- new upstream release, dropped applied patches
- fix crash on doubly closed NSPR descriptor, patch contributed by Kevin Baughman (#534176)
This commit is contained in:
parent
453e17f89b
commit
bdbb3d6ab8
@ -1 +1 @@
|
|||||||
curl-7.19.6.tar.lzma
|
curl-7.19.7.tar.lzma
|
||||||
|
@ -1,7 +1,8 @@
|
|||||||
diff -up curl-7.18.0/curl-config.in.multilib curl-7.18.0/curl-config.in
|
diff --git a/curl-config.in b/curl-config.in
|
||||||
--- curl-7.18.0/curl-config.in.multilib 2008-01-10 23:14:02.000000000 +0100
|
index 1c439a1..9d675ae 100644
|
||||||
+++ curl-7.18.0/curl-config.in 2008-02-16 06:48:14.000000000 +0100
|
--- a/curl-config.in
|
||||||
@@ -45,7 +45,6 @@
|
+++ b/curl-config.in
|
||||||
|
@@ -42,7 +42,6 @@ Available values for OPTION include:
|
||||||
--libs library linking information
|
--libs library linking information
|
||||||
--prefix curl install prefix
|
--prefix curl install prefix
|
||||||
--protocols newline separated list of enabled protocols
|
--protocols newline separated list of enabled protocols
|
||||||
@ -9,7 +10,7 @@ diff -up curl-7.18.0/curl-config.in.multilib curl-7.18.0/curl-config.in
|
|||||||
--version output version information
|
--version output version information
|
||||||
--vernum output the version information as a number (hexadecimal)
|
--vernum output the version information as a number (hexadecimal)
|
||||||
EOF
|
EOF
|
||||||
@@ -72,7 +71,7 @@
|
@@ -69,7 +68,7 @@ while test $# -gt 0; do
|
||||||
;;
|
;;
|
||||||
|
|
||||||
--cc)
|
--cc)
|
||||||
@ -18,7 +19,7 @@ diff -up curl-7.18.0/curl-config.in.multilib curl-7.18.0/curl-config.in
|
|||||||
;;
|
;;
|
||||||
|
|
||||||
--prefix)
|
--prefix)
|
||||||
@@ -189,20 +188,7 @@
|
@@ -130,20 +129,7 @@ while test $# -gt 0; do
|
||||||
;;
|
;;
|
||||||
|
|
||||||
--libs)
|
--libs)
|
||||||
|
@ -1,6 +1,8 @@
|
|||||||
--- curl-7.16.2/libcurl.pc.in.privlibs 2007-02-18 10:41:27.000000000 +0100
|
diff --git a/libcurl.pc.in b/libcurl.pc.in
|
||||||
+++ curl-7.16.2/libcurl.pc.in 2007-04-11 20:02:34.000000000 +0200
|
index 25beadd..d7c0805 100644
|
||||||
@@ -33,6 +33,6 @@
|
--- a/libcurl.pc.in
|
||||||
|
+++ b/libcurl.pc.in
|
||||||
|
@@ -35,6 +35,6 @@ Name: libcurl
|
||||||
URL: http://curl.haxx.se/
|
URL: http://curl.haxx.se/
|
||||||
Description: Library to transfer files with ftp, http, etc.
|
Description: Library to transfer files with ftp, http, etc.
|
||||||
Version: @VERSION@
|
Version: @VERSION@
|
||||||
|
@ -1,7 +1,8 @@
|
|||||||
diff -ruNp curl-7.19.4.orig/configure.ac curl-7.19.4/configure.ac
|
diff --git a/configure.ac b/configure.ac
|
||||||
--- curl-7.19.4.orig/configure.ac 2009-02-13 15:25:15.000000000 +0100
|
index e575a20..81a7772 100644
|
||||||
+++ curl-7.19.4/configure.ac 2009-04-22 11:56:32.171305420 +0200
|
--- a/configure.ac
|
||||||
@@ -241,7 +241,10 @@ dnl ************************************
|
+++ b/configure.ac
|
||||||
|
@@ -228,7 +228,10 @@ dnl **********************************************************************
|
||||||
|
|
||||||
CURL_CHECK_COMPILER
|
CURL_CHECK_COMPILER
|
||||||
CURL_SET_COMPILER_BASIC_OPTS
|
CURL_SET_COMPILER_BASIC_OPTS
|
||||||
|
@ -1,95 +0,0 @@
|
|||||||
diff -rup curl-7.19.6.orig/configure.ac curl-7.19.6/configure.ac
|
|
||||||
--- curl-7.19.6.orig/configure.ac 2009-09-02 15:46:09.396519773 +0200
|
|
||||||
+++ curl-7.19.6/configure.ac 2009-09-02 15:56:18.750831674 +0200
|
|
||||||
@@ -1455,22 +1455,37 @@ if test X"$OPT_LIBSSH2" != Xno; then
|
|
||||||
case "$OPT_LIBSSH2" in
|
|
||||||
yes)
|
|
||||||
dnl --with-libssh2 (without path) used
|
|
||||||
- PREFIX_LIBSSH2=/usr/local/lib
|
|
||||||
- LIB_LIBSSH2="$PREFIX_LIBSSH2$libsuff"
|
|
||||||
+ CURL_CHECK_PKGCONFIG(libssh2)
|
|
||||||
+
|
|
||||||
+ if test "$PKGCONFIG" != "no" ; then
|
|
||||||
+ LIB_SSH2=`$PKGCONFIG --libs-only-l libssh2`
|
|
||||||
+ LD_SSH2=`$PKGCONFIG --libs-only-L libssh2`
|
|
||||||
+ CPP_SSH2=`$PKGCONFIG --cflags-only-I libssh2`
|
|
||||||
+ version=`$PKGCONFIG --modversion libssh2`
|
|
||||||
+ DIR_SSH2=`echo $LD_SSH2 | $SED -e 's/-L//'`
|
|
||||||
+ fi
|
|
||||||
+
|
|
||||||
;;
|
|
||||||
off)
|
|
||||||
dnl no --with-libssh2 option given, just check default places
|
|
||||||
- PREFIX_LIBSSH2=
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
dnl use the given --with-libssh2 spot
|
|
||||||
- PREFIX_LIBSSH2=$OPT_LIBSSH2
|
|
||||||
- LIB_LIBSSH2="$PREFIX_LIBSSH2/lib$libsuff"
|
|
||||||
- LDFLAGS="$LDFLAGS -L$LIB_LIBSSH2"
|
|
||||||
- CPPFLAGS="$CPPFLAGS -I$PREFIX_LIBSSH2/include"
|
|
||||||
+ PREFIX_SSH2=$OPT_LIBSSH2
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
+ dnl if given with a prefix, we set -L and -I based on that
|
|
||||||
+ if test -n "$PREFIX_SSH2"; then
|
|
||||||
+ LD_SSH2=-L${PREFIX_SSH2}/lib
|
|
||||||
+ CPP_SSH2=-I${PREFIX_SSH2}/include
|
|
||||||
+ DIR_SSH2=${PREFIX_SSH2}/lib
|
|
||||||
+ fi
|
|
||||||
+
|
|
||||||
+ LDFLAGS="$LDFLAGS $LD_SSH2"
|
|
||||||
+ CPPFLAGS="$CPPFLAGS $CPP_SSH2"
|
|
||||||
+ LIBS="$LIBS $LIB_SSH2"
|
|
||||||
+
|
|
||||||
AC_CHECK_LIB(ssh2, libssh2_channel_open_ex)
|
|
||||||
|
|
||||||
AC_CHECK_HEADERS(libssh2.h,
|
|
||||||
@@ -1494,10 +1509,15 @@ if test X"$OPT_LIBSSH2" != Xno; then
|
|
||||||
dnl libssh2_version is a post 1.0 addition
|
|
||||||
AC_CHECK_FUNCS( libssh2_version )
|
|
||||||
|
|
||||||
- LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$LIB_LIBSSH2"
|
|
||||||
+ LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$DIR_SSH2"
|
|
||||||
export LD_LIBRARY_PATH
|
|
||||||
- AC_MSG_NOTICE([Added $LIB_LIBSSH2 to LD_LIBRARY_PATH])
|
|
||||||
+ AC_MSG_NOTICE([Added $DIR_SSH2 to LD_LIBRARY_PATH])
|
|
||||||
fi
|
|
||||||
+ else
|
|
||||||
+ dnl no libssh2, revert back to clean variables
|
|
||||||
+ LDFLAGS=$CLEANLDFLAGS
|
|
||||||
+ CPPFLAGS=$CLEANCPPFLAGS
|
|
||||||
+ LIBS=$CLEANLIBS
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
@@ -1665,13 +1685,21 @@ if test "$OPENSSL_ENABLED" != "1" -a "$G
|
|
||||||
addcflags=`$PKGCONFIG --cflags nss`
|
|
||||||
version=`$PKGCONFIG --modversion nss`
|
|
||||||
nssprefix=`$PKGCONFIG --variable=prefix nss`
|
|
||||||
+ else
|
|
||||||
+ dnl Without pkg-config, we check for nss-config
|
|
||||||
+
|
|
||||||
+ check=`nss-config --version 2>/dev/null`
|
|
||||||
+ if test -n "$check"; then
|
|
||||||
+ addlib=`nss-config --libs`
|
|
||||||
+ addcflags=`nss-config --cflags`
|
|
||||||
+ version=`nss-config --version`
|
|
||||||
+ nssprefix=`nss-config --prefix`
|
|
||||||
+ else
|
|
||||||
+ addlib="-lnss3"
|
|
||||||
+ addcflags=""
|
|
||||||
+ version="unknown"
|
|
||||||
+ fi
|
|
||||||
fi
|
|
||||||
- else
|
|
||||||
- # Without pkg-config, we'll kludge in some defaults
|
|
||||||
- addlib="-L$OPT_NSS/lib -lssl3 -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4 -lpthread -ldl"
|
|
||||||
- addcflags="-I$OPT_NSS/include"
|
|
||||||
- version="unknown"
|
|
||||||
- nssprefix=$OPT_NSS
|
|
||||||
fi
|
|
||||||
|
|
||||||
dnl Check for functionPK11_CreateGenericObject
|
|
||||||
Only in curl-7.19.6.orig: configure.ac.orig
|
|
@ -1,45 +0,0 @@
|
|||||||
diff -rup curl-7.19.6.orig/lib/nss.c curl-7.19.6/lib/nss.c
|
|
||||||
--- curl-7.19.6.orig/lib/nss.c 2009-08-25 12:27:08.664828503 +0200
|
|
||||||
+++ curl-7.19.6/lib/nss.c 2009-08-28 11:51:37.764523702 +0200
|
|
||||||
@@ -591,7 +591,7 @@ static SECStatus BadCertHandler(void *ar
|
|
||||||
struct connectdata *conn = (struct connectdata *)arg;
|
|
||||||
PRErrorCode err = PR_GetError();
|
|
||||||
CERTCertificate *cert = NULL;
|
|
||||||
- char *subject, *issuer;
|
|
||||||
+ char *subject, *subject_cn, *issuer;
|
|
||||||
|
|
||||||
if(conn->data->set.ssl.certverifyresult!=0)
|
|
||||||
return success;
|
|
||||||
@@ -599,6 +599,7 @@ static SECStatus BadCertHandler(void *ar
|
|
||||||
conn->data->set.ssl.certverifyresult=err;
|
|
||||||
cert = SSL_PeerCertificate(sock);
|
|
||||||
subject = CERT_NameToAscii(&cert->subject);
|
|
||||||
+ subject_cn = CERT_GetCommonName(&cert->subject);
|
|
||||||
issuer = CERT_NameToAscii(&cert->issuer);
|
|
||||||
CERT_DestroyCertificate(cert);
|
|
||||||
|
|
||||||
@@ -616,12 +617,12 @@ static SECStatus BadCertHandler(void *ar
|
|
||||||
break;
|
|
||||||
case SSL_ERROR_BAD_CERT_DOMAIN:
|
|
||||||
if(conn->data->set.ssl.verifyhost) {
|
|
||||||
- failf(conn->data, "common name '%s' does not match '%s'",
|
|
||||||
- subject, conn->host.dispname);
|
|
||||||
+ failf(conn->data, "SSL: certificate subject name '%s' does not match "
|
|
||||||
+ "target host name '%s'", subject_cn, conn->host.dispname);
|
|
||||||
success = SECFailure;
|
|
||||||
} else {
|
|
||||||
- infof(conn->data, "warning: common name '%s' does not match '%s'\n",
|
|
||||||
- subject, conn->host.dispname);
|
|
||||||
+ infof(conn->data, "warning: SSL: certificate subject name '%s' does not "
|
|
||||||
+ "match target host name '%s'\n", subject_cn, conn->host.dispname);
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
case SEC_ERROR_EXPIRED_CERTIFICATE:
|
|
||||||
@@ -645,6 +646,7 @@ static SECStatus BadCertHandler(void *ar
|
|
||||||
if(success == SECSuccess)
|
|
||||||
infof(conn->data, "SSL certificate verify ok.\n");
|
|
||||||
PR_Free(subject);
|
|
||||||
+ PR_Free(subject_cn);
|
|
||||||
PR_Free(issuer);
|
|
||||||
|
|
||||||
return success;
|
|
@ -1,165 +0,0 @@
|
|||||||
diff -rup curl-7.19.6.orig/lib/ssh.c curl-7.19.6/lib/ssh.c
|
|
||||||
--- curl-7.19.6.orig/lib/ssh.c 2009-07-25 00:21:50.000000000 +0200
|
|
||||||
+++ curl-7.19.6/lib/ssh.c 2009-09-16 16:25:59.271054546 +0200
|
|
||||||
@@ -1503,6 +1503,9 @@ static CURLcode ssh_statemach_act(struct
|
|
||||||
result = Curl_setup_transfer(conn, -1, -1, FALSE, NULL,
|
|
||||||
FIRSTSOCKET, NULL);
|
|
||||||
|
|
||||||
+ /* not set by Curl_setup_transfer to preserve keepon bits */
|
|
||||||
+ conn->sockfd = conn->writesockfd;
|
|
||||||
+
|
|
||||||
if(result) {
|
|
||||||
state(conn, SSH_SFTP_CLOSE);
|
|
||||||
sshc->actualcode = result;
|
|
||||||
@@ -1914,6 +1917,12 @@ static CURLcode ssh_statemach_act(struct
|
|
||||||
else {
|
|
||||||
result = Curl_setup_transfer(conn, FIRSTSOCKET, data->req.size,
|
|
||||||
FALSE, NULL, -1, NULL);
|
|
||||||
+
|
|
||||||
+ /* not set by Curl_setup_transfer to preserve keepon bits */
|
|
||||||
+ conn->writesockfd = conn->sockfd;
|
|
||||||
+
|
|
||||||
+ /* FIXME: here should be explained why we need it to start the download */
|
|
||||||
+ conn->cselect_bits = CURL_CSELECT_IN;
|
|
||||||
}
|
|
||||||
if(result) {
|
|
||||||
state(conn, SSH_SFTP_CLOSE);
|
|
||||||
@@ -2034,6 +2043,9 @@ static CURLcode ssh_statemach_act(struct
|
|
||||||
result = Curl_setup_transfer(conn, -1, data->req.size, FALSE, NULL,
|
|
||||||
FIRSTSOCKET, NULL);
|
|
||||||
|
|
||||||
+ /* not set by Curl_setup_transfer to preserve keepon bits */
|
|
||||||
+ conn->sockfd = conn->writesockfd;
|
|
||||||
+
|
|
||||||
if(result) {
|
|
||||||
state(conn, SSH_SCP_CHANNEL_FREE);
|
|
||||||
sshc->actualcode = result;
|
|
||||||
@@ -2083,6 +2095,12 @@ static CURLcode ssh_statemach_act(struct
|
|
||||||
result = Curl_setup_transfer(conn, FIRSTSOCKET,
|
|
||||||
bytecount, FALSE, NULL, -1, NULL);
|
|
||||||
|
|
||||||
+ /* not set by Curl_setup_transfer to preserve keepon bits */
|
|
||||||
+ conn->writesockfd = conn->sockfd;
|
|
||||||
+
|
|
||||||
+ /* FIXME: here should be explained why we need it to start the download */
|
|
||||||
+ conn->cselect_bits = CURL_CSELECT_IN;
|
|
||||||
+
|
|
||||||
if(result) {
|
|
||||||
state(conn, SSH_SCP_CHANNEL_FREE);
|
|
||||||
sshc->actualcode = result;
|
|
||||||
@@ -2235,10 +2253,10 @@ static int ssh_perform_getsock(const str
|
|
||||||
|
|
||||||
sock[0] = conn->sock[FIRSTSOCKET];
|
|
||||||
|
|
||||||
- if(conn->proto.sshc.waitfor & KEEP_RECV)
|
|
||||||
+ if(conn->waitfor & KEEP_RECV)
|
|
||||||
bitmap |= GETSOCK_READSOCK(FIRSTSOCKET);
|
|
||||||
|
|
||||||
- if(conn->proto.sshc.waitfor & KEEP_SEND)
|
|
||||||
+ if(conn->waitfor & KEEP_SEND)
|
|
||||||
bitmap |= GETSOCK_WRITESOCK(FIRSTSOCKET);
|
|
||||||
|
|
||||||
return bitmap;
|
|
||||||
@@ -2282,15 +2300,17 @@ static void ssh_block2waitfor(struct con
|
|
||||||
{
|
|
||||||
struct ssh_conn *sshc = &conn->proto.sshc;
|
|
||||||
int dir;
|
|
||||||
- if(block && (dir = libssh2_session_block_directions(sshc->ssh_session))) {
|
|
||||||
+ if(!block)
|
|
||||||
+ conn->waitfor = 0;
|
|
||||||
+ else if((dir = libssh2_session_block_directions(sshc->ssh_session))) {
|
|
||||||
/* translate the libssh2 define bits into our own bit defines */
|
|
||||||
- sshc->waitfor = ((dir&LIBSSH2_SESSION_BLOCK_INBOUND)?KEEP_RECV:0) |
|
|
||||||
+ conn->waitfor = ((dir&LIBSSH2_SESSION_BLOCK_INBOUND)?KEEP_RECV:0) |
|
|
||||||
((dir&LIBSSH2_SESSION_BLOCK_OUTBOUND)?KEEP_SEND:0);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
/* It didn't block or libssh2 didn't reveal in which direction, put back
|
|
||||||
the original set */
|
|
||||||
- sshc->waitfor = sshc->orig_waitfor;
|
|
||||||
+ conn->waitfor = sshc->orig_waitfor;
|
|
||||||
}
|
|
||||||
#else
|
|
||||||
/* no libssh2 directional support so we simply don't know */
|
|
||||||
diff -rup curl-7.19.6.orig/lib/transfer.c curl-7.19.6/lib/transfer.c
|
|
||||||
--- curl-7.19.6.orig/lib/transfer.c 2009-07-22 22:09:53.000000000 +0200
|
|
||||||
+++ curl-7.19.6/lib/transfer.c 2009-09-16 16:25:57.195363278 +0200
|
|
||||||
@@ -1652,10 +1652,6 @@ CURLcode Curl_readwrite(struct connectda
|
|
||||||
|
|
||||||
if((k->keepon & KEEP_RECVBITS) == KEEP_RECV) {
|
|
||||||
fd_read = conn->sockfd;
|
|
||||||
-#if defined(USE_LIBSSH2)
|
|
||||||
- if(conn->protocol & (PROT_SCP|PROT_SFTP))
|
|
||||||
- select_res |= CURL_CSELECT_IN;
|
|
||||||
-#endif /* USE_LIBSSH2 */
|
|
||||||
} else
|
|
||||||
fd_read = CURL_SOCKET_BAD;
|
|
||||||
|
|
||||||
@@ -1884,33 +1880,39 @@ Transfer(struct connectdata *conn)
|
|
||||||
return CURLE_OK;
|
|
||||||
|
|
||||||
while(!done) {
|
|
||||||
- curl_socket_t fd_read;
|
|
||||||
- curl_socket_t fd_write;
|
|
||||||
+ curl_socket_t fd_read = conn->sockfd;
|
|
||||||
+ curl_socket_t fd_write = conn->writesockfd;
|
|
||||||
+ int keepon = k->keepon;
|
|
||||||
+
|
|
||||||
+ if(conn->waitfor) {
|
|
||||||
+ /* if waitfor is set, get the RECV and SEND bits from that but keep the
|
|
||||||
+ other bits */
|
|
||||||
+ keepon &= ~ (KEEP_RECV|KEEP_SEND);
|
|
||||||
+ keepon |= conn->waitfor & (KEEP_RECV|KEEP_SEND);
|
|
||||||
+ }
|
|
||||||
|
|
||||||
/* limit-rate logic: if speed exceeds threshold, then do not include fd in
|
|
||||||
select set. The current speed is recalculated in each Curl_readwrite()
|
|
||||||
call */
|
|
||||||
- if((k->keepon & KEEP_SEND) &&
|
|
||||||
+ if((keepon & KEEP_SEND) &&
|
|
||||||
(!data->set.max_send_speed ||
|
|
||||||
(data->progress.ulspeed < data->set.max_send_speed) )) {
|
|
||||||
- fd_write = conn->writesockfd;
|
|
||||||
k->keepon &= ~KEEP_SEND_HOLD;
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
fd_write = CURL_SOCKET_BAD;
|
|
||||||
- if(k->keepon & KEEP_SEND)
|
|
||||||
+ if(keepon & KEEP_SEND)
|
|
||||||
k->keepon |= KEEP_SEND_HOLD; /* hold it */
|
|
||||||
}
|
|
||||||
|
|
||||||
- if((k->keepon & KEEP_RECV) &&
|
|
||||||
+ if((keepon & KEEP_RECV) &&
|
|
||||||
(!data->set.max_recv_speed ||
|
|
||||||
(data->progress.dlspeed < data->set.max_recv_speed)) ) {
|
|
||||||
- fd_read = conn->sockfd;
|
|
||||||
k->keepon &= ~KEEP_RECV_HOLD;
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
fd_read = CURL_SOCKET_BAD;
|
|
||||||
- if(k->keepon & KEEP_RECV)
|
|
||||||
+ if(keepon & KEEP_RECV)
|
|
||||||
k->keepon |= KEEP_RECV_HOLD; /* hold it */
|
|
||||||
}
|
|
||||||
|
|
||||||
diff -rup curl-7.19.6.orig/lib/urldata.h curl-7.19.6/lib/urldata.h
|
|
||||||
--- curl-7.19.6.orig/lib/urldata.h 2009-07-23 00:49:56.000000000 +0200
|
|
||||||
+++ curl-7.19.6/lib/urldata.h 2009-09-16 16:25:57.196363391 +0200
|
|
||||||
@@ -565,7 +565,6 @@ struct ssh_conn {
|
|
||||||
LIBSSH2_CHANNEL *ssh_channel; /* Secure Shell channel handle */
|
|
||||||
LIBSSH2_SFTP *sftp_session; /* SFTP handle */
|
|
||||||
LIBSSH2_SFTP_HANDLE *sftp_handle;
|
|
||||||
- int waitfor; /* current READ/WRITE bits to wait for */
|
|
||||||
int orig_waitfor; /* default READ/WRITE bits wait for */
|
|
||||||
|
|
||||||
/* note that HAVE_LIBSSH2_KNOWNHOST_API is a define set in the libssh2.h
|
|
||||||
@@ -1070,6 +1069,8 @@ struct connectdata {
|
|
||||||
} proto;
|
|
||||||
|
|
||||||
int cselect_bits; /* bitmask of socket events */
|
|
||||||
+ int waitfor; /* current READ/WRITE bits to wait for */
|
|
||||||
+
|
|
||||||
#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
|
|
||||||
int socks5_gssapi_enctype;
|
|
||||||
#endif
|
|
@ -1,54 +0,0 @@
|
|||||||
diff -rup curl-7.19.6.orig/lib/nss.c curl-7.19.6/lib/nss.c
|
|
||||||
--- curl-7.19.6.orig/lib/nss.c 2009-08-14 11:14:45.423733097 +0200
|
|
||||||
+++ curl-7.19.6/lib/nss.c 2009-08-14 11:15:04.142733360 +0200
|
|
||||||
@@ -615,16 +615,26 @@ static SECStatus BadCertHandler(void *ar
|
|
||||||
issuer);
|
|
||||||
break;
|
|
||||||
case SSL_ERROR_BAD_CERT_DOMAIN:
|
|
||||||
- if(conn->data->set.ssl.verifypeer)
|
|
||||||
+ if(conn->data->set.ssl.verifyhost) {
|
|
||||||
+ failf(conn->data, "common name '%s' does not match '%s'",
|
|
||||||
+ subject, conn->host.dispname);
|
|
||||||
success = SECFailure;
|
|
||||||
- infof(conn->data, "common name: %s (does not match '%s')\n",
|
|
||||||
- subject, conn->host.dispname);
|
|
||||||
+ } else {
|
|
||||||
+ infof(conn->data, "warning: common name '%s' does not match '%s'\n",
|
|
||||||
+ subject, conn->host.dispname);
|
|
||||||
+ }
|
|
||||||
break;
|
|
||||||
case SEC_ERROR_EXPIRED_CERTIFICATE:
|
|
||||||
if(conn->data->set.ssl.verifypeer)
|
|
||||||
success = SECFailure;
|
|
||||||
infof(conn->data, "Remote Certificate has expired.\n");
|
|
||||||
break;
|
|
||||||
+ case SEC_ERROR_UNKNOWN_ISSUER:
|
|
||||||
+ if(conn->data->set.ssl.verifypeer)
|
|
||||||
+ success = SECFailure;
|
|
||||||
+ infof(conn->data, "Peer's certificate issuer is not recognized: '%s'\n",
|
|
||||||
+ issuer);
|
|
||||||
+ break;
|
|
||||||
default:
|
|
||||||
if(conn->data->set.ssl.verifypeer)
|
|
||||||
success = SECFailure;
|
|
||||||
@@ -1067,6 +1077,9 @@ CURLcode Curl_nss_connect(struct connect
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
+ if(data->set.ssl.verifyhost == 1)
|
|
||||||
+ infof(data, "warning: ignoring unsupported value (1) of ssl.verifyhost\n");
|
|
||||||
+
|
|
||||||
data->set.ssl.certverifyresult=0; /* not checked yet */
|
|
||||||
if(SSL_BadCertHook(model, (SSLBadCertHandler) BadCertHandler, conn)
|
|
||||||
!= SECSuccess) {
|
|
||||||
@@ -1200,7 +1213,9 @@ CURLcode Curl_nss_connect(struct connect
|
|
||||||
if(SSL_ForceHandshakeWithTimeout(connssl->handle,
|
|
||||||
PR_SecondsToInterval(HANDSHAKE_TIMEOUT))
|
|
||||||
!= SECSuccess) {
|
|
||||||
- if(conn->data->set.ssl.certverifyresult!=0)
|
|
||||||
+ if(conn->data->set.ssl.certverifyresult == SSL_ERROR_BAD_CERT_DOMAIN)
|
|
||||||
+ curlerr = CURLE_PEER_FAILED_VERIFICATION;
|
|
||||||
+ else if(conn->data->set.ssl.certverifyresult!=0)
|
|
||||||
curlerr = CURLE_SSL_CACERT;
|
|
||||||
goto error;
|
|
||||||
}
|
|
12
curl-7.19.7-modelfree.patch
Normal file
12
curl-7.19.7-modelfree.patch
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
diff --git a/lib/nss.c b/lib/nss.c
|
||||||
|
index ea904af..addc165 100644
|
||||||
|
--- a/lib/nss.c
|
||||||
|
+++ b/lib/nss.c
|
||||||
|
@@ -1222,6 +1222,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
|
||||||
|
if(!connssl->handle)
|
||||||
|
goto error;
|
||||||
|
PR_Close(model); /* We don't need this any more */
|
||||||
|
+ model = NULL;
|
||||||
|
|
||||||
|
/* This is the password associated with the cert that we're using */
|
||||||
|
if (data->set.str[STRING_KEY_PASSWD]) {
|
19
curl.spec
19
curl.spec
@ -1,15 +1,12 @@
|
|||||||
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
||||||
Name: curl
|
Name: curl
|
||||||
Version: 7.19.6
|
Version: 7.19.7
|
||||||
Release: 10%{?dist}
|
Release: 1%{?dist}
|
||||||
License: MIT
|
License: MIT
|
||||||
Group: Applications/Internet
|
Group: Applications/Internet
|
||||||
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
|
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
|
||||||
Source2: curlbuild.h
|
Source2: curlbuild.h
|
||||||
Patch1: curl-7.19.6-verifyhost.patch
|
Patch1: curl-7.19.7-modelfree.patch
|
||||||
Patch2: curl-7.19.6-nss-cn.patch
|
|
||||||
Patch3: curl-7.19.6-poll.patch
|
|
||||||
Patch4: curl-7.19.6-autoconf.patch
|
|
||||||
Patch101: curl-7.15.3-multilib.patch
|
Patch101: curl-7.15.3-multilib.patch
|
||||||
Patch102: curl-7.16.0-privlibs.patch
|
Patch102: curl-7.16.0-privlibs.patch
|
||||||
Patch103: curl-7.19.4-debug.patch
|
Patch103: curl-7.19.4-debug.patch
|
||||||
@ -72,9 +69,6 @@ use cURL's capabilities internally.
|
|||||||
|
|
||||||
# upstream patches (already applied)
|
# upstream patches (already applied)
|
||||||
%patch1 -p1
|
%patch1 -p1
|
||||||
%patch2 -p1
|
|
||||||
%patch3 -p1
|
|
||||||
%patch4 -p1
|
|
||||||
|
|
||||||
# Fedora patches
|
# Fedora patches
|
||||||
%patch101 -p1
|
%patch101 -p1
|
||||||
@ -105,7 +99,7 @@ make %{?_smp_mflags}
|
|||||||
%check
|
%check
|
||||||
export LD_LIBRARY_PATH=$RPM_BUILD_ROOT%{_libdir}
|
export LD_LIBRARY_PATH=$RPM_BUILD_ROOT%{_libdir}
|
||||||
make %{?_smp_mflags} -C tests
|
make %{?_smp_mflags} -C tests
|
||||||
cd tests && ./runtests.pl -k -p -v
|
cd tests && ./runtests.pl -a -k -p -v
|
||||||
|
|
||||||
%install
|
%install
|
||||||
rm -rf $RPM_BUILD_ROOT
|
rm -rf $RPM_BUILD_ROOT
|
||||||
@ -163,6 +157,11 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
%{_datadir}/aclocal/libcurl.m4
|
%{_datadir}/aclocal/libcurl.m4
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Nov 12 2009 Kamil Dudka <kdudka@redhat.com> 7.19.7-1
|
||||||
|
- new upstream release, dropped applied patches
|
||||||
|
- fix crash on doubly closed NSPR descriptor, patch contributed
|
||||||
|
by Kevin Baughman (#534176)
|
||||||
|
|
||||||
* Sun Sep 27 2009 Kamil Dudka <kdudka@redhat.com> 7.19.6-10
|
* Sun Sep 27 2009 Kamil Dudka <kdudka@redhat.com> 7.19.6-10
|
||||||
- require libssh2>=1.2 properly (#525002)
|
- require libssh2>=1.2 properly (#525002)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user