Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 669174 - <x11-plugins/enigmail-2.0.8-r1: Downloads and runs unsandboxed binary data by default
Summary: <x11-plugins/enigmail-2.0.8-r1: Downloads and runs unsandboxed binary data by...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Auditing (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Mozilla Gentoo Team
URL: https://bugs.debian.org/cgi-bin/bugre...
Whiteboard:
Keywords: STABLEREQ
Depends on:
Blocks:
 
Reported: 2018-10-21 08:26 UTC by Kristian Fiskerstrand (RETIRED)
Modified: 2018-11-28 13:05 UTC (History)
1 user (show)

See Also:
Package list:
x11-plugins/enigmail-2.0.8-r1
Runtime testing required: ---

Attachments
Debian patch to disable auto download and junior mode (0003-Avoid-auto-download-of-pEpEngine-Closes-891882.patch,1.32 KB, patch)
2018-10-21 08:34 UTC, Kristian Fiskerstrand (RETIRED) 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Kristian Fiskerstrand (RETIRED) gentoo-dev 2018-10-21 08:26:36 UTC 
Enigmail >=2.0 currently downloads binary data by default for PEP-support. Both the pep-author and enigmail author has stated that this is primarily intended for windows based systems and can easily be disabled, or at the very least be behind a default-disabled USE flag in Gentoo. See debian discussion from ${URL}.

Primarily we can set the current pref("extensions.enigmail.pEpAutoDownload", true); to false instead of the default true
Comment 1 Kristian Fiskerstrand (RETIRED) gentoo-dev 2018-10-21 08:34:42 UTC 
Created attachment 552070 [details, diff]
Debian patch to disable auto download and junior mode
Comment 2 Larry the Git Cow gentoo-dev 2018-11-06 20:52:31 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fdbc92c73affef75a85f0099fd133ad76672ee4c

commit fdbc92c73affef75a85f0099fd133ad76672ee4c
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2018-11-06 20:52:16 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2018-11-06 20:52:16 +0000

    x11-plugins/enigmail: Revbump to not auto-download pEp binaries.
    
    Bug: https://bugs.gentoo.org/669174
    Package-Manager: Portage-2.3.51, Repoman-2.3.12
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 x11-plugins/enigmail/enigmail-2.0.8-r1.ebuild      | 86 ++++++++++++++++++++++
 .../files/enigmail-no_pEp_auto_download.patch      | 33 +++++++++
 2 files changed, 119 insertions(+)
Comment 3 Kristian Fiskerstrand (RETIRED) gentoo-dev 2018-11-25 17:15:13 UTC 
Arches, please stabilize x11-plugins/enigmail-2.0.8-r1
Comment 4 Larry the Git Cow gentoo-dev 2018-11-25 18:51:41 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a7f126b71f3dbb319c6676524d8a05160ec3cba0

commit a7f126b71f3dbb319c6676524d8a05160ec3cba0
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2018-11-25 18:51:26 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2018-11-25 18:51:26 +0000

    x11-plugins/enigmail: move stable keywords
    
    Bug: https://bugs.gentoo.org/669174
    Package-Manager: Portage-2.3.52, Repoman-2.3.12
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 x11-plugins/enigmail/enigmail-2.0.8-r1.ebuild |  2 +-
 x11-plugins/enigmail/enigmail-2.0.8.ebuild    | 82 ---------------------------
 2 files changed, 1 insertion(+), 83 deletions(-)
Comment 5 Thomas Deutschmann (RETIRED) gentoo-dev 2018-11-25 18:53:22 UTC 
All done.

GLSA Vote: No

Repository is clean.