diff --git a/libsecret-secret-size.patch b/libsecret-secret-size.patch new file mode 100644 index 0000000..2270274 --- /dev/null +++ b/libsecret-secret-size.patch @@ -0,0 +1,57 @@ +From 998065599c66055dcffa1ef1ddebb947ccd68248 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Tomasz=20Mi=C4=85sko?= +Date: Thu, 9 Feb 2017 09:45:01 +0100 +Subject: DH: Ensure that generated secret occupies the same number of bytes as + prime. + +https://bugzilla.gnome.org/show_bug.cgi?id=778357 +--- + egg/egg-dh.c | 15 +++++++++++---- + 1 file changed, 11 insertions(+), 4 deletions(-) + +diff --git a/egg/egg-dh.c b/egg/egg-dh.c +index e869c99..b190488 100644 +--- a/egg/egg-dh.c ++++ b/egg/egg-dh.c +@@ -314,6 +314,7 @@ egg_dh_gen_secret (gcry_mpi_t peer, gcry_mpi_t priv, + { + gcry_error_t gcry; + guchar *value; ++ gsize n_prime; + gsize n_value; + gcry_mpi_t k; + gint bits; +@@ -330,19 +331,25 @@ egg_dh_gen_secret (gcry_mpi_t peer, gcry_mpi_t priv, + gcry_mpi_powm (k, peer, priv, prime); + + /* Write out the secret */ +- gcry = gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0, &n_value, k); ++ gcry = gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0, &n_prime, prime); + g_return_val_if_fail (gcry == 0, NULL); +- value = egg_secure_alloc (n_value); +- gcry = gcry_mpi_print (GCRYMPI_FMT_USG, value, n_value, &n_value, k); ++ value = egg_secure_alloc (n_prime); ++ gcry = gcry_mpi_print (GCRYMPI_FMT_USG, value, n_prime, &n_value, k); + g_return_val_if_fail (gcry == 0, NULL); + ++ /* Pad the secret with zero bytes to match length of prime in bytes. */ ++ if (n_value < n_prime) { ++ memmove (value + (n_prime - n_value), value, n_value); ++ memset (value, 0, (n_prime - n_value)); ++ } ++ + #if DEBUG_DH_SECRET + g_printerr ("DH SECRET: "); + gcry_mpi_dump (k); + #endif + gcry_mpi_release (k); + +- *bytes = n_value; ++ *bytes = n_prime; + + #if DEBUG_DH_SECRET + gcry_mpi_scan (&k, GCRYMPI_FMT_USG, value, bytes, NULL); +-- +cgit v0.12 + + diff --git a/libsecret.changes b/libsecret.changes index 294d258..8170059 100644 --- a/libsecret.changes +++ b/libsecret.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Mon Jul 17 15:25:56 UTC 2017 - dimstar@opensuse.org + +- Add libsecret-secret-size.patch: Ensure that generated secret + occupies the same number of bytes as prime. Eliminates random + errors while libsecret tries to talk to gnome-keyring + (bgo#778357). + ------------------------------------------------------------------- Fri Mar 25 15:12:37 UTC 2016 - zaitor@opensuse.org diff --git a/libsecret.spec b/libsecret.spec index 7498685..39c0c20 100644 --- a/libsecret.spec +++ b/libsecret.spec @@ -1,7 +1,7 @@ # # spec file for package libsecret # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -27,6 +27,8 @@ Group: System/Libraries Url: https://wiki.gnome.org/Projects/Libsecret Source0: http://download.gnome.org/sources/libsecret/0.18/%{name}-%{version}.tar.xz Source99: baselibs.conf +# PATCH-FIX-UPSTREAM libsecret-secret-size.patch bgo#778357 dimstar@opensuse.org -- Ensure that generated secret occupies the same number of bytes as prime. +Patch0: libsecret-secret-size.patch # PATCH-FIX-SLE libsecret-bsc932232-use-libgcrypt-allocators.patch bsc#932232 hpj@suse.com -- use libgcrypt allocators for FIPS mode Patch1: libsecret-bsc932232-use-libgcrypt-allocators.patch BuildRequires: docbook-xsl-stylesheets @@ -92,6 +94,7 @@ secrets. It communicates with the "Secret Service" using DBus. %endif %prep %setup -q +%patch0 -p1 %if !0%{?is_opensuse} %patch1 -p1 %endif