From kfitzner at excelcia.org Fri Jan 13 18:35:13 2006 From: kfitzner at excelcia.org (Kurt Fitzner) Date: Fri Jan 13 20:10:18 2006 Subject: [Announce] GPGee version 1.3.0 Released Message-ID: <43C7E4D1.4070400@excelcia.org> I have just released version 1.3.0 of GPGee - the GnuPG Explorer Extension. The major new feature in this release is support for the OpenPGP smartcard. There is a whole host of minor changes and bugfixes too including better directory recursion, .pgp file extension support, subkey-friendly signing and encryption, and fixes for passphrase caching where more than one passphrase is asked for in a single operation. You can read the complete list of changes on the GPGee web page in the news section. A direct link is: http://www.excelcia.org/modules.php?name=News&file=article&sid=46&mode=&order=0&thold=0 For those of you who are unfamilliar with the program, GPGee is the GnuPG Explorer Extension - a Windows shell extension front end for GnuPG that gives you access to GnuPG functionality directly through the Windows explorer right-click context menu. More information (including a full discussion of the new version) and downloads are available from: http://gpgee.excelcia.org As a last note, I want to thank Werner Koch and g10 Code for donating some smartcards so I could get the support for them working. Kurt Fitzner -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 305 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20060113/25e1d199/signature.pgp From wk at gnupg.org Wed Feb 15 08:49:25 2006 From: wk at gnupg.org (Werner Koch) Date: Wed Feb 15 08:52:13 2006 Subject: [Announce] False positive signature verification in GnuPG Message-ID: <87u0b1xdru.fsf@wheatstone.g10code.de> False positive signature verification in GnuPG ============================================== Summary ======= The Gentoo project identified a security related bug in GnuPG. When using any current version of GnuPG for unattended signature verification (e.g. by scripts and mail programs), false positive signature verification of detached signatures may occur. This problem affects the tool *gpgv*, as well as using "gpg --verify" to imitate gpgv, if only the exit code of the process is used to decide whether a detached signature is valid. This is a plausible mode of operation for gpgv. If, as suggested, the --status-fd generated output is used to decide whether a signature is valid, no problem exists. In particular applications making use of the GPGME library[2] are not affected. To solve this problem an update of the current stable version has been released (see below). Please do not send private mail in response to this message. The mailing list gnupg-devel is the best place to discuss this problem (please subscribe first so you don't need moderator approval [1]). Impact: ======= Signature verification of detached signatures does not work, thus modified versions of signature protected files may not be detected. All versions of gnupg prior to 1.4.2.1 are affected if they are used in certain unattended operation modes. There is no problem using GnuPG in an interactive way because GnuPG won't print any signature status at all; i.e. no "Good signature". Scripts and applications using gpg or gpgv with the --status-fd option and properly parsing this output are not affected. Applications using the GPGME library[2] are not affected. The GnuPG versions 1.9 are not affected unless the currently deprecated gpg part has been enabled. Solution: ========= Update GnuPG as soon as possible to version 1.4.2.1. There are no fixes for older versions available, although the fix described below may be adjusted for them. To update please follow the instructions found at http://www.gnupg.org/download/ or read on: GnuPG 1.4.2.1 may be downloaded from one of the GnuPG mirror sites or direct from ftp://ftp.gnupg.org/gcrypt/ . The list of mirrors can be found at http://www.gnupg.org/mirrors.html . Note, that GnuPG is not available at ftp.gnu.org. On the mirrors you should find the following files in the *gnupg* directory: gnupg-1.4.2.1.tar.bz2 (2.8M) gnupg-1.4.2.1.tar.bz2.sig GnuPG source compressed using BZIP2 and OpenPGP signature. gnupg-1.4.2.1.tar.gz (4.0M) gnupg-1.4.2.1.tar.gz.sig GnuPG source compressed using GZIP and OpenPGP signature. gnupg-1.4.2-1.4.2.1.diff.bz2 (39k) A patch file to upgrade a 1.4.2 GnuPG source. Select one of them. To shorten the download time, you probably want to get the BZIP2 compressed file. Please try another mirror if exceptional your mirror is not yet up to date. In the *binary* directory, you should find these files: gnupg-w32cli-1.4.2.1.exe (1.4M) gnupg-w32cli-1.4.2.1.exe.sig GnuPG compiled for Microsoft Windows and OpenPGP signature. Note that this is a command line version and now comes with a graphical installer tool. The source files are the same as given above. Note, that a new version of the Gpg4Win package[3], including an updated version of GnuPG, will be available later today. In order to check that the version of GnuPG which you are going to install is an original and unmodified one, you can do it in one of the following ways: * If you already have a trusted version of GnuPG installed, you can simply check the supplied signature. For example to check the signature of the file gnupg-1.4.2.1.tar.bz2 you would use this command: gpg --verify gnupg-1.4.2.1.tar.bz2.sig This checks whether the signature file matches the source file. You should see a message indicating that the signature is good and made by that signing key. Make sure that you have the right key, either by checking the fingerprint of that key with other sources or by checking that the key has been signed by a trustworthy other key. Note, that you can retrieve the signing key using "finger wk 'at' g10code.com" or "finger dd9jn 'at' gnu.org" or using the keyservers. From time to time I prolong the expiration date; thus you might need a fresh copy of that key. Never use a GnuPG version you just downloaded to check the integrity of the source - use an existing GnuPG installation! Watch out for a "Good signature" messages. * If you are not able to use an old version of GnuPG, you have to verify the SHA-1 checksum. Assuming you downloaded the file gnupg-1.4.2.1.tar.bz2, you would run the sha1sum command like this: sha1sum gnupg-1.4.2.1.tar.bz2 and check that the output matches the first line from the following list: 1c0306ade25154743d6f6f9ac05bee74c55c6eda gnupg-1.4.2.1.tar.bz2 cefc74560f21bde74eed298d86460612cd7e12ee gnupg-1.4.2.1.tar.gz 98d597b1a9871b4aadc820d8641b36ce09125612 gnupg-1.4.2-1.4.2.1.diff.bz2 a4db35a72d72df8e76751adc6f013b4c96112fd4 gnupg-w32cli-1.4.2.1.exe Background: =========== If a file with arbitrary data, for example 64 times the character 0xCA, is used as the detached signature, any data file will lead to gpg exiting with 0 (success). There won't be any messages indicating that the signature is valid or false: $ fortune >x.txt $ perl -e 'print "\xca"x"64"' >x.txt.sig $ gpgv x.txt.sig x.txt $ echo $? 0 Cleary this should not return success. The same problem appears when using "gpg --verify" in place of gpgv. However in this case any application should to do further checks to make sure that the key verifying the signature is actually the desired one, thus using "gpg --verify" without processing the --status-fd generated output is in general the wrong approach. The fixed version makes sure that gpgv and "gpg --verify" won't return success if no signature has been seen. A minimal but sufficient fix against 1.4.2 and possible older versions is: ====8<============ --- g10/mainproc.c (revision 4001) +++ g10/mainproc.c (working copy) @@ -77,6 +77,7 @@ int op; int stop_now; } pipemode; + int any_sig_seen; /* Set to true if a signature packet has been seen. */ }; @@ -217,6 +218,7 @@ { KBNODE node; + c->any_sig_seen = 1; if( pkt->pkttype == PKT_SIGNATURE && !c->list ) { /* This is the first signature for the following datafile. * GPG does not write such packets; instead it always uses @@ -1137,6 +1139,18 @@ c->signed_data = signedfiles; c->sigfilename = sigfilename; rc = do_proc_packets( c, a ); + + /* If we have not encountered any signature we print an error + messages, send a NODATA status back and return an error code. + Using log_error is required because verify_files does not check + error codes for each file but we want to terminate the process + with an error. */ + if (!rc && !c->any_sig_seen) + { + write_status_text (STATUS_NODATA, "4"); + log_error (_("no signature found\n")); + rc = -1; + } m_free( c ); return rc; } ====>8============ Note that the released version also includes a test case for this bug and prints an additional diagnostic. With the patch above the output using the same test data as above should be: $ gpgv x.txt.sig x.txt gpgv: no signature found gpgv: verify signatures failed: eof $ echo $? 2 Thanks ====== taviso from the Gentoo project found this vulnerability and informed me on Monday evening. Unfortunately I had already switched off my monitor at that time. The update has been released yesterday evening (CET). Salam-Shalom, Werner [1] http://lists.gnupg.org/mailman/listinfo/gnupg-devel [2] http://www.gnupg.org/related_software/gpgme [3] http://www.gpg4win.org -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org Join the Fellowship and protect your Freedom! http://www.fsfe.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 199 bytes Desc: not available Url : /pipermail/attachments/20060215/aa7a9a51/attachment.pgp From marcus.brinkmann at ruhr-uni-bochum.de Wed Feb 22 13:11:54 2006 From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: Fri Mar 3 10:56:47 2006 Subject: [Announce] GPGME 1.1.1 released Message-ID: <87y8031tkl.wl%marcus.brinkmann@ruhr-uni-bochum.de> We are pleased to announce version 1.1.1 of GnuPG Made Easy, a library designed to make access to GnuPG easier for applications. It may be found in the file (about 860 KB/663 KB compressed) ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.1.1.tar.gz ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.1.1.tar.bz2 The following files are also available: ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.1.1.tar.gz.sig ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.1.1.tar.bz2.sig ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.1.0-1.1.1.diff.gz It should soon appear on the mirrors listed at: http://www.gnupg.org/mirrors.html Bug reports and requests for assistance should be sent to: gnupg-devel@gnupg.org The sha1sum checksums for this distibution are 9db9b31fe83c2d37572995ca9857971f02d0a3dd gpgme-1.1.0-1.1.1.diff.gz 0cc2de4258897b5ef2b2750e652f608d56cdd282 gpgme-1.1.1.tar.bz2 899ca06e739a317a175b6217b56051d912530f3e gpgme-1.1.1.tar.bz2.sig bb93fb4414f1e4790b7af035a3e7abc64805d68c gpgme-1.1.1.tar.gz 7b70ae11584b5e8f814532a832477e3fba226c5e gpgme-1.1.1.tar.gz.sig Noteworthy changes in version 1.1.1 (2006-02-22) ------------------------------------------------ * Fixed a bug in that the fingerprints of subkeys are not available. * Clarified usage of the SECRET flag in key listings. It is now reset for stub keys. * Reading signature notations and policy URLs on key signatures is supported. They can be found in the new field notations of the gpgme_key_sig_t structure. This has to be enabled with the keylist mode flag GPGME_KEYLIST_MODE_SIG_NOTATIONS. * A new gpgme_free() function solves the problem of using different allocators in a single program. This function should now be used instead calling free() to release the buffer returned by gpgme_data_release_and_get_mem. It is recommended that you always do this, but it is only necessary on certain platforms, so backwards compatibility is provided. In other words: If free() worked for you before, it will keep working. * New status codes GPGME_PKA_TRUST_GOOD and GPGME_PKA_TRUST_BAD. They are analyzed by the verify handlers and made available in the new PKA_TRUST and PKA_ADDRESS fields of the signature result structure. * Interface changes relative to the 1.1.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_key_sig_t EXTENDED: New field notations. GPGME_KEYLIST_MODE_SIG_NOTATIONS NEW gpgme_free NEW GPGME_STATUS_PKA_TRUST_BAD NEW GPGME_STATUS_PKA_TRUST_GOOD NEW gpgme_signature_t EXTENDED: New field pka_trust. gpgme_signature_t EXTENDED: New field pka_address. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Marcus Brinkmann mb@g10code.de From marcus.brinkmann at ruhr-uni-bochum.de Fri Mar 3 10:47:02 2006 From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: Fri Mar 3 10:56:50 2006 Subject: [Announce] GPGME 1.1.2 released Message-ID: <8764mvhnc9.wl%marcus.brinkmann@ruhr-uni-bochum.de> Hi, We are pleased to announce version 1.1.2 of GnuPG Made Easy, a library designed to make access to GnuPG easier for applications. It may be found in the file (about 860 KB/663 KB compressed) ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.1.2.tar.gz ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.1.2.tar.bz2 The following files are also available: ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.1.2.tar.gz.sig ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.1.2.tar.bz2.sig ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.1.1-1.1.2.diff.gz It should soon appear on the mirrors listed at: http://www.gnupg.org/mirrors.html Bug reports and requests for assistance should be sent to: gnupg-devel@gnupg.org The sha1sum checksums for this distibution are d235499c72af6becb65846722575dfb535ed3938 gpgme-1.1.1-1.1.2.diff.gz ebf8c278e967588acd7c416bd14bfe35615b7e81 gpgme-1.1.2.tar.bz2 f295e2af9a1e9de8267c45165e1172b80b412c42 gpgme-1.1.2.tar.bz2.sig 336d94e3bf2facedd06c52bd016bce647667c347 gpgme-1.1.2.tar.gz 367b51143bafde9bd5958ad521146a0d270e4ccd gpgme-1.1.2.tar.gz.sig Noteworthy changes in version 1.1.2 (2006-03-02) ------------------------------------------------ * Fixed a bug in the W32 glib backend. Noteworthy changes in version 1.1.1 (2006-02-22) ------------------------------------------------ * Fixed a bug in that the fingerprints of subkeys are not available. * Clarified usage of the SECRET flag in key listings. It is now reset for stub keys. * Reading signature notations and policy URLs on key signatures is supported. They can be found in the new field notations of the gpgme_key_sig_t structure. This has to be enabled with the keylist mode flag GPGME_KEYLIST_MODE_SIG_NOTATIONS. * A new gpgme_free() function solves the problem of using different allocators in a single program. This function should now be used instead calling free() to release the buffer returned by gpgme_data_release_and_get_mem. It is recommended that you always do this, but it is only necessary on certain platforms, so backwards compatibility is provided. In other words: If free() worked for you before, it will keep working. * New status codes GPGME_PKA_TRUST_GOOD and GPGME_PKA_TRUST_BAD. They are analyzed by the verify handlers and made available in the new PKA_TRUST and PKA_ADDRESS fields of the signature result structure. * Interface changes relative to the 1.1.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_key_sig_t EXTENDED: New field notations. GPGME_KEYLIST_MODE_SIG_NOTATIONS NEW gpgme_free NEW GPGME_STATUS_PKA_TRUST_BAD NEW GPGME_STATUS_PKA_TRUST_GOOD NEW gpgme_signature_t EXTENDED: New field pka_trust. gpgme_signature_t EXTENDED: New field pka_address. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Marcus Brinkmann mb@g10code.de From marcus.brinkmann at ruhr-uni-bochum.de Fri Mar 3 15:47:58 2006 From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: Fri Mar 3 16:38:56 2006 Subject: [Announce] libgpg-error 1.2 released Message-ID: <87veuvfuu9.wl%marcus.brinkmann@ruhr-uni-bochum.de> Hi, We are pleased to announce version 1.2 of libgpg-error, a library for common error values and messages in GnuPG components. This is a shared library so it can be updated independently of each individual component, while still allowing the use of new error values in inter-process communication. It may be found in the file (about 438 KB/328 KB compressed) ftp://ftp.gnupg.org/gcrypt/libgpg-error/libgpg-error-1.2.tar.gz ftp://ftp.gnupg.org/gcrypt/libgpg-error/libgpg-error-1.2.tar.bz2 The following files are also available: ftp://ftp.gnupg.org/gcrypt/libgpg-error/libgpg-error-1.2.tar.gz.sig ftp://ftp.gnupg.org/gcrypt/libgpg-error/libgpg-error-1.2.tar.bz2.sig ftp://ftp.gnupg.org/gcrypt/libgpg-error/libgpg-error-1.1-1.2.diff.gz It should soon appear on the mirrors listed at: http://www.gnupg.org/mirrors.html Bug reports and requests for assistance should be sent to: gnupg-devel@gnupg.org The sha1sum checksums for this distibution are f9b757d1ebdf9dbdbaa6341fe10bc08d1c943ae6 libgpg-error-1.1-1.2.diff.gz 468657e5bccd534f350b1a0109e19d2a9cc5d027 libgpg-error-1.2.tar.bz2 77fa306f82cdab01b7efb41b2bfa68da0911dfb2 libgpg-error-1.2.tar.bz2.sig 54068686e109f28bb64c0d8e52bd79172cdf56ae libgpg-error-1.2.tar.gz c1a49600856c15865222647723aca1e71bbec2c2 libgpg-error-1.2.tar.gz.sig Noteworthy changes in version 1.2 (2006-03-03) ---------------------------------------------- * New function gpg_err_init, which binds the locale directory to the text domain. This function is a constructor on GCC targets, so it does not need to be called explicitely. The header file defines GPG_ERR_INITIALIZED in this case. This is experimental for now. * "./autogen.sh --build-w32" does now also build a DLL for W32. Translations are not yet provided for this platform. * New error codes GPG_ERR_UNKNOWN_EXTN and GPG_ERR_UNKNOWN_CRIT_EXTN. * New error code GPG_ERR_LOCKED. * New translations included for France, Romania, and Vietnamese. * Interface changes relative to the 1.1 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ GPG_ERR_UNKNOWN_EXTN NEW GPG_ERR_UNKNOWN_CRIT_EXTN NEW GPG_ERR_LOCKED NEW gpg_err_init NEW GPG_ERR_INITIALIZED NEW ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Marcus Brinkmann mb@g10code.de From marcus.brinkmann at ruhr-uni-bochum.de Fri Mar 3 15:51:43 2006 From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: Fri Mar 3 16:38:59 2006 Subject: [Announce] GPA 0.7.2 released Message-ID: <87u0affuo0.wl%marcus.brinkmann@ruhr-uni-bochum.de> Hello, We are pleased to announce the release of GPA 0.7.2. GPA is a graphical frontend for the GNU Privacy Guard (GnuPG, http://www.gnupg.org). GPA can be used to encrypt, decrypt, and sign files, to verify signatures and to manage the private and public keys. This is a development release. Please be careful when using it on production keys. You can find the release here: http://wald.intevation.org/frs/download.php/141/gpa-0.7.2.tar.bz2 http://wald.intevation.org/frs/download.php/142/gpa-0.7.2.tar.bz2.sig The SHA1 checksums for this release are: f3c0c400cc5b01b69b36704fdbe26f26abc8531b gpa-0.7.2.tar.bz2 c68868cf6aa383b6ad304d979be301d8620c0ec4 gpa-0.7.2.tar.bz2.sig Noteworthy changes in version 0.7.2 (2006-03-03) ------------------------------------------------ * The key generation wizard does not allow to set a comment anymore. This is an advanced feature available in the advanced GUI version of key generation. * Bug fixes for the Windows target, in particular internationalization and binary mode file handling. Marcus Brinkmann mb@g10code.de From wk at gnupg.org Thu Mar 9 19:53:40 2006 From: wk at gnupg.org (Werner Koch) Date: Thu Mar 9 19:56:32 2006 Subject: [Announce] GnuPG does not detect injection of unsigned data Message-ID: <87d5gvh2kr.fsf@wheatstone.g10code.de> GnuPG does not detect injection of unsigned data ================================================ (released 2006-03-09, CVE-2006-0049) Summary ======= In the aftermath of the false positive signature verfication bug (announced 2006-02-15) more thorough testing of the fix has been done and another vulnerability has been detected. This new problem affects the use of *gpg* for verification of signatures which are _not_ detached signatures. The problem also affects verification of signatures embedded in encrypted messages; i.e. standard use of gpg for mails. To solve this problem, an update of the current stable version has been released (see below). Please do not respond to this message. The mailing list gnupg-devel is the best place to discuss this problem (please subscribe first so you don't need moderator approval [1]). Impact: ======= Signature verification of non-detached signatures may give a positive result but when extracting the signed data, this data may be prepended or appended with extra data not covered by the signature. Thus it is possible for an attacker to take any signed message and inject extra arbitrary data. Detached signatures (a separate signature file) are not affected. All versions of gnupg prior to 1.4.2.2 are affected. Scripts and applications using gpg to verify the integrity of data are affected. This includes applications using the GPGME library[2]. The GnuPG version 1.9.x is not affected unless the currently deprecated gpg part has been enabled. Solution: ========= Update GnuPG as soon as possible to version 1.4.2.2. There are no fixes for older versions available. If you can't get an update from your vendor, please follow the instructions found at http://www.gnupg.org/download/ or read on: GnuPG 1.4.2.2 may be downloaded from one of the GnuPG mirror sites or direct from ftp://ftp.gnupg.org/gcrypt/ . The list of mirrors can be found at http://www.gnupg.org/mirrors.html . Note, that GnuPG is not available at ftp.gnu.org. On the mirrors you should find the following files in the *gnupg* directory: gnupg-1.4.2.2.tar.bz2 (2.8M) gnupg-1.4.2.2.tar.bz2.sig GnuPG source compressed using BZIP2 and OpenPGP signature. gnupg-1.4.2.2.tar.gz (4.0M) gnupg-1.4.2.2.tar.gz.sig GnuPG source compressed using GZIP and OpenPGP signature. gnupg-1.4.2.1-1.4.2.2.diff.bz2 (101k) A patch file to upgrade a 1.4.2.1 GnuPG source. Select one of them. To shorten the download time, you probably want to get the BZIP2 compressed file. Please try another mirror if exceptional your mirror is not yet up to date. In the *binary* directory, you should find these files: gnupg-w32cli-1.4.2.2.exe (1.4M) gnupg-w32cli-1.4.2.2.exe.sig GnuPG compiled for Microsoft Windows and OpenPGP signature. Note that this is a command line version and now comes with a graphical installer tool. The source files are the same as given above. Note, that a new version of the Gpg4Win package[3], including a fixed version of GnuPG has also been released today. In order to check that the version of GnuPG which you are going to install is an original and unmodified one, you can do it in one of the following ways: * If you already have a trusted version of GnuPG installed, you can simply check the supplied signature. Due to the fact that detached signatures are used, the problem described here does not affect this verification. For example to check the signature of the file gnupg-1.4.2.2.tar.bz2 you would use this command: gpg --verify gnupg-1.4.2.2.tar.bz2.sig This checks whether the signature file matches the source file. You should see a message indicating that the signature is good and made by that signing key. Make sure that you have the right key, either by checking the fingerprint of that key with other sources or by checking that the key has been signed by a trustworthy other key. Note, that you can retrieve the signing key using "finger wk 'at' g10code.com" or "finger dd9jn 'at' gnu.org" or using the keyservers. From time to time I prolong the expiration date; thus you might need a fresh copy of that key. Never use a GnuPG version you just downloaded to check the integrity of the source - use an existing GnuPG installation! Watch out for a "Good signature" messages. * If you are not able to use an old version of GnuPG, you have to verify the SHA-1 checksum. Assuming you downloaded the file gnupg-1.4.2.1.tar.bz2, you would run the sha1sum command like this: sha1sum gnupg-1.4.2.2.tar.bz2 and check that the output matches the first line from the following list: f5559ddb004e0638f6bd9efe2bac00134c5065ba gnupg-1.4.2.2.tar.bz2 959540c1c6158e09d668ceee055bf366dc26d0bd gnupg-1.4.2.2.tar.gz 880b3e937f232b1ca366bda37c4a959aacbd84f3 gnupg-1.4.2.1-1.4.2.2.diff.bz2 95dd7fd4c49423b86704acfc396ce5a53c8b19e7 gnupg-w32cli-1.4.2.2.exe Background: =========== OpenPGP messages are made up of packets. The signed data is a packet, the actual signature is a packet and there are several control packets as well. For example: O + D + S This describes a standard signed message made made up of a control packet (O for one-pass signature packet), the actual signed data (D) and the actual signature packet (S). gpg checks that the signature S is valid over the data D. This is actually easy if not OpenPGP and GnuPG would have a long tradition of changing the fromats. PGP 2 versions used a different way of composing these packets: S + D and early versions of gpg, released before RFC2440, even created D + S i.e. without the one-pass packet. Still this would all be easy to process properly but in an ill-advised attempt to make things easier, gpg allowed the processing of multiple signatures per file, like O1 + D1 + S1 + O2 + D2 + S2 where two standard signatures are concatenated. Now when combining this with the other variants of signatures, things get really messy and it is not always possible to assocciate the signature (S) with the signed data (D). gpg checked that this all works but unfortunately these checks are not sufficient enough. The attack is to change a standard message to inject faked data (F). A simple case is this: F + O + D + S gpg now happily skips F for verification and does a proper signature verification of D and if this succeeds, prints a positive result. However when asked to output the actual signed data it will output the concatenation of F + D and thus create the impression that both are covered by the signature. Depending on how gpg is invoked (in a pipeline or using --output) it may even output just F and not at all D. There are several variants of the attack in where to put the faked data. The only correct solution to this problem is to get rid of the feature to check concatenated signatures - this allows for strict checking of valid packet composition. This is what has been done in 1.4.2.2 and in the forthcoming 1.4.3rc2. These versions accept signatures only if they are composed of O + D + S S + D Cleartext signatures are of course also supported, they are similiar to the O+D+S case. The actual checking for valid signature packet composition is done at g10/mainproc.c, at the top of check_sig_and_print(). Thanks ====== Tavis Ormandy again poked on gpg and found this vulnerability. The new version has been released yesterday and should by now be available on all mirrors. [1] http://lists.gnupg.org/mailman/listinfo/gnupg-devel [2] http://www.gnupg.org/related_software/gpgme [3] http://www.gpg4win.org -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org Join the Fellowship and protect your Freedom! http://www.fsfe.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 199 bytes Desc: not available Url : /pipermail/attachments/20060309/06a8db4e/attachment.pgp From wk at gnupg.org Thu Mar 9 19:53:40 2006 From: wk at gnupg.org (Werner Koch) Date: Tue Mar 14 00:26:05 2006 Subject: [Announce] GnuPG does not detect injection of unsigned data Message-ID: <87d5gvh2kr.fsf@wheatstone.g10code.de> GnuPG does not detect injection of unsigned data ================================================ (released 2006-03-09, CVE-2006-0049) Summary ======= In the aftermath of the false positive signature verfication bug (announced 2006-02-15) more thorough testing of the fix has been done and another vulnerability has been detected. This new problem affects the use of *gpg* for verification of signatures which are _not_ detached signatures. The problem also affects verification of signatures embedded in encrypted messages; i.e. standard use of gpg for mails. To solve this problem, an update of the current stable version has been released (see below). Please do not respond to this message. The mailing list gnupg-devel is the best place to discuss this problem (please subscribe first so you don't need moderator approval [1]). Impact: ======= Signature verification of non-detached signatures may give a positive result but when extracting the signed data, this data may be prepended or appended with extra data not covered by the signature. Thus it is possible for an attacker to take any signed message and inject extra arbitrary data. Detached signatures (a separate signature file) are not affected. All versions of gnupg prior to 1.4.2.2 are affected. Scripts and applications using gpg to verify the integrity of data are affected. This includes applications using the GPGME library[2]. The GnuPG version 1.9.x is not affected unless the currently deprecated gpg part has been enabled. Solution: ========= Update GnuPG as soon as possible to version 1.4.2.2. There are no fixes for older versions available. If you can't get an update from your vendor, please follow the instructions found at http://www.gnupg.org/download/ or read on: GnuPG 1.4.2.2 may be downloaded from one of the GnuPG mirror sites or direct from ftp://ftp.gnupg.org/gcrypt/ . The list of mirrors can be found at http://www.gnupg.org/mirrors.html . Note, that GnuPG is not available at ftp.gnu.org. On the mirrors you should find the following files in the *gnupg* directory: gnupg-1.4.2.2.tar.bz2 (2.8M) gnupg-1.4.2.2.tar.bz2.sig GnuPG source compressed using BZIP2 and OpenPGP signature. gnupg-1.4.2.2.tar.gz (4.0M) gnupg-1.4.2.2.tar.gz.sig GnuPG source compressed using GZIP and OpenPGP signature. gnupg-1.4.2.1-1.4.2.2.diff.bz2 (101k) A patch file to upgrade a 1.4.2.1 GnuPG source. Select one of them. To shorten the download time, you probably want to get the BZIP2 compressed file. Please try another mirror if exceptional your mirror is not yet up to date. In the *binary* directory, you should find these files: gnupg-w32cli-1.4.2.2.exe (1.4M) gnupg-w32cli-1.4.2.2.exe.sig GnuPG compiled for Microsoft Windows and OpenPGP signature. Note that this is a command line version and now comes with a graphical installer tool. The source files are the same as given above. Note, that a new version of the Gpg4Win package[3], including a fixed version of GnuPG has also been released today. In order to check that the version of GnuPG which you are going to install is an original and unmodified one, you can do it in one of the following ways: * If you already have a trusted version of GnuPG installed, you can simply check the supplied signature. Due to the fact that detached signatures are used, the problem described here does not affect this verification. For example to check the signature of the file gnupg-1.4.2.2.tar.bz2 you would use this command: gpg --verify gnupg-1.4.2.2.tar.bz2.sig This checks whether the signature file matches the source file. You should see a message indicating that the signature is good and made by that signing key. Make sure that you have the right key, either by checking the fingerprint of that key with other sources or by checking that the key has been signed by a trustworthy other key. Note, that you can retrieve the signing key using "finger wk 'at' g10code.com" or "finger dd9jn 'at' gnu.org" or using the keyservers. From time to time I prolong the expiration date; thus you might need a fresh copy of that key. Never use a GnuPG version you just downloaded to check the integrity of the source - use an existing GnuPG installation! Watch out for a "Good signature" messages. * If you are not able to use an old version of GnuPG, you have to verify the SHA-1 checksum. Assuming you downloaded the file gnupg-1.4.2.1.tar.bz2, you would run the sha1sum command like this: sha1sum gnupg-1.4.2.2.tar.bz2 and check that the output matches the first line from the following list: f5559ddb004e0638f6bd9efe2bac00134c5065ba gnupg-1.4.2.2.tar.bz2 959540c1c6158e09d668ceee055bf366dc26d0bd gnupg-1.4.2.2.tar.gz 880b3e937f232b1ca366bda37c4a959aacbd84f3 gnupg-1.4.2.1-1.4.2.2.diff.bz2 95dd7fd4c49423b86704acfc396ce5a53c8b19e7 gnupg-w32cli-1.4.2.2.exe Background: =========== OpenPGP messages are made up of packets. The signed data is a packet, the actual signature is a packet and there are several control packets as well. For example: O + D + S This describes a standard signed message made made up of a control packet (O for one-pass signature packet), the actual signed data (D) and the actual signature packet (S). gpg checks that the signature S is valid over the data D. This is actually easy if not OpenPGP and GnuPG would have a long tradition of changing the fromats. PGP 2 versions used a different way of composing these packets: S + D and early versions of gpg, released before RFC2440, even created D + S i.e. without the one-pass packet. Still this would all be easy to process properly but in an ill-advised attempt to make things easier, gpg allowed the processing of multiple signatures per file, like O1 + D1 + S1 + O2 + D2 + S2 where two standard signatures are concatenated. Now when combining this with the other variants of signatures, things get really messy and it is not always possible to assocciate the signature (S) with the signed data (D). gpg checked that this all works but unfortunately these checks are not sufficient enough. The attack is to change a standard message to inject faked data (F). A simple case is this: F + O + D + S gpg now happily skips F for verification and does a proper signature verification of D and if this succeeds, prints a positive result. However when asked to output the actual signed data it will output the concatenation of F + D and thus create the impression that both are covered by the signature. Depending on how gpg is invoked (in a pipeline or using --output) it may even output just F and not at all D. There are several variants of the attack in where to put the faked data. The only correct solution to this problem is to get rid of the feature to check concatenated signatures - this allows for strict checking of valid packet composition. This is what has been done in 1.4.2.2 and in the forthcoming 1.4.3rc2. These versions accept signatures only if they are composed of O + D + S S + D Cleartext signatures are of course also supported, they are similiar to the O+D+S case. The actual checking for valid signature packet composition is done at g10/mainproc.c, at the top of check_sig_and_print(). Thanks ====== Tavis Ormandy again poked on gpg and found this vulnerability. The new version has been released yesterday and should by now be available on all mirrors. [1] http://lists.gnupg.org/mailman/listinfo/gnupg-devel [2] http://www.gnupg.org/related_software/gpgme [3] http://www.gpg4win.org -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org Join the Fellowship and protect your Freedom! http://www.fsfe.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 199 bytes Desc: not available Url : /pipermail/attachments/20060309/06a8db4e/attachment-0001.pgp From wk at gnupg.org Thu Mar 9 19:53:40 2006 From: wk at gnupg.org (Werner Koch) Date: Tue Mar 14 03:13:29 2006 Subject: [Announce] GnuPG does not detect injection of unsigned data Message-ID: <87d5gvh2kr.fsf@wheatstone.g10code.de> GnuPG does not detect injection of unsigned data ================================================ (released 2006-03-09, CVE-2006-0049) Summary ======= In the aftermath of the false positive signature verfication bug (announced 2006-02-15) more thorough testing of the fix has been done and another vulnerability has been detected. This new problem affects the use of *gpg* for verification of signatures which are _not_ detached signatures. The problem also affects verification of signatures embedded in encrypted messages; i.e. standard use of gpg for mails. To solve this problem, an update of the current stable version has been released (see below). Please do not respond to this message. The mailing list gnupg-devel is the best place to discuss this problem (please subscribe first so you don't need moderator approval [1]). Impact: ======= Signature verification of non-detached signatures may give a positive result but when extracting the signed data, this data may be prepended or appended with extra data not covered by the signature. Thus it is possible for an attacker to take any signed message and inject extra arbitrary data. Detached signatures (a separate signature file) are not affected. All versions of gnupg prior to 1.4.2.2 are affected. Scripts and applications using gpg to verify the integrity of data are affected. This includes applications using the GPGME library[2]. The GnuPG version 1.9.x is not affected unless the currently deprecated gpg part has been enabled. Solution: ========= Update GnuPG as soon as possible to version 1.4.2.2. There are no fixes for older versions available. If you can't get an update from your vendor, please follow the instructions found at http://www.gnupg.org/download/ or read on: GnuPG 1.4.2.2 may be downloaded from one of the GnuPG mirror sites or direct from ftp://ftp.gnupg.org/gcrypt/ . The list of mirrors can be found at http://www.gnupg.org/mirrors.html . Note, that GnuPG is not available at ftp.gnu.org. On the mirrors you should find the following files in the *gnupg* directory: gnupg-1.4.2.2.tar.bz2 (2.8M) gnupg-1.4.2.2.tar.bz2.sig GnuPG source compressed using BZIP2 and OpenPGP signature. gnupg-1.4.2.2.tar.gz (4.0M) gnupg-1.4.2.2.tar.gz.sig GnuPG source compressed using GZIP and OpenPGP signature. gnupg-1.4.2.1-1.4.2.2.diff.bz2 (101k) A patch file to upgrade a 1.4.2.1 GnuPG source. Select one of them. To shorten the download time, you probably want to get the BZIP2 compressed file. Please try another mirror if exceptional your mirror is not yet up to date. In the *binary* directory, you should find these files: gnupg-w32cli-1.4.2.2.exe (1.4M) gnupg-w32cli-1.4.2.2.exe.sig GnuPG compiled for Microsoft Windows and OpenPGP signature. Note that this is a command line version and now comes with a graphical installer tool. The source files are the same as given above. Note, that a new version of the Gpg4Win package[3], including a fixed version of GnuPG has also been released today. In order to check that the version of GnuPG which you are going to install is an original and unmodified one, you can do it in one of the following ways: * If you already have a trusted version of GnuPG installed, you can simply check the supplied signature. Due to the fact that detached signatures are used, the problem described here does not affect this verification. For example to check the signature of the file gnupg-1.4.2.2.tar.bz2 you would use this command: gpg --verify gnupg-1.4.2.2.tar.bz2.sig This checks whether the signature file matches the source file. You should see a message indicating that the signature is good and made by that signing key. Make sure that you have the right key, either by checking the fingerprint of that key with other sources or by checking that the key has been signed by a trustworthy other key. Note, that you can retrieve the signing key using "finger wk 'at' g10code.com" or "finger dd9jn 'at' gnu.org" or using the keyservers. From time to time I prolong the expiration date; thus you might need a fresh copy of that key. Never use a GnuPG version you just downloaded to check the integrity of the source - use an existing GnuPG installation! Watch out for a "Good signature" messages. * If you are not able to use an old version of GnuPG, you have to verify the SHA-1 checksum. Assuming you downloaded the file gnupg-1.4.2.1.tar.bz2, you would run the sha1sum command like this: sha1sum gnupg-1.4.2.2.tar.bz2 and check that the output matches the first line from the following list: f5559ddb004e0638f6bd9efe2bac00134c5065ba gnupg-1.4.2.2.tar.bz2 959540c1c6158e09d668ceee055bf366dc26d0bd gnupg-1.4.2.2.tar.gz 880b3e937f232b1ca366bda37c4a959aacbd84f3 gnupg-1.4.2.1-1.4.2.2.diff.bz2 95dd7fd4c49423b86704acfc396ce5a53c8b19e7 gnupg-w32cli-1.4.2.2.exe Background: =========== OpenPGP messages are made up of packets. The signed data is a packet, the actual signature is a packet and there are several control packets as well. For example: O + D + S This describes a standard signed message made made up of a control packet (O for one-pass signature packet), the actual signed data (D) and the actual signature packet (S). gpg checks that the signature S is valid over the data D. This is actually easy if not OpenPGP and GnuPG would have a long tradition of changing the fromats. PGP 2 versions used a different way of composing these packets: S + D and early versions of gpg, released before RFC2440, even created D + S i.e. without the one-pass packet. Still this would all be easy to process properly but in an ill-advised attempt to make things easier, gpg allowed the processing of multiple signatures per file, like O1 + D1 + S1 + O2 + D2 + S2 where two standard signatures are concatenated. Now when combining this with the other variants of signatures, things get really messy and it is not always possible to assocciate the signature (S) with the signed data (D). gpg checked that this all works but unfortunately these checks are not sufficient enough. The attack is to change a standard message to inject faked data (F). A simple case is this: F + O + D + S gpg now happily skips F for verification and does a proper signature verification of D and if this succeeds, prints a positive result. However when asked to output the actual signed data it will output the concatenation of F + D and thus create the impression that both are covered by the signature. Depending on how gpg is invoked (in a pipeline or using --output) it may even output just F and not at all D. There are several variants of the attack in where to put the faked data. The only correct solution to this problem is to get rid of the feature to check concatenated signatures - this allows for strict checking of valid packet composition. This is what has been done in 1.4.2.2 and in the forthcoming 1.4.3rc2. These versions accept signatures only if they are composed of O + D + S S + D Cleartext signatures are of course also supported, they are similiar to the O+D+S case. The actual checking for valid signature packet composition is done at g10/mainproc.c, at the top of check_sig_and_print(). Thanks ====== Tavis Ormandy again poked on gpg and found this vulnerability. The new version has been released yesterday and should by now be available on all mirrors. [1] http://lists.gnupg.org/mailman/listinfo/gnupg-devel [2] http://www.gnupg.org/related_software/gpgme [3] http://www.gpg4win.org -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org Join the Fellowship and protect your Freedom! http://www.fsfe.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 199 bytes Desc: not available Url : /pipermail/attachments/20060309/06a8db4e/attachment-0005.pgp From albrecht.dress at arcor.de Sun Mar 5 20:20:20 2006 From: albrecht.dress at arcor.de (=?iso-8859-1?q?Albrecht_Dre=DF?=) Date: Tue Mar 14 14:06:39 2006 Subject: [Announce] GPGME 1.1.2 released In-Reply-To: <8764mvhnc9.wl%marcus.brinkmann@ruhr-uni-bochum.de> (from marcus.brinkmann@ruhr-uni-bochum.de on Fri Mar 3 10:47:02 2006) References: <8764mvhnc9.wl%marcus.brinkmann@ruhr-uni-bochum.de> Message-ID: <1141586420l.4770l.5l@antares.localdomain> Skipped content of type multipart/mixed-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20060305/8ad6d06c/attachment.pgp From marcus.brinkmann at ruhr-uni-bochum.de Tue Mar 14 14:00:34 2006 From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: Tue Mar 14 14:06:50 2006 Subject: [Announce] libgpg-error 1.3 released Message-ID: <87hd616v0t.wl%marcus.brinkmann@ruhr-uni-bochum.de> Hi, We are pleased to announce version 1.3 of libgpg-error, a library for common error values and messages in GnuPG components. This is a shared library so it can be updated independently of each individual component, while still allowing the use of new error values in inter-process communication. It may be found in the file (about 561 KB/441 KB compressed) ftp://ftp.gnupg.org/gcrypt/libgpg-error/libgpg-error-1.3.tar.gz ftp://ftp.gnupg.org/gcrypt/libgpg-error/libgpg-error-1.3.tar.bz2 The following files are also available: ftp://ftp.gnupg.org/gcrypt/libgpg-error/libgpg-error-1.3.tar.gz.sig ftp://ftp.gnupg.org/gcrypt/libgpg-error/libgpg-error-1.3.tar.bz2.sig ftp://ftp.gnupg.org/gcrypt/libgpg-error/libgpg-error-1.2-1.3.diff.gz It should soon appear on the mirrors listed at: http://www.gnupg.org/mirrors.html Bug reports and requests for assistance should be sent to: gnupg-devel@gnupg.org The sha1sum checksums for this distibution are 8f354d70a54ec2d9f8d24b43237c08165ed19478 libgpg-error-1.2-1.3.diff.gz 10bd8d8503b674e114ecc6620324d5d1c8c918b7 libgpg-error-1.3.tar.bz2 2b46aed8b21703bcbbdc85b696b37b0d528046fb libgpg-error-1.3.tar.bz2.sig 6c7425b3634af05a0314287fff7ba13010c4c26a libgpg-error-1.3.tar.gz 4c3ab083706a21a30ffd2bd06989ecd3d9b6db17 libgpg-error-1.3.tar.gz.sig Noteworthy changes in version 1.3 (2006-03-14) ---------------------------------------------- * GNU gettext is included for systems that do not provide it. Marcus Brinkmann mb@g10code.de From wk at gnupg.org Tue Mar 21 20:17:34 2006 From: wk at gnupg.org (Werner Koch) Date: Tue Mar 21 20:22:00 2006 Subject: [Announce] GPA 0.7.3 released Message-ID: <87wten1ub5.fsf@wheatstone.g10code.de> Hello, We are pleased to announce the release of GPA 0.7.3. GPA is a graphical frontend for the GNU Privacy Guard (GnuPG, http://www.gnupg.org). GPA can be used to encrypt, decrypt, and sign files, to verify signatures and to manage the private and public keys. This is a development release. Please be careful when using it on production keys. You can find the release here: http://wald.intevation.org/frs/download.php/151/gpa-0.7.3.tar.bz2 (530k) http://wald.intevation.org/frs/download.php/152/gpa-0.7.3.tar.bz2.sig Or as patch file against the previous release: http://wald.intevation.org/frs/download.php/153/gpa-0.7.2-0.7.3.diff.bz2 (21k) The files are also available on ftp.gnupg.org and its mirrors in the directory gcrypt/alpha/gpa/. The SHA1 checksums for this release are: 829871ad5c4c41e12cc4097af0e02e86c66efcab gpa-0.7.3.tar.bz2 a0bdb9ed9dff4765d23636232b48764e7f67e027 gpa-0.7.2-0.7.3.diff.bz2 Noteworthy changes in version 0.7.3 (2006-03-21) ------------------------------------------------ * Minor fixes. No console Windows under W32 anymore. No more garbage in names of new keys. Shalom-Salam, Werner -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org Join the Fellowship and protect your Freedom! http://www.fsfe.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 200 bytes Desc: not available Url : /pipermail/attachments/20060321/e536dfcc/attachment.pgp