gnome-keyring 40.0-3ubuntu1 source package in Ubuntu
Changelog
gnome-keyring (40.0-3ubuntu1) jammy; urgency=medium
* Sync with Debian. Remaining changes:
- debian/user/*, debian/gnome-keyring.links, debian/gnome-keyring.install:
+ Install units to start gnome-keyring with systemd if the session
is using it
gnome-keyring (40.0-3) unstable; urgency=medium
* Team upload
* Don't add CAP_IPC_LOCK capability to gnome-keyring-daemon.
GNOME Keyring uses "memory locking" to prevent memory buffers from being
written out to swap, in an attempt to prevent passwords and other secrets
from being written to disk unencrypted. Since Linux 2.6.9 (Debian 4.0,
2007) it has been possible to lock memory up to the limit defined by
RLIMIT_MEMLOCK without requiring the CAP_IPC_LOCK capability.
Since GLib 2.70, security hardening in GLib means that this capability
interferes with the ability to connect to the D-Bus session bus, which
is required functionality for gnome-keyring.
RLIMIT_MEMLOCK defaults to 64 KiB, although it is considerably higher on
typical Debian systems due to #976373. If memory locking for larger
quantities of secret data is required, please configure a higher
RLIMIT_MEMLOCK in /etc/security/limits.conf.
Using encrypted swap, with an ephemeral key if suspend-to-disk is not
required, is recommended as a more robust way to prevent passwords
from reaching disk. Full-disk encryption is also recommended for
systems where confidentiality is important.
(Closes: #994961)
* Don't build with capabilities support on Linux architectures.
Now that we are not setting CAP_IPC_LOCK, this is not useful, and
disabling it silences some misleading warnings. gnome-keyring will still
log a warning if it cannot allocate enough locked memory for its needs.
* Add proposed patches to avoid unnecessary use of unlocked memory.
Older versions of gnome-keyring did not always prevent larger items of
secret data from being swapped out, even if they could, due to a logic
error when allocating new blocks of locked memory.
gnome-keyring (40.0-2) unstable; urgency=medium
* Build-Depend on debhelper-compat 13
* Build-Depend on dh-sequence-gnome instead of gnome-pkg-tools
* debian/rules: clean up unneeded rules
* Release to unstable
-- Rico Tzschichholz <email address hidden> Wed, 27 Oct 2021 08:45:29 +0200
Upload details
- Uploaded by:
- Rico Tzschichholz
- Sponsored by:
- Sebastien Bacher
- Uploaded to:
- Jammy
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any
- Section:
- gnome
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| gnome-keyring_40.0.orig.tar.xz | 1.3 MiB | a3d24db08ee2fdf240fbbf0971a98c8ee295aa0e1a774537f4ea938038a3b931 |
| gnome-keyring_40.0-3ubuntu1.debian.tar.xz | 21.5 KiB | 615a86ae99e473c13a20ac7dbd9743688c63a6d97bbb4f524be42c06446c592b |
| gnome-keyring_40.0-3ubuntu1.dsc | 2.1 KiB | afdd3f140b61858e1d4fce8161bab0694b458b8fb82483dc9e14fd23bafbafd8 |
Available diffs
- diff from 40.0-1ubuntu2 to 40.0-3ubuntu1 (4.2 KiB)
Binary packages built by this source
- gnome-keyring: GNOME keyring services (daemon and tools)
gnome-keyring is a daemon in the session, similar to ssh-agent,
and other applications can use it to store passwords and other
sensitive information.
.
The program can manage several keyrings, each with its own master
password, and there is also a session keyring which is never stored to
disk, but forgotten when the session ends.
- gnome-keyring-dbgsym: debug symbols for gnome-keyring
- gnome-keyring-pkcs11: GNOME keyring module for the PKCS#11 module loading library
gnome-keyring is a daemon in the session, similar to ssh-agent,
and other applications can use it to store passwords and other
sensitive information.
.
This package contains a PKCS#11 module that will allow using the GNOME
keyring as a certificate database.
- gnome-keyring-pkcs11-dbgsym: debug symbols for gnome-keyring-pkcs11
- libpam-gnome-keyring: PAM module to unlock the GNOME keyring upon login
gnome-keyring is a daemon in the session, similar to ssh-agent,
and other applications can use it to store passwords and other
sensitive information.
.
This package contains a PAM module that will automatically unlock the
keyrings using your login password, making gnome-keyring usage
transparent without losing its security benefits.
.
When installed, this module will automatically be used by GDM and
gnome-screensaver to unlock your keyrings when logging in and when
unlocking the screen saver.
- libpam-gnome-keyring-dbgsym: debug symbols for libpam-gnome-keyring
