migrate to cmake, do not build tests by default

Signed-off-by: Travis Glenn Hansen <travisghansen@yahoo.com>

3 files changed, 36 insertions, 5 deletions

diff --git a/.SRCINFO b/.SRCINFO
index 5a25773c9bcb..e359a89ae1d3 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,7 +1,7 @@
 pkgbase = yubico-piv-tool
 	pkgdesc = Tool to interact with the PIV applet on a YubiKey NEO
 	pkgver = 2.3.0
-	pkgrel = 2
+	pkgrel = 3
 	url = https://developers.yubico.com/yubico-piv-tool/
 	arch = aarch64
 	arch = armv7h
@@ -19,6 +19,7 @@ pkgbase = yubico-piv-tool
 	source = https://developers.yubico.com/yubico-piv-tool/Releases/yubico-piv-tool-2.3.0.tar.gz.sig
 	source = ykcs11-test-unassigned-var.patch
 	source = ykcs11-test-unassigned-var-2.patch
+	source = use-after-free.patch
 	validpgpkeys = 0A3B0262BCA1705307D5FF06BCA00FD4B2168C0A
 	validpgpkeys = 20EE325B86A81BCBD3E56798F04367096FBA95E8
 	validpgpkeys = B70D62AA6A31AD6B9E4F9F4BDC8888925D25CA7A
@@ -36,5 +37,6 @@ pkgbase = yubico-piv-tool
 	md5sums = SKIP
 	md5sums = 66f948d5e90ef34fbff35791a173d928
 	md5sums = 8af04f56db48101a7f446f654fc4af6e
+	md5sums = e87cdc1afccd21b9828ed0c75e673c74
 
 pkgname = yubico-piv-tool
diff --git a/PKGBUILD b/PKGBUILD
index 744c4c20cfad..79fdcabd986d 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -2,7 +2,7 @@
 
 pkgname=yubico-piv-tool
 pkgver=2.3.0
-pkgrel=2
+pkgrel=3
 pkgdesc="Tool to interact with the PIV applet on a YubiKey NEO"
 arch=('aarch64' 'armv7h' 'i686' 'x86_64')
 license=('GPL3')
@@ -14,11 +14,13 @@ source=(
  "https://developers.yubico.com/yubico-piv-tool/Releases/${pkgname}-${pkgver}.tar.gz.sig"
  "ykcs11-test-unassigned-var.patch"
  "ykcs11-test-unassigned-var-2.patch"
+ "use-after-free.patch"
 )
 md5sums=('b05ccce29454183f7f58dea00ef169e2'
          'SKIP'
          '66f948d5e90ef34fbff35791a173d928'
-         '8af04f56db48101a7f446f654fc4af6e')
+         '8af04f56db48101a7f446f654fc4af6e'
+         'e87cdc1afccd21b9828ed0c75e673c74')
 validpgpkeys=('0A3B0262BCA1705307D5FF06BCA00FD4B2168C0A'
               '20EE325B86A81BCBD3E56798F04367096FBA95E8'
               'B70D62AA6A31AD6B9E4F9F4BDC8888925D25CA7A'
@@ -38,16 +40,23 @@ prepare() {
   cd "${srcdir}/${pkgname}-${pkgver}"
   patch -Np1 -i "${srcdir}/ykcs11-test-unassigned-var.patch"
   patch -Np1 -i "${srcdir}/ykcs11-test-unassigned-var-2.patch"
+  patch -Np1 -i "${srcdir}/use-after-free.patch"
 }
 
 build() {
   cmake -B build -S "${pkgname}-${pkgver}" \
+      -DSKIP_TESTS='TRUE' \
       -DCMAKE_BUILD_TYPE='None' \
       -DCMAKE_INSTALL_PREFIX='/usr' \
       -Wno-dev
-  make -C build
+  cmake --build build
+}
+
+check() {
+  cd build
+  ctest --output-on-failure
 }
 
 package() {
-  DESTDIR="${pkgdir}" make install -C build
+  DESTDIR="${pkgdir}" cmake --install build
 }
diff --git a/use-after-free.patch b/use-after-free.patch
new file mode 100644
index 000000000000..936186dfd7c3
--- /dev/null
+++ b/use-after-free.patch
@@ -0,0 +1,20 @@
+diff -Naur yubico-piv-tool-2.3.0.org/ykcs11/tests/ykcs11_tests_util.c yubico-piv-tool-2.3.0/ykcs11/tests/ykcs11_tests_util.c
+--- yubico-piv-tool-2.3.0.org/ykcs11/tests/ykcs11_tests_util.c	2022-06-29 10:40:32.725836092 +0200
++++ yubico-piv-tool-2.3.0/ykcs11/tests/ykcs11_tests_util.c	2022-02-23 14:54:47.000000000 +0100
+@@ -1224,7 +1223,6 @@
+       asrt(funcs->C_Decrypt(session, enc, enc_len, dec, &dec_len), CKR_OK, "DECRYPT");
+       asrt(dec_len, data_len, "DECRYPTED DATA LEN");
+       asrt(memcmp(data, dec, dec_len), 0, "DECRYPTED DATA");
+-      free(dec);
+ 
+       // Decrypt Update
+       asrt(funcs->C_DecryptInit(session, &mech, obj_pvtkey[i]), CKR_OK, "DECRYPT INIT");
+@@ -1234,6 +1234,8 @@
+       asrt(funcs->C_DecryptUpdate(session, enc+100, 8, dec, &dec_len), CKR_OK, "DECRYPT UPDATE");
+       dec_len = sizeof(dec);
+       asrt(funcs->C_DecryptUpdate(session, enc+108, 20, dec, &dec_len), CKR_OK, "DECRYPT UPDATE");
++      free(dec);
++
+       dec_len = 0;
+       asrt(funcs->C_DecryptFinal(session, NULL, &dec_len), CKR_OK, "DECRYPT FINAL");
+       dec = malloc(dec_len);