diff options
-rw-r--r-- | curl-7.14.1-nousr.patch | 33 | ||||
-rw-r--r-- | curl-7.15.0-curl_config-version.patch | 12 | ||||
-rw-r--r-- | curl-7.15.3-multilib.patch | 20 | ||||
-rw-r--r-- | curl-7.15.5-CVE-2009-0037.patch | 214 | ||||
-rw-r--r-- | curl-7.15.5-CVE-2009-2417.patch | 80 | ||||
-rw-r--r-- | curl-7.15.5-CVE-2011-2192.patch | 30 | ||||
-rw-r--r-- | curl-7.15.5-bz473128.patch | 12 | ||||
-rw-r--r-- | curl-7.15.5-bz479967.patch | 12 | ||||
-rw-r--r-- | curl-7.15.5-bz517084.patch | 12 | ||||
-rw-r--r-- | curl-7.15.5-bz517199.patch | 38 | ||||
-rw-r--r-- | curl-7.15.5-bz532069.patch | 159 | ||||
-rw-r--r-- | curl-7.15.5-bz563220.patch | 13 | ||||
-rw-r--r-- | curl-7.15.5-bz655073.patch | 71 | ||||
-rw-r--r-- | curl.spec | 430 |
14 files changed, 1136 insertions, 0 deletions
diff --git a/curl-7.14.1-nousr.patch b/curl-7.14.1-nousr.patch new file mode 100644 index 0000000..bc3b4f1 --- /dev/null +++ b/curl-7.14.1-nousr.patch @@ -0,0 +1,33 @@ +--- curl-7.14.1/configure.ac.orig 2005-09-01 22:29:20.000000000 +0200 ++++ curl-7.14.1/configure.ac 2005-10-13 09:55:19.395539032 +0200 +@@ -813,7 +813,7 @@ + PKGTEST="no" + PREFIX_OPENSSL=$OPT_SSL + LIB_OPENSSL="$PREFIX_OPENSSL/lib$libsuff" +- LDFLAGS="$LDFLAGS -L$LIB_OPENSSL" ++ #LDFLAGS="$LDFLAGS -L$LIB_OPENSSL" + CPPFLAGS="$CPPFLAGS -I$PREFIX_OPENSSL/include/openssl -I$PREFIX_OPENSSL/include" + ;; + esac +@@ -867,7 +867,7 @@ + HAVECRYPTO="yes" + LIBS="-lcrypto $LIBS" + ],[ +- LDFLAGS="$CLEANLDFLAGS -L$LIB_OPENSSL" ++ LDFLAGS="$CLEANLDFLAGS" + CPPFLAGS="$CLEANCPPFLAGS -I$PREFIX_OPENSSL/include/openssl -I$PREFIX_OPENSSL/include" + AC_CHECK_LIB(crypto, CRYPTO_add_lock,[ + HAVECRYPTO="yes" +--- curl-7.14.1/lib/Makefile.am.orig 2005-03-31 09:02:03.000000000 +0200 ++++ curl-7.14.1/lib/Makefile.am 2005-10-13 09:51:55.244574696 +0200 +@@ -107,8 +107,8 @@ + + install-data-hook: + @if test -n "@CURL_CA_BUNDLE@"; then \ +- $(mkinstalldirs) `dirname $(DESTDIR)@CURL_CA_BUNDLE@`; \ +- @INSTALL_DATA@ $(srcdir)/ca-bundle.crt $(DESTDIR)@CURL_CA_BUNDLE@; \ ++ $(mkinstalldirs) `dirname $(prefix)/../@CURL_CA_BUNDLE@`; \ ++ @INSTALL_DATA@ $(srcdir)/ca-bundle.crt $(prefix)/../@CURL_CA_BUNDLE@; \ + fi + + # this hook is mainly for non-unix systems to build even if configure diff --git a/curl-7.15.0-curl_config-version.patch b/curl-7.15.0-curl_config-version.patch new file mode 100644 index 0000000..c1a4fb3 --- /dev/null +++ b/curl-7.15.0-curl_config-version.patch @@ -0,0 +1,12 @@ +--- curl-7.15.0/configure.ac.ver 2005-11-30 13:33:54.360624896 +0100 ++++ curl-7.15.0/configure.ac 2005-11-30 13:34:14.009637792 +0100 +@@ -43,7 +43,8 @@ + + dnl + dnl we extract the numerical version for curl-config only +-VERSIONNUM=`$SED -ne 's/^#define LIBCURL_VERSION_NUM 0x\(.*\)/\1/p' ${srcdir}/include/curl/curlver.h` ++VERSIONNUM=`$SED -rne 's/^#define LIBCURL_VERSION_(MAJOR|MINOR|PATCH) ([^ ]*)$/\2/p' ${srcdir}/include/curl/curlver.h | xargs -n1 printf %02x; echo` ++ + AC_SUBST(VERSIONNUM) + + dnl Solaris pkgadd support definitions diff --git a/curl-7.15.3-multilib.patch b/curl-7.15.3-multilib.patch new file mode 100644 index 0000000..8650913 --- /dev/null +++ b/curl-7.15.3-multilib.patch @@ -0,0 +1,20 @@ +--- curl-7.15.1/curl-config.in.pom 2005-09-04 20:15:24.000000000 +0200 ++++ curl-7.15.1/curl-config.in 2006-03-20 14:12:04.485640816 +0100 +@@ -50,7 +50,7 @@ + ;; + + --cc) +- echo "@CC@" ++ echo "gcc" + ;; + + --prefix) +@@ -143,7 +143,7 @@ + ;; + + --libs) +- echo -L@libdir@ -lcurl @LDFLAGS@ @LIBS@ ++ pkg-config libcurl --libs + ;; + + *) diff --git a/curl-7.15.5-CVE-2009-0037.patch b/curl-7.15.5-CVE-2009-0037.patch new file mode 100644 index 0000000..d23cb86 --- /dev/null +++ b/curl-7.15.5-CVE-2009-0037.patch @@ -0,0 +1,214 @@ +diff -pruN curl-7.15.5.orig/docs/libcurl/curl_easy_setopt.3 curl-7.15.5/docs/libcurl/curl_easy_setopt.3 +--- curl-7.15.5.orig/docs/libcurl/curl_easy_setopt.3 2006-08-02 11:33:32.000000000 +0200 ++++ curl-7.15.5/docs/libcurl/curl_easy_setopt.3 2009-03-13 15:04:52.000000000 +0100 +@@ -346,6 +346,26 @@ The string given to CURLOPT_URL must be + + \fICURLOPT_URL\fP is the only option that \fBmust\fP be set before + \fIcurl_easy_perform(3)\fP is called. ++ ++\fICURLOPT_PROTOCOLS\fP can be used to limit what protocols libcurl will use ++for this transfer, independent of what libcurl has been compiled to ++support. That may be useful if you accept the URL from an external source and ++want to limit the accessibility. ++.IP CURLOPT_PROTOCOLS ++Pass a long that holds a bitmask of CURLPROTO_* defines. If used, this bitmask ++limits what protocols libcurl may use in the transfer. This allows you to have ++a libcurl built to support a wide range of protocols but still limit specific ++transfers to only be allowed to use a subset of them. By default libcurl will ++accept all protocols it supports. See also ++\fICURLOPT_REDIR_PROTOCOLS\fP. (Added in 7.19.4) ++.IP CURLOPT_REDIR_PROTOCOLS ++Pass a long that holds a bitmask of CURLPROTO_* defines. If used, this bitmask ++limits what protocols libcurl may use in a transfer that it follows to in a ++redirect when \fICURLOPT_FOLLOWLOCATION\fP is enabled. This allows you to ++limit specific transfers to only be allowed to use a subset of protocols in ++redirections. By default libcurl will allow all protocols except for FILE and ++SCP. This is a difference compared to pre-7.19.4 versions which ++unconditionally would follow to all protocols supported. (Added in 7.19.4) + .IP CURLOPT_PROXY + Set HTTP proxy to use. The parameter should be a char * to a zero terminated + string holding the host name or dotted IP address. To specify port number in +@@ -574,6 +594,10 @@ This means that the library will re-send + and follow new Location: headers all the way until no more such headers are + returned. \fICURLOPT_MAXREDIRS\fP can be used to limit the number of redirects + libcurl will follow. ++ ++NOTE: since 7.19.4, libcurl can limit to what protocols it will automatically ++follow. The accepted protocols are set with \fICURLOPT_REDIR_PROTOCOLS\fP and ++it excludes the FILE protocol by default. + .IP CURLOPT_UNRESTRICTED_AUTH + A non-zero parameter tells the library it can continue to send authentication + (user+password) when following locations, even when hostname changed. This +diff -pruN curl-7.15.5.orig/include/curl/curl.h curl-7.15.5/include/curl/curl.h +--- curl-7.15.5.orig/include/curl/curl.h 2006-08-06 22:45:34.000000000 +0200 ++++ curl-7.15.5/include/curl/curl.h 2009-03-13 15:04:52.000000000 +0100 +@@ -414,6 +414,19 @@ typedef enum { + CURLFTPMETHOD_LAST /* not an option, never use */ + } curl_ftpmethod; + ++/* CURLPROTO_ defines are for the CURLOPT_*PROTOCOLS options */ ++#define CURLPROTO_HTTP (1<<0) ++#define CURLPROTO_HTTPS (1<<1) ++#define CURLPROTO_FTP (1<<2) ++#define CURLPROTO_FTPS (1<<3) ++#define CURLPROTO_TELNET (1<<6) ++#define CURLPROTO_LDAP (1<<7) ++#define CURLPROTO_LDAPS (1<<8) ++#define CURLPROTO_DICT (1<<9) ++#define CURLPROTO_FILE (1<<10) ++#define CURLPROTO_TFTP (1<<11) ++#define CURLPROTO_ALL (~0) /* enable everything */ ++ + /* long may be 32 or 64 bits, but we should never depend on anything else + but 32 */ + #define CURLOPTTYPE_LONG 0 +@@ -982,6 +995,18 @@ typedef enum { + /* Pointer to command string to send if USER/PASS fails. */ + CINIT(FTP_ALTERNATIVE_TO_USER, OBJECTPOINT, 147), + ++ /* set the bitmask for the protocols that are allowed to be used for the ++ transfer, which thus helps the app which takes URLs from users or other ++ external inputs and want to restrict what protocol(s) to deal ++ with. Defaults to CURLPROTO_ALL. */ ++ CINIT(PROTOCOLS, LONG, 181), ++ ++ /* set the bitmask for the protocols that libcurl is allowed to follow to, ++ as a subset of the CURLOPT_PROTOCOLS ones. That means the protocol needs ++ to be set in both bitmasks to be allowed to get redirected to. Defaults ++ to CURLPROTO_ALL & ~CURLPROTO_FILE. */ ++ CINIT(REDIR_PROTOCOLS, LONG, 182), ++ + CURLOPT_LASTENTRY /* the last unused */ + } CURLoption; + +diff -pruN curl-7.15.5.orig/lib/url.c curl-7.15.5/lib/url.c +--- curl-7.15.5.orig/lib/url.c 2006-08-02 20:08:06.000000000 +0200 ++++ curl-7.15.5/lib/url.c 2009-03-13 15:04:52.000000000 +0100 +@@ -367,6 +367,13 @@ CURLcode Curl_open(struct SessionHandle + data->set.httpauth = CURLAUTH_BASIC; /* defaults to basic */ + data->set.proxyauth = CURLAUTH_BASIC; /* defaults to basic */ + ++ /* for the *protocols fields we don't use the CURLPROTO_ALL convenience ++ define since we internally only use the lower 16 bits for the passed ++ in bitmask to not conflict with the private bits */ ++ data->set.allowed_protocols = PROT_EXTMASK; ++ data->set.redir_protocols = ++ (PROT_EXTMASK & ~CURLPROTO_FILE); /* not FILE */ ++ + /* create an array with connection data struct pointers */ + data->state.numconnects = 5; /* hard-coded right now */ + data->state.connects = (struct connectdata **) +@@ -1551,6 +1558,22 @@ CURLcode Curl_setopt(struct SessionHandl + data->set.ftp_alternative_to_user = va_arg(param, char *); + break; + ++ case CURLOPT_PROTOCOLS: ++ /* set the bitmask for the protocols that are allowed to be used for the ++ transfer, which thus helps the app which takes URLs from users or other ++ external inputs and want to restrict what protocol(s) to deal ++ with. Defaults to CURLPROTO_ALL. */ ++ data->set.allowed_protocols = va_arg(param, long) & PROT_EXTMASK; ++ break; ++ ++ case CURLOPT_REDIR_PROTOCOLS: ++ /* set the bitmask for the protocols that libcurl is allowed to follow to, ++ as a subset of the CURLOPT_PROTOCOLS ones. That means the protocol needs ++ to be set in both bitmasks to be allowed to get redirected to. Defaults ++ to CURLPROTO_ALL & ~CURLPROTO_FILE. */ ++ data->set.redir_protocols = va_arg(param, long) & PROT_EXTMASK; ++ break; ++ + default: + /* unknown tag and its companion, just ignore: */ + result = CURLE_FAILED_INIT; /* correct this */ +@@ -3198,8 +3221,6 @@ static CURLcode CreateConnection(struct + result = Curl_Transfer(conn, -1, -1, FALSE, NULL, /* no download */ + -1, NULL); /* no upload */ + } +- +- return result; + #else + failf(data, LIBCURL_NAME + " was built with FILE disabled!"); +@@ -3249,6 +3270,17 @@ static CURLcode CreateConnection(struct + failf(data, "Unsupported protocol: %s", conn->protostr); + return CURLE_UNSUPPORTED_PROTOCOL; + } ++ /* Protocol found. Check if allowed */ ++ if(!(data->set.allowed_protocols & conn->protocol) || ++ /* it is allowed for "normal" request, now do an extra check if this is ++ the result of a redirect */ ++ (data->state.this_is_a_follow && ++ !(data->set.redir_protocols & conn->protocol))) { ++ failf(data, "Unsupported protocol: %s", conn->protostr); ++ return CURLE_UNSUPPORTED_PROTOCOL; ++ } ++ if (conn->protocol & PROT_FILE) ++ return result; + + if(data->change.proxy && *data->change.proxy) { + /* If this is supposed to use a proxy, we need to figure out the proxy +diff -pruN curl-7.15.5.orig/lib/urldata.h curl-7.15.5/lib/urldata.h +--- curl-7.15.5.orig/lib/urldata.h 2006-07-26 00:46:38.000000000 +0200 ++++ curl-7.15.5/lib/urldata.h 2009-03-13 15:04:52.000000000 +0100 +@@ -563,17 +563,23 @@ struct connectdata { + struct has */ + + long protocol; /* PROT_* flags concerning the protocol set */ +-#define PROT_MISSING (1<<0) +-#define PROT_HTTP (1<<2) +-#define PROT_HTTPS (1<<3) +-#define PROT_FTP (1<<4) +-#define PROT_TELNET (1<<5) +-#define PROT_DICT (1<<6) +-#define PROT_LDAP (1<<7) +-#define PROT_FILE (1<<8) +-#define PROT_TFTP (1<<11) +-#define PROT_FTPS (1<<9) +-#define PROT_SSL (1<<10) /* protocol requires SSL */ ++#define PROT_HTTP CURLPROTO_HTTP ++#define PROT_HTTPS CURLPROTO_HTTPS ++#define PROT_FTP CURLPROTO_FTP ++#define PROT_TELNET CURLPROTO_TELNET ++#define PROT_DICT CURLPROTO_DICT ++#define PROT_LDAP CURLPROTO_LDAP ++#define PROT_FILE CURLPROTO_FILE ++#define PROT_FTPS CURLPROTO_FTPS ++#define PROT_TFTP CURLPROTO_TFTP ++/* CURLPROTO_TFTP (1<<11) is currently the highest used bit in the public ++ bitmask. We make sure we use "private bits" above the first 16 to make ++ things easier. */ ++ ++#define PROT_EXTMASK 0xfff ++ ++#define PROT_SSL (1<<22) /* protocol requires SSL */ ++#define PROT_MISSING (1<<23) + + /* 'dns_entry' is the particular host we use. This points to an entry in the + DNS cache and it will not get pruned while locked. It gets unlocked in +@@ -1147,6 +1153,8 @@ struct UserDefined { + bool ftp_skip_ip; /* skip the IP address the FTP server passes on to + us */ + bool connect_only; /* make connection, let application use the socket */ ++ long allowed_protocols; ++ long redir_protocols; + }; + + struct Names { +diff -pruN curl-7.15.5.orig/lib/easy.c curl-7.15.5/lib/easy.c +--- curl-7.15.5.orig/lib/easy.c 2006-07-25 20:39:22.000000000 +0200 ++++ curl-7.15.5/lib/easy.c 2009-03-13 15:04:52.000000000 +0100 +@@ -670,6 +670,13 @@ void curl_easy_reset(CURL *curl) + data->set.httpauth = CURLAUTH_BASIC; /* defaults to basic */ + data->set.proxyauth = CURLAUTH_BASIC; /* defaults to basic */ + ++ /* for the *protocols fields we don't use the CURLPROTO_ALL convenience ++ define since we internally only use the lower 16 bits for the passed ++ in bitmask to not conflict with the private bits */ ++ data->set.allowed_protocols = PROT_EXTMASK; ++ data->set.redir_protocols = ++ (PROT_EXTMASK & ~CURLPROTO_FILE); /* not FILE */ ++ + /* + * libcurl 7.10 introduced SSL verification *by default*! This needs to be + * switched off unless wanted. diff --git a/curl-7.15.5-CVE-2009-2417.patch b/curl-7.15.5-CVE-2009-2417.patch new file mode 100644 index 0000000..b479d91 --- /dev/null +++ b/curl-7.15.5-CVE-2009-2417.patch @@ -0,0 +1,80 @@ +diff -rup curl-7.15.5.orig/lib/ssluse.c curl-7.15.5/lib/ssluse.c +--- curl-7.15.5.orig/lib/ssluse.c 2006-07-20 22:05:54.000000000 +0200 ++++ curl-7.15.5/lib/ssluse.c 2009-08-07 11:41:18.181920711 +0200 +@@ -929,7 +929,7 @@ static CURLcode verifyhost(struct connec + if(check->type == target) { + /* get data and length */ + const char *altptr = (char *)ASN1_STRING_data(check->d.ia5); +- int altlen; ++ size_t altlen = (size_t) ASN1_STRING_length(check->d.ia5); + + switch(target) { + case GEN_DNS: /* name/pattern comparison */ +@@ -943,14 +943,16 @@ static CURLcode verifyhost(struct connec + "I checked the 0.9.6 and 0.9.8 sources before my patch and + it always 0-terminates an IA5String." + */ +- if (cert_hostcheck(altptr, conn->host.name)) ++ if((altlen == strlen(altptr)) && ++ /* if this isn't true, there was an embedded zero in the name ++ string and we cannot match it. */ ++ cert_hostcheck(altptr, conn->host.name)) + matched = TRUE; + break; + + case GEN_IPADD: /* IP address comparison */ + /* compare alternative IP address if the data chunk is the same size + our server IP address is */ +- altlen = ASN1_STRING_length(check->d.ia5); + if((altlen == addrlen) && !memcmp(altptr, &addr, altlen)) + matched = TRUE; + break; +@@ -990,18 +992,27 @@ static CURLcode verifyhost(struct connec + string manually to avoid the problem. This code can be made + conditional in the future when OpenSSL has been fixed. Work-around + brought by Alexis S. L. Carvalho. */ +- if (tmp && ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) { +- j = ASN1_STRING_length(tmp); +- if (j >= 0) { +- peer_CN = OPENSSL_malloc(j+1); +- if (peer_CN) { +- memcpy(peer_CN, ASN1_STRING_data(tmp), j); +- peer_CN[j] = '\0'; ++ if(tmp) { ++ if(ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) { ++ j = ASN1_STRING_length(tmp); ++ if(j >= 0) { ++ peer_CN = OPENSSL_malloc(j+1); ++ if(peer_CN) { ++ memcpy(peer_CN, ASN1_STRING_data(tmp), j); ++ peer_CN[j] = '\0'; ++ } + } + } ++ else /* not a UTF8 name */ ++ j = ASN1_STRING_to_UTF8(&peer_CN, tmp); ++ ++ if(peer_CN && ((int)strlen((char *)peer_CN) != j)) { ++ /* there was a terminating zero before the end of string, this ++ cannot match and we return failure! */ ++ failf(data, "SSL: illegal cert name field"); ++ res = CURLE_SSL_PEER_CERTIFICATE; ++ } + } +- else /* not a UTF8 name */ +- j = ASN1_STRING_to_UTF8(&peer_CN, tmp); + } + + if (peer_CN == nulstr) +@@ -1018,7 +1029,10 @@ static CURLcode verifyhost(struct connec + } + #endif /* CURL_DOES_CONVERSIONS */ + +- if (!peer_CN) { ++ if(res) ++ /* error already detected, pass through */ ++ ; ++ else if(!peer_CN) { + if(data->set.ssl.verifyhost > 1) { + failf(data, + "SSL: unable to obtain common name from peer certificate"); diff --git a/curl-7.15.5-CVE-2011-2192.patch b/curl-7.15.5-CVE-2011-2192.patch new file mode 100644 index 0000000..6d36cdc --- /dev/null +++ b/curl-7.15.5-CVE-2011-2192.patch @@ -0,0 +1,30 @@ +From b9c6df58e821977a0be886f6847311a4ffc7124e Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Wed, 8 Jun 2011 00:10:26 +0200 +Subject: [PATCH] Curl_input_negotiate: do not delegate GSSAPI credentials + +This is a security flaw. See curl advisory 20110623 for details. + +Reported by: Richard Silverman + +Signed-off-by: Kamil Dudka <kdudka@redhat.com> +--- + lib/http_negotiate.c | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c +index 08064d6..4015e2f 100644 +--- a/lib/http_negotiate.c ++++ b/lib/http_negotiate.c +@@ -216,7 +216,7 @@ int Curl_input_negotiate(struct connectdata *conn, char *header) + &neg_ctx->context, + neg_ctx->server_name, + GSS_C_NO_OID, +- GSS_C_DELEG_FLAG, ++ 0, + 0, + GSS_C_NO_CHANNEL_BINDINGS, + &input_token, +-- +1.7.4.4 + diff --git a/curl-7.15.5-bz473128.patch b/curl-7.15.5-bz473128.patch new file mode 100644 index 0000000..4fcd6b0 --- /dev/null +++ b/curl-7.15.5-bz473128.patch @@ -0,0 +1,12 @@ +diff -rup curl-7.15.5.orig/docs/curl.1 curl-7.15.5/docs/curl.1 +--- curl-7.15.5.orig/docs/curl.1 2006-07-27 01:20:47.000000000 +0200 ++++ curl-7.15.5/docs/curl.1 2009-10-27 13:27:18.996742031 +0100 +@@ -924,6 +924,8 @@ mutually exclusive. + If this option is used several times, the last one will be used. (This option + was previously wrongly documented and used as --socks without the number + appended.) ++ ++This option (as well as \fI--socks4\fP) does not work with IPv6, FTPS or LDAP. + .IP "--stderr <file>" + Redirect all writes to stderr to the specified file instead. If the file name + is a plain '-', it is instead written to stdout. This option has no point when diff --git a/curl-7.15.5-bz479967.patch b/curl-7.15.5-bz479967.patch new file mode 100644 index 0000000..b530121 --- /dev/null +++ b/curl-7.15.5-bz479967.patch @@ -0,0 +1,12 @@ +diff -rup curl-7.15.5.orig/lib/select.c curl-7.15.5/lib/select.c +--- curl-7.15.5.orig/lib/select.c 2006-05-05 12:24:27.000000000 +0200 ++++ curl-7.15.5/lib/select.c 2009-10-27 15:17:49.144741885 +0100 +@@ -113,7 +113,7 @@ int Curl_select(curl_socket_t readfd, cu + if (writefd != CURL_SOCKET_BAD) { + if (pfd[num].revents & POLLOUT) + ret |= CSELECT_OUT; +- if (pfd[num].revents & POLLERR) ++ if (pfd[num].revents & (POLLERR|POLLHUP)) + ret |= CSELECT_ERR; + } + diff --git a/curl-7.15.5-bz517084.patch b/curl-7.15.5-bz517084.patch new file mode 100644 index 0000000..b8db8ec --- /dev/null +++ b/curl-7.15.5-bz517084.patch @@ -0,0 +1,12 @@ +diff -rup curl-7.15.5.orig/src/main.c curl-7.15.5/src/main.c +--- curl-7.15.5.orig/src/main.c 2006-07-27 01:20:48.000000000 +0200 ++++ curl-7.15.5/src/main.c 2009-10-27 15:55:59.627758853 +0100 +@@ -513,6 +513,8 @@ static void help(void) + " --create-dirs Create necessary local directory hierarchy", + " --crlf Convert LF to CRLF in upload", + " -f/--fail Fail silently (no output at all) on HTTP errors (H)", ++ " --ftp-account <data> Account data to send when requested by server (F)", ++ " --ftp-alternative-to-user <cmd> String to replace \"USER [name]\" (F)", + " --ftp-create-dirs Create the remote dirs if not present (F)", + " --ftp-method [multicwd/nocwd/singlecwd] Control CWD usage (F)", + " --ftp-pasv Use PASV/EPSV instead of PORT (F)", diff --git a/curl-7.15.5-bz517199.patch b/curl-7.15.5-bz517199.patch new file mode 100644 index 0000000..799d177 --- /dev/null +++ b/curl-7.15.5-bz517199.patch @@ -0,0 +1,38 @@ +diff -rup curl-7.15.5.orig/lib/http.c curl-7.15.5/lib/http.c +--- curl-7.15.5.orig/lib/http.c 2009-08-14 13:04:26.830607819 +0200 ++++ curl-7.15.5/lib/http.c 2009-08-14 13:04:46.772482970 +0200 +@@ -1967,6 +1967,14 @@ CURLcode Curl_http(struct connectdata *c + te + ); + ++ /* ++ * Free userpwd now --- cannot reuse this for Negotiate and possibly NTLM ++ * with basic and digest, it will be freed anyway by the next request ++ */ ++ ++ Curl_safefree (conn->allocptr.userpwd); ++ conn->allocptr.userpwd = NULL; ++ + if(result) + return result; + +diff -rup curl-7.15.5.orig/lib/http_negotiate.c curl-7.15.5/lib/http_negotiate.c +--- curl-7.15.5.orig/lib/http_negotiate.c 2009-08-14 13:04:26.846608324 +0200 ++++ curl-7.15.5/lib/http_negotiate.c 2009-08-14 13:05:15.467037550 +0200 +@@ -248,7 +248,6 @@ int Curl_input_negotiate(struct connectd + CURLcode Curl_output_negotiate(struct connectdata *conn) + { + struct negotiatedata *neg_ctx = &conn->data->state.negotiate; +- OM_uint32 minor_status; + char *encoded = NULL; + int len; + +@@ -300,7 +299,7 @@ CURLcode Curl_output_negotiate(struct co + conn->allocptr.userpwd = + aprintf("Authorization: %s %s\r\n", neg_ctx->protocol, encoded); + free(encoded); +- gss_release_buffer(&minor_status, &neg_ctx->output_token); ++ Curl_cleanup_negotiate (conn->data); + return (conn->allocptr.userpwd == NULL) ? CURLE_OUT_OF_MEMORY : CURLE_OK; + } + diff --git a/curl-7.15.5-bz532069.patch b/curl-7.15.5-bz532069.patch new file mode 100644 index 0000000..f3f682d --- /dev/null +++ b/curl-7.15.5-bz532069.patch @@ -0,0 +1,159 @@ +diff -rup curl-7.15.5.orig/CHANGES curl-7.15.5/CHANGES +--- curl-7.15.5.orig/CHANGES 2006-08-07 08:27:59.000000000 +0200 ++++ curl-7.15.5/CHANGES 2009-10-30 23:42:35.373803847 +0100 +@@ -6,6 +6,16 @@ + + Changelog + ++Daniel Stenberg (25 Sep 2009) ++- Chris Mumford filed bug report #2861587 ++ (http://curl.haxx.se/bug/view.cgi?id=2861587) identifying that libcurl used ++ the OpenSSL function X509_load_crl_file() wrongly and failed if it would ++ load a CRL file with more than one certificate within. This is now fixed. ++ ++Daniel Stenberg (6 Jun 2008) ++- Axel Tillequin and Arnaud Ebalard added support for CURLOPT_CRLFILE, for ++ OpenSSL, NSS and GnuTLS-built libcurls. ++ + Version 7.15.5 (7 August 2006) + + Daniel (2 August 2006) +diff -rup curl-7.15.5.orig/docs/libcurl/curl_easy_setopt.3 curl-7.15.5/docs/libcurl/curl_easy_setopt.3 +--- curl-7.15.5.orig/docs/libcurl/curl_easy_setopt.3 2009-10-30 23:41:03.845741285 +0100 ++++ curl-7.15.5/docs/libcurl/curl_easy_setopt.3 2009-10-30 23:42:35.374803796 +0100 +@@ -1260,6 +1260,24 @@ makes sense only when used in combinatio + is zero, \fICURLOPT_CAPATH\fP need not even indicate an accessible + path. The \fICURLOPT_CAPATH\fP function apparently does not work in + Windows due to some limitation in openssl. (Added in 7.9.8) ++.IP CURLOPT_CRLFILE ++Pass a char * to a zero terminated string naming a file with the concatenation ++of CRL (in PEM format) to use in the certificate validation that occurs during ++the SSL exchange. ++ ++When curl is built to use NSS or GnuTLS, there is no way to influence the use ++of CRL passed to help in the verification process. When libcurl is built with ++OpenSSL support, X509_V_FLAG_CRL_CHECK and X509_V_FLAG_CRL_CHECK_ALL are both ++set, requiring CRL check against all the elements of the certificate chain if ++a CRL file is passed. ++ ++This option makes sense only when used in combination with the ++\fICURLOPT_SSL_VERIFYPEER\fP option. ++ ++A specific error code (CURLE_SSL_CRL_BADFILE) is defined with the option. It ++is returned when the SSL exchange fails because the CRL file cannot be loaded. ++Note that a failure in certificate verification due to a revocation information ++found in the CRL does not trigger this specific error. + .IP CURLOPT_RANDOM_FILE + Pass a char * to a zero terminated file name. The file will be used to read + from to seed the random engine for SSL. The more random the specified file is, +diff -rup curl-7.15.5.orig/docs/libcurl/libcurl-errors.3 curl-7.15.5/docs/libcurl/libcurl-errors.3 +--- curl-7.15.5.orig/docs/libcurl/libcurl-errors.3 2006-06-24 23:49:40.000000000 +0200 ++++ curl-7.15.5/docs/libcurl/libcurl-errors.3 2009-10-30 23:42:35.374803796 +0100 +@@ -208,6 +208,8 @@ No such TFTP user + Character conversion failed + .IP "CURLE_CONV_REQD (76)" + Caller must register conversion callbacks ++.IP "CURLE_SSL_CRL_BADFILE (82)" ++Failed to load CRL file (Added in 7.19.0) + .SH "CURLMcode" + This is the generic return code used by functions in the libcurl multi + interface. Also consider \fIcurl_multi_strerror(3)\fP. +diff -rup curl-7.15.5.orig/include/curl/curl.h curl-7.15.5/include/curl/curl.h +--- curl-7.15.5.orig/include/curl/curl.h 2009-10-30 23:41:03.846741384 +0100 ++++ curl-7.15.5/include/curl/curl.h 2009-10-30 23:42:35.375803976 +0100 +@@ -339,6 +339,8 @@ typedef enum { + CURLOPT_CONV_FROM_NETWORK_FUNCTION, + CURLOPT_CONV_TO_NETWORK_FUNCTION, and + CURLOPT_CONV_FROM_UTF8_FUNCTION */ ++ CURLE_SSL_CRL_BADFILE = 82, /* 82 - could not load CRL file, missing or ++ wrong format (Added in 7.19.0) */ + CURL_LAST /* never use! */ + } CURLcode; + +@@ -995,6 +997,9 @@ typedef enum { + /* Pointer to command string to send if USER/PASS fails. */ + CINIT(FTP_ALTERNATIVE_TO_USER, OBJECTPOINT, 147), + ++ /* CRL file */ ++ CINIT(CRLFILE, OBJECTPOINT, 169), ++ + /* set the bitmask for the protocols that are allowed to be used for the + transfer, which thus helps the app which takes URLs from users or other + external inputs and want to restrict what protocol(s) to deal +diff -rup curl-7.15.5.orig/lib/ssluse.c curl-7.15.5/lib/ssluse.c +--- curl-7.15.5.orig/lib/ssluse.c 2009-10-30 23:41:03.852866415 +0100 ++++ curl-7.15.5/lib/ssluse.c 2009-10-30 23:45:20.895778697 +0100 +@@ -1305,6 +1305,32 @@ Curl_ossl_connect_step1(struct connectda + data->set.ssl.CAfile ? data->set.ssl.CAfile : "none", + data->set.ssl.CApath ? data->set.ssl.CApath : "none"); + } ++ ++ if (data->set.ssl.CRLfile) { ++ /* tell SSL where to find CRL file that is used to check certificate ++ * revocation */ ++ X509_LOOKUP *lookup = ++ X509_STORE_add_lookup(connssl->ctx->cert_store,X509_LOOKUP_file()); ++ if ( !lookup || ++ (!X509_load_crl_file(lookup,data->set.ssl.CRLfile, ++ X509_FILETYPE_PEM)) ) { ++ failf(data,"error loading CRL file :\n" ++ " CRLfile: %s\n", ++ data->set.ssl.CRLfile? ++ data->set.ssl.CRLfile: "none"); ++ return CURLE_SSL_CRL_BADFILE; ++ } ++ else { ++ /* Everything is fine. */ ++ infof(data, "successfully load CRL file:\n"); ++ X509_STORE_set_flags(connssl->ctx->cert_store, ++ X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL); ++ } ++ infof(data, ++ " CRLfile: %s\n", data->set.ssl.CRLfile ? ++ data->set.ssl.CRLfile: "none"); ++ } ++ + /* SSL always tries to verify the peer, this only says whether it should + * fail to connect if the verification fails, or if it should continue + * anyway. In the latter case the result of the verification is checked with +diff -rup curl-7.15.5.orig/lib/strerror.c curl-7.15.5/lib/strerror.c +--- curl-7.15.5.orig/lib/strerror.c 2006-08-01 11:39:01.000000000 +0200 ++++ curl-7.15.5/lib/strerror.c 2009-10-30 23:42:35.376803807 +0100 +@@ -241,6 +241,9 @@ curl_easy_strerror(CURLcode error) + case CURLE_FTP_SSL_FAILED: + return "Requested FTP SSL level failed"; + ++ case CURLE_SSL_CRL_BADFILE: ++ return "Failed to load CRL file (path? access rights?, format?)"; ++ + case CURLE_SEND_FAIL_REWIND: + return "Send failed since rewinding of the data stream failed"; + +diff -rup curl-7.15.5.orig/lib/url.c curl-7.15.5/lib/url.c +--- curl-7.15.5.orig/lib/url.c 2009-10-30 23:41:03.848741261 +0100 ++++ curl-7.15.5/lib/url.c 2009-10-30 23:42:35.378944509 +0100 +@@ -1360,6 +1360,13 @@ CURLcode Curl_setopt(struct SessionHandl + /* This does not work on windows. */ + data->set.ssl.CApath = va_arg(param, char *); + break; ++ case CURLOPT_CRLFILE: ++ /* ++ * Set CRL file info for SSL connection. Specify file name of the CRL ++ * to check certificates revocation ++ */ ++ data->set.ssl.CRLfile = va_arg(param, char *); ++ break; + case CURLOPT_TELNETOPTIONS: + /* + * Set a linked list of telnet options +diff -rup curl-7.15.5.orig/lib/urldata.h curl-7.15.5/lib/urldata.h +--- curl-7.15.5.orig/lib/urldata.h 2009-10-30 23:41:03.849741307 +0100 ++++ curl-7.15.5/lib/urldata.h 2009-10-30 23:42:35.379944623 +0100 +@@ -171,6 +171,7 @@ struct ssl_config_data { + 2: CN must match hostname */ + char *CApath; /* DOES NOT WORK ON WINDOWS */ + char *CAfile; /* cerficate to verify peer against */ ++ char *CRLfile; /* CRL to check cerficate revocation */ + char *random_file; /* path to file containing "random" data */ + char *egdsocket; /* path to file containing the EGD daemon socket */ + char *cipher_list; /* list of ciphers to use */ diff --git a/curl-7.15.5-bz563220.patch b/curl-7.15.5-bz563220.patch new file mode 100644 index 0000000..e9d7f88 --- /dev/null +++ b/curl-7.15.5-bz563220.patch @@ -0,0 +1,13 @@ +diff --git a/lib/content_encoding.c b/lib/content_encoding.c +index fd27f30..7be16b0 100644 +--- a/lib/content_encoding.c ++++ b/lib/content_encoding.c +@@ -40,7 +40,7 @@ + (doing so will reduce code size slightly). */ + #define OLD_ZLIB_SUPPORT 1 + +-#define DSIZ 0x10000 /* buffer size for decompressed data */ ++#define DSIZ CURL_MAX_WRITE_SIZE /* buffer size for decompressed data */ + + #define GZIP_MAGIC_0 0x1f + #define GZIP_MAGIC_1 0x8b diff --git a/curl-7.15.5-bz655073.patch b/curl-7.15.5-bz655073.patch new file mode 100644 index 0000000..82199bd --- /dev/null +++ b/curl-7.15.5-bz655073.patch @@ -0,0 +1,71 @@ +From ab76eba3c4dcb076f33ae3b6a8ce3fab98bad9d5 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka <kdudka@redhat.com> +Date: Sun, 23 Jan 2011 16:42:31 +0100 +Subject: [PATCH] ldap: bz#655073 + +Patch originally written by Pierre Carrier. +--- + lib/ldap.c | 26 ++++++++++++++++++++++++-- + 1 files changed, 24 insertions(+), 2 deletions(-) + +diff --git a/lib/ldap.c b/lib/ldap.c +index 5b845a4..69b8aa9 100644 +--- a/lib/ldap.c ++++ b/lib/ldap.c +@@ -63,6 +63,7 @@ + #include "ldap.h" + #include "memory.h" + #include "base64.h" ++#include "http.h" + + #define _MPRINTF_REPLACE /* use our functions only */ + #include <curl/mprintf.h> +@@ -253,6 +254,7 @@ CURLcode Curl_ldap(struct connectdata *conn, bool *done) + void (*ldap_free_urldesc)(void *); + #endif + void *(__cdecl *ldap_init)(char *, int); ++ int (__cdecl *ldap_init_fd)(int, int, char *, void *); + int (__cdecl *ldap_simple_bind_s)(void *, char *, char *); + int (__cdecl *ldap_unbind_s)(void *); + int (__cdecl *ldap_search_s)(void *, char *, int, char *, char **, +@@ -269,7 +271,7 @@ CURLcode Curl_ldap(struct connectdata *conn, bool *done) + void (__cdecl *ber_free)(void *, int); + int (__cdecl *ldap_set_option)(void *, int, void *); + +- void *server; ++ void *server = NULL; + LDAPURLDesc *ludp = NULL; + const char *mod_name; + void *result; +@@ -316,7 +318,27 @@ CURLcode Curl_ldap(struct connectdata *conn, bool *done) + DYNA_GET_FUNCTION(void (__cdecl *)(void *, int), ber_free); + DYNA_GET_FUNCTION(int (__cdecl *)(void *, int, void *), ldap_set_option); + +- server = (*ldap_init)(conn->host.name, (int)conn->port); ++ if(conn->bits.tunnel_proxy && conn->bits.httpproxy) { ++ /* for LDAP over HTTP proxy */ ++ ldap_init_fd = (int (__cdecl *)(int, int, char *, void *)) ++ DynaGetFunction("ldap_init_fd"); ++ if(!ldap_init_fd) { ++ failf(data, "Cannot use ldap_init_fd (%s), your openldap version is " ++ "probably too old for HTTP proxying", dlerror()); ++ status = CURLE_COULDNT_CONNECT; ++ goto quit; ++ } ++ if(CURLE_OK != Curl_proxyCONNECT(conn, FIRSTSOCKET, conn->host.name, ++ conn->remote_port)) { ++ status = CURLE_COULDNT_CONNECT; ++ goto quit; ++ } ++ if((*ldap_init_fd)(conn->sock[FIRSTSOCKET], /* LDAP_PROTO_TCP */1, NULL, ++ &server)) ++ server = NULL; ++ } else { ++ server = (*ldap_init)(conn->host.name, (int)conn->port); ++ } + if (server == NULL) { + failf(data, "LDAP local: Cannot connect to %s:%d", + conn->host.name, conn->port); +-- +1.7.3.4 + diff --git a/curl.spec b/curl.spec new file mode 100644 index 0000000..0cbf4ea --- /dev/null +++ b/curl.spec @@ -0,0 +1,430 @@ +Summary: A utility for getting files from remote servers (FTP, HTTP, and others). +Name: curl +Version: 7.15.5 +Release: 9%{?dist}.3 +License: MIT +Group: Applications/Internet +Source: http://curl.haxx.se/download/%{name}-%{version}.tar.bz2 +Patch0: curl-7.14.1-nousr.patch +Patch1: curl-7.15.0-curl_config-version.patch +Patch2: curl-7.15.3-multilib.patch +Patch3: curl-7.15.5-CVE-2009-0037.patch +Patch4: curl-7.15.5-CVE-2009-2417.patch +Patch5: curl-7.15.5-bz473128.patch +Patch6: curl-7.15.5-bz479967.patch +Patch7: curl-7.15.5-bz517084.patch +Patch8: curl-7.15.5-bz517199.patch +Patch9: curl-7.15.5-bz532069.patch +Patch10: curl-7.15.5-bz563220.patch +Patch11: curl-7.15.5-bz655073.patch +Patch12: curl-7.15.5-CVE-2011-2192.patch +URL: http://curl.haxx.se/ +BuildRoot: %{_tmppath}/%{name}-%{version}-root +BuildRequires: openssl-devel, libtool, pkgconfig, libidn-devel +Requires: openssl + +%description +cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and +Dict servers, using any of the supported protocols. cURL is designed +to work without user interaction or any kind of interactivity. cURL +offers many useful capabilities, like proxy support, user +authentication, FTP upload, HTTP post, and file transfer resume. + +%package devel +Group: Development/Libraries +Requires: %{name} = %{version}-%{release}, openssl-devel, libidn-devel +Summary: Files needed for building applications with libcurl. + +%description devel +cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and +Dict servers, using any of the supported protocols. The curl-devel +package includes files needed for developing applications which can +use cURL's capabilities internally. + +%prep +rm -rf $RPM_BUILD_ROOT + +%setup -q +%patch0 -p1 -b .nousr +%patch1 -p1 -b .ver +%patch2 -p1 -b .multilib +%patch3 -p1 -b .CVE-2009-0037 +%patch4 -p1 -b .CVE-2009-2417 +%patch5 -p1 -b .bz473128 +%patch6 -p1 -b .bz479967 +%patch7 -p1 -b .bz517084 +%patch8 -p1 -b .bz517199 +%patch9 -p1 -b .bz532069 +%patch10 -p1 -b .bz563220 +%patch11 -p1 -b .bz655073 +%patch12 -p1 -b .CVE-2011-2192 + +%build +aclocal +libtoolize --force +./reconf + +if pkg-config openssl ; then + CPPFLAGS=`pkg-config --cflags openssl`; export CPPFLAGS + LDFLAGS=`pkg-config --libs openssl`; export LDFLAGS +fi +%configure --with-ssl=/usr --enable-ipv6 \ + --with-ca-bundle=%{_sysconfdir}/pki/tls/certs/ca-bundle.crt \ + --with-gssapi=/usr/kerberos --with-libidn +make + +%install +rm -rf $RPM_BUILD_ROOT +%makeinstall +rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la + + +# don't need curl's copy of the certs; use openssl's +find ${RPM_BUILD_ROOT} -name ca-bundle.crt -exec rm -f '{}' \; + +%clean +rm -rf $RPM_BUILD_ROOT + +%post +/sbin/ldconfig + +%postun +/sbin/ldconfig + +%files +%defattr(-,root,root) +%doc CHANGES README* COPYING +%doc docs/BUGS docs/FAQ docs/FEATURES +%doc docs/MANUAL docs/RESOURCES +%doc docs/TheArtOfHttpScripting docs/TODO +%{_bindir}/curl +%{_mandir}/man1/curl.1* +%{_libdir}/libcurl.so.* +#%{_datadir}/ssl/certs/ca-bundle.crt + +%files devel +%defattr(-,root,root) +%doc docs/examples/*.c docs/examples/Makefile.example docs/INTERNALS +%{_bindir}/curl-config* +%{_includedir}/curl +%{_libdir}/*.a +%{_libdir}/*.so +%{_libdir}/pkgconfig/*.pc +%{_mandir}/man1/curl-config.1* +%{_mandir}/man3/* + +%changelog +* Thu Jun 23 2011 Kamil Dudka <kdudka@redhat.com> 7.15.5-9.el5_6.3 +- do not delegate GSSAPI credentials (CVE-2011-2192) + +* Mon Jan 24 2011 Kamil Dudka <kdudka@redhat.com> - 7.15.5-9.el5_6.2 +- avoid use of uninitialized variable on failure of a LDAP request (#670523) + +* Tue Jan 18 2011 Kamil Dudka <kdudka@redhat.com> - 7.15.5-9.el5_6.1 +- proxy tunnel support for LDAP requests (#670523) + +* Mon Feb 15 2010 Kamil Dudka <kdudka@redhat.com> - 7.15.5-9 +- http://curl.haxx.se/docs/adv_20100209.html (#565408) + +* Tue Oct 27 2009 Kamil Dudka <kdudka@redhat.com> - 7.15.5-8 +- mention lack of IPv6, FTPS and LDAP support while using a socks proxy + (#473128) +- avoid tight loop if an upload connection is broken (#479967) +- add options --ftp-account and --ftp-alternative-to-user to program help + (#517084) +- fix crash when reusing connection after negotiate-auth (#517199) +- support for CRL loading from a PEM file (#532069) + +* Tue Aug 11 2009 Jindrich Novy <jnovy@redhat.com> - 7.15.5-7 +- sync patch for CVE-2007-0037 with 5.3.Z +Related: #485290 + +* Mon Aug 10 2009 Kamil Dudka <kdudka@redhat.com> - 7.15.5-6 +- fix CVE-2009-2417 +Resolves: #516258 + +* Tue Mar 10 2009 Jindrich Novy <jnovy@redhat.com> - 7.15.5-5 +- forwardport one hunk from upstream curl-7.15.1 +Related: #485290 + +* Fri Mar 06 2009 Jindrich Novy <jnovy@redhat.com> - 7.15.5-4 +- fix hunk applied to wrong place due to nonzero patch fuzz +Related: #485290 + +* Tue Mar 03 2009 Jindrich Novy <jnovy@redhat.com> - 7.15.5-3 +- fix CVE-2007-0037 +Resolves: #485290 + +* Tue Jan 16 2007 Jindrich Novy <jnovy@redhat.com> - 7.15.5-2 +- don't package generated makefiles for docs/examples to avoid + multiarch conflicts (#222718) + +* Thu Aug 24 2006 Jindrich Novy <jnovy@redhat.com> - 7.15.5-1.fc6 +- update to curl-7.15.5 +- use %%{?dist} + +* Fri Jun 30 2006 Ivana Varekova <varekova@redhat.com> - 7.15.4-1 +- update to 7.15.4 + +* Mon Mar 20 2006 Ivana Varekova <varekova@redhat.com> - 7.15.3-1 +- fix multilib problem using pkg-config +- update to 7.15.3 + +* Thu Feb 23 2006 Ivana Varekova <varekova@redhat.com> - 7.15.1-2 +- fix multilib problem - #181290 - + curl-devel.i386 not installable together with curl-devel.x86-64 + +* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 7.15.1-1.2.1 +- bump again for double-long bug on ppc(64) + +* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 7.15.1-1.2 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com> +- rebuilt + +* Thu Dec 8 2005 Ivana Varekova <varekova@redhat.com> 7.15.1-1 +- update to 7.15.1 (bug 175191) + +* Wed Nov 30 2005 Ivana Varekova <varekova@redhat.com> 7.15.0-3 +- fix curl-config bug 174556 - missing vernum value + +* Wed Nov 9 2005 Ivana Varekova <varekova@redhat.com> 7.15.0-2 +- rebuilt + +* Tue Oct 18 2005 Ivana Varekova <varekova@redhat.com> 7.15.0-1 +- update to 7.15.0 + +* Thu Oct 13 2005 Ivana Varekova <varekova@redhat.com> 7.14.1-1 +- update to 7.14.1 + +* Thu Jun 16 2005 Ivana Varekova <varekova@redhat.com> 7.14.0-1 +- rebuild new version + +* Tue May 03 2005 Ivana Varekova <varekova@redhat.com> 7.13.1-3 +- fix bug 150768 - curl-7.12.3-2 breaks basic authentication + used Daniel Stenberg patch + +* Mon Apr 25 2005 Joe Orton <jorton@redhat.com> 7.13.1-2 +- update to use ca-bundle in /etc/pki +- mark License as MIT not MPL + +* Mon Mar 9 2005 Ivana Varekova <varekova@redhat.com> 7.13.1-1 +- rebuilt (7.13.1) + +* Tue Mar 1 2005 Tomas Mraz <tmraz@redhat.com> 7.13.0-2 +- rebuild with openssl-0.9.7e + +* Sun Feb 13 2005 Florian La Roche <laroche@redhat.com> +- 7.13.0 + +* Wed Feb 9 2005 Joe Orton <jorton@redhat.com> 7.12.3-3 +- don't pass /usr to --with-libidn to remove "-L/usr/lib" from + 'curl-config --libs' output on x86_64. + +* Fri Jan 28 2005 Adrian Havill <havill@redhat.com> 7.12.3-1 +- Upgrade to 7.12.3, which uses poll() for FDSETSIZE limit (#134794) +- require libidn-devel for devel subpkg (#141341) +- remove proftpd kludge; included upstream + +* Wed Oct 06 2004 Adrian Havill <havill@redhat.com> 7.12.1-1 +- upgrade to 7.12.1 +- enable GSSAPI auth (#129353) +- enable I18N domain names (#134595) +- workaround for broken ProFTPD SSL auth (#134133). Thanks to + Aleksandar Milivojevic + +* Wed Sep 29 2004 Adrian Havill <havill@redhat.com> 7.12.0-4 +- move new docs position so defattr gets applied + +* Mon Sep 27 2004 Warren Togami <wtogami@redhat.com> 7.12.0-3 +- remove INSTALL, move libcurl docs to -devel + +* Fri Jul 26 2004 Jindrich Novy <jnovy@redhat.com> +- updated to 7.12.0 +- updated nousr patch + +* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com> +- rebuilt + +* Wed Apr 07 2004 Adrian Havill <havill@redhat.com> 7.11.1-1 +- upgraded; updated nousr patch +- added COPYING (#115956) +- + +* Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com> +- rebuilt + +* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com> +- rebuilt + +* Sat Jan 31 2004 Florian La Roche <Florian.LaRoche@redhat.de> +- update to 7.10.8 +- remove patch2, already upstream + +* Wed Oct 15 2003 Adrian Havill <havill@redhat.com> 7.10.6-7 +- aclocal before libtoolize +- move OpenLDAP license so it's present as a doc file, present in + both the source and binary as per conditions + +* Mon Oct 13 2003 Adrian Havill <havill@redhat.com> 7.10.6-6 +- add OpenLDAP copyright notice for usage of code, add OpenLDAP + license for this code + +* Tue Oct 07 2003 Adrian Havill <havill@redhat.com> 7.10.6-5 +- match serverAltName certs with SSL (#106168) + +* Mon Sep 16 2003 Adrian Havill <havill@redhat.com> 7.10.6-4.1 +- bump n-v-r for RHEL + +* Mon Sep 16 2003 Adrian Havill <havill@redhat.com> 7.10.6-4 +- restore ca cert bundle (#104400) +- require openssl, we want to use its ca-cert bundle + +* Sun Sep 7 2003 Joe Orton <jorton@redhat.com> 7.10.6-3 +- rebuild + +* Fri Sep 5 2003 Joe Orton <jorton@redhat.com> 7.10.6-2.2 +- fix to include libcurl.so + +* Mon Aug 25 2003 Adrian Havill <havill@redhat.com> 7.10.6-2.1 +- bump n-v-r for RHEL + +* Mon Aug 25 2003 Adrian Havill <havill@redhat.com> 7.10.6-2 +- devel subpkg needs openssl-devel as a Require (#102963) + +* Tue Jul 28 2003 Adrian Havill <havill@redhat.com> 7.10.6-1 +- bumped version + +* Tue Jul 01 2003 Adrian Havill <havill@redhat.com> 7.10.5-1 +- bumped version + +* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com> +- rebuilt + +* Sat Apr 12 2003 Florian La Roche <Florian.LaRoche@redhat.de> +- update to 7.10.4 +- adapt nousr patch + +* Wed Jan 22 2003 Tim Powers <timp@redhat.com> +- rebuilt + +* Tue Jan 21 2003 Joe Orton <jorton@redhat.com> 7.9.8-4 +- don't add -L/usr/lib to 'curl-config --libs' output + +* Mon Jan 7 2003 Nalin Dahyabhai <nalin@redhat.com> 7.9.8-3 +- rebuild + +* Wed Nov 6 2002 Joe Orton <jorton@redhat.com> 7.9.8-2 +- fix `curl-config --libs` output for libdir!=/usr/lib +- remove docs/LIBCURL from docs list; remove unpackaged libcurl.la +- libtoolize and reconf + +* Mon Jul 22 2002 Trond Eivind Glomsrød <teg@redhat.com> 7.9.8-1 +- 7.9.8 (# 69473) + +* Fri Jun 21 2002 Tim Powers <timp@redhat.com> +- automated rebuild + +* Sun May 26 2002 Tim Powers <timp@redhat.com> +- automated rebuild + +* Thu May 16 2002 Trond Eivind Glomsrød <teg@redhat.com> 7.9.7-1 +- 7.9.7 + +* Wed Apr 24 2002 Trond Eivind Glomsrød <teg@redhat.com> 7.9.6-1 +- 7.9.6 + +* Thu Mar 21 2002 Trond Eivind Glomsrød <teg@redhat.com> 7.9.5-2 +- Stop the curl-config script from printing -I/usr/include + and -L/usr/lib (#59497) + +* Fri Mar 8 2002 Trond Eivind Glomsrød <teg@redhat.com> 7.9.5-1 +- 7.9.5 + +* Tue Feb 26 2002 Trond Eivind Glomsrød <teg@redhat.com> 7.9.3-2 +- Rebuild + +* Wed Jan 23 2002 Nalin Dahyabhai <nalin@redhat.com> 7.9.3-1 +- update to 7.9.3 + +* Wed Jan 09 2002 Tim Powers <timp@redhat.com> 7.9.2-2 +- automated rebuild + +* Wed Jan 9 2002 Trond Eivind Glomsrød <teg@redhat.com> 7.9.2-1 +- 7.9.2 + +* Fri Aug 17 2001 Nalin Dahyabhai <nalin@redhat.com> +- include curl-config in curl-devel +- update to 7.8 to fix memory leak and strlcat() symbol pollution from libcurl + +* Wed Jul 18 2001 Crutcher Dunnavant <crutcher@redhat.com> +- added openssl-devel build req + +* Mon May 21 2001 Tim Powers <timp@redhat.com> +- built for the distro + +* Tue Apr 24 2001 Jeff Johnson <jbj@redhat.com> +- upgrade to curl-7.7.2. +- enable IPv6. + +* Fri Mar 2 2001 Tim Powers <timp@redhat.com> +- rebuilt against openssl-0.9.6-1 + +* Thu Jan 4 2001 Tim Powers <timp@redhat.com> +- fixed mising ldconfigs +- updated to 7.5.2, bug fixes + +* Mon Dec 11 2000 Tim Powers <timp@redhat.com> +- updated to 7.5.1 + +* Mon Nov 6 2000 Tim Powers <timp@redhat.com> +- update to 7.4.1 to fix bug #20337, problems with curl -c +- not using patch anymore, it's included in the new source. Keeping + for reference + +* Fri Oct 20 2000 Nalin Dahyabhai <nalin@redhat.com> +- fix bogus req in -devel package + +* Fri Oct 20 2000 Tim Powers <timp@redhat.com> +- devel package needed defattr so that root owns the files + +* Mon Oct 16 2000 Nalin Dahyabhai <nalin@redhat.com> +- update to 7.3 +- apply vsprintf/vsnprintf patch from Colin Phipps via Debian + +* Mon Aug 21 2000 Nalin Dahyabhai <nalin@redhat.com> +- enable SSL support +- fix packager tag +- move buildroot to %%{_tmppath} + +* Tue Aug 1 2000 Tim Powers <timp@redhat.com> +- fixed vendor tag for bug #15028 + +* Mon Jul 24 2000 Prospector <prospector@redhat.com> +- rebuilt + +* Tue Jul 11 2000 Tim Powers <timp@redhat.com> +- workaround alpha build problems with optimizations + +* Mon Jul 10 2000 Tim Powers <timp@redhat.com> +- rebuilt + +* Mon Jun 5 2000 Tim Powers <timp@redhat.com> +- put man pages in correct place +- use %%makeinstall + +* Mon Apr 24 2000 Tim Powers <timp@redhat.com> +- updated to 6.5.2 + +* Wed Nov 3 1999 Tim Powers <timp@redhat.com> +- updated sources to 6.2 +- gzip man page + +* Mon Aug 30 1999 Tim Powers <timp@redhat.com> +- changed group + +* Thu Aug 26 1999 Tim Powers <timp@redhat.com> +- changelog started +- general cleanups, changed prefix to /usr, added manpage to files section +- including in Powertools |