- Initialize NSS as early as possible (#382091)

This commit is contained in:
Panu Matilainen 2007-11-15 09:09:45 +00:00
parent 266b7c7b0b
commit 271f69d889
2 changed files with 92 additions and 1 deletions

View File

@ -0,0 +1,86 @@
diff -up rpm-4.4.2.2/rpmio/digest.c.nss-init rpm-4.4.2.2/rpmio/digest.c
--- rpm-4.4.2.2/rpmio/digest.c.nss-init 2007-11-15 10:57:04.000000000 +0200
+++ rpm-4.4.2.2/rpmio/digest.c 2007-11-15 10:57:04.000000000 +0200
@@ -78,9 +78,6 @@ rpmDigestInit(pgpHashAlgo hashalgo, rpmD
HASH_HashType type;
DIGEST_CTX ctx = xcalloc(1, sizeof(*ctx));
- if (NSS_NoDB_Init(NULL) != SECSuccess)
- return NULL;
-
ctx->flags = flags;
type = getHashType(hashalgo);
diff -up rpm-4.4.2.2/rpmio/rpmpgp.h.nss-init rpm-4.4.2.2/rpmio/rpmpgp.h
--- rpm-4.4.2.2/rpmio/rpmpgp.h.nss-init 2007-11-15 10:57:04.000000000 +0200
+++ rpm-4.4.2.2/rpmio/rpmpgp.h 2007-11-15 10:57:04.000000000 +0200
@@ -1380,6 +1380,15 @@ unsigned int pgpCRC(const byte *octets,
}
/** \ingroup rpmio
+ * Perform cryptography initialization.
+ * It must be called before any cryptography can be used within rpm.
+ * It's not normally necessary to call it directly as it's called in
+ * general rpm initialization routines.
+ * @return 0 on success, -1 on failure
+ */
+int rpmInitCrypto(void);
+
+/** \ingroup rpmio
* Duplicate a digest context.
* @param octx existing digest context
* @return duplicated digest context
diff -up rpm-4.4.2.2/rpmio/rpmpgp.c.nss-init rpm-4.4.2.2/rpmio/rpmpgp.c
--- rpm-4.4.2.2/rpmio/rpmpgp.c.nss-init 2007-11-15 10:57:04.000000000 +0200
+++ rpm-4.4.2.2/rpmio/rpmpgp.c 2007-11-15 10:58:07.000000000 +0200
@@ -17,6 +17,8 @@ static int _debug = 0;
/*@unchecked@*/
static int _print = 0;
+static int _crypto_initialized = 0;
+
/*@unchecked@*/ /*@null@*/
static pgpDig _dig = NULL;
@@ -1094,7 +1096,6 @@ int pgpPrtPkt(const byte *pkt, unsigned
pgpDig pgpNewDig(void)
{
pgpDig dig = xcalloc(1, sizeof(*dig));
- NSS_NoDB_Init(NULL);
return dig;
}
@@ -1404,5 +1405,18 @@ char * pgpArmorWrap(int atype, const uns
return val;
}
-
/*@=boundsread@*/
+
+int rpmInitCrypto(void) {
+ int rc = 0;
+
+ if (!_crypto_initialized && NSS_NoDB_Init(NULL) != SECSuccess) {
+ rc = -1;
+ } else {
+ _crypto_initialized = 1;
+ }
+
+ return rc;
+}
+
+
diff -up rpm-4.4.2.2/lib/rpmrc.c.nss-init rpm-4.4.2.2/lib/rpmrc.c
--- rpm-4.4.2.2/lib/rpmrc.c.nss-init 2007-09-11 09:28:15.000000000 +0300
+++ rpm-4.4.2.2/lib/rpmrc.c 2007-11-15 10:57:04.000000000 +0200
@@ -1850,6 +1850,10 @@ static int rpmReadRC(/*@null@*/ const ch
int rpmReadConfigFiles(const char * file, const char * target)
{
+ /* Initialize crypto engine as early as possible */
+ if (rpmInitCrypto() < 0) {
+ return -1;
+ }
/* Preset target macros */
/*@-nullstate@*/ /* FIX: target can be NULL */

View File

@ -6,7 +6,7 @@
Summary: The RPM package management system
Name: rpm
Version: 4.4.2.2
Release: 9%{?dist}
Release: 10%{?dist}
Group: System Environment/Base
Url: http://www.rpm.org/
Source: http://rpm.org/releases/rpm-4.4.x/%{name}-%{version}.tar.gz
@ -24,6 +24,7 @@ Patch11: rpm-4.4.2.2-pyproblem.patch
Patch12: rpm-4.4.2.2-problem-nevra.patch
Patch13: rpm-4.4.2.2-nss.patch
Patch14: rpm-4.4.2.2-base64-unsigned-char.patch
Patch15: rpm-4.4.2.2-cryptoinit.patch
# XXX Beware, this is one murky license, partially GPL/LGPL dual-licensed
# and several different components with their own licenses included...
@ -153,6 +154,7 @@ that will manipulate RPM packages and databases.
%patch12 -p1 -b .problem-nevra
%patch13 -p1 -b .nss
%patch14 -p1 -b .base64
%patch15 -p1 -b .nss-init
# force external popt
rm -rf popt/
@ -415,6 +417,9 @@ exit 0
%endif
%changelog
* Thu Nov 15 2007 Panu Matilainen <pmatilai@redhat.com> 4.4.2.2-10
- Initialize NSS as early as possible (#382091)
* Wed Nov 14 2007 Paul Nasrat <pauln@truemesh.com> 4.4.2.2-9
- Fix base64 assumption of signed char, from Tomas Mraz (#380911)