r2227 - trunk/cups

dj at linuxfromscratch.org dj at linuxfromscratch.org
Sun Sep 12 23:41:34 PDT 2010


Author: dj
Date: 2010-09-13 00:41:28 -0600 (Mon, 13 Sep 2010)
New Revision: 2227

Added:
   trunk/cups/cups-1.4.4-fix_broken_locking-1.patch
Log:
Added cups-1.4.4-fix_broken_locking-1.patch

Added: trunk/cups/cups-1.4.4-fix_broken_locking-1.patch
===================================================================
--- trunk/cups/cups-1.4.4-fix_broken_locking-1.patch	                        (rev 0)
+++ trunk/cups/cups-1.4.4-fix_broken_locking-1.patch	2010-09-13 06:41:28 UTC (rev 2227)
@@ -0,0 +1,256 @@
+Submitted By: DJ Lucas <robert AT linuxfromscratch DOT org>
+Date: 2010-09-13
+Initial Package Version: 1.4.4
+Upstream Status: Unknown
+Origin: https://bugzilla.redhat.com/show_bug.cgi?id=553834
+Description: Bug fix for invalid locking with GCrypt.
+
+diff -Naurp cups-1.4.4-orig/cups/http.c cups-1.4.4/cups/http.c
+--- cups-1.4.4-orig/cups/http.c	2010-06-16 00:27:41.000000000 -0500
++++ cups-1.4.4/cups/http.c	2010-09-13 01:27:03.000000000 -0500
+@@ -83,12 +83,10 @@
+  *   http_debug_hex()     - Do a hex dump of a buffer.
+  *   http_field()         - Return the field index for a field name.
+  *   http_read_ssl()      - Read from a SSL/TLS connection.
+- *   http_locking_cb()    - Lock/unlock a thread's mutex.
+  *   http_send()          - Send a request with all fields and the trailing
+  *                          blank line.
+  *   http_setup_ssl()     - Set up SSL/TLS support on a connection.
+  *   http_shutdown_ssl()  - Shut down SSL/TLS on a connection.
+- *   http_threadid_cb()   - Return the current thread ID.
+  *   http_upgrade()       - Force upgrade to TLS encryption.
+  *   http_write()         - Write a buffer to a HTTP connection.
+  *   http_write_chunk()   - Write a chunked buffer.
+@@ -146,19 +144,6 @@ static int		http_setup_ssl(http_t *http)
+ static void		http_shutdown_ssl(http_t *http);
+ static int		http_upgrade(http_t *http);
+ static int		http_write_ssl(http_t *http, const char *buf, int len);
+-
+-#  ifdef HAVE_GNUTLS
+-#    ifdef HAVE_PTHREAD_H
+-GCRY_THREAD_OPTION_PTHREAD_IMPL;
+-#    endif /* HAVE_PTHREAD_H */
+-
+-#  elif defined(HAVE_LIBSSL) && defined(HAVE_PTHREAD_H)
+-static pthread_mutex_t	*http_locks;	/* OpenSSL lock mutexes */
+-
+-static void		http_locking_cb(int mode, int type, const char *file,
+-					int line);
+-static unsigned long	http_threadid_cb(void);
+-#  endif /* HAVE_GNUTLS */
+ #endif /* HAVE_SSL */
+ 
+ 
+@@ -1188,22 +1173,21 @@ httpHead(http_t     *http,		/* I - Conne
+ void
+ httpInitialize(void)
+ {
+-  static int	initialized = 0;	/* Have we been called before? */
+-#ifdef WIN32
+-  WSADATA	winsockdata;		/* WinSock data */
+-#endif /* WIN32 */
+ #ifdef HAVE_LIBSSL
+-  int		i;			/* Looping var */
+-  unsigned char	data[1024];		/* Seed data */
++#  ifndef WIN32
++  struct timeval        curtime;        /* Current time in microseconds */
++#  endif /* !WIN32 */
++  int                   i;              /* Looping var */
++  unsigned char         data[1024];     /* Seed data */
+ #endif /* HAVE_LIBSSL */
+ 
+-
+-  if (initialized)
+-    return;
+-
+ #ifdef WIN32
+-  WSAStartup(MAKEWORD(2,2), &winsockdata);
++  WSADATA       winsockdata;            /* WinSock data */
++
+ 
++  static int    initialized = 0;        /* Has WinSock been initialized? */
++  if (!initialized)
++    WSAStartup(MAKEWORD(1,1), &winsockdata);
+ #elif !defined(SO_NOSIGPIPE)
+  /*
+   * Ignore SIGPIPE signals...
+@@ -1226,21 +1210,15 @@ httpInitialize(void)
+ #endif /* WIN32 */
+ 
+ #ifdef HAVE_GNUTLS
+- /*
+-  * Make sure we handle threading properly...
+-  */
+-
+-#  ifdef HAVE_PTHREAD_H
+-  gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
+-#  endif /* HAVE_PTHREAD_H */
+ 
+  /*
+   * Initialize GNU TLS...
+   */
+ 
+   gnutls_global_init();
++#endif /* HAVE_GNUTLS */
+ 
+-#elif defined(HAVE_LIBSSL)
++#ifdef HAVE_LIBSSL
+  /*
+   * Initialize OpenSSL...
+   */
+@@ -1249,33 +1227,21 @@ httpInitialize(void)
+   SSL_library_init();
+ 
+  /*
+-  * Set the threading callbacks...
+-  */
+-
+-#  ifdef HAVE_PTHREAD_H
+-  http_locks = calloc(CRYPTO_num_locks(), sizeof(pthread_mutex_t));
+-
+-  for (i = 0; i < CRYPTO_num_locks(); i ++)
+-    pthread_mutex_init(http_locks + i, NULL);
+-
+-  CRYPTO_set_id_callback(http_threadid_cb);
+-  CRYPTO_set_locking_callback(http_locking_cb);
+-#  endif /* HAVE_PTHREAD_H */
+-
+- /*
+   * Using the current time is a dubious random seed, but on some systems
+   * it is the best we can do (on others, this seed isn't even used...)
+   */
+ 
+-  CUPS_SRAND(time(NULL));
++#  ifdef WIN32
++#  else
++  gettimeofday(&curtime, NULL);
++  srand(curtime.tv_sec + curtime.tv_usec);
++#  endif /* WIN32 */
+ 
+   for (i = 0; i < sizeof(data); i ++)
+-    data[i] = CUPS_RAND();
++    data[i] = rand();
+ 
+   RAND_seed(data, sizeof(data));
+-#endif /* HAVE_GNUTLS */
+-
+-  initialized = 1;
++#endif /* HAVE_LIBSSL */
+ }
+ 
+ 
+@@ -2834,25 +2800,6 @@ http_read_ssl(http_t *http,		/* I - Conn
+ #endif /* HAVE_SSL */
+ 
+ 
+-#if defined(HAVE_LIBSSL) && defined(HAVE_PTHREAD_H)
+-/*
+- * 'http_locking_cb()' - Lock/unlock a thread's mutex.
+- */
+-
+-static void
+-http_locking_cb(int        mode,	/* I - Lock mode */
+-		int        type,	/* I - Lock type */
+-		const char *file,	/* I - Source file */
+-		int        line)	/* I - Line number */
+-{
+-  if (mode & CRYPTO_LOCK)
+-    pthread_mutex_lock(http_locks + type);
+-  else
+-    pthread_mutex_unlock(http_locks + type);
+-}
+-#endif /* HAVE_LIBSSL && HAVE_PTHREAD_H */
+-
+-
+ /*
+  * 'http_send()' - Send a request with all fields and the trailing blank line.
+  */
+@@ -3224,19 +3171,6 @@ http_shutdown_ssl(http_t *http)		/* I - 
+ #endif /* HAVE_SSL */
+ 
+ 
+-#if defined(HAVE_LIBSSL) && defined(HAVE_PTHREAD_H)
+-/*
+- * 'http_threadid_cb()' - Return the current thread ID.
+- */
+-
+-static unsigned long			/* O - Thread ID */
+-http_threadid_cb(void)
+-{
+-  return ((unsigned long)pthread_self());
+-}
+-#endif /* HAVE_LIBSSL && HAVE_PTHREAD_H */
+-
+-
+ #ifdef HAVE_SSL
+ /*
+  * 'http_upgrade()' - Force upgrade to TLS encryption.
+diff -Naurp cups-1.4.4-orig/cups/http-private.h cups-1.4.4/cups/http-private.h
+--- cups-1.4.4-orig/cups/http-private.h	2010-04-11 23:03:53.000000000 -0500
++++ cups-1.4.4/cups/http-private.h	2010-09-13 01:27:24.000000000 -0500
+@@ -98,7 +98,6 @@ extern BIO_METHOD *_httpBIOMethods(void)
+  * The GNU TLS library is more of a "bare metal" SSL/TLS library...
+  */
+ #    include <gnutls/gnutls.h>
+-#    include <gcrypt.h>
+ 
+ typedef struct
+ {
+diff -Naurp cups-1.4.4-orig/scheduler/main.c cups-1.4.4/scheduler/main.c
+--- cups-1.4.4-orig/scheduler/main.c	2010-04-23 13:56:34.000000000 -0500
++++ cups-1.4.4/scheduler/main.c	2010-09-13 01:27:36.000000000 -0500
+@@ -549,8 +549,6 @@ main(int  argc,				/* I - Number of comm
+   * Startup the server...
+   */
+ 
+-  httpInitialize();
+-
+   cupsdStartServer();
+ 
+  /*
+diff -Naurp cups-1.4.4-orig/scheduler/server.c cups-1.4.4/scheduler/server.c
+--- cups-1.4.4-orig/scheduler/server.c	2010-04-11 23:03:53.000000000 -0500
++++ cups-1.4.4/scheduler/server.c	2010-09-13 01:27:49.000000000 -0500
+@@ -44,6 +44,42 @@ static int	started = 0;
+ void
+ cupsdStartServer(void)
+ {
++#ifdef HAVE_LIBSSL
++  int                   i;              /* Looping var */
++  struct timeval        curtime;        /* Current time in microseconds */
++  unsigned char         data[1024];     /* Seed data */
++#endif /* HAVE_LIBSSL */
++
++
++#ifdef HAVE_LIBSSL
++ /*
++  * Initialize the encryption libraries...
++  */
++
++  SSL_library_init();
++  SSL_load_error_strings();
++
++ /*
++  * Using the current time is a dubious random seed, but on some systems
++  * it is the best we can do (on others, this seed isn't even used...)
++  */
++
++  gettimeofday(&curtime, NULL);
++  srand(curtime.tv_sec + curtime.tv_usec);
++
++  for (i = 0; i < sizeof(data); i ++)
++    data[i] = rand(); /* Yes, this is a poor source of random data... */
++
++  RAND_seed(&data, sizeof(data));
++#elif defined(HAVE_GNUTLS)
++ /*
++  * Initialize the encryption libraries...
++  */
++
++  gnutls_global_init();
++#endif /* HAVE_LIBSSL */
++
++
+  /*
+   * Create the default security profile...
+   */




More information about the patches mailing list