app-crypt/p11-kit: backport dlsym fix

Signed-off-by: Sam James <sam@gentoo.org>

2 files changed, 91 insertions, 0 deletions

diff --git a/app-crypt/p11-kit/files/p11-kit-0.25.0-fix-C_GetInterface.patch b/app-crypt/p11-kit/files/p11-kit-0.25.0-fix-C_GetInterface.patch
new file mode 100644
index 000000000000..b3b411c33bdc
--- /dev/null
+++ b/app-crypt/p11-kit/files/p11-kit-0.25.0-fix-C_GetInterface.patch
@@ -0,0 +1,39 @@
+https://github.com/p11-glue/p11-kit/commit/d1d4b0ac316a27c739ff91e6c4153f1154e96e5a
+
+From d1d4b0ac316a27c739ff91e6c4153f1154e96e5a Mon Sep 17 00:00:00 2001
+From: Xi Ruoyao <xry111@xry111.site>
+Date: Thu, 27 Jul 2023 12:18:15 +0800
+Subject: [PATCH] Fix probing of C_GetInterface
+
+`p11_dl_symbol (dl, "C_GetInterface")` uses dlsym() to find
+C_GetInterface in the loaded pkcs11 module.  For legacy (pre-3.0) pkcs11
+modules, C_GetInterface is not defined in the module.  But according to
+the documentation of dlsym():
+
+    The search performed by dlsym() is breadth first through the
+    dependency tree of these shared objects.
+
+So if a pkcs11 module links to libp11-kit.so, the C_GetInterface
+implementation in libp11-kit.so itself will be found.  This
+C_GetInterface will return the metadata of p11-kit-proxy.so, causing
+"Refuse to load the p11-kit-proxy.so as a registered module".
+
+To solve the issue, if p11_dl_symbol() returns the C_GetInterface in
+libp11-kit.so itself, we should ignore it and continue trying
+C_GetFunctionList.
+--- a/p11-kit/modules.c
++++ b/p11-kit/modules.c
+@@ -383,6 +383,12 @@ dlopen_and_get_function_list (Module *mod,
+ 	mod->loaded_module = dl;
+ 
+ 	gi = p11_dl_symbol (dl, "C_GetInterface");
++
++#ifndef OS_WIN32
++	if (gi == C_GetInterface)
++		gi = NULL;
++#endif
++
+ 	if (gi) {
+ 		/* Get the default standard interface */
+ 		rv = gi ((unsigned char *)"PKCS 11", NULL, &interface, 0);
+
diff --git a/app-crypt/p11-kit/p11-kit-0.25.0-r1.ebuild b/app-crypt/p11-kit/p11-kit-0.25.0-r1.ebuild
new file mode 100644
index 000000000000..b2c897076931
--- /dev/null
+++ b/app-crypt/p11-kit/p11-kit-0.25.0-r1.ebuild
@@ -0,0 +1,52 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit bash-completion-r1 meson-multilib
+
+DESCRIPTION="Provides a standard configuration setup for installing PKCS#11"
+HOMEPAGE="https://p11-glue.github.io/p11-glue/p11-kit.html"
+SRC_URI="https://github.com/p11-glue/p11-kit/releases/download/${PV}/${P}.tar.xz"
+
+LICENSE="MIT"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris"
+IUSE="+libffi gtk-doc nls systemd test"
+RESTRICT="!test? ( test )"
+
+RDEPEND="
+	app-misc/ca-certificates
+	>=dev-libs/libtasn1-3.4:=[${MULTILIB_USEDEP}]
+	libffi? ( dev-libs/libffi:=[${MULTILIB_USEDEP}] )
+	systemd? ( sys-apps/systemd:= )
+"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	virtual/pkgconfig
+	gtk-doc? ( dev-util/gtk-doc )
+	nls? ( sys-devel/gettext )
+"
+
+PATCHES=(
+	"${FILESDIR}"/${P}-fix-C_GetInterface.patch
+)
+
+multilib_src_configure() {
+	# Disable unsafe tests, bug#502088
+	export FAKED_MODE=1
+
+	local emesonargs=(
+		-Dbashcompdir="$(get_bashcompdir)"
+		-Dtrust_module=enabled
+		-Dtrust_paths="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt
+		$(meson_feature libffi)
+		$(meson_use nls)
+		$(meson_use test)
+		$(meson_native_use_bool gtk-doc gtk_doc)
+		$(meson_native_true man)
+		$(meson_native_use_feature systemd)
+	)
+
+	meson_src_configure
+}