diff options
| author |   Mike Frysinger <vapier@gentoo.org> | 2006-01-23 22:58:22 +0000 |
|---|---|---|
| committer | Mike Frysinger <vapier@gentoo.org> | 2006-01-23 22:58:22 +0000 |
| commit | 6fa4da68dbe5ada2055772c53dabbc4a221127fb (patch) | |
| tree | f3e516ffc7460df3bc68a46df2a88b09d6e7998b /net-misc | |
| parent | Remove pear USE from dev-lang/php. (diff) | |
| download | historical-6fa4da68dbe5ada2055772c53dabbc4a221127fb.tar.gz historical-6fa4da68dbe5ada2055772c53dabbc4a221127fb.tar.bz2 historical-6fa4da68dbe5ada2055772c53dabbc4a221127fb.zip | |
Add security fix #119966.
Package-Manager: portage-2.1_pre3-r1
Diffstat (limited to 'net-misc')
| -rw-r--r-- | net-misc/lsh/ChangeLog | 10 | ||||
| -rw-r--r-- | net-misc/lsh/Manifest | 11 | ||||
| -rw-r--r-- | net-misc/lsh/files/digest-lsh-2.0.1-r1 | 1 | ||||
| -rw-r--r-- | net-misc/lsh/files/lsh-2.0.1-fix-fd-leak.patch | 63 | ||||
| -rw-r--r-- | net-misc/lsh/lsh-2.0.1-r1.ebuild | 73 |
5 files changed, 152 insertions, 6 deletions
diff --git a/net-misc/lsh/ChangeLog b/net-misc/lsh/ChangeLog index 2757bf1b4a6f..b1630efedc98 100644 --- a/net-misc/lsh/ChangeLog +++ b/net-misc/lsh/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for net-misc/lsh -# Copyright 2000-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/lsh/ChangeLog,v 1.5 2005/09/16 23:30:19 ciaranm Exp $ +# Copyright 1999-2006 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/lsh/ChangeLog,v 1.6 2006/01/23 22:58:22 vapier Exp $ + +*lsh-2.0.1-r1 (23 Jan 2006) + + 23 Jan 2006; Mike Frysinger <vapier@gentoo.org> + +files/lsh-2.0.1-fix-fd-leak.patch, +lsh-2.0.1-r1.ebuild: + Add security fix #119966. 16 Sep 2005; Ciaran McCreesh <ciaranm@gentoo.org> ChangeLog: Converted to UTF-8, fixed encoding screwups diff --git a/net-misc/lsh/Manifest b/net-misc/lsh/Manifest index 1b186bb2cde3..56473d4d8d17 100644 --- a/net-misc/lsh/Manifest +++ b/net-misc/lsh/Manifest @@ -1,15 +1,18 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -MD5 f96b557191c2c6ae08c7970add58834e ChangeLog 1913 +MD5 528c137d5fa606bb6dd3ab59db5214f3 ChangeLog 2080 MD5 912d87383add43e1cb70bcbe484dc674 files/digest-lsh-2.0.1 62 +MD5 912d87383add43e1cb70bcbe484dc674 files/digest-lsh-2.0.1-r1 62 +MD5 17924a8f895867a1cb1c97131000a329 files/lsh-2.0.1-fix-fd-leak.patch 2170 MD5 6813ec4e9dc95f6767e612961d38f090 files/lsh.confd 210 MD5 3e325f3a64bf91a900f317fd2e49a4c2 files/lsh.rc 814 +MD5 5fa2bcd31f5202b31961d7cb68445eae lsh-2.0.1-r1.ebuild 2138 MD5 31689a24c8ac91fb8ec178c531f44392 lsh-2.0.1.ebuild 2088 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) -iD8DBQFDzGWY2+ySkm8kpY0RAlcKAJ9FUd5sOAQevjC89c9KwWLL+Lu2ZACZAen2 -kjnw7B0Hh8b6UfpfON1xZ+4= -=vavE +iD8DBQFD1WAl2+ySkm8kpY0RApTBAJ45PRAy60BpoTjI3to7uB8k9NRy4gCgp9xE +0efhxqS8ydRQGv31vIPcH04= +=8sZR -----END PGP SIGNATURE----- diff --git a/net-misc/lsh/files/digest-lsh-2.0.1-r1 b/net-misc/lsh/files/digest-lsh-2.0.1-r1 new file mode 100644 index 000000000000..689cda9ed926 --- /dev/null +++ b/net-misc/lsh/files/digest-lsh-2.0.1-r1 @@ -0,0 +1 @@ +MD5 25ca0b4385779de3d58d2d5757f495c3 lsh-2.0.1.tar.gz 1866063 diff --git a/net-misc/lsh/files/lsh-2.0.1-fix-fd-leak.patch b/net-misc/lsh/files/lsh-2.0.1-fix-fd-leak.patch new file mode 100644 index 000000000000..0a19318a642c --- /dev/null +++ b/net-misc/lsh/files/lsh-2.0.1-fix-fd-leak.patch @@ -0,0 +1,63 @@ +http://bugs.gentoo.org/119966 +http://lists.lysator.liu.se/pipermail/lsh-bugs/2006q1/000467.html + +From: Niels Möller nisse at lysator.liu.se +Date: Fri Jan 20 17:44:07 CET 2006 +Subject: SECURITY: lshd leaks fd:s to user shells + +Stefan Pfetzing noticed that lshd leaks a couple of file descriptors, +related to the randomness generator, to user shells which are started +by lshd. + +This is a security problem, in at least two ways: + +* A user can truncate the server's seed file, which may prevent the + server from starting. + +* By reading the file, a user can get information that may be useful + for cracking other user's session keys, as well as public keys that + are generated from the disclosed seed file. (To understand what the + impact is, one must understand how yarrow generates and uses the + seed file. My initial analysis is that reading the seed-file is + advantageous only if it is read just prior to the start of some + process using the seed for initialization.) + +This is a local hole. It provides for fairly easy denial of service by +local users, and with some more effort, maybe also cracking of session +keys. + +The below patch, relative to lsh-2.0.1, seems to solve the problem. +After applying the patch, you should remove and then regenerate the +server's seed file (since users may still have open fd:s), and restart +lshd. + +I hope to be able to put together a new release sometime next week. +I'll be off-line over the weekend. In the mean time, feel free to +inform other distributors and appropriate security fora about the +problem. + +Sorry for the inconvenience, +/Niels + +*** src/unix_random.c.~1.17.~ 2004-11-17 22:13:27.000000000 +0100 +--- src/unix_random.c 2006-01-20 14:26:05.000000000 +0100 +*************** +*** 258,263 **** +--- 258,264 ---- + if (self->device_fd < 0) + return 0; + ++ io_set_close_on_exec(self->device_fd); + self->device_last_read = now; + } + +*************** +*** 381,386 **** +--- 382,388 ---- + return NULL; + } + ++ io_set_close_on_exec(self->seed_file_fd); + trace("random_init, reading seed file...\n"); + + if (!read_initial_seed_file(&self->yarrow, self->seed_file_fd)) diff --git a/net-misc/lsh/lsh-2.0.1-r1.ebuild b/net-misc/lsh/lsh-2.0.1-r1.ebuild new file mode 100644 index 000000000000..c32e23567a61 --- /dev/null +++ b/net-misc/lsh/lsh-2.0.1-r1.ebuild @@ -0,0 +1,73 @@ +# Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/lsh/lsh-2.0.1-r1.ebuild,v 1.1 2006/01/23 22:58:22 vapier Exp $ + +inherit eutils + +DESCRIPTION="A GNU implementation of the Secure Shell protocols" +HOMEPAGE="http://www.lysator.liu.se/~nisse/lsh/" +SRC_URI="ftp://ftp.lysator.liu.se/pub/security/lsh/${P}.tar.gz + http://www.lysator.liu.se/~nisse/archive/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~ppc ~sparc ~x86" +IUSE="pam tcpd ipv6 zlib X" + +RDEPEND="dev-libs/gmp + dev-libs/liboop + dev-libs/nettle + zlib? ( sys-libs/zlib ) + X? ( virtual/x11 ) + tcpd? ( sys-apps/tcp-wrappers ) + pam? ( sys-libs/pam )" +# kerberos? ( virtual/krb5 ) +DEPEND="${RDEPEND} + >=sys-apps/portage-2.0.51" + +src_unpack() { + unpack ${A} + cd "${S}" + epatch "${FILESDIR}"/${P}-fix-fd-leak.patch + # remove bundled nettle crap #56156 ... this is pretty ugly sed foo, + # but the alternative is a bigger, uglier patch which would probably + # need updating with every version :/ + sed -i -e '/src\/nettle/d' configure || die "sed configure failed" + sed -i \ + -e '/^SUBDIRS/s:nettle::' \ + -e '/^LDADD/s:nettle/libnettle\.a:-lnettle:' \ + -e 's:nettle/libnettle\.a::' \ + src/Makefile.in || die "sed src failed" + sed -i \ + -e 's:\.\./\.\./nettle/libnettle\.a::' \ + src/spki/tools/Makefile.in || die "sed spki failed" + sed -i \ + -e '/^LDADD/s:\.\./nettle/libnettle\.a:-lnettle:' \ + -e 's:\.\./nettle/libnettle\.a::' \ + src/testsuite/Makefile.in || die "sed test failed" + rm -r src/nettle +} + +src_compile() { + # configure script checks /dev/ptmx in order to enable + # proper unix pty support ... so lets fake that it works :) + addpredict /dev/ptmx +# $(use_enable kerberos) + econf \ + --disable-kerberos \ + $(use_enable pam) \ + $(use_enable ipv6) \ + $(use_with zlib) \ + $(use_with tcpd tcpwrappers) \ + $(use_with X x) \ + || die + emake || die "emake failed" +} + +src_install() { + emake install DESTDIR="${D}" || die "install failed" + dodoc ANNOUNCE AUTHORS ChangeLog FAQ NEWS README + + newinitd "${FILESDIR}"/lsh.rc lshd + newconfd "${FILESDIR}"/lsh.confd lshd +} |