rpms/curl/F-10 curl-7.18.2-nss-init.patch, NONE, 1.1 curl.spec, 1.82, 1.83 curl-7.18.2-nss-thread-safety.patch, 1.3, NONE

Jindrich Novy jnovy at fedoraproject.org
Sun Dec 14 19:45:53 UTC 2008 

Author: jnovy

Update of /cvs/pkgs/rpms/curl/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv31747

Modified Files:
	curl.spec 
Added Files:
	curl-7.18.2-nss-init.patch 
Removed Files:
	curl-7.18.2-nss-thread-safety.patch 
Log Message:
* Sun Dec 14 2008 Jindrich Novy <jnovy at redhat.com> 7.18.2-8
- use improved NSS patch, thanks to Rob Crittenden (#472489)


curl-7.18.2-nss-init.patch:

--- NEW FILE curl-7.18.2-nss-init.patch ---
--- curl-7.18.2/lib/nss.c.orig	2008-12-03 16:39:41.000000000 -0500
+++ curl-7.18.2/lib/nss.c	2008-12-03 18:26:06.000000000 -0500
@@ -73,6 +73,8 @@
 
 PRFileDesc *PR_ImportTCPSocket(PRInt32 osfd);
 
+PRLock * nss_initlock = NULL;
+
 int initialized = 0;
 
 #define HANDSHAKE_TIMEOUT 30
@@ -229,6 +231,23 @@
 }
 
 /*
+ * Get the number of ciphers that are enabled. We use this to determine
+ * if we need to call NSS_SetDomesticPolicy() to enable the default ciphers.
+ */
+static int num_enabled_ciphers() {
+  PRInt32 policy = 0;
+  int count = 0;
+  int i;
+
+  for(i=0; i<ciphernum; i++) {
+    SSL_CipherPolicyGet(cipherlist[i].num, &policy);
+    if(policy)
+      count++;
+  }
+  return count;
+}
+
+/*
  * Determine whether the nickname passed in is a filename that needs to
  * be loaded as a PEM or a regular NSS nickname.
  *
@@ -719,8 +738,11 @@
  */
 int Curl_nss_init(void)
 {
-  if(!initialized)
+  /* curl_global_init() is not thread-safe so this test is ok */
+  if (nss_initlock == NULL) {
     PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 256);
+    nss_initlock = PR_NewLock();
+  }
 
   /* We will actually initialize NSS later */
 
@@ -730,7 +752,17 @@
 /* Global cleanup */
 void Curl_nss_cleanup(void)
 {
-  NSS_Shutdown();
+  /* This function isn't required to be threadsafe and this is only done
+   * as a safety feature.
+   */
+  PR_Lock(nss_initlock);
+  if (initialized)
+    NSS_Shutdown();
+  PR_Unlock(nss_initlock);
+
+  PR_DestroyLock(nss_initlock);
+  nss_initlock = NULL;
+
   initialized = 0;
 }
 
@@ -801,6 +833,7 @@
 #endif
   char *certDir = NULL;
   int curlerr;
+  int policy;
 
   curlerr = CURLE_SSL_CONNECT_ERROR;
 
@@ -808,9 +841,8 @@
     return CURLE_OK;
 
   /* FIXME. NSS doesn't support multiple databases open at the same time. */
+  PR_Lock(nss_initlock);
   if(!initialized) {
-    initialized = 1;
-
     certDir = getenv("SSL_DIR"); /* Look in $SSL_DIR */
 
     if(!certDir) {
@@ -822,20 +854,25 @@
         }
     }
 
-    if(!certDir) {
-      rv = NSS_NoDB_Init(NULL);
-    }
-    else {
-      rv = NSS_Initialize(certDir, NULL, NULL, "secmod.db",
-                          NSS_INIT_READONLY);
-    }
-    if(rv != SECSuccess) {
-      infof(conn->data, "Unable to initialize NSS database\n");
-      curlerr = CURLE_SSL_CACERT_BADFILE;
-      goto error;
+    if (!NSS_IsInitialized()) {
+        initialized = 1;
+        if(!certDir) {
+          rv = NSS_NoDB_Init(NULL);
+        }
+        else {
+          rv = NSS_Initialize(certDir, NULL, NULL, "secmod.db",
+                              NSS_INIT_READONLY);
+        }
+        if(rv != SECSuccess) {
+          infof(conn->data, "Unable to initialize NSS database\n");
+          curlerr = CURLE_SSL_CACERT_BADFILE;
+          PR_Unlock(nss_initlock);
+          initialized = 0;
+          goto error;
+        }
     }
-
-    NSS_SetDomesticPolicy();
+    if(num_enabled_ciphers() == 0)
+      NSS_SetDomesticPolicy();
 
 #ifdef HAVE_PK11_CREATEGENERICOBJECT
     configstring = (char *)malloc(PATH_MAX);
@@ -854,6 +891,7 @@
     }
 #endif
   }
+  PR_Unlock(nss_initlock);
 
   model = PR_NewTCPSocket();
   if(!model)


Index: curl.spec
===================================================================
RCS file: /cvs/pkgs/rpms/curl/F-10/curl.spec,v
retrieving revision 1.82
retrieving revision 1.83
diff -u -r1.82 -r1.83
--- curl.spec	19 Sep 2008 11:43:05 -0000	1.82
+++ curl.spec	14 Dec 2008 19:45:23 -0000	1.83
@@ -1,7 +1,7 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
 Version: 7.18.2
-Release: 7%{?dist}
+Release: 8%{?dist}
 License: MIT
 Group: Applications/Internet
 Source: http://curl.haxx.se/download/%{name}-%{version}.tar.bz2
@@ -9,7 +9,7 @@
 Patch2: curl-7.16.0-privlibs.patch
 Patch3: curl-7.17.1-badsocket.patch
 Patch4: curl-7.18.2-nssproxy.patch
-Patch5: curl-7.18.2-nss-thread-safety.patch
+Patch5: curl-7.18.2-nss-init.patch
 Provides: webclient
 URL: http://curl.haxx.se/
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -51,7 +51,7 @@
 %patch2 -p1 -b .privlibs
 %patch3 -p1 -b .badsocket
 %patch4 -p1 -b .nssproxy
-%patch5 -p1 -b .nssthreadsafety
+%patch5 -p1 -b .nssinit
 
 # Convert docs to UTF-8
 for f in CHANGES README; do
@@ -120,6 +120,9 @@
 %{_datadir}/aclocal/libcurl.m4
 
 %changelog
+* Sun Dec 14 2008 Jindrich Novy <jnovy at redhat.com> 7.18.2-8
+- use improved NSS patch, thanks to Rob Crittenden (#472489)
+
 * Tue Sep 09 2008 Jindrich Novy <jnovy at redhat.com> 7.18.2-7
 - update the thread safety patch, thanks to Rob Crittenden (#462217)
 


--- curl-7.18.2-nss-thread-safety.patch DELETED ---

More information about the fedora-extras-commits mailing list