From 637188eb82d3b492dac15ea57e82baad90f4972a69a74ebb96c639b0ca25af28 Mon Sep 17 00:00:00 2001
From: Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
Date: Tue, 26 Feb 2019 17:21:53 +0000
Subject: [PATCH] Accepting request 678281 from home:olh:branches:Base:System

- Allow coredumps in X11 desktop sessions (bsc#1124847)
  gpg-agent unconditionally disables coredumps, which is not
  supposed to happen in the code path that does just exec(argv[])
  gnupg-gpg-agent-ulimit.patch

OBS-URL: https://build.opensuse.org/request/show/678281
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=221
---
 gnupg-gpg-agent-ulimit.patch | 35 +++++++++++++++++++++++++++++++++++
 gpg2.changes                 |  8 ++++++++
 gpg2.spec                    |  2 ++
 3 files changed, 45 insertions(+)
 create mode 100644 gnupg-gpg-agent-ulimit.patch

diff --git a/gnupg-gpg-agent-ulimit.patch b/gnupg-gpg-agent-ulimit.patch
new file mode 100644
index 0000000..735bbdb
--- /dev/null
+++ b/gnupg-gpg-agent-ulimit.patch
@@ -0,0 +1,35 @@
+gpg-agent is in the chain of commands in xinitrc.
+It receives a list of commands via argv[] which it is supposed to launch via exec.
+In this mode all what matters is a bunch of setenv() of gpg related variables.
+At no point it must fiddle with ulimit that was provided by its callers.
+In case of xinitrc it was most likely pam_limits which, for example, configured the coredump settings for this session.
+
+Every code path before the fork() call does no sensitive things, so coredumps do not matter.
+
+gpg-agent does fork a child in this mode.
+That child has the liberty to tweak ulimit in every way it wants.
+This is what this patch does.
+
+Without this patch, all applications launched after gpg-agent are unable to coredump, because systemd-coredump check the ulimit of the crashed process.
+As a result, crashes of desktop applications can not be debugged.
+
+References: bsc#1124847
+
+--- a/agent/gpg-agent.c
++++ b/agent/gpg-agent.c
+@@ -1049,7 +1049,6 @@ main (int argc, char **argv )
+   gcry_control (GCRYCTL_USE_SECURE_RNDPOOL);
+   gcry_set_progress_handler (agent_libgcrypt_progress_cb, NULL);
+ 
+-  disable_core_dumps ();
+ 
+   /* Set default options.  */
+   parse_rereadable_options (NULL, 0); /* Reset them to default values. */
+@@ -1738,6 +1737,7 @@ main (int argc, char **argv )
+       /*
+          This is the child
+        */
++      disable_core_dumps ();
+ 
+       initialize_modules ();
+ 
diff --git a/gpg2.changes b/gpg2.changes
index eded797..d1b4735 100644
--- a/gpg2.changes
+++ b/gpg2.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Fri Feb 22 19:30:29 UTC 2019 - olaf@aepfle.de
+
+- Allow coredumps in X11 desktop sessions (bsc#1124847)
+  gpg-agent unconditionally disables coredumps, which is not
+  supposed to happen in the code path that does just exec(argv[])
+  gnupg-gpg-agent-ulimit.patch
+
 -------------------------------------------------------------------
 Wed Feb 13 06:12:32 UTC 2019 - Karol Babioch <kbabioch@suse.de>
 
diff --git a/gpg2.spec b/gpg2.spec
index 8aa2772..e2c30b2 100644
--- a/gpg2.spec
+++ b/gpg2.spec
@@ -29,6 +29,7 @@ Source2:        ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig
 Source3:        %{name}.keyring
 Source4:        scdaemon.udev
 Source99:       %{name}.changes
+Patch1124847:   gnupg-gpg-agent-ulimit.patch
 Patch4:         gnupg-2.0.9-langinfo.patch
 Patch5:         gnupg-2.2.8-files-are-digests.patch
 Patch6:         gnupg-dont-fail-with-seahorse-agent.patch
@@ -79,6 +80,7 @@ gpg2 provides GPGSM, gpg-agent, and a keybox library.
 
 %prep
 %setup -q -n gnupg-%{version}
+%patch1124847 -p1
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1