From cf9132fe283a7a3ee3c2c636d1dc3f77747044bb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C4=90o=C3=A0n=20Tr=E1=BA=A7n=20C=C3=B4ng=20Danh?=
 <congdanhqx@gmail.com>
Date: Thu, 5 Jan 2023 21:40:18 +0700
Subject: [PATCH] yubico-piv-tool: update to 2.3.0.

---
 common/shlibs                                 |  4 +-
 .../patches/use-after-free.patch              | 96 +++++++++++++++++++
 srcpkgs/yubico-piv-tool/template              | 20 +---
 3 files changed, 103 insertions(+), 17 deletions(-)
 create mode 100644 srcpkgs/yubico-piv-tool/patches/use-after-free.patch

diff --git a/common/shlibs b/common/shlibs
index 52a6d3e6d5f..942ec350f2c 100644
--- a/common/shlibs
+++ b/common/shlibs
@@ -3194,8 +3194,8 @@ libr_fs.so.5.7.8 radare2-5.7.8_1
 libr_magic.so.5.7.8 radare2-5.7.8_1
 libr_reg.so.5.7.8 radare2-5.7.8_1
 libr_main.so.5.7.8 radare2-5.7.8_1
-libykpiv.so.1 libykpiv-2.1.1_2
-libykcs11.so.1 libykcs11-2.1.1_2
+libykpiv.so.2 libykpiv-2.3.0_1
+libykcs11.so.2 libykcs11-2.3.0_1
 libKF5KExiv2.so.15.0.0 libkexiv25-17.04.3_1
 libqmobipocket.so.2 libqmobipocket-17.04.3_1
 libgloox.so.18 gloox-1.0.24_1
diff --git a/srcpkgs/yubico-piv-tool/patches/use-after-free.patch b/srcpkgs/yubico-piv-tool/patches/use-after-free.patch
new file mode 100644
index 00000000000..9f3f0deded8
--- /dev/null
+++ b/srcpkgs/yubico-piv-tool/patches/use-after-free.patch
@@ -0,0 +1,96 @@
+From 855c0a410efe792d24039708612f1525a5e2b7cc Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Veronika=20Hanul=C3=ADkov=C3=A1?=
+ <61348757+xhanulik@users.noreply.github.com>
+Date: Thu, 3 Mar 2022 19:03:44 +0100
+Subject: [PATCH] Fix usage of pointer after free (#362)
+
+* Set uninitialized variables
+
+* Fix use after free
+
+Causes errors "may be used after 'free'", since
+`dec` is not allocated again after `free()`.
+Also, removed assigning of `sizeof(dec)`, because
+`dec` is not static array, but allocated.
+---
+ ykcs11/tests/ykcs11_tests_util.c | 14 ++++++++------
+ 1 file changed, 8 insertions(+), 6 deletions(-)
+
+diff --git a/ykcs11/tests/ykcs11_tests_util.c b/ykcs11/tests/ykcs11_tests_util.c
+index 77270bd3..530d9028 100644
+--- a/ykcs11/tests/ykcs11_tests_util.c
++++ b/ykcs11/tests/ykcs11_tests_util.c
+@@ -281,7 +281,7 @@ void test_digest_func(CK_FUNCTION_LIST_PTR funcs, CK_SESSION_HANDLE session, CK_
+   CK_BYTE     digest_update[128] = {0};
+   CK_ULONG    digest_update_len;
+   CK_BYTE     hdata[128] = {0};
+-  CK_ULONG    hdata_len;
++  CK_ULONG    hdata_len = 0;
+ 
+   CK_MECHANISM mech = {mech_type, NULL, 0};
+ 
+@@ -1015,7 +1015,7 @@ void test_rsa_sign_thorough(CK_FUNCTION_LIST_PTR funcs, CK_SESSION_HANDLE sessio
+   EVP_PKEY_CTX *ctx = NULL;
+ 
+   CK_BYTE     hdata[512] = {0};
+-  CK_ULONG    hdata_len;
++  CK_ULONG    hdata_len = 0;
+ 
+   CK_OBJECT_HANDLE obj_pubkey;
+   CK_MECHANISM mech = {mech_type, NULL, 0};
+@@ -1193,7 +1193,7 @@ void test_rsa_decrypt(CK_FUNCTION_LIST_PTR funcs, CK_SESSION_HANDLE session, CK_
+   CK_BYTE*  data;
+   CK_BYTE   enc[512] = {0};
+   CK_BYTE*  dec;
+-  CK_ULONG  dec_len;
++  CK_ULONG  dec_len, dec_len_backup;
+ 
+   if(padding == RSA_NO_PADDING) {
+     data_len = RSA_size(rsak);
+@@ -1228,12 +1228,14 @@ void test_rsa_decrypt(CK_FUNCTION_LIST_PTR funcs, CK_SESSION_HANDLE session, CK_
+       // Decrypt Update
+       asrt(funcs->C_DecryptInit(session, &mech, obj_pvtkey[i]), CKR_OK, "DECRYPT INIT");
+       asrt(funcs->C_Login(session, CKU_CONTEXT_SPECIFIC, (CK_CHAR_PTR)"123456", 6), CKR_OK, "Re-Login USER");
+-      dec_len = sizeof(dec);
++      dec = malloc(dec_len);
++      dec_len_backup = dec_len;
+       asrt(funcs->C_DecryptUpdate(session, enc, 100, dec, &dec_len), CKR_OK, "DECRYPT UPDATE");
+-      dec_len = sizeof(dec);
++      dec_len = dec_len_backup;
+       asrt(funcs->C_DecryptUpdate(session, enc+100, 8, dec, &dec_len), CKR_OK, "DECRYPT UPDATE");
+-      dec_len = sizeof(dec);
++      dec_len = dec_len_backup;
+       asrt(funcs->C_DecryptUpdate(session, enc+108, 20, dec, &dec_len), CKR_OK, "DECRYPT UPDATE");
++      free(dec);
+       dec_len = 0;
+       asrt(funcs->C_DecryptFinal(session, NULL, &dec_len), CKR_OK, "DECRYPT FINAL");
+       dec = malloc(dec_len);
+From 720afc81f5e034d2a8d3944e4f28463f808998a4 Mon Sep 17 00:00:00 2001
+From: Dan Fuhry <dan@fuhry.com>
+Date: Thu, 16 Jun 2022 15:09:30 -0400
+Subject: [PATCH] [ykcs11/tests] fix use-after-free warning in gcc 12
+
+gcc 12 includes a new `-Wuse-after-free` warning mode that detects use
+of variables after a call to `free()`. While the use of this variable is
+not in fact a use-after-free, it is more correct to not reuse the `dec`
+variable or explicitly set it to `NULL` after calling `free`.
+
+This is not a security bug.
+
+Signed-Off-By: Dan Fuhry <dan@fuhry.com>
+---
+ ykcs11/tests/ykcs11_tests_util.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/ykcs11/tests/ykcs11_tests_util.c b/ykcs11/tests/ykcs11_tests_util.c
+index f10c21cd..876d656c 100644
+--- a/ykcs11/tests/ykcs11_tests_util.c
++++ b/ykcs11/tests/ykcs11_tests_util.c
+@@ -1143,6 +1143,7 @@ void test_rsa_decrypt(CK_FUNCTION_LIST_PTR funcs, CK_SESSION_HANDLE session, CK_
+       asrt(dec_len, data_len, "DECRYPTED DATA LEN");
+       asrt(memcmp(data, dec, dec_len), 0, "DECRYPTED DATA");
+       free(dec);
++      dec = NULL;
+ 
+       // Decrypt Update
+       asrt(funcs->C_DecryptInit(session, &mech, obj_pvtkey[i]), CKR_OK, "DECRYPT INIT");
diff --git a/srcpkgs/yubico-piv-tool/template b/srcpkgs/yubico-piv-tool/template
index c660d62461a..432dba75003 100644
--- a/srcpkgs/yubico-piv-tool/template
+++ b/srcpkgs/yubico-piv-tool/template
@@ -5,31 +5,21 @@ _libykcs_name="libykcs11"
 _libykcs_desc="Yubikey PIV pkcs11 library"
 
 pkgname=yubico-piv-tool
-version=2.1.1
-revision=2
+version=2.3.0
+revision=1
 build_style=cmake
-hostmakedepends="automake libtool gengetopt pkg-config help2man perl"
+configure_args="-DGENERATE_MAN_PAGES=OFF"
+hostmakedepends="automake libtool gengetopt pkg-config perl"
 makedepends="openssl-devel check-devel pcsclite-devel"
 short_desc="Yubikey PIV management tool"
 maintainer="Aloz1 <kno0001@gmail.com>"
 license="BSD-2-Clause"
 homepage="https://developers.yubico.com/yubico-piv-tool"
 distfiles="https://developers.yubico.com/yubico-piv-tool/Releases/$pkgname-${version}.tar.gz"
-checksum=733aee13c22bb86a2d31f59c2f4c1f446f0bca2791f866de46bf71ddd7ebc1b3
+checksum=a02a12d9545d1ef7a1b998606d89b7b655a5f5a1437736cf51db083f876f55a9
 replaces="ykpivmgr>=0"
 provides="ykpivmgr-${version}_${revision}"
 
-if [ "$CROSS_BUILD" ]; then
-	hostmakedepends+=" yubico-piv-tool"
-	configure_args="-DHELP2MAN_LOCATION=/usr/bin/true"
-fi
-
-post_install() {
-	if [ "$CROSS_BUILD" ]; then
-		vman /usr/share/man/man1/yubico-piv-tool.1
-	fi
-}
-
 libykpiv_package() {
 	short_desc="${_libpiv_desc}"
 	pkg_install() {