- Backport fixes from master related to storing secret value

gnome-keyring-2.29.90-dbus-setting-NULL-default.patch

@@ -0,0 +1,19 @@
+From 6bd4a868bba97d0142b6254784937f8ffe4fc89c Mon Sep 17 00:00:00 2001
+From: Stef Walter <stef@memberwebs.com>
+Date: Sun, 14 Feb 2010 04:09:25 +0000
+Subject: [dbus] Fix error when setting default keyring to NULL.
+
+---
+diff --git a/daemon/dbus/gkd-secret-objects.c b/daemon/dbus/gkd-secret-objects.c
+index c19bd50..d2f52eb 100644
+--- a/daemon/dbus/gkd-secret-objects.c
++++ b/daemon/dbus/gkd-secret-objects.c
+@@ -1328,6 +1328,5 @@ gkd_secret_objects_set_alias (GkdSecretObjects *self, const gchar *alias,
+ {
+ 	g_return_if_fail (GKD_SECRET_IS_OBJECTS (self));
+ 	g_return_if_fail (alias);
+-	g_return_if_fail (identifier);
+ 	g_hash_table_replace (self->aliases, g_strdup (alias), g_strdup (identifier));
+ }
+--
+cgit v0.8.3.1

gnome-keyring-2.29.90-pkcs11-value-store.patch

@@ -0,0 +1,249 @@
+From 9a271ef0518949f06fb5132ecad1ed93bcf4f72c Mon Sep 17 00:00:00 2001
+From: Stef Walter <stef@memberwebs.com>
+Date: Sat, 13 Feb 2010 23:43:35 +0000
+Subject: [pkcs11] Fix problem with not storing secret value properly.
+
+If a new object was not created, such as when unwrapping a
+secret item, then the attributes set were not stored properly.
+---
+diff --git a/pkcs11/gck/gck-aes-key.c b/pkcs11/gck/gck-aes-key.c
+index 6274703..14d11e5 100644
+--- a/pkcs11/gck/gck-aes-key.c
++++ b/pkcs11/gck/gck-aes-key.c
+@@ -129,7 +129,8 @@ factory_create_aes_key (GckSession *session, GckTransaction *transaction,
+ 
+ 	gck_attribute_consume (value);
+ 
+-	gck_session_complete_object_creation (session, transaction, GCK_OBJECT (key), attrs, n_attrs);
++	gck_session_complete_object_creation (session, transaction, GCK_OBJECT (key),
++	                                      TRUE, attrs, n_attrs);
+ 	return GCK_OBJECT (key);
+ }
+ 
+diff --git a/pkcs11/gck/gck-certificate.c b/pkcs11/gck/gck-certificate.c
+index 4761731..d547b26 100644
+--- a/pkcs11/gck/gck-certificate.c
++++ b/pkcs11/gck/gck-certificate.c
+@@ -275,7 +275,8 @@ factory_create_certificate (GckSession *session, GckTransaction *transaction,
+ 	/* Note that we ignore the subject */
+  	gck_attributes_consume (attrs, n_attrs, CKA_VALUE, CKA_SUBJECT, G_MAXULONG);
+ 
+-	gck_session_complete_object_creation (session, transaction, GCK_OBJECT (cert), attrs, n_attrs);
++	gck_session_complete_object_creation (session, transaction, GCK_OBJECT (cert),
++	                                      TRUE, attrs, n_attrs);
+ 	return GCK_OBJECT (cert);
+ }
+ 
+diff --git a/pkcs11/gck/gck-credential.c b/pkcs11/gck/gck-credential.c
+index 74ce3e6..e3a6d58 100644
+--- a/pkcs11/gck/gck-credential.c
++++ b/pkcs11/gck/gck-credential.c
+@@ -93,7 +93,8 @@ factory_create_credential (GckSession *session, GckTransaction *transaction,
+ 	                            attr ? attr->ulValueLen : 0, &cred);
+ 
+ 	if (rv == CKR_OK) {
+-		gck_session_complete_object_creation (session, transaction, GCK_OBJECT (cred), attrs, n_attrs);
++		gck_session_complete_object_creation (session, transaction, GCK_OBJECT (cred),
++		                                      TRUE, attrs, n_attrs);
+ 		return GCK_OBJECT (cred);
+ 	} else {
+ 		gck_transaction_fail (transaction, rv);
+diff --git a/pkcs11/gck/gck-dh-private-key.c b/pkcs11/gck/gck-dh-private-key.c
+index 72af177..278dea0 100644
+--- a/pkcs11/gck/gck-dh-private-key.c
++++ b/pkcs11/gck/gck-dh-private-key.c
+@@ -72,7 +72,8 @@ factory_create_dh_private_key (GckSession *session, GckTransaction *transaction,
+ 	                                            idattr ? idattr->ulValueLen : 0));
+ 	gck_attributes_consume (attrs, n_attrs, CKA_PRIME, CKA_BASE, CKA_VALUE, G_MAXULONG);
+ 
+-	gck_session_complete_object_creation (session, transaction, object, attrs, n_attrs);
++	gck_session_complete_object_creation (session, transaction, object,
++	                                      TRUE, attrs, n_attrs);
+ 	return object;
+ }
+ 
+diff --git a/pkcs11/gck/gck-dh-public-key.c b/pkcs11/gck/gck-dh-public-key.c
+index d6f5284..be0bb25 100644
+--- a/pkcs11/gck/gck-dh-public-key.c
++++ b/pkcs11/gck/gck-dh-public-key.c
+@@ -72,7 +72,8 @@ factory_create_dh_public_key (GckSession *session, GckTransaction *transaction,
+ 	                                            idattr ? idattr->ulValueLen : 0));
+ 	gck_attributes_consume (attrs, n_attrs, CKA_PRIME, CKA_BASE, CKA_VALUE, G_MAXULONG);
+ 
+-	gck_session_complete_object_creation (session, transaction, object, attrs, n_attrs);
++	gck_session_complete_object_creation (session, transaction, object,
++	                                      TRUE, attrs, n_attrs);
+ 	return object;
+ }
+ 
+diff --git a/pkcs11/gck/gck-null-key.c b/pkcs11/gck/gck-null-key.c
+index 7bb912d..75d8b76 100644
+--- a/pkcs11/gck/gck-null-key.c
++++ b/pkcs11/gck/gck-null-key.c
+@@ -53,7 +53,8 @@ factory_create_null_key (GckSession *session, GckTransaction *transaction,
+ 	                    "manager", manager,
+ 	                    NULL);
+ 
+-	gck_session_complete_object_creation (session, transaction, GCK_OBJECT (key), attrs, n_attrs);
++	gck_session_complete_object_creation (session, transaction, GCK_OBJECT (key),
++	                                      TRUE, attrs, n_attrs);
+ 	return GCK_OBJECT (key);
+ }
+ 
+diff --git a/pkcs11/gck/gck-private-xsa-key.c b/pkcs11/gck/gck-private-xsa-key.c
+index 5940309..4c2704a 100644
+--- a/pkcs11/gck/gck-private-xsa-key.c
++++ b/pkcs11/gck/gck-private-xsa-key.c
+@@ -163,7 +163,8 @@ factory_create_private_xsa_key (GckSession *session, GckTransaction *transaction
+ 	                    NULL);
+ 	key->pv->sexp = sexp;
+ 
+-	gck_session_complete_object_creation (session, transaction, GCK_OBJECT (key), attrs, n_attrs);
++	gck_session_complete_object_creation (session, transaction, GCK_OBJECT (key),
++	                                      TRUE, attrs, n_attrs);
+ 	return GCK_OBJECT (key);
+ }
+ 
+diff --git a/pkcs11/gck/gck-public-xsa-key.c b/pkcs11/gck/gck-public-xsa-key.c
+index e6f3eb9..f28d56a 100644
+--- a/pkcs11/gck/gck-public-xsa-key.c
++++ b/pkcs11/gck/gck-public-xsa-key.c
+@@ -155,7 +155,8 @@ factory_create_public_xsa_key (GckSession *session, GckTransaction *transaction,
+ 		                       "manager", gck_manager_for_template (attrs, n_attrs, session),
+ 		                       NULL);
+ 		gck_sexp_unref (sexp);
+-		gck_session_complete_object_creation (session, transaction, object, attrs, n_attrs);
++		gck_session_complete_object_creation (session, transaction, object,
++		                                      TRUE, attrs, n_attrs);
+ 	}
+ 
+ 	return object;
+diff --git a/pkcs11/gck/gck-session.c b/pkcs11/gck/gck-session.c
+index 1389d7d..d2f0ae4 100644
+--- a/pkcs11/gck/gck-session.c
++++ b/pkcs11/gck/gck-session.c
+@@ -836,8 +836,8 @@ gck_session_create_object_for_attributes (GckSession *self, GckTransaction *tran
+ }
+ 
+ void
+-gck_session_complete_object_creation (GckSession *self, GckTransaction *transaction,
+-                                      GckObject *object, CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs)
++gck_session_complete_object_creation (GckSession *self, GckTransaction *transaction, GckObject *object,
++                                      gboolean add, CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs)
+ {
+ 	gboolean is_private;
+ 	gulong i;
+@@ -873,7 +873,7 @@ gck_session_complete_object_creation (GckSession *self, GckTransaction *transact
+ 	}
+ 
+ 	/* Add the object to session or token */
+-	if (!gck_transaction_get_failed (transaction)) {
++	if (add && !gck_transaction_get_failed (transaction)) {
+ 		if (gck_object_is_token (object))
+ 			gck_module_add_token_object (self->pv->module, transaction, object);
+ 		else
+diff --git a/pkcs11/gck/gck-session.h b/pkcs11/gck/gck-session.h
+index 290443d..fa4cb01 100644
+--- a/pkcs11/gck/gck-session.h
++++ b/pkcs11/gck/gck-session.h
+@@ -117,6 +117,7 @@ GckObject*               gck_session_create_object_for_attributes       (GckSess
+ void                     gck_session_complete_object_creation           (GckSession *self,
+                                                                          GckTransaction *transaction,
+                                                                          GckObject *object,
++                                                                         gboolean add,
+                                                                          CK_ATTRIBUTE_PTR attrs,
+                                                                          CK_ULONG n_attrs);
+ 
+diff --git a/pkcs11/secret-store/gck-secret-collection.c b/pkcs11/secret-store/gck-secret-collection.c
+index 4be98dc..613c1ae 100644
+--- a/pkcs11/secret-store/gck-secret-collection.c
++++ b/pkcs11/secret-store/gck-secret-collection.c
+@@ -297,7 +297,8 @@ factory_create_collection (GckSession *session, GckTransaction *transaction,
+ 	g_object_unref (sdata);
+ 
+ 	gck_attributes_consume (attrs, n_attrs, CKA_G_CREDENTIAL, G_MAXULONG);
+-	gck_session_complete_object_creation (session, transaction, GCK_OBJECT (collection), attrs, n_attrs);
++	gck_session_complete_object_creation (session, transaction, GCK_OBJECT (collection),
++	                                      TRUE, attrs, n_attrs);
+ 	return GCK_OBJECT (collection);
+ }
+ 
+diff --git a/pkcs11/secret-store/gck-secret-item.c b/pkcs11/secret-store/gck-secret-item.c
+index 5c77723..0c7636d 100644
+--- a/pkcs11/secret-store/gck-secret-item.c
++++ b/pkcs11/secret-store/gck-secret-item.c
+@@ -141,7 +141,6 @@ factory_create_item (GckSession *session, GckTransaction *transaction,
+ 	CK_ATTRIBUTE *attr;
+ 	gboolean is_token;
+ 	gchar *identifier;
+-	CK_ULONG i;
+ 
+ 	g_return_val_if_fail (GCK_IS_TRANSACTION (transaction), NULL);
+ 	g_return_val_if_fail (attrs || !n_attrs, NULL);
+@@ -176,18 +175,16 @@ factory_create_item (GckSession *session, GckTransaction *transaction,
+ 			gck_transaction_fail (transaction, CKR_TEMPLATE_INCONSISTENT);
+ 			return NULL;
+ 		} else {
+-			gck_attributes_consume (attrs, n_attrs, CKA_ID, CKA_TOKEN, G_MAXULONG);
+-			for (i = 0; i < n_attrs && !gck_transaction_get_failed (transaction); ++i) {
+-				if (!gck_attribute_consumed (&attrs[i]))
+-					gck_object_set_attribute (GCK_OBJECT (item), session, transaction, &attrs[i]);
+-			}
++			gck_session_complete_object_creation (session, transaction, GCK_OBJECT (item),
++			                                      FALSE, attrs, n_attrs);
+ 			return g_object_ref (item);
+ 		}
+ 	}
+ 
+ 	/* Create a new collection which will own the item */
+ 	item = gck_secret_collection_create_item (collection, transaction);
+-	gck_session_complete_object_creation (session, transaction, GCK_OBJECT (item), attrs, n_attrs);
++	gck_session_complete_object_creation (session, transaction, GCK_OBJECT (item),
++	                                      TRUE, attrs, n_attrs);
+ 	return g_object_ref (item);
+ }
+ 
+diff --git a/pkcs11/secret-store/gck-secret-search.c b/pkcs11/secret-store/gck-secret-search.c
+index 1315687..07bcd5f 100644
+--- a/pkcs11/secret-store/gck-secret-search.c
++++ b/pkcs11/secret-store/gck-secret-search.c
+@@ -240,7 +240,8 @@ factory_create_search (GckSession *session, GckTransaction *transaction,
+ 	populate_search_from_manager (search, s_manager);
+ 	populate_search_from_manager (search, m_manager);
+ 
+-	gck_session_complete_object_creation (session, transaction, GCK_OBJECT (search), attrs, n_attrs);
++	gck_session_complete_object_creation (session, transaction, GCK_OBJECT (search),
++	                                      TRUE, attrs, n_attrs);
+ 	return GCK_OBJECT (search);
+ }
+ 
+diff --git a/pkcs11/user-store/gck-user-private-key.c b/pkcs11/user-store/gck-user-private-key.c
+index 7577c72..5ee57a3 100644
+--- a/pkcs11/user-store/gck-user-private-key.c
++++ b/pkcs11/user-store/gck-user-private-key.c
+@@ -83,7 +83,8 @@ factory_create_private_key (GckSession *session, GckTransaction *transaction,
+ 
+ 	gck_sexp_unref (sexp);
+ 
+-	gck_session_complete_object_creation (session, transaction, GCK_OBJECT (key), attrs, n_attrs);
++	gck_session_complete_object_creation (session, transaction, GCK_OBJECT (key),
++	                                      TRUE, attrs, n_attrs);
+ 	return GCK_OBJECT (key);
+ }
+ 
+diff --git a/pkcs11/user-store/gck-user-public-key.c b/pkcs11/user-store/gck-user-public-key.c
+index 6b2d69c..ce20d1d 100644
+--- a/pkcs11/user-store/gck-user-public-key.c
++++ b/pkcs11/user-store/gck-user-public-key.c
+@@ -62,7 +62,8 @@ factory_create_public_key (GckSession *session, GckTransaction *transaction,
+ 		                       "manager", gck_manager_for_template (attrs, n_attrs, session),
+ 		                       NULL);
+ 		gck_sexp_unref (sexp);
+-		gck_session_complete_object_creation (session, transaction, object, attrs, n_attrs);
++		gck_session_complete_object_creation (session, transaction, object,
++		                                      TRUE, attrs, n_attrs);
+ 	}
+ 
+ 	return object;
+--
+cgit v0.8.3.1

gnome-keyring-2.29.90-secret-store-bad-collection-identifier.patch

@@ -0,0 +1,224 @@
+From b4add492ad707b4503dd1614dc4b7100d3d89d76 Mon Sep 17 00:00:00 2001
+From: Stef Walter <stef@memberwebs.com>
+Date: Sun, 14 Feb 2010 00:13:30 +0000
+Subject: [secret-store] Return OK when a search includes a bad collection identifier.
+
+So basically we just don't return any results. This is for two reasons:
+ * PKCS#11 isn't very helpful to the caller of C_CreateObject about
+   which attribute was wrong.
+ * Race conditions abound where you set up a search of a collection
+   that is being deleted.
+---
+diff --git a/pkcs11/secret-store/gck-secret-search.c b/pkcs11/secret-store/gck-secret-search.c
+index 07bcd5f..707366d 100644
+--- a/pkcs11/secret-store/gck-secret-search.c
++++ b/pkcs11/secret-store/gck-secret-search.c
+@@ -39,13 +39,13 @@
+ 
+ enum {
+ 	PROP_0,
+-	PROP_COLLECTION,
++	PROP_COLLECTION_ID,
+ 	PROP_FIELDS
+ };
+ 
+ struct _GckSecretSearch {
+ 	GckObject parent;
+-	GckSecretCollection *collection;
++	gchar *collection_id;
+ 	GHashTable *fields;
+ 	GList *managers;
+ 	GHashTable *handles;
+@@ -63,6 +63,7 @@ match_object_against_criteria (GckSecretSearch *self, GckObject *object)
+ 	GckSecretCollection *collection;
+ 	GckSecretItem *item;
+ 	GHashTable *fields;
++	const gchar *identifier;
+ 
+ 	if (!GCK_IS_SECRET_ITEM (object))
+ 		return FALSE;
+@@ -70,9 +71,14 @@ match_object_against_criteria (GckSecretSearch *self, GckObject *object)
+ 	item = GCK_SECRET_ITEM (object);
+ 
+ 	/* Collection should match unless any collection allowed */
+-	collection = gck_secret_item_get_collection (item);
+-	if (self->collection && collection != self->collection)
+-		return FALSE;
++	if (self->collection_id) {
++		collection = gck_secret_item_get_collection (item);
++		g_return_val_if_fail (collection, FALSE);
++		identifier = gck_secret_object_get_identifier (GCK_SECRET_OBJECT (collection));
++		g_return_val_if_fail (identifier, FALSE);
++		if (!g_str_equal (identifier, self->collection_id))
++			return FALSE;
++	}
+ 
+ 	/* Fields should match using our special algorithm */
+ 	fields = gck_secret_item_get_fields (item);
+@@ -185,9 +191,9 @@ static GckObject*
+ factory_create_search (GckSession *session, GckTransaction *transaction,
+                        CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs)
+ {
+-	GckSecretCollection *collection = NULL;
+ 	GckManager *s_manager, *m_manager;
+ 	GckSecretSearch *search;
++	gchar *identifier = NULL;
+ 	CK_ATTRIBUTE *attr;
+ 	GHashTable *fields;
+ 	GckModule *module;
+@@ -218,11 +224,10 @@ factory_create_search (GckSession *session, GckTransaction *transaction,
+ 	/* See if a collection attribute was specified, not present means all collections */
+ 	attr = gck_attributes_find (attrs, n_attrs, CKA_G_COLLECTION);
+ 	if (attr) {
+-		collection = gck_secret_collection_find (attr, s_manager, m_manager, NULL);
+-		gck_attribute_consume (attr);
+-		if (!collection) {
++		rv = gck_attribute_get_string (attr, &identifier);
++		if (rv != CKR_OK) {
+ 			g_hash_table_unref (fields);
+-			gck_transaction_fail (transaction, CKR_TEMPLATE_INCONSISTENT);
++			gck_transaction_fail (transaction, rv);
+ 			return NULL;
+ 		}
+ 	}
+@@ -231,7 +236,7 @@ factory_create_search (GckSession *session, GckTransaction *transaction,
+ 	                       "module", module,
+ 	                       "manager", s_manager,
+ 	                       "fields", fields,
+-	                       "collection", collection,
++	                       "collection-id", identifier,
+ 	                       NULL);
+ 
+ 	/* Load any new items or collections */
+@@ -284,7 +289,6 @@ static CK_RV
+ gck_secret_search_get_attribute (GckObject *base, GckSession *session, CK_ATTRIBUTE_PTR attr)
+ {
+ 	GckSecretSearch *self = GCK_SECRET_SEARCH (base);
+-	const gchar *identifier;
+ 
+ 	switch (attr->type) {
+ 	case CKA_CLASS:
+@@ -292,10 +296,9 @@ gck_secret_search_get_attribute (GckObject *base, GckSession *session, CK_ATTRIB
+ 	case CKA_MODIFIABLE:
+ 		return gck_attribute_set_bool (attr, CK_TRUE); /* TODO: This is needed for deleting? */
+ 	case CKA_G_COLLECTION:
+-		if (!self->collection)
++		if (!self->collection_id)
+ 			return gck_attribute_set_empty (attr);
+-		identifier = gck_secret_object_get_identifier (GCK_SECRET_OBJECT (self->collection));
+-		return gck_attribute_set_string (attr, identifier);
++		return gck_attribute_set_string (attr, self->collection_id);
+ 	case CKA_G_FIELDS:
+ 		return gck_secret_fields_serialize (attr, self->fields);
+ 	case CKA_G_MATCHED:
+@@ -329,9 +332,9 @@ gck_secret_search_set_property (GObject *obj, guint prop_id, const GValue *value
+ {
+ 	GckSecretSearch *self = GCK_SECRET_SEARCH (obj);
+ 	switch (prop_id) {
+-	case PROP_COLLECTION:
+-		g_return_if_fail (!self->collection);
+-		self->collection = g_value_dup_object (value);
++	case PROP_COLLECTION_ID:
++		g_return_if_fail (!self->collection_id);
++		self->collection_id = g_value_dup_string (value);
+ 		break;
+ 	case PROP_FIELDS:
+ 		g_return_if_fail (!self->fields);
+@@ -350,8 +353,8 @@ gck_secret_search_get_property (GObject *obj, guint prop_id, GValue *value,
+ {
+ 	GckSecretSearch *self = GCK_SECRET_SEARCH (obj);
+ 	switch (prop_id) {
+-	case PROP_COLLECTION:
+-		g_value_set_object (value, gck_secret_search_get_collection (self));
++	case PROP_COLLECTION_ID:
++		g_value_set_string (value, self->collection_id);
+ 		break;
+ 	case PROP_FIELDS:
+ 		g_return_if_fail (self->fields);
+@@ -378,9 +381,8 @@ gck_secret_search_dispose (GObject *obj)
+ 	g_list_free (self->managers);
+ 	self->managers = NULL;
+ 
+-	if (self->collection)
+-		g_object_unref (self->collection);
+-	self->collection = NULL;
++	g_free (self->collection_id);
++	self->collection_id = NULL;
+ 
+ 	G_OBJECT_CLASS (gck_secret_search_parent_class)->dispose (obj);
+ }
+@@ -415,9 +417,9 @@ gck_secret_search_class_init (GckSecretSearchClass *klass)
+ 
+ 	gck_class->get_attribute = gck_secret_search_get_attribute;
+ 
+-	g_object_class_install_property (gobject_class, PROP_COLLECTION,
+-	           g_param_spec_object ("collection", "Collection", "Item's Collection",
+-	                                GCK_TYPE_SECRET_COLLECTION, G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
++	g_object_class_install_property (gobject_class, PROP_COLLECTION_ID,
++	           g_param_spec_string ("collection-id", "Collection ID", "Item's Collection's Identifier",
++	                                NULL, G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
+ 
+ 	g_object_class_install_property (gobject_class, PROP_FIELDS,
+ 	           g_param_spec_boxed ("fields", "Fields", "Item's fields",
+@@ -455,9 +457,9 @@ gck_secret_search_get_fields (GckSecretSearch *self)
+ 	return self->fields;
+ }
+ 
+-GckSecretCollection*
+-gck_secret_search_get_collection (GckSecretSearch *self)
++const gchar*
++gck_secret_search_get_collection_id (GckSecretSearch *self)
+ {
+ 	g_return_val_if_fail (GCK_IS_SECRET_SEARCH (self), NULL);
+-	return self->collection;
++	return self->collection_id;
+ }
+diff --git a/pkcs11/secret-store/gck-secret-search.h b/pkcs11/secret-store/gck-secret-search.h
+index de85303..34f355a 100644
+--- a/pkcs11/secret-store/gck-secret-search.h
++++ b/pkcs11/secret-store/gck-secret-search.h
+@@ -49,6 +49,6 @@ GckFactory*          gck_secret_search_get_factory     (void) G_GNUC_CONST;
+ 
+ GHashTable*          gck_secret_search_get_fields      (GckSecretSearch *self);
+ 
+-GckSecretCollection* gck_secret_search_get_collection  (GckSecretSearch *self);
++const gchar*      gck_secret_search_get_collection_id  (GckSecretSearch *self);
+ 
+ #endif /* __GCK_SECRET_SEARCH_H__ */
+diff --git a/pkcs11/secret-store/tests/unit-test-secret-search.c b/pkcs11/secret-store/tests/unit-test-secret-search.c
+index 1f1be89..51006e0 100644
+--- a/pkcs11/secret-store/tests/unit-test-secret-search.c
++++ b/pkcs11/secret-store/tests/unit-test-secret-search.c
+@@ -114,7 +114,7 @@ DEFINE_TEST(create_search)
+ 	        { CKA_G_FIELDS, "test\0value\0two\0value2", 22 },
+ 	};
+ 
+-	GckSecretCollection *collection;
++	const gchar *identifier;
+ 	GckObject *object = NULL;
+ 	GHashTable *fields;
+ 	gpointer vdata;
+@@ -156,8 +156,8 @@ DEFINE_TEST(create_search)
+ 	g_assert_cmpstr (gck_secret_fields_get (fields, "test"), ==, "value");
+ 
+ 	/* No collection */
+-	collection = gck_secret_search_get_collection (GCK_SECRET_SEARCH (object));
+-	g_assert (collection == NULL);
++	identifier = gck_secret_search_get_collection_id (GCK_SECRET_SEARCH (object));
++	g_assert (identifier == NULL);
+ 
+ 	g_object_unref (object);
+ }
+@@ -274,7 +274,9 @@ DEFINE_TEST(create_search_for_bad_collection)
+ 	GckTransaction *transaction = gck_transaction_new ();
+ 
+ 	object = gck_session_create_object_for_factory (session, factory, transaction, attrs, 2);
+-	g_assert (gck_transaction_complete_and_unref (transaction) == CKR_TEMPLATE_INCONSISTENT);
++	g_assert (gck_transaction_complete_and_unref (transaction) == CKR_OK);
++
++	g_object_unref (object);
+ }
+ 
+ DEFINE_TEST(create_search_for_collection)
+--
+cgit v0.8.3.1

gnome-keyring-2.29.90-secret-store-sporadic-crash.patch

@@ -0,0 +1,21 @@
+From 0d82027ae6d68ce889f55833408a00c744bf65df Mon Sep 17 00:00:00 2001
+From: Stef Walter <stef@memberwebs.com>
+Date: Sun, 14 Feb 2010 04:32:45 +0000
+Subject: [secret-store] Possible fix for a sporadic crash in this area.
+
+---
+diff --git a/pkcs11/secret-store/gck-secret-collection.c b/pkcs11/secret-store/gck-secret-collection.c
+index 613c1ae..cf804aa 100644
+--- a/pkcs11/secret-store/gck-secret-collection.c
++++ b/pkcs11/secret-store/gck-secret-collection.c
+@@ -145,7 +145,7 @@ track_secret_data (GckSecretCollection *self, GckSecretData *data)
+ 	self->sdata = data;
+ 	if (self->sdata)
+ 		g_object_add_weak_pointer (G_OBJECT (self->sdata),
+-		                           (gpointer*)&self->sdata);
++		                           (gpointer*)&(self->sdata));
+ }
+ 
+ static void
+--
+cgit v0.8.3.1

gnome-keyring-2.29.90-secret-store-value-store.patch

@@ -0,0 +1,33 @@
+From 912891b83b297ac6af2b62f6c1f8c31b1d3cc8bd Mon Sep 17 00:00:00 2001
+From: Stef Walter <stef@memberwebs.com>
+Date: Sat, 13 Feb 2010 04:16:50 +0000
+Subject: [secret-store] Fix regression: secret value not stored properly.
+
+---
+diff --git a/pkcs11/secret-store/gck-secret-item.c b/pkcs11/secret-store/gck-secret-item.c
+index b0c5659..5c77723 100644
+--- a/pkcs11/secret-store/gck-secret-item.c
++++ b/pkcs11/secret-store/gck-secret-item.c
+@@ -141,6 +141,7 @@ factory_create_item (GckSession *session, GckTransaction *transaction,
+ 	CK_ATTRIBUTE *attr;
+ 	gboolean is_token;
+ 	gchar *identifier;
++	CK_ULONG i;
+ 
+ 	g_return_val_if_fail (GCK_IS_TRANSACTION (transaction), NULL);
+ 	g_return_val_if_fail (attrs || !n_attrs, NULL);
+@@ -175,7 +176,11 @@ factory_create_item (GckSession *session, GckTransaction *transaction,
+ 			gck_transaction_fail (transaction, CKR_TEMPLATE_INCONSISTENT);
+ 			return NULL;
+ 		} else {
+-			gck_attributes_consume (attrs, n_attrs, CKA_ID, G_MAXULONG);
++			gck_attributes_consume (attrs, n_attrs, CKA_ID, CKA_TOKEN, G_MAXULONG);
++			for (i = 0; i < n_attrs && !gck_transaction_get_failed (transaction); ++i) {
++				if (!gck_attribute_consumed (&attrs[i]))
++					gck_object_set_attribute (GCK_OBJECT (item), session, transaction, &attrs[i]);
++			}
+ 			return g_object_ref (item);
+ 		}
+ 	}
+--
+cgit v0.8.3.1

gnome-keyring-2.29.90-ssh-agent-disconnect-warning.patch

@@ -0,0 +1,24 @@
+From 5fa82147450c0910072d9aa86e62a42a23576215 Mon Sep 17 00:00:00 2001
+From: Stef Walter <stef@memberwebs.com>
+Date: Sun, 14 Feb 2010 00:22:10 +0000
+Subject: [ssh-agent] Don't raise error if ssh client disconnects early.
+
+---
+diff --git a/daemon/ssh-agent/gkd-ssh-agent.c b/daemon/ssh-agent/gkd-ssh-agent.c
+index 7e6c801..0a851ce 100644
+--- a/daemon/ssh-agent/gkd-ssh-agent.c
++++ b/daemon/ssh-agent/gkd-ssh-agent.c
+@@ -85,8 +85,9 @@ write_all (int fd, const guchar *buf, int len)
+ 		if (res <= 0) {
+ 			if (errno == EAGAIN && errno == EINTR)
+ 				continue;
+-			g_warning ("couldn't write %u bytes to client: %s", all,
+-			           res < 0 ? g_strerror (errno) : "");
++			if (errno != EPIPE)
++				g_warning ("couldn't write %u bytes to client: %s", all,
++				           res < 0 ? g_strerror (errno) : "");
+ 			return FALSE;
+ 		} else  {
+ 			len -= res;
+--
+cgit v0.8.3.1

gnome-keyring.spec

@@ -8,7 +8,7 @@
 Summary: Framework for managing passwords and other secrets
 Name: gnome-keyring
 Version: 2.29.90
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2+ and LGPLv2+
 Group: System Environment/Libraries
 Source: http://download.gnome.org/sources/gnome-keyring/2.29/gnome-keyring-%{version}.tar.bz2
@@ -16,6 +16,13 @@ Source: http://download.gnome.org/sources/gnome-keyring/2.29/gnome-keyring-%{ver
 # http://bugzilla.redhat.com/529709
 # http://bugs.gnome.org/598494
 Patch3: gnome-keyring-2.28.1-nopass.patch
+# from upstream
+Patch4: gnome-keyring-2.29.90-secret-store-value-store.patch
+Patch5: gnome-keyring-2.29.90-pkcs11-value-store.patch
+Patch6: gnome-keyring-2.29.90-secret-store-bad-collection-identifier.patch
+Patch7: gnome-keyring-2.29.90-ssh-agent-disconnect-warning.patch
+Patch8: gnome-keyring-2.29.90-dbus-setting-NULL-default.patch
+Patch9: gnome-keyring-2.29.90-secret-store-sporadic-crash.patch
 
 
 URL: http://www.gnome.org
@@ -76,6 +83,12 @@ automatically unlock the "login" keyring when the user logs in.
 %prep
 %setup -q -n gnome-keyring-%{version}
 %patch3 -p1 -b .no-pass
+%patch4 -p1 -b .secret-store-value-store
+%patch5 -p1 -b .pkcs11-value-store
+%patch6 -p1 -b .secret-store-bad-collection-identifier
+%patch7 -p1 -b .ssh-agent-disconnect-warning
+%patch8 -p1 -b .dbus-setting-NULL-default
+%patch9 -p1 -b .secret-store-sporadic-crash
 
 
 %build
@@ -154,6 +167,9 @@ fi
 
 
 %changelog
+* Tue Feb 16 2010 Tomas Bzatek <tbzatek@redhat.com> - 2.29.90-2
+- Backport fixes from master related to storing secret value
+
 * Tue Feb  9 2010 Tomas Bzatek <tbzatek@redhat.com> - 2.29.90-1
 - Update to 2.29.90