Version bump, fixing bug #313555 and #350406. Remove old.

(Portage version: 2.2.0_alpha15/cvs/Linux x86_64)

2 files changed, 206 insertions, 0 deletions

diff --git a/net-print/cups/files/cups-1.4.6-force-gnutls.patch b/net-print/cups/files/cups-1.4.6-force-gnutls.patch
new file mode 100644
index 000000000000..06daeb321499
--- /dev/null
+++ b/net-print/cups/files/cups-1.4.6-force-gnutls.patch
@@ -0,0 +1,93 @@
+Source: http://pkgs.fedoraproject.org/gitweb/?p=cups.git;a=blob;f=cups-force-gnutls.patch;h=85adaa8bdcc013e5401fffe74306a5fe644cf088;hb=HEAD
+Reason: Force the use of gnutls despite thread-safety concerns (Gentoo bug #350406)
+Upstream: http://cups.org/str.php?L3605
+
+diff -up cups-1.4.4/config-scripts/cups-ssl.m4.force-gnutls cups-1.4.4/config-scripts/cups-ssl.m4
+--- cups-1.4.4/config-scripts/cups-ssl.m4.force-gnutls	2010-09-15 16:49:22.343502552 +0100
++++ cups-1.4.4/config-scripts/cups-ssl.m4	2010-09-15 16:49:42.347502595 +0100
+@@ -65,23 +65,21 @@ if test x$enable_ssl != xno; then
+ 	if $PKGCONFIG --exists gnutls; then
+ 	    if test "x$have_pthread" = xyes; then
+ 		AC_MSG_WARN([The current version of GNU TLS cannot be made thread-safe.])
+-	    else
+-	        have_ssl=1
+-	        SSLLIBS=`$PKGCONFIG --libs gnutls`
+-	        SSLFLAGS=`$PKGCONFIG --cflags gnutls`
+-	        AC_DEFINE(HAVE_SSL)
+-	        AC_DEFINE(HAVE_GNUTLS)
+ 	    fi
++	    have_ssl=1
++	    SSLLIBS=`$PKGCONFIG --libs gnutls`
++	    SSLFLAGS=`$PKGCONFIG --cflags gnutls`
++	    AC_DEFINE(HAVE_SSL)
++	    AC_DEFINE(HAVE_GNUTLS)
+ 	elif test "x$LIBGNUTLSCONFIG" != x; then
+ 	    if test "x$have_pthread" = xyes; then
+ 		AC_MSG_WARN([The current version of GNU TLS cannot be made thread-safe.])
+-	    else
+-	        have_ssl=1
+-	        SSLLIBS=`$LIBGNUTLSCONFIG --libs`
+-	        SSLFLAGS=`$LIBGNUTLSCONFIG --cflags`
+-	        AC_DEFINE(HAVE_SSL)
+-	        AC_DEFINE(HAVE_GNUTLS)
+ 	    fi
++	    have_ssl=1
++	    SSLLIBS=`$LIBGNUTLSCONFIG --libs`
++	    SSLFLAGS=`$LIBGNUTLSCONFIG --cflags`
++	    AC_DEFINE(HAVE_SSL)
++	    AC_DEFINE(HAVE_GNUTLS)
+ 	fi
+ 
+ 	if test $have_ssl = 1; then
+diff -up cups-1.4.4/configure.force-gnutls cups-1.4.4/configure
+--- cups-1.4.4/configure.force-gnutls	2010-06-17 19:25:47.000000000 +0100
++++ cups-1.4.4/configure	2010-09-15 16:50:01.689503165 +0100
+@@ -17542,36 +17542,34 @@ fi
+ 	    if test "x$have_pthread" = xyes; then
+ 		{ echo "$as_me:$LINENO: WARNING: The current version of GNU TLS cannot be made thread-safe." >&5
+ echo "$as_me: WARNING: The current version of GNU TLS cannot be made thread-safe." >&2;}
+-	    else
+-	        have_ssl=1
+-	        SSLLIBS=`$PKGCONFIG --libs gnutls`
+-	        SSLFLAGS=`$PKGCONFIG --cflags gnutls`
+-	        cat >>confdefs.h <<\_ACEOF
++	    fi
++	    have_ssl=1
++	    SSLLIBS=`$PKGCONFIG --libs gnutls`
++	    SSLFLAGS=`$PKGCONFIG --cflags gnutls`
++	    cat >>confdefs.h <<\_ACEOF
+ #define HAVE_SSL 1
+ _ACEOF
+ 
+-	        cat >>confdefs.h <<\_ACEOF
++	    cat >>confdefs.h <<\_ACEOF
+ #define HAVE_GNUTLS 1
+ _ACEOF
+ 
+-	    fi
+ 	elif test "x$LIBGNUTLSCONFIG" != x; then
+ 	    if test "x$have_pthread" = xyes; then
+ 		{ echo "$as_me:$LINENO: WARNING: The current version of GNU TLS cannot be made thread-safe." >&5
+ echo "$as_me: WARNING: The current version of GNU TLS cannot be made thread-safe." >&2;}
+-	    else
+-	        have_ssl=1
+-	        SSLLIBS=`$LIBGNUTLSCONFIG --libs`
+-	        SSLFLAGS=`$LIBGNUTLSCONFIG --cflags`
+-	        cat >>confdefs.h <<\_ACEOF
++	    fi
++	    have_ssl=1
++	    SSLLIBS=`$LIBGNUTLSCONFIG --libs`
++	    SSLFLAGS=`$LIBGNUTLSCONFIG --cflags`
++	    cat >>confdefs.h <<\_ACEOF
+ #define HAVE_SSL 1
+ _ACEOF
+ 
+-	        cat >>confdefs.h <<\_ACEOF
++	    cat >>confdefs.h <<\_ACEOF
+ #define HAVE_GNUTLS 1
+ _ACEOF
+ 
+-	    fi
+ 	fi
+ 
+ 	if test $have_ssl = 1; then
diff --git a/net-print/cups/files/cups-1.4.6-serialize-gnutls.patch b/net-print/cups/files/cups-1.4.6-serialize-gnutls.patch
new file mode 100644
index 000000000000..bfe9f5e18a33
--- /dev/null
+++ b/net-print/cups/files/cups-1.4.6-serialize-gnutls.patch
@@ -0,0 +1,113 @@
+Source: http://pkgs.fedoraproject.org/gitweb/?p=cups.git;a=blob;f=cups-serialize-gnutls.patch;h=cdd82cb95574801bf714364a585e31eb05191750;hb=HEAD
+Reason: Perform locking for gnutls and avoid libgcrypt's broken locking (Gentoo bug #350406)
+Upstream: http://cups.org/str.php?L3605
+
+diff -up cups-1.4.4/cups/http.c.serialize-gnutls cups-1.4.4/cups/http.c
+--- cups-1.4.4/cups/http.c.serialize-gnutls	2010-09-17 13:37:01.858871762 +0100
++++ cups-1.4.4/cups/http.c	2010-09-17 13:55:22.579871934 +0100
+@@ -149,7 +149,7 @@ static int		http_write_ssl(http_t *http,
+ 
+ #  ifdef HAVE_GNUTLS
+ #    ifdef HAVE_PTHREAD_H
+-GCRY_THREAD_OPTION_PTHREAD_IMPL;
++static pthread_mutex_t gnutls_lock;
+ #    endif /* HAVE_PTHREAD_H */
+ 
+ #  elif defined(HAVE_LIBSSL) && defined(HAVE_PTHREAD_H)
+@@ -1231,7 +1231,7 @@ httpInitialize(void)
+   */
+ 
+ #  ifdef HAVE_PTHREAD_H
+-  gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
++  pthread_mutex_init(&gnutls_lock, NULL);
+ #  endif /* HAVE_PTHREAD_H */
+ 
+  /*
+@@ -2228,6 +2228,7 @@ _httpWait(http_t *http,			/* I - Connect
+     if (SSL_pending((SSL *)(http->tls)))
+       return (1);
+ #  elif defined(HAVE_GNUTLS)
++    /* lock already held here... */
+     if (gnutls_record_check_pending(((http_tls_t *)(http->tls))->session))
+       return (1);
+ #  elif defined(HAVE_CDSASSL)
+@@ -2294,6 +2295,8 @@ int					/* O - 1 if data is available, 0
+ httpWait(http_t *http,			/* I - Connection to server */
+          int    msec)			/* I - Milliseconds to wait */
+ {
++  int ret;
++
+  /*
+   * First see if there is data in the buffer...
+   */
+@@ -2318,7 +2321,17 @@ httpWait(http_t *http,			/* I - Connecti
+   * If not, check the SSL/TLS buffers and do a select() on the connection...
+   */
+ 
+-  return (_httpWait(http, msec, 1));
++#if defined(HAVE_SSL) && defined(HAVE_GNUTLS) && defined(HAVE_PTHREAD_H)
++  pthread_mutex_lock(&gnutls_lock);
++#endif
++
++  ret = _httpWait(http, msec, 1);
++
++#if defined(HAVE_SSL) && defined(HAVE_GNUTLS) && defined(HAVE_PTHREAD_H)
++  pthread_mutex_unlock(&gnutls_lock);
++#endif
++
++  return (ret);
+ }
+ 
+ 
+@@ -2769,7 +2782,9 @@ http_read_ssl(http_t *http,		/* I - Conn
+   ssize_t	result;			/* Return value */
+ 
+ 
++  pthread_mutex_lock(&gnutls_lock);
+   result = gnutls_record_recv(((http_tls_t *)(http->tls))->session, buf, len);
++  pthread_mutex_unlock(&gnutls_lock);
+ 
+   if (result < 0 && !errno)
+   {
+@@ -3085,6 +3100,7 @@ http_setup_ssl(http_t *http)		/* I - Con
+     return (-1);
+   }
+ 
++  pthread_mutex_lock(&gnutls_lock);
+   gnutls_certificate_allocate_credentials(credentials);
+ 
+   gnutls_init(&(conn->session), GNUTLS_CLIENT);
+@@ -3104,9 +3120,11 @@ http_setup_ssl(http_t *http)		/* I - Con
+     free(credentials);
+     free(conn);
+ 
++    pthread_mutex_unlock(&gnutls_lock);
+     return (-1);
+   }
+ 
++  pthread_mutex_unlock(&gnutls_lock);
+   conn->credentials = credentials;
+ 
+ #  elif defined(HAVE_CDSASSL)
+@@ -3196,9 +3214,11 @@ http_shutdown_ssl(http_t *http)		/* I - 
+   conn = (http_tls_t *)(http->tls);
+   credentials = (gnutls_certificate_client_credentials *)(conn->credentials);
+ 
++  pthread_mutex_lock(&gnutls_lock);
+   gnutls_bye(conn->session, GNUTLS_SHUT_RDWR);
+   gnutls_deinit(conn->session);
+   gnutls_certificate_free_credentials(*credentials);
++  pthread_mutex_unlock(&gnutls_lock);
+   free(credentials);
+   free(conn);
+ 
+@@ -3445,7 +3465,9 @@ http_write_ssl(http_t     *http,	/* I - 
+ #  elif defined(HAVE_GNUTLS)
+   ssize_t	result;			/* Return value */
+ 
++  pthread_mutex_lock(&gnutls_lock);
+   result = gnutls_record_send(((http_tls_t *)(http->tls))->session, buf, len);
++  pthread_mutex_unlock(&gnutls_lock);
+ 
+   if (result < 0 && !errno)
+   {