rpms/curl
6
0
Fork 1
Code Issues Pull Requests Releases Activity

new upstream release - 7.45.0

Browse Source
This commit is contained in:
Paul Howarth 2015-10-07 14:43:06 +01:00
parent 1dcbbd628a
commit b1cf0d53ef
3 changed files with 8 additions and 81 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
0001-curl-7.44.0-958d2ffb.patch
View File

@ -1,71 +0,0 @@
From 98dee5ab5a862a506beb8a7bf60c0aaec3b08a0f Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Fri, 18 Sep 2015 17:07:22 +0200
Subject: [PATCH 1/2] nss: check return values of NSS functions
Upstream-commit: a9fd53887ba07cd8313a8b9706f2dc71d6b8ed1b
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
lib/vtls/nss.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index 91727c7..1fa1c64 100644
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -1792,9 +1792,13 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex)
/* Force handshake on next I/O */
- SSL_ResetHandshake(connssl->handle, /* asServer */ PR_FALSE);
+ if(SSL_ResetHandshake(connssl->handle, /* asServer */ PR_FALSE)
+ != SECSuccess)
+ goto error;
- SSL_SetURL(connssl->handle, conn->host.name);
+ /* propagate hostname to the TLS layer */
+ if(SSL_SetURL(connssl->handle, conn->host.name) != SECSuccess)
+ goto error;
return CURLE_OK;
--
2.5.2
From d082ad368ecec7894d8e9e9a35336b2350c30ade Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Fri, 18 Sep 2015 17:10:05 +0200
Subject: [PATCH 2/2] nss: prevent NSS from incorrectly re-using a session
Without this workaround, NSS re-uses a session cache entry despite the
server name does not match. This causes SNI host name to differ from
the actual host name. Consequently, certain servers (e.g. github.com)
respond by 400 to such requests.
Bug: https://bugzilla.mozilla.org/1202264
Upstream-commit: 958d2ffb198166a062a0ff20d009c64972a2b374
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
lib/vtls/nss.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index 1fa1c64..3d73ffe 100644
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -1800,6 +1800,10 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex)
if(SSL_SetURL(connssl->handle, conn->host.name) != SECSuccess)
goto error;
+ /* prevent NSS from re-using the session for a different hostname */
+ if(SSL_SetSockPeerID(connssl->handle, conn->host.name) != SECSuccess)
+ goto error;
+
return CURLE_OK;
error:
--
2.5.2

16
curl.spec
View File

@ -1,15 +1,12 @@
Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
Name: curl Name: curl
Version: 7.44.0 Version: 7.45.0
Release: 2%{?dist} Release: 1%{?dist}
License: MIT License: MIT
Group: Applications/Internet Group: Applications/Internet
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
Source2: curlbuild.h Source2: curlbuild.h
# prevent NSS from incorrectly re-using a session (#1104597)
Patch1: 0001-curl-7.44.0-958d2ffb.patch
# patch making libcurl multilib ready # patch making libcurl multilib ready
Patch101: 0101-curl-7.32.0-multilib.patch Patch101: 0101-curl-7.32.0-multilib.patch
@ -120,7 +117,7 @@ documentation of the library, too.
%setup -q %setup -q
# upstream patches # upstream patches
%patch1 -p1 # (none)
# Fedora patches # Fedora patches
%patch101 -p1 %patch101 -p1
@ -213,7 +210,6 @@ rm -rf $RPM_BUILD_ROOT
%postun -n libcurl -p /sbin/ldconfig %postun -n libcurl -p /sbin/ldconfig
%files %files
%defattr(-,root,root,-)
%doc CHANGES README* %doc CHANGES README*
%doc docs/BUGS docs/FAQ docs/FEATURES %doc docs/BUGS docs/FAQ docs/FEATURES
%doc docs/MANUAL docs/RESOURCES %doc docs/MANUAL docs/RESOURCES
@ -222,13 +218,11 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man1/curl.1* %{_mandir}/man1/curl.1*
%files -n libcurl %files -n libcurl
%defattr(-,root,root,-)
%{!?_licensedir:%global license %%doc} %{!?_licensedir:%global license %%doc}
%license COPYING %license COPYING
%{_libdir}/libcurl.so.* %{_libdir}/libcurl.so.*
%files -n libcurl-devel %files -n libcurl-devel
%defattr(-,root,root,-)
%doc docs/examples/*.c docs/examples/Makefile.example docs/INTERNALS %doc docs/examples/*.c docs/examples/Makefile.example docs/INTERNALS
%doc docs/CONTRIBUTE docs/libcurl/ABI %doc docs/CONTRIBUTE docs/libcurl/ABI
%{_bindir}/curl-config* %{_bindir}/curl-config*
@ -240,6 +234,10 @@ rm -rf $RPM_BUILD_ROOT
%{_datadir}/aclocal/libcurl.m4 %{_datadir}/aclocal/libcurl.m4
%changelog %changelog
* Wed Oct 7 2015 Paul Howarth <paul@city-fan.org> 7.45.0-1
- new upstream release
- drop %%defattr, redundant since rpm 4.4
* Fri Sep 18 2015 Kamil Dudka <kdudka@redhat.com> 7.44.0-2 * Fri Sep 18 2015 Kamil Dudka <kdudka@redhat.com> 7.44.0-2
- prevent NSS from incorrectly re-using a session (#1104597) - prevent NSS from incorrectly re-using a session (#1104597)

2
sources
View File

@ -1 +1 @@
2f924c80bb7124dff1b39f54ffda3781 curl-7.44.0.tar.lzma c9a0a77f71fdc6b0f925bc3e79eb77f6 curl-7.45.0.tar.lzma