[pkg-gnupg-maint] Bug#910398: stretch-pu: package gnupg2/2.1.18-8~deb9u3

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Oct 5 23:48:10 BST 2018 

Package: release.debian.org
User: release.debian.org at packages.debian.org
X-Debbugs-Cc: pkg-gnupg-maint at lists.alioth.debian.org, security at debian.org
Usertags: pu
Tags: stretch
Severity: normal
Control: affects -1 src:gnupg2 enigmail
Control: block 909000 -1

I'd like to update the version of GnuPG in debian stable with a series
of targeted bugfixes (most of which are backported from upstream).

There are four complementary reasons, which i explain in more detail
below:

 * ptrace hardening for scdaemon
 * bugfixes that target some common workflows
 * updating cryptographic defaults
 * fixing enigmail in stretch

All of the patches that implement these changes have been in buster
for many months (either as upstream improvements or debian-specific
improvements).


Debian logistics
================

I note that this is *not* itself a security fix -- these fixes do not
address a specific vulnerability in stretch's version of GnuPG.
However, they do have security implications for stretch, because they
are needed in order to support enigmail since the thunderbird 60
upgrade.

If the release team or the security team (x-debbug-cc'ed here) would
prefer that we handle this via stretch-security instead of
stretch-proposed-updates, that's fine with me: please let me know.

I've attached a debdiff below, and the git history of these changes is
also available on the debian/stretch git branch on
https://salsa.debian.org/debian/gnupg2 (commit
f74eb5b2898ced14f910a7e4c7a28cc295dbd3cb)

The debdiff contains some minor updates to patch metadata that makes it
easier to work with git-buildpackage going forward.  I apologize for
this extra noise, but syncing up with gbp like this should make
maintenance of any future changes easier.


Justification for changes
=========================

scdaemon hardening
------------------

scdaemon currently can hold sensitive data, comparable to the data
held by gpg-agent.  gpg-agent currently blocks ptrace access to its
internal RAM.  scdaemon now also blocks ptrace. (see: #878952)

common workflow bugfixes
------------------------

 * Dirmngr currently fails on IPv6-only systems.  Enable dirmngr to
   query nameservers over IPv6. (see: #862282)

 * Malformed keys are currently rejected rather than being cleaned up.
   (some keys are malformed on the public keyservers). Clean keys
   before importing.  (see: #906545)

update cryptographic defaults
-----------------------------

A user of debian stable who creates a key today will have a default
expiration date of two years, well into 2020.  Currently in stretch,
the default asymmetric key is 2048-bit RSA.

None of the reasonable guides to cryptographic strength think that
2048-bit RSA keys should be used past 2020. (see for example ECRYPT or
NIST recommendations).

Furthermore, AES128 today is considered slightly riskier than AES256,
due in part to batch attacks and its smaller margin of safety against
quantum cryptanalysis (see for example, the Modern TLS recommendations
at https://wiki.mozilla.org/Security/Server_Side_TLS, and djb's
http://blog.cr.yp.to/20151120-batchattacks.html).

Update the cryptographic defaults to create 3072-bit RSA keys, and to
prefer AES256 over AES128 when all recipients support it.

fixing Enigmail
---------------

As Thunderbird 60 is now in stretch, enigmail is broken (see
https://bugs.debian.org/909000) :/

This can be fixed by importing the current (buster/stretch) enigmail
into stretch as well, but this updated version of enigmail depends on
bugfixes in GnuPG that are not yet in debian stretch.

Backport a series of minor bugfixes and small functionality
improvements to enable enigmail's test suite to pass cleanly.  From
debian/changelog, those are:

  * backport --no-symkey-cache
  * backport improved import and export filtering
  * backport display of revocation certificates
  * backport stripping unusable subkey material during export-minimal
  * backport fix to make --dry-run work when listing secret keys
  * backport fix showing secret keys when listing keys


Testing
=======

I've tested these changes on an x86_64 system running debian stretch.
The GnuPG test suite all passes, and an updated/backported version of
enigmail 2.0.8-5 also works on that platform.

I welcome any feedback on this!  sorry it has taken so long to produce
this series of changes.

Regards,

        --dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: gnupg2_2.1.18-8~deb9u2_2.1.18-8~deb9u3.debdiff.gz
Type: application/gzip
Size: 34376 bytes
Desc: debdiff for proposed fixes for GnuPG for debian stretch
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnupg-maint/attachments/20181005/7a0107c2/attachment-0001.gz>
-------------- next part --------------

-- System Information:
Debian Release: buster/sid
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing'), (500, 'oldstable'), (200, 'unstable-debug'), (200, 'unstable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.18.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnupg-maint/attachments/20181005/7a0107c2/attachment-0001.sig>

More information about the pkg-gnupg-maint mailing list