Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package gnome-keyring for openSUSE:Factory checked in at 2026-06-04 18:52:10 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gnome-keyring (Old) and /work/SRC/openSUSE:Factory/.gnome-keyring.new.2375 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gnome-keyring" Thu Jun 4 18:52:10 2026 rev:154 rq:1356974 version:50.0 Changes: -------- --- /work/SRC/openSUSE:Factory/gnome-keyring/gnome-keyring.changes 2026-04-10 17:48:57.471787243 +0200 +++ /work/SRC/openSUSE:Factory/.gnome-keyring.new.2375/gnome-keyring.changes 2026-06-04 18:52:28.580323359 +0200 @@ -1,0 +2,8 @@ +Wed Jun 3 11:59:13 UTC 2026 - Bjørn Lie <[email protected]> + +- Add 04a6bc68ff4350676c5fc55d1b244a17224fbea2.patch: Fix: avoid + potential FD leak in gkm_rpc_layer_startup. +- Rebase gnome-keyring-pam-auth-prompt-password.patch with quilt. +- Use autosetup/patch macros. + +------------------------------------------------------------------- New: ---- 04a6bc68ff4350676c5fc55d1b244a17224fbea2.patch ----------(New B)---------- New: - Add 04a6bc68ff4350676c5fc55d1b244a17224fbea2.patch: Fix: avoid potential FD leak in gkm_rpc_layer_startup. ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gnome-keyring.spec ++++++ --- /var/tmp/diff_new_pack.EmthGq/_old 2026-06-04 18:52:32.996505514 +0200 +++ /var/tmp/diff_new_pack.EmthGq/_new 2026-06-04 18:52:33.012506174 +0200 @@ -32,6 +32,8 @@ Patch1: gnome-keyring-bsc1039461-pam-man-page.patch # PATCH-FIX-UPSTREAM gnome-keyring-register-login-keyring.patch glgo#GNOME/gnome-keyring!78 [email protected] -- Ensure login keyring is properly registered Patch2: gnome-keyring-register-login-keyring.patch +# PATCH-FIX-UPSTREAM 04a6bc68ff4350676c5fc55d1b244a17224fbea2.patch -- fix: avoid potential FD leak in gkm_rpc_layer_startup +Patch3: https://gitlab.gnome.org/GNOME/gnome-keyring/-/commit/04a6bc68ff4350676c5fc55d1b244a17224fbea2.patch ## NOTE: Keep SLE-only patches at bottom (starting on 1000). # PATCH-FIX-SLE gnome-keyring-bsc932232-use-libgcrypt-allocators.patch bsc#932232 [email protected] @@ -116,13 +118,11 @@ %lang_package %prep -%setup -q -%patch -P 0 -p1 -%patch -P 1 -p1 -%patch -P 2 -p1 +%autosetup -N +%autopatch -p1 -M 999 + %if 0%{?sle_version} -%patch -P 1000 -p1 -%patch -P 1001 -p1 +%autopatch -p1 -m 1000 %endif %build ++++++ 04a6bc68ff4350676c5fc55d1b244a17224fbea2.patch ++++++ >From 04a6bc68ff4350676c5fc55d1b244a17224fbea2 Mon Sep 17 00:00:00 2001 From: Mikhail Dmitrichenko <[email protected]> Date: Fri, 20 Mar 2026 18:10:21 +0300 Subject: [PATCH] fix: avoid potential FD leak in gkm_rpc_layer_startup In gkm_rpc_layer_startup after `sock` was initialized by calling `socket(...)`, there are possible scenarios, where execution flow leaves current function without closing sock FD: 1) if further `bind(...)` call is unsuccessful; 2) if further listen `call(...)` is unsuccessful. Explicitly close `sock` before leaving function after unsuccessful `bind` and `listen` calls. Found by Linux Verification Center (linuxtesting.org) with SVACE. Closes #185 --- pkcs11/rpc-layer/gkm-rpc-dispatch.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkcs11/rpc-layer/gkm-rpc-dispatch.c b/pkcs11/rpc-layer/gkm-rpc-dispatch.c index dbedb355..fcf42279 100644 --- a/pkcs11/rpc-layer/gkm-rpc-dispatch.c +++ b/pkcs11/rpc-layer/gkm-rpc-dispatch.c @@ -2385,12 +2385,14 @@ gkm_rpc_layer_startup (const char *prefix) if (bind (sock, (struct sockaddr*)&addr, sizeof (addr)) < 0) { gkm_rpc_warn ("couldn't bind to pkcs11 socket: %s: %s", pkcs11_socket_path, strerror (errno)); + close(sock); return -1; } if (listen (sock, 128) < 0) { gkm_rpc_warn ("couldn't listen on pkcs11 socket: %s: %s", pkcs11_socket_path, strerror (errno)); + close(sock); return -1; } -- GitLab ++++++ _scmsync.obsinfo ++++++ --- /var/tmp/diff_new_pack.EmthGq/_old 2026-06-04 18:52:33.332519374 +0200 +++ /var/tmp/diff_new_pack.EmthGq/_new 2026-06-04 18:52:33.372521024 +0200 @@ -1,6 +1,6 @@ -mtime: 1774255101 -commit: c750a9f3e51aec00cf09ed79e1ba621e82e11386cb8d18dc512ce2e0ab7ad7aa +mtime: 1780488097 +commit: 18b33a24bbc0a53b47448e85d175707e70f26115cc53de0f7ebeb288a185d94c url: https://src.opensuse.org/GNOME/gnome-keyring -revision: c750a9f3e51aec00cf09ed79e1ba621e82e11386cb8d18dc512ce2e0ab7ad7aa +revision: 18b33a24bbc0a53b47448e85d175707e70f26115cc53de0f7ebeb288a185d94c projectscmsync: https://src.opensuse.org/GNOME/_ObsPrj ++++++ build.specials.obscpio ++++++ ++++++ build.specials.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.gitignore new/.gitignore --- old/.gitignore 1970-01-01 01:00:00.000000000 +0100 +++ new/.gitignore 2026-06-03 14:01:37.000000000 +0200 @@ -0,0 +1,5 @@ +*.obscpio +*.osc +_build.* +.pbuild +osc-collab.* ++++++ gnome-keyring-pam-auth-prompt-password.patch ++++++ --- /var/tmp/diff_new_pack.EmthGq/_old 2026-06-04 18:52:34.216555838 +0200 +++ /var/tmp/diff_new_pack.EmthGq/_new 2026-06-04 18:52:34.228556333 +0200 @@ -1,8 +1,8 @@ -Index: gnome-keyring-3.34.0/pam/gkr-pam-module.c +Index: gnome-keyring-50.0/pam/gkr-pam-module.c =================================================================== ---- gnome-keyring-3.34.0.orig/pam/gkr-pam-module.c -+++ gnome-keyring-3.34.0/pam/gkr-pam-module.c -@@ -874,12 +874,27 @@ pam_sm_authenticate (pam_handle_t *ph, i +--- gnome-keyring-50.0.orig/pam/gkr-pam-module.c ++++ gnome-keyring-50.0/pam/gkr-pam-module.c +@@ -878,12 +878,27 @@ pam_sm_authenticate (pam_handle_t *ph, i /* Look up the password */ ret = pam_get_item (ph, PAM_AUTHTOK, (const void**)&password); if (ret != PAM_SUCCESS || password == NULL) {
