http://bugzilla.novell.com/show_bug.cgi?id=627619 http://bugzilla.novell.com/show_bug.cgi?id=627619#c0 Summary: opensc and every dependent package that uses SC_TEST_RET is broken Classification: openSUSE Product: openSUSE 11.3 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Critical Priority: P5 - None Component: Security AssignedTo: sbrabec@novell.com ReportedBy: cmorve69@yahoo.es QAContact: qa@suse.de CC: security-team@suse.de, puzel@novell.com Found By: Community User Blocker: --- We have a bad patch in the opensc package that breaks anything that uses the SC_TEST_RET macro: https://build.opensuse.org/package/view_file?file=opensc-fix-gcc-warnings.patch&package=opensc&project=openSUSE%3A11.3 These packages, *at least*, should be inspectioned (others could depend on it indirectly even if they use it): $ osc whatdependson openSUSE:11.3 opensc standard x86_64 opensc : gpg2 gtkcard installation-images libchipcard4 opensc-java openssh openssh-askpass-gnome The macro is #define SC_TEST_RET(ctx, r, text) do { \ int _ret = (r); \ if (_ret < 0) { \ sc_do_log(ctx, SC_LOG_TYPE_ERROR, __FILE__, __LINE__, __FUNCTION__, "%s: %s\n", (text), sc_strerror(_ret)); \ return _ret; \ } \ } while(0) It just checks if the return value of a function ('r') is < 0 and in such a case prints a log message and returns. The patch, changes that behavior so the log message is shown only if r < 0... but ALWAYS returns. That breaks the logic of any functions using this macro. At least it means a segmentation fault when using the spanish ID card (from opensc-tool, or from Firefox... whatever is using it). Up to where I know this is just a crash problem, not a security risk. But since multiple packages could be affected I CC the security-team. IMHO the package in the devel should be fixed, updates published for any affected 11.3 package... and the package in openSUSE:11.3 project be modified. I know that project is supposed to be static, but people will not build against openSUSE:11.3:Update if they don't know about the problem. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.