GnuTLS security update

GnuTLS security update

[Leo Famulari]

[-- Attachment #1: Type: text/plain, Size: 931 bytes --]

There is a GnuTLS security advisory [0] regarding "an issue that affects
validation of certificates using OCSP responses, which can falsely
report a certificate as valid under certain circumstances."

I updated GnuTLS on core-updates to 3.5.4, the latest release of the 3.5
series.

For master, the naive approach of cherry-picking the patch [1] did not
work; the test 'system-prio-file' fails consistently with that change. I
could instead try grafting the updated version.

What do you think? The authors seem to think it's a relatively minor
issue [2], since exploiting it requires an attacker to compromise the
certificate authority.

[0]
http://gnutls.org/security.html#GNUTLS-SA-2016-3
http://lists.gnutls.org/pipermail/gnutls-devel/2016-September/008146.html

[1]
https://gitlab.com/gnutls/gnutls/commit/964632f37dfdfb914ebc5e49db4fa29af35b1de9

[2]
http://lists.gnutls.org/pipermail/gnutls-devel/2016-September/008148.html

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

Re: GnuTLS security update

[Vincent Legoll]

On Sun, Sep 11, 2016 at 5:41 PM, Leo Famulari <leo@famulari.name> wrote:
> There is a GnuTLS security advisory [0] regarding "an issue that affects
> validation of certificates using OCSP responses, which can falsely
> report a certificate as valid under certain circumstances."
>
> I updated GnuTLS on core-updates to 3.5.4, the latest release of the 3.5
> series.
>
> For master, the naive approach of cherry-picking the patch [1] did not
> work; the test 'system-prio-file' fails consistently with that change. I
> could instead try grafting the updated version.
>
> What do you think? The authors seem to think it's a relatively minor
> issue [2], since exploiting it requires an attacker to compromise the
> certificate authority.

Side questions (just for my curiosity's sake):

- What does it cost (manpower, hydra build time, etc...) approximatively
to do a new release ?

- Is it sufficiently automated ?
- Can we help ?

-- 
Vincent Legoll

Re: GnuTLS security update

[Ludovic Courtès]

Vincent Legoll <vincent.legoll@gmail.com> skribis:

> On Sun, Sep 11, 2016 at 5:41 PM, Leo Famulari <leo@famulari.name> wrote:
>> There is a GnuTLS security advisory [0] regarding "an issue that affects
>> validation of certificates using OCSP responses, which can falsely
>> report a certificate as valid under certain circumstances."
>>
>> I updated GnuTLS on core-updates to 3.5.4, the latest release of the 3.5
>> series.
>>
>> For master, the naive approach of cherry-picking the patch [1] did not
>> work; the test 'system-prio-file' fails consistently with that change. I
>> could instead try grafting the updated version.
>>
>> What do you think? The authors seem to think it's a relatively minor
>> issue [2], since exploiting it requires an attacker to compromise the
>> certificate authority.
>
> Side questions (just for my curiosity's sake):
>
> - What does it cost (manpower, hydra build time, etc...) approximatively
> to do a new release ?

Many packages would need to be rebuilt:

--8<---------------cut here---------------start------------->8---
$ guix refresh -l gnutls
Building the following 527 packages would ensure 1169 dependent packages are rebuilt:
[...]
--8<---------------cut here---------------end--------------->8---

> - Is it sufficiently automated ?

Yes:

--8<---------------cut here---------------start------------->8---
$ guix refresh gnutls
/home/ludo/.config/guix/latest/gnu/packages/tls.scm:140:13: gnutls would be upgraded from 3.5.2 to 3.5.4
--8<---------------cut here---------------end--------------->8---

> - Can we help ?

Always!  ;-)

The question is such situations is just how to deploy the fix as fast as
possible, which means avoiding a situation that would lead users to
rebuild or redownload massive amounts of software just to get the
upgrade.  Grafts make it faster.

Ludo’.

Re: GnuTLS security update

[Ludovic Courtès]

Hi,

Leo Famulari <leo@famulari.name> skribis:

> For master, the naive approach of cherry-picking the patch [1] did not
> work; the test 'system-prio-file' fails consistently with that change. I
> could instead try grafting the updated version.

These 3 GnuTLS commits appear to be related to this issue:

--8<---------------cut here---------------start------------->8---
commit 8469db9dbcdd6ec22094a4f095201d80d981b9f0
Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Aug 28 00:55:30 2016 +0200

    tests: added basic operational check of gnutls_ocsp_resp_get_single()

commit 8a0c9bbae25f75e30a913c6f4b29f468940398ca
Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Aug 28 00:40:49 2016 +0200

    gnutls_ocsp_resp_get_single: reorganized function to eliminate memory leaks
    
    Simplified and optimized the function operation, by removing
    unecessary memory allocations, as well as eliminate memory leaks
    on certain error cases.

commit 964632f37dfdfb914ebc5e49db4fa29af35b1de9
Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sat Aug 27 17:00:22 2016 +0200

    ocsp: corrected the comparison of the serial size in OCSP response
    
    Previously the OCSP certificate check wouldn't verify the serial length
    and could succeed in cases it shouldn't.
    
    Reported by Stefan Buehler.
--8<---------------cut here---------------end--------------->8---

If applying these patches on top of our current GnuTLS version (and then
using it as a graft) works, we could do that.

If not, using the later 3.5.x release should be OK (API- and
ABI-compatible).

Ludo’.

Re: GnuTLS security update

[Leo Famulari]

[-- Attachment #1.1: Type: text/plain, Size: 2330 bytes --]

On Sun, Sep 11, 2016 at 10:54:09PM +0200, Ludovic Courtès wrote:
> These 3 GnuTLS commits appear to be related to this issue:

[...]

> If applying these patches on top of our current GnuTLS version (and then
> using it as a graft) works, we could do that.

Unfortunately the test fails in the same way, even with all 3 commits.

> If not, using the later 3.5.x release should be OK (API- and
> ABI-compatible).

The release notes for 3.5.3 and 3.5.4 [0] only mention the addition of
new macros and functions, but no removals or modifications of existing
interfaces.

I've attached a patch that uses a graft to replace gnutls@3.5.2 with
gnutls-3.5.4, which is the latest release.

However, while testing the patch, I noticed something surprising:

$ git show
commit 2f6a667cfe87d13a878e7ca97e3f760771f22ce1
Author: Leo Famulari <leo@famulari.name>
Date:   Sat Sep 10 18:09:20 2016 -0400

    gnu: gnutls: Replace with 3.5.4 [fixes GNUTLS-SA-2016-3].
[...]

$ ./pre-inst-env guix build gnutls            
/gnu/store/4x9r7rkinycxr7xda5a92knm8ikila6p-gnutls-3.5.2-debug
/gnu/store/n93gb4n301rz46k9cm0d12hb26gq5lg5-gnutls-3.5.2-doc
/gnu/store/di3yhn5hy4hzshpazkc6dkb4r67dbhks-gnutls-3.5.2

$ guix build gnutls # This Guix is from `guix pull`, not my Git repo.
/gnu/store/7dy8xca0y8vz94af242cqnq9ddk2nwxn-gnutls-3.5.2-debug
/gnu/store/q27cnlfkf8kc6gjl0cdw5nvq45lfllvx-gnutls-3.5.2-doc
/gnu/store/yrl3c1mxqwcpppyh0sjlwn3sj2w5qj54-gnutls-3.5.2

$ guix gc --references $(./pre-inst-env guix build msmtp) 
/gnu/store/9nifwk709wajpyfwa0jzaa3p6mf10vxs-gcc-4.9.3-lib
/gnu/store/l1s4cw9g58hmcpd2qgbckfl228143qzx-glib-2.48.0
/gnu/store/m9vxvhdj691bq1f85lpflvnhcvrdilih-glibc-2.23
/gnu/store/nwzi32dmlrvqkfy5fplrh9ndnivxv851-libsecret-0.18.5
/gnu/store/ppd0q1mwl6rz51y5bmmwz3x89hc561cw-msmtp-1.6.5
/gnu/store/r60cjgawd6dqz3gfdmw4ihkvbcp27f3a-gsasl-1.8.0
/gnu/store/ykzwykkvr2c80rw4l1qh3mvfdkl7jibi-bash-4.3.42
/gnu/store/yrl3c1mxqwcpppyh0sjlwn3sj2w5qj54-gnutls-3.5.2

The problem is that the msmtp package I have built using this patch does
not refer to the grafted gnutls. I got the same result after building a
fresh Git clone of Guix.

[0]
https://lists.gnupg.org/pipermail/gnutls-devel/2016-August/008126.html
https://lists.gnupg.org/pipermail/gnutls-devel/2016-September/008152.html

[-- Attachment #1.2: 0001-gnu-gnutls-Replace-with-3.5.4-fixes-GNUTLS-SA-2016-3.patch --]
[-- Type: text/plain, Size: 1464 bytes --]

From 2f6a667cfe87d13a878e7ca97e3f760771f22ce1 Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Sat, 10 Sep 2016 18:09:20 -0400
Subject: [PATCH] gnu: gnutls: Replace with 3.5.4 [fixes GNUTLS-SA-2016-3].

* gnu/packages/tls.scm (gnutls)[replacement]: New field.
(gnutls-3.5.4): New variable.
---
 gnu/packages/tls.scm | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 4b04cac..ad9dee0 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -137,6 +137,7 @@ living in the same process.")
 (define-public gnutls
   (package
     (name "gnutls")
+    (replacement gnutls-3.5.4)
     (version "3.5.2")
     (source (origin
              (method url-fetch)
@@ -210,6 +211,20 @@ required structures.")
     (properties '((ftp-server . "ftp.gnutls.org")
                   (ftp-directory . "/gcrypt/gnutls")))))
 
+(define gnutls-3.5.4
+  (package
+    (inherit gnutls)
+    (source
+      (let ((version "3.5.4"))
+        (origin
+          (method url-fetch)
+          (uri (string-append "mirror://gnupg/gnutls/v"
+                              (version-major+minor version)
+                              "/gnutls-" version ".tar.xz"))
+          (sha256
+           (base32
+            "1sx8p7v452s9m854r2c5pvcd1k15a3caiv5h35fhrxz0691h2f2f")))))))
+
 (define-public openssl
   (package
    (name "openssl")
-- 
2.10.0


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

Re: GnuTLS security update

[Leo Famulari]

[-- Attachment #1: Type: text/plain, Size: 353 bytes --]

On Sun, Sep 11, 2016 at 09:53:22PM -0400, Leo Famulari wrote:
> The problem is that the msmtp package I have built using this patch does
> not refer to the grafted gnutls. I got the same result after building a
> fresh Git clone of Guix.

To clarify, I think that the msmtp package is using the wrong gnutls
because of the hash, not the version string.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

Re: GnuTLS security update

[Ludovic Courtès]

Leo Famulari <leo@famulari.name> skribis:

> $ ./pre-inst-env guix build gnutls            
> /gnu/store/4x9r7rkinycxr7xda5a92knm8ikila6p-gnutls-3.5.2-debug
> /gnu/store/n93gb4n301rz46k9cm0d12hb26gq5lg5-gnutls-3.5.2-doc
> /gnu/store/di3yhn5hy4hzshpazkc6dkb4r67dbhks-gnutls-3.5.2
>
> $ guix build gnutls # This Guix is from `guix pull`, not my Git repo.
> /gnu/store/7dy8xca0y8vz94af242cqnq9ddk2nwxn-gnutls-3.5.2-debug
> /gnu/store/q27cnlfkf8kc6gjl0cdw5nvq45lfllvx-gnutls-3.5.2-doc
> /gnu/store/yrl3c1mxqwcpppyh0sjlwn3sj2w5qj54-gnutls-3.5.2
>
> $ guix gc --references $(./pre-inst-env guix build msmtp) 
> /gnu/store/9nifwk709wajpyfwa0jzaa3p6mf10vxs-gcc-4.9.3-lib
> /gnu/store/l1s4cw9g58hmcpd2qgbckfl228143qzx-glib-2.48.0
> /gnu/store/m9vxvhdj691bq1f85lpflvnhcvrdilih-glibc-2.23
> /gnu/store/nwzi32dmlrvqkfy5fplrh9ndnivxv851-libsecret-0.18.5
> /gnu/store/ppd0q1mwl6rz51y5bmmwz3x89hc561cw-msmtp-1.6.5
> /gnu/store/r60cjgawd6dqz3gfdmw4ihkvbcp27f3a-gsasl-1.8.0
> /gnu/store/ykzwykkvr2c80rw4l1qh3mvfdkl7jibi-bash-4.3.42
> /gnu/store/yrl3c1mxqwcpppyh0sjlwn3sj2w5qj54-gnutls-3.5.2
>
> The problem is that the msmtp package I have built using this patch does
> not refer to the grafted gnutls. I got the same result after building a
> fresh Git clone of Guix.

Indeed, there’s a bug.  :-/

With your patch, I get:

--8<---------------cut here---------------start------------->8---
$ git describe
v0.11.0-970-g8d4169a
$ guix gc --references $(./pre-inst-env guix build msmtp)|grep gnutls
/gnu/store/yrl3c1mxqwcpppyh0sjlwn3sj2w5qj54-gnutls-3.5.2
$ ./pre-inst-env guix build gnutls
/gnu/store/4x9r7rkinycxr7xda5a92knm8ikila6p-gnutls-3.5.2-debug
/gnu/store/n93gb4n301rz46k9cm0d12hb26gq5lg5-gnutls-3.5.2-doc
/gnu/store/di3yhn5hy4hzshpazkc6dkb4r67dbhks-gnutls-3.5.2
$ ./pre-inst-env guix build gnutls --no-grafts
/gnu/store/23vx0mdw6q96pakyps2cjjvcjng1mxqx-gnutls-3.5.2-debug
/gnu/store/p0zrk9424l0aljzsqyqx5zgh86x9glmi-gnutls-3.5.2-doc
/gnu/store/1qv5i6rfxjc4d0rg7z6r9dapmf85kzmy-gnutls-3.5.2
$ /gnu/store/yrl3c1mxqwcpppyh0sjlwn3sj2w5qj54-gnutls-3.5.2/bin/gnutls-cli --version
gnutls-cli 3.5.2
Copyright (C) 2000-2016 Free Software Foundation, and others, all rights reserved.
This is free software. It is licensed for use, modification and
redistribution under the terms of the GNU General Public License,
version 3 or later <http://gnu.org/licenses/gpl.html>


Please send bug reports to:  <bugs@gnutls.org>
$ /gnu/store/di3yhn5hy4hzshpazkc6dkb4r67dbhks-gnutls-3.5.2/bin/gnutls-cli --version
gnutls-cli 3.5.4
Copyright (C) 2000-2016 Free Software Foundation, and others, all rights reserved.
This is free software. It is licensed for use, modification and
redistribution under the terms of the GNU General Public License,
version 3 or later <http://gnu.org/licenses/gpl.html>


Please send bug reports to:  <bugs@gnutls.org>
--8<---------------cut here---------------end--------------->8---

msmtp uses a GnuTLS that is different from from both other GnuTLS.

I think the bug has to do with the fact that GnuTLS has a replacement
and at the same time needs to be grafted (the libidn and libgcrypt
grafts apply to GnuTLS).

In the meantime, I suggest that you apply the patch anyway.

Ludo’.

Re: GnuTLS security update

[Leo Famulari]

[-- Attachment #1: Type: text/plain, Size: 598 bytes --]

On Mon, Sep 12, 2016 at 02:56:13PM +0200, Ludovic Courtès wrote:
> msmtp uses a GnuTLS that is different from from both other GnuTLS.

The GnuTLS being used [0] corresponds to the GnuTLS on the master branch
from before I pushed this graft.

> I think the bug has to do with the fact that GnuTLS has a replacement
> and at the same time needs to be grafted (the libidn and libgcrypt
> grafts apply to GnuTLS).
> 
> In the meantime, I suggest that you apply the patch anyway.

Okay, done as 974e2b297104d2de01632df1a56069b383e645f4

[0]
yrl3c1mxqwcpppyh0sjlwn3sj2w5qj54-gnutls-3.5.2

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

Re: bug#24418: GnuTLS security update

[Ludovic Courtès]

[-- Attachment #1: Type: text/plain, Size: 2144 bytes --]

Hello!

ludo@gnu.org (Ludovic Courtès) skribis:

> $ git describe
> v0.11.0-970-g8d4169a
> $ guix gc --references $(./pre-inst-env guix build msmtp)|grep gnutls
> /gnu/store/yrl3c1mxqwcpppyh0sjlwn3sj2w5qj54-gnutls-3.5.2
> $ ./pre-inst-env guix build gnutls
> /gnu/store/4x9r7rkinycxr7xda5a92knm8ikila6p-gnutls-3.5.2-debug
> /gnu/store/n93gb4n301rz46k9cm0d12hb26gq5lg5-gnutls-3.5.2-doc
> /gnu/store/di3yhn5hy4hzshpazkc6dkb4r67dbhks-gnutls-3.5.2
> $ ./pre-inst-env guix build gnutls --no-grafts
> /gnu/store/23vx0mdw6q96pakyps2cjjvcjng1mxqx-gnutls-3.5.2-debug
> /gnu/store/p0zrk9424l0aljzsqyqx5zgh86x9glmi-gnutls-3.5.2-doc
> /gnu/store/1qv5i6rfxjc4d0rg7z6r9dapmf85kzmy-gnutls-3.5.2
> $ /gnu/store/yrl3c1mxqwcpppyh0sjlwn3sj2w5qj54-gnutls-3.5.2/bin/gnutls-cli --version
> gnutls-cli 3.5.2
> Copyright (C) 2000-2016 Free Software Foundation, and others, all rights reserved.
> This is free software. It is licensed for use, modification and
> redistribution under the terms of the GNU General Public License,
> version 3 or later <http://gnu.org/licenses/gpl.html>
>
>
> Please send bug reports to:  <bugs@gnutls.org>
> $ /gnu/store/di3yhn5hy4hzshpazkc6dkb4r67dbhks-gnutls-3.5.2/bin/gnutls-cli --version
> gnutls-cli 3.5.4
> Copyright (C) 2000-2016 Free Software Foundation, and others, all rights reserved.
> This is free software. It is licensed for use, modification and
> redistribution under the terms of the GNU General Public License,
> version 3 or later <http://gnu.org/licenses/gpl.html>

AFAICS this is fixed by these two patches:

b013c33 * grafts: 'graft-derivation' does now introduce grafts that shadow other grafts.
d0025d0 * packages: 'package-grafts' applies grafts on replacement.

Please let know if you notice anything wrong.

For debugging purposes, I found it easier to have the attached patch
applied, so that replacements are easily distinguishable from the
original packages.  You might want to use it too.  :-)

(I didn’t apply it to master because it would lead to merge conflicts in
core-updates, but feel free to apply it if that seems OK to you.)

Thanks,
Ludo’.


[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: Type: text/x-patch, Size: 1767 bytes --]

modified   gnu/packages/gnupg.scm
@@ -138,15 +138,14 @@ generation.")
 (define libgcrypt-1.5.6
   (package
     (inherit libgcrypt-1.5)
-    (source
-     (let ((version "1.5.6"))
-       (origin
-         (method url-fetch)
-         (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
-                             version ".tar.bz2"))
-         (sha256
-          (base32
-           "0ydy7bgra5jbq9mxl5x031nif3m6y3balc6ndw2ngj11wnsjc61h")))))))
+    (version "1.5.6")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
+                                  version ".tar.bz2"))
+              (sha256
+               (base32
+                "0ydy7bgra5jbq9mxl5x031nif3m6y3balc6ndw2ngj11wnsjc61h"))))))
 
 (define-public libassuan
   (package
modified   gnu/packages/tls.scm
@@ -215,16 +215,15 @@ required structures.")
 (define gnutls-3.5.4
   (package
     (inherit gnutls)
-    (source
-      (let ((version "3.5.4"))
-        (origin
-          (method url-fetch)
-          (uri (string-append "mirror://gnupg/gnutls/v"
-                              (version-major+minor version)
-                              "/gnutls-" version ".tar.xz"))
-          (sha256
-           (base32
-            "1sx8p7v452s9m854r2c5pvcd1k15a3caiv5h35fhrxz0691h2f2f")))))))
+    (version "3.5.4")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://gnupg/gnutls/v"
+                                  (version-major+minor version)
+                                  "/gnutls-" version ".tar.xz"))
+              (sha256
+               (base32
+                "1sx8p7v452s9m854r2c5pvcd1k15a3caiv5h35fhrxz0691h2f2f"))))))
 
 (define-public openssl