--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: jessie-pu: package gnupg/1.4.18-7+deb8u2
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Sun, 14 Aug 2016 15:58:28 +0200
- Message-id: <147118310855.1471.15699394030513891024.reportbug@eldamar.local>
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu
Dear SRM
I would like to propose the following hardening to src:gnupg which was
found during the analysis of a vulnerability report to the security team
and related to
https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_razavi.pdf
and developed by NIIBE Yutaka. The underlying problem in hardware cannot
be solved in software (and thus we don't want to issue a DSA for it, and
give possibly this false impression), and as pointed out by Florian
there are some other open questions regarding the paper and the attacks
described there.
The GnuPG upstream repository contains the testcase to verify the fix,
as
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=7dcad0d3503ac0d75e09efb16246dd78518986fc
The fix for gnupg is in experimental in the src:gnupg1 source package
with commits (1.4.20-6+exp5):
https://anonscm.debian.org/git/pkg-gnupg/gnupg1.git/commit/?h=experimental&id=5ed457210d69f95ea253221e14e6f8a8c8da0a5f
and migrated now to unstable, with a new upload on 2016-08-13.
Thanks in advance,
Regards,
Salvatore
diff -Nru gnupg-1.4.18/debian/changelog gnupg-1.4.18/debian/changelog
--- gnupg-1.4.18/debian/changelog 2016-02-24 17:16:46.000000000 +0100
+++ gnupg-1.4.18/debian/changelog 2016-08-04 22:12:31.000000000 +0200
@@ -1,3 +1,11 @@
+gnupg (1.4.18-7+deb8u2) jessie; urgency=medium
+
+ * Non-maintainer with maintainers approval.
+ * gpgv: Tweak default options for extra security
+ * g10: Fix checking key for signature validation
+
+ -- Salvatore Bonaccorso <carnil@debian.org> Thu, 04 Aug 2016 22:12:31 +0200
+
gnupg (1.4.18-7+deb8u1) stable; urgency=medium
[ Jonathan McDowell ]
diff -Nru gnupg-1.4.18/debian/patches/0046-gpgv-Tweak-default-options-for-extra-security.patch gnupg-1.4.18/debian/patches/0046-gpgv-Tweak-default-options-for-extra-security.patch
--- gnupg-1.4.18/debian/patches/0046-gpgv-Tweak-default-options-for-extra-security.patch 1970-01-01 01:00:00.000000000 +0100
+++ gnupg-1.4.18/debian/patches/0046-gpgv-Tweak-default-options-for-extra-security.patch 2016-08-04 22:12:31.000000000 +0200
@@ -0,0 +1,39 @@
+From cf01cf8b88abb6ed5fea300c28e2a1e6a7c67804 Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Sat, 9 Jul 2016 10:20:02 +0900
+Subject: [PATCH] gpgv: Tweak default options for extra security.
+
+* g10/gpgv.c (main): Set opt.no_sig _cache, so that it doesn't depend on
+cached status. Similarly, set opt.flags.require_cross_cert for backsig
+validation for subkey signature.
+
+--
+
+(backport of master
+commit e32c575e0f3704e7563048eea6d26844bdfc494b)
+
+It is common that an organization distributes binary keyrings with
+signature cache (Tag 12, Trust Packet) and people use gpgv to validate
+signature with such keyrings. In such a use case, it is possible that
+the key validation itself is skipped.
+
+For the purpose of gpgv validation of signatures, we should not depend
+on signature cache in keyrings (if any), but we should validate the key
+by its self signature for primary key, and back signature for subkey.
+
+Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
+---
+ g10/gpgv.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/g10/gpgv.c
++++ b/g10/gpgv.c
+@@ -142,6 +142,8 @@ main( int argc, char **argv )
+ opt.pgp2_workarounds = 1;
+ opt.keyserver_options.options|=KEYSERVER_AUTO_KEY_RETRIEVE;
+ opt.trust_model = TM_ALWAYS;
++ opt.no_sig_cache = 1;
++ opt.flags.require_cross_cert = 1;
+ opt.batch = 1;
+
+ opt.homedir = default_homedir ();
diff -Nru gnupg-1.4.18/debian/patches/0047-g10-Fix-checking-key-for-signature-validation.patch gnupg-1.4.18/debian/patches/0047-g10-Fix-checking-key-for-signature-validation.patch
--- gnupg-1.4.18/debian/patches/0047-g10-Fix-checking-key-for-signature-validation.patch 1970-01-01 01:00:00.000000000 +0100
+++ gnupg-1.4.18/debian/patches/0047-g10-Fix-checking-key-for-signature-validation.patch 2016-08-04 22:12:31.000000000 +0200
@@ -0,0 +1,37 @@
+From f474b161f6c8c7a3dc0fb90d25ffceacba1ff117 Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Thu, 4 Aug 2016 16:21:39 +0900
+Subject: [PATCH] g10: Fix checking key for signature validation.
+
+* g10/sig-check.c (signature_check2): Not only subkey, but also primary
+key should have flags.valid=1.
+
+--
+
+(backport of master
+commit 6f284e6ed63f514b15fe610f490ffcefc87a2164)
+
+Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
+---
+ g10/sig-check.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/g10/sig-check.c b/g10/sig-check.c
+index 6bac630..8dd0373 100644
+--- a/g10/sig-check.c
++++ b/g10/sig-check.c
+@@ -76,9 +76,9 @@ signature_check2( PKT_signature *sig, MD_HANDLE digest, u32 *r_expiredate,
+ }
+ else if( get_pubkey( pk, sig->keyid ) )
+ rc = G10ERR_NO_PUBKEY;
+- else if(!pk->is_valid && !pk->is_primary)
++ else if(!pk->is_valid)
+ rc=G10ERR_BAD_PUBKEY; /* you cannot have a good sig from an
+- invalid subkey */
++ invalid key */
+ else
+ {
+ if(r_expiredate)
+--
+2.8.1
+
diff -Nru gnupg-1.4.18/debian/patches/series gnupg-1.4.18/debian/patches/series
--- gnupg-1.4.18/debian/patches/series 2016-02-24 17:16:46.000000000 +0100
+++ gnupg-1.4.18/debian/patches/series 2016-08-04 22:12:31.000000000 +0200
@@ -38,3 +38,5 @@
0043-doc-Add-warning-note-about-not-acting-as-an-oracle-t.patch
0044-mpi-Avoid-data-dependent-timing-variations-in-mpi_po.patch
0045-g10-fix-cmp_public_key-and-cmp_secret_keys.patch
+0046-gpgv-Tweak-default-options-for-extra-security.patch
+0047-g10-Fix-checking-key-for-signature-validation.patch
--- End Message ---