From 6058796f7c93219189cedc43f64c5f3355918810 Mon Sep 17 00:00:00 2001
From: Jindrich Novy <jnovy@fedoraproject.org>
Date: Mar 03 2009 07:29:45 +0000
Subject: - update to 7.19.4 (fixes CVE-2009-0037)

- fix leak in curl_easy* functions, thanks to Kamil Dudka
- drop nss-proxy, sslgen, nss-init patches
- update badsocket patch

---

diff --git a/.cvsignore b/.cvsignore
index 34b49b1..5cafa0e 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -1 +1 @@
-curl-7.18.2.tar.bz2
+curl-7.19.4.tar.bz2
diff --git a/curl-7.17.1-badsocket.patch b/curl-7.17.1-badsocket.patch
index 7f092ae..86cdab4 100644
--- a/curl-7.17.1-badsocket.patch
+++ b/curl-7.17.1-badsocket.patch
@@ -1,13 +1,13 @@
-diff -up curl-7.17.1/lib/ftp.c.badsocket curl-7.17.1/lib/ftp.c
---- curl-7.17.1/lib/ftp.c.badsocket	2007-10-27 00:25:19.000000000 +0200
-+++ curl-7.17.1/lib/ftp.c	2008-01-08 15:09:03.000000000 +0100
-@@ -3228,7 +3228,8 @@ static CURLcode Curl_ftp_done(struct con
-     /* Note that we keep "use" set to TRUE since that (next) connection is
-        still requested to use SSL */
-   }
--  sclose(conn->sock[SECONDARYSOCKET]);
-+  if(CURL_SOCKET_BAD != conn->sock[SECONDARYSOCKET])
-+    sclose(conn->sock[SECONDARYSOCKET]);
- 
-   conn->sock[SECONDARYSOCKET] = CURL_SOCKET_BAD;
+diff -ruNp curl-7.19.3.orig/lib/ftp.c curl-7.19.3/lib/ftp.c
+--- curl-7.19.3.orig/lib/ftp.c	2009-02-11 10:57:33.334280000 +0100
++++ curl-7.19.3/lib/ftp.c	2009-02-11 10:59:43.957585266 +0100
+@@ -3222,7 +3222,8 @@ static CURLcode ftp_done(struct connectd
+       /* Note that we keep "use" set to TRUE since that (next) connection is
+          still requested to use SSL */
+     }
+-    sclose(conn->sock[SECONDARYSOCKET]);
++    if(CURL_SOCKET_BAD != conn->sock[SECONDARYSOCKET])
++      sclose(conn->sock[SECONDARYSOCKET]);
  
+     conn->sock[SECONDARYSOCKET] = CURL_SOCKET_BAD;
+   }
diff --git a/curl-7.17.1-sslgen.patch b/curl-7.17.1-sslgen.patch
deleted file mode 100644
index 4ab3c8d..0000000
--- a/curl-7.17.1-sslgen.patch
+++ /dev/null
@@ -1,10 +0,0 @@
---- curl-7.17.1/lib/sslgen.c.orig	2007-11-16 22:48:48.000000000 -0500
-+++ curl-7.17.1/lib/sslgen.c	2007-11-16 22:49:19.000000000 -0500
-@@ -243,6 +243,7 @@
- #else
- #ifdef USE_NSS
-   *done = TRUE; /* fallback to BLOCKING */
-+  conn->ssl[sockindex].use = TRUE;
-   return Curl_nss_connect(conn, sockindex);
- #else
- #ifdef USE_QSOSSL
diff --git a/curl-7.18.2-nss-init.patch b/curl-7.18.2-nss-init.patch
deleted file mode 100644
index 15d5316..0000000
--- a/curl-7.18.2-nss-init.patch
+++ /dev/null
@@ -1,133 +0,0 @@
---- curl-7.18.2/lib/nss.c.orig	2008-12-03 16:39:41.000000000 -0500
-+++ curl-7.18.2/lib/nss.c	2008-12-03 18:26:06.000000000 -0500
-@@ -73,6 +73,8 @@
- 
- PRFileDesc *PR_ImportTCPSocket(PRInt32 osfd);
- 
-+PRLock * nss_initlock = NULL;
-+
- int initialized = 0;
- 
- #define HANDSHAKE_TIMEOUT 30
-@@ -229,6 +231,23 @@
- }
- 
- /*
-+ * Get the number of ciphers that are enabled. We use this to determine
-+ * if we need to call NSS_SetDomesticPolicy() to enable the default ciphers.
-+ */
-+static int num_enabled_ciphers() {
-+  PRInt32 policy = 0;
-+  int count = 0;
-+  int i;
-+
-+  for(i=0; i<ciphernum; i++) {
-+    SSL_CipherPolicyGet(cipherlist[i].num, &policy);
-+    if(policy)
-+      count++;
-+  }
-+  return count;
-+}
-+
-+/*
-  * Determine whether the nickname passed in is a filename that needs to
-  * be loaded as a PEM or a regular NSS nickname.
-  *
-@@ -719,8 +738,11 @@
-  */
- int Curl_nss_init(void)
- {
--  if(!initialized)
-+  /* curl_global_init() is not thread-safe so this test is ok */
-+  if (nss_initlock == NULL) {
-     PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 256);
-+    nss_initlock = PR_NewLock();
-+  }
- 
-   /* We will actually initialize NSS later */
- 
-@@ -730,7 +752,17 @@
- /* Global cleanup */
- void Curl_nss_cleanup(void)
- {
--  NSS_Shutdown();
-+  /* This function isn't required to be threadsafe and this is only done
-+   * as a safety feature.
-+   */
-+  PR_Lock(nss_initlock);
-+  if (initialized)
-+    NSS_Shutdown();
-+  PR_Unlock(nss_initlock);
-+
-+  PR_DestroyLock(nss_initlock);
-+  nss_initlock = NULL;
-+
-   initialized = 0;
- }
- 
-@@ -801,6 +833,7 @@
- #endif
-   char *certDir = NULL;
-   int curlerr;
-+  int policy;
- 
-   curlerr = CURLE_SSL_CONNECT_ERROR;
- 
-@@ -808,9 +841,8 @@
-     return CURLE_OK;
- 
-   /* FIXME. NSS doesn't support multiple databases open at the same time. */
-+  PR_Lock(nss_initlock);
-   if(!initialized) {
--    initialized = 1;
--
-     certDir = getenv("SSL_DIR"); /* Look in $SSL_DIR */
- 
-     if(!certDir) {
-@@ -822,20 +854,25 @@
-         }
-     }
- 
--    if(!certDir) {
--      rv = NSS_NoDB_Init(NULL);
--    }
--    else {
--      rv = NSS_Initialize(certDir, NULL, NULL, "secmod.db",
--                          NSS_INIT_READONLY);
--    }
--    if(rv != SECSuccess) {
--      infof(conn->data, "Unable to initialize NSS database\n");
--      curlerr = CURLE_SSL_CACERT_BADFILE;
--      goto error;
-+    if (!NSS_IsInitialized()) {
-+        initialized = 1;
-+        if(!certDir) {
-+          rv = NSS_NoDB_Init(NULL);
-+        }
-+        else {
-+          rv = NSS_Initialize(certDir, NULL, NULL, "secmod.db",
-+                              NSS_INIT_READONLY);
-+        }
-+        if(rv != SECSuccess) {
-+          infof(conn->data, "Unable to initialize NSS database\n");
-+          curlerr = CURLE_SSL_CACERT_BADFILE;
-+          PR_Unlock(nss_initlock);
-+          initialized = 0;
-+          goto error;
-+        }
-     }
--
--    NSS_SetDomesticPolicy();
-+    if(num_enabled_ciphers() == 0)
-+      NSS_SetDomesticPolicy();
- 
- #ifdef HAVE_PK11_CREATEGENERICOBJECT
-     configstring = (char *)malloc(PATH_MAX);
-@@ -854,6 +891,7 @@
-     }
- #endif
-   }
-+  PR_Unlock(nss_initlock);
- 
-   model = PR_NewTCPSocket();
-   if(!model)
diff --git a/curl-7.18.2-nssproxy.patch b/curl-7.18.2-nssproxy.patch
deleted file mode 100644
index 9d88d02..0000000
--- a/curl-7.18.2-nssproxy.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff -up curl-7.18.2/lib/nss.c.nssproxy curl-7.18.2/lib/nss.c
---- curl-7.18.2/lib/nss.c.nssproxy	2008-05-26 17:02:49.000000000 +0200
-+++ curl-7.18.2/lib/nss.c	2008-06-18 07:59:52.000000000 +0200
-@@ -804,6 +804,9 @@ CURLcode Curl_nss_connect(struct connect
- 
-   curlerr = CURLE_SSL_CONNECT_ERROR;
- 
-+  if (connssl->state == ssl_connection_complete)
-+    return CURLE_OK;
-+
-   /* FIXME. NSS doesn't support multiple databases open at the same time. */
-   if(!initialized) {
-     initialized = 1;
diff --git a/curl-7.19.4-easy-leak.patch b/curl-7.19.4-easy-leak.patch
new file mode 100644
index 0000000..bb02547
--- /dev/null
+++ b/curl-7.19.4-easy-leak.patch
@@ -0,0 +1,36 @@
+diff -up curl-7.19.4/lib/easy.c.easy-leak curl-7.19.4/lib/easy.c
+--- curl-7.19.4/lib/easy.c.easy-leak	2009-01-29 21:41:51.000000000 +0100
++++ curl-7.19.4/lib/easy.c	2009-03-03 07:54:58.000000000 +0100
+@@ -352,13 +352,11 @@ CURL *curl_easy_init(void)
+   struct SessionHandle *data;
+ 
+   /* Make sure we inited the global SSL stuff */
+-  if(!initialized) {
+-    res = curl_global_init(CURL_GLOBAL_DEFAULT);
+-    if(res) {
+-      /* something in the global init failed, return nothing */
+-      DEBUGF(fprintf(stderr, "Error: curl_global_init failed\n"));
+-      return NULL;
+-    }
++  res = curl_global_init(CURL_GLOBAL_DEFAULT);
++  if(res) {
++    /* something in the global init failed, return nothing */
++    DEBUGF(fprintf(stderr, "Error: curl_global_init failed\n"));
++    return NULL;
+   }
+ 
+   /* We use curl_open() with undefined URL so far */
+@@ -549,10 +547,10 @@ void curl_easy_cleanup(CURL *curl)
+ {
+   struct SessionHandle *data = (struct SessionHandle *)curl;
+ 
+-  if(!data)
+-    return;
++  if(data)
++    Curl_close(data);
+ 
+-  Curl_close(data);
++  curl_global_cleanup();
+ }
+ 
+ /*
diff --git a/curl.spec b/curl.spec
index d06c494..45211b8 100644
--- a/curl.spec
+++ b/curl.spec
@@ -1,15 +1,14 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
-Version: 7.18.2
-Release: 9%{?dist}
+Version: 7.19.4
+Release: 1%{?dist}
 License: MIT
 Group: Applications/Internet
 Source: http://curl.haxx.se/download/%{name}-%{version}.tar.bz2
 Patch1: curl-7.15.3-multilib.patch
 Patch2: curl-7.16.0-privlibs.patch
 Patch3: curl-7.17.1-badsocket.patch
-Patch4: curl-7.18.2-nssproxy.patch
-Patch5: curl-7.18.2-nss-init.patch
+Patch4: curl-7.19.4-easy-leak.patch
 Provides: webclient
 URL: http://curl.haxx.se/
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -50,8 +49,7 @@ use cURL's capabilities internally.
 %patch1 -p1 -b .multilib
 %patch2 -p1 -b .privlibs
 %patch3 -p1 -b .badsocket
-%patch4 -p1 -b .nssproxy
-%patch5 -p1 -b .nssinit
+%patch4 -p1 -b .easy-leak
 
 # Convert docs to UTF-8
 for f in CHANGES README; do
@@ -120,6 +118,12 @@ rm -rf $RPM_BUILD_ROOT
 %{_datadir}/aclocal/libcurl.m4
 
 %changelog
+* Tue Mar 03 2009 Jindrich Novy <jnovy@redhat.com> 7.19.4-1
+- update to 7.19.4 (fixes CVE-2009-0037)
+- fix leak in curl_easy* functions, thanks to Kamil Dudka
+- drop nss-proxy, sslgen, nss-init patches
+- update badsocket patch
+
 * Mon Dec 15 2008 Jindrich Novy <jnovy@redhat.com> 7.18.2-9
 - release++ because of tag conflict caused by f10/rawhide branch split
 
diff --git a/sources b/sources
index 6dd9ba5..988cd13 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-c389be5b0525276e58865956b7465562  curl-7.18.2.tar.bz2
+2734167c1e5f7ce6be99b75d2d371d85  curl-7.19.4.tar.bz2