- fix SIGSEGV of curl -O -J given more than one URLs (#723075) - introduce the --delegation option of curl (#730444) - initialize NSS with no database if the selected database is broken (#728562)
This commit is contained in:
parent
4894bf2d1a
commit
7293378155
30
0002-curl-7.21.7-5eb2396.patch
Normal file
30
0002-curl-7.21.7-5eb2396.patch
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
From 5eb2396cd15cbbf73b02ad6bbcc313167330c2b5 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daniel Stenberg <daniel@haxx.se>
|
||||||
|
Date: Thu, 4 Aug 2011 23:22:48 +0200
|
||||||
|
Subject: [PATCH] segfault fixed
|
||||||
|
|
||||||
|
When using both -J and a single -O with multiple URLs, a missing init
|
||||||
|
could cause badness.
|
||||||
|
|
||||||
|
Bug: http://curl.haxx.se/mail/lib-2011-07/0126.html and
|
||||||
|
http://bugzilla.redhat.com/723075
|
||||||
|
Reported by: Paul Howarth and Garrett Holmstrom
|
||||||
|
---
|
||||||
|
src/main.c | 1 +
|
||||||
|
1 files changed, 1 insertions(+), 0 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/main.c b/src/main.c
|
||||||
|
index 6dcf333..eae45de 100644
|
||||||
|
--- a/src/main.c
|
||||||
|
+++ b/src/main.c
|
||||||
|
@@ -4898,6 +4898,7 @@ operate(struct Configurable *config, int argc, argv_item_t argv[])
|
||||||
|
outs.stream = stdout;
|
||||||
|
outs.config = config;
|
||||||
|
outs.bytes = 0; /* nothing written yet */
|
||||||
|
+ outs.filename = NULL;
|
||||||
|
|
||||||
|
/* save outfile pattern before expansion */
|
||||||
|
if(urlnode->outfile) {
|
||||||
|
--
|
||||||
|
1.7.4.4
|
||||||
|
|
131
0003-curl-7.21.7-5538904.patch
Normal file
131
0003-curl-7.21.7-5538904.patch
Normal file
@ -0,0 +1,131 @@
|
|||||||
|
From 9698db7fd56b08cc8f9bdeb2182bc9afdbcb4f90 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daniel Stenberg <daniel@haxx.se>
|
||||||
|
Date: Fri, 12 Aug 2011 14:48:32 +0200
|
||||||
|
Subject: [PATCH 1/2] added --delegation
|
||||||
|
|
||||||
|
Using this option with an argument being set to one of
|
||||||
|
none/policy/always instructs libcurl how to deal with GSS
|
||||||
|
credentials. Or rather how it tells the server that delegation is fine
|
||||||
|
or not.
|
||||||
|
|
||||||
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
---
|
||||||
|
src/main.c | 29 ++++++++++++++++++++++++++---
|
||||||
|
1 files changed, 26 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/main.c b/src/main.c
|
||||||
|
index d85bf62..3a2595c 100644
|
||||||
|
--- a/src/main.c
|
||||||
|
+++ b/src/main.c
|
||||||
|
@@ -659,6 +659,7 @@ struct Configurable {
|
||||||
|
basically each given URL to transfer */
|
||||||
|
struct OutStruct *outs;
|
||||||
|
bool xattr; /* store metadata in extended attributes */
|
||||||
|
+ long gssapi_delegation;
|
||||||
|
};
|
||||||
|
|
||||||
|
#define WARN_PREFIX "Warning: "
|
||||||
|
@@ -817,6 +818,7 @@ static void help(void)
|
||||||
|
" --data-binary <data> HTTP POST binary data (H)",
|
||||||
|
" --data-urlencode <name=data/name@filename> "
|
||||||
|
"HTTP POST data url encoded (H)",
|
||||||
|
+ " --delegation STRING GSS-API delegation permission",
|
||||||
|
" --digest Use HTTP Digest Authentication (H)",
|
||||||
|
" --disable-eprt Inhibit using EPRT or LPRT (F)",
|
||||||
|
" --disable-epsv Inhibit using EPSV (F)",
|
||||||
|
@@ -1823,6 +1825,18 @@ static int sockoptcallback(void *clientp, curl_socket_t curlfd,
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
+static long delegation(struct Configurable *config,
|
||||||
|
+ char *str)
|
||||||
|
+{
|
||||||
|
+ if(curlx_raw_equal("none", str))
|
||||||
|
+ return CURLGSSAPI_DELEGATION_NONE;
|
||||||
|
+ if(curlx_raw_equal("policy", str))
|
||||||
|
+ return CURLGSSAPI_DELEGATION_POLICY_FLAG;
|
||||||
|
+ if(curlx_raw_equal("always", str))
|
||||||
|
+ return CURLGSSAPI_DELEGATION_FLAG;
|
||||||
|
+ warnf(config, "unrecognized delegation method '%s', using none\n", str);
|
||||||
|
+ return CURLGSSAPI_DELEGATION_NONE;
|
||||||
|
+}
|
||||||
|
|
||||||
|
static ParameterError getparameter(char *flag, /* f or -long-flag */
|
||||||
|
char *nextarg, /* NULL if unset */
|
||||||
|
@@ -1942,6 +1956,7 @@ static ParameterError getparameter(char *flag, /* f or -long-flag */
|
||||||
|
{"$D", "proto", TRUE},
|
||||||
|
{"$E", "proto-redir", TRUE},
|
||||||
|
{"$F", "resolve", TRUE},
|
||||||
|
+ {"$G", "delegation", TRUE},
|
||||||
|
{"0", "http1.0", FALSE},
|
||||||
|
{"1", "tlsv1", FALSE},
|
||||||
|
{"2", "sslv2", FALSE},
|
||||||
|
@@ -2516,6 +2531,9 @@ static ParameterError getparameter(char *flag, /* f or -long-flag */
|
||||||
|
if(err)
|
||||||
|
return err;
|
||||||
|
break;
|
||||||
|
+ case 'G': /* --delegation LEVEL */
|
||||||
|
+ config->gssapi_delegation = delegation(config, nextarg);
|
||||||
|
+ break;
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case '#': /* --progress-bar */
|
||||||
|
@@ -5564,9 +5582,14 @@ operate(struct Configurable *config, int argc, argv_item_t argv[])
|
||||||
|
/* new in 7.21.3 */
|
||||||
|
my_setopt(curl, CURLOPT_RESOLVE, config->resolve);
|
||||||
|
|
||||||
|
- /* TODO: new in ### */
|
||||||
|
- curl_easy_setopt(curl, CURLOPT_TLSAUTH_USERNAME, config->tls_username);
|
||||||
|
- curl_easy_setopt(curl, CURLOPT_TLSAUTH_PASSWORD, config->tls_password);
|
||||||
|
+ /* new in 7.21.4 */
|
||||||
|
+ my_setopt_str(curl, CURLOPT_TLSAUTH_USERNAME, config->tls_username);
|
||||||
|
+ my_setopt_str(curl, CURLOPT_TLSAUTH_PASSWORD, config->tls_password);
|
||||||
|
+
|
||||||
|
+ /* new in 7.22.0 */
|
||||||
|
+ if(config->gssapi_delegation)
|
||||||
|
+ my_setopt_str(curl, CURLOPT_GSSAPI_DELEGATION,
|
||||||
|
+ config->gssapi_delegation);
|
||||||
|
|
||||||
|
retry_numretries = config->req_retry;
|
||||||
|
|
||||||
|
--
|
||||||
|
1.7.4.4
|
||||||
|
|
||||||
|
|
||||||
|
From 8e404e1c3846cc98a1977514af5b0432ae2de755 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daniel Stenberg <daniel@haxx.se>
|
||||||
|
Date: Fri, 12 Aug 2011 23:51:41 +0200
|
||||||
|
Subject: [PATCH 2/2] docs: --delegation
|
||||||
|
|
||||||
|
|
||||||
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
---
|
||||||
|
docs/curl.1 | 12 ++++++++++++
|
||||||
|
1 files changed, 12 insertions(+), 0 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/docs/curl.1 b/docs/curl.1
|
||||||
|
index 812b2eb..eee3481 100644
|
||||||
|
--- a/docs/curl.1
|
||||||
|
+++ b/docs/curl.1
|
||||||
|
@@ -320,6 +320,18 @@ URL-encode that data and pass it on in the POST. The name part gets an equal
|
||||||
|
sign appended, resulting in \fIname=urlencoded-file-content\fP. Note that the
|
||||||
|
name is expected to be URL-encoded already.
|
||||||
|
.RE
|
||||||
|
+.IP "--delegation LEVEL"
|
||||||
|
+Set \fILEVEL\fP to tell the server what it is allowed to delegate when it
|
||||||
|
+comes to user credentials. Used with GSS/kerberos.
|
||||||
|
+.RS
|
||||||
|
+.IP "none"
|
||||||
|
+Don't allow any delegation.
|
||||||
|
+.IP "policy"
|
||||||
|
+Delegates if and only if the OK-AS-DELEGATE flag is set in the Kerberos
|
||||||
|
+service ticket, which is a matter of realm policy.
|
||||||
|
+.IP "always"
|
||||||
|
+Unconditionally allow the server to delegate.
|
||||||
|
+.RE
|
||||||
|
.IP "--digest"
|
||||||
|
(HTTP) Enables HTTP Digest authentication. This is a authentication that
|
||||||
|
prevents the password from being sent over the wire in clear text. Use this in
|
||||||
|
--
|
||||||
|
1.7.4.4
|
||||||
|
|
118
0004-curl-7.21.7-d6f319f.patch
Normal file
118
0004-curl-7.21.7-d6f319f.patch
Normal file
@ -0,0 +1,118 @@
|
|||||||
|
From 857fed6e245a9620b0f25a2f4ca6d6dc01584674 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
Date: Mon, 15 Aug 2011 13:48:45 +0200
|
||||||
|
Subject: [PATCH] nss: start with no database if the selected database is
|
||||||
|
broken
|
||||||
|
|
||||||
|
Bug: https://bugzilla.redhat.com/728562
|
||||||
|
|
||||||
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
---
|
||||||
|
lib/nss.c | 63 +++++++++++++++++++++++++++++++++++++-----------------------
|
||||||
|
1 files changed, 39 insertions(+), 24 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/nss.c b/lib/nss.c
|
||||||
|
index 3dc0ba6..94a530b 100644
|
||||||
|
--- a/lib/nss.c
|
||||||
|
+++ b/lib/nss.c
|
||||||
|
@@ -898,10 +898,42 @@ isTLSIntoleranceError(PRInt32 err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
-static CURLcode init_nss(struct SessionHandle *data)
|
||||||
|
+static CURLcode nss_init_core(struct SessionHandle *data, const char *cert_dir)
|
||||||
|
+{
|
||||||
|
+ if(NSS_IsInitialized())
|
||||||
|
+ return CURLE_OK;
|
||||||
|
+
|
||||||
|
+ if(cert_dir) {
|
||||||
|
+ SECStatus rv;
|
||||||
|
+ const bool use_sql = NSS_VersionCheck("3.12.0");
|
||||||
|
+ char *certpath = aprintf("%s%s", use_sql ? "sql:" : "", cert_dir);
|
||||||
|
+ if(!certpath)
|
||||||
|
+ return CURLE_OUT_OF_MEMORY;
|
||||||
|
+
|
||||||
|
+ infof(data, "Initializing NSS with certpath: %s\n", certpath);
|
||||||
|
+ rv = NSS_Initialize(certpath, "", "", "", NSS_INIT_READONLY);
|
||||||
|
+ free(certpath);
|
||||||
|
+
|
||||||
|
+ if(rv == SECSuccess)
|
||||||
|
+ return CURLE_OK;
|
||||||
|
+
|
||||||
|
+ infof(data, "Unable to initialize NSS database\n");
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ infof(data, "Initializing NSS with certpath: none\n");
|
||||||
|
+ if(NSS_NoDB_Init(NULL) == SECSuccess)
|
||||||
|
+ return CURLE_OK;
|
||||||
|
+
|
||||||
|
+ infof(data, "Unable to initialize NSS\n");
|
||||||
|
+ return CURLE_SSL_CACERT_BADFILE;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static CURLcode nss_init(struct SessionHandle *data)
|
||||||
|
{
|
||||||
|
char *cert_dir;
|
||||||
|
struct_stat st;
|
||||||
|
+ CURLcode rv;
|
||||||
|
+
|
||||||
|
if(initialized)
|
||||||
|
return CURLE_OK;
|
||||||
|
|
||||||
|
@@ -922,31 +954,14 @@ static CURLcode init_nss(struct SessionHandle *data)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
- if(!NSS_IsInitialized()) {
|
||||||
|
- SECStatus rv;
|
||||||
|
- initialized = 1;
|
||||||
|
- infof(data, "Initializing NSS with certpath: %s\n",
|
||||||
|
- cert_dir ? cert_dir : "none");
|
||||||
|
- if(!cert_dir) {
|
||||||
|
- rv = NSS_NoDB_Init(NULL);
|
||||||
|
- }
|
||||||
|
- else {
|
||||||
|
- char *certpath =
|
||||||
|
- PR_smprintf("%s%s", NSS_VersionCheck("3.12.0") ? "sql:" : "",
|
||||||
|
- cert_dir);
|
||||||
|
- rv = NSS_Initialize(certpath, "", "", "", NSS_INIT_READONLY);
|
||||||
|
- PR_smprintf_free(certpath);
|
||||||
|
- }
|
||||||
|
- if(rv != SECSuccess) {
|
||||||
|
- infof(data, "Unable to initialize NSS database\n");
|
||||||
|
- initialized = 0;
|
||||||
|
- return CURLE_SSL_CACERT_BADFILE;
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
+ rv = nss_init_core(data, cert_dir);
|
||||||
|
+ if(rv)
|
||||||
|
+ return rv;
|
||||||
|
|
||||||
|
if(num_enabled_ciphers() == 0)
|
||||||
|
NSS_SetDomesticPolicy();
|
||||||
|
|
||||||
|
+ initialized = 1;
|
||||||
|
return CURLE_OK;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -981,7 +996,7 @@ CURLcode Curl_nss_force_init(struct SessionHandle *data)
|
||||||
|
}
|
||||||
|
|
||||||
|
PR_Lock(nss_initlock);
|
||||||
|
- rv = init_nss(data);
|
||||||
|
+ rv = nss_init(data);
|
||||||
|
PR_Unlock(nss_initlock);
|
||||||
|
return rv;
|
||||||
|
}
|
||||||
|
@@ -1184,7 +1199,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
|
||||||
|
|
||||||
|
/* FIXME. NSS doesn't support multiple databases open at the same time. */
|
||||||
|
PR_Lock(nss_initlock);
|
||||||
|
- curlerr = init_nss(conn->data);
|
||||||
|
+ curlerr = nss_init(conn->data);
|
||||||
|
if(CURLE_OK != curlerr) {
|
||||||
|
PR_Unlock(nss_initlock);
|
||||||
|
goto error;
|
||||||
|
--
|
||||||
|
1.7.4.4
|
||||||
|
|
19
curl.spec
19
curl.spec
@ -1,7 +1,7 @@
|
|||||||
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
||||||
Name: curl
|
Name: curl
|
||||||
Version: 7.21.7
|
Version: 7.21.7
|
||||||
Release: 2%{?dist}
|
Release: 3%{?dist}
|
||||||
License: MIT
|
License: MIT
|
||||||
Group: Applications/Internet
|
Group: Applications/Internet
|
||||||
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
|
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
|
||||||
@ -11,6 +11,15 @@ Source3: hide_selinux.c
|
|||||||
# add a new option CURLOPT_GSSAPI_DELEGATION (#719939)
|
# add a new option CURLOPT_GSSAPI_DELEGATION (#719939)
|
||||||
Patch1: 0001-curl-7.21.7-a7864c4.patch
|
Patch1: 0001-curl-7.21.7-a7864c4.patch
|
||||||
|
|
||||||
|
# fix SIGSEGV of curl -O -J given more than one URLs (#723075)
|
||||||
|
Patch2: 0002-curl-7.21.7-5eb2396.patch
|
||||||
|
|
||||||
|
# introduce the --delegation option of curl (#730444)
|
||||||
|
Patch3: 0003-curl-7.21.7-5538904.patch
|
||||||
|
|
||||||
|
# initialize NSS with no database if the selected database is broken (#728562)
|
||||||
|
Patch4: 0004-curl-7.21.7-d6f319f.patch
|
||||||
|
|
||||||
# patch making libcurl multilib ready
|
# patch making libcurl multilib ready
|
||||||
Patch101: 0101-curl-7.21.1-multilib.patch
|
Patch101: 0101-curl-7.21.1-multilib.patch
|
||||||
|
|
||||||
@ -111,6 +120,9 @@ done
|
|||||||
|
|
||||||
# upstream patches (already applied)
|
# upstream patches (already applied)
|
||||||
%patch1 -p1
|
%patch1 -p1
|
||||||
|
%patch2 -p1
|
||||||
|
%patch3 -p1
|
||||||
|
%patch4 -p1
|
||||||
|
|
||||||
# Fedora patches
|
# Fedora patches
|
||||||
%patch101 -p1
|
%patch101 -p1
|
||||||
@ -224,6 +236,11 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
%{_datadir}/aclocal/libcurl.m4
|
%{_datadir}/aclocal/libcurl.m4
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Aug 15 2011 Kamil Dudka <kdudka@redhat.com> 7.21.7-3
|
||||||
|
- fix SIGSEGV of curl -O -J given more than one URLs (#723075)
|
||||||
|
- introduce the --delegation option of curl (#730444)
|
||||||
|
- initialize NSS with no database if the selected database is broken (#728562)
|
||||||
|
|
||||||
* Wed Aug 03 2011 Kamil Dudka <kdudka@redhat.com> 7.21.7-2
|
* Wed Aug 03 2011 Kamil Dudka <kdudka@redhat.com> 7.21.7-2
|
||||||
- add a new option CURLOPT_GSSAPI_DELEGATION (#719939)
|
- add a new option CURLOPT_GSSAPI_DELEGATION (#719939)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user