rpms/cups
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Perform locking for gnutls and avoid libgcrypt's broken locking (bug #607159).

Browse Source
This commit is contained in:
Tim Waugh 2010-09-17 14:41:37 +01:00
parent 55737f8823
commit 91b2885d0a
2 changed files with 118 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

109
cups-serialize-gnutls.patch Normal file
View File

@ -0,0 +1,109 @@
diff -up cups-1.4.4/cups/http.c.serialize-gnutls cups-1.4.4/cups/http.c
--- cups-1.4.4/cups/http.c.serialize-gnutls 2010-09-17 13:37:01.858871762 +0100
+++ cups-1.4.4/cups/http.c 2010-09-17 13:55:22.579871934 +0100
@@ -149,7 +149,7 @@ static int http_write_ssl(http_t *http,
# ifdef HAVE_GNUTLS
# ifdef HAVE_PTHREAD_H
-GCRY_THREAD_OPTION_PTHREAD_IMPL;
+static pthread_mutex_t gnutls_lock;
# endif /* HAVE_PTHREAD_H */
# elif defined(HAVE_LIBSSL) && defined(HAVE_PTHREAD_H)
@@ -1231,7 +1231,7 @@ httpInitialize(void)
*/
# ifdef HAVE_PTHREAD_H
- gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
+ pthread_mutex_init(&gnutls_lock, NULL);
# endif /* HAVE_PTHREAD_H */
/*
@@ -2228,6 +2228,7 @@ _httpWait(http_t *http, /* I - Connect
if (SSL_pending((SSL *)(http->tls)))
return (1);
# elif defined(HAVE_GNUTLS)
+ /* lock already held here... */
if (gnutls_record_check_pending(((http_tls_t *)(http->tls))->session))
return (1);
# elif defined(HAVE_CDSASSL)
@@ -2294,6 +2295,8 @@ int /* O - 1 if data is available, 0
httpWait(http_t *http, /* I - Connection to server */
int msec) /* I - Milliseconds to wait */
{
+ int ret;
+
/*
* First see if there is data in the buffer...
*/
@@ -2318,7 +2321,17 @@ httpWait(http_t *http, /* I - Connecti
* If not, check the SSL/TLS buffers and do a select() on the connection...
*/
- return (_httpWait(http, msec, 1));
+#if defined(HAVE_SSL) && defined(HAVE_GNUTLS) && defined(HAVE_PTHREAD_H)
+ pthread_mutex_lock(&gnutls_lock);
+#endif
+
+ ret = _httpWait(http, msec, 1);
+
+#if defined(HAVE_SSL) && defined(HAVE_GNUTLS) && defined(HAVE_PTHREAD_H)
+ pthread_mutex_unlock(&gnutls_lock);
+#endif
+
+ return (ret);
}
@@ -2769,7 +2782,9 @@ http_read_ssl(http_t *http, /* I - Conn
ssize_t result; /* Return value */
+ pthread_mutex_lock(&gnutls_lock);
result = gnutls_record_recv(((http_tls_t *)(http->tls))->session, buf, len);
+ pthread_mutex_unlock(&gnutls_lock);
if (result < 0 && !errno)
{
@@ -3085,6 +3100,7 @@ http_setup_ssl(http_t *http) /* I - Con
return (-1);
}
+ pthread_mutex_lock(&gnutls_lock);
gnutls_certificate_allocate_credentials(credentials);
gnutls_init(&(conn->session), GNUTLS_CLIENT);
@@ -3104,9 +3120,11 @@ http_setup_ssl(http_t *http) /* I - Con
free(credentials);
free(conn);
+ pthread_mutex_unlock(&gnutls_lock);
return (-1);
}
+ pthread_mutex_unlock(&gnutls_lock);
conn->credentials = credentials;
# elif defined(HAVE_CDSASSL)
@@ -3196,9 +3214,11 @@ http_shutdown_ssl(http_t *http) /* I -
conn = (http_tls_t *)(http->tls);
credentials = (gnutls_certificate_client_credentials *)(conn->credentials);
+ pthread_mutex_lock(&gnutls_lock);
gnutls_bye(conn->session, GNUTLS_SHUT_RDWR);
gnutls_deinit(conn->session);
gnutls_certificate_free_credentials(*credentials);
+ pthread_mutex_unlock(&gnutls_lock);
free(credentials);
free(conn);
@@ -3445,7 +3465,9 @@ http_write_ssl(http_t *http, /* I -
# elif defined(HAVE_GNUTLS)
ssize_t result; /* Return value */
+ pthread_mutex_lock(&gnutls_lock);
result = gnutls_record_send(((http_tls_t *)(http->tls))->session, buf, len);
+ pthread_mutex_unlock(&gnutls_lock);
if (result < 0 && !errno)
{

10
cups.spec
View File

@ -8,7 +8,7 @@
Summary: Common Unix Printing System Summary: Common Unix Printing System
Name: cups Name: cups
Version: 1.4.4 Version: 1.4.4
Release: 8%{?dist} Release: 9%{?dist}
License: GPLv2 License: GPLv2
Group: System Environment/Daemons Group: System Environment/Daemons
Source: http://ftp.easysw.com/pub/cups/%{version}/cups-%{version}-source.tar.bz2 Source: http://ftp.easysw.com/pub/cups/%{version}/cups-%{version}-source.tar.bz2
@ -60,6 +60,7 @@ Patch23: cups-cups-get-classes.patch
Patch24: cups-avahi.patch Patch24: cups-avahi.patch
Patch25: cups-str3382.patch Patch25: cups-str3382.patch
Patch26: cups-force-gnutls.patch Patch26: cups-force-gnutls.patch
Patch27: cups-serialize-gnutls.patch
Patch29: cups-0755.patch Patch29: cups-0755.patch
Patch30: cups-EAI_AGAIN.patch Patch30: cups-EAI_AGAIN.patch
Patch31: cups-hostnamelookups.patch Patch31: cups-hostnamelookups.patch
@ -256,6 +257,9 @@ module.
%patch25 -p1 -b .str3382 %patch25 -p1 -b .str3382
# Force the use of gnutls despite thread-safety concerns (bug #607159). # Force the use of gnutls despite thread-safety concerns (bug #607159).
%patch26 -p1 -b .force-gnutls %patch26 -p1 -b .force-gnutls
# Perform locking for gnutls and avoid libgcrypt's broken
# locking (bug #607159).
%patch27 -p1 -b .serialize-gnutls
# Use mode 0755 for binaries and libraries where appropriate. # Use mode 0755 for binaries and libraries where appropriate.
%patch29 -p1 -b .0755 %patch29 -p1 -b .0755
# Re-initialise the resolver on failure in httpAddrLookup(). # Re-initialise the resolver on failure in httpAddrLookup().
@ -581,6 +585,10 @@ rm -rf $RPM_BUILD_ROOT
%{php_extdir}/phpcups.so %{php_extdir}/phpcups.so
%changelog %changelog
* Fri Sep 17 2010 Tim Waugh <twaugh@redhat.com> 1:1.4.4-9
- Perform locking for gnutls and avoid libgcrypt's broken
locking (bug #607159).
* Wed Sep 15 2010 Tim Waugh <twaugh@redhat.com> 1:1.4.4-8 * Wed Sep 15 2010 Tim Waugh <twaugh@redhat.com> 1:1.4.4-8
- Build with --enable-threads again (bug #607159). - Build with --enable-threads again (bug #607159).
- Force the use of gnutls despite thread-safety concerns (bug #607159). - Force the use of gnutls despite thread-safety concerns (bug #607159).