diff options
author | Alexandre Rostovtsev <tetromino@gentoo.org> | 2012-10-24 07:11:56 +0000 |
---|---|---|
committer | Alexandre Rostovtsev <tetromino@gentoo.org> | 2012-10-24 07:11:56 +0000 |
commit | 0ac233caf801669dfaf70d5261e2ed8158048e84 (patch) | |
tree | 53eda355d0f4d5fc2e744ebb193a67d3645310fd /gnome-base | |
parent | Version bump. (diff) | |
download | historical-0ac233caf801669dfaf70d5261e2ed8158048e84.tar.gz historical-0ac233caf801669dfaf70d5261e2ed8158048e84.tar.bz2 historical-0ac233caf801669dfaf70d5261e2ed8158048e84.zip |
Fix gpg passwords being cached for longer than the user requested (bug #430602, CVE-2012-3466, thanks to Jason A. Donenfeld and Pacho Ramos). Fix 2.32.1-r1's build failure with glib-2.32 and gold. Drop useless doc USE flag: in 2.x and 3.2.x, it only controlled document regeneration; in 3.4.x, it had no effect at all. Update license.
Package-Manager: portage-2.2.0_alpha141/cvs/Linux x86_64
Manifest-Sign-Key: 0xCF0ADD61
Diffstat (limited to 'gnome-base')
10 files changed, 353 insertions, 52 deletions
diff --git a/gnome-base/gnome-keyring/ChangeLog b/gnome-base/gnome-keyring/ChangeLog index 709c35b1fa45..b37b239cc642 100644 --- a/gnome-base/gnome-keyring/ChangeLog +++ b/gnome-base/gnome-keyring/ChangeLog @@ -1,6 +1,20 @@ # ChangeLog for gnome-base/gnome-keyring # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/gnome-base/gnome-keyring/ChangeLog,v 1.224 2012/05/21 18:53:30 tetromino Exp $ +# $Header: /var/cvsroot/gentoo-x86/gnome-base/gnome-keyring/ChangeLog,v 1.225 2012/10/24 07:11:50 tetromino Exp $ + +*gnome-keyring-3.4.1-r1 (24 Oct 2012) + + 24 Oct 2012; Alexandre Rostovtsev <tetromino@gentoo.org> + gnome-keyring-2.32.1.ebuild, gnome-keyring-2.32.1-r1.ebuild, + +files/gnome-keyring-2.32.1-glib-2.32.patch, gnome-keyring-3.2.2.ebuild, + gnome-keyring-3.4.1.ebuild, +gnome-keyring-3.4.1-r1.ebuild, + +files/gnome-keyring-3.4.1-gpg-cache-method-1.patch, + +files/gnome-keyring-3.4.1-gpg-cache-method-2.patch: + Fix gpg passwords being cached for longer than the user requested (bug + #430602, CVE-2012-3466, thanks to Jason A. Donenfeld and Pacho Ramos). Fix + 2.32.1-r1's build failure with glib-2.32 and gold. Drop useless doc USE flag: + in 2.x and 3.2.x, it only controlled document regeneration; in 3.4.x, it had + no effect at all. Update license. 21 May 2012; Alexandre Rostovtsev <tetromino@gentoo.org> gnome-keyring-2.32.1-r1.ebuild, gnome-keyring-3.2.2.ebuild: diff --git a/gnome-base/gnome-keyring/Manifest b/gnome-base/gnome-keyring/Manifest index 53ca16486185..cca451f09ece 100644 --- a/gnome-base/gnome-keyring/Manifest +++ b/gnome-base/gnome-keyring/Manifest @@ -1,25 +1,29 @@ -----BEGIN PGP SIGNED MESSAGE----- -Hash: SHA1 +Hash: SHA256 -AUX gnome-keyring-2.32.1-fix-undefined.patch 783 RMD160 76c20ef4bf5aaa1ed4d7b06a48fb6951729fa375 SHA1 f15c02accedad0890fcbcd98c2125dac582d6296 SHA256 a7b0d99728960af4e81e97941fc1aa9f06e49b7ed06669ab17d72628cd05e408 -AUX gnome-keyring-3.2.2-gold-glib-2.32.patch 1418 RMD160 0a58649d79d562c3913025f608a9814cf15e8085 SHA1 45f7a6c3f6f8946e86cf62189edd6cdbabe1d6e5 SHA256 523a2332dcc1db82f2897bf370c4c82b0e4ef3725ce06799b39554fe5ebe1587 -DIST gnome-keyring-2.32.1.tar.bz2 1619245 RMD160 cb72f171f5918ff26f40feb7bba90dc7e2e120ec SHA1 3d0ecc3e29f426ecfcaa488ea17d3e330fe34eb6 SHA256 31fecec1430a97f59a6159a5a2ea8d6a1b44287f1e9e595b3594df46bf7f18f9 -DIST gnome-keyring-3.2.2.tar.xz 1579860 RMD160 190391c13d2a988801c023c0293bb56953901f3f SHA1 5b4a7868266d11855dea8aa488b730a4eaec3838 SHA256 f4cdc2c492a9b0157d59439310093e611e1f718a16f7ee2391ac03aadacfaaa3 -DIST gnome-keyring-3.4.1.tar.xz 1107820 RMD160 982ed29670b9348cdfc309b0a8977ba1d9ca7afe SHA1 51c70f5c8d9e6776ab711dda8f1eecf676dbd1c9 SHA256 9e90267721198cbe6ebc08f6390d24901d9c0de39b180cd2ad1bbcdd7b30b249 -EBUILD gnome-keyring-2.32.1-r1.ebuild 2055 RMD160 29bcbcc8030cc534fd80b9450621397e3be3dc0f SHA1 e5b9ca127df101f3fa337a7dfc3331b416f96cbf SHA256 6c3e87d2e2395491256e2d5fddc0201fbb18e7cdfb2ca63cf438eafd3f26fb21 -EBUILD gnome-keyring-2.32.1.ebuild 1972 RMD160 2a1f3e5b78c90d68b1726b4042ca04701556955e SHA1 ac52a828fb1466609d0bd07630dc334cf9e4c309 SHA256 e4814e4778de56d491b7f15950b0614e64ef83f3e5298acd9e17de4ff8bc9d44 -EBUILD gnome-keyring-3.2.2.ebuild 3512 RMD160 3e6bfe6cabf0d2b2465ed64840ee4fd851006367 SHA1 a833d37f30a9b7f395a8d28a7fa3ce73b6580ab8 SHA256 024c28f282e4a8a46d0d9b4e6a9b5d5af91a110caf2e99c3776e74c2004cbd60 -EBUILD gnome-keyring-3.4.1.ebuild 2942 RMD160 c0813f9b8f7e9c87b9220aa72a09e69810d6d9ff SHA1 86de7edc54e295cabd9d7f9c1a09dd74853d601f SHA256 7dc06277f92e528556d9489244d9a33f547b52247adb5030c56a0d4aacae7e79 -MISC ChangeLog 32055 RMD160 ecaf13443fd0b5bd506e299a0ecf323f18b7a06a SHA1 dc8a38c0654b529c1e1e2e75d9e68170e1c41e9e SHA256 64f0b7c24264308738eac6f099bb82a4e567ef4eb5383c25eccf01048b813cf5 -MISC metadata.xml 158 RMD160 c0e2bae8e91bb6be8922bac5e4f597302e06587e SHA1 38f78e9790bcd4382b4a49aa226aa6dda1d3a3d7 SHA256 3a7dbca0fdc557de69783e0663e2d76ddab129ea8a19b2d0ef6d3e5d1b947ce1 +AUX gnome-keyring-2.32.1-fix-undefined.patch 783 SHA256 a7b0d99728960af4e81e97941fc1aa9f06e49b7ed06669ab17d72628cd05e408 SHA512 2f60202c4b07c37cc59d19838344ac666371495b9230c8f6b3a3030e58364dbb9a012ee8eeb6d89ed1e8dbb9324340971259a5b75e7666563a402c88735dc916 WHIRLPOOL 7030408d34850a6ac827149b3aaf1dd1f7f80ea7fa9731e4c76b5c95fedfec2bad51797f428685cdc9232fa455f2d78c814d35c06b905b2126d9a7aa8c2661e2 +AUX gnome-keyring-2.32.1-glib-2.32.patch 1355 SHA256 042bf9bc95f8e37bf9733531cc4d38db5c33d382f15152afdd7288ea09145fee SHA512 5745e64d77ec48cb8fe5b76bfc902f97749ee125e0c6db6ee7aed87f996cbae92e3c835792e76e33f49386ac8a9a4ec3613212f6ff5f470d038f2abf737c4aa7 WHIRLPOOL 23c45dd081eebaf9da75d159c71c3addd40e6f15b88c167ae932c6d3e0c261296c5e9222a0ed8cdf47045e9e30dc9f27bf331cb0482b26acfd5d2ac3f0ca611a +AUX gnome-keyring-3.2.2-gold-glib-2.32.patch 1418 SHA256 523a2332dcc1db82f2897bf370c4c82b0e4ef3725ce06799b39554fe5ebe1587 SHA512 67eb80d999258162b871e34f235a1873850d64cbd5e6fdac604b3b402947b01842b40b5a8e9d0e7c893f3671c4a9e53084399ce8bfc06b25517fd6d3cce1b124 WHIRLPOOL 9b5fc1afe242f5612df534d70b3ca441dcc75f6ad01aae5e8dfb1a72800ad2392fad585f6f5ffecb1493bcda91068730e9db7865e221672104d338d0adb4291c +AUX gnome-keyring-3.4.1-gpg-cache-method-1.patch 3222 SHA256 ad95945e404078059222d63decef8528a6e42a61aa01246463cfb272219420cc SHA512 44eefeb144d63ac9b66de13f58a87eb0713e91f73af758e2e7968a9d1f14af3d8137f5fce4abf51aea6eaef96f29219c349fbc8072725aa433ae7a9111756f9f WHIRLPOOL 159c94cef08b8e3d0d230f858e88c3fe75b40b3ff03cd18af3c4f0a771dbde424701abc7bb6610de6dd56127b7bc2b0715cef3d582c7206030739df04ee3a07b +AUX gnome-keyring-3.4.1-gpg-cache-method-2.patch 1009 SHA256 832f4d27df3f8850ccc0e034e12d62e847e7c10deadd77b1e3761a90c6b1bd9b SHA512 610c7051e84bb343083932309758317ad120380041f4a57e6e7e2646677c20126395f0a2cc7f70c842be0175bd851d0253adfb6911c93a9dc0a6a6b86791371e WHIRLPOOL 5f4b413b1fc5bf9b3f0b7c4653876d00eab05f5d7f5d472272d3faaed17a8d2a0ed518b9e77f4b933a2fa69f7e905fcd911674ad36ffb3570ccc4aa2b44cc882 +DIST gnome-keyring-2.32.1.tar.bz2 1619245 SHA256 31fecec1430a97f59a6159a5a2ea8d6a1b44287f1e9e595b3594df46bf7f18f9 SHA512 23b91bc11be2805df228de98513a5f96386a89d6ead6434b7fdf4a3bee86b6601bb994b9de4524f8751c7d7f1ac9462c592bcd9b77c32234fc709148450e382b WHIRLPOOL fa9ed1d79a8af912ca8c4957d6dba30322a0239dd2c9b40f5c6adbfc66147402870a6400ae8bbdb56380c250e095b601ab9689f65ea17c95a76e7e2defe27c7d +DIST gnome-keyring-3.2.2.tar.xz 1579860 SHA256 f4cdc2c492a9b0157d59439310093e611e1f718a16f7ee2391ac03aadacfaaa3 SHA512 61ca66046183d3c4b9eb3209ffc51653cc6be209b9cff716c815e1ba5d8fdf7b187005a1f13e0b73662a28a5b51569fe96f9037887a01f4d5080d1fac581d806 WHIRLPOOL a90507204089587813f262aa3c4507ed701d335d55bbd7dffea954d31bb398f6b08212360cfdb5df2aab29deb4f26cf512edd830b0059c79f8abc9e4362f293c +DIST gnome-keyring-3.4.1.tar.xz 1107820 SHA256 9e90267721198cbe6ebc08f6390d24901d9c0de39b180cd2ad1bbcdd7b30b249 SHA512 3a27a62d1f074fcf4f95de2cbce9ab017aecf63be3f48f9371945b4b0a10a7e1dabe3fe4dc557e9aff8e67e9000769ab895d9c96bcd8187423a418f0dabaeddb WHIRLPOOL 8901777f34f05522a7f805b0369de8ed7366baf3aec9bfc1e5ca651f1b25e0b8e5f21eb5c2a469d7904a11f386b259713b4e40e442ae9c71c3d0559774a0a061 +EBUILD gnome-keyring-2.32.1-r1.ebuild 2053 SHA256 5dceeb6c7638158375148d1af8c99942a0f02b31349faea830173cacd781d06d SHA512 3c494f0c02be112195eb45febd32f7fd4736711f743402b37bf246f4be6cae064bfbf77a736dc3b343224d9315a31660ac843eedda0d1cc6b026f91e7c5ffd83 WHIRLPOOL 798361310b5b89342da1208ad506422a96446d1b23aea9a7bfc809cba81537923dd5f5fd8312c031eea6860c6aeaa069f669fbfe8cb790b6832b78da78ac9286 +EBUILD gnome-keyring-2.32.1.ebuild 1918 SHA256 65a75016c17492e81cde13d11fe1771608453abe98013311bb02bd8dbaa46748 SHA512 686dd6cba0e0f6d8f15b777ef7f0e6ae5550ddc5e48e6bec23ece9cc7be9fa53fa62ce28ba949442034efe7de9f87daf45e998ca320771a434a7c581df888c3c WHIRLPOOL 772385502159a906a24d671d260c83d14630b21166fa6cec9339840f45039aa1e227d8819e4d47337eca87589e814486dd018d212f449d75ab8950e225397dd9 +EBUILD gnome-keyring-3.2.2.ebuild 3429 SHA256 83455566bfe5f38e0f02c63d14db3bf5b5f7e553f4f56fd0894282fff376f4ea SHA512 4b4a126384183b0a4e227f20f75899ce401fed9d0990ed0d3d27c4cfa259e924c08368fe9d9d4e6c5749b5eec861b3c58a0c4bf9433dcc34679c5c6a99302196 WHIRLPOOL 2aeb296ee944ee1e5fa7e3598a3669103d8baf10f35d97577efa844f95db7005734ebeecc240a39f2d64b636722e7874f536d940e7dbc80387b40cb377c4bc89 +EBUILD gnome-keyring-3.4.1-r1.ebuild 3070 SHA256 f155b7b08463711719ec5691ac042a751096c7b66d3cc6268edd79e412421af0 SHA512 117c049a64cf2fb17496a96301a7995c466fdbea19fe86f899957f8447d29e69c1b41c32b2be54f7723867ae4af4f9156a80432531763c613784cbadf8fe6570 WHIRLPOOL 58107a194bd2d93b91daeb48aa6fb1c3421d00bc65c3c644b7e20ffec8f8204146cb548d25d4a7a1da63591a04602103fa52503768501a6e334347e493615869 +EBUILD gnome-keyring-3.4.1.ebuild 2943 SHA256 90b7b868a841050cafcb387afaef882cf401b192a7174da394334521fd9f9610 SHA512 5b97dd9f0931bfee1988de7a1b820cd996945a3fb400a47d162aa90e334810dcb18d15c92d4b507451bc95a791632c65a28be23b79743623d6b0960de117f98d WHIRLPOOL c65ca7870f9fba13fc0fc3f5c0d22f460130225e1eea46c341213818a69a5cc0fe56ac7658e1a1af3301072975e12eefa64068dc437e4723ec76b35243ae08d7 +MISC ChangeLog 32809 SHA256 c4ca666bbcd720df9c537ebde5281bcb21ba9b0bb366cdaba691f8c022122263 SHA512 a8b5457d7f0ae623b9e1451f616897b4d5965c65c77b1912b92d3280f0adf1acdb36c929f66e695e0687220b4601639b4de85a00f009adf24d99bdd4d8e09623 WHIRLPOOL 77bef14ea0f55f86ab7b9a2ad1aa43be089fe756b4120ebf986d3e1a2308dfd06169a0ad8166c304e2dd1e9a8f6b2d93467c9aa966138bbb3a19d8e3ebc56c41 +MISC metadata.xml 158 SHA256 3a7dbca0fdc557de69783e0663e2d76ddab129ea8a19b2d0ef6d3e5d1b947ce1 SHA512 7fbfbd2b3ed1b81867d55648509f778fdbe2091af53727b3426a3c7f453ae7e1663a99fdd2101508b8d6c85b3158459c93551b77a6a394f02d7e11cbc8a5ecf4 WHIRLPOOL 4bcd5662974877d42ebc4361b6eb412bfeea2af7144b436ce7ed152327d554afc321c376625ba0bb85a704b70d86e3c4882dff3573047acddd8ffccf655d4f7e -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) -iQEcBAEBAgAGBQJPuo8vAAoJEJ0WA1zPCt1h5MwH/AysuGiQctMzZhtqW/x7eRE6 -JeGuRiR1fH1yJWfgvX8ThD1tOMTTzn4hM+Sw+n1t7wDpDDYSpLqZx4GsWROhGW7b -w4mWygTdFRxAleN+CfXvu3Z4MIZibOhGfPvJoMBZy2Jh0QyLqeOOZtW9a61QKyST -auBvD+KBi2WrE66FeutyQuJAtgt+SJ4fd/aNtTSdLZnZ59chMyAcv7kgsfCUpKJ9 -F49iynQC5NVuOCJ+vgRjfTQ3jCyONnaqtC95AhGB56A1jBD4rnJOk7qJs6Mhv3m5 -Ec7Lyt6IJnlbEISRTIgH3NCF64snHmDcqZxbKRQUym4G3CeWMf22iLBA3SO9k58= -=GzVS +iQEcBAEBCAAGBQJQh5S4AAoJEJ0WA1zPCt1hATsH/0kBup20pxRwb5BLanCI9snY +XWEoARKvDsV87FX2c46jQDaX5HwjFh50kpZ+owRkkOd/u3hN86JingOU66Z8unUu +5y+rmiQQdLwHxI4YfLfh3jfp8ch1CCI2jBDmxiBv25iOACSBMhTJMLXXozfMHyAA +FF8GcmiQJ/V4izQe2HZT5/c2GiYMe4mSBJcSOt/2aiZmZ87btx9sYWbI4Rj9X3ME +UaZuO+HEn/nCwGrApzvaOjNh3n+ETutwGFS7vOuKIihw8GMfOYEwBFEDc3x2D8f9 +YX8SuB8otEaS2DtV4STs2vpmrhO0DvngXIVvNFy6ZdbSX4Hk2zpSfoM/F5RZo5I= +=c7/k -----END PGP SIGNATURE----- diff --git a/gnome-base/gnome-keyring/files/gnome-keyring-2.32.1-glib-2.32.patch b/gnome-base/gnome-keyring/files/gnome-keyring-2.32.1-glib-2.32.patch new file mode 100644 index 000000000000..ab63d5fa3d3a --- /dev/null +++ b/gnome-base/gnome-keyring/files/gnome-keyring-2.32.1-glib-2.32.patch @@ -0,0 +1,56 @@ +From 002a073fe2b403ae7d006372e690743b664236d3 Mon Sep 17 00:00:00 2001 +From: Alexandre Rostovtsev <tetromino@gentoo.org> +Date: Wed, 24 Oct 2012 02:52:28 -0400 +Subject: [PATCH] Explicitly link to gmodule + +Fixes build failure with glib-2.32 and gold. +--- + configure.in | 4 ++++ + gp11/Makefile.am | 4 +++- + 2 files changed, 7 insertions(+), 1 deletion(-) + +diff --git a/configure.in b/configure.in +index f781384..cdf9a2e 100644 +--- a/configure.in ++++ b/configure.in +@@ -70,6 +70,10 @@ PKG_CHECK_MODULES(GLIB, glib-2.0 >= 2.16.0) + AC_SUBST(GLIB_CFLAGS) + AC_SUBST(GLIB_LIBS) + ++PKG_CHECK_MODULES(GMODULE, gmodule-no-export-2.0) ++AC_SUBST(GMODULE_CFLAGS) ++AC_SUBST(GMODULE_LIBS) ++ + PKG_CHECK_MODULES(GTHREAD, gthread-2.0 >= 2.8.0) + AC_SUBST(GTHREAD_CFLAGS) + AC_SUBST(GTHREAD_LIBS) +diff --git a/gp11/Makefile.am b/gp11/Makefile.am +index 18942bd..5a90404 100644 +--- a/gp11/Makefile.am ++++ b/gp11/Makefile.am +@@ -8,6 +8,7 @@ INCLUDES = \ + -I$(top_srcdir) \ + $(GOBJECT_CFLAGS) \ + $(GTHREAD_CFLAGS) \ ++ $(GMODULE_CFLAGS) \ + $(GLIB_CFLAGS) + + BUILT_SOURCES = \ +@@ -34,6 +35,7 @@ libgp11_la_LIBADD = \ + $(GOBJECT_LIBS) \ + $(GTHREAD_LIBS) \ + $(GIO_LIBS) \ ++ $(GMODULE_LIBS) \ + $(GLIB_LIBS) + + gp11-marshal.h: gp11-marshal.list $(GLIB_GENMARSHAL) +@@ -64,4 +66,4 @@ endif + + SUBDIRS = . \ + $(TESTS_DIR) +- +\ No newline at end of file ++ +-- +1.7.12.4 + diff --git a/gnome-base/gnome-keyring/files/gnome-keyring-3.4.1-gpg-cache-method-1.patch b/gnome-base/gnome-keyring/files/gnome-keyring-3.4.1-gpg-cache-method-1.patch new file mode 100644 index 000000000000..330d25bf0508 --- /dev/null +++ b/gnome-base/gnome-keyring/files/gnome-keyring-3.4.1-gpg-cache-method-1.patch @@ -0,0 +1,99 @@ +From 51606f299e5ee9d48096db0a5957efe26cbf7cc3 Mon Sep 17 00:00:00 2001 +From: Stef Walter <stefw@gnome.org> +Date: Wed, 8 Aug 2012 06:06:58 +0200 +Subject: [PATCH] gpg-agent: Hook up the TTL cache option + + * So that when the gsettings gpg-cache-method is 'idle' or 'timeout' + we use gpg-cache-ttl to control how long the passphrase is cached + for. + * This is a regression from 3.3.x + +https://bugzilla.gnome.org/show_bug.cgi?id=681081 +--- + daemon/gpg-agent/gkd-gpg-agent-ops.c | 40 ++++++++++++++++++++++-------------- + 1 file changed, 25 insertions(+), 15 deletions(-) + +diff --git a/daemon/gpg-agent/gkd-gpg-agent-ops.c b/daemon/gpg-agent/gkd-gpg-agent-ops.c +index a0e8731..c8414fe 100644 +--- a/daemon/gpg-agent/gkd-gpg-agent-ops.c ++++ b/daemon/gpg-agent/gkd-gpg-agent-ops.c +@@ -322,17 +322,6 @@ load_unlock_options (GcrPrompt *prompt) + g_free (method); + } + +-static void +-save_unlock_options (GcrPrompt *prompt) +-{ +- GSettings *settings; +- +- settings = gkd_gpg_agent_settings (); +- +- if (gcr_prompt_get_choice_chosen (prompt)) +- g_settings_set_string (settings, "gpg-cache-method", GCR_UNLOCK_OPTION_ALWAYS); +-} +- + static GcrPrompt * + open_password_prompt (GckSession *session, + const gchar *keyid, +@@ -405,11 +394,14 @@ do_get_password (GckSession *session, const gchar *keyid, const gchar *errmsg, + const gchar *prompt_text, const gchar *description, gboolean confirm) + { + GckBuilder builder = GCK_BUILDER_INIT; ++ GSettings *settings; + GckAttributes *attrs; + gchar *password = NULL; + GcrPrompt *prompt; + gboolean chosen; + GError *error = NULL; ++ gint lifetime; ++ gchar *method; + + g_assert (GCK_IS_SESSION (session)); + +@@ -430,21 +422,39 @@ do_get_password (GckSession *session, const gchar *keyid, const gchar *errmsg, + } + + if (password != NULL && keyid != NULL) { ++ settings = gkd_gpg_agent_settings (); + + /* Load up the save options */ + chosen = gcr_prompt_get_choice_chosen (prompt); + +- if (chosen) ++ if (chosen) { ++ g_settings_set_string (settings, "gpg-cache-method", GCR_UNLOCK_OPTION_ALWAYS); + gck_builder_add_string (&builder, CKA_G_COLLECTION, "login"); +- else ++ ++ } else { ++ method = g_settings_get_string (settings, "gpg-cache-method"); ++ lifetime = g_settings_get_int (settings, "gpg-cache-ttl"); ++ ++ if (g_strcmp0 (method, GCR_UNLOCK_OPTION_IDLE) == 0) { ++ gck_builder_add_boolean (&builder, CKA_GNOME_TRANSIENT, TRUE); ++ gck_builder_add_ulong (&builder, CKA_G_DESTRUCT_IDLE, lifetime); ++ ++ } else if (g_strcmp0 (method, GCR_UNLOCK_OPTION_TIMEOUT) == 0) { ++ gck_builder_add_boolean (&builder, CKA_GNOME_TRANSIENT, TRUE); ++ gck_builder_add_ulong (&builder, CKA_G_DESTRUCT_AFTER, lifetime); ++ ++ } else if (g_strcmp0 (method, GCR_UNLOCK_OPTION_SESSION)){ ++ g_message ("Unsupported gpg-cache-method setting: %s", method); ++ } ++ + gck_builder_add_string (&builder, CKA_G_COLLECTION, "session"); ++ g_free (method); ++ } + + /* Now actually save the password */ + attrs = gck_attributes_ref_sink (gck_builder_end (&builder)); + do_save_password (session, keyid, description, password, attrs); + gck_attributes_unref (attrs); +- +- save_unlock_options (prompt); + } + + g_clear_object (&prompt); +-- +1.7.12.4 + diff --git a/gnome-base/gnome-keyring/files/gnome-keyring-3.4.1-gpg-cache-method-2.patch b/gnome-base/gnome-keyring/files/gnome-keyring-3.4.1-gpg-cache-method-2.patch new file mode 100644 index 000000000000..e38f45d320c1 --- /dev/null +++ b/gnome-base/gnome-keyring/files/gnome-keyring-3.4.1-gpg-cache-method-2.patch @@ -0,0 +1,27 @@ +From 5dff623470b859e332dbe12afb0dc57b292832d2 Mon Sep 17 00:00:00 2001 +From: Stef Walter <stefw@gnome.org> +Date: Wed, 8 Aug 2012 15:08:22 +0200 +Subject: [PATCH] secret-store: Mark a secret item as 'used' when accessed + + * This makes the gpg-agent idle feature work correctly + +https://bugzilla.gnome.org/show_bug.cgi?id=681081 +--- + pkcs11/secret-store/gkm-secret-item.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/pkcs11/secret-store/gkm-secret-item.c b/pkcs11/secret-store/gkm-secret-item.c +index d03c4a8..15791a9 100644 +--- a/pkcs11/secret-store/gkm-secret-item.c ++++ b/pkcs11/secret-store/gkm-secret-item.c +@@ -224,6 +224,7 @@ gkm_secret_item_real_get_attribute (GkmObject *base, GkmSession *session, CK_ATT + identifier = gkm_secret_object_get_identifier (GKM_SECRET_OBJECT (self)); + secret = gkm_secret_data_get_raw (sdata, identifier, &n_secret); + rv = gkm_attribute_set_data (attr, secret, n_secret); ++ gkm_object_mark_used (base); + g_object_unref (sdata); + return rv; + +-- +1.7.12.4 + diff --git a/gnome-base/gnome-keyring/gnome-keyring-2.32.1-r1.ebuild b/gnome-base/gnome-keyring/gnome-keyring-2.32.1-r1.ebuild index 2d61180f70fa..94097183738b 100644 --- a/gnome-base/gnome-keyring/gnome-keyring-2.32.1-r1.ebuild +++ b/gnome-base/gnome-keyring/gnome-keyring-2.32.1-r1.ebuild @@ -1,18 +1,18 @@ # Copyright 1999-2012 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/gnome-base/gnome-keyring/gnome-keyring-2.32.1-r1.ebuild,v 1.8 2012/05/21 18:53:30 tetromino Exp $ +# $Header: /var/cvsroot/gentoo-x86/gnome-base/gnome-keyring/gnome-keyring-2.32.1-r1.ebuild,v 1.9 2012/10/24 07:11:50 tetromino Exp $ EAPI="4" GCONF_DEBUG="yes" GNOME2_LA_PUNT="yes" GNOME_TARBALL_SUFFIX="bz2" -inherit eutils gnome2 multilib pam virtualx +inherit autotools eutils gnome2 multilib pam virtualx DESCRIPTION="Password and keyring managing daemon" HOMEPAGE="http://live.gnome.org/GnomeKeyring" -LICENSE="GPL-2 LGPL-2" +LICENSE="GPL-2+ LGPL-2+" SLOT="0" KEYWORDS="alpha amd64 arm ia64 ~mips ppc ppc64 sh sparc x86 ~x86-fbsd ~amd64-linux ~x86-linux ~sparc-solaris ~x86-solaris" IUSE="debug doc pam test" @@ -27,19 +27,17 @@ RDEPEND=">=dev-libs/glib-2.25:2 >=dev-libs/libtasn1-1" # valgrind? ( dev-util/valgrind )" DEPEND="${RDEPEND} - sys-devel/gettext + >=dev-util/gtk-doc-am-1.9 >=dev-util/intltool-0.35 - virtual/pkgconfig - doc? ( >=dev-util/gtk-doc-1.9 )" + sys-devel/gettext + virtual/pkgconfig" PDEPEND="gnome-base/libgnome-keyring" -# eautoreconf needs: -# >=dev-util/gtk-doc-am-1.9 # tests fail in several ways, they should be fixed in the next cycle (bug #340283), # revisit then. RESTRICT="test" -pkg_setup() { +src_prepare() { DOCS="AUTHORS ChangeLog NEWS README" G2CONF="${G2CONF} $(use_enable debug) @@ -52,9 +50,10 @@ pkg_setup() { --enable-gpg-agent --with-gtk=2.0" # $(use_enable valgrind) -} -src_prepare() { + epatch "${FILESDIR}/${P}-glib-2.32.patch" + eautoreconf + gnome2_src_prepare # Remove silly CFLAGS diff --git a/gnome-base/gnome-keyring/gnome-keyring-2.32.1.ebuild b/gnome-base/gnome-keyring/gnome-keyring-2.32.1.ebuild index 56172f1afdf0..42cba927036a 100644 --- a/gnome-base/gnome-keyring/gnome-keyring-2.32.1.ebuild +++ b/gnome-base/gnome-keyring/gnome-keyring-2.32.1.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2012 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/gnome-base/gnome-keyring/gnome-keyring-2.32.1.ebuild,v 1.15 2012/05/05 05:38:10 jdhore Exp $ +# $Header: /var/cvsroot/gentoo-x86/gnome-base/gnome-keyring/gnome-keyring-2.32.1.ebuild,v 1.16 2012/10/24 07:11:50 tetromino Exp $ EAPI="3" GCONF_DEBUG="yes" @@ -10,10 +10,10 @@ inherit gnome2 multilib pam virtualx DESCRIPTION="Password and keyring managing daemon" HOMEPAGE="http://www.gnome.org/" -LICENSE="GPL-2 LGPL-2" +LICENSE="GPL-2+ LGPL-2+" SLOT="0" KEYWORDS="alpha amd64 arm ia64 ~mips ppc ppc64 sh sparc x86 ~x86-fbsd ~amd64-linux ~x86-linux ~sparc-solaris ~x86-solaris" -IUSE="debug doc pam test" +IUSE="debug pam test" # USE=valgrind is probably not a good idea for the tree RDEPEND=">=dev-libs/glib-2.25:2 @@ -25,13 +25,11 @@ RDEPEND=">=dev-libs/glib-2.25:2 >=dev-libs/libtasn1-1" # valgrind? ( dev-util/valgrind )" DEPEND="${RDEPEND} - sys-devel/gettext + >=dev-util/gtk-doc-am-1.9 >=dev-util/intltool-0.35 - virtual/pkgconfig - doc? ( >=dev-util/gtk-doc-1.9 )" + sys-devel/gettext + virtual/pkgconfig" PDEPEND="gnome-base/libgnome-keyring" -# eautoreconf needs: -# >=dev-util/gtk-doc-am-1.9 DOCS="AUTHORS ChangeLog NEWS README" diff --git a/gnome-base/gnome-keyring/gnome-keyring-3.2.2.ebuild b/gnome-base/gnome-keyring/gnome-keyring-3.2.2.ebuild index d2d169f771e7..dbda83fe8c69 100644 --- a/gnome-base/gnome-keyring/gnome-keyring-3.2.2.ebuild +++ b/gnome-base/gnome-keyring/gnome-keyring-3.2.2.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2012 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/gnome-base/gnome-keyring/gnome-keyring-3.2.2.ebuild,v 1.9 2012/05/21 18:53:30 tetromino Exp $ +# $Header: /var/cvsroot/gentoo-x86/gnome-base/gnome-keyring/gnome-keyring-3.2.2.ebuild,v 1.10 2012/10/24 07:11:50 tetromino Exp $ EAPI="4" GCONF_DEBUG="no" @@ -11,9 +11,9 @@ inherit autotools eutils gnome2 multilib pam versionator virtualx DESCRIPTION="Password and keyring managing daemon" HOMEPAGE="http://www.gnome.org/" -LICENSE="GPL-2 LGPL-2" +LICENSE="GPL-2+ LGPL-2+" SLOT="0" -IUSE="+caps debug doc pam test" +IUSE="+caps debug pam test" KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~mips ~ppc ~ppc64 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~sparc-solaris ~x86-solaris" # USE=valgrind is probably not a good idea for the tree @@ -29,14 +29,11 @@ RDEPEND=">=dev-libs/glib-2.25:2 " # valgrind? ( dev-util/valgrind ) DEPEND="${RDEPEND} - sys-devel/gettext >=dev-util/gtk-doc-am-1.9 >=dev-util/intltool-0.35 - virtual/pkgconfig - doc? ( >=dev-util/gtk-doc-1.9 )" + sys-devel/gettext + virtual/pkgconfig" PDEPEND=">=gnome-base/libgnome-keyring-3.1.92" -# eautoreconf needs: -# >=dev-util/gtk-doc-am-1.9 # FIXME: tests are flaky and write to /tmp (instead of TMPDIR) RESTRICT="test" diff --git a/gnome-base/gnome-keyring/gnome-keyring-3.4.1-r1.ebuild b/gnome-base/gnome-keyring/gnome-keyring-3.4.1-r1.ebuild new file mode 100644 index 000000000000..c493ebe601b6 --- /dev/null +++ b/gnome-base/gnome-keyring/gnome-keyring-3.4.1-r1.ebuild @@ -0,0 +1,108 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/gnome-base/gnome-keyring/gnome-keyring-3.4.1-r1.ebuild,v 1.1 2012/10/24 07:11:50 tetromino Exp $ + +EAPI="4" +GCONF_DEBUG="no" +GNOME2_LA_PUNT="yes" + +inherit gnome2 pam versionator virtualx + +DESCRIPTION="Password and keyring managing daemon" +HOMEPAGE="http://www.gnome.org/" + +LICENSE="GPL-2+ LGPL-2+" +SLOT="0" +IUSE="+caps debug pam selinux" +KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~mips ~ppc ~ppc64 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~sparc-solaris ~x86-solaris" + +RDEPEND=">=app-crypt/gcr-3.3.4 + >=dev-libs/glib-2.28:2 + >=x11-libs/gtk+-3.0:3 + app-misc/ca-certificates + >=dev-libs/libgcrypt-1.2.2 + >=sys-apps/dbus-1.0 + caps? ( sys-libs/libcap-ng ) + pam? ( virtual/pam ) +" +DEPEND="${RDEPEND} + >=dev-util/intltool-0.35 + sys-devel/gettext + virtual/pkgconfig" +PDEPEND=">=gnome-base/libgnome-keyring-3.1.92" +# eautoreconf needs: +# >=dev-util/gtk-doc-am-1.9 +# gtk-doc-am is not needed otherwise (no gtk-docs are installed) + +# FIXME: tests are very flaky and write to /tmp (instead of TMPDIR) +RESTRICT="test" + +src_prepare() { + DOCS="AUTHORS ChangeLog NEWS README" + G2CONF="${G2CONF} + $(use_enable debug) + $(use_with caps libcap-ng) + $(use_enable pam) + $(use_with pam pam-dir $(getpam_mod_dir)) + $(use_enable selinux) + --with-root-certs=${EPREFIX}/etc/ssl/certs/ + --with-ca-certificates=${EPREFIX}/etc/ssl/certs/ca-certificates.crt + --enable-ssh-agent + --enable-gpg-agent" + # Bug #436392, CVE-2012-3466; fixed in 3.6 + epatch "${FILESDIR}/${P}-gpg-cache-method-"{1,2}.patch + gnome2_src_prepare +} + +src_test() { + unset DBUS_SESSION_BUS_ADDRESS + Xemake check +} + +pkg_postinst() { + use caps && fcaps 0:0 755 cap_ipc_lock "${ROOT}"/usr/bin/gnome-keyring-daemon + + gnome2_pkg_postinst +} + +# borrowed from GSoC2010_Gentoo_Capabilities by constanze and Flameeyes +# @FUNCTION: fcaps +# @USAGE: fcaps {uid:gid} {file-mode} {cap1[,cap2,...]} {file} +# @RETURN: 0 if all okay; non-zero if failure and fallback +# @DESCRIPTION: +# fcaps sets the specified capabilities in the effective and permitted set of +# the given file. In case of failure fcaps sets the given file-mode. +# Requires versionator.eclass +fcaps() { + local uid_gid=$1 + local perms=$2 + local capset=$3 + local path=$4 + local res + + chmod $perms $path && \ + chown $uid_gid $path + res=$? + + use caps || return $res + + #set the capability + setcap "$capset=ep" "$path" &> /dev/null + #check if the capability got set correctly + setcap -v "$capset=ep" "$path" &> /dev/null + res=$? + + if [ $res -ne 0 ]; then + ewarn "Failed to set capabilities. Probable reason is missing kernel support." + ewarn "Your kernel must have <FS>_FS_SECURITY enabled (e.g. EXT4_FS_SECURITY)" + ewarn "where <FS> is the filesystem to store ${path}" + if ! version_is_at_least 2.6.33 "$(uname -r)"; then + ewarn "For kernel 2.6.32 or older, you will also need to enable" + ewarn "SECURITY_FILE_CAPABILITIES." + fi + ewarn + ewarn "Falling back to suid now..." + chmod u+s ${path} + fi + return $res +} diff --git a/gnome-base/gnome-keyring/gnome-keyring-3.4.1.ebuild b/gnome-base/gnome-keyring/gnome-keyring-3.4.1.ebuild index cb1d931a8e78..6118758803b3 100644 --- a/gnome-base/gnome-keyring/gnome-keyring-3.4.1.ebuild +++ b/gnome-base/gnome-keyring/gnome-keyring-3.4.1.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2012 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/gnome-base/gnome-keyring/gnome-keyring-3.4.1.ebuild,v 1.1 2012/05/13 18:15:00 tetromino Exp $ +# $Header: /var/cvsroot/gentoo-x86/gnome-base/gnome-keyring/gnome-keyring-3.4.1.ebuild,v 1.2 2012/10/24 07:11:50 tetromino Exp $ EAPI="4" GCONF_DEBUG="no" @@ -13,7 +13,7 @@ HOMEPAGE="http://www.gnome.org/" LICENSE="GPL-2 LGPL-2" SLOT="0" -IUSE="+caps debug doc pam selinux" +IUSE="+caps debug pam selinux" KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~mips ~ppc ~ppc64 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~sparc-solaris ~x86-solaris" RDEPEND=">=app-crypt/gcr-3.3.4 @@ -27,13 +27,12 @@ RDEPEND=">=app-crypt/gcr-3.3.4 " DEPEND="${RDEPEND} sys-devel/gettext - >=dev-util/gtk-doc-am-1.9 >=dev-util/intltool-0.35 - virtual/pkgconfig - doc? ( >=dev-util/gtk-doc-1.9 )" + virtual/pkgconfig" PDEPEND=">=gnome-base/libgnome-keyring-3.1.92" # eautoreconf needs: # >=dev-util/gtk-doc-am-1.9 +# gtk-doc-am is not needed otherwise (no gtk-docs are installed) # FIXME: tests are very flaky and write to /tmp (instead of TMPDIR) RESTRICT="test" |