--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: jessie-pu: package gnupg2/2.0.26-6+deb8u1
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Sun, 14 Aug 2016 16:00:01 +0200
- Message-id: <147118320112.2113.4578147884579144942.reportbug@eldamar.local>
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu
Dear SRM
I would like to propose the following hardening to src:gnupg2 which was
found during the analysis of a vulnerability report to the security team
and related to
https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_razavi.pdf
and developed by NIIBE Yutaka. The underlying problem in hardware cannot
be solved in software (and thus we don't want to issue a DSA for it, and
give possibly this false impression), and as pointed out by Florian
there are some other open questions regarding the paper and the attacks
described there.
The GnuPG upstream repository contains the testcase to verify the fix,
as
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=7dcad0d3503ac0d75e09efb16246dd78518986fc
The fix for gnupg is in experimental in the src:gnupg2 source package
with commits (2.1.14-4):
https://anonscm.debian.org/cgit/pkg-gnupg/gnupg2.git/commit/?h=experimental&id=5819eecbfe06ad18744739026d8f805856dd4622
and migrated now to unstable, with a new upload on 2016-08-13.
Thanks in advance,
Regards,
Salvatore
diff -Nru gnupg2-2.0.26/debian/changelog gnupg2-2.0.26/debian/changelog
--- gnupg2-2.0.26/debian/changelog 2015-02-22 00:03:06.000000000 +0100
+++ gnupg2-2.0.26/debian/changelog 2016-08-04 22:22:42.000000000 +0200
@@ -1,3 +1,11 @@
+gnupg2 (2.0.26-6+deb8u1) jessie; urgency=medium
+
+ * Non-maintainer with maintainers approval.
+ * gpgv: Tweak default options for extra security
+ * g10: Fix checking key for signature validation
+
+ -- Salvatore Bonaccorso <carnil@debian.org> Thu, 04 Aug 2016 22:22:42 +0200
+
gnupg2 (2.0.26-6) unstable; urgency=medium
* Avoid NULL dereference with opaque MPI.
diff -Nru gnupg2-2.0.26/debian/patches/0058-gpgv-Tweak-default-options-for-extra-security.patch gnupg2-2.0.26/debian/patches/0058-gpgv-Tweak-default-options-for-extra-security.patch
--- gnupg2-2.0.26/debian/patches/0058-gpgv-Tweak-default-options-for-extra-security.patch 1970-01-01 01:00:00.000000000 +0100
+++ gnupg2-2.0.26/debian/patches/0058-gpgv-Tweak-default-options-for-extra-security.patch 2016-08-04 22:22:42.000000000 +0200
@@ -0,0 +1,44 @@
+From b531f2fd75be3f616073cba714d73324525fd3e4 Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Sat, 9 Jul 2016 10:20:02 +0900
+Subject: [PATCH 1/2] gpgv: Tweak default options for extra security.
+
+* g10/gpgv.c (main): Set opt.no_sig _cache, so that it doesn't depend on
+cached status. Similarly, set opt.flags.require_cross_cert for backsig
+validation for subkey signature.
+
+--
+
+(backport of master
+commit e32c575e0f3704e7563048eea6d26844bdfc494b)
+
+It is common that an organization distributes binary keyrings with
+signature cache (Tag 12, Trust Packet) and people use gpgv to validate
+signature with such keyrings. In such a use case, it is possible that
+the key validation itself is skipped.
+
+For the purpose of gpgv validation of signatures, we should not depend
+on signature cache in keyrings (if any), but we should validate the key
+by its self signature for primary key, and back signature for subkey.
+
+Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
+---
+ g10/gpgv.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/g10/gpgv.c b/g10/gpgv.c
+index b700f17..3b48a0e 100644
+--- a/g10/gpgv.c
++++ b/g10/gpgv.c
+@@ -163,6 +163,8 @@ main( int argc, char **argv )
+ opt.pgp2_workarounds = 1;
+ opt.keyserver_options.options|=KEYSERVER_AUTO_KEY_RETRIEVE;
+ opt.trust_model = TM_ALWAYS;
++ opt.no_sig_cache = 1;
++ opt.flags.require_cross_cert = 1;
+ opt.batch = 1;
+
+ opt.homedir = default_homedir ();
+--
+2.1.4
+
diff -Nru gnupg2-2.0.26/debian/patches/0059-g10-Fix-checking-key-for-signature-validation.patch gnupg2-2.0.26/debian/patches/0059-g10-Fix-checking-key-for-signature-validation.patch
--- gnupg2-2.0.26/debian/patches/0059-g10-Fix-checking-key-for-signature-validation.patch 1970-01-01 01:00:00.000000000 +0100
+++ gnupg2-2.0.26/debian/patches/0059-g10-Fix-checking-key-for-signature-validation.patch 2016-08-04 22:22:42.000000000 +0200
@@ -0,0 +1,37 @@
+From caff669212d2465a3a387571305a7230d394c0e0 Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Thu, 4 Aug 2016 16:21:39 +0900
+Subject: [PATCH 2/2] g10: Fix checking key for signature validation.
+
+* g10/sig-check.c (signature_check2): Not only subkey, but also primary
+key should have flags.valid=1.
+
+--
+
+(backport of master
+commit 6f284e6ed63f514b15fe610f490ffcefc87a2164)
+
+Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
+---
+ g10/sig-check.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/g10/sig-check.c b/g10/sig-check.c
+index fc5e1fa..7178d06 100644
+--- a/g10/sig-check.c
++++ b/g10/sig-check.c
+@@ -82,9 +82,9 @@ signature_check2 (PKT_signature *sig, gcry_md_hd_t digest, u32 *r_expiredate,
+ }
+ else if( get_pubkey( pk, sig->keyid ) )
+ rc = G10ERR_NO_PUBKEY;
+- else if(!pk->is_valid && !pk->is_primary)
++ else if(!pk->is_valid)
+ rc=G10ERR_BAD_PUBKEY; /* you cannot have a good sig from an
+- invalid subkey */
++ invalid key */
+ else
+ {
+ if(r_expiredate)
+--
+2.1.4
+
diff -Nru gnupg2-2.0.26/debian/patches/series gnupg2-2.0.26/debian/patches/series
--- gnupg2-2.0.26/debian/patches/series 2015-02-21 18:55:30.000000000 +0100
+++ gnupg2-2.0.26/debian/patches/series 2016-08-04 22:22:42.000000000 +0200
@@ -49,3 +49,5 @@
0054-doc-Change-remaining-http-links-to-gnupg.org-to-http.patch
0056-Use-inline-functions-to-convert-buffer-data-to-scala.patch
0057-gpg-Fix-segv-due-to-NULL-value-stored-as-opaque-MPI.patch
+0058-gpgv-Tweak-default-options-for-extra-security.patch
+0059-g10-Fix-checking-key-for-signature-validation.patch
--- End Message ---