new upstream release - 7.28.0

0001-curl-7.27.0-1f8518c5.patch

@@ -1,34 +0,0 @@
-From e693b8e6591366ef2c077ba90fe0315a8a0b00c5 Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Mon, 30 Jul 2012 14:20:07 +0200
-Subject: [PATCH] file: use fdopen() for uploaded files if available
-
-It eliminates noisy events when using inotify and fixes a TOCTOU issue.
-
-Bug: https://bugzilla.redhat.com/844385
-
-[upstream commit 1f8518c5d9aaa369dae85620973f9b5c1add3277]
----
- lib/file.c |    4 ++++
- 1 files changed, 4 insertions(+), 0 deletions(-)
-
-diff --git a/lib/file.c b/lib/file.c
-index 4447c73..1025022 100644
---- a/lib/file.c
-+++ b/lib/file.c
-@@ -351,8 +351,12 @@ static CURLcode file_upload(struct connectdata *conn)
-       failf(data, "Can't open %s for writing", file->path);
-       return CURLE_WRITE_ERROR;
-     }
-+#ifdef HAVE_FDOPEN
-+    fp = fdopen(fd, "wb");
-+#else
-     close(fd);
-     fp = fopen(file->path, "wb");
-+#endif
-   }
- 
-   if(!fp) {
--- 
-1.7.1
-

0002-curl-7.27.0-f05e5136.patch

@@ -1,197 +0,0 @@
-From ce515e993fe7bc7e95549317fe5180b196454d4c Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Wed, 12 Sep 2012 16:06:18 +0200
-Subject: [PATCH 1/3] ssh: move the fingerprint checking code to a separate fnc
-
----
- lib/ssh.c |   71 +++++++++++++++++++++++++++++++++---------------------------
- 1 files changed, 39 insertions(+), 32 deletions(-)
-
-diff --git a/lib/ssh.c b/lib/ssh.c
-index c76a48e..4455d44 100644
---- a/lib/ssh.c
-+++ b/lib/ssh.c
-@@ -635,6 +635,43 @@ static CURLcode ssh_knownhost(struct connectdata *conn)
-   return result;
- }
- 
-+static bool ssh_check_fingerprint(struct connectdata *conn)
-+{
-+  struct ssh_conn *sshc = &conn->proto.sshc;
-+  struct SessionHandle *data = conn->data;
-+  const char *pubkey_md5 = data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5];
-+  char md5buffer[33];
-+  int i;
-+
-+  const char *fingerprint = libssh2_hostkey_hash(sshc->ssh_session,
-+      LIBSSH2_HOSTKEY_HASH_MD5);
-+
-+  /* The fingerprint points to static storage (!), don't free() it. */
-+  for(i = 0; i < 16; i++)
-+    snprintf(&md5buffer[i*2], 3, "%02x", (unsigned char) fingerprint[i]);
-+  infof(data, "SSH MD5 fingerprint: %s\n", md5buffer);
-+
-+  /* Before we authenticate we check the hostkey's MD5 fingerprint
-+   * against a known fingerprint, if available.
-+   */
-+  if(pubkey_md5 && strlen(pubkey_md5) == 32) {
-+    if(!strequal(md5buffer, pubkey_md5)) {
-+      failf(data,
-+          "Denied establishing ssh session: mismatch md5 fingerprint. "
-+          "Remote %s is not equal to %s", md5buffer, pubkey_md5);
-+      state(conn, SSH_SESSION_FREE);
-+      sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION;
-+      return sshc->actualcode;
-+    }
-+    else {
-+      infof(data, "MD5 checksum match!\n");
-+      /* as we already matched, we skip the check for known hosts */
-+      return CURLE_OK;
-+    }
-+  }
-+  else
-+    return ssh_knownhost(conn);
-+}
- 
- /*
-  * ssh_statemach_act() runs the SSH state machine as far as it can without
-@@ -650,10 +687,8 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
-   struct SSHPROTO *sftp_scp = data->state.proto.ssh;
-   struct ssh_conn *sshc = &conn->proto.sshc;
-   curl_socket_t sock = conn->sock[FIRSTSOCKET];
--  const char *fingerprint;
--  char md5buffer[33];
-   char *new_readdir_line;
--  int rc = LIBSSH2_ERROR_NONE, i;
-+  int rc = LIBSSH2_ERROR_NONE;
-   int err;
-   int seekerr = CURL_SEEKFUNC_OK;
-   *block = 0; /* we're not blocking by default */
-@@ -694,35 +729,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
-        * against our known hosts. How that is handled (reading from file,
-        * whatever) is up to us.
-        */
--      fingerprint = libssh2_hostkey_hash(sshc->ssh_session,
--                                         LIBSSH2_HOSTKEY_HASH_MD5);
--
--      /* The fingerprint points to static storage (!), don't free() it. */
--      for(i = 0; i < 16; i++)
--        snprintf(&md5buffer[i*2], 3, "%02x", (unsigned char) fingerprint[i]);
--      infof(data, "SSH MD5 fingerprint: %s\n", md5buffer);
--
--      /* Before we authenticate we check the hostkey's MD5 fingerprint
--       * against a known fingerprint, if available.
--       */
--      if(data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5] &&
--         strlen(data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5]) == 32) {
--        if(!strequal(md5buffer,
--                     data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5])) {
--          failf(data,
--                "Denied establishing ssh session: mismatch md5 fingerprint. "
--                "Remote %s is not equal to %s",
--                md5buffer, data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5]);
--          state(conn, SSH_SESSION_FREE);
--          result = sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION;
--        }
--        else
--          infof(data, "MD5 checksum match!\n");
--        /* as we already matched, we skip the check for known hosts */
--      }
--      else
--        result = ssh_knownhost(conn);
--
-+      result = ssh_check_fingerprint(conn);
-       if(!result)
-         state(conn, SSH_AUTHLIST);
-       break;
--- 
-1.7.1
-
-
-From f05e51362f310cb04b0ad8d086b9cf693aad5c9d Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Wed, 12 Sep 2012 16:18:36 +0200
-Subject: [PATCH 2/3] ssh: do not crash if MD5 fingerprint is not provided by libssh2
-
-The MD5 fingerprint cannot be computed when running in FIPS mode.
----
- lib/ssh.c |   22 ++++++++++++++--------
- 1 files changed, 14 insertions(+), 8 deletions(-)
-
-diff --git a/lib/ssh.c b/lib/ssh.c
-index 4455d44..466566c 100644
---- a/lib/ssh.c
-+++ b/lib/ssh.c
-@@ -646,19 +646,25 @@ static bool ssh_check_fingerprint(struct connectdata *conn)
-   const char *fingerprint = libssh2_hostkey_hash(sshc->ssh_session,
-       LIBSSH2_HOSTKEY_HASH_MD5);
- 
--  /* The fingerprint points to static storage (!), don't free() it. */
--  for(i = 0; i < 16; i++)
--    snprintf(&md5buffer[i*2], 3, "%02x", (unsigned char) fingerprint[i]);
--  infof(data, "SSH MD5 fingerprint: %s\n", md5buffer);
-+  if(fingerprint) {
-+    /* The fingerprint points to static storage (!), don't free() it. */
-+    for(i = 0; i < 16; i++)
-+      snprintf(&md5buffer[i*2], 3, "%02x", (unsigned char) fingerprint[i]);
-+    infof(data, "SSH MD5 fingerprint: %s\n", md5buffer);
-+  }
- 
-   /* Before we authenticate we check the hostkey's MD5 fingerprint
-    * against a known fingerprint, if available.
-    */
-   if(pubkey_md5 && strlen(pubkey_md5) == 32) {
--    if(!strequal(md5buffer, pubkey_md5)) {
--      failf(data,
--          "Denied establishing ssh session: mismatch md5 fingerprint. "
--          "Remote %s is not equal to %s", md5buffer, pubkey_md5);
-+    if(!fingerprint || !strequal(md5buffer, pubkey_md5)) {
-+      if(fingerprint)
-+        failf(data,
-+            "Denied establishing ssh session: mismatch md5 fingerprint. "
-+            "Remote %s is not equal to %s", md5buffer, pubkey_md5);
-+      else
-+        failf(data,
-+            "Denied establishing ssh session: md5 fingerprint not available");
-       state(conn, SSH_SESSION_FREE);
-       sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION;
-       return sshc->actualcode;
--- 
-1.7.1
-
-
-From 1ab6c353635760e8e25bacc13ae0cab2f97f7338 Mon Sep 17 00:00:00 2001
-From: Marc Hoersken <info@marc-hoersken.de>
-Date: Fri, 14 Sep 2012 14:48:55 +0200
-Subject: [PATCH 3/3] ssh.c: Fixed warning: implicit conversion from enumeration type
-
-Signed-off-by: Kamil Dudka <kdudka@redhat.com>
----
- lib/ssh.c |    4 ++--
- 1 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/lib/ssh.c b/lib/ssh.c
-index 466566c..e8b7172 100644
---- a/lib/ssh.c
-+++ b/lib/ssh.c
-@@ -635,7 +635,7 @@ static CURLcode ssh_knownhost(struct connectdata *conn)
-   return result;
- }
- 
--static bool ssh_check_fingerprint(struct connectdata *conn)
-+static CURLcode ssh_check_fingerprint(struct connectdata *conn)
- {
-   struct ssh_conn *sshc = &conn->proto.sshc;
-   struct SessionHandle *data = conn->data;
-@@ -736,7 +736,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
-        * whatever) is up to us.
-        */
-       result = ssh_check_fingerprint(conn);
--      if(!result)
-+      if(result == CURLE_OK)
-         state(conn, SSH_AUTHLIST);
-       break;
- 
--- 
-1.7.1
-

0102-curl-7.28.0-debug.patch

@@ -1,12 +1,18 @@
+From 6710648c2b270c9ce68a7d9f1bba1222c7be8b58 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Wed, 31 Oct 2012 11:38:30 +0100
+Subject: [PATCH] prevent configure script from discarding -g in CFLAGS (#496778)
+
+---
  configure            |   15 ++++-----------
  m4/curl-compilers.m4 |   15 ++++-----------
  2 files changed, 8 insertions(+), 22 deletions(-)
 
 diff --git a/configure b/configure
-index d3ecf69..6d8f085 100755
+index 8f079a3..53b4774 100755
 --- a/configure
 +++ b/configure
-@@ -15093,18 +15093,11 @@ $as_echo "yes" >&6; }
+@@ -15090,18 +15090,11 @@ $as_echo "yes" >&6; }
      gccvhi=`echo $gccver | cut -d . -f1`
      gccvlo=`echo $gccver | cut -d . -f2`
      compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`
@@ -30,7 +36,7 @@ index d3ecf69..6d8f085 100755
  
        if test -z "$SED"; then
 diff --git a/m4/curl-compilers.m4 b/m4/curl-compilers.m4
-index 1ea4d17..868d65a 100644
+index 0cbba7a..9175b5b 100644
 --- a/m4/curl-compilers.m4
 +++ b/m4/curl-compilers.m4
 @@ -148,18 +148,11 @@ AC_DEFUN([CURL_CHECK_COMPILER_GNU_C], [
@@ -56,3 +62,6 @@ index 1ea4d17..868d65a 100644
      flags_opt_off="-O0"
      CURL_CHECK_DEF([_WIN32], [], [silent])
    else
+-- 
+1.7.1
+

0108-curl-7.28.0-utf8.patch

@@ -1,12 +1,29 @@
+From c6246783cf347652f70d95c0562dd411747e9d53 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Wed, 31 Oct 2012 11:40:30 +0100
+Subject: [PATCH] Fix character encoding of docs
+
+..., which are of mixed encoding originally so a simple iconv can't
+fix them.
+---
  CHANGES |   16 ++++++++--------
  README  |    2 +-
  2 files changed, 9 insertions(+), 9 deletions(-)
 
 diff --git a/CHANGES b/CHANGES
-index 2335841..d4d37c2 100644
+index 4568408..5fc1652 100644
 --- a/CHANGES
 +++ b/CHANGES
-@@ -272,7 +272,7 @@ Daniel Stenberg (9 Jul 2012)
+@@ -338,7 +338,7 @@ Daniel Stenberg (8 Sep 2012)
+ 
+ - test1411: verify SMTP without SIZE support
+ 
+-- [František Kučera brought this change]
++- [František Kučera brought this change]
+ 
+   SMTP: only send SIZE if supported
+   
+@@ -1094,7 +1094,7 @@ Daniel Stenberg (9 Jul 2012)
  
  - cookie: fixed typo in comment
  
@@ -15,7 +32,7 @@ index 2335841..d4d37c2 100644
  
    https_getsock: provided for schannel backend as well
    
-@@ -454,7 +454,7 @@ Yang Tse (3 Jul 2012)
+@@ -1276,7 +1276,7 @@ Yang Tse (3 Jul 2012)
    testcurl.pl: fix missing semicolon
  
  Daniel Stenberg (2 Jul 2012)
@@ -24,7 +41,7 @@ index 2335841..d4d37c2 100644
  
    unicode NTLM SSPI: heap corruption fixed
    
-@@ -2563,18 +2563,18 @@ Daniel Stenberg (1 Apr 2012)
+@@ -3385,18 +3385,18 @@ Daniel Stenberg (1 Apr 2012)
    Reported by: Michael Wallner
  
  Steve Holme (31 Mar 2012)
@@ -46,7 +63,7 @@ index 2335841..d4d37c2 100644
  
    md5: Add support for calculating the md5 sum of buffers incrementally
    
-@@ -3866,7 +3866,7 @@ Daniel Stenberg (20 Dec 2011)
+@@ -4688,7 +4688,7 @@ Daniel Stenberg (20 Dec 2011)
    This offers an alternative to the existing Curl_socket_ready() API which
    only checks one socket for read and one for write.
  
@@ -55,7 +72,7 @@ index 2335841..d4d37c2 100644
  
    curl.h: add __ANDROID__ macro check
    
-@@ -4079,7 +4079,7 @@ Daniel Stenberg (12 Dec 2011)
+@@ -4901,7 +4901,7 @@ Daniel Stenberg (12 Dec 2011)
    linking with a static openssl requires a set of more libs to be linked
    on Windows.
    
@@ -64,15 +81,6 @@ index 2335841..d4d37c2 100644
    
    Bug: http://curl.haxx.se/mail/lib-2011-12/0063.html
    Reported by: Ward Willats
-@@ -5333,7 +5333,7 @@ Daniel Stenberg (25 Sep 2011)
-   damaging.
-   
-   Bug: http://curl.haxx.se/bug/view.cgi?id=3413181
--  Reported by: Taneli Vähäkangas
-+  Reported by: Taneli Vähäkangas
- 
- Yang Tse (24 Sep 2011)
- - curl tool: fix a compiler warning
 diff --git a/README b/README
 index 2ffacc3..cfd6760 100644
 --- a/README
@@ -84,3 +92,6 @@ index 2ffacc3..cfd6760 100644
 -  Kungliga Tekniska Högskolan. This notice is included here to comply with the
 +  Kungliga Tekniska Högskolan. This notice is included here to comply with the
    distribution terms.
+-- 
+1.7.1
+

curl-7.27.0.tar.lzma.asc

@@ -1,7 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.12 (GNU/Linux)
-
-iEYEABECAAYFAlATBJgACgkQeOEcayedXJG7qwCgpx6vCgDNTRZ2th1SnQw+V8WD
-eIQAn1FrMLQyxZIF/9oDW67e4jnctUV4
-=31wG
------END PGP SIGNATURE-----

curl-7.28.0.tar.lzma.asc

@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.12 (GNU/Linux)
+
+iEYEABECAAYFAlB11D8ACgkQeOEcayedXJFNwwCg6vTYyoB5HjHRmfk8qdCMfrfv
+HZ0AmgOtmiIPJvhrXxV7TtcByz9u5qm8
+=VJDk
+-----END PGP SIGNATURE-----

curl.spec

@@ -1,24 +1,18 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
-Version: 7.27.0
+Version: 7.28.0
-Release: 3%{?dist}
+Release: 1%{?dist}
 License: MIT
 Group: Applications/Internet
 Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
 Source2: curlbuild.h
 Source3: hide_selinux.c
 
-# eliminate unnecessary inotify events on upload via file protocol (#844385)
-Patch1: 0001-curl-7.27.0-1f8518c5.patch
-
-# do not crash if MD5 fingerprint is not provided by libssh2
-Patch2: 0002-curl-7.27.0-f05e5136.patch
-
 # patch making libcurl multilib ready
 Patch101: 0101-curl-7.27.0-multilib.patch
 
 # prevent configure script from discarding -g in CFLAGS (#496778)
-Patch102: 0102-curl-7.27.0-debug.patch
+Patch102: 0102-curl-7.28.0-debug.patch
 
 # use localhost6 instead of ip6-localhost in the curl test-suite
 Patch104: 0104-curl-7.19.7-localhost6.patch
@@ -31,7 +25,7 @@ Patch107: 0107-curl-7.21.4-libidn-valgrind.patch
 
 # Fix character encoding of docs, which are of mixed encoding originally so
 # a simple iconv can't fix them
-Patch108: 0108-curl-7.27.0-utf8.patch
+Patch108: 0108-curl-7.28.0-utf8.patch
 
 Provides: webclient
 URL: http://curl.haxx.se/
@@ -107,8 +101,6 @@ documentation of the library, too.
 %setup -q
 
 # upstream patches
-%patch1 -p1
-%patch2 -p1
 
 # Fedora patches
 %patch101 -p1
@@ -123,8 +115,9 @@ cd tests/data/
 sed -i s/899\\\([0-9]\\\)/%{?__isa_bits}9\\1/ test*
 cd -
 
-# disable test 1112 (#565305)
+# disable test 1112 (#565305) and test 2032
-echo "1112" >> tests/data/DISABLED
+# <http://thread.gmane.org/gmane.comp.web.curl.library/37087>
+printf "1112\n2032\n" >> tests/data/DISABLED
 
 # disable test 1319 on ppc64 (server times out)
 %ifarch ppc64
@@ -232,6 +225,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_datadir}/aclocal/libcurl.m4
 
 %changelog
+* Wed Oct 31 2012 Kamil Dudka <kdudka@redhat.com> 7.28.0-1
+- new upstream release
+
 * Mon Oct 01 2012 Kamil Dudka <kdudka@redhat.com> 7.27.0-3
 - use the upstream facility to disable problematic tests
 - do not crash if MD5 fingerprint is not provided by libssh2

sources

@@ -1 +1 @@
-1b669875527ba4b943a0cdb5b255a02c  curl-7.27.0.tar.lzma
+f8a9f99d9db71d8ce1d2c4ccea3c3850  curl-7.28.0.tar.lzma