rpms
/
curl
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

- new upstream release, dropped applied patches 

- fix crash on doubly closed NSPR descriptor, patch contributed by Kevin
    Baughman (#534176)
This commit is contained in:
Kamil Dudka 2009-11-12 12:15:41 +00:00
parent 453e17f89b
commit bdbb3d6ab8
11 changed files with 40 additions and 384 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.cvsignore
View File

@ -1 +1 @@
curl-7.19.6.tar.lzma
curl-7.19.7.tar.lzma

13
curl-7.15.3-multilib.patch
View File

@ -1,7 +1,8 @@
diff -up curl-7.18.0/curl-config.in.multilib curl-7.18.0/curl-config.in
--- curl-7.18.0/curl-config.in.multilib 2008-01-10 23:14:02.000000000 +0100
+++ curl-7.18.0/curl-config.in 2008-02-16 06:48:14.000000000 +0100
@@ -45,7 +45,6 @@
diff --git a/curl-config.in b/curl-config.in
index 1c439a1..9d675ae 100644
--- a/curl-config.in
+++ b/curl-config.in
@@ -42,7 +42,6 @@ Available values for OPTION include:
--libs library linking information
--prefix curl install prefix
--protocols newline separated list of enabled protocols
@ -9,7 +10,7 @@ diff -up curl-7.18.0/curl-config.in.multilib curl-7.18.0/curl-config.in
--version output version information
--vernum output the version information as a number (hexadecimal)
EOF
@@ -72,7 +71,7 @@
@@ -69,7 +68,7 @@ while test $# -gt 0; do
;;
--cc)
@ -18,7 +19,7 @@ diff -up curl-7.18.0/curl-config.in.multilib curl-7.18.0/curl-config.in
;;
--prefix)
@@ -189,20 +188,7 @@
@@ -130,20 +129,7 @@ while test $# -gt 0; do
;;
--libs)

8
curl-7.16.0-privlibs.patch
View File

@ -1,6 +1,8 @@
--- curl-7.16.2/libcurl.pc.in.privlibs 2007-02-18 10:41:27.000000000 +0100
+++ curl-7.16.2/libcurl.pc.in 2007-04-11 20:02:34.000000000 +0200
@@ -33,6 +33,6 @@
diff --git a/libcurl.pc.in b/libcurl.pc.in
index 25beadd..d7c0805 100644
--- a/libcurl.pc.in
+++ b/libcurl.pc.in
@@ -35,6 +35,6 @@ Name: libcurl
URL: http://curl.haxx.se/
Description: Library to transfer files with ftp, http, etc.
Version: @VERSION@

9
curl-7.19.4-debug.patch
View File

@ -1,7 +1,8 @@
diff -ruNp curl-7.19.4.orig/configure.ac curl-7.19.4/configure.ac
--- curl-7.19.4.orig/configure.ac 2009-02-13 15:25:15.000000000 +0100
+++ curl-7.19.4/configure.ac 2009-04-22 11:56:32.171305420 +0200
@@ -241,7 +241,10 @@ dnl ************************************
diff --git a/configure.ac b/configure.ac
index e575a20..81a7772 100644
--- a/configure.ac
+++ b/configure.ac
@@ -228,7 +228,10 @@ dnl **********************************************************************
CURL_CHECK_COMPILER
CURL_SET_COMPILER_BASIC_OPTS

95
curl-7.19.6-autoconf.patch
View File

@ -1,95 +0,0 @@
diff -rup curl-7.19.6.orig/configure.ac curl-7.19.6/configure.ac
--- curl-7.19.6.orig/configure.ac 2009-09-02 15:46:09.396519773 +0200
+++ curl-7.19.6/configure.ac 2009-09-02 15:56:18.750831674 +0200
@@ -1455,22 +1455,37 @@ if test X"$OPT_LIBSSH2" != Xno; then
case "$OPT_LIBSSH2" in
yes)
dnl --with-libssh2 (without path) used
- PREFIX_LIBSSH2=/usr/local/lib
- LIB_LIBSSH2="$PREFIX_LIBSSH2$libsuff"
+ CURL_CHECK_PKGCONFIG(libssh2)
+
+ if test "$PKGCONFIG" != "no" ; then
+ LIB_SSH2=`$PKGCONFIG --libs-only-l libssh2`
+ LD_SSH2=`$PKGCONFIG --libs-only-L libssh2`
+ CPP_SSH2=`$PKGCONFIG --cflags-only-I libssh2`
+ version=`$PKGCONFIG --modversion libssh2`
+ DIR_SSH2=`echo $LD_SSH2 | $SED -e 's/-L//'`
+ fi
+
;;
off)
dnl no --with-libssh2 option given, just check default places
- PREFIX_LIBSSH2=
;;
*)
dnl use the given --with-libssh2 spot
- PREFIX_LIBSSH2=$OPT_LIBSSH2
- LIB_LIBSSH2="$PREFIX_LIBSSH2/lib$libsuff"
- LDFLAGS="$LDFLAGS -L$LIB_LIBSSH2"
- CPPFLAGS="$CPPFLAGS -I$PREFIX_LIBSSH2/include"
+ PREFIX_SSH2=$OPT_LIBSSH2
;;
esac
+ dnl if given with a prefix, we set -L and -I based on that
+ if test -n "$PREFIX_SSH2"; then
+ LD_SSH2=-L${PREFIX_SSH2}/lib
+ CPP_SSH2=-I${PREFIX_SSH2}/include
+ DIR_SSH2=${PREFIX_SSH2}/lib
+ fi
+
+ LDFLAGS="$LDFLAGS $LD_SSH2"
+ CPPFLAGS="$CPPFLAGS $CPP_SSH2"
+ LIBS="$LIBS $LIB_SSH2"
+
AC_CHECK_LIB(ssh2, libssh2_channel_open_ex)
AC_CHECK_HEADERS(libssh2.h,
@@ -1494,10 +1509,15 @@ if test X"$OPT_LIBSSH2" != Xno; then
dnl libssh2_version is a post 1.0 addition
AC_CHECK_FUNCS( libssh2_version )
- LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$LIB_LIBSSH2"
+ LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$DIR_SSH2"
export LD_LIBRARY_PATH
- AC_MSG_NOTICE([Added $LIB_LIBSSH2 to LD_LIBRARY_PATH])
+ AC_MSG_NOTICE([Added $DIR_SSH2 to LD_LIBRARY_PATH])
fi
+ else
+ dnl no libssh2, revert back to clean variables
+ LDFLAGS=$CLEANLDFLAGS
+ CPPFLAGS=$CLEANCPPFLAGS
+ LIBS=$CLEANLIBS
fi
fi
@@ -1665,13 +1685,21 @@ if test "$OPENSSL_ENABLED" != "1" -a "$G
addcflags=`$PKGCONFIG --cflags nss`
version=`$PKGCONFIG --modversion nss`
nssprefix=`$PKGCONFIG --variable=prefix nss`
+ else
+ dnl Without pkg-config, we check for nss-config
+
+ check=`nss-config --version 2>/dev/null`
+ if test -n "$check"; then
+ addlib=`nss-config --libs`
+ addcflags=`nss-config --cflags`
+ version=`nss-config --version`
+ nssprefix=`nss-config --prefix`
+ else
+ addlib="-lnss3"
+ addcflags=""
+ version="unknown"
+ fi
fi
- else
- # Without pkg-config, we'll kludge in some defaults
- addlib="-L$OPT_NSS/lib -lssl3 -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4 -lpthread -ldl"
- addcflags="-I$OPT_NSS/include"
- version="unknown"
- nssprefix=$OPT_NSS
fi
dnl Check for functionPK11_CreateGenericObject
Only in curl-7.19.6.orig: configure.ac.orig

45
curl-7.19.6-nss-cn.patch
View File

@ -1,45 +0,0 @@
diff -rup curl-7.19.6.orig/lib/nss.c curl-7.19.6/lib/nss.c
--- curl-7.19.6.orig/lib/nss.c 2009-08-25 12:27:08.664828503 +0200
+++ curl-7.19.6/lib/nss.c 2009-08-28 11:51:37.764523702 +0200
@@ -591,7 +591,7 @@ static SECStatus BadCertHandler(void *ar
struct connectdata *conn = (struct connectdata *)arg;
PRErrorCode err = PR_GetError();
CERTCertificate *cert = NULL;
- char *subject, *issuer;
+ char *subject, *subject_cn, *issuer;
if(conn->data->set.ssl.certverifyresult!=0)
return success;
@@ -599,6 +599,7 @@ static SECStatus BadCertHandler(void *ar
conn->data->set.ssl.certverifyresult=err;
cert = SSL_PeerCertificate(sock);
subject = CERT_NameToAscii(&cert->subject);
+ subject_cn = CERT_GetCommonName(&cert->subject);
issuer = CERT_NameToAscii(&cert->issuer);
CERT_DestroyCertificate(cert);
@@ -616,12 +617,12 @@ static SECStatus BadCertHandler(void *ar
break;
case SSL_ERROR_BAD_CERT_DOMAIN:
if(conn->data->set.ssl.verifyhost) {
- failf(conn->data, "common name '%s' does not match '%s'",
- subject, conn->host.dispname);
+ failf(conn->data, "SSL: certificate subject name '%s' does not match "
+ "target host name '%s'", subject_cn, conn->host.dispname);
success = SECFailure;
} else {
- infof(conn->data, "warning: common name '%s' does not match '%s'\n",
- subject, conn->host.dispname);
+ infof(conn->data, "warning: SSL: certificate subject name '%s' does not "
+ "match target host name '%s'\n", subject_cn, conn->host.dispname);
}
break;
case SEC_ERROR_EXPIRED_CERTIFICATE:
@@ -645,6 +646,7 @@ static SECStatus BadCertHandler(void *ar
if(success == SECSuccess)
infof(conn->data, "SSL certificate verify ok.\n");
PR_Free(subject);
+ PR_Free(subject_cn);
PR_Free(issuer);
return success;

165
curl-7.19.6-poll.patch
View File

@ -1,165 +0,0 @@
diff -rup curl-7.19.6.orig/lib/ssh.c curl-7.19.6/lib/ssh.c
--- curl-7.19.6.orig/lib/ssh.c 2009-07-25 00:21:50.000000000 +0200
+++ curl-7.19.6/lib/ssh.c 2009-09-16 16:25:59.271054546 +0200
@@ -1503,6 +1503,9 @@ static CURLcode ssh_statemach_act(struct
result = Curl_setup_transfer(conn, -1, -1, FALSE, NULL,
FIRSTSOCKET, NULL);
+ /* not set by Curl_setup_transfer to preserve keepon bits */
+ conn->sockfd = conn->writesockfd;
+
if(result) {
state(conn, SSH_SFTP_CLOSE);
sshc->actualcode = result;
@@ -1914,6 +1917,12 @@ static CURLcode ssh_statemach_act(struct
else {
result = Curl_setup_transfer(conn, FIRSTSOCKET, data->req.size,
FALSE, NULL, -1, NULL);
+
+ /* not set by Curl_setup_transfer to preserve keepon bits */
+ conn->writesockfd = conn->sockfd;
+
+ /* FIXME: here should be explained why we need it to start the download */
+ conn->cselect_bits = CURL_CSELECT_IN;
}
if(result) {
state(conn, SSH_SFTP_CLOSE);
@@ -2034,6 +2043,9 @@ static CURLcode ssh_statemach_act(struct
result = Curl_setup_transfer(conn, -1, data->req.size, FALSE, NULL,
FIRSTSOCKET, NULL);
+ /* not set by Curl_setup_transfer to preserve keepon bits */
+ conn->sockfd = conn->writesockfd;
+
if(result) {
state(conn, SSH_SCP_CHANNEL_FREE);
sshc->actualcode = result;
@@ -2083,6 +2095,12 @@ static CURLcode ssh_statemach_act(struct
result = Curl_setup_transfer(conn, FIRSTSOCKET,
bytecount, FALSE, NULL, -1, NULL);
+ /* not set by Curl_setup_transfer to preserve keepon bits */
+ conn->writesockfd = conn->sockfd;
+
+ /* FIXME: here should be explained why we need it to start the download */
+ conn->cselect_bits = CURL_CSELECT_IN;
+
if(result) {
state(conn, SSH_SCP_CHANNEL_FREE);
sshc->actualcode = result;
@@ -2235,10 +2253,10 @@ static int ssh_perform_getsock(const str
sock[0] = conn->sock[FIRSTSOCKET];
- if(conn->proto.sshc.waitfor & KEEP_RECV)
+ if(conn->waitfor & KEEP_RECV)
bitmap |= GETSOCK_READSOCK(FIRSTSOCKET);
- if(conn->proto.sshc.waitfor & KEEP_SEND)
+ if(conn->waitfor & KEEP_SEND)
bitmap |= GETSOCK_WRITESOCK(FIRSTSOCKET);
return bitmap;
@@ -2282,15 +2300,17 @@ static void ssh_block2waitfor(struct con
{
struct ssh_conn *sshc = &conn->proto.sshc;
int dir;
- if(block && (dir = libssh2_session_block_directions(sshc->ssh_session))) {
+ if(!block)
+ conn->waitfor = 0;
+ else if((dir = libssh2_session_block_directions(sshc->ssh_session))) {
/* translate the libssh2 define bits into our own bit defines */
- sshc->waitfor = ((dir&LIBSSH2_SESSION_BLOCK_INBOUND)?KEEP_RECV:0) |
+ conn->waitfor = ((dir&LIBSSH2_SESSION_BLOCK_INBOUND)?KEEP_RECV:0) |
((dir&LIBSSH2_SESSION_BLOCK_OUTBOUND)?KEEP_SEND:0);
}
else
/* It didn't block or libssh2 didn't reveal in which direction, put back
the original set */
- sshc->waitfor = sshc->orig_waitfor;
+ conn->waitfor = sshc->orig_waitfor;
}
#else
/* no libssh2 directional support so we simply don't know */
diff -rup curl-7.19.6.orig/lib/transfer.c curl-7.19.6/lib/transfer.c
--- curl-7.19.6.orig/lib/transfer.c 2009-07-22 22:09:53.000000000 +0200
+++ curl-7.19.6/lib/transfer.c 2009-09-16 16:25:57.195363278 +0200
@@ -1652,10 +1652,6 @@ CURLcode Curl_readwrite(struct connectda
if((k->keepon & KEEP_RECVBITS) == KEEP_RECV) {
fd_read = conn->sockfd;
-#if defined(USE_LIBSSH2)
- if(conn->protocol & (PROT_SCP|PROT_SFTP))
- select_res |= CURL_CSELECT_IN;
-#endif /* USE_LIBSSH2 */
} else
fd_read = CURL_SOCKET_BAD;
@@ -1884,33 +1880,39 @@ Transfer(struct connectdata *conn)
return CURLE_OK;
while(!done) {
- curl_socket_t fd_read;
- curl_socket_t fd_write;
+ curl_socket_t fd_read = conn->sockfd;
+ curl_socket_t fd_write = conn->writesockfd;
+ int keepon = k->keepon;
+
+ if(conn->waitfor) {
+ /* if waitfor is set, get the RECV and SEND bits from that but keep the
+ other bits */
+ keepon &= ~ (KEEP_RECV|KEEP_SEND);
+ keepon |= conn->waitfor & (KEEP_RECV|KEEP_SEND);
+ }
/* limit-rate logic: if speed exceeds threshold, then do not include fd in
select set. The current speed is recalculated in each Curl_readwrite()
call */
- if((k->keepon & KEEP_SEND) &&
+ if((keepon & KEEP_SEND) &&
(!data->set.max_send_speed ||
(data->progress.ulspeed < data->set.max_send_speed) )) {
- fd_write = conn->writesockfd;
k->keepon &= ~KEEP_SEND_HOLD;
}
else {
fd_write = CURL_SOCKET_BAD;
- if(k->keepon & KEEP_SEND)
+ if(keepon & KEEP_SEND)
k->keepon |= KEEP_SEND_HOLD; /* hold it */
}
- if((k->keepon & KEEP_RECV) &&
+ if((keepon & KEEP_RECV) &&
(!data->set.max_recv_speed ||
(data->progress.dlspeed < data->set.max_recv_speed)) ) {
- fd_read = conn->sockfd;
k->keepon &= ~KEEP_RECV_HOLD;
}
else {
fd_read = CURL_SOCKET_BAD;
- if(k->keepon & KEEP_RECV)
+ if(keepon & KEEP_RECV)
k->keepon |= KEEP_RECV_HOLD; /* hold it */
}
diff -rup curl-7.19.6.orig/lib/urldata.h curl-7.19.6/lib/urldata.h
--- curl-7.19.6.orig/lib/urldata.h 2009-07-23 00:49:56.000000000 +0200
+++ curl-7.19.6/lib/urldata.h 2009-09-16 16:25:57.196363391 +0200
@@ -565,7 +565,6 @@ struct ssh_conn {
LIBSSH2_CHANNEL *ssh_channel; /* Secure Shell channel handle */
LIBSSH2_SFTP *sftp_session; /* SFTP handle */
LIBSSH2_SFTP_HANDLE *sftp_handle;
- int waitfor; /* current READ/WRITE bits to wait for */
int orig_waitfor; /* default READ/WRITE bits wait for */
/* note that HAVE_LIBSSH2_KNOWNHOST_API is a define set in the libssh2.h
@@ -1070,6 +1069,8 @@ struct connectdata {
} proto;
int cselect_bits; /* bitmask of socket events */
+ int waitfor; /* current READ/WRITE bits to wait for */
+
#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
int socks5_gssapi_enctype;
#endif

54
curl-7.19.6-verifyhost.patch
View File

@ -1,54 +0,0 @@
diff -rup curl-7.19.6.orig/lib/nss.c curl-7.19.6/lib/nss.c
--- curl-7.19.6.orig/lib/nss.c 2009-08-14 11:14:45.423733097 +0200
+++ curl-7.19.6/lib/nss.c 2009-08-14 11:15:04.142733360 +0200
@@ -615,16 +615,26 @@ static SECStatus BadCertHandler(void *ar
issuer);
break;
case SSL_ERROR_BAD_CERT_DOMAIN:
- if(conn->data->set.ssl.verifypeer)
+ if(conn->data->set.ssl.verifyhost) {
+ failf(conn->data, "common name '%s' does not match '%s'",
+ subject, conn->host.dispname);
success = SECFailure;
- infof(conn->data, "common name: %s (does not match '%s')\n",
- subject, conn->host.dispname);
+ } else {
+ infof(conn->data, "warning: common name '%s' does not match '%s'\n",
+ subject, conn->host.dispname);
+ }
break;
case SEC_ERROR_EXPIRED_CERTIFICATE:
if(conn->data->set.ssl.verifypeer)
success = SECFailure;
infof(conn->data, "Remote Certificate has expired.\n");
break;
+ case SEC_ERROR_UNKNOWN_ISSUER:
+ if(conn->data->set.ssl.verifypeer)
+ success = SECFailure;
+ infof(conn->data, "Peer's certificate issuer is not recognized: '%s'\n",
+ issuer);
+ break;
default:
if(conn->data->set.ssl.verifypeer)
success = SECFailure;
@@ -1067,6 +1077,9 @@ CURLcode Curl_nss_connect(struct connect
}
}
+ if(data->set.ssl.verifyhost == 1)
+ infof(data, "warning: ignoring unsupported value (1) of ssl.verifyhost\n");
+
data->set.ssl.certverifyresult=0; /* not checked yet */
if(SSL_BadCertHook(model, (SSLBadCertHandler) BadCertHandler, conn)
!= SECSuccess) {
@@ -1200,7 +1213,9 @@ CURLcode Curl_nss_connect(struct connect
if(SSL_ForceHandshakeWithTimeout(connssl->handle,
PR_SecondsToInterval(HANDSHAKE_TIMEOUT))
!= SECSuccess) {
- if(conn->data->set.ssl.certverifyresult!=0)
+ if(conn->data->set.ssl.certverifyresult == SSL_ERROR_BAD_CERT_DOMAIN)
+ curlerr = CURLE_PEER_FAILED_VERIFICATION;
+ else if(conn->data->set.ssl.certverifyresult!=0)
curlerr = CURLE_SSL_CACERT;
goto error;
}

12
curl-7.19.7-modelfree.patch Normal file
View File

@ -0,0 +1,12 @@
diff --git a/lib/nss.c b/lib/nss.c
index ea904af..addc165 100644
--- a/lib/nss.c
+++ b/lib/nss.c
@@ -1222,6 +1222,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
if(!connssl->handle)
goto error;
PR_Close(model); /* We don't need this any more */
+ model = NULL;
/* This is the password associated with the cert that we're using */
if (data->set.str[STRING_KEY_PASSWD]) {

19
curl.spec
View File

@ -1,15 +1,12 @@
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
Name: curl
Version: 7.19.6
Release: 10%{?dist}
Version: 7.19.7
Release: 1%{?dist}
License: MIT
Group: Applications/Internet
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
Source2: curlbuild.h
Patch1: curl-7.19.6-verifyhost.patch
Patch2: curl-7.19.6-nss-cn.patch
Patch3: curl-7.19.6-poll.patch
Patch4: curl-7.19.6-autoconf.patch
Patch1: curl-7.19.7-modelfree.patch
Patch101: curl-7.15.3-multilib.patch
Patch102: curl-7.16.0-privlibs.patch
Patch103: curl-7.19.4-debug.patch
@ -72,9 +69,6 @@ use cURL's capabilities internally.
# upstream patches (already applied)
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
# Fedora patches
%patch101 -p1
@ -105,7 +99,7 @@ make %{?_smp_mflags}
%check
export LD_LIBRARY_PATH=$RPM_BUILD_ROOT%{_libdir}
make %{?_smp_mflags} -C tests
cd tests && ./runtests.pl -k -p -v
cd tests && ./runtests.pl -a -k -p -v
%install
rm -rf $RPM_BUILD_ROOT
@ -163,6 +157,11 @@ rm -rf $RPM_BUILD_ROOT
%{_datadir}/aclocal/libcurl.m4
%changelog
* Thu Nov 12 2009 Kamil Dudka <kdudka@redhat.com> 7.19.7-1
- new upstream release, dropped applied patches
- fix crash on doubly closed NSPR descriptor, patch contributed
by Kevin Baughman (#534176)
* Sun Sep 27 2009 Kamil Dudka <kdudka@redhat.com> 7.19.6-10
- require libssh2>=1.2 properly (#525002)

2
sources
View File

@ -1 +1 @@
9351ad8ee0bea75015dfa9ec6248e055 curl-7.19.6.tar.lzma
26124caef7359de6338172abafa98dc0 curl-7.19.7.tar.lzma