[pkg-opensc-maint] Bug#907452: Raising severity

Hilko Bengen bengen at debian.org
Wed Feb 13 20:41:33 GMT 2019


control: severity -1 grave

This bug, along with various rounds of passive-aggressive
finger-pointing among the involved projects, has been around for a few
years now and it's getting more frustrating every time I look at it.

As I found out this week, it has only gotten worse from stretch to
buster:

For stretch (OpenVPN 2.4.0/pkcs11-helper 1.21-1), I was able to work
around any issues (#772812) by rebuilding OpenVPN without systemd
support so that no external program was spawned via a callback function
for reading a passphrase for the YubiKey I use. At some point, opensc
itself in stretch got broken by a botched "security" update (#910786),
but that's an unrelated issue and not relevant for buster.

For buster (OpenVPN 2.4.6/pkcs11-helper 1.25.1), this is not enough:
OpenVPN hangs when trying to call an external program (in our case:
"/sbin/ip link set dev $DEV up mtu $MTU").

On a more positive note, I'd really like to get this fixed for buster:

The only other relevant libpkcs11-helper1 reverse dependency seems to be
gnupg-pkcs11-scd. Would we break that if we built pkcs11-helper with
"--disable-threading" and "--disable-slotevent"?

Cheers,
-Hilko



More information about the pkg-opensc-maint mailing list