Submitted By: DJ Lucas Date: 2010-09-13 Initial Package Version: 1.4.4 Upstream Status: Unknown Origin: https://bugzilla.redhat.com/show_bug.cgi?id=553834 Description: Bug fix for invalid locking with GCrypt. diff -Naurp cups-1.4.4-orig/cups/http.c cups-1.4.4/cups/http.c --- cups-1.4.4-orig/cups/http.c 2010-06-16 00:27:41.000000000 -0500 +++ cups-1.4.4/cups/http.c 2010-09-13 01:27:03.000000000 -0500 @@ -83,12 +83,10 @@ * http_debug_hex() - Do a hex dump of a buffer. * http_field() - Return the field index for a field name. * http_read_ssl() - Read from a SSL/TLS connection. - * http_locking_cb() - Lock/unlock a thread's mutex. * http_send() - Send a request with all fields and the trailing * blank line. * http_setup_ssl() - Set up SSL/TLS support on a connection. * http_shutdown_ssl() - Shut down SSL/TLS on a connection. - * http_threadid_cb() - Return the current thread ID. * http_upgrade() - Force upgrade to TLS encryption. * http_write() - Write a buffer to a HTTP connection. * http_write_chunk() - Write a chunked buffer. @@ -146,19 +144,6 @@ static int http_setup_ssl(http_t *http) static void http_shutdown_ssl(http_t *http); static int http_upgrade(http_t *http); static int http_write_ssl(http_t *http, const char *buf, int len); - -# ifdef HAVE_GNUTLS -# ifdef HAVE_PTHREAD_H -GCRY_THREAD_OPTION_PTHREAD_IMPL; -# endif /* HAVE_PTHREAD_H */ - -# elif defined(HAVE_LIBSSL) && defined(HAVE_PTHREAD_H) -static pthread_mutex_t *http_locks; /* OpenSSL lock mutexes */ - -static void http_locking_cb(int mode, int type, const char *file, - int line); -static unsigned long http_threadid_cb(void); -# endif /* HAVE_GNUTLS */ #endif /* HAVE_SSL */ @@ -1188,22 +1173,21 @@ httpHead(http_t *http, /* I - Conne void httpInitialize(void) { - static int initialized = 0; /* Have we been called before? */ -#ifdef WIN32 - WSADATA winsockdata; /* WinSock data */ -#endif /* WIN32 */ #ifdef HAVE_LIBSSL - int i; /* Looping var */ - unsigned char data[1024]; /* Seed data */ +# ifndef WIN32 + struct timeval curtime; /* Current time in microseconds */ +# endif /* !WIN32 */ + int i; /* Looping var */ + unsigned char data[1024]; /* Seed data */ #endif /* HAVE_LIBSSL */ - - if (initialized) - return; - #ifdef WIN32 - WSAStartup(MAKEWORD(2,2), &winsockdata); + WSADATA winsockdata; /* WinSock data */ + + static int initialized = 0; /* Has WinSock been initialized? */ + if (!initialized) + WSAStartup(MAKEWORD(1,1), &winsockdata); #elif !defined(SO_NOSIGPIPE) /* * Ignore SIGPIPE signals... @@ -1226,21 +1210,15 @@ httpInitialize(void) #endif /* WIN32 */ #ifdef HAVE_GNUTLS - /* - * Make sure we handle threading properly... - */ - -# ifdef HAVE_PTHREAD_H - gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread); -# endif /* HAVE_PTHREAD_H */ /* * Initialize GNU TLS... */ gnutls_global_init(); +#endif /* HAVE_GNUTLS */ -#elif defined(HAVE_LIBSSL) +#ifdef HAVE_LIBSSL /* * Initialize OpenSSL... */ @@ -1249,33 +1227,21 @@ httpInitialize(void) SSL_library_init(); /* - * Set the threading callbacks... - */ - -# ifdef HAVE_PTHREAD_H - http_locks = calloc(CRYPTO_num_locks(), sizeof(pthread_mutex_t)); - - for (i = 0; i < CRYPTO_num_locks(); i ++) - pthread_mutex_init(http_locks + i, NULL); - - CRYPTO_set_id_callback(http_threadid_cb); - CRYPTO_set_locking_callback(http_locking_cb); -# endif /* HAVE_PTHREAD_H */ - - /* * Using the current time is a dubious random seed, but on some systems * it is the best we can do (on others, this seed isn't even used...) */ - CUPS_SRAND(time(NULL)); +# ifdef WIN32 +# else + gettimeofday(&curtime, NULL); + srand(curtime.tv_sec + curtime.tv_usec); +# endif /* WIN32 */ for (i = 0; i < sizeof(data); i ++) - data[i] = CUPS_RAND(); + data[i] = rand(); RAND_seed(data, sizeof(data)); -#endif /* HAVE_GNUTLS */ - - initialized = 1; +#endif /* HAVE_LIBSSL */ } @@ -2834,25 +2800,6 @@ http_read_ssl(http_t *http, /* I - Conn #endif /* HAVE_SSL */ -#if defined(HAVE_LIBSSL) && defined(HAVE_PTHREAD_H) -/* - * 'http_locking_cb()' - Lock/unlock a thread's mutex. - */ - -static void -http_locking_cb(int mode, /* I - Lock mode */ - int type, /* I - Lock type */ - const char *file, /* I - Source file */ - int line) /* I - Line number */ -{ - if (mode & CRYPTO_LOCK) - pthread_mutex_lock(http_locks + type); - else - pthread_mutex_unlock(http_locks + type); -} -#endif /* HAVE_LIBSSL && HAVE_PTHREAD_H */ - - /* * 'http_send()' - Send a request with all fields and the trailing blank line. */ @@ -3224,19 +3171,6 @@ http_shutdown_ssl(http_t *http) /* I - #endif /* HAVE_SSL */ -#if defined(HAVE_LIBSSL) && defined(HAVE_PTHREAD_H) -/* - * 'http_threadid_cb()' - Return the current thread ID. - */ - -static unsigned long /* O - Thread ID */ -http_threadid_cb(void) -{ - return ((unsigned long)pthread_self()); -} -#endif /* HAVE_LIBSSL && HAVE_PTHREAD_H */ - - #ifdef HAVE_SSL /* * 'http_upgrade()' - Force upgrade to TLS encryption. diff -Naurp cups-1.4.4-orig/cups/http-private.h cups-1.4.4/cups/http-private.h --- cups-1.4.4-orig/cups/http-private.h 2010-04-11 23:03:53.000000000 -0500 +++ cups-1.4.4/cups/http-private.h 2010-09-13 01:27:24.000000000 -0500 @@ -98,7 +98,6 @@ extern BIO_METHOD *_httpBIOMethods(void) * The GNU TLS library is more of a "bare metal" SSL/TLS library... */ # include -# include typedef struct { diff -Naurp cups-1.4.4-orig/scheduler/main.c cups-1.4.4/scheduler/main.c --- cups-1.4.4-orig/scheduler/main.c 2010-04-23 13:56:34.000000000 -0500 +++ cups-1.4.4/scheduler/main.c 2010-09-13 01:27:36.000000000 -0500 @@ -549,8 +549,6 @@ main(int argc, /* I - Number of comm * Startup the server... */ - httpInitialize(); - cupsdStartServer(); /* diff -Naurp cups-1.4.4-orig/scheduler/server.c cups-1.4.4/scheduler/server.c --- cups-1.4.4-orig/scheduler/server.c 2010-04-11 23:03:53.000000000 -0500 +++ cups-1.4.4/scheduler/server.c 2010-09-13 01:27:49.000000000 -0500 @@ -44,6 +44,42 @@ static int started = 0; void cupsdStartServer(void) { +#ifdef HAVE_LIBSSL + int i; /* Looping var */ + struct timeval curtime; /* Current time in microseconds */ + unsigned char data[1024]; /* Seed data */ +#endif /* HAVE_LIBSSL */ + + +#ifdef HAVE_LIBSSL + /* + * Initialize the encryption libraries... + */ + + SSL_library_init(); + SSL_load_error_strings(); + + /* + * Using the current time is a dubious random seed, but on some systems + * it is the best we can do (on others, this seed isn't even used...) + */ + + gettimeofday(&curtime, NULL); + srand(curtime.tv_sec + curtime.tv_usec); + + for (i = 0; i < sizeof(data); i ++) + data[i] = rand(); /* Yes, this is a poor source of random data... */ + + RAND_seed(&data, sizeof(data)); +#elif defined(HAVE_GNUTLS) + /* + * Initialize the encryption libraries... + */ + + gnutls_global_init(); +#endif /* HAVE_LIBSSL */ + + /* * Create the default security profile... */