[curl] fix kerberos proxy authentization for https (#625676)
Kamil Dudka
kdudka at fedoraproject.org
Mon Aug 23 12:44:51 UTC 2010
commit 9a0cdd136852aeab4738677184a8f9abf00a08b8
Author: Kamil Dudka <kdudka at redhat.com>
Date: Mon Aug 23 14:45:15 2010 +0200
fix kerberos proxy authentization for https (#625676)
0003-curl-7.21.1-13b8fc4.patch | 67 ++++++++++++++++++++++++++++++++++++++++
0004-curl-7.21.1-d0dea8f.patch | 26 +++++++++++++++
curl.spec | 11 ++++++-
3 files changed, 103 insertions(+), 1 deletions(-)
---
diff --git a/0003-curl-7.21.1-13b8fc4.patch b/0003-curl-7.21.1-13b8fc4.patch
new file mode 100644
index 0000000..ec5a14c
--- /dev/null
+++ b/0003-curl-7.21.1-13b8fc4.patch
@@ -0,0 +1,67 @@
+ CHANGES | 10 ++++++++++
+ lib/http_negotiate.c | 15 ++++++++++-----
+ 2 files changed, 20 insertions(+), 5 deletions(-)
+
+diff --git a/CHANGES b/CHANGES
+index 1e3a501..c28b005 100644
+--- a/CHANGES
++++ b/CHANGES
+@@ -6,6 +6,16 @@
+
+ Changelog
+
++Daniel Stenberg (16 Aug 2010)
++- negotiation: Wrong proxy authorization
++
++ There's an error in http_negotiation.c where a mistake is using only
++ userpwd even for proxy requests. Ludek provided a patch, but I decided
++ to write the fix slightly different using his patch as inspiration.
++
++ Reported by: Ludek Finstrle
++ Bug: http://curl.haxx.se/bug/view.cgi?id=3046066
++
+ Kamil Dudka (15 Aug 2010)
+ - curl -T: ignore file size of special files
+
+diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c
+index ab1296e..80b0b50 100644
+--- a/lib/http_negotiate.c
++++ b/lib/http_negotiate.c
+@@ -5,7 +5,7 @@
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+- * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel at haxx.se>, et al.
++ * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel at haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+@@ -277,6 +277,7 @@ CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy)
+ &conn->data->state.negotiate;
+ char *encoded = NULL;
+ size_t len;
++ char *userp;
+
+ #ifdef HAVE_SPNEGO /* Handle SPNEGO */
+ if(checkprefix("Negotiate", neg_ctx->protocol)) {
+@@ -330,12 +331,16 @@ CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy)
+ if(len == 0)
+ return CURLE_OUT_OF_MEMORY;
+
+- conn->allocptr.userpwd =
+- aprintf("%sAuthorization: %s %s\r\n", proxy ? "Proxy-" : "",
+- neg_ctx->protocol, encoded);
++ userp = aprintf("%sAuthorization: %s %s\r\n", proxy ? "Proxy-" : "",
++ neg_ctx->protocol, encoded);
++
++ if(proxy)
++ conn->allocptr.proxyuserpwd = userp;
++ else
++ conn->allocptr.userpwd = userp;
+ free(encoded);
+ Curl_cleanup_negotiate (conn->data);
+- return (conn->allocptr.userpwd == NULL) ? CURLE_OUT_OF_MEMORY : CURLE_OK;
++ return (userp == NULL) ? CURLE_OUT_OF_MEMORY : CURLE_OK;
+ }
+
+ static void cleanup(struct negotiatedata *neg_ctx)
diff --git a/0004-curl-7.21.1-d0dea8f.patch b/0004-curl-7.21.1-d0dea8f.patch
new file mode 100644
index 0000000..b2c97d9
--- /dev/null
+++ b/0004-curl-7.21.1-d0dea8f.patch
@@ -0,0 +1,26 @@
+From d0dea8f8699224ac1b6888bf6da7cfc71de213ca Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka at redhat.com>
+Date: Thu, 19 Aug 2010 16:38:22 +0200
+Subject: [PATCH] AC_INIT: avoid a warning with autoconf 2.66
+
+It was complaining about the '=>' operator, introduced in e3fc0d5.
+---
+ configure.ac | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index db04447..a389cfd 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -24,7 +24,7 @@ dnl Process this file with autoconf to produce a configure script.
+ AC_PREREQ(2.57)
+
+ dnl We don't know the version number "statically" so we use a dash here
+-AC_INIT([curl], [-], [a suitable curl mailing list => http://curl.haxx.se/mail/])
++AC_INIT([curl], [-], [a suitable curl mailing list: http://curl.haxx.se/mail/])
+
+ CURL_OVERRIDE_AUTOCONF
+
+--
+1.7.2.1
+
diff --git a/curl.spec b/curl.spec
index 7ce9499..9108419 100644
--- a/curl.spec
+++ b/curl.spec
@@ -14,6 +14,12 @@ Patch1: 0001-curl-7.21.1-a6e088e.patch
# curl -T now ignores file size of special files (#622520)
Patch2: 0002-curl-7.21.1-5907777.patch
+# fix kerberos proxy authentization for https (#625676)
+Patch3: 0003-curl-7.21.1-13b8fc4.patch
+
+# avoid a warning with autoconf 2.66
+Patch4: 0004-curl-7.21.1-d0dea8f.patch
+
# patch making libcurl multilib ready
Patch101: 0101-curl-7.21.1-multilib.patch
@@ -103,6 +109,8 @@ done
# upstream patches (already applied)
%patch1 -p1
%patch2 -p1
+%patch3 -p1
+%patch4 -p1
# Fedora patches
%patch101 -p1
@@ -217,10 +225,11 @@ rm -rf $RPM_BUILD_ROOT
%{_datadir}/aclocal/libcurl.m4
%changelog
-* Thu Aug 19 2010 Kamil Dudka <kdudka at redhat.com> 7.21.1-2
+* Mon Aug 23 2010 Kamil Dudka <kdudka at redhat.com> 7.21.1-2
- re-enable test575 on s390(x), already fixed (upstream commit d63bdba)
- modify system headers to work around gcc bug (#617757)
- curl -T now ignores file size of special files (#622520)
+- fix kerberos proxy authentization for https (#625676)
* Thu Aug 12 2010 Kamil Dudka <kdudka at redhat.com> 7.21.1-1
- new upstream release
More information about the scm-commits
mailing list