1 |
commit: b4f43b6837d616fef3678a80562b0d483d0ce7cb |
2 |
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Sep 8 18:23:16 2021 +0000 |
4 |
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Sep 8 18:29:25 2021 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b4f43b68 |
7 |
|
8 |
sys-apps/systemd: backport FIDO2 fix |
9 |
|
10 |
Closes: https://bugs.gentoo.org/811864 |
11 |
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org> |
12 |
|
13 |
sys-apps/systemd/files/249-fido2.patch | 58 ++++++++++++++++++++++ |
14 |
...emd-249.4-r1.ebuild => systemd-249.4-r2.ebuild} | 1 + |
15 |
2 files changed, 59 insertions(+) |
16 |
|
17 |
diff --git a/sys-apps/systemd/files/249-fido2.patch b/sys-apps/systemd/files/249-fido2.patch |
18 |
new file mode 100644 |
19 |
index 00000000000..bbfa4afb540 |
20 |
--- /dev/null |
21 |
+++ b/sys-apps/systemd/files/249-fido2.patch |
22 |
@@ -0,0 +1,58 @@ |
23 |
+From b6aa89b0a399992c8ea762e6ec4f30cff90618f2 Mon Sep 17 00:00:00 2001 |
24 |
+From: pedro martelletto <pedro@××××××.com> |
25 |
+Date: Wed, 8 Sep 2021 10:42:56 +0200 |
26 |
+Subject: [PATCH] explicitly close FIDO2 devices |
27 |
+ |
28 |
+FIDO2 device access is serialised by libfido2 using flock(). |
29 |
+Therefore, make sure to close a FIDO2 device once we are done |
30 |
+with it, or we risk opening it again at a later point and |
31 |
+deadlocking. Fixes #20664. |
32 |
+--- |
33 |
+ src/shared/libfido2-util.c | 2 ++ |
34 |
+ src/shared/libfido2-util.h | 5 ++++- |
35 |
+ 2 files changed, 6 insertions(+), 1 deletion(-) |
36 |
+ |
37 |
+diff --git a/src/shared/libfido2-util.c b/src/shared/libfido2-util.c |
38 |
+index 12c644dcfcce..6d18178b68c9 100644 |
39 |
+--- a/src/shared/libfido2-util.c |
40 |
++++ b/src/shared/libfido2-util.c |
41 |
+@@ -58,6 +58,7 @@ bool (*sym_fido_dev_is_fido2)(const fido_dev_t *) = NULL; |
42 |
+ int (*sym_fido_dev_make_cred)(fido_dev_t *, fido_cred_t *, const char *) = NULL; |
43 |
+ fido_dev_t* (*sym_fido_dev_new)(void) = NULL; |
44 |
+ int (*sym_fido_dev_open)(fido_dev_t *, const char *) = NULL; |
45 |
++int (*sym_fido_dev_close)(fido_dev_t *) = NULL; |
46 |
+ const char* (*sym_fido_strerr)(int) = NULL; |
47 |
+ |
48 |
+ int dlopen_libfido2(void) { |
49 |
+@@ -106,6 +107,7 @@ int dlopen_libfido2(void) { |
50 |
+ DLSYM_ARG(fido_dev_make_cred), |
51 |
+ DLSYM_ARG(fido_dev_new), |
52 |
+ DLSYM_ARG(fido_dev_open), |
53 |
++ DLSYM_ARG(fido_dev_close), |
54 |
+ DLSYM_ARG(fido_strerr)); |
55 |
+ } |
56 |
+ |
57 |
+diff --git a/src/shared/libfido2-util.h b/src/shared/libfido2-util.h |
58 |
+index 5640cca5e39b..4ebf8ab77509 100644 |
59 |
+--- a/src/shared/libfido2-util.h |
60 |
++++ b/src/shared/libfido2-util.h |
61 |
+@@ -60,6 +60,7 @@ extern bool (*sym_fido_dev_is_fido2)(const fido_dev_t *); |
62 |
+ extern int (*sym_fido_dev_make_cred)(fido_dev_t *, fido_cred_t *, const char *); |
63 |
+ extern fido_dev_t* (*sym_fido_dev_new)(void); |
64 |
+ extern int (*sym_fido_dev_open)(fido_dev_t *, const char *); |
65 |
++extern int (*sym_fido_dev_close)(fido_dev_t *); |
66 |
+ extern const char* (*sym_fido_strerr)(int); |
67 |
+ |
68 |
+ int dlopen_libfido2(void); |
69 |
+@@ -75,8 +76,10 @@ static inline void fido_assert_free_wrapper(fido_assert_t **p) { |
70 |
+ } |
71 |
+ |
72 |
+ static inline void fido_dev_free_wrapper(fido_dev_t **p) { |
73 |
+- if (*p) |
74 |
++ if (*p) { |
75 |
++ sym_fido_dev_close(*p); |
76 |
+ sym_fido_dev_free(p); |
77 |
++ } |
78 |
+ } |
79 |
+ |
80 |
+ static inline void fido_cred_free_wrapper(fido_cred_t **p) { |
81 |
|
82 |
diff --git a/sys-apps/systemd/systemd-249.4-r1.ebuild b/sys-apps/systemd/systemd-249.4-r2.ebuild |
83 |
similarity index 99% |
84 |
rename from sys-apps/systemd/systemd-249.4-r1.ebuild |
85 |
rename to sys-apps/systemd/systemd-249.4-r2.ebuild |
86 |
index 6c7937f4e0e..95d20177016 100644 |
87 |
--- a/sys-apps/systemd/systemd-249.4-r1.ebuild |
88 |
+++ b/sys-apps/systemd/systemd-249.4-r2.ebuild |
89 |
@@ -226,6 +226,7 @@ src_prepare() { |
90 |
# Add local patches here |
91 |
PATCHES+=( |
92 |
"${FILESDIR}/249-libudev-static.patch" |
93 |
+ "${FILESDIR}/249-fido2.patch" |
94 |
) |
95 |
|
96 |
if ! use vanilla; then |