Home Explore Help
Sign In
NitoTV
/
apt
Watch 2
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

gpgv: Untrust SHA1, RIPE-MD/160, but allow downgrading to weak

Change the trust level check to allow downgrading an Untrusted
option to weak (APT::Hashes::SHA1::Weak "yes";), so it prints
a warning instead of an error; and change the default values
for SHA1 and RIPE-MD/160 from Weak to Untrusted.
Julian Andres Klode 7 years ago
parent
250687865e
commit
33d7a8d672
2 changed files with 22 additions and 4 deletions
Split View Show Diff Stats
  1. 18 0
      debian/NEWS
  2. 4 4
      methods/gpgv.cc

+ 18 - 0
debian/NEWS
View File 

@@ -1,3 +1,21 @@
 
+apt (1.4~beta1) UNRELEASED; urgency=medium
 
+
 
+  Support for GPG signatures using the SHA1 or RIPE-MD/160 hash
 
+  algorithms has been disabled. Repositories using Release files
 
+  signed in such a way will stop working. This change has been made
 
+  due to security considerations, especially with regards to possible
 
+  further breakthroughs in SHA1 breaking during the lifetime
 
+  of this APT release series.
 
+
 
+  It is possible (but STRONGLY ADVISED AGAINST) to revert to the previous
 
+  behaviour by setting the options
 
+    APT::Hashes::SHA1::Weak "yes";
 
+    APT::Hashes::RIPE-MD/160::Weak "yes";
 
+  Note that setting these options only affects the verification of the overall
 
+  repository signature.
 
+
 
+ -- Julian Andres Klode <jak@debian.org>  Fri, 25 Nov 2016 13:19:32 +0100
 
+
 
 apt (1.2~exp1) experimental; urgency=medium
 
 
   [ Automatic removal of debs after install ]

+ 4 - 4
methods/gpgv.cc
View File 

@@ -55,9 +55,9 @@ struct Digest {
 
       std::string optionWeak;
 
       strprintf(optionUntrusted, "APT::Hashes::%s::Untrusted", name);
 
       strprintf(optionWeak, "APT::Hashes::%s::Weak", name);
 
-      if (_config->FindB(optionUntrusted, state == State::Untrusted) == true)
 
+      if (_config->FindB(optionUntrusted, false) == true)
 
 	 return State::Untrusted;
 
-      if (_config->FindB(optionWeak, state == State::Weak) == true)
 
+      if (_config->FindB(optionWeak, false) == true)
 
 	 return State::Weak;
 
 
       return state;
 
@@ -67,8 +67,8 @@ struct Digest {
 
 static constexpr Digest Digests[] = {
 
    {Digest::State::Untrusted, "Invalid digest"},
 
    {Digest::State::Untrusted, "MD5"},
 
-   {Digest::State::Weak, "SHA1"},
 
-   {Digest::State::Weak, "RIPE-MD/160"},
 
+   {Digest::State::Untrusted, "SHA1"},
 
+   {Digest::State::Untrusted, "RIPE-MD/160"},
 
    {Digest::State::Trusted, "Reserved digest"},
 
    {Digest::State::Trusted, "Reserved digest"},
 
    {Digest::State::Trusted, "Reserved digest"},