Hello community,
here is the log from the commit of package gnome-keyring for openSUSE:Factory
checked in at 2017-07-21 22:42:22
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/gnome-keyring (Old)
and /work/SRC/openSUSE:Factory/.gnome-keyring.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gnome-keyring"
Fri Jul 21 22:42:22 2017 rev:127 rq:511099 version:3.20.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/gnome-keyring/gnome-keyring.changes
2017-07-08 12:26:57.981361442 +0200
+++ /work/SRC/openSUSE:Factory/.gnome-keyring.new/gnome-keyring.changes
2017-07-21 22:42:25.007826261 +0200
@@ -1,0 +2,8 @@
+Mon Jul 17 15:28:16 UTC 2017 - dims...@opensuse.org
+
+- Add gnome-keyring-secret-size.patch: Ensure that generated secret
+ occupies the same number of bytes as prime. Eliminates random
+ errors while libsecret tries to talk to gnome-keyring
+ (bgo#778357).
+
+-------------------------------------------------------------------
New:
----
gnome-keyring-secret-size.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ gnome-keyring.spec ++++++
--- /var/tmp/diff_new_pack.Mz1VhE/_old 2017-07-21 22:42:25.823711170 +0200
+++ /var/tmp/diff_new_pack.Mz1VhE/_new 2017-07-21 22:42:25.823711170 +0200
@@ -27,6 +27,8 @@
Source99: baselibs.conf
# PATCH-FIX-OPENSUSE gnome-keyring-pam-auth-prompt-password.patch bnc#466732
bgo#560488 vu...@novell.com -- Make the pam module prompt the password in auth,
so we can use pam-config. This is a workaround until bnc#477488 is implemented.
Patch0: gnome-keyring-pam-auth-prompt-password.patch
+# PATCH-FIX-UPSTREAM gnome-keyring-secret-size.patch bgo#778357
dims...@opensuse.org -- Ensure that generated secret occupies the same number
of bytes as prime.
+Patch1: gnome-keyring-secret-size.patch
# PATCH-FIX-SLE gnome-keyring-bsc932232-use-libgcrypt-allocators.patch
bsc#932232 h...@suse.com
Patch3: gnome-keyring-bsc932232-use-libgcrypt-allocators.patch
# PATCH-FIX-SLE gnome-keyring-bsc932232-use-non-fips-md5.patch bsc#932232
h...@suse.com
@@ -119,6 +121,7 @@
%setup -q
translation-update-upstream
%patch0 -p1
+%patch1 -p1
%if ! 0%{?is_opensuse}
%patch3 -p1
%patch4 -p1
++++++ gnome-keyring-secret-size.patch ++++++
>From 61bceb62ae7962d3507fcddaa3a904e4efa477d6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tomasz=20Mi=C4=85sko?= <tomasz.mia...@gmail.com>
Date: Thu, 9 Feb 2017 09:45:01 +0100
Subject: DH: Ensure that generated secret occupies the same number of bytes as
prime.
https://bugzilla.gnome.org/show_bug.cgi?id=778357
---
egg/egg-dh.c | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/egg/egg-dh.c b/egg/egg-dh.c
index ff9ded6..e968baf 100644
--- a/egg/egg-dh.c
+++ b/egg/egg-dh.c
@@ -311,6 +311,7 @@ egg_dh_gen_secret (gcry_mpi_t peer, gcry_mpi_t priv,
{
gcry_error_t gcry;
guchar *value;
+ gsize n_prime;
gsize n_value;
gcry_mpi_t k;
gint bits;
@@ -327,19 +328,25 @@ egg_dh_gen_secret (gcry_mpi_t peer, gcry_mpi_t priv,
gcry_mpi_powm (k, peer, priv, prime);
/* Write out the secret */
- gcry = gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0, &n_value, k);
+ gcry = gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0, &n_prime, prime);
g_return_val_if_fail (gcry == 0, NULL);
- value = egg_secure_alloc (n_value);
- gcry = gcry_mpi_print (GCRYMPI_FMT_USG, value, n_value, &n_value, k);
+ value = egg_secure_alloc (n_prime);
+ gcry = gcry_mpi_print (GCRYMPI_FMT_USG, value, n_prime, &n_value, k);
g_return_val_if_fail (gcry == 0, NULL);
+ /* Pad the secret with zero bytes to match length of prime in bytes. */
+ if (n_value < n_prime) {
+ memmove (value + (n_prime - n_value), value, n_value);
+ memset (value, 0, (n_prime - n_value));
+ }
+
#if DEBUG_DH_SECRET
g_printerr ("DH SECRET: ");
gcry_mpi_dump (k);
gcry_mpi_release (k);
#endif
- *bytes = n_value;
+ *bytes = n_prime;
#if DEBUG_DH_SECRET
gcry_mpi_scan (&k, GCRYMPI_FMT_USG, value, bytes, NULL);
--
cgit v0.12
