1 files changed, 86 insertions, 0 deletions

diff --git a/0013-curl-7.29.0-665c160f.patch b/0013-curl-7.29.0-665c160f.patch
new file mode 100644
index 0000000..d7c2ddf
--- /dev/null
+++ b/0013-curl-7.29.0-665c160f.patch
@@ -0,0 +1,86 @@
+From 311a22b801693bf8b748169f35bde7bef744da8c Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Wed, 29 Jan 2014 12:55:36 +0100
+Subject: [PATCH 1/2] nss: do not fail if NSS does not implement a cipher
+
+... that the user does not ask for
+
+[upstream commit e15e73b741a2ddc88d166d2cec86d2bebb5d349e]
+---
+ lib/nss.c |    9 +++++----
+ 1 files changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/lib/nss.c b/lib/nss.c
+index a2c5c63..c4ffe7b 100644
+--- a/lib/nss.c
++++ b/lib/nss.c
+@@ -192,14 +192,13 @@ static SECStatus set_ciphers(struct SessionHandle *data, PRFileDesc * model,
+   PRBool cipher_state[NUM_OF_CIPHERS];
+   PRBool found;
+   char *cipher;
+-  SECStatus rv;
+ 
+   /* First disable all ciphers. This uses a different max value in case
+    * NSS adds more ciphers later we don't want them available by
+    * accident
+    */
+   for(i=0; i<SSL_NumImplementedCiphers; i++) {
+-    SSL_CipherPrefSet(model, SSL_ImplementedCiphers[i], SSL_NOT_ALLOWED);
++    SSL_CipherPrefSet(model, SSL_ImplementedCiphers[i], PR_FALSE);
+   }
+ 
+   /* Set every entry in our list to false */
+@@ -239,8 +238,10 @@ static SECStatus set_ciphers(struct SessionHandle *data, PRFileDesc * model,
+ 
+   /* Finally actually enable the selected ciphers */
+   for(i=0; i<NUM_OF_CIPHERS; i++) {
+-    rv = SSL_CipherPrefSet(model, cipherlist[i].num, cipher_state[i]);
+-    if(rv != SECSuccess) {
++    if(!cipher_state[i])
++      continue;
++
++    if(SSL_CipherPrefSet(model, cipherlist[i].num, PR_TRUE) != SECSuccess) {
+       failf(data, "cipher-suite not supported by NSS: %s", cipherlist[i].name);
+       return SECFailure;
+     }
+-- 
+1.7.1
+
+
+From 9fe38c72787ba6658456a30477d48fe7960947ed Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Wed, 29 Jan 2014 13:03:46 +0100
+Subject: [PATCH 2/2] nss: do not use the NSS_ENABLE_ECC define
+
+It is not provided by NSS public headers.
+
+Bug: https://bugzilla.redhat.com/1058776
+
+[upstream commit 665c160f0a4635565b44704ca281d2a03e715d6d]
+---
+ lib/nss.c |    2 --
+ 1 files changed, 0 insertions(+), 2 deletions(-)
+
+diff --git a/lib/nss.c b/lib/nss.c
+index c4ffe7b..111982f 100644
+--- a/lib/nss.c
++++ b/lib/nss.c
+@@ -126,7 +126,6 @@ static const cipher_s cipherlist[] = {
+   /* AES ciphers. */
+   {"rsa_aes_128_sha",            TLS_RSA_WITH_AES_128_CBC_SHA},
+   {"rsa_aes_256_sha",            TLS_RSA_WITH_AES_256_CBC_SHA},
+-#ifdef NSS_ENABLE_ECC
+   /* ECC ciphers. */
+   {"ecdh_ecdsa_null_sha",        TLS_ECDH_ECDSA_WITH_NULL_SHA},
+   {"ecdh_ecdsa_rc4_128_sha",     TLS_ECDH_ECDSA_WITH_RC4_128_SHA},
+@@ -153,7 +152,6 @@ static const cipher_s cipherlist[] = {
+   {"ecdh_anon_3des_sha",         TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA},
+   {"ecdh_anon_aes_128_sha",      TLS_ECDH_anon_WITH_AES_128_CBC_SHA},
+   {"ecdh_anon_aes_256_sha",      TLS_ECDH_anon_WITH_AES_256_CBC_SHA},
+-#endif
+ };
+ 
+ /* following ciphers are new in NSS 3.4 and not enabled by default, therefore
+-- 
+1.7.1
+