Debian Bug report logs - #856212
cdebootstrap: please implement SHA256 verification of .deb files

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Steven Chamberlain <steven@pyro.eu.org>

To: submit@bugs.debian.org

Subject: cdebootstrap: please implement SHA256 verification of .deb files

Date: Sun, 26 Feb 2017 16:32:43 +0000

[Message part 1 (text/plain, inline)]

Source: cdebootstrap
Version: 0.7.6
Severity: grave
Tags: security
X-Debbugs-Cc: security@debian.org
User: debian-release@lists.debian.org
Usertags: bsp-2017-02-de-Berlin
Control: block -1 by 856210

Hi,

To date, cdebootstrap still only implements MD5 verification of .deb
files, despite its formal deprecation as a digital signature algorithm
by RFC6151 (2011) and recommendations of academic literature years
prior.

The files are typically downloaded via insecure HTTP transport, so the
checksum verification is critical for the security of the installed
system.  stretch is expected to be a supported release until 2022.  So
I'm tentatively filing this bug as RC-severity.

Further context and an overview of related bugs will be published at:
https://wiki.debian.org/InstallerDebacle

Thanks,
Regards,
-- 
Steven Chamberlain
steven@pyro.eu.org

[signature.asc (application/pgp-signature, inline)]

Message #14 received at 856212@bugs.debian.org (full text, mbox, reply):

From: Bastian Blank <waldi@debian.org>

To: Steven Chamberlain <steven@pyro.eu.org>, 856212@bugs.debian.org

Subject: Re: Bug#856212: cdebootstrap: please implement SHA256 verification of .deb files

Date: Sun, 26 Feb 2017 23:09:23 +0100

On Sun, Feb 26, 2017 at 04:32:43PM +0000, Steven Chamberlain wrote:
> To date, cdebootstrap still only implements MD5 verification of .deb
> files, despite its formal deprecation as a digital signature algorithm
> by RFC6151 (2011) and recommendations of academic literature years
> prior.

I was not able to provide a real fix as I'm rather time constrained.
However please provide this information, as I only found something with
about 2^120 for preimage attacks on MD5, which is still not fesable in
real live.

Bastian

-- 
Klingon phaser attack from front!!!!!
100% Damage to life support!!!!

Message #19 received at 856212@bugs.debian.org (full text, mbox, reply):

From: Steven Chamberlain <steven@pyro.eu.org>

To: Bastian Blank <waldi@debian.org>

Cc: 856212@bugs.debian.org, security@debian.org

Subject: Re: Bug#856212: cdebootstrap: please implement SHA256 verification of .deb files

Date: Sun, 26 Feb 2017 22:44:36 +0000

[Message part 1 (text/plain, inline)]

Hi,

Bastian Blank wrote:
> I was not able to provide a real fix as I'm rather time constrained.

Don't worry, I'm prepared to write patches.  But I wonder:

  * is it okay to drop MD5 support, when implementing SHA256?
  * must we fix this before the stretch release?  or otherwise, would it
    be possible to make such a big change in a stable point release?

> However please provide this information, as I only found something with
> about 2^120 for preimage attacks on MD5, which is still not fesable in
> real live.

Last time I brought up the topic, that argument was given.

But maybe it's the wrong approach to ask "are we *sure* MD5 is broken
and we must replace it?".  We need to make a prediction that lasts the
supported lifetime of stretch (until 2022?);  and some adversaries do
not reveal their capabilities.

It's actually kind of bizarre that we've published SHA256 sums in the
archive since 2007 and *still* don't use them here.  I think there is a
greater risk that we forget, or be too lazy, than we do this 'too soon'.

Regards,
-- 
Steven Chamberlain
steven@pyro.eu.org

[signature.asc (application/pgp-signature, inline)]

Message #24 received at 856212@bugs.debian.org (full text, mbox, reply):

From: Steven Chamberlain <steven@pyro.eu.org>

To: 856212@bugs.debian.org, Bastian Blank <waldi@debian.org>

Subject: Re: Bug#856212: cdebootstrap: please implement SHA256 verification of .deb files

Date: Tue, 28 Feb 2017 15:51:17 +0000

[Message part 1 (text/plain, inline)]

Control: tags -1 + patch

Hi,

The attached patch is based on having
libdebian-installer_bug856210_v3.patch applied:

  * libdebian-installer4-dev would not change its name
  * sum[1] is already empty/unusable
  * sum[0] would become the sha256 field

Thanks,
Regards,
-- 
Steven Chamberlain
steven@pyro.eu.org

[cdebootstrap_bug856212_v2.diff (text/x-diff, attachment)]

[signature.asc (application/pgp-signature, inline)]

Message #31 received at 856212-close@bugs.debian.org (full text, mbox, reply):

From: Bastian Blank <waldi@debian.org>

To: 856212-close@bugs.debian.org

Subject: Bug#856212: fixed in cdebootstrap 0.7.7

Date: Sun, 05 Mar 2017 12:34:03 +0000

Source: cdebootstrap
Source-Version: 0.7.7

We believe that the bug you reported is fixed in the latest version of
cdebootstrap, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 856212@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bastian Blank <waldi@debian.org> (supplier of updated cdebootstrap package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 05 Mar 2017 13:09:27 +0100
Source: cdebootstrap
Binary: cdebootstrap cdebootstrap-static
Architecture: source
Version: 0.7.7
Distribution: unstable
Urgency: medium
Maintainer: Bastian Blank <waldi@debian.org>
Changed-By: Bastian Blank <waldi@debian.org>
Description:
 cdebootstrap - Bootstrap a Debian system
 cdebootstrap-static - Bootstrap a Debian system - static binary
Closes: 856212 856213 856215
Changes:
 cdebootstrap (0.7.7) unstable; urgency=medium
 .
   [ Steven Chamberlain ]
   * Implement SHA256 verification of .deb files.  (closes: #856212)
   * Implement SHA256 verification of Packages files.
     - Drop fall-back to MD5.  (closes: #856215)
   * Check full length of SHA256 digest.  (closes: #856213)
 .
   [ Bastian Blank ]
   * Build-depend against correct version of libdebian-installer4-dev.
Checksums-Sha1:
 0776bd9e57a39a6a2f3839b5c53bd19548fc52ba 1335 cdebootstrap_0.7.7.dsc
 a949547d4d300d76174a98e7e1c98be27d40d4b4 56320 cdebootstrap_0.7.7.tar.xz
 2c0cdfef6f26d7cf63deec4183d9696a5b9fe765 5260 cdebootstrap_0.7.7_source.buildinfo
Checksums-Sha256:
 2606f833421c8b4de6f1354ae2cde7f25636669092f1864d6e80788f3b2ea6a7 1335 cdebootstrap_0.7.7.dsc
 b298efa769e78fdf8830e1802fde9be4c7f0d54640a21953615dc4407de853b8 56320 cdebootstrap_0.7.7.tar.xz
 5a9ababd10131ae4e7c0de52b261b639f8a8d4da68fe687080372509030eabbb 5260 cdebootstrap_0.7.7_source.buildinfo
Files:
 1aec7fb5a440d4ca1184ee98d2f6532e 1335 admin optional cdebootstrap_0.7.7.dsc
 c4dbae708a90e8a224d6d5dd599e78ef 56320 admin optional cdebootstrap_0.7.7.tar.xz
 9d29928977a86a83fc7ba72bded3b911 5260 admin optional cdebootstrap_0.7.7_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEER3HMN63jdS1rqjxLbZOIhYpp/lEFAli8ACEACgkQbZOIhYpp
/lH0uAf/W3Of39QSi+0yxMYPUV+FvDOmkX7UkDsjfn/kbpX9KRujfCu3iVr/FyKX
zqjxZHwbBIwWheskcBNuCpURNMzTVncKQawQ96FvBsxg3Gpep9DHPukywp4V/Icj
pYi/YHCA5CmjXdApCeWnj3KmEHbyu+x12L+QKvsAwrHIYhkNYDnG2GHYVpnJLVKA
cXTinY5UOf5kHDfTM1Dhb7gNoU3/19qIS445OwIYxXL9K+UbfanVWaCR9oBvpta8
gc79MwdHsQ16jKBJN2JZvcuozKgUBDJuMwASBM+DusOMwKOzbXJpa70dtrNo6a3d
DEaxP1jv4VkkosGZ6dCFCFQMSNQ6yw==
=dzdC
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.