Hello community, here is the log from the commit of package gnome-keyring for openSUSE:Factory checked in at 2016-10-13 11:26:17 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gnome-keyring (Old) and /work/SRC/openSUSE:Factory/.gnome-keyring.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gnome-keyring" Changes: -------- --- /work/SRC/openSUSE:Factory/gnome-keyring/gnome-keyring.changes 2016-08-25 09:51:26.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.gnome-keyring.new/gnome-keyring.changes 2016-10-13 11:26:17.000000000 +0200 @@ -1,0 +2,6 @@ +Thu Oct 6 14:52:32 CEST 2016 - h...@suse.com + +- Update gnome-keyring-bsc932232-use-non-fips-md5.patch to fix + issue that was reintroduced (bsc#966229, bsc#966225). + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gnome-keyring-bsc932232-use-non-fips-md5.patch ++++++ --- /var/tmp/diff_new_pack.73SZWJ/_old 2016-10-13 11:26:18.000000000 +0200 +++ /var/tmp/diff_new_pack.73SZWJ/_new 2016-10-13 11:26:18.000000000 +0200 @@ -1,53 +1,5 @@ -diff --git a/egg/egg-openssl.c b/egg/egg-openssl.c -index c8dc3d9..201e12f 100644 ---- a/egg/egg-openssl.c -+++ b/egg/egg-openssl.c -@@ -225,7 +225,7 @@ egg_openssl_decrypt_block (const gchar *dekinfo, - g_return_val_if_fail (ivlen >= 8, FALSE); - - /* IV is already set from the DEK info */ -- if (!egg_symkey_generate_simple (algo, GCRY_MD_MD5, password, -+ if (!egg_symkey_generate_simple (algo, GCRY_MD_SHA1, password, - n_password, iv, 8, 1, &key, NULL)) { - g_free (iv); - return NULL; -@@ -288,7 +288,7 @@ egg_openssl_encrypt_block (const gchar *dekinfo, - g_return_val_if_fail (ivlen >= 8, NULL); - - /* IV is already set from the DEK info */ -- if (!egg_symkey_generate_simple (algo, GCRY_MD_MD5, password, -+ if (!egg_symkey_generate_simple (algo, GCRY_MD_SHA1, password, - n_password, iv, 8, 1, &key, NULL)) - g_return_val_if_reached (NULL); - -diff --git a/pkcs11/secret-store/dump-keyring0-format.c b/pkcs11/secret-store/dump-keyring0-format.c -index a459cd3..7ab9118 100644 ---- a/pkcs11/secret-store/dump-keyring0-format.c -+++ b/pkcs11/secret-store/dump-keyring0-format.c -@@ -557,12 +557,16 @@ static gboolean - verify_decrypted_buffer (Buffer *buffer) - { - guchar digest[16]; -+ GChecksum *cs; -+ gsize cs_len = sizeof (digest); - - /* In case the world changes on us... */ -- g_return_val_if_fail (gcry_md_get_algo_dlen (GCRY_MD_MD5) == sizeof (digest), 0); -+ g_return_val_if_fail (g_checksum_type_get_length (G_CHECKSUM_MD5) == sizeof (digest), 0); - -- gcry_md_hash_buffer (GCRY_MD_MD5, (void*)digest, -- (guchar*)buffer->buf + 16, buffer->len - 16); -+ cs = g_checksum_new (G_CHECKSUM_MD5); -+ g_checksum_update (cs, (const guchar *) buffer->buf + 16, buffer->len - 16); -+ g_checksum_get_digest (cs, digest, &cs_len); -+ g_checksum_free (cs); - - return memcmp (buffer->buf, digest, 16) == 0; - } -diff --git a/pkcs11/secret-store/gkm-secret-binary.c b/pkcs11/secret-store/gkm-secret-binary.c -index 9d7a1c7..4091f95 100644 ---- a/pkcs11/secret-store/gkm-secret-binary.c -+++ b/pkcs11/secret-store/gkm-secret-binary.c +--- a/pkcs11/secret-store/gkm-secret-binary.c ++++ a/pkcs11/secret-store/gkm-secret-binary.c @@ -437,12 +437,16 @@ static gboolean verify_decrypted_buffer (EggBuffer *buffer) { @@ -73,7 +25,7 @@ guchar salt[8]; guint flags = 0; + GChecksum *cs; -+ gsize cs_len; ++ gsize cs_len = sizeof (digest); int i; g_return_val_if_fail (GKM_IS_SECRET_COLLECTION (collection), GKM_DATA_FAILURE); @@ -98,11 +50,9 @@ memcpy (to_encrypt.buf, digest, 16); /* If no master password is set, we shouldn't be writing binary... */ -diff --git a/pkcs11/secret-store/gkm-secret-fields.c b/pkcs11/secret-store/gkm-secret-fields.c -index 9cf7417..c5a83c8 100644 ---- a/pkcs11/secret-store/gkm-secret-fields.c -+++ b/pkcs11/secret-store/gkm-secret-fields.c -@@ -110,12 +110,18 @@ static gchar* +--- a/pkcs11/secret-store/gkm-secret-fields.c ++++ a/pkcs11/secret-store/gkm-secret-fields.c +@@ -111,12 +111,18 @@ static gchar* compat_hash_value_as_string (const gchar *value) { guchar digest[16]; @@ -123,3 +73,27 @@ /* The old keyring code used lower case hex */ return egg_hex_encode_full (digest, sizeof (digest), FALSE, '\0', 0); +--- a/pkcs11/secret-store/tests/dump-keyring0-format.c ++++ a/pkcs11/secret-store/tests/dump-keyring0-format.c +@@ -556,13 +556,17 @@ decrypt_buffer (Buffer *buffer, + static gboolean + verify_decrypted_buffer (Buffer *buffer) + { +- guchar digest[16]; ++ guchar digest[16]; ++ GChecksum *cs; ++ gsize cs_len = sizeof (digest); + + /* In case the world changes on us... */ +- g_return_val_if_fail (gcry_md_get_algo_dlen (GCRY_MD_MD5) == sizeof (digest), 0); ++ g_return_val_if_fail (g_checksum_type_get_length (G_CHECKSUM_MD5) == sizeof (digest), 0); + +- gcry_md_hash_buffer (GCRY_MD_MD5, (void*)digest, +- (guchar*)buffer->buf + 16, buffer->len - 16); ++ cs = g_checksum_new (G_CHECKSUM_MD5); ++ g_checksum_update (cs, (const guchar *) buffer->buf + 16, buffer->len - 16); ++ g_checksum_get_digest (cs, digest, &cs_len); ++ g_checksum_free (cs); + + return memcmp (buffer->buf, digest, 16) == 0; + }