[cups/f12/master] Perform locking for gnutls and avoid libgcrypt's broken locking (bug #607159).

Tim Waugh twaugh at fedoraproject.org
Fri Sep 17 13:53:17 UTC 2010 

commit 91b2885d0a0da6e95bc6c1a45b0cc0b4ede56143
Author: Tim Waugh <twaugh at redhat.com>
Date:   Fri Sep 17 14:41:37 2010 +0100

    Perform locking for gnutls and avoid libgcrypt's broken locking (bug #607159).

 cups-serialize-gnutls.patch |  109 +++++++++++++++++++++++++++++++++++++++++++
 cups.spec                   |   10 ++++-
 2 files changed, 118 insertions(+), 1 deletions(-)
---
diff --git a/cups-serialize-gnutls.patch b/cups-serialize-gnutls.patch
new file mode 100644
index 0000000..cdd82cb
--- /dev/null
+++ b/cups-serialize-gnutls.patch
@@ -0,0 +1,109 @@
+diff -up cups-1.4.4/cups/http.c.serialize-gnutls cups-1.4.4/cups/http.c
+--- cups-1.4.4/cups/http.c.serialize-gnutls	2010-09-17 13:37:01.858871762 +0100
++++ cups-1.4.4/cups/http.c	2010-09-17 13:55:22.579871934 +0100
+@@ -149,7 +149,7 @@ static int		http_write_ssl(http_t *http,
+ 
+ #  ifdef HAVE_GNUTLS
+ #    ifdef HAVE_PTHREAD_H
+-GCRY_THREAD_OPTION_PTHREAD_IMPL;
++static pthread_mutex_t gnutls_lock;
+ #    endif /* HAVE_PTHREAD_H */
+ 
+ #  elif defined(HAVE_LIBSSL) && defined(HAVE_PTHREAD_H)
+@@ -1231,7 +1231,7 @@ httpInitialize(void)
+   */
+ 
+ #  ifdef HAVE_PTHREAD_H
+-  gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
++  pthread_mutex_init(&gnutls_lock, NULL);
+ #  endif /* HAVE_PTHREAD_H */
+ 
+  /*
+@@ -2228,6 +2228,7 @@ _httpWait(http_t *http,			/* I - Connect
+     if (SSL_pending((SSL *)(http->tls)))
+       return (1);
+ #  elif defined(HAVE_GNUTLS)
++    /* lock already held here... */
+     if (gnutls_record_check_pending(((http_tls_t *)(http->tls))->session))
+       return (1);
+ #  elif defined(HAVE_CDSASSL)
+@@ -2294,6 +2295,8 @@ int					/* O - 1 if data is available, 0
+ httpWait(http_t *http,			/* I - Connection to server */
+          int    msec)			/* I - Milliseconds to wait */
+ {
++  int ret;
++
+  /*
+   * First see if there is data in the buffer...
+   */
+@@ -2318,7 +2321,17 @@ httpWait(http_t *http,			/* I - Connecti
+   * If not, check the SSL/TLS buffers and do a select() on the connection...
+   */
+ 
+-  return (_httpWait(http, msec, 1));
++#if defined(HAVE_SSL) && defined(HAVE_GNUTLS) && defined(HAVE_PTHREAD_H)
++  pthread_mutex_lock(&gnutls_lock);
++#endif
++
++  ret = _httpWait(http, msec, 1);
++
++#if defined(HAVE_SSL) && defined(HAVE_GNUTLS) && defined(HAVE_PTHREAD_H)
++  pthread_mutex_unlock(&gnutls_lock);
++#endif
++
++  return (ret);
+ }
+ 
+ 
+@@ -2769,7 +2782,9 @@ http_read_ssl(http_t *http,		/* I - Conn
+   ssize_t	result;			/* Return value */
+ 
+ 
++  pthread_mutex_lock(&gnutls_lock);
+   result = gnutls_record_recv(((http_tls_t *)(http->tls))->session, buf, len);
++  pthread_mutex_unlock(&gnutls_lock);
+ 
+   if (result < 0 && !errno)
+   {
+@@ -3085,6 +3100,7 @@ http_setup_ssl(http_t *http)		/* I - Con
+     return (-1);
+   }
+ 
++  pthread_mutex_lock(&gnutls_lock);
+   gnutls_certificate_allocate_credentials(credentials);
+ 
+   gnutls_init(&(conn->session), GNUTLS_CLIENT);
+@@ -3104,9 +3120,11 @@ http_setup_ssl(http_t *http)		/* I - Con
+     free(credentials);
+     free(conn);
+ 
++    pthread_mutex_unlock(&gnutls_lock);
+     return (-1);
+   }
+ 
++  pthread_mutex_unlock(&gnutls_lock);
+   conn->credentials = credentials;
+ 
+ #  elif defined(HAVE_CDSASSL)
+@@ -3196,9 +3214,11 @@ http_shutdown_ssl(http_t *http)		/* I - 
+   conn = (http_tls_t *)(http->tls);
+   credentials = (gnutls_certificate_client_credentials *)(conn->credentials);
+ 
++  pthread_mutex_lock(&gnutls_lock);
+   gnutls_bye(conn->session, GNUTLS_SHUT_RDWR);
+   gnutls_deinit(conn->session);
+   gnutls_certificate_free_credentials(*credentials);
++  pthread_mutex_unlock(&gnutls_lock);
+   free(credentials);
+   free(conn);
+ 
+@@ -3445,7 +3465,9 @@ http_write_ssl(http_t     *http,	/* I - 
+ #  elif defined(HAVE_GNUTLS)
+   ssize_t	result;			/* Return value */
+ 
++  pthread_mutex_lock(&gnutls_lock);
+   result = gnutls_record_send(((http_tls_t *)(http->tls))->session, buf, len);
++  pthread_mutex_unlock(&gnutls_lock);
+ 
+   if (result < 0 && !errno)
+   {
diff --git a/cups.spec b/cups.spec
index 0c0a258..4d4c917 100644
--- a/cups.spec
+++ b/cups.spec
@@ -8,7 +8,7 @@
 Summary: Common Unix Printing System
 Name: cups
 Version: 1.4.4
-Release: 8%{?dist}
+Release: 9%{?dist}
 License: GPLv2
 Group: System Environment/Daemons
 Source: http://ftp.easysw.com/pub/cups/%{version}/cups-%{version}-source.tar.bz2
@@ -60,6 +60,7 @@ Patch23: cups-cups-get-classes.patch
 Patch24: cups-avahi.patch
 Patch25: cups-str3382.patch
 Patch26: cups-force-gnutls.patch
+Patch27: cups-serialize-gnutls.patch
 Patch29: cups-0755.patch
 Patch30: cups-EAI_AGAIN.patch
 Patch31: cups-hostnamelookups.patch
@@ -256,6 +257,9 @@ module.
 %patch25 -p1 -b .str3382
 # Force the use of gnutls despite thread-safety concerns (bug #607159).
 %patch26 -p1 -b .force-gnutls
+# Perform locking for gnutls and avoid libgcrypt's broken
+# locking (bug #607159).
+%patch27 -p1 -b .serialize-gnutls
 # Use mode 0755 for binaries and libraries where appropriate.
 %patch29 -p1 -b .0755
 # Re-initialise the resolver on failure in httpAddrLookup().
@@ -581,6 +585,10 @@ rm -rf $RPM_BUILD_ROOT
 %{php_extdir}/phpcups.so
 
 %changelog
+* Fri Sep 17 2010 Tim Waugh <twaugh at redhat.com> 1:1.4.4-9
+- Perform locking for gnutls and avoid libgcrypt's broken
+  locking (bug #607159).
+
 * Wed Sep 15 2010 Tim Waugh <twaugh at redhat.com> 1:1.4.4-8
 - Build with --enable-threads again (bug #607159).
 - Force the use of gnutls despite thread-safety concerns (bug #607159).

More information about the scm-commits mailing list