new upstream release - 7.37.1
This commit is contained in:
parent
2aebfc699c
commit
d996cc7137
@ -1,136 +0,0 @@
|
|||||||
From e5a68a65cd567b74573e686bb5f773b482997397 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Kamil Dudka <kdudka@redhat.com>
|
|
||||||
Date: Wed, 2 Jul 2014 17:37:43 +0200
|
|
||||||
Subject: [PATCH 1/3] nss: do not abort on connection failure
|
|
||||||
|
|
||||||
... due to calling SSL_VersionRangeGet() with NULL file descriptor
|
|
||||||
|
|
||||||
reported-by: upstream tests 305 and 404
|
|
||||||
|
|
||||||
[upstream commit 7c21558503cbb10595c345acc7820cb9dc8741d6]
|
|
||||||
|
|
||||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
|
||||||
---
|
|
||||||
lib/vtls/nss.c | 3 ++-
|
|
||||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
|
|
||||||
index c1eec41..1e41795 100644
|
|
||||||
--- a/lib/vtls/nss.c
|
|
||||||
+++ b/lib/vtls/nss.c
|
|
||||||
@@ -1396,7 +1396,8 @@ static CURLcode nss_fail_connect(struct ssl_connect_data *connssl,
|
|
||||||
Curl_llist_destroy(connssl->obj_list, NULL);
|
|
||||||
connssl->obj_list = NULL;
|
|
||||||
|
|
||||||
- if((SSL_VersionRangeGet(connssl->handle, &sslver) == SECSuccess)
|
|
||||||
+ if(connssl->handle
|
|
||||||
+ && (SSL_VersionRangeGet(connssl->handle, &sslver) == SECSuccess)
|
|
||||||
&& (sslver.min == SSL_LIBRARY_VERSION_3_0)
|
|
||||||
&& (sslver.max == SSL_LIBRARY_VERSION_TLS_1_0)
|
|
||||||
&& isTLSIntoleranceError(err)) {
|
|
||||||
--
|
|
||||||
1.9.3
|
|
||||||
|
|
||||||
|
|
||||||
From b86de77eda043787edae78c07179f1c06c8c5060 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Kamil Dudka <kdudka@redhat.com>
|
|
||||||
Date: Wed, 2 Jul 2014 17:49:37 +0200
|
|
||||||
Subject: [PATCH 2/3] nss: make the fallback to SSLv3 work again
|
|
||||||
|
|
||||||
This feature was unintentionally disabled by commit ff92fcfb.
|
|
||||||
|
|
||||||
[upstream commit 7581dee10aedeb96231dd24e187ff5426fc72469]
|
|
||||||
|
|
||||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
|
||||||
---
|
|
||||||
lib/vtls/nss.c | 6 +++---
|
|
||||||
1 file changed, 3 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
|
|
||||||
index 1e41795..3613b40 100644
|
|
||||||
--- a/lib/vtls/nss.c
|
|
||||||
+++ b/lib/vtls/nss.c
|
|
||||||
@@ -1315,6 +1315,7 @@ static CURLcode nss_init_sslver(SSLVersionRange *sslver,
|
|
||||||
switch (data->set.ssl.version) {
|
|
||||||
default:
|
|
||||||
case CURL_SSLVERSION_DEFAULT:
|
|
||||||
+ sslver->min = SSL_LIBRARY_VERSION_3_0;
|
|
||||||
if(data->state.ssl_connect_retry) {
|
|
||||||
infof(data, "TLS disabled due to previous handshake failure\n");
|
|
||||||
sslver->max = SSL_LIBRARY_VERSION_3_0;
|
|
||||||
@@ -1323,7 +1324,6 @@ static CURLcode nss_init_sslver(SSLVersionRange *sslver,
|
|
||||||
/* intentional fall-through to default to highest TLS version if possible */
|
|
||||||
|
|
||||||
case CURL_SSLVERSION_TLSv1:
|
|
||||||
- sslver->min = SSL_LIBRARY_VERSION_TLS_1_0;
|
|
||||||
#ifdef SSL_LIBRARY_VERSION_TLS_1_2
|
|
||||||
sslver->max = SSL_LIBRARY_VERSION_TLS_1_2;
|
|
||||||
#elif defined SSL_LIBRARY_VERSION_TLS_1_1
|
|
||||||
@@ -1399,7 +1399,7 @@ static CURLcode nss_fail_connect(struct ssl_connect_data *connssl,
|
|
||||||
if(connssl->handle
|
|
||||||
&& (SSL_VersionRangeGet(connssl->handle, &sslver) == SECSuccess)
|
|
||||||
&& (sslver.min == SSL_LIBRARY_VERSION_3_0)
|
|
||||||
- && (sslver.max == SSL_LIBRARY_VERSION_TLS_1_0)
|
|
||||||
+ && (sslver.max != SSL_LIBRARY_VERSION_3_0)
|
|
||||||
&& isTLSIntoleranceError(err)) {
|
|
||||||
/* schedule reconnect through Curl_retry_request() */
|
|
||||||
data->state.ssl_connect_retry = TRUE;
|
|
||||||
@@ -1437,7 +1437,7 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex)
|
|
||||||
CURLcode curlerr;
|
|
||||||
|
|
||||||
SSLVersionRange sslver = {
|
|
||||||
- SSL_LIBRARY_VERSION_3_0, /* min */
|
|
||||||
+ SSL_LIBRARY_VERSION_TLS_1_0, /* min */
|
|
||||||
SSL_LIBRARY_VERSION_TLS_1_0 /* max */
|
|
||||||
};
|
|
||||||
|
|
||||||
--
|
|
||||||
1.9.3
|
|
||||||
|
|
||||||
|
|
||||||
From dd54a5dad0b91c6a626912cc83123f103fa63746 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Kamil Dudka <kdudka@redhat.com>
|
|
||||||
Date: Wed, 2 Jul 2014 16:34:48 +0200
|
|
||||||
Subject: [PATCH 3/3] tool: call PR_Cleanup() on exit if NSPR is used
|
|
||||||
|
|
||||||
This prevents valgrind from reporting possibly lost memory that NSPR
|
|
||||||
uses for file descriptor cache and other globally allocated internal
|
|
||||||
data structures.
|
|
||||||
|
|
||||||
[upstream commit 24c3cdce88f39731506c287cb276e8bf4a1ce393]
|
|
||||||
|
|
||||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
|
||||||
---
|
|
||||||
src/tool_main.c | 9 +++++++++
|
|
||||||
1 file changed, 9 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/src/tool_main.c b/src/tool_main.c
|
|
||||||
index ef96dc3..dc980e0 100644
|
|
||||||
--- a/src/tool_main.c
|
|
||||||
+++ b/src/tool_main.c
|
|
||||||
@@ -27,6 +27,10 @@
|
|
||||||
#include <signal.h>
|
|
||||||
#endif
|
|
||||||
|
|
||||||
+#ifdef USE_NSS
|
|
||||||
+#include <nspr.h>
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
#define ENABLE_CURLX_PRINTF
|
|
||||||
/* use our own printf() functions */
|
|
||||||
#include "curlx.h"
|
|
||||||
@@ -205,6 +209,11 @@ static void main_free(struct GlobalConfig *config)
|
|
||||||
curl_global_cleanup();
|
|
||||||
convert_cleanup();
|
|
||||||
metalink_cleanup();
|
|
||||||
+#ifdef USE_NSS
|
|
||||||
+ if(PR_Initialized())
|
|
||||||
+ /* prevent valgrind from reporting possibly lost memory (fd cache, ...) */
|
|
||||||
+ PR_Cleanup();
|
|
||||||
+#endif
|
|
||||||
free_config_fields(config);
|
|
||||||
|
|
||||||
/* Free the config structures */
|
|
||||||
--
|
|
||||||
1.9.3
|
|
||||||
|
|
@ -1,7 +0,0 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
Version: GnuPG v1
|
|
||||||
|
|
||||||
iEYEABECAAYFAlN8QMkACgkQeOEcayedXJE24wCgr1aAWOegokq2WJQVLDIrW32n
|
|
||||||
je4AoPKSxcgo3RY8MW8SLPvmtGFSDVdz
|
|
||||||
=jHo4
|
|
||||||
-----END PGP SIGNATURE-----
|
|
7
curl-7.37.1.tar.lzma.asc
Normal file
7
curl-7.37.1.tar.lzma.asc
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
Version: GnuPG v1
|
||||||
|
|
||||||
|
iEYEABECAAYFAlPGjoIACgkQeOEcayedXJEelACg3KLWyIN61do2wGJDBbD7OuKE
|
||||||
|
BvUAoLM3qS3woSWA33C4+eWHxESUBJhX
|
||||||
|
=4sUq
|
||||||
|
-----END PGP SIGNATURE-----
|
11
curl.spec
11
curl.spec
@ -1,15 +1,12 @@
|
|||||||
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
||||||
Name: curl
|
Name: curl
|
||||||
Version: 7.37.0
|
Version: 7.37.1
|
||||||
Release: 4%{?dist}
|
Release: 1%{?dist}
|
||||||
License: MIT
|
License: MIT
|
||||||
Group: Applications/Internet
|
Group: Applications/Internet
|
||||||
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
|
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
|
||||||
Source2: curlbuild.h
|
Source2: curlbuild.h
|
||||||
|
|
||||||
# various SSL-related fixes (mainly crash on connection failure)
|
|
||||||
Patch1: 0001-curl-7.37.0-7c215585.patch
|
|
||||||
|
|
||||||
# patch making libcurl multilib ready
|
# patch making libcurl multilib ready
|
||||||
Patch101: 0101-curl-7.32.0-multilib.patch
|
Patch101: 0101-curl-7.32.0-multilib.patch
|
||||||
|
|
||||||
@ -122,7 +119,6 @@ documentation of the library, too.
|
|||||||
%setup -q
|
%setup -q
|
||||||
|
|
||||||
# upstream patches
|
# upstream patches
|
||||||
%patch1 -p1
|
|
||||||
|
|
||||||
# Fedora patches
|
# Fedora patches
|
||||||
%patch101 -p1
|
%patch101 -p1
|
||||||
@ -246,6 +242,9 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
%{_datadir}/aclocal/libcurl.m4
|
%{_datadir}/aclocal/libcurl.m4
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Jul 16 2014 Kamil Dudka <kdudka@redhat.com> 7.37.1-1
|
||||||
|
- new upstream release
|
||||||
|
|
||||||
* Fri Jul 11 2014 Tom Callaway <spot@fedoraproject.org> 7.37.0-4
|
* Fri Jul 11 2014 Tom Callaway <spot@fedoraproject.org> 7.37.0-4
|
||||||
- fix license handling
|
- fix license handling
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user