debian/0000755000000000000000000000000013431266750007175 5ustar debian/README.Debian0000644000000000000000000000246712233274005011236 0ustar gnome-keyring for Debian ======================== Password caching ---------------- GNOME keyring caches the passwords in memory, and when asked to, it will store them on disk (in .gnome2/keyrings). They are encrypted with the AES128 cipher, using a master password as key. Login keyring ------------- If you use GDM, and libpam-gnome-keyring is installed, the GNOME keyring daemon is spawned directly at the time of authentication, and the keyring named "login" is unlocked. This keyring uses the authentication token as a master password. Otherwise, it is launched by the session manager, and you will be asked for a password for the "Default" keyring. If you change your authentication password (using passwd or gnome-about-me for example), the password for the login keyrign should be updated automatically. SSH and GPG agents ------------------ The GNOME keyring includes the functionality of the SSH and GPG agents, and it can break some setups, especially if ssh-agent and/or gpg-agent is started by hand. You can disable a specific component by removing the gnome-keyring-gpg and gnome-keyring-ssh elements from the startup applications. The interface depends on your session manager; for GNOME you can use gnome-session-properties. You can also simply edit /etc/xdg/autostart/gnome-keyring-*.desktop. debian/gnome-keyring.conf0000644000000000000000000000061512460506126012614 0ustar description "GNOME Keyring agents (pkcs11 & secrets)" author "Dimitri John Ledkov " start on starting xsession-init and started dbus task script eval "$(gnome-keyring-daemon --start --components pkcs11,secrets)" >/dev/null initctl set-env --global GNOME_KEYRING_CONTROL=$GNOME_KEYRING_CONTROL initctl set-env --global GNOME_KEYRING_PID=$GNOME_KEYRING_PID end script debian/rules0000755000000000000000000000163312253445727010264 0ustar #!/usr/bin/make -f include /usr/share/cdbs/1/rules/debhelper.mk include /usr/share/cdbs/1/class/gnome.mk include /usr/share/cdbs/1/rules/utils.mk include /usr/share/cdbs/1/rules/autoreconf.mk include /usr/share/gnome-pkg-tools/1/rules/uploaders.mk include /usr/share/gnome-pkg-tools/1/rules/gnome-get-source.mk export DEB_LDFLAGS_MAINT_APPEND := -Wl,-O1 -Wl,-z,defs -Wl,--as-needed include /usr/share/dpkg/buildflags.mk # Comment to workaround hanging buildds #DEB_MAKE_CHECK_TARGET := -k check || true DEB_CONFIGURE_EXTRA_FLAGS += --with-pam-dir=/lib/$(DEB_HOST_MULTIARCH)/security \ --enable-gtk-doc \ --disable-update-mime DEB_DH_MAKESHLIBS_ARGS_gnome-keyring := --no-act common-binary-post-install-arch:: list-missing install/gnome-keyring:: install -m0755 -D debian/gnome-keyring.ubiquity debian/gnome-keyring/usr/lib/ubiquity/target-config/50gkd-caps debian/libpam-gnome-keyring.postinst0000644000000000000000000000007212233274005015005 0ustar #! /bin/sh set -e pam-auth-update --package #DEBHELPER# debian/gnome-keyring.install0000644000000000000000000000034012752216475013341 0ustar usr/bin usr/share/locale usr/share/man usr/share/dbus-1/services usr/share/glib-2.0/schemas usr/share/GConf/gsettings usr/lib/gnome-keyring/devel/*.so etc/xdg/autostart debian/gnome-keyring*.conf usr/share/upstart/sessions/ debian/control0000644000000000000000000000730113431267400010572 0ustar # This file is autogenerated. DO NOT EDIT! # # Modifications should be made to debian/control.in instead. # This file is regenerated automatically in the clean target. Source: gnome-keyring Section: gnome Priority: optional Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Josselin Mouette Uploaders: Debian GNOME Maintainers , Jeremy Bicha , Michael Biebl , Sjoerd Simons Build-Depends: debhelper (>= 9), cdbs, dh-autoreconf, ca-certificates, docbook-xml, gnome-pkg-tools (>= 0.10), gtk-doc-tools (>= 1.9), intltool (>= 0.35.0), libcap-ng-dev [linux-any], libdbus-1-dev (>= 1.1.1), libgck-1-dev (>= 3.3.4), libgcr-3-dev (>= 3.5.3), libgcrypt11-dev (>= 1.2.2), libglib2.0-dev (>= 2.32.0), libp11-kit-dev (>= 0.15.1), libpam0g-dev, libselinux1-dev [linux-any], libtasn1-3-dev (>= 0.3.4), libtasn1-3-bin, libglib2.0-doc Standards-Version: 3.9.4 Vcs-Browser: http://anonscm.debian.org/viewvc/pkg-gnome/desktop/unstable/gnome-keyring/ Vcs-Svn: svn://anonscm.debian.org/pkg-gnome/desktop/unstable/gnome-keyring/ Homepage: https://wiki.gnome.org/GnomeKeyring Package: gnome-keyring Architecture: any Multi-Arch: foreign Pre-Depends: ${misc:Pre-Depends}, multiarch-support Depends: ${misc:Depends}, ${shlibs:Depends}, gcr (>= 3.4), dbus-x11, p11-kit (>= 0.16), libcap2-bin [linux-any] Recommends: libpam-gnome-keyring, libp11-kit-gnome-keyring Breaks: libgnome-keyring0 (<< 3.0), seahorse-plugins (<< 3.0) Description: GNOME keyring services (daemon and tools) gnome-keyring is a daemon in the session, similar to ssh-agent, and other applications can use it to store passwords and other sensitive information. . The program can manage several keyrings, each with its own master password, and there is also a session keyring which is never stored to disk, but forgotten when the session ends. Package: libp11-kit-gnome-keyring Section: libs Architecture: any Multi-Arch: same Pre-Depends: ${misc:Pre-Depends}, multiarch-support Depends: ${misc:Depends}, ${shlibs:Depends} Breaks: gnome-keyring (<< 3.6.2-0ubuntu2~) Replaces: gnome-keyring (<< 3.6.2-0ubuntu2~) Description: GNOME keyring module for the PKCS#11 module loading library gnome-keyring is a daemon in the session, similar to ssh-agent, and other applications can use it to store passwords and other sensitive information. . This package contains a PKCS#11 module that will allow using the GNOME keyring as a certificate database. Package: libpam-gnome-keyring Section: admin Architecture: any Multi-Arch: same Pre-Depends: ${misc:Pre-Depends}, multiarch-support Depends: ${misc:Depends}, ${shlibs:Depends}, libpam-runtime (>= 1.0.1-6) Recommends: gnome-keyring Description: PAM module to unlock the GNOME keyring upon login gnome-keyring is a daemon in the session, similar to ssh-agent, and other applications can use it to store passwords and other sensitive information. . This package contains a PAM module that will automatically unlock the keyrings using your login password, making gnome-keyring usage transparent without losing its security benefits. . When installed, this module will automatically be used by GDM and gnome-screensaver to unlock your keyrings when logging in and when unlocking the screen saver. debian/watch0000644000000000000000000000016712233274005010221 0ustar version=3 http://ftp.gnome.org/pub/GNOME/sources/gnome-keyring/([\d\.]+[02468])/ \ gnome-keyring-(.*)\.tar\.xz debian/gnome-keyring.maintscript0000644000000000000000000000012212236365524014223 0ustar rm_conffile /etc/pkcs11/modules/gnome-keyring-module 3.6.0-0ubuntu1 gnome-keyring debian/pam-configs/0000755000000000000000000000000012233277767011411 5ustar debian/pam-configs/gnome-keyring0000644000000000000000000000023012233274005014060 0ustar Name: GNOME Keyring Daemon - Login keyring management Default: yes Priority: 0 Password-Type: Additional Password-Final: optional pam_gnome_keyring.so debian/patches/0000755000000000000000000000000013431266731010623 5ustar debian/patches/CVE-2018-20781.patch0000644000000000000000000000303613431266731013332 0ustar From 9db67ef6e39ac51d426dee91da3b9305670241e6 Mon Sep 17 00:00:00 2001 From: Nicolas Iooss Date: Tue, 18 Apr 2017 23:10:58 +0200 Subject: [PATCH] pam: Destroy the password in pam_sm_open_session gnome-keyring PAM module saves the password of the user in a blob associated with a PAM handle, using pam_set_data (ph, "gkr_system_authtok"...) in stash_password_for_session. This data is kept in the process memory once the PAM session is opened, which allows root user to read it, for example using gcore. This password leakage has recently been instrumented with tools such as mimipenguin (https://github.com/huntergregal/mimipenguin and https://github.com/n1nj4sec/mimipy). Fix this leak by destroying the data blob which hold the password once it has been used in pam_sm_open_session. https://bugzilla.gnome.org/show_bug.cgi?id=781486 --- pam/gkr-pam-module.c | 6 ++++++ 1 file changed, 6 insertions(+) Index: gnome-keyring-3.10.1/pam/gkr-pam-module.c =================================================================== --- gnome-keyring-3.10.1.orig/pam/gkr-pam-module.c 2019-02-14 08:29:20.568921704 -0500 +++ gnome-keyring-3.10.1/pam/gkr-pam-module.c 2019-02-14 08:32:05.292871224 -0500 @@ -953,6 +953,12 @@ pam_sm_open_session (pam_handle_t *ph, i } } + /* Destroy the stored authtok once it has been used */ + if (password && pam_set_data (ph, "gkr_system_authtok", NULL, NULL) != PAM_SUCCESS) { + syslog (GKR_LOG_ERR, "gkr-pam: error destroying the password"); + return PAM_SERVICE_ERR; + } + return PAM_SUCCESS; } debian/patches/series0000644000000000000000000000014113431266457012041 0ustar 03_kfreebsd.patch 04_nodisplay_autostart.patch bgz_exit_on_bus_close.patch CVE-2018-20781.patch debian/patches/bgz_exit_on_bus_close.patch0000644000000000000000000000130112240453361016176 0ustar From c12b2b2d1c56d12e4c8c2fa5398866f1321b8cc5 Mon Sep 17 00:00:00 2001 From: Ryan Lortie Date: Tue, 12 Nov 2013 11:16:37 -0500 Subject: [PATCH] daemon: exit on D-Bus disconnection https://bugzilla.gnome.org/show_bug.cgi?id=708765 --- daemon/dbus/gkd-dbus.c | 1 - 1 file changed, 1 deletion(-) diff --git a/daemon/dbus/gkd-dbus.c b/daemon/dbus/gkd-dbus.c index 92daafb..58c8e01 100644 --- a/daemon/dbus/gkd-dbus.c +++ b/daemon/dbus/gkd-dbus.c @@ -74,7 +74,6 @@ connect_to_session_bus (void) } egg_dbus_connect_with_mainloop (dbus_conn, NULL); - dbus_connection_set_exit_on_disconnect (dbus_conn, FALSE); egg_cleanup_register (cleanup_session_bus, NULL); return TRUE; } -- debian/patches/04_nodisplay_autostart.patch0000644000000000000000000000223512460506106016253 0ustar Description: Clean up Startup Applications dialog by hiding default apps Author: Michael Terry Bug-Ubuntu: https://launchpad.net/bugs/803917 Forwarded: not-needed Index: gnome-keyring-3.8.2/daemon/gnome-keyring-pkcs11.desktop.in.in =================================================================== --- gnome-keyring-3.8.2.orig/daemon/gnome-keyring-pkcs11.desktop.in.in 2013-05-21 20:55:07.905247757 +0200 +++ gnome-keyring-3.8.2/daemon/gnome-keyring-pkcs11.desktop.in.in 2013-05-21 20:55:07.901247757 +0200 @@ -11,3 +11,4 @@ X-GNOME-Bugzilla-Product=gnome-keyring X-GNOME-Bugzilla-Component=general X-GNOME-Bugzilla-Version=@VERSION@ +NoDisplay=true Index: gnome-keyring-3.8.2/daemon/gnome-keyring-secrets.desktop.in.in =================================================================== --- gnome-keyring-3.8.2.orig/daemon/gnome-keyring-secrets.desktop.in.in 2013-05-21 20:55:07.905247757 +0200 +++ gnome-keyring-3.8.2/daemon/gnome-keyring-secrets.desktop.in.in 2013-05-21 20:55:07.901247757 +0200 @@ -11,3 +11,4 @@ X-GNOME-Bugzilla-Product=gnome-keyring X-GNOME-Bugzilla-Component=general X-GNOME-Bugzilla-Version=@VERSION@ +NoDisplay=true debian/patches/03_kfreebsd.patch0000644000000000000000000000373612236366007013743 0ustar Index: gnome-keyring-3.8.2/egg/egg-unix-credentials.c =================================================================== --- gnome-keyring-3.8.2.orig/egg/egg-unix-credentials.c 2013-06-15 22:42:24.555453525 +0200 +++ gnome-keyring-3.8.2/egg/egg-unix-credentials.c 2013-06-15 22:42:24.551453474 +0200 @@ -48,6 +48,10 @@ #include #endif +#if defined(__FreeBSD_kernel__) +#include +#endif + int egg_unix_credentials_read (int sock, pid_t *pid, uid_t *uid) { @@ -56,7 +60,7 @@ char buf; int ret; -#if defined(HAVE_CMSGCRED) || defined(LOCAL_CREDS) +#if (defined(HAVE_CMSGCRED) || defined(LOCAL_CREDS)) && !defined(__FreeBSD_kernel__) /* Prefer CMSGCRED over LOCAL_CREDS because the former provides the * remote PID. */ #if defined(HAVE_CMSGCRED) @@ -84,7 +88,7 @@ msg.msg_iov = &iov; msg.msg_iovlen = 1; -#if defined(HAVE_CMSGCRED) || defined(LOCAL_CREDS) +#if (defined(HAVE_CMSGCRED) || defined(LOCAL_CREDS)) && !defined(__FreeBSD_kernel__) memset (&cmsg, 0, sizeof (cmsg)); msg.msg_control = (caddr_t) &cmsg; msg.msg_controllen = CMSG_SPACE(sizeof *cred); @@ -108,7 +112,7 @@ return -1; } -#if defined(HAVE_CMSGCRED) || defined(LOCAL_CREDS) +#if (defined(HAVE_CMSGCRED) || defined(LOCAL_CREDS)) && !defined(__FreeBSD_kernel__) if (cmsg.hdr.cmsg_len < CMSG_LEN (sizeof *cred) || cmsg.hdr.cmsg_type != SCM_CREDS) { fprintf (stderr, "message from recvmsg() was not SCM_CREDS\n"); @@ -132,6 +136,18 @@ } else { fprintf (stderr, "failed to getsockopt() credentials, returned len %d/%d\n", cr_len, (int) sizeof (cr)); + return -1; + } +#elif defined(LOCAL_PEERCRED) /* GNU/kFreeBSD */ + struct xucred cr; + socklen_t cr_len = sizeof(cr); + *pid = 0; + + if (getsockopt (sock, 0, LOCAL_PEERCRED, &cr, &cr_len) == 0) { + *uid = cr.cr_uid; + } else { + fprintf (stderr, "failed to getsockopt() credentials, returned len %d/%d\n", + cr_len, (int) sizeof (cr)); return -1; } #elif defined(HAVE_CMSGCRED) debian/gnome-keyring.postinst0000644000000000000000000000052712233274005013550 0ustar #!/bin/sh set -e PROGRAM=/usr/bin/gnome-keyring-daemon if [ "$1" = configure ]; then if which setcap > /dev/null && [ -e $PROGRAM ]; then if ! setcap CAP_IPC_LOCK=ep $PROGRAM >/dev/null 2>&1; then echo "Setting capabilities for gnome-keyring-daemon using Linux Capabilities failed." fi fi fi #DEBHELPER# debian/compat0000644000000000000000000000000212233274004010361 0ustar 9 debian/copyright0000644000000000000000000001733612233274005011131 0ustar This package was debianized by Ondřej Surý on Tue, 23 Mar 2004 12:21:43 +0100. It was downloaded from http://ftp.gnome.org/pub/GNOME/sources/gnome-keyring/ Upstream Authors: Alexander Larsson Stef Walter Files: common/* daemon/gkr-daemon-util.* daemon/ui/* egg/* gp11/* library/* pam/* pkcs11/* pkcs11/roots-store/gck-roots-standalone.* pkcs11/rpc-layer/* pkcs11/ssh-store/gck-ssh-standalone.* pkcs11/user-store/gck-user-standalone.* tests/* tools/* Copyright: © 2003 Red Hat, Inc © 2007 Nate Nielsen © 2007, 2008 Stefan Walter License: LGPL-2+ (/usr/share/common-licenses/LGPL-2) The Gnome Keyring Library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. The Gnome Keyring Library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with the Gnome Library; see the file COPYING.LIB. If not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. Files: egg/egg-secure-entry.c Copyright: © 1995-1997 Peter Mattis, Spencer Kimball and Josh MacDonald License: LGPL-2+ (/usr/share/common-licenses/LGPL-2) This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. Files: egg/egg-dbus.* egg/egg-unix-credential.* Copyright: © 2002, 2003 CodeFactory AB © 2005 Red Hat, Inc. License: GPL-2+ Files: daemon/ui/gkr-ask-request.* daemon/ui/gkr-ask-tool-widgets.* daemon/ui/gkr-ask-tool.* pkcs11/ssh-agent/* Copyright: © 2003 Red Hat, Inc © 2007 Stefan Walter License: GPL-2+ Gnome keyring is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. Gnome keyring is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. Files: daemon/pkcs11/* egg/egg-hex.* egg/egg-libgcrypt.* egg/egg-symkey.* gcr/* pkcs11/gck/* pkcs11/plex-layer/* pkcs11/roots-store/* pkcs11/ssh-store/* pkcs11/user-store/* Copyright: © 2008 Stefan Walter License: LGPL-2.1+ (/usr/share/common-licenses/LGPL-2.1) This program is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General License for more details. You should have received a copy of the GNU Lesser General Public License along with this program; if not, write to the Free Software write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. Files: pkcs11/pkcs11.h Copyright: © 2006, 2007 g10 Code GmbH © 2006 Andreas Jellinghaus License: This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without modifications, as long as this notice is preserved. This file is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY, to the extent permitted by law; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Files: pkcs11/pkcs11n.h Copyright: © 1994-2000 Netscape Communications Corporation License: MPL-1.1 | GPL-2+ | LGPL-2.1+ (/usr/share/common-licenses/LGPL-2.1) The contents of this file are subject to the Mozilla Public License Version 1.1 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.mozilla.org/MPL/ Software distributed under the License is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for the specific language governing rights and limitations under the License. The Original Code is the Netscape security libraries. The Initial Developer of the Original Code is Netscape Communications Corporation. Portions created by the Initial Developer are Copyright (C) 1994-2000 the Initial Developer. All Rights Reserved. Contributor(s): Dr Stephen Henson Alternatively, the contents of this file may be used under the terms of either the GNU General Public License Version 2 or later (the "GPL"), or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), in which case the provisions of the GPL or the LGPL are applicable instead of those above. If you wish to allow use of your version of this file only under the terms of either the GPL or the LGPL, and not to allow others to use your version of this file under the terms of the MPL, indicate your decision by deleting the provisions above and replace them with the notice and other provisions required by the GPL or the LGPL. If you do not delete the provisions above, a recipient may use your version of this file under the terms of any one of the MPL, the GPL or the LGPL. Files: daemon/* Copyright: © 2003 Red Hat, Inc © 2007 Stefan Walter License: GPL2+ (/usr/share/common-licenses/GPL-2) Gnome keyring is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. Gnome keyring is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. debian/gnome-keyring-gpg.conf0000644000000000000000000000103012460506126013357 0ustar description "GNOME Keyring agents" author "Dimitri John Ledkov " start on (starting xsession-init or starting gpg-agent) and started dbus task script [ -z "$GPG_AGENT_INFO" ] || { stop; exit 0; } if grep -q X-GNOME-Autostart-enabled=false ~/.config/autostart/gnome-keyring-gpg.desktop /etc/xdg/autostart/gnome-keyring-gpg.desktop then stop; exit 0; fi eval "$(gnome-keyring-daemon --start --components gpg)" >/dev/null initctl set-env --global GPG_AGENT_INFO=$GPG_AGENT_INFO end script debian/source/0000755000000000000000000000000012233277767010506 5ustar debian/source/format0000644000000000000000000000001412233274005011672 0ustar 3.0 (quilt) debian/libp11-kit-gnome-keyring.install0000644000000000000000000000005012236365410015201 0ustar usr/lib/*/pkcs11/*.so usr/share/p11-kit debian/gnome-keyring-ssh.conf0000644000000000000000000000103012460506126013377 0ustar description "GNOME Keyring SSH agent" author "Dimitri John Ledkov " start on (starting xsession-init or starting ssh-agent) and started dbus task script [ -z "$SSH_AUTH_SOCK" ] || { stop; exit 0; } if grep -q X-GNOME-Autostart-enabled=false ~/.config/autostart/gnome-keyring-ssh.desktop /etc/xdg/autostart/gnome-keyring-ssh.desktop then stop; exit 0; fi eval "$(gnome-keyring-daemon --start --components ssh)" >/dev/null initctl set-env --global SSH_AUTH_SOCK=$SSH_AUTH_SOCK end script debian/control.in0000644000000000000000000000656512253445727011225 0ustar Source: gnome-keyring Section: gnome Priority: optional Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Josselin Mouette Uploaders: @GNOME_TEAM@ Build-Depends: debhelper (>= 9), cdbs, dh-autoreconf, ca-certificates, docbook-xml, gnome-pkg-tools (>= 0.10), gtk-doc-tools (>= 1.9), intltool (>= 0.35.0), libcap-ng-dev [linux-any], libdbus-1-dev (>= 1.1.1), libgck-1-dev (>= 3.3.4), libgcr-3-dev (>= 3.5.3), libgcrypt11-dev (>= 1.2.2), libglib2.0-dev (>= 2.32.0), libp11-kit-dev (>= 0.15.1), libpam0g-dev, libselinux1-dev [linux-any], libtasn1-3-dev (>= 0.3.4), libtasn1-3-bin, libglib2.0-doc Standards-Version: 3.9.4 Vcs-Browser: http://anonscm.debian.org/viewvc/pkg-gnome/desktop/unstable/gnome-keyring/ Vcs-Svn: svn://anonscm.debian.org/pkg-gnome/desktop/unstable/gnome-keyring/ Homepage: https://wiki.gnome.org/GnomeKeyring Package: gnome-keyring Architecture: any Multi-Arch: foreign Pre-Depends: ${misc:Pre-Depends}, multiarch-support Depends: ${misc:Depends}, ${shlibs:Depends}, gcr (>= 3.4), dbus-x11, p11-kit (>= 0.16), libcap2-bin [linux-any] Recommends: libpam-gnome-keyring, libp11-kit-gnome-keyring Breaks: libgnome-keyring0 (<< 3.0), seahorse-plugins (<< 3.0) Description: GNOME keyring services (daemon and tools) gnome-keyring is a daemon in the session, similar to ssh-agent, and other applications can use it to store passwords and other sensitive information. . The program can manage several keyrings, each with its own master password, and there is also a session keyring which is never stored to disk, but forgotten when the session ends. Package: libp11-kit-gnome-keyring Section: libs Architecture: any Multi-Arch: same Pre-Depends: ${misc:Pre-Depends}, multiarch-support Depends: ${misc:Depends}, ${shlibs:Depends} Breaks: gnome-keyring (<< 3.6.2-0ubuntu2~) Replaces: gnome-keyring (<< 3.6.2-0ubuntu2~) Description: GNOME keyring module for the PKCS#11 module loading library gnome-keyring is a daemon in the session, similar to ssh-agent, and other applications can use it to store passwords and other sensitive information. . This package contains a PKCS#11 module that will allow using the GNOME keyring as a certificate database. Package: libpam-gnome-keyring Section: admin Architecture: any Multi-Arch: same Pre-Depends: ${misc:Pre-Depends}, multiarch-support Depends: ${misc:Depends}, ${shlibs:Depends}, libpam-runtime (>= 1.0.1-6) Recommends: gnome-keyring Description: PAM module to unlock the GNOME keyring upon login gnome-keyring is a daemon in the session, similar to ssh-agent, and other applications can use it to store passwords and other sensitive information. . This package contains a PAM module that will automatically unlock the keyrings using your login password, making gnome-keyring usage transparent without losing its security benefits. . When installed, this module will automatically be used by GDM and gnome-screensaver to unlock your keyrings when logging in and when unlocking the screen saver. debian/libpam-gnome-keyring.prerm0000644000000000000000000000016312233274005014250 0ustar #! /bin/sh set -e if [ "$1" = remove ]; then pam-auth-update --package --remove gnome-keyring fi #DEBHELPER# debian/changelog0000644000000000000000000011243313431266750011053 0ustar gnome-keyring (3.10.1-1ubuntu4.4) trusty-security; urgency=medium * SECURITY UPDATE: credentials exposed in memory (LP: #1772919) - debian/patches/CVE-2018-20781.patch: destroy the password in pam_sm_open_session in pam/gkr-pam-module.c. - CVE-2018-20781 -- Marc Deslauriers Thu, 14 Feb 2019 08:32:24 -0500 gnome-keyring (3.10.1-1ubuntu4.3) trusty; urgency=medium * Use upstream gnome-keyring-daemon man page instead of stub Debian version (LP: #1421955) -- Jeremy Bicha Sat, 06 Aug 2016 22:43:35 -0400 gnome-keyring (3.10.1-1ubuntu4.2) trusty; urgency=medium * Backport changes in user session gnome-keyring jobs up to 3.14.0-1ubuntu2. (LP: #1387303) * Enable gnome-keyring ssh and gpg daemons to appear in "Startup Applications". * Split gnome-keyring user session job into ssh, gpg, and keyring jobs. * Make sure ssh/gpg keyring jobs only start, if not disabled in gui or with usptart override. * This thus allows to use stock ssh/gpg agents as provided by respective upstreams. -- Dimitri John Ledkov Fri, 23 Jan 2015 18:45:16 +0000 gnome-keyring (3.10.1-1ubuntu4.1) trusty; urgency=medium * debian/gnome-keyring.conf: upstart user-session job to re-export gnome-keyring agent's sockets into the desktop environment. (LP: #1271591) -- Dimitri John Ledkov Mon, 13 Oct 2014 10:35:26 +0100 gnome-keyring (3.10.1-1ubuntu4) trusty; urgency=medium * Build with dh-autoreconf for new libtool. -- William Grant Mon, 16 Dec 2013 00:31:27 +0000 gnome-keyring (3.10.1-1ubuntu3) trusty; urgency=low * debian/rules: don't run tests during build, that's a temporary workaround to stop blocking buildds, until we fix the issues with the testsuite non cleaning things behind it... -- Sebastien Bacher Fri, 15 Nov 2013 15:32:11 +0100 gnome-keyring (3.10.1-1ubuntu2) trusty; urgency=low * debian/patches/bgz_exit_on_bus_close.patch: exit when the dbus bus used is closed, should fix buildd hanging waiting for ever on the tests, thanks Ryan Lortie (lp: #1248841) -- Sebastien Bacher Tue, 12 Nov 2013 17:27:46 +0100 gnome-keyring (3.10.1-1ubuntu1) trusty; urgency=low * Resynchronize on Debian (rebuild fixes lp #1241881), remaining changes: * debian/gnome-keyring.ubiquity, debian/rules: - Apply capabilities at the end of the ubiquity process to make sure new installs have gnome-keyring-daemon with cap_ipc_lock+ep. * debian/patches/04_nodisplay_autostart.patch: Clean up Startup Applications dialog by hiding default apps. * debian/control, debian/*.install, debian/rules: - change for multiarch support, install pkcs11 in its own binary -- Sebastien Bacher Wed, 06 Nov 2013 08:05:13 +0100 gnome-keyring (3.10.1-1) experimental; urgency=low [ Jeremy Bicha ] * Update homepage [ Laurent Bigonville ] * debian/rules: Use DEB_LDFLAGS_MAINT_APPEND instead of LDFLAGS to not override hardening flags * debian/control.in: Use canonical URL for Vcs-Svn field [ Sjoerd Simons ] * New upstream release -- Sjoerd Simons Sun, 27 Oct 2013 22:04:34 +0100 gnome-keyring (3.8.2-2) unstable; urgency=low [ Jeremy Bicha ] * gnome-keyring.install: - p11-kit now stores modules in /usr/share/p11-kit instead of /etc/pkcs11 [ Michael Biebl ] * Remove obsolete /etc/pkcs11/modules/gnome-keyring-module and /etc/pkcs11/modules/gnome-keyring.module conffiles on upgrades. * Bump Build-Depends on libp11-kit-dev to (>= 0.15.1) to ensure we get the new modules path from p11-kit-1.pc. -- Michael Biebl Sun, 16 Jun 2013 19:11:14 +0200 gnome-keyring (3.8.2-1) unstable; urgency=low [ Emilio Pozuelo Monfort ] * debian/control.in: + Make gnome-keyring depend on p11-kit, required to read the CA database. [ Michael Biebl ] * New upstream release. * Upload to unstable. * Refresh patches. * Drop obsolete Conflicts/Replaces/Provides: libpam-keyring. * Bump Standards-Version to 3.9.4. No further changes. * Add Build-Depends on autotools-dev as lintian was complaining about outdated config.{guess,sub}. -- Michael Biebl Sat, 15 Jun 2013 22:59:16 +0200 gnome-keyring (3.8.0-1) experimental; urgency=low * New upstream release. -- Thomas Bechtold Mon, 25 Mar 2013 23:11:12 +0100 gnome-keyring (3.7.91-1) experimental; urgency=low * New upstream release * Bumped build-dependency on libdbus-1-dev to >= 1.1.1 * Dropped build-dependency on libgtk-3-dev * Dropped debian/patches/dont-reverse-searchitems.patch - from upstream and now shipped in released version. -- Andreas Henriksson Sun, 17 Mar 2013 03:06:20 +0100 gnome-keyring (3.6.2-1) experimental; urgency=low * New upstream release * debian/patches/dont-reverse-searchitems.patch + Added. Make sure the last updated secret is returned first. -- Sjoerd Simons Fri, 15 Feb 2013 21:35:04 +0100 gnome-keyring (3.6.1-1) experimental; urgency=low [ Simon McVittie ] * New upstream release - update build-dependencies - drop patches that are in the upstream version - deal with renamed PKCS#11 integration conffile with a mv_conffile maintscript helper (LP: #1038577) [ Sjoerd Simons ] * Upload to Debian (Closes: #690965) -- Sjoerd Simons Sat, 20 Oct 2012 18:15:10 +0200 gnome-keyring (3.4.1-5) unstable; urgency=low * d/p/0001-schema-Update-description-for-gpg-cache-method.patch, d/p/0002-gpg-agent-Hook-up-the-TTL-cache-option.patch, d/p/0003-secret-store-Mark-a-secret-item-as-used-when-accesse.patch: Properly expire caching of the GPG passphrases (Taken from upstream) (Closes: #683655, CVE-2012-3466) -- Laurent Bigonville Sun, 19 Aug 2012 22:01:53 +0200 gnome-keyring (3.4.1-4) unstable; urgency=low * Add Depends on gcr (>= 3.4) for the SystemPrompter service which is required by the ssh component. Closes: #673845 -- Michael Biebl Thu, 24 May 2012 00:38:38 +0200 gnome-keyring (3.4.1-3) unstable; urgency=low * Upload to unstable. -- Jordi Mallach Sat, 19 May 2012 01:57:39 +0200 gnome-keyring (3.4.1-2) experimental; urgency=low * Build-Depend on libselinux1-dev only for linux-any. -- Jordi Mallach Thu, 17 May 2012 11:40:29 +0200 gnome-keyring (3.4.1-1) experimental; urgency=low [ Jeremy Bicha ] * New upstream release. - gck and gcr libraries have been split off to separate gcr source * debian/control.in: Bump Standards-Version to 3.9.3. No further changes. * Drop git patches as they've been applied upstream. * Rewrite copyright file using the machine-readable format 1.0. [ Jordi Mallach ] * New upstream release. * Fix some copyright notices in copyright file. * Bump Build-Depends. * Build-Depend on libselinux1-dev. * Bump to debhelper v9. * Stop configuring with --enable-static. -- Jordi Mallach Mon, 14 May 2012 22:13:02 +0200 gnome-keyring (3.2.2-2) unstable; urgency=low [ Martin Pitt ] * Add 00git_gmodule_include.patch: Fix FTBFS due to missing gmodule package check when building against glib 2.31. * Add 00git_glib_2.31_deprecations.patch: Fix deprecated API for building with glib 2.31. Backported from upstream git head. (LP: #911125) [ Michael Biebl ] * Add 00git_rpc-layer-Correctly-handle-case-where-gnome-keyring-.patch: Correctly handle case where gnome-keyring-daemon is not running. Fixes the infamous "gnome-keyring:: no socket to connect to" warning from the gnome-keyring pam module. Closes: #649408 * Drop debian/patches/99_ltmain_as-needed.patch: It conflicts with dh-autoreconf. -- Michael Biebl Wed, 25 Jan 2012 20:02:03 +0100 gnome-keyring (3.2.2-1) unstable; urgency=low [ Michael Biebl ] * New upstream release. * Drop libgcr0 and libgcr-dev again, upstream no longer supports GTK 2 builds. * Bump debhelper compatibility level to 8. * Add Build-Depends on libp11-kit-dev (>= 0.6). * Change Build-Depends on libcap-dev to libcap-ng-dev. * debian/watch: Track .xz tarballs. * debian/rules: Don't run update-mime-database utility. [ Jordi Mallach ] * Update Vcs-* URLs. [ Michael Biebl ] * debian/gnome-keyring.install: Install icons, mime types, pkcs11 config files and the pkcs11 modules from the multiarch paths. * Update for the soname bumps of libgcr and libgck: - Rename libgck0 → libgck-1-0. - Rename libgck-dev → libgck-1-dev. - Rename libgcr-3-0 → libgcr-3-1. - Update symbols files. * Split the API documentation into libgck-1-doc and libgcr-3-doc and add the necessary Breaks/Replaces. * Split the data files from libgcr-3-1 into a libgcr-3-common package and make libgcr-3-1 depend on it. * Make the -dev packages depend on libp11-kit-dev. -- Michael Biebl Fri, 18 Nov 2011 15:01:44 +0100 gnome-keyring (3.0.3-2) unstable; urgency=low * Re-add libgcr0 and libgcr-dev packages -- Sjoerd Simons Tue, 31 May 2011 19:59:00 -0700 gnome-keyring (3.0.3-1) unstable; urgency=low * New upstream release. * debian/watch: Move to *.bz2, upstream does not release .gz tarballs any more. -- Martin Pitt Tue, 31 May 2011 07:17:56 +0200 gnome-keyring (3.0.2-1) unstable; urgency=low [ Laurent Bigonville ] * debian/patches/04_expand_LIBEXECDIR.patch: Drop patch, applied from upstream * debian/rules: Enable tests * debian/patches/01_fix_glib_link.patch: Fix FTBFS with --no-add-needed [ Martin Pitt ] * New upstream release. * debian/libgcr-3-0.symbols: Add new symbols from this upstream release. * Drop 01_fix_glib_link.patch, applied upstream. * debian/rules: As the PKCS11 tests often fail right now, don't cause test suite failures to fail the build. Let's see how well this works on the Debian buildds first. -- Martin Pitt Mon, 23 May 2011 11:34:04 +0200 gnome-keyring (3.0.0-3) unstable; urgency=low [ Josselin Mouette ] * Break libgnome-keyring < 3.0. * Fail gracefully when capabilities are not supported. Closes: #622875, #623335. * Break seahorse-plugins < 3.0, since it takes over the GPG functionality. * README.Debian: document how to disable gnome-keyring components. Closes: #623539. -- Jordi Mallach Thu, 21 Apr 2011 19:36:47 +0200 gnome-keyring (3.0.0-2) unstable; urgency=low * Upload to unstable. * Rename libgcr-dev to libgcr-3-dev, to allow for a future GTK+2-based build, if needed. * Bump Standards-Version to 3.9.2, with no changes required. -- Jordi Mallach Thu, 14 Apr 2011 23:18:31 +0200 gnome-keyring (3.0.0-1) experimental; urgency=low * New upstream release * Drop debian/patches/01_pam-logging-less-verbose.patch, debian/patches/05_use_in_xfce.patch: Applied upstream * debian/libgcr-3-0.symbols: Adjust .symbols file * debian/gnome-keyring.install: Also install /usr/share/applications/ * debian/patches/04_expand_LIBEXECDIR.patch: Correctly expand LIBEXECDIR in gnome-keyring-prompt.desktop -- Laurent Bigonville Sun, 10 Apr 2011 23:25:25 +0200 gnome-keyring (2.91.91-1) experimental; urgency=low * New upstream release * debian/control.in: - Add libcap-dev as build-dependency for linux-any - Make gnome-keyring Depends against libcap2-bin for linux-any - Vcs-Browser: Use viewsvn instead the horrible wsvn * debian/gnome-keyring.postinst: - Set CAP_IPC_LOCK capability on gnome-keyring-daemon. This would permit gnome-keyring to overcome limits on locked memory and prevent private keys to be swapped out. - Do not cleanup .desktop files from /etc/xdg/autostart as we are shipping them again in that directory * debian/libgcr-3-0.symbols, debian/libgck0.symbols: Adjusts symbols files * debian/patches/04_link-libtasns1.patch, d/p/0001-Link-directly-to-gmodule-for-the-modules-that-need-i.patch: Drop patches, not needed anymore * debian/patches/05_use_in_xfce.patch: Make gnome-keyring-daemon also start for XFCE, taken from Ubuntu * debian/gnome-keyring.install: - Drop debian/tmp/usr/share/gnome-keyring/introspect, debian/tmp/etc/xdg/pkcs11.conf.defaults - Move back .desktop files to /etc/xdg/autostart to also startup gnome-keyring-daemon for Lxde and Xfce (Closes: #599757) -- Laurent Bigonville Thu, 10 Mar 2011 22:20:24 +0100 gnome-keyring (2.91.4-3) experimental; urgency=low * debian/control.in: - Update for the new gtk+ package names. -- Emilio Pozuelo Monfort Sat, 19 Feb 2011 14:33:53 +0000 gnome-keyring (2.91.4-2) experimental; urgency=low * debian/rules, debian/control.in: - Don't add quilt support, source format 3.0 (quilt) does that for us. - Build depend on ca-certificates and let the configure script autodetect the certificates dir. Closes: #608003. * debian/rules: - Reorder includes a bit. * debian/libgcr-3-0.symbols: - Add a Build-Depends-Package line to get proper dependencies when a package build-depends on a higher version of libgcr-dev than what it gets from the used symbols. * debian/libgcr-3-0.shlibs, debian/libgck0.shlibs, debian/rules: - Generate the shlibs files at build time, and make them depend on the upstream version. We have .symbols files anyway, and updating the shlibs version is error prone. This puts us on the safe side. * debian/control.in: - Bump libgtk3.0-dev build dependency. -- Emilio Pozuelo Monfort Wed, 12 Jan 2011 22:50:20 +0000 gnome-keyring (2.91.4-1) experimental; urgency=low [ Josselin Mouette ] * Install gnome-keyring-prompt-3. Closes: #607192. [ Sjoerd Simons ] * New upstream release * patches/0001-Link-directly-to-gmodule-for-the-modules-that-need-i.patch + Added. Fix build with -Wl,--as-needed * gnome-keyring.install: Install pkcs11 modules and config files * libgck0.symbols, libgcr-3-0.symbols: Update symbols file * debian/rules: Add quilt patchsys and use list-missing -- Sjoerd Simons Sat, 25 Dec 2010 21:30:35 +0100 gnome-keyring (2.91.3-1) experimental; urgency=low * New upstream release - Drop debian/patches/06_init_timeout.patch: Merged upstream * debian/control.in: - Bump Standards-Version to 3.9.1 (no further changes) - Remove duplicate Section to please lintian - Bump glib {build-}dependencies to 2.25.0 -- Laurent Bigonville Sat, 04 Dec 2010 17:34:49 +0100 gnome-keyring (2.91.1-1) experimental; urgency=low [ Sjoerd Simons ] * New upstream release * Update soname of libgcr * Update install files * debian/patches/02_uidir_relocate.patch: + Removed, merged upstream * debian/patches/05_hurd_maxpathlen.patch: + Removed, merged upstream * debian/patches/10_debugging_output.patch: + Removed, no longer needed * debian/patches/06_init_timeout.patch + Updated * Drop libgp11, it has been replaced by libgck [ Emilio Pozuelo Monfort ] * debian/rules: - Drop libgp11 stuff, not needed anymore. - Update libgcr package name so it has an effect. - Also make the symbols check strict for libgck. - Include check-dist.mk to prevent accidental uploads to unstable. * debian/libgcr-3-0.shlibs: - Updated for the new SONAME. * debian/control, debian/libgck-0.*, debian/libgcr3.*: - Rename libgck-0 to libgck0 so the package matches the SONAME, and libgcr3 to libgcr-3-0 so it embeds the SONAME in the package name. * debian/libgck0.symbols: - Remove debian revision from every symbol. -- Emilio Pozuelo Monfort Sat, 20 Nov 2010 11:25:16 +0100 gnome-keyring (2.30.3-5) unstable; urgency=low * 07_keyring_encoding.patch: patch from upstream git. Correctly handle keyring names with non-ascii characters. Closes: #591659, LP: #553759. -- Josselin Mouette Tue, 11 Jan 2011 20:28:48 +0100 gnome-keyring (2.30.3-4) unstable; urgency=low * 06_init_timeout.patch: follow upstream and use a 120 second timeout instead of 10. Closes: #603387. -- Josselin Mouette Mon, 15 Nov 2010 17:46:27 +0100 gnome-keyring (2.30.3-3) unstable; urgency=low * 06_init_timeout.patch: new patch. Exit the daemon when started through the PAM module if it is not initialized in 10 seconds. This avoids leaking gnome-keyring-daemon processes everywhere. -- Josselin Mouette Sat, 09 Oct 2010 09:50:46 +0200 gnome-keyring (2.30.3-2) unstable; urgency=high * 10_debugging_output.patch: new patch. Stop spewing sensitive information in the system logs. Note that it does *not* spew actual keys or passphrases. This bug was introduced in 2.30. Credits go to Romain Françoise for the discovery. -- Josselin Mouette Tue, 05 Oct 2010 19:20:54 +0200 gnome-keyring (2.30.3-1) unstable; urgency=low * New upstream stable release. * Refresh patches for new upstream release. * Remove debian/org.freedesktop.secrets.service, merged upstream. * debian/control.in - Bump Standards-Version to 3.9.0. No further changes. - Add Vcs-Browser and Vcs-Svn fields. - Add Homepage field. -- Michael Biebl Tue, 20 Jul 2010 04:36:32 +0200 gnome-keyring (2.30.1-2) unstable; urgency=low [ Josselin Mouette ] * Update README.Debian to match reality. [ Sjoerd Simons ] * Add service file for org.freedesktop.secrets to ensure gnome-keyring gets autolaunched when it's needed. -- Sjoerd Simons Tue, 27 Apr 2010 23:11:24 +0100 gnome-keyring (2.30.1-1) unstable; urgency=low * New upstream bugfix release: + debian/control.in: - Required GTK+ >= 2.20.0. -- Sebastian Dröge Tue, 27 Apr 2010 09:35:21 +0200 gnome-keyring (2.30.0-2) unstable; urgency=low [ Emilio Pozuelo Monfort ] * debian/patches/05_hurd_maxpathlen.patch: - Fix build on Hurd, again (MAXPATHLEN reintroduced). * debian/control.in, debian/rules, debian/patches/*, debian/source/format: - Switch to source format 3.0 (quilt). * debian/rules: - Pass -c4 to dpkg-gensymbols for stricter checks. [ Josselin Mouette ] * Break libgnome-keyring0 < 2.30. Closes: #577624. -- Josselin Mouette Tue, 13 Apr 2010 21:27:28 +0200 gnome-keyring (2.30.0-1) unstable; urgency=low [ Josselin Mouette ] * The library only suggests the daemon. Closes: #563358. * 03_kfreebsd.patch: new version of the patch. Closes: #558406 again. [ Sebastian Dröge ] * New upstream stable release: + debian/control.in, debian/libgnome-keyring*: - Dropped libgnome-keyring package, it has its own source package now. + debian/control.in: - Drop GConf build dependency. + debian/patches/04_maxpathlen_hurd.patch: - Dropped, merged upstream. + debian/patches/10_whitelist_system.patch: - Dropped, relevant code does not exist anymore. + debian/patches/04_link-libtasns1.patch: - Fix linking with libtasn1. -- Sebastian Dröge Mon, 12 Apr 2010 12:49:53 +0200 gnome-keyring (2.28.2-1) unstable; urgency=low [ Josselin Mouette ] * 03_kfreebsd.patch: patch from Emmanuel Bouthenot to add kFreeBSD support. Closes: #558406. [ Emilio Pozuelo Monfort ] * Switch to quilt, refresh patches. * debian/patches/04_maxpathlen_hurd.patch: - New patch, switch to dynamic allocation to avoid using MAXPATHLEN. Fixes FTBFS on GNU/Hurd. * New upstream bugfix release. -- Emilio Pozuelo Monfort Mon, 14 Dec 2009 19:50:03 +0100 gnome-keyring (2.28.1-2) unstable; urgency=low * 10_whitelist_system.patch: new patch. Whitelist some system directories (/usr/bin and /usr/lib) to avoid drowning the user under useless dialogs. If anything evil can be installed in these directories, all users on the system are doomed and we can give up on any kind of security. -- Josselin Mouette Fri, 20 Nov 2009 18:09:05 +0100 gnome-keyring (2.28.1-1) unstable; urgency=low [ Josselin Mouette ] * Install the autostart file in /usr/share/gnome, not /etc/xdg. * Remove the old file in the postinst. * Remove .la file, it’s not references anywhere anymore. * Drop clean-la.mk include as well. [ Emilio Pozuelo Monfort ] * New upstream release. - Wait until env variables are set on startup. Closes: #516230. - debian/control.in: + Don't build depend on libhal-storage-dev nor suggest hal, we now use libgio to monitor volumes. + Only require libtasn1-3-dev >= 0.3.4, not >= 1.0. - debian/patches/02_uidir_relocate.patch: + Updated. * Standards-Version is 3.8.3, no changes needed. * debian/watch: Don't uupdate. -- Emilio Pozuelo Monfort Tue, 20 Oct 2009 14:22:49 +0200 gnome-keyring (2.26.1-1) unstable; urgency=low * New upstream release. + Fixes numerous crashes in the memory allocator. Hopefully closes: #522826 for good. * Update build-dependencies. * Install API documentation for libgcr. * 03_secure-mem_crash.patch: dropped, merged upstream. * 04_full_path_in_service.patch: dropped, fixed upstream in another way. * Fix FSF address in copyright file. -- Josselin Mouette Fri, 15 May 2009 11:25:28 +0200 gnome-keyring (2.26.0-4) unstable; urgency=low * debian/patches/04_full_path_in_service.patch: Added. Put the full path to gnome-keyring-daemon in the .service file. Fixes dbus autostarting the daemon on demand -- Sjoerd Simons Sat, 18 Apr 2009 15:34:17 +0100 gnome-keyring (2.26.0-3) unstable; urgency=low * libgp11-0.shlibs: add shlibs file for libgp11. Closes: #522381. * libgcr0.symbols, libgnome-keyring0.symbols: add Build-Depends-Package fields. * libgp11-0.symbols: also add symbols file for libgp11. * Add missing build-dep on intltool. * Pass /etc/ssl/certs as the directory for root certificates. * Update glib dependency for libgnome-keyring-dev. * Standards version is 3.8.1. * 03_secure-mem_crash.patch: new patch, stolen upstream. Fixes assertion error in the secure memory allocator. Closes: #522266. * pam-configs/gnome-keyring: ship a PAM configuration for the Password stanzas. * libpam-gnome-keyring.install: install it. * libpam-gnome-keyring.{postinst,prerm}: run pam-auth-update. * Depend on libpam-runtime (>= 1.0.1-6). * libpam-gnome-keyring.README.Debian: remove the documentation for the passwd module. -- Josselin Mouette Wed, 08 Apr 2009 15:39:31 +0200 gnome-keyring (2.26.0-2) unstable; urgency=low * debian/libgnome-keyring0.shlibs: - revert bumping shlibs version to 2.26.0, not needed and harmful now that we are in unstable * debian/libgnome-keyring0.symbols: - add a symbols file for libgnome-keyring0 * debian/libgcr0.symbols: - add symbols file for libgcr0 -- Gustavo Noronha Silva Thu, 02 Apr 2009 10:17:30 -0300 gnome-keyring (2.26.0-1) unstable; urgency=low * New upstream release * debian/libgnome-keyring0.shlibs: - bumped shlibs version to 2.26.0 * debian/copyright: - complete rewrite * debian/patches/02_uidir_relocate.patch: - change the directory where .ui files are installed, so that it contains the soversion, to allow for parallel installability of binary-incompatible versions * debian/rules: - do not enable tests, since they aren't really run, and may cause problems in some architectures, according to seb128 * debian/control.in: - sync Replaces with the Ubuntu package, for their convenience Changes imported from/based on the Ubuntu package (thanks!): * debian/control.in, debian/libgcr*: - added packages for the libgcr library * debian/control.in: - adjust libtasn1-3-dev build-dependency to require >= 1.0, and add build-dep on libtasn1-bin * debian/gnome-keyring.install: - also install the new .so files gnome-keyring puts in /usr/lib/gnome-keyring/{devel,standalone}, and the XDG autostart file -- Gustavo Noronha Silva Sat, 28 Mar 2009 17:15:29 -0300 gnome-keyring (2.24.1-3) UNRELEASED; urgency=low [ Loic Minier ] * Suggest hal as gnome-keyring attempts to contact it by default and logs a warning if it can't. [ Josselin Mouette ] * Build-depend on libglib2.0-doc to ensure proper xrefs. -- Loic Minier Sun, 15 Mar 2009 14:50:04 +0100 gnome-keyring (2.24.1-2) unstable; urgency=low * gnome-keyring depends on dbus-x11. Closes: #509308. -- Josselin Mouette Sun, 08 Mar 2009 19:22:34 +0100 gnome-keyring (2.24.1-1) experimental; urgency=low * New upstream release. + Uses id_rsa.pub to read public key information. Closes: #431544. * Bump glib build-dependency. * Bump shlibs for libgnome-keyring0 to 2.23.5. * 01_pam-logging-less-verbose.patch: refreshed. * 02_dbus_crash.patch: dropped, merged upstream. * New packages: libgp11-0 and libgp11-dev. * libgnome-keyring-dev.docs: updated for the new source layout. * Don’t install the .a and .la for the gnome-keyring pkcs11 module. * Don’t run dh_makeshlibs on gnome-keyring package. * Pass -O1 -z defs --as-needed to the linker. * 99_ltmain_as-needed.patch: make it work on libraries. -- Josselin Mouette Sat, 22 Nov 2008 11:02:45 +0100 gnome-keyring (2.22.3-2) unstable; urgency=low * 02_dbus_crash.patch: patch from upstream to fix a crash that happens after dbus restarts. Closes: #474418. -- Josselin Mouette Tue, 23 Sep 2008 12:42:14 +0200 gnome-keyring (2.22.3-1) unstable; urgency=low * New upstream bugfix release. * debian/control.in: + Updated Standards-Version to 3.8.0, no additional changes needed. -- Sebastian Dröge Tue, 01 Jul 2008 08:23:46 +0200 gnome-keyring (2.22.2-1) unstable; urgency=low [ Josselin Mouette ] * README.Debian: document how passwords are stored, how to disable the SSH agent, and how the login keyring works. Closes: #473864. [ Sebastian Dröge ] * New upstream bugfix release. -- Sebastian Dröge Mon, 02 Jun 2008 11:50:21 +0200 gnome-keyring (2.22.1-1) unstable; urgency=low [ Michael Banck ] * debian/patches/03_fix_symbol_exporting.patch - Added. Fix symbol export to include upper case GNOME_KEYRING_ symbols as well. Taken from upstream svn, thanks to Andrea Del Signore. [ Sebastian Dröge ] * New upstream bugfix release: + debian/patches/02_handle_dbus_restart.patch, debian/patches/03_fix_symbol_exporting.patch: - Dropped, merged upstream. -- Sebastian Dröge Mon, 07 Apr 2008 06:38:43 +0200 gnome-keyring (2.22.0-2) unstable; urgency=low * debian/patches/02_handle_dbus_restart.patch - Added. Handle the restart of the system dbus (Closes: #456362) -- Sjoerd Simons Fri, 14 Mar 2008 14:36:07 +0100 gnome-keyring (2.22.0-1) unstable; urgency=low [ Emilio Pozuelo Monfort ] * New upstream release. - Build-Depend on libglib2.0-dev, libgconf2-dev and libtasn1-3-dev. - debian/gnome-keyring.docs: + Updated to match new keyring-intro.txt location. - debian/libgnome-keyring-dev.docs: + Likewise for file-format.txt. - debian/gnome-keyring.install: + Install new files, stolen from the Ubuntu package. * Build the test suite. [ Josselin Mouette ] * libpam-gnome-keyring recommends gnome-keyring. [ Sebastian Dröge ] * debian/libgnome-keyring0.shlibs: + Update shlibs to >= 2.22.0 because of new API. * debian/control.in: + Cleanup dependencies of the -dev package. -- Sebastian Dröge Wed, 12 Mar 2008 11:31:11 +0100 gnome-keyring (2.20.3-1) unstable; urgency=low [ Loic Minier ] * Downgrade libgnomekeyring dep on gnome-keyring to a Recommends; closes: #455203. * Wrap build-deps and deps. * Add a ${misc:Depends}. [ Sam Morris ] * Add fix_evolution_crash.patch (closes: #456967). [ Josselin Mouette ] * Rework libpam-gnome-keyring description. Closes: #455491. [ Sebastian Dröge ] * New upstream bugfix release: + debian/patches/fix_evolution_crash.patch: - Dropped, merged upstream. * debian/control.in: + Update Standards-Version to 3.7.3, no additional changes needed. * debian/patches/01_pam-logging-less-verbose.patch: + Don't log unknown user names to syslog as they could be accidentally typed in password (Closes: #459631). -- Sebastian Dröge Tue, 08 Jan 2008 20:01:07 +0100 gnome-keyring (2.20.2-1) unstable; urgency=low [ Sebastien Bacher ] * debian/control.in: - libpam-gnome-keyring Conflicts,Provides,Replaces libpam-keyring [ Josselin Mouette ] * libpam-gnome-keyring.README.Debian: document how to configure pam_gnome_keyring in Debian. Closes: #452731. * gnome-keyring recommends libpam-gnome-keyring. [ Sebastian Dröge ] * New upstream bugfix release. -- Sebastian Dröge Sun, 25 Nov 2007 14:40:12 +0100 gnome-keyring (2.20.1-1) unstable; urgency=low * New upstream bugfix release: + Dropped patch 01_add-new-keyrings.diff, merged upstream. + debian/rules, debian/libpam-gnome-keyring.install: - The PAM module is automatically installed now, no need to do it by hand. + debian/libgnome-keyring0.shlibs: - Bump shlibs to >= 2.20.1 because of a new possible return value of a function. -- Sebastian Dröge Sun, 21 Oct 2007 21:46:57 +0200 gnome-keyring (2.20.0-3) unstable; urgency=low * New patch, 01_add-new-keyrings.diff from upstream svn, to get newly created keyrings to list of loaded keyrings; GNOME #476644. -- Norbert Tretkowski Sat, 06 Oct 2007 17:36:20 +0200 gnome-keyring (2.20.0-2) unstable; urgency=low * Upload to unstable. * debian/control.in: + Use ${binary:Version} instead of ${Source-Version} to make lintian happy. -- Sebastian Dröge Sat, 29 Sep 2007 17:16:09 +0200 gnome-keyring (2.20.0-1) experimental; urgency=low [ Sven Arvidsson ] * Add a (very basic) man page for gnome-keyring-daemon (Closes: #355667) * Ship keyring-intro.txt and file-format.txt in the -dev package (Closes: #434718) [ Loic Minier ] * Don't include autotools.mk as it's already included by gnome.mk. [ Sebastian Dröge ] * New upstrem release, most packaging changes taken from Ubuntu. Thanks to Sebastien Bacher, Aron Sisak, Baptiste Mille-Mathias and Martin Pitt for their work. * debian/control.in: + Add libgcrypt11-dev, libhal-storage-dev and libpam0g-dev to build dependencies and update the libgnome-keyring-dev dependencies. + Add a new libpam-gnome-keyring package that contains a PAM module to automatically unlock keyrings on login. * debian/rules: + Build and install the PAM module. * debian/libgnome-keyring0.shlibs: + Update shlibs to >= 2.19.6. * debian/gnome-keyring.docs, debian/libgnome-keyring-dev.docs: + Update docs that should be shipped. -- Sebastian Dröge Sat, 22 Sep 2007 10:00:51 +0200 gnome-keyring (0.8.1-2) unstable; urgency=low * Upload to unstable, remove check-dist include. -- Sebastian Dröge Thu, 19 Apr 2007 08:49:25 +0200 gnome-keyring (0.8.1-1) experimental; urgency=low * New upstream stable release; no API change; bug fix. * Fix watch file to track all stable versions and use HTTP. * Bump up Debhelper compatibility level to 5. * Drop useless debian/*dirs. * Add ${misc:Depends}. -- Loic Minier Sun, 08 Apr 2007 09:07:52 +0200 gnome-keyring (0.8-1) experimental; urgency=low [ Loic Minier ] * Add a get-orig-source target to retrieve the upstream tarball. [ Marc 'HE' Brockschmidt ] * Remove unneeded debian/*.files, .install files are in use. * New upstream release: + Bumped shlibs, new functions available + Added build-dep on dbus, to make use of new dbus features + debian/patches/30_kfreebsd.patch: Dropped, merged upstream + Install gtk-doc documentation to libgnome-keyring-dev [ Loic Minier ] * Don't overwrite DEB_CONFIGURE_EXTRA_FLAGS. * Include the new check-dist Makefile to prevent accidental uploads to unstable; bump build-dep on gnome-pkg-tools to >= 0.10. -- Loic Minier Tue, 27 Mar 2007 22:20:24 +0200 gnome-keyring (0.6.0-3) unstable; urgency=low * New patch, 30_kfreebsd, fixes build under kfreesbd; thanks Petr Salinger; GNOME #382773; closes: #401720. -- Loic Minier Tue, 5 Dec 2006 22:35:15 +0100 gnome-keyring (0.6.0-2) unstable; urgency=low * Upload to unstable. * Call clean-la.mk; require gnome-pkg-tools 0.7. -- Loic Minier Sun, 22 Oct 2006 20:06:57 +0200 gnome-keyring (0.6.0-1) experimental; urgency=low * New upstream release. * Update build-dependencies. * Standards version is 3.7.2. * Bump libgnome-keyring0.shlibs. -- Josselin Mouette Tue, 5 Sep 2006 23:14:37 +0200 gnome-keyring (0.4.9-1) unstable; urgency=low * New upstream release (bugfix and updated translations). -- J.H.M. Dassen (Ray) Thu, 16 Mar 2006 09:48:14 +0100 gnome-keyring (0.4.8-1) unstable; urgency=medium * New upstream release (bugfix and updated translations). -- J.H.M. Dassen (Ray) Tue, 28 Feb 2006 07:03:41 +0100 gnome-keyring (0.4.7-1) unstable; urgency=low * New upstream release (bugfix and translation updates). -- J.H.M. Dassen (Ray) Thu, 16 Feb 2006 21:40:14 +0100 gnome-keyring (0.4.6-2) unstable; urgency=low * Upload to unstable. -- Ondřej Surý Fri, 30 Dec 2005 15:02:56 +0100 gnome-keyring (0.4.6-1) unstable; urgency=low [ Sebastien Bacher ] * New upstream version: - confirm password when selecting new password. [ Loic Minier ] * Update watch file. [debian/watch] -- Ondřej Surý Fri, 30 Dec 2005 15:02:39 +0100 gnome-keyring (0.4.5-1) unstable; urgency=low * New upstream release * debian/control.in: - added Section field to source package part - removed dependencies on unused ${misc:Depends} - updated to Standards-Version 3.6.2.1 with no changes * debian/patches/00_relibtoolise.patch: - dropped; no longer necessary -- Guilherme de S. Pastore Fri, 16 Sep 2005 17:00:20 -0300 gnome-keyring (0.4.3-2) unstable; urgency=low * Add dependency on libglib2.0-dev to libgnome-keyring-dev. (Closes: #323310) [debian/control, debian/control.in] * Update FSF address. [debian/copyright] * Bump Standards-Version to 3.6.2. [debian/control, debian/control.in] -- Loic Minier Sat, 3 Sep 2005 11:26:50 +0200 gnome-keyring (0.4.3-1) unstable; urgency=low * New upstream version: - Translation updates. - Fix bug in acl functions. - implement gnome_keyring_set_info. - add sync function for all operations. - fix leaks. * debian/libgnome-keyring0.shlibs: - set to the current version. -- Sebastien Bacher Fri, 1 Jul 2005 23:30:27 +0200 gnome-keyring (0.4.2-1) unstable; urgency=low * New upstream release. -- Sebastien Bacher Thu, 7 Apr 2005 18:22:43 +0200 gnome-keyring (0.4.1-1) unstable; urgency=low * New upstream release. * debian/patches/00_relibtoolise.patch: use updated seb128's work -- Ondřej Surý Wed, 12 Jan 2005 11:51:59 +0100 gnome-keyring (0.4.0-2) unstable; urgency=low * GNOME team upload. * Upload to unstable. -- Jordi Mallach Wed, 17 Nov 2004 14:10:30 +0100 gnome-keyring (0.4.0-1) experimental; urgency=low * GNOME team upload. * New upstream release. * debian/control.in: s/informations/information/g. * debian/libgnome-keyring0.shlibs: bumped to 0.4.0, new symbols added. * debian/patches/00_relibtoolise.patch: updated. -- Jordi Mallach Tue, 14 Sep 2004 23:47:27 +0200 gnome-keyring (0.2.1-3) unstable; urgency=low * Add relibtoolize patch to fix FTBFS on on k*bsd-gnu (Closes: #266763) -- Ondřej Surý Thu, 19 Aug 2004 08:35:24 +0200 gnome-keyring (0.2.1-2) unstable; urgency=low * Upload to unstable. -- Ondřej Surý Mon, 24 May 2004 14:55:38 +0200 gnome-keyring (0.2.1-1) experimental; urgency=low * New upstream release. -- Ondřej Surý Tue, 20 Apr 2004 11:10:30 +0200 gnome-keyring (0.2.0-3) experimental; urgency=low * Add build depends on cdbs, docbook-xml and gtk-doc-tools. -- Ondřej Surý Fri, 26 Mar 2004 23:16:28 +0100 gnome-keyring (0.2.0-2) experimental; urgency=low * Renamed libgnome-keyring-0 to libgnome-keyring0. -- Ondřej Surý Wed, 24 Mar 2004 15:22:32 +0100 gnome-keyring (0.2.0-1) experimental; urgency=low * Initial Release. -- Ondřej Surý Tue, 23 Mar 2004 12:21:43 +0100 gnome-keyring (2.22.0-3.1) UNRELEASED; urgency=low * debian/patches/03_fix_symbol_exporting.patch - Added. Fix symbol export to include upper case GNOME_KEYRING_ symbols as well. Taken from upstream svn, thanks to Andrea Del Signore. * -- Sebastian Dröge Mon, 07 Apr 2008 06:38:43 +0200 debian/libpam-gnome-keyring.install0000644000000000000000000000006212236365437014604 0ustar lib/*/security/*.so debian/pam-configs usr/share/ debian/gnome-keyring.ubiquity0000644000000000000000000000075512236365332013552 0ustar #!/bin/sh set -e # Make sure that the IPC_LOCK capability is added to the gnome-keyring-daemon # binary after installation, since file system caps aren't supported by the # LiveCD's squashfs. PROGRAM=/usr/bin/gnome-keyring-daemon if [ -e /target/sbin/setcap ] && [ -e /target/$PROGRAM ]; then if chroot /target setcap CAP_IPC_LOCK=ep $PROGRAM >/dev/null 2>&1; then logger --tag ubiquity "Setting capabilities for gnome-keyring-daemon using Linux Capabilities failed." fi fi debian/libpam-gnome-keyring.README.Debian0000644000000000000000000000105412233274005015241 0ustar pam_gnome_keyring for Debian ---------------------------- The default PAM configuration for GDM and gnome-screensaver already uses pam_gnome_keyring. Password change is also implemented through the global PAM configuration. If you want to start gnome_keyring from another display manager, you need to add the following lines to the corresponding /etc/pam.d/?dm file: auth optional pam_gnome_keyring.so session optional pam_gnome_keyring.so auto_start -- Josselin Mouette , Sun, 25 Nov 2007 11:53:10 +0100