From d3392e401b3e00855448300c757b103be6e219aa Mon Sep 17 00:00:00 2001
From: Andreas Metzler <ametzler@bebt.de>
Date: Sun, 17 Dec 2023 18:23:32 +0100
Subject: [PATCH 1/6] Disable __libc_enable_secure usage on Hurd

__libc_enable_secure is not set as 1 when executing something as sgid
and the differet gid is still part of the user's own groups. See also:
- http://lists.gnu.org/archive/html/bug-hurd/2015-06/msg00051.html
- http://lists.gnu.org/archive/html/bug-hurd/2015-07/msg00000.html

Originally contributed to Debian by Pino Toscano <toscano.pino@tiscali.it>

Signed-off-by: Andreas Metzler <ametzler@bebt.de>
---
 common/compat.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/common/compat.c b/common/compat.c
index 9ad741ff..332a5325 100644
--- a/common/compat.c
+++ b/common/compat.c
@@ -871,7 +871,7 @@ getauxval (unsigned long type)
 	assert (type == AT_SECURE);
 
 	if (!check_secure_initialized) {
-#if defined(HAVE___LIBC_ENABLE_SECURE)
+#if defined(HAVE___LIBC_ENABLE_SECURE) && !defined(__GNU__)
 		extern int __libc_enable_secure;
 		secure = __libc_enable_secure;
 

From 044faa1727b0751ad52b416eaf46946da87dc7e6 Mon Sep 17 00:00:00 2001
From: Andreas Metzler <ametzler@bebt.de>
Date: Sun, 17 Dec 2023 18:26:16 +0100
Subject: [PATCH 2/6] use libbsd-overlay on GNU/hurd and kfreebsd.

https://bugs.debian.org/995049

Signed-off-by: Andreas Metzler <ametzler@bebt.de>
---
 configure.ac | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/configure.ac b/configure.ac
index 01287282..8580af63 100644
--- a/configure.ac
+++ b/configure.ac
@@ -95,6 +95,15 @@ AM_CONDITIONAL(OS_WIN32, test "$os_win32" = "yes")
 
 AC_C_BIGENDIAN
 
+case "$host_os" in
+kfreebsd*-gnu | gnu*)
+	PKG_CHECK_MODULES([LIBBSD], [libbsd-overlay], [
+			   CFLAGS="$CFLAGS $LIBBSD_CFLAGS"
+			   LIBS="$LIBS $LIBBSD_LIBS"
+			   ], AC_MSG_WARN([libbsd-overlay not found but probably needed]))
+;;
+esac
+
 # ------------------------------------------------------------------------------
 # Checks for libraries and headers
 

From a1edc82aab067dac47574d339cf4a39e865df1c6 Mon Sep 17 00:00:00 2001
From: Andreas Metzler <ametzler@bebt.de>
Date: Tue, 26 Dec 2023 18:23:05 +0100
Subject: [PATCH 3/6] use libbsd-overlay on GNU/hurd and kfreebsd for meson
 build

https://bugs.debian.org/995049

Signed-off-by: Andreas Metzler <ametzler@bebt.de>
---
 common/meson.build |  2 +-
 meson.build        | 12 ++++++++++--
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/common/meson.build b/common/meson.build
index dc86d7ba..027f64aa 100644
--- a/common/meson.build
+++ b/common/meson.build
@@ -64,7 +64,7 @@ if host_system != 'windows'
   ]
 
   foreach f : rpl_functions
-    if not cc.has_function(f)
+    if not cc.has_function(f, dependencies: system_deps)
       libp11_tool_sources += '@0@.c'.format(f)
     endif
   endforeach
diff --git a/meson.build b/meson.build
index bf7c0a3d..afd51c8d 100644
--- a/meson.build
+++ b/meson.build
@@ -59,6 +59,14 @@ endif
 
 conf.set10('WITH_STRICT', get_option('strict'))
 
+system_deps = []
+
+if ['gnu', 'gnu/kfreebsd'].contains(host_system)
+  libbsd_overlay_dep = dependency('libbsd-overlay')
+  system_deps += libbsd_overlay_dep
+  add_project_dependencies(libbsd_overlay_dep, language: 'c')
+endif
+
 libintl_deps = []
 if get_option('nls') and cc.has_header('libintl.h')
   conf.set('ENABLE_NLS', 1)
@@ -180,7 +188,7 @@ if host_system != 'windows'
   ]
 
   foreach h : headers
-    if cc.has_header(h)
+    if cc.has_header(h, dependencies: system_deps)
       conf.set('HAVE_' + h.underscorify().to_upper(), 1)
     endif
   endforeach
@@ -203,7 +211,7 @@ if host_system != 'windows'
   ]
 
   foreach f : functions
-    if cc.has_function(f)
+    if cc.has_function(f, dependencies: system_deps)
       conf.set('HAVE_' + f.underscorify().to_upper(), 1)
     endif
   endforeach

From c10d0b5b83389c43bd1b7b19744dde44fe643006 Mon Sep 17 00:00:00 2001
From: Andreas Metzler <ametzler@bebt.de>
Date: Fri, 22 Dec 2023 18:29:58 +0100
Subject: [PATCH 4/6] Do not use getauxval() on !linux systems

See http://bugs.debian.org/718285

Signed-off-by: Andreas Metzler <ametzler@bebt.de>
---
 common/compat.c         |  4 ++--
 common/compat.h         |  3 ++-
 common/frob-getauxval.c |  2 +-
 common/path.c           |  2 +-
 configure.ac            | 12 +++++++++++-
 p11-kit/conf.c          |  2 +-
 p11-kit/frob-setuid.c   |  2 +-
 7 files changed, 19 insertions(+), 8 deletions(-)

diff --git a/common/compat.c b/common/compat.c
index 332a5325..f4a113eb 100644
--- a/common/compat.c
+++ b/common/compat.c
@@ -859,7 +859,7 @@ mkdtemp (char *template)
 #ifndef HAVE_GETAUXVAL
 
 unsigned long
-getauxval (unsigned long type)
+_p11_getauxval (unsigned long type)
 {
 	static unsigned long secure = 0UL;
 	static bool check_secure_initialized = false;
@@ -908,7 +908,7 @@ getauxval (unsigned long type)
 char *
 secure_getenv (const char *name)
 {
-	if (getauxval (AT_SECURE))
+	if (_p11_getauxval (AT_SECURE))
 		return NULL;
 	return getenv (name);
 }
diff --git a/common/compat.h b/common/compat.h
index 9ad14e46..20b050a2 100644
--- a/common/compat.h
+++ b/common/compat.h
@@ -353,10 +353,11 @@ time_t      timegm          (struct tm *tm);
 #ifdef HAVE_GETAUXVAL
 
 #include <sys/auxv.h>
+#define _p11_getauxval(X) getauxval(X)
 
 #else /* !HAVE_GETAUXVAL */
 
-unsigned long     getauxval (unsigned long type);
+unsigned long     _p11_getauxval (unsigned long type);
 
 #define AT_SECURE 23
 
diff --git a/common/frob-getauxval.c b/common/frob-getauxval.c
index 02745be9..e370fe2a 100644
--- a/common/frob-getauxval.c
+++ b/common/frob-getauxval.c
@@ -55,7 +55,7 @@ main (int argc,
 		abort ();
 	}
 
-	ret = getauxval (type);
+	ret = _p11_getauxval (type);
 	printf ("getauxval(%lu) == %lu\n", type, ret);
 	return (int)ret;
 }
diff --git a/common/path.c b/common/path.c
index d0d1893c..6afc7a07 100644
--- a/common/path.c
+++ b/common/path.c
@@ -114,7 +114,7 @@ expand_homedir (const char *remainder)
 {
 	const char *env;
 
-	if (getauxval (AT_SECURE)) {
+	if (_p11_getauxval (AT_SECURE)) {
 		errno = EPERM;
 		return NULL;
 	}
diff --git a/configure.ac b/configure.ac
index 8580af63..33f52713 100644
--- a/configure.ac
+++ b/configure.ac
@@ -84,6 +84,12 @@ case "$host" in
 		os_win32=yes
 		os_unix=no
 		;;
+	*-*-linux*)
+		AC_DEFINE_UNQUOTED(OS_UNIX, 1, [Building for unix])
+		os_win32=no
+		os_unix=yes
+		os_linux=yes
+		;;
 	*)
 		AC_DEFINE_UNQUOTED(OS_UNIX, 1, [Building for unix])
 		os_win32=no
@@ -144,7 +150,11 @@ if test "$os_unix" = "yes"; then
 	AC_CHECK_HEADERS([sys/resource.h sys/un.h ucred.h])
 	AC_CHECK_MEMBERS([struct dirent.d_type],,,[#include <dirent.h>])
 	AC_CHECK_FUNCS([getprogname getexecname basename mkstemp mkdtemp])
-	AC_CHECK_FUNCS([getauxval getresuid secure_getenv])
+	AC_CHECK_FUNCS([getresuid secure_getenv])
+	if test "$os_linux" = "yes"; then
+		# Use getauxval on Linux only.
+		AC_CHECK_FUNCS([getauxval])
+	fi
 	AC_CHECK_FUNCS([strnstr memdup strndup])
 	AC_CHECK_FUNCS([reallocarray])
 	AC_CHECK_DECLS([reallocarray], [], [], [[#include <stdlib.h>]])
diff --git a/p11-kit/conf.c b/p11-kit/conf.c
index ac9be8b4..549aa721 100644
--- a/p11-kit/conf.c
+++ b/p11-kit/conf.c
@@ -242,7 +242,7 @@ _p11_conf_load_globals (const char *system_conf, const char *user_conf,
 	}
 
 	if (mode != CONF_USER_NONE && !p11_conf_force_user_config) {
-		if (getauxval (AT_SECURE)) {
+		if (_p11_getauxval (AT_SECURE)) {
 			p11_debug ("skipping user config in setuid or setgid program");
 			mode = CONF_USER_NONE;
 #ifdef OS_UNIX
diff --git a/p11-kit/frob-setuid.c b/p11-kit/frob-setuid.c
index e546ece5..a75d921d 100644
--- a/p11-kit/frob-setuid.c
+++ b/p11-kit/frob-setuid.c
@@ -70,7 +70,7 @@ main (void)
 	printf ("'setting' on module 'one': %s\n", field ? field : "(null)");
 
 	assert (field != NULL);
-	if (getauxval (AT_SECURE))
+	if (_p11_getauxval (AT_SECURE))
 		assert (strcmp (field, "system1") == 0);
 	else
 		assert (strcmp (field, "user1") == 0);

From d768d753a06246816c3bf8356c6ce6378a0a46f3 Mon Sep 17 00:00:00 2001
From: Andreas Metzler <ametzler@bebt.de>
Date: Wed, 27 Dec 2023 07:34:35 +0100
Subject: [PATCH 5/6] Disable getauxval() on !linux systems for meson build,
 too

See http://bugs.debian.org/718285

Signed-off-by: Andreas Metzler <ametzler@bebt.de>
---
 meson.build | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/meson.build b/meson.build
index afd51c8d..b4abfa94 100644
--- a/meson.build
+++ b/meson.build
@@ -195,7 +195,6 @@ if host_system != 'windows'
 
   functions = [
     'fdwalk',
-    'getauxval',
     'getexecname',
     'getpeereid',
     'getpeerucred',
@@ -209,6 +208,11 @@ if host_system != 'windows'
     'secure_getenv',
     'strndup'
   ]
+  if ['linux'].contains(host_system)
+    functions += [
+      'getauxval'
+    ]
+  endif
 
   foreach f : functions
     if cc.has_function(f, dependencies: system_deps)

From fc4298f4a1b896f2248988bf6040a39c71657194 Mon Sep 17 00:00:00 2001
From: Andreas Metzler <ametzler@bebt.de>
Date: Sat, 23 Dec 2023 06:43:08 +0100
Subject: [PATCH 6/6] add missing check for strnstr() to meson build

Signed-off-by: Andreas Metzler <ametzler@bebt.de>
---
 meson.build | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/meson.build b/meson.build
index b4abfa94..7072765c 100644
--- a/meson.build
+++ b/meson.build
@@ -206,7 +206,8 @@ if host_system != 'windows'
     'mkstemp',
     'readpassphrase',
     'secure_getenv',
-    'strndup'
+    'strndup',
+    'strnstr'
   ]
   if ['linux'].contains(host_system)
     functions += [