From 48122c596e43eb0ed7bbd39fe088c8365e0cfaa9 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Oct 30 2018 06:38:31 +0000
Subject: import gnome-keyring-3.28.2-1.el7


---

diff --git a/.gitignore b/.gitignore
index f62e761..f30f2a8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/gnome-keyring-3.20.0.tar.xz
+SOURCES/gnome-keyring-3.28.2.tar.xz
diff --git a/.gnome-keyring.metadata b/.gnome-keyring.metadata
index 578ddbe..9b0f2e0 100644
--- a/.gnome-keyring.metadata
+++ b/.gnome-keyring.metadata
@@ -1 +1 @@
-9c2a1fa6e52ae03a819dcb3be25048cd8e38c8c4 SOURCES/gnome-keyring-3.20.0.tar.xz
+a28f2e9ddee20c28922e7979cd3a4bb2b5c2e2ab SOURCES/gnome-keyring-3.28.2.tar.xz
diff --git a/SOURCES/0001-Fix-the-build-with-older-gcrypt-in-RHEL-7.patch b/SOURCES/0001-Fix-the-build-with-older-gcrypt-in-RHEL-7.patch
new file mode 100644
index 0000000..9816ebc
--- /dev/null
+++ b/SOURCES/0001-Fix-the-build-with-older-gcrypt-in-RHEL-7.patch
@@ -0,0 +1,196 @@
+From 3cc1bcebd9da74f8d2fa8648e076ba715e76c657 Mon Sep 17 00:00:00 2001
+From: Kalev Lember <klember@redhat.com>
+Date: Fri, 25 May 2018 18:43:32 +0200
+Subject: [PATCH] Fix the build with older gcrypt in RHEL 7
+
+Use deprecated GCRY_PK_ECDSA instead of GCRY_PK_ECC (which will be
+mapped to GCRY_PK_ECC in newer versions).
+---
+ pkcs11/gkm/gkm-crypto.c            |  4 ++--
+ pkcs11/gkm/gkm-data-der.c          | 10 +++++-----
+ pkcs11/gkm/gkm-private-xsa-key.c   |  4 ++--
+ pkcs11/gkm/gkm-public-xsa-key.c    |  4 ++--
+ pkcs11/gkm/gkm-sexp-key.c          |  4 ++--
+ pkcs11/gkm/gkm-sexp.c              |  2 +-
+ pkcs11/gkm/test-sexp.c             |  2 +-
+ pkcs11/ssh-store/gkm-ssh-openssh.c |  4 ++--
+ 8 files changed, 17 insertions(+), 17 deletions(-)
+
+diff --git a/pkcs11/gkm/gkm-crypto.c b/pkcs11/gkm/gkm-crypto.c
+index 7195e0a..cafe251 100644
+--- a/pkcs11/gkm/gkm-crypto.c
++++ b/pkcs11/gkm/gkm-crypto.c
+@@ -306,7 +306,7 @@ gkm_crypto_sign_xsa (gcry_sexp_t sexp, CK_MECHANISM_TYPE mech, CK_BYTE_PTR data,
+ 		rv = gkm_dsa_mechanism_sign (sexp, data, n_data, signature, n_signature);
+ 		break;
+ 	case CKM_ECDSA:
+-		g_return_val_if_fail (algorithm == GCRY_PK_ECC, CKR_GENERAL_ERROR);
++		g_return_val_if_fail (algorithm == GCRY_PK_ECDSA, CKR_GENERAL_ERROR);
+ 		rv = gkm_ecdsa_mechanism_sign (sexp, data, n_data, signature, n_signature);
+ 		break;
+ 	default:
+@@ -370,7 +370,7 @@ gkm_crypto_verify_xsa (gcry_sexp_t sexp, CK_MECHANISM_TYPE mech, CK_BYTE_PTR dat
+ 		rv = gkm_dsa_mechanism_verify (sexp, data, n_data, signature, n_signature);
+ 		break;
+ 	case CKM_ECDSA:
+-		g_return_val_if_fail (algorithm == GCRY_PK_ECC, CKR_GENERAL_ERROR);
++		g_return_val_if_fail (algorithm == GCRY_PK_ECDSA, CKR_GENERAL_ERROR);
+ 		rv = gkm_ecdsa_mechanism_verify (sexp, data, n_data, signature, n_signature);
+ 		break;
+ 	default:
+diff --git a/pkcs11/gkm/gkm-data-der.c b/pkcs11/gkm/gkm-data-der.c
+index 68f41d4..2f91eaf 100644
+--- a/pkcs11/gkm/gkm-data-der.c
++++ b/pkcs11/gkm/gkm-data-der.c
+@@ -800,7 +800,7 @@ gkm_data_der_read_private_pkcs8_plain (GBytes *data,
+ 	else if (key_algo == OID_PKIX1_DSA)
+ 		algorithm = GCRY_PK_DSA;
+ 	else if (key_algo == OID_PKIX1_ECDSA)
+-		algorithm = GCRY_PK_ECC;
++		algorithm = GCRY_PK_ECDSA;
+ 
+ 	if (!algorithm) {
+ 		ret = GKM_DATA_UNRECOGNIZED;
+@@ -829,7 +829,7 @@ done:
+ 			if (ret == GKM_DATA_UNRECOGNIZED && params)
+ 				ret = gkm_data_der_read_private_key_dsa_parts (keydata, params, s_key);
+ 			break;
+-		case GCRY_PK_ECC:
++		case GCRY_PK_ECDSA:
+ 			ret = gkm_data_der_read_private_key_ecdsa (keydata, s_key);
+ 			break;
+ 		default:
+@@ -1325,7 +1325,7 @@ gkm_data_der_write_public_key (gcry_sexp_t s_key)
+ 		return gkm_data_der_write_public_key_rsa (s_key);
+ 	case GCRY_PK_DSA:
+ 		return gkm_data_der_write_public_key_dsa (s_key);
+-	case GCRY_PK_ECC:
++	case GCRY_PK_ECDSA:
+ 		return gkm_data_der_write_public_key_ecdsa (s_key);
+ 	default:
+ 		g_return_val_if_reached (NULL);
+@@ -1350,7 +1350,7 @@ gkm_data_der_write_private_key (gcry_sexp_t s_key)
+ 		return gkm_data_der_write_private_key_rsa (s_key);
+ 	case GCRY_PK_DSA:
+ 		return gkm_data_der_write_private_key_dsa (s_key);
+-	case GCRY_PK_ECC:
++	case GCRY_PK_ECDSA:
+ 		return gkm_data_der_write_private_key_ecdsa (s_key);
+ 	default:
+ 		g_return_val_if_reached (NULL);
+@@ -1460,7 +1460,7 @@ gkm_data_der_write_private_pkcs8_plain (gcry_sexp_t skey)
+ 		params = gkm_data_der_write_private_key_dsa_params (skey);
+ 		break;
+ 
+-	case GCRY_PK_ECC:
++	case GCRY_PK_ECDSA:
+ 		oid = OID_PKIX1_ECDSA;
+ 		params = NULL;
+ 		key = gkm_data_der_write_private_key_ecdsa (skey);
+diff --git a/pkcs11/gkm/gkm-private-xsa-key.c b/pkcs11/gkm/gkm-private-xsa-key.c
+index 3dbbd12..878d5f0 100644
+--- a/pkcs11/gkm/gkm-private-xsa-key.c
++++ b/pkcs11/gkm/gkm-private-xsa-key.c
+@@ -361,10 +361,10 @@ gkm_private_xsa_key_real_get_attribute (GkmObject *base, GkmSession *session, CK
+ 		return gkm_sexp_key_set_part (GKM_SEXP_KEY (self), GCRY_PK_DSA, "g", attr);
+ 
+ 	case CKA_EC_POINT:
+-		return gkm_sexp_key_set_ec_q (GKM_SEXP_KEY (self), GCRY_PK_ECC, attr);
++		return gkm_sexp_key_set_ec_q (GKM_SEXP_KEY (self), GCRY_PK_ECDSA, attr);
+ 
+ 	case CKA_EC_PARAMS:
+-		return gkm_sexp_key_set_ec_params (GKM_SEXP_KEY (self), GCRY_PK_ECC, attr);
++		return gkm_sexp_key_set_ec_params (GKM_SEXP_KEY (self), GCRY_PK_ECDSA, attr);
+ 
+ 	/* (EC)DSA private parts */
+ 	case CKA_VALUE:
+diff --git a/pkcs11/gkm/gkm-public-xsa-key.c b/pkcs11/gkm/gkm-public-xsa-key.c
+index 5cc93f3..fced172 100644
+--- a/pkcs11/gkm/gkm-public-xsa-key.c
++++ b/pkcs11/gkm/gkm-public-xsa-key.c
+@@ -267,10 +267,10 @@ gkm_public_xsa_key_real_get_attribute (GkmObject *base, GkmSession *session, CK_
+ 		return gkm_sexp_key_set_part (GKM_SEXP_KEY (self), GCRY_PK_DSA, "y", attr);
+ 
+ 	case CKA_EC_POINT:
+-		return gkm_sexp_key_set_ec_q (GKM_SEXP_KEY (self), GCRY_PK_ECC, attr);
++		return gkm_sexp_key_set_ec_q (GKM_SEXP_KEY (self), GCRY_PK_ECDSA, attr);
+ 
+ 	case CKA_EC_PARAMS:
+-		return gkm_sexp_key_set_ec_params (GKM_SEXP_KEY (self), GCRY_PK_ECC, attr);
++		return gkm_sexp_key_set_ec_params (GKM_SEXP_KEY (self), GCRY_PK_ECDSA, attr);
+ 	};
+ 
+ 	return GKM_OBJECT_CLASS (gkm_public_xsa_key_parent_class)->get_attribute (base, session, attr);
+diff --git a/pkcs11/gkm/gkm-sexp-key.c b/pkcs11/gkm/gkm-sexp-key.c
+index 8b98bdc..9d0f233 100644
+--- a/pkcs11/gkm/gkm-sexp-key.c
++++ b/pkcs11/gkm/gkm-sexp-key.c
+@@ -65,7 +65,7 @@ gkm_sexp_key_real_get_attribute (GkmObject *base, GkmSession *session, CK_ATTRIB
+ 				return gkm_attribute_set_ulong (attr, CKK_RSA);
+ 			case GCRY_PK_DSA:
+ 				return gkm_attribute_set_ulong (attr, CKK_DSA);
+-			case GCRY_PK_ECC:
++			case GCRY_PK_ECDSA:
+ 				return gkm_attribute_set_ulong (attr, CKK_ECDSA);
+ 			default:
+ 				g_return_val_if_reached (CKR_GENERAL_ERROR);
+@@ -104,7 +104,7 @@ gkm_sexp_key_real_get_attribute (GkmObject *base, GkmSession *session, CK_ATTRIB
+ 		case GCRY_PK_DSA:
+ 			return gkm_attribute_set_data (attr, (CK_VOID_PTR)GKM_DSA_MECHANISMS,
+ 			                               sizeof (GKM_DSA_MECHANISMS));
+-		case GCRY_PK_ECC:
++		case GCRY_PK_ECDSA:
+ 			return gkm_attribute_set_data (attr, (CK_VOID_PTR)GKM_ECDSA_MECHANISMS,
+ 			                               sizeof (GKM_ECDSA_MECHANISMS));
+ 		default:
+diff --git a/pkcs11/gkm/gkm-sexp.c b/pkcs11/gkm/gkm-sexp.c
+index 287f874..d2c8a53 100644
+--- a/pkcs11/gkm/gkm-sexp.c
++++ b/pkcs11/gkm/gkm-sexp.c
+@@ -235,7 +235,7 @@ gkm_sexp_key_to_public (gcry_sexp_t privkey, gcry_sexp_t *pubkey)
+ 	case GCRY_PK_DSA:
+ 		*pubkey = dsa_numbers_to_public (numbers);
+ 		break;
+-	case GCRY_PK_ECC:
++	case GCRY_PK_ECDSA:
+ 		*pubkey = ecdsa_numbers_to_public (numbers);
+ 		break;
+ 	default:
+diff --git a/pkcs11/gkm/test-sexp.c b/pkcs11/gkm/test-sexp.c
+index ba104a0..78cc08e 100644
+--- a/pkcs11/gkm/test-sexp.c
++++ b/pkcs11/gkm/test-sexp.c
+@@ -152,7 +152,7 @@ test_parse_key (Test *test, gconstpointer unused)
+ 	/* Get the private key out */
+ 	ret = gkm_sexp_parse_key (test->ecdsakey, &algorithm, &is_priv, &sexp);
+ 	g_assert (ret);
+-	g_assert (algorithm == GCRY_PK_ECC);
++	g_assert (algorithm == GCRY_PK_ECDSA);
+ 	g_assert (is_priv == TRUE);
+ 	g_assert (sexp != NULL);
+ 	gcry_sexp_release (sexp);
+diff --git a/pkcs11/ssh-store/gkm-ssh-openssh.c b/pkcs11/ssh-store/gkm-ssh-openssh.c
+index 6c21264..c1644d5 100644
+--- a/pkcs11/ssh-store/gkm-ssh-openssh.c
++++ b/pkcs11/ssh-store/gkm-ssh-openssh.c
+@@ -34,7 +34,7 @@ keytype_to_algo (const gchar *salgo)
+ 	else if ((strcmp (salgo, "ecdsa-sha2-nistp256") == 0)
+ 	    || (strcmp (salgo, "ecdsa-sha2-nistp384") == 0)
+ 	    || (strcmp (salgo, "ecdsa-sha2-nistp521") == 0))
+-		return GCRY_PK_ECC;
++		return GCRY_PK_ECDSA;
+ 	return 0;
+ }
+ 
+@@ -190,7 +190,7 @@ read_public (EggBuffer *req, gsize *offset, gcry_sexp_t *key, int *algo)
+ 	case GCRY_PK_DSA:
+ 		ret = read_public_dsa (req, offset, key);
+ 		break;
+-	case GCRY_PK_ECC:
++	case GCRY_PK_ECDSA:
+ 		ret = read_public_ecdsa (req, offset, key);
+ 		break;
+ 	default:
+-- 
+1.8.3.1
+
diff --git a/SOURCES/gnome-keyring-3.20.0-fix-invalid-secret-transfer.patch b/SOURCES/gnome-keyring-3.20.0-fix-invalid-secret-transfer.patch
deleted file mode 100644
index 46d4da3..0000000
--- a/SOURCES/gnome-keyring-3.20.0-fix-invalid-secret-transfer.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From 61bceb62ae7962d3507fcddaa3a904e4efa477d6 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Tomasz=20Mi=C4=85sko?= <tomasz.miasko@gmail.com>
-Date: Thu, 9 Feb 2017 09:45:01 +0100
-Subject: DH: Ensure that generated secret occupies the same number of bytes as
- prime.
-
-https://bugzilla.gnome.org/show_bug.cgi?id=778357
----
- egg/egg-dh.c | 15 +++++++++++----
- 1 file changed, 11 insertions(+), 4 deletions(-)
-
-diff --git a/egg/egg-dh.c b/egg/egg-dh.c
-index ff9ded6..e968baf 100644
---- a/egg/egg-dh.c
-+++ b/egg/egg-dh.c
-@@ -311,6 +311,7 @@ egg_dh_gen_secret (gcry_mpi_t peer, gcry_mpi_t priv,
- {
- 	gcry_error_t gcry;
- 	guchar *value;
-+	gsize n_prime;
- 	gsize n_value;
- 	gcry_mpi_t k;
- 	gint bits;
-@@ -327,19 +328,25 @@ egg_dh_gen_secret (gcry_mpi_t peer, gcry_mpi_t priv,
- 	gcry_mpi_powm (k, peer, priv, prime);
- 
- 	/* Write out the secret */
--	gcry = gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0, &n_value, k);
-+	gcry = gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0, &n_prime, prime);
- 	g_return_val_if_fail (gcry == 0, NULL);
--	value = egg_secure_alloc (n_value);
--	gcry = gcry_mpi_print (GCRYMPI_FMT_USG, value, n_value, &n_value, k);
-+	value = egg_secure_alloc (n_prime);
-+	gcry = gcry_mpi_print (GCRYMPI_FMT_USG, value, n_prime, &n_value, k);
- 	g_return_val_if_fail (gcry == 0, NULL);
- 
-+	/* Pad the secret with zero bytes to match length of prime in bytes. */
-+	if (n_value < n_prime) {
-+		memmove (value + (n_prime - n_value), value, n_value);
-+		memset (value, 0, (n_prime - n_value));
-+	}
-+
- #if DEBUG_DH_SECRET
- 	g_printerr ("DH SECRET: ");
- 	gcry_mpi_dump (k);
- 	gcry_mpi_release (k);
- #endif
- 
--	*bytes = n_value;
-+	*bytes = n_prime;
- 
- #if DEBUG_DH_SECRET
- 	gcry_mpi_scan (&k, GCRYMPI_FMT_USG, value, bytes, NULL);
--- 
-cgit v0.12
-
diff --git a/SPECS/gnome-keyring.spec b/SPECS/gnome-keyring.spec
index ad39c51..2520979 100644
--- a/SPECS/gnome-keyring.spec
+++ b/SPECS/gnome-keyring.spec
@@ -1,20 +1,19 @@
 %global _hardened_build 1
 
-%global glib2_version 2.38.0
-%global gcr_version 3.5.3
+%global glib2_version 2.44.0
+%global gcr_version 3.27.90
 %global gcrypt_version 1.2.2
 
-Summary: Framework for managing passwords and other secrets
 Name: gnome-keyring
-Version: 3.20.0
-Release: 3%{?dist}
+Version: 3.28.2
+Release: 1%{?dist}
+Summary: Framework for managing passwords and other secrets
+
 License: GPLv2+ and LGPLv2+
-Group: System Environment/Libraries
-#VCS: git:git://git.gnome.org/gnome-keyring
-Source:  https://download.gnome.org/sources/%{name}/3.20/%{name}-%{version}.tar.xz
-# https://bugzilla.redhat.com/show_bug.cgi?id=1325993
-Patch0:  gnome-keyring-3.20.0-fix-invalid-secret-transfer.patch
 URL:     https://wiki.gnome.org/Projects/GnomeKeyring
+Source0: https://download.gnome.org/sources/%{name}/3.28/%{name}-%{version}.tar.xz
+# Downstream patch to fix the build with RHEL 7 gcrypt
+Patch0:  0001-Fix-the-build-with-older-gcrypt-in-RHEL-7.patch
 
 BuildRequires: pkgconfig(gcr-3) >= %{gcr_version}
 BuildRequires: pkgconfig(glib-2.0) >= %{glib2_version}
@@ -27,8 +26,14 @@ BuildRequires: libcap-ng-devel
 BuildRequires: libgcrypt-devel >= %{gcrypt_version}
 BuildRequires: libselinux-devel
 BuildRequires: pam-devel
+BuildRequires: /usr/bin/ssh-add
+BuildRequires: /usr/bin/ssh-agent
 BuildRequires: /usr/bin/xsltproc
 
+Requires: /usr/bin/ssh-add
+Requires: /usr/bin/ssh-agent
+Requires: /usr/libexec/gcr-ssh-askpass
+
 # we no longer have a devel subpackage
 Obsoletes: %{name}-devel < 3.3.0
 Provides:  %{name}-devel = 3.3.0
@@ -38,10 +43,10 @@ The gnome-keyring session daemon manages passwords and other types of
 secrets for the user, storing them encrypted with a main password.
 Applications can use the gnome-keyring library to integrate with the keyring.
 
+
 %package pam
 Summary: Pam module for unlocking keyrings
 License: LGPLv2+
-Group: Development/Libraries
 Requires: %{name}%{?_isa} = %{version}-%{release}
 # for /lib/security
 Requires: pam%{?_isa}
@@ -52,8 +57,7 @@ automatically unlock the "login" keyring when the user logs in.
 
 
 %prep
-%setup -q -n gnome-keyring-%{version}
-%patch0 -p1
+%autosetup -p1
 
 
 %build
@@ -66,6 +70,7 @@ sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0 /g' libtool
 
 make %{?_smp_mflags}
 
+
 %install
 %make_install
 
@@ -75,6 +80,7 @@ rm $RPM_BUILD_ROOT%{_libdir}/gnome-keyring/devel/*.la
 
 %find_lang gnome-keyring
 
+
 %postun
 if [ $1 -eq 0 ]; then
   glib-compile-schemas %{_datadir}/glib-2.0/schemas >&/dev/null || :
@@ -101,7 +107,6 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas >&/dev/null || :
 %{_sysconfdir}/xdg/autostart/*
 %{_datadir}/GConf/gsettings/*.convert
 %{_datadir}/glib-2.0/schemas/*.gschema.xml
-%{_datadir}/p11-kit/modules/gnome-keyring.module
 %{_mandir}/man1/gnome-keyring.1*
 %{_mandir}/man1/gnome-keyring-3.1*
 %{_mandir}/man1/gnome-keyring-daemon.1*
@@ -111,6 +116,10 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas >&/dev/null || :
 
 
 %changelog
+* Tue May 08 2018 Kalev Lember <klember@redhat.com> - 3.28.2-1
+- Update to 3.28.2
+- Resolves: #1568176
+
 * Tue Mar 21 2017 David King <dking@redhat.com> - 3.20.0-3
 - Enable hardened build flags (#1386951)