summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.gitignore1
-rw-r--r--0001-curl-7.27.0-1f8518c5.patch34
-rw-r--r--0001-curl-7.29.0-da3fc1ee.patch321
-rw-r--r--0002-curl-7.27.0-f05e5136.patch197
-rw-r--r--0002-curl-7.29.0-9d0af301.patch47
-rw-r--r--0003-curl-7.27.0-382429e7.patch32
-rw-r--r--0003-curl-7.29.0-491e026c.patch39
-rw-r--r--0004-curl-7.27.0-52b6eda4.patch115
-rw-r--r--0004-curl-7.29.0-57ccdfa8.patch (renamed from 0010-curl-7.27.0-57ccdfa8.patch)43
-rw-r--r--0005-curl-7.27.0-f208bf5a.patch190
-rw-r--r--0005-curl-7.29.0-2eb8dcf2.patch (renamed from 0011-curl-7.27.0-2eb8dcf2.patch)68
-rw-r--r--0006-curl-7.27.0-68d2830e.patch68
-rw-r--r--0006-curl-7.29.0-25e577b3.patch (renamed from 0012-curl-7.27.0-25e577b3.patch)14
-rw-r--r--0007-curl-7.27.0-b36f1d26.patch55
-rw-r--r--0007-curl-7.29.0-b37b5233.patch (renamed from 0013-curl-7.27.0-b37b5233.patch)8
-rw-r--r--0008-curl-7.27.0-26613d78.patch30
-rw-r--r--0008-curl-7.29.0-192c4f78.patch (renamed from 0015-curl-7.27.0-192c4f78.patch)0
-rw-r--r--0009-curl-7.27.0-f206d6c0.patch69
-rw-r--r--0009-curl-7.29.0-3a0e931f.patch101
-rw-r--r--0010-curl-7.29.0-7cc00d9a.patch395
-rw-r--r--0011-curl-7.29.0-0feeab78.patch74
-rw-r--r--0012-curl-7.29.0-c639d725.patch519
-rw-r--r--0013-curl-7.29.0-665c160f.patch86
-rw-r--r--0014-curl-7.27.0-9d0af301.patch95
-rw-r--r--0014-curl-7.29.0-8ae35102.patch42
-rw-r--r--0015-curl-7.29.0-7fc9325a.patch1090
-rw-r--r--0016-curl-7.29.0-1cf71bd7.patch27
-rw-r--r--0017-curl-7.29.0-ffb8a21d.patch36
-rw-r--r--0018-curl-7.29.0-03c28820.patch67
-rw-r--r--0018-curl-7.29.0-517b06d6.patch68
-rw-r--r--0101-curl-7.29.0-multilib.patch (renamed from 0101-curl-7.27.0-multilib.patch)6
-rw-r--r--0102-curl-7.29.0-debug.patch (renamed from 0102-curl-7.27.0-debug.patch)27
-rw-r--r--0105-curl-7.32.0-scp-upload.patch42
-rw-r--r--0108-curl-7.27.0-utf8.patch86
-rw-r--r--0108-curl-7.29.0-utf8.patch39
-rw-r--r--0201-curl-7.29.0-openssl.patch31
-rw-r--r--curl.spec155
37 files changed, 3196 insertions, 1121 deletions
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..ec30f2a
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+curl-7.*.tar.lzma
diff --git a/0001-curl-7.27.0-1f8518c5.patch b/0001-curl-7.27.0-1f8518c5.patch
deleted file mode 100644
index 02e2e6e..0000000
--- a/0001-curl-7.27.0-1f8518c5.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From e693b8e6591366ef2c077ba90fe0315a8a0b00c5 Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Mon, 30 Jul 2012 14:20:07 +0200
-Subject: [PATCH] file: use fdopen() for uploaded files if available
-
-It eliminates noisy events when using inotify and fixes a TOCTOU issue.
-
-Bug: https://bugzilla.redhat.com/844385
-
-[upstream commit 1f8518c5d9aaa369dae85620973f9b5c1add3277]
----
- lib/file.c | 4 ++++
- 1 files changed, 4 insertions(+), 0 deletions(-)
-
-diff --git a/lib/file.c b/lib/file.c
-index 4447c73..1025022 100644
---- a/lib/file.c
-+++ b/lib/file.c
-@@ -351,8 +351,12 @@ static CURLcode file_upload(struct connectdata *conn)
- failf(data, "Can't open %s for writing", file->path);
- return CURLE_WRITE_ERROR;
- }
-+#ifdef HAVE_FDOPEN
-+ fp = fdopen(fd, "wb");
-+#else
- close(fd);
- fp = fopen(file->path, "wb");
-+#endif
- }
-
- if(!fp) {
---
-1.7.1
-
diff --git a/0001-curl-7.29.0-da3fc1ee.patch b/0001-curl-7.29.0-da3fc1ee.patch
new file mode 100644
index 0000000..bebcb95
--- /dev/null
+++ b/0001-curl-7.29.0-da3fc1ee.patch
@@ -0,0 +1,321 @@
+From 48b69def52771149ed19189284b8c6d1ba667ef7 Mon Sep 17 00:00:00 2001
+From: Linus Nielsen Feltzing <linus@haxx.se>
+Date: Sun, 10 Feb 2013 22:57:58 +0100
+Subject: [PATCH] Fix NULL pointer reference when closing an unused multi handle.
+
+[upstream commit da3fc1ee91de656a30f3a12de394bcba55119872]
+
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/multi.c | 8 +++--
+ tests/data/Makefile.am | 2 +-
+ tests/data/Makefile.in | 2 +-
+ tests/data/test1508 | 31 +++++++++++++++++
+ tests/libtest/Makefile.in | 79 ++++++++++++++++++++++++++++++++++++++++++--
+ tests/libtest/Makefile.inc | 6 +++-
+ tests/libtest/lib1508.c | 49 +++++++++++++++++++++++++++
+ 7 files changed, 168 insertions(+), 9 deletions(-)
+ create mode 100644 tests/data/test1508
+ create mode 100644 tests/libtest/lib1508.c
+
+diff --git a/lib/multi.c b/lib/multi.c
+index fa0afb9..706df23 100644
+--- a/lib/multi.c
++++ b/lib/multi.c
+@@ -1773,10 +1773,12 @@ CURLMcode curl_multi_cleanup(CURLM *multi_handle)
+ /* Close all the connections in the connection cache */
+ close_all_connections(multi);
+
+- multi->closure_handle->dns.hostcache = multi->hostcache;
+- Curl_hostcache_clean(multi->closure_handle);
++ if(multi->closure_handle) {
++ multi->closure_handle->dns.hostcache = multi->hostcache;
++ Curl_hostcache_clean(multi->closure_handle);
+
+- Curl_close(multi->closure_handle);
++ Curl_close(multi->closure_handle);
++ }
+ multi->closure_handle = NULL;
+
+ Curl_hash_destroy(multi->sockhash);
+diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am
+index d82534d..9f569a3 100644
+--- a/tests/data/Makefile.am
++++ b/tests/data/Makefile.am
+@@ -93,7 +93,7 @@ test1379 test1380 test1381 test1382 test1383 test1384 test1385 test1386 \
+ test1387 test1388 test1389 test1390 test1391 test1392 test1393 \
+ test1400 test1401 test1402 test1403 test1404 test1405 test1406 test1407 \
+ test1408 test1409 test1410 test1411 test1412 test1413 \
+-test1500 test1501 test1502 test1503 test1504 test1505 test1506 \
++test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1508 \
+ test2000 test2001 test2002 test2003 test2004 test2005 test2006 test2007 \
+ test2008 test2009 test2010 test2011 test2012 test2013 test2014 test2015 \
+ test2016 test2017 test2018 test2019 test2020 test2021 test2022 \
+diff --git a/tests/data/Makefile.in b/tests/data/Makefile.in
+index df52421..d5b0918 100644
+--- a/tests/data/Makefile.in
++++ b/tests/data/Makefile.in
+@@ -357,7 +357,7 @@ test1379 test1380 test1381 test1382 test1383 test1384 test1385 test1386 \
+ test1387 test1388 test1389 test1390 test1391 test1392 test1393 \
+ test1400 test1401 test1402 test1403 test1404 test1405 test1406 test1407 \
+ test1408 test1409 test1410 test1411 test1412 test1413 \
+-test1500 test1501 test1502 test1503 test1504 test1505 test1506 \
++test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1508 \
+ test2000 test2001 test2002 test2003 test2004 test2005 test2006 test2007 \
+ test2008 test2009 test2010 test2011 test2012 test2013 test2014 test2015 \
+ test2016 test2017 test2018 test2019 test2020 test2021 test2022 \
+diff --git a/tests/data/test1508 b/tests/data/test1508
+new file mode 100644
+index 0000000..f8607e5
+--- /dev/null
++++ b/tests/data/test1508
+@@ -0,0 +1,31 @@
++<testcase>
++<info>
++<keywords>
++HTTP
++multi
++</keywords>
++</info>
++
++# Client-side
++<client>
++<server>
++none
++</server>
++<tool>
++lib1508
++</tool>
++ <name>
++Close a multi handle without using it
++ </name>
++ <command>
++http://%HOSTIP:%HTTPPORT/path/1508
++</command>
++</client>
++
++# Verify data after the test has been "shot"
++<verify>
++<file name="log/stdout1508" mode="text">
++We are done
++</file>
++</verify>
++</testcase>
+diff --git a/tests/libtest/Makefile.in b/tests/libtest/Makefile.in
+index 406b457..7683c09 100644
+--- a/tests/libtest/Makefile.in
++++ b/tests/libtest/Makefile.in
+@@ -85,7 +85,7 @@ noinst_PROGRAMS = chkhostname$(EXEEXT) libauthretry$(EXEEXT) \
+ lib591$(EXEEXT) lib597$(EXEEXT) lib598$(EXEEXT) \
+ lib599$(EXEEXT) lib1500$(EXEEXT) lib1501$(EXEEXT) \
+ lib1502$(EXEEXT) lib1503$(EXEEXT) lib1504$(EXEEXT) \
+- lib1505$(EXEEXT) lib1506$(EXEEXT)
++ lib1505$(EXEEXT) lib1506$(EXEEXT) lib1508$(EXEEXT)
+ subdir = tests/libtest
+ ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+ am__aclocal_m4_deps = $(top_srcdir)/m4/curl-compilers.m4 \
+@@ -173,6 +173,13 @@ am_lib1506_OBJECTS = lib1506-lib1506.$(OBJEXT) $(am__objects_18) \
+ $(am__objects_19) $(am__objects_20)
+ lib1506_OBJECTS = $(am_lib1506_OBJECTS)
+ lib1506_DEPENDENCIES = $(am__DEPENDENCIES_1)
++am__objects_151 = lib1508-first.$(OBJEXT)
++am__objects_152 = lib1508-testutil.$(OBJEXT)
++am__objects_153 = lib1508-warnless.$(OBJEXT)
++am_lib1508_OBJECTS = lib1508-lib1508.$(OBJEXT) $(am__objects_151) \
++ $(am__objects_152) $(am__objects_153)
++lib1508_OBJECTS = $(am_lib1508_OBJECTS)
++lib1508_DEPENDENCIES = $(am__DEPENDENCIES_1)
+ am__objects_21 = lib500-first.$(OBJEXT)
+ am__objects_22 = lib500-testutil.$(OBJEXT)
+ am__objects_23 = lib500-testtrace.$(OBJEXT)
+@@ -632,7 +639,7 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ SOURCES = $(libhostname_la_SOURCES) $(chkhostname_SOURCES) \
+ $(lib1500_SOURCES) $(lib1501_SOURCES) $(lib1502_SOURCES) \
+ $(lib1503_SOURCES) $(lib1504_SOURCES) $(lib1505_SOURCES) \
+- $(lib1506_SOURCES) $(lib500_SOURCES) $(lib501_SOURCES) \
++ $(lib1506_SOURCES) $(lib1508_SOURCES) $(lib500_SOURCES) $(lib501_SOURCES) \
+ $(lib502_SOURCES) $(lib503_SOURCES) $(lib504_SOURCES) \
+ $(lib505_SOURCES) $(lib506_SOURCES) $(lib507_SOURCES) \
+ $(lib508_SOURCES) $(lib510_SOURCES) $(lib511_SOURCES) \
+@@ -662,7 +669,7 @@ SOURCES = $(libhostname_la_SOURCES) $(chkhostname_SOURCES) \
+ DIST_SOURCES = $(libhostname_la_SOURCES) $(chkhostname_SOURCES) \
+ $(lib1500_SOURCES) $(lib1501_SOURCES) $(lib1502_SOURCES) \
+ $(lib1503_SOURCES) $(lib1504_SOURCES) $(lib1505_SOURCES) \
+- $(lib1506_SOURCES) $(lib500_SOURCES) $(lib501_SOURCES) \
++ $(lib1506_SOURCES) $(lib1508_SOURCES) $(lib500_SOURCES) $(lib501_SOURCES) \
+ $(lib502_SOURCES) $(lib503_SOURCES) $(lib504_SOURCES) \
+ $(lib505_SOURCES) $(lib506_SOURCES) $(lib507_SOURCES) \
+ $(lib508_SOURCES) $(lib510_SOURCES) $(lib511_SOURCES) \
+@@ -1155,6 +1162,9 @@ lib1505_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1505
+ lib1506_SOURCES = lib1506.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
+ lib1506_LDADD = $(TESTUTIL_LIBS)
+ lib1506_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1506
++lib1508_SOURCES = lib1508.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
++lib1508_LDADD = $(TESTUTIL_LIBS)
++lib1508_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1508
+ @BUILD_LIBHOSTNAME_FALSE@noinst_LTLIBRARIES =
+
+ # Makefile.inc provides the source defines (TESTUTIL, SUPPORTFILES,
+@@ -1253,6 +1263,9 @@ lib1505$(EXEEXT): $(lib1505_OBJECTS) $(lib1505_DEPENDENCIES) $(EXTRA_lib1505_DEP
+ lib1506$(EXEEXT): $(lib1506_OBJECTS) $(lib1506_DEPENDENCIES) $(EXTRA_lib1506_DEPENDENCIES)
+ @rm -f lib1506$(EXEEXT)
+ $(LINK) $(lib1506_OBJECTS) $(lib1506_LDADD) $(LIBS)
++lib1508$(EXEEXT): $(lib1508_OBJECTS) $(lib1508_DEPENDENCIES) $(EXTRA_lib1508_DEPENDENCIES)
++ @rm -f lib1508$(EXEEXT)
++ $(LINK) $(lib1508_OBJECTS) $(lib1508_LDADD) $(LIBS)
+ lib500$(EXEEXT): $(lib500_OBJECTS) $(lib500_DEPENDENCIES) $(EXTRA_lib500_DEPENDENCIES)
+ @rm -f lib500$(EXEEXT)
+ $(LINK) $(lib500_OBJECTS) $(lib500_LDADD) $(LIBS)
+@@ -1520,6 +1533,10 @@ distclean-compile:
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lib1506-lib1506.Po@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lib1506-testutil.Po@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lib1506-warnless.Po@am__quote@
++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lib1508-first.Po@am__quote@
++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lib1508-lib1508.Po@am__quote@
++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lib1508-testutil.Po@am__quote@
++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lib1508-warnless.Po@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lib500-first.Po@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lib500-lib500.Po@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lib500-testtrace.Po@am__quote@
+@@ -2163,6 +2180,62 @@ lib1506-warnless.obj: ../../lib/warnless.c
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(lib1506_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o lib1506-warnless.obj `if test -f '../../lib/warnless.c'; then $(CYGPATH_W) '../../lib/warnless.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/warnless.c'; fi`
+
++lib1508-lib1508.o: lib1508.c
++@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(lib1508_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT lib1508-lib1508.o -MD -MP -MF $(DEPDIR)/lib1508-lib1508.Tpo -c -o lib1508-lib1508.o `test -f 'lib1508.c' || echo '$(srcdir)/'`lib1508.c
++@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/lib1508-lib1508.Tpo $(DEPDIR)/lib1508-lib1508.Po
++@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='lib1508.c' object='lib1508-lib1508.o' libtool=no @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(lib1508_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o lib1508-lib1508.o `test -f 'lib1508.c' || echo '$(srcdir)/'`lib1508.c
++
++lib1508-lib1508.obj: lib1508.c
++@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(lib1508_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT lib1508-lib1508.obj -MD -MP -MF $(DEPDIR)/lib1508-lib1508.Tpo -c -o lib1508-lib1508.obj `if test -f 'lib1508.c'; then $(CYGPATH_W) 'lib1508.c'; else $(CYGPATH_W) '$(srcdir)/lib1508.c'; fi`
++@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/lib1508-lib1508.Tpo $(DEPDIR)/lib1508-lib1508.Po
++@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='lib1508.c' object='lib1508-lib1508.obj' libtool=no @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(lib1508_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o lib1508-lib1508.obj `if test -f 'lib1508.c'; then $(CYGPATH_W) 'lib1508.c'; else $(CYGPATH_W) '$(srcdir)/lib1508.c'; fi`
++
++lib1508-first.o: first.c
++@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(lib1508_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT lib1508-first.o -MD -MP -MF $(DEPDIR)/lib1508-first.Tpo -c -o lib1508-first.o `test -f 'first.c' || echo '$(srcdir)/'`first.c
++@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/lib1508-first.Tpo $(DEPDIR)/lib1508-first.Po
++@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='first.c' object='lib1508-first.o' libtool=no @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(lib1508_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o lib1508-first.o `test -f 'first.c' || echo '$(srcdir)/'`first.c
++
++lib1508-first.obj: first.c
++@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(lib1508_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT lib1508-first.obj -MD -MP -MF $(DEPDIR)/lib1508-first.Tpo -c -o lib1508-first.obj `if test -f 'first.c'; then $(CYGPATH_W) 'first.c'; else $(CYGPATH_W) '$(srcdir)/first.c'; fi`
++@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/lib1508-first.Tpo $(DEPDIR)/lib1508-first.Po
++@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='first.c' object='lib1508-first.obj' libtool=no @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(lib1508_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o lib1508-first.obj `if test -f 'first.c'; then $(CYGPATH_W) 'first.c'; else $(CYGPATH_W) '$(srcdir)/first.c'; fi`
++
++lib1508-testutil.o: testutil.c
++@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(lib1508_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT lib1508-testutil.o -MD -MP -MF $(DEPDIR)/lib1508-testutil.Tpo -c -o lib1508-testutil.o `test -f 'testutil.c' || echo '$(srcdir)/'`testutil.c
++@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/lib1508-testutil.Tpo $(DEPDIR)/lib1508-testutil.Po
++@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='testutil.c' object='lib1508-testutil.o' libtool=no @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(lib1508_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o lib1508-testutil.o `test -f 'testutil.c' || echo '$(srcdir)/'`testutil.c
++
++lib1508-testutil.obj: testutil.c
++@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(lib1508_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT lib1508-testutil.obj -MD -MP -MF $(DEPDIR)/lib1508-testutil.Tpo -c -o lib1508-testutil.obj `if test -f 'testutil.c'; then $(CYGPATH_W) 'testutil.c'; else $(CYGPATH_W) '$(srcdir)/testutil.c'; fi`
++@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/lib1508-testutil.Tpo $(DEPDIR)/lib1508-testutil.Po
++@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='testutil.c' object='lib1508-testutil.obj' libtool=no @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(lib1508_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o lib1508-testutil.obj `if test -f 'testutil.c'; then $(CYGPATH_W) 'testutil.c'; else $(CYGPATH_W) '$(srcdir)/testutil.c'; fi`
++
++lib1508-warnless.o: ../../lib/warnless.c
++@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(lib1508_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT lib1508-warnless.o -MD -MP -MF $(DEPDIR)/lib1508-warnless.Tpo -c -o lib1508-warnless.o `test -f '../../lib/warnless.c' || echo '$(srcdir)/'`../../lib/warnless.c
++@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/lib1508-warnless.Tpo $(DEPDIR)/lib1508-warnless.Po
++@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='../../lib/warnless.c' object='lib1508-warnless.o' libtool=no @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(lib1508_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o lib1508-warnless.o `test -f '../../lib/warnless.c' || echo '$(srcdir)/'`../../lib/warnless.c
++
++lib1508-warnless.obj: ../../lib/warnless.c
++@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(lib1508_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT lib1508-warnless.obj -MD -MP -MF $(DEPDIR)/lib1508-warnless.Tpo -c -o lib1508-warnless.obj `if test -f '../../lib/warnless.c'; then $(CYGPATH_W) '../../lib/warnless.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/warnless.c'; fi`
++@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/lib1508-warnless.Tpo $(DEPDIR)/lib1508-warnless.Po
++@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='../../lib/warnless.c' object='lib1508-warnless.obj' libtool=no @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(lib1508_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o lib1508-warnless.obj `if test -f '../../lib/warnless.c'; then $(CYGPATH_W) '../../lib/warnless.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/warnless.c'; fi`
++
+ lib500-lib500.o: lib500.c
+ @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(lib500_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT lib500-lib500.o -MD -MP -MF $(DEPDIR)/lib500-lib500.Tpo -c -o lib500-lib500.o `test -f 'lib500.c' || echo '$(srcdir)/'`lib500.c
+ @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/lib500-lib500.Tpo $(DEPDIR)/lib500-lib500.Po
+diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc
+index 82c265d..8bf2be4 100644
+--- a/tests/libtest/Makefile.inc
++++ b/tests/libtest/Makefile.inc
+@@ -23,7 +23,7 @@ noinst_PROGRAMS = chkhostname libauthretry libntlmconnect \
+ lib582 lib583 lib585 lib586 lib587 \
+ lib590 lib591 lib597 lib598 lib599 \
+ \
+- lib1500 lib1501 lib1502 lib1503 lib1504 lib1505 lib1506
++ lib1500 lib1501 lib1502 lib1503 lib1504 lib1505 lib1506 lib1508
+
+ chkhostname_SOURCES = chkhostname.c ../../lib/curl_gethostname.c
+ chkhostname_LDADD = @CURL_NETWORK_LIBS@
+@@ -312,3 +312,7 @@ lib1505_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1505
+ lib1506_SOURCES = lib1506.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
+ lib1506_LDADD = $(TESTUTIL_LIBS)
+ lib1506_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1506
++
++lib1508_SOURCES = lib1508.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
++lib1508_LDADD = $(TESTUTIL_LIBS)
++lib1508_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1508
+diff --git a/tests/libtest/lib1508.c b/tests/libtest/lib1508.c
+new file mode 100644
+index 0000000..72f26d1
+--- /dev/null
++++ b/tests/libtest/lib1508.c
+@@ -0,0 +1,49 @@
++/***************************************************************************
++ * _ _ ____ _
++ * Project ___| | | | _ \| |
++ * / __| | | | |_) | |
++ * | (__| |_| | _ <| |___
++ * \___|\___/|_| \_\_____|
++ *
++ * Copyright (C) 2013, Linus Nielsen Feltzing <linus@haxx.se>
++ *
++ * This software is licensed as described in the file COPYING, which
++ * you should have received as part of this distribution. The terms
++ * are also available at http://curl.haxx.se/docs/copyright.html.
++ *
++ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
++ * copies of the Software, and permit persons to whom the Software is
++ * furnished to do so, under the terms of the COPYING file.
++ *
++ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
++ * KIND, either express or implied.
++ *
++ ***************************************************************************/
++#include "test.h"
++
++#include "testutil.h"
++#include "warnless.h"
++#include "memdebug.h"
++
++int test(char *URL)
++{
++ int res = 0;
++ CURLM *m = NULL;
++
++ (void)URL;
++
++ global_init(CURL_GLOBAL_ALL);
++
++ multi_init(m);
++
++test_cleanup:
++
++ /* proper cleanup sequence - type PB */
++
++ curl_multi_cleanup(m);
++ curl_global_cleanup();
++
++ printf("We are done\n");
++
++ return res;
++}
+--
+1.7.1
+
diff --git a/0002-curl-7.27.0-f05e5136.patch b/0002-curl-7.27.0-f05e5136.patch
deleted file mode 100644
index 7413ed6..0000000
--- a/0002-curl-7.27.0-f05e5136.patch
+++ /dev/null
@@ -1,197 +0,0 @@
-From ce515e993fe7bc7e95549317fe5180b196454d4c Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Wed, 12 Sep 2012 16:06:18 +0200
-Subject: [PATCH 1/3] ssh: move the fingerprint checking code to a separate fnc
-
----
- lib/ssh.c | 71 +++++++++++++++++++++++++++++++++---------------------------
- 1 files changed, 39 insertions(+), 32 deletions(-)
-
-diff --git a/lib/ssh.c b/lib/ssh.c
-index c76a48e..4455d44 100644
---- a/lib/ssh.c
-+++ b/lib/ssh.c
-@@ -635,6 +635,43 @@ static CURLcode ssh_knownhost(struct connectdata *conn)
- return result;
- }
-
-+static bool ssh_check_fingerprint(struct connectdata *conn)
-+{
-+ struct ssh_conn *sshc = &conn->proto.sshc;
-+ struct SessionHandle *data = conn->data;
-+ const char *pubkey_md5 = data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5];
-+ char md5buffer[33];
-+ int i;
-+
-+ const char *fingerprint = libssh2_hostkey_hash(sshc->ssh_session,
-+ LIBSSH2_HOSTKEY_HASH_MD5);
-+
-+ /* The fingerprint points to static storage (!), don't free() it. */
-+ for(i = 0; i < 16; i++)
-+ snprintf(&md5buffer[i*2], 3, "%02x", (unsigned char) fingerprint[i]);
-+ infof(data, "SSH MD5 fingerprint: %s\n", md5buffer);
-+
-+ /* Before we authenticate we check the hostkey's MD5 fingerprint
-+ * against a known fingerprint, if available.
-+ */
-+ if(pubkey_md5 && strlen(pubkey_md5) == 32) {
-+ if(!strequal(md5buffer, pubkey_md5)) {
-+ failf(data,
-+ "Denied establishing ssh session: mismatch md5 fingerprint. "
-+ "Remote %s is not equal to %s", md5buffer, pubkey_md5);
-+ state(conn, SSH_SESSION_FREE);
-+ sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION;
-+ return sshc->actualcode;
-+ }
-+ else {
-+ infof(data, "MD5 checksum match!\n");
-+ /* as we already matched, we skip the check for known hosts */
-+ return CURLE_OK;
-+ }
-+ }
-+ else
-+ return ssh_knownhost(conn);
-+}
-
- /*
- * ssh_statemach_act() runs the SSH state machine as far as it can without
-@@ -650,10 +687,8 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
- struct SSHPROTO *sftp_scp = data->state.proto.ssh;
- struct ssh_conn *sshc = &conn->proto.sshc;
- curl_socket_t sock = conn->sock[FIRSTSOCKET];
-- const char *fingerprint;
-- char md5buffer[33];
- char *new_readdir_line;
-- int rc = LIBSSH2_ERROR_NONE, i;
-+ int rc = LIBSSH2_ERROR_NONE;
- int err;
- int seekerr = CURL_SEEKFUNC_OK;
- *block = 0; /* we're not blocking by default */
-@@ -694,35 +729,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
- * against our known hosts. How that is handled (reading from file,
- * whatever) is up to us.
- */
-- fingerprint = libssh2_hostkey_hash(sshc->ssh_session,
-- LIBSSH2_HOSTKEY_HASH_MD5);
--
-- /* The fingerprint points to static storage (!), don't free() it. */
-- for(i = 0; i < 16; i++)
-- snprintf(&md5buffer[i*2], 3, "%02x", (unsigned char) fingerprint[i]);
-- infof(data, "SSH MD5 fingerprint: %s\n", md5buffer);
--
-- /* Before we authenticate we check the hostkey's MD5 fingerprint
-- * against a known fingerprint, if available.
-- */
-- if(data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5] &&
-- strlen(data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5]) == 32) {
-- if(!strequal(md5buffer,
-- data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5])) {
-- failf(data,
-- "Denied establishing ssh session: mismatch md5 fingerprint. "
-- "Remote %s is not equal to %s",
-- md5buffer, data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5]);
-- state(conn, SSH_SESSION_FREE);
-- result = sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION;
-- }
-- else
-- infof(data, "MD5 checksum match!\n");
-- /* as we already matched, we skip the check for known hosts */
-- }
-- else
-- result = ssh_knownhost(conn);
--
-+ result = ssh_check_fingerprint(conn);
- if(!result)
- state(conn, SSH_AUTHLIST);
- break;
---
-1.7.1
-
-
-From f05e51362f310cb04b0ad8d086b9cf693aad5c9d Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Wed, 12 Sep 2012 16:18:36 +0200
-Subject: [PATCH 2/3] ssh: do not crash if MD5 fingerprint is not provided by libssh2
-
-The MD5 fingerprint cannot be computed when running in FIPS mode.
----
- lib/ssh.c | 22 ++++++++++++++--------
- 1 files changed, 14 insertions(+), 8 deletions(-)
-
-diff --git a/lib/ssh.c b/lib/ssh.c
-index 4455d44..466566c 100644
---- a/lib/ssh.c
-+++ b/lib/ssh.c
-@@ -646,19 +646,25 @@ static bool ssh_check_fingerprint(struct connectdata *conn)
- const char *fingerprint = libssh2_hostkey_hash(sshc->ssh_session,
- LIBSSH2_HOSTKEY_HASH_MD5);
-
-- /* The fingerprint points to static storage (!), don't free() it. */
-- for(i = 0; i < 16; i++)
-- snprintf(&md5buffer[i*2], 3, "%02x", (unsigned char) fingerprint[i]);
-- infof(data, "SSH MD5 fingerprint: %s\n", md5buffer);
-+ if(fingerprint) {
-+ /* The fingerprint points to static storage (!), don't free() it. */
-+ for(i = 0; i < 16; i++)
-+ snprintf(&md5buffer[i*2], 3, "%02x", (unsigned char) fingerprint[i]);
-+ infof(data, "SSH MD5 fingerprint: %s\n", md5buffer);
-+ }
-
- /* Before we authenticate we check the hostkey's MD5 fingerprint
- * against a known fingerprint, if available.
- */
- if(pubkey_md5 && strlen(pubkey_md5) == 32) {
-- if(!strequal(md5buffer, pubkey_md5)) {
-- failf(data,
-- "Denied establishing ssh session: mismatch md5 fingerprint. "
-- "Remote %s is not equal to %s", md5buffer, pubkey_md5);
-+ if(!fingerprint || !strequal(md5buffer, pubkey_md5)) {
-+ if(fingerprint)
-+ failf(data,
-+ "Denied establishing ssh session: mismatch md5 fingerprint. "
-+ "Remote %s is not equal to %s", md5buffer, pubkey_md5);
-+ else
-+ failf(data,
-+ "Denied establishing ssh session: md5 fingerprint not available");
- state(conn, SSH_SESSION_FREE);
- sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION;
- return sshc->actualcode;
---
-1.7.1
-
-
-From 1ab6c353635760e8e25bacc13ae0cab2f97f7338 Mon Sep 17 00:00:00 2001
-From: Marc Hoersken <info@marc-hoersken.de>
-Date: Fri, 14 Sep 2012 14:48:55 +0200
-Subject: [PATCH 3/3] ssh.c: Fixed warning: implicit conversion from enumeration type
-
-Signed-off-by: Kamil Dudka <kdudka@redhat.com>
----
- lib/ssh.c | 4 ++--
- 1 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/lib/ssh.c b/lib/ssh.c
-index 466566c..e8b7172 100644
---- a/lib/ssh.c
-+++ b/lib/ssh.c
-@@ -635,7 +635,7 @@ static CURLcode ssh_knownhost(struct connectdata *conn)
- return result;
- }
-
--static bool ssh_check_fingerprint(struct connectdata *conn)
-+static CURLcode ssh_check_fingerprint(struct connectdata *conn)
- {
- struct ssh_conn *sshc = &conn->proto.sshc;
- struct SessionHandle *data = conn->data;
-@@ -736,7 +736,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
- * whatever) is up to us.
- */
- result = ssh_check_fingerprint(conn);
-- if(!result)
-+ if(result == CURLE_OK)
- state(conn, SSH_AUTHLIST);
- break;
-
---
-1.7.1
-
diff --git a/0002-curl-7.29.0-9d0af301.patch b/0002-curl-7.29.0-9d0af301.patch
new file mode 100644
index 0000000..0b9f7aa
--- /dev/null
+++ b/0002-curl-7.29.0-9d0af301.patch
@@ -0,0 +1,47 @@
+From 8d25353ae1661ce50fe564e733f3ef45004f4bdf Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Tue, 5 Mar 2013 17:51:01 +0100
+Subject: [PATCH] nss: fix misplaced code enabling non-blocking socket mode
+
+The option needs to be set on the SSL socket. Setting it on the model
+takes no effect. Note that the non-blocking mode is still not enabled
+for the handshake because the code is not yet ready for that.
+
+[upstream commit 9d0af3018c5db25f5adda216dbcad6056b4a3107]
+---
+ lib/nss.c | 12 ++++++------
+ 1 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/lib/nss.c b/lib/nss.c
+index 8a2cb09..a2c5c63 100644
+--- a/lib/nss.c
++++ b/lib/nss.c
+@@ -1237,12 +1237,6 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
+ goto error;
+ model = SSL_ImportFD(NULL, model);
+
+- /* make the socket nonblocking */
+- sock_opt.option = PR_SockOpt_Nonblocking;
+- sock_opt.value.non_blocking = PR_TRUE;
+- if(PR_SetSocketOption(model, &sock_opt) != PR_SUCCESS)
+- goto error;
+-
+ if(SSL_OptionSet(model, SSL_SECURITY, PR_TRUE) != SECSuccess)
+ goto error;
+ if(SSL_OptionSet(model, SSL_HANDSHAKE_AS_SERVER, PR_FALSE) != SECSuccess)
+@@ -1415,6 +1409,12 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
+ goto error;
+ }
+
++ /* switch the SSL socket into non-blocking mode */
++ sock_opt.option = PR_SockOpt_Nonblocking;
++ sock_opt.value.non_blocking = PR_TRUE;
++ if(PR_SetSocketOption(connssl->handle, &sock_opt) != PR_SUCCESS)
++ goto error;
++
+ connssl->state = ssl_connection_complete;
+ conn->recv[sockindex] = nss_recv;
+ conn->send[sockindex] = nss_send;
+--
+1.7.1
+
diff --git a/0003-curl-7.27.0-382429e7.patch b/0003-curl-7.27.0-382429e7.patch
deleted file mode 100644
index f25fe71..0000000
--- a/0003-curl-7.27.0-382429e7.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 382429e7601de68564f08a88cc867dbcd6e2556a Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Tue, 7 Aug 2012 14:13:09 +0200
-Subject: [PATCH] curl-config: parentheses fix
-
-Braces, not parentheses, should be used for shell variable names.
-
-Bug: http://curl.haxx.se/bug/view.cgi?id=3551460
-Reported by: Edward Sheldrake
----
- curl-config.in | 4 ++--
- 1 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/curl-config.in b/curl-config.in
-index a3ca8b5..731761c 100644
---- a/curl-config.in
-+++ b/curl-config.in
-@@ -135,9 +135,9 @@ while test $# -gt 0; do
- CPPFLAG_CURL_STATICLIB=""
- fi
- if test "X@includedir@" = "X/usr/include"; then
-- echo "$(CPPFLAG_CURL_STATICLIB)"
-+ echo "$CPPFLAG_CURL_STATICLIB"
- else
-- echo "$(CPPFLAG_CURL_STATICLIB)-I@includedir@"
-+ echo "${CPPFLAG_CURL_STATICLIB}-I@includedir@"
- fi
- ;;
-
---
-1.7.1
-
diff --git a/0003-curl-7.29.0-491e026c.patch b/0003-curl-7.29.0-491e026c.patch
new file mode 100644
index 0000000..c136e34
--- /dev/null
+++ b/0003-curl-7.29.0-491e026c.patch
@@ -0,0 +1,39 @@
+From a2e6eadf6a72f7587eb9bc1ad52383e4c5507b12 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Mon, 11 Mar 2013 16:57:25 +0100
+Subject: [PATCH 1/2] easy: do not ignore poll() failures other than EINTR
+
+[upstream commit 491e026ccda0e60975fa6e2e9cf3ccca37e18f7b]
+---
+ lib/easy.c | 12 ++++++++++--
+ 1 files changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/lib/easy.c b/lib/easy.c
+index c27deff..2e747bb 100644
+--- a/lib/easy.c
++++ b/lib/easy.c
+@@ -441,11 +441,19 @@ CURLcode curl_easy_perform(CURL *easy)
+
+ while(!done && !mcode) {
+ int still_running;
++ int ret;
+
+- mcode = curl_multi_wait(multi, NULL, 0, 1000, NULL);
++ mcode = curl_multi_wait(multi, NULL, 0, 1000, &ret);
++
++ if(mcode == CURLM_OK) {
++ if(ret == -1) {
++ /* poll() failed not on EINTR, indicate a network problem */
++ code = CURLE_RECV_ERROR;
++ break;
++ }
+
+- if(mcode == CURLM_OK)
+ mcode = curl_multi_perform(multi, &still_running);
++ }
+
+ /* only read 'still_running' if curl_multi_perform() return OK */
+ if((mcode == CURLM_OK) && !still_running) {
+--
+1.7.1
+
diff --git a/0004-curl-7.27.0-52b6eda4.patch b/0004-curl-7.27.0-52b6eda4.patch
deleted file mode 100644
index a6b751b..0000000
--- a/0004-curl-7.27.0-52b6eda4.patch
+++ /dev/null
@@ -1,115 +0,0 @@
-From fea7914a32b7d7a8ec4bbf4de0c2be74a32969bb Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Thu, 9 Aug 2012 09:40:00 +0200
-Subject: [PATCH 1/2] nss: do not print misleading NSS error codes
-
-[upstream commit 52b6eda4f2a006e33358c6964ef6a00b09ae59ab]
----
- lib/nss.c | 42 ++++++++++++++++++++++++++++++------------
- 1 files changed, 30 insertions(+), 12 deletions(-)
-
-diff --git a/lib/nss.c b/lib/nss.c
-index b11796c..a8e08f4 100644
---- a/lib/nss.c
-+++ b/lib/nss.c
-@@ -1084,17 +1084,31 @@ int Curl_nss_close_all(struct SessionHandle *data)
- return 0;
- }
-
--/* return true if the given error code is related to a client certificate */
--static bool is_cc_error(PRInt32 err)
-+/* return true if NSS can provide error code (and possibly msg) for the error */
-+static bool is_nss_error(CURLcode err)
- {
- switch(err) {
-- case SSL_ERROR_BAD_CERT_ALERT:
-+ case CURLE_PEER_FAILED_VERIFICATION:
-+ case CURLE_SSL_CACERT:
-+ case CURLE_SSL_CACERT_BADFILE:
-+ case CURLE_SSL_CERTPROBLEM:
-+ case CURLE_SSL_CONNECT_ERROR:
-+ case CURLE_SSL_CRL_BADFILE:
-+ case CURLE_SSL_ISSUER_ERROR:
- return true;
-
-- case SSL_ERROR_REVOKED_CERT_ALERT:
-- return true;
-+ default:
-+ return false;
-+ }
-+}
-
-+/* return true if the given error code is related to a client certificate */
-+static bool is_cc_error(PRInt32 err)
-+{
-+ switch(err) {
-+ case SSL_ERROR_BAD_CERT_ALERT:
- case SSL_ERROR_EXPIRED_CERT_ALERT:
-+ case SSL_ERROR_REVOKED_CERT_ALERT:
- return true;
-
- default:
-@@ -1388,6 +1402,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
- time_left = Curl_timeleft(data, NULL, TRUE);
- if(time_left < 0L) {
- failf(data, "timed out before SSL handshake");
-+ curlerr = CURLE_OPERATION_TIMEDOUT;
- goto error;
- }
- timeout = PR_MillisecondsToInterval((PRUint32) time_left);
-@@ -1432,15 +1447,18 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
- /* reset the flag to avoid an infinite loop */
- data->state.ssl_connect_retry = FALSE;
-
-- err = PR_GetError();
-- if(is_cc_error(err))
-- curlerr = CURLE_SSL_CERTPROBLEM;
-+ if(is_nss_error(curlerr)) {
-+ /* read NSPR error code */
-+ err = PR_GetError();
-+ if(is_cc_error(err))
-+ curlerr = CURLE_SSL_CERTPROBLEM;
-
-- /* print the error number and error string */
-- infof(data, "NSS error %d (%s)\n", err, nss_error_to_name(err));
-+ /* print the error number and error string */
-+ infof(data, "NSS error %d (%s)\n", err, nss_error_to_name(err));
-
-- /* print a human-readable message describing the error if available */
-- nss_print_error_message(data, err);
-+ /* print a human-readable message describing the error if available */
-+ nss_print_error_message(data, err);
-+ }
-
- if(model)
- PR_Close(model);
---
-1.7.1
-
-
-From b00ba010d0cd0a6ee77692fd4e38e6680b07a82e Mon Sep 17 00:00:00 2001
-From: Marc Hoersken <info@marc-hoersken.de>
-Date: Tue, 11 Sep 2012 09:49:23 +0200
-Subject: [PATCH 2/2] nss.c: Fixed warning: 'err' may be used uninitialized in this function
-
-[upstream commit e6ba0487013085afc5bc1ca7d7c8a15a13367ba6]
----
- lib/nss.c | 2 +-
- 1 files changed, 1 insertions(+), 1 deletions(-)
-
-diff --git a/lib/nss.c b/lib/nss.c
-index a8e08f4..fef7c3d 100644
---- a/lib/nss.c
-+++ b/lib/nss.c
-@@ -1173,7 +1173,7 @@ static CURLcode nss_load_ca_certificates(struct connectdata *conn,
-
- CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
- {
-- PRInt32 err;
-+ PRErrorCode err = 0;
- PRFileDesc *model = NULL;
- PRBool ssl2 = PR_FALSE;
- PRBool ssl3 = PR_FALSE;
---
-1.7.1
-
diff --git a/0010-curl-7.27.0-57ccdfa8.patch b/0004-curl-7.29.0-57ccdfa8.patch
index cc4be82..1448d64 100644
--- a/0010-curl-7.27.0-57ccdfa8.patch
+++ b/0004-curl-7.29.0-57ccdfa8.patch
@@ -1,7 +1,7 @@
-From fba5ed6d23b8fab97150da2b49a35236a8f4684c Mon Sep 17 00:00:00 2001
+From 37a515d9933a3160a8a868d5a697a42b28f6d792 Mon Sep 17 00:00:00 2001
From: Zdenek Pavlas <zpavlas@redhat.com>
Date: Mon, 11 Mar 2013 14:57:07 +0100
-Subject: [PATCH] curl_global_init: accept the CURL_GLOBAL_ACK_EINTR flag
+Subject: [PATCH 2/2] curl_global_init: accept the CURL_GLOBAL_ACK_EINTR flag
The flag can be used in pycurl-based applications where using the multi
interface would not be acceptable because of the performance lost caused
@@ -11,16 +11,14 @@ Bug: http://curl.haxx.se/bug/view.cgi?id=1168
Downstream Bug: https://bugzilla.redhat.com/919127
[upstream commit 57ccdfa8d2bb6275388223f4676cd623ebd01697]
-
-Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
docs/libcurl/curl_global_init.3 | 4 ++++
docs/libcurl/symbols-in-versions | 1 +
include/curl/curl.h | 1 +
- lib/easy.c | 6 +++++-
+ lib/easy.c | 2 ++
lib/select.c | 17 ++---------------
lib/select.h | 6 ++++++
- 6 files changed, 19 insertions(+), 16 deletions(-)
+ 6 files changed, 16 insertions(+), 15 deletions(-)
diff --git a/docs/libcurl/curl_global_init.3 b/docs/libcurl/curl_global_init.3
index d91e1bd..6a08383 100644
@@ -38,10 +36,10 @@ index d91e1bd..6a08383 100644
If this function returns non-zero, something went wrong and you cannot use the
other curl functions.
diff --git a/docs/libcurl/symbols-in-versions b/docs/libcurl/symbols-in-versions
-index 41705fd..c528208 100644
+index 1de1ace..37b5e27 100644
--- a/docs/libcurl/symbols-in-versions
+++ b/docs/libcurl/symbols-in-versions
-@@ -612,6 +612,7 @@ CURL_GLOBAL_DEFAULT 7.8
+@@ -614,6 +614,7 @@ CURL_GLOBAL_DEFAULT 7.8
CURL_GLOBAL_NOTHING 7.8
CURL_GLOBAL_SSL 7.8
CURL_GLOBAL_WIN32 7.8.1
@@ -50,10 +48,10 @@ index 41705fd..c528208 100644
CURL_HTTP_VERSION_1_1 7.9.1
CURL_HTTP_VERSION_NONE 7.9.1
diff --git a/include/curl/curl.h b/include/curl/curl.h
-index 2cad282..63e7056 100644
+index 5b39a24..80e4cf5 100644
--- a/include/curl/curl.h
+++ b/include/curl/curl.h
-@@ -2022,6 +2022,7 @@ typedef enum {
+@@ -2023,6 +2023,7 @@ typedef enum {
#define CURL_GLOBAL_ALL (CURL_GLOBAL_SSL|CURL_GLOBAL_WIN32)
#define CURL_GLOBAL_NOTHING 0
#define CURL_GLOBAL_DEFAULT CURL_GLOBAL_ALL
@@ -62,10 +60,10 @@ index 2cad282..63e7056 100644
/*****************************************************************************
diff --git a/lib/easy.c b/lib/easy.c
-index 6e8ff77..88f4a60 100644
+index 2e747bb..2739598 100644
--- a/lib/easy.c
+++ b/lib/easy.c
-@@ -267,6 +267,8 @@ CURLcode curl_global_init(long flags)
+@@ -262,6 +262,8 @@ CURLcode curl_global_init(long flags)
}
#endif
@@ -74,21 +72,8 @@ index 6e8ff77..88f4a60 100644
init_flags = flags;
/* Preset pseudo-random number sequence. */
-@@ -459,9 +461,11 @@ CURLcode curl_easy_perform(CURL *easy)
- select. This whole alternative version should probably rather use the
- curl_multi_socket() approach. */
-
-- if(rc == -1)
-+ if(rc == -1) {
- /* select error */
-+ code = CURLE_RECV_ERROR;
- break;
-+ }
-
- /* timeout or data to send/receive => loop! */
- } while(still_running);
diff --git a/lib/select.c b/lib/select.c
-index 40673ec..bb8b773 100644
+index d13e122..db7fb6d 100644
--- a/lib/select.c
+++ b/lib/select.c
@@ -50,11 +50,8 @@
@@ -126,7 +111,7 @@ index 40673ec..bb8b773 100644
*
* Return values:
* -1 = system call error or fd >= FD_SETSIZE
-@@ -347,9 +337,6 @@ int Curl_socket_check(curl_socket_t readfd0, /* two sockets to read from */
+@@ -351,9 +341,6 @@ int Curl_socket_check(curl_socket_t readfd0, /* two sockets to read from */
* A negative timeout value makes this function wait indefinitely,
* unles no valid file descriptor is given, when this happens the
* negative timeout is ignored and the function times out immediately.
@@ -137,10 +122,10 @@ index 40673ec..bb8b773 100644
* Return values:
* -1 = system call error or fd >= FD_SETSIZE
diff --git a/lib/select.h b/lib/select.h
-index b50604b..4f0e464 100644
+index 00789bb..c00afe1 100644
--- a/lib/select.h
+++ b/lib/select.h
-@@ -99,6 +99,12 @@ int Curl_socket_check(curl_socket_t readfd, curl_socket_t readfd2,
+@@ -81,6 +81,12 @@ int Curl_socket_check(curl_socket_t readfd, curl_socket_t readfd2,
int Curl_poll(struct pollfd ufds[], unsigned int nfds, int timeout_ms);
diff --git a/0005-curl-7.27.0-f208bf5a.patch b/0005-curl-7.27.0-f208bf5a.patch
deleted file mode 100644
index c164fd0..0000000
--- a/0005-curl-7.27.0-f208bf5a.patch
+++ /dev/null
@@ -1,190 +0,0 @@
-From c78462408b8033c99cb45e70f34586ceb8fa8276 Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Thu, 9 Aug 2012 14:08:11 +0200
-Subject: [PATCH] docs: update the links to cipher-suites supported by NSS
-
-... and make the list of cipher-suites in nss.c readable by humans.
-
-Bug: http://curl.haxx.se/mail/archive-2012-08/0016.html
-
-[upstream commit f208bf5a2d622ae525690dfba2ab58abd8d72264]
----
- docs/curl.1 | 2 +-
- docs/libcurl/curl_easy_setopt.3 | 2 +-
- lib/nss.c | 105 +++++++++++++++++++--------------------
- 3 files changed, 53 insertions(+), 56 deletions(-)
-
-diff --git a/docs/curl.1 b/docs/curl.1
-index 0e29ed5..5ba3d56 100644
---- a/docs/curl.1
-+++ b/docs/curl.1
-@@ -223,7 +223,7 @@ must specify valid ciphers. Read up on SSL cipher list details on this URL:
-
- NSS ciphers are done differently than OpenSSL and GnuTLS. The full list of
- NSS ciphers is in the NSSCipherSuite entry at this URL:
--\fIhttp://directory.fedora.redhat.com/docs/mod_nss.html#Directives\fP
-+\fIhttp://git.fedorahosted.org/cgit/mod_nss.git/plain/docs/mod_nss.html#Directives\fP
-
- If this option is used several times, the last one will override the others.
- .IP "--compressed"
-diff --git a/docs/libcurl/curl_easy_setopt.3 b/docs/libcurl/curl_easy_setopt.3
-index 25a7d5e..d83afe8 100644
---- a/docs/libcurl/curl_easy_setopt.3
-+++ b/docs/libcurl/curl_easy_setopt.3
-@@ -2367,7 +2367,7 @@ this option then all known ciphers are disabled and only those passed in
- are enabled.
-
- You'll find more details about the NSS cipher lists on this URL:
--\fIhttp://directory.fedora.redhat.com/docs/mod_nss.html#Directives\fP
-+\fIhttp://git.fedorahosted.org/cgit/mod_nss.git/plain/docs/mod_nss.html#Directives\fP
-
- .IP CURLOPT_SSL_SESSIONID_CACHE
- Pass a long set to 0 to disable libcurl's use of SSL session-ID caching. Set
-diff --git a/lib/nss.c b/lib/nss.c
-index fef7c3d..705a625 100644
---- a/lib/nss.c
-+++ b/lib/nss.c
-@@ -89,7 +89,6 @@ volatile int initialized = 0;
- typedef struct {
- const char *name;
- int num;
-- PRInt32 version; /* protocol version valid for this cipher */
- } cipher_s;
-
- #define PK11_SETATTRS(_attr, _idx, _type, _val, _len) do { \
-@@ -101,65 +100,63 @@ typedef struct {
-
- #define CERT_NewTempCertificate __CERT_NewTempCertificate
-
--enum sslversion { SSL2 = 1, SSL3 = 2, TLS = 4 };
--
- #define NUM_OF_CIPHERS sizeof(cipherlist)/sizeof(cipherlist[0])
- static const cipher_s cipherlist[] = {
- /* SSL2 cipher suites */
-- {"rc4", SSL_EN_RC4_128_WITH_MD5, SSL2},
-- {"rc4-md5", SSL_EN_RC4_128_WITH_MD5, SSL2},
-- {"rc4export", SSL_EN_RC4_128_EXPORT40_WITH_MD5, SSL2},
-- {"rc2", SSL_EN_RC2_128_CBC_WITH_MD5, SSL2},
-- {"rc2export", SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, SSL2},
-- {"des", SSL_EN_DES_64_CBC_WITH_MD5, SSL2},
-- {"desede3", SSL_EN_DES_192_EDE3_CBC_WITH_MD5, SSL2},
-+ {"rc4", SSL_EN_RC4_128_WITH_MD5},
-+ {"rc4-md5", SSL_EN_RC4_128_WITH_MD5},
-+ {"rc4export", SSL_EN_RC4_128_EXPORT40_WITH_MD5},
-+ {"rc2", SSL_EN_RC2_128_CBC_WITH_MD5},
-+ {"rc2export", SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5},
-+ {"des", SSL_EN_DES_64_CBC_WITH_MD5},
-+ {"desede3", SSL_EN_DES_192_EDE3_CBC_WITH_MD5},
- /* SSL3/TLS cipher suites */
-- {"rsa_rc4_128_md5", SSL_RSA_WITH_RC4_128_MD5, SSL3 | TLS},
-- {"rsa_rc4_128_sha", SSL_RSA_WITH_RC4_128_SHA, SSL3 | TLS},
-- {"rsa_3des_sha", SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL3 | TLS},
-- {"rsa_des_sha", SSL_RSA_WITH_DES_CBC_SHA, SSL3 | TLS},
-- {"rsa_rc4_40_md5", SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL3 | TLS},
-- {"rsa_rc2_40_md5", SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSL3 | TLS},
-- {"rsa_null_md5", SSL_RSA_WITH_NULL_MD5, SSL3 | TLS},
-- {"rsa_null_sha", SSL_RSA_WITH_NULL_SHA, SSL3 | TLS},
-- {"fips_3des_sha", SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL3 | TLS},
-- {"fips_des_sha", SSL_RSA_FIPS_WITH_DES_CBC_SHA, SSL3 | TLS},
-- {"fortezza", SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, SSL3 | TLS},
-- {"fortezza_rc4_128_sha", SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, SSL3 | TLS},
-- {"fortezza_null", SSL_FORTEZZA_DMS_WITH_NULL_SHA, SSL3 | TLS},
-+ {"rsa_rc4_128_md5", SSL_RSA_WITH_RC4_128_MD5},
-+ {"rsa_rc4_128_sha", SSL_RSA_WITH_RC4_128_SHA},
-+ {"rsa_3des_sha", SSL_RSA_WITH_3DES_EDE_CBC_SHA},
-+ {"rsa_des_sha", SSL_RSA_WITH_DES_CBC_SHA},
-+ {"rsa_rc4_40_md5", SSL_RSA_EXPORT_WITH_RC4_40_MD5},
-+ {"rsa_rc2_40_md5", SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5},
-+ {"rsa_null_md5", SSL_RSA_WITH_NULL_MD5},
-+ {"rsa_null_sha", SSL_RSA_WITH_NULL_SHA},
-+ {"fips_3des_sha", SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA},
-+ {"fips_des_sha", SSL_RSA_FIPS_WITH_DES_CBC_SHA},
-+ {"fortezza", SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA},
-+ {"fortezza_rc4_128_sha", SSL_FORTEZZA_DMS_WITH_RC4_128_SHA},
-+ {"fortezza_null", SSL_FORTEZZA_DMS_WITH_NULL_SHA},
- /* TLS 1.0: Exportable 56-bit Cipher Suites. */
-- {"rsa_des_56_sha", TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, SSL3 | TLS},
-- {"rsa_rc4_56_sha", TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, SSL3 | TLS},
-+ {"rsa_des_56_sha", TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA},
-+ {"rsa_rc4_56_sha", TLS_RSA_EXPORT1024_WITH_RC4_56_SHA},
- /* AES ciphers. */
-- {"rsa_aes_128_sha", TLS_RSA_WITH_AES_128_CBC_SHA, SSL3 | TLS},
-- {"rsa_aes_256_sha", TLS_RSA_WITH_AES_256_CBC_SHA, SSL3 | TLS},
-+ {"rsa_aes_128_sha", TLS_RSA_WITH_AES_128_CBC_SHA},
-+ {"rsa_aes_256_sha", TLS_RSA_WITH_AES_256_CBC_SHA},
- #ifdef NSS_ENABLE_ECC
- /* ECC ciphers. */
-- {"ecdh_ecdsa_null_sha", TLS_ECDH_ECDSA_WITH_NULL_SHA, TLS},
-- {"ecdh_ecdsa_rc4_128_sha", TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS},
-- {"ecdh_ecdsa_3des_sha", TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS},
-- {"ecdh_ecdsa_aes_128_sha", TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS},
-- {"ecdh_ecdsa_aes_256_sha", TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS},
-- {"ecdhe_ecdsa_null_sha", TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLS},
-- {"ecdhe_ecdsa_rc4_128_sha", TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS},
-- {"ecdhe_ecdsa_3des_sha", TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS},
-- {"ecdhe_ecdsa_aes_128_sha", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS},
-- {"ecdhe_ecdsa_aes_256_sha", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS},
-- {"ecdh_rsa_null_sha", TLS_ECDH_RSA_WITH_NULL_SHA, TLS},
-- {"ecdh_rsa_128_sha", TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS},
-- {"ecdh_rsa_3des_sha", TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS},
-- {"ecdh_rsa_aes_128_sha", TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS},
-- {"ecdh_rsa_aes_256_sha", TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS},
-- {"echde_rsa_null", TLS_ECDHE_RSA_WITH_NULL_SHA, TLS},
-- {"ecdhe_rsa_rc4_128_sha", TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS},
-- {"ecdhe_rsa_3des_sha", TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS},
-- {"ecdhe_rsa_aes_128_sha", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS},
-- {"ecdhe_rsa_aes_256_sha", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS},
-- {"ecdh_anon_null_sha", TLS_ECDH_anon_WITH_NULL_SHA, TLS},
-- {"ecdh_anon_rc4_128sha", TLS_ECDH_anon_WITH_RC4_128_SHA, TLS},
-- {"ecdh_anon_3des_sha", TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, TLS},
-- {"ecdh_anon_aes_128_sha", TLS_ECDH_anon_WITH_AES_128_CBC_SHA, TLS},
-- {"ecdh_anon_aes_256_sha", TLS_ECDH_anon_WITH_AES_256_CBC_SHA, TLS},
-+ {"ecdh_ecdsa_null_sha", TLS_ECDH_ECDSA_WITH_NULL_SHA},
-+ {"ecdh_ecdsa_rc4_128_sha", TLS_ECDH_ECDSA_WITH_RC4_128_SHA},
-+ {"ecdh_ecdsa_3des_sha", TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA},
-+ {"ecdh_ecdsa_aes_128_sha", TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA},
-+ {"ecdh_ecdsa_aes_256_sha", TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA},
-+ {"ecdhe_ecdsa_null_sha", TLS_ECDHE_ECDSA_WITH_NULL_SHA},
-+ {"ecdhe_ecdsa_rc4_128_sha", TLS_ECDHE_ECDSA_WITH_RC4_128_SHA},
-+ {"ecdhe_ecdsa_3des_sha", TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA},
-+ {"ecdhe_ecdsa_aes_128_sha", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA},
-+ {"ecdhe_ecdsa_aes_256_sha", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA},
-+ {"ecdh_rsa_null_sha", TLS_ECDH_RSA_WITH_NULL_SHA},
-+ {"ecdh_rsa_128_sha", TLS_ECDH_RSA_WITH_RC4_128_SHA},
-+ {"ecdh_rsa_3des_sha", TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA},
-+ {"ecdh_rsa_aes_128_sha", TLS_ECDH_RSA_WITH_AES_128_CBC_SHA},
-+ {"ecdh_rsa_aes_256_sha", TLS_ECDH_RSA_WITH_AES_256_CBC_SHA},
-+ {"echde_rsa_null", TLS_ECDHE_RSA_WITH_NULL_SHA},
-+ {"ecdhe_rsa_rc4_128_sha", TLS_ECDHE_RSA_WITH_RC4_128_SHA},
-+ {"ecdhe_rsa_3des_sha", TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA},
-+ {"ecdhe_rsa_aes_128_sha", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
-+ {"ecdhe_rsa_aes_256_sha", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA},
-+ {"ecdh_anon_null_sha", TLS_ECDH_anon_WITH_NULL_SHA},
-+ {"ecdh_anon_rc4_128sha", TLS_ECDH_anon_WITH_RC4_128_SHA},
-+ {"ecdh_anon_3des_sha", TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA},
-+ {"ecdh_anon_aes_128_sha", TLS_ECDH_anon_WITH_AES_128_CBC_SHA},
-+ {"ecdh_anon_aes_256_sha", TLS_ECDH_anon_WITH_AES_256_CBC_SHA},
- #endif
- };
-
-@@ -248,7 +245,7 @@ static SECStatus set_ciphers(struct SessionHandle *data, PRFileDesc * model,
- for(i=0; i<NUM_OF_CIPHERS; i++) {
- rv = SSL_CipherPrefSet(model, cipherlist[i].num, cipher_state[i]);
- if(rv != SECSuccess) {
-- failf(data, "Unknown cipher in cipher list");
-+ failf(data, "cipher-suite not supported by NSS: %s", cipherlist[i].name);
- return SECFailure;
- }
- }
-@@ -1084,7 +1081,7 @@ int Curl_nss_close_all(struct SessionHandle *data)
- return 0;
- }
-
--/* return true if NSS can provide error code (and possibly msg) for the error */
-+/* true if NSS can provide error code (and possibly a message) for the error */
- static bool is_nss_error(CURLcode err)
- {
- switch(err) {
---
-1.7.1
-
diff --git a/0011-curl-7.27.0-2eb8dcf2.patch b/0005-curl-7.29.0-2eb8dcf2.patch
index f77f104..d0fbbce 100644
--- a/0011-curl-7.27.0-2eb8dcf2.patch
+++ b/0005-curl-7.29.0-2eb8dcf2.patch
@@ -1,6 +1,6 @@
-From 5ceda5fa61a87015275ab94f99da4f92f49ac802 Mon Sep 17 00:00:00 2001
+From 0b7dd36575821bd6e4e86f7b51ac001e69abddf9 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
-Date: Fri, 12 Apr 2013 16:49:32 +0200
+Date: Fri, 12 Apr 2013 15:53:39 +0200
Subject: [PATCH 1/3] test1216: test tailmatching cookie domains
This test is an attempt to repeat the problem YAMADA Yasuharu reported
@@ -19,31 +19,31 @@ Signed-off-by: Kamil Dudka <kdudka@redhat.com>
create mode 100644 tests/data/test1216
diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am
-index 372f127..9321d61 100644
+index 9f569a3..d714e5d 100644
--- a/tests/data/Makefile.am
+++ b/tests/data/Makefile.am
-@@ -78,7 +78,7 @@ test1118 test1119 test1120 test1121 test1122 test1123 test1124 test1125 \
- test1126 test1127 test1128 test1129 test1130 test1131 \
+@@ -77,7 +77,7 @@ test1110 test1111 test1112 test1113 test1114 test1115 test1116 test1117 \
+ test1118 test1119 test1120 test1121 test1122 test1123 test1124 test1125 \
+ test1126 test1127 test1128 test1129 test1130 test1131 test1132 test1133 \
test1200 test1201 test1202 test1203 test1204 test1205 test1206 test1207 \
- test1208 test1209 test1210 test1211 \
--test1220 \
-+test1220 test1216 \
+-test1208 test1209 test1210 test1211 \
++test1208 test1209 test1210 test1211 test1216 \
+ test1220 test1221 test1222 test1223 \
test1300 test1301 test1302 test1303 test1304 test1305 \
test1306 test1307 test1308 test1309 test1310 test1311 test1312 test1313 \
- test1314 test1315 test1316 test1317 test1318 test1319 test1320 test1321 \
diff --git a/tests/data/Makefile.in b/tests/data/Makefile.in
-index e0a554a..0c18cb5 100644
+index d5b0918..a070266 100644
--- a/tests/data/Makefile.in
+++ b/tests/data/Makefile.in
-@@ -343,7 +343,7 @@ test1118 test1119 test1120 test1121 test1122 test1123 test1124 test1125 \
- test1126 test1127 test1128 test1129 test1130 test1131 \
+@@ -341,7 +341,7 @@ test1110 test1111 test1112 test1113 test1114 test1115 test1116 test1117 \
+ test1118 test1119 test1120 test1121 test1122 test1123 test1124 test1125 \
+ test1126 test1127 test1128 test1129 test1130 test1131 test1132 test1133 \
test1200 test1201 test1202 test1203 test1204 test1205 test1206 test1207 \
- test1208 test1209 test1210 test1211 \
--test1220 \
-+test1220 test1216 \
+-test1208 test1209 test1210 test1211 \
++test1208 test1209 test1210 test1211 test1216 \
+ test1220 test1221 test1222 test1223 \
test1300 test1301 test1302 test1303 test1304 test1305 \
test1306 test1307 test1308 test1309 test1310 test1311 test1312 test1313 \
- test1314 test1315 test1316 test1317 test1318 test1319 test1320 test1321 \
diff --git a/tests/data/test1216 b/tests/data/test1216
new file mode 100644
index 0000000..e63fe92
@@ -116,7 +116,7 @@ index 0000000..e63fe92
1.7.1
-From 3cf21844356a152df3af92530bb607ef880588af Mon Sep 17 00:00:00 2001
+From 6c5a78d0407788b1092bbc8a19b68b01ccb75f8a Mon Sep 17 00:00:00 2001
From: YAMADA Yasuharu <yasuharu.yamada@access-company.com>
Date: Thu, 11 Apr 2013 00:17:15 +0200
Subject: [PATCH 2/3] cookie: fix tailmatching to prevent cross-domain leakage
@@ -134,7 +134,7 @@ Signed-off-by: Kamil Dudka <kdudka@redhat.com>
1 files changed, 19 insertions(+), 5 deletions(-)
diff --git a/lib/cookie.c b/lib/cookie.c
-index 644b33a..760a931 100644
+index 18b9155..d4fd78a 100644
--- a/lib/cookie.c
+++ b/lib/cookie.c
@@ -118,15 +118,29 @@ static void freecookie(struct Cookie *co)
@@ -176,9 +176,9 @@ index 644b33a..760a931 100644
1.7.1
-From cb95277d4732d7e9a50df7cca2ce0aa8dc0aa5b9 Mon Sep 17 00:00:00 2001
+From 6284e78c9421911a24349621c5b63684823d12f7 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
-Date: Fri, 12 Apr 2013 16:50:11 +0200
+Date: Fri, 12 Apr 2013 15:55:57 +0200
Subject: [PATCH 3/3] test1218: another cookie tailmatch test
These tests verify commit 3604fde3d3c9b0d, the fix for the "cookie
@@ -198,31 +198,31 @@ Signed-off-by: Kamil Dudka <kdudka@redhat.com>
create mode 100644 tests/data/test1218
diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am
-index 9321d61..c8295c3 100644
+index d714e5d..3e8dae0 100644
--- a/tests/data/Makefile.am
+++ b/tests/data/Makefile.am
-@@ -78,7 +78,7 @@ test1118 test1119 test1120 test1121 test1122 test1123 test1124 test1125 \
- test1126 test1127 test1128 test1129 test1130 test1131 \
+@@ -77,7 +77,7 @@ test1110 test1111 test1112 test1113 test1114 test1115 test1116 test1117 \
+ test1118 test1119 test1120 test1121 test1122 test1123 test1124 test1125 \
+ test1126 test1127 test1128 test1129 test1130 test1131 test1132 test1133 \
test1200 test1201 test1202 test1203 test1204 test1205 test1206 test1207 \
- test1208 test1209 test1210 test1211 \
--test1220 test1216 \
-+test1220 test1216 test1218 \
+-test1208 test1209 test1210 test1211 test1216 \
++test1208 test1209 test1210 test1211 test1216 test1218 \
+ test1220 test1221 test1222 test1223 \
test1300 test1301 test1302 test1303 test1304 test1305 \
test1306 test1307 test1308 test1309 test1310 test1311 test1312 test1313 \
- test1314 test1315 test1316 test1317 test1318 test1319 test1320 test1321 \
diff --git a/tests/data/Makefile.in b/tests/data/Makefile.in
-index 0c18cb5..96678cd 100644
+index a070266..71c9422 100644
--- a/tests/data/Makefile.in
+++ b/tests/data/Makefile.in
-@@ -343,7 +343,7 @@ test1118 test1119 test1120 test1121 test1122 test1123 test1124 test1125 \
- test1126 test1127 test1128 test1129 test1130 test1131 \
+@@ -341,7 +341,7 @@ test1110 test1111 test1112 test1113 test1114 test1115 test1116 test1117 \
+ test1118 test1119 test1120 test1121 test1122 test1123 test1124 test1125 \
+ test1126 test1127 test1128 test1129 test1130 test1131 test1132 test1133 \
test1200 test1201 test1202 test1203 test1204 test1205 test1206 test1207 \
- test1208 test1209 test1210 test1211 \
--test1220 test1216 \
-+test1220 test1216 test1218 \
+-test1208 test1209 test1210 test1211 test1216 \
++test1208 test1209 test1210 test1211 test1216 test1218 \
+ test1220 test1221 test1222 test1223 \
test1300 test1301 test1302 test1303 test1304 test1305 \
test1306 test1307 test1308 test1309 test1310 test1311 test1312 test1313 \
- test1314 test1315 test1316 test1317 test1318 test1319 test1320 test1321 \
diff --git a/tests/data/test1218 b/tests/data/test1218
new file mode 100644
index 0000000..7d86547
diff --git a/0006-curl-7.27.0-68d2830e.patch b/0006-curl-7.27.0-68d2830e.patch
deleted file mode 100644
index be8c558..0000000
--- a/0006-curl-7.27.0-68d2830e.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From c011938e10bf3af5896d0f7f5ecffc22150303f3 Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Mon, 3 Dec 2012 13:17:50 +0100
-Subject: [PATCH 1/3] nss: prevent NSS from crashing on client auth hook failure
-
-Although it is not explicitly stated in the documentation, NSS uses
-*pRetCert and *pRetKey even if the client authentication hook returns
-a failure. Namely, if we destroy *pRetCert without clearing *pRetCert
-afterwards, NSS destroys the certificate once again, which causes a
-double free.
-
-Reported by: Bob Relyea
-
-[upstream commit 68d2830ee9df50961e481e81c1baaa290c33f03e]
----
- lib/nss.c | 17 +++++++++++------
- 1 files changed, 11 insertions(+), 6 deletions(-)
-
-diff --git a/lib/nss.c b/lib/nss.c
-index 22b53bf..794eccb 100644
---- a/lib/nss.c
-+++ b/lib/nss.c
-@@ -757,6 +757,8 @@ static SECStatus SelectClientCert(void *arg, PRFileDesc *sock,
- static const char pem_slotname[] = "PEM Token #1";
- SECItem cert_der = { 0, NULL, 0 };
- void *proto_win = SSL_RevealPinArg(sock);
-+ struct CERTCertificateStr *cert;
-+ struct SECKEYPrivateKeyStr *key;
-
- PK11SlotInfo *slot = PK11_FindSlotByName(pem_slotname);
- if(NULL == slot) {
-@@ -771,24 +773,27 @@ static SECStatus SelectClientCert(void *arg, PRFileDesc *sock,
- return SECFailure;
- }
-
-- *pRetCert = PK11_FindCertFromDERCertItem(slot, &cert_der, proto_win);
-+ cert = PK11_FindCertFromDERCertItem(slot, &cert_der, proto_win);
- SECITEM_FreeItem(&cert_der, PR_FALSE);
-- if(NULL == *pRetCert) {
-+ if(NULL == cert) {
- failf(data, "NSS: client certificate from file not found");
- PK11_FreeSlot(slot);
- return SECFailure;
- }
-
-- *pRetKey = PK11_FindPrivateKeyFromCert(slot, *pRetCert, NULL);
-+ key = PK11_FindPrivateKeyFromCert(slot, cert, NULL);
- PK11_FreeSlot(slot);
-- if(NULL == *pRetKey) {
-+ if(NULL == key) {
- failf(data, "NSS: private key from file not found");
-- CERT_DestroyCertificate(*pRetCert);
-+ CERT_DestroyCertificate(cert);
- return SECFailure;
- }
-
- infof(data, "NSS: client certificate from file\n");
-- display_cert_info(data, *pRetCert);
-+ display_cert_info(data, cert);
-+
-+ *pRetCert = cert;
-+ *pRetKey = key;
- return SECSuccess;
- }
-
---
-1.7.1
-
diff --git a/0012-curl-7.27.0-25e577b3.patch b/0006-curl-7.29.0-25e577b3.patch
index 4b6ec7d..2b6a786 100644
--- a/0012-curl-7.27.0-25e577b3.patch
+++ b/0006-curl-7.29.0-25e577b3.patch
@@ -1,7 +1,7 @@
-From 461a96d26c08fcd27fc0ab2c94574461a85782bf Mon Sep 17 00:00:00 2001
+From 74d01a8e4d48eedc526cffaf6a6bc782b139e068 Mon Sep 17 00:00:00 2001
From: Kim Vandry <vandry@users.sf.net>
Date: Mon, 18 Feb 2013 21:36:34 +0100
-Subject: [PATCH] Curl_resolver_is_resolved: show proper host name on failed resolve
+Subject: [PATCH 1/2] Curl_resolver_is_resolved: show proper host name on failed resolve
[upstream commit 25e577b33d00afb6630cf2cac98d6baa319e9aef]
@@ -11,10 +11,10 @@ Signed-off-by: Kamil Dudka <kdudka@redhat.com>
1 files changed, 20 insertions(+), 15 deletions(-)
diff --git a/lib/asyn-thread.c b/lib/asyn-thread.c
-index b027144..5552810 100644
+index 7a8294d..c392b21 100644
--- a/lib/asyn-thread.c
+++ b/lib/asyn-thread.c
-@@ -436,8 +436,19 @@ static const char *gai_strerror(int ecode)
+@@ -430,8 +430,19 @@ static const char *gai_strerror(int ecode)
* error
*/
@@ -35,7 +35,7 @@ index b027144..5552810 100644
failf(conn->data, "Could not resolve %s: %s; %s", host_or_proxy,
conn->async.hostname,
#ifdef HAVE_GAI_STRERROR
-@@ -448,6 +459,7 @@ static void resolver_error(struct connectdata *conn, const char *host_or_proxy)
+@@ -442,6 +453,7 @@ static void resolver_error(struct connectdata *conn, const char *host_or_proxy)
Curl_strerror(conn, conn->async.status)
#endif
);
@@ -43,7 +43,7 @@ index b027144..5552810 100644
}
/*
-@@ -479,17 +491,9 @@ CURLcode Curl_resolver_wait_resolv(struct connectdata *conn,
+@@ -473,17 +485,9 @@ CURLcode Curl_resolver_wait_resolv(struct connectdata *conn,
if(entry)
*entry = conn->async.dns;
@@ -64,7 +64,7 @@ index b027144..5552810 100644
destroy_async_data(&conn->async);
-@@ -524,12 +528,13 @@ CURLcode Curl_resolver_is_resolved(struct connectdata *conn,
+@@ -518,12 +522,13 @@ CURLcode Curl_resolver_is_resolved(struct connectdata *conn,
if(done) {
getaddrinfo_complete(conn);
diff --git a/0007-curl-7.27.0-b36f1d26.patch b/0007-curl-7.27.0-b36f1d26.patch
deleted file mode 100644
index c712da0..0000000
--- a/0007-curl-7.27.0-b36f1d26.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From fefd7cdcde39c56651f6e2c32be9cd79354ffdc4 Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Fri, 11 Jan 2013 10:24:21 +0100
-Subject: [PATCH 2/3] nss: clear session cache if a client cert from file is used
-
-This commit fixes a regression introduced in 052a08ff.
-
-NSS caches certs/keys returned by the SSL_GetClientAuthDataHook callback
-and if we connect second time to the same server, the cached cert/key
-pair is used. If we use multiple client certificates for different
-paths on the same server, we need to clear the session cache to force
-NSS to call the hook again. The commit 052a08ff prevented the session
-cache from being cleared if a client certificate from file was used.
-
-The condition is now fixed to cover both cases: consssl->client_nickname
-is not NULL if a client certificate from the NSS database is used and
-connssl->obj_clicert is not NULL if a client certificate from file is
-used.
-
-Review by: Kai Engert
-
-[upstream commit b36f1d26f830453ebaa17238f9bd1e396f618720]
----
- lib/nss.c | 12 ++++++++----
- 1 files changed, 8 insertions(+), 4 deletions(-)
-
-diff --git a/lib/nss.c b/lib/nss.c
-index 794eccb..f97090a 100644
---- a/lib/nss.c
-+++ b/lib/nss.c
-@@ -1058,13 +1058,17 @@ void Curl_nss_close(struct connectdata *conn, int sockindex)
- as closed to avoid double close */
- fake_sclose(conn->sock[sockindex]);
- conn->sock[sockindex] = CURL_SOCKET_BAD;
-+
-+ if((connssl->client_nickname != NULL) || (connssl->obj_clicert != NULL))
-+ /* A server might require different authentication based on the
-+ * particular path being requested by the client. To support this
-+ * scenario, we must ensure that a connection will never reuse the
-+ * authentication data from a previous connection. */
-+ SSL_InvalidateSession(connssl->handle);
-+
- if(connssl->client_nickname != NULL) {
- free(connssl->client_nickname);
- connssl->client_nickname = NULL;
--
-- /* force NSS to ask again for a client cert when connecting
-- * next time to the same server */
-- SSL_InvalidateSession(connssl->handle);
- }
- /* destroy all NSS objects in order to avoid failure of NSS shutdown */
- Curl_llist_destroy(connssl->obj_list, NULL);
---
-1.7.1
-
diff --git a/0013-curl-7.27.0-b37b5233.patch b/0007-curl-7.29.0-b37b5233.patch
index 63c2779..0f6a0c1 100644
--- a/0013-curl-7.27.0-b37b5233.patch
+++ b/0007-curl-7.29.0-b37b5233.patch
@@ -1,7 +1,7 @@
-From a0d7db27c1cf8edbde1d468d655be942bcacb39c Mon Sep 17 00:00:00 2001
+From fd5664bc7322ebffb8d5532d17a743ace8a5449e Mon Sep 17 00:00:00 2001
From: Zdenek Pavlas <zpavlas@redhat.com>
Date: Fri, 26 Apr 2013 14:56:38 +0200
-Subject: [PATCH] url: initialize speed-check data for file:// protocol
+Subject: [PATCH 2/2] url: initialize speed-check data for file:// protocol
... in order to prevent an artificial timeout event based on stale
speed-check data from a previous network transfer. This commit fixes
@@ -17,10 +17,10 @@ Signed-off-by: Kamil Dudka <kdudka@redhat.com>
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/lib/url.c b/lib/url.c
-index 87b8701..da53086 100644
+index 918ce58..b269027 100644
--- a/lib/url.c
+++ b/lib/url.c
-@@ -5058,6 +5058,9 @@ static CURLcode create_conn(struct SessionHandle *data,
+@@ -4895,6 +4895,9 @@ static CURLcode create_conn(struct SessionHandle *data,
-1, NULL); /* no upload */
}
diff --git a/0008-curl-7.27.0-26613d78.patch b/0008-curl-7.27.0-26613d78.patch
deleted file mode 100644
index 27e381c..0000000
--- a/0008-curl-7.27.0-26613d78.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From afd2d98b4a9c69fb47048122629fd4be1d40f906 Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Tue, 15 Jan 2013 12:58:08 +0100
-Subject: [PATCH 3/3] nss: fix error messages for CURLE_SSL_{CACERT,CRL}_BADFILE
-
-Do not use the error messages from NSS for errors not occurring in NSS.
-
-[upstream commit 26613d781725e39b0f601301a65c64e146977d8f]
----
- lib/nss.c | 2 --
- 1 files changed, 0 insertions(+), 2 deletions(-)
-
-diff --git a/lib/nss.c b/lib/nss.c
-index f97090a..c5dcf52 100644
---- a/lib/nss.c
-+++ b/lib/nss.c
-@@ -1096,10 +1096,8 @@ static bool is_nss_error(CURLcode err)
- switch(err) {
- case CURLE_PEER_FAILED_VERIFICATION:
- case CURLE_SSL_CACERT:
-- case CURLE_SSL_CACERT_BADFILE:
- case CURLE_SSL_CERTPROBLEM:
- case CURLE_SSL_CONNECT_ERROR:
-- case CURLE_SSL_CRL_BADFILE:
- case CURLE_SSL_ISSUER_ERROR:
- return true;
-
---
-1.7.1
-
diff --git a/0015-curl-7.27.0-192c4f78.patch b/0008-curl-7.29.0-192c4f78.patch
index 299f386..299f386 100644
--- a/0015-curl-7.27.0-192c4f78.patch
+++ b/0008-curl-7.29.0-192c4f78.patch
diff --git a/0009-curl-7.27.0-f206d6c0.patch b/0009-curl-7.27.0-f206d6c0.patch
deleted file mode 100644
index f904907..0000000
--- a/0009-curl-7.27.0-f206d6c0.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-From 46890e837c3b27195e4b0285d221d900f2ad48cc Mon Sep 17 00:00:00 2001
-From: Eldar Zaitov <kyprizel@volema.com>
-Date: Wed, 30 Jan 2013 23:22:27 +0100
-Subject: [PATCH] Curl_sasl_create_digest_md5_message: fix buffer overflow
-
-When negotiating SASL DIGEST-MD5 authentication, the function
-Curl_sasl_create_digest_md5_message() uses the data provided from the
-server without doing the proper length checks and that data is then
-appended to a local fixed-size buffer on the stack.
-
-This vulnerability can be exploited by someone who is in control of a
-server that a libcurl based program is accessing with POP3, SMTP or
-IMAP. For applications that accept user provided URLs, it is also
-thinkable that a malicious user would feed an application with a URL to
-a server hosting code targetting this flaw.
-
-Bug: http://curl.haxx.se/docs/adv_20130206.html
-
-[upstream commit f206d6c055d1008f0edb6d5d5920f0f300b9983a]
-
-Signed-off-by: Kamil Dudka <kdudka@redhat.com>
----
- lib/curl_sasl.c | 23 ++++++-----------------
- 1 files changed, 6 insertions(+), 17 deletions(-)
-
-diff --git a/lib/curl_sasl.c b/lib/curl_sasl.c
-index ccb54a8..e42b850 100644
---- a/lib/curl_sasl.c
-+++ b/lib/curl_sasl.c
-@@ -345,9 +345,7 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
- snprintf(&HA1_hex[2 * i], 3, "%02x", digest[i]);
-
- /* Prepare the URL string */
-- strcpy(uri, service);
-- strcat(uri, "/");
-- strcat(uri, realm);
-+ snprintf(uri, sizeof(uri), "%s/%s", service, realm);
-
- /* Calculate H(A2) */
- ctxt = Curl_MD5_init(Curl_DIGEST_MD5);
-@@ -391,20 +389,11 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
- for(i = 0; i < MD5_DIGEST_LEN; i++)
- snprintf(&resp_hash_hex[2 * i], 3, "%02x", digest[i]);
-
-- strcpy(response, "username=\"");
-- strcat(response, userp);
-- strcat(response, "\",realm=\"");
-- strcat(response, realm);
-- strcat(response, "\",nonce=\"");
-- strcat(response, nonce);
-- strcat(response, "\",cnonce=\"");
-- strcat(response, cnonce);
-- strcat(response, "\",nc=");
-- strcat(response, nonceCount);
-- strcat(response, ",digest-uri=\"");
-- strcat(response, uri);
-- strcat(response, "\",response=");
-- strcat(response, resp_hash_hex);
-+ snprintf(response, sizeof(response),
-+ "username=\"%s\",realm=\"%s\",nonce=\"%s\","
-+ "cnonce=\"%s\",nc=\"%s\",digest-uri=\"%s\",response=%s",
-+ userp, realm, nonce,
-+ cnonce, nonceCount, uri, resp_hash_hex);
-
- /* Base64 encode the reply */
- return Curl_base64_encode(data, response, 0, outptr, outlen);
---
-1.7.1
-
diff --git a/0009-curl-7.29.0-3a0e931f.patch b/0009-curl-7.29.0-3a0e931f.patch
new file mode 100644
index 0000000..0849d9d
--- /dev/null
+++ b/0009-curl-7.29.0-3a0e931f.patch
@@ -0,0 +1,101 @@
+From b49d54103a4f011998195263de850642fa21f705 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Tue, 9 Jul 2013 14:59:01 +0200
+Subject: [PATCH 1/3] curl.1: document the --time-cond option in the man page
+
+[upstream commit 3a0e931fc715a80004958794a96b12cf90503f99]
+---
+ docs/curl.1 | 3 +++
+ 1 files changed, 3 insertions(+), 0 deletions(-)
+
+diff --git a/docs/curl.1 b/docs/curl.1
+index 1aeeb46..4b12c3f 100644
+--- a/docs/curl.1
++++ b/docs/curl.1
+@@ -1407,6 +1407,9 @@ default 512 bytes will be used.
+ If this option is used several times, the last one will be used.
+
+ (Added in 7.20.0)
++.IP " -z, --time-cond TIME"
++Transfer based on a time condition. TIME may to be preceded by -, +, or =.
++See the corresponding sections 14.24, 14.28, and 14.29 of RFC 2068.
+ .IP "--tlsauthtype <authtype>"
+ Set TLS authentication type. Currently, the only supported option is "SRP",
+ for TLS-SRP (RFC 5054). If \fI--tlsuser\fP and \fI--tlspassword\fP are
+--
+1.7.1
+
+
+From fdc89d82464d90560aa5da857374906338472ed6 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Tue, 9 Jul 2013 14:59:01 +0200
+Subject: [PATCH 2/3] curl.1: document the --post303 option in the man page
+
+[upstream commit 39e85d99feede7cc573902e8ab6b3dd759022d9c]
+---
+ docs/curl.1 | 7 +++++++
+ 1 files changed, 7 insertions(+), 0 deletions(-)
+
+diff --git a/docs/curl.1 b/docs/curl.1
+index 4b12c3f..5dd6579 100644
+--- a/docs/curl.1
++++ b/docs/curl.1
+@@ -1038,6 +1038,13 @@ ubiquitous in web browsers, so curl does the conversion by default to maintain
+ consistency. However, a server may require a POST to remain a POST after such
+ a redirection. This option is meaningful only when using \fI-L, --location\fP
+ (Added in 7.19.1)
++.IP "--post303"
++(HTTP) Tells curl to respect RFC 2616/10.3.2 and not convert POST requests
++into GET requests when following a 303 redirection. The non-RFC behaviour is
++ubiquitous in web browsers, so curl does the conversion by default to maintain
++consistency. However, a server may require a POST to remain a POST after such
++a redirection. This option is meaningful only when using \fI-L, --location\fP
++(Added in 7.26.0)
+ .IP "--proto <protocols>"
+ Tells curl to use the listed protocols for its initial retrieval. Protocols
+ are evaluated left to right, are comma separated, and are each a protocol
+--
+1.7.1
+
+
+From 31102c7190a0a009cf0c06b23f98880cb43d4f55 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Tue, 9 Jul 2013 15:45:36 +0200
+Subject: [PATCH 3/3] Revert "curl.1: document the --time-cond option in the man page"
+
+This reverts commit 3a0e931fc715a80004958794a96b12cf90503f99 because
+the documentation of --time-cond was duplicated by mistake.
+
+Reported by: Dave Reisner
+
+[upstream commit 45339625bc85b29225a2035a57eceda43206dd1e]
+---
+ docs/curl.1 | 5 +----
+ 1 files changed, 1 insertions(+), 4 deletions(-)
+
+diff --git a/docs/curl.1 b/docs/curl.1
+index 5dd6579..b350865 100644
+--- a/docs/curl.1
++++ b/docs/curl.1
+@@ -1414,9 +1414,6 @@ default 512 bytes will be used.
+ If this option is used several times, the last one will be used.
+
+ (Added in 7.20.0)
+-.IP " -z, --time-cond TIME"
+-Transfer based on a time condition. TIME may to be preceded by -, +, or =.
+-See the corresponding sections 14.24, 14.28, and 14.29 of RFC 2068.
+ .IP "--tlsauthtype <authtype>"
+ Set TLS authentication type. Currently, the only supported option is "SRP",
+ for TLS-SRP (RFC 5054). If \fI--tlsuser\fP and \fI--tlspassword\fP are
+@@ -1699,7 +1696,7 @@ speed-time seconds it gets aborted. speed-time is set with \fI-y\fP and is 30
+ if not set.
+
+ If this option is used several times, the last one will be used.
+-.IP "-z/--time-cond <date expression>|<file>"
++.IP "-z, --time-cond <date expression>|<file>"
+ (HTTP/FTP) Request a file that has been modified later than the given time and
+ date, or one that has been modified before that time. The <date expression>
+ can be all sorts of date strings or if it doesn't match any internal ones, it
+--
+1.7.1
+
diff --git a/0010-curl-7.29.0-7cc00d9a.patch b/0010-curl-7.29.0-7cc00d9a.patch
new file mode 100644
index 0000000..fb44274
--- /dev/null
+++ b/0010-curl-7.29.0-7cc00d9a.patch
@@ -0,0 +1,395 @@
+From 3f411052825386a95d039435eb139a63859c3c73 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Mon, 5 Aug 2013 23:49:53 +0200
+Subject: [PATCH] FTP: when EPSV gets a 229 but fails to connect, retry with PASV
+
+This is a regression as this logic used to work. It isn't clear when it
+broke, but I'm assuming in 7.28.0 when we went all-multi internally.
+
+This likely never worked with the multi interface. As the failed
+connection is detected once the multi state has reached DO_MORE, the
+Curl_do_more() function was now expanded somewhat so that the
+ftp_do_more() function can request to go "back" to the previous state
+when it makes another attempt - using PASV.
+
+Added test case 1233 to verify this fix. It has the little issue that it
+assumes no service is listening/accepting connections on port 1...
+
+Reported-by: byte_bucket in the #curl IRC channel
+
+[upstream commit 7cc00d9a832c42a330888aa5c11a2abad1bd5ac0]
+
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/ftp.c | 64 ++++++++++++++++++++++++++++-------------------
+ lib/multi.c | 11 ++++++--
+ lib/url.c | 10 ++++---
+ lib/url.h | 4 +-
+ lib/urldata.h | 2 +-
+ tests/data/Makefile.am | 2 +-
+ tests/data/test1233 | 46 ++++++++++++++++++++++++++++++++++
+ 7 files changed, 102 insertions(+), 37 deletions(-)
+ create mode 100644 tests/data/test1233
+
+diff --git a/lib/ftp.c b/lib/ftp.c
+index 469b887..4501116 100644
+--- a/lib/ftp.c
++++ b/lib/ftp.c
+@@ -136,7 +136,7 @@ static CURLcode ftp_done(struct connectdata *conn,
+ CURLcode, bool premature);
+ static CURLcode ftp_connect(struct connectdata *conn, bool *done);
+ static CURLcode ftp_disconnect(struct connectdata *conn, bool dead_connection);
+-static CURLcode ftp_do_more(struct connectdata *conn, bool *completed);
++static CURLcode ftp_do_more(struct connectdata *conn, int *completed);
+ static CURLcode ftp_multi_statemach(struct connectdata *conn, bool *done);
+ static int ftp_getsock(struct connectdata *conn, curl_socket_t *socks,
+ int numsocks);
+@@ -1794,15 +1794,15 @@ static CURLcode ftp_state_quote(struct connectdata *conn,
+ static CURLcode ftp_epsv_disable(struct connectdata *conn)
+ {
+ CURLcode result = CURLE_OK;
+- infof(conn->data, "got positive EPSV response, but can't connect. "
+- "Disabling EPSV\n");
++ infof(conn->data, "Failed EPSV attempt. Disabling EPSV\n");
+ /* disable it for next transfer */
+ conn->bits.ftp_use_epsv = FALSE;
+ conn->data->state.errorbuf = FALSE; /* allow error message to get
+ rewritten */
+ PPSENDF(&conn->proto.ftpc.pp, "PASV", NULL);
+ conn->proto.ftpc.count1++;
+- /* remain in the FTP_PASV state */
++ /* remain in/go to the FTP_PASV state */
++ state(conn, FTP_PASV);
+ return result;
+ }
+
+@@ -1931,15 +1931,7 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn,
+ }
+ else if(ftpc->count1 == 0) {
+ /* EPSV failed, move on to PASV */
+-
+- /* disable it for next transfer */
+- conn->bits.ftp_use_epsv = FALSE;
+- infof(data, "disabling EPSV usage\n");
+-
+- PPSENDF(&ftpc->pp, "PASV", NULL);
+- ftpc->count1++;
+- /* remain in the FTP_PASV state */
+- return result;
++ return ftp_epsv_disable(conn);
+ }
+ else {
+ failf(data, "Bad PASV/EPSV response: %03d", ftpcode);
+@@ -2018,14 +2010,17 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn,
+ case CURLPROXY_SOCKS5_HOSTNAME:
+ result = Curl_SOCKS5(conn->proxyuser, conn->proxypasswd, newhost, newport,
+ SECONDARYSOCKET, conn);
++ connected = TRUE;
+ break;
+ case CURLPROXY_SOCKS4:
+ result = Curl_SOCKS4(conn->proxyuser, newhost, newport,
+ SECONDARYSOCKET, conn, FALSE);
++ connected = TRUE;
+ break;
+ case CURLPROXY_SOCKS4A:
+ result = Curl_SOCKS4(conn->proxyuser, newhost, newport,
+ SECONDARYSOCKET, conn, TRUE);
++ connected = TRUE;
+ break;
+ case CURLPROXY_HTTP:
+ case CURLPROXY_HTTP_1_0:
+@@ -2077,8 +2072,7 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn,
+ }
+ }
+
+- conn->bits.tcpconnect[SECONDARYSOCKET] = TRUE;
+-
++ conn->bits.tcpconnect[SECONDARYSOCKET] = connected;
+ conn->bits.do_more = TRUE;
+ state(conn, FTP_STOP); /* this phase is completed */
+
+@@ -3664,20 +3658,23 @@ static CURLcode ftp_range(struct connectdata *conn)
+ *
+ * This function shall be called when the second FTP (data) connection is
+ * connected.
++ *
++ * 'complete' can return 0 for incomplete, 1 for done and -1 for go back
++ * (which basically is only for when PASV is being sent to retry a failed
++ * EPSV).
+ */
+
+-static CURLcode ftp_do_more(struct connectdata *conn, bool *complete)
++static CURLcode ftp_do_more(struct connectdata *conn, int *completep)
+ {
+ struct SessionHandle *data=conn->data;
+ struct ftp_conn *ftpc = &conn->proto.ftpc;
+ CURLcode result = CURLE_OK;
+ bool connected = FALSE;
++ bool complete = FALSE;
+
+ /* the ftp struct is inited in ftp_connect() */
+ struct FTP *ftp = data->state.proto.ftp;
+
+- *complete = FALSE;
+-
+ /* if the second connection isn't done yet, wait for it */
+ if(!conn->bits.tcpconnect[SECONDARYSOCKET]) {
+ if(conn->tunnel_state[SECONDARYSOCKET] == TUNNEL_CONNECT) {
+@@ -3694,14 +3691,22 @@ static CURLcode ftp_do_more(struct connectdata *conn, bool *complete)
+ if(connected) {
+ DEBUGF(infof(data, "DO-MORE connected phase starts\n"));
+ }
+- else
++ else {
++ if(result && (ftpc->count1 == 0)) {
++ *completep = -1; /* go back to DOING please */
++ /* this is a EPSV connect failing, try PASV instead */
++ return ftp_epsv_disable(conn);
++ }
+ return result;
++ }
+ }
+
+ if(ftpc->state) {
+ /* already in a state so skip the intial commands.
+ They are only done to kickstart the do_more state */
+- result = ftp_multi_statemach(conn, complete);
++ result = ftp_multi_statemach(conn, &complete);
++
++ *completep = (int)complete;
+
+ /* if we got an error or if we don't wait for a data connection return
+ immediately */
+@@ -3712,7 +3717,7 @@ static CURLcode ftp_do_more(struct connectdata *conn, bool *complete)
+ /* if we reach the end of the FTP state machine here, *complete will be
+ TRUE but so is ftpc->wait_data_conn, which says we need to wait for
+ the data connection and therefore we're not actually complete */
+- *complete = FALSE;
++ *completep = 0;
+ }
+
+ if(ftp->transfer <= FTPTRANSFER_INFO) {
+@@ -3735,6 +3740,9 @@ static CURLcode ftp_do_more(struct connectdata *conn, bool *complete)
+
+ if(result)
+ return result;
++
++ *completep = 1; /* this state is now complete when the server has
++ connected back to us */
+ }
+ }
+ else if(data->set.upload) {
+@@ -3742,7 +3750,8 @@ static CURLcode ftp_do_more(struct connectdata *conn, bool *complete)
+ if(result)
+ return result;
+
+- result = ftp_multi_statemach(conn, complete);
++ result = ftp_multi_statemach(conn, &complete);
++ *completep = (int)complete;
+ }
+ else {
+ /* download */
+@@ -3770,7 +3779,8 @@ static CURLcode ftp_do_more(struct connectdata *conn, bool *complete)
+ return result;
+ }
+
+- result = ftp_multi_statemach(conn, complete);
++ result = ftp_multi_statemach(conn, &complete);
++ *completep = (int)complete;
+ }
+ return result;
+ }
+@@ -3782,7 +3792,7 @@ static CURLcode ftp_do_more(struct connectdata *conn, bool *complete)
+
+ if(!ftpc->wait_data_conn) {
+ /* no waiting for the data connection so this is now complete */
+- *complete = TRUE;
++ *completep = 1;
+ DEBUGF(infof(data, "DO-MORE phase ends with %d\n", (int)result));
+ }
+
+@@ -3825,7 +3835,9 @@ CURLcode ftp_perform(struct connectdata *conn,
+ /* run the state-machine */
+ result = ftp_multi_statemach(conn, dophase_done);
+
+- *connected = conn->bits.tcpconnect[FIRSTSOCKET];
++ *connected = conn->bits.tcpconnect[SECONDARYSOCKET];
++
++ infof(conn->data, "ftp_perform ends with SECONDARY: %d\n", *connected);
+
+ if(*dophase_done)
+ DEBUGF(infof(conn->data, "DO phase is complete1\n"));
+@@ -4445,7 +4457,7 @@ static CURLcode ftp_dophase_done(struct connectdata *conn,
+ struct ftp_conn *ftpc = &conn->proto.ftpc;
+
+ if(connected) {
+- bool completed;
++ int completed;
+ CURLcode result = ftp_do_more(conn, &completed);
+
+ if(result) {
+diff --git a/lib/multi.c b/lib/multi.c
+index 706df23..9a8e68e 100644
+--- a/lib/multi.c
++++ b/lib/multi.c
+@@ -906,6 +906,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
+ struct SingleRequest *k;
+ struct SessionHandle *data;
+ long timeout_ms;
++ int control;
+
+ if(!GOOD_EASY_HANDLE(easy->easy_handle))
+ return CURLM_BAD_EASY_HANDLE;
+@@ -1323,13 +1324,17 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
+ /*
+ * When we are connected, DO MORE and then go DO_DONE
+ */
+- easy->result = Curl_do_more(easy->easy_conn, &dophase_done);
++ easy->result = Curl_do_more(easy->easy_conn, &control);
+
+ /* No need to remove this handle from the send pipeline here since that
+ is done in Curl_done() */
+ if(CURLE_OK == easy->result) {
+- if(dophase_done) {
+- multistate(easy, CURLM_STATE_DO_DONE);
++ if(control) {
++ /* if positive, advance to DO_DONE
++ if negative, go back to DOING */
++ multistate(easy, control==1?
++ CURLM_STATE_DO_DONE:
++ CURLM_STATE_DOING);
+ result = CURLM_CALL_MULTI_PERFORM;
+ }
+ else
+diff --git a/lib/url.c b/lib/url.c
+index b269027..52f7e27 100644
+--- a/lib/url.c
++++ b/lib/url.c
+@@ -5394,18 +5394,20 @@ CURLcode Curl_do(struct connectdata **connp, bool *done)
+ *
+ * TODO: A future libcurl should be able to work away this state.
+ *
++ * 'complete' can return 0 for incomplete, 1 for done and -1 for go back to
++ * DOING state there's more work to do!
+ */
+
+-CURLcode Curl_do_more(struct connectdata *conn, bool *completed)
++CURLcode Curl_do_more(struct connectdata *conn, int *complete)
+ {
+ CURLcode result=CURLE_OK;
+
+- *completed = FALSE;
++ *complete = 0;
+
+ if(conn->handler->do_more)
+- result = conn->handler->do_more(conn, completed);
++ result = conn->handler->do_more(conn, complete);
+
+- if(!result && *completed)
++ if(!result && (*complete == 1))
+ /* do_complete must be called after the protocol-specific DO function */
+ do_complete(conn);
+
+diff --git a/lib/url.h b/lib/url.h
+index a026e90..c0d9c38 100644
+--- a/lib/url.h
++++ b/lib/url.h
+@@ -7,7 +7,7 @@
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
++ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+@@ -37,7 +37,7 @@ CURLcode Curl_close(struct SessionHandle *data); /* opposite of curl_open() */
+ CURLcode Curl_connect(struct SessionHandle *, struct connectdata **,
+ bool *async, bool *protocol_connect);
+ CURLcode Curl_do(struct connectdata **, bool *done);
+-CURLcode Curl_do_more(struct connectdata *, bool *completed);
++CURLcode Curl_do_more(struct connectdata *, int *completed);
+ CURLcode Curl_done(struct connectdata **, CURLcode, bool premature);
+ CURLcode Curl_disconnect(struct connectdata *, bool dead_connection);
+ CURLcode Curl_protocol_connect(struct connectdata *conn, bool *done);
+diff --git a/lib/urldata.h b/lib/urldata.h
+index 7a275da..2be467b 100644
+--- a/lib/urldata.h
++++ b/lib/urldata.h
+@@ -550,7 +550,7 @@ struct Curl_async {
+ /* These function pointer types are here only to allow easier typecasting
+ within the source when we need to cast between data pointers (such as NULL)
+ and function pointers. */
+-typedef CURLcode (*Curl_do_more_func)(struct connectdata *, bool *);
++typedef CURLcode (*Curl_do_more_func)(struct connectdata *, int *);
+ typedef CURLcode (*Curl_done_func)(struct connectdata *, CURLcode, bool);
+
+
+diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am
+index 3e8dae0..3f6a047 100644
+--- a/tests/data/Makefile.am
++++ b/tests/data/Makefile.am
+@@ -78,7 +78,7 @@ test1118 test1119 test1120 test1121 test1122 test1123 test1124 test1125 \
+ test1126 test1127 test1128 test1129 test1130 test1131 test1132 test1133 \
+ test1200 test1201 test1202 test1203 test1204 test1205 test1206 test1207 \
+ test1208 test1209 test1210 test1211 test1216 test1218 \
+-test1220 test1221 test1222 test1223 \
++test1220 test1221 test1222 test1223 test1233 \
+ test1300 test1301 test1302 test1303 test1304 test1305 \
+ test1306 test1307 test1308 test1309 test1310 test1311 test1312 test1313 \
+ test1314 test1315 test1316 test1317 test1318 test1319 test1320 test1321 \
+diff --git a/tests/data/test1233 b/tests/data/test1233
+new file mode 100644
+index 0000000..caf0527
+--- /dev/null
++++ b/tests/data/test1233
+@@ -0,0 +1,46 @@
++<testcase>
++<info>
++<keywords>
++FTP
++</keywords>
++</info>
++
++# Server-side
++<reply>
++<servercmd>
++# Assuming there's nothing listening on port 1
++REPLY EPSV 229 Entering Passiv Mode (|||1|)
++</servercmd>
++<data>
++here are some bytes
++</data>
++</reply>
++
++# Client-side
++<client>
++<server>
++ftp
++</server>
++ <name>
++FTP failing to connect to EPSV port, switching to PASV
++ </name>
++ <command>
++ftp://%HOSTIP:%FTPPORT/1233
++</command>
++</client>
++
++# Verify data after the test has been "shot"
++<verify>
++<protocol>
++USER anonymous
++PASS ftp@example.com
++PWD
++EPSV
++PASV
++TYPE I
++SIZE 1233
++RETR 1233
++QUIT
++</protocol>
++</verify>
++</testcase>
+--
+1.7.1
+
diff --git a/0011-curl-7.29.0-0feeab78.patch b/0011-curl-7.29.0-0feeab78.patch
new file mode 100644
index 0000000..bd6b8b3
--- /dev/null
+++ b/0011-curl-7.29.0-0feeab78.patch
@@ -0,0 +1,74 @@
+From d3036f34cce421990e8268ee4bbfc0d9f5ceb054 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 13 Jun 2013 19:27:12 +0200
+Subject: [PATCH] curl_easy_perform: avoid busy-looping
+
+When curl_multi_wait() finds no file descriptor to wait for, it returns
+instantly and this must be handled gracefully within curl_easy_perform()
+or cause a busy-loop. Starting now, repeated fast returns without any
+file descriptors is detected and a gradually increasing sleep will be
+used (up to a max of 1000 milliseconds) before continuing the loop.
+
+Bug: http://curl.haxx.se/bug/view.cgi?id=1238
+Reported-by: Miguel Angel
+
+[upstream commit 0feeab7802dd2a6465d22d153d8d36b2cca99b96]
+
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/easy.c | 25 +++++++++++++++++++++++++
+ 1 files changed, 25 insertions(+), 0 deletions(-)
+
+diff --git a/lib/easy.c b/lib/easy.c
+index 2739598..a7051dd 100644
+--- a/lib/easy.c
++++ b/lib/easy.c
+@@ -410,6 +410,9 @@ CURLcode curl_easy_perform(CURL *easy)
+ bool done = FALSE;
+ int rc;
+ struct SessionHandle *data = easy;
++ int without_fds = 0; /* count number of consecutive returns from
++ curl_multi_wait() without any filedescriptors */
++ struct timeval before;
+
+ if(!easy)
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+@@ -445,6 +448,7 @@ CURLcode curl_easy_perform(CURL *easy)
+ int still_running;
+ int ret;
+
++ before = curlx_tvnow();
+ mcode = curl_multi_wait(multi, NULL, 0, 1000, &ret);
+
+ if(mcode == CURLM_OK) {
+@@ -453,6 +457,27 @@ CURLcode curl_easy_perform(CURL *easy)
+ code = CURLE_RECV_ERROR;
+ break;
+ }
++ else if(ret == 0) {
++ struct timeval after = curlx_tvnow();
++ /* If it returns without any filedescriptor instantly, we need to
++ avoid busy-looping during periods where it has nothing particular
++ to wait for */
++ if(curlx_tvdiff(after, before) <= 10) {
++ without_fds++;
++ if(without_fds > 2) {
++ int sleep_ms = without_fds * 50;
++ if(sleep_ms > 1000)
++ sleep_ms = 1000;
++ Curl_wait_ms(sleep_ms);
++ }
++ }
++ else
++ /* it wasn't "instant", restart counter */
++ without_fds = 0;
++ }
++ else
++ /* got file descriptor, restart counter */
++ without_fds = 0;
+
+ mcode = curl_multi_perform(multi, &still_running);
+ }
+--
+1.7.1
+
diff --git a/0012-curl-7.29.0-c639d725.patch b/0012-curl-7.29.0-c639d725.patch
new file mode 100644
index 0000000..16d1eac
--- /dev/null
+++ b/0012-curl-7.29.0-c639d725.patch
@@ -0,0 +1,519 @@
+From 9b675516d5fb09a455d1f7b7aa98e253361bedf3 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Fri, 8 Feb 2013 13:48:56 +0100
+Subject: [PATCH 1/2] DONE: consider callback-aborted transfers premature
+
+This bug report properly identified that when doing SMTP and aborting
+the transfer with a callback, it must be considered aborted prematurely
+by the code to avoid QUIT etc to be attempted as that would cause a
+hang.
+
+The new test case 1507 verifies this behavior.
+
+Reported by: Patricia Muscalu
+Bug: http://curl.haxx.se/bug/view.cgi?id=1184
+
+[upstream commit 72688317adcedb9508fd2189e6c6d3945e06a004]
+
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/url.c | 7 ++
+ tests/data/Makefile.am | 3 +-
+ tests/data/Makefile.in | 3 +-
+ tests/data/test1507 | 51 +++++++++++++
+ tests/libtest/Makefile.in | 82 +++++++++++++++++++++-
+ tests/libtest/Makefile.inc | 6 ++-
+ tests/libtest/lib1507.c | 167 ++++++++++++++++++++++++++++++++++++++++++++
+ 7 files changed, 313 insertions(+), 6 deletions(-)
+ create mode 100644 tests/data/test1507
+ create mode 100644 tests/libtest/lib1507.c
+
+diff --git a/lib/url.c b/lib/url.c
+index 52f7e27..a6375a2 100644
+--- a/lib/url.c
++++ b/lib/url.c
+@@ -5222,6 +5222,13 @@ CURLcode Curl_done(struct connectdata **connp,
+ conn->dns_entry = NULL;
+ }
+
++ if(status == CURLE_ABORTED_BY_CALLBACK)
++ /* When we're aborted due to a callback return code it basically have to
++ be counted as premature as there is trouble ahead if we don't. We have
++ many callbacks and protocols work differently, we could potentially do
++ this more fine-grained in the future. */
++ premature = TRUE;
++
+ /* this calls the protocol-specific function pointer previously set */
+ if(conn->handler->done)
+ result = conn->handler->done(conn, status, premature);
+diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am
+index 3f6a047..805955c 100644
+--- a/tests/data/Makefile.am
++++ b/tests/data/Makefile.am
+@@ -93,7 +93,8 @@ test1379 test1380 test1381 test1382 test1383 test1384 test1385 test1386 \
+ test1387 test1388 test1389 test1390 test1391 test1392 test1393 \
+ test1400 test1401 test1402 test1403 test1404 test1405 test1406 test1407 \
+ test1408 test1409 test1410 test1411 test1412 test1413 \
+-test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1508 \
++test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1507 \
++test1508 \
+ test2000 test2001 test2002 test2003 test2004 test2005 test2006 test2007 \
+ test2008 test2009 test2010 test2011 test2012 test2013 test2014 test2015 \
+ test2016 test2017 test2018 test2019 test2020 test2021 test2022 \
+diff --git a/tests/data/Makefile.in b/tests/data/Makefile.in
+index 71c9422..1e6d679 100644
+--- a/tests/data/Makefile.in
++++ b/tests/data/Makefile.in
+@@ -357,7 +357,8 @@ test1379 test1380 test1381 test1382 test1383 test1384 test1385 test1386 \
+ test1387 test1388 test1389 test1390 test1391 test1392 test1393 \
+ test1400 test1401 test1402 test1403 test1404 test1405 test1406 test1407 \
+ test1408 test1409 test1410 test1411 test1412 test1413 \
+-test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1508 \
++test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1507 \
++test1508 \
+ test2000 test2001 test2002 test2003 test2004 test2005 test2006 test2007 \
+ test2008 test2009 test2010 test2011 test2012 test2013 test2014 test2015 \
+ test2016 test2017 test2018 test2019 test2020 test2021 test2022 \
+diff --git a/tests/data/test1507 b/tests/data/test1507
+new file mode 100644
+index 0000000..b66e71d
+--- /dev/null
++++ b/tests/data/test1507
+@@ -0,0 +1,51 @@
++<testcase>
++<info>
++<keywords>
++SMTP
++multi
++</keywords>
++</info>
++
++#
++# Server-side
++<reply>
++</reply>
++
++#
++# Client-side
++<client>
++<server>
++smtp
++</server>
++<tool>
++lib1507
++</tool>
++
++# based on bug report #1184
++ <name>
++SMTP with multi interface and CURLE_ABORTED_BY_CALLBACK
++ </name>
++<stdin>
++From: different
++To: another
++
++body
++</stdin>
++ <command>
++smtp://%HOSTIP:%SMTPPORT/user
++</command>
++</client>
++
++#
++# Verify data after the test has been "shot"
++<verify>
++<protocol>
++EHLO user
++MAIL FROM:<1507-realuser@example.com>
++RCPT TO:<1507-recipient@example.com>
++DATA
++</protocol>
++<upload>
++</upload>
++</verify>
++</testcase>
+diff --git a/tests/libtest/Makefile.in b/tests/libtest/Makefile.in
+index 7683c09..e6826c0 100644
+--- a/tests/libtest/Makefile.in
++++ b/tests/libtest/Makefile.in
+@@ -85,7 +85,8 @@ noinst_PROGRAMS = chkhostname$(EXEEXT) libauthretry$(EXEEXT) \
+ lib591$(EXEEXT) lib597$(EXEEXT) lib598$(EXEEXT) \
+ lib599$(EXEEXT) lib1500$(EXEEXT) lib1501$(EXEEXT) \
+ lib1502$(EXEEXT) lib1503$(EXEEXT) lib1504$(EXEEXT) \
+- lib1505$(EXEEXT) lib1506$(EXEEXT) lib1508$(EXEEXT)
++ lib1505$(EXEEXT) lib1506$(EXEEXT) lib1507$(EXEEXT) \
++ lib1508$(EXEEXT)
+ subdir = tests/libtest
+ ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+ am__aclocal_m4_deps = $(top_srcdir)/m4/curl-compilers.m4 \
+@@ -173,6 +174,13 @@ am_lib1506_OBJECTS = lib1506-lib1506.$(OBJEXT) $(am__objects_18) \
+ $(am__objects_19) $(am__objects_20)
+ lib1506_OBJECTS = $(am_lib1506_OBJECTS)
+ lib1506_DEPENDENCIES = $(am__DEPENDENCIES_1)
++am__objects_154 = lib1507-first.$(OBJEXT)
++am__objects_155 = lib1507-testutil.$(OBJEXT)
++am__objects_156 = lib1507-warnless.$(OBJEXT)
++am_lib1507_OBJECTS = lib1507-lib1507.$(OBJEXT) $(am__objects_154) \
++ $(am__objects_155) $(am__objects_156)
++lib1507_OBJECTS = $(am_lib1507_OBJECTS)
++lib1507_DEPENDENCIES = $(am__DEPENDENCIES_1)
+ am__objects_151 = lib1508-first.$(OBJEXT)
+ am__objects_152 = lib1508-testutil.$(OBJEXT)
+ am__objects_153 = lib1508-warnless.$(OBJEXT)
+@@ -639,7 +647,8 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ SOURCES = $(libhostname_la_SOURCES) $(chkhostname_SOURCES) \
+ $(lib1500_SOURCES) $(lib1501_SOURCES) $(lib1502_SOURCES) \
+ $(lib1503_SOURCES) $(lib1504_SOURCES) $(lib1505_SOURCES) \
+- $(lib1506_SOURCES) $(lib1508_SOURCES) $(lib500_SOURCES) $(lib501_SOURCES) \
++ $(lib1506_SOURCES) $(lib1507_SOURCES) $(lib1508_SOURCES) \
++ $(lib500_SOURCES) $(lib501_SOURCES) \
+ $(lib502_SOURCES) $(lib503_SOURCES) $(lib504_SOURCES) \
+ $(lib505_SOURCES) $(lib506_SOURCES) $(lib507_SOURCES) \
+ $(lib508_SOURCES) $(lib510_SOURCES) $(lib511_SOURCES) \
+@@ -669,7 +678,8 @@ SOURCES = $(libhostname_la_SOURCES) $(chkhostname_SOURCES) \
+ DIST_SOURCES = $(libhostname_la_SOURCES) $(chkhostname_SOURCES) \
+ $(lib1500_SOURCES) $(lib1501_SOURCES) $(lib1502_SOURCES) \
+ $(lib1503_SOURCES) $(lib1504_SOURCES) $(lib1505_SOURCES) \
+- $(lib1506_SOURCES) $(lib1508_SOURCES) $(lib500_SOURCES) $(lib501_SOURCES) \
++ $(lib1506_SOURCES) $(lib1507_SOURCES) $(lib1508_SOURCES) \
++ $(lib500_SOURCES) $(lib501_SOURCES) \
+ $(lib502_SOURCES) $(lib503_SOURCES) $(lib504_SOURCES) \
+ $(lib505_SOURCES) $(lib506_SOURCES) $(lib507_SOURCES) \
+ $(lib508_SOURCES) $(lib510_SOURCES) $(lib511_SOURCES) \
+@@ -1162,6 +1172,9 @@ lib1505_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1505
+ lib1506_SOURCES = lib1506.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
+ lib1506_LDADD = $(TESTUTIL_LIBS)
+ lib1506_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1506
++lib1507_SOURCES = lib1507.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
++lib1507_LDADD = $(TESTUTIL_LIBS)
++lib1507_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1507
+ lib1508_SOURCES = lib1508.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
+ lib1508_LDADD = $(TESTUTIL_LIBS)
+ lib1508_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1508
+@@ -1263,6 +1276,9 @@ lib1505$(EXEEXT): $(lib1505_OBJECTS) $(lib1505_DEPENDENCIES) $(EXTRA_lib1505_DEP
+ lib1506$(EXEEXT): $(lib1506_OBJECTS) $(lib1506_DEPENDENCIES) $(EXTRA_lib1506_DEPENDENCIES)
+ @rm -f lib1506$(EXEEXT)
+ $(LINK) $(lib1506_OBJECTS) $(lib1506_LDADD) $(LIBS)
++lib1507$(EXEEXT): $(lib1507_OBJECTS) $(lib1507_DEPENDENCIES) $(EXTRA_lib1507_DEPENDENCIES)
++ @rm -f lib1507$(EXEEXT)
++ $(LINK) $(lib1507_OBJECTS) $(lib1507_LDADD) $(LIBS)
+ lib1508$(EXEEXT): $(lib1508_OBJECTS) $(lib1508_DEPENDENCIES) $(EXTRA_lib1508_DEPENDENCIES)
+ @rm -f lib1508$(EXEEXT)
+ $(LINK) $(lib1508_OBJECTS) $(lib1508_LDADD) $(LIBS)
+@@ -1533,6 +1549,10 @@ distclean-compile:
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lib1506-lib1506.Po@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lib1506-testutil.Po@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lib1506-warnless.Po@am__quote@
++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lib1507-first.Po@am__quote@
++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lib1507-lib1507.Po@am__quote@
++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lib1507-testutil.Po@am__quote@
++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lib1507-warnless.Po@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lib1508-first.Po@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lib1508-lib1508.Po@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lib1508-testutil.Po@am__quote@
+@@ -2180,6 +2200,62 @@ lib1506-warnless.obj: ../../lib/warnless.c
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(lib1506_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o lib1506-warnless.obj `if test -f '../../lib/warnless.c'; then $(CYGPATH_W) '../../lib/warnless.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/warnless.c'; fi`
+
++lib1507-lib1507.o: lib1507.c
++@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(lib1507_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT lib1507-lib1507.o -MD -MP -MF $(DEPDIR)/lib1507-lib1507.Tpo -c -o lib1507-lib1507.o `test -f 'lib1507.c' || echo '$(srcdir)/'`lib1507.c
++@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/lib1507-lib1507.Tpo $(DEPDIR)/lib1507-lib1507.Po
++@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='lib1507.c' object='lib1507-lib1507.o' libtool=no @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(lib1507_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o lib1507-lib1507.o `test -f 'lib1507.c' || echo '$(srcdir)/'`lib1507.c
++
++lib1507-lib1507.obj: lib1507.c
++@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(lib1507_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT lib1507-lib1507.obj -MD -MP -MF $(DEPDIR)/lib1507-lib1507.Tpo -c -o lib1507-lib1507.obj `if test -f 'lib1507.c'; then $(CYGPATH_W) 'lib1507.c'; else $(CYGPATH_W) '$(srcdir)/lib1507.c'; fi`
++@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/lib1507-lib1507.Tpo $(DEPDIR)/lib1507-lib1507.Po
++@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='lib1507.c' object='lib1507-lib1507.obj' libtool=no @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(lib1507_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o lib1507-lib1507.obj `if test -f 'lib1507.c'; then $(CYGPATH_W) 'lib1507.c'; else $(CYGPATH_W) '$(srcdir)/lib1507.c'; fi`
++
++lib1507-first.o: first.c
++@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(lib1507_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT lib1507-first.o -MD -MP -MF $(DEPDIR)/lib1507-first.Tpo -c -o lib1507-first.o `test -f 'first.c' || echo '$(srcdir)/'`first.c
++@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/lib1507-first.Tpo $(DEPDIR)/lib1507-first.Po
++@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='first.c' object='lib1507-first.o' libtool=no @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(lib1507_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o lib1507-first.o `test -f 'first.c' || echo '$(srcdir)/'`first.c
++
++lib1507-first.obj: first.c
++@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(lib1507_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT lib1507-first.obj -MD -MP -MF $(DEPDIR)/lib1507-first.Tpo -c -o lib1507-first.obj `if test -f 'first.c'; then $(CYGPATH_W) 'first.c'; else $(CYGPATH_W) '$(srcdir)/first.c'; fi`
++@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/lib1507-first.Tpo $(DEPDIR)/lib1507-first.Po
++@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='first.c' object='lib1507-first.obj' libtool=no @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(lib1507_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o lib1507-first.obj `if test -f 'first.c'; then $(CYGPATH_W) 'first.c'; else $(CYGPATH_W) '$(srcdir)/first.c'; fi`
++
++lib1507-testutil.o: testutil.c
++@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(lib1507_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT lib1507-testutil.o -MD -MP -MF $(DEPDIR)/lib1507-testutil.Tpo -c -o lib1507-testutil.o `test -f 'testutil.c' || echo '$(srcdir)/'`testutil.c
++@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/lib1507-testutil.Tpo $(DEPDIR)/lib1507-testutil.Po
++@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='testutil.c' object='lib1507-testutil.o' libtool=no @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(lib1507_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o lib1507-testutil.o `test -f 'testutil.c' || echo '$(srcdir)/'`testutil.c
++
++lib1507-testutil.obj: testutil.c
++@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(lib1507_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT lib1507-testutil.obj -MD -MP -MF $(DEPDIR)/lib1507-testutil.Tpo -c -o lib1507-testutil.obj `if test -f 'testutil.c'; then $(CYGPATH_W) 'testutil.c'; else $(CYGPATH_W) '$(srcdir)/testutil.c'; fi`
++@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/lib1507-testutil.Tpo $(DEPDIR)/lib1507-testutil.Po
++@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='testutil.c' object='lib1507-testutil.obj' libtool=no @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(lib1507_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o lib1507-testutil.obj `if test -f 'testutil.c'; then $(CYGPATH_W) 'testutil.c'; else $(CYGPATH_W) '$(srcdir)/testutil.c'; fi`
++
++lib1507-warnless.o: ../../lib/warnless.c
++@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(lib1507_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT lib1507-warnless.o -MD -MP -MF $(DEPDIR)/lib1507-warnless.Tpo -c -o lib1507-warnless.o `test -f '../../lib/warnless.c' || echo '$(srcdir)/'`../../lib/warnless.c
++@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/lib1507-warnless.Tpo $(DEPDIR)/lib1507-warnless.Po
++@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='../../lib/warnless.c' object='lib1507-warnless.o' libtool=no @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(lib1507_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o lib1507-warnless.o `test -f '../../lib/warnless.c' || echo '$(srcdir)/'`../../lib/warnless.c
++
++lib1507-warnless.obj: ../../lib/warnless.c
++@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(lib1507_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT lib1507-warnless.obj -MD -MP -MF $(DEPDIR)/lib1507-warnless.Tpo -c -o lib1507-warnless.obj `if test -f '../../lib/warnless.c'; then $(CYGPATH_W) '../../lib/warnless.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/warnless.c'; fi`
++@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/lib1507-warnless.Tpo $(DEPDIR)/lib1507-warnless.Po
++@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='../../lib/warnless.c' object='lib1507-warnless.obj' libtool=no @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(lib1507_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o lib1507-warnless.obj `if test -f '../../lib/warnless.c'; then $(CYGPATH_W) '../../lib/warnless.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/warnless.c'; fi`
++
+ lib1508-lib1508.o: lib1508.c
+ @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(lib1508_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT lib1508-lib1508.o -MD -MP -MF $(DEPDIR)/lib1508-lib1508.Tpo -c -o lib1508-lib1508.o `test -f 'lib1508.c' || echo '$(srcdir)/'`lib1508.c
+ @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/lib1508-lib1508.Tpo $(DEPDIR)/lib1508-lib1508.Po
+diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc
+index 8bf2be4..5e377d3 100644
+--- a/tests/libtest/Makefile.inc
++++ b/tests/libtest/Makefile.inc
+@@ -23,7 +23,7 @@ noinst_PROGRAMS = chkhostname libauthretry libntlmconnect \
+ lib582 lib583 lib585 lib586 lib587 \
+ lib590 lib591 lib597 lib598 lib599 \
+ \
+- lib1500 lib1501 lib1502 lib1503 lib1504 lib1505 lib1506 lib1508
++ lib1500 lib1501 lib1502 lib1503 lib1504 lib1505 lib1506 lib1507 lib1508
+
+ chkhostname_SOURCES = chkhostname.c ../../lib/curl_gethostname.c
+ chkhostname_LDADD = @CURL_NETWORK_LIBS@
+@@ -313,6 +313,10 @@ lib1506_SOURCES = lib1506.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
+ lib1506_LDADD = $(TESTUTIL_LIBS)
+ lib1506_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1506
+
++lib1507_SOURCES = lib1507.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
++lib1507_LDADD = $(TESTUTIL_LIBS)
++lib1507_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1507
++
+ lib1508_SOURCES = lib1508.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
+ lib1508_LDADD = $(TESTUTIL_LIBS)
+ lib1508_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1508
+diff --git a/tests/libtest/lib1507.c b/tests/libtest/lib1507.c
+new file mode 100644
+index 0000000..7c4e6ed
+--- /dev/null
++++ b/tests/libtest/lib1507.c
+@@ -0,0 +1,167 @@
++/***************************************************************************
++ * _ _ ____ _
++ * Project ___| | | | _ \| |
++ * / __| | | | |_) | |
++ * | (__| |_| | _ <| |___
++ * \___|\___/|_| \_\_____|
++ *
++ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
++ *
++ * This software is licensed as described in the file COPYING, which
++ * you should have received as part of this distribution. The terms
++ * are also available at http://curl.haxx.se/docs/copyright.html.
++ *
++ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
++ * copies of the Software, and permit persons to whom the Software is
++ * furnished to do so, under the terms of the COPYING file.
++ *
++ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
++ * KIND, either express or implied.
++ *
++ ***************************************************************************/
++#include "test.h"
++
++#include "testutil.h"
++#include "warnless.h"
++#include "memdebug.h"
++
++/*
++ * This is the list of basic details you need to tweak to get things right.
++ */
++#define USERNAME "user@example.com"
++#define PASSWORD "123qwerty"
++#define RECIPIENT "<1507-recipient@example.com>"
++#define MAILFROM "<1507-realuser@example.com>"
++
++#define MULTI_PERFORM_HANG_TIMEOUT 60 * 1000
++
++static size_t read_callback(void *ptr, size_t size, size_t nmemb, void *userp)
++{
++ (void)ptr;
++ (void)size;
++ (void)nmemb;
++ (void)userp;
++ return CURL_READFUNC_ABORT;
++}
++
++static struct timeval tvnow(void)
++{
++ /*
++ ** time() returns the value of time in seconds since the Epoch.
++ */
++ struct timeval now;
++ now.tv_sec = (long)time(NULL);
++ now.tv_usec = 0;
++ return now;
++}
++
++static long tvdiff(struct timeval newer, struct timeval older)
++{
++ return (newer.tv_sec-older.tv_sec)*1000+
++ (newer.tv_usec-older.tv_usec)/1000;
++}
++
++int test(char *URL)
++{
++ CURL *curl;
++ CURLM *mcurl;
++ int still_running = 1;
++ struct timeval mp_start;
++ struct curl_slist* rcpt_list = NULL;
++
++ curl_global_init(CURL_GLOBAL_DEFAULT);
++
++ curl = curl_easy_init();
++ if(!curl)
++ return 1;
++
++ mcurl = curl_multi_init();
++ if(!mcurl)
++ return 2;
++
++ rcpt_list = curl_slist_append(rcpt_list, RECIPIENT);
++ /* more addresses can be added here
++ rcpt_list = curl_slist_append(rcpt_list, "<others@example.com>");
++ */
++
++ curl_easy_setopt(curl, CURLOPT_URL, URL);
++#if 0
++ curl_easy_setopt(curl, CURLOPT_USERNAME, USERNAME);
++ curl_easy_setopt(curl, CURLOPT_PASSWORD, PASSWORD);
++#endif
++ curl_easy_setopt(curl, CURLOPT_READFUNCTION, read_callback);
++ curl_easy_setopt(curl, CURLOPT_MAIL_FROM, MAILFROM);
++ curl_easy_setopt(curl, CURLOPT_MAIL_RCPT, rcpt_list);
++ curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
++ curl_multi_add_handle(mcurl, curl);
++
++ mp_start = tvnow();
++
++ /* we start some action by calling perform right away */
++ curl_multi_perform(mcurl, &still_running);
++
++ while(still_running) {
++ struct timeval timeout;
++ int rc; /* select() return code */
++
++ fd_set fdread;
++ fd_set fdwrite;
++ fd_set fdexcep;
++ int maxfd = -1;
++
++ long curl_timeo = -1;
++
++ FD_ZERO(&fdread);
++ FD_ZERO(&fdwrite);
++ FD_ZERO(&fdexcep);
++
++ /* set a suitable timeout to play around with */
++ timeout.tv_sec = 1;
++ timeout.tv_usec = 0;
++
++ curl_multi_timeout(mcurl, &curl_timeo);
++ if(curl_timeo >= 0) {
++ timeout.tv_sec = curl_timeo / 1000;
++ if(timeout.tv_sec > 1)
++ timeout.tv_sec = 1;
++ else
++ timeout.tv_usec = (curl_timeo % 1000) * 1000;
++ }
++
++ /* get file descriptors from the transfers */
++ curl_multi_fdset(mcurl, &fdread, &fdwrite, &fdexcep, &maxfd);
++
++ /* In a real-world program you OF COURSE check the return code of the
++ function calls. On success, the value of maxfd is guaranteed to be
++ greater or equal than -1. We call select(maxfd + 1, ...), specially in
++ case of (maxfd == -1), we call select(0, ...), which is basically equal
++ to sleep. */
++
++ rc = select(maxfd+1, &fdread, &fdwrite, &fdexcep, &timeout);
++
++ if (tvdiff(tvnow(), mp_start) > MULTI_PERFORM_HANG_TIMEOUT) {
++ fprintf(stderr, "ABORTING TEST, since it seems "
++ "that it would have run forever.\n");
++ break;
++ }
++
++ switch(rc) {
++ case -1:
++ /* select error */
++ break;
++ case 0: /* timeout */
++ default: /* action */
++ curl_multi_perform(mcurl, &still_running);
++ break;
++ }
++ }
++
++ curl_slist_free_all(rcpt_list);
++ curl_multi_remove_handle(mcurl, curl);
++ curl_multi_cleanup(mcurl);
++ curl_easy_cleanup(curl);
++ curl_global_cleanup();
++ return 0;
++}
++
++
+--
+1.7.1
+
+
+From 55004df420d1e520d84fded41a4d16f36acee119 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Mon, 9 Sep 2013 13:10:53 +0200
+Subject: [PATCH 2/2] url: handle abortion by read/write callbacks, too
+
+Otherwise, the FTP protocol would unnecessarily hang 60 seconds if
+aborted in the CURLOPT_HEADERFUNCTION callback.
+
+Reported by: Tomas Mlcoch
+Bug: https://bugzilla.redhat.com/1005686
+
+[upstream commit c639d725a37c91fb49bb3a689cb2596fad3a0645]
+---
+ lib/url.c | 8 +++++++-
+ 1 files changed, 7 insertions(+), 1 deletions(-)
+
+diff --git a/lib/url.c b/lib/url.c
+index a6375a2..bddbd91 100644
+--- a/lib/url.c
++++ b/lib/url.c
+@@ -5222,12 +5222,18 @@ CURLcode Curl_done(struct connectdata **connp,
+ conn->dns_entry = NULL;
+ }
+
+- if(status == CURLE_ABORTED_BY_CALLBACK)
++ switch(status) {
++ case CURLE_ABORTED_BY_CALLBACK:
++ case CURLE_READ_ERROR:
++ case CURLE_WRITE_ERROR:
+ /* When we're aborted due to a callback return code it basically have to
+ be counted as premature as there is trouble ahead if we don't. We have
+ many callbacks and protocols work differently, we could potentially do
+ this more fine-grained in the future. */
+ premature = TRUE;
++ default:
++ break;
++ }
+
+ /* this calls the protocol-specific function pointer previously set */
+ if(conn->handler->done)
+--
+1.7.1
+
diff --git a/0013-curl-7.29.0-665c160f.patch b/0013-curl-7.29.0-665c160f.patch
new file mode 100644
index 0000000..d7c2ddf
--- /dev/null
+++ b/0013-curl-7.29.0-665c160f.patch
@@ -0,0 +1,86 @@
+From 311a22b801693bf8b748169f35bde7bef744da8c Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Wed, 29 Jan 2014 12:55:36 +0100
+Subject: [PATCH 1/2] nss: do not fail if NSS does not implement a cipher
+
+... that the user does not ask for
+
+[upstream commit e15e73b741a2ddc88d166d2cec86d2bebb5d349e]
+---
+ lib/nss.c | 9 +++++----
+ 1 files changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/lib/nss.c b/lib/nss.c
+index a2c5c63..c4ffe7b 100644
+--- a/lib/nss.c
++++ b/lib/nss.c
+@@ -192,14 +192,13 @@ static SECStatus set_ciphers(struct SessionHandle *data, PRFileDesc * model,
+ PRBool cipher_state[NUM_OF_CIPHERS];
+ PRBool found;
+ char *cipher;
+- SECStatus rv;
+
+ /* First disable all ciphers. This uses a different max value in case
+ * NSS adds more ciphers later we don't want them available by
+ * accident
+ */
+ for(i=0; i<SSL_NumImplementedCiphers; i++) {
+- SSL_CipherPrefSet(model, SSL_ImplementedCiphers[i], SSL_NOT_ALLOWED);
++ SSL_CipherPrefSet(model, SSL_ImplementedCiphers[i], PR_FALSE);
+ }
+
+ /* Set every entry in our list to false */
+@@ -239,8 +238,10 @@ static SECStatus set_ciphers(struct SessionHandle *data, PRFileDesc * model,
+
+ /* Finally actually enable the selected ciphers */
+ for(i=0; i<NUM_OF_CIPHERS; i++) {
+- rv = SSL_CipherPrefSet(model, cipherlist[i].num, cipher_state[i]);
+- if(rv != SECSuccess) {
++ if(!cipher_state[i])
++ continue;
++
++ if(SSL_CipherPrefSet(model, cipherlist[i].num, PR_TRUE) != SECSuccess) {
+ failf(data, "cipher-suite not supported by NSS: %s", cipherlist[i].name);
+ return SECFailure;
+ }
+--
+1.7.1
+
+
+From 9fe38c72787ba6658456a30477d48fe7960947ed Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Wed, 29 Jan 2014 13:03:46 +0100
+Subject: [PATCH 2/2] nss: do not use the NSS_ENABLE_ECC define
+
+It is not provided by NSS public headers.
+
+Bug: https://bugzilla.redhat.com/1058776
+
+[upstream commit 665c160f0a4635565b44704ca281d2a03e715d6d]
+---
+ lib/nss.c | 2 --
+ 1 files changed, 0 insertions(+), 2 deletions(-)
+
+diff --git a/lib/nss.c b/lib/nss.c
+index c4ffe7b..111982f 100644
+--- a/lib/nss.c
++++ b/lib/nss.c
+@@ -126,7 +126,6 @@ static const cipher_s cipherlist[] = {
+ /* AES ciphers. */
+ {"rsa_aes_128_sha", TLS_RSA_WITH_AES_128_CBC_SHA},
+ {"rsa_aes_256_sha", TLS_RSA_WITH_AES_256_CBC_SHA},
+-#ifdef NSS_ENABLE_ECC
+ /* ECC ciphers. */
+ {"ecdh_ecdsa_null_sha", TLS_ECDH_ECDSA_WITH_NULL_SHA},
+ {"ecdh_ecdsa_rc4_128_sha", TLS_ECDH_ECDSA_WITH_RC4_128_SHA},
+@@ -153,7 +152,6 @@ static const cipher_s cipherlist[] = {
+ {"ecdh_anon_3des_sha", TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA},
+ {"ecdh_anon_aes_128_sha", TLS_ECDH_anon_WITH_AES_128_CBC_SHA},
+ {"ecdh_anon_aes_256_sha", TLS_ECDH_anon_WITH_AES_256_CBC_SHA},
+-#endif
+ };
+
+ /* following ciphers are new in NSS 3.4 and not enabled by default, therefore
+--
+1.7.1
+
diff --git a/0014-curl-7.27.0-9d0af301.patch b/0014-curl-7.27.0-9d0af301.patch
deleted file mode 100644
index 739bbe7..0000000
--- a/0014-curl-7.27.0-9d0af301.patch
+++ /dev/null
@@ -1,95 +0,0 @@
-From c7bd0361565f70caf621f588e38bfc6cc196c432 Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Tue, 5 Mar 2013 17:51:01 +0100
-Subject: [PATCH 1/2] nss: fix misplaced code enabling non-blocking socket mode
-
-The option needs to be set on the SSL socket. Setting it on the model
-takes no effect. Note that the non-blocking mode is still not enabled
-for the handshake because the code is not yet ready for that.
-
-[upstream commit 9d0af3018c5db25f5adda216dbcad6056b4a3107]
----
- lib/nss.c | 12 ++++++------
- 1 files changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/lib/nss.c b/lib/nss.c
-index efa578c..0ad1863 100644
---- a/lib/nss.c
-+++ b/lib/nss.c
-@@ -1240,12 +1240,6 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
- goto error;
- model = SSL_ImportFD(NULL, model);
-
-- /* make the socket nonblocking */
-- sock_opt.option = PR_SockOpt_Nonblocking;
-- sock_opt.value.non_blocking = PR_TRUE;
-- if(PR_SetSocketOption(model, &sock_opt) != PR_SUCCESS)
-- goto error;
--
- if(SSL_OptionSet(model, SSL_SECURITY, PR_TRUE) != SECSuccess)
- goto error;
- if(SSL_OptionSet(model, SSL_HANDSHAKE_AS_SERVER, PR_FALSE) != SECSuccess)
-@@ -1420,6 +1414,12 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
- goto error;
- }
-
-+ /* switch the SSL socket into non-blocking mode */
-+ sock_opt.option = PR_SockOpt_Nonblocking;
-+ sock_opt.value.non_blocking = PR_TRUE;
-+ if(PR_SetSocketOption(connssl->handle, &sock_opt) != PR_SUCCESS)
-+ goto error;
-+
- connssl->state = ssl_connection_complete;
- conn->recv[sockindex] = nss_recv;
- conn->send[sockindex] = nss_send;
---
-1.7.1
-
-
-From f3a5d46280264965ca096c9b3efba481d4883d0e Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Tue, 7 May 2013 23:30:52 +0200
-Subject: [PATCH 2/2] nss: give PR_INTERVAL_NO_WAIT instead of -1 to PR_Recv/PR_Send
-
-Reported by: David Strauss
-Bug: http://curl.haxx.se/mail/lib-2013-05/0088.html
-
-[upstream commit 01a2abedd7e3a2075de70979003302313570c58c]
-
-Signed-off-by: Kamil Dudka <kdudka@redhat.com>
----
- lib/nss.c | 11 ++++-------
- 1 files changed, 4 insertions(+), 7 deletions(-)
-
-diff --git a/lib/nss.c b/lib/nss.c
-index 0ad1863..f69a888 100644
---- a/lib/nss.c
-+++ b/lib/nss.c
-@@ -1487,10 +1487,8 @@ static ssize_t nss_send(struct connectdata *conn, /* connection data */
- size_t len, /* amount to write */
- CURLcode *curlcode)
- {
-- int rc;
--
-- rc = PR_Send(conn->ssl[sockindex].handle, mem, (int)len, 0, -1);
--
-+ ssize_t rc = PR_Send(conn->ssl[sockindex].handle, mem, (int)len, 0,
-+ PR_INTERVAL_NO_WAIT);
- if(rc < 0) {
- PRInt32 err = PR_GetError();
- if(err == PR_WOULD_BLOCK_ERROR)
-@@ -1518,9 +1516,8 @@ static ssize_t nss_recv(struct connectdata * conn, /* connection data */
- size_t buffersize, /* max amount to read */
- CURLcode *curlcode)
- {
-- ssize_t nread;
--
-- nread = PR_Recv(conn->ssl[num].handle, buf, (int)buffersize, 0, -1);
-+ ssize_t nread = PR_Recv(conn->ssl[num].handle, buf, (int)buffersize, 0,
-+ PR_INTERVAL_NO_WAIT);
- if(nread < 0) {
- /* failed SSL read */
- PRInt32 err = PR_GetError();
---
-1.7.1
-
diff --git a/0014-curl-7.29.0-8ae35102.patch b/0014-curl-7.29.0-8ae35102.patch
new file mode 100644
index 0000000..9daa26d
--- /dev/null
+++ b/0014-curl-7.29.0-8ae35102.patch
@@ -0,0 +1,42 @@
+From 8683703ef3978983e61329801aecc554aec06055 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Tue, 7 Jan 2014 09:33:54 +0100
+Subject: [PATCH] ConnectionExists: fix NTLM check for new connection
+
+When the requested authentication bitmask includes NTLM, we cannot
+re-use a connection for another username/password as we then risk
+re-using NTLM (connection-based auth).
+
+This has the unfortunate downside that if you include NTLM as a possible
+auth, you cannot re-use connections for other usernames/passwords even
+if NTLM doesn't end up the auth type used.
+
+Reported-by: Paras S
+Patched-by: Paras S
+Bug: http://curl.haxx.se/mail/lib-2014-01/0046.html
+
+[upstream commit 8ae35102c43d8d06572c3a1292eb6e27e663c78d]
+
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/url.c | 4 ++--
+ 1 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/lib/url.c b/lib/url.c
+index bddbd91..313ec3e 100644
+--- a/lib/url.c
++++ b/lib/url.c
+@@ -2782,8 +2782,8 @@ ConnectionExists(struct SessionHandle *data,
+ struct connectdata *check;
+ struct connectdata *chosen = 0;
+ bool canPipeline = IsPipeliningPossible(data, needle);
+- bool wantNTLM = (data->state.authhost.want==CURLAUTH_NTLM) ||
+- (data->state.authhost.want==CURLAUTH_NTLM_WB) ? TRUE : FALSE;
++ bool wantNTLM = (data->state.authhost.want & CURLAUTH_NTLM) ||
++ (data->state.authhost.want & CURLAUTH_NTLM_WB) ? TRUE : FALSE;
+ struct connectbundle *bundle;
+
+ /* Look up the bundle with all the connections to this
+--
+1.7.1
+
diff --git a/0015-curl-7.29.0-7fc9325a.patch b/0015-curl-7.29.0-7fc9325a.patch
new file mode 100644
index 0000000..7b6c5fe
--- /dev/null
+++ b/0015-curl-7.29.0-7fc9325a.patch
@@ -0,0 +1,1090 @@
+From a7b1ea3537b30450ad82d2c64d31dcecaed60fca Mon Sep 17 00:00:00 2001
+From: Gergely Nagy <ngg@tresorit.com>
+Date: Thu, 19 Sep 2013 15:17:13 +0200
+Subject: [PATCH 1/9] SSL: protocol version can be specified more precisely
+
+CURL_SSLVERSION_TLSv1_0, CURL_SSLVERSION_TLSv1_1,
+CURL_SSLVERSION_TLSv1_2 enum values are added to force exact TLS version
+(CURL_SSLVERSION_TLSv1 means TLS 1.x).
+
+axTLS:
+axTLS only supports TLS 1.0 and 1.1 but it cannot be set that only one
+of these should be used, so we don't allow the new enum values.
+
+darwinssl:
+Added support for the new enum values.
+
+SChannel:
+Added support for the new enum values.
+
+CyaSSL:
+Added support for the new enum values.
+Bug: The original CURL_SSLVERSION_TLSv1 value enables only TLS 1.0 (it
+did the same before this commit), because CyaSSL cannot be configured to
+use TLS 1.0-1.2.
+
+GSKit:
+GSKit doesn't seem to support TLS 1.1 and TLS 1.2, so we do not allow
+those values.
+Bugfix: There was a typo that caused wrong SSL versions to be passed to
+GSKit.
+
+NSS:
+TLS minor version cannot be set, so we don't allow the new enum values.
+
+QsoSSL:
+TLS minor version cannot be set, so we don't allow the new enum values.
+
+OpenSSL:
+Added support for the new enum values.
+Bugfix: The original CURL_SSLVERSION_TLSv1 value enabled only TLS 1.0,
+now it enables 1.0-1.2.
+
+Command-line tool:
+Added command line options for the new values.
+
+[upstream commit ad34a2d5c87c7f4b14e8dded34569395de0d8c5b]
+---
+ docs/libcurl/curl_easy_setopt.3 | 8 +++++-
+ docs/libcurl/symbols-in-versions | 3 ++
+ include/curl/curl.h | 5 +++-
+ lib/axtls.c | 3 +-
+ lib/curl_darwinssl.c | 34 +++++++++++++++++++++++++
+ lib/curl_schannel.c | 9 ++++++
+ lib/cyassl.c | 13 +++++++++-
+ lib/nss.c | 6 ++++
+ lib/qssl.c | 6 ++++
+ lib/ssluse.c | 51 +++++++++++++++++++++++++++----------
+ packages/OS400/curl.inc.in | 6 ++++
+ src/tool_getparam.c | 25 ++++++++++++++++--
+ src/tool_setopt.c | 3 ++
+ 13 files changed, 151 insertions(+), 21 deletions(-)
+
+diff --git a/docs/libcurl/curl_easy_setopt.3 b/docs/libcurl/curl_easy_setopt.3
+index 3d31aef..92db8f4 100644
+--- a/docs/libcurl/curl_easy_setopt.3
++++ b/docs/libcurl/curl_easy_setopt.3
+@@ -2219,11 +2219,17 @@ The default action. This will attempt to figure out the remote SSL protocol
+ version, i.e. either SSLv3 or TLSv1 (but not SSLv2, which became disabled
+ by default with 7.18.1).
+ .IP CURL_SSLVERSION_TLSv1
+-Force TLSv1
++Force TLSv1.x
+ .IP CURL_SSLVERSION_SSLv2
+ Force SSLv2
+ .IP CURL_SSLVERSION_SSLv3
+ Force SSLv3
++.IP CURL_SSLVERSION_TLSv1_0
++Force TLSv1.0
++.IP CURL_SSLVERSION_TLSv1_1
++Force TLSv1.1
++.IP CURL_SSLVERSION_TLSv1_2
++Force TLSv1.2
+ .RE
+ .IP CURLOPT_SSL_VERIFYPEER
+ Pass a long as parameter. By default, curl assumes a value of 1.
+diff --git a/docs/libcurl/symbols-in-versions b/docs/libcurl/symbols-in-versions
+index 37b5e27..57fa6eb 100644
+--- a/docs/libcurl/symbols-in-versions
++++ b/docs/libcurl/symbols-in-versions
+@@ -678,6 +678,9 @@ CURL_SSLVERSION_DEFAULT 7.9.2
+ CURL_SSLVERSION_SSLv2 7.9.2
+ CURL_SSLVERSION_SSLv3 7.9.2
+ CURL_SSLVERSION_TLSv1 7.9.2
++CURL_SSLVERSION_TLSv1_0 7.33.0
++CURL_SSLVERSION_TLSv1_1 7.33.0
++CURL_SSLVERSION_TLSv1_2 7.33.0
+ CURL_TIMECOND_IFMODSINCE 7.9.7
+ CURL_TIMECOND_IFUNMODSINCE 7.9.7
+ CURL_TIMECOND_LASTMOD 7.9.7
+diff --git a/include/curl/curl.h b/include/curl/curl.h
+index 80e4cf5..8e548e3 100644
+--- a/include/curl/curl.h
++++ b/include/curl/curl.h
+@@ -1625,9 +1625,12 @@ enum CURL_NETRC_OPTION {
+
+ enum {
+ CURL_SSLVERSION_DEFAULT,
+- CURL_SSLVERSION_TLSv1,
++ CURL_SSLVERSION_TLSv1, /* TLS 1.x */
+ CURL_SSLVERSION_SSLv2,
+ CURL_SSLVERSION_SSLv3,
++ CURL_SSLVERSION_TLSv1_0,
++ CURL_SSLVERSION_TLSv1_1,
++ CURL_SSLVERSION_TLSv1_2,
+
+ CURL_SSLVERSION_LAST /* never use, keep last */
+ };
+diff --git a/lib/axtls.c b/lib/axtls.c
+index d512950..68794b5 100644
+--- a/lib/axtls.c
++++ b/lib/axtls.c
+@@ -169,7 +169,8 @@ Curl_axtls_connect(struct connectdata *conn,
+ case CURL_SSLVERSION_TLSv1:
+ break;
+ default:
+- failf(data, "axTLS only supports TLSv1");
++ failf(data, "axTLS only supports TLS 1.0 and 1.1, "
++ "and it cannot be specified which one to use");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+
+diff --git a/lib/curl_darwinssl.c b/lib/curl_darwinssl.c
+index 827c876..69eff8a 100644
+--- a/lib/curl_darwinssl.c
++++ b/lib/curl_darwinssl.c
+@@ -719,6 +719,18 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn,
+ (void)SSLSetProtocolVersionMin(connssl->ssl_ctx, kTLSProtocol1);
+ (void)SSLSetProtocolVersionMax(connssl->ssl_ctx, kTLSProtocol12);
+ break;
++ case CURL_SSLVERSION_TLSv1_0:
++ (void)SSLSetProtocolVersionMin(connssl->ssl_ctx, kTLSProtocol1);
++ (void)SSLSetProtocolVersionMax(connssl->ssl_ctx, kTLSProtocol1);
++ break;
++ case CURL_SSLVERSION_TLSv1_1:
++ (void)SSLSetProtocolVersionMin(connssl->ssl_ctx, kTLSProtocol11);
++ (void)SSLSetProtocolVersionMax(connssl->ssl_ctx, kTLSProtocol11);
++ break;
++ case CURL_SSLVERSION_TLSv1_2:
++ (void)SSLSetProtocolVersionMin(connssl->ssl_ctx, kTLSProtocol12);
++ (void)SSLSetProtocolVersionMax(connssl->ssl_ctx, kTLSProtocol12);
++ break;
+ case CURL_SSLVERSION_SSLv3:
+ (void)SSLSetProtocolVersionMin(connssl->ssl_ctx, kSSLProtocol3);
+ (void)SSLSetProtocolVersionMax(connssl->ssl_ctx, kSSLProtocol3);
+@@ -759,6 +771,21 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn,
+ kTLSProtocol12,
+ true);
+ break;
++ case CURL_SSLVERSION_TLSv1_0:
++ (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
++ kTLSProtocol1,
++ true);
++ break;
++ case CURL_SSLVERSION_TLSv1_1:
++ (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
++ kTLSProtocol11,
++ true);
++ break;
++ case CURL_SSLVERSION_TLSv1_2:
++ (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
++ kTLSProtocol12,
++ true);
++ break;
+ case CURL_SSLVERSION_SSLv3:
+ (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
+ kSSLProtocol3,
+@@ -785,10 +812,17 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn,
+ true);
+ break;
+ case CURL_SSLVERSION_TLSv1:
++ case CURL_SSLVERSION_TLSv1_0:
+ (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
+ kTLSProtocol1,
+ true);
+ break;
++ case CURL_SSLVERSION_TLSv1_1:
++ failf(data, "Your version of the OS does not support TLSv1.1");
++ return CURLE_SSL_CONNECT_ERROR;
++ case CURL_SSLVERSION_TLSv1_2:
++ failf(data, "Your version of the OS does not support TLSv1.2");
++ return CURLE_SSL_CONNECT_ERROR;
+ case CURL_SSLVERSION_SSLv2:
+ (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
+ kSSLProtocol2,
+diff --git a/lib/curl_schannel.c b/lib/curl_schannel.c
+index a615f57..19b7f71 100644
+--- a/lib/curl_schannel.c
++++ b/lib/curl_schannel.c
+@@ -180,6 +180,15 @@ schannel_connect_step1(struct connectdata *conn, int sockindex)
+ SP_PROT_TLS1_1_CLIENT |
+ SP_PROT_TLS1_2_CLIENT;
+ break;
++ case CURL_SSLVERSION_TLSv1_0:
++ schannel_cred.grbitEnabledProtocols = SP_PROT_TLS1_0_CLIENT;
++ break;
++ case CURL_SSLVERSION_TLSv1_1:
++ schannel_cred.grbitEnabledProtocols = SP_PROT_TLS1_1_CLIENT;
++ break;
++ case CURL_SSLVERSION_TLSv1_2:
++ schannel_cred.grbitEnabledProtocols = SP_PROT_TLS1_2_CLIENT;
++ break;
+ case CURL_SSLVERSION_SSLv3:
+ schannel_cred.grbitEnabledProtocols = SP_PROT_SSL3_CLIENT;
+ break;
+diff --git a/lib/cyassl.c b/lib/cyassl.c
+index 7c78464..ff11bdd 100644
+--- a/lib/cyassl.c
++++ b/lib/cyassl.c
+@@ -5,7 +5,7 @@
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
++ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+@@ -98,8 +98,19 @@ cyassl_connect_step1(struct connectdata *conn,
+ req_method = SSLv23_client_method();
+ break;
+ case CURL_SSLVERSION_TLSv1:
++ infof(data, "CyaSSL cannot be configured to use TLS 1.0-1.2, "
++ "TLS 1.0 is used exclusively\n");
+ req_method = TLSv1_client_method();
+ break;
++ case CURL_SSLVERSION_TLSv1_0:
++ req_method = TLSv1_client_method();
++ break;
++ case CURL_SSLVERSION_TLSv1_1:
++ req_method = TLSv1_1_client_method();
++ break;
++ case CURL_SSLVERSION_TLSv1_2:
++ req_method = TLSv1_2_client_method();
++ break;
+ case CURL_SSLVERSION_SSLv3:
+ req_method = SSLv3_client_method();
+ break;
+diff --git a/lib/nss.c b/lib/nss.c
+index 111982f..ff93a38 100644
+--- a/lib/nss.c
++++ b/lib/nss.c
+@@ -1266,6 +1266,12 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
+ case CURL_SSLVERSION_SSLv3:
+ ssl3 = PR_TRUE;
+ break;
++ case CURL_SSLVERSION_TLSv1_0:
++ case CURL_SSLVERSION_TLSv1_1:
++ case CURL_SSLVERSION_TLSv1_2:
++ failf(data, "TLS minor version cannot be set\n");
++ curlerr = CURLE_SSL_CONNECT_ERROR;
++ goto error;
+ }
+
+ if(SSL_OptionSet(model, SSL_ENABLE_SSL2, ssl2) != SECSuccess)
+diff --git a/lib/qssl.c b/lib/qssl.c
+index 8ef6fec..8b5e499 100644
+--- a/lib/qssl.c
++++ b/lib/qssl.c
+@@ -206,6 +206,12 @@ static CURLcode Curl_qsossl_handshake(struct connectdata * conn, int sockindex)
+ case CURL_SSLVERSION_SSLv3:
+ h->protocol = SSL_VERSION_3;
+ break;
++
++ case CURL_SSLVERSION_TLSv1_0:
++ case CURL_SSLVERSION_TLSv1_1:
++ case CURL_SSLVERSION_TLSv1_2:
++ failf(data, "TLS minor version cannot be set");
++ return CURLE_SSL_CONNECT_ERROR;
+ }
+
+ rc = SSL_Handshake(h, SSL_HANDSHAKE_AS_CLIENT);
+diff --git a/lib/ssluse.c b/lib/ssluse.c
+index 4a0dba7..dd99435 100644
+--- a/lib/ssluse.c
++++ b/lib/ssluse.c
+@@ -1389,19 +1389,12 @@ ossl_connect_step1(struct connectdata *conn,
+ switch(data->set.ssl.version) {
+ default:
+ case CURL_SSLVERSION_DEFAULT:
+-#ifdef USE_TLS_SRP
+- if(data->set.ssl.authtype == CURL_TLSAUTH_SRP) {
+- infof(data, "Set version TLSv1 for SRP authorisation\n");
+- req_method = TLSv1_client_method() ;
+- }
+- else
+-#endif
+- /* we try to figure out version */
+- req_method = SSLv23_client_method();
+- use_sni(TRUE);
+- break;
+ case CURL_SSLVERSION_TLSv1:
+- req_method = TLSv1_client_method();
++ case CURL_SSLVERSION_TLSv1_0:
++ case CURL_SSLVERSION_TLSv1_1:
++ case CURL_SSLVERSION_TLSv1_2:
++ /* it will be handled later with the context options */
++ req_method = SSLv23_client_method();
+ use_sni(TRUE);
+ break;
+ case CURL_SSLVERSION_SSLv2:
+@@ -1514,9 +1507,39 @@ ossl_connect_step1(struct connectdata *conn,
+ ctx_options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
+ #endif
+
+- /* disable SSLv2 in the default case (i.e. allow SSLv3 and TLSv1) */
+- if(data->set.ssl.version == CURL_SSLVERSION_DEFAULT)
++ switch(data->set.ssl.version) {
++ case CURL_SSLVERSION_DEFAULT:
++ ctx_options |= SSL_OP_NO_SSLv2;
++#ifdef USE_TLS_SRP
++ if(data->set.ssl.authtype == CURL_TLSAUTH_SRP) {
++ infof(data, "Set version TLSv1.x for SRP authorisation\n");
++ ctx_options |= SSL_OP_NO_SSLv3;
++ }
++#endif
++ break;
++ case CURL_SSLVERSION_TLSv1:
++ ctx_options |= SSL_OP_NO_SSLv2;
++ ctx_options |= SSL_OP_NO_SSLv3;
++ break;
++ case CURL_SSLVERSION_TLSv1_0:
+ ctx_options |= SSL_OP_NO_SSLv2;
++ ctx_options |= SSL_OP_NO_SSLv3;
++ ctx_options |= SSL_OP_NO_TLSv1_1;
++ ctx_options |= SSL_OP_NO_TLSv1_2;
++ break;
++ case CURL_SSLVERSION_TLSv1_1:
++ ctx_options |= SSL_OP_NO_SSLv2;
++ ctx_options |= SSL_OP_NO_SSLv3;
++ ctx_options |= SSL_OP_NO_TLSv1;
++ ctx_options |= SSL_OP_NO_TLSv1_2;
++ break;
++ case CURL_SSLVERSION_TLSv1_2:
++ ctx_options |= SSL_OP_NO_SSLv2;
++ ctx_options |= SSL_OP_NO_SSLv3;
++ ctx_options |= SSL_OP_NO_TLSv1;
++ ctx_options |= SSL_OP_NO_TLSv1_1;
++ break;
++ }
+
+ SSL_CTX_set_options(connssl->ctx, ctx_options);
+
+diff --git a/packages/OS400/curl.inc.in b/packages/OS400/curl.inc.in
+index 33ca12a..22a5511 100644
+--- a/packages/OS400/curl.inc.in
++++ b/packages/OS400/curl.inc.in
+@@ -226,6 +226,12 @@
+ d c 2
+ d CURL_SSLVERSION_SSLv3...
+ d c 3
++ d CURL_SSLVERSION_TLSv1_0...
++ d c 4
++ d CURL_SSLVERSION_TLSv1_1...
++ d c 5
++ d CURL_SSLVERSION_TLSv1_2...
++ d c 6
+ *
+ d CURL_TLSAUTH_NONE...
+ d c 0
+diff --git a/src/tool_getparam.c b/src/tool_getparam.c
+index 297b986..98d53a7 100644
+--- a/src/tool_getparam.c
++++ b/src/tool_getparam.c
+@@ -175,6 +175,9 @@ static const struct LongShort aliases[]= {
+ {"$J", "metalink", FALSE},
+ {"0", "http1.0", FALSE},
+ {"1", "tlsv1", FALSE},
++ {"10", "tlsv1.0", FALSE},
++ {"11", "tlsv1.1", FALSE},
++ {"12", "tlsv1.2", FALSE},
+ {"2", "sslv2", FALSE},
+ {"3", "sslv3", FALSE},
+ {"4", "ipv4", FALSE},
+@@ -873,9 +876,25 @@ ParameterError getparameter(char *flag, /* f or -long-flag */
+ /* HTTP version 1.0 */
+ config->httpversion = CURL_HTTP_VERSION_1_0;
+ break;
+- case '1':
+- /* TLS version 1 */
+- config->ssl_version = CURL_SSLVERSION_TLSv1;
++ case '1': /* --tlsv1* options */
++ switch(subletter) {
++ case '\0':
++ /* TLS version 1.x */
++ config->ssl_version = CURL_SSLVERSION_TLSv1;
++ break;
++ case '0':
++ /* TLS version 1.0 */
++ config->ssl_version = CURL_SSLVERSION_TLSv1_0;
++ break;
++ case '1':
++ /* TLS version 1.1 */
++ config->ssl_version = CURL_SSLVERSION_TLSv1_1;
++ break;
++ case '2':
++ /* TLS version 1.2 */
++ config->ssl_version = CURL_SSLVERSION_TLSv1_2;
++ break;
++ }
+ break;
+ case '2':
+ /* SSL version 2 */
+diff --git a/src/tool_setopt.c b/src/tool_setopt.c
+index 4014177..9860117 100644
+--- a/src/tool_setopt.c
++++ b/src/tool_setopt.c
+@@ -78,6 +78,9 @@ const NameValue setopt_nv_CURL_SSLVERSION[] = {
+ NV(CURL_SSLVERSION_TLSv1),
+ NV(CURL_SSLVERSION_SSLv2),
+ NV(CURL_SSLVERSION_SSLv3),
++ NV(CURL_SSLVERSION_TLSv1_0),
++ NV(CURL_SSLVERSION_TLSv1_1),
++ NV(CURL_SSLVERSION_TLSv1_2),
+ NVEND,
+ };
+
+--
+1.7.1
+
+
+From 350765306d7e2946fc8295fa2bfc2fe0c14651fc Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Tue, 15 Oct 2013 20:31:04 +0200
+Subject: [PATCH 2/9] curl: document the new --tlsv1.[012] options
+
+[upstream commit 076726f1412205622414abd908723c4b33ca12cb]
+---
+ docs/curl.1 | 20 ++++++++++++++++----
+ 1 files changed, 16 insertions(+), 4 deletions(-)
+
+diff --git a/docs/curl.1 b/docs/curl.1
+index b350865..53b378c 100644
+--- a/docs/curl.1
++++ b/docs/curl.1
+@@ -1419,14 +1419,26 @@ Set TLS authentication type. Currently, the only supported option is "SRP",
+ for TLS-SRP (RFC 5054). If \fI--tlsuser\fP and \fI--tlspassword\fP are
+ specified but \fI--tlsauthtype\fP is not, then this option defaults to "SRP".
+ (Added in 7.21.4)
+-.IP "--tlsuser <user>"
+-Set username for use with the TLS authentication method specified with
+-\fI--tlsauthtype\fP. Requires that \fI--tlspassword\fP also be set. (Added in
+-7.21.4)
+ .IP "--tlspassword <password>"
+ Set password for use with the TLS authentication method specified with
+ \fI--tlsauthtype\fP. Requires that \fI--tlsuser\fP also be set. (Added in
+ 7.21.4)
++.IP "--tlsuser <user>"
++Set username for use with the TLS authentication method specified with
++\fI--tlsauthtype\fP. Requires that \fI--tlspassword\fP also be set. (Added in
++7.21.4)
++.IP "--tlsv1.0"
++(SSL)
++Forces curl to use TLS version 1.0 when negotiating with a remote TLS server.
++(Added in 7.34.0)
++.IP "--tlsv1.1"
++(SSL)
++Forces curl to use TLS version 1.1 when negotiating with a remote TLS server.
++(Added in 7.34.0)
++.IP "--tlsv1.2"
++(SSL)
++Forces curl to use TLS version 1.2 when negotiating with a remote TLS server.
++(Added in 7.34.0)
+ .IP "--tr-encoding"
+ (HTTP) Request a compressed Transfer-Encoding response using one of the
+ algorithms curl supports, and uncompress the data while receiving it.
+--
+1.7.1
+
+
+From ba2b4e87b396faab9ccb5a3ca9aca935a7a78a1b Mon Sep 17 00:00:00 2001
+From: Steve Holme <steve_holme@hotmail.com>
+Date: Wed, 16 Oct 2013 20:06:23 +0100
+Subject: [PATCH 3/9] SSL: Corrected version number for new symbols from commit ad34a2d5c87c7f
+
+[upstream commit 2c84ffe1549ea7d5029ba7863f53013562e6758d]
+---
+ docs/libcurl/symbols-in-versions | 6 +++---
+ 1 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/docs/libcurl/symbols-in-versions b/docs/libcurl/symbols-in-versions
+index 57fa6eb..b275900 100644
+--- a/docs/libcurl/symbols-in-versions
++++ b/docs/libcurl/symbols-in-versions
+@@ -678,9 +678,9 @@ CURL_SSLVERSION_DEFAULT 7.9.2
+ CURL_SSLVERSION_SSLv2 7.9.2
+ CURL_SSLVERSION_SSLv3 7.9.2
+ CURL_SSLVERSION_TLSv1 7.9.2
+-CURL_SSLVERSION_TLSv1_0 7.33.0
+-CURL_SSLVERSION_TLSv1_1 7.33.0
+-CURL_SSLVERSION_TLSv1_2 7.33.0
++CURL_SSLVERSION_TLSv1_0 7.34.0
++CURL_SSLVERSION_TLSv1_1 7.34.0
++CURL_SSLVERSION_TLSv1_2 7.34.0
+ CURL_TIMECOND_IFMODSINCE 7.9.7
+ CURL_TIMECOND_IFUNMODSINCE 7.9.7
+ CURL_TIMECOND_LASTMOD 7.9.7
+--
+1.7.1
+
+
+From 5f908139b4e56c969bf6ef06c115a0a12353c827 Mon Sep 17 00:00:00 2001
+From: Steve Holme <steve_holme@hotmail.com>
+Date: Wed, 16 Oct 2013 20:18:15 +0100
+Subject: [PATCH 4/9] DOCS: Added libcurl version number to CURLOPT_SSLVERSION
+
+[upstream commit 75b9b26465d5f01b52564293c2d553649f801f70]
+---
+ docs/libcurl/curl_easy_setopt.3 | 8 +++++---
+ 1 files changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/docs/libcurl/curl_easy_setopt.3 b/docs/libcurl/curl_easy_setopt.3
+index 92db8f4..d73b664 100644
+--- a/docs/libcurl/curl_easy_setopt.3
++++ b/docs/libcurl/curl_easy_setopt.3
+@@ -2212,6 +2212,8 @@ Even though this option doesn't need any parameter, in some configurations
+ arguments. Therefore, it's recommended to pass 1 as parameter to this option.
+ .IP CURLOPT_SSLVERSION
+ Pass a long as parameter to control what version of SSL/TLS to attempt to use.
++(Added in 7.9.2)
++
+ The available options are:
+ .RS
+ .IP CURL_SSLVERSION_DEFAULT
+@@ -2225,11 +2227,11 @@ Force SSLv2
+ .IP CURL_SSLVERSION_SSLv3
+ Force SSLv3
+ .IP CURL_SSLVERSION_TLSv1_0
+-Force TLSv1.0
++Force TLSv1.0 (Added in 7.34.0)
+ .IP CURL_SSLVERSION_TLSv1_1
+-Force TLSv1.1
++Force TLSv1.1 (Added in 7.34.0)
+ .IP CURL_SSLVERSION_TLSv1_2
+-Force TLSv1.2
++Force TLSv1.2 (Added in 7.34.0)
+ .RE
+ .IP CURLOPT_SSL_VERIFYPEER
+ Pass a long as parameter. By default, curl assumes a value of 1.
+--
+1.7.1
+
+
+From 7940044fc233f626b912b5f51a7a0111a4c145d3 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Mon, 25 Nov 2013 16:03:52 +0100
+Subject: [PATCH 5/9] nss: use a better API for controlling SSL version
+
+This change introduces a dependency on NSS 3.14+.
+
+[upstream commit 30e7e7552ba4397896ecac82ea04f38d52c4cc8f]
+---
+ configure | 20 ++++++++++----------
+ configure.ac | 4 ++--
+ docs/INTERNALS | 2 +-
+ lib/nss.c | 40 +++++++++++++++++++---------------------
+ 4 files changed, 32 insertions(+), 34 deletions(-)
+
+diff --git a/configure b/configure
+index 2496b3c..ebde78a 100755
+--- a/configure
++++ b/configure
+@@ -23641,9 +23641,9 @@ $as_echo "found" >&6; }
+ CPPFLAGS="$CPPFLAGS $addcflags"
+ fi
+
+- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for PK11_CreateGenericObject in -lnss3" >&5
+-$as_echo_n "checking for PK11_CreateGenericObject in -lnss3... " >&6; }
+-if ${ac_cv_lib_nss3_PK11_CreateGenericObject+:} false; then :
++ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_VersionRangeSet in -lnss3" >&5
++$as_echo_n "checking for SSL_VersionRangeSet in -lnss3... " >&6; }
++if ${ac_cv_lib_nss3_SSL_VersionRangeSet+:} false; then :
+ $as_echo_n "(cached) " >&6
+ else
+ ac_check_lib_save_LIBS=$LIBS
+@@ -23655,26 +23655,26 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ #ifdef __cplusplus
+ extern "C"
+ #endif
+-char PK11_CreateGenericObject ();
++char SSL_VersionRangeSet ();
+ int main (void)
+ {
+-return PK11_CreateGenericObject ();
++return SSL_VersionRangeSet ();
+ ;
+ return 0;
+ }
+ _ACEOF
+ if ac_fn_c_try_link "$LINENO"; then :
+- ac_cv_lib_nss3_PK11_CreateGenericObject=yes
++ ac_cv_lib_nss3_SSL_VersionRangeSet=yes
+ else
+- ac_cv_lib_nss3_PK11_CreateGenericObject=no
++ ac_cv_lib_nss3_SSL_VersionRangeSet=no
+ fi
+ rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ LIBS=$ac_check_lib_save_LIBS
+ fi
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nss3_PK11_CreateGenericObject" >&5
+-$as_echo "$ac_cv_lib_nss3_PK11_CreateGenericObject" >&6; }
+-if test "x$ac_cv_lib_nss3_PK11_CreateGenericObject" = xyes; then :
++{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nss3_SSL_VersionRangeSet" >&5
++$as_echo "$ac_cv_lib_nss3_SSL_VersionRangeSet" >&6; }
++if test "x$ac_cv_lib_nss3_SSL_VersionRangeSet" = xyes; then :
+
+
+ $as_echo "#define USE_NSS 1" >>confdefs.h
+diff --git a/configure.ac b/configure.ac
+index 5970188..c81c879 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -2194,8 +2194,8 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
+ CPPFLAGS="$CPPFLAGS $addcflags"
+ fi
+
+- dnl The function PK11_CreateGenericObject is needed to load libnsspem.so
+- AC_CHECK_LIB(nss3, PK11_CreateGenericObject,
++ dnl The function SSL_VersionRangeSet() is needed to enable TLS > 1.0
++ AC_CHECK_LIB(nss3, SSL_VersionRangeSet,
+ [
+ AC_DEFINE(USE_NSS, 1, [if NSS is enabled])
+ AC_SUBST(USE_NSS, [1])
+diff --git a/docs/INTERNALS b/docs/INTERNALS
+index 03839c3..581b22d 100644
+--- a/docs/INTERNALS
++++ b/docs/INTERNALS
+@@ -43,7 +43,7 @@ Portability
+ openldap 2.0
+ MIT krb5 lib 1.2.4
+ qsossl V5R2M0
+- NSS 3.12.x
++ NSS 3.14.x
+ axTLS 1.2.7
+ Heimdal ?
+
+diff --git a/lib/nss.c b/lib/nss.c
+index ff93a38..14a0b0c 100644
+--- a/lib/nss.c
++++ b/lib/nss.c
+@@ -1175,9 +1175,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
+ {
+ PRErrorCode err = 0;
+ PRFileDesc *model = NULL;
+- PRBool ssl2 = PR_FALSE;
+- PRBool ssl3 = PR_FALSE;
+- PRBool tlsv1 = PR_FALSE;
++ SSLVersionRange sslver;
+ PRBool ssl_no_cache;
+ PRBool ssl_cbc_random_iv;
+ struct SessionHandle *data = conn->data;
+@@ -1251,20 +1249,25 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
+ switch (data->set.ssl.version) {
+ default:
+ case CURL_SSLVERSION_DEFAULT:
+- ssl3 = PR_TRUE;
+- if(data->state.ssl_connect_retry)
++ sslver.min = SSL_LIBRARY_VERSION_3_0;
++ if(data->state.ssl_connect_retry) {
+ infof(data, "TLS disabled due to previous handshake failure\n");
++ sslver.max = SSL_LIBRARY_VERSION_3_0;
++ }
+ else
+- tlsv1 = PR_TRUE;
++ sslver.max = SSL_LIBRARY_VERSION_TLS_1_0;
+ break;
+ case CURL_SSLVERSION_TLSv1:
+- tlsv1 = PR_TRUE;
++ sslver.min = SSL_LIBRARY_VERSION_TLS_1_0;
++ sslver.max = SSL_LIBRARY_VERSION_TLS_1_0;
+ break;
+ case CURL_SSLVERSION_SSLv2:
+- ssl2 = PR_TRUE;
++ sslver.min = SSL_LIBRARY_VERSION_2;
++ sslver.max = SSL_LIBRARY_VERSION_2;
+ break;
+ case CURL_SSLVERSION_SSLv3:
+- ssl3 = PR_TRUE;
++ sslver.min = SSL_LIBRARY_VERSION_3_0;
++ sslver.max = SSL_LIBRARY_VERSION_3_0;
+ break;
+ case CURL_SSLVERSION_TLSv1_0:
+ case CURL_SSLVERSION_TLSv1_1:
+@@ -1274,14 +1277,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
+ goto error;
+ }
+
+- if(SSL_OptionSet(model, SSL_ENABLE_SSL2, ssl2) != SECSuccess)
+- goto error;
+- if(SSL_OptionSet(model, SSL_ENABLE_SSL3, ssl3) != SECSuccess)
+- goto error;
+- if(SSL_OptionSet(model, SSL_ENABLE_TLS, tlsv1) != SECSuccess)
+- goto error;
+-
+- if(SSL_OptionSet(model, SSL_V2_COMPATIBLE_HELLO, ssl2) != SECSuccess)
++ if(SSL_VersionRangeSet(model, &sslver) != SECSuccess)
+ goto error;
+
+ ssl_cbc_random_iv = !data->set.ssl_enable_beast;
+@@ -1467,11 +1463,13 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
+ if(model)
+ PR_Close(model);
+
+- /* cleanup on connection failure */
+- Curl_llist_destroy(connssl->obj_list, NULL);
+- connssl->obj_list = NULL;
++ /* cleanup on connection failure */
++ Curl_llist_destroy(connssl->obj_list, NULL);
++ connssl->obj_list = NULL;
+
+- if(ssl3 && tlsv1 && isTLSIntoleranceError(err)) {
++ if((sslver.min == SSL_LIBRARY_VERSION_3_0)
++ && (sslver.max == SSL_LIBRARY_VERSION_TLS_1_0)
++ && isTLSIntoleranceError(err)) {
+ /* schedule reconnect through Curl_retry_request() */
+ data->state.ssl_connect_retry = TRUE;
+ infof(data, "Error in TLS handshake, trying SSLv3...\n");
+--
+1.7.1
+
+
+From 08398e7a8a8ba4e6fef1557392e3c0104cc3550f Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Mon, 25 Nov 2013 16:14:55 +0100
+Subject: [PATCH 6/9] nss: put SSL version selection into separate fnc
+
+[upstream commit 4fb8241add5b68e95fbf44d3c2bf470201a9915d]
+---
+ lib/nss.c | 72 +++++++++++++++++++++++++++++++++++-------------------------
+ 1 files changed, 42 insertions(+), 30 deletions(-)
+
+diff --git a/lib/nss.c b/lib/nss.c
+index 14a0b0c..2e2240b 100644
+--- a/lib/nss.c
++++ b/lib/nss.c
+@@ -1171,6 +1171,46 @@ static CURLcode nss_load_ca_certificates(struct connectdata *conn,
+ return CURLE_OK;
+ }
+
++static CURLcode nss_init_sslver(SSLVersionRange *sslver,
++ struct SessionHandle *data)
++{
++ switch (data->set.ssl.version) {
++ default:
++ case CURL_SSLVERSION_DEFAULT:
++ sslver->min = SSL_LIBRARY_VERSION_3_0;
++ if(data->state.ssl_connect_retry) {
++ infof(data, "TLS disabled due to previous handshake failure\n");
++ sslver->max = SSL_LIBRARY_VERSION_3_0;
++ }
++ else
++ sslver->max = SSL_LIBRARY_VERSION_TLS_1_0;
++ return CURLE_OK;
++
++ case CURL_SSLVERSION_TLSv1:
++ sslver->min = SSL_LIBRARY_VERSION_TLS_1_0;
++ sslver->max = SSL_LIBRARY_VERSION_TLS_1_0;
++ return CURLE_OK;
++
++ case CURL_SSLVERSION_SSLv2:
++ sslver->min = SSL_LIBRARY_VERSION_2;
++ sslver->max = SSL_LIBRARY_VERSION_2;
++ return CURLE_OK;
++
++ case CURL_SSLVERSION_SSLv3:
++ sslver->min = SSL_LIBRARY_VERSION_3_0;
++ sslver->max = SSL_LIBRARY_VERSION_3_0;
++ return CURLE_OK;
++
++ case CURL_SSLVERSION_TLSv1_0:
++ case CURL_SSLVERSION_TLSv1_1:
++ case CURL_SSLVERSION_TLSv1_2:
++ break;
++ }
++
++ failf(data, "TLS minor version cannot be set");
++ return CURLE_SSL_CONNECT_ERROR;
++}
++
+ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
+ {
+ PRErrorCode err = 0;
+@@ -1246,37 +1286,9 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
+ if(SSL_OptionSet(model, SSL_NO_CACHE, ssl_no_cache) != SECSuccess)
+ goto error;
+
+- switch (data->set.ssl.version) {
+- default:
+- case CURL_SSLVERSION_DEFAULT:
+- sslver.min = SSL_LIBRARY_VERSION_3_0;
+- if(data->state.ssl_connect_retry) {
+- infof(data, "TLS disabled due to previous handshake failure\n");
+- sslver.max = SSL_LIBRARY_VERSION_3_0;
+- }
+- else
+- sslver.max = SSL_LIBRARY_VERSION_TLS_1_0;
+- break;
+- case CURL_SSLVERSION_TLSv1:
+- sslver.min = SSL_LIBRARY_VERSION_TLS_1_0;
+- sslver.max = SSL_LIBRARY_VERSION_TLS_1_0;
+- break;
+- case CURL_SSLVERSION_SSLv2:
+- sslver.min = SSL_LIBRARY_VERSION_2;
+- sslver.max = SSL_LIBRARY_VERSION_2;
+- break;
+- case CURL_SSLVERSION_SSLv3:
+- sslver.min = SSL_LIBRARY_VERSION_3_0;
+- sslver.max = SSL_LIBRARY_VERSION_3_0;
+- break;
+- case CURL_SSLVERSION_TLSv1_0:
+- case CURL_SSLVERSION_TLSv1_1:
+- case CURL_SSLVERSION_TLSv1_2:
+- failf(data, "TLS minor version cannot be set\n");
+- curlerr = CURLE_SSL_CONNECT_ERROR;
++ /* enable/disable the requested SSL version(s) */
++ if(nss_init_sslver(&sslver, data) != CURLE_OK)
+ goto error;
+- }
+-
+ if(SSL_VersionRangeSet(model, &sslver) != SECSuccess)
+ goto error;
+
+--
+1.7.1
+
+
+From 91a3d58fc48f0d08ab81f1e013b2d58a7ccd7146 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Mon, 25 Nov 2013 16:25:15 +0100
+Subject: [PATCH 7/9] nss: allow to use TLS > 1.0 if built against recent NSS
+
+Bug: http://curl.haxx.se/mail/lib-2013-11/0162.html
+
+[upstream commit 7fc9325a52a6dad1f8b859a3269472ffc125edd0]
+---
+ lib/nss.c | 22 ++++++++++++++++++++++
+ 1 files changed, 22 insertions(+), 0 deletions(-)
+
+diff --git a/lib/nss.c b/lib/nss.c
+index 2e2240b..5cd33d8 100644
+--- a/lib/nss.c
++++ b/lib/nss.c
+@@ -1188,7 +1188,13 @@ static CURLcode nss_init_sslver(SSLVersionRange *sslver,
+
+ case CURL_SSLVERSION_TLSv1:
+ sslver->min = SSL_LIBRARY_VERSION_TLS_1_0;
++#ifdef SSL_LIBRARY_VERSION_TLS_1_2
++ sslver->max = SSL_LIBRARY_VERSION_TLS_1_2;
++#elif defined SSL_LIBRARY_VERSION_TLS_1_1
++ sslver->max = SSL_LIBRARY_VERSION_TLS_1_1;
++#else
+ sslver->max = SSL_LIBRARY_VERSION_TLS_1_0;
++#endif
+ return CURLE_OK;
+
+ case CURL_SSLVERSION_SSLv2:
+@@ -1202,8 +1208,24 @@ static CURLcode nss_init_sslver(SSLVersionRange *sslver,
+ return CURLE_OK;
+
+ case CURL_SSLVERSION_TLSv1_0:
++ sslver->min = SSL_LIBRARY_VERSION_TLS_1_0;
++ sslver->max = SSL_LIBRARY_VERSION_TLS_1_0;
++ return CURLE_OK;
++
+ case CURL_SSLVERSION_TLSv1_1:
++#ifdef SSL_LIBRARY_VERSION_TLS_1_1
++ sslver->min = SSL_LIBRARY_VERSION_TLS_1_1;
++ sslver->max = SSL_LIBRARY_VERSION_TLS_1_1;
++ return CURLE_OK;
++#endif
++ break;
++
+ case CURL_SSLVERSION_TLSv1_2:
++#ifdef SSL_LIBRARY_VERSION_TLS_1_2
++ sslver->min = SSL_LIBRARY_VERSION_TLS_1_2;
++ sslver->max = SSL_LIBRARY_VERSION_TLS_1_2;
++ return CURLE_OK;
++#endif
+ break;
+ }
+
+--
+1.7.1
+
+
+From 404492a5a815b83fab58ce60434c01c270b6bc73 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Mon, 2 Dec 2013 14:25:07 +0100
+Subject: [PATCH 8/9] nss: unconditionally require NSS_InitContext()
+
+... since we depend on NSS 3.14+ because of SSL_VersionRangeSet() anyway
+
+[upstream commit 865666afca926faa1c721020fc54364540caf734]
+---
+ configure | 12 ------------
+ configure.ac | 8 --------
+ lib/nss.c | 26 --------------------------
+ 3 files changed, 0 insertions(+), 46 deletions(-)
+
+diff --git a/configure b/configure
+index ebde78a..8741e21 100755
+--- a/configure
++++ b/configure
+@@ -23697,18 +23697,6 @@ fi
+ { $as_echo "$as_me:${as_lineno-$LINENO}: detected NSS version $version" >&5
+ $as_echo "$as_me: detected NSS version $version" >&6;}
+
+- ac_fn_c_check_func "$LINENO" "NSS_InitContext" "ac_cv_func_NSS_InitContext"
+-if test "x$ac_cv_func_NSS_InitContext" = xyes; then :
+-
+-
+-$as_echo "#define HAVE_NSS_INITCONTEXT 1" >>confdefs.h
+-
+- HAVE_NSS_INITCONTEXT=1
+-
+-
+-fi
+-
+-
+ if test "x$cross_compiling" != "xyes"; then
+ LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$nssprefix/lib$libsuff"
+ export LD_LIBRARY_PATH
+diff --git a/configure.ac b/configure.ac
+index c81c879..70ef0b7 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -2211,14 +2211,6 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
+ if test "x$USE_NSS" = "xyes"; then
+ AC_MSG_NOTICE([detected NSS version $version])
+
+- dnl NSS_InitContext() was introduced in NSS 3.12.5 and helps to prevent
+- dnl collisions on NSS initialization/shutdown with other libraries
+- AC_CHECK_FUNC(NSS_InitContext,
+- [
+- AC_DEFINE(HAVE_NSS_INITCONTEXT, 1, [if you have the NSS_InitContext function])
+- AC_SUBST(HAVE_NSS_INITCONTEXT, [1])
+- ])
+-
+ dnl when shared libs were found in a path that the run-time
+ dnl linker doesn't search through, we need to add it to
+ dnl LD_LIBRARY_PATH to prevent further configure tests to fail
+diff --git a/lib/nss.c b/lib/nss.c
+index 5cd33d8..7b49c20 100644
+--- a/lib/nss.c
++++ b/lib/nss.c
+@@ -76,9 +76,7 @@ PRFileDesc *PR_ImportTCPSocket(PRInt32 osfd);
+
+ PRLock * nss_initlock = NULL;
+ PRLock * nss_crllock = NULL;
+-#ifdef HAVE_NSS_INITCONTEXT
+ NSSInitContext * nss_context = NULL;
+-#endif
+
+ volatile int initialized = 0;
+
+@@ -853,7 +851,6 @@ isTLSIntoleranceError(PRInt32 err)
+
+ static CURLcode nss_init_core(struct SessionHandle *data, const char *cert_dir)
+ {
+-#ifdef HAVE_NSS_INITCONTEXT
+ NSSInitParameters initparams;
+
+ if(nss_context != NULL)
+@@ -861,12 +858,6 @@ static CURLcode nss_init_core(struct SessionHandle *data, const char *cert_dir)
+
+ memset((void *) &initparams, '\0', sizeof(initparams));
+ initparams.length = sizeof(initparams);
+-#else /* HAVE_NSS_INITCONTEXT */
+- SECStatus rv;
+-
+- if(NSS_IsInitialized())
+- return CURLE_OK;
+-#endif
+
+ if(cert_dir) {
+ const bool use_sql = NSS_VersionCheck("3.12.0");
+@@ -875,35 +866,22 @@ static CURLcode nss_init_core(struct SessionHandle *data, const char *cert_dir)
+ return CURLE_OUT_OF_MEMORY;
+
+ infof(data, "Initializing NSS with certpath: %s\n", certpath);
+-#ifdef HAVE_NSS_INITCONTEXT
+ nss_context = NSS_InitContext(certpath, "", "", "", &initparams,
+ NSS_INIT_READONLY | NSS_INIT_PK11RELOAD);
+ free(certpath);
+
+ if(nss_context != NULL)
+ return CURLE_OK;
+-#else /* HAVE_NSS_INITCONTEXT */
+- rv = NSS_Initialize(certpath, "", "", "", NSS_INIT_READONLY);
+- free(certpath);
+-
+- if(rv == SECSuccess)
+- return CURLE_OK;
+-#endif
+
+ infof(data, "Unable to initialize NSS database\n");
+ }
+
+ infof(data, "Initializing NSS with certpath: none\n");
+-#ifdef HAVE_NSS_INITCONTEXT
+ nss_context = NSS_InitContext("", "", "", "", &initparams, NSS_INIT_READONLY
+ | NSS_INIT_NOCERTDB | NSS_INIT_NOMODDB | NSS_INIT_FORCEOPEN
+ | NSS_INIT_NOROOTINIT | NSS_INIT_OPTIMIZESPACE | NSS_INIT_PK11RELOAD);
+ if(nss_context != NULL)
+ return CURLE_OK;
+-#else /* HAVE_NSS_INITCONTEXT */
+- if(NSS_NoDB_Init(NULL) == SECSuccess)
+- return CURLE_OK;
+-#endif
+
+ infof(data, "Unable to initialize NSS\n");
+ return CURLE_SSL_CACERT_BADFILE;
+@@ -999,12 +977,8 @@ void Curl_nss_cleanup(void)
+ SECMOD_DestroyModule(mod);
+ mod = NULL;
+ }
+-#ifdef HAVE_NSS_INITCONTEXT
+ NSS_ShutdownContext(nss_context);
+ nss_context = NULL;
+-#else /* HAVE_NSS_INITCONTEXT */
+- NSS_Shutdown();
+-#endif
+ }
+ PR_Unlock(nss_initlock);
+
+--
+1.7.1
+
+
+From a643c75662b6909a5be1bed8273ed1273ab2b3f4 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Mon, 2 Dec 2013 16:09:12 +0100
+Subject: [PATCH 9/9] nss: make sure that 'sslver' is always initialized
+
+[upstream commit e221b55f67a2e12717e911f25d1bb6c85fcebfab]
+---
+ lib/nss.c | 9 +++++----
+ 1 files changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/lib/nss.c b/lib/nss.c
+index 7b49c20..abc8a91 100644
+--- a/lib/nss.c
++++ b/lib/nss.c
+@@ -1151,13 +1151,10 @@ static CURLcode nss_init_sslver(SSLVersionRange *sslver,
+ switch (data->set.ssl.version) {
+ default:
+ case CURL_SSLVERSION_DEFAULT:
+- sslver->min = SSL_LIBRARY_VERSION_3_0;
+ if(data->state.ssl_connect_retry) {
+ infof(data, "TLS disabled due to previous handshake failure\n");
+ sslver->max = SSL_LIBRARY_VERSION_3_0;
+ }
+- else
+- sslver->max = SSL_LIBRARY_VERSION_TLS_1_0;
+ return CURLE_OK;
+
+ case CURL_SSLVERSION_TLSv1:
+@@ -1211,7 +1208,6 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
+ {
+ PRErrorCode err = 0;
+ PRFileDesc *model = NULL;
+- SSLVersionRange sslver;
+ PRBool ssl_no_cache;
+ PRBool ssl_cbc_random_iv;
+ struct SessionHandle *data = conn->data;
+@@ -1223,6 +1219,11 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
+ long time_left;
+ PRUint32 timeout;
+
++ SSLVersionRange sslver = {
++ SSL_LIBRARY_VERSION_3_0, /* min */
++ SSL_LIBRARY_VERSION_TLS_1_0 /* max */
++ };
++
+ if(connssl->state == ssl_connection_complete)
+ return CURLE_OK;
+
+--
+1.7.1
+
diff --git a/0016-curl-7.29.0-1cf71bd7.patch b/0016-curl-7.29.0-1cf71bd7.patch
new file mode 100644
index 0000000..31c4e08
--- /dev/null
+++ b/0016-curl-7.29.0-1cf71bd7.patch
@@ -0,0 +1,27 @@
+From cf8b6a21f1e9af984cfef417e83ca06b64565215 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Mon, 20 Jan 2014 20:24:05 +0100
+Subject: [PATCH] Curl_is_connected: use proxy name in error message when proxy is used
+
+Backport of upstream commit 1cf71bd76e4a330e5b7824014c2605e4bfe1a0a5.
+---
+ lib/connect.c | 3 ++-
+ 1 files changed, 2 insertions(+), 1 deletions(-)
+
+diff --git a/lib/connect.c b/lib/connect.c
+index 0afb1ee..ba9ab92 100644
+--- a/lib/connect.c
++++ b/lib/connect.c
+@@ -758,7 +758,8 @@ CURLcode Curl_is_connected(struct connectdata *conn,
+ error = SOCKERRNO;
+ data->state.os_errno = error;
+ failf(data, "Failed connect to %s:%ld; %s",
+- conn->host.name, conn->port, Curl_strerror(conn, error));
++ conn->bits.proxy?conn->proxy.name:conn->host.name,
++ conn->port, Curl_strerror(conn, error));
+ }
+
+ return code;
+--
+1.7.1
+
diff --git a/0017-curl-7.29.0-ffb8a21d.patch b/0017-curl-7.29.0-ffb8a21d.patch
new file mode 100644
index 0000000..5f35a9a
--- /dev/null
+++ b/0017-curl-7.29.0-ffb8a21d.patch
@@ -0,0 +1,36 @@
+From 93b06606d7ee483567770deda967985e8377debb Mon Sep 17 00:00:00 2001
+From: Steve Holme <steve_holme@hotmail.com>
+Date: Sun, 2 Feb 2014 11:01:10 +0000
+Subject: [PATCH] tests: Fixed test172 cookie expiry
+
+The test contains a cookie jar file where one of the cookies has an
+expiry date of 1391252187 -- Sat, 1 Feb 2014 10:56:27 GMT which has
+now expired. Updated to Wed, 14 Oct 2037 16:36:33 GMT as per test
+179.
+
+Reported-by: Adam Sampson
+Bug: http://curl.haxx.se/bug/view.cgi?id=1330
+
+[upstream commit ffb8a21d85bde8b626e5dc52ce25f0447ee49f89]
+
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ tests/data/test172 | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/tests/data/test172 b/tests/data/test172
+index b3efae9..3d53418 100644
+--- a/tests/data/test172
++++ b/tests/data/test172
+@@ -36,7 +36,7 @@ http://%HOSTIP:%HTTPPORT/we/want/172 -b log/jar172.txt -b "tool=curl; name=fool"
+
+ .%HOSTIP TRUE /silly/ FALSE 0 ismatch this
+ .%HOSTIP TRUE / FALSE 0 partmatch present
+-%HOSTIP FALSE /we/want/ FALSE 1391252187 nodomain value
++%HOSTIP FALSE /we/want/ FALSE 2139150993 nodomain value
+ </file>
+ </client>
+
+--
+1.7.1
+
diff --git a/0018-curl-7.29.0-03c28820.patch b/0018-curl-7.29.0-03c28820.patch
new file mode 100644
index 0000000..09a7391
--- /dev/null
+++ b/0018-curl-7.29.0-03c28820.patch
@@ -0,0 +1,67 @@
+From fbbbf6a3daa7949cfb0fbd9731a80649ce717e6d Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Fri, 7 Feb 2014 20:28:53 +0100
+Subject: [PATCH 1/2] --help: add missing --tlsv1.x options
+
+[upstream commit 67d14ab98f8b819ee6f5e6a4a2770d311c6bf13b]
+
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ src/tool_help.c | 5 ++++-
+ 1 files changed, 4 insertions(+), 1 deletions(-)
+
+diff --git a/src/tool_help.c b/src/tool_help.c
+index 124f640..f7cd618 100644
+--- a/src/tool_help.c
++++ b/src/tool_help.c
+@@ -199,7 +199,10 @@ static const char *const helptext[] = {
+ " -t, --telnet-option OPT=VAL Set telnet option",
+ " --tftp-blksize VALUE Set TFTP BLKSIZE option (must be >512)",
+ " -z, --time-cond TIME Transfer based on a time condition",
+- " -1, --tlsv1 Use TLSv1 (SSL)",
++ " -1, --tlsv1 Use => TLSv1 (SSL)",
++ " --tlsv1.0 Use TLSv1.0 (SSL)",
++ " --tlsv1.1 Use TLSv1.1 (SSL)",
++ " --tlsv1.2 Use TLSv1.2 (SSL)",
+ " --trace FILE Write a debug trace to the given file",
+ " --trace-ascii FILE Like --trace but without the hex output",
+ " --trace-time Add time stamps to trace/verbose output",
+--
+1.7.1
+
+
+From cc28ee70fcc2222646eef4f2b2ab3cc207c6112a Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Mon, 17 Feb 2014 16:55:10 +0100
+Subject: [PATCH 2/2] curl.1: update the description of --tlsv1
+
+... and mention the --tlsv1.[0-2] options in the --tslv1 entry
+
+Reported-by: Hubert Kario
+
+[upstream commit 03c288202ed159a2a9e953f59e58f69a86eda79b]
+
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ docs/curl.1 | 5 ++++-
+ 1 files changed, 4 insertions(+), 1 deletions(-)
+
+diff --git a/docs/curl.1 b/docs/curl.1
+index 53b378c..7f3571b 100644
+--- a/docs/curl.1
++++ b/docs/curl.1
+@@ -117,7 +117,10 @@ more informational, meter.
+ internally preferred: HTTP 1.1.
+ .IP "-1, --tlsv1"
+ (SSL)
+-Forces curl to use TLS version 1 when negotiating with a remote TLS server.
++Forces curl to use TLS version 1.x when negotiating with a remote TLS server.
++You can use options \fI--tlsv1.0\fP, \fI--tlsv1.1\fP, and \fI--tlsv1.2\fP to
++control the TLS version more precisely (if the SSL backend in use supports such
++a level of control).
+ .IP "-2, --sslv2"
+ (SSL)
+ Forces curl to use SSL version 2 when negotiating with a remote SSL server.
+--
+1.7.1
+
diff --git a/0018-curl-7.29.0-517b06d6.patch b/0018-curl-7.29.0-517b06d6.patch
new file mode 100644
index 0000000..b56875e
--- /dev/null
+++ b/0018-curl-7.29.0-517b06d6.patch
@@ -0,0 +1,68 @@
+From 46e85fee025964dd9a8ce2d615bc5f8ece530519 Mon Sep 17 00:00:00 2001
+From: Steve Holme <steve_holme@hotmail.com>
+Date: Thu, 20 Feb 2014 23:51:36 +0000
+Subject: [PATCH] url: Fixed connection re-use when using different log-in credentials
+
+In addition to FTP, other connection based protocols such as IMAP, POP3,
+SMTP, SCP, SFTP and LDAP require a new connection when different log-in
+credentials are specified. Fixed the detection logic to include these
+other protocols.
+
+Bug: http://curl.haxx.se/docs/adv_20140326A.html
+
+[upstream commit 517b06d657aceb11a234b05cc891170c367ab80d]
+
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/http.c | 2 +-
+ lib/url.c | 6 +++---
+ lib/urldata.h | 2 ++
+ 3 files changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/lib/http.c b/lib/http.c
+index f4b7a48..c78036b 100644
+--- a/lib/http.c
++++ b/lib/http.c
+@@ -142,7 +142,7 @@ const struct Curl_handler Curl_handler_https = {
+ ZERO_NULL, /* readwrite */
+ PORT_HTTPS, /* defport */
+ CURLPROTO_HTTP | CURLPROTO_HTTPS, /* protocol */
+- PROTOPT_SSL /* flags */
++ PROTOPT_SSL | PROTOPT_CREDSPERREQUEST /* flags */
+ };
+ #endif
+
+diff --git a/lib/url.c b/lib/url.c
+index 9690dfa..0174ff4 100644
+--- a/lib/url.c
++++ b/lib/url.c
+@@ -2961,10 +2961,10 @@ ConnectionExists(struct SessionHandle *data,
+ continue;
+ }
+ }
+- if((needle->handler->protocol & CURLPROTO_FTP) ||
++ if((!(needle->handler->flags & PROTOPT_CREDSPERREQUEST)) ||
+ ((needle->handler->protocol & CURLPROTO_HTTP) && wantNTLM)) {
+- /* This is FTP or HTTP+NTLM, verify that we're using the same name
+- and password as well */
++ /* This protocol requires credentials per connection or is HTTP+NTLM,
++ so verify that we're using the same name and password as well */
+ if(!strequal(needle->user, check->user) ||
+ !strequal(needle->passwd, check->passwd)) {
+ /* one of them was different */
+diff --git a/lib/urldata.h b/lib/urldata.h
+index d597c67..cbf4102 100644
+--- a/lib/urldata.h
++++ b/lib/urldata.h
+@@ -755,6 +755,8 @@ struct Curl_handler {
+ gets a default */
+ #define PROTOPT_NOURLQUERY (1<<6) /* protocol can't handle
+ url query strings (?foo=bar) ! */
++#define PROTOPT_CREDSPERREQUEST (1<<7) /* requires login creditials per request
++ as opposed to per connection */
+
+
+ /* return the count of bytes sent, or -1 on error */
+--
+1.7.1
+
diff --git a/0101-curl-7.27.0-multilib.patch b/0101-curl-7.29.0-multilib.patch
index 09acf78..38aa86c 100644
--- a/0101-curl-7.27.0-multilib.patch
+++ b/0101-curl-7.29.0-multilib.patch
@@ -26,15 +26,15 @@ index 150004d..95d0759 100644
- CURLLIBDIR=""
- fi
- if test "X@REQUIRE_LIB_DEPS@" = "Xyes"; then
-- echo ${CURLLIBDIR}-lcurl @LIBCURL_LIBS@ @LIBS@
+- echo ${CURLLIBDIR}-lcurl @LIBCURL_LIBS@
- else
-- echo ${CURLLIBDIR}-lcurl @LIBS@
+- echo ${CURLLIBDIR}-lcurl
- fi
+ pkg-config libcurl --libs
;;
--static-libs)
-- echo @libdir@/libcurl.@libext@ @LDFLAGS@ @LIBCURL_LIBS@ @LIBS@
+- echo @libdir@/libcurl.@libext@ @LDFLAGS@ @LIBCURL_LIBS@
;;
--configure)
diff --git a/0102-curl-7.27.0-debug.patch b/0102-curl-7.29.0-debug.patch
index 0f10d40..7f70530 100644
--- a/0102-curl-7.27.0-debug.patch
+++ b/0102-curl-7.29.0-debug.patch
@@ -1,12 +1,18 @@
- configure | 15 ++++-----------
- m4/curl-compilers.m4 | 15 ++++-----------
- 2 files changed, 8 insertions(+), 22 deletions(-)
+From 6710648c2b270c9ce68a7d9f1bba1222c7be8b58 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Wed, 31 Oct 2012 11:38:30 +0100
+Subject: [PATCH] prevent configure script from discarding -g in CFLAGS (#496778)
+
+---
+ configure | 13 +++----------
+ m4/curl-compilers.m4 | 13 +++----------
+ 2 files changed, 6 insertions(+), 20 deletions(-)
diff --git a/configure b/configure
-index d3ecf69..6d8f085 100755
+index 8f079a3..53b4774 100755
--- a/configure
+++ b/configure
-@@ -15093,18 +15093,11 @@ $as_echo "yes" >&6; }
+@@ -15759,18 +15759,11 @@ $as_echo "yes" >&6; }
gccvhi=`echo $gccver | cut -d . -f1`
gccvlo=`echo $gccver | cut -d . -f2`
compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`
@@ -20,17 +26,16 @@ index d3ecf69..6d8f085 100755
- flags_dbg_all="$flags_dbg_all -gvms"
+ flags_dbg_all=""
flags_dbg_yes="-g"
-- flags_dbg_off="-g0"
+ flags_dbg_off=""
- flags_opt_all="-O -O0 -O1 -O2 -O3 -Os"
- flags_opt_yes="-O2"
-+ flags_dbg_off=""
+ flags_opt_all=""
+ flags_opt_yes=""
flags_opt_off="-O0"
if test -z "$SED"; then
diff --git a/m4/curl-compilers.m4 b/m4/curl-compilers.m4
-index 1ea4d17..868d65a 100644
+index 0cbba7a..9175b5b 100644
--- a/m4/curl-compilers.m4
+++ b/m4/curl-compilers.m4
@@ -148,18 +148,11 @@ AC_DEFUN([CURL_CHECK_COMPILER_GNU_C], [
@@ -47,12 +52,14 @@ index 1ea4d17..868d65a 100644
- flags_dbg_all="$flags_dbg_all -gvms"
+ flags_dbg_all=""
flags_dbg_yes="-g"
-- flags_dbg_off="-g0"
+ flags_dbg_off=""
- flags_opt_all="-O -O0 -O1 -O2 -O3 -Os"
- flags_opt_yes="-O2"
-+ flags_dbg_off=""
+ flags_opt_all=""
+ flags_opt_yes=""
flags_opt_off="-O0"
CURL_CHECK_DEF([_WIN32], [], [silent])
else
+--
+1.7.1
+
diff --git a/0105-curl-7.32.0-scp-upload.patch b/0105-curl-7.32.0-scp-upload.patch
new file mode 100644
index 0000000..c0fb0bf
--- /dev/null
+++ b/0105-curl-7.32.0-scp-upload.patch
@@ -0,0 +1,42 @@
+From 2e973be50f75d0a85dcb995f7823f00b1fc85c2f Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Mon, 7 Oct 2013 16:07:50 +0200
+Subject: [PATCH] ssh: improve the logic for detecting blocking direction
+
+This fixes a regression introduced by commit 0feeab78 limiting the speed
+of SCP upload to 16384 B/s on a fast connection (such as localhost).
+
+[upstream commit d015f4ccac627852869cb45e31ccdc9fbd97dc47]
+---
+ lib/ssh.c | 8 +++++---
+ 1 files changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/lib/ssh.c b/lib/ssh.c
+index 422357b..93c65c3 100644
+--- a/lib/ssh.c
++++ b/lib/ssh.c
+@@ -2287,6 +2287,10 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
+ sshc->actualcode = result;
+ }
+ else {
++ /* store this original bitmask setup to use later on if we can't
++ figure out a "real" bitmask */
++ sshc->orig_waitfor = data->req.keepon;
++
+ /* we want to use the _sending_ function even when the socket turns
+ out readable as the underlying libssh2 scp send function will deal
+ with both accordingly */
+@@ -2603,9 +2607,7 @@ static void ssh_block2waitfor(struct connectdata *conn, bool block)
+ {
+ struct ssh_conn *sshc = &conn->proto.sshc;
+ int dir;
+- if(!block)
+- conn->waitfor = 0;
+- else if((dir = libssh2_session_block_directions(sshc->ssh_session))) {
++ if(block && (dir = libssh2_session_block_directions(sshc->ssh_session))) {
+ /* translate the libssh2 define bits into our own bit defines */
+ conn->waitfor = ((dir&LIBSSH2_SESSION_BLOCK_INBOUND)?KEEP_RECV:0) |
+ ((dir&LIBSSH2_SESSION_BLOCK_OUTBOUND)?KEEP_SEND:0);
+--
+1.7.1
+
diff --git a/0108-curl-7.27.0-utf8.patch b/0108-curl-7.27.0-utf8.patch
deleted file mode 100644
index b740b17..0000000
--- a/0108-curl-7.27.0-utf8.patch
+++ /dev/null
@@ -1,86 +0,0 @@
- CHANGES | 16 ++++++++--------
- README | 2 +-
- 2 files changed, 9 insertions(+), 9 deletions(-)
-
-diff --git a/CHANGES b/CHANGES
-index 2335841..d4d37c2 100644
---- a/CHANGES
-+++ b/CHANGES
-@@ -272,7 +272,7 @@ Daniel Stenberg (9 Jul 2012)
-
- - cookie: fixed typo in comment
-
--- [Christian Hägele brought this change]
-+- [Christian Hägele brought this change]
-
- https_getsock: provided for schannel backend as well
-
-@@ -454,7 +454,7 @@ Yang Tse (3 Jul 2012)
- testcurl.pl: fix missing semicolon
-
- Daniel Stenberg (2 Jul 2012)
--- [Christian Hägele brought this change]
-+- [Christian Hägele brought this change]
-
- unicode NTLM SSPI: heap corruption fixed
-
-@@ -2563,18 +2563,18 @@ Daniel Stenberg (1 Apr 2012)
- Reported by: Michael Wallner
-
- Steve Holme (31 Mar 2012)
--- [Gökhan Şengün brought this change]
-+- [Gökhan Şengün brought this change]
-
- smtp: Add support for DIGEST-MD5 authentication
-
--- [Gökhan Şengün brought this change]
-+- [Gökhan Şengün brought this change]
-
- smtp: Cody tidy up of md5 digest length
-
- Replaced the hard coded md5 digest length (16) with a preprocessor
- constant
-
--- [Gökhan Şengün brought this change]
-+- [Gökhan Şengün brought this change]
-
- md5: Add support for calculating the md5 sum of buffers incrementally
-
-@@ -3866,7 +3866,7 @@ Daniel Stenberg (20 Dec 2011)
- This offers an alternative to the existing Curl_socket_ready() API which
- only checks one socket for read and one for write.
-
--- [Cédric Deltheil brought this change]
-+- [Cédric Deltheil brought this change]
-
- curl.h: add __ANDROID__ macro check
-
-@@ -4079,7 +4079,7 @@ Daniel Stenberg (12 Dec 2011)
- linking with a static openssl requires a set of more libs to be linked
- on Windows.
-
-- Thanks also to Steve Holme and Martin Storsj for additional feedback.
-+ Thanks also to Steve Holme and Martin Storsjö for additional feedback.
-
- Bug: http://curl.haxx.se/mail/lib-2011-12/0063.html
- Reported by: Ward Willats
-@@ -5333,7 +5333,7 @@ Daniel Stenberg (25 Sep 2011)
- damaging.
-
- Bug: http://curl.haxx.se/bug/view.cgi?id=3413181
-- Reported by: Taneli Vhkangas
-+ Reported by: Taneli Vähäkangas
-
- Yang Tse (24 Sep 2011)
- - curl tool: fix a compiler warning
-diff --git a/README b/README
-index 2ffacc3..cfd6760 100644
---- a/README
-+++ b/README
-@@ -45,5 +45,5 @@ GIT
- NOTICE
-
- Curl contains pieces of source code that is Copyright (c) 1998, 1999
-- Kungliga Tekniska Hgskolan. This notice is included here to comply with the
-+ Kungliga Tekniska Högskolan. This notice is included here to comply with the
- distribution terms.
diff --git a/0108-curl-7.29.0-utf8.patch b/0108-curl-7.29.0-utf8.patch
new file mode 100644
index 0000000..4829d1f
--- /dev/null
+++ b/0108-curl-7.29.0-utf8.patch
@@ -0,0 +1,39 @@
+From c6246783cf347652f70d95c0562dd411747e9d53 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Wed, 31 Oct 2012 11:40:30 +0100
+Subject: [PATCH] Fix character encoding of docs
+
+..., which are of mixed encoding originally so a simple iconv can't
+fix them.
+---
+ CHANGES | 2 +-
+ README | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/CHANGES b/CHANGES
+index 4568408..5fc1652 100644
+--- a/CHANGES
++++ b/CHANGES
+@@ -1910,7 +1910,7 @@ Daniel Stenberg (12 Nov 2012)
+
+ - [Gabriel Sjoberg brought this change]
+
+- Digst: Add microseconds into nounce calculation
++ Digest: Add microseconds into nounce calculation
+
+ When using only 1 second precision, curl doesn't create new cnonce
+ values quickly enough for all uses.
+diff --git a/README b/README
+index 2ffacc3..cfd6760 100644
+--- a/README
++++ b/README
+@@ -45,5 +45,5 @@ GIT
+ NOTICE
+
+ Curl contains pieces of source code that is Copyright (c) 1998, 1999
+- Kungliga Tekniska Hgskolan. This notice is included here to comply with the
++ Kungliga Tekniska Högskolan. This notice is included here to comply with the
+ distribution terms.
+--
+1.7.1
+
diff --git a/0201-curl-7.29.0-openssl.patch b/0201-curl-7.29.0-openssl.patch
new file mode 100644
index 0000000..984d916
--- /dev/null
+++ b/0201-curl-7.29.0-openssl.patch
@@ -0,0 +1,31 @@
+--- ./lib/ssluse.c.old 2014-12-20 08:10:34.590020955 +0100
++++ ./lib/ssluse.c 2014-12-20 08:12:24.143382067 +0100
+@@ -1524,20 +1524,28 @@
+ case CURL_SSLVERSION_TLSv1_0:
+ ctx_options |= SSL_OP_NO_SSLv2;
+ ctx_options |= SSL_OP_NO_SSLv3;
++#ifdef SSL_OP_NO_TLSv1_1
+ ctx_options |= SSL_OP_NO_TLSv1_1;
++#endif
++#ifdef SSL_OP_NO_TLSv1_2
+ ctx_options |= SSL_OP_NO_TLSv1_2;
++#endif
+ break;
+ case CURL_SSLVERSION_TLSv1_1:
+ ctx_options |= SSL_OP_NO_SSLv2;
+ ctx_options |= SSL_OP_NO_SSLv3;
+ ctx_options |= SSL_OP_NO_TLSv1;
++#ifdef SSL_OP_NO_TLSv1_2
+ ctx_options |= SSL_OP_NO_TLSv1_2;
++#endif
+ break;
+ case CURL_SSLVERSION_TLSv1_2:
+ ctx_options |= SSL_OP_NO_SSLv2;
+ ctx_options |= SSL_OP_NO_SSLv3;
+ ctx_options |= SSL_OP_NO_TLSv1;
++#ifdef SSL_OP_NO_TLSv1_1
+ ctx_options |= SSL_OP_NO_TLSv1_1;
++#endif
+ break;
+ }
+
diff --git a/curl.spec b/curl.spec
index e36f253..02aa074 100644
--- a/curl.spec
+++ b/curl.spec
@@ -1,63 +1,77 @@
+# Define %%{__isa_bits} for old releases
+%{!?__isa_bits: %global __isa_bits %((echo '#include <bits/wordsize.h>'; echo __WORDSIZE) | cpp - | grep -Ex '32|64')}
+
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
Name: curl
-Version: 7.27.0
-Release: 11%{?dist}
+Version: 7.29.0
+Release: 19%{?dist}
License: MIT
Group: Applications/Internet
-Source: http://curl.haxx.se/download/%{name}-%{version}.tar.bz2
+Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
Source2: curlbuild.h
-Source3: hide_selinux.c
-# eliminate unnecessary inotify events on upload via file protocol (#844385)
-Patch1: 0001-curl-7.27.0-1f8518c5.patch
+# fix a SIGSEGV when closing an unused multi handle (#914411)
+Patch1: 0001-curl-7.29.0-da3fc1ee.patch
-# do not crash if MD5 fingerprint is not provided by libssh2
-Patch2: 0002-curl-7.27.0-f05e5136.patch
+# switch SSL socket into non-blocking mode after handshake
+Patch2: 0002-curl-7.29.0-9d0af301.patch
-# fix a syntax error in curl-config (#871317)
-Patch3: 0003-curl-7.27.0-382429e7.patch
+# do not ignore poll() failures other than EINTR
+Patch3: 0003-curl-7.29.0-491e026c.patch
-# do not print misleading NSS error codes
-Patch4: 0004-curl-7.27.0-52b6eda4.patch
+# curl_global_init() now accepts the CURL_GLOBAL_ACK_EINTR flag
+Patch4: 0004-curl-7.29.0-57ccdfa8.patch
-# update the links to cipher-suites supported by NSS
-Patch5: 0005-curl-7.27.0-f208bf5a.patch
+# fix cookie tailmatching to prevent cross-domain leakage (CVE-2013-1944)
+Patch5: 0005-curl-7.29.0-2eb8dcf2.patch
-# prevent NSS from crashing on client auth hook failure
-Patch6: 0006-curl-7.27.0-68d2830e.patch
+# show proper host name on failed resolve (#957173)
+Patch6: 0006-curl-7.29.0-25e577b3.patch
-# clear session cache if a client cert from file is used
-Patch7: 0007-curl-7.27.0-b36f1d26.patch
+# prevent an artificial timeout event due to stale speed-check data (#906031)
+Patch7: 0007-curl-7.29.0-b37b5233.patch
-# fix error messages for CURLE_SSL_{CACERT,CRL}_BADFILE
-Patch8: 0008-curl-7.27.0-26613d78.patch
+# fix heap-based buffer overflow in curl_easy_unescape() (CVE-2013-2174)
+Patch8: 0008-curl-7.29.0-192c4f78.patch
-# fix buffer overflow when negotiating SASL DIGEST-MD5 auth (CVE-2013-0249)
-Patch9: 0009-curl-7.27.0-f206d6c0.patch
+# mention all option listed in 'curl --help' in curl.1 man page
+Patch9: 0009-curl-7.29.0-3a0e931f.patch
-# curl_global_init() now accepts the CURL_GLOBAL_ACK_EINTR flag
-Patch10: 0010-curl-7.27.0-57ccdfa8.patch
+# FTP: when EPSV gets a 229 but fails to connect, retry with PASV (#1002815)
+Patch10: 0010-curl-7.29.0-7cc00d9a.patch
-# fix cookie tailmatching to prevent cross-domain leakage (CVE-2013-1944)
-Patch11: 0011-curl-7.27.0-2eb8dcf2.patch
+# avoid a busy-loop in curl_easy_perform()
+Patch11: 0011-curl-7.29.0-0feeab78.patch
-# show proper host name on failed resolve (#957173)
-Patch12: 0012-curl-7.27.0-25e577b3.patch
+# avoid delay if FTP is aborted in CURLOPT_HEADERFUNCTION callback (#1005686)
+Patch12: 0012-curl-7.29.0-c639d725.patch
-# prevent an artificial timeout event due to stale speed-check data (#906031)
-Patch13: 0013-curl-7.27.0-b37b5233.patch
+# allow to use ECC ciphers if NSS implements them (#1058776)
+Patch13: 0013-curl-7.29.0-665c160f.patch
-# switch SSL socket into non-blocking mode after handshake (#960765)
-Patch14: 0014-curl-7.27.0-9d0af301.patch
+# re-use of wrong HTTP NTLM connection in libcurl (CVE-2014-0015)
+Patch14: 0014-curl-7.29.0-8ae35102.patch
-# fix heap-based buffer overflow in curl_easy_unescape() (CVE-2013-2174)
-Patch15: 0015-curl-7.27.0-192c4f78.patch
+# allow to use TLS > 1.0 if built against recent NSS (#1036789)
+Patch15: 0015-curl-7.29.0-7fc9325a.patch
+
+# use proxy name in error message when proxy is used (#1042831)
+Patch16: 0016-curl-7.29.0-1cf71bd7.patch
+
+# refresh expired cookie in test172 from upstream test-suite (#1063693)
+Patch17: 0017-curl-7.29.0-ffb8a21d.patch
+
+# fix documentation of curl's options --tlsv1.[0-2] (#1066364)
+Patch18: 0018-curl-7.29.0-03c28820.patch
+
+# fix connection re-use when using different log-in credentials (CVE-2014-0138)
+Patch19: 0018-curl-7.29.0-517b06d6.patch
# patch making libcurl multilib ready
-Patch101: 0101-curl-7.27.0-multilib.patch
+Patch101: 0101-curl-7.29.0-multilib.patch
# prevent configure script from discarding -g in CFLAGS (#496778)
-Patch102: 0102-curl-7.27.0-debug.patch
+Patch102: 0102-curl-7.29.0-debug.patch
# use localhost6 instead of ip6-localhost in the curl test-suite
Patch104: 0104-curl-7.19.7-localhost6.patch
@@ -65,20 +79,26 @@ Patch104: 0104-curl-7.19.7-localhost6.patch
# disable valgrind for certain test-cases (libssh2 problem)
Patch106: 0106-curl-7.21.0-libssh2-valgrind.patch
+# http://thread.gmane.org/gmane.comp.web.curl.library/40551/focus=40561
+Patch105: 0105-curl-7.32.0-scp-upload.patch
+
# work around valgrind bug (#678518)
Patch107: 0107-curl-7.21.4-libidn-valgrind.patch
# Fix character encoding of docs, which are of mixed encoding originally so
# a simple iconv can't fix them
-Patch108: 0108-curl-7.27.0-utf8.patch
+Patch108: 0108-curl-7.29.0-utf8.patch
+
+# For old openssl in EL-5
+Patch201: 0201-curl-7.29.0-openssl.patch
Provides: webclient
URL: http://curl.haxx.se/
-BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(id -nu)
BuildRequires: groff
BuildRequires: krb5-devel
BuildRequires: libidn-devel
-BuildRequires: libssh2-devel >= 1.2.0
+BuildRequires: libssh2-devel
BuildRequires: openssl-devel
BuildRequires: openldap-devel >= %{openldap_version}
BuildRequires: openssh-clients
@@ -87,8 +107,23 @@ BuildRequires: pkgconfig
BuildRequires: stunnel
BuildRequires: zlib-devel
-# valgrind is not available on s390(x), sparc or arm5
-%ifnarch s390 s390x %{sparc} %{arm} ppc
+# perl modules used in the test suite
+BuildRequires: perl(Cwd)
+BuildRequires: perl(Digest::MD5)
+BuildRequires: perl(Exporter)
+BuildRequires: perl(File::Basename)
+BuildRequires: perl(File::Copy)
+BuildRequires: perl(File::Spec)
+BuildRequires: perl(IPC::Open2)
+BuildRequires: perl(MIME::Base64)
+BuildRequires: perl(strict)
+BuildRequires: perl(Time::Local)
+BuildRequires: perl(Time::HiRes)
+BuildRequires: perl(warnings)
+BuildRequires: perl(vars)
+
+# require valgrind to boost test coverage on i386 and x86_64
+%ifarch %{ix86} x86_64
BuildRequires: valgrind
%endif
@@ -165,6 +200,11 @@ documentation of the library, too.
%patch13 -p1
%patch14 -p1
%patch15 -p1
+%patch16 -p1
+%patch17 -p1
+%patch18 -p1
+%patch105 -p1
+%patch19 -p1
# Fedora patches
%patch101 -p1
@@ -174,12 +214,13 @@ documentation of the library, too.
%patch107 -p1
%patch108 -p1
+# For EL-5 with old openssl
+%patch201 -p1
+
# replace hard wired port numbers in the test suite
-%ifarch x86_64
-sed -i s/899\\\([0-9]\\\)/649\\1/ tests/data/test*
-%else
-sed -i s/899\\\([0-9]\\\)/329\\1/ tests/data/test*
-%endif
+cd tests/data/
+sed -i s/899\\\([0-9]\\\)/%{?__isa_bits}9\\1/ test*
+cd -
# disable test 1112 (#565305)
printf "1112\n" >> tests/data/DISABLED
@@ -189,7 +230,6 @@ printf "1112\n" >> tests/data/DISABLED
echo "1319" >> tests/data/DISABLED
%endif
-
%build
[ -x /usr/kerberos/bin/krb5-config ] && KRB5_PREFIX="=/usr/kerberos"
%configure --disable-static \
@@ -224,23 +264,9 @@ export LD_LIBRARY_PATH
cd tests
make %{?_smp_mflags}
-# make it possible to start a testing OpenSSH server with SELinux
-# in the enforcing mode (#521087)
-gcc -o hide_selinux.so -fPIC -shared %{SOURCE3}
-LD_PRELOAD="`readlink -f ./hide_selinux.so`:$LD_PRELOAD"
-export LD_PRELOAD
-
-# Ignore this tests for now (use !xxx)
-DISABLED=
-
# use different port range for 32bit and 64bit build, thus make it possible
# to run both in parallel on the same machine
-%ifarch x86_64
-./runtests.pl -a -b6490 -p -v $DISABLED
-%else
-./runtests.pl -a -b3290 -p -v $DISABLED
-%endif
-
+./runtests.pl -a -b%{?__isa_bits}90 -p -v
%install
rm -rf $RPM_BUILD_ROOT
@@ -256,7 +282,7 @@ install -m 644 docs/libcurl/libcurl.m4 $RPM_BUILD_ROOT%{_datadir}/aclocal
rm -f ${RPM_BUILD_ROOT}%{_mandir}/man1/mk-ca-bundle.1
# Make libcurl-devel multilib-ready (bug #488922)
-%ifarch x86_64
+%if 0%{?__isa_bits} == 64
%define _curlbuild_h curlbuild-64.h
%else
%define _curlbuild_h curlbuild-32.h
@@ -299,6 +325,9 @@ rm -rf $RPM_BUILD_ROOT
%{_datadir}/aclocal/libcurl.m4
%changelog
+* Sat Dec 20 2014 Remi Collet <RPMS@FamilleCollet.com> - 7.29.0-19
+- sync with 7.29.0-19 from RHEL-7:
+
* Mon Jun 24 2013 Remi Collet <RPMS@FamilleCollet.com> - 7.27.0-11
- sync with 7.27.0-11 from F18:
fix heap-based buffer overflow in curl_easy_unescape() (CVE-2013-2174)