diff options
| author |   Mike Gilbert <floppym@gentoo.org> | 2021-09-08 14:23:16 -0400 |
|---|---|---|
| committer | Mike Gilbert <floppym@gentoo.org> | 2021-09-08 14:29:25 -0400 |
| commit | b4f43b6837d616fef3678a80562b0d483d0ce7cb (patch) | |
| tree | eaa7e2451daad086d49b51b01920fb24b939682d /sys-apps | |
| parent | dev-libs/simdjson: Remove old (diff) | |
| download | gentoo-b4f43b6837d616fef3678a80562b0d483d0ce7cb.tar.gz gentoo-b4f43b6837d616fef3678a80562b0d483d0ce7cb.tar.bz2 gentoo-b4f43b6837d616fef3678a80562b0d483d0ce7cb.zip | |
sys-apps/systemd: backport FIDO2 fix
Closes: https://bugs.gentoo.org/811864
Signed-off-by: Mike Gilbert <floppym@gentoo.org>
Diffstat (limited to 'sys-apps')
| -rw-r--r-- | sys-apps/systemd/files/249-fido2.patch | 58 | ||||
| -rw-r--r-- | sys-apps/systemd/systemd-249.4-r2.ebuild (renamed from sys-apps/systemd/systemd-249.4-r1.ebuild) | 1 |
2 files changed, 59 insertions, 0 deletions
diff --git a/sys-apps/systemd/files/249-fido2.patch b/sys-apps/systemd/files/249-fido2.patch new file mode 100644 index 000000000000..bbfa4afb540e --- /dev/null +++ b/sys-apps/systemd/files/249-fido2.patch @@ -0,0 +1,58 @@ +From b6aa89b0a399992c8ea762e6ec4f30cff90618f2 Mon Sep 17 00:00:00 2001 +From: pedro martelletto <pedro@yubico.com> +Date: Wed, 8 Sep 2021 10:42:56 +0200 +Subject: [PATCH] explicitly close FIDO2 devices + +FIDO2 device access is serialised by libfido2 using flock(). +Therefore, make sure to close a FIDO2 device once we are done +with it, or we risk opening it again at a later point and +deadlocking. Fixes #20664. +--- + src/shared/libfido2-util.c | 2 ++ + src/shared/libfido2-util.h | 5 ++++- + 2 files changed, 6 insertions(+), 1 deletion(-) + +diff --git a/src/shared/libfido2-util.c b/src/shared/libfido2-util.c +index 12c644dcfcce..6d18178b68c9 100644 +--- a/src/shared/libfido2-util.c ++++ b/src/shared/libfido2-util.c +@@ -58,6 +58,7 @@ bool (*sym_fido_dev_is_fido2)(const fido_dev_t *) = NULL; + int (*sym_fido_dev_make_cred)(fido_dev_t *, fido_cred_t *, const char *) = NULL; + fido_dev_t* (*sym_fido_dev_new)(void) = NULL; + int (*sym_fido_dev_open)(fido_dev_t *, const char *) = NULL; ++int (*sym_fido_dev_close)(fido_dev_t *) = NULL; + const char* (*sym_fido_strerr)(int) = NULL; + + int dlopen_libfido2(void) { +@@ -106,6 +107,7 @@ int dlopen_libfido2(void) { + DLSYM_ARG(fido_dev_make_cred), + DLSYM_ARG(fido_dev_new), + DLSYM_ARG(fido_dev_open), ++ DLSYM_ARG(fido_dev_close), + DLSYM_ARG(fido_strerr)); + } + +diff --git a/src/shared/libfido2-util.h b/src/shared/libfido2-util.h +index 5640cca5e39b..4ebf8ab77509 100644 +--- a/src/shared/libfido2-util.h ++++ b/src/shared/libfido2-util.h +@@ -60,6 +60,7 @@ extern bool (*sym_fido_dev_is_fido2)(const fido_dev_t *); + extern int (*sym_fido_dev_make_cred)(fido_dev_t *, fido_cred_t *, const char *); + extern fido_dev_t* (*sym_fido_dev_new)(void); + extern int (*sym_fido_dev_open)(fido_dev_t *, const char *); ++extern int (*sym_fido_dev_close)(fido_dev_t *); + extern const char* (*sym_fido_strerr)(int); + + int dlopen_libfido2(void); +@@ -75,8 +76,10 @@ static inline void fido_assert_free_wrapper(fido_assert_t **p) { + } + + static inline void fido_dev_free_wrapper(fido_dev_t **p) { +- if (*p) ++ if (*p) { ++ sym_fido_dev_close(*p); + sym_fido_dev_free(p); ++ } + } + + static inline void fido_cred_free_wrapper(fido_cred_t **p) { diff --git a/sys-apps/systemd/systemd-249.4-r1.ebuild b/sys-apps/systemd/systemd-249.4-r2.ebuild index 6c7937f4e0ed..95d20177016a 100644 --- a/sys-apps/systemd/systemd-249.4-r1.ebuild +++ b/sys-apps/systemd/systemd-249.4-r2.ebuild @@ -226,6 +226,7 @@ src_prepare() { # Add local patches here PATCHES+=( "${FILESDIR}/249-libudev-static.patch" + "${FILESDIR}/249-fido2.patch" ) if ! use vanilla; then |