rpms/curl/devel curl-7.19.6-verifyhost.patch, NONE, 1.1 .cvsignore, 1.35, 1.36 curl.spec, 1.108, 1.109 sources, 1.35, 1.36 curl-7.17.1-badsocket.patch, 1.2, NONE curl-7.19.5-cc.patch, 1.1, NONE curl-7.19.5-cc_refcnt-1.patch, 1.1, NONE curl-7.19.5-cc_refcnt-2.patch, 1.3, NONE
Kamil Dudka
kdudka at fedoraproject.org
Fri Aug 14 09:21:27 UTC 2009
- Previous message (by thread): rpms/netbeans/devel netbeans-6.7.1 at 00-updatecenters.patch, NONE, 1.1 netbeans-6.7.1 at 10-ant-patch.patch, NONE, 1.1 netbeans-6.7.1 at 20-parse-project-xml.patch, NONE, 1.1 netbeans-6.7.1 at 30-build-xml.patch, NONE, 1.1 netbeans-6.7.1 at 40-ide-launcher.patch, NONE, 1.1 netbeans-6.7.1 at 50-build-copy.patch, NONE, 1.1 netbeans-6.7.1 at 60-nosvnkit.patch, NONE, 1.1 netbeans-6.7.1 at 70-small-ide-cluster.patch, NONE, 1.1 netbeans-6.7.1 at 80-check-modules.patch, NONE, 1.1 netbeans-6.7.1 at 90-copy_license.patch, NONE, 1.1 .cvsignore, 1.3, 1.4 import.log, 1.1, 1.2 netbeans.spec, 1.11, 1.12 sources, 1.3, 1.4 netbeans-6.5-00-copy-build.patch, 1.1, NONE netbeans-6.5-10-ant-external-build.patch, 1.1, NONE netbeans-6.5-20-ant-build.patch, 1.1, NONE netbeans-6.5-30-parse-project-xml.patch, 1.1, NONE netbeans-6.5-40-build-xml.patch, 1.1, NONE netbeans-6.5-50-ide-launcher.patch, 1.1, NONE netbeans-6.5-60-small-ide-config.patch, 1.1, NONE netbeans-6.5-70-updatecenters.patch, 1.1, NONE netbeans-6.5-80-nosvnkit.patch, 1.1, NONE
- Next message (by thread): rpms/php-adodb/EL-4 php-adodb.spec,1.3,1.4 sources,1.3,1.4
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: kdudka
Update of /cvs/extras/rpms/curl/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv12257
Modified Files:
.cvsignore curl.spec sources
Added Files:
curl-7.19.6-verifyhost.patch
Removed Files:
curl-7.17.1-badsocket.patch curl-7.19.5-cc.patch
curl-7.19.5-cc_refcnt-1.patch curl-7.19.5-cc_refcnt-2.patch
Log Message:
- new upstream release, dropped applied patches
- changed NSS code to not ignore the value of ssl.verifyhost and produce more
verbose error messages (#516056)
curl-7.19.6-verifyhost.patch:
nss.c | 23 +++++++++++++++++++----
1 file changed, 19 insertions(+), 4 deletions(-)
--- NEW FILE curl-7.19.6-verifyhost.patch ---
diff -rup curl-7.19.6.orig/lib/nss.c curl-7.19.6/lib/nss.c
--- curl-7.19.6.orig/lib/nss.c 2009-08-14 11:14:45.423733097 +0200
+++ curl-7.19.6/lib/nss.c 2009-08-14 11:15:04.142733360 +0200
@@ -615,16 +615,26 @@ static SECStatus BadCertHandler(void *ar
issuer);
break;
case SSL_ERROR_BAD_CERT_DOMAIN:
- if(conn->data->set.ssl.verifypeer)
+ if(conn->data->set.ssl.verifyhost) {
+ failf(conn->data, "common name '%s' does not match '%s'",
+ subject, conn->host.dispname);
success = SECFailure;
- infof(conn->data, "common name: %s (does not match '%s')\n",
- subject, conn->host.dispname);
+ } else {
+ infof(conn->data, "warning: common name '%s' does not match '%s'\n",
+ subject, conn->host.dispname);
+ }
break;
case SEC_ERROR_EXPIRED_CERTIFICATE:
if(conn->data->set.ssl.verifypeer)
success = SECFailure;
infof(conn->data, "Remote Certificate has expired.\n");
break;
+ case SEC_ERROR_UNKNOWN_ISSUER:
+ if(conn->data->set.ssl.verifypeer)
+ success = SECFailure;
+ infof(conn->data, "Peer's certificate issuer is not recognized: '%s'\n",
+ issuer);
+ break;
default:
if(conn->data->set.ssl.verifypeer)
success = SECFailure;
@@ -1067,6 +1077,9 @@ CURLcode Curl_nss_connect(struct connect
}
}
+ if(data->set.ssl.verifyhost == 1)
+ infof(data, "warning: ignoring unsupported value (1) of ssl.verifyhost\n");
+
data->set.ssl.certverifyresult=0; /* not checked yet */
if(SSL_BadCertHook(model, (SSLBadCertHandler) BadCertHandler, conn)
!= SECSuccess) {
@@ -1200,7 +1213,9 @@ CURLcode Curl_nss_connect(struct connect
if(SSL_ForceHandshakeWithTimeout(connssl->handle,
PR_SecondsToInterval(HANDSHAKE_TIMEOUT))
!= SECSuccess) {
- if(conn->data->set.ssl.certverifyresult!=0)
+ if(conn->data->set.ssl.certverifyresult == SSL_ERROR_BAD_CERT_DOMAIN)
+ curlerr = CURLE_PEER_FAILED_VERIFICATION;
+ else if(conn->data->set.ssl.certverifyresult!=0)
curlerr = CURLE_SSL_CACERT;
goto error;
}
Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/curl/devel/.cvsignore,v
retrieving revision 1.35
retrieving revision 1.36
diff -u -p -r1.35 -r1.36
--- .cvsignore 12 Aug 2009 17:04:04 -0000 1.35
+++ .cvsignore 14 Aug 2009 09:21:24 -0000 1.36
@@ -1 +1,2 @@
curl-7.19.5.tar.lzma
+curl-7.19.6.tar.lzma
Index: curl.spec
===================================================================
RCS file: /cvs/extras/rpms/curl/devel/curl.spec,v
retrieving revision 1.108
retrieving revision 1.109
diff -u -p -r1.108 -r1.109
--- curl.spec 12 Aug 2009 17:04:04 -0000 1.108
+++ curl.spec 14 Aug 2009 09:21:25 -0000 1.109
@@ -1,18 +1,15 @@
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
Name: curl
-Version: 7.19.5
-Release: 10%{?dist}
+Version: 7.19.6
+Release: 1%{?dist}
License: MIT
Group: Applications/Internet
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
Source2: curlbuild.h
-Patch1: curl-7.15.3-multilib.patch
-Patch2: curl-7.16.0-privlibs.patch
-Patch3: curl-7.17.1-badsocket.patch
-Patch4: curl-7.19.4-debug.patch
-Patch5: curl-7.19.5-cc_refcnt-1.patch
-Patch6: curl-7.19.5-cc_refcnt-2.patch
-Patch7: curl-7.19.5-cc.patch
+Patch1: curl-7.19.6-verifyhost.patch
+Patch101: curl-7.15.3-multilib.patch
+Patch102: curl-7.16.0-privlibs.patch
+Patch103: curl-7.19.4-debug.patch
Provides: webclient
URL: http://curl.haxx.se/
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -53,13 +50,14 @@ use cURL's capabilities internally.
%prep
%setup -q
+
+# upstream patches
%patch1 -p1
-%patch2 -p1
-%patch3 -p1
-%patch4 -p1
-%patch5 -p1
-%patch6 -p1
-%patch7 -p1
+
+# Fedora patches
+%patch101 -p1
+%patch102 -p1
+%patch103 -p1
# Convert docs to UTF-8
for f in CHANGES README; do
@@ -142,6 +140,11 @@ rm -rf $RPM_BUILD_ROOT
%{_datadir}/aclocal/libcurl.m4
%changelog
+* Fri Aug 14 2009 Kamil Dudka <kdudka at redhat.com> 7.19.6-1
+- new upstream release, dropped applied patches
+- changed NSS code to not ignore the value of ssl.verifyhost and produce more
+ verbose error messages (#516056)
+
* Wed Aug 12 2009 Ville Skyttä <ville.skytta at iki.fi> - 7.19.5-10
- Use lzma compressed upstream tarball.
Index: sources
===================================================================
RCS file: /cvs/extras/rpms/curl/devel/sources,v
retrieving revision 1.35
retrieving revision 1.36
diff -u -p -r1.35 -r1.36
--- sources 12 Aug 2009 17:04:04 -0000 1.35
+++ sources 14 Aug 2009 09:21:25 -0000 1.36
@@ -1 +1,2 @@
e4612af6cc471879ae0f4727457eb6fc curl-7.19.5.tar.lzma
+9351ad8ee0bea75015dfa9ec6248e055 curl-7.19.6.tar.lzma
--- curl-7.17.1-badsocket.patch DELETED ---
--- curl-7.19.5-cc.patch DELETED ---
--- curl-7.19.5-cc_refcnt-1.patch DELETED ---
--- curl-7.19.5-cc_refcnt-2.patch DELETED ---
- Previous message (by thread): rpms/netbeans/devel netbeans-6.7.1 at 00-updatecenters.patch, NONE, 1.1 netbeans-6.7.1 at 10-ant-patch.patch, NONE, 1.1 netbeans-6.7.1 at 20-parse-project-xml.patch, NONE, 1.1 netbeans-6.7.1 at 30-build-xml.patch, NONE, 1.1 netbeans-6.7.1 at 40-ide-launcher.patch, NONE, 1.1 netbeans-6.7.1 at 50-build-copy.patch, NONE, 1.1 netbeans-6.7.1 at 60-nosvnkit.patch, NONE, 1.1 netbeans-6.7.1 at 70-small-ide-cluster.patch, NONE, 1.1 netbeans-6.7.1 at 80-check-modules.patch, NONE, 1.1 netbeans-6.7.1 at 90-copy_license.patch, NONE, 1.1 .cvsignore, 1.3, 1.4 import.log, 1.1, 1.2 netbeans.spec, 1.11, 1.12 sources, 1.3, 1.4 netbeans-6.5-00-copy-build.patch, 1.1, NONE netbeans-6.5-10-ant-external-build.patch, 1.1, NONE netbeans-6.5-20-ant-build.patch, 1.1, NONE netbeans-6.5-30-parse-project-xml.patch, 1.1, NONE netbeans-6.5-40-build-xml.patch, 1.1, NONE netbeans-6.5-50-ide-launcher.patch, 1.1, NONE netbeans-6.5-60-small-ide-config.patch, 1.1, NONE netbeans-6.5-70-updatecenters.patch, 1.1, NONE netbeans-6.5-80-nosvnkit.patch, 1.1, NONE
- Next message (by thread): rpms/php-adodb/EL-4 php-adodb.spec,1.3,1.4 sources,1.3,1.4
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list