Hello community, here is the log from the commit of package openssh for openSUSE:Factory checked in at 2019-03-29 20:33:25 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openssh (Old) and /work/SRC/openSUSE:Factory/.openssh.new.25356 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openssh" Fri Mar 29 20:33:25 2019 rev:131 rq:689349 version:7.9p1 Changes: -------- --- /work/SRC/openSUSE:Factory/openssh/openssh.changes 2019-03-14 14:57:44.651737457 +0100 +++ /work/SRC/openSUSE:Factory/.openssh.new.25356/openssh.changes 2019-03-29 20:33:26.810621390 +0100 @@ -1,0 +2,6 @@ +Thu Mar 28 12:55:13 UTC 2019 - Vítězslav Čížek <vci...@suse.com> + +- Fix a double free() in the KDF CAVS testing tool (bsc#1065237) + * modify openssh-7.7p1-cavstest-kdf.patch + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ openssh.spec: same change ++++++ openssh-7.7p1-cavstest-kdf.patch ++++++ --- /var/tmp/diff_new_pack.o57JHR/_old 2019-03-29 20:33:28.698622503 +0100 +++ /var/tmp/diff_new_pack.o57JHR/_new 2019-03-29 20:33:28.698622503 +0100 @@ -2,15 +2,11 @@ # Parent 1e1d5a2ab8bddfc800f570755f9ea1addcc878c1 CAVS test for KDF implementation in OpenSSH -diff --git a/openssh-7.7p1/Makefile.in b/openssh-7.7p1/Makefile.in ---- openssh-7.7p1/Makefile.in -+++ openssh-7.7p1/Makefile.in -@@ -20,16 +20,17 @@ top_srcdir=@top_srcdir@ - DESTDIR= - VPATH=@srcdir@ - SSH_PROGRAM=@bindir@/ssh - ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass - SFTP_SERVER=$(libexecdir)/sftp-server +Index: openssh-7.9p1/Makefile.in +=================================================================== +--- openssh-7.9p1.orig/Makefile.in 2019-03-12 16:12:42.213142294 +0100 ++++ openssh-7.9p1/Makefile.in 2019-03-28 13:49:37.150166231 +0100 +@@ -25,6 +25,7 @@ SFTP_SERVER=$(libexecdir)/sftp-server SSH_KEYSIGN=$(libexecdir)/ssh-keysign SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper CAVSTEST_CTR=$(libexecdir)/cavstest-ctr @@ -18,17 +14,7 @@ PRIVSEP_PATH=@PRIVSEP_PATH@ SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@ STRIP_OPT=@STRIP_OPT@ - TEST_SHELL=@TEST_SHELL@ - - PATHS= -DSSHDIR=\"$(sysconfdir)\" \ - -D_PATH_SSH_PROGRAM=\"$(SSH_PROGRAM)\" \ - -D_PATH_SSH_ASKPASS_DEFAULT=\"$(ASKPASS_PROGRAM)\" \ -@@ -58,17 +59,17 @@ ENT=@ENT@ - XAUTH_PATH=@XAUTH_PATH@ - LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@ - EXEEXT=@EXEEXT@ - MANFMT=@MANFMT@ - MKDIR_P=@MKDIR_P@ +@@ -63,7 +64,7 @@ MKDIR_P=@MKDIR_P@ TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) @@ -37,17 +23,7 @@ XMSS_OBJS=\ ssh-xmss.o \ - sshkey-xmss.o \ - xmss_commons.o \ - xmss_fast.o \ - xmss_hash.o \ - xmss_hash_address.o \ -@@ -206,16 +207,19 @@ sftp-server$(EXEEXT): $(LIBCOMPAT) libss - - sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o - $(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT) - - # FIPS tests +@@ -211,6 +212,9 @@ sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sft cavstest-ctr$(EXEEXT): $(LIBCOMPAT) libssh.a cavstest-ctr.o $(LD) -o $@ cavstest-ctr.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) @@ -57,17 +33,7 @@ # test driver for the loginrec code - not built by default logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o $(LD) -o $@ logintest.o $(LDFLAGS) loginrec.o -lopenbsd-compat -lssh $(LIBS) - - $(MANPAGES): $(MANPAGES_IN) - if test "$(MANTYPE)" = "cat"; then \ - manpage=$(srcdir)/`echo $@ | sed 's/\.[1-9]\.out$$/\.0/'`; \ - else \ -@@ -347,16 +351,17 @@ install-files: - $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keygen$(EXEEXT) $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT) - $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keyscan$(EXEEXT) $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT) - $(INSTALL) -m 0755 $(STRIP_OPT) sshd$(EXEEXT) $(DESTDIR)$(sbindir)/sshd$(EXEEXT) - $(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign$(EXEEXT) $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT) - $(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT) +@@ -356,6 +360,7 @@ install-files: $(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT) $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT) $(INSTALL) -m 0755 $(STRIP_OPT) cavstest-ctr$(EXEEXT) $(DESTDIR)$(libexecdir)/cavstest-ctr$(EXEEXT) @@ -75,16 +41,11 @@ $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 $(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1 $(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1 - $(INSTALL) -m 644 ssh-agent.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-agent.1 - $(INSTALL) -m 644 ssh-keygen.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1 - $(INSTALL) -m 644 ssh-keyscan.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1 - $(INSTALL) -m 644 moduli.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/moduli.5 - $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5 -diff --git a/openssh-7.7p1/cavstest-kdf.c b/openssh-7.7p1/cavstest-kdf.c -new file mode 100644 ---- /dev/null -+++ openssh-7.7p1/cavstest-kdf.c -@@ -0,0 +1,387 @@ +Index: openssh-7.9p1/cavstest-kdf.c +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssh-7.9p1/cavstest-kdf.c 2019-03-28 13:54:20.047709759 +0100 +@@ -0,0 +1,384 @@ +/* + * Copyright (C) 2015, Stephan Mueller <smuel...@chronox.de> + * @@ -364,9 +325,6 @@ + hex, HEXOUTLEN, 0); + printf("Integrity key (server to client) = %s\n", hex); + -+ free(keys_client); -+ free(keys_server); -+ +out: + if (Kbn) + BN_free(Kbn);