Fix gpg passwords being cached for longer than the user requested (bug #430602, CVE-2012-3466, thanks to Jason A. Donenfeld and Pacho Ramos). Fix 2.32.1-r1's build failure with glib-2.32 and gold. Drop useless doc USE flag: in 2.x and 3.2.x, it only controlled document regeneration; in 3.4.x, it had no effect at all. Update license.

Package-Manager: portage-2.2.0_alpha141/cvs/Linux x86_64 Manifest-Sign-Key: 0xCF0ADD61
author: Alexandre Rostovtsev <tetromino@gentoo.org> 2012-10-24 07:11:56 +0000
committer: Alexandre Rostovtsev <tetromino@gentoo.org> 2012-10-24 07:11:56 +0000
commit: 0ac233caf801669dfaf70d5261e2ed8158048e84 (patch)
tree: 53eda355d0f4d5fc2e744ebb193a67d3645310fd /gnome-base/gnome-keyring
parent: Version bump. (diff)
download: historical-0ac233caf801669dfaf70d5261e2ed8158048e84.tar.gz
historical-0ac233caf801669dfaf70d5261e2ed8158048e84.tar.bz2
historical-0ac233caf801669dfaf70d5261e2ed8158048e84.zip
10 files changed, 353 insertions, 52 deletions
diff --git a/gnome-base/gnome-keyring/ChangeLog b/gnome-base/gnome-keyring/ChangeLog
index 709c35b1fa45..b37b239cc642 100644
--- a/gnome-base/gnome-keyring/ChangeLog
+++ b/gnome-base/gnome-keyring/ChangeLog
@@ -1,6 +1,20 @@
 # ChangeLog for gnome-base/gnome-keyring
 # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/gnome-base/gnome-keyring/ChangeLog,v 1.224 2012/05/21 18:53:30 tetromino Exp $
+# $Header: /var/cvsroot/gentoo-x86/gnome-base/gnome-keyring/ChangeLog,v 1.225 2012/10/24 07:11:50 tetromino Exp $
+
+*gnome-keyring-3.4.1-r1 (24 Oct 2012)
+
+  24 Oct 2012; Alexandre Rostovtsev <tetromino@gentoo.org>
+  gnome-keyring-2.32.1.ebuild, gnome-keyring-2.32.1-r1.ebuild,
+  +files/gnome-keyring-2.32.1-glib-2.32.patch, gnome-keyring-3.2.2.ebuild,
+  gnome-keyring-3.4.1.ebuild, +gnome-keyring-3.4.1-r1.ebuild,
+  +files/gnome-keyring-3.4.1-gpg-cache-method-1.patch,
+  +files/gnome-keyring-3.4.1-gpg-cache-method-2.patch:
+  Fix gpg passwords being cached for longer than the user requested (bug
+  #430602, CVE-2012-3466, thanks to Jason A. Donenfeld and Pacho Ramos). Fix
+  2.32.1-r1's build failure with glib-2.32 and gold. Drop useless doc USE flag:
+  in 2.x and 3.2.x, it only controlled document regeneration; in 3.4.x, it had
+  no effect at all. Update license.
 
   21 May 2012; Alexandre Rostovtsev <tetromino@gentoo.org>
   gnome-keyring-2.32.1-r1.ebuild, gnome-keyring-3.2.2.ebuild:
diff --git a/gnome-base/gnome-keyring/Manifest b/gnome-base/gnome-keyring/Manifest
index 53ca16486185..cca451f09ece 100644
--- a/gnome-base/gnome-keyring/Manifest
+++ b/gnome-base/gnome-keyring/Manifest
@@ -1,25 +1,29 @@
 -----BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
+Hash: SHA256
 
-AUX gnome-keyring-2.32.1-fix-undefined.patch 783 RMD160 76c20ef4bf5aaa1ed4d7b06a48fb6951729fa375 SHA1 f15c02accedad0890fcbcd98c2125dac582d6296 SHA256 a7b0d99728960af4e81e97941fc1aa9f06e49b7ed06669ab17d72628cd05e408
-AUX gnome-keyring-3.2.2-gold-glib-2.32.patch 1418 RMD160 0a58649d79d562c3913025f608a9814cf15e8085 SHA1 45f7a6c3f6f8946e86cf62189edd6cdbabe1d6e5 SHA256 523a2332dcc1db82f2897bf370c4c82b0e4ef3725ce06799b39554fe5ebe1587
-DIST gnome-keyring-2.32.1.tar.bz2 1619245 RMD160 cb72f171f5918ff26f40feb7bba90dc7e2e120ec SHA1 3d0ecc3e29f426ecfcaa488ea17d3e330fe34eb6 SHA256 31fecec1430a97f59a6159a5a2ea8d6a1b44287f1e9e595b3594df46bf7f18f9
-DIST gnome-keyring-3.2.2.tar.xz 1579860 RMD160 190391c13d2a988801c023c0293bb56953901f3f SHA1 5b4a7868266d11855dea8aa488b730a4eaec3838 SHA256 f4cdc2c492a9b0157d59439310093e611e1f718a16f7ee2391ac03aadacfaaa3
-DIST gnome-keyring-3.4.1.tar.xz 1107820 RMD160 982ed29670b9348cdfc309b0a8977ba1d9ca7afe SHA1 51c70f5c8d9e6776ab711dda8f1eecf676dbd1c9 SHA256 9e90267721198cbe6ebc08f6390d24901d9c0de39b180cd2ad1bbcdd7b30b249
-EBUILD gnome-keyring-2.32.1-r1.ebuild 2055 RMD160 29bcbcc8030cc534fd80b9450621397e3be3dc0f SHA1 e5b9ca127df101f3fa337a7dfc3331b416f96cbf SHA256 6c3e87d2e2395491256e2d5fddc0201fbb18e7cdfb2ca63cf438eafd3f26fb21
-EBUILD gnome-keyring-2.32.1.ebuild 1972 RMD160 2a1f3e5b78c90d68b1726b4042ca04701556955e SHA1 ac52a828fb1466609d0bd07630dc334cf9e4c309 SHA256 e4814e4778de56d491b7f15950b0614e64ef83f3e5298acd9e17de4ff8bc9d44
-EBUILD gnome-keyring-3.2.2.ebuild 3512 RMD160 3e6bfe6cabf0d2b2465ed64840ee4fd851006367 SHA1 a833d37f30a9b7f395a8d28a7fa3ce73b6580ab8 SHA256 024c28f282e4a8a46d0d9b4e6a9b5d5af91a110caf2e99c3776e74c2004cbd60
-EBUILD gnome-keyring-3.4.1.ebuild 2942 RMD160 c0813f9b8f7e9c87b9220aa72a09e69810d6d9ff SHA1 86de7edc54e295cabd9d7f9c1a09dd74853d601f SHA256 7dc06277f92e528556d9489244d9a33f547b52247adb5030c56a0d4aacae7e79
-MISC ChangeLog 32055 RMD160 ecaf13443fd0b5bd506e299a0ecf323f18b7a06a SHA1 dc8a38c0654b529c1e1e2e75d9e68170e1c41e9e SHA256 64f0b7c24264308738eac6f099bb82a4e567ef4eb5383c25eccf01048b813cf5
-MISC metadata.xml 158 RMD160 c0e2bae8e91bb6be8922bac5e4f597302e06587e SHA1 38f78e9790bcd4382b4a49aa226aa6dda1d3a3d7 SHA256 3a7dbca0fdc557de69783e0663e2d76ddab129ea8a19b2d0ef6d3e5d1b947ce1
+AUX gnome-keyring-2.32.1-fix-undefined.patch 783 SHA256 a7b0d99728960af4e81e97941fc1aa9f06e49b7ed06669ab17d72628cd05e408 SHA512 2f60202c4b07c37cc59d19838344ac666371495b9230c8f6b3a3030e58364dbb9a012ee8eeb6d89ed1e8dbb9324340971259a5b75e7666563a402c88735dc916 WHIRLPOOL 7030408d34850a6ac827149b3aaf1dd1f7f80ea7fa9731e4c76b5c95fedfec2bad51797f428685cdc9232fa455f2d78c814d35c06b905b2126d9a7aa8c2661e2
+AUX gnome-keyring-2.32.1-glib-2.32.patch 1355 SHA256 042bf9bc95f8e37bf9733531cc4d38db5c33d382f15152afdd7288ea09145fee SHA512 5745e64d77ec48cb8fe5b76bfc902f97749ee125e0c6db6ee7aed87f996cbae92e3c835792e76e33f49386ac8a9a4ec3613212f6ff5f470d038f2abf737c4aa7 WHIRLPOOL 23c45dd081eebaf9da75d159c71c3addd40e6f15b88c167ae932c6d3e0c261296c5e9222a0ed8cdf47045e9e30dc9f27bf331cb0482b26acfd5d2ac3f0ca611a
+AUX gnome-keyring-3.2.2-gold-glib-2.32.patch 1418 SHA256 523a2332dcc1db82f2897bf370c4c82b0e4ef3725ce06799b39554fe5ebe1587 SHA512 67eb80d999258162b871e34f235a1873850d64cbd5e6fdac604b3b402947b01842b40b5a8e9d0e7c893f3671c4a9e53084399ce8bfc06b25517fd6d3cce1b124 WHIRLPOOL 9b5fc1afe242f5612df534d70b3ca441dcc75f6ad01aae5e8dfb1a72800ad2392fad585f6f5ffecb1493bcda91068730e9db7865e221672104d338d0adb4291c
+AUX gnome-keyring-3.4.1-gpg-cache-method-1.patch 3222 SHA256 ad95945e404078059222d63decef8528a6e42a61aa01246463cfb272219420cc SHA512 44eefeb144d63ac9b66de13f58a87eb0713e91f73af758e2e7968a9d1f14af3d8137f5fce4abf51aea6eaef96f29219c349fbc8072725aa433ae7a9111756f9f WHIRLPOOL 159c94cef08b8e3d0d230f858e88c3fe75b40b3ff03cd18af3c4f0a771dbde424701abc7bb6610de6dd56127b7bc2b0715cef3d582c7206030739df04ee3a07b
+AUX gnome-keyring-3.4.1-gpg-cache-method-2.patch 1009 SHA256 832f4d27df3f8850ccc0e034e12d62e847e7c10deadd77b1e3761a90c6b1bd9b SHA512 610c7051e84bb343083932309758317ad120380041f4a57e6e7e2646677c20126395f0a2cc7f70c842be0175bd851d0253adfb6911c93a9dc0a6a6b86791371e WHIRLPOOL 5f4b413b1fc5bf9b3f0b7c4653876d00eab05f5d7f5d472272d3faaed17a8d2a0ed518b9e77f4b933a2fa69f7e905fcd911674ad36ffb3570ccc4aa2b44cc882
+DIST gnome-keyring-2.32.1.tar.bz2 1619245 SHA256 31fecec1430a97f59a6159a5a2ea8d6a1b44287f1e9e595b3594df46bf7f18f9 SHA512 23b91bc11be2805df228de98513a5f96386a89d6ead6434b7fdf4a3bee86b6601bb994b9de4524f8751c7d7f1ac9462c592bcd9b77c32234fc709148450e382b WHIRLPOOL fa9ed1d79a8af912ca8c4957d6dba30322a0239dd2c9b40f5c6adbfc66147402870a6400ae8bbdb56380c250e095b601ab9689f65ea17c95a76e7e2defe27c7d
+DIST gnome-keyring-3.2.2.tar.xz 1579860 SHA256 f4cdc2c492a9b0157d59439310093e611e1f718a16f7ee2391ac03aadacfaaa3 SHA512 61ca66046183d3c4b9eb3209ffc51653cc6be209b9cff716c815e1ba5d8fdf7b187005a1f13e0b73662a28a5b51569fe96f9037887a01f4d5080d1fac581d806 WHIRLPOOL a90507204089587813f262aa3c4507ed701d335d55bbd7dffea954d31bb398f6b08212360cfdb5df2aab29deb4f26cf512edd830b0059c79f8abc9e4362f293c
+DIST gnome-keyring-3.4.1.tar.xz 1107820 SHA256 9e90267721198cbe6ebc08f6390d24901d9c0de39b180cd2ad1bbcdd7b30b249 SHA512 3a27a62d1f074fcf4f95de2cbce9ab017aecf63be3f48f9371945b4b0a10a7e1dabe3fe4dc557e9aff8e67e9000769ab895d9c96bcd8187423a418f0dabaeddb WHIRLPOOL 8901777f34f05522a7f805b0369de8ed7366baf3aec9bfc1e5ca651f1b25e0b8e5f21eb5c2a469d7904a11f386b259713b4e40e442ae9c71c3d0559774a0a061
+EBUILD gnome-keyring-2.32.1-r1.ebuild 2053 SHA256 5dceeb6c7638158375148d1af8c99942a0f02b31349faea830173cacd781d06d SHA512 3c494f0c02be112195eb45febd32f7fd4736711f743402b37bf246f4be6cae064bfbf77a736dc3b343224d9315a31660ac843eedda0d1cc6b026f91e7c5ffd83 WHIRLPOOL 798361310b5b89342da1208ad506422a96446d1b23aea9a7bfc809cba81537923dd5f5fd8312c031eea6860c6aeaa069f669fbfe8cb790b6832b78da78ac9286
+EBUILD gnome-keyring-2.32.1.ebuild 1918 SHA256 65a75016c17492e81cde13d11fe1771608453abe98013311bb02bd8dbaa46748 SHA512 686dd6cba0e0f6d8f15b777ef7f0e6ae5550ddc5e48e6bec23ece9cc7be9fa53fa62ce28ba949442034efe7de9f87daf45e998ca320771a434a7c581df888c3c WHIRLPOOL 772385502159a906a24d671d260c83d14630b21166fa6cec9339840f45039aa1e227d8819e4d47337eca87589e814486dd018d212f449d75ab8950e225397dd9
+EBUILD gnome-keyring-3.2.2.ebuild 3429 SHA256 83455566bfe5f38e0f02c63d14db3bf5b5f7e553f4f56fd0894282fff376f4ea SHA512 4b4a126384183b0a4e227f20f75899ce401fed9d0990ed0d3d27c4cfa259e924c08368fe9d9d4e6c5749b5eec861b3c58a0c4bf9433dcc34679c5c6a99302196 WHIRLPOOL 2aeb296ee944ee1e5fa7e3598a3669103d8baf10f35d97577efa844f95db7005734ebeecc240a39f2d64b636722e7874f536d940e7dbc80387b40cb377c4bc89
+EBUILD gnome-keyring-3.4.1-r1.ebuild 3070 SHA256 f155b7b08463711719ec5691ac042a751096c7b66d3cc6268edd79e412421af0 SHA512 117c049a64cf2fb17496a96301a7995c466fdbea19fe86f899957f8447d29e69c1b41c32b2be54f7723867ae4af4f9156a80432531763c613784cbadf8fe6570 WHIRLPOOL 58107a194bd2d93b91daeb48aa6fb1c3421d00bc65c3c644b7e20ffec8f8204146cb548d25d4a7a1da63591a04602103fa52503768501a6e334347e493615869
+EBUILD gnome-keyring-3.4.1.ebuild 2943 SHA256 90b7b868a841050cafcb387afaef882cf401b192a7174da394334521fd9f9610 SHA512 5b97dd9f0931bfee1988de7a1b820cd996945a3fb400a47d162aa90e334810dcb18d15c92d4b507451bc95a791632c65a28be23b79743623d6b0960de117f98d WHIRLPOOL c65ca7870f9fba13fc0fc3f5c0d22f460130225e1eea46c341213818a69a5cc0fe56ac7658e1a1af3301072975e12eefa64068dc437e4723ec76b35243ae08d7
+MISC ChangeLog 32809 SHA256 c4ca666bbcd720df9c537ebde5281bcb21ba9b0bb366cdaba691f8c022122263 SHA512 a8b5457d7f0ae623b9e1451f616897b4d5965c65c77b1912b92d3280f0adf1acdb36c929f66e695e0687220b4601639b4de85a00f009adf24d99bdd4d8e09623 WHIRLPOOL 77bef14ea0f55f86ab7b9a2ad1aa43be089fe756b4120ebf986d3e1a2308dfd06169a0ad8166c304e2dd1e9a8f6b2d93467c9aa966138bbb3a19d8e3ebc56c41
+MISC metadata.xml 158 SHA256 3a7dbca0fdc557de69783e0663e2d76ddab129ea8a19b2d0ef6d3e5d1b947ce1 SHA512 7fbfbd2b3ed1b81867d55648509f778fdbe2091af53727b3426a3c7f453ae7e1663a99fdd2101508b8d6c85b3158459c93551b77a6a394f02d7e11cbc8a5ecf4 WHIRLPOOL 4bcd5662974877d42ebc4361b6eb412bfeea2af7144b436ce7ed152327d554afc321c376625ba0bb85a704b70d86e3c4882dff3573047acddd8ffccf655d4f7e
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.19 (GNU/Linux)
 
-iQEcBAEBAgAGBQJPuo8vAAoJEJ0WA1zPCt1h5MwH/AysuGiQctMzZhtqW/x7eRE6
-JeGuRiR1fH1yJWfgvX8ThD1tOMTTzn4hM+Sw+n1t7wDpDDYSpLqZx4GsWROhGW7b
-w4mWygTdFRxAleN+CfXvu3Z4MIZibOhGfPvJoMBZy2Jh0QyLqeOOZtW9a61QKyST
-auBvD+KBi2WrE66FeutyQuJAtgt+SJ4fd/aNtTSdLZnZ59chMyAcv7kgsfCUpKJ9
-F49iynQC5NVuOCJ+vgRjfTQ3jCyONnaqtC95AhGB56A1jBD4rnJOk7qJs6Mhv3m5
-Ec7Lyt6IJnlbEISRTIgH3NCF64snHmDcqZxbKRQUym4G3CeWMf22iLBA3SO9k58=
-=GzVS
+iQEcBAEBCAAGBQJQh5S4AAoJEJ0WA1zPCt1hATsH/0kBup20pxRwb5BLanCI9snY
+XWEoARKvDsV87FX2c46jQDaX5HwjFh50kpZ+owRkkOd/u3hN86JingOU66Z8unUu
+5y+rmiQQdLwHxI4YfLfh3jfp8ch1CCI2jBDmxiBv25iOACSBMhTJMLXXozfMHyAA
+FF8GcmiQJ/V4izQe2HZT5/c2GiYMe4mSBJcSOt/2aiZmZ87btx9sYWbI4Rj9X3ME
+UaZuO+HEn/nCwGrApzvaOjNh3n+ETutwGFS7vOuKIihw8GMfOYEwBFEDc3x2D8f9
+YX8SuB8otEaS2DtV4STs2vpmrhO0DvngXIVvNFy6ZdbSX4Hk2zpSfoM/F5RZo5I=
+=c7/k
 -----END PGP SIGNATURE-----
diff --git a/gnome-base/gnome-keyring/files/gnome-keyring-2.32.1-glib-2.32.patch b/gnome-base/gnome-keyring/files/gnome-keyring-2.32.1-glib-2.32.patch
new file mode 100644
index 000000000000..ab63d5fa3d3a
--- /dev/null
+++ b/gnome-base/gnome-keyring/files/gnome-keyring-2.32.1-glib-2.32.patch
@@ -0,0 +1,56 @@
+From 002a073fe2b403ae7d006372e690743b664236d3 Mon Sep 17 00:00:00 2001
+From: Alexandre Rostovtsev <tetromino@gentoo.org>
+Date: Wed, 24 Oct 2012 02:52:28 -0400
+Subject: [PATCH] Explicitly link to gmodule
+
+Fixes build failure with glib-2.32 and gold.
+---
+ configure.in     | 4 ++++
+ gp11/Makefile.am | 4 +++-
+ 2 files changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/configure.in b/configure.in
+index f781384..cdf9a2e 100644
+--- a/configure.in
++++ b/configure.in
+@@ -70,6 +70,10 @@ PKG_CHECK_MODULES(GLIB, glib-2.0 >= 2.16.0)
+ AC_SUBST(GLIB_CFLAGS)
+ AC_SUBST(GLIB_LIBS)
+ 
++PKG_CHECK_MODULES(GMODULE, gmodule-no-export-2.0)
++AC_SUBST(GMODULE_CFLAGS)
++AC_SUBST(GMODULE_LIBS)
++
+ PKG_CHECK_MODULES(GTHREAD, gthread-2.0 >= 2.8.0)
+ AC_SUBST(GTHREAD_CFLAGS)
+ AC_SUBST(GTHREAD_LIBS)
+diff --git a/gp11/Makefile.am b/gp11/Makefile.am
+index 18942bd..5a90404 100644
+--- a/gp11/Makefile.am
++++ b/gp11/Makefile.am
+@@ -8,6 +8,7 @@ INCLUDES = \
+     	-I$(top_srcdir) \
+     	$(GOBJECT_CFLAGS) \
+ 	$(GTHREAD_CFLAGS) \
++	$(GMODULE_CFLAGS) \
+ 	$(GLIB_CFLAGS)
+ 
+ BUILT_SOURCES = \
+@@ -34,6 +35,7 @@ libgp11_la_LIBADD = \
+ 	$(GOBJECT_LIBS) \
+ 	$(GTHREAD_LIBS) \
+ 	$(GIO_LIBS) \
++	$(GMODULE_LIBS) \
+ 	$(GLIB_LIBS)
+ 
+ gp11-marshal.h: gp11-marshal.list $(GLIB_GENMARSHAL)
+@@ -64,4 +66,4 @@ endif
+ 
+ SUBDIRS = . \
+ 	$(TESTS_DIR)
+-	
+\ No newline at end of file
++	
+-- 
+1.7.12.4
+
diff --git a/gnome-base/gnome-keyring/files/gnome-keyring-3.4.1-gpg-cache-method-1.patch b/gnome-base/gnome-keyring/files/gnome-keyring-3.4.1-gpg-cache-method-1.patch
new file mode 100644
index 000000000000..330d25bf0508
--- /dev/null
+++ b/gnome-base/gnome-keyring/files/gnome-keyring-3.4.1-gpg-cache-method-1.patch
@@ -0,0 +1,99 @@
+From 51606f299e5ee9d48096db0a5957efe26cbf7cc3 Mon Sep 17 00:00:00 2001
+From: Stef Walter <stefw@gnome.org>
+Date: Wed, 8 Aug 2012 06:06:58 +0200
+Subject: [PATCH] gpg-agent: Hook up the TTL cache option
+
+ * So that when the gsettings gpg-cache-method is 'idle' or 'timeout'
+   we use gpg-cache-ttl to control how long the passphrase is cached
+   for.
+ * This is a regression from 3.3.x
+
+https://bugzilla.gnome.org/show_bug.cgi?id=681081
+---
+ daemon/gpg-agent/gkd-gpg-agent-ops.c | 40 ++++++++++++++++++++++--------------
+ 1 file changed, 25 insertions(+), 15 deletions(-)
+
+diff --git a/daemon/gpg-agent/gkd-gpg-agent-ops.c b/daemon/gpg-agent/gkd-gpg-agent-ops.c
+index a0e8731..c8414fe 100644
+--- a/daemon/gpg-agent/gkd-gpg-agent-ops.c
++++ b/daemon/gpg-agent/gkd-gpg-agent-ops.c
+@@ -322,17 +322,6 @@ load_unlock_options (GcrPrompt *prompt)
+ 	g_free (method);
+ }
+ 
+-static void
+-save_unlock_options (GcrPrompt *prompt)
+-{
+-	GSettings *settings;
+-
+-	settings = gkd_gpg_agent_settings ();
+-
+-	if (gcr_prompt_get_choice_chosen (prompt))
+-		g_settings_set_string (settings, "gpg-cache-method", GCR_UNLOCK_OPTION_ALWAYS);
+-}
+-
+ static GcrPrompt *
+ open_password_prompt (GckSession *session,
+                       const gchar *keyid,
+@@ -405,11 +394,14 @@ do_get_password (GckSession *session, const gchar *keyid, const gchar *errmsg,
+                  const gchar *prompt_text, const gchar *description, gboolean confirm)
+ {
+ 	GckBuilder builder = GCK_BUILDER_INIT;
++	GSettings *settings;
+ 	GckAttributes *attrs;
+ 	gchar *password = NULL;
+ 	GcrPrompt *prompt;
+ 	gboolean chosen;
+ 	GError *error = NULL;
++	gint lifetime;
++	gchar *method;
+ 
+ 	g_assert (GCK_IS_SESSION (session));
+ 
+@@ -430,21 +422,39 @@ do_get_password (GckSession *session, const gchar *keyid, const gchar *errmsg,
+ 	}
+ 
+ 	if (password != NULL && keyid != NULL) {
++		settings = gkd_gpg_agent_settings ();
+ 
+ 		/* Load up the save options */
+ 		chosen = gcr_prompt_get_choice_chosen (prompt);
+ 
+-		if (chosen)
++		if (chosen) {
++			g_settings_set_string (settings, "gpg-cache-method", GCR_UNLOCK_OPTION_ALWAYS);
+ 			gck_builder_add_string (&builder, CKA_G_COLLECTION, "login");
+-		else
++
++		} else {
++			method = g_settings_get_string (settings, "gpg-cache-method");
++			lifetime = g_settings_get_int (settings, "gpg-cache-ttl");
++
++			if (g_strcmp0 (method, GCR_UNLOCK_OPTION_IDLE) == 0) {
++				gck_builder_add_boolean (&builder, CKA_GNOME_TRANSIENT, TRUE);
++				gck_builder_add_ulong (&builder, CKA_G_DESTRUCT_IDLE, lifetime);
++
++			} else if (g_strcmp0 (method, GCR_UNLOCK_OPTION_TIMEOUT) == 0) {
++				gck_builder_add_boolean (&builder, CKA_GNOME_TRANSIENT, TRUE);
++				gck_builder_add_ulong (&builder, CKA_G_DESTRUCT_AFTER, lifetime);
++
++			} else if (g_strcmp0 (method, GCR_UNLOCK_OPTION_SESSION)){
++				g_message ("Unsupported gpg-cache-method setting: %s", method);
++			}
++
+ 			gck_builder_add_string (&builder, CKA_G_COLLECTION, "session");
++			g_free (method);
++		}
+ 
+ 		/* Now actually save the password */
+ 		attrs = gck_attributes_ref_sink (gck_builder_end (&builder));
+ 		do_save_password (session, keyid, description, password, attrs);
+ 		gck_attributes_unref (attrs);
+-
+-		save_unlock_options (prompt);
+ 	}
+ 
+ 	g_clear_object (&prompt);
+-- 
+1.7.12.4
+
diff --git a/gnome-base/gnome-keyring/files/gnome-keyring-3.4.1-gpg-cache-method-2.patch b/gnome-base/gnome-keyring/files/gnome-keyring-3.4.1-gpg-cache-method-2.patch
new file mode 100644
index 000000000000..e38f45d320c1
--- /dev/null
+++ b/gnome-base/gnome-keyring/files/gnome-keyring-3.4.1-gpg-cache-method-2.patch
@@ -0,0 +1,27 @@
+From 5dff623470b859e332dbe12afb0dc57b292832d2 Mon Sep 17 00:00:00 2001
+From: Stef Walter <stefw@gnome.org>
+Date: Wed, 8 Aug 2012 15:08:22 +0200
+Subject: [PATCH] secret-store: Mark a secret item as 'used' when accessed
+
+ * This makes the gpg-agent idle feature work correctly
+
+https://bugzilla.gnome.org/show_bug.cgi?id=681081
+---
+ pkcs11/secret-store/gkm-secret-item.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/pkcs11/secret-store/gkm-secret-item.c b/pkcs11/secret-store/gkm-secret-item.c
+index d03c4a8..15791a9 100644
+--- a/pkcs11/secret-store/gkm-secret-item.c
++++ b/pkcs11/secret-store/gkm-secret-item.c
+@@ -224,6 +224,7 @@ gkm_secret_item_real_get_attribute (GkmObject *base, GkmSession *session, CK_ATT
+ 		identifier = gkm_secret_object_get_identifier (GKM_SECRET_OBJECT (self));
+ 		secret = gkm_secret_data_get_raw (sdata, identifier, &n_secret);
+ 		rv = gkm_attribute_set_data (attr, secret, n_secret);
++		gkm_object_mark_used (base);
+ 		g_object_unref (sdata);
+ 		return rv;
+ 
+-- 
+1.7.12.4
+
diff --git a/gnome-base/gnome-keyring/gnome-keyring-2.32.1-r1.ebuild b/gnome-base/gnome-keyring/gnome-keyring-2.32.1-r1.ebuild
index 2d61180f70fa..94097183738b 100644
--- a/gnome-base/gnome-keyring/gnome-keyring-2.32.1-r1.ebuild
+++ b/gnome-base/gnome-keyring/gnome-keyring-2.32.1-r1.ebuild
@@ -1,18 +1,18 @@
 # Copyright 1999-2012 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/gnome-base/gnome-keyring/gnome-keyring-2.32.1-r1.ebuild,v 1.8 2012/05/21 18:53:30 tetromino Exp $
+# $Header: /var/cvsroot/gentoo-x86/gnome-base/gnome-keyring/gnome-keyring-2.32.1-r1.ebuild,v 1.9 2012/10/24 07:11:50 tetromino Exp $
 
 EAPI="4"
 GCONF_DEBUG="yes"
 GNOME2_LA_PUNT="yes"
 GNOME_TARBALL_SUFFIX="bz2"
 
-inherit eutils gnome2 multilib pam virtualx
+inherit autotools eutils gnome2 multilib pam virtualx
 
 DESCRIPTION="Password and keyring managing daemon"
 HOMEPAGE="http://live.gnome.org/GnomeKeyring"
 
-LICENSE="GPL-2 LGPL-2"
+LICENSE="GPL-2+ LGPL-2+"
 SLOT="0"
 KEYWORDS="alpha amd64 arm ia64 ~mips ppc ppc64 sh sparc x86 ~x86-fbsd ~amd64-linux ~x86-linux ~sparc-solaris ~x86-solaris"
 IUSE="debug doc pam test"
@@ -27,19 +27,17 @@ RDEPEND=">=dev-libs/glib-2.25:2
 	>=dev-libs/libtasn1-1"
 #	valgrind? ( dev-util/valgrind )"
 DEPEND="${RDEPEND}
-	sys-devel/gettext
+	>=dev-util/gtk-doc-am-1.9
 	>=dev-util/intltool-0.35
-	virtual/pkgconfig
-	doc? ( >=dev-util/gtk-doc-1.9 )"
+	sys-devel/gettext
+	virtual/pkgconfig"
 PDEPEND="gnome-base/libgnome-keyring"
-# eautoreconf needs:
-#	>=dev-util/gtk-doc-am-1.9
 
 # tests fail in several ways, they should be fixed in the next cycle (bug #340283),
 # revisit then.
 RESTRICT="test"
 
-pkg_setup() {
+src_prepare() {
 	DOCS="AUTHORS ChangeLog NEWS README"
 	G2CONF="${G2CONF}
 		$(use_enable debug)
@@ -52,9 +50,10 @@ pkg_setup() {
 		--enable-gpg-agent
 		--with-gtk=2.0"
 #		$(use_enable valgrind)
-}
 
-src_prepare() {
+	epatch "${FILESDIR}/${P}-glib-2.32.patch"
+	eautoreconf
+
 	gnome2_src_prepare
 
 	# Remove silly CFLAGS
diff --git a/gnome-base/gnome-keyring/gnome-keyring-2.32.1.ebuild b/gnome-base/gnome-keyring/gnome-keyring-2.32.1.ebuild
index 56172f1afdf0..42cba927036a 100644
--- a/gnome-base/gnome-keyring/gnome-keyring-2.32.1.ebuild
+++ b/gnome-base/gnome-keyring/gnome-keyring-2.32.1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2012 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/gnome-base/gnome-keyring/gnome-keyring-2.32.1.ebuild,v 1.15 2012/05/05 05:38:10 jdhore Exp $
+# $Header: /var/cvsroot/gentoo-x86/gnome-base/gnome-keyring/gnome-keyring-2.32.1.ebuild,v 1.16 2012/10/24 07:11:50 tetromino Exp $
 
 EAPI="3"
 GCONF_DEBUG="yes"
@@ -10,10 +10,10 @@ inherit gnome2 multilib pam virtualx
 DESCRIPTION="Password and keyring managing daemon"
 HOMEPAGE="http://www.gnome.org/"
 
-LICENSE="GPL-2 LGPL-2"
+LICENSE="GPL-2+ LGPL-2+"
 SLOT="0"
 KEYWORDS="alpha amd64 arm ia64 ~mips ppc ppc64 sh sparc x86 ~x86-fbsd ~amd64-linux ~x86-linux ~sparc-solaris ~x86-solaris"
-IUSE="debug doc pam test"
+IUSE="debug pam test"
 # USE=valgrind is probably not a good idea for the tree
 
 RDEPEND=">=dev-libs/glib-2.25:2
@@ -25,13 +25,11 @@ RDEPEND=">=dev-libs/glib-2.25:2
 	>=dev-libs/libtasn1-1"
 #	valgrind? ( dev-util/valgrind )"
 DEPEND="${RDEPEND}
-	sys-devel/gettext
+	>=dev-util/gtk-doc-am-1.9
 	>=dev-util/intltool-0.35
-	virtual/pkgconfig
-	doc? ( >=dev-util/gtk-doc-1.9 )"
+	sys-devel/gettext
+	virtual/pkgconfig"
 PDEPEND="gnome-base/libgnome-keyring"
-# eautoreconf needs:
-#	>=dev-util/gtk-doc-am-1.9
 
 DOCS="AUTHORS ChangeLog NEWS README"
 
diff --git a/gnome-base/gnome-keyring/gnome-keyring-3.2.2.ebuild b/gnome-base/gnome-keyring/gnome-keyring-3.2.2.ebuild
index d2d169f771e7..dbda83fe8c69 100644
--- a/gnome-base/gnome-keyring/gnome-keyring-3.2.2.ebuild
+++ b/gnome-base/gnome-keyring/gnome-keyring-3.2.2.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2012 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/gnome-base/gnome-keyring/gnome-keyring-3.2.2.ebuild,v 1.9 2012/05/21 18:53:30 tetromino Exp $
+# $Header: /var/cvsroot/gentoo-x86/gnome-base/gnome-keyring/gnome-keyring-3.2.2.ebuild,v 1.10 2012/10/24 07:11:50 tetromino Exp $
 
 EAPI="4"
 GCONF_DEBUG="no"
@@ -11,9 +11,9 @@ inherit autotools eutils gnome2 multilib pam versionator virtualx
 DESCRIPTION="Password and keyring managing daemon"
 HOMEPAGE="http://www.gnome.org/"
 
-LICENSE="GPL-2 LGPL-2"
+LICENSE="GPL-2+ LGPL-2+"
 SLOT="0"
-IUSE="+caps debug doc pam test"
+IUSE="+caps debug pam test"
 KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~mips ~ppc ~ppc64 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~sparc-solaris ~x86-solaris"
 
 # USE=valgrind is probably not a good idea for the tree
@@ -29,14 +29,11 @@ RDEPEND=">=dev-libs/glib-2.25:2
 "
 #	valgrind? ( dev-util/valgrind )
 DEPEND="${RDEPEND}
-	sys-devel/gettext
 	>=dev-util/gtk-doc-am-1.9
 	>=dev-util/intltool-0.35
-	virtual/pkgconfig
-	doc? ( >=dev-util/gtk-doc-1.9 )"
+	sys-devel/gettext
+	virtual/pkgconfig"
 PDEPEND=">=gnome-base/libgnome-keyring-3.1.92"
-# eautoreconf needs:
-#	>=dev-util/gtk-doc-am-1.9
 
 # FIXME: tests are flaky and write to /tmp (instead of TMPDIR)
 RESTRICT="test"
diff --git a/gnome-base/gnome-keyring/gnome-keyring-3.4.1-r1.ebuild b/gnome-base/gnome-keyring/gnome-keyring-3.4.1-r1.ebuild
new file mode 100644
index 000000000000..c493ebe601b6
--- /dev/null
+++ b/gnome-base/gnome-keyring/gnome-keyring-3.4.1-r1.ebuild
@@ -0,0 +1,108 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/gnome-base/gnome-keyring/gnome-keyring-3.4.1-r1.ebuild,v 1.1 2012/10/24 07:11:50 tetromino Exp $
+
+EAPI="4"
+GCONF_DEBUG="no"
+GNOME2_LA_PUNT="yes"
+
+inherit gnome2 pam versionator virtualx
+
+DESCRIPTION="Password and keyring managing daemon"
+HOMEPAGE="http://www.gnome.org/"
+
+LICENSE="GPL-2+ LGPL-2+"
+SLOT="0"
+IUSE="+caps debug pam selinux"
+KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~mips ~ppc ~ppc64 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~sparc-solaris ~x86-solaris"
+
+RDEPEND=">=app-crypt/gcr-3.3.4
+	>=dev-libs/glib-2.28:2
+	>=x11-libs/gtk+-3.0:3
+	app-misc/ca-certificates
+	>=dev-libs/libgcrypt-1.2.2
+	>=sys-apps/dbus-1.0
+	caps? ( sys-libs/libcap-ng )
+	pam? ( virtual/pam )
+"
+DEPEND="${RDEPEND}
+	>=dev-util/intltool-0.35
+	sys-devel/gettext
+	virtual/pkgconfig"
+PDEPEND=">=gnome-base/libgnome-keyring-3.1.92"
+# eautoreconf needs:
+#	>=dev-util/gtk-doc-am-1.9
+# gtk-doc-am is not needed otherwise (no gtk-docs are installed)
+
+# FIXME: tests are very flaky and write to /tmp (instead of TMPDIR)
+RESTRICT="test"
+
+src_prepare() {
+	DOCS="AUTHORS ChangeLog NEWS README"
+	G2CONF="${G2CONF}
+		$(use_enable debug)
+		$(use_with caps libcap-ng)
+		$(use_enable pam)
+		$(use_with pam pam-dir $(getpam_mod_dir))
+		$(use_enable selinux)
+		--with-root-certs=${EPREFIX}/etc/ssl/certs/
+		--with-ca-certificates=${EPREFIX}/etc/ssl/certs/ca-certificates.crt
+		--enable-ssh-agent
+		--enable-gpg-agent"
+	# Bug #436392, CVE-2012-3466; fixed in 3.6
+	epatch "${FILESDIR}/${P}-gpg-cache-method-"{1,2}.patch
+	gnome2_src_prepare
+}
+
+src_test() {
+	unset DBUS_SESSION_BUS_ADDRESS
+	Xemake check
+}
+
+pkg_postinst() {
+	use caps && fcaps 0:0 755 cap_ipc_lock "${ROOT}"/usr/bin/gnome-keyring-daemon
+
+	gnome2_pkg_postinst
+}
+
+# borrowed from GSoC2010_Gentoo_Capabilities by constanze and Flameeyes
+# @FUNCTION: fcaps
+# @USAGE: fcaps {uid:gid} {file-mode} {cap1[,cap2,...]} {file}
+# @RETURN: 0 if all okay; non-zero if failure and fallback
+# @DESCRIPTION:
+# fcaps sets the specified capabilities in the effective and permitted set of
+# the given file. In case of failure fcaps sets the given file-mode.
+# Requires versionator.eclass
+fcaps() {
+	local uid_gid=$1
+	local perms=$2
+	local capset=$3
+	local path=$4
+	local res
+
+	chmod $perms $path && \
+	chown $uid_gid $path
+	res=$?
+
+	use caps || return $res
+
+	#set the capability
+	setcap "$capset=ep" "$path" &> /dev/null
+	#check if the capability got set correctly
+	setcap -v "$capset=ep" "$path" &> /dev/null
+	res=$?
+
+	if [ $res -ne 0 ]; then
+		ewarn "Failed to set capabilities. Probable reason is missing kernel support."
+		ewarn "Your kernel must have <FS>_FS_SECURITY enabled (e.g. EXT4_FS_SECURITY)"
+		ewarn "where <FS> is the filesystem to store ${path}"
+		if ! version_is_at_least 2.6.33 "$(uname -r)"; then
+			ewarn "For kernel 2.6.32 or older, you will also need to enable"
+			ewarn "SECURITY_FILE_CAPABILITIES."
+		fi
+		ewarn
+		ewarn "Falling back to suid now..."
+		chmod u+s ${path}
+	fi
+	return $res
+}
diff --git a/gnome-base/gnome-keyring/gnome-keyring-3.4.1.ebuild b/gnome-base/gnome-keyring/gnome-keyring-3.4.1.ebuild
index cb1d931a8e78..6118758803b3 100644
--- a/gnome-base/gnome-keyring/gnome-keyring-3.4.1.ebuild
+++ b/gnome-base/gnome-keyring/gnome-keyring-3.4.1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2012 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/gnome-base/gnome-keyring/gnome-keyring-3.4.1.ebuild,v 1.1 2012/05/13 18:15:00 tetromino Exp $
+# $Header: /var/cvsroot/gentoo-x86/gnome-base/gnome-keyring/gnome-keyring-3.4.1.ebuild,v 1.2 2012/10/24 07:11:50 tetromino Exp $
 
 EAPI="4"
 GCONF_DEBUG="no"
@@ -13,7 +13,7 @@ HOMEPAGE="http://www.gnome.org/"
 
 LICENSE="GPL-2 LGPL-2"
 SLOT="0"
-IUSE="+caps debug doc pam selinux"
+IUSE="+caps debug pam selinux"
 KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~mips ~ppc ~ppc64 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~sparc-solaris ~x86-solaris"
 
 RDEPEND=">=app-crypt/gcr-3.3.4
@@ -27,13 +27,12 @@ RDEPEND=">=app-crypt/gcr-3.3.4
 "
 DEPEND="${RDEPEND}
 	sys-devel/gettext
-	>=dev-util/gtk-doc-am-1.9
 	>=dev-util/intltool-0.35
-	virtual/pkgconfig
-	doc? ( >=dev-util/gtk-doc-1.9 )"
+	virtual/pkgconfig"
 PDEPEND=">=gnome-base/libgnome-keyring-3.1.92"
 # eautoreconf needs:
 #	>=dev-util/gtk-doc-am-1.9
+# gtk-doc-am is not needed otherwise (no gtk-docs are installed)
 
 # FIXME: tests are very flaky and write to /tmp (instead of TMPDIR)
 RESTRICT="test"
author	Alexandre Rostovtsev <tetromino@gentoo.org>	2012-10-24 07:11:56 +0000
committer	Alexandre Rostovtsev <tetromino@gentoo.org>	2012-10-24 07:11:56 +0000
commit	0ac233caf801669dfaf70d5261e2ed8158048e84 (patch)
tree	53eda355d0f4d5fc2e744ebb193a67d3645310fd /gnome-base/gnome-keyring
parent	Version bump. (diff)
download	historical-0ac233caf801669dfaf70d5261e2ed8158048e84.tar.gz historical-0ac233caf801669dfaf70d5261e2ed8158048e84.tar.bz2 historical-0ac233caf801669dfaf70d5261e2ed8158048e84.zip