This bug was fixed in the package apt - 2.8.3
---------------
apt (2.8.3) noble; urgency=medium
* Revert increased key size requirements from 2.8.0-2.8.2 (LP: #2073126)
- Revert "Only install 00-temporary-rsa1024 for >=2.7.6 and improve comment"
- Revert "Only warn about <rsa2048 when upgrading from 2.7.x to 2.8.x"
- Revert rsa1024 to warnings again
This leaves the mechanisms in place and no longer warns about NIST curves.
* Fix keeping back removals of obsolete packages; and return an error if
ResolveByKeep() is unsuccessful (LP: #2078720)
* Fix buffer overflow, stack overflow, exponential complexity in
apt-ftparchive Contents generation (LP: #2083697)
- ftparchive: Mystrdup: Add safety check and bump buffer size
- ftparchive: contents: Avoid exponential complexity and overflows
- test framework: Improve valgrind support
- test: Check that apt-ftparchive handles deep paths
- Workaround valgrind "invalid read" in ExtractTar::Go by moving large
buffer from stack to heap. The large buffer triggered some bugs in
valgrind stack clash protection handling.
apt (2.8.2) noble; urgency=medium
* Only install 00-temporary-rsa1024 for >=2.7.6 and improve comment
(follow-up for LP: #2073126)
apt (2.8.1) noble; urgency=medium
* Only revoke weak RSA keys for now, add 'next' and 'future' levels
(backported from 2.9.7)
Note that the changes to warn about keys not matching the future level
in the --audit level are not fully included, as the --audit feature
has not yet been backported. (LP: #2073126)
* Introduce further mitigation on upgrades from 2.7.x to allow these
systems to continue using rsa1024 repositories with warnings
until the 24.04.2 point release (LP: #2073126)
apt (2.8.0) noble; urgency=medium
[ Julian Andres Klode ]
* Revert "Temporarily downgrade key assertions to "soon worthless""
We temporarily downgraded the errors to warnings to give the
launchpad PPAs time to be fixed, but warnings are not safe:
Untrusted keys could be hiding on your system, but just not
used at the moment. Hence revert this so we get the errors we
want. (LP: #2060721)
* Branch off the stable 2.8.y branch for noble:
- CI: Test in ubuntu:noble images for 2.8.y
- debian/gbp.conf: Point at the 2.8.y branch
[ David Kalnischkies ]
* Test suite fixes:
- Avoid subshell hiding failure report from testfilestats
- Ignore umask of leftover diff_Index in failed pdiff test
* Documentation translation fixes:
- Fix and unfuzzy previous VCG/Graphviz URI change
-- Julian Andres Klode <juli...@ubuntu.com> Tue, 22 Oct 2024 15:02:22
+0200
** Changed in: apt (Ubuntu Noble)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/2073126
Title:
More nuanced public key algorithm revocation
Status in apt package in Ubuntu:
Fix Released
Status in apt source package in Noble:
Fix Released
Status in apt source package in Oracular:
Fix Released
Bug description:
(Please see https://wiki.ubuntu.com/AptUpdates for the versioning)
[Impact]
We have received feedback from users that use NIST-P256 keys for their
repositories that are upset about receiving a warning. We also revoked
additional ECC curves, which may still be considered trusted, so we should not
bump them to errors.
Also existing users may have third-party repositories that use
1024-bit RSA keys and we have not adequately informed them yet
perhaps. We tried to revoke them in the 2.8.0, 2.8.1, and 2.8.2
updates (see bug 2060721). This has been deferred to a later update
than 2.8.3 such that we can solve the warnings and other bugs.
[Solution]
Hence we will restore all elliptic curve keys of 256 or more bit to trusted:
">=rsa1024,ed25519,ed448,nistp256,nistp384,nistp512,brainpoolP256r1,brainpoolP320r1,brainpoolP384r1,brainpoolP512r1,secp256k1";
Note that we still keep rsa1024 as allowed.
At the same time we will also introduce a more nuanced approach to
revocations by introducing a 'next' level that issues a warning if the
key is not allowed in it and a 'future' level that will issue an audit
message with the --audit option.
For the next level, we will set it to:
">=rsa2048,ed25519,ed448,nistp256,nistp384,nistp512"
This means we restrict warnings to Brainpool curves and the secp256k1
key, which we have not received any feedback about them being used
yet.
For the future level, we will take a strong approach to best practices
as it is only seen when explictly running with --audit and the
intention is to highlight best practices. It will be set to
">=rsa3072,ed25519,ed448";
Which corresponds to the NIST recommendations for 2031 (and as little
curves as possible). This level is unused in the 24.04 upload as the
corresponding "audit" log level has not been backported to it.
[Test plan]
Tests are included in the library unit tests for parsing the specification
strings; we have also included a test for the gpgv method to ensure that it
produces the correct outcome for both 'next' and 'future' revoked keys.
Some smoke tests:
- Observe one a system with a 1024R signed repository that it keeps working
and produces a warning (ensures a key listed in "next" but not in "current"
warns)
- Sign a repository with a NIST P-256 key and ensure it does not produce
warnings (ensures that a key listed in "current" and "next" does not warn)
[Where problems could occur]
There could of course be bugs in the implementation of the new feature; this
could result in verification of files failing. This also happens if you specify
an invalid `next` or `future` string.
There cannot be any false positives: The new levels are only
*additional* checks, anything not in the `Assert-Pubkey-Algo` list is
still revoked.
The change in behavior of APT::Key::Assert-Pubkey-Algo _may_ cause a
regression if you purposefully override `APT::Key::Assert-Pubkey-Algo`
to *NOT* include algorithms that you actually use; which seems highly
unlikely given that you'd be introducing warnings to your system. If
you don't have a custom value set (or no warnings with your custom
value), you have no regression there.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/2073126/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
