From c48058ffca3bd043759e07b2e10c98e273c542a7 Mon Sep 17 00:00:00 2001 From: Tomas Bzatek Date: Tue, 16 Feb 2010 15:52:07 +0000 Subject: [PATCH] - Backport fixes from master related to storing secret value --- ...ng-2.29.90-dbus-setting-NULL-default.patch | 19 ++ ...e-keyring-2.29.90-pkcs11-value-store.patch | 249 ++++++++++++++++++ ...cret-store-bad-collection-identifier.patch | 224 ++++++++++++++++ ...-2.29.90-secret-store-sporadic-crash.patch | 21 ++ ...ing-2.29.90-secret-store-value-store.patch | 33 +++ ...2.29.90-ssh-agent-disconnect-warning.patch | 24 ++ gnome-keyring.spec | 18 +- 7 files changed, 587 insertions(+), 1 deletion(-) create mode 100644 gnome-keyring-2.29.90-dbus-setting-NULL-default.patch create mode 100644 gnome-keyring-2.29.90-pkcs11-value-store.patch create mode 100644 gnome-keyring-2.29.90-secret-store-bad-collection-identifier.patch create mode 100644 gnome-keyring-2.29.90-secret-store-sporadic-crash.patch create mode 100644 gnome-keyring-2.29.90-secret-store-value-store.patch create mode 100644 gnome-keyring-2.29.90-ssh-agent-disconnect-warning.patch diff --git a/gnome-keyring-2.29.90-dbus-setting-NULL-default.patch b/gnome-keyring-2.29.90-dbus-setting-NULL-default.patch new file mode 100644 index 0000000..d34dacd --- /dev/null +++ b/gnome-keyring-2.29.90-dbus-setting-NULL-default.patch @@ -0,0 +1,19 @@ +From 6bd4a868bba97d0142b6254784937f8ffe4fc89c Mon Sep 17 00:00:00 2001 +From: Stef Walter +Date: Sun, 14 Feb 2010 04:09:25 +0000 +Subject: [dbus] Fix error when setting default keyring to NULL. + +--- +diff --git a/daemon/dbus/gkd-secret-objects.c b/daemon/dbus/gkd-secret-objects.c +index c19bd50..d2f52eb 100644 +--- a/daemon/dbus/gkd-secret-objects.c ++++ b/daemon/dbus/gkd-secret-objects.c +@@ -1328,6 +1328,5 @@ gkd_secret_objects_set_alias (GkdSecretObjects *self, const gchar *alias, + { + g_return_if_fail (GKD_SECRET_IS_OBJECTS (self)); + g_return_if_fail (alias); +- g_return_if_fail (identifier); + g_hash_table_replace (self->aliases, g_strdup (alias), g_strdup (identifier)); + } +-- +cgit v0.8.3.1 diff --git a/gnome-keyring-2.29.90-pkcs11-value-store.patch b/gnome-keyring-2.29.90-pkcs11-value-store.patch new file mode 100644 index 0000000..c299638 --- /dev/null +++ b/gnome-keyring-2.29.90-pkcs11-value-store.patch @@ -0,0 +1,249 @@ +From 9a271ef0518949f06fb5132ecad1ed93bcf4f72c Mon Sep 17 00:00:00 2001 +From: Stef Walter +Date: Sat, 13 Feb 2010 23:43:35 +0000 +Subject: [pkcs11] Fix problem with not storing secret value properly. + +If a new object was not created, such as when unwrapping a +secret item, then the attributes set were not stored properly. +--- +diff --git a/pkcs11/gck/gck-aes-key.c b/pkcs11/gck/gck-aes-key.c +index 6274703..14d11e5 100644 +--- a/pkcs11/gck/gck-aes-key.c ++++ b/pkcs11/gck/gck-aes-key.c +@@ -129,7 +129,8 @@ factory_create_aes_key (GckSession *session, GckTransaction *transaction, + + gck_attribute_consume (value); + +- gck_session_complete_object_creation (session, transaction, GCK_OBJECT (key), attrs, n_attrs); ++ gck_session_complete_object_creation (session, transaction, GCK_OBJECT (key), ++ TRUE, attrs, n_attrs); + return GCK_OBJECT (key); + } + +diff --git a/pkcs11/gck/gck-certificate.c b/pkcs11/gck/gck-certificate.c +index 4761731..d547b26 100644 +--- a/pkcs11/gck/gck-certificate.c ++++ b/pkcs11/gck/gck-certificate.c +@@ -275,7 +275,8 @@ factory_create_certificate (GckSession *session, GckTransaction *transaction, + /* Note that we ignore the subject */ + gck_attributes_consume (attrs, n_attrs, CKA_VALUE, CKA_SUBJECT, G_MAXULONG); + +- gck_session_complete_object_creation (session, transaction, GCK_OBJECT (cert), attrs, n_attrs); ++ gck_session_complete_object_creation (session, transaction, GCK_OBJECT (cert), ++ TRUE, attrs, n_attrs); + return GCK_OBJECT (cert); + } + +diff --git a/pkcs11/gck/gck-credential.c b/pkcs11/gck/gck-credential.c +index 74ce3e6..e3a6d58 100644 +--- a/pkcs11/gck/gck-credential.c ++++ b/pkcs11/gck/gck-credential.c +@@ -93,7 +93,8 @@ factory_create_credential (GckSession *session, GckTransaction *transaction, + attr ? attr->ulValueLen : 0, &cred); + + if (rv == CKR_OK) { +- gck_session_complete_object_creation (session, transaction, GCK_OBJECT (cred), attrs, n_attrs); ++ gck_session_complete_object_creation (session, transaction, GCK_OBJECT (cred), ++ TRUE, attrs, n_attrs); + return GCK_OBJECT (cred); + } else { + gck_transaction_fail (transaction, rv); +diff --git a/pkcs11/gck/gck-dh-private-key.c b/pkcs11/gck/gck-dh-private-key.c +index 72af177..278dea0 100644 +--- a/pkcs11/gck/gck-dh-private-key.c ++++ b/pkcs11/gck/gck-dh-private-key.c +@@ -72,7 +72,8 @@ factory_create_dh_private_key (GckSession *session, GckTransaction *transaction, + idattr ? idattr->ulValueLen : 0)); + gck_attributes_consume (attrs, n_attrs, CKA_PRIME, CKA_BASE, CKA_VALUE, G_MAXULONG); + +- gck_session_complete_object_creation (session, transaction, object, attrs, n_attrs); ++ gck_session_complete_object_creation (session, transaction, object, ++ TRUE, attrs, n_attrs); + return object; + } + +diff --git a/pkcs11/gck/gck-dh-public-key.c b/pkcs11/gck/gck-dh-public-key.c +index d6f5284..be0bb25 100644 +--- a/pkcs11/gck/gck-dh-public-key.c ++++ b/pkcs11/gck/gck-dh-public-key.c +@@ -72,7 +72,8 @@ factory_create_dh_public_key (GckSession *session, GckTransaction *transaction, + idattr ? idattr->ulValueLen : 0)); + gck_attributes_consume (attrs, n_attrs, CKA_PRIME, CKA_BASE, CKA_VALUE, G_MAXULONG); + +- gck_session_complete_object_creation (session, transaction, object, attrs, n_attrs); ++ gck_session_complete_object_creation (session, transaction, object, ++ TRUE, attrs, n_attrs); + return object; + } + +diff --git a/pkcs11/gck/gck-null-key.c b/pkcs11/gck/gck-null-key.c +index 7bb912d..75d8b76 100644 +--- a/pkcs11/gck/gck-null-key.c ++++ b/pkcs11/gck/gck-null-key.c +@@ -53,7 +53,8 @@ factory_create_null_key (GckSession *session, GckTransaction *transaction, + "manager", manager, + NULL); + +- gck_session_complete_object_creation (session, transaction, GCK_OBJECT (key), attrs, n_attrs); ++ gck_session_complete_object_creation (session, transaction, GCK_OBJECT (key), ++ TRUE, attrs, n_attrs); + return GCK_OBJECT (key); + } + +diff --git a/pkcs11/gck/gck-private-xsa-key.c b/pkcs11/gck/gck-private-xsa-key.c +index 5940309..4c2704a 100644 +--- a/pkcs11/gck/gck-private-xsa-key.c ++++ b/pkcs11/gck/gck-private-xsa-key.c +@@ -163,7 +163,8 @@ factory_create_private_xsa_key (GckSession *session, GckTransaction *transaction + NULL); + key->pv->sexp = sexp; + +- gck_session_complete_object_creation (session, transaction, GCK_OBJECT (key), attrs, n_attrs); ++ gck_session_complete_object_creation (session, transaction, GCK_OBJECT (key), ++ TRUE, attrs, n_attrs); + return GCK_OBJECT (key); + } + +diff --git a/pkcs11/gck/gck-public-xsa-key.c b/pkcs11/gck/gck-public-xsa-key.c +index e6f3eb9..f28d56a 100644 +--- a/pkcs11/gck/gck-public-xsa-key.c ++++ b/pkcs11/gck/gck-public-xsa-key.c +@@ -155,7 +155,8 @@ factory_create_public_xsa_key (GckSession *session, GckTransaction *transaction, + "manager", gck_manager_for_template (attrs, n_attrs, session), + NULL); + gck_sexp_unref (sexp); +- gck_session_complete_object_creation (session, transaction, object, attrs, n_attrs); ++ gck_session_complete_object_creation (session, transaction, object, ++ TRUE, attrs, n_attrs); + } + + return object; +diff --git a/pkcs11/gck/gck-session.c b/pkcs11/gck/gck-session.c +index 1389d7d..d2f0ae4 100644 +--- a/pkcs11/gck/gck-session.c ++++ b/pkcs11/gck/gck-session.c +@@ -836,8 +836,8 @@ gck_session_create_object_for_attributes (GckSession *self, GckTransaction *tran + } + + void +-gck_session_complete_object_creation (GckSession *self, GckTransaction *transaction, +- GckObject *object, CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs) ++gck_session_complete_object_creation (GckSession *self, GckTransaction *transaction, GckObject *object, ++ gboolean add, CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs) + { + gboolean is_private; + gulong i; +@@ -873,7 +873,7 @@ gck_session_complete_object_creation (GckSession *self, GckTransaction *transact + } + + /* Add the object to session or token */ +- if (!gck_transaction_get_failed (transaction)) { ++ if (add && !gck_transaction_get_failed (transaction)) { + if (gck_object_is_token (object)) + gck_module_add_token_object (self->pv->module, transaction, object); + else +diff --git a/pkcs11/gck/gck-session.h b/pkcs11/gck/gck-session.h +index 290443d..fa4cb01 100644 +--- a/pkcs11/gck/gck-session.h ++++ b/pkcs11/gck/gck-session.h +@@ -117,6 +117,7 @@ GckObject* gck_session_create_object_for_attributes (GckSess + void gck_session_complete_object_creation (GckSession *self, + GckTransaction *transaction, + GckObject *object, ++ gboolean add, + CK_ATTRIBUTE_PTR attrs, + CK_ULONG n_attrs); + +diff --git a/pkcs11/secret-store/gck-secret-collection.c b/pkcs11/secret-store/gck-secret-collection.c +index 4be98dc..613c1ae 100644 +--- a/pkcs11/secret-store/gck-secret-collection.c ++++ b/pkcs11/secret-store/gck-secret-collection.c +@@ -297,7 +297,8 @@ factory_create_collection (GckSession *session, GckTransaction *transaction, + g_object_unref (sdata); + + gck_attributes_consume (attrs, n_attrs, CKA_G_CREDENTIAL, G_MAXULONG); +- gck_session_complete_object_creation (session, transaction, GCK_OBJECT (collection), attrs, n_attrs); ++ gck_session_complete_object_creation (session, transaction, GCK_OBJECT (collection), ++ TRUE, attrs, n_attrs); + return GCK_OBJECT (collection); + } + +diff --git a/pkcs11/secret-store/gck-secret-item.c b/pkcs11/secret-store/gck-secret-item.c +index 5c77723..0c7636d 100644 +--- a/pkcs11/secret-store/gck-secret-item.c ++++ b/pkcs11/secret-store/gck-secret-item.c +@@ -141,7 +141,6 @@ factory_create_item (GckSession *session, GckTransaction *transaction, + CK_ATTRIBUTE *attr; + gboolean is_token; + gchar *identifier; +- CK_ULONG i; + + g_return_val_if_fail (GCK_IS_TRANSACTION (transaction), NULL); + g_return_val_if_fail (attrs || !n_attrs, NULL); +@@ -176,18 +175,16 @@ factory_create_item (GckSession *session, GckTransaction *transaction, + gck_transaction_fail (transaction, CKR_TEMPLATE_INCONSISTENT); + return NULL; + } else { +- gck_attributes_consume (attrs, n_attrs, CKA_ID, CKA_TOKEN, G_MAXULONG); +- for (i = 0; i < n_attrs && !gck_transaction_get_failed (transaction); ++i) { +- if (!gck_attribute_consumed (&attrs[i])) +- gck_object_set_attribute (GCK_OBJECT (item), session, transaction, &attrs[i]); +- } ++ gck_session_complete_object_creation (session, transaction, GCK_OBJECT (item), ++ FALSE, attrs, n_attrs); + return g_object_ref (item); + } + } + + /* Create a new collection which will own the item */ + item = gck_secret_collection_create_item (collection, transaction); +- gck_session_complete_object_creation (session, transaction, GCK_OBJECT (item), attrs, n_attrs); ++ gck_session_complete_object_creation (session, transaction, GCK_OBJECT (item), ++ TRUE, attrs, n_attrs); + return g_object_ref (item); + } + +diff --git a/pkcs11/secret-store/gck-secret-search.c b/pkcs11/secret-store/gck-secret-search.c +index 1315687..07bcd5f 100644 +--- a/pkcs11/secret-store/gck-secret-search.c ++++ b/pkcs11/secret-store/gck-secret-search.c +@@ -240,7 +240,8 @@ factory_create_search (GckSession *session, GckTransaction *transaction, + populate_search_from_manager (search, s_manager); + populate_search_from_manager (search, m_manager); + +- gck_session_complete_object_creation (session, transaction, GCK_OBJECT (search), attrs, n_attrs); ++ gck_session_complete_object_creation (session, transaction, GCK_OBJECT (search), ++ TRUE, attrs, n_attrs); + return GCK_OBJECT (search); + } + +diff --git a/pkcs11/user-store/gck-user-private-key.c b/pkcs11/user-store/gck-user-private-key.c +index 7577c72..5ee57a3 100644 +--- a/pkcs11/user-store/gck-user-private-key.c ++++ b/pkcs11/user-store/gck-user-private-key.c +@@ -83,7 +83,8 @@ factory_create_private_key (GckSession *session, GckTransaction *transaction, + + gck_sexp_unref (sexp); + +- gck_session_complete_object_creation (session, transaction, GCK_OBJECT (key), attrs, n_attrs); ++ gck_session_complete_object_creation (session, transaction, GCK_OBJECT (key), ++ TRUE, attrs, n_attrs); + return GCK_OBJECT (key); + } + +diff --git a/pkcs11/user-store/gck-user-public-key.c b/pkcs11/user-store/gck-user-public-key.c +index 6b2d69c..ce20d1d 100644 +--- a/pkcs11/user-store/gck-user-public-key.c ++++ b/pkcs11/user-store/gck-user-public-key.c +@@ -62,7 +62,8 @@ factory_create_public_key (GckSession *session, GckTransaction *transaction, + "manager", gck_manager_for_template (attrs, n_attrs, session), + NULL); + gck_sexp_unref (sexp); +- gck_session_complete_object_creation (session, transaction, object, attrs, n_attrs); ++ gck_session_complete_object_creation (session, transaction, object, ++ TRUE, attrs, n_attrs); + } + + return object; +-- +cgit v0.8.3.1 diff --git a/gnome-keyring-2.29.90-secret-store-bad-collection-identifier.patch b/gnome-keyring-2.29.90-secret-store-bad-collection-identifier.patch new file mode 100644 index 0000000..d72cc62 --- /dev/null +++ b/gnome-keyring-2.29.90-secret-store-bad-collection-identifier.patch @@ -0,0 +1,224 @@ +From b4add492ad707b4503dd1614dc4b7100d3d89d76 Mon Sep 17 00:00:00 2001 +From: Stef Walter +Date: Sun, 14 Feb 2010 00:13:30 +0000 +Subject: [secret-store] Return OK when a search includes a bad collection identifier. + +So basically we just don't return any results. This is for two reasons: + * PKCS#11 isn't very helpful to the caller of C_CreateObject about + which attribute was wrong. + * Race conditions abound where you set up a search of a collection + that is being deleted. +--- +diff --git a/pkcs11/secret-store/gck-secret-search.c b/pkcs11/secret-store/gck-secret-search.c +index 07bcd5f..707366d 100644 +--- a/pkcs11/secret-store/gck-secret-search.c ++++ b/pkcs11/secret-store/gck-secret-search.c +@@ -39,13 +39,13 @@ + + enum { + PROP_0, +- PROP_COLLECTION, ++ PROP_COLLECTION_ID, + PROP_FIELDS + }; + + struct _GckSecretSearch { + GckObject parent; +- GckSecretCollection *collection; ++ gchar *collection_id; + GHashTable *fields; + GList *managers; + GHashTable *handles; +@@ -63,6 +63,7 @@ match_object_against_criteria (GckSecretSearch *self, GckObject *object) + GckSecretCollection *collection; + GckSecretItem *item; + GHashTable *fields; ++ const gchar *identifier; + + if (!GCK_IS_SECRET_ITEM (object)) + return FALSE; +@@ -70,9 +71,14 @@ match_object_against_criteria (GckSecretSearch *self, GckObject *object) + item = GCK_SECRET_ITEM (object); + + /* Collection should match unless any collection allowed */ +- collection = gck_secret_item_get_collection (item); +- if (self->collection && collection != self->collection) +- return FALSE; ++ if (self->collection_id) { ++ collection = gck_secret_item_get_collection (item); ++ g_return_val_if_fail (collection, FALSE); ++ identifier = gck_secret_object_get_identifier (GCK_SECRET_OBJECT (collection)); ++ g_return_val_if_fail (identifier, FALSE); ++ if (!g_str_equal (identifier, self->collection_id)) ++ return FALSE; ++ } + + /* Fields should match using our special algorithm */ + fields = gck_secret_item_get_fields (item); +@@ -185,9 +191,9 @@ static GckObject* + factory_create_search (GckSession *session, GckTransaction *transaction, + CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs) + { +- GckSecretCollection *collection = NULL; + GckManager *s_manager, *m_manager; + GckSecretSearch *search; ++ gchar *identifier = NULL; + CK_ATTRIBUTE *attr; + GHashTable *fields; + GckModule *module; +@@ -218,11 +224,10 @@ factory_create_search (GckSession *session, GckTransaction *transaction, + /* See if a collection attribute was specified, not present means all collections */ + attr = gck_attributes_find (attrs, n_attrs, CKA_G_COLLECTION); + if (attr) { +- collection = gck_secret_collection_find (attr, s_manager, m_manager, NULL); +- gck_attribute_consume (attr); +- if (!collection) { ++ rv = gck_attribute_get_string (attr, &identifier); ++ if (rv != CKR_OK) { + g_hash_table_unref (fields); +- gck_transaction_fail (transaction, CKR_TEMPLATE_INCONSISTENT); ++ gck_transaction_fail (transaction, rv); + return NULL; + } + } +@@ -231,7 +236,7 @@ factory_create_search (GckSession *session, GckTransaction *transaction, + "module", module, + "manager", s_manager, + "fields", fields, +- "collection", collection, ++ "collection-id", identifier, + NULL); + + /* Load any new items or collections */ +@@ -284,7 +289,6 @@ static CK_RV + gck_secret_search_get_attribute (GckObject *base, GckSession *session, CK_ATTRIBUTE_PTR attr) + { + GckSecretSearch *self = GCK_SECRET_SEARCH (base); +- const gchar *identifier; + + switch (attr->type) { + case CKA_CLASS: +@@ -292,10 +296,9 @@ gck_secret_search_get_attribute (GckObject *base, GckSession *session, CK_ATTRIB + case CKA_MODIFIABLE: + return gck_attribute_set_bool (attr, CK_TRUE); /* TODO: This is needed for deleting? */ + case CKA_G_COLLECTION: +- if (!self->collection) ++ if (!self->collection_id) + return gck_attribute_set_empty (attr); +- identifier = gck_secret_object_get_identifier (GCK_SECRET_OBJECT (self->collection)); +- return gck_attribute_set_string (attr, identifier); ++ return gck_attribute_set_string (attr, self->collection_id); + case CKA_G_FIELDS: + return gck_secret_fields_serialize (attr, self->fields); + case CKA_G_MATCHED: +@@ -329,9 +332,9 @@ gck_secret_search_set_property (GObject *obj, guint prop_id, const GValue *value + { + GckSecretSearch *self = GCK_SECRET_SEARCH (obj); + switch (prop_id) { +- case PROP_COLLECTION: +- g_return_if_fail (!self->collection); +- self->collection = g_value_dup_object (value); ++ case PROP_COLLECTION_ID: ++ g_return_if_fail (!self->collection_id); ++ self->collection_id = g_value_dup_string (value); + break; + case PROP_FIELDS: + g_return_if_fail (!self->fields); +@@ -350,8 +353,8 @@ gck_secret_search_get_property (GObject *obj, guint prop_id, GValue *value, + { + GckSecretSearch *self = GCK_SECRET_SEARCH (obj); + switch (prop_id) { +- case PROP_COLLECTION: +- g_value_set_object (value, gck_secret_search_get_collection (self)); ++ case PROP_COLLECTION_ID: ++ g_value_set_string (value, self->collection_id); + break; + case PROP_FIELDS: + g_return_if_fail (self->fields); +@@ -378,9 +381,8 @@ gck_secret_search_dispose (GObject *obj) + g_list_free (self->managers); + self->managers = NULL; + +- if (self->collection) +- g_object_unref (self->collection); +- self->collection = NULL; ++ g_free (self->collection_id); ++ self->collection_id = NULL; + + G_OBJECT_CLASS (gck_secret_search_parent_class)->dispose (obj); + } +@@ -415,9 +417,9 @@ gck_secret_search_class_init (GckSecretSearchClass *klass) + + gck_class->get_attribute = gck_secret_search_get_attribute; + +- g_object_class_install_property (gobject_class, PROP_COLLECTION, +- g_param_spec_object ("collection", "Collection", "Item's Collection", +- GCK_TYPE_SECRET_COLLECTION, G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY)); ++ g_object_class_install_property (gobject_class, PROP_COLLECTION_ID, ++ g_param_spec_string ("collection-id", "Collection ID", "Item's Collection's Identifier", ++ NULL, G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY)); + + g_object_class_install_property (gobject_class, PROP_FIELDS, + g_param_spec_boxed ("fields", "Fields", "Item's fields", +@@ -455,9 +457,9 @@ gck_secret_search_get_fields (GckSecretSearch *self) + return self->fields; + } + +-GckSecretCollection* +-gck_secret_search_get_collection (GckSecretSearch *self) ++const gchar* ++gck_secret_search_get_collection_id (GckSecretSearch *self) + { + g_return_val_if_fail (GCK_IS_SECRET_SEARCH (self), NULL); +- return self->collection; ++ return self->collection_id; + } +diff --git a/pkcs11/secret-store/gck-secret-search.h b/pkcs11/secret-store/gck-secret-search.h +index de85303..34f355a 100644 +--- a/pkcs11/secret-store/gck-secret-search.h ++++ b/pkcs11/secret-store/gck-secret-search.h +@@ -49,6 +49,6 @@ GckFactory* gck_secret_search_get_factory (void) G_GNUC_CONST; + + GHashTable* gck_secret_search_get_fields (GckSecretSearch *self); + +-GckSecretCollection* gck_secret_search_get_collection (GckSecretSearch *self); ++const gchar* gck_secret_search_get_collection_id (GckSecretSearch *self); + + #endif /* __GCK_SECRET_SEARCH_H__ */ +diff --git a/pkcs11/secret-store/tests/unit-test-secret-search.c b/pkcs11/secret-store/tests/unit-test-secret-search.c +index 1f1be89..51006e0 100644 +--- a/pkcs11/secret-store/tests/unit-test-secret-search.c ++++ b/pkcs11/secret-store/tests/unit-test-secret-search.c +@@ -114,7 +114,7 @@ DEFINE_TEST(create_search) + { CKA_G_FIELDS, "test\0value\0two\0value2", 22 }, + }; + +- GckSecretCollection *collection; ++ const gchar *identifier; + GckObject *object = NULL; + GHashTable *fields; + gpointer vdata; +@@ -156,8 +156,8 @@ DEFINE_TEST(create_search) + g_assert_cmpstr (gck_secret_fields_get (fields, "test"), ==, "value"); + + /* No collection */ +- collection = gck_secret_search_get_collection (GCK_SECRET_SEARCH (object)); +- g_assert (collection == NULL); ++ identifier = gck_secret_search_get_collection_id (GCK_SECRET_SEARCH (object)); ++ g_assert (identifier == NULL); + + g_object_unref (object); + } +@@ -274,7 +274,9 @@ DEFINE_TEST(create_search_for_bad_collection) + GckTransaction *transaction = gck_transaction_new (); + + object = gck_session_create_object_for_factory (session, factory, transaction, attrs, 2); +- g_assert (gck_transaction_complete_and_unref (transaction) == CKR_TEMPLATE_INCONSISTENT); ++ g_assert (gck_transaction_complete_and_unref (transaction) == CKR_OK); ++ ++ g_object_unref (object); + } + + DEFINE_TEST(create_search_for_collection) +-- +cgit v0.8.3.1 diff --git a/gnome-keyring-2.29.90-secret-store-sporadic-crash.patch b/gnome-keyring-2.29.90-secret-store-sporadic-crash.patch new file mode 100644 index 0000000..72fab8f --- /dev/null +++ b/gnome-keyring-2.29.90-secret-store-sporadic-crash.patch @@ -0,0 +1,21 @@ +From 0d82027ae6d68ce889f55833408a00c744bf65df Mon Sep 17 00:00:00 2001 +From: Stef Walter +Date: Sun, 14 Feb 2010 04:32:45 +0000 +Subject: [secret-store] Possible fix for a sporadic crash in this area. + +--- +diff --git a/pkcs11/secret-store/gck-secret-collection.c b/pkcs11/secret-store/gck-secret-collection.c +index 613c1ae..cf804aa 100644 +--- a/pkcs11/secret-store/gck-secret-collection.c ++++ b/pkcs11/secret-store/gck-secret-collection.c +@@ -145,7 +145,7 @@ track_secret_data (GckSecretCollection *self, GckSecretData *data) + self->sdata = data; + if (self->sdata) + g_object_add_weak_pointer (G_OBJECT (self->sdata), +- (gpointer*)&self->sdata); ++ (gpointer*)&(self->sdata)); + } + + static void +-- +cgit v0.8.3.1 diff --git a/gnome-keyring-2.29.90-secret-store-value-store.patch b/gnome-keyring-2.29.90-secret-store-value-store.patch new file mode 100644 index 0000000..84e9c8a --- /dev/null +++ b/gnome-keyring-2.29.90-secret-store-value-store.patch @@ -0,0 +1,33 @@ +From 912891b83b297ac6af2b62f6c1f8c31b1d3cc8bd Mon Sep 17 00:00:00 2001 +From: Stef Walter +Date: Sat, 13 Feb 2010 04:16:50 +0000 +Subject: [secret-store] Fix regression: secret value not stored properly. + +--- +diff --git a/pkcs11/secret-store/gck-secret-item.c b/pkcs11/secret-store/gck-secret-item.c +index b0c5659..5c77723 100644 +--- a/pkcs11/secret-store/gck-secret-item.c ++++ b/pkcs11/secret-store/gck-secret-item.c +@@ -141,6 +141,7 @@ factory_create_item (GckSession *session, GckTransaction *transaction, + CK_ATTRIBUTE *attr; + gboolean is_token; + gchar *identifier; ++ CK_ULONG i; + + g_return_val_if_fail (GCK_IS_TRANSACTION (transaction), NULL); + g_return_val_if_fail (attrs || !n_attrs, NULL); +@@ -175,7 +176,11 @@ factory_create_item (GckSession *session, GckTransaction *transaction, + gck_transaction_fail (transaction, CKR_TEMPLATE_INCONSISTENT); + return NULL; + } else { +- gck_attributes_consume (attrs, n_attrs, CKA_ID, G_MAXULONG); ++ gck_attributes_consume (attrs, n_attrs, CKA_ID, CKA_TOKEN, G_MAXULONG); ++ for (i = 0; i < n_attrs && !gck_transaction_get_failed (transaction); ++i) { ++ if (!gck_attribute_consumed (&attrs[i])) ++ gck_object_set_attribute (GCK_OBJECT (item), session, transaction, &attrs[i]); ++ } + return g_object_ref (item); + } + } +-- +cgit v0.8.3.1 diff --git a/gnome-keyring-2.29.90-ssh-agent-disconnect-warning.patch b/gnome-keyring-2.29.90-ssh-agent-disconnect-warning.patch new file mode 100644 index 0000000..6682a5b --- /dev/null +++ b/gnome-keyring-2.29.90-ssh-agent-disconnect-warning.patch @@ -0,0 +1,24 @@ +From 5fa82147450c0910072d9aa86e62a42a23576215 Mon Sep 17 00:00:00 2001 +From: Stef Walter +Date: Sun, 14 Feb 2010 00:22:10 +0000 +Subject: [ssh-agent] Don't raise error if ssh client disconnects early. + +--- +diff --git a/daemon/ssh-agent/gkd-ssh-agent.c b/daemon/ssh-agent/gkd-ssh-agent.c +index 7e6c801..0a851ce 100644 +--- a/daemon/ssh-agent/gkd-ssh-agent.c ++++ b/daemon/ssh-agent/gkd-ssh-agent.c +@@ -85,8 +85,9 @@ write_all (int fd, const guchar *buf, int len) + if (res <= 0) { + if (errno == EAGAIN && errno == EINTR) + continue; +- g_warning ("couldn't write %u bytes to client: %s", all, +- res < 0 ? g_strerror (errno) : ""); ++ if (errno != EPIPE) ++ g_warning ("couldn't write %u bytes to client: %s", all, ++ res < 0 ? g_strerror (errno) : ""); + return FALSE; + } else { + len -= res; +-- +cgit v0.8.3.1 diff --git a/gnome-keyring.spec b/gnome-keyring.spec index 989109f..716dc3c 100644 --- a/gnome-keyring.spec +++ b/gnome-keyring.spec @@ -8,7 +8,7 @@ Summary: Framework for managing passwords and other secrets Name: gnome-keyring Version: 2.29.90 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2+ and LGPLv2+ Group: System Environment/Libraries Source: http://download.gnome.org/sources/gnome-keyring/2.29/gnome-keyring-%{version}.tar.bz2 @@ -16,6 +16,13 @@ Source: http://download.gnome.org/sources/gnome-keyring/2.29/gnome-keyring-%{ver # http://bugzilla.redhat.com/529709 # http://bugs.gnome.org/598494 Patch3: gnome-keyring-2.28.1-nopass.patch +# from upstream +Patch4: gnome-keyring-2.29.90-secret-store-value-store.patch +Patch5: gnome-keyring-2.29.90-pkcs11-value-store.patch +Patch6: gnome-keyring-2.29.90-secret-store-bad-collection-identifier.patch +Patch7: gnome-keyring-2.29.90-ssh-agent-disconnect-warning.patch +Patch8: gnome-keyring-2.29.90-dbus-setting-NULL-default.patch +Patch9: gnome-keyring-2.29.90-secret-store-sporadic-crash.patch URL: http://www.gnome.org @@ -76,6 +83,12 @@ automatically unlock the "login" keyring when the user logs in. %prep %setup -q -n gnome-keyring-%{version} %patch3 -p1 -b .no-pass +%patch4 -p1 -b .secret-store-value-store +%patch5 -p1 -b .pkcs11-value-store +%patch6 -p1 -b .secret-store-bad-collection-identifier +%patch7 -p1 -b .ssh-agent-disconnect-warning +%patch8 -p1 -b .dbus-setting-NULL-default +%patch9 -p1 -b .secret-store-sporadic-crash %build @@ -154,6 +167,9 @@ fi %changelog +* Tue Feb 16 2010 Tomas Bzatek - 2.29.90-2 +- Backport fixes from master related to storing secret value + * Tue Feb 9 2010 Tomas Bzatek - 2.29.90-1 - Update to 2.29.90