summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRemi Collet <fedora@famillecollet.com>2011-08-16 11:18:11 +0200
committerRemi Collet <fedora@famillecollet.com>2011-08-16 11:18:11 +0200
commit21ee30a359fdab83d7d2ba104c1eee49d2a79f69 (patch)
tree1d8e47efffcbc98c0c50eb8d3286395b582c090f
parentf03f93906785221ae37dd39262ccd3e986525ac1 (diff)
curl, sync with rawhide, prepare EL-5 build
-rw-r--r--0001-curl-7.21.7-a7864c4.patch453
-rw-r--r--0002-curl-7.21.7-5eb2396.patch30
-rw-r--r--0003-curl-7.21.7-5538904.patch131
-rw-r--r--0004-curl-7.21.7-d6f319f.patch118
-rw-r--r--curl.spec39
5 files changed, 768 insertions, 3 deletions
diff --git a/0001-curl-7.21.7-a7864c4.patch b/0001-curl-7.21.7-a7864c4.patch
new file mode 100644
index 0000000..477f1e1
--- /dev/null
+++ b/0001-curl-7.21.7-a7864c4.patch
@@ -0,0 +1,453 @@
+From fd86734fca0945b2d6b90d6d7d0224cf0732114a Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Wed, 3 Aug 2011 12:48:49 +0200
+Subject: [PATCH 1/2] curl - rhbz #719939
+
+---
+ docs/libcurl/curl_easy_setopt.3 | 8 ++++++
+ docs/libcurl/symbols-in-versions | 4 +++
+ include/curl/curl.h | 7 +++++
+ lib/Makefile.in | 18 +++++++++++---
+ lib/Makefile.inc | 4 +-
+ lib/curl_gssapi.c | 44 ++++++++++++++++++++++++++++++++++++
+ lib/curl_gssapi.h | 46 ++++++++++++++++++++++++++++++++++++++
+ lib/http_negotiate.c | 6 ++++-
+ lib/krb5.c | 6 ++++-
+ lib/socks_gssapi.c | 7 ++++-
+ lib/url.c | 6 +++++
+ lib/urldata.h | 3 ++
+ 12 files changed, 149 insertions(+), 10 deletions(-)
+ create mode 100644 lib/curl_gssapi.c
+ create mode 100644 lib/curl_gssapi.h
+
+diff --git a/docs/libcurl/curl_easy_setopt.3 b/docs/libcurl/curl_easy_setopt.3
+index c2804f3..3b7826b 100644
+--- a/docs/libcurl/curl_easy_setopt.3
++++ b/docs/libcurl/curl_easy_setopt.3
+@@ -2105,6 +2105,14 @@ of these, 'private' will be used. Set the string to NULL to disable kerberos
+ support for FTP.
+
+ (This option was known as CURLOPT_KRB4LEVEL up to 7.16.3)
++.IP CURLOPT_GSSAPI_DELEGATION
++Set the parameter to CURLGSSAPI_DELEGATION_FLAG to allow unconditional GSSAPI
++credential delegation. The delegation is disabled by default since 7.21.7.
++Set the parameter to CURLGSSAPI_DELEGATION_POLICY_FLAG to delegate only if
++the OK-AS-DELEGATE flag is set in the service ticket in case this feature is
++supported by the GSSAPI implementation and the definition of
++GSS_C_DELEG_POLICY_FLAG was available at compile-time.
++(Added in 7.21.8)
+ .SH SSH OPTIONS
+ .IP CURLOPT_SSH_AUTH_TYPES
+ Pass a long set to a bitmask consisting of one or more of
+diff --git a/docs/libcurl/symbols-in-versions b/docs/libcurl/symbols-in-versions
+index 9257fb1..3c8f715 100644
+--- a/docs/libcurl/symbols-in-versions
++++ b/docs/libcurl/symbols-in-versions
+@@ -186,6 +186,9 @@ CURLFTPSSL_TRY 7.11.0 7.17.0
+ CURLFTP_CREATE_DIR 7.19.4
+ CURLFTP_CREATE_DIR_NONE 7.19.4
+ CURLFTP_CREATE_DIR_RETRY 7.19.4
++CURLGSSAPI_DELEGATION_FLAG 7.21.8
++CURLGSSAPI_DELEGATION_NONE 7.21.8
++CURLGSSAPI_DELEGATION_POLICY_FLAG 7.21.8
+ CURLINFO_APPCONNECT_TIME 7.19.0
+ CURLINFO_CERTINFO 7.19.1
+ CURLINFO_CONDITION_UNMET 7.19.4
+@@ -344,6 +347,7 @@ CURLOPT_FTP_SSL_CCC 7.16.1
+ CURLOPT_FTP_USE_EPRT 7.10.5
+ CURLOPT_FTP_USE_EPSV 7.9.2
+ CURLOPT_FTP_USE_PRET 7.20.0
++CURLOPT_GSSAPI_DELEGATION 7.21.8
+ CURLOPT_HEADER 7.1
+ CURLOPT_HEADERDATA 7.10
+ CURLOPT_HEADERFUNCTION 7.7.2
+diff --git a/include/curl/curl.h b/include/curl/curl.h
+index a9d42fa..bcbab86 100644
+--- a/include/curl/curl.h
++++ b/include/curl/curl.h
+@@ -614,6 +614,10 @@ typedef enum {
+ #define CURLSSH_AUTH_KEYBOARD (1<<3) /* keyboard interactive */
+ #define CURLSSH_AUTH_DEFAULT CURLSSH_AUTH_ANY
+
++#define CURLGSSAPI_DELEGATION_NONE 0 /* no delegation (default) */
++#define CURLGSSAPI_DELEGATION_POLICY_FLAG (1<<0) /* if permitted by policy */
++#define CURLGSSAPI_DELEGATION_FLAG (1<<1) /* delegate always */
++
+ #define CURL_ERROR_SIZE 256
+
+ struct curl_khkey {
+@@ -1483,6 +1487,9 @@ typedef enum {
+ CINIT(CLOSESOCKETFUNCTION, FUNCTIONPOINT, 208),
+ CINIT(CLOSESOCKETDATA, OBJECTPOINT, 209),
+
++ /* allow GSSAPI credential delegation */
++ CINIT(GSSAPI_DELEGATION, LONG, 210),
++
+ CURLOPT_LASTENTRY /* the last unused */
+ } CURLoption;
+
+diff --git a/lib/Makefile.in b/lib/Makefile.in
+index a99f5e9..d5c65e7 100644
+--- a/lib/Makefile.in
++++ b/lib/Makefile.in
+@@ -94,7 +94,7 @@ am__objects_1 = file.lo timeval.lo base64.lo hostip.lo progress.lo \
+ curl_threads.lo warnless.lo hmac.lo polarssl.lo curl_rtmp.lo \
+ openldap.lo curl_gethostname.lo gopher.lo axtls.lo \
+ idn_win32.lo http_negotiate_sspi.lo cyassl.lo http_proxy.lo \
+- non-ascii.lo asyn-ares.lo asyn-thread.lo
++ non-ascii.lo asyn-ares.lo asyn-thread.lo curl_gssapi.lo
+ am__objects_2 =
+ am_libcurl_la_OBJECTS = $(am__objects_1) $(am__objects_2)
+ libcurl_la_OBJECTS = $(am_libcurl_la_OBJECTS)
+@@ -144,7 +144,8 @@ am__objects_3 = libcurlu_la-file.lo libcurlu_la-timeval.lo \
+ libcurlu_la-axtls.lo libcurlu_la-idn_win32.lo \
+ libcurlu_la-http_negotiate_sspi.lo libcurlu_la-cyassl.lo \
+ libcurlu_la-http_proxy.lo libcurlu_la-non-ascii.lo \
+- libcurlu_la-asyn-ares.lo libcurlu_la-asyn-thread.lo
++ libcurlu_la-asyn-ares.lo libcurlu_la-asyn-thread.lo \
++ libcurlu_la-curl_gssapi.lo
+ am_libcurlu_la_OBJECTS = $(am__objects_3) $(am__objects_2)
+ libcurlu_la_OBJECTS = $(am_libcurlu_la_OBJECTS)
+ @BUILD_UNITTESTS_TRUE@am_libcurlu_la_rpath =
+@@ -479,7 +480,7 @@ CSOURCES = file.c timeval.c base64.c hostip.c progress.c formdata.c \
+ pingpong.c rtsp.c curl_threads.c warnless.c hmac.c polarssl.c \
+ curl_rtmp.c openldap.c curl_gethostname.c gopher.c axtls.c \
+ idn_win32.c http_negotiate_sspi.c cyassl.c http_proxy.c non-ascii.c \
+- asyn-ares.c asyn-thread.c
++ asyn-ares.c asyn-thread.c curl_gssapi.c
+
+ HHEADERS = arpa_telnet.h netrc.h file.h timeval.h qssl.h hostip.h \
+ progress.h formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h \
+@@ -494,7 +495,7 @@ HHEADERS = arpa_telnet.h netrc.h file.h timeval.h qssl.h hostip.h \
+ curl_base64.h rawstr.h curl_addrinfo.h curl_sspi.h slist.h nonblock.h \
+ curl_memrchr.h imap.h pop3.h smtp.h pingpong.h rtsp.h curl_threads.h \
+ warnless.h curl_hmac.h polarssl.h curl_rtmp.h curl_gethostname.h \
+- gopher.h axtls.h cyassl.h http_proxy.h non-ascii.h asyn.h
++ gopher.h axtls.h cyassl.h http_proxy.h non-ascii.h asyn.h curl_gssapi.h
+
+
+ # Makefile.inc provides the CSOURCES and HHEADERS defines
+@@ -612,6 +613,7 @@ distclean-compile:
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/curl_addrinfo.Plo@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/curl_fnmatch.Plo@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/curl_gethostname.Plo@am__quote@
++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/curl_gssapi.Plo@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/curl_memrchr.Plo@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/curl_rand.Plo@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/curl_rtmp.Plo@am__quote@
+@@ -662,6 +664,7 @@ distclean-compile:
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-curl_addrinfo.Plo@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-curl_fnmatch.Plo@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-curl_gethostname.Plo@am__quote@
++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-curl_gssapi.Plo@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-curl_memrchr.Plo@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-curl_rand.Plo@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-curl_rtmp.Plo@am__quote@
+@@ -1488,6 +1491,13 @@ libcurlu_la-asyn-thread.lo: asyn-thread.c
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ @am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libcurlu_la-asyn-thread.lo `test -f 'asyn-thread.c' || echo '$(srcdir)/'`asyn-thread.c
+
++libcurlu_la-curl_gssapi.lo: curl_gssapi.c
++@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libcurlu_la-curl_gssapi.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-curl_gssapi.Tpo -c -o libcurlu_la-curl_gssapi.lo `test -f 'curl_gssapi.c' || echo '$(srcdir)/'`curl_gssapi.c
++@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcurlu_la-curl_gssapi.Tpo $(DEPDIR)/libcurlu_la-curl_gssapi.Plo
++@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='curl_gssapi.c' object='libcurlu_la-curl_gssapi.lo' libtool=yes @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libcurlu_la-curl_gssapi.lo `test -f 'curl_gssapi.c' || echo '$(srcdir)/'`curl_gssapi.c
++
+ mostlyclean-libtool:
+ -rm -f *.lo
+
+diff --git a/lib/Makefile.inc b/lib/Makefile.inc
+index 04285b5..51fc919 100644
+--- a/lib/Makefile.inc
++++ b/lib/Makefile.inc
+@@ -22,7 +22,7 @@ CSOURCES = file.c timeval.c base64.c hostip.c progress.c formdata.c \
+ pingpong.c rtsp.c curl_threads.c warnless.c hmac.c polarssl.c \
+ curl_rtmp.c openldap.c curl_gethostname.c gopher.c axtls.c \
+ idn_win32.c http_negotiate_sspi.c cyassl.c http_proxy.c non-ascii.c \
+- asyn-ares.c asyn-thread.c
++ asyn-ares.c asyn-thread.c curl_gssapi.c
+
+ HHEADERS = arpa_telnet.h netrc.h file.h timeval.h qssl.h hostip.h \
+ progress.h formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h \
+@@ -37,4 +37,4 @@ HHEADERS = arpa_telnet.h netrc.h file.h timeval.h qssl.h hostip.h \
+ curl_base64.h rawstr.h curl_addrinfo.h curl_sspi.h slist.h nonblock.h \
+ curl_memrchr.h imap.h pop3.h smtp.h pingpong.h rtsp.h curl_threads.h \
+ warnless.h curl_hmac.h polarssl.h curl_rtmp.h curl_gethostname.h \
+- gopher.h axtls.h cyassl.h http_proxy.h non-ascii.h asyn.h
++ gopher.h axtls.h cyassl.h http_proxy.h non-ascii.h asyn.h curl_gssapi.h
+diff --git a/lib/curl_gssapi.c b/lib/curl_gssapi.c
+new file mode 100644
+index 0000000..e55c9cc
+--- /dev/null
++++ b/lib/curl_gssapi.c
+@@ -0,0 +1,44 @@
++/***************************************************************************
++ * _ _ ____ _
++ * Project ___| | | | _ \| |
++ * / __| | | | |_) | |
++ * | (__| |_| | _ <| |___
++ * \___|\___/|_| \_\_____|
++ *
++ * Copyright (C) 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
++ *
++ * This software is licensed as described in the file COPYING, which
++ * you should have received as part of this distribution. The terms
++ * are also available at http://curl.haxx.se/docs/copyright.html.
++ *
++ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
++ * copies of the Software, and permit persons to whom the Software is
++ * furnished to do so, under the terms of the COPYING file.
++ *
++ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
++ * KIND, either express or implied.
++ *
++ ***************************************************************************/
++
++#include "setup.h"
++
++#ifdef HAVE_GSSAPI
++
++#include "curl_gssapi.h"
++
++void Curl_gss_req_flags(OM_uint32 *req_flags, const struct SessionHandle *data)
++{
++ if(data->set.gssapi_delegation & CURLGSSAPI_DELEGATION_POLICY_FLAG) {
++#ifdef GSS_C_DELEG_POLICY_FLAG
++ *req_flags |= GSS_C_DELEG_POLICY_FLAG;
++#else
++ infof(data, "warning: support for CURLGSSAPI_DELEGATION_POLICY_FLAG not "
++ "compiled in\n");
++#endif
++ }
++
++ if(data->set.gssapi_delegation & CURLGSSAPI_DELEGATION_FLAG)
++ *req_flags |= GSS_C_DELEG_FLAG;
++}
++
++#endif /* HAVE_GSSAPI */
+diff --git a/lib/curl_gssapi.h b/lib/curl_gssapi.h
+new file mode 100644
+index 0000000..02aa527
+--- /dev/null
++++ b/lib/curl_gssapi.h
+@@ -0,0 +1,46 @@
++#ifndef HEADER_CURL_GSSAPI_H
++#define HEADER_CURL_GSSAPI_H
++/***************************************************************************
++ * _ _ ____ _
++ * Project ___| | | | _ \| |
++ * / __| | | | |_) | |
++ * | (__| |_| | _ <| |___
++ * \___|\___/|_| \_\_____|
++ *
++ * Copyright (C) 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
++ *
++ * This software is licensed as described in the file COPYING, which
++ * you should have received as part of this distribution. The terms
++ * are also available at http://curl.haxx.se/docs/copyright.html.
++ *
++ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
++ * copies of the Software, and permit persons to whom the Software is
++ * furnished to do so, under the terms of the COPYING file.
++ *
++ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
++ * KIND, either express or implied.
++ *
++ ***************************************************************************/
++
++#include "setup.h"
++#include "urldata.h"
++
++#ifdef HAVE_GSSAPI
++
++#ifdef HAVE_GSSGNU
++# include <gss.h>
++#elif defined HAVE_GSSMIT
++ /* MIT style */
++# include <gssapi/gssapi.h>
++# include <gssapi/gssapi_generic.h>
++# include <gssapi/gssapi_krb5.h>
++#else
++ /* Heimdal-style */
++# include <gssapi.h>
++#endif
++
++void Curl_gss_req_flags(OM_uint32 *req_flags, const struct SessionHandle *data);
++
++#endif /* HAVE_GSSAPI */
++
++#endif /* HEADER_CURL_GSSAPI_H */
+diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c
+index 5127e64..8cb69fe 100644
+--- a/lib/http_negotiate.c
++++ b/lib/http_negotiate.c
+@@ -40,6 +40,7 @@
+ #include "curl_base64.h"
+ #include "http_negotiate.h"
+ #include "curl_memory.h"
++#include "curl_gssapi.h"
+
+ #ifdef HAVE_SPNEGO
+ # include <spnegohelp.h>
+@@ -144,6 +145,9 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy,
+ bool gss;
+ const char* protocol;
+
++ OM_uint32 req_flags = 0;
++ Curl_gss_req_flags(&req_flags, conn->data);
++
+ while(*header && ISSPACE(*header))
+ header++;
+ if(checkprefix("GSS-Negotiate", header)) {
+@@ -243,7 +247,7 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy,
+ &neg_ctx->context,
+ neg_ctx->server_name,
+ GSS_C_NO_OID,
+- 0,
++ req_flags,
+ 0,
+ GSS_C_NO_CHANNEL_BINDINGS,
+ &input_token,
+diff --git a/lib/krb5.c b/lib/krb5.c
+index f128d51..08f70f9 100644
+--- a/lib/krb5.c
++++ b/lib/krb5.c
+@@ -65,6 +65,7 @@
+ #include "sendf.h"
+ #include "krb4.h"
+ #include "curl_memory.h"
++#include "curl_gssapi.h"
+
+ #define _MPRINTF_REPLACE /* use our functions only */
+ #include <curl/mprintf.h>
+@@ -185,6 +186,9 @@ krb5_auth(void *app_data, struct connectdata *conn)
+ gss_ctx_id_t *context = app_data;
+ struct gss_channel_bindings_struct chan;
+
++ OM_uint32 req_flags = GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG;
++ Curl_gss_req_flags(&req_flags, data);
++
+ if(getsockname(conn->sock[FIRSTSOCKET],
+ (struct sockaddr *)LOCAL_ADDR, &l) < 0)
+ perror("getsockname()");
+@@ -247,7 +251,7 @@ krb5_auth(void *app_data, struct connectdata *conn)
+ context,
+ gssname,
+ GSS_C_NO_OID,
+- GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG,
++ req_flags,
+ 0,
+ &chan,
+ gssresp,
+diff --git a/lib/socks_gssapi.c b/lib/socks_gssapi.c
+index 653306c..57048be 100644
+--- a/lib/socks_gssapi.c
++++ b/lib/socks_gssapi.c
+@@ -43,6 +43,7 @@
+ #include "timeval.h"
+ #include "socks.h"
+ #include "warnless.h"
++#include "curl_gssapi.h"
+
+ #define _MPRINTF_REPLACE /* use our functions only */
+ #include <curl/mprintf.h>
+@@ -137,6 +138,9 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
+ unsigned char socksreq[4]; /* room for gssapi exchange header only */
+ char *serviceptr = data->set.str[STRING_SOCKS5_GSSAPI_SERVICE];
+
++ OM_uint32 req_flags = GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG;
++ Curl_gss_req_flags(&req_flags, data);
++
+ /* get timeout */
+ timeout = Curl_timeleft(data, NULL, TRUE);
+
+@@ -187,8 +191,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
+ GSS_C_NO_CREDENTIAL,
+ &gss_context, server,
+ GSS_C_NULL_OID,
+- GSS_C_MUTUAL_FLAG |
+- GSS_C_REPLAY_FLAG,
++ req_flags,
+ 0,
+ NULL,
+ gss_token,
+diff --git a/lib/url.c b/lib/url.c
+index c5b642f..39e04af 100644
+--- a/lib/url.c
++++ b/lib/url.c
+@@ -1985,6 +1985,12 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
+ va_arg(param, char *));
+ data->set.krb = (bool)(NULL != data->set.str[STRING_KRB_LEVEL]);
+ break;
++ case CURLOPT_GSSAPI_DELEGATION:
++ /*
++ * GSSAPI credential delegation
++ */
++ data->set.gssapi_delegation = va_arg(param, long);
++ break;
+ case CURLOPT_SSL_VERIFYPEER:
+ /*
+ * Enable peer SSL verifying.
+diff --git a/lib/urldata.h b/lib/urldata.h
+index d256968..d3cfec3 100644
+--- a/lib/urldata.h
++++ b/lib/urldata.h
+@@ -1517,6 +1517,9 @@ struct UserDefined {
+ curl_fnmatch_callback fnmatch; /* callback to decide which file corresponds
+ to pattern (e.g. if WILDCARDMATCH is on) */
+ void *fnmatch_data;
++
++ long gssapi_delegation; /* GSSAPI credential delegation, see the
++ documentation of CURLOPT_GSSAPI_DELEGATION */
+ };
+
+ struct Names {
+--
+1.7.4.4
+
+
+From d4ea7258b1703497fd0c06e08369a6bd3e37d2e8 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Wed, 3 Aug 2011 18:00:07 +0200
+Subject: [PATCH 2/2] curl_gssapi: add a missing include of sendf.h
+
+... to avoid build failure when GSS_C_DELEG_POLICY_FLAG is not defined.
+
+Reported by: Paul Howarth
+---
+ lib/curl_gssapi.c | 3 ++-
+ lib/curl_gssapi.h | 2 +-
+ 2 files changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/lib/curl_gssapi.c b/lib/curl_gssapi.c
+index e55c9cc..d1b1715 100644
+--- a/lib/curl_gssapi.c
++++ b/lib/curl_gssapi.c
+@@ -25,8 +25,9 @@
+ #ifdef HAVE_GSSAPI
+
+ #include "curl_gssapi.h"
++#include "sendf.h"
+
+-void Curl_gss_req_flags(OM_uint32 *req_flags, const struct SessionHandle *data)
++void Curl_gss_req_flags(OM_uint32 *req_flags, struct SessionHandle *data)
+ {
+ if(data->set.gssapi_delegation & CURLGSSAPI_DELEGATION_POLICY_FLAG) {
+ #ifdef GSS_C_DELEG_POLICY_FLAG
+diff --git a/lib/curl_gssapi.h b/lib/curl_gssapi.h
+index 02aa527..c8ffefc 100644
+--- a/lib/curl_gssapi.h
++++ b/lib/curl_gssapi.h
+@@ -39,7 +39,7 @@
+ # include <gssapi.h>
+ #endif
+
+-void Curl_gss_req_flags(OM_uint32 *req_flags, const struct SessionHandle *data);
++void Curl_gss_req_flags(OM_uint32 *req_flags, struct SessionHandle *data);
+
+ #endif /* HAVE_GSSAPI */
+
+--
+1.7.4.4
+
diff --git a/0002-curl-7.21.7-5eb2396.patch b/0002-curl-7.21.7-5eb2396.patch
new file mode 100644
index 0000000..e104e3a
--- /dev/null
+++ b/0002-curl-7.21.7-5eb2396.patch
@@ -0,0 +1,30 @@
+From 5eb2396cd15cbbf73b02ad6bbcc313167330c2b5 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 4 Aug 2011 23:22:48 +0200
+Subject: [PATCH] segfault fixed
+
+When using both -J and a single -O with multiple URLs, a missing init
+could cause badness.
+
+Bug: http://curl.haxx.se/mail/lib-2011-07/0126.html and
+ http://bugzilla.redhat.com/723075
+Reported by: Paul Howarth and Garrett Holmstrom
+---
+ src/main.c | 1 +
+ 1 files changed, 1 insertions(+), 0 deletions(-)
+
+diff --git a/src/main.c b/src/main.c
+index 6dcf333..eae45de 100644
+--- a/src/main.c
++++ b/src/main.c
+@@ -4898,6 +4898,7 @@ operate(struct Configurable *config, int argc, argv_item_t argv[])
+ outs.stream = stdout;
+ outs.config = config;
+ outs.bytes = 0; /* nothing written yet */
++ outs.filename = NULL;
+
+ /* save outfile pattern before expansion */
+ if(urlnode->outfile) {
+--
+1.7.4.4
+
diff --git a/0003-curl-7.21.7-5538904.patch b/0003-curl-7.21.7-5538904.patch
new file mode 100644
index 0000000..1374ad8
--- /dev/null
+++ b/0003-curl-7.21.7-5538904.patch
@@ -0,0 +1,131 @@
+From 9698db7fd56b08cc8f9bdeb2182bc9afdbcb4f90 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Fri, 12 Aug 2011 14:48:32 +0200
+Subject: [PATCH 1/2] added --delegation
+
+Using this option with an argument being set to one of
+none/policy/always instructs libcurl how to deal with GSS
+credentials. Or rather how it tells the server that delegation is fine
+or not.
+
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ src/main.c | 29 ++++++++++++++++++++++++++---
+ 1 files changed, 26 insertions(+), 3 deletions(-)
+
+diff --git a/src/main.c b/src/main.c
+index d85bf62..3a2595c 100644
+--- a/src/main.c
++++ b/src/main.c
+@@ -659,6 +659,7 @@ struct Configurable {
+ basically each given URL to transfer */
+ struct OutStruct *outs;
+ bool xattr; /* store metadata in extended attributes */
++ long gssapi_delegation;
+ };
+
+ #define WARN_PREFIX "Warning: "
+@@ -817,6 +818,7 @@ static void help(void)
+ " --data-binary <data> HTTP POST binary data (H)",
+ " --data-urlencode <name=data/name@filename> "
+ "HTTP POST data url encoded (H)",
++ " --delegation STRING GSS-API delegation permission",
+ " --digest Use HTTP Digest Authentication (H)",
+ " --disable-eprt Inhibit using EPRT or LPRT (F)",
+ " --disable-epsv Inhibit using EPSV (F)",
+@@ -1823,6 +1825,18 @@ static int sockoptcallback(void *clientp, curl_socket_t curlfd,
+ return 0;
+ }
+
++static long delegation(struct Configurable *config,
++ char *str)
++{
++ if(curlx_raw_equal("none", str))
++ return CURLGSSAPI_DELEGATION_NONE;
++ if(curlx_raw_equal("policy", str))
++ return CURLGSSAPI_DELEGATION_POLICY_FLAG;
++ if(curlx_raw_equal("always", str))
++ return CURLGSSAPI_DELEGATION_FLAG;
++ warnf(config, "unrecognized delegation method '%s', using none\n", str);
++ return CURLGSSAPI_DELEGATION_NONE;
++}
+
+ static ParameterError getparameter(char *flag, /* f or -long-flag */
+ char *nextarg, /* NULL if unset */
+@@ -1942,6 +1956,7 @@ static ParameterError getparameter(char *flag, /* f or -long-flag */
+ {"$D", "proto", TRUE},
+ {"$E", "proto-redir", TRUE},
+ {"$F", "resolve", TRUE},
++ {"$G", "delegation", TRUE},
+ {"0", "http1.0", FALSE},
+ {"1", "tlsv1", FALSE},
+ {"2", "sslv2", FALSE},
+@@ -2516,6 +2531,9 @@ static ParameterError getparameter(char *flag, /* f or -long-flag */
+ if(err)
+ return err;
+ break;
++ case 'G': /* --delegation LEVEL */
++ config->gssapi_delegation = delegation(config, nextarg);
++ break;
+ }
+ break;
+ case '#': /* --progress-bar */
+@@ -5564,9 +5582,14 @@ operate(struct Configurable *config, int argc, argv_item_t argv[])
+ /* new in 7.21.3 */
+ my_setopt(curl, CURLOPT_RESOLVE, config->resolve);
+
+- /* TODO: new in ### */
+- curl_easy_setopt(curl, CURLOPT_TLSAUTH_USERNAME, config->tls_username);
+- curl_easy_setopt(curl, CURLOPT_TLSAUTH_PASSWORD, config->tls_password);
++ /* new in 7.21.4 */
++ my_setopt_str(curl, CURLOPT_TLSAUTH_USERNAME, config->tls_username);
++ my_setopt_str(curl, CURLOPT_TLSAUTH_PASSWORD, config->tls_password);
++
++ /* new in 7.22.0 */
++ if(config->gssapi_delegation)
++ my_setopt_str(curl, CURLOPT_GSSAPI_DELEGATION,
++ config->gssapi_delegation);
+
+ retry_numretries = config->req_retry;
+
+--
+1.7.4.4
+
+
+From 8e404e1c3846cc98a1977514af5b0432ae2de755 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Fri, 12 Aug 2011 23:51:41 +0200
+Subject: [PATCH 2/2] docs: --delegation
+
+
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ docs/curl.1 | 12 ++++++++++++
+ 1 files changed, 12 insertions(+), 0 deletions(-)
+
+diff --git a/docs/curl.1 b/docs/curl.1
+index 812b2eb..eee3481 100644
+--- a/docs/curl.1
++++ b/docs/curl.1
+@@ -320,6 +320,18 @@ URL-encode that data and pass it on in the POST. The name part gets an equal
+ sign appended, resulting in \fIname=urlencoded-file-content\fP. Note that the
+ name is expected to be URL-encoded already.
+ .RE
++.IP "--delegation LEVEL"
++Set \fILEVEL\fP to tell the server what it is allowed to delegate when it
++comes to user credentials. Used with GSS/kerberos.
++.RS
++.IP "none"
++Don't allow any delegation.
++.IP "policy"
++Delegates if and only if the OK-AS-DELEGATE flag is set in the Kerberos
++service ticket, which is a matter of realm policy.
++.IP "always"
++Unconditionally allow the server to delegate.
++.RE
+ .IP "--digest"
+ (HTTP) Enables HTTP Digest authentication. This is a authentication that
+ prevents the password from being sent over the wire in clear text. Use this in
+--
+1.7.4.4
+
diff --git a/0004-curl-7.21.7-d6f319f.patch b/0004-curl-7.21.7-d6f319f.patch
new file mode 100644
index 0000000..33f430d
--- /dev/null
+++ b/0004-curl-7.21.7-d6f319f.patch
@@ -0,0 +1,118 @@
+From 857fed6e245a9620b0f25a2f4ca6d6dc01584674 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Mon, 15 Aug 2011 13:48:45 +0200
+Subject: [PATCH] nss: start with no database if the selected database is
+ broken
+
+Bug: https://bugzilla.redhat.com/728562
+
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/nss.c | 63 +++++++++++++++++++++++++++++++++++++-----------------------
+ 1 files changed, 39 insertions(+), 24 deletions(-)
+
+diff --git a/lib/nss.c b/lib/nss.c
+index 3dc0ba6..94a530b 100644
+--- a/lib/nss.c
++++ b/lib/nss.c
+@@ -898,10 +898,42 @@ isTLSIntoleranceError(PRInt32 err)
+ }
+ }
+
+-static CURLcode init_nss(struct SessionHandle *data)
++static CURLcode nss_init_core(struct SessionHandle *data, const char *cert_dir)
++{
++ if(NSS_IsInitialized())
++ return CURLE_OK;
++
++ if(cert_dir) {
++ SECStatus rv;
++ const bool use_sql = NSS_VersionCheck("3.12.0");
++ char *certpath = aprintf("%s%s", use_sql ? "sql:" : "", cert_dir);
++ if(!certpath)
++ return CURLE_OUT_OF_MEMORY;
++
++ infof(data, "Initializing NSS with certpath: %s\n", certpath);
++ rv = NSS_Initialize(certpath, "", "", "", NSS_INIT_READONLY);
++ free(certpath);
++
++ if(rv == SECSuccess)
++ return CURLE_OK;
++
++ infof(data, "Unable to initialize NSS database\n");
++ }
++
++ infof(data, "Initializing NSS with certpath: none\n");
++ if(NSS_NoDB_Init(NULL) == SECSuccess)
++ return CURLE_OK;
++
++ infof(data, "Unable to initialize NSS\n");
++ return CURLE_SSL_CACERT_BADFILE;
++}
++
++static CURLcode nss_init(struct SessionHandle *data)
+ {
+ char *cert_dir;
+ struct_stat st;
++ CURLcode rv;
++
+ if(initialized)
+ return CURLE_OK;
+
+@@ -922,31 +954,14 @@ static CURLcode init_nss(struct SessionHandle *data)
+ }
+ }
+
+- if(!NSS_IsInitialized()) {
+- SECStatus rv;
+- initialized = 1;
+- infof(data, "Initializing NSS with certpath: %s\n",
+- cert_dir ? cert_dir : "none");
+- if(!cert_dir) {
+- rv = NSS_NoDB_Init(NULL);
+- }
+- else {
+- char *certpath =
+- PR_smprintf("%s%s", NSS_VersionCheck("3.12.0") ? "sql:" : "",
+- cert_dir);
+- rv = NSS_Initialize(certpath, "", "", "", NSS_INIT_READONLY);
+- PR_smprintf_free(certpath);
+- }
+- if(rv != SECSuccess) {
+- infof(data, "Unable to initialize NSS database\n");
+- initialized = 0;
+- return CURLE_SSL_CACERT_BADFILE;
+- }
+- }
++ rv = nss_init_core(data, cert_dir);
++ if(rv)
++ return rv;
+
+ if(num_enabled_ciphers() == 0)
+ NSS_SetDomesticPolicy();
+
++ initialized = 1;
+ return CURLE_OK;
+ }
+
+@@ -981,7 +996,7 @@ CURLcode Curl_nss_force_init(struct SessionHandle *data)
+ }
+
+ PR_Lock(nss_initlock);
+- rv = init_nss(data);
++ rv = nss_init(data);
+ PR_Unlock(nss_initlock);
+ return rv;
+ }
+@@ -1184,7 +1199,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
+
+ /* FIXME. NSS doesn't support multiple databases open at the same time. */
+ PR_Lock(nss_initlock);
+- curlerr = init_nss(conn->data);
++ curlerr = nss_init(conn->data);
+ if(CURLE_OK != curlerr) {
+ PR_Unlock(nss_initlock);
+ goto error;
+--
+1.7.4.4
+
diff --git a/curl.spec b/curl.spec
index fc43f27..6fcb11b 100644
--- a/curl.spec
+++ b/curl.spec
@@ -1,13 +1,25 @@
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
Name: curl
Version: 7.21.7
-Release: 1%{?dist}
+Release: 3%{?dist}
License: MIT
Group: Applications/Internet
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.bz2
Source2: curlbuild.h
Source3: hide_selinux.c
+# add a new option CURLOPT_GSSAPI_DELEGATION (#719939)
+Patch1: 0001-curl-7.21.7-a7864c4.patch
+
+# fix SIGSEGV of curl -O -J given more than one URLs (#723075)
+Patch2: 0002-curl-7.21.7-5eb2396.patch
+
+# introduce the --delegation option of curl (#730444)
+Patch3: 0003-curl-7.21.7-5538904.patch
+
+# initialize NSS with no database if the selected database is broken (#728562)
+Patch4: 0004-curl-7.21.7-d6f319f.patch
+
# patch making libcurl multilib ready
Patch101: 0101-curl-7.21.1-multilib.patch
@@ -112,6 +124,12 @@ for f in CHANGES README; do
mv -f ${f}.utf8 ${f}
done
+# upstream patches (already applied)
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1
+
# Fedora patches
%patch101 -p1
%patch102 -p1
@@ -170,12 +188,15 @@ gcc -o hide_selinux.so -fPIC -shared %{SOURCE3}
LD_PRELOAD="`readlink -f ./hide_selinux.so`:$LD_PRELOAD"
export LD_PRELOAD
+# test 310, 311, 312 requires libnsspem.so not provides in latest nss for EL-5
+DISABLED="!310 !311 !312"
+
# use different port range for 32bit and 64bit build, thus make it possible
# to run both in parallel on the same machine
%ifarch x86_64
-./runtests.pl -a -b6490 -p -v
+./runtests.pl -a -b6490 -p -v $DISABLED
%else
-./runtests.pl -a -b3290 -p -v
+./runtests.pl -a -b3290 -p -v $DISABLED
%endif
@@ -233,6 +254,18 @@ rm -rf $RPM_BUILD_ROOT
%{_datadir}/aclocal/libcurl.m4
%changelog
+* Tue Aug 16 2011 Remi Collet <RPMS@FamilleCollet.com> - 7.21.7-3
+- sync with rawhide
+- disable tests which requires libnsspem.so (not available in EL-5)
+
+* Mon Aug 15 2011 Kamil Dudka <kdudka@redhat.com> 7.21.7-3
+- fix SIGSEGV of curl -O -J given more than one URLs (#723075)
+- introduce the --delegation option of curl (#730444)
+- initialize NSS with no database if the selected database is broken (#728562)
+
+* Wed Aug 03 2011 Kamil Dudka <kdudka@redhat.com> 7.21.7-2
+- add a new option CURLOPT_GSSAPI_DELEGATION (#719939)
+
* Sun Jul 24 2011 Remi Collet <RPMS@FamilleCollet.com> - 7.21.7-1
- rebuild for remi repo with libcurl4 sub-packages