Seahorse issues

Coleman Kane cokane at cokane.org
Fri Apr 11 16:50:41 UTC 2008 

On Fri, 2008-04-11 at 12:14 -0400, Coleman Kane wrote:
> On Fri, 2008-04-11 at 11:54 -0400, Joe Marcus Clarke wrote:
> > On Fri, 2008-04-11 at 10:14 -0400, Coleman Kane wrote:
> > > I removed your earleir patch, which has the side effect of causing 
> > > gnome_keyring_memory_try_alloc(size) to act in a manner that violates 
> > > its documentation, as well as causing the above bug. I then added the 
> > > three patches to security/seahorse which I posted into 
> > > http://bugzilla.gnome.org/show_bug.cgi?id=527193 today:
> > >   * http://bugzilla.gnome.org/attachment.cgi?id=109055
> > >   * http://bugzilla.gnome.org/attachment.cgi?id=109056
> > >   * http://bugzilla.gnome.org/attachment.cgi?id=109057
> > > 
> > > These three alter the behavior of Seahorse in the manner I described 
> > > above, and don't touch gnome-keyring. For all purposes, I *think* 
> > > gnome-keyring is acting properly here. The consumer of gnome-keyring 
> > 
> > You're right.  I was hoping to hack g-k in such a way to avoid having to
> > fix other broken consumers in the future.  Of course, my approach was
> > very wrong.
> 
> Thanks for all the help on this. I've now got evolution working with GPG
> pretty well.
> 
> > 
> > > (seahorse) should first be testing if the features that it wants to use 
> > > are actually provided by the library before it blindingly attempts to 
> > > use them. This is, IMHO, why gnome-keyring provides the *_try(...) 
> > > versions of its securemem alloc functions.
> > 
> > Fixing seahorse is the right thing to do.  The bug has been moved into
> > gnome-keyring's court, so you way want to get them to move it back.
> > 
> 
> I made the change to the bug already.
> 
> > > 
> > > Additionally, you'll get a seahorse g_warning about unavailable secure 
> > > memory now too.
> > 
> > Thanks for your work here.  Feel free to commit these patches to our
> > seahorse port.
> > 
> > Joe
> > 
> 
> Thanks, I'll do that later this evening when I have some time after
> work.
> 
> --
> Coleman Kane

Joe,

Also it would seem that a similar patch should be applied to the
following tools:
  - daemon/seahorse-daemon.c
  - plugins/applet/seahorse-applet.c
  - plugins/nautilus/seahorse-tool.c
  - src/main.c (for main "seahorse" program)

So I will also look into patching those before I commit the final bundle
to the port in question. That way we'll have "one PORTREVISION bump to
fix them all".

--
Coleman Kaen

More information about the freebsd-gnome mailing list