summaryrefslogtreecommitdiff
path: root/packages/gnupg/gnupg-1.4.2.2/15_free_caps.patch
diff options
context:
space:
mode:
authorMarcin Juszkiewicz <hrw@openembedded.org>2006-03-20 19:59:23 +0000
committerOpenEmbedded Project <openembedded-devel@lists.openembedded.org>2006-03-20 19:59:23 +0000
commitcda6a1333699525ab6ee21ab1b45993e284aae20 (patch)
treefdfd9ec9dce58ff42784ba6e94bb8d8ab7a1ece9 /packages/gnupg/gnupg-1.4.2.2/15_free_caps.patch
parent384a4813327cd08f337cc0043632e54f5da62569 (diff)
gnupg: added 1.4.2.2 which contain security fixes: CVE-2006-0049
Diffstat (limited to 'packages/gnupg/gnupg-1.4.2.2/15_free_caps.patch')
-rw-r--r--packages/gnupg/gnupg-1.4.2.2/15_free_caps.patch93
1 files changed, 93 insertions, 0 deletions
diff --git a/packages/gnupg/gnupg-1.4.2.2/15_free_caps.patch b/packages/gnupg/gnupg-1.4.2.2/15_free_caps.patch
new file mode 100644
index 0000000000..20949a7d49
--- /dev/null
+++ b/packages/gnupg/gnupg-1.4.2.2/15_free_caps.patch
@@ -0,0 +1,93 @@
+--- /home/weasel/tmp/debian-gpg/gnupg-1.2.5/g10/status.c 2004-07-21 09:59:45.000000000 +0200
++++ gnupg-1.2.5/g10/status.c 2004-08-01 20:07:42.071690680 +0200
+@@ -346,6 +346,9 @@
+ {
+ char buf[100];
+ struct shmid_ds shmds;
++#ifdef USE_CAPABILITIES
++ cap_t caps;
++#endif
+
+ #ifndef IPC_RMID_DEFERRED_RELEASE
+ atexit( remove_shmid );
+@@ -371,7 +374,9 @@
+ (unsigned)shm_size/1024, shm_area, shm_id );
+ if( lock_mem ) {
+ #ifdef USE_CAPABILITIES
+- cap_set_proc( cap_from_text("cap_ipc_lock+ep") );
++ caps = cap_from_text("cap_ipc_lock=ep");
++ cap_set_proc( caps );
++ cap_free( caps );
+ #endif
+ /* (need the cast for Solaris with Sun's workshop compilers) */
+ if ( mlock ( (char*)shm_area, shm_size) )
+@@ -380,7 +385,9 @@
+ else
+ shm_is_locked = 1;
+ #ifdef USE_CAPABILITIES
+- cap_set_proc( cap_from_text("cap_ipc_lock+p") );
++ caps = cap_from_text("cap_ipc_lock=p");
++ cap_set_proc( caps );
++ cap_free( caps );
+ #endif
+ }
+
+@@ -407,7 +414,9 @@
+
+ if( lock_mem ) {
+ #ifdef USE_CAPABILITIES
+- cap_set_proc( cap_from_text("cap_ipc_lock+ep") );
++ caps = cap_from_text("cap_ipc_lock=ep");
++ cap_set_proc( caps );
++ cap_free( caps );
+ #endif
+ #ifdef IPC_HAVE_SHM_LOCK
+ if ( shmctl (shm_id, SHM_LOCK, 0) )
+@@ -419,7 +428,9 @@
+ log_info("Locking shared memory %d failed: No way to do it\n", shm_id );
+ #endif
+ #ifdef USE_CAPABILITIES
+- cap_set_proc( cap_from_text("cap_ipc_lock+p") );
++ caps = cap_from_text("cap_ipc_lock=p");
++ cap_set_proc( caps );
++ cap_free( caps );
+ #endif
+ }
+
+--- /home/weasel/tmp/debian-gpg/gnupg-1.2.5/util/secmem.c 2004-02-24 17:06:58.000000000 +0100
++++ gnupg-1.2.5/util/secmem.c 2004-08-01 20:08:10.873412378 +0200
+@@ -97,12 +97,18 @@
+ {
+ #if defined(USE_CAPABILITIES) && defined(HAVE_MLOCK)
+ int err;
++ cap_t caps;
++
++ caps = cap_from_text("cap_ipc_lock=ep");
++ cap_set_proc( caps );
++ cap_free( caps );
+
+- cap_set_proc( cap_from_text("cap_ipc_lock+ep") );
+ err = mlock( p, n );
+ if( err && errno )
+ err = errno;
+- cap_set_proc( cap_from_text("cap_ipc_lock+p") );
++ caps = cap_from_text("cap_ipc_lock=p");
++ cap_set_proc( caps );
++ cap_free( caps );
+
+ if( err ) {
+ if( errno != EPERM
+@@ -301,8 +307,12 @@
+ if( !n ) {
+ #ifndef __riscos__
+ #ifdef USE_CAPABILITIES
++ cap_t caps;
++
+ /* drop all capabilities */
+- cap_set_proc( cap_from_text("all-eip") );
++ caps = cap_from_text("all-eip");
++ cap_set_proc( caps );
++ cap_free( caps );
+
+ #elif !defined(HAVE_DOSISH_SYSTEM)
+ uid_t uid;