Summary: | lsh-1.4.2.ebuild (New Package) | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Justin Heesemann <jh-gentoo> |
Component: | New packages | Assignee: | SpanKY <vapier> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | blkdeath, matsuu, scandium |
Priority: | High | Keywords: | EBUILD |
Version: | unspecified | ||
Hardware: | x86 | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 28973 | ||
Bug Blocks: | |||
Attachments: |
lsh-1.4.2.ebuild
lsh-1.4.2.ebuild lsh-1.4.2.ebuild init script /etc/conf.d/lshd version 1.4.3 fixes security problem |
Description
Justin Heesemann
2003-09-17 04:58:16 UTC
Created attachment 17879 [details]
lsh-1.4.2.ebuild
Created attachment 17880 [details]
lsh-1.4.2.ebuild
Created attachment 17881 [details]
lsh-1.4.2.ebuild
(somehow i always get an error message, when i try to upload an attachment.. yet it seems like the attachment gets uploaded just fine) Created attachment 17883 [details]
init script
Created attachment 17884 [details]
/etc/conf.d/lshd
In light of yesterdays buffer exploit in OpenSSH, diversity is probably a good thing. Note that a previous submission of this ebuild was rejected a year and a half ago. Please accept this ebuild, this time. ------- Additional Comments From arutha@gmx.de 2003-18-09 09:36 EST ------- Well I guess I gotta post this "I'm interested" comment now that I said so on gentoo-dev :) There seems to be an exploit for lsh in the wild ... http://www.heise.de/security/news/meldung/40434 http://lists.lysator.liu.se/pipermail/lsh-bugs/2003q3/000120.html please do not commit 1.4.2 until these problems are resolved! Created attachment 18066 [details]
version 1.4.3 fixes security problem
no changes to the 1.4.2-ebuild, just a newer version of lsh.
since 1.4.2 has an remote root exploit, and this new version fixes the bug..
emerge the new one.
now in cvs ... i disabled kerberos support since (1) it didnt compile for me and (2) i didnt really feel like messing around with it ;) Hi, the lsh package is a bit broken, see bug #56156. This effectively prevents other packages depending on the nettle library to go into portage. Since I have no experience with lsh and don't want to decrease the quality even more, I don't feel like fixing it ;) |