[pkg-gnupg-maint] Bug#834326: jessie-pu: package gnupg/1.4.18-7+deb8u2

Thu Aug 18 05:25:15 UTC 2016

Control: retitle -1 jessie-pu: package gnupg/1.4.18-7+deb8u3

On Sun, Aug 14, 2016 at 03:58:28PM +0200, Salvatore Bonaccorso wrote:
> Package: release.debian.org
> Severity: normal
> Tags: jessie
> User: release.debian.org at packages.debian.org
> Usertags: pu
> 
> Dear SRM
> 
> I would like to propose the following hardening to src:gnupg which was
> found during the analysis of a vulnerability report to the security team
> and related to
> https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_razavi.pdf
> and developed by NIIBE Yutaka. The underlying problem in hardware cannot
> be solved in software (and thus we don't want to issue a DSA for it, and
> give possibly this false impression), and as pointed out by Florian
> there are some other open questions regarding the paper and the attacks
> described there.
> 
> The GnuPG upstream repository contains the testcase to verify the fix,
> as
> http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=7dcad0d3503ac0d75e09efb16246dd78518986fc
> 
> The fix for gnupg is in experimental in the src:gnupg1 source package
> with commits (1.4.20-6+exp5):
> 
> https://anonscm.debian.org/git/pkg-gnupg/gnupg1.git/commit/?h=experimental&id=5ed457210d69f95ea253221e14e6f8a8c8da0a5f
> 
> and migrated now to unstable, with a new upload on 2016-08-13.
> 
> Thanks in advance,

This all stil holds, but I have rebased the patch on top of the update
via jessie-security.

Regards,
Salvatore
-------------- next part --------------
diff -Nru gnupg-1.4.18/debian/changelog gnupg-1.4.18/debian/changelog

--- gnupg-1.4.18/debian/changelog	2016-08-17 21:36:04.000000000 +0200
+++ gnupg-1.4.18/debian/changelog	2016-08-18 07:13:19.000000000 +0200
@@ -1,3 +1,11 @@
+gnupg (1.4.18-7+deb8u3) jessie; urgency=medium
+
+  * Non-maintainer with maintainers approval.
+  * gpgv: Tweak default options for extra security
+  * g10: Fix checking key for signature validation
+
+ -- Salvatore Bonaccorso <carnil at debian.org>  Thu, 18 Aug 2016 07:13:19 +0200
+
 gnupg (1.4.18-7+deb8u2) jessie-security; urgency=high
 
   * Non-maintainer upload by the Security Team.
diff -Nru gnupg-1.4.18/debian/patches/0048-gpgv-Tweak-default-options-for-extra-security.patch gnupg-1.4.18/debian/patches/0048-gpgv-Tweak-default-options-for-extra-security.patch
--- gnupg-1.4.18/debian/patches/0048-gpgv-Tweak-default-options-for-extra-security.patch	1970-01-01 01:00:00.000000000 +0100
+++ gnupg-1.4.18/debian/patches/0048-gpgv-Tweak-default-options-for-extra-security.patch	2016-08-18 07:13:19.000000000 +0200
@@ -0,0 +1,39 @@
+From cf01cf8b88abb6ed5fea300c28e2a1e6a7c67804 Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe at fsij.org>
+Date: Sat, 9 Jul 2016 10:20:02 +0900
+Subject: [PATCH] gpgv: Tweak default options for extra security.
+
+* g10/gpgv.c (main): Set opt.no_sig _cache, so that it doesn't depend on
+cached status.  Similarly, set opt.flags.require_cross_cert for backsig
+validation for subkey signature.
+
+--
+
+(backport of master
+commit e32c575e0f3704e7563048eea6d26844bdfc494b)
+
+It is common that an organization distributes binary keyrings with
+signature cache (Tag 12, Trust Packet) and people use gpgv to validate
+signature with such keyrings.  In such a use case, it is possible that
+the key validation itself is skipped.
+
+For the purpose of gpgv validation of signatures, we should not depend
+on signature cache in keyrings (if any), but we should validate the key
+by its self signature for primary key, and back signature for subkey.
+
+Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
+---
+ g10/gpgv.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/g10/gpgv.c
++++ b/g10/gpgv.c
+@@ -142,6 +142,8 @@ main( int argc, char **argv )
+     opt.pgp2_workarounds = 1;
+     opt.keyserver_options.options|=KEYSERVER_AUTO_KEY_RETRIEVE;
+     opt.trust_model = TM_ALWAYS;
++    opt.no_sig_cache = 1;
++    opt.flags.require_cross_cert = 1;
+     opt.batch = 1;
+ 
+     opt.homedir = default_homedir ();
diff -Nru gnupg-1.4.18/debian/patches/0049-g10-Fix-checking-key-for-signature-validation.patch gnupg-1.4.18/debian/patches/0049-g10-Fix-checking-key-for-signature-validation.patch
--- gnupg-1.4.18/debian/patches/0049-g10-Fix-checking-key-for-signature-validation.patch	1970-01-01 01:00:00.000000000 +0100
+++ gnupg-1.4.18/debian/patches/0049-g10-Fix-checking-key-for-signature-validation.patch	2016-08-18 07:13:19.000000000 +0200
@@ -0,0 +1,37 @@
+From f474b161f6c8c7a3dc0fb90d25ffceacba1ff117 Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe at fsij.org>
+Date: Thu, 4 Aug 2016 16:21:39 +0900
+Subject: [PATCH] g10: Fix checking key for signature validation.
+
+* g10/sig-check.c (signature_check2): Not only subkey, but also primary
+key should have flags.valid=1.
+
+--
+
+(backport of master
+commit 6f284e6ed63f514b15fe610f490ffcefc87a2164)
+
+Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
+---
+ g10/sig-check.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/g10/sig-check.c b/g10/sig-check.c
+index 6bac630..8dd0373 100644
+--- a/g10/sig-check.c
++++ b/g10/sig-check.c
+@@ -76,9 +76,9 @@ signature_check2( PKT_signature *sig, MD_HANDLE digest, u32 *r_expiredate,
+       }
+     else if( get_pubkey( pk, sig->keyid ) )
+ 	rc = G10ERR_NO_PUBKEY;
+-    else if(!pk->is_valid && !pk->is_primary)
++    else if(!pk->is_valid)
+         rc=G10ERR_BAD_PUBKEY; /* you cannot have a good sig from an
+-				 invalid subkey */
++				 invalid key */
+     else
+       {
+         if(r_expiredate)
+-- 
+2.8.1
+
diff -Nru gnupg-1.4.18/debian/patches/series gnupg-1.4.18/debian/patches/series
--- gnupg-1.4.18/debian/patches/series	2016-08-17 21:36:04.000000000 +0200
+++ gnupg-1.4.18/debian/patches/series	2016-08-18 07:13:19.000000000 +0200
@@ -40,3 +40,5 @@
 0045-g10-fix-cmp_public_key-and-cmp_secret_keys.patch
 0046-cipher-Improve-readability-by-using-a-macro.patch
 0047-random-Hash-continuous-areas-in-the-csprng-pool.patch
+0048-gpgv-Tweak-default-options-for-extra-security.patch
+0049-g10-Fix-checking-key-for-signature-validation.patch
