diff --git a/gnome-keyring-3.15.90-fix-ssh-agent.patch b/gnome-keyring-3.15.90-fix-ssh-agent.patch new file mode 100644 index 0000000..cc6c956 --- /dev/null +++ b/gnome-keyring-3.15.90-fix-ssh-agent.patch @@ -0,0 +1,56 @@ +From 06422ea18cebfd6d4d554d01445eafb3d140d6b8 Mon Sep 17 00:00:00 2001 +From: Christophe Fergeau +Date: Fri, 6 Mar 2015 10:36:04 +0100 +Subject: Revert "ssh-agent: Fix leak in search_keys_like_attributes()" +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This reverts commit d177a8b5353f3156ab504f39c20753d6786e5e4d. + +This breaks the ssh agent as this causes it to fail to remember unlocked +keys, and to always ask for a key passphrase when attempting an ssh +connection. +From https://bugzilla.gnome.org/show_bug.cgi?id=744280 : +« ssh foo.example.com is always asking to unlock the corresponding key +while before this commit this works fine. + +gkd-ssh-agent-ops.c:op_sign_request has: +result = unlock_and_sign (session, key, mech, hash, n_hash, &n_result, +&error); +g_object_unref (session); +g_object_unref (key); + +After the leak fix mentioned above, unreffing 'key' causes the last +reference to be released, so it's destroyed, and this locks the just +unlocked key. +Removing the g_object_unref() avoids this issue, but readds a leak. I +assume 'key' should be added somewhere so that it's kept alive, but I'm +not really sure where/how » + +diff --git a/daemon/ssh-agent/gkd-ssh-agent-ops.c b/daemon/ssh-agent/gkd-ssh-agent-ops.c +index 2b30747..d70875c 100644 +--- a/daemon/ssh-agent/gkd-ssh-agent-ops.c ++++ b/daemon/ssh-agent/gkd-ssh-agent-ops.c +@@ -139,7 +139,6 @@ search_keys_like_attributes (GList *modules, GckSession *session, GckAttributes + en = gck_modules_enumerate_objects (modules, search, GCK_SESSION_AUTHENTICATE | GCK_SESSION_READ_WRITE); + + for (;;) { +- gboolean done; + object = gck_enumerator_next (en, NULL, &error); + if (!object) { + if (error) { +@@ -149,9 +148,7 @@ search_keys_like_attributes (GList *modules, GckSession *session, GckAttributes + break; + } + +- done = !(func) (object, user_data); +- g_object_unref (object); +- if (done) ++ if (!(func) (object, user_data)) + break; + } + +-- +cgit v0.10.2 + diff --git a/gnome-keyring.spec b/gnome-keyring.spec index ae66d82..9d16c31 100644 --- a/gnome-keyring.spec +++ b/gnome-keyring.spec @@ -6,12 +6,14 @@ Summary: Framework for managing passwords and other secrets Name: gnome-keyring Version: 3.15.90 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2+ and LGPLv2+ Group: System Environment/Libraries #VCS: git:git://git.gnome.org/gnome-keyring Source: https://download.gnome.org/sources/%{name}/3.15/%{name}-%{version}.tar.xz URL: https://wiki.gnome.org/Projects/GnomeKeyring +# https://bugzilla.gnome.org/show_bug.cgi?id=744280 +Patch0: gnome-keyring-3.15.90-fix-ssh-agent.patch BuildRequires: pkgconfig(dbus-1) >= %{dbus_version} BuildRequires: pkgconfig(gcr-3) >= %{gcr_version} @@ -51,6 +53,7 @@ automatically unlock the "login" keyring when the user logs in. %prep %setup -q -n gnome-keyring-%{version} +%patch0 -p1 %build %configure \ @@ -107,6 +110,9 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas >&/dev/null || : %changelog +* Sun Mar 08 2015 David King - 3.15.90-2 +- Add patch to fix repeated SSH agent requests + * Thu Feb 26 2015 David King - 3.15.90-1 - Update to 3.15.90 - Update URL