new upstream release - 7.39.0 (fixes CVE-2014-3707)
This commit is contained in:
parent
724cf4a6d4
commit
5cb97168a8
@ -1,67 +0,0 @@
|
|||||||
From 2c00131b1eedd1cf53902f8cc49c90b4d46c5753 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Kamil Dudka <kdudka@redhat.com>
|
|
||||||
Date: Mon, 20 Oct 2014 18:18:57 +0200
|
|
||||||
Subject: [PATCH] nss: reset SSL handshake state machine
|
|
||||||
|
|
||||||
... when the handshake succeeds
|
|
||||||
|
|
||||||
This fixes a connection failure when FTPS handle is reused.
|
|
||||||
|
|
||||||
Upstream-commit: 0aecdf682895b42c25b232e91529f48bdf7738b3
|
|
||||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
|
||||||
---
|
|
||||||
lib/vtls/nss.c | 17 +++++++++--------
|
|
||||||
1 file changed, 9 insertions(+), 8 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
|
|
||||||
index 83b3e32..a925b12 100644
|
|
||||||
--- a/lib/vtls/nss.c
|
|
||||||
+++ b/lib/vtls/nss.c
|
|
||||||
@@ -1482,9 +1482,6 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex)
|
|
||||||
#endif
|
|
||||||
|
|
||||||
|
|
||||||
- if(connssl->state == ssl_connection_complete)
|
|
||||||
- return CURLE_OK;
|
|
||||||
-
|
|
||||||
connssl->data = data;
|
|
||||||
|
|
||||||
/* list of all NSS objects we need to destroy in Curl_nss_close() */
|
|
||||||
@@ -1749,10 +1746,6 @@ static CURLcode nss_do_connect(struct connectdata *conn, int sockindex)
|
|
||||||
goto error;
|
|
||||||
}
|
|
||||||
|
|
||||||
- connssl->state = ssl_connection_complete;
|
|
||||||
- conn->recv[sockindex] = nss_recv;
|
|
||||||
- conn->send[sockindex] = nss_send;
|
|
||||||
-
|
|
||||||
display_conn_info(conn, connssl->handle);
|
|
||||||
|
|
||||||
if(data->set.str[STRING_SSL_ISSUERCERT]) {
|
|
||||||
@@ -1788,6 +1781,9 @@ static CURLcode nss_connect_common(struct connectdata *conn, int sockindex,
|
|
||||||
const bool blocking = (done == NULL);
|
|
||||||
CURLcode rv;
|
|
||||||
|
|
||||||
+ if(connssl->state == ssl_connection_complete)
|
|
||||||
+ return CURLE_OK;
|
|
||||||
+
|
|
||||||
if(connssl->connecting_state == ssl_connect_1) {
|
|
||||||
rv = nss_setup_connect(conn, sockindex);
|
|
||||||
if(rv)
|
|
||||||
@@ -1827,7 +1823,12 @@ static CURLcode nss_connect_common(struct connectdata *conn, int sockindex,
|
|
||||||
/* signal completed SSL handshake */
|
|
||||||
*done = TRUE;
|
|
||||||
|
|
||||||
- connssl->connecting_state = ssl_connect_done;
|
|
||||||
+ connssl->state = ssl_connection_complete;
|
|
||||||
+ conn->recv[sockindex] = nss_recv;
|
|
||||||
+ conn->send[sockindex] = nss_send;
|
|
||||||
+
|
|
||||||
+ /* ssl_connect_done is never used outside, go back to the initial state */
|
|
||||||
+ connssl->connecting_state = ssl_connect_1;
|
|
||||||
return CURLE_OK;
|
|
||||||
}
|
|
||||||
|
|
||||||
--
|
|
||||||
2.1.0
|
|
||||||
|
|
@ -1,7 +0,0 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
Version: GnuPG v1
|
|
||||||
|
|
||||||
iEYEABECAAYFAlQP74cACgkQeOEcayedXJFCawCdH3UiuHmb8+ZZwGJp6lGKzplN
|
|
||||||
U6AAnj4WsEGF5Ywf8s4ueF3Y6bFFwX4R
|
|
||||||
=9D9Q
|
|
||||||
-----END PGP SIGNATURE-----
|
|
7
curl-7.39.0.tar.lzma.asc
Normal file
7
curl-7.39.0.tar.lzma.asc
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
Version: GnuPG v1
|
||||||
|
|
||||||
|
iEYEABECAAYFAlRZ0ScACgkQeOEcayedXJFMdwCg+1jN1OAfEVzzyJQVtBKactH7
|
||||||
|
KLsAoI3kTOl5X+Z41Zmd2O6A9kaS23zH
|
||||||
|
=6avy
|
||||||
|
-----END PGP SIGNATURE-----
|
11
curl.spec
11
curl.spec
@ -1,15 +1,12 @@
|
|||||||
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
||||||
Name: curl
|
Name: curl
|
||||||
Version: 7.38.0
|
Version: 7.39.0
|
||||||
Release: 2%{?dist}
|
Release: 1%{?dist}
|
||||||
License: MIT
|
License: MIT
|
||||||
Group: Applications/Internet
|
Group: Applications/Internet
|
||||||
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
|
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
|
||||||
Source2: curlbuild.h
|
Source2: curlbuild.h
|
||||||
|
|
||||||
# fix a connection failure when FTPS handle is reused
|
|
||||||
Patch1: 0001-curl-7.38.0-0aecdf68.patch
|
|
||||||
|
|
||||||
# patch making libcurl multilib ready
|
# patch making libcurl multilib ready
|
||||||
Patch101: 0101-curl-7.32.0-multilib.patch
|
Patch101: 0101-curl-7.32.0-multilib.patch
|
||||||
|
|
||||||
@ -123,7 +120,6 @@ documentation of the library, too.
|
|||||||
%setup -q
|
%setup -q
|
||||||
|
|
||||||
# upstream patches
|
# upstream patches
|
||||||
%patch1 -p1
|
|
||||||
|
|
||||||
# Fedora patches
|
# Fedora patches
|
||||||
%patch101 -p1
|
%patch101 -p1
|
||||||
@ -247,6 +243,9 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
%{_datadir}/aclocal/libcurl.m4
|
%{_datadir}/aclocal/libcurl.m4
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Nov 05 2014 Kamil Dudka <kdudka@redhat.com> 7.39.0-1
|
||||||
|
- new upstream release (fixes CVE-2014-3707)
|
||||||
|
|
||||||
* Tue Oct 21 2014 Kamil Dudka <kdudka@redhat.com> 7.38.0-2
|
* Tue Oct 21 2014 Kamil Dudka <kdudka@redhat.com> 7.38.0-2
|
||||||
- fix a connection failure when FTPS handle is reused
|
- fix a connection failure when FTPS handle is reused
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user