diff --git a/curl-7.19.6-verifyhost.patch b/curl-7.19.6-verifyhost.patch deleted file mode 100644 index ce0abd1..0000000 --- a/curl-7.19.6-verifyhost.patch +++ /dev/null @@ -1,54 +0,0 @@ -diff -rup curl-7.19.6.orig/lib/nss.c curl-7.19.6/lib/nss.c ---- curl-7.19.6.orig/lib/nss.c 2009-08-14 11:14:45.423733097 +0200 -+++ curl-7.19.6/lib/nss.c 2009-08-14 11:15:04.142733360 +0200 -@@ -615,16 +615,26 @@ static SECStatus BadCertHandler(void *ar - issuer); - break; - case SSL_ERROR_BAD_CERT_DOMAIN: -- if(conn->data->set.ssl.verifypeer) -+ if(conn->data->set.ssl.verifyhost) { -+ failf(conn->data, "common name '%s' does not match '%s'", -+ subject, conn->host.dispname); - success = SECFailure; -- infof(conn->data, "common name: %s (does not match '%s')\n", -- subject, conn->host.dispname); -+ } else { -+ infof(conn->data, "warning: common name '%s' does not match '%s'\n", -+ subject, conn->host.dispname); -+ } - break; - case SEC_ERROR_EXPIRED_CERTIFICATE: - if(conn->data->set.ssl.verifypeer) - success = SECFailure; - infof(conn->data, "Remote Certificate has expired.\n"); - break; -+ case SEC_ERROR_UNKNOWN_ISSUER: -+ if(conn->data->set.ssl.verifypeer) -+ success = SECFailure; -+ infof(conn->data, "Peer's certificate issuer is not recognized: '%s'\n", -+ issuer); -+ break; - default: - if(conn->data->set.ssl.verifypeer) - success = SECFailure; -@@ -1067,6 +1077,9 @@ CURLcode Curl_nss_connect(struct connect - } - } - -+ if(data->set.ssl.verifyhost == 1) -+ infof(data, "warning: ignoring unsupported value (1) of ssl.verifyhost\n"); -+ - data->set.ssl.certverifyresult=0; /* not checked yet */ - if(SSL_BadCertHook(model, (SSLBadCertHandler) BadCertHandler, conn) - != SECSuccess) { -@@ -1200,7 +1213,9 @@ CURLcode Curl_nss_connect(struct connect - if(SSL_ForceHandshakeWithTimeout(connssl->handle, - PR_SecondsToInterval(HANDSHAKE_TIMEOUT)) - != SECSuccess) { -- if(conn->data->set.ssl.certverifyresult!=0) -+ if(conn->data->set.ssl.certverifyresult == SSL_ERROR_BAD_CERT_DOMAIN) -+ curlerr = CURLE_PEER_FAILED_VERIFICATION; -+ else if(conn->data->set.ssl.certverifyresult!=0) - curlerr = CURLE_SSL_CACERT; - goto error; - } diff --git a/curl-7.19.7-modelfree.patch b/curl-7.19.7-modelfree.patch new file mode 100644 index 0000000..3dcd10f --- /dev/null +++ b/curl-7.19.7-modelfree.patch @@ -0,0 +1,12 @@ +diff --git a/lib/nss.c b/lib/nss.c +index ea904af..addc165 100644 +--- a/lib/nss.c ++++ b/lib/nss.c +@@ -1222,6 +1222,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) + if(!connssl->handle) + goto error; + PR_Close(model); /* We don't need this any more */ ++ model = NULL; + + /* This is the password associated with the cert that we're using */ + if (data->set.str[STRING_KEY_PASSWD]) { diff --git a/curl.spec b/curl.spec index 94cd04a..b24f348 100644 --- a/curl.spec +++ b/curl.spec @@ -1,11 +1,11 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl -Version: 7.19.6 +Version: 7.19.7 Release: 1%{?dist} License: MIT Group: Applications/Internet Source: http://curl.haxx.se/download/%{name}-%{version}.tar.bz2 -Patch1: curl-7.19.6-verifyhost.patch +Patch1: curl-7.19.7-modelfree.patch Patch101: curl-7.15.3-multilib.patch Patch102: curl-7.16.0-privlibs.patch Patch103: curl-7.19.4-debug.patch @@ -66,7 +66,7 @@ done %build autoconf export CPPFLAGS="$(pkg-config --cflags nss) -DHAVE_PK11_CREATEGENERICOBJECT" -%configure --without-ssl --with-nss=%{_prefix} --enable-ipv6 \ +%configure --without-ssl --with-nss --enable-ipv6 \ --with-ca-bundle=%{_sysconfdir}/pki/tls/certs/ca-bundle.crt \ --with-gssapi=%{_prefix}/kerberos --with-libidn \ --enable-ldaps --disable-static --with-libssh2 @@ -148,6 +148,11 @@ rm -rf $RPM_BUILD_ROOT %{_datadir}/aclocal/libcurl.m4 %changelog +* Thu Nov 12 2009 Kamil Dudka 7.19.7-1 +- new upstream release, dropped applied patches +- fix crash on doubly closed NSPR descriptor, patch contributed + by Kevin Baughman (#534176) + * Fri Aug 14 2009 Kamil Dudka 7.19.6-1 - new upstream release, dropped applied patches - changed NSS code to not ignore the value of ssl.verifyhost and produce more