[curl/f21] Resolves: #1187531 - fix a spurious connect failure on dual-stacked hosts

Mon Feb 23 13:10:11 UTC 2015

commit 8113d2c12b2f096fe568c382f42f26554de35054
Author: Kamil Dudka <kdudka at redhat.com>
Date:   Mon Feb 23 13:46:07 2015 +0100

    Resolves: #1187531 - fix a spurious connect failure on dual-stacked hosts

 0010-curl-7.37.0-e08a12d.patch | 105 +++++++++++++++++++++++++++++++++++++++++
 curl.spec                      |   9 +++-
 2 files changed, 113 insertions(+), 1 deletion(-)
---

diff --git a/0010-curl-7.37.0-e08a12d.patch b/0010-curl-7.37.0-e08a12d.patch
new file mode 100644
index 0000000..17e5682
--- /dev/null
+++ b/0010-curl-7.37.0-e08a12d.patch
@@ -0,0 +1,105 @@
+From 1fa4384ff6cde36d95943eac6e71ac1b8754d3da Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka at redhat.com>
+Date: Mon, 16 Feb 2015 17:00:05 +0100
+Subject: [PATCH 1/2] connect: avoid skipping an IPv4 address
+
+... in case the protocol versions are mixed in a DNS response
+(IPv6 -> IPv4 -> IPv6).
+
+Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1187531#c3
+
+Upstream-commit: 92835ca5d87850ae0c670d66bd73af391b34cdc3
+Signed-off-by: Kamil Dudka <kdudka at redhat.com>
+---
+ lib/connect.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/lib/connect.c b/lib/connect.c
+index 5a60d14..1728e56 100644
+--- a/lib/connect.c
++++ b/lib/connect.c
+@@ -540,6 +540,7 @@ static CURLcode trynextip(struct connectdata *conn,
+                           int sockindex,
+                           int tempindex)
+ {
++  const int other = tempindex ^ 1;
+   CURLcode rc = CURLE_COULDNT_CONNECT;
+ 
+   /* First clean up after the failed socket.
+@@ -570,8 +571,11 @@ static CURLcode trynextip(struct connectdata *conn,
+     }
+ 
+     while(ai) {
+-      while(ai && ai->ai_family != family)
+-        ai = ai->ai_next;
++      if(conn->tempaddr[other]) {
++        /* we can safely skip addresses of the other protocol family */
++        while(ai && ai->ai_family != family)
++          ai = ai->ai_next;
++      }
+ 
+       if(ai) {
+         rc = singleipconnect(conn, ai, &conn->tempsock[tempindex]);
+-- 
+2.1.0
+
+
+From 85cf6e9b9d42ab70ab73484787d4eaa89734531b Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka at redhat.com>
+Date: Mon, 16 Feb 2015 17:16:57 +0100
+Subject: [PATCH 2/2] connect: wait for IPv4 connection attempts
+
+... even if the last IPv6 connection attempt has failed.
+
+Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1187531#c4
+
+Upstream-commit: e08a12dab1a410c94bf75aef04251bf64c127eb6
+Signed-off-by: Kamil Dudka <kdudka at redhat.com>
+---
+ lib/connect.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/lib/connect.c b/lib/connect.c
+index 1728e56..5182965 100644
+--- a/lib/connect.c
++++ b/lib/connect.c
+@@ -749,6 +749,7 @@ CURLcode Curl_is_connected(struct connectdata *conn,
+   }
+ 
+   for(i=0; i<2; i++) {
++    const int other = i ^ 1;
+     if(conn->tempsock[i] == CURL_SOCKET_BAD)
+       continue;
+ 
+@@ -778,7 +779,6 @@ CURLcode Curl_is_connected(struct connectdata *conn,
+     else if(result == CURL_CSELECT_OUT) {
+       if(verifyconnect(conn->tempsock[i], &error)) {
+         /* we are connected with TCP, awesome! */
+-        int other = i ^ 1;
+ 
+         /* use this socket from now on */
+         conn->sock[sockindex] = conn->tempsock[i];
+@@ -821,6 +821,7 @@ CURLcode Curl_is_connected(struct connectdata *conn,
+       data->state.os_errno = error;
+       SET_SOCKERRNO(error);
+       if(conn->tempaddr[i]) {
++        CURLcode status;
+         Curl_printable_address(conn->tempaddr[i], ipaddress, MAX_IPADR_LEN);
+         infof(data, "connect to %s port %ld failed: %s\n",
+               ipaddress, conn->port, Curl_strerror(conn, error));
+@@ -828,7 +829,11 @@ CURLcode Curl_is_connected(struct connectdata *conn,
+         conn->timeoutms_per_addr = conn->tempaddr[i]->ai_next == NULL ?
+                                    allow : allow / 2;
+ 
+-        code = trynextip(conn, sockindex, i);
++        status = trynextip(conn, sockindex, i);
++        if(status != CURLE_COULDNT_CONNECT
++            || conn->tempsock[other] == CURL_SOCKET_BAD)
++          /* the last attempt failed and no other sockets remain open */
++          code = status;
+       }
+     }
+   }
+-- 
+2.1.0
+
diff --git a/curl.spec b/curl.spec
index 6c3a759..6beef75 100644
--- a/curl.spec
+++ b/curl.spec
@@ -1,7 +1,7 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
 Version: 7.37.0
-Release: 12%{?dist}
+Release: 13%{?dist}
 License: MIT
 Group: Applications/Internet
 Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
@@ -34,6 +34,9 @@ Patch8: 0008-curl-7.37.0-cacdc27f.patch
 # reject CRLFs in URLs passed to proxy (CVE-2014-8150)
 Patch9: 0009-curl-7.37.0-CVE-2014-8150.patch
 
+# fix a spurious connect failure on dual-stacked hosts (#1187531)
+Patch10: 0010-curl-7.37.0-e08a12d.patch
+
 # patch making libcurl multilib ready
 Patch101: 0101-curl-7.32.0-multilib.patch
 
@@ -156,6 +159,7 @@ documentation of the library, too.
 %patch7 -p1
 %patch8 -p1
 %patch9 -p1
+%patch10 -p1
 
 # Fedora patches
 %patch101 -p1
@@ -279,6 +283,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_datadir}/aclocal/libcurl.m4
 
 %changelog
+* Mon Feb 23 2015 Kamil Dudka <kdudka at redhat.com> 7.37.0-13
+- fix a spurious connect failure on dual-stacked hosts (#1187531)
+
 * Thu Jan 08 2015 Kamil Dudka <kdudka at redhat.com> 7.37.0-12
 - reject CRLFs in URLs passed to proxy (CVE-2014-8150)
 
