Package: release.debian.org User: release.debian....@packages.debian.org X-Debbugs-Cc: pkg-gnupg-ma...@lists.alioth.debian.org, secur...@debian.org Usertags: pu Tags: stretch Severity: normal Control: affects -1 src:gnupg2 enigmail Control: block 909000 -1
I'd like to update the version of GnuPG in debian stable with a series of targeted bugfixes (most of which are backported from upstream). There are four complementary reasons, which i explain in more detail below: * ptrace hardening for scdaemon * bugfixes that target some common workflows * updating cryptographic defaults * fixing enigmail in stretch All of the patches that implement these changes have been in buster for many months (either as upstream improvements or debian-specific improvements). Debian logistics ================ I note that this is *not* itself a security fix -- these fixes do not address a specific vulnerability in stretch's version of GnuPG. However, they do have security implications for stretch, because they are needed in order to support enigmail since the thunderbird 60 upgrade. If the release team or the security team (x-debbug-cc'ed here) would prefer that we handle this via stretch-security instead of stretch-proposed-updates, that's fine with me: please let me know. I've attached a debdiff below, and the git history of these changes is also available on the debian/stretch git branch on https://salsa.debian.org/debian/gnupg2 (commit f74eb5b2898ced14f910a7e4c7a28cc295dbd3cb) The debdiff contains some minor updates to patch metadata that makes it easier to work with git-buildpackage going forward. I apologize for this extra noise, but syncing up with gbp like this should make maintenance of any future changes easier. Justification for changes ========================= scdaemon hardening ------------------ scdaemon currently can hold sensitive data, comparable to the data held by gpg-agent. gpg-agent currently blocks ptrace access to its internal RAM. scdaemon now also blocks ptrace. (see: #878952) common workflow bugfixes ------------------------ * Dirmngr currently fails on IPv6-only systems. Enable dirmngr to query nameservers over IPv6. (see: #862282) * Malformed keys are currently rejected rather than being cleaned up. (some keys are malformed on the public keyservers). Clean keys before importing. (see: #906545) update cryptographic defaults ----------------------------- A user of debian stable who creates a key today will have a default expiration date of two years, well into 2020. Currently in stretch, the default asymmetric key is 2048-bit RSA. None of the reasonable guides to cryptographic strength think that 2048-bit RSA keys should be used past 2020. (see for example ECRYPT or NIST recommendations). Furthermore, AES128 today is considered slightly riskier than AES256, due in part to batch attacks and its smaller margin of safety against quantum cryptanalysis (see for example, the Modern TLS recommendations at https://wiki.mozilla.org/Security/Server_Side_TLS, and djb's http://blog.cr.yp.to/20151120-batchattacks.html). Update the cryptographic defaults to create 3072-bit RSA keys, and to prefer AES256 over AES128 when all recipients support it. fixing Enigmail --------------- As Thunderbird 60 is now in stretch, enigmail is broken (see https://bugs.debian.org/909000) :/ This can be fixed by importing the current (buster/stretch) enigmail into stretch as well, but this updated version of enigmail depends on bugfixes in GnuPG that are not yet in debian stretch. Backport a series of minor bugfixes and small functionality improvements to enable enigmail's test suite to pass cleanly. From debian/changelog, those are: * backport --no-symkey-cache * backport improved import and export filtering * backport display of revocation certificates * backport stripping unusable subkey material during export-minimal * backport fix to make --dry-run work when listing secret keys * backport fix showing secret keys when listing keys Testing ======= I've tested these changes on an x86_64 system running debian stretch. The GnuPG test suite all passes, and an updated/backported version of enigmail 2.0.8-5 also works on that platform. I welcome any feedback on this! sorry it has taken so long to produce this series of changes. Regards, --dkg
gnupg2_2.1.18-8~deb9u2_2.1.18-8~deb9u3.debdiff.gz
Description: debdiff for proposed fixes for GnuPG for debian stretch
-- System Information: Debian Release: buster/sid APT prefers testing-debug APT policy: (500, 'testing-debug'), (500, 'testing'), (500, 'oldstable'), (200, 'unstable-debug'), (200, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.18.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
signature.asc
Description: PGP signature