Resolves: #1195771 - implement public key pinning for NSS backend
This commit is contained in:
parent
167643f9ce
commit
54e48b0348
308
0001-curl-7.42.0-b47c17d6.patch
Normal file
308
0001-curl-7.42.0-b47c17d6.patch
Normal file
@ -0,0 +1,308 @@
|
|||||||
|
From b5425b256cc9db483e3e4365c5ba6121c86d9031 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
Date: Wed, 22 Apr 2015 14:47:26 +0200
|
||||||
|
Subject: [PATCH 1/2] docs: distribute the CURLOPT_PINNEDPUBLICKEY(3) man page,
|
||||||
|
too
|
||||||
|
|
||||||
|
Upstream-commit: ba4741842e6be654906da8a022e0e866acdd1557
|
||||||
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
---
|
||||||
|
docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3 | 65 +++++++++++++++++++++++++++++
|
||||||
|
docs/libcurl/opts/Makefile.am | 9 ++--
|
||||||
|
docs/libcurl/opts/Makefile.in | 9 ++--
|
||||||
|
3 files changed, 77 insertions(+), 6 deletions(-)
|
||||||
|
create mode 100644 docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3
|
||||||
|
|
||||||
|
diff --git a/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3 b/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000..2d86392
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3
|
||||||
|
@@ -0,0 +1,65 @@
|
||||||
|
+.\" **************************************************************************
|
||||||
|
+.\" * _ _ ____ _
|
||||||
|
+.\" * Project ___| | | | _ \| |
|
||||||
|
+.\" * / __| | | | |_) | |
|
||||||
|
+.\" * | (__| |_| | _ <| |___
|
||||||
|
+.\" * \___|\___/|_| \_\_____|
|
||||||
|
+.\" *
|
||||||
|
+.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||||
|
+.\" *
|
||||||
|
+.\" * This software is licensed as described in the file COPYING, which
|
||||||
|
+.\" * you should have received as part of this distribution. The terms
|
||||||
|
+.\" * are also available at http://curl.haxx.se/docs/copyright.html.
|
||||||
|
+.\" *
|
||||||
|
+.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell
|
||||||
|
+.\" * copies of the Software, and permit persons to whom the Software is
|
||||||
|
+.\" * furnished to do so, under the terms of the COPYING file.
|
||||||
|
+.\" *
|
||||||
|
+.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
|
||||||
|
+.\" * KIND, either express or implied.
|
||||||
|
+.\" *
|
||||||
|
+.\" **************************************************************************
|
||||||
|
+.\"
|
||||||
|
+.TH CURLOPT_PINNEDPUBLICKEY 3 "27 Aug 2014" "libcurl 7.38.0" "curl_easy_setopt options"
|
||||||
|
+.SH NAME
|
||||||
|
+CURLOPT_PINNEDPUBLICKEY \- set pinned public key
|
||||||
|
+.SH SYNOPSIS
|
||||||
|
+#include <curl/curl.h>
|
||||||
|
+
|
||||||
|
+CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PINNEDPUBLICKEY, char *pinnedpubkey);
|
||||||
|
+.SH DESCRIPTION
|
||||||
|
+Pass a pointer to a zero terminated string as parameter. The string should be
|
||||||
|
+the file name of your pinned public key. The format expected is "PEM" or "DER".
|
||||||
|
+
|
||||||
|
+When negotiating a TLS or SSL connection, the server sends a certificate
|
||||||
|
+indicating its identity. A public key is extracted from this certificate and
|
||||||
|
+if it does not exactly match the public key provided to this option, curl will
|
||||||
|
+abort the connection before sending or receiving any data.
|
||||||
|
+.SH DEFAULT
|
||||||
|
+NULL
|
||||||
|
+.SH PROTOCOLS
|
||||||
|
+All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
|
||||||
|
+.SH EXAMPLE
|
||||||
|
+.nf
|
||||||
|
+CURL *curl = curl_easy_init();
|
||||||
|
+if(curl) {
|
||||||
|
+ curl_easy_setopt(curl, CURLOPT_URL, "https://example.com");
|
||||||
|
+ curl_easy_setopt(curl, CURLOPT_PINNEDPUBLICKEY, "/etc/publickey.der");
|
||||||
|
+
|
||||||
|
+ /* Perform the request */
|
||||||
|
+ curl_easy_perform(curl);
|
||||||
|
+}
|
||||||
|
+.fi
|
||||||
|
+.SH AVAILABILITY
|
||||||
|
+If built TLS enabled. This is currently only implemented in the OpenSSL,
|
||||||
|
+GnuTLS and GSKit backends.
|
||||||
|
+
|
||||||
|
+Added in libcurl 7.39.0
|
||||||
|
+.SH RETURN VALUE
|
||||||
|
+Returns CURLE_OK if TLS enabled, CURLE_UNKNOWN_OPTION if not, or
|
||||||
|
+CURLE_OUT_OF_MEMORY if there was insufficient heap space.
|
||||||
|
+.SH "SEE ALSO"
|
||||||
|
+.BR CURLOPT_SSL_VERIFYPEER "(3), "
|
||||||
|
+.BR CURLOPT_SSL_VERIFYHOST "(3), "
|
||||||
|
+.BR CURLOPT_CAINFO "(3), "
|
||||||
|
+.BR CURLOPT_CAPATH "(3), "
|
||||||
|
diff --git a/docs/libcurl/opts/Makefile.am b/docs/libcurl/opts/Makefile.am
|
||||||
|
index e032a25..c4332e9 100644
|
||||||
|
--- a/docs/libcurl/opts/Makefile.am
|
||||||
|
+++ b/docs/libcurl/opts/Makefile.am
|
||||||
|
@@ -66,7 +66,8 @@ man_MANS = CURLOPT_ACCEPT_ENCODING.3 CURLOPT_ACCEPTTIMEOUT_MS.3 \
|
||||||
|
CURLOPT_NEW_DIRECTORY_PERMS.3 CURLOPT_NEW_FILE_PERMS.3 \
|
||||||
|
CURLOPT_NOBODY.3 CURLOPT_NOPROGRESS.3 CURLOPT_NOPROXY.3 \
|
||||||
|
CURLOPT_NOSIGNAL.3 CURLOPT_OPENSOCKETDATA.3 \
|
||||||
|
- CURLOPT_OPENSOCKETFUNCTION.3 CURLOPT_PASSWORD.3 CURLOPT_PORT.3 \
|
||||||
|
+ CURLOPT_OPENSOCKETFUNCTION.3 CURLOPT_PASSWORD.3 \
|
||||||
|
+ CURLOPT_PINNEDPUBLICKEY.3 CURLOPT_PORT.3 \
|
||||||
|
CURLOPT_POST.3 CURLOPT_POSTFIELDS.3 CURLOPT_POSTFIELDSIZE.3 \
|
||||||
|
CURLOPT_POSTFIELDSIZE_LARGE.3 CURLOPT_POSTQUOTE.3 CURLOPT_POSTREDIR.3 \
|
||||||
|
CURLOPT_PREQUOTE.3 CURLOPT_PRIVATE.3 CURLOPT_PROGRESSDATA.3 \
|
||||||
|
@@ -167,7 +168,8 @@ HTMLPAGES = CURLOPT_ACCEPT_ENCODING.html CURLOPT_ACCEPTTIMEOUT_MS.html \
|
||||||
|
CURLOPT_NEW_FILE_PERMS.html CURLOPT_NOBODY.html \
|
||||||
|
CURLOPT_NOPROGRESS.html CURLOPT_NOPROXY.html CURLOPT_NOSIGNAL.html \
|
||||||
|
CURLOPT_OPENSOCKETDATA.html CURLOPT_OPENSOCKETFUNCTION.html \
|
||||||
|
- CURLOPT_PASSWORD.html CURLOPT_PORT.html CURLOPT_POST.html \
|
||||||
|
+ CURLOPT_PASSWORD.html CURLOPT_PINNEDPUBLICKEY.html CURLOPT_PORT.html \
|
||||||
|
+ CURLOPT_POST.html \
|
||||||
|
CURLOPT_POSTFIELDS.html CURLOPT_POSTFIELDSIZE.html \
|
||||||
|
CURLOPT_POSTFIELDSIZE_LARGE.html CURLOPT_POSTQUOTE.html \
|
||||||
|
CURLOPT_POSTREDIR.html CURLOPT_PREQUOTE.html CURLOPT_PRIVATE.html \
|
||||||
|
@@ -270,7 +272,8 @@ PDFPAGES = CURLOPT_ACCEPT_ENCODING.pdf CURLOPT_ACCEPTTIMEOUT_MS.pdf \
|
||||||
|
CURLOPT_NEW_DIRECTORY_PERMS.pdf CURLOPT_NEW_FILE_PERMS.pdf \
|
||||||
|
CURLOPT_NOBODY.pdf CURLOPT_NOPROGRESS.pdf CURLOPT_NOPROXY.pdf \
|
||||||
|
CURLOPT_NOSIGNAL.pdf CURLOPT_OPENSOCKETDATA.pdf \
|
||||||
|
- CURLOPT_OPENSOCKETFUNCTION.pdf CURLOPT_PASSWORD.pdf CURLOPT_PORT.pdf \
|
||||||
|
+ CURLOPT_OPENSOCKETFUNCTION.pdf CURLOPT_PASSWORD.pdf \
|
||||||
|
+ CURLOPT_PINNEDPUBLICKEY.pdf CURLOPT_PORT.pdf \
|
||||||
|
CURLOPT_POST.pdf CURLOPT_POSTFIELDS.pdf CURLOPT_POSTFIELDSIZE.pdf \
|
||||||
|
CURLOPT_POSTFIELDSIZE_LARGE.pdf CURLOPT_POSTQUOTE.pdf \
|
||||||
|
CURLOPT_POSTREDIR.pdf CURLOPT_PREQUOTE.pdf CURLOPT_PRIVATE.pdf \
|
||||||
|
diff --git a/docs/libcurl/opts/Makefile.in b/docs/libcurl/opts/Makefile.in
|
||||||
|
index 07d29cb..ceaa1bb 100644
|
||||||
|
--- a/docs/libcurl/opts/Makefile.in
|
||||||
|
+++ b/docs/libcurl/opts/Makefile.in
|
||||||
|
@@ -411,7 +411,8 @@ man_MANS = CURLOPT_ACCEPT_ENCODING.3 CURLOPT_ACCEPTTIMEOUT_MS.3 \
|
||||||
|
CURLOPT_NEW_DIRECTORY_PERMS.3 CURLOPT_NEW_FILE_PERMS.3 \
|
||||||
|
CURLOPT_NOBODY.3 CURLOPT_NOPROGRESS.3 CURLOPT_NOPROXY.3 \
|
||||||
|
CURLOPT_NOSIGNAL.3 CURLOPT_OPENSOCKETDATA.3 \
|
||||||
|
- CURLOPT_OPENSOCKETFUNCTION.3 CURLOPT_PASSWORD.3 CURLOPT_PORT.3 \
|
||||||
|
+ CURLOPT_OPENSOCKETFUNCTION.3 CURLOPT_PASSWORD.3 \
|
||||||
|
+ CURLOPT_PINNEDPUBLICKEY.3 CURLOPT_PORT.3 \
|
||||||
|
CURLOPT_POST.3 CURLOPT_POSTFIELDS.3 CURLOPT_POSTFIELDSIZE.3 \
|
||||||
|
CURLOPT_POSTFIELDSIZE_LARGE.3 CURLOPT_POSTQUOTE.3 CURLOPT_POSTREDIR.3 \
|
||||||
|
CURLOPT_PREQUOTE.3 CURLOPT_PRIVATE.3 CURLOPT_PROGRESSDATA.3 \
|
||||||
|
@@ -512,7 +513,8 @@ HTMLPAGES = CURLOPT_ACCEPT_ENCODING.html CURLOPT_ACCEPTTIMEOUT_MS.html \
|
||||||
|
CURLOPT_NEW_FILE_PERMS.html CURLOPT_NOBODY.html \
|
||||||
|
CURLOPT_NOPROGRESS.html CURLOPT_NOPROXY.html CURLOPT_NOSIGNAL.html \
|
||||||
|
CURLOPT_OPENSOCKETDATA.html CURLOPT_OPENSOCKETFUNCTION.html \
|
||||||
|
- CURLOPT_PASSWORD.html CURLOPT_PORT.html CURLOPT_POST.html \
|
||||||
|
+ CURLOPT_PASSWORD.html CURLOPT_PINNEDPUBLICKEY.html CURLOPT_PORT.html \
|
||||||
|
+ CURLOPT_POST.html \
|
||||||
|
CURLOPT_POSTFIELDS.html CURLOPT_POSTFIELDSIZE.html \
|
||||||
|
CURLOPT_POSTFIELDSIZE_LARGE.html CURLOPT_POSTQUOTE.html \
|
||||||
|
CURLOPT_POSTREDIR.html CURLOPT_PREQUOTE.html CURLOPT_PRIVATE.html \
|
||||||
|
@@ -615,7 +617,8 @@ PDFPAGES = CURLOPT_ACCEPT_ENCODING.pdf CURLOPT_ACCEPTTIMEOUT_MS.pdf \
|
||||||
|
CURLOPT_NEW_DIRECTORY_PERMS.pdf CURLOPT_NEW_FILE_PERMS.pdf \
|
||||||
|
CURLOPT_NOBODY.pdf CURLOPT_NOPROGRESS.pdf CURLOPT_NOPROXY.pdf \
|
||||||
|
CURLOPT_NOSIGNAL.pdf CURLOPT_OPENSOCKETDATA.pdf \
|
||||||
|
- CURLOPT_OPENSOCKETFUNCTION.pdf CURLOPT_PASSWORD.pdf CURLOPT_PORT.pdf \
|
||||||
|
+ CURLOPT_OPENSOCKETFUNCTION.pdf CURLOPT_PASSWORD.pdf \
|
||||||
|
+ CURLOPT_PINNEDPUBLICKEY.pdf CURLOPT_PORT.pdf \
|
||||||
|
CURLOPT_POST.pdf CURLOPT_POSTFIELDS.pdf CURLOPT_POSTFIELDSIZE.pdf \
|
||||||
|
CURLOPT_POSTFIELDSIZE_LARGE.pdf CURLOPT_POSTQUOTE.pdf \
|
||||||
|
CURLOPT_POSTREDIR.pdf CURLOPT_PREQUOTE.pdf CURLOPT_PRIVATE.pdf \
|
||||||
|
--
|
||||||
|
2.3.5
|
||||||
|
|
||||||
|
|
||||||
|
From e5b6de7f78806f82dee0c5359e18d904e56836c6 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
Date: Wed, 25 Mar 2015 13:48:41 +0100
|
||||||
|
Subject: [PATCH 2/2] nss: implement public key pinning for NSS backend
|
||||||
|
|
||||||
|
Bug: https://bugzilla.redhat.com/1195771
|
||||||
|
|
||||||
|
Upstream-commit: b47c17d67c9b5c9e985375b090f0140bf43cb146
|
||||||
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
---
|
||||||
|
docs/curl.1 | 3 +-
|
||||||
|
docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3 | 2 +-
|
||||||
|
lib/vtls/nss.c | 53 +++++++++++++++++++++++++++++
|
||||||
|
src/tool_help.c | 2 +-
|
||||||
|
tests/runtests.pl | 1 +
|
||||||
|
5 files changed, 58 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/docs/curl.1 b/docs/curl.1
|
||||||
|
index 908f648..0e56715 100644
|
||||||
|
--- a/docs/curl.1
|
||||||
|
+++ b/docs/curl.1
|
||||||
|
@@ -548,7 +548,8 @@ indicating its identity. A public key is extracted from this certificate and
|
||||||
|
if it does not exactly match the public key provided to this option, curl will
|
||||||
|
abort the connection before sending or receiving any data.
|
||||||
|
|
||||||
|
-This is currently only implemented in the OpenSSL, GnuTLS and GSKit backends.
|
||||||
|
+This is currently only implemented in the OpenSSL, GnuTLS, NSS and GSKit
|
||||||
|
+backends.
|
||||||
|
|
||||||
|
If this option is used several times, the last one will be used.
|
||||||
|
(Added in 7.39.0)
|
||||||
|
diff --git a/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3 b/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3
|
||||||
|
index 2d86392..4cc68b1 100644
|
||||||
|
--- a/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3
|
||||||
|
+++ b/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3
|
||||||
|
@@ -52,7 +52,7 @@ if(curl) {
|
||||||
|
.fi
|
||||||
|
.SH AVAILABILITY
|
||||||
|
If built TLS enabled. This is currently only implemented in the OpenSSL,
|
||||||
|
-GnuTLS and GSKit backends.
|
||||||
|
+GnuTLS, NSS and GSKit backends.
|
||||||
|
|
||||||
|
Added in libcurl 7.39.0
|
||||||
|
.SH RETURN VALUE
|
||||||
|
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
|
||||||
|
index feb00ca..daf12a9 100644
|
||||||
|
--- a/lib/vtls/nss.c
|
||||||
|
+++ b/lib/vtls/nss.c
|
||||||
|
@@ -56,6 +56,7 @@
|
||||||
|
#include <base64.h>
|
||||||
|
#include <cert.h>
|
||||||
|
#include <prerror.h>
|
||||||
|
+#include <keyhi.h> /* for SECKEY_DestroyPublicKey() */
|
||||||
|
|
||||||
|
#define NSSVERNUM ((NSS_VMAJOR<<16)|(NSS_VMINOR<<8)|NSS_VPATCH)
|
||||||
|
|
||||||
|
@@ -943,6 +944,53 @@ static SECStatus check_issuer_cert(PRFileDesc *sock,
|
||||||
|
return res;
|
||||||
|
}
|
||||||
|
|
||||||
|
+static CURLcode cmp_peer_pubkey(struct ssl_connect_data *connssl,
|
||||||
|
+ const char *pinnedpubkey)
|
||||||
|
+{
|
||||||
|
+ CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH;
|
||||||
|
+ struct SessionHandle *data = connssl->data;
|
||||||
|
+ CERTCertificate *cert;
|
||||||
|
+
|
||||||
|
+ if(!pinnedpubkey)
|
||||||
|
+ /* no pinned public key specified */
|
||||||
|
+ return CURLE_OK;
|
||||||
|
+
|
||||||
|
+ /* get peer certificate */
|
||||||
|
+ cert = SSL_PeerCertificate(connssl->handle);
|
||||||
|
+ if(cert) {
|
||||||
|
+ /* extract public key from peer certificate */
|
||||||
|
+ SECKEYPublicKey *pubkey = CERT_ExtractPublicKey(cert);
|
||||||
|
+ if(pubkey) {
|
||||||
|
+ /* encode the public key as DER */
|
||||||
|
+ SECItem *cert_der = PK11_DEREncodePublicKey(pubkey);
|
||||||
|
+ if(cert_der) {
|
||||||
|
+ /* compare the public key with the pinned public key */
|
||||||
|
+ result = Curl_pin_peer_pubkey(pinnedpubkey,
|
||||||
|
+ cert_der->data,
|
||||||
|
+ cert_der->len);
|
||||||
|
+ SECITEM_FreeItem(cert_der, PR_TRUE);
|
||||||
|
+ }
|
||||||
|
+ SECKEY_DestroyPublicKey(pubkey);
|
||||||
|
+ }
|
||||||
|
+ CERT_DestroyCertificate(cert);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /* report the resulting status */
|
||||||
|
+ switch(result) {
|
||||||
|
+ case CURLE_OK:
|
||||||
|
+ infof(data, "pinned public key verified successfully!\n");
|
||||||
|
+ break;
|
||||||
|
+ case CURLE_SSL_PINNEDPUBKEYNOTMATCH:
|
||||||
|
+ failf(data, "failed to verify pinned public key");
|
||||||
|
+ break;
|
||||||
|
+ default:
|
||||||
|
+ /* OOM, etc. */
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return result;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
/**
|
||||||
|
*
|
||||||
|
* Callback to pick the SSL client certificate.
|
||||||
|
@@ -1806,6 +1854,11 @@ static CURLcode nss_do_connect(struct connectdata *conn, int sockindex)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
+ result = cmp_peer_pubkey(connssl, data->set.str[STRING_SSL_PINNEDPUBLICKEY]);
|
||||||
|
+ if(result)
|
||||||
|
+ /* status already printed */
|
||||||
|
+ goto error;
|
||||||
|
+
|
||||||
|
return CURLE_OK;
|
||||||
|
|
||||||
|
error:
|
||||||
|
diff --git a/src/tool_help.c b/src/tool_help.c
|
||||||
|
index bb7aa7c..27638ef 100644
|
||||||
|
--- a/src/tool_help.c
|
||||||
|
+++ b/src/tool_help.c
|
||||||
|
@@ -156,7 +156,7 @@ static const char *const helptext[] = {
|
||||||
|
" --pass PASS Pass phrase for the private key (SSL/SSH)",
|
||||||
|
" --path-as-is Do not squash .. sequences in URL path",
|
||||||
|
" --pinnedpubkey FILE Public key (PEM/DER) to verify peer against "
|
||||||
|
- "(OpenSSL/GnuTLS/GSKit only)",
|
||||||
|
+ "(OpenSSL/GnuTLS/NSS/GSKit only)",
|
||||||
|
" --post301 "
|
||||||
|
"Do not switch to GET after following a 301 redirect (H)",
|
||||||
|
" --post302 "
|
||||||
|
diff --git a/tests/runtests.pl b/tests/runtests.pl
|
||||||
|
index ef9d3c8..b64c423 100755
|
||||||
|
--- a/tests/runtests.pl
|
||||||
|
+++ b/tests/runtests.pl
|
||||||
|
@@ -2346,6 +2346,7 @@ sub checksystem {
|
||||||
|
}
|
||||||
|
elsif ($libcurl =~ /nss/i) {
|
||||||
|
$has_nss=1;
|
||||||
|
+ $has_sslpinning=1;
|
||||||
|
$ssllib="NSS";
|
||||||
|
}
|
||||||
|
elsif ($libcurl =~ /(yassl|wolfssl)/i) {
|
||||||
|
--
|
||||||
|
2.3.5
|
||||||
|
|
@ -7,6 +7,9 @@ Group: Applications/Internet
|
|||||||
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
|
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
|
||||||
Source2: curlbuild.h
|
Source2: curlbuild.h
|
||||||
|
|
||||||
|
# implement public key pinning for NSS backend (#1195771)
|
||||||
|
Patch1: 0001-curl-7.42.0-b47c17d6.patch
|
||||||
|
|
||||||
# patch making libcurl multilib ready
|
# patch making libcurl multilib ready
|
||||||
Patch101: 0101-curl-7.32.0-multilib.patch
|
Patch101: 0101-curl-7.32.0-multilib.patch
|
||||||
|
|
||||||
@ -115,6 +118,7 @@ documentation of the library, too.
|
|||||||
%setup -q
|
%setup -q
|
||||||
|
|
||||||
# upstream patches
|
# upstream patches
|
||||||
|
%patch1 -p1
|
||||||
|
|
||||||
# Fedora patches
|
# Fedora patches
|
||||||
%patch101 -p1
|
%patch101 -p1
|
||||||
@ -239,6 +243,7 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
* Wed Apr 22 2015 Kamil Dudka <kdudka@redhat.com> 7.42.0-1
|
* Wed Apr 22 2015 Kamil Dudka <kdudka@redhat.com> 7.42.0-1
|
||||||
- new upstream release (fixes CVE-2015-3143, CVE-2015-3144, CVE-2015-3145,
|
- new upstream release (fixes CVE-2015-3143, CVE-2015-3144, CVE-2015-3145,
|
||||||
and CVE-2015-3148)
|
and CVE-2015-3148)
|
||||||
|
- implement public key pinning for NSS backend (#1195771)
|
||||||
|
|
||||||
* Wed Feb 25 2015 Kamil Dudka <kdudka@redhat.com> 7.41.0-1
|
* Wed Feb 25 2015 Kamil Dudka <kdudka@redhat.com> 7.41.0-1
|
||||||
- new upstream release
|
- new upstream release
|
||||||
|
Loading…
Reference in New Issue
Block a user