From owner-freebsd-ports-bugs@FreeBSD.ORG Sat Aug 24 00:40:02 2013 Return-Path: Delivered-To: freebsd-ports-bugs@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id E0D398BF for ; Sat, 24 Aug 2013 00:40:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id BE6272F22 for ; Sat, 24 Aug 2013 00:40:01 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id r7O0e1xd011975 for ; Sat, 24 Aug 2013 00:40:01 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.7/8.14.7/Submit) id r7O0e1wQ011974; Sat, 24 Aug 2013 00:40:01 GMT (envelope-from gnats) Resent-Date: Sat, 24 Aug 2013 00:40:01 GMT Resent-Message-Id: <201308240040.r7O0e1wQ011974@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Matthew Luckie Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id C9BCA821 for ; Sat, 24 Aug 2013 00:31:28 +0000 (UTC) (envelope-from mjl@caida.org) Received: from caida.org (rommie.caida.org [192.172.226.78]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id B007F2EEA for ; Sat, 24 Aug 2013 00:31:28 +0000 (UTC) Received: from sorcerer.caida.org (sorcerer.caida.org [192.172.226.95]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by caida.org (Postfix) with ESMTP id 3A637BA6F for ; Fri, 23 Aug 2013 17:11:17 -0700 (PDT) Received: from mjl by sorcerer.caida.org with local (Exim 4.80.1 (FreeBSD)) (envelope-from ) id 1VD1Rl-000Our-3s for FreeBSD-gnats-submit@freebsd.org; Fri, 23 Aug 2013 17:11:17 -0700 Message-Id: Date: Fri, 23 Aug 2013 17:11:17 -0700 From: Matthew Luckie Sender: Matthew Luckie To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.113 Subject: ports/181495: [patch] security/gnupg add option for setuid install X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: Matthew Luckie List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Aug 2013 00:40:02 -0000 >Number: 181495 >Category: ports >Synopsis: [patch] security/gnupg add option for setuid install >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sat Aug 24 00:40:00 UTC 2013 >Closed-Date: >Last-Modified: >Originator: Matthew Luckie >Release: FreeBSD 9.1-RELEASE-p4 i386 >Organization: >Environment: System: FreeBSD sorcerer.caida.org 9.1-RELEASE-p4 FreeBSD 9.1-RELEASE-p4 #0: Mon Jun 17 11:38:17 UTC 2013 root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386 >Description: The Makefile for gnupg allows the binary to be installed setuid root if built with make WITH_SUID_GPG=yes install However, the option must be set every time gnupg is built. >How-To-Repeat: Build gnupg while forgetting the option. >Fix: The attached patch adds a dialog option to the port, so that the port can remember what my preference is. --- patch-gnupg begins here --- diff -uNr gnupg.orig/Makefile gnupg/Makefile --- gnupg.orig/Makefile 2013-08-19 06:29:42.000000000 -0700 +++ gnupg/Makefile 2013-08-23 17:06:01.000000000 -0700 @@ -29,7 +29,7 @@ USE_LDCONFIG= YES CONFIGURE_ARGS+= --enable-symcryptrun -OPTIONS_DEFINE= PINENTRY LDAP SCDAEMON CURL GPGSM KDNS STD_SOCKET NLS +OPTIONS_DEFINE= PINENTRY LDAP SCDAEMON CURL GPGSM KDNS STD_SOCKET NLS SETUID PINENTRY_DESC= Use pinentry LDAP_DESC= LDAP keyserver interface SCDAEMON_DESC= Enable Smartcard daemon (with libusb) @@ -37,6 +37,7 @@ GPGSM_DESC= Enable GPGSM (requires LDAP) KDNS_DESC= Use DNS CERT helper STD_SOCKET_DESC= Use standard socket for agent +SETUID_DESC= Install gpg setuid root OPTIONS_DEFAULT= CURL NO_OPTIONS_SORT= YES @@ -121,7 +122,7 @@ post-install: PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL -.if defined(WITH_SUID_GPG) +.if ${PORT_OPTIONS:MSETUID} ${CHMOD} u+s ${PREFIX}/bin/gpg2 .endif @${CAT} ${PKGMESSAGE} --- patch-gnupg ends here --- >Release-Note: >Audit-Trail: >Unformatted: