Bug#724895: pu: package perspectives-extension/4.3.1-1+deb7u1
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: pu
Hi,
As agreed with the security team and the current maintainer, we’d like
to include this security fix via the upcoming point release, because the
package has a low popcon and requires a very unusual configuration to
trigger the flaw (but with such a configuration, it completely
undermines the security model perspectives attempts to provide).
The proposed update aim to fix the issue disclosed recently on the
upstream project website [1] and the upstream bug tracker [2].
1: http://perspectives-project.org/2013/09/19/security-alert-incorrect-quorum-with-low-number-of-notaries-andor-low-quorum-percentage/
2: https://github.com/danwent/Perspectives/issues/87
The two upstream commits to fix this issue (cb3d991 and 1f85a52) apply
properly into stable once fe6551e is also applied, thus the three
patches.
Regards
David
P.-S.: The fix “already” made it to Jessie.
-- System Information:
Debian Release: 7.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'stable'), (150, 'testing'), (120, 'unstable'), (110, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Nru perspectives-extension-4.3.1/debian/changelog perspectives-extension-4.3.1/debian/changelog
--- perspectives-extension-4.3.1/debian/changelog 2012-06-28 16:45:35.000000000 -0400
+++ perspectives-extension-4.3.1/debian/changelog 2013-09-26 19:47:24.000000000 -0400
@@ -1,3 +1,11 @@
+perspectives-extension (4.3.1-1+deb7u1) wheezy; urgency=low
+
+ * Backport security fix from 4.3.6.
+ Incorrect quorum length with low number of notaries and/or low quorum
+ percentage.
+
+ -- David Prévot <taffit@debian.org> Thu, 26 Sep 2013 19:25:32 -0400
+
perspectives-extension (4.3.1-1) unstable; urgency=low
* New upstream version.
diff -Nru perspectives-extension-4.3.1/debian/patches/0001-Pers_client_policy-Add-checks-against-quorum-size-0.patch perspectives-extension-4.3.1/debian/patches/0001-Pers_client_policy-Add-checks-against-quorum-size-0.patch
--- perspectives-extension-4.3.1/debian/patches/0001-Pers_client_policy-Add-checks-against-quorum-size-0.patch 1969-12-31 20:00:00.000000000 -0400
+++ perspectives-extension-4.3.1/debian/patches/0001-Pers_client_policy-Add-checks-against-quorum-size-0.patch 2013-09-26 19:23:54.000000000 -0400
@@ -0,0 +1,50 @@
+From: Dave Schaefer <dave.schaefer@gmail.com>
+Date: Wed, 18 Sep 2013 21:26:48 -0600
+Subject: Pers_client_policy - Add checks against quorum size 0
+
+We should never return true nor report any duration for sizes < 1.
+
+Origin: upstream, https://github.com/danwent/Perspectives/commit/cb3d9913217afb0973281275cd4269ed0c1acc2c
+Bug: https://github.com/danwent/Perspectives/issues/87
+---
+ plugin/chrome/content/client_policy.js | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/plugin/chrome/content/client_policy.js b/plugin/chrome/content/client_policy.js
+index fd74f43..72f31c6 100644
+--- a/plugin/chrome/content/client_policy.js
++++ b/plugin/chrome/content/client_policy.js
+@@ -119,6 +119,10 @@ get_all_key_changes : function(results) {
+ } ,
+
+ check_current_consistency : function(test_key,results,quorum_size,stale_limit_secs,cur_time) {
++ if (quorum_size < 1) {
++ Pers_debug.d_print("error", "ERROR: quorum size cannot be less than 1.");
++ return false;
++ }
+ //get_all_key_changes(results);
+ var num_valid = Pers_client_policy.get_num_valid_notaries(test_key,results,stale_limit_secs,cur_time);
+ Pers_debug.d_print("policy",
+@@ -127,6 +131,10 @@ check_current_consistency : function(test_key,results,quorum_size,stale_limit_se
+ },
+
+ has_quorum_at_time : function(test_key, results, quorum_size, time) {
++ if (quorum_size < 1) {
++ Pers_debug.d_print("error", "ERROR: quorum size cannot be less than 1.");
++ return false;
++ }
+ Pers_debug.d_print("policy", "testing quorum for time " + time +
+ " and key: " + test_key);
+ var total_valid = 0;
+@@ -156,6 +164,11 @@ has_quorum_at_time : function(test_key, results, quorum_size, time) {
+ // returns duration in seconds - i.e. days * 24 * 3600.
+ get_quorum_duration : function(test_key, results, quorum_size, stale_limit_secs, unixtime) {
+
++ if (quorum_size < 1) {
++ Pers_debug.d_print("error", "ERROR: quorum size cannot be less than 1.");
++ return false;
++ }
++
+ if(! Pers_client_policy.check_current_consistency(test_key,results,quorum_size,
+ stale_limit_secs,unixtime)) {
+ Pers_debug.d_print("policy","current_consistency_failed");
diff -Nru perspectives-extension-4.3.1/debian/patches/0002-Perspectives-Move-quorum-calculation-to-its-own-func.patch perspectives-extension-4.3.1/debian/patches/0002-Perspectives-Move-quorum-calculation-to-its-own-func.patch
--- perspectives-extension-4.3.1/debian/patches/0002-Perspectives-Move-quorum-calculation-to-its-own-func.patch 1969-12-31 20:00:00.000000000 -0400
+++ perspectives-extension-4.3.1/debian/patches/0002-Perspectives-Move-quorum-calculation-to-its-own-func.patch 2013-09-26 19:23:54.000000000 -0400
@@ -0,0 +1,43 @@
+From: Dave Schaefer <dave.schaefer@gmail.com>
+Date: Sat, 21 Jul 2012 13:04:45 -0700
+Subject: Perspectives - Move quorum calculation to its own function
+
+This is in anticipation of writing code that will also call the function.
+Let's separate some functionality to make things more object-oriented
+and easier to use.
+
+Origin: upstream, https://github.com/danwent/Perspectives/commit/fe6551ee7d26829bf69d00f49579fc1be48f42a8
+---
+ plugin/chrome/content/notaries.js | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/plugin/chrome/content/notaries.js b/plugin/chrome/content/notaries.js
+index 2bdecb6..cb12d61 100644
+--- a/plugin/chrome/content/notaries.js
++++ b/plugin/chrome/content/notaries.js
+@@ -391,6 +391,14 @@ var Perspectives = {
+ }
+ },
+
++ // return the quorum as an integer
++ // e.g. useful for comparing against the number of results
++ getQuorumAsInt: function() {
++ var q_thresh = Perspectives.root_prefs.
++ getIntPref("perspectives.quorum_thresh") / 100;
++ return Math.round(this.all_notaries.length * q_thresh);
++ },
++
+ notaryQueriesComplete: function(ti) {
+ try {
+ if(Perspectives.strbundle == null) {
+@@ -404,9 +412,7 @@ var Perspectives = {
+ var test_key = ti.cert.md5Fingerprint.toLowerCase();
+ // 2 days (FIXME: make this a pref)
+ var max_stale_sec = 2 * 24 * 3600;
+- var q_thresh = Perspectives.root_prefs.
+- getIntPref("perspectives.quorum_thresh") / 100;
+- var q_required = Math.round(this.all_notaries.length * q_thresh);
++ var q_required = Perspectives.getQuorumAsInt();
+ var unixtime = Pers_util.get_unix_time();
+ var quorum_duration = Pers_client_policy.get_quorum_duration(test_key,
+ server_result_list, q_required, max_stale_sec,unixtime);
diff -Nru perspectives-extension-4.3.1/debian/patches/0003-Perspectives-Add-min-and-max-bounds-on-getQuorumAsIn.patch perspectives-extension-4.3.1/debian/patches/0003-Perspectives-Add-min-and-max-bounds-on-getQuorumAsIn.patch
--- perspectives-extension-4.3.1/debian/patches/0003-Perspectives-Add-min-and-max-bounds-on-getQuorumAsIn.patch 1969-12-31 20:00:00.000000000 -0400
+++ perspectives-extension-4.3.1/debian/patches/0003-Perspectives-Add-min-and-max-bounds-on-getQuorumAsIn.patch 2013-09-26 19:23:54.000000000 -0400
@@ -0,0 +1,40 @@
+From: Dave Schaefer <dave.schaefer@gmail.com>
+Date: Wed, 18 Sep 2013 21:30:00 -0600
+Subject: Perspectives - Add min and max bounds on getQuorumAsInt()
+
+These were somewhat enforced in the UI, but we need to also
+enforce them here in case the user picks a really low value.
+
+Origin: upstream, https://github.com/danwent/Perspectives/commit/1f85a52364d59199babfb0d55ea48a38ce0e32ae
+Bug: https://github.com/danwent/Perspectives/issues/87
+---
+ plugin/chrome/content/notaries.js | 14 +++++++++++++-
+ 1 file changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/plugin/chrome/content/notaries.js b/plugin/chrome/content/notaries.js
+index cb12d61..cc9ba28 100644
+--- a/plugin/chrome/content/notaries.js
++++ b/plugin/chrome/content/notaries.js
+@@ -394,9 +394,21 @@ var Perspectives = {
+ // return the quorum as an integer
+ // e.g. useful for comparing against the number of results
+ getQuorumAsInt: function() {
++ var MIN_NOTARY_COUNT = 1;
++ //FIXME: we can cache the value inside getNotaryList() if calling is too slow.
++ var notary_count = this.getNotaryList().length;
+ var q_thresh = Perspectives.root_prefs.
+ getIntPref("perspectives.quorum_thresh") / 100;
+- return Math.round(this.all_notaries.length * q_thresh);
++ var q_count = Math.round(notary_count * q_thresh);
++
++ if (q_count < MIN_NOTARY_COUNT) {
++ q_count = MIN_NOTARY_COUNT;
++ }
++ else if (q_count > notary_count) {
++ q_count = notary_count;
++ }
++
++ return q_count;
+ },
+
+ notaryQueriesComplete: function(ti) {
diff -Nru perspectives-extension-4.3.1/debian/patches/series perspectives-extension-4.3.1/debian/patches/series
--- perspectives-extension-4.3.1/debian/patches/series 1969-12-31 20:00:00.000000000 -0400
+++ perspectives-extension-4.3.1/debian/patches/series 2013-09-26 19:23:54.000000000 -0400
@@ -0,0 +1,3 @@
+0001-Pers_client_policy-Add-checks-against-quorum-size-0.patch
+0002-Perspectives-Move-quorum-calculation-to-its-own-func.patch
+0003-Perspectives-Add-min-and-max-bounds-on-getQuorumAsIn.patch
Reply to: