Hello community,
here is the log from the commit of package openssh for openSUSE:Factory checked
in at 2019-03-29 20:33:25
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/openssh (Old)
and /work/SRC/openSUSE:Factory/.openssh.new.25356 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openssh"
Fri Mar 29 20:33:25 2019 rev:131 rq:689349 version:7.9p1
Changes:
--------
--- /work/SRC/openSUSE:Factory/openssh/openssh.changes 2019-03-14
14:57:44.651737457 +0100
+++ /work/SRC/openSUSE:Factory/.openssh.new.25356/openssh.changes
2019-03-29 20:33:26.810621390 +0100
@@ -1,0 +2,6 @@
+Thu Mar 28 12:55:13 UTC 2019 - Vítězslav Čížek <vci...@suse.com>
+
+- Fix a double free() in the KDF CAVS testing tool (bsc#1065237)
+ * modify openssh-7.7p1-cavstest-kdf.patch
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
openssh.spec: same change
++++++ openssh-7.7p1-cavstest-kdf.patch ++++++
--- /var/tmp/diff_new_pack.o57JHR/_old 2019-03-29 20:33:28.698622503 +0100
+++ /var/tmp/diff_new_pack.o57JHR/_new 2019-03-29 20:33:28.698622503 +0100
@@ -2,15 +2,11 @@
# Parent 1e1d5a2ab8bddfc800f570755f9ea1addcc878c1
CAVS test for KDF implementation in OpenSSH
-diff --git a/openssh-7.7p1/Makefile.in b/openssh-7.7p1/Makefile.in
---- openssh-7.7p1/Makefile.in
-+++ openssh-7.7p1/Makefile.in
-@@ -20,16 +20,17 @@ top_srcdir=@top_srcdir@
- DESTDIR=
- VPATH=@srcdir@
- SSH_PROGRAM=@bindir@/ssh
- ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass
- SFTP_SERVER=$(libexecdir)/sftp-server
+Index: openssh-7.9p1/Makefile.in
+===================================================================
+--- openssh-7.9p1.orig/Makefile.in 2019-03-12 16:12:42.213142294 +0100
++++ openssh-7.9p1/Makefile.in 2019-03-28 13:49:37.150166231 +0100
+@@ -25,6 +25,7 @@ SFTP_SERVER=$(libexecdir)/sftp-server
SSH_KEYSIGN=$(libexecdir)/ssh-keysign
SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper
CAVSTEST_CTR=$(libexecdir)/cavstest-ctr
@@ -18,17 +14,7 @@
PRIVSEP_PATH=@PRIVSEP_PATH@
SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
STRIP_OPT=@STRIP_OPT@
- TEST_SHELL=@TEST_SHELL@
-
- PATHS= -DSSHDIR=\"$(sysconfdir)\" \
- -D_PATH_SSH_PROGRAM=\"$(SSH_PROGRAM)\" \
- -D_PATH_SSH_ASKPASS_DEFAULT=\"$(ASKPASS_PROGRAM)\" \
-@@ -58,17 +59,17 @@ ENT=@ENT@
- XAUTH_PATH=@XAUTH_PATH@
- LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@
- EXEEXT=@EXEEXT@
- MANFMT=@MANFMT@
- MKDIR_P=@MKDIR_P@
+@@ -63,7 +64,7 @@ MKDIR_P=@MKDIR_P@
TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT)
ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT)
ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT)
@@ -37,17 +23,7 @@
XMSS_OBJS=\
ssh-xmss.o \
- sshkey-xmss.o \
- xmss_commons.o \
- xmss_fast.o \
- xmss_hash.o \
- xmss_hash_address.o \
-@@ -206,16 +207,19 @@ sftp-server$(EXEEXT): $(LIBCOMPAT) libss
-
- sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o
sftp-glob.o progressmeter.o
- $(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o
sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT)
-
- # FIPS tests
+@@ -211,6 +212,9 @@ sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sft
cavstest-ctr$(EXEEXT): $(LIBCOMPAT) libssh.a cavstest-ctr.o
$(LD) -o $@ cavstest-ctr.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh
$(LIBS)
@@ -57,17 +33,7 @@
# test driver for the loginrec code - not built by default
logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o
$(LD) -o $@ logintest.o $(LDFLAGS) loginrec.o -lopenbsd-compat -lssh
$(LIBS)
-
- $(MANPAGES): $(MANPAGES_IN)
- if test "$(MANTYPE)" = "cat"; then \
- manpage=$(srcdir)/`echo $@ | sed 's/\.[1-9]\.out$$/\.0/'`; \
- else \
-@@ -347,16 +351,17 @@ install-files:
- $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keygen$(EXEEXT)
$(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT)
- $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keyscan$(EXEEXT)
$(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT)
- $(INSTALL) -m 0755 $(STRIP_OPT) sshd$(EXEEXT)
$(DESTDIR)$(sbindir)/sshd$(EXEEXT)
- $(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign$(EXEEXT)
$(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT)
- $(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT)
$(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
+@@ -356,6 +360,7 @@ install-files:
$(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT)
$(DESTDIR)$(bindir)/sftp$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT)
$(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) cavstest-ctr$(EXEEXT)
$(DESTDIR)$(libexecdir)/cavstest-ctr$(EXEEXT)
@@ -75,16 +41,11 @@
$(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
$(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1
$(INSTALL) -m 644 ssh-add.1.out
$(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1
- $(INSTALL) -m 644 ssh-agent.1.out
$(DESTDIR)$(mandir)/$(mansubdir)1/ssh-agent.1
- $(INSTALL) -m 644 ssh-keygen.1.out
$(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1
- $(INSTALL) -m 644 ssh-keyscan.1.out
$(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1
- $(INSTALL) -m 644 moduli.5.out
$(DESTDIR)$(mandir)/$(mansubdir)5/moduli.5
- $(INSTALL) -m 644 sshd_config.5.out
$(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5
-diff --git a/openssh-7.7p1/cavstest-kdf.c b/openssh-7.7p1/cavstest-kdf.c
-new file mode 100644
---- /dev/null
-+++ openssh-7.7p1/cavstest-kdf.c
-@@ -0,0 +1,387 @@
+Index: openssh-7.9p1/cavstest-kdf.c
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ openssh-7.9p1/cavstest-kdf.c 2019-03-28 13:54:20.047709759 +0100
+@@ -0,0 +1,384 @@
+/*
+ * Copyright (C) 2015, Stephan Mueller <smuel...@chronox.de>
+ *
@@ -364,9 +325,6 @@
+ hex, HEXOUTLEN, 0);
+ printf("Integrity key (server to client) = %s\n", hex);
+
-+ free(keys_client);
-+ free(keys_server);
-+
+out:
+ if (Kbn)
+ BN_free(Kbn);
