[pkgsrc/trunk]: pkgsrc/security/p11-kit Prevent dynamic unload of libp11-kit.so

[manu <manu%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/b94ae0f6048a
branches:  trunk
changeset: 457158:b94ae0f6048a
user:      manu <manu%pkgsrc.org@localhost>
date:      Thu Aug 19 12:56:22 2021 +0000

description:
Prevent dynamic unload of libp11-kit.so

The library sets up a pthread_atfork() hook. If we let be unload, we
get a callback to stale memory.

diffstat:

 security/p11-kit/Makefile                          |   4 +-
 security/p11-kit/distinfo                          |   5 ++-
 security/p11-kit/patches/patch-Makefile.in         |  27 +++++++++++++++++----
 security/p11-kit/patches/patch-p11-kit_Makefile.am |  17 +++++++++++++
 4 files changed, 44 insertions(+), 9 deletions(-)

diffs (98 lines):

diff -r 63fefd66fc6d -r b94ae0f6048a security/p11-kit/Makefile
--- a/security/p11-kit/Makefile Thu Aug 19 12:46:44 2021 +0000
+++ b/security/p11-kit/Makefile Thu Aug 19 12:56:22 2021 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.21 2021/07/03 21:02:45 thor Exp $
+# $NetBSD: Makefile,v 1.22 2021/08/19 12:56:22 manu Exp $
 
 DISTNAME=      p11-kit-0.24.0
-PKGREVISION=   1
+PKGREVISION=   2
 CATEGORIES=    security
 #MASTER_SITES= http://p11-glue.freedesktop.org/releases/
 MASTER_SITES+= ${MASTER_SITE_GITHUB:=p11-glue/}
diff -r 63fefd66fc6d -r b94ae0f6048a security/p11-kit/distinfo
--- a/security/p11-kit/distinfo Thu Aug 19 12:46:44 2021 +0000
+++ b/security/p11-kit/distinfo Thu Aug 19 12:56:22 2021 +0000
@@ -1,8 +1,9 @@
-$NetBSD: distinfo,v 1.15 2021/06/10 10:20:50 wiz Exp $
+$NetBSD: distinfo,v 1.16 2021/08/19 12:56:22 manu Exp $
 
 SHA1 (p11-kit-0.24.0.tar.xz) = 66380b519caa58d49f31f7fb4aae7b14e91b1a40
 RMD160 (p11-kit-0.24.0.tar.xz) = 5dab40899e748c0879f1a30fc7e06811898159a7
 SHA512 (p11-kit-0.24.0.tar.xz) = 48369d6fdae79b8c5a255c821fbdb982f0c649cce07c0d92f0ff0c16322fea8919faa94067cae2efede2da3646c0e69a71a3e399b769dc2327f247bcb113eb3c
 Size (p11-kit-0.24.0.tar.xz) = 834392 bytes
-SHA1 (patch-Makefile.in) = 1393b1c8892e90362575d5d325a583921f629b3c
+SHA1 (patch-Makefile.in) = 70118888ecc6dffe5c9a5e397f62a89d708fff92
 SHA1 (patch-common_compat.c) = bdcb10cebe5e7755c81f88ef033b9dfecd7a1aad
+SHA1 (patch-p11-kit_Makefile.am) = fb90182abbe91cb3f329eb97bec1bcb15e0e9ac2
diff -r 63fefd66fc6d -r b94ae0f6048a security/p11-kit/patches/patch-Makefile.in
--- a/security/p11-kit/patches/patch-Makefile.in        Thu Aug 19 12:46:44 2021 +0000
+++ b/security/p11-kit/patches/patch-Makefile.in        Thu Aug 19 12:56:22 2021 +0000
@@ -1,11 +1,25 @@
-$NetBSD: patch-Makefile.in,v 1.4 2018/09/27 18:06:36 tnn Exp $
+$NetBSD: patch-Makefile.in,v 1.5 2021/08/19 12:56:22 manu Exp $
 
 Install examples into pkgsrc example directory.
 Avoid non-portable use of readlink(1) in Makefile.
+Since libp11-kit installs pthread_atfork() callback, make sure
+it cannot be unloaded.
 
---- Makefile.in.orig   2018-08-28 14:02:02.000000000 +0000
-+++ Makefile.in
-@@ -1730,7 +1730,7 @@ libp11_kit_pkcs11_gnu_la_CFLAGS = -DCRYP
+--- Makefile.in.orig   2021-06-03 16:51:18.000000000 +0200
++++ Makefile.in        2021-08-17 10:49:29.475741852 +0200
+@@ -1906,9 +1906,9 @@
+       $(LTLIBINTL) \
+       $(NULL)
+ 
+ libp11_kit_la_CFLAGS = $(COMMON_CFLAGS)
+-libp11_kit_la_LDFLAGS = -no-undefined -version-info \
++libp11_kit_la_LDFLAGS = -Wl,-z -Wl,nodelete -no-undefined -version-info \
+       $(P11KIT_LT_RELEASE) $(am__append_3) $(am__append_4)
+ libp11_kit_la_SOURCES = \
+       p11-kit/proxy.c p11-kit/proxy.h p11-kit/proxy-init.c \
+       p11-kit/rpc-server.c \
+@@ -1971,9 +1971,9 @@
+ 
  @OS_WIN32_FALSE@p11_kit_client_la_LIBADD = $(libp11_kit_la_LIBADD)
  pkgconfigdir = $(libdir)/pkgconfig
  pkgconfig_DATA = p11-kit/p11-kit-1.pc
@@ -14,7 +28,9 @@
  example_DATA = p11-kit/pkcs11.conf.example
  p11_kit_p11_kit_SOURCES = \
        p11-kit/lists.c \
-@@ -5494,7 +5494,7 @@ p11-kit/pin.gnu.c: p11-kit/pin.h
+       p11-kit/p11-kit.c \
+@@ -6258,9 +6258,9 @@
+ # Proxy module is actually same as library, so install a link
  @OS_WIN32_FALSE@install-exec-hook:
  @OS_WIN32_FALSE@      for i in so dylib; do \
  @OS_WIN32_FALSE@              test -f $(DESTDIR)$(libdir)/libp11-kit.$$i && \
@@ -23,3 +39,4 @@
  @OS_WIN32_FALSE@      done
  @OS_WIN32_FALSE@      $(MKDIR_P) $(DESTDIR)$(p11_package_config_modules)
  
+ @OS_WIN32_FALSE@uninstall-local:
diff -r 63fefd66fc6d -r b94ae0f6048a security/p11-kit/patches/patch-p11-kit_Makefile.am
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/p11-kit/patches/patch-p11-kit_Makefile.am        Thu Aug 19 12:56:22 2021 +0000
@@ -0,0 +1,17 @@
+$NetBSD: patch-p11-kit_Makefile.am,v 1.1 2021/08/19 12:56:22 manu Exp $
+
+Since libp11-kit installs pthread_atfork() callback, make sure
+it cannot be unloaded. 
+
+--- p11-kit/Makefile.am.orig   2021-08-17 10:42:09.913595860 +0200
++++ p11-kit/Makefile.am        2021-08-17 10:42:27.522236458 +0200
+@@ -86,8 +86,9 @@
+ 
+ libp11_kit_la_CFLAGS = $(COMMON_CFLAGS)
+ 
+ libp11_kit_la_LDFLAGS = \
++      -Wl,-z -Wl,nodelete \
+       -no-undefined \
+       -version-info $(P11KIT_LT_RELEASE)
+ 
+ if HAVE_LD_VERSION_SCRIPT