new upstream release - 7.41.0
This commit is contained in:
parent
8357e0ea3e
commit
012235acc8
@ -1,105 +0,0 @@
|
||||
From 1fa4384ff6cde36d95943eac6e71ac1b8754d3da Mon Sep 17 00:00:00 2001
|
||||
From: Kamil Dudka <kdudka@redhat.com>
|
||||
Date: Mon, 16 Feb 2015 17:00:05 +0100
|
||||
Subject: [PATCH 1/2] connect: avoid skipping an IPv4 address
|
||||
|
||||
... in case the protocol versions are mixed in a DNS response
|
||||
(IPv6 -> IPv4 -> IPv6).
|
||||
|
||||
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1187531#c3
|
||||
|
||||
Upstream-commit: 92835ca5d87850ae0c670d66bd73af391b34cdc3
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
lib/connect.c | 8 ++++++--
|
||||
1 file changed, 6 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/lib/connect.c b/lib/connect.c
|
||||
index 5a60d14..1728e56 100644
|
||||
--- a/lib/connect.c
|
||||
+++ b/lib/connect.c
|
||||
@@ -542,6 +542,7 @@ static CURLcode trynextip(struct connectdata *conn,
|
||||
int sockindex,
|
||||
int tempindex)
|
||||
{
|
||||
+ const int other = tempindex ^ 1;
|
||||
CURLcode result = CURLE_COULDNT_CONNECT;
|
||||
|
||||
/* First clean up after the failed socket.
|
||||
@@ -572,8 +573,11 @@ static CURLcode trynextip(struct connectdata *conn,
|
||||
}
|
||||
|
||||
while(ai) {
|
||||
- while(ai && ai->ai_family != family)
|
||||
- ai = ai->ai_next;
|
||||
+ if(conn->tempaddr[other]) {
|
||||
+ /* we can safely skip addresses of the other protocol family */
|
||||
+ while(ai && ai->ai_family != family)
|
||||
+ ai = ai->ai_next;
|
||||
+ }
|
||||
|
||||
if(ai) {
|
||||
result = singleipconnect(conn, ai, &conn->tempsock[tempindex]);
|
||||
--
|
||||
2.1.0
|
||||
|
||||
|
||||
From 85cf6e9b9d42ab70ab73484787d4eaa89734531b Mon Sep 17 00:00:00 2001
|
||||
From: Kamil Dudka <kdudka@redhat.com>
|
||||
Date: Mon, 16 Feb 2015 17:16:57 +0100
|
||||
Subject: [PATCH 2/2] connect: wait for IPv4 connection attempts
|
||||
|
||||
... even if the last IPv6 connection attempt has failed.
|
||||
|
||||
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1187531#c4
|
||||
|
||||
Upstream-commit: e08a12dab1a410c94bf75aef04251bf64c127eb6
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
lib/connect.c | 9 +++++++--
|
||||
1 file changed, 7 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/lib/connect.c b/lib/connect.c
|
||||
index 1728e56..5182965 100644
|
||||
--- a/lib/connect.c
|
||||
+++ b/lib/connect.c
|
||||
@@ -753,6 +753,7 @@ CURLcode Curl_is_connected(struct connectdata *conn,
|
||||
}
|
||||
|
||||
for(i=0; i<2; i++) {
|
||||
+ const int other = i ^ 1;
|
||||
if(conn->tempsock[i] == CURL_SOCKET_BAD)
|
||||
continue;
|
||||
|
||||
@@ -782,7 +783,6 @@ CURLcode Curl_is_connected(struct connectdata *conn,
|
||||
else if(rc == CURL_CSELECT_OUT) {
|
||||
if(verifyconnect(conn->tempsock[i], &error)) {
|
||||
/* we are connected with TCP, awesome! */
|
||||
- int other = i ^ 1;
|
||||
|
||||
/* use this socket from now on */
|
||||
conn->sock[sockindex] = conn->tempsock[i];
|
||||
@@ -824,6 +824,7 @@ CURLcode Curl_is_connected(struct connectdata *conn,
|
||||
data->state.os_errno = error;
|
||||
SET_SOCKERRNO(error);
|
||||
if(conn->tempaddr[i]) {
|
||||
+ CURLcode status;
|
||||
char ipaddress[MAX_IPADR_LEN];
|
||||
Curl_printable_address(conn->tempaddr[i], ipaddress, MAX_IPADR_LEN);
|
||||
infof(data, "connect to %s port %ld failed: %s\n",
|
||||
@@ -832,7 +833,11 @@ CURLcode Curl_is_connected(struct connectdata *conn,
|
||||
conn->timeoutms_per_addr = conn->tempaddr[i]->ai_next == NULL ?
|
||||
allow : allow / 2;
|
||||
|
||||
- result = trynextip(conn, sockindex, i);
|
||||
+ status = trynextip(conn, sockindex, i);
|
||||
+ if(status != CURLE_COULDNT_CONNECT
|
||||
+ || conn->tempsock[other] == CURL_SOCKET_BAD)
|
||||
+ /* the last attempt failed and no other sockets remain open */
|
||||
+ result = status;
|
||||
}
|
||||
}
|
||||
}
|
||||
--
|
||||
2.1.0
|
||||
|
150
0001-curl-7.41.0-abe54705.patch
Normal file
150
0001-curl-7.41.0-abe54705.patch
Normal file
@ -0,0 +1,150 @@
|
||||
From b4d5a85714dc37d3aa0aa6ed7b37d95205b0f13a Mon Sep 17 00:00:00 2001
|
||||
From: Kamil Dudka <kdudka@redhat.com>
|
||||
Date: Tue, 24 Feb 2015 15:10:15 +0100
|
||||
Subject: [PATCH] nss: improve error handling in Curl_nss_random()
|
||||
|
||||
The vtls layer now checks the return value, so it is no longer necessary
|
||||
to abort if a random number cannot be provided by NSS. This also fixes
|
||||
the following Coverity report:
|
||||
|
||||
Error: FORWARD_NULL (CWE-476):
|
||||
lib/vtls/nss.c:1918: var_compare_op: Comparing "data" to null implies that "data" might be null.
|
||||
lib/vtls/nss.c:1923: var_deref_model: Passing null pointer "data" to "Curl_failf", which dereferences it.
|
||||
lib/sendf.c:154:3: deref_parm: Directly dereferencing parameter "data".
|
||||
|
||||
Upstream-commit: 7a1538d9cc0736e0a9ab13cf115db40a0bfbb152
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
lib/vtls/nss.c | 8 +++-----
|
||||
1 file changed, 3 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
|
||||
index 16b9124..1dd56ba 100644
|
||||
--- a/lib/vtls/nss.c
|
||||
+++ b/lib/vtls/nss.c
|
||||
@@ -1918,11 +1918,9 @@ int Curl_nss_random(struct SessionHandle *data,
|
||||
if(data)
|
||||
Curl_nss_seed(data); /* Initiate the seed if not already done */
|
||||
|
||||
- if(SECSuccess != PK11_GenerateRandom(entropy, curlx_uztosi(length))) {
|
||||
- /* no way to signal a failure from here, we have to abort */
|
||||
- failf(data, "PK11_GenerateRandom() failed, calling abort()...");
|
||||
- abort();
|
||||
- }
|
||||
+ if(SECSuccess != PK11_GenerateRandom(entropy, curlx_uztosi(length)))
|
||||
+ /* signal a failure */
|
||||
+ return -1;
|
||||
|
||||
return 0;
|
||||
}
|
||||
--
|
||||
2.1.0
|
||||
|
||||
From 6d5b40e46ec36a19bc4ee76ec674058088bec8ba Mon Sep 17 00:00:00 2001
|
||||
From: Kamil Dudka <kdudka@redhat.com>
|
||||
Date: Tue, 24 Feb 2015 15:18:45 +0100
|
||||
Subject: [PATCH] nss: do not skip Curl_nss_seed() if data is NULL
|
||||
|
||||
In that case, we only skip writing the error message for failed NSS
|
||||
initialization (while still returning the correct error code).
|
||||
|
||||
Upstream-commit: 4909f7c795a4490dbb29e89b8b1564af86ee5999
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
lib/vtls/nss.c | 12 ++++++++----
|
||||
1 file changed, 8 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
|
||||
index 1dd56ba..e201dec 100644
|
||||
--- a/lib/vtls/nss.c
|
||||
+++ b/lib/vtls/nss.c
|
||||
@@ -1034,6 +1034,7 @@ static PRStatus nspr_io_close(PRFileDesc *fd)
|
||||
return close_fn(fd);
|
||||
}
|
||||
|
||||
+/* data might be NULL */
|
||||
static CURLcode nss_init_core(struct SessionHandle *data, const char *cert_dir)
|
||||
{
|
||||
NSSInitParameters initparams;
|
||||
@@ -1071,6 +1072,7 @@ static CURLcode nss_init_core(struct SessionHandle *data, const char *cert_dir)
|
||||
return CURLE_SSL_CACERT_BADFILE;
|
||||
}
|
||||
|
||||
+/* data might be NULL */
|
||||
static CURLcode nss_init(struct SessionHandle *data)
|
||||
{
|
||||
char *cert_dir;
|
||||
@@ -1149,12 +1151,14 @@ int Curl_nss_init(void)
|
||||
return 1;
|
||||
}
|
||||
|
||||
+/* data might be NULL */
|
||||
CURLcode Curl_nss_force_init(struct SessionHandle *data)
|
||||
{
|
||||
CURLcode result;
|
||||
if(!nss_initlock) {
|
||||
- failf(data, "unable to initialize NSS, curl_global_init() should have "
|
||||
- "been called with CURL_GLOBAL_SSL or CURL_GLOBAL_ALL");
|
||||
+ if(data)
|
||||
+ failf(data, "unable to initialize NSS, curl_global_init() should have "
|
||||
+ "been called with CURL_GLOBAL_SSL or CURL_GLOBAL_ALL");
|
||||
return CURLE_FAILED_INIT;
|
||||
}
|
||||
|
||||
@@ -1904,6 +1908,7 @@ size_t Curl_nss_version(char *buffer, size_t size)
|
||||
return snprintf(buffer, size, "NSS/%s", NSS_VERSION);
|
||||
}
|
||||
|
||||
+/* data might be NULL */
|
||||
int Curl_nss_seed(struct SessionHandle *data)
|
||||
{
|
||||
/* make sure that NSS is initialized */
|
||||
@@ -1915,8 +1920,7 @@ int Curl_nss_random(struct SessionHandle *data,
|
||||
unsigned char *entropy,
|
||||
size_t length)
|
||||
{
|
||||
- if(data)
|
||||
- Curl_nss_seed(data); /* Initiate the seed if not already done */
|
||||
+ Curl_nss_seed(data); /* Initiate the seed if not already done */
|
||||
|
||||
if(SECSuccess != PK11_GenerateRandom(entropy, curlx_uztosi(length)))
|
||||
/* signal a failure */
|
||||
--
|
||||
2.1.0
|
||||
|
||||
From abe5470533db524abfbb7f7e078c15c159aa66d9 Mon Sep 17 00:00:00 2001
|
||||
From: Kamil Dudka <kdudka@redhat.com>
|
||||
Date: Tue, 24 Feb 2015 18:58:55 +0100
|
||||
Subject: [PATCH] curl-config.in: eliminate double quotes around CURL_CA_BUNDLE
|
||||
|
||||
Otherwise it expands to:
|
||||
|
||||
echo ""/etc/pki/tls/certs/ca-bundle.crt""
|
||||
|
||||
Detected by ShellCheck:
|
||||
|
||||
curl-config:74:16: warning: The double quotes around this do
|
||||
nothing. Remove or escape them. [SC2140]
|
||||
|
||||
Upstream-commit: e47b8306db14ed1ccd66f774bded2d59602d2c88
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
curl-config.in | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/curl-config.in b/curl-config.in
|
||||
index 1ddf4c2..9398722 100644
|
||||
--- a/curl-config.in
|
||||
+++ b/curl-config.in
|
||||
@@ -71,7 +71,7 @@ while test $# -gt 0; do
|
||||
;;
|
||||
|
||||
--ca)
|
||||
- echo "@CURL_CA_BUNDLE@"
|
||||
+ echo @CURL_CA_BUNDLE@
|
||||
;;
|
||||
|
||||
--cc)
|
||||
--
|
||||
2.1.0
|
||||
|
@ -1,7 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v1
|
||||
|
||||
iEYEABECAAYFAlSuPVwACgkQeOEcayedXJGBZACfVptdcgMlq4CelqPfrWdZpPP8
|
||||
UOMAnA2LcEYZ1bOCN3kr27ARQAz2OXT0
|
||||
=eJwT
|
||||
-----END PGP SIGNATURE-----
|
7
curl-7.41.0.tar.lzma.asc
Normal file
7
curl-7.41.0.tar.lzma.asc
Normal file
@ -0,0 +1,7 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v1
|
||||
|
||||
iEYEABECAAYFAlTte8QACgkQeOEcayedXJFByQCdEIZG6sOcXOhbe9JGSTZowdMR
|
||||
72cAoLu08rLq83AkywThzrxFG6qb7K0z
|
||||
=U309
|
||||
-----END PGP SIGNATURE-----
|
11
curl.spec
11
curl.spec
@ -1,14 +1,14 @@
|
||||
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
||||
Name: curl
|
||||
Version: 7.40.0
|
||||
Release: 3%{?dist}
|
||||
Version: 7.41.0
|
||||
Release: 1%{?dist}
|
||||
License: MIT
|
||||
Group: Applications/Internet
|
||||
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
|
||||
Source2: curlbuild.h
|
||||
|
||||
# fix a spurious connect failure on dual-stacked hosts (#1187531)
|
||||
Patch1: 0001-curl-7.40.0-e08a12d.patch
|
||||
# fix defects found by Coverity and ShellCheck
|
||||
Patch1: 0001-curl-7.41.0-abe54705.patch
|
||||
|
||||
# patch making libcurl multilib ready
|
||||
Patch101: 0101-curl-7.32.0-multilib.patch
|
||||
@ -244,6 +244,9 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%{_datadir}/aclocal/libcurl.m4
|
||||
|
||||
%changelog
|
||||
* Wed Feb 25 2015 Kamil Dudka <kdudka@redhat.com> 7.41.0-1
|
||||
- new upstream release
|
||||
|
||||
* Mon Feb 23 2015 Kamil Dudka <kdudka@redhat.com> 7.40.0-3
|
||||
- fix a spurious connect failure on dual-stacked hosts (#1187531)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user