Package: apt Version: 0.6.44.2 Severity: critical Tags: security patch Justification: breaks the whole system
The SHA256 checksums recently added to Packages files are wrong due to a porting error when the sha256 implementation code was imported from the Linux kernel sources to the apt source tree. Specifically, the broken sha256 code checksums only 19 out of every 64 bytes of input and otherwise computes a result which is neither sha256(input) nor sha256(mangled input). According to the changelog, the broken code was added to non-experimental apt in version 0.6.44 uploaded 8 May 2006 . This has the following severe consequences: - The broken hash values obviously do not provide anything resembling the security needed by secure apt, a problem compounded by the broken status of the other two hash algorithms used (MD5 and SHA1). Thus the security tag. - When the code is fixed to produce and check correct SHA256 hashes, the fact that these values are different from the broken values means that a correct apt will reject all Packages files produced by a broken apt and a broken apt will reject all Packages files produced by a correct apt. This means that when such a new apt implementation is placed in the debian archive, the whole system becomes impossible to install or upgrade: If the Packages file has bad SHA256 values, the broken apt versions already installed by testers/users will allow installation of the new apt, but once it has been installed, the new apt will reject all packages and stop all further installs. If the Packages file has good SHA256 values, the broken apt versions already deployed will refuse their contents, thus preventing users from upgrading to a good apt. This I believe justifies the "breaks whole system, critical" tag. To work around the "breaks whole system" issue, the following transition plan is proposed: 1. Before uploading the fixed apt, temporarily reconfigure darcs etc. to NOT include SHA256 values in Packages files at all (apt-ftparchive has an option to do that). 2. Upload the fixed apt as a minimal change from the apt version in testing, and coordinate with ftpadmin to push it quickly through to testing. Yes, this means holding back other bug fixes until the change has propagated. 3. Allow 1-3 weeks for users to upgrade to the fixed apt. Use the various announce mailing lists to alert users to the urgency of getting rid of apt versions 0.6.44 to 0.6.44.? inclusive before the grace period ends! 4. Turn SHA256 back on in darcs etc. this makes the SHA256 security available for real. But it also means that the archive can no longer be used by the broken 0.6.44 versions of apt. So leave behind (on the ftp server, www server etc.) a message explaining how users can manually upgrade to a new apt version by downloading a .tar file and a detached .gpg signature from ftp.debian.org/debian/tools/something . (This would be a hand-built tar file containing replacement .so files for each of the bad 0.6.44 apt versions and platforms). For the security breakage, patching apt is the obvious fix. Steps to reproduce: $ apt-ftparchive packages somedirwithdebs ..... Filename: somedirwithdebs/something_xyz_all.deb SHA256: 64 wrong hex digits here ..... $ gpg --pring-md sha256 somedirwithdebs/something_xyz_all.deb somedirwithdebs/something_xyz_all.deb: 64 right hex digits $ shasum -a 256 somedirwithdebs/something_xyz_all.deb 64 right hex digits somedirwithdebs/something_xyz_all.deb $ openssl dgst -sha256 -hex somedirwithdebs/something_xyz_all.deb SHA256(somedirwithdebs/something_xyz_all.deb)= 64 right hex digits $ Thus at least 3 independent SHA256 implementations agree on the correct value, as will apt once corrected. [Patch begin, apply to apt-0.6.44.x with patch -Np1] diff -Naur apt-0.6.44.2.old/apt-pkg/contrib/sha256.cc apt-0.6.44.2.new/apt-pkg/contrib/sha256.cc --- apt-0.6.44.2.orig/apt-pkg/contrib/sha256.cc 2006-05-16 19:31:39.000000000 +0000 +++ apt-0.6.44.2.new/apt-pkg/contrib/sha256.cc 2006-07-14 00:50:49.000000000 +0000 @@ -61,10 +61,10 @@ static inline void LOAD_OP(int I, u32 *W, const u8 *input) { - W[I] = ( ((u32) input[I + 0] << 24) - | ((u32) input[I + 1] << 16) - | ((u32) input[I + 2] << 8) - | ((u32) input[I + 3])); + W[I] = ( ((u32) input[I * 4 + 0] << 24) + | ((u32) input[I * 4 + 1] << 16) + | ((u32) input[I * 4 + 2] << 8) + | ((u32) input[I * 4 + 3])); } static inline void BLEND_OP(int I, u32 *W) [Patch end] (In the Linux kernel, the same calculation used a kernel only type and macro to do the big-endian-unaligned-32bit to native-endian-aligned-32bit conversion, the code lines above were written specially for apt 0.6.44 (8 May 2006) and later). -- Package-specific info: -- apt-config dump -- APT ""; APT::Architecture "amd64"; APT::Build-Essential ""; APT::Build-Essential:: "build-essential"; Dir "/"; Dir::State "var/lib/apt/"; Dir::State::lists "lists/"; Dir::State::cdroms "cdroms.list"; Dir::State::userstatus "status.user"; Dir::State::status "/var/lib/dpkg/status"; Dir::Cache "var/cache/apt/"; Dir::Cache::archives "archives/"; Dir::Cache::srcpkgcache "srcpkgcache.bin"; Dir::Cache::pkgcache "pkgcache.bin"; Dir::Etc "etc/apt/"; Dir::Etc::sourcelist "sources.list"; Dir::Etc::sourceparts "sources.list.d"; Dir::Etc::vendorlist "vendors.list"; Dir::Etc::vendorparts "vendors.list.d"; Dir::Etc::main "apt.conf"; Dir::Etc::parts "apt.conf.d"; Dir::Etc::preferences "preferences"; Dir::Bin ""; Dir::Bin::methods "/usr/lib/apt/methods"; Dir::Bin::dpkg "/usr/bin/dpkg"; DPkg ""; DPkg::Pre-Install-Pkgs ""; DPkg::Pre-Install-Pkgs:: "/usr/bin/apt-listchanges --apt || test $? -ne 10"; DPkg::Pre-Install-Pkgs:: "echo -n superdoc... ; /usr/local/sbin/superdoc --undo && echo ok || echo err $? || true"; DPkg::Pre-Install-Pkgs:: "/usr/sbin/dpkg-preconfigure --apt || true"; DPkg::Tools ""; DPkg::Tools::Options ""; DPkg::Tools::Options::/usr/bin/apt-listchanges ""; DPkg::Tools::Options::/usr/bin/apt-listchanges::Version "2"; DPkg::Post-Invoke ""; DPkg::Post-Invoke:: "echo -n superdoc... ; /usr/local/sbin/superdoc && echo ok || echo err $? || true"; DPkg::Post-Invoke:: "if [ -x /usr/bin/debsums ]; then /usr/bin/debsums --generate=nocheck -sp /var/cache/apt/archives; fi"; -- (no /etc/apt/preferences present) -- -- (/etc/apt/sources.list present, but not submitted) -- -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /basnxt/bin/bash Kernel: Linux 2.6.16jbj3.4-14 Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8) Versions of packages apt depends on: ii libc6 2.3.6-15 GNU C Library: Shared libraries ii libgcc1 1:4.1.1-5 GCC support library ii libstdc++6 4.1.1-5 The GNU Standard C++ Library v3 Versions of packages apt recommends: ii debian-archive-keyring 2006.01.18 GnuPG archive keys of the Debian a -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]