From 3f810df7b47e7f6ade640c0914f57b5e576d7049 Mon Sep 17 00:00:00 2001 From: Kamil Dudka Date: Tue, 17 Feb 2009 11:31:20 +0000 Subject: [PATCH] update to 7.19.3, patch fixing 7.19.3 curl/nss bugs --- .cvsignore | 1 + curl-7.17.1-badsocket.patch | 24 +++---- curl-7.18.2-nss-init.patch | 133 ------------------------------------ curl-7.18.2-nssproxy.patch | 13 ---- curl-7.19.3-nss-fix.patch | 22 ++++++ curl.spec | 14 ++-- sources | 2 +- 7 files changed, 44 insertions(+), 165 deletions(-) delete mode 100644 curl-7.18.2-nss-init.patch delete mode 100644 curl-7.18.2-nssproxy.patch create mode 100644 curl-7.19.3-nss-fix.patch diff --git a/.cvsignore b/.cvsignore index 34b49b1..7968136 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1,2 @@ curl-7.18.2.tar.bz2 +curl-7.19.3.tar.bz2 diff --git a/curl-7.17.1-badsocket.patch b/curl-7.17.1-badsocket.patch index 7f092ae..86cdab4 100644 --- a/curl-7.17.1-badsocket.patch +++ b/curl-7.17.1-badsocket.patch @@ -1,13 +1,13 @@ -diff -up curl-7.17.1/lib/ftp.c.badsocket curl-7.17.1/lib/ftp.c ---- curl-7.17.1/lib/ftp.c.badsocket 2007-10-27 00:25:19.000000000 +0200 -+++ curl-7.17.1/lib/ftp.c 2008-01-08 15:09:03.000000000 +0100 -@@ -3228,7 +3228,8 @@ static CURLcode Curl_ftp_done(struct con - /* Note that we keep "use" set to TRUE since that (next) connection is - still requested to use SSL */ +diff -ruNp curl-7.19.3.orig/lib/ftp.c curl-7.19.3/lib/ftp.c +--- curl-7.19.3.orig/lib/ftp.c 2009-02-11 10:57:33.334280000 +0100 ++++ curl-7.19.3/lib/ftp.c 2009-02-11 10:59:43.957585266 +0100 +@@ -3222,7 +3222,8 @@ static CURLcode ftp_done(struct connectd + /* Note that we keep "use" set to TRUE since that (next) connection is + still requested to use SSL */ + } +- sclose(conn->sock[SECONDARYSOCKET]); ++ if(CURL_SOCKET_BAD != conn->sock[SECONDARYSOCKET]) ++ sclose(conn->sock[SECONDARYSOCKET]); + + conn->sock[SECONDARYSOCKET] = CURL_SOCKET_BAD; } -- sclose(conn->sock[SECONDARYSOCKET]); -+ if(CURL_SOCKET_BAD != conn->sock[SECONDARYSOCKET]) -+ sclose(conn->sock[SECONDARYSOCKET]); - - conn->sock[SECONDARYSOCKET] = CURL_SOCKET_BAD; - diff --git a/curl-7.18.2-nss-init.patch b/curl-7.18.2-nss-init.patch deleted file mode 100644 index 15d5316..0000000 --- a/curl-7.18.2-nss-init.patch +++ /dev/null @@ -1,133 +0,0 @@ ---- curl-7.18.2/lib/nss.c.orig 2008-12-03 16:39:41.000000000 -0500 -+++ curl-7.18.2/lib/nss.c 2008-12-03 18:26:06.000000000 -0500 -@@ -73,6 +73,8 @@ - - PRFileDesc *PR_ImportTCPSocket(PRInt32 osfd); - -+PRLock * nss_initlock = NULL; -+ - int initialized = 0; - - #define HANDSHAKE_TIMEOUT 30 -@@ -229,6 +231,23 @@ - } - - /* -+ * Get the number of ciphers that are enabled. We use this to determine -+ * if we need to call NSS_SetDomesticPolicy() to enable the default ciphers. -+ */ -+static int num_enabled_ciphers() { -+ PRInt32 policy = 0; -+ int count = 0; -+ int i; -+ -+ for(i=0; idata, "Unable to initialize NSS database\n"); -- curlerr = CURLE_SSL_CACERT_BADFILE; -- goto error; -+ if (!NSS_IsInitialized()) { -+ initialized = 1; -+ if(!certDir) { -+ rv = NSS_NoDB_Init(NULL); -+ } -+ else { -+ rv = NSS_Initialize(certDir, NULL, NULL, "secmod.db", -+ NSS_INIT_READONLY); -+ } -+ if(rv != SECSuccess) { -+ infof(conn->data, "Unable to initialize NSS database\n"); -+ curlerr = CURLE_SSL_CACERT_BADFILE; -+ PR_Unlock(nss_initlock); -+ initialized = 0; -+ goto error; -+ } - } -- -- NSS_SetDomesticPolicy(); -+ if(num_enabled_ciphers() == 0) -+ NSS_SetDomesticPolicy(); - - #ifdef HAVE_PK11_CREATEGENERICOBJECT - configstring = (char *)malloc(PATH_MAX); -@@ -854,6 +891,7 @@ - } - #endif - } -+ PR_Unlock(nss_initlock); - - model = PR_NewTCPSocket(); - if(!model) diff --git a/curl-7.18.2-nssproxy.patch b/curl-7.18.2-nssproxy.patch deleted file mode 100644 index 9d88d02..0000000 --- a/curl-7.18.2-nssproxy.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff -up curl-7.18.2/lib/nss.c.nssproxy curl-7.18.2/lib/nss.c ---- curl-7.18.2/lib/nss.c.nssproxy 2008-05-26 17:02:49.000000000 +0200 -+++ curl-7.18.2/lib/nss.c 2008-06-18 07:59:52.000000000 +0200 -@@ -804,6 +804,9 @@ CURLcode Curl_nss_connect(struct connect - - curlerr = CURLE_SSL_CONNECT_ERROR; - -+ if (connssl->state == ssl_connection_complete) -+ return CURLE_OK; -+ - /* FIXME. NSS doesn't support multiple databases open at the same time. */ - if(!initialized) { - initialized = 1; diff --git a/curl-7.19.3-nss-fix.patch b/curl-7.19.3-nss-fix.patch new file mode 100644 index 0000000..03c72e4 --- /dev/null +++ b/curl-7.19.3-nss-fix.patch @@ -0,0 +1,22 @@ +diff -ruNp curl-7.19.3.orig/lib/nss.c curl-7.19.3/lib/nss.c +--- curl-7.19.3.orig/lib/nss.c 2009-01-07 15:12:01.000000000 +0100 ++++ curl-7.19.3/lib/nss.c 2009-02-16 11:39:41.912075708 +0100 +@@ -1140,7 +1140,7 @@ CURLcode Curl_nss_connect(struct connect + n = strrchr(data->set.str[STRING_CERT], '/'); + if(n) { + n++; /* skip last slash */ +- nickname = aprintf(nickname, "PEM Token #%d:%s", 1, n); ++ nickname = aprintf("PEM Token #%d:%s", 1, n); + if(!nickname) + return CURLE_OUT_OF_MEMORY; + +@@ -1171,7 +1171,8 @@ CURLcode Curl_nss_connect(struct connect + + if(SSL_GetClientAuthDataHook(model, + (SSLGetClientAuthData) SelectClientCert, +- (void *)connssl) != SECSuccess) { ++ (void *)connssl->client_nickname) != ++ SECSuccess) { + curlerr = CURLE_SSL_CERTPROBLEM; + goto error; + } diff --git a/curl.spec b/curl.spec index f1a2cd2..a37a382 100644 --- a/curl.spec +++ b/curl.spec @@ -1,15 +1,14 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl -Version: 7.18.2 -Release: 9%{?dist} +Version: 7.19.3 +Release: 1%{?dist} License: MIT Group: Applications/Internet Source: http://curl.haxx.se/download/%{name}-%{version}.tar.bz2 Patch1: curl-7.15.3-multilib.patch Patch2: curl-7.16.0-privlibs.patch Patch3: curl-7.17.1-badsocket.patch -Patch4: curl-7.18.2-nssproxy.patch -Patch5: curl-7.18.2-nss-init.patch +Patch4: curl-7.19.3-nss-fix.patch Provides: webclient URL: http://curl.haxx.se/ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -50,8 +49,7 @@ use cURL's capabilities internally. %patch1 -p1 -b .multilib %patch2 -p1 -b .privlibs %patch3 -p1 -b .badsocket -%patch4 -p1 -b .nssproxy -%patch5 -p1 -b .nssinit +%patch4 -p1 -b .nssfix # Convert docs to UTF-8 for f in CHANGES README; do @@ -120,6 +118,10 @@ rm -rf $RPM_BUILD_ROOT %{_datadir}/aclocal/libcurl.m4 %changelog +* Tue Feb 17 2009 Kamil Dudka 7.19.3-1 +- update to 7.19.3, dropped applied nss patches +- add patch fixing 7.19.3 curl/nss bugs + * Mon Dec 15 2008 Jindrich Novy 7.18.2-9 - rebuild for f10/rawhide cvs tag clashes diff --git a/sources b/sources index 6dd9ba5..9e320af 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -c389be5b0525276e58865956b7465562 curl-7.18.2.tar.bz2 +10eb8c13350c735eff20d7b4530be8cd curl-7.19.3.tar.bz2