- update to 7.19.4 (fixes CVE-2009-0037)
- fix leak in curl_easy* functions, thanks to Kamil Dudka - drop nss-fix patch, applied upstream
This commit is contained in:
parent
b3c04e1d32
commit
5144908d02
@ -1,2 +1 @@
|
||||
curl-7.18.2.tar.bz2
|
||||
curl-7.19.3.tar.bz2
|
||||
curl-7.19.4.tar.bz2
|
||||
|
@ -1,22 +0,0 @@
|
||||
diff -ruNp curl-7.19.3.orig/lib/nss.c curl-7.19.3/lib/nss.c
|
||||
--- curl-7.19.3.orig/lib/nss.c 2009-01-07 15:12:01.000000000 +0100
|
||||
+++ curl-7.19.3/lib/nss.c 2009-02-16 11:39:41.912075708 +0100
|
||||
@@ -1140,7 +1140,7 @@ CURLcode Curl_nss_connect(struct connect
|
||||
n = strrchr(data->set.str[STRING_CERT], '/');
|
||||
if(n) {
|
||||
n++; /* skip last slash */
|
||||
- nickname = aprintf(nickname, "PEM Token #%d:%s", 1, n);
|
||||
+ nickname = aprintf("PEM Token #%d:%s", 1, n);
|
||||
if(!nickname)
|
||||
return CURLE_OUT_OF_MEMORY;
|
||||
|
||||
@@ -1171,7 +1171,8 @@ CURLcode Curl_nss_connect(struct connect
|
||||
|
||||
if(SSL_GetClientAuthDataHook(model,
|
||||
(SSLGetClientAuthData) SelectClientCert,
|
||||
- (void *)connssl) != SECSuccess) {
|
||||
+ (void *)connssl->client_nickname) !=
|
||||
+ SECSuccess) {
|
||||
curlerr = CURLE_SSL_CERTPROBLEM;
|
||||
goto error;
|
||||
}
|
36
curl-7.19.4-easy-leak.patch
Normal file
36
curl-7.19.4-easy-leak.patch
Normal file
@ -0,0 +1,36 @@
|
||||
diff -up curl-7.19.4/lib/easy.c.easy-leak curl-7.19.4/lib/easy.c
|
||||
--- curl-7.19.4/lib/easy.c.easy-leak 2009-01-29 21:41:51.000000000 +0100
|
||||
+++ curl-7.19.4/lib/easy.c 2009-03-03 07:54:58.000000000 +0100
|
||||
@@ -352,13 +352,11 @@ CURL *curl_easy_init(void)
|
||||
struct SessionHandle *data;
|
||||
|
||||
/* Make sure we inited the global SSL stuff */
|
||||
- if(!initialized) {
|
||||
- res = curl_global_init(CURL_GLOBAL_DEFAULT);
|
||||
- if(res) {
|
||||
- /* something in the global init failed, return nothing */
|
||||
- DEBUGF(fprintf(stderr, "Error: curl_global_init failed\n"));
|
||||
- return NULL;
|
||||
- }
|
||||
+ res = curl_global_init(CURL_GLOBAL_DEFAULT);
|
||||
+ if(res) {
|
||||
+ /* something in the global init failed, return nothing */
|
||||
+ DEBUGF(fprintf(stderr, "Error: curl_global_init failed\n"));
|
||||
+ return NULL;
|
||||
}
|
||||
|
||||
/* We use curl_open() with undefined URL so far */
|
||||
@@ -549,10 +547,10 @@ void curl_easy_cleanup(CURL *curl)
|
||||
{
|
||||
struct SessionHandle *data = (struct SessionHandle *)curl;
|
||||
|
||||
- if(!data)
|
||||
- return;
|
||||
+ if(data)
|
||||
+ Curl_close(data);
|
||||
|
||||
- Curl_close(data);
|
||||
+ curl_global_cleanup();
|
||||
}
|
||||
|
||||
/*
|
13
curl.spec
13
curl.spec
@ -1,14 +1,14 @@
|
||||
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
||||
Name: curl
|
||||
Version: 7.19.3
|
||||
Release: 2%{?dist}
|
||||
Version: 7.19.4
|
||||
Release: 1%{?dist}
|
||||
License: MIT
|
||||
Group: Applications/Internet
|
||||
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.bz2
|
||||
Patch1: curl-7.15.3-multilib.patch
|
||||
Patch2: curl-7.16.0-privlibs.patch
|
||||
Patch3: curl-7.17.1-badsocket.patch
|
||||
Patch4: curl-7.19.3-nss-fix.patch
|
||||
Patch4: curl-7.19.4-easy-leak.patch
|
||||
Provides: webclient
|
||||
URL: http://curl.haxx.se/
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
@ -49,7 +49,7 @@ use cURL's capabilities internally.
|
||||
%patch1 -p1 -b .multilib
|
||||
%patch2 -p1 -b .privlibs
|
||||
%patch3 -p1 -b .badsocket
|
||||
%patch4 -p1 -b .nssfix
|
||||
%patch4 -p1 -b .easy-leak
|
||||
|
||||
# Convert docs to UTF-8
|
||||
for f in CHANGES README; do
|
||||
@ -118,6 +118,11 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%{_datadir}/aclocal/libcurl.m4
|
||||
|
||||
%changelog
|
||||
* Tue Mar 03 2009 Jindrich Novy <jnovy@redhat.com> 7.19.4-1
|
||||
- update to 7.19.4 (fixes CVE-2009-0037)
|
||||
- fix leak in curl_easy* functions, thanks to Kamil Dudka
|
||||
- drop nss-fix patch, applied upstream
|
||||
|
||||
* Tue Feb 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 7.19.3-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user