Package: release.debian.org Severity: normal Tags: buster User: release.debian....@packages.debian.org Usertags: pu Control: affects -1 src:gnupg2
The version of GnuPG in debian buster (2.2.12-1) has a number of outstanding bugs related to OpenPGP certificate management and network access. Many of these concerns are addressed in some of the patches in upstream's STABLE-BRANCH-2-2 series. The debdiff (attached) is basically a slew of bugfix, documentation, stability, and efficiency patches cherry-picked from upstream, plus some additional changes to reduce the exposure of debian users to malicious attack on the SKS keyserver network, and some improvements in the continuous integration test suite. These additional changes address concerns due to the fact that the SKS keyserver network is failing due to abuse, and GnuPG had used it as a default keyserver. These changes offer ways to work around the problems our users face when fetching data off the network today. In particular: * We adopt GnuPG's upstream approach of making keyserver access default to self-sigs-only. This means that the keyserver cannot flood the user's keyring by default. (we do *not* adopt upstream's choice of import-clean for keyserver default, see https://dev.gnupg.org/T4628 for more explanation) * We constrain the SKS CA to only validate hkps.pool.sks-keyservers.net (and we avoid using the system CAs for the SKS pool), thereby tightening the confidentiality constraints on TLS-wrapped keyserver access. * Since the SKS pool's distribution of third-party certifications will be ignored by default, we change the default keyserver to hkps://keys.openpgp.org, which won't waste the user's bandwidth for data that they won't even consider by default. keys.openpgp.org is significantly more performant for read-only clients (most keyserver access) than any member of the SKS pool. * We also allow GnuPG to merge certificate updates (revocations, subkey rotations) which might be published on keys.openpgp.org without any user ID (see https://dev.gnupg.org/T4393 for more discussion). This represents a security improvement for users who might otherwise use a locally-cached certificate that should have been revoked, or who cannot encrypt to a locally-cached certificate because they don't know about its new encryption-capable subkey. * migrate-pubring-from-classic-gpg fails when the user's keyring contains a flooded certificate -- we address this (#931385), and adds a test for it. ------- A note about "web of trust" and the third-party certifications it depends on: Third-party certifications are still importable by default over WKD and DANE/OPENPGPKEY access. It is generally recommended to use those mechanisms where providers offer them, using --locate-key by e-mail address instead of --search. A user who wants to import arbitrary third-party certifications via HKP or HKPS can still do so by identifying their trusted keyserver source and indicating that third-party certifications are OK. for example: --keyserver hkps://hkps.pool.sks-keyservers.net --keyserver-options no-self-sigs-only ------- Finally, we add an additional simple test for ci.debian.org, and we adjust the gpgv-win32 ci test so that it will only run on i386 testers (#905563). continuous integration for the win! :) The changelog entry provides this summary: gnupg2 (2.2.12-1+deb10u1) buster; urgency=medium * drop unneeded patch for printing revocation certificates * backport bugfix and stability patches from upstream 2.2.13 * backport bugfix and stability patches from upstream 2.2.14 * backport documentation, stability, ssh, and WKD patches from upstream 2.2.15 * backport documentation and bugfix patches from upstream 2.2.16 * import bugfixes and cleanup around secret key handling from 2.2.14 * backport bugfixes, documentation, WKD, and keyserver fixes from 2.2.17 * import efficiency and security fixes from upstream STABLE-BRANCH-2-2 * avoid using SKS pool CA unless the keyserver is hkps.pool.sks-keyservers.net * drop import-clean from default keyserver options, to avoid data loss * use keys.openpgp.org as the default keyserver * enable merging certificate updates even if update has no user ID * update Vcs-Git: to point to debian/buster branch * Adopt migrate-pubring-from-classic-gpg robustness fixes (Closes: #931385) * add new CI test: debian/tests/simple-tests * debian/tests/gpgv-win32: make arch-specific (Closes: #905563) -- Daniel Kahn Gillmor <d...@fifthhorseman.net> Sun, 21 Jul 2019 15:39:05 -0400 I recognize that this is a lot of changes, but upstream's 2.2 branch is intended to be stable. (most of the GnuPG development work is happening on the 2.3 branch, and most of the work on 2.2 is just backports of bugfixes) These changes are also visible on the debian/buster branch on https://salsa.debian.org/debian/gnupg2. So another option, if the release-team prefers, would be to move GnuPG on buster to 2.2.17, with some of the additional changes mentioned above -- that would involve more upstream changes that are not currently included in this series, but it would also mean that our versions are less divergent from what upstream believes the shipped version of gnupg is. Please let me know if you'd prefer that i take that approach instead of these patch queues. Fwiw, i don't think that GnuPG upstream is as stable as i would personally like it to be, but the set of changes i've included here attempt to minimize the amount of negative disruption that a user might experience from the upgrade, while still ensuring that the user can deal with the current reality of how OpenPGP certificates are distributed on the public Internet. Regards, --dkg -- System Information: Debian Release: bullseye/sid APT prefers testing-debug APT policy: (500, 'testing-debug'), (500, 'testing'), (500, 'oldstable'), (200, 'unstable-debug'), (200, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
gnupg2_2.2.12-1_2.2.12-1+deb10u1.debdiff.gz
Description: application/gzip
