diff --git a/0001-curl-7.44.0-958d2ffb.patch b/0001-curl-7.44.0-958d2ffb.patch deleted file mode 100644 index 4a6f919..0000000 --- a/0001-curl-7.44.0-958d2ffb.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 98dee5ab5a862a506beb8a7bf60c0aaec3b08a0f Mon Sep 17 00:00:00 2001 -From: Kamil Dudka -Date: Fri, 18 Sep 2015 17:07:22 +0200 -Subject: [PATCH 1/2] nss: check return values of NSS functions - -Upstream-commit: a9fd53887ba07cd8313a8b9706f2dc71d6b8ed1b -Signed-off-by: Kamil Dudka ---- - lib/vtls/nss.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c -index 91727c7..1fa1c64 100644 ---- a/lib/vtls/nss.c -+++ b/lib/vtls/nss.c -@@ -1792,9 +1792,13 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex) - - - /* Force handshake on next I/O */ -- SSL_ResetHandshake(connssl->handle, /* asServer */ PR_FALSE); -+ if(SSL_ResetHandshake(connssl->handle, /* asServer */ PR_FALSE) -+ != SECSuccess) -+ goto error; - -- SSL_SetURL(connssl->handle, conn->host.name); -+ /* propagate hostname to the TLS layer */ -+ if(SSL_SetURL(connssl->handle, conn->host.name) != SECSuccess) -+ goto error; - - return CURLE_OK; - --- -2.5.2 - - -From d082ad368ecec7894d8e9e9a35336b2350c30ade Mon Sep 17 00:00:00 2001 -From: Kamil Dudka -Date: Fri, 18 Sep 2015 17:10:05 +0200 -Subject: [PATCH 2/2] nss: prevent NSS from incorrectly re-using a session - -Without this workaround, NSS re-uses a session cache entry despite the -server name does not match. This causes SNI host name to differ from -the actual host name. Consequently, certain servers (e.g. github.com) -respond by 400 to such requests. - -Bug: https://bugzilla.mozilla.org/1202264 - -Upstream-commit: 958d2ffb198166a062a0ff20d009c64972a2b374 -Signed-off-by: Kamil Dudka ---- - lib/vtls/nss.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c -index 1fa1c64..3d73ffe 100644 ---- a/lib/vtls/nss.c -+++ b/lib/vtls/nss.c -@@ -1800,6 +1800,10 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex) - if(SSL_SetURL(connssl->handle, conn->host.name) != SECSuccess) - goto error; - -+ /* prevent NSS from re-using the session for a different hostname */ -+ if(SSL_SetSockPeerID(connssl->handle, conn->host.name) != SECSuccess) -+ goto error; -+ - return CURLE_OK; - - error: --- -2.5.2 - diff --git a/curl.spec b/curl.spec index cb0541b..5b5db32 100644 --- a/curl.spec +++ b/curl.spec @@ -1,15 +1,12 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl -Version: 7.44.0 -Release: 2%{?dist} +Version: 7.45.0 +Release: 1%{?dist} License: MIT Group: Applications/Internet Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma Source2: curlbuild.h -# prevent NSS from incorrectly re-using a session (#1104597) -Patch1: 0001-curl-7.44.0-958d2ffb.patch - # patch making libcurl multilib ready Patch101: 0101-curl-7.32.0-multilib.patch @@ -120,7 +117,7 @@ documentation of the library, too. %setup -q # upstream patches -%patch1 -p1 +# (none) # Fedora patches %patch101 -p1 @@ -213,7 +210,6 @@ rm -rf $RPM_BUILD_ROOT %postun -n libcurl -p /sbin/ldconfig %files -%defattr(-,root,root,-) %doc CHANGES README* %doc docs/BUGS docs/FAQ docs/FEATURES %doc docs/MANUAL docs/RESOURCES @@ -222,13 +218,11 @@ rm -rf $RPM_BUILD_ROOT %{_mandir}/man1/curl.1* %files -n libcurl -%defattr(-,root,root,-) %{!?_licensedir:%global license %%doc} %license COPYING %{_libdir}/libcurl.so.* %files -n libcurl-devel -%defattr(-,root,root,-) %doc docs/examples/*.c docs/examples/Makefile.example docs/INTERNALS %doc docs/CONTRIBUTE docs/libcurl/ABI %{_bindir}/curl-config* @@ -240,6 +234,10 @@ rm -rf $RPM_BUILD_ROOT %{_datadir}/aclocal/libcurl.m4 %changelog +* Wed Oct 7 2015 Paul Howarth 7.45.0-1 +- new upstream release +- drop %%defattr, redundant since rpm 4.4 + * Fri Sep 18 2015 Kamil Dudka 7.44.0-2 - prevent NSS from incorrectly re-using a session (#1104597) diff --git a/sources b/sources index 50d8b76..2967177 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -2f924c80bb7124dff1b39f54ffda3781 curl-7.44.0.tar.lzma +c9a0a77f71fdc6b0f925bc3e79eb77f6 curl-7.45.0.tar.lzma