new upstream release - 7.39.0 (fixes CVE-2014-3707)

2014-11-05 10:42:27 +01:00 · 2014-11-05 10:42:27 +01:00 · 5cb97168a8
commit 5cb97168a8
parent 724cf4a6d4
5 changed files with 13 additions and 81 deletions
--- a/0001-curl-7.38.0-0aecdf68.patch
+++ b/0001-curl-7.38.0-0aecdf68.patch
@ -1,67 +0,0 @@
-From 2c00131b1eedd1cf53902f8cc49c90b4d46c5753 Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Mon, 20 Oct 2014 18:18:57 +0200
-Subject: [PATCH] nss: reset SSL handshake state machine
-
-... when the handshake succeeds
-
-This fixes a connection failure when FTPS handle is reused.
-
-Upstream-commit: 0aecdf682895b42c25b232e91529f48bdf7738b3
-Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
- lib/vtls/nss.c | 17 +++++++++--------
- 1 file changed, 9 insertions(+), 8 deletions(-)
-
-diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
-index 83b3e32..a925b12 100644
--- a/lib/vtls/nss.c
-+++ b/lib/vtls/nss.c
-@@ -1482,9 +1482,6 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex)
- #endif
- 
- 
-  if(connssl->state == ssl_connection_complete)
-    return CURLE_OK;
-
-   connssl->data = data;
- 
-   /* list of all NSS objects we need to destroy in Curl_nss_close() */
-@@ -1749,10 +1746,6 @@ static CURLcode nss_do_connect(struct connectdata *conn, int sockindex)
-     goto error;
-   }
- 
-  connssl->state = ssl_connection_complete;
-  conn->recv[sockindex] = nss_recv;
-  conn->send[sockindex] = nss_send;
-
-   display_conn_info(conn, connssl->handle);
- 
-   if(data->set.str[STRING_SSL_ISSUERCERT]) {
-@@ -1788,6 +1781,9 @@ static CURLcode nss_connect_common(struct connectdata *conn, int sockindex,
-   const bool blocking = (done == NULL);
-   CURLcode rv;
- 
-+  if(connssl->state == ssl_connection_complete)
-+    return CURLE_OK;
-+
-   if(connssl->connecting_state == ssl_connect_1) {
-     rv = nss_setup_connect(conn, sockindex);
-     if(rv)
-@@ -1827,7 +1823,12 @@ static CURLcode nss_connect_common(struct connectdata *conn, int sockindex,
-     /* signal completed SSL handshake */
-     *done = TRUE;
- 
-  connssl->connecting_state = ssl_connect_done;
-+  connssl->state = ssl_connection_complete;
-+  conn->recv[sockindex] = nss_recv;
-+  conn->send[sockindex] = nss_send;
-+
-+  /* ssl_connect_done is never used outside, go back to the initial state */
-+  connssl->connecting_state = ssl_connect_1;
-   return CURLE_OK;
- }
- 
-- 
-2.1.0
-
--- a/curl-7.38.0.tar.lzma.asc
+++ b/curl-7.38.0.tar.lzma.asc
@ -1,7 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-Version: GnuPG v1
-
-iEYEABECAAYFAlQP74cACgkQeOEcayedXJFCawCdH3UiuHmb8+ZZwGJp6lGKzplN
-U6AAnj4WsEGF5Ywf8s4ueF3Y6bFFwX4R
-=9D9Q
-----END PGP SIGNATURE-----
--- a/curl-7.39.0.tar.lzma.asc
+++ b/curl-7.39.0.tar.lzma.asc
@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iEYEABECAAYFAlRZ0ScACgkQeOEcayedXJFMdwCg+1jN1OAfEVzzyJQVtBKactH7
+KLsAoI3kTOl5X+Z41Zmd2O6A9kaS23zH
+=6avy
+-----END PGP SIGNATURE-----
--- a/curl.spec
+++ b/curl.spec
@ -1,15 +1,12 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
-Version: 7.38.0
-Release: 2%{?dist}
+Version: 7.39.0
+Release: 1%{?dist}
 License: MIT
 Group: Applications/Internet
 Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
 Source2: curlbuild.h

-# fix a connection failure when FTPS handle is reused
-Patch1:   0001-curl-7.38.0-0aecdf68.patch
-
 # patch making libcurl multilib ready
 Patch101: 0101-curl-7.32.0-multilib.patch

@ -123,7 +120,6 @@ documentation of the library, too.
 %setup -q

 # upstream patches
-%patch1 -p1

 # Fedora patches
 %patch101 -p1
@ -247,6 +243,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_datadir}/aclocal/libcurl.m4

 %changelog
+* Wed Nov 05 2014 Kamil Dudka <kdudka@redhat.com> 7.39.0-1
+- new upstream release (fixes CVE-2014-3707)
+
 * Tue Oct 21 2014 Kamil Dudka <kdudka@redhat.com> 7.38.0-2
 - fix a connection failure when FTPS handle is reused

--- a/2
+++ b/2
@ -1 +1 @@
-fdafc30cbf0acd2fe6bc31b956b856a5  curl-7.38.0.tar.lzma
+e9aa6dec29920eba8ef706ea5823bad7  curl-7.39.0.tar.lzma