[ubuntu/jammy-proposed] gnome-keyring 40.0-3ubuntu1 (Accepted)

Rico Tzschichholz ricotz at ubuntu.com
Wed Oct 27 14:05:12 UTC 2021 

gnome-keyring (40.0-3ubuntu1) jammy; urgency=medium

  * Sync with Debian. Remaining changes:
    - debian/user/*, debian/gnome-keyring.links, debian/gnome-keyring.install:
      + Install units to start gnome-keyring with systemd if the session
        is using it

gnome-keyring (40.0-3) unstable; urgency=medium

  * Team upload
  * Don't add CAP_IPC_LOCK capability to gnome-keyring-daemon.
    GNOME Keyring uses "memory locking" to prevent memory buffers from being
    written out to swap, in an attempt to prevent passwords and other secrets
    from being written to disk unencrypted. Since Linux 2.6.9 (Debian 4.0,
    2007) it has been possible to lock memory up to the limit defined by
    RLIMIT_MEMLOCK without requiring the CAP_IPC_LOCK capability.
    Since GLib 2.70, security hardening in GLib means that this capability
    interferes with the ability to connect to the D-Bus session bus, which
    is required functionality for gnome-keyring.
    RLIMIT_MEMLOCK defaults to 64 KiB, although it is considerably higher on
    typical Debian systems due to #976373. If memory locking for larger
    quantities of secret data is required, please configure a higher
    RLIMIT_MEMLOCK in /etc/security/limits.conf.
    Using encrypted swap, with an ephemeral key if suspend-to-disk is not
    required, is recommended as a more robust way to prevent passwords
    from reaching disk. Full-disk encryption is also recommended for
    systems where confidentiality is important.
    (Closes: #994961)
  * Don't build with capabilities support on Linux architectures.
    Now that we are not setting CAP_IPC_LOCK, this is not useful, and
    disabling it silences some misleading warnings. gnome-keyring will still
    log a warning if it cannot allocate enough locked memory for its needs.
  * Add proposed patches to avoid unnecessary use of unlocked memory.
    Older versions of gnome-keyring did not always prevent larger items of
    secret data from being swapped out, even if they could, due to a logic
    error when allocating new blocks of locked memory.

gnome-keyring (40.0-2) unstable; urgency=medium

  * Build-Depend on debhelper-compat 13
  * Build-Depend on dh-sequence-gnome instead of gnome-pkg-tools
  * debian/rules: clean up unneeded rules
  * Release to unstable

Date: Wed, 27 Oct 2021 08:45:29 +0200
Changed-By: Rico Tzschichholz <ricotz at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Sebastien Bacher <seb128 at ubuntu.com>
https://launchpad.net/ubuntu/+source/gnome-keyring/40.0-3ubuntu1
-------------- next part --------------
Format: 1.8
Date: Wed, 27 Oct 2021 08:45:29 +0200
Source: gnome-keyring
Built-For-Profiles: noudeb
Architecture: source
Version: 40.0-3ubuntu1
Distribution: jammy
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Rico Tzschichholz <ricotz at ubuntu.com>
Closes: 994961
Changes:
 gnome-keyring (40.0-3ubuntu1) jammy; urgency=medium
 .
   * Sync with Debian. Remaining changes:
     - debian/user/*, debian/gnome-keyring.links, debian/gnome-keyring.install:
       + Install units to start gnome-keyring with systemd if the session
         is using it
 .
 gnome-keyring (40.0-3) unstable; urgency=medium
 .
   * Team upload
   * Don't add CAP_IPC_LOCK capability to gnome-keyring-daemon.
     GNOME Keyring uses "memory locking" to prevent memory buffers from being
     written out to swap, in an attempt to prevent passwords and other secrets
     from being written to disk unencrypted. Since Linux 2.6.9 (Debian 4.0,
     2007) it has been possible to lock memory up to the limit defined by
     RLIMIT_MEMLOCK without requiring the CAP_IPC_LOCK capability.
     Since GLib 2.70, security hardening in GLib means that this capability
     interferes with the ability to connect to the D-Bus session bus, which
     is required functionality for gnome-keyring.
     RLIMIT_MEMLOCK defaults to 64 KiB, although it is considerably higher on
     typical Debian systems due to #976373. If memory locking for larger
     quantities of secret data is required, please configure a higher
     RLIMIT_MEMLOCK in /etc/security/limits.conf.
     Using encrypted swap, with an ephemeral key if suspend-to-disk is not
     required, is recommended as a more robust way to prevent passwords
     from reaching disk. Full-disk encryption is also recommended for
     systems where confidentiality is important.
     (Closes: #994961)
   * Don't build with capabilities support on Linux architectures.
     Now that we are not setting CAP_IPC_LOCK, this is not useful, and
     disabling it silences some misleading warnings. gnome-keyring will still
     log a warning if it cannot allocate enough locked memory for its needs.
   * Add proposed patches to avoid unnecessary use of unlocked memory.
     Older versions of gnome-keyring did not always prevent larger items of
     secret data from being swapped out, even if they could, due to a logic
     error when allocating new blocks of locked memory.
 .
 gnome-keyring (40.0-2) unstable; urgency=medium
 .
   * Build-Depend on debhelper-compat 13
   * Build-Depend on dh-sequence-gnome instead of gnome-pkg-tools
   * debian/rules: clean up unneeded rules
   * Release to unstable
Checksums-Sha1:
 3564de5b97c7f66f0ea151438c29a336546ec881 2172 gnome-keyring_40.0-3ubuntu1.dsc
 0e5287f5e0c8a0dcce960824bd4e43b223ada2a7 1333440 gnome-keyring_40.0.orig.tar.xz
 0e9e86a029426f090aed9b2b1b0d2e80f0056297 21996 gnome-keyring_40.0-3ubuntu1.debian.tar.xz
 79285d461ef3b7f566d481a4ce73c79ed8ea3621 17590 gnome-keyring_40.0-3ubuntu1_source.buildinfo
Checksums-Sha256:
 afdd3f140b61858e1d4fce8161bab0694b458b8fb82483dc9e14fd23bafbafd8 2172 gnome-keyring_40.0-3ubuntu1.dsc
 a3d24db08ee2fdf240fbbf0971a98c8ee295aa0e1a774537f4ea938038a3b931 1333440 gnome-keyring_40.0.orig.tar.xz
 615a86ae99e473c13a20ac7dbd9743688c63a6d97bbb4f524be42c06446c592b 21996 gnome-keyring_40.0-3ubuntu1.debian.tar.xz
 2582ad1296b79ddf93ab6815a18d65554ab7ff54d0231eff116e62d2cea95576 17590 gnome-keyring_40.0-3ubuntu1_source.buildinfo
Files:
 06be2d2e932e725c89a245509bac7835 2172 gnome optional gnome-keyring_40.0-3ubuntu1.dsc
 f404b61683a0ff54fb264b337772cff2 1333440 gnome optional gnome-keyring_40.0.orig.tar.xz
 0e94b91f168f56a4bbb24dc19b937968 21996 gnome optional gnome-keyring_40.0-3ubuntu1.debian.tar.xz
 060b1b93a77b87fc98ec6b4949a21ea3 17590 gnome optional gnome-keyring_40.0-3ubuntu1_source.buildinfo
Original-Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers at lists.alioth.debian.org>

More information about the jammy-changes mailing list