Hello community, here is the log from the commit of package libsecret for openSUSE:Factory checked in at 2017-07-21 22:42:28 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libsecret (Old) and /work/SRC/openSUSE:Factory/.libsecret.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libsecret" Fri Jul 21 22:42:28 2017 rev:16 rq:511100 version:0.18.5 Changes: -------- --- /work/SRC/openSUSE:Factory/libsecret/libsecret.changes 2016-08-31 00:03:46.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.libsecret.new/libsecret.changes 2017-07-21 22:42:29.539187052 +0200 @@ -1,0 +2,8 @@ +Mon Jul 17 15:25:56 UTC 2017 - [email protected] + +- Add libsecret-secret-size.patch: Ensure that generated secret + occupies the same number of bytes as prime. Eliminates random + errors while libsecret tries to talk to gnome-keyring + (bgo#778357). + +------------------------------------------------------------------- New: ---- libsecret-secret-size.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libsecret.spec ++++++ --- /var/tmp/diff_new_pack.44RlIC/_old 2017-07-21 22:42:30.035117094 +0200 +++ /var/tmp/diff_new_pack.44RlIC/_new 2017-07-21 22:42:30.039116530 +0200 @@ -1,7 +1,7 @@ # # spec file for package libsecret # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -27,6 +27,8 @@ Url: https://wiki.gnome.org/Projects/Libsecret Source0: http://download.gnome.org/sources/libsecret/0.18/%{name}-%{version}.tar.xz Source99: baselibs.conf +# PATCH-FIX-UPSTREAM libsecret-secret-size.patch bgo#778357 [email protected] -- Ensure that generated secret occupies the same number of bytes as prime. +Patch0: libsecret-secret-size.patch # PATCH-FIX-SLE libsecret-bsc932232-use-libgcrypt-allocators.patch bsc#932232 [email protected] -- use libgcrypt allocators for FIPS mode Patch1: libsecret-bsc932232-use-libgcrypt-allocators.patch BuildRequires: docbook-xsl-stylesheets @@ -92,6 +94,7 @@ %endif %prep %setup -q +%patch0 -p1 %if !0%{?is_opensuse} %patch1 -p1 %endif ++++++ libsecret-secret-size.patch ++++++ >From 998065599c66055dcffa1ef1ddebb947ccd68248 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tomasz=20Mi=C4=85sko?= <[email protected]> Date: Thu, 9 Feb 2017 09:45:01 +0100 Subject: DH: Ensure that generated secret occupies the same number of bytes as prime. https://bugzilla.gnome.org/show_bug.cgi?id=778357 --- egg/egg-dh.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/egg/egg-dh.c b/egg/egg-dh.c index e869c99..b190488 100644 --- a/egg/egg-dh.c +++ b/egg/egg-dh.c @@ -314,6 +314,7 @@ egg_dh_gen_secret (gcry_mpi_t peer, gcry_mpi_t priv, { gcry_error_t gcry; guchar *value; + gsize n_prime; gsize n_value; gcry_mpi_t k; gint bits; @@ -330,19 +331,25 @@ egg_dh_gen_secret (gcry_mpi_t peer, gcry_mpi_t priv, gcry_mpi_powm (k, peer, priv, prime); /* Write out the secret */ - gcry = gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0, &n_value, k); + gcry = gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0, &n_prime, prime); g_return_val_if_fail (gcry == 0, NULL); - value = egg_secure_alloc (n_value); - gcry = gcry_mpi_print (GCRYMPI_FMT_USG, value, n_value, &n_value, k); + value = egg_secure_alloc (n_prime); + gcry = gcry_mpi_print (GCRYMPI_FMT_USG, value, n_prime, &n_value, k); g_return_val_if_fail (gcry == 0, NULL); + /* Pad the secret with zero bytes to match length of prime in bytes. */ + if (n_value < n_prime) { + memmove (value + (n_prime - n_value), value, n_value); + memset (value, 0, (n_prime - n_value)); + } + #if DEBUG_DH_SECRET g_printerr ("DH SECRET: "); gcry_mpi_dump (k); #endif gcry_mpi_release (k); - *bytes = n_value; + *bytes = n_prime; #if DEBUG_DH_SECRET gcry_mpi_scan (&k, GCRYMPI_FMT_USG, value, bytes, NULL); -- cgit v0.12
