Date: Thursday, May 12, 2016 @ 14:37:34 Author: tpowa Revision: 267865
archrelease: copy trunk to extra-i686, extra-x86_64 Added: spice/repos/extra-i686/CVE-2013-4282.patch (from rev 267864, spice/trunk/CVE-2013-4282.patch) spice/repos/extra-i686/PKGBUILD (from rev 267864, spice/trunk/PKGBUILD) spice/repos/extra-x86_64/CVE-2013-4282.patch (from rev 267864, spice/trunk/CVE-2013-4282.patch) spice/repos/extra-x86_64/PKGBUILD (from rev 267864, spice/trunk/PKGBUILD) Deleted: spice/repos/extra-i686/CVE-2013-4282.patch spice/repos/extra-i686/PKGBUILD spice/repos/extra-x86_64/CVE-2013-4282.patch spice/repos/extra-x86_64/PKGBUILD ----------------------------------+ /CVE-2013-4282.patch | 208 +++++++++++++++++++++++++++++++++++++ /PKGBUILD | 52 +++++++++ extra-i686/CVE-2013-4282.patch | 104 ------------------ extra-i686/PKGBUILD | 26 ---- extra-x86_64/CVE-2013-4282.patch | 104 ------------------ extra-x86_64/PKGBUILD | 26 ---- 6 files changed, 260 insertions(+), 260 deletions(-) Deleted: extra-i686/CVE-2013-4282.patch =================================================================== --- extra-i686/CVE-2013-4282.patch 2016-05-12 12:37:22 UTC (rev 267864) +++ extra-i686/CVE-2013-4282.patch 2016-05-12 12:37:34 UTC (rev 267865) @@ -1,104 +0,0 @@ -From 8af619009660b24e0b41ad26b30289eea288fcc2 Mon Sep 17 00:00:00 2001 -From: Christophe Fergeau <cferg...@redhat.com> -Date: Fri, 23 Aug 2013 09:29:44 +0000 -Subject: Fix buffer overflow when decrypting client SPICE ticket - -reds_handle_ticket uses a fixed size 'password' buffer for the decrypted -password whose size is SPICE_MAX_PASSWORD_LENGTH. However, -RSA_private_decrypt which we call for the decryption expects the -destination buffer to be at least RSA_size(link->tiTicketing.rsa) -bytes long. On my spice-server build, SPICE_MAX_PASSWORD_LENGTH -is 60 while RSA_size() is 128, so we end up overflowing 'password' -when using long passwords (this was reproduced using the string: -'fullscreen=1proxy=#enter proxy here; e.g spice_proxy = http://[proxy]:[port]' -as a password). - -When the overflow occurs, QEMU dies with: -*** stack smashing detected ***: qemu-system-x86_64 terminated - -This commit ensures we use a corectly sized 'password' buffer, -and that it's correctly nul-terminated so that we can use strcmp -instead of strncmp. To keep using strncmp, we'd need to figure out -which one of 'password' and 'taTicket.password' is the smaller buffer, -and use that size. - -This fixes rhbz#999839 ---- -diff --git a/server/reds.c b/server/reds.c -index 892d247..2a0002b 100644 ---- a/server/reds.c -+++ b/server/reds.c -@@ -1926,39 +1926,59 @@ static void reds_handle_link(RedLinkInfo *link) - static void reds_handle_ticket(void *opaque) - { - RedLinkInfo *link = (RedLinkInfo *)opaque; -- char password[SPICE_MAX_PASSWORD_LENGTH]; -+ char *password; - time_t ltime; -+ int password_size; - - //todo: use monotonic time - time(<ime); -- RSA_private_decrypt(link->tiTicketing.rsa_size, -- link->tiTicketing.encrypted_ticket.encrypted_data, -- (unsigned char *)password, link->tiTicketing.rsa, RSA_PKCS1_OAEP_PADDING); -+ if (RSA_size(link->tiTicketing.rsa) < SPICE_MAX_PASSWORD_LENGTH) { -+ spice_warning("RSA modulus size is smaller than SPICE_MAX_PASSWORD_LENGTH (%d < %d), " -+ "SPICE ticket sent from client may be truncated", -+ RSA_size(link->tiTicketing.rsa), SPICE_MAX_PASSWORD_LENGTH); -+ } -+ -+ password = g_malloc0(RSA_size(link->tiTicketing.rsa) + 1); -+ password_size = RSA_private_decrypt(link->tiTicketing.rsa_size, -+ link->tiTicketing.encrypted_ticket.encrypted_data, -+ (unsigned char *)password, -+ link->tiTicketing.rsa, -+ RSA_PKCS1_OAEP_PADDING); -+ if (password_size == -1) { -+ spice_warning("failed to decrypt RSA encrypted password: %s", -+ ERR_error_string(ERR_get_error(), NULL)); -+ goto error; -+ } -+ password[password_size] = '\0'; - - if (ticketing_enabled && !link->skip_auth) { - int expired = taTicket.expiration_time < ltime; - - if (strlen(taTicket.password) == 0) { -- reds_send_link_result(link, SPICE_LINK_ERR_PERMISSION_DENIED); - spice_warning("Ticketing is enabled, but no password is set. " -- "please set a ticket first"); -- reds_link_free(link); -- return; -+ "please set a ticket first"); -+ goto error; - } - -- if (expired || strncmp(password, taTicket.password, SPICE_MAX_PASSWORD_LENGTH) != 0) { -+ if (expired || strcmp(password, taTicket.password) != 0) { - if (expired) { - spice_warning("Ticket has expired"); - } else { - spice_warning("Invalid password"); - } -- reds_send_link_result(link, SPICE_LINK_ERR_PERMISSION_DENIED); -- reds_link_free(link); -- return; -+ goto error; - } - } - - reds_handle_link(link); -+ goto end; -+ -+error: -+ reds_send_link_result(link, SPICE_LINK_ERR_PERMISSION_DENIED); -+ reds_link_free(link); -+ -+end: -+ g_free(password); - } - - static inline void async_read_clear_handlers(AsyncRead *obj) --- -cgit v0.9.0.2-2-gbebe Copied: spice/repos/extra-i686/CVE-2013-4282.patch (from rev 267864, spice/trunk/CVE-2013-4282.patch) =================================================================== --- extra-i686/CVE-2013-4282.patch (rev 0) +++ extra-i686/CVE-2013-4282.patch 2016-05-12 12:37:34 UTC (rev 267865) @@ -0,0 +1,104 @@ +From 8af619009660b24e0b41ad26b30289eea288fcc2 Mon Sep 17 00:00:00 2001 +From: Christophe Fergeau <cferg...@redhat.com> +Date: Fri, 23 Aug 2013 09:29:44 +0000 +Subject: Fix buffer overflow when decrypting client SPICE ticket + +reds_handle_ticket uses a fixed size 'password' buffer for the decrypted +password whose size is SPICE_MAX_PASSWORD_LENGTH. However, +RSA_private_decrypt which we call for the decryption expects the +destination buffer to be at least RSA_size(link->tiTicketing.rsa) +bytes long. On my spice-server build, SPICE_MAX_PASSWORD_LENGTH +is 60 while RSA_size() is 128, so we end up overflowing 'password' +when using long passwords (this was reproduced using the string: +'fullscreen=1proxy=#enter proxy here; e.g spice_proxy = http://[proxy]:[port]' +as a password). + +When the overflow occurs, QEMU dies with: +*** stack smashing detected ***: qemu-system-x86_64 terminated + +This commit ensures we use a corectly sized 'password' buffer, +and that it's correctly nul-terminated so that we can use strcmp +instead of strncmp. To keep using strncmp, we'd need to figure out +which one of 'password' and 'taTicket.password' is the smaller buffer, +and use that size. + +This fixes rhbz#999839 +--- +diff --git a/server/reds.c b/server/reds.c +index 892d247..2a0002b 100644 +--- a/server/reds.c ++++ b/server/reds.c +@@ -1926,39 +1926,59 @@ static void reds_handle_link(RedLinkInfo *link) + static void reds_handle_ticket(void *opaque) + { + RedLinkInfo *link = (RedLinkInfo *)opaque; +- char password[SPICE_MAX_PASSWORD_LENGTH]; ++ char *password; + time_t ltime; ++ int password_size; + + //todo: use monotonic time + time(<ime); +- RSA_private_decrypt(link->tiTicketing.rsa_size, +- link->tiTicketing.encrypted_ticket.encrypted_data, +- (unsigned char *)password, link->tiTicketing.rsa, RSA_PKCS1_OAEP_PADDING); ++ if (RSA_size(link->tiTicketing.rsa) < SPICE_MAX_PASSWORD_LENGTH) { ++ spice_warning("RSA modulus size is smaller than SPICE_MAX_PASSWORD_LENGTH (%d < %d), " ++ "SPICE ticket sent from client may be truncated", ++ RSA_size(link->tiTicketing.rsa), SPICE_MAX_PASSWORD_LENGTH); ++ } ++ ++ password = g_malloc0(RSA_size(link->tiTicketing.rsa) + 1); ++ password_size = RSA_private_decrypt(link->tiTicketing.rsa_size, ++ link->tiTicketing.encrypted_ticket.encrypted_data, ++ (unsigned char *)password, ++ link->tiTicketing.rsa, ++ RSA_PKCS1_OAEP_PADDING); ++ if (password_size == -1) { ++ spice_warning("failed to decrypt RSA encrypted password: %s", ++ ERR_error_string(ERR_get_error(), NULL)); ++ goto error; ++ } ++ password[password_size] = '\0'; + + if (ticketing_enabled && !link->skip_auth) { + int expired = taTicket.expiration_time < ltime; + + if (strlen(taTicket.password) == 0) { +- reds_send_link_result(link, SPICE_LINK_ERR_PERMISSION_DENIED); + spice_warning("Ticketing is enabled, but no password is set. " +- "please set a ticket first"); +- reds_link_free(link); +- return; ++ "please set a ticket first"); ++ goto error; + } + +- if (expired || strncmp(password, taTicket.password, SPICE_MAX_PASSWORD_LENGTH) != 0) { ++ if (expired || strcmp(password, taTicket.password) != 0) { + if (expired) { + spice_warning("Ticket has expired"); + } else { + spice_warning("Invalid password"); + } +- reds_send_link_result(link, SPICE_LINK_ERR_PERMISSION_DENIED); +- reds_link_free(link); +- return; ++ goto error; + } + } + + reds_handle_link(link); ++ goto end; ++ ++error: ++ reds_send_link_result(link, SPICE_LINK_ERR_PERMISSION_DENIED); ++ reds_link_free(link); ++ ++end: ++ g_free(password); + } + + static inline void async_read_clear_handlers(AsyncRead *obj) +-- +cgit v0.9.0.2-2-gbebe Deleted: extra-i686/PKGBUILD =================================================================== --- extra-i686/PKGBUILD 2016-05-12 12:37:22 UTC (rev 267864) +++ extra-i686/PKGBUILD 2016-05-12 12:37:34 UTC (rev 267865) @@ -1,26 +0,0 @@ -# $Id$ -# Maintainer: Sergej Pupykin <pupykin.s+a...@gmail.com> -# Maintainer: Patryk Kowalczyk < patryk at kowalczyk dot ws> - -pkgname=spice -pkgver=0.12.6 -pkgrel=2 -pkgdesc="SPICE client and server" -arch=('i686' 'x86_64') -url="http://spice-space.org" -license=('LGPL2.1') -depends=(alsa-lib celt0.5.1 libcacard libjpeg-turbo libsasl libxinerama libxfixes libxrandr pixman) -makedepends=(python2-pyparsing python2-six qemu spice-protocol) -source=(http://spice-space.org/download/releases/$pkgname-$pkgver.tar.bz2) - -build() { - cd "$srcdir/$pkgname-$pkgver" - PYTHON=python2 ./configure --prefix=/usr --disable-static --enable-smartcard --enable-client - make -} - -package() { - cd "$srcdir/$pkgname-$pkgver" - make DESTDIR="$pkgdir/" install -} -md5sums=('605a8c8ea80bc95076c4b3539c6dd026') Copied: spice/repos/extra-i686/PKGBUILD (from rev 267864, spice/trunk/PKGBUILD) =================================================================== --- extra-i686/PKGBUILD (rev 0) +++ extra-i686/PKGBUILD 2016-05-12 12:37:34 UTC (rev 267865) @@ -0,0 +1,26 @@ +# $Id$ +# Maintainer: Sergej Pupykin <pupykin.s+a...@gmail.com> +# Maintainer: Patryk Kowalczyk < patryk at kowalczyk dot ws> + +pkgname=spice +pkgver=0.12.7 +pkgrel=1 +pkgdesc="SPICE client and server" +arch=('i686' 'x86_64') +url="http://spice-space.org" +license=('LGPL2.1') +depends=(alsa-lib celt0.5.1 libcacard libjpeg-turbo libsasl libxinerama libxfixes libxrandr pixman) +makedepends=(python2-pyparsing python2-six qemu spice-protocol) +source=(http://spice-space.org/download/releases/$pkgname-$pkgver.tar.bz2) + +build() { + cd "$srcdir/$pkgname-$pkgver" + PYTHON=python2 ./configure --prefix=/usr --disable-static --enable-smartcard --enable-client + make +} + +package() { + cd "$srcdir/$pkgname-$pkgver" + make DESTDIR="$pkgdir/" install +} +md5sums=('28d4294e6d055de3b6ce5b8f2b7ca03b') Deleted: extra-x86_64/CVE-2013-4282.patch =================================================================== --- extra-x86_64/CVE-2013-4282.patch 2016-05-12 12:37:22 UTC (rev 267864) +++ extra-x86_64/CVE-2013-4282.patch 2016-05-12 12:37:34 UTC (rev 267865) @@ -1,104 +0,0 @@ -From 8af619009660b24e0b41ad26b30289eea288fcc2 Mon Sep 17 00:00:00 2001 -From: Christophe Fergeau <cferg...@redhat.com> -Date: Fri, 23 Aug 2013 09:29:44 +0000 -Subject: Fix buffer overflow when decrypting client SPICE ticket - -reds_handle_ticket uses a fixed size 'password' buffer for the decrypted -password whose size is SPICE_MAX_PASSWORD_LENGTH. However, -RSA_private_decrypt which we call for the decryption expects the -destination buffer to be at least RSA_size(link->tiTicketing.rsa) -bytes long. On my spice-server build, SPICE_MAX_PASSWORD_LENGTH -is 60 while RSA_size() is 128, so we end up overflowing 'password' -when using long passwords (this was reproduced using the string: -'fullscreen=1proxy=#enter proxy here; e.g spice_proxy = http://[proxy]:[port]' -as a password). - -When the overflow occurs, QEMU dies with: -*** stack smashing detected ***: qemu-system-x86_64 terminated - -This commit ensures we use a corectly sized 'password' buffer, -and that it's correctly nul-terminated so that we can use strcmp -instead of strncmp. To keep using strncmp, we'd need to figure out -which one of 'password' and 'taTicket.password' is the smaller buffer, -and use that size. - -This fixes rhbz#999839 ---- -diff --git a/server/reds.c b/server/reds.c -index 892d247..2a0002b 100644 ---- a/server/reds.c -+++ b/server/reds.c -@@ -1926,39 +1926,59 @@ static void reds_handle_link(RedLinkInfo *link) - static void reds_handle_ticket(void *opaque) - { - RedLinkInfo *link = (RedLinkInfo *)opaque; -- char password[SPICE_MAX_PASSWORD_LENGTH]; -+ char *password; - time_t ltime; -+ int password_size; - - //todo: use monotonic time - time(<ime); -- RSA_private_decrypt(link->tiTicketing.rsa_size, -- link->tiTicketing.encrypted_ticket.encrypted_data, -- (unsigned char *)password, link->tiTicketing.rsa, RSA_PKCS1_OAEP_PADDING); -+ if (RSA_size(link->tiTicketing.rsa) < SPICE_MAX_PASSWORD_LENGTH) { -+ spice_warning("RSA modulus size is smaller than SPICE_MAX_PASSWORD_LENGTH (%d < %d), " -+ "SPICE ticket sent from client may be truncated", -+ RSA_size(link->tiTicketing.rsa), SPICE_MAX_PASSWORD_LENGTH); -+ } -+ -+ password = g_malloc0(RSA_size(link->tiTicketing.rsa) + 1); -+ password_size = RSA_private_decrypt(link->tiTicketing.rsa_size, -+ link->tiTicketing.encrypted_ticket.encrypted_data, -+ (unsigned char *)password, -+ link->tiTicketing.rsa, -+ RSA_PKCS1_OAEP_PADDING); -+ if (password_size == -1) { -+ spice_warning("failed to decrypt RSA encrypted password: %s", -+ ERR_error_string(ERR_get_error(), NULL)); -+ goto error; -+ } -+ password[password_size] = '\0'; - - if (ticketing_enabled && !link->skip_auth) { - int expired = taTicket.expiration_time < ltime; - - if (strlen(taTicket.password) == 0) { -- reds_send_link_result(link, SPICE_LINK_ERR_PERMISSION_DENIED); - spice_warning("Ticketing is enabled, but no password is set. " -- "please set a ticket first"); -- reds_link_free(link); -- return; -+ "please set a ticket first"); -+ goto error; - } - -- if (expired || strncmp(password, taTicket.password, SPICE_MAX_PASSWORD_LENGTH) != 0) { -+ if (expired || strcmp(password, taTicket.password) != 0) { - if (expired) { - spice_warning("Ticket has expired"); - } else { - spice_warning("Invalid password"); - } -- reds_send_link_result(link, SPICE_LINK_ERR_PERMISSION_DENIED); -- reds_link_free(link); -- return; -+ goto error; - } - } - - reds_handle_link(link); -+ goto end; -+ -+error: -+ reds_send_link_result(link, SPICE_LINK_ERR_PERMISSION_DENIED); -+ reds_link_free(link); -+ -+end: -+ g_free(password); - } - - static inline void async_read_clear_handlers(AsyncRead *obj) --- -cgit v0.9.0.2-2-gbebe Copied: spice/repos/extra-x86_64/CVE-2013-4282.patch (from rev 267864, spice/trunk/CVE-2013-4282.patch) =================================================================== --- extra-x86_64/CVE-2013-4282.patch (rev 0) +++ extra-x86_64/CVE-2013-4282.patch 2016-05-12 12:37:34 UTC (rev 267865) @@ -0,0 +1,104 @@ +From 8af619009660b24e0b41ad26b30289eea288fcc2 Mon Sep 17 00:00:00 2001 +From: Christophe Fergeau <cferg...@redhat.com> +Date: Fri, 23 Aug 2013 09:29:44 +0000 +Subject: Fix buffer overflow when decrypting client SPICE ticket + +reds_handle_ticket uses a fixed size 'password' buffer for the decrypted +password whose size is SPICE_MAX_PASSWORD_LENGTH. However, +RSA_private_decrypt which we call for the decryption expects the +destination buffer to be at least RSA_size(link->tiTicketing.rsa) +bytes long. On my spice-server build, SPICE_MAX_PASSWORD_LENGTH +is 60 while RSA_size() is 128, so we end up overflowing 'password' +when using long passwords (this was reproduced using the string: +'fullscreen=1proxy=#enter proxy here; e.g spice_proxy = http://[proxy]:[port]' +as a password). + +When the overflow occurs, QEMU dies with: +*** stack smashing detected ***: qemu-system-x86_64 terminated + +This commit ensures we use a corectly sized 'password' buffer, +and that it's correctly nul-terminated so that we can use strcmp +instead of strncmp. To keep using strncmp, we'd need to figure out +which one of 'password' and 'taTicket.password' is the smaller buffer, +and use that size. + +This fixes rhbz#999839 +--- +diff --git a/server/reds.c b/server/reds.c +index 892d247..2a0002b 100644 +--- a/server/reds.c ++++ b/server/reds.c +@@ -1926,39 +1926,59 @@ static void reds_handle_link(RedLinkInfo *link) + static void reds_handle_ticket(void *opaque) + { + RedLinkInfo *link = (RedLinkInfo *)opaque; +- char password[SPICE_MAX_PASSWORD_LENGTH]; ++ char *password; + time_t ltime; ++ int password_size; + + //todo: use monotonic time + time(<ime); +- RSA_private_decrypt(link->tiTicketing.rsa_size, +- link->tiTicketing.encrypted_ticket.encrypted_data, +- (unsigned char *)password, link->tiTicketing.rsa, RSA_PKCS1_OAEP_PADDING); ++ if (RSA_size(link->tiTicketing.rsa) < SPICE_MAX_PASSWORD_LENGTH) { ++ spice_warning("RSA modulus size is smaller than SPICE_MAX_PASSWORD_LENGTH (%d < %d), " ++ "SPICE ticket sent from client may be truncated", ++ RSA_size(link->tiTicketing.rsa), SPICE_MAX_PASSWORD_LENGTH); ++ } ++ ++ password = g_malloc0(RSA_size(link->tiTicketing.rsa) + 1); ++ password_size = RSA_private_decrypt(link->tiTicketing.rsa_size, ++ link->tiTicketing.encrypted_ticket.encrypted_data, ++ (unsigned char *)password, ++ link->tiTicketing.rsa, ++ RSA_PKCS1_OAEP_PADDING); ++ if (password_size == -1) { ++ spice_warning("failed to decrypt RSA encrypted password: %s", ++ ERR_error_string(ERR_get_error(), NULL)); ++ goto error; ++ } ++ password[password_size] = '\0'; + + if (ticketing_enabled && !link->skip_auth) { + int expired = taTicket.expiration_time < ltime; + + if (strlen(taTicket.password) == 0) { +- reds_send_link_result(link, SPICE_LINK_ERR_PERMISSION_DENIED); + spice_warning("Ticketing is enabled, but no password is set. " +- "please set a ticket first"); +- reds_link_free(link); +- return; ++ "please set a ticket first"); ++ goto error; + } + +- if (expired || strncmp(password, taTicket.password, SPICE_MAX_PASSWORD_LENGTH) != 0) { ++ if (expired || strcmp(password, taTicket.password) != 0) { + if (expired) { + spice_warning("Ticket has expired"); + } else { + spice_warning("Invalid password"); + } +- reds_send_link_result(link, SPICE_LINK_ERR_PERMISSION_DENIED); +- reds_link_free(link); +- return; ++ goto error; + } + } + + reds_handle_link(link); ++ goto end; ++ ++error: ++ reds_send_link_result(link, SPICE_LINK_ERR_PERMISSION_DENIED); ++ reds_link_free(link); ++ ++end: ++ g_free(password); + } + + static inline void async_read_clear_handlers(AsyncRead *obj) +-- +cgit v0.9.0.2-2-gbebe Deleted: extra-x86_64/PKGBUILD =================================================================== --- extra-x86_64/PKGBUILD 2016-05-12 12:37:22 UTC (rev 267864) +++ extra-x86_64/PKGBUILD 2016-05-12 12:37:34 UTC (rev 267865) @@ -1,26 +0,0 @@ -# $Id$ -# Maintainer: Sergej Pupykin <pupykin.s+a...@gmail.com> -# Maintainer: Patryk Kowalczyk < patryk at kowalczyk dot ws> - -pkgname=spice -pkgver=0.12.6 -pkgrel=2 -pkgdesc="SPICE client and server" -arch=('i686' 'x86_64') -url="http://spice-space.org" -license=('LGPL2.1') -depends=(alsa-lib celt0.5.1 libcacard libjpeg-turbo libsasl libxinerama libxfixes libxrandr pixman) -makedepends=(python2-pyparsing python2-six qemu spice-protocol) -source=(http://spice-space.org/download/releases/$pkgname-$pkgver.tar.bz2) - -build() { - cd "$srcdir/$pkgname-$pkgver" - PYTHON=python2 ./configure --prefix=/usr --disable-static --enable-smartcard --enable-client - make -} - -package() { - cd "$srcdir/$pkgname-$pkgver" - make DESTDIR="$pkgdir/" install -} -md5sums=('605a8c8ea80bc95076c4b3539c6dd026') Copied: spice/repos/extra-x86_64/PKGBUILD (from rev 267864, spice/trunk/PKGBUILD) =================================================================== --- extra-x86_64/PKGBUILD (rev 0) +++ extra-x86_64/PKGBUILD 2016-05-12 12:37:34 UTC (rev 267865) @@ -0,0 +1,26 @@ +# $Id$ +# Maintainer: Sergej Pupykin <pupykin.s+a...@gmail.com> +# Maintainer: Patryk Kowalczyk < patryk at kowalczyk dot ws> + +pkgname=spice +pkgver=0.12.7 +pkgrel=1 +pkgdesc="SPICE client and server" +arch=('i686' 'x86_64') +url="http://spice-space.org" +license=('LGPL2.1') +depends=(alsa-lib celt0.5.1 libcacard libjpeg-turbo libsasl libxinerama libxfixes libxrandr pixman) +makedepends=(python2-pyparsing python2-six qemu spice-protocol) +source=(http://spice-space.org/download/releases/$pkgname-$pkgver.tar.bz2) + +build() { + cd "$srcdir/$pkgname-$pkgver" + PYTHON=python2 ./configure --prefix=/usr --disable-static --enable-smartcard --enable-client + make +} + +package() { + cd "$srcdir/$pkgname-$pkgver" + make DESTDIR="$pkgdir/" install +} +md5sums=('28d4294e6d055de3b6ce5b8f2b7ca03b')