From 012235acc8b8fcc10a160d58665069338d58f1b2 Mon Sep 17 00:00:00 2001 From: Kamil Dudka Date: Wed, 25 Feb 2015 10:39:43 +0100 Subject: [PATCH] new upstream release - 7.41.0 --- 0001-curl-7.40.0-e08a12d.patch | 105 ---------------------- 0001-curl-7.41.0-abe54705.patch | 150 ++++++++++++++++++++++++++++++++ curl-7.40.0.tar.lzma.asc | 7 -- curl-7.41.0.tar.lzma.asc | 7 ++ curl.spec | 11 ++- sources | 2 +- 6 files changed, 165 insertions(+), 117 deletions(-) delete mode 100644 0001-curl-7.40.0-e08a12d.patch create mode 100644 0001-curl-7.41.0-abe54705.patch delete mode 100644 curl-7.40.0.tar.lzma.asc create mode 100644 curl-7.41.0.tar.lzma.asc diff --git a/0001-curl-7.40.0-e08a12d.patch b/0001-curl-7.40.0-e08a12d.patch deleted file mode 100644 index a2cb1a2..0000000 --- a/0001-curl-7.40.0-e08a12d.patch +++ /dev/null @@ -1,105 +0,0 @@ -From 1fa4384ff6cde36d95943eac6e71ac1b8754d3da Mon Sep 17 00:00:00 2001 -From: Kamil Dudka -Date: Mon, 16 Feb 2015 17:00:05 +0100 -Subject: [PATCH 1/2] connect: avoid skipping an IPv4 address - -... in case the protocol versions are mixed in a DNS response -(IPv6 -> IPv4 -> IPv6). - -Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1187531#c3 - -Upstream-commit: 92835ca5d87850ae0c670d66bd73af391b34cdc3 -Signed-off-by: Kamil Dudka ---- - lib/connect.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/lib/connect.c b/lib/connect.c -index 5a60d14..1728e56 100644 ---- a/lib/connect.c -+++ b/lib/connect.c -@@ -542,6 +542,7 @@ static CURLcode trynextip(struct connectdata *conn, - int sockindex, - int tempindex) - { -+ const int other = tempindex ^ 1; - CURLcode result = CURLE_COULDNT_CONNECT; - - /* First clean up after the failed socket. -@@ -572,8 +573,11 @@ static CURLcode trynextip(struct connectdata *conn, - } - - while(ai) { -- while(ai && ai->ai_family != family) -- ai = ai->ai_next; -+ if(conn->tempaddr[other]) { -+ /* we can safely skip addresses of the other protocol family */ -+ while(ai && ai->ai_family != family) -+ ai = ai->ai_next; -+ } - - if(ai) { - result = singleipconnect(conn, ai, &conn->tempsock[tempindex]); --- -2.1.0 - - -From 85cf6e9b9d42ab70ab73484787d4eaa89734531b Mon Sep 17 00:00:00 2001 -From: Kamil Dudka -Date: Mon, 16 Feb 2015 17:16:57 +0100 -Subject: [PATCH 2/2] connect: wait for IPv4 connection attempts - -... even if the last IPv6 connection attempt has failed. - -Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1187531#c4 - -Upstream-commit: e08a12dab1a410c94bf75aef04251bf64c127eb6 -Signed-off-by: Kamil Dudka ---- - lib/connect.c | 9 +++++++-- - 1 file changed, 7 insertions(+), 2 deletions(-) - -diff --git a/lib/connect.c b/lib/connect.c -index 1728e56..5182965 100644 ---- a/lib/connect.c -+++ b/lib/connect.c -@@ -753,6 +753,7 @@ CURLcode Curl_is_connected(struct connectdata *conn, - } - - for(i=0; i<2; i++) { -+ const int other = i ^ 1; - if(conn->tempsock[i] == CURL_SOCKET_BAD) - continue; - -@@ -782,7 +783,6 @@ CURLcode Curl_is_connected(struct connectdata *conn, - else if(rc == CURL_CSELECT_OUT) { - if(verifyconnect(conn->tempsock[i], &error)) { - /* we are connected with TCP, awesome! */ -- int other = i ^ 1; - - /* use this socket from now on */ - conn->sock[sockindex] = conn->tempsock[i]; -@@ -824,6 +824,7 @@ CURLcode Curl_is_connected(struct connectdata *conn, - data->state.os_errno = error; - SET_SOCKERRNO(error); - if(conn->tempaddr[i]) { -+ CURLcode status; - char ipaddress[MAX_IPADR_LEN]; - Curl_printable_address(conn->tempaddr[i], ipaddress, MAX_IPADR_LEN); - infof(data, "connect to %s port %ld failed: %s\n", -@@ -832,7 +833,11 @@ CURLcode Curl_is_connected(struct connectdata *conn, - conn->timeoutms_per_addr = conn->tempaddr[i]->ai_next == NULL ? - allow : allow / 2; - -- result = trynextip(conn, sockindex, i); -+ status = trynextip(conn, sockindex, i); -+ if(status != CURLE_COULDNT_CONNECT -+ || conn->tempsock[other] == CURL_SOCKET_BAD) -+ /* the last attempt failed and no other sockets remain open */ -+ result = status; - } - } - } --- -2.1.0 - diff --git a/0001-curl-7.41.0-abe54705.patch b/0001-curl-7.41.0-abe54705.patch new file mode 100644 index 0000000..28f4416 --- /dev/null +++ b/0001-curl-7.41.0-abe54705.patch @@ -0,0 +1,150 @@ +From b4d5a85714dc37d3aa0aa6ed7b37d95205b0f13a Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Tue, 24 Feb 2015 15:10:15 +0100 +Subject: [PATCH] nss: improve error handling in Curl_nss_random() + +The vtls layer now checks the return value, so it is no longer necessary +to abort if a random number cannot be provided by NSS. This also fixes +the following Coverity report: + +Error: FORWARD_NULL (CWE-476): +lib/vtls/nss.c:1918: var_compare_op: Comparing "data" to null implies that "data" might be null. +lib/vtls/nss.c:1923: var_deref_model: Passing null pointer "data" to "Curl_failf", which dereferences it. +lib/sendf.c:154:3: deref_parm: Directly dereferencing parameter "data". + +Upstream-commit: 7a1538d9cc0736e0a9ab13cf115db40a0bfbb152 +Signed-off-by: Kamil Dudka +--- + lib/vtls/nss.c | 8 +++----- + 1 file changed, 3 insertions(+), 5 deletions(-) + +diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c +index 16b9124..1dd56ba 100644 +--- a/lib/vtls/nss.c ++++ b/lib/vtls/nss.c +@@ -1918,11 +1918,9 @@ int Curl_nss_random(struct SessionHandle *data, + if(data) + Curl_nss_seed(data); /* Initiate the seed if not already done */ + +- if(SECSuccess != PK11_GenerateRandom(entropy, curlx_uztosi(length))) { +- /* no way to signal a failure from here, we have to abort */ +- failf(data, "PK11_GenerateRandom() failed, calling abort()..."); +- abort(); +- } ++ if(SECSuccess != PK11_GenerateRandom(entropy, curlx_uztosi(length))) ++ /* signal a failure */ ++ return -1; + + return 0; + } +-- +2.1.0 + +From 6d5b40e46ec36a19bc4ee76ec674058088bec8ba Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Tue, 24 Feb 2015 15:18:45 +0100 +Subject: [PATCH] nss: do not skip Curl_nss_seed() if data is NULL + +In that case, we only skip writing the error message for failed NSS +initialization (while still returning the correct error code). + +Upstream-commit: 4909f7c795a4490dbb29e89b8b1564af86ee5999 +Signed-off-by: Kamil Dudka +--- + lib/vtls/nss.c | 12 ++++++++---- + 1 file changed, 8 insertions(+), 4 deletions(-) + +diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c +index 1dd56ba..e201dec 100644 +--- a/lib/vtls/nss.c ++++ b/lib/vtls/nss.c +@@ -1034,6 +1034,7 @@ static PRStatus nspr_io_close(PRFileDesc *fd) + return close_fn(fd); + } + ++/* data might be NULL */ + static CURLcode nss_init_core(struct SessionHandle *data, const char *cert_dir) + { + NSSInitParameters initparams; +@@ -1071,6 +1072,7 @@ static CURLcode nss_init_core(struct SessionHandle *data, const char *cert_dir) + return CURLE_SSL_CACERT_BADFILE; + } + ++/* data might be NULL */ + static CURLcode nss_init(struct SessionHandle *data) + { + char *cert_dir; +@@ -1149,12 +1151,14 @@ int Curl_nss_init(void) + return 1; + } + ++/* data might be NULL */ + CURLcode Curl_nss_force_init(struct SessionHandle *data) + { + CURLcode result; + if(!nss_initlock) { +- failf(data, "unable to initialize NSS, curl_global_init() should have " +- "been called with CURL_GLOBAL_SSL or CURL_GLOBAL_ALL"); ++ if(data) ++ failf(data, "unable to initialize NSS, curl_global_init() should have " ++ "been called with CURL_GLOBAL_SSL or CURL_GLOBAL_ALL"); + return CURLE_FAILED_INIT; + } + +@@ -1904,6 +1908,7 @@ size_t Curl_nss_version(char *buffer, size_t size) + return snprintf(buffer, size, "NSS/%s", NSS_VERSION); + } + ++/* data might be NULL */ + int Curl_nss_seed(struct SessionHandle *data) + { + /* make sure that NSS is initialized */ +@@ -1915,8 +1920,7 @@ int Curl_nss_random(struct SessionHandle *data, + unsigned char *entropy, + size_t length) + { +- if(data) +- Curl_nss_seed(data); /* Initiate the seed if not already done */ ++ Curl_nss_seed(data); /* Initiate the seed if not already done */ + + if(SECSuccess != PK11_GenerateRandom(entropy, curlx_uztosi(length))) + /* signal a failure */ +-- +2.1.0 + +From abe5470533db524abfbb7f7e078c15c159aa66d9 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Tue, 24 Feb 2015 18:58:55 +0100 +Subject: [PATCH] curl-config.in: eliminate double quotes around CURL_CA_BUNDLE + +Otherwise it expands to: + + echo ""/etc/pki/tls/certs/ca-bundle.crt"" + +Detected by ShellCheck: + + curl-config:74:16: warning: The double quotes around this do + nothing. Remove or escape them. [SC2140] + +Upstream-commit: e47b8306db14ed1ccd66f774bded2d59602d2c88 +Signed-off-by: Kamil Dudka +--- + curl-config.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/curl-config.in b/curl-config.in +index 1ddf4c2..9398722 100644 +--- a/curl-config.in ++++ b/curl-config.in +@@ -71,7 +71,7 @@ while test $# -gt 0; do + ;; + + --ca) +- echo "@CURL_CA_BUNDLE@" ++ echo @CURL_CA_BUNDLE@ + ;; + + --cc) +-- +2.1.0 + diff --git a/curl-7.40.0.tar.lzma.asc b/curl-7.40.0.tar.lzma.asc deleted file mode 100644 index 46a7535..0000000 --- a/curl-7.40.0.tar.lzma.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1 - -iEYEABECAAYFAlSuPVwACgkQeOEcayedXJGBZACfVptdcgMlq4CelqPfrWdZpPP8 -UOMAnA2LcEYZ1bOCN3kr27ARQAz2OXT0 -=eJwT ------END PGP SIGNATURE----- diff --git a/curl-7.41.0.tar.lzma.asc b/curl-7.41.0.tar.lzma.asc new file mode 100644 index 0000000..e17c52a --- /dev/null +++ b/curl-7.41.0.tar.lzma.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iEYEABECAAYFAlTte8QACgkQeOEcayedXJFByQCdEIZG6sOcXOhbe9JGSTZowdMR +72cAoLu08rLq83AkywThzrxFG6qb7K0z +=U309 +-----END PGP SIGNATURE----- diff --git a/curl.spec b/curl.spec index 24a6b75..79a490b 100644 --- a/curl.spec +++ b/curl.spec @@ -1,14 +1,14 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl -Version: 7.40.0 -Release: 3%{?dist} +Version: 7.41.0 +Release: 1%{?dist} License: MIT Group: Applications/Internet Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma Source2: curlbuild.h -# fix a spurious connect failure on dual-stacked hosts (#1187531) -Patch1: 0001-curl-7.40.0-e08a12d.patch +# fix defects found by Coverity and ShellCheck +Patch1: 0001-curl-7.41.0-abe54705.patch # patch making libcurl multilib ready Patch101: 0101-curl-7.32.0-multilib.patch @@ -244,6 +244,9 @@ rm -rf $RPM_BUILD_ROOT %{_datadir}/aclocal/libcurl.m4 %changelog +* Wed Feb 25 2015 Kamil Dudka 7.41.0-1 +- new upstream release + * Mon Feb 23 2015 Kamil Dudka 7.40.0-3 - fix a spurious connect failure on dual-stacked hosts (#1187531) diff --git a/sources b/sources index b980440..23e9ce2 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -d18fb866d97b536e8948833b84a58a73 curl-7.40.0.tar.lzma +3d75ba516673ddc441dac8d519d2634d curl-7.41.0.tar.lzma