[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#378183: marked as done (apt: All SHA256 hashes generated/used by APT are wrong)

Your message dated Wed, 26 Jul 2006 16:17:05 -0700
with message-id <E1G5scj-0007zx-B7@spohr.debian.org>
and subject line Bug#378183: fixed in apt 0.6.45
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message --- 
Package: apt
Version: 0.6.44.2
Severity: critical
Tags: security patch
Justification: breaks the whole system

The SHA256 checksums recently added to Packages files are wrong
due to a porting error when the sha256 implementation code was
imported from the Linux kernel sources to the apt source tree. 
Specifically, the broken sha256 code checksums only 19 out of
every 64 bytes of input and otherwise computes a result which is
neither sha256(input) nor sha256(mangled input).

According to the changelog, the broken code was added to
non-experimental apt in version 0.6.44 uploaded 8 May 2006 .

This has the following severe consequences:

- The broken hash values obviously do not provide anything
 resembling the security needed by secure apt, a problem
 compounded by the broken status of the other two hash
 algorithms used (MD5 and SHA1).  Thus the security tag.

- When the code is fixed to produce and check correct SHA256
 hashes, the fact that these values are different from the
 broken values means that a correct apt will reject all Packages
 files produced by a broken apt and a broken apt will reject all
 Packages files produced by a correct apt.  This means that
 when such a new apt implementation is placed in the debian
 archive, the whole system becomes impossible to install or
 upgrade:

 If the Packages file has bad SHA256 values, the broken apt
 versions already installed by testers/users will allow
 installation of the new apt, but once it has been installed,
 the new apt will reject all packages and stop all further
 installs.

 If the Packages file has good SHA256 values, the broken apt
 versions already deployed will refuse their contents, thus
 preventing users from upgrading to a good apt.

 This I believe justifies the "breaks whole system, critical"
 tag.

To work around the "breaks whole system" issue, the following
transition plan is proposed:

 1. Before uploading the fixed apt, temporarily reconfigure
  darcs etc. to NOT include SHA256 values in Packages files at
  all (apt-ftparchive has an option to do that).

 2. Upload the fixed apt as a minimal change from the apt
   version in testing, and coordinate with ftpadmin to push it
   quickly through to testing.  Yes, this means holding back
   other bug fixes until the change has propagated.

 3. Allow 1-3 weeks for users to upgrade to the fixed apt.  Use
   the various announce mailing lists to alert users to the
   urgency of getting rid of apt versions 0.6.44 to 0.6.44.?
   inclusive before the grace period ends!

 4. Turn SHA256 back on in darcs etc. this makes the SHA256
   security available for real.  But it also means that the
   archive can no longer be used by the broken 0.6.44 versions
   of apt.  So leave behind (on the ftp server, www server etc.)
   a message explaining how users can manually upgrade to a new
   apt version by downloading a .tar file and a detached .gpg
   signature from ftp.debian.org/debian/tools/something .  (This
   would be a hand-built tar file containing replacement .so
   files for each of the bad 0.6.44 apt versions and platforms).

For the security breakage, patching apt is the obvious fix.

Steps to reproduce:

$ apt-ftparchive packages somedirwithdebs
.....
Filename: somedirwithdebs/something_xyz_all.deb
SHA256: 64 wrong hex digits here
.....
$ gpg --pring-md sha256 somedirwithdebs/something_xyz_all.deb
somedirwithdebs/something_xyz_all.deb: 64 right hex digits
$ shasum -a 256 somedirwithdebs/something_xyz_all.deb
64 right hex digits  somedirwithdebs/something_xyz_all.deb
$ openssl dgst -sha256 -hex somedirwithdebs/something_xyz_all.deb
SHA256(somedirwithdebs/something_xyz_all.deb)= 64 right hex
digits
$

Thus at least 3 independent SHA256 implementations agree on the
correct value, as will apt once corrected.

[Patch begin, apply to apt-0.6.44.x with patch -Np1]
diff -Naur apt-0.6.44.2.old/apt-pkg/contrib/sha256.cc apt-0.6.44.2.new/apt-pkg/contrib/sha256.cc
--- apt-0.6.44.2.orig/apt-pkg/contrib/sha256.cc	2006-05-16 19:31:39.000000000 +0000
+++ apt-0.6.44.2.new/apt-pkg/contrib/sha256.cc	2006-07-14 00:50:49.000000000 +0000
@@ -61,10 +61,10 @@
 
 static inline void LOAD_OP(int I, u32 *W, const u8 *input)
 {
-	W[I] = (  ((u32) input[I + 0] << 24)
-		| ((u32) input[I + 1] << 16)
-		| ((u32) input[I + 2] << 8)
-		| ((u32) input[I + 3]));
+	W[I] = (  ((u32) input[I * 4 + 0] << 24)
+		| ((u32) input[I * 4 + 1] << 16)
+		| ((u32) input[I * 4 + 2] << 8)
+		| ((u32) input[I * 4 + 3]));
 }
 
 static inline void BLEND_OP(int I, u32 *W)
[Patch end]
(In the Linux kernel, the same calculation used a kernel only
type and macro to do the big-endian-unaligned-32bit to
native-endian-aligned-32bit conversion, the code lines above
were written specially for apt 0.6.44 (8 May 2006) and later).


-- Package-specific info:

-- apt-config dump --

APT "";
APT::Architecture "amd64";
APT::Build-Essential "";
APT::Build-Essential:: "build-essential";
Dir "/";
Dir::State "var/lib/apt/";
Dir::State::lists "lists/";
Dir::State::cdroms "cdroms.list";
Dir::State::userstatus "status.user";
Dir::State::status "/var/lib/dpkg/status";
Dir::Cache "var/cache/apt/";
Dir::Cache::archives "archives/";
Dir::Cache::srcpkgcache "srcpkgcache.bin";
Dir::Cache::pkgcache "pkgcache.bin";
Dir::Etc "etc/apt/";
Dir::Etc::sourcelist "sources.list";
Dir::Etc::sourceparts "sources.list.d";
Dir::Etc::vendorlist "vendors.list";
Dir::Etc::vendorparts "vendors.list.d";
Dir::Etc::main "apt.conf";
Dir::Etc::parts "apt.conf.d";
Dir::Etc::preferences "preferences";
Dir::Bin "";
Dir::Bin::methods "/usr/lib/apt/methods";
Dir::Bin::dpkg "/usr/bin/dpkg";
DPkg "";
DPkg::Pre-Install-Pkgs "";
DPkg::Pre-Install-Pkgs:: "/usr/bin/apt-listchanges --apt || test $? -ne 10";
DPkg::Pre-Install-Pkgs:: "echo -n superdoc... ; /usr/local/sbin/superdoc --undo && echo ok || echo err $? || true";
DPkg::Pre-Install-Pkgs:: "/usr/sbin/dpkg-preconfigure --apt || true";
DPkg::Tools "";
DPkg::Tools::Options "";
DPkg::Tools::Options::/usr/bin/apt-listchanges "";
DPkg::Tools::Options::/usr/bin/apt-listchanges::Version "2";
DPkg::Post-Invoke "";
DPkg::Post-Invoke:: "echo -n superdoc... ; /usr/local/sbin/superdoc        && echo ok || echo err $? || true";
DPkg::Post-Invoke:: "if [ -x /usr/bin/debsums ]; then /usr/bin/debsums --generate=nocheck -sp /var/cache/apt/archives; fi";

-- (no /etc/apt/preferences present) --


-- (/etc/apt/sources.list present, but not submitted) --


-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /basnxt/bin/bash
Kernel: Linux 2.6.16jbj3.4-14
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)

Versions of packages apt depends on:
ii  libc6                         2.3.6-15   GNU C Library: Shared libraries
ii  libgcc1                       1:4.1.1-5  GCC support library
ii  libstdc++6                    4.1.1-5    The GNU Standard C++ Library v3

Versions of packages apt recommends:
ii  debian-archive-keyring        2006.01.18 GnuPG archive keys of the Debian a

-- no debconf information

--- End Message ---
--- Begin Message --- 
Source: apt
Source-Version: 0.6.45

We believe that the bug you reported is fixed in the latest version of
apt, which is due to be installed in the Debian FTP archive:

apt-doc_0.6.45_all.deb
  to pool/main/a/apt/apt-doc_0.6.45_all.deb
apt-utils_0.6.45_i386.deb
  to pool/main/a/apt/apt-utils_0.6.45_i386.deb
apt_0.6.45.dsc
  to pool/main/a/apt/apt_0.6.45.dsc
apt_0.6.45.tar.gz
  to pool/main/a/apt/apt_0.6.45.tar.gz
apt_0.6.45_i386.deb
  to pool/main/a/apt/apt_0.6.45_i386.deb
libapt-pkg-dev_0.6.45_i386.deb
  to pool/main/a/apt/libapt-pkg-dev_0.6.45_i386.deb
libapt-pkg-doc_0.6.45_all.deb
  to pool/main/a/apt/libapt-pkg-doc_0.6.45_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 378183@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Vogt <mvo@debian.org> (supplier of updated apt package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 27 Jul 2006 00:52:05 +0200
Source: apt
Binary: apt-utils libapt-pkg-doc libapt-pkg-dev apt-doc apt
Architecture: source all i386
Version: 0.6.45
Distribution: unstable
Urgency: low
Maintainer: APT Development Team <deity@lists.debian.org>
Changed-By: Michael Vogt <mvo@debian.org>
Description: 
 apt        - Advanced front-end for dpkg
 apt-doc    - Documentation for APT
 apt-utils  - APT utility programs
 libapt-pkg-dev - Development files for APT's libapt-pkg and libapt-inst
 libapt-pkg-doc - Documentation for APT development
Closes: 296103 368038 370551 373729 373864 375068 375640 376330 376408 376777 377391 378183 378901 379576
Changes: 
 apt (0.6.45) unstable; urgency=low
 .
   * apt-pkg/contrib/sha256.cc:
     - fixed the sha256 generation (closes: #378183)
   * ftparchive/cachedb.cc:
     - applied patch from Anthony Towns to fix Clean() function
       (closes: #379576)
   * doc/apt-get.8.xml:
     - fix path to the apt user build (Closes: #375640)
   * doc/apt-cache.8.xml:
     - typo (Closes: #376408)
   * apt-pkg/deb/dpkgpm.cc:
     - make progress reporting more robust against multiline error
       messages (first half of a fix for #374195)
   * doc/examples/configure-index:
     - document Debug::pkgAcquire::Auth
   * methods/gpgv.cc:
     - deal with gpg error "NODATA". Closes: #296103, Thanks to
       Luis Rodrigo Gallardo Cruz for the patch
   * apt-inst/contrib/extracttar.cc:
     - fix for string mangling, closes: #373864
   * apt-pkg/acquire-item.cc:
     - check for bzip2 in /bin (closes: #377391)
   * apt-pkg/tagfile.cc:
     - make it work on non-mapable files again, thanks
       to James Troup for confirming the fix (closes: #376777)
   * Merged from Christian Perrier bzr branch:
     * ko.po: Updated to 512t. Closes: #378901
     * hu.po: Updated to 512t. Closes: #376330
     * km.po: New Khmer translation: 506t6f. Closes: #375068
     * ne.po: New Nepali translation: 512t. Closes: #373729
     * vi.po: Updated to 512t. Closes: #368038
     * zh_TW.po: Remove an extra %s in one string. Closes: #370551
     * dz.po: New Dzongkha translation: 512t
     * ro.po: Updated to 512t
     * eu.po: Updated
Files: 
 d3d7ccf2707bf9e45dd6821a8c60bfc6 784 admin important apt_0.6.45.dsc
 56f29db0a19f4e8934a34d80899bc597 1672288 admin important apt_0.6.45.tar.gz
 10f9d0b4b29e0235df580d2e062feac4 88600 doc optional apt-doc_0.6.45_all.deb
 cfb7f92e3bf63e53a4872ef0c5bd8cc0 111964 doc optional libapt-pkg-doc_0.6.45_all.deb
 f16ea6de6ea4eca0461fd6b373870826 1406494 admin important apt_0.6.45_i386.deb
 6a25cc0fafc4a2ecc856954e12860be5 82720 libdevel optional libapt-pkg-dev_0.6.45_i386.deb
 a1b320c9646595edbf63279a1ea1ea72 192782 admin important apt-utils_0.6.45_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEx/RBliSD4VZixzQRAk9cAJ93wRCF1tTEZQPRR3xbVKUVfUgS8QCfc8zW
yPVDwnUlmiR2uNVDZiYmbLk=
=NIko
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: