--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/usr/src/cmd/cups/Patches/15-thread-safety-removal.patch Tue Feb 08 00:26:18 2011 -0800
@@ -0,0 +1,244 @@
+--- cups/http-private.h.orig Tue Jan 11 03:25:59 2011
++++ cups/http-private.h Tue Jan 11 03:26:21 2011
+@@ -98,7 +98,6 @@
+ * The GNU TLS library is more of a "bare metal" SSL/TLS library...
+ */
+ # include <gnutls/gnutls.h>
+-# include <gcrypt.h>
+
+ typedef struct
+ {
+--- scheduler/main.c.orig Tue Jan 11 03:26:50 2011
++++ scheduler/main.c Tue Jan 11 03:27:08 2011
+@@ -549,8 +549,6 @@
+ * Startup the server...
+ */
+
+- httpInitialize();
+-
+ cupsdStartServer();
+
+ /*
+--- scheduler/server.c.orig Tue Jan 11 03:27:36 2011
++++ scheduler/server.c Tue Jan 11 03:32:26 2011
+@@ -44,7 +44,41 @@
+ void
+ cupsdStartServer(void)
+ {
++#ifdef HAVE_LIBSSL
++ int i; /* Looping var */
++ struct timeval curtime; /* Current time in microseconds */
++ unsigned char data[1024]; /* Seed data */
++#endif /* HAVE_LIBSSL */
++
++#ifdef HAVE_LIBSSL
+ /*
++ * Initialize the encryption libraries...
++ */
++
++ SSL_library_init();
++ SSL_load_error_strings();
++
++ /*
++ * Using the current time is a dubious random seed, but on some systems
++ * it is the best we can do (on others, this seed isn't even used...)
++ */
++
++ gettimeofday(&curtime, NULL);
++ srand(curtime.tv_sec + curtime.tv_usec);
++
++ for (i = 0; i < sizeof(data); i ++)
++ data[i] = rand(); /* Yes, this is a poor source of random data... */
++
++ RAND_seed(&data, sizeof(data));
++#elif defined(HAVE_GNUTLS)
++ /*
++ * Initialize the encryption libraries...
++ */
++
++ gnutls_global_init();
++#endif /* HAVE_LIBSSL */
++
++ /*
+ * Create the default security profile...
+ */
+
+--- cups/http.c.orig Wed Jan 12 01:52:14 2011
++++ cups/http.c Wed Jan 12 02:01:58 2011
+@@ -83,12 +83,10 @@
+ * http_debug_hex() - Do a hex dump of a buffer.
+ * http_field() - Return the field index for a field name.
+ * http_read_ssl() - Read from a SSL/TLS connection.
+- * http_locking_cb() - Lock/unlock a thread's mutex.
+ * http_send() - Send a request with all fields and the trailing
+ * blank line.
+ * http_setup_ssl() - Set up SSL/TLS support on a connection.
+ * http_shutdown_ssl() - Shut down SSL/TLS on a connection.
+- * http_threadid_cb() - Return the current thread ID.
+ * http_upgrade() - Force upgrade to TLS encryption.
+ * http_write() - Write a buffer to a HTTP connection.
+ * http_write_chunk() - Write a chunked buffer.
+@@ -147,18 +145,6 @@
+ static int http_upgrade(http_t *http);
+ static int http_write_ssl(http_t *http, const char *buf, int len);
+
+-# ifdef HAVE_GNUTLS
+-# ifdef HAVE_PTHREAD_H
+-GCRY_THREAD_OPTION_PTHREAD_IMPL;
+-# endif /* HAVE_PTHREAD_H */
+-
+-# elif defined(HAVE_LIBSSL) && defined(HAVE_PTHREAD_H)
+-static pthread_mutex_t *http_locks; /* OpenSSL lock mutexes */
+-
+-static void http_locking_cb(int mode, int type, const char *file,
+- int line);
+-static unsigned long http_threadid_cb(void);
+-# endif /* HAVE_GNUTLS */
+ #endif /* HAVE_SSL */
+
+
+@@ -1220,22 +1206,20 @@
+ void
+ httpInitialize(void)
+ {
+- static int initialized = 0; /* Have we been called before? */
+-#ifdef WIN32
+- WSADATA winsockdata; /* WinSock data */
+-#endif /* WIN32 */
+ #ifdef HAVE_LIBSSL
++ #ifndef WIN32
++ struct timeval curtime; /* Current time in microseconds */
++ #endif /* !WIN32 */
+ int i; /* Looping var */
+ unsigned char data[1024]; /* Seed data */
+ #endif /* HAVE_LIBSSL */
+
+-
+- if (initialized)
+- return;
+-
+ #ifdef WIN32
+- WSAStartup(MAKEWORD(2,2), &winsockdata);
++ WSADATA winsockdata; /* WinSock data */
+
++ static int initialized = 0;/* Has WinSock been initialized? */
++ if (!initialized)
++ WSAStartup(MAKEWORD(1,1), &winsockdata);
+ #elif !defined(SO_NOSIGPIPE)
+ /*
+ * Ignore SIGPIPE signals...
+@@ -1258,56 +1242,30 @@
+ #endif /* WIN32 */
+
+ #ifdef HAVE_GNUTLS
+- /*
+- * Make sure we handle threading properly...
+- */
+
+-# ifdef HAVE_PTHREAD_H
+- gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
+-# endif /* HAVE_PTHREAD_H */
+-
+- /*
+- * Initialize GNU TLS...
+- */
+-
+ gnutls_global_init();
++#endif /* HAVE_GNUTLS */
+
+-#elif defined(HAVE_LIBSSL)
+- /*
+- * Initialize OpenSSL...
+- */
+-
++#ifdef HAVE_LIBSSL
+ SSL_load_error_strings();
+ SSL_library_init();
+
+ /*
+- * Set the threading callbacks...
+- */
+-
+-# ifdef HAVE_PTHREAD_H
+- http_locks = calloc(CRYPTO_num_locks(), sizeof(pthread_mutex_t));
+-
+- for (i = 0; i < CRYPTO_num_locks(); i ++)
+- pthread_mutex_init(http_locks + i, NULL);
+-
+- CRYPTO_set_id_callback(http_threadid_cb);
+- CRYPTO_set_locking_callback(http_locking_cb);
+-# endif /* HAVE_PTHREAD_H */
+-
+- /*
+ * Using the current time is a dubious random seed, but on some systems
+ * it is the best we can do (on others, this seed isn't even used...)
+ */
+
+- CUPS_SRAND(time(NULL));
++#ifdef WIN32
++#else
++ gettimeofday(&curtime, NULL);
++ srand(curtime.tv_sec + curtime.tv_usec);
++#endif /* WIN32 */
+
+ for (i = 0; i < sizeof(data); i ++)
+- data[i] = CUPS_RAND();
++ data[i] = rand();
+
+ RAND_seed(data, sizeof(data));
+-#endif /* HAVE_GNUTLS */
+-
+- initialized = 1;
++#endif /* HAVE_LIBSSL */
+ }
+
+
+@@ -2865,27 +2823,7 @@
+ }
+ #endif /* HAVE_SSL */
+
+-
+-#if defined(HAVE_LIBSSL) && defined(HAVE_PTHREAD_H)
+ /*
+- * 'http_locking_cb()' - Lock/unlock a thread's mutex.
+- */
+-
+-static void
+-http_locking_cb(int mode, /* I - Lock mode */
+- int type, /* I - Lock type */
+- const char *file, /* I - Source file */
+- int line) /* I - Line number */
+-{
+- if (mode & CRYPTO_LOCK)
+- pthread_mutex_lock(http_locks + type);
+- else
+- pthread_mutex_unlock(http_locks + type);
+-}
+-#endif /* HAVE_LIBSSL && HAVE_PTHREAD_H */
+-
+-
+-/*
+ * 'http_send()' - Send a request with all fields and the trailing blank line.
+ */
+
+@@ -3255,20 +3193,6 @@
+ }
+ #endif /* HAVE_SSL */
+
+-
+-#if defined(HAVE_LIBSSL) && defined(HAVE_PTHREAD_H)
+-/*
+- * 'http_threadid_cb()' - Return the current thread ID.
+- */
+-
+-static unsigned long /* O - Thread ID */
+-http_threadid_cb(void)
+-{
+- return ((unsigned long)pthread_self());
+-}
+-#endif /* HAVE_LIBSSL && HAVE_PTHREAD_H */
+-
+-
+ #ifdef HAVE_SSL
+ /*
+ * 'http_upgrade()' - Force upgrade to TLS encryption.