Debian Bug report logs -
#704645
[gnupg/1486] gnupg: gpg --verify suggests entire file was verified, even if file contains auxiliary data
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Bastian Blank <waldi@debian.org>:
Bug#704613; Package cdebootstrap.
(Wed, 03 Apr 2013 15:00:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Ansgar Burchardt <ansgar@debian.org>:
New Bug report received and forwarded. Copy sent to Bastian Blank <waldi@debian.org>.
(Wed, 03 Apr 2013 15:00:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: cdebootstrap
Version: 0.5.9
Severity: grave
Tags: security
Usertags: gpg-clearsign
cdebootstrap can be tricked into unsigned data from an InRelease file.
This makes the verification of the gpg signature useless.
The particular bug here is in libdebian-installer (0.85)'s parser. It
treats "-----BEGIN PGP SIGNED MESSAGE----- NOT" as a marker for the
start of the signed data (which it obviously isn't).
So one can prepend a InRelease file looking like
----
-----BEGIN PGP SIGNED MESSAGE----- NOT
Hash: SHA1
<insert malicious Release file contents here>
-----BEGIN PGP SIGNATURE----- NOT
----
to a valid InRelease file. gpgv will see the signature in the later part
and report that there is no problem, but cdebootstrap will use the first
part of the file.
The easy workaround is to disable InRelease support which was already
done for apt. Other options are splitting InRelease into Release and
Release.gpg and verifying those OR using gpg to both extract the signed
data and check the signature.
Ansgar
Information forwarded
to debian-bugs-dist@lists.debian.org:
Bug#704613; Package cdebootstrap.
(Wed, 03 Apr 2013 22:27:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Bastian Blank <waldi@debian.org>:
Extra info received and forwarded to list.
(Wed, 03 Apr 2013 22:27:04 GMT) (full text, mbox, link).
Message #10 received at 704613@bugs.debian.org (full text, mbox, reply):
Control: clone -1 -2
Control: reassign -2 gnupg
On Wed, Apr 03, 2013 at 04:58:05PM +0200, Ansgar Burchardt wrote:
> So one can prepend a InRelease file looking like
> ----
> -----BEGIN PGP SIGNED MESSAGE----- NOT
> Hash: SHA1
>
> <insert malicious Release file contents here>
>
> -----BEGIN PGP SIGNATURE----- NOT
> ----
This is a bug in gnupg, this is clearly no valid file clearsign message
anymore, see RFC 4880, section 7.
Bastian
--
Death, when unnecessary, is a tragic thing.
-- Flint, "Requiem for Methuselah", stardate 5843.7
Bug 704613 cloned as bug 704645
Request was from Bastian Blank <waldi@debian.org>
to 704613-submit@bugs.debian.org.
(Wed, 03 Apr 2013 22:27:04 GMT) (full text, mbox, link).
Bug reassigned from package 'cdebootstrap' to 'gnupg'.
Request was from Bastian Blank <waldi@debian.org>
to 704613-submit@bugs.debian.org.
(Wed, 03 Apr 2013 22:27:05 GMT) (full text, mbox, link).
No longer marked as found in versions cdebootstrap/0.5.9.
Request was from Bastian Blank <waldi@debian.org>
to 704613-submit@bugs.debian.org.
(Wed, 03 Apr 2013 22:27:06 GMT) (full text, mbox, link).
Merged 704613 704645
Request was from Bastian Blank <bastian@waldi.eu.org>
to 704613-submit@bugs.debian.org.
(Wed, 03 Apr 2013 23:21:06 GMT) (full text, mbox, link).
Severity set to 'critical' from 'grave'
Request was from Bastian Blank <bastian@waldi.eu.org>
to 704613-submit@bugs.debian.org.
(Wed, 03 Apr 2013 23:21:09 GMT) (full text, mbox, link).
Disconnected #704613 from all other report(s).
Request was from Ansgar Burchardt <ansgar@debian.org>
to 704613-submit@bugs.debian.org.
(Thu, 04 Apr 2013 07:39:05 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian GnuPG-Maintainers <pkg-gnupg-maint@lists.alioth.debian.org>:
Bug#704645; Package gnupg.
(Sat, 06 Apr 2013 10:48:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Thijs Kinkhorst <thijs@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian GnuPG-Maintainers <pkg-gnupg-maint@lists.alioth.debian.org>.
(Sat, 06 Apr 2013 10:48:04 GMT) (full text, mbox, link).
Message #27 received at 704645@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
retitle 704645 gpg --verify suggests entire file was verified, even if file contains auxiliary data
thanks
Hi,
After some discussion I've come to the following description of this request
(submitters, please correct or augment where necessary):
"gpg --verify <filename>" returns a binary answer: has a valid signature,
doesn't have a valid signature. This is described in the man page as "Assume
that the first argument is a signed file or a detached signature and verify
it without generating any output."
This works well for detached signatures or for files that contain only a
clearsigned message and nothing else. The problem comes in when somewhere in
a file a valid block of clearsigned text is present, but this block is
preceded or followed by auxiliary data. Running "gpg --verify" on that file
results in an assertion that "the file" has a "valid signature" while in
fact only a part of the file was verified with no way of knowing which.
As it turned out, implementors have been assuming that running
"gpg --verify" on a file yields enough information to further process
that file as if all data in it were correctly signed. It has been
argued that running "gpg --verify" in its current form on a clearsigned
file is useless as it only tells you that that "something somewhere in
that file has a valid signature".
(There is currently a working way to verify and extract only the signed
data, which is by using --status-fd and parsing its output.)
I'm seeking input from GnuPG upstream for their view on this case.
Cheers,
Thijs
[signature.asc (application/pgp-signature, inline)]
Changed Bug title to 'gpg --verify suggests entire file was verified, even if file contains auxiliary data' from 'cdebootstrap: signature verification bypass with manipulated InRelease file'
Request was from Thijs Kinkhorst <thijs@debian.org>
to control@bugs.debian.org.
(Sat, 06 Apr 2013 10:48:07 GMT) (full text, mbox, link).
Added tag(s) wheezy-ignore.
Request was from Julien Cristau <jcristau@debian.org>
to control@bugs.debian.org.
(Tue, 16 Apr 2013 09:36:13 GMT) (full text, mbox, link).
Changed Bug title to '[gnupg/1486] gnupg: gpg --verify suggests entire file was verified, even if file contains auxiliary data' from 'gpg --verify suggests entire file was verified, even if file contains auxiliary data'
Request was from Niibe Yutaka <gniibe@fsij.org>
to control@bugs.debian.org.
(Fri, 12 Jul 2013 00:21:04 GMT) (full text, mbox, link).
Added tag(s) fixed-upstream.
Request was from bts-link-upstream@lists.alioth.debian.org
to control@bugs.debian.org.
(Mon, 07 Oct 2013 17:48:20 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian GnuPG-Maintainers <pkg-gnupg-maint@lists.alioth.debian.org>:
Bug#704645; Package gnupg.
(Mon, 07 Oct 2013 18:45:05 GMT) (full text, mbox, link).
Acknowledgement sent
to "Thijs Kinkhorst" <thijs@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian GnuPG-Maintainers <pkg-gnupg-maint@lists.alioth.debian.org>.
(Mon, 07 Oct 2013 18:45:05 GMT) (full text, mbox, link).
Message #44 received at 704645@bugs.debian.org (full text, mbox, reply):
On Sat, April 6, 2013 12:45, Thijs Kinkhorst wrote:
> I'm seeking input from GnuPG upstream for their view on this case.
I have forwarded the issue. Upstream acknowledges the issue but does not
seem prepared to change the behaviour of the --verify command.
As described in #705536, I do not think that changing the behaviour in
Debian specifically will advance the situation (rather deteriorate it).
Therefore, the option left is to clearly document the risk of the command.
Upstream has put this text in the man page section describing the command.
"Note: When verifying a cleartext signature, `gpg' verifies only
what makes up the cleartext signed data and not any extra data
outside of the cleartext signature or header lines following
directly the dash marker line. The option `--output' may be used
to write out the actual signed data; but there are other pitfalls
with this format as well. It is suggested to avoid cleartext
signatures in favor of detached signatures."
I think this is what from a Debian standpoint completes what we can do for
this issue.
Cheers,
Thijs
Message sent on
to Ansgar Burchardt <ansgar@debian.org>:
Bug#704645.
(Mon, 07 Oct 2013 18:45:08 GMT) (full text, mbox, link).
Reply sent
to Thijs Kinkhorst <thijs@debian.org>:
You have taken responsibility.
(Mon, 07 Oct 2013 19:21:28 GMT) (full text, mbox, link).
Notification sent
to Ansgar Burchardt <ansgar@debian.org>:
Bug acknowledged by developer.
(Mon, 07 Oct 2013 19:21:28 GMT) (full text, mbox, link).
Message #52 received at 704645-close@bugs.debian.org (full text, mbox, reply):
Source: gnupg
Source-Version: 1.4.15-1
We believe that the bug you reported is fixed in the latest version of
gnupg, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 704645@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thijs Kinkhorst <thijs@debian.org> (supplier of updated gnupg package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 07 Oct 2013 20:05:43 +0200
Source: gnupg
Binary: gnupg gnupg-curl gpgv gnupg-udeb gpgv-udeb gpgv-win32
Architecture: source all amd64
Version: 1.4.15-1
Distribution: unstable
Urgency: high
Maintainer: Debian GnuPG-Maintainers <pkg-gnupg-maint@lists.alioth.debian.org>
Changed-By: Thijs Kinkhorst <thijs@debian.org>
Description:
gnupg - GNU privacy guard - a free PGP replacement
gnupg-curl - GNU privacy guard - a free PGP replacement (cURL)
gnupg-udeb - GNU privacy guard - a free PGP replacement (udeb)
gpgv - GNU privacy guard - signature verification tool
gpgv-udeb - minimal signature verification tool (udeb)
gpgv-win32 - GNU privacy guard - signature verification tool (win32 build)
Closes: 704645 725439 725718
Changes:
gnupg (1.4.15-1) unstable; urgency=high
.
* New upstream release (closes: #725718).
- Fixed possible denial of service in the compressed packet
parser (CVE-2013-4402, closes: #725439).
- Documents limitations of the verify command (closes: #704645).
Checksums-Sha1:
d536ab12e099940ffd931b1edfb895d3192b2fcc 1968 gnupg_1.4.15-1.dsc
2881c8174c15bb86ecf2e879cb7ca22c91fbcf93 5066798 gnupg_1.4.15.orig.tar.gz
2f96594111e8207df9eaa1f7ce0a2c0098a4abe7 27171 gnupg_1.4.15-1.debian.tar.gz
1abc6130329ae99ca15c6ca7287d57a5cb45392c 484870 gpgv-win32_1.4.15-1_all.deb
041fb1e2c57fb89c24164bfdfe35019deed968f8 1126378 gnupg_1.4.15-1_amd64.deb
c9c73d27ea33e19c3cffec22886571d9dd8e7d28 60862 gnupg-curl_1.4.15-1_amd64.deb
238a0ea59cfd3fb6e0e26a6196016982120a6273 201008 gpgv_1.4.15-1_amd64.deb
a68b3bde0c6f10416f7d257f83efa72f81d13bba 353970 gnupg-udeb_1.4.15-1_amd64.udeb
03d1a81355b4b7726cab858c532347a3602779e7 130072 gpgv-udeb_1.4.15-1_amd64.udeb
Checksums-Sha256:
965dcc7d1840ab56962bf196024e388a1a55723adf3768c3e49ac1e885a5acc7 1968 gnupg_1.4.15-1.dsc
0b91e293e8566e5b841f280329b1e6fd773f7d3826844c69bec676124e0a0bb3 5066798 gnupg_1.4.15.orig.tar.gz
e77d83f8cb062716ebbdf15fbfe0755afe70a8da8b0e81da37c4cd7de7edcf28 27171 gnupg_1.4.15-1.debian.tar.gz
780fe3073b4e2ca6bd5c1235a3f74521708d06973903f88e26cbed2b75df00d5 484870 gpgv-win32_1.4.15-1_all.deb
ce3d0386cf39c66d3ec764236b91193dbf4c0a487b14268c156cc4c0455eee5c 1126378 gnupg_1.4.15-1_amd64.deb
d9ed68c0e5a88d1905f7636289d96be0fec11d9237d1a8561d636a03613ee75c 60862 gnupg-curl_1.4.15-1_amd64.deb
cb82d85ce9b4d341196cf722da1020f98aa7a3df141b044d0ae258dcaf6689ff 201008 gpgv_1.4.15-1_amd64.deb
a7c0a2b3bc1587cb5e491a7e73e0c7fb5274c1d768f44d1b441304eb10cd8ce8 353970 gnupg-udeb_1.4.15-1_amd64.udeb
6009e419877c2e35572a6718823018e6be3169223cf055421b087b3fbbc63ef2 130072 gpgv-udeb_1.4.15-1_amd64.udeb
Files:
db50208f250e49dfd211beb744eae151 1968 utils important gnupg_1.4.15-1.dsc
c04ba3eb68766c01ac26cabee1af1eac 5066798 utils important gnupg_1.4.15.orig.tar.gz
712ea647166f756c212f24270992725b 27171 utils important gnupg_1.4.15-1.debian.tar.gz
543b5e17f7f091b7a49d01ba18fd4a5d 484870 utils extra gpgv-win32_1.4.15-1_all.deb
38c6e43c32f4fcfb11d5235afc0f0983 1126378 utils important gnupg_1.4.15-1_amd64.deb
f7372c39d19d3d48e9315d3ba849de81 60862 utils optional gnupg-curl_1.4.15-1_amd64.deb
ae9ac8291fafd797dd7b7b5d22d9c0cc 201008 utils important gpgv_1.4.15-1_amd64.deb
7c256d3ae62e38f80719054cfc367085 353970 debian-installer extra gnupg-udeb_1.4.15-1_amd64.udeb
2afdaed5689c25f6b38eaab7203a54ed 130072 debian-installer extra gpgv-udeb_1.4.15-1_amd64.udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
iQEcBAEBAgAGBQJSUwSSAAoJEFb2GnlAHawEEdEIAIpGXUNdN5baUHLlg1Bs9F61
kQvAUUw3zdj7B8KNVzxlRZQApBS0H3uKtGyxKpKOXOwB3MQt9k+CdEvPLJJyEEjN
ElOVVq4x7vWAk1hCPcC6cJuO0YeVEeMABA78Nuw/dYm6STHzFrcI8mxlWuteEUTT
c4eaIEwopX2Y4PEvmcmC1bnB7OHvswfYKIgkb5Yzyq7LibHy1S13+wqIgXeVH/aS
o9Dl+exv+RvMeq2K/abkxVpiwaUgJgW8Nij16vx8hUaq52Q4TasLlaFRPUYt91bI
kycHYCuFtHO0PsjcSe/mIi/c4pnGvfIkGjtVhmqUuG7my5iGgLCUcquJ4WAmEwA=
=AGKZ
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Thu, 07 Nov 2013 07:29:44 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Sat Mar 6 10:46:38 2021;
Machine Name:
bembo
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.