summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorB Stack <bgstack15@gmail.com>2019-09-18 12:37:11 +0000
committerB Stack <bgstack15@gmail.com>2019-09-18 12:37:11 +0000
commitbab4e46df0ab08070ac03aa057bd63ee7d744a90 (patch)
tree8abbed509506c4ca87de844ff57ffcd3988bdf55
parentMerge branch 'plymouth-bump' into 'master' (diff)
parentadd curl (diff)
downloadstackrpms-bab4e46df0ab08070ac03aa057bd63ee7d744a90.tar.gz
stackrpms-bab4e46df0ab08070ac03aa057bd63ee7d744a90.tar.bz2
stackrpms-bab4e46df0ab08070ac03aa057bd63ee7d744a90.zip
Merge branch 'libssh2-bump' into 'master'
Add freefilesync build/run dependencies See merge request bgstack15/stackrpms!88
-rw-r--r--curl/0001-curl-7.66.0-metalink-memleak.patch71
-rw-r--r--curl/0101-curl-7.58.0-multilib.patch88
-rw-r--r--curl/0102-curl-7.54.1-debug.patch48
-rw-r--r--curl/0103-curl-7.62.0-python3.patch57
-rw-r--r--curl/0104-curl-7.64.1-localhost6.patch47
-rw-r--r--curl/0105-curl-7.65.0-lib1560-valgrind.patch39
-rw-r--r--curl/0302-curl-7.47.1-pkgconfig.patch17
-rw-r--r--curl/README.md5
-rw-r--r--curl/curl-7.64.1-zsh-cpl.patch37
-rw-r--r--curl/curl.spec6326
-rw-r--r--libssh2/README.md5
-rw-r--r--libssh2/libssh2-1.7.0-pkgconfig.patch13
-rw-r--r--libssh2/libssh2.spec802
13 files changed, 7555 insertions, 0 deletions
diff --git a/curl/0001-curl-7.66.0-metalink-memleak.patch b/curl/0001-curl-7.66.0-metalink-memleak.patch
new file mode 100644
index 0000000..16c8ae2
--- /dev/null
+++ b/curl/0001-curl-7.66.0-metalink-memleak.patch
@@ -0,0 +1,71 @@
+From 855ebacdffbc421b121563ae1ecd9fde736bfaf2 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Wed, 11 Sep 2019 16:32:11 +0200
+Subject: [PATCH] curl: fix memory leaked by parse_metalink()
+
+This commit fixes a regression introduced by curl-7_65_3-5-gb88940850.
+Detected by tests 2005, 2008, 2009, 2010, 2011, and 2012 with valgrind
+and libmetalink enabled.
+
+Closes #4326
+
+Upstream-commit: 1ca91bcdb588dc6c25d345f2411fdba314433732
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ src/tool_metalink.c | 2 +-
+ src/tool_metalink.h | 3 +++
+ src/tool_operate.c | 4 ++++
+ 3 files changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/src/tool_metalink.c b/src/tool_metalink.c
+index 0740407f9..cd5a7d650 100644
+--- a/src/tool_metalink.c
++++ b/src/tool_metalink.c
+@@ -965,7 +965,7 @@ static void delete_metalink_resource(metalink_resource *res)
+ Curl_safefree(res);
+ }
+
+-static void delete_metalinkfile(metalinkfile *mlfile)
++void delete_metalinkfile(metalinkfile *mlfile)
+ {
+ metalink_resource *res;
+ if(mlfile == NULL) {
+diff --git a/src/tool_metalink.h b/src/tool_metalink.h
+index 1e367033c..f5ec306f7 100644
+--- a/src/tool_metalink.h
++++ b/src/tool_metalink.h
+@@ -105,6 +105,8 @@ extern const digest_params SHA256_DIGEST_PARAMS[1];
+ * Counts the resource in the metalinkfile.
+ */
+ int count_next_metalink_resource(metalinkfile *mlfile);
++
++void delete_metalinkfile(metalinkfile *mlfile);
+ void clean_metalink(struct OperationConfig *config);
+
+ /*
+@@ -158,6 +160,7 @@ void metalink_cleanup(void);
+ #else /* USE_METALINK */
+
+ #define count_next_metalink_resource(x) 0
++#define delete_metalinkfile(x) (void)x
+ #define clean_metalink(x) (void)x
+
+ /* metalink_cleanup() takes no arguments */
+diff --git a/src/tool_operate.c b/src/tool_operate.c
+index d2ad9642d..09dfc0c84 100644
+--- a/src/tool_operate.c
++++ b/src/tool_operate.c
+@@ -2073,6 +2073,10 @@ static CURLcode serial_transfers(struct GlobalConfig *global,
+ result = post_transfer(global, share, per, result, &retry);
+ if(retry)
+ continue;
++
++ /* Release metalink related resources here */
++ delete_metalinkfile(per->mlfile);
++
+ per = del_transfer(per);
+
+ /* Bail out upon critical errors or --fail-early */
+--
+2.20.1
+
diff --git a/curl/0101-curl-7.58.0-multilib.patch b/curl/0101-curl-7.58.0-multilib.patch
new file mode 100644
index 0000000..38340e1
--- /dev/null
+++ b/curl/0101-curl-7.58.0-multilib.patch
@@ -0,0 +1,88 @@
+From 2a4754a3a7cf60ecc36d83cbe50b8c337cb87632 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Fri, 12 Apr 2013 12:04:05 +0200
+Subject: [PATCH] prevent multilib conflicts on the curl-config script
+
+---
+ curl-config.in | 21 +++------------------
+ docs/curl-config.1 | 4 +++-
+ libcurl.pc.in | 1 +
+ 3 files changed, 7 insertions(+), 19 deletions(-)
+
+diff --git a/curl-config.in b/curl-config.in
+index 150004d..95d0759 100644
+--- a/curl-config.in
++++ b/curl-config.in
+@@ -76,7 +76,7 @@ while test $# -gt 0; do
+ ;;
+
+ --cc)
+- echo "@CC@"
++ echo "gcc"
+ ;;
+
+ --prefix)
+@@ -143,32 +143,19 @@ while test $# -gt 0; do
+ ;;
+
+ --libs)
+- if test "X@libdir@" != "X/usr/lib" -a "X@libdir@" != "X/usr/lib64"; then
+- CURLLIBDIR="-L@libdir@ "
+- else
+- CURLLIBDIR=""
+- fi
+- if test "X@REQUIRE_LIB_DEPS@" = "Xyes"; then
+- echo ${CURLLIBDIR}-lcurl @LIBCURL_LIBS@
+- else
+- echo ${CURLLIBDIR}-lcurl
+- fi
++ echo -lcurl
+ ;;
+ --ssl-backends)
+ echo "@SSL_BACKENDS@"
+ ;;
+
+ --static-libs)
+- if test "X@ENABLE_STATIC@" != "Xno" ; then
+- echo @libdir@/libcurl.@libext@ @LDFLAGS@ @LIBCURL_LIBS@
+- else
+- echo "curl was built with static libraries disabled" >&2
+- exit 1
+- fi
++ echo "curl was built with static libraries disabled" >&2
++ exit 1
+ ;;
+
+ --configure)
+- echo @CONFIGURE_OPTIONS@
++ pkg-config libcurl --variable=configure_options | sed 's/^"//;s/"$//'
+ ;;
+
+ *)
+diff --git a/docs/curl-config.1 b/docs/curl-config.1
+index 14a9d2b..ffcc004 100644
+--- a/docs/curl-config.1
++++ b/docs/curl-config.1
+@@ -70,7 +70,9 @@ no, one or several names. If more than o
+ comma-separated. (Added in 7.58.0)
+ .IP "--static-libs"
+ Shows the complete set of libs and other linker options you will need in order
+-to link your application with libcurl statically. (Added in 7.17.1)
++to link your application with libcurl statically. Note that Fedora/RHEL libcurl
++packages do not provide any static libraries, thus cannot be linked statically.
++(Added in 7.17.1)
+ .IP "--version"
+ Outputs version information about the installed libcurl.
+ .IP "--vernum"
+diff --git a/libcurl.pc.in b/libcurl.pc.in
+index 2ba9c39..f8f8b00 100644
+--- a/libcurl.pc.in
++++ b/libcurl.pc.in
+@@ -29,6 +29,7 @@ libdir=@libdir@
+ includedir=@includedir@
+ supported_protocols="@SUPPORT_PROTOCOLS@"
+ supported_features="@SUPPORT_FEATURES@"
++configure_options=@CONFIGURE_OPTIONS@
+
+ Name: libcurl
+ URL: https://curl.haxx.se/
diff --git a/curl/0102-curl-7.54.1-debug.patch b/curl/0102-curl-7.54.1-debug.patch
new file mode 100644
index 0000000..1495e17
--- /dev/null
+++ b/curl/0102-curl-7.54.1-debug.patch
@@ -0,0 +1,48 @@
+--- a/configure
++++ b/configure
+@@ -17044,18 +17044,11 @@ $as_echo "yes" >&6; }
+ gccvhi=`echo $gccver | cut -d . -f1`
+ gccvlo=`echo $gccver | cut -d . -f2`
+ compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`
+- flags_dbg_all="-g -g0 -g1 -g2 -g3"
+- flags_dbg_all="$flags_dbg_all -ggdb"
+- flags_dbg_all="$flags_dbg_all -gstabs"
+- flags_dbg_all="$flags_dbg_all -gstabs+"
+- flags_dbg_all="$flags_dbg_all -gcoff"
+- flags_dbg_all="$flags_dbg_all -gxcoff"
+- flags_dbg_all="$flags_dbg_all -gdwarf-2"
+- flags_dbg_all="$flags_dbg_all -gvms"
++ flags_dbg_all=""
+ flags_dbg_yes="-g"
+ flags_dbg_off=""
+- flags_opt_all="-O -O0 -O1 -O2 -O3 -Os -Og -Ofast"
+- flags_opt_yes="-O2"
++ flags_opt_all=""
++ flags_opt_yes=""
+ flags_opt_off="-O0"
+
+ OLDCPPFLAGS=$CPPFLAGS
+--- a/m4/curl-compilers.m4
++++ b/m4/curl-compilers.m4
+@@ -148,18 +148,11 @@ AC_DEFUN([CURL_CHECK_COMPILER_GNU_C], [
+ gccvhi=`echo $gccver | cut -d . -f1`
+ gccvlo=`echo $gccver | cut -d . -f2`
+ compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`
+- flags_dbg_all="-g -g0 -g1 -g2 -g3"
+- flags_dbg_all="$flags_dbg_all -ggdb"
+- flags_dbg_all="$flags_dbg_all -gstabs"
+- flags_dbg_all="$flags_dbg_all -gstabs+"
+- flags_dbg_all="$flags_dbg_all -gcoff"
+- flags_dbg_all="$flags_dbg_all -gxcoff"
+- flags_dbg_all="$flags_dbg_all -gdwarf-2"
+- flags_dbg_all="$flags_dbg_all -gvms"
++ flags_dbg_all=""
+ flags_dbg_yes="-g"
+ flags_dbg_off=""
+- flags_opt_all="-O -O0 -O1 -O2 -O3 -Os -Og -Ofast"
+- flags_opt_yes="-O2"
++ flags_opt_all=""
++ flags_opt_yes=""
+ flags_opt_off="-O0"
+ CURL_CHECK_DEF([_WIN32], [], [silent])
+ else
diff --git a/curl/0103-curl-7.62.0-python3.patch b/curl/0103-curl-7.62.0-python3.patch
new file mode 100644
index 0000000..56485fe
--- /dev/null
+++ b/curl/0103-curl-7.62.0-python3.patch
@@ -0,0 +1,57 @@
+From 3c4c7340e455b7256c0786759422f34ec3e2d440 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Thu, 15 Mar 2018 14:49:56 +0100
+Subject: [PATCH] tests/{negtelnet,smb}server.py: migrate to Python 3
+
+Unfortunately, smbserver.py does not work with Python 3 because
+there is no 'impacket' module available for Python 3:
+
+https://github.com/CoreSecurity/impacket/issues/61
+---
+ tests/negtelnetserver.py | 4 ++--
+ tests/smbserver.py | 4 ++--
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/tests/negtelnetserver.py b/tests/negtelnetserver.py
+index 8cfd409..72ee771 100755
+--- a/tests/negtelnetserver.py
++++ b/tests/negtelnetserver.py
+@@ -73,11 +73,11 @@ class NegotiatingTelnetHandler(socketserver.BaseRequestHandler):
+ response_data = response.encode('ascii')
+ else:
+ log.debug("Received normal request - echoing back")
+- response_data = data.strip()
++ response_data = data.decode('utf8').strip()
+
+ if response_data:
+ log.debug("Sending %r", response_data)
+- self.request.sendall(response_data)
++ self.request.sendall(response_data.encode('utf8'))
+
+ except IOError:
+ log.exception("IOError hit during request")
+diff --git a/tests/smbserver.py b/tests/smbserver.py
+index 195ae39..b09cd44 100755
+--- a/tests/smbserver.py
++++ b/tests/smbserver.py
+@@ -24,7 +24,7 @@
+ from __future__ import (absolute_import, division, print_function)
+ # unicode_literals)
+ import argparse
+-import ConfigParser
++import configparser
+ import os
+ import sys
+ import logging
+@@ -58,7 +58,7 @@ def smbserver(options):
+ f.write("{0}".format(pid))
+
+ # Here we write a mini config for the server
+- smb_config = ConfigParser.ConfigParser()
++ smb_config = configparser.ConfigParser()
+ smb_config.add_section("global")
+ smb_config.set("global", "server_name", "SERVICE")
+ smb_config.set("global", "server_os", "UNIX")
+--
+2.14.3
+
diff --git a/curl/0104-curl-7.64.1-localhost6.patch b/curl/0104-curl-7.64.1-localhost6.patch
new file mode 100644
index 0000000..ec1fc47
--- /dev/null
+++ b/curl/0104-curl-7.64.1-localhost6.patch
@@ -0,0 +1,47 @@
+--- a/tests/data/test1083
++++ b/tests/data/test1083
+@@ -33,13 +33,13 @@ ipv6
+ http-ipv6
+ </server>
+ <name>
+-HTTP-IPv6 GET with ip6-localhost --interface
++HTTP-IPv6 GET with localhost6 --interface
+ </name>
+ <command>
+--g "http://%HOST6IP:%HTTP6PORT/1083" --interface ip6-localhost
++-g "http://%HOST6IP:%HTTP6PORT/1083" --interface localhost6
+ </command>
+ <precheck>
+-perl -e "if ('%CLIENT6IP' ne '[::1]') {print 'Test requires default test client host address';} else {exec './server/resolve --ipv6 ip6-localhost'; print 'Cannot run precheck resolve';}"
++perl -e "if ('%CLIENT6IP' ne '[::1]') {print 'Test requires default test client host address';} else {exec './server/resolve --ipv6 localhost6'; print 'Cannot run precheck resolve';}"
+ </precheck>
+ </client>
+
+--- a/tests/data/test241
++++ b/tests/data/test241
+@@ -30,13 +30,13 @@ ipv6
+ http-ipv6
+ </server>
+ <name>
+-HTTP-IPv6 GET (using ip6-localhost)
++HTTP-IPv6 GET (using localhost6)
+ </name>
+ <command>
+--g "http://ip6-localhost:%HTTP6PORT/241"
++-g "http://localhost6:%HTTP6PORT/241"
+ </command>
+ <precheck>
+-./server/resolve --ipv6 ip6-localhost
++./server/resolve --ipv6 localhost6
+ </precheck>
+ </client>
+
+@@ -48,7 +48,7 @@ HTTP-IPv6 GET (using ip6-localhost)
+ </strip>
+ <protocol>
+ GET /241 HTTP/1.1
+-Host: ip6-localhost:%HTTP6PORT
++Host: localhost6:%HTTP6PORT
+ Accept: */*
+
+ </protocol>
diff --git a/curl/0105-curl-7.65.0-lib1560-valgrind.patch b/curl/0105-curl-7.65.0-lib1560-valgrind.patch
new file mode 100644
index 0000000..92089c2
--- /dev/null
+++ b/curl/0105-curl-7.65.0-lib1560-valgrind.patch
@@ -0,0 +1,39 @@
+From f55cca0e86f59ec11ffafd5c0503c39ca3723e2e Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Mon, 4 Feb 2019 17:32:56 +0100
+Subject: [PATCH] libtest: compile lib1560.c with -fno-builtin-strcmp
+
+... to prevent valgrind from reporting false positives on x86_64:
+
+Conditional jump or move depends on uninitialised value(s)
+ at 0x10BCAA: part2id (lib1560.c:489)
+ by 0x10BCAA: updateurl (lib1560.c:521)
+ by 0x10BCAA: set_parts (lib1560.c:630)
+ by 0x10BCAA: test (lib1560.c:802)
+ by 0x4923412: (below main) (in /usr/lib64/libc-2.28.9000.so)
+
+Conditional jump or move depends on uninitialised value(s)
+ at 0x10BCC3: part2id (lib1560.c:491)
+ by 0x10BCC3: updateurl (lib1560.c:521)
+ by 0x10BCC3: set_parts (lib1560.c:630)
+ by 0x10BCC3: test (lib1560.c:802)
+ by 0x4923412: (below main) (in /usr/lib64/libc-2.28.9000.so)
+---
+ tests/libtest/Makefile.inc | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc
+index 080421b..ea3b806 100644
+--- a/tests/libtest/Makefile.inc
++++ b/tests/libtest/Makefile.inc
+@@ -528,6 +528,7 @@ lib1559_SOURCES = lib1559.c $(SUPPORTFIL
+ lib1559_LDADD = $(TESTUTIL_LIBS)
+
+ lib1560_SOURCES = lib1560.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
++lib1560_CFLAGS = $(AM_CFLAGS) -fno-builtin-strcmp
+ lib1560_LDADD = $(TESTUTIL_LIBS)
+
+ lib1591_SOURCES = lib1591.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
+--
+2.17.2
+
diff --git a/curl/0302-curl-7.47.1-pkgconfig.patch b/curl/0302-curl-7.47.1-pkgconfig.patch
new file mode 100644
index 0000000..3dce68b
--- /dev/null
+++ b/curl/0302-curl-7.47.1-pkgconfig.patch
@@ -0,0 +1,17 @@
+This patch cleans up libcurl.pc to remove redundant compiler/linker
+flags that refer to standard directories, i.e.
+
+-L/usr/lib(64)?
+-I/usr/include
+
+--- libcurl.pc.in
++++ libcurl.pc.in
+@@ -35,6 +35,6 @@ Name: libcurl
+ URL: https://curl.haxx.se/
+ Description: Library to transfer files with ftp, http, etc.
+ Version: @CURLVERSION@
+-Libs: -L${libdir} -lcurl
++Libs: -lcurl
+ Libs.private: @LIBCURL_LIBS@
+-Cflags: -I${includedir} @CPPFLAG_CURL_STATICLIB@
++Cflags: @CPPFLAG_CURL_STATICLIB@
diff --git a/curl/README.md b/curl/README.md
new file mode 100644
index 0000000..3ba10a5
--- /dev/null
+++ b/curl/README.md
@@ -0,0 +1,5 @@
+curl upstream:
+http://mirror.city-fan.org/ftp/contrib/yum-repo/development/source/curl-7.66.0-1.1.cf.fc32.src.rpm
+
+reason for being in stackrpms:
+needed to build FreeFileSync
diff --git a/curl/curl-7.64.1-zsh-cpl.patch b/curl/curl-7.64.1-zsh-cpl.patch
new file mode 100644
index 0000000..070e508
--- /dev/null
+++ b/curl/curl-7.64.1-zsh-cpl.patch
@@ -0,0 +1,37 @@
+--- scripts/Makefile.am
++++ scripts/Makefile.am
+@@ -35,7 +35,7 @@ if CROSSCOMPILING
+ @echo "NOTICE: we can't generate zsh completion when cross-compiling!"
+ else # if not cross-compiling:
+ @if ! test -x "$(PERL)"; then echo "No perl: can't install completion.pl"; exit 0; fi
+- $(PERL) $(srcdir)/completion.pl --curl $(top_builddir)/src/curl$(EXEEXT) --shell zsh > $@
++ LD_LIBRARY_PATH=$(top_builddir)/lib/.libs $(PERL) $(srcdir)/completion.pl --curl $(top_builddir)/src/curl$(EXEEXT) --shell zsh > $@
+ endif
+
+ $(FISH_COMPLETION_FUNCTION_FILENAME): completion.pl
+@@ -43,7 +43,7 @@ if CROSSCOMPILING
+ @echo "NOTICE: we can't generate fish completion when cross-compiling!"
+ else # if not cross-compiling:
+ @if ! test -x "$(PERL)"; then echo "No perl: can't install completion.pl"; exit 0; fi
+- $(PERL) $(srcdir)/completion.pl --curl $(top_builddir)/src/curl$(EXEEXT) --shell fish > $@
++ LD_LIBRARY_PATH=$(top_builddir)/lib/.libs $(PERL) $(srcdir)/completion.pl --curl $(top_builddir)/src/curl$(EXEEXT) --shell fish > $@
+ endif
+
+ install-data-local:
+--- scripts/Makefile.in
++++ scripts/Makefile.in
+@@ -563,12 +563,12 @@ all-local: $(ZSH_COMPLETION_FUNCTION_FIL
+ $(ZSH_COMPLETION_FUNCTION_FILENAME): completion.pl
+ @CROSSCOMPILING_TRUE@ @echo "NOTICE: we can't generate zsh completion when cross-compiling!"
+ @CROSSCOMPILING_FALSE@ @if ! test -x "$(PERL)"; then echo "No perl: can't install completion.pl"; exit 0; fi
+-@CROSSCOMPILING_FALSE@ $(PERL) $(srcdir)/completion.pl --curl $(top_builddir)/src/curl$(EXEEXT) --shell zsh > $@
++@CROSSCOMPILING_FALSE@ LD_LIBRARY_PATH=$(top_builddir)/lib/.libs $(PERL) $(srcdir)/completion.pl --curl $(top_builddir)/src/curl$(EXEEXT) --shell zsh > $@
+
+ $(FISH_COMPLETION_FUNCTION_FILENAME): completion.pl
+ @CROSSCOMPILING_TRUE@ @echo "NOTICE: we can't generate fish completion when cross-compiling!"
+ @CROSSCOMPILING_FALSE@ @if ! test -x "$(PERL)"; then echo "No perl: can't install completion.pl"; exit 0; fi
+-@CROSSCOMPILING_FALSE@ $(PERL) $(srcdir)/completion.pl --curl $(top_builddir)/src/curl$(EXEEXT) --shell fish > $@
++@CROSSCOMPILING_FALSE@ LD_LIBRARY_PATH=$(top_builddir)/lib/.libs $(PERL) $(srcdir)/completion.pl --curl $(top_builddir)/src/curl$(EXEEXT) --shell fish > $@
+
+ install-data-local:
+ @CROSSCOMPILING_TRUE@ @echo "NOTICE: we can't install zsh completion when cross-compiling!"
diff --git a/curl/curl.spec b/curl/curl.spec
new file mode 100644
index 0000000..88181f9
--- /dev/null
+++ b/curl/curl.spec
@@ -0,0 +1,6326 @@
+# Detect the distribution in use
+%global __despace head -n 1 | tr -d '[:space:]' | sed -e 's/[(].*[)]//g'
+%global __lower4 cut -c 1-4 | tr '[:upper:]' '[:lower:]'
+%global __distfile %([ -f /etc/SuSE-release ] && echo /etc/SuSE-release || echo /etc/redhat-release)
+%global __distinit %(sed -e 's/ release .*//' -e 's/\\([A-Za-z]\\)[^ ]*/\\1/g' %{__distfile} | %{__despace} | %{__lower4})
+%global __distvers %(sed -e 's/.* release \\([^. ]*\\).*/\\1/' %{__distfile} | %{__despace})
+# Identify CentOS Linux and Scientific Linux as rhel
+%if "%{__distinit}" == "c" || "%{__distinit}" == "cl" || "%{__distinit}" == "sl" || "%{__distinit}" == "sls"
+%global __distinit rhel
+%endif
+# Dist tag for Fedora is still "fc"
+%if "%{__distinit}" == "f"
+%global __distinit fc
+%endif
+
+# Set to 0 for regular curl package, 1 for libcurl compatibility package
+%global compat 0
+
+# Use rpmbuild --without nss to build with OpenSSL rather than nss
+%{!?_without_nss: %{!?_with_nss: %global _with_nss --with-nss}}
+%{?_with_nss: %global disable_nss 0}
+%{?_without_nss: %global disable_nss 1}
+
+# Build with nss rather than OpenSSL for Fedora 16-26 and RHEL-7 unless OpenSSL is requested
+# (older distributions don't have recent enough nss versions)
+%global nss_ok %([ '(' 0%{?fedora} -gt 15 -a 0%{?fedora} -lt 27 ')' -o 0%{?rhel} -eq 7 ] && echo 1 || echo 0)
+%if %{nss_ok} && !%{disable_nss}
+%global ssl_provider nss
+%global ssl_versionreq >= 3.14.0
+%global use_nss 1
+%global have_openssl_libs 0
+%else
+%global ssl_provider openssl
+%global ssl_versionreq %{nil}
+%global use_nss 0
+# Have openssl-libs (with Epoch of 1) from Fedora 18, RHEL-7 onwards
+%global have_openssl_libs %([ 0%{?fedora} -gt 17 -o 0%{?rhel} -gt 6 ] && echo 1 || echo 0)
+%endif
+
+# Build with Posix threaded DNS lookups rather than using c-ares from Fedora 16, RHEL-7
+%global use_threads_posix %([ 0%{?fedora} -gt 15 -o 0%{?rhel} -gt 6 ] && echo 1 || echo 0)
+
+# Use libidn2 from Fedora 25 onwards
+%global use_libidn2 %([ 0%{?fedora} -gt 24 -o 0%{?rhel} -gt 7 ] && echo 1 || echo 0)
+
+# Also build (lib)curl-minimal from Fedora 27 onwards
+%global build_minimal %([ 0%{?fedora} -gt 26 -o 0%{?rhel} -gt 7 ] && echo 1 || echo 0)
+
+# Use libssh backend rather than libssh2 from Fedora 28 onwards
+%if %([ 0%{?fedora} -gt 27 -o 0%{?rhel} -gt 7 ] && echo 1 || echo 0)
+%global libssh libssh
+%global libssh_minimum_version 0.7.5
+%else
+%global libssh libssh2
+%global libssh_minimum_version 1.2
+%endif
+
+# Run the test suite using Python 3 from Fedora 28 onwards
+%if %([ 0%{?fedora} -gt 27 -o 0%{?rhel} -gt 7 ] && echo 1 || echo 0)
+%global test_python python3-devel
+%else
+%global test_python python2
+%endif
+
+Version: 7.66.0
+Release: 1.1.cf.%{__distinit}%{__distvers}
+%if %{compat}
+Summary: Curl library for compatibility with old applications
+Name: libcurl%(echo %{version} | tr -d .)
+Obsoletes: compat-libcurl < %{version}-%{release}
+Provides: compat-libcurl = %{version}-%{release}
+%else
+Summary: Utility for getting files from remote servers (FTP, HTTP, and others)
+Name: curl
+Provides: webclient
+%endif
+License: MIT
+Source0: https://curl.haxx.se/download/curl-%{version}.tar.xz
+
+# Fix memory leaked by parse_metalink()
+# (https://github.com/curl/curl/pull/4326)
+Patch1: 0001-curl-7.66.0-metalink-memleak.patch
+
+# Patch making libcurl multilib ready
+Patch101: 0101-curl-7.58.0-multilib.patch
+
+# Prevent configure script from discarding -g in CFLAGS (#496778)
+Patch102: 0102-curl-7.54.1-debug.patch
+
+# Migrate tests/http_pipe.py to Python 3
+Patch103: 0103-curl-7.62.0-python3.patch
+
+# Use localhost6 instead of ip6-localhost in the curl test-suite
+Patch104: 0104-curl-7.64.1-localhost6.patch
+
+# Prevent valgrind from reporting false positives on x86_64
+Patch105: 0105-curl-7.65.0-lib1560-valgrind.patch
+
+# Fix FTBFS when building curl dynamically with no libcurl.so.4 in system
+Patch300: curl-7.64.1-zsh-cpl.patch
+
+# Remove redundant compiler/linker flags from libcurl.pc
+# Assumes %%{_libdir} = /usr/lib or /usr/lib64 and %%{_includedir} = /usr/include
+Patch302: 0302-curl-7.47.1-pkgconfig.patch
+
+URL: https://curl.haxx.se/
+%if 0%{?fedora} > 28 || 0%{?rhel} > 7
+BuildRequires: brotli-devel
+%endif
+%if ! %{use_threads_posix}
+BuildRequires: c-ares-devel >= 1.6.0
+%endif
+BuildRequires: coreutils
+BuildRequires: gcc
+BuildRequires: krb5-devel
+%if %{use_libidn2}
+BuildRequires: libidn2-devel
+%endif
+BuildRequires: openldap-devel
+BuildRequires: pkgconfig
+BuildRequires: groff
+BuildRequires: libmetalink-devel
+%if 0%{?fedora} > 22 || 0%{?rhel:1}
+BuildRequires: libnghttp2-devel
+# nghttpx (an HTTP/2 proxy) is used by the upstream test-suite
+BuildRequires: nghttp2
+%endif
+%if 0%{?fedora} > 18 || 0%{?rhel} > 6
+BuildRequires: libpsl-devel
+%endif
+BuildRequires: %{libssh}-devel >= %{libssh_minimum_version}
+BuildRequires: make
+BuildRequires: perl-interpreter
+BuildRequires: sed
+BuildRequires: %{ssl_provider}-devel %{ssl_versionreq}
+BuildRequires: zlib-devel
+# Needed to compress content of tool_hugehelp.c after changing curl.1 man page
+BuildRequires: perl(IO::Compress::Gzip)
+# Needed for generation of shell completions
+BuildRequires: perl(Getopt::Long)
+BuildRequires: perl(Pod::Usage)
+BuildRequires: perl(strict)
+BuildRequires: perl(warnings)
+# Using an older version of libcurl could result in CURLE_UNKNOWN_OPTION
+Requires: libcurl%{?_isa} >= %{version}-%{release}
+%if ! %{use_nss}
+Requires: %{_sysconfdir}/pki/tls/certs/ca-bundle.crt
+%endif
+# Test suite requirements
+BuildRequires: gnutls-utils
+BuildRequires: openssh-clients
+BuildRequires: openssh-server
+BuildRequires: perl(Cwd)
+BuildRequires: perl(Digest::MD5)
+BuildRequires: perl(Exporter)
+BuildRequires: perl(File::Basename)
+BuildRequires: perl(File::Copy)
+BuildRequires: perl(File::Spec)
+BuildRequires: perl(IPC::Open2)
+BuildRequires: perl(MIME::Base64)
+BuildRequires: perl(Time::Local)
+BuildRequires: perl(Time::HiRes)
+BuildRequires: perl(vars)
+BuildRequires: stunnel
+# python used for http-pipe tests (190x)
+# requires python ≥ 2.7 but fails safely
+BuildRequires: %{test_python}
+
+# require at least the version of libpsl that we were built against,
+# to ensure that we have the necessary symbols available (#1631804)
+%if 0%{?fedora} > 18 || 0%{?rhel} > 6
+%global libpsl_version %(pkg-config --modversion libpsl 2>/dev/null || echo 0)
+%endif
+
+# require at least the version of libssh/libssh2 that we were built against,
+# to ensure that we have the necessary symbols available (#525002, #642796)
+%global libssh_version %(pkg-config --modversion %{libssh} 2>/dev/null || echo 0)
+
+# require at least the version of openssl-libs that we were built against,
+# to ensure that we have the necessary symbols available (#1462184, #1462211)
+%if %{have_openssl_libs}
+%global openssl_version %(pkg-config --modversion openssl 2>/dev/null || echo 0)
+%endif
+
+# same issue with c-ares
+%global cares_version %(pkg-config --modversion libcares 2>/dev/null || echo 0)
+
+%if ! %{compat}
+%description
+curl is a command line tool for transferring data with URL syntax, supporting
+FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP,
+SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP
+uploading, HTTP form based upload, proxies, cookies, user+password
+authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer
+resume, proxy tunneling and a busload of other useful tricks.
+
+%package -n libcurl
+Summary: A library for getting files from web servers
+# c-ares adds symbols that curl uses if available, so we need to enforce
+# version dependency
+%if ! %{use_threads_posix}
+Requires: c-ares%{?_isa} >= %{cares_version}
+%endif
+%if 0%{?fedora} > 18 || 0%{?rhel} > 6
+Requires: libpsl%{?_isa} >= %{libpsl_version}
+%endif
+# libssh/libssh2 adds symbols that curl uses if available, so we need to enforce
+# version dependency
+Requires: %{libssh}%{?_isa} >= %{libssh_version}
+# same issue with openssl
+%if %{have_openssl_libs}
+Requires: openssl-libs%{?_isa} >= 1:%{openssl_version}
+%endif
+# libnsspem.so is no longer included in the nss package from F-23 onwards (#1347336)
+%if 0%{?fedora} > 22 || 0%{?rhel} > 7
+%if %{use_nss}
+%if 0%{?fedora} > 24 || 0%{?rhel} > 7
+BuildRequires: nss-pem%{?_isa}
+Requires: nss-pem%{?_isa}
+%else
+BuildRequires: nss-pem
+Requires: nss-pem
+%endif
+%endif
+%endif
+
+%description -n libcurl
+libcurl is a free and easy-to-use client-side URL transfer library, supporting
+FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP,
+SMTP, POP3 and RTSP. libcurl supports SSL certificates, HTTP POST, HTTP PUT,
+FTP uploading, HTTP form based upload, proxies, cookies, user+password
+authentication (Basic, Digest, NTLM, Negotiate, Kerberos4), file transfer
+resume, HTTP proxy tunneling and more.
+
+%package -n libcurl-devel
+Requires: libcurl%{?_isa} = %{version}-%{release}
+Requires: %{ssl_provider}-devel %{ssl_versionreq}
+Requires: %{libssh}-devel
+Summary: Files needed for building applications with libcurl
+Provides: curl-devel = %{version}-%{release}
+Provides: curl-devel%{?_isa} = %{version}-%{release}
+Obsoletes: curl-devel < %{version}-%{release}
+# From Fedora 14, %%{_datadir}/aclocal is included in the filesystem package
+%if 0%{?fedora} < 14
+Requires: %{_datadir}/aclocal
+%endif
+
+%description -n libcurl-devel
+The libcurl-devel package includes header files and libraries necessary for
+developing programs that use the libcurl library. It contains the API
+documentation of the library, too.
+
+%if %{build_minimal}
+%package -n curl-minimal
+Summary: Conservatively configured build of curl for minimal installations
+Provides: curl = %{version}-%{release}
+Conflicts: curl
+# Using an older version of libcurl could result in CURLE_UNKNOWN_OPTION
+Requires: libcurl%{?_isa} >= %{version}-%{release}
+RemovePathPostfixes: .minimal
+# Needed for RemovePathPostfixes to work with shared libraries
+%undefine __brp_ldconfig
+
+%description -n curl-minimal
+This is a replacement of the 'curl' package for minimal installations. It
+comes with a limited set of features compared to the 'curl' package. On the
+other hand, the package is smaller and requires fewer run-time dependencies to
+be installed.
+
+%package -n libcurl-minimal
+Summary: Conservatively configured build of libcurl for minimal installations
+Provides: libcurl = %{version}-%{release}
+Provides: libcurl%{?_isa} = %{version}-%{release}
+Conflicts: libcurl
+RemovePathPostfixes: .minimal
+%if %{have_openssl_libs}
+Requires: openssl-libs%{?_isa} >= 1:%{openssl_version}
+%endif
+
+%description -n libcurl-minimal
+This is a replacement of the 'libcurl' package for minimal installations. It
+comes with a limited set of features compared to the 'libcurl' package. On the
+other hand, the package is smaller and requires fewer run-time dependencies to
+be installed.
+%endif
+%else
+%description
+This package provides an old version of cURL's libcurl library, necessary
+for some old applications that have not been rebuilt against an up to date
+version of cURL.
+%endif
+
+%prep
+%setup -q -n curl-%{version}
+
+# Upstream patches
+%patch1 -p1
+
+# Fedora Patches
+%patch101 -p1
+%patch102 -p1
+%patch104 -p1
+%patch105 -p1
+
+# Local Patches
+%patch300
+%patch302
+
+# Make tests/*.py use Python 3 from Fedora 28 onwards
+%if "%{test_python}" == "python3-devel"
+%patch103 -p1
+sed -e '1 s|^#!/.*python|#!%{__python3}|' -i tests/*.py
+%endif
+
+# ssh-related tests 582, 600-642, 656, 1446, 2004 fail for as-yet unknown reasons on F-12 to F-15
+# Does not seem to be related to SELinux or use of POSIX threaded DNS resolver
+%if 0%{?fedora} > 11 && 0%{?fedora} < 16
+for test in 582 \
+ 600 601 602 603 604 605 606 607 608 609 \
+ 610 611 612 613 614 615 616 617 618 619 \
+ 620 621 622 623 624 625 626 627 628 629 \
+ 630 631 633 634 635 636 637 638 639 \
+ 640 641 642 \
+ 656 \
+ 1446 1456 2004; do
+ echo $test
+done >> tests/data/DISABLED
+%endif
+
+# Adapt test 323 for updated OpenSSL
+sed -i -e 's/^35$/35,52/' tests/data/test323
+
+%build
+%if ! %{use_nss}
+export CPPFLAGS="$(pkg-config --cflags openssl)"
+%endif
+[ -x /usr/kerberos/bin/krb5-config ] && KRB5_PREFIX="=/usr/kerberos"
+mkdir build-{full,minimal}
+%global _configure ../configure
+export common_configure_opts=" \
+ --cache-file=../config.cache \
+ --disable-static \
+ --enable-symbol-hiding \
+ --enable-ipv6 \
+%if %{use_threads_posix}
+ --enable-threaded-resolver \
+%else
+ --enable-ares \
+%endif
+ --with-gssapi${KRB5_PREFIX} \
+%if 0%{?fedora} > 22 || 0%{?rhel:1}
+ --with-nghttp2 \
+%endif
+%if %{use_nss}
+ --with-nss \
+ --without-ssl \
+ --without-ca-bundle \
+%else
+ --with-ssl \
+ --with-ca-bundle=%{_sysconfdir}/pki/tls/certs/ca-bundle.crt \
+%endif
+ "
+
+# configure minimal build
+%if %{build_minimal}
+(
+ cd build-minimal
+ %configure $common_configure_opts \
+ --disable-ldap \
+ --disable-ldaps \
+ --disable-manual \
+ --without-brotli \
+ --without-libidn2 \
+ --without-libmetalink \
+ --without-libpsl \
+ --without-%{libssh}
+)
+%endif
+
+# configure full build
+(
+ cd build-full
+ %configure $common_configure_opts \
+ --enable-ldap \
+ --enable-ldaps \
+ --enable-manual \
+%if 0%{?fedora} > 28 || 0%{?rhel} > 7
+ --with-brotli \
+%else
+ --without-brotli \
+%endif
+%if %{use_libidn2}
+ --with-libidn2 \
+%endif
+ --with-libmetalink \
+%if 0%{?fedora} > 18 || 0%{?rhel} > 6
+ --with-libpsl \
+%endif
+ --with-%{libssh}
+)
+
+# Remove bogus rpath
+sed -i \
+ -e 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' \
+ -e 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' \
+%if %{build_minimal}
+ build-{full,minimal}/libtool
+%else
+ build-full/libtool
+%endif
+
+%if %{build_minimal}
+make %{_smp_mflags} V=1 -C build-minimal
+%endif
+make %{_smp_mflags} V=1 -C build-full
+
+%install
+%if %{build_minimal}
+# Install and rename the library that will be packaged as libcurl-minimal
+make DESTDIR=%{buildroot} INSTALL="install -p" install -C build-minimal/lib
+rm -f %{buildroot}%{_libdir}/libcurl.{la,so}
+for i in %{buildroot}%{_libdir}/*; do
+ mv -v $i $i.minimal
+done
+
+# Install and rename the executable that will be packaged as curl-minimal
+make DESTDIR=%{buildroot} INSTALL="install -p" install -C build-minimal/src
+mv -v %{buildroot}%{_bindir}/curl{,.minimal}
+%endif
+
+# Install the executable and library that will be packaged as curl and libcurl
+make DESTDIR=%{buildroot} INSTALL="install -p" install -C build-full
+
+# Install zsh completion for curl
+# (we have to override LD_LIBRARY_PATH because we eliminated rpath)
+LD_LIBRARY_PATH="%{buildroot}%{_libdir}:$LD_LIBRARY_PATH" \
+ make DESTDIR=%{buildroot} INSTALL="install -p" \
+ install -C build-full/scripts
+
+# --disable-static not always honoured
+rm -f %{buildroot}%{_libdir}/libcurl.a
+install -d %{buildroot}%{_datadir}/aclocal
+install -m 644 -p docs/libcurl/libcurl.m4 %{buildroot}%{_datadir}/aclocal
+
+%check
+# Skip the (lengthy) checks on EOL Fedora releases (over ~400 days old)
+# Also run on Fedora 13, have seen test failures on F12..F15
+if [ -z "$(find /etc/fedora-release -mtime +400)" %{?rhel:-o rhel} -o "%{?fedora}" = "13" ]; then
+ export LD_LIBRARY_PATH=%{buildroot}%{_libdir}
+ cd build-full/tests
+ make %{?_smp_mflags} V=1
+
+ # Relax crypto policy for the test-suite to make it pass again (#1610888)
+ export OPENSSL_SYSTEM_CIPHERS_OVERRIDE=XXX
+ export OPENSSL_CONF=
+
+ # Run the upstream test-suite
+ srcdir=../../tests perl -I../../tests ../../tests/runtests.pl -a -p -v '!flaky'
+ cd -
+fi
+
+%if %([ 0%{?fedora} -lt 28 -a 0%{?rhel} -lt 8 ] && echo 1 || echo 0)
+%if ! %{compat}
+%post -n libcurl -p /sbin/ldconfig
+%postun -n libcurl -p /sbin/ldconfig
+%if %{build_minimal}
+%post -n libcurl-minimal -p /sbin/ldconfig
+%postun -n libcurl-minimal -p /sbin/ldconfig
+%endif
+%else
+%post -p /sbin/ldconfig
+%postun -p /sbin/ldconfig
+%endif
+%endif
+
+%files
+%doc CHANGES README*
+%doc docs/BUGS docs/DEPRECATE.md docs/FAQ docs/FEATURES docs/SECURITY-PROCESS.md
+%doc docs/TODO docs/RESOURCES docs/TheArtOfHttpScripting
+%if ! %{compat}
+%{_bindir}/curl
+%{_datadir}/fish/
+%{_datadir}/zsh/
+%{_mandir}/man1/curl.1*
+%else
+%if 0%{?_licensedir:1}
+%license COPYING
+%else
+%doc COPYING
+%endif
+%exclude %{_bindir}/curl
+%exclude %{_datadir}/zsh/site-functions/_curl
+%exclude %{_mandir}/man1/curl.1*
+%{_libdir}/libcurl.so.*
+%endif
+
+%if ! %{compat}
+%files -n libcurl
+%if 0%{?_licensedir:1}
+%license COPYING
+%else
+%doc COPYING
+%endif
+%{_libdir}/libcurl.so.4
+%{_libdir}/libcurl.so.4.[0-9].[0-9]
+
+%files -n libcurl-devel
+%doc docs/examples/*.c docs/examples/Makefile.example docs/INTERNALS.md
+%doc docs/CHECKSRC.md docs/CONTRIBUTE.md docs/libcurl/ABI docs/CODE_STYLE.md
+%doc docs/GOVERNANCE.md
+%{_bindir}/curl-config
+%{_includedir}/curl/
+%{_libdir}/*.so
+%{_libdir}/pkgconfig/libcurl.pc
+%{_mandir}/man1/curl-config.1*
+%{_mandir}/man3/*
+%{_datadir}/aclocal/libcurl.m4
+
+%if %{build_minimal}
+%files -n curl-minimal
+%{_bindir}/curl.minimal
+%{_mandir}/man1/curl.1*
+
+%files -n libcurl-minimal
+%license COPYING
+%{_libdir}/libcurl.so.4.minimal
+%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
+%endif
+%else
+%exclude %{_bindir}/curl-config
+%exclude %{_includedir}/curl/
+%exclude %{_libdir}/*.so
+%exclude %{_libdir}/pkgconfig/libcurl.pc
+%exclude %{_mandir}/man1/curl-config.1*
+%exclude %{_mandir}/man3/*
+%exclude %{_datadir}/aclocal/libcurl.m4
+%endif
+%exclude %{_libdir}/libcurl.la
+
+%changelog
+* Fri Sep 13 2019 Paul Howarth <paul@city-fan.org> - 7.66.0-1.1.cf
+- curl: Fix memory leaked by parse_metalink()
+ (https://github.com/curl/curl/pull/4326)
+
+* Wed Sep 11 2019 Paul Howarth <paul@city-fan.org> - 7.66.0-1.0.cf
+- Update to 7.66.0
+ - CVE-2019-5481: FTP-KRB double-free
+ - CVE-2019-5482: TFTP small blocksize heap buffer overflow
+ - CURLINFO_RETRY_AFTER: Parse the Retry-After header value
+ - HTTP3: Initial (experimental still not working) support
+ - curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool
+ - curl: Support parallel transfers with -Z
+ - curl_multi_poll: A sister to curl_multi_wait() that waits more
+ - sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID
+ - CI: Remove duplicate configure flag for LGTM.com
+ - CMake: Remove needless newlines at end of gss variables
+ - CMake: Use platform dependent name for dlopen() library
+ - CURLINFO docs: Mention that in redirects times are added
+ - CURLOPT_ALTSVC.3: Use a "" file name to not load from a file
+ - CURLOPT_ALTSVC_CTRL.3: Remove CURLALTSVC_ALTUSED
+ - CURLOPT_HEADERFUNCTION.3: Clarify
+ - CURLOPT_HTTP_VERSION: Setting this to 3 forces HTTP/3 use directly
+ - CURLOPT_READFUNCTION.3: Provide inline example
+ - CURLOPT_SSL_VERIFYHOST: Treat the value 1 as 2
+ - Curl_addr2string: Take an addrlen argument too
+ - Curl_fillreadbuffer: Avoid double-free trailer buf on error
+ - HTTP: Use chunked Transfer-Encoding for HTTP_POST if size unknown
+ - alt-svc: Add protocol version selection masking
+ - alt-svc: Fix removal of expired cache entry
+ - alt-svc: Make it use h3-22 with ngtcp2 as well
+ - alt-svc: More liberal ALPN name parsing
+ - alt-svc: Send Alt-Used: in redirected requests
+ - alt-svc: With quiche, use the quiche h3 alpn string
+ - appveyor: Pass on -k to make
+ - asyn-thread: Create a socketpair to wait on
+ - build-openssl: Fix build with Visual Studio 2019
+ - cleanup: Move functions out of url.c and make them static
+ - cleanup: Remove the 'numsocks' argument used in many places
+ - configure: Avoid undefined check_for_ca_bundle
+ - curl.h: Add CURL_HTTP_VERSION_3 to the version enum
+ - curl.h: Fix outdated comment
+ - curl: Cap the maximum allowed values for retry time arguments
+ - curl: Handle a libcurl build without netrc support
+ - curl: Make use of CURLINFO_RETRY_AFTER when retrying
+ - curl: Remove outdated comment
+ - curl: Use .curlrc (with a dot) on Windows
+ - curl: Use CURLINFO_PROTOCOL to check for HTTP(s)
+ - curl_global_init_mem.3: Mention it was added in 7.12.0
+ - curl_version: Bump string buffer size to 250
+ - curl_version_info.3: Mentioned ALTSVC and HTTP3
+ - curl_version_info: Offer quic (and h3) library info
+ - curl_version_info: Provide nghttp2 details
+ - defines: Avoid underscore-prefixed defines
+ - docs/ALTSVC: Remove what works and the experimental explanation
+ - docs/EXPERIMENTAL: Explain what it means and what's experimental now
+ - docs/MANUAL.md: Converted to markdown from plain text
+ - docs/examples/curlx: Fix errors
+ - docs: s/curl_debug/curl_dbg_debug in comments and docs
+ - easy: Resize receive buffer on easy handle reset
+ - examples: Avoid reserved names in hiperfifo examples
+ - examples: Add http3.c, altsvc.c and http3-present.c
+ - getenv: Support up to 4K environment variable contents on Windows
+ - http09: Disable HTTP/0.9 by default in both tool and library
+ - http2: When marked for closure and wanted to close == OK
+ - http2_recv: Trigger another read when the last data is returned
+ - http: Fix use of credentials from URL when using HTTP proxy
+ - http_negotiate: Improve handling of gss_init_sec_context() failures
+ - md4: Use our own MD4 when no crypto libraries are available
+ - multi: Call detach_connection before Curl_disconnect
+ - netrc: Make the code try ".netrc" on Windows
+ - nss: Use TLSv1.3 as default if supported
+ - openssl: Build warning free with boringssl
+ - openssl: Use SSL_CTX_set_<min|max>_proto_version() when available
+ - plan9: Add support for running on Plan 9
+ - progress: Reset download/uploaded counter between transfers
+ - readwrite_data: Repair setting the TIMER_STARTTRANSFER stamp
+ - scp: Fix directory name length used in memcpy
+ - smb: Initialize *msg to NULL in smb_send_and_recv()
+ - smtp: Check for and bail out on too short EHLO response
+ - source: Remove names from source comments
+ - spnego_sspi: Add typecast to fix build warning
+ - src/makefile: Fix uncompressed hugehelp.c generation
+ - ssh-libssh: Do not specify O_APPEND when not in append mode
+ - ssh: Move code into vssh for SSH backends
+ - sspi: Fix memory leaks
+ - tests: Replace outdated test case numbering documentation
+ - tftp: Return error when packet is too small for options
+ - timediff: Make it 64 bit (if possible) even with 32 bit time_t
+ - travis: Reduce number of torture tests in 'coverage'
+ - url: Make use of new HTTP version if alt-svc has one
+ - urlapi: Verify the IPv6 numerical address
+ - urldata: Avoid 'generic', use dedicated pointers
+ - vauth: Use CURLE_AUTH_ERROR for auth function errors
+
+* Tue Aug 27 2019 Paul Howarth <paul@city-fan.org> - 7.65.3-4.0.cf
+- Avoid reporting spurious error in the HTTP2 framing layer (#1690971)
+
+* Thu Aug 1 2019 Paul Howarth <paul@city-fan.org> - 7.65.3-3.0.cf
+- Improve handling of gss_init_sec_context() failures
+
+* Thu Jul 25 2019 Paul Howarth <paul@city-fan.org> - 7.65.3-2.0.cf
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Fri Jul 19 2019 Paul Howarth <paul@city-fan.org> - 7.65.3-1.0.cf
+- Update to 7.65.3
+ - progress: Make the progress meter appear again
+
+* Wed Jul 17 2019 Paul Howarth <paul@city-fan.org> - 7.65.2-1.0.cf
+- Update to 7.65.2
+ - CIPHERS.md: Explain Schannel error SEC_E_ALGORITHM_MISMATCH
+ - CMake: Convert errant elseif() to else()
+ - CMake: Fix finding Brotli on case-sensitive file systems
+ - CURLMOPT_SOCKETFUNCTION.3: Clarified
+ - CURLMOPT_SOCKETFUNCTION.3: Fix typo
+ - CURLOPT_CAINFO.3: Polished wording
+ - CURLOPT_HEADEROPT.3: Fix example
+ - CURLOPT_RANGE.3: Caution against using it for HTTP PUT
+ - CURLOPT_SEEKDATA.3: Fix variable name
+ - DEPRECATE: Fixup versions and spelling
+ - bindlocal: Detect and avoid IP version mismatches in bind()
+ - build: Fix Codacy warnings
+ - buildconf.bat: Fix header filename
+ - c-ares: Honour port numbers in CURLOPT_DNS_SERVERS
+ - config-os400: Add getpeername and getsockname defines
+ - configure: --disable-progress-meter
+ - configure: Fix --disable-code-coverage
+ - configure: Fix typo '--disable-http-uath'
+ - configure: More --disable switches to toggle off individual features
+ - configure: Remove CURL_DISABLE_TLS_SRP
+ - conn_maxage: Move the check to prune_dead_connections()
+ - curl: Skip CURLOPT_PROXY_CAPATH for disabled-proxy builds
+ - curl_multi_wait.3: Escape backslash in example
+ - docs: Explain behaviour change in --tlsv1. options since 7.54
+ - docs: Fix links to OpenSSL docs
+ - docs: Fix string suggesting HTTP/2 is not the default
+ - examples/fopen: Fix comparison
+ - examples/htmltitle: Use C++ casts between pointer types
+ - headers: Remove no longer exported functions
+ - http2: Call done_sending on end of upload
+ - http2: Don't call stream-close on already closed streams
+ - http2: Remove CURL_DISABLE_TYPECHECK define
+ - http: Allow overriding timecond with custom header
+ - http: Clarify header buffer size calculation
+ - krb5: Fix compiler warning
+ - lib: Use UTF-8 encoding in comments
+ - libcurl-tutorial.3: Fix small typo (mutipart → multipart)
+ - libcurl: Restrict redirect schemes to HTTP, HTTPS, FTP and FTPS
+ - multi: Enable multiplexing by default (again)
+ - multi: Fix the transfer hashes in the socket hash entries
+ - multi: Make sure 'data' can present in several sockhash entries
+ - netrc: Return the correct error code when out of memory
+ - nss: Don't set unused parameter
+ - nss: Inspect return value of token check
+ - nss: Only cache valid CRL entries
+ - nss: Support using libnss on macOS
+ - openssl: define HAVE_SSL_GET_SHUTDOWN based on version number
+ - openssl: Disable engine if OPENSSL_NO_UI_CONSOLE is defined
+ - openssl: Fix pubkey/signature algorithm detection in certinfo
+ - openssl: Remove outdated comment
+ - os400: Make vsetopt() non-static as Curl_vsetopt() for os400 support
+ - quote.d: Asterisk prefix works for SFTP as well
+ - runtests: Keep logfiles around by default
+ - runtests: Report single test time + total duration
+ - smb: Use the correct error code for access denied on file open
+ - sws: Remove unused variables
+ - system_win32: Fix clang warning
+ - system_win32: Fix typo
+ - test1165: Verify that CURL_DISABLE_ symbols are in sync
+ - test1521: Adapt to SLISTPOINT
+ - test1523: Test CURLOPT_LOW_SPEED_LIMIT
+ - test153: Fix content-length to avoid occasional hang
+ - test188/189: Fix Content-Length
+ - tests: Have runtests figure out disabled features
+ - tests: Support non-localhost HOSTIP for dict/smb servers
+ - tests: Update fixed IP for hostip/clientip split
+ - tool_cb_prg: Fix integer overflow in progress bar
+ - travis: Disable threaded resolver for coverage build
+ - travis: Enable alt-svc for coverage build
+ - travis: Enable brotli for all xenial jobs
+ - travis: Enable libssh2 for coverage build
+ - travis: Enable warnings-as-errors for coverage build
+ - travis: Update scan-build job to xenial
+ - typecheck: CURLOPT_CONNECT_TO takes an slist too
+ - typecheck: Add 3 missing strings and a callback data pointer
+ - unit1654: Cleanup on memory failure
+ - unpause: Trigger a timeout for event-based transfers
+ - url: Fix CURLOPT_MAXAGE_CONN time comparison
+ - win32: Make DLL loading a no-op for UWP
+ - winbuild: Change Makefile to honor ENABLE_OPENSSL_AUTO_LOAD_CONFIG
+ - winbuild: Use WITH_PREFIX if given
+ - wolfssl: Refer to it as wolfSSL only
+
+* Wed Jun 5 2019 Paul Howarth <paul@city-fan.org> - 7.65.1-1.0.cf
+- Update to 7.65.1
+ - CURLOPT_LOW_SPEED_* repaired
+ - NTLM: Reset proxy "multipass" state when CONNECT request is done
+ - PolarSSL: Deprecate support step 1 - removed from configure
+ - appveyor: Add Visual Studio solution build
+ - cmake: Check for if_nametoindex()
+ - cmake: Support CMAKE_OSX_ARCHITECTURES when detecting SIZEOF variables
+ - config-win32: Add support for if_nametoindex and getsockname
+ - conncache: Remove the DEBUGASSERT on length check
+ - conncache: Make "bundles" per host name when doing proxy tunnels
+ - curl-win32.h: Enable Unix Domain Sockets based on the Windows SDK version
+ - curl_share_setopt.3: Improve wording
+ - dump-header.d: Spell out that no headers == empty file
+ - example/http2-download: Fix format specifier
+ - examples: Clean-ups and compiler warning fixes
+ - http2: Stop drain from being permanently set
+ - http: Don't parse body-related headers in bodyless responses
+ - md4: Build correctly with openssl without MD4
+ - md4: include the mbedtls config.h to get the MD4 info
+ - multi: Track users of a socket better
+ - nss: Allow to specify TLS 1.3 ciphers if supported by NSS
+ - parse_proxy: Make sure portptr is initialized
+ - parse_proxy: Use the IPv6 zone id if given
+ - sectransp: Handle errSSLPeerAuthCompleted from SSLRead()
+ - singlesocket: Use separate variable for inner loop
+ - ssl: Update outdated "openssl-only" comments for supported backends
+ - tests: Add HAProxy keywords
+ - tests: Add support to test against OpenSSH for Windows
+ - tests: Make test 1420 and 1406 work with rtsp-disabled libcurl
+ - tls13-docs: Mention it is only for OpenSSL ≥ 1.1.1
+ - tool_parse_cfg: Avoid 2 fopen() for WIN32
+ - tool_setopt: For builds with disabled-proxy, skip all proxy setopts()
+ - url: Load if_nametoindex() dynamically from iphlpapi.dll on Windows
+ - url: Fix bad feature-disable #ifdef
+ - url: Use correct port in ConnectionExists()
+ - winbuild: Use two space indentation
+
+* Thu May 30 2019 Paul Howarth <paul@city-fan.org> - 7.65.0-2.0.cf
+- Fix spurious timeout events with speed-limit (#1714893)
+
+* Wed May 22 2019 Paul Howarth <paul@city-fan.org> - 7.65.0-1.0.cf
+- Update to 7.65.0
+ - CURLOPT_DNS_USE_GLOBAL_CACHE: removed
+ - CURLOPT_MAXAGE_CONN: Set the maximum allowed age for conn reuse
+ - pipelining: Removed
+ - CVE-2019-5435: Integer overflows in curl_url_set
+ - CVE-2019-5436: tftp: Use the current blksize for recvfrom()
+ - --config: Clarify that initial : and = might need quoting
+ - AppVeyor: Enable testing for WinSSL build
+ - CURLMOPT_TIMERFUNCTION.3: Warn about the recursive risk
+ - CURLOPT_ADDRESS_SCOPE: Fix range check and more
+ - CURLOPT_CAINFO.3: With Schannel, you want Windows 8 or later
+ - CURLOPT_CHUNK_BGN_FUNCTION.3: Document the struct and time value
+ - CURLOPT_READFUNCTION.3: See also CURLOPT_UPLOAD_BUFFERSIZE
+ - CURL_MAX_INPUT_LENGTH: Largest acceptable string input size
+ - Curl_disconnect: Treat all CONNECT_ONLY connections as "dead"
+ - INTERNALS: Add code highlighting
+ - OS400/ccsidcurl: Replace use of Curl_vsetopt
+ - OpenSSL: Report -fips in version if OpenSSL is built with FIPS
+ - README.md: Fix no-consecutive-blank-lines Codacy warning
+ - VC15 project: Remove MinimalRebuild
+ - VS projects: Use Unicode for VC10+
+ - WRITEFUNCTION: Add missing set_in_callback around callback
+ - altsvc: Fix building with cookies disabled
+ - auth: Rename the various authentication clean up functions
+ - base64: Build conditionally if there are users
+ - build-openssl.bat: Fixed support for OpenSSL v1.1.0+
+ - build: Fix "clarify calculation precedence" warnings
+ - checksrc.bat: Ignore snprintf warnings in docs/examples
+ - cirrus: Customize the disabled tests per FreeBSD version
+ - cleanup: Remove FIXME and TODO comments
+ - cmake: Avoid linking executable for some tests with cmake 3.6+
+ - cmake: Clear CMAKE_REQUIRED_LIBRARIES after each use
+ - cmake: Rename CMAKE_USE_DARWINSSL to CMAKE_USE_SECTRANSP
+ - cmake: Set SSL_BACKENDS
+ - configure: Avoid unportable '==' test(1) operator
+ - configure: Error out if OpenSSL wasn't detected when asked for
+ - configure: Fix default location for fish completions
+ - cookie: Guard against possible NULL ptr deref
+ - curl: Make code work with protocol-disabled libcurl
+ - curl: Report error for "--no-" on non-boolean options
+ - curl_easy_getinfo.3: Fix minor formatting mistake
+ - curlver.h: Use parenthesis in CURL_VERSION_BITS macro
+ - docs/BUG-BOUNTY: Bug bounty time
+ - docs/INSTALL: Fix broken link
+ - docs/RELEASE-PROCEDURE: Link to live iCalendar
+ - documentation: Fix several typos
+ - doh: Acknowledge CURL_DISABLE_DOH
+ - doh: Disable DOH for the cases it doesn't work
+ - examples: Remove unused variables
+ - ftplistparser: Fix LGTM alert "Empty block without comment"
+ - hostip: Acknowledge CURL_DISABLE_SHUFFLE_DNS
+ - http: Ignore HTTP/2 prior knowledge setting for HTTP proxies
+ - http: Acknowledge CURL_DISABLE_HTTP_AUTH
+ - http: Mark bundle as not for multiuse on < HTTP/2 response
+ - http_digest: Don't expose functions when HTTP and Crypto Auth are disabled
+ - http_negotiate: Do not treat failure of gss_init_sec_context() as fatal
+ - http_ntlm: Corrected the name of the include guard
+ - http_ntlm_wb: Handle auth for only a single request
+ - http_ntlm_wb: Return the correct error on receiving an empty auth message
+ - lib509: Add missing include for strdup
+ - lib557: Initialize variables
+ - makedebug: Fix ERRORLEVEL detection after running where.exe
+ - mbedtls: Enable use of EC keys
+ - mime: Acknowledge CURL_DISABLE_MIME
+ - multi: Improved HTTP_1_1_REQUIRED handling
+ - netrc: Acknowledge CURL_DISABLE_NETRC
+ - nss: Allow fifos and character devices for certificates
+ - nss: Provide more specific error messages on failed init
+ - ntlm: Fix misaligned function comments for Curl_auth_ntlm_cleanup
+ - ntlm: Support the NT response in the type-3 when OpenSSL doesn't include MD4
+ - openssl: Mark connection for close on TLS close_notify
+ - openvms: Remove pre-processor for SecureTransport
+ - openvms: Remove pre-processors for Windows
+ - parse_proxy: Use the URL parser API
+ - parsedate: Disabled on CURL_DISABLE_PARSEDATE
+ - pingpong: Disable more when no pingpong protocols are enabled
+ - polarssl_threadlock: Remove conditionally unused code
+ - progress: Acknowledge CURL_DISABLE_PROGRESS_METER
+ - proxy: Acknowledge DISABLE_PROXY more
+ - resolve: Apply Happy Eyeballs philosophy to parallel c-ares queries
+ - revert "multi: Support verbose conncache closure handle"
+ - sasl: Don't send authcid as authzid for the PLAIN mechanism as per RFC 4616
+ - sasl: Only enable if there's a protocol enabled using it
+ - scripts: Fix typos
+ - singleipconnect: Show port in the verbose "Trying ..." message
+ - smtp: Fix compiler warning
+ - socks5: User name and passwords must be shorter than 256
+ - socks: Fix error message
+ - socksd: New SOCKS 4+5 server for tests
+ - spnego_gssapi: Fix return code on gss_init_sec_context() failure
+ - ssh-libssh: Remove unused variable
+ - ssh: Define USE_SSH if SSH is enabled (any backend)
+ - ssh: Move variable declaration to where it's used
+ - test1002: Correct the name
+ - test2100: Fix typos in test description
+ - tests/server/util: Fix Windows Unicode build
+ - tests: Run global cleanup at end of tests
+ - tests: Make Impacket (SMB server) Python 3 compatible
+ - tool_cb_wrt: Fix bad-function-cast warning
+ - tool_formparse: Remove redundant assignment
+ - tool_help: Warn if curl and libcurl versions do not match
+ - tool_help: include <strings.h> for strcasecmp
+ - transfer: Fix LGTM alert "Comparison is always true"
+ - travis: Add an osx http-only build
+ - travis: Allow builds on branches named "ci"
+ - travis: Install dependencies only when needed
+ - travis: Update some builds do Xenial
+ - travis: Updated mesalink builds
+ - url: Always clone the CUROPT_CURLU handle
+ - url: Convert the zone id from a IPv6 URL to correct scope id
+ - urlapi: Add CURLUPART_ZONEID to set and get
+ - urlapi: Increase supported scheme length to 40 bytes
+ - urlapi: Require a non-zero host name length when parsing URL
+ - urlapi: Stricter CURLUPART_PORT parsing
+ - urlapi: Strip off zone id from numerical IPv6 addresses
+ - urlapi: urlencode characters above 0x7f correctly
+ - vauth/cleartext: Update the PLAIN login to match RFC 4616
+ - vauth/oauth2: Fix OAUTHBEARER token generation
+ - vauth: Fix incorrect function description for Curl_auth_user_contains_domain
+ - vtls: Fix potential ssl_buffer stack overflow
+ - wildcard: Disable from build when FTP isn't present
+ - winbuild: Support MultiSSL builds
+ - xattr: Skip unittest on unsupported platforms
+- Re-enable fish completions as they shouldn't conflict with fish any more
+
+* Thu May 09 2019 Paul Howarth <paul@city-fan.org> - 7.64.1-2.0.cf
+- Do not treat failure of gss_init_sec_context() with --negotiate as fatal
+
+* Thu Apr 4 2019 Paul Howarth <paul@city-fan.org> - 7.64.1-1.1.cf
+- Rebuild without fish completion support, which conflicts with fish itself
+
+* Wed Mar 27 2019 Paul Howarth <paul@city-fan.org> - 7.64.1-1.0.cf
+- Update to 7.64.1
+ - alt-svc: Experimental support added
+ - configure: Add --with-amissl
+ - AppVeyor: Add MinGW-w64 and classic Mingw builds
+ - AppVeyor: Switch VS 2015 builds to VS 2017 image
+ - CURLU: Fix NULL dereference when used over proxy
+ - Curl_easy: Remove req.maxfd - never used!
+ - Curl_now: Figure out windows version in win32_init
+ - Curl_resolv: Fix a gcc -Werror=maybe-uninitialized warning
+ - DoH: Inherit some SSL options from user's easy handle
+ - Secure Transport: No more "darwinssl"
+ - Secure Transport: tvOS 11 is required for ALPN support
+ - cirrus: Added FreeBSD builds using Cirrus CI
+ - cleanup: Make local functions static
+ - cli tool: Do not use mime.h private structures
+ - cmdline-opts/proxytunnel.d: The option tunnels all protocols
+ - configure: Add additional libraries to check for LDAP support
+ - configure: Remove the unused fdopen macro
+ - configure: Show features as well in the final summary
+ - conncache: Use conn->data to know if a transfer owns it
+ - connection: Never reuse CONNECT_ONLY connections
+ - connection_check: Restore original conn->data after the check
+ - connection_check: Set ->data to the transfer doing the check
+ - cookie: Add support for cookie prefixes
+ - cookies: Dotless names can set cookies again
+ - cookies: Fix NULL dereference if flushing cookies with no CookieInfo set
+ - curl.1: --user and --proxy-user are hidden from ps output
+ - curl.1: Mark the argument to --cookie as <data|filename>
+ - curl.h: Use __has_declspec_attribute for shared builds
+ - curl: Display --version features sorted alphabetically
+ - curl: Fix FreeBSD compiler warning in the --xattr code
+ - curl: Remove MANUAL from -M output
+ - curl_easy_duphandle.3: Clarify that a duped handle has no shares
+ - curl_multi_remove_handle.3: Use at any time, just not from within callbacks
+ - curl_url.3: This API is not experimental any more
+ - dns: Release sharelock as soon as possible
+ - docs: Update max-redirs.d phrasing
+ - easy: Fix win32 init to work without CURL_GLOBAL_WIN32
+ - examples/10-at-a-time.c: Improve readability and simplify
+ - examples/cacertinmem.c: Use multiple certificates for loading CA-chain
+ - examples/crawler: Fix the Accept-Encoding setting
+ - examples/ephiperfifo.c: Various fixes
+ - examples/externalsocket: Add missing close socket calls
+ - examples/http2-download: Cleaned up
+ - examples/http2-serverpush: Add some sensible error checks
+ - examples/http2-upload: Cleaned up
+ - examples/httpcustomheader: Value stored to 'res' is never read
+ - examples/postinmemory: Potential leak of memory pointed to by 'chunk.memory'
+ - examples/sftpuploadresume: Value stored to 'result' is never read
+ - examples: Only include <curl/curl.h>
+ - examples: Remove recursive calls to curl_multi_socket_action
+ - examples: Remove superfluous null-pointer checks
+ - file: Fix "Checking if unsigned variable 'readcount' is less than zero"
+ - fnmatch: Disable if FTP is disabled
+ - gnutls: Remove call to deprecated gnutls_compression_get_name
+ - gopher: Remove check for path == NULL
+ - gssapi: Fix deprecated header warnings
+ - hostip: Make create_hostcache_id avoid alloc + free
+ - http2: multi_connchanged() moved from multi.c, only used for h2
+ - http2: Verify :authority in push promise requests
+ - http: Make adding a blank header thread-safe
+ - http: Send payload when (proxy) authentication is done
+ - http: Set state.infilesize when sending multipart formposts
+ - makefile: Make checksrc and hugefile commands "silent"
+ - mbedtls: Make it build even if MBEDTLS_VERSION_C isn't set
+ - mbedtls: Release sessionid resources on error
+ - memdebug: Log pointer before freeing its data
+ - memdebug: Make debug-specific functions use curl_dbg_ prefix
+ - mime: Put the boundary buffer into the curl_mime struct
+ - multi: Call multi_done on connect timeouts, fixes CURLINFO_TOTAL_TIME
+ - multi: Remove verbose "Expire in" ... messages
+ - multi: Removed unused code for request retries
+ - multi: Support verbose conncache closure handle
+ - negotiate: Fix for HTTP POST with Negotiate
+ - openssl: Add support for TLS ASYNC state
+ - openssl: If cert type is ENG and no key specified, key is ENG too
+ - pretransfer: Don't strlen() POSTFIELDS set for GET requests
+ - rand: Fix a mismatch between comments in source and header
+ - runtests: Detect "schannel" as an alias for "winssl"
+ - schannel: Be quiet - remove verbose output
+ - schannel: Close TLS before removing conn from cache
+ - schannel: Support CALG_ECDH_EPHEM algorithm
+ - scripts/completion.pl: Also generate fish completion file
+ - singlesocket: Fix the 'sincebefore' placement
+ - source: Fix two 'nread' may be used uninitialized warnings
+ - ssh: Fix Condition '!status' is always true
+ - ssh: Loop the state machine if not done and not blocking
+ - strerror: Make the strerror function use local buffers
+ - system_win32: Move win32_init here from easy.c
+ - test578: Make it read data from the correct test
+ - tests: Fixed XML validation errors in some test files
+ - tests: Add stderr comparison to the test suite
+ - tests: Fix multiple may be used uninitialized warnings
+ - threaded-resolver: Shutdown the resolver thread without error message
+ - tool_cb_wrt: Fix writing to Windows null device NUL
+ - tool_getpass: termios.h is present on AmigaOS 3, but no tcgetattr/tcsetattr
+ - tool_operate: Build on AmigaOS
+ - tool_operate: Fix typecheck warning
+ - transfer.c: Do not compute length of undefined hex buffer
+ - travis: Add build using gnutls
+ - travis: Add scan-build
+ - travis: Bump the used wolfSSL version to 4.0.0
+ - travis: Enable valgrind for the iconv tests
+ - travis: Use updated compiler versions: clang 7 and gcc 8
+ - unit1307: Require FTP support
+ - unit1651: Survive curl_easy_init() fails
+ - url/idnconvert: Remove scan for ≤ 32 ascii values
+ - url: Change conn shutdown order to ensure SOCKETFUNCTION callbacks
+ - urlapi: Reduce variable scope, remove unreachable 'break'
+ - urldata: Convert bools to bitfields and move to end
+ - urldata: Simplify bytecounters
+ - urlglob: Argument with 'nonnull' attribute passed null
+ - version.c: Silent scan-build even when librtmp is not enabled
+ - vtls: Rename some of the SSL functions
+ - wolfssl: Stop custom-adding curves
+ - x509asn1: "Dereference of null pointer"
+ - x509asn1: Cleanup and unify code layout
+ - zsh.pl: Escape ':' character
+ - zsh.pl: Update regex to better match curl -h output
+
+* Mon Mar 25 2019 Paul Howarth <paul@city-fan.org> - 7.64.0-6.0.cf
+- Remove verbose "Expire in" ... messages (#1690971)
+
+* Thu Mar 21 2019 Paul Howarth <paul@city-fan.org> - 7.64.0-5.0.cf
+- Avoid spurious "Could not resolve host: [host name]" error messages
+
+* Thu Feb 28 2019 Paul Howarth <paul@city-fan.org> - 7.64.0-4.0.cf
+- Fix NULL dereference if flushing cookies with no CookieInfo set (#1683676)
+
+* Mon Feb 25 2019 Paul Howarth <paul@city-fan.org> - 7.64.0-3.0.cf
+- Prevent NetworkManager from leaking file descriptors (#1680198)
+
+* Mon Feb 11 2019 Paul Howarth <paul@city-fan.org> - 7.64.0-2.0.cf
+- Make zsh completion work again
+
+* Wed Feb 6 2019 Paul Howarth <paul@city-fan.org> - 7.64.0-1.0.cf
+- Update to 7.64.0
+ - CVE-2018-16890: NTLM type-2 out-of-bounds buffer read
+ - CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow
+ - CVE-2019-3823: SMTP end-of-response out-of-bounds read
+ - cookies: Leave secure cookies alone
+ - hostip: Support wildcard hosts
+ - http: Implement trailing headers for chunked transfers
+ - http: Added options for allowing HTTP/0.9 responses
+ - timeval: Use high resolution timestamps on Windows
+ - FAQ: Remove mention of sourceforge for github
+ - OS400: Handle memory error in list conversion
+ - OS400: Upgrade ILE/RPG binding
+ - README: Add codacy code quality badge
+ - Revert http_negotiate: do not close connection
+ - THANKS: Added several missing names from year ≤ 2000
+ - build: Make 'tidy' target work for metalink builds
+ - cmake: Added checks for variadic macros
+ - cmake: Updated check for HAVE_POLL_FINE to match autotools
+ - cmake: Use lowercase for function name like the rest of the code
+ - configure: Detect xlclang separately from clang
+ - configure: Fix recv/send/select detection on Android
+ - configure: Rewrite --enable-code-coverage
+ - conncache_unlock: Avoid indirection by changing input argument type
+ - cookie: Fix comment typo
+ - cookies: Allow secure override when done over HTTPS
+ - cookies: Extend domain checks to non psl builds
+ - cookies: Skip custom cookies when redirecting cross-site
+ - curl --xattr: Strip credentials from any URL that is stored
+ - curl -J: Refuse to append to the destination file
+ - curl/urlapi.h: include "curl.h" first
+ - curl_multi_remove_handle() don't block terminating c-ares requests
+ - darwinssl: Accept setting max-tls with default min-tls
+ - disconnect: Separate connections and easy handles better
+ - disconnect: Set conn->data for protocol disconnect
+ - docs/version.d: Mention MultiSSL
+ - docs: Fix the --tls-max description
+ - docs: Use $(INSTALL_DATA) to install man page
+ - docs: Use meaningless port number in CURLOPT_LOCALPORT example
+ - gopher: Always include the entire gopher-path in request
+ - http2: Clear pause stream id if it gets closed
+ - if2ip: Remove unused function Curl_if_is_interface_name
+ - libssh: Do not let libssh create socket
+ - libssh: Enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION for libssh
+ - libssh: free sftp_canonicalize_path() data correctly
+ - libtest/stub_gssapi: Use "real" snprintf
+ - mbedtls: Use VERIFYHOST
+ - multi: Multiplexing improvements
+ - multi: Set the EXPIRE_*TIMEOUT timers at TIMER_STARTSINGLE time
+ - ntlm: Fix NTMLv2 compliance
+ - ntlm_sspi: Add support for channel binding
+ - openssl: Adapt to 3.0.0, OpenSSL_version_num() is deprecated
+ - openssl: Fix the SSL_get_tlsext_status_ocsp_resp call
+ - openvms: Fix OpenSSL discovery on VAX
+ - openvms: Fix typos in documentation
+ - os400: Add a missing closing bracket
+ - os400: Fix extra parameter syntax error
+ - pingpong: Change default response timeout to 120 seconds
+ - pingpong: Ignore regular timeout in disconnect phase
+ - printf: Fix format specifiers
+ - runtests.pl: Fix perl call to include srcdir
+ - schannel: Fix compiler warning
+ - schannel: Preserve original certificate path parameter
+ - schannel: Stop calling it "winssl"
+ - sigpipe: If mbedTLS is used, ignore SIGPIPE
+ - smb: Fix incorrect path in request if connection reused
+ - ssh: Log the libssh2 error message when ssh session startup fails
+ - test1558: Verify CURLINFO_PROTOCOL on file:// transfer
+ - test1561: Improve test name
+ - test1653: Make it survive torture tests
+ - tests: Allow tests to pass by 2037-02-12
+ - tests: Move objnames-* from lib into tests
+ - timediff: Fix math for unsigned time_t
+ - timeval: Disable MSVC Analyzer GetTickCount warning
+ - tool_cb_prg: Avoid integer overflow
+ - travis: Added cmake build for osx
+ - urlapi: Fix port parsing of eol colon
+ - urlapi: Distinguish possibly empty query
+ - urlapi: Fix parsing ipv6 with zone index
+ - urldata: Rename easy_conn to just conn
+ - winbuild: Conditionally use /DZLIB_WINAPI
+ - wolfssl: Fix memory-leak in threaded use
+ - spnego_sspi: Add support for channel binding
+
+* Mon Feb 4 2019 Paul Howarth <paul@city-fan.org> - 7.63.0-7.0.cf
+- Prevent valgrind from reporting false positives on x86_64
+
+* Fri Feb 1 2019 Paul Howarth <paul@city-fan.org> - 7.63.0-6.0.cf
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Mon Jan 21 2019 Paul Howarth <paul@city-fan.org> - 7.63.0-5.0.cf
+- xattr: Strip credentials from any URL that is stored (CVE-2018-20483)
+
+* Fri Jan 4 2019 Paul Howarth <paul@city-fan.org> - 7.63.0-4.0.cf
+- Replace 0105-curl-7.63.0-libstubgss-ldadd.patch by upstream patch
+
+* Wed Dec 19 2018 Paul Howarth <paul@city-fan.org> - 7.63.0-3.0.cf
+- curl -J: Do not append to the destination file (#1658574)
+
+* Fri Dec 14 2018 Paul Howarth <paul@city-fan.org> - 7.63.0-2.0.cf
+- Revert an upstream commit that broke 'fedpkg new-sources' (#1659329)
+
+* Wed Dec 12 2018 Paul Howarth <paul@city-fan.org> - 7.63.0-1.0.cf
+- Update to 7.63.0
+ - curl: Add %%{stderr} and %%{stdout} for --write-out
+ - curl: Add undocumented option --dump-module-paths for win32
+ - setopt: Add CURLOPT_CURLU
+ - (lib)curl.rc: Fixup for minor bugs
+ - CURLINFO_REDIRECT_URL: Extract the Location: header field unvalidated
+ - CURLOPT_HEADERFUNCTION.3: Match 'nitems' name in synopsis and description
+ - CURLOPT_WRITEFUNCTION.3: Spell out that it gets called many times
+ - Curl_follow: Accept non-supported schemes for "fake" redirects
+ - KNOWN_BUGS: Add --proxy-any connection issue
+ - NTLM: Remove redundant ifdef USE_OPENSSL
+ - NTLM: Force the connection to HTTP/1.1
+ - OS400: Add URL API ccsid wrappers and sync ILE/RPG bindings
+ - SECURITY-PROCESS: bountygraph shuts down again
+ - TODO: Have the URL API offer IDN decoding
+ - ares: Remove fd from multi fd set when ares is about to close the fd
+ - axtls: Removed
+ - checksrc: Add COPYRIGHTYEAR check
+ - cmake: Fix MIT/Heimdal Kerberos detection
+ - configure: Include all libraries in ssl-libs fetch
+ - configure: Show CFLAGS, LDFLAGS etc. in summary
+ - connect: Fix building for recent versions of Minix
+ - cookies: Create the cookiejar even if no cookies to save
+ - cookies: Expire "Max-Age=0" immediately
+ - curl: --local-port range was not "including"
+ - curl: Fix --local-port integer overflow
+ - curl: Fix memory leak reading --writeout from file
+ - curl: Fixed UTF-8 in current console code page (Windows)
+ - curl_easy_perform: Fix timeout handling
+ - curl_global_sslset(): id == -1 is not necessarily an error
+ - curl_multibyte: Fix a malloc overcalculation
+ - curle: Move deprecated error code to ifndef block
+ - docs: curl_formadd field and file names are now escaped
+ - docs: Escape "\n" codes
+ - doh: Fix memory leak in OOM situation
+ - doh: Make it work for h2-disabled builds too
+ - examples/ephiperfifo: Report error when epoll_ctl fails
+ - ftp: Avoid two unsigned int overflows in FTP listing parser
+ - host names: Allow trailing dot in name resolve, then strip it
+ - http2: Upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1
+ - http: Don't set CURLINFO_CONDITION_UNMET for http status code 204
+ - http: Fix HTTP Digest auth to include query in URI
+ - http_negotiate: Do not close connection until negotiation is completed
+ - impacket: Add LICENSE
+ - infof: Clearly indicate truncation
+ - ldap: Fix LDAP URL parsing regressions
+ - libcurl: Stop reading from paused transfers
+ - mprintf: Avoid unsigned integer overflow warning
+ - netrc: Don't ignore the login name specified with "--user"
+ - nss: Fall back to latest supported SSL version
+ - nss: Fix compatibility with nss versions 3.14 to 3.15
+ - nss: Fix fallthrough comment to fix picky compiler warning
+ - nss: Remove version selecting dead code
+ - nss: Set default max-tls to 1.3/1.2
+ - openssl: Remove SSLEAY leftovers
+ - openssl: Do not log excess "TLS app data" lines for TLS 1.3
+ - openssl: Do not use file BIOs if not requested
+ - openssl: Fix unused variable compiler warning with old openssl
+ - openssl: Support session resume with TLS 1.3
+ - openvms: Fix example name
+ - os400: Add curl_easy_conn_upkeep() to ILE/RPG binding
+ - os400: Add CURLOPT_CURLU to ILE/RPG binding
+ - os400: Fix return type of curl_easy_pause() in ILE/RPG binding
+ - packages: Remove old leftover files and dirs
+ - pop3: Only do APOP with a valid timestamp
+ - runtests: Use the local curl for verifying
+ - schannel: Be consistent in Schannel capitalization
+ - schannel: Better CURLOPT_CERTINFO support
+ - schannel: Use Curl_ prefix for global private symbols
+ - snprintf: Renamed and we now only use msnprintf()
+ - ssl: Fix compilation with OpenSSL 0.9.7
+ - ssl: Replace all internal uses of CURLE_SSL_CACERT
+ - symbols-in-versions: Add missing CURLU_ symbols
+ - test328: Verify Content-Encoding: none
+ - tests: Disable SO_EXCLUSIVEADDRUSE for stunnel on Windows
+ - tests: Drop http_pipe.py script, no longer used
+ - tool_cb_wrt: Silence function cast compiler warning
+ - tool_doswin: Fix uninitialized field warning
+ - travis: Build with clang sanitizers
+ - travis: Remove curl before a normal build
+ - url: A short host name + port is not a scheme
+ - url: Fix IPv6 numeral address parser
+ - urlapi: Only skip encoding the first '=' with APPENDQUERY set
+- Add workaround to avoid symbol lookup error in libstubgss.so (libtest)
+
+* Tue Dec 4 2018 Paul Howarth <paul@city-fan.org> - 7.62.0-1.7.cf
+- Work around TLS 1.3 being disabled in NSS in EL-7
+ - https://github.com/curl/curl/issues/3261
+ - https://github.com/curl/curl/pull/3337
+- Only supported IDN library is libidn2, so don't bother trying to use
+ libidn
+
+* Wed Oct 31 2018 Paul Howarth <paul@city-fan.org> - 7.62.0-1.0.cf
+- Update to 7.62.0
+ - multiplex: Enable by default
+ - url: Default to CURL_HTTP_VERSION_2TLS if built h2-enabled
+ - setopt: Add CURLOPT_DOH_URL
+ - curl: --doh-url added
+ - setopt: Add CURLOPT_UPLOAD_BUFFERSIZE: set upload buffer size
+ - imap: Change from "FETCH" to "UID FETCH"
+ - configure: Add option to disable automatic OpenSSL config loading
+ - upkeep: Add a connection upkeep API: curl_easy_upkeep()
+ - URL-API: Added five new functions
+ - vtls: MesaLink is a new TLS backend
+ - Fix SASL password overflow via integer overflow (CVE-2018-16839)
+ - Fix use-after-free in handle close (CVE-2018-16840)
+ - Fix warning message out-of-buffer read (CVE-2018-16842)
+ - CURLOPT_DNS_USE_GLOBAL_CACHE: deprecated
+ - Curl_dedotdotify(): Always nul terminate returned string
+ - Curl_follow: Always free the passed new URL
+ - Curl_http2_done: Fix memleak in error path
+ - Curl_retry_request: Fix memory leak
+ - Curl_saferealloc: Fixed typo in docblock
+ - FILE: Fix CURLOPT_NOBODY and CURLOPT_HEADER output
+ - GnutTLS: TLS 1.3 support
+ - SECURITY-PROCESS: Mention the bountygraph program
+ - VS projects: Add USE_IPV6:
+ - Windows: Fixes for MinGW targeting Windows Vista
+ - anyauthput: Fix compiler warning on 64-bit Windows
+ - appveyor: Add WinSSL builds
+ - appveyor: Run test suite (on Windows!)
+ - certs: Generate tests certs with sha256 digest algorithm
+ - checksrc: Enable strict mode and warnings
+ - checksrc: Handle zero scoped ignore commands
+ - cmake: Backport to work with CMake 3.0 again
+ - cmake: Improve config installation
+ - cmake: Add support for transitive ZLIB target
+ - cmake: Disable -Wpedantic-ms-format
+ - cmake: Don't require OpenSSL if USE_OPENSSL=OFF
+ - cmake: Fixed path used in generation of docs/tests
+ - cmake: Remove unused *SOCKLEN_T variables
+ - cmake: Suppress MSVC warning C4127 for libtest
+ - cmake: Test and set missed defines during configuration
+ - comment: Fix multiple typos in function parameters
+ - config: Remove unused SIZEOF_VOIDP
+ - config_win32: Enable LDAPS
+ - configure: Force-use -lpthreads on HPUX
+ - configure: Remove CURL_CONFIGURE_CURL_SOCKLEN_T
+ - configure: s/AC_RUN_IFELSE/CURL_RUN_IFELSE/
+ - cookies: Remove redundant expired check
+ - cookies: Fix leak when writing cookies to file
+ - curl-config.in: Remove dependency on bc
+ - curl.1: --ipv6 mutexes ipv4 (fixed typo)
+ - curl: Enabled Windows VT Support and UTF-8 output
+ - curl: Update the documentation of --tlsv1.0
+ - curl_multi_wait: Call getsock before figuring out timeout
+ - curl_ntlm_wb: Check aprintf() return codes
+ - curl_threads: Fix classic MinGW compile break
+ - darwinssl: Fix realloc memleak
+ - darwinssl: More specific and unified error codes
+ - data-binary.d: Clarify default content-type is x-www-form-urlencoded
+ - docs/BUG-BOUNTY: Explain the bounty program
+ - docs/CIPHERS: Mention the options used to set TLS 1.3 ciphers
+ - docs/CIPHERS: Fix the TLS 1.3 cipher names
+ - docs/CIPHERS: Mention the colon separation for OpenSSL
+ - docs/examples: URL updates
+ - docs: Add "see also" links for SSL options
+ - example/asiohiper: Insert warning comment about its status
+ - example/htmltidy: Fix include paths of tidy libraries
+ - examples/Makefile.m32: Sync with core
+ - examples/http2-pushinmemory: Receive HTTP/2 pushed files in memory
+ - examples/parseurl.c: Show off the URL API
+ - examples: Fix memory leaks from realloc errors
+ - examples: Do not wait when no transfers are running
+ - ftp: Include command in Curl_ftpsend sendbuffer
+ - gskit: Make sure to terminate version string
+ - gtls: Values stored to but never read
+ - hostip: Fix check on Curl_shuffle_addr return value
+ - http2: Fix memory leaks on error-path
+ - http: Fix memleak in rewind error path
+ - krb5: Fix memory leak in krb_auth
+ - ldap: Show precise LDAP call in error message on Windows
+ - lib: Fix gcc8 warning on Windows
+ - memory: Add missing curl_printf header
+ - memory: Ensure to check allocation results
+ - multi: Fix error handling in the SENDPROTOCONNECT state
+ - multi: Fix memory leak in content encoding related error path
+ - multi: Make the closure handle "inherit" CURLOPT_NOSIGNAL
+ - netrc: Free temporary strings if memory allocation fails
+ - nss: Fix nssckbi module loading on Windows
+ - nss: Try to connect even if libnssckbi.so fails to load
+ - ntlm_wb: Fix memory leaks in ntlm_wb_response
+ - ntlm_wb: Bail out if the response gets overly large
+ - openssl: Assume engine support in 0.9.8 or later
+ - openssl: Enable TLS 1.3 post-handshake auth
+ - openssl: Fix gcc8 warning
+ - openssl: Load built-in engines too
+ - openssl: Make 'done' a proper boolean
+ - openssl: Output the correct cipher list on TLS 1.3 error
+ - openssl: Return CURLE_PEER_FAILED_VERIFICATION on failure to parse issuer
+ - openssl: Show "proper" version number for libressl builds
+ - pipelining: Deprecated
+ - rand: Add comment to skip a clang-tidy false positive
+ - rtmp: Fix for compiling with lwIP
+ - runtests: Ignore disabled even when ranges are given
+ - runtests: Skip ld_preload tests on macOS
+ - runtests: Use Windows paths for Windows curl
+ - schannel: Unified error code handling
+ - sendf: Fix whitespace in infof/failf concatenation
+ - ssh: free the session on init failures
+ - ssl: Deprecate CURLE_SSL_CACERT in favour of a unified error code
+ - system.h: Use proper setting with Sun C++ as well
+ - test1299: Use single quotes around asterisk
+ - test1452: Mark as flaky
+ - test1651: Unit test Curl_extract_certinfo()
+ - test320: Strip out more HTML when comparing
+ - tests/negtelnetserver.py: Fix Python2-ism in neg TELNET server
+ - tests: Add unit tests for url.c
+ - timeval: Fix use of weak symbol clock_gettime() on Apple platforms
+ - tool_cb_hdr: Handle failure of rename()
+ - travis: Add a "make tidy" build that runs clang-tidy
+ - travis: Add build for "configure --disable-verbose"
+ - travis: Bump the Secure Transport build to use xcode
+ - travis: Make distcheck scan for BOM markers
+ - unit1300: Fix stack-use-after-scope AddressSanitizer warning
+ - urldata: Fix "connecting" comment
+ - urlglob: Improve error message on bad globs
+ - vtls: Fix ssl version "or later" behaviour change for many backends
+ - x509asn1: Fix SAN IP address verification
+ - x509asn1: Always check return code from getASN1Element()
+ - x509asn1: Return CURLE_PEER_FAILED_VERIFICATION on failure to parse cert
+ - x509asn1: Suppress left shift on signed value
+- Test 656 segfaults on Fedora 13 to 15 inclusive, so disable it there
+
+* Fri Oct 12 2018 Paul Howarth <paul@city-fan.org> - 7.61.1-3.0.cf
+- Enable TLS 1.3 post-handshake auth in OpenSSL
+- Update the documentation of --tlsv1.0 in curl(1) man page
+
+* Fri Oct 5 2018 Paul Howarth <paul@city-fan.org> - 7.61.1-2.0.cf
+- Enforce versioned libpsl dependency for libcurl (#1631804)
+- test320: Update expected output for gnutls-3.6.4
+- Drop 0105-curl-7.61.0-tests-ssh-keygen.patch, no longer needed (#1622594)
+- test1456: Seems to be flaky so disable it
+
+* Wed Sep 5 2018 Paul Howarth <paul@city-fan.org> - 7.61.1-1.0.cf
+- Update to 7.61.1
+ - Fix NTLM password overflow via integer overflow (CVE-2018-14618)
+ - CURLINFO_SIZE_UPLOAD: Fix missing counter update
+ - CURLOPT_ACCEPT_ENCODING.3: List them comma-separated
+ - CURLOPT_SSL_CTX_FUNCTION.3: Might cause accidental connection reuse
+ - Curl_getoff_all_pipelines: Improved for multiplexed
+ - DEPRECATE: Remove release date from 7.62.0
+ - HTTP: Don't attempt to needlessly decompress redirect body
+ - INTERNALS: Require GnuTLS ≥ 2.11.3
+ - README.md: Add LGTM.com code quality grade for C/C++
+ - SSLCERTS: Improve the openssl command line
+ - Silence GCC 8 cast-function-type warnings
+ - ares: Check for NULL in completed-callback
+ - asyn-thread: Remove unused macro
+ - auth: Only pick CURLAUTH_BEARER if we *have* a Bearer token
+ - auth: Pick Bearer authentication whenever a token is available
+ - cmake: CMake config files are defining CURL_STATICLIB for static builds
+ - cmake: Respect BUILD_SHARED_LIBS
+ - cmake: Update scripts to use consistent style
+ - cmake: Bumped minimum version to 3.4
+ - cmake: Link curl to the OpenSSL targets instead of lib absolute paths
+ - configure: Conditionally enable pedantic-errors
+ - configure: Fix for -lpthread detection with OpenSSL and pkg-config
+ - conn: Remove the boolean 'inuse' field
+ - content_encoding: Accept up to 4 unknown trailer bytes after raw deflate data
+ - cookie tests: Treat files as text
+ - cookies: Support creation-time attribute for cookies
+ - curl: Fix segfault when -H @headerfile is empty
+ - curl: Add http code 408 to transient list for --retry
+ - curl: Fix time-of-check, time-of-use race in dir creation
+ - curl: Use Content-Disposition before the "URL end" for -OJ
+ - curl: Warn the user if a given file name looks like an option
+ - curl_threads: Silence bad-function-cast warning
+ - darwinssl: Add support for ALPN negotiation
+ - docs/CURLOPT_URL: Fix indentation
+ - docs/CURLOPT_WRITEFUNCTION: Size is always 1
+ - docs/SECURITY-PROCESS: Mention bounty, drop pre-notify
+ - docs/examples: Add hiperfifo example using linux epoll/timerfd
+ - docs: Add disallow-username-in-url.d and haproxy-protocol.d to dist
+ - docs: Clarify NO_PROXY env variable functionality
+ - docs: Improved the manual pages of some callbacks
+ - docs: Mention NULL is fine input to several functions
+ - formdata: Remove unused macro HTTPPOST_CONTENTTYPE_DEFAULT
+ - gopher: Do not translate '?' to '%%09'
+ - header output: Switch off all styles, not just unbold
+ - hostip: Fix unused variable warning
+ - http2: Use correct format identifier for stream_id
+ - http2: Abort the send_callback if not setup yet
+ - http2: Avoid set_stream_user_data() before stream is assigned
+ - http2: Check nghttp2_session_set_stream_user_data return code
+ - http2: Clear the drain counter in Curl_http2_done
+ - http2: Make sure to send after RST_STREAM
+ - http2: Separate easy handle from connections better
+ - http: Fix for tiny "HTTP/0.9" response
+ - http_proxy: Remove unused macro SELECT_TIMEOUT
+ - lib/Makefile: Only do symbol hiding if told to
+ - lib1502: Fix memory leak in torture test
+ - lib1522: Fix curl_easy_setopt argument type
+ - libcurl-thread.3: Expand somewhat on the NO_SIGNAL motivation
+ - mime: Check Curl_rand_hex's return code
+ - multi: Always do the COMPLETED procedure/state
+ - openssl: Assume engine support in 1.0.0 or later
+ - openssl: Fix debug messages
+ - projects: Improve Windows perl detection in batch scripts
+ - retry: Return error if rewind was necessary but didn't happen
+ - reuse_conn(): Memory leak - free old_conn->options
+ - schannel: Client certificate store opening fix
+ - schannel: Enable CALG_TLS1PRF for w32api ≥ 5.1
+ - schannel: Fix MinGW compile break
+ - sftp: Don't send post-quote sequence when retrying a connection
+ - smb: Fix memory leak on early failure
+ - smb: Fix memory-leak in URL parse error path
+ - smb_getsock: Always wait for write socket too
+ - ssh-libssh: Fix infinite connect loop on invalid private key
+ - ssh-libssh: Reduce excessive verbose output about pubkey auth
+ - ssh-libssh: Use FALLTHROUGH to silence gcc8
+ - ssl: Set engine implicitly when a PKCS#11 URI is provided
+ - sws: Handle EINTR when calling select()
+ - system_win32: Fix version checking
+ - telnet: Remove unused macros TELOPTS and TELCMDS
+ - test1143: Disable MSYS2's POSIX path conversion
+ - test1148: Disable if decimal separator is not point
+ - test1307: (fnmatch testing) disabled
+ - test1422: Add required file feature
+ - test1531: Add timeout
+ - test1540: Remove unused macro TEST_HANG_TIMEOUT
+ - test214: Disable MSYS2's POSIX path conversion for URL
+ - test320: Treat curl320.out file as binary
+ - tests/http_pipe.py: Use /usr/bin/env to find python
+ - tests: Don't use Windows path %%PWD for SSH tests
+ - tests: Fixes for Windows line endings
+ - tool_operate: Fix setting proxy TLS 1.3 ciphers
+ - travis: Build darwinssl on macos 10.12 to fix linker errors
+ - travis: Execute "set -eo pipefail" for coverage build
+ - travis: Run a 'make checksrc' too
+ - travis: Update to GCC-8
+ - travis: Verify that man pages can be regenerated
+ - upload: Allocate upload buffer on-demand
+ - upload: Change default UPLOAD_BUFSIZE to 64KB
+ - urldata: Remove unused pipe_broke struct field
+ - vtls: Re-instantiate engine on duplicated handles
+ - windows: Implement send buffer tuning
+ - wolfSSL/CyaSSL: Fix memory leak in Curl_cyassl_random
+
+* Tue Sep 4 2018 Paul Howarth <paul@city-fan.org> - 7.61.0-8.0.cf
+- Make the --tls13-ciphers option work
+
+* Tue Aug 28 2018 Paul Howarth <paul@city-fan.org> - 7.61.0-7.0.cf
+- tests: Make ssh-keygen always produce PEM format (#1622594)
+
+* Wed Aug 15 2018 Paul Howarth <paul@city-fan.org> - 7.61.0-6.0.cf
+- scp/sftp: Fix infinite connect loop on invalid private key (#1595135)
+
+* Mon Aug 13 2018 Paul Howarth <paul@city-fan.org> - 7.61.0-5.0.cf
+- ssl: Set engine implicitly when a PKCS#11 URI is provided (#1219544)
+- Relax crypto policy for the test-suite to make it pass again (#1610888)
+
+* Tue Jul 31 2018 Paul Howarth <paul@city-fan.org> - 7.61.0-3.0.cf
+- Adapt test 323 for updated OpenSSL
+
+* Fri Jul 13 2018 Paul Howarth <paul@city-fan.org> - 7.61.0-2.0.cf
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Wed Jul 11 2018 Paul Howarth <paul@city-fan.org> - 7.61.0-1.0.cf
+- Update to 7.61.0
+ - CVE-2018-0500: smtp: Fix SMTP send buffer overflow
+ - getinfo: Add microsecond precise timers for seven intervals
+ - curl: Show headers in bold, switch off with --no-styled-output
+ - httpauth: Add support for Bearer tokens
+ - Add CURLOPT_TLS13_CIPHERS and CURLOPT_PROXY_TLS13_CIPHERS
+ - curl: --tls13-ciphers and --proxy-tls13-ciphers
+ - Add CURLOPT_DISALLOW_USERNAME_IN_URL
+ - curl: --disallow-username-in-url
+ - schannel: Disable client cert option if APIs not available
+ - schannel: Disable manual verify if APIs not available
+ - tests/libtest/Makefile: Do not unconditionally add gcc-specific flags
+ - openssl: Acknowledge --tls-max for default version too
+ - stub_gssapi: Fix 'unused parameter' warnings
+ - examples/progressfunc: Make it build on both new and old libcurls
+ - docs: Mention it is HA Proxy protocol "version 1"
+ - curl_fnmatch: Only allow two asterisks for matching
+ - docs: Clarify CURLOPT_HTTPGET
+ - configure: Replace a AC_TRY_RUN with CURL_RUN_IFELSE
+ - configure: Do compile-time SIZEOF checks instead of run-time
+ - checksrc: Make sure sizeof() is used *with* parentheses
+ - CURLOPT_ACCEPT_ENCODING.3: Add brotli and clarify a bit
+ - schannel: Make CAinfo parsing resilient to CR/LF
+ - tftp: Make sure error is zero terminated before printfing it
+ - http resume: Skip body if http code 416 (range error) is ignored
+ - configure: Add basic test of --with-ssl prefix
+ - cmake: Set -d postfix for debug builds
+ - multi: Provide a socket to wait for in Curl_protocol_getsock
+ - content_encoding: Handle zlib versions too old for Z_BLOCK
+ - winbuild: Only delete OUTFILE if it exists
+ - winbuild: In MakefileBuild.vc fix typo DISTDIR->DIRDIST
+ - schannel: Add failf calls for client certificate failures
+ - cmake: Fix the test for fsetxattr and strerror_r
+ - curl.1: Fix cmdline-opts reference errors
+ - cmdline-opts/gen.pl: Warn if mutexes: or see-also: list non-existing options
+ - cmake: Check for getpwuid_r
+ - configure: Fix ssh2 linking when built with a static mbedtls
+ - psl: Use latest psl and refresh it periodically
+ - fnmatch: Insist on escaped bracket to match
+ - KNOWN_BUGS: Restore text regarding #2101
+ - INSTALL: LDFLAGS=-Wl,-R/usr/local/ssl/lib
+ - configure: Override AR_FLAGS to silence warning
+ - os400: Implement mime api EBCDIC wrappers
+ - curl.rc: Embed manifest for correct Windows version detection
+ - strictness: Correct {infof, failf} format specifiers
+ - tests: Update .gitignore for libtests
+ - configure: Check for declaration of getpwuid_r
+ - fnmatch: Use the system one if available
+ - CURLOPT_RESOLVE: Always purge old entry first
+ - multi: Remove a potentially bad DEBUGF()
+ - curl_addrinfo: Use same #ifdef conditions in source as header
+ - build: Remove the Borland specific makefiles
+ - axTLS: Not considered fit for use
+ - cmdline-opts/cert-type.d: Mention "p12" as a recognized type
+ - system.h: Add support for IBM xlc C compiler
+ - tests/libtest: Add lib1521 to nodist_SOURCES
+ - mk-ca-bundle.pl: Leave certificate name untouched
+ - boringssl + schannel: undef X509_NAME in lib/schannel.h
+ - openssl: Assume engine support in 1.0.1 or later
+ - cppcheck: Fix warnings
+ - test 46: Make test pass after year 2025
+ - schannel: Support selecting ciphers
+ - Curl_debug: Remove dead printhost code
+ - test 1455: Unflakified
+ - Curl_init_do: Handle NULL connection pointer passed in
+ - progress: Remove a set of unused defines
+ - mk-ca-bundle.pl: Make -u delete certdata.txt if found not changed
+ - GOVERNANCE.md: Explains how this project is run
+ - configure: Use pkg-config for c-ares detection
+ - configure: Enhance ability to build with static openssl
+ - maketgz: Fix sed issues on OSX
+ - multi: Fix memory leak when stopped during name resolve
+ - CURLOPT_INTERFACE.3: Interface names not supported on Windows
+ - url: Fix dangling conn->data pointer
+ - cmake: Allow multiple SSL backends
+ - system.h: Fix for gcc on 32 bit OpenServer
+ - ConnectionExists: Make sure conn->data is set when "taking" a connection
+ - multi: Fix crash due to dangling entry in connect-pending list
+ - CURLOPT_SSL_VERIFYPEER.3: Add performance note
+ - netrc: Use a larger buffer to support longer passwords
+ - url: Check Curl_conncache_add_conn return code
+ - configure: Add dependent libraries after crypto
+ - easy_perform: Faster local name resolves by using *multi_timeout()
+ - getnameinfo: Not used, removed all configure checks
+ - travis: Add a build using the synchronous name resolver
+ - CURLINFO_TLS_SSL_PTR.3: Improve the example
+ - openssl: Allow TLS 1.3 by default
+ - openssl: Make the requested TLS version the *minimum* wanted
+ - openssl: Remove some dead code
+ - telnet: Fix clang warnings
+ - DEPRECATE: New doc describing planned item removals
+ - example/crawler.c: Simple crawler based on libxml2
+ - libssh: Goto DISCONNECT state on error, not SESSION_FREE
+ - CMake: Remove unused functions
+ - darwinssl: Allow High Sierra users to build the code using GCC
+ - scripts: Include _curl as part of CLEANFILES
+ - examples: Fix -Wformat warnings
+ - curl_setup: Include <winerror.h> before <windows.h>
+ - schannel: Make more cipher options conditional
+ - CMake: Remove redundant and old end-of-block syntax
+ - post303.d: Clarify that this is an RFC violation
+- Add patch to fix builds with openssl < 1.0.1
+
+* Tue Jul 10 2018 Paul Howarth <paul@city-fan.org> - 7.60.0-3.0.cf
+- Disable flaky test 1455
+- Enable support for brotli compression in libcurl-full from F-29 onwards
+
+* Wed Jul 4 2018 Paul Howarth <paul@city-fan.org> - 7.60.0-2.0.cf
+- Do not hard-wire path of the Python 3 interpreter
+
+* Wed May 16 2018 Paul Howarth <paul@city-fan.org> - 7.60.0-1.0.cf
+- Update to 7.60.0
+ - Add CURLOPT_HAPROXYPROTOCOL, support for the HAProxy PROXY protocol
+ - Add --haproxy-protocol for the command line tool
+ - Add CURLOPT_DNS_SHUFFLE_ADDRESSES, shuffle returned IP addresses
+ - FTP: Shutdown response buffer overflow CVE-2018-1000300
+ - RTSP: Bad headers buffer over-read CVE-2018-1000301
+ - FTP: Fix typo in recursive callback detection for seeking
+ - test1208: Marked flaky
+ - HTTP: Make header-less responses still count correct body size
+ - user-agent.d: Mention --proxy-header as well
+ - http2: fixes typo
+ - cleanup: Misc typos in strings and comments
+ - rate-limit: Use three second window to better handle high speeds
+ - examples/hiperfifo.c: Improved
+ - pause: When changing pause state, update socket state
+ - multi: Improved pending transfers handling ⇒ improved performance
+ - curl_version_info.3: Fix ssl_version description
+ - add_handle/easy_perform: Clear errorbuffer on start if set
+ - darwinssl: Fix iOS build
+ - cmake: Add support for brotli
+ - parsedate: Support UT timezone
+ - vauth/ntlm.h: Fix the #ifdef header guard
+ - lib/curl_path.h: Added #ifdef header guard
+ - vauth/cleartext: Fix integer overflow check
+ - CURLINFO_COOKIELIST.3: Made the example not leak memory
+ - cookie.d: Mention that "-" as filename means stdin
+ - CURLINFO_SSL_VERIFYRESULT.3: Fixed the example
+ - http2: Read pending frames (including GOAWAY) in connection-check
+ - timeval: Remove compilation warning by casting
+ - cmake: Avoid warn-as-error during config checks
+ - travis-ci: Enable -Werror for CMake builds
+ - openldap: Fix for NULL return from ldap_get_attribute_ber()
+ - threaded resolver: Track resolver time and set suitable timeout values
+ - cmake: Add advapi32 as explicit link library for win32
+ - docs: Fix CURLINFO_*_T examples use of CURL_FORMAT_CURL_OFF_T
+ - test1148: Set a fixed locale for the test
+ - cookies: When reading from a file, only remove_expired once
+ - cookie: Store cookies per top-level-domain-specific hash table
+ - openssl: Fix build with LibreSSL 2.7
+ - tls: Fix mbedTLS 2.7.0 build + handle sha256 failures
+ - openssl: RESTORED verify locations when verifypeer==0
+ - file: Restore old behaviour for file:////foo/bar URLs
+ - FTP: Allow PASV on IPv6 connections when a proxy is being used
+ - build-openssl.bat: Allow custom paths for VS and perl
+ - winbuild: Make the clean target work without build-type
+ - build-openssl.bat: Refer to VS2017 as VC14.1 instead of VC15
+ - curl: Retry on FTP 4xx, ignore other protocols
+ - configure: Detect (and use) sa_family_t
+ - examples/sftpuploadresume: Fix Windows large file seek
+ - build: Clean up to fix clang warnings/errors
+ - winbuild: Updated the documentation
+ - lib: Silence null-dereference warnings
+ - travis: Bump to clang 6 and gcc 7
+ - travis: Build libpsl and make builds use it
+ - proxy: Show getenv proxy use in verbose output
+ - duphandle: Make sure CURLOPT_RESOLVE is duplicated
+ - all: Refactor malloc+memset to use calloc
+ - checksrc: Fix typo
+ - system.h: Add sparcv8plus to oracle/sunpro 32-bit detection
+ - vauth: Fix typo
+ - ssh: Show libSSH2 error code when closing fails
+ - test1148: Tolerate progress updates better
+ - urldata: Make service names unconditional
+ - configure: Keep LD_LIBRARY_PATH changes local
+ - ntlm_sspi: Fix authentication using Credential Manager
+ - schannel: Add client certificate authentication
+ - winbuild: Support custom devel paths for each dependency
+ - schannel: Add support for CURLOPT_CAINFO
+ - http2: Handle on_begin_headers() called more than once
+ - openssl: Support OpenSSL 1.1.1 verbose-mode trace messages
+ - openssl: Fix subjectAltName check on non-ASCII platforms
+ - http2: Avoid strstr() on data not zero terminated
+ - http2: Clear the "drain counter" when a stream is closed
+ - http2: Handle GOAWAY properly
+ - tool_help: Clarify --max-time unit of time is seconds
+ - curl.1: Clarify that options and URLs can be mixed
+ - http2: Convert an assert to run-time check
+ - curl_global_sslset: Always provide available backends
+ - ftplistparser: Keep state between invokes
+ - Curl_memchr: Zero length input can't match
+ - examples/sftpuploadresume: typecast fseek argument to long
+ - examples/http2-upload: Expand buffer to avoid silly warning
+ - ctype: Restore character classification for non-ASCII platforms
+ - mime: Avoid NULL pointer dereference risk
+ - cookies: Ensure that we have cookies before writing jar
+ - os400.c: Fix checksrc warnings
+ - configure: Provide --with-wolfssl as an alias for --with-cyassl
+ - cyassl: Adapt to libraries without TLS 1.0 support built-in
+ - http2: Get rid of another strstr
+ - checksrc: Force indentation of lines after an else
+ - cookies: Remove unused macro
+ - CURLINFO_PROTOCOL.3: Mention the existing defined names
+ - tests: Provide 'manual' as a feature to optionally require
+ - travis: Enable libssh2 on both macos and Linux
+ - CURLOPT_URL.3: Added ENCODING section
+ - wolfssl: Fix non-blocking connect
+ - vtls: Don't define MD5_DIGEST_LENGTH for wolfssl
+ - docs: Remove extraneous commas in man pages
+ - URL: Fix ASCII dependency in strcpy_url and strlen_url
+ - ssh-libssh.c: Fix left shift compiler warning
+ - configure: Only check for CA bundle for file-using SSL backends
+ - travis: Add an mbedtls build
+ - http: Don't set the "rewind" flag when not uploading anything
+ - configure: Put CURLDEBUG and DEBUGBUILD in lib/curl_config.h
+ - transfer: Don't unset writesockfd on setup of multiplexed conns
+ - vtls: Use unified "supports" bitfield member in backends
+ - URLs: Fix one more http url
+ - travis: Add a build using WolfSSL
+ - openssl: Change FILE ops to BIO ops
+ - travis: Add build using NSS
+ - smb: Reject negative file sizes
+ - cookies: Accept parameter names as cookie name
+ - http2: getsock fix for uploads
+ - All over: Fixed format specifiers
+ - http2: Use the correct function pointer typedef
+
+* Thu Mar 15 2018 Paul Howarth <paul@city-fan.org> - 7.59.0-3.0.cf
+- Run the test suite using Python 3 from Fedora 28 onwards
+
+* Wed Mar 14 2018 Paul Howarth <paul@city-fan.org> - 7.59.0-2.0.cf
+- ftp: Fix typo in recursive callback detection for seeking
+
+* Wed Mar 14 2018 Paul Howarth <paul@city-fan.org> - 7.59.0-1.0.cf
+- Update to 7.59.0
+ - curl: Add --proxy-pinnedpubkey
+ - Added: CURLOPT_TIMEVALUE_LARGE and CURLINFO_FILETIME_T
+ - CURLOPT_RESOLVE: Add support for multiple IP addresses per entry
+ - Add option CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS
+ - Add new tool option --happy-eyeballs-timeout-ms
+ - Add CURLOPT_RESOLVER_START_FUNCTION and CURLOPT_RESOLVER_START_DATA
+ - openldap: Check ldap_get_attribute_ber() results for NULL before using
+ (fixes CVE-2018-1000121)
+ - FTP: Reject path components with control codes (fixes CVE-2018-1000120)
+ - readwrite: Make sure excess reads don't go beyond buffer end (fixes
+ CVE-2018-1000122)
+ - lib555: Drop text conversion and encode data as ASCII codes
+ - lib517: Make variable static to avoid compiler warning
+ - lib544: Sync ASCII code data with textual data
+ - GSKit: Restore pinnedpubkey functionality
+ - darwinssl: Don't import client certificates into Keychain on macOS
+ - parsedate: Fix date parsing for systems with 32 bit long
+ - openssl: Fix pinned public key build error in FIPS mode
+ - SChannel/WinSSL: Implement public key pinning
+ - cookies: Remove verbose "cookie size:" output
+ - progress-bar: Don't use stderr explicitly, use bar->out
+ - Fixes for MSDOS
+ - build: Open VC15 projects with VS 2017
+ - curl_ctype: Private is*() type macros and functions
+ - configure: Set PATH_SEPARATOR to colon for PATH w/o separator
+ - winbuild: Make linker generate proper PDB
+ - curl_easy_reset: Clear digest auth state
+ - curl/curl.h: Fix comment typo for CURLOPT_DNS_LOCAL_IP6
+ - range: Commonize FTP and FILE range handling
+ - progress-bar docs: Update to match implementation
+ - fnmatch: Do not match the empty string with a character set
+ - fnmatch: Accept an alphanum to be followed by a non-alphanum in char set
+ - build: Fix termios issue on android cross-compile
+ - getdate: Return -1 for out of range
+ - formdata: Use the mime-content type function
+ - time-cond: Fix reading the file modification time on Windows
+ - build-openssl.bat: Extend VC15 support to include Enterprise and Professional
+ - build-wolfssl.bat: Extend VC15 support to include Enterprise and Professional
+ - openssl: Don't add verify locations when verifypeer==0
+ - fnmatch: Optimize processing of consecutive *s and ?s pattern characters
+ - schannel: Fix compiler warnings
+ - content_encoding: Add "none" alias to "identity"
+ - get_posix_time: Only check for overflows if they can happen
+ - http_chunks: Don't write chunks twice with CURLOPT_HTTP_TRANSFER_DECODING
+ - README: Language fix
+ - sha256: Build with OpenSSL < 0.9.8
+ - smtp: Fix processing of initial dot in data
+ - --tlsauthtype: Works only if libcurl is built with TLS-SRP support
+ - tests: New tests for http raw mode
+ - libcurl-security.3: man page discussion security concerns when using libcurl
+ - curl_gssapi: Make sure this file too uses our *printf()
+ - BINDINGS: Fix curb link (and remove ruby-curl-multi)
+ - nss: Use PK11_CreateManagedGenericObject() if available
+ - travis: Add build with iconv enabled
+ - ssh: Add two missing state names
+ - CURLOPT_HEADERFUNCTION.3: Mention folded headers
+ - http: Fix the max header length detection logic
+ - header callback: Don't chop headers into smaller pieces
+ - CURLOPT_HEADER.3: Clarify problems with different data sizes
+ - curl --version: Show PSL if the run-time lib has it enabled
+ - examples/sftpuploadresume: Resume upload via CURLOPT_APPEND
+ - Return error if called recursively from within callbacks
+ - sasl: Prefer PLAIN mechanism over LOGIN
+ - winbuild: Use CALL to run batch scripts
+ - curl_share_setopt.3: Connection cache is shared within multi handles
+ - winbuild: Use macros for the names of some build utilities
+ - projects/README: Remove reference to dead IDN link/package
+ - lib655: Silence compiler warning
+ - configure: Fix version check for OpenSSL 1.1.1
+ - docs/MANUAL: formfind.pl is not accessible on the site anymore
+ - unit1309: Fix warning on Windows x64
+ - unit1307: Proper cleanup on OOM to fix torture tests
+ - curl_ctype: Fix macro redefinition warnings
+ - build: Get CFLAGS (including -werror) used for examples and tests
+ - NO_PROXY: Fix for IPv6 numericals in the URL
+ - krb5: Use nondeprecated functions
+ - winbuild: Prefer documented zlib library names
+ - http2: Mark the connection for close on GOAWAY
+ - limit-rate: Kick in even before "limit" data has been received
+ - HTTP: Allow "header;" to replace an internal header with a blank one
+ - http2: Verbose output new MAX_CONCURRENT_STREAMS values
+ - SECURITY: Distros' max embargo time is 14 days
+ - curl tool: Accept --compressed also if Brotli is enabled and zlib is not
+ - WolfSSL: Adding TLSv1.3
+ - checksrc.pl: Add -i and -m options
+ - CURLOPT_COOKIEFILE.3: "-" as file name means stdin
+
+* Mon Mar 12 2018 Paul Howarth <paul@city-fan.org> - 7.58.0-8.0.cf
+- http2: mark the connection for close on GOAWAY
+
+* Mon Feb 19 2018 Paul Howarth <paul@city-fan.org> - 7.58.0-7.0.cf
+- Add explicitly-used build requirements
+- Fix libcurl soname version number in %%files list to avoid accidental soname
+ bumps
+
+* Thu Feb 15 2018 Paul Howarth <paul@city-fan.org> - 7.58.0-6.0.cf
+- Drop ldconfig scriptlets from Fedora 28 onwards
+
+* Tue Feb 13 2018 Paul Howarth <paul@city-fan.org> - 7.58.0-5.0.cf
+- Drop temporary work around for ICE on x86_64 (#1540549)
+
+* Fri Feb 9 2018 Paul Howarth <paul@city-fan.org> - 7.58.0-4.0.cf
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Wed Jan 31 2018 Paul Howarth <paul@city-fan.org> - 7.58.0-3.0.cf
+- Temporarily work around internal compiler error on x86_64 (#1540549)
+- Disable brp-ldconfig to make RemovePathPostfixes work with shared libs again
+
+* Thu Jan 25 2018 Paul Howarth <paul@city-fan.org> - 7.58.0-2.0.cf
+- Use libssh (instead of libssh2) to implement SCP/SFTP in libcurl from
+ Fedora 28 onwards (#1531483)
+
+* Wed Jan 24 2018 Paul Howarth <paul@city-fan.org> - 7.58.0-1.0.cf
+- Update to 7.58.0
+ - New libssh-powered SSH SCP/SFTP back-end
+ - curl-config: Add --ssl-backends
+ - http2: Fix incorrect trailer buffer size (CVE-2018-1000005)
+ - http: Prevent custom Authorization headers in redirects (CVE-2018-1000007)
+ - travis: Add boringssl build
+ - examples/xmlstream.c: Don't switch off CURL_GLOBAL_SSL
+ - SSL: Avoid magic allocation of SSL backend specific data
+ - lib: Don't export all symbols, just everything curl_*
+ - libssh2: Send the correct CURLE error code on scp file not found
+ - libssh2: Return CURLE_UPLOAD_FAILED on failure to upload
+ - openssl: Enable pkcs12 in boringssl builds
+ - libssh2: Remove dead code from SSH_SFTP_QUOTE
+ - sasl_getmessage: Make sure we have a long enough string to pass
+ - conncache: Fix several lock issues
+ - threaded-shared-conn.c: New example
+ - conncache: Only allow multiplexing within same multi handle
+ - configure: Check for netinet/in6.h
+ - URL: Tolerate backslash after drive letter for FILE:
+ - openldap: Add commented out debug possibilities
+ - include: Get netinet/in.h before linux/tcp.h
+ - CONNECT: Keep close connection flag in http_connect_state struct
+ - BINDINGS: Another PostgreSQL client
+ - curl: Limit -# update frequency for unknown total size
+ - configure: Add AX_CODE_COVERAGE only if using gcc
+ - curl.h: Remove incorrect comment about ERRORBUFFER
+ - openssl: Improve data-pending check for https proxy
+ - curl: Remove __EMX__ #ifdefs
+ - CURLOPT_PRIVATE.3: Fix grammar
+ - sftp: Allow quoted commands to use relative paths
+ - CURLOPT_DNS_CACHE_TIMEOUT.3: See also CURLOPT_RESOLVE
+ - RESOLVE: Output verbose text when trying to set a duplicate name
+ - openssl: Disable file buffering for Win32 SSLKEYLOGFILE
+ - multi_done: Prune DNS cache
+ - tests: Update .gitignore for libtests
+ - tests: Mark data files as non-executable in git
+ - CURLOPT_DNS_LOCAL_IP4.3: Fixed the "SEE ALSO" to not self-reference
+ - curl.1: Documented two missing valid exit codes
+ - curl.1: Mention http:// and https:// as valid proxy prefixes
+ - vtls: Replaced getenv() with curl_getenv()
+ - setopt: Less *or equal* than INT_MAX/1000 should be fine
+ - examples/smtp-mail.c: Use separate defines for options and mail
+ - curl: Support >256 bytes warning messages
+ - conncache: Fix a return code
+ - krb5: Fix a potential access of uninitialized memory
+ - rand: Add a clang-analyzer work-around
+ - CURLOPT_READFUNCTION.3: Refer to argument with correct name
+ - brotli: Allow compiling with version 0.6.0
+ - content_encoding: Rework zlib_inflate
+ - curl_easy_reset: Release mime-related data
+ - examples/rtsp: Fix error handling macros
+ - build-openssl.bat: Added support for VC15
+ - build-wolfssl.bat: Added support for VC15
+ - build: Added Visual Studio 2017 project files
+ - winbuild: Added support for VC15
+ - curl: Support size modifiers for --max-filesize
+ - examples/cacertinmem: Ignore cert-already-exists error
+ - brotli: Data at the end of content can be lost
+ - curl_version_info.3: Call the argument 'age'
+ - openssl: Fix memory leak of SSLKEYLOGFILE filename
+ - build: Remove HAVE_LIMITS_H check
+ - --mail-rcpt: Fix short-text description
+ - scripts: Allow all perl scripts to be run directly
+ - progress: Calculate transfer speed on milliseconds if possible
+ - system.h: Check __LONG_MAX__ for defining curl_off_t
+ - easy: Fix connection ownership in curl_easy_pause
+ - setopt: Reintroduce non-static Curl_vsetopt() for OS400 support
+ - setopt: Fix SSLVERSION to allow CURL_SSLVERSION_MAX_ values
+ - configure.ac: Append extra linker flags instead of prepending them
+ - HTTP: Bail out on negative Content-Length: values
+ - docs: Comment about CURLE_READ_ERROR returned by curl_mime_filedata
+ - mime: Clone mime tree upon easy handle duplication
+ - openssl: Enable SSLKEYLOGFILE support by default
+ - smtp/pop3/imap_get_message: Decrease the data length too...
+ - CURLOPT_TCP_NODELAY.3: Fix typo
+ - SMB: Fix numeric constant suffix and variable types
+ - ftp-wildcard: Fix matching an empty string with "*[^a]"
+ - curl_fnmatch: only allow 5 '*' sections in a single pattern
+ - openssl: Fix potential memory leak in SSLKEYLOGFILE logic
+ - SSH: Fix state machine for ssh-agent authentication
+ - examples/url2file.c: Add missing curl_global_cleanup() call
+ - http2: Don't close connection when single transfer is stopped
+ - libcurl-env.3: First version
+ - curl: Progress bar refresh, get width using ioctl()
+ - CONNECT_TO: Fail attempt to set an IPv6 numerical without IPv6 support
+
+* Wed Nov 29 2017 Paul Howarth <paul@city-fan.org> - 7.57.0-1.0.cf
+- Update to 7.57.0
+ - auth: Add support for RFC7616 - HTTP Digest access authentication
+ - share: Add support for sharing the connection cache
+ - HTTP: Implement Brotli content encoding
+ - Fix CVE-2017-8816: NTLM buffer overflow via integer overflow
+ - Fix CVE-2017-8817: FTP wildcard out of bounds read
+ - Fix CVE-2017-8818: SSL out of buffer access
+ - curl_mime_filedata.3: Fix typos
+ - libtest: Add required test libraries for lib1552 and lib1553
+ - Fix time diffs for systems using unsigned time_t
+ - ftplistparser: Memory leak fix: always free temporary memory
+ - multi: Allow table handle sizes to be overridden
+ - wildcards: Don't use with non-supported protocols
+ - curl_fnmatch: Return error on illegal wildcard pattern
+ - transfer: Fix chunked-encoding upload too early exit
+ - curl_setup: Improve detection of CURL_WINDOWS_APP
+ - resolvers: Only include anything if needed
+ - setopt: Fix CURLOPT_SSH_AUTH_TYPES option read
+ - appveyor: Add a win32 build
+ - Curl_timeleft: Change return type to timediff_t
+ - cmake: Export libcurl and curl targets to use by other cmake projects
+ - curl: In -F option arg, comma is a delimiter for files only
+ - curl: Improved ";type=" handling in -F option arguments
+ - timeval: Use mach_absolute_time() on MacOS
+ - curlx: The timeval functions are no longer provided as curlx_*
+ - mkhelp.pl: Do not generate comment with current date
+ - memdebug: Use send/recv signature for curl_dosend/curl_dorecv
+ - cookie: Avoid NULL dereference
+ - url: Fix CURLOPT_POSTFIELDSIZE arg value check to allow -1
+ - include: Remove conncache.h inclusion from where it's not needed
+ - CURLOPT_MAXREDIRS: Allow -1 as a value
+ - tests: Fixed torture tests on tests 556 and 650
+ - http2: Fixed OOM handling in upgrade request
+ - url: Fix CURLOPT_DNS_CACHE_TIMEOUT arg value check to allow -1
+ - CURLOPT_INFILESIZE: Accept -1
+ - curl: Pass through [] in URLs instead of calling globbing error
+ - curl: Speed up handling of many URLs
+ - ntlm: Avoid malloc(0) for zero length passwords
+ - url: Remove faulty arg value check from CURLOPT_SSH_AUTH_TYPES
+ - HTTP: Support multiple Content-Encodings
+ - travis: Add a job with brotli enabled
+ - url: Remove unnecessary NULL-check
+ - fnmatch: Remove dead code
+ - connect: Store IPv6 connection status after valid connection
+ - imap: Deal with commands case insensitively
+ - --interface: Add support for Linux VRF
+ - content_encoding: Fix inflate_stream for no bytes available
+ - cmake: Correctly include curl.rc in Windows builds
+ - cmake: Add missing setmode check
+ - connect.c: Remove executable bit on file
+ - SMB: Fix uninitialized local variable
+ - zlib/brotli: Only include header files in modules needing them
+ - URL: Return error on malformed URLs with junk after IPv6 bracket
+ - openssl: Fix too broad use of HAVE_OPAQUE_EVP_PKEY
+ - macOS: Fix missing connectx function with Xcode version older than 9.0
+ - --resolve: Allow IP address within [] brackets
+ - examples/curlx: Fix code style
+ - ntlm: Remove unnecessary NULL-check to please scan-build
+ - Curl_llist_remove: Fix potential NULL pointer deref
+ - mime: Fix "Value stored to 'sz' is never read" scan-build error
+ - openssl: Fix "Value stored to 'rc' is never read" scan-build error
+ - http2: Fix "Value stored to 'hdbuf' is never read" scan-build error
+ - http2: Fix "Value stored to 'end' is never read" scan-build error
+ - Curl_open: Fix OOM return error correctly
+ - url: Reject ASCII control characters and space in host names
+ - examples/rtsp: Clear RANGE again after use
+ - connect: Improve the bind error message
+ - make: Fix "make distclean"
+ - connect: Add support for new TCP Fast Open API on Linux
+ - metalink: Fix memory leak and NULL pointer dereference
+ - URL: Update "file:" URL handling
+ - ssh: Remove check for a NULL pointer
+ - global_init: Ignore CURL_GLOBAL_SSL's absence
+
+* Mon Oct 23 2017 Paul Howarth <paul@city-fan.org> - 7.56.1-1.0.cf
+- Update to 7.56.1
+ - imap: If a FETCH response has no size, don't call write callback
+ (CVE-2017-1000257)
+ - ftp: UBsan fixup 'pointer index expression overflowed
+ - failf: Skip the sprintf() if there are no consumers
+ - fuzzer: Move to using external curl-fuzzer
+ - lib/Makefile.m32: Allow customizing dll suffixes
+ - docs: Fix typo in curl_mime_data_cb man page
+ - darwinssl: Add support for TLSv1.3
+ - build: Fix --disable-crypto-auth
+ - lib/config-win32.h: Let SMB/SMBS be enabled with OpenSSL/NSS
+ - openssl: Fix build without HAVE_OPAQUE_EVP_PKEY
+ - strtoofft: Remove extraneous null check
+ - multi_cleanup: Call DONE on handles that never got that
+ - tests: Added flaky keyword to tests 587 and 644
+ - pingpong: Return error when trying to send without connection
+ - remove_handle: Call multi_done() first, then clear dns cache pointer
+ - mime: Be tolerant about setting twice the same header list in a part
+ - mime: Improve unbinding top multipart from easy handle.
+ - mime: Avoid resetting a part's encoder when part's contents change
+ - mime: Refuse to add subparts to one of their own descendants
+ - RTSP: Avoid integer overflow on funny RTSP responses
+ - curl: Don't pass semicolons when parsing Content-Disposition
+ - openssl: Enable PKCS12 support for !BoringSSL
+ - FAQ: s/CURLOPT_PROGRESSFUNCTION/CURLOPT_XFERINFOFUNCTION
+ - CURLOPT_NOPROGRESS.3: Also refer to xferinfofunction
+ - CURLOPT_XFERINFODATA.3: Fix duplicate see also
+ - test298: Verify --ftp-method nowcwd with URL encoded path
+ - FTP: URL decode path for dir listing in nocwd mode
+ - smtp_done: Fix memory leak on send failure
+ - ftpserver: Support case insensitive commands
+ - test950: Verify SMTP with custom request
+ - openssl: Don't use old BORINGSSL_YYYYMM macros
+ - setopt: Update current connection SSL verify params
+ - winbuild/BUILD.WINDOWS.txt: Mention WITH_NGHTTP2
+ - curl: Reimplement stdin buffering in -F option
+ - mime: Keep "text/plain" content type if user-specified
+ - mime: Fix the content reader to handle >16K data properly
+ - configure: Remove the C++ compiler check
+ - memdebug: Trace send, recv and socket
+ - runtests: Use valgrind for torture as well
+ - ldap: Silence clang warning
+ - makefile.m32: Allow to override gcc, ar and ranlib
+ - setopt: Avoid integer overflows when setting millsecond values
+ - setopt: Range check most long options
+ - ftp: Reject illegal IP/port in PASV 227 response
+ - mime: Do not reuse previously computed multipart size
+ - vtls: Change struct Curl_ssl 'close' field name to 'close_one'
+ - os400: Add missing symbols in config file
+ - mime: Limit bas64-encoded lines length to 76 characters
+ - mk-ca-bundle: Remove URL for aurora
+ - mk-ca-bundle: Fix URL for NSS
+
+* Wed Oct 4 2017 Paul Howarth <paul@city-fan.org> - 7.56.0-1.0.cf
+- Update to 7.56.0
+ - curl: Enable compression for SCP/SFTP with --compressed-ssh
+ - libcurl: Enable compression for SCP/SFTP with CURLOPT_SSH_COMPRESSION
+ - vtls: Added dynamic changing SSL backend with curl_global_sslset()
+ - New MIME API, curl_mime_init() and friends
+ - openssl: Initial SSLKEYLOGFILE implementation
+ - FTP: zero terminate the entry path even on bad input (CVE-2017-1000254)
+ - examples/ftpuploadresume.c: Use portable code
+ - runtests: Match keywords case insensitively
+ - travis: Build the examples too
+ - strtoofft: Reduce integer overflow risks globally
+ - zsh.pl: Produce a working completion script again
+ - cmake: Remove dead code for CURL_DISABLE_RTMP
+ - progress: Track total times following redirects
+ - configure: Fix --disable-threaded-resolver
+ - cmake: Remove dead code for DISABLED_THREADSAFE
+ - configure: Fix clang version detection
+ - darwinssl: Fix error: variable length array used
+ - travis: Add metalink to some osx builds
+ - configure: Check for __builtin_available() availability
+ - http_proxy: Fix build error for CURL_DOES_CONVERSIONS
+ - examples/ftpuploadresume: checksrc compliance
+ - ftp: Fix CWD when doing multicwd then nocwd on same connection
+ - system.h: Remove all CURL_SIZEOF_* defines
+ - http: Don't wait on CONNECT when there is no proxy
+ - system.h: Check for __ppc__ as well
+ - http2_recv: Return error better on fatal h2 errors
+ - scripts/contri*sh: Use "git log --use-mailmap"
+ - tftp: Fix memory leak on too long filename
+ - system.h: Fix build for hppa
+ - cmake: Enable picky compiler options with clang and gcc
+ - makefile.m32: Add support for libidn2
+ - curl: Turn off MinGW CRT's globbing
+ - request-target.d: Mention added in 7.55.0
+ - curl: Shorten and clean up CA cert verification error message
+ - imap: Support PREAUTH
+ - CURLOPT_USERPWD.3: See also CURLOPT_PROXYUSERPWD
+ - examples/threaded-ssl: Mention that this is for openssl before 1.1
+ - winbuild: Fix embedded manifest option
+ - tests: Make sure libtests and unittests call curl_global_cleanup()
+ - system.h: include sys/poll.h for AIX
+ - darwinssl: Handle long strings in TLS certs
+ - strtooff: Fix build for systems with long long but no strtoll
+ - asyn-thread: Improved cleanup after OOM situations
+ - HELP-US.md: "How to get started helping out in the curl project"
+ - curl.h: CURLSSLBACKEND_WOLFSSL used wrong value
+ - unit1301: Fix error message on first test
+ - ossfuzz: Moving towards the ideal integration
+ - http: Fix a memory leakage in checkrtspprefix()
+ - examples/post-callback: Stop returning one byte at a time
+ - schannel: return CURLE_SSL_CACERT on failed verification
+ - MAIL-ETIQUETTE: Added "1.9 Your emails are public"
+ - http-proxy: Treat all 2xx as CONNECT success
+ - openssl: Use OpenSSL's default ciphers by default
+ - runtests.pl: Support attribute "nonewline" in part verify/upload
+ - configure: Remove --enable-soname-bump and SONAME_BUMP
+ - travis: Add c-ares enabled builds linux + osx
+ - vtls: Fix WolfSSL 3.12 build problems
+ - http-proxy: When not doing CONNECT, that phase is done immediately
+ - configure: Fix curl_off_t check's include order
+ - configure: Use -Wno-varargs on clang 3.9[.X] debug builds
+ - rtsp: Do not call fwrite() with NULL pointer FILE *
+ - mbedtls: Enable CA path processing
+ - travis: Add build without HTTP/SMTP/IMAP
+ - checksrc: Verify more code style rules
+ - HTTP proxy: On connection re-use, still use the new remote port
+ - tests: Add initial gssapi test using stub implementation
+ - rtsp: Segfault when using WRITEDATA
+ - docs: Clarify the CURLOPT_INTERLEAVE* options behavior
+ - non-ascii: Use iconv() with 'char **' argument
+ - server/getpart: Provide dummy function to build conversion enabled
+ - conversions: Fix several compiler warnings
+ - openssl: Add missing includes
+ - schannel: Support partial send for when data is too large
+ - socks: Fix incorrect port number in SOCKS4 error message
+ - curl: Fix integer overflow in timeout options
+- Re-enable temporarily disabled IDN2 test-cases
+
+* Tue Aug 29 2017 Paul Howarth <paul@city-fan.org> - 7.55.1-5.0.cf
+- Fix NetworkManager connectivity check not working (#1485702)
+
+* Wed Aug 23 2017 Paul Howarth <paul@city-fan.org> - 7.55.1-3.0.cf
+- Utilize system wide crypto policies for TLS (#1483972)
+
+* Tue Aug 15 2017 Paul Howarth <paul@city-fan.org> - 7.55.1-2.0.cf
+- Make zsh completion work again
+
+* Mon Aug 14 2017 Paul Howarth <paul@city-fan.org> - 7.55.1-1.0.cf
+- Update to 7.55.1
+ - build: Fix 'make install' with configure, install docs/libcurl/* too
+ - make install: Add 8 missing man pages to the installation
+ - curl: Do bounds check using a double comparison
+ - dist: Add dictserver.py/negtelnetserver.py to release
+ - digest_sspi: Don't reuse context if the user/passwd has changed
+ - gitignore: Ignore top-level .vs folder
+ - build: Check out *.sln files with Windows line endings
+ - travis: Verify "make install"
+ - dist: Fix the cmake build by shipping cmake_uninstall.cmake.in too
+ - metalink: Fix error: ‘*’ in boolean context, suggest ‘&&’ instead
+ - configure: Use the threaded resolver backend by default if possible
+ - mkhelp.pl: Allow executing this script directly
+ - maketgz: Remove old *.dist files before making the tarball
+ - openssl: Remove CONST_ASN1_BIT_STRING
+ - openssl: Fix "error: this statement may fall through"
+ - proxy: Fix memory leak in case of invalid proxy server name
+ - curl/system.h: Support more architectures (OpenRISC, ARC)
+ - docs: Fix typos
+ - curl/system.h: Add Oracle Solaris Studio
+ - CURLINFO_TOTAL_TIME: Could wrongly return 4200 seconds
+ - docs: --connect-to clarified
+ - cmake: Allow user to override CMAKE_DEBUG_POSTFIX
+ - travis: Test cmake build on tarball too
+ - redirect: Make it handle absolute redirects to IDN names
+ - curl/system.h: Fix for gcc on PowerPC
+ - curl --interface: Fixed for IPV6 unique local addresses
+ - cmake: threads detection improvements
+
+* Wed Aug 9 2017 Paul Howarth <paul@city-fan.org> - 7.55.0-1.1.cf
+- Address some test suite issues
+
+* Wed Aug 9 2017 Paul Howarth <paul@city-fan.org> - 7.55.0-1.0.cf
+- Update to 7.55.0
+ New Features:
+ - curl: Allow --header and --proxy-header read from file
+ - getinfo: Provide sizes as curl_off_t
+ - curl: Prevent binary output spewed to terminal
+ - curl: Added --request-target
+ - libcurl: Added CURLOPT_REQUEST_TARGET
+ - curl: Added --socks5-{basic,gssapi}: control socks5 auth
+ - libcurl: Added CURLOPT_SOCKS5_AUTH
+ Bug Fixes:
+ - glob: Do not parse after a strtoul() overflow range (CVE-2017-1000101)
+ - tftp: Reject file name lengths that don't fit (CVE-2017-1000100)
+ - file: Output the correct buffer to the user (CVE-2017-1000099)
+ - includes: Remove curl/curlbuild.h and curl/curlrules.h
+ - dist: Make the hugehelp.c not get regenerated unnecessarily
+ - timers: Store internal time stamps as time_t instead of doubles
+ - progress: Let "current speed" be UL + DL speeds combined
+ - http-proxy: Do the HTTP CONNECT process entirely non-blocking
+ - lib/curl_setup.h: Remove CURL_WANTS_CA_BUNDLE_ENV
+ - fuzz: Bring oss-fuzz initial code converted to C89
+ - configure: Disable nghttp2 too if HTTP has been disabled
+ - mk-ca-bundle.pl: Check curl's exit code after certdata download
+ - test1148: Verify the -# progressbar
+ - tests: Stabilize test 2032 and 2033
+ - HTTPS-Proxy: Don't offer h2 for https proxy connections
+ - http-proxy: Only attempt FTP over HTTP proxy
+ - curl-compilers.m4: Enable vla warning for clang
+ - curl-compilers.m4: Enable double-promotion warning
+ - curl-compilers.m4: Enable missing-variable-declarations clang warning
+ - curl-compilers.m4: Enable comma clang warning
+ - Makefile.m32: Enable -W for MinGW32 build
+ - CURLOPT_PREQUOTE: Not supported for SFTP
+ - http2: Fix OOM crash
+ - PIPELINING_SERVER_BL: Clean up the internal list use
+ - mkhelp.pl: Fix script name in usage text
+ - lib1521: Add curl_easy_getinfo calls to the test set
+ - travis: Do the distcheck test build out-of-tree as well
+ - if2ip: Fix compiler warning in ISO C90 mode
+ - lib: Fix the djgpp build
+ - typecheck-gcc: Add support for CURLINFO_OFF_T
+ - travis: Enable typecheck-gcc warnings
+ - maketgz: Switch to xz instead of lzma
+ - CURLINFO_REDIRECT_URL.3: Mention the CURLOPT_MAXREDIRS case
+ - curl-compilers.m4: Fix unknown-warning-option on Apple clang
+ - winbuild: Fix boringssl build
+ - curl/system.h: Add check for XTENSA for 32bit gcc
+ - test1537: Fixed memory leak on OOM
+ - test1521: Fix compiler warnings
+ - curl: Fix memory leak on test 1147 OOM
+ - libtest/make: Generate lib1521.c dynamically at build-time
+ - curl_strequal.3: Fix typo in SYNOPSIS
+ - progress: Prevent resetting t_starttransfer
+ - openssl: Improve fallback seed of PRNG with a time based hash
+ - http2: Improved PING frame handling
+ - test1450: Add simple testing for DICT
+ - make: Build the docs subdir only from within src
+ - cmake: Added compatibility options for older Windows versions
+ - gtls: Fix build when sizeof(long) < sizeof(void *)
+ - url: Make the original string get used on subsequent transfers
+ - timeval.c: Use long long constant type for timeval assignment
+ - tool_sleep: Typecast to avoid macos compiler warning
+ - travis.yml: Use --enable-werror on debug builds
+ - test1451: Add SMB support to the testbed
+ - configure: Remove checks for 5 functions never used
+ - configure: Try ldap/lber in reversed order first
+ - smb: Fix build for djgpp/MSDOS
+ - travis: Install nghttp2 on linux builds
+ - smb: Add support for CURLOPT_FILETIME
+ - cmake: Fix send/recv argument scanner for windows
+ - inet_pton: Fix include on windows to get prototype
+ - select.h: Avoid macro redefinition harder
+ - cmake: If inet_pton is used, bump _WIN32_WINNT
+ - asyn-thread.c: Fix unused variable warnings on macOS
+ - runtests: Support "threaded-resolver" as a feature
+ - test506: Skip if threaded-resolver
+ - cmake: Remove spurious "-l" from linker flags
+ - cmake: Add CURL_WERROR for enabling "warning as errors"
+ - memdebug: Don't setbuf() if the file open failed
+ - curl_easy_escape.3: Mention the (lack of) encoding
+ - test1452: Add telnet negotiation
+ - CURLOPT_POSTFIELDS.3: Explain the 100-continue magic better
+ - cmake: Offer CMAKE_DEBUG_POSTFIX when building with MSVC
+ - tests/valgrind.supp: Suppress OpenSSL false positive seen on travis
+ - curl_setup_once: Remove ERRNO/SET_ERRNO macros
+ - curl-compilers.m4: Disable warning spam with Cygwin's clang
+ - ldap: Fix MinGW compiler warning
+ - make: Fix docs build on OpenBSD
+ - curl_setup: Always define WIN32_LEAN_AND_MEAN on Windows
+ - system.h: include winsock2.h before windows.h
+ - winbuild: Build with warning level 4
+ - rtspd: Fix MSVC level 4 warning
+ - sockfilt: Suppress conversion warning with explicit cast
+ - libtest: Fix MSVC warning C4706
+ - darwinssl: Fix pinnedpubkey build error
+ - tests/server/resolve.c: Fix deprecation warning
+ - nss: Fix a possible use-after-free in SelectClientCert()
+ - checksrc: Escape open brace in regex
+ - multi: Mention integer overflow risk if using > 500 million sockets
+ - darwinssl: Fix --tlsv1.2 regression
+ - timeval: struct curltime is a struct timeval replacement
+ - curl_rtmp: Fix a compiler warning
+ - include.d: Clarify that it concerns the response headers
+ - cmake: Support make uninstall
+ - include.d: Clarify --include is only for response headers
+ - libcurl: Stop using error codes defined under CURL_NO_OLDIES
+ - http: Fix response code parser to avoid integer overflow
+ - configure: Fix the check for IdnToUnicode
+ - multi: Fix request timer management
+ - curl_threads: Fix MSVC compiler warning
+ - travis: Build on osx with openssl
+ - travis: Build on osx with libressl
+ - CURLOPT_NETRC.3: Mention the file name on Windows
+ - cmake: Set MSVC warning level to 4
+ - netrc: Skip lines starting with '#'
+ - darwinssl: Fix curlssl_sha256sum() compiler warnings on first argument
+ - BUILD.WINDOWS: Mention buildconf.bat for builds off git
+ - darwinssl: Silence compiler warnings
+ - travis: Build on osx with darwinssl
+ - FTP: Skip unnecessary CWD when in nocwd mode
+ - gssapi: Fix memory leak of output token in multi round context
+ - getparameter: Avoid returning uninitialized 'usedarg'
+ - curl (debug build) easy_events: Make event data static
+ - curl: Detect and bail out early on parameter integer overflows
+ - configure: Fix recv/send/select detection on Android
+- Drop curlbuild.h multilib hacks
+- Re-enable now-stabilized test 2033
+- Disable test 1427 on i686 (failing just-added test)
+- Manually install the libcurl manpages since upstream has accidentally stopped
+ doing so
+
+* Thu Aug 3 2017 Paul Howarth <paul@city-fan.org> - 7.54.1-8.0.cf
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Mon Jul 31 2017 Paul Howarth <paul@city-fan.org> - 7.54.1-7.0.cf
+- Enable separate debuginfo back
+
+* Thu Jul 27 2017 Paul Howarth <paul@city-fan.org> - 7.54.1-5.0.cf
+- Avoid build failure caused by broken RPM code that produces debuginfo
+ packages (https://github.com/rpm-software-management/rpm/issues/280)
+
+* Wed Jul 26 2017 Paul Howarth <paul@city-fan.org> - 7.54.1-3.0.cf
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Mon Jun 19 2017 Paul Howarth <paul@city-fan.org> - 7.54.1-2.0.cf
+- Enforce versioned openssl-libs dependency for libcurl (#1462184)
+
+* Wed Jun 14 2017 Paul Howarth <paul@city-fan.org> - 7.54.1-1.0.cf
+- Update to 7.54.1
+ - CVE-2017-9502: file: URL buffer overflow
+ - curl: Show the libcurl release date in --version output
+ - openssl: Fix memory leak in servercert
+ - tests: Remove the html and PDF versions from the tarball
+ - mbedtls: Enable NTLM (and SMB) even if MD4 support is unavailable
+ - typecheck-gcc: Handle function pointers properly
+ - llist: No longer uses malloc
+ - gnutls: Removed some code when --disable-verbose is configured
+ - lib: Fix maybe-uninitialized warnings
+ - multi: Clarify condition in curl_multi_wait
+ - schannel: Don't treat encrypted partial record as pending data
+ - configure: Fix the -ldl check for openssl, add -lpthread check
+ - configure: Accept -Og and -Ofast GCC flags
+ - Makefile: Avoid use of GNU-specific form of $<
+ - if2ip: Fix -Wcast-align warning
+ - configure: Stop prepending to LDFLAGS, CPPFLAGS
+ - curl: Set a 100K buffer size by default
+ - typecheck-gcc: Fix _curl_is_slist_info
+ - nss: Do not leak PKCS #11 slot while loading a key
+ - nss: Load libnssckbi.so if no other trust is specified
+ - examples: ftpuploadfrommem.c
+ - url: Declare get_protocol_family() static
+ - examples/cookie_interface.c: Changed to example.com
+ - test1443: Test --remote-time
+ - curl: Use utimes instead of obsolescent utime when available
+ - url: Fixed a memory leak on OOM while setting CURLOPT_BUFFERSIZE
+ - curl_rtmp: Fix missing-variable-declarations warnings
+ - tests: Fixed OOM handling of unit tests to abort test
+ - curl_setup: Ensure no more than one IDN lib is enabled
+ - tool: Fix missing prototype warnings for CURL_DOES_CONVERSIONS
+ - CURLOPT_BUFFERSIZE: 1024 bytes is now the minimum size
+ - curl: Non-boolean command line args reject --no- prefixes
+ - telnet: Write full buffer instead of byte-by-byte
+ - typecheck-gcc: Add missing string options
+ - typecheck-gcc: Add support for CURLINFO_SOCKET
+ - opt man pages: They all have examples now
+ - curl_setup_once: Use SEND_QUAL_ARG2 for swrite
+ - test557: Set a known good numeric locale
+ - schannel: Return a more specific error code for SEC_E_UNTRUSTED_ROOT
+ - tests/server: Make string literals const
+ - runtests: Use -R for random order
+ - unit1305: Fix compiler warning
+ - curl_slist_append.3: Clarify a NULL input creates a new list
+ - tests/server: Run checksrc by default in debug-builds
+ - tests: Fix -Wcast-qual warnings
+ - runtests.pl: Simplify the datacheck read section
+ - curl: Remove --environment and tool_writeenv.c
+ - buildconf: Fix hang on IRIX
+ - tftp: Silence bad-function-cast warning
+ - asyn-thread: Fix unused macro warnings
+ - tool_parsecfg: Fix -Wcast-qual warning
+ - sendrecv: Fix MinGW-w64 warning
+ - test537: Use correct variable type
+ - rand: Treat fake entropy the same regardless of endianness
+ - curl: Generate the --help output
+ - tests: Removed redundant --trace-ascii arguments
+ - multi: Assign IDs to all timers and make each timer singleton
+ - multi: Use a fixed array of timers instead of malloc
+ - mbedtls: Support server renegotiation request
+ - pipeline: Fix mistakenly trying to pipeline POSTs
+ - lib510: Don't write past the end of the buffer if it's too small
+ - CURLOPT_HTTPPROXYTUNNEL.3: Clarify, add example
+ - SecureTransport/DarwinSSL: Implement public key pinning
+ - curl.1: Clarify --config
+ - curl_sasl: Fix build error with CURL_DISABLE_CRYPTO_AUTH + USE_NTLM
+ - darwinssl: Fix exception when processing a client-side certificate
+ - curl.1: Mention --oauth2-bearer's <token> argument
+ - mkhelp.pl: Do not add current time into curl binary
+ - asiohiper.cpp / evhiperfifo.c: Deal with negative timerfunction input
+ - ssh: Fix memory leak in disconnect due to timeout
+ - tests: Stabilize test 1034
+ - cmake: Auto detection of CURL_CA_BUNDLE/CURL_CA_PATH
+ - assert: Avoid, use DEBUGASSERT instead
+ - LDAP: Using ldap_bind_s on Windows with methods
+ - redirect: Store the "would redirect to" URL when max redirs is reached
+ - winbuild: Fix the nghttp2 build
+ - examples: Fix -Wimplicit-fallthrough warnings
+ - time: Fix type conversions and compiler warnings
+ - mbedtls: Fix variable shadow warning
+ - test557: Fix ubsan runtime error due to int left shift
+ - transfer: Init the infilesize from the postfields
+ - docs: Clarify NO_PROXY further
+ - build-wolfssl: Sync config with wolfSSL 3.11
+ - curl-compilers.m4: Enable -Wshift-sign-overflow for clang
+ - example/externalsocket.c: Make it use CLOSESOCKETFUNCTION too
+ - lib574.c: Use correct callback proto
+ - lib583: Fix compiler warning
+ - curl-compilers.m4: Fix compiler_num for clang
+ - typecheck-gcc.h: Separate getinfo slist checks from other pointers
+ - typecheck-gcc.h: Check CURLINFO_TLS_SSL_PTR and CURLINFO_TLS_SESSION
+ - typecheck-gcc.h: Check CURLINFO_CERTINFO
+ - build: Provide easy code coverage measuring
+ - test1537: Dedicated tests of the URL (un)escape API calls
+ - curl_endian: Remove unused functions
+ - test1538: Verify the libcurl strerror API calls
+ - MD(4|5): Silence cast-align clang warning
+ - dedotdot: Fixed output for ".." and "." only input
+ - cyassl: Define build macros before including ssl.h
+ - updatemanpages.pl: Error out on too old git version
+ - curl_sasl: Fix unused-variable warning
+ - x509asn1: Fix implicit-fallthrough warning with GCC 7
+ - libtest: Fix implicit-fallthrough warnings with GCC 7
+ - BINDINGS: Add Ring binding
+ - curl_ntlm_core: Pass unsigned char to toupper
+ - test1262: Verify ftp download with -z for "if older than this"
+ - test1521: Test all curl_easy_setopt options
+ - typecheck-gcc: Allow CURLOPT_STDERR to be NULL too
+ - metalink: Remove unused printf() argument
+ - file: Make speedcheck use current time for checks
+ - configure: Fix link with librtmp when specifying path
+ - examples/multi-uv.c: Fix deprecated symbol
+ - cmake: Fix inconsistency regarding mbed TLS include directory
+ - setopt: Check CURLOPT_ADDRESS_SCOPE option range
+ - gitignore: Ignore all vim swap files
+ - urlglob: Fix division by zero
+ - libressl: OCSP and intermediate certs workaround no longer needed
+- New test 1446 segfaulting on builds for older distributions, so disable for
+ now
+- Update patches as needed
+
+* Thu May 4 2017 Paul Howarth <paul@city-fan.org> - 7.54.0-4.0.cf
+- Make curl-minimal require a new enough version of libcurl
+
+* Sat Apr 29 2017 Paul Howarth <paul@city-fan.org> - 7.54.0-3.1.cf
+- Don't require nss-pem for OpenSSL builds
+
+* Thu Apr 27 2017 Paul Howarth <paul@city-fan.org> - 7.54.0-3.0.cf
+- Switch the TLS backend back to OpenSSL for Fedora 27 onwards (#1445153)
+
+* Tue Apr 25 2017 Paul Howarth <paul@city-fan.org> - 7.54.0-2.0.cf
+- nss: use libnssckbi.so as the default source of trust
+- nss: do not leak PKCS #11 slot while loading a key (#1444860)
+
+* Wed Apr 19 2017 Paul Howarth <paul@city-fan.org> - 7.54.0-1.0.cf
+- Update to 7.54.0
+ - Add CURL_SSLVERSION_MAX_* constants to CURLOPT_SSLVERSION
+ - Add --max-tls
+ - Add CURLOPT_SUPPRESS_CONNECT_HEADERS
+ - Add --suppress-connect-headers
+ - CVE-2017-7468: switch off SSL session id when client cert is used
+ - cmake: Replace invalid UTF-8 byte sequence
+ - tests: Use consistent environment variables for setting charset
+ - proxy: Fixed a memory leak on OOM
+ - ftp: Removed an erroneous free in an OOM path
+ - docs: De-duplicate file lists in the Makefiles
+ - ftp: Fixed a NULL pointer dereference on OOM
+ - gopher: Fixed detection of an error condition from Curl_urldecode
+ - url: Fix unix-socket support for proxy-disabled builds
+ - test1139: Allow for the possibility that the man page is not rebuilt
+ - cyassl: Get library version string at runtime
+ - digest_sspi: Fix compilation warning
+ - tests: Enable HTTP/2 tests to run with non-default port numbers
+ - warnless: Suppress compiler warning
+ - darwinssl: Warn that disabling host verify also disables SNI
+ - configure: Fix for --enable-pthreads
+ - checksrc.bat: Ignore curl_config.h.in, curl_config.h
+ - no-keepalive.d: Fix typo
+ - configure: Fix --with-zlib when a path is specified
+ - build: Fix gcc7 implicit fallthrough warnings
+ - Fix potential use of uninitialized variables
+ - CURLOPT_SSL_CTX_FUNCTION.3: Fix EXAMPLE formatting errors
+ - CMake: Reorganize SSL support, separate WinSSL and SSPI
+ - CMake: Add DarwinSSL support
+ - CMake: Add mbedTLS support
+ - ares: Return error at once if timed out before name resolve starts
+ - BINDINGS: Added C++, perl, go and Scilab bindings
+ - URL: Return error on malformed URLs with junk after port number
+ - KNOWN_BUGS: Add DarwinSSL won't import PKCS#12 without a password
+ - http2: Fix assertion error on redirect with CL=0
+ - updatemanpages.pl: Update man pages to use current date and versions
+ - --insecure: Clarify that this option is for server connections
+ - mkhelp: Simplified the gzip code
+ - build: Fixed making man page in out-of-tree tarball builds
+ - tests: Disabled 1903 due to flakiness
+ - openssl: Add two /* FALLTHROUGH */ to satisfy coverity
+ - cmdline-opts: Fixed a few typos
+ - authneg: Clear auth.multi flag at http_done
+ - curl_easy_reset: Also reset the authentication state
+ - proxy: Skip SSL initialization for closed connections
+ - http_proxy: Ignore TE and CL in CONNECT 2xx responses
+ - tool_writeout: Fixed a buffer read overrun on --write-out
+ - make: Regenerate docs/curl.1 by running make in docs
+ - winbuild: Add basic support for OpenSSL 1.1.x
+ - build: Removed redundant DEPENDENCIES from makefiles
+ - CURLINFO_LOCAL_PORT.3: Added example
+ - curl: Show HTTPS-Proxy options on CURLE_SSL_CACERT
+ - tests: Strip more options from non-HTTP --libcurl tests
+ - tests: Fixed the documented test server port numbers
+ - runtests.pl: Fixed display of the Gopher IPv6 port number
+ - multi: Fix streamclose() crash in debug mode
+ - cmake: Build manual pages
+ - cmake: Add support for building HTML and PDF docs
+ - mbedtls: Add support for CURLOPT_SSL_CTX_FUNCTION
+ - make: Introduce 'test-nonflaky' target
+ - CURLINFO_PRIMARY_IP.3: Add example
+ - tests/README: Mention nroff for --manual tests
+ - mkhelp: Disable compression if the perl gzip module is unavailable
+ - openssl: Fall back on SSL_ERROR_* string when no error detail
+ - asiohiper: Make sure socket is open in event_cb
+ - tests/README: Make "Run" section foolproof
+ - curl: Check for end of input in writeout backslash handling
+ - .gitattributes: Turn off CRLF for *.am
+ - multi: Fix MinGW-w64 compiler warnings
+ - schannel: Fix variable shadowing warning
+ - openssl: Exclude DSA code when OPENSSL_NO_DSA is defined
+ - http: Fix proxy connection reuse with basic-auth
+ - pause: Handle mixed types of data when paused
+ - http: Do not treat FTPS over CONNECT as HTTPS
+ - conncache: Make hashkey avoid malloc
+ - make: Use the variable MAKE for recursive calls
+ - curl: Fix callback argument inconsistency
+ - NTLM: Check for features with #ifdef instead of #if
+ - cmake: Add several missing files to the dist
+ - select: Use correct SIZEOF_ constant
+ - connect: Fix unreferenced parameter warning
+ - schannel: Fix unused variable warning
+ - gcc7: Fix ‘*’ in boolean context
+ - http2: Silence unused parameter warnings
+ - ssh: Fix narrowing conversion warning
+ - telnet: (win32) Fix read callback return variable
+ - docs: Explain --fail-early does not imply --fail
+ - docs: Added examples for CURLINFO_FILETIME.3 and CURLOPT_FILETIME.3
+ - tests/server/util: Remove in6addr_any for recent MinGW
+ - multi: Make curl_multi_wait avoid malloc in the typical case
+ - include: curl/system.h is a run-time version of curlbuild.h
+ - easy: Silence compiler warning
+ - llist: Replace Curl_llist_alloc with Curl_llist_init
+ - hash: Move key into hash struct to reduce mallocs
+ - url: Don't free postponed data on connection reuse
+ - curl_sasl: Declare mechtable static
+ - curl: Fix Windows Unicode build
+ - multi: Fix queueing of pending easy handles
+ - tool_operate: Fix MinGW compiler warning
+ - low_speed_limit: Improved function for longer time periods
+ - gtls: Fix compiler warning
+ - sspi: Print out InitializeSecurityContext() error message
+ - schannel: Fix compiler warnings
+ - vtls: fix unreferenced variable warnings
+ - INSTALL.md: Fix secure transport configure arguments
+ - CURLINFO_SCHEME.3: Fix variable type
+ - libcurl-thread.3: Also mention threaded-resolver
+ - nss: Load CA certificates even with --insecure
+ - openssl: Fix this statement may fall through
+ - poll: Prefer <poll.h> over <sys/poll.h>
+ - polarssl: Unbreak build with versions < 1.3.8
+ - Curl_expire_latest: Ignore already expired timers
+ - configure: Turn implicit function declarations into errors
+ - mbedtls: Fix memory leak in error path
+ - http2: Fix handle leak in error path
+ - .gitattributes: Force shell scripts to LF
+ - configure.ac: Ignore CR after version numbers
+ - extern-scan.pl: Strip trailing CR
+ - openssl: Make SSL_ERROR_to_str more future-proof
+ - openssl: Fix thread-safety bugs in error-handling
+ - openssl: Don't try to print nonexistant peer private keys
+ - nss: Fix MinGW compiler warnings
+- Switch to lzma-compressed upstream tarball
+
+* Thu Apr 13 2017 Paul Howarth <paul@city-fan.org> - 7.53.1-7.0.cf
+- Provide (lib)curl-minimal subpackages with lightweight build of (lib)curl
+ (Fedora 27 onwards)
+
+* Mon Apr 10 2017 Paul Howarth <paul@city-fan.org> - 7.53.1-5.0.cf
+- Disable upstream test 2033 (flaky test for HTTP/1 pipelining)
+
+* Fri Apr 7 2017 Paul Howarth <paul@city-fan.org> - 7.53.1-4.0.cf
+- Fix out of bounds read in curl --write-out (CVE-2017-7407)
+- Make the dependency on nss-pem arch-specific from F-25 onwards (#1428550)
+- Drop support for EOL distributions prior to F-13
+ - Drop BuildRoot: and Group: tags
+ - Drop buildroot cleaning in %%install
+ - Drop explicit %%clean section
+ - Drop explicit dependency on pkgconfig
+
+* Thu Mar 2 2017 Paul Howarth <paul@city-fan.org> - 7.53.1-2.0.cf
+- Rebuild to sync with Rawhide
+
+* Fri Feb 24 2017 Paul Howarth <paul@city-fan.org> - 7.53.1-1.0.cf
+- Update to 7.53.1
+ - cyassl: Fix typo
+ - url: Improve CURLOPT_PROXY_CAPATH error handling
+ - urldata: Include curl_sspi.h when Windows SSPI is enabled
+ - formdata: check for EOF when reading from stdin
+ - tests: Set CHARSET and LANG to UTF-8 in 1035, 2046 and 2047
+ - url: Default the proxy CA bundle location to CURL_CA_BUNDLE
+ - rand: Added missing #ifdef HAVE_FCNTL_H around fcntl.h header
+
+* Wed Feb 22 2017 Paul Howarth <paul@city-fan.org> - 7.53.0-1.0.cf
+- Update to 7.53.0
+ - CVE-2017-2629: Make SSL_VERIFYSTATUS work again
+ - unix_socket: Added --abstract-unix-socket and CURLOPT_ABSTRACT_UNIX_SOCKET
+ - CURLOPT_BUFFERSIZE: Support enlarging receive buffer
+ - gnutls-random: Check return code for failed random
+ - openssl-random: Check return code when asking for random
+ - http: Remove "Curl_http_done: called premature" message
+ - cyassl: Use time_t instead of long for timeout
+ - build-wolfssl: Sync config with wolfSSL 3.10
+ - ftp-gss: Check for init before use
+ - configure: Accept --with-libidn2 instead
+ - ftp: Failure to resolve proxy should return that error code
+ - curl.1: Add three more exit codes
+ - docs/ciphers: Link to our own new page about ciphers
+ - vtls: s/SSLEAY/OPENSSL - fixes multi_socket timeouts with openssl
+ - darwinssl: Fix iOS build
+ - darwinssl: Fix CFArrayRef leak
+ - cmake: Use crypt32.lib when building with OpenSSL on windows
+ - curl_formadd.3: CURLFORM_CONTENTSLENGTH not needed when chunked
+ - digest_sspi: Copy terminating NUL as well
+ - curl: Fix --remote-time incorrect times on Windows
+ - curl.1: Several updates and corrections
+ - content_encoding: Change return code on a failure
+ - curl.h: CURLE_FUNCTION_NOT_FOUND is no longer in use
+ - docs: TCP_KEEPALIVE start and interval default to 60
+ - darwinssl: --insecure overrides --cacert if both settings are in use
+ - TheArtOfHttpScripting: Grammar
+ - CIPHERS.md: Document GSKit ciphers
+ - wolfssl: Support setting cipher list
+ - wolfssl: Display negotiated SSL version and cipher
+ - lib506: Fix build for Open Watcom
+ - asiohiper: Improved socket handling
+ - examples: Make the C++ examples follow our code style too
+ - tests/sws: Retry send() on EWOULDBLOCK
+ - cmake: Fix passing _WINSOCKAPI_ macro to compiler
+ - smtp: Fix STARTTLS denied error message
+ - imap/pop3: Don't print response character in STARTTLS denied messages
+ - rand: Make it work without TLS backing
+ - url: Fix parsing for when 'file' is the default protocol
+ - url: Allow file://X:/path URLs on windows again
+ - gnutls: Check for alpn and ocsp in configure
+ - IDN: Use TR46 'non-transitional' for toASCII translations
+ - url: Fix NO_PROXY env var to work properly with --proxy option
+ - CURLOPT_PREQUOTE.3: Takes a struct curl_slist*, not a char*
+ - docs: Add note about libcurl copying strings to CURLOPT_* manpages
+ - curl: Reset the easy handle at --next
+ - --next docs: --trace and --trace-ascii are also global
+ - --write-out docs: 'time_total' is not always shown with ms precision
+ - http: Print correct HTTP string in verbose output when using HTTP/2
+ - docs: Improved language in README.md HISTORY.md CONTRIBUTE.md
+ - http2: Disable server push if not requested
+ - nss: Use the correct lock in nss_find_slot_by_name()
+ - usercertinmem.c: Improve the short description
+ - CURLOPT_CONNECT_TO: Fix compile warnings
+ - docs: Non-blocking SSL handshake is now supported with NSS
+ - *.rc: Escape non-ASCII/non-UTF-8 character for clarity
+ - mbedTLS: Fix multi interface non-blocking handshake
+ - PolarSSL: Fix multi interface non-blocking handshake
+ - VC: Remove the makefile.vc6 build infra
+ - telnet: Fix windows compiler warnings
+ - cookies: Do not assume a valid domain has a dot
+ - polarssl: Fix hangs
+ - gnutls: Disable TLS session tickets
+ - mbedtls: Disable TLS session tickets
+ - mbedtls: Implement CTR-DRBG and HAVEGE random generators
+ - openssl: Don't use certificate after transferring ownership
+ - cmake: Support curl --xattr when built with cmake
+ - OS400: Fix symbols
+ - docs: Add more HTTPS proxy documentation
+ - docs: Use more HTTPS links
+ - cmdline-opts: Fixed build and test in out of source tree builds
+ - CHANGES.0: Removed
+ - schannel: Remove incorrect SNI disabled message
+ - darwinssl: Avoid parsing certificates when not in verbose mode
+ - test552: Fix typos
+ - telnet: Fix typos
+ - transfer: Only retry nobody-requests for HTTP
+ - http2: Reset push header counter fixes crash
+ - nss: Make FTPS work with --proxytunnel
+ - test1139: Added the --manual keyword since the manual is required
+ - polarssl, mbedtls: Fix detection of pending data
+ - http_proxy: Fix tiny memory leak upon edge case connecting to proxy
+ - URL: Only accept ";options" in SMTP/POP3/IMAP URL schemes
+ - curl.1: ftp.sunet.se is no longer an FTP mirror
+ - tool_operate: Show HTTPS-Proxy options on CURLE_SSL_CACERT
+ - http2: Fix memory-leak when denying push streams
+ - configure: Allow disabling pthreads, fall back on Win32 threads
+ - curl: Fix typo in time condition warning message
+ - axtls: Adapt to API changes
+ - tool_urlglob: Allow a glob range with the same start and stop
+ - winbuild: Add note on auto-detection of MACHINE in Makefile.vc
+ - http: Fix missing 'Content-Length: 0' while negotiating auth
+ - proxy: Fix hostname resolution and IDN conversion
+ - docs: Fix timeout handling in multi-uv example
+ - digest_sspi: Fix nonce-count generation in HTTP digest
+ - sftp: Improved checks for create dir failures
+ - smb: Use getpid replacement for windows UWP builds
+ - digest_sspi: Handle 'stale=TRUE' directive in HTTP digest
+
+* Fri Feb 10 2017 Paul Howarth <paul@city-fan.org> - 7.52.1-2.0.cf
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Fri Dec 23 2016 Paul Howarth <paul@city-fan.org> - 7.52.1-1.0.cf
+- Update to 7.52.1
+ - CVE-2016-9594: Uninitialized random
+ - lib557: Fix checksrc warnings
+ - lib: Fix MSVC compiler warnings
+ - lib557.c: Use a shorter MAXIMIZE representation
+ - tests: Run checksrc on debug builds
+
+* Wed Dec 21 2016 Paul Howarth <paul@city-fan.org> - 7.52.0-1.0.cf
+- Update to 7.52.0
+ - nss: Map CURL_SSLVERSION_DEFAULT to NSS default
+ - vtls: Support TLS 1.3 via CURL_SSLVERSION_TLSv1_3
+ - curl: Introduce the --tlsv1.3 option to force TLS 1.3
+ - curl: Add --retry-connrefused
+ - proxy: Support HTTPS proxy and SOCKS+HTTP(s)
+ - Add CURLINFO_SCHEME, CURLINFO_PROTOCOL, and %%{scheme}
+ - curl: Add --fail-early
+ - CVE-2016-9586: printf floating point buffer overflow
+ - CVE-2016-9952: Win CE schannel cert wildcard matches too much
+ - CVE-2016-9953: Win CE schannel cert name out of buffer read
+ - msvc: Removed a straggling reference to strequal.c
+ - winbuild: Remove strcase.obj from curl build
+ - examples: Bugfixed multi-uv.c
+ - configure: Verify that compiler groks -Werror=partial-availability
+ - mbedtls: Fix build with mbedtls versions < 2.4.0
+ - dist: Add unit test CMakeLists.txt to the tarball
+ - curl -w: Added more decimal digits to timing counters
+ - easy: Initialize info variables on easy init and duphandle
+ - cmake: Disable poll for macOS
+ - http2: Don't send header fields prohibited by HTTP/2 spec
+ - ssh: Check md5 fingerprints case insensitively (regression)
+ - openssl: Initial TLS 1.3 adaptions
+ - curl_formadd.3: *_FILECONTENT and *_FILE need the file to be kept
+ - printf: Fix ".*f" handling
+ - examples/fileupload.c: fclose the file as well
+ - SPNEGO: Fix memory leak when authentication fails
+ - realloc: Use Curl_saferealloc to avoid common mistakes
+ - openssl: Make sure to fail in the unlikely event that PRNG seeding fails
+ - URL-parser: For file://[host]/ URLs, the [host] must be localhost
+ - timeval: Prefer time_t to hold seconds instead of long
+ - Curl_rand: Fixed and moved to rand.c
+ - glob: Fix [a-c] globbing regression
+ - darwinssl: Fix SSL client certificate not found on MacOS Sierra
+ - curl.1: Clarify --dump-header only writes received headers
+ - http2: Fix address sanitizer memcpy warning
+ - http2: Use huge HTTP/2 windows
+ - connects: Don't mix unix domain sockets with regular ones
+ - url: Fix conn reuse for local ports and interfaces
+ - x509: Limit ASN.1 structure sizes to 256K
+ - checksrc: Add more checks
+ - winbuild: Add config option ENABLE_NGHTTP2
+ - http2: Check nghttp2_session_set_local_window_size exists
+ - http2: Fix crashes when parent stream gets aborted
+ - CURLOPT_CONNECT_TO: Skip non-matching "connect-to" entries
+ - URL parser: Reject non-numerical port numbers
+ - CONNECT: Reject TE or CL in 2xx responses
+ - CONNECT: Read responses one byte at a time
+ - curl: Support zero-length argument strings in config files
+ - openssl: Don't use OpenSSL's ERR_PACK
+ - curl.1: Generated with the new man page system
+ - curl_easy_recv: Improve documentation and example program
+ - Curl_getconnectinfo: Avoid checking if the connection is closed
+ - CIPHERS.md: Attempt to document TLS cipher names
+
+* Mon Nov 21 2016 Paul Howarth <paul@city-fan.org> - 7.51.0-3.0.cf
+- Map CURL_SSLVERSION_DEFAULT to NSS default, add support for TLS 1.3
+ (#1396719)
+
+* Tue Nov 15 2016 Paul Howarth <paul@city-fan.org> - 7.51.0-2.0.cf
+- Stricter host name checking for file:// URLs
+- ssh: Check md5 fingerprints case insensitively
+
+* Wed Nov 2 2016 Paul Howarth <paul@city-fan.org> - 7.51.0-1.0.cf
+- Update to 7.51.0
+ - nss: Additional cipher suites are now accepted by CURLOPT_SSL_CIPHER_LIST
+ - New option: CURLOPT_KEEP_SENDING_ON_ERROR
+ - CVE-2016-8615: Cookie injection for other servers
+ - CVE-2016-8616: Case insensitive password comparison
+ - CVE-2016-8617: OOB write via unchecked multiplication
+ - CVE-2016-8618: Double-free in curl_maprintf
+ - CVE-2016-8619: Double-free in krb5 code
+ - CVE-2016-8620: glob parser write/read out of bounds
+ - CVE-2016-8621: curl_getdate read out of bounds
+ - CVE-2016-8622: URL unescape heap overflow via integer truncation
+ - CVE-2016-8623: Use-after-free via shared cookies
+ - CVE-2016-8624: Invalid URL parsing with '#'
+ - CVE-2016-8625: IDNA 2003 makes curl use wrong host
+ - openssl: Fix per-thread memory leak using 1.0.1 or 1.0.2
+ - http: Accept "Transfer-Encoding: chunked" for HTTP/2 as well
+ - LICENSE-MIXING.md: Update with mbedTLS dual licensing
+ - examples/imap-append: Set size of data to be uploaded
+ - test2048: Fix url
+ - darwinssl: Disable RC4 cipher-suite support
+ - CURLOPT_PINNEDPUBLICKEY.3: Fix the AVAILABILITY formatting
+ - openssl: Don’t call CRYTPO_cleanup_all_ex_data
+ - libressl: Fix version output
+ - easy: Reset all statistical session info in curl_easy_reset
+ - curl_global_cleanup.3: Don't unload the lib with sub threads running
+ - dist: Add CurlSymbolHiding.cmake to the tarball
+ - docs: Remove that --proto is just used for initial retrieval
+ - configure: Fixed builds with libssh2 in a custom location
+ - curl.1: --trace supports %% for sending to stderr!
+ - cookies: Same domain handling changed to match browser behaviour
+ - formpost: Trying to attach a directory no longer crashes
+ - CURLOPT_DEBUGFUNCTION.3: Fixed unused argument warning
+ - formpost: Avoid silent snprintf() truncation
+ - ftp: Fix Curl_ftpsendf
+ - mprintf: Return error on too many arguments
+ - smb: Properly check incoming packet boundaries
+ - GIT-INFO: Remove the Mac 10.1-specific details
+ - resolve: Add error message when resolving using SIGALRM
+ - cmake: Add nghttp2 support
+ - dist: Remove PDF and HTML converted docs from the releases
+ - configure: Disable poll() in macOS builds
+ - vtls: Only re-use session-ids using the same scheme
+ - pipelining: Skip to-be-closed connections when pipelining
+ - win: Fix Universal Windows Platform build
+ - curl: Do not set CURLOPT_SSLENGINE to DEFAULT automatically
+ - maketgz: Make it support "only" generating version info
+ - Curl_socket_check: Add extra check to avoid integer overflow
+ - gopher: Properly return error for poll failures
+ - curl: Set INTERLEAVEDATA too
+ - polarssl: Clear thread array at init
+ - polarssl: Fix unaligned SSL session-id lock
+ - polarssl: Reduce #ifdef madness with a macro
+ - curl_multi_add_handle: Set timeouts in closure handles
+ - configure: Set min version flags for builds on mac
+ - INSTALL: Converted to markdown => INSTALL.md
+ - curl_multi_remove_handle: Fix a double-free
+ - multi: Fix infinite loop in curl_multi_cleanup()
+ - nss: Fix tight loop in non-blocking TLS handshake over proxy
+ - mk-ca-bundle: Change URL retrieval to HTTPS-only by default
+ - mbedtls: Stop using deprecated include file
+ - docs: Fix req->data in multi-uv example
+ - configure: Fix test syntax for monotonic clock_gettime
+ - CURLMOPT_MAX_PIPELINE_LENGTH.3: Clarify it's not for HTTP/2
+- Use libidn2 from Fedora 25 onwards
+
+* Fri Oct 7 2016 Paul Howarth <paul@city-fan.org> - 7.50.3-2.0.cf
+- Use the just-built version of libcurl while generating zsh completion
+
+* Wed Sep 14 2016 Paul Howarth <paul@city-fan.org> - 7.50.3-1.0.cf
+- Update to 7.50.3
+ - CVE-2016-7167: Escape and unescape integer overflows
+ - mk-ca-bundle.pl: Use SHA256 instead of SHA1
+ - checksrc: Detect strtok() use
+ - errors: New alias CURLE_WEIRD_SERVER_REPLY
+ - http2: Support > 64bit sized uploads
+ - openssl: Fix bad memory free (regression)
+ - CMake: Hide private library symbols
+ - http: Refuse to pass on response body when NO_NODY was set
+ - cmake: Fix curl-config --static-libs
+ - mbedtls: Switch off NTLM in build if md4 isn't available
+ - curl: --create-dirs on Windows groks both forward and backward slashes
+
+* Wed Sep 7 2016 Paul Howarth <paul@city-fan.org> - 7.50.2-1.0.cf
+- Update to 7.50.2
+ - nss: Fix incorrect use of a previously loaded certificate from file
+ (CVE-2016-7141)
+ - nss: Work around race condition in PK11_FindSlotByName()
+ - mbedtls: Added support for NTLM
+ - SSH: Fixed SFTP/SCP transfer problems
+ - multi: Make Curl_expire() work with 0 ms timeouts
+ - mk-ca-bundle.pl: -m keeps ca cert meta data in output
+ - TFTP: Fix upload problem with piped input
+ - CURLOPT_TCP_NODELAY: now enabled by default
+ - mbedtls: Set verbose TLS debug when MBEDTLS_DEBUG is defined
+ - http2: Always wait for readable socket
+ - cmake: Enable win32 large file support by default
+ - cmake: Enable win32 threaded resolver by default
+ - winbuild: Avoid setting redundant CFLAGS to compile commands
+ - curl.h: Make CURL_NO_OLDIES define CURL_STRICTER
+ - docs: Make more markdown files use .md extension
+ - docs: CONTRIBUTE and LICENSE-MIXING were converted to markdown
+ - winbuild: Allow changing C compiler via environment variable CC
+ - rtsp: Accept any RTSP session id
+ - HTTP: Retry failed HEAD requests on reused connections too
+ - configure: Add zlib search with pkg-config
+ - openssl: Accept subjectAltName iPAddress if no dNSName match
+ - MANUAL: Remove invalid link to LDAP documentation
+ - socks: Improved connection procedure
+ - proxy: Reject attempts to use unsupported proxy schemes
+ - proxy: Bring back use of "Proxy-Connection:"
+ - curl: Allow "pkcs11:" prefix for client certificates
+ - spnego_sspi: Fix memory leak in case *outlen is zero
+ - SOCKS: Improve verbose output of SOCKS5 connection sequence
+ - SOCKS: Display the hostname returned by the SOCKS5 proxy server
+ - http/sasl: Query authentication mechanism supported by SSPI before using
+ - sasl: Don't use GSSAPI authentication when domain name not specified
+ - win: Basic support for Universal Windows Platform apps
+ - ftp: Fix wrong poll on the secondary socket
+ - openssl: Build warning-free with 1.1.0 (again)
+ - HTTP: Stop parsing headers when switching to unknown protocols
+ - test219: Add http as a required feature
+ - TLS: random file/egd doesn't have to match for conn reuse
+ - schannel: Disable ALPN for Wine since it is causing problems
+ - http2: Make sure stream errors don't needlessly close the connection
+ - http2: Return CURLE_HTTP2_STREAM for unexpected stream close
+ - darwinssl: --cainfo is intended for backward compatibility only
+ - Speed caps: Not based on average speeds anymore
+ - configure: Make the cpp -P detection not clobber CPPFLAGS
+ - http2: Use named define instead of magic constant in read callback
+ - http2: Skip the content-length parsing, detect unknown size
+ - http2: Return EOF when done uploading without known size
+ - darwinssl: Test for errSecSuccess in PKCS12 import rather than noErr
+ - openssl: Fix CURLINFO_SSL_VERIFYRESULT
+- Disable various ssh tests for F12..F15, which are failing for reasons unknown
+- Build with c-ares rather than POSIX threaded DNS resolver for F12..F15,
+ which resolves some other test failures, and allows dropping of workaround
+ patch for old applications on F12 and F13
+- Update patches as needed
+
+* Fri Aug 26 2016 Paul Howarth <paul@city-fan.org> - 7.50.1-2.0.cf
+- Work around race condition in PK11_FindSlotByName()
+- Fix incorrect use of a previously loaded certificate from file
+ (related to CVE-2016-5420)
+
+* Wed Aug 3 2016 Paul Howarth <paul@city-fan.org> - 7.50.1-1.0.cf
+- Update to 7.50.1
+ - TLS: Switch off SSL session id when client cert is used (CVE-2016-5419)
+ - TLS: Only reuse connections with the same client cert (CVE-2016-5420)
+ - curl_multi_cleanup: Clear connection pointer for easy handles
+ (CVE-2016-5421)
+ - Include the CURLINFO_HTTP_VERSION(3) man page into the release tarball
+ - Include the http2-server.pl script in the release tarball
+ - test558: Fix test by stripping file paths from FD lines
+ - spnego: Corrected misplaced * in Curl_auth_spnego_cleanup() declaration
+ - tests: Fix for http/2 feature
+ - cmake: Fix for schannel support
+ - curl.h: Make public types void * again
+ - win32: Fix a potential memory leak in Curl_load_library
+ - travis: Fix OSX build by re-installing libtool
+ - mbedtls: Fix debug function name
+
+* Wed Jul 27 2016 Paul Howarth <paul@city-fan.org> - 7.50.0-2.0.cf
+- Use upstream fix for HTTP2 test confusion
+
+* Fri Jul 22 2016 Paul Howarth <paul@city-fan.org> - 7.50.0-1.1.cf
+- Fix confusion in test suite about whether or not HTTP2 support is available
+- Use the default ports for the test suite; it's not robust enough to support
+ running under different ports
+
+* Thu Jul 21 2016 Paul Howarth <paul@city-fan.org> - 7.50.0-1.0.cf
+- Update to 7.50.0
+ - http: Add CURLINFO_HTTP_VERSION and %%{http_version}
+ - memdebug: Fix MSVC crash with -DMEMDEBUG_LOG_SYNC
+ - openssl: Fix build with OPENSSL_NO_COMP
+ - mbedtls: Removed unused variables
+ - cmake: Added missing mbedTLS support
+ - URL parser: Allow URLs to use one, two or three slashes
+ - curl: Fix -q [regression]
+ - openssl: Use correct buffer sizes for error messages
+ - curl: Fix SIGSEGV while parsing URL with too many globs
+ - schannel: Add CURLOPT_CERTINFO support
+ - vtls: Fix ssl session cache race condition
+ - http: Fix HTTP/2 connection reuse [regression]
+ - checksrc: Add LoadLibrary to the banned functions list
+ - schannel: Disable ALPN on Windows < 8.1
+ - configure: Occasional ignorance of --enable-symbol-hiding with GCC
+ - http2: test17xx are the first real HTTP/2 tests
+ - resolve: Add support for IPv6 DNS64/NAT64 Networks on OS X + iOS
+ - curl_multi_socket_action.3: Rewording
+ - CURLOPT_POSTFIELDS.3: Clarify what happens when set empty
+ - cmake: Fix build with winldap
+ - openssl: Fix cert check with non-DNS name fields present
+ - curl.1: Mention the units for the progress meter
+ - openssl: Use more 'const' to fix build warnings with 1.1.0 branch
+ - cmake: Now using BUILD_TESTING=ON/OFF
+ - vtls: Only call add/getsession if session id is enabled
+ - headers: Forward declare CURL, CURLM and CURLSH as structs
+ - configure: Improve detection of CA bundle path on FreeBSD
+ - SFTP: Set a generic error when no SFTP one exists
+ - curl_global_init.3: Expand on the SSL and WIN32 bits purpose
+ - conn: Don't free easy handle data in handler->disconnect
+ - cookie.c: Fix misleading indentation
+ - library: Fix memory leaks found during static analysis
+ - CURLMOPT_SOCKETFUNCTION.3: Fix typo
+ - curl_global_init: Moved the "IPv6 works" check here
+ - connect: Disable TFO on Linux when using SSL
+ - vauth: Fixed memory leak due to function returning without free
+ - winbuild: Fix embedded manifest option
+- Fix HTTPS and FTPS tests (work around stunnel bug #1358810)
+- Require nss-pem because it is no longer included in the nss package
+ (#1347336)
+
+* Wed Jun 22 2016 Paul Howarth <paul@city-fan.org> - 7.49.1-3.1.cf
+- Add HTTP/2 protocol support for EL-6 and EL-7 builds too
+
+* Sun Jun 19 2016 Paul Howarth <paul@city-fan.org> - 7.49.1-3.0.cf
+- Use multilib-rpm-config to install arch-dependent header files
+
+* Fri Jun 3 2016 Paul Howarth <paul@city-fan.org> - 7.49.1-2.0.cf
+- Fix SIGSEGV of the curl tool while parsing URL with too many globs (#1340757)
+
+* Mon May 30 2016 Paul Howarth <paul@city-fan.org> - 7.49.1-1.0.cf
+- Update to 7.49.1
+ - Windows: prevent DLL hijacking, CVE-2016-4802
+ - dist: Include manpage-scan.pl, nroff-scan.pl and CHECKSRC.md
+ - schannel: Fix compile break with MSVC XP toolset
+ - curlbuild.h.dist: Check __LP64__ as well to fix MIPS build
+ - dist: Include curl_multi_socket_all.3
+ - http2: Use HTTP/2 in the HTTP/1.1-alike response
+ - openssl: ERR_remove_thread_state() is deprecated in latest 1.1.0
+ - CURLOPT_CONNECT_TO.3: User must not free the list prematurely
+ - libcurl.m4: Avoid obsolete warning
+ - winbuild/Makefile.vc: Fix check on SSL, MBEDTLS, WINSSL exclusivity
+ - curl_multibyte: Fix compiler error
+ - openssl: Cleanup must free compression methods (memory leak)
+ - mbedtls: Fix includes so snprintf() works
+ - checksrc.pl: Added variants of strcat()/strncat() to banned function list
+ - contributors.sh: Better grep pattern and show GitHub username
+ - ssh: Fix build for libssh2 before 1.2.6
+ - curl_share_setopt.3: Add min ver needed for ssl session lock
+
+* Fri May 20 2016 Paul Howarth <paul@city-fan.org> - 7.49.0-1.1.cf
+- Manually install (and package) zsh completion
+- Bundle upstream files needed so we can run tests 1139 and 1140
+
+* Wed May 18 2016 Paul Howarth <paul@city-fan.org> - 7.49.0-1.0.cf
+- Update to 7.49.0
+ - schannel: Add ALPN support
+ - SSH: Support CURLINFO_FILETIME
+ - SSH: New CURLOPT_QUOTE command "statvfs"
+ - wolfssl: Add ALPN support
+ - http2: Added --http2-prior-knowledge
+ - http2: Added CURL_HTTP_VERSION_2_PRIOR_KNOWLEDGE
+ - libcurl: Added CURLOPT_CONNECT_TO
+ - curl: Added --connect-to
+ - libcurl: Added CURLOPT_TCP_FASTOPEN
+ - curl: Added --tcp-fastopen
+ - curl: Remove support for --ftpport, -http-request and --socks
+ (deprecated versions since around 10 years)
+ - CVE-2016-3739: TLS certificate check bypass with mbedTLS/PolarSSL
+ - checksrc.bat: Updated the help to be consistent with generate.bat
+ - checksrc.bat: Added support for scanning the tests and examples
+ - openssl: Fix ERR_remove_thread_state() for boringssl/libressl
+ - openssl: boringssl provides the same numbering as openssl
+ - multi: Fix "Operation timed out after" timer
+ - url: Don't use bad offset in tld_check_name to show error
+ - sshserver.pl: Use quotes for given options
+ - Makefile.am: Skip the scripts dir
+ - curl: Warn for --capath use if not supported by libcurl
+ - http2: Fix connection reuse
+ - GSS: Make Curl_gss_log_error more verbose
+ - build-wolfssl: Allow a broader range of ciphers (Visual Studio)
+ - wolfssl: Use ECC supported curves extension
+ - openssl: Fix compilation warnings
+ - Curl_add_buffer_send: Avoid possible NULL dereference
+ - SOCKS5_gssapi_negotiate: Don't assume little-endian ints
+ - strerror: Don't bit shift a signed integer
+ - url: Corrected get protocol family for FTP and LDAP
+ - curl/mprintf.h: Remove support for _MPRINTF_REPLACE
+ - upload: Missing rewind call could make libcurl hang
+ - IMAP: Check pointer before dereferencing it
+ - build: Changed the Visual Studio projects warning level from 3 to 4
+ - checksrc: Now stricter, wider checks, code cleaned up
+ - checksrc: Added docs/CHECKSRC.md
+ - curl_sasl: Fixed potential null pointer utilisation
+ - krb5: Fixed missing client response when mutual authentication enabled
+ - krb5: Only process challenge when present
+ - krb5: Only generate a SPN when its not known
+ - formdata: Use appropriate fopen() macros
+ - curl.1: -w filename_effective was introduced in 7.26.0
+ - http2: Make use of the nghttp2 error callback
+ - http2: Fix connection reuse when PING comes after last DATA
+ - curl.1: Change example for -F
+ - HTTP2: Add a space character after the status code
+ - curl.1: Use example.com more
+ - mbedtls.c: Changed private prefix to mbed_
+ - mbedtls: Implement and provide *_data_pending() to avoid hang
+ - mbedtls: Fix MBEDTLS_DEBUG builds
+ - ftp/imap/pop3/smtp: Allow the service name to be overridden
+ - CURLOPT_SOCKS5_GSSAPI_SERVICE: Merged with CURLOPT_PROXY_SERVICE_NAME
+ - build: Include scripts/ in the dist
+ - http2: Add handling stream level error
+ - http2: Improve header parsing
+ - makefile.vc6: Use d suffix on debug object
+ - configure: Remove check for libresolve
+ - scripts/make: Use $(EXEEXT) for executables
+ - checksrc: Got rid of the whitelist files
+ - sendf: Added ability to call recv() before send() as workaround
+ - NTLM: Check for NULL pointer before dereferencing
+ - openssl: Builds with OpenSSL 1.1.0-pre5
+ - configure: ac_cv_ -> curl_cv_ for all cached vars
+ - winbuild: Add mbedtls support
+ - curl: Make --ftp-create-dirs retry on failure
+ - PolarSSL: Implement public key pinning
+ - multi: Accidentally used resolved host name instead of proxy
+ - CURLINFO_TLS_SESSION.3: clarify TLS library support before 7.48.0
+ - CONNECT_ONLY: Don't close connection on GSS 401/407 reponses
+ - opts: Fix some syntax errors in example code fragments
+ - mbedtls: Fix session resume
+ - test1139: Verifies libcurl option man page presence
+ - CURLINFO_TLS_SSL_PTR.3: Clarify SSL pointer availability
+ - curl: Make --disable work as long form of -q
+ - curl: Use --telnet-option as documented
+ - curl.1: Document --ftp-ssl-reqd, --krb4 and --ntlm-wb
+ - curl: -h output lacked --proxy-header and --ntlm-wb
+ - curl -J: Make it work even without http:// scheme on URL
+ - lib: Include curl_printf.h as one of the last headers
+ - tests: Handle path properly on Msys/Cygwin
+ - curl.1: --mail-rcpt can be used multiple times
+ - CURLOPT_ACCEPT_ENCODING.3: Clarified
+ - docs: Fixed lots of broken man page references
+ - tls: Make setting pinnedkey option fail if not supported
+ - test1140: Run nroff-scan to verify man pages
+ - http: Make sure a blank header overrides accept_decoding
+ - connections: Do not reuse non-HTTP proxies on different ports
+ - connect: Fix invalid "Network is unreachable" errors
+ - TLS: Move the ALPN/NPN enable bits to the connection
+ - TLS: SSL_peek is not a const operation
+ - http2: Add space between colon and header value
+ - darwinssl: Fix certificate verification disable on OS X 10.8
+ - mprintf: Fix processing of width and prec args
+ - ftp wildcard: segfault due to init only in multi_perform
+- Update zsh completion patch
+- Disable tests 1139 and 1140, which fail due to files missing from tarball
+- Upstream not building/installing zsh completion script any longer
+
+* Wed Mar 23 2016 Paul Howarth <paul@city-fan.org> - 7.48.0-1.0.cf
+- Update to 7.48.0
+ - configure: --with-ca-fallback: Use built-in TLS CA fallback
+ - TFTP: Add --tftp-no-options to expose CURLOPT_TFTP_NO_OPTIONS
+ - getinfo: CURLINFO_TLS_SSL_PTR supersedes CURLINFO_TLS_SESSION
+ - Added CODE_STYLE.md
+ - Proxy-Connection: Stop sending this header by default
+ - os400: Sync ILE/RPG definitions with latest public header files
+ - cookies: Allow spaces in cookie names, cut off trailing spaces
+ - tool_urlglob: Allow reserved dos device names (Windows)
+ - openssl: Remove most BoringSSL #ifdefs
+ - tool_doswin: Support for literal path prefix \\?\
+ - mbedtls: Fix ALPN usage segfault
+ - mbedtls: Fix memory leak when destroying SSL connection data
+ - nss: Do not count enabled cipher-suites
+ - examples/cookie_interface.c: Add cleanup call
+ - examples: Adhere to curl code style
+ - curlx_tvdiff: Handle 32bit time_t overflows
+ - dist: Ship buildconf.bat too
+ - curl.1: --disable-{eprt,epsv} are ignored for IPv6 hosts
+ - generate.bat: Fix comment bug by removing old comments
+ - test1604: Add to Makefile.inc so it gets run
+ - gtls: Fix for builds lacking encrypted key file support
+ - SCP: Use libssh2_scp_recv2 to support > 2GB files on windows
+ - CURLOPT_CONNECTTIMEOUT_MS.3: Fix example to use milliseconds option
+ - cookie: Do not refuse cookies to localhost
+ - openssl: Avoid direct PKEY access with OpenSSL 1.1.0
+ - http: Don't break the header into chunks if HTTP/2
+ - http2: Don't decompress gzip decoding automatically
+ - curlx.c: i2s_ASN1_IA5STRING() clashes with an openssl function
+ - curl.1: Add a missing dash
+ - curl.1: HTTP headers for --cookie must be Set-Cookie style
+ - CURLOPT_COOKIEFILE.3: HTTP headers must be Set-Cookie style
+ - curl_sasl: Fix memory leak in digest parser
+ - src/Makefile.m32: Add CURL_{LD,C}FLAGS_EXTRAS support
+ - CURLOPT_DEBUGFUNCTION.3: Fix example
+ - runtests: Fixed usage of %%PWD on MinGW64
+ - tests/sshserver.pl: Use RSA instead of DSA for host auth
+ - multi_remove_handle: Keep the timeout list until after disconnect
+ - Curl_read: Check for activated HTTP/1 pipelining, not only requested
+ - configure: Warn on invalid ca bundle or path
+ - file: Try reading from files with no size
+ - getinfo: Add support for mbedTLS TLS session info
+ - formpost: Fix memory leaks in AddFormData error branches
+ - makefile.m32: Allow to pass .dll/.exe-specific LDFLAGS
+ - url: If Curl_done is premature then pipeline not in use
+ - cookie: Remove redundant check
+ - cookie: Don't expire session cookies in remove_expired
+ - makefile.m32: Fix to allow -ssh2-winssl combination
+ - checksrc.bat: Fixed cannot find perl if installed but not in path
+ - build-openssl.bat: Fixed cannot find perl if installed but not in path
+ - mbedtls: Fix user-specified SSL protocol version
+ - makefile.m32: Add missing libs for static -winssl-ssh2 builds
+ - test46: Change cookie expiry date
+ - pipeline: Sanity check pipeline pointer before accessing it
+ - openssl: Use the correct OpenSSL/BoringSSL/LibreSSL in messages
+ - ftp_done: Clear tunnel_state when secondary socket closes
+ - opt-docs: Fix heading macros
+ - imap/pop3/smtp: Fixed connections upgraded with TLS are not reused
+ - curl_multi_wait: Never return -1 in 'numfds'
+ - url.c: Fix clang warning: no newline at end of file
+ - krb5: Improved type handling to avoid clang compiler warnings
+ - cookies: First n/v pair in Set-Cookie: is the cookie, then parameters
+ - multi: Avoid blocking during CURLM_STATE_WAITPROXYCONNECT
+ - multi hash: Ensure modulo performed on curl_socket_t
+ - curl: glob_range: No need to check unsigned variable for negative
+ - easy: Add check to malloc() when running event-based
+ - CURLOPT_SSLENGINE.3: Only for OpenSSL built with engine support
+ - version: Thread safety
+ - openssl: verbose: Show matching SAN pattern
+ - openssl: Adapt to OpenSSL 1.1.0 API breakage in ERR_remove_thread_state()
+ - formdata.c: Fixed compilation warning
+ - configure: Use cpp -P when needed
+ - imap.c: Fixed compilation warning with /Wall enabled
+ - config-w32.h: Fixed compilation warning when /Wall enabled
+ - ftp/imap/pop3/smtp: Fixed compilation warning when /Wall enabled
+ - build: Added missing Visual Studio filter files for VC10 onwards
+ - easy: Remove poll failure check in easy_transfer
+ - mbedtls: Fix compiler warning
+ - build-wolfssl: Update VS properties for wolfSSL v3.9.0
+ - Fixed various compilation warnings when verbose strings disabled
+- Update patches as needed
+
+* Thu Mar 3 2016 Paul Howarth <paul@city-fan.org> - 7.47.1-4.0.cf
+- Do not refuse cookies for localhost (#1308791)
+
+* Wed Feb 17 2016 Paul Howarth <paul@city-fan.org> - 7.47.1-3.0.cf
+- Make SCP and SFTP test-cases work with recent OpenSSH versions that don't
+ support DSA keys
+
+* Thu Feb 11 2016 Paul Howarth <paul@city-fan.org> - 7.47.1-2.0.cf
+- Enable support for Public Suffix List where possible (#1305701)
+
+* Mon Feb 8 2016 Paul Howarth <paul@city-fan.org> - 7.47.1-1.0.cf
+- Update to 7.47.1
+ - getredirect.c: Fix variable name
+ - tool_doswin: Silence unused function warning
+ - cmake: Fixed when OpenSSL enabled on Windows and schannel detected
+ - curl.1: Explain remote-name behavior if file already exists
+ - tool_operate: Don't sanitize --output path (Windows)
+ - URLs: Change all http:// URLs to https:// in documentation & comments
+ - sasl_sspi: Fix memory leak in domain populate
+ - COPYING: Clarify that Daniel is not the sole author
+ - examples/htmltitle: Use _stricmp on Windows
+ - examples/asiohiper: Avoid function name collision on Windows
+ - idn_win32: Better error checking
+ - openssl: Fix signed/unsigned mismatch warning in X509V3_ext
+ - curl save files: Check for backslashes on cygwin
+- Update patches as needed
+
+* Thu Feb 4 2016 Paul Howarth <paul@city-fan.org> - 7.47.0-2.0.cf
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Wed Jan 27 2016 Paul Howarth <paul@city-fan.org> - 7.47.0-1.0.cf
+- Update to 7.47.0
+ - version: Add flag CURL_VERSION_PSL for libpsl
+ - http: Added CURL_HTTP_VERSION_2TLS to do HTTP/2 for HTTPS only
+ - curl: Use 2TLS by default
+ - curl --expect100-timeout: added
+ - Add .dir-locals and set c-basic-offset to 2 (for emacs)
+ - curl: Avoid local drive traversal when saving file on Windows
+ (CVE-2016-0754)
+ - NTLM: Do not resuse proxy connections without diff proxy credentials
+ (CVE-2016-0755)
+ - tests: Disable the OAUTHBEARER tests when using a non-default port number
+ - curl: Remove keepalive #ifdef checks done on libcurl's behalf
+ - formdata: Check if length is too large for memory
+ - lwip: Fix compatibility issues with later versions
+ - openssl: BoringSSL doesn't have CONF_modules_free
+ - config-win32: Fix warning HAVE_WINSOCK2_H undefined
+ - build: Fix compilation error with CURL_DISABLE_VERBOSE_STRINGS
+ - http2: Fix hanging paused stream
+ - scripts/Makefile: Fix GNUism and survive no perl
+ - openssl: Adapt to 1.1.0+ name changes
+ - openssl: Adapt to openssl ≥ 1.1.0 X509 opaque structs
+ - HTTP2.md: Spell fix and remove TODO now implemented
+ - setstropt: const-correctness
+ - cyassl: Fix compiler warning on type conversion
+ - gskit: Fix host subject altname verification
+ - http2: Support trailer fields
+ - wolfssl: Handle builds without SSLv3 support
+ - cyassl: Deal with lack of *get_peer_certificate
+ - sockfilt: Do not wait on unreliable file or pipe handle
+ - make: Build zsh script even in an out-of-tree build
+ - test 1326: Fix getting stuck on Windows
+ - test 87: Fix file check on Windows
+ - configure: Allow static builds on mingw
+ - configure: Detect IPv6 support on Windows
+ - ConnectionExists: With *PIPEWAIT, wait for connections
+ - Makefile.inc: s/curl_SOURCES/CURL_FILES
+ - test 16: Fixed for Windows
+ - test 252-255: Use datacheck mode text for ASCII-mode LISTings
+ - tftpd server: Add Windows support by writing files in binary mode
+ - ftplistparser: Fix handling of file LISTings using Windows EOL
+ - tests first.c: Fix calculation of sleep timeout on Windows
+ - tests (several): Use datacheck mode text for ASCII-mode LISTings
+ - CURLOPT_RANGE.3: For HTTP servers, range support is optional
+ - test 1515: Add MSYS support by passing a relative path
+ - curl_global_init.3: Add Windows-specific info for init via DLL
+ - http2: Fix client write for trailers on stream close
+ - mbedtls: Fix ALPN support
+ - connection reuse: IDN host names fixed
+ - http2: Fix PUSH_PROMISE headers being treated as trailers
+ - http2: Handle the received SETTINGS frame
+ - http2: Ensure that http2_handle_stream_close is called
+ - mbedtls: Implement CURLOPT_PINNEDPUBLICKEY
+ - runtests: Add mbedTLS to the SSL backends
+ - IDN host names: Remove the port number before converting to ACE
+ - zsh.pl: Fail if no curl is found
+ - scripts: Fix zsh completion generation
+ - scripts: Don't generate and install zsh completion when cross-compiling
+ - lib: Prefix URLs with lower-case protocol names/schemes
+ - ConnectionExists: Only do pipelining/multiplexing when asked
+ - configure: Assume IPv6 works when cross-compiled
+ - openssl: For 1.1.0+ they now provide a SSLeay() macro of their own
+ - openssl: Improved error detection/reporting
+ - ssh: CURLOPT_SSH_PUBLIC_KEYFILE now treats "" as NULL again
+ - mbedtls: Fix pinned key return value on fail
+ - maketgz: Generate date stamp with LC_TIME=C
+- Re-enable previously-disabled tests
+- Fix FTBFS when building curl dynamically with no libcurl.so.4 in system
+
+* Fri Dec 4 2015 Paul Howarth <paul@city-fan.org> - 7.46.0-2.0.cf
+- Rebuild for #1288529
+
+* Wed Dec 2 2015 Paul Howarth <paul@city-fan.org> - 7.46.0-1.0.cf
+- Update to 7.46.0
+ - configure: build silently by default
+ - cookies: Add support for Public Suffix List with libpsl
+ - vtls: Added support for mbedTLS
+ - Added CURLOPT_STREAM_DEPENDS
+ - Added CURLOPT_STREAM_DEPENDS_E
+ - Added CURLOPT_STREAM_WEIGHT
+ - Added CURLFORM_CONTENTLEN
+ - oauth2: Added support for OAUTHBEARER SASL mechanism to IMAP, POP3 and SNMP
+ - des: Fix header conditional for Curl_des_set_odd_parity
+ - ntlm: Get rid of unconditional use of long long
+ - CURLOPT_CERTINFO.3: Fix reference to CURLINFO_CERTINFO
+ - docs: CURLINFO_LASTSOCKET => CURLINFO_ACTIVESOCKET
+ - http2: Fix http2_recv to return -1 if recv returned -1
+ - curl_global_init_mem: Set function pointers before doing init
+ - ntlm: Error out without 64bit support as the code needs it
+ - openssl: Fix set up of pkcs12 certificate verification chain
+ - acinclude: Remove PKGCONFIG override
+ - test1531: case the size to fix the test on non-largefile builds
+ - fread_func: Move callback pointer from set to state struct
+ - test1601: Fix compilation with --enable-debug and --disable-crypto-auth
+ - http2: Don't pass uninitialized name+len pairs to nghttp2_submit_request
+ - curlbuild.h: Fix non-configure compiling to mips and sh4 targets
+ - tool: Generate easysrc with last cache linked-list
+ - cmake: Fix for add_subdirectory(curl) use-case
+ - vtls: Fix compiler warning for TLS backends without sha256
+ - build: Fix for MSDOS/djgpp
+ - checksrc: Add crude // detection
+ - http2: on_frame_recv: Trust the conn/data input
+ - ftp: Allow CURLOPT_IGNORE_CONTENT_LENGTH to ignore size
+ - polarssl/mbedtls: Fix name space pollution
+ - build: Fix mingw ssl gdi32 order
+ - build: Fix support for PKG_CONFIG
+ - MacOSX-Framework: sdk regex fix for sdk 10.10 and later
+ - socks: Fix incorrect port numbers in failed connect messages
+ - curl.1: -E: s/private certificate/client certificate/
+ - curl.h: s/HTTPPOST_/CURL_HTTPOST_/
+ - curl_formadd: Support >2GB files on windows
+ - http redirects: %%-encode bytes outside of ascii range
+ - rawstr: Speed up Curl_raw_toupper by 40%%
+ - curl_ntlm_core: Fix 2 curl_off_t constant overflows
+ - getinfo: CURLINFO_ACTIVESOCKET: Fix bad socket value
+ - tftp tests: Verify sent options too
+ - imap: Don't call imap_atom() when no mailbox specified in LIST command
+ - imap: Fixed double quote in LIST command when mailbox contains spaces
+ - imap: Don't check for continuation when executing a CUSTOMREQUEST
+ - acinclude: Remove check for 16-bit curl_off_t
+ - BoringSSL: Work with stricter BIO_get_mem_data()
+ - cmake: Add missing feature macros in config header
+ - sasl_sspi: Fixed unicode build for digest authentication
+ - sasl_sspi: Fix identity memory leak in digest authentication
+ - unit1602: Fixed failure in torture test
+ - unit1603: Added unit tests for hash functions
+ - vtls/openssl: Remove unused traces of yassl ifdefs
+ - openssl: Remove #ifdefs for < 0.9.7 support
+ - typecheck-gcc.h: Add some missing options
+ - curl: Mark two more options strings for --libcurl output
+ - openssl: Free modules on cleanup
+ - CURLMOPT_PUSHFUNCTION.3: *_byname() returns only the first header
+ - getconnectinfo: Don't call recv(2) if socket == -1
+ - http2: http_done: Don't free already-freed push headers
+ - zsh completion: Preserve single quotes in output
+ - os400: Provide options for libssh2 use in compile scripts
+ - build: Fix theoretical infinite loops
+ - pop3: Differentiate between success and continuation responses
+ - examples: Fixed compilation warnings
+ - schannel: Use GetVersionEx() when VerifyVersionInfo() isn't available
+ - CURLOPT_HEADERFUNCTION.3: fix typo
+ - curl: Expanded the -XHEAD warning text
+ - done: Make sure the final progress update is made
+ - build: Install zsh completion
+ - RTSP: Do not add if-modified-since without timecondition
+ - curl: Fixed display of URL index in password prompt for --next
+ - nonblock: Fix setting non-blocking mode for Amiga
+ - http2 push: Add missing inits of new stream
+ - http2: Convert some verbose output into debug-only output
+ - Curl_read_plain: clean up ifdefs that break statements
+- Explicitly turn off silent building so we can see the compiler flags used
+- Disable OAUTHBEARER tests since they don't work with custom test ports
+
+* Wed Oct 7 2015 Paul Howarth <paul@city-fan.org> - 7.45.0-1.0.cf
+- Update to 7.45.0
+ - Added CURLOPT_DEFAULT_PROTOCOL
+ - Added new tool option --proto-default
+ - getinfo: Added CURLINFO_ACTIVESOCKET
+ - Turned CURLINFO_* option docs as stand-alone man pages
+ - curl: Point out unnecessary uses of -X in verbose mode
+ - curl_global_init_mem.3: Stronger thread safety warning
+ - buildconf.bat: Fixed issues when ran in directories with special chars
+ - cmake: Fix CurlTests check for gethostbyname_r with 5 arguments
+ - generate.bat: Fixed issues when ran in directories with special chars
+ - generate.bat: Only call buildconf.bat if it exists
+ - generate.bat: Added support for generating only the prerequisite files
+ - curl.1: Document weaknesses in SSLv2 and SSLv3
+ - CURLOPT_HTTP_VERSION.3: Connection re-use goes before version
+ - docs: Update the redirect protocols disabled by default
+ - inet_pton.c: Fix MSVC run-time check failure
+ - CURLMOPT_PUSHFUNCTION.3: Fix argument types
+ - rtsp: Support basic/digest authentication
+ - rtsp: Stop reading empty DESCRIBE responses
+ - travis: Upgrading to container based build
+ - travis.yml: Add OS X testbot
+ - FTP: Make state machine not get stuck in state
+ - openssl: Handle lack of server cert when strict checking disabled
+ - configure: Change functions to detect openssl (clones)
+ - configure: Detect latest boringssl
+ - runtests: Allow for spaces in server-verify curl custom path
+ - http2: on_frame_recv: Get a proper 'conn' for the debug logging
+ - ntlm: Mark deliberate switch case fall-through
+ - http2: Remove dead code
+ - curl_easy_{escape,unescape}.3: "char *" vs. "const char *"
+ - curl: Point out the conflicting HTTP methods if used
+ - cmake: Added Windows SSL support
+ - curl_easy_{escape,setopt}.3: Fix example
+ - curl_easy_escape.3: Escape '\n'
+ - libcurl.m4: Put braces around empty if body
+ - buildconf.bat: Fixed double blank line in 'curl manual' warning output
+ - sasl: Only define Curl_sasl_digest_get_pair() when CRYPTO_AUTH enabled
+ - inet_pton.c: Fix MSVC run-time check failure
+ - CURLOPT_FOLLOWLOCATION.3: Mention methods for redirects
+ - http2: Don't pass on Connection: headers
+ - nss: Do not directly access SSL_ImplementedCiphers
+ - docs: Numerous cleanups and spelling fixes
+ - FTP: do_more: Add check for wait_data_conn in upload case
+ - parse_proxy: Reject illegal port numbers
+ - cmake: IPv6 : Disable Unix header check on Windows platform
+ - winbuild: Run buildconf.bat if necessary
+ - buildconf.bat: Fix syntax error
+ - curl_sspi: Fix possibly undefined CRYPT_E_REVOKED
+ - nss: Prevent NSS from incorrectly re-using a session
+ - libcurl-errors.3: Add two missing error codes
+ - openssl: Fix build with < 0.9.8
+ - openssl: Refactor certificate parsing to use OpenSSL memory BIO
+ - openldap: Only part of LDAP query results received
+ - ssl: Add server cert's "sha256//" hash to verbose
+ - NTLM: Reset auth-done when using a fresh connection
+ - curl: Generate easysrc only on --libcurl
+ - tests: Disable 1801 until fixed
+ - CURLINFO_TLS_SESSION: Always return backend info
+ - gnutls: Support CURLOPT_KEYPASSWD
+ - gnutls: Report actual GnuTLS error message for certificate errors
+ - tests: Disable 1510 due to CI-problems on github
+ - cmake: Put "winsock2.h" before "windows.h" during configure checks
+ - cmake: Ensure discovered include dirs are considered
+ - configure: Add missing ')' for CURL_CHECK_OPTION_RT
+ - build: Fix failures with -Wcast-align and -Werror
+ - FTP: Fix uploading ASCII with unknown size
+ - readwrite_data: Set a max number of loops
+ - http2: Avoid superfluous Curl_expire() calls
+ - http2: Set TCP_NODELAY unconditionally
+ - docs: Fix unescaped '\n' in man pages
+ - openssl: Fix algorithm init to make (gost) engines work
+ - win32: Make recent Borland compilers use long long
+ - runtests: Fix pid check in checkdied
+ - gopher: Don't send NUL byte
+ - tool_setopt: Fix c_escape truncated octal
+ - hiperfifo: Fix the pointer passed to WRITEDATA
+ - getinfo: Fix return code for unknown CURLINFO options
+
+* Fri Sep 18 2015 Paul Howarth <paul@city-fan.org> - 7.44.0-2.0.cf
+- Prevent NSS from incorrectly re-using a session (#1104597)
+
+* Wed Aug 12 2015 Paul Howarth <paul@city-fan.org> - 7.44.0-1.0.cf
+- Update to 7.44.0
+ - http2: Added CURLMOPT_PUSHFUNCTION and CURLMOPT_PUSHDATA
+ - examples: Added http2-serverpush.c
+ - http2: Added curl_pushheader_byname() and curl_pushheader_bynum()
+ - docs: Added CODE_OF_CONDUCT.md
+ - curl: Add --ssl-no-revoke to disable certificate revocation checks
+ - libcurl: New value CURLSSLOPT_NO_REVOKE for CURLOPT_SSL_OPTIONS
+ - makefile: Added support for VC14
+ - build: Added Visual Studio 2015 (VC14) project files
+ - build: Added wolfSSL configurations to VC10+ project files
+ - FTP: Fix HTTP CONNECT logic regression
+ - openssl: Fix build with openssl < ~ 0.9.8f
+ - openssl: Fix build with BoringSSL
+ - curl_easy_setopt.3: Option order doesn't matter
+ - openssl: Fix use of uninitialized buffer
+ - RTSP: Removed dead code
+ - Makefile.m32: Add support for CURL_LDFLAG_EXTRAS
+ - curl: Always provide negotiate/kerberos options
+ - cookie: Fix bug in export if any-domain cookie is present
+ - curl_easy_setopt.3: Mention CURLOPT_PIPEWAIT
+ - INSTALL: Advise use of non-native SSL for Windows <= XP
+ - tool_help: Fix --tlsv1 help text to use >= for TLSv1
+ - HTTP: POSTFIELDSIZE set after added to multi handle
+ - SSL-PROBLEMS: Mention WinSSL problems in WinXP
+ - setup-vms.h: Symbol case fixups
+ - SSL: Pinned public key hash support
+ - libtest: Call PR_Cleanup() on exit if NSPR is used
+ - ntlm_wb: Fix theoretical memory leak
+ - runtests: Allow for spaces in curl custom path
+ - http2: Add stream != NULL checks for reliability
+ - schannel: Replace deprecated GetVersion with VerifyVersionInfo
+ - http2: Verify success of strchr() in http2_send()
+ - configure: Add --disable-rt option
+ - openssl: Work around MSVC warning
+ - HTTP: Ignore "Content-Encoding: compress"
+ - configure: Check if OpenSSL linking wants -ldl
+ - build-openssl.bat: Show syntax if required args are missing
+ - test1902: Attempt to make the test more reliable
+ - libcurl-thread.3: Consolidate thread safety info
+ - maketgz: Fixed some VC makefiles missing from the release tarball
+ - libcurl-multi.3: Mention curl_multi_wait
+ - ABI doc: Use secure URL
+ - http: Move HTTP/2 cleanup code off http_disconnect()
+ - libcurl-thread.3: Warn memory functions must be thread safe
+ - curl_global_init_mem.3: Warn threaded resolver needs thread safe funcs
+ - docs: formpost needs the full size at start of upload
+ - curl_gssapi: Remove 'const' to fix compiler warnings
+ - SSH: Three state machine fixups
+ - libcurl.3: Fix a single typo
+ - generate.bat: Only clean prerequisite files when in ALL mode
+ - curl_slist_append.3: Add error checking to the example
+ - buildconf.bat: Added support for file clean-up via -clean
+ - generate.bat: Use buildconf.bat for prerequisite file clean-up
+ - NTLM: Handle auth for only a single request
+ - curl_multi_remove_handle.3: Fix formatting
+ - checksrc.bat: Fixed error when [directory] isn't a curl source directory
+ - checksrc.bat: Fixed error when missing *.c and *.h files
+ - CURLOPT_RESOLVE.3: Note removal support was added in 7.42
+ - test46: Update cookie expire time
+ - SFTP: Fix range request off-by-one in size check
+ - CMake: Fix GSSAPI builds
+ - build: Refer to fixed libidn versions
+ - http2: Discard frames with no SessionHandle
+ - curl_easy_recv.3: Fix formatting
+ - libcurl-tutorial.3: Fix formatting
+ - curl_formget.3: Correct return code
+
+* Thu Jul 30 2015 Paul Howarth <paul@city-fan.org> - 7.43.0-3.0.cf
+- Prevent dnf from crashing when using both FTP and HTTP (#1248389)
+- Add HTTP/2 protocol support for Fedora 23 too
+
+* Sat Jul 18 2015 Paul Howarth <paul@city-fan.org> - 7.43.0-2.0.cf
+- Build support for the HTTP/2 protocol (Fedora 24 onwards)
+
+* Wed Jun 17 2015 Paul Howarth <paul@city-fan.org> - 7.43.0-1.0.cf
+- Update to 7.43.0
+ - CVE-2015-3236: Lingering HTTP credentials in connection re-use
+ - CVE-2015-3237: SMB send off unrelated memory contents
+ - Added CURLOPT_PROXY_SERVICE_NAME
+ - Added CURLOPT_SERVICE_NAME
+ - New curl option: --proxy-service-name
+ - New curl option: --service-name
+ - New curl option: --data-raw
+ - Added CURLOPT_PIPEWAIT
+ - Added support for multiplexing transfers using HTTP/2, enable this
+ with the new CURLPIPE_MULTIPLEX bit for CURLMOPT_PIPELINING
+ - HTTP/2: Requires nghttp2 1.0.0 or later
+ - scripts: Add zsh.pl for generating zsh completion
+ - curl.h: Add CURL_HTTP_VERSION_2
+ - nss: Fix compilation failure with old versions of NSS
+ - curl_easy_getinfo.3: Document 'internals' in CURLINFO_TLS_SESSION
+ - schannel.c: Fix possible SEC_E_BUFFER_TOO_SMALL error
+ - Curl_ossl_init: Load built-in modules
+ - configure: Follow-up fix for krb5-config
+ - sasl_sspi: Populate domain from the realm in the challenge
+ - netrc: Support 'default' token
+ - README: Convert to UTF-8
+ - cyassl: Implement public key pinning
+ - nss: Implement public key pinning for NSS backend
+ - mingw build: Add arch -m32/-m64 to LDFLAGS
+ - schannel: Fix out of bounds array
+ - configure: Remove autogenerated files by autoconf
+ - configure: Remove --automake from libtoolize call
+ - acinclude.m4: Fix shell test for default CA cert bundle/path
+ - schannel: Fix regression in schannel_recv
+ - openssl: Skip trace outputs for ssl_ver == 0
+ - gnutls: Properly retrieve certificate status
+ - netrc: Read in text mode when cygwin
+ - winbuild: Document the option used to statically link the CRT
+ - FTP: Make EPSV use the control IP address rather than the original host
+ - FTP: fIx dangling conn->ip_addr dereference on verbose EPSV
+ - conncache: Keep bundles on host+port bases, not only host names
+ - runtests.pl: Use 'h2c' now, no -14 anymore
+ - curlver: Introducing new version number (checking) macros
+ - openssl: boringssl build breakage, use SSL_CTX_set_msg_callback
+ - CURLOPT_POSTFIELDS.3: Correct variable names
+ - curl_easy_unescape.3: Update RFC reference
+ - gnutls: Don't fail on non-fatal alerts during handshake
+ - testcurl.pl: Allow source to be in an arbitrary directory
+ - CURLOPT_HTTPPROXYTUNNEL.3: Only works with a HTTP proxy
+ - SSPI-error: Change SEC_E_ILLEGAL_MESSAGE description
+ - parse_proxy: Switch off tunneling if non-HTTP proxy
+ - share_init: Fix OOM crash
+ - perl: Remove subdir, not touched in 9 years
+ - CURLOPT_COOKIELIST.3: Add example
+ - CURLOPT_COOKIE.3: Explain that the cookies won't be modified
+ - CURLOPT_COOKIELIST.3: Explain Set-Cookie without a domain
+ - FAQ: How do I port libcurl to my OS?
+ - openssl: Use TLS_client_method for OpenSSL 1.1.0+
+ - HTTP-NTLM: Fail auth on connection close instead of looping
+ - curl_setup: Add macros for FOPEN_READTEXT, FOPEN_WRITETEXT
+ - curl_getdate.3: Update RFC reference
+ - curl_multi_info_read.3: Added example
+ - curl_multi_perform.3: Added example
+ - curl_multi_timeout.3: Added example
+ - cookie: Stop exporting any-domain cookies
+ - openssl: Remove dummy callback use from SSL_CTX_set_verify()
+ - openssl: Remove SSL_get_session()-using code
+ - openssl: Removed USERDATA_IN_PWD_CALLBACK kludge
+ - openssl: Removed error string #ifdef
+ - openssl: Fix verification of server-sent legacy intermediates
+ - docs: man page indentation and syntax fixes
+ - docs: Spelling fixes
+ - fopen.c: Fix a few compiler warnings
+ - CURLOPT_OPENSOCKETFUNCTION: Return error at once
+ - schannel: Add support for optional client certificates
+ - build: Properly detect OpenSSL 1.0.2 when using configure
+ - urldata: Store POST size in state.infilesize too
+ - security: choose_mech: Remove dead code
+ - rtsp_do: Remove dead code
+ - docs: Many HTTP URIs changed to HTTPS
+ - schannel: schannel_recv overhaul
+- Fix build for old openssl versions without SSL3_MT_NEWSESSION_TICKET
+
+* Sat Jun 6 2015 Paul Howarth <paul@city-fan.org> - 7.42.1-2.0.cf
+- curl-config --libs now works on x86_64 without libcurl-devel.x86_64
+ (#1228363)
+
+* Wed Apr 29 2015 Paul Howarth <paul@city-fan.org> - 7.42.1-1.0.cf
+- Update to 7.42.1
+ - CURLOPT_HEADEROPT: default to separate (CVE-2015-3153)
+ - dist: include {src,lib}/checksrc.whitelist
+ - connectionexists: fix build without NTLM
+ - docs: distribute the CURLOPT_PINNEDPUBLICKEY(3) man page, too
+ - curl -z: do not write empty file on unmet condition
+ - openssl: fix serial number output
+ - curl_easy_getinfo.3: document 'internals' in CURLINFO_TLS_SESSION
+ - sws: init http2 state properly
+ - curl.1: fix typo
+
+* Wed Apr 22 2015 Paul Howarth <paul@city-fan.org> - 7.42.0-1.1.cf
+- Implement public key pinning for NSS backend (#1195771)
+- Do not run flaky test-cases in %%check
+
+* Wed Apr 22 2015 Paul Howarth <paul@city-fan.org> - 7.42.0-1.0.cf
+- Update to 7.42.0
+ - openssl: Show the cipher selection to use in verbose text
+ - gtls: Implement CURLOPT_CERTINFO
+ - Add CURLOPT_SSL_FALSESTART option (darwinssl and NSS)
+ - curl: Add --false-start option
+ - Add CURLOPT_PATH_AS_IS
+ - curl: Add --path-as-is option
+ - curl: Create output file on successful download of an empty file
+ - ConnectionExists: For NTLM re-use, require credentials to match
+ (CVE-2015-3143)
+ - Cookie: Cookie parser out of boundary memory access (CVE-2015-3145)
+ - fix_hostname: Zero length host name caused -1 index offset (CVE-2015-3144)
+ - http_done: Close Negotiate connections when done (CVE-2015-3148)
+ - sws: Timeout idle CONNECT connections
+ - nss: Improve error handling in Curl_nss_random()
+ - nss: Do not skip Curl_nss_seed() if data is NULL
+ - curl-config.in: Eliminate double quotes around CURL_CA_BUNDLE
+ - http2: Move lots of verbose output to be debug-only
+ - dist: Add extern-scan.pl to the tarball
+ - http2: Return recv error on unexpected EOF
+ - build: Use default RandomizedBaseAddress directive in VC9+ project files
+ - build: Removed DataExecutionPrevention directive from VC9+ project files
+ - tool: Updated the warnf() function to use the GlobalConfig structure
+ - http2: Return error if stream was closed with other than NO_ERROR
+ - mprintf.h: Remove #ifdef CURLDEBUG
+ - libtest: Fixed linker errors on msvc
+ - tool: Use ENABLE_CURLX_PRINTF instead of _MPRINTF_REPLACE
+ - curl.1: Fix "The the" typo
+ - cmake: Handle build definitions CURLDEBUG/DEBUGBUILD
+ - openssl: Remove all uses of USE_SSLEAY
+ - multi: Fix memory-leak on timeout (regression)
+ - curl_easy_setopt.3: Added CURLOPT_SSL_VERIFYSTATUS
+ - metalink: Add some error checks
+ - TLS: Make it possible to enable ALPN/NPN without HTTP/2
+ - http2: Use CURL_HTTP_VERSION_* symbols instead of NPN_*
+ - conncontrol: Only log changes to the connection bit
+ - multi: Fix *getsock() with CONNECT
+ - symbols.pl: Handle '-' in the deprecated field
+ - MacOSX-Framework: Use @rpath instead of @executable_path
+ - GnuTLS: Add support for CURLOPT_CAPATH
+ - GnuTLS: Print negotiated TLS version and full cipher suite name
+ - GnuTLS: Don't print double newline after certificate dates
+ - memanalyze.pl: Handle free(NULL)
+ - proxy: Re-use proxy connections (regression)
+ - mk-ca-bundle: Don't report SHA1 numbers with "-q"
+ - http: Always send Host: header as first header
+ - openssl: Sort ciphers to use based on strength
+ - openssl: Use colons properly in the ciphers list
+ - http2: Detect premature close without data transferred
+ - hostip: Fix signal race in Curl_resolv_timeout
+ - closesocket: Call multi socket cb on close even with custom close
+ - mksymbolsmanpage.pl: Use std header and generate better nroff header
+ - connect: Fix happy eyeballs logic for IPv4-only builds
+ - curl_easy_perform.3: Remove superfluous close brace from example
+ - HTTP: Don't use Expect: headers when on HTTP/2
+ - Curl_sh_entry: Remove unused 'timestamp'
+ - docs/libcurl: Makefile portability fix
+ - mkhelp: Remove trailing carriage return from every line of input
+ - nss: Explicitly tell NSS to disable NPN/ALPN when libcurl disables it
+ - curl_easy_setopt.3: Added a few missing options
+ - metalink: Fix resource leak in OOM
+ - axtls: Version 1.5.2 now requires that config.h be manually included
+ - HTTP: Don't switch to HTTP/2 from 1.1 until we get the 101
+ - cyassl: Detect the library as renamed wolfssl
+ - CURLOPT_HTTPHEADER.3: Add a "SECURITY CONCERNS" section
+ - CURLOPT_URL.3: Added "SECURITY CONCERNS"
+ - openssl: Try to avoid accessing OCSP structs when possible
+ - test938: Added missing closing tags
+ - testcurl: Allow '=' in values given on command line
+ - tests/certs: Added make target to rebuild certificates
+ - tests/certs: Rebuild certificates with modified key usage bits
+ - gtls: Avoid uninitialized variable
+ - gtls: Dereferencing NULL pointer
+ - gtls: Add check of return code
+ - test1513: Eliminated race condition in test run
+ - dict: Rename byte to avoid compiler shadowed declaration warning
+ - curl_easy_recv/send: Make them work with the multi interface
+ - vtls: Fix compile with --disable-crypto-auth but with SSL
+ - openssl: Adapt to ASN1/X509 things gone opaque in 1.1
+ - openssl: verifystatus: Only use the OCSP work-around <= 1.0.2a
+ - curl_memory: Make curl_memory.h the second-last header file loaded
+ - testcurl.pl: Add the --notes option to supply more info about a build
+ - cyassl: If wolfSSL then identify as such in version string
+ - cyassl: Check for invalid length parameter in Curl_cyassl_random
+ - cyassl: Default to highest possible TLS version
+ - Curl_ssl_md5sum: Return CURLcode (fixes OOM)
+ - polarssl: Remove dead code
+ - polarssl: Called mbedTLS in 1.3.10 and later
+ - globbing: Fix step parsing for character globbing ranges
+ - globbing: Fix url number calculation when using range with step
+ - multi: On a request completion, check all CONNECT_PEND transfers
+ - build: Link curl to openssl libraries when openssl support is enabled
+ - url: Don't accept CURLOPT_SSLVERSION unless USE_SSL is defined
+ - vtls: Don't accept unknown CURLOPT_SSLVERSION values
+ - build: Fix libcurl.sln erroneous mixed configurations
+ - cyassl: Remove undefined reference to CyaSSL_no_filesystem_verify
+ - cyassl: Add SSL context callback support for CyaSSL
+ - tool: Only set SSL options if SSL is enabled
+ - multi: Remove_handle: move pending connections
+ - configure: Use KRB5CONFIG for krb5-config
+ - axtls: Add timeout within Curl_axtls_connect
+ - CURLOPT_HTTP200ALIASES.3: Mainly SHOUTcast servers use "ICY 200"
+ - cyassl: Fix library initialization return value
+ - cookie: Handle spaces after the name in Set-Cookie
+ - http2: Fix missing nghttp2_session_send call in Curl_http2_switched
+ - cyassl: Fix certificate load check
+ - build-openssl.bat: Fix mixed line endings
+ - checksrc.bat: Check lib\vtls source
+ - DNS: Fix refreshing of obsolete dns cache entries
+ - CURLOPT_RESOLVE: Actually implement removals
+ - checksrc.bat: Quotes to support an SRC_DIR with spaces
+ - cyassl: Remove 'Connecting to' message from cyassl_connect_step2
+ - cyassl: Use CYASSL_MAX_ERROR_SZ for error buffer size
+ - lib/transfer.c: Remove factor of 8 from sleep time calculation
+ - lib/makefile.m32: Add missing libs to build libcurl.dll
+ - build: Generate source prerequisites for Visual Studio in generate.bat
+ - cyassl: Include the CyaSSL build config
+ - firefox-db2pem: Fix wildcard to find Firefox default profile
+ - BUGS: Refer to the github issue tracker now as primary
+ - vtls_openssl: Improve several certificate error messages
+ - cyassl: Add support for TLS extension SNI
+ - parsecfg: Do not continue past a zero termination
+ - configure --with-nss=PATH: Query pkg-config if available
+ - configure --with-nss: Drop redundant if statement
+ - cyassl: Fix include order
+ - HTTP: Fix PUT regression with Negotiate
+ - curl_version_info.3: Fixed the 'protocols' variable type
+- Add patch to disabled unsupported TLS False Start support in NSS builds
+ with NSS < 3.15.4
+
+* Wed Feb 25 2015 Paul Howarth <paul@city-fan.org> - 7.41.0-1.0.cf
+- Update to 7.41.0
+ - NetWare build: added TLS-SRP enabled build
+ - winbuild: Added option to build with c-ares
+ - Added --cert-status
+ - Added CURLOPT_SSL_VERIFYSTATUS
+ - sasl: Implement EXTERNAL authentication mechanism
+ - sasl_gssapi: Fixed build on NetBSD with built-in GSS-API
+ - FTP: Fix IPv6 host using link-local address
+ - FTP: If EPSV fails on IPV6 connections, bail out
+ - gssapi: Remove need for duplicated GSS_C_NT_HOSTBASED_SERVICE definitions
+ - NSS: Fix compiler error when built http2-enabled
+ - mingw build: allow to pass custom CFLAGS
+ - Add -m64 CFLAGS when targeting mingw64, add -m32/-m64 to LDFLAGS
+ - curl_schannel.c: Mark session as removed from cache if not freed
+ - Curl_pretransfer: Reset expected transfer sizes
+ - curl.h: Remove extra space
+ - curl_endian: Fixed build when 64-bit integers are not supported
+ - checksrc.bat: Better detection of Perl installation
+ - build-openssl.bat: Added check for Perl installation
+ - http_negotiate: Return CURLcode in Curl_input_negotiate() instead of int
+ - http_negotiate: Added empty decoded challenge message info text
+ - vtls: Removed unimplemented overrides of curlssl_close_all()
+ - sasl_gssapi: Fixed memory leak with local SPN variable
+ - http_negotiate: Use dynamic buffer for SPN generation
+ - ldap: Renamed the CURL_LDAP_WIN definition to USE_WIN32_LDAP
+ - openssl: Do public key pinning check independently
+ - timeval: Typecast for better type (on Amiga)
+ - ipv6: Enclose AF_INET6 uses with proper #ifdefs for ipv6
+ - SASL: Common URL option and auth capabilities decoders for all protocols
+ - BoringSSL: Fix build
+ - BoringSSL: Detected by configure, switches off NTLM
+ - openvms: Handle openssl/0.8.9zb version parsing
+ - configure: Detect libresssl
+ - configure: Remove detection of the old yassl emulation API
+ - curl_setup: Disable SMB/CIFS support when HTTP only
+ - imap: Remove automatic password setting: it breaks external sasl authentication
+ - sasl: Remove XOAUTH2 from default enabled authentication mechanism
+ - runtests: Identify BoringSSL and libressl
+ - Security: Avoid compiler warning
+ - ldap: Build with BoringSSL
+ - des: Added Curl_des_set_odd_parity()
+ - CURLOPT_SEEKFUNCTION.3: also when server closes a connection
+ - CURLOPT_HTTP_VERSION.3: CURL_HTTP_VERSION_2_0 added in 7.33.0
+ - build: Removed unused Visual Studio bscmake settings
+ - build: Enabled DEBUGBUILD in Visual Studio debug builds
+ - build: Renamed top level Visual Studio solution files
+ - build: Removed Visual Studio SuppressStartupBanner directive for VC8+
+ - libcurl-symbols: First basic shot for autogenerated docs
+ - Makefile.am: fix 'make distcheck'
+ . getpass_r: Read from stdin, not stdout!
+ - getpass: Protect include with proper #ifdef
+ - opts: CURLOPT_CAINFO availability depends on SSL engine
+ - More cleanup of 'CURLcode result' return code
+ - MD4: Replace implementation
+ - MD5: Replace implementation
+ - openssl: SSL_SESSION->ssl_version no longer exist
+ - md5: use axTLS's own MD5 functions when available
+ - schannel: Removed curl_ prefix from source files
+ - curl.1: Add warning when using -H and redirects
+ - curl.1: Clarify that -X is used for all requests
+ - gskit: Fix exclusive SSLv3 option
+ - polarssl: Fix exclusive SSL protocol version options
+ - http2: Fix bug that associated stream canceled on PUSH_PROMISE
+ - ftp: Accept all 2xx responses to the PORT command
+ - configure: Allow both --with-ca-bundle and --with-ca-path
+ - cmake: Install the dll file to the correct directory
+ - nss: Fix NPN/ALPN protocol negotiation
+ - polarssl: Fix ALPN protocol negotiation
+ - cmake: Fix generation of tool_hugehelp.c on windows
+ - cmake: Fix winsock2 detection on windows
+ - gnutls: Fix build with HTTP2
+ - connect: Fix a spurious connect failure on dual-stacked hosts
+ - test: Test 530 is now less timing dependent
+ - telnet: Invalid use of custom read function if not set
+- Include extern-scan.pl to make test1135 succeed (upstream commit 1514b718)
+
+* Mon Feb 23 2015 Paul Howarth <paul@city-fan.org> - 7.40.0-3.0.cf
+- Fix a spurious connect failure on dual-stacked hosts (#1187531)
+
+* Sun Feb 22 2015 Paul Howarth <paul@city-fan.org> - 7.40.0-2.0.cf
+- Rebuilt for Fedora 23 Change
+ https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code
+
+* Thu Jan 8 2015 Paul Howarth <paul@city-fan.org> - 7.40.0-1.0.cf
+- Update to 7.40.0 (addresses CVE-2014-8150 and CVE-2014-8151)
+ - http_digest: added support for Windows SSPI based authentication
+ - version info: added Kerberos V5 to the supported features
+ - Makefile: added VC targets for WinIDN
+ - config-win32: introduce build targets for VS2012+
+ - SSL: add PEM format support for public key pinning
+ - smtp: added support for the conversion of Unix newlines during mail send
+ - smb: added initial support for the SMB/CIFS protocol
+ - added support for HTTP over unix domain sockets, via
+ CURLOPT_UNIX_SOCKET_PATH and --unix-socket
+ - sasl: added support for GSS-API based Kerberos V5 authentication
+ - darwinssl: fix session ID keys to only reuse identical sessions
+ - url-parsing: reject CRLFs within URLs
+ - OS400: adjust specific support to last release
+ - THANKS: remove duplicate names
+ - url.c: fixed compilation warning
+ - ssh: fixed build on platforms where R_OK is not defined
+ - tool_strdup.c: include the tool strdup.h
+ - build: fixed Visual Studio project file generation of strdup.[c|h]
+ - curl_easy_setopt.3: add CURLOPT_PINNEDPUBLICKEY
+ - curl.1: show zone index use in a URL
+ - mk-ca-bundle.vbs: switch to new certdata.txt url
+ - Makefile.dist: added some missing SSPI configurations
+ - build: fixed no NTLM support for email when CURL_DISABLE_HTTP is defined
+ - SSH: use the port number as well for known_known checks
+ - libssh2: detect features based on version, not configure checks
+ - http2: deal with HTTP/2 data inside Upgrade response header buffer
+ - multi: removed Curl_multi_set_easy_connection
+ - symbol-scan.pl: do not require autotools
+ - cmake: add ENABLE_THREADED_RESOLVER, rename ARES
+ - cmake: build libhostname for test suite
+ - cmake: fix HAVE_GETHOSTNAME definition
+ - tests: fix libhostname visibility
+ - tests: fix memleak in server/resolve.c
+ - vtls.h: fixed compiler warning when compiled without SSL
+ - CMake: restore order-dependent header checks
+ - CMake: restore order-dependent library checks
+ - tool: removed krb4 from the supported features
+ - http2: don't send Upgrade headers when we already do HTTP/2
+ - examples: don't call select() to sleep on windows
+ - win32: updated some legacy APIs to use the newer extended versions
+ - easy.c: fixed compilation warning when no verbose string support
+ - connect.c: fixed compilation warning when no verbose string support
+ - build: in Makefile.m32 pass -F flag to windres
+ - build: in Makefile.m32 add -m32 flag for 32bit
+ - multi: when leaving for timeout, close accordingly
+ - CMake: simplify if() conditions on check result variables
+ - build: in Makefile.m32 try to detect 64bit target
+ - multi: inform about closed sockets before they are closed
+ - multi-uv.c: close the file handle after download
+ - examples: wait recommended 100ms when no file descriptors are ready
+ - ntlm: split the SSPI based messaging code from the native messaging code
+ - cmake: fix NTLM detection when CURL_DISABLE_HTTP defined
+ - cmake: add Kerberos to the supported feature
+ - CURLOPT_POSTFIELDS.3: mention the COPYPOSTFIELDS option
+ - http: disable pipelining for HTTP/2 and upgraded connections
+ - ntlm: fixed static'ness of local decode function
+ - sasl: reduced the need for two sets of NTLM messaging functions
+ - multi.c: fixed compilation warnings when no verbose string support
+ - select.c: fix compilation for VxWorks
+ - multi-single.c: switch to use curl_multi_wait
+ - curl_multi_wait.3: clarify numfds being used if not NULL
+ - http.c: fixed compilation warnings from features being disabled
+ - NSS: enable the CAPATH option
+ - docs: fix FAILONERROR typos
+ - HTTP: don't abort connections with pending Negotiate authentication
+ - HTTP: free (proxy)userpwd for NTLM/Negotiate after sending a request
+ - http_perhapsrewind: don't abort CONNECT requests
+ - build: updated dependencies in makefiles
+ - multi.c: fixed compilation warning
+ - ftp.c: fixed compilation warnings when proxy support disabled
+ - get_url_file_name: fixed crash on OOM on debug build
+ - cookie.c: refactored cleanup code to simplify
+ - OS400: enable NTLM authentication
+ - ntlm: use Windows Crypt API
+ - http2: avoid logging neg "failure" if h2 was not requested
+ - schannel_recv: return the correct code
+ - VC build: added sspi define for winssl-zlib builds
+ - Curl_client_write(): chop long data, convert data only once
+ - openldap: do not ignore Curl_client_write() return code
+ - ldap: check Curl_client_write() return codes
+ - parsedate.c: fixed compilation warning
+ - url.c: fixed compilation warning when USE_NTLM is not defined
+ - ntlm_wb_response: fix "statement not reached"
+ - telnet: fix "cast increases required alignment of target type"
+ - smtp: fixed dot stuffing when EOL characters at end of input buffers
+ - ntlm: allow NTLM2Session messages when USE_NTRESPONSES manually defined
+ - ntlm: disable NTLM v2 when 64-bit integers are not supported
+ - ntlm: use short integer when decoding 16-bit values
+ - ftp.c: fixed compilation warning when no verbose string support
+ - synctime.c: fixed timeserver URLs
+ - mk-ca-bundle.pl: restored forced run again
+ - ntlm: fixed return code for bad type-2 Target Info
+ - curl_schannel.c: data may be available before connection shutdown
+ - curl_schannel: improvements to memory re-allocation strategy
+ - darwinssl: aprintf() to allocate the session key
+ - tool_util.c: use GetTickCount64 if it is available
+ - lib: fixed multiple code analysis warnings if SAL are available
+ - tool_binmode.c: explicitly ignore the return code of setmode
+ - tool_urlglob.c: silence warning C6293: Ill-defined for-loop
+ - opts: warn CURLOPT_TIMEOUT overrides when set after CURLOPT_TIMEOUT_MS
+ - SFTP: work-around servers that return zero size on STAT
+ - connect: singleipconnect(): properly try other address families after failure
+ - IPV6: address scope != scope id
+ - parseurlandfillconn(): fix improper non-numeric scope_id stripping
+ - secureserver.pl: make OpenSSL CApath and cert absolute path values
+ - secureserver.pl: update Windows detection and fix path conversion
+ - secureserver.pl: clean up formatting of config and fix verbose output
+ - tests: added Windows support using Cygwin-based OpenSSH
+ - sockfilt.c: use non-Ex functions that are available before WinXP
+ - VMS: updates for 0740-0D1220
+ - openssl: warn for SRP set if SSLv3 is used, not for TLS version
+ - openssl: make it compile against openssl 1.1.0-DEV master branch
+ - openssl: fix SSL/TLS versions in verbose output
+ - curl: show size of inhibited data when using -v
+ - build: removed WIN32 definition from the Visual Studio projects
+ - build: removed WIN64 definition from the libcurl Visual Studio projects
+ - vtls: use bool for Curl_ssl_getsessionid() return type
+ - sockfilt.c: replace 100ms sleep with thread throttle
+ - sockfilt.c: reduce the number of individual memory allocations
+ - vtls: don't set cert info count until memory allocation is successful
+ - nss: don't ignore Curl_ssl_init_certinfo() OOM failure
+ - nss: don't ignore Curl_extract_certinfo() OOM failure
+ - vtls: fixed compilation warning and an ignored return code
+ - sockfilt.c: fixed compilation warnings
+ - darwinssl: fixed compilation warning
+ - vtls: use '(void) arg' for unused parameters
+ - sepheaders.c: fixed resource leak on failure
+ - lib1900.c: fixed cppcheck error
+ - ldap: fixed Unicode connection details in Win32 initialsation / bind calls
+ - ldap: fixed Unicode DN, attributes and filter in Win32 search calls
+- re-enable test 2034 (https with certificate pinning) as it seems to be
+ working again on EL
+- update patches as needed
+- replace metalink patch with an openssl-specific version, since nss is fixed
+ upstream
+- BR: python for http-pipe testing
+
+* Wed Nov 5 2014 Paul Howarth <paul@city-fan.org> - 7.39.0-1.0.cf
+- update to 7.39.0 (addresses CVE-2014-3707)
+ - SSLv3 is disabled by default
+ - CURLOPT_COOKIELIST: added "RELOAD" command
+ - build: added WinIDN build configuration options to Visual Studio projects
+ - ssh: improve key file search
+ - SSL: public key pinning - use CURLOPT_PINNEDPUBLICKEY and --pinnedpubkey
+ - vtls: remove QsoSSL support, use gskit!
+ - mk-ca-bundle: added SHA-384 signature algorithm
+ - docs: added many examples for libcurl opts and other doc improvements
+ - build: added VC ssh2 target to main Makefile
+ - MinGW: added support to build with nghttp2
+ - NetWare: added support to build with nghttp2
+ - build: added Watcom support to build with WinSSL
+ - build: added optional specific version generation of VC project files
+ - curl_easy_duphandle: CURLOPT_COPYPOSTFIELDS read out of bounds
+ - openssl: build fix for versions < 0.9.8e
+ - newlines: fix mixed newlines to LF-only
+ - ntlm: fixed HTTP proxy authentication when using Windows SSPI
+ - sasl_sspi: fixed Unicode build
+ - file: reject paths using embedded %%00
+ - threaded-resolver: revert Curl_expire_latest() switch
+ - configure: allow --with-ca-path with PolarSSL too
+ - HTTP/2: fix busy loop when EOF is encountered
+ - CURLOPT_CAPATH: return failure if set without backend support
+ - nss: do not fail if a CRL is already cached
+ - smtp: fixed intermittent "SSL3_WRITE_PENDING: bad write retry" error
+ - fixed 20+ nits/memory leaks identified by Coverity scans
+ - curl_schannel.c: fixed possible memory or handle leak
+ - multi-uv.c: call curl_multi_info_read() better
+ - Cmake: check for OpenSSL before OpenLDAP
+ - Cmake: fix library list provided to cURL tests
+ - Cmake: avoid cycle directory dependencies
+ - Cmake: build with GSS-API libraries (MIT or Heimdal)
+ - vtls: provide backend defines for internal source code
+ - nss: fix a connection failure when FTPS handle is reused
+ - tests/http_pipe.py: Python 3 support
+ - cmake: build tool_hugehelp (ENABLE_MANUAL)
+ - cmake: enable IPv6 by default if available
+ - tests: move TESTCASES to Makefile.inc, add show for cmake
+ - ntlm: avoid unnecessary buffer allocation for SSPI based type-2 token
+ - ntlm: fixed empty/bad base-64 decoded buffer return codes
+ - ntlm: fixed empty type-2 decoded message info text
+ - cmake: add CMake/Macros.cmake to the release tarball
+ - cmake: add SUPPORT_FEATURES and SUPPORT_PROTOCOLS
+ - cmake: use LIBCURL_VERSION from curlver.h
+ - cmake: generate pkg-config and curl-config
+ - fixed several superfluous variable assignements identified by cppcheck
+ - cleanup of 'CURLcode result' return code
+ - pipelining: only output "is not blacklisted" in debug builds
+ - SSL: remove SSLv3 from SSL default due to POODLE attack
+ - gskit.c: remove SSLv3 from SSL default
+ - darwinssl: detect possible future removal of SSLv3 from the framework
+ - ntlm: only define ntlm data structure when USE_NTLM is defined
+ - ntlm: return CURLcode from Curl_ntlm_core_mk_lm_hash()
+ - ntlm: return all errors from Curl_ntlm_core_mk_nt_hash()
+ - sspi: only call CompleteAuthToken() when complete is needed
+ - http_negotiate: fixed missing check for USE_SPNEGO
+ - HTTP: return larger than 3 digit response codes too
+ - openssl: check for NPN / ALPN via OpenSSL version number
+ - openssl: enable NPN separately from ALPN
+ - sasl_sspi: allow DIGEST-MD5 to use current windows credentials
+ - sspi: return CURLE_LOGIN_DENIED on AcquireCredentialsHandle() failure
+ - resume: consider a resume from [content-length] to be OK
+ - sasl: fixed Kerberos V5 inclusion when CURL_DISABLE_CRYPTO_AUTH is used
+ - build-openssl.bat: fix x64 release build
+ - cmake: drop _BSD_SOURCE macro usage
+ - cmake: fix gethostby{addr,name}_r in CurlTests
+ - cmake: clean OtherTests, fixing -Werror
+ - cmake: fix struct sockaddr_storage check
+ - Curl_single_getsock: fix hold/pause sock handling
+ - SSL: PolarSSL default min SSL version TLS 1.0
+ - cmake: fix ZLIB_INCLUDE_DIRS use
+ - buildconf: stop checking for libtool
+- disable test 2034 (https with certificate pinning) on EL-5/6 until such time
+ as we can figure out why it breaks
+ (http://curl.haxx.se/mail/lib-2014-11/0040.html)
+
+* Tue Oct 21 2014 Paul Howarth <paul@city-fan.org> - 7.38.0-2.0.cf
+- fix a connection failure when FTPS handle is reused
+
+* Wed Sep 10 2014 Paul Howarth <paul@city-fan.org> - 7.38.0-1.0.cf
+- update to 7.38.0
+ - CVE-2014-3613: cookie leak with IP address as domain
+ - CVE-2014-3620: cookie leak for TLDs
+ - CURLE_HTTP2 is a new error code
+ - CURLAUTH_NEGOTIATE is a new auth define
+ - CURL_VERSION_GSSAPI is a new capability bit
+ - no longer use fbopenssl for anything
+ - schannel: use CryptGenRandom for random numbers
+ - axtls: define curlssl_random using axTLS's PRNG
+ - cyassl: use RNG_GenerateBlock to generate a good random number
+ - findprotocol: show unsupported protocol within quotes
+ - version: detect and show LibreSSL
+ - version: detect and show BoringSSL
+ - imap/pop3/smtp: Kerberos (SASL GSSAPI) authentication via Windows SSPI
+ - http2: requires nghttp2 0.6.0 or later
+ - fix a build failure on Debian when NSS support is enabled
+ - HTTP/2: fixed compiler warnings when built disabled
+ - cyassl: return the correct error code on no CA cert
+ - http: deprecate GSS-Negotiate macros due to bad naming
+ - http: fixed Negotiate: authentication
+ - multi: improve proxy CONNECT performance (regression)
+ - ntlm_wb: avoid invoking ntlm_auth helper with empty username
+ - ntlm_wb: fix hard-coded limit on NTLM auth packet size
+ - url.c: use the preferred symbol name: *READDATA
+ - smtp: fixed a segfault during test 1320 torture test
+ - cyassl: made it compile with version 2.0.6 again
+ - nss: do not check the version of NSS at run time
+ - c-ares: fix build without IPv6 support
+ - HTTP/2: use base64url encoding
+ - SSPI Negotiate: fix 3 memory leaks
+ - libtest: fixed duplicated line in Makefile
+ - conncache: fix compiler warning
+ - openssl: make ossl_send return CURLE_OK better
+ - HTTP/2: support expect: 100-continue
+ - HTTP/2: fix infinite loop in readwrite_data()
+ - parsedate: fix the return code for an overflow edge condition
+ - darwinssl: don't use strtok()
+ - http_negotiate_sspi: fixed specific username and password not working
+ - openssl: replace call to OPENSSL_config
+ - http2: show the received header for better debugging
+ - HTTP/2: move :authority before non-pseudo header fields
+ - HTTP/2: reset promised stream, not its associated stream
+ - HTTP/2: added some more logging for debugging stream problems
+ - ntlm: added support for SSPI package info query
+ - ntlm: fixed hard coded buffer for SSPI based auth packet generation
+ - sasl_sspi: fixed memory leak with not releasing Package Info struct
+ - sasl_sspi: fixed SPN not being converted to wchar under Unicode builds
+ - sasl: use a dynamic buffer for DIGEST-MD5 SPN generation
+ - http_negotiate_sspi: use a dynamic buffer for SPN generation
+ - sasl_sspi: fixed missing free of challenge buffer on SPN failure
+ - sasl_sspi: fixed hard coded buffer for response generation
+ - Curl_poll + Curl_wait_ms: fix timeout return value
+ - docs/SSLCERTS: update the section about NSS database
+ - create_conn: prune dead connections
+ - openssl: fix version report for the 0.9.8 branch
+ - mk-ca-bundle.pl: switched to using hg.mozilla.org
+ - http: fix the Content-Range: parser
+ - Curl_disconnect: don't free the URL
+ - win32: fixed WinSock 2 #if
+ - NTLM: ignore CURLOPT_FORBID_REUSE during NTLM HTTP auth
+ - curl.1: clarify --limit-rate's effect on both directions
+ - disconnect: don't touch easy-related state on disconnects
+ - Cmake: big cleanup and numerous fixes
+ - HTTP/2: supports draft-14 - moved :headers before the non-psuedo headers
+ - configure.ac: add support for recent GSS-API implementations for HP-UX
+ - CONNECT: close proxy connections that fail
+ - CURLOPT_NOBODY.3: clarify this option is for downloads
+ - darwinssl: fix CA certificate checking using PEM format
+ - resolve: cache lookup for async resolvers
+ - low-speed-limit: avoid timeout flood
+ - polarssl: implement CURLOPT_SSLVERSION
+ - multi: convert CURLM_STATE_CONNECT_PEND handling to a list
+ - curl_multi_cleanup: remove superfluous NULL assigns
+ - polarssl: support CURLOPT_CAPATH / --capath
+ - progress: size_dl/size_ul are always >= 0, and clear "KNOWN" properly
+- add workaround for build with openssl < 0.9.8e
+
+* Sun Aug 17 2014 Paul Howarth <paul@city-fan.org> - 7.37.1-3.0.cf
+- rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Wed Aug 13 2014 Paul Howarth <paul@city-fan.org> - 7.37.1-2.0.cf
+- tighten dependencies
+
+* Thu Jul 17 2014 Paul Howarth <paul@city-fan.org> - 7.37.1-1.1.cf
+- use POSIX threads and NSS for EL-7 build
+
+* Wed Jul 16 2014 Paul Howarth <paul@city-fan.org> - 7.37.1-1.0.cf
+- update to 7.37.1
+ - bits.close: introduce connection close tracking
+ - darwinssl: add support for --cacert
+ - polarssl: add ALPN support
+ - docs: added new option man pages
+ - build: fixed incorrect reference to curl_setup.h in Visual Studio files
+ - build: use $(TargetDir) and $(TargetName) macros for .pdb and .lib output
+ - curl.1: clarify that -u can't specify a user with colon
+ - openssl: fix uninitialized variable use in NPN callback
+ - curl_easy_reset: reset the URL
+ - curl_version_info.3: returns a pointer to a static struct
+ - url-parser: only use if_nametoindex if detected by configure
+ - select: with winsock, avoid passing unsupported arguments to select()
+ - gnutls: don't use deprecated type names any more
+ - gnutls: allow building with nghttp2 but without ALPN support
+ - tests: fix portability issue with the tftpd server
+ - curl_sasl_sspi: fixed corrupt hostname in DIGEST-MD5 SPN
+ - curl_sasl: extended native DIGEST-MD5 cnonce to be a 32-byte hex string
+ - random: use Curl_rand() for proper random data
+ - Curl_ossl_init: call OPENSSL_config for initing engines
+ - config-win32.h: updated for VC12
+ - winbuild: don't USE_WINSSL when WITH_SSL is being used
+ - getinfo: HTTP CONNECT code not reset between transfers
+ - Curl_rand: use a fake entropy for debug builds when CURL_ENTROPY set
+ - http2: avoid segfault when using the plain-text http2
+ - conncache: move the connection counter to the cache struct
+ - http2: better return code error checking
+ - curlbuild: fix GCC build on SPARC systems without configure script
+ - tool_metalink: support polarssl as digest provider
+ - curl.h: reverse the enum/define setup for old symbols
+ - curl.h: moved two really old deprecated symbols
+ - curl.h: renamed CURLOPT_DEPRECATEDx to CURLOPT_OBSOLETEx
+ - buildconf: do not search tools in current directory
+ - OS400: make it compilable again; make RPG binding up to date
+ - nss: do not abort on connection failure (failing tests 305 and 404)
+ - nss: make the fallback to SSLv3 work again
+ - tool: prevent valgrind from reporting possibly lost memory (nss only)
+ - progress callback: skip last callback update on errors
+ - nss: fix a memory leak when CURLOPT_CRLFILE is used
+ - compiler warnings: potentially uninitialized variables
+ - url.c: fixed memory leak on OOM
+ - gnutls: ignore invalid certificate dates with VERIFYPEER disabled
+ - gnutls: fix SRP support with versions of GnuTLS from 2.99.0
+ - gnutls: fixed a couple of uninitialized variable references
+ - gnutls: fixed compilation against versions < 2.12.0
+ - build: fixed overridden compiler PDB settings in VC7 to VC12
+ - ntlm_wb: fixed buffer size not being large enough for NTLMv2 sessions
+ - netrc: don't abort if home dir cannot be found
+ - netrc: fixed thread safety problem by using getpwuid_r if available
+ - cookie: avoid mutex deadlock
+ - configure: respect host tool prefix for krb5-config
+ - gnutls: handle IP address in cert name check
+- fix endless loop with GSSAPI proxy auth (#1118751)
+
+* Mon Jul 14 2014 Paul Howarth <paul@city-fan.org> - 7.37.0-4.0.cf
+- use %%license in %%files list where possible
+
+* Fri Jul 4 2014 Paul Howarth <paul@city-fan.org> - 7.37.0-3.0.cf
+- various SSL-related fixes (mainly crash on connection failure)
+
+* Sat Jun 7 2014 Paul Howarth <paul@city-fan.org> - 7.37.0-2.0.cf
+- rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Wed May 21 2014 Paul Howarth <paul@city-fan.org> - 7.37.0-1.0.cf
+- update to 7.37.0
+ this release includes the following changes:
+ - URL parser: IPv6 zone identifiers are now supported
+ - CURLOPT_PROXYHEADER: set headers for proxy-only
+ - CURLOPT_HEADEROPT: added
+ - curl: add --proxy-header
+ - sasl: added support for DIGEST-MD5 via Windows SSPI
+ - sasl: added DIGEST-MD5 qop-option validation in native challange handling
+ - imap: expanded mailbox SEARCH support to use URL query strings
+ - imap: extended FETCH support to include PARTIAL URL specifier
+ - nss: implement non-blocking SSL handshake
+ - build: reworked Visual Studio project files
+ - poll: enable poll on darwin13
+ - mk-ca-bundle: added -p
+ - libtests: add a wait_ms() function
+ this release includes the following bugfixes:
+ - mkhelp: generate code for --disable-manual as well
+ - hostcheck: added a system include to define struct in_addr
+ - winbuild: added warnless.c to fix build
+ - Makefile.vc6: added warnless.c to fix build
+ - smtp: fixed login denied when server doesn't support AUTH capability
+ - smtp: fixed login denied with a RFC-821 based server
+ - curl: stop interpreting IPv6 literals as glob patterns
+ - http2: remove _DRAFT09 from the NPN_HTTP2 enum
+ - http2: let openssl mention the exact protocol negotiated
+ - http2+openssl: fix compiler warnings in ALPN using code
+ - ftp: in passive data connect wait for happy eyeballs sockets
+ - HTTP: don't send Content-Length: 0 _and_ Expect: 100-continue
+ - http2: compile with current nghttp2, which supports h2-11
+ - http_negotiate_sspi: fixed compilation when USE_HTTP_NEGOTIATE not defined
+ - strerror: fix comment about vxworks' strerror_r buffer size
+ - url: only use if_nametoindex() if IFNAMSIZ is available
+ - imap: fixed untagged response detection when no data after command
+ - various: fix possible dereference of null pointer
+ - various: fix use of uninitialized variable
+ - various: fix use of non-null terminated strings
+ - telnet.c: check sscanf results before passing them to snprintf
+ - parsedate.c: check sscanf result before passing it to strlen
+ - sockfilt.c: free memory in case of memory allocation errors
+ - sockfilt.c: ignore non-key-events and continue waiting for input
+ - sockfilt.c: properly handle disk files, pipes and character input
+ - sockfilt.c: fixed getting stuck waiting for MinGW stdin pipe
+ - sockfilt.c: clean up threaded approach and add documentation
+ - configure: use the nghttp2 path correctly with pkg-config
+ - curl_global_init_mem: bump initialized even if already initialized
+ - gtls: fix NULL pointer dereference
+ - cyassl: use error-ssl.h when available
+ - handler: make 'protocol' always specified as a single bit
+ - INFILESIZE: fields in UserDefined must not be changed run-time
+ - openssl: biomem->data is not zero terminated
+ - config-win32.h: fixed HAVE_LONGLONG for Visual Studio .NET 2003 and up
+ - curl_ntlm_core: fixed use of long long for VC6 and VC7
+ - SNI: strip off a single trailing dot from host name
+ - curl: bail on cookie use when built with disabled cookies
+ - curl_easy_setopt.3: added the proto for CURLOPT_SSH_KNOWNHOSTS
+ - curl_multi_cleanup: ignore SIGPIPE better
+ - schannel: don't use the connect-timeout during send
+ - mprintf: allow %%.s with data not being zero terminated
+ - tool_help: fixed missing --login-options option
+ - configure: don't set LD_LIBRARY_PATH when cross-compiling
+ - http: auth failure on duplicated 'WWW-Authenticate: Negotiate' header
+ - cacertinmem: fix memory leak
+ - lib1506: make sure the transfers are not within the same ms
+ - Makefile.b32: fixed for vtls changes
+ - sasl: fixed missing qop in the client's challenge-response message
+ - openssl: unbreak PKCS12 support
+ - darwinssl: fix potential crash with a P12 file
+ - timers: fix timer regression involving redirects / reconnects
+ - CURLINFO_SSL_VERIFYRESULT: made more reliable
+ - HTTP: fixed connection re-use
+ - configure: add SPNEGO to supported features
+ - configure: add GSS-API to supported features
+ - ALPN: fix typo in http/1.1 identifier
+ - http2: make connection re-use work
+
+* Sat May 10 2014 Paul Howarth <paul@city-fan.org> - 7.36.0-4.0.cf
+- fix auth failure on duplicated 'WWW-Authenticate: Negotiate' header
+ (#1093348)
+
+* Fri Apr 25 2014 Paul Howarth <paul@city-fan.org> - 7.36.0-3.0.cf
+- nss: implement non-blocking SSL handshake
+
+* Thu Mar 27 2014 Paul Howarth <paul@city-fan.org> - 7.36.0-2.0.cf
+- extend URL parser to support IPv6 zone identifiers (#680996)
+
+* Thu Mar 27 2014 Paul Howarth <paul@city-fan.org> - 7.36.0-1.1.cf
+- adapt tests 815 and 816 such that they work with the fix for CVE-2014-0138
+
+* Wed Mar 26 2014 Paul Howarth <paul@city-fan.org> 7.36.0-1.0.cf
+- update to 7.36.0
+ this release includes the following security advisories:
+ - wrong re-use of connections (CVE-2014-0138)
+ - IP address wildcard certificate validation (CVE-2014-0139)
+ - not verifying certs for TLS to IP address / Darwinssl (CVE-2014-1263)
+ - not verifying certs for TLS to IP address / Winssl (CVE-2014-2522)
+ this release includes the following changes:
+ - ntlm: added support for NTLMv2
+ - tool: added support for URL specific options
+ - openssl: add ALPN support
+ - gtls: add ALPN support
+ - nss: add ALPN and NPN support
+ - added CURLOPT_EXPECT_100_TIMEOUT_MS
+ - tool: add --no-alpn and --no-npn
+ - added CURLOPT_SSL_ENABLE_NPN and CURLOPT_SSL_ENABLE_ALPN
+ - winssl: enable TLSv1.1 and TLSv1.2 by default
+ - winssl: TLSv1.2 disables certificate signatures using MD5 hash
+ - winssl: enable hostname verification of IP address using SAN or CN
+ - darwinssl: don't omit CN verification when an IP address is used
+ - http2: build with current nghttp2 version
+ - polarssl: dropped support for PolarSSL < 1.3.0
+ - openssl: info message with SSL version used
+ this release includes the following bugfixes:
+ - nss: allow to use ECC ciphers if NSS implements them
+ - netrc: fixed a memory leak in an OOM condition
+ - ftp: fixed a memory leak on wildcard error path
+ - pipeline: fixed a NULL pointer dereference on OOM
+ - nss: prefer highest available TLS version
+ - 100-continue: fix timeout condition
+ - ssh: fixed a NULL pointer dereference on OOM condition
+ - formpost: use semicolon in multipart/mixed
+ - --help: add missing --tlsv1.x options
+ - formdata: fixed memory leak on OOM condition
+ - ConnectionExists: reusing possible HTTP+NTLM connections better
+ - mingw32: fix compilation
+ - chunked decoder: track overflows correctly
+ - curl_easy_setopt.3: add CURL_HTTP_VERSION_2_0
+ - dict: fix memory leak in OOM exit path
+ - valgrind: added suppression on optimized code
+ - curl: output protocol headers using binary mode
+ - tool: added URL index to password prompt for multiple operations
+ - ConnectionExists: re-use non-NTLM connections better
+ - axtls: call ssl_read repeatedly
+ - multi: make MAXCONNECTS default 4 x number of easy handles function
+ - configure: fix the --disable-crypto-auth option
+ - multi: ignore SIGPIPE internally
+ - curl.1: update the description of --tlsv1
+ - SFTP: skip reading the dir when NOBODY=1
+ - easy: fixed a memory leak on OOM condition
+ - tool: fixed incorrect return code when setting HTTP request fails
+ - configure: tiny fix to honor POSIX
+ - tool: do not output libcurl source for the information only parameters
+ - Rework Open Watcom make files to use standard Wmake features
+ - x509asn: moved out Curl_verifyhost from NSS builds
+ - configure: call it GSS-API
+ - hostcheck: Curl_cert_hostcheck is not used by NSS builds
+ - multi_runsingle: move timestamp into INIT
+ - remote_port: allow connect to port 0
+ - parse_remote_port: error out on illegal port numbers better
+ - ssh: pass errors from libssh2_sftp_read up the stack
+ - docs: remove documentation on setting up krb4 support
+ - polarssl: build fixes to work with PolarSSL 1.3.x
+ - polarssl: fix possible handshake timeout issue in multi
+ - nss: allow to enable/disable cipher-suites better
+ - ssh: prevent a logic error that could result in an infinite loop
+ - http2: free resources on disconnect
+ - polarssl: avoid extra newlines in debug messages
+ - rtsp: parse "Session:" header properly
+ - trynextip: don't store 'ai' on failed connects
+ - Curl_cert_hostcheck: strip trailing dots in host name and wildcard
+- update patches as needed
+- drop support for old distributions prior to FC-5
+ - drop %%defattr, redundant since rpm 4.4
+ - unconditionally build with metalink support
+ - certs always live under /etc/pki
+- skip IMAP tests 815 and 816 for now, which are failing in this release
+
+* Mon Mar 17 2014 Paul Howarth <paul@city-fan.org> - 7.35.0-5.0.cf
+- add perl build requirements for the test suite
+
+* Wed Mar 5 2014 Paul Howarth <paul@city-fan.org> - 7.35.0-3.0.cf
+- avoid spurious failure of test1086 on s390(x) koji builders (#1072273)
+
+* Tue Feb 25 2014 Paul Howarth <paul@city-fan.org> - 7.35.0-2.0.cf
+- refresh expired cookie in test172 from upstream test-suite (#1068967)
+
+* Wed Jan 29 2014 Paul Howarth <paul@city-fan.org> - 7.35.0-1.0.cf
+- update to 7.35.0:
+ - imap/pop3/smtp: added support for SASL authentication downgrades
+ - imap/pop3/smtp: extended the login options to support multiple auth mechs
+ - TheArtOfHttpScripting: major update, converted layout and more
+ - mprintf: added support for I, I32 and I64 size specifiers
+ - makefile: added support for VC7, VC11 and VC12
+ - SECURITY ADVISORY: re-use of wrong HTTP NTLM connection (CVE-2014-0015)
+ - curl_easy_setopt: fixed OAuth 2.0 Bearer option name
+ - pop3: fixed APOP being determined by CAPA response rather than by timestamp
+ - Curl_pp_readresp: zero terminate line
+ - FILE: don't wait due to CURLOPT_MAX_RECV_SPEED_LARGE
+ - docs: mention CURLOPT_MAX_RECV/SEND_SPEED_LARGE don't work for FILE://
+ - pop3: fixed auth preference not being honored when CAPA not supported
+ - imap: fixed auth preference not being honored when CAPABILITY not supported
+ - threaded resolver: use pthread_t * for curl_thread_t
+ - FILE: we don't support paused transfers using this protocol
+ - connect: try all addresses in first connection attempt
+ - curl_easy_setopt.3: added SMTP information to CURLOPT_INFILESIZE_LARGE
+ - OpenSSL: fix forcing SSLv3 connections
+ - openssl: allow explicit sslv2 selection
+ - FTP parselist: fix "total" parser
+ - conncache: fix possible dereference of null pointer
+ - multi.c: fix possible dereference of null pointer
+ - mk-ca-bundle: introduces -d and warns about using this script
+ - ConnectionExists: fix NTLM check for new connection
+ - trynextip: fix build for non-IPV6 capable systems
+ - Curl_updateconninfo: don't do anything for UDP "connections"
+ - darwinssl: un-break Leopard build after PKCS#12 change
+ - threaded-resolver: never use NULL hints with getaddrinf
+ - multi_socket: remind app if timeout didn't run
+ - OpenSSL: deselect weak ciphers by default
+ - error message: sensible message on timeout when transfer size unknown
+ - curl_easy_setopt.3: mention how to unset CURLOPT_INFILESIZE*
+ - win32: fixed use of deprecated function 'GetVersionInfoEx' for VC12
+ - configure: fix gssapi linking on HP-UX
+ - chunked-parser: abort on overflows, allow 64 bit chunks
+ - chunked parsing: relax the CR strictness
+ - cookie: max-age fixes
+ - progress bar: always update when at 100%%
+ - progress bar: increase update frequency to 10Hz
+ - tool: fixed incorrect return code if command line parser runs out of memory
+ - tool: fixed incorrect return code if password prompting runs out of memory
+ - HTTP POST: omit Content-Length if data size is unknown
+ - GnuTLS: disable insecure ciphers
+ - GnuTLS: honor --slv2 and the --tlsv1[.N] switches
+ - multi: fixed a memory leak on OOM condition
+ - netrc: fixed a memory and file descriptor leak on OOM
+ - getpass: fix password parsing from console
+ - TFTP: fix crash on time-out
+ - hostip: don't remove DNS entries that are in use
+ - tests: lots of tests fixed to pass the OOM torture tests
+
+* Tue Jan 21 2014 Paul Howarth <paul@city-fan.org> - 7.34.0-1.1.cf
+- add a couple of fixes from upstream for forced SSLv2 and SSLv3 support
+
+* Tue Dec 17 2013 Paul Howarth <paul@city-fan.org> - 7.34.0-1.0.cf
+- update to 7.34.0:
+ - gtls: respect *VERIFYHOST independently of *VERIFYPEER (CVE-2013-6422)
+ - SSL: protocol version can be specified more precisely
+ - imap/pop3/smtp: added graceful cancellation of SASL authentication
+ - add "Happy Eyeballs" for IPv4/IPv6 dual connect attempts
+ - base64: added validation of base64 input strings when decoding
+ - curl_easy_setopt: added the ability to set the login options separately
+ - smtp: added support for additional SMTP commands
+ - curl_easy_getinfo: added CURLINFO_TLS_SESSION for accessing TLS internals
+ - nss: allow to use TLS > 1.0 if built against recent NSS
+ - SECURITY: added this document to describe our security processes
+ - parseconfig: warn if unquoted white spaces are detected
+ - darwinssl: un-break iOS build after PKCS#12 feature added
+ - tool: use XFERFUNCTION to save some casts
+ - usercertinmem: fix memory leaks
+ - ssh: handle successful SSH_USERAUTH_NONE
+ - NSS: acknowledge the --no-sessionid/CURLOPT_SSL_SESSIONID_CACHE option
+ - test906: fixed failing test on some platforms
+ - sasl: initialize NSS before using NTLM crypto
+ - sasl: fixed memory leak in OAUTH2 message creation
+ - imap/pop3/smtp: fixed QUIT / LOGOUT being sent when SSL connect fails
+ - cmake: unbreak for non-Windows platforms
+ - ssh: initialize per-handle data in ssh_connect()
+ - glob: fix broken URLs
+ - configure: check for long long when building with cyassl
+ - CURLOPT_RESOLVE: mention they don't time-out
+ - docs/examples/httpput.c: fix build for MSVC
+ - FTP: make the data connection work when going through proxy
+ - NSS: support for CERTINFO feature
+ - curl_multi_wait: accept 0 from multi_timeout() as valid timeout
+ - glob_range: pass the closing bracket for a-z ranges
+ - tool_help: updated --list-only description to include POP3
+ - Curl_ssl_push_certinfo_len: don't %%.*s non-zero-terminated string
+ - cmake: fix Windows build with IPv6 support
+ - ares: fixed compilation under Visual Studio 2012
+ - curl_easy_setopt.3: clarify CURLOPT_SSL_VERIFYHOST documentation
+ - curl.1: mention that -O does no URL decoding
+ - darwinssl: PKCS#12 import feature now requires Lion or later
+ - darwinssl: check for SSLSetSessionOption() presence when toggling BEAST
+ - configure: fix test with -Werror=implicit-function-declaration
+ - sigpipe: factor out sigpipe_reset from easy.c
+ - curl_multi_cleanup: ignore SIGPIPE
+ - globbing: curl glob counter mismatch with {} list use
+ - parseconfig: dash options can't specified with colon or equals
+ - digest: fix CURLAUTH_DIGEST_IE
+ - curl.h: <sys/select.h> for OpenBSD
+ - darwinssl: Fix #if 10.6.0 for SecKeychainSearch
+ - TFTP: fix return codes for connect timeout
+ - login options: remove the ;[options] support from CURLOPT_USERPWD
+ - imap: fixed incorrect fallback to clear text authentication
+ - parsedate: avoid integer overflow
+ - curl.1: document -J doesn't %%-decode
+ - multi: add timer inaccuracy margin to timeout/connecttimeout
+- switch to openssl backend for Fedora 10 to 15 as NSS 3.14 is now required
+ (http://curl.haxx.se/mail/lib-2013-12/0000.html)
+
+* Mon Dec 2 2013 Paul Howarth <paul@city-fan.org> - 7.33.0-2.0.cf
+- allow to use TLS > 1.0 if built against recent NSS
+
+* Wed Oct 30 2013 Paul Howarth <paul@city-fan.org> - 7.33.0-1.3.cf
+- run tests with -n to explicitly disable valgrind, which can be problematic
+ on old distributions
+
+* Tue Oct 22 2013 Paul Howarth <paul@city-fan.org> - 7.33.0-1.2.cf
+- fix missing initialization in SSH code causing test 619 to fail
+
+* Fri Oct 18 2013 Paul Howarth <paul@city-fan.org> - 7.33.0-1.1.cf
+- fix missing initialization in NTLM code causing test 906 to fail
+
+* Tue Oct 15 2013 Paul Howarth <paul@city-fan.org> - 7.33.0-1.0.cf
+- update to 7.33.0:
+ - test code for testing the event based API
+ - CURLM_ADDED_ALREADY: new error code
+ - test TFTP server: support "writedelay" within <servercmd>
+ - krb4 support has been removed
+ - imap/pop3/smtp: added basic SASL XOAUTH2 support
+ - darwinssl: add support for PKCS#12 files for client authentication
+ - darwinssl: enable BEAST workaround on iOS 7 and later
+ - pass password to OpenSSL engine by user interface
+ - c-ares: add support for various DNS binding options
+ - cookies: add expiration
+ - curl: added --oauth2-bearer option
+ - nss: make sure that NSS is initialized
+ - curl: make --no-[option] work properly for several options
+ - FTP: with socket_action send better socket updates in active mode
+ - curl: fix the --sasl-ir in the --help output
+ - tests 2032, 2033: don't hardcode port in expected output
+ - urlglob: better detect unclosed braces, empty lists and overflows
+ - urlglob: error out on range overflow
+ - imap: fixed response check for SEARCH, EXPUNGE, LSUB, UID and NOOP commands
+ - handle arbitrary-length username and password
+ - TFTP: make the CURLOPT_LOW_SPEED* options work
+ - curl.h: name space pollution by "enum type"
+ - multi: move on from STATE_DONE faster
+ - FTP: 60 secs delay if aborted in the CURLOPT_HEADERFUNCTION callback
+ - multi_socket: improved 100-continue timeout handling
+ - curl_multi_remove_handle: allow multiple removes
+ - FTP: fix getsock during DO_MORE state
+ - -x: rephrased the --proxy section somewhat
+ - acinclude: fix --without-ca-path when cross-compiling
+ - LDAP: fix bad free() when URL parsing failed
+ - --data: mention CRLF treatment when reading from file
+ - curl_easy_pause: suggest one way to unpause
+ - imap: fixed calculation of transfer when partial FETCH received
+ - pingpong: check SSL library buffers for already read data
+ - imap/pop3/smtp: speed up SSL connection initialization
+ - libcurl.3: for multi interface connections are held in the multi handle
+ - curl_easy_setopt.3: mention RTMP URL quirks
+ - curl.1: detail how short/long options work
+ - curl.1: added information about optional login options to --user option
+ - curl: added clarification to the --mail options in the --help output
+ - curl_easy_setopt.3: clarify that TIMEOUT and TIMEOUT_MS set the same value
+ - openssl: use correct port number in error message
+ - darwinssl: block TLS_RSA_WITH_NULL_SHA256 cipher
+ - OpenSSL: acknowledge CURLOPT_SSL_VERIFYHOST without VERIFYPEER
+ - xattr: add support for FreeBSD xattr API
+ - win32: fix Visual Studio 2010 build with WINVER >= 0x600
+ - configure: use icc options without space
+ - test1112: Increase the timeout from 7s to 16s
+ - SCP: upload speed on a fast connection limited to 16384 B/s
+ - curl_setup_once: fix errno access for lwip on Windows
+ - HTTP: output http response 304 when modified time is too old
+- adjust multilib, debug and threaded DNS patches
+- add new patch for failing test 906
+
+* Fri Oct 11 2013 Paul Howarth <paul@city-fan.org> - 7.32.0-3.0.cf
+- do not limit the speed of SCP upload on a fast connection
+ (http://thread.gmane.org/gmane.comp.web.curl.library/40551/focus=40561)
+
+* Mon Sep 9 2013 Paul Howarth <paul@city-fan.org> - 7.32.0-2.0.cf
+- avoid delay if FTP is aborted in CURLOPT_HEADERFUNCTION callback (#1005686)
+
+* Mon Aug 12 2013 Paul Howarth <paul@city-fan.org> - 7.32.0-1.1.cf
+- make sure that NSS is initialized prior to calling PK11_GenerateRandom()
+
+* Mon Aug 12 2013 Paul Howarth <paul@city-fan.org> - 7.32.0-1.0.cf
+- update to 7.32.0:
+ - curl: allow timeouts to accept decimal values
+ - OS400: add slist and certinfo EBCDIC support
+ - OS400: new SSL backend GSKit
+ - CURLOPT_XFERINFOFUNCTION: introducing a new progress callback
+ - LIBCURL-STRUCTS: new document
+ - dotdot: introducing dot file path cleanup
+ - docs: fix typo in curl_easy_getinfo manpage
+ - test1230: avoid using hard-wired port number
+ - test1396: invoke the correct test tool
+ - SIGPIPE: ignored while inside the library
+ - darwinssl: fix crash that started happening in Lion
+ - OpenSSL: check for read errors, don't assume
+ - c-ares: improve error message on failed resolve
+ - printf: make sure %%x are treated unsigned
+ - formpost: better random boundaries
+ - url: restore the functionality of 'curl -u :'
+ - curl.1: fix typo in --xattr description
+ - digest: improve nonce generation
+ - configure: automake 1.14 compatibility tweak
+ - curl.1: document the --post303 option in the man page
+ - curl.1: document the --sasl-ir option in the man page
+ - setup-vms.h: sk_pop symbol tweak
+ - tool_paramhlp: try harder to catch negatives
+ - cmake: fix for MSVC2010 project generation
+ - asyn-ares: don't blank ares servers if none configured
+ - curl_multi_wait: set revents for extra fds
+ - reinstate "WIN32 MemoryTracking: track wcsdup() _wcsdup() and _tcsdup()
+ - ftp_do_more: consider DO_MORE complete when server connects back
+ - curl_easy_perform: gradually increase the delay time
+ - curl: fix symbolic names for CURLUSESSL_* enum in --libcurl output
+ - curl: fix upload of a zip file in OpenVMS
+ - build: fix linking on Solaris 10
+ - curl_formadd: CURLFORM_FILECONTENT wrongly rejected some option combos
+ - curl_formadd: fix file upload on VMS
+ - curl_easy_pause: on unpause, trigger mulit-socket handling
+ - md5 and metalink: use better build macros on Apple operating systems
+ - darwinssl: fix build error in crypto authentication under Snow Leopard
+ - curl: make --progress-bar update the line less frequently
+ - configure: don't error out on variable confusions (CFLAGS, LDFLAGS etc.)
+ - mk-ca-bundle: skip more untrusted certificates
+ - formadd: wrong pointer for file name when CURLFORM_BUFFERPTR used
+ - FTP: when EPSV gets a 229 but fails to connect, retry with PASV
+ - mk-ca-bundle.1: don't install on make install
+ - VMS: lots of updates and fixes of the build procedure
+ - global dns cache: didn't work (regression)
+ - global dns cache: fix memory leak
+- adjust multilib and UTF8 patches
+- drop upstreamed patches
+
+* Sat Aug 3 2013 Paul Howarth <paul@city-fan.org> - 7.31.0-5.0.cf
+- rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
+
+* Tue Jul 9 2013 Paul Howarth <paul@city-fan.org> - 7.31.0-4.0.cf
+- mention all options listed in 'curl --help' in curl.1 man page
+
+* Mon Jul 1 2013 Paul Howarth <paul@city-fan.org> - 7.31.0-3.0.cf
+- restore the functionality of 'curl -u :'
+
+* Wed Jun 26 2013 Paul Howarth <paul@city-fan.org> - 7.31.0-2.0.cf
+- build the curl tool with metalink support
+
+* Mon Jun 24 2013 Paul Howarth <paul@city-fan.org> - 7.31.0-1.1.cf
+ - test1230: avoid using hard-wired port number
+
+* Sat Jun 22 2013 Paul Howarth <paul@city-fan.org> - 7.31.0-1.0.cf
+- update to 7.31.0:
+ - SECURITY VULNERABILITY: curl_easy_unescape() may parse data beyond the end
+ of the input buffer (CVE-2013-2174)
+ - darwinssl: add TLS session resumption
+ - darwinssl: add TLS crypto authentication
+ - imap/pop3/smtp: added support for ;auth=<mech> in the URL
+ - imap/pop3/smtp: added support for ;auth=<mech> to CURLOPT_USERPWD
+ - usercertinmem.c: add example showing user cert in memory
+ - url: added smtp and pop3 hostnames to the protocol detection list
+ - imap/pop3/smtp: added support for enabling the SASL initial response
+ - curl -E: allow to use ':' in certificate nicknames
+ - FTP: access files in root dir correctly
+ - configure: try pthread_create without -lpthread
+ - FTP: handle a 230 welcome response
+ - curl-config: don't output static libs when they are disabled
+ - CURL_CHECK_CA_BUNDLE: don't check for paths when cross-compiling
+ - Various documentation updates
+ - getinfo.c: reset timecond when clearing session-info variables
+ - FILE: prevent an artificial timeout event due to stale speed-check data
+ - ftp_state_pasv_resp: connect through proxy also when set by env
+ - sshserver: disable StrictHostKeyChecking
+ - ftpserver: fixed imap logout confirmation data
+ - curl_easy_init: use less mallocs
+ - smtp: fixed unknown percentage complete in progress bar
+ - smtp: fixed sending of double CRLF caused by first in EOB
+ - bindlocal: move brace out of #ifdef
+ - winssl: fixed invalid memory access during SSL shutdown
+ - OS X framework: fix invalid symbolic link
+ - OpenSSL: allow empty server certificate subject
+ - axtls: prevent memleaks on SSL handshake failures
+ - cookies: only consider full path matches
+ - revert win32 MemoryTracking: wcsdup() _wcsdup() and _tcsdup()
+ - Curl_cookie_add: handle IPv6 hosts
+ - ossl_send: SSL_write() returning 0 is an error too
+ - ossl_recv: SSL_read() returning 0 is an error too
+ - digest auth: escape user names with \ or " in them
+ - curl_formadd.3: fixed wrong "end-marker" syntax
+ - libcurl-tutorial.3: fix incorrect backslash
+ - curl_multi_wait: reduce timeout if the multi handle wants to
+ - tests/Makefile: typo in the perlcheck target
+ - axtls: honor disabled VERIFYHOST
+ - OpenSSL: avoid double free in the PKCS12 certificate code
+ - multi_socket: reduce timeout inaccuracy margin
+ - digest: support auth-int for empty entity body
+ - axtls: now done non-blocking
+ - lib1900: use tutil_tvnow instead of gettimeofday
+ - curl_easy_perform: avoid busy-looping
+ - CURLOPT_COOKIELIST: take cookie share lock
+ - multi_socket: react on socket close immediately
+- adjust multilib patch
+- drop upstreamed patches
+
+* Fri Apr 26 2013 Paul Howarth <paul@city-fan.org> - 7.30.0-2.0.cf
+- limit the excessive use of sed in %%prep
+- prevent an artificial timeout event due to stale speed-check data (#906031)
+
+* Sat Apr 13 2013 Paul Howarth <paul@city-fan.org> - 7.30.0-1.1.cf
+- reinstate test port adjustment fixes
+
+* Fri Apr 12 2013 Paul Howarth <paul@city-fan.org> - 7.30.0-1.0.cf
+- update to 7.30.0:
+ - SECURITY ADVISORY: cookie tailmatching to avoid cross-domain leakage
+ (CVE-2013-1944)
+ - imap: Changed response tag generation to be completely unique
+ - imap: Added support for SASL-IR extension
+ - imap: Added support for the list command
+ - imap: Added support for the append command
+ - imap: Added custom request parsing
+ - imap: Added support to the fetch command for UID and SECTION properties
+ - imap: Added parsing and verification of the UIDVALIDITY mailbox attribute
+ - darwinssl: Make certificate errors less techy
+ - imap/pop3/smtp: Added support for the STARTTLS capability
+ - checksrc: ban use of sprintf, vsprintf, strcat, strncat and gets
+ - curl_global_init() now accepts the CURL_GLOBAL_ACK_EINTR flag
+ - Added CURLMOPT_MAX_HOST_CONNECTIONS, CURLMOPT_MAX_TOTAL_CONNECTIONS for
+ new multi interface connection handling
+ - Added CURLMOPT_MAX_PIPELINE_LENGTH, CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE,
+ CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE, CURLMOPT_PIPELINING_SITE_BL and
+ CURLMOPT_PIPELINING_SERVER_BL for new pipelining control
+ - darwinssl: Fix build under Leopard
+ - DONE: consider callback-aborted transfers premature
+ - ntlm: Fixed memory leaks
+ - smtp: Fixed an issue when processing EHLO failure responses
+ - pop3: Fixed incorrect return value from pop3_endofresp()
+ - pop3: Fixed SASL authentication capability detection
+ - pop3: Fixed blocking SSL connect when connecting via POP3S
+ - imap: Fixed memory leak when performing multiple selects
+ - nss: fix misplaced code enabling non-blocking socket mode
+ - AddFormData: prevent only directories from being posted
+ - darwinssl: fix infinite loop if server disconnected abruptly
+ - metalink: fix improbable crash parsing metalink filename
+ - show proper host name on failed resolve
+ - MacOSX-Framework: Make script work in Xcode 4.0 and later
+ - strlcat: remove function
+ - darwinssl: Fix send glitchiness with data > 32 or so KB
+ - polarssl: better 1.1.x and 1.2.x support
+ - various documentation improvements
+ - multi: NULL pointer reference when closing an unused multi handle
+ - SOCKS: fix socks proxy when noproxy matched
+ - install-sh: updated to support multiple source files as arguments
+ - PolarSSL: added human readable error strings
+ - resolver_error: remove wrong error message output
+ - docs: updates HTML index and general improvements
+ - curlbuild.h.dist: enhance non-configure GCC ABI detection logic
+ - sasl: Fixed null pointer reference when decoding empty digest challenge
+ - easy: do not ignore poll() failures other than EINTR
+ - darwinssl: disable ECC ciphers under Mountain Lion by default
+ - CONNECT: count received headers
+ - build: fixes for VMS
+ - CONNECT: clear 'rewindaftersend' on success
+ - HTTP proxy: insert slash in URL if missing
+ - hiperfifo: updated to use current libevent API
+ - getinmemory.c: abort the transfer nicely if not enough memory
+ - improved win32 memorytracking
+ - corrected proxy header response headers count
+ - FTP quote operations on re-used connection
+ - tcpkeepalive on win32
+ - tcpkeepalive on Mac OS X
+ - easy: acknowledge the CURLOPT_MAXCONNECTS option properly
+ - easy interface: restore default MAXCONNECTS to 5
+ - win32: don't set SO_SNDBUF for windows vista or later versions
+ - HTTP: made cookie sort function more deterministic
+ - winssl: Fixed memory leak if connection was not successful
+ - FTP: wait on both connections during active STOR state
+ - connect: treat a failed local bind of an interface as a non-fatal error
+ - darwinssl: disable insecure ciphers by default
+ - FTP: handle "rubbish" in front of directory name in 257 responses
+ - mk-ca-bundle: Fixed lost OpenSSL output with "-t"
+- remove upstreamed patches
+- temporarily drop the switching of ports for tests as it causes test suite
+ failures
+- add patch to fix linking of tests 1900 and 2033
+
+* Tue Mar 12 2013 Paul Howarth <paul@city-fan.org> - 7.29.0-4.0.cf
+- do not ignore poll() failures other than EINTR (#919127)
+- curl_global_init() now accepts the CURL_GLOBAL_ACK_EINTR flag (#919127)
+
+* Wed Mar 6 2013 Paul Howarth <paul@city-fan.org> - 7.29.0-3.0.cf
+- switch SSL socket into non-blocking mode after handshake
+- drop the hide_selinux.c hack no longer needed in %%check
+
+* Fri Feb 22 2013 Paul Howarth <paul@city-fan.org> - 7.29.0-2.0.cf
+- fix a SIGSEGV when closing an unused multi handle (#914411)
+
+* Wed Feb 6 2013 Paul Howarth <paul@city-fan.org> - 7.29.0-1.0.cf
+- update to 7.29.0:
+ - fix POP3/IMAP/SMTP SASL buffer overflow vulnerability (CVE-2013-0249)
+ - test: offer "automake" output and check for perl better
+ - always-multi: always use non-blocking internals
+ - imap: added support for sasl digest-md5 authentication
+ - imap: added support for sasl cram-md5 authentication
+ - imap: added support for sasl ntlm authentication
+ - imap: added support for sasl login authentication
+ - imap: added support for sasl plain text authentication
+ - imap: added support for login disabled server capability
+ - mk-ca-bundle: add -f, support passing to stdout and more
+ - writeout: -w now supports remote_ip/port and local_ip/port
+ - nss: prevent NSS from crashing on client auth hook failure
+ - darwinssl: fixed inability to disable peer verification on Snow Leopard and
+ Lion
+ - curl_multi_remove_handle: fix memory leak triggered with CURLOPT_RESOLVE
+ - SCP: relative path didn't work as documented
+ - setup_once.h: HP-UX <sys/socket.h> issue workaround
+ - configure: fix cross pkg-config detection
+ - runtests: do not add undefined values to @INC
+ - build: fix compilation with CURL_DISABLE_CRYPTO_AUTH flag
+ - multi: fix re-sending request on early connection close
+ - HTTP: remove stray CRLF in chunk-encoded content-free request bodies
+ - build: fix AIX compilation and usage of events/revents
+ - VC Makefiles: add missing hostcheck
+ - nss: clear session cache if a client certificate from file is used
+ - nss: fix error messages for CURLE_SSL_{CACERT,CRL}_BADFILE
+ - fix HTTP CONNECT tunnel establishment upon delayed response
+ - --libcurl: fix for non-zero default options
+ - FTP: reject illegal port numbers in EPSV 229 responses
+ - build: use per-target '_CPPFLAGS' for those currently using default
+ - configure: fix automake 1.13 compatibility
+ - curl: ignore SIGPIPE
+ - pop3: added support for non-blocking SSL upgrade
+ - pop3: fixed default authentication detection
+ - imap: fixed usernames and passwords that contain escape characters
+ - packages/DOS/common.dj: remove COFF debug info generation
+ - imap/pop3/smtp: fixed failure detection during TLS upgrade
+ - pop3: fixed no known authentication mechanism when fallback is required
+ - formadd: reject trying to read a directory where a file is expected
+ - formpost: support quotes, commas and semicolon in file names
+ - docs: update the comments about loading CA certs with NSS
+ - docs: fix typos in man pages
+ - darwinssl: fix bug where packets were sometimes transmitted twice
+ - winbuild: include version info for .dll .exe
+ - schannel: Removed extended error connection setup flag
+ - VMS: fix and generate the VMS build config
+- drop upstreamed patches and update others as needed
+
+* Tue Jan 15 2013 Paul Howarth <paul@city-fan.org> - 7.28.1-3.0.cf
+- prevent NSS from crashing on client auth hook failure
+- clear session cache if a client cert from file is used
+- fix error messages for CURLE_SSL_{CACERT,CRL}_BADFILE
+
+* Tue Nov 20 2012 Paul Howarth <paul@city-fan.org> - 7.28.1-1.0.cf
+- update to 7.28.1:
+ - metalink/md5: use CommonCrypto on Apple operating systems
+ - href_extractor: new example code extracting href elements
+ - NSS can be used for metalink hashing
+ - fix broken libmetalink-aware OpenSSL build
+ - gnutls: fix the error is fatal logic
+ - darwinssl: un-broke iOS build, fix error on server disconnect
+ - asyn-ares: restore functionality with c-ares < 1.6.1
+ - tlsauthtype: deal with the string case insensitively
+ - fixed MSVC libssh2 static build
+ - evhiperfifo: fix the pointer passed to WRITEDATA
+ - BUGS: fix the bug tracker URL
+ - winbuild: use machine type of development environment
+ - FTP: prevent the multi interface from blocking
+ - uniformly use AM_CPPFLAGS, avoid deprecated INCLUDES
+ - httpcustomheader.c: free the headers after use
+ - fix >2000 bytes POST over NTLM-using proxy
+ - redirects to URLs with fragments
+ - don't send '#' fragments when using proxy
+ - OpenSSL: show full issuer string
+ - fix HTTP auth regression
+ - CURLOPT_SSL_VERIFYHOST: stop supporting the 1 value
+ - ftp: EPSV-disable fix over SOCKS
+ - Digest: Add microseconds into nounce calculation
+ - SCP/SFTP: improve error code used for send failures
+ - SSL: several SSL-backend related fixes
+ - removed the notorious "additional stuff not fine" debug output
+ - OpenSSL: disable SSL/TLS compression - avoid the "CRIME" attack
+ - FILE: make upload-writes unbuffered
+ - custom memory callbacks failure with HTTP proxy (and more)
+ - TFTP: handle resends
+ - autoconf: don't force-disable compiler debug option
+ - winbuild: fix PDB file output
+ - test2032: spurious failure caused by premature termination
+ - memory leak: CURLOPT_RESOLVE with multi interface
+- re-enable test2032
+- update UTF8 and debug patches
+- fix bogus dates in spec changelog
+
+* Wed Oct 31 2012 Paul Howarth <paul@city-fan.org> - 7.28.0-1.0.cf
+- update to 7.28.0:
+ - SSH: added agent based authentication
+ - ftp: active conn, allow application to set sockopt after accept() call
+ with CURLSOCKTYPE_ACCEPT
+ - multi: add curl_multi_wait()
+ - metalink: added support for Microsoft Windows CryptoAPI
+ - md5: added support for Microsoft Windows CryptoAPI
+ - parse_proxy: treat "socks://x" as a socks4 proxy
+ - socks: added support for IPv6 connections through SOCKSv5 proxy
+ - WSAPoll disabled on Windows builds due to its bugs
+ - fix segfault on request retries
+ - curl-config: parentheses fix
+ - VC build: add define for openssl
+ - globbing: fix segfault when >9 globs were used
+ - fixed a few clang-analyzer warnings
+ - metalink: change code order to build with gnutls-nettle
+ - gtls: fix build failure by including nettle-specific headers
+ - change preferred HTTP auth on a handle previously used for another auth
+ - file: use fdopen() to avoid race condition
+ - added DWANT_IDN_PROTOTYPES define for MSVC too
+ - verbose: fixed (nil) output of hostnames in re-used connections
+ - metalink: un-broke the build when building --with-darwinssl
+ - curl man page cleanup
+ - avoid leak of local device string when reusing connection
+ - Curl_socket_check: fix return code for timeout
+ - nss: do not print misleading NSS error codes
+ - configure: remove the --enable/disable-nonblocking options
+ - darwinssl: add TLS 1.1 and 1.2 support, replace deprecated functions
+ - NTLM: re-use existing connection better
+ - schannel crash on multi and easy handle cleanup
+ - SOCKS: truly disable it if CURL_DISABLE_PROXY is defined
+ - mk-ca-bundle: detect start of trust section better
+ - gnutls: do not fail on non-fatal handshake errors
+ - SMTP: only send SIZE if supported
+ - ftpserver: respond with a 250 to SMTP EHLO
+ - ssh: do not crash if MD5 fingerprint is not provided by libssh2
+ - winbuild: added support for building with SPNEGO enabled
+ - metalink: fixed validation of binary files containing EOF
+ - setup.h: fixed for MS VC10 build
+ - cmake: use standard findxxx modules for cmake v2.8+
+ - HTTP_ONLY: disable more protocols
+ - Curl_reconnect_request: clear pointer on failure
+ - https.c example: remember to call curl_global_init()
+ - metalink: Filter resource URLs by type
+ - multi interface: CURLOPT_LOW_SPEED_* fix during rate limitation
+ - curl_schannel: Removed buffer limit and optimized buffer strategy
+- drop patches now included in upstream release
+- update UTF8 and debug patches
+- disable tests 1112 and 2032 for now
+
+* Mon Oct 1 2012 Paul Howarth <paul@city-fan.org> - 7.27.0-3.1.cf
+- do not crash if MD5 fingerprint is not provided by libssh2
+
+* Mon Aug 6 2012 Paul Howarth <paul@city-fan.org> - 7.27.0-3.0.cf
+- use the upstream facility to disable problematic tests
+
+* Wed Aug 1 2012 Paul Howarth <paul@city-fan.org> - 7.27.0-2.0.cf
+- eliminate unnecessary inotify events on upload via file protocol (#844385)
+
+* Sat Jul 28 2012 Paul Howarth <paul@city-fan.org> - 7.27.0-1.0.cf
+- update to 7.27.0:
+ - nss: use human-readable error messages provided by NSS
+ - added --metalink for metalink download support
+ - pop3: added support for sasl plain text authentication
+ - pop3: added support for sasl login authentication
+ - pop3: added support for sasl ntlm authentication
+ - pop3: added support for sasl cram-md5 authentication
+ - pop3: added support for sasl digest-md5 authentication
+ - pop3: added support for apop authentication
+ - added support for Schannel (Native Windows) SSL/TLS encryption
+ - added support for Darwin SSL (Native Mac OS X and iOS)
+ - http: print reason phrase from HTTP status line on error
+ - pop3: fixed the issue of having to supply the user name for all requests
+ - configure: fix LDAPS disabling related misplaced closing parenthesis
+ - cmdline: made -D option work with -O and -J
+ - configure: fix libcurl.pc and curl-config generation for static MingW*
+ cross builds
+ - ssl: fix duplicated SSL handshake with multi interface and proxy
+ - winbuild: fix Makefile.vc ignoring USE_IPV6 and USE_IDN flags
+ - OpenSSL: support longer certificate subject names
+ - openldap: OOM fixes
+ - log2changes.pl: fix the Version output
+ - lib554.c: use curl_formadd() properly
+ - urldata.h: fix cyassl build clash with wincrypt.h
+ - cookies: changed the URL in the cookiejar headers
+ - http-proxy: keep CONNECT connections alive (for NTLM)
+ - NTLM SSPI: fixed to work with unicode user names and passwords
+ - OOM fix in the curl tool when cloning cmdline options
+ - fixed some examples to use curl_global_init() properly
+ - cmdline: stricter numerical option parser
+ - HTTP HEAD: don't force-close after response-headers
+ - test231: fix wrong -C use
+ - docs: switch to proper UTF-8 for text file encoding
+ - keepalive: DragonFly uses milliseconds
+ - HTTP Digest: Client's "qop" value should not be quoted
+ - make distclean works again
+- update patches as necessary
+
+* Mon Jul 23 2012 Paul Howarth <paul@city-fan.org> - 7.26.0-6.0.cf
+- print reason phrase from HTTP status line on error (#676596)
+
+* Wed Jul 18 2012 Paul Howarth <paul@city-fan.org> - 7.26.0-5.0.cf
+- rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Sat Jun 9 2012 Paul Howarth <paul@city-fan.org> - 7.26.0-4.0.cf
+- fix duplicated SSL handshake with multi interface and proxy (#788526)
+
+* Wed May 30 2012 Paul Howarth <paul@city-fan.org> - 7.26.0-3.0.cf
+- disable test 1319 on ppc64; server times out
+
+* Mon May 28 2012 Paul Howarth <paul@city-fan.org> - 7.26.0-2.0.cf
+- use human-readable error messages provided by NSS (upstream commit 72f4b534)
+
+* Thu May 24 2012 Paul Howarth <paul@city-fan.org> - 7.26.0-1.0.cf
+- update to 7.26.0:
+ - nss: the minimal supported version of NSS bumped to 3.12.x
+ - nss: human-readable names are now provided for NSS errors if available
+ - add a manual page for mk-ca-bundle
+ - added --post303 and the CURL_REDIR_POST_303 option for CURLOPT_POSTREDIR
+ - smtp: add support for DIGEST-MD5 authentication
+ - pop3: added support for additional pop3 commands
+ - nss: libcurl now uses NSS_InitContext() to prevent collisions if available
+ - URL parse: reject numerical IPv6 addresses outside brackets
+ - MD5: fix OOM memory leak
+ - OpenSSL cert: provide more details when cert check fails
+ - HTTP: empty chunked POST ended up in two zero size chunks
+ - fixed a regression when curl resolved to multiple addresses and the first
+ isn't supported
+ - -# progress meter: avoid superfluous updates and duplicate lines
+ - headers: surround GCC attribute names with double underscores
+ - PolarSSL: correct return code for CRL matches
+ - PolarSSL: include version number in version string
+ - PolarSSL: add support for asynchronous connect
+ - mk-ca-bundle: revert the LWP usage
+ - IPv6 cookie domain: get rid of the first bracket before the second
+ - connect.c: return changed to CURLE_COULDNT_CONNECT when opensocket fails
+ - OpenSSL: made cert hostname check conform to RFC 6125
+ - HTTP: reset expected DL/UL sizes on redirects
+ - CMake: fix Windows LDAP/LDAPS option handling
+ - CMake: fix MS Visual Studio x64 unsigned long long literal suffix
+ - configure: update detection logic of getaddrinfo() thread-safeness
+ - configure: check for gethostbyname in the watt lib
+ - curl-config.1: fix curl-config usage in example
+ - smtp: Fixed non-escaping of dot character at beginning of line
+ - MakefileBuild.vc: use the correct IDN variable
+ - autoconf: improve handling of versioned symbols
+ - curl.1: clarify -x usage
+ - curl: shorten user-agent
+ - smtp: issue with the multi-interface always sending postdata
+ - compile error with GnuTLS+Nettle fixed
+ - winbuild: fix IPv6 enabled build
+- drop upstream patches
+- re-diff other patches as necessary
+
+* Wed Apr 25 2012 Paul Howarth <paul@city-fan.org> - 7.25.0-3.0.cf
+- resync with Rawhide
+
+* Fri Apr 13 2012 Paul Howarth <paul@city-fan.org> - 7.25.0-2.0.cf
+- use NSS_InitContext() to initialize NSS if available (#738456)
+- provide human-readable names for NSS errors (upstream commit a60edcc6)
+
+* Fri Mar 23 2012 Paul Howarth <paul@city-fan.org> - 7.25.0-1.0.cf
+- update to 7.25.0:
+ - configure: add option disable --libcurl output
+ - --ssl-allow-beast and CURLOPT_SSL_OPTIONS added
+ - added CURLOPT_TCP_KEEPALIVE, CURLOPT_TCP_KEEPIDLE, CURLOPT_TCP_KEEPINTVL
+ - curl: use new library-side TCP_KEEPALIVE options
+ - added a new CURLOPT_MAIL_AUTH option
+ - added support for --mail-auth
+ - --libcurl now also works with -F and more!
+ - --max-redirs: allow negative numbers as option value
+ - parse_proxy: bail out on zero-length proxy names
+ - configure: don't modify LD_LIBRARY_PATH for cross compiles
+ - curl_easy_reset: reset the referer string
+ - curl tool: don't abort glob-loop due to failures
+ - CONNECT: send correct Host: with IPv6 numerical address
+ - explicitly link to the nettle/gcrypt libraries
+ - more resilient connection times among IP addresses
+ - winbuild: fix IPV6 and IDN options
+ - SMTP: fixed error when using CURLOPT_CONNECT_ONLY
+ - cyassl: update to CyaSSL 2.0.x API
+ - smtp: fixed an issue with the EOB checking
+ - pop3: fixed drop of final CRLF in EOB checking
+ - smtp: fixed an issue with writing postdata
+ - smtp: added support for returning SMTP response codes
+ - CONNECT: fix ipv6 address in the Request-Line
+ - curl-config: only provide libraries with --libs
+ - LWIP: don't consider HAVE_ERRNO_H to be winsock
+ - ssh: tunnel through HTTP proxy if requested
+ - cookies: strip off [brackets] from numerical ipv6 host names
+ - libcurl docs: version corrections
+ - cmake: list_spaces_append_once failure
+ - resolve with c-ares: don't resolve IPv6 when not working
+ - smtp: changed error code for EHLO and HELO responses
+ - parsedate: fix a numeric overflow
+- update debug, multilib and UTF8 patches
+- drop support for distributions prior to FC-3:
+ - don't need to handle pkgconfig ≤ 0.15 with no URL support
+ - don't need workaround for RHL-9's LD_PRELOAD issues
+
+* Tue Jan 24 2012 Paul Howarth <paul@city-fan.org> - 7.24.0-1.0.cf
+- update to 7.24.0:
+ - curl was vulnerable to a data injection attack for certain protocols
+ (CVE-2012-0036, http://curl.haxx.se/docs/adv_20120124.html)
+ - curl was vulnerable to a SSL CBC IV vulnerability when built to use OpenSSL
+ (CVE-2011-3389, http://curl.haxx.se/docs/adv_20120124B.html)
+ - CURLOPT_QUOTE: SFTP supports the '*'-prefix now
+ - CURLOPT_DNS_SERVERS: set name servers if possible
+ - add support for using nettle instead of gcrypt as gnutls backend
+ - CURLOPT_INTERFACE: avoid resolving interfaces names with magic prefixes
+ - added CURLOPT_ACCEPTTIMEOUT_MS
+ - configure: add symbols versioning option --enable-versioned-symbols
+ - SSL session share: move the age counter to the share object
+ - -J -O: use -O name if no Content-Disposition header comes!
+ - protocol_connect: show verbose connect and set connect time
+ - query-part: ignore the URI part for given protocols
+ - gnutls: only translate winsock errors for old versions
+ - POP3: fix end of body detection
+ - POP3: detect when LIST returns no mails
+ - TELNET: improved treatment of options
+ - configure: add support for pkg-config detection of libidn
+ - CyaSSL 2.0+ library initialization adjustment
+ - multi interface: only use non-NULL socker function pointer
+ - call opensocket callback properly for active FTP
+ - don't call close socket callback for sockets created with accept()
+ - differentiate better between host/proxy errors
+ - SSH: fix CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 and --hostpubmd5
+ - multi: handle timeouts on DNS servers by checking for new sockets
+ - CURLOPT_DNS_SERVERS: fix return code
+ - POP3: fixed escaped dot not being stripped out
+ - OpenSSL: check for the SSLv2 function in configure
+ - MakefileBuild: fix the static build
+ - create_conn: don't switch to HTTP protocol if tunneling is enabled
+ - multi interface: fix block when CONNECT_ONLY option is used
+ - fix connection reuse for TLS upgraded connections
+ - multiple file upload with -F and custom type
+ - multi interface: active FTP connections are no longer blocking
+ - Android build fix
+ - timer: restore PRETRANSFER timing
+ - libcurl.m4: fix quoting arguments of AC_LANG_PROGRAM
+ - appconnect time fixed for non-blocking connect ssl backends
+ - do not include SSL handshake into time spent waiting for 100-continue
+ - handle dns cache case insensitive
+ - use new host name casing for subsequent HTTP requests
+ - CURLOPT_RESOLVE: avoid adding already present host names
+ - SFTP mkdir: use correct permission
+ - resolve: don't leak pre-populated dns entries
+ - --retry: retry transfers on timeout and DNS errors
+ - negotiate with SSPI backend: use the correct buffer for input
+ - SFTP dir: increase buffer size counter to avoid cut off file names
+ - TFTP: fix resending (again)
+ - c-ares: don't include getaddrinfo-using code
+ - FTP: CURLE_PARTIAL_FILE will not close the control channel
+ - win32-threaded-resolver: stop using a dummy socket
+ - OpenSSL: remove reference to openssl internal struct
+ - OpenSSL: SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option no longer enabled
+ - OpenSSL: fix PKCS#12 certificate parsing related memory leak
+ - OpenLDAP: fix LDAP connection phase memory leak
+ - Telnet: use correct file descriptor for telnet upload
+ - Telnet: Remove bogus optimisation of telnet upload
+ - URL parse: user name with ipv6 numerical address
+ - polarssl: show cipher suite name correctly with 1.1.0
+ - polarssl: havege_rand is not present in version 1.1.0 (WARNING: we still
+ use the old API which is said to be insecure - see:
+ http://polarssl.org/trac/wiki/SecurityAdvisory201102)
+ - gnutls: enforced use of SSLv3
+- drop patches from upstream now included in release tarball
+- don't include fix for broken applications with curl multi from Fedora 14
+ onwards (#599340)
+- update debug and UTF8 patches
+
+* Mon Jan 2 2012 Paul Howarth <paul@city-fan.org> - 7.23.1-5.0.cf
+- add upstream patch that allows FTPS tests to run with nss-3.13 (#760060)
+
+* Tue Dec 27 2011 Paul Howarth <paul@city-fan.org> - 7.23.1-4.0.cf
+- allow to run FTPS tests with nss-3.13 (#760060)
+
+* Mon Dec 26 2011 Paul Howarth <paul@city-fan.org> - 7.23.1-3.0.cf
+- avoid unnecessary timeout event when waiting for 100-continue (#767490)
+
+* Mon Nov 21 2011 Paul Howarth <paul@city-fan.org> - 7.23.1-2.0.cf
+- curl -JO now uses -O name if no C-D header comes (upstream commit c532604)
+
+* Fri Nov 18 2011 Paul Howarth <paul@city-fan.org> - 7.23.1-1.0.cf
+- update to 7.23.1:
+ - Windows: curl would fail if it found no CA cert, unless -k was used - even
+ if a non-SSL protocol URL was used
+
+* Wed Nov 16 2011 Paul Howarth <paul@city-fan.org> - 7.23.0-1.0.cf
+- update to 7.23.0:
+ - empty headers can be sent in HTTP requests by terminating with a semicolon
+ - SSL session sharing support added to curl_share_setopt()
+ - added support to MAIL FROM for the optional SIZE parameter
+ - smtp: added support for NTLM authentication
+ - curl tool: code split into tool_*.[ch] files
+ - handle HTTP redirects to "//hostname/path"
+ - SMTP without --mail-from caused segfault
+ - prevent extra progress meter headers between multiple files
+ - allow Content-Length to be replaced when sending HTTP requests
+ - curl now always sets postfieldsize to allow --data-binary and --data
+ to be mixed in the same command line
+ - curl_multi_fdset: avoid FD_SET out of bounds
+ - lots of MinGW build tweaks
+ - Curl_gethostname: return un-qualified machine name
+ - fixed the openssl version number configure check
+ - nss: certificates from files are no longer looked up by file base names
+ - returning abort from the progress function when using the multi interface
+ would not properly cancel the transfer and close the connection
+ - fix libcurl.m4 to not fail with modern gcc versions
+ - ftp: improved the failed PORT host name resolved error message
+ - TFTP timeout and unexpected block adjustments
+ - HTTP and GOPHER test server-side connection closing adjustments
+ - fix endless loop upon transport connection timeout
+ - don't clobber errno on failed connect
+ - typecheck: allow NULL to unset CURLOPT_ERRORBUFFER
+ - formdata: ack read callback abort
+ - make --show-error properly position independent
+ - set the ipv6-connection boolean correctly on connect
+ - SMTP: fix end-of-body string escaping
+ - gtls: only call gnutls_transport_set_lowat with <gnutls-2.12.0
+ - HTTP: handle multiple auths in a single WWW-Authenticate line
+ - curl_multi_fdset: correct fdset with FTP PORT use
+ - windbuild: fix the static build
+ - fix builds with GnuTLS version 3
+ - fix calling of OpenSSL's ERR_remove_state(0)
+ - HTTP auth: fix proxy Negotiate bug when Negotiate not requested
+ - ftp PORT: don't hang if bind() fails
+ - -# would crash on terminals wider than 256 columns
+- drop upstreamed patch for nss
+- update patch for broken applications using curl multi (#599340)
+- update UTF8 patch
+
+* Mon Sep 19 2011 Paul Howarth <paul@city-fan.org> - 7.22.0-2.0.cf
+- nss: select client certificates by DER (#733657)
+
+* Tue Sep 13 2011 Paul Howarth <paul@city-fan.org> - 7.22.0-1.0.cf
+- update to 7.22.0:
+ - added CURLOPT_GSSAPI_DELEGATION
+ - added support for NTLM delegation to Samba's winbind daemon helper ntlm_auth
+ - display notes from setup file in testcurl.pl
+ - BSD-style lwIP TCP/IP stack experimental support on Windows
+ - OpenSSL: use SSL_MODE_RELEASE_BUFFERS if available
+ - --delegation was added to set CURLOPT_GSSAPI_DELEGATION
+ - nss: start with no database if the selected database is broken
+ - telnet: allow programatic use on Windows
+ - curl_getdate: detect some illegal dates better
+ - when sending a request and an error is received before the (entire) request
+ body is sent, stop sending the request and close the connection after
+ having received the entire response; this is equally true if an Expect:
+ 100-continue header was used
+ - when using both -J and a single -O with multiple URLs, a missing init
+ could cause a segfault
+ - -J fixed for escaped quotes
+ - -J fixed for file names with semicolons
+ - progress: reset flags at transfer start to avoid wrong
+ CURLINFO_CONTENT_LENGTH_DOWNLOAD
+ - curl_gssapi: guard files with HAVE_GSSAPI and rename private header
+ - silence picky compilers: mark unused parameters
+ - help output: more gnu-like output
+ - libtests: stop checking for CURLM_CALL_MULTI_PERFORM
+ - setting a non-HTTP proxy with an environment variable or with CURLOPT_PROXY
+ / --proxy (without specifying CURLOPT_PROXYTYPE) would still make it do
+ proxy-like HTTP requests
+ - CURLFORM_BUFFER: insert filename as documented (regression)
+ - SOCKS: fix the connect timeout
+ - ftp_doing: bail out on error properly while multi interfacing
+ - improved Content-Encoded decoding error message
+ - asyn-thread: check for dotted addresses before thread starts
+ - cmake: find winsock when building on windows
+ - Curl_retry_request: check return code
+ - cookies: handle 'secure=' as if it was 'secure'
+ - tests: break busy loops in tests 502, 555, and 573
+ - FTP: fix proxy connect race condition with multi interface and SOCKS proxy
+ - RTSP: GET_PARAMETER requests have a body
+ - fixed several memory leaks in OOM situations
+ - bad expire(0) caused multi_socket API to hang
+ - avoid ftruncate() static define with mingw64
+ - mk-ca-bundle.pl: ignore untrusted certs
+ - builds with PolarSSL 1.0.0
+- curl-config now provides dummy --static-libs option (#733956)
+- update UTF8 patch
+
+* Sun Aug 21 2011 Paul Howarth <paul@city-fan.org> - 7.21.7-4.1.cf
+- actually fix SIGSEGV of curl -O -J given more than one URL (#723075)
+
+* Tue Aug 16 2011 Paul Howarth <paul@city-fan.org> - 7.21.7-4.0.cf
+- fix SIGSEGV of curl -O -J given more than one URL (#723075)
+- introduce the --delegation option of curl (#730444)
+- initialize NSS with no database if the selected database is broken (#728562)
+
+* Wed Aug 3 2011 Paul Howarth <paul@city-fan.org> - 7.21.7-3.0.cf
+- add a new option CURLOPT_GSSAPI_DELEGATION (#719939)
+
+* Wed Jul 13 2011 Paul Howarth <paul@city-fan.org> - 7.21.7-2.0.cf
+- for builds using c-ares, have libcurl require at least the version of c-ares
+ that it was built against to ensure that all required symbols are available
+ (similar issue to that with libssh2 fixed in 7.21.2-2.0.cf)
+- upstream release no longer has spurious exec permissions for source files
+- use a patch rather than a scripted iconv to re-code docs as UTF-8
+- fix dist tag for CentOS 6 and Scientific Linux
+
+* Thu Jun 23 2011 Paul Howarth <paul@city-fan.org> - 7.21.7-1.0.cf
+- update to 7.21.7:
+ - SECURITY ADVISORY: inappropriate GSSAPI delegation (CVE-2011-2192); full
+ details at http://curl.haxx.se/docs/adv_20110623.html
+ - recognize the [protocol]:// prefix in proxy hosts where the protocol is one
+ of socks4, socks4a, socks5 or socks5h
+ - added CURLOPT_CLOSESOCKETFUNCTION and CURLOPT_CLOSESOCKETDATA
+ - NTLM: work with unicode
+ - fix connect with SOCKS proxy when using the multi interface
+ - anyauthput.c: stdint.h must not be included unconditionally
+ - CMake: improved build
+ - SCP/SFTP enable non-blocking earlier
+ - GnuTLS handshake: fix timeout
+ - cyassl: build without filesystem
+ - HTTPS over HTTP proxy using the multi interface
+ - speedcheck: invalid timeout event on a reused handle
+ - force connection close for HTTP 200 OK when time condition matched
+ - curl_formget: fix FILE * leak
+ - configure: improved OpenSSL detection
+ - android build: support gingerbread
+ - CURLFORM_STREAM: acknowledge CURLFORM_FILENAME
+ - windows build: use correct MS CRT
+ - pop3: remove extra space in LIST command
+- drop upstream patches
+
+* Wed Jun 8 2011 Paul Howarth <paul@city-fan.org> - 7.21.6-3.0.cf
+- avoid an invalid timeout event on a reused handle (#679709)
+
+* Wed May 25 2011 Paul Howarth <paul@city-fan.org> - 7.21.6-2.0.cf
+- further fix for https via http proxy
+ (http://curl.haxx.se/mail/lib-2011-05/0214.html)
+
+* Sat Apr 23 2011 Paul Howarth <paul@city-fan.org> - 7.21.6-1.0.cf
+- update to 7.21.6:
+ - added --tr-encoding and CURLOPT_TRANSFER_ENCODING
+ - curl-config: fix --version
+ - curl_easy_setopt.3: CURLOPT_PROXYTYPE clarification
+ - use HTTPS properly after CONNECT
+ - SFTP: close file before post quote operations
+- drop upstreamed patches
+
+* Thu Apr 21 2011 Paul Howarth <paul@city-fan.org> - 7.21.5-3.0.cf
+- fix problem with https via http proxy falling back to http
+ (http://curl.haxx.se/mail/lib-2011-04/0134.html)
+
+* Mon Apr 18 2011 Paul Howarth <paul@city-fan.org> - 7.21.5-2.0.cf
+- fix the output of curl-config --version (upstream commit 82ecc85)
+
+* Mon Apr 18 2011 Paul Howarth <paul@city-fan.org> - 7.21.5-1.0.cf
+- update to 7.21.5:
+ - SOCKOPTFUNCTION: callback can say already-connected
+ - added --netrc-file
+ - added (new) support for cyassl
+ - TLS-SRP: enabled with OpenSSL
+ - added CURLE_NOT_BUILT_IN and CURLE_UNKNOWN_OPTION
+ - nss: avoid memory leak on SSL connection failure
+ - nss: do not ignore failure of SSL handshake
+ - multi: better failed connect handling when using FTP, SMTP, POP3 and IMAP
+ - runtests.pl: fix pid number concatenation that prevented it from killing
+ the correct process at times
+ - PolarSSL: return 0 on receiving TLS CLOSE_NOTIFY alert
+ - curl_easy_setopt.3: removed wrong reference to CURLOPT_USERPASSWORD
+ - multi: close connection on timeout
+ - IMAP in multi mode does SSL connections non-blocking
+ - honours the --disable-ldaps configure option
+ - force setopt constants written by --libcurl to be long
+ - ssh_connect: treat libssh2 return code better
+ - SFTP upload could stall the state machine when the multi_socket API was used
+ - SFTP and SCP could leak memory when used with the multi interface and
+ the connection was closed
+ - added missing file to repair the MSVC makefiles
+ - fixed detection of recvfrom arguments on Android/bionic
+ - GSS: handle reuse fix
+ - transfer: avoid insane conversion of time_t
+ - nss: do not ignore value of CURLOPT_SSL_VERIFYPEER in certain cases
+ - SMTP-multi: non-blocking connect
+ - SFTP-multi: set cselect for sftp and scp to fix "stall" risk
+ - configure: removed wrongly claimed default paths
+ - pop3: fixed torture tests to succeed
+ - symbols-in-versions: many corrections
+ - if a HTTP request gets retried because the connection was dead, rewind if
+ any data was sent as part of it
+ - only probe for working ipv6 once and then re-use that info for further
+ requests
+ - requests that are asked to bind to a local interface/port will no longer
+ wrongly re-use connections that aren't bound to that interface/port
+ - libcurl.m4: add missing quotes in AC_LINK_IFELSE
+ - progress output: don't print the last update on a separate line
+ - POP3: the command to send is STLS, not STARTTLS
+ - POP3: PASS command was not sent after upgrade to TLS
+ - configure: fix libtool warning
+ - nss: allow to use multiple client certificates for a single host
+ - HTTP pipelining: fix handling of zero-length responses
+ - don't list NTLM in curl-config when HTTP is disabled
+ - curl_easy_setopt.3: CURLOPT_RESOLVE typo version
+ - OpenSSL: build fine with no-sslv2 versions
+ - checkconnection: don't call with NULL pointer with RTSP and multi interface
+ - Borland makefile updates
+ - configure: libssh2 link fix without pkg-config
+ - certinfo crash
+ - CCC crash
+- drop upstreamed patches
+- update debug and pkgconfig patches
+- nobody else likes macros for commands
+
+* Sat Mar 5 2011 Paul Howarth <paul@city-fan.org> - 7.21.4-5.0.cf
+- work around valgrind bug (#678518)
+
+* Tue Feb 22 2011 Paul Howarth <paul@city-fan.org> - 7.21.4-2.0.cf
+- do not ignore failure of SSL handshake (upstream commit 7aa2d10)
+
+* Thu Feb 17 2011 Paul Howarth <paul@city-fan.org> - 7.21.4-1.0.cf
+- update to 7.21.4:
+ - CURLINFO_FTP_ENTRY_PATH now supports SFTP
+ - introduced new framework for unit-testing
+ - ares: ask for both IPv4 and IPv6 addresses
+ - SMTP: add brackets for MAIL FROM
+ - multi: connect fail => use next IP address
+ - use the timeout when using multiple IP addresses similar to how the easy
+ interface does it
+ - cookies: tricked dotcounter fixed
+ - pubkey_show: allocate buffer to fit any-size result
+ - Curl_nss_connect: avoid PATH_MAX
+ - Curl_do: avoid using stale conn pointer
+ - tftpd test server: avoid buffer overflow report from glibc
+ - nss: avoid CURLE_OUT_OF_MEMORY given a file name without any slash
+ - nss: fix a bug in handling of CURLOPT_CAPATH
+ - OpenSSL get_cert_chain: support larger data sets
+ - SCP/SFTP transfers: acknowledge speedcheck
+ - connect problem: use UDP correctly
+ - OpenSSL: improved error message on SSL_CTX_new failures
+ - HTTP: memory leak on multiple Location:
+ - ares_query_completed_cb: don't touch invalid data
+ - ares: memory leak fix
+ - mk-ca-bundle: use new cacert url
+ - Curl_gmtime: added a portable gmtime and check for NULL
+ - curl.1: typo in -v description
+ - CURLOPT_SOCKOPTFUNCTION: return proper error code
+ - --keepalive-time: warn if not supported properly
+ - file: add support for CURLOPT_TIMECONDITION
+ - nss: avoid memory leaks and failure of NSS shutdown
+ - multi: fix CURLM_STATE_TOOFAST for multi_socket
+- update debug patch
+- avoid memory leak on SSL connection failure (upstream commit a40f58d)
+- drop upstreamed patches
+- drop ares-ipv6 patch
+
+* Tue Feb 8 2011 Paul Howarth <paul@city-fan.org> - 7.21.3-3.0.cf
+- rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
+
+* Wed Jan 12 2011 Paul Howarth <paul@city-fan.org> - 7.21.3-2.0.cf
+- build libcurl with --enable-hidden-symbols
+
+* Thu Dec 16 2010 Paul Howarth <paul@city-fan.org> - 7.21.3-1.0.cf
+- update to 7.21.3:
+ - added --noconfigure switch to testcurl.pl
+ - added --xattr option
+ - added CURLOPT_RESOLVE and --resolve
+ - added CURLAUTH_ONLY
+ - added version-check.pl to the examples dir
+ - check for libcurl features for some command line options
+ - Curl_setopt: disallow CURLOPT_USE_SSL without SSL support
+ - http_chunks: remove debug output
+ - URL-parsing: consider ? a divider
+ - SSH: avoid using the libssh2_ prefix
+ - SSH: use libssh2_session_handshake() to work on win64
+ - ftp: prevent server from hanging on closed data connection when stopping
+ a transfer before the end of the full transfer (ranges)
+ - LDAP: detect non-binary attributes properly
+ - ftp: treat server's response 421 as CURLE_OPERATION_TIMEDOUT
+ - gnutls->handshake: improved timeout handling
+ - security: pass the right parameter to init
+ - krb5: use GSS_ERROR to check for error
+ - TFTP: resend the correct data
+ - configure: fix autoconf 2.68 warning: no AC_LANG_SOURCE call detected
+ - GnuTLS: now detects socket errors on Windows
+ - symbols-in-versions: updated en masse
+ - added a couple of examples that were missing from the tarball
+ - Curl_send/recv_plain: return errno on failure
+ - Curl_wait_for_resolv (for c-ares): correct timeout
+ - ossl_connect_common: detect connection re-use
+ - configure: prevent link errors with --librtmp
+ - openldap: use remote port in URL passed to ldap_init_fd()
+ - url: provide dead_connection flag in Curl_handler::disconnect
+ - lots of compiler warning fixes
+ - ssh: fix a download resume point calculation
+ - fix getinfo CURLINFO_LOCAL* for reused connections
+ - multi: the returned running handles counter could turn negative
+ - multi: only ever consider pipelining for connections doing HTTP(S)
+- drop upstream patches now in tarball
+- update bz650255 and ares-ipv6 patches to apply against new codebase
+- add workaround for false-positive glibc-detected buffer overflow in tftpd
+ test server with FORTIFY_SOURCE (similar to #515361)
+
+* Sat Nov 13 2010 Paul Howarth <paul@city-fan.org> - 7.21.2-5.0.cf
+- do not send QUIT to a dead FTP control connection (#650255)
+- pull back glibc's implementation of str[n]casecmp(); #626470 appears fixed
+
+* Tue Nov 9 2010 Paul Howarth <paul@city-fan.org> - 7.21.2-4.0.cf
+- prevent FTP client from hanging on unrecognized ABOR response (#649347)
+- return more appropriate error code in case FTP server session idle
+ timeout has been exceeded (#650255)
+
+* Fri Oct 29 2010 Paul Howarth <paul@city-fan.org> - 7.21.2-3.0.cf
+- prevent FTP server from hanging on closed data connection (#643656)
+
+* Thu Oct 14 2010 Paul Howarth <paul@city-fan.org> - 7.21.2-2.0.cf
+- enforce versioned libssh2 dependency for libcurl (#642796)
+
+* Wed Oct 13 2010 Paul Howarth <paul@city-fan.org> - 7.21.2-1.0.cf
+- update to 7.21.2:
+ - curl -T: ignore file size of special files
+ - added GOPHER protocol support
+ - c-ares build now requires c-ares >= 1.6.0
+ - --remote-header-name security vulnerability fixed:
+ http://curl.haxx.se/docs/adv_20101013.html
+ - multi: support the timeouts correctly, fixes known bug #62
+ - multi: use timeouts properly for MAX_RECV/SEND_SPEED
+ - negotiation: Wrong proxy authorization
+ - multi: avoid sending multiple complete messages
+ - cmdline: make -F type= accept ;charset=
+ - RESUME_FROM: clarify what ftp uploads do
+ - http: handle trailer headers in all chunked responses
+ - Curl_is_connected: use correct errno
+ - progress: callback for POSTs less than MAX_INITIAL_POST_SIZE
+ - link curl and the test apps with -lrt explicitly when necessary
+ - chunky parser: only rewind stream internally if needed
+ - remote-header-name: don't output filename when NULL
+ - Curl_timeleft: avoid returning "no timeout" by mistake
+ - timeout: use the correct start value as offset
+ - FTP: fix wrong timeout trigger
+ - buildconf got better output on failures
+ - rtsp: avoid SIGSEGV on malformed header
+ - LDAP: support for tunnelling queries through HTTP proxy
+ - configure's --enable-werror had a bashism
+ - test565: don't hardcode IP:PORT
+ - configure: check for gcrypt if using GnuTLS
+ - configure: don't enable RTMP if the lib detect fails
+ - curl_easy_duphandle: clone the c-ares handle correctly
+ - support URL containing colon without trailing port number
+ - parsedate: allow time specified without seconds
+ - curl_easy_escape: don't escape "unreserved" characters
+ - SFTP: avoid downloading negative sizes
+ - lots of GSS/KRB FTP fixes
+ - TFTP: work around tftpd-hpa upload bug
+ - libcurl.m4: several fixes
+ - HTTP: remove special case for 416
+ - examples: use example.com in example URLs
+ - globbing: fix crash on unbalanced open brace
+ - cmake: build fixed
+- drop upstream patches
+- make 0102-curl-7.21.2-debug.patch less intrusive
+- update workaround for broken applications using curl multi
+- use LD_PRELOAD hack to get sshd running in test suite with SELinux enforcing
+- drop SELinux buildreqs, no longer needed
+
+* Thu Sep 30 2010 Paul Howarth <paul@city-fan.org> - 7.21.1-6.0.cf
+- rebuild for gcc bug (#634757)
+
+* Sat Sep 11 2010 Paul Howarth <paul@city-fan.org> - 7.21.1-5.0.cf
+- make it possible to run SCP/SFTP tests on x86_64 (#632914)
+
+* Wed Sep 8 2010 Paul Howarth <paul@city-fan.org> - 7.21.1-4.0.cf
+- work around glibc/valgrind problem on x86_64 (#631449)
+
+* Tue Aug 24 2010 Paul Howarth <paul@city-fan.org> - 7.21.1-3.0.cf
+- sync patches with Rawhide
+- drop dependency on automake for devel package from F-14, where
+ %%{_datadir}/aclocal is included in the filesystem package
+- drop dependency on pkgconfig for devel package from F-11, where
+ pkgconfig dependencies are auto-generated
+
+* Mon Aug 23 2010 Paul Howarth <paul@city-fan.org> - 7.21.1-2.1.cf
+- fix kerberos proxy authentication for https (#625676)
+- work around glibc/valgrind problem on x86_64 (#626470)
+
+* Thu Aug 19 2010 Paul Howarth <paul@city-fan.org> - 7.21.1-2.0.cf
+- modify system headers to work around gcc bug (#617757)
+- curl -T now ignores file size of special files (#622520)
+
+* Thu Aug 12 2010 Paul Howarth <paul@city-fan.org> - 7.21.1-1.0.cf
+- update to 7.21.1:
+ - added support for NTLM authentication when compiled with NSS
+ - curl-config: --built-shared returns shared info
+ - multi: call the progress callback in all states
+ - multi: unmark handle as used when no longer head of pipeline
+ - sendrecv: treat all negative values from send/recv as errors
+ - ftp-wildcard: avoid tight loop when used without any pattern
+ - multi_socket: re-use of same socket without notifying app
+ - ftp wildcard: FTP LIST parser FIX
+ - urlglobbing backslash escaping bug
+ - multi: CURLINFO_LASTSOCKET doesn't work after remove_handle
+ - --libcurl: use *_LARGE options with typecasted constants
+ - --libcurl: hide setopt() calls setting default options
+ - curl: avoid setting libcurl options to its default
+ - --libcurl: list the tricky options instead of using [REMARK]
+ - http: don't enable chunked during authentication negotiations
+ - upload: warn users trying to upload from stdin with anyauth
+ - threaded resolver: fix timeout issue
+ - multi: fix condition that remove timers before trigger
+ - examples: add curl_multi_timeout
+ - --retry: access violation with URL part sets continued
+ - remote-header-name: chop filename at next semicolon
+ - ftp: response timeout bug in "quote" sending
+ - CUSTOMREQUEST: shouldn't be disabled when HTTP is disabled
+ - NTLM tests: boost coverage by forcing the hostname
+ - multi: fix FTPS connecting the data connection with OpenSSL
+ - retry: consider retrying even if -f is used
+ - fix SOCKS problem when using multi interface
+ - typecheck-gcc: add checks for recently added options
+ - SCP: send large files properly with new enough libssh2
+ - multi_socket: set timeout for 100-continue
+ - ";type=" URL suffix over HTTP proxy
+ - acknowledge progress callback error returns during connect
+- drop upstreamed NTLM-with-NSS patch
+- rediff other patches where necessary
+- use LD_PRELOAD with absolute directory on RHL-9 to avoid test failures
+
+* Mon Jun 28 2010 Paul Howarth <paul@city-fan.org> - 7.21.0-2.0.cf
+- add support for NTLM authentication (#603783)
+
+* Fri Jun 18 2010 Paul Howarth <paul@city-fan.org> - 7.21.0-1.0.cf
+- update to 7.21.0
+ new features:
+ - added the --proto and -proto-redir options
+ - new configure option --enable-threaded-resolver
+ - improve TELNET ability with libcurl
+ - added support for PolarSSL
+ - added support for FTP wildcard matching and downloads
+ - added support for RTMP
+ - introducing new LDAP code for new enough OpenLDAP
+ - OpenLDAP support enabled for cygwin builds
+ - added CURLINFO_PRIMARY_PORT, CURLINFO_LOCAL_IP and CURLINFO_LOCAL_PORT
+ bugfixes:
+ - prevent needless reverse name lookups
+ - detect GSS on ancient Linux distros
+ - GnuTLS: EOF caused error when it wasn't
+ - GnuTLS: SSL handshake phase is non-blocking
+ - -J/--remote-header-name strips CRLF
+ - MSVC makefiles now use ws2_32.lib instead of wsock32.lib
+ - -O crash on windows
+ - SSL handshake timeout underflow in libcurl-NSS
+ - multi interface missed storing connection time
+ - broken CRL support in libcurl-NSS
+ - ignore response-body on redirect even if compressed
+ - OpenSSL handshake state-machine for multi interface
+ - TFTP timeout option sent correctly
+ - TFTP block id wrap
+ - curl_multi_socket_action() timeout handles inaccuracy in timers better
+ - SCP/SFTP failure to respect the timeout
+ - spurious SSL connection aborts with OpenSSL
+- rename patches as per Fedora package
+- drop applied patches
+- update %%description
+
+* Fri Jun 4 2010 Paul Howarth <paul@city-fan.org> - 7.20.1-8.0.cf
+- workaround for broken applications using curl multi (#599340)
+- enable threaded DNS lookup instead of using c-ares for F-12 and F-13 builds
+
+* Tue May 25 2010 Paul Howarth <paul@city-fan.org> - 7.20.1-7.0.cf
+- fix -J/--remote-header-name to strip CR-LF (upstream patch)
+
+* Wed May 12 2010 Paul Howarth <paul@city-fan.org> - 7.20.1-6.0.cf
+- CRL support now works again (#581926)
+- fix dist tag for RHEL-6 Beta
+
+* Thu Apr 29 2010 Paul Howarth <paul@city-fan.org> - 7.20.1-5.0.cf
+- fix the test suite so that the SSH server can start in an SELinux enforcing
+ environment (#521087)
+
+* Sun Apr 25 2010 Paul Howarth <paul@city-fan.org> - 7.20.1-4.0.cf
+- upstream patch preventing failure of test536 with threaded DNS resolver
+- upstream patch preventing SSL handshake timeout underflow
+
+* Tue Apr 20 2010 Paul Howarth <paul@city-fan.org> - 7.20.1-2.1.cf
+- experimentally enable threaded DNS lookup instead of using c-ares
+ (Rawhide [F-14] builds only)
+- fix multilib confict in curl-config --configure (#584107)
+- tighten up dependency on libcurl from libcurl-devel to use %%{?_isa}
+- replace Rawhide s390-sleep patch with a more targeted patch adding a
+ delay after tests 513 and 514 rather than after all tests
+- add patch disabling valgrind in test623 as it identifies a memory leak in
+ libssh2 and breaks the build
+
+* Tue Apr 20 2010 Paul Howarth <paul@city-fan.org> - 7.20.1-1.1.cf
+- sync patches with Rawhide
+- remove redundant compiler/linker flags from libcurl.pc
+
+* Thu Apr 15 2010 Paul Howarth <paul@city-fan.org> - 7.20.1-1.0.cf
+- update to 7.20.1 (see RELEASE-NOTES for details)
+- drop upstreamed patches
+- add patch to fix GSSAPI support for ancient distros like RHEL-3
+
+* Wed Mar 24 2010 Paul Howarth <paul@city-fan.org> - 7.20.0-4.0.cf
+- add missing quote in libcurl.m4 (#576252)
+- resync cc-err patch with Fedora
+
+* Sun Mar 21 2010 Paul Howarth <paul@city-fan.org> - 7.20.0-3.0.cf
+- throw CURLE_SSL_CERTPROBLEM in case peer rejects a certificate (#565972)
+- handle move of kerberos installation prefix in krb5 >= 1.8
+- drop libidn-devel dependency for libcurl-devel; no longer needed
+
+* Tue Feb 23 2010 Paul Howarth <paul@city-fan.org> - 7.20.0-2.0.cf
+- merge patches with Fedora: s390-sleep, debug, multilib, ares-ipv6
+- drop privlibs patch, no longer useful
+- add patch forcing -lrt when linking the curl tool and test-cases
+
+* Tue Feb 9 2010 Paul Howarth <paul@city-fan.org> - 7.20.0-1.0.cf
+- update to 7.20.0 (added support for IMAP(S), POP3(S), SMTP(S) and RTSP)
+- drop upstream patches
+- update multilib, privlibs and s390-sleep patches
+
+* Sun Jan 31 2010 Paul Howarth <paul@city-fan.org> - 7.19.7-11.0.cf
+- upstream patch adding a new option -J/--remote-header-name
+- dropped temporary workaround for #545779
+
+* Tue Dec 22 2009 Paul Howarth <paul@city-fan.org> - 7.19.7-9.0.cf
+- re-enable c-ares support, with temporary workaround for IPv4/IPv6 issue
+ (ticket:2, #548269) - c-ares support is needed to resolve #539809
+
+* Thu Dec 10 2009 Paul Howarth <paul@city-fan.org> - 7.19.7-8.0.cf
+- use different ports in the test suites for different builds so we can run
+ the builds in parallel
+- temporary workaround for NSS_VersionCheck issues (#545779)
+- skip the (lengthy) test suite on EOL Fedora releases (over ~400 days old);
+ the tests are still run for all RHEL releases, which should provide
+ sufficient back-compatibility coverage
+
+* Mon Dec 7 2009 Paul Howarth <paul@city-fan.org> - 7.19.7-5.0.cf
+- avoid use of uninitialized value in lib/nss.c
+- attempt to fix failures for tests 513, 514, and 1097
+- no longer leave debug data for test suite around
+- disable c-ares support (causes problems reaching hosts that have both IPv4
+ and IPv6 addresses - http://curl.haxx.se/mail/lib-2009-12/0057.html)
+
+* Tue Dec 1 2009 Paul Howarth <paul@city-fan.org> - 7.19.7-4.0.cf
+- dist tag for Rawhide no longer needs special-casing
+
+* Thu Nov 12 2009 Paul Howarth <paul@city-fan.org> - 7.19.7-3.0.cf
+- fix crash on doubly closed NSPR descriptor (#534176)
+- new version of patch for broken TLS servers (#525496, #527771)
+- run test suite to completion and leave debug data around
+
+* Wed Nov 4 2009 Paul Howarth <paul@city-fan.org> - 7.19.7-2.0.cf
+- new upstream release, dropped applied patches
+- workaround for broken TLS servers (#525496, #527771)
+- build libcurl with c-ares support (#514771)
+- update multilib and privlibs patches to match Fedora versions
+- update debug patch to apply against 7.19.7
+- bump NSS version requirement to 3.12.3 (test suite now fails w/NSS on
+ Fedora 8 and 9 so revert to OpenSSL for those releases)
+
+* Sun Sep 27 2009 Paul Howarth <paul@city-fan.org> - 7.19.6-10.0.cf
+- explicitly buildreq/req libssh2 >= 1.2 due to its ABI change (#525002)
+- note: unlike the Fedora package I'm not running the test suite with valgrind
+ as it takes long enough already and valgrind isn't available on some of the
+ ancient distros I'm supporting
+
+* Wed Sep 23 2009 Paul Howarth <paul@city-fan.org> - 7.19.6-8.0.cf
+- rebuild for libssh2 1.2
+
+* Fri Sep 18 2009 Paul Howarth <paul@city-fan.org> - 7.19.6-7.0.cf
+- make curl test-suite more verbose
+
+* Fri Sep 18 2009 Paul Howarth <paul@city-fan.org> - 7.19.6-6.0.cf
+- update polling patch to the latest upstream version
+
+* Fri Sep 4 2009 Paul Howarth <paul@city-fan.org> - 7.19.6-5.0.cf
+- buildreq openssh server and clients for ssh coverage in test suite
+
+* Fri Sep 4 2009 Paul Howarth <paul@city-fan.org> - 7.19.6-4.0.cf
+- use pkg-config to find nss and libssh2 if possible
+- better patch (not only) for SCP/SFTP polling
+- improve error message for not matching common name (#516056)
+
+* Sun Aug 23 2009 Paul Howarth <paul@city-fan.org> - 7.19.6-3.0.cf
+- avoid tight loop during a sftp upload
+ (see http://permalink.gmane.org/gmane.comp.web.curl.library/24744)
+
+* Tue Aug 18 2009 Paul Howarth <paul@city-fan.org> - 7.19.6-2.0.cf
+- let curl package depend on the same version of libcurl
+- change NSS code to not ignore the value of ssl.verifyhost and produce more
+ verbose error messages (#516056)
+- renumber patches as per Fedora version
+- avoid tests 513, 514, and 1097, which regularly fail on the buildsystem
+
+* Thu Aug 13 2009 Paul Howarth <paul@city-fan.org> - 7.19.6-1.0.cf
+- update to 7.19.6
+- drop FTP socket and NSS cert patches; issues now fixed upstream
+
+* Fri Jul 10 2009 Paul Howarth <paul@city-fan.org> - 7.19.5-7.0.cf
+- fix SIGSEGV when using NSS client certificates, thanks to Claes Jakobsson
+
+* Mon Jul 6 2009 Paul Howarth <paul@city-fan.org> - 7.19.5-6.0.cf
+- resync with Fedora
+
+* Sun Jul 5 2009 Paul Howarth <paul@city-fan.org> - 7.19.5-5.0.cf
+- run test suite after build (add buildreq stunnel)
+- enable built-in manual (requires buildreq groff)
+
+* Wed Jun 24 2009 Paul Howarth <paul@city-fan.org> - 7.19.5-4.0.cf
+- Fedora version now fixes header multilib issue in much the same way as this
+ version (#504857)
+
+* Mon Jun 15 2009 Paul Howarth <paul@city-fan.org> - 7.19.5-2.0.cf
+- renumber patches as per Fedora version
+
+* Mon May 18 2009 Paul Howarth <paul@city-fan.org> - 7.19.5-1.0.cf
+- update to 7.19.5
+- remove upstreamed memory leak and infinite loop patches
+- update debug patch (upstream moved from autoconf 2.61 to 2.63)
+
+* Tue May 12 2009 Paul Howarth <paul@city-fan.org> - 7.19.4-11.0.cf
+- fix infinite loop while loading a private key, thanks to Michael Cronenworth
+ (#453612)
+- fix curl/nss memory leaks while using client certificate (#453612, accepted
+ by upstream)
+
+* Thu Apr 23 2009 Paul Howarth <paul@city-fan.org> - 7.19.4-9.0.cf
+- fix debuginfo creation (#496778), but unlike Fedora, without running the
+ autotools during the build process
+
+* Wed Apr 15 2009 Paul Howarth <paul@city-fan.org> - 7.19.4-6.0.cf
+- upstream patch fixing memory leak in lib/nss.c (#453612)
+
+* Wed Mar 18 2009 Paul Howarth <paul@city-fan.org> - 7.19.4-5.0.cf
+- enable 6 additional crypto algorithms by default (#436781,
+ accepted by upstream)
+
+* Mon Mar 16 2009 Paul Howarth <paul@city-fan.org> - 7.19.4-4.0.cf
+- fix memory leak in src/main.c (accepted by upstream)
+- make libcurl-devel multilib-clean (#488922)
+
+* Mon Mar 9 2009 Paul Howarth <paul@city-fan.org> - 7.19.4-2.0.cf
+- drop .easy-leak patch, causes problems in pycurl (#488791)
+- add libssh-devel dependency in libcurl-devel (#488895)
+
+* Thu Mar 5 2009 Paul Howarth <paul@city-fan.org> - 7.19.4-1.0.cf
+- update to 7.19.4 (fixes CVE-2009-0037, #485271)
+- fix leak in curl_easy* functions, thanks to Kamil Dudka
+- drop nss-fix patch, applied upstream
+
+* Tue Feb 17 2009 Paul Howarth <paul@city-fan.org> - 7.19.3-1.1.cf
+- add updated badsocket patch from Fedora, renamed to reflect curl version it
+ applies to
+- add nss-fix patch from Fedora
+- build using NSS rather than OpenSSL where supported again
+
+* Tue Jan 20 2009 Paul Howarth <paul@city-fan.org> - 7.19.3-1.0.cf
+- update to 7.19.3
+
+* Fri Nov 14 2008 Paul Howarth <paul@city-fan.org> - 7.19.2-1.0.cf
+- update to 7.19.2
+
+* Thu Nov 6 2008 Paul Howarth <paul@city-fan.org> - 7.19.1-1.0.cf
+- update to 7.19.1
+- NSS thread safety issues addressed upstream, patch removed
+
+* Fri Sep 19 2008 Paul Howarth <paul@city-fan.org> - 7.19.0-1.2.cf
+- NSS support is broken again, always build with OpenSSL
+
+* Thu Sep 4 2008 Paul Howarth <paul@city-fan.org> - 7.19.0-1.1.cf
+- add thread safety to libcurl NSS cleanup() functions (#459297)
+
+* Tue Sep 2 2008 Paul Howarth <paul@city-fan.org> - 7.19.0-1.0.cf
+- update to 7.19.0
+- drop badsocket patch, issue now addressed upstream
+- drop nssproxy patch, now applied upstream
+
+* Fri Aug 22 2008 Paul Howarth <paul@city-fan.org> - 7.18.2-5.0.cf
+- remove note about libcurl.so.3 now that it's gone in Fedora too
+
+* Fri Aug 22 2008 Paul Howarth <paul@city-fan.org> - 7.18.2-4.0.cf
+- add note in %%description about not providing libcurl.so.3
+
+* Fri Jul 4 2008 Paul Howarth <paul@city-fan.org> - 7.18.2-3.0.cf
+- enable support for libssh2 (#453958)
+- tweak dist tag macros to work on current Rawhide with three-part releasenum
+
+* Wed Jun 18 2008 Paul Howarth <paul@city-fan.org> - 7.18.2-2.0.cf
+- fix curl_multi_perform() over a proxy (#450140), thanks to Rob Crittenden
+
+* Thu Jun 5 2008 Paul Howarth <paul@city-fan.org> - 7.18.2-1.0.cf
+- update to 7.18.2
+
+* Wed May 7 2008 Paul Howarth <paul@city-fan.org> - 7.18.1-2.0.cf
+- use a different libtool hack to avoid bogus rpaths; no longer need to
+ buildreq libtool on x86_64
+- add ABI docs for libcurl
+
+* Mon Mar 31 2008 Paul Howarth <paul@city-fan.org> - 7.18.1-1.0.cf
+- update to 7.18.1 (fixes #397911)
+- no longer need _GNU_SOURCE
+- ca_bundle.crt no longer included upstream
+
+* Tue Feb 19 2008 Paul Howarth <paul@city-fan.org> - 7.18.0-2.0.cf
+- define _GNU_SOURCE so that NI_MAXHOST gets defined from glibc
+
+* Tue Jan 29 2008 Paul Howarth <paul@city-fan.org> - 7.18.0-1.0.cf
+- update to 7.18.0
+- update multilib patch (--static-libs option removed as we don't ship
+ static libs)
+- drop curl-config patch, obsoleted by @SSL_ENABLED@ autoconf
+ substitution (#432667)
+- sslgen patch now included upstream and no longer needed
+
+* Tue Jan 22 2008 Paul Howarth <paul@city-fan.org> - 7.17.1-6.1.cf
+- fix curl-devel obsoletes so that we don't break F8->F9 upgrade
+ path (#429612)
+
+* Fri Jan 11 2008 Paul Howarth <paul@city-fan.org> - 7.17.1-5.1.cf
+- do not attempt to close a bad socket (#427966), thanks to Caolan McNamara
+
+* Fri Dec 7 2007 Paul Howarth <paul@city-fan.org> - 7.17.1-4.1.cf
+- rebuild for new openldap in Rawhide
+
+* Fri Nov 30 2007 Paul Howarth <paul@city-fan.org> - 7.17.1-3.1.cf
+- add LDAP/LDAPS to %%description
+- simplify compiler flag setup
+
+* Thu Nov 29 2007 Paul Howarth <paul@city-fan.org> - 7.17.1-2.2.cf
+- add -DHAVE_PK11_CREATEGENERICOBJECT to CPPFLAGS when building with NSS to
+ maintain compatibility with openssl-based builds
+- explictly buildreq krb5-devel, needed for GSSAPI support
+- rework pkgconfig version check to avoid SRPM build problems
+
+* Thu Nov 22 2007 Paul Howarth <paul@city-fan.org> - 7.17.1-2.1.cf
+- update description to contain complete supported servers list (#393861)
+
+* Mon Nov 19 2007 Paul Howarth <paul@city-fan.org> - 7.17.1-1.3.cf
+- include patch to enable SSL usage in NSS when a socket is opened
+ nonblocking, thanks to Rob Crittenden (rcritten@redhat.com)
+
+* Tue Nov 6 2007 Paul Howarth <paul@city-fan.org> - 7.17.1-1.2.cf
+- strip URL variable from pkgconfig file on older distributions
+ that have broken curl-config scripts in its presence
+
+* Thu Nov 1 2007 Paul Howarth <paul@city-fan.org> - 7.17.1-1.1.cf
+- update to 7.17.1
+- switch to NSS by default again for distributions that support it, but
+ support building using --without nss for traditional OpenSSL builds
+- provide webclient (#225671)
+- list features correctly when curl is compiled against NSS (#316191)
+- create libcurl and libcurl-devel subpackages (#130251)
+
+* Fri Sep 14 2007 Paul Howarth <paul@city-fan.org> - 7.17.0-1.1.cf
+- update to 7.17.0
+- remove anonymous ftp login patch, now upstream
+- remove LDAP version detection in spec since LDAP libraries are now linked
+ directly rather than using dlopen()
+- enable LDAPS support
+- make sure docs have UTF-8 encoding
+
+* Wed Sep 5 2007 Paul Howarth <paul@city-fan.org> - 7.16.4-4.1.cf
+- revert back to using OpenSSL by default (#266021), but support --with nss
+ as a build option for those distributions that support it
+
+* Mon Aug 27 2007 Paul Howarth <paul@city-fan.org> - 7.16.4-3.2.cf
+- use nss rather than openssl for Fedora 5, RHEL 5 onwards
+
+* Fri Aug 24 2007 Paul Howarth <paul@city-fan.org> - 7.16.4-3.1.cf
+- rebuild for BuildID inclusion
+ (http://fedoraproject.org/wiki/Releases/FeatureBuildId)
+
+* Fri Aug 10 2007 Jindrich Novy <jnovy@redhat.com> - 7.16.4-2
+- fix anonymous ftp login (#251570), thanks to David Cantrell
+
+* Wed Jul 11 2007 Paul Howarth <paul@city-fan.org> - 7.16.4-1.1.cf
+- update to 7.16.4
+
+* Mon Jun 25 2007 Paul Howarth <paul@city-fan.org> - 7.16.3-1.1.cf
+- update to 7.16.3
+- remove print like crazy patch, no longer needed
+
+* Fri Jun 22 2007 Paul Howarth <paul@city-fan.org> - 7.16.2-6.cf
+- move docs/CONTRIBUTE to devel package
+
+* Mon Jun 18 2007 Jindrich Novy <jnovy@redhat.com> - 7.16.2-5
+- don't print like crazy (#236981), backported from upstream CVS
+
+* Fri Jun 1 2007 Paul Howarth <paul@city-fan.org> - 7.16.2-2.cf
+- package libcurl.m4 in curl-devel (#239664), thanks to Quy Tonthat
+
+* Thu Apr 12 2007 Paul Howarth <paul@city-fan.org> - 7.16.2-1.cf
+- update to 7.16.2
+- update multilib and privlibs patches
+- try to avoid spurious linker options for looking in standard libraries
+- don't create/ship static libraries (#225671)
+- honour %%{_smp_mflags}
+- try to preserve timestamps where possible by using install -p
+
+* Thu Mar 22 2007 Paul Howarth <paul@city-fan.org> - 7.16.1-2.cf
+- use versioned obsolete for compat-libcurl
+- buildreq libidn-devel
+
+* Tue Jan 30 2007 Paul Howarth <paul@city-fan.org> - 7.16.1-1.cf
+- update to 7.16.1
+- don't package generated makefiles for docs/examples to avoid
+ multilib conflicts
+- update privlibs patch, not fully incorporated upstream
+- remove redundant buildreq automake
+- use system libtool to avoid bogus rpaths on x86_64
+- fix dist tag for Fedora 7
+
+* Wed Nov 22 2006 Paul Howarth <paul@city-fan.org> - 7.16.0-3.cf
+- prevent curl from dlopen()ing missing ldap libraries so that ldap://
+ requests work without needing openldap-devel at runtime (#215928)
+
+* Wed Nov 1 2006 Paul Howarth <paul@city-fan.org> - 7.16.0-2.cf
+- add Requires: pkgconfig for curl-devel
+- move LDFLAGS and LIBS to Libs.private in libcurl.pc.in (#213278)
+- fix multilib problem using pkg-config
+
+* Mon Oct 30 2006 Paul Howarth <paul@city-fan.org> - 7.16.0-1.cf
+- update to 7.16.0
+- further dist tag tweaks for rawhide
+- convert spec file to UTF8
+
+* Thu Sep 14 2006 Paul Howarth <paul@city-fan.org> - 7.15.5-2.cf
+- fix dist tag for development releases
+- add buildreq zlib-devel
+
+* Mon Aug 7 2006 Paul Howarth <paul@city-fan.org> - 7.15.5-1.cf
+- update to 7.15.5
+- define %%{__id_u} in a more portable way
+
+* Mon Jun 12 2006 Paul Howarth <paul@city-fan.org> - 7.15.4-1.cf
+- update to 7.15.4
+
+* Tue Mar 21 2006 Paul Howarth <paul@city-fan.org> - 7.15.3-2.cf
+- fix multilib problem - #181290 -
+ curl-devel.i386 not installable together with curl-devel.x86-64
+
+* Mon Mar 20 2006 Paul Howarth <paul@city-fan.org> - 7.15.3-1.cf
+- update to 7.15.3
+
+* Tue Feb 28 2006 Paul Howarth <paul@city-fan.org> - 7.15.2-1.cf
+- update to 7.15.2
+- support building on CentOS
+
+* Wed Dec 7 2005 Paul Howarth <paul@city-fan.org> - 7.15.1-1.cf
+- update to 7.15.1
+- remove buildroot unconditionally in %%clean and %%install
+- simplify distribution detection
+- include pkgconfig file in devel subpackage
+
+* Fri Oct 14 2005 Paul Howarth <paul@city-fan.org> - 7.15.0-1.cf
+- compat package renamed to libcurlVERSION for forward compatibility when a new
+ soname is used in upstream curl, so that multiple versions of the libcurl
+ library can be installed in parallel
+- don't use %%{_bindir} in command paths, use /usr/bin explicitly
+- spec file cleanup
+
+* Mon Sep 5 2005 Paul Howarth <paul@city-fan.org> - 7.14.1-2.cf
+- build fully distro-specific packages to avoid dependency issues
+
+* Fri Sep 2 2005 Paul Howarth <paul@city-fan.org> - 7.14.1-1.cf
+- update to 7.14.1
+
+* Wed Jul 27 2005 Paul Howarth <paul@city-fan.org> - 7.14.0-3.cf
+- different summary, group, and description in compat mode
+- use the correct cert bundle location for FC4
+- use exclude in the file lists rather than deleting files from
+ the buildroot
+- add explicit requirement for the CA bundle file
+- license is MIT, not MPL
+
+* Thu Jun 30 2005 Paul Howarth <paul@city-fan.org> - 7.14.0-2.cf
+- enable building with dist tag if required:
+ e.g. $ rpmbuild --define "dist .fc4" ...
+
+* Tue May 17 2005 Paul Howarth <paul@city-fan.org> - 7.14.0-1.cf
+- update to 7.14.0
+
+* Wed Apr 6 2005 Paul Howarth <paul@city-fan.org> - 7.13.2-1.cf
+- update to 7.13.2
+- remove SSL patch, included upstream
+
+* Sat Mar 5 2005 Paul Howarth <paul@city-fan.org> - 7.13.1-1.cf
+- update to 7.13.1
+- add patch to fix SSL breakage
+- modify install process to avoid need for path patch
+
+* Fri Feb 25 2005 Paul Howarth <paul@city-fan.org> - 7.13.0-2.cf
+- fix for CAN-2005-0490
+
+* Wed Feb 2 2005 Paul Howarth <paul@city-fan.org> - 7.13.0-1.cf
+- update to 7.13.0
+
+* Mon Jan 31 2005 Paul Howarth <paul@city-fan.org> - 7.12.3-2.cf
+- add .cf repo tag
+- remove INSTALL from docs
+- enable GSSAPI auth (#129353)
+
+* Tue Dec 21 2004 Paul Howarth <paul@city-fan.org> - 7.12.3-1
+- update to 7.12.3
+
+* Fri Nov 26 2004 Paul Howarth <paul@city-fan.org> - 7.12.2-2
+- add libidn-devel dependency to curl-devel
+ (http://www.redhat.com/archives/fedora-list/2004-November/msg07551.html)
+
+* Tue Oct 19 2004 Paul Howarth <paul@city-fan.org> - 7.12.2-1
+- update to 7.12.2
+
+* Wed Oct 6 2004 Paul Howarth <paul@city-fan.org> - 7.12.1-2
+- include facility to build compat-libcurl package containing
+ only the library
+- remove certaltname patch completely
+- include COPYING
+- general tidy-up of spec file
+
+* Wed Aug 11 2004 Paul Howarth <paul@city-fan.org> - 7.12.1-1
+- update to 7.12.1
+
+* Thu Jun 03 2004 Paul Howarth <paul@city-fan.org> - 7.12.0-1
+- update to 7.12.0
+
+* Tue Apr 27 2004 Paul Howarth <paul@city-fan.org> - 7.11.2-1
+- update to 7.11.2
+- remove parts of curl-7.10.6-certaltname.patch that fix
+ no-longer-applicable cosmetic issues and rename to
+ curl-7.11.2-certaltname.patch
+
+* Mon Mar 22 2004 Paul Howarth <paul@city-fan.org> - 7.11.1-1
+- update to 7.11.1
+- remove no-longer-applicable curl-7.10.4-nousr.patch
+
+* Fri Jan 23 2004 Paul Howarth <paul@city-fan.org> - 7.11.0-1
+- update to 7.11.0
+
+* Wed Oct 15 2003 Adrian Havill <havill@redhat.com> - 7.10.6-7
+- aclocal before libtoolize
+- move OpenLDAP license so it's present as a doc file, present in
+ both the source and binary as per conditions
+
+* Mon Oct 13 2003 Adrian Havill <havill@redhat.com> - 7.10.6-6
+- add OpenLDAP copyright notice for usage of code, add OpenLDAP
+ license for this code
+
+* Tue Oct 07 2003 Adrian Havill <havill@redhat.com> - 7.10.6-5
+- match serverAltName certs with SSL (#106168)
+
+* Tue Sep 16 2003 Adrian Havill <havill@redhat.com> - 7.10.6-4.1
+- bump n-v-r for RHEL
+
+* Tue Sep 16 2003 Adrian Havill <havill@redhat.com> - 7.10.6-4
+- restore ca cert bundle (#104400)
+- require openssl, we want to use its ca-cert bundle
+
+* Sun Sep 7 2003 Joe Orton <jorton@redhat.com> - 7.10.6-3
+- rebuild
+
+* Fri Sep 5 2003 Joe Orton <jorton@redhat.com> - 7.10.6-2.2
+- fix to include libcurl.so
+
+* Mon Aug 25 2003 Adrian Havill <havill@redhat.com> - 7.10.6-2.1
+- bump n-v-r for RHEL
+
+* Mon Aug 25 2003 Adrian Havill <havill@redhat.com> - 7.10.6-2
+- devel subpkg needs openssl-devel as a Require (#102963)
+
+* Mon Jul 28 2003 Adrian Havill <havill@redhat.com> - 7.10.6-1
+- bumped version
+
+* Tue Jul 01 2003 Adrian Havill <havill@redhat.com> - 7.10.5-1
+- bumped version
+
+* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
+- rebuilt
+
+* Sat Apr 12 2003 Florian La Roche <Florian.LaRoche@redhat.de>
+- update to 7.10.4
+- adapt nousr patch
+
+* Wed Jan 22 2003 Tim Powers <timp@redhat.com>
+- rebuilt
+
+* Tue Jan 21 2003 Joe Orton <jorton@redhat.com> - 7.9.8-4
+- don't add -L/usr/lib to 'curl-config --libs' output
+
+* Tue Jan 7 2003 Nalin Dahyabhai <nalin@redhat.com> - 7.9.8-3
+- rebuild
+
+* Wed Nov 6 2002 Joe Orton <jorton@redhat.com> - 7.9.8-2
+- fix `curl-config --libs` output for libdir!=/usr/lib
+- remove docs/LIBCURL from docs list; remove unpackaged libcurl.la
+- libtoolize and reconf
+
+* Mon Jul 22 2002 Trond Eivind Glomsrød <teg@redhat.com> - 7.9.8-1
+- 7.9.8 (# 69473)
+
+* Fri Jun 21 2002 Tim Powers <timp@redhat.com>
+- automated rebuild
+
+* Sun May 26 2002 Tim Powers <timp@redhat.com>
+- automated rebuild
+
+* Thu May 16 2002 Trond Eivind Glomsrød <teg@redhat.com> - 7.9.7-1
+- 7.9.7
+
+* Wed Apr 24 2002 Trond Eivind Glomsrød <teg@redhat.com> - 7.9.6-1
+- 7.9.6
+
+* Thu Mar 21 2002 Trond Eivind Glomsrød <teg@redhat.com> - 7.9.5-2
+- Stop the curl-config script from printing -I/usr/include
+ and -L/usr/lib (#59497)
+
+* Fri Mar 8 2002 Trond Eivind Glomsrød <teg@redhat.com> - 7.9.5-1
+- 7.9.5
+
+* Tue Feb 26 2002 Trond Eivind Glomsrød <teg@redhat.com> - 7.9.3-2
+- Rebuild
+
+* Wed Jan 23 2002 Nalin Dahyabhai <nalin@redhat.com> - 7.9.3-1
+- update to 7.9.3
+
+* Wed Jan 09 2002 Tim Powers <timp@redhat.com> - 7.9.2-2
+- automated rebuild
+
+* Wed Jan 9 2002 Trond Eivind Glomsrød <teg@redhat.com> - 7.9.2-1
+- 7.9.2
+
+* Fri Aug 17 2001 Nalin Dahyabhai <nalin@redhat.com>
+- include curl-config in curl-devel
+- update to 7.8 to fix memory leak and strlcat() symbol pollution from libcurl
+
+* Wed Jul 18 2001 Crutcher Dunnavant <crutcher@redhat.com>
+- added openssl-devel build req
+
+* Mon May 21 2001 Tim Powers <timp@redhat.com>
+- built for the distro
+
+* Tue Apr 24 2001 Jeff Johnson <jbj@redhat.com>
+- upgrade to curl-7.7.2.
+- enable IPv6.
+
+* Fri Mar 2 2001 Tim Powers <timp@redhat.com>
+- rebuilt against openssl-0.9.6-1
+
+* Thu Jan 4 2001 Tim Powers <timp@redhat.com>
+- fixed mising ldconfigs
+- updated to 7.5.2, bug fixes
+
+* Mon Dec 11 2000 Tim Powers <timp@redhat.com>
+- updated to 7.5.1
+
+* Mon Nov 6 2000 Tim Powers <timp@redhat.com>
+- update to 7.4.1 to fix bug #20337, problems with curl -c
+- not using patch anymore, it's included in the new source. Keeping
+ for reference
+
+* Fri Oct 20 2000 Nalin Dahyabhai <nalin@redhat.com>
+- fix bogus req in -devel package
+
+* Fri Oct 20 2000 Tim Powers <timp@redhat.com>
+- devel package needed defattr so that root owns the files
+
+* Mon Oct 16 2000 Nalin Dahyabhai <nalin@redhat.com>
+- update to 7.3
+- apply vsprintf/vsnprintf patch from Colin Phipps via Debian
+
+* Mon Aug 21 2000 Nalin Dahyabhai <nalin@redhat.com>
+- enable SSL support
+- fix packager tag
+- move buildroot to %%{_tmppath}
+
+* Tue Aug 1 2000 Tim Powers <timp@redhat.com>
+- fixed vendor tag for bug #15028
+
+* Mon Jul 24 2000 Prospector <prospector@redhat.com>
+- rebuilt
+
+* Tue Jul 11 2000 Tim Powers <timp@redhat.com>
+- workaround alpha build problems with optimizations
+
+* Mon Jul 10 2000 Tim Powers <timp@redhat.com>
+- rebuilt
+
+* Mon Jun 5 2000 Tim Powers <timp@redhat.com>
+- put man pages in correct place
+- use %%makeinstall
+
+* Mon Apr 24 2000 Tim Powers <timp@redhat.com>
+- updated to 6.5.2
+
+* Wed Nov 3 1999 Tim Powers <timp@redhat.com>
+- updated sources to 6.2
+- gzip man page
+
+* Mon Aug 30 1999 Tim Powers <timp@redhat.com>
+- changed group
+
+* Thu Aug 26 1999 Tim Powers <timp@redhat.com>
+- changelog started
+- general cleanups, changed prefix to /usr, added manpage to files section
+- including in Powertools
diff --git a/libssh2/README.md b/libssh2/README.md
new file mode 100644
index 0000000..1b842d1
--- /dev/null
+++ b/libssh2/README.md
@@ -0,0 +1,5 @@
+libssh2 upstream:
+http://mirror.city-fan.org/ftp/contrib/yum-repo/rhel7/source/libssh2-1.9.0-2.0.cf.rhel7.src.rpm
+
+reason for being in stackrpms:
+needed to build FreeFileSync on EL derivatives because libcurl in distro is not as up-to-date as FreeFileSync upstream
diff --git a/libssh2/libssh2-1.7.0-pkgconfig.patch b/libssh2/libssh2-1.7.0-pkgconfig.patch
new file mode 100644
index 0000000..838c234
--- /dev/null
+++ b/libssh2/libssh2-1.7.0-pkgconfig.patch
@@ -0,0 +1,13 @@
+Remove libdir from pkg-config --libs output, as it's a standard place
+on Fedora
+
+--- libssh2.pc.in
++++ libssh2.pc.in
+@@ -12,6 +12,6 @@ URL: http://www.libssh2.org/
+ Description: Library for SSH-based communication
+ Version: @LIBSSH2VER@
+ Requires.private: @LIBSREQUIRED@
+-Libs: -L${libdir} -lssh2 @LIBS@
++Libs: -lssh2 @LIBS@
+ Libs.private: @LIBS@
+ Cflags: -I${includedir}
diff --git a/libssh2/libssh2.spec b/libssh2/libssh2.spec
new file mode 100644
index 0000000..c983613
--- /dev/null
+++ b/libssh2/libssh2.spec
@@ -0,0 +1,802 @@
+# Detect the distribution in use
+%global __despace head -n 1 | tr -d '[:space:]' | sed -e 's/[(].*[)]//g'
+%global __lower4 cut -c 1-4 | tr '[:upper:]' '[:lower:]'
+%global __distfile %([ -f /etc/SuSE-release ] && echo /etc/SuSE-release || echo /etc/redhat-release)
+%global __distinit %(sed -e 's/ release .*//' -e 's/\\([A-Za-z]\\)[^ ]*/\\1/g' %{__distfile} | %{__despace} | %{__lower4})
+%global __distvers %(sed -e 's/.* release \\([^. ]*\\).*/\\1/' %{__distfile} | %{__despace})
+# Identify CentOS Linux and Scientific Linux as rhel
+%if "%{__distinit}" == "c" || "%{__distinit}" == "cl" || "%{__distinit}" == "sl" || "%{__distinit}" == "sls"
+%global __distinit rhel
+%endif
+# Dist tag for Fedora is still "fc"
+%if "%{__distinit}" == "f"
+%global __distinit fc
+%endif
+
+# Define %%{__isa_bits} for old releases
+%{!?__isa_bits: %global __isa_bits %((echo '#include <bits/wordsize.h>'; echo __WORDSIZE) | cpp - | grep -Ex '32|64')}
+
+Name: libssh2
+Version: 1.9.0
+Release: 2.0.stack.%{__distinit}%{__distvers}
+Summary: A library implementing the SSH2 protocol
+License: BSD
+URL: http://www.libssh2.org/
+# stackrpms: use https for copr build
+Source0: https://libssh2.org/download/libssh2-%{version}.tar.gz
+Patch0: libssh2-1.7.0-pkgconfig.patch
+BuildRequires: coreutils
+BuildRequires: findutils
+BuildRequires: gcc
+BuildRequires: make
+BuildRequires: openssl-devel > 1:1.0.1
+BuildRequires: pkgconfig
+BuildRequires: sed
+BuildRequires: zlib-devel
+BuildRequires: /usr/bin/man
+%if 0%{?fedora} > 20 || 0%{?rhel} > 7
+BuildRequires: hostname
+%else
+BuildRequires: /bin/hostname
+%endif
+# OpenSSH server used in test suite
+BuildRequires: openssh-server
+# Need a valid locale to run the mansyntax check
+%if 0%{?fedora} > 23 || 0%{?rhel} > 7
+BuildRequires: glibc-langpack-en
+%endif
+# We use matchpathcon from libselinux-utils to get the correct SELinux context
+# for the ssh server initialization script so that it can transition correctly
+# in an SELinux environment
+BuildRequires: libselinux-utils
+BuildRequires: selinux-policy-targeted
+
+%description
+libssh2 is a library implementing the SSH2 protocol as defined by
+Internet Drafts: SECSH-TRANS(22), SECSH-USERAUTH(25),
+SECSH-CONNECTION(23), SECSH-ARCH(20), SECSH-FILEXFER(06)*,
+SECSH-DHGEX(04), and SECSH-NUMBERS(10).
+
+%package devel
+Summary: Development files for libssh2
+Requires: %{name}%{?_isa} = %{version}-%{release}
+Requires: pkgconfig
+
+%description devel
+The libssh2-devel package contains libraries and header files for
+developing applications that use libssh2.
+
+%package docs
+Summary: Documentation for libssh2
+Requires: %{name} = %{version}-%{release}
+BuildArch: noarch
+
+%description docs
+The libssh2-docs package contains man pages and examples for
+developing applications that use libssh2.
+
+%prep
+%setup -q
+
+# Replace hard wired port number in the test suite to avoid collisions
+# between 32-bit and 64-bit builds running on a single build-host
+sed -i s/4711/47%{?__isa_bits}/ tests/ssh2.{c,sh}
+
+# Fix pkg-config --libs output (#1279966)
+%patch0
+
+# Make sshd transition appropriately if building in an SELinux environment
+chcon $(/usr/sbin/matchpathcon -n /etc/rc.d/init.d/sshd) tests/ssh2.sh || :
+chcon -R $(/usr/sbin/matchpathcon -n /etc) tests/etc || :
+chcon $(/usr/sbin/matchpathcon -n /etc/ssh/ssh_host_key) tests/etc/{host,user} || :
+
+%build
+export CPPFLAGS="$(pkg-config --cflags openssl)"
+%configure --disable-silent-rules --disable-static --enable-shared
+make %{?_smp_mflags}
+
+%install
+make install DESTDIR=%{buildroot} INSTALL="install -p"
+find %{buildroot} -name '*.la' -delete
+
+# clean things up a bit for packaging
+make -C example clean
+rm -rf example/.deps
+find example/ -type f '(' -name '*.am' -o -name '*.in' ')' -delete
+
+# avoid multilib conflict on libssh2-devel
+mv -v example example.%{_arch}
+
+%check
+echo "Running tests for %{_arch}"
+# The SSH test will fail if we don't have /dev/tty, as is the case in some
+# versions of mock (#672713)
+if [ ! -c /dev/tty ]; then
+ echo Skipping SSH test due to missing /dev/tty
+ echo "exit 0" > tests/ssh2.sh
+fi
+# Apparently it fails in the sparc and arm buildsystems too
+%ifarch %{sparc} %{arm}
+echo Skipping SSH test on sparc/arm
+echo "exit 0" > tests/ssh2.sh
+%endif
+# mansyntax check fails on PPC* and aarch64 with some strange locale error
+%ifarch ppc %{power64} aarch64
+echo "Skipping mansyntax test on PPC* and aarch64"
+echo "exit 0" > tests/mansyntax.sh
+%endif
+# stackrpms: disable tests for copr build
+#LC_ALL=en_US.UTF-8 make -C tests check
+
+%if (0%{?rhel} && 0%{?rhel} <= 7) || (0%{?fedora} && 0%{?fedora} <= 27)
+# ldconfig replaced by RPM File Triggers from Fedora 28
+%post -p /sbin/ldconfig
+%postun -p /sbin/ldconfig
+%endif
+
+%files
+%if 0%{?_licensedir:1}
+%license COPYING
+%else
+%doc COPYING
+%endif
+%doc docs/AUTHORS ChangeLog README RELEASE-NOTES
+%{_libdir}/libssh2.so.1
+%{_libdir}/libssh2.so.1.*
+
+%files docs
+%doc docs/BINDINGS docs/HACKING docs/TODO NEWS
+%{_mandir}/man3/libssh2_*.3*
+
+%files devel
+%doc example.%{_arch}/
+%{_includedir}/libssh2.h
+%{_includedir}/libssh2_publickey.h
+%{_includedir}/libssh2_sftp.h
+%{_libdir}/libssh2.so
+%{_libdir}/pkgconfig/libssh2.pc
+
+%changelog
+* Tue Sep 17 2019 Ben Stack <bgstack15@gmail.com> - 1.9.0-2.0.stack
+- Disable tests so it will build in copr
+
+* Fri Jul 26 2019 Paul Howarth <paul@city-fan.org> - 1.9.0-2.0.cf
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Thu Jun 20 2019 Paul Howarth <paul@city-fan.org> - 1.9.0-1.0.cf
+- Update to 1.9.0
+ - Fixed integer overflow leading to out-of-bounds read (CVE-2019-13115)
+ - Adds ECDSA keys and host key support when using OpenSSL
+ - Adds ED25519 key and host key support when using OpenSSL 1.1.1
+ - Adds OpenSSH style key file reading
+ - Adds AES CTR mode support when using WinCNG
+ - Adds PEM passphrase protected file support for libgcrypt and WinCNG
+ - Adds SHA256 hostkey fingerprint
+ - Adds libssh2_agent_get_identity_path() and libssh2_agent_set_identity_path()
+ - Adds explicit zeroing of sensitive data in memory
+ - Adds additional bounds checks to network buffer reads
+ - Adds the ability to use the server default permissions when creating sftp directories
+ - Adds support for building with OpenSSL no engine flag
+ - Adds support for building with LibreSSL
+ - Increased sftp packet size to 256k
+ - Fixed oversized packet handling in sftp
+ - Fixed building with OpenSSL 1.1
+ - Fixed a possible crash if sftp stat gets an unexpected response
+ - Fixed incorrect parsing of the KEX preference string value
+ - Fixed conditional RSA and AES-CTR support
+ - Fixed a small memory leak during the key exchange process
+ - Fixed a possible memory leak of the ssh banner string
+ - Fixed various small memory leaks in the backends
+ - Fixed possible out of bounds read when parsing public keys from the server
+ - Fixed possible out of bounds read when parsing invalid PEM files
+ - No longer null terminates the scp remote exec command
+ - Now handle errors when Diffie Hellman key pair generation fails
+ - Fixed compiling on Windows with the flag STDCALL=ON
+ - Improved building instructions
+ - Improved unit tests
+- Needs OpenSSL ≥ 1.0.1 now as ECC support is assumed
+
+* Tue Mar 26 2019 Paul Howarth <paul@city-fan.org> - 1.8.2-1.0.cf
+- Update to 1.8.2
+ - Fixed the misapplied userauth patch that broke 1.8.1
+ - Moved the MAX size declarations from the public header
+
+* Tue Mar 19 2019 Paul Howarth <paul@city-fan.org> - 1.8.1-1.0.cf
+- Update to 1.8.1
+ - Fixed possible integer overflow when reading a specially crafted packet
+ (CVE-2019-3855)
+ - Fixed possible integer overflow in userauth_keyboard_interactive with a
+ number of extremely long prompt strings (CVE-2019-3863)
+ - Fixed possible integer overflow if the server sent an extremely large
+ number of keyboard prompts (CVE-2019-3856)
+ - Fixed possible out of bounds read when processing a specially crafted
+ packet (CVE-2019-3861)
+ - Fixed possible integer overflow when receiving a specially crafted exit
+ signal message channel packet (CVE-2019-3857)
+ - Fixed possible out of bounds read when receiving a specially crafted exit
+ status message channel packet (CVE-2019-3862)
+ - Fixed possible zero byte allocation when reading a specially crafted SFTP
+ packet (CVE-2019-3858)
+ - Fixed possible out of bounds reads when processing specially crafted SFTP
+ packets (CVE-2019-3860)
+ - Fixed possible out of bounds reads in _libssh2_packet_require(v)
+ (CVE-2019-3859)
+- Fix mis-applied patch in the fix of CVE-2019-3859
+ - https://github.com/libssh2/libssh2/issues/325
+ - https://github.com/libssh2/libssh2/pull/327
+
+* Mon Feb 4 2019 Paul Howarth <paul@city-fan.org> - 1.8.0-10.0.cf
+- Explicitly run the test suite in the en_US.UTF-8 locale to work around flaky
+ locale settings in mock builders
+
+* Fri Jul 13 2018 Paul Howarth <paul@city-fan.org> - 1.8.0-8.0.cf
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Wed Feb 14 2018 Paul Howarth <paul@city-fan.org> - 1.8.0-7.0.cf
+- ldconfig replaced by RPM File Triggers from Fedora 28
+
+* Tue Sep 12 2017 Paul Howarth <paul@city-fan.org> - 1.8.0-5.0.cf
+- scp: Do not NUL-terminate the command for remote exec (#1489736, GH#208)
+- Make devel package dependency on main package arch-specific
+
+* Thu Jul 27 2017 Paul Howarth <paul@city-fan.org> - 1.8.0-4.0.cf
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Thu Jul 27 2017 Paul Howarth <paul@city-fan.org> - 1.8.0-3.0.cf
+- Drop support for EOL distributions prior to F-13
+ - Drop BuildRoot: and Group: tags
+ - Drop explicit buildroot cleaning in %%install section
+ - Drop explicit %%clean section
+ - noarch sub-packages always available now
+ - libselinux-utils always available now
+
+* Sat Feb 11 2017 Paul Howarth <paul@city-fan.org> - 1.8.0-2.0.cf
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Tue Oct 25 2016 Paul Howarth <paul@city-fan.org> - 1.8.0-1.0.cf
+- Update to 1.8.0
+ - Added a basic dockerised test suite
+ - crypto: Add support for the mbedTLS backend
+ - libgcrypt: Fixed a NULL pointer dereference on OOM
+ - VMS: Can't use %%zd for off_t format
+ - VMS: Update vms/libssh2_config.h
+ - Windows: Link with crypt32.lib
+ - libssh2_channel_open: Speeling error fixed in channel error message
+ - msvc: Fixed 14 compilation warnings
+ - tests: HAVE_NETINET_IN_H was not defined correctly
+ - openssl: Add OpenSSL 1.1.0 compatibility
+ - cmake: Add CLEAR_MEMORY option, analogously to that for autoconf
+ - configure: Make the --with-* options override the OpenSSL default
+ - libssh2_wait_socket: Set err_msg on errors
+ - libssh2_wait_socket: Fix comparison with api_timeout to use milliseconds
+
+* Thu Oct 20 2016 Paul Howarth <paul@city-fan.org> - 1.7.0-7.0.cf
+- Make curl test suite work again with valgrind enabled
+
+* Wed Oct 12 2016 Paul Howarth <paul@city-fan.org> - 1.7.0-6.0.cf
+- Include upstream fix for OpenSSL 1.1.0 compatibility
+
+* Sun Mar 6 2016 Paul Howarth <paul@city-fan.org> - 1.7.0-5.0.cf
+- Move large NEWS file to docs package
+- Use -delete with find
+
+* Wed Feb 24 2016 Paul Howarth <paul@city-fan.org> - 1.7.0-3.0.cf
+- diffie_hellman_sha1: Convert bytes to bits (additional fix for CVE-2016-0787)
+- Drop UTF-8 patch, which breaks things rather than fixes them
+
+* Tue Feb 23 2016 Paul Howarth <paul@city-fan.org> - 1.7.0-1.0.cf
+- Update to 1.7.0
+ - diffie_hellman_sha256: convert bytes to bits (CVE-2016-0787); see
+ http://www.libssh2.org/adv_20160223.html
+ - libssh2_session_set_last_error: Add function
+ - mac: Add support for HMAC-SHA-256 and HMAC-SHA-512
+ - WinCNG: support for SHA256/512 HMAC
+ - kex: Added diffie-hellman-group-exchange-sha256 support
+ - OS/400 crypto library QC3 support
+ - SFTP: Increase speed and datasize in SFTP read
+ - openssl: Make libssh2_sha1 return error code
+ - openssl: Fix memleak in _libssh2_dsa_sha1_verify()
+ - cmake: Include CMake files in the release tarballs
+ - Fix builds with Visual Studio 2015
+ - hostkey.c: Fix compiling error when OPENSSL_NO_MD5 is defined
+ - GNUmakefile: Add support for LIBSSH2_LDFLAG_EXTRAS
+ - GNUmakefile: Add -m64 CFLAGS when targeting mingw64
+ - kex: free server host key before allocating it (again)
+ - SCP: Add libssh2_scp_recv2 to support large (> 2GB) files on windows
+ - channel: Detect bad usage of libssh2_channel_process_startup
+ - userauth: Fix off by one error when reading public key file
+ - kex: Removed dupe entry from libssh2_kex_methods
+ - _libssh2_error: Support allocating the error message
+ - hostkey: Fix invalid memory access if libssh2_dsa_new fails
+ - hostkey: Align code path of ssh_rsa_init to ssh_dss_init
+ - libssh2.pc.in: Fix the output of pkg-config --libs
+ - wincng: Fixed possible memory leak in _libssh2_wincng_hash
+ - wincng: Fixed _libssh2_wincng_hash_final return value
+ - Add OpenSSL 1.1.0-pre2 compatibility
+ - agent_disconnect_unix: Unset the agent fd after closing it
+ - sftp: Stop reading when buffer is full
+ - sftp: Send at least one read request before reading
+ - sftp: Don't return EAGAIN if data was written to buffer
+ - sftp: Check read packet file offset
+ - configure: build "silent" if possible
+ - openssl: Add OpenSSL 1.1.0-pre3-dev compatibility
+ - GNUmakefile: List system libs after user libs
+- Update pkgconfig patch
+
+* Thu Feb 4 2016 Paul Howarth <paul@city-fan.org> - 1.6.0-4.0.cf
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Tue Nov 10 2015 Paul Howarth <paul@city-fan.org> - 1.6.0-3.0.cf
+- Fix pkg-config --libs output (#1279966)
+
+* Thu Jun 18 2015 Paul Howarth <paul@city-fan.org> - 1.6.0-2.0.cf
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Sun Jun 14 2015 Paul Howarth <paul@city-fan.org> - 1.6.0-1.0.cf
+- Update to 1.6.0
+ - Added CMake build system
+ - Added libssh2_userauth_publickey_frommemory()
+ - wait_socket: Wrong use of difftime()
+ - userauth: Fixed prompt text no longer being copied to the prompt's struct
+ - mingw build: Allow to pass custom CFLAGS
+ - Let mansyntax.sh work regardless of where it is called from
+ - Init HMAC_CTX before using it
+ - direct_tcpip: Fixed channel write
+ - WinCNG: Fixed backend breakage
+ - OpenSSL: Fix bug caused by introducing libssh2_hmac_ctx_init
+ - userauth.c: Fix possible dereferences of a null pointer
+ - wincng: Added explicit clear memory feature to WinCNG backend
+ - openssl.c: Fix possible segfault in case EVP_DigestInit fails
+ - wincng: Fix return code of libssh2_md5_init()
+ - kex: Do not ignore failure of libssh2_sha1_init()
+ - scp: Fix that scp_send may transmit uninitialized memory
+ - scp.c: Improved command length calculation
+ - nonblocking examples: Fix warning about unused tvdiff on Mac OS X
+ - configure: Make clear-memory default but WARN if backend unsupported
+ - OpenSSL: Enable use of OpenSSL that doesn't have DSA
+ - OpenSSL: Use correct no-blowfish #define
+ - kex: Fix libgcrypt memory leaks of bignum
+ - libssh2_channel_open: More detailed error message
+ - wincng: Fixed memleak in (block) cipher destructor
+
+* Wed Mar 11 2015 Paul Howarth <paul@city-fan.org> - 1.5.0-1.0.cf
+- Update to 1.5.0
+ - Added Windows Cryptography API: Next Generation based backend
+ - Security Advisory for CVE-2015-1782, using SSH_MSG_KEXINIT data unbounded
+ - Missing _libssh2_error in _libssh2_channel_write
+ - knownhost: Fix DSS keys being detected as unknown
+ - knownhost: Restore behaviour of 'libssh2_knownhost_writeline' with short
+ buffer
+ - libssh2.h: On Windows, a socket is of type SOCKET, not int
+ - libssh2_priv.h: A 1 bit bit-field should be unsigned
+ - Windows build: Do not export externals from static library
+ - Fixed two potential use-after-frees of the payload buffer
+ - Fixed a few memory leaks in error paths
+ - userauth: Fixed an attempt to free from stack on error
+ - agent_list_identities: Fixed memory leak on OOM
+ - knownhosts: Abort if the hosts buffer is too small
+ - sftp_close_handle: Ensure the handle is always closed
+ - channel_close: Close the channel even in the case of errors
+ - Docs: Added missing libssh2_session_handshake.3 file
+ - Docs: Fixed a bunch of typos
+ - userauth_password: Pass on the underlying error code
+ - _libssh2_channel_forward_cancel: Accessed struct after free
+ - _libssh2_packet_add: Avoid using uninitialized memory
+ - _libssh2_channel_forward_cancel: Avoid memory leaks on error
+ - _libssh2_channel_write: Client spins on write when window full
+ - Windows build: Fix build errors
+ - publickey_packet_receive: Avoid junk in returned pointers
+ - channel_receive_window_adjust: Store windows size always
+ - userauth_hostbased_fromfile: Zero assign to avoid uninitialized use
+ - configure: Change LIBS not LDFLAGS when checking for libs
+ - agent_connect_unix: Make sure there's a trailing zero
+ - MinGW build: Fixed redefine warnings
+ - sftpdir.c: Added authentication method detection
+ - Watcom build: Added support for WinCNG build
+ - configure.ac: Replace AM_CONFIG_HEADER with AC_CONFIG_HEADERS
+ - sftp_statvfs: Fix for servers not supporting statfvs extension
+ - knownhost.c: Use LIBSSH2_FREE macro instead of free
+ - Fixed compilation using mingw-w64
+ - knownhost.c: Fixed that 'key_type_len' may be used uninitialized
+ - configure: Display individual crypto backends on separate lines
+ - Examples on Windows: Check for WSAStartup return code
+ - Examples on Windows: Check for socket return code
+ - agent.c: Check return code of MapViewOfFile
+ - kex.c: Fix possible NULL pointer de-reference with session->kex
+ - packet.c: Fix possible NULL pointer de-reference within listen_state
+ - Tests on Windows: Check for WSAStartup return code
+ - userauth.c: Improve readability and clarity of for-loops
+ - Examples on Windows: Use native SOCKET-type instead of int
+ - packet.c: i < 256 was always true and i would overflow to 0
+ - kex.c: Make sure mlist is not set to NULL
+ - session.c: Check return value of session_nonblock in debug mode
+ - session.c: Check return value of session_nonblock during startup
+ - userauth.c: Make sure that sp_len is positive and avoid overflows
+ - knownhost.c: Fix use of uninitialized argument variable wrote
+ - openssl: Initialise the digest context before calling EVP_DigestInit()
+ - libssh2_agent_init: Init ->fd to LIBSSH2_INVALID_SOCKET
+ - configure.ac: Add zlib to Requires.private in libssh2.pc if using zlib
+ - configure.ac: Rework crypto library detection
+ - configure.ac: Reorder --with-* options in --help output
+ - configure.ac: Call zlib zlib and not libz in text but keep option names
+ - Fix non-autotools builds: Always define the LIBSSH2_OPENSSL CPP macro
+ - sftp: seek: Don't flush buffers on same offset
+ - sftp: statvfs: Along error path, reset the correct 'state' variable
+ - sftp: Add support for fsync (OpenSSH extension)
+ - _libssh2_channel_read: Fix data drop when out of window
+ - comp_method_zlib_decomp: Improve buffer growing algorithm
+ - _libssh2_channel_read: Honour window_size_initial
+ - window_size: Redid window handling for flow control reasons
+ - knownhosts: Handle unknown key types
+
+* Fri Oct 10 2014 Paul Howarth <paul@city-fan.org> - 1.4.3-16.0.cf
+- Prevent a not-connected agent from closing STDIN (#1147717)
+
+* Sun Aug 17 2014 Paul Howarth <paul@city-fan.org> - 1.4.3-15.0.cf
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Sat Jul 19 2014 Paul Howarth <paul@city-fan.org> - 1.4.3-14.0.cf
+- Use %%license where possible
+
+* Sun Jun 8 2014 Paul Howarth <paul@city-fan.org> - 1.4.3-13.0.cf
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Wed Apr 30 2014 Paul Howarth <paul@city-fan.org> - 1.4.3-12.0.cf
+- Fix curl's excessive memory consumption during scp download
+- BR: hostname package rather than /bin/hostname from F-21 as the latter is no
+ longer provided in rawhide
+- Drop %%defattr, redundant since rpm 4.4
+
+* Mon Feb 17 2014 Paul Howarth <paul@city-fan.org> - 1.4.3-11.0.cf
+- Skip the manpage syntax check on ppc* and aarch64 as there are wierd locale
+ issues in their buildroots
+
+* Wed Aug 14 2013 Paul Howarth <paul@city-fan.org> - 1.4.3-8.0.cf
+- Fix very slow sftp upload to localhost
+- Fix a use after free in channel.c
+
+* Sat Aug 3 2013 Paul Howarth <paul@city-fan.org> - 1.4.3-7.0.cf
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
+
+* Tue Apr 9 2013 Paul Howarth <paul@city-fan.org> - 1.4.3-6.0.cf
+- Add three patches from upstream git required for qemu ssh block driver
+
+* Wed Apr 3 2013 Paul Howarth <paul@city-fan.org> - 1.4.3-4.0.cf
+- Avoid polluting libssh2.pc with linker options (#947813)
+
+* Tue Mar 26 2013 Paul Howarth <paul@city-fan.org> - 1.4.3-3.0.cf
+- Avoid collisions between 32-bit and 64-bit builds running on a single
+ build-host
+
+* Thu Feb 14 2013 Paul Howarth <paul@city-fan.org> - 1.4.3-2.0.cf
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Wed Nov 28 2012 Paul Howarth <paul@city-fan.org> - 1.4.3-1.0.cf
+- Update to 1.4.3
+ - compression: add support for zlib@openssh.com
+ - sftp_read: return error if a too large package arrives
+ - libssh2_hostkey_hash.3: update the description of return value
+ - Fixed MSVC NMakefile
+ - examples: use stderr for messages, stdout for data
+ - openssl: do not leak memory when handling errors
+ - improved handling of disabled MD5 algorithm in OpenSSL
+ - known_hosts: Fail when parsing unknown keys in known_hosts file
+ - configure: gcrypt doesn't come with pkg-config support
+ - session_free: wrong variable used for keeping state
+ - libssh2_userauth_publickey_fromfile_ex.3: mention publickey == NULL
+ - comp_method_zlib_decomp: handle Z_BUF_ERROR when inflating
+- Drop upstreamed patches
+
+* Wed Nov 7 2012 Paul Howarth <paul@city-fan.org> - 1.4.2-4.0.cf
+- examples: use stderr for messages, stdout for data (upstream commit b31e35ab)
+- Update libssh2_hostkey_hash(3) man page (upstream commit fe8f3deb)
+
+* Mon Oct 1 2012 Paul Howarth <paul@city-fan.org> - 1.4.2-3.0.cf
+- Fix basic functionality of libssh2 in FIPS mode
+
+* Thu Jul 19 2012 Paul Howarth <paul@city-fan.org> - 1.4.2-2.0.cf
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Sun May 20 2012 Paul Howarth <paul@city-fan.org> - 1.4.2-1.0.cf
+- Update to 1.4.2
+ - Return LIBSSH2_ERROR_SOCKET_DISCONNECT on EOF when reading banner
+ - userauth.c: fread() from public key file to correctly detect any errors
+ - configure.ac: add option to disable build of the example applications
+ - added 'Requires.private:' line to libssh2.pc
+ - SFTP: filter off incoming "zombie" responses
+ - gettimeofday: no need for a replacement under cygwin
+ - SSH_MSG_CHANNEL_REQUEST: default to want_reply
+ - win32/libssh2_config.h: remove hardcoded #define LIBSSH2_HAVE_ZLIB
+
+* Fri Apr 27 2012 Paul Howarth <paul@city-fan.org> - 1.4.1-2.0.cf
+- Fix multi-arch conflict again (#816969)
+
+* Thu Apr 5 2012 Paul Howarth <paul@city-fan.org> - 1.4.1-1.0.cf
+- Update to 1.4.1
+ - Build error with gcrypt backend
+ - Always do "forced" window updates to avoid corner case stalls
+ - aes: the init function fails when OpenSSL has AES support
+ - transport_send: finish in-progress key exchange before sending data
+ - channel_write: acknowledge transport errors
+ - examples/x11.c: make sure sizeof passed to read operation is correct
+ - examples/x11.c: fix suspicious sizeof usage
+ - sftp_packet_add: verify the packet before accepting it
+ - SFTP: preserve the original error code more
+ - sftp_packet_read: adjust window size as necessary
+ - Use safer snprintf rather then sprintf in several places
+ - Define and use LIBSSH2_INVALID_SOCKET instead of INVALID_SOCKET
+ - sftp_write: cannot return acked data *and* EAGAIN
+ - sftp_read: avoid data *and* EAGAIN
+ - libssh2.h: add missing prototype for libssh2_session_banner_set()
+- Drop upstream patches now included in release tarball
+
+* Mon Mar 19 2012 Paul Howarth <paul@city-fan.org> - 1.4.0-4.0.cf
+- Don't ignore transport errors when writing to channel (#804150)
+
+* Sun Mar 18 2012 Paul Howarth <paul@city-fan.org> - 1.4.0-3.0.cf
+- Don't try to use openssl's AES-CTR functions
+ (http://www.libssh2.org/mail/libssh2-devel-archive-2012-03/0111.shtml)
+
+* Fri Mar 16 2012 Paul Howarth <paul@city-fan.org> - 1.4.0-2.0.cf
+- Fix libssh2 failing key re-exchange when write channel is saturated (#804156)
+- Drop support for distributions prior to FC-3:
+ - BR: openssh-server unconditionally
+
+* Wed Feb 1 2012 Paul Howarth <paul@city-fan.org> - 1.4.0-1.0.cf
+- Update to 1.4.0
+ - Added libssh2_session_supported_algs()
+ - Added libssh2_session_banner_get()
+ - Added libssh2_sftp_get_channel()
+ - libssh2.h: bump the default window size to 256K
+ - sftp-seek: clear EOF flag
+ - userauth: provide more informations if ssh pub key extraction fails
+ - ssh2_exec: skip error outputs for EAGAIN
+ - LIBSSH2_SFTP_PACKET_MAXLEN: increase to 80000
+ - knownhost_check(): don't dereference ext if NULL is passed
+ - knownhost_add: avoid dereferencing uninitialized memory on error path
+ - OpenSSL EVP: fix threaded use of structs
+ - _libssh2_channel_read: react on errors from receive_window_adjust
+ - sftp_read: cap the read ahead maximum amount
+ - _libssh2_channel_read: fix non-blocking window adjusting
+- Add upstream patch fixing undefined function reference in libgcrypt backend
+- BR: /usr/bin/man for test suite
+
+* Mon Jan 16 2012 Paul Howarth <paul@city-fan.org> - 1.3.0-4.0.cf
+- Skip the ssh test on sparc and arm buildsystems, where it tends to fail
+
+* Fri Jan 13 2012 Paul Howarth <paul@city-fan.org> - 1.3.0-3.0.cf
+- Example includes arch-specific bits, so move to devel package
+
+* Wed Sep 7 2011 Paul Howarth <paul@city-fan.org> - 1.3.0-1.0.cf
+- Update to 1.3.0
+ - Added custom callbacks for performing low level socket I/O
+ - sftp_read: advance offset correctly for buffered copies
+ - libssh2_sftp_seek64: flush packetlist and buffered data
+ - _libssh2_packet_add: adjust window size when truncating
+ - sftp_read: a short read is not end of file
+
+* Tue Aug 16 2011 Paul Howarth <paul@city-fan.org> - 1.2.9-1.0.cf
+- Update to 1.2.9
+ - Added libssh2_session_set_timeout() and libssh2_session_get_timeout() to
+ make blocking calls get a timeout
+ - configure and pkg-config: fix $VERSION
+ - s/\.NF/.nf/ to fix wrong macro name caught by man --warnings
+ - keepalive: add first basic man pages
+ - sftp_write: flush the packetlist on error
+ - sftp_write: clean offsets on error
+ - msvcproj: added libs and debug stuff
+ - SCP: fix incorrect error code
+ - session_startup: init state properly
+ - sftp_write_sliding: send the complete file
+ - userauth_keyboard_interactive: skip code on zero length auth
+ - _libssh2_wait_socket: fix timeouts for poll() uses
+ - agent_list_identities: fix out of scope access
+ - _libssh2_recv(): handle ENOENT error as EAGAIN
+ - userauth_keyboard_interactive: fix buffer overflow
+ - removed man pages for non-existing functions!
+ - gettimeofday: fix name space pollution
+ - _libssh2_channel_write: handle window_size == 0 better
+- Drop upstreamed version patch
+- Use patch rather than scripted iconv to fix character encoding
+- Fix dist tag for CentOS 6 and Scientific Linux
+
+* Wed Apr 6 2011 Paul Howarth <paul@city-fan.org> - 1.2.8-1.0.cf
+- Update to 1.2.8
+ - Added libssh2_free, libssh2_channel_get_exit_signal and
+ libssh2_session_handshake
+ - SFTP read/write remade and now MUCH faster, especially on high latency
+ connections
+ - Added new examples: ssh2_echo.c, sftp_append.c and sftp_write_sliding.c
+ - userauth: derive publickey from private
+ - Support unlimited number of host names in a single line of the
+ known_hosts file
+ - Fix memory leak in userauth_keyboard_interactive()
+ - Fix memory leaks (two times cipher_data) for each sftp session
+ - session_startup: manage server data before server identification
+ - SCP: allow file names with bytes > 126
+ - scp_recv: improved treatment of channel_read() returning zero
+ - libssh2_userauth_authenticated: make it work as documented
+ - variable size cleanup: match internal variable sizes better with the sizes
+ of the fields used on the wire
+ - channel_request_pty_size: fix reqPTY_state
+ - sftp_symlink: return error if receive buffer too small
+ - sftp_readdir: return error if buffer is too small
+ - libssh2_knownhost_readfile.3: clarify return value
+ - configure: stop using the deprecated AM_INIT_AUTOMAKE syntax
+ - Fixed Win32 makefile which was now broken at resource build
+ - kex_agree_hostkey: fix NULL pointer derefence
+ - _libssh2_ntohu64: fix conversion from network bytes to uint64
+ - ssize_t: proper typedef with MSVC compilers
+ - zlib: Add debug tracing of zlib errors
+ - decomp: increase decompression buffer sizes
+- Skip the SSH test if we don't have /dev/tty (#672713)
+- Nobody else likes macros for commands
+
+* Wed Oct 13 2010 Paul Howarth <paul@city-fan.org> - 1.2.7-1.1.cf
+- Improve support for running tests with SELinux in enforcing mode
+- Avoid multilib conflict on libssh2-docs
+
+* Wed Aug 18 2010 Paul Howarth <paul@city-fan.org> - 1.2.7-1.0.cf
+- Update to 1.2.7
+ - Better handling of invalid key files
+ - inputchecks: make lots of API functions check for NULL pointers
+ - libssh2_session_callback_set: extended the man page
+ - SFTP: limit write() to not produce overly large packets
+ - agent: make libssh2_agent_userauth() work blocking properly
+ - _libssh2_userauth_publickey: reject method names longer than the data
+ - channel_free: ignore problems with channel_close()
+ - typedef: make ssize_t get typedef without LIBSSH2_WIN32
+ - _libssh2_wait_socket: poll needs milliseconds
+ - libssh2_wait_socket: reset error code to "leak" EAGAIN less
+ - Added include for sys/select.h to get fd.set on some platforms
+ - session_free: free more data to avoid memory leaks
+ - openssl: make use of the EVP interface
+ - Make libssh2_debug() create a correctly terminated string
+ - userauth_hostbased_fromfile: packet length too short
+ - handshake: Compression enabled at the wrong time
+ - Don't overflow MD5 server hostkey
+
+* Thu Jun 10 2010 Paul Howarth <paul@city-fan.org> - 1.2.6-1.0.cf
+- Update to 1.2.6
+ - Added libssh2_sftp_statvfs() and libssh2_sftp_fstatvfs()
+ - Added libssh2_knownhost_checkp()
+ - Added libssh2_scp_send64()
+ - wait_socket made c89 compliant and use two fd_sets for select()
+ - OpenSSL AES-128-CTR detection fixed
+ - Proper keyboard-interactive user dialog in the sftp.c example
+ - Fixed Build procedure for VMS
+ - Fixed libssh2.dsw to use the generated libssh2.dsp
+ - Several Windows-related build fixes
+ - Fixed fail to init SFTP if session isn't already authenticated
+ - Many tiny fixes that address clang-analyzer warnings
+ - sftp_open: deal with short channel_write calls
+ - libssh2_publickey_init: fixed to work better non-blocking
+ - sftp_close_handle: add precation to not access NULL pointer
+ - sftp_readdir: simplified and bugfixed
+ - channel_write: if data has been sent, don't return EAGAIN
+- Drop upstreamed AES-CTR detection patch
+
+* Tue Jun 8 2010 Paul Howarth <paul@city-fan.org> - 1.2.5-3.1.cf
+- RHEL-6 has noarch subpackages, so use one for docs
+
+* Tue May 25 2010 Paul Howarth <paul@city-fan.org> - 1.2.5-3.0.cf
+- Fix dist tag for RHEL-6 Beta
+
+* Wed Apr 28 2010 Paul Howarth <paul@city-fan.org> - 1.2.5-2.0.cf
+- Add buildreq openssh-server to enable additional test coverage
+- Make sshd transition appropriately if building in an SELinux environment
+ (a mock buildroot is not such an environment)
+- Add buildreq /usr/sbin/matchpathcon to get appropriate SELinux context
+
+* Wed Apr 14 2010 Paul Howarth <paul@city-fan.org> - 1.2.5-1.0.cf
+- Update to 1.2.5
+ - Add keep-alive support: libssh2_keepalive_config()/libssh2_keepalive_send()
+ - Add libssh2_knownhost_addc(), libssh2_init() and libssh2_exit()
+ - Add LIBSSH2_SFTP_S_IS***() macros
+ - Fix memory leak in libssh2_session_startup()
+ - Add missing error codes - shown as hangs in blocking mode
+ - Fix memory leak in userauth_keyboard_interactive()
+ - libssh2_knownhost_del: fix write to freed memory
+ - Send and receive channel EOF before sending SSH_MSG_CHANNEL_CLOSE
+ - Use AES-CTR from OpenSSL when available
+ - Fixed gettimeofday to compile with Visual C++ 6
+ - NULL dereference when window adjusting a non-existing channel
+ - Avoid using poll on interix and mac os x systems
+ - Fix scp memory leak
+ - Correctly clear blocking flag after sending multipart packet
+ - Reduce used window sizes by factor 10
+ - libssh2_userauth_publickey_fromfile_ex() handles a NULL password
+ - sftp_init() deal with _libssh2_channel_write() short returns
+- Add patch to fix AES-CTR detection
+- Add buildreq /bin/hostname for build host detection
+
+* Mon Feb 15 2010 Paul Howarth <paul@city-fan.org> - 1.2.4-1.0.cf
+- Update to 1.2.4
+ - Resolve compile issues on Solaris x64 and UltraSPARC
+ - Allow compiling with OpenSSL when AES isn't available
+ - Fix Tru64 socklen_t compile issue with example/direct_tcpip.c
+
+* Wed Feb 3 2010 Paul Howarth <paul@city-fan.org> - 1.2.3-1.0.cf
+- Update to 1.2.3
+ - Add libssh2_trace_sethandler()
+ - Add the direct_tcpip.c example
+ - Fix memory leak in userauth_publickey
+ - Add support for authentication via SSH-Agent
+ - Fix OpenSSH server keepalive (see NEWS)
+- Drop padding patch
+
+* Fri Jan 22 2010 Paul Howarth <paul@city-fan.org> - 1.2.2-5.0.cf
+- Rename padding patch as per Fedora package
+- sshd tests intentionally avoided (by not having openssh-server buildreq)
+ because they appear to hang in the buildsystem
+
+* Thu Dec 24 2009 Paul Howarth <paul@city-fan.org> - 1.2.2-2.0.cf
+- Fix padding in ssh-dss signature blob encoding (#539444)
+
+* Tue Nov 17 2009 Paul Howarth <paul@city-fan.org> - 1.2.2-1.0.cf
+- Update to 1.2.2
+ - fix crash when server sends an invalid SSH_MSG_IGNORE message
+ - support for aes128-ctr, aes192-ctr, aes256-ctr ciphers as per RFC 4344
+ - support for arcfour128 cipher as per RFC 4345
+- Dist tag for Rawhide no longer needs special-casing
+- Make docs package noarch where possible
+
+* Wed Sep 30 2009 Paul Howarth <paul@city-fan.org> - 1.2.1-1.0.cf
+- Update to 1.2.1 (many bugfixes - see NEWS)
+- Drop upstreamed transport layer patch
+- Devel package now includes a pkgconfig file (and requires pkgconfig)
+- Don't redundantly include COPYING in docs and devel packages
+
+* Wed Sep 23 2009 Paul Howarth <paul@city-fan.org> - 1.2-2.0.cf
+- Update to 1.2 (see RELEASE-NOTES for details)
+- Upstream source moved to libssh2.org
+- Add upstream patch to fix transport layer bug causing invalid -39
+ (LIBSSH2_ERROR_BAD_USE) errors
+
+* Thu Apr 2 2009 Paul Howarth <paul@city-fan.org> - 1.1-1.0.cf
+- Update to 1.1 (fixes memory leak and boosts sftp performance)
+
+* Mon Jan 26 2009 Paul Howarth <paul@city-fan.org> - 1.0-1.0.cf
+- Update to 1.0
+- Help the configure script find openssl by setting CPPFLAGS
+
+* Fri Aug 1 2008 Paul Howarth <paul@city-fan.org> - 0.18-9.0.cf
+- Tweak dist tag macros to work on current Rawhide with three-part releasenum
+
+* Fri Jul 4 2008 Paul Howarth <paul@city-fan.org> - 0.18-7.0.cf
+- Import from Fedora
+- Fix find syntax
+- Add buildreq pkgconfig, missing dep from openssl-devel in older distributions
+
+* Mon Feb 18 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 0.18-7
+- Autorebuild for GCC 4.3
+
+* Wed Dec 05 2007 Chris Weyl <cweyl@alumni.drew.edu> 0.18-6
+- rebuild for new openssl...
+
+* Tue Nov 27 2007 Chris Weyl <cweyl@alumni.drew.edu> 0.18-5
+- bump
+
+* Tue Nov 27 2007 Chris Weyl <cweyl@alumni.drew.edu> 0.18-4
+- add INSTALL arg to make install vs env. var
+
+* Mon Nov 26 2007 Chris Weyl <cweyl@alumni.drew.edu> 0.18-3
+- run tests; don't package test
+
+* Sun Nov 18 2007 Chris Weyl <cweyl@alumni.drew.edu> 0.18-2
+- split docs into -docs (they seemed... large.)
+
+* Tue Nov 13 2007 Chris Weyl <cweyl@alumni.drew.edu> 0.18-1
+- update to 0.18
+
+* Sun Oct 14 2007 Chris Weyl <cweyl@alumni.drew.edu> 0.17-1
+- update to 0.17
+- many spec file changes
+
+* Wed May 23 2007 Sindre Pedersen Bjørdal <foolish[AT]guezz.net> - 0.15-0.2.20070506
+- Fix release tag
+- Move manpages to -devel package
+- Add Examples dir to -devel package
+
+* Sun May 06 2007 Sindre Pedersen Bjørdal <foolish[AT]guezz.net> - 0.15-0.20070506.1
+- Initial build
bgstack15