diff --git a/curl-7.19.0.tar.bz2 b/curl-7.19.0.tar.bz2
deleted file mode 100644
index 9b373b2..0000000
--- a/curl-7.19.0.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:a0e28b019f022942650ffa4bdf46e4c09bd8ec18e6ca5f08ad273668115f51f7
-size 2125703
diff --git a/curl-7.19.4.tar.bz2 b/curl-7.19.4.tar.bz2
new file mode 100644
index 0000000..ed72411
--- /dev/null
+++ b/curl-7.19.4.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:fb3436280dedbc8f8141d3841a5964c4491dd6457bc5b7123854aed0b794be86
+size 2296879
diff --git a/curl.changes b/curl.changes
index bdcd0c1..3d828a3 100644
--- a/curl.changes
+++ b/curl.changes
@@ -1,3 +1,42 @@
+-------------------------------------------------------------------
+Mon Mar  2 15:44:14 CET 2009 - mmarek@suse.cz
+
+- updated to 7.19.4
+  * don't follow redirects to file:// and scp:// by default; add
+    new curl_easy_setopt options CURLOPT_PROTOCOLS and
+    CURLOPT_REDIR_PROTOCOLS to specify which protocols are allowed
+    and which protocols are allowed to redirect to (bnc#475103,
+    CVE-2009-0037)
+  * Added CURLOPT_NOPROXY and the corresponding --noproxy
+  * the OpenSSL-specific code disables TICKET (rfc5077) which is
+    enabled by default in openssl 0.9.8j
+  * Added CURLOPT_TFTP_BLKSIZE
+  * Added CURLOPT_SOCKS5_GSSAPI_SERVICE and
+    CURLOPT_SOCKS5_GSSAPI_NEC - with the corresponding curl options
+    --socks5-gssapi-service and --socks5-gssapi-nec
+  * Improved IPv6 support when built with with c-ares >= 1.6.1
+  * Added CURLPROXY_HTTP_1_0 and --proxy1.0
+  * Added docs/libcurl/symbols-in-versions
+  * Added CURLINFO_CONDITION_UNMET
+  * Added support for Digest and NTLM authentication using GnuTLS
+  * CURLOPT_FTP_CREATE_MISSING_DIRS can now be set to 2 to retry
+    the CWD even when MKD fails
+  * GnuTLS initing moved to curl_global_init()
+  * CURLAUTH_DIGEST_IE bit added for CURLOPT_HTTPAUTH and
+    CURLOPT_PROXYAUTH
+  * pkg-config can now show supported_protocols and
+    supported_features
+  * Added CURLOPT_CERTINFO and CURLINFO_CERTINFO
+  * Added CURLOPT_POSTREDIR
+  * Better detect HTTP 1.0 servers and don't do HTTP 1.1 requests
+    on them
+  * configure --disable-proxy disables proxy support
+  * Added CURLOPT_USERNAME and CURLOPT_PASSWORD
+  * --interface now works with IPv6 connections on glibc systems
+  * Added CURLOPT_PROXYUSERNAME and CURLOPT_PROXYPASSWORD
+
+
+
 -------------------------------------------------------------------
 Wed Dec 10 12:34:56 CET 2008 - olh@suse.de
 
diff --git a/curl.spec b/curl.spec
index d35df55..de6fb49 100644
--- a/curl.spec
+++ b/curl.spec
@@ -1,7 +1,7 @@
 #
-# spec file for package curl (Version 7.19.0)
+# spec file for package curl (Version 7.19.4)
 #
-# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -32,8 +32,9 @@ BuildRequires:  libssh2-devel openssh
 # used by the testsuite
 BuildRequires:  stunnel
 %endif
-Version:        7.19.0
-Release:        11
+#define cvs_suffix -20090302
+Version:        7.19.4
+Release:        1
 AutoReqProv:    on
 # bug437293
 %ifarch ppc64
@@ -44,7 +45,7 @@ License:        BSD 3-Clause; X11/MIT
 Group:          Productivity/Networking/Web/Utilities
 Summary:        A Tool for Transferring Data from URLs
 Url:            http://curl.haxx.se/
-Source:         curl-%{version}.tar.bz2
+Source:         curl-%version%{?cvs_suffix}.tar.bz2
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -99,7 +100,7 @@ Authors:
     Daniel Stenberg <Daniel.Stenberg@haxx.se>
 
 %prep
-%setup -q
+%setup -q -n curl-%version%{?cvs_suffix}
 
 %build
 autoreconf -fi
@@ -178,8 +179,43 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/pkgconfig/libcurl.pc
 %doc %{_mandir}/man1/curl-config.1.gz
 %doc %{_mandir}/man3/*
+%doc docs/libcurl/symbols-in-versions
 
 %changelog
+* Mon Mar 02 2009 mmarek@suse.cz
+- updated to 7.19.4
+  * don't follow redirects to file:// and scp:// by default; add
+  new curl_easy_setopt options CURLOPT_PROTOCOLS and
+  CURLOPT_REDIR_PROTOCOLS to specify which protocols are allowed
+  and which protocols are allowed to redirect to (bnc#475103,
+  CVE-2009-0037)
+  * Added CURLOPT_NOPROXY and the corresponding --noproxy
+  * the OpenSSL-specific code disables TICKET (rfc5077) which is
+  enabled by default in openssl 0.9.8j
+  * Added CURLOPT_TFTP_BLKSIZE
+  * Added CURLOPT_SOCKS5_GSSAPI_SERVICE and
+  CURLOPT_SOCKS5_GSSAPI_NEC - with the corresponding curl options
+    --socks5-gssapi-service and --socks5-gssapi-nec
+  * Improved IPv6 support when built with with c-ares >= 1.6.1
+  * Added CURLPROXY_HTTP_1_0 and --proxy1.0
+  * Added docs/libcurl/symbols-in-versions
+  * Added CURLINFO_CONDITION_UNMET
+  * Added support for Digest and NTLM authentication using GnuTLS
+  * CURLOPT_FTP_CREATE_MISSING_DIRS can now be set to 2 to retry
+  the CWD even when MKD fails
+  * GnuTLS initing moved to curl_global_init()
+  * CURLAUTH_DIGEST_IE bit added for CURLOPT_HTTPAUTH and
+  CURLOPT_PROXYAUTH
+  * pkg-config can now show supported_protocols and
+  supported_features
+  * Added CURLOPT_CERTINFO and CURLINFO_CERTINFO
+  * Added CURLOPT_POSTREDIR
+  * Better detect HTTP 1.0 servers and don't do HTTP 1.1 requests
+  on them
+  * configure --disable-proxy disables proxy support
+  * Added CURLOPT_USERNAME and CURLOPT_PASSWORD
+  * --interface now works with IPv6 connections on glibc systems
+  * Added CURLOPT_PROXYUSERNAME and CURLOPT_PROXYPASSWORD
 * Wed Dec 10 2008 olh@suse.de
 - use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade
   (bnc#437293)