diff --git a/curl-7.19.4-enable-aes.patch b/curl-7.19.4-enable-aes.patch deleted file mode 100644 index 06351d8..0000000 --- a/curl-7.19.4-enable-aes.patch +++ /dev/null @@ -1,47 +0,0 @@ -diff -ruNp curl.orig/lib/nss.c curl/lib/nss.c ---- curl.orig/lib/nss.c 2009-03-04 17:54:28.459240000 +0100 -+++ curl/lib/nss.c 2009-03-18 11:38:34.245797020 +0100 -@@ -162,6 +162,18 @@ static const cipher_s cipherlist[] = { - #endif - }; - -+/* following ciphers are new in NSS 3.4 and not enabled by default, therefor -+ they are enabled explicitly */ -+static const int enable_ciphers_by_default[] = { -+ TLS_DHE_DSS_WITH_AES_128_CBC_SHA, -+ TLS_DHE_DSS_WITH_AES_256_CBC_SHA, -+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA, -+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA, -+ TLS_RSA_WITH_AES_128_CBC_SHA, -+ TLS_RSA_WITH_AES_256_CBC_SHA, -+ SSL_NULL_WITH_NULL_NULL -+}; -+ - #ifdef HAVE_PK11_CREATEGENERICOBJECT - static const char* pem_library = "libnsspem.so"; - #endif -@@ -954,6 +966,7 @@ CURLcode Curl_nss_connect(struct connect - #endif - char *certDir = NULL; - int curlerr; -+ const int *cipher_to_enable; - - curlerr = CURLE_SSL_CONNECT_ERROR; - -@@ -1057,6 +1070,16 @@ CURLcode Curl_nss_connect(struct connect - if(SSL_OptionSet(model, SSL_V2_COMPATIBLE_HELLO, ssl2) != SECSuccess) - goto error; - -+ /* enable all ciphers from enable_ciphers_by_default */ -+ cipher_to_enable = enable_ciphers_by_default; -+ while (SSL_NULL_WITH_NULL_NULL != *cipher_to_enable) { -+ if (SSL_CipherPrefSet(model, *cipher_to_enable, PR_TRUE) != SECSuccess) { -+ curlerr = CURLE_SSL_CIPHER; -+ goto error; -+ } -+ cipher_to_enable++; -+ } -+ - if(data->set.ssl.cipher_list) { - if(set_ciphers(data, model, data->set.ssl.cipher_list) != SECSuccess) { - curlerr = CURLE_SSL_CIPHER; diff --git a/curl-7.19.4-infloop.patch b/curl-7.19.4-infloop.patch deleted file mode 100644 index 3cf0fb4..0000000 --- a/curl-7.19.4-infloop.patch +++ /dev/null @@ -1,120 +0,0 @@ -diff -ruNp curl-7.19.4.orig/lib/nss.c curl-7.19.4/lib/nss.c ---- curl-7.19.4.orig/lib/nss.c 2009-05-11 09:47:54.761907000 +0200 -+++ curl-7.19.4/lib/nss.c 2009-05-11 09:57:06.889716145 +0200 -@@ -85,11 +85,6 @@ volatile int initialized = 0; - #define HANDSHAKE_TIMEOUT 30 - - typedef struct { -- PRInt32 retryCount; -- struct SessionHandle *data; --} pphrase_arg_t; -- --typedef struct { - const char *name; - int num; - PRInt32 version; /* protocol version valid for this cipher */ -@@ -483,7 +478,6 @@ static int nss_load_key(struct connectda - CK_BBOOL cktrue = CK_TRUE; - CK_OBJECT_CLASS objClass = CKO_PRIVATE_KEY; - CK_SLOT_ID slotID; -- pphrase_arg_t *parg = NULL; - char slotname[SLOTSIZE]; - struct ssl_connect_data *sslconn = &conn->ssl[sockindex]; - -@@ -516,17 +510,13 @@ static int nss_load_key(struct connectda - SECMOD_WaitForAnyTokenEvent(mod, 0, 0); - PK11_IsPresent(slot); - -- parg = malloc(sizeof(pphrase_arg_t)); -- if(!parg) -- return 0; -- parg->retryCount = 0; -- parg->data = conn->data; - /* parg is initialized in nss_Init_Tokens() */ -- if(PK11_Authenticate(slot, PR_TRUE, parg) != SECSuccess) { -- free(parg); -+ if(PK11_Authenticate(slot, PR_TRUE, -+ conn->data->set.str[STRING_KEY_PASSWD]) != SECSuccess) { -+ -+ PK11_FreeSlot(slot); - return 0; - } -- free(parg); - PK11_FreeSlot(slot); - - return 1; -@@ -588,25 +578,11 @@ static int cert_stuff(struct connectdata - - static char * nss_get_password(PK11SlotInfo * slot, PRBool retry, void *arg) - { -- pphrase_arg_t *parg; -- parg = (pphrase_arg_t *) arg; -- - (void)slot; /* unused */ -- if(retry > 2) -+ if(retry || NULL == arg) - return NULL; -- if(parg->data->set.str[STRING_KEY_PASSWD]) -- return (char *)PORT_Strdup((char *)parg->data->set.str[STRING_KEY_PASSWD]); - else -- return NULL; --} -- --/* No longer ask for the password, parg has been freed */ --static char * nss_no_password(PK11SlotInfo *slot, PRBool retry, void *arg) --{ -- (void)slot; /* unused */ -- (void)retry; /* unused */ -- (void)arg; /* unused */ -- return NULL; -+ return (char *)PORT_Strdup((char *)arg); - } - - static SECStatus nss_Init_Tokens(struct connectdata * conn) -@@ -614,14 +590,6 @@ static SECStatus nss_Init_Tokens(struct - PK11SlotList *slotList; - PK11SlotListElement *listEntry; - SECStatus ret, status = SECSuccess; -- pphrase_arg_t *parg = NULL; -- -- parg = malloc(sizeof(pphrase_arg_t)); -- if(!parg) -- return SECFailure; -- -- parg->retryCount = 0; -- parg->data = conn->data; - - PK11_SetPasswordFunc(nss_get_password); - -@@ -644,7 +612,8 @@ static SECStatus nss_Init_Tokens(struct - continue; - } - -- ret = PK11_Authenticate(slot, PR_TRUE, parg); -+ ret = PK11_Authenticate(slot, PR_TRUE, -+ conn->data->set.str[STRING_KEY_PASSWD]); - if(SECSuccess != ret) { - if(PR_GetError() == SEC_ERROR_BAD_PASSWORD) - infof(conn->data, "The password for token '%s' is incorrect\n", -@@ -652,12 +621,9 @@ static SECStatus nss_Init_Tokens(struct - status = SECFailure; - break; - } -- parg->retryCount = 0; /* reset counter to 0 for the next token */ - PK11_FreeSlot(slot); - } - -- free(parg); -- - return status; - } - -@@ -1220,8 +1186,6 @@ CURLcode Curl_nss_connect(struct connect - curlerr = CURLE_SSL_CERTPROBLEM; - goto error; - } -- -- PK11_SetPasswordFunc(nss_no_password); - } - else - connssl->client_nickname = NULL; diff --git a/curl-7.19.4-nss-leak.patch b/curl-7.19.4-nss-leak.patch deleted file mode 100644 index 5c98cf2..0000000 --- a/curl-7.19.4-nss-leak.patch +++ /dev/null @@ -1,171 +0,0 @@ -diff -ruNp curl-7.19.4.orig/lib/nss.c curl-7.19.4/lib/nss.c ---- curl-7.19.4.orig/lib/nss.c 2009-04-10 12:51:24.940363000 +0200 -+++ curl-7.19.4/lib/nss.c 2009-04-10 12:51:59.268700902 +0200 -@@ -282,13 +282,12 @@ static int is_file(const char *filename) - return 0; - } - --static int --nss_load_cert(const char *filename, PRBool cacert) -+static int nss_load_cert(struct ssl_connect_data *ssl, -+ const char *filename, PRBool cacert) - { - #ifdef HAVE_PK11_CREATEGENERICOBJECT - CK_SLOT_ID slotID; - PK11SlotInfo * slot = NULL; -- PK11GenericObject *rv; - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE theTemplate[20]; - CK_BBOOL cktrue = CK_TRUE; -@@ -363,11 +362,12 @@ nss_load_cert(const char *filename, PRBo - /* This load the certificate in our PEM module into the appropriate - * slot. - */ -- rv = PK11_CreateGenericObject(slot, theTemplate, 4, PR_FALSE /* isPerm */); -+ ssl->cacert[slotID] = PK11_CreateGenericObject(slot, theTemplate, 4, -+ PR_FALSE /* isPerm */); - - PK11_FreeSlot(slot); - -- if(rv == NULL) { -+ if(ssl->cacert[slotID] == NULL) { - free(nickname); - return 0; - } -@@ -474,11 +474,10 @@ static int nss_load_crl(const char* crlf - return 1; - } - --static int nss_load_key(struct connectdata *conn, char *key_file) -+static int nss_load_key(struct connectdata *conn, int sockindex, char *key_file) - { - #ifdef HAVE_PK11_CREATEGENERICOBJECT - PK11SlotInfo * slot = NULL; -- PK11GenericObject *rv; - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE theTemplate[20]; - CK_BBOOL cktrue = CK_TRUE; -@@ -486,6 +485,7 @@ static int nss_load_key(struct connectda - CK_SLOT_ID slotID; - pphrase_arg_t *parg = NULL; - char slotname[SLOTSIZE]; -+ struct ssl_connect_data *sslconn = &conn->ssl[sockindex]; - - attrs = theTemplate; - -@@ -505,8 +505,9 @@ static int nss_load_key(struct connectda - strlen(key_file)+1); attrs++; - - /* When adding an encrypted key the PKCS#11 will be set as removed */ -- rv = PK11_CreateGenericObject(slot, theTemplate, 3, PR_FALSE /* isPerm */); -- if(rv == NULL) { -+ sslconn->key = PK11_CreateGenericObject(slot, theTemplate, 3, -+ PR_FALSE /* isPerm */); -+ if(sslconn->key == NULL) { - PR_SetError(SEC_ERROR_BAD_KEY, 0); - return 0; - } -@@ -554,13 +555,14 @@ static int display_error(struct connectd - return 0; /* The caller will print a generic error */ - } - --static int cert_stuff(struct connectdata *conn, char *cert_file, char *key_file) -+static int cert_stuff(struct connectdata *conn, -+ int sockindex, char *cert_file, char *key_file) - { - struct SessionHandle *data = conn->data; - int rv = 0; - - if(cert_file) { -- rv = nss_load_cert(cert_file, PR_FALSE); -+ rv = nss_load_cert(&conn->ssl[sockindex], cert_file, PR_FALSE); - if(!rv) { - if(!display_error(conn, PR_GetError(), cert_file)) - failf(data, "Unable to load client cert %d.", PR_GetError()); -@@ -569,10 +571,10 @@ static int cert_stuff(struct connectdata - } - if(key_file || (is_file(cert_file))) { - if(key_file) -- rv = nss_load_key(conn, key_file); -+ rv = nss_load_key(conn, sockindex, key_file); - else - /* In case the cert file also has the key */ -- rv = nss_load_key(conn, cert_file); -+ rv = nss_load_key(conn, sockindex, cert_file); - if(!rv) { - if(!display_error(conn, PR_GetError(), key_file)) - failf(data, "Unable to load client key %d.", PR_GetError()); -@@ -938,6 +940,12 @@ void Curl_nss_close(struct connectdata * - free(connssl->client_nickname); - connssl->client_nickname = NULL; - } -+ if(connssl->key) -+ (void)PK11_DestroyGenericObject(connssl->key); -+ if(connssl->cacert[1]) -+ (void)PK11_DestroyGenericObject(connssl->cacert[1]); -+ if(connssl->cacert[0]) -+ (void)PK11_DestroyGenericObject(connssl->cacert[0]); - connssl->handle = NULL; - } - } -@@ -973,6 +981,10 @@ CURLcode Curl_nss_connect(struct connect - if (connssl->state == ssl_connection_complete) - return CURLE_OK; - -+ connssl->cacert[0] = NULL; -+ connssl->cacert[1] = NULL; -+ connssl->key = NULL; -+ - /* FIXME. NSS doesn't support multiple databases open at the same time. */ - PR_Lock(nss_initlock); - if(!initialized) { -@@ -1100,7 +1112,8 @@ CURLcode Curl_nss_connect(struct connect - /* skip the verifying of the peer */ - ; - else if(data->set.ssl.CAfile) { -- int rc = nss_load_cert(data->set.ssl.CAfile, PR_TRUE); -+ int rc = nss_load_cert(&conn->ssl[sockindex], data->set.ssl.CAfile, -+ PR_TRUE); - if(!rc) { - curlerr = CURLE_SSL_CACERT_BADFILE; - goto error; -@@ -1128,7 +1141,7 @@ CURLcode Curl_nss_connect(struct connect - - snprintf(fullpath, sizeof(fullpath), "%s/%s", data->set.ssl.CApath, - entry->name); -- rc = nss_load_cert(fullpath, PR_TRUE); -+ rc = nss_load_cert(&conn->ssl[sockindex], fullpath, PR_TRUE); - /* FIXME: check this return value! */ - } - /* This is purposefully tolerant of errors so non-PEM files -@@ -1178,7 +1191,7 @@ CURLcode Curl_nss_connect(struct connect - free(nickname); - goto error; - } -- if(!cert_stuff(conn, data->set.str[STRING_CERT], -+ if(!cert_stuff(conn, sockindex, data->set.str[STRING_CERT], - data->set.str[STRING_KEY])) { - /* failf() is already done in cert_stuff() */ - if(nickname_alloc) -diff -ruNp curl-7.19.4.orig/lib/urldata.h curl-7.19.4/lib/urldata.h ---- curl-7.19.4.orig/lib/urldata.h 2009-03-03 00:05:31.000000000 +0100 -+++ curl-7.19.4/lib/urldata.h 2009-04-10 12:51:59.270700921 +0200 -@@ -93,6 +93,7 @@ - - #ifdef USE_NSS - #include -+#include - #endif - - #ifdef USE_QSOSSL -@@ -210,6 +211,10 @@ struct ssl_connect_data { - #ifdef USE_NSS - PRFileDesc *handle; - char *client_nickname; -+#ifdef HAVE_PK11_CREATEGENERICOBJECT -+ PK11GenericObject *key; -+ PK11GenericObject *cacert[2]; -+#endif - #endif /* USE_NSS */ - #ifdef USE_QSOSSL - SSLHandle *handle; diff --git a/curl-7.19.4-nss-leak2.patch b/curl-7.19.4-nss-leak2.patch deleted file mode 100644 index eb47dd9..0000000 --- a/curl-7.19.4-nss-leak2.patch +++ /dev/null @@ -1,118 +0,0 @@ -diff -ruNp curl-7.19.4.orig/lib/nss.c curl-7.19.4/lib/nss.c ---- curl-7.19.4.orig/lib/nss.c 2009-04-27 09:48:12.548102000 +0200 -+++ curl-7.19.4/lib/nss.c 2009-04-27 09:48:32.993420443 +0200 -@@ -527,6 +527,7 @@ static int nss_load_key(struct connectda - return 0; - } - free(parg); -+ PK11_FreeSlot(slot); - - return 1; - #else -@@ -819,9 +820,9 @@ static SECStatus SelectClientCert(void * - struct CERTCertificateStr **pRetCert, - struct SECKEYPrivateKeyStr **pRetKey) - { -- CERTCertificate *cert; - SECKEYPrivateKey *privKey; -- char *nickname = (char *)arg; -+ struct ssl_connect_data *connssl = (struct ssl_connect_data *) arg; -+ char *nickname = connssl->client_nickname; - void *proto_win = NULL; - SECStatus secStatus = SECFailure; - PK11SlotInfo *slot; -@@ -832,34 +833,35 @@ static SECStatus SelectClientCert(void * - if(!nickname) - return secStatus; - -- cert = PK11_FindCertFromNickname(nickname, proto_win); -- if(cert) { -+ connssl->client_cert = PK11_FindCertFromNickname(nickname, proto_win); -+ if(connssl->client_cert) { - - if(!strncmp(nickname, "PEM Token", 9)) { - CK_SLOT_ID slotID = 1; /* hardcoded for now */ - char slotname[SLOTSIZE]; - snprintf(slotname, SLOTSIZE, "PEM Token #%ld", slotID); - slot = PK11_FindSlotByName(slotname); -- privKey = PK11_FindPrivateKeyFromCert(slot, cert, NULL); -+ privKey = PK11_FindPrivateKeyFromCert(slot, connssl->client_cert, NULL); - PK11_FreeSlot(slot); - if(privKey) { - secStatus = SECSuccess; - } - } - else { -- privKey = PK11_FindKeyByAnyCert(cert, proto_win); -+ privKey = PK11_FindKeyByAnyCert(connssl->client_cert, proto_win); - if(privKey) - secStatus = SECSuccess; - } - } - - if(secStatus == SECSuccess) { -- *pRetCert = cert; -+ *pRetCert = connssl->client_cert; - *pRetKey = privKey; - } - else { -- if(cert) -- CERT_DestroyCertificate(cert); -+ if(connssl->client_cert) -+ CERT_DestroyCertificate(connssl->client_cert); -+ connssl->client_cert = NULL; - } - - return secStatus; -@@ -891,8 +893,12 @@ void Curl_nss_cleanup(void) - * as a safety feature. - */ - PR_Lock(nss_initlock); -- if (initialized) -+ if (initialized) { -+ if(mod) -+ SECMOD_DestroyModule(mod); -+ mod = NULL; - NSS_Shutdown(); -+ } - PR_Unlock(nss_initlock); - - PR_DestroyLock(nss_initlock); -@@ -940,6 +946,8 @@ void Curl_nss_close(struct connectdata * - free(connssl->client_nickname); - connssl->client_nickname = NULL; - } -+ if(connssl->client_cert) -+ CERT_DestroyCertificate(connssl->client_cert); - if(connssl->key) - (void)PK11_DestroyGenericObject(connssl->key); - if(connssl->cacert[1]) -@@ -981,6 +989,7 @@ CURLcode Curl_nss_connect(struct connect - if (connssl->state == ssl_connection_complete) - return CURLE_OK; - -+ connssl->client_cert = NULL; - connssl->cacert[0] = NULL; - connssl->cacert[1] = NULL; - connssl->key = NULL; -@@ -1207,8 +1216,7 @@ CURLcode Curl_nss_connect(struct connect - - if(SSL_GetClientAuthDataHook(model, - (SSLGetClientAuthData) SelectClientCert, -- (void *)connssl->client_nickname) != -- SECSuccess) { -+ (void *)connssl) != SECSuccess) { - curlerr = CURLE_SSL_CERTPROBLEM; - goto error; - } -diff -ruNp curl-7.19.4.orig/lib/urldata.h curl-7.19.4/lib/urldata.h ---- curl-7.19.4.orig/lib/urldata.h 2009-04-27 09:48:12.550102000 +0200 -+++ curl-7.19.4/lib/urldata.h 2009-04-27 09:48:19.821215391 +0200 -@@ -211,6 +211,7 @@ struct ssl_connect_data { - #ifdef USE_NSS - PRFileDesc *handle; - char *client_nickname; -+ CERTCertificate *client_cert; - #ifdef HAVE_PK11_CREATEGENERICOBJECT - PK11GenericObject *key; - PK11GenericObject *cacert[2]; diff --git a/curl-7.19.4-tool-leak.patch b/curl-7.19.4-tool-leak.patch deleted file mode 100644 index ccb84ef..0000000 --- a/curl-7.19.4-tool-leak.patch +++ /dev/null @@ -1,39 +0,0 @@ -diff -ruNp curl-7.19.4.orig/include/curl/curl.h curl-7.19.4/include/curl/curl.h ---- curl-7.19.4.orig/include/curl/curl.h 2009-03-03 00:05:31.000000000 +0100 -+++ curl-7.19.4/include/curl/curl.h 2009-03-10 14:49:47.017943954 +0100 -@@ -1510,7 +1510,7 @@ CURL_EXTERN void curl_free(void *p); - * DESCRIPTION - * - * curl_global_init() should be invoked exactly once for each application that -- * uses libcurl -+ * uses libcurl and before any call of other libcurl function - */ - CURL_EXTERN CURLcode curl_global_init(long flags); - -diff -ruNp curl-7.19.4.orig/src/main.c curl-7.19.4/src/main.c ---- curl-7.19.4.orig/src/main.c 2009-02-17 10:10:21.000000000 +0100 -+++ curl-7.19.4/src/main.c 2009-03-10 14:49:50.297971916 +0100 -@@ -3969,6 +3969,12 @@ operate(struct Configurable *config, int - - memset(&heads, 0, sizeof(struct OutStruct)); - -+ /* initialize curl library - do not call any libcurl functions before */ -+ if (main_init() != CURLE_OK) { -+ helpf(config->errors, "error initializing curl library\n"); -+ return CURLE_FAILED_INIT; -+ } -+ - #ifdef CURLDEBUG - /* this sends all memory debug messages to a logfile named memdump */ - env = curlx_getenv("CURL_MEMDEBUG"); -@@ -4015,10 +4021,6 @@ operate(struct Configurable *config, int - #endif - - /* inits */ -- if (main_init() != CURLE_OK) { -- helpf(config->errors, "error initializing curl library\n"); -- return CURLE_FAILED_INIT; -- } - config->postfieldsize = -1; - config->showerror=TRUE; - config->use_httpget=FALSE;