rpms/curl
6
0
Fork 1
Code Issues Pull Requests Releases Activity

fixes for #723075, #730444, and #728562

Browse Source 
- fix SIGSEGV of curl -O -J given more than one URLs (#723075)
- introduce the --delegation option of curl (#730444)
- initialize NSS with no database if the selected database is broken (#728562)
This commit is contained in:
Kamil Dudka 2011-08-15 22:11:51 +02:00
parent 4894bf2d1a
commit 7293378155
4 changed files with 297 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
0002-curl-7.21.7-5eb2396.patch Normal file
View File

@ -0,0 +1,30 @@
From 5eb2396cd15cbbf73b02ad6bbcc313167330c2b5 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 4 Aug 2011 23:22:48 +0200
Subject: [PATCH] segfault fixed
When using both -J and a single -O with multiple URLs, a missing init
could cause badness.
Bug: http://curl.haxx.se/mail/lib-2011-07/0126.html and
http://bugzilla.redhat.com/723075
Reported by: Paul Howarth and Garrett Holmstrom
---
src/main.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/src/main.c b/src/main.c
index 6dcf333..eae45de 100644
--- a/src/main.c
+++ b/src/main.c
@@ -4898,6 +4898,7 @@ operate(struct Configurable *config, int argc, argv_item_t argv[])
outs.stream = stdout;
outs.config = config;
outs.bytes = 0; /* nothing written yet */
+ outs.filename = NULL;
/* save outfile pattern before expansion */
if(urlnode->outfile) {
--
1.7.4.4

131
0003-curl-7.21.7-5538904.patch Normal file
View File

@ -0,0 +1,131 @@
From 9698db7fd56b08cc8f9bdeb2182bc9afdbcb4f90 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 12 Aug 2011 14:48:32 +0200
Subject: [PATCH 1/2] added --delegation
Using this option with an argument being set to one of
none/policy/always instructs libcurl how to deal with GSS
credentials. Or rather how it tells the server that delegation is fine
or not.
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
src/main.c | 29 ++++++++++++++++++++++++++---
1 files changed, 26 insertions(+), 3 deletions(-)
diff --git a/src/main.c b/src/main.c
index d85bf62..3a2595c 100644
--- a/src/main.c
+++ b/src/main.c
@@ -659,6 +659,7 @@ struct Configurable {
basically each given URL to transfer */
struct OutStruct *outs;
bool xattr; /* store metadata in extended attributes */
+ long gssapi_delegation;
};
#define WARN_PREFIX "Warning: "
@@ -817,6 +818,7 @@ static void help(void)
" --data-binary <data> HTTP POST binary data (H)",
" --data-urlencode <name=data/name@filename> "
"HTTP POST data url encoded (H)",
+ " --delegation STRING GSS-API delegation permission",
" --digest Use HTTP Digest Authentication (H)",
" --disable-eprt Inhibit using EPRT or LPRT (F)",
" --disable-epsv Inhibit using EPSV (F)",
@@ -1823,6 +1825,18 @@ static int sockoptcallback(void *clientp, curl_socket_t curlfd,
return 0;
}
+static long delegation(struct Configurable *config,
+ char *str)
+{
+ if(curlx_raw_equal("none", str))
+ return CURLGSSAPI_DELEGATION_NONE;
+ if(curlx_raw_equal("policy", str))
+ return CURLGSSAPI_DELEGATION_POLICY_FLAG;
+ if(curlx_raw_equal("always", str))
+ return CURLGSSAPI_DELEGATION_FLAG;
+ warnf(config, "unrecognized delegation method '%s', using none\n", str);
+ return CURLGSSAPI_DELEGATION_NONE;
+}
static ParameterError getparameter(char *flag, /* f or -long-flag */
char *nextarg, /* NULL if unset */
@@ -1942,6 +1956,7 @@ static ParameterError getparameter(char *flag, /* f or -long-flag */
{"$D", "proto", TRUE},
{"$E", "proto-redir", TRUE},
{"$F", "resolve", TRUE},
+ {"$G", "delegation", TRUE},
{"0", "http1.0", FALSE},
{"1", "tlsv1", FALSE},
{"2", "sslv2", FALSE},
@@ -2516,6 +2531,9 @@ static ParameterError getparameter(char *flag, /* f or -long-flag */
if(err)
return err;
break;
+ case 'G': /* --delegation LEVEL */
+ config->gssapi_delegation = delegation(config, nextarg);
+ break;
}
break;
case '#': /* --progress-bar */
@@ -5564,9 +5582,14 @@ operate(struct Configurable *config, int argc, argv_item_t argv[])
/* new in 7.21.3 */
my_setopt(curl, CURLOPT_RESOLVE, config->resolve);
- /* TODO: new in ### */
- curl_easy_setopt(curl, CURLOPT_TLSAUTH_USERNAME, config->tls_username);
- curl_easy_setopt(curl, CURLOPT_TLSAUTH_PASSWORD, config->tls_password);
+ /* new in 7.21.4 */
+ my_setopt_str(curl, CURLOPT_TLSAUTH_USERNAME, config->tls_username);
+ my_setopt_str(curl, CURLOPT_TLSAUTH_PASSWORD, config->tls_password);
+
+ /* new in 7.22.0 */
+ if(config->gssapi_delegation)
+ my_setopt_str(curl, CURLOPT_GSSAPI_DELEGATION,
+ config->gssapi_delegation);
retry_numretries = config->req_retry;
--
1.7.4.4
From 8e404e1c3846cc98a1977514af5b0432ae2de755 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 12 Aug 2011 23:51:41 +0200
Subject: [PATCH 2/2] docs: --delegation
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
docs/curl.1 | 12 ++++++++++++
1 files changed, 12 insertions(+), 0 deletions(-)
diff --git a/docs/curl.1 b/docs/curl.1
index 812b2eb..eee3481 100644
--- a/docs/curl.1
+++ b/docs/curl.1
@@ -320,6 +320,18 @@ URL-encode that data and pass it on in the POST. The name part gets an equal
sign appended, resulting in \fIname=urlencoded-file-content\fP. Note that the
name is expected to be URL-encoded already.
.RE
+.IP "--delegation LEVEL"
+Set \fILEVEL\fP to tell the server what it is allowed to delegate when it
+comes to user credentials. Used with GSS/kerberos.
+.RS
+.IP "none"
+Don't allow any delegation.
+.IP "policy"
+Delegates if and only if the OK-AS-DELEGATE flag is set in the Kerberos
+service ticket, which is a matter of realm policy.
+.IP "always"
+Unconditionally allow the server to delegate.
+.RE
.IP "--digest"
(HTTP) Enables HTTP Digest authentication. This is a authentication that
prevents the password from being sent over the wire in clear text. Use this in
--
1.7.4.4

118
0004-curl-7.21.7-d6f319f.patch Normal file
View File

@ -0,0 +1,118 @@
From 857fed6e245a9620b0f25a2f4ca6d6dc01584674 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Mon, 15 Aug 2011 13:48:45 +0200
Subject: [PATCH] nss: start with no database if the selected database is
broken
Bug: https://bugzilla.redhat.com/728562
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
lib/nss.c | 63 +++++++++++++++++++++++++++++++++++++-----------------------
1 files changed, 39 insertions(+), 24 deletions(-)
diff --git a/lib/nss.c b/lib/nss.c
index 3dc0ba6..94a530b 100644
--- a/lib/nss.c
+++ b/lib/nss.c
@@ -898,10 +898,42 @@ isTLSIntoleranceError(PRInt32 err)
}
}
-static CURLcode init_nss(struct SessionHandle *data)
+static CURLcode nss_init_core(struct SessionHandle *data, const char *cert_dir)
+{
+ if(NSS_IsInitialized())
+ return CURLE_OK;
+
+ if(cert_dir) {
+ SECStatus rv;
+ const bool use_sql = NSS_VersionCheck("3.12.0");
+ char *certpath = aprintf("%s%s", use_sql ? "sql:" : "", cert_dir);
+ if(!certpath)
+ return CURLE_OUT_OF_MEMORY;
+
+ infof(data, "Initializing NSS with certpath: %s\n", certpath);
+ rv = NSS_Initialize(certpath, "", "", "", NSS_INIT_READONLY);
+ free(certpath);
+
+ if(rv == SECSuccess)
+ return CURLE_OK;
+
+ infof(data, "Unable to initialize NSS database\n");
+ }
+
+ infof(data, "Initializing NSS with certpath: none\n");
+ if(NSS_NoDB_Init(NULL) == SECSuccess)
+ return CURLE_OK;
+
+ infof(data, "Unable to initialize NSS\n");
+ return CURLE_SSL_CACERT_BADFILE;
+}
+
+static CURLcode nss_init(struct SessionHandle *data)
{
char *cert_dir;
struct_stat st;
+ CURLcode rv;
+
if(initialized)
return CURLE_OK;
@@ -922,31 +954,14 @@ static CURLcode init_nss(struct SessionHandle *data)
}
}
- if(!NSS_IsInitialized()) {
- SECStatus rv;
- initialized = 1;
- infof(data, "Initializing NSS with certpath: %s\n",
- cert_dir ? cert_dir : "none");
- if(!cert_dir) {
- rv = NSS_NoDB_Init(NULL);
- }
- else {
- char *certpath =
- PR_smprintf("%s%s", NSS_VersionCheck("3.12.0") ? "sql:" : "",
- cert_dir);
- rv = NSS_Initialize(certpath, "", "", "", NSS_INIT_READONLY);
- PR_smprintf_free(certpath);
- }
- if(rv != SECSuccess) {
- infof(data, "Unable to initialize NSS database\n");
- initialized = 0;
- return CURLE_SSL_CACERT_BADFILE;
- }
- }
+ rv = nss_init_core(data, cert_dir);
+ if(rv)
+ return rv;
if(num_enabled_ciphers() == 0)
NSS_SetDomesticPolicy();
+ initialized = 1;
return CURLE_OK;
}
@@ -981,7 +996,7 @@ CURLcode Curl_nss_force_init(struct SessionHandle *data)
}
PR_Lock(nss_initlock);
- rv = init_nss(data);
+ rv = nss_init(data);
PR_Unlock(nss_initlock);
return rv;
}
@@ -1184,7 +1199,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
/* FIXME. NSS doesn't support multiple databases open at the same time. */
PR_Lock(nss_initlock);
- curlerr = init_nss(conn->data);
+ curlerr = nss_init(conn->data);
if(CURLE_OK != curlerr) {
PR_Unlock(nss_initlock);
goto error;
--
1.7.4.4

19
curl.spec
View File

@ -1,7 +1,7 @@
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
Name: curl
Version: 7.21.7
Release: 2%{?dist}
Release: 3%{?dist}
License: MIT
Group: Applications/Internet
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
@ -11,6 +11,15 @@ Source3: hide_selinux.c
# add a new option CURLOPT_GSSAPI_DELEGATION (#719939)
Patch1: 0001-curl-7.21.7-a7864c4.patch
# fix SIGSEGV of curl -O -J given more than one URLs (#723075)
Patch2: 0002-curl-7.21.7-5eb2396.patch
# introduce the --delegation option of curl (#730444)
Patch3: 0003-curl-7.21.7-5538904.patch
# initialize NSS with no database if the selected database is broken (#728562)
Patch4: 0004-curl-7.21.7-d6f319f.patch
# patch making libcurl multilib ready
Patch101: 0101-curl-7.21.1-multilib.patch
@ -111,6 +120,9 @@ done
# upstream patches (already applied)
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
# Fedora patches
%patch101 -p1
@ -224,6 +236,11 @@ rm -rf $RPM_BUILD_ROOT
%{_datadir}/aclocal/libcurl.m4
%changelog
* Mon Aug 15 2011 Kamil Dudka <kdudka@redhat.com> 7.21.7-3
- fix SIGSEGV of curl -O -J given more than one URLs (#723075)
- introduce the --delegation option of curl (#730444)
- initialize NSS with no database if the selected database is broken (#728562)
* Wed Aug 03 2011 Kamil Dudka <kdudka@redhat.com> 7.21.7-2
- add a new option CURLOPT_GSSAPI_DELEGATION (#719939)