rpms/curl
8
0
Fork 1
Code Issues Pull Requests Releases Activity

new upstream release - 7.28.0

Browse Source
This commit is contained in:
Kamil Dudka 2012-10-31 11:45:28 +01:00
parent 7151fdb83e
commit 0f5dbc27da
8 changed files with 56 additions and 271 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
0001-curl-7.27.0-1f8518c5.patch
View File

@ -1,34 +0,0 @@
From e693b8e6591366ef2c077ba90fe0315a8a0b00c5 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Mon, 30 Jul 2012 14:20:07 +0200
Subject: [PATCH] file: use fdopen() for uploaded files if available
It eliminates noisy events when using inotify and fixes a TOCTOU issue.
Bug: https://bugzilla.redhat.com/844385
[upstream commit 1f8518c5d9aaa369dae85620973f9b5c1add3277]
---
lib/file.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/lib/file.c b/lib/file.c
index 4447c73..1025022 100644
--- a/lib/file.c
+++ b/lib/file.c
@@ -351,8 +351,12 @@ static CURLcode file_upload(struct connectdata *conn)
failf(data, "Can't open %s for writing", file->path);
return CURLE_WRITE_ERROR;
}
+#ifdef HAVE_FDOPEN
+ fp = fdopen(fd, "wb");
+#else
close(fd);
fp = fopen(file->path, "wb");
+#endif
}
if(!fp) {
--
1.7.1

197
0002-curl-7.27.0-f05e5136.patch
View File

@ -1,197 +0,0 @@
From ce515e993fe7bc7e95549317fe5180b196454d4c Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Wed, 12 Sep 2012 16:06:18 +0200
Subject: [PATCH 1/3] ssh: move the fingerprint checking code to a separate fnc
---
lib/ssh.c | 71 +++++++++++++++++++++++++++++++++---------------------------
1 files changed, 39 insertions(+), 32 deletions(-)
diff --git a/lib/ssh.c b/lib/ssh.c
index c76a48e..4455d44 100644
--- a/lib/ssh.c
+++ b/lib/ssh.c
@@ -635,6 +635,43 @@ static CURLcode ssh_knownhost(struct connectdata *conn)
return result;
}
+static bool ssh_check_fingerprint(struct connectdata *conn)
+{
+ struct ssh_conn *sshc = &conn->proto.sshc;
+ struct SessionHandle *data = conn->data;
+ const char *pubkey_md5 = data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5];
+ char md5buffer[33];
+ int i;
+
+ const char *fingerprint = libssh2_hostkey_hash(sshc->ssh_session,
+ LIBSSH2_HOSTKEY_HASH_MD5);
+
+ /* The fingerprint points to static storage (!), don't free() it. */
+ for(i = 0; i < 16; i++)
+ snprintf(&md5buffer[i*2], 3, "%02x", (unsigned char) fingerprint[i]);
+ infof(data, "SSH MD5 fingerprint: %s\n", md5buffer);
+
+ /* Before we authenticate we check the hostkey's MD5 fingerprint
+ * against a known fingerprint, if available.
+ */
+ if(pubkey_md5 && strlen(pubkey_md5) == 32) {
+ if(!strequal(md5buffer, pubkey_md5)) {
+ failf(data,
+ "Denied establishing ssh session: mismatch md5 fingerprint. "
+ "Remote %s is not equal to %s", md5buffer, pubkey_md5);
+ state(conn, SSH_SESSION_FREE);
+ sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION;
+ return sshc->actualcode;
+ }
+ else {
+ infof(data, "MD5 checksum match!\n");
+ /* as we already matched, we skip the check for known hosts */
+ return CURLE_OK;
+ }
+ }
+ else
+ return ssh_knownhost(conn);
+}
/*
* ssh_statemach_act() runs the SSH state machine as far as it can without
@@ -650,10 +687,8 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
struct SSHPROTO *sftp_scp = data->state.proto.ssh;
struct ssh_conn *sshc = &conn->proto.sshc;
curl_socket_t sock = conn->sock[FIRSTSOCKET];
- const char *fingerprint;
- char md5buffer[33];
char *new_readdir_line;
- int rc = LIBSSH2_ERROR_NONE, i;
+ int rc = LIBSSH2_ERROR_NONE;
int err;
int seekerr = CURL_SEEKFUNC_OK;
*block = 0; /* we're not blocking by default */
@@ -694,35 +729,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
* against our known hosts. How that is handled (reading from file,
* whatever) is up to us.
*/
- fingerprint = libssh2_hostkey_hash(sshc->ssh_session,
- LIBSSH2_HOSTKEY_HASH_MD5);
-
- /* The fingerprint points to static storage (!), don't free() it. */
- for(i = 0; i < 16; i++)
- snprintf(&md5buffer[i*2], 3, "%02x", (unsigned char) fingerprint[i]);
- infof(data, "SSH MD5 fingerprint: %s\n", md5buffer);
-
- /* Before we authenticate we check the hostkey's MD5 fingerprint
- * against a known fingerprint, if available.
- */
- if(data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5] &&
- strlen(data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5]) == 32) {
- if(!strequal(md5buffer,
- data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5])) {
- failf(data,
- "Denied establishing ssh session: mismatch md5 fingerprint. "
- "Remote %s is not equal to %s",
- md5buffer, data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5]);
- state(conn, SSH_SESSION_FREE);
- result = sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION;
- }
- else
- infof(data, "MD5 checksum match!\n");
- /* as we already matched, we skip the check for known hosts */
- }
- else
- result = ssh_knownhost(conn);
-
+ result = ssh_check_fingerprint(conn);
if(!result)
state(conn, SSH_AUTHLIST);
break;
--
1.7.1
From f05e51362f310cb04b0ad8d086b9cf693aad5c9d Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Wed, 12 Sep 2012 16:18:36 +0200
Subject: [PATCH 2/3] ssh: do not crash if MD5 fingerprint is not provided by libssh2
The MD5 fingerprint cannot be computed when running in FIPS mode.
---
lib/ssh.c | 22 ++++++++++++++--------
1 files changed, 14 insertions(+), 8 deletions(-)
diff --git a/lib/ssh.c b/lib/ssh.c
index 4455d44..466566c 100644
--- a/lib/ssh.c
+++ b/lib/ssh.c
@@ -646,19 +646,25 @@ static bool ssh_check_fingerprint(struct connectdata *conn)
const char *fingerprint = libssh2_hostkey_hash(sshc->ssh_session,
LIBSSH2_HOSTKEY_HASH_MD5);
- /* The fingerprint points to static storage (!), don't free() it. */
- for(i = 0; i < 16; i++)
- snprintf(&md5buffer[i*2], 3, "%02x", (unsigned char) fingerprint[i]);
- infof(data, "SSH MD5 fingerprint: %s\n", md5buffer);
+ if(fingerprint) {
+ /* The fingerprint points to static storage (!), don't free() it. */
+ for(i = 0; i < 16; i++)
+ snprintf(&md5buffer[i*2], 3, "%02x", (unsigned char) fingerprint[i]);
+ infof(data, "SSH MD5 fingerprint: %s\n", md5buffer);
+ }
/* Before we authenticate we check the hostkey's MD5 fingerprint
* against a known fingerprint, if available.
*/
if(pubkey_md5 && strlen(pubkey_md5) == 32) {
- if(!strequal(md5buffer, pubkey_md5)) {
- failf(data,
- "Denied establishing ssh session: mismatch md5 fingerprint. "
- "Remote %s is not equal to %s", md5buffer, pubkey_md5);
+ if(!fingerprint || !strequal(md5buffer, pubkey_md5)) {
+ if(fingerprint)
+ failf(data,
+ "Denied establishing ssh session: mismatch md5 fingerprint. "
+ "Remote %s is not equal to %s", md5buffer, pubkey_md5);
+ else
+ failf(data,
+ "Denied establishing ssh session: md5 fingerprint not available");
state(conn, SSH_SESSION_FREE);
sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION;
return sshc->actualcode;
--
1.7.1
From 1ab6c353635760e8e25bacc13ae0cab2f97f7338 Mon Sep 17 00:00:00 2001
From: Marc Hoersken <info@marc-hoersken.de>
Date: Fri, 14 Sep 2012 14:48:55 +0200
Subject: [PATCH 3/3] ssh.c: Fixed warning: implicit conversion from enumeration type
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
lib/ssh.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/ssh.c b/lib/ssh.c
index 466566c..e8b7172 100644
--- a/lib/ssh.c
+++ b/lib/ssh.c
@@ -635,7 +635,7 @@ static CURLcode ssh_knownhost(struct connectdata *conn)
return result;
}
-static bool ssh_check_fingerprint(struct connectdata *conn)
+static CURLcode ssh_check_fingerprint(struct connectdata *conn)
{
struct ssh_conn *sshc = &conn->proto.sshc;
struct SessionHandle *data = conn->data;
@@ -736,7 +736,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
* whatever) is up to us.
*/
result = ssh_check_fingerprint(conn);
- if(!result)
+ if(result == CURLE_OK)
state(conn, SSH_AUTHLIST);
break;
--
1.7.1

15
0102-curl-7.27.0-debug.patch → 0102-curl-7.28.0-debug.patch
View File

@ -1,12 +1,18 @@
From 6710648c2b270c9ce68a7d9f1bba1222c7be8b58 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Wed, 31 Oct 2012 11:38:30 +0100
Subject: [PATCH] prevent configure script from discarding -g in CFLAGS (#496778)
---
configure | 15 ++++-----------
m4/curl-compilers.m4 | 15 ++++-----------
2 files changed, 8 insertions(+), 22 deletions(-)
diff --git a/configure b/configure
index d3ecf69..6d8f085 100755
index 8f079a3..53b4774 100755
--- a/configure
+++ b/configure
@@ -15093,18 +15093,11 @@ $as_echo "yes" >&6; }
@@ -15090,18 +15090,11 @@ $as_echo "yes" >&6; }
gccvhi=`echo $gccver | cut -d . -f1`
gccvlo=`echo $gccver | cut -d . -f2`
compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`
@ -30,7 +36,7 @@ index d3ecf69..6d8f085 100755
if test -z "$SED"; then
diff --git a/m4/curl-compilers.m4 b/m4/curl-compilers.m4
index 1ea4d17..868d65a 100644
index 0cbba7a..9175b5b 100644
--- a/m4/curl-compilers.m4
+++ b/m4/curl-compilers.m4
@@ -148,18 +148,11 @@ AC_DEFUN([CURL_CHECK_COMPILER_GNU_C], [
@ -56,3 +62,6 @@ index 1ea4d17..868d65a 100644
flags_opt_off="-O0"
CURL_CHECK_DEF([_WIN32], [], [silent])
else
--
1.7.1

41
0108-curl-7.27.0-utf8.patch → 0108-curl-7.28.0-utf8.patch
View File

@ -1,12 +1,29 @@
From c6246783cf347652f70d95c0562dd411747e9d53 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Wed, 31 Oct 2012 11:40:30 +0100
Subject: [PATCH] Fix character encoding of docs
..., which are of mixed encoding originally so a simple iconv can't
fix them.
---
CHANGES | 16 ++++++++--------
README | 2 +-
2 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/CHANGES b/CHANGES
index 2335841..d4d37c2 100644
index 4568408..5fc1652 100644
--- a/CHANGES
+++ b/CHANGES
@@ -272,7 +272,7 @@ Daniel Stenberg (9 Jul 2012)
@@ -338,7 +338,7 @@ Daniel Stenberg (8 Sep 2012)
- test1411: verify SMTP without SIZE support
-- [František Kučera brought this change]
+- [František Kučera brought this change]
SMTP: only send SIZE if supported
@@ -1094,7 +1094,7 @@ Daniel Stenberg (9 Jul 2012)
- cookie: fixed typo in comment
@ -15,7 +32,7 @@ index 2335841..d4d37c2 100644
https_getsock: provided for schannel backend as well
@@ -454,7 +454,7 @@ Yang Tse (3 Jul 2012)
@@ -1276,7 +1276,7 @@ Yang Tse (3 Jul 2012)
testcurl.pl: fix missing semicolon
Daniel Stenberg (2 Jul 2012)
@ -24,7 +41,7 @@ index 2335841..d4d37c2 100644
unicode NTLM SSPI: heap corruption fixed
@@ -2563,18 +2563,18 @@ Daniel Stenberg (1 Apr 2012)
@@ -3385,18 +3385,18 @@ Daniel Stenberg (1 Apr 2012)
Reported by: Michael Wallner
Steve Holme (31 Mar 2012)
@ -46,7 +63,7 @@ index 2335841..d4d37c2 100644
md5: Add support for calculating the md5 sum of buffers incrementally
@@ -3866,7 +3866,7 @@ Daniel Stenberg (20 Dec 2011)
@@ -4688,7 +4688,7 @@ Daniel Stenberg (20 Dec 2011)
This offers an alternative to the existing Curl_socket_ready() API which
only checks one socket for read and one for write.
@ -55,7 +72,7 @@ index 2335841..d4d37c2 100644
curl.h: add __ANDROID__ macro check
@@ -4079,7 +4079,7 @@ Daniel Stenberg (12 Dec 2011)
@@ -4901,7 +4901,7 @@ Daniel Stenberg (12 Dec 2011)
linking with a static openssl requires a set of more libs to be linked
on Windows.
@ -64,15 +81,6 @@ index 2335841..d4d37c2 100644
Bug: http://curl.haxx.se/mail/lib-2011-12/0063.html
Reported by: Ward Willats
@@ -5333,7 +5333,7 @@ Daniel Stenberg (25 Sep 2011)
damaging.
Bug: http://curl.haxx.se/bug/view.cgi?id=3413181
- Reported by: Taneli Vähäkangas
+ Reported by: Taneli Vähäkangas
Yang Tse (24 Sep 2011)
- curl tool: fix a compiler warning
diff --git a/README b/README
index 2ffacc3..cfd6760 100644
--- a/README
@ -84,3 +92,6 @@ index 2ffacc3..cfd6760 100644
- Kungliga Tekniska Högskolan. This notice is included here to comply with the
+ Kungliga Tekniska Högskolan. This notice is included here to comply with the
distribution terms.
--
1.7.1

7
curl-7.27.0.tar.lzma.asc
View File

@ -1,7 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEABECAAYFAlATBJgACgkQeOEcayedXJG7qwCgpx6vCgDNTRZ2th1SnQw+V8WD
eIQAn1FrMLQyxZIF/9oDW67e4jnctUV4
=31wG
-----END PGP SIGNATURE-----

7
curl-7.28.0.tar.lzma.asc Normal file
View File

@ -0,0 +1,7 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEABECAAYFAlB11D8ACgkQeOEcayedXJFNwwCg6vTYyoB5HjHRmfk8qdCMfrfv
HZ0AmgOtmiIPJvhrXxV7TtcByz9u5qm8
=VJDk
-----END PGP SIGNATURE-----

24
curl.spec
View File

@ -1,24 +1,18 @@
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
Name: curl
Version: 7.27.0
Release: 3%{?dist}
Version: 7.28.0
Release: 1%{?dist}
License: MIT
Group: Applications/Internet
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
Source2: curlbuild.h
Source3: hide_selinux.c
# eliminate unnecessary inotify events on upload via file protocol (#844385)
Patch1: 0001-curl-7.27.0-1f8518c5.patch
# do not crash if MD5 fingerprint is not provided by libssh2
Patch2: 0002-curl-7.27.0-f05e5136.patch
# patch making libcurl multilib ready
Patch101: 0101-curl-7.27.0-multilib.patch
# prevent configure script from discarding -g in CFLAGS (#496778)
Patch102: 0102-curl-7.27.0-debug.patch
Patch102: 0102-curl-7.28.0-debug.patch
# use localhost6 instead of ip6-localhost in the curl test-suite
Patch104: 0104-curl-7.19.7-localhost6.patch
@ -31,7 +25,7 @@ Patch107: 0107-curl-7.21.4-libidn-valgrind.patch
# Fix character encoding of docs, which are of mixed encoding originally so
# a simple iconv can't fix them
Patch108: 0108-curl-7.27.0-utf8.patch
Patch108: 0108-curl-7.28.0-utf8.patch
Provides: webclient
URL: http://curl.haxx.se/
@ -107,8 +101,6 @@ documentation of the library, too.
%setup -q
# upstream patches
%patch1 -p1
%patch2 -p1
# Fedora patches
%patch101 -p1
@ -123,8 +115,9 @@ cd tests/data/
sed -i s/899\\\([0-9]\\\)/%{?__isa_bits}9\\1/ test*
cd -
# disable test 1112 (#565305)
echo "1112" >> tests/data/DISABLED
# disable test 1112 (#565305) and test 2032
# <http://thread.gmane.org/gmane.comp.web.curl.library/37087>
printf "1112\n2032\n" >> tests/data/DISABLED
# disable test 1319 on ppc64 (server times out)
%ifarch ppc64
@ -232,6 +225,9 @@ rm -rf $RPM_BUILD_ROOT
%{_datadir}/aclocal/libcurl.m4
%changelog
* Wed Oct 31 2012 Kamil Dudka <kdudka@redhat.com> 7.28.0-1
- new upstream release
* Mon Oct 01 2012 Kamil Dudka <kdudka@redhat.com> 7.27.0-3
- use the upstream facility to disable problematic tests
- do not crash if MD5 fingerprint is not provided by libssh2

2
sources
View File

@ -1 +1 @@
1b669875527ba4b943a0cdb5b255a02c curl-7.27.0.tar.lzma
f8a9f99d9db71d8ce1d2c4ccea3c3850 curl-7.28.0.tar.lzma