diff --git a/SOURCES/0201-Keep-a-reference-to-the-object-used-for-CURLOPT_POST.patch b/SOURCES/0201-Keep-a-reference-to-the-object-used-for-CURLOPT_POST.patch new file mode 100644 index 0000000..20406fb --- /dev/null +++ b/SOURCES/0201-Keep-a-reference-to-the-object-used-for-CURLOPT_POST.patch @@ -0,0 +1,98 @@ +From f1169a50516e34d22a22229113aef46212177417 Mon Sep 17 00:00:00 2001 +From: Oleg Pudeyev +Date: Thu, 3 Oct 2013 22:31:31 -0400 +Subject: [PATCH] Keep a reference to the object used for CURLOPT_POSTFIELDS. + +Fixes #34 + +Upstream-commit: b01a04fbd7797c70c5397a1b04abb09e6e4c8a36 +Signed-off-by: Kamil Dudka +--- + src/pycurl.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/src/pycurl.c b/src/pycurl.c +index 9a7135c..31722ad 100644 +--- a/src/pycurl.c ++++ b/src/pycurl.c +@@ -149,16 +149,18 @@ typedef struct { + PyObject *pro_cb; + PyObject *debug_cb; + PyObject *ioctl_cb; + PyObject *opensocket_cb; + /* file objects */ + PyObject *readdata_fp; + PyObject *writedata_fp; + PyObject *writeheader_fp; ++ /* reference to the object used for CURLOPT_POSTFIELDS */ ++ PyObject *postfields_obj; + /* misc */ + char error[CURL_ERROR_SIZE+1]; + } CurlObject; + + /* Throw exception based on return value `res' and `self->error' */ + #define CURLERROR_RETVAL() do {\ + PyObject *v; \ + self->error[sizeof(self->error) - 1] = 0; \ +@@ -727,16 +729,17 @@ util_curl_new(void) + self->debug_cb = NULL; + self->ioctl_cb = NULL; + self->opensocket_cb = NULL; + + /* Set file object pointers to NULL by default */ + self->readdata_fp = NULL; + self->writedata_fp = NULL; + self->writeheader_fp = NULL; ++ self->postfields_obj = NULL; + + /* Zero string pointer memory buffer used by setopt */ + memset(self->error, 0, sizeof(self->error)); + + return self; + } + + /* initializer - used to intialize curl easy handles for use with pycurl */ +@@ -854,16 +857,17 @@ util_curl_xdecref(CurlObject *self, int flags, CURL *handle) + ZAP(self->ioctl_cb); + } + + if (flags & 8) { + /* Decrement refcount for python file objects. */ + ZAP(self->readdata_fp); + ZAP(self->writedata_fp); + ZAP(self->writeheader_fp); ++ ZAP(self->postfields_obj); + } + + if (flags & 16) { + /* Decrement refcount for share objects. */ + if (self->share != NULL) { + CurlShareObject *share = self->share; + self->share = NULL; + if (share->share_handle != NULL && handle != NULL) { +@@ -1626,16 +1630,22 @@ do_curl_setopt(CurlObject *self, PyObject *args) + /* Allocate memory to hold the string */ + assert(str != NULL); + /* Call setopt */ + res = curl_easy_setopt(self->handle, (CURLoption)option, str); + /* Check for errors */ + if (res != CURLE_OK) { + CURLERROR_RETVAL(); + } ++ /* libcurl does not copy the value of CURLOPT_POSTFIELDS */ ++ if (option == CURLOPT_POSTFIELDS) { ++ Py_INCREF(obj); ++ Py_XDECREF(self->postfields_obj); ++ self->postfields_obj = obj; ++ } + Py_INCREF(Py_None); + return Py_None; + } + + #define IS_LONG_OPTION(o) (o < CURLOPTTYPE_OBJECTPOINT) + #define IS_OFF_T_OPTION(o) (o >= CURLOPTTYPE_OFF_T) + + /* Handle the case of integer arguments */ +-- +2.5.0 + diff --git a/SOURCES/0202-Add-libcurl-7.34.0-sslversion-options.patch b/SOURCES/0202-Add-libcurl-7.34.0-sslversion-options.patch new file mode 100644 index 0000000..cfc72e0 --- /dev/null +++ b/SOURCES/0202-Add-libcurl-7.34.0-sslversion-options.patch @@ -0,0 +1,32 @@ +From 3f749c418098f71a2480a46ed0fc45efb78127c7 Mon Sep 17 00:00:00 2001 +From: Oleg Pudeyev +Date: Tue, 19 May 2015 11:41:27 -0400 +Subject: [PATCH] Add libcurl 7.34.0 sslversion options + +Upstream-commit: 83ccaa22e824b1bd9d2c60cab10dff323c7d0ca4 +Signed-off-by: Kamil Dudka +--- + src/pycurl.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/src/pycurl.c b/src/pycurl.c +index c523d5f..09db588 100644 +--- a/src/pycurl.c ++++ b/src/pycurl.c +@@ -3737,9 +3737,12 @@ initpycurl(void) + + /* constants for setopt(SSLVERSION, x) */ + insint_c(d, "SSLVERSION_DEFAULT", CURL_SSLVERSION_DEFAULT); +- insint_c(d, "SSLVERSION_TLSv1", CURL_SSLVERSION_TLSv1); + insint_c(d, "SSLVERSION_SSLv2", CURL_SSLVERSION_SSLv2); + insint_c(d, "SSLVERSION_SSLv3", CURL_SSLVERSION_SSLv3); ++ insint_c(d, "SSLVERSION_TLSv1", CURL_SSLVERSION_TLSv1); ++ insint_c(d, "SSLVERSION_TLSv1_0", CURL_SSLVERSION_TLSv1_0); ++ insint_c(d, "SSLVERSION_TLSv1_1", CURL_SSLVERSION_TLSv1_1); ++ insint_c(d, "SSLVERSION_TLSv1_2", CURL_SSLVERSION_TLSv1_2); + + /* curl_TimeCond: constants for setopt(TIMECONDITION, x) */ + insint_c(d, "TIMECONDITION_NONE", CURL_TIMECOND_NONE); +-- +2.5.0 + diff --git a/SPECS/python-pycurl.spec b/SPECS/python-pycurl.spec index 9368695..1b4ef0c 100644 --- a/SPECS/python-pycurl.spec +++ b/SPECS/python-pycurl.spec @@ -2,7 +2,7 @@ Name: python-pycurl Version: 7.19.0 -Release: 17%{?dist} +Release: 19%{?dist} Summary: A Python interface to libcurl Group: Development/Languages @@ -24,11 +24,17 @@ Patch103: 0103-pycurl.c-allow-to-return-1-from-write-callback.patch Patch104: 0104-test_write_abort.py-test-returning-1-from-write-call.patch Patch105: 0105-add-the-GLOBAL_ACK_EINTR-constant-to-the-list-of-exp.patch +# RHEL patches +Patch201: 0201-Keep-a-reference-to-the-object-used-for-CURLOPT_POST.patch +Patch202: 0202-Add-libcurl-7.34.0-sslversion-options.patch + Requires: keyutils-libs BuildRequires: python-devel -BuildRequires: curl-devel >= 7.19.0 BuildRequires: openssl-devel +# curl-7.29.0-16 or newer is needed for CURL_SSLVERSION_TLSv1_[0-2] +BuildRequires: libcurl-devel >= 7.29.0-16 + # During its initialization, PycURL checks that the actual libcurl version # is not lower than the one used when PycURL was built. # Yes, that should be handled by library versioning (which would then get @@ -59,6 +65,8 @@ of features. %patch103 -p1 %patch104 -p1 %patch105 -p1 +%patch201 -p1 +%patch202 -p1 chmod a-x examples/* %build @@ -77,6 +85,12 @@ rm -rf %{buildroot}%{_datadir}/doc/pycurl %{python_sitearch}/* %changelog +* Mon Sep 07 2015 Kamil Dudka - 7.19.0-19 +- introduce SSLVERSION_TLSv1_[0-2] (#1260407) + +* Wed Oct 15 2014 Kamil Dudka - 7.19.0-18 +- fix a use-after-free bug in handling pycurl.POSTFIELDS (#1153321) + * Fri Jan 24 2014 Daniel Mach - 7.19.0-17 - Mass rebuild 2014-01-24