Sisyphus repositório
Última atualização: 1 outubro 2023 | SRPMs: 18631 | Visitas: 37042768
en ru br
ALT Linux repositórios
S:8.3.0-alt1
5.0: 7.19.4-alt0.M50.2
4.1: 7.18.1-alt3.M41.3
4.0: 7.17.1-alt4.M40.2
3.0: 7.15.0-alt1
+updates:7.15.0-alt2

Outros repositórios
Upstream:7.18.0

Group :: Rede/Transferência de Arquivos
RPM: curl

 Main   Changelog   Spec   Patches   Sources   Download   Gear   Bugs e FR  Repocop 

Patch: curl-7.17.1-alt4.M40.2.patch
Download


 .gear/rules                                        |    2 +
 .../tags/c40b3253cb9b7c3d77cda15b70438c1bb29b6cc8  |   13 +
 .gear/tags/list                                    |    1 +
 curl-config.in                                     |   15 +-
 curl.spec                                          |  352 ++++++++++++++++++++
 docs/libcurl/curl_easy_setopt.3                    |   24 ++
 include/curl/curl.h                                |   27 ++
 lib/content_encoding.c                             |    2 +-
 lib/easy.c                                         |    7 +
 lib/ssluse.c                                       |   40 ++-
 lib/url.c                                          |   32 ++
 lib/urldata.h                                      |   35 ++-
 12 files changed, 511 insertions(+), 39 deletions(-)
diff --git a/.gear/rules b/.gear/rules
new file mode 100644
index 0000000..0b10e84
--- /dev/null
+++ b/.gear/rules
@@ -0,0 +1,2 @@
+tar: v@version@:. name=curl-@version@
+diff: v@version@:.	.
diff --git a/.gear/tags/c40b3253cb9b7c3d77cda15b70438c1bb29b6cc8 b/.gear/tags/c40b3253cb9b7c3d77cda15b70438c1bb29b6cc8
new file mode 100644
index 0000000..8689c7d
--- /dev/null
+++ b/.gear/tags/c40b3253cb9b7c3d77cda15b70438c1bb29b6cc8
@@ -0,0 +1,13 @@
+object 0c5f8c96c07e96f395c534a7d31a321da2243dcf
+type commit
+tag v7.17.1
+tagger Anton Farygin <rider@altlinux.com> 1235642277 +0300
+
+7.17.1
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (GNU/Linux)
+
+iEYEABECAAYFAkmmZ6oACgkQqohfd2vlwKtWSACffb9tz/GK6sGigJVI7S1CLYx9
+ji8AnjEsQojW9MikO0oGAmlnHw+DMwqe
+=nbuM
+-----END PGP SIGNATURE-----
diff --git a/.gear/tags/list b/.gear/tags/list
new file mode 100644
index 0000000..1d27536
--- /dev/null
+++ b/.gear/tags/list
@@ -0,0 +1 @@
+c40b3253cb9b7c3d77cda15b70438c1bb29b6cc8 v7.17.1
diff --git a/curl-config.in b/curl-config.in
index 20cfc75..ccebd25 100644
--- a/curl-config.in
+++ b/curl-config.in
@@ -72,7 +72,7 @@ while test $# -gt 0; do
 	;;
 
     --cc)
-	echo "@CC@"
+	echo "gcc"
 	;;
 
     --prefix)
@@ -189,20 +189,11 @@ while test $# -gt 0; do
        	;;
 
     --libs)
-	if test "X@libdir@" != "X/usr/lib"; then
-	   CURLLIBDIR="-L@libdir@ "
-	else
-	   CURLLIBDIR=""
-	fi
-	if test "X@REQUIRE_LIB_DEPS@" = "Xyes"; then
-	  echo ${CURLLIBDIR}-lcurl @LDFLAGS@ @LIBCURL_LIBS@ @LIBS@
-	else
-	  echo ${CURLLIBDIR}-lcurl @LDFLAGS@ @LIBS@
-	fi
+	pkg-config libcurl --libs
 	;;
 
     --static-libs)
-	echo @libdir@/libcurl.@libext@ @LDFLAGS@ @LIBCURL_LIBS@ @LIBS@
+	pkg-config libcurl --libs --static
 	;;
 
     *)
diff --git a/curl.spec b/curl.spec
new file mode 100644
index 0000000..04fe3e2
--- /dev/null
+++ b/curl.spec
@@ -0,0 +1,352 @@
+Name: curl
+Version: 7.17.1
+Release: alt4.M40.2
+
+Summary: Gets a file from a FTP, GOPHER or HTTP server
+Summary(ru_RU.UTF-8): Утилиты и библиотеки для передачи файлов
+License: MPL or MIT
+Group: Networking/File transfer
+Url: http://curl.haxx.se
+
+Source: %url/download/%name-%version.tar
+Patch0: %name-%version-%release.patch
+
+Requires: lib%name = %version-%release
+
+# Automatically added by buildreq on Fri Feb 09 2007
+BuildRequires: gcc-c++ glibc-devel-static groff-base libidn-devel libssl-devel zlib-devel
+
+%package -n lib%name
+Summary: The shared library for file transfer
+Summary(ru_RU.UTF-8): Библиотеки для передачи файлов
+Group: System/Libraries
+Provides: %name-lib = %version
+Obsoletes: %name-lib
+Requires: ca-certificates
+
+%package -n lib%name-devel
+Summary: Header files for lib%name
+Summary(ru_RU.UTF-8): Заголовочные файлы для lib%name
+Group: Development/C
+Requires: lib%name = %version-%release libidn-devel libssl-devel zlib-devel
+Provides: %name-devel = %version
+Obsoletes: %name-devel
+
+%package -n lib%name-devel-static
+Summary: Static libraries for lib%name
+Summary(ru_RU.UTF-8): Статические библиотеки для lib%name
+Group: Development/C
+Requires: lib%name-devel = %version-%release
+
+%description
+Curl is a client to get documents/files from servers, using any of the
+supported protocols. The command is designed to work without user
+interaction or any kind of interactivity.
+
+Curl offers a busload of useful tricks like proxy support, user
+authentication, ftp upload, HTTP post, file transfer resume and more.
+
+NOTE: This version is compiled with SSL (https) support.
+
+%description -l ru_RU.UTF-8
+Curl - это клиент для получения файлов или документов с серверов, используя 
+один из поддерживаемых протоколов. Команда сделана таким образом, что бы работала 
+без вмешательства пользователя (или с вмешательством пользователя).
+
+Curl позволяет делать операции над сетевыми файлами, используя поддержку Прокси, 
+авторизацию пользователя, докачку файлов и многое другое.
+
+%description -n lib%name
+Lib%name is a library of functions for sending and receiving files through
+various protocols, including http and ftp.
+
+You should install this package if you plan to use any applications that
+use lib%name.
+
+%description -n lib%name -l ru_RU.UTF-8
+Lib%name - это библиотека функций для отправки или получения файлов через 
+различные сетевые протоколы, включая http и ftp.
+
+Вам нужно установить этот пакет, если вы планируете использовать приложения 
+с использованием lib%name.
+
+%description -n lib%name-devel
+Lib%name is a library of functions for sending and receiving files through
+various protocols, including http and ftp.
+
+You should install this package if you wish to develop applications that
+utilize lib%name.
+
+%description -n lib%name-devel -l ru_RU.UTF-8
+Lib%name - это библиотека функций для отправки или получения файлов через                                      
+различные сетевые протоколы, включая http и ftp.  
+
+Вам нужно установить этот пакет, если вы планируете разрабатывать приложения
+с использованием lib%name.
+
+
+%description -n lib%name-devel-static
+Lib%name is a library of functions for sending and receiving files through
+various protocols, including http and ftp.
+
+You should install this package if you wish to develop statically linked
+applications that utilize lib%name.
+
+%description -n lib%name-devel-static -l ru_RU.UTF-8                                                                 
+Lib%name - это библиотека функций для отправки или получения файлов через                                      
+различные сетевые протоколы, включая http и ftp.                                                               
+                                                                                                               
+Вам нужно установить этот пакет, если вы планируете разрабатывать статически
+скомпилированные  приложения с использованием lib%name.
+
+%prep
+%setup -q
+%patch0 -p1
+
+%build
+./buildconf
+%configure --with-ssl \
+	    --with-libidn\
+	    --enable-ipv6\
+	    --disable-rpat\
+	    --disable-ldap\
+	    --without-gssapi\
+	    --with-ca-bundle=%_datadir/ca-certificates/ca-bundle.crt
+
+%make_build
+
+%install
+%make install DESTDIR=$RPM_BUILD_ROOT
+
+%post -n lib%name -p /sbin/ldconfig
+%postun -n lib%name -p /sbin/ldconfig
+
+%files
+%_bindir/curl
+%_man1dir/curl.1*
+
+%files -n lib%name
+%_libdir/*.so.*
+
+%doc CHANGES README* docs/{FAQ,FEATURES}
+
+%files -n lib%name-devel
+%_libdir/*.so
+%_libdir/pkgconfig/libcurl.pc
+%_bindir/curl-config
+%_includedir/*
+%_man3dir/*
+%_man1dir/curl-config.1*
+%doc docs/{THANKS,BUGS,CONTRIBUTE,INTERNALS,MANUAL,RESOURCES,TheArtOfHttpScripting,TODO,examples}
+
+%files -n lib%name-devel-static
+%_libdir/*.a
+
+%changelog
+* Thu Feb 11 2010 Anton Farygin <rider@altlinux.ru> 7.17.1-alt4.M40.2
+- security fix from mainstream (http://curl.haxx.se/docs/adv_20100209.html)
+
+* Thu Aug 13 2009 Anton Farygin <rider@altlinux.ru> 7.17.1-alt4.M40.1
+- fixed CVE-2009-2417
+
+* Thu Feb 26 2009 Anton Farygin <rider@altlinux.ru> 7.17.1-alt3.M40.1
+- fixed CVE-2009-0037
+- use pkg-config in curl-config (backport patch from Sisyphus)
+
+* Thu Nov 15 2007 Anton Farygin <rider@altlinux.ru> 7.17.1-alt2
+- disabled ldap support
+
+* Tue Nov 06 2007 Anton Farygin <rider@altlinux.ru> 7.17.1-alt1
+- new version
+
+* Fri Sep 14 2007 Anton Farygin <rider@altlinux.ru> 7.17.0-alt1
+- new version
+- removed patch1 (included to mainstream)
+- removed unsused patch0
+
+* Tue Sep 11 2007 Anton Farygin <rider@altlinux.ru> 7.16.4-alt2
+- added patch to ftp from sbolshakov@. Fixed anonymous login on some non-standart servers
+
+* Wed Jul 11 2007 Anton Farygin <rider@altlinux.ru> 7.16.4-alt1
+- new version with security fixes (CVE-2007-3564)
+- disabled kerberos support (by requiest from krb5 mantainer)
+
+* Tue Jul 03 2007 Anton Farygin <rider@altlinux.ru> 7.16.3-alt1
+- new version
+
+* Thu Apr 12 2007 Anton Farygin <rider@altlinux.ru> 7.16.2-alt1
+- new version
+
+* Mon Feb 12 2007 Anton Farygin <rider@altlinux.ru> 7.16.1-alt3
+- fixed curl-config --libs and libcurl.pc (unneeded libs removed)
+
+* Fri Feb 09 2007 Anton Farygin <rider@altlinux.ru> 7.16.1-alt2
+- use ca-certificates
+- build with gssapi support
+- updated build requires
+
+* Wed Jan 31 2007 Anton Farygin <rider@altlinux.ru> 7.16.1-alt1
+- new version
+
+* Tue Jan 09 2007 Anton Farygin <rider@altlinux.ru> 7.16.0-alt1
+- new version (soname changed)
+
+* Wed Sep 13 2006 Anton Farygin <rider@altlinux.ru> 7.15.5-alt1
+- new version
+
+* Fri Mar 24 2006 Anton Farygin <rider@altlinux.ru> 7.15.3-alt1
+- new version
+
+* Fri Oct 14 2005 Anton Farygin <rider@altlinux.ru> 7.15.0-alt1
+- new version
+
+* Fri Sep 02 2005 Anton Farygin <rider@altlinux.ru> 7.14.1-alt1
+- new version
+
+* Tue May 17 2005 Anton Farygin <rider@altlinux.ru> 7.14.0-alt1
+- new version
+
+* Fri May 06 2005 Anton Farygin <rider@altlinux.ru> 7.13.2-alt1
+- new version
+
+* Fri Mar 04 2005 Anton Farygin <rider@altlinux.ru> 7.13.1-alt1
+- 7.13.1
+
+* Mon Feb 07 2005 Anton Farygin <rider@altlinux.ru> 7.13.0-alt2
+- lib%name-devel: added requires to libidn-devel libssl-devel zlib-devel
+
+* Tue Feb 01 2005 Anton Farygin <rider@altlinux.ru> 7.13.0-alt1
+- new version
+
+* Tue Jan 18 2005 Anton Farygin <rider@altlinux.ru> 7.12.3-alt1
+- new version
+
+* Fri Oct 29 2004 Anton Farygin <rider@altlinux.ru> 7.12.2-alt1
+- new version
+
+* Fri Oct 15 2004 Anton Farygin <rider@altlinux.ru> 7.12.1-alt1
+- new version
+
+* Mon Apr 26 2004 Anton Farygin <rider@altlinux.ru> 7.11.2-alt1
+- new version
+
+* Tue Apr 20 2004 Anton Farygin <rider@altlinux.ru> 7.11.1-alt1
+- new version
+
+* Thu Mar 18 2004 Anton Farygin <rider@altlinux.ru> 7.11.0-alt1
+- new version
+
+* Sun Dec 14 2003 Rider <rider@altlinux.ru> 7.10.8-alt1
+- new version
+
+* Wed Apr 30 2003 Rider <rider@altlinux.ru> 7.10.4-alt1
+- 7.10.4
+
+* Mon Mar 31 2003 Rider <rider@altlinux.ru> 7.10.3-alt1
+- 7.10.3
+
+* Fri Nov 22 2002 Rider <rider@altlinux.ru> 7.10.2-alt1
+- new version
+
+* Fri Oct 04 2002 Rider <rider@altlinux.ru> 7.10-alt1
+- 7.10
+
+* Fri Jun 14 2002 Rider <rider@altlinux.ru> 7.9.8-alt1
+- 7.9.8
+
+* Sat Jun 01 2002 Rider <rider@altlinux.ru> 7.9.7-alt1
+- 7.9.7
+
+* Sat Apr 27 2002 Rider <rider@altlinux.ru> 7.9.6-alt1
+- 7.9.6
+
+* Wed Mar 27 2002 Rider <rider@altlinux.ru> 7.9.5-alt1
+- 7.9.5
+
+* Sat Feb 09 2002 Rider <rider@altlinux.ru> 7.9.4-alt1
+- 7.9.4
+
+* Thu Jan 03 2002 Rider <rider@altlinux.ru> 7.9.2-alt1
+- 7.9.2
+- russian summary and description
+
+* Tue Oct 09 2001 Rider <rider@altlinux.ru> 7.9-alt1
+- 7.9
+
+* Fri Aug 24 2001 Rider <rider@altlinux.ru> 7.8.1-alt1
+- 7.8.1
+
+* Tue May 22 2001 Alexander Bokovoy <ab@altlinux.ru> 7.7.3-alt2
+- Fixed:
+    + curl-config moved to libcurl-devel
+    + curl-config(1) moved to libcurl-devel
+
+* Tue May 08 2001 Rider <rider@altlinux.ru> 7.7.3-alt1
+- 7.7.3
+
+* Wed Apr 25 2001 Rider <rider@altlinux.ru> 7.7.2-alt1
+- 7.7.2
+
+* Thu Apr 05 2001 Rider <rider@altlinux.ru> 7.7.1-alt1
+- 7.7.1
+
+* Sun Jan 28 2001 Dmitry V. Levin <ldv@fandra.org> 7.6-ipl1mdk
+- 7.6
+
+* Sun Jan 21 2001 Dmitry V. Levin <ldv@fandra.org> 7.5.2-ipl2mdk
+- RE adaptions.
+
+* Tue Jan  9 2001 DindinX <odin@mandrakesoft.com> 7.5.2-2mdk
+- change lisence, according to the author's will (reported by F. Crozat)
+- added some sample codes to the -devel package
+
+* Tue Jan  9 2001 DindinX <odin@mandrakesoft.com> 7.5.2-1mdk
+- 7.5.2
+- small spec updates
+
+* Mon Dec 18 2000 DindinX <odin@mandrakesoft.com> 7.5.1-2mdk
+- corrected URL
+
+* Wed Dec 13 2000 DindinX <odin@mandrakesoft.com> 7.5.1-1mdk
+- 7.5.1
+
+* Thu Dec 07 2000 Geoffrey lee <snailtalk@mandrakesoft.com> 7.5-2mdk
+- manually include fcntl.h, strangely, it has been left out (sucky!!!).
+
+* Mon Dec 04 2000 Geoffrey lee <snailtalk@mandrakesoft.com> 7.5-1mdk
+- new and shiny source.
+- requires: curl = %%version
+
+* Wed Nov 15 2000 Geoffrey Lee <snailtalk@mandrakesoft.com> 7.4.2-5mdk
+- really 7.4.2.
+- well we compile with ssl now, so obviously description is wrong (daoudascks)
+
+* Mon Nov 13 2000 Daouda Lo <daouda@mandrakesoft.com> 7.4.2-4mdk
+- compiled with ssl (from TitiSux)
+
+* Mon Nov 13 2000 Daouda Lo <daouda@mandrakesoft.com> 7.4.2-3mdk
+- relase pre4.
+
+* Fri Nov 10 2000 Lenny Cartier <lenny@mandrakesoft.com> 7.4.2-2mdk
+- fiw requires
+
+* Tue Nov 07 2000 Daouda Lo <daouda@mandrakesoft.com> 7.4.2-1mdk
+- new release
+
+* Fri Nov 03 2000 DindinX <odin@mandrakesoft.com> 7.4.1-1mdk
+- 7.4.1
+
+* Mon Aug 28 2000 Lenny Cartier <lenny@mandrakesoft.com> 7.1-1mdk
+- used srpm from Anton Graham <darkimage@bigfoot.com> :
+	- new version
+	- new -lib and -devel packages
+
+* Mon Aug 28 2000 Lenny Cartier <lenny@mandrakesoft.com> 6.5.2-3mdk
+- change description
+- clean spec
+
+* Tue Jul 11 2000 Anton Graham <darkimage@bigfoot.com> 6.5.2-2mdk
+- Macroification
+
+* Wed May 03 2000 Anton Graham <darkimage@bigfoot.com> 6.5.2-1mdk
+- First Mandrake build
diff --git a/docs/libcurl/curl_easy_setopt.3 b/docs/libcurl/curl_easy_setopt.3
index e78e200..57b4cf0 100644
--- a/docs/libcurl/curl_easy_setopt.3
+++ b/docs/libcurl/curl_easy_setopt.3
@@ -400,6 +400,26 @@ The string given to CURLOPT_URL must be url-encoded and following the RFC 2396
 
 \fICURLOPT_URL\fP is the only option that \fBmust\fP be set before
 \fIcurl_easy_perform(3)\fP is called.
+
+\fICURLOPT_PROTOCOLS\fP can be used to limit what protocols libcurl will use
+for this transfer, independent of what libcurl has been compiled to
+support. That may be useful if you accept the URL from an external source and
+want to limit the accessibility.
+.IP CURLOPT_PROTOCOLS
+Pass a long that holds a bitmask of CURLPROTO_* defines. If used, this bitmask
+limits what protocols libcurl may use in the transfer. This allows you to have
+a libcurl built to support a wide range of protocols but still limit specific
+transfers to only be allowed to use a subset of them. By default libcurl will
+accept all protocols it supports. See also
+\fICURLOPT_REDIR_PROTOCOLS\fP. (Added in 7.19.4)
+.IP CURLOPT_REDIR_PROTOCOLS
+Pass a long that holds a bitmask of CURLPROTO_* defines. If used, this bitmask
+limits what protocols libcurl may use in a transfer that it follows to in a
+redirect when \fICURLOPT_FOLLOWLOCATION\fP is enabled. This allows you to
+limit specific transfers to only be allowed to use a subset of protocols in
+redirections. By default libcurl will allow all protocols except for FILE and
+SCP. This is a difference compared to pre-7.19.4 versions which
+unconditionally would follow to all protocols supported. (Added in 7.19.4)
 .IP CURLOPT_PROXY
 Set HTTP proxy to use. The parameter should be a char * to a zero terminated
 string holding the host name or dotted IP address. To specify port number in
@@ -631,6 +651,10 @@ This means that the library will re-send the same request on the new location
 and follow new Location: headers all the way until no more such headers are
 returned. \fICURLOPT_MAXREDIRS\fP can be used to limit the number of redirects
 libcurl will follow.
+
+NOTE: since 7.19.4, libcurl can limit to what protocols it will automatically
+follow. The accepted protocols are set with \fICURLOPT_REDIR_PROTOCOLS\fP and
+it excludes the FILE protocol by default.
 .IP CURLOPT_UNRESTRICTED_AUTH
 A non-zero parameter tells the library it can continue to send authentication
 (user+password) when following locations, even when hostname changed. This
diff --git a/include/curl/curl.h b/include/curl/curl.h
index 77a38f8..2a2f732 100644
--- a/include/curl/curl.h
+++ b/include/curl/curl.h
@@ -558,6 +558,21 @@ typedef enum {
   CURLFTPMETHOD_LAST       /* not an option, never use */
 } curl_ftpmethod;
 
+/* CURLPROTO_ defines are for the CURLOPT_*PROTOCOLS options */
+#define CURLPROTO_HTTP   (1<<0)
+#define CURLPROTO_HTTPS  (1<<1)
+#define CURLPROTO_FTP    (1<<2)
+#define CURLPROTO_FTPS   (1<<3)
+#define CURLPROTO_SCP    (1<<4)
+#define CURLPROTO_SFTP   (1<<5)
+#define CURLPROTO_TELNET (1<<6)
+#define CURLPROTO_LDAP   (1<<7)
+#define CURLPROTO_LDAPS  (1<<8)
+#define CURLPROTO_DICT   (1<<9)
+#define CURLPROTO_FILE   (1<<10)
+#define CURLPROTO_TFTP   (1<<11)
+#define CURLPROTO_ALL    (~0) /* enable everything */
+
 /* long may be 32 or 64 bits, but we should never depend on anything else
    but 32 */
 #define CURLOPTTYPE_LONG          0
@@ -1159,6 +1174,18 @@ typedef enum {
   /* POST volatile input fields. */
   CINIT(COPYPOSTFIELDS, OBJECTPOINT, 165),
 
+  /* set the bitmask for the protocols that are allowed to be used for the
+     transfer, which thus helps the app which takes URLs from users or other
+     external inputs and want to restrict what protocol(s) to deal
+     with. Defaults to CURLPROTO_ALL. */
+  CINIT(PROTOCOLS, LONG, 181),
+
+  /* set the bitmask for the protocols that libcurl is allowed to follow to,
+     as a subset of the CURLOPT_PROTOCOLS ones. That means the protocol needs
+     to be set in both bitmasks to be allowed to get redirected to. Defaults
+     to CURLPROTO_ALL & ~CURLPROTO_FILE. */
+  CINIT(REDIR_PROTOCOLS, LONG, 182),
+
   CURLOPT_LASTENTRY /* the last unused */
 } CURLoption;
 
diff --git a/lib/content_encoding.c b/lib/content_encoding.c
index 0366bce..92175fa 100644
--- a/lib/content_encoding.c
+++ b/lib/content_encoding.c
@@ -40,7 +40,7 @@
    (doing so will reduce code size slightly). */
 #define OLD_ZLIB_SUPPORT 1
 
-#define DSIZ 0x10000             /* buffer size for decompressed data */
+#define DSIZ CURL_MAX_WRITE_SIZE /* buffer size for decompressed data */
 
 #define GZIP_MAGIC_0 0x1f
 #define GZIP_MAGIC_1 0x8b
diff --git a/lib/easy.c b/lib/easy.c
index 97376c6..9a95a1d 100644
--- a/lib/easy.c
+++ b/lib/easy.c
@@ -742,6 +742,13 @@ void curl_easy_reset(CURL *curl)
                                                       type */
   data->set.new_file_perms = 0644;    /* Default permissions */
   data->set.new_directory_perms = 0755; /* Default permissions */
+
+  /* for the *protocols fields we don't use the CURLPROTO_ALL convenience
+     define since we internally only use the lower 16 bits for the passed
+     in bitmask to not conflict with the private bits */
+  data->set.allowed_protocols = PROT_EXTMASK;
+  data->set.redir_protocols =
+    PROT_EXTMASK & ~(CURLPROTO_FILE|CURLPROTO_SCP); /* not FILE or SCP */
 }
 
 #ifdef CURL_DOES_CONVERSIONS
diff --git a/lib/ssluse.c b/lib/ssluse.c
index c568d9e..6be11ed 100644
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -1028,7 +1028,7 @@ static CURLcode verifyhost(struct connectdata *conn,
       if(check->type == target) {
         /* get data and length */
         const char *altptr = (char *)ASN1_STRING_data(check->d.ia5);
-        int altlen;
+        size_t altlen = (size_t) ASN1_STRING_length(check->d.ia5);
 
         switch(target) {
         case GEN_DNS: /* name/pattern comparison */
@@ -1042,14 +1042,16 @@ static CURLcode verifyhost(struct connectdata *conn,
              "I checked the 0.9.6 and 0.9.8 sources before my patch and
              it always 0-terminates an IA5String."
           */
-          if (cert_hostcheck(altptr, conn->host.name))
+          if((altlen == strlen(altptr)) &&
+             /* if this isn't true, there was an embedded zero in the name
+                string and we cannot match it. */
+             cert_hostcheck(altptr, conn->host.name))
             matched = TRUE;
           break;
 
         case GEN_IPADD: /* IP address comparison */
           /* compare alternative IP address if the data chunk is the same size
              our server IP address is */
-          altlen = ASN1_STRING_length(check->d.ia5);
           if((altlen == addrlen) && !memcmp(altptr, &addr, altlen))
             matched = TRUE;
           break;
@@ -1089,18 +1091,27 @@ static CURLcode verifyhost(struct connectdata *conn,
          string manually to avoid the problem. This code can be made
          conditional in the future when OpenSSL has been fixed. Work-around
          brought by Alexis S. L. Carvalho. */
-      if (tmp && ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) {
-        j = ASN1_STRING_length(tmp);
-        if (j >= 0) {
-          peer_CN = OPENSSL_malloc(j+1);
-          if (peer_CN) {
-            memcpy(peer_CN, ASN1_STRING_data(tmp), j);
-            peer_CN[j] = '\0';
+      if(tmp) {
+        if(ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) {
+          j = ASN1_STRING_length(tmp);
+          if(j >= 0) {
+            peer_CN = OPENSSL_malloc(j+1);
+            if(peer_CN) {
+              memcpy(peer_CN, ASN1_STRING_data(tmp), j);
+              peer_CN[j] = '\0';
+            }
           }
         }
+        else /* not a UTF8 name */
+          j = ASN1_STRING_to_UTF8(&peer_CN, tmp);
+
+        if(peer_CN && ((int)strlen((char *)peer_CN) != j)) {
+          /* there was a terminating zero before the end of string, this
+             cannot match and we return failure! */
+          failf(data, "SSL: illegal cert name field");
+          res = CURLE_SSL_PEER_CERTIFICATE;
+        }
       }
-      else /* not a UTF8 name */
-        j = ASN1_STRING_to_UTF8(&peer_CN, tmp);
     }
 
     if (peer_CN == nulstr)
@@ -1118,7 +1129,10 @@ static CURLcode verifyhost(struct connectdata *conn,
     }
 #endif /* CURL_DOES_CONVERSIONS */
 
-    if (!peer_CN) {
+    if(res)
+      /* error already detected, pass through */
+      ;
+    else if(!peer_CN) {
       failf(data,
             "SSL: unable to obtain common name from peer certificate");
       return CURLE_PEER_FAILED_VERIFICATION;
diff --git a/lib/url.c b/lib/url.c
index 15438af..75c8db4 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -726,6 +726,13 @@ CURLcode Curl_open(struct SessionHandle **curl)
     data->set.new_file_perms = 0644;    /* Default permissions */
     data->set.new_directory_perms = 0755; /* Default permissions */
 
+    /* for the *protocols fields we don't use the CURLPROTO_ALL convenience
+       define since we internally only use the lower 16 bits for the passed
+       in bitmask to not conflict with the private bits */
+    data->set.allowed_protocols = PROT_EXTMASK;
+    data->set.redir_protocols =
+      PROT_EXTMASK & ~(CURLPROTO_FILE|CURLPROTO_SCP); /* not FILE or SCP */
+
     /* most recent connection is not yet defined */
     data->state.lastconnect = -1;
 
@@ -2038,6 +2045,22 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
     data->set.new_directory_perms = va_arg(param, long);
     break;
 
+  case CURLOPT_PROTOCOLS:
+    /* set the bitmask for the protocols that are allowed to be used for the
+       transfer, which thus helps the app which takes URLs from users or other
+       external inputs and want to restrict what protocol(s) to deal
+       with. Defaults to CURLPROTO_ALL. */
+    data->set.allowed_protocols = va_arg(param, long) & PROT_EXTMASK;
+    break;
+
+  case CURLOPT_REDIR_PROTOCOLS:
+    /* set the bitmask for the protocols that libcurl is allowed to follow to,
+       as a subset of the CURLOPT_PROTOCOLS ones. That means the protocol needs
+       to be set in both bitmasks to be allowed to get redirected to. Defaults
+       to CURLPROTO_ALL & ~CURLPROTO_FILE. */
+    data->set.redir_protocols = va_arg(param, long) & PROT_EXTMASK;
+    break;
+
   default:
     /* unknown tag and its companion, just ignore: */
     result = CURLE_FAILED_INIT; /* correct this */
@@ -3632,6 +3655,15 @@ static CURLcode CreateConnection(struct SessionHandle *data,
     if (result != CURLE_OK)
       return result;
   }
+  /* Protocol found. Check if allowed */
+  if(!(data->set.allowed_protocols & conn->protocol) ||
+    /* it is allowed for "normal" request, now do an extra check if this is
+       the result of a redirect */
+      (data->state.this_is_a_follow &&
+      !(data->set.redir_protocols & conn->protocol))) {
+    failf(data, "Unsupported protocol: %s", conn->protostr);
+    return CURLE_UNSUPPORTED_PROTOCOL;
+  }
 
 
   /***********************************************************************
diff --git a/lib/urldata.h b/lib/urldata.h
index a5157d3..e31a0f8 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -892,19 +892,26 @@ struct connectdata {
   long connectindex; /* what index in the connection cache connects index this
                         particular struct has */
   long protocol; /* PROT_* flags concerning the protocol set */
-#define PROT_MISSING (1<<0)
-#define PROT_HTTP    (1<<2)
-#define PROT_HTTPS   (1<<3)
-#define PROT_FTP     (1<<4)
-#define PROT_TELNET  (1<<5)
-#define PROT_DICT    (1<<6)
-#define PROT_LDAP    (1<<7)
-#define PROT_FILE    (1<<8)
-#define PROT_FTPS    (1<<9)
-#define PROT_SSL     (1<<10) /* protocol requires SSL */
-#define PROT_TFTP    (1<<11)
-#define PROT_SCP     (1<<12)
-#define PROT_SFTP    (1<<13)
+#define PROT_HTTP    CURLPROTO_HTTP
+#define PROT_HTTPS   CURLPROTO_HTTPS
+#define PROT_FTP     CURLPROTO_FTP
+#define PROT_TELNET  CURLPROTO_TELNET
+#define PROT_DICT    CURLPROTO_DICT
+#define PROT_LDAP    CURLPROTO_LDAP
+#define PROT_FILE    CURLPROTO_FILE
+#define PROT_FTPS    CURLPROTO_FTPS
+#define PROT_TFTP    CURLPROTO_TFTP
+#define PROT_SCP     CURLPROTO_SCP
+#define PROT_SFTP    CURLPROTO_SFTP
+
+/* CURLPROTO_TFTP (1<<11) is currently the highest used bit in the public
+   bitmask. We make sure we use "private bits" above the first 16 to make
+   things easier. */
+
+#define PROT_EXTMASK 0xfff
+
+#define PROT_SSL     (1<<22) /* protocol requires SSL */
+#define PROT_MISSING (1<<23)
 
 #define PROT_CLOSEACTION PROT_FTP /* these ones need action before socket
                                      close */
@@ -1459,6 +1466,8 @@ struct UserDefined {
                             content-encoded (chunked, compressed) */
   long new_file_perms;    /* Permissions to use when creating remote files */
   long new_directory_perms; /* Permissions to use when creating remote dirs */
+  long allowed_protocols;
+  long redir_protocols;
 
   char *str[STRING_LAST]; /* array of strings, pointing to allocated memory */
 };
 
projeto & código: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
mantenedor atual: Michael Shigorin
mantenedor da tradução: Fernando Martini aka fmartini © 2009