--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package wss4j, the version 1.6.15-2 fixes two security issues (#777741).
Thank you
unblock wss4j/1.6.15-2
dpkg-source: warning: extracting unsigned source package (/home/ebourg/packaging/wss4j_1.6.15-2.dsc)
diff -Nru wss4j-1.6.15/debian/changelog wss4j-1.6.15/debian/changelog
--- wss4j-1.6.15/debian/changelog 2014-04-07 06:52:38.000000000 +0200
+++ wss4j-1.6.15/debian/changelog 2015-02-12 09:55:30.000000000 +0100
@@ -1,3 +1,14 @@
+wss4j (1.6.15-2) unstable; urgency=medium
+
+ * Fixed security issues (Closes: #777741):
+ - CVE-2015-0227: WSS4J is still vulnerable to Bleichenbacher's attack
+ (incomplete fix for CVE-2011-2487)
+ - CVE-2015-0226: WSS4J doesn't correctly enforce the
+ requireSignedEncryptedDataElements property
+ * Standards-Version updated to 3.9.6 (no changes)
+
+ -- Emmanuel Bourg <ebourg@apache.org> Thu, 12 Feb 2015 09:11:29 +0100
+
wss4j (1.6.15-1) unstable; urgency=medium
* New upstream release
diff -Nru wss4j-1.6.15/debian/control wss4j-1.6.15/debian/control
--- wss4j-1.6.15/debian/control 2014-02-26 10:08:52.000000000 +0100
+++ wss4j-1.6.15/debian/control 2015-02-12 09:12:08.000000000 +0100
@@ -12,9 +12,9 @@
libxalan2-java,
libxml-security-java
Build-Depends: ant, cdbs (>= 0.4.5.3), debhelper (>= 9), maven-debian-helper
-Standards-Version: 3.9.5
+Standards-Version: 3.9.6
Vcs-Git: git://anonscm.debian.org/pkg-java/wss4j.git
-Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-java/wss4j.git
+Vcs-Browser: http://anonscm.debian.org/cgit/pkg-java/wss4j.git
Homepage: http://ws.apache.org/wss4j/
Package: libwss4j-java
diff -Nru wss4j-1.6.15/debian/patches/02-CVE-2015-0227.patch wss4j-1.6.15/debian/patches/02-CVE-2015-0227.patch
--- wss4j-1.6.15/debian/patches/02-CVE-2015-0227.patch 1970-01-01 01:00:00.000000000 +0100
+++ wss4j-1.6.15/debian/patches/02-CVE-2015-0227.patch 2015-02-12 09:38:54.000000000 +0100
@@ -0,0 +1,137 @@
+Description: Fix CVE-2015-0227: WSS4J is still vulnerable to Bleichenbacher's attack (incomplete fix for CVE-2011-2487)
+Origin: backport, http://svn.apache.org/r1619359
+Bug-Debian: http://bugs.debian.org/777741
+--- a/src/main/java/org/apache/ws/security/processor/EncryptedDataProcessor.java
++++ b/src/main/java/org/apache/ws/security/processor/EncryptedDataProcessor.java
+@@ -91,7 +91,7 @@
+ );
+
+ if (elem != null && request.isRequireSignedEncryptedDataElements()) {
+- WSSecurityUtil.verifySignedElement(elem, elem.getOwnerDocument(), wsDocInfo.getSecurityHeader());
++ WSSecurityUtil.verifySignedElement(elem, wsDocInfo);
+ }
+
+ SecretKey key = null;
+--- a/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java
++++ b/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java
+@@ -403,7 +403,7 @@
+ Element encryptedDataElement =
+ ReferenceListProcessor.findEncryptedDataElement(doc, docInfo, dataRefURI);
+ if (encryptedDataElement != null && data.isRequireSignedEncryptedDataElements()) {
+- WSSecurityUtil.verifySignedElement(encryptedDataElement, doc, docInfo.getSecurityHeader());
++ WSSecurityUtil.verifySignedElement(encryptedDataElement, docInfo);
+ }
+ //
+ // Prepare the SecretKey object to decrypt EncryptedData
+--- a/src/main/java/org/apache/ws/security/processor/ReferenceListProcessor.java
++++ b/src/main/java/org/apache/ws/security/processor/ReferenceListProcessor.java
+@@ -132,7 +132,7 @@
+ Element encryptedDataElement = findEncryptedDataElement(doc, wsDocInfo, dataRefURI);
+
+ if (encryptedDataElement != null && asymBinding && data.isRequireSignedEncryptedDataElements()) {
+- WSSecurityUtil.verifySignedElement(encryptedDataElement, doc, wsDocInfo.getSecurityHeader());
++ WSSecurityUtil.verifySignedElement(encryptedDataElement, wsDocInfo);
+ }
+ //
+ // Prepare the SecretKey object to decrypt EncryptedData
+--- a/src/main/java/org/apache/ws/security/util/WSSecurityUtil.java
++++ b/src/main/java/org/apache/ws/security/util/WSSecurityUtil.java
+@@ -24,6 +24,7 @@
+ import org.apache.ws.security.SOAPConstants;
+ import org.apache.ws.security.WSConstants;
+ import org.apache.ws.security.WSDataRef;
++import org.apache.ws.security.WSDocInfo;
+ import org.apache.ws.security.WSEncryptionPart;
+ import org.apache.ws.security.WSSecurityEngineResult;
+ import org.apache.ws.security.WSSecurityException;
+@@ -50,10 +51,8 @@
+ import java.security.SecureRandom;
+ import java.util.ArrayList;
+ import java.util.Collections;
+-import java.util.HashSet;
+ import java.util.Iterator;
+ import java.util.List;
+-import java.util.Set;
+
+ /**
+ * WS-Security Utility methods. <p/>
+@@ -1350,56 +1349,39 @@
+ }
+ }
+
+- public static void verifySignedElement(Element elem, Document doc, Element securityHeader)
+- throws WSSecurityException {
+- final Element envelope = doc.getDocumentElement();
+- final Set<String> signatureRefIDs = getSignatureReferenceIDs(securityHeader);
+- if (!signatureRefIDs.isEmpty()) {
+- Node cur = elem;
+- while (!cur.isSameNode(envelope)) {
+- if (cur.getNodeType() == Node.ELEMENT_NODE) {
+- if (WSConstants.SIG_LN.equals(cur.getLocalName())
+- && WSConstants.SIG_NS.equals(cur.getNamespaceURI())) {
+- throw new WSSecurityException(WSSecurityException.FAILED_CHECK,
+- "requiredElementNotSigned", new Object[] {elem});
+- } else if (isLinkedBySignatureRefs((Element)cur, signatureRefIDs)) {
+- return;
++ public static void verifySignedElement(Element elem, WSDocInfo wsDocInfo) throws WSSecurityException {
++ List<WSSecurityEngineResult> signedResults = wsDocInfo.getResultsByTag(WSConstants.SIGN);
++ if (signedResults != null) {
++ for (WSSecurityEngineResult signedResult : signedResults) {
++ @SuppressWarnings("unchecked")
++ List<WSDataRef> dataRefs = (List<WSDataRef>) signedResult.get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
++ if (dataRefs != null) {
++ for (WSDataRef dataRef : dataRefs) {
++ if (isElementOrAncestorSigned(elem, dataRef.getProtectedElement())) {
++ return;
++ }
+ }
+ }
+- cur = cur.getParentNode();
+ }
+ }
+ throw new WSSecurityException(
+ WSSecurityException.FAILED_CHECK, "requiredElementNotSigned", new Object[] {elem});
+ }
+
+- private static boolean isLinkedBySignatureRefs(Element elem, Set<String> allIDs) {
+- // Try the wsu:Id first
+- String attributeNS = elem.getAttributeNS(WSConstants.WSU_NS, "Id");
+- if (!"".equals(attributeNS) && allIDs.contains(attributeNS)) {
+- return true;
+- }
+- attributeNS = elem.getAttributeNS(null, "Id");
+- return (!"".equals(attributeNS) && allIDs.contains(attributeNS));
+- }
+-
+- private static Set<String> getSignatureReferenceIDs(Element wsseHeader) throws WSSecurityException {
+- final Set<String> refs = new HashSet<String>();
+- final List<Element> signatures = WSSecurityUtil.getDirectChildElements(wsseHeader, WSConstants.SIG_LN, WSConstants.SIG_NS);
+- for (Element signature : signatures) {
+- Element sigInfo = WSSecurityUtil.getDirectChildElement(signature, WSConstants.SIG_INFO_LN, WSConstants.SIG_NS);
+- List<Element> references = WSSecurityUtil.getDirectChildElements(sigInfo, WSConstants.REF_LN, WSConstants.SIG_NS);
+- for (Element reference : references) {
+- String uri = reference.getAttributeNS(null, "URI");
+- if (!"".equals(uri)) {
+- boolean added = refs.add(WSSecurityUtil.getIDFromReference(uri));
+- if (!added) {
+- log.warn("Duplicated reference uri: " + uri);
+- }
+- }
++ /**
++ * Does the current element or some ancestor of it correspond to the known "signedElement"?
++ */
++ private static boolean isElementOrAncestorSigned(Element elem, Element signedElement) throws WSSecurityException {
++ final Element envelope = elem.getOwnerDocument().getDocumentElement();
++ Node cur = elem;
++ while (!cur.isSameNode(envelope)) {
++ if (cur.getNodeType() == Node.ELEMENT_NODE && cur.equals(signedElement)) {
++ return true;
+ }
++ cur = cur.getParentNode();
+ }
+- return refs;
++
++ return false;
+ }
+
+ }
diff -Nru wss4j-1.6.15/debian/patches/03-CVE-2015-0226.patch wss4j-1.6.15/debian/patches/03-CVE-2015-0226.patch
--- wss4j-1.6.15/debian/patches/03-CVE-2015-0226.patch 1970-01-01 01:00:00.000000000 +0100
+++ wss4j-1.6.15/debian/patches/03-CVE-2015-0226.patch 2015-02-12 09:53:15.000000000 +0100
@@ -0,0 +1,41 @@
+Description: Fix CVE-2015-0226: WSS4J doesn't correctly enforce the requireSignedEncryptedDataElements property
+Origin: backport, http://svn.apache.org/r1621329
+Bug-Debian: http://bugs.debian.org/777741
+--- a/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java
++++ b/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java
+@@ -19,6 +19,7 @@
+
+ package org.apache.ws.security.processor;
+
++import java.security.NoSuchAlgorithmException;
+ import java.security.PrivateKey;
+ import java.security.cert.X509Certificate;
+ import java.security.spec.MGF1ParameterSpec;
+@@ -209,7 +210,7 @@
+ private static byte[] getRandomKey(List<String> dataRefURIs, Document doc, WSDocInfo wsDocInfo) throws WSSecurityException {
+ try {
+ String alg = "AES";
+- int size = 128;
++ int size = 16;
+ if (!dataRefURIs.isEmpty()) {
+ String uri = dataRefURIs.iterator().next();
+ Element ee = ReferenceListProcessor.findEncryptedDataElement(doc, wsDocInfo, uri);
+@@ -221,8 +222,16 @@
+ kgen.init(size * 8);
+ SecretKey k = kgen.generateKey();
+ return k.getEncoded();
+- } catch (Exception ex) {
+- throw new WSSecurityException(WSSecurityException.FAILED_CHECK, null, null, ex);
++ } catch (Throwable ex) {
++ // Fallback to just using AES to avoid attacks on EncryptedData algorithms
++ try {
++ KeyGenerator kgen = KeyGenerator.getInstance("AES");
++ kgen.init(128);
++ SecretKey k = kgen.generateKey();
++ return k.getEncoded();
++ } catch (NoSuchAlgorithmException e) {
++ throw new WSSecurityException(WSSecurityException.FAILED_CHECK, null, null, e);
++ }
+ }
+ }
+
diff -Nru wss4j-1.6.15/debian/patches/series wss4j-1.6.15/debian/patches/series
--- wss4j-1.6.15/debian/patches/series 2013-09-25 09:30:34.000000000 +0200
+++ wss4j-1.6.15/debian/patches/series 2015-02-12 09:43:18.000000000 +0100
@@ -1 +1,3 @@
01-no-saml.patch
+02-CVE-2015-0227.patch
+03-CVE-2015-0226.patch
--- End Message ---