[curl/f21] fix a connection failure when FTPS handle is reused
Kamil Dudka
kdudka at fedoraproject.org
Tue Oct 21 10:26:33 UTC 2014
commit 379ba96f1fdebe1aad34a3672f0b8d7a481d615c
Author: Kamil Dudka <kdudka at redhat.com>
Date: Tue Oct 21 12:14:19 2014 +0200
fix a connection failure when FTPS handle is reused
0005-curl-7.37.0-0aecdf68.patch | 67 +++++++++++++++++++++++++++++++++++++++
curl.spec | 9 +++++-
2 files changed, 75 insertions(+), 1 deletions(-)
---
diff --git a/0005-curl-7.37.0-0aecdf68.patch b/0005-curl-7.37.0-0aecdf68.patch
new file mode 100644
index 0000000..d6d5f33
--- /dev/null
+++ b/0005-curl-7.37.0-0aecdf68.patch
@@ -0,0 +1,67 @@
+From 2c00131b1eedd1cf53902f8cc49c90b4d46c5753 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka at redhat.com>
+Date: Mon, 20 Oct 2014 18:18:57 +0200
+Subject: [PATCH] nss: reset SSL handshake state machine
+
+... when the handshake succeeds
+
+This fixes a connection failure when FTPS handle is reused.
+
+Upstream-commit: 0aecdf682895b42c25b232e91529f48bdf7738b3
+Signed-off-by: Kamil Dudka <kdudka at redhat.com>
+---
+ lib/vtls/nss.c | 17 +++++++++--------
+ 1 file changed, 9 insertions(+), 8 deletions(-)
+
+diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
+index 83b3e32..a925b12 100644
+--- a/lib/vtls/nss.c
++++ b/lib/vtls/nss.c
+@@ -1452,9 +1452,6 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex)
+ #endif
+
+
+- if(connssl->state == ssl_connection_complete)
+- return CURLE_OK;
+-
+ connssl->data = data;
+
+ /* list of all NSS objects we need to destroy in Curl_nss_close() */
+@@ -1720,10 +1717,6 @@ static CURLcode nss_do_connect(struct connectdata *conn, int sockindex)
+ goto error;
+ }
+
+- connssl->state = ssl_connection_complete;
+- conn->recv[sockindex] = nss_recv;
+- conn->send[sockindex] = nss_send;
+-
+ display_conn_info(conn, connssl->handle);
+
+ if(data->set.str[STRING_SSL_ISSUERCERT]) {
+@@ -1759,6 +1752,9 @@ static CURLcode nss_connect_common(struct connectdata *conn, int sockindex,
+ const bool blocking = (done == NULL);
+ CURLcode rv;
+
++ if(connssl->state == ssl_connection_complete)
++ return CURLE_OK;
++
+ if(connssl->connecting_state == ssl_connect_1) {
+ rv = nss_setup_connect(conn, sockindex);
+ if(rv)
+@@ -1798,7 +1794,12 @@ static CURLcode nss_connect_common(struct connectdata *conn, int sockindex,
+ /* signal completed SSL handshake */
+ *done = TRUE;
+
+- connssl->connecting_state = ssl_connect_done;
++ connssl->state = ssl_connection_complete;
++ conn->recv[sockindex] = nss_recv;
++ conn->send[sockindex] = nss_send;
++
++ /* ssl_connect_done is never used outside, go back to the initial state */
++ connssl->connecting_state = ssl_connect_1;
+ return CURLE_OK;
+ }
+
+--
+2.1.0
+
diff --git a/curl.spec b/curl.spec
index e949f7a..cdec6a0 100644
--- a/curl.spec
+++ b/curl.spec
@@ -1,7 +1,7 @@
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
Name: curl
Version: 7.37.0
-Release: 7%{?dist}
+Release: 8%{?dist}
License: MIT
Group: Applications/Internet
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
@@ -19,6 +19,9 @@ Patch3: 0003-curl-7.37.0-CVE-2014-3613.patch
# reject incoming cookies set for top level domains (CVE-2014-3620)
Patch4: 0004-curl-7.37.0-CVE-2014-3620.patch
+# fix a connection failure when FTPS handle is reused
+Patch5: 0005-curl-7.37.0-0aecdf68.patch
+
# patch making libcurl multilib ready
Patch101: 0101-curl-7.32.0-multilib.patch
@@ -135,6 +138,7 @@ documentation of the library, too.
%patch2 -p1
%patch3 -p1
%patch4 -p1
+%patch5 -p1
# Fedora patches
%patch101 -p1
@@ -258,6 +262,9 @@ rm -rf $RPM_BUILD_ROOT
%{_datadir}/aclocal/libcurl.m4
%changelog
+* Tue Oct 21 2014 Kamil Dudka <kdudka at redhat.com> 7.37.0-8
+- fix a connection failure when FTPS handle is reused
+
* Wed Sep 10 2014 Kamil Dudka <kdudka at redhat.com> 7.37.0-7
- use only full matches for hosts used as IP address in cookies (CVE-2014-3613)
- reject incoming cookies set for top level domains (CVE-2014-3620)
More information about the scm-commits
mailing list