pool/gpg2
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
gpg2/gnupg-gpg-agent-ulimit.patch
Pedro Monreal Gonzalez 304a894420 - Update to 2.5.3 
* gpg: Allow for signature subpackets of up to 30000 octets.
    [rG36dbca3e69]
  * gpg: Silence expired trusted-key diagnostics in quiet mode.  [T7351]
  * gpg: Allow smaller session keys with Kyber and enforce the use of
    AES-256 if useful.  [T7472]
  * gpg: Fix regression in key generation from existing card key.
    [T7309,T7457]
  * gpg: Print a warning if the card backup key could not be written.
    [T2169]
  * The --supervised options of gpg-agent and dirmngr have been
    renamed to --deprecated-supervised as preparation for their removal.
    [rGa019a0fcd8]
  * There is no more default for a keyserver.

OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=313
2025-01-14 16:14:12 +00:00

36 lines
1.4 KiB
Diff
Raw Permalink Blame History

gpg-agent is in the chain of commands in xinitrc.
It receives a list of commands via argv[] which it is supposed to launch via exec.
In this mode all what matters is a bunch of setenv() of gpg related variables.
At no point it must fiddle with ulimit that was provided by its callers.
In case of xinitrc it was most likely pam_limits which, for example, configured the coredump settings for this session.
Every code path before the fork() call does no sensitive things, so coredumps do not matter.
gpg-agent does fork a child in this mode.
That child has the liberty to tweak ulimit in every way it wants.
This is what this patch does.
Without this patch, all applications launched after gpg-agent are unable to coredump, because systemd-coredump check the ulimit of the crashed process.
As a result, crashes of desktop applications can not be debugged.
References: bsc#1124847
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -1049,7 +1049,6 @@ main (int argc, char **argv )
gcry_control (GCRYCTL_USE_SECURE_RNDPOOL);
gcry_set_progress_handler (agent_libgcrypt_progress_cb, NULL);
- disable_core_dumps ();
/* Set default options. */
parse_rereadable_options (NULL, 0); /* Reset them to default values. */
@@ -1738,6 +1737,7 @@ main (int argc, char **argv )
/*
This is the child
*/
+ disable_core_dumps ();
initialize_modules ();
Reference in New Issue View Git Blame Copy Permalink