new upstream release - 7.21.5

This commit is contained in:
Kamil Dudka 2011-04-18 08:52:55 +02:00
parent bc4fc6eacb
commit 5ea227a2d7
9 changed files with 16 additions and 112 deletions

1
.gitignore vendored
View File

@ -1,3 +1,4 @@
curl-7.21.2.tar.lzma
/curl-7.21.3.tar.lzma
/curl-7.21.4.tar.lzma
/curl-7.21.5.tar.lzma

View File

@ -1,46 +0,0 @@
From 292debd50217ca5e548d8e4b5b2ce93014884f6d Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Thu, 17 Feb 2011 17:37:24 +0100
Subject: [PATCH] nss: avoid memory leak on SSL connection failure
---
lib/nss.c | 9 ++++++++-
1 files changed, 8 insertions(+), 1 deletions(-)
diff --git a/lib/nss.c b/lib/nss.c
index e115ac9..d26ad5b 100644
--- a/lib/nss.c
+++ b/lib/nss.c
@@ -1058,6 +1058,7 @@ void Curl_nss_close(struct connectdata *conn, int sockindex)
#ifdef HAVE_PK11_CREATEGENERICOBJECT
/* destroy all NSS objects in order to avoid failure of NSS shutdown */
Curl_llist_destroy(connssl->obj_list, NULL);
+ connssl->obj_list = NULL;
#endif
connssl->handle = NULL;
}
@@ -1216,7 +1217,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
/* make the socket nonblocking */
sock_opt.option = PR_SockOpt_Nonblocking;
sock_opt.value.non_blocking = PR_TRUE;
- if(PR_SetSocketOption(model, &sock_opt) != SECSuccess)
+ if(PR_SetSocketOption(model, &sock_opt) != PR_SUCCESS)
goto error;
if(SSL_OptionSet(model, SSL_SECURITY, PR_TRUE) != SECSuccess)
@@ -1407,6 +1408,12 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
if(model)
PR_Close(model);
+#ifdef HAVE_PK11_CREATEGENERICOBJECT
+ /* cleanup on connection failure */
+ Curl_llist_destroy(connssl->obj_list, NULL);
+ connssl->obj_list = NULL;
+#endif
+
if (ssl3 && tlsv1 && isTLSIntoleranceError(err)) {
/* schedule reconnect through Curl_retry_request() */
data->state.ssl_connect_retry = TRUE;
--
1.7.4

View File

@ -1,44 +0,0 @@
From 1f009bb739514d08efef093adf5e1813db6333ec Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Tue, 22 Feb 2011 13:13:53 +0100
Subject: [PATCH] nss: do not ignore failure of SSL handshake
Flaw introduced in fc77790 and present in curl-7.21.4.
Bug: https://bugzilla.redhat.com/669702#c16
---
lib/nss.c | 12 ++++++++----
1 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/lib/nss.c b/lib/nss.c
index d26ad5b..be26253 100644
--- a/lib/nss.c
+++ b/lib/nss.c
@@ -1157,7 +1157,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
struct SessionHandle *data = conn->data;
curl_socket_t sockfd = conn->sock[sockindex];
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
- int curlerr;
+ CURLcode curlerr;
const int *cipher_to_enable;
PRSocketOptionData sock_opt;
long time_left;
@@ -1289,9 +1289,13 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
NULL) != SECSuccess)
goto error;
- if(data->set.ssl.verifypeer && (CURLE_OK !=
- (curlerr = nss_load_ca_certificates(conn, sockindex))))
- goto error;
+ if(data->set.ssl.verifypeer) {
+ const CURLcode rv = nss_load_ca_certificates(conn, sockindex);
+ if(CURLE_OK != rv) {
+ curlerr = rv;
+ goto error;
+ }
+ }
if (data->set.ssl.CRLfile) {
if(SECSuccess != nss_load_crl(data->set.ssl.CRLfile)) {
--
1.7.4

View File

@ -6,7 +6,7 @@ diff --git a/configure b/configure
index d3ecf69..6d8f085 100755
--- a/configure
+++ b/configure
@@ -14204,18 +14204,11 @@ $as_echo "yes" >&6; }
@@ -14222,18 +14222,11 @@ $as_echo "yes" >&6; }
gccvhi=`echo $gccver | cut -d . -f1`
gccvlo=`echo $gccver | cut -d . -f2`
compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`

View File

@ -19,7 +19,7 @@ diff --git a/tests/data/Makefile.in b/tests/data/Makefile.in
index 435b126..1d71c4e 100644
--- a/tests/data/Makefile.in
+++ b/tests/data/Makefile.in
@@ -304,7 +304,7 @@ EXTRA_DIST = test1 test108 test117 test1
@@ -307,7 +307,7 @@ EXTRA_DIST = test1 test108 test117 test1
test561 test1098 test1099 test562 test563 test1100 test564 test1101 \
test1102 test1103 test1104 test299 test310 test311 test312 test1105 \
test565 test800 test1106 test801 test566 test802 test803 test1107 \

View File

@ -1,7 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEABECAAYFAk1dEroACgkQeOEcayedXJGnzwCeJ5QDI1+tKSme9fnZDRAetcQ5
KpkAoOqmXiQVgqVLJWWIS9wbhUt+tNcL
=2k/t
-----END PGP SIGNATURE-----

7
curl-7.21.5.tar.lzma.asc Normal file
View File

@ -0,0 +1,7 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEABECAAYFAk2rWlwACgkQeOEcayedXJGj9QCgwoc5sTOksar5Kp6ubovsI7Rg
/hwAnRgipolUHWrR4J0QhxDX3FzuAib3
=AjpZ
-----END PGP SIGNATURE-----

View File

@ -1,19 +1,13 @@
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
Name: curl
Version: 7.21.4
Release: 4%{?dist}
Version: 7.21.5
Release: 1%{?dist}
License: MIT
Group: Applications/Internet
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
Source2: curlbuild.h
Source3: hide_selinux.c
# avoid memory leak on SSL connection failure
Patch1: 0001-curl-7.21.4-a40f58d.patch
# do not ignore failure of SSL handshake
Patch2: 0002-curl-7.21.4-7aa2d10.patch
# patch making libcurl multilib ready
Patch101: 0101-curl-7.21.1-multilib.patch
@ -112,10 +106,6 @@ for f in CHANGES README; do
mv -f ${f}.utf8 ${f}
done
# upstream patches (already applied)
%patch1 -p1
%patch2 -p1
# Fedora patches
%patch101 -p1
%patch102 -p1
@ -228,6 +218,9 @@ rm -rf $RPM_BUILD_ROOT
%{_datadir}/aclocal/libcurl.m4
%changelog
* Mon Apr 18 2011 Kamil Dudka <kdudka@redhat.com> 7.21.5-1
- new upstream release
* Sat Apr 16 2011 Peter Robinson <pbrobinson@gmail.com> 7.21.4-4
- no valgrind on ARMv5 arches

View File

@ -1 +1 @@
074fa396afe3dbf10163c05756a5a85d curl-7.21.4.tar.lzma
decd5586c2bd0496ca562dc8a7244e24 curl-7.21.5.tar.lzma