- fix crash on doubly closed NSPR descriptor, patch contributed by Kevin

Baughman (#534176)
- new version of patch for broken TLS servers (#525496, #527771)

curl-7.19.7-modelfree.patch

@@ -0,0 +1,12 @@
+diff --git a/lib/nss.c b/lib/nss.c
+index f5c69e6..d1a9d1a 100644
+--- a/lib/nss.c
++++ b/lib/nss.c
+@@ -1265,6 +1265,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
+   if(!connssl->handle)
+     goto error;
+   PR_Close(model); /* We don't need this any more */
++  model = NULL;
+ 
+   /* This is the password associated with the cert that we're using */
+   if (data->set.str[STRING_KEY_PASSWD]) {

curl-7.19.7-ssl-retry.patch

@@ -1,5 +1,5 @@
 diff --git a/lib/nss.c b/lib/nss.c
-index 6e8d242..93dfe16 100644
+index 6e8d242..f5c69e6 100644
 --- a/lib/nss.c
 +++ b/lib/nss.c
 @@ -844,6 +844,36 @@ static SECStatus SelectClientCert(void *arg, PRFileDesc *sock,
@@ -52,13 +52,8 @@ index 6e8d242..93dfe16 100644
      break;
    case CURL_SSLVERSION_TLSv1:
      tlsv1 = PR_TRUE;
-@@ -1101,9 +1135,13 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
+@@ -1104,6 +1138,9 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
-   if(SSL_OptionSet(model, SSL_ENABLE_TLS, tlsv1) != SECSuccess)
+   if(SSL_OptionSet(model, SSL_V2_COMPATIBLE_HELLO, ssl2) != SECSuccess)
-     goto error;
- 
--  if(SSL_OptionSet(model, SSL_V2_COMPATIBLE_HELLO, ssl2) != SECSuccess)
-+  if(SSL_OptionSet(model, SSL_V2_COMPATIBLE_HELLO, ssl2
-+        || data->state.ssl_connect_retry) != SECSuccess)
      goto error;
  
 +  /* reset the flag to avoid an infinite loop */
@@ -67,7 +62,7 @@ index 6e8d242..93dfe16 100644
    /* enable all ciphers from enable_ciphers_by_default */
    cipher_to_enable = enable_ciphers_by_default;
    while (SSL_NULL_WITH_NULL_NULL != *cipher_to_enable) {
-@@ -1280,10 +1318,21 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
+@@ -1280,10 +1317,21 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
    return CURLE_OK;
  
  error:

curl.spec

@@ -1,13 +1,14 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
 Version: 7.19.7
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: MIT
 Group: Applications/Internet
 Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
 Source2: curlbuild.h
 Patch1: curl-7.19.7-nss-nonblock.patch
 Patch2: curl-7.19.7-ssl-retry.patch
+Patch3: curl-7.19.7-modelfree.patch
 Patch101: curl-7.15.3-multilib.patch
 Patch102: curl-7.16.0-privlibs.patch
 Patch103: curl-7.19.4-debug.patch
@@ -69,9 +70,10 @@ use cURL's capabilities internally.
 %prep
 %setup -q
 
-# upstream patches (not yet applied)
+# upstream patches (already applied)
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1
 
 # Fedora patches
 %patch101 -p1
@@ -102,7 +104,7 @@ make %{?_smp_mflags}
 %check
 export LD_LIBRARY_PATH=$RPM_BUILD_ROOT%{_libdir}
 make %{?_smp_mflags} -C tests
-cd tests && ./runtests.pl -k -p -v
+cd tests && ./runtests.pl -a -k -p -v
 
 %install
 rm -rf $RPM_BUILD_ROOT
@@ -160,6 +162,12 @@ rm -rf $RPM_BUILD_ROOT
 %{_datadir}/aclocal/libcurl.m4
 
 %changelog
+* Thu Nov 12 2009 Kamil Dudka <kdudka@redhat.com> 7.19.7-3
+- fix crash on doubly closed NSPR descriptor, patch contributed
+  by Kevin Baughman (#534176)
+- new version of patch for broken TLS servers (#525496, #527771)
+
+
 * Wed Nov 04 2009 Kamil Dudka <kdudka@redhat.com> 7.19.7-2
 - increased release number (CVS problem)