pool/gpg2
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 678281 from home:olh:branches:Base:System

Browse Source 
- Allow coredumps in X11 desktop sessions (bsc#1124847)
  gpg-agent unconditionally disables coredumps, which is not
  supposed to happen in the code path that does just exec(argv[])
  gnupg-gpg-agent-ulimit.patch

OBS-URL: https://build.opensuse.org/request/show/678281
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=221
This commit is contained in:
Pedro Monreal Gonzalez 2019-02-26 17:21:53 +00:00 committed by Git OBS Bridge
parent b8b9908935
commit 637188eb82
3 changed files with 45 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
gnupg-gpg-agent-ulimit.patch Normal file
View File

@ -0,0 +1,35 @@
gpg-agent is in the chain of commands in xinitrc.
It receives a list of commands via argv[] which it is supposed to launch via exec.
In this mode all what matters is a bunch of setenv() of gpg related variables.
At no point it must fiddle with ulimit that was provided by its callers.
In case of xinitrc it was most likely pam_limits which, for example, configured the coredump settings for this session.
Every code path before the fork() call does no sensitive things, so coredumps do not matter.
gpg-agent does fork a child in this mode.
That child has the liberty to tweak ulimit in every way it wants.
This is what this patch does.
Without this patch, all applications launched after gpg-agent are unable to coredump, because systemd-coredump check the ulimit of the crashed process.
As a result, crashes of desktop applications can not be debugged.
References: bsc#1124847
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -1049,7 +1049,6 @@ main (int argc, char **argv )
gcry_control (GCRYCTL_USE_SECURE_RNDPOOL);
gcry_set_progress_handler (agent_libgcrypt_progress_cb, NULL);
- disable_core_dumps ();
/* Set default options. */
parse_rereadable_options (NULL, 0); /* Reset them to default values. */
@@ -1738,6 +1737,7 @@ main (int argc, char **argv )
/*
This is the child
*/
+ disable_core_dumps ();
initialize_modules ();

8
gpg2.changes
View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Fri Feb 22 19:30:29 UTC 2019 - olaf@aepfle.de
- Allow coredumps in X11 desktop sessions (bsc#1124847)
gpg-agent unconditionally disables coredumps, which is not
supposed to happen in the code path that does just exec(argv[])
gnupg-gpg-agent-ulimit.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Feb 13 06:12:32 UTC 2019 - Karol Babioch <kbabioch@suse.de> Wed Feb 13 06:12:32 UTC 2019 - Karol Babioch <kbabioch@suse.de>

2
gpg2.spec
View File

@ -29,6 +29,7 @@ Source2: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig
Source3: %{name}.keyring Source3: %{name}.keyring
Source4: scdaemon.udev Source4: scdaemon.udev
Source99: %{name}.changes Source99: %{name}.changes
Patch1124847: gnupg-gpg-agent-ulimit.patch
Patch4: gnupg-2.0.9-langinfo.patch Patch4: gnupg-2.0.9-langinfo.patch
Patch5: gnupg-2.2.8-files-are-digests.patch Patch5: gnupg-2.2.8-files-are-digests.patch
Patch6: gnupg-dont-fail-with-seahorse-agent.patch Patch6: gnupg-dont-fail-with-seahorse-agent.patch
@ -79,6 +80,7 @@ gpg2 provides GPGSM, gpg-agent, and a keybox library.
%prep %prep
%setup -q -n gnupg-%{version} %setup -q -n gnupg-%{version}
%patch1124847 -p1
%patch4 -p1 %patch4 -p1
%patch5 -p1 %patch5 -p1
%patch6 -p1 %patch6 -p1