Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: pu
Hi, As agreed with the security team and the current maintainer, we’d like to include this security fix via the upcoming point release, because the package has a low popcon and requires a very unusual configuration to trigger the flaw (but with such a configuration, it completely undermines the security model perspectives attempts to provide). The proposed update aim to fix the issue disclosed recently on the upstream project website [1] and the upstream bug tracker [2]. 1: http://perspectives-project.org/2013/09/19/security-alert-incorrect-quorum-with-low-number-of-notaries-andor-low-quorum-percentage/ 2: https://github.com/danwent/Perspectives/issues/87 The two upstream commits to fix this issue (cb3d991 and 1f85a52) apply properly into stable once fe6551e is also applied, thus the three patches. Regards David P.-S.: The fix “already” made it to Jessie. -- System Information: Debian Release: 7.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'stable'), (150, 'testing'), (120, 'unstable'), (110, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash
diff -Nru perspectives-extension-4.3.1/debian/changelog perspectives-extension-4.3.1/debian/changelog --- perspectives-extension-4.3.1/debian/changelog 2012-06-28 16:45:35.000000000 -0400 +++ perspectives-extension-4.3.1/debian/changelog 2013-09-26 19:47:24.000000000 -0400 @@ -1,3 +1,11 @@ +perspectives-extension (4.3.1-1+deb7u1) wheezy; urgency=low + + * Backport security fix from 4.3.6. + Incorrect quorum length with low number of notaries and/or low quorum + percentage. + + -- David Prévot <taf...@debian.org> Thu, 26 Sep 2013 19:25:32 -0400 + perspectives-extension (4.3.1-1) unstable; urgency=low * New upstream version. diff -Nru perspectives-extension-4.3.1/debian/patches/0001-Pers_client_policy-Add-checks-against-quorum-size-0.patch perspectives-extension-4.3.1/debian/patches/0001-Pers_client_policy-Add-checks-against-quorum-size-0.patch --- perspectives-extension-4.3.1/debian/patches/0001-Pers_client_policy-Add-checks-against-quorum-size-0.patch 1969-12-31 20:00:00.000000000 -0400 +++ perspectives-extension-4.3.1/debian/patches/0001-Pers_client_policy-Add-checks-against-quorum-size-0.patch 2013-09-26 19:23:54.000000000 -0400 @@ -0,0 +1,50 @@ +From: Dave Schaefer <dave.schae...@gmail.com> +Date: Wed, 18 Sep 2013 21:26:48 -0600 +Subject: Pers_client_policy - Add checks against quorum size 0 + +We should never return true nor report any duration for sizes < 1. + +Origin: upstream, https://github.com/danwent/Perspectives/commit/cb3d9913217afb0973281275cd4269ed0c1acc2c +Bug: https://github.com/danwent/Perspectives/issues/87 +--- + plugin/chrome/content/client_policy.js | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/plugin/chrome/content/client_policy.js b/plugin/chrome/content/client_policy.js +index fd74f43..72f31c6 100644 +--- a/plugin/chrome/content/client_policy.js ++++ b/plugin/chrome/content/client_policy.js +@@ -119,6 +119,10 @@ get_all_key_changes : function(results) { + } , + + check_current_consistency : function(test_key,results,quorum_size,stale_limit_secs,cur_time) { ++ if (quorum_size < 1) { ++ Pers_debug.d_print("error", "ERROR: quorum size cannot be less than 1."); ++ return false; ++ } + //get_all_key_changes(results); + var num_valid = Pers_client_policy.get_num_valid_notaries(test_key,results,stale_limit_secs,cur_time); + Pers_debug.d_print("policy", +@@ -127,6 +131,10 @@ check_current_consistency : function(test_key,results,quorum_size,stale_limit_se + }, + + has_quorum_at_time : function(test_key, results, quorum_size, time) { ++ if (quorum_size < 1) { ++ Pers_debug.d_print("error", "ERROR: quorum size cannot be less than 1."); ++ return false; ++ } + Pers_debug.d_print("policy", "testing quorum for time " + time + + " and key: " + test_key); + var total_valid = 0; +@@ -156,6 +164,11 @@ has_quorum_at_time : function(test_key, results, quorum_size, time) { + // returns duration in seconds - i.e. days * 24 * 3600. + get_quorum_duration : function(test_key, results, quorum_size, stale_limit_secs, unixtime) { + ++ if (quorum_size < 1) { ++ Pers_debug.d_print("error", "ERROR: quorum size cannot be less than 1."); ++ return false; ++ } ++ + if(! Pers_client_policy.check_current_consistency(test_key,results,quorum_size, + stale_limit_secs,unixtime)) { + Pers_debug.d_print("policy","current_consistency_failed"); diff -Nru perspectives-extension-4.3.1/debian/patches/0002-Perspectives-Move-quorum-calculation-to-its-own-func.patch perspectives-extension-4.3.1/debian/patches/0002-Perspectives-Move-quorum-calculation-to-its-own-func.patch --- perspectives-extension-4.3.1/debian/patches/0002-Perspectives-Move-quorum-calculation-to-its-own-func.patch 1969-12-31 20:00:00.000000000 -0400 +++ perspectives-extension-4.3.1/debian/patches/0002-Perspectives-Move-quorum-calculation-to-its-own-func.patch 2013-09-26 19:23:54.000000000 -0400 @@ -0,0 +1,43 @@ +From: Dave Schaefer <dave.schae...@gmail.com> +Date: Sat, 21 Jul 2012 13:04:45 -0700 +Subject: Perspectives - Move quorum calculation to its own function + +This is in anticipation of writing code that will also call the function. +Let's separate some functionality to make things more object-oriented +and easier to use. + +Origin: upstream, https://github.com/danwent/Perspectives/commit/fe6551ee7d26829bf69d00f49579fc1be48f42a8 +--- + plugin/chrome/content/notaries.js | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +diff --git a/plugin/chrome/content/notaries.js b/plugin/chrome/content/notaries.js +index 2bdecb6..cb12d61 100644 +--- a/plugin/chrome/content/notaries.js ++++ b/plugin/chrome/content/notaries.js +@@ -391,6 +391,14 @@ var Perspectives = { + } + }, + ++ // return the quorum as an integer ++ // e.g. useful for comparing against the number of results ++ getQuorumAsInt: function() { ++ var q_thresh = Perspectives.root_prefs. ++ getIntPref("perspectives.quorum_thresh") / 100; ++ return Math.round(this.all_notaries.length * q_thresh); ++ }, ++ + notaryQueriesComplete: function(ti) { + try { + if(Perspectives.strbundle == null) { +@@ -404,9 +412,7 @@ var Perspectives = { + var test_key = ti.cert.md5Fingerprint.toLowerCase(); + // 2 days (FIXME: make this a pref) + var max_stale_sec = 2 * 24 * 3600; +- var q_thresh = Perspectives.root_prefs. +- getIntPref("perspectives.quorum_thresh") / 100; +- var q_required = Math.round(this.all_notaries.length * q_thresh); ++ var q_required = Perspectives.getQuorumAsInt(); + var unixtime = Pers_util.get_unix_time(); + var quorum_duration = Pers_client_policy.get_quorum_duration(test_key, + server_result_list, q_required, max_stale_sec,unixtime); diff -Nru perspectives-extension-4.3.1/debian/patches/0003-Perspectives-Add-min-and-max-bounds-on-getQuorumAsIn.patch perspectives-extension-4.3.1/debian/patches/0003-Perspectives-Add-min-and-max-bounds-on-getQuorumAsIn.patch --- perspectives-extension-4.3.1/debian/patches/0003-Perspectives-Add-min-and-max-bounds-on-getQuorumAsIn.patch 1969-12-31 20:00:00.000000000 -0400 +++ perspectives-extension-4.3.1/debian/patches/0003-Perspectives-Add-min-and-max-bounds-on-getQuorumAsIn.patch 2013-09-26 19:23:54.000000000 -0400 @@ -0,0 +1,40 @@ +From: Dave Schaefer <dave.schae...@gmail.com> +Date: Wed, 18 Sep 2013 21:30:00 -0600 +Subject: Perspectives - Add min and max bounds on getQuorumAsInt() + +These were somewhat enforced in the UI, but we need to also +enforce them here in case the user picks a really low value. + +Origin: upstream, https://github.com/danwent/Perspectives/commit/1f85a52364d59199babfb0d55ea48a38ce0e32ae +Bug: https://github.com/danwent/Perspectives/issues/87 +--- + plugin/chrome/content/notaries.js | 14 +++++++++++++- + 1 file changed, 13 insertions(+), 1 deletion(-) + +diff --git a/plugin/chrome/content/notaries.js b/plugin/chrome/content/notaries.js +index cb12d61..cc9ba28 100644 +--- a/plugin/chrome/content/notaries.js ++++ b/plugin/chrome/content/notaries.js +@@ -394,9 +394,21 @@ var Perspectives = { + // return the quorum as an integer + // e.g. useful for comparing against the number of results + getQuorumAsInt: function() { ++ var MIN_NOTARY_COUNT = 1; ++ //FIXME: we can cache the value inside getNotaryList() if calling is too slow. ++ var notary_count = this.getNotaryList().length; + var q_thresh = Perspectives.root_prefs. + getIntPref("perspectives.quorum_thresh") / 100; +- return Math.round(this.all_notaries.length * q_thresh); ++ var q_count = Math.round(notary_count * q_thresh); ++ ++ if (q_count < MIN_NOTARY_COUNT) { ++ q_count = MIN_NOTARY_COUNT; ++ } ++ else if (q_count > notary_count) { ++ q_count = notary_count; ++ } ++ ++ return q_count; + }, + + notaryQueriesComplete: function(ti) { diff -Nru perspectives-extension-4.3.1/debian/patches/series perspectives-extension-4.3.1/debian/patches/series --- perspectives-extension-4.3.1/debian/patches/series 1969-12-31 20:00:00.000000000 -0400 +++ perspectives-extension-4.3.1/debian/patches/series 2013-09-26 19:23:54.000000000 -0400 @@ -0,0 +1,3 @@ +0001-Pers_client_policy-Add-checks-against-quorum-size-0.patch +0002-Perspectives-Move-quorum-calculation-to-its-own-func.patch +0003-Perspectives-Add-min-and-max-bounds-on-getQuorumAsIn.patch
