From 23fcdc59a10746d053fdffb92ee362f5ff30067f Mon Sep 17 00:00:00 2001 From: Kamil Dudka Date: Fri, 25 May 2012 09:17:42 +0200 Subject: [PATCH] new upstream release --- 0001-curl-7.25.0-20cb12db.patch | 588 ------------------ 0002-curl-7.25.0-a60edcc6.patch | 100 --- ...ebug.patch => 0102-curl-7.26.0-debug.patch | 8 +- ...=> 0105-curl-7.26.0-disable-test1112.patch | 2 +- 0108-curl-7.25.0-utf8.patch | 41 -- 0108-curl-7.26.0-utf8.patch | 95 +++ curl-7.24.0.tar.lzma.asc | 7 - curl-7.26.0.tar.lzma.asc | 7 + curl.spec | 23 +- sources | 2 +- 10 files changed, 116 insertions(+), 757 deletions(-) delete mode 100644 0001-curl-7.25.0-20cb12db.patch delete mode 100644 0002-curl-7.25.0-a60edcc6.patch rename 0102-curl-7.25.0-debug.patch => 0102-curl-7.26.0-debug.patch (93%) rename 0105-curl-7.21.3-disable-test1112.patch => 0105-curl-7.26.0-disable-test1112.patch (96%) delete mode 100644 0108-curl-7.25.0-utf8.patch create mode 100644 0108-curl-7.26.0-utf8.patch delete mode 100644 curl-7.24.0.tar.lzma.asc create mode 100644 curl-7.26.0.tar.lzma.asc diff --git a/0001-curl-7.25.0-20cb12db.patch b/0001-curl-7.25.0-20cb12db.patch deleted file mode 100644 index bdbbc60..0000000 --- a/0001-curl-7.25.0-20cb12db.patch +++ /dev/null @@ -1,588 +0,0 @@ -From 944d7ff57fbda967db73114c2c8d49eff3f83160 Mon Sep 17 00:00:00 2001 -From: Kamil Dudka -Date: Fri, 6 Apr 2012 16:05:25 +0200 -Subject: [PATCH 1/2] nss: unconditionally require PK11_CreateGenericObject() - -This bumps the minimal supported version of NSS to 3.12.x. - -[upstream commit 42aa7961] - -Signed-off-by: Kamil Dudka ---- - configure | 64 +++++++--------------------------------------- - configure.ac | 10 +------ - docs/INTERNALS | 2 +- - lib/config-symbian.h | 3 -- - lib/config-vxworks.h | 3 -- - lib/curl_config.h.cmake | 3 -- - lib/curl_config.h.in | 3 -- - lib/nss.c | 30 +-------------------- - lib/urldata.h | 2 - - 9 files changed, 15 insertions(+), 105 deletions(-) - -diff --git a/configure b/configure -index 8b0b30a..d20dab3 100755 ---- a/configure -+++ b/configure -@@ -672,7 +672,6 @@ CURL_CA_BUNDLE - SSL_ENABLED - USE_AXTLS - USE_NSS --HAVE_PK11_CREATEGENERICOBJECT - USE_CYASSL - USE_POLARSSL - HAVE_GNUTLS_SRP -@@ -22530,49 +22529,6 @@ $as_echo "found" >&6; } - nssprefix=$OPT_NSS - fi - -- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for PK11_CreateGenericObject in -lnss3" >&5 --$as_echo_n "checking for PK11_CreateGenericObject in -lnss3... " >&6; } --if test "${ac_cv_lib_nss3_PK11_CreateGenericObject+set}" = set; then : -- $as_echo_n "(cached) " >&6 --else -- ac_check_lib_save_LIBS=$LIBS --LIBS="-lnss3 $LIBS" --cat confdefs.h - <<_ACEOF >conftest.$ac_ext --/* end confdefs.h. */ -- -- --#ifdef __cplusplus --extern "C" --#endif --char PK11_CreateGenericObject (); --int main (void) --{ --return PK11_CreateGenericObject (); -- ; -- return 0; --} --_ACEOF --if ac_fn_c_try_link "$LINENO"; then : -- ac_cv_lib_nss3_PK11_CreateGenericObject=yes --else -- ac_cv_lib_nss3_PK11_CreateGenericObject=no --fi --rm -f core conftest.err conftest.$ac_objext \ -- conftest$ac_exeext conftest.$ac_ext --LIBS=$ac_check_lib_save_LIBS --fi --{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nss3_PK11_CreateGenericObject" >&5 --$as_echo "$ac_cv_lib_nss3_PK11_CreateGenericObject" >&6; } --if test "x$ac_cv_lib_nss3_PK11_CreateGenericObject" = x""yes; then : -- -- --$as_echo "#define HAVE_PK11_CREATEGENERICOBJECT 1" >>confdefs.h -- -- HAVE_PK11_CREATEGENERICOBJECT=1 -- -- --fi -- - if test -n "$addlib"; then - - CLEANLIBS="$LIBS" -@@ -22583,9 +22539,9 @@ fi - CPPFLAGS="$CPPFLAGS $addcflags" - fi - -- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for NSS_Initialize in -lnss3" >&5 --$as_echo_n "checking for NSS_Initialize in -lnss3... " >&6; } --if test "${ac_cv_lib_nss3_NSS_Initialize+set}" = set; then : -+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for PK11_CreateGenericObject in -lnss3" >&5 -+$as_echo_n "checking for PK11_CreateGenericObject in -lnss3... " >&6; } -+if test "${ac_cv_lib_nss3_PK11_CreateGenericObject+set}" = set; then : - $as_echo_n "(cached) " >&6 - else - ac_check_lib_save_LIBS=$LIBS -@@ -22597,26 +22553,26 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext - #ifdef __cplusplus - extern "C" - #endif --char NSS_Initialize (); -+char PK11_CreateGenericObject (); - int main (void) - { --return NSS_Initialize (); -+return PK11_CreateGenericObject (); - ; - return 0; - } - _ACEOF - if ac_fn_c_try_link "$LINENO"; then : -- ac_cv_lib_nss3_NSS_Initialize=yes -+ ac_cv_lib_nss3_PK11_CreateGenericObject=yes - else -- ac_cv_lib_nss3_NSS_Initialize=no -+ ac_cv_lib_nss3_PK11_CreateGenericObject=no - fi - rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - LIBS=$ac_check_lib_save_LIBS - fi --{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nss3_NSS_Initialize" >&5 --$as_echo "$ac_cv_lib_nss3_NSS_Initialize" >&6; } --if test "x$ac_cv_lib_nss3_NSS_Initialize" = x""yes; then : -+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nss3_PK11_CreateGenericObject" >&5 -+$as_echo "$ac_cv_lib_nss3_PK11_CreateGenericObject" >&6; } -+if test "x$ac_cv_lib_nss3_PK11_CreateGenericObject" = x""yes; then : - - - $as_echo "#define USE_NSS 1" >>confdefs.h -diff --git a/configure.ac b/configure.ac -index 631563d..1b48f7b 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -2079,13 +2079,6 @@ if test "$OPENSSL_ENABLED" != "1" -a "$GNUTLS_ENABLED" != "1"; then - nssprefix=$OPT_NSS - fi - -- dnl Check for functionPK11_CreateGenericObject -- dnl this is needed for using the PEM PKCS#11 module -- AC_CHECK_LIB(nss3, PK11_CreateGenericObject, -- [ -- AC_DEFINE(HAVE_PK11_CREATEGENERICOBJECT, 1, [if you have the function PK11_CreateGenericObject]) -- AC_SUBST(HAVE_PK11_CREATEGENERICOBJECT, [1]) -- ]) - if test -n "$addlib"; then - - CLEANLIBS="$LIBS" -@@ -2096,7 +2089,8 @@ if test "$OPENSSL_ENABLED" != "1" -a "$GNUTLS_ENABLED" != "1"; then - CPPFLAGS="$CPPFLAGS $addcflags" - fi - -- AC_CHECK_LIB(nss3, NSS_Initialize, -+ dnl The function PK11_CreateGenericObject is needed to load libnsspem.so -+ AC_CHECK_LIB(nss3, PK11_CreateGenericObject, - [ - AC_DEFINE(USE_NSS, 1, [if NSS is enabled]) - AC_SUBST(USE_NSS, [1]) -diff --git a/docs/INTERNALS b/docs/INTERNALS -index 39c4df7..8024ea8 100644 ---- a/docs/INTERNALS -+++ b/docs/INTERNALS -@@ -43,7 +43,7 @@ Portability - openldap 2.0 - MIT krb5 lib 1.2.4 - qsossl V5R2M0 -- NSS 3.11.x -+ NSS 3.12.x - axTLS 1.2.7 - Heimdal ? - -diff --git a/lib/config-symbian.h b/lib/config-symbian.h -index 24ed733..417025a 100644 ---- a/lib/config-symbian.h -+++ b/lib/config-symbian.h -@@ -400,9 +400,6 @@ - /* Define to 1 if you have the `pipe' function. */ - #define HAVE_PIPE 1 - --/* if you have the function PK11_CreateGenericObject */ --/* #undef HAVE_PK11_CREATEGENERICOBJECT */ -- - /* Define to 1 if you have the `poll' function. */ - /*#define HAVE_POLL 1*/ - -diff --git a/lib/config-vxworks.h b/lib/config-vxworks.h -index 8e2d05a..9149507 100644 ---- a/lib/config-vxworks.h -+++ b/lib/config-vxworks.h -@@ -469,9 +469,6 @@ - /* Define to 1 if you have the `pipe' function. */ - #define HAVE_PIPE 1 - --/* if you have the function PK11_CreateGenericObject */ --/* #undef HAVE_PK11_CREATEGENERICOBJECT */ -- - /* Define to 1 if you have a working poll function. */ - /* #undef HAVE_POLL */ - -diff --git a/lib/curl_config.h.cmake b/lib/curl_config.h.cmake -index a321302..88b4de2 100644 ---- a/lib/curl_config.h.cmake -+++ b/lib/curl_config.h.cmake -@@ -444,9 +444,6 @@ - /* Define to 1 if you have the `pipe' function. */ - #cmakedefine HAVE_PIPE ${HAVE_PIPE} - --/* if you have the function PK11_CreateGenericObject */ --#cmakedefine HAVE_PK11_CREATEGENERICOBJECT ${HAVE_PK11_CREATEGENERICOBJECT} -- - /* Define to 1 if you have a working poll function. */ - #cmakedefine HAVE_POLL ${HAVE_POLL} - -diff --git a/lib/curl_config.h.in b/lib/curl_config.h.in -index 5823939..e79c364 100644 ---- a/lib/curl_config.h.in -+++ b/lib/curl_config.h.in -@@ -506,9 +506,6 @@ - /* Define to 1 if you have the `pipe' function. */ - #undef HAVE_PIPE - --/* if you have the function PK11_CreateGenericObject */ --#undef HAVE_PK11_CREATEGENERICOBJECT -- - /* Define to 1 if you have a working poll function. */ - #undef HAVE_POLL - -diff --git a/lib/nss.c b/lib/nss.c -index 8f6da50..6108917 100644 ---- a/lib/nss.c -+++ b/lib/nss.c -@@ -170,9 +170,7 @@ static const int enable_ciphers_by_default[] = { - SSL_NULL_WITH_NULL_NULL - }; - --#ifdef HAVE_PK11_CREATEGENERICOBJECT - static const char* pem_library = "libnsspem.so"; --#endif - SECMODModule* mod = NULL; - - static SECStatus set_ciphers(struct SessionHandle *data, PRFileDesc * model, -@@ -305,7 +303,6 @@ static char* dup_nickname(struct SessionHandle *data, enum dupstring cert_kind) - return NULL; - } - --#ifdef HAVE_PK11_CREATEGENERICOBJECT - /* Call PK11_CreateGenericObject() with the given obj_class and filename. If - * the call succeeds, append the object handle to the list of objects so that - * the object can be destroyed in Curl_nss_close(). */ -@@ -369,7 +366,6 @@ static void nss_destroy_object(void *user, void *ptr) - (void) user; - PK11_DestroyGenericObject(obj); - } --#endif - - static CURLcode nss_load_cert(struct ssl_connect_data *ssl, - const char *filename, PRBool cacert) -@@ -378,7 +374,6 @@ static CURLcode nss_load_cert(struct ssl_connect_data *ssl, - ? CURLE_SSL_CACERT_BADFILE - : CURLE_SSL_CERTPROBLEM; - --#ifdef HAVE_PK11_CREATEGENERICOBJECT - /* libnsspem.so leaks memory if the requested file does not exist. For more - * details, go to . */ - if(is_file(filename)) -@@ -405,7 +400,6 @@ static CURLcode nss_load_cert(struct ssl_connect_data *ssl, - free(nickname); - } - } --#endif - - return err; - } -@@ -499,10 +493,10 @@ fail: - static CURLcode nss_load_key(struct connectdata *conn, int sockindex, - char *key_file) - { --#ifdef HAVE_PK11_CREATEGENERICOBJECT - PK11SlotInfo *slot; - SECStatus status; - struct ssl_connect_data *ssl = conn->ssl; -+ (void)sockindex; /* unused */ - - CURLcode rv = nss_create_object(ssl, CKO_PRIVATE_KEY, key_file, FALSE); - if(CURLE_OK != rv) { -@@ -524,15 +518,6 @@ static CURLcode nss_load_key(struct connectdata *conn, int sockindex, - return (SECSuccess == status) - ? CURLE_OK - : CURLE_SSL_CERTPROBLEM; --#else -- /* If we don't have PK11_CreateGenericObject then we can't load a file-based -- * key. -- */ -- (void)conn; /* unused */ -- (void)key_file; /* unused */ -- return CURLE_SSL_CERTPROBLEM; --#endif -- (void)sockindex; /* unused */ - } - - static int display_error(struct connectdata *conn, PRInt32 err, -@@ -775,7 +760,6 @@ static SECStatus SelectClientCert(void *arg, PRFileDesc *sock, - struct SessionHandle *data = connssl->data; - const char *nickname = connssl->client_nickname; - --#ifdef HAVE_PK11_CREATEGENERICOBJECT - if(connssl->obj_clicert) { - /* use the cert/key provided by PEM reader */ - static const char pem_slotname[] = "PEM Token #1"; -@@ -815,7 +799,6 @@ static SECStatus SelectClientCert(void *arg, PRFileDesc *sock, - display_cert_info(data, *pRetCert); - return SECSuccess; - } --#endif - - /* use the default NSS hook */ - if(SECSuccess != NSS_GetClientAuthData((void *)nickname, sock, caNames, -@@ -1053,12 +1036,11 @@ void Curl_nss_close(struct connectdata *conn, int sockindex) - * next time to the same server */ - SSL_InvalidateSession(connssl->handle); - } --#ifdef HAVE_PK11_CREATEGENERICOBJECT - /* destroy all NSS objects in order to avoid failure of NSS shutdown */ - Curl_llist_destroy(connssl->obj_list, NULL); - connssl->obj_list = NULL; - connssl->obj_clicert = NULL; --#endif -+ - PR_Close(connssl->handle); - connssl->handle = NULL; - } -@@ -1173,12 +1155,10 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) - - connssl->data = data; - --#ifdef HAVE_PK11_CREATEGENERICOBJECT - /* list of all NSS objects we need to destroy in Curl_nss_close() */ - connssl->obj_list = Curl_llist_alloc(nss_destroy_object); - if(!connssl->obj_list) - return CURLE_OUT_OF_MEMORY; --#endif - - /* FIXME. NSS doesn't support multiple databases open at the same time. */ - PR_Lock(nss_initlock); -@@ -1190,7 +1170,6 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) - - curlerr = CURLE_SSL_CONNECT_ERROR; - --#ifdef HAVE_PK11_CREATEGENERICOBJECT - if(!mod) { - char *configstring = aprintf("library=%s name=PEM", pem_library); - if(!configstring) { -@@ -1209,7 +1188,6 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) - "OpenSSL PEM certificates will not work.\n", pem_library); - } - } --#endif - - PK11_SetPasswordFunc(nss_get_password); - PR_Unlock(nss_initlock); -@@ -1340,9 +1318,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) - char *nickname = dup_nickname(data, STRING_CERT); - if(nickname) { - /* we are not going to use libnsspem.so to read the client cert */ --#ifdef HAVE_PK11_CREATEGENERICOBJECT - connssl->obj_clicert = NULL; --#endif - } - else { - CURLcode rv = cert_stuff(conn, sockindex, data->set.str[STRING_CERT], -@@ -1442,11 +1418,9 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) - if(model) - PR_Close(model); - --#ifdef HAVE_PK11_CREATEGENERICOBJECT - /* cleanup on connection failure */ - Curl_llist_destroy(connssl->obj_list, NULL); - connssl->obj_list = NULL; --#endif - - if(ssl3 && tlsv1 && isTLSIntoleranceError(err)) { - /* schedule reconnect through Curl_retry_request() */ -diff --git a/lib/urldata.h b/lib/urldata.h -index 7830686..8b6023c 100644 ---- a/lib/urldata.h -+++ b/lib/urldata.h -@@ -271,10 +271,8 @@ struct ssl_connect_data { - PRFileDesc *handle; - char *client_nickname; - struct SessionHandle *data; --#ifdef HAVE_PK11_CREATEGENERICOBJECT - struct curl_llist *obj_list; - PK11GenericObject *obj_clicert; --#endif - #endif /* USE_NSS */ - #ifdef USE_QSOSSL - SSLHandle *handle; --- -1.7.1 - - -From 1467ca453bc0feed5109227c09e8e47c2de079d1 Mon Sep 17 00:00:00 2001 -From: Kamil Dudka -Date: Tue, 10 Apr 2012 15:42:34 +0200 -Subject: [PATCH 2/2] nss: use NSS_InitContext() to initialize NSS if available - -NSS_InitContext() was introduced in NSS 3.12.5 and helps to prevent -collisions on NSS initialization/shutdown with other libraries. - -Bug: https://bugzilla.redhat.com/738456 - -[upstream commit 20cb12db] - -Signed-off-by: Kamil Dudka ---- - configure | 13 +++++++++++++ - configure.ac | 8 ++++++++ - lib/Makefile.in | 2 +- - lib/curl_config.h.in | 3 +++ - lib/nss.c | 37 ++++++++++++++++++++++++++++++++++++- - 5 files changed, 61 insertions(+), 2 deletions(-) - -diff --git a/configure b/configure -index d20dab3..495f65a 100755 ---- a/configure -+++ b/configure -@@ -671,6 +671,7 @@ USE_LIBSSH2 - CURL_CA_BUNDLE - SSL_ENABLED - USE_AXTLS -+HAVE_NSS_INITCONTEXT - USE_NSS - USE_CYASSL - USE_POLARSSL -@@ -22595,6 +22596,18 @@ fi - { $as_echo "$as_me:${as_lineno-$LINENO}: detected NSS version $version" >&5 - $as_echo "$as_me: detected NSS version $version" >&6;} - -+ ac_fn_c_check_func "$LINENO" "NSS_InitContext" "ac_cv_func_NSS_InitContext" -+if test "x$ac_cv_func_NSS_InitContext" = x""yes; then : -+ -+ -+$as_echo "#define HAVE_NSS_INITCONTEXT 1" >>confdefs.h -+ -+ HAVE_NSS_INITCONTEXT=1 -+ -+ -+fi -+ -+ - if test "x$cross_compiling" != "xyes"; then - LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$nssprefix/lib$libsuff" - export LD_LIBRARY_PATH -diff --git a/configure.ac b/configure.ac -index 1b48f7b..54b0af3 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -2106,6 +2106,14 @@ if test "$OPENSSL_ENABLED" != "1" -a "$GNUTLS_ENABLED" != "1"; then - if test "x$USE_NSS" = "xyes"; then - AC_MSG_NOTICE([detected NSS version $version]) - -+ dnl NSS_InitContext() was introduced in NSS 3.12.5 and helps to prevent -+ dnl collisions on NSS initialization/shutdown with other libraries -+ AC_CHECK_FUNC(NSS_InitContext, -+ [ -+ AC_DEFINE(HAVE_NSS_INITCONTEXT, 1, [if you have the NSS_InitContext function]) -+ AC_SUBST(HAVE_NSS_INITCONTEXT, [1]) -+ ]) -+ - dnl when shared libs were found in a path that the run-time - dnl linker doesn't search through, we need to add it to - dnl LD_LIBRARY_PATH to prevent further configure tests to fail -diff --git a/lib/Makefile.in b/lib/Makefile.in -index bdfd796..c4468ab 100644 ---- a/lib/Makefile.in -+++ b/lib/Makefile.in -@@ -233,7 +233,7 @@ HAVE_LDAP_SSL = @HAVE_LDAP_SSL@ - HAVE_LIBZ = @HAVE_LIBZ@ - HAVE_LIBZ_FALSE = @HAVE_LIBZ_FALSE@ - HAVE_LIBZ_TRUE = @HAVE_LIBZ_TRUE@ --HAVE_PK11_CREATEGENERICOBJECT = @HAVE_PK11_CREATEGENERICOBJECT@ -+HAVE_NSS_INITCONTEXT = @HAVE_NSS_INITCONTEXT@ - HAVE_SSLEAY_SRP = @HAVE_SSLEAY_SRP@ - IDN_ENABLED = @IDN_ENABLED@ - INSTALL_DATA = @INSTALL_DATA@ -diff --git a/lib/curl_config.h.in b/lib/curl_config.h.in -index e79c364..a613f7d 100644 ---- a/lib/curl_config.h.in -+++ b/lib/curl_config.h.in -@@ -469,6 +469,9 @@ - /* Define to 1 if NI_WITHSCOPEID exists and works. */ - #undef HAVE_NI_WITHSCOPEID - -+/* if you have the NSS_InitContext function */ -+#undef HAVE_NSS_INITCONTEXT -+ - /* if you have an old MIT gssapi library, lacking GSS_C_NT_HOSTBASED_SERVICE - */ - #undef HAVE_OLD_GSSMIT -diff --git a/lib/nss.c b/lib/nss.c -index 6108917..16127ee 100644 ---- a/lib/nss.c -+++ b/lib/nss.c -@@ -78,6 +78,9 @@ PRFileDesc *PR_ImportTCPSocket(PRInt32 osfd); - - PRLock * nss_initlock = NULL; - PRLock * nss_crllock = NULL; -+#ifdef HAVE_NSS_INITCONTEXT -+NSSInitContext * nss_context = NULL; -+#endif - - volatile int initialized = 0; - -@@ -861,29 +864,56 @@ isTLSIntoleranceError(PRInt32 err) - - static CURLcode nss_init_core(struct SessionHandle *data, const char *cert_dir) - { -+#ifdef HAVE_NSS_INITCONTEXT -+ if(nss_context != NULL) -+ return CURLE_OK; -+ -+ NSSInitParameters initparams; -+ memset((void *) &initparams, '\0', sizeof(initparams)); -+ initparams.length = sizeof(initparams); -+#else /* HAVE_NSS_INITCONTEXT */ -+ SECStatus rv; -+ - if(NSS_IsInitialized()) - return CURLE_OK; -+#endif - - if(cert_dir) { -- SECStatus rv; - const bool use_sql = NSS_VersionCheck("3.12.0"); - char *certpath = aprintf("%s%s", use_sql ? "sql:" : "", cert_dir); - if(!certpath) - return CURLE_OUT_OF_MEMORY; - - infof(data, "Initializing NSS with certpath: %s\n", certpath); -+#ifdef HAVE_NSS_INITCONTEXT -+ nss_context = NSS_InitContext(certpath, "", "", "", &initparams, -+ NSS_INIT_READONLY | NSS_INIT_PK11RELOAD); -+ free(certpath); -+ -+ if(nss_context != NULL) -+ return CURLE_OK; -+#else /* HAVE_NSS_INITCONTEXT */ - rv = NSS_Initialize(certpath, "", "", "", NSS_INIT_READONLY); - free(certpath); - - if(rv == SECSuccess) - return CURLE_OK; -+#endif - - infof(data, "Unable to initialize NSS database\n"); - } - - infof(data, "Initializing NSS with certpath: none\n"); -+#ifdef HAVE_NSS_INITCONTEXT -+ nss_context = NSS_InitContext("", "", "", "", &initparams, NSS_INIT_READONLY -+ | NSS_INIT_NOCERTDB | NSS_INIT_NOMODDB | NSS_INIT_FORCEOPEN -+ | NSS_INIT_NOROOTINIT | NSS_INIT_OPTIMIZESPACE | NSS_INIT_PK11RELOAD); -+ if(nss_context != NULL) -+ return CURLE_OK; -+#else /* HAVE_NSS_INITCONTEXT */ - if(NSS_NoDB_Init(NULL) == SECSuccess) - return CURLE_OK; -+#endif - - infof(data, "Unable to initialize NSS\n"); - return CURLE_SSL_CACERT_BADFILE; -@@ -979,7 +1009,12 @@ void Curl_nss_cleanup(void) - SECMOD_DestroyModule(mod); - mod = NULL; - } -+#ifdef HAVE_NSS_INITCONTEXT -+ NSS_ShutdownContext(nss_context); -+ nss_context = NULL; -+#else /* HAVE_NSS_INITCONTEXT */ - NSS_Shutdown(); -+#endif - } - PR_Unlock(nss_initlock); - --- -1.7.1 - diff --git a/0002-curl-7.25.0-a60edcc6.patch b/0002-curl-7.25.0-a60edcc6.patch deleted file mode 100644 index 0516dbe..0000000 --- a/0002-curl-7.25.0-a60edcc6.patch +++ /dev/null @@ -1,100 +0,0 @@ -From 304341d763f4293c7cc107e37d0ca0ac3741a560 Mon Sep 17 00:00:00 2001 -From: Kamil Dudka -Date: Wed, 11 Apr 2012 13:44:20 +0200 -Subject: [PATCH] nss: provide human-readable names for NSS errors - -[upstream commit a60edcc6] - -Signed-off-by: Kamil Dudka ---- - lib/nss.c | 32 +++++++++++++++++++++++++------- - 1 files changed, 25 insertions(+), 7 deletions(-) - -diff --git a/lib/nss.c b/lib/nss.c -index 16127ee..6002391 100644 ---- a/lib/nss.c -+++ b/lib/nss.c -@@ -62,6 +62,7 @@ - #include - #include - #include -+#include - - #include "curl_memory.h" - #include "rawstr.h" -@@ -176,6 +177,15 @@ static const int enable_ciphers_by_default[] = { - static const char* pem_library = "libnsspem.so"; - SECMODModule* mod = NULL; - -+static const char* nss_error_to_name(PRErrorCode code) -+{ -+ const char *name = PR_ErrorToName(code); -+ if(name) -+ return name; -+ -+ return "unknown error"; -+} -+ - static SECStatus set_ciphers(struct SessionHandle *data, PRFileDesc * model, - char *cipher_list) - { -@@ -548,8 +558,11 @@ static CURLcode cert_stuff(struct connectdata *conn, int sockindex, - if(cert_file) { - rv = nss_load_cert(&conn->ssl[sockindex], cert_file, PR_FALSE); - if(CURLE_OK != rv) { -- if(!display_error(conn, PR_GetError(), cert_file)) -- failf(data, "Unable to load client cert %d.", PR_GetError()); -+ const PRErrorCode err = PR_GetError(); -+ if(!display_error(conn, err, cert_file)) { -+ const char *err_name = nss_error_to_name(err); -+ failf(data, "unable to load client cert: %d (%s)", err, err_name); -+ } - - return rv; - } -@@ -562,8 +575,11 @@ static CURLcode cert_stuff(struct connectdata *conn, int sockindex, - /* In case the cert file also has the key */ - rv = nss_load_key(conn, sockindex, cert_file); - if(CURLE_OK != rv) { -- if(!display_error(conn, PR_GetError(), key_file)) -- failf(data, "Unable to load client key %d.", PR_GetError()); -+ const PRErrorCode err = PR_GetError(); -+ if(!display_error(conn, err, key_file)) { -+ const char *err_name = nss_error_to_name(err); -+ failf(data, "unable to load client key: %d (%s)", err, err_name); -+ } - - return rv; - } -@@ -1448,7 +1464,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) - if(handle_cc_error(err, data)) - curlerr = CURLE_SSL_CERTPROBLEM; - else -- infof(data, "NSS error %d\n", err); -+ infof(data, "NSS error %d (%s)\n", err, nss_error_to_name(err)); - - if(model) - PR_Close(model); -@@ -1484,7 +1500,8 @@ static ssize_t nss_send(struct connectdata *conn, /* connection data */ - else if(handle_cc_error(err, conn->data)) - *curlcode = CURLE_SSL_CERTPROBLEM; - else { -- failf(conn->data, "SSL write: error %d", err); -+ const char *err_name = nss_error_to_name(err); -+ failf(conn->data, "SSL write: error %d (%s)", err, err_name); - *curlcode = CURLE_SEND_ERROR; - } - return -1; -@@ -1510,7 +1527,8 @@ static ssize_t nss_recv(struct connectdata * conn, /* connection data */ - else if(handle_cc_error(err, conn->data)) - *curlcode = CURLE_SSL_CERTPROBLEM; - else { -- failf(conn->data, "SSL read: errno %d", err); -+ const char *err_name = nss_error_to_name(err); -+ failf(conn->data, "SSL read: errno %d (%s)", err, err_name); - *curlcode = CURLE_RECV_ERROR; - } - return -1; --- -1.7.1 - diff --git a/0102-curl-7.25.0-debug.patch b/0102-curl-7.26.0-debug.patch similarity index 93% rename from 0102-curl-7.25.0-debug.patch rename to 0102-curl-7.26.0-debug.patch index 8056f53..6d8f6ce 100644 --- a/0102-curl-7.25.0-debug.patch +++ b/0102-curl-7.26.0-debug.patch @@ -6,7 +6,7 @@ diff --git a/configure b/configure index d3ecf69..6d8f085 100755 --- a/configure +++ b/configure -@@ -15045,18 +15045,11 @@ $as_echo "yes" >&6; } +@@ -15084,18 +15084,11 @@ $as_echo "yes" >&6; } gccvhi=`echo $gccver | cut -d . -f1` gccvlo=`echo $gccver | cut -d . -f2` compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null` @@ -27,8 +27,8 @@ index d3ecf69..6d8f085 100755 + flags_opt_all="" + flags_opt_yes="" flags_opt_off="-O0" - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 + + if test -z "$SED"; then diff --git a/m4/curl-compilers.m4 b/m4/curl-compilers.m4 index 1ea4d17..868d65a 100644 --- a/m4/curl-compilers.m4 @@ -54,5 +54,5 @@ index 1ea4d17..868d65a 100644 + flags_opt_all="" + flags_opt_yes="" flags_opt_off="-O0" + CURL_CHECK_DEF([_WIN32], [], [silent]) else - AC_MSG_RESULT([no]) diff --git a/0105-curl-7.21.3-disable-test1112.patch b/0105-curl-7.26.0-disable-test1112.patch similarity index 96% rename from 0105-curl-7.21.3-disable-test1112.patch rename to 0105-curl-7.26.0-disable-test1112.patch index d2367a9..51320b6 100644 --- a/0105-curl-7.21.3-disable-test1112.patch +++ b/0105-curl-7.26.0-disable-test1112.patch @@ -19,7 +19,7 @@ diff --git a/tests/data/Makefile.in b/tests/data/Makefile.in index 435b126..1d71c4e 100644 --- a/tests/data/Makefile.in +++ b/tests/data/Makefile.in -@@ -326,7 +326,7 @@ test1078 test1079 test1080 test1081 test1082 test1083 test1084 test1085 \ +@@ -332,7 +332,7 @@ test1078 test1079 test1080 test1081 test1082 test1083 test1084 test1085 \ test1086 test1087 test1088 test1089 test1090 test1091 test1092 test1093 \ test1094 test1095 test1096 test1097 test1098 test1099 test1100 test1101 \ test1102 test1103 test1104 test1105 test1106 test1107 test1108 test1109 \ diff --git a/0108-curl-7.25.0-utf8.patch b/0108-curl-7.25.0-utf8.patch deleted file mode 100644 index 9aab598..0000000 --- a/0108-curl-7.25.0-utf8.patch +++ /dev/null @@ -1,41 +0,0 @@ ---- curl/CHANGES -+++ curl/CHANGES -@@ -1388,7 +1388,7 @@ Daniel Stenberg (12 Dec 2011) - linking with a static openssl requires a set of more libs to be linked - on Windows. - -- Thanks also to Steve Holme and Martin Storsj for additional feedback. -+ Thanks also to Steve Holme and Martin Storsjö for additional feedback. - - Bug: http://curl.haxx.se/mail/lib-2011-12/0063.html - Reported by: Ward Willats -@@ -2648,7 +2648,7 @@ Daniel Stenberg (25 Sep 2011) - damaging. - - Bug: http://curl.haxx.se/bug/view.cgi?id=3413181 -- Reported by: Taneli Vhkangas -+ Reported by: Taneli Vähäkangas - - Yang Tse (24 Sep 2011) - - curl tool: fix a compiler warning -@@ -5168,9 +5168,9 @@ Daniel Stenberg (12 Apr 2011) - - OpenSSL: no-sslv2 aware - - Allow openSSL without SSL2 to be used. This fix is inspired by the fix -- provided by Cristian Rodrguez. -+ provided by Cristian Rodríguez. - -- Reported by: Cristian Rodrguez -+ Reported by: Cristian Rodríguez - - - curl_easy_setopt.3: CURLOPT_RESOLVE typo version - ---- curl/README -+++ curl/README -@@ -45,5 +45,5 @@ GIT - NOTICE - - Curl contains pieces of source code that is Copyright (c) 1998, 1999 -- Kungliga Tekniska Hgskolan. This notice is included here to comply with the -+ Kungliga Tekniska Högskolan. This notice is included here to comply with the - distribution terms. diff --git a/0108-curl-7.26.0-utf8.patch b/0108-curl-7.26.0-utf8.patch new file mode 100644 index 0000000..e4f309c --- /dev/null +++ b/0108-curl-7.26.0-utf8.patch @@ -0,0 +1,95 @@ + CHANGES | 18 +++++++++--------- + README | 2 +- + 2 files changed, 10 insertions(+), 10 deletions(-) + +diff --git a/CHANGES b/CHANGES +index 2335841..d4d37c2 100644 +--- a/CHANGES ++++ b/CHANGES +@@ -604,18 +604,18 @@ Daniel Stenberg (1 Apr 2012) + Reported by: Michael Wallner + + Steve Holme (31 Mar 2012) +-- [Gökhan Şengün brought this change] ++- [Gökhan Şengün brought this change] + + smtp: Add support for DIGEST-MD5 authentication + +-- [Gökhan Şengün brought this change] ++- [Gökhan Şengün brought this change] + + smtp: Cody tidy up of md5 digest length + + Replaced the hard coded md5 digest length (16) with a preprocessor + constant + +-- [Gökhan Şengün brought this change] ++- [Gökhan Şengün brought this change] + + md5: Add support for calculating the md5 sum of buffers incrementally + +@@ -1913,7 +1913,7 @@ Daniel Stenberg (20 Dec 2011) + This offers an alternative to the existing Curl_socket_ready() API which + only checks one socket for read and one for write. + +-- [Cédric Deltheil brought this change] ++- [Cédric Deltheil brought this change] + + curl.h: add __ANDROID__ macro check + +@@ -2126,7 +2126,7 @@ Daniel Stenberg (12 Dec 2011) + linking with a static openssl requires a set of more libs to be linked + on Windows. + +- Thanks also to Steve Holme and Martin Storsj for additional feedback. ++ Thanks also to Steve Holme and Martin Storsjö for additional feedback. + + Bug: http://curl.haxx.se/mail/lib-2011-12/0063.html + Reported by: Ward Willats +@@ -3386,7 +3386,7 @@ Daniel Stenberg (25 Sep 2011) + damaging. + + Bug: http://curl.haxx.se/bug/view.cgi?id=3413181 +- Reported by: Taneli Vhkangas ++ Reported by: Taneli Vähäkangas + + Yang Tse (24 Sep 2011) + - curl tool: fix a compiler warning +@@ -4386,7 +4386,7 @@ Daniel Stenberg (8 Aug 2011) + Update the phrasing to reflect our more strict interpretation: + http://curl.haxx.se/mail/lib-2011-08/0064.html + +-- [Cristian Rodríguez brought this change] ++- [Cristian Rodríguez brought this change] + + OpenSSL: Use SSL_MODE_RELEASE_BUFFERS if available, reduces memory use + +@@ -4394,7 +4394,7 @@ Daniel Stenberg (8 Aug 2011) + http://www.openssl.org/docs/ssl/SSL_CTX_set_mode.html + http://www.imperialviolet.org/2010/06/25/overclocking-ssl.html + +- Signed-off-by: Cristian Rodríguez ++ Signed-off-by: Cristian Rodríguez + + - TODO-RELEASE: close issue #292 + +@@ -4428,7 +4428,7 @@ Daniel Stenberg (6 Aug 2011) + provided" by Christian Hgele + http://curl.haxx.se/mail/lib-2011-08/0009.html + +-- [Christian Hägele brought this change] ++- [Christian Hägele brought this change] + + asyn-thread: check for dotted addresses before thread starts + +diff --git a/README b/README +index 2ffacc3..cfd6760 100644 +--- a/README ++++ b/README +@@ -45,5 +45,5 @@ GIT + NOTICE + + Curl contains pieces of source code that is Copyright (c) 1998, 1999 +- Kungliga Tekniska Hgskolan. This notice is included here to comply with the ++ Kungliga Tekniska Högskolan. This notice is included here to comply with the + distribution terms. diff --git a/curl-7.24.0.tar.lzma.asc b/curl-7.24.0.tar.lzma.asc deleted file mode 100644 index 720b4df..0000000 --- a/curl-7.24.0.tar.lzma.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.11 (GNU/Linux) - -iEYEABECAAYFAk8eczoACgkQeOEcayedXJFoKACfUI6eBzthDt9SaQHF+uqXUIVS -ewEAoM1e4Cuwt8vjL/6m4sEZSaaJ0Jp+ -=SL4u ------END PGP SIGNATURE----- diff --git a/curl-7.26.0.tar.lzma.asc b/curl-7.26.0.tar.lzma.asc new file mode 100644 index 0000000..1570d24 --- /dev/null +++ b/curl-7.26.0.tar.lzma.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.12 (GNU/Linux) + +iEYEABECAAYFAk++XP4ACgkQeOEcayedXJGItwCgtc6ECD4l6E7Q4ZEJDOzBB5bQ +LWoAoLFWWUbcd+sBu/+s6fOGxgETHqT2 +=4I4f +-----END PGP SIGNATURE----- diff --git a/curl.spec b/curl.spec index 49a0638..72f8a72 100644 --- a/curl.spec +++ b/curl.spec @@ -1,30 +1,24 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl -Version: 7.25.0 -Release: 3%{?dist} +Version: 7.26.0 +Release: 1%{?dist} License: MIT Group: Applications/Internet Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma Source2: curlbuild.h Source3: hide_selinux.c -# use NSS_InitContext() to initialize NSS if available (#738456) -Patch1: 0001-curl-7.25.0-20cb12db.patch - -# provide human-readable names for NSS errors (upstream commit a60edcc6) -Patch2: 0002-curl-7.25.0-a60edcc6.patch - # patch making libcurl multilib ready Patch101: 0101-curl-7.25.0-multilib.patch # prevent configure script from discarding -g in CFLAGS (#496778) -Patch102: 0102-curl-7.25.0-debug.patch +Patch102: 0102-curl-7.26.0-debug.patch # use localhost6 instead of ip6-localhost in the curl test-suite Patch104: 0104-curl-7.19.7-localhost6.patch # exclude test1112 from the test suite (#565305) -Patch105: 0105-curl-7.21.3-disable-test1112.patch +Patch105: 0105-curl-7.26.0-disable-test1112.patch # disable valgrind for certain test-cases (libssh2 problem) Patch106: 0106-curl-7.21.0-libssh2-valgrind.patch @@ -34,7 +28,7 @@ Patch107: 0107-curl-7.21.4-libidn-valgrind.patch # Fix character encoding of docs, which are of mixed encoding originally so # a simple iconv can't fix them -Patch108: 0108-curl-7.25.0-utf8.patch +Patch108: 0108-curl-7.26.0-utf8.patch Provides: webclient URL: http://curl.haxx.se/ @@ -109,10 +103,6 @@ documentation of the library, too. %prep %setup -q -# upstream patches -%patch1 -p1 -%patch2 -p1 - # Fedora patches %patch101 -p1 %patch102 -p1 @@ -228,6 +218,9 @@ rm -rf $RPM_BUILD_ROOT %{_datadir}/aclocal/libcurl.m4 %changelog +* Fri May 25 2012 Kamil Dudka 7.26.0-1 +- new upstream release + * Wed Apr 25 2012 Karsten Hopp 7.25.0-3 - valgrind on ppc64 works fine, disable ppc32 only diff --git a/sources b/sources index 71365ee..44e0158 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -d0f63a8a14db21e1abdc4862d4ba4a1a curl-7.25.0.tar.lzma +2ba226ced5d6ef539df970ac77627623 curl-7.26.0.tar.lzma