rpms/curl/devel curl-7.19.7-modelfree.patch, NONE, 1.1 curl-7.19.7-ssl-retry.patch, 1.1, 1.2 curl.spec, 1.124, 1.125

Kamil Dudka kdudka at fedoraproject.org
Thu Nov 12 12:00:35 UTC 2009 

Author: kdudka

Update of /cvs/extras/rpms/curl/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv27000

Modified Files:
	curl-7.19.7-ssl-retry.patch curl.spec 
Added Files:
	curl-7.19.7-modelfree.patch 
Log Message:
- fix crash on doubly closed NSPR descriptor, patch contributed
  by Kevin Baughman (#534176)
- new version of patch for broken TLS servers (#525496, #527771)

curl-7.19.7-modelfree.patch:
 nss.c |    1 +
 1 file changed, 1 insertion(+)

--- NEW FILE curl-7.19.7-modelfree.patch ---
diff --git a/lib/nss.c b/lib/nss.c
index f5c69e6..d1a9d1a 100644
--- a/lib/nss.c
+++ b/lib/nss.c
@@ -1265,6 +1265,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
   if(!connssl->handle)
     goto error;
   PR_Close(model); /* We don't need this any more */
+  model = NULL;
 
   /* This is the password associated with the cert that we're using */
   if (data->set.str[STRING_KEY_PASSWD]) {

curl-7.19.7-ssl-retry.patch:
 nss.c      |   50 +++++++++++++++++++++++++++++++++++++++++++++++++-
 transfer.c |    5 +++--
 urldata.h  |    3 +++
 3 files changed, 55 insertions(+), 3 deletions(-)

Index: curl-7.19.7-ssl-retry.patch
===================================================================
RCS file: /cvs/extras/rpms/curl/devel/curl-7.19.7-ssl-retry.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- curl-7.19.7-ssl-retry.patch	4 Nov 2009 14:05:38 -0000	1.1
+++ curl-7.19.7-ssl-retry.patch	12 Nov 2009 12:00:33 -0000	1.2
@@ -1,5 +1,5 @@
 diff --git a/lib/nss.c b/lib/nss.c
-index 6e8d242..93dfe16 100644
+index 6e8d242..f5c69e6 100644
 --- a/lib/nss.c
 +++ b/lib/nss.c
 @@ -844,6 +844,36 @@ static SECStatus SelectClientCert(void *arg, PRFileDesc *sock,
@@ -52,13 +52,8 @@ index 6e8d242..93dfe16 100644
      break;
    case CURL_SSLVERSION_TLSv1:
      tlsv1 = PR_TRUE;
-@@ -1101,9 +1135,13 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
-   if(SSL_OptionSet(model, SSL_ENABLE_TLS, tlsv1) != SECSuccess)
-     goto error;
- 
--  if(SSL_OptionSet(model, SSL_V2_COMPATIBLE_HELLO, ssl2) != SECSuccess)
-+  if(SSL_OptionSet(model, SSL_V2_COMPATIBLE_HELLO, ssl2
-+        || data->state.ssl_connect_retry) != SECSuccess)
+@@ -1104,6 +1138,9 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
+   if(SSL_OptionSet(model, SSL_V2_COMPATIBLE_HELLO, ssl2) != SECSuccess)
      goto error;
  
 +  /* reset the flag to avoid an infinite loop */
@@ -67,7 +62,7 @@ index 6e8d242..93dfe16 100644
    /* enable all ciphers from enable_ciphers_by_default */
    cipher_to_enable = enable_ciphers_by_default;
    while (SSL_NULL_WITH_NULL_NULL != *cipher_to_enable) {
-@@ -1280,10 +1318,21 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
+@@ -1280,10 +1317,21 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
    return CURLE_OK;
  
  error:


Index: curl.spec
===================================================================
RCS file: /cvs/extras/rpms/curl/devel/curl.spec,v
retrieving revision 1.124
retrieving revision 1.125
diff -u -p -r1.124 -r1.125
--- curl.spec	4 Nov 2009 14:12:48 -0000	1.124
+++ curl.spec	12 Nov 2009 12:00:33 -0000	1.125
@@ -1,13 +1,14 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
 Version: 7.19.7
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: MIT
 Group: Applications/Internet
 Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
 Source2: curlbuild.h
 Patch1: curl-7.19.7-nss-nonblock.patch
 Patch2: curl-7.19.7-ssl-retry.patch
+Patch3: curl-7.19.7-modelfree.patch
 Patch101: curl-7.15.3-multilib.patch
 Patch102: curl-7.16.0-privlibs.patch
 Patch103: curl-7.19.4-debug.patch
@@ -69,9 +70,10 @@ use cURL's capabilities internally.
 %prep
 %setup -q
 
-# upstream patches (not yet applied)
+# upstream patches (already applied)
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1
 
 # Fedora patches
 %patch101 -p1
@@ -102,7 +104,7 @@ make %{?_smp_mflags}
 %check
 export LD_LIBRARY_PATH=$RPM_BUILD_ROOT%{_libdir}
 make %{?_smp_mflags} -C tests
-cd tests && ./runtests.pl -k -p -v
+cd tests && ./runtests.pl -a -k -p -v
 
 %install
 rm -rf $RPM_BUILD_ROOT
@@ -160,6 +162,12 @@ rm -rf $RPM_BUILD_ROOT
 %{_datadir}/aclocal/libcurl.m4
 
 %changelog
+* Thu Nov 12 2009 Kamil Dudka <kdudka at redhat.com> 7.19.7-3
+- fix crash on doubly closed NSPR descriptor, patch contributed
+  by Kevin Baughman (#534176)
+- new version of patch for broken TLS servers (#525496, #527771)
+
+
 * Wed Nov 04 2009 Kamil Dudka <kdudka at redhat.com> 7.19.7-2
 - increased release number (CVS problem)

More information about the fedora-extras-commits mailing list