[cups/f12/master] Perform locking for gnutls and avoid libgcrypt's broken locking (bug #607159).
Tim Waugh
twaugh at fedoraproject.org
Fri Sep 17 13:53:17 UTC 2010
commit 91b2885d0a0da6e95bc6c1a45b0cc0b4ede56143
Author: Tim Waugh <twaugh at redhat.com>
Date: Fri Sep 17 14:41:37 2010 +0100
Perform locking for gnutls and avoid libgcrypt's broken locking (bug #607159).
cups-serialize-gnutls.patch | 109 +++++++++++++++++++++++++++++++++++++++++++
cups.spec | 10 ++++-
2 files changed, 118 insertions(+), 1 deletions(-)
---
diff --git a/cups-serialize-gnutls.patch b/cups-serialize-gnutls.patch
new file mode 100644
index 0000000..cdd82cb
--- /dev/null
+++ b/cups-serialize-gnutls.patch
@@ -0,0 +1,109 @@
+diff -up cups-1.4.4/cups/http.c.serialize-gnutls cups-1.4.4/cups/http.c
+--- cups-1.4.4/cups/http.c.serialize-gnutls 2010-09-17 13:37:01.858871762 +0100
++++ cups-1.4.4/cups/http.c 2010-09-17 13:55:22.579871934 +0100
+@@ -149,7 +149,7 @@ static int http_write_ssl(http_t *http,
+
+ # ifdef HAVE_GNUTLS
+ # ifdef HAVE_PTHREAD_H
+-GCRY_THREAD_OPTION_PTHREAD_IMPL;
++static pthread_mutex_t gnutls_lock;
+ # endif /* HAVE_PTHREAD_H */
+
+ # elif defined(HAVE_LIBSSL) && defined(HAVE_PTHREAD_H)
+@@ -1231,7 +1231,7 @@ httpInitialize(void)
+ */
+
+ # ifdef HAVE_PTHREAD_H
+- gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
++ pthread_mutex_init(&gnutls_lock, NULL);
+ # endif /* HAVE_PTHREAD_H */
+
+ /*
+@@ -2228,6 +2228,7 @@ _httpWait(http_t *http, /* I - Connect
+ if (SSL_pending((SSL *)(http->tls)))
+ return (1);
+ # elif defined(HAVE_GNUTLS)
++ /* lock already held here... */
+ if (gnutls_record_check_pending(((http_tls_t *)(http->tls))->session))
+ return (1);
+ # elif defined(HAVE_CDSASSL)
+@@ -2294,6 +2295,8 @@ int /* O - 1 if data is available, 0
+ httpWait(http_t *http, /* I - Connection to server */
+ int msec) /* I - Milliseconds to wait */
+ {
++ int ret;
++
+ /*
+ * First see if there is data in the buffer...
+ */
+@@ -2318,7 +2321,17 @@ httpWait(http_t *http, /* I - Connecti
+ * If not, check the SSL/TLS buffers and do a select() on the connection...
+ */
+
+- return (_httpWait(http, msec, 1));
++#if defined(HAVE_SSL) && defined(HAVE_GNUTLS) && defined(HAVE_PTHREAD_H)
++ pthread_mutex_lock(&gnutls_lock);
++#endif
++
++ ret = _httpWait(http, msec, 1);
++
++#if defined(HAVE_SSL) && defined(HAVE_GNUTLS) && defined(HAVE_PTHREAD_H)
++ pthread_mutex_unlock(&gnutls_lock);
++#endif
++
++ return (ret);
+ }
+
+
+@@ -2769,7 +2782,9 @@ http_read_ssl(http_t *http, /* I - Conn
+ ssize_t result; /* Return value */
+
+
++ pthread_mutex_lock(&gnutls_lock);
+ result = gnutls_record_recv(((http_tls_t *)(http->tls))->session, buf, len);
++ pthread_mutex_unlock(&gnutls_lock);
+
+ if (result < 0 && !errno)
+ {
+@@ -3085,6 +3100,7 @@ http_setup_ssl(http_t *http) /* I - Con
+ return (-1);
+ }
+
++ pthread_mutex_lock(&gnutls_lock);
+ gnutls_certificate_allocate_credentials(credentials);
+
+ gnutls_init(&(conn->session), GNUTLS_CLIENT);
+@@ -3104,9 +3120,11 @@ http_setup_ssl(http_t *http) /* I - Con
+ free(credentials);
+ free(conn);
+
++ pthread_mutex_unlock(&gnutls_lock);
+ return (-1);
+ }
+
++ pthread_mutex_unlock(&gnutls_lock);
+ conn->credentials = credentials;
+
+ # elif defined(HAVE_CDSASSL)
+@@ -3196,9 +3214,11 @@ http_shutdown_ssl(http_t *http) /* I -
+ conn = (http_tls_t *)(http->tls);
+ credentials = (gnutls_certificate_client_credentials *)(conn->credentials);
+
++ pthread_mutex_lock(&gnutls_lock);
+ gnutls_bye(conn->session, GNUTLS_SHUT_RDWR);
+ gnutls_deinit(conn->session);
+ gnutls_certificate_free_credentials(*credentials);
++ pthread_mutex_unlock(&gnutls_lock);
+ free(credentials);
+ free(conn);
+
+@@ -3445,7 +3465,9 @@ http_write_ssl(http_t *http, /* I -
+ # elif defined(HAVE_GNUTLS)
+ ssize_t result; /* Return value */
+
++ pthread_mutex_lock(&gnutls_lock);
+ result = gnutls_record_send(((http_tls_t *)(http->tls))->session, buf, len);
++ pthread_mutex_unlock(&gnutls_lock);
+
+ if (result < 0 && !errno)
+ {
diff --git a/cups.spec b/cups.spec
index 0c0a258..4d4c917 100644
--- a/cups.spec
+++ b/cups.spec
@@ -8,7 +8,7 @@
Summary: Common Unix Printing System
Name: cups
Version: 1.4.4
-Release: 8%{?dist}
+Release: 9%{?dist}
License: GPLv2
Group: System Environment/Daemons
Source: http://ftp.easysw.com/pub/cups/%{version}/cups-%{version}-source.tar.bz2
@@ -60,6 +60,7 @@ Patch23: cups-cups-get-classes.patch
Patch24: cups-avahi.patch
Patch25: cups-str3382.patch
Patch26: cups-force-gnutls.patch
+Patch27: cups-serialize-gnutls.patch
Patch29: cups-0755.patch
Patch30: cups-EAI_AGAIN.patch
Patch31: cups-hostnamelookups.patch
@@ -256,6 +257,9 @@ module.
%patch25 -p1 -b .str3382
# Force the use of gnutls despite thread-safety concerns (bug #607159).
%patch26 -p1 -b .force-gnutls
+# Perform locking for gnutls and avoid libgcrypt's broken
+# locking (bug #607159).
+%patch27 -p1 -b .serialize-gnutls
# Use mode 0755 for binaries and libraries where appropriate.
%patch29 -p1 -b .0755
# Re-initialise the resolver on failure in httpAddrLookup().
@@ -581,6 +585,10 @@ rm -rf $RPM_BUILD_ROOT
%{php_extdir}/phpcups.so
%changelog
+* Fri Sep 17 2010 Tim Waugh <twaugh at redhat.com> 1:1.4.4-9
+- Perform locking for gnutls and avoid libgcrypt's broken
+ locking (bug #607159).
+
* Wed Sep 15 2010 Tim Waugh <twaugh at redhat.com> 1:1.4.4-8
- Build with --enable-threads again (bug #607159).
- Force the use of gnutls despite thread-safety concerns (bug #607159).
More information about the scm-commits
mailing list