diff --git a/curl-7.19.7-modelfree.patch b/curl-7.19.7-modelfree.patch new file mode 100644 index 0000000..1e36e4d --- /dev/null +++ b/curl-7.19.7-modelfree.patch @@ -0,0 +1,12 @@ +diff --git a/lib/nss.c b/lib/nss.c +index f5c69e6..d1a9d1a 100644 +--- a/lib/nss.c ++++ b/lib/nss.c +@@ -1265,6 +1265,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) + if(!connssl->handle) + goto error; + PR_Close(model); /* We don't need this any more */ ++ model = NULL; + + /* This is the password associated with the cert that we're using */ + if (data->set.str[STRING_KEY_PASSWD]) { diff --git a/curl-7.19.7-ssl-retry.patch b/curl-7.19.7-ssl-retry.patch index c26b10c..3799d5b 100644 --- a/curl-7.19.7-ssl-retry.patch +++ b/curl-7.19.7-ssl-retry.patch @@ -1,5 +1,5 @@ diff --git a/lib/nss.c b/lib/nss.c -index 6e8d242..93dfe16 100644 +index 6e8d242..f5c69e6 100644 --- a/lib/nss.c +++ b/lib/nss.c @@ -844,6 +844,36 @@ static SECStatus SelectClientCert(void *arg, PRFileDesc *sock, @@ -52,13 +52,8 @@ index 6e8d242..93dfe16 100644 break; case CURL_SSLVERSION_TLSv1: tlsv1 = PR_TRUE; -@@ -1101,9 +1135,13 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) - if(SSL_OptionSet(model, SSL_ENABLE_TLS, tlsv1) != SECSuccess) - goto error; - -- if(SSL_OptionSet(model, SSL_V2_COMPATIBLE_HELLO, ssl2) != SECSuccess) -+ if(SSL_OptionSet(model, SSL_V2_COMPATIBLE_HELLO, ssl2 -+ || data->state.ssl_connect_retry) != SECSuccess) +@@ -1104,6 +1138,9 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) + if(SSL_OptionSet(model, SSL_V2_COMPATIBLE_HELLO, ssl2) != SECSuccess) goto error; + /* reset the flag to avoid an infinite loop */ @@ -67,7 +62,7 @@ index 6e8d242..93dfe16 100644 /* enable all ciphers from enable_ciphers_by_default */ cipher_to_enable = enable_ciphers_by_default; while (SSL_NULL_WITH_NULL_NULL != *cipher_to_enable) { -@@ -1280,10 +1318,21 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) +@@ -1280,10 +1317,21 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) return CURLE_OK; error: diff --git a/curl.spec b/curl.spec index b0b3be3..9c623ad 100644 --- a/curl.spec +++ b/curl.spec @@ -1,13 +1,14 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl Version: 7.19.7 -Release: 2%{?dist} +Release: 3%{?dist} License: MIT Group: Applications/Internet Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma Source2: curlbuild.h Patch1: curl-7.19.7-nss-nonblock.patch Patch2: curl-7.19.7-ssl-retry.patch +Patch3: curl-7.19.7-modelfree.patch Patch101: curl-7.15.3-multilib.patch Patch102: curl-7.16.0-privlibs.patch Patch103: curl-7.19.4-debug.patch @@ -69,9 +70,10 @@ use cURL's capabilities internally. %prep %setup -q -# upstream patches (not yet applied) +# upstream patches (already applied) %patch1 -p1 %patch2 -p1 +%patch3 -p1 # Fedora patches %patch101 -p1 @@ -102,7 +104,7 @@ make %{?_smp_mflags} %check export LD_LIBRARY_PATH=$RPM_BUILD_ROOT%{_libdir} make %{?_smp_mflags} -C tests -cd tests && ./runtests.pl -k -p -v +cd tests && ./runtests.pl -a -k -p -v %install rm -rf $RPM_BUILD_ROOT @@ -160,6 +162,12 @@ rm -rf $RPM_BUILD_ROOT %{_datadir}/aclocal/libcurl.m4 %changelog +* Thu Nov 12 2009 Kamil Dudka 7.19.7-3 +- fix crash on doubly closed NSPR descriptor, patch contributed + by Kevin Baughman (#534176) +- new version of patch for broken TLS servers (#525496, #527771) + + * Wed Nov 04 2009 Kamil Dudka 7.19.7-2 - increased release number (CVS problem)