Fix for security/opensc regression

When security/opensc was updated to 0.23.0, it gained a --enable-notify configure flag. The feature adds a libopensc dependency on libglib, which in turns brings libpthread into the game. When using the opensc-pkcs11.so module with a non threaded program such as ssh(1), libopensc will load some thread-enabled glib function that attemps to initialize pthread stuff. That would require libpthread to be linked in, and if it is not the case, module load aborts. Here is the crash in action: Program received signal SIGABRT, Aborted. 0x000072403899c46a in _lwp_kill () from /lib/libc.so.12 (gdb) bt #0 0x000072403899c46a in _lwp_kill () from /lib/libc.so.12 #1 0x0000724038849223 in __libc_thr_create_stub () from /lib/libc.so.12 #2 0x0000724036a9c3ee in ?? () #3 0x0000000000000000 in ?? () This change turns the notify feature into a disabled by default option so that opensc-pkcs11.so can work agan with ssh(1).
TritonDataCenter · Aug 14, 2023 · c74dc17 · c74dc17
1 parent 38911b0
commit c74dc17
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 7 deletions.
diff --git a/security/opensc/Makefile b/security/opensc/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.40 2023/06/06 12:42:14 riastradh Exp $
+# $NetBSD: Makefile,v 1.41 2023/08/14 16:08:32 manu Exp $
 
 DISTNAME=	opensc-0.23.0
-PKGREVISION=	1
+PKGREVISION=	2
 CATEGORIES=	security
 MASTER_SITES=	${MASTER_SITE_GITHUB:=OpenSC/}
 
@@ -20,7 +20,6 @@ GNU_CONFIGURE=		yes
 CONFIGURE_ARGS+=	--disable-autostart-items
 CONFIGURE_ARGS+=	--disable-cmocka
 CONFIGURE_ARGS+=	--disable-strict  # avoid -Werror
-CONFIGURE_ARGS+=	--enable-notify
 CONFIGURE_ARGS+=	--sysconfdir=${PKG_SYSCONFDIR}
 # The stylesheets are not found without this.
 CONFIGURE_ARGS+=	--with-xsl-stylesheetsdir=${PREFIX}/share/xsl/docbook
@@ -37,7 +36,6 @@ INSTALLATION_DIRS=	${EGDIR}
 post-install:
 	${INSTALL_DATA} ${WRKSRC}/etc/opensc.conf.example ${DESTDIR}${EGDIR}/opensc.conf
 
-.include "../../devel/glib2/buildlink3.mk"
 .include "../../devel/zlib/buildlink3.mk"
 .include "../../security/openssl/buildlink3.mk"
 # build tools for doc; should be TOOLS

diff --git a/security/opensc/PLIST b/security/opensc/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.14 2023/02/21 17:23:07 adam Exp $
+@comment $NetBSD: PLIST,v 1.15 2023/08/14 16:08:32 manu Exp $
 bin/cardos-tool
 bin/cryptoflex-tool
 bin/dnie-tool
@@ -11,7 +11,7 @@ bin/netkey-tool
 bin/openpgp-tool
 bin/opensc-asn1
 bin/opensc-explorer
-bin/opensc-notify
+${NOTIFY}bin/opensc-notify
 bin/opensc-tool
 bin/piv-tool
 bin/pkcs11-register

diff --git a/security/opensc/options.mk b/security/opensc/options.mk
@@ -1,11 +1,16 @@
-# $NetBSD: options.mk,v 1.6 2023/02/21 17:23:07 adam Exp $
+# $NetBSD: options.mk,v 1.7 2023/08/14 16:08:32 manu Exp $
 
 PKG_OPTIONS_VAR=	PKG_OPTIONS.opensc
 
 # Arguably these should be selectable individually, but upstream requires
 # that exactly one be chosen.
 PKG_OPTIONS_REQUIRED_GROUPS=	cardreader
 PKG_OPTIONS_GROUP.cardreader=	pcsc-lite openct
+
+# The notify option will cause programs not linked with libpthread
+# to abort when loading the opensc-pkcs11.so module. The most notable
+# example of such a program is ssh(1).
+PKG_SUPPORTED_OPTIONS=		notify
 PKG_SUGGESTED_OPTIONS=		pcsc-lite
 
 .include "../../mk/bsd.options.mk"
@@ -38,3 +43,12 @@ CONFIGURE_ARGS+=	--enable-openct
 .else
 CONFIGURE_ARGS+=	--disable-openct
 .endif
+
+.if !empty(PKG_OPTIONS:Mnotify)
+.include "../../devel/glib2/buildlink3.mk"
+CONFIGURE_ARGS+=	--enable-notify
+PLIST_SUBST+=		NOTIFY=""
+.else
+CONFIGURE_ARGS+=	--disable-notify
+PLIST_SUBST+=		NOTIFY="@comment "
+.endif