[curl/f20] metalink: apply a missing upstream patch

Kamil Dudka kdudka at fedoraproject.org
Mon Nov 24 13:37:27 UTC 2014 

commit 20a483f94e1e9db425124714b9f322c9c8bc2ace
Author: Kamil Dudka <kdudka at redhat.com>
Date:   Mon Nov 24 14:35:58 2014 +0100

    metalink: apply a missing upstream patch

 0017-curl-7.32.0-tls12.patch |   95 +++++++++++++++++++++++++++++++++--------
 1 files changed, 76 insertions(+), 19 deletions(-)
---
diff --git a/0017-curl-7.32.0-tls12.patch b/0017-curl-7.32.0-tls12.patch
index afe1eb1..fa29f2d 100644
--- a/0017-curl-7.32.0-tls12.patch
+++ b/0017-curl-7.32.0-tls12.patch
@@ -1,7 +1,7 @@
 From e3e370c5257ac21c57a59b72fa2810c823eb8984 Mon Sep 17 00:00:00 2001
 From: Kamil Dudka <kdudka at redhat.com>
 Date: Wed, 29 Jan 2014 12:55:36 +0100
-Subject: [PATCH 01/19] nss: do not fail if NSS does not implement a cipher
+Subject: [PATCH 01/20] nss: do not fail if NSS does not implement a cipher
 
 ... that the user does not ask for
 
@@ -51,7 +51,7 @@ index 40daee3..e5804be 100644
 From 14686a8b987efe6915fe2a4a1f191d10cdc504ce Mon Sep 17 00:00:00 2001
 From: Kamil Dudka <kdudka at redhat.com>
 Date: Wed, 29 Jan 2014 13:03:46 +0100
-Subject: [PATCH 02/19] nss: do not use the NSS_ENABLE_ECC define
+Subject: [PATCH 02/20] nss: do not use the NSS_ENABLE_ECC define
 
 It is not provided by NSS public headers.
 
@@ -90,7 +90,7 @@ index e5804be..9561bed 100644
 From e3a4fdbf6a29be442c1d444eef3d1fa05706490c Mon Sep 17 00:00:00 2001
 From: Gergely Nagy <ngg at tresorit.com>
 Date: Thu, 19 Sep 2013 15:17:13 +0200
-Subject: [PATCH 03/19] SSL: protocol version can be specified more precisely
+Subject: [PATCH 03/20] SSL: protocol version can be specified more precisely
 
 CURL_SSLVERSION_TLSv1_0, CURL_SSLVERSION_TLSv1_1,
 CURL_SSLVERSION_TLSv1_2 enum values are added to force exact TLS version
@@ -320,7 +320,7 @@ index cb93e11..f29bcd6 100644
 From 51081768a70fe880e01c7100a8b7c386e45ce91b Mon Sep 17 00:00:00 2001
 From: Daniel Stenberg <daniel at haxx.se>
 Date: Tue, 15 Oct 2013 20:31:04 +0200
-Subject: [PATCH 04/19] curl: document the new --tlsv1.[012] options
+Subject: [PATCH 04/20] curl: document the new --tlsv1.[012] options
 
 Upstream-commit: 076726f1412205622414abd908723c4b33ca12cb
 Signed-off-by: Kamil Dudka <kdudka at redhat.com>
@@ -358,7 +358,7 @@ index 9e1a688..e6eda68 100644
 From da154f6a99ada8bdbc8ccd347fd34fd471670c75 Mon Sep 17 00:00:00 2001
 From: Steve Holme <steve_holme at hotmail.com>
 Date: Wed, 16 Oct 2013 20:06:23 +0100
-Subject: [PATCH 05/19] SSL: Corrected version number for new symbols from
+Subject: [PATCH 05/20] SSL: Corrected version number for new symbols from
  commit ad34a2d5c87c7f
 
 Upstream-commit: 2c84ffe1549ea7d5029ba7863f53013562e6758d
@@ -391,7 +391,7 @@ index 79aaaba..21c784e 100644
 From 169ff20b5c260a3700ec348c3539b22621b1196d Mon Sep 17 00:00:00 2001
 From: Steve Holme <steve_holme at hotmail.com>
 Date: Wed, 16 Oct 2013 20:18:15 +0100
-Subject: [PATCH 06/19] DOCS: Added libcurl version number to
+Subject: [PATCH 06/20] DOCS: Added libcurl version number to
  CURLOPT_SSLVERSION
 
 Upstream-commit: 75b9b26465d5f01b52564293c2d553649f801f70
@@ -426,7 +426,7 @@ index 1fcccdb..6f72795 100644
 From 71ab9b6a2241785bac59be8cdb49c195af5b1d48 Mon Sep 17 00:00:00 2001
 From: Kamil Dudka <kdudka at redhat.com>
 Date: Mon, 25 Nov 2013 16:03:52 +0100
-Subject: [PATCH 07/19] nss: use a better API for controlling SSL version
+Subject: [PATCH 07/20] nss: use a better API for controlling SSL version
 
 This change introduces a dependency on NSS 3.14+.
 
@@ -588,7 +588,7 @@ index a1cf3a1..7d1e52e 100644
 From b1f68362d6936af6d731bea7c776ec7cc593f012 Mon Sep 17 00:00:00 2001
 From: Kamil Dudka <kdudka at redhat.com>
 Date: Mon, 25 Nov 2013 16:14:55 +0100
-Subject: [PATCH 08/19] nss: put SSL version selection into separate fnc
+Subject: [PATCH 08/20] nss: put SSL version selection into separate fnc
 
 Upstream-commit: 4fb8241add5b68e95fbf44d3c2bf470201a9915d
 Signed-off-by: Kamil Dudka <kdudka at redhat.com>
@@ -694,7 +694,7 @@ index 7d1e52e..e9aec93 100644
 From 7dabbab8da3cb8f1551ba38ef8297201b70ca7e8 Mon Sep 17 00:00:00 2001
 From: Kamil Dudka <kdudka at redhat.com>
 Date: Mon, 25 Nov 2013 16:25:15 +0100
-Subject: [PATCH 09/19] nss: allow to use TLS > 1.0 if built against recent NSS
+Subject: [PATCH 09/20] nss: allow to use TLS > 1.0 if built against recent NSS
 
 Bug: http://curl.haxx.se/mail/lib-2013-11/0162.html
 Upstream-commit: 7fc9325a52a6dad1f8b859a3269472ffc125edd0
@@ -753,7 +753,7 @@ index e9aec93..836f3dc 100644
 From b31985288d9d55817f80386c9604799c6a42a5d3 Mon Sep 17 00:00:00 2001
 From: Kamil Dudka <kdudka at redhat.com>
 Date: Mon, 2 Dec 2013 14:25:07 +0100
-Subject: [PATCH 10/19] nss: unconditionally require NSS_InitContext()
+Subject: [PATCH 10/20] nss: unconditionally require NSS_InitContext()
 
 ... since we depend on NSS 3.14+ because of SSL_VersionRangeSet() anyway
 
@@ -894,10 +894,67 @@ index 836f3dc..36244c2 100644
 2.1.0
 
 
+From 94ec77e2a2dbe42e040c419de44a1cd5368c4908 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka at redhat.com>
+Date: Mon, 2 Dec 2013 17:00:35 +0100
+Subject: [PATCH 11/20] tool_metalink: do not use HAVE_NSS_INITCONTEXT
+
+... no longer provided by the configure script
+
+Upstream-commit: ff9b66a8d4abb2fd92b12ae8ae3e4e7f39856af7
+Signed-off-by: Kamil Dudka <kdudka at redhat.com>
+---
+ src/tool_metalink.c | 8 ++------
+ 1 file changed, 2 insertions(+), 6 deletions(-)
+
+diff --git a/src/tool_metalink.c b/src/tool_metalink.c
+index be5fc26..050f59d 100644
+--- a/src/tool_metalink.c
++++ b/src/tool_metalink.c
+@@ -54,9 +54,7 @@
+ #  define MD5_CTX    void *
+ #  define SHA_CTX    void *
+ #  define SHA256_CTX void *
+-#  ifdef HAVE_NSS_INITCONTEXT
+-     static NSSInitContext *nss_context;
+-#  endif
++   static NSSInitContext *nss_context;
+ #elif (defined(__MAC_OS_X_VERSION_MAX_ALLOWED) && \
+               (__MAC_OS_X_VERSION_MAX_ALLOWED >= 1040)) || \
+       (defined(__IPHONE_OS_VERSION_MAX_ALLOWED) && \
+@@ -240,7 +238,6 @@ static int nss_hash_init(void **pctx, SECOidTag hash_alg)
+   PK11Context *ctx;
+ 
+   /* we have to initialize NSS if not initialized alraedy */
+-#ifdef HAVE_NSS_INITCONTEXT
+   if(!NSS_IsInitialized() && !nss_context) {
+     static NSSInitParameters params;
+     params.length = sizeof params;
+@@ -248,7 +245,6 @@ static int nss_hash_init(void **pctx, SECOidTag hash_alg)
+         | NSS_INIT_NOCERTDB   | NSS_INIT_NOMODDB       | NSS_INIT_FORCEOPEN
+         | NSS_INIT_NOROOTINIT | NSS_INIT_OPTIMIZESPACE | NSS_INIT_PK11RELOAD);
+   }
+-#endif
+ 
+   ctx = PK11_CreateDigestContext(hash_alg);
+   if(!ctx)
+@@ -894,7 +890,7 @@ void clean_metalink(struct Configurable *config)
+ 
+ void metalink_cleanup(void)
+ {
+-#if defined(USE_NSS) && defined(HAVE_NSS_INITCONTEXT)
++#ifdef USE_NSS
+   if(nss_context) {
+     NSS_ShutdownContext(nss_context);
+     nss_context = NULL;
+-- 
+2.1.0
+
+
 From 087dcd05bc4dc7f7d2665377d4827f2b817446aa Mon Sep 17 00:00:00 2001
 From: Fabian Frank <fabian at pagefault.de>
 Date: Thu, 6 Feb 2014 00:41:53 -0800
-Subject: [PATCH 11/19] nss: prefer highest available TLS version
+Subject: [PATCH 12/20] nss: prefer highest available TLS version
 
 Offer TLSv1.0 to 1.2 by default, still fall back to SSLv3
 if --tlsv1[.N] was not specified on the command line.
@@ -932,7 +989,7 @@ index 36244c2..503aa9a 100644
 From 2eb968240627d3b7bbd188db5548ccc73621e018 Mon Sep 17 00:00:00 2001
 From: Kamil Dudka <kdudka at redhat.com>
 Date: Mon, 2 Dec 2013 16:09:12 +0100
-Subject: [PATCH 12/19] nss: make sure that 'sslver' is always initialized
+Subject: [PATCH 13/20] nss: make sure that 'sslver' is always initialized
 
 Upstream-commit: e221b55f67a2e12717e911f25d1bb6c85fcebfab
 Signed-off-by: Kamil Dudka <kdudka at redhat.com>
@@ -984,7 +1041,7 @@ index 503aa9a..87b883a 100644
 From b7dc3a64f687152015ef791e17e0d69b4d6c0484 Mon Sep 17 00:00:00 2001
 From: Daniel Stenberg <daniel at haxx.se>
 Date: Fri, 7 Feb 2014 20:28:53 +0100
-Subject: [PATCH 13/19] --help: add missing --tlsv1.x options
+Subject: [PATCH 14/20] --help: add missing --tlsv1.x options
 
 Upstream-commit: 67d14ab98f8b819ee6f5e6a4a2770d311c6bf13b
 Signed-off-by: Kamil Dudka <kdudka at redhat.com>
@@ -1015,7 +1072,7 @@ index 64534ac..f00ff55 100644
 From 2d2447ecab5ac7a51409eb51ee417841500b8732 Mon Sep 17 00:00:00 2001
 From: Kamil Dudka <kdudka at redhat.com>
 Date: Mon, 17 Feb 2014 16:55:10 +0100
-Subject: [PATCH 14/19] curl.1: update the description of --tlsv1
+Subject: [PATCH 15/20] curl.1: update the description of --tlsv1
 
 ... and mention the --tlsv1.[0-2] options in the --tslv1 entry
 
@@ -1049,7 +1106,7 @@ index e6eda68..3458024 100644
 From b4e3330f82d2c0413f17ca8f1f811de13fd8fd35 Mon Sep 17 00:00:00 2001
 From: Kamil Dudka <kdudka at redhat.com>
 Date: Wed, 2 Jul 2014 17:37:43 +0200
-Subject: [PATCH 15/19] nss: do not abort on connection failure
+Subject: [PATCH 16/20] nss: do not abort on connection failure
 
 ... due to calling SSL_VersionRangeGet() with NULL file descriptor
 
@@ -1081,7 +1138,7 @@ index 87b883a..bed87c2 100644
 From a5fd46ad1acbac7c4cd2b16a494d834a5bb117c3 Mon Sep 17 00:00:00 2001
 From: Kamil Dudka <kdudka at redhat.com>
 Date: Wed, 2 Jul 2014 17:49:37 +0200
-Subject: [PATCH 16/19] nss: make the fallback to SSLv3 work again
+Subject: [PATCH 17/20] nss: make the fallback to SSLv3 work again
 
 This feature was unintentionally disabled by commit ff92fcfb.
 
@@ -1111,7 +1168,7 @@ index bed87c2..bd7aa27 100644
 From c53ff38515729174c37bfd9e090f08027f107a05 Mon Sep 17 00:00:00 2001
 From: Kamil Dudka <kdudka at redhat.com>
 Date: Fri, 7 Mar 2014 13:02:03 +0100
-Subject: [PATCH 17/19] nss: do not enable AES cipher-suites by default
+Subject: [PATCH 18/20] nss: do not enable AES cipher-suites by default
 
 ... but allow them to be enabled/disabled explicitly.  The default
 policy should be maintained at the NSS level.
@@ -1188,7 +1245,7 @@ index bd7aa27..a0cd619 100644
 From 173e2f454c5ae2e73d8d0a0ed8528fcf2ca7440d Mon Sep 17 00:00:00 2001
 From: Kamil Dudka <kdudka at redhat.com>
 Date: Fri, 7 Mar 2014 13:10:54 +0100
-Subject: [PATCH 18/19] nss: allow to enable/disable new HMAC-SHA256
+Subject: [PATCH 19/20] nss: allow to enable/disable new HMAC-SHA256
  cipher-suites
 
 ... if built against a new enough version of NSS
@@ -1227,7 +1284,7 @@ index a0cd619..b62c878 100644
 From f5f9437a4ad184a6ab39ca5b4f835d3c8c76c370 Mon Sep 17 00:00:00 2001
 From: Kamil Dudka <kdudka at redhat.com>
 Date: Fri, 7 Mar 2014 13:14:08 +0100
-Subject: [PATCH 19/19] nss: allow to enable/disable new AES GCM cipher-suites
+Subject: [PATCH 20/20] nss: allow to enable/disable new AES GCM cipher-suites
 
 ... if built against a new enough version of NSS

More information about the scm-commits mailing list