See https://lists.openafs.org/pipermail/openafs-announce/2007/000187.html It does mention a workaround, but I don't know whether upgrading or the workaround is the more desirable solution. Openafs-1.4.3_rc2 has been tested for 34 days now, without any reported problems. The list with changes from this version to 1.4.4 can be seen at http://www.openafs.org/cgi-bin/wdelta/openafs-stable-1_4_x/index/month/openafs/?only_with_tag=openafs-stable-1_4_x as everything starting from STABLE14-openafs-1-4-3fc2-20070212, up till Mar 20, 2007. Possibly STABLE14-no-default-setuid-20070319 is the only critical fix. This description is mainly a forward of information, I leave it up to you to draw conclusions. Reproducible: Didn't try Steps to Reproduce:
http://www.frsirt.com/english/advisories/2007/1033 (CVE-2007-1507) Apparently the 1.5.x branch is vulnerable as well. The bug is corrected with versions 1.4.4 and 1.5.17
Thx for the notification Stefaan. Please provide updated ebuilds.
Ebuilds for openafs-1.4.4 are already in the tree, and have been tested by myself for x86 and amd64 (though shortly, but they seem to be functioning). Another possibility of course is to backport the fix to the current stable version, but I don't know if that's worth the effort. (Personally, I'd prefer going with 1.4.4, if possible of course)
Thx Stefaan didn't notice that the fix was already committed. Arches please test and mark stable. Target keywords are: openafs-1.4.4.ebuild="alpha amd64 ia64 ppc ppc64 x86" Note rerating severity, this appears to open the possibility of a complete remote system compromise. Security please draft the GLSA request.
ppc stable
x86 stable
Stable on alpha
ppc64 stable
+ case "ia64_linux26" in + ia64-unknown-linux-gnu-gcc -O -O2 -pipe -I/var/tmp/portage/net-fs/openafs-1.4.4/work/openafs-1.4.4/src/config -I. -I. -I/var/tmp/portage/net-fs/openafs-1.4.4/work/openafs-1.4.4/include -I/var/tmp/portage/net-fs/openafs-1.4.4/work/openafs-1.4.4/include/afs -I/var/tmp/portage/net-fs/openafs-1.4.4/work/openafs-1.4.4/include/rx -I/var/tmp/portage/net-fs/openafs-1.4.4/work/openafs-1.4.4 -I/var/tmp/portage/net-fs/openafs-1.4.4/work/openafs-1.4.4/src -I/var/tmp/portage/net-fs/openafs-1.4.4/work/openafs-1.4.4/src -c ./process.c ./process.c:114:2: error: #error Unsupported linux LWP system type. ./process.c: In function 'savecontext': ./process.c:158: error: 'LWP_SP' undeclared (first use in this function) ./process.c:158: error: (Each undeclared identifier is reported only once ./process.c:158: error: for each function it appears in.) ./process.c:181: warning: cast from pointer to integer of different size make[3]: *** [process.o] Error 1 make[3]: Leaving directory `/var/tmp/portage/net-fs/openafs-1.4.4/work/openafs-1.4.4/src/lwp' make[2]: *** [lwp] Error 2 make[2]: Leaving directory `/var/tmp/portage/net-fs/openafs-1.4.4/work/openafs-1.4.4' make[1]: *** [build] Error 2 make[1]: Leaving directory `/var/tmp/portage/net-fs/openafs-1.4.4/work/openafs-1.4.4' make: *** [all_nolibafs] Error 2 !!! ERROR: net-fs/openafs-1.4.4 failed. Call stack: ebuild.sh, line 1614: Called dyn_compile ebuild.sh, line 971: Called qa_call 'src_compile' environment, line 4348: Called src_compile openafs-1.4.4.ebuild, line 56: Called die !!! Build failed !!! If you need support, post the topmost build error, and the call stack if relevant. !!! A complete build log is located at '/var/tmp/portage/net-fs/openafs-1.4.4/temp/build.log'. ia64 ~ # emerge --info Portage 2.1.2-r9 (default-linux/ia64/2006.0, gcc-4.1.1, glibc-2.3.5-r3, 2.6.18-gentoo ia64) ================================================================= System uname: 2.6.18-gentoo ia64 Itanium 2 Gentoo Base System version 1.12.1 Timestamp of tree: Mon, 26 Mar 2007 23:00:08 +0000 ccache version 2.4 [disabled] dev-lang/python: 2.4.3-r1 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: 2.4-r6 sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.61 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.13-r3 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r6 ACCEPT_KEYWORDS="ia64" AUTOCLEAN="yes" CBUILD="ia64-unknown-linux-gnu" CFLAGS="-O2 -pipe" CHOST="ia64-unknown-linux-gnu" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/terminfo" CXXFLAGS="-O2 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig distlocks metadata-transfer sandbox sfperms strict" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" MAKEOPTS="-j6" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="berkdb crypt cups ia64 ncurses nptl nptlonly pam readline snmp ssl tcpd udev unicode zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="apm ark ati chips cirrus cyrix dummy fbdev glint i128 i740 i810 imstt mga neomagic nv rendition s3 s3virge savage siliconmotion sisusb tdfx tga v4l vesa vga via voodoo" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
(In reply to comment #9) Could you check if config.log contains | #define HAVE_UCONTEXT_H 1 ? If so, could you try rebuilding with -DUSE_UCONTEXT?
amd64 done... testing on ia64...
ia64 openafs-1.4.4 # grep HAVE_UCONTEXT_H config.log | #define HAVE_UCONTEXT_H 1 | #define HAVE_UCONTEXT_H 1 | #define HAVE_UCONTEXT_H 1 | #define HAVE_UCONTEXT_H 1 | #define HAVE_UCONTEXT_H 1 #define HAVE_UCONTEXT_H 1 ia64 openafs-1.4.4 # CFLAGS="-O2 -pipe -DUSE_CONTEXT" emerge --oneshot openafs <snip> + case "ia64_linux26" in + ia64-unknown-linux-gnu-gcc -O -O2 -pipe -DUSE_CONTEXT -I/var/tmp/portage/net-fs/openafs-1.4.4/work/openafs-1.4.4/src/config -I. -I. -I/var/tmp/portage/net-fs/openafs-1.4.4/work/openafs-1.4.4/include -I/var/tmp/portage/net-fs/openafs-1.4.4/work/openafs-1.4.4/include/afs -I/var/tmp/portage/net-fs/openafs-1.4.4/work/openafs-1.4.4/include/rx -I/var/tmp/portage/net-fs/openafs-1.4.4/work/openafs-1.4.4 -I/var/tmp/portage/net-fs/openafs-1.4.4/work/openafs-1.4.4/src -I/var/tmp/portage/net-fs/openafs-1.4.4/work/openafs-1.4.4/src -c ./process.c ./process.c:114:2: error: #error Unsupported linux LWP system type. ./process.c: In function 'savecontext': ./process.c:158: error: 'LWP_SP' undeclared (first use in this function) ./process.c:158: error: (Each undeclared identifier is reported only once ./process.c:158: error: for each function it appears in.) ./process.c:181: warning: cast from pointer to integer of different size make[3]: *** [process.o] Error 1 make[3]: Leaving directory `/var/tmp/portage/net-fs/openafs-1.4.4/work/openafs-1.4.4/src/lwp' make[2]: *** [lwp] Error 2 make[2]: Leaving directory `/var/tmp/portage/net-fs/openafs-1.4.4/work/openafs-1.4.4' make[1]: *** [build] Error 2 make[1]: Leaving directory `/var/tmp/portage/net-fs/openafs-1.4.4/work/openafs-1.4.4' make: *** [all_nolibafs] Error 2 !!! ERROR: net-fs/openafs-1.4.4 failed. Call stack: ebuild.sh, line 1614: Called dyn_compile ebuild.sh, line 971: Called qa_call 'src_compile' environment, line 4348: Called src_compile openafs-1.4.4.ebuild, line 56: Called die !!! Build failed !!! If you need support, post the topmost build error, and the call stack if relevant. !!! A complete build log is located at '/var/tmp/portage/net-fs/openafs-1.4.4/temp/build.log'.
(In reply to comment #12) > ia64 openafs-1.4.4 # CFLAGS="-O2 -pipe -DUSE_CONTEXT" emerge --oneshot openafs I'm afraid there's a spelling error in here. Could you try again with -DUSE_UCONTEXT?
Thx. Security please draft GLSA draft.
Bah, doing it right this time... sorry, Stefaan... I'll let you know.
Stefaan: new error... http://dev.gentoo.org/~wolf31o2/openafs-error.txt
(In reply to comment #16) > Stefaan: new error... http://dev.gentoo.org/~wolf31o2/openafs-error.txt > I think it gives the same error with 1.4.2, bug 156008
Thanks, Raúl... since ia64 isn't security-supported, I'll track the problem in that bug.
finally GLSA 200704-03, thanks everybody