tags 879182 + patch
thanks

Patch, taken from upstream attached.

Neil

On Fri, Oct 20, 2017 at 12:07:59AM -0700, Paul Vojta wrote:
> Package: libsecret-1-0
> Version: 0.18.5-4
> Severity: normal
> 
> Dear Maintainer,
> 
> Approximately 1/256th of the time when using libsecret, it fails and prints 
> the following error message:
> 
>       ** Message: received an invalid or unencryptable secret
> 
> To duplicate, first save the following script as ./sstest and make it 
> executable:
> -----------------
> #! /bin/dash
> 
> rm -f /tmp/output
> for x in a b c d e; do
>   for y in a b c d e f g h i j; do
>     for z in a b c d e f g h i j; do
>       secret-tool lookup attr value >> /tmp/output 2>&1 || exit 1
>     done
>   done
> done
> echo 'No errors found.'
> -----------------
> 
> Then run the following commands:
> 
>       echo abcde | secret-tool store --label=test attr value
>       ./sstest || tail -5 /tmp/output
> 
> (The bug is inconsistent, so you may need to run the second line several times
> to see the message.  But it happens more than half of the times you run
> the script.)
> 
> This bug has been diagnosed and fixed upstream:
> 
>       https://bugzilla.gnome.org/show_bug.cgi?id=778357
>       
> https://git.gnome.org/browse/libsecret/commit/?id=998065599c66055dcffa1ef1ddebb947ccd68248
> 
> See also the messages in Debian Bug #659036.
> 
> Paul Vojta
> 
> 
> -- System Information:
> Debian Release: 9.1
>   APT prefers stable-updates
>   APT policy: (500, 'stable-updates'), (500, 'stable')
> Architecture: amd64 (x86_64)
> Foreign Architectures: i386
> 
> Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
> Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=C 
> (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Init: systemd (via /run/systemd/system)
> 
> Versions of packages libsecret-1-0 depends on:
> ii  libc6             2.24-11+deb9u1
> ii  libgcrypt20       1.7.6-2+deb9u2
> ii  libglib2.0-0      2.50.3-2
> ii  libsecret-common  0.18.5-3.1
> 
> libsecret-1-0 recommends no packages.
> 
> libsecret-1-0 suggests no packages.
> 
> -- no debconf information

-- 
diff -Nru libsecret-0.18.5/debian/patches/0005-invalid-or-unencryptable-secret.patch libsecret-0.18.5/debian/patches/0005-invalid-or-unencryptable-secret.patch
--- libsecret-0.18.5/debian/patches/0005-invalid-or-unencryptable-secret.patch	1970-01-01 01:00:00.000000000 +0100
+++ libsecret-0.18.5/debian/patches/0005-invalid-or-unencryptable-secret.patch	2018-03-13 13:29:55.000000000 +0000
@@ -0,0 +1,51 @@
+Description: Fixes for the error: The secret was transferred or encrypted in an invalid way.
+ Libsecret fails to perform any padding on DH, while gnome-keyring does prepend
+ null bytes. This adds the correct padding to the prime, rather than the
+ length.
+Origin: upstream, https://git.gnome.org/browse/libsecret/diff/?id=998065599c66055dcffa1ef1ddebb947ccd68248
+---
+Bug: https://bugzilla.gnome.org/show_bug.cgi?id=778357
+Bug-Debian: https://bugs.debian.org/879182
+Forwarded: not-needed
+Last-Update: 2018-03-13
+
+--- libsecret-0.18.5.orig/egg/egg-dh.c
++++ libsecret-0.18.5/egg/egg-dh.c
+@@ -314,6 +314,7 @@ egg_dh_gen_secret (gcry_mpi_t peer, gcry
+ {
+ 	gcry_error_t gcry;
+ 	guchar *value;
++	gsize n_prime;
+ 	gsize n_value;
+ 	gcry_mpi_t k;
+ 	gint bits;
+@@ -330,19 +331,25 @@ egg_dh_gen_secret (gcry_mpi_t peer, gcry
+ 	gcry_mpi_powm (k, peer, priv, prime);
+ 
+ 	/* Write out the secret */
+-	gcry = gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0, &n_value, k);
++	gcry = gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0, &n_prime, prime);
+ 	g_return_val_if_fail (gcry == 0, NULL);
+-	value = egg_secure_alloc (n_value);
+-	gcry = gcry_mpi_print (GCRYMPI_FMT_USG, value, n_value, &n_value, k);
++	value = egg_secure_alloc (n_prime);
++	gcry = gcry_mpi_print (GCRYMPI_FMT_USG, value, n_prime, &n_value, k);
+ 	g_return_val_if_fail (gcry == 0, NULL);
+ 
++	/* Pad the secret with zero bytes to match length of prime in bytes. */
++	if (n_value < n_prime) {
++		memmove (value + (n_prime - n_value), value, n_value);
++		memset (value, 0, (n_prime - n_value));
++	}
++
+ #if DEBUG_DH_SECRET
+ 	g_printerr ("DH SECRET: ");
+ 	gcry_mpi_dump (k);
+ #endif
+ 	gcry_mpi_release (k);
+ 
+-	*bytes = n_value;
++	*bytes = n_prime;
+ 
+ #if DEBUG_DH_SECRET
+ 	gcry_mpi_scan (&k, GCRYMPI_FMT_USG, value, bytes, NULL);
diff -Nru libsecret-0.18.5/debian/patches/series libsecret-0.18.5/debian/patches/series
--- libsecret-0.18.5/debian/patches/series	2018-01-31 19:28:23.000000000 +0000
+++ libsecret-0.18.5/debian/patches/series	2018-03-13 13:25:48.000000000 +0000
@@ -2,3 +2,4 @@
 0002-libsecret-Get-rid-of-PyGI-warnings-about-unspecified.patch
 0003-Makefile.am-Compile-vala-unstable-tests-with-SECRET_.patch
 0004-tests-collection-add-setup-delay.patch
+0005-invalid-or-unencryptable-secret.patch

Attachment: signature.asc
Description: PGP signature

Reply via email to