rpms/rpm/devel rpm-4.4.2.2-cryptoinit.patch, NONE, 1.1 rpm.spec, 1.270, 1.271

Panu Matilainen (pmatilai) fedora-extras-commits at redhat.com
Thu Nov 15 09:10:19 UTC 2007


Author: pmatilai

Update of /cvs/pkgs/rpms/rpm/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7620

Modified Files:
	rpm.spec 
Added Files:
	rpm-4.4.2.2-cryptoinit.patch 
Log Message:
- Initialize NSS as early as possible (#382091)


rpm-4.4.2.2-cryptoinit.patch:

--- NEW FILE rpm-4.4.2.2-cryptoinit.patch ---
diff -up rpm-4.4.2.2/rpmio/digest.c.nss-init rpm-4.4.2.2/rpmio/digest.c
--- rpm-4.4.2.2/rpmio/digest.c.nss-init	2007-11-15 10:57:04.000000000 +0200
+++ rpm-4.4.2.2/rpmio/digest.c	2007-11-15 10:57:04.000000000 +0200
@@ -78,9 +78,6 @@ rpmDigestInit(pgpHashAlgo hashalgo, rpmD
     HASH_HashType type;
     DIGEST_CTX ctx = xcalloc(1, sizeof(*ctx));
 
-    if (NSS_NoDB_Init(NULL) != SECSuccess)
-	return NULL;
-
     ctx->flags = flags;
 
     type = getHashType(hashalgo);
diff -up rpm-4.4.2.2/rpmio/rpmpgp.h.nss-init rpm-4.4.2.2/rpmio/rpmpgp.h
--- rpm-4.4.2.2/rpmio/rpmpgp.h.nss-init	2007-11-15 10:57:04.000000000 +0200
+++ rpm-4.4.2.2/rpmio/rpmpgp.h	2007-11-15 10:57:04.000000000 +0200
@@ -1380,6 +1380,15 @@ unsigned int pgpCRC(const byte *octets, 
 }
 
 /** \ingroup rpmio
+ * Perform cryptography initialization.
+ * It must be called before any cryptography can be used within rpm.
+ * It's not normally necessary to call it directly as it's called in
+ * general rpm initialization routines.
+ * @return		0 on success, -1 on failure
+ */
+int rpmInitCrypto(void);
+
+/** \ingroup rpmio
  * Duplicate a digest context.
  * @param octx		existing digest context
  * @return		duplicated digest context
diff -up rpm-4.4.2.2/rpmio/rpmpgp.c.nss-init rpm-4.4.2.2/rpmio/rpmpgp.c
--- rpm-4.4.2.2/rpmio/rpmpgp.c.nss-init	2007-11-15 10:57:04.000000000 +0200
+++ rpm-4.4.2.2/rpmio/rpmpgp.c	2007-11-15 10:58:07.000000000 +0200
@@ -17,6 +17,8 @@ static int _debug = 0;
 /*@unchecked@*/
 static int _print = 0;
 
+static int _crypto_initialized = 0;
+
 /*@unchecked@*/ /*@null@*/
 static pgpDig _dig = NULL;
 
@@ -1094,7 +1096,6 @@ int pgpPrtPkt(const byte *pkt, unsigned 
 pgpDig pgpNewDig(void)
 {
     pgpDig dig = xcalloc(1, sizeof(*dig));
-    NSS_NoDB_Init(NULL);
 
     return dig;
 }
@@ -1404,5 +1405,18 @@ char * pgpArmorWrap(int atype, const uns
 
     return val;
 }
-
 /*@=boundsread@*/
+
+int rpmInitCrypto(void) {
+    int rc = 0;
+
+    if (!_crypto_initialized && NSS_NoDB_Init(NULL) != SECSuccess) {
+        rc = -1;
+    } else {
+        _crypto_initialized = 1;
+    }
+
+    return rc;
+}
+
+
diff -up rpm-4.4.2.2/lib/rpmrc.c.nss-init rpm-4.4.2.2/lib/rpmrc.c
--- rpm-4.4.2.2/lib/rpmrc.c.nss-init	2007-09-11 09:28:15.000000000 +0300
+++ rpm-4.4.2.2/lib/rpmrc.c	2007-11-15 10:57:04.000000000 +0200
@@ -1850,6 +1850,10 @@ static int rpmReadRC(/*@null@*/ const ch
 
 int rpmReadConfigFiles(const char * file, const char * target)
 {
+    /* Initialize crypto engine as early as possible */
+    if (rpmInitCrypto() < 0) {
+	return -1;
+    }	
 
     /* Preset target macros */
     /*@-nullstate@*/	/* FIX: target can be NULL */


Index: rpm.spec
===================================================================
RCS file: /cvs/pkgs/rpms/rpm/devel/rpm.spec,v
retrieving revision 1.270
retrieving revision 1.271
diff -u -r1.270 -r1.271
--- rpm.spec	14 Nov 2007 20:05:51 -0000	1.270
+++ rpm.spec	15 Nov 2007 09:09:45 -0000	1.271
@@ -6,7 +6,7 @@
 Summary: The RPM package management system
 Name: rpm
 Version: 4.4.2.2
-Release: 9%{?dist}
+Release: 10%{?dist}
 Group: System Environment/Base
 Url: http://www.rpm.org/
 Source: http://rpm.org/releases/rpm-4.4.x/%{name}-%{version}.tar.gz
@@ -24,6 +24,7 @@
 Patch12: rpm-4.4.2.2-problem-nevra.patch
 Patch13: rpm-4.4.2.2-nss.patch
 Patch14: rpm-4.4.2.2-base64-unsigned-char.patch
+Patch15: rpm-4.4.2.2-cryptoinit.patch
 
 # XXX Beware, this is one murky license, partially GPL/LGPL dual-licensed
 # and several different components with their own licenses included...
@@ -153,6 +154,7 @@
 %patch12 -p1 -b .problem-nevra
 %patch13 -p1 -b .nss
 %patch14 -p1 -b .base64
+%patch15 -p1 -b .nss-init
 
 # force external popt
 rm -rf popt/
@@ -415,6 +417,9 @@
 %endif
 
 %changelog
+* Thu Nov 15 2007 Panu Matilainen <pmatilai at redhat.com> 4.4.2.2-10
+- Initialize NSS as early as possible (#382091)
+
 * Wed Nov 14 2007 Paul Nasrat <pauln at truemesh.com> 4.4.2.2-9
 - Fix base64 assumption of signed char, from Tomas Mraz (#380911)
 




More information about the fedora-extras-commits mailing list