[unbound/f17] * Thu Sep 06 2012 Paul Wouters <pwouters at redhat.com> - 1.4.18-2 - Fix openssl thread locking bug und
Paul Wouters
pwouters at fedoraproject.org
Thu Sep 6 15:45:45 UTC 2012
commit 91b25d14e9592753c3885b0bf1da596d20885f9e
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Sep 6 11:44:35 2012 -0400
* Thu Sep 06 2012 Paul Wouters <pwouters at redhat.com> - 1.4.18-2
- Fix openssl thread locking bug under high query load
unbound-1.4.18-openssl_threads.patch | 104 ++++++++++++++++++++++++++++++++++
unbound.spec | 7 ++-
2 files changed, 110 insertions(+), 1 deletions(-)
---
diff --git a/unbound-1.4.18-openssl_threads.patch b/unbound-1.4.18-openssl_threads.patch
new file mode 100644
index 0000000..45b05ea
--- /dev/null
+++ b/unbound-1.4.18-openssl_threads.patch
@@ -0,0 +1,104 @@
+Index: daemon/daemon.c
+===================================================================
+--- daemon/daemon.c (revision 2732)
++++ daemon/daemon.c (revision 2733)
+@@ -209,6 +209,10 @@
+ comp_meth = (void*)SSL_COMP_get_compression_methods();
+ # endif
+ (void)SSL_library_init();
++# if defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED)
++ if(!ub_openssl_lock_init())
++ fatal_exit("could not init openssl locks");
++# endif
+ #elif defined(HAVE_NSS)
+ if(NSS_NoDB_Init(NULL) != SECSuccess)
+ fatal_exit("could not init NSS");
+@@ -568,6 +572,9 @@
+ ERR_remove_state(0);
+ ERR_free_strings();
+ RAND_cleanup();
++# if defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED)
++ ub_openssl_lock_delete();
++# endif
+ #elif defined(HAVE_NSS)
+ NSS_Shutdown();
+ #endif /* HAVE_SSL or HAVE_NSS */
+Index: util/net_help.c
+===================================================================
+--- util/net_help.c (revision 2732)
++++ util/net_help.c (revision 2733)
+@@ -725,3 +725,54 @@
+ return NULL;
+ #endif
+ }
++
++/** global lock list for openssl locks */
++static lock_basic_t *ub_openssl_locks = NULL;
++
++/** callback that gets thread id for openssl */
++static unsigned long
++ub_crypto_id_cb(void)
++{
++ return (unsigned long)ub_thread_self();
++}
++
++static void
++ub_crypto_lock_cb(int mode, int type, const char *ATTR_UNUSED(file),
++ int ATTR_UNUSED(line))
++{
++ if((mode&CRYPTO_LOCK)) {
++ lock_basic_lock(&ub_openssl_locks[type]);
++ } else {
++ lock_basic_unlock(&ub_openssl_locks[type]);
++ }
++}
++
++int ub_openssl_lock_init(void)
++{
++#ifdef OPENSSL_THREADS
++ size_t i;
++ ub_openssl_locks = (lock_basic_t*)malloc(
++ sizeof(lock_basic_t)*CRYPTO_num_locks());
++ if(!ub_openssl_locks)
++ return 0;
++ for(i=0; i<CRYPTO_num_locks(); i++) {
++ lock_basic_init(&ub_openssl_locks[i]);
++ }
++ CRYPTO_set_id_callback(&ub_crypto_id_cb);
++ CRYPTO_set_locking_callback(&ub_crypto_lock_cb);
++#endif /* OPENSSL_THREADS */
++ return 1;
++}
++
++void ub_openssl_lock_delete(void)
++{
++#ifdef OPENSSL_THREADS
++ size_t i;
++ if(!ub_openssl_locks)
++ return;
++ for(i=0; i<CRYPTO_num_locks(); i++) {
++ lock_basic_destroy(&ub_openssl_locks[i]);
++ }
++#endif /* OPENSSL_THREADS */
++}
++
+Index: util/net_help.h
+===================================================================
+--- util/net_help.h (revision 2732)
++++ util/net_help.h (revision 2733)
+@@ -369,4 +369,15 @@
+ */
+ void* outgoing_ssl_fd(void* sslctx, int fd);
+
++/**
++ * Initialize openssl locking for thread safety
++ * @return false on failure (alloc failure).
++ */
++int ub_openssl_lock_init(void);
++
++/**
++ * De-init the allocated openssl locks
++ */
++void ub_openssl_lock_delete(void);
++
+ #endif /* NET_HELP_H */
diff --git a/unbound.spec b/unbound.spec
index c2894e1..8f1cc04 100644
--- a/unbound.spec
+++ b/unbound.spec
@@ -14,7 +14,7 @@
Summary: Validating, recursive, and caching DNS(SEC) resolver
Name: unbound
Version: 1.4.18
-Release: 1%{?dist}
+Release: 2%{?dist}
License: BSD
Url: http://www.nlnetlabs.nl/unbound/
Source: http://www.unbound.net/downloads/%{name}-%{version}.tar.gz
@@ -27,6 +27,7 @@ Source6: dlv.isc.org.key
Source7: unbound-keygen.service
Source8: tmpfiles-unbound.conf
Patch1: unbound-1.2-glob.patch
+Patch2: unbound-1.4.18-openssl_threads.patch
Group: System Environment/Daemons
BuildRequires: flex, openssl-devel , ldns-devel >= 1.5.0,
BuildRequires: libevent-devel expat-devel
@@ -101,6 +102,7 @@ Python modules and extensions for unbound
%prep
%setup -q
%patch1 -p1
+%patch2 -p0
%build
%configure --with-ldns= --with-libevent --with-pthreads --with-ssl \
@@ -244,6 +246,9 @@ fi
/bin/systemctl try-restart unbound-keygen.service >/dev/null 2>&1 || :
%changelog
+* Thu Sep 06 2012 Paul Wouters <pwouters at redhat.com> - 1.4.18-2
+- Fix openssl thread locking bug under high query load
+
* Thu Aug 23 2012 Paul Wouters <pwouters at redhat.com> - 1.4.18-1
- Updated to 1.4.18
- Removed merged in patches
More information about the scm-commits
mailing list