Added in 7.19.0) */
+   CURL_LAST /* never use! */
+ } CURLcode;
+ 
+@@ -995,6 +997,9 @@ typedef enum {
+   /* Pointer to command string to send if USER/PASS fails. */
+   CINIT(FTP_ALTERNATIVE_TO_USER, OBJECTPOINT, 147),
+ 
++  /* CRL file */
++  CINIT(CRLFILE, OBJECTPOINT, 169),
++
+   /* set the bitmask for the protocols that are allowed to be used for the
+      transfer, which thus helps the app which takes URLs from users or other
+      external inputs and want to restrict what protocol(s) to deal
+diff -rup curl-7.15.5.orig/lib/ssluse.c curl-7.15.5/lib/ssluse.c
+--- curl-7.15.5.orig/lib/ssluse.c	2009-10-30 23:41:03.852866415 +0100
++++ curl-7.15.5/lib/ssluse.c	2009-10-30 23:45:20.895778697 +0100
+@@ -1305,6 +1305,32 @@ Curl_ossl_connect_step1(struct connectda
+           data->set.ssl.CAfile ? data->set.ssl.CAfile : "none",
+           data->set.ssl.CApath ? data->set.ssl.CApath : "none");
+   }
++
++  if (data->set.ssl.CRLfile) {
++    /* tell SSL where to find CRL file that is used to check certificate
++     * revocation */
++    X509_LOOKUP *lookup =
++      X509_STORE_add_lookup(connssl->ctx->cert_store,X509_LOOKUP_file());
++    if ( !lookup ||
++         (!X509_load_crl_file(lookup,data->set.ssl.CRLfile,
++			     X509_FILETYPE_PEM)) ) {
++      failf(data,"error loading CRL file :\n"
++            "  CRLfile: %s\n",
++            data->set.ssl.CRLfile?
++            data->set.ssl.CRLfile: "none");
++      return CURLE_SSL_CRL_BADFILE;
++    }
++    else {
++      /* Everything is fine. */
++      infof(data, "successfully load CRL file:\n");
++      X509_STORE_set_flags(connssl->ctx->cert_store,
++			   X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
++    }
++    infof(data,
++          "  CRLfile: %s\n", data->set.ssl.CRLfile ?
++	  data->set.ssl.CRLfile: "none");
++  }
++
+   /* SSL always tries to verify the peer, this only says whether it should
+    * fail to connect if the verification fails, or if it should continue
+    * anyway. In the latter case the result of the verification is checked with
+diff -rup curl-7.15.5.orig/lib/strerror.c curl-7.15.5/lib/strerror.c
+--- curl-7.15.5.orig/lib/strerror.c	2006-08-01 11:39:01.000000000 +0200
++++ curl-7.15.5/lib/strerror.c	2009-10-30 23:42:35.376803807 +0100
+@@ -241,6 +241,9 @@ curl_easy_strerror(CURLcode error)
+   case CURLE_FTP_SSL_FAILED:
+     return "Requested FTP SSL level failed";
+ 
++  case CURLE_SSL_CRL_BADFILE:
++    return "Failed to load CRL file (path? access rights?, format?)";
++
+   case CURLE_SEND_FAIL_REWIND:
+     return "Send failed since rewinding of the data stream failed";
+ 
+diff -rup curl-7.15.5.orig/lib/url.c curl-7.15.5/lib/url.c
+--- curl-7.15.5.orig/lib/url.c	2009-10-30 23:41:03.848741261 +0100
++++ curl-7.15.5/lib/url.c	2009-10-30 23:42:35.378944509 +0100
+@@ -1360,6 +1360,13 @@ CURLcode Curl_setopt(struct SessionHandl
+     /* This does not work on windows. */
+     data->set.ssl.CApath = va_arg(param, char *);
+     break;
++  case CURLOPT_CRLFILE:
++    /*
++     * Set CRL file info for SSL connection. Specify file name of the CRL
++     * to check certificates revocation
++     */
++    data->set.ssl.CRLfile = va_arg(param, char *);
++    break;
+   case CURLOPT_TELNETOPTIONS:
+     /*
+      * Set a linked list of telnet options
+diff -rup curl-7.15.5.orig/lib/urldata.h curl-7.15.5/lib/urldata.h
+--- curl-7.15.5.orig/lib/urldata.h	2009-10-30 23:41:03.849741307 +0100
++++ curl-7.15.5/lib/urldata.h	2009-10-30 23:42:35.379944623 +0100
+@@ -171,6 +171,7 @@ struct ssl_config_data {
+                             2: CN must match hostname */
+   char *CApath;          /* DOES NOT WORK ON WINDOWS */
+   char *CAfile;          /* cerficate to verify peer against */
++  char *CRLfile;         /* CRL to check cerficate revocation */
+   char *random_file;     /* path to file containing "random" data */
+   char *egdsocket;       /* path to file containing the EGD daemon socket */
+   char *cipher_list;     /* list of ciphers to use */
diff --git a/curl-7.15.5-bz563220.patch b/curl-7.15.5-bz563220.patch
new file mode 100644
index 0000000..e9d7f88
--- /dev/null
+++ b/curl-7.15.5-bz563220.patch
@@ -0,0 +1,13 @@
+diff --git a/lib/content_encoding.c b/lib/content_encoding.c
+index fd27f30..7be16b0 100644
+--- a/lib/content_encoding.c
++++ b/lib/content_encoding.c
+@@ -40,7 +40,7 @@
+    (doing so will reduce code size slightly). */
+ #define OLD_ZLIB_SUPPORT 1
+ 
+-#define DSIZ 0x10000             /* buffer size for decompressed data */
++#define DSIZ CURL_MAX_WRITE_SIZE /* buffer size for decompressed data */
+ 
+ #define GZIP_MAGIC_0 0x1f
+ #define GZIP_MAGIC_1 0x8b
diff --git a/curl-7.15.5-bz655073.patch b/curl-7.15.5-bz655073.patch
new file mode 100644
index 0000000..82199bd
--- /dev/null
+++ b/curl-7.15.5-bz655073.patch
@@ -0,0 +1,71 @@
+From ab76eba3c4dcb076f33ae3b6a8ce3fab98bad9d5 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Sun, 23 Jan 2011 16:42:31 +0100
+Subject: [PATCH] ldap: bz#655073
+
+Patch originally written by Pierre Carrier.
+---
+ lib/ldap.c |   26 ++++++++++++++++++++++++--
+ 1 files changed, 24 insertions(+), 2 deletions(-)
+
+diff --git a/lib/ldap.c b/lib/ldap.c
+index 5b845a4..69b8aa9 100644
+--- a/lib/ldap.c
++++ b/lib/ldap.c
+@@ -63,6 +63,7 @@
+ #include "ldap.h"
+ #include "memory.h"
+ #include "base64.h"
++#include "http.h"
+ 
+ #define _MPRINTF_REPLACE /* use our functions only */
+ #include <curl/mprintf.h>
+@@ -253,6 +254,7 @@ CURLcode Curl_ldap(struct connectdata *conn, bool *done)
+   void   (*ldap_free_urldesc)(void *);
+ #endif
+   void  *(__cdecl *ldap_init)(char *, int);
++  int    (__cdecl *ldap_init_fd)(int, int, char *, void *);
+   int    (__cdecl *ldap_simple_bind_s)(void *, char *, char *);
+   int    (__cdecl *ldap_unbind_s)(void *);
+   int    (__cdecl *ldap_search_s)(void *, char *, int, char *, char **,
+@@ -269,7 +271,7 @@ CURLcode Curl_ldap(struct connectdata *conn, bool *done)
+   void   (__cdecl *ber_free)(void *, int);
+   int    (__cdecl *ldap_set_option)(void *, int, void *);
+ 
+-  void *server;
++  void *server = NULL;
+   LDAPURLDesc *ludp = NULL;
+   const char *mod_name;
+   void *result;
+@@ -316,7 +318,27 @@ CURLcode Curl_ldap(struct connectdata *conn, bool *done)
+   DYNA_GET_FUNCTION(void (__cdecl *)(void *, int), ber_free);
+   DYNA_GET_FUNCTION(int (__cdecl *)(void *, int, void *), ldap_set_option);
+ 
+-  server = (*ldap_init)(conn->host.name, (int)conn->port);
++  if(conn->bits.tunnel_proxy && conn->bits.httpproxy) {
++    /* for LDAP over HTTP proxy */
++    ldap_init_fd = (int (__cdecl *)(int, int, char *, void *))
++                   DynaGetFunction("ldap_init_fd");
++    if(!ldap_init_fd) {
++      failf(data, "Cannot use ldap_init_fd (%s), your openldap version is "
++                  "probably too old for HTTP proxying", dlerror());
++      status = CURLE_COULDNT_CONNECT;
++      goto quit;
++    }
++    if(CURLE_OK != Curl_proxyCONNECT(conn, FIRSTSOCKET, conn->host.name,
++                                     conn->remote_port)) {
++      status = CURLE_COULDNT_CONNECT;
++      goto quit;
++    }
++    if((*ldap_init_fd)(conn->sock[FIRSTSOCKET], /* LDAP_PROTO_TCP */1, NULL,
++                       &server))
++      server = NULL;
++  } else {
++    server = (*ldap_init)(conn->host.name, (int)conn->port);
++  }
+   if (server == NULL) {
+     failf(data, "LDAP local: Cannot connect to %s:%d",
+           conn->host.name, conn->port);
+-- 
+1.7.3.4
+
diff --git a/curl.spec b/curl.spec
new file mode 100644
index 0000000..0cbf4ea
--- /dev/null
+++ b/curl.spec
@@ -0,0 +1,430 @@
+Summary: A utility for getting files from remote servers (FTP, HTTP, and others).
+Name: curl 
+Version: 7.15.5
+Release: 9%{?dist}.3
+License: MIT
+Group: Applications/Internet
+Source: http://curl.haxx.se/download/%{name}-%{version}.tar.bz2
+Patch0: curl-7.14.1-nousr.patch
+Patch1: curl-7.15.0-curl_config-version.patch
+Patch2: curl-7.15.3-multilib.patch
+Patch3: curl-7.15.5-CVE-2009-0037.patch
+Patch4: curl-7.15.5-CVE-2009-2417.patch
+Patch5: curl-7.15.5-bz473128.patch
+Patch6: curl-7.15.5-bz479967.patch
+Patch7: curl-7.15.5-bz517084.patch
+Patch8: curl-7.15.5-bz517199.patch
+Patch9: curl-7.15.5-bz532069.patch
+Patch10: curl-7.15.5-bz563220.patch
+Patch11: curl-7.15.5-bz655073.patch
+Patch12: curl-7.15.5-CVE-2011-2192.patch
+URL: http://curl.haxx.se/
+BuildRoot: %{_tmppath}/%{name}-%{version}-root
+BuildRequires: openssl-devel, libtool, pkgconfig, libidn-devel
+Requires: openssl
+
+%description
+cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and
+Dict servers, using any of the supported protocols. cURL is designed
+to work without user interaction or any kind of interactivity. cURL
+offers many useful capabilities, like proxy support, user
+authentication, FTP upload, HTTP post, and file transfer resume.
+
+%package devel
+Group: Development/Libraries
+Requires: %{name} = %{version}-%{release}, openssl-devel, libidn-devel
+Summary: Files needed for building applications with libcurl.
+
+%description devel
+cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and
+Dict servers, using any of the supported protocols. The curl-devel
+package includes files needed for developing applications which can
+use cURL's capabilities internally.
+
+%prep
+rm -rf $RPM_BUILD_ROOT
+
+%setup -q 
+%patch0 -p1 -b .nousr
+%patch1 -p1 -b .ver
+%patch2 -p1 -b .multilib
+%patch3 -p1 -b .CVE-2009-0037
+%patch4 -p1 -b .CVE-2009-2417
+%patch5 -p1 -b .bz473128
+%patch6 -p1 -b .bz479967
+%patch7 -p1 -b .bz517084
+%patch8 -p1 -b .bz517199
+%patch9 -p1 -b .bz532069
+%patch10 -p1 -b .bz563220
+%patch11 -p1 -b .bz655073
+%patch12 -p1 -b .CVE-2011-2192
+
+%build
+aclocal
+libtoolize --force
+./reconf
+
+if pkg-config openssl ; then
+	CPPFLAGS=`pkg-config --cflags openssl`; export CPPFLAGS
+	LDFLAGS=`pkg-config --libs openssl`; export LDFLAGS
+fi
+%configure --with-ssl=/usr --enable-ipv6 \
+       --with-ca-bundle=%{_sysconfdir}/pki/tls/certs/ca-bundle.crt \
+       --with-gssapi=/usr/kerberos --with-libidn
+make
+
+%install
+rm -rf $RPM_BUILD_ROOT
+%makeinstall
+rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
+
+
+# don't need curl's copy of the certs; use openssl's
+find ${RPM_BUILD_ROOT} -name ca-bundle.crt -exec rm -f '{}' \;
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%post
+/sbin/ldconfig
+
+%postun
+/sbin/ldconfig
+
+%files
+%defattr(-,root,root)
+%doc CHANGES README* COPYING
+%doc docs/BUGS docs/FAQ docs/FEATURES
+%doc docs/MANUAL docs/RESOURCES
+%doc docs/TheArtOfHttpScripting docs/TODO
+%{_bindir}/curl
+%{_mandir}/man1/curl.1*
+%{_libdir}/libcurl.so.*
+#%{_datadir}/ssl/certs/ca-bundle.crt
+
+%files devel
+%defattr(-,root,root)
+%doc docs/examples/*.c docs/examples/Makefile.example docs/INTERNALS
+%{_bindir}/curl-config*
+%{_includedir}/curl
+%{_libdir}/*.a
+%{_libdir}/*.so
+%{_libdir}/pkgconfig/*.pc
+%{_mandir}/man1/curl-config.1*
+%{_mandir}/man3/*
+
+%changelog
+* Thu Jun 23 2011 Kamil Dudka <kdudka@redhat.com> 7.15.5-9.el5_6.3
+- do not delegate GSSAPI credentials (CVE-2011-2192)
+
+* Mon Jan 24 2011 Kamil Dudka <kdudka@redhat.com> - 7.15.5-9.el5_6.2
+- avoid use of uninitialized variable on failure of a LDAP request (#670523)
+
+* Tue Jan 18 2011 Kamil Dudka <kdudka@redhat.com> - 7.15.5-9.el5_6.1
+- proxy tunnel support for LDAP requests (#670523)
+
+* Mon Feb 15 2010 Kamil Dudka <kdudka@redhat.com> - 7.15.5-9
+- http://curl.haxx.se/docs/adv_20100209.html (#565408)
+
+* Tue Oct 27 2009 Kamil Dudka <kdudka@redhat.com> - 7.15.5-8
+- mention lack of IPv6, FTPS and LDAP support while using a socks proxy
+  (#473128)
+- avoid tight loop if an upload connection is broken (#479967)
+- add options --ftp-account and --ftp-alternative-to-user to program help
+  (#517084)
+- fix crash when reusing connection after negotiate-auth (#517199)
+- support for CRL loading from a PEM file (#532069)
+
+* Tue Aug 11 2009 Jindrich Novy <jnovy@redhat.com> - 7.15.5-7
+- sync patch for CVE-2007-0037 with 5.3.Z
+Related: #485290
+
+* Mon Aug 10 2009 Kamil Dudka <kdudka@redhat.com> - 7.15.5-6
+- fix CVE-2009-2417
+Resolves: #516258
+
+* Tue Mar 10 2009 Jindrich Novy <jnovy@redhat.com> - 7.15.5-5
+- forwardport one hunk from upstream curl-7.15.1
+Related: #485290
+
+* Fri Mar 06 2009 Jindrich Novy <jnovy@redhat.com> - 7.15.5-4
+- fix hunk applied to wrong place due to nonzero patch fuzz
+Related: #485290
+
+* Tue Mar 03 2009 Jindrich Novy <jnovy@redhat.com> - 7.15.5-3
+- fix CVE-2007-0037
+Resolves: #485290
+
+* Tue Jan 16 2007 Jindrich Novy <jnovy@redhat.com> - 7.15.5-2
+- don't package generated makefiles for docs/examples to avoid
+  multiarch conflicts (#222718)
+
+* Thu Aug 24 2006 Jindrich Novy <jnovy@redhat.com> - 7.15.5-1.fc6
+- update to curl-7.15.5
+- use %%{?dist}
+
+* Fri Jun 30 2006 Ivana Varekova <varekova@redhat.com> - 7.15.4-1
+- update to 7.15.4
+
+* Mon Mar 20 2006 Ivana Varekova <varekova@redhat.com> - 7.15.3-1
+- fix multilib problem using pkg-config
+- update to 7.15.3
+
+* Thu Feb 23 2006 Ivana Varekova <varekova@redhat.com> - 7.15.1-2
+- fix multilib problem - #181290 - 
+  curl-devel.i386 not installable together with curl-devel.x86-64
+
+* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 7.15.1-1.2.1
+- bump again for double-long bug on ppc(64)
+
+* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 7.15.1-1.2
+- rebuilt for new gcc4.1 snapshot and glibc changes
+
+* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
+- rebuilt
+
+* Thu Dec  8 2005 Ivana Varekova <varekova@redhat.com> 7.15.1-1
+- update to 7.15.1 (bug 175191)
+
+* Wed Nov 30 2005 Ivana Varekova <varekova@redhat.com> 7.15.0-3
+- fix curl-config bug 174556 - missing vernum value
+
+* Wed Nov  9 2005 Ivana Varekova <varekova@redhat.com> 7.15.0-2
+- rebuilt
+
+* Tue Oct 18 2005 Ivana Varekova <varekova@redhat.com> 7.15.0-1
+- update to 7.15.0
+
+* Thu Oct 13 2005 Ivana Varekova <varekova@redhat.com> 7.14.1-1
+- update to 7.14.1
+
+* Thu Jun 16 2005 Ivana Varekova <varekova@redhat.com> 7.14.0-1
+- rebuild new version 
+
+* Tue May 03 2005 Ivana Varekova <varekova@redhat.com> 7.13.1-3
+- fix bug 150768 - curl-7.12.3-2 breaks basic authentication
+  used Daniel Stenberg patch 
+
+* Mon Apr 25 2005 Joe Orton <jorton@redhat.com> 7.13.1-2
+- update to use ca-bundle in /etc/pki
+- mark License as MIT not MPL
+
+* Mon Mar  9 2005 Ivana Varekova <varekova@redhat.com> 7.13.1-1
+- rebuilt (7.13.1)
+
+* Tue Mar  1 2005 Tomas Mraz <tmraz@redhat.com> 7.13.0-2
+- rebuild with openssl-0.9.7e
+
+* Sun Feb 13 2005 Florian La Roche <laroche@redhat.com>
+- 7.13.0
+
+* Wed Feb  9 2005 Joe Orton <jorton@redhat.com> 7.12.3-3
+- don't pass /usr to --with-libidn to remove "-L/usr/lib" from
+  'curl-config --libs' output on x86_64.
+
+* Fri Jan 28 2005 Adrian Havill <havill@redhat.com> 7.12.3-1
+- Upgrade to 7.12.3, which uses poll() for FDSETSIZE limit (#134794)
+- require libidn-devel for devel subpkg (#141341)
+- remove proftpd kludge; included upstream
+
+* Wed Oct 06 2004 Adrian Havill <havill@redhat.com> 7.12.1-1
+- upgrade to 7.12.1
+- enable GSSAPI auth (#129353)
+- enable I18N domain names (#134595)
+- workaround for broken ProFTPD SSL auth (#134133). Thanks to
+  Aleksandar Milivojevic
+
+* Wed Sep 29 2004 Adrian Havill <havill@redhat.com> 7.12.0-4
+- move new docs position so defattr gets applied
+
+* Mon Sep 27 2004 Warren Togami <wtogami@redhat.com> 7.12.0-3
+- remove INSTALL, move libcurl docs to -devel
+
+* Fri Jul 26 2004 Jindrich Novy <jnovy@redhat.com>
+- updated to 7.12.0
+- updated nousr patch
+
+* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
+- rebuilt
+
+* Wed Apr 07 2004 Adrian Havill <havill@redhat.com> 7.11.1-1
+- upgraded; updated nousr patch
+- added COPYING (#115956)
+- 
+
+* Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com>
+- rebuilt
+
+* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
+- rebuilt
+
+* Sat Jan 31 2004 Florian La Roche <Florian.LaRoche@redhat.de>
+- update to 7.10.8
+- remove patch2, already upstream
+
+* Wed Oct 15 2003 Adrian Havill <havill@redhat.com> 7.10.6-7
+- aclocal before libtoolize
+- move OpenLDAP license so it's present as a doc file, present in
+  both the source and binary as per conditions
+
+* Mon Oct 13 2003 Adrian Havill <havill@redhat.com> 7.10.6-6
+- add OpenLDAP copyright notice for usage of code, add OpenLDAP
+  license for this code
+
+* Tue Oct 07 2003 Adrian Havill <havill@redhat.com> 7.10.6-5
+- match serverAltName certs with SSL (#106168)
+
+* Mon Sep 16 2003 Adrian Havill <havill@redhat.com> 7.10.6-4.1
+- bump n-v-r for RHEL
+
+* Mon Sep 16 2003 Adrian Havill <havill@redhat.com> 7.10.6-4
+- restore ca cert bundle (#104400)
+- require openssl, we want to use its ca-cert bundle
+
+* Sun Sep  7 2003 Joe Orton <jorton@redhat.com> 7.10.6-3
+- rebuild
+
+* Fri Sep  5 2003 Joe Orton <jorton@redhat.com> 7.10.6-2.2
+- fix to include libcurl.so
+
+* Mon Aug 25 2003 Adrian Havill <havill@redhat.com> 7.10.6-2.1
+- bump n-v-r for RHEL
+
+* Mon Aug 25 2003 Adrian Havill <havill@redhat.com> 7.10.6-2
+- devel subpkg needs openssl-devel as a Require (#102963)
+
+* Tue Jul 28 2003 Adrian Havill <havill@redhat.com> 7.10.6-1
+- bumped version
+
+* Tue Jul 01 2003 Adrian Havill <havill@redhat.com> 7.10.5-1
+- bumped version
+
+* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
+- rebuilt
+
+* Sat Apr 12 2003 Florian La Roche <Florian.LaRoche@redhat.de>
+- update to 7.10.4
+- adapt nousr patch
+
+* Wed Jan 22 2003 Tim Powers <timp@redhat.com>
+- rebuilt
+
+* Tue Jan 21 2003 Joe Orton <jorton@redhat.com> 7.9.8-4
+- don't add -L/usr/lib to 'curl-config --libs' output
+
+* Mon Jan  7 2003 Nalin Dahyabhai <nalin@redhat.com> 7.9.8-3
+- rebuild
+
+* Wed Nov  6 2002 Joe Orton <jorton@redhat.com> 7.9.8-2
+- fix `curl-config --libs` output for libdir!=/usr/lib
+- remove docs/LIBCURL from docs list; remove unpackaged libcurl.la
+- libtoolize and reconf
+
+* Mon Jul 22 2002 Trond Eivind Glomsrød <teg@redhat.com> 7.9.8-1
+- 7.9.8 (# 69473)
+
+* Fri Jun 21 2002 Tim Powers <timp@redhat.com>
+- automated rebuild
+
+* Sun May 26 2002 Tim Powers <timp@redhat.com>
+- automated rebuild
+
+* Thu May 16 2002 Trond Eivind Glomsrød <teg@redhat.com> 7.9.7-1
+- 7.9.7
+
+* Wed Apr 24 2002 Trond Eivind Glomsrød <teg@redhat.com> 7.9.6-1
+- 7.9.6
+
+* Thu Mar 21 2002 Trond Eivind Glomsrød <teg@redhat.com> 7.9.5-2
+- Stop the curl-config script from printing -I/usr/include 
+  and -L/usr/lib (#59497)
+
+* Fri Mar  8 2002 Trond Eivind Glomsrød <teg@redhat.com> 7.9.5-1
+- 7.9.5
+
+* Tue Feb 26 2002 Trond Eivind Glomsrød <teg@redhat.com> 7.9.3-2
+- Rebuild
+
+* Wed Jan 23 2002 Nalin Dahyabhai <nalin@redhat.com> 7.9.3-1
+- update to 7.9.3
+
+* Wed Jan 09 2002 Tim Powers <timp@redhat.com> 7.9.2-2
+- automated rebuild
+
+* Wed Jan  9 2002 Trond Eivind Glomsrød <teg@redhat.com> 7.9.2-1
+- 7.9.2
+
+* Fri Aug 17 2001 Nalin Dahyabhai <nalin@redhat.com>
+- include curl-config in curl-devel
+- update to 7.8 to fix memory leak and strlcat() symbol pollution from libcurl
+
+* Wed Jul 18 2001 Crutcher Dunnavant <crutcher@redhat.com>
+- added openssl-devel build req
+
+* Mon May 21 2001 Tim Powers <timp@redhat.com>
+- built for the distro
+
+* Tue Apr 24 2001 Jeff Johnson <jbj@redhat.com>
+- upgrade to curl-7.7.2.
+- enable IPv6.
+
+* Fri Mar  2 2001 Tim Powers <timp@redhat.com>
+- rebuilt against openssl-0.9.6-1
+
+* Thu Jan  4 2001 Tim Powers <timp@redhat.com>
+- fixed mising ldconfigs
+- updated to 7.5.2, bug fixes
+
+* Mon Dec 11 2000 Tim Powers <timp@redhat.com>
+- updated to 7.5.1
+
+* Mon Nov  6 2000 Tim Powers <timp@redhat.com>
+- update to 7.4.1 to fix bug #20337, problems with curl -c
+- not using patch anymore, it's included in the new source. Keeping
+  for reference
+
+* Fri Oct 20 2000 Nalin Dahyabhai <nalin@redhat.com>
+- fix bogus req in -devel package
+
+* Fri Oct 20 2000 Tim Powers <timp@redhat.com> 
+- devel package needed defattr so that root owns the files
+
+* Mon Oct 16 2000 Nalin Dahyabhai <nalin@redhat.com>
+- update to 7.3
+- apply vsprintf/vsnprintf patch from Colin Phipps via Debian
+
+* Mon Aug 21 2000 Nalin Dahyabhai <nalin@redhat.com>
+- enable SSL support
+- fix packager tag
+- move buildroot to %%{_tmppath}
+
+* Tue Aug 1 2000 Tim Powers <timp@redhat.com>
+- fixed vendor tag for bug #15028
+
+* Mon Jul 24 2000 Prospector <prospector@redhat.com>
+- rebuilt
+
+* Tue Jul 11 2000 Tim Powers <timp@redhat.com>
+- workaround alpha build problems with optimizations
+
+* Mon Jul 10 2000 Tim Powers <timp@redhat.com>
+- rebuilt
+
+* Mon Jun 5 2000 Tim Powers <timp@redhat.com>
+- put man pages in correct place
+- use %%makeinstall
+
+* Mon Apr 24 2000 Tim Powers <timp@redhat.com>
+- updated to 6.5.2
+
+* Wed Nov 3 1999 Tim Powers <timp@redhat.com>
+- updated sources to 6.2
+- gzip man page
+
+* Mon Aug 30 1999 Tim Powers <timp@redhat.com>
+- changed group
+
+* Thu Aug 26 1999 Tim Powers <timp@redhat.com>
+- changelog started
+- general cleanups, changed prefix to /usr, added manpage to files section
+- including in Powertools