From 271f69d8896c54bc228d58c993ebbd151aa91e5f Mon Sep 17 00:00:00 2001 From: Panu Matilainen Date: Nov 15 2007 09:09:45 +0000 Subject: - Initialize NSS as early as possible (#382091) --- diff --git a/rpm-4.4.2.2-cryptoinit.patch b/rpm-4.4.2.2-cryptoinit.patch new file mode 100644 index 0000000..6cfea60 --- /dev/null +++ b/rpm-4.4.2.2-cryptoinit.patch @@ -0,0 +1,86 @@ +diff -up rpm-4.4.2.2/rpmio/digest.c.nss-init rpm-4.4.2.2/rpmio/digest.c +--- rpm-4.4.2.2/rpmio/digest.c.nss-init 2007-11-15 10:57:04.000000000 +0200 ++++ rpm-4.4.2.2/rpmio/digest.c 2007-11-15 10:57:04.000000000 +0200 +@@ -78,9 +78,6 @@ rpmDigestInit(pgpHashAlgo hashalgo, rpmD + HASH_HashType type; + DIGEST_CTX ctx = xcalloc(1, sizeof(*ctx)); + +- if (NSS_NoDB_Init(NULL) != SECSuccess) +- return NULL; +- + ctx->flags = flags; + + type = getHashType(hashalgo); +diff -up rpm-4.4.2.2/rpmio/rpmpgp.h.nss-init rpm-4.4.2.2/rpmio/rpmpgp.h +--- rpm-4.4.2.2/rpmio/rpmpgp.h.nss-init 2007-11-15 10:57:04.000000000 +0200 ++++ rpm-4.4.2.2/rpmio/rpmpgp.h 2007-11-15 10:57:04.000000000 +0200 +@@ -1380,6 +1380,15 @@ unsigned int pgpCRC(const byte *octets, + } + + /** \ingroup rpmio ++ * Perform cryptography initialization. ++ * It must be called before any cryptography can be used within rpm. ++ * It's not normally necessary to call it directly as it's called in ++ * general rpm initialization routines. ++ * @return 0 on success, -1 on failure ++ */ ++int rpmInitCrypto(void); ++ ++/** \ingroup rpmio + * Duplicate a digest context. + * @param octx existing digest context + * @return duplicated digest context +diff -up rpm-4.4.2.2/rpmio/rpmpgp.c.nss-init rpm-4.4.2.2/rpmio/rpmpgp.c +--- rpm-4.4.2.2/rpmio/rpmpgp.c.nss-init 2007-11-15 10:57:04.000000000 +0200 ++++ rpm-4.4.2.2/rpmio/rpmpgp.c 2007-11-15 10:58:07.000000000 +0200 +@@ -17,6 +17,8 @@ static int _debug = 0; + /*@unchecked@*/ + static int _print = 0; + ++static int _crypto_initialized = 0; ++ + /*@unchecked@*/ /*@null@*/ + static pgpDig _dig = NULL; + +@@ -1094,7 +1096,6 @@ int pgpPrtPkt(const byte *pkt, unsigned + pgpDig pgpNewDig(void) + { + pgpDig dig = xcalloc(1, sizeof(*dig)); +- NSS_NoDB_Init(NULL); + + return dig; + } +@@ -1404,5 +1405,18 @@ char * pgpArmorWrap(int atype, const uns + + return val; + } +- + /*@=boundsread@*/ ++ ++int rpmInitCrypto(void) { ++ int rc = 0; ++ ++ if (!_crypto_initialized && NSS_NoDB_Init(NULL) != SECSuccess) { ++ rc = -1; ++ } else { ++ _crypto_initialized = 1; ++ } ++ ++ return rc; ++} ++ ++ +diff -up rpm-4.4.2.2/lib/rpmrc.c.nss-init rpm-4.4.2.2/lib/rpmrc.c +--- rpm-4.4.2.2/lib/rpmrc.c.nss-init 2007-09-11 09:28:15.000000000 +0300 ++++ rpm-4.4.2.2/lib/rpmrc.c 2007-11-15 10:57:04.000000000 +0200 +@@ -1850,6 +1850,10 @@ static int rpmReadRC(/*@null@*/ const ch + + int rpmReadConfigFiles(const char * file, const char * target) + { ++ /* Initialize crypto engine as early as possible */ ++ if (rpmInitCrypto() < 0) { ++ return -1; ++ } + + /* Preset target macros */ + /*@-nullstate@*/ /* FIX: target can be NULL */ diff --git a/rpm.spec b/rpm.spec index 70163d2..7e86869 100644 --- a/rpm.spec +++ b/rpm.spec @@ -6,7 +6,7 @@ Summary: The RPM package management system Name: rpm Version: 4.4.2.2 -Release: 9%{?dist} +Release: 10%{?dist} Group: System Environment/Base Url: http://www.rpm.org/ Source: http://rpm.org/releases/rpm-4.4.x/%{name}-%{version}.tar.gz @@ -24,6 +24,7 @@ Patch11: rpm-4.4.2.2-pyproblem.patch Patch12: rpm-4.4.2.2-problem-nevra.patch Patch13: rpm-4.4.2.2-nss.patch Patch14: rpm-4.4.2.2-base64-unsigned-char.patch +Patch15: rpm-4.4.2.2-cryptoinit.patch # XXX Beware, this is one murky license, partially GPL/LGPL dual-licensed # and several different components with their own licenses included... @@ -153,6 +154,7 @@ that will manipulate RPM packages and databases. %patch12 -p1 -b .problem-nevra %patch13 -p1 -b .nss %patch14 -p1 -b .base64 +%patch15 -p1 -b .nss-init # force external popt rm -rf popt/ @@ -415,6 +417,9 @@ exit 0 %endif %changelog +* Thu Nov 15 2007 Panu Matilainen 4.4.2.2-10 +- Initialize NSS as early as possible (#382091) + * Wed Nov 14 2007 Paul Nasrat 4.4.2.2-9 - Fix base64 assumption of signed char, from Tomas Mraz (#380911)