r35617 - in /desktop/unstable/gnome-keyring/debian: ./ patches/
bigon at users.alioth.debian.org
bigon at users.alioth.debian.org
Sun Aug 19 12:51:26 UTC 2012
Author: bigon
Date: Sun Aug 19 12:51:24 2012
New Revision: 35617
URL: http://svn.debian.org/wsvn/pkg-gnome/?sc=1&rev=35617
Log:
d/p/0001-schema-Update-description-for-gpg-cache-method.patch,
d/p/0002-gpg-agent-Hook-up-the-TTL-cache-option.patch,
d/p/0003-secret-store-Mark-a-secret-item-as-used-when-accesse.patch:
Properly expire caching of the GPG passphrases (Taken from upstream)
(Closes: #683655, CVE-2012-3466)
Added:
desktop/unstable/gnome-keyring/debian/patches/0001-schema-Update-description-for-gpg-cache-method.patch
desktop/unstable/gnome-keyring/debian/patches/0002-gpg-agent-Hook-up-the-TTL-cache-option.patch
desktop/unstable/gnome-keyring/debian/patches/0003-secret-store-Mark-a-secret-item-as-used-when-accesse.patch
Modified:
desktop/unstable/gnome-keyring/debian/changelog
desktop/unstable/gnome-keyring/debian/control
desktop/unstable/gnome-keyring/debian/patches/series
Modified: desktop/unstable/gnome-keyring/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/unstable/gnome-keyring/debian/changelog?rev=35617&op=diff
==============================================================================
--- desktop/unstable/gnome-keyring/debian/changelog [utf-8] (original)
+++ desktop/unstable/gnome-keyring/debian/changelog [utf-8] Sun Aug 19 12:51:24 2012
@@ -1,3 +1,13 @@
+gnome-keyring (3.4.1-5) UNRELEASED; urgency=low
+
+ * d/p/0001-schema-Update-description-for-gpg-cache-method.patch,
+ d/p/0002-gpg-agent-Hook-up-the-TTL-cache-option.patch,
+ d/p/0003-secret-store-Mark-a-secret-item-as-used-when-accesse.patch:
+ Properly expire caching of the GPG passphrases (Taken from upstream)
+ (Closes: #683655, CVE-2012-3466)
+
+ -- Laurent Bigonville <bigon at debian.org> Sun, 19 Aug 2012 14:30:37 +0200
+
gnome-keyring (3.4.1-4) unstable; urgency=low
* Add Depends on gcr (>= 3.4) for the SystemPrompter service which is
Modified: desktop/unstable/gnome-keyring/debian/control
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/unstable/gnome-keyring/debian/control?rev=35617&op=diff
==============================================================================
--- desktop/unstable/gnome-keyring/debian/control [utf-8] (original)
+++ desktop/unstable/gnome-keyring/debian/control [utf-8] Sun Aug 19 12:51:24 2012
@@ -7,7 +7,7 @@
Section: gnome
Priority: optional
Maintainer: Josselin Mouette <joss at debian.org>
-Uploaders: Debian GNOME Maintainers <pkg-gnome-maintainers at lists.alioth.debian.org>, Jordi Mallach <jordi at debian.org>, Martin Pitt <mpitt at debian.org>, Michael Biebl <biebl at debian.org>, Sjoerd Simons <sjoerd at debian.org>
+Uploaders: Debian GNOME Maintainers <pkg-gnome-maintainers at lists.alioth.debian.org>, Jordi Mallach <jordi at debian.org>, Laurent Bigonville <bigon at debian.org>, Martin Pitt <mpitt at debian.org>, Michael Biebl <biebl at debian.org>, Sjoerd Simons <sjoerd at debian.org>
Build-Depends: debhelper (>= 9),
cdbs,
ca-certificates,
Added: desktop/unstable/gnome-keyring/debian/patches/0001-schema-Update-description-for-gpg-cache-method.patch
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/unstable/gnome-keyring/debian/patches/0001-schema-Update-description-for-gpg-cache-method.patch?rev=35617&op=file
==============================================================================
--- desktop/unstable/gnome-keyring/debian/patches/0001-schema-Update-description-for-gpg-cache-method.patch (added)
+++ desktop/unstable/gnome-keyring/debian/patches/0001-schema-Update-description-for-gpg-cache-method.patch [utf-8] Sun Aug 19 12:51:24 2012
@@ -1,0 +1,31 @@
+From 24dcc36fb999418b1d13f76bc6bee4c7f59a5ec0 Mon Sep 17 00:00:00 2001
+From: Stef Walter <stefw at gnome.org>
+Date: Wed, 8 Aug 2012 06:06:24 +0200
+Subject: [PATCH 1/3] schema: Update description for gpg-cache-method
+
+ * Document the various method strings that can be present here
+
+https://bugzilla.gnome.org/show_bug.cgi?id=681081
+---
+ schema/org.gnome.crypto.cache.gschema.xml | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/schema/org.gnome.crypto.cache.gschema.xml b/schema/org.gnome.crypto.cache.gschema.xml
+index 9a431eb..4547399 100644
+--- a/schema/org.gnome.crypto.cache.gschema.xml
++++ b/schema/org.gnome.crypto.cache.gschema.xml
+@@ -3,7 +3,10 @@
+ <key name="gpg-cache-method" type="s">
+ <default>'session'</default>
+ <summary>Cache Method</summary>
+- <description>The method to use for caching passphrases typed into the GPG agent.</description>
++ <description>The method to use for caching passphrases typed into the GPG agent.
++ Should be one of: 'always' caches permanently, 'session' caches until session end,
++ 'idle' caches until the not used for gpg-cache-ttl seconds, 'timeout' caches until
++ gpg-cache-ttl seconds.</description>
+ </key>
+ <key name="gpg-cache-ttl" type="i">
+ <default>300</default>
+--
+1.7.10.4
+
Added: desktop/unstable/gnome-keyring/debian/patches/0002-gpg-agent-Hook-up-the-TTL-cache-option.patch
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/unstable/gnome-keyring/debian/patches/0002-gpg-agent-Hook-up-the-TTL-cache-option.patch?rev=35617&op=file
==============================================================================
--- desktop/unstable/gnome-keyring/debian/patches/0002-gpg-agent-Hook-up-the-TTL-cache-option.patch (added)
+++ desktop/unstable/gnome-keyring/debian/patches/0002-gpg-agent-Hook-up-the-TTL-cache-option.patch [utf-8] Sun Aug 19 12:51:24 2012
@@ -1,0 +1,99 @@
+From 51606f299e5ee9d48096db0a5957efe26cbf7cc3 Mon Sep 17 00:00:00 2001
+From: Stef Walter <stefw at gnome.org>
+Date: Wed, 8 Aug 2012 06:06:58 +0200
+Subject: [PATCH 2/3] gpg-agent: Hook up the TTL cache option
+
+ * So that when the gsettings gpg-cache-method is 'idle' or 'timeout'
+ we use gpg-cache-ttl to control how long the passphrase is cached
+ for.
+ * This is a regression from 3.3.x
+
+https://bugzilla.gnome.org/show_bug.cgi?id=681081
+---
+ daemon/gpg-agent/gkd-gpg-agent-ops.c | 40 +++++++++++++++++++++-------------
+ 1 file changed, 25 insertions(+), 15 deletions(-)
+
+diff --git a/daemon/gpg-agent/gkd-gpg-agent-ops.c b/daemon/gpg-agent/gkd-gpg-agent-ops.c
+index a0e8731..c8414fe 100644
+--- a/daemon/gpg-agent/gkd-gpg-agent-ops.c
++++ b/daemon/gpg-agent/gkd-gpg-agent-ops.c
+@@ -322,17 +322,6 @@ load_unlock_options (GcrPrompt *prompt)
+ g_free (method);
+ }
+
+-static void
+-save_unlock_options (GcrPrompt *prompt)
+-{
+- GSettings *settings;
+-
+- settings = gkd_gpg_agent_settings ();
+-
+- if (gcr_prompt_get_choice_chosen (prompt))
+- g_settings_set_string (settings, "gpg-cache-method", GCR_UNLOCK_OPTION_ALWAYS);
+-}
+-
+ static GcrPrompt *
+ open_password_prompt (GckSession *session,
+ const gchar *keyid,
+@@ -405,11 +394,14 @@ do_get_password (GckSession *session, const gchar *keyid, const gchar *errmsg,
+ const gchar *prompt_text, const gchar *description, gboolean confirm)
+ {
+ GckBuilder builder = GCK_BUILDER_INIT;
++ GSettings *settings;
+ GckAttributes *attrs;
+ gchar *password = NULL;
+ GcrPrompt *prompt;
+ gboolean chosen;
+ GError *error = NULL;
++ gint lifetime;
++ gchar *method;
+
+ g_assert (GCK_IS_SESSION (session));
+
+@@ -430,21 +422,39 @@ do_get_password (GckSession *session, const gchar *keyid, const gchar *errmsg,
+ }
+
+ if (password != NULL && keyid != NULL) {
++ settings = gkd_gpg_agent_settings ();
+
+ /* Load up the save options */
+ chosen = gcr_prompt_get_choice_chosen (prompt);
+
+- if (chosen)
++ if (chosen) {
++ g_settings_set_string (settings, "gpg-cache-method", GCR_UNLOCK_OPTION_ALWAYS);
+ gck_builder_add_string (&builder, CKA_G_COLLECTION, "login");
+- else
++
++ } else {
++ method = g_settings_get_string (settings, "gpg-cache-method");
++ lifetime = g_settings_get_int (settings, "gpg-cache-ttl");
++
++ if (g_strcmp0 (method, GCR_UNLOCK_OPTION_IDLE) == 0) {
++ gck_builder_add_boolean (&builder, CKA_GNOME_TRANSIENT, TRUE);
++ gck_builder_add_ulong (&builder, CKA_G_DESTRUCT_IDLE, lifetime);
++
++ } else if (g_strcmp0 (method, GCR_UNLOCK_OPTION_TIMEOUT) == 0) {
++ gck_builder_add_boolean (&builder, CKA_GNOME_TRANSIENT, TRUE);
++ gck_builder_add_ulong (&builder, CKA_G_DESTRUCT_AFTER, lifetime);
++
++ } else if (g_strcmp0 (method, GCR_UNLOCK_OPTION_SESSION)){
++ g_message ("Unsupported gpg-cache-method setting: %s", method);
++ }
++
+ gck_builder_add_string (&builder, CKA_G_COLLECTION, "session");
++ g_free (method);
++ }
+
+ /* Now actually save the password */
+ attrs = gck_attributes_ref_sink (gck_builder_end (&builder));
+ do_save_password (session, keyid, description, password, attrs);
+ gck_attributes_unref (attrs);
+-
+- save_unlock_options (prompt);
+ }
+
+ g_clear_object (&prompt);
+--
+1.7.10.4
+
Added: desktop/unstable/gnome-keyring/debian/patches/0003-secret-store-Mark-a-secret-item-as-used-when-accesse.patch
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/unstable/gnome-keyring/debian/patches/0003-secret-store-Mark-a-secret-item-as-used-when-accesse.patch?rev=35617&op=file
==============================================================================
--- desktop/unstable/gnome-keyring/debian/patches/0003-secret-store-Mark-a-secret-item-as-used-when-accesse.patch (added)
+++ desktop/unstable/gnome-keyring/debian/patches/0003-secret-store-Mark-a-secret-item-as-used-when-accesse.patch [utf-8] Sun Aug 19 12:51:24 2012
@@ -1,0 +1,27 @@
+From 5dff623470b859e332dbe12afb0dc57b292832d2 Mon Sep 17 00:00:00 2001
+From: Stef Walter <stefw at gnome.org>
+Date: Wed, 8 Aug 2012 15:08:22 +0200
+Subject: [PATCH 3/3] secret-store: Mark a secret item as 'used' when accessed
+
+ * This makes the gpg-agent idle feature work correctly
+
+https://bugzilla.gnome.org/show_bug.cgi?id=681081
+---
+ pkcs11/secret-store/gkm-secret-item.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/pkcs11/secret-store/gkm-secret-item.c b/pkcs11/secret-store/gkm-secret-item.c
+index d03c4a8..15791a9 100644
+--- a/pkcs11/secret-store/gkm-secret-item.c
++++ b/pkcs11/secret-store/gkm-secret-item.c
+@@ -224,6 +224,7 @@ gkm_secret_item_real_get_attribute (GkmObject *base, GkmSession *session, CK_ATT
+ identifier = gkm_secret_object_get_identifier (GKM_SECRET_OBJECT (self));
+ secret = gkm_secret_data_get_raw (sdata, identifier, &n_secret);
+ rv = gkm_attribute_set_data (attr, secret, n_secret);
++ gkm_object_mark_used (base);
+ g_object_unref (sdata);
+ return rv;
+
+--
+1.7.10.4
+
Modified: desktop/unstable/gnome-keyring/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/unstable/gnome-keyring/debian/patches/series?rev=35617&op=diff
==============================================================================
--- desktop/unstable/gnome-keyring/debian/patches/series [utf-8] (original)
+++ desktop/unstable/gnome-keyring/debian/patches/series [utf-8] Sun Aug 19 12:51:24 2012
@@ -1,1 +1,4 @@
03_kfreebsd.patch
+0001-schema-Update-description-for-gpg-cache-method.patch
+0002-gpg-agent-Hook-up-the-TTL-cache-option.patch
+0003-secret-store-Mark-a-secret-item-as-used-when-accesse.patch
More information about the pkg-gnome-commits
mailing list