rpms/curl/F-11 curl-7.19.6-verifyhost.patch, NONE, 1.1 .cvsignore, 1.33, 1.34 curl.spec, 1.96, 1.97 sources, 1.33, 1.34 curl-7.17.1-badsocket.patch, 1.2, NONE curl-7.19.4-enable-aes.patch, 1.1, NONE curl-7.19.4-infloop.patch, 1.1, NONE curl-7.19.4-nss-leak.patch, 1.1, NONE curl-7.19.4-tool-leak.patch, 1.1, NONE
Kamil Dudka
kdudka at fedoraproject.org
Fri Aug 14 09:32:23 UTC 2009
Author: kdudka
Update of /cvs/extras/rpms/curl/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv15118
Modified Files:
.cvsignore curl.spec sources
Added Files:
curl-7.19.6-verifyhost.patch
Removed Files:
curl-7.17.1-badsocket.patch curl-7.19.4-enable-aes.patch
curl-7.19.4-infloop.patch curl-7.19.4-nss-leak.patch
curl-7.19.4-tool-leak.patch
Log Message:
- new upstream release, dropped applied patches
- changed NSS code to not ignore the value of ssl.verifyhost and produce more
verbose error messages (#516056)
curl-7.19.6-verifyhost.patch:
nss.c | 23 +++++++++++++++++++----
1 file changed, 19 insertions(+), 4 deletions(-)
--- NEW FILE curl-7.19.6-verifyhost.patch ---
diff -rup curl-7.19.6.orig/lib/nss.c curl-7.19.6/lib/nss.c
--- curl-7.19.6.orig/lib/nss.c 2009-08-14 11:14:45.423733097 +0200
+++ curl-7.19.6/lib/nss.c 2009-08-14 11:15:04.142733360 +0200
@@ -615,16 +615,26 @@ static SECStatus BadCertHandler(void *ar
issuer);
break;
case SSL_ERROR_BAD_CERT_DOMAIN:
- if(conn->data->set.ssl.verifypeer)
+ if(conn->data->set.ssl.verifyhost) {
+ failf(conn->data, "common name '%s' does not match '%s'",
+ subject, conn->host.dispname);
success = SECFailure;
- infof(conn->data, "common name: %s (does not match '%s')\n",
- subject, conn->host.dispname);
+ } else {
+ infof(conn->data, "warning: common name '%s' does not match '%s'\n",
+ subject, conn->host.dispname);
+ }
break;
case SEC_ERROR_EXPIRED_CERTIFICATE:
if(conn->data->set.ssl.verifypeer)
success = SECFailure;
infof(conn->data, "Remote Certificate has expired.\n");
break;
+ case SEC_ERROR_UNKNOWN_ISSUER:
+ if(conn->data->set.ssl.verifypeer)
+ success = SECFailure;
+ infof(conn->data, "Peer's certificate issuer is not recognized: '%s'\n",
+ issuer);
+ break;
default:
if(conn->data->set.ssl.verifypeer)
success = SECFailure;
@@ -1067,6 +1077,9 @@ CURLcode Curl_nss_connect(struct connect
}
}
+ if(data->set.ssl.verifyhost == 1)
+ infof(data, "warning: ignoring unsupported value (1) of ssl.verifyhost\n");
+
data->set.ssl.certverifyresult=0; /* not checked yet */
if(SSL_BadCertHook(model, (SSLBadCertHandler) BadCertHandler, conn)
!= SECSuccess) {
@@ -1200,7 +1213,9 @@ CURLcode Curl_nss_connect(struct connect
if(SSL_ForceHandshakeWithTimeout(connssl->handle,
PR_SecondsToInterval(HANDSHAKE_TIMEOUT))
!= SECSuccess) {
- if(conn->data->set.ssl.certverifyresult!=0)
+ if(conn->data->set.ssl.certverifyresult == SSL_ERROR_BAD_CERT_DOMAIN)
+ curlerr = CURLE_PEER_FAILED_VERIFICATION;
+ else if(conn->data->set.ssl.certverifyresult!=0)
curlerr = CURLE_SSL_CACERT;
goto error;
}
Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/curl/F-11/.cvsignore,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -p -r1.33 -r1.34
--- .cvsignore 3 Mar 2009 07:08:27 -0000 1.33
+++ .cvsignore 14 Aug 2009 09:32:22 -0000 1.34
@@ -1 +1 @@
-curl-7.19.4.tar.bz2
+curl-7.19.6.tar.bz2
Index: curl.spec
===================================================================
RCS file: /cvs/extras/rpms/curl/F-11/curl.spec,v
retrieving revision 1.96
retrieving revision 1.97
diff -u -p -r1.96 -r1.97
--- curl.spec 10 Jun 2009 13:21:09 -0000 1.96
+++ curl.spec 14 Aug 2009 09:32:22 -0000 1.97
@@ -1,18 +1,15 @@
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
Name: curl
-Version: 7.19.4
-Release: 9%{?dist}
+Version: 7.19.6
+Release: 1%{?dist}
License: MIT
Group: Applications/Internet
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.bz2
-Patch1: curl-7.15.3-multilib.patch
-Patch2: curl-7.16.0-privlibs.patch
-Patch3: curl-7.17.1-badsocket.patch
-Patch4: curl-7.19.4-tool-leak.patch
-Patch5: curl-7.19.4-enable-aes.patch
-Patch6: curl-7.19.4-nss-leak.patch
-Patch7: curl-7.19.4-debug.patch
-Patch8: curl-7.19.4-infloop.patch
+Patch1: curl-7.19.6-verifyhost.patch
+Patch101: curl-7.15.3-multilib.patch
+Patch102: curl-7.16.0-privlibs.patch
+Patch103: curl-7.19.4-debug.patch
+Provides: webclient
Provides: webclient
URL: http://curl.haxx.se/
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -52,14 +49,14 @@ use cURL's capabilities internally.
%prep
%setup -q
-%patch1 -p1 -b .multilib
-%patch2 -p1 -b .privlibs
-%patch3 -p1 -b .badsocket
-%patch4 -p1 -b .toolleak
-%patch5 -p1 -b .enableaes
-%patch6 -p1 -b .nssleak
-%patch7 -p1 -b .debug
-%patch8 -p1 -b .infloop
+
+# upstream patches
+%patch1 -p1
+
+# Fedora patches
+%patch101 -p1
+%patch102 -p1
+%patch103 -p1
# Convert docs to UTF-8
for f in CHANGES README; do
@@ -152,6 +149,11 @@ rm -rf $RPM_BUILD_ROOT
%{_datadir}/aclocal/libcurl.m4
%changelog
+* Fri Aug 14 2009 Kamil Dudka <kdudka at redhat.com> 7.19.6-1
+- new upstream release, dropped applied patches
+- changed NSS code to not ignore the value of ssl.verifyhost and produce more
+ verbose error messages (#516056)
+
* Wed Jun 10 2009 Kamil Dudka <kdudka at redhat.com> 7.19.4-9
- avoid unguarded comparison in the spec file, thanks to R P Herrold (#504857)
Index: sources
===================================================================
RCS file: /cvs/extras/rpms/curl/F-11/sources,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -p -r1.33 -r1.34
--- sources 3 Mar 2009 07:08:27 -0000 1.33
+++ sources 14 Aug 2009 09:32:23 -0000 1.34
@@ -1 +1 @@
-2734167c1e5f7ce6be99b75d2d371d85 curl-7.19.4.tar.bz2
+8402c1f654c51ad7287aad57c3aa79be curl-7.19.6.tar.bz2
--- curl-7.17.1-badsocket.patch DELETED ---
--- curl-7.19.4-enable-aes.patch DELETED ---
--- curl-7.19.4-infloop.patch DELETED ---
--- curl-7.19.4-nss-leak.patch DELETED ---
--- curl-7.19.4-tool-leak.patch DELETED ---
More information about the fedora-extras-commits
mailing list