[curl] fix kerberos proxy authentization for https (#625676)

Kamil Dudka kdudka at fedoraproject.org
Mon Aug 23 12:44:51 UTC 2010 

commit 9a0cdd136852aeab4738677184a8f9abf00a08b8
Author: Kamil Dudka <kdudka at redhat.com>
Date:   Mon Aug 23 14:45:15 2010 +0200

    fix kerberos proxy authentization for https (#625676)

 0003-curl-7.21.1-13b8fc4.patch |   67 ++++++++++++++++++++++++++++++++++++++++
 0004-curl-7.21.1-d0dea8f.patch |   26 +++++++++++++++
 curl.spec                      |   11 ++++++-
 3 files changed, 103 insertions(+), 1 deletions(-)
---
diff --git a/0003-curl-7.21.1-13b8fc4.patch b/0003-curl-7.21.1-13b8fc4.patch
new file mode 100644
index 0000000..ec5a14c
--- /dev/null
+++ b/0003-curl-7.21.1-13b8fc4.patch
@@ -0,0 +1,67 @@
+ CHANGES              |   10 ++++++++++
+ lib/http_negotiate.c |   15 ++++++++++-----
+ 2 files changed, 20 insertions(+), 5 deletions(-)
+
+diff --git a/CHANGES b/CHANGES
+index 1e3a501..c28b005 100644
+--- a/CHANGES
++++ b/CHANGES
+@@ -6,6 +6,16 @@
+ 
+                                   Changelog
+ 
++Daniel Stenberg (16 Aug 2010)
++- negotiation: Wrong proxy authorization
++  
++  There's an error in http_negotiation.c where a mistake is using only
++  userpwd even for proxy requests. Ludek provided a patch, but I decided
++  to write the fix slightly different using his patch as inspiration.
++  
++  Reported by: Ludek Finstrle
++  Bug: http://curl.haxx.se/bug/view.cgi?id=3046066
++
+ Kamil Dudka (15 Aug 2010)
+ - curl -T: ignore file size of special files
+   
+diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c
+index ab1296e..80b0b50 100644
+--- a/lib/http_negotiate.c
++++ b/lib/http_negotiate.c
+@@ -5,7 +5,7 @@
+  *                            | (__| |_| |  _ <| |___
+  *                             \___|\___/|_| \_\_____|
+  *
+- * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel at haxx.se>, et al.
++ * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel at haxx.se>, et al.
+  *
+  * This software is licensed as described in the file COPYING, which
+  * you should have received as part of this distribution. The terms
+@@ -277,6 +277,7 @@ CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy)
+     &conn->data->state.negotiate;
+   char *encoded = NULL;
+   size_t len;
++  char *userp;
+ 
+ #ifdef HAVE_SPNEGO /* Handle SPNEGO */
+   if(checkprefix("Negotiate", neg_ctx->protocol)) {
+@@ -330,12 +331,16 @@ CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy)
+   if(len == 0)
+     return CURLE_OUT_OF_MEMORY;
+ 
+-  conn->allocptr.userpwd =
+-    aprintf("%sAuthorization: %s %s\r\n", proxy ? "Proxy-" : "",
+-            neg_ctx->protocol, encoded);
++  userp = aprintf("%sAuthorization: %s %s\r\n", proxy ? "Proxy-" : "",
++                  neg_ctx->protocol, encoded);
++
++  if(proxy)
++    conn->allocptr.proxyuserpwd = userp;
++  else
++    conn->allocptr.userpwd = userp;
+   free(encoded);
+   Curl_cleanup_negotiate (conn->data);
+-  return (conn->allocptr.userpwd == NULL) ? CURLE_OUT_OF_MEMORY : CURLE_OK;
++  return (userp == NULL) ? CURLE_OUT_OF_MEMORY : CURLE_OK;
+ }
+ 
+ static void cleanup(struct negotiatedata *neg_ctx)
diff --git a/0004-curl-7.21.1-d0dea8f.patch b/0004-curl-7.21.1-d0dea8f.patch
new file mode 100644
index 0000000..b2c97d9
--- /dev/null
+++ b/0004-curl-7.21.1-d0dea8f.patch
@@ -0,0 +1,26 @@
+From d0dea8f8699224ac1b6888bf6da7cfc71de213ca Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka at redhat.com>
+Date: Thu, 19 Aug 2010 16:38:22 +0200
+Subject: [PATCH] AC_INIT: avoid a warning with autoconf 2.66
+
+It was complaining about the '=>' operator, introduced in e3fc0d5.
+---
+ configure.ac |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index db04447..a389cfd 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -24,7 +24,7 @@ dnl Process this file with autoconf to produce a configure script.
+ AC_PREREQ(2.57)
+ 
+ dnl We don't know the version number "statically" so we use a dash here
+-AC_INIT([curl], [-], [a suitable curl mailing list => http://curl.haxx.se/mail/])
++AC_INIT([curl], [-], [a suitable curl mailing list: http://curl.haxx.se/mail/])
+ 
+ CURL_OVERRIDE_AUTOCONF
+ 
+-- 
+1.7.2.1
+
diff --git a/curl.spec b/curl.spec
index 7ce9499..9108419 100644
--- a/curl.spec
+++ b/curl.spec
@@ -14,6 +14,12 @@ Patch1: 0001-curl-7.21.1-a6e088e.patch
 # curl -T now ignores file size of special files (#622520)
 Patch2: 0002-curl-7.21.1-5907777.patch
 
+# fix kerberos proxy authentization for https (#625676)
+Patch3: 0003-curl-7.21.1-13b8fc4.patch
+
+# avoid a warning with autoconf 2.66
+Patch4: 0004-curl-7.21.1-d0dea8f.patch
+
 # patch making libcurl multilib ready
 Patch101: 0101-curl-7.21.1-multilib.patch
 
@@ -103,6 +109,8 @@ done
 # upstream patches (already applied)
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1
+%patch4 -p1
 
 # Fedora patches
 %patch101 -p1
@@ -217,10 +225,11 @@ rm -rf $RPM_BUILD_ROOT
 %{_datadir}/aclocal/libcurl.m4
 
 %changelog
-* Thu Aug 19 2010 Kamil Dudka <kdudka at redhat.com> 7.21.1-2
+* Mon Aug 23 2010 Kamil Dudka <kdudka at redhat.com> 7.21.1-2
 - re-enable test575 on s390(x), already fixed (upstream commit d63bdba)
 - modify system headers to work around gcc bug (#617757)
 - curl -T now ignores file size of special files (#622520)
+- fix kerberos proxy authentization for https (#625676)
 
 * Thu Aug 12 2010 Kamil Dudka <kdudka at redhat.com> 7.21.1-1
 - new upstream release

More information about the scm-commits mailing list