From mjl@caida.org  Sat Aug 24 00:31:28 2013
Return-Path: <mjl@caida.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
	(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by hub.freebsd.org (Postfix) with ESMTP id C9BCA821
	for <FreeBSD-gnats-submit@freebsd.org>; Sat, 24 Aug 2013 00:31:28 +0000 (UTC)
	(envelope-from mjl@caida.org)
Received: from caida.org (rommie.caida.org [192.172.226.78])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.freebsd.org (Postfix) with ESMTPS id B007F2EEA
	for <FreeBSD-gnats-submit@freebsd.org>; Sat, 24 Aug 2013 00:31:28 +0000 (UTC)
Received: from sorcerer.caida.org (sorcerer.caida.org [192.172.226.95])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by caida.org (Postfix) with ESMTP id 3A637BA6F
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 23 Aug 2013 17:11:17 -0700 (PDT)
Received: from mjl by sorcerer.caida.org with local (Exim 4.80.1 (FreeBSD))
	(envelope-from <mjl@caida.org>)
	id 1VD1Rl-000Our-3s
	for FreeBSD-gnats-submit@freebsd.org; Fri, 23 Aug 2013 17:11:17 -0700
Message-Id: <E1VD1Rl-000Our-3s@sorcerer.caida.org>
Date: Fri, 23 Aug 2013 17:11:17 -0700
From: Matthew Luckie <mjl@luckie.org.nz>
Sender: Matthew Luckie <mjl@caida.org>
Reply-To: Matthew Luckie <mjl@luckie.org.nz>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: [patch] security/gnupg add option for setuid install
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         181495
>Category:       ports
>Synopsis:       [patch] security/gnupg add option for setuid install
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    kuriyama
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sat Aug 24 00:40:00 UTC 2013
>Closed-Date:    Sat Oct 05 09:36:12 UTC 2013
>Last-Modified:  Sat Oct  5 09:40:00 UTC 2013
>Originator:     Matthew Luckie
>Release:        FreeBSD 9.1-RELEASE-p4 i386
>Organization:
>Environment:
System: FreeBSD sorcerer.caida.org 9.1-RELEASE-p4 FreeBSD 9.1-RELEASE-p4 #0: Mon Jun 17 11:38:17 UTC 2013 root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386


	
>Description:
The Makefile for gnupg allows the binary to be installed setuid root if
built with
make WITH_SUID_GPG=yes install
However, the option must be set every time gnupg is built.

>How-To-Repeat:
Build gnupg while forgetting the option.
>Fix:
The attached patch adds a dialog option to the port, so that the port can
remember what my preference is.

--- patch-gnupg begins here ---
diff -uNr gnupg.orig/Makefile gnupg/Makefile
--- gnupg.orig/Makefile	2013-08-19 06:29:42.000000000 -0700
+++ gnupg/Makefile	2013-08-23 17:06:01.000000000 -0700
@@ -29,7 +29,7 @@
 USE_LDCONFIG=	YES
 CONFIGURE_ARGS+=	--enable-symcryptrun
 
-OPTIONS_DEFINE=		PINENTRY LDAP SCDAEMON CURL GPGSM KDNS STD_SOCKET NLS
+OPTIONS_DEFINE=		PINENTRY LDAP SCDAEMON CURL GPGSM KDNS STD_SOCKET NLS SETUID
 PINENTRY_DESC=		Use pinentry
 LDAP_DESC=		LDAP keyserver interface
 SCDAEMON_DESC=		Enable Smartcard daemon (with libusb)
@@ -37,6 +37,7 @@
 GPGSM_DESC=		Enable GPGSM (requires LDAP)
 KDNS_DESC=		Use DNS CERT helper
 STD_SOCKET_DESC=	Use standard socket for agent
+SETUID_DESC=		Install gpg setuid root
 OPTIONS_DEFAULT=	CURL
 NO_OPTIONS_SORT=	YES
 
@@ -121,7 +122,7 @@
 
 post-install:
 	PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL
-.if defined(WITH_SUID_GPG)
+.if ${PORT_OPTIONS:MSETUID}
 	${CHMOD} u+s ${PREFIX}/bin/gpg2
 .endif
 	@${CAT} ${PKGMESSAGE}
--- patch-gnupg ends here ---


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->kuriyama 
Responsible-Changed-By: edwin 
Responsible-Changed-When: Sat Aug 24 00:40:09 UTC 2013 
Responsible-Changed-Why:  
Over to maintainer (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=181495 
State-Changed-From-To: open->closed 
State-Changed-By: kuriyama 
State-Changed-When: Sat Oct 5 09:35:59 UTC 2013 
State-Changed-Why:  
Committed, thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=181495 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/181495: commit references a PR
Date: Sat,  5 Oct 2013 09:34:20 +0000 (UTC)

 Author: kuriyama
 Date: Sat Oct  5 09:34:12 2013
 New Revision: 329429
 URL: http://svnweb.freebsd.org/changeset/ports/329429
 
 Log:
   - Upgrade 2.0.22 (security, VuXML entry will follow).
   - Pet portlint about pkg-plist.
   - Use $STAGEDIR.
   - Turn setuid knob to OptionsNG [1]
   
   PR:		ports/181495 [1]
   Submitted by:	Matthew Luckie <mjl@luckie.org.nz> [1]
 
 Modified:
   head/security/gnupg/Makefile
   head/security/gnupg/distinfo
   head/security/gnupg/pkg-plist
 
 Modified: head/security/gnupg/Makefile
 ==============================================================================
 --- head/security/gnupg/Makefile	Sat Oct  5 08:41:19 2013	(r329428)
 +++ head/security/gnupg/Makefile	Sat Oct  5 09:34:12 2013	(r329429)
 @@ -1,7 +1,7 @@
  # $FreeBSD$
  
  PORTNAME=	gnupg
 -PORTVERSION=	2.0.21
 +PORTVERSION=	2.0.22
  CATEGORIES=	security
  MASTER_SITES=	${MASTER_SITE_GNUPG}
  MASTER_SITE_SUBDIR=	gnupg
 @@ -29,7 +29,7 @@ USES=		iconv
  USE_LDCONFIG=	YES
  CONFIGURE_ARGS+=	--enable-symcryptrun
  
 -OPTIONS_DEFINE=		PINENTRY LDAP SCDAEMON CURL GPGSM KDNS STD_SOCKET NLS
 +OPTIONS_DEFINE=		PINENTRY LDAP SCDAEMON CURL GPGSM KDNS STD_SOCKET NLS DOCS SUID_GPG
  PINENTRY_DESC=		Use pinentry
  LDAP_DESC=		LDAP keyserver interface
  SCDAEMON_DESC=		Enable Smartcard daemon (with libusb)
 @@ -37,20 +37,14 @@ CURL_DESC=		Use the real curl library (w
  GPGSM_DESC=		Enable GPGSM (requires LDAP)
  KDNS_DESC=		Use DNS CERT helper
  STD_SOCKET_DESC=	Use standard socket for agent
 +SUID_GPG_DESC=		Install GPG with suid
  OPTIONS_DEFAULT=	CURL
  NO_OPTIONS_SORT=	YES
  
 -NO_STAGE=	yes
  .include <bsd.port.options.mk>
  
  .if ! ${PORT_OPTIONS:MDOCS}
  CONFIGURE_ARGS+=	--disable-doc
 -.else
 -MAN1=		gpg2.1 gpgsm.1 gpgv2.1 gpg-agent.1 scdaemon.1 watchgnupg.1 \
 -		gpgconf.1 gpg-preset-passphrase.1 gpg-connect-agent.1 \
 -		gpgparsemail.1 symcryptrun.1 gpgsm-gencert.sh.1
 -MAN8=		addgnupghome.8 applygnupgdefaults.8
 -INFO=		gnupg
  .endif
  
  .if ${PORT_OPTIONS:MPINENTRY}
 @@ -122,8 +116,8 @@ post-patch:
  
  post-install:
  	PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL
 -.if defined(WITH_SUID_GPG)
 -	${CHMOD} u+s ${PREFIX}/bin/gpg2
 +.if ${PORT_OPTIONS:MSUID_GPG}
 +	${CHMOD} u+s ${STAGEDIR}${PREFIX}/bin/gpg2
  .endif
  	@${CAT} ${PKGMESSAGE}
  
 
 Modified: head/security/gnupg/distinfo
 ==============================================================================
 --- head/security/gnupg/distinfo	Sat Oct  5 08:41:19 2013	(r329428)
 +++ head/security/gnupg/distinfo	Sat Oct  5 09:34:12 2013	(r329429)
 @@ -1,4 +1,4 @@
 -SHA256 (gnupg-2.0.21.tar.bz2) = 00df8902c7cef4d2440d36ca2a45985853eb36c34a4163bc995c3578030eeef5
 -SIZE (gnupg-2.0.21.tar.bz2) = 4300604
 -SHA256 (gnupg-2.0.21.tar.bz2.sig) = 826c9ea2187864ae9638decf2a736d8221f003dcf3ff70f45b8ad8635c6c4589
 -SIZE (gnupg-2.0.21.tar.bz2.sig) = 287
 +SHA256 (gnupg-2.0.22.tar.bz2) = 437d0ab259854359fc48aa8795af80cff4975e559c111c92c03d0bc91408e251
 +SIZE (gnupg-2.0.22.tar.bz2) = 4277117
 +SHA256 (gnupg-2.0.22.tar.bz2.sig) = 6ebe9faabf96ed89e91f0c4e12ea12e1269d88a5c20db4282a9d35add1f3255a
 +SIZE (gnupg-2.0.22.tar.bz2.sig) = 287
 
 Modified: head/security/gnupg/pkg-plist
 ==============================================================================
 --- head/security/gnupg/pkg-plist	Sat Oct  5 08:41:19 2013	(r329428)
 +++ head/security/gnupg/pkg-plist	Sat Oct  5 09:34:12 2013	(r329429)
 @@ -34,37 +34,37 @@ sbin/applygnupgdefaults
  %%PORTDOCS%%%%DOCSDIR%%/examples/pwpattern.list
  %%PORTDOCS%%%%DOCSDIR%%/examples/scd-event
  %%PORTDOCS%%%%DOCSDIR%%/examples/trustlist.txt
 -%%PORTDOCS%%%%DATADIR%%/com-certs.pem
 +%%PORTDATA%%%%DATADIR%%/com-certs.pem
  %%DATADIR%%/gpg-conf.skel
 -%%PORTDOCS%%%%DATADIR%%/help.be.txt
 -%%PORTDOCS%%%%DATADIR%%/help.ca.txt
 -%%PORTDOCS%%%%DATADIR%%/help.cs.txt
 -%%PORTDOCS%%%%DATADIR%%/help.da.txt
 -%%PORTDOCS%%%%DATADIR%%/help.de.txt
 -%%PORTDOCS%%%%DATADIR%%/help.el.txt
 -%%PORTDOCS%%%%DATADIR%%/help.eo.txt
 -%%PORTDOCS%%%%DATADIR%%/help.es.txt
 -%%PORTDOCS%%%%DATADIR%%/help.et.txt
 -%%PORTDOCS%%%%DATADIR%%/help.fi.txt
 -%%PORTDOCS%%%%DATADIR%%/help.fr.txt
 -%%PORTDOCS%%%%DATADIR%%/help.gl.txt
 -%%PORTDOCS%%%%DATADIR%%/help.hu.txt
 -%%PORTDOCS%%%%DATADIR%%/help.id.txt
 -%%PORTDOCS%%%%DATADIR%%/help.it.txt
 -%%PORTDOCS%%%%DATADIR%%/help.ja.txt
 -%%PORTDOCS%%%%DATADIR%%/help.nb.txt
 -%%PORTDOCS%%%%DATADIR%%/help.pl.txt
 -%%PORTDOCS%%%%DATADIR%%/help.pt.txt
 -%%PORTDOCS%%%%DATADIR%%/help.pt_BR.txt
 -%%PORTDOCS%%%%DATADIR%%/help.ro.txt
 -%%PORTDOCS%%%%DATADIR%%/help.ru.txt
 -%%PORTDOCS%%%%DATADIR%%/help.sk.txt
 -%%PORTDOCS%%%%DATADIR%%/help.sv.txt
 -%%PORTDOCS%%%%DATADIR%%/help.tr.txt
 -%%PORTDOCS%%%%DATADIR%%/help.txt
 -%%PORTDOCS%%%%DATADIR%%/help.zh_CN.txt
 -%%PORTDOCS%%%%DATADIR%%/help.zh_TW.txt
 -%%PORTDOCS%%%%DATADIR%%/qualified.txt
 +%%PORTDATA%%%%DATADIR%%/help.be.txt
 +%%PORTDATA%%%%DATADIR%%/help.ca.txt
 +%%PORTDATA%%%%DATADIR%%/help.cs.txt
 +%%PORTDATA%%%%DATADIR%%/help.da.txt
 +%%PORTDATA%%%%DATADIR%%/help.de.txt
 +%%PORTDATA%%%%DATADIR%%/help.el.txt
 +%%PORTDATA%%%%DATADIR%%/help.eo.txt
 +%%PORTDATA%%%%DATADIR%%/help.es.txt
 +%%PORTDATA%%%%DATADIR%%/help.et.txt
 +%%PORTDATA%%%%DATADIR%%/help.fi.txt
 +%%PORTDATA%%%%DATADIR%%/help.fr.txt
 +%%PORTDATA%%%%DATADIR%%/help.gl.txt
 +%%PORTDATA%%%%DATADIR%%/help.hu.txt
 +%%PORTDATA%%%%DATADIR%%/help.id.txt
 +%%PORTDATA%%%%DATADIR%%/help.it.txt
 +%%PORTDATA%%%%DATADIR%%/help.ja.txt
 +%%PORTDATA%%%%DATADIR%%/help.nb.txt
 +%%PORTDATA%%%%DATADIR%%/help.pl.txt
 +%%PORTDATA%%%%DATADIR%%/help.pt.txt
 +%%PORTDATA%%%%DATADIR%%/help.pt_BR.txt
 +%%PORTDATA%%%%DATADIR%%/help.ro.txt
 +%%PORTDATA%%%%DATADIR%%/help.ru.txt
 +%%PORTDATA%%%%DATADIR%%/help.sk.txt
 +%%PORTDATA%%%%DATADIR%%/help.sv.txt
 +%%PORTDATA%%%%DATADIR%%/help.tr.txt
 +%%PORTDATA%%%%DATADIR%%/help.txt
 +%%PORTDATA%%%%DATADIR%%/help.zh_CN.txt
 +%%PORTDATA%%%%DATADIR%%/help.zh_TW.txt
 +%%PORTDATA%%%%DATADIR%%/qualified.txt
  %%NLS%%share/locale/be/LC_MESSAGES/gnupg2.mo
  %%NLS%%share/locale/ca/LC_MESSAGES/gnupg2.mo
  %%NLS%%share/locale/cs/LC_MESSAGES/gnupg2.mo
 _______________________________________________
 svn-ports-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-ports-all
 To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
 
>Unformatted:
