commit: c3bea56a071e2f1a45a62dfff85b2322e9bbd153 Author: Sam James <sam <AT> gentoo <DOT> org> AuthorDate: Thu Aug 3 22:16:06 2023 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Thu Aug 3 22:16:06 2023 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c3bea56a
app-crypt/p11-kit: backport dlsym fix Signed-off-by: Sam James <sam <AT> gentoo.org> .../files/p11-kit-0.25.0-fix-C_GetInterface.patch | 39 ++++++++++++++++ app-crypt/p11-kit/p11-kit-0.25.0-r1.ebuild | 52 ++++++++++++++++++++++ 2 files changed, 91 insertions(+) diff --git a/app-crypt/p11-kit/files/p11-kit-0.25.0-fix-C_GetInterface.patch b/app-crypt/p11-kit/files/p11-kit-0.25.0-fix-C_GetInterface.patch new file mode 100644 index 000000000000..b3b411c33bdc --- /dev/null +++ b/app-crypt/p11-kit/files/p11-kit-0.25.0-fix-C_GetInterface.patch @@ -0,0 +1,39 @@ +https://github.com/p11-glue/p11-kit/commit/d1d4b0ac316a27c739ff91e6c4153f1154e96e5a + +From d1d4b0ac316a27c739ff91e6c4153f1154e96e5a Mon Sep 17 00:00:00 2001 +From: Xi Ruoyao <[email protected]> +Date: Thu, 27 Jul 2023 12:18:15 +0800 +Subject: [PATCH] Fix probing of C_GetInterface + +`p11_dl_symbol (dl, "C_GetInterface")` uses dlsym() to find +C_GetInterface in the loaded pkcs11 module. For legacy (pre-3.0) pkcs11 +modules, C_GetInterface is not defined in the module. But according to +the documentation of dlsym(): + + The search performed by dlsym() is breadth first through the + dependency tree of these shared objects. + +So if a pkcs11 module links to libp11-kit.so, the C_GetInterface +implementation in libp11-kit.so itself will be found. This +C_GetInterface will return the metadata of p11-kit-proxy.so, causing +"Refuse to load the p11-kit-proxy.so as a registered module". + +To solve the issue, if p11_dl_symbol() returns the C_GetInterface in +libp11-kit.so itself, we should ignore it and continue trying +C_GetFunctionList. +--- a/p11-kit/modules.c ++++ b/p11-kit/modules.c +@@ -383,6 +383,12 @@ dlopen_and_get_function_list (Module *mod, + mod->loaded_module = dl; + + gi = p11_dl_symbol (dl, "C_GetInterface"); ++ ++#ifndef OS_WIN32 ++ if (gi == C_GetInterface) ++ gi = NULL; ++#endif ++ + if (gi) { + /* Get the default standard interface */ + rv = gi ((unsigned char *)"PKCS 11", NULL, &interface, 0); + diff --git a/app-crypt/p11-kit/p11-kit-0.25.0-r1.ebuild b/app-crypt/p11-kit/p11-kit-0.25.0-r1.ebuild new file mode 100644 index 000000000000..b2c897076931 --- /dev/null +++ b/app-crypt/p11-kit/p11-kit-0.25.0-r1.ebuild @@ -0,0 +1,52 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit bash-completion-r1 meson-multilib + +DESCRIPTION="Provides a standard configuration setup for installing PKCS#11" +HOMEPAGE="https://p11-glue.github.io/p11-glue/p11-kit.html"; +SRC_URI="https://github.com/p11-glue/p11-kit/releases/download/${PV}/${P}.tar.xz"; + +LICENSE="MIT" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris" +IUSE="+libffi gtk-doc nls systemd test" +RESTRICT="!test? ( test )" + +RDEPEND=" + app-misc/ca-certificates + >=dev-libs/libtasn1-3.4:=[${MULTILIB_USEDEP}] + libffi? ( dev-libs/libffi:=[${MULTILIB_USEDEP}] ) + systemd? ( sys-apps/systemd:= ) +" +DEPEND="${RDEPEND}" +BDEPEND=" + virtual/pkgconfig + gtk-doc? ( dev-util/gtk-doc ) + nls? ( sys-devel/gettext ) +" + +PATCHES=( + "${FILESDIR}"/${P}-fix-C_GetInterface.patch +) + +multilib_src_configure() { + # Disable unsafe tests, bug#502088 + export FAKED_MODE=1 + + local emesonargs=( + -Dbashcompdir="$(get_bashcompdir)" + -Dtrust_module=enabled + -Dtrust_paths="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt + $(meson_feature libffi) + $(meson_use nls) + $(meson_use test) + $(meson_native_use_bool gtk-doc gtk_doc) + $(meson_native_true man) + $(meson_native_use_feature systemd) + ) + + meson_src_configure +}
