From 0d3983ed82f64606096aa9cc17fa0f507d2eab68 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Aug 01 2017 03:23:54 +0000 Subject: import gnome-keyring-3.20.0-3.el7 --- diff --git a/.gitignore b/.gitignore index cd1bd25..f62e761 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/gnome-keyring-3.14.0.tar.xz +SOURCES/gnome-keyring-3.20.0.tar.xz diff --git a/.gnome-keyring.metadata b/.gnome-keyring.metadata index 40796cc..578ddbe 100644 --- a/.gnome-keyring.metadata +++ b/.gnome-keyring.metadata @@ -1 +1 @@ -2e5d359a159567f74dd246c4e5f9d5cdfb15e5c8 SOURCES/gnome-keyring-3.14.0.tar.xz +9c2a1fa6e52ae03a819dcb3be25048cd8e38c8c4 SOURCES/gnome-keyring-3.20.0.tar.xz diff --git a/SOURCES/gnome-keyring-3.20.0-fix-invalid-secret-transfer.patch b/SOURCES/gnome-keyring-3.20.0-fix-invalid-secret-transfer.patch new file mode 100644 index 0000000..46d4da3 --- /dev/null +++ b/SOURCES/gnome-keyring-3.20.0-fix-invalid-secret-transfer.patch @@ -0,0 +1,56 @@ +From 61bceb62ae7962d3507fcddaa3a904e4efa477d6 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Tomasz=20Mi=C4=85sko?= +Date: Thu, 9 Feb 2017 09:45:01 +0100 +Subject: DH: Ensure that generated secret occupies the same number of bytes as + prime. + +https://bugzilla.gnome.org/show_bug.cgi?id=778357 +--- + egg/egg-dh.c | 15 +++++++++++---- + 1 file changed, 11 insertions(+), 4 deletions(-) + +diff --git a/egg/egg-dh.c b/egg/egg-dh.c +index ff9ded6..e968baf 100644 +--- a/egg/egg-dh.c ++++ b/egg/egg-dh.c +@@ -311,6 +311,7 @@ egg_dh_gen_secret (gcry_mpi_t peer, gcry_mpi_t priv, + { + gcry_error_t gcry; + guchar *value; ++ gsize n_prime; + gsize n_value; + gcry_mpi_t k; + gint bits; +@@ -327,19 +328,25 @@ egg_dh_gen_secret (gcry_mpi_t peer, gcry_mpi_t priv, + gcry_mpi_powm (k, peer, priv, prime); + + /* Write out the secret */ +- gcry = gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0, &n_value, k); ++ gcry = gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0, &n_prime, prime); + g_return_val_if_fail (gcry == 0, NULL); +- value = egg_secure_alloc (n_value); +- gcry = gcry_mpi_print (GCRYMPI_FMT_USG, value, n_value, &n_value, k); ++ value = egg_secure_alloc (n_prime); ++ gcry = gcry_mpi_print (GCRYMPI_FMT_USG, value, n_prime, &n_value, k); + g_return_val_if_fail (gcry == 0, NULL); + ++ /* Pad the secret with zero bytes to match length of prime in bytes. */ ++ if (n_value < n_prime) { ++ memmove (value + (n_prime - n_value), value, n_value); ++ memset (value, 0, (n_prime - n_value)); ++ } ++ + #if DEBUG_DH_SECRET + g_printerr ("DH SECRET: "); + gcry_mpi_dump (k); + gcry_mpi_release (k); + #endif + +- *bytes = n_value; ++ *bytes = n_prime; + + #if DEBUG_DH_SECRET + gcry_mpi_scan (&k, GCRYMPI_FMT_USG, value, bytes, NULL); +-- +cgit v0.12 + diff --git a/SPECS/gnome-keyring.spec b/SPECS/gnome-keyring.spec index c37d202..ad39c51 100644 --- a/SPECS/gnome-keyring.spec +++ b/SPECS/gnome-keyring.spec @@ -1,35 +1,33 @@ -%define glib2_version 2.38.0 -%define gcr_version 3.5.3 -%define dbus_version 1.1.1 -%define gcrypt_version 1.2.2 -%define libtasn1_version 0.3.4 +%global _hardened_build 1 -%define _hardened_build 1 +%global glib2_version 2.38.0 +%global gcr_version 3.5.3 +%global gcrypt_version 1.2.2 Summary: Framework for managing passwords and other secrets Name: gnome-keyring -Version: 3.14.0 -Release: 1%{?dist} +Version: 3.20.0 +Release: 3%{?dist} License: GPLv2+ and LGPLv2+ Group: System Environment/Libraries #VCS: git:git://git.gnome.org/gnome-keyring -Source: http://download.gnome.org/sources/gnome-keyring/3.14/gnome-keyring-%{version}.tar.xz -URL: http://www.gnome.org - -BuildRequires: glib2-devel >= %{glib2_version} -BuildRequires: gcr-devel >= %{gcr_version} -BuildRequires: dbus-devel >= %{dbus_version} -BuildRequires: libgcrypt-devel >= %{gcrypt_version} -BuildRequires: libtasn1-devel >= %{libtasn1_version} -BuildRequires: pam-devel +Source: https://download.gnome.org/sources/%{name}/3.20/%{name}-%{version}.tar.xz +# https://bugzilla.redhat.com/show_bug.cgi?id=1325993 +Patch0: gnome-keyring-3.20.0-fix-invalid-secret-transfer.patch +URL: https://wiki.gnome.org/Projects/GnomeKeyring + +BuildRequires: pkgconfig(gcr-3) >= %{gcr_version} +BuildRequires: pkgconfig(glib-2.0) >= %{glib2_version} +BuildRequires: pkgconfig(p11-kit-1) +BuildRequires: docbook-dtds +BuildRequires: docbook-style-xsl BuildRequires: gettext BuildRequires: intltool -BuildRequires: libtasn1-tools -BuildRequires: gtk-doc BuildRequires: libcap-ng-devel +BuildRequires: libgcrypt-devel >= %{gcrypt_version} BuildRequires: libselinux-devel -BuildRequires: p11-kit-devel -BuildRequires: gcr-devel +BuildRequires: pam-devel +BuildRequires: /usr/bin/xsltproc # we no longer have a devel subpackage Obsoletes: %{name}-devel < 3.3.0 @@ -55,6 +53,8 @@ automatically unlock the "login" keyring when the user logs in. %prep %setup -q -n gnome-keyring-%{version} +%patch0 -p1 + %build %configure \ @@ -64,10 +64,10 @@ automatically unlock the "login" keyring when the user logs in. # avoid unneeded direct dependencies sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0 /g' libtool -make %{?_smp_mflags} V=1 +make %{?_smp_mflags} %install -make install DESTDIR=$RPM_BUILD_ROOT +%make_install rm $RPM_BUILD_ROOT%{_libdir}/security/*.la rm $RPM_BUILD_ROOT%{_libdir}/pkcs11/*.la @@ -85,7 +85,8 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas >&/dev/null || : %files -f gnome-keyring.lang -%doc AUTHORS NEWS README COPYING COPYING.LIB +%doc AUTHORS NEWS README +%license COPYING COPYING.LIB # LGPL %dir %{_libdir}/gnome-keyring %dir %{_libdir}/gnome-keyring/devel @@ -110,6 +111,15 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas >&/dev/null || : %changelog +* Tue Mar 21 2017 David King - 3.20.0-3 +- Enable hardened build flags (#1386951) + +* Tue Mar 21 2017 David King - 3.20.0-2 +- Fix invalid secret transfer error (#1325993) + +* Thu Mar 02 2017 David King - 3.20.0-1 +- Update to 3.20.0 (#1386951) + * Mon Mar 23 2015 Richard Hughes - 3.14.0-1 - Update to 3.14.0 - Resolves: #1174714