diff options
author | Alexandre Rostovtsev <tetromino@gentoo.org> | 2012-10-24 07:11:56 +0000 |
---|---|---|
committer | Alexandre Rostovtsev <tetromino@gentoo.org> | 2012-10-24 07:11:56 +0000 |
commit | 0ac233caf801669dfaf70d5261e2ed8158048e84 (patch) | |
tree | 53eda355d0f4d5fc2e744ebb193a67d3645310fd /gnome-base/gnome-keyring/gnome-keyring-3.4.1-r1.ebuild | |
parent | Version bump. (diff) | |
download | historical-0ac233caf801669dfaf70d5261e2ed8158048e84.tar.gz historical-0ac233caf801669dfaf70d5261e2ed8158048e84.tar.bz2 historical-0ac233caf801669dfaf70d5261e2ed8158048e84.zip |
Fix gpg passwords being cached for longer than the user requested (bug #430602, CVE-2012-3466, thanks to Jason A. Donenfeld and Pacho Ramos). Fix 2.32.1-r1's build failure with glib-2.32 and gold. Drop useless doc USE flag: in 2.x and 3.2.x, it only controlled document regeneration; in 3.4.x, it had no effect at all. Update license.
Package-Manager: portage-2.2.0_alpha141/cvs/Linux x86_64
Manifest-Sign-Key: 0xCF0ADD61
Diffstat (limited to 'gnome-base/gnome-keyring/gnome-keyring-3.4.1-r1.ebuild')
-rw-r--r-- | gnome-base/gnome-keyring/gnome-keyring-3.4.1-r1.ebuild | 108 |
1 files changed, 108 insertions, 0 deletions
diff --git a/gnome-base/gnome-keyring/gnome-keyring-3.4.1-r1.ebuild b/gnome-base/gnome-keyring/gnome-keyring-3.4.1-r1.ebuild new file mode 100644 index 000000000000..c493ebe601b6 --- /dev/null +++ b/gnome-base/gnome-keyring/gnome-keyring-3.4.1-r1.ebuild @@ -0,0 +1,108 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/gnome-base/gnome-keyring/gnome-keyring-3.4.1-r1.ebuild,v 1.1 2012/10/24 07:11:50 tetromino Exp $ + +EAPI="4" +GCONF_DEBUG="no" +GNOME2_LA_PUNT="yes" + +inherit gnome2 pam versionator virtualx + +DESCRIPTION="Password and keyring managing daemon" +HOMEPAGE="http://www.gnome.org/" + +LICENSE="GPL-2+ LGPL-2+" +SLOT="0" +IUSE="+caps debug pam selinux" +KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~mips ~ppc ~ppc64 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~sparc-solaris ~x86-solaris" + +RDEPEND=">=app-crypt/gcr-3.3.4 + >=dev-libs/glib-2.28:2 + >=x11-libs/gtk+-3.0:3 + app-misc/ca-certificates + >=dev-libs/libgcrypt-1.2.2 + >=sys-apps/dbus-1.0 + caps? ( sys-libs/libcap-ng ) + pam? ( virtual/pam ) +" +DEPEND="${RDEPEND} + >=dev-util/intltool-0.35 + sys-devel/gettext + virtual/pkgconfig" +PDEPEND=">=gnome-base/libgnome-keyring-3.1.92" +# eautoreconf needs: +# >=dev-util/gtk-doc-am-1.9 +# gtk-doc-am is not needed otherwise (no gtk-docs are installed) + +# FIXME: tests are very flaky and write to /tmp (instead of TMPDIR) +RESTRICT="test" + +src_prepare() { + DOCS="AUTHORS ChangeLog NEWS README" + G2CONF="${G2CONF} + $(use_enable debug) + $(use_with caps libcap-ng) + $(use_enable pam) + $(use_with pam pam-dir $(getpam_mod_dir)) + $(use_enable selinux) + --with-root-certs=${EPREFIX}/etc/ssl/certs/ + --with-ca-certificates=${EPREFIX}/etc/ssl/certs/ca-certificates.crt + --enable-ssh-agent + --enable-gpg-agent" + # Bug #436392, CVE-2012-3466; fixed in 3.6 + epatch "${FILESDIR}/${P}-gpg-cache-method-"{1,2}.patch + gnome2_src_prepare +} + +src_test() { + unset DBUS_SESSION_BUS_ADDRESS + Xemake check +} + +pkg_postinst() { + use caps && fcaps 0:0 755 cap_ipc_lock "${ROOT}"/usr/bin/gnome-keyring-daemon + + gnome2_pkg_postinst +} + +# borrowed from GSoC2010_Gentoo_Capabilities by constanze and Flameeyes +# @FUNCTION: fcaps +# @USAGE: fcaps {uid:gid} {file-mode} {cap1[,cap2,...]} {file} +# @RETURN: 0 if all okay; non-zero if failure and fallback +# @DESCRIPTION: +# fcaps sets the specified capabilities in the effective and permitted set of +# the given file. In case of failure fcaps sets the given file-mode. +# Requires versionator.eclass +fcaps() { + local uid_gid=$1 + local perms=$2 + local capset=$3 + local path=$4 + local res + + chmod $perms $path && \ + chown $uid_gid $path + res=$? + + use caps || return $res + + #set the capability + setcap "$capset=ep" "$path" &> /dev/null + #check if the capability got set correctly + setcap -v "$capset=ep" "$path" &> /dev/null + res=$? + + if [ $res -ne 0 ]; then + ewarn "Failed to set capabilities. Probable reason is missing kernel support." + ewarn "Your kernel must have <FS>_FS_SECURITY enabled (e.g. EXT4_FS_SECURITY)" + ewarn "where <FS> is the filesystem to store ${path}" + if ! version_is_at_least 2.6.33 "$(uname -r)"; then + ewarn "For kernel 2.6.32 or older, you will also need to enable" + ewarn "SECURITY_FILE_CAPABILITIES." + fi + ewarn + ewarn "Falling back to suid now..." + chmod u+s ${path} + fi + return $res +} |