tags 879182 + patch
thanks
Patch, taken from upstream attached.
Neil
On Fri, Oct 20, 2017 at 12:07:59AM -0700, Paul Vojta wrote:
> Package: libsecret-1-0
> Version: 0.18.5-4
> Severity: normal
>
> Dear Maintainer,
>
> Approximately 1/256th of the time when using libsecret, it fails and prints
> the following error message:
>
> ** Message: received an invalid or unencryptable secret
>
> To duplicate, first save the following script as ./sstest and make it
> executable:
> -
> #! /bin/dash
>
> rm -f /tmp/output
> for x in a b c d e; do
> for y in a b c d e f g h i j; do
> for z in a b c d e f g h i j; do
> secret-tool lookup attr value >> /tmp/output 2>&1 || exit 1
> done
> done
> done
> echo 'No errors found.'
> -
>
> Then run the following commands:
>
> echo abcde | secret-tool store --label=test attr value
> ./sstest || tail -5 /tmp/output
>
> (The bug is inconsistent, so you may need to run the second line several times
> to see the message. But it happens more than half of the times you run
> the script.)
>
> This bug has been diagnosed and fixed upstream:
>
> https://bugzilla.gnome.org/show_bug.cgi?id=778357
>
> https://git.gnome.org/browse/libsecret/commit/?id=998065599c66055dcffa1ef1ddebb947ccd68248
>
> See also the messages in Debian Bug #659036.
>
> Paul Vojta
>
>
> -- System Information:
> Debian Release: 9.1
> APT prefers stable-updates
> APT policy: (500, 'stable-updates'), (500, 'stable')
> Architecture: amd64 (x86_64)
> Foreign Architectures: i386
>
> Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
> Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=C
> (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Init: systemd (via /run/systemd/system)
>
> Versions of packages libsecret-1-0 depends on:
> ii libc6 2.24-11+deb9u1
> ii libgcrypt20 1.7.6-2+deb9u2
> ii libglib2.0-0 2.50.3-2
> ii libsecret-common 0.18.5-3.1
>
> libsecret-1-0 recommends no packages.
>
> libsecret-1-0 suggests no packages.
>
> -- no debconf information
--
diff -Nru libsecret-0.18.5/debian/patches/0005-invalid-or-unencryptable-secret.patch libsecret-0.18.5/debian/patches/0005-invalid-or-unencryptable-secret.patch
--- libsecret-0.18.5/debian/patches/0005-invalid-or-unencryptable-secret.patch 1970-01-01 01:00:00.0 +0100
+++ libsecret-0.18.5/debian/patches/0005-invalid-or-unencryptable-secret.patch 2018-03-13 13:29:55.0 +
@@ -0,0 +1,51 @@
+Description: Fixes for the error: The secret was transferred or encrypted in an invalid way.
+ Libsecret fails to perform any padding on DH, while gnome-keyring does prepend
+ null bytes. This adds the correct padding to the prime, rather than the
+ length.
+Origin: upstream, https://git.gnome.org/browse/libsecret/diff/?id=998065599c66055dcffa1ef1ddebb947ccd68248
+---
+Bug: https://bugzilla.gnome.org/show_bug.cgi?id=778357
+Bug-Debian: https://bugs.debian.org/879182
+Forwarded: not-needed
+Last-Update: 2018-03-13
+
+--- libsecret-0.18.5.orig/egg/egg-dh.c
libsecret-0.18.5/egg/egg-dh.c
+@@ -314,6 +314,7 @@ egg_dh_gen_secret (gcry_mpi_t peer, gcry
+ {
+ gcry_error_t gcry;
+ guchar *value;
++ gsize n_prime;
+ gsize n_value;
+ gcry_mpi_t k;
+ gint bits;
+@@ -330,19 +331,25 @@ egg_dh_gen_secret (gcry_mpi_t peer, gcry
+ gcry_mpi_powm (k, peer, priv, prime);
+
+ /* Write out the secret */
+- gcry = gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0, &n_value, k);
++ gcry = gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0, &n_prime, prime);
+ g_return_val_if_fail (gcry == 0, NULL);
+- value = egg_secure_alloc (n_value);
+- gcry = gcry_mpi_print (GCRYMPI_FMT_USG, value, n_value, &n_value, k);
++ value = egg_secure_alloc (n_prime);
++ gcry = gcry_mpi_print (GCRYMPI_FMT_USG, value, n_prime, &n_value, k);
+ g_return_val_if_fail (gcry == 0, NULL);
+
++ /* Pad the secret with zero bytes to match length of prime in bytes. */
++ if (n_value < n_prime) {
++ memmove (value + (n_prime - n_value), value, n_value);
++ memset (value, 0, (n_prime - n_value));
++ }
++
+ #if DEBUG_DH_SECRET
+ g_printerr ("DH SECRET: ");
+ gcry_mpi_dump (k);
+ #endif
+ gcry_mpi_release (k);
+
+- *bytes = n_value;
++ *bytes = n_prime;
+
+ #if DEBUG_DH_SECRET
+ gcry_mpi_scan (&k, GCRYMPI_FMT_USG, value, bytes, NULL);
diff -Nru libsecret-0.18.5/debian/patches/series libsecret-0.18.5/debian/patches/series
--- libsecret-0.18.5/debian/patches/series 2018-01-31 19:28:23.0 +
+++ libsecret-0.18.5/debian/patches/series 2018-03-13 13:25:48.0 +
@@ -2,3 +2,4 @@
0002-libsecret-Get-rid-of-PyGI-warnings-about-unspecified.patch
0003-Makefile.am-Compile-vala-unstable-tests-with-SECRET_.patch
0004-tests-collection-add-setup-delay.patch
+0005-invalid-or-unencryptable-secret.patch
signature.asc
Description: PGP signature