summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlexandre Rostovtsev <tetromino@gentoo.org>2012-10-24 07:11:56 +0000
committerAlexandre Rostovtsev <tetromino@gentoo.org>2012-10-24 07:11:56 +0000
commit0ac233caf801669dfaf70d5261e2ed8158048e84 (patch)
tree53eda355d0f4d5fc2e744ebb193a67d3645310fd /gnome-base/gnome-keyring/gnome-keyring-3.4.1-r1.ebuild
parentVersion bump. (diff)
downloadhistorical-0ac233caf801669dfaf70d5261e2ed8158048e84.tar.gz
historical-0ac233caf801669dfaf70d5261e2ed8158048e84.tar.bz2
historical-0ac233caf801669dfaf70d5261e2ed8158048e84.zip
Fix gpg passwords being cached for longer than the user requested (bug #430602, CVE-2012-3466, thanks to Jason A. Donenfeld and Pacho Ramos). Fix 2.32.1-r1's build failure with glib-2.32 and gold. Drop useless doc USE flag: in 2.x and 3.2.x, it only controlled document regeneration; in 3.4.x, it had no effect at all. Update license.
Package-Manager: portage-2.2.0_alpha141/cvs/Linux x86_64 Manifest-Sign-Key: 0xCF0ADD61
Diffstat (limited to 'gnome-base/gnome-keyring/gnome-keyring-3.4.1-r1.ebuild')
-rw-r--r--gnome-base/gnome-keyring/gnome-keyring-3.4.1-r1.ebuild108
1 files changed, 108 insertions, 0 deletions
diff --git a/gnome-base/gnome-keyring/gnome-keyring-3.4.1-r1.ebuild b/gnome-base/gnome-keyring/gnome-keyring-3.4.1-r1.ebuild
new file mode 100644
index 000000000000..c493ebe601b6
--- /dev/null
+++ b/gnome-base/gnome-keyring/gnome-keyring-3.4.1-r1.ebuild
@@ -0,0 +1,108 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/gnome-base/gnome-keyring/gnome-keyring-3.4.1-r1.ebuild,v 1.1 2012/10/24 07:11:50 tetromino Exp $
+
+EAPI="4"
+GCONF_DEBUG="no"
+GNOME2_LA_PUNT="yes"
+
+inherit gnome2 pam versionator virtualx
+
+DESCRIPTION="Password and keyring managing daemon"
+HOMEPAGE="http://www.gnome.org/"
+
+LICENSE="GPL-2+ LGPL-2+"
+SLOT="0"
+IUSE="+caps debug pam selinux"
+KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~mips ~ppc ~ppc64 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~sparc-solaris ~x86-solaris"
+
+RDEPEND=">=app-crypt/gcr-3.3.4
+ >=dev-libs/glib-2.28:2
+ >=x11-libs/gtk+-3.0:3
+ app-misc/ca-certificates
+ >=dev-libs/libgcrypt-1.2.2
+ >=sys-apps/dbus-1.0
+ caps? ( sys-libs/libcap-ng )
+ pam? ( virtual/pam )
+"
+DEPEND="${RDEPEND}
+ >=dev-util/intltool-0.35
+ sys-devel/gettext
+ virtual/pkgconfig"
+PDEPEND=">=gnome-base/libgnome-keyring-3.1.92"
+# eautoreconf needs:
+# >=dev-util/gtk-doc-am-1.9
+# gtk-doc-am is not needed otherwise (no gtk-docs are installed)
+
+# FIXME: tests are very flaky and write to /tmp (instead of TMPDIR)
+RESTRICT="test"
+
+src_prepare() {
+ DOCS="AUTHORS ChangeLog NEWS README"
+ G2CONF="${G2CONF}
+ $(use_enable debug)
+ $(use_with caps libcap-ng)
+ $(use_enable pam)
+ $(use_with pam pam-dir $(getpam_mod_dir))
+ $(use_enable selinux)
+ --with-root-certs=${EPREFIX}/etc/ssl/certs/
+ --with-ca-certificates=${EPREFIX}/etc/ssl/certs/ca-certificates.crt
+ --enable-ssh-agent
+ --enable-gpg-agent"
+ # Bug #436392, CVE-2012-3466; fixed in 3.6
+ epatch "${FILESDIR}/${P}-gpg-cache-method-"{1,2}.patch
+ gnome2_src_prepare
+}
+
+src_test() {
+ unset DBUS_SESSION_BUS_ADDRESS
+ Xemake check
+}
+
+pkg_postinst() {
+ use caps && fcaps 0:0 755 cap_ipc_lock "${ROOT}"/usr/bin/gnome-keyring-daemon
+
+ gnome2_pkg_postinst
+}
+
+# borrowed from GSoC2010_Gentoo_Capabilities by constanze and Flameeyes
+# @FUNCTION: fcaps
+# @USAGE: fcaps {uid:gid} {file-mode} {cap1[,cap2,...]} {file}
+# @RETURN: 0 if all okay; non-zero if failure and fallback
+# @DESCRIPTION:
+# fcaps sets the specified capabilities in the effective and permitted set of
+# the given file. In case of failure fcaps sets the given file-mode.
+# Requires versionator.eclass
+fcaps() {
+ local uid_gid=$1
+ local perms=$2
+ local capset=$3
+ local path=$4
+ local res
+
+ chmod $perms $path && \
+ chown $uid_gid $path
+ res=$?
+
+ use caps || return $res
+
+ #set the capability
+ setcap "$capset=ep" "$path" &> /dev/null
+ #check if the capability got set correctly
+ setcap -v "$capset=ep" "$path" &> /dev/null
+ res=$?
+
+ if [ $res -ne 0 ]; then
+ ewarn "Failed to set capabilities. Probable reason is missing kernel support."
+ ewarn "Your kernel must have <FS>_FS_SECURITY enabled (e.g. EXT4_FS_SECURITY)"
+ ewarn "where <FS> is the filesystem to store ${path}"
+ if ! version_is_at_least 2.6.33 "$(uname -r)"; then
+ ewarn "For kernel 2.6.32 or older, you will also need to enable"
+ ewarn "SECURITY_FILE_CAPABILITIES."
+ fi
+ ewarn
+ ewarn "Falling back to suid now..."
+ chmod u+s ${path}
+ fi
+ return $res
+}