rpms/curl/F-9 curl-7.19.4-easy-leak.patch, NONE, 1.1 .cvsignore, 1.31, 1.32 curl-7.17.1-badsocket.patch, 1.1, 1.2 curl.spec, 1.81, 1.82 sources, 1.31, 1.32 curl-7.17.1-sslgen.patch, 1.1, NONE curl-7.18.2-nss-init.patch, 1.1, NONE curl-7.18.2-nssproxy.patch, 1.1, NONE

Tue Mar 3 07:43:53 UTC 2009

Author: jnovy

Update of /cvs/pkgs/rpms/curl/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv3198

Modified Files:
	.cvsignore curl-7.17.1-badsocket.patch curl.spec sources 
Added Files:
	curl-7.19.4-easy-leak.patch 
Removed Files:
	curl-7.17.1-sslgen.patch curl-7.18.2-nss-init.patch 
	curl-7.18.2-nssproxy.patch 
Log Message:
* Tue Mar 03 2009 Jindrich Novy <jnovy at redhat.com> 7.19.4-1
- update to 7.19.4 (fixes CVE-2009-0037)
- fix leak in curl_easy* functions, thanks to Kamil Dudka
- drop nss-proxy, sslgen, nss-init patches
- update badsocket patch


curl-7.19.4-easy-leak.patch:

--- NEW FILE curl-7.19.4-easy-leak.patch ---
diff -up curl-7.19.4/lib/easy.c.easy-leak curl-7.19.4/lib/easy.c
--- curl-7.19.4/lib/easy.c.easy-leak	2009-01-29 21:41:51.000000000 +0100
+++ curl-7.19.4/lib/easy.c	2009-03-03 07:54:58.000000000 +0100
@@ -352,13 +352,11 @@ CURL *curl_easy_init(void)
   struct SessionHandle *data;
 
   /* Make sure we inited the global SSL stuff */
-  if(!initialized) {
-    res = curl_global_init(CURL_GLOBAL_DEFAULT);
-    if(res) {
-      /* something in the global init failed, return nothing */
-      DEBUGF(fprintf(stderr, "Error: curl_global_init failed\n"));
-      return NULL;
-    }
+  res = curl_global_init(CURL_GLOBAL_DEFAULT);
+  if(res) {
+    /* something in the global init failed, return nothing */
+    DEBUGF(fprintf(stderr, "Error: curl_global_init failed\n"));
+    return NULL;
   }
 
   /* We use curl_open() with undefined URL so far */
@@ -549,10 +547,10 @@ void curl_easy_cleanup(CURL *curl)
 {
   struct SessionHandle *data = (struct SessionHandle *)curl;
 
-  if(!data)
-    return;
+  if(data)
+    Curl_close(data);
 
-  Curl_close(data);
+  curl_global_cleanup();
 }
 
 /*


Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/curl/F-9/.cvsignore,v
retrieving revision 1.31
retrieving revision 1.32
diff -u -r1.31 -r1.32
--- .cvsignore	18 Jun 2008 06:16:34 -0000	1.31
+++ .cvsignore	3 Mar 2009 07:43:22 -0000	1.32
@@ -1 +1 @@
-curl-7.18.2.tar.bz2
+curl-7.19.4.tar.bz2

curl-7.17.1-badsocket.patch:

Index: curl-7.17.1-badsocket.patch
===================================================================
RCS file: /cvs/pkgs/rpms/curl/F-9/curl-7.17.1-badsocket.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- curl-7.17.1-badsocket.patch	8 Jan 2008 14:18:28 -0000	1.1
+++ curl-7.17.1-badsocket.patch	3 Mar 2009 07:43:22 -0000	1.2
@@ -1,13 +1,13 @@
-diff -up curl-7.17.1/lib/ftp.c.badsocket curl-7.17.1/lib/ftp.c
---- curl-7.17.1/lib/ftp.c.badsocket	2007-10-27 00:25:19.000000000 +0200
-+++ curl-7.17.1/lib/ftp.c	2008-01-08 15:09:03.000000000 +0100
-@@ -3228,7 +3228,8 @@ static CURLcode Curl_ftp_done(struct con
-     /* Note that we keep "use" set to TRUE since that (next) connection is
-        still requested to use SSL */
-   }
--  sclose(conn->sock[SECONDARYSOCKET]);
-+  if(CURL_SOCKET_BAD != conn->sock[SECONDARYSOCKET])
-+    sclose(conn->sock[SECONDARYSOCKET]);
- 
-   conn->sock[SECONDARYSOCKET] = CURL_SOCKET_BAD;
+diff -ruNp curl-7.19.3.orig/lib/ftp.c curl-7.19.3/lib/ftp.c
+--- curl-7.19.3.orig/lib/ftp.c	2009-02-11 10:57:33.334280000 +0100
++++ curl-7.19.3/lib/ftp.c	2009-02-11 10:59:43.957585266 +0100
+@@ -3222,7 +3222,8 @@ static CURLcode ftp_done(struct connectd
+       /* Note that we keep "use" set to TRUE since that (next) connection is
+          still requested to use SSL */
+     }
+-    sclose(conn->sock[SECONDARYSOCKET]);
++    if(CURL_SOCKET_BAD != conn->sock[SECONDARYSOCKET])
++      sclose(conn->sock[SECONDARYSOCKET]);
  
+     conn->sock[SECONDARYSOCKET] = CURL_SOCKET_BAD;
+   }


Index: curl.spec
===================================================================
RCS file: /cvs/pkgs/rpms/curl/F-9/curl.spec,v
retrieving revision 1.81
retrieving revision 1.82
diff -u -r1.81 -r1.82
--- curl.spec	14 Dec 2008 19:54:06 -0000	1.81
+++ curl.spec	3 Mar 2009 07:43:22 -0000	1.82
@@ -1,15 +1,14 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
-Version: 7.18.2
-Release: 7%{?dist}
+Version: 7.19.4
+Release: 1%{?dist}
 License: MIT
 Group: Applications/Internet
 Source: http://curl.haxx.se/download/%{name}-%{version}.tar.bz2
 Patch1: curl-7.15.3-multilib.patch
 Patch2: curl-7.16.0-privlibs.patch
 Patch3: curl-7.17.1-badsocket.patch
-Patch4: curl-7.18.2-nssproxy.patch
-Patch5: curl-7.18.2-nss-init.patch
+Patch4: curl-7.19.4-easy-leak.patch
 Provides: webclient
 URL: http://curl.haxx.se/
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -50,8 +49,7 @@
 %patch1 -p1 -b .multilib
 %patch2 -p1 -b .privlibs
 %patch3 -p1 -b .badsocket
-%patch4 -p1 -b .nssproxy
-%patch5 -p1 -b .nssinit
+%patch4 -p1 -b .easy-leak
 
 # Convert docs to UTF-8
 for f in CHANGES README; do
@@ -120,6 +118,12 @@
 %{_datadir}/aclocal/libcurl.m4
 
 %changelog
+* Tue Mar 03 2009 Jindrich Novy <jnovy at redhat.com> 7.19.4-1
+- update to 7.19.4 (fixes CVE-2009-0037)
+- fix leak in curl_easy* functions, thanks to Kamil Dudka
+- drop nss-proxy, sslgen, nss-init patches
+- update badsocket patch
+
 * Sun Dec 14 2008 Jindrich Novy <jnovy at redhat.com> 7.18.2-7
 - use improved NSS patch, thanks to Rob Crittenden (#472489)
 


Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/curl/F-9/sources,v
retrieving revision 1.31
retrieving revision 1.32
diff -u -r1.31 -r1.32
--- sources	18 Jun 2008 06:16:34 -0000	1.31
+++ sources	3 Mar 2009 07:43:22 -0000	1.32
@@ -1 +1 @@
-c389be5b0525276e58865956b7465562  curl-7.18.2.tar.bz2
+2734167c1e5f7ce6be99b75d2d371d85  curl-7.19.4.tar.bz2


--- curl-7.17.1-sslgen.patch DELETED ---


--- curl-7.18.2-nss-init.patch DELETED ---


--- curl-7.18.2-nssproxy.patch DELETED ---


