Fix for security/opensc regression

To: pkgsrc-users%netbsd.org@localhost
Subject: Fix for security/opensc regression
From: Emmanuel Dreyfus <manu%netbsd.org@localhost>
Date: Mon, 14 Aug 2023 15:03:23 +0000

Hi 

When security/opensc was updated to 0.23.0, it gained a
--enable-notify configure flag.

The feature adds a libopensc dependency on libglib, which in turns 
brings libpthread into the game.

When using the opensc-pkcs11.so module with a non threaded program
such as ssh(1), libopensc will load some thread-enabled glib function
that attemps to initialize pthread stuff. That would require libpthread
to be linked in, and if it is not the case, module load aborts.
Here is the crash in action:

Program received signal SIGABRT, Aborted.
0x000072403899c46a in _lwp_kill () from /lib/libc.so.12
(gdb) bt
#0  0x000072403899c46a in _lwp_kill () from /lib/libc.so.12
#1  0x0000724038849223 in __libc_thr_create_stub () from /lib/libc.so.12
#2  0x0000724036a9c3ee in ?? ()
#3  0x0000000000000000 in ?? ()

The patch below turns the notify feature into a disabled by default
option. There should probably be a way to warn the user about the 
dire consequences of enabling it. A comment in options.mk?

Beside this, any somment on the patch? It restores opensc-pkcs11.so
functionnality with ssh at mine.

Additionally, users could be interested to learn that some drivers were
disabled by default in OpenSC 0.23.0. The change is not pkgsrc-related
and was done upstream. Enabling the drivers to match pre-0.23.0 behavior
requires "card_drivers = old, internal" in opensc.conf's app default 
section. I also have a patch that reverts this upstream's change, if 
that is deemed useful.

Index: security/opensc/Makefile
===================================================================
RCS file: /cvsroot/pkgsrc/security/opensc/Makefile,v
retrieving revision 1.40
diff -U4 -r1.40 Makefile
--- security/opensc/Makefile	6 Jun 2023 12:42:14 -0000	1.40
+++ security/opensc/Makefile	14 Aug 2023 14:47:07 -0000
@@ -1,8 +1,8 @@
 # $NetBSD: Makefile,v 1.40 2023/06/06 12:42:14 riastradh Exp $
 
 DISTNAME=	opensc-0.23.0
-PKGREVISION=	1
+PKGREVISION=	2
 CATEGORIES=	security
 MASTER_SITES=	${MASTER_SITE_GITHUB:=OpenSC/}
 
 MAINTAINER=	pkgsrc-users%NetBSD.org@localhost
@@ -19,9 +19,8 @@
 GNU_CONFIGURE=		yes
 CONFIGURE_ARGS+=	--disable-autostart-items
 CONFIGURE_ARGS+=	--disable-cmocka
 CONFIGURE_ARGS+=	--disable-strict  # avoid -Werror
-CONFIGURE_ARGS+=	--enable-notify
 CONFIGURE_ARGS+=	--sysconfdir=${PKG_SYSCONFDIR}
 # The stylesheets are not found without this.
 CONFIGURE_ARGS+=	--with-xsl-stylesheetsdir=${PREFIX}/share/xsl/docbook
 
@@ -36,9 +35,8 @@
 INSTALLATION_DIRS=	${EGDIR}
 post-install:
 	${INSTALL_DATA} ${WRKSRC}/etc/opensc.conf.example ${DESTDIR}${EGDIR}/opensc.conf
 
-.include "../../devel/glib2/buildlink3.mk"
 .include "../../devel/zlib/buildlink3.mk"
 .include "../../security/openssl/buildlink3.mk"
 # build tools for doc; should be TOOLS
 .include "../../textproc/libxslt/buildlink3.mk"
Index: security/opensc/PLIST
===================================================================
RCS file: /cvsroot/pkgsrc/security/opensc/PLIST,v
retrieving revision 1.14
diff -U4 -r1.14 PLIST
--- security/opensc/PLIST	21 Feb 2023 17:23:07 -0000	1.14
+++ security/opensc/PLIST	14 Aug 2023 14:47:07 -0000
@@ -10,9 +10,9 @@
 bin/netkey-tool
 bin/openpgp-tool
 bin/opensc-asn1
 bin/opensc-explorer
-bin/opensc-notify
+${NOTIFY}bin/opensc-notify
 bin/opensc-tool
 bin/piv-tool
 bin/pkcs11-register
 bin/pkcs11-tool
Index: security/opensc/options.mk
===================================================================
RCS file: /cvsroot/pkgsrc/security/opensc/options.mk,v
retrieving revision 1.6
diff -U4 -r1.6 options.mk
--- security/opensc/options.mk	21 Feb 2023 17:23:07 -0000	1.6
+++ security/opensc/options.mk	14 Aug 2023 14:47:07 -0000
@@ -5,8 +5,9 @@
 # Arguably these should be selectable individually, but upstream requires
 # that exactly one be chosen.
 PKG_OPTIONS_REQUIRED_GROUPS=	cardreader
 PKG_OPTIONS_GROUP.cardreader=	pcsc-lite openct
+PKG_SUPPORTED_OPTIONS=		notify
 PKG_SUGGESTED_OPTIONS=		pcsc-lite
 
 .include "../../mk/bsd.options.mk"
 
@@ -37,4 +38,13 @@
 CONFIGURE_ARGS+=	--enable-openct
 .else
 CONFIGURE_ARGS+=	--disable-openct
 .endif
+
+.if !empty(PKG_OPTIONS:Mnotify)
+.include "../../devel/glib2/buildlink3.mk"
+CONFIGURE_ARGS+=	--enable-notify
+PLIST_SUBST+=		NOTIFY=""
+.else
+CONFIGURE_ARGS+=	--disable-notify
+PLIST_SUBST+=		NOTIFY="@comment "
+.endif


-- 
Emmanuel Dreyfus
manu%netbsd.org@localhost

Follow-Ups:
- Re: Fix for security/opensc regression
  - From: Greg Troxel

Prev by Date: Re: changing default python version to 3.11?
Next by Date: Re: Fix for security/opensc regression
Previous by Thread: Patching rust using packages in pkgsrc (.cargo-checksum.json)
Next by Thread: Re: Fix for security/opensc regression
Indexes:

Home | Main Index | Thread Index | Old Index