Re: Bug#489835: seccure-* FATAL: Cannot obtain memory lock
On Mon, 2008-07-07 at 22:46 -0500, Jaime Ochoa Malagon wrote:
> Package: seccure
> Version: 0.3-1
> Severity: important
>
>
> I have a couple of files encrypted and whe I need to decrypt the programs file misserably...
> FATAL: Cannot obtain memory lock: Cannot allocate memory.
Hi debian-release,
I would like permission to upload a fix for the above to unstable
with the aim of transitioning to testing for inclusion in lenny.
I have since upgraded this bug to grave, as the above error happens
on any invocation of the program.
If you give me the go-ahead then I will seek a sponsor for this
upload.
The debdiff is attached, hopefully the patch and changelog comments
will give you enough information about the problem.
Thanks,
James
diff -u seccure-0.3/debian/patches/00list seccure-0.3/debian/patches/00list
--- seccure-0.3/debian/patches/00list
+++ seccure-0.3/debian/patches/00list
@@ -1,0 +2 @@
+20-mlockall-failure-non-fatal
diff -u seccure-0.3/debian/changelog seccure-0.3/debian/changelog
--- seccure-0.3/debian/changelog
+++ seccure-0.3/debian/changelog
@@ -1,3 +1,14 @@
+seccure (0.3-2) intrepid; urgency=low
+
+ * Make failure to mlock all memory only a warning, and re-enable gcrypt's
+ memory locking. Changes in pam since etch mean that the kernel's defaults
+ for memory locking are now respected, and seccure tries to lock more
+ memory than that, which means that the program can't be started. The patch
+ is from the upstream author, who considers it a stop-gap, but doesn't
+ anticipate having a proper fix before lenny. (Closes: #489835)
+
+ -- James Westby <jw+debian@jameswestby.net> Tue, 05 Aug 2008 13:15:18 +0100
+
seccure (0.3-1) unstable; urgency=low
* New upstream release.
only in patch2:
unchanged:
--- seccure-0.3.orig/debian/patches/20-mlockall-failure-non-fatal.dpatch
+++ seccure-0.3/debian/patches/20-mlockall-failure-non-fatal.dpatch
@@ -0,0 +1,49 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 20-mlockall-failure-non-fatal.dpatch by <james.westby@canonical.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Changes in pam mean that seccure isn't allowed to lock all of
+## DP: the memory that it wants. This patch just makes that non-fatal.
+## DP: This patch is a stop-gap from the upstream developer, who is
+## DP: working on a better fix. (Closes: #489835)
+
+@DPATCH@
+diff -urNad seccure-0.3~/seccure.c seccure-0.3/seccure.c
+--- seccure-0.3~/seccure.c 2006-08-16 21:13:57.000000000 +0100
++++ seccure-0.3/seccure.c 2008-08-05 13:05:30.000000000 +0100
+@@ -90,6 +90,18 @@
+ #endif
+ }
+
++void warning(const char *msg)
++{
++ beep_on_terminal(stderr);
++ fprintf(stderr, "WARNING: %s.\n", msg);
++}
++
++void warning_errno(const char *msg, int err)
++{
++ beep_on_terminal(stderr);
++ fprintf(stderr, "WARNING: %s: %s.\n", msg, strerror(err));
++}
++
+ void fatal(const char *msg)
+ {
+ beep_on_terminal(stderr);
+@@ -1061,13 +1073,15 @@
+
+ #if ! NOMEMLOCK
+ if (mlockall(MCL_CURRENT | MCL_FUTURE) < 0)
+- fatal_errno("Cannot obtain memory lock", errno);
++ warning_errno("Cannot obtain memory lock", errno);
+ #endif
+
+ /* As we already have locked all memory we don't need gcrypt's mlocking */
++#if 0
+ err = gcry_control(GCRYCTL_DISABLE_SECMEM, 0);
+ if (gcry_err_code(err))
+ fatal_gcrypt("Cannot disable gcrypt's secure memory", err);
++#endif
+
+ if (getuid() != geteuid())
+ seteuid(getuid());
Reply to: