Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package libcacard It includes a security fix - #856501, CVE-2017-6414, and another bugfix pulled from upstream. unblock libcacard/1:2.5.0-3 diff -Nru libcacard-2.5.0/debian/changelog libcacard-2.5.0/debian/changelog --- libcacard-2.5.0/debian/changelog 2015-11-07 13:03:01.000000000 +0300 +++ libcacard-2.5.0/debian/changelog 2017-03-04 11:57:45.000000000 +0300 @@ -1,3 +1,11 @@ +libcacard (1:2.5.0-3) unstable; urgency=high + + * smartcard-fix-memory-leak-in-vcard_apdu_new-CVE-2017-6414.patch + Closes: #856501, CVE-2017-6414 + * dont-fail-if-caller-didn-t-pick-previous-response.patch + + -- Michael Tokarev <m...@tls.msk.ru> Sat, 04 Mar 2017 11:57:23 +0300 + libcacard (1:2.5.0-2) unstable; urgency=medium * add remove-requires.private.patch to remove Requires.private diff -Nru libcacard-2.5.0/debian/patches/dont-fail-if-caller-didn-t-pick-previous-response.patch libcacard-2.5.0/debian/patches/dont-fail-if-caller-didn-t-pick-previous-response.patch --- libcacard-2.5.0/debian/patches/dont-fail-if-caller-didn-t-pick-previous-response.patch 1970-01-01 03:00:00.000000000 +0300 +++ libcacard-2.5.0/debian/patches/dont-fail-if-caller-didn-t-pick-previous-response.patch 2017-03-04 11:57:07.000000000 +0300 @@ -0,0 +1,47 @@ +From: Jakub Jelen <jje...@redhat.com> +Date: Fri, 12 Aug 2016 11:31:37 +0200 +Subject: Do not fail, if the caller didn't pick up response from previous call +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Commit-Id: ad591057c301d3120c3f7e5a5826342c8bf523bc + +During our testing of a new CAC driver in OpenSC, with this library, we +encountered a problem with |libcacard| failing and the driver returning +only a fraction of the requested objects. + +The problem is that the Emulator wants to return the data (properly +signalized by 61 (RESPONSE BYTES) in SW1), but this is ignored for some +reason in some of our calls from OpenSC. The Emulator should not fail +hard for the next independent request, rather silently drop the buffer +and serve the ongoing APDU request (I would left for consideration to +somehow log such problem). + +Patch was successfully tested on Fedora 24 host and solves our problem +(though we worked around the problem already in the driver too). + +Reviewed-by: Marc-André Lureau <marcandre.lur...@redhat.com> +--- + src/card_7816.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +diff --git a/src/card_7816.c b/src/card_7816.c +index 8b12689..b598ef9 100644 +--- a/src/card_7816.c ++++ b/src/card_7816.c +@@ -732,11 +732,9 @@ vcard_process_apdu(VCard *card, VCardAPDU *apdu, VCardResponse **response) + } + buffer_response = vcard_get_buffer_response(card); + if (buffer_response && apdu->a_ins != VCARD7816_INS_GET_RESPONSE) { +- /* clear out buffer_response, return an error */ ++ /* clear out buffer_response, do not return an error */ + vcard_set_buffer_response(card, NULL); + vcard_buffer_response_delete(buffer_response); +- *response = vcard_make_response(VCARD7816_STATUS_EXC_ERROR); +- return VCARD_DONE; + } + + status = vcard_process_applet_apdu(card, apdu, response); +-- +2.1.4 + diff -Nru libcacard-2.5.0/debian/patches/series libcacard-2.5.0/debian/patches/series --- libcacard-2.5.0/debian/patches/series 2015-11-07 12:50:06.000000000 +0300 +++ libcacard-2.5.0/debian/patches/series 2017-03-04 11:57:07.000000000 +0300 @@ -1 +1,3 @@ remove-requires.private.patch +smartcard-fix-memory-leak-in-vcard_apdu_new-CVE-2017-6414.patch +dont-fail-if-caller-didn-t-pick-previous-response.patch diff -Nru libcacard-2.5.0/debian/patches/smartcard-fix-memory-leak-in-vcard_apdu_new-CVE-2017-6414.patch libcacard-2.5.0/debian/patches/smartcard-fix-memory-leak-in-vcard_apdu_new-CVE-2017-6414.patch --- libcacard-2.5.0/debian/patches/smartcard-fix-memory-leak-in-vcard_apdu_new-CVE-2017-6414.patch 1970-01-01 03:00:00.000000000 +0300 +++ libcacard-2.5.0/debian/patches/smartcard-fix-memory-leak-in-vcard_apdu_new-CVE-2017-6414.patch 2017-03-04 11:56:50.000000000 +0300 @@ -0,0 +1,40 @@ +From: Li Qiang <liq...@gmail.com> +Date: Tue, 21 Feb 2017 22:34:20 -0800 +Subject: smartcard: fix memory leak in vcard_apdu_new +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Commit-Id: 9113dc6a303604a2d9812ac70c17d076ef11886c +Bug-Debian: http://bugs.debian.org/856501 + +In the error path, 'new_apdu->a_data' is not freed. +This can be triggered by the guest continuely. + +Signed-off-by: Li Qiang <liqiang...@360.cn> +Reviewed-by: Marc-André Lureau <marcandre.lur...@redhat.com> +--- + src/card_7816.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/card_7816.c b/src/card_7816.c +index b598ef9..0082504 100644 +--- a/src/card_7816.c ++++ b/src/card_7816.c +@@ -341,12 +341,12 @@ vcard_apdu_new(unsigned char *raw_apdu, int len, vcard_7816_status_t *status) + new_apdu->a_len = len; + *status = vcard_apdu_set_class(new_apdu); + if (*status != VCARD7816_STATUS_SUCCESS) { +- g_free(new_apdu); ++ vcard_apdu_delete(new_apdu); + return NULL; + } + *status = vcard_apdu_set_length(new_apdu); + if (*status != VCARD7816_STATUS_SUCCESS) { +- g_free(new_apdu); ++ vcard_apdu_delete(new_apdu); + new_apdu = NULL; + } + return new_apdu; +-- +2.1.4 +