Sat Feb 10 03:10:53 2024 UTC (106d)

security/libfido2: Fix NetBSD build, PR pkg/57919.

Patching away -Werror may be reasonable in general, but in this case
it breaks libfido2's detection of whether ioctl takes int or unsigned
long on NetBSD -- without -Werror, it wrongly concludes int, and
proceeds to build a libfido2 that casts every ioctl command to int
first, which leads to sign extension, which leads to the wrong ioctls
being passed into the kernel, which leads libfido2 to fail in any
attempts to open fido devices on NetBSD.


(riastradh)

diff -r1.13 -r1.14 pkgsrc/security/libfido2/Makefile
diff -r1.10 -r1.11 pkgsrc/security/libfido2/distinfo
diff -r1.1 -r1.2 pkgsrc/security/libfido2/patches/patch-CMakeLists.txt

--- pkgsrc/security/libfido2/Makefile 2023/12/07 12:35:46 1.13
+++ pkgsrc/security/libfido2/Makefile 2024/02/10 03:10:53 1.14

 @@ -1,16 +1,17 @@
-# $NetBSD: Makefile,v 1.13 2023/12/07 12:35:46 adam Exp $
+# $NetBSD: Makefile,v 1.14 2024/02/10 03:10:53 riastradh Exp $
 DISTNAME=	libfido2-1.14.0
 PKGREVISION=	1
 CATEGORIES=	security devel
 MASTER_SITES=	https://developers.yubico.com/libfido2/Releases/
 MAINTAINER=	pkgsrc-users@NetBSD.org
 HOMEPAGE=	https://developers.yubico.com/libfido2/
 COMMENT=	U2F/FIDO/FIDO2 library and tools
 LICENSE=	2-clause-bsd
 # libfido2 has src/hid-foo.c for a variety of platforms, and the rest
 # are unimplemented.  Upstream has an option not to use hid, but USB
 # fido2 keys are the typical approach and thus far the package does
 # not support that option.
 BROKEN_EXCEPT_ON_PLATFORM+=	Darwin-*-*

--- pkgsrc/security/libfido2/distinfo 2023/12/07 12:35:46 1.10
+++ pkgsrc/security/libfido2/distinfo 2024/02/10 03:10:53 1.11

 @@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.10 2023/12/07 12:35:46 adam Exp $
+$NetBSD: distinfo,v 1.11 2024/02/10 03:10:53 riastradh Exp $
 BLAKE2s (libfido2-1.14.0.tar.gz) = 805620349129b744d12a5103399ea70c1832b49c66a1c82b4ef89d2da9d857a3
 SHA512 (libfido2-1.14.0.tar.gz) = 83454b0db0cc8546f377d0dd59f95785fe6b73cf28e499a6182a6ece4b7bce17c3e750155262adf71f339ec0b3b6c3d3d64a07b01c8428b4b91de97ae768f0e6
 Size (libfido2-1.14.0.tar.gz) = 660289 bytes
-SHA1 (patch-CMakeLists.txt) = 7b1f8653d6d6cdd542e866754fd6eaf556277ab3
+SHA1 (patch-CMakeLists.txt) = b3bbd4ecb0cc4eac5d4b43cab2176418e1b3df03

--- pkgsrc/security/libfido2/patches/patch-CMakeLists.txt 2023/09/01 09:56:56 1.1
+++ pkgsrc/security/libfido2/patches/patch-CMakeLists.txt 2024/02/10 03:10:53 1.2

 @@ -1,37 +1,28 @@
-$NetBSD: patch-CMakeLists.txt,v 1.1 2023/09/01 09:56:56 nia Exp $
+$NetBSD: patch-CMakeLists.txt,v 1.2 2024/02/10 03:10:53 riastradh Exp $
 Remove overzealous compiler options and let pkgsrc define the
 stack protection to use.
 --- CMakeLists.txt.orig	2023-02-20 08:21:28.000000000 +0000
 +++ CMakeLists.txt
 @@ -90,7 +90,6 @@ if(NOT MSVC)
  endif()
  check_c_compiler_flag("-Wshorten-64-to-32" HAVE_SHORTEN_64_TO_32)
 -check_c_compiler_flag("-Werror -fstack-protector-all" HAVE_STACK_PROTECTOR_ALL)
  check_include_files(cbor.h HAVE_CBOR_H)
  check_include_files(endian.h HAVE_ENDIAN_H)
@@ -123,7 +122,7 @@ set(CMAKE_TRY_COMPILE_TARGET_TYPE STATIC
  try_compile(HAVE_POSIX_IOCTL
      "${CMAKE_CURRENT_BINARY_DIR}/posix_ioctl_check.o"
      "${CMAKE_CURRENT_SOURCE_DIR}/openbsd-compat/posix_ioctl_check.c"
 -    COMPILE_DEFINITIONS "-Werror -Woverflow -Wsign-conversion")
 +    COMPILE_DEFINITIONS "-Woverflow -Wsign-conversion")
  list(APPEND CHECK_VARIABLES
  	HAVE_ARC4RANDOM_BUF
 @@ -295,7 +294,6 @@ else()
  	add_compile_options(-Wall)
  	add_compile_options(-Wextra)
 -	add_compile_options(-Werror)
  	add_compile_options(-Wshadow)
  	add_compile_options(-Wcast-qual)
  	add_compile_options(-Wwrite-strings)
 @@ -316,10 +314,6 @@ else()
  		add_compile_options(-Wshorten-64-to-32)
  	endif()
 -	if(HAVE_STACK_PROTECTOR_ALL)