From 8376ef56580626e9c0f796d5b85b53a0a1c7d5f5 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Sat, 14 Jul 2018 21:03:06 +0100 Subject: gentoo resync : 14.07.2018 --- .../files/monkeysphere-0.36_default_shell.patch | 12 +++ .../files/monkeysphere-0.36_hd_od.patch | 14 ++++ .../files/monkeysphere-0.36_non_default_port.patch | 14 ++++ ...onkeysphere-0.36_openpgp2ssh_sanity_check.patch | 34 ++++++++ .../files/monkeysphere-0.36_tests_gnupg2.patch | 50 +++++++++++ .../monkeysphere-0.36_userid_empty_line.patch | 12 +++ .../files/monkeysphere-0.37_default_shell.patch | 12 +++ .../files/monkeysphere-0.37_hd_od.patch | 14 ++++ .../files/monkeysphere-0.38-asprintf.patch | 45 ++++++++++ ...monkeysphere-0.38-revert-executable-patch.patch | 98 ++++++++++++++++++++++ .../monkeysphere-0.38-syssharedir-whitespace.patch | 53 ++++++++++++ ...re-0.39-make-tests-work-with-gnupg-2.1.15.patch | 45 ++++++++++ 12 files changed, 403 insertions(+) create mode 100644 app-crypt/monkeysphere/files/monkeysphere-0.36_default_shell.patch create mode 100644 app-crypt/monkeysphere/files/monkeysphere-0.36_hd_od.patch create mode 100644 app-crypt/monkeysphere/files/monkeysphere-0.36_non_default_port.patch create mode 100644 app-crypt/monkeysphere/files/monkeysphere-0.36_openpgp2ssh_sanity_check.patch create mode 100644 app-crypt/monkeysphere/files/monkeysphere-0.36_tests_gnupg2.patch create mode 100644 app-crypt/monkeysphere/files/monkeysphere-0.36_userid_empty_line.patch create mode 100644 app-crypt/monkeysphere/files/monkeysphere-0.37_default_shell.patch create mode 100644 app-crypt/monkeysphere/files/monkeysphere-0.37_hd_od.patch create mode 100644 app-crypt/monkeysphere/files/monkeysphere-0.38-asprintf.patch create mode 100644 app-crypt/monkeysphere/files/monkeysphere-0.38-revert-executable-patch.patch create mode 100644 app-crypt/monkeysphere/files/monkeysphere-0.38-syssharedir-whitespace.patch create mode 100644 app-crypt/monkeysphere/files/monkeysphere-0.39-make-tests-work-with-gnupg-2.1.15.patch (limited to 'app-crypt/monkeysphere/files') diff --git a/app-crypt/monkeysphere/files/monkeysphere-0.36_default_shell.patch b/app-crypt/monkeysphere/files/monkeysphere-0.36_default_shell.patch new file mode 100644 index 000000000000..f979114181d1 --- /dev/null +++ b/app-crypt/monkeysphere/files/monkeysphere-0.36_default_shell.patch @@ -0,0 +1,12 @@ +diff -r d0c02fe6a949 src/share/common +--- a/src/share/common Sun Oct 06 19:21:18 2013 +0200 ++++ b/src/share/common Sun Oct 06 19:21:49 2013 +0200 +@@ -108,7 +108,7 @@ + # if root, su command as monkeysphere user + 'root') + # requote arguments using bash builtin feature (see "help printf"): +- su "$MONKEYSPHERE_USER" -c "$(printf "%q " "$@")" ++ su -s /bin/bash "$MONKEYSPHERE_USER" -c "$(printf "%q " "$@")" + ;; + + # otherwise, fail diff --git a/app-crypt/monkeysphere/files/monkeysphere-0.36_hd_od.patch b/app-crypt/monkeysphere/files/monkeysphere-0.36_hd_od.patch new file mode 100644 index 000000000000..7cdaa74b5735 --- /dev/null +++ b/app-crypt/monkeysphere/files/monkeysphere-0.36_hd_od.patch @@ -0,0 +1,14 @@ +diff -r 6150774ec7f4 tests/keytrans +--- a/tests/keytrans Sun Feb 16 20:11:02 2014 +0100 ++++ b/tests/keytrans Sun Feb 16 20:11:40 2014 +0100 +@@ -104,8 +104,8 @@ + <(gpg --list-packets < "$TEMPDIR"/converted.secret.key) + + diff -u \ +- <(hd "$TEMPDIR"/secret.key) \ +- <(hd "$TEMPDIR"/converted.secret.key) ++ <(od -xc "$TEMPDIR"/secret.key) \ ++ <(od -xc "$TEMPDIR"/converted.secret.key) + + KEYFPR=$(gpg --fingerprint --with-colons --list-keys | grep ^fpr | cut -f10 -d:) + KEYID=$(printf "%s" "$KEYFPR" | cut -b25-40) diff --git a/app-crypt/monkeysphere/files/monkeysphere-0.36_non_default_port.patch b/app-crypt/monkeysphere/files/monkeysphere-0.36_non_default_port.patch new file mode 100644 index 000000000000..f14550280fcf --- /dev/null +++ b/app-crypt/monkeysphere/files/monkeysphere-0.36_non_default_port.patch @@ -0,0 +1,14 @@ +diff -r 5f7ee764ec1f src/share/common +--- a/src/share/common Mon Oct 07 19:22:36 2013 +0200 ++++ b/src/share/common Mon Oct 07 19:22:58 2013 +0200 +@@ -863,6 +863,10 @@ + ;; + ('known_hosts') + host=${userID#ssh://} ++ if [[ "${host}" == *:* ]]; then ++ IFS=':' read -a ARR <<< "${host}" ++ host="[${ARR[0]}]:${ARR[1]}" ++ fi + remove_line "$keyFile" "$host" "$sshKey" + ;; + esac diff --git a/app-crypt/monkeysphere/files/monkeysphere-0.36_openpgp2ssh_sanity_check.patch b/app-crypt/monkeysphere/files/monkeysphere-0.36_openpgp2ssh_sanity_check.patch new file mode 100644 index 000000000000..aec90eb07661 --- /dev/null +++ b/app-crypt/monkeysphere/files/monkeysphere-0.36_openpgp2ssh_sanity_check.patch @@ -0,0 +1,34 @@ +diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication +index edc7995..2711ff2 100755 +--- a/src/monkeysphere-authentication ++++ b/src/monkeysphere-authentication +@@ -84,6 +84,13 @@ gpg_sphere() { + su_monkeysphere_user gpg --fixed-list-mode --no-greeting --quiet --no-tty "$@" + } + ++check_openpgp2ssh_sanity() { ++ if [[ `su_monkeysphere_user openpgp2ssh ABC &>/dev/null || echo $?` != "255" ]]; then ++ echo "openpgp2ssh command gives unexpected return code. This can lead to a scenario where no authorized keys are populated, even though they are otherwise valid. Aborting!" ++ exit 1 ++ fi; ++} ++ + # output to stdout the core fingerprint from the gpg core secret + # keyring + core_fingerprint() { +@@ -163,6 +170,7 @@ case $COMMAND in + 'update-users'|'update-user'|'update'|'u') + source "${MASHAREDIR}/setup" + setup ++ check_openpgp2ssh_sanity + source "${MASHAREDIR}/update_users" + OUTPUT_STDOUT= update_users "$@" + ;; +@@ -171,6 +179,7 @@ case $COMMAND in + (( $# > 0 )) || failure "Must specify user." + source "${MASHAREDIR}/setup" + setup ++ check_openpgp2ssh_sanity + source "${MASHAREDIR}/update_users" + OUTPUT_STDOUT=true update_users "$1" + ;; diff --git a/app-crypt/monkeysphere/files/monkeysphere-0.36_tests_gnupg2.patch b/app-crypt/monkeysphere/files/monkeysphere-0.36_tests_gnupg2.patch new file mode 100644 index 000000000000..712734459054 --- /dev/null +++ b/app-crypt/monkeysphere/files/monkeysphere-0.36_tests_gnupg2.patch @@ -0,0 +1,50 @@ +diff -r c13f4b11061e tests/keytrans +--- a/tests/keytrans Sun Feb 16 19:24:08 2014 +0100 ++++ b/tests/keytrans Sun Feb 16 19:27:42 2014 +0100 +@@ -131,9 +131,9 @@ + cat >"$TEMPDIR"/expectedout <"$TEMPDIR"/expectedout <"$TEMPDIR"/expectedout < +Date: Sun, 7 Aug 2016 18:24:47 -0400 +Subject: [PATCH] avoid warning about unused asprintf return value +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +some versions of gcc produce this warning, which is treated as an +error due to our conservative defaults in Makefile: + +src/agent-transfer/main.c: In function ‘main’: +src/agent-transfer/main.c:676:5: error: ignoring return value of ‘asprintf’, declared with attribute warn_unused_result [-Werror=unused-result] + asprintf (&alt_comment, "GnuPG keygrip %s", args.keygrip); + ^ +cc1: all warnings being treated as errors + +this patch avoids the warning. +--- + src/agent-transfer/main.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/src/agent-transfer/main.c b/src/agent-transfer/main.c +index 406aaa3..3038f5c 100644 +--- a/src/agent-transfer/main.c ++++ b/src/agent-transfer/main.c +@@ -672,8 +672,13 @@ int main (int argc, const char* argv[]) { + return 1; + } + +- if (!args.comment) +- asprintf (&alt_comment, "GnuPG keygrip %s", args.keygrip); ++ if (!args.comment) { ++ err = asprintf (&alt_comment, "GnuPG keygrip %s", args.keygrip); ++ if (err < 0) { ++ fprintf (stderr, "failed to generate key comment\n"); ++ return 1; ++ } ++ } + + err = send_to_ssh_agent (&e, ssh_sock_fd, args.seconds, args.confirm, + args.comment ? args.comment : alt_comment); +-- +2.7.3 + diff --git a/app-crypt/monkeysphere/files/monkeysphere-0.38-revert-executable-patch.patch b/app-crypt/monkeysphere/files/monkeysphere-0.38-revert-executable-patch.patch new file mode 100644 index 000000000000..4d98c0a7cf5b --- /dev/null +++ b/app-crypt/monkeysphere/files/monkeysphere-0.38-revert-executable-patch.patch @@ -0,0 +1,98 @@ +From c75c7553a88e387013e2b4310f4c4956adfd8a98 Mon Sep 17 00:00:00 2001 +From: Daniel Kahn Gillmor +Date: Mon, 8 Aug 2016 20:45:07 -0400 +Subject: [PATCH 1/2] avoid treating src/share/common as an executable + +having src/share/common treated as an executable (commit +ed10318d3760b56e57d5e1bef04ab57761ab8bd1) was actually a terrible +idea. + +In addition to causing "monkeysphere version" to print the version +number twice, it meant that any invocation of a monkeysphere command +that sourced src/share/common and had a first argument that happened +to be a function name would accidentally invoke that function. + +This commit reverts that idea. +--- + Makefile | 2 +- + src/share/common | 5 ----- + src/share/ma/add_certifier | 2 +- + src/share/ma/update_users | 2 +- + src/share/mh/add_revoker | 2 +- + 5 files changed, 4 insertions(+), 9 deletions(-) + mode change 100755 => 100644 src/share/common + +diff --git a/Makefile b/Makefile +index 608a317..768564a 100755 +--- a/Makefile ++++ b/Makefile +@@ -55,7 +55,7 @@ install: all installman + install src/monkeysphere-authentication $(DESTDIR)$(PREFIX)/sbin + sed -i 's:__SYSSHAREDIR_PREFIX__:$(PREFIX):' $(DESTDIR)$(PREFIX)/sbin/monkeysphere-authentication + install src/monkeysphere-authentication-keys-for-user $(DESTDIR)$(PREFIX)/share/monkeysphere +- install -m 0755 src/share/common $(DESTDIR)$(PREFIX)/share/monkeysphere ++ install -m 0644 src/share/common $(DESTDIR)$(PREFIX)/share/monkeysphere + install -m 0644 src/share/defaultenv $(DESTDIR)$(PREFIX)/share/monkeysphere + sed -i 's:__SYSCONFDIR_PREFIX__:$(ETCPREFIX):' $(DESTDIR)$(PREFIX)/share/monkeysphere/defaultenv + sed -i 's:__SYSDATADIR_PREFIX__:$(LOCALSTATEDIR):' $(DESTDIR)$(PREFIX)/share/monkeysphere/defaultenv +diff --git a/src/share/common b/src/share/common +old mode 100755 +new mode 100644 +index 66181a3..b10a040 +--- a/src/share/common ++++ b/src/share/common +@@ -1,4 +1,3 @@ +-#!/usr/bin/env bash + # -*-shell-script-*- + # This should be sourced by bash (though we welcome changes to make it POSIX sh compliant) + +@@ -1022,7 +1021,3 @@ report_cruft() { + printf "The directories above are backups left over from a monkeysphere transition.\nThey may contain copies of sensitive data (host keys, certifier lists), but\nthey are no longer needed by monkeysphere.\nYou may remove them at any time.\n\n" | log info + fi + } +- +-if [ -n "$1" ] && [ "$(type -t "$1" || true)" = "function" ]; then +- "$@" +-fi +diff --git a/src/share/ma/add_certifier b/src/share/ma/add_certifier +index 1d450e7..5416aa9 100644 +--- a/src/share/ma/add_certifier ++++ b/src/share/ma/add_certifier +@@ -101,7 +101,7 @@ if [ -f "$keyID" -o "$keyID" = '-' ] ; then + # check the key is ok as monkeysphere user before loading + log debug "checking keys in file..." + fingerprint=$(su_monkeysphere_user \ +- "${SYSSHAREDIR}/common" list_primary_fingerprints < "$keyID") ++ bash -c ". ${SYSSHAREDIR}/common && list_primary_fingerprints" < "$keyID") + + if [ $(printf "%s" "$fingerprint" | egrep -c '^[A-F0-9]{40}$') -ne 1 ] ; then + failure "There was not exactly one gpg key in the file." +diff --git a/src/share/ma/update_users b/src/share/ma/update_users +index d23c125..4f83e0c 100644 +--- a/src/share/ma/update_users ++++ b/src/share/ma/update_users +@@ -79,7 +79,7 @@ for uname in $unames ; do + + # process authorized_user_ids file, as monkeysphere user + su_monkeysphere_user \ +- /usr/bin/env "STRICT_MODES=$STRICT_MODES" "${SYSSHAREDIR}/common" process_authorized_user_ids - \ ++ /usr/bin/env "STRICT_MODES=$STRICT_MODES" bash -c ". ${SYSSHAREDIR}/common && process_authorized_user_ids -" \ + < "$authorizedUserIDs" \ + > "$tmpAuthorizedKeys" + +diff --git a/src/share/mh/add_revoker b/src/share/mh/add_revoker +index 28b11ac..e00ac4e 100644 +--- a/src/share/mh/add_revoker ++++ b/src/share/mh/add_revoker +@@ -52,7 +52,7 @@ if [ -f "$revokerKeyID" -o "$revokerKeyID" = '-' ] ; then + # check the key is ok as monkeysphere user before loading + log debug "checking keys in file..." + fingerprint=$(su_monkeysphere_user \ +- "${SYSSHAREDIR}/common" list_primary_fingerprints < "$revokerKeyID") ++ bash -c ". ${SYSSHAREDIR}/common && list_primary_fingerprints" < "$revokerKeyID") + + if [ $(printf "%s" "$fingerprint" | egrep -c '^[A-F0-9]{40}$') -ne 1 ] ; then + failure "There was not exactly one gpg key in the file." +-- +2.7.3 + diff --git a/app-crypt/monkeysphere/files/monkeysphere-0.38-syssharedir-whitespace.patch b/app-crypt/monkeysphere/files/monkeysphere-0.38-syssharedir-whitespace.patch new file mode 100644 index 000000000000..65d3ba6a95aa --- /dev/null +++ b/app-crypt/monkeysphere/files/monkeysphere-0.38-syssharedir-whitespace.patch @@ -0,0 +1,53 @@ +From 0e339de4772b6de1849dc55790821c3dd5943be3 Mon Sep 17 00:00:00 2001 +From: Daniel Kahn Gillmor +Date: Tue, 9 Aug 2016 09:39:45 -0400 +Subject: [PATCH 2/2] ensure that this works even if SYSSHAREDIR has whitespace + +--- + src/share/ma/add_certifier | 2 +- + src/share/ma/update_users | 2 +- + src/share/mh/add_revoker | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/share/ma/add_certifier b/src/share/ma/add_certifier +index 5416aa9..9488806 100644 +--- a/src/share/ma/add_certifier ++++ b/src/share/ma/add_certifier +@@ -101,7 +101,7 @@ if [ -f "$keyID" -o "$keyID" = '-' ] ; then + # check the key is ok as monkeysphere user before loading + log debug "checking keys in file..." + fingerprint=$(su_monkeysphere_user \ +- bash -c ". ${SYSSHAREDIR}/common && list_primary_fingerprints" < "$keyID") ++ bash -c "$(printf ". %q && list_primary_fingerprints" "${SYSSHAREDIR}/common")" < "$keyID") + + if [ $(printf "%s" "$fingerprint" | egrep -c '^[A-F0-9]{40}$') -ne 1 ] ; then + failure "There was not exactly one gpg key in the file." +diff --git a/src/share/ma/update_users b/src/share/ma/update_users +index 4f83e0c..a0ec21b 100644 +--- a/src/share/ma/update_users ++++ b/src/share/ma/update_users +@@ -79,7 +79,7 @@ for uname in $unames ; do + + # process authorized_user_ids file, as monkeysphere user + su_monkeysphere_user \ +- /usr/bin/env "STRICT_MODES=$STRICT_MODES" bash -c ". ${SYSSHAREDIR}/common && process_authorized_user_ids -" \ ++ /usr/bin/env "STRICT_MODES=$STRICT_MODES" bash -c "$(printf ". %q && process_authorized_user_ids -" "${SYSSHAREDIR}/common")"\ + < "$authorizedUserIDs" \ + > "$tmpAuthorizedKeys" + +diff --git a/src/share/mh/add_revoker b/src/share/mh/add_revoker +index e00ac4e..de08961 100644 +--- a/src/share/mh/add_revoker ++++ b/src/share/mh/add_revoker +@@ -52,7 +52,7 @@ if [ -f "$revokerKeyID" -o "$revokerKeyID" = '-' ] ; then + # check the key is ok as monkeysphere user before loading + log debug "checking keys in file..." + fingerprint=$(su_monkeysphere_user \ +- bash -c ". ${SYSSHAREDIR}/common && list_primary_fingerprints" < "$revokerKeyID") ++ bash -c "$(printf ". %q && list_primary_fingerprints" "${SYSSHAREDIR}/common")" < "$revokerKeyID") + + if [ $(printf "%s" "$fingerprint" | egrep -c '^[A-F0-9]{40}$') -ne 1 ] ; then + failure "There was not exactly one gpg key in the file." +-- +2.7.3 + diff --git a/app-crypt/monkeysphere/files/monkeysphere-0.39-make-tests-work-with-gnupg-2.1.15.patch b/app-crypt/monkeysphere/files/monkeysphere-0.39-make-tests-work-with-gnupg-2.1.15.patch new file mode 100644 index 000000000000..776e633b3d73 --- /dev/null +++ b/app-crypt/monkeysphere/files/monkeysphere-0.39-make-tests-work-with-gnupg-2.1.15.patch @@ -0,0 +1,45 @@ +From b1dd8fb1b84c6eea25523c3ea746852b3dce6034 Mon Sep 17 00:00:00 2001 +From: Valo +Date: Wed, 31 Aug 2016 14:00:05 -0400 +Subject: [PATCH] Make tests pass with GnuPG 2.1.15 + +2.1.15 appears to always emit the fingerprint lines in these cases, +while 2.1.14 did not. +--- + tests/keytrans | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/tests/keytrans b/tests/keytrans +index 3076e3f..5c7d2c8 100755 +--- a/tests/keytrans ++++ b/tests/keytrans +@@ -140,7 +140,7 @@ uid:u::::$timestamp::8200BD0425CC70C7D698DF3FE412044EAAB83F94::testtest + sig:!::1:$KEYID:$timestamp::::monkeymonkey:13x:::::8 + EOF + +-diff -u "$TEMPDIR"/expectedout <(gpg --check-sigs --with-colons | grep -v ^tru | sed 's/:*$//') ++diff -u "$TEMPDIR"/expectedout <(gpg --check-sigs --with-colons | grep -vE '^(tru|fpr):' | sed 's/:*$//') + + echo "##################################################" + echo "### sleeping to avoid test suite breakage on fast" +@@ -170,7 +170,7 @@ rev:!::1:$KEYID:$revtime::::monkeymonkey:30x:::::8 + EOF + + +-diff -u "$TEMPDIR"/expectedout <(gpg --check-sigs --with-colons | grep -v ^tru | sed 's/:*$//') ++diff -u "$TEMPDIR"/expectedout <(gpg --check-sigs --with-colons | grep -vE '^(tru|fpr):' | sed 's/:*$//') + + + echo "##################################################" +@@ -206,7 +206,7 @@ sig:!::1:$NEWKEYID:$(($timestamp + 1))::::fubar:13x:::::8 + EOF + + echo "test: diff expected gpg list output" +-diff -u "$TEMPDIR"/expectedout <(gpg --check-sigs --with-colons | grep -v ^tru | sed 's/:*$//') ++diff -u "$TEMPDIR"/expectedout <(gpg --check-sigs --with-colons | grep -vE '^(tru|fpr):' | sed 's/:*$//') + + sort >"$TEMPDIR"/expectedout <