rpms/curl/devel curl-7.19.4-enable-aes.patch, NONE, 1.1 curl.spec, 1.91, 1.92
Kamil Dudka
kdudka at fedoraproject.org
Wed Mar 18 17:01:33 UTC 2009
- Previous message (by thread): rpms/pdns/EL-4 .cvsignore, 1.5, 1.6 pdns.spec, 1.8, 1.9 sources, 1.5, 1.6 pdns-avoid-version.patch, 1.2, NONE
- Next message (by thread): rpms/rubygem-nokogiri/F-9 rubygem-nokogiri.spec,1.3,1.4
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: kdudka
Update of /cvs/extras/rpms/curl/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv25902
Modified Files:
curl.spec
Added Files:
curl-7.19.4-enable-aes.patch
Log Message:
enable 6 additional crypto algorithms by default (#436781)
curl-7.19.4-enable-aes.patch:
--- NEW FILE curl-7.19.4-enable-aes.patch ---
diff -ruNp curl.orig/lib/nss.c curl/lib/nss.c
--- curl.orig/lib/nss.c 2009-03-04 17:54:28.459240000 +0100
+++ curl/lib/nss.c 2009-03-18 11:38:34.245797020 +0100
@@ -162,6 +162,18 @@ static const cipher_s cipherlist[] = {
#endif
};
+/* following ciphers are new in NSS 3.4 and not enabled by default, therefor
+ they are enabled explicitly */
+static const int enable_ciphers_by_default[] = {
+ TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
+ TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
+ TLS_RSA_WITH_AES_128_CBC_SHA,
+ TLS_RSA_WITH_AES_256_CBC_SHA,
+ SSL_NULL_WITH_NULL_NULL
+};
+
#ifdef HAVE_PK11_CREATEGENERICOBJECT
static const char* pem_library = "libnsspem.so";
#endif
@@ -954,6 +966,7 @@ CURLcode Curl_nss_connect(struct connect
#endif
char *certDir = NULL;
int curlerr;
+ const int *cipher_to_enable;
curlerr = CURLE_SSL_CONNECT_ERROR;
@@ -1057,6 +1070,16 @@ CURLcode Curl_nss_connect(struct connect
if(SSL_OptionSet(model, SSL_V2_COMPATIBLE_HELLO, ssl2) != SECSuccess)
goto error;
+ /* enable all ciphers from enable_ciphers_by_default */
+ cipher_to_enable = enable_ciphers_by_default;
+ while (SSL_NULL_WITH_NULL_NULL != *cipher_to_enable) {
+ if (SSL_CipherPrefSet(model, *cipher_to_enable, PR_TRUE) != SECSuccess) {
+ curlerr = CURLE_SSL_CIPHER;
+ goto error;
+ }
+ cipher_to_enable++;
+ }
+
if(data->set.ssl.cipher_list) {
if(set_ciphers(data, model, data->set.ssl.cipher_list) != SECSuccess) {
curlerr = CURLE_SSL_CIPHER;
Index: curl.spec
===================================================================
RCS file: /cvs/extras/rpms/curl/devel/curl.spec,v
retrieving revision 1.91
retrieving revision 1.92
diff -u -r1.91 -r1.92
--- curl.spec 12 Mar 2009 10:20:53 -0000 1.91
+++ curl.spec 18 Mar 2009 17:01:02 -0000 1.92
@@ -1,7 +1,7 @@
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
Name: curl
Version: 7.19.4
-Release: 4%{?dist}
+Release: 5%{?dist}
License: MIT
Group: Applications/Internet
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.bz2
@@ -9,6 +9,7 @@
Patch2: curl-7.16.0-privlibs.patch
Patch3: curl-7.17.1-badsocket.patch
Patch4: curl-7.19.4-tool-leak.patch
+Patch5: curl-7.19.4-enable-aes.patch
Provides: webclient
URL: http://curl.haxx.se/
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -54,6 +55,7 @@
%patch2 -p1 -b .privlibs
%patch3 -p1 -b .badsocket
%patch4 -p1 -b .toolleak
+%patch5 -p1 -b .enableaes
# Convert docs to UTF-8
for f in CHANGES README; do
@@ -145,6 +147,10 @@
%{_datadir}/aclocal/libcurl.m4
%changelog
+* Wed Mar 18 2009 Kamil Dudka <kdudka at redhat.com> 7.19.4-5
+- enable 6 additional crypto algorithms by default (#436781,
+ accepted by upstream)
+
* Thu Mar 12 2009 Kamil Dudka <kdudka at redhat.com> 7.19.4-4
- fix memory leak in src/main.c (accepted by upstream)
- avoid using %ifarch
- Previous message (by thread): rpms/pdns/EL-4 .cvsignore, 1.5, 1.6 pdns.spec, 1.8, 1.9 sources, 1.5, 1.6 pdns-avoid-version.patch, 1.2, NONE
- Next message (by thread): rpms/rubygem-nokogiri/F-9 rubygem-nokogiri.spec,1.3,1.4
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list