- update to 7.24.0:
  - curl was vulnerable to a data injection attack for certain protocols
    (CVE-2012-0036, http://curl.haxx.se/docs/adv_20120124.html)
  - curl was vulnerable to a SSL CBC IV vulnerability when built to use OpenSSL
    (CVE-2011-3389, http://curl.haxx.se/docs/adv_20120124B.html)
  - CURLOPT_QUOTE: SFTP supports the '*'-prefix now
  - CURLOPT_DNS_SERVERS: set name servers if possible
  - add support for using nettle instead of gcrypt as gnutls backend
  - CURLOPT_INTERFACE: avoid resolving interfaces names with magic prefixes
  - added CURLOPT_ACCEPTTIMEOUT_MS
  - configure: add symbols versioning option --enable-versioned-symbols
  - SSL session share: move the age counter to the share object
  - -J -O: use -O name if no Content-Disposition header comes!
  - protocol_connect: show verbose connect and set connect time
  - query-part: ignore the URI part for given protocols
  - gnutls: only translate winsock errors for old versions
  - POP3: fix end of body detection
  - POP3: detect when LIST returns no mails
  - TELNET: improved treatment of options
  - configure: add support for pkg-config detection of libidn
  - CyaSSL 2.0+ library initialization adjustment
  - multi interface: only use non-NULL socker function pointer
  - call opensocket callback properly for active FTP
  - don't call close socket callback for sockets created with accept()
  - differentiate better between host/proxy errors
  - SSH: fix CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 and --hostpubmd5
  - multi: handle timeouts on DNS servers by checking for new sockets
  - CURLOPT_DNS_SERVERS: fix return code
  - POP3: fixed escaped dot not being stripped out
  - OpenSSL: check for the SSLv2 function in configure
  - MakefileBuild: fix the static build
  - create_conn: don't switch to HTTP protocol if tunneling is enabled
  - multi interface: fix block when CONNECT_ONLY option is used
  - fix connection reuse for TLS upgraded connections
  - multiple file upload with -F and custom type
  - multi interface: active FTP connections are no longer blocking
  - Android build fix
  - timer: restore PRETRANSFER timing
  - libcurl.m4: fix quoting arguments of AC_LANG_PROGRAM
  - appconnect time fixed for non-blocking connect ssl backends
  - do not include SSL handshake into time spent waiting for 100-continue
  - handle dns cache case insensitive
  - use new host name casing for subsequent HTTP requests
  - CURLOPT_RESOLVE: avoid adding already present host names
  - SFTP mkdir: use correct permission
  - resolve: don't leak pre-populated dns entries
  - --retry: retry transfers on timeout and DNS errors
  - negotiate with SSPI backend: use the correct buffer for input
  - SFTP dir: increase buffer size counter to avoid cut off file names
  - TFTP: fix resending (again)
  - c-ares: don't include getaddrinfo-using code
  - FTP: CURLE_PARTIAL_FILE will not close the control channel
  - win32-threaded-resolver: stop using a dummy socket
  - OpenSSL: remove reference to openssl internal struct
  - OpenSSL: SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option no longer enabled
  - OpenSSL: fix PKCS#12 certificate parsing related memory leak
  - OpenLDAP: fix LDAP connection phase memory leak
  - Telnet: use correct file descriptor for telnet upload
  - Telnet: Remove bogus optimisation of telnet upload
  - URL parse: user name with ipv6 numerical address
  - polarssl: show cipher suite name correctly with 1.1.0
  - polarssl: havege_rand is not present in version 1.1.0 (WARNING: we still
    use the old API which is said to be insecure - see:
    http://polarssl.org/trac/wiki/SecurityAdvisory201102)
  - gnutls: enforced use of SSLv3
- drop patches from upstream now included in release tarball
- don't include fix for broken applications with curl multi from Fedora 14
  onwards (#599340)
- update debug and UTF8 patches