Merged update from upstream sources

This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/gnome-keyring.git#84071064fd8595fb66c01432ec906c9a0256b4c8
2021-03-28 20:10:39 +00:00 · 2021-03-28 20:10:39 +00:00 · 4ace86f3e1
commit 4ace86f3e1
parent 9fc4059e0e
4 changed files with 9 additions and 93 deletions
--- a/.gitignore
+++ b/.gitignore
@ -76,3 +76,4 @@ gnome-keyring-2.31.4.tar.bz2
 /gnome-keyring-3.35.1.tar.xz
 /gnome-keyring-3.35.90.tar.xz
 /gnome-keyring-3.36.0.tar.xz
+/gnome-keyring-40.0.tar.xz
--- a/gnome-keyring-3.36.0-capng.patch
+++ b/gnome-keyring-3.36.0-capng.patch
@ -1,86 +0,0 @@
-diff -urp gnome-keyring-3.36.0.orig/daemon/gkd-capability.c gnome-keyring-3.36.0/daemon/gkd-capability.c
--- gnome-keyring-3.36.0.orig/daemon/gkd-capability.c	2018-06-25 00:15:03.000000000 -0400
-+++ gnome-keyring-3.36.0/daemon/gkd-capability.c	2020-10-16 11:33:02.244614471 -0400
-@@ -1,7 +1,7 @@
- /* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 8; tab-width: 8 -*- */
- /* gkd-capability.c - the security-critical initial phase of the daemon
-  *
- * Copyright (C) 2011 Steve Grubb
-+ * Copyright (C) 2011,2020 Steve Grubb
-  *
-  * This program is free software; you can redistribute it and/or modify
-  * it under the terms of the GNU Lesser General Public License as
-@@ -35,9 +35,10 @@
- 
- /* No logging, no gettext */
- static void
-early_error (const char *err_string)
-+early_error (const char *err_string, int rc)
- {
-	fprintf (stderr, "gnome-keyring-daemon: %s, aborting\n", err_string);
-+	fprintf (stderr, "gnome-keyring-daemon: %s - %d, aborting\n",
-+		err_string, rc);
- 	exit (1);
- }
- 
-@@ -64,6 +65,8 @@ void
- gkd_capability_obtain_capability_and_drop_privileges (void)
- {
- #ifdef HAVE_LIBCAPNG
-+	int rc;
-+
- 	capng_get_caps_process ();
- 	switch (capng_have_capabilities (CAPNG_SELECT_CAPS))
- 	{
-@@ -73,32 +76,35 @@ gkd_capability_obtain_capability_and_dro
- 			capng_update (CAPNG_ADD,
- 					CAPNG_EFFECTIVE|CAPNG_PERMITTED,
- 					CAP_IPC_LOCK);
-			if (capng_change_id (getuid (), getgid (), 0))
-				early_error ("failed dropping capabilities");
-+			if ((rc = capng_change_id (getuid (), getgid (),
-+						   CAPNG_DROP_SUPP_GRP|
-+						   CAPNG_CLEAR_BOUNDING)))
-+				early_error ("failed dropping capabilities",
-+					     rc);
- 			break;
- 		case CAPNG_FAIL:
-			early_error ("error getting process capabilities");
-+			early_error ("error getting process capabilities", 0);
- 			break;
- 		case CAPNG_NONE:
- 			early_warning ("insufficient process capabilities, insecure memory might get used");
- 			break;
- 		case CAPNG_PARTIAL: /* File system based capabilities */
-			if (!capng_have_capability (CAPNG_EFFECTIVE, CAP_IPC_LOCK)) {
-+			if (!capng_have_capability (CAPNG_EFFECTIVE,
-+							    CAP_IPC_LOCK))
- 				early_warning ("insufficient process capabilities, insecure memory might get used");
-				/* Drop all capabilities */
-+
-+			/* If we don't have CAP_SETPCAP, we can't do anything */
-+			if (capng_have_capability (CAPNG_EFFECTIVE,
-+								CAP_SETPCAP)) {
-+				 /* Drop all capabilities except ipc_lock */
- 				capng_clear (CAPNG_SELECT_BOTH);
-				capng_apply (CAPNG_SELECT_BOTH);
-				break;
-+				if ((rc = capng_update (CAPNG_ADD,
-+						CAPNG_EFFECTIVE|CAPNG_PERMITTED,
-+						CAP_IPC_LOCK)) != 0)
-+					early_error ("error updating process capabilities", rc);
-+				if ((rc = capng_apply (CAPNG_SELECT_BOTH)) != 0)
-+					early_error ("error dropping process capabilities", rc);
- 			}
-
-			/* Drop all capabilities except ipc_lock */
-			capng_clear (CAPNG_SELECT_BOTH);
-			if (capng_update (CAPNG_ADD,
-					  CAPNG_EFFECTIVE|CAPNG_PERMITTED,
-					  CAP_IPC_LOCK) != 0)
-				early_error ("error dropping process capabilities");
-			if (capng_apply (CAPNG_SELECT_BOTH) != 0)
-				early_error ("error dropping process capabilities");
- 			break;
- 	}
- #endif /* HAVE_LIBCAPNG */
--- a/gnome-keyring.spec
+++ b/gnome-keyring.spec
@ -3,22 +3,20 @@
 %global gcrypt_version 1.2.2

 Name: gnome-keyring
-Version: 3.36.0
-Release: 6%{?dist}
+Version: 40.0
+Release: 1%{?dist}
 Summary: Framework for managing passwords and other secrets

 License: GPLv2+ and LGPLv2+
 URL:     https://wiki.gnome.org/Projects/GnomeKeyring
-Source0: https://download.gnome.org/sources/%{name}/3.36/%{name}-%{version}.tar.xz
-# https://bugzilla.redhat.com/show_bug.cgi?id=1888978
-Patch0:  gnome-keyring-3.36.0-capng.patch
+Source0: https://download.gnome.org/sources/%{name}/40/%{name}-%{version}.tar.xz

-BuildRequires:  gcc
 BuildRequires: pkgconfig(gcr-3) >= %{gcr_version}
 BuildRequires: pkgconfig(glib-2.0) >= %{glib2_version}
 BuildRequires: pkgconfig(p11-kit-1)
 BuildRequires: docbook-dtds
 BuildRequires: docbook-style-xsl
+BuildRequires: gcc
 BuildRequires: gettext
 BuildRequires: intltool
 BuildRequires: libcap-ng-devel
@ -107,6 +105,9 @@ rm $RPM_BUILD_ROOT%{_libdir}/gnome-keyring/devel/*.la


 %changelog
+* Fri Mar 26 2021 Kalev Lember <klember@redhat.com> - 40.0-1
+- Update to 40.0
+
 * Fri Mar 05 2021 David King <amigadave@amigadave.com> - 3.36.0-6
 - Apply upstream patch to fix capng usage (#1888978)

--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (gnome-keyring-3.36.0.tar.xz) = e5aed36ad109cbd2dcb534843f8565829366acc955cadc6e9bbe87ebbb6a8a907211aa3a42f7f26148ac69726af2f9238965707d1259319435bd20aa8c4859ed
+SHA512 (gnome-keyring-40.0.tar.xz) = c9cb0dca8c46ee712200c96c20663a8d5cd39f07801a04e1afca26550a04af6cb369b53a1f29638bf4c8a29f418a69f565befcf4d08df5b0d30fb31894ecf95e