Hello community,

here is the log from the commit of package gnome-keyring for openSUSE:Factory 
checked in at 2016-10-13 11:26:17
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/gnome-keyring (Old)
 and      /work/SRC/openSUSE:Factory/.gnome-keyring.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "gnome-keyring"

Changes:
--------
--- /work/SRC/openSUSE:Factory/gnome-keyring/gnome-keyring.changes      
2016-08-25 09:51:26.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.gnome-keyring.new/gnome-keyring.changes 
2016-10-13 11:26:17.000000000 +0200
@@ -1,0 +2,6 @@
+Thu Oct  6 14:52:32 CEST 2016 - h...@suse.com
+
+- Update gnome-keyring-bsc932232-use-non-fips-md5.patch to fix
+  issue that was reintroduced (bsc#966229, bsc#966225).
+
+-------------------------------------------------------------------

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ gnome-keyring-bsc932232-use-non-fips-md5.patch ++++++
--- /var/tmp/diff_new_pack.73SZWJ/_old  2016-10-13 11:26:18.000000000 +0200
+++ /var/tmp/diff_new_pack.73SZWJ/_new  2016-10-13 11:26:18.000000000 +0200
@@ -1,53 +1,5 @@
-diff --git a/egg/egg-openssl.c b/egg/egg-openssl.c
-index c8dc3d9..201e12f 100644
---- a/egg/egg-openssl.c
-+++ b/egg/egg-openssl.c
-@@ -225,7 +225,7 @@ egg_openssl_decrypt_block (const gchar *dekinfo,
-       g_return_val_if_fail (ivlen >= 8, FALSE);
- 
-       /* IV is already set from the DEK info */
--      if (!egg_symkey_generate_simple (algo, GCRY_MD_MD5, password,
-+      if (!egg_symkey_generate_simple (algo, GCRY_MD_SHA1, password,
-                                        n_password, iv, 8, 1, &key, NULL)) {
-               g_free (iv);
-               return NULL;
-@@ -288,7 +288,7 @@ egg_openssl_encrypt_block (const gchar *dekinfo,
-       g_return_val_if_fail (ivlen >= 8, NULL);
- 
-       /* IV is already set from the DEK info */
--      if (!egg_symkey_generate_simple (algo, GCRY_MD_MD5, password,
-+      if (!egg_symkey_generate_simple (algo, GCRY_MD_SHA1, password,
-                                               n_password, iv, 8, 1, &key, 
NULL))
-               g_return_val_if_reached (NULL);
- 
-diff --git a/pkcs11/secret-store/dump-keyring0-format.c 
b/pkcs11/secret-store/dump-keyring0-format.c
-index a459cd3..7ab9118 100644
---- a/pkcs11/secret-store/dump-keyring0-format.c
-+++ b/pkcs11/secret-store/dump-keyring0-format.c
-@@ -557,12 +557,16 @@ static gboolean
- verify_decrypted_buffer (Buffer *buffer)
- {
-       guchar digest[16];
-+      GChecksum *cs;
-+      gsize cs_len = sizeof (digest);
- 
-       /* In case the world changes on us... */
--      g_return_val_if_fail (gcry_md_get_algo_dlen (GCRY_MD_MD5) == sizeof 
(digest), 0);
-+      g_return_val_if_fail (g_checksum_type_get_length (G_CHECKSUM_MD5) == 
sizeof (digest), 0);
- 
--      gcry_md_hash_buffer (GCRY_MD_MD5, (void*)digest,
--                           (guchar*)buffer->buf + 16, buffer->len - 16);
-+      cs = g_checksum_new (G_CHECKSUM_MD5);
-+      g_checksum_update (cs, (const guchar *) buffer->buf + 16, buffer->len - 
16);
-+      g_checksum_get_digest (cs, digest, &cs_len);
-+      g_checksum_free (cs);
- 
-       return memcmp (buffer->buf, digest, 16) == 0;
- }
-diff --git a/pkcs11/secret-store/gkm-secret-binary.c 
b/pkcs11/secret-store/gkm-secret-binary.c
-index 9d7a1c7..4091f95 100644
---- a/pkcs11/secret-store/gkm-secret-binary.c
-+++ b/pkcs11/secret-store/gkm-secret-binary.c
+--- a/pkcs11/secret-store/gkm-secret-binary.c  
++++ a/pkcs11/secret-store/gkm-secret-binary.c  
 @@ -437,12 +437,16 @@ static gboolean
  verify_decrypted_buffer (EggBuffer *buffer)
  {
@@ -73,7 +25,7 @@
          guchar salt[8];
        guint flags = 0;
 +      GChecksum *cs;
-+      gsize cs_len;
++      gsize cs_len = sizeof (digest);
        int i;
  
        g_return_val_if_fail (GKM_IS_SECRET_COLLECTION (collection), 
GKM_DATA_FAILURE);
@@ -98,11 +50,9 @@
        memcpy (to_encrypt.buf, digest, 16);
  
        /* If no master password is set, we shouldn't be writing binary... */
-diff --git a/pkcs11/secret-store/gkm-secret-fields.c 
b/pkcs11/secret-store/gkm-secret-fields.c
-index 9cf7417..c5a83c8 100644
---- a/pkcs11/secret-store/gkm-secret-fields.c
-+++ b/pkcs11/secret-store/gkm-secret-fields.c
-@@ -110,12 +110,18 @@ static gchar*
+--- a/pkcs11/secret-store/gkm-secret-fields.c  
++++ a/pkcs11/secret-store/gkm-secret-fields.c  
+@@ -111,12 +111,18 @@ static gchar*
  compat_hash_value_as_string (const gchar *value)
  {
        guchar digest[16];
@@ -123,3 +73,27 @@
  
        /* The old keyring code used lower case hex */
        return egg_hex_encode_full (digest, sizeof (digest), FALSE, '\0', 0);
+--- a/pkcs11/secret-store/tests/dump-keyring0-format.c 
++++ a/pkcs11/secret-store/tests/dump-keyring0-format.c 
+@@ -556,13 +556,17 @@ decrypt_buffer (Buffer *buffer,
+ static gboolean
+ verify_decrypted_buffer (Buffer *buffer)
+ {
+-      guchar digest[16];
++        guchar digest[16];
++      GChecksum *cs;
++      gsize cs_len = sizeof (digest);
+ 
+       /* In case the world changes on us... */
+-      g_return_val_if_fail (gcry_md_get_algo_dlen (GCRY_MD_MD5) == sizeof 
(digest), 0);
++      g_return_val_if_fail (g_checksum_type_get_length (G_CHECKSUM_MD5) == 
sizeof (digest), 0);
+ 
+-      gcry_md_hash_buffer (GCRY_MD_MD5, (void*)digest,
+-                           (guchar*)buffer->buf + 16, buffer->len - 16);
++      cs = g_checksum_new (G_CHECKSUM_MD5);
++      g_checksum_update (cs, (const guchar *) buffer->buf + 16, buffer->len - 
16);
++      g_checksum_get_digest (cs, digest, &cs_len);
++      g_checksum_free (cs);
+ 
+       return memcmp (buffer->buf, digest, 16) == 0;
+ }


Reply via email to