Update to 40.0
This commit is contained in:
parent
657c90b7b5
commit
3949a3b1a1
1
.gitignore
vendored
1
.gitignore
vendored
@ -76,3 +76,4 @@ gnome-keyring-2.31.4.tar.bz2
|
|||||||
/gnome-keyring-3.35.1.tar.xz
|
/gnome-keyring-3.35.1.tar.xz
|
||||||
/gnome-keyring-3.35.90.tar.xz
|
/gnome-keyring-3.35.90.tar.xz
|
||||||
/gnome-keyring-3.36.0.tar.xz
|
/gnome-keyring-3.36.0.tar.xz
|
||||||
|
/gnome-keyring-40.0.tar.xz
|
||||||
|
@ -1,86 +0,0 @@
|
|||||||
diff -urp gnome-keyring-3.36.0.orig/daemon/gkd-capability.c gnome-keyring-3.36.0/daemon/gkd-capability.c
|
|
||||||
--- gnome-keyring-3.36.0.orig/daemon/gkd-capability.c 2018-06-25 00:15:03.000000000 -0400
|
|
||||||
+++ gnome-keyring-3.36.0/daemon/gkd-capability.c 2020-10-16 11:33:02.244614471 -0400
|
|
||||||
@@ -1,7 +1,7 @@
|
|
||||||
/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 8; tab-width: 8 -*- */
|
|
||||||
/* gkd-capability.c - the security-critical initial phase of the daemon
|
|
||||||
*
|
|
||||||
- * Copyright (C) 2011 Steve Grubb
|
|
||||||
+ * Copyright (C) 2011,2020 Steve Grubb
|
|
||||||
*
|
|
||||||
* This program is free software; you can redistribute it and/or modify
|
|
||||||
* it under the terms of the GNU Lesser General Public License as
|
|
||||||
@@ -35,9 +35,10 @@
|
|
||||||
|
|
||||||
/* No logging, no gettext */
|
|
||||||
static void
|
|
||||||
-early_error (const char *err_string)
|
|
||||||
+early_error (const char *err_string, int rc)
|
|
||||||
{
|
|
||||||
- fprintf (stderr, "gnome-keyring-daemon: %s, aborting\n", err_string);
|
|
||||||
+ fprintf (stderr, "gnome-keyring-daemon: %s - %d, aborting\n",
|
|
||||||
+ err_string, rc);
|
|
||||||
exit (1);
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -64,6 +65,8 @@ void
|
|
||||||
gkd_capability_obtain_capability_and_drop_privileges (void)
|
|
||||||
{
|
|
||||||
#ifdef HAVE_LIBCAPNG
|
|
||||||
+ int rc;
|
|
||||||
+
|
|
||||||
capng_get_caps_process ();
|
|
||||||
switch (capng_have_capabilities (CAPNG_SELECT_CAPS))
|
|
||||||
{
|
|
||||||
@@ -73,32 +76,35 @@ gkd_capability_obtain_capability_and_dro
|
|
||||||
capng_update (CAPNG_ADD,
|
|
||||||
CAPNG_EFFECTIVE|CAPNG_PERMITTED,
|
|
||||||
CAP_IPC_LOCK);
|
|
||||||
- if (capng_change_id (getuid (), getgid (), 0))
|
|
||||||
- early_error ("failed dropping capabilities");
|
|
||||||
+ if ((rc = capng_change_id (getuid (), getgid (),
|
|
||||||
+ CAPNG_DROP_SUPP_GRP|
|
|
||||||
+ CAPNG_CLEAR_BOUNDING)))
|
|
||||||
+ early_error ("failed dropping capabilities",
|
|
||||||
+ rc);
|
|
||||||
break;
|
|
||||||
case CAPNG_FAIL:
|
|
||||||
- early_error ("error getting process capabilities");
|
|
||||||
+ early_error ("error getting process capabilities", 0);
|
|
||||||
break;
|
|
||||||
case CAPNG_NONE:
|
|
||||||
early_warning ("insufficient process capabilities, insecure memory might get used");
|
|
||||||
break;
|
|
||||||
case CAPNG_PARTIAL: /* File system based capabilities */
|
|
||||||
- if (!capng_have_capability (CAPNG_EFFECTIVE, CAP_IPC_LOCK)) {
|
|
||||||
+ if (!capng_have_capability (CAPNG_EFFECTIVE,
|
|
||||||
+ CAP_IPC_LOCK))
|
|
||||||
early_warning ("insufficient process capabilities, insecure memory might get used");
|
|
||||||
- /* Drop all capabilities */
|
|
||||||
+
|
|
||||||
+ /* If we don't have CAP_SETPCAP, we can't do anything */
|
|
||||||
+ if (capng_have_capability (CAPNG_EFFECTIVE,
|
|
||||||
+ CAP_SETPCAP)) {
|
|
||||||
+ /* Drop all capabilities except ipc_lock */
|
|
||||||
capng_clear (CAPNG_SELECT_BOTH);
|
|
||||||
- capng_apply (CAPNG_SELECT_BOTH);
|
|
||||||
- break;
|
|
||||||
+ if ((rc = capng_update (CAPNG_ADD,
|
|
||||||
+ CAPNG_EFFECTIVE|CAPNG_PERMITTED,
|
|
||||||
+ CAP_IPC_LOCK)) != 0)
|
|
||||||
+ early_error ("error updating process capabilities", rc);
|
|
||||||
+ if ((rc = capng_apply (CAPNG_SELECT_BOTH)) != 0)
|
|
||||||
+ early_error ("error dropping process capabilities", rc);
|
|
||||||
}
|
|
||||||
-
|
|
||||||
- /* Drop all capabilities except ipc_lock */
|
|
||||||
- capng_clear (CAPNG_SELECT_BOTH);
|
|
||||||
- if (capng_update (CAPNG_ADD,
|
|
||||||
- CAPNG_EFFECTIVE|CAPNG_PERMITTED,
|
|
||||||
- CAP_IPC_LOCK) != 0)
|
|
||||||
- early_error ("error dropping process capabilities");
|
|
||||||
- if (capng_apply (CAPNG_SELECT_BOTH) != 0)
|
|
||||||
- early_error ("error dropping process capabilities");
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
#endif /* HAVE_LIBCAPNG */
|
|
@ -3,15 +3,13 @@
|
|||||||
%global gcrypt_version 1.2.2
|
%global gcrypt_version 1.2.2
|
||||||
|
|
||||||
Name: gnome-keyring
|
Name: gnome-keyring
|
||||||
Version: 3.36.0
|
Version: 40.0
|
||||||
Release: 6%{?dist}
|
Release: 1%{?dist}
|
||||||
Summary: Framework for managing passwords and other secrets
|
Summary: Framework for managing passwords and other secrets
|
||||||
|
|
||||||
License: GPLv2+ and LGPLv2+
|
License: GPLv2+ and LGPLv2+
|
||||||
URL: https://wiki.gnome.org/Projects/GnomeKeyring
|
URL: https://wiki.gnome.org/Projects/GnomeKeyring
|
||||||
Source0: https://download.gnome.org/sources/%{name}/3.36/%{name}-%{version}.tar.xz
|
Source0: https://download.gnome.org/sources/%{name}/40/%{name}-%{version}.tar.xz
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1888978
|
|
||||||
Patch0: gnome-keyring-3.36.0-capng.patch
|
|
||||||
|
|
||||||
BuildRequires: gcc
|
BuildRequires: gcc
|
||||||
BuildRequires: pkgconfig(gcr-3) >= %{gcr_version}
|
BuildRequires: pkgconfig(gcr-3) >= %{gcr_version}
|
||||||
@ -107,6 +105,9 @@ rm $RPM_BUILD_ROOT%{_libdir}/gnome-keyring/devel/*.la
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Mar 26 2021 Kalev Lember <klember@redhat.com> - 40.0-1
|
||||||
|
- Update to 40.0
|
||||||
|
|
||||||
* Fri Mar 05 2021 David King <amigadave@amigadave.com> - 3.36.0-6
|
* Fri Mar 05 2021 David King <amigadave@amigadave.com> - 3.36.0-6
|
||||||
- Apply upstream patch to fix capng usage (#1888978)
|
- Apply upstream patch to fix capng usage (#1888978)
|
||||||
|
|
||||||
|
2
sources
2
sources
@ -1 +1 @@
|
|||||||
SHA512 (gnome-keyring-3.36.0.tar.xz) = e5aed36ad109cbd2dcb534843f8565829366acc955cadc6e9bbe87ebbb6a8a907211aa3a42f7f26148ac69726af2f9238965707d1259319435bd20aa8c4859ed
|
SHA512 (gnome-keyring-40.0.tar.xz) = c9cb0dca8c46ee712200c96c20663a8d5cd39f07801a04e1afca26550a04af6cb369b53a1f29638bf4c8a29f418a69f565befcf4d08df5b0d30fb31894ecf95e
|
||||||
|
Loading…
Reference in New Issue
Block a user