diff --git a/0001-curl-7.38.0-0aecdf68.patch b/0001-curl-7.38.0-0aecdf68.patch new file mode 100644 index 0000000..4f094f0 --- /dev/null +++ b/0001-curl-7.38.0-0aecdf68.patch @@ -0,0 +1,67 @@ +From 2c00131b1eedd1cf53902f8cc49c90b4d46c5753 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Mon, 20 Oct 2014 18:18:57 +0200 +Subject: [PATCH] nss: reset SSL handshake state machine + +... when the handshake succeeds + +This fixes a connection failure when FTPS handle is reused. + +Upstream-commit: 0aecdf682895b42c25b232e91529f48bdf7738b3 +Signed-off-by: Kamil Dudka +--- + lib/vtls/nss.c | 17 +++++++++-------- + 1 file changed, 9 insertions(+), 8 deletions(-) + +diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c +index 83b3e32..a925b12 100644 +--- a/lib/vtls/nss.c ++++ b/lib/vtls/nss.c +@@ -1482,9 +1482,6 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex) + #endif + + +- if(connssl->state == ssl_connection_complete) +- return CURLE_OK; +- + connssl->data = data; + + /* list of all NSS objects we need to destroy in Curl_nss_close() */ +@@ -1749,10 +1746,6 @@ static CURLcode nss_do_connect(struct connectdata *conn, int sockindex) + goto error; + } + +- connssl->state = ssl_connection_complete; +- conn->recv[sockindex] = nss_recv; +- conn->send[sockindex] = nss_send; +- + display_conn_info(conn, connssl->handle); + + if(data->set.str[STRING_SSL_ISSUERCERT]) { +@@ -1788,6 +1781,9 @@ static CURLcode nss_connect_common(struct connectdata *conn, int sockindex, + const bool blocking = (done == NULL); + CURLcode rv; + ++ if(connssl->state == ssl_connection_complete) ++ return CURLE_OK; ++ + if(connssl->connecting_state == ssl_connect_1) { + rv = nss_setup_connect(conn, sockindex); + if(rv) +@@ -1827,7 +1823,12 @@ static CURLcode nss_connect_common(struct connectdata *conn, int sockindex, + /* signal completed SSL handshake */ + *done = TRUE; + +- connssl->connecting_state = ssl_connect_done; ++ connssl->state = ssl_connection_complete; ++ conn->recv[sockindex] = nss_recv; ++ conn->send[sockindex] = nss_send; ++ ++ /* ssl_connect_done is never used outside, go back to the initial state */ ++ connssl->connecting_state = ssl_connect_1; + return CURLE_OK; + } + +-- +2.1.0 + diff --git a/curl.spec b/curl.spec index c590604..75be0d3 100644 --- a/curl.spec +++ b/curl.spec @@ -1,12 +1,15 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl Version: 7.38.0 -Release: 1%{?dist} +Release: 2%{?dist} License: MIT Group: Applications/Internet Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma Source2: curlbuild.h +# fix a connection failure when FTPS handle is reused +Patch1: 0001-curl-7.38.0-0aecdf68.patch + # patch making libcurl multilib ready Patch101: 0101-curl-7.32.0-multilib.patch @@ -120,6 +123,7 @@ documentation of the library, too. %setup -q # upstream patches +%patch1 -p1 # Fedora patches %patch101 -p1 @@ -243,6 +247,9 @@ rm -rf $RPM_BUILD_ROOT %{_datadir}/aclocal/libcurl.m4 %changelog +* Tue Oct 21 2014 Kamil Dudka 7.38.0-2 +- fix a connection failure when FTPS handle is reused + * Wed Sep 10 2014 Kamil Dudka 7.38.0-1 - new upstream release (fixes CVE-2014-3613 and CVE-2014-3620)