new upstream release

0001-curl-7.25.0-20cb12db.patch

@@ -1,588 +0,0 @@
-From 944d7ff57fbda967db73114c2c8d49eff3f83160 Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Fri, 6 Apr 2012 16:05:25 +0200
-Subject: [PATCH 1/2] nss: unconditionally require PK11_CreateGenericObject()
-
-This bumps the minimal supported version of NSS to 3.12.x.
-
-[upstream commit 42aa7961]
-
-Signed-off-by: Kamil Dudka <kdudka@redhat.com>
----
- configure               |   64 +++++++---------------------------------------
- configure.ac            |   10 +------
- docs/INTERNALS          |    2 +-
- lib/config-symbian.h    |    3 --
- lib/config-vxworks.h    |    3 --
- lib/curl_config.h.cmake |    3 --
- lib/curl_config.h.in    |    3 --
- lib/nss.c               |   30 +--------------------
- lib/urldata.h           |    2 -
- 9 files changed, 15 insertions(+), 105 deletions(-)
-
-diff --git a/configure b/configure
-index 8b0b30a..d20dab3 100755
---- a/configure
-+++ b/configure
-@@ -672,7 +672,6 @@ CURL_CA_BUNDLE
- SSL_ENABLED
- USE_AXTLS
- USE_NSS
--HAVE_PK11_CREATEGENERICOBJECT
- USE_CYASSL
- USE_POLARSSL
- HAVE_GNUTLS_SRP
-@@ -22530,49 +22529,6 @@ $as_echo "found" >&6; }
-         nssprefix=$OPT_NSS
-     fi
- 
--            { $as_echo "$as_me:${as_lineno-$LINENO}: checking for PK11_CreateGenericObject in -lnss3" >&5
--$as_echo_n "checking for PK11_CreateGenericObject in -lnss3... " >&6; }
--if test "${ac_cv_lib_nss3_PK11_CreateGenericObject+set}" = set; then :
--  $as_echo_n "(cached) " >&6
--else
--  ac_check_lib_save_LIBS=$LIBS
--LIBS="-lnss3  $LIBS"
--cat confdefs.h - <<_ACEOF >conftest.$ac_ext
--/* end confdefs.h.  */
--
--
--#ifdef __cplusplus
--extern "C"
--#endif
--char PK11_CreateGenericObject ();
--int main (void)
--{
--return PK11_CreateGenericObject ();
-- ;
-- return 0;
--}
--_ACEOF
--if ac_fn_c_try_link "$LINENO"; then :
--  ac_cv_lib_nss3_PK11_CreateGenericObject=yes
--else
--  ac_cv_lib_nss3_PK11_CreateGenericObject=no
--fi
--rm -f core conftest.err conftest.$ac_objext \
--    conftest$ac_exeext conftest.$ac_ext
--LIBS=$ac_check_lib_save_LIBS
--fi
--{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nss3_PK11_CreateGenericObject" >&5
--$as_echo "$ac_cv_lib_nss3_PK11_CreateGenericObject" >&6; }
--if test "x$ac_cv_lib_nss3_PK11_CreateGenericObject" = x""yes; then :
--
--
--$as_echo "#define HAVE_PK11_CREATEGENERICOBJECT 1" >>confdefs.h
--
--     HAVE_PK11_CREATEGENERICOBJECT=1
--
--
--fi
--
-     if test -n "$addlib"; then
- 
-       CLEANLIBS="$LIBS"
-@@ -22583,9 +22539,9 @@ fi
-          CPPFLAGS="$CPPFLAGS $addcflags"
-       fi
- 
--      { $as_echo "$as_me:${as_lineno-$LINENO}: checking for NSS_Initialize in -lnss3" >&5
--$as_echo_n "checking for NSS_Initialize in -lnss3... " >&6; }
--if test "${ac_cv_lib_nss3_NSS_Initialize+set}" = set; then :
-+            { $as_echo "$as_me:${as_lineno-$LINENO}: checking for PK11_CreateGenericObject in -lnss3" >&5
-+$as_echo_n "checking for PK11_CreateGenericObject in -lnss3... " >&6; }
-+if test "${ac_cv_lib_nss3_PK11_CreateGenericObject+set}" = set; then :
-   $as_echo_n "(cached) " >&6
- else
-   ac_check_lib_save_LIBS=$LIBS
-@@ -22597,26 +22553,26 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- #ifdef __cplusplus
- extern "C"
- #endif
--char NSS_Initialize ();
-+char PK11_CreateGenericObject ();
- int main (void)
- {
--return NSS_Initialize ();
-+return PK11_CreateGenericObject ();
-  ;
-  return 0;
- }
- _ACEOF
- if ac_fn_c_try_link "$LINENO"; then :
--  ac_cv_lib_nss3_NSS_Initialize=yes
-+  ac_cv_lib_nss3_PK11_CreateGenericObject=yes
- else
--  ac_cv_lib_nss3_NSS_Initialize=no
-+  ac_cv_lib_nss3_PK11_CreateGenericObject=no
- fi
- rm -f core conftest.err conftest.$ac_objext \
-     conftest$ac_exeext conftest.$ac_ext
- LIBS=$ac_check_lib_save_LIBS
- fi
--{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nss3_NSS_Initialize" >&5
--$as_echo "$ac_cv_lib_nss3_NSS_Initialize" >&6; }
--if test "x$ac_cv_lib_nss3_NSS_Initialize" = x""yes; then :
-+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nss3_PK11_CreateGenericObject" >&5
-+$as_echo "$ac_cv_lib_nss3_PK11_CreateGenericObject" >&6; }
-+if test "x$ac_cv_lib_nss3_PK11_CreateGenericObject" = x""yes; then :
- 
- 
- $as_echo "#define USE_NSS 1" >>confdefs.h
-diff --git a/configure.ac b/configure.ac
-index 631563d..1b48f7b 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -2079,13 +2079,6 @@ if test "$OPENSSL_ENABLED" != "1" -a "$GNUTLS_ENABLED" != "1"; then
-         nssprefix=$OPT_NSS
-     fi
- 
--    dnl Check for functionPK11_CreateGenericObject
--    dnl this is needed for using the PEM PKCS#11 module
--    AC_CHECK_LIB(nss3, PK11_CreateGenericObject,
--     [
--     AC_DEFINE(HAVE_PK11_CREATEGENERICOBJECT, 1, [if you have the function PK11_CreateGenericObject])
--     AC_SUBST(HAVE_PK11_CREATEGENERICOBJECT, [1])
--     ])
-     if test -n "$addlib"; then
- 
-       CLEANLIBS="$LIBS"
-@@ -2096,7 +2089,8 @@ if test "$OPENSSL_ENABLED" != "1" -a "$GNUTLS_ENABLED" != "1"; then
-          CPPFLAGS="$CPPFLAGS $addcflags"
-       fi
- 
--      AC_CHECK_LIB(nss3, NSS_Initialize,
-+      dnl The function PK11_CreateGenericObject is needed to load libnsspem.so
-+      AC_CHECK_LIB(nss3, PK11_CreateGenericObject,
-        [
-        AC_DEFINE(USE_NSS, 1, [if NSS is enabled])
-        AC_SUBST(USE_NSS, [1])
-diff --git a/docs/INTERNALS b/docs/INTERNALS
-index 39c4df7..8024ea8 100644
---- a/docs/INTERNALS
-+++ b/docs/INTERNALS
-@@ -43,7 +43,7 @@ Portability
-  openldap     2.0
-  MIT krb5 lib 1.2.4
-  qsossl       V5R2M0
-- NSS          3.11.x
-+ NSS          3.12.x
-  axTLS        1.2.7
-  Heimdal      ?
- 
-diff --git a/lib/config-symbian.h b/lib/config-symbian.h
-index 24ed733..417025a 100644
---- a/lib/config-symbian.h
-+++ b/lib/config-symbian.h
-@@ -400,9 +400,6 @@
- /* Define to 1 if you have the `pipe' function. */
- #define HAVE_PIPE 1
- 
--/* if you have the function PK11_CreateGenericObject */
--/* #undef HAVE_PK11_CREATEGENERICOBJECT */
--
- /* Define to 1 if you have the `poll' function. */
- /*#define HAVE_POLL 1*/
- 
-diff --git a/lib/config-vxworks.h b/lib/config-vxworks.h
-index 8e2d05a..9149507 100644
---- a/lib/config-vxworks.h
-+++ b/lib/config-vxworks.h
-@@ -469,9 +469,6 @@
- /* Define to 1 if you have the `pipe' function. */
- #define HAVE_PIPE 1
- 
--/* if you have the function PK11_CreateGenericObject */
--/* #undef HAVE_PK11_CREATEGENERICOBJECT */
--
- /* Define to 1 if you have a working poll function. */
- /* #undef HAVE_POLL */
- 
-diff --git a/lib/curl_config.h.cmake b/lib/curl_config.h.cmake
-index a321302..88b4de2 100644
---- a/lib/curl_config.h.cmake
-+++ b/lib/curl_config.h.cmake
-@@ -444,9 +444,6 @@
- /* Define to 1 if you have the `pipe' function. */
- #cmakedefine HAVE_PIPE ${HAVE_PIPE}
- 
--/* if you have the function PK11_CreateGenericObject */
--#cmakedefine HAVE_PK11_CREATEGENERICOBJECT ${HAVE_PK11_CREATEGENERICOBJECT}
--
- /* Define to 1 if you have a working poll function. */
- #cmakedefine HAVE_POLL ${HAVE_POLL}
- 
-diff --git a/lib/curl_config.h.in b/lib/curl_config.h.in
-index 5823939..e79c364 100644
---- a/lib/curl_config.h.in
-+++ b/lib/curl_config.h.in
-@@ -506,9 +506,6 @@
- /* Define to 1 if you have the `pipe' function. */
- #undef HAVE_PIPE
- 
--/* if you have the function PK11_CreateGenericObject */
--#undef HAVE_PK11_CREATEGENERICOBJECT
--
- /* Define to 1 if you have a working poll function. */
- #undef HAVE_POLL
- 
-diff --git a/lib/nss.c b/lib/nss.c
-index 8f6da50..6108917 100644
---- a/lib/nss.c
-+++ b/lib/nss.c
-@@ -170,9 +170,7 @@ static const int enable_ciphers_by_default[] = {
-   SSL_NULL_WITH_NULL_NULL
- };
- 
--#ifdef HAVE_PK11_CREATEGENERICOBJECT
- static const char* pem_library = "libnsspem.so";
--#endif
- SECMODModule* mod = NULL;
- 
- static SECStatus set_ciphers(struct SessionHandle *data, PRFileDesc * model,
-@@ -305,7 +303,6 @@ static char* dup_nickname(struct SessionHandle *data, enum dupstring cert_kind)
-   return NULL;
- }
- 
--#ifdef HAVE_PK11_CREATEGENERICOBJECT
- /* Call PK11_CreateGenericObject() with the given obj_class and filename.  If
-  * the call succeeds, append the object handle to the list of objects so that
-  * the object can be destroyed in Curl_nss_close(). */
-@@ -369,7 +366,6 @@ static void nss_destroy_object(void *user, void *ptr)
-   (void) user;
-   PK11_DestroyGenericObject(obj);
- }
--#endif
- 
- static CURLcode nss_load_cert(struct ssl_connect_data *ssl,
-                               const char *filename, PRBool cacert)
-@@ -378,7 +374,6 @@ static CURLcode nss_load_cert(struct ssl_connect_data *ssl,
-     ? CURLE_SSL_CACERT_BADFILE
-     : CURLE_SSL_CERTPROBLEM;
- 
--#ifdef HAVE_PK11_CREATEGENERICOBJECT
-   /* libnsspem.so leaks memory if the requested file does not exist.  For more
-    * details, go to <https://bugzilla.redhat.com/734760>. */
-   if(is_file(filename))
-@@ -405,7 +400,6 @@ static CURLcode nss_load_cert(struct ssl_connect_data *ssl,
-       free(nickname);
-     }
-   }
--#endif
- 
-   return err;
- }
-@@ -499,10 +493,10 @@ fail:
- static CURLcode nss_load_key(struct connectdata *conn, int sockindex,
-                              char *key_file)
- {
--#ifdef HAVE_PK11_CREATEGENERICOBJECT
-   PK11SlotInfo *slot;
-   SECStatus status;
-   struct ssl_connect_data *ssl = conn->ssl;
-+  (void)sockindex; /* unused */
- 
-   CURLcode rv = nss_create_object(ssl, CKO_PRIVATE_KEY, key_file, FALSE);
-   if(CURLE_OK != rv) {
-@@ -524,15 +518,6 @@ static CURLcode nss_load_key(struct connectdata *conn, int sockindex,
-   return (SECSuccess == status)
-     ? CURLE_OK
-     : CURLE_SSL_CERTPROBLEM;
--#else
--  /* If we don't have PK11_CreateGenericObject then we can't load a file-based
--   * key.
--   */
--  (void)conn; /* unused */
--  (void)key_file; /* unused */
--  return CURLE_SSL_CERTPROBLEM;
--#endif
--  (void)sockindex; /* unused */
- }
- 
- static int display_error(struct connectdata *conn, PRInt32 err,
-@@ -775,7 +760,6 @@ static SECStatus SelectClientCert(void *arg, PRFileDesc *sock,
-   struct SessionHandle *data = connssl->data;
-   const char *nickname = connssl->client_nickname;
- 
--#ifdef HAVE_PK11_CREATEGENERICOBJECT
-   if(connssl->obj_clicert) {
-     /* use the cert/key provided by PEM reader */
-     static const char pem_slotname[] = "PEM Token #1";
-@@ -815,7 +799,6 @@ static SECStatus SelectClientCert(void *arg, PRFileDesc *sock,
-     display_cert_info(data, *pRetCert);
-     return SECSuccess;
-   }
--#endif
- 
-   /* use the default NSS hook */
-   if(SECSuccess != NSS_GetClientAuthData((void *)nickname, sock, caNames,
-@@ -1053,12 +1036,11 @@ void Curl_nss_close(struct connectdata *conn, int sockindex)
-        * next time to the same server */
-       SSL_InvalidateSession(connssl->handle);
-     }
--#ifdef HAVE_PK11_CREATEGENERICOBJECT
-     /* destroy all NSS objects in order to avoid failure of NSS shutdown */
-     Curl_llist_destroy(connssl->obj_list, NULL);
-     connssl->obj_list = NULL;
-     connssl->obj_clicert = NULL;
--#endif
-+
-     PR_Close(connssl->handle);
-     connssl->handle = NULL;
-   }
-@@ -1173,12 +1155,10 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
- 
-   connssl->data = data;
- 
--#ifdef HAVE_PK11_CREATEGENERICOBJECT
-   /* list of all NSS objects we need to destroy in Curl_nss_close() */
-   connssl->obj_list = Curl_llist_alloc(nss_destroy_object);
-   if(!connssl->obj_list)
-     return CURLE_OUT_OF_MEMORY;
--#endif
- 
-   /* FIXME. NSS doesn't support multiple databases open at the same time. */
-   PR_Lock(nss_initlock);
-@@ -1190,7 +1170,6 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
- 
-   curlerr = CURLE_SSL_CONNECT_ERROR;
- 
--#ifdef HAVE_PK11_CREATEGENERICOBJECT
-   if(!mod) {
-     char *configstring = aprintf("library=%s name=PEM", pem_library);
-     if(!configstring) {
-@@ -1209,7 +1188,6 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
-             "OpenSSL PEM certificates will not work.\n", pem_library);
-     }
-   }
--#endif
- 
-   PK11_SetPasswordFunc(nss_get_password);
-   PR_Unlock(nss_initlock);
-@@ -1340,9 +1318,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
-     char *nickname = dup_nickname(data, STRING_CERT);
-     if(nickname) {
-       /* we are not going to use libnsspem.so to read the client cert */
--#ifdef HAVE_PK11_CREATEGENERICOBJECT
-       connssl->obj_clicert = NULL;
--#endif
-     }
-     else {
-       CURLcode rv = cert_stuff(conn, sockindex, data->set.str[STRING_CERT],
-@@ -1442,11 +1418,9 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
-   if(model)
-     PR_Close(model);
- 
--#ifdef HAVE_PK11_CREATEGENERICOBJECT
-     /* cleanup on connection failure */
-     Curl_llist_destroy(connssl->obj_list, NULL);
-     connssl->obj_list = NULL;
--#endif
- 
-   if(ssl3 && tlsv1 && isTLSIntoleranceError(err)) {
-     /* schedule reconnect through Curl_retry_request() */
-diff --git a/lib/urldata.h b/lib/urldata.h
-index 7830686..8b6023c 100644
---- a/lib/urldata.h
-+++ b/lib/urldata.h
-@@ -271,10 +271,8 @@ struct ssl_connect_data {
-   PRFileDesc *handle;
-   char *client_nickname;
-   struct SessionHandle *data;
--#ifdef HAVE_PK11_CREATEGENERICOBJECT
-   struct curl_llist *obj_list;
-   PK11GenericObject *obj_clicert;
--#endif
- #endif /* USE_NSS */
- #ifdef USE_QSOSSL
-   SSLHandle *handle;
--- 
-1.7.1
-
-
-From 1467ca453bc0feed5109227c09e8e47c2de079d1 Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Tue, 10 Apr 2012 15:42:34 +0200
-Subject: [PATCH 2/2] nss: use NSS_InitContext() to initialize NSS if available
-
-NSS_InitContext() was introduced in NSS 3.12.5 and helps to prevent
-collisions on NSS initialization/shutdown with other libraries.
-
-Bug: https://bugzilla.redhat.com/738456
-
-[upstream commit 20cb12db]
-
-Signed-off-by: Kamil Dudka <kdudka@redhat.com>
----
- configure            |   13 +++++++++++++
- configure.ac         |    8 ++++++++
- lib/Makefile.in      |    2 +-
- lib/curl_config.h.in |    3 +++
- lib/nss.c            |   37 ++++++++++++++++++++++++++++++++++++-
- 5 files changed, 61 insertions(+), 2 deletions(-)
-
-diff --git a/configure b/configure
-index d20dab3..495f65a 100755
---- a/configure
-+++ b/configure
-@@ -671,6 +671,7 @@ USE_LIBSSH2
- CURL_CA_BUNDLE
- SSL_ENABLED
- USE_AXTLS
-+HAVE_NSS_INITCONTEXT
- USE_NSS
- USE_CYASSL
- USE_POLARSSL
-@@ -22595,6 +22596,18 @@ fi
-         { $as_echo "$as_me:${as_lineno-$LINENO}: detected NSS version $version" >&5
- $as_echo "$as_me: detected NSS version $version" >&6;}
- 
-+                        ac_fn_c_check_func "$LINENO" "NSS_InitContext" "ac_cv_func_NSS_InitContext"
-+if test "x$ac_cv_func_NSS_InitContext" = x""yes; then :
-+
-+
-+$as_echo "#define HAVE_NSS_INITCONTEXT 1" >>confdefs.h
-+
-+          HAVE_NSS_INITCONTEXT=1
-+
-+
-+fi
-+
-+
-                                         if test "x$cross_compiling" != "xyes"; then
-           LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$nssprefix/lib$libsuff"
-           export LD_LIBRARY_PATH
-diff --git a/configure.ac b/configure.ac
-index 1b48f7b..54b0af3 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -2106,6 +2106,14 @@ if test "$OPENSSL_ENABLED" != "1" -a "$GNUTLS_ENABLED" != "1"; then
-       if test "x$USE_NSS" = "xyes"; then
-         AC_MSG_NOTICE([detected NSS version $version])
- 
-+        dnl NSS_InitContext() was introduced in NSS 3.12.5 and helps to prevent
-+        dnl collisions on NSS initialization/shutdown with other libraries
-+        AC_CHECK_FUNC(NSS_InitContext,
-+        [
-+          AC_DEFINE(HAVE_NSS_INITCONTEXT, 1, [if you have the NSS_InitContext function])
-+          AC_SUBST(HAVE_NSS_INITCONTEXT, [1])
-+        ])
-+
-         dnl when shared libs were found in a path that the run-time
-         dnl linker doesn't search through, we need to add it to
-         dnl LD_LIBRARY_PATH to prevent further configure tests to fail
-diff --git a/lib/Makefile.in b/lib/Makefile.in
-index bdfd796..c4468ab 100644
---- a/lib/Makefile.in
-+++ b/lib/Makefile.in
-@@ -233,7 +233,7 @@ HAVE_LDAP_SSL = @HAVE_LDAP_SSL@
- HAVE_LIBZ = @HAVE_LIBZ@
- HAVE_LIBZ_FALSE = @HAVE_LIBZ_FALSE@
- HAVE_LIBZ_TRUE = @HAVE_LIBZ_TRUE@
--HAVE_PK11_CREATEGENERICOBJECT = @HAVE_PK11_CREATEGENERICOBJECT@
-+HAVE_NSS_INITCONTEXT = @HAVE_NSS_INITCONTEXT@
- HAVE_SSLEAY_SRP = @HAVE_SSLEAY_SRP@
- IDN_ENABLED = @IDN_ENABLED@
- INSTALL_DATA = @INSTALL_DATA@
-diff --git a/lib/curl_config.h.in b/lib/curl_config.h.in
-index e79c364..a613f7d 100644
---- a/lib/curl_config.h.in
-+++ b/lib/curl_config.h.in
-@@ -469,6 +469,9 @@
- /* Define to 1 if NI_WITHSCOPEID exists and works. */
- #undef HAVE_NI_WITHSCOPEID
- 
-+/* if you have the NSS_InitContext function */
-+#undef HAVE_NSS_INITCONTEXT
-+
- /* if you have an old MIT gssapi library, lacking GSS_C_NT_HOSTBASED_SERVICE
-    */
- #undef HAVE_OLD_GSSMIT
-diff --git a/lib/nss.c b/lib/nss.c
-index 6108917..16127ee 100644
---- a/lib/nss.c
-+++ b/lib/nss.c
-@@ -78,6 +78,9 @@ PRFileDesc *PR_ImportTCPSocket(PRInt32 osfd);
- 
- PRLock * nss_initlock = NULL;
- PRLock * nss_crllock = NULL;
-+#ifdef HAVE_NSS_INITCONTEXT
-+NSSInitContext * nss_context = NULL;
-+#endif
- 
- volatile int initialized = 0;
- 
-@@ -861,29 +864,56 @@ isTLSIntoleranceError(PRInt32 err)
- 
- static CURLcode nss_init_core(struct SessionHandle *data, const char *cert_dir)
- {
-+#ifdef HAVE_NSS_INITCONTEXT
-+  if(nss_context != NULL)
-+    return CURLE_OK;
-+
-+  NSSInitParameters initparams;
-+  memset((void *) &initparams, '\0', sizeof(initparams));
-+  initparams.length = sizeof(initparams);
-+#else /* HAVE_NSS_INITCONTEXT */
-+  SECStatus rv;
-+
-   if(NSS_IsInitialized())
-     return CURLE_OK;
-+#endif
- 
-   if(cert_dir) {
--    SECStatus rv;
-     const bool use_sql = NSS_VersionCheck("3.12.0");
-     char *certpath = aprintf("%s%s", use_sql ? "sql:" : "", cert_dir);
-     if(!certpath)
-       return CURLE_OUT_OF_MEMORY;
- 
-     infof(data, "Initializing NSS with certpath: %s\n", certpath);
-+#ifdef HAVE_NSS_INITCONTEXT
-+    nss_context = NSS_InitContext(certpath, "", "", "", &initparams,
-+            NSS_INIT_READONLY | NSS_INIT_PK11RELOAD);
-+    free(certpath);
-+
-+    if(nss_context != NULL)
-+      return CURLE_OK;
-+#else /* HAVE_NSS_INITCONTEXT */
-     rv = NSS_Initialize(certpath, "", "", "", NSS_INIT_READONLY);
-     free(certpath);
- 
-     if(rv == SECSuccess)
-       return CURLE_OK;
-+#endif
- 
-     infof(data, "Unable to initialize NSS database\n");
-   }
- 
-   infof(data, "Initializing NSS with certpath: none\n");
-+#ifdef HAVE_NSS_INITCONTEXT
-+  nss_context = NSS_InitContext("", "", "", "", &initparams, NSS_INIT_READONLY
-+          | NSS_INIT_NOCERTDB   | NSS_INIT_NOMODDB       | NSS_INIT_FORCEOPEN
-+          | NSS_INIT_NOROOTINIT | NSS_INIT_OPTIMIZESPACE | NSS_INIT_PK11RELOAD);
-+  if(nss_context != NULL)
-+    return CURLE_OK;
-+#else /* HAVE_NSS_INITCONTEXT */
-   if(NSS_NoDB_Init(NULL) == SECSuccess)
-     return CURLE_OK;
-+#endif
- 
-   infof(data, "Unable to initialize NSS\n");
-   return CURLE_SSL_CACERT_BADFILE;
-@@ -979,7 +1009,12 @@ void Curl_nss_cleanup(void)
-       SECMOD_DestroyModule(mod);
-       mod = NULL;
-     }
-+#ifdef HAVE_NSS_INITCONTEXT
-+    NSS_ShutdownContext(nss_context);
-+    nss_context = NULL;
-+#else /* HAVE_NSS_INITCONTEXT */
-     NSS_Shutdown();
-+#endif
-   }
-   PR_Unlock(nss_initlock);
- 
--- 
-1.7.1
-

0002-curl-7.25.0-a60edcc6.patch

@@ -1,100 +0,0 @@
-From 304341d763f4293c7cc107e37d0ca0ac3741a560 Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Wed, 11 Apr 2012 13:44:20 +0200
-Subject: [PATCH] nss: provide human-readable names for NSS errors
-
-[upstream commit a60edcc6]
-
-Signed-off-by: Kamil Dudka <kdudka@redhat.com>
----
- lib/nss.c |   32 +++++++++++++++++++++++++-------
- 1 files changed, 25 insertions(+), 7 deletions(-)
-
-diff --git a/lib/nss.c b/lib/nss.c
-index 16127ee..6002391 100644
---- a/lib/nss.c
-+++ b/lib/nss.c
-@@ -62,6 +62,7 @@
- #include <certdb.h>
- #include <base64.h>
- #include <cert.h>
-+#include <prerror.h>
- 
- #include "curl_memory.h"
- #include "rawstr.h"
-@@ -176,6 +177,15 @@ static const int enable_ciphers_by_default[] = {
- static const char* pem_library = "libnsspem.so";
- SECMODModule* mod = NULL;
- 
-+static const char* nss_error_to_name(PRErrorCode code)
-+{
-+  const char *name = PR_ErrorToName(code);
-+  if(name)
-+    return name;
-+
-+  return "unknown error";
-+}
-+
- static SECStatus set_ciphers(struct SessionHandle *data, PRFileDesc * model,
-                              char *cipher_list)
- {
-@@ -548,8 +558,11 @@ static CURLcode cert_stuff(struct connectdata *conn, int sockindex,
-   if(cert_file) {
-     rv = nss_load_cert(&conn->ssl[sockindex], cert_file, PR_FALSE);
-     if(CURLE_OK != rv) {
--      if(!display_error(conn, PR_GetError(), cert_file))
--        failf(data, "Unable to load client cert %d.", PR_GetError());
-+      const PRErrorCode err = PR_GetError();
-+      if(!display_error(conn, err, cert_file)) {
-+        const char *err_name = nss_error_to_name(err);
-+        failf(data, "unable to load client cert: %d (%s)", err, err_name);
-+      }
- 
-       return rv;
-     }
-@@ -562,8 +575,11 @@ static CURLcode cert_stuff(struct connectdata *conn, int sockindex,
-       /* In case the cert file also has the key */
-       rv = nss_load_key(conn, sockindex, cert_file);
-     if(CURLE_OK != rv) {
--      if(!display_error(conn, PR_GetError(), key_file))
--        failf(data, "Unable to load client key %d.", PR_GetError());
-+      const PRErrorCode err = PR_GetError();
-+      if(!display_error(conn, err, key_file)) {
-+        const char *err_name = nss_error_to_name(err);
-+        failf(data, "unable to load client key: %d (%s)", err, err_name);
-+      }
- 
-       return rv;
-     }
-@@ -1448,7 +1464,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
-   if(handle_cc_error(err, data))
-     curlerr = CURLE_SSL_CERTPROBLEM;
-   else
--    infof(data, "NSS error %d\n", err);
-+    infof(data, "NSS error %d (%s)\n", err, nss_error_to_name(err));
- 
-   if(model)
-     PR_Close(model);
-@@ -1484,7 +1500,8 @@ static ssize_t nss_send(struct connectdata *conn,  /* connection data */
-     else if(handle_cc_error(err, conn->data))
-       *curlcode = CURLE_SSL_CERTPROBLEM;
-     else {
--      failf(conn->data, "SSL write: error %d", err);
-+      const char *err_name = nss_error_to_name(err);
-+      failf(conn->data, "SSL write: error %d (%s)", err, err_name);
-       *curlcode = CURLE_SEND_ERROR;
-     }
-     return -1;
-@@ -1510,7 +1527,8 @@ static ssize_t nss_recv(struct connectdata * conn, /* connection data */
-     else if(handle_cc_error(err, conn->data))
-       *curlcode = CURLE_SSL_CERTPROBLEM;
-     else {
--      failf(conn->data, "SSL read: errno %d", err);
-+      const char *err_name = nss_error_to_name(err);
-+      failf(conn->data, "SSL read: errno %d (%s)", err, err_name);
-       *curlcode = CURLE_RECV_ERROR;
-     }
-     return -1;
--- 
-1.7.1
-

0102-curl-7.26.0-debug.patch

@@ -6,7 +6,7 @@ diff --git a/configure b/configure
 index d3ecf69..6d8f085 100755
 --- a/configure
 +++ b/configure
-@@ -15045,18 +15045,11 @@ $as_echo "yes" >&6; }
+@@ -15084,18 +15084,11 @@ $as_echo "yes" >&6; }
      gccvhi=`echo $gccver | cut -d . -f1`
      gccvlo=`echo $gccver | cut -d . -f2`
      compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`
@@ -27,8 +27,8 @@ index d3ecf69..6d8f085 100755
 +    flags_opt_all=""
 +    flags_opt_yes=""
      flags_opt_off="-O0"
-   else
-     { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+ 
+       if test -z "$SED"; then
 diff --git a/m4/curl-compilers.m4 b/m4/curl-compilers.m4
 index 1ea4d17..868d65a 100644
 --- a/m4/curl-compilers.m4
@@ -54,5 +54,5 @@ index 1ea4d17..868d65a 100644
 +    flags_opt_all=""
 +    flags_opt_yes=""
      flags_opt_off="-O0"
+     CURL_CHECK_DEF([_WIN32], [], [silent])
    else
-     AC_MSG_RESULT([no])

0105-curl-7.26.0-disable-test1112.patch

@@ -19,7 +19,7 @@ diff --git a/tests/data/Makefile.in b/tests/data/Makefile.in
 index 435b126..1d71c4e 100644
 --- a/tests/data/Makefile.in
 +++ b/tests/data/Makefile.in
-@@ -326,7 +326,7 @@ test1078 test1079 test1080 test1081 test1082 test1083 test1084 test1085	\
+@@ -332,7 +332,7 @@ test1078 test1079 test1080 test1081 test1082 test1083 test1084 test1085	\
  test1086 test1087 test1088 test1089 test1090 test1091 test1092 test1093	\
  test1094 test1095 test1096 test1097 test1098 test1099 test1100 test1101	\
  test1102 test1103 test1104 test1105 test1106 test1107 test1108 test1109	\

0108-curl-7.25.0-utf8.patch

@@ -1,41 +0,0 @@
---- curl/CHANGES
-+++ curl/CHANGES
-@@ -1388,7 +1388,7 @@ Daniel Stenberg (12 Dec 2011)
-   linking with a static openssl requires a set of more libs to be linked
-   on Windows.
-   
--  Thanks also to Steve Holme and Martin Storsjö for additional feedback.
-+  Thanks also to Steve Holme and Martin Storsjö for additional feedback.
-   
-   Bug: http://curl.haxx.se/mail/lib-2011-12/0063.html
-   Reported by: Ward Willats
-@@ -2648,7 +2648,7 @@ Daniel Stenberg (25 Sep 2011)
-   damaging.
-   
-   Bug: http://curl.haxx.se/bug/view.cgi?id=3413181
--  Reported by: Taneli Vähäkangas
-+  Reported by: Taneli Vähäkangas
- 
- Yang Tse (24 Sep 2011)
- - curl tool: fix a compiler warning
-@@ -5168,9 +5168,9 @@ Daniel Stenberg (12 Apr 2011)
- - OpenSSL: no-sslv2 aware
-   
-   Allow openSSL without SSL2 to be used. This fix is inspired by the fix
--  provided by Cristian Rodríguez.
-+  provided by Cristian Rodríguez.
-   
--  Reported by: Cristian Rodríguez
-+  Reported by: Cristian Rodríguez
- 
- - curl_easy_setopt.3: CURLOPT_RESOLVE typo version
-   
---- curl/README
-+++ curl/README
-@@ -45,5 +45,5 @@ GIT
- NOTICE
- 
-   Curl contains pieces of source code that is Copyright (c) 1998, 1999
--  Kungliga Tekniska Högskolan. This notice is included here to comply with the
-+  Kungliga Tekniska Högskolan. This notice is included here to comply with the
-   distribution terms.

0108-curl-7.26.0-utf8.patch

@@ -0,0 +1,95 @@
+ CHANGES |   18 +++++++++---------
+ README  |    2 +-
+ 2 files changed, 10 insertions(+), 10 deletions(-)
+
+diff --git a/CHANGES b/CHANGES
+index 2335841..d4d37c2 100644
+--- a/CHANGES
++++ b/CHANGES
+@@ -604,18 +604,18 @@ Daniel Stenberg (1 Apr 2012)
+   Reported by: Michael Wallner
+ 
+ Steve Holme (31 Mar 2012)
+-- [Gökhan Şengün brought this change]
++- [Gökhan Şengün brought this change]
+ 
+   smtp: Add support for DIGEST-MD5 authentication
+ 
+-- [Gökhan Şengün brought this change]
++- [Gökhan Şengün brought this change]
+ 
+   smtp: Cody tidy up of md5 digest length
+   
+   Replaced the hard coded md5 digest length (16) with a preprocessor
+   constant
+ 
+-- [Gökhan Şengün brought this change]
++- [Gökhan Şengün brought this change]
+ 
+   md5: Add support for calculating the md5 sum of buffers incrementally
+   
+@@ -1913,7 +1913,7 @@ Daniel Stenberg (20 Dec 2011)
+   This offers an alternative to the existing Curl_socket_ready() API which
+   only checks one socket for read and one for write.
+ 
+-- [CeÌ<65>dric Deltheil brought this change]
++- [CeÃŒÂ<C592>dric Deltheil brought this change]
+ 
+   curl.h: add __ANDROID__ macro check
+   
+@@ -2126,7 +2126,7 @@ Daniel Stenberg (12 Dec 2011)
+   linking with a static openssl requires a set of more libs to be linked
+   on Windows.
+   
+-  Thanks also to Steve Holme and Martin Storsjö for additional feedback.
++  Thanks also to Steve Holme and Martin Storsjö for additional feedback.
+   
+   Bug: http://curl.haxx.se/mail/lib-2011-12/0063.html
+   Reported by: Ward Willats
+@@ -3386,7 +3386,7 @@ Daniel Stenberg (25 Sep 2011)
+   damaging.
+   
+   Bug: http://curl.haxx.se/bug/view.cgi?id=3413181
+-  Reported by: Taneli Vähäkangas
++  Reported by: Taneli Vähäkangas
+ 
+ Yang Tse (24 Sep 2011)
+ - curl tool: fix a compiler warning
+@@ -4386,7 +4386,7 @@ Daniel Stenberg (8 Aug 2011)
+   Update the phrasing to reflect our more strict interpretation:
+   http://curl.haxx.se/mail/lib-2011-08/0064.html
+ 
+-- [Cristian Rodríguez brought this change]
++- [Cristian Rodríguez brought this change]
+ 
+   OpenSSL: Use SSL_MODE_RELEASE_BUFFERS if available, reduces memory use
+   
+@@ -4394,7 +4394,7 @@ Daniel Stenberg (8 Aug 2011)
+   http://www.openssl.org/docs/ssl/SSL_CTX_set_mode.html
+   http://www.imperialviolet.org/2010/06/25/overclocking-ssl.html
+   
+-  Signed-off-by: Cristian Rodríguez <crrodriguez@opensuse.org>
++  Signed-off-by: Cristian Rodríguez <crrodriguez@opensuse.org>
+ 
+ - TODO-RELEASE: close issue #292
+   
+@@ -4428,7 +4428,7 @@ Daniel Stenberg (6 Aug 2011)
+         provided" by Christian H<E4>gele
+         http://curl.haxx.se/mail/lib-2011-08/0009.html
+ 
+-- [Christian Hägele brought this change]
++- [Christian Hägele brought this change]
+ 
+   asyn-thread: check for dotted addresses before thread starts
+ 
+diff --git a/README b/README
+index 2ffacc3..cfd6760 100644
+--- a/README
++++ b/README
+@@ -45,5 +45,5 @@ GIT
+ NOTICE
+ 
+   Curl contains pieces of source code that is Copyright (c) 1998, 1999
+-  Kungliga Tekniska Högskolan. This notice is included here to comply with the
++  Kungliga Tekniska Högskolan. This notice is included here to comply with the
+   distribution terms.

curl-7.24.0.tar.lzma.asc

@@ -1,7 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.11 (GNU/Linux)
-
-iEYEABECAAYFAk8eczoACgkQeOEcayedXJFoKACfUI6eBzthDt9SaQHF+uqXUIVS
-ewEAoM1e4Cuwt8vjL/6m4sEZSaaJ0Jp+
-=SL4u
------END PGP SIGNATURE-----

curl-7.26.0.tar.lzma.asc

@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.12 (GNU/Linux)
+
+iEYEABECAAYFAk++XP4ACgkQeOEcayedXJGItwCgtc6ECD4l6E7Q4ZEJDOzBB5bQ
+LWoAoLFWWUbcd+sBu/+s6fOGxgETHqT2
+=4I4f
+-----END PGP SIGNATURE-----

curl.spec

@@ -1,30 +1,24 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
-Version: 7.25.0
-Release: 3%{?dist}
+Version: 7.26.0
+Release: 1%{?dist}
 License: MIT
 Group: Applications/Internet
 Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
 Source2: curlbuild.h
 Source3: hide_selinux.c
 
-# use NSS_InitContext() to initialize NSS if available (#738456)
-Patch1: 0001-curl-7.25.0-20cb12db.patch
-
-# provide human-readable names for NSS errors (upstream commit a60edcc6)
-Patch2: 0002-curl-7.25.0-a60edcc6.patch
-
 # patch making libcurl multilib ready
 Patch101: 0101-curl-7.25.0-multilib.patch
 
 # prevent configure script from discarding -g in CFLAGS (#496778)
-Patch102: 0102-curl-7.25.0-debug.patch
+Patch102: 0102-curl-7.26.0-debug.patch
 
 # use localhost6 instead of ip6-localhost in the curl test-suite
 Patch104: 0104-curl-7.19.7-localhost6.patch
 
 # exclude test1112 from the test suite (#565305)
-Patch105: 0105-curl-7.21.3-disable-test1112.patch
+Patch105: 0105-curl-7.26.0-disable-test1112.patch
 
 # disable valgrind for certain test-cases (libssh2 problem)
 Patch106: 0106-curl-7.21.0-libssh2-valgrind.patch
@@ -34,7 +28,7 @@ Patch107: 0107-curl-7.21.4-libidn-valgrind.patch
 
 # Fix character encoding of docs, which are of mixed encoding originally so
 # a simple iconv can't fix them
-Patch108: 0108-curl-7.25.0-utf8.patch
+Patch108: 0108-curl-7.26.0-utf8.patch
 
 Provides: webclient
 URL: http://curl.haxx.se/
@@ -109,10 +103,6 @@ documentation of the library, too.
 %prep
 %setup -q
 
-# upstream patches
-%patch1 -p1
-%patch2 -p1
-
 # Fedora patches
 %patch101 -p1
 %patch102 -p1
@@ -228,6 +218,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_datadir}/aclocal/libcurl.m4
 
 %changelog
+* Fri May 25 2012 Kamil Dudka <kdudka@redhat.com> 7.26.0-1
+- new upstream release
+
 * Wed Apr 25 2012 Karsten Hopp <karsten@redhat.com> 7.25.0-3
 - valgrind on ppc64 works fine, disable ppc32 only
 

sources

@@ -1 +1 @@
-d0f63a8a14db21e1abdc4862d4ba4a1a  curl-7.25.0.tar.lzma
+2ba226ced5d6ef539df970ac77627623  curl-7.26.0.tar.lzma