Merge branch 'f12' into f13

This commit is contained in:
Tim Waugh 2010-09-17 14:44:14 +01:00
commit bdfb23b51f
3 changed files with 213 additions and 2 deletions

89
cups-force-gnutls.patch Normal file
View File

@ -0,0 +1,89 @@
diff -up cups-1.4.4/config-scripts/cups-ssl.m4.force-gnutls cups-1.4.4/config-scripts/cups-ssl.m4
--- cups-1.4.4/config-scripts/cups-ssl.m4.force-gnutls 2010-09-15 16:49:22.343502552 +0100
+++ cups-1.4.4/config-scripts/cups-ssl.m4 2010-09-15 16:49:42.347502595 +0100
@@ -65,23 +65,21 @@ if test x$enable_ssl != xno; then
if $PKGCONFIG --exists gnutls; then
if test "x$have_pthread" = xyes; then
AC_MSG_WARN([The current version of GNU TLS cannot be made thread-safe.])
- else
- have_ssl=1
- SSLLIBS=`$PKGCONFIG --libs gnutls`
- SSLFLAGS=`$PKGCONFIG --cflags gnutls`
- AC_DEFINE(HAVE_SSL)
- AC_DEFINE(HAVE_GNUTLS)
fi
+ have_ssl=1
+ SSLLIBS=`$PKGCONFIG --libs gnutls`
+ SSLFLAGS=`$PKGCONFIG --cflags gnutls`
+ AC_DEFINE(HAVE_SSL)
+ AC_DEFINE(HAVE_GNUTLS)
elif test "x$LIBGNUTLSCONFIG" != x; then
if test "x$have_pthread" = xyes; then
AC_MSG_WARN([The current version of GNU TLS cannot be made thread-safe.])
- else
- have_ssl=1
- SSLLIBS=`$LIBGNUTLSCONFIG --libs`
- SSLFLAGS=`$LIBGNUTLSCONFIG --cflags`
- AC_DEFINE(HAVE_SSL)
- AC_DEFINE(HAVE_GNUTLS)
fi
+ have_ssl=1
+ SSLLIBS=`$LIBGNUTLSCONFIG --libs`
+ SSLFLAGS=`$LIBGNUTLSCONFIG --cflags`
+ AC_DEFINE(HAVE_SSL)
+ AC_DEFINE(HAVE_GNUTLS)
fi
if test $have_ssl = 1; then
diff -up cups-1.4.4/configure.force-gnutls cups-1.4.4/configure
--- cups-1.4.4/configure.force-gnutls 2010-06-17 19:25:47.000000000 +0100
+++ cups-1.4.4/configure 2010-09-15 16:50:01.689503165 +0100
@@ -17542,36 +17542,34 @@ fi
if test "x$have_pthread" = xyes; then
{ echo "$as_me:$LINENO: WARNING: The current version of GNU TLS cannot be made thread-safe." >&5
echo "$as_me: WARNING: The current version of GNU TLS cannot be made thread-safe." >&2;}
- else
- have_ssl=1
- SSLLIBS=`$PKGCONFIG --libs gnutls`
- SSLFLAGS=`$PKGCONFIG --cflags gnutls`
- cat >>confdefs.h <<\_ACEOF
+ fi
+ have_ssl=1
+ SSLLIBS=`$PKGCONFIG --libs gnutls`
+ SSLFLAGS=`$PKGCONFIG --cflags gnutls`
+ cat >>confdefs.h <<\_ACEOF
#define HAVE_SSL 1
_ACEOF
- cat >>confdefs.h <<\_ACEOF
+ cat >>confdefs.h <<\_ACEOF
#define HAVE_GNUTLS 1
_ACEOF
- fi
elif test "x$LIBGNUTLSCONFIG" != x; then
if test "x$have_pthread" = xyes; then
{ echo "$as_me:$LINENO: WARNING: The current version of GNU TLS cannot be made thread-safe." >&5
echo "$as_me: WARNING: The current version of GNU TLS cannot be made thread-safe." >&2;}
- else
- have_ssl=1
- SSLLIBS=`$LIBGNUTLSCONFIG --libs`
- SSLFLAGS=`$LIBGNUTLSCONFIG --cflags`
- cat >>confdefs.h <<\_ACEOF
+ fi
+ have_ssl=1
+ SSLLIBS=`$LIBGNUTLSCONFIG --libs`
+ SSLFLAGS=`$LIBGNUTLSCONFIG --cflags`
+ cat >>confdefs.h <<\_ACEOF
#define HAVE_SSL 1
_ACEOF
- cat >>confdefs.h <<\_ACEOF
+ cat >>confdefs.h <<\_ACEOF
#define HAVE_GNUTLS 1
_ACEOF
- fi
fi
if test $have_ssl = 1; then

109
cups-serialize-gnutls.patch Normal file
View File

@ -0,0 +1,109 @@
diff -up cups-1.4.4/cups/http.c.serialize-gnutls cups-1.4.4/cups/http.c
--- cups-1.4.4/cups/http.c.serialize-gnutls 2010-09-17 13:37:01.858871762 +0100
+++ cups-1.4.4/cups/http.c 2010-09-17 13:55:22.579871934 +0100
@@ -149,7 +149,7 @@ static int http_write_ssl(http_t *http,
# ifdef HAVE_GNUTLS
# ifdef HAVE_PTHREAD_H
-GCRY_THREAD_OPTION_PTHREAD_IMPL;
+static pthread_mutex_t gnutls_lock;
# endif /* HAVE_PTHREAD_H */
# elif defined(HAVE_LIBSSL) && defined(HAVE_PTHREAD_H)
@@ -1231,7 +1231,7 @@ httpInitialize(void)
*/
# ifdef HAVE_PTHREAD_H
- gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
+ pthread_mutex_init(&gnutls_lock, NULL);
# endif /* HAVE_PTHREAD_H */
/*
@@ -2228,6 +2228,7 @@ _httpWait(http_t *http, /* I - Connect
if (SSL_pending((SSL *)(http->tls)))
return (1);
# elif defined(HAVE_GNUTLS)
+ /* lock already held here... */
if (gnutls_record_check_pending(((http_tls_t *)(http->tls))->session))
return (1);
# elif defined(HAVE_CDSASSL)
@@ -2294,6 +2295,8 @@ int /* O - 1 if data is available, 0
httpWait(http_t *http, /* I - Connection to server */
int msec) /* I - Milliseconds to wait */
{
+ int ret;
+
/*
* First see if there is data in the buffer...
*/
@@ -2318,7 +2321,17 @@ httpWait(http_t *http, /* I - Connecti
* If not, check the SSL/TLS buffers and do a select() on the connection...
*/
- return (_httpWait(http, msec, 1));
+#if defined(HAVE_SSL) && defined(HAVE_GNUTLS) && defined(HAVE_PTHREAD_H)
+ pthread_mutex_lock(&gnutls_lock);
+#endif
+
+ ret = _httpWait(http, msec, 1);
+
+#if defined(HAVE_SSL) && defined(HAVE_GNUTLS) && defined(HAVE_PTHREAD_H)
+ pthread_mutex_unlock(&gnutls_lock);
+#endif
+
+ return (ret);
}
@@ -2769,7 +2782,9 @@ http_read_ssl(http_t *http, /* I - Conn
ssize_t result; /* Return value */
+ pthread_mutex_lock(&gnutls_lock);
result = gnutls_record_recv(((http_tls_t *)(http->tls))->session, buf, len);
+ pthread_mutex_unlock(&gnutls_lock);
if (result < 0 && !errno)
{
@@ -3085,6 +3100,7 @@ http_setup_ssl(http_t *http) /* I - Con
return (-1);
}
+ pthread_mutex_lock(&gnutls_lock);
gnutls_certificate_allocate_credentials(credentials);
gnutls_init(&(conn->session), GNUTLS_CLIENT);
@@ -3104,9 +3120,11 @@ http_setup_ssl(http_t *http) /* I - Con
free(credentials);
free(conn);
+ pthread_mutex_unlock(&gnutls_lock);
return (-1);
}
+ pthread_mutex_unlock(&gnutls_lock);
conn->credentials = credentials;
# elif defined(HAVE_CDSASSL)
@@ -3196,9 +3214,11 @@ http_shutdown_ssl(http_t *http) /* I -
conn = (http_tls_t *)(http->tls);
credentials = (gnutls_certificate_client_credentials *)(conn->credentials);
+ pthread_mutex_lock(&gnutls_lock);
gnutls_bye(conn->session, GNUTLS_SHUT_RDWR);
gnutls_deinit(conn->session);
gnutls_certificate_free_credentials(*credentials);
+ pthread_mutex_unlock(&gnutls_lock);
free(credentials);
free(conn);
@@ -3445,7 +3465,9 @@ http_write_ssl(http_t *http, /* I -
# elif defined(HAVE_GNUTLS)
ssize_t result; /* Return value */
+ pthread_mutex_lock(&gnutls_lock);
result = gnutls_record_send(((http_tls_t *)(http->tls))->session, buf, len);
+ pthread_mutex_unlock(&gnutls_lock);
if (result < 0 && !errno)
{

View File

@ -8,7 +8,7 @@
Summary: Common Unix Printing System Summary: Common Unix Printing System
Name: cups Name: cups
Version: 1.4.4 Version: 1.4.4
Release: 9%{?dist} Release: 10%{?dist}
License: GPLv2 License: GPLv2
Group: System Environment/Daemons Group: System Environment/Daemons
Source: http://ftp.easysw.com/pub/cups/%{version}/cups-%{version}-source.tar.bz2 Source: http://ftp.easysw.com/pub/cups/%{version}/cups-%{version}-source.tar.bz2
@ -56,6 +56,8 @@ Patch22: cups-uri-compat.patch
Patch23: cups-cups-get-classes.patch Patch23: cups-cups-get-classes.patch
Patch24: cups-avahi.patch Patch24: cups-avahi.patch
Patch25: cups-str3382.patch Patch25: cups-str3382.patch
Patch26: cups-force-gnutls.patch
Patch27: cups-serialize-gnutls.patch
Patch29: cups-0755.patch Patch29: cups-0755.patch
Patch30: cups-EAI_AGAIN.patch Patch30: cups-EAI_AGAIN.patch
Patch31: cups-hostnamelookups.patch Patch31: cups-hostnamelookups.patch
@ -250,6 +252,11 @@ module.
%patch24 -p1 -b .avahi %patch24 -p1 -b .avahi
# Fix temporary filename creation. # Fix temporary filename creation.
%patch25 -p1 -b .str3382 %patch25 -p1 -b .str3382
# Force the use of gnutls despite thread-safety concerns (bug #607159).
%patch26 -p1 -b .force-gnutls
# Perform locking for gnutls and avoid libgcrypt's broken
# locking (bug #607159).
%patch27 -p1 -b .serialize-gnutls
# Use mode 0755 for binaries and libraries where appropriate. # Use mode 0755 for binaries and libraries where appropriate.
%patch29 -p1 -b .0755 %patch29 -p1 -b .0755
# Re-initialise the resolver on failure in httpAddrLookup(). # Re-initialise the resolver on failure in httpAddrLookup().
@ -306,7 +313,7 @@ export CFLAGS="$RPM_OPT_FLAGS -fstack-protector-all -DLDAP_DEPRECATED=1"
--with-pdftops=pdftops \ --with-pdftops=pdftops \
--with-dbusdir=%{_sysconfdir}/dbus-1 \ --with-dbusdir=%{_sysconfdir}/dbus-1 \
--with-php=/usr/bin/php-cgi --enable-avahi \ --with-php=/usr/bin/php-cgi --enable-avahi \
--disable-threads --enable-gnutls \ --enable-threads --enable-gnutls \
localedir=%{_datadir}/locale localedir=%{_datadir}/locale
# If we got this far, all prerequisite libraries must be here. # If we got this far, all prerequisite libraries must be here.
@ -571,6 +578,12 @@ rm -rf $RPM_BUILD_ROOT
%{php_extdir}/phpcups.so %{php_extdir}/phpcups.so
%changelog %changelog
* Fri Sep 17 2010 Tim Waugh <twaugh@redhat.com> 1:1.4.4-10
- Perform locking for gnutls and avoid libgcrypt's broken
locking (bug #607159).
- Build with --enable-threads again (bug #607159).
- Force the use of gnutls despite thread-safety concerns (bug #607159).
* Wed Sep 15 2010 Tim Waugh <twaugh@redhat.com> * Wed Sep 15 2010 Tim Waugh <twaugh@redhat.com>
- Fixed serverbin-compat patch to avoid misleading "filter not - Fixed serverbin-compat patch to avoid misleading "filter not
available" messages (bug #633779). available" messages (bug #633779).