diff options
Diffstat (limited to 'packages/gnupg/gnupg-1.4.7/15_free_caps.dpatch')
| -rw-r--r-- | packages/gnupg/gnupg-1.4.7/15_free_caps.dpatch | 124 |
1 files changed, 124 insertions, 0 deletions
diff --git a/packages/gnupg/gnupg-1.4.7/15_free_caps.dpatch b/packages/gnupg/gnupg-1.4.7/15_free_caps.dpatch new file mode 100644 index 0000000000..d48b2e16b8 --- /dev/null +++ b/packages/gnupg/gnupg-1.4.7/15_free_caps.dpatch @@ -0,0 +1,124 @@ +#! /bin/sh -e +## 15_free_caps.dpatch by <mpitt@debian.org> +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: cap_from_text() allocates a new capability context, which is not freed +## DP: in the original sources. This patch fixes this. +## DP: Please note that this approach alone is not safe: when using +## DP: USE_CAPABILITIES the root user is not setuid() back any more to a normal +## DP: user. + +if [ $# -lt 1 ]; then + echo "`basename $0`: script expects -patch|-unpatch as argument" >&2 + exit 1 +fi + +[ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts +patch_opts="${patch_opts:--f --no-backup-if-mismatch} ${2:+-d $2}" + +case "$1" in + -patch) patch -p1 ${patch_opts} < $0;; + -unpatch) patch -R -p1 ${patch_opts} < $0;; + *) + echo "`basename $0`: script expects -patch|-unpatch as argument" >&2 + exit 1;; +esac + +exit 0 + +@DPATCH@ +diff -urNad /home/weasel/tmp/debian-gpg/gnupg-1.2.5/g10/status.c gnupg-1.2.5/g10/status.c +--- /home/weasel/tmp/debian-gpg/gnupg-1.2.5/g10/status.c 2004-07-21 09:59:45.000000000 +0200 ++++ gnupg-1.2.5/g10/status.c 2004-08-01 20:07:42.071690680 +0200 +@@ -346,6 +346,9 @@ + { + char buf[100]; + struct shmid_ds shmds; ++#ifdef USE_CAPABILITIES ++ cap_t caps; ++#endif + + #ifndef IPC_RMID_DEFERRED_RELEASE + atexit( remove_shmid ); +@@ -371,7 +374,9 @@ + (unsigned)shm_size/1024, shm_area, shm_id ); + if( lock_mem ) { + #ifdef USE_CAPABILITIES +- cap_set_proc( cap_from_text("cap_ipc_lock+ep") ); ++ caps = cap_from_text("cap_ipc_lock=ep"); ++ cap_set_proc( caps ); ++ cap_free( caps ); + #endif + /* (need the cast for Solaris with Sun's workshop compilers) */ + if ( mlock ( (char*)shm_area, shm_size) ) +@@ -380,7 +385,9 @@ + else + shm_is_locked = 1; + #ifdef USE_CAPABILITIES +- cap_set_proc( cap_from_text("cap_ipc_lock+p") ); ++ caps = cap_from_text("cap_ipc_lock=p"); ++ cap_set_proc( caps ); ++ cap_free( caps ); + #endif + } + +@@ -407,7 +414,9 @@ + + if( lock_mem ) { + #ifdef USE_CAPABILITIES +- cap_set_proc( cap_from_text("cap_ipc_lock+ep") ); ++ caps = cap_from_text("cap_ipc_lock=ep"); ++ cap_set_proc( caps ); ++ cap_free( caps ); + #endif + #ifdef IPC_HAVE_SHM_LOCK + if ( shmctl (shm_id, SHM_LOCK, 0) ) +@@ -419,7 +428,9 @@ + log_info("Locking shared memory %d failed: No way to do it\n", shm_id ); + #endif + #ifdef USE_CAPABILITIES +- cap_set_proc( cap_from_text("cap_ipc_lock+p") ); ++ caps = cap_from_text("cap_ipc_lock=p"); ++ cap_set_proc( caps ); ++ cap_free( caps ); + #endif + } + +diff -urNad /home/weasel/tmp/debian-gpg/gnupg-1.2.5/util/secmem.c gnupg-1.2.5/util/secmem.c +--- /home/weasel/tmp/debian-gpg/gnupg-1.2.5/util/secmem.c 2004-02-24 17:06:58.000000000 +0100 ++++ gnupg-1.2.5/util/secmem.c 2004-08-01 20:08:10.873412378 +0200 +@@ -97,12 +97,18 @@ + { + #if defined(USE_CAPABILITIES) && defined(HAVE_MLOCK) + int err; ++ cap_t caps; ++ ++ caps = cap_from_text("cap_ipc_lock=ep"); ++ cap_set_proc( caps ); ++ cap_free( caps ); + +- cap_set_proc( cap_from_text("cap_ipc_lock+ep") ); + err = mlock( p, n ); + if( err && errno ) + err = errno; +- cap_set_proc( cap_from_text("cap_ipc_lock+p") ); ++ caps = cap_from_text("cap_ipc_lock=p"); ++ cap_set_proc( caps ); ++ cap_free( caps ); + + if( err ) { + if( errno != EPERM +@@ -301,8 +307,12 @@ + if( !n ) { + #ifndef __riscos__ + #ifdef USE_CAPABILITIES ++ cap_t caps; ++ + /* drop all capabilities */ +- cap_set_proc( cap_from_text("all-eip") ); ++ caps = cap_from_text("all-eip"); ++ cap_set_proc( caps ); ++ cap_free( caps ); + + #elif !defined(HAVE_DOSISH_SYSTEM) + uid_t uid; |