diff --git a/0002-curl-7.21.7-5eb2396.patch b/0002-curl-7.21.7-5eb2396.patch new file mode 100644 index 0000000..e104e3a --- /dev/null +++ b/0002-curl-7.21.7-5eb2396.patch @@ -0,0 +1,30 @@ +From 5eb2396cd15cbbf73b02ad6bbcc313167330c2b5 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Thu, 4 Aug 2011 23:22:48 +0200 +Subject: [PATCH] segfault fixed + +When using both -J and a single -O with multiple URLs, a missing init +could cause badness. + +Bug: http://curl.haxx.se/mail/lib-2011-07/0126.html and + http://bugzilla.redhat.com/723075 +Reported by: Paul Howarth and Garrett Holmstrom +--- + src/main.c | 1 + + 1 files changed, 1 insertions(+), 0 deletions(-) + +diff --git a/src/main.c b/src/main.c +index 6dcf333..eae45de 100644 +--- a/src/main.c ++++ b/src/main.c +@@ -4898,6 +4898,7 @@ operate(struct Configurable *config, int argc, argv_item_t argv[]) + outs.stream = stdout; + outs.config = config; + outs.bytes = 0; /* nothing written yet */ ++ outs.filename = NULL; + + /* save outfile pattern before expansion */ + if(urlnode->outfile) { +-- +1.7.4.4 + diff --git a/0003-curl-7.21.7-5538904.patch b/0003-curl-7.21.7-5538904.patch new file mode 100644 index 0000000..1374ad8 --- /dev/null +++ b/0003-curl-7.21.7-5538904.patch @@ -0,0 +1,131 @@ +From 9698db7fd56b08cc8f9bdeb2182bc9afdbcb4f90 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Fri, 12 Aug 2011 14:48:32 +0200 +Subject: [PATCH 1/2] added --delegation + +Using this option with an argument being set to one of +none/policy/always instructs libcurl how to deal with GSS +credentials. Or rather how it tells the server that delegation is fine +or not. + +Signed-off-by: Kamil Dudka +--- + src/main.c | 29 ++++++++++++++++++++++++++--- + 1 files changed, 26 insertions(+), 3 deletions(-) + +diff --git a/src/main.c b/src/main.c +index d85bf62..3a2595c 100644 +--- a/src/main.c ++++ b/src/main.c +@@ -659,6 +659,7 @@ struct Configurable { + basically each given URL to transfer */ + struct OutStruct *outs; + bool xattr; /* store metadata in extended attributes */ ++ long gssapi_delegation; + }; + + #define WARN_PREFIX "Warning: " +@@ -817,6 +818,7 @@ static void help(void) + " --data-binary HTTP POST binary data (H)", + " --data-urlencode " + "HTTP POST data url encoded (H)", ++ " --delegation STRING GSS-API delegation permission", + " --digest Use HTTP Digest Authentication (H)", + " --disable-eprt Inhibit using EPRT or LPRT (F)", + " --disable-epsv Inhibit using EPSV (F)", +@@ -1823,6 +1825,18 @@ static int sockoptcallback(void *clientp, curl_socket_t curlfd, + return 0; + } + ++static long delegation(struct Configurable *config, ++ char *str) ++{ ++ if(curlx_raw_equal("none", str)) ++ return CURLGSSAPI_DELEGATION_NONE; ++ if(curlx_raw_equal("policy", str)) ++ return CURLGSSAPI_DELEGATION_POLICY_FLAG; ++ if(curlx_raw_equal("always", str)) ++ return CURLGSSAPI_DELEGATION_FLAG; ++ warnf(config, "unrecognized delegation method '%s', using none\n", str); ++ return CURLGSSAPI_DELEGATION_NONE; ++} + + static ParameterError getparameter(char *flag, /* f or -long-flag */ + char *nextarg, /* NULL if unset */ +@@ -1942,6 +1956,7 @@ static ParameterError getparameter(char *flag, /* f or -long-flag */ + {"$D", "proto", TRUE}, + {"$E", "proto-redir", TRUE}, + {"$F", "resolve", TRUE}, ++ {"$G", "delegation", TRUE}, + {"0", "http1.0", FALSE}, + {"1", "tlsv1", FALSE}, + {"2", "sslv2", FALSE}, +@@ -2516,6 +2531,9 @@ static ParameterError getparameter(char *flag, /* f or -long-flag */ + if(err) + return err; + break; ++ case 'G': /* --delegation LEVEL */ ++ config->gssapi_delegation = delegation(config, nextarg); ++ break; + } + break; + case '#': /* --progress-bar */ +@@ -5564,9 +5582,14 @@ operate(struct Configurable *config, int argc, argv_item_t argv[]) + /* new in 7.21.3 */ + my_setopt(curl, CURLOPT_RESOLVE, config->resolve); + +- /* TODO: new in ### */ +- curl_easy_setopt(curl, CURLOPT_TLSAUTH_USERNAME, config->tls_username); +- curl_easy_setopt(curl, CURLOPT_TLSAUTH_PASSWORD, config->tls_password); ++ /* new in 7.21.4 */ ++ my_setopt_str(curl, CURLOPT_TLSAUTH_USERNAME, config->tls_username); ++ my_setopt_str(curl, CURLOPT_TLSAUTH_PASSWORD, config->tls_password); ++ ++ /* new in 7.22.0 */ ++ if(config->gssapi_delegation) ++ my_setopt_str(curl, CURLOPT_GSSAPI_DELEGATION, ++ config->gssapi_delegation); + + retry_numretries = config->req_retry; + +-- +1.7.4.4 + + +From 8e404e1c3846cc98a1977514af5b0432ae2de755 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Fri, 12 Aug 2011 23:51:41 +0200 +Subject: [PATCH 2/2] docs: --delegation + + +Signed-off-by: Kamil Dudka +--- + docs/curl.1 | 12 ++++++++++++ + 1 files changed, 12 insertions(+), 0 deletions(-) + +diff --git a/docs/curl.1 b/docs/curl.1 +index 812b2eb..eee3481 100644 +--- a/docs/curl.1 ++++ b/docs/curl.1 +@@ -320,6 +320,18 @@ URL-encode that data and pass it on in the POST. The name part gets an equal + sign appended, resulting in \fIname=urlencoded-file-content\fP. Note that the + name is expected to be URL-encoded already. + .RE ++.IP "--delegation LEVEL" ++Set \fILEVEL\fP to tell the server what it is allowed to delegate when it ++comes to user credentials. Used with GSS/kerberos. ++.RS ++.IP "none" ++Don't allow any delegation. ++.IP "policy" ++Delegates if and only if the OK-AS-DELEGATE flag is set in the Kerberos ++service ticket, which is a matter of realm policy. ++.IP "always" ++Unconditionally allow the server to delegate. ++.RE + .IP "--digest" + (HTTP) Enables HTTP Digest authentication. This is a authentication that + prevents the password from being sent over the wire in clear text. Use this in +-- +1.7.4.4 + diff --git a/0004-curl-7.21.7-d6f319f.patch b/0004-curl-7.21.7-d6f319f.patch new file mode 100644 index 0000000..33f430d --- /dev/null +++ b/0004-curl-7.21.7-d6f319f.patch @@ -0,0 +1,118 @@ +From 857fed6e245a9620b0f25a2f4ca6d6dc01584674 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Mon, 15 Aug 2011 13:48:45 +0200 +Subject: [PATCH] nss: start with no database if the selected database is + broken + +Bug: https://bugzilla.redhat.com/728562 + +Signed-off-by: Kamil Dudka +--- + lib/nss.c | 63 +++++++++++++++++++++++++++++++++++++----------------------- + 1 files changed, 39 insertions(+), 24 deletions(-) + +diff --git a/lib/nss.c b/lib/nss.c +index 3dc0ba6..94a530b 100644 +--- a/lib/nss.c ++++ b/lib/nss.c +@@ -898,10 +898,42 @@ isTLSIntoleranceError(PRInt32 err) + } + } + +-static CURLcode init_nss(struct SessionHandle *data) ++static CURLcode nss_init_core(struct SessionHandle *data, const char *cert_dir) ++{ ++ if(NSS_IsInitialized()) ++ return CURLE_OK; ++ ++ if(cert_dir) { ++ SECStatus rv; ++ const bool use_sql = NSS_VersionCheck("3.12.0"); ++ char *certpath = aprintf("%s%s", use_sql ? "sql:" : "", cert_dir); ++ if(!certpath) ++ return CURLE_OUT_OF_MEMORY; ++ ++ infof(data, "Initializing NSS with certpath: %s\n", certpath); ++ rv = NSS_Initialize(certpath, "", "", "", NSS_INIT_READONLY); ++ free(certpath); ++ ++ if(rv == SECSuccess) ++ return CURLE_OK; ++ ++ infof(data, "Unable to initialize NSS database\n"); ++ } ++ ++ infof(data, "Initializing NSS with certpath: none\n"); ++ if(NSS_NoDB_Init(NULL) == SECSuccess) ++ return CURLE_OK; ++ ++ infof(data, "Unable to initialize NSS\n"); ++ return CURLE_SSL_CACERT_BADFILE; ++} ++ ++static CURLcode nss_init(struct SessionHandle *data) + { + char *cert_dir; + struct_stat st; ++ CURLcode rv; ++ + if(initialized) + return CURLE_OK; + +@@ -922,31 +954,14 @@ static CURLcode init_nss(struct SessionHandle *data) + } + } + +- if(!NSS_IsInitialized()) { +- SECStatus rv; +- initialized = 1; +- infof(data, "Initializing NSS with certpath: %s\n", +- cert_dir ? cert_dir : "none"); +- if(!cert_dir) { +- rv = NSS_NoDB_Init(NULL); +- } +- else { +- char *certpath = +- PR_smprintf("%s%s", NSS_VersionCheck("3.12.0") ? "sql:" : "", +- cert_dir); +- rv = NSS_Initialize(certpath, "", "", "", NSS_INIT_READONLY); +- PR_smprintf_free(certpath); +- } +- if(rv != SECSuccess) { +- infof(data, "Unable to initialize NSS database\n"); +- initialized = 0; +- return CURLE_SSL_CACERT_BADFILE; +- } +- } ++ rv = nss_init_core(data, cert_dir); ++ if(rv) ++ return rv; + + if(num_enabled_ciphers() == 0) + NSS_SetDomesticPolicy(); + ++ initialized = 1; + return CURLE_OK; + } + +@@ -981,7 +996,7 @@ CURLcode Curl_nss_force_init(struct SessionHandle *data) + } + + PR_Lock(nss_initlock); +- rv = init_nss(data); ++ rv = nss_init(data); + PR_Unlock(nss_initlock); + return rv; + } +@@ -1184,7 +1199,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) + + /* FIXME. NSS doesn't support multiple databases open at the same time. */ + PR_Lock(nss_initlock); +- curlerr = init_nss(conn->data); ++ curlerr = nss_init(conn->data); + if(CURLE_OK != curlerr) { + PR_Unlock(nss_initlock); + goto error; +-- +1.7.4.4 + diff --git a/curl.spec b/curl.spec index 5e50e51..b03c307 100644 --- a/curl.spec +++ b/curl.spec @@ -1,7 +1,7 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl Version: 7.21.7 -Release: 2%{?dist} +Release: 3%{?dist} License: MIT Group: Applications/Internet Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma @@ -11,6 +11,15 @@ Source3: hide_selinux.c # add a new option CURLOPT_GSSAPI_DELEGATION (#719939) Patch1: 0001-curl-7.21.7-a7864c4.patch +# fix SIGSEGV of curl -O -J given more than one URLs (#723075) +Patch2: 0002-curl-7.21.7-5eb2396.patch + +# introduce the --delegation option of curl (#730444) +Patch3: 0003-curl-7.21.7-5538904.patch + +# initialize NSS with no database if the selected database is broken (#728562) +Patch4: 0004-curl-7.21.7-d6f319f.patch + # patch making libcurl multilib ready Patch101: 0101-curl-7.21.1-multilib.patch @@ -111,6 +120,9 @@ done # upstream patches (already applied) %patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 # Fedora patches %patch101 -p1 @@ -224,6 +236,11 @@ rm -rf $RPM_BUILD_ROOT %{_datadir}/aclocal/libcurl.m4 %changelog +* Mon Aug 15 2011 Kamil Dudka 7.21.7-3 +- fix SIGSEGV of curl -O -J given more than one URLs (#723075) +- introduce the --delegation option of curl (#730444) +- initialize NSS with no database if the selected database is broken (#728562) + * Wed Aug 03 2011 Kamil Dudka 7.21.7-2 - add a new option CURLOPT_GSSAPI_DELEGATION (#719939)