Hello community, here is the log from the commit of package gnome-keyring for openSUSE:Factory checked in at 2018-03-30 11:57:06 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gnome-keyring (Old) and /work/SRC/openSUSE:Factory/.gnome-keyring.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gnome-keyring" Fri Mar 30 11:57:06 2018 rev:131 rq:592268 version:3.28.0.2 Changes: -------- --- /work/SRC/openSUSE:Factory/gnome-keyring/gnome-keyring.changes 2018-03-26 12:47:09.371778550 +0200 +++ /work/SRC/openSUSE:Factory/.gnome-keyring.new/gnome-keyring.changes 2018-03-30 11:57:09.164016113 +0200 @@ -1,0 +2,7 @@ +Mon Mar 26 02:58:56 UTC 2018 - luc1...@linuxmail.org + +- Update to version 3.28.0.2: + + Fix glitches in ssh-agent (bgo#794361, bgo#794368, bgo#794369, + bgo#794500, bgo#794631). + +------------------------------------------------------------------- Old: ---- gnome-keyring-3.28.0.1.tar.xz New: ---- gnome-keyring-3.28.0.2.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gnome-keyring.spec ++++++ --- /var/tmp/diff_new_pack.JejEcF/_old 2018-03-30 11:57:09.751994849 +0200 +++ /var/tmp/diff_new_pack.JejEcF/_new 2018-03-30 11:57:09.755994703 +0200 @@ -17,7 +17,7 @@ Name: gnome-keyring -Version: 3.28.0.1 +Version: 3.28.0.2 Release: 0 Summary: GNOME Keyring License: GPL-2.0-or-later AND LGPL-2.1-or-later ++++++ gnome-keyring-3.28.0.1.tar.xz -> gnome-keyring-3.28.0.2.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gnome-keyring-3.28.0.1/ChangeLog new/gnome-keyring-3.28.0.2/ChangeLog --- old/gnome-keyring-3.28.0.1/ChangeLog 2018-03-13 07:02:19.000000000 +0100 +++ new/gnome-keyring-3.28.0.2/ChangeLog 2018-03-25 10:13:49.000000000 +0200 @@ -1,5 +1,156 @@ # Generate automatically. Do not edit. +commit 4dd8fb181d70abef2b0d8cbb5fb11e8203b14c46 +Author: Daiki Ueno <du...@src.gnome.org> +Date: 2018-03-25 + + Release 3.28.0.2 + + NEWS | 3 +++ + configure.ac | 2 +- + 2 files changed, 4 insertions(+), 1 deletion(-) + +commit a0526d18152028e967b7baa5bc039c38a487672a +Author: Daiki Ueno <du...@src.gnome.org> +Date: 2018-03-24 + + login: Use password from login keyring once for the same interaction + + https://bugzilla.gnome.org/show_bug.cgi?id=794631 + + daemon/login/gkd-login-interaction.c | 20 +++++++++++++------- + 1 file changed, 13 insertions(+), 7 deletions(-) + +commit a6a5c89dfe81abb1541bfd824087c910451767f8 +Author: Daiki Ueno <du...@src.gnome.org> +Date: 2018-03-23 + + egg: Port cosmetic fixes to egg-secure-memory.c from libsecret + + egg/egg-secure-memory.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +commit b70a10e0953a7e0a13ca3705677aa974451e2fa1 +Author: Daiki Ueno <du...@src.gnome.org> +Date: 2018-03-20 + + login: Use the same label as before when storing password + + https://bugzilla.gnome.org/show_bug.cgi?id=794500 + + daemon/login/gkd-login-interaction.c | 6 +++++- + po/POTFILES.in | 1 + + 2 files changed, 6 insertions(+), 1 deletion(-) + +commit afbdb0a04b3c737003a3dc0cec0095ba0c2256c2 +Author: Daiki Ueno <du...@src.gnome.org> +Date: 2018-03-20 + + ssh-agent: Don't be too verbose on password prompt + + This partially reverts the change in 869b5c6d, so as not to display + duplicate words on the password prompt. + + https://bugzilla.gnome.org/show_bug.cgi?id=794500 + + daemon/ssh-agent/gkd-ssh-agent-service.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +commit e360238029de47cafa974f4e0c2bd4ec793cd84b +Author: Daiki Ueno <du...@src.gnome.org> +Date: 2018-03-20 + + build: Suppress compiler warnings with -Wdiscarded-qualifiers + + daemon/login/gkd-login-interaction.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +commit 0db5a03011040fb68021ed4d034627e1ac06b86f +Author: Daiki Ueno <du...@src.gnome.org> +Date: 2018-03-16 + + ssh-agent: Make EOF handling robuster + + https://bugzilla.gnome.org/show_bug.cgi?id=794369 + + daemon/ssh-agent/gkd-ssh-agent-service.c | 3 ++- + daemon/ssh-agent/gkd-ssh-agent-util.c | 6 ++++++ + daemon/ssh-agent/test-gkd-ssh-agent-service.c | 8 ++++---- + 3 files changed, 12 insertions(+), 5 deletions(-) + +commit a19966ba0ef403e8eed733cc9be8b1d45a3787e4 +Author: Daiki Ueno <du...@src.gnome.org> +Date: 2018-03-16 + + ssh-agent: Allow opening multiple connections to inferior ssh-agent + + Previously, it keeps only one connection to the inferior ssh-agent + process. That prevented simultaneous access to gnome-keyring's + ssh-agent service. With this patch, it always opens a new connection + to the inferior ssh-agent process when a new client connects. + + https://bugzilla.gnome.org/show_bug.cgi?id=794369 + + daemon/ssh-agent/gkd-ssh-agent-process.c | 29 ++++------------------- + daemon/ssh-agent/gkd-ssh-agent-process.h | 7 +----- + daemon/ssh-agent/gkd-ssh-agent-service.c | 34 ++++++++++++++++++--------- + daemon/ssh-agent/gkd-ssh-agent-util.c | 11 +++++++++ + daemon/ssh-agent/gkd-ssh-agent-util.h | 6 +++++ + daemon/ssh-agent/test-gkd-ssh-agent-process.c | 10 ++++---- + 6 files changed, 51 insertions(+), 46 deletions(-) + +commit 869b5c6da3b8d5bccd31c1cbb83477ead783a833 +Author: Daiki Ueno <du...@src.gnome.org> +Date: 2018-03-16 + + ssh-agent: Use the same parameters for accessing login keyring + + When looking up a secret in the login keyring, do not supply any + schema in the criteria, while using "org.freedesktop.Secret.Generic" + as schema when storing it. This is for backward compatibility with + gnome-keyring 2.29, which used "org.gnome.keyring.EncryptionKey" as + schema. + + In addtion, use the same label for the newly stored passwords as + before. + + https://bugzilla.gnome.org/show_bug.cgi?id=794368 + + daemon/ssh-agent/gkd-ssh-agent-service.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +commit 0a003f02590b99490420442d9d86bea186dbbf69 +Author: Daiki Ueno <du...@src.gnome.org> +Date: 2018-03-16 + + login: Allow different sets of secret attributes for lookup/storing + + https://bugzilla.gnome.org/show_bug.cgi?id=794368 + + daemon/login/gkd-login-interaction.c | 28 +++++++++++++++++++++++----- + 1 file changed, 23 insertions(+), 5 deletions(-) + +commit 153ae24bd706dd505f496ffe63023c49de3842ae +Author: Daiki Ueno <du...@src.gnome.org> +Date: 2018-03-16 + + ssh-agent: Propagate stderr to journal when spawning ssh-add + + ssh-add fails in certain occasions, such as when the file permissions + of private key is not unsafe. To help diagnostics, propagate the + stderr output from the command to journal. + + As the ssh commands send error message with trailing CR for each line, + we need to scrub it so as not to confuse journald. + + https://bugzilla.gnome.org/show_bug.cgi?id=794361 + + daemon/ssh-agent/gkd-ssh-agent-service.c | 8 +++++--- + daemon/ssh-agent/gkd-ssh-agent-util.c | 16 ++++++++++++++++ + daemon/ssh-agent/gkd-ssh-agent-util.h | 1 + + daemon/ssh-agent/test-gkd-ssh-agent-util.c | 29 +++++++++++++++++++++++++++++ + 4 files changed, 51 insertions(+), 3 deletions(-) + commit ff561a38675fdb07ec14512ed8d0aeaf39d4fa8a Author: Daiki Ueno <du...@src.gnome.org> Date: 2018-03-13 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gnome-keyring-3.28.0.1/NEWS new/gnome-keyring-3.28.0.2/NEWS --- old/gnome-keyring-3.28.0.1/NEWS 2018-03-13 06:02:43.000000000 +0100 +++ new/gnome-keyring-3.28.0.2/NEWS 2018-03-25 10:05:01.000000000 +0200 @@ -1,3 +1,6 @@ +Changes in version 3.28.0.2 are: + * Fix glitches in ssh-agent [#794361, #794368, #794369, #794500, #794631] + Changes in version 3.28.0.1 are: * Fix linking with "-z defs" [#794274] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gnome-keyring-3.28.0.1/configure new/gnome-keyring-3.28.0.2/configure --- old/gnome-keyring-3.28.0.1/configure 2018-03-13 06:58:34.000000000 +0100 +++ new/gnome-keyring-3.28.0.2/configure 2018-03-25 10:09:41.000000000 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for gnome-keyring 3.28.0.1. +# Generated by GNU Autoconf 2.69 for gnome-keyring 3.28.0.2. # # Report bugs to <gnome-keyring-l...@gnome.org>. # @@ -590,8 +590,8 @@ # Identity of this package. PACKAGE_NAME='gnome-keyring' PACKAGE_TARNAME='gnome-keyring' -PACKAGE_VERSION='3.28.0.1' -PACKAGE_STRING='gnome-keyring 3.28.0.1' +PACKAGE_VERSION='3.28.0.2' +PACKAGE_STRING='gnome-keyring 3.28.0.2' PACKAGE_BUGREPORT='gnome-keyring-l...@gnome.org' PACKAGE_URL='https://wiki.gnome.org/Projects/GnomeKeyring' @@ -1437,7 +1437,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures gnome-keyring 3.28.0.1 to adapt to many kinds of systems. +\`configure' configures gnome-keyring 3.28.0.2 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1507,7 +1507,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of gnome-keyring 3.28.0.1:";; + short | recursive ) echo "Configuration of gnome-keyring 3.28.0.2:";; esac cat <<\_ACEOF @@ -1687,7 +1687,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -gnome-keyring configure 3.28.0.1 +gnome-keyring configure 3.28.0.2 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2110,7 +2110,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by gnome-keyring $as_me 3.28.0.1, which was +It was created by gnome-keyring $as_me 3.28.0.2, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -3001,7 +3001,7 @@ # Define the identity of the package. PACKAGE='gnome-keyring' - VERSION='3.28.0.1' + VERSION='3.28.0.2' cat >>confdefs.h <<_ACEOF @@ -18941,7 +18941,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by gnome-keyring $as_me 3.28.0.1, which was +This file was extended by gnome-keyring $as_me 3.28.0.2, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -19008,7 +19008,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -gnome-keyring config.status 3.28.0.1 +gnome-keyring config.status 3.28.0.2 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gnome-keyring-3.28.0.1/configure.ac new/gnome-keyring-3.28.0.2/configure.ac --- old/gnome-keyring-3.28.0.1/configure.ac 2018-03-13 06:00:18.000000000 +0100 +++ new/gnome-keyring-3.28.0.2/configure.ac 2018-03-25 10:05:06.000000000 +0200 @@ -1,5 +1,5 @@ AC_INIT(gnome-keyring, - 3.28.0.1, + 3.28.0.2, [gnome-keyring-l...@gnome.org], [gnome-keyring], [https://wiki.gnome.org/Projects/GnomeKeyring]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gnome-keyring-3.28.0.1/daemon/login/gkd-login-interaction.c new/gnome-keyring-3.28.0.2/daemon/login/gkd-login-interaction.c --- old/gnome-keyring-3.28.0.1/daemon/login/gkd-login-interaction.c 2018-03-04 10:25:09.000000000 +0100 +++ new/gnome-keyring-3.28.0.2/daemon/login/gkd-login-interaction.c 2018-03-25 10:01:54.000000000 +0200 @@ -29,8 +29,12 @@ #include "gkd-login.h" #include "egg/egg-secure-memory.h" +#include <glib/gi18n.h> #include <string.h> +static const gchar *XDG_SCHEMA = "xdg:schema"; +static const gchar *GENERIC_SCHEMA_VALUE = "org.freedesktop.Secret.Generic"; + enum { PROP_0, PROP_BASE, @@ -46,8 +50,10 @@ GTlsInteraction *base; GckSession *session; gchar *label; - GHashTable *fields; + GHashTable *lookup_fields; + GHashTable *store_fields; gboolean login_available; + gboolean login_checked; }; G_DEFINE_TYPE (GkdLoginInteraction, gkd_login_interaction, G_TYPE_TLS_INTERACTION); @@ -66,6 +72,19 @@ self->login_available = gkd_login_available (self->session); + if (g_hash_table_contains (self->lookup_fields, (gpointer) XDG_SCHEMA)) + self->store_fields = g_hash_table_ref (self->lookup_fields); + else { + GHashTableIter iter; + gpointer key, value; + + self->store_fields = g_hash_table_new (g_str_hash, g_str_equal); + g_hash_table_iter_init (&iter, self->lookup_fields); + while (g_hash_table_iter_next (&iter, &key, &value)) + g_hash_table_insert (self->store_fields, key, value); + g_hash_table_insert (self->store_fields, (gpointer) XDG_SCHEMA, (gpointer) GENERIC_SCHEMA_VALUE); + } + G_OBJECT_CLASS (gkd_login_interaction_parent_class)->constructed (object); } @@ -119,13 +138,18 @@ /* If the login keyring is available, look for the password there */ if (self->login_available) { - gchar *value = gkd_login_lookup_passwordv (self->session, self->fields); - if (value) { - g_tls_password_set_value_full (G_TLS_PASSWORD (login_password), (guchar *)value, strlen (value), (GDestroyNotify)egg_secure_free); - g_object_unref (login_password); - g_task_return_int (task, G_TLS_INTERACTION_HANDLED); - g_object_unref (task); - return; + if (self->login_checked) + g_message ("already attempted to use password from login keyring"); + else { + gchar *value = gkd_login_lookup_passwordv (self->session, self->lookup_fields); + self->login_checked = TRUE; + if (value) { + g_tls_password_set_value_full (G_TLS_PASSWORD (login_password), (guchar *)value, strlen (value), (GDestroyNotify)egg_secure_free); + g_object_unref (login_password); + g_task_return_int (task, G_TLS_INTERACTION_HANDLED); + g_object_unref (task); + return; + } } } @@ -158,17 +182,20 @@ const guchar *value; gsize length; gchar *password; + gchar *label; value = g_tls_password_get_value (G_TLS_PASSWORD (login_password), &length); password = egg_secure_strndup ((const gchar *)value, length); + label = g_strdup_printf (_("Unlock password for: %s"), self->label); gkd_login_store_passwordv (self->session, password, - self->label, + label, GCR_UNLOCK_OPTION_ALWAYS, -1, - self->fields); + self->store_fields); egg_secure_free (password); + g_free (label); } return result; @@ -194,7 +221,7 @@ self->label = g_value_dup_string (value); break; case PROP_FIELDS: - self->fields = g_value_dup_boxed (value); + self->lookup_fields = g_value_dup_boxed (value); break; default: G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); @@ -219,7 +246,8 @@ GkdLoginInteraction *self = GKD_LOGIN_INTERACTION (object); g_free (self->label); - g_hash_table_unref (self->fields); + g_hash_table_unref (self->lookup_fields); + g_hash_table_unref (self->store_fields); G_OBJECT_CLASS (gkd_login_interaction_parent_class)->finalize (object); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gnome-keyring-3.28.0.1/daemon/ssh-agent/gkd-ssh-agent-process.c new/gnome-keyring-3.28.0.2/daemon/ssh-agent/gkd-ssh-agent-process.c --- old/gnome-keyring-3.28.0.1/daemon/ssh-agent/gkd-ssh-agent-process.c 2018-03-04 10:25:09.000000000 +0100 +++ new/gnome-keyring-3.28.0.2/daemon/ssh-agent/gkd-ssh-agent-process.c 2018-03-20 03:29:10.000000000 +0100 @@ -47,7 +47,6 @@ { GObject object; gchar *path; - GSocketConnection *connection; gint output; GMutex lock; GPid pid; @@ -70,7 +69,6 @@ { GkdSshAgentProcess *self = GKD_SSH_AGENT_PROCESS (object); - g_clear_object (&self->connection); if (self->output != -1) close (self->output); if (self->output_id) @@ -206,7 +204,7 @@ return TRUE; } -gboolean +GSocketConnection * gkd_ssh_agent_process_connect (GkdSshAgentProcess *self, GCancellable *cancellable, GError **error) @@ -223,7 +221,7 @@ if (self->pid == 0) { if (!agent_start_inlock (self, error)) { g_mutex_unlock (&self->lock); - return FALSE; + return NULL; } started = TRUE; } @@ -239,7 +237,7 @@ g_mutex_unlock (&self->lock); g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, "ssh-agent process is not ready"); - return FALSE; + return NULL; } address = g_unix_socket_address_new (self->path); @@ -251,29 +249,10 @@ error); g_object_unref (address); g_object_unref (client); - if (!connection) { - g_mutex_unlock (&self->lock); - return FALSE; - } - - g_clear_object (&self->connection); - self->connection = connection; g_mutex_unlock (&self->lock); - return TRUE; -} - -gboolean -gkd_ssh_agent_process_call (GkdSshAgentProcess *self, - EggBuffer*req, - EggBuffer *resp, - GCancellable *cancellable, - GError **error) -{ - g_return_val_if_fail (self->connection != NULL, FALSE); - return _gkd_ssh_agent_write_packet (self->connection, req, cancellable, error) && - _gkd_ssh_agent_read_packet (self->connection, resp, cancellable, error); + return connection; } GkdSshAgentProcess * diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gnome-keyring-3.28.0.1/daemon/ssh-agent/gkd-ssh-agent-process.h new/gnome-keyring-3.28.0.2/daemon/ssh-agent/gkd-ssh-agent-process.h --- old/gnome-keyring-3.28.0.1/daemon/ssh-agent/gkd-ssh-agent-process.h 2018-03-04 10:25:09.000000000 +0100 +++ new/gnome-keyring-3.28.0.2/daemon/ssh-agent/gkd-ssh-agent-process.h 2018-03-20 03:29:10.000000000 +0100 @@ -32,12 +32,7 @@ G_DECLARE_FINAL_TYPE(GkdSshAgentProcess, gkd_ssh_agent_process, GKD, SSH_AGENT_PROCESS, GObject) GkdSshAgentProcess *gkd_ssh_agent_process_new (const gchar *path); -gboolean gkd_ssh_agent_process_connect (GkdSshAgentProcess *self, - GCancellable *cancellable, - GError **error); -gboolean gkd_ssh_agent_process_call (GkdSshAgentProcess *self, - EggBuffer *req, - EggBuffer *resp, +GSocketConnection *gkd_ssh_agent_process_connect (GkdSshAgentProcess *self, GCancellable *cancellable, GError **error); GPid gkd_ssh_agent_process_get_pid (GkdSshAgentProcess *self); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gnome-keyring-3.28.0.1/daemon/ssh-agent/gkd-ssh-agent-service.c new/gnome-keyring-3.28.0.2/daemon/ssh-agent/gkd-ssh-agent-service.c --- old/gnome-keyring-3.28.0.1/daemon/ssh-agent/gkd-ssh-agent-service.c 2018-03-04 11:30:52.000000000 +0100 +++ new/gnome-keyring-3.28.0.2/daemon/ssh-agent/gkd-ssh-agent-service.c 2018-03-24 07:20:19.000000000 +0100 @@ -43,7 +43,7 @@ EGG_SECURE_DECLARE (ssh_agent); -typedef gboolean (*GkdSshAgentOperation) (GkdSshAgentService *agent, EggBuffer *req, EggBuffer *resp, GCancellable *cancellable, GError **error); +typedef gboolean (*GkdSshAgentOperation) (GkdSshAgentService *agent, GSocketConnection *connection, EggBuffer *req, EggBuffer *resp, GCancellable *cancellable, GError **error); static const GkdSshAgentOperation operations[GKD_SSH_OP_MAX]; enum { @@ -159,16 +159,18 @@ static gboolean relay_request (GkdSshAgentService *self, + GSocketConnection *connection, EggBuffer *req, EggBuffer *resp, GCancellable *cancellable, GError **error) { - return gkd_ssh_agent_process_call (self->process, req, resp, cancellable, error); + return _gkd_ssh_agent_call (connection, req, resp, cancellable, error); } static gboolean handle_request (GkdSshAgentService *self, + GSocketConnection *connection, EggBuffer *req, EggBuffer *resp, GCancellable *cancellable, @@ -187,7 +189,7 @@ else func = relay_request; - return func (self, req, resp, cancellable, error); + return func (self, connection, req, resp, cancellable, error); } static void @@ -228,6 +230,7 @@ const gchar *label; GHashTable *fields; GTlsInteraction *interaction; + gchar *standard_error; gchar *argv[] = { SSH_ADD, @@ -245,7 +248,6 @@ argv[1] = info->filename; fields = g_hash_table_new (g_str_hash, g_str_equal); - g_hash_table_insert (fields, "xdg:schema", "org.freedesktop.Secret.Generic"); unique = g_strdup_printf ("ssh-store:%s", info->filename); g_hash_table_insert (fields, "unique", unique); @@ -256,14 +258,15 @@ g_object_unref (interaction); if (!g_spawn_sync (NULL, argv, NULL, - G_SPAWN_STDOUT_TO_DEV_NULL | G_SPAWN_STDERR_TO_DEV_NULL, + G_SPAWN_STDOUT_TO_DEV_NULL, gcr_ssh_askpass_child_setup, askpass, - NULL, NULL, &status, &error)) { + NULL, &standard_error, &status, &error)) { g_warning ("couldn't run %s: %s", argv[0], error->message); g_error_free (error); } else if (!g_spawn_check_exit_status (status, &error)) { g_message ("the %s command failed: %s", argv[0], error->message); - g_error_free (error); + g_printerr ("%s", _gkd_ssh_agent_canon_error (standard_error)); + g_free (standard_error); } else { add_key (self, key); } @@ -284,13 +287,15 @@ EggBuffer req; EggBuffer resp; GError *error; + GSocketConnection *agent_connection; gboolean ret; egg_buffer_init_full (&req, 128, egg_secure_realloc); egg_buffer_init_full (&resp, 128, (EggBufferAllocator)g_realloc); error = NULL; - if (!gkd_ssh_agent_process_connect (self->process, self->cancellable, &error)) { + agent_connection = gkd_ssh_agent_process_connect (self->process, self->cancellable, &error); + if (!agent_connection) { g_warning ("couldn't connect to ssh-agent: %s", error->message); g_error_free (error); goto out; @@ -300,7 +305,8 @@ /* Read in the request */ error = NULL; if (!_gkd_ssh_agent_read_packet (connection, &req, self->cancellable, &error)) { - if (error->code != G_IO_ERROR_CANCELLED) + if (error->code != G_IO_ERROR_CANCELLED && + error->code != G_IO_ERROR_CONNECTION_CLOSED) g_message ("couldn't read from client: %s", error->message); g_error_free (error); break; @@ -308,7 +314,7 @@ /* Handle the request */ error = NULL; - while (!(ret = handle_request (self, &req, &resp, self->cancellable, &error))) { + while (!(ret = handle_request (self, agent_connection, &req, &resp, self->cancellable, &error))) { if (gkd_ssh_agent_process_get_pid (self->process) != 0) { if (error->code != G_IO_ERROR_CANCELLED) g_message ("couldn't handle client request: %s", error->message); @@ -317,8 +323,10 @@ } /* Reconnect to the ssh-agent */ + g_clear_object (&agent_connection); g_clear_error (&error); - if (!gkd_ssh_agent_process_connect (self->process, self->cancellable, &error)) { + agent_connection = gkd_ssh_agent_process_connect (self->process, self->cancellable, &error); + if (!agent_connection) { if (error->code != G_IO_ERROR_CANCELLED) g_message ("couldn't connect to ssh-agent: %s", error->message); g_error_free (error); @@ -340,6 +348,7 @@ egg_buffer_uninit (&req); egg_buffer_uninit (&resp); + g_object_unref (agent_connection); g_object_unref (self); return TRUE; @@ -442,6 +451,7 @@ static gboolean op_add_identity (GkdSshAgentService *self, + GSocketConnection *connection, EggBuffer *req, EggBuffer *resp, GCancellable *cancellable, @@ -460,7 +470,7 @@ else g_message ("got unparseable add identity request for ssh-agent"); - ret = relay_request (self, req, resp, cancellable, error); + ret = relay_request (self, connection, req, resp, cancellable, error); if (key) { if (ret) add_key (self, key); @@ -507,6 +517,7 @@ static gboolean op_request_identities (GkdSshAgentService *self, + GSocketConnection *connection, EggBuffer *req, EggBuffer *resp, GCancellable *cancellable, @@ -521,7 +532,7 @@ GList *l; GkdSshAgentPreload *preload; - if (!relay_request (self, req, resp, cancellable, error)) + if (!relay_request (self, connection, req, resp, cancellable, error)) return FALSE; /* Parse all the keys, and if it fails, just fall through */ @@ -562,6 +573,7 @@ static gboolean op_sign_request (GkdSshAgentService *self, + GSocketConnection *connection, EggBuffer *req, EggBuffer *resp, GCancellable *cancellable, @@ -581,11 +593,12 @@ g_message ("got unparseable sign request for ssh-agent"); } - return relay_request (self, req, resp, cancellable, error); + return relay_request (self, connection, req, resp, cancellable, error); } static gboolean op_remove_identity (GkdSshAgentService *self, + GSocketConnection *connection, EggBuffer *req, EggBuffer *resp, GCancellable *cancellable, @@ -605,7 +618,7 @@ g_message ("got unparseable remove request for ssh-agent"); /* Call out ssh-agent anyway to make sure that the key is removed */ - ret = relay_request (self, req, resp, cancellable, error); + ret = relay_request (self, connection, req, resp, cancellable, error); if (key) { if (ret) remove_key (self, key); @@ -616,6 +629,7 @@ static gboolean op_remove_all_identities (GkdSshAgentService *self, + GSocketConnection *connection, EggBuffer *req, EggBuffer *resp, GCancellable *cancellable, @@ -623,7 +637,7 @@ { gboolean ret; - ret = relay_request (self, req, resp, cancellable, error); + ret = relay_request (self, connection, req, resp, cancellable, error); if (ret) clear_keys (self); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gnome-keyring-3.28.0.1/daemon/ssh-agent/gkd-ssh-agent-util.c new/gnome-keyring-3.28.0.2/daemon/ssh-agent/gkd-ssh-agent-util.c --- old/gnome-keyring-3.28.0.1/daemon/ssh-agent/gkd-ssh-agent-util.c 2018-03-04 10:25:09.000000000 +0100 +++ new/gnome-keyring-3.28.0.2/daemon/ssh-agent/gkd-ssh-agent-util.c 2018-03-20 03:29:10.000000000 +0100 @@ -45,6 +45,12 @@ if (!g_input_stream_read_all (stream, buffer->buf, 4, &bytes_read, cancellable, error)) return FALSE; + if (bytes_read < 4) { + g_set_error (error, G_IO_ERROR, G_IO_ERROR_CONNECTION_CLOSED, + "connection closed by peer"); + return FALSE; + } + if (!egg_buffer_get_uint32 (buffer, 0, NULL, &packet_size) || packet_size < 1) { g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, @@ -75,6 +81,17 @@ return g_output_stream_write_all (stream, buffer->buf, buffer->len, &bytes_written, cancellable, error); } +gboolean +_gkd_ssh_agent_call (GSocketConnection *connection, + EggBuffer*req, + EggBuffer *resp, + GCancellable *cancellable, + GError **error) +{ + return _gkd_ssh_agent_write_packet (connection, req, cancellable, error) && + _gkd_ssh_agent_read_packet (connection, resp, cancellable, error); +} + GBytes * _gkd_ssh_agent_parse_public_key (GBytes *input, gchar **comment) @@ -161,3 +178,19 @@ return g_bytes_new_take (decoded, n_decoded); } + +gchar * +_gkd_ssh_agent_canon_error (gchar *str) +{ + gchar *start = str; + gchar *end = str + strlen (str) + 1; + + for (;;) { + start = strchr (start, '\r'); + if (!start) + break; + memmove (start, start + 1, end - (start + 1)); + } + + return str; +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gnome-keyring-3.28.0.1/daemon/ssh-agent/gkd-ssh-agent-util.h new/gnome-keyring-3.28.0.2/daemon/ssh-agent/gkd-ssh-agent-util.h --- old/gnome-keyring-3.28.0.1/daemon/ssh-agent/gkd-ssh-agent-util.h 2018-03-04 10:25:09.000000000 +0100 +++ new/gnome-keyring-3.28.0.2/daemon/ssh-agent/gkd-ssh-agent-util.h 2018-03-20 03:29:10.000000000 +0100 @@ -36,8 +36,15 @@ GCancellable *cancellable, GError **error); +gboolean _gkd_ssh_agent_call (GSocketConnection *connection, + EggBuffer *req, + EggBuffer *resp, + GCancellable *cancellable, + GError **error); + GBytes *_gkd_ssh_agent_parse_public_key (GBytes *input, gchar **comment); +gchar *_gkd_ssh_agent_canon_error (gchar *str); #endif /* __GKD_SSH_AGENT_UTIL_H__ */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gnome-keyring-3.28.0.1/daemon/ssh-agent/test-gkd-ssh-agent-process.c new/gnome-keyring-3.28.0.2/daemon/ssh-agent/test-gkd-ssh-agent-process.c --- old/gnome-keyring-3.28.0.1/daemon/ssh-agent/test-gkd-ssh-agent-process.c 2018-03-04 10:25:09.000000000 +0100 +++ new/gnome-keyring-3.28.0.2/daemon/ssh-agent/test-gkd-ssh-agent-process.c 2018-03-20 03:29:10.000000000 +0100 @@ -35,6 +35,7 @@ EggBuffer req; EggBuffer resp; GkdSshAgentProcess *process; + GSocketConnection *connection; GMainLoop *loop; } Test; @@ -52,12 +53,14 @@ test->process = gkd_ssh_agent_process_new (path); g_free (path); g_assert_nonnull (test->process); + test->connection = NULL; } static void teardown (Test *test, gconstpointer unused) { g_clear_object (&test->process); + g_clear_object (&test->connection); egg_buffer_uninit (&test->req); egg_buffer_uninit (&test->resp); @@ -70,11 +73,10 @@ connect_to_process (Test *test) { GError *error; - gboolean ret; error = NULL; - ret = gkd_ssh_agent_process_connect (test->process, NULL, &error); - g_assert_true (ret); + test->connection = gkd_ssh_agent_process_connect (test->process, NULL, &error); + g_assert_nonnull (test->connection); g_assert_no_error (error); } @@ -91,7 +93,7 @@ gboolean ret; error = NULL; - ret = gkd_ssh_agent_process_call (test->process, &test->req, &test->resp, NULL, &error); + ret = _gkd_ssh_agent_call (test->connection, &test->req, &test->resp, NULL, &error); g_assert_true (ret); g_assert_no_error (error); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gnome-keyring-3.28.0.1/daemon/ssh-agent/test-gkd-ssh-agent-service.c new/gnome-keyring-3.28.0.2/daemon/ssh-agent/test-gkd-ssh-agent-service.c --- old/gnome-keyring-3.28.0.1/daemon/ssh-agent/test-gkd-ssh-agent-service.c 2018-03-04 10:25:09.000000000 +0100 +++ new/gnome-keyring-3.28.0.2/daemon/ssh-agent/test-gkd-ssh-agent-service.c 2018-03-20 03:29:10.000000000 +0100 @@ -217,7 +217,7 @@ prepare_add_identity (&test->req); egg_buffer_set_uint32 (&test->req, 5, 0x80000000); - call_error_or_failure (test, G_IO_ERROR, G_IO_ERROR_FAILED); + call_error_or_failure (test, G_IO_ERROR, G_IO_ERROR_CONNECTION_CLOSED); } static void @@ -228,7 +228,7 @@ prepare_remove_identity (&test->req); egg_buffer_set_uint32 (&test->req, 5, 0x80000000); - call_error_or_failure (test, G_IO_ERROR, G_IO_ERROR_FAILED); + call_error_or_failure (test, G_IO_ERROR, G_IO_ERROR_CONNECTION_CLOSED); } static void @@ -239,7 +239,7 @@ prepare_sign_request (&test->req); egg_buffer_set_uint32 (&test->req, 5, 0x80000000); - call_error_or_failure (test, G_IO_ERROR, G_IO_ERROR_FAILED); + call_error_or_failure (test, G_IO_ERROR, G_IO_ERROR_CONNECTION_CLOSED); } static void @@ -308,7 +308,7 @@ error = NULL; ret = _gkd_ssh_agent_read_packet (test->connection, &test->resp, NULL, &error); g_assert_false (ret); - g_assert_error (error, G_IO_ERROR, G_IO_ERROR_FAILED); + g_assert_error (error, G_IO_ERROR, G_IO_ERROR_CONNECTION_CLOSED); } static void diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gnome-keyring-3.28.0.1/daemon/ssh-agent/test-gkd-ssh-agent-util.c new/gnome-keyring-3.28.0.2/daemon/ssh-agent/test-gkd-ssh-agent-util.c --- old/gnome-keyring-3.28.0.1/daemon/ssh-agent/test-gkd-ssh-agent-util.c 2018-03-04 10:25:09.000000000 +0100 +++ new/gnome-keyring-3.28.0.2/daemon/ssh-agent/test-gkd-ssh-agent-util.c 2018-03-20 03:29:10.000000000 +0100 @@ -73,12 +73,41 @@ } } +static void +test_canon_error (void) +{ + static const gchar input[] = + "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\n" + "@ WARNING: UNPROTECTED PRIVATE KEY FILE! @\r\n" + "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\n" + "Permissions 0620 for '/home/foo/.ssh/id_rsa' are too open.\r\n" + "It is required that your private key files are NOT accessible by others.\r\n" + "This private key will be ignored.\r\n"; + static const gchar expected[] = + "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\n" + "@ WARNING: UNPROTECTED PRIVATE KEY FILE! @\n" + "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\n" + "Permissions 0620 for '/home/foo/.ssh/id_rsa' are too open.\n" + "It is required that your private key files are NOT accessible by others.\n" + "This private key will be ignored.\n"; + gchar *p, *output; + + p = g_strdup (input); + output = _gkd_ssh_agent_canon_error (p); + + g_assert (output == p); + g_assert_cmpstr (expected, ==, output); + + g_free (p); +} + int main (int argc, char **argv) { g_test_init (&argc, &argv, NULL); g_test_add_func ("/ssh-agent/util/parse_public", test_parse_public); + g_test_add_func ("/ssh-agent/util/canon_error", test_canon_error); return g_test_run (); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gnome-keyring-3.28.0.1/egg/egg-secure-memory.c new/gnome-keyring-3.28.0.2/egg/egg-secure-memory.c --- old/gnome-keyring-3.28.0.1/egg/egg-secure-memory.c 2018-02-22 06:01:24.000000000 +0100 +++ new/gnome-keyring-3.28.0.2/egg/egg-secure-memory.c 2018-03-25 10:01:54.000000000 +0200 @@ -15,7 +15,7 @@ You should have received a copy of the GNU Library General Public License along with the Gnome Library; see the file COPYING.LIB. If not, - <http://www.gnu.org/licenses/>. + see <http://www.gnu.org/licenses/>. Author: Stef Walter <s...@memberwebs.com> */ @@ -655,8 +655,8 @@ #ifdef WITH_VALGRIND if (vbits_setup == 1) { - VALGRIND_SET_VBITS (dest, vbits, length); - VALGRIND_SET_VBITS (src, vbits, length); + (void)VALGRIND_SET_VBITS (dest, vbits, length); + (void)VALGRIND_SET_VBITS (src, vbits, length); } free (vbits); #endif @@ -1299,7 +1299,7 @@ if (records == NULL) break; - /* Make sure this actualy accounts for all memory */ + /* Make sure this actually accounts for all memory */ ASSERT (total == block->n_words); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gnome-keyring-3.28.0.1/po/POTFILES.in new/gnome-keyring-3.28.0.2/po/POTFILES.in --- old/gnome-keyring-3.28.0.1/po/POTFILES.in 2018-03-04 20:02:25.000000000 +0100 +++ new/gnome-keyring-3.28.0.2/po/POTFILES.in 2018-03-24 07:20:19.000000000 +0100 @@ -7,6 +7,7 @@ daemon/gnome-keyring-secrets.desktop.in.in daemon/gnome-keyring-ssh.desktop.in.in daemon/login/gkd-login.c +daemon/login/gkd-login-interaction.c daemon/ssh-agent/gkd-ssh-agent-interaction.c daemon/ssh-agent/gkd-ssh-agent-service.c egg/dotlock.c diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gnome-keyring-3.28.0.1/po/gnome-keyring.pot new/gnome-keyring-3.28.0.2/po/gnome-keyring.pot --- old/gnome-keyring-3.28.0.1/po/gnome-keyring.pot 2018-03-13 07:02:05.000000000 +0100 +++ new/gnome-keyring-3.28.0.2/po/gnome-keyring.pot 2018-03-25 10:13:24.000000000 +0200 @@ -6,10 +6,10 @@ #, fuzzy msgid "" msgstr "" -"Project-Id-Version: gnome-keyring 3.28.0.1\n" +"Project-Id-Version: gnome-keyring 3.28.0.2\n" "Report-Msgid-Bugs-To: https://bugzilla.gnome.org/enter_bug.cgi?product=gnome-" "keyring&keywords=I18N+L10N&component=general\n" -"POT-Creation-Date: 2018-03-13 07:02+0100\n" +"POT-Creation-Date: 2018-03-25 10:13+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <l...@li.org>\n" @@ -21,7 +21,7 @@ #. TRANSLATORS: This is the label for an keyring created without a label #: daemon/dbus/gkd-secret-change.c:84 daemon/dbus/gkd-secret-change.c:120 #: daemon/dbus/gkd-secret-create.c:78 -#: daemon/ssh-agent/gkd-ssh-agent-service.c:252 +#: daemon/ssh-agent/gkd-ssh-agent-service.c:254 #: pkcs11/secret-store/gkm-secret-collection.c:324 #: pkcs11/wrap-layer/gkm-wrap-login.c:345 #: pkcs11/wrap-layer/gkm-wrap-prompt.c:752 @@ -122,6 +122,13 @@ msgid "Login" msgstr "" +#. Get the label ready +#: daemon/login/gkd-login-interaction.c:191 +#: pkcs11/wrap-layer/gkm-wrap-login.c:345 +#, c-format +msgid "Unlock password for: %s" +msgstr "" + #: daemon/ssh-agent/gkd-ssh-agent-interaction.c:100 #: pkcs11/wrap-layer/gkm-wrap-prompt.c:638 msgid "Unlock private key" @@ -350,12 +357,6 @@ msgid "Couldn’t parse public SSH key" msgstr "" -#. Get the label ready -#: pkcs11/wrap-layer/gkm-wrap-login.c:345 -#, c-format -msgid "Unlock password for: %s" -msgstr "" - #: pkcs11/wrap-layer/gkm-wrap-prompt.c:590 msgid "Unlock Login Keyring" msgstr ""