diff --git a/gnome-keyring-2.20-selinux-pam.patch b/gnome-keyring-2.20-selinux-pam.patch deleted file mode 100644 index 23fdea8..0000000 --- a/gnome-keyring-2.20-selinux-pam.patch +++ /dev/null @@ -1,291 +0,0 @@ -diff -ur gnome-keyring-2.20.orig/daemon/gkr-daemon.c gnome-keyring-2.20/daemon/gkr-daemon.c ---- gnome-keyring-2.20.orig/daemon/gkr-daemon.c 2007-10-05 12:40:28.000000000 +0200 -+++ gnome-keyring-2.20/daemon/gkr-daemon.c 2007-10-05 12:55:26.000000000 +0200 -@@ -27,6 +27,7 @@ - #include "common/gkr-async.h" - #include "common/gkr-cleanup.h" - #include "common/gkr-unix-signal.h" -+#include "common/gkr-location.h" - - #include "keyrings/gkr-keyrings.h" - -@@ -183,6 +184,10 @@ - GIOChannel *channel; - GMainContext *ctx; - int i; -+ gboolean login; -+ char *login_password; -+ int len; -+ GkrKeyring *login_keyring; - - g_type_init (); - g_thread_init (NULL); -@@ -211,6 +216,7 @@ - - foreground = FALSE; - daemon = FALSE; -+ login = FALSE; - - if (argc > 1) { - for (i = 1; i < argc; i++) { -@@ -218,8 +224,19 @@ - foreground = TRUE; - if (strcmp (argv[i], "-d") == 0) - daemon = TRUE; -+ if (strcmp (argv[i], "--login") == 0) -+ login = TRUE; - } - } -+ -+ login_password = NULL; -+ if (login) { -+ login_password = gnome_keyring_memory_alloc (256); -+ fgets (login_password, 256, stdin); -+ len = strlen (login_password); -+ if (login_password[len-1] == '\n') -+ login_password[len-1] = 0; -+ } - - if (!foreground) { - pid = fork (); -@@ -315,6 +332,27 @@ - gkr_daemon_dbus_setup (loop, path); - #endif - -+ -+ if (login_password) { -+ login_keyring = gkr_keyrings_get_login (); -+ if (login_keyring) { -+ if (!gkr_keyring_unlock (login_keyring, -+ login_password)) { -+ g_warning ("Failed to unlock login keyring"); -+ } -+ } else { -+ login_keyring = -+ gkr_keyring_create (GKR_LOCATION_BASE_LOCAL, -+ "login", -+ login_password); -+ if (login_keyring) { -+ gkr_keyrings_add (login_keyring); -+ g_object_unref (login_keyring); -+ } -+ } -+ gnome_keyring_memory_free (login_password); -+ } -+ - g_main_loop_run (loop); - - /* Make sure no other threads are running */ -diff -ur gnome-keyring-2.20.orig/pam/gkr-pam-module.c gnome-keyring-2.20/pam/gkr-pam-module.c ---- gnome-keyring-2.20.orig/pam/gkr-pam-module.c 2007-10-05 12:40:28.000000000 +0200 -+++ gnome-keyring-2.20/pam/gkr-pam-module.c 2007-10-05 12:42:05.000000000 +0200 -@@ -249,15 +249,20 @@ - } - - static void --setup_child (int outp[2], int errp[2], struct passwd *pwd) -+setup_child (int inp[2], int outp[2], int errp[2], struct passwd *pwd, const char *password) - { -- char *args[] = { GNOME_KEYRING_DAEMON, "-d", NULL}; -- -+ char *args[] = { GNOME_KEYRING_DAEMON, "-d", "--login", NULL}; -+ - assert (pwd); - assert (pwd->pw_dir); -- -+ -+ /* If no password, don't pas in --login */ -+ if (password == NULL) -+ args[2] = NULL; -+ - /* Fix up our end of the pipes */ -- if (dup2 (outp[WRITE_END], STDOUT) < 0 || -+ if (dup2 (inp[READ_END], STDIN) < 0 || -+ dup2 (outp[WRITE_END], STDOUT) < 0 || - dup2 (errp[WRITE_END], STDERR) < 0) { - syslog (GKR_LOG_ERR, "gkr-pam: couldn't setup pipes: %s", - strerror (errno)); -@@ -265,6 +270,8 @@ - } - - /* Close unnecessary file descriptors */ -+ close (inp[READ_END]); -+ close (inp[WRITE_END]); - close (outp[READ_END]); - close (outp[WRITE_END]); - close (errp[READ_END]); -@@ -348,9 +355,10 @@ - } - - static int --start_daemon (pam_handle_t *ph, struct passwd *pwd) -+start_daemon (pam_handle_t *ph, struct passwd *pwd, const char *password) - { - struct sigaction defsact, oldsact; -+ int inp[2] = { -1, -1 }; - int outp[2] = { -1, -1 }; - int errp[2] = { -1, -1 }; - int ret = PAM_SERVICE_ERR; -@@ -372,7 +380,7 @@ - sigaction (SIGCHLD, &defsact, &oldsact); - - /* Create the necessary pipes */ -- if (pipe (outp) < 0 || pipe (errp) < 0) { -+ if (pipe (inp) < 0 || pipe (outp) < 0 || pipe (errp) < 0) { - syslog (GKR_LOG_ERR, "gkr-pam: couldn't create pipes: %s", - strerror (errno)); - goto done; -@@ -387,7 +395,7 @@ - - /* This is the child */ - case 0: -- setup_child (outp, errp, pwd); -+ setup_child (inp, outp, errp, pwd, password); - /* Should never be reached */ - break; - -@@ -397,9 +405,16 @@ - }; - - /* Close our unneeded ends of the pipes */ -+ close (inp[READ_END]); - close (outp[WRITE_END]); - close (errp[WRITE_END]); -- outp[WRITE_END] = errp[WRITE_END] = -1; -+ inp[READ_END] = outp[WRITE_END] = errp[WRITE_END] = -1; -+ -+ if (password) { -+ /* Write the login keyring password */ -+ write (inp[WRITE_END], password, strlen (password)); -+ write (inp[WRITE_END], "\n", 1); -+ } - - /* - * Note that we're not using select() or any such. We know how the -@@ -438,6 +453,8 @@ - /* Restore old handler */ - sigaction (SIGCHLD, &oldsact, NULL); - -+ close_safe (inp[0]); -+ close_safe (inp[1]); - close_safe (outp[0]); - close_safe (outp[1]); - close_safe (errp[0]); -@@ -450,7 +467,7 @@ - } - - static int --start_daemon_if_necessary (pam_handle_t *ph, struct passwd *pwd) -+start_daemon_if_necessary (pam_handle_t *ph, struct passwd *pwd, const char *password) - { - const char *socket; - int ret; -@@ -470,7 +487,7 @@ - } - - /* Not running, start process */ -- return start_daemon (ph, pwd); -+ return start_daemon (ph, pwd, password); - } - - static int -@@ -691,6 +708,7 @@ - struct passwd *pwd; - const char *user, *password; - const char *socket; -+ int started_daemon; - uint args; - int ret; - -@@ -728,9 +746,11 @@ - } - - -+ started_daemon = 0; - /* Should we start the daemon? */ - if (args & ARG_AUTO_START) { -- ret = start_daemon_if_necessary (ph, pwd); -+ started_daemon = 1; -+ ret = start_daemon_if_necessary (ph, pwd, password); - if (ret != PAM_SUCCESS) - return ret; - } -@@ -739,10 +759,12 @@ - - /* If gnome keyring is running, then unlock now */ - if (socket) { -- ret = unlock_keyring (ph, pwd, password); -- if (ret != PAM_SUCCESS) -- return ret; -- -+ /* If we started the daemon, its already unlocked, since we passed the password */ -+ if (!started_daemon) { -+ ret = unlock_keyring (ph, pwd, password); -+ if (ret != PAM_SUCCESS) -+ return ret; -+ } - /* Otherwise start in open session, store password */ - } else { - if (pam_set_data (ph, "gkr_system_authtok", strdup (password), -@@ -762,6 +784,7 @@ - struct passwd *pwd; - int ret; - uint args = parse_args (argc, argv); -+ int started_daemon; - - /* Figure out the user name */ - ret = pam_get_user (ph, &user, NULL); -@@ -777,29 +800,32 @@ - return PAM_SERVICE_ERR; - } - -- /* Should we start the daemon? */ -- if (args & ARG_AUTO_START) { -- ret = start_daemon_if_necessary (ph, pwd); -- if (ret != PAM_SUCCESS) -- return ret; -- } -- - /* Get the stored authtok here */ - if (pam_get_data (ph, "gkr_system_authtok", (const void**)&password) != PAM_SUCCESS) { -- - /* - * No password, no worries, maybe this (PAM using) application - * didn't do authentication, or is hopeless and wants to call - * different PAM callbacks from different processes. - * - * No use complaining -- */ -- return PAM_SUCCESS; -+ */ -+ password = NULL; - } - -- if (unlock_keyring (ph, pwd, password) != PAM_SUCCESS) -- return PAM_SERVICE_ERR; -+ started_daemon = 0; -+ /* Should we start the daemon? */ -+ if (args & ARG_AUTO_START) { -+ started_daemon = 1; -+ ret = start_daemon_if_necessary (ph, pwd, password); -+ if (ret != PAM_SUCCESS) -+ return ret; -+ } - -+ if (!started_daemon && password != NULL) { -+ if (unlock_keyring (ph, pwd, password) != PAM_SUCCESS) -+ return PAM_SERVICE_ERR; -+ } -+ - return PAM_SUCCESS; - } - -@@ -897,7 +923,7 @@ - * argument. Because if the password is being changed, then making - * the 'login' keyring match it is a priority. - */ -- ret = start_daemon_if_necessary (ph, pwd); -+ ret = start_daemon_if_necessary (ph, pwd, original); - if (ret != PAM_SUCCESS) - return ret; - diff --git a/gnome-keyring-2.21.5-dont-ask-for-password.patch b/gnome-keyring-2.21.5-dont-ask-for-password.patch deleted file mode 100644 index 91af291..0000000 --- a/gnome-keyring-2.21.5-dont-ask-for-password.patch +++ /dev/null @@ -1,24 +0,0 @@ -diff -up gnome-keyring-2.21.5/pam/gkr-pam-module.c.dont-ask-for-password gnome-keyring-2.21.5/pam/gkr-pam-module.c ---- gnome-keyring-2.21.5/pam/gkr-pam-module.c.dont-ask-for-password 2007-12-01 16:28:35.000000000 -0500 -+++ gnome-keyring-2.21.5/pam/gkr-pam-module.c 2008-02-06 14:02:16.000000000 -0500 -@@ -776,6 +776,7 @@ pam_sm_authenticate (pam_handle_t *ph, i - /* Look up the password */ - ret = pam_get_item (ph, PAM_AUTHTOK, (const void**)&password); - if (ret != PAM_SUCCESS || password == NULL) { -+#ifdef GKR_SHOULD_WRONGLY_ASK_FOR_PASSWORD - ret = prompt_password (ph); - if (ret != PAM_SUCCESS) { - syslog (GKR_LOG_ERR, "gkr-pam: couldn't get the password from user: %s", -@@ -788,9 +789,11 @@ pam_sm_authenticate (pam_handle_t *ph, i - ret == PAM_SUCCESS ? "password was null" : pam_strerror (ph, ret)); - return PAM_AUTHTOK_RECOVER_ERR; - } -+#else -+ return PAM_SUCCESS; -+#endif - } - -- - started_daemon = 0; - - /* Should we start the daemon? */ diff --git a/gnome-keyring-2.21.5-race-condition.patch b/gnome-keyring-2.21.5-race-condition.patch deleted file mode 100644 index f602ef5..0000000 --- a/gnome-keyring-2.21.5-race-condition.patch +++ /dev/null @@ -1,49 +0,0 @@ -diff -up gnome-keyring-2.21.5/common/gkr-async.c.race-condition gnome-keyring-2.21.5/common/gkr-async.c ---- gnome-keyring-2.21.5/common/gkr-async.c.race-condition 2008-01-11 10:48:00.000000000 -0500 -+++ gnome-keyring-2.21.5/common/gkr-async.c 2008-01-21 15:09:51.000000000 -0500 -@@ -34,6 +34,10 @@ - - #define DEBUG_LOCKS 0 - -+/* -+ * See comments on async_poll_func() on the order of the various -+ * gets and sets of waiting_on_* flags. -+ */ - #if DEBUG_LOCKS - #define DO_LOCK(mtx) G_STMT_START { \ - g_printerr ("%s LOCK %s\n", __func__, G_STRINGIFY(mtx)); \ -@@ -93,8 +97,18 @@ async_poll_func (GPollFD *ufds, guint nf - gint ret; - - g_assert (orig_poll_func); -+ -+ /* -+ * These two atomic variables are interlocked in the -+ * opposite order from those in DO_LOCK which prevents -+ * race conditions in the if statements. -+ */ - g_atomic_int_set (&waiting_on_poll, 1); -+ if (g_atomic_int_get (&waiting_on_lock)) -+ timeout = 0; -+ - ret = (orig_poll_func) (ufds, nfsd, timeout); -+ - g_atomic_int_set (&waiting_on_poll, 0); - - if (done_queue && !g_queue_is_empty (done_queue)) -@@ -314,7 +328,6 @@ cleanup_done_thread (gpointer message, g - running_workers = NULL; - - g_assert (main_loop); -- gkr_wakeup_register (g_main_loop_get_context (main_loop)); - return FALSE; - } - -@@ -346,7 +359,6 @@ gkr_async_worker_start (GThreadFunc func - - if (!done_queue) { - g_assert (main_loop); -- gkr_wakeup_register (g_main_loop_get_context (main_loop)); - - done_queue = g_queue_new (); - g_assert (!running_workers); diff --git a/gnome-keyring-no-human-security.patch b/gnome-keyring-no-human-security.patch deleted file mode 100644 index 247b9b0..0000000 --- a/gnome-keyring-no-human-security.patch +++ /dev/null @@ -1,59 +0,0 @@ -Index: configure.in -=================================================================== ---- configure.in (revision 1140) -+++ configure.in (working copy) -@@ -297,6 +297,17 @@ - fi - fi - -+# -------------------------------------------------------------------- -+# Mess with this if you want to cause user confusion -+ -+AC_ARG_ENABLE(unreliable-human-guesswork-security, -+ AC_HELP_STRING([--enable-unreliable-human-guesswork-security], -+ [Enable if you want to ask users incomprehensible questions])) -+ -+if test x"$enable_unreliable_human_guesswork_security" == x"yes"; then -+ AC_DEFINE(ENABLE_UNRELIABLE_HUMAN_GUESSWORK_SECURITY, 1, [Whether to ask users incomprehensible questions]) -+fi -+ - AC_ARG_WITH([pam-dir], - [AC_HELP_STRING([--with-pam-dir=DIR], - [directory to install pam modules in])], -Index: daemon/gkr-daemon-ops.c -=================================================================== ---- daemon/gkr-daemon-ops.c (revision 1140) -+++ daemon/gkr-daemon-ops.c (working copy) -@@ -145,6 +145,7 @@ - } - } - -+#ifdef ENABLE_UNRELIABLE_HUMAN_GUESSWORK_SECURITY - static guint - check_acl_ask_request (GkrAskRequest* ask, GnomeKeyringApplicationRef *app) - { -@@ -198,11 +199,16 @@ - /* Continue with prompting */ - return GKR_ASK_DONT_CARE; - } -+#endif - - static gboolean - request_item_access (GkrKeyringRequest *req, GkrKeyringItem *item, - GnomeKeyringAccessType access_type, gboolean secret) - { -+/* Asking general users this kind of question simply does not work. */ -+#ifndef ENABLE_UNRELIABLE_HUMAN_GUESSWORK_SECURITY -+ return TRUE; -+#else - GnomeKeyringApplicationRef *app = req->app_ref; - const gchar *keyring_name = NULL; - GkrAskRequest *ask; -@@ -279,6 +285,7 @@ - g_object_unref (ask); - - return ret; -+#endif - } - - static gboolean diff --git a/gnome-keyring.spec b/gnome-keyring.spec index 277361f..99dc83d 100644 --- a/gnome-keyring.spec +++ b/gnome-keyring.spec @@ -12,8 +12,6 @@ Release: 1%{?dist} License: GPLv2+ and LGPLv2+ Group: System Environment/Libraries Source: http://download.gnome.org/sources/gnome-keyring/2.22/gnome-keyring-%{version}.tar.bz2 -# http://bugzilla.gnome.org/show_bug.cgi?id=533493 -Patch0: gnome-keyring-no-human-security.patch URL: http://www.gnome.org BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: glib2-devel >= %{glib2_version} @@ -69,13 +67,12 @@ and start the keyring daemon. %prep %setup -q -n gnome-keyring-%{version} -%patch0 -p0 -b .no-human-security %build aclocal automake autoconf -%configure --disable-gtk-doc --with-pam-dir=/%{_lib}/security +%configure --disable-gtk-doc --with-pam-dir=/%{_lib}/security --disable-acl-prompts make %{?_smp_mflags} %install diff --git a/no-autounlock.patch b/no-autounlock.patch deleted file mode 100644 index d45762e..0000000 --- a/no-autounlock.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff -up gnome-keyring-2.20.1/daemon/gkr-daemon-ops.c.no-autounlock gnome-keyring-2.20.1/daemon/gkr-daemon-ops.c ---- gnome-keyring-2.20.1/daemon/gkr-daemon-ops.c.no-autounlock 2007-10-25 05:08:58.000000000 -0400 -+++ gnome-keyring-2.20.1/daemon/gkr-daemon-ops.c 2007-10-25 05:12:27.000000000 -0400 -@@ -503,8 +503,11 @@ request_keyring_access (GkrKeyringReques - * to unlock automatically next time. - */ - login = gkr_keyrings_get_login (); -+#if 0 -+/* autounlock does not currently work, see https://bugzilla.redhat.com/buglist.cgi?bug_id=250147,312531 */ - if (login && login != keyring) - gkr_ask_request_set_check_option (ask, _("Automatically unlock this keyring when I log in.")); -+#endif - - /* Intercept item access requests to see if we still need to prompt */ - g_signal_connect (ask, "check-request", G_CALLBACK (check_keyring_ask_request), NULL);