Accepting request 511014 from GNOME:Next

- Add libsecret-secret-size.patch: Ensure that generated secret
  occupies the same number of bytes as prime. Eliminates random
  errors while libsecret tries to talk to gnome-keyring
  (bgo#778357).

OBS-URL: https://build.opensuse.org/request/show/511014
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/libsecret?expand=0&rev=29

libsecret-secret-size.patch

@@ -0,0 +1,57 @@
+From 998065599c66055dcffa1ef1ddebb947ccd68248 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Tomasz=20Mi=C4=85sko?= <tomasz.miasko@gmail.com>
+Date: Thu, 9 Feb 2017 09:45:01 +0100
+Subject: DH: Ensure that generated secret occupies the same number of bytes as
+ prime.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=778357
+---
+ egg/egg-dh.c | 15 +++++++++++----
+ 1 file changed, 11 insertions(+), 4 deletions(-)
+
+diff --git a/egg/egg-dh.c b/egg/egg-dh.c
+index e869c99..b190488 100644
+--- a/egg/egg-dh.c
++++ b/egg/egg-dh.c
+@@ -314,6 +314,7 @@ egg_dh_gen_secret (gcry_mpi_t peer, gcry_mpi_t priv,
+ {
+ 	gcry_error_t gcry;
+ 	guchar *value;
++	gsize n_prime;
+ 	gsize n_value;
+ 	gcry_mpi_t k;
+ 	gint bits;
+@@ -330,19 +331,25 @@ egg_dh_gen_secret (gcry_mpi_t peer, gcry_mpi_t priv,
+ 	gcry_mpi_powm (k, peer, priv, prime);
+ 
+ 	/* Write out the secret */
+-	gcry = gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0, &n_value, k);
++	gcry = gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0, &n_prime, prime);
+ 	g_return_val_if_fail (gcry == 0, NULL);
+-	value = egg_secure_alloc (n_value);
+-	gcry = gcry_mpi_print (GCRYMPI_FMT_USG, value, n_value, &n_value, k);
++	value = egg_secure_alloc (n_prime);
++	gcry = gcry_mpi_print (GCRYMPI_FMT_USG, value, n_prime, &n_value, k);
+ 	g_return_val_if_fail (gcry == 0, NULL);
+ 
++	/* Pad the secret with zero bytes to match length of prime in bytes. */
++	if (n_value < n_prime) {
++		memmove (value + (n_prime - n_value), value, n_value);
++		memset (value, 0, (n_prime - n_value));
++	}
++
+ #if DEBUG_DH_SECRET
+ 	g_printerr ("DH SECRET: ");
+ 	gcry_mpi_dump (k);
+ #endif
+ 	gcry_mpi_release (k);
+ 
+-	*bytes = n_value;
++	*bytes = n_prime;
+ 
+ #if DEBUG_DH_SECRET
+ 	gcry_mpi_scan (&k, GCRYMPI_FMT_USG, value, bytes, NULL);
+-- 
+cgit v0.12
+
+

libsecret.changes

@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Mon Jul 17 15:25:56 UTC 2017 - dimstar@opensuse.org
+
+- Add libsecret-secret-size.patch: Ensure that generated secret
+  occupies the same number of bytes as prime. Eliminates random
+  errors while libsecret tries to talk to gnome-keyring
+  (bgo#778357).
+
 -------------------------------------------------------------------
 Fri Mar 25 15:12:37 UTC 2016 - zaitor@opensuse.org
 

libsecret.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package libsecret
 #
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -27,6 +27,8 @@ Group:          System/Libraries
 Url:            https://wiki.gnome.org/Projects/Libsecret
 Source0:        http://download.gnome.org/sources/libsecret/0.18/%{name}-%{version}.tar.xz
 Source99:       baselibs.conf
+# PATCH-FIX-UPSTREAM libsecret-secret-size.patch bgo#778357 dimstar@opensuse.org -- Ensure that generated secret occupies the same number of bytes as prime.
+Patch0:         libsecret-secret-size.patch
 # PATCH-FIX-SLE libsecret-bsc932232-use-libgcrypt-allocators.patch bsc#932232 hpj@suse.com -- use libgcrypt allocators for FIPS mode
 Patch1:         libsecret-bsc932232-use-libgcrypt-allocators.patch
 BuildRequires:  docbook-xsl-stylesheets
@@ -92,6 +94,7 @@ secrets. It communicates with the "Secret Service" using DBus.
 %endif
 %prep
 %setup -q
+%patch0 -p1
 %if !0%{?is_opensuse}
 %patch1 -p1
 %endif