Add security fix #119966.

(Portage version: 2.1_pre3-r1)

4 files changed, 145 insertions, 2 deletions

diff --git a/net-misc/lsh/ChangeLog b/net-misc/lsh/ChangeLog
index 2757bf1b4a6f..b1630efedc98 100644
--- a/net-misc/lsh/ChangeLog
+++ b/net-misc/lsh/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for net-misc/lsh
-# Copyright 2000-2005 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/lsh/ChangeLog,v 1.5 2005/09/16 23:30:19 ciaranm Exp $
+# Copyright 1999-2006 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/lsh/ChangeLog,v 1.6 2006/01/23 22:58:22 vapier Exp $
+
+*lsh-2.0.1-r1 (23 Jan 2006)
+
+  23 Jan 2006; Mike Frysinger <vapier@gentoo.org>
+  +files/lsh-2.0.1-fix-fd-leak.patch, +lsh-2.0.1-r1.ebuild:
+  Add security fix #119966.
 
   16 Sep 2005; Ciaran McCreesh <ciaranm@gentoo.org> ChangeLog:
   Converted to UTF-8, fixed encoding screwups
diff --git a/net-misc/lsh/files/digest-lsh-2.0.1-r1 b/net-misc/lsh/files/digest-lsh-2.0.1-r1
new file mode 100644
index 000000000000..689cda9ed926
--- /dev/null
+++ b/net-misc/lsh/files/digest-lsh-2.0.1-r1
@@ -0,0 +1 @@
+MD5 25ca0b4385779de3d58d2d5757f495c3 lsh-2.0.1.tar.gz 1866063
diff --git a/net-misc/lsh/files/lsh-2.0.1-fix-fd-leak.patch b/net-misc/lsh/files/lsh-2.0.1-fix-fd-leak.patch
new file mode 100644
index 000000000000..0a19318a642c
--- /dev/null
+++ b/net-misc/lsh/files/lsh-2.0.1-fix-fd-leak.patch
@@ -0,0 +1,63 @@
+http://bugs.gentoo.org/119966
+http://lists.lysator.liu.se/pipermail/lsh-bugs/2006q1/000467.html
+
+From: Niels Möller nisse at lysator.liu.se
+Date: Fri Jan 20 17:44:07 CET 2006
+Subject: SECURITY: lshd leaks fd:s to user shells
+
+Stefan Pfetzing noticed that lshd leaks a couple of file descriptors,
+related to the randomness generator, to user shells which are started
+by lshd.
+
+This is a security problem, in at least two ways:
+
+* A user can truncate the server's seed file, which may prevent the
+  server from starting.
+
+* By reading the file, a user can get information that may be useful
+  for cracking other user's session keys, as well as public keys that
+  are generated from the disclosed seed file. (To understand what the
+  impact is, one must understand how yarrow generates and uses the
+  seed file. My initial analysis is that reading the seed-file is
+  advantageous only if it is read just prior to the start of some
+  process using the seed for initialization.)
+
+This is a local hole. It provides for fairly easy denial of service by
+local users, and with some more effort, maybe also cracking of session
+keys.
+
+The below patch, relative to lsh-2.0.1, seems to solve the problem.
+After applying the patch, you should remove and then regenerate the
+server's seed file (since users may still have open fd:s), and restart
+lshd.
+
+I hope to be able to put together a new release sometime next week.
+I'll be off-line over the weekend. In the mean time, feel free to
+inform other distributors and appropriate security fora about the
+problem.
+
+Sorry for the inconvenience,
+/Niels
+
+*** src/unix_random.c.~1.17.~       2004-11-17 22:13:27.000000000 +0100
+--- src/unix_random.c       2006-01-20 14:26:05.000000000 +0100
+***************
+*** 258,263 ****
+--- 258,264 ----
+        if (self->device_fd < 0)
+        return 0;
+
++       io_set_close_on_exec(self->device_fd);
+        self->device_last_read = now;
+      }
+
+***************
+*** 381,386 ****
+--- 382,388 ----
+        return NULL;
+        }
+
++     io_set_close_on_exec(self->seed_file_fd);
+      trace("random_init, reading seed file...\n");
+
+      if (!read_initial_seed_file(&self->yarrow, self->seed_file_fd))
diff --git a/net-misc/lsh/lsh-2.0.1-r1.ebuild b/net-misc/lsh/lsh-2.0.1-r1.ebuild
new file mode 100644
index 000000000000..c32e23567a61
--- /dev/null
+++ b/net-misc/lsh/lsh-2.0.1-r1.ebuild
@@ -0,0 +1,73 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/lsh/lsh-2.0.1-r1.ebuild,v 1.1 2006/01/23 22:58:22 vapier Exp $
+
+inherit eutils
+
+DESCRIPTION="A GNU implementation of the Secure Shell protocols"
+HOMEPAGE="http://www.lysator.liu.se/~nisse/lsh/"
+SRC_URI="ftp://ftp.lysator.liu.se/pub/security/lsh/${P}.tar.gz
+	http://www.lysator.liu.se/~nisse/archive/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~sparc ~x86"
+IUSE="pam tcpd ipv6 zlib X"
+
+RDEPEND="dev-libs/gmp
+	dev-libs/liboop
+	dev-libs/nettle
+	zlib? ( sys-libs/zlib )
+	X? ( virtual/x11 )
+	tcpd? ( sys-apps/tcp-wrappers )
+	pam? ( sys-libs/pam )"
+#	kerberos? ( virtual/krb5 )
+DEPEND="${RDEPEND}
+	>=sys-apps/portage-2.0.51"
+
+src_unpack() {
+	unpack ${A}
+	cd "${S}"
+	epatch "${FILESDIR}"/${P}-fix-fd-leak.patch
+	# remove bundled nettle crap #56156 ... this is pretty ugly sed foo,
+	# but the alternative is a bigger, uglier patch which would probably 
+	# need updating with every version :/
+	sed -i -e '/src\/nettle/d' configure || die "sed configure failed"
+	sed -i \
+		-e '/^SUBDIRS/s:nettle::' \
+		-e '/^LDADD/s:nettle/libnettle\.a:-lnettle:' \
+		-e 's:nettle/libnettle\.a::' \
+		src/Makefile.in || die "sed src failed"
+	sed -i \
+		-e 's:\.\./\.\./nettle/libnettle\.a::' \
+		src/spki/tools/Makefile.in || die "sed spki failed"
+	sed -i \
+		-e '/^LDADD/s:\.\./nettle/libnettle\.a:-lnettle:' \
+		-e 's:\.\./nettle/libnettle\.a::' \
+		src/testsuite/Makefile.in || die "sed test failed"
+	rm -r src/nettle
+}
+
+src_compile() {
+	# configure script checks /dev/ptmx in order to enable
+	# proper unix pty support ... so lets fake that it works :)
+	addpredict /dev/ptmx
+#		$(use_enable kerberos)
+	econf \
+		--disable-kerberos \
+		$(use_enable pam) \
+		$(use_enable ipv6) \
+		$(use_with zlib) \
+		$(use_with tcpd tcpwrappers) \
+		$(use_with X x) \
+		|| die
+	emake || die "emake failed"
+}
+
+src_install() {
+	emake install DESTDIR="${D}" || die "install failed"
+	dodoc ANNOUNCE AUTHORS ChangeLog FAQ NEWS README
+
+	newinitd "${FILESDIR}"/lsh.rc lshd
+	newconfd "${FILESDIR}"/lsh.confd lshd
+}