From 0f60a371454f8ccd5ea011d758e02839a1c9577a Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Sun, 11 Feb 2018 11:43:05 -0800 Subject: [PATCH] Import pgpverify version 1.30 from INN Support for GnuPG's gpg binary (in addition to gpgv). gpg (from GnuPG 1.x) still validates signatures made with weak digest algorithms like MD5 whereas current versions of gpgv no longer do. Patch from Thomas Hochstein. Use https for the isc.org web site. --- pgpverify | 59 ++++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 41 insertions(+), 18 deletions(-) diff --git a/pgpverify b/pgpverify index 976433d..bffcbc3 100755 --- a/pgpverify +++ b/pgpverify @@ -4,7 +4,7 @@ # # Written April 1996, (David C Lawrence) # Currently maintained by Russ Allbery -# Version 1.29, 2014-04-15 +# Version 1.30, 2018-01-21 # # NOTICE TO INN MAINTAINERS: The version that is shipped with INN is the # same as the version that I make available to the rest of the world @@ -16,6 +16,11 @@ # me about it; I want to know what old versions of Perl are still used in # practice. # +# Changes from 1.29 -> 1.30 +# -- Support for GnuPG's gpg binary (in addition to gpgv). gpg (from +# GnuPG 1.x) still validates signatures made with weak digest +# algorithms like MD5 whereas current versions of gpgv no longer do. +# # Changes from 1.28 -> 1.29 # -- Disambiguate numbered lists from description lists in POD to silent # a pod2man warning. @@ -129,6 +134,14 @@ # -- Checks to ensure that the temporary file is really a file, and # not a link or some other weirdness. +# Path to the GnuPG gpg binary, if you have GnuPG and don't want to use +# gpgv. This will be used in preference to gpgv and PGP. If you have INN +# and the script is able to successfully include your INN::Config module, +# the value of $INN::Config::gpg will override this. On a recent Debian +# variant, use /usr/bin/gpg1 (from the gnupg1 package) if you want to +# support old signatures with MD5 digest algorithms. +# $gpg = '/usr/local/bin/gpg'; + # Path to the GnuPG gpgv binary, if you have GnuPG. If you do, this will # be used in preference to PGP. For most current control messages, you # need a version of GnuPG that can handle RSA signatures. If you have INN @@ -203,7 +216,7 @@ $log_date = -t STDOUT; # Do it if STDOUT is to a terminal. require 5; use strict; -use vars qw($gpgv $pgp $keyring $tmp $tmpdir $lockdir $syslog_method +use vars qw($gpg $gpgv $pgp $keyring $tmp $tmpdir $lockdir $syslog_method $syslog_facility $syslog_level $log_date $findid $test $messageid); use Fcntl qw(O_WRONLY O_CREAT O_EXCL); @@ -225,6 +238,7 @@ GetOptions( $pgp = $INN::Config::pgp if $INN::Config::pgp && $INN::Config::pgp ne "no-pgp-found-during-configure"; $gpgv = $INN::Config::gpgv if $INN::Config::gpgv; +$gpg = $INN::Config::gpg if $INN::Config::gpg; $tmp = ($INN::Config::pathtmp ? $INN::Config::pathtmp : $tmpdir) . "/pgp$$"; $lockdir = $INN::Config::locks if $INN::Config::locks; $syslog_facility = $INN::Config::syslog_facility if $INN::Config::syslog_facility; @@ -236,7 +250,11 @@ if (! $keyring && $INN::Config::newsetc) { $0 =~ s%^.*/%%; # Make sure that the signature verification program can be executed. -if ($gpgv) { +if ($gpg) { + if (! -x $gpg) { + &fail("$0: $gpg: " . (-e _ ? "cannot execute" : "no such file") . "\n"); + } +} elsif ($gpgv) { if (! -x $gpgv) { &fail("$0: $gpgv: " . (-e _ ? "cannot execute" : "no such file") . "\n"); } @@ -259,7 +277,7 @@ if ($test) { # should, and the consequences of a multiprocess conflict is failure to # verify. my $lock; -unless ($gpgv) { +unless ($gpg or $gpgv) { $lock = "$lockdir/LOCK.$0"; until (&shlock($lock) > 0) { sleep(2); @@ -268,7 +286,7 @@ unless ($gpgv) { # Verify the message. my ($ok, $signer) = pgp_verify($signature, $version, $message); -unless ($gpgv) { +unless ($gpg or $gpgv) { unlink ($lock) or &errmsg("$0: unlink $lock: $!\n"); } print "$signer\n" if $signer; @@ -388,8 +406,8 @@ sub pgp_verify { # Ignore SIGPIPE, since we're going to be talking to PGP. local $SIG{PIPE} = 'IGNORE'; - # Set the PGP style based on whether $gpgv is set. - my $pgpstyle = ($gpgv ? 'GPG' : 'PGP2'); + # Set the PGP style based on whether $gpg or $gpgv is set. + my $pgpstyle = ($gpg || $gpgv ? 'GPG' : 'PGP2'); # Because this is a detached signature, we actually need to save both # the signature and the data to files and then run PGP on the signature @@ -439,7 +457,12 @@ sub pgp_verify { # Figure out what command line we'll be using. my @command; if ($pgpstyle eq 'GPG') { - @command = ($gpgv, qw/--quiet --status-fd=1 --logger-fd=1/); + if ($gpg) { + @command = ($gpg, qw/--verify --allow-weak-digest-algos/); + push (@command, qw/--quiet --status-fd=1 --logger-fd=1/); + } else { + @command = ($gpgv, qw/--quiet --status-fd=1 --logger-fd=1/); + } } else { @command = ($pgp, '+batchmode', '+language=en'); } @@ -733,8 +756,8 @@ signatures). If that directory doesn't exist, it will fall back on using the default key ring, which is in a F<.pgp> or F<.gnupg> subdirectory of the running user's home directory. -INN, when using GnuPG, configures B to use B, which by -default expects keys to be in a keyring named F, since it +INN, when using GnuPG, configures B to use B or B, which +by default expects keys to be in a keyring named F, since it doesn't implement trust checking directly. B uses that file if present but falls back to F if it's not found. This bypasses the trust model for checking keys, but is compatible with the way that @@ -801,12 +824,12 @@ A problem occurred not directly related to PGP analysis of signature. =head1 ENVIRONMENT B does not modify or otherwise alter the environment before -invoking the B or B program. It is the responsibility of the -person who installs B to ensure that when B or B -runs, it has the ability to locate and read a PGP key file that contains -the PGP public keys for the appropriate Usenet hierarchy administrators. -B can be pointed to an appropriate key ring by editing -variables at the beginning of this script. +invoking the B, B or B program. It is the responsibility of +the person who installs B to ensure that when B, B or +B runs, it has the ability to locate and read a PGP key file that +contains the PGP public keys for the appropriate Usenet hierarchy +administrators. B can be pointed to an appropriate key ring by +editing variables at the beginning of this script. =head1 NOTES @@ -908,9 +931,9 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. =head1 SEE ALSO -gpgv(1), pgp(1). +gpg(1), gpgv(1), pgp(1). -L is where the most recent versions of +L is where the most recent versions of B and B live, along with PGP public keys used for hierarchy administration.