summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJulian Andres Klode <jak@debian.org>2016-11-25 13:12:28 +0100
committerJulian Andres Klode <jak@debian.org>2016-11-25 23:45:19 +0100
commit33d7a8d672c8c720947e81158de4a5a07be05b72 (patch)
treeffb291b59f965e12ea2749a7c16728c941eb4cfc
parent250687865e2d27dc949b810e59b07161a4c8f762 (diff)
gpgv: Untrust SHA1, RIPE-MD/160, but allow downgrading to weak
Change the trust level check to allow downgrading an Untrusted option to weak (APT::Hashes::SHA1::Weak "yes";), so it prints a warning instead of an error; and change the default values for SHA1 and RIPE-MD/160 from Weak to Untrusted.
-rw-r--r--debian/NEWS18
-rw-r--r--methods/gpgv.cc8
2 files changed, 22 insertions, 4 deletions
diff --git a/debian/NEWS b/debian/NEWS
index 934391456..2c2b33c10 100644
--- a/debian/NEWS
+++ b/debian/NEWS
@@ -1,3 +1,21 @@
+apt (1.4~beta1) UNRELEASED; urgency=medium
+
+ Support for GPG signatures using the SHA1 or RIPE-MD/160 hash
+ algorithms has been disabled. Repositories using Release files
+ signed in such a way will stop working. This change has been made
+ due to security considerations, especially with regards to possible
+ further breakthroughs in SHA1 breaking during the lifetime
+ of this APT release series.
+
+ It is possible (but STRONGLY ADVISED AGAINST) to revert to the previous
+ behaviour by setting the options
+ APT::Hashes::SHA1::Weak "yes";
+ APT::Hashes::RIPE-MD/160::Weak "yes";
+ Note that setting these options only affects the verification of the overall
+ repository signature.
+
+ -- Julian Andres Klode <jak@debian.org> Fri, 25 Nov 2016 13:19:32 +0100
+
apt (1.2~exp1) experimental; urgency=medium
[ Automatic removal of debs after install ]
diff --git a/methods/gpgv.cc b/methods/gpgv.cc
index a8887d703..95a86f890 100644
--- a/methods/gpgv.cc
+++ b/methods/gpgv.cc
@@ -55,9 +55,9 @@ struct Digest {
std::string optionWeak;
strprintf(optionUntrusted, "APT::Hashes::%s::Untrusted", name);
strprintf(optionWeak, "APT::Hashes::%s::Weak", name);
- if (_config->FindB(optionUntrusted, state == State::Untrusted) == true)
+ if (_config->FindB(optionUntrusted, false) == true)
return State::Untrusted;
- if (_config->FindB(optionWeak, state == State::Weak) == true)
+ if (_config->FindB(optionWeak, false) == true)
return State::Weak;
return state;
@@ -67,8 +67,8 @@ struct Digest {
static constexpr Digest Digests[] = {
{Digest::State::Untrusted, "Invalid digest"},
{Digest::State::Untrusted, "MD5"},
- {Digest::State::Weak, "SHA1"},
- {Digest::State::Weak, "RIPE-MD/160"},
+ {Digest::State::Untrusted, "SHA1"},
+ {Digest::State::Untrusted, "RIPE-MD/160"},
{Digest::State::Trusted, "Reserved digest"},
{Digest::State::Trusted, "Reserved digest"},
{Digest::State::Trusted, "Reserved digest"},