Bug#1060146: libnews-article-nocem-perl: Signature hash hardcoded to SHA1

Sat Jan 6 12:43:03 GMT 2024

Package: libnews-article-nocem-perl
Version: 0.09-3
Severity: important
Tags: upstream
X-Debbugs-Cc: libpgp-sign-perl at packages.debian.org, debian.axhn at manchmal.in-ulm.de

Greetings,

At the moment, NoCeM messages generated using News::Article::NoCeM
declare a hard-coded signature hash algorithm SHA1:

|  $self->add_body("-----BEGIN PGP SIGNED MESSAGE-----");
|  $self->add_body("Hash: SHA1");
[ll.202]

This broke NoCeM processing here as the actual algorithm used was
SHA512, and the verification in INN2's perl-nocem fails then (took a
while to find out as the only way to debug perl-nocem is strace, and
there was only a warning about a hash algorithm mismatch. But changing
the above line made the problem go away).

Following the robustness principle, the fix should be here, in
News::Article::NoCeM. That however will be a bit delicate as I doubt
this will be easy.

Some *bad* ideas:

* In my setup, signing is done using gpg (i.e. gpg2). Perhaps enforcing
  gpg1 resolves the issue - I haven't checked - but that's not the
  direction we should go.

* Enforcing SHA1 in the signing might be doable (but not easy), still,
  no. That algorithm should be phased out.

* Hard-coding a different algorithm is a no-go, for bad style to start
  with.

* News::Article::NoCeM could inspect the generated signature and
  act accordingly. This adds a lot of code and feels pretty wrong.

* Omitting the hash declaration is not an option either, perl-nocem
  fails then.

So I guess this will require some co-ordination with PGP::Sign (Cc'd).

It seems the latter does not provide an option to define the hash
algorithm, unless perhaps via GnuPG's configuration file. That's
somehting News::Article::NoCeM could do by switching to the OO interface
of PGP::Sign. But at the same time, this voids a nonoutspoken goal of
making GPG::Sign backend-agnostic (having more than gpg1 and gpg2 was
desireable but that's something for another day).

Another solution I can think of: PGP::Sign could, as an option, already
provide the marker lines with a correct pseudo header about the hash
algorithm, so News::Article::NoCeM does not have to do this. Or at
least signalize the proper value. But there's nothing of that kind as
far as I can see.

But these are just thoughts - I'm looking for a robust way to generate
NoCeMs and if that goal is met, I care little how this is actually done.

    Christoph

-- System Information:
Debian Release: 12.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable'), (1, 'proposed-updates')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.69 (SMP w/8 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libnews-article-nocem-perl depends on:
ii  libnews-article-perl  1.27-12
ii  libpgp-sign-perl      1.04-1
ii  perl                  5.36.0-7+deb12u1

libnews-article-nocem-perl recommends no packages.

libnews-article-nocem-perl suggests no packages.

-- no debconf information

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-perl-maintainers/attachments/20240106/d02c38c9/attachment.sig>