diff options
| author | Julian Andres Klode <jak@debian.org> | 2016-11-25 13:12:28 +0100 |
|---|---|---|
| committer | Julian Andres Klode <jak@debian.org> | 2016-11-25 23:45:19 +0100 |
| commit | 33d7a8d672c8c720947e81158de4a5a07be05b72 (patch) | |
| tree | ffb291b59f965e12ea2749a7c16728c941eb4cfc | |
| parent | 250687865e2d27dc949b810e59b07161a4c8f762 (diff) | |
gpgv: Untrust SHA1, RIPE-MD/160, but allow downgrading to weak
Change the trust level check to allow downgrading an Untrusted
option to weak (APT::Hashes::SHA1::Weak "yes";), so it prints
a warning instead of an error; and change the default values
for SHA1 and RIPE-MD/160 from Weak to Untrusted.
| -rw-r--r-- | debian/NEWS | 18 | ||||
| -rw-r--r-- | methods/gpgv.cc | 8 |
2 files changed, 22 insertions, 4 deletions
diff --git a/debian/NEWS b/debian/NEWS index 934391456..2c2b33c10 100644 --- a/debian/NEWS +++ b/debian/NEWS @@ -1,3 +1,21 @@ +apt (1.4~beta1) UNRELEASED; urgency=medium + + Support for GPG signatures using the SHA1 or RIPE-MD/160 hash + algorithms has been disabled. Repositories using Release files + signed in such a way will stop working. This change has been made + due to security considerations, especially with regards to possible + further breakthroughs in SHA1 breaking during the lifetime + of this APT release series. + + It is possible (but STRONGLY ADVISED AGAINST) to revert to the previous + behaviour by setting the options + APT::Hashes::SHA1::Weak "yes"; + APT::Hashes::RIPE-MD/160::Weak "yes"; + Note that setting these options only affects the verification of the overall + repository signature. + + -- Julian Andres Klode <jak@debian.org> Fri, 25 Nov 2016 13:19:32 +0100 + apt (1.2~exp1) experimental; urgency=medium [ Automatic removal of debs after install ] diff --git a/methods/gpgv.cc b/methods/gpgv.cc index a8887d703..95a86f890 100644 --- a/methods/gpgv.cc +++ b/methods/gpgv.cc @@ -55,9 +55,9 @@ struct Digest { std::string optionWeak; strprintf(optionUntrusted, "APT::Hashes::%s::Untrusted", name); strprintf(optionWeak, "APT::Hashes::%s::Weak", name); - if (_config->FindB(optionUntrusted, state == State::Untrusted) == true) + if (_config->FindB(optionUntrusted, false) == true) return State::Untrusted; - if (_config->FindB(optionWeak, state == State::Weak) == true) + if (_config->FindB(optionWeak, false) == true) return State::Weak; return state; @@ -67,8 +67,8 @@ struct Digest { static constexpr Digest Digests[] = { {Digest::State::Untrusted, "Invalid digest"}, {Digest::State::Untrusted, "MD5"}, - {Digest::State::Weak, "SHA1"}, - {Digest::State::Weak, "RIPE-MD/160"}, + {Digest::State::Untrusted, "SHA1"}, + {Digest::State::Untrusted, "RIPE-MD/160"}, {Digest::State::Trusted, "Reserved digest"}, {Digest::State::Trusted, "Reserved digest"}, {Digest::State::Trusted, "Reserved digest"}, |