update to 7.19.3, patch fixing 7.19.3 curl/nss bugs
This commit is contained in:
parent
d9f5cbe057
commit
3f810df7b4
@ -1 +1,2 @@
|
|||||||
curl-7.18.2.tar.bz2
|
curl-7.18.2.tar.bz2
|
||||||
|
curl-7.19.3.tar.bz2
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
diff -up curl-7.17.1/lib/ftp.c.badsocket curl-7.17.1/lib/ftp.c
|
diff -ruNp curl-7.19.3.orig/lib/ftp.c curl-7.19.3/lib/ftp.c
|
||||||
--- curl-7.17.1/lib/ftp.c.badsocket 2007-10-27 00:25:19.000000000 +0200
|
--- curl-7.19.3.orig/lib/ftp.c 2009-02-11 10:57:33.334280000 +0100
|
||||||
+++ curl-7.17.1/lib/ftp.c 2008-01-08 15:09:03.000000000 +0100
|
+++ curl-7.19.3/lib/ftp.c 2009-02-11 10:59:43.957585266 +0100
|
||||||
@@ -3228,7 +3228,8 @@ static CURLcode Curl_ftp_done(struct con
|
@@ -3222,7 +3222,8 @@ static CURLcode ftp_done(struct connectd
|
||||||
/* Note that we keep "use" set to TRUE since that (next) connection is
|
/* Note that we keep "use" set to TRUE since that (next) connection is
|
||||||
still requested to use SSL */
|
still requested to use SSL */
|
||||||
}
|
}
|
||||||
@ -10,4 +10,4 @@ diff -up curl-7.17.1/lib/ftp.c.badsocket curl-7.17.1/lib/ftp.c
|
|||||||
+ sclose(conn->sock[SECONDARYSOCKET]);
|
+ sclose(conn->sock[SECONDARYSOCKET]);
|
||||||
|
|
||||||
conn->sock[SECONDARYSOCKET] = CURL_SOCKET_BAD;
|
conn->sock[SECONDARYSOCKET] = CURL_SOCKET_BAD;
|
||||||
|
}
|
||||||
|
@ -1,133 +0,0 @@
|
|||||||
--- curl-7.18.2/lib/nss.c.orig 2008-12-03 16:39:41.000000000 -0500
|
|
||||||
+++ curl-7.18.2/lib/nss.c 2008-12-03 18:26:06.000000000 -0500
|
|
||||||
@@ -73,6 +73,8 @@
|
|
||||||
|
|
||||||
PRFileDesc *PR_ImportTCPSocket(PRInt32 osfd);
|
|
||||||
|
|
||||||
+PRLock * nss_initlock = NULL;
|
|
||||||
+
|
|
||||||
int initialized = 0;
|
|
||||||
|
|
||||||
#define HANDSHAKE_TIMEOUT 30
|
|
||||||
@@ -229,6 +231,23 @@
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
+ * Get the number of ciphers that are enabled. We use this to determine
|
|
||||||
+ * if we need to call NSS_SetDomesticPolicy() to enable the default ciphers.
|
|
||||||
+ */
|
|
||||||
+static int num_enabled_ciphers() {
|
|
||||||
+ PRInt32 policy = 0;
|
|
||||||
+ int count = 0;
|
|
||||||
+ int i;
|
|
||||||
+
|
|
||||||
+ for(i=0; i<ciphernum; i++) {
|
|
||||||
+ SSL_CipherPolicyGet(cipherlist[i].num, &policy);
|
|
||||||
+ if(policy)
|
|
||||||
+ count++;
|
|
||||||
+ }
|
|
||||||
+ return count;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+/*
|
|
||||||
* Determine whether the nickname passed in is a filename that needs to
|
|
||||||
* be loaded as a PEM or a regular NSS nickname.
|
|
||||||
*
|
|
||||||
@@ -719,8 +738,11 @@
|
|
||||||
*/
|
|
||||||
int Curl_nss_init(void)
|
|
||||||
{
|
|
||||||
- if(!initialized)
|
|
||||||
+ /* curl_global_init() is not thread-safe so this test is ok */
|
|
||||||
+ if (nss_initlock == NULL) {
|
|
||||||
PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 256);
|
|
||||||
+ nss_initlock = PR_NewLock();
|
|
||||||
+ }
|
|
||||||
|
|
||||||
/* We will actually initialize NSS later */
|
|
||||||
|
|
||||||
@@ -730,7 +752,17 @@
|
|
||||||
/* Global cleanup */
|
|
||||||
void Curl_nss_cleanup(void)
|
|
||||||
{
|
|
||||||
- NSS_Shutdown();
|
|
||||||
+ /* This function isn't required to be threadsafe and this is only done
|
|
||||||
+ * as a safety feature.
|
|
||||||
+ */
|
|
||||||
+ PR_Lock(nss_initlock);
|
|
||||||
+ if (initialized)
|
|
||||||
+ NSS_Shutdown();
|
|
||||||
+ PR_Unlock(nss_initlock);
|
|
||||||
+
|
|
||||||
+ PR_DestroyLock(nss_initlock);
|
|
||||||
+ nss_initlock = NULL;
|
|
||||||
+
|
|
||||||
initialized = 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -801,6 +833,7 @@
|
|
||||||
#endif
|
|
||||||
char *certDir = NULL;
|
|
||||||
int curlerr;
|
|
||||||
+ int policy;
|
|
||||||
|
|
||||||
curlerr = CURLE_SSL_CONNECT_ERROR;
|
|
||||||
|
|
||||||
@@ -808,9 +841,8 @@
|
|
||||||
return CURLE_OK;
|
|
||||||
|
|
||||||
/* FIXME. NSS doesn't support multiple databases open at the same time. */
|
|
||||||
+ PR_Lock(nss_initlock);
|
|
||||||
if(!initialized) {
|
|
||||||
- initialized = 1;
|
|
||||||
-
|
|
||||||
certDir = getenv("SSL_DIR"); /* Look in $SSL_DIR */
|
|
||||||
|
|
||||||
if(!certDir) {
|
|
||||||
@@ -822,20 +854,25 @@
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
- if(!certDir) {
|
|
||||||
- rv = NSS_NoDB_Init(NULL);
|
|
||||||
- }
|
|
||||||
- else {
|
|
||||||
- rv = NSS_Initialize(certDir, NULL, NULL, "secmod.db",
|
|
||||||
- NSS_INIT_READONLY);
|
|
||||||
- }
|
|
||||||
- if(rv != SECSuccess) {
|
|
||||||
- infof(conn->data, "Unable to initialize NSS database\n");
|
|
||||||
- curlerr = CURLE_SSL_CACERT_BADFILE;
|
|
||||||
- goto error;
|
|
||||||
+ if (!NSS_IsInitialized()) {
|
|
||||||
+ initialized = 1;
|
|
||||||
+ if(!certDir) {
|
|
||||||
+ rv = NSS_NoDB_Init(NULL);
|
|
||||||
+ }
|
|
||||||
+ else {
|
|
||||||
+ rv = NSS_Initialize(certDir, NULL, NULL, "secmod.db",
|
|
||||||
+ NSS_INIT_READONLY);
|
|
||||||
+ }
|
|
||||||
+ if(rv != SECSuccess) {
|
|
||||||
+ infof(conn->data, "Unable to initialize NSS database\n");
|
|
||||||
+ curlerr = CURLE_SSL_CACERT_BADFILE;
|
|
||||||
+ PR_Unlock(nss_initlock);
|
|
||||||
+ initialized = 0;
|
|
||||||
+ goto error;
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
-
|
|
||||||
- NSS_SetDomesticPolicy();
|
|
||||||
+ if(num_enabled_ciphers() == 0)
|
|
||||||
+ NSS_SetDomesticPolicy();
|
|
||||||
|
|
||||||
#ifdef HAVE_PK11_CREATEGENERICOBJECT
|
|
||||||
configstring = (char *)malloc(PATH_MAX);
|
|
||||||
@@ -854,6 +891,7 @@
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
}
|
|
||||||
+ PR_Unlock(nss_initlock);
|
|
||||||
|
|
||||||
model = PR_NewTCPSocket();
|
|
||||||
if(!model)
|
|
@ -1,13 +0,0 @@
|
|||||||
diff -up curl-7.18.2/lib/nss.c.nssproxy curl-7.18.2/lib/nss.c
|
|
||||||
--- curl-7.18.2/lib/nss.c.nssproxy 2008-05-26 17:02:49.000000000 +0200
|
|
||||||
+++ curl-7.18.2/lib/nss.c 2008-06-18 07:59:52.000000000 +0200
|
|
||||||
@@ -804,6 +804,9 @@ CURLcode Curl_nss_connect(struct connect
|
|
||||||
|
|
||||||
curlerr = CURLE_SSL_CONNECT_ERROR;
|
|
||||||
|
|
||||||
+ if (connssl->state == ssl_connection_complete)
|
|
||||||
+ return CURLE_OK;
|
|
||||||
+
|
|
||||||
/* FIXME. NSS doesn't support multiple databases open at the same time. */
|
|
||||||
if(!initialized) {
|
|
||||||
initialized = 1;
|
|
22
curl-7.19.3-nss-fix.patch
Normal file
22
curl-7.19.3-nss-fix.patch
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
diff -ruNp curl-7.19.3.orig/lib/nss.c curl-7.19.3/lib/nss.c
|
||||||
|
--- curl-7.19.3.orig/lib/nss.c 2009-01-07 15:12:01.000000000 +0100
|
||||||
|
+++ curl-7.19.3/lib/nss.c 2009-02-16 11:39:41.912075708 +0100
|
||||||
|
@@ -1140,7 +1140,7 @@ CURLcode Curl_nss_connect(struct connect
|
||||||
|
n = strrchr(data->set.str[STRING_CERT], '/');
|
||||||
|
if(n) {
|
||||||
|
n++; /* skip last slash */
|
||||||
|
- nickname = aprintf(nickname, "PEM Token #%d:%s", 1, n);
|
||||||
|
+ nickname = aprintf("PEM Token #%d:%s", 1, n);
|
||||||
|
if(!nickname)
|
||||||
|
return CURLE_OUT_OF_MEMORY;
|
||||||
|
|
||||||
|
@@ -1171,7 +1171,8 @@ CURLcode Curl_nss_connect(struct connect
|
||||||
|
|
||||||
|
if(SSL_GetClientAuthDataHook(model,
|
||||||
|
(SSLGetClientAuthData) SelectClientCert,
|
||||||
|
- (void *)connssl) != SECSuccess) {
|
||||||
|
+ (void *)connssl->client_nickname) !=
|
||||||
|
+ SECSuccess) {
|
||||||
|
curlerr = CURLE_SSL_CERTPROBLEM;
|
||||||
|
goto error;
|
||||||
|
}
|
14
curl.spec
14
curl.spec
@ -1,15 +1,14 @@
|
|||||||
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
||||||
Name: curl
|
Name: curl
|
||||||
Version: 7.18.2
|
Version: 7.19.3
|
||||||
Release: 9%{?dist}
|
Release: 1%{?dist}
|
||||||
License: MIT
|
License: MIT
|
||||||
Group: Applications/Internet
|
Group: Applications/Internet
|
||||||
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.bz2
|
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.bz2
|
||||||
Patch1: curl-7.15.3-multilib.patch
|
Patch1: curl-7.15.3-multilib.patch
|
||||||
Patch2: curl-7.16.0-privlibs.patch
|
Patch2: curl-7.16.0-privlibs.patch
|
||||||
Patch3: curl-7.17.1-badsocket.patch
|
Patch3: curl-7.17.1-badsocket.patch
|
||||||
Patch4: curl-7.18.2-nssproxy.patch
|
Patch4: curl-7.19.3-nss-fix.patch
|
||||||
Patch5: curl-7.18.2-nss-init.patch
|
|
||||||
Provides: webclient
|
Provides: webclient
|
||||||
URL: http://curl.haxx.se/
|
URL: http://curl.haxx.se/
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||||
@ -50,8 +49,7 @@ use cURL's capabilities internally.
|
|||||||
%patch1 -p1 -b .multilib
|
%patch1 -p1 -b .multilib
|
||||||
%patch2 -p1 -b .privlibs
|
%patch2 -p1 -b .privlibs
|
||||||
%patch3 -p1 -b .badsocket
|
%patch3 -p1 -b .badsocket
|
||||||
%patch4 -p1 -b .nssproxy
|
%patch4 -p1 -b .nssfix
|
||||||
%patch5 -p1 -b .nssinit
|
|
||||||
|
|
||||||
# Convert docs to UTF-8
|
# Convert docs to UTF-8
|
||||||
for f in CHANGES README; do
|
for f in CHANGES README; do
|
||||||
@ -120,6 +118,10 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
%{_datadir}/aclocal/libcurl.m4
|
%{_datadir}/aclocal/libcurl.m4
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Feb 17 2009 Kamil Dudka <kdudka@redhat.com> 7.19.3-1
|
||||||
|
- update to 7.19.3, dropped applied nss patches
|
||||||
|
- add patch fixing 7.19.3 curl/nss bugs
|
||||||
|
|
||||||
* Mon Dec 15 2008 Jindrich Novy <jnovy@redhat.com> 7.18.2-9
|
* Mon Dec 15 2008 Jindrich Novy <jnovy@redhat.com> 7.18.2-9
|
||||||
- rebuild for f10/rawhide cvs tag clashes
|
- rebuild for f10/rawhide cvs tag clashes
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user