diff --git a/0001-curl-7.27.0-1f8518c5.patch b/0001-curl-7.27.0-1f8518c5.patch deleted file mode 100644 index 02e2e6e..0000000 --- a/0001-curl-7.27.0-1f8518c5.patch +++ /dev/null @@ -1,34 +0,0 @@ -From e693b8e6591366ef2c077ba90fe0315a8a0b00c5 Mon Sep 17 00:00:00 2001 -From: Kamil Dudka -Date: Mon, 30 Jul 2012 14:20:07 +0200 -Subject: [PATCH] file: use fdopen() for uploaded files if available - -It eliminates noisy events when using inotify and fixes a TOCTOU issue. - -Bug: https://bugzilla.redhat.com/844385 - -[upstream commit 1f8518c5d9aaa369dae85620973f9b5c1add3277] ---- - lib/file.c | 4 ++++ - 1 files changed, 4 insertions(+), 0 deletions(-) - -diff --git a/lib/file.c b/lib/file.c -index 4447c73..1025022 100644 ---- a/lib/file.c -+++ b/lib/file.c -@@ -351,8 +351,12 @@ static CURLcode file_upload(struct connectdata *conn) - failf(data, "Can't open %s for writing", file->path); - return CURLE_WRITE_ERROR; - } -+#ifdef HAVE_FDOPEN -+ fp = fdopen(fd, "wb"); -+#else - close(fd); - fp = fopen(file->path, "wb"); -+#endif - } - - if(!fp) { --- -1.7.1 - diff --git a/0002-curl-7.27.0-f05e5136.patch b/0002-curl-7.27.0-f05e5136.patch deleted file mode 100644 index 7413ed6..0000000 --- a/0002-curl-7.27.0-f05e5136.patch +++ /dev/null @@ -1,197 +0,0 @@ -From ce515e993fe7bc7e95549317fe5180b196454d4c Mon Sep 17 00:00:00 2001 -From: Kamil Dudka -Date: Wed, 12 Sep 2012 16:06:18 +0200 -Subject: [PATCH 1/3] ssh: move the fingerprint checking code to a separate fnc - ---- - lib/ssh.c | 71 +++++++++++++++++++++++++++++++++--------------------------- - 1 files changed, 39 insertions(+), 32 deletions(-) - -diff --git a/lib/ssh.c b/lib/ssh.c -index c76a48e..4455d44 100644 ---- a/lib/ssh.c -+++ b/lib/ssh.c -@@ -635,6 +635,43 @@ static CURLcode ssh_knownhost(struct connectdata *conn) - return result; - } - -+static bool ssh_check_fingerprint(struct connectdata *conn) -+{ -+ struct ssh_conn *sshc = &conn->proto.sshc; -+ struct SessionHandle *data = conn->data; -+ const char *pubkey_md5 = data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5]; -+ char md5buffer[33]; -+ int i; -+ -+ const char *fingerprint = libssh2_hostkey_hash(sshc->ssh_session, -+ LIBSSH2_HOSTKEY_HASH_MD5); -+ -+ /* The fingerprint points to static storage (!), don't free() it. */ -+ for(i = 0; i < 16; i++) -+ snprintf(&md5buffer[i*2], 3, "%02x", (unsigned char) fingerprint[i]); -+ infof(data, "SSH MD5 fingerprint: %s\n", md5buffer); -+ -+ /* Before we authenticate we check the hostkey's MD5 fingerprint -+ * against a known fingerprint, if available. -+ */ -+ if(pubkey_md5 && strlen(pubkey_md5) == 32) { -+ if(!strequal(md5buffer, pubkey_md5)) { -+ failf(data, -+ "Denied establishing ssh session: mismatch md5 fingerprint. " -+ "Remote %s is not equal to %s", md5buffer, pubkey_md5); -+ state(conn, SSH_SESSION_FREE); -+ sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION; -+ return sshc->actualcode; -+ } -+ else { -+ infof(data, "MD5 checksum match!\n"); -+ /* as we already matched, we skip the check for known hosts */ -+ return CURLE_OK; -+ } -+ } -+ else -+ return ssh_knownhost(conn); -+} - - /* - * ssh_statemach_act() runs the SSH state machine as far as it can without -@@ -650,10 +687,8 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block) - struct SSHPROTO *sftp_scp = data->state.proto.ssh; - struct ssh_conn *sshc = &conn->proto.sshc; - curl_socket_t sock = conn->sock[FIRSTSOCKET]; -- const char *fingerprint; -- char md5buffer[33]; - char *new_readdir_line; -- int rc = LIBSSH2_ERROR_NONE, i; -+ int rc = LIBSSH2_ERROR_NONE; - int err; - int seekerr = CURL_SEEKFUNC_OK; - *block = 0; /* we're not blocking by default */ -@@ -694,35 +729,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block) - * against our known hosts. How that is handled (reading from file, - * whatever) is up to us. - */ -- fingerprint = libssh2_hostkey_hash(sshc->ssh_session, -- LIBSSH2_HOSTKEY_HASH_MD5); -- -- /* The fingerprint points to static storage (!), don't free() it. */ -- for(i = 0; i < 16; i++) -- snprintf(&md5buffer[i*2], 3, "%02x", (unsigned char) fingerprint[i]); -- infof(data, "SSH MD5 fingerprint: %s\n", md5buffer); -- -- /* Before we authenticate we check the hostkey's MD5 fingerprint -- * against a known fingerprint, if available. -- */ -- if(data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5] && -- strlen(data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5]) == 32) { -- if(!strequal(md5buffer, -- data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5])) { -- failf(data, -- "Denied establishing ssh session: mismatch md5 fingerprint. " -- "Remote %s is not equal to %s", -- md5buffer, data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5]); -- state(conn, SSH_SESSION_FREE); -- result = sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION; -- } -- else -- infof(data, "MD5 checksum match!\n"); -- /* as we already matched, we skip the check for known hosts */ -- } -- else -- result = ssh_knownhost(conn); -- -+ result = ssh_check_fingerprint(conn); - if(!result) - state(conn, SSH_AUTHLIST); - break; --- -1.7.1 - - -From f05e51362f310cb04b0ad8d086b9cf693aad5c9d Mon Sep 17 00:00:00 2001 -From: Kamil Dudka -Date: Wed, 12 Sep 2012 16:18:36 +0200 -Subject: [PATCH 2/3] ssh: do not crash if MD5 fingerprint is not provided by libssh2 - -The MD5 fingerprint cannot be computed when running in FIPS mode. ---- - lib/ssh.c | 22 ++++++++++++++-------- - 1 files changed, 14 insertions(+), 8 deletions(-) - -diff --git a/lib/ssh.c b/lib/ssh.c -index 4455d44..466566c 100644 ---- a/lib/ssh.c -+++ b/lib/ssh.c -@@ -646,19 +646,25 @@ static bool ssh_check_fingerprint(struct connectdata *conn) - const char *fingerprint = libssh2_hostkey_hash(sshc->ssh_session, - LIBSSH2_HOSTKEY_HASH_MD5); - -- /* The fingerprint points to static storage (!), don't free() it. */ -- for(i = 0; i < 16; i++) -- snprintf(&md5buffer[i*2], 3, "%02x", (unsigned char) fingerprint[i]); -- infof(data, "SSH MD5 fingerprint: %s\n", md5buffer); -+ if(fingerprint) { -+ /* The fingerprint points to static storage (!), don't free() it. */ -+ for(i = 0; i < 16; i++) -+ snprintf(&md5buffer[i*2], 3, "%02x", (unsigned char) fingerprint[i]); -+ infof(data, "SSH MD5 fingerprint: %s\n", md5buffer); -+ } - - /* Before we authenticate we check the hostkey's MD5 fingerprint - * against a known fingerprint, if available. - */ - if(pubkey_md5 && strlen(pubkey_md5) == 32) { -- if(!strequal(md5buffer, pubkey_md5)) { -- failf(data, -- "Denied establishing ssh session: mismatch md5 fingerprint. " -- "Remote %s is not equal to %s", md5buffer, pubkey_md5); -+ if(!fingerprint || !strequal(md5buffer, pubkey_md5)) { -+ if(fingerprint) -+ failf(data, -+ "Denied establishing ssh session: mismatch md5 fingerprint. " -+ "Remote %s is not equal to %s", md5buffer, pubkey_md5); -+ else -+ failf(data, -+ "Denied establishing ssh session: md5 fingerprint not available"); - state(conn, SSH_SESSION_FREE); - sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION; - return sshc->actualcode; --- -1.7.1 - - -From 1ab6c353635760e8e25bacc13ae0cab2f97f7338 Mon Sep 17 00:00:00 2001 -From: Marc Hoersken -Date: Fri, 14 Sep 2012 14:48:55 +0200 -Subject: [PATCH 3/3] ssh.c: Fixed warning: implicit conversion from enumeration type - -Signed-off-by: Kamil Dudka ---- - lib/ssh.c | 4 ++-- - 1 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/lib/ssh.c b/lib/ssh.c -index 466566c..e8b7172 100644 ---- a/lib/ssh.c -+++ b/lib/ssh.c -@@ -635,7 +635,7 @@ static CURLcode ssh_knownhost(struct connectdata *conn) - return result; - } - --static bool ssh_check_fingerprint(struct connectdata *conn) -+static CURLcode ssh_check_fingerprint(struct connectdata *conn) - { - struct ssh_conn *sshc = &conn->proto.sshc; - struct SessionHandle *data = conn->data; -@@ -736,7 +736,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block) - * whatever) is up to us. - */ - result = ssh_check_fingerprint(conn); -- if(!result) -+ if(result == CURLE_OK) - state(conn, SSH_AUTHLIST); - break; - --- -1.7.1 - diff --git a/0102-curl-7.27.0-debug.patch b/0102-curl-7.28.0-debug.patch similarity index 84% rename from 0102-curl-7.27.0-debug.patch rename to 0102-curl-7.28.0-debug.patch index 0f10d40..c6a5277 100644 --- a/0102-curl-7.27.0-debug.patch +++ b/0102-curl-7.28.0-debug.patch @@ -1,12 +1,18 @@ +From 6710648c2b270c9ce68a7d9f1bba1222c7be8b58 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Wed, 31 Oct 2012 11:38:30 +0100 +Subject: [PATCH] prevent configure script from discarding -g in CFLAGS (#496778) + +--- configure | 15 ++++----------- m4/curl-compilers.m4 | 15 ++++----------- 2 files changed, 8 insertions(+), 22 deletions(-) diff --git a/configure b/configure -index d3ecf69..6d8f085 100755 +index 8f079a3..53b4774 100755 --- a/configure +++ b/configure -@@ -15093,18 +15093,11 @@ $as_echo "yes" >&6; } +@@ -15090,18 +15090,11 @@ $as_echo "yes" >&6; } gccvhi=`echo $gccver | cut -d . -f1` gccvlo=`echo $gccver | cut -d . -f2` compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null` @@ -30,7 +36,7 @@ index d3ecf69..6d8f085 100755 if test -z "$SED"; then diff --git a/m4/curl-compilers.m4 b/m4/curl-compilers.m4 -index 1ea4d17..868d65a 100644 +index 0cbba7a..9175b5b 100644 --- a/m4/curl-compilers.m4 +++ b/m4/curl-compilers.m4 @@ -148,18 +148,11 @@ AC_DEFUN([CURL_CHECK_COMPILER_GNU_C], [ @@ -56,3 +62,6 @@ index 1ea4d17..868d65a 100644 flags_opt_off="-O0" CURL_CHECK_DEF([_WIN32], [], [silent]) else +-- +1.7.1 + diff --git a/0108-curl-7.27.0-utf8.patch b/0108-curl-7.28.0-utf8.patch similarity index 72% rename from 0108-curl-7.27.0-utf8.patch rename to 0108-curl-7.28.0-utf8.patch index b740b17..ac844bf 100644 --- a/0108-curl-7.27.0-utf8.patch +++ b/0108-curl-7.28.0-utf8.patch @@ -1,12 +1,29 @@ +From c6246783cf347652f70d95c0562dd411747e9d53 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Wed, 31 Oct 2012 11:40:30 +0100 +Subject: [PATCH] Fix character encoding of docs + +..., which are of mixed encoding originally so a simple iconv can't +fix them. +--- CHANGES | 16 ++++++++-------- README | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/CHANGES b/CHANGES -index 2335841..d4d37c2 100644 +index 4568408..5fc1652 100644 --- a/CHANGES +++ b/CHANGES -@@ -272,7 +272,7 @@ Daniel Stenberg (9 Jul 2012) +@@ -338,7 +338,7 @@ Daniel Stenberg (8 Sep 2012) + + - test1411: verify SMTP without SIZE support + +-- [František Kučera brought this change] ++- [FrantiÅ¡ek Kučera brought this change] + + SMTP: only send SIZE if supported + +@@ -1094,7 +1094,7 @@ Daniel Stenberg (9 Jul 2012) - cookie: fixed typo in comment @@ -15,7 +32,7 @@ index 2335841..d4d37c2 100644 https_getsock: provided for schannel backend as well -@@ -454,7 +454,7 @@ Yang Tse (3 Jul 2012) +@@ -1276,7 +1276,7 @@ Yang Tse (3 Jul 2012) testcurl.pl: fix missing semicolon Daniel Stenberg (2 Jul 2012) @@ -24,7 +41,7 @@ index 2335841..d4d37c2 100644 unicode NTLM SSPI: heap corruption fixed -@@ -2563,18 +2563,18 @@ Daniel Stenberg (1 Apr 2012) +@@ -3385,18 +3385,18 @@ Daniel Stenberg (1 Apr 2012) Reported by: Michael Wallner Steve Holme (31 Mar 2012) @@ -46,7 +63,7 @@ index 2335841..d4d37c2 100644 md5: Add support for calculating the md5 sum of buffers incrementally -@@ -3866,7 +3866,7 @@ Daniel Stenberg (20 Dec 2011) +@@ -4688,7 +4688,7 @@ Daniel Stenberg (20 Dec 2011) This offers an alternative to the existing Curl_socket_ready() API which only checks one socket for read and one for write. @@ -55,7 +72,7 @@ index 2335841..d4d37c2 100644 curl.h: add __ANDROID__ macro check -@@ -4079,7 +4079,7 @@ Daniel Stenberg (12 Dec 2011) +@@ -4901,7 +4901,7 @@ Daniel Stenberg (12 Dec 2011) linking with a static openssl requires a set of more libs to be linked on Windows. @@ -64,15 +81,6 @@ index 2335841..d4d37c2 100644 Bug: http://curl.haxx.se/mail/lib-2011-12/0063.html Reported by: Ward Willats -@@ -5333,7 +5333,7 @@ Daniel Stenberg (25 Sep 2011) - damaging. - - Bug: http://curl.haxx.se/bug/view.cgi?id=3413181 -- Reported by: Taneli Vhkangas -+ Reported by: Taneli Vähäkangas - - Yang Tse (24 Sep 2011) - - curl tool: fix a compiler warning diff --git a/README b/README index 2ffacc3..cfd6760 100644 --- a/README @@ -84,3 +92,6 @@ index 2ffacc3..cfd6760 100644 - Kungliga Tekniska Hgskolan. This notice is included here to comply with the + Kungliga Tekniska Högskolan. This notice is included here to comply with the distribution terms. +-- +1.7.1 + diff --git a/curl-7.27.0.tar.lzma.asc b/curl-7.27.0.tar.lzma.asc deleted file mode 100644 index eef182a..0000000 --- a/curl-7.27.0.tar.lzma.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.12 (GNU/Linux) - -iEYEABECAAYFAlATBJgACgkQeOEcayedXJG7qwCgpx6vCgDNTRZ2th1SnQw+V8WD -eIQAn1FrMLQyxZIF/9oDW67e4jnctUV4 -=31wG ------END PGP SIGNATURE----- diff --git a/curl-7.28.0.tar.lzma.asc b/curl-7.28.0.tar.lzma.asc new file mode 100644 index 0000000..78c6110 --- /dev/null +++ b/curl-7.28.0.tar.lzma.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.12 (GNU/Linux) + +iEYEABECAAYFAlB11D8ACgkQeOEcayedXJFNwwCg6vTYyoB5HjHRmfk8qdCMfrfv +HZ0AmgOtmiIPJvhrXxV7TtcByz9u5qm8 +=VJDk +-----END PGP SIGNATURE----- diff --git a/curl.spec b/curl.spec index abfe50e..c34ef0e 100644 --- a/curl.spec +++ b/curl.spec @@ -1,24 +1,18 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl -Version: 7.27.0 -Release: 3%{?dist} +Version: 7.28.0 +Release: 1%{?dist} License: MIT Group: Applications/Internet Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma Source2: curlbuild.h Source3: hide_selinux.c -# eliminate unnecessary inotify events on upload via file protocol (#844385) -Patch1: 0001-curl-7.27.0-1f8518c5.patch - -# do not crash if MD5 fingerprint is not provided by libssh2 -Patch2: 0002-curl-7.27.0-f05e5136.patch - # patch making libcurl multilib ready Patch101: 0101-curl-7.27.0-multilib.patch # prevent configure script from discarding -g in CFLAGS (#496778) -Patch102: 0102-curl-7.27.0-debug.patch +Patch102: 0102-curl-7.28.0-debug.patch # use localhost6 instead of ip6-localhost in the curl test-suite Patch104: 0104-curl-7.19.7-localhost6.patch @@ -31,7 +25,7 @@ Patch107: 0107-curl-7.21.4-libidn-valgrind.patch # Fix character encoding of docs, which are of mixed encoding originally so # a simple iconv can't fix them -Patch108: 0108-curl-7.27.0-utf8.patch +Patch108: 0108-curl-7.28.0-utf8.patch Provides: webclient URL: http://curl.haxx.se/ @@ -107,8 +101,6 @@ documentation of the library, too. %setup -q # upstream patches -%patch1 -p1 -%patch2 -p1 # Fedora patches %patch101 -p1 @@ -123,8 +115,9 @@ cd tests/data/ sed -i s/899\\\([0-9]\\\)/%{?__isa_bits}9\\1/ test* cd - -# disable test 1112 (#565305) -echo "1112" >> tests/data/DISABLED +# disable test 1112 (#565305) and test 2032 +# +printf "1112\n2032\n" >> tests/data/DISABLED # disable test 1319 on ppc64 (server times out) %ifarch ppc64 @@ -232,6 +225,9 @@ rm -rf $RPM_BUILD_ROOT %{_datadir}/aclocal/libcurl.m4 %changelog +* Wed Oct 31 2012 Kamil Dudka 7.28.0-1 +- new upstream release + * Mon Oct 01 2012 Kamil Dudka 7.27.0-3 - use the upstream facility to disable problematic tests - do not crash if MD5 fingerprint is not provided by libssh2 diff --git a/sources b/sources index f8267ed..21c0b03 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -1b669875527ba4b943a0cdb5b255a02c curl-7.27.0.tar.lzma +f8a9f99d9db71d8ce1d2c4ccea3c3850 curl-7.28.0.tar.lzma