Comment 1 Thomas Deutschmann (RETIRED) 2017-03-01 23:48:30 UTC

@ Maintainer(s): Please bump to >=app-emulation/libcacard-2.5.3!

Comment 2 GLSAMaker/CVETool Bot 2017-03-19 14:29:14 UTC

CVE-2017-6414 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6414):
  Memory leak in the vcard_apdu_new function in card_7816.c in libcacard
  before 2.5.3 allows local guest OS users to cause a denial of service (host
  memory consumption) via vectors related to allocating a new APDU object.

Comment 3 Aaron Bauman (RETIRED) 2017-07-17 01:06:16 UTC

please bump!

Comment 4 Virgil Dupras (RETIRED) 2018-08-11 23:42:43 UTC

I've looked into bumping it. It's an easy bump and tests pass, but I don't know how to use this library so I can't actually verify that it works. Because our target delay is long passed due and because the maintainer is unresponsive, what do you think we should so, security team? Mask the package and corresponding revdeps USE flags and schedule for removal?

Comment 5 Tiziano Müller (RETIRED) 2018-08-12 08:01:25 UTC

I'm working on it. Already bumped and built locally, need to test it though.

Comment 6 Tiziano Müller (RETIRED) 2018-08-12 15:48:26 UTC

ok, libcacard-2.6.0 seems to work, although qemu needed a patch to work with libvirt/virt-manager with smartcard support enabled:
  https://git.qemu.org/?p=qemu.git;a=patch;h=e58d64a;hp=a4207e3b00e89f934adb231057dcf9a75ac2ae45.

Tested as follows:

* USE="passthrough" for libcacard (new flag, on by default)
* USE="smartcard" for spice, spice-gtk and qemu
* setup a VM using virt-manager (via libvirt and qemu)
* add a virtual smartcard passthrough device to this machine
* create a software smartcard and connect to the VM as described in https://www.spice-space.org/smartcard-usage.html
* in the VM:
  * install pcsc-lite and -tools + coolkey
  * start pcscd
  * run pcsc_scan
  * you should get something like:
    Possibly identified card (...):
    3B 89 ...
      Coolkey emulated card using virtual viewer with nssdb (eID)

Comment 7 Larry the Git Cow 2018-08-14 15:15:14 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bc51b968eb58887c91e46184734f98a6ac2c4cce

commit bc51b968eb58887c91e46184734f98a6ac2c4cce
Author:     Tiziano Müller <dev-zero@gentoo.org>
AuthorDate: 2018-08-14 15:12:25 +0000
Commit:     Tiziano Müller <dev-zero@gentoo.org>
CommitDate: 2018-08-14 15:14:48 +0000

    app-emulation/libcacard: version bump for #611348
    
    adding a new (default-on) USE flag to reduce deps for people wanting
    virtual certificate-based smartcards only
    
    Bug: https://bugs.gentoo.org/611348
    Package-Manager: Portage-2.3.45, Repoman-2.3.10

 app-emulation/libcacard/Manifest               |  1 +
 app-emulation/libcacard/libcacard-2.6.0.ebuild | 31 ++++++++++++++++++++++++++
 app-emulation/libcacard/metadata.xml           |  3 +++
 3 files changed, 35 insertions(+)

Comment 8 Virgil Dupras (RETIRED) 2018-10-10 17:42:14 UTC

This bug's workflow is blocked. The ebuild was submitted a while ago, but stabilization was never requested.

Arches, please stabilize app-emulation/libcacard-2.6.0. Thanks!

Comment 9 Agostino Sarubbo 2018-10-11 19:51:43 UTC

amd64 stable

Comment 10 Tobias Klausmann (RETIRED) 2018-10-13 06:57:26 UTC

Stable on alpha.

Comment 11 Markus Meier 2018-10-29 05:36:24 UTC

arm stable

Comment 12 ernsteiswuerfel 2018-11-09 13:30:36 UTC

Fails testsuite on ppc (see bug #670747).

Comment 13 Tiziano Müller (RETIRED) 2018-11-23 07:54:18 UTC

I've reduced the test suite to avoid pulling in (and requiring fast stabilization of) SoftHSMv2 for now, please retry

Comment 14 Thomas Deutschmann (RETIRED) 2018-11-23 16:54:43 UTC

(In reply to Tiziano Müller from comment #13)
> I've reduced the test suite to avoid pulling in (and requiring fast
> stabilization of) SoftHSMv2 for now, please retry

ERROR: tests/simpletlv - too few tests run (expected 9, got 1)
ERROR: tests/simpletlv - exited with status 134 (terminated by signal 6?)

Comment 15 Tiziano Müller (RETIRED) 2018-11-23 18:57:47 UTC

@whissi do you have more info?

That's what I get (with USE="passthrough"):
[...]
make  check-TESTS
make[3]: Entering directory '/var/tmp/portage/app-emulation/libcacard-2.6.0/work/libcacard-2.6.0'
make[4]: Entering directory '/var/tmp/portage/app-emulation/libcacard-2.6.0/work/libcacard-2.6.0'
PASS: tests/simpletlv 1 /simpletlv/length/simple
PASS: tests/simpletlv 2 /simpletlv/length/nested
PASS: tests/simpletlv 3 /simpletlv/length/skipped
PASS: tests/simpletlv 4 /simpletlv/encode/simple
PASS: tests/simpletlv 5 /simpletlv/encode/nested
PASS: tests/simpletlv 6 /simpletlv/encode/skipped
PASS: tests/simpletlv 7 /simpletlv/parse/simple
PASS: tests/simpletlv 8 /simpletlv/parse/last_bad
PASS: tests/simpletlv 9 /simpletlv/clone/simple
PASS: tests/libcacard 1 /libcacard/list
PASS: tests/libcacard 2 /libcacard/card-remove-insert
PASS: tests/libcacard 3 /libcacard/xfer
PASS: tests/libcacard 4 /libcacard/select-coid
PASS: tests/libcacard 5 /libcacard/cac-pki
PASS: tests/libcacard 6 /libcacard/cac-ccc
PASS: tests/libcacard 7 /libcacard/cac-aca
PASS: tests/libcacard 8 /libcacard/get-response
PASS: tests/libcacard 9 /libcacard/check-login-count
PASS: tests/libcacard 10 /libcacard/login
PASS: tests/libcacard 11 /libcacard/sign
PASS: tests/libcacard 12 /libcacard/empty-applets
PASS: tests/libcacard 13 /libcacard/gp-applet
PASS: tests/libcacard 14 /libcacard/invalid-properties-apdu
PASS: tests/libcacard 15 /libcacard/invalid-select-apdu
PASS: tests/libcacard 16 /libcacard/invalid-instruction
PASS: tests/libcacard 17 /libcacard/invalid-read-buffer
PASS: tests/libcacard 18 /libcacard/invalid-acr
PASS: tests/libcacard 19 /libcacard/passthrough-applet
PASS: tests/libcacard 20 /libcacard/remove
============================================================================
Testsuite summary for libcacard 2.6.0
============================================================================
# TOTAL: 29
# PASS:  29
# SKIP:  0
# XFAIL: 0
# FAIL:  0
# XPASS: 0
# ERROR: 0
============================================================================
[...]

Comment 16 Thomas Deutschmann (RETIRED) 2018-11-23 20:14:31 UTC

ERROR: tests/simpletlv
======================

**
libcacard:ERROR:tests/simpletlv.c:69:test_length_nested: assertion failed (length == -1): (4294967295 == -1)
# random seed: R02Sc42f8fde5b5e63107997c77af347685f
1..9
# Start of simpletlv tests
# Start of length tests
ok 1 /simpletlv/length/simple
PASS: tests/simpletlv 1 /simpletlv/length/simple
./build-aux/tap-test: line 5:  7225 Aborted                 (core dumped) $@ -k --tap
# libcacard:ERROR:tests/simpletlv.c:69:test_length_nested: assertion failed (length == -1): (4294967295 == -1)
ERROR: tests/simpletlv - too few tests run (expected 9, got 1)
ERROR: tests/simpletlv - exited with status 134 (terminated by signal 6?)


back trace:

Reading symbols from /var/tmp/portage/app-emulation/libcacard-2.6.0/work/libcacard-2.6.0/tests/.libs/simpletlv...done.

warning: exec file is newer than core file.
[New LWP 7225]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/libthread_db.so.1".
Core was generated by `/var/tmp/portage/app-emulation/libcacard-2.6.0/work/libcacard-2.6.0/tests/.libs'.
Program terminated with signal SIGABRT, Aborted.
#0  0xb7f99b55 in __kernel_vsyscall ()
(gdb) bt
#0  0xb7f99b55 in __kernel_vsyscall ()
#1  0xb7c8486a in __libc_signal_restore_set (set=0xbfb0c80c) at ../sysdeps/unix/sysv/linux/nptl-signals.h:80
#2  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:48
#3  0xb7c8602a in __GI_abort () at abort.c:79
#4  0xb7ecf5f9 in g_assertion_message (domain=<optimized out>, domain@entry=0x434c01 "libcacard",
    file=<optimized out>, file@entry=0x434bef "tests/simpletlv.c", line=<optimized out>, line@entry=69,
    func=<optimized out>, func@entry=0x4352a0 <__func__.9805> "test_length_nested", message=<optimized out>,
    message@entry=0x790ad0 "assertion failed (length == -1): (4294967295 == -1)")
    at /var/tmp/portage/dev-libs/glib-2.52.3/work/glib-2.52.3/glib/gtestutils.c:2433
#5  0xb7ecf9fc in g_assertion_message_cmpnum (domain=0x434c01 "libcacard", file=0x434bef "tests/simpletlv.c", line=69,
    func=0x4352a0 <__func__.9805> "test_length_nested", expr=0x434cb6 "length == -1", arg1=4294967295,
    cmp=0x434c0b "==", arg2=-1, numtype=105 'i')
    at /var/tmp/portage/dev-libs/glib-2.52.3/work/glib-2.52.3/glib/gtestutils.c:2489
#6  0x00433598 in test_length_nested () at tests/simpletlv.c:69
#7  0xb7eceff1 in test_case_run (tc=0x790430)
    at /var/tmp/portage/dev-libs/glib-2.52.3/work/glib-2.52.3/glib/gtestutils.c:2161
#8  g_test_run_suite_internal (suite=suite@entry=0x78ff40, path=path@entry=0x0)
    at /var/tmp/portage/dev-libs/glib-2.52.3/work/glib-2.52.3/glib/gtestutils.c:2244
#9  0xb7ecf207 in g_test_run_suite_internal (suite=suite@entry=0x78ff30, path=path@entry=0x0)
    at /var/tmp/portage/dev-libs/glib-2.52.3/work/glib-2.52.3/glib/gtestutils.c:2256
#10 0xb7ecf207 in g_test_run_suite_internal (suite=suite@entry=0x78ff20, path=path@entry=0x0)
    at /var/tmp/portage/dev-libs/glib-2.52.3/work/glib-2.52.3/glib/gtestutils.c:2256
#11 0xb7ecf3eb in g_test_run_suite (suite=0x78ff20)
    at /var/tmp/portage/dev-libs/glib-2.52.3/work/glib-2.52.3/glib/gtestutils.c:2332
#12 0xb7ecf40b in g_test_run () at /var/tmp/portage/dev-libs/glib-2.52.3/work/glib-2.52.3/glib/gtestutils.c:1599
#13 0x004318e6 in main (argc=<optimized out>, argv=<optimized out>) at tests/simpletlv.c:368
(gdb)

Comment 17 Tiziano Müller (RETIRED) 2018-11-24 09:17:43 UTC

@whissi backported patch from upstream added to fix test failures on i686

Comment 18 Thomas Deutschmann (RETIRED) 2018-11-27 21:56:55 UTC

x86 stable

Comment 19 Sergei Trofimovich (RETIRED) 2018-12-01 21:03:19 UTC

ia64 stable

Comment 20 ernsteiswuerfel 2019-04-02 20:54:34 UTC

Fails testsuite on ppc (bug #676676).

Comment 21 Agostino Sarubbo 2019-06-03 15:00:24 UTC

ppc64 stable

Comment 22 Agostino Sarubbo 2019-06-04 19:01:37 UTC

ppc stable

Comment 23 Agostino Sarubbo 2019-06-05 09:14:57 UTC

sparc stable.

Maintainer(s), please cleanup.
Security, please vote.