diff --git a/.curl.metadata b/.curl.metadata
new file mode 100644
index 0000000..a1dafc9
--- /dev/null
+++ b/.curl.metadata
@@ -0,0 +1 @@
+8b56123714b4e061f0f71005c5be598b12f82483 SOURCES/curl-7.61.1.tar.xz
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..cfbf426
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+SOURCES/curl-7.61.1.tar.xz
diff --git a/SOURCES/0001-curl-7.61.1-test320-gnutls.patch b/SOURCES/0001-curl-7.61.1-test320-gnutls.patch
new file mode 100644
index 0000000..a9cbaac
--- /dev/null
+++ b/SOURCES/0001-curl-7.61.1-test320-gnutls.patch
@@ -0,0 +1,63 @@
+From 3cd5b375e31fb98e4782dc3a77e7316ad9eb26cf Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg
+Date: Thu, 4 Oct 2018 15:34:13 +0200
+Subject: [PATCH] test320: strip out more HTML when comparing
+
+To make the test case work with different gnutls-serv versions better.
+
+Reported-by: Kamil Dudka
+Fixes #3093
+Closes #3094
+
+Upstream-commit: 94ad57b0246b5658c2a9139dbe6a80efa4c4e2f3
+Signed-off-by: Kamil Dudka
+---
+ tests/data/test320 | 24 ++++--------------------
+ 1 file changed, 4 insertions(+), 20 deletions(-)
+
+diff --git a/tests/data/test320 b/tests/data/test320
+index 457a11eb2..87311d4f2 100644
+--- a/tests/data/test320
++++ b/tests/data/test320
+@@ -62,34 +62,18 @@ simple TLS-SRP HTTPS GET, check user in response
+ HTTP/1.0 200 OK
+ Content-type: text/html
+
+-
+-
+-
+-
+-
+-
+-If your browser supports session resuming, then you should see the same session ID, when you press the reload button.
+-Connected as user 'jsmith'.
+-
+-
|
+-Key Exchange: | SRP |
+-Compression | NULL |
+-Cipher | AES-NNN-CBC |
+-MAC | SHA1 |
+-Ciphersuite | SRP_SHA_AES_NNN_CBC_SHA1 |
+-
Your HTTP header was:
Host: %HOSTIP:%HTTPTLSPORT
++FINE
+ User-Agent: curl-test-suite
+ Accept: */*
+
+-
+-
+-
+
+
+-s/^Session ID:.*//
++s/^
Connected as user 'jsmith'.*/FINE/
+ s/Protocol version:.*[0-9]//
+ s/GNUTLS/GnuTLS/
+ s/(AES[-_])\d\d\d([-_]CBC)/$1NNN$2/
++s/^<.*\n//
++s/^\n//
+
+
+
+--
+2.17.1
+
diff --git a/SOURCES/0002-curl-7.61.1-tlsv1.0-man.patch b/SOURCES/0002-curl-7.61.1-tlsv1.0-man.patch
new file mode 100644
index 0000000..f384366
--- /dev/null
+++ b/SOURCES/0002-curl-7.61.1-tlsv1.0-man.patch
@@ -0,0 +1,28 @@
+From c574e05b0035f0d78e6bf6040d3f80430112ab4f Mon Sep 17 00:00:00 2001
+From: Kamil Dudka
+Date: Fri, 7 Sep 2018 16:50:45 +0200
+Subject: [PATCH] docs/cmdline-opts: update the documentation of --tlsv1.0
+
+... to reflect the changes in 6015cefb1b2cfde4b4850121c42405275e5e77d9
+
+Closes #2955
+
+Upstream-commit: 9ba22ce6b52751ed1e2abdd177b0a1d241819b4e
+Signed-off-by: Kamil Dudka
+---
+ docs/cmdline-opts/tlsv1.0.d | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/docs/cmdline-opts/tlsv1.0.d b/docs/cmdline-opts/tlsv1.0.d
+index 8789025e0..54e259682 100644
+--- a/docs/cmdline-opts/tlsv1.0.d
++++ b/docs/cmdline-opts/tlsv1.0.d
+@@ -3,4 +3,4 @@ Help: Use TLSv1.0
+ Protocols: TLS
+ Added: 7.34.0
+ ---
+-Forces curl to use TLS version 1.0 when connecting to a remote TLS server.
++Forces curl to use TLS version 1.0 or later when connecting to a remote TLS server.
+--
+2.17.1
+
diff --git a/SOURCES/0003-curl-7.61.1-TLS-1.3-PHA.patch b/SOURCES/0003-curl-7.61.1-TLS-1.3-PHA.patch
new file mode 100644
index 0000000..99273ac
--- /dev/null
+++ b/SOURCES/0003-curl-7.61.1-TLS-1.3-PHA.patch
@@ -0,0 +1,46 @@
+From bb8ad3da3fb4ab3f6556daa1f67b259c12a3c7de Mon Sep 17 00:00:00 2001
+From: Christian Heimes
+Date: Fri, 21 Sep 2018 10:37:43 +0200
+Subject: [PATCH] OpenSSL: enable TLS 1.3 post-handshake auth
+
+OpenSSL 1.1.1 requires clients to opt-in for post-handshake
+authentication.
+
+Fixes: https://github.com/curl/curl/issues/3026
+Signed-off-by: Christian Heimes
+
+Closes https://github.com/curl/curl/pull/3027
+
+Upstream-commit: b939bc47b27cd57c6ebb852ad653933e4124b452
+Signed-off-by: Kamil Dudka
+---
+ lib/vtls/openssl.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
+index a487f55..78970d1 100644
+--- a/lib/vtls/openssl.c
++++ b/lib/vtls/openssl.c
+@@ -178,6 +178,7 @@ static unsigned long OpenSSL_version_num(void)
+ !defined(LIBRESSL_VERSION_NUMBER) && \
+ !defined(OPENSSL_IS_BORINGSSL))
+ #define HAVE_SSL_CTX_SET_CIPHERSUITES
++#define HAVE_SSL_CTX_SET_POST_HANDSHAKE_AUTH
+ #endif
+
+ #if defined(LIBRESSL_VERSION_NUMBER)
+@@ -2467,6 +2468,11 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
+ }
+ #endif
+
++#ifdef HAVE_SSL_CTX_SET_POST_HANDSHAKE_AUTH
++ /* OpenSSL 1.1.1 requires clients to opt-in for PHA */
++ SSL_CTX_set_post_handshake_auth(BACKEND->ctx, 1);
++#endif
++
+ #ifdef USE_TLS_SRP
+ if(ssl_authtype == CURL_TLSAUTH_SRP) {
+ char * const ssl_username = SSL_SET_OPTION(username);
+--
+2.17.1
+
diff --git a/SOURCES/0004-curl-7.61.1-CVE-2018-16842.patch b/SOURCES/0004-curl-7.61.1-CVE-2018-16842.patch
new file mode 100644
index 0000000..1b8a198
--- /dev/null
+++ b/SOURCES/0004-curl-7.61.1-CVE-2018-16842.patch
@@ -0,0 +1,81 @@
+From 27d6c92acdac671ddf8f77f72956b2181561f774 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg
+Date: Sun, 28 Oct 2018 01:33:23 +0200
+Subject: [PATCH 1/2] voutf: fix bad arethmetic when outputting warnings to
+ stderr
+
+CVE-2018-16842
+Reported-by: Brian Carpenter
+Bug: https://curl.haxx.se/docs/CVE-2018-16842.html
+
+Upstream-commit: d530e92f59ae9bb2d47066c3c460b25d2ffeb211
+Signed-off-by: Kamil Dudka
+---
+ src/tool_msgs.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/tool_msgs.c b/src/tool_msgs.c
+index 9cce806..05bec39 100644
+--- a/src/tool_msgs.c
++++ b/src/tool_msgs.c
+@@ -67,7 +67,7 @@ static void voutf(struct GlobalConfig *config,
+ (void)fwrite(ptr, cut + 1, 1, config->errors);
+ fputs("\n", config->errors);
+ ptr += cut + 1; /* skip the space too */
+- len -= cut;
++ len -= cut + 1;
+ }
+ else {
+ fputs(ptr, config->errors);
+--
+2.17.2
+
+
+From 23f8c641b02e6c302d0e8cc5a5ee225a33b01f28 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg
+Date: Sun, 28 Oct 2018 10:43:57 +0100
+Subject: [PATCH 2/2] test2080: verify the fix for CVE-2018-16842
+
+Upstream-commit: 350306e4726b71b5b386fc30e3fecc039a807157
+Signed-off-by: Kamil Dudka
+---
+ tests/data/Makefile.inc | 4 ++--
+ tests/data/test2080 | Bin 0 -> 20659 bytes
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+ create mode 100644 tests/data/test2080
+
+diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
+index e045748..aa5fff0 100644
+--- a/tests/data/Makefile.inc
++++ b/tests/data/Makefile.inc
+@@ -198,7 +198,7 @@ test2048 test2049 test2050 test2051 test2052 test2053 test2054 test2055 \
+ test2056 test2057 test2058 test2059 test2060 test2061 test2062 test2063 \
+ test2064 test2065 test2066 test2067 test2068 test2069 \
+ \
+-test2070 test2071 test2072 test2073 \
+-test2074 test2075 \
++test2070 test2071 test2072 test2073 test2074 test2075 \
++test2080 \
+ \
+ test3000 test3001
+diff --git a/tests/data/test2080 b/tests/data/test2080
+new file mode 100644
+index 0000000000000000000000000000000000000000..47e376ecb5d7879c0a98e392bff48ccc52e9db0a
+GIT binary patch
+literal 20659
+zcmeI)Pj3@35QkyT{uI*`iBshYE(n>u@JB+F3kdG+t~asjwJY0gl}``eO+)FONU8ef
+zl6Ca+%A4K8~qdz
+zd{+G6l*#ToY+DU||F9%J1n*+KPxQ;7MapuoQ!&MMQSXmpqMh0_yS6g=;N;HNjilBk
+zY$c?)mULZxib{;$g~jw~nrs|8b@sJI)_QmS_4(WLrNld}2Y0LEO$e>m->_NA&o$n!
+z9^YDZ>cvMs2q1s}0tg_000PG)@a?$9VHyMwKmY**5I_I{1Q0m1z~!MEP#*yV5I_I{
+z1Q0*~0R#|0009ILKmY**4ldvh-hl=PAb-+Xw`j-8D
+zzg+g?Rt8(G*s;1Sb>n1S94H%G
+Date: Thu, 18 Oct 2018 15:07:15 +0200
+Subject: [PATCH] Curl_close: clear data->multi_easy on free to avoid
+ use-after-free
+
+Regression from b46cfbc068 (7.59.0)
+CVE-2018-16840
+Reported-by: Brian Carpenter (Geeknik Labs)
+
+Bug: https://curl.haxx.se/docs/CVE-2018-16840.html
+
+Upstream-commit: 81d135d67155c5295b1033679c606165d4e28f3f
+Signed-off-by: Kamil Dudka
+---
+ lib/url.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/lib/url.c b/lib/url.c
+index f159008..dcc1ecc 100644
+--- a/lib/url.c
++++ b/lib/url.c
+@@ -319,10 +319,12 @@ CURLcode Curl_close(struct Curl_easy *data)
+ and detach this handle from there. */
+ curl_multi_remove_handle(data->multi, data);
+
+- if(data->multi_easy)
++ if(data->multi_easy) {
+ /* when curl_easy_perform() is used, it creates its own multi handle to
+ use and this is the one */
+ curl_multi_cleanup(data->multi_easy);
++ data->multi_easy = NULL;
++ }
+
+ /* Destroy the timeout list that is held in the easy handle. It is
+ /normally/ done by curl_multi_remove_handle() but this is "just in
+--
+2.17.2
+
diff --git a/SOURCES/0006-curl-7.61.1-CVE-2018-16839.patch b/SOURCES/0006-curl-7.61.1-CVE-2018-16839.patch
new file mode 100644
index 0000000..949254f
--- /dev/null
+++ b/SOURCES/0006-curl-7.61.1-CVE-2018-16839.patch
@@ -0,0 +1,31 @@
+From ad9943254ded9a983af7d581e8a1f3317e8a8781 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg
+Date: Fri, 28 Sep 2018 16:08:16 +0200
+Subject: [PATCH] Curl_auth_create_plain_message: fix too-large-input-check
+
+CVE-2018-16839
+Reported-by: Harry Sintonen
+Bug: https://curl.haxx.se/docs/CVE-2018-16839.html
+
+Upstream-commit: f3a24d7916b9173c69a3e0ee790102993833d6c5
+Signed-off-by: Kamil Dudka
+---
+ lib/vauth/cleartext.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/vauth/cleartext.c b/lib/vauth/cleartext.c
+index 5d61ce6..1367143 100644
+--- a/lib/vauth/cleartext.c
++++ b/lib/vauth/cleartext.c
+@@ -74,7 +74,7 @@ CURLcode Curl_auth_create_plain_message(struct Curl_easy *data,
+ plen = strlen(passwdp);
+
+ /* Compute binary message length. Check for overflows. */
+- if((ulen > SIZE_T_MAX/2) || (plen > (SIZE_T_MAX/2 - 2)))
++ if((ulen > SIZE_T_MAX/4) || (plen > (SIZE_T_MAX/2 - 2)))
+ return CURLE_OUT_OF_MEMORY;
+ plainlen = 2 * ulen + plen + 2;
+
+--
+2.17.2
+
diff --git a/SOURCES/0007-curl-7.63.0-JO-preserve-local-file.patch b/SOURCES/0007-curl-7.63.0-JO-preserve-local-file.patch
new file mode 100644
index 0000000..6799dfa
--- /dev/null
+++ b/SOURCES/0007-curl-7.63.0-JO-preserve-local-file.patch
@@ -0,0 +1,116 @@
+From ff74657fb645e7175971128a171ef7d5ece40d77 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg
+Date: Mon, 17 Dec 2018 12:51:51 +0100
+Subject: [PATCH] curl -J: do not append to the destination file
+
+Reported-by: Kamil Dudka
+Fixes #3380
+Closes #3381
+
+Upstream-commit: 4849267197682e69cfa056c2bd7a44acd123a917
+Signed-off-by: Kamil Dudka
+---
+ src/tool_cb_hdr.c | 6 +++---
+ src/tool_cb_wrt.c | 9 ++++-----
+ src/tool_cb_wrt.h | 2 +-
+ src/tool_operate.c | 2 +-
+ 4 files changed, 9 insertions(+), 10 deletions(-)
+
+diff --git a/src/tool_cb_hdr.c b/src/tool_cb_hdr.c
+index 84b0d9c..3844904 100644
+--- a/src/tool_cb_hdr.c
++++ b/src/tool_cb_hdr.c
+@@ -148,12 +148,12 @@ size_t tool_header_cb(char *ptr, size_t size, size_t nmemb, void *userdata)
+ outs->filename = filename;
+ outs->alloc_filename = TRUE;
+ hdrcbdata->honor_cd_filename = FALSE; /* done now! */
+- if(!tool_create_output_file(outs, TRUE))
++ if(!tool_create_output_file(outs))
+ return failure;
+ }
+ break;
+ }
+- if(!outs->stream && !tool_create_output_file(outs, FALSE))
++ if(!outs->stream && !tool_create_output_file(outs))
+ return failure;
+ }
+
+@@ -162,7 +162,7 @@ size_t tool_header_cb(char *ptr, size_t size, size_t nmemb, void *userdata)
+ /* bold headers only happen for HTTP(S) and RTSP */
+ char *value = NULL;
+
+- if(!outs->stream && !tool_create_output_file(outs, FALSE))
++ if(!outs->stream && !tool_create_output_file(outs))
+ return failure;
+
+ if(hdrcbdata->global->isatty && hdrcbdata->global->styled_output)
+diff --git a/src/tool_cb_wrt.c b/src/tool_cb_wrt.c
+index 2cb5e1b..195d6e7 100644
+--- a/src/tool_cb_wrt.c
++++ b/src/tool_cb_wrt.c
+@@ -32,8 +32,7 @@
+ #include "memdebug.h" /* keep this as LAST include */
+
+ /* create a local file for writing, return TRUE on success */
+-bool tool_create_output_file(struct OutStruct *outs,
+- bool append)
++bool tool_create_output_file(struct OutStruct *outs)
+ {
+ struct GlobalConfig *global = outs->config->global;
+ FILE *file;
+@@ -43,7 +42,7 @@ bool tool_create_output_file(struct OutStruct *outs,
+ return FALSE;
+ }
+
+- if(outs->is_cd_filename && !append) {
++ if(outs->is_cd_filename) {
+ /* don't overwrite existing files */
+ file = fopen(outs->filename, "rb");
+ if(file) {
+@@ -55,7 +54,7 @@ bool tool_create_output_file(struct OutStruct *outs,
+ }
+
+ /* open file for writing */
+- file = fopen(outs->filename, append?"ab":"wb");
++ file = fopen(outs->filename, "wb");
+ if(!file) {
+ warnf(global, "Failed to create the file %s: %s\n", outs->filename,
+ strerror(errno));
+@@ -142,7 +141,7 @@ size_t tool_write_cb(char *buffer, size_t sz, size_t nmemb, void *userdata)
+ }
+ #endif
+
+- if(!outs->stream && !tool_create_output_file(outs, FALSE))
++ if(!outs->stream && !tool_create_output_file(outs))
+ return failure;
+
+ if(is_tty && (outs->bytes < 2000) && !config->terminal_binary_ok) {
+diff --git a/src/tool_cb_wrt.h b/src/tool_cb_wrt.h
+index 51e002b..188d3ea 100644
+--- a/src/tool_cb_wrt.h
++++ b/src/tool_cb_wrt.h
+@@ -30,7 +30,7 @@
+ size_t tool_write_cb(char *buffer, size_t sz, size_t nmemb, void *userdata);
+
+ /* create a local file for writing, return TRUE on success */
+-bool tool_create_output_file(struct OutStruct *outs, bool append);
++bool tool_create_output_file(struct OutStruct *outs);
+
+ #endif /* HEADER_CURL_TOOL_CB_WRT_H */
+
+diff --git a/src/tool_operate.c b/src/tool_operate.c
+index e53a9d8..429e9cf 100644
+--- a/src/tool_operate.c
++++ b/src/tool_operate.c
+@@ -1581,7 +1581,7 @@ static CURLcode operate_do(struct GlobalConfig *global,
+ /* do not create (or even overwrite) the file in case we get no
+ data because of unmet condition */
+ curl_easy_getinfo(curl, CURLINFO_CONDITION_UNMET, &cond_unmet);
+- if(!cond_unmet && !tool_create_output_file(&outs, FALSE))
++ if(!cond_unmet && !tool_create_output_file(&outs))
+ result = CURLE_WRITE_ERROR;
+ }
+
+--
+2.17.2
+
diff --git a/SOURCES/0101-curl-7.32.0-multilib.patch b/SOURCES/0101-curl-7.32.0-multilib.patch
new file mode 100644
index 0000000..532980e
--- /dev/null
+++ b/SOURCES/0101-curl-7.32.0-multilib.patch
@@ -0,0 +1,89 @@
+From 2a4754a3a7cf60ecc36d83cbe50b8c337cb87632 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka
+Date: Fri, 12 Apr 2013 12:04:05 +0200
+Subject: [PATCH] prevent multilib conflicts on the curl-config script
+
+---
+ curl-config.in | 21 +++------------------
+ docs/curl-config.1 | 4 +++-
+ libcurl.pc.in | 1 +
+ 3 files changed, 7 insertions(+), 19 deletions(-)
+
+diff --git a/curl-config.in b/curl-config.in
+index 150004d..95d0759 100644
+--- a/curl-config.in
++++ b/curl-config.in
+@@ -76,7 +76,7 @@ while test $# -gt 0; do
+ ;;
+
+ --cc)
+- echo "@CC@"
++ echo "gcc"
+ ;;
+
+ --prefix)
+@@ -143,32 +143,17 @@ while test $# -gt 0; do
+ ;;
+
+ --libs)
+- if test "X@libdir@" != "X/usr/lib" -a "X@libdir@" != "X/usr/lib64"; then
+- CURLLIBDIR="-L@libdir@ "
+- else
+- CURLLIBDIR=""
+- fi
+- if test "X@REQUIRE_LIB_DEPS@" = "Xyes"; then
+- echo ${CURLLIBDIR}-lcurl @LIBCURL_LIBS@
+- else
+- echo ${CURLLIBDIR}-lcurl
+- fi
++ echo -lcurl
+ ;;
+ --ssl-backends)
+ echo "@SSL_BACKENDS@"
+ ;;
+
+ --static-libs)
+- if test "X@ENABLE_STATIC@" != "Xno" ; then
+- echo @libdir@/libcurl.@libext@ @LDFLAGS@ @LIBCURL_LIBS@
+- else
+- echo "curl was built with static libraries disabled" >&2
+- exit 1
+- fi
+ ;;
+
+ --configure)
+- echo @CONFIGURE_OPTIONS@
++ pkg-config libcurl --variable=configure_options | sed 's/^"//;s/"$//'
+ ;;
+
+ *)
+diff --git a/docs/curl-config.1 b/docs/curl-config.1
+index 14a9d2b..ffcc004 100644
+--- a/docs/curl-config.1
++++ b/docs/curl-config.1
+@@ -70,7 +70,9 @@ no, one or several names. If more than one name, they will appear
+ comma-separated. (Added in 7.58.0)
+ .IP "--static-libs"
+ Shows the complete set of libs and other linker options you will need in order
+-to link your application with libcurl statically. (Added in 7.17.1)
++to link your application with libcurl statically. Note that Fedora/RHEL libcurl
++packages do not provide any static libraries, thus cannot be linked statically.
++(Added in 7.17.1)
+ .IP "--version"
+ Outputs version information about the installed libcurl.
+ .IP "--vernum"
+diff --git a/libcurl.pc.in b/libcurl.pc.in
+index 2ba9c39..f8f8b00 100644
+--- a/libcurl.pc.in
++++ b/libcurl.pc.in
+@@ -29,6 +29,7 @@ libdir=@libdir@
+ includedir=@includedir@
+ supported_protocols="@SUPPORT_PROTOCOLS@"
+ supported_features="@SUPPORT_FEATURES@"
++configure_options=@CONFIGURE_OPTIONS@
+
+ Name: libcurl
+ URL: https://curl.haxx.se/
+--
+2.5.0
+
diff --git a/SOURCES/0102-curl-7.36.0-debug.patch b/SOURCES/0102-curl-7.36.0-debug.patch
new file mode 100644
index 0000000..bbb253f
--- /dev/null
+++ b/SOURCES/0102-curl-7.36.0-debug.patch
@@ -0,0 +1,65 @@
+From 6710648c2b270c9ce68a7d9f1bba1222c7be8b58 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka
+Date: Wed, 31 Oct 2012 11:38:30 +0100
+Subject: [PATCH] prevent configure script from discarding -g in CFLAGS (#496778)
+
+---
+ configure | 13 +++----------
+ m4/curl-compilers.m4 | 13 +++----------
+ 2 files changed, 6 insertions(+), 20 deletions(-)
+
+diff --git a/configure b/configure
+index 8f079a3..53b4774 100755
+--- a/configure
++++ b/configure
+@@ -16414,18 +16414,11 @@ $as_echo "yes" >&6; }
+ gccvhi=`echo $gccver | cut -d . -f1`
+ gccvlo=`echo $gccver | cut -d . -f2`
+ compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`
+- flags_dbg_all="-g -g0 -g1 -g2 -g3"
+- flags_dbg_all="$flags_dbg_all -ggdb"
+- flags_dbg_all="$flags_dbg_all -gstabs"
+- flags_dbg_all="$flags_dbg_all -gstabs+"
+- flags_dbg_all="$flags_dbg_all -gcoff"
+- flags_dbg_all="$flags_dbg_all -gxcoff"
+- flags_dbg_all="$flags_dbg_all -gdwarf-2"
+- flags_dbg_all="$flags_dbg_all -gvms"
++ flags_dbg_all=""
+ flags_dbg_yes="-g"
+ flags_dbg_off=""
+- flags_opt_all="-O -O0 -O1 -O2 -O3 -Os -Og -Ofast"
+- flags_opt_yes="-O2"
++ flags_opt_all=""
++ flags_opt_yes=""
+ flags_opt_off="-O0"
+
+ OLDCPPFLAGS=$CPPFLAGS
+diff --git a/m4/curl-compilers.m4 b/m4/curl-compilers.m4
+index 0cbba7a..9175b5b 100644
+--- a/m4/curl-compilers.m4
++++ b/m4/curl-compilers.m4
+@@ -157,18 +157,11 @@ AC_DEFUN([CURL_CHECK_COMPILER_GNU_C], [
+ gccvhi=`echo $gccver | cut -d . -f1`
+ gccvlo=`echo $gccver | cut -d . -f2`
+ compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`
+- flags_dbg_all="-g -g0 -g1 -g2 -g3"
+- flags_dbg_all="$flags_dbg_all -ggdb"
+- flags_dbg_all="$flags_dbg_all -gstabs"
+- flags_dbg_all="$flags_dbg_all -gstabs+"
+- flags_dbg_all="$flags_dbg_all -gcoff"
+- flags_dbg_all="$flags_dbg_all -gxcoff"
+- flags_dbg_all="$flags_dbg_all -gdwarf-2"
+- flags_dbg_all="$flags_dbg_all -gvms"
++ flags_dbg_all=""
+ flags_dbg_yes="-g"
+ flags_dbg_off=""
+- flags_opt_all="-O -O0 -O1 -O2 -O3 -Os -Og -Ofast"
+- flags_opt_yes="-O2"
++ flags_opt_all=""
++ flags_opt_yes=""
+ flags_opt_off="-O0"
+ CURL_CHECK_DEF([_WIN32], [], [silent])
+ else
+--
+1.7.1
+
diff --git a/SOURCES/0103-curl-7.59.0-python3.patch b/SOURCES/0103-curl-7.59.0-python3.patch
new file mode 100644
index 0000000..f66b6c0
--- /dev/null
+++ b/SOURCES/0103-curl-7.59.0-python3.patch
@@ -0,0 +1,140 @@
+From bdba7b54224814055185513de1e7ff6619031553 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka
+Date: Thu, 15 Mar 2018 13:21:40 +0100
+Subject: [PATCH 1/2] tests/http_pipe.py: migrate to Python 3
+
+---
+ tests/http_pipe.py | 4 ++--
+ tests/runtests.pl | 2 +-
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/tests/http_pipe.py b/tests/http_pipe.py
+index bc32173..75ac165 100755
+--- a/tests/http_pipe.py
++++ b/tests/http_pipe.py
+@@ -383,13 +383,13 @@ class PipelineRequestHandler(socketserver.BaseRequestHandler):
+ self.request.setblocking(True)
+ if not new_data:
+ return
+- new_requests = self._request_parser.ParseAdditionalData(new_data)
++ new_requests = self._request_parser.ParseAdditionalData(new_data.decode('utf8'))
+ self._response_builder.QueueRequests(
+ new_requests, self._request_parser.were_all_requests_http_1_1)
+ self._num_queued += len(new_requests)
+ self._last_queued_time = time.time()
+ elif fileno in wlist:
+- num_bytes_sent = self.request.send(self._send_buffer[0:4096])
++ num_bytes_sent = self.request.send(self._send_buffer[0:4096].encode('utf8'))
+ self._send_buffer = self._send_buffer[num_bytes_sent:]
+ time.sleep(0.05)
+
+diff --git a/tests/runtests.pl b/tests/runtests.pl
+index d6aa5ca..4d395ef 100755
+--- a/tests/runtests.pl
++++ b/tests/runtests.pl
+@@ -1439,7 +1439,7 @@ sub runhttpserver {
+ elsif($alt eq "pipe") {
+ # basically the same, but another ID
+ $idnum = 3;
+- $exe = "python $srcdir/http_pipe.py";
++ $exe = "python3 $srcdir/http_pipe.py";
+ $verbose_flag .= "1 ";
+ }
+ elsif($alt eq "unix") {
+--
+2.14.3
+
+
+From 3c4c7340e455b7256c0786759422f34ec3e2d440 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka
+Date: Thu, 15 Mar 2018 14:49:56 +0100
+Subject: [PATCH 2/2] tests/{negtelnet,smb}server.py: migrate to Python 3
+
+Unfortunately, smbserver.py does not work with Python 3 because
+there is no 'impacket' module available for Python 3:
+
+https://github.com/CoreSecurity/impacket/issues/61
+---
+ tests/negtelnetserver.py | 12 ++++++------
+ tests/smbserver.py | 4 ++--
+ 2 files changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/tests/negtelnetserver.py b/tests/negtelnetserver.py
+index 8cfd409..72ee771 100755
+--- a/tests/negtelnetserver.py
++++ b/tests/negtelnetserver.py
+@@ -23,7 +23,7 @@ IDENT = "NTEL"
+
+ # The strings that indicate the test framework is checking our aliveness
+ VERIFIED_REQ = b"verifiedserver"
+-VERIFIED_RSP = b"WE ROOLZ: {pid}"
++VERIFIED_RSP = "WE ROOLZ: {pid}"
+
+
+ def telnetserver(options):
+@@ -34,7 +34,7 @@ def telnetserver(options):
+ if options.pidfile:
+ pid = os.getpid()
+ with open(options.pidfile, "w") as f:
+- f.write(b"{0}".format(pid))
++ f.write("{0}".format(pid))
+
+ local_bind = (HOST, options.port)
+ log.info("Listening on %s", local_bind)
+@@ -73,11 +73,11 @@ class NegotiatingTelnetHandler(socketserver.BaseRequestHandler):
+ response_data = VERIFIED_RSP.format(pid=os.getpid())
+ else:
+ log.debug("Received normal request - echoing back")
+- response_data = data.strip()
++ response_data = data.decode('utf8').strip()
+
+ if response_data:
+ log.debug("Sending %r", response_data)
+- self.request.sendall(response_data)
++ self.request.sendall(response_data.encode('utf8'))
+
+ except IOError:
+ log.exception("IOError hit during request")
+@@ -132,7 +132,7 @@ class Negotiator(object):
+ return buffer
+
+ def byte_to_int(self, byte):
+- return struct.unpack(b'B', byte)[0]
++ return int(byte)
+
+ def no_neg(self, byte, byte_int, buffer):
+ # Not negotiating anything thus far. Check to see if we
+@@ -197,7 +197,7 @@ class Negotiator(object):
+ self.tcp.sendall(packed_message)
+
+ def pack(self, arr):
+- return struct.pack(b'{0}B'.format(len(arr)), *arr)
++ return struct.pack('{0}B'.format(len(arr)), *arr)
+
+ def send_iac(self, arr):
+ message = [NegTokens.IAC]
+diff --git a/tests/smbserver.py b/tests/smbserver.py
+index 195ae39..b09cd44 100755
+--- a/tests/smbserver.py
++++ b/tests/smbserver.py
+@@ -24,7 +24,7 @@
+ from __future__ import (absolute_import, division, print_function)
+ # unicode_literals)
+ import argparse
+-import ConfigParser
++import configparser
+ import os
+ import sys
+ import logging
+@@ -58,7 +58,7 @@ def smbserver(options):
+ f.write("{0}".format(pid))
+
+ # Here we write a mini config for the server
+- smb_config = ConfigParser.ConfigParser()
++ smb_config = configparser.ConfigParser()
+ smb_config.add_section("global")
+ smb_config.set("global", "server_name", "SERVICE")
+ smb_config.set("global", "server_os", "UNIX")
+--
+2.14.3
+
diff --git a/SOURCES/0104-curl-7.19.7-localhost6.patch b/SOURCES/0104-curl-7.19.7-localhost6.patch
new file mode 100644
index 0000000..4f664d3
--- /dev/null
+++ b/SOURCES/0104-curl-7.19.7-localhost6.patch
@@ -0,0 +1,51 @@
+diff --git a/tests/data/test1083 b/tests/data/test1083
+index e441278..b0958b6 100644
+--- a/tests/data/test1083
++++ b/tests/data/test1083
+@@ -33,13 +33,13 @@ ipv6
+ http-ipv6
+
+
+-HTTP-IPv6 GET with ip6-localhost --interface
++HTTP-IPv6 GET with localhost6 --interface
+
+
+--g "http://%HOST6IP:%HTTP6PORT/1083" --interface ip6-localhost
++-g "http://%HOST6IP:%HTTP6PORT/1083" --interface localhost6
+
+
+-perl -e "if ('%CLIENT6IP' ne '[::1]') {print 'Test requires default test server host address';} else {exec './server/resolve --ipv6 ip6-localhost'; print 'Cannot run precheck resolve';}"
++perl -e "if ('%CLIENT6IP' ne '[::1]') {print 'Test requires default test server host address';} else {exec './server/resolve --ipv6 localhost6'; print 'Cannot run precheck resolve';}"
+
+
+
+diff --git a/tests/data/test241 b/tests/data/test241
+index 46eae1f..4e1632c 100644
+--- a/tests/data/test241
++++ b/tests/data/test241
+@@ -30,13 +30,13 @@ ipv6
+ http-ipv6
+
+
+-HTTP-IPv6 GET (using ip6-localhost)
++HTTP-IPv6 GET (using localhost6)
+
+
+--g "http://ip6-localhost:%HTTP6PORT/241"
++-g "http://localhost6:%HTTP6PORT/241"
+
+
+-./server/resolve --ipv6 ip6-localhost
++./server/resolve --ipv6 localhost6
+
+
+
+@@ -48,7 +48,7 @@ HTTP-IPv6 GET (using ip6-localhost)
+
+
+ GET /241 HTTP/1.1
+-Host: ip6-localhost:%HTTP6PORT
++Host: localhost6:%HTTP6PORT
+ Accept: */*
+
+
diff --git a/SPECS/curl.spec b/SPECS/curl.spec
new file mode 100644
index 0000000..1ec256f
--- /dev/null
+++ b/SPECS/curl.spec
@@ -0,0 +1,1700 @@
+Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
+Name: curl
+Version: 7.61.1
+Release: 8%{?dist}
+License: MIT
+Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz
+
+# test320: update expected output for gnutls-3.6.4
+Patch1: 0001-curl-7.61.1-test320-gnutls.patch
+
+# update the documentation of --tlsv1.0 in curl(1) man page (#1620217)
+Patch2: 0002-curl-7.61.1-tlsv1.0-man.patch
+
+# enable TLS 1.3 post-handshake auth in OpenSSL (#1636900)
+Patch3: 0003-curl-7.61.1-TLS-1.3-PHA.patch
+
+# fix bad arethmetic when outputting warnings to stderr (CVE-2018-16842)
+Patch4: 0004-curl-7.61.1-CVE-2018-16842.patch
+# we need `git apply` to apply this patch
+BuildRequires: git
+
+# fix use-after-free in handle close (CVE-2018-16840)
+Patch5: 0005-curl-7.61.1-CVE-2018-16840.patch
+
+# SASL password overflow via integer overflow (CVE-2018-16839)
+Patch6: 0006-curl-7.61.1-CVE-2018-16839.patch
+
+# curl -J: do not append to the destination file (#1660827)
+Patch7: 0007-curl-7.63.0-JO-preserve-local-file.patch
+
+# patch making libcurl multilib ready
+Patch101: 0101-curl-7.32.0-multilib.patch
+
+# prevent configure script from discarding -g in CFLAGS (#496778)
+Patch102: 0102-curl-7.36.0-debug.patch
+
+# migrate tests/http_pipe.py to Python 3
+Patch103: 0103-curl-7.59.0-python3.patch
+
+# use localhost6 instead of ip6-localhost in the curl test-suite
+Patch104: 0104-curl-7.19.7-localhost6.patch
+
+Provides: curl-full = %{version}-%{release}
+Provides: webclient
+URL: https://curl.haxx.se/
+BuildRequires: automake
+BuildRequires: brotli-devel
+BuildRequires: coreutils
+BuildRequires: gcc
+BuildRequires: groff
+BuildRequires: krb5-devel
+BuildRequires: libidn2-devel
+BuildRequires: libmetalink-devel
+BuildRequires: libnghttp2-devel
+BuildRequires: libpsl-devel
+BuildRequires: libssh-devel
+BuildRequires: make
+BuildRequires: openldap-devel
+BuildRequires: openssh-clients
+BuildRequires: openssh-server
+BuildRequires: openssl-devel
+BuildRequires: pkgconfig
+BuildRequires: python3-devel
+BuildRequires: sed
+BuildRequires: stunnel
+BuildRequires: zlib-devel
+
+# needed to compress content of tool_hugehelp.c after changing curl.1 man page
+BuildRequires: perl(IO::Compress::Gzip)
+
+# gnutls-serv is used by the upstream test-suite
+BuildRequires: gnutls-utils
+
+# nghttpx (an HTTP/2 proxy) is used by the upstream test-suite
+BuildRequires: nghttp2
+
+# perl modules used in the test suite
+BuildRequires: perl(Cwd)
+BuildRequires: perl(Digest::MD5)
+BuildRequires: perl(Exporter)
+BuildRequires: perl(File::Basename)
+BuildRequires: perl(File::Copy)
+BuildRequires: perl(File::Spec)
+BuildRequires: perl(IPC::Open2)
+BuildRequires: perl(MIME::Base64)
+BuildRequires: perl(strict)
+BuildRequires: perl(Time::Local)
+BuildRequires: perl(Time::HiRes)
+BuildRequires: perl(warnings)
+BuildRequires: perl(vars)
+
+# The test-suite runs automatically through valgrind if valgrind is available
+# on the system. By not installing valgrind into mock's chroot, we disable
+# this feature for production builds on architectures where valgrind is known
+# to be less reliable, in order to avoid unnecessary build failures (see RHBZ
+# #810992, #816175, and #886891). Nevertheless developers are free to install
+# valgrind manually to improve test coverage on any architecture.
+%ifarch x86_64 %{ix86}
+BuildRequires: valgrind
+%endif
+
+# using an older version of libcurl could result in CURLE_UNKNOWN_OPTION
+Requires: libcurl%{?_isa} >= %{version}-%{release}
+
+# require at least the version of libpsl that we were built against,
+# to ensure that we have the necessary symbols available (#1631804)
+%global libpsl_version %(pkg-config --modversion libpsl 2>/dev/null || echo 0)
+
+# require at least the version of libssh that we were built against,
+# to ensure that we have the necessary symbols available (#525002, #642796)
+%global libssh_version %(pkg-config --modversion libssh 2>/dev/null || echo 0)
+
+# require at least the version of openssl-libs that we were built against,
+# to ensure that we have the necessary symbols available (#1462184, #1462211)
+%global openssl_version %(pkg-config --modversion openssl 2>/dev/null || echo 0)
+
+%description
+curl is a command line tool for transferring data with URL syntax, supporting
+FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP,
+SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP
+uploading, HTTP form based upload, proxies, cookies, user+password
+authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer
+resume, proxy tunneling and a busload of other useful tricks.
+
+%package -n libcurl
+Summary: A library for getting files from web servers
+Requires: libpsl%{?_isa} >= %{libpsl_version}
+Requires: libssh%{?_isa} >= %{libssh_version}
+Requires: openssl-libs%{?_isa} >= 1:%{openssl_version}
+Provides: libcurl-full = %{version}-%{release}
+Provides: libcurl-full%{?_isa} = %{version}-%{release}
+
+%description -n libcurl
+libcurl is a free and easy-to-use client-side URL transfer library, supporting
+FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP,
+SMTP, POP3 and RTSP. libcurl supports SSL certificates, HTTP POST, HTTP PUT,
+FTP uploading, HTTP form based upload, proxies, cookies, user+password
+authentication (Basic, Digest, NTLM, Negotiate, Kerberos4), file transfer
+resume, http proxy tunneling and more.
+
+%package -n libcurl-devel
+Summary: Files needed for building applications with libcurl
+Requires: libcurl%{?_isa} = %{version}-%{release}
+
+Provides: curl-devel = %{version}-%{release}
+Provides: curl-devel%{?_isa} = %{version}-%{release}
+Obsoletes: curl-devel < %{version}-%{release}
+
+%description -n libcurl-devel
+The libcurl-devel package includes header files and libraries necessary for
+developing programs which use the libcurl library. It contains the API
+documentation of the library, too.
+
+%package -n curl-minimal
+Summary: Conservatively configured build of curl for minimal installations
+Provides: curl = %{version}-%{release}
+Conflicts: curl
+RemovePathPostfixes: .minimal
+
+# using an older version of libcurl could result in CURLE_UNKNOWN_OPTION
+Requires: libcurl%{?_isa} >= %{version}-%{release}
+
+%description -n curl-minimal
+This is a replacement of the 'curl' package for minimal installations. It
+comes with a limited set of features compared to the 'curl' package. On the
+other hand, the package is smaller and requires fewer run-time dependencies to
+be installed.
+
+%package -n libcurl-minimal
+Summary: Conservatively configured build of libcurl for minimal installations
+Requires: openssl-libs%{?_isa} >= 1:%{openssl_version}
+Provides: libcurl = %{version}-%{release}
+Provides: libcurl%{?_isa} = %{version}-%{release}
+Conflicts: libcurl
+RemovePathPostfixes: .minimal
+# needed for RemovePathPostfixes to work with shared libraries
+%undefine __brp_ldconfig
+
+%description -n libcurl-minimal
+This is a replacement of the 'libcurl' package for minimal installations. It
+comes with a limited set of features compared to the 'libcurl' package. On the
+other hand, the package is smaller and requires fewer run-time dependencies to
+be installed.
+
+%prep
+%setup -q
+
+# upstream patches
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1
+git init
+git apply %{PATCH4}
+%patch5 -p1
+%patch6 -p1
+%patch7 -p1
+
+# Fedora patches
+%patch101 -p1
+%patch102 -p1
+%patch103 -p1
+%patch104 -p1
+
+# make tests/*.py use Python 3
+sed -e '1 s|^#!/.*python|#!%{__python3}|' -i tests/*.py
+
+# regenerate Makefile.in files
+aclocal -I m4
+automake
+
+# disable test 1112 (#565305), test 1455 (occasionally fails with 'bind failed
+# with errno 98: Address already in use' in Koji environment), and test 1801
+#
+# and test 1900, which is flaky and covers a deprecated feature of libcurl
+#
+printf "1112\n1455\n1801\n1900\n" >> tests/data/DISABLED
+
+# disable test 1319 on ppc64 (server times out)
+%ifarch ppc64
+echo "1319" >> tests/data/DISABLED
+%endif
+
+# temporarily disable test 582 on s390x (client times out)
+%ifarch s390x
+echo "582" >> tests/data/DISABLED
+%endif
+
+# adapt test 323 for updated OpenSSL
+sed -e 's/^35$/35,52/' -i tests/data/test323
+
+%build
+mkdir build-{full,minimal}
+export common_configure_opts=" \
+ --cache-file=../config.cache \
+ --disable-static \
+ --enable-symbol-hiding \
+ --enable-ipv6 \
+ --enable-threaded-resolver \
+ --with-gssapi \
+ --with-nghttp2 \
+ --with-ssl --with-ca-bundle=%{_sysconfdir}/pki/tls/certs/ca-bundle.crt"
+
+%global _configure ../configure
+
+# configure minimal build
+(
+ cd build-minimal
+ %configure $common_configure_opts \
+ --disable-ldap \
+ --disable-ldaps \
+ --disable-manual \
+ --without-brotli \
+ --without-libidn2 \
+ --without-libmetalink \
+ --without-libpsl \
+ --without-libssh
+)
+
+# configure full build
+(
+ cd build-full
+ %configure $common_configure_opts \
+ --enable-ldap \
+ --enable-ldaps \
+ --enable-manual \
+ --with-brotli \
+ --with-libidn2 \
+ --with-libmetalink \
+ --with-libpsl \
+ --with-libssh
+)
+
+# avoid using rpath
+sed -e 's/^runpath_var=.*/runpath_var=/' \
+ -e 's/^hardcode_libdir_flag_spec=".*"$/hardcode_libdir_flag_spec=""/' \
+ -i build-{full,minimal}/libtool
+
+make %{?_smp_mflags} V=1 -C build-minimal
+make %{?_smp_mflags} V=1 -C build-full
+
+%check
+# we have to override LD_LIBRARY_PATH because we eliminated rpath
+LD_LIBRARY_PATH="$RPM_BUILD_ROOT%{_libdir}:$LD_LIBRARY_PATH"
+export LD_LIBRARY_PATH
+
+# compile upstream test-cases
+cd build-full/tests
+make %{?_smp_mflags} V=1
+
+# relax crypto policy for the test-suite to make it pass again (#1611712)
+export OPENSSL_SYSTEM_CIPHERS_OVERRIDE=XXX
+export OPENSSL_CONF=
+
+# run the upstream test-suite
+srcdir=../../tests perl -I../../tests ../../tests/runtests.pl -a -p -v '!flaky'
+
+%install
+# install and rename the library that will be packaged as libcurl-minimal
+make DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p" install -C build-minimal/lib
+rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.{la,so}
+for i in ${RPM_BUILD_ROOT}%{_libdir}/*; do
+ mv -v $i $i.minimal
+done
+
+# install and rename the executable that will be packaged as curl-minimal
+make DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p" install -C build-minimal/src
+mv -v ${RPM_BUILD_ROOT}%{_bindir}/curl{,.minimal}
+
+# install libcurl.m4
+install -d $RPM_BUILD_ROOT%{_datadir}/aclocal
+install -m 644 docs/libcurl/libcurl.m4 $RPM_BUILD_ROOT%{_datadir}/aclocal
+
+# install the executable and library that will be packaged as curl and libcurl
+cd build-full
+make DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p" install
+
+# install zsh completion for curl
+# (we have to override LD_LIBRARY_PATH because we eliminated rpath)
+LD_LIBRARY_PATH="$RPM_BUILD_ROOT%{_libdir}:$LD_LIBRARY_PATH" \
+ make DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p" install -C scripts
+
+rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
+
+%ldconfig_scriptlets -n libcurl
+
+%ldconfig_scriptlets -n libcurl-minimal
+
+%files
+%doc CHANGES README*
+%doc docs/BUGS docs/FAQ docs/FEATURES
+%doc docs/MANUAL docs/RESOURCES
+%doc docs/TheArtOfHttpScripting docs/TODO
+%{_bindir}/curl
+%{_mandir}/man1/curl.1*
+%{_datadir}/zsh/site-functions
+
+%files -n libcurl
+%license COPYING
+%{_libdir}/libcurl.so.4
+%{_libdir}/libcurl.so.4.[0-9].[0-9]
+
+%files -n libcurl-devel
+%doc docs/examples/*.c docs/examples/Makefile.example docs/INTERNALS.md
+%doc docs/CONTRIBUTE.md docs/libcurl/ABI
+%{_bindir}/curl-config*
+%{_includedir}/curl
+%{_libdir}/*.so
+%{_libdir}/pkgconfig/*.pc
+%{_mandir}/man1/curl-config.1*
+%{_mandir}/man3/*
+%{_datadir}/aclocal/libcurl.m4
+
+%files -n curl-minimal
+%{_bindir}/curl.minimal
+%{_mandir}/man1/curl.1*
+
+%files -n libcurl-minimal
+%license COPYING
+%{_libdir}/libcurl.so.4.minimal
+%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
+
+%changelog
+* Fri Jan 11 2019 Kamil Dudka - 7.61.1-8
+- curl -J: do not append to the destination file (#1660827)
+
+* Thu Nov 15 2018 Kamil Dudka - 7.61.1-7
+- make the patch for CVE-2018-16842 apply properly (CVE-2018-16842)
+
+* Mon Nov 05 2018 Kamil Dudka - 7.61.1-6
+- SASL password overflow via integer overflow (CVE-2018-16839)
+- fix use-after-free in handle close (CVE-2018-16840)
+- fix bad arethmetic when outputting warnings to stderr (CVE-2018-16842)
+
+* Thu Oct 11 2018 Kamil Dudka - 7.61.1-5
+- enable TLS 1.3 post-handshake auth in OpenSSL (#1636900)
+
+* Mon Oct 08 2018 Kamil Dudka - 7.61.1-4
+- make the built-in manual compressed again (#1620217)
+
+* Mon Oct 08 2018 Kamil Dudka - 7.61.1-3
+- update the documentation of --tlsv1.0 in curl(1) man page (#1620217)
+
+* Thu Oct 04 2018 Kamil Dudka - 7.61.1-2
+- enforce versioned libpsl dependency for libcurl (#1631804)
+
+* Thu Oct 04 2018 Kamil Dudka - 7.61.1-1
+- test320: update expected output for gnutls-3.6.4
+- new upstream release (#1625677)
+
+* Thu Aug 09 2018 Kamil Dudka - 7.61.0-5
+- ssl: set engine implicitly when a PKCS#11 URI is provided (#1219544)
+
+* Tue Aug 07 2018 Kamil Dudka - 7.61.0-4
+- relax crypto policy for the test-suite to make it pass again (#1611712)
+
+* Tue Jul 31 2018 Kamil Dudka - 7.61.0-3
+- disable flaky test 1900, which covers deprecated HTTP pipelining
+- adapt test 323 for updated OpenSSL
+
+* Tue Jul 17 2018 Kamil Dudka - 7.61.0-2
+- rebuild against against brotli-1.0.5
+
+* Wed Jul 11 2018 Kamil Dudka - 7.61.0-1
+- new upstream release, which fixes the following vulnerability
+ CVE-2018-0500 - SMTP send heap buffer overflow
+
+* Tue Jul 10 2018 Kamil Dudka - 7.60.0-3
+- enable support for brotli compression in libcurl-full
+
+* Wed Jul 04 2018 Kamil Dudka - 7.60.0-2
+- do not hard-wire path of the Python 3 interpreter
+
+* Wed May 16 2018 Kamil Dudka - 7.60.0-1
+- new upstream release, which fixes the following vulnerabilities
+ CVE-2018-1000300 - FTP shutdown response buffer overflow
+ CVE-2018-1000301 - RTSP bad headers buffer over-read
+
+* Thu Mar 15 2018 Kamil Dudka - 7.59.0-3
+- make the test-suite use Python 3
+
+* Wed Mar 14 2018 Kamil Dudka - 7.59.0-2
+- ftp: fix typo in recursive callback detection for seeking
+
+* Wed Mar 14 2018 Kamil Dudka - 7.59.0-1
+- new upstream release, which fixes the following vulnerabilities
+ CVE-2018-1000120 - FTP path trickery leads to NIL byte out of bounds write
+ CVE-2018-1000121 - LDAP NULL pointer dereference
+ CVE-2018-1000122 - RTSP RTP buffer over-read
+
+* Mon Mar 12 2018 Kamil Dudka - 7.58.0-8
+- http2: mark the connection for close on GOAWAY
+
+* Mon Feb 19 2018 Paul Howarth - 7.58.0-7
+- Add explicity-used build requirements
+- Fix libcurl soname version number in %%files list to avoid accidental soname
+ bumps
+
+* Thu Feb 15 2018 Paul Howarth - 7.58.0-6
+- switch to %%ldconfig_scriptlets
+- drop legacy BuildRoot: and Group: tags
+- enforce versioned libssh dependency for libcurl
+
+* Tue Feb 13 2018 Kamil Dudka - 7.58.0-5
+- drop temporary workaround for #1540549
+
+* Wed Feb 07 2018 Fedora Release Engineering - 7.58.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Wed Jan 31 2018 Kamil Dudka - 7.58.0-3
+- temporarily work around internal compiler error on x86_64 (#1540549)
+- disable brp-ldconfig to make RemovePathPostfixes work with shared libs again
+
+* Wed Jan 24 2018 Andreas Schneider - 7.58.0-2
+- use libssh (instead of libssh2) to implement SCP/SFTP in libcurl (#1531483)
+
+* Wed Jan 24 2018 Kamil Dudka - 7.58.0-1
+- new upstream release, which fixes the following vulnerabilities
+ CVE-2018-1000005 - curl: HTTP/2 trailer out-of-bounds read
+ CVE-2018-1000007 - curl: HTTP authentication leak in redirects
+
+* Wed Nov 29 2017 Kamil Dudka - 7.57.0-1
+- new upstream release, which fixes the following vulnerabilities
+ CVE-2017-8816 - curl: NTLM buffer overflow via integer overflow
+ CVE-2017-8817 - curl: FTP wildcard out of bounds read
+ CVE-2017-8818 - curl: SSL out of buffer access
+
+* Mon Oct 23 2017 Kamil Dudka - 7.56.1-1
+- new upstream release (fixes CVE-2017-1000257)
+
+* Wed Oct 04 2017 Kamil Dudka - 7.56.0-1
+- new upstream release (fixes CVE-2017-1000254)
+
+* Mon Aug 28 2017 Kamil Dudka - 7.55.1-5
+- apply the patch for the previous commit and fix its name (#1485702)
+
+* Mon Aug 28 2017 Bastien Nocera - 7.55.1-4
+- Fix NetworkManager connectivity check not working (#1485702)
+
+* Tue Aug 22 2017 Kamil Dudka 7.55.1-3
+- utilize system wide crypto policies for TLS (#1483972)
+
+* Tue Aug 15 2017 Kamil Dudka 7.55.1-2
+- make zsh completion work again
+
+* Mon Aug 14 2017 Kamil Dudka 7.55.1-1
+- new upstream release
+
+* Wed Aug 09 2017 Kamil Dudka 7.55.0-1
+- drop multilib fix for libcurl header files no longer needed
+- new upstream release, which fixes the following vulnerabilities
+ CVE-2017-1000099 - FILE buffer read out of bounds
+ CVE-2017-1000100 - TFTP sends more than buffer size
+ CVE-2017-1000101 - URL globbing out of bounds read
+
+* Wed Aug 02 2017 Fedora Release Engineering - 7.54.1-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Fri Jul 28 2017 Florian Weimer - 7.54.1-7
+- Rebuild with fixed binutils (#1475636)
+
+* Fri Jul 28 2017 Igor Gnatenko - 7.54.1-6
+- Enable separate debuginfo back
+
+* Thu Jul 27 2017 Kamil Dudka 7.54.1-5
+- rebuild to fix broken linkage of cmake on ppc64le
+
+* Wed Jul 26 2017 Kamil Dudka 7.54.1-4
+- avoid build failure caused broken RPM code that produces debuginfo packages
+
+* Wed Jul 26 2017 Fedora Release Engineering - 7.54.1-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Mon Jun 19 2017 Kamil Dudka 7.54.1-2
+- enforce versioned openssl-libs dependency for libcurl (#1462184)
+
+* Wed Jun 14 2017 Kamil Dudka 7.54.1-1
+- new upstream release
+
+* Tue May 16 2017 Kamil Dudka 7.54.0-5
+- add *-full provides for curl and libcurl to make them explicitly installable
+
+* Thu May 04 2017 Kamil Dudka 7.54.0-4
+- make curl-minimal require a new enough version of libcurl
+
+* Thu Apr 27 2017 Kamil Dudka 7.54.0-3
+- switch the TLS backend back to OpenSSL (#1445153)
+
+* Tue Apr 25 2017 Kamil Dudka 7.54.0-2
+- nss: use libnssckbi.so as the default source of trust
+- nss: do not leak PKCS #11 slot while loading a key (#1444860)
+
+* Thu Apr 20 2017 Kamil Dudka 7.54.0-1
+- new upstream release (fixes CVE-2017-7468)
+
+* Thu Apr 13 2017 Paul Howarth 7.53.1-7
+- add %%post and %%postun scriptlets for libcurl-minimal
+- libcurl-minimal provides both libcurl and libcurl%%{?_isa}
+- remove some legacy spec file cruft
+
+* Wed Apr 12 2017 Kamil Dudka 7.53.1-6
+- provide (lib)curl-minimal subpackages with lightweight build of (lib)curl
+
+* Mon Apr 10 2017 Kamil Dudka 7.53.1-5
+- disable upstream test 2033 (flaky test for HTTP/1 pipelining)
+
+* Fri Apr 07 2017 Kamil Dudka 7.53.1-4
+- fix out of bounds read in curl --write-out (CVE-2017-7407)
+
+* Mon Mar 06 2017 Kamil Dudka 7.53.1-3
+- make the dependency on nss-pem arch-specific (#1428550)
+
+* Thu Mar 02 2017 Kamil Dudka 7.53.1-2
+- re-enable valgrind on ix86 because sqlite is fixed (#1428286)
+
+* Fri Feb 24 2017 Kamil Dudka 7.53.1-1
+- new upstream release
+
+* Wed Feb 22 2017 Kamil Dudka 7.53.0-1
+- do not use valgrind on ix86 until sqlite is rebuilt by patched GCC (#1423434)
+- new upstream release (fixes CVE-2017-2629)
+
+* Fri Feb 10 2017 Fedora Release Engineering - 7.52.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Fri Dec 23 2016 Kamil Dudka 7.52.1-1
+- new upstream release (fixes CVE-2016-9586)
+
+* Mon Nov 21 2016 Kamil Dudka 7.51.0-3
+- map CURL_SSLVERSION_DEFAULT to NSS default, add support for TLS 1.3 (#1396719)
+
+* Tue Nov 15 2016 Kamil Dudka 7.51.0-2
+- stricter host name checking for file:// URLs
+- ssh: check md5 fingerprints case insensitively
+
+* Wed Nov 02 2016 Kamil Dudka 7.51.0-1
+- temporarily disable failing libidn2 test-cases
+- new upstream release, which fixes the following vulnerabilities
+ CVE-2016-8615 - Cookie injection for other servers
+ CVE-2016-8616 - Case insensitive password comparison
+ CVE-2016-8617 - Out-of-bounds write via unchecked multiplication
+ CVE-2016-8618 - Double-free in curl_maprintf
+ CVE-2016-8619 - Double-free in krb5 code
+ CVE-2016-8620 - Glob parser write/read out of bounds
+ CVE-2016-8621 - curl_getdate out-of-bounds read
+ CVE-2016-8622 - URL unescape heap overflow via integer truncation
+ CVE-2016-8623 - Use-after-free via shared cookies
+ CVE-2016-8624 - Invalid URL parsing with '#'
+ CVE-2016-8625 - IDNA 2003 makes curl use wrong host
+
+* Thu Oct 20 2016 Kamil Dudka 7.50.3-3
+- drop 0103-curl-7.50.0-stunnel.patch no longer needed
+
+* Fri Oct 07 2016 Kamil Dudka 7.50.3-2
+- use the just built version of libcurl while generating zsh completion
+
+* Wed Sep 14 2016 Kamil Dudka 7.50.3-1
+- new upstream release (fixes CVE-2016-7167)
+
+* Wed Sep 07 2016 Kamil Dudka 7.50.2-1
+- new upstream release
+
+* Fri Aug 26 2016 Kamil Dudka 7.50.1-2
+- work around race condition in PK11_FindSlotByName()
+- fix incorrect use of a previously loaded certificate from file
+ (related to CVE-2016-5420)
+
+* Wed Aug 03 2016 Kamil Dudka 7.50.1-1
+- new upstream release (fixes CVE-2016-5419, CVE-2016-5420, and CVE-2016-5421)
+
+* Tue Jul 26 2016 Kamil Dudka 7.50.0-2
+- run HTTP/2 tests on all architectures (#1360319 now worked around in nghttp2)
+
+* Thu Jul 21 2016 Kamil Dudka 7.50.0-1
+- run HTTP/2 tests only on Intel for now to work around #1358845
+- require nss-pem because it is no longer included in the nss package (#1347336)
+- fix HTTPS and FTPS tests (work around stunnel bug #1358810)
+- new upstream release
+
+* Fri Jun 17 2016 Kamil Dudka 7.49.1-3
+- use multilib-rpm-config to install arch-dependent header files
+
+* Fri Jun 03 2016 Kamil Dudka 7.49.1-2
+- fix SIGSEGV of the curl tool while parsing URL with too many globs (#1340757)
+
+* Mon May 30 2016 Kamil Dudka 7.49.1-1
+- new upstream release
+
+* Wed May 18 2016 Kamil Dudka 7.49.0-1
+- new upstream release
+
+* Wed Mar 23 2016 Kamil Dudka 7.48.0-1
+- new upstream release
+
+* Wed Mar 02 2016 Kamil Dudka 7.47.1-4
+- do not refuse cookies for localhost (#1308791)
+
+* Wed Feb 17 2016 Kamil Dudka 7.47.1-3
+- make SCP and SFTP test-cases work with up2date OpenSSH
+
+* Wed Feb 10 2016 Kamil Dudka 7.47.1-2
+- enable support for Public Suffix List (#1305701)
+
+* Mon Feb 08 2016 Kamil Dudka 7.47.1-1
+- new upstream release
+
+* Wed Feb 03 2016 Fedora Release Engineering - 7.47.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Wed Jan 27 2016 Kamil Dudka 7.47.0-1
+- new upstream release (fixes CVE-2016-0755)
+
+* Fri Dec 4 2015 Kamil Dudka 7.46.0-2
+- own /usr/share/zsh/site-functions instead of requiring zsh (#1288529)
+
+* Wed Dec 2 2015 Kamil Dudka 7.46.0-1
+- disable silent builds (suggested by Paul Howarth)
+- use default port numbers when running the upstream test-suite
+- install zsh completion script
+- new upstream release
+
+* Wed Oct 7 2015 Paul Howarth 7.45.0-1
+- new upstream release
+- drop %%defattr, redundant since rpm 4.4
+
+* Fri Sep 18 2015 Kamil Dudka 7.44.0-2
+- prevent NSS from incorrectly re-using a session (#1104597)
+
+* Wed Aug 12 2015 Kamil Dudka 7.44.0-1
+- new upstream release
+
+* Thu Jul 30 2015 Kamil Dudka 7.43.0-3
+- prevent dnf from crashing when using both FTP and HTTP (#1248389)
+
+* Thu Jul 16 2015 Kamil Dudka 7.43.0-2
+- build support for the HTTP/2 protocol
+
+* Wed Jun 17 2015 Kamil Dudka 7.43.0-1
+- new upstream release (fixes CVE-2015-3236 and CVE-2015-3237)
+
+* Wed Jun 17 2015 Fedora Release Engineering - 7.42.1-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Fri Jun 05 2015 Kamil Dudka 7.42.1-2
+- curl-config --libs now works on x86_64 without libcurl-devel.x86_64 (#1228363)
+
+* Wed Apr 29 2015 Kamil Dudka 7.42.1-1
+- new upstream release (fixes CVE-2015-3153)
+
+* Wed Apr 22 2015 Kamil Dudka 7.42.0-1
+- new upstream release (fixes CVE-2015-3143, CVE-2015-3144, CVE-2015-3145,
+ and CVE-2015-3148)
+- implement public key pinning for NSS backend (#1195771)
+- do not run flaky test-cases in %%check
+
+* Wed Feb 25 2015 Kamil Dudka 7.41.0-1
+- new upstream release
+- include extern-scan.pl to make test1135 succeed (upstream commit 1514b718)
+
+* Mon Feb 23 2015 Kamil Dudka 7.40.0-3
+- fix a spurious connect failure on dual-stacked hosts (#1187531)
+
+* Sat Feb 21 2015 Till Maas - 7.40.0-2
+- Rebuilt for Fedora 23 Change
+ https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code
+
+* Thu Jan 08 2015 Kamil Dudka 7.40.0-1
+- new upstream release (fixes CVE-2014-8150)
+
+* Wed Nov 05 2014 Kamil Dudka 7.39.0-1
+- new upstream release (fixes CVE-2014-3707)
+
+* Tue Oct 21 2014 Kamil Dudka 7.38.0-2
+- fix a connection failure when FTPS handle is reused
+
+* Wed Sep 10 2014 Kamil Dudka 7.38.0-1
+- new upstream release (fixes CVE-2014-3613 and CVE-2014-3620)
+
+* Sat Aug 16 2014 Fedora Release Engineering - 7.37.1-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Wed Aug 13 2014 Rex Dieter 7.37.1-2
+- include arch'd Requires/Provides
+
+* Wed Jul 16 2014 Kamil Dudka 7.37.1-1
+- new upstream release
+- fix endless loop with GSSAPI proxy auth (patches by David Woodhouse, #1118751)
+
+* Fri Jul 11 2014 Tom Callaway 7.37.0-4
+- fix license handling
+
+* Fri Jul 04 2014 Kamil Dudka 7.37.0-3
+- various SSL-related fixes (mainly crash on connection failure)
+
+* Sat Jun 07 2014 Fedora Release Engineering - 7.37.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Wed May 21 2014 Kamil Dudka 7.37.0-1
+- new upstream release
+
+* Fri May 09 2014 Kamil Dudka 7.36.0-4
+- auth failure on duplicated 'WWW-Authenticate: Negotiate' header (#1093348)
+
+* Fri Apr 25 2014 Kamil Dudka 7.36.0-3
+- nss: implement non-blocking SSL handshake
+
+* Wed Apr 02 2014 Kamil Dudka 7.36.0-2
+- extend URL parser to support IPv6 zone identifiers (#680996)
+
+* Wed Mar 26 2014 Kamil Dudka 7.36.0-1
+- new upstream release (fixes CVE-2014-0138)
+
+* Mon Mar 17 2014 Paul Howarth 7.35.0-5
+- add all perl build requirements for the test suite, in a portable way
+
+* Mon Mar 17 2014 Kamil Dudka 7.35.0-4
+- add BR for perl-Digest-MD5, which is required by the test-suite
+
+* Wed Mar 05 2014 Kamil Dudka 7.35.0-3
+- avoid spurious failure of test1086 on s390(x) koji builders (#1072273)
+
+* Tue Feb 25 2014 Kamil Dudka 7.35.0-2
+- refresh expired cookie in test172 from upstream test-suite (#1068967)
+
+* Wed Jan 29 2014 Kamil Dudka 7.35.0-1
+- new upstream release (fixes CVE-2014-0015)
+
+* Wed Dec 18 2013 Kamil Dudka 7.34.0-1
+- new upstream release
+
+* Mon Dec 02 2013 Kamil Dudka 7.33.0-2
+- allow to use TLS > 1.0 if built against recent NSS
+
+* Mon Oct 14 2013 Kamil Dudka 7.33.0-1
+- new upstream release
+- fix missing initialization in NTLM code causing test 906 to fail
+- fix missing initialization in SSH code causing test 619 to fail
+
+* Fri Oct 11 2013 Kamil Dudka 7.32.0-3
+- do not limit the speed of SCP upload on a fast connection
+
+* Mon Sep 09 2013 Kamil Dudka 7.32.0-2
+- avoid delay if FTP is aborted in CURLOPT_HEADERFUNCTION callback (#1005686)
+
+* Mon Aug 12 2013 Kamil Dudka 7.32.0-1
+- new upstream release
+- make sure that NSS is initialized prior to calling PK11_GenerateRandom()
+
+* Sat Aug 03 2013 Fedora Release Engineering - 7.31.0-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
+
+* Tue Jul 09 2013 Kamil Dudka 7.31.0-4
+- mention all option listed in 'curl --help' in curl.1 man page
+
+* Tue Jul 02 2013 Kamil Dudka 7.31.0-3
+- restore the functionality of 'curl -u :'
+
+* Wed Jun 26 2013 Kamil Dudka 7.31.0-2
+- build the curl tool with metalink support
+
+* Sat Jun 22 2013 Kamil Dudka 7.31.0-1
+- new upstream release (fixes CVE-2013-2174)
+
+* Fri Apr 26 2013 Kamil Dudka 7.30.0-2
+- prevent an artificial timeout event due to stale speed-check data (#906031)
+
+* Fri Apr 12 2013 Kamil Dudka 7.30.0-1
+- new upstream release (fixes CVE-2013-1944)
+- prevent test-suite failure due to using non-default port ranges in tests
+
+* Tue Mar 12 2013 Kamil Dudka 7.29.0-4
+- do not ignore poll() failures other than EINTR (#919127)
+- curl_global_init() now accepts the CURL_GLOBAL_ACK_EINTR flag (#919127)
+
+* Wed Mar 06 2013 Kamil Dudka 7.29.0-3
+- switch SSL socket into non-blocking mode after handshake
+- drop the hide_selinux.c hack no longer needed in %%check
+
+* Fri Feb 22 2013 Kamil Dudka 7.29.0-2
+- fix a SIGSEGV when closing an unused multi handle (#914411)
+
+* Wed Feb 06 2013 Kamil Dudka 7.29.0-1
+- new upstream release (fixes CVE-2013-0249)
+
+* Tue Jan 15 2013 Kamil Dudka 7.28.1-3
+- require valgrind for build only on i386 and x86_64 (#886891)
+
+* Tue Jan 15 2013 Kamil Dudka 7.28.1-2
+- prevent NSS from crashing on client auth hook failure
+- clear session cache if a client cert from file is used
+- fix error messages for CURLE_SSL_{CACERT,CRL}_BADFILE
+
+* Tue Nov 20 2012 Kamil Dudka 7.28.1-1
+- new upstream release
+
+* Wed Oct 31 2012 Kamil Dudka 7.28.0-1
+- new upstream release
+
+* Mon Oct 01 2012 Kamil Dudka 7.27.0-3
+- use the upstream facility to disable problematic tests
+- do not crash if MD5 fingerprint is not provided by libssh2
+
+* Wed Aug 01 2012 Kamil Dudka 7.27.0-2
+- eliminate unnecessary inotify events on upload via file protocol (#844385)
+
+* Sat Jul 28 2012 Kamil Dudka 7.27.0-1
+- new upstream release
+
+* Mon Jul 23 2012 Kamil Dudka 7.26.0-6
+- print reason phrase from HTTP status line on error (#676596)
+
+* Wed Jul 18 2012 Fedora Release Engineering - 7.26.0-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Sat Jun 09 2012 Kamil Dudka 7.26.0-4
+- fix duplicated SSL handshake with multi interface and proxy (#788526)
+
+* Wed May 30 2012 Karsten Hopp 7.26.0-3
+- disable test 1319 on ppc64, server times out
+
+* Mon May 28 2012 Kamil Dudka 7.26.0-2
+- use human-readable error messages provided by NSS (upstream commit 72f4b534)
+
+* Fri May 25 2012 Kamil Dudka 7.26.0-1
+- new upstream release
+
+* Wed Apr 25 2012 Karsten Hopp 7.25.0-3
+- valgrind on ppc64 works fine, disable ppc32 only
+
+* Wed Apr 25 2012 Karsten Hopp 7.25.0-3
+- drop BR valgrind on PPC(64) until bugzilla #810992 gets fixed
+
+* Fri Apr 13 2012 Kamil Dudka 7.25.0-2
+- use NSS_InitContext() to initialize NSS if available (#738456)
+- provide human-readable names for NSS errors (upstream commit a60edcc6)
+
+* Fri Mar 23 2012 Paul Howarth 7.25.0-1
+- new upstream release (#806264)
+- fix character encoding of docs with a patch rather than just iconv
+- update debug and multilib patches
+- don't use macros for commands
+- reduce size of %%prep output for readability
+
+* Tue Jan 24 2012 Kamil Dudka 7.24.0-1
+- new upstream release (fixes CVE-2012-0036)
+
+* Thu Jan 05 2012 Paul Howarth 7.23.0-6
+- rebuild for gcc 4.7
+
+* Mon Jan 02 2012 Kamil Dudka 7.23.0-5
+- upstream patch that allows to run FTPS tests with nss-3.13 (#760060)
+
+* Tue Dec 27 2011 Kamil Dudka 7.23.0-4
+- allow to run FTPS tests with nss-3.13 (#760060)
+
+* Sun Dec 25 2011 Kamil Dudka 7.23.0-3
+- avoid unnecessary timeout event when waiting for 100-continue (#767490)
+
+* Mon Nov 21 2011 Kamil Dudka 7.23.0-2
+- curl -JO now uses -O name if no C-D header comes (upstream commit c532604)
+
+* Wed Nov 16 2011 Kamil Dudka 7.23.0-1
+- new upstream release (#754391)
+
+* Mon Sep 19 2011 Kamil Dudka 7.22.0-2
+- nss: select client certificates by DER (#733657)
+
+* Tue Sep 13 2011 Kamil Dudka 7.22.0-1
+- new upstream release
+- curl-config now provides dummy --static-libs option (#733956)
+
+* Sun Aug 21 2011 Paul Howarth 7.21.7-4
+- actually fix SIGSEGV of curl -O -J given more than one URL (#723075)
+
+* Mon Aug 15 2011 Kamil Dudka 7.21.7-3
+- fix SIGSEGV of curl -O -J given more than one URL (#723075)
+- introduce the --delegation option of curl (#730444)
+- initialize NSS with no database if the selected database is broken (#728562)
+
+* Wed Aug 03 2011 Kamil Dudka 7.21.7-2
+- add a new option CURLOPT_GSSAPI_DELEGATION (#719939)
+
+* Thu Jun 23 2011 Kamil Dudka 7.21.7-1
+- new upstream release (fixes CVE-2011-2192)
+
+* Wed Jun 08 2011 Kamil Dudka 7.21.6-2
+- avoid an invalid timeout event on a reused handle (#679709)
+
+* Sat Apr 23 2011 Paul Howarth 7.21.6-1
+- new upstream release
+
+* Mon Apr 18 2011 Kamil Dudka 7.21.5-2
+- fix the output of curl-config --version (upstream commit 82ecc85)
+
+* Mon Apr 18 2011 Kamil Dudka 7.21.5-1
+- new upstream release
+
+* Sat Apr 16 2011 Peter Robinson 7.21.4-4
+- no valgrind on ARMv5 arches
+
+* Sat Mar 05 2011 Dennis Gilmore 7.21.4-3
+- no valgrind on sparc arches
+
+* Tue Feb 22 2011 Kamil Dudka 7.21.4-2
+- do not ignore failure of SSL handshake (upstream commit 7aa2d10)
+
+* Fri Feb 18 2011 Kamil Dudka 7.21.4-1
+- new upstream release
+- avoid memory leak on SSL connection failure (upstream commit a40f58d)
+- work around valgrind bug (#678518)
+
+* Tue Feb 08 2011 Fedora Release Engineering - 7.21.3-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
+
+* Wed Jan 12 2011 Kamil Dudka 7.21.3-2
+- build libcurl with --enable-hidden-symbols
+
+* Thu Dec 16 2010 Paul Howarth 7.21.3-1
+- update to 7.21.3:
+ - added --noconfigure switch to testcurl.pl
+ - added --xattr option
+ - added CURLOPT_RESOLVE and --resolve
+ - added CURLAUTH_ONLY
+ - added version-check.pl to the examples dir
+ - check for libcurl features for some command line options
+ - Curl_setopt: disallow CURLOPT_USE_SSL without SSL support
+ - http_chunks: remove debug output
+ - URL-parsing: consider ? a divider
+ - SSH: avoid using the libssh2_ prefix
+ - SSH: use libssh2_session_handshake() to work on win64
+ - ftp: prevent server from hanging on closed data connection when stopping
+ a transfer before the end of the full transfer (ranges)
+ - LDAP: detect non-binary attributes properly
+ - ftp: treat server's response 421 as CURLE_OPERATION_TIMEDOUT
+ - gnutls->handshake: improved timeout handling
+ - security: pass the right parameter to init
+ - krb5: use GSS_ERROR to check for error
+ - TFTP: resend the correct data
+ - configure: fix autoconf 2.68 warning: no AC_LANG_SOURCE call detected
+ - GnuTLS: now detects socket errors on Windows
+ - symbols-in-versions: updated en masse
+ - added a couple of examples that were missing from the tarball
+ - Curl_send/recv_plain: return errno on failure
+ - Curl_wait_for_resolv (for c-ares): correct timeout
+ - ossl_connect_common: detect connection re-use
+ - configure: prevent link errors with --librtmp
+ - openldap: use remote port in URL passed to ldap_init_fd()
+ - url: provide dead_connection flag in Curl_handler::disconnect
+ - lots of compiler warning fixes
+ - ssh: fix a download resume point calculation
+ - fix getinfo CURLINFO_LOCAL* for reused connections
+ - multi: the returned running handles counter could turn negative
+ - multi: only ever consider pipelining for connections doing HTTP(S)
+- drop upstream patches now in tarball
+- update bz650255 and disable-test1112 patches to apply against new codebase
+- add workaround for false-positive glibc-detected buffer overflow in tftpd
+ test server with FORTIFY_SOURCE (similar to #515361)
+
+* Fri Nov 12 2010 Kamil Dudka 7.21.2-5
+- do not send QUIT to a dead FTP control connection (#650255)
+- pull back glibc's implementation of str[n]casecmp(), #626470 appears fixed
+
+* Tue Nov 09 2010 Kamil Dudka 7.21.2-4
+- prevent FTP client from hanging on unrecognized ABOR response (#649347)
+- return more appropriate error code in case FTP server session idle
+ timeout has exceeded (#650255)
+
+* Fri Oct 29 2010 Kamil Dudka 7.21.2-3
+- prevent FTP server from hanging on closed data connection (#643656)
+
+* Thu Oct 14 2010 Paul Howarth 7.21.2-2
+- enforce versioned libssh2 dependency for libcurl (#642796)
+
+* Wed Oct 13 2010 Kamil Dudka 7.21.2-1
+- new upstream release, drop applied patches
+- make 0102-curl-7.21.2-debug.patch less intrusive
+
+* Wed Sep 29 2010 jkeating - 7.21.1-6
+- Rebuilt for gcc bug 634757
+
+* Sat Sep 11 2010 Kamil Dudka 7.21.1-5
+- make it possible to run SCP/SFTP tests on x86_64 (#632914)
+
+* Tue Sep 07 2010 Kamil Dudka 7.21.1-4
+- work around glibc/valgrind problem on x86_64 (#631449)
+
+* Tue Aug 24 2010 Paul Howarth 7.21.1-3
+- fix up patches so there's no need to run autotools in the rpm build
+- drop buildreq automake
+- drop dependency on automake for devel package from F-14, where
+ %%{_datadir}/aclocal is included in the filesystem package
+- drop dependency on pkgconfig for devel package from F-11, where
+ pkgconfig dependencies are auto-generated
+
+* Mon Aug 23 2010 Kamil Dudka 7.21.1-2
+- re-enable test575 on s390(x), already fixed (upstream commit d63bdba)
+- modify system headers to work around gcc bug (#617757)
+- curl -T now ignores file size of special files (#622520)
+- fix kerberos proxy authentication for https (#625676)
+- work around glibc/valgrind problem on x86_64 (#626470)
+
+* Thu Aug 12 2010 Kamil Dudka 7.21.1-1
+- new upstream release
+
+* Mon Jul 12 2010 Dan Horák 7.21.0-3
+- disable test 575 on s390(x)
+
+* Mon Jun 28 2010 Kamil Dudka 7.21.0-2
+- add support for NTLM authentication (#603783)
+
+* Wed Jun 16 2010 Kamil Dudka 7.21.0-1
+- new upstream release, drop applied patches
+- update of %%description
+- disable valgrind for certain test-cases (libssh2 problem)
+
+* Tue May 25 2010 Kamil Dudka 7.20.1-6
+- fix -J/--remote-header-name to strip CR-LF (upstream patch)
+
+* Wed Apr 28 2010 Kamil Dudka 7.20.1-5
+- CRL support now works again (#581926)
+- make it possible to start a testing OpenSSH server when building with SELinux
+ in the enforcing mode (#521087)
+
+* Sat Apr 24 2010 Kamil Dudka 7.20.1-4
+- upstream patch preventing failure of test536 with threaded DNS resolver
+- upstream patch preventing SSL handshake timeout underflow
+
+* Thu Apr 22 2010 Paul Howarth 7.20.1-3
+- replace Rawhide s390-sleep patch with a more targeted patch adding a
+ delay after tests 513 and 514 rather than after all tests
+
+* Wed Apr 21 2010 Kamil Dudka 7.20.1-2
+- experimentally enabled threaded DNS lookup
+- make curl-config multilib ready again (#584107)
+
+* Mon Apr 19 2010 Kamil Dudka 7.20.1-1
+- new upstream release
+
+* Tue Mar 23 2010 Kamil Dudka 7.20.0-4
+- add missing quote in libcurl.m4 (#576252)
+
+* Fri Mar 19 2010 Kamil Dudka 7.20.0-3
+- throw CURLE_SSL_CERTPROBLEM in case peer rejects a certificate (#565972)
+- valgrind temporarily disabled (#574889)
+- kerberos installation prefix has been changed
+
+* Wed Feb 24 2010 Kamil Dudka 7.20.0-2
+- exclude test1112 from the test suite (#565305)
+
+* Thu Feb 11 2010 Kamil Dudka 7.20.0-1
+- new upstream release - added support for IMAP(S), POP3(S), SMTP(S) and RTSP
+- dropped patches applied upstream
+- dropped curl-7.16.0-privlibs.patch no longer useful
+- a new patch forcing -lrt when linking the curl tool and test-cases
+
+* Fri Jan 29 2010 Kamil Dudka 7.19.7-11
+- upstream patch adding a new option -J/--remote-header-name
+- dropped temporary workaround for #545779
+
+* Thu Jan 14 2010 Chris Weyl 7.19.7-10
+- bump for libssh2 rebuild
+
+* Sun Dec 20 2009 Kamil Dudka 7.19.7-9
+- temporary workaround for #548269
+ (restored behavior of 7.19.7-4)
+
+* Wed Dec 09 2009 Kamil Dudka 7.19.7-8
+- replace hard wired port numbers in the test suite
+
+* Wed Dec 09 2009 Kamil Dudka 7.19.7-7
+- use different port numbers for 32bit and 64bit builds
+- temporary workaround for #545779
+
+* Tue Dec 08 2009 Kamil Dudka 7.19.7-6
+- make it possible to run test241
+- re-enable SCP/SFTP tests (#539444)
+
+* Sat Dec 05 2009 Kamil Dudka 7.19.7-5
+- avoid use of uninitialized value in lib/nss.c
+- suppress failure of test513 on s390
+
+* Tue Dec 01 2009 Kamil Dudka 7.19.7-4
+- do not require valgrind on s390 and s390x
+- temporarily disabled SCP/SFTP test-suite (#539444)
+
+* Thu Nov 12 2009 Kamil Dudka 7.19.7-3
+- fix crash on doubly closed NSPR descriptor, patch contributed
+ by Kevin Baughman (#534176)
+- new version of patch for broken TLS servers (#525496, #527771)
+
+* Wed Nov 04 2009 Kamil Dudka 7.19.7-2
+- increased release number (CVS problem)
+
+* Wed Nov 04 2009 Kamil Dudka 7.19.7-1
+- new upstream release, dropped applied patches
+- workaround for broken TLS servers (#525496, #527771)
+
+* Wed Oct 14 2009 Kamil Dudka 7.19.6-13
+- fix timeout issues and gcc warnings within lib/nss.c
+
+* Tue Oct 06 2009 Kamil Dudka 7.19.6-12
+- upstream patch for NSS support written by Guenter Knauf
+
+* Wed Sep 30 2009 Kamil Dudka 7.19.6-11
+- build libcurl with c-ares support (#514771)
+
+* Sun Sep 27 2009 Kamil Dudka 7.19.6-10
+- require libssh2>=1.2 properly (#525002)
+
+* Sat Sep 26 2009 Kamil Dudka 7.19.6-9
+- let curl test-suite use valgrind
+- require libssh2>=1.2 (#525002)
+
+* Mon Sep 21 2009 Chris Weyl - 7.19.6-8
+- rebuild for libssh2 1.2
+
+* Thu Sep 17 2009 Kamil Dudka 7.19.6-7
+- make curl test-suite more verbose
+
+* Wed Sep 16 2009 Kamil Dudka 7.19.6-6
+- update polling patch to the latest upstream version
+
+* Thu Sep 03 2009 Kamil Dudka 7.19.6-5
+- cover ssh and stunnel support by the test-suite
+
+* Wed Sep 02 2009 Kamil Dudka 7.19.6-4
+- use pkg-config to find nss and libssh2 if possible
+- better patch (not only) for SCP/SFTP polling
+- improve error message for not matching common name (#516056)
+
+* Fri Aug 21 2009 Kamil Dudka 7.19.6-3
+- avoid tight loop during a sftp upload
+- http://permalink.gmane.org/gmane.comp.web.curl.library/24744
+
+* Tue Aug 18 2009 Kamil Dudka 7.19.6-2
+- let curl package depend on the same version of libcurl
+
+* Fri Aug 14 2009 Kamil Dudka 7.19.6-1
+- new upstream release, dropped applied patches
+- changed NSS code to not ignore the value of ssl.verifyhost and produce more
+ verbose error messages (#516056)
+
+* Wed Aug 12 2009 Ville Skyttä - 7.19.5-10
+- Use lzma compressed upstream tarball.
+
+* Fri Jul 24 2009 Fedora Release Engineering - 7.19.5-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Wed Jul 22 2009 Kamil Dudka 7.19.5-8
+- do not pre-login to all PKCS11 slots, it causes problems with HW tokens
+- try to select client certificate automatically when not specified, thanks
+ to Claes Jakobsson
+
+* Fri Jul 10 2009 Kamil Dudka 7.19.5-7
+- fix SIGSEGV when using NSS client certificates, thanks to Claes Jakobsson
+
+* Sun Jul 05 2009 Kamil Dudka 7.19.5-6
+- force test suite to use the just built libcurl, thanks to Paul Howarth
+
+* Thu Jul 02 2009 Kamil Dudka 7.19.5-5
+- run test suite after build
+- enable built-in manual
+
+* Wed Jun 24 2009 Kamil Dudka 7.19.5-4
+- fix bug introduced by the last build (#504857)
+
+* Wed Jun 24 2009 Kamil Dudka 7.19.5-3
+- exclude curlbuild.h content from spec (#504857)
+
+* Wed Jun 10 2009 Kamil Dudka