Date: Thu, 18 Nov 2010 17:03:04 +0800 (CST) From: Sunpoet Po-Chuan Hsieh <sunpoet@FreeBSD.org> To: FreeBSD-gnats-submit@FreeBSD.org Cc: kuriyama@FreeBSD.org Subject: ports/152359: [PATCH] security/gnupg: set setuid bit on bin/gpg2 when WITH_SUID_GPG is set Message-ID: <20101118090304.5929E2AEC870@sunpoet.net> Resent-Message-ID: <201011180910.oAI9A9Av054811@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 152359
>Category: ports
>Synopsis: [PATCH] security/gnupg: set setuid bit on bin/gpg2 when WITH_SUID_GPG is set
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Thu Nov 18 09:10:09 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator: Sunpoet Po-Chuan Hsieh
>Release: FreeBSD 8.1-STABLE amd64
>Organization:
The FreeBSD Project
>Environment:
System: FreeBSD bonjour.sunpoet.net 8.1-STABLE FreeBSD 8.1-STABLE #0: Sat Oct 23 16:01:16 CST 2010
>Description:
- Set setuid bit on bin/gpg2 instead of bin/gpg when WITH_SUID_GPG is set
Therefore, users may run gpg2 with setuid enabled
e.g. make verify
Port maintainer (kuriyama@FreeBSD.org) is cc'd.
Generated with FreeBSD Port Tools 0.99
>How-To-Repeat:
>Fix:
--- gnupg-2.0.16_2.patch begins here ---
Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/security/gnupg/Makefile,v
retrieving revision 1.131
diff -u -u -r1.131 Makefile
--- Makefile 27 Jul 2010 01:25:17 -0000 1.131
+++ Makefile 18 Nov 2010 08:41:04 -0000
@@ -129,7 +129,7 @@
post-install:
PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL
.if defined(WITH_SUID_GPG)
- ${CHMOD} u+s ${PREFIX}/bin/gpg
+ ${CHMOD} u+s ${PREFIX}/bin/gpg2
.endif
@${CAT} ${PKGMESSAGE}
Index: distinfo
===================================================================
RCS file: /home/ncvs/ports/security/gnupg/distinfo,v
retrieving revision 1.52
diff -u -u -r1.52 distinfo
--- distinfo 20 Jul 2010 14:01:50 -0000 1.52
+++ distinfo 18 Nov 2010 08:41:04 -0000
@@ -1,6 +1,4 @@
-MD5 (gnupg-2.0.16.tar.bz2) = 88a4d46deca63d2eca29b2b611304afb
SHA256 (gnupg-2.0.16.tar.bz2) = 0d5abb977c02ebb0f6ce25a5ba71c8df90835aa666a85acd73a9b7f9df35a80b
SIZE (gnupg-2.0.16.tar.bz2) = 4004033
-MD5 (gnupg-2.0.16.tar.bz2.sig) = 1c6b0b9b04c06deb5ec4bd8c959e25b0
SHA256 (gnupg-2.0.16.tar.bz2.sig) = a72156a1a231e4380225aa4c81f515ce66b787a19996f7f7d84315631be8df43
SIZE (gnupg-2.0.16.tar.bz2.sig) = 158
--- gnupg-2.0.16_2.patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20101118090304.5929E2AEC870>