diff options
| -rw-r--r-- | app-crypt/p11-kit/files/p11-kit-0.25.1-fix-tty-comparison.patch | 22 | ||||
| -rw-r--r-- | app-crypt/p11-kit/p11-kit-0.25.1-r1.ebuild (renamed from app-crypt/p11-kit/p11-kit-0.25.1.ebuild) | 16 |
2 files changed, 37 insertions, 1 deletions
diff --git a/app-crypt/p11-kit/files/p11-kit-0.25.1-fix-tty-comparison.patch b/app-crypt/p11-kit/files/p11-kit-0.25.1-fix-tty-comparison.patch new file mode 100644 index 000000000000..b97a71396e26 --- /dev/null +++ b/app-crypt/p11-kit/files/p11-kit-0.25.1-fix-tty-comparison.patch @@ -0,0 +1,22 @@ +https://github.com/p11-glue/p11-kit/commit/cdc4720d29466e717aa694a85a7aee86ebb94172 + +From cdc4720d29466e717aa694a85a7aee86ebb94172 Mon Sep 17 00:00:00 2001 +From: Erdem Meydanli <meydanli@amazon.com> +Date: Thu, 26 Oct 2023 15:18:24 +0000 +Subject: [PATCH] fix: improper comparison + +Compare the return value of the readpassphrase function to NULL. + +Signed-off-by: Erdem Meydanli <meydanli@amazon.com> +--- a/p11-kit/tty.c ++++ b/p11-kit/tty.c +@@ -66,7 +66,7 @@ p11_pin_tty_callback (const char *pin_source, + if (asprintf (&prompt, "%s: ", pin_description) < 0) + return NULL; + +- if (readpassphrase (prompt, buf, sizeof(buf), 0) < 0) ++ if (readpassphrase (prompt, buf, sizeof(buf), 0) == NULL) + goto cleanup; + + pin = p11_kit_pin_new_for_string (buf); + diff --git a/app-crypt/p11-kit/p11-kit-0.25.1.ebuild b/app-crypt/p11-kit/p11-kit-0.25.1-r1.ebuild index be3e638e329e..ed2b437d4844 100644 --- a/app-crypt/p11-kit/p11-kit-0.25.1.ebuild +++ b/app-crypt/p11-kit/p11-kit-0.25.1-r1.ebuild @@ -26,12 +26,15 @@ DEPEND="${RDEPEND}" BDEPEND=" ${PYTHON_DEPS} app-text/docbook-xsl-stylesheets - dev-libs/castxml virtual/pkgconfig gtk-doc? ( dev-util/gtk-doc ) nls? ( sys-devel/gettext ) " +PATCHES=( + "${FILESDIR}"/${P}-fix-tty-comparison.patch +) + src_prepare() { default @@ -46,7 +49,18 @@ multilib_src_configure() { # Disable unsafe tests, bug#502088 export FAKED_MODE=1 + local native_file="${T}"/meson.${CHOST}.${ABI}.ini.local + + # p11-kit doesn't need this to build and castxml needs Clang. To get + # a deterministic non-automagic build, always disable the search for + # castxml. + cat >> ${native_file} <<-EOF || die + [binaries] + castxml='castxml-falseified' + EOF + local emesonargs=( + --native-file "${native_file}" -Dbashcompdir="$(get_bashcompdir)" -Dtrust_module=enabled -Dtrust_paths="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt |