From 5cb97168a8710225a81444b8e094f35ced5a2589 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Wed, 5 Nov 2014 10:42:27 +0100
Subject: [PATCH] new upstream release - 7.39.0 (fixes CVE-2014-3707)

---
 0001-curl-7.38.0-0aecdf68.patch | 67 ---------------------------------
 curl-7.38.0.tar.lzma.asc        |  7 ----
 curl-7.39.0.tar.lzma.asc        |  7 ++++
 curl.spec                       | 11 +++---
 sources                         |  2 +-
 5 files changed, 13 insertions(+), 81 deletions(-)
 delete mode 100644 0001-curl-7.38.0-0aecdf68.patch
 delete mode 100644 curl-7.38.0.tar.lzma.asc
 create mode 100644 curl-7.39.0.tar.lzma.asc

diff --git a/0001-curl-7.38.0-0aecdf68.patch b/0001-curl-7.38.0-0aecdf68.patch
deleted file mode 100644
index 4f094f0..0000000
--- a/0001-curl-7.38.0-0aecdf68.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-From 2c00131b1eedd1cf53902f8cc49c90b4d46c5753 Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Mon, 20 Oct 2014 18:18:57 +0200
-Subject: [PATCH] nss: reset SSL handshake state machine
-
-... when the handshake succeeds
-
-This fixes a connection failure when FTPS handle is reused.
-
-Upstream-commit: 0aecdf682895b42c25b232e91529f48bdf7738b3
-Signed-off-by: Kamil Dudka <kdudka@redhat.com>
----
- lib/vtls/nss.c | 17 +++++++++--------
- 1 file changed, 9 insertions(+), 8 deletions(-)
-
-diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
-index 83b3e32..a925b12 100644
---- a/lib/vtls/nss.c
-+++ b/lib/vtls/nss.c
-@@ -1482,9 +1482,6 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex)
- #endif
- 
- 
--  if(connssl->state == ssl_connection_complete)
--    return CURLE_OK;
--
-   connssl->data = data;
- 
-   /* list of all NSS objects we need to destroy in Curl_nss_close() */
-@@ -1749,10 +1746,6 @@ static CURLcode nss_do_connect(struct connectdata *conn, int sockindex)
-     goto error;
-   }
- 
--  connssl->state = ssl_connection_complete;
--  conn->recv[sockindex] = nss_recv;
--  conn->send[sockindex] = nss_send;
--
-   display_conn_info(conn, connssl->handle);
- 
-   if(data->set.str[STRING_SSL_ISSUERCERT]) {
-@@ -1788,6 +1781,9 @@ static CURLcode nss_connect_common(struct connectdata *conn, int sockindex,
-   const bool blocking = (done == NULL);
-   CURLcode rv;
- 
-+  if(connssl->state == ssl_connection_complete)
-+    return CURLE_OK;
-+
-   if(connssl->connecting_state == ssl_connect_1) {
-     rv = nss_setup_connect(conn, sockindex);
-     if(rv)
-@@ -1827,7 +1823,12 @@ static CURLcode nss_connect_common(struct connectdata *conn, int sockindex,
-     /* signal completed SSL handshake */
-     *done = TRUE;
- 
--  connssl->connecting_state = ssl_connect_done;
-+  connssl->state = ssl_connection_complete;
-+  conn->recv[sockindex] = nss_recv;
-+  conn->send[sockindex] = nss_send;
-+
-+  /* ssl_connect_done is never used outside, go back to the initial state */
-+  connssl->connecting_state = ssl_connect_1;
-   return CURLE_OK;
- }
- 
--- 
-2.1.0
-
diff --git a/curl-7.38.0.tar.lzma.asc b/curl-7.38.0.tar.lzma.asc
deleted file mode 100644
index cb4b926..0000000
--- a/curl-7.38.0.tar.lzma.asc
+++ /dev/null
@@ -1,7 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1
-
-iEYEABECAAYFAlQP74cACgkQeOEcayedXJFCawCdH3UiuHmb8+ZZwGJp6lGKzplN
-U6AAnj4WsEGF5Ywf8s4ueF3Y6bFFwX4R
-=9D9Q
------END PGP SIGNATURE-----
diff --git a/curl-7.39.0.tar.lzma.asc b/curl-7.39.0.tar.lzma.asc
new file mode 100644
index 0000000..4fa0abe
--- /dev/null
+++ b/curl-7.39.0.tar.lzma.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iEYEABECAAYFAlRZ0ScACgkQeOEcayedXJFMdwCg+1jN1OAfEVzzyJQVtBKactH7
+KLsAoI3kTOl5X+Z41Zmd2O6A9kaS23zH
+=6avy
+-----END PGP SIGNATURE-----
diff --git a/curl.spec b/curl.spec
index 75be0d3..628b680 100644
--- a/curl.spec
+++ b/curl.spec
@@ -1,15 +1,12 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
-Version: 7.38.0
-Release: 2%{?dist}
+Version: 7.39.0
+Release: 1%{?dist}
 License: MIT
 Group: Applications/Internet
 Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
 Source2: curlbuild.h
 
-# fix a connection failure when FTPS handle is reused
-Patch1:   0001-curl-7.38.0-0aecdf68.patch
-
 # patch making libcurl multilib ready
 Patch101: 0101-curl-7.32.0-multilib.patch
 
@@ -123,7 +120,6 @@ documentation of the library, too.
 %setup -q
 
 # upstream patches
-%patch1 -p1
 
 # Fedora patches
 %patch101 -p1
@@ -247,6 +243,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_datadir}/aclocal/libcurl.m4
 
 %changelog
+* Wed Nov 05 2014 Kamil Dudka <kdudka@redhat.com> 7.39.0-1
+- new upstream release (fixes CVE-2014-3707)
+
 * Tue Oct 21 2014 Kamil Dudka <kdudka@redhat.com> 7.38.0-2
 - fix a connection failure when FTPS handle is reused
 
diff --git a/sources b/sources
index 96b6929..7d2fa7d 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-fdafc30cbf0acd2fe6bc31b956b856a5  curl-7.38.0.tar.lzma
+e9aa6dec29920eba8ef706ea5823bad7  curl-7.39.0.tar.lzma