5 changed files with 68 additions and 171 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/gnome-keyring-3.28.2.tar.xz
+SOURCES/gnome-keyring-40.0.tar.xz
--- a/.gnome-keyring.metadata
+++ b/.gnome-keyring.metadata
@ -1 +1 @@
-a28f2e9ddee20c28922e7979cd3a4bb2b5c2e2ab SOURCES/gnome-keyring-3.28.2.tar.xz
+0e5287f5e0c8a0dcce960824bd4e43b223ada2a7 SOURCES/gnome-keyring-40.0.tar.xz
--- a/SOURCES/gnome-keyring-40.0-ssh-agent-avoid-deadlock.patch
+++ b/SOURCES/gnome-keyring-40.0-ssh-agent-avoid-deadlock.patch
@ -1,82 +0,0 @@
 From dd92a85fb44ff68e075c348176d042448745fac8 Mon Sep 17 00:00:00 2001
 From: Steven Luo <s_luo@berkeley.edu>
 Date: Mon, 5 Feb 2024 10:22:02 -0800
 Subject: [PATCH 1/2] ssh-agent: avoid deadlock when agent process dies before
 we connect to it
 gkd_ssh_agent_process_connect() waits for the ssh-agent process to
 become ready to accept input by entering the main loop while holding
 self->lock.  However, if the ssh-agent process dies before becoming
 ready, the main loop will call on_child_watch(), which needs to take
 self->lock, causing a deadlock.  Fix this by releasing the lock before
 entering the main loop.
 This should prevent a busyloop that's been reported multiple times [1]
 [2] from lasting forever.
 [1] https://bugzilla.gnome.org/show_bug.cgi?id=794848
 [2] https://bugzilla.redhat.com/show_bug.cgi?id=1841855 (migrated to
 https://issues.redhat.com/browse/RHEL-9302)
 ---
 daemon/ssh-agent/gkd-ssh-agent-process.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)
 diff --git a/daemon/ssh-agent/gkd-ssh-agent-process.c b/daemon/ssh-agent/gkd-ssh-agent-process.c
 index d3bb3a7ed..cbf10ffb2 100644
 --- a/daemon/ssh-agent/gkd-ssh-agent-process.c
 +++ b/daemon/ssh-agent/gkd-ssh-agent-process.c
@@ -228,8 +228,11 @@ gkd_ssh_agent_process_connect (GkdSshAgentProcess *self,
 	if (started && !self->ready) {
 		source = g_timeout_add_seconds (5, on_timeout, &timedout);
 -		while (!self->ready && !timedout)
 +		while (!self->ready && !timedout) {
 +			g_mutex_unlock (&self->lock);
 			g_main_context_iteration (NULL, FALSE);
 +			g_mutex_lock (&self->lock);
 +		}
 		g_source_remove (source);
 	}
 -- 
 GitLab
 From 03ca2228205bfaa7510116142f9beaaf2a682042 Mon Sep 17 00:00:00 2001
 From: Steven Luo <s_luo@berkeley.edu>
 Date: Mon, 5 Feb 2024 10:29:56 -0800
 Subject: [PATCH 2/2] ssh-agent: stop waiting for agent to become ready if it's
 dead
 If the ssh-agent process we launch dies before it becomes ready to take
 input, self->pid will be set to 0 by on_child_watch().  If that happens,
 there's no point in continuing to wait for the process to become ready.
 This should avoid an unnecessary five-second wait in cases like [1] or
 [2].
 [1] https://bugzilla.gnome.org/show_bug.cgi?id=794848
 [2] https://bugzilla.redhat.com/show_bug.cgi?id=1841855 (migrated to
 https://issues.redhat.com/browse/RHEL-9302)
 ---
 daemon/ssh-agent/gkd-ssh-agent-process.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 diff --git a/daemon/ssh-agent/gkd-ssh-agent-process.c b/daemon/ssh-agent/gkd-ssh-agent-process.c
 index cbf10ffb2..82e5559fb 100644
 --- a/daemon/ssh-agent/gkd-ssh-agent-process.c
 +++ b/daemon/ssh-agent/gkd-ssh-agent-process.c
@@ -226,9 +226,9 @@ gkd_ssh_agent_process_connect (GkdSshAgentProcess *self,
 		started = TRUE;
 	}
 -	if (started && !self->ready) {
 +	if (started && self->pid && !self->ready) {
 		source = g_timeout_add_seconds (5, on_timeout, &timedout);
 -		while (!self->ready && !timedout) {
 +		while (self->pid && !self->ready && !timedout) {
 			g_mutex_unlock (&self->lock);
 			g_main_context_iteration (NULL, FALSE);
 			g_mutex_lock (&self->lock);
 -- 
 GitLab
--- a/SOURCES/gnome-keyring-40.0-strncpy.patch
+++ b/SOURCES/gnome-keyring-40.0-strncpy.patch
@ -1,78 +0,0 @@
 From 6c4ad4cff086ba7fd79ef406311a283c6a942baf Mon Sep 17 00:00:00 2001
 From: Matt Turner <mattst88@gmail.com>
 Date: Sun, 22 May 2022 13:00:46 -0400
 Subject: [PATCH] pkcs11: Don't use strncpy when copying paths
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 Using strncpy produces the following warning, which indicates that the
 destination string could be left unterminated.
  CC       daemon/control/gkd-control-server.lo
  CCLD     libgkd-control.la
  CC       pkcs11/rpc-layer/libgkm_rpc_layer_la-gkm-rpc-dispatch.lo
 In file included from /usr/include/string.h:519,
                 from /usr/include/glib-2.0/glib/galloca.h:33,
                 from /usr/include/glib-2.0/glib.h:30,
                 from ./egg/egg-error.h:24,
                 from pkcs11/rpc-layer/gkm-rpc-dispatch.c:31:
 In function ‘strncpy’,
    inlined from ‘gkm_rpc_layer_startup’ at pkcs11/rpc-layer/gkm-rpc-dispatch.c:2382:2:
 /usr/include/bits/string_fortified.h:95:10: warning: ‘__builtin_strncpy’ specified bound 108 equals destination size [-Wstringop-truncation]
   95 |   return __builtin___strncpy_chk (__dest, __src, __len,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   96 |                                   __glibc_objsize (__dest));
      |                                   ~~~~~~~~~~~~~~~~~~~~~~~~~
 ---
 pkcs11/rpc-layer/gkm-rpc-dispatch.c | 4 +++-
 pkcs11/rpc-layer/gkm-rpc-module.c   | 4 +++-
 2 files changed, 6 insertions(+), 2 deletions(-)
 diff --git a/pkcs11/rpc-layer/gkm-rpc-dispatch.c b/pkcs11/rpc-layer/gkm-rpc-dispatch.c
 index 72d2ced1f..dbedb355e 100644
 --- a/pkcs11/rpc-layer/gkm-rpc-dispatch.c
 +++ b/pkcs11/rpc-layer/gkm-rpc-dispatch.c
@@ -31,6 +31,8 @@
 #include "egg/egg-error.h"
 #include "egg/egg-unix-credentials.h"
 +#include <glib.h>
 +
 #include <sys/types.h>
 #include <sys/param.h>
 #include <sys/socket.h>
@@ -2379,7 +2381,7 @@ gkm_rpc_layer_startup (const char *prefix)
 	memset(&addr, 0, sizeof(addr));
 	addr.sun_family = AF_UNIX;
 	unlink (pkcs11_socket_path);
 -	strncpy (addr.sun_path, pkcs11_socket_path, sizeof (addr.sun_path));
 +	g_strlcpy (addr.sun_path, pkcs11_socket_path, sizeof (addr.sun_path));
 	if (bind (sock, (struct sockaddr*)&addr, sizeof (addr)) < 0) {
 		gkm_rpc_warn ("couldn't bind to pkcs11 socket: %s: %s",
 		                  pkcs11_socket_path, strerror (errno));
 diff --git a/pkcs11/rpc-layer/gkm-rpc-module.c b/pkcs11/rpc-layer/gkm-rpc-module.c
 index 24457ce18..515b18a4d 100644
 --- a/pkcs11/rpc-layer/gkm-rpc-module.c
 +++ b/pkcs11/rpc-layer/gkm-rpc-module.c
@@ -29,6 +29,8 @@
 #include "egg/egg-unix-credentials.h"
 +#include <glib.h>
 +
 #include <sys/types.h>
 #include <sys/param.h>
 #include <sys/socket.h>
@@ -233,7 +235,7 @@ call_connect (CallState *cs)
 	debug (("connecting to: %s", pkcs11_socket_path));
 	addr.sun_family = AF_UNIX;
 -	strncpy (addr.sun_path, pkcs11_socket_path, sizeof (addr.sun_path));
 +	g_strlcpy (addr.sun_path, pkcs11_socket_path, sizeof (addr.sun_path));
 	sock = socket (AF_UNIX, SOCK_STREAM, 0);
 	if (sock < 0) {
 -- 
 GitLab
--- a/SPECS/gnome-keyring.spec
+++ b/SPECS/gnome-keyring.spec
@ -3,22 +3,20 @@
 %global gcrypt_version 1.2.2
 Name: gnome-keyring
-Version: 3.28.2
+Version: 40.0
-Release: 2%{?dist}
+Release: 3%{?dist}
 Summary: Framework for managing passwords and other secrets
 License: GPLv2+ and LGPLv2+
 URL:     https://wiki.gnome.org/Projects/GnomeKeyring
-Source0: https://download.gnome.org/sources/%{name}/3.28/%{name}-%{version}.tar.xz
+Source0: https://download.gnome.org/sources/%{name}/40/%{name}-%{version}.tar.xz
 # https://issues.redhat.com/browse/RHEL-11916
 Patch0:  gnome-keyring-40.0-ssh-agent-avoid-deadlock.patch
 Patch1:  gnome-keyring-40.0-strncpy.patch
 BuildRequires: pkgconfig(gcr-3) >= %{gcr_version}
 BuildRequires: pkgconfig(glib-2.0) >= %{glib2_version}
 BuildRequires: pkgconfig(p11-kit-1)
 BuildRequires: docbook-dtds
 BuildRequires: docbook-style-xsl
 BuildRequires: gcc
 BuildRequires: gettext
 BuildRequires: intltool
 BuildRequires: libcap-ng-devel
@ -28,6 +26,7 @@ BuildRequires: pam-devel
 BuildRequires: /usr/bin/ssh-add
 BuildRequires: /usr/bin/ssh-agent
 BuildRequires: /usr/bin/xsltproc
 BuildRequires: make
 Requires: /usr/bin/ssh-add
 Requires: /usr/bin/ssh-agent
@ -63,7 +62,7 @@ automatically unlock the "login" keyring when the user logs in.
 # avoid unneeded direct dependencies
 sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0 /g' libtool
-make %{?_smp_mflags}
+%make_build
 %install
@ -93,6 +92,10 @@ rm $RPM_BUILD_ROOT%{_libdir}/gnome-keyring/devel/*.la
 %{_sysconfdir}/xdg/autostart/*
 %{_datadir}/GConf/gsettings/*.convert
 %{_datadir}/glib-2.0/schemas/*.gschema.xml
 %{_datadir}/p11-kit/modules/gnome-keyring.module
 %dir %{_datadir}/xdg-desktop-portal
 %dir %{_datadir}/xdg-desktop-portal/portals
 %{_datadir}/xdg-desktop-portal/portals/gnome-keyring.portal
 %{_mandir}/man1/gnome-keyring.1*
 %{_mandir}/man1/gnome-keyring-3.1*
 %{_mandir}/man1/gnome-keyring-daemon.1*
@ -102,8 +105,62 @@ rm $RPM_BUILD_ROOT%{_libdir}/gnome-keyring/devel/*.la
 %changelog
-* Fri Apr 12 2024 David King <dking@redhat.com> - 3.28.2-2
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 40.0-3
- Avoid SSH agent deadlocks (RHEL-11916)
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
  Related: rhbz#1991688
 * Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 40.0-2
 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
 * Fri Mar 26 2021 Kalev Lember <klember@redhat.com> - 40.0-1
 - Update to 40.0
 * Fri Mar 05 2021 David King <amigadave@amigadave.com> - 3.36.0-6
 - Apply upstream patch to fix capng usage (#1888978)
 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.36.0-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
 * Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.36.0-4
 - Second attempt - Rebuilt for
  https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 * Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.36.0-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 * Mon Jul 13 2020 Tom Stellard <tstellar@redhat.com> - 3.36.0-2
 - Use make macros
 - https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
 * Wed Mar 11 2020 Kalev Lember <klember@redhat.com> - 3.36.0-1
 - Update to 3.36.0
 * Mon Feb 17 2020 Kalev Lember <klember@redhat.com> - 3.35.90-1
 - Update to 3.35.90
 * Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.35.1-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
 * Thu Jan 16 2020 Kalev Lember <klember@redhat.com> - 3.35.1-1
 - Update to 3.35.1
 * Mon Sep 30 2019 Kalev Lember <klember@redhat.com> - 3.34.0-1
 - Update to 3.34.0
 * Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.31.91-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
 * Sat Mar 02 2019 Kalev Lember <klember@redhat.com> - 3.31.91-1
 - Update to 3.31.91
 * Sun Feb 10 2019 Kalev Lember <klember@redhat.com> - 3.31.90-1
 - Update to 3.31.90
 * Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.28.2-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
 * Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.28.2-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 * Tue May 08 2018 Kalev Lember <klember@redhat.com> - 3.28.2-1
 - Update to 3.28.2
`@ -1 +1 @@`
	`SOURCES/gnome-keyring-3.28.2.tar.xz`	`SOURCES/gnome-keyring-40.0.tar.xz`
`@ -1 +1 @@`
	`a28f2e9ddee20c28922e7979cd3a4bb2b5c2e2ab SOURCES/gnome-keyring-3.28.2.tar.xz`	`0e5287f5e0c8a0dcce960824bd4e43b223ada2a7 SOURCES/gnome-keyring-40.0.tar.xz`