diff -u xmlrpc-c-1.16.33/debian/changelog xmlrpc-c-1.16.33/debian/changelog --- xmlrpc-c-1.16.33/debian/changelog +++ xmlrpc-c-1.16.33/debian/changelog @@ -1,3 +1,20 @@ +xmlrpc-c (1.16.33-3.2ubuntu1) raring; urgency=low + + * Merge from Debian testing (LP: #1076812). Remaining changes: + - Add libxmlrpc-core-c3-udeb for use during installation (LP: #831496). + - Add Breaks/Replaces to cover binary package reorganisation (LP: #878180). + - Fix dh_makeshlibs calls for libxmlrpc-core-c3-0 -> libxmlrpc-core-c3 + rename. + - Add backport-gssapi-delegation.patch, and bump the build-depends on + libcurl4-openssl-dev and libcurl3-openssl-dev to >= 7.22.0 + - Fix dependencies of xmlrpc-api-utils + * Changes merged by Debian: + - Run the tests as part of the build process + - SECURITY UPDATE: Denial of service via hash collisions + - SECURITY UPDATE: Denial of service via memory leak + + -- Tyler Hicks Thu, 08 Nov 2012 16:29:20 -0800 + xmlrpc-c (1.16.33-3.2) unstable; urgency=medium * Non-maintainer upload. @@ -6,6 +23,62 @@ -- Moritz Muehlenhoff Wed, 03 Oct 2012 12:09:04 +0200 +xmlrpc-c (1.16.33-3.1ubuntu6) quantal; urgency=low + + * Run the tests as part of the build process + - debian/patches/FTBFS-tests.patch: Fix issues when running make check. + Based on upstream patches. + - debian/rules: Run make check after building + * Fix dependencies of xmlrpc-api-utils + - debian/control: xml-rcp-api2cpp needs libxmlrpc_cpp.so.4, so depend on + libxmlrpc-c++4 + * SECURITY UPDATE: Denial of service via hash collisions (LP: #1048835) + - debian/patches/CVE-2012-0876.patch: Add random salt value to + hash inputs. Based on upstream patch. + - CVE-2012-0876 + * SECURITY UPDATE: Denial of service via memory leak (LP: #1048835) + - debian/patches/CVE-2012-1148.patch: Properly reallocate memory. + Based on upstream patch. + - CVE-2012-1148 + + -- Tyler Hicks Mon, 10 Sep 2012 14:57:29 -0700 + +xmlrpc-c (1.16.33-3.1ubuntu5) precise; urgency=low + + * Bump the build-dep on libcurl3-openssl-dev as well, otherwise the + old libcurl4-openssl-dev gets installed. + + -- Timo Aaltonen Fri, 25 Nov 2011 18:32:04 +0200 + +xmlrpc-c (1.16.33-3.1ubuntu4) precise; urgency=low + + * Add backport-gssapi-delegation.patch, and bump the build-depends on + libcurl4-openssl-dev to >= 7.22.0. + + -- Timo Aaltonen Fri, 25 Nov 2011 17:59:23 +0200 + +xmlrpc-c (1.16.33-3.1ubuntu3) precise; urgency=low + + * Fix dh_makeshlibs calls for libxmlrpc-core-c3-0 -> libxmlrpc-core-c3 + rename. + + -- Colin Watson Sat, 12 Nov 2011 00:51:00 +0000 + +xmlrpc-c (1.16.33-3.1ubuntu2) precise; urgency=low + + * Rename libxmlrpc-core-c3-0-udeb to libxmlrpc-core-c3-udeb to match the deb + variant from Debian (LP: #878716). + * Add Breaks/Replaces to cover binary package reorganisation (LP: #878180). + + -- Robie Basak Thu, 20 Oct 2011 15:46:59 +0100 + +xmlrpc-c (1.16.33-3.1ubuntu1) precise; urgency=low + + * Merge from Debian testing. Remaining changes: + - Add libxmlrpc-core-c3-0-udeb for use during installation (LP: #831496). + + -- Dave Walker (Daviey) Wed, 19 Oct 2011 10:55:41 +0100 + xmlrpc-c (1.16.33-3.1) unstable; urgency=low * Non-maintainer upload with OK from Maintainer. @@ -53,6 +126,34 @@ -- Sean Finney Sat, 19 Feb 2011 18:03:30 +0000 +xmlrpc-c (1.16.32-0ubuntu4) oneiric; urgency=low + + * Add libxmlrpc-core-c3-0-udeb for use during installation (LP: #831496). + + -- Colin Watson Thu, 15 Sep 2011 18:34:36 +0100 + +xmlrpc-c (1.16.32-0ubuntu3) natty; urgency=low + + * Move c_util.h to libxmlrpc-core-c3-dev + + -- Jonathan Riddell Tue, 11 Jan 2011 00:18:21 +0000 + +xmlrpc-c (1.16.32-0ubuntu2) natty; urgency=low + + * Don't use the symbols files, renamed the library packages anyway. + + -- Matthias Klose Thu, 06 Jan 2011 20:57:20 +0100 + +xmlrpc-c (1.16.32-0ubuntu1) natty; urgency=low + + * New upstream version (stable release). LP: #659591. + - No unresolved symbols in the shared libraries. LP: #690779. + - Builds with --no-add-needed and --as-needed. + * Rename shared library packages. + * Add symbols files. + + -- Matthias Klose Thu, 06 Jan 2011 18:56:02 +0100 + xmlrpc-c (1.16.07-1) unstable; urgency=low * New upstream release. @@ -75,6 +176,69 @@ -- Moritz Muehlenhoff Wed, 28 Jul 2010 22:18:54 -0400 +xmlrpc-c (1.06.27-1ubuntu7) lucid; urgency=low + + * SECURITY UPDATE: fix DoS via malformed XML + - debian/patches/CVE-2009-3720.patch: update expat/xmltok/xmltok_impl.c + to not access beyond end of input string + - CVE-2009-3720 + * SECURITY UPDATE: fix DoS via malformed UTF-8 sequences + - debian/patches/CVE-2009-3560.patch: update expat/xmlparse/xmlparse.c to + properly recognize the end of a token + - CVE-2009-3560 + + -- Jamie Strandboge Tue, 26 Jan 2010 13:14:57 -0600 + +xmlrpc-c (1.06.27-1ubuntu6) karmic; urgency=low + + * Move xmlrpc-c/server.h to libxmlrpc-core-c3-dev where it belongs, + without which xmlrpc.h doesn't compile. + + -- Steve Langasek Fri, 11 Sep 2009 21:43:09 +0000 + +xmlrpc-c (1.06.27-1ubuntu5) karmic; urgency=low + + * debian/libxmlrpc-core-c3-dev.install + debian/libxmlrpc-c3-dev.install : + Remove installation of /usr/bin/xmlrpc-c-config and /usr/include, + already in libxmlrpc-core-c3-dev.install (LP: #376133) + * debian/libxmlrpc-c3.install : + Don't install .a and .so files for libxmlrpc_client++ + + -- Julien Lavergne Thu, 14 May 2009 22:30:04 +0200 + +xmlrpc-c (1.06.27-1ubuntu4) karmic; urgency=low + + * Remove libxmlrpc-c3-dev Provides libxmlrpc-c-dev, it also conflicts with libxmlrpc-c-dev and + this confuses the install of libxmlrpc-core-c3-dev + + -- Jonathan Riddell Tue, 12 May 2009 14:26:29 +0000 + +xmlrpc-c (1.06.27-1ubuntu3) karmic; urgency=low + + * Rename patch lpia-gnulp to other-gnu-triplets and add support for + linux-gnueabi as well as it was also failing to build on armel. + + -- Loic Minier Mon, 11 May 2009 14:18:57 +0200 + +xmlrpc-c (1.06.27-1ubuntu2) karmic; urgency=low + + * Set CFLAGS_PERSONAL to CFLAGS and export this new var; also covers cpp + files; note that -O2 was ignored until now, and upstream sets -O3, but -O2 + is probably good enough for us. + * Pass $(addprefix -X,$(muckfiles)) to dh_clean -k calls; LP: #374813. + * New patch, lpia-gnulp, fixes FTBFS on lpia by supporting its + i686-linux-gnulp triplet identically to i686-linux-gnu. + + -- Loic Minier Mon, 11 May 2009 12:33:27 +0200 + +xmlrpc-c (1.06.27-1ubuntu1) karmic; urgency=low + + * Split out libraries used by cmake into libxmlrpc-core-c3-dev and + libxmlrpc-core-c3 to put only those parts into main, LP: #369918 + + -- Jonathan Riddell Fri, 01 May 2009 20:20:33 +0000 + xmlrpc-c (1.06.27-1) unstable; urgency=low * New upstream release @@ -247,3 +410,0 @@ -Local variables: -mode: debian-changelog -End: diff -u xmlrpc-c-1.16.33/debian/rules xmlrpc-c-1.16.33/debian/rules --- xmlrpc-c-1.16.33/debian/rules +++ xmlrpc-c-1.16.33/debian/rules @@ -123,7 +123,8 @@ dh_fixperms # dh_perl # dh_python - dh_makeshlibs + dh_makeshlibs -Nlibxmlrpc-core-c3 + dh_makeshlibs -plibxmlrpc-core-c3 --add-udeb=libxmlrpc-core-c3-udeb dh_shlibdeps dh_installdeb dh_gencontrol diff -u xmlrpc-c-1.16.33/debian/control xmlrpc-c-1.16.33/debian/control --- xmlrpc-c-1.16.33/debian/control +++ xmlrpc-c-1.16.33/debian/control @@ -1,8 +1,9 @@ Source: xmlrpc-c Priority: optional Section: libs -Maintainer: Sean Finney -Build-Depends: autotools-dev, debhelper (>= 5), libcurl4-openssl-dev | libcurl3-openssl-dev, quilt +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Sean Finney +Build-Depends: autotools-dev, debhelper (>= 5), libcurl4-openssl-dev (>= 7.22.0) | libcurl3-openssl-dev (>= 7.22.0), quilt Homepage: http://xmlrpc-c.sourceforge.net Standards-Version: 3.9.1 @@ -11,8 +12,8 @@ Architecture: any Depends: libxmlrpc-c++4 (= ${binary:Version}), libxmlrpc-core-c3-dev (= ${binary:Version}), libc6-dev, ${misc:Depends} Provides: libxmlrpc-c++-dev -Conflicts: libxmlrpc-c3-dev (<= 1.16.07-1) -Replaces: libxmlrpc-c3-dev +Breaks: libxmlrpc-c3-dev (<< 1.16.33-3.1ubuntu2), libxmlrpc-core-c3-dev (<< 1.16.33-3.1ubuntu2) +Replaces: libxmlrpc-c3-dev, libxmlrpc-core-c3-dev (<< 1.16.33-3.1ubuntu2) Suggests: xmlrpc-api-utils Description: lightweight RPC library based on XML and HTTP [C++ development libraries] XML-RPC is a quick-and-easy way to make procedure calls over the Internet. @@ -28,6 +29,8 @@ Section: libs Architecture: any Depends: libxmlrpc-core-c3 (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} +Breaks: libxmlrpc-c3-0 +Replaces: libxmlrpc-c3-0 Description: lightweight RPC library based on XML and HTTP [C++ runtime libraries] XML-RPC is a quick-and-easy way to make procedure calls over the Internet. It converts the procedure call into an XML document, sends it to a remote @@ -52,8 +55,8 @@ Architecture: any Depends: libxmlrpc-core-c3 (= ${binary:Version}), libc6-dev, ${misc:Depends} Provides: libxmlrpc-c-dev, libxmlrpc-c3-dev -Conflicts: libxmlrpc-c3-dev (<= 1.16.07-1) -Replaces: libxmlrpc-c3-dev +Breaks: libxmlrpc-c3-dev (<< 1.16.33-3.1ubuntu2) +Replaces: libxmlrpc-c3-dev (<< 1.16.33-3.1ubuntu2) Suggests: xmlrpc-api-utils Description: lightweight RPC library based on XML and HTTP [C development libraries] XML-RPC is a quick-and-easy way to make procedure calls over the Internet. @@ -69,8 +72,9 @@ Section: libs Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} +Breaks: libxmlrpc-core-c3-0, libxmlrpc-c3-0 Conflicts: libxmlrpc-c3 (<= 1.16.07-1) -Replaces: libxmlrpc-c3 +Replaces: libxmlrpc-c3, libxmlrpc-core-c3-0, libxmlrpc-c3-0 Description: lightweight RPC library based on XML and HTTP [C runtime libraries] XML-RPC is a quick-and-easy way to make procedure calls over the Internet. It converts the procedure call into an XML document, sends it to a remote @@ -78,14 +82,30 @@ . This library provides a modular implementation of XML-RPC for C. +Package: libxmlrpc-core-c3-udeb +Section: debian-installer +XC-Package-Type: udeb +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: A lightweight RPC library based on XML and HTTP (core libraries) + XML-RPC is a quick-and-easy way to make procedure calls over the Internet. + It converts the procedure call into an XML document, sends it to a remote + server using HTTP, and gets back the response as XML. + . + This library provides a modular implementation of XML-RPC for C and C++. + . + This package contains the minimal runtime libraries for the Debian Installer + (udeb). + Package: xmlrpc-api-utils Conflicts: xml-rpc-api2cpp, xml-rpc-api2txt Provides: xml-rpc-api2cpp, xml-rpc-api2txt Replaces: xml-rpc-api2cpp, xml-rpc-api2txt Architecture: any Section: devel -Depends: libxmlrpc-core-c3 (= ${binary:Version}), libc6-dev, - libfrontier-rpc-perl, ${misc:Depends} +Depends: libxmlrpc-core-c3 (= ${binary:Version}), + libxmlrpc-c++4 (= ${binary:Version}), libc6-dev, libfrontier-rpc-perl, + ${misc:Depends} Description: Generate C++ wrapper classes for XML-RPC servers XML-RPC is a quick-and-easy way to make procedure calls over the Internet. It converts the procedure call into an XML document, sends it to a remote diff -u xmlrpc-c-1.16.33/debian/patches/series xmlrpc-c-1.16.33/debian/patches/series --- xmlrpc-c-1.16.33/debian/patches/series +++ xmlrpc-c-1.16.33/debian/patches/series @@ -6,0 +7 @@ +backport-gssapi-delegation.patch only in patch2: unchanged: --- xmlrpc-c-1.16.33.orig/debian/libxmlrpc-core-c3-udeb.install +++ xmlrpc-c-1.16.33/debian/libxmlrpc-core-c3-udeb.install @@ -0,0 +1,5 @@ +debian/tmp/usr/lib/libxmlrpc.so.* +debian/tmp/usr/lib/libxmlrpc_client.so.* +debian/tmp/usr/lib/libxmlrpc_util.so.* +debian/tmp/usr/lib/libxmlrpc_xmlparse.so.* +debian/tmp/usr/lib/libxmlrpc_xmltok.so.* only in patch2: unchanged: --- xmlrpc-c-1.16.33.orig/debian/patches/backport-gssapi-delegation.patch +++ xmlrpc-c-1.16.33/debian/patches/backport-gssapi-delegation.patch @@ -0,0 +1,389 @@ +From d0d5d27d65315e8b6bc4e18a4d36b1ff92875bae Mon Sep 17 00:00:00 2001 +From: "Vojtech Vitek (V-Teq)" +Date: Wed, 10 Aug 2011 17:51:01 +0200 +Subject: [PATCH] Backport: Add gssapi_delegation Curl transport option + +--- + include/xmlrpc-c/client.h | 65 +++++++++++++++++ + include/xmlrpc-c/client_transport.hpp | 7 ++ + lib/curl_transport/curltransaction.c | 109 +++++++++++++++++++++++++++- + lib/curl_transport/curltransaction.h | 12 +++ + lib/curl_transport/curlversion.h | 6 ++ + lib/curl_transport/xmlrpc_curl_transport.c | 14 ++++ + src/cpp/curl.cpp | 30 ++++++++- + 7 files changed, 241 insertions(+), 2 deletions(-) + +diff --git a/include/xmlrpc-c/client.h b/include/xmlrpc-c/client.h +index c2e2e61..d157682 100644 +--- a/include/xmlrpc-c/client.h ++++ b/include/xmlrpc-c/client.h +@@ -50,6 +50,11 @@ enum xmlrpc_sslversion { + XMLRPC_SSLVERSION_SSLv3 + }; + ++enum xmlrpc_httpproxytype { ++ XMLRPC_HTTPPROXY_HTTP = 0, ++ XMLRPC_HTTPPROXY_SOCKS5 = 5 ++}; ++ + struct xmlrpc_curl_xportparms { + /* This is designed so that zero values are always the defaults. */ + const char * network_interface; +@@ -71,6 +76,66 @@ struct xmlrpc_curl_xportparms { + const char * egdsocket; + const char * ssl_cipher_list; + unsigned int timeout; ++ ++ /*! ++ * Not backported. ++ * ++ * DON'T ADVERTISE option is available from Xmlrpc-c 1.21.00 and thus ++ * *IS NOT AVAILABLE* in the current version of the library. ++ * The parameter below is listed because of forward compatibility ++ * with future libxmlrpc_client versions and thus must be set to ++ * FALSE/zero value, or an error will occur. ++ */ ++ xmlrpc_bool dont_advertise; ++ ++ /*! ++ * Not backported. ++ * ++ * HTTP PROXY Control is available from Xmlrpc-c 1.23.00 and thus ++ * *IS NOT AVAILABLE* in the current version of the library. ++ * The parameters below are listed because of forward compatibility ++ * with future libxmlrpc_client versions and thus must be all set ++ * to zero values, or an error will occur. ++ */ ++ const char * proxy; ++ unsigned int proxy_port; ++ enum xmlrpc_httpproxytype proxy_type; ++ unsigned int proxy_auth; ++ const char * proxy_userpwd; ++ ++ /*! ++ * Backported. ++ * ++ * GSSAPI DELEGATION is available from Xmlrpc-c 1.27.04 (August 2011) ++ * and the functionality is backported to the current version of the library. ++ * ++ * About Curl and GSSAPI credential delegation: ++ * ++ * Up through Curl 7.21.6, libcurl always delegates GSSAPI credentials, which ++ * means it gives the client's secrets to the server so the server can operate ++ * on the client's behalf. In mid-2011, this was noticed to be a major ++ * security exposure, because the server is not necessarily trustworthy. ++ * One is supposed to delegate one's credentials only to a server one trusts. ++ * So in 7.21.7, Curl never delegates GSSAPI credentials. ++ * ++ * But that causes problems for clients that _do_ trust their server, which ++ * had always relied upon Curl's delegation. ++ * ++ * So starting in 7.21.8, Curl gives the user the choice. The default is no ++ * delegation, but the Curl user can set the CURLOPT_GSSAPI_DELEGATION flag to ++ * order delegation. ++ * ++ * Complicating matters is that some people made local variations of Curl ++ * during the transition phase, so the version number alone isn't ++ * determinative, so we rely on it only where we have to. ++ * ++ * So Xmlrpc-c gives the same choice to its own user, via its ++ * 'gssapi_delegation' Curl transport option. ++ * ++ * Current Xmlrpc-c can be linked with, and compiled with, any version of ++ * Curl, so it has to carefully consider all the possibilities. ++ */ ++ xmlrpc_bool gssapi_delegation; + }; + + +diff --git a/include/xmlrpc-c/client_transport.hpp b/include/xmlrpc-c/client_transport.hpp +index 8d6053d..2b06c21 100644 +--- a/include/xmlrpc-c/client_transport.hpp ++++ b/include/xmlrpc-c/client_transport.hpp +@@ -318,6 +318,11 @@ public: + }; + + clientXmlTransport_curl(constrOpt const& opt); ++ ++ /* GSSAPI delegation option is not member of constrOpt ++ * because of ABI backward compatibility. */ ++ clientXmlTransport_curl(constrOpt const& opt, ++ bool const gssapiDelegation); + + clientXmlTransport_curl(std::string const networkInterface = "", + bool const noSslVerifyPeer = false, +@@ -329,6 +334,8 @@ public: + private: + void + initialize(constrOpt const& opt); ++ void ++ initialize(constrOpt const& opt, bool const gssapiDelegation); + }; + + /*=========================================================================== +diff --git a/lib/curl_transport/curltransaction.c b/lib/curl_transport/curltransaction.c +index abf243f..a74eb43 100644 +--- a/lib/curl_transport/curltransaction.c ++++ b/lib/curl_transport/curltransaction.c +@@ -351,6 +351,99 @@ assertConstantsMatch(void) { + + + ++/* About Curl and GSSAPI credential delegation: ++ ++ Up through Curl 7.21.6, libcurl always delegates GSSAPI credentials, which ++ means it gives the client's secrets to the server so the server can operate ++ on the client's behalf. In mid-2011, this was noticed to be a major ++ security exposure, because the server is not necessarily trustworthy. ++ One is supposed to delegate one's credentials only to a server one trusts. ++ So in 7.21.7, Curl never delegates GSSAPI credentials. ++ ++ But that causes problems for clients that _do_ trust their server, which ++ had always relied upon Curl's delegation. ++ ++ So starting in 7.21.8, Curl gives the user the choice. The default is no ++ delegation, but the Curl user can set the CURLOPT_GSSAPI_DELEGATION flag to ++ order delegation. ++ ++ Complicating matters is that some people made local variations of Curl ++ during the transition phase, so the version number alone isn't ++ determinative, so we rely on it only where we have to. ++ ++ So Xmlrpc-c gives the same choice to its own user, via its ++ 'gssapi_delegation' Curl transport option. ++ ++ Current Xmlrpc-c can be linked with, and compiled with, any version of ++ Curl, so it has to carefully consider all the possibilities. ++*/ ++ ++ ++ ++static bool ++curlAlwaysDelegatesGssapi(void) { ++/*---------------------------------------------------------------------------- ++ The Curl library we're using always delegates GSSAPI credentials ++ (we don't have a choice). ++ ++ This works with Curl as distributed by the Curl project, but there are ++ other versions of Curl for which it doesn't -- those versions report ++ older version numbers but in fact don't always delegate. Some never ++ delegate, and some give the user the option. ++-----------------------------------------------------------------------------*/ ++ curl_version_info_data * const curlInfoP = ++ curl_version_info(CURLVERSION_NOW); ++ ++ return (curlInfoP->version_num <= 0x071506); /* 7.21.6 */ ++} ++ ++ ++ ++static void ++requestGssapiDelegation(CURL * const curlSessionP ATTR_UNUSED, ++ bool * const gotItP) { ++/*---------------------------------------------------------------------------- ++ Set up the Curl session *curlSessionP to delegate its GSSAPI credentials to ++ the server. ++ ++ Return *gotitP is true iff we succeed. We fail when the version of libcurl ++ for which we are compiled or to which we are linked is not capable of such ++ delegation. ++-----------------------------------------------------------------------------*/ ++#if HAVE_CURL_GSSAPI_DELEGATION ++ int rc; ++ ++ rc = curl_easy_setopt(curlSessionP, CURLOPT_GSSAPI_DELEGATION, ++ CURLGSSAPI_DELEGATION_FLAG); ++ ++ if (rc == CURLE_OK) ++ *gotItP = true; ++ else { ++ /* The only way curl_easy_setopt() could have failed is that we ++ are running with an old libcurl from before ++ CURLOPT_GSSAPI_DELEGATION was invented. ++ */ ++ if (curlAlwaysDelegatesGssapi()) { ++ /* No need to request delegation; we got it anyway */ ++ *gotItP = true; ++ } else ++ *gotItP = false; ++ } ++#else ++ if (curlAlwaysDelegatesGssapi()) ++ *gotItP = true; ++ else { ++ /* The library may be able to do credential delegation on request, but ++ we have no way to request it; the Curl for which we are compiled is ++ too old. ++ */ ++ *gotItP = false; ++ } ++#endif ++} ++ ++ ++ + static void + setupCurlSession(xmlrpc_env * const envP, + curlTransaction * const curlTransactionP, +@@ -457,10 +550,24 @@ setupCurlSession(xmlrpc_env * const envP, + curl_easy_setopt(curlSessionP, CURLOPT_SSL_CIPHER_LIST, + curlSetupP->sslCipherList); + ++ /* Not backported */ ++ assert(curlSetupP->proxy == NULL); ++ + if (curlSetupP->timeout) + setCurlTimeout(curlSessionP, curlSetupP->timeout); + +- { ++ if (curlSetupP->gssapiDelegation) { ++ bool gotIt; ++ requestGssapiDelegation(curlSessionP, &gotIt); ++ ++ if (!gotIt) ++ xmlrpc_faultf(envP, "Cannot honor 'gssapi_delegation' " ++ "Curl transport option. " ++ "This version of libcurl is not " ++ "capable of delegating GSSAPI credentials"); ++ } ++ ++ if (!envP->fault_occurred) { + const char * authHdrValue; + /* NULL means we don't have to construct an explicit + Authorization: header. non-null means we have to +diff --git a/lib/curl_transport/curltransaction.h b/lib/curl_transport/curltransaction.h +index c1ab5ce..c41d4e9 100644 +--- a/lib/curl_transport/curltransaction.h ++++ b/lib/curl_transport/curltransaction.h +@@ -70,6 +70,18 @@ struct curlSetup { + const char * randomFile; + const char * egdSocket; + const char * sslCipherList; ++ ++ const char * proxy; ++ unsigned int proxyPort; ++ unsigned int proxyAuth; ++ /* e.g. CURLAUTH_BASIC, CURLAUTH_NTLM, ... */ ++ const char * proxyUserPwd; ++ unsigned int proxyType; ++ /* see enum curl_proxytype: CURLPROXY_HTTP, CURLPROXY_SOCKS4, ... */ ++ ++ bool gssapiDelegation; ++ /* allow GSSAPI credential delegation */ ++ + unsigned int timeout; + /* 0 = no Curl timeout. This is in milliseconds. */ + }; +diff --git a/lib/curl_transport/curlversion.h b/lib/curl_transport/curlversion.h +index 71c5a68..4ad445a 100644 +--- a/lib/curl_transport/curlversion.h ++++ b/lib/curl_transport/curlversion.h +@@ -14,6 +14,12 @@ + #define HAVE_CURL_STRERROR 0 + #endif + ++#ifdef CURLGSSAPI_DELEGATION_FLAG ++#define HAVE_CURL_GSSAPI_DELEGATION 1 ++#else ++#define HAVE_CURL_GSSAPI_DELEGATION 0 ++#endif ++ + #undef CMAJOR + #undef CMINOR + +diff --git a/lib/curl_transport/xmlrpc_curl_transport.c b/lib/curl_transport/xmlrpc_curl_transport.c +index 526381d..85e105b 100644 +--- a/lib/curl_transport/xmlrpc_curl_transport.c ++++ b/lib/curl_transport/xmlrpc_curl_transport.c +@@ -765,6 +765,20 @@ getXportParms(xmlrpc_env * const envP, + else + curlSetupP->sslCipherList = strdup(curlXportParmsP->ssl_cipher_list); + ++ /* Not backported */ ++ curlSetupP->proxy = NULL; ++ curlSetupP->proxyPort = 0; ++ curlSetupP->proxyAuth = 0; ++ curlSetupP->proxyUserPwd = NULL; ++ curlSetupP->proxyType = 0; ++ ++ /* Backported */ ++ if (!curlXportParmsP || parmSize < XMLRPC_CXPSIZE(gssapi_delegation)) ++ curlSetupP->gssapiDelegation = false; ++ else ++ curlSetupP->gssapiDelegation = !!curlXportParmsP->gssapi_delegation; ++ ++ + getTimeoutParm(envP, curlXportParmsP, parmSize, &curlSetupP->timeout); + } + +diff --git a/src/cpp/curl.cpp b/src/cpp/curl.cpp +index 6181929..8e105f2 100644 +--- a/src/cpp/curl.cpp ++++ b/src/cpp/curl.cpp +@@ -186,6 +186,11 @@ DEFINE_OPTION_SETTER(timeout, unsigned int); + + void + clientXmlTransport_curl::initialize(constrOpt const& opt) { ++ clientXmlTransport_curl::initialize(opt, false); ++} ++ ++void ++clientXmlTransport_curl::initialize(constrOpt const& opt, bool const gssapiDelegation) { + struct xmlrpc_curl_xportparms transportParms; + + transportParms.network_interface = opt.present.network_interface ? +@@ -227,13 +232,24 @@ clientXmlTransport_curl::initialize(constrOpt const& opt) { + transportParms.timeout = opt.present.timeout ? + opt.value.timeout : 0; + ++ /* Not backported */ ++ transportParms.dont_advertise = false; ++ transportParms.proxy = NULL; ++ transportParms.proxy_port = 0; ++ transportParms.proxy_auth = 0; ++ transportParms.proxy_userpwd = NULL; ++ transportParms.proxy_type = XMLRPC_HTTPPROXY_HTTP; ++ ++ /* Backported */ ++ transportParms.gssapi_delegation = gssapiDelegation; ++ + this->c_transportOpsP = &xmlrpc_curl_transport_ops; + + env_wrap env; + + xmlrpc_curl_transport_ops.create( + &env.env_c, 0, "", "", +- &transportParms, XMLRPC_CXPSIZE(timeout), ++ &transportParms, XMLRPC_CXPSIZE(gssapi_delegation), + &this->c_transportP); + + if (env.env_c.fault_occurred) +@@ -249,6 +265,14 @@ clientXmlTransport_curl::initialize(constrOpt const& opt) { + "library")); + } + ++void ++clientXmlTransport_curl::initialize(constrOpt const& opt, bool const gssapiDelegation) { ++ ++ throw(error("There is no Curl client XML transport in this XML-RPC client " ++ "library")); ++} ++ ++ + #endif + + clientXmlTransport_curl::clientXmlTransport_curl(constrOpt const& opt) { +@@ -256,6 +280,10 @@ clientXmlTransport_curl::clientXmlTransport_curl(constrOpt const& opt) { + this->initialize(opt); + } + ++clientXmlTransport_curl::clientXmlTransport_curl(constrOpt const& opt, bool const gssapiDelegation) { ++ ++ this->initialize(opt, gssapiDelegation); ++} + + + clientXmlTransport_curl::clientXmlTransport_curl( +-- +1.7.6 +