Hello community, here is the log from the commit of package libcacard for openSUSE:Factory checked in at 2017-05-06 18:26:02 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libcacard (Old) and /work/SRC/openSUSE:Factory/.libcacard.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libcacard" Sat May 6 18:26:02 2017 rev:2 rq:492704 version:2.5.3 Changes: -------- --- /work/SRC/openSUSE:Factory/libcacard/libcacard.changes 2016-06-09 16:14:36.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.libcacard.new/libcacard.changes 2017-05-06 18:26:05.529361413 +0200 @@ -1,0 +2,7 @@ +Wed May 3 16:48:14 UTC 2017 - [email protected] + +- Update to v2.5.3 +* Includes fix for host memory leakage while creating new APDU + (CVE-2017-6414 boo#1027514) + +------------------------------------------------------------------- Old: ---- libcacard-2.5.2.tar.xz New: ---- libcacard-2.5.3.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libcacard.spec ++++++ --- /var/tmp/diff_new_pack.O5gvhQ/_old 2017-05-06 18:26:06.429234437 +0200 +++ /var/tmp/diff_new_pack.O5gvhQ/_new 2017-05-06 18:26:06.433233873 +0200 @@ -1,7 +1,7 @@ # # spec file for package libcacard # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -21,7 +21,7 @@ Summary: Common Access Card (CAC) emulation License: LGPL-2.1+ Group: System/Emulators/PC -Version: 2.5.2 +Version: 2.5.3 Release: 0 Source: http://www.spice-space.org/download/libcacard/libcacard-%{version}.tar.xz BuildRoot: %{_tmppath}/%{name}-%{version}-build ++++++ libcacard-2.5.2.tar.xz -> libcacard-2.5.3.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libcacard-2.5.2/.tarball-version new/libcacard-2.5.3/.tarball-version --- old/libcacard-2.5.2/.tarball-version 2015-12-08 15:52:06.000000000 +0100 +++ new/libcacard-2.5.3/.tarball-version 2017-03-01 16:35:38.000000000 +0100 @@ -1 +1 @@ -2.5.2 +2.5.3 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libcacard-2.5.2/ChangeLog new/libcacard-2.5.3/ChangeLog --- old/libcacard-2.5.2/ChangeLog 2015-12-08 15:52:06.000000000 +0100 +++ new/libcacard-2.5.3/ChangeLog 2017-03-01 16:35:38.000000000 +0100 @@ -1,3 +1,86 @@ +commit aaa5251791bf0b1640afcba77a7d79ea23c42d53 +Author: Marc-André Lureau <[email protected]> +Date: Wed Mar 1 16:44:18 2017 +0400 + + Update NEWS for v2.5.3 + + Signed-off-by: Marc-André Lureau <[email protected]> + Acked-by: Victor Toso <[email protected]> + + NEWS | 9 +++++++++ + 1 file changed, 9 insertions(+) + +commit 9113dc6a303604a2d9812ac70c17d076ef11886c +Author: Li Qiang <[email protected]> +Date: Tue Feb 21 22:34:20 2017 -0800 + + smartcard: fix memory leak in vcard_apdu_new + + In the error path, 'new_apdu->a_data' is not freed. + This can be triggered by the guest continuely. + + Signed-off-by: Li Qiang <[email protected]> + Reviewed-by: Marc-André Lureau <[email protected]> + + src/card_7816.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +commit ad591057c301d3120c3f7e5a5826342c8bf523bc +Author: Jakub Jelen <[email protected]> +Date: Fri Aug 12 11:31:37 2016 +0200 + + Do not fail, if the caller didn't pick up response from previous call + + During our testing of a new CAC driver in OpenSC, with this library, we + encountered a problem with |libcacard| failing and the driver returning + only a fraction of the requested objects. + + The problem is that the Emulator wants to return the data (properly + signalized by 61 (RESPONSE BYTES) in SW1), but this is ignored for some + reason in some of our calls from OpenSC. The Emulator should not fail + hard for the next independent request, rather silently drop the buffer + and serve the ongoing APDU request (I would left for consideration to + somehow log such problem). + + Patch was successfully tested on Fedora 24 host and solves our problem + (though we worked around the problem already in the driver too). + + Reviewed-by: Marc-André Lureau <[email protected]> + + src/card_7816.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +commit fede413532c8c786e507388eddb78530473814f6 +Author: Marc-André Lureau <[email protected]> +Date: Thu Mar 3 01:55:57 2016 +0100 + + vscclient: help scan-build + + scan-build gives a false-positive error because it gets confused that + optarg may be NULL. Help him by adding an assert. + + Signed-off-by: Marc-André Lureau <[email protected]> + Reported-by: Miroslav Rezanina <[email protected]> + + src/vscclient.c | 2 ++ + 1 file changed, 2 insertions(+) + +commit de542d9d0ac43e0dcb74ce8625fa717e3d093c1a +Author: Marc-André Lureau <[email protected]> +Date: Thu Mar 3 01:54:10 2016 +0100 + + nss: report error on invalid db= argument + + The db argument must end with " or \n. + + Found thanks to clang scan-build. + + Signed-off-by: Marc-André Lureau <[email protected]> + Reported-by: Miroslav Rezanina <[email protected]> + + src/vcard_emul_nss.c | 4 ++++ + 1 file changed, 4 insertions(+) + commit 998db1e88eb8219264476c022d1446f3cb4330e8 Author: Marc-André Lureau <[email protected]> Date: Thu Dec 3 15:29:50 2015 +0100 @@ -657,61 +740,34 @@ Signed-off-by: Marc-André Lureau <[email protected]> - include/glib-compat.h | 168 ------ - libcacard.pc.in | 13 + - libcacard/Makefile | 45 -- - libcacard/cac.c | 414 -------------- - libcacard/cac.h | 31 -- - libcacard/card_7816.c | 757 ------------------------- - libcacard/card_7816.h | 62 --- - libcacard/card_7816t.h | 165 ------ - libcacard/event.c | 103 ---- - libcacard/eventt.h | 29 - - libcacard/libcacard.pc.in | 13 - - libcacard/libcacard.syms | 77 --- - libcacard/link_test.c | 22 - - libcacard/vcard.c | 325 ----------- - libcacard/vcard.h | 86 --- - libcacard/vcard_emul.h | 66 --- - libcacard/vcard_emul_nss.c | 1274 ------------------------------------------- - libcacard/vcard_emul_type.c | 57 -- - libcacard/vcard_emul_type.h | 32 -- - libcacard/vcardt.c | 40 -- - libcacard/vcardt.h | 59 -- - libcacard/vcardt_internal.h | 6 - - libcacard/vevent.h | 27 - - libcacard/vreader.c | 578 -------------------- - libcacard/vreader.h | 55 -- - libcacard/vreadert.h | 24 - - libcacard/vscard_common.h | 178 ------ - libcacard/vscclient.c | 785 -------------------------- - src/Makefile | 45 ++ - src/cac.c | 414 ++++++++++++++ - src/cac.h | 31 ++ - src/card_7816.c | 757 +++++++++++++++++++++++++ - src/card_7816.h | 62 +++ - src/card_7816t.h | 165 ++++++ - src/event.c | 103 ++++ - src/eventt.h | 29 + - src/glib-compat.h | 168 ++++++ - src/libcacard.syms | 77 +++ - src/link_test.c | 22 + - src/vcard.c | 325 +++++++++++ - src/vcard.h | 86 +++ - src/vcard_emul.h | 66 +++ - src/vcard_emul_nss.c | 1274 +++++++++++++++++++++++++++++++++++++++++++ - src/vcard_emul_type.c | 57 ++ - src/vcard_emul_type.h | 32 ++ - src/vcardt.c | 40 ++ - src/vcardt.h | 59 ++ - src/vcardt_internal.h | 6 + - src/vevent.h | 27 + - src/vreader.c | 578 ++++++++++++++++++++ - src/vreader.h | 55 ++ - src/vreadert.h | 24 + - src/vscard_common.h | 178 ++++++ - src/vscclient.c | 785 ++++++++++++++++++++++++++ - 54 files changed, 5478 insertions(+), 5478 deletions(-) + libcacard/libcacard.pc.in => libcacard.pc.in | 0 + {libcacard => src}/Makefile | 0 + {libcacard => src}/cac.c | 0 + {libcacard => src}/cac.h | 0 + {libcacard => src}/card_7816.c | 0 + {libcacard => src}/card_7816.h | 0 + {libcacard => src}/card_7816t.h | 0 + {libcacard => src}/event.c | 0 + {libcacard => src}/eventt.h | 0 + {include => src}/glib-compat.h | 0 + {libcacard => src}/libcacard.syms | 0 + {libcacard => src}/link_test.c | 0 + {libcacard => src}/vcard.c | 0 + {libcacard => src}/vcard.h | 0 + {libcacard => src}/vcard_emul.h | 0 + {libcacard => src}/vcard_emul_nss.c | 0 + {libcacard => src}/vcard_emul_type.c | 0 + {libcacard => src}/vcard_emul_type.h | 0 + {libcacard => src}/vcardt.c | 0 + {libcacard => src}/vcardt.h | 0 + {libcacard => src}/vcardt_internal.h | 0 + {libcacard => src}/vevent.h | 0 + {libcacard => src}/vreader.c | 0 + {libcacard => src}/vreader.h | 0 + {libcacard => src}/vreadert.h | 0 + {libcacard => src}/vscard_common.h | 0 + {libcacard => src}/vscclient.c | 0 + 27 files changed, 0 insertions(+), 0 deletions(-) commit 53f38f8f294369c0b6361782f3c8accc562292d4 Author: Veres Lajos <[email protected]> @@ -864,110 +920,110 @@ Building QEMU results in a libcacard.so that links against practically the entire world - linux-vdso.so.1 => (0x00007fff71e99000) - libssl3.so => /usr/lib64/libssl3.so (0x00007f49f94b6000) - libsmime3.so => /usr/lib64/libsmime3.so (0x00007f49f928e000) - libnss3.so => /usr/lib64/libnss3.so (0x00007f49f8f67000) - libnssutil3.so => /usr/lib64/libnssutil3.so (0x00007f49f8d3b000) - libplds4.so => /usr/lib64/libplds4.so (0x00007f49f8b36000) - libplc4.so => /usr/lib64/libplc4.so (0x00007f49f8931000) - libnspr4.so => /usr/lib64/libnspr4.so (0x00007f49f86f2000) - libdl.so.2 => /usr/lib64/libdl.so.2 (0x00007f49f84ed000) - libm.so.6 => /usr/lib64/libm.so.6 (0x00007f49f81e5000) - libgthread-2.0.so.0 => /usr/lib64/libgthread-2.0.so.0 (0x00007f49f7fe3000) - librt.so.1 => /usr/lib64/librt.so.1 (0x00007f49f7dda000) - libz.so.1 => /usr/lib64/libz.so.1 (0x00007f49f7bc4000) - libcap-ng.so.0 => /usr/lib64/libcap-ng.so.0 (0x00007f49f79be000) - libuuid.so.1 => /usr/lib64/libuuid.so.1 (0x00007f49f77b8000) - libgnutls.so.28 => /usr/lib64/libgnutls.so.28 (0x00007f49f749a000) - libSDL-1.2.so.0 => /usr/lib64/libSDL-1.2.so.0 (0x00007f49f71fd000) - libpthread.so.0 => /usr/lib64/libpthread.so.0 (0x00007f49f6fe0000) - libvte.so.9 => /usr/lib64/libvte.so.9 (0x00007f49f6d3f000) - libXext.so.6 => /usr/lib64/libXext.so.6 (0x00007f49f6b2d000) - libgtk-x11-2.0.so.0 => /usr/lib64/libgtk-x11-2.0.so.0 (0x00007f49f64a0000) - libgdk-x11-2.0.so.0 => /usr/lib64/libgdk-x11-2.0.so.0 (0x00007f49f61de000) - libpangocairo-1.0.so.0 => /usr/lib64/libpangocairo-1.0.so.0 (0x00007f49f5fd1000) - libatk-1.0.so.0 => /usr/lib64/libatk-1.0.so.0 (0x00007f49f5daa000) - libcairo.so.2 => /usr/lib64/libcairo.so.2 (0x00007f49f5a9d000) - libgdk_pixbuf-2.0.so.0 => /usr/lib64/libgdk_pixbuf-2.0.so.0 (0x00007f49f5878000) - libgio-2.0.so.0 => /usr/lib64/libgio-2.0.so.0 (0x00007f49f5500000) - libpangoft2-1.0.so.0 => /usr/lib64/libpangoft2-1.0.so.0 (0x00007f49f52eb000) - libpango-1.0.so.0 => /usr/lib64/libpango-1.0.so.0 (0x00007f49f50a0000) - libgobject-2.0.so.0 => /usr/lib64/libgobject-2.0.so.0 (0x00007f49f4e4e000) - libglib-2.0.so.0 => /usr/lib64/libglib-2.0.so.0 (0x00007f49f4b15000) - libfontconfig.so.1 => /usr/lib64/libfontconfig.so.1 (0x00007f49f48d6000) - libfreetype.so.6 => /usr/lib64/libfreetype.so.6 (0x00007f49f462b000) - libX11.so.6 => /usr/lib64/libX11.so.6 (0x00007f49f42e8000) - libxenstore.so.3.0 => /usr/lib64/libxenstore.so.3.0 (0x00007f49f40de000) - libxenctrl.so.4.4 => /usr/lib64/libxenctrl.so.4.4 (0x00007f49f3eb6000) - libxenguest.so.4.4 => /usr/lib64/libxenguest.so.4.4 (0x00007f49f3c8b000) - libseccomp.so.2 => /usr/lib64/libseccomp.so.2 (0x00007f49f3a74000) - librdmacm.so.1 => /usr/lib64/librdmacm.so.1 (0x00007f49f385d000) - libibverbs.so.1 => /usr/lib64/libibverbs.so.1 (0x00007f49f364a000) - libutil.so.1 => /usr/lib64/libutil.so.1 (0x00007f49f3447000) - libc.so.6 => /usr/lib64/libc.so.6 (0x00007f49f3089000) - /lib64/ld-linux-x86-64.so.2 (0x00007f49f9902000) - libp11-kit.so.0 => /usr/lib64/libp11-kit.so.0 (0x00007f49f2e23000) - libtspi.so.1 => /usr/lib64/libtspi.so.1 (0x00007f49f2bb2000) - libtasn1.so.6 => /usr/lib64/libtasn1.so.6 (0x00007f49f299f000) - libnettle.so.4 => /usr/lib64/libnettle.so.4 (0x00007f49f276d000) - libhogweed.so.2 => /usr/lib64/libhogweed.so.2 (0x00007f49f2545000) - libgmp.so.10 => /usr/lib64/libgmp.so.10 (0x00007f49f22cd000) - libncurses.so.5 => /usr/lib64/libncurses.so.5 (0x00007f49f20a5000) - libtinfo.so.5 => /usr/lib64/libtinfo.so.5 (0x00007f49f1e7a000) - libgmodule-2.0.so.0 => /usr/lib64/libgmodule-2.0.so.0 (0x00007f49f1c76000) - libXfixes.so.3 => /usr/lib64/libXfixes.so.3 (0x00007f49f1a6f000) - libXrender.so.1 => /usr/lib64/libXrender.so.1 (0x00007f49f1865000) - libXinerama.so.1 => /usr/lib64/libXinerama.so.1 (0x00007f49f1662000) - libXi.so.6 => /usr/lib64/libXi.so.6 (0x00007f49f1452000) - libXrandr.so.2 => /usr/lib64/libXrandr.so.2 (0x00007f49f1247000) - libXcursor.so.1 => /usr/lib64/libXcursor.so.1 (0x00007f49f103c000) - libXcomposite.so.1 => /usr/lib64/libXcomposite.so.1 (0x00007f49f0e39000) - libXdamage.so.1 => /usr/lib64/libXdamage.so.1 (0x00007f49f0c35000) - libharfbuzz.so.0 => /usr/lib64/libharfbuzz.so.0 (0x00007f49f09dd000) - libpixman-1.so.0 => /usr/lib64/libpixman-1.so.0 (0x00007f49f072f000) - libEGL.so.1 => /usr/lib64/libEGL.so.1 (0x00007f49f0505000) - libpng16.so.16 => /usr/lib64/libpng16.so.16 (0x00007f49f02d2000) - libxcb-shm.so.0 => /usr/lib64/libxcb-shm.so.0 (0x00007f49f00cd000) - libxcb-render.so.0 => /usr/lib64/libxcb-render.so.0 (0x00007f49efec3000) - libxcb.so.1 => /usr/lib64/libxcb.so.1 (0x00007f49efca1000) - libGL.so.1 => /usr/lib64/libGL.so.1 (0x00007f49efa06000) - libffi.so.6 => /usr/lib64/libffi.so.6 (0x00007f49ef7fe000) - libselinux.so.1 => /usr/lib64/libselinux.so.1 (0x00007f49ef5d8000) - libresolv.so.2 => /usr/lib64/libresolv.so.2 (0x00007f49ef3be000) - libexpat.so.1 => /usr/lib64/libexpat.so.1 (0x00007f49ef193000) - libbz2.so.1 => /usr/lib64/libbz2.so.1 (0x00007f49eef83000) - libgcc_s.so.1 => /usr/lib64/libgcc_s.so.1 (0x00007f49eed6c000) - liblzma.so.5 => /usr/lib64/liblzma.so.5 (0x00007f49eeb46000) - libnl-route-3.so.200 => /usr/lib64/libnl-route-3.so.200 (0x00007f49ee8e2000) - libnl-3.so.200 => /usr/lib64/libnl-3.so.200 (0x00007f49ee6c4000) - libcrypto.so.10 => /usr/lib64/libcrypto.so.10 (0x00007f49ee2d6000) - libssl.so.10 => /usr/lib64/libssl.so.10 (0x00007f49ee067000) - libgraphite2.so.3 => /usr/lib64/libgraphite2.so.3 (0x00007f49ede48000) - libX11-xcb.so.1 => /usr/lib64/libX11-xcb.so.1 (0x00007f49edc46000) - libxcb-dri2.so.0 => /usr/lib64/libxcb-dri2.so.0 (0x00007f49eda41000) - libxcb-xfixes.so.0 => /usr/lib64/libxcb-xfixes.so.0 (0x00007f49ed838000) - libxcb-shape.so.0 => /usr/lib64/libxcb-shape.so.0 (0x00007f49ed634000) - libgbm.so.1 => /usr/lib64/libgbm.so.1 (0x00007f49ed426000) - libwayland-client.so.0 => /usr/lib64/libwayland-client.so.0 (0x00007f49ed217000) - libwayland-server.so.0 => /usr/lib64/libwayland-server.so.0 (0x00007f49ed005000) - libglapi.so.0 => /usr/lib64/libglapi.so.0 (0x00007f49ecddb000) - libdrm.so.2 => /usr/lib64/libdrm.so.2 (0x00007f49ecbce000) - libXau.so.6 => /usr/lib64/libXau.so.6 (0x00007f49ec9ca000) - libxcb-glx.so.0 => /usr/lib64/libxcb-glx.so.0 (0x00007f49ec7b0000) - libxcb-dri3.so.0 => /usr/lib64/libxcb-dri3.so.0 (0x00007f49ec5ad000) - libxcb-present.so.0 => /usr/lib64/libxcb-present.so.0 (0x00007f49ec3aa000) - libxcb-randr.so.0 => /usr/lib64/libxcb-randr.so.0 (0x00007f49ec19b000) - libxcb-sync.so.1 => /usr/lib64/libxcb-sync.so.1 (0x00007f49ebf94000) - libxshmfence.so.1 => /usr/lib64/libxshmfence.so.1 (0x00007f49ebd91000) - libXxf86vm.so.1 => /usr/lib64/libXxf86vm.so.1 (0x00007f49ebb8a000) - libpcre.so.1 => /usr/lib64/libpcre.so.1 (0x00007f49eb91d000) - libgssapi_krb5.so.2 => /usr/lib64/libgssapi_krb5.so.2 (0x00007f49eb6cf000) - libkrb5.so.3 => /usr/lib64/libkrb5.so.3 (0x00007f49eb3ec000) - libcom_err.so.2 => /usr/lib64/libcom_err.so.2 (0x00007f49eb1e8000) - libk5crypto.so.3 => /usr/lib64/libk5crypto.so.3 (0x00007f49eafb4000) - libkrb5support.so.0 => /usr/lib64/libkrb5support.so.0 (0x00007f49eada5000) - libkeyutils.so.1 => /usr/lib64/libkeyutils.so.1 (0x00007f49eaba0000) + linux-vdso.so.1 => (0x00007fff71e99000) + libssl3.so => /usr/lib64/libssl3.so (0x00007f49f94b6000) + libsmime3.so => /usr/lib64/libsmime3.so (0x00007f49f928e000) + libnss3.so => /usr/lib64/libnss3.so (0x00007f49f8f67000) + libnssutil3.so => /usr/lib64/libnssutil3.so (0x00007f49f8d3b000) + libplds4.so => /usr/lib64/libplds4.so (0x00007f49f8b36000) + libplc4.so => /usr/lib64/libplc4.so (0x00007f49f8931000) + libnspr4.so => /usr/lib64/libnspr4.so (0x00007f49f86f2000) + libdl.so.2 => /usr/lib64/libdl.so.2 (0x00007f49f84ed000) + libm.so.6 => /usr/lib64/libm.so.6 (0x00007f49f81e5000) + libgthread-2.0.so.0 => /usr/lib64/libgthread-2.0.so.0 (0x00007f49f7fe3000) + librt.so.1 => /usr/lib64/librt.so.1 (0x00007f49f7dda000) + libz.so.1 => /usr/lib64/libz.so.1 (0x00007f49f7bc4000) + libcap-ng.so.0 => /usr/lib64/libcap-ng.so.0 (0x00007f49f79be000) + libuuid.so.1 => /usr/lib64/libuuid.so.1 (0x00007f49f77b8000) + libgnutls.so.28 => /usr/lib64/libgnutls.so.28 (0x00007f49f749a000) + libSDL-1.2.so.0 => /usr/lib64/libSDL-1.2.so.0 (0x00007f49f71fd000) + libpthread.so.0 => /usr/lib64/libpthread.so.0 (0x00007f49f6fe0000) + libvte.so.9 => /usr/lib64/libvte.so.9 (0x00007f49f6d3f000) + libXext.so.6 => /usr/lib64/libXext.so.6 (0x00007f49f6b2d000) + libgtk-x11-2.0.so.0 => /usr/lib64/libgtk-x11-2.0.so.0 (0x00007f49f64a0000) + libgdk-x11-2.0.so.0 => /usr/lib64/libgdk-x11-2.0.so.0 (0x00007f49f61de000) + libpangocairo-1.0.so.0 => /usr/lib64/libpangocairo-1.0.so.0 (0x00007f49f5fd1000) + libatk-1.0.so.0 => /usr/lib64/libatk-1.0.so.0 (0x00007f49f5daa000) + libcairo.so.2 => /usr/lib64/libcairo.so.2 (0x00007f49f5a9d000) + libgdk_pixbuf-2.0.so.0 => /usr/lib64/libgdk_pixbuf-2.0.so.0 (0x00007f49f5878000) + libgio-2.0.so.0 => /usr/lib64/libgio-2.0.so.0 (0x00007f49f5500000) + libpangoft2-1.0.so.0 => /usr/lib64/libpangoft2-1.0.so.0 (0x00007f49f52eb000) + libpango-1.0.so.0 => /usr/lib64/libpango-1.0.so.0 (0x00007f49f50a0000) + libgobject-2.0.so.0 => /usr/lib64/libgobject-2.0.so.0 (0x00007f49f4e4e000) + libglib-2.0.so.0 => /usr/lib64/libglib-2.0.so.0 (0x00007f49f4b15000) + libfontconfig.so.1 => /usr/lib64/libfontconfig.so.1 (0x00007f49f48d6000) + libfreetype.so.6 => /usr/lib64/libfreetype.so.6 (0x00007f49f462b000) + libX11.so.6 => /usr/lib64/libX11.so.6 (0x00007f49f42e8000) + libxenstore.so.3.0 => /usr/lib64/libxenstore.so.3.0 (0x00007f49f40de000) + libxenctrl.so.4.4 => /usr/lib64/libxenctrl.so.4.4 (0x00007f49f3eb6000) + libxenguest.so.4.4 => /usr/lib64/libxenguest.so.4.4 (0x00007f49f3c8b000) + libseccomp.so.2 => /usr/lib64/libseccomp.so.2 (0x00007f49f3a74000) + librdmacm.so.1 => /usr/lib64/librdmacm.so.1 (0x00007f49f385d000) + libibverbs.so.1 => /usr/lib64/libibverbs.so.1 (0x00007f49f364a000) + libutil.so.1 => /usr/lib64/libutil.so.1 (0x00007f49f3447000) + libc.so.6 => /usr/lib64/libc.so.6 (0x00007f49f3089000) + /lib64/ld-linux-x86-64.so.2 (0x00007f49f9902000) + libp11-kit.so.0 => /usr/lib64/libp11-kit.so.0 (0x00007f49f2e23000) + libtspi.so.1 => /usr/lib64/libtspi.so.1 (0x00007f49f2bb2000) + libtasn1.so.6 => /usr/lib64/libtasn1.so.6 (0x00007f49f299f000) + libnettle.so.4 => /usr/lib64/libnettle.so.4 (0x00007f49f276d000) + libhogweed.so.2 => /usr/lib64/libhogweed.so.2 (0x00007f49f2545000) + libgmp.so.10 => /usr/lib64/libgmp.so.10 (0x00007f49f22cd000) + libncurses.so.5 => /usr/lib64/libncurses.so.5 (0x00007f49f20a5000) + libtinfo.so.5 => /usr/lib64/libtinfo.so.5 (0x00007f49f1e7a000) + libgmodule-2.0.so.0 => /usr/lib64/libgmodule-2.0.so.0 (0x00007f49f1c76000) + libXfixes.so.3 => /usr/lib64/libXfixes.so.3 (0x00007f49f1a6f000) + libXrender.so.1 => /usr/lib64/libXrender.so.1 (0x00007f49f1865000) + libXinerama.so.1 => /usr/lib64/libXinerama.so.1 (0x00007f49f1662000) + libXi.so.6 => /usr/lib64/libXi.so.6 (0x00007f49f1452000) + libXrandr.so.2 => /usr/lib64/libXrandr.so.2 (0x00007f49f1247000) + libXcursor.so.1 => /usr/lib64/libXcursor.so.1 (0x00007f49f103c000) + libXcomposite.so.1 => /usr/lib64/libXcomposite.so.1 (0x00007f49f0e39000) + libXdamage.so.1 => /usr/lib64/libXdamage.so.1 (0x00007f49f0c35000) + libharfbuzz.so.0 => /usr/lib64/libharfbuzz.so.0 (0x00007f49f09dd000) + libpixman-1.so.0 => /usr/lib64/libpixman-1.so.0 (0x00007f49f072f000) + libEGL.so.1 => /usr/lib64/libEGL.so.1 (0x00007f49f0505000) + libpng16.so.16 => /usr/lib64/libpng16.so.16 (0x00007f49f02d2000) + libxcb-shm.so.0 => /usr/lib64/libxcb-shm.so.0 (0x00007f49f00cd000) + libxcb-render.so.0 => /usr/lib64/libxcb-render.so.0 (0x00007f49efec3000) + libxcb.so.1 => /usr/lib64/libxcb.so.1 (0x00007f49efca1000) + libGL.so.1 => /usr/lib64/libGL.so.1 (0x00007f49efa06000) + libffi.so.6 => /usr/lib64/libffi.so.6 (0x00007f49ef7fe000) + libselinux.so.1 => /usr/lib64/libselinux.so.1 (0x00007f49ef5d8000) + libresolv.so.2 => /usr/lib64/libresolv.so.2 (0x00007f49ef3be000) + libexpat.so.1 => /usr/lib64/libexpat.so.1 (0x00007f49ef193000) + libbz2.so.1 => /usr/lib64/libbz2.so.1 (0x00007f49eef83000) + libgcc_s.so.1 => /usr/lib64/libgcc_s.so.1 (0x00007f49eed6c000) + liblzma.so.5 => /usr/lib64/liblzma.so.5 (0x00007f49eeb46000) + libnl-route-3.so.200 => /usr/lib64/libnl-route-3.so.200 (0x00007f49ee8e2000) + libnl-3.so.200 => /usr/lib64/libnl-3.so.200 (0x00007f49ee6c4000) + libcrypto.so.10 => /usr/lib64/libcrypto.so.10 (0x00007f49ee2d6000) + libssl.so.10 => /usr/lib64/libssl.so.10 (0x00007f49ee067000) + libgraphite2.so.3 => /usr/lib64/libgraphite2.so.3 (0x00007f49ede48000) + libX11-xcb.so.1 => /usr/lib64/libX11-xcb.so.1 (0x00007f49edc46000) + libxcb-dri2.so.0 => /usr/lib64/libxcb-dri2.so.0 (0x00007f49eda41000) + libxcb-xfixes.so.0 => /usr/lib64/libxcb-xfixes.so.0 (0x00007f49ed838000) + libxcb-shape.so.0 => /usr/lib64/libxcb-shape.so.0 (0x00007f49ed634000) + libgbm.so.1 => /usr/lib64/libgbm.so.1 (0x00007f49ed426000) + libwayland-client.so.0 => /usr/lib64/libwayland-client.so.0 (0x00007f49ed217000) + libwayland-server.so.0 => /usr/lib64/libwayland-server.so.0 (0x00007f49ed005000) + libglapi.so.0 => /usr/lib64/libglapi.so.0 (0x00007f49ecddb000) + libdrm.so.2 => /usr/lib64/libdrm.so.2 (0x00007f49ecbce000) + libXau.so.6 => /usr/lib64/libXau.so.6 (0x00007f49ec9ca000) + libxcb-glx.so.0 => /usr/lib64/libxcb-glx.so.0 (0x00007f49ec7b0000) + libxcb-dri3.so.0 => /usr/lib64/libxcb-dri3.so.0 (0x00007f49ec5ad000) + libxcb-present.so.0 => /usr/lib64/libxcb-present.so.0 (0x00007f49ec3aa000) + libxcb-randr.so.0 => /usr/lib64/libxcb-randr.so.0 (0x00007f49ec19b000) + libxcb-sync.so.1 => /usr/lib64/libxcb-sync.so.1 (0x00007f49ebf94000) + libxshmfence.so.1 => /usr/lib64/libxshmfence.so.1 (0x00007f49ebd91000) + libXxf86vm.so.1 => /usr/lib64/libXxf86vm.so.1 (0x00007f49ebb8a000) + libpcre.so.1 => /usr/lib64/libpcre.so.1 (0x00007f49eb91d000) + libgssapi_krb5.so.2 => /usr/lib64/libgssapi_krb5.so.2 (0x00007f49eb6cf000) + libkrb5.so.3 => /usr/lib64/libkrb5.so.3 (0x00007f49eb3ec000) + libcom_err.so.2 => /usr/lib64/libcom_err.so.2 (0x00007f49eb1e8000) + libk5crypto.so.3 => /usr/lib64/libk5crypto.so.3 (0x00007f49eafb4000) + libkrb5support.so.0 => /usr/lib64/libkrb5support.so.0 (0x00007f49eada5000) + libkeyutils.so.1 => /usr/lib64/libkeyutils.so.1 (0x00007f49eaba0000) All libcacard actually needs are the NSS libs. Linking against the entire world is a regression caused by @@ -983,22 +1039,22 @@ Adding it back as an empty assignment brings the linked libs back to a more reasonable set - linux-vdso.so.1 => (0x00007fff575c1000) - libssl3.so => /usr/lib64/libssl3.so (0x00007f7f753b1000) - libsmime3.so => /usr/lib64/libsmime3.so (0x00007f7f75189000) - libnss3.so => /usr/lib64/libnss3.so (0x00007f7f74e62000) - libnssutil3.so => /usr/lib64/libnssutil3.so (0x00007f7f74c36000) - libplds4.so => /usr/lib64/libplds4.so (0x00007f7f74a31000) - libplc4.so => /usr/lib64/libplc4.so (0x00007f7f7482c000) - libnspr4.so => /usr/lib64/libnspr4.so (0x00007f7f745ed000) - libpthread.so.0 => /usr/lib64/libpthread.so.0 (0x00007f7f743d0000) - libdl.so.2 => /usr/lib64/libdl.so.2 (0x00007f7f741cc000) - libgthread-2.0.so.0 => /usr/lib64/libgthread-2.0.so.0 (0x00007f7f73fca000) - libglib-2.0.so.0 => /usr/lib64/libglib-2.0.so.0 (0x00007f7f73c90000) - libc.so.6 => /usr/lib64/libc.so.6 (0x00007f7f738d3000) - libz.so.1 => /usr/lib64/libz.so.1 (0x00007f7f736bd000) - librt.so.1 => /usr/lib64/librt.so.1 (0x00007f7f734b4000) - /lib64/ld-linux-x86-64.so.2 (0x00007f7f757fd000) + linux-vdso.so.1 => (0x00007fff575c1000) + libssl3.so => /usr/lib64/libssl3.so (0x00007f7f753b1000) + libsmime3.so => /usr/lib64/libsmime3.so (0x00007f7f75189000) + libnss3.so => /usr/lib64/libnss3.so (0x00007f7f74e62000) + libnssutil3.so => /usr/lib64/libnssutil3.so (0x00007f7f74c36000) + libplds4.so => /usr/lib64/libplds4.so (0x00007f7f74a31000) + libplc4.so => /usr/lib64/libplc4.so (0x00007f7f7482c000) + libnspr4.so => /usr/lib64/libnspr4.so (0x00007f7f745ed000) + libpthread.so.0 => /usr/lib64/libpthread.so.0 (0x00007f7f743d0000) + libdl.so.2 => /usr/lib64/libdl.so.2 (0x00007f7f741cc000) + libgthread-2.0.so.0 => /usr/lib64/libgthread-2.0.so.0 (0x00007f7f73fca000) + libglib-2.0.so.0 => /usr/lib64/libglib-2.0.so.0 (0x00007f7f73c90000) + libc.so.6 => /usr/lib64/libc.so.6 (0x00007f7f738d3000) + libz.so.1 => /usr/lib64/libz.so.1 (0x00007f7f736bd000) + librt.so.1 => /usr/lib64/librt.so.1 (0x00007f7f734b4000) + /lib64/ld-linux-x86-64.so.2 (0x00007f7f757fd000) Signed-off-by: Daniel P. Berrange <[email protected]> Cc: <[email protected]> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libcacard-2.5.2/Makefile.in new/libcacard-2.5.3/Makefile.in --- old/libcacard-2.5.2/Makefile.in 2015-12-08 15:51:57.000000000 +0100 +++ new/libcacard-2.5.3/Makefile.in 2017-03-01 16:35:29.000000000 +0100 @@ -1632,7 +1632,7 @@ ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \ || chmod -R a+r "$(distdir)" dist-gzip: distdir - tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz + tardir=$(distdir) && $(am__tar) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).tar.gz $(am__post_remove_distdir) dist-bzip2: distdir @@ -1657,7 +1657,7 @@ @echo WARNING: "Support for shar distribution archives is" \ "deprecated." >&2 @echo WARNING: "It will be removed altogether in Automake 2.0" >&2 - shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz + shar $(distdir) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).shar.gz $(am__post_remove_distdir) dist-zip: distdir @@ -1675,7 +1675,7 @@ distcheck: dist case '$(DIST_ARCHIVES)' in \ *.tar.gz*) \ - GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\ + eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).tar.gz | $(am__untar) ;;\ *.tar.bz2*) \ bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\ *.tar.lz*) \ @@ -1685,7 +1685,7 @@ *.tar.Z*) \ uncompress -c $(distdir).tar.Z | $(am__untar) ;;\ *.shar.gz*) \ - GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\ + eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).shar.gz | unshar ;;\ *.zip*) \ unzip $(distdir).zip ;;\ esac diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libcacard-2.5.2/NEWS new/libcacard-2.5.3/NEWS --- old/libcacard-2.5.2/NEWS 2015-12-03 15:33:52.000000000 +0100 +++ new/libcacard-2.5.3/NEWS 2017-03-01 13:44:13.000000000 +0100 @@ -1,3 +1,12 @@ +v2.5.3 +====== + +- fix memory leak in vcard_apdu_new +- do not fail, if the caller didn't pick up response + from previous call (to please opensc) +- some scan-build errors fixed + + v2.5.2 ====== diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libcacard-2.5.2/configure new/libcacard-2.5.3/configure --- old/libcacard-2.5.2/configure 2015-12-08 15:51:56.000000000 +0100 +++ new/libcacard-2.5.3/configure 2017-03-01 16:35:27.000000000 +0100 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for libcacard 2.5.2. +# Generated by GNU Autoconf 2.69 for libcacard 2.5.3. # # Report bugs to <[email protected]>. # @@ -590,8 +590,8 @@ # Identity of this package. PACKAGE_NAME='libcacard' PACKAGE_TARNAME='libcacard' -PACKAGE_VERSION='2.5.2' -PACKAGE_STRING='libcacard 2.5.2' +PACKAGE_VERSION='2.5.3' +PACKAGE_STRING='libcacard 2.5.3' PACKAGE_BUGREPORT='[email protected]' PACKAGE_URL='' @@ -1365,7 +1365,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures libcacard 2.5.2 to adapt to many kinds of systems. +\`configure' configures libcacard 2.5.3 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1435,7 +1435,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of libcacard 2.5.2:";; + short | recursive ) echo "Configuration of libcacard 2.5.3:";; esac cat <<\_ACEOF @@ -1574,7 +1574,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -libcacard configure 2.5.2 +libcacard configure 2.5.3 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -1852,7 +1852,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by libcacard $as_me 2.5.2, which was +It was created by libcacard $as_me 2.5.3, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2732,7 +2732,7 @@ # Define the identity of the package. PACKAGE='libcacard' - VERSION='2.5.2' + VERSION='2.5.3' cat >>confdefs.h <<_ACEOF @@ -14674,7 +14674,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by libcacard $as_me 2.5.2, which was +This file was extended by libcacard $as_me 2.5.3, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -14740,7 +14740,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -libcacard config.status 2.5.2 +libcacard config.status 2.5.3 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libcacard-2.5.2/src/card_7816.c new/libcacard-2.5.3/src/card_7816.c --- old/libcacard-2.5.2/src/card_7816.c 2015-11-19 17:18:43.000000000 +0100 +++ new/libcacard-2.5.3/src/card_7816.c 2017-02-22 08:52:37.000000000 +0100 @@ -341,12 +341,12 @@ new_apdu->a_len = len; *status = vcard_apdu_set_class(new_apdu); if (*status != VCARD7816_STATUS_SUCCESS) { - g_free(new_apdu); + vcard_apdu_delete(new_apdu); return NULL; } *status = vcard_apdu_set_length(new_apdu); if (*status != VCARD7816_STATUS_SUCCESS) { - g_free(new_apdu); + vcard_apdu_delete(new_apdu); new_apdu = NULL; } return new_apdu; @@ -732,11 +732,9 @@ } buffer_response = vcard_get_buffer_response(card); if (buffer_response && apdu->a_ins != VCARD7816_INS_GET_RESPONSE) { - /* clear out buffer_response, return an error */ + /* clear out buffer_response, do not return an error */ vcard_set_buffer_response(card, NULL); vcard_buffer_response_delete(buffer_response); - *response = vcard_make_response(VCARD7816_STATUS_EXC_ERROR); - return VCARD_DONE; } status = vcard_process_applet_apdu(card, apdu, response); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libcacard-2.5.2/src/vcard_emul_nss.c new/libcacard-2.5.3/src/vcard_emul_nss.c --- old/libcacard-2.5.2/src/vcard_emul_nss.c 2015-11-19 12:51:44.000000000 +0100 +++ new/libcacard-2.5.3/src/vcard_emul_nss.c 2016-03-03 13:14:24.000000000 +0100 @@ -1266,6 +1266,10 @@ args++; db = args; args = strpbrk(args, "\"\n"); + if (args == NULL) { + fprintf(stderr, "Error: invalid db argument.\n"); + return NULL; + } opts->nss_db = g_strndup(db, args-db); if (*args != 0) { args++; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libcacard-2.5.2/src/vscclient.c new/libcacard-2.5.3/src/vscclient.c --- old/libcacard-2.5.2/src/vscclient.c 2015-11-19 12:51:44.000000000 +0100 +++ new/libcacard-2.5.3/src/vscclient.c 2016-03-03 13:14:24.000000000 +0100 @@ -679,6 +679,8 @@ #endif while ((c = getopt(argc, argv, "c:e:d:")) != -1) { + assert(optarg != NULL); + switch (c) { case 'c': if (cert_count >= MAX_CERTS) {
