Changelog for libcurl4-32bit-7.46.0-157.1.x86_64.rpm :
Wed Dec 2 13:00:00 2015
- Update to 7.46.0





* oauth2: Added support for OAUTHBEARER SASL mechanism to IMAP,

* Many bugfixes, see for the
complete list.

Mon Oct 19 14:00:00 2015
- revert the curl-config change for bsc#900419 until we have a better
fix, because it was breaking builds of other packages

Sun Oct 18 14:00:00 2015
- Enable HTTP/2 support, buildrequires pkgconfig(libnghttp2)

Sat Oct 10 14:00:00 2015
- Update to 7.45.0


* added new tool option --proto-default


* turned CURLINFO_
* option docs as stand-alone man pages

* curl: point out unnecessary uses of -X in verbose mode
- Drop curl-disable_failing_tests.patch as it is now part of

Wed Aug 26 14:00:00 2015
- drop a hack that made curl-config print only -lcurl (bsc#900419)

* --as-needed is used by default now

Fri Aug 14 14:00:00 2015
- update to 7.44.0
examples: added http2-serverpush.c
http2: added curl_pushheader_byname() and curl_pushheader_bynum()
docs: added
curl: Add --ssl-no-revoke to disable certificate revocation checks
makefile: Added support for VC14
- dropped unexpire-test46.patch (upstream)

Tue Aug 11 14:00:00 2015
- unexpire-test46.patch: Unexpire test 46

Fri Jul 31 14:00:00 2015
- do not run flaky tests for any architecture (bnc#940009)
at least test 1510 do fail for i586 and ppc64le

Fri Jul 3 14:00:00 2015
- fix a typo in curl-secure-getenv.patch (bsc#936676)

Fri Jun 19 14:00:00 2015
- Update to 7.43.0



* New curl option: --proxy-service-name

* Mew curl option: --service-name

* New curl option: --data-raw


* Added support for multiplexing transfers using HTTP/2, enable
this with the new CURLPIPE_MULTIPLEX bit for

* HTTP/2: requires nghttp2 1.0.0 or later

* scripts: add for generating zsh completion

* curl.h: add CURL_HTTP_VERSION_2

* CVE-2015-3236: lingering HTTP credentials in connection re-use

* CVE-2015-3237: SMB send off unrelated memory contents
- Disable HTTP/2 as it would create build cycle

Wed May 20 14:00:00 2015
- enable HTTP/2 support
- make the testsuite failure fatal

* added curl-disable_failing_tests.patch

* added groff to BuildRequires to enable builtin manual (test 1026)

Wed Apr 29 14:00:00 2015
- update to 7.42.1

* fixes CVE-2015-3153 (bnc#928533)
- sensitive HTTP server headers also sent to proxies
- rename curl-devel to libcurl-devel in baselibs.conf

Wed Apr 22 14:00:00 2015
- update to 7.42.0

* refresh libcurl-ocloexec.patch
- fixes security vulnerabilities:

* CVE-2015-3143 (bnc#927556)
- Re-using authenticated connection when unauthenticated

* CVE-2015-3144 (bnc#927608)
- host name out of boundary memory access

* CVE-2015-3145 (bnc#927607)
- cookie parser out of boundary memory access

* CVE-2015-3148 (bnc#927746)
- Negotiate not treated as connection-oriented

Tue Mar 24 13:00:00 2015
- don\'t hardcode /etc/ssl/certs. Use openssl\'s default instead

Thu Feb 26 13:00:00 2015
- update to 7.41.0:

* Changes:
NetWare build: added TLS-SRP enabled build
winbuild: Added option to build with c-ares
Added --cert-status
sasl: implement EXTERNAL authentication mechanism

Sat Feb 14 13:00:00 2015
- Re-enable metalink supoort
- Use pkgconfig() style dependencies

Thu Jan 8 13:00:00 2015
- update to 7.40.0:

* fixes CVE-2014-8150 (bnc#911363)

* Changes:
http_digest: Added support for Windows SSPI based authentication
version info: Added Kerberos V5 to the supported features
Makefile: Added VC targets for WinIDN
config-win32: Introduce build targets for VS2012+
SSL: Add PEM format support for public key pinning
smtp: Added support for the conversion of Unix newlines during mail send
smb: Added initial support for the SMB/CIFS protocol
Added support for HTTP over unix domain sockets,
via CURLOPT_UNIX_SOCKET_PATH and --unix-socket
sasl: Added support for GSS-API based Kerberos V5 authentication

Thu Jan 1 13:00:00 2015
- build with PIE

Fri Nov 14 13:00:00 2014
- update to 7.39.0:
- changes:
SSLv3 is disabled by default
build: Added WinIDN build configuration options to Visual Studio projects
ssh: improve key file search
SSL: public key pinning. Use CURLOPT_PINNEDPUBLICKEY and --pinnedpubkey
vtls: remove QsoSSL support, use gskit!
mk-ca-bundle: added SHA-384 signature algorithm
docs: added many examples for libcurl opts and other doc improvements
build: Added VC ssh2 target to main Makefile
MinGW: Added support to build with nghttp2
NetWare: Added support to build with nghttp2
build: added Watcom support to build with WinSSL
build: Added optional specific version generation of VC project files
... and a bunch of bugfixes
- refreshed libcurl-ocloexec.patch
- removed gpg-offline verification
- spec-cleaned curl.spec

Thu Oct 23 14:00:00 2014
- Ensure the curl command line tool always require
the same libcurl it was used for build, even expert users
got confused.

Wed Sep 10 14:00:00 2014
- update to 7.38.0

* fixes CVE-2014-3613 (bnc#894575) and CVE-2014-3620 (bnc#895991)

* cookie leaks with IP address as domain and TLDs respectively
supports HTTP/2 draft-14
CURLE_HTTP2 is a new error code
CURLAUTH_NEGOTIATE is a new auth define
CURL_VERSION_GSSAPI is a new capability bit
no longer use fbopenssl for anything
schannel: use CryptGenRandom for random numbers
axtls: define curlssl_random using axTLS\'s PRNG
cyassl: use RNG_GenerateBlock to generate a good random number
findprotocol: show unsupported protocol within quotes
version: detect and show LibreSSL
version: detect and show BoringSSL
imap/pop3/smtp: Kerberos (SASL GSSAPI) authentication via Windows SSPI
http2: requires nghttp2 0.6.0 or later
SECURITY ADVISORY: cookie leak with IP address as domain
SECURITY ADVISORY: cookie leak for TLDs
And many other fixes

Thu Aug 28 14:00:00 2014
- curl 7.37.1:
This release includes many bugfixes and the following changes:

* bits.close: introduce connection close tracking

* darwinssl: Add support for --cacert

* polarssl: add ALPN support

* docs: Added new option man pages

Thu Jun 12 14:00:00 2014
- update to 7.37.0
This release includes many bugfixes and the following changes:

* URL parser: IPv6 zone identifiers are now supported

* CURLOPT_PROXYHEADER: set headers for proxy-only


* curl: add --proxy-header

* sasl: Added support for DIGEST-MD5 via Windows SSPI

* sasl: Added DIGEST-MD5 qop-option validation in native challange handling

* imap: Expanded mailbox SEARCH support to use URL query strings [7]

* imap: Extended FETCH support to include PARTIAL URL specifier [7]

* nss: implement non-blocking SSL handshake

* build: Reworked Visual Studio project files

* poll: enable poll on darwin13

* mk-ca-bundle: added -p

* libtests: add a wait_ms() function
- dropped patches:

* curl-mkhelp.patch (upstream)

* curl-test815.patch (upstream)

Fri Apr 11 14:00:00 2014
- remove the useless BuildRequires that were meant for debugging only

Wed Apr 9 14:00:00 2014
- update to 7.36

* fixes CVE-2014-0138 (bnc#868627) and CVE-2014-0139 (bnc#868629)

ntlm: Added support for NTLMv2
tool: Added support for URL specific options
openssl: add ALPN support
gtls: add ALPN support
nss: add ALPN and NPN support
tool: add --no-alpn and --no-npn
http2: build with current nghttp2 version
openssl: info message with SSL version used

* dropped curl-test172_cookie_expiration.patch (upstream)

* added patches to make it build:
- curl-mkhelp.patch
- curl-test815.patch

Thu Mar 13 13:00:00 2014
- Disable BuildRequires for openssh, only needed for test suite,
but the test suite isn\'t able to start sshd anyways.
Solves the problem that openssh checkins triggers a nearly full
rebuild, too.

Tue Feb 4 13:00:00 2014
- update to 7.35.0

* security fix:
CVE-2014-0015: re-use of wrong HTTP NTLM connection (bnc#858673)

* changes:
imap/pop3/smtp: Added support for SASL authentication downgrades
imap/pop3/smtp: Extended the login options to support multiple auth mechanisms
TheArtOfHttpScripting: major update, converted layout and more
mprintf: Added support for I, I32 and I64 size specifiers
makefile: Added support for VC7, VC11 and VC12
SSL: protocol version can be specified more precisely
imap/pop3/smtp: Added graceful cancellation of SASL authentication
Add \"Happy Eyeballs\" for IPv4/IPv6 dual connect attempts
base64: Added validation of base64 input strings when decoding
curl_easy_setopt: Added the ability to set the login options separately
smtp: Added support for additional SMTP commands
curl_easy_getinfo: Added CURLINFO_TLS_SESSION for accessing TLS internals
nss: allow to use TLS > 1.0 if built against recent NSS
SECURITY: added this document to describe our security processes
parseconfig: warn if unquoted white spaces are detected

* and many bugfixes
- fix test failure because of an expired cookie (bnc#862144)

* added curl-test172_cookie_expiration.patch
- refresh libcurl-ocloexec.patch

Fri Nov 29 13:00:00 2013
- update to 7.33.0

* fixes CVE-2013-4545 (bnc#849596)
= curl: ssl cert checks unclear behaviour
o test code for testing the event based API
o CURLM_ADDED_ALREADY: new error code
o test TFTP server: support \"writedelay\" within
o krb4 support has been removed
o imap/pop3/smtp: added basic SASL XOAUTH2 support
o Pass password to OpenSSL engine by user interface
o c-ares: Add support for various DNS binding options
o cookies: add expiration
o curl: added --oauth2-bearer option

Mon Aug 12 14:00:00 2013
- curl 7.32.0

* curl: allow timeouts to accept decimal values

* CURLOPT_XFERINFOFUNCTION: introducing a new progress callback

* SIGPIPE: ignored while inside the library

* OpenSSL: check for read errors

* configure: automake 1.14 compatibility tweak

* curl_multi_wait: set revents for extra fds

* global dns cache: didn\'t work (regression)

* mk-ca-bundle.1: don\'t install on make install

Mon Jul 1 14:00:00 2013
- avoid cycle between curl and krb5 by using krb5-mini-devel

Mon Jun 24 14:00:00 2013
- update to 7.31.0

* includes fix for CVE-2013-2174 (bnc#824517)

* SECURITY VULNERABILITY: curl_easy_unescape() may parse data
beyond the end of the input buffer [26]

* Changes:
darwinssl: add TLS session resumption
darwinssl: add TLS crypto authentication
imap/pop3/smtp: Added support for ;auth= in the URL
imap/pop3/smtp: Added support for ;auth= to CURLOPT_USERPWD
usercertinmem.c: add example showing user cert in memory
url: Added smtp and pop3 hostnames to the protocol detection list
imap/pop3/smtp: Added support for enabling the SASL initial response
curl -E: allow to use \':\' in certificate nicknames

Fri Apr 12 14:00:00 2013
- update to 7.30.0
includes security fixes for CVE-2013-0249 and CVE-2013-1944
(bugs bnc#814655 and bnc#802411 respectively)
(dropped curl-CVE-2013-0249.patch)
- Changes:
imap: Changed response tag generation to be completely unique
imap: Added support for SASL-IR extension
imap: Added support for the list command
imap: Added support for the append command
imap: Added custom request parsing
imap: Added support to the fetch command for UID and SECTION properties
imap: Added parsing and verification of the UIDVALIDITY mailbox attribute
imap/pop3/smtp: Added support for the STARTTLS capability
checksrc: ban use of sprintf, vsprintf, strcat, strncat and gets
curl_global_init() now accepts the CURL_GLOBAL_ACK_EINTR flag
for new multi interface connection handling
and CURLMOPT_PIPELI NING_SERVER_BL for new pipelining control
test: offer \"automake\" output and check for perl better
always-multi: always use non-blocking internals
imap: Added support for sasl digest-md5 authentication
imap: Added support for sasl cram-md5 authentication
imap: Added support for sasl ntlm authentication
imap: Added support for sasl login authentication
imap: Added support for sasl plain text authentication
imap: Added support for login disabled server capability
mk-ca-bundle: add -f, support passing to stdout and more
writeout: -w now supports remote_ip/port and local_ip/port
- refreshed patches

Sun Feb 17 13:00:00 2013
- Add curl-secure-getenv.patch: Use secure_getenv if available.
libcurl might be linked to a program where \"secure execution\" is

Thu Feb 7 13:00:00 2013
- fixed CVE-2013-0249 (bnc#802411)
- refreshed patches

Fri Jan 11 13:00:00 2013
- Break build loop and make GPG signature verification optional.

Tue Nov 27 13:00:00 2012
- Verify GPG signature.

Tue Nov 20 13:00:00 2012
- Curl 7.28.1

* FTP: prevent the multi interface from blocking Obsoletes

* don\'t send \'#\' fragments when using proxy

* OpenSSL: Disable SSL/TLS compression - avoid the \"CRIME\" attack

* TFTP: handle resend

* memory leak: CURLOPT_RESOLVE with multi interface

* SSL: Several SSL-backend related fixes

Sun Nov 4 13:00:00 2012
- added curl-ftp-prevent-the-multi-interface-from-blocking.patch in
order to prevent the multi interface from blocking when using ftp
and the remote end responds very slowly (sf#3579064)

Sun Jul 29 14:00:00 2012
- Curl 7.27.0

* support metalinks

* Add sasl authentication support

* various bugfixes
- Fix previous change, _GNU_SOURCE --> AC_USE_SYSTEM_EXTENSIONS

Mon Jul 9 14:00:00 2012
- define _GNU_SOURCE for oS/SLES <= 11.4, as O_CLOEXEC is
defined inside a ifdef __USE_GNU

Sat May 12 14:00:00 2012
- Update to new upstream release 7.25.0


* use new library-side TCP_KEEPALIVE options

* Added a new CURLOPT_MAIL_AUTH option

* Added support for --mail-auth

* (for more see the shipped CHANGES file)

Wed Feb 8 13:00:00 2012
- Problem with the c-ares backend, workaround for [bnc#745534]

Thu Feb 2 13:00:00 2012
- Update to version curl 7.24.0
- refresh patches to fix broken build

Wed Jan 18 13:00:00 2012
- use the rpmoptflags unconditionally, don\'t do own compiler flag
magic. Fixes debuginfo package built

Wed Dec 28 13:00:00 2011
- Package /usr/share/aclocal to avoid build dependency on automake.

Wed Nov 30 13:00:00 2011
- Use O_CLOEXEC in library code.

Tue Nov 29 13:00:00 2011
- Remove redundant/unwanted tags/section (cf. specfile guidelines)

Tue Nov 29 13:00:00 2011
- Use original source tarball

Mon Nov 28 13:00:00 2011
- Update to version 7.23.1:
+ Empty headers can be sent in HTTP requests by terminating with a semicolon
+ SSL session sharing support added to curl_share_setopt()
+ Added support to MAIL FROM for the optional SIZE parameter
+ smtp: Added support for NTLM authentication
+ curl tool: code split into tool_
*.[ch] files
+ lots of bugfixes

Mon Oct 3 14:00:00 2011
- Update to version 7.22.0:
+ Added support for NTLM delegation to Samba\'s winbind daemon
helper ntlm_auth
+ Display notes from setup file in
+ BSD-style lwIP TCP/IP stack experimental support on Windows
+ OpenSSL: Use SSL_MODE_RELEASE_BUFFERS if available
+ --delegation was added to set CURLOPT_GSSAPI_DELEGATION
+ nss: start with no database if the selected database is broken
+ telnet: allow programatic use on Windows
+ for a list of bugfixes, see
- Drop curl-openssl-release-buffers.patch: fixed upstream.
- Add curl-fix-m4.patch: Use \'x\' in configure scripts. Fixes issues
when configure is run with -Werror -Wall.

Sun Sep 18 14:00:00 2011
- Remove redundant tags/sections from specfile
- Use %_smp_mflags for parallel build

Fri Sep 16 14:00:00 2011
- Add curl-devel to baselibs

Mon Aug 15 14:00:00 2011
- Use SSL_MODE_RELEASE_BUFFERS if available, accepted
in upstream as commit 3d919440c80333c496fb

Tue Jul 12 14:00:00 2011
- remove support for old suse_versions

Mon Jul 11 14:00:00 2011
- Update to 7.21.7:
- Fix libcurl inappropriate GSSAPI delegation. Full details at
- Some other minor fixes.
- Use the lzma compressed tarball provided upstreams.

Fri May 20 14:00:00 2011
- remove unintented LDFLAGS from the spec file

Fri May 20 14:00:00 2011
- Update to 7.21.6

* curl-config: fix --version

* use HTTPS properly after CONNECT

* SFTP: close file before post quote operations

Thu Apr 14 14:00:00 2011
- bnc#598574 has been fixed in upstream commit 8ab137b2bc9630ce20f4
already, so enable c-ares support again.

Sat Apr 9 14:00:00 2011
- Support openSSL compiled without SSLv2 support
- Update to version 7.21.4

* SMTP: add brackets for MAIL FROM

* multi: connect fail => use next IP address

* pubkey_show: allocate buffer to fit any-size result

* Curl_do: avoid using stale conn pointer

* tftpd test server: avoid buffer overflow report from glibc

* OpenSSL get_cert_chain: support larger data sets

* SCP/SFTP transfers: acknowledge speedcheck

* connect problem: use UDP correctly

* OpenSSL: improved error message on SSL_CTX_new failures

* HTTP: memory leak on multiple Location:

* curl.1: typo in -v description

* CURLOPT_SOCKOPTFUNCTION: return proper error code --keepalive-time

* file: add support for CURLOPT_TIMECONDITION

* multi: fix CURLM_STATE_TOOFAST for multi_socket

Fri Oct 22 14:00:00 2010
- Update to version 7.21.2

* curl -T: ignore file size of special files

* Added GOPHER protocol support

* Added mk-ca-bundle.vbs script

* c-ares build now requires c-ares >= 1.6.0

* --remote-header-name security vulnerability fixed

* multi: support the timeouts correctly, fixes known bug #62

* multi: use timeouts properly for MAX_RECV/SEND_SPEED

* negotiation: Wrong proxy authorization

* multi: avoid sending multiple complete messages

* cmdline: make -F type= accept ;charset=

* RESUME_FROM: clarify what ftp uploads do

* http: handle trailer headers in all chunked responses

* Curl_is_connected: use correct errno

* progress: callback for POSTs less than MAX_INITIAL_POST_SIZE

* Link curl and the test apps with -lrt explicitly when necessary

* chunky parser: only rewind stream internally if needed

* remote-header-name: don\'t output filename when NULL

* Curl_timeleft: avoid returning \"no timeout\" by mistake

* timeout: use the correct start value as offset

* FTP: fix wrong timeout trigger

* rtsp: avoid SIGSEGV on malformed header

* LDAP: Support for tunnelling queries through HTTP proxy

* curl_easy_duphandle: clone the c-ares handle correctly

* support URL containing colon without trailing port number

* parsedate: allow time specified without seconds

* curl_easy_escape: don\'t escape \"unreserved\" characters

* SFTP: avoid downloading negative sizes

* Lots of GSS/KRB FTP fixes

* TFTP: Work around tftpd-hpa upload bug

* libcurl.m4: several fixes

* HTTP: remove special case for 416

* globbing: fix crash on unballanced open brace

Wed Jun 2 14:00:00 2010
- allowing switching to nss instead of openssl via bcond

Mon May 10 14:00:00 2010
- disable c-ares support while bnc598574 is fixed.

Sat Apr 24 14:00:00 2010
- buildrequire pkg-config to fix provides

Fri Apr 23 14:00:00 2010
- Update to libcurl 7.20.1

* off-by-one in the chunked encoding trailer parser

* CURLOPT_CERTINFO memory leak

* threaded resolver double free when closing curl handle

* url_multi_remove_handle() caused use after free

* SSL possible double free when reusing curl handle

* alarm()-based DNS timeout bug

Wed Mar 24 13:00:00 2010
- enable libssh2 support unconditionally.

Wed Mar 10 13:00:00 2010
- enable libcares support unconditionally.

Sat Feb 13 13:00:00 2010
- Update to version 7.20.0:

* support SSL_FILETYPE_ENGINE for client certificate

* curl-config can now show the arguments used when building curl

* non-blocking TFTP

* send Expect: 100-continue for POSTs with unknown sizes

* added support for IMAP(S), POP3(S), SMTP(S) and RTSP

* added new curl_easy_setopt() options for SMTP and RTSP

* added --mail-from and --mail-rcpt for SMTP

* VMS build system enhancements

* added support for the PRET ftp command

* curl supports --ssl and --ssl-reqd

* added -J/--remote-header-name for using server-provided
filename with -O

* enhanced asynchronous DNS lookups

* symbol CURL_FORMAT_OFF_T is obsoleted

* many bugfixes

Tue Jan 26 13:00:00 2010
- updated to 7.19.7

* -T. is now for non-blocking uploading from stdin

* SYST handling on FTP for OS/400 FTP server cases

* libcurl refuses to read a single HTTP header longer than 100K

* added the --crlfile option to curl

* many bugfixes

Mon Jan 11 13:00:00 2010
- add baselibs.conf as source

Thu Aug 13 14:00:00 2009
- updated to 7.19.6

* CURLOPT_FTPPORT (and curl\'s -P/--ftpport) support port ranges


told to ignore error responses when used with FTP

* fixed CVE-2009-2417 (matching certificates with embedded NUL

* many other bugfixes

Tue May 19 14:00:00 2009
- remove the Obsoletes: curl-ca-bundle, it breaks parallel
installation of older libcurl packages (bnc#484044).

Tue May 19 14:00:00 2009
- updated to 7.19.5

* libcurl now closes all dead connections whenever you attempt to
open a new connection

* libssh2\'s version number can now be figured out run-time
instead of using the build-time fixed number


* curl can now upload with resume even when reading from a pipe

* a build-time configured curl_socklen_t is now used instead of
- by default, don\'t abort if the testsuite fails.

Thu Mar 5 13:00:00 2009
- don\'t run autoreconf -fi as it breaks on older distros and
upstream uses recent autotools already.

Mon Mar 2 13:00:00 2009
- updated to 7.19.4

* don\'t follow redirects to file:// and scp:// by default; add
new curl_easy_setopt options CURLOPT_PROTOCOLS and
CURLOPT_REDIR_PROTOCOLS to specify which protocols are allowed
and which protocols are allowed to redirect to (bnc#475103,

* Added CURLOPT_NOPROXY and the corresponding --noproxy

* the OpenSSL-specific code disables TICKET (rfc5077) which is
enabled by default in openssl 0.9.8j


CURLOPT_SOCKS5_GSSAPI_NEC - with the corresponding curl options
- -socks5-gssapi-service and --socks5-gssapi-nec

* Improved IPv6 support when built with with c-ares >= 1.6.1

* Added CURLPROXY_HTTP_1_0 and --proxy1.0

* Added docs/libcurl/symbols-in-versions


* Added support for Digest and NTLM authentication using GnuTLS

* CURLOPT_FTP_CREATE_MISSING_DIRS can now be set to 2 to retry
the CWD even when MKD fails

* GnuTLS initing moved to curl_global_init()


* pkg-config can now show supported_protocols and



* Better detect HTTP 1.0 servers and don\'t do HTTP 1.1 requests
on them

* configure --disable-proxy disables proxy support


* --interface now works with IPv6 connections on glibc systems