Hello community, here is the log from the commit of package gnome-keyring for openSUSE:Factory checked in at 2017-07-21 22:42:22 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gnome-keyring (Old) and /work/SRC/openSUSE:Factory/.gnome-keyring.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gnome-keyring" Fri Jul 21 22:42:22 2017 rev:127 rq:511099 version:3.20.1 Changes: -------- --- /work/SRC/openSUSE:Factory/gnome-keyring/gnome-keyring.changes 2017-07-08 12:26:57.981361442 +0200 +++ /work/SRC/openSUSE:Factory/.gnome-keyring.new/gnome-keyring.changes 2017-07-21 22:42:25.007826261 +0200 @@ -1,0 +2,8 @@ +Mon Jul 17 15:28:16 UTC 2017 - [email protected] + +- Add gnome-keyring-secret-size.patch: Ensure that generated secret + occupies the same number of bytes as prime. Eliminates random + errors while libsecret tries to talk to gnome-keyring + (bgo#778357). + +------------------------------------------------------------------- New: ---- gnome-keyring-secret-size.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gnome-keyring.spec ++++++ --- /var/tmp/diff_new_pack.Mz1VhE/_old 2017-07-21 22:42:25.823711170 +0200 +++ /var/tmp/diff_new_pack.Mz1VhE/_new 2017-07-21 22:42:25.823711170 +0200 @@ -27,6 +27,8 @@ Source99: baselibs.conf # PATCH-FIX-OPENSUSE gnome-keyring-pam-auth-prompt-password.patch bnc#466732 bgo#560488 [email protected] -- Make the pam module prompt the password in auth, so we can use pam-config. This is a workaround until bnc#477488 is implemented. Patch0: gnome-keyring-pam-auth-prompt-password.patch +# PATCH-FIX-UPSTREAM gnome-keyring-secret-size.patch bgo#778357 [email protected] -- Ensure that generated secret occupies the same number of bytes as prime. +Patch1: gnome-keyring-secret-size.patch # PATCH-FIX-SLE gnome-keyring-bsc932232-use-libgcrypt-allocators.patch bsc#932232 [email protected] Patch3: gnome-keyring-bsc932232-use-libgcrypt-allocators.patch # PATCH-FIX-SLE gnome-keyring-bsc932232-use-non-fips-md5.patch bsc#932232 [email protected] @@ -119,6 +121,7 @@ %setup -q translation-update-upstream %patch0 -p1 +%patch1 -p1 %if ! 0%{?is_opensuse} %patch3 -p1 %patch4 -p1 ++++++ gnome-keyring-secret-size.patch ++++++ >From 61bceb62ae7962d3507fcddaa3a904e4efa477d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tomasz=20Mi=C4=85sko?= <[email protected]> Date: Thu, 9 Feb 2017 09:45:01 +0100 Subject: DH: Ensure that generated secret occupies the same number of bytes as prime. https://bugzilla.gnome.org/show_bug.cgi?id=778357 --- egg/egg-dh.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/egg/egg-dh.c b/egg/egg-dh.c index ff9ded6..e968baf 100644 --- a/egg/egg-dh.c +++ b/egg/egg-dh.c @@ -311,6 +311,7 @@ egg_dh_gen_secret (gcry_mpi_t peer, gcry_mpi_t priv, { gcry_error_t gcry; guchar *value; + gsize n_prime; gsize n_value; gcry_mpi_t k; gint bits; @@ -327,19 +328,25 @@ egg_dh_gen_secret (gcry_mpi_t peer, gcry_mpi_t priv, gcry_mpi_powm (k, peer, priv, prime); /* Write out the secret */ - gcry = gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0, &n_value, k); + gcry = gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0, &n_prime, prime); g_return_val_if_fail (gcry == 0, NULL); - value = egg_secure_alloc (n_value); - gcry = gcry_mpi_print (GCRYMPI_FMT_USG, value, n_value, &n_value, k); + value = egg_secure_alloc (n_prime); + gcry = gcry_mpi_print (GCRYMPI_FMT_USG, value, n_prime, &n_value, k); g_return_val_if_fail (gcry == 0, NULL); + /* Pad the secret with zero bytes to match length of prime in bytes. */ + if (n_value < n_prime) { + memmove (value + (n_prime - n_value), value, n_value); + memset (value, 0, (n_prime - n_value)); + } + #if DEBUG_DH_SECRET g_printerr ("DH SECRET: "); gcry_mpi_dump (k); gcry_mpi_release (k); #endif - *bytes = n_value; + *bytes = n_prime; #if DEBUG_DH_SECRET gcry_mpi_scan (&k, GCRYMPI_FMT_USG, value, bytes, NULL); -- cgit v0.12
