security/libfido2: Fix NetBSD build, PR pkg/57919. Patching away -Werror may be reasonable in general, but in this case it breaks libfido2's detection of whether ioctl takes int or unsigned long on NetBSD -- without -Werror, it wrongly concludes int, and proceeds to build a libfido2 that casts every ioctl command to int first, which leads to sign extension, which leads to the wrong ioctls being passed into the kernel, which leads libfido2 to fail in any attempts to open fido devices on NetBSD.diff -r1.13 -r1.14 pkgsrc/security/libfido2/Makefile
(riastradh)
@@ -1,16 +1,17 @@ | @@ -1,16 +1,17 @@ | |||
1 | # $NetBSD: Makefile,v 1.13 2023/12/07 12:35:46 adam Exp $ | 1 | # $NetBSD: Makefile,v 1.14 2024/02/10 03:10:53 riastradh Exp $ | |
2 | 2 | |||
3 | DISTNAME= libfido2-1.14.0 | 3 | DISTNAME= libfido2-1.14.0 | |
4 | PKGREVISION= 1 | |||
4 | CATEGORIES= security devel | 5 | CATEGORIES= security devel | |
5 | MASTER_SITES= https://developers.yubico.com/libfido2/Releases/ | 6 | MASTER_SITES= https://developers.yubico.com/libfido2/Releases/ | |
6 | 7 | |||
7 | MAINTAINER= pkgsrc-users@NetBSD.org | 8 | MAINTAINER= pkgsrc-users@NetBSD.org | |
8 | HOMEPAGE= https://developers.yubico.com/libfido2/ | 9 | HOMEPAGE= https://developers.yubico.com/libfido2/ | |
9 | COMMENT= U2F/FIDO/FIDO2 library and tools | 10 | COMMENT= U2F/FIDO/FIDO2 library and tools | |
10 | LICENSE= 2-clause-bsd | 11 | LICENSE= 2-clause-bsd | |
11 | 12 | |||
12 | # libfido2 has src/hid-foo.c for a variety of platforms, and the rest | 13 | # libfido2 has src/hid-foo.c for a variety of platforms, and the rest | |
13 | # are unimplemented. Upstream has an option not to use hid, but USB | 14 | # are unimplemented. Upstream has an option not to use hid, but USB | |
14 | # fido2 keys are the typical approach and thus far the package does | 15 | # fido2 keys are the typical approach and thus far the package does | |
15 | # not support that option. | 16 | # not support that option. | |
16 | BROKEN_EXCEPT_ON_PLATFORM+= Darwin-*-* | 17 | BROKEN_EXCEPT_ON_PLATFORM+= Darwin-*-* |
@@ -1,6 +1,6 @@ | @@ -1,6 +1,6 @@ | |||
1 | $NetBSD: distinfo,v 1.10 2023/12/07 12:35:46 adam Exp $ | 1 | $NetBSD: distinfo,v 1.11 2024/02/10 03:10:53 riastradh Exp $ | |
2 | 2 | |||
3 | BLAKE2s (libfido2-1.14.0.tar.gz) = 805620349129b744d12a5103399ea70c1832b49c66a1c82b4ef89d2da9d857a3 | 3 | BLAKE2s (libfido2-1.14.0.tar.gz) = 805620349129b744d12a5103399ea70c1832b49c66a1c82b4ef89d2da9d857a3 | |
4 | SHA512 (libfido2-1.14.0.tar.gz) = 83454b0db0cc8546f377d0dd59f95785fe6b73cf28e499a6182a6ece4b7bce17c3e750155262adf71f339ec0b3b6c3d3d64a07b01c8428b4b91de97ae768f0e6 | 4 | SHA512 (libfido2-1.14.0.tar.gz) = 83454b0db0cc8546f377d0dd59f95785fe6b73cf28e499a6182a6ece4b7bce17c3e750155262adf71f339ec0b3b6c3d3d64a07b01c8428b4b91de97ae768f0e6 | |
5 | Size (libfido2-1.14.0.tar.gz) = 660289 bytes | 5 | Size (libfido2-1.14.0.tar.gz) = 660289 bytes | |
6 | SHA1 (patch-CMakeLists.txt) = 7b1f8653d6d6cdd542e866754fd6eaf556277ab3 | 6 | SHA1 (patch-CMakeLists.txt) = b3bbd4ecb0cc4eac5d4b43cab2176418e1b3df03 |
@@ -1,37 +1,28 @@ | @@ -1,37 +1,28 @@ | |||
1 | $NetBSD: patch-CMakeLists.txt,v 1.1 2023/09/01 09:56:56 nia Exp $ | 1 | $NetBSD: patch-CMakeLists.txt,v 1.2 2024/02/10 03:10:53 riastradh Exp $ | |
2 | 2 | |||
3 | Remove overzealous compiler options and let pkgsrc define the | 3 | Remove overzealous compiler options and let pkgsrc define the | |
4 | stack protection to use. | 4 | stack protection to use. | |
5 | 5 | |||
6 | --- CMakeLists.txt.orig 2023-02-20 08:21:28.000000000 +0000 | 6 | --- CMakeLists.txt.orig 2023-02-20 08:21:28.000000000 +0000 | |
7 | +++ CMakeLists.txt | 7 | +++ CMakeLists.txt | |
8 | @@ -90,7 +90,6 @@ if(NOT MSVC) | 8 | @@ -90,7 +90,6 @@ if(NOT MSVC) | |
9 | endif() | 9 | endif() | |
10 | 10 | |||
11 | check_c_compiler_flag("-Wshorten-64-to-32" HAVE_SHORTEN_64_TO_32) | 11 | check_c_compiler_flag("-Wshorten-64-to-32" HAVE_SHORTEN_64_TO_32) | |
12 | -check_c_compiler_flag("-Werror -fstack-protector-all" HAVE_STACK_PROTECTOR_ALL) | 12 | -check_c_compiler_flag("-Werror -fstack-protector-all" HAVE_STACK_PROTECTOR_ALL) | |
13 | 13 | |||
14 | check_include_files(cbor.h HAVE_CBOR_H) | 14 | check_include_files(cbor.h HAVE_CBOR_H) | |
15 | check_include_files(endian.h HAVE_ENDIAN_H) | 15 | check_include_files(endian.h HAVE_ENDIAN_H) | |
16 | @@ -123,7 +122,7 @@ set(CMAKE_TRY_COMPILE_TARGET_TYPE STATIC | |||
17 | try_compile(HAVE_POSIX_IOCTL | |||
18 | "${CMAKE_CURRENT_BINARY_DIR}/posix_ioctl_check.o" | |||
19 | "${CMAKE_CURRENT_SOURCE_DIR}/openbsd-compat/posix_ioctl_check.c" | |||
20 | - COMPILE_DEFINITIONS "-Werror -Woverflow -Wsign-conversion") | |||
21 | + COMPILE_DEFINITIONS "-Woverflow -Wsign-conversion") | |||
22 | ||||
23 | list(APPEND CHECK_VARIABLES | |||
24 | HAVE_ARC4RANDOM_BUF | |||
25 | @@ -295,7 +294,6 @@ else() | 16 | @@ -295,7 +294,6 @@ else() | |
26 | 17 | |||
27 | add_compile_options(-Wall) | 18 | add_compile_options(-Wall) | |
28 | add_compile_options(-Wextra) | 19 | add_compile_options(-Wextra) | |
29 | - add_compile_options(-Werror) | 20 | - add_compile_options(-Werror) | |
30 | add_compile_options(-Wshadow) | 21 | add_compile_options(-Wshadow) | |
31 | add_compile_options(-Wcast-qual) | 22 | add_compile_options(-Wcast-qual) | |
32 | add_compile_options(-Wwrite-strings) | 23 | add_compile_options(-Wwrite-strings) | |
33 | @@ -316,10 +314,6 @@ else() | 24 | @@ -316,10 +314,6 @@ else() | |
34 | add_compile_options(-Wshorten-64-to-32) | 25 | add_compile_options(-Wshorten-64-to-32) | |
35 | endif() | 26 | endif() | |
36 | 27 | |||
37 | - if(HAVE_STACK_PROTECTOR_ALL) | 28 | - if(HAVE_STACK_PROTECTOR_ALL) |