diff options
| author | manu <manu@pkgsrc.org> | 2021-08-19 12:56:22 +0000 |
|---|---|---|
| committer | manu <manu@pkgsrc.org> | 2021-08-19 12:56:22 +0000 |
| commit | 7de29efe3e59ee639821a3c9134f84740e95e810 (patch) | |
| tree | 1e79ce6c7879d02603475d8614e60a21f1edc64b /security | |
| parent | 7b606ea85eab2991febd69c0d697693d3f56f663 (diff) | |
| download | pkgsrc-7de29efe3e59ee639821a3c9134f84740e95e810.tar.gz | |
Prevent dynamic unload of libp11-kit.so
The library sets up a pthread_atfork() hook. If we let be unload, we
get a callback to stale memory.
Diffstat (limited to 'security')
| -rw-r--r-- | security/p11-kit/Makefile | 4 | ||||
| -rw-r--r-- | security/p11-kit/distinfo | 5 | ||||
| -rw-r--r-- | security/p11-kit/patches/patch-Makefile.in | 27 | ||||
| -rw-r--r-- | security/p11-kit/patches/patch-p11-kit_Makefile.am | 17 |
4 files changed, 44 insertions, 9 deletions
diff --git a/security/p11-kit/Makefile b/security/p11-kit/Makefile index bd7c521603a..7c083ffcb7c 100644 --- a/security/p11-kit/Makefile +++ b/security/p11-kit/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.21 2021/07/03 21:02:45 thor Exp $ +# $NetBSD: Makefile,v 1.22 2021/08/19 12:56:22 manu Exp $ DISTNAME= p11-kit-0.24.0 -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= security #MASTER_SITES= http://p11-glue.freedesktop.org/releases/ MASTER_SITES+= ${MASTER_SITE_GITHUB:=p11-glue/} diff --git a/security/p11-kit/distinfo b/security/p11-kit/distinfo index 62d1005151a..ee3872f88b2 100644 --- a/security/p11-kit/distinfo +++ b/security/p11-kit/distinfo @@ -1,8 +1,9 @@ -$NetBSD: distinfo,v 1.15 2021/06/10 10:20:50 wiz Exp $ +$NetBSD: distinfo,v 1.16 2021/08/19 12:56:22 manu Exp $ SHA1 (p11-kit-0.24.0.tar.xz) = 66380b519caa58d49f31f7fb4aae7b14e91b1a40 RMD160 (p11-kit-0.24.0.tar.xz) = 5dab40899e748c0879f1a30fc7e06811898159a7 SHA512 (p11-kit-0.24.0.tar.xz) = 48369d6fdae79b8c5a255c821fbdb982f0c649cce07c0d92f0ff0c16322fea8919faa94067cae2efede2da3646c0e69a71a3e399b769dc2327f247bcb113eb3c Size (p11-kit-0.24.0.tar.xz) = 834392 bytes -SHA1 (patch-Makefile.in) = 1393b1c8892e90362575d5d325a583921f629b3c +SHA1 (patch-Makefile.in) = 70118888ecc6dffe5c9a5e397f62a89d708fff92 SHA1 (patch-common_compat.c) = bdcb10cebe5e7755c81f88ef033b9dfecd7a1aad +SHA1 (patch-p11-kit_Makefile.am) = fb90182abbe91cb3f329eb97bec1bcb15e0e9ac2 diff --git a/security/p11-kit/patches/patch-Makefile.in b/security/p11-kit/patches/patch-Makefile.in index aa60fca34aa..8863cb8b0c0 100644 --- a/security/p11-kit/patches/patch-Makefile.in +++ b/security/p11-kit/patches/patch-Makefile.in @@ -1,11 +1,25 @@ -$NetBSD: patch-Makefile.in,v 1.4 2018/09/27 18:06:36 tnn Exp $ +$NetBSD: patch-Makefile.in,v 1.5 2021/08/19 12:56:22 manu Exp $ Install examples into pkgsrc example directory. Avoid non-portable use of readlink(1) in Makefile. +Since libp11-kit installs pthread_atfork() callback, make sure +it cannot be unloaded. ---- Makefile.in.orig 2018-08-28 14:02:02.000000000 +0000 -+++ Makefile.in -@@ -1730,7 +1730,7 @@ libp11_kit_pkcs11_gnu_la_CFLAGS = -DCRYP +--- Makefile.in.orig 2021-06-03 16:51:18.000000000 +0200 ++++ Makefile.in 2021-08-17 10:49:29.475741852 +0200 +@@ -1906,9 +1906,9 @@ + $(LTLIBINTL) \ + $(NULL) + + libp11_kit_la_CFLAGS = $(COMMON_CFLAGS) +-libp11_kit_la_LDFLAGS = -no-undefined -version-info \ ++libp11_kit_la_LDFLAGS = -Wl,-z -Wl,nodelete -no-undefined -version-info \ + $(P11KIT_LT_RELEASE) $(am__append_3) $(am__append_4) + libp11_kit_la_SOURCES = \ + p11-kit/proxy.c p11-kit/proxy.h p11-kit/proxy-init.c \ + p11-kit/rpc-server.c \ +@@ -1971,9 +1971,9 @@ + @OS_WIN32_FALSE@p11_kit_client_la_LIBADD = $(libp11_kit_la_LIBADD) pkgconfigdir = $(libdir)/pkgconfig pkgconfig_DATA = p11-kit/p11-kit-1.pc @@ -14,7 +28,9 @@ Avoid non-portable use of readlink(1) in Makefile. example_DATA = p11-kit/pkcs11.conf.example p11_kit_p11_kit_SOURCES = \ p11-kit/lists.c \ -@@ -5494,7 +5494,7 @@ p11-kit/pin.gnu.c: p11-kit/pin.h + p11-kit/p11-kit.c \ +@@ -6258,9 +6258,9 @@ + # Proxy module is actually same as library, so install a link @OS_WIN32_FALSE@install-exec-hook: @OS_WIN32_FALSE@ for i in so dylib; do \ @OS_WIN32_FALSE@ test -f $(DESTDIR)$(libdir)/libp11-kit.$$i && \ @@ -23,3 +39,4 @@ Avoid non-portable use of readlink(1) in Makefile. @OS_WIN32_FALSE@ done @OS_WIN32_FALSE@ $(MKDIR_P) $(DESTDIR)$(p11_package_config_modules) + @OS_WIN32_FALSE@uninstall-local: diff --git a/security/p11-kit/patches/patch-p11-kit_Makefile.am b/security/p11-kit/patches/patch-p11-kit_Makefile.am new file mode 100644 index 00000000000..5fc43fa8ac2 --- /dev/null +++ b/security/p11-kit/patches/patch-p11-kit_Makefile.am @@ -0,0 +1,17 @@ +$NetBSD: patch-p11-kit_Makefile.am,v 1.1 2021/08/19 12:56:22 manu Exp $ + +Since libp11-kit installs pthread_atfork() callback, make sure +it cannot be unloaded. + +--- p11-kit/Makefile.am.orig 2021-08-17 10:42:09.913595860 +0200 ++++ p11-kit/Makefile.am 2021-08-17 10:42:27.522236458 +0200 +@@ -86,8 +86,9 @@ + + libp11_kit_la_CFLAGS = $(COMMON_CFLAGS) + + libp11_kit_la_LDFLAGS = \ ++ -Wl,-z -Wl,nodelete \ + -no-undefined \ + -version-info $(P11KIT_LT_RELEASE) + + if HAVE_LD_VERSION_SCRIPT |