new upstream release - 7.21.5
This commit is contained in:
parent
bc4fc6eacb
commit
5ea227a2d7
1
.gitignore
vendored
1
.gitignore
vendored
@ -1,3 +1,4 @@
|
||||
curl-7.21.2.tar.lzma
|
||||
/curl-7.21.3.tar.lzma
|
||||
/curl-7.21.4.tar.lzma
|
||||
/curl-7.21.5.tar.lzma
|
||||
|
@ -1,46 +0,0 @@
|
||||
From 292debd50217ca5e548d8e4b5b2ce93014884f6d Mon Sep 17 00:00:00 2001
|
||||
From: Kamil Dudka <kdudka@redhat.com>
|
||||
Date: Thu, 17 Feb 2011 17:37:24 +0100
|
||||
Subject: [PATCH] nss: avoid memory leak on SSL connection failure
|
||||
|
||||
---
|
||||
lib/nss.c | 9 ++++++++-
|
||||
1 files changed, 8 insertions(+), 1 deletions(-)
|
||||
|
||||
diff --git a/lib/nss.c b/lib/nss.c
|
||||
index e115ac9..d26ad5b 100644
|
||||
--- a/lib/nss.c
|
||||
+++ b/lib/nss.c
|
||||
@@ -1058,6 +1058,7 @@ void Curl_nss_close(struct connectdata *conn, int sockindex)
|
||||
#ifdef HAVE_PK11_CREATEGENERICOBJECT
|
||||
/* destroy all NSS objects in order to avoid failure of NSS shutdown */
|
||||
Curl_llist_destroy(connssl->obj_list, NULL);
|
||||
+ connssl->obj_list = NULL;
|
||||
#endif
|
||||
connssl->handle = NULL;
|
||||
}
|
||||
@@ -1216,7 +1217,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
|
||||
/* make the socket nonblocking */
|
||||
sock_opt.option = PR_SockOpt_Nonblocking;
|
||||
sock_opt.value.non_blocking = PR_TRUE;
|
||||
- if(PR_SetSocketOption(model, &sock_opt) != SECSuccess)
|
||||
+ if(PR_SetSocketOption(model, &sock_opt) != PR_SUCCESS)
|
||||
goto error;
|
||||
|
||||
if(SSL_OptionSet(model, SSL_SECURITY, PR_TRUE) != SECSuccess)
|
||||
@@ -1407,6 +1408,12 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
|
||||
if(model)
|
||||
PR_Close(model);
|
||||
|
||||
+#ifdef HAVE_PK11_CREATEGENERICOBJECT
|
||||
+ /* cleanup on connection failure */
|
||||
+ Curl_llist_destroy(connssl->obj_list, NULL);
|
||||
+ connssl->obj_list = NULL;
|
||||
+#endif
|
||||
+
|
||||
if (ssl3 && tlsv1 && isTLSIntoleranceError(err)) {
|
||||
/* schedule reconnect through Curl_retry_request() */
|
||||
data->state.ssl_connect_retry = TRUE;
|
||||
--
|
||||
1.7.4
|
||||
|
@ -1,44 +0,0 @@
|
||||
From 1f009bb739514d08efef093adf5e1813db6333ec Mon Sep 17 00:00:00 2001
|
||||
From: Kamil Dudka <kdudka@redhat.com>
|
||||
Date: Tue, 22 Feb 2011 13:13:53 +0100
|
||||
Subject: [PATCH] nss: do not ignore failure of SSL handshake
|
||||
|
||||
Flaw introduced in fc77790 and present in curl-7.21.4.
|
||||
Bug: https://bugzilla.redhat.com/669702#c16
|
||||
---
|
||||
lib/nss.c | 12 ++++++++----
|
||||
1 files changed, 8 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/lib/nss.c b/lib/nss.c
|
||||
index d26ad5b..be26253 100644
|
||||
--- a/lib/nss.c
|
||||
+++ b/lib/nss.c
|
||||
@@ -1157,7 +1157,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
|
||||
struct SessionHandle *data = conn->data;
|
||||
curl_socket_t sockfd = conn->sock[sockindex];
|
||||
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
||||
- int curlerr;
|
||||
+ CURLcode curlerr;
|
||||
const int *cipher_to_enable;
|
||||
PRSocketOptionData sock_opt;
|
||||
long time_left;
|
||||
@@ -1289,9 +1289,13 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
|
||||
NULL) != SECSuccess)
|
||||
goto error;
|
||||
|
||||
- if(data->set.ssl.verifypeer && (CURLE_OK !=
|
||||
- (curlerr = nss_load_ca_certificates(conn, sockindex))))
|
||||
- goto error;
|
||||
+ if(data->set.ssl.verifypeer) {
|
||||
+ const CURLcode rv = nss_load_ca_certificates(conn, sockindex);
|
||||
+ if(CURLE_OK != rv) {
|
||||
+ curlerr = rv;
|
||||
+ goto error;
|
||||
+ }
|
||||
+ }
|
||||
|
||||
if (data->set.ssl.CRLfile) {
|
||||
if(SECSuccess != nss_load_crl(data->set.ssl.CRLfile)) {
|
||||
--
|
||||
1.7.4
|
||||
|
@ -6,7 +6,7 @@ diff --git a/configure b/configure
|
||||
index d3ecf69..6d8f085 100755
|
||||
--- a/configure
|
||||
+++ b/configure
|
||||
@@ -14204,18 +14204,11 @@ $as_echo "yes" >&6; }
|
||||
@@ -14222,18 +14222,11 @@ $as_echo "yes" >&6; }
|
||||
gccvhi=`echo $gccver | cut -d . -f1`
|
||||
gccvlo=`echo $gccver | cut -d . -f2`
|
||||
compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`
|
||||
|
@ -19,7 +19,7 @@ diff --git a/tests/data/Makefile.in b/tests/data/Makefile.in
|
||||
index 435b126..1d71c4e 100644
|
||||
--- a/tests/data/Makefile.in
|
||||
+++ b/tests/data/Makefile.in
|
||||
@@ -304,7 +304,7 @@ EXTRA_DIST = test1 test108 test117 test1
|
||||
@@ -307,7 +307,7 @@ EXTRA_DIST = test1 test108 test117 test1
|
||||
test561 test1098 test1099 test562 test563 test1100 test564 test1101 \
|
||||
test1102 test1103 test1104 test299 test310 test311 test312 test1105 \
|
||||
test565 test800 test1106 test801 test566 test802 test803 test1107 \
|
||||
|
@ -1,7 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v1.4.10 (GNU/Linux)
|
||||
|
||||
iEYEABECAAYFAk1dEroACgkQeOEcayedXJGnzwCeJ5QDI1+tKSme9fnZDRAetcQ5
|
||||
KpkAoOqmXiQVgqVLJWWIS9wbhUt+tNcL
|
||||
=2k/t
|
||||
-----END PGP SIGNATURE-----
|
7
curl-7.21.5.tar.lzma.asc
Normal file
7
curl-7.21.5.tar.lzma.asc
Normal file
@ -0,0 +1,7 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v1.4.11 (GNU/Linux)
|
||||
|
||||
iEYEABECAAYFAk2rWlwACgkQeOEcayedXJGj9QCgwoc5sTOksar5Kp6ubovsI7Rg
|
||||
/hwAnRgipolUHWrR4J0QhxDX3FzuAib3
|
||||
=AjpZ
|
||||
-----END PGP SIGNATURE-----
|
17
curl.spec
17
curl.spec
@ -1,19 +1,13 @@
|
||||
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
||||
Name: curl
|
||||
Version: 7.21.4
|
||||
Release: 4%{?dist}
|
||||
Version: 7.21.5
|
||||
Release: 1%{?dist}
|
||||
License: MIT
|
||||
Group: Applications/Internet
|
||||
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
|
||||
Source2: curlbuild.h
|
||||
Source3: hide_selinux.c
|
||||
|
||||
# avoid memory leak on SSL connection failure
|
||||
Patch1: 0001-curl-7.21.4-a40f58d.patch
|
||||
|
||||
# do not ignore failure of SSL handshake
|
||||
Patch2: 0002-curl-7.21.4-7aa2d10.patch
|
||||
|
||||
# patch making libcurl multilib ready
|
||||
Patch101: 0101-curl-7.21.1-multilib.patch
|
||||
|
||||
@ -112,10 +106,6 @@ for f in CHANGES README; do
|
||||
mv -f ${f}.utf8 ${f}
|
||||
done
|
||||
|
||||
# upstream patches (already applied)
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
|
||||
# Fedora patches
|
||||
%patch101 -p1
|
||||
%patch102 -p1
|
||||
@ -228,6 +218,9 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%{_datadir}/aclocal/libcurl.m4
|
||||
|
||||
%changelog
|
||||
* Mon Apr 18 2011 Kamil Dudka <kdudka@redhat.com> 7.21.5-1
|
||||
- new upstream release
|
||||
|
||||
* Sat Apr 16 2011 Peter Robinson <pbrobinson@gmail.com> 7.21.4-4
|
||||
- no valgrind on ARMv5 arches
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user