ports/x11/gnome/libgnome-keyring/patches/patch-egg_egg-secure-memory_c

using mlock(2) to try avoiding pushing pages to swap is not what the syscall
was intended for and relying on this for security purproses is nonsense especially
that OpenBSD has an encrypted swap
 
Index: egg/egg-secure-memory.c
--- egg/egg-secure-memory.c.orig
+++ egg/egg-secure-memory.c
@@ -864,7 +864,6 @@ sec_acquire_pages (size_t *sz,
 	pgsize = getpagesize ();
 	*sz = (*sz + pgsize -1) & ~(pgsize - 1);
 
-#if defined(HAVE_MLOCK)
 	pages = mmap (0, *sz, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANON, -1, 0);
 	if (pages == MAP_FAILED) {
 		if (show_warning && egg_secure_warnings)
@@ -874,8 +873,9 @@ sec_acquire_pages (size_t *sz,
 		return NULL;
 	}
 
+#if defined(HAVE_MLOCK) && !defined(__OpenBSD__)
 	if (mlock (pages, *sz) < 0) {
-		if (show_warning && egg_secure_warnings && errno != EPERM) {
+		if (show_warning && egg_secure_warnings && errno != EPERM && errno != EAGAIN) {
 			fprintf (stderr, "couldn't lock %lu bytes of memory (%s): %s\n",
 			         (unsigned long)*sz, during_tag, strerror (errno));
 			show_warning = 0;
@@ -883,19 +883,12 @@ sec_acquire_pages (size_t *sz,
 		munmap (pages, *sz);
 		return NULL;
 	}
+#endif
 
 	DEBUG_ALLOC ("gkr-secure-memory: new block ", *sz);
 
 	show_warning = 1;
 	return pages;
-
-#else
-	if (show_warning && egg_secure_warnings)
-		fprintf (stderr, "your system does not support private memory");
-	show_warning = 0;
-	return NULL;
-#endif
-
 }
 
 static void
@@ -904,18 +897,15 @@ sec_release_pages (void *pages, size_t sz)
 	ASSERT (pages);
 	ASSERT (sz % getpagesize () == 0);
 
-#if defined(HAVE_MLOCK)
+#if defined(HAVE_MLOCK) && !defined(__OpenBSD__)
 	if (munlock (pages, sz) < 0 && egg_secure_warnings)
 		fprintf (stderr, "couldn't unlock private memory: %s\n", strerror (errno));
+#endif
 
 	if (munmap (pages, sz) < 0 && egg_secure_warnings)
 		fprintf (stderr, "couldn't unmap private anonymous memory: %s\n", strerror (errno));
 
 	DEBUG_ALLOC ("gkr-secure-memory: freed block ", sz);
-
-#else
-	ASSERT (FALSE);
-#endif
 }
 
 /* -----------------------------------------------------------------------------
SecBSD's official ports repository 2023-08-16 22:26:55 +00:00			`using mlock(2) to try avoiding pushing pages to swap is not what the syscall`
			`was intended for and relying on this for security purproses is nonsense especially`
			`that OpenBSD has an encrypted swap`

			`Index: egg/egg-secure-memory.c`
			`--- egg/egg-secure-memory.c.orig`
			`+++ egg/egg-secure-memory.c`
			`@@ -864,7 +864,6 @@ sec_acquire_pages (size_t *sz,`
			`pgsize = getpagesize ();`
			`sz = (sz + pgsize -1) & ~(pgsize - 1);`

			`-#if defined(HAVE_MLOCK)`
			`pages = mmap (0, *sz, PROT_READ \| PROT_WRITE, MAP_PRIVATE \| MAP_ANON, -1, 0);`
			`if (pages == MAP_FAILED) {`
			`if (show_warning && egg_secure_warnings)`
			`@@ -874,8 +873,9 @@ sec_acquire_pages (size_t *sz,`
			`return NULL;`
			`}`

			`+#if defined(HAVE_MLOCK) && !defined(__OpenBSD__)`
			`if (mlock (pages, *sz) < 0) {`
			`- if (show_warning && egg_secure_warnings && errno != EPERM) {`
			`+ if (show_warning && egg_secure_warnings && errno != EPERM && errno != EAGAIN) {`
			`fprintf (stderr, "couldn't lock %lu bytes of memory (%s): %s\n",`
			`(unsigned long)*sz, during_tag, strerror (errno));`
			`show_warning = 0;`
			`@@ -883,19 +883,12 @@ sec_acquire_pages (size_t *sz,`
			`munmap (pages, *sz);`
			`return NULL;`
			`}`
			`+#endif`

			`DEBUG_ALLOC ("gkr-secure-memory: new block ", *sz);`

			`show_warning = 1;`
			`return pages;`
			`-`
			`-#else`
			`- if (show_warning && egg_secure_warnings)`
			`- fprintf (stderr, "your system does not support private memory");`
			`- show_warning = 0;`
			`- return NULL;`
			`-#endif`
			`-`
			`}`

			`static void`
			`@@ -904,18 +897,15 @@ sec_release_pages (void *pages, size_t sz)`
			`ASSERT (pages);`
			`ASSERT (sz % getpagesize () == 0);`

			`-#if defined(HAVE_MLOCK)`
			`+#if defined(HAVE_MLOCK) && !defined(__OpenBSD__)`
			`if (munlock (pages, sz) < 0 && egg_secure_warnings)`
			`fprintf (stderr, "couldn't unlock private memory: %s\n", strerror (errno));`
			`+#endif`

			`if (munmap (pages, sz) < 0 && egg_secure_warnings)`
			`fprintf (stderr, "couldn't unmap private anonymous memory: %s\n", strerror (errno));`

			`DEBUG_ALLOC ("gkr-secure-memory: freed block ", sz);`
			`-`
			`-#else`
			`- ASSERT (FALSE);`
			`-#endif`
			`}`

			`/* -----------------------------------------------------------------------------`