new upstream release
This commit is contained in:
parent
7302a82c4c
commit
23fcdc59a1
@ -1,588 +0,0 @@
|
|||||||
From 944d7ff57fbda967db73114c2c8d49eff3f83160 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Kamil Dudka <kdudka@redhat.com>
|
|
||||||
Date: Fri, 6 Apr 2012 16:05:25 +0200
|
|
||||||
Subject: [PATCH 1/2] nss: unconditionally require PK11_CreateGenericObject()
|
|
||||||
|
|
||||||
This bumps the minimal supported version of NSS to 3.12.x.
|
|
||||||
|
|
||||||
[upstream commit 42aa7961]
|
|
||||||
|
|
||||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
|
||||||
---
|
|
||||||
configure | 64 +++++++---------------------------------------
|
|
||||||
configure.ac | 10 +------
|
|
||||||
docs/INTERNALS | 2 +-
|
|
||||||
lib/config-symbian.h | 3 --
|
|
||||||
lib/config-vxworks.h | 3 --
|
|
||||||
lib/curl_config.h.cmake | 3 --
|
|
||||||
lib/curl_config.h.in | 3 --
|
|
||||||
lib/nss.c | 30 +--------------------
|
|
||||||
lib/urldata.h | 2 -
|
|
||||||
9 files changed, 15 insertions(+), 105 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/configure b/configure
|
|
||||||
index 8b0b30a..d20dab3 100755
|
|
||||||
--- a/configure
|
|
||||||
+++ b/configure
|
|
||||||
@@ -672,7 +672,6 @@ CURL_CA_BUNDLE
|
|
||||||
SSL_ENABLED
|
|
||||||
USE_AXTLS
|
|
||||||
USE_NSS
|
|
||||||
-HAVE_PK11_CREATEGENERICOBJECT
|
|
||||||
USE_CYASSL
|
|
||||||
USE_POLARSSL
|
|
||||||
HAVE_GNUTLS_SRP
|
|
||||||
@@ -22530,49 +22529,6 @@ $as_echo "found" >&6; }
|
|
||||||
nssprefix=$OPT_NSS
|
|
||||||
fi
|
|
||||||
|
|
||||||
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for PK11_CreateGenericObject in -lnss3" >&5
|
|
||||||
-$as_echo_n "checking for PK11_CreateGenericObject in -lnss3... " >&6; }
|
|
||||||
-if test "${ac_cv_lib_nss3_PK11_CreateGenericObject+set}" = set; then :
|
|
||||||
- $as_echo_n "(cached) " >&6
|
|
||||||
-else
|
|
||||||
- ac_check_lib_save_LIBS=$LIBS
|
|
||||||
-LIBS="-lnss3 $LIBS"
|
|
||||||
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
|
||||||
-/* end confdefs.h. */
|
|
||||||
-
|
|
||||||
-
|
|
||||||
-#ifdef __cplusplus
|
|
||||||
-extern "C"
|
|
||||||
-#endif
|
|
||||||
-char PK11_CreateGenericObject ();
|
|
||||||
-int main (void)
|
|
||||||
-{
|
|
||||||
-return PK11_CreateGenericObject ();
|
|
||||||
- ;
|
|
||||||
- return 0;
|
|
||||||
-}
|
|
||||||
-_ACEOF
|
|
||||||
-if ac_fn_c_try_link "$LINENO"; then :
|
|
||||||
- ac_cv_lib_nss3_PK11_CreateGenericObject=yes
|
|
||||||
-else
|
|
||||||
- ac_cv_lib_nss3_PK11_CreateGenericObject=no
|
|
||||||
-fi
|
|
||||||
-rm -f core conftest.err conftest.$ac_objext \
|
|
||||||
- conftest$ac_exeext conftest.$ac_ext
|
|
||||||
-LIBS=$ac_check_lib_save_LIBS
|
|
||||||
-fi
|
|
||||||
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nss3_PK11_CreateGenericObject" >&5
|
|
||||||
-$as_echo "$ac_cv_lib_nss3_PK11_CreateGenericObject" >&6; }
|
|
||||||
-if test "x$ac_cv_lib_nss3_PK11_CreateGenericObject" = x""yes; then :
|
|
||||||
-
|
|
||||||
-
|
|
||||||
-$as_echo "#define HAVE_PK11_CREATEGENERICOBJECT 1" >>confdefs.h
|
|
||||||
-
|
|
||||||
- HAVE_PK11_CREATEGENERICOBJECT=1
|
|
||||||
-
|
|
||||||
-
|
|
||||||
-fi
|
|
||||||
-
|
|
||||||
if test -n "$addlib"; then
|
|
||||||
|
|
||||||
CLEANLIBS="$LIBS"
|
|
||||||
@@ -22583,9 +22539,9 @@ fi
|
|
||||||
CPPFLAGS="$CPPFLAGS $addcflags"
|
|
||||||
fi
|
|
||||||
|
|
||||||
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for NSS_Initialize in -lnss3" >&5
|
|
||||||
-$as_echo_n "checking for NSS_Initialize in -lnss3... " >&6; }
|
|
||||||
-if test "${ac_cv_lib_nss3_NSS_Initialize+set}" = set; then :
|
|
||||||
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for PK11_CreateGenericObject in -lnss3" >&5
|
|
||||||
+$as_echo_n "checking for PK11_CreateGenericObject in -lnss3... " >&6; }
|
|
||||||
+if test "${ac_cv_lib_nss3_PK11_CreateGenericObject+set}" = set; then :
|
|
||||||
$as_echo_n "(cached) " >&6
|
|
||||||
else
|
|
||||||
ac_check_lib_save_LIBS=$LIBS
|
|
||||||
@@ -22597,26 +22553,26 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
|
||||||
#ifdef __cplusplus
|
|
||||||
extern "C"
|
|
||||||
#endif
|
|
||||||
-char NSS_Initialize ();
|
|
||||||
+char PK11_CreateGenericObject ();
|
|
||||||
int main (void)
|
|
||||||
{
|
|
||||||
-return NSS_Initialize ();
|
|
||||||
+return PK11_CreateGenericObject ();
|
|
||||||
;
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
_ACEOF
|
|
||||||
if ac_fn_c_try_link "$LINENO"; then :
|
|
||||||
- ac_cv_lib_nss3_NSS_Initialize=yes
|
|
||||||
+ ac_cv_lib_nss3_PK11_CreateGenericObject=yes
|
|
||||||
else
|
|
||||||
- ac_cv_lib_nss3_NSS_Initialize=no
|
|
||||||
+ ac_cv_lib_nss3_PK11_CreateGenericObject=no
|
|
||||||
fi
|
|
||||||
rm -f core conftest.err conftest.$ac_objext \
|
|
||||||
conftest$ac_exeext conftest.$ac_ext
|
|
||||||
LIBS=$ac_check_lib_save_LIBS
|
|
||||||
fi
|
|
||||||
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nss3_NSS_Initialize" >&5
|
|
||||||
-$as_echo "$ac_cv_lib_nss3_NSS_Initialize" >&6; }
|
|
||||||
-if test "x$ac_cv_lib_nss3_NSS_Initialize" = x""yes; then :
|
|
||||||
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nss3_PK11_CreateGenericObject" >&5
|
|
||||||
+$as_echo "$ac_cv_lib_nss3_PK11_CreateGenericObject" >&6; }
|
|
||||||
+if test "x$ac_cv_lib_nss3_PK11_CreateGenericObject" = x""yes; then :
|
|
||||||
|
|
||||||
|
|
||||||
$as_echo "#define USE_NSS 1" >>confdefs.h
|
|
||||||
diff --git a/configure.ac b/configure.ac
|
|
||||||
index 631563d..1b48f7b 100644
|
|
||||||
--- a/configure.ac
|
|
||||||
+++ b/configure.ac
|
|
||||||
@@ -2079,13 +2079,6 @@ if test "$OPENSSL_ENABLED" != "1" -a "$GNUTLS_ENABLED" != "1"; then
|
|
||||||
nssprefix=$OPT_NSS
|
|
||||||
fi
|
|
||||||
|
|
||||||
- dnl Check for functionPK11_CreateGenericObject
|
|
||||||
- dnl this is needed for using the PEM PKCS#11 module
|
|
||||||
- AC_CHECK_LIB(nss3, PK11_CreateGenericObject,
|
|
||||||
- [
|
|
||||||
- AC_DEFINE(HAVE_PK11_CREATEGENERICOBJECT, 1, [if you have the function PK11_CreateGenericObject])
|
|
||||||
- AC_SUBST(HAVE_PK11_CREATEGENERICOBJECT, [1])
|
|
||||||
- ])
|
|
||||||
if test -n "$addlib"; then
|
|
||||||
|
|
||||||
CLEANLIBS="$LIBS"
|
|
||||||
@@ -2096,7 +2089,8 @@ if test "$OPENSSL_ENABLED" != "1" -a "$GNUTLS_ENABLED" != "1"; then
|
|
||||||
CPPFLAGS="$CPPFLAGS $addcflags"
|
|
||||||
fi
|
|
||||||
|
|
||||||
- AC_CHECK_LIB(nss3, NSS_Initialize,
|
|
||||||
+ dnl The function PK11_CreateGenericObject is needed to load libnsspem.so
|
|
||||||
+ AC_CHECK_LIB(nss3, PK11_CreateGenericObject,
|
|
||||||
[
|
|
||||||
AC_DEFINE(USE_NSS, 1, [if NSS is enabled])
|
|
||||||
AC_SUBST(USE_NSS, [1])
|
|
||||||
diff --git a/docs/INTERNALS b/docs/INTERNALS
|
|
||||||
index 39c4df7..8024ea8 100644
|
|
||||||
--- a/docs/INTERNALS
|
|
||||||
+++ b/docs/INTERNALS
|
|
||||||
@@ -43,7 +43,7 @@ Portability
|
|
||||||
openldap 2.0
|
|
||||||
MIT krb5 lib 1.2.4
|
|
||||||
qsossl V5R2M0
|
|
||||||
- NSS 3.11.x
|
|
||||||
+ NSS 3.12.x
|
|
||||||
axTLS 1.2.7
|
|
||||||
Heimdal ?
|
|
||||||
|
|
||||||
diff --git a/lib/config-symbian.h b/lib/config-symbian.h
|
|
||||||
index 24ed733..417025a 100644
|
|
||||||
--- a/lib/config-symbian.h
|
|
||||||
+++ b/lib/config-symbian.h
|
|
||||||
@@ -400,9 +400,6 @@
|
|
||||||
/* Define to 1 if you have the `pipe' function. */
|
|
||||||
#define HAVE_PIPE 1
|
|
||||||
|
|
||||||
-/* if you have the function PK11_CreateGenericObject */
|
|
||||||
-/* #undef HAVE_PK11_CREATEGENERICOBJECT */
|
|
||||||
-
|
|
||||||
/* Define to 1 if you have the `poll' function. */
|
|
||||||
/*#define HAVE_POLL 1*/
|
|
||||||
|
|
||||||
diff --git a/lib/config-vxworks.h b/lib/config-vxworks.h
|
|
||||||
index 8e2d05a..9149507 100644
|
|
||||||
--- a/lib/config-vxworks.h
|
|
||||||
+++ b/lib/config-vxworks.h
|
|
||||||
@@ -469,9 +469,6 @@
|
|
||||||
/* Define to 1 if you have the `pipe' function. */
|
|
||||||
#define HAVE_PIPE 1
|
|
||||||
|
|
||||||
-/* if you have the function PK11_CreateGenericObject */
|
|
||||||
-/* #undef HAVE_PK11_CREATEGENERICOBJECT */
|
|
||||||
-
|
|
||||||
/* Define to 1 if you have a working poll function. */
|
|
||||||
/* #undef HAVE_POLL */
|
|
||||||
|
|
||||||
diff --git a/lib/curl_config.h.cmake b/lib/curl_config.h.cmake
|
|
||||||
index a321302..88b4de2 100644
|
|
||||||
--- a/lib/curl_config.h.cmake
|
|
||||||
+++ b/lib/curl_config.h.cmake
|
|
||||||
@@ -444,9 +444,6 @@
|
|
||||||
/* Define to 1 if you have the `pipe' function. */
|
|
||||||
#cmakedefine HAVE_PIPE ${HAVE_PIPE}
|
|
||||||
|
|
||||||
-/* if you have the function PK11_CreateGenericObject */
|
|
||||||
-#cmakedefine HAVE_PK11_CREATEGENERICOBJECT ${HAVE_PK11_CREATEGENERICOBJECT}
|
|
||||||
-
|
|
||||||
/* Define to 1 if you have a working poll function. */
|
|
||||||
#cmakedefine HAVE_POLL ${HAVE_POLL}
|
|
||||||
|
|
||||||
diff --git a/lib/curl_config.h.in b/lib/curl_config.h.in
|
|
||||||
index 5823939..e79c364 100644
|
|
||||||
--- a/lib/curl_config.h.in
|
|
||||||
+++ b/lib/curl_config.h.in
|
|
||||||
@@ -506,9 +506,6 @@
|
|
||||||
/* Define to 1 if you have the `pipe' function. */
|
|
||||||
#undef HAVE_PIPE
|
|
||||||
|
|
||||||
-/* if you have the function PK11_CreateGenericObject */
|
|
||||||
-#undef HAVE_PK11_CREATEGENERICOBJECT
|
|
||||||
-
|
|
||||||
/* Define to 1 if you have a working poll function. */
|
|
||||||
#undef HAVE_POLL
|
|
||||||
|
|
||||||
diff --git a/lib/nss.c b/lib/nss.c
|
|
||||||
index 8f6da50..6108917 100644
|
|
||||||
--- a/lib/nss.c
|
|
||||||
+++ b/lib/nss.c
|
|
||||||
@@ -170,9 +170,7 @@ static const int enable_ciphers_by_default[] = {
|
|
||||||
SSL_NULL_WITH_NULL_NULL
|
|
||||||
};
|
|
||||||
|
|
||||||
-#ifdef HAVE_PK11_CREATEGENERICOBJECT
|
|
||||||
static const char* pem_library = "libnsspem.so";
|
|
||||||
-#endif
|
|
||||||
SECMODModule* mod = NULL;
|
|
||||||
|
|
||||||
static SECStatus set_ciphers(struct SessionHandle *data, PRFileDesc * model,
|
|
||||||
@@ -305,7 +303,6 @@ static char* dup_nickname(struct SessionHandle *data, enum dupstring cert_kind)
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
-#ifdef HAVE_PK11_CREATEGENERICOBJECT
|
|
||||||
/* Call PK11_CreateGenericObject() with the given obj_class and filename. If
|
|
||||||
* the call succeeds, append the object handle to the list of objects so that
|
|
||||||
* the object can be destroyed in Curl_nss_close(). */
|
|
||||||
@@ -369,7 +366,6 @@ static void nss_destroy_object(void *user, void *ptr)
|
|
||||||
(void) user;
|
|
||||||
PK11_DestroyGenericObject(obj);
|
|
||||||
}
|
|
||||||
-#endif
|
|
||||||
|
|
||||||
static CURLcode nss_load_cert(struct ssl_connect_data *ssl,
|
|
||||||
const char *filename, PRBool cacert)
|
|
||||||
@@ -378,7 +374,6 @@ static CURLcode nss_load_cert(struct ssl_connect_data *ssl,
|
|
||||||
? CURLE_SSL_CACERT_BADFILE
|
|
||||||
: CURLE_SSL_CERTPROBLEM;
|
|
||||||
|
|
||||||
-#ifdef HAVE_PK11_CREATEGENERICOBJECT
|
|
||||||
/* libnsspem.so leaks memory if the requested file does not exist. For more
|
|
||||||
* details, go to <https://bugzilla.redhat.com/734760>. */
|
|
||||||
if(is_file(filename))
|
|
||||||
@@ -405,7 +400,6 @@ static CURLcode nss_load_cert(struct ssl_connect_data *ssl,
|
|
||||||
free(nickname);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
-#endif
|
|
||||||
|
|
||||||
return err;
|
|
||||||
}
|
|
||||||
@@ -499,10 +493,10 @@ fail:
|
|
||||||
static CURLcode nss_load_key(struct connectdata *conn, int sockindex,
|
|
||||||
char *key_file)
|
|
||||||
{
|
|
||||||
-#ifdef HAVE_PK11_CREATEGENERICOBJECT
|
|
||||||
PK11SlotInfo *slot;
|
|
||||||
SECStatus status;
|
|
||||||
struct ssl_connect_data *ssl = conn->ssl;
|
|
||||||
+ (void)sockindex; /* unused */
|
|
||||||
|
|
||||||
CURLcode rv = nss_create_object(ssl, CKO_PRIVATE_KEY, key_file, FALSE);
|
|
||||||
if(CURLE_OK != rv) {
|
|
||||||
@@ -524,15 +518,6 @@ static CURLcode nss_load_key(struct connectdata *conn, int sockindex,
|
|
||||||
return (SECSuccess == status)
|
|
||||||
? CURLE_OK
|
|
||||||
: CURLE_SSL_CERTPROBLEM;
|
|
||||||
-#else
|
|
||||||
- /* If we don't have PK11_CreateGenericObject then we can't load a file-based
|
|
||||||
- * key.
|
|
||||||
- */
|
|
||||||
- (void)conn; /* unused */
|
|
||||||
- (void)key_file; /* unused */
|
|
||||||
- return CURLE_SSL_CERTPROBLEM;
|
|
||||||
-#endif
|
|
||||||
- (void)sockindex; /* unused */
|
|
||||||
}
|
|
||||||
|
|
||||||
static int display_error(struct connectdata *conn, PRInt32 err,
|
|
||||||
@@ -775,7 +760,6 @@ static SECStatus SelectClientCert(void *arg, PRFileDesc *sock,
|
|
||||||
struct SessionHandle *data = connssl->data;
|
|
||||||
const char *nickname = connssl->client_nickname;
|
|
||||||
|
|
||||||
-#ifdef HAVE_PK11_CREATEGENERICOBJECT
|
|
||||||
if(connssl->obj_clicert) {
|
|
||||||
/* use the cert/key provided by PEM reader */
|
|
||||||
static const char pem_slotname[] = "PEM Token #1";
|
|
||||||
@@ -815,7 +799,6 @@ static SECStatus SelectClientCert(void *arg, PRFileDesc *sock,
|
|
||||||
display_cert_info(data, *pRetCert);
|
|
||||||
return SECSuccess;
|
|
||||||
}
|
|
||||||
-#endif
|
|
||||||
|
|
||||||
/* use the default NSS hook */
|
|
||||||
if(SECSuccess != NSS_GetClientAuthData((void *)nickname, sock, caNames,
|
|
||||||
@@ -1053,12 +1036,11 @@ void Curl_nss_close(struct connectdata *conn, int sockindex)
|
|
||||||
* next time to the same server */
|
|
||||||
SSL_InvalidateSession(connssl->handle);
|
|
||||||
}
|
|
||||||
-#ifdef HAVE_PK11_CREATEGENERICOBJECT
|
|
||||||
/* destroy all NSS objects in order to avoid failure of NSS shutdown */
|
|
||||||
Curl_llist_destroy(connssl->obj_list, NULL);
|
|
||||||
connssl->obj_list = NULL;
|
|
||||||
connssl->obj_clicert = NULL;
|
|
||||||
-#endif
|
|
||||||
+
|
|
||||||
PR_Close(connssl->handle);
|
|
||||||
connssl->handle = NULL;
|
|
||||||
}
|
|
||||||
@@ -1173,12 +1155,10 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
|
|
||||||
|
|
||||||
connssl->data = data;
|
|
||||||
|
|
||||||
-#ifdef HAVE_PK11_CREATEGENERICOBJECT
|
|
||||||
/* list of all NSS objects we need to destroy in Curl_nss_close() */
|
|
||||||
connssl->obj_list = Curl_llist_alloc(nss_destroy_object);
|
|
||||||
if(!connssl->obj_list)
|
|
||||||
return CURLE_OUT_OF_MEMORY;
|
|
||||||
-#endif
|
|
||||||
|
|
||||||
/* FIXME. NSS doesn't support multiple databases open at the same time. */
|
|
||||||
PR_Lock(nss_initlock);
|
|
||||||
@@ -1190,7 +1170,6 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
|
|
||||||
|
|
||||||
curlerr = CURLE_SSL_CONNECT_ERROR;
|
|
||||||
|
|
||||||
-#ifdef HAVE_PK11_CREATEGENERICOBJECT
|
|
||||||
if(!mod) {
|
|
||||||
char *configstring = aprintf("library=%s name=PEM", pem_library);
|
|
||||||
if(!configstring) {
|
|
||||||
@@ -1209,7 +1188,6 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
|
|
||||||
"OpenSSL PEM certificates will not work.\n", pem_library);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
-#endif
|
|
||||||
|
|
||||||
PK11_SetPasswordFunc(nss_get_password);
|
|
||||||
PR_Unlock(nss_initlock);
|
|
||||||
@@ -1340,9 +1318,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
|
|
||||||
char *nickname = dup_nickname(data, STRING_CERT);
|
|
||||||
if(nickname) {
|
|
||||||
/* we are not going to use libnsspem.so to read the client cert */
|
|
||||||
-#ifdef HAVE_PK11_CREATEGENERICOBJECT
|
|
||||||
connssl->obj_clicert = NULL;
|
|
||||||
-#endif
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
CURLcode rv = cert_stuff(conn, sockindex, data->set.str[STRING_CERT],
|
|
||||||
@@ -1442,11 +1418,9 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
|
|
||||||
if(model)
|
|
||||||
PR_Close(model);
|
|
||||||
|
|
||||||
-#ifdef HAVE_PK11_CREATEGENERICOBJECT
|
|
||||||
/* cleanup on connection failure */
|
|
||||||
Curl_llist_destroy(connssl->obj_list, NULL);
|
|
||||||
connssl->obj_list = NULL;
|
|
||||||
-#endif
|
|
||||||
|
|
||||||
if(ssl3 && tlsv1 && isTLSIntoleranceError(err)) {
|
|
||||||
/* schedule reconnect through Curl_retry_request() */
|
|
||||||
diff --git a/lib/urldata.h b/lib/urldata.h
|
|
||||||
index 7830686..8b6023c 100644
|
|
||||||
--- a/lib/urldata.h
|
|
||||||
+++ b/lib/urldata.h
|
|
||||||
@@ -271,10 +271,8 @@ struct ssl_connect_data {
|
|
||||||
PRFileDesc *handle;
|
|
||||||
char *client_nickname;
|
|
||||||
struct SessionHandle *data;
|
|
||||||
-#ifdef HAVE_PK11_CREATEGENERICOBJECT
|
|
||||||
struct curl_llist *obj_list;
|
|
||||||
PK11GenericObject *obj_clicert;
|
|
||||||
-#endif
|
|
||||||
#endif /* USE_NSS */
|
|
||||||
#ifdef USE_QSOSSL
|
|
||||||
SSLHandle *handle;
|
|
||||||
--
|
|
||||||
1.7.1
|
|
||||||
|
|
||||||
|
|
||||||
From 1467ca453bc0feed5109227c09e8e47c2de079d1 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Kamil Dudka <kdudka@redhat.com>
|
|
||||||
Date: Tue, 10 Apr 2012 15:42:34 +0200
|
|
||||||
Subject: [PATCH 2/2] nss: use NSS_InitContext() to initialize NSS if available
|
|
||||||
|
|
||||||
NSS_InitContext() was introduced in NSS 3.12.5 and helps to prevent
|
|
||||||
collisions on NSS initialization/shutdown with other libraries.
|
|
||||||
|
|
||||||
Bug: https://bugzilla.redhat.com/738456
|
|
||||||
|
|
||||||
[upstream commit 20cb12db]
|
|
||||||
|
|
||||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
|
||||||
---
|
|
||||||
configure | 13 +++++++++++++
|
|
||||||
configure.ac | 8 ++++++++
|
|
||||||
lib/Makefile.in | 2 +-
|
|
||||||
lib/curl_config.h.in | 3 +++
|
|
||||||
lib/nss.c | 37 ++++++++++++++++++++++++++++++++++++-
|
|
||||||
5 files changed, 61 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/configure b/configure
|
|
||||||
index d20dab3..495f65a 100755
|
|
||||||
--- a/configure
|
|
||||||
+++ b/configure
|
|
||||||
@@ -671,6 +671,7 @@ USE_LIBSSH2
|
|
||||||
CURL_CA_BUNDLE
|
|
||||||
SSL_ENABLED
|
|
||||||
USE_AXTLS
|
|
||||||
+HAVE_NSS_INITCONTEXT
|
|
||||||
USE_NSS
|
|
||||||
USE_CYASSL
|
|
||||||
USE_POLARSSL
|
|
||||||
@@ -22595,6 +22596,18 @@ fi
|
|
||||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: detected NSS version $version" >&5
|
|
||||||
$as_echo "$as_me: detected NSS version $version" >&6;}
|
|
||||||
|
|
||||||
+ ac_fn_c_check_func "$LINENO" "NSS_InitContext" "ac_cv_func_NSS_InitContext"
|
|
||||||
+if test "x$ac_cv_func_NSS_InitContext" = x""yes; then :
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+$as_echo "#define HAVE_NSS_INITCONTEXT 1" >>confdefs.h
|
|
||||||
+
|
|
||||||
+ HAVE_NSS_INITCONTEXT=1
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+fi
|
|
||||||
+
|
|
||||||
+
|
|
||||||
if test "x$cross_compiling" != "xyes"; then
|
|
||||||
LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$nssprefix/lib$libsuff"
|
|
||||||
export LD_LIBRARY_PATH
|
|
||||||
diff --git a/configure.ac b/configure.ac
|
|
||||||
index 1b48f7b..54b0af3 100644
|
|
||||||
--- a/configure.ac
|
|
||||||
+++ b/configure.ac
|
|
||||||
@@ -2106,6 +2106,14 @@ if test "$OPENSSL_ENABLED" != "1" -a "$GNUTLS_ENABLED" != "1"; then
|
|
||||||
if test "x$USE_NSS" = "xyes"; then
|
|
||||||
AC_MSG_NOTICE([detected NSS version $version])
|
|
||||||
|
|
||||||
+ dnl NSS_InitContext() was introduced in NSS 3.12.5 and helps to prevent
|
|
||||||
+ dnl collisions on NSS initialization/shutdown with other libraries
|
|
||||||
+ AC_CHECK_FUNC(NSS_InitContext,
|
|
||||||
+ [
|
|
||||||
+ AC_DEFINE(HAVE_NSS_INITCONTEXT, 1, [if you have the NSS_InitContext function])
|
|
||||||
+ AC_SUBST(HAVE_NSS_INITCONTEXT, [1])
|
|
||||||
+ ])
|
|
||||||
+
|
|
||||||
dnl when shared libs were found in a path that the run-time
|
|
||||||
dnl linker doesn't search through, we need to add it to
|
|
||||||
dnl LD_LIBRARY_PATH to prevent further configure tests to fail
|
|
||||||
diff --git a/lib/Makefile.in b/lib/Makefile.in
|
|
||||||
index bdfd796..c4468ab 100644
|
|
||||||
--- a/lib/Makefile.in
|
|
||||||
+++ b/lib/Makefile.in
|
|
||||||
@@ -233,7 +233,7 @@ HAVE_LDAP_SSL = @HAVE_LDAP_SSL@
|
|
||||||
HAVE_LIBZ = @HAVE_LIBZ@
|
|
||||||
HAVE_LIBZ_FALSE = @HAVE_LIBZ_FALSE@
|
|
||||||
HAVE_LIBZ_TRUE = @HAVE_LIBZ_TRUE@
|
|
||||||
-HAVE_PK11_CREATEGENERICOBJECT = @HAVE_PK11_CREATEGENERICOBJECT@
|
|
||||||
+HAVE_NSS_INITCONTEXT = @HAVE_NSS_INITCONTEXT@
|
|
||||||
HAVE_SSLEAY_SRP = @HAVE_SSLEAY_SRP@
|
|
||||||
IDN_ENABLED = @IDN_ENABLED@
|
|
||||||
INSTALL_DATA = @INSTALL_DATA@
|
|
||||||
diff --git a/lib/curl_config.h.in b/lib/curl_config.h.in
|
|
||||||
index e79c364..a613f7d 100644
|
|
||||||
--- a/lib/curl_config.h.in
|
|
||||||
+++ b/lib/curl_config.h.in
|
|
||||||
@@ -469,6 +469,9 @@
|
|
||||||
/* Define to 1 if NI_WITHSCOPEID exists and works. */
|
|
||||||
#undef HAVE_NI_WITHSCOPEID
|
|
||||||
|
|
||||||
+/* if you have the NSS_InitContext function */
|
|
||||||
+#undef HAVE_NSS_INITCONTEXT
|
|
||||||
+
|
|
||||||
/* if you have an old MIT gssapi library, lacking GSS_C_NT_HOSTBASED_SERVICE
|
|
||||||
*/
|
|
||||||
#undef HAVE_OLD_GSSMIT
|
|
||||||
diff --git a/lib/nss.c b/lib/nss.c
|
|
||||||
index 6108917..16127ee 100644
|
|
||||||
--- a/lib/nss.c
|
|
||||||
+++ b/lib/nss.c
|
|
||||||
@@ -78,6 +78,9 @@ PRFileDesc *PR_ImportTCPSocket(PRInt32 osfd);
|
|
||||||
|
|
||||||
PRLock * nss_initlock = NULL;
|
|
||||||
PRLock * nss_crllock = NULL;
|
|
||||||
+#ifdef HAVE_NSS_INITCONTEXT
|
|
||||||
+NSSInitContext * nss_context = NULL;
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
volatile int initialized = 0;
|
|
||||||
|
|
||||||
@@ -861,29 +864,56 @@ isTLSIntoleranceError(PRInt32 err)
|
|
||||||
|
|
||||||
static CURLcode nss_init_core(struct SessionHandle *data, const char *cert_dir)
|
|
||||||
{
|
|
||||||
+#ifdef HAVE_NSS_INITCONTEXT
|
|
||||||
+ if(nss_context != NULL)
|
|
||||||
+ return CURLE_OK;
|
|
||||||
+
|
|
||||||
+ NSSInitParameters initparams;
|
|
||||||
+ memset((void *) &initparams, '\0', sizeof(initparams));
|
|
||||||
+ initparams.length = sizeof(initparams);
|
|
||||||
+#else /* HAVE_NSS_INITCONTEXT */
|
|
||||||
+ SECStatus rv;
|
|
||||||
+
|
|
||||||
if(NSS_IsInitialized())
|
|
||||||
return CURLE_OK;
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
if(cert_dir) {
|
|
||||||
- SECStatus rv;
|
|
||||||
const bool use_sql = NSS_VersionCheck("3.12.0");
|
|
||||||
char *certpath = aprintf("%s%s", use_sql ? "sql:" : "", cert_dir);
|
|
||||||
if(!certpath)
|
|
||||||
return CURLE_OUT_OF_MEMORY;
|
|
||||||
|
|
||||||
infof(data, "Initializing NSS with certpath: %s\n", certpath);
|
|
||||||
+#ifdef HAVE_NSS_INITCONTEXT
|
|
||||||
+ nss_context = NSS_InitContext(certpath, "", "", "", &initparams,
|
|
||||||
+ NSS_INIT_READONLY | NSS_INIT_PK11RELOAD);
|
|
||||||
+ free(certpath);
|
|
||||||
+
|
|
||||||
+ if(nss_context != NULL)
|
|
||||||
+ return CURLE_OK;
|
|
||||||
+#else /* HAVE_NSS_INITCONTEXT */
|
|
||||||
rv = NSS_Initialize(certpath, "", "", "", NSS_INIT_READONLY);
|
|
||||||
free(certpath);
|
|
||||||
|
|
||||||
if(rv == SECSuccess)
|
|
||||||
return CURLE_OK;
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
infof(data, "Unable to initialize NSS database\n");
|
|
||||||
}
|
|
||||||
|
|
||||||
infof(data, "Initializing NSS with certpath: none\n");
|
|
||||||
+#ifdef HAVE_NSS_INITCONTEXT
|
|
||||||
+ nss_context = NSS_InitContext("", "", "", "", &initparams, NSS_INIT_READONLY
|
|
||||||
+ | NSS_INIT_NOCERTDB | NSS_INIT_NOMODDB | NSS_INIT_FORCEOPEN
|
|
||||||
+ | NSS_INIT_NOROOTINIT | NSS_INIT_OPTIMIZESPACE | NSS_INIT_PK11RELOAD);
|
|
||||||
+ if(nss_context != NULL)
|
|
||||||
+ return CURLE_OK;
|
|
||||||
+#else /* HAVE_NSS_INITCONTEXT */
|
|
||||||
if(NSS_NoDB_Init(NULL) == SECSuccess)
|
|
||||||
return CURLE_OK;
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
infof(data, "Unable to initialize NSS\n");
|
|
||||||
return CURLE_SSL_CACERT_BADFILE;
|
|
||||||
@@ -979,7 +1009,12 @@ void Curl_nss_cleanup(void)
|
|
||||||
SECMOD_DestroyModule(mod);
|
|
||||||
mod = NULL;
|
|
||||||
}
|
|
||||||
+#ifdef HAVE_NSS_INITCONTEXT
|
|
||||||
+ NSS_ShutdownContext(nss_context);
|
|
||||||
+ nss_context = NULL;
|
|
||||||
+#else /* HAVE_NSS_INITCONTEXT */
|
|
||||||
NSS_Shutdown();
|
|
||||||
+#endif
|
|
||||||
}
|
|
||||||
PR_Unlock(nss_initlock);
|
|
||||||
|
|
||||||
--
|
|
||||||
1.7.1
|
|
||||||
|
|
@ -1,100 +0,0 @@
|
|||||||
From 304341d763f4293c7cc107e37d0ca0ac3741a560 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Kamil Dudka <kdudka@redhat.com>
|
|
||||||
Date: Wed, 11 Apr 2012 13:44:20 +0200
|
|
||||||
Subject: [PATCH] nss: provide human-readable names for NSS errors
|
|
||||||
|
|
||||||
[upstream commit a60edcc6]
|
|
||||||
|
|
||||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
|
||||||
---
|
|
||||||
lib/nss.c | 32 +++++++++++++++++++++++++-------
|
|
||||||
1 files changed, 25 insertions(+), 7 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/lib/nss.c b/lib/nss.c
|
|
||||||
index 16127ee..6002391 100644
|
|
||||||
--- a/lib/nss.c
|
|
||||||
+++ b/lib/nss.c
|
|
||||||
@@ -62,6 +62,7 @@
|
|
||||||
#include <certdb.h>
|
|
||||||
#include <base64.h>
|
|
||||||
#include <cert.h>
|
|
||||||
+#include <prerror.h>
|
|
||||||
|
|
||||||
#include "curl_memory.h"
|
|
||||||
#include "rawstr.h"
|
|
||||||
@@ -176,6 +177,15 @@ static const int enable_ciphers_by_default[] = {
|
|
||||||
static const char* pem_library = "libnsspem.so";
|
|
||||||
SECMODModule* mod = NULL;
|
|
||||||
|
|
||||||
+static const char* nss_error_to_name(PRErrorCode code)
|
|
||||||
+{
|
|
||||||
+ const char *name = PR_ErrorToName(code);
|
|
||||||
+ if(name)
|
|
||||||
+ return name;
|
|
||||||
+
|
|
||||||
+ return "unknown error";
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
static SECStatus set_ciphers(struct SessionHandle *data, PRFileDesc * model,
|
|
||||||
char *cipher_list)
|
|
||||||
{
|
|
||||||
@@ -548,8 +558,11 @@ static CURLcode cert_stuff(struct connectdata *conn, int sockindex,
|
|
||||||
if(cert_file) {
|
|
||||||
rv = nss_load_cert(&conn->ssl[sockindex], cert_file, PR_FALSE);
|
|
||||||
if(CURLE_OK != rv) {
|
|
||||||
- if(!display_error(conn, PR_GetError(), cert_file))
|
|
||||||
- failf(data, "Unable to load client cert %d.", PR_GetError());
|
|
||||||
+ const PRErrorCode err = PR_GetError();
|
|
||||||
+ if(!display_error(conn, err, cert_file)) {
|
|
||||||
+ const char *err_name = nss_error_to_name(err);
|
|
||||||
+ failf(data, "unable to load client cert: %d (%s)", err, err_name);
|
|
||||||
+ }
|
|
||||||
|
|
||||||
return rv;
|
|
||||||
}
|
|
||||||
@@ -562,8 +575,11 @@ static CURLcode cert_stuff(struct connectdata *conn, int sockindex,
|
|
||||||
/* In case the cert file also has the key */
|
|
||||||
rv = nss_load_key(conn, sockindex, cert_file);
|
|
||||||
if(CURLE_OK != rv) {
|
|
||||||
- if(!display_error(conn, PR_GetError(), key_file))
|
|
||||||
- failf(data, "Unable to load client key %d.", PR_GetError());
|
|
||||||
+ const PRErrorCode err = PR_GetError();
|
|
||||||
+ if(!display_error(conn, err, key_file)) {
|
|
||||||
+ const char *err_name = nss_error_to_name(err);
|
|
||||||
+ failf(data, "unable to load client key: %d (%s)", err, err_name);
|
|
||||||
+ }
|
|
||||||
|
|
||||||
return rv;
|
|
||||||
}
|
|
||||||
@@ -1448,7 +1464,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
|
|
||||||
if(handle_cc_error(err, data))
|
|
||||||
curlerr = CURLE_SSL_CERTPROBLEM;
|
|
||||||
else
|
|
||||||
- infof(data, "NSS error %d\n", err);
|
|
||||||
+ infof(data, "NSS error %d (%s)\n", err, nss_error_to_name(err));
|
|
||||||
|
|
||||||
if(model)
|
|
||||||
PR_Close(model);
|
|
||||||
@@ -1484,7 +1500,8 @@ static ssize_t nss_send(struct connectdata *conn, /* connection data */
|
|
||||||
else if(handle_cc_error(err, conn->data))
|
|
||||||
*curlcode = CURLE_SSL_CERTPROBLEM;
|
|
||||||
else {
|
|
||||||
- failf(conn->data, "SSL write: error %d", err);
|
|
||||||
+ const char *err_name = nss_error_to_name(err);
|
|
||||||
+ failf(conn->data, "SSL write: error %d (%s)", err, err_name);
|
|
||||||
*curlcode = CURLE_SEND_ERROR;
|
|
||||||
}
|
|
||||||
return -1;
|
|
||||||
@@ -1510,7 +1527,8 @@ static ssize_t nss_recv(struct connectdata * conn, /* connection data */
|
|
||||||
else if(handle_cc_error(err, conn->data))
|
|
||||||
*curlcode = CURLE_SSL_CERTPROBLEM;
|
|
||||||
else {
|
|
||||||
- failf(conn->data, "SSL read: errno %d", err);
|
|
||||||
+ const char *err_name = nss_error_to_name(err);
|
|
||||||
+ failf(conn->data, "SSL read: errno %d (%s)", err, err_name);
|
|
||||||
*curlcode = CURLE_RECV_ERROR;
|
|
||||||
}
|
|
||||||
return -1;
|
|
||||||
--
|
|
||||||
1.7.1
|
|
||||||
|
|
@ -6,7 +6,7 @@ diff --git a/configure b/configure
|
|||||||
index d3ecf69..6d8f085 100755
|
index d3ecf69..6d8f085 100755
|
||||||
--- a/configure
|
--- a/configure
|
||||||
+++ b/configure
|
+++ b/configure
|
||||||
@@ -15045,18 +15045,11 @@ $as_echo "yes" >&6; }
|
@@ -15084,18 +15084,11 @@ $as_echo "yes" >&6; }
|
||||||
gccvhi=`echo $gccver | cut -d . -f1`
|
gccvhi=`echo $gccver | cut -d . -f1`
|
||||||
gccvlo=`echo $gccver | cut -d . -f2`
|
gccvlo=`echo $gccver | cut -d . -f2`
|
||||||
compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`
|
compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`
|
||||||
@ -27,8 +27,8 @@ index d3ecf69..6d8f085 100755
|
|||||||
+ flags_opt_all=""
|
+ flags_opt_all=""
|
||||||
+ flags_opt_yes=""
|
+ flags_opt_yes=""
|
||||||
flags_opt_off="-O0"
|
flags_opt_off="-O0"
|
||||||
else
|
|
||||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
|
if test -z "$SED"; then
|
||||||
diff --git a/m4/curl-compilers.m4 b/m4/curl-compilers.m4
|
diff --git a/m4/curl-compilers.m4 b/m4/curl-compilers.m4
|
||||||
index 1ea4d17..868d65a 100644
|
index 1ea4d17..868d65a 100644
|
||||||
--- a/m4/curl-compilers.m4
|
--- a/m4/curl-compilers.m4
|
||||||
@ -54,5 +54,5 @@ index 1ea4d17..868d65a 100644
|
|||||||
+ flags_opt_all=""
|
+ flags_opt_all=""
|
||||||
+ flags_opt_yes=""
|
+ flags_opt_yes=""
|
||||||
flags_opt_off="-O0"
|
flags_opt_off="-O0"
|
||||||
|
CURL_CHECK_DEF([_WIN32], [], [silent])
|
||||||
else
|
else
|
||||||
AC_MSG_RESULT([no])
|
|
@ -19,7 +19,7 @@ diff --git a/tests/data/Makefile.in b/tests/data/Makefile.in
|
|||||||
index 435b126..1d71c4e 100644
|
index 435b126..1d71c4e 100644
|
||||||
--- a/tests/data/Makefile.in
|
--- a/tests/data/Makefile.in
|
||||||
+++ b/tests/data/Makefile.in
|
+++ b/tests/data/Makefile.in
|
||||||
@@ -326,7 +326,7 @@ test1078 test1079 test1080 test1081 test1082 test1083 test1084 test1085 \
|
@@ -332,7 +332,7 @@ test1078 test1079 test1080 test1081 test1082 test1083 test1084 test1085 \
|
||||||
test1086 test1087 test1088 test1089 test1090 test1091 test1092 test1093 \
|
test1086 test1087 test1088 test1089 test1090 test1091 test1092 test1093 \
|
||||||
test1094 test1095 test1096 test1097 test1098 test1099 test1100 test1101 \
|
test1094 test1095 test1096 test1097 test1098 test1099 test1100 test1101 \
|
||||||
test1102 test1103 test1104 test1105 test1106 test1107 test1108 test1109 \
|
test1102 test1103 test1104 test1105 test1106 test1107 test1108 test1109 \
|
@ -1,41 +0,0 @@
|
|||||||
--- curl/CHANGES
|
|
||||||
+++ curl/CHANGES
|
|
||||||
@@ -1388,7 +1388,7 @@ Daniel Stenberg (12 Dec 2011)
|
|
||||||
linking with a static openssl requires a set of more libs to be linked
|
|
||||||
on Windows.
|
|
||||||
|
|
||||||
- Thanks also to Steve Holme and Martin Storsjö for additional feedback.
|
|
||||||
+ Thanks also to Steve Holme and Martin Storsjö for additional feedback.
|
|
||||||
|
|
||||||
Bug: http://curl.haxx.se/mail/lib-2011-12/0063.html
|
|
||||||
Reported by: Ward Willats
|
|
||||||
@@ -2648,7 +2648,7 @@ Daniel Stenberg (25 Sep 2011)
|
|
||||||
damaging.
|
|
||||||
|
|
||||||
Bug: http://curl.haxx.se/bug/view.cgi?id=3413181
|
|
||||||
- Reported by: Taneli Vähäkangas
|
|
||||||
+ Reported by: Taneli Vähäkangas
|
|
||||||
|
|
||||||
Yang Tse (24 Sep 2011)
|
|
||||||
- curl tool: fix a compiler warning
|
|
||||||
@@ -5168,9 +5168,9 @@ Daniel Stenberg (12 Apr 2011)
|
|
||||||
- OpenSSL: no-sslv2 aware
|
|
||||||
|
|
||||||
Allow openSSL without SSL2 to be used. This fix is inspired by the fix
|
|
||||||
- provided by Cristian Rodríguez.
|
|
||||||
+ provided by Cristian RodrÃguez.
|
|
||||||
|
|
||||||
- Reported by: Cristian Rodríguez
|
|
||||||
+ Reported by: Cristian RodrÃguez
|
|
||||||
|
|
||||||
- curl_easy_setopt.3: CURLOPT_RESOLVE typo version
|
|
||||||
|
|
||||||
--- curl/README
|
|
||||||
+++ curl/README
|
|
||||||
@@ -45,5 +45,5 @@ GIT
|
|
||||||
NOTICE
|
|
||||||
|
|
||||||
Curl contains pieces of source code that is Copyright (c) 1998, 1999
|
|
||||||
- Kungliga Tekniska Högskolan. This notice is included here to comply with the
|
|
||||||
+ Kungliga Tekniska Högskolan. This notice is included here to comply with the
|
|
||||||
distribution terms.
|
|
95
0108-curl-7.26.0-utf8.patch
Normal file
95
0108-curl-7.26.0-utf8.patch
Normal file
@ -0,0 +1,95 @@
|
|||||||
|
CHANGES | 18 +++++++++---------
|
||||||
|
README | 2 +-
|
||||||
|
2 files changed, 10 insertions(+), 10 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/CHANGES b/CHANGES
|
||||||
|
index 2335841..d4d37c2 100644
|
||||||
|
--- a/CHANGES
|
||||||
|
+++ b/CHANGES
|
||||||
|
@@ -604,18 +604,18 @@ Daniel Stenberg (1 Apr 2012)
|
||||||
|
Reported by: Michael Wallner
|
||||||
|
|
||||||
|
Steve Holme (31 Mar 2012)
|
||||||
|
-- [Gökhan Şengün brought this change]
|
||||||
|
+- [Gökhan Şengün brought this change]
|
||||||
|
|
||||||
|
smtp: Add support for DIGEST-MD5 authentication
|
||||||
|
|
||||||
|
-- [Gökhan Şengün brought this change]
|
||||||
|
+- [Gökhan Şengün brought this change]
|
||||||
|
|
||||||
|
smtp: Cody tidy up of md5 digest length
|
||||||
|
|
||||||
|
Replaced the hard coded md5 digest length (16) with a preprocessor
|
||||||
|
constant
|
||||||
|
|
||||||
|
-- [Gökhan Şengün brought this change]
|
||||||
|
+- [Gökhan Şengün brought this change]
|
||||||
|
|
||||||
|
md5: Add support for calculating the md5 sum of buffers incrementally
|
||||||
|
|
||||||
|
@@ -1913,7 +1913,7 @@ Daniel Stenberg (20 Dec 2011)
|
||||||
|
This offers an alternative to the existing Curl_socket_ready() API which
|
||||||
|
only checks one socket for read and one for write.
|
||||||
|
|
||||||
|
-- [CeÌ<65>dric Deltheil brought this change]
|
||||||
|
+- [CeÃŒÂ<C592>dric Deltheil brought this change]
|
||||||
|
|
||||||
|
curl.h: add __ANDROID__ macro check
|
||||||
|
|
||||||
|
@@ -2126,7 +2126,7 @@ Daniel Stenberg (12 Dec 2011)
|
||||||
|
linking with a static openssl requires a set of more libs to be linked
|
||||||
|
on Windows.
|
||||||
|
|
||||||
|
- Thanks also to Steve Holme and Martin Storsjö for additional feedback.
|
||||||
|
+ Thanks also to Steve Holme and Martin Storsjö for additional feedback.
|
||||||
|
|
||||||
|
Bug: http://curl.haxx.se/mail/lib-2011-12/0063.html
|
||||||
|
Reported by: Ward Willats
|
||||||
|
@@ -3386,7 +3386,7 @@ Daniel Stenberg (25 Sep 2011)
|
||||||
|
damaging.
|
||||||
|
|
||||||
|
Bug: http://curl.haxx.se/bug/view.cgi?id=3413181
|
||||||
|
- Reported by: Taneli Vähäkangas
|
||||||
|
+ Reported by: Taneli Vähäkangas
|
||||||
|
|
||||||
|
Yang Tse (24 Sep 2011)
|
||||||
|
- curl tool: fix a compiler warning
|
||||||
|
@@ -4386,7 +4386,7 @@ Daniel Stenberg (8 Aug 2011)
|
||||||
|
Update the phrasing to reflect our more strict interpretation:
|
||||||
|
http://curl.haxx.se/mail/lib-2011-08/0064.html
|
||||||
|
|
||||||
|
-- [Cristian RodrÃguez brought this change]
|
||||||
|
+- [Cristian RodrÃÂguez brought this change]
|
||||||
|
|
||||||
|
OpenSSL: Use SSL_MODE_RELEASE_BUFFERS if available, reduces memory use
|
||||||
|
|
||||||
|
@@ -4394,7 +4394,7 @@ Daniel Stenberg (8 Aug 2011)
|
||||||
|
http://www.openssl.org/docs/ssl/SSL_CTX_set_mode.html
|
||||||
|
http://www.imperialviolet.org/2010/06/25/overclocking-ssl.html
|
||||||
|
|
||||||
|
- Signed-off-by: Cristian RodrÃguez <crrodriguez@opensuse.org>
|
||||||
|
+ Signed-off-by: Cristian RodrÃÂguez <crrodriguez@opensuse.org>
|
||||||
|
|
||||||
|
- TODO-RELEASE: close issue #292
|
||||||
|
|
||||||
|
@@ -4428,7 +4428,7 @@ Daniel Stenberg (6 Aug 2011)
|
||||||
|
provided" by Christian H<E4>gele
|
||||||
|
http://curl.haxx.se/mail/lib-2011-08/0009.html
|
||||||
|
|
||||||
|
-- [Christian Hägele brought this change]
|
||||||
|
+- [Christian Hägele brought this change]
|
||||||
|
|
||||||
|
asyn-thread: check for dotted addresses before thread starts
|
||||||
|
|
||||||
|
diff --git a/README b/README
|
||||||
|
index 2ffacc3..cfd6760 100644
|
||||||
|
--- a/README
|
||||||
|
+++ b/README
|
||||||
|
@@ -45,5 +45,5 @@ GIT
|
||||||
|
NOTICE
|
||||||
|
|
||||||
|
Curl contains pieces of source code that is Copyright (c) 1998, 1999
|
||||||
|
- Kungliga Tekniska Högskolan. This notice is included here to comply with the
|
||||||
|
+ Kungliga Tekniska Högskolan. This notice is included here to comply with the
|
||||||
|
distribution terms.
|
@ -1,7 +0,0 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
Version: GnuPG v1.4.11 (GNU/Linux)
|
|
||||||
|
|
||||||
iEYEABECAAYFAk8eczoACgkQeOEcayedXJFoKACfUI6eBzthDt9SaQHF+uqXUIVS
|
|
||||||
ewEAoM1e4Cuwt8vjL/6m4sEZSaaJ0Jp+
|
|
||||||
=SL4u
|
|
||||||
-----END PGP SIGNATURE-----
|
|
7
curl-7.26.0.tar.lzma.asc
Normal file
7
curl-7.26.0.tar.lzma.asc
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
Version: GnuPG v1.4.12 (GNU/Linux)
|
||||||
|
|
||||||
|
iEYEABECAAYFAk++XP4ACgkQeOEcayedXJGItwCgtc6ECD4l6E7Q4ZEJDOzBB5bQ
|
||||||
|
LWoAoLFWWUbcd+sBu/+s6fOGxgETHqT2
|
||||||
|
=4I4f
|
||||||
|
-----END PGP SIGNATURE-----
|
23
curl.spec
23
curl.spec
@ -1,30 +1,24 @@
|
|||||||
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
||||||
Name: curl
|
Name: curl
|
||||||
Version: 7.25.0
|
Version: 7.26.0
|
||||||
Release: 3%{?dist}
|
Release: 1%{?dist}
|
||||||
License: MIT
|
License: MIT
|
||||||
Group: Applications/Internet
|
Group: Applications/Internet
|
||||||
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
|
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
|
||||||
Source2: curlbuild.h
|
Source2: curlbuild.h
|
||||||
Source3: hide_selinux.c
|
Source3: hide_selinux.c
|
||||||
|
|
||||||
# use NSS_InitContext() to initialize NSS if available (#738456)
|
|
||||||
Patch1: 0001-curl-7.25.0-20cb12db.patch
|
|
||||||
|
|
||||||
# provide human-readable names for NSS errors (upstream commit a60edcc6)
|
|
||||||
Patch2: 0002-curl-7.25.0-a60edcc6.patch
|
|
||||||
|
|
||||||
# patch making libcurl multilib ready
|
# patch making libcurl multilib ready
|
||||||
Patch101: 0101-curl-7.25.0-multilib.patch
|
Patch101: 0101-curl-7.25.0-multilib.patch
|
||||||
|
|
||||||
# prevent configure script from discarding -g in CFLAGS (#496778)
|
# prevent configure script from discarding -g in CFLAGS (#496778)
|
||||||
Patch102: 0102-curl-7.25.0-debug.patch
|
Patch102: 0102-curl-7.26.0-debug.patch
|
||||||
|
|
||||||
# use localhost6 instead of ip6-localhost in the curl test-suite
|
# use localhost6 instead of ip6-localhost in the curl test-suite
|
||||||
Patch104: 0104-curl-7.19.7-localhost6.patch
|
Patch104: 0104-curl-7.19.7-localhost6.patch
|
||||||
|
|
||||||
# exclude test1112 from the test suite (#565305)
|
# exclude test1112 from the test suite (#565305)
|
||||||
Patch105: 0105-curl-7.21.3-disable-test1112.patch
|
Patch105: 0105-curl-7.26.0-disable-test1112.patch
|
||||||
|
|
||||||
# disable valgrind for certain test-cases (libssh2 problem)
|
# disable valgrind for certain test-cases (libssh2 problem)
|
||||||
Patch106: 0106-curl-7.21.0-libssh2-valgrind.patch
|
Patch106: 0106-curl-7.21.0-libssh2-valgrind.patch
|
||||||
@ -34,7 +28,7 @@ Patch107: 0107-curl-7.21.4-libidn-valgrind.patch
|
|||||||
|
|
||||||
# Fix character encoding of docs, which are of mixed encoding originally so
|
# Fix character encoding of docs, which are of mixed encoding originally so
|
||||||
# a simple iconv can't fix them
|
# a simple iconv can't fix them
|
||||||
Patch108: 0108-curl-7.25.0-utf8.patch
|
Patch108: 0108-curl-7.26.0-utf8.patch
|
||||||
|
|
||||||
Provides: webclient
|
Provides: webclient
|
||||||
URL: http://curl.haxx.se/
|
URL: http://curl.haxx.se/
|
||||||
@ -109,10 +103,6 @@ documentation of the library, too.
|
|||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
|
|
||||||
# upstream patches
|
|
||||||
%patch1 -p1
|
|
||||||
%patch2 -p1
|
|
||||||
|
|
||||||
# Fedora patches
|
# Fedora patches
|
||||||
%patch101 -p1
|
%patch101 -p1
|
||||||
%patch102 -p1
|
%patch102 -p1
|
||||||
@ -228,6 +218,9 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
%{_datadir}/aclocal/libcurl.m4
|
%{_datadir}/aclocal/libcurl.m4
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri May 25 2012 Kamil Dudka <kdudka@redhat.com> 7.26.0-1
|
||||||
|
- new upstream release
|
||||||
|
|
||||||
* Wed Apr 25 2012 Karsten Hopp <karsten@redhat.com> 7.25.0-3
|
* Wed Apr 25 2012 Karsten Hopp <karsten@redhat.com> 7.25.0-3
|
||||||
- valgrind on ppc64 works fine, disable ppc32 only
|
- valgrind on ppc64 works fine, disable ppc32 only
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user