diff options
Diffstat (limited to 'recipes/gnupg/gnupg-1.4.2.2')
| -rw-r--r-- | recipes/gnupg/gnupg-1.4.2.2/15_free_caps.patch | 93 | ||||
| -rw-r--r-- | recipes/gnupg/gnupg-1.4.2.2/16_min_privileges.patch | 68 | ||||
| -rw-r--r-- | recipes/gnupg/gnupg-1.4.2.2/22_zero_length_mpi_fix.patch | 37 | ||||
| -rw-r--r-- | recipes/gnupg/gnupg-1.4.2.2/30_nm_always_check.patch | 21 | ||||
| -rw-r--r-- | recipes/gnupg/gnupg-1.4.2.2/long-long-thumb.patch | 11 |
5 files changed, 230 insertions, 0 deletions
diff --git a/recipes/gnupg/gnupg-1.4.2.2/15_free_caps.patch b/recipes/gnupg/gnupg-1.4.2.2/15_free_caps.patch new file mode 100644 index 0000000000..20949a7d49 --- /dev/null +++ b/recipes/gnupg/gnupg-1.4.2.2/15_free_caps.patch @@ -0,0 +1,93 @@ +--- /home/weasel/tmp/debian-gpg/gnupg-1.2.5/g10/status.c 2004-07-21 09:59:45.000000000 +0200 ++++ gnupg-1.2.5/g10/status.c 2004-08-01 20:07:42.071690680 +0200 +@@ -346,6 +346,9 @@ + { + char buf[100]; + struct shmid_ds shmds; ++#ifdef USE_CAPABILITIES ++ cap_t caps; ++#endif + + #ifndef IPC_RMID_DEFERRED_RELEASE + atexit( remove_shmid ); +@@ -371,7 +374,9 @@ + (unsigned)shm_size/1024, shm_area, shm_id ); + if( lock_mem ) { + #ifdef USE_CAPABILITIES +- cap_set_proc( cap_from_text("cap_ipc_lock+ep") ); ++ caps = cap_from_text("cap_ipc_lock=ep"); ++ cap_set_proc( caps ); ++ cap_free( caps ); + #endif + /* (need the cast for Solaris with Sun's workshop compilers) */ + if ( mlock ( (char*)shm_area, shm_size) ) +@@ -380,7 +385,9 @@ + else + shm_is_locked = 1; + #ifdef USE_CAPABILITIES +- cap_set_proc( cap_from_text("cap_ipc_lock+p") ); ++ caps = cap_from_text("cap_ipc_lock=p"); ++ cap_set_proc( caps ); ++ cap_free( caps ); + #endif + } + +@@ -407,7 +414,9 @@ + + if( lock_mem ) { + #ifdef USE_CAPABILITIES +- cap_set_proc( cap_from_text("cap_ipc_lock+ep") ); ++ caps = cap_from_text("cap_ipc_lock=ep"); ++ cap_set_proc( caps ); ++ cap_free( caps ); + #endif + #ifdef IPC_HAVE_SHM_LOCK + if ( shmctl (shm_id, SHM_LOCK, 0) ) +@@ -419,7 +428,9 @@ + log_info("Locking shared memory %d failed: No way to do it\n", shm_id ); + #endif + #ifdef USE_CAPABILITIES +- cap_set_proc( cap_from_text("cap_ipc_lock+p") ); ++ caps = cap_from_text("cap_ipc_lock=p"); ++ cap_set_proc( caps ); ++ cap_free( caps ); + #endif + } + +--- /home/weasel/tmp/debian-gpg/gnupg-1.2.5/util/secmem.c 2004-02-24 17:06:58.000000000 +0100 ++++ gnupg-1.2.5/util/secmem.c 2004-08-01 20:08:10.873412378 +0200 +@@ -97,12 +97,18 @@ + { + #if defined(USE_CAPABILITIES) && defined(HAVE_MLOCK) + int err; ++ cap_t caps; ++ ++ caps = cap_from_text("cap_ipc_lock=ep"); ++ cap_set_proc( caps ); ++ cap_free( caps ); + +- cap_set_proc( cap_from_text("cap_ipc_lock+ep") ); + err = mlock( p, n ); + if( err && errno ) + err = errno; +- cap_set_proc( cap_from_text("cap_ipc_lock+p") ); ++ caps = cap_from_text("cap_ipc_lock=p"); ++ cap_set_proc( caps ); ++ cap_free( caps ); + + if( err ) { + if( errno != EPERM +@@ -301,8 +307,12 @@ + if( !n ) { + #ifndef __riscos__ + #ifdef USE_CAPABILITIES ++ cap_t caps; ++ + /* drop all capabilities */ +- cap_set_proc( cap_from_text("all-eip") ); ++ caps = cap_from_text("all-eip"); ++ cap_set_proc( caps ); ++ cap_free( caps ); + + #elif !defined(HAVE_DOSISH_SYSTEM) + uid_t uid; diff --git a/recipes/gnupg/gnupg-1.4.2.2/16_min_privileges.patch b/recipes/gnupg/gnupg-1.4.2.2/16_min_privileges.patch new file mode 100644 index 0000000000..b29233b33b --- /dev/null +++ b/recipes/gnupg/gnupg-1.4.2.2/16_min_privileges.patch @@ -0,0 +1,68 @@ +--- gnupg-1.4.0/g10/g10.c 2004-12-16 09:47:36.000000000 +0000 ++++ /tmp/dpep.O5S02c/gnupg-1.4.0/g10/g10.c 2005-02-03 23:31:40.645873299 +0000 +@@ -69,6 +69,11 @@ + #endif + + ++#ifdef USE_CAPABILITIES ++#include <sys/capability.h> ++#include <sys/prctl.h> ++#endif ++ + enum cmd_and_opt_values + { + aNull = 0, +@@ -1618,6 +1623,10 @@ + #ifdef USE_SHM_COPROCESSING + ulong requested_shm_size=0; + #endif ++#ifdef USE_CAPABILITIES ++ uid_t curr_uid; ++ cap_t caps; ++#endif + + #ifdef __riscos__ + opt.lock_once = 1; +@@ -1629,6 +1638,33 @@ + * when adding any stuff between here and the call to + * secmem_init() somewhere after the option parsing + */ ++ ++ /* if we use capabilities and run as root, we can immediately setuid back ++ * to the normal user and only keep CAP_IPC_LOCK until the shared memory is ++ * set up. ++ */ ++#ifdef USE_CAPABILITIES ++ curr_uid = getuid(); ++ if( curr_uid && !geteuid() ) { /* we are setuid root */ ++ if( prctl( PR_SET_KEEPCAPS, 1, 0, 0, 0 ) ) { ++ perror( "main(): could not keep capabilities" ); ++ return -100; ++ } ++ ++ if( setuid( curr_uid ) ) { ++ perror( "main(): could not set user id" ); ++ return -100; ++ } ++ ++ caps = cap_from_text( "cap_ipc_lock=p" ); ++ if( cap_set_proc( caps ) ) { ++ perror( "main(): could not install capabilities" ); ++ return -100; ++ } ++ cap_free( caps ); ++ } ++#endif ++ + log_set_name("gpg"); + secure_random_alloc(); /* put random number into secure memory */ + may_coredump = disable_core_dumps(); +@@ -1747,7 +1783,7 @@ + } + #endif + /* initialize the secure memory. */ +- got_secmem=secmem_init( 32768 ); ++ got_secmem=secmem_init( 32768 ); /* this will drop all remaining privileges */ + maybe_setuid = 0; + /* Okay, we are now working under our real uid */ + diff --git a/recipes/gnupg/gnupg-1.4.2.2/22_zero_length_mpi_fix.patch b/recipes/gnupg/gnupg-1.4.2.2/22_zero_length_mpi_fix.patch new file mode 100644 index 0000000000..8f13db4d23 --- /dev/null +++ b/recipes/gnupg/gnupg-1.4.2.2/22_zero_length_mpi_fix.patch @@ -0,0 +1,37 @@ +diff -urNad gnupg-1.4.2~/mpi/mpicoder.c gnupg-1.4.2/mpi/mpicoder.c +--- gnupg-1.4.2~/mpi/mpicoder.c 2005-05-31 06:30:05.000000000 +0000 ++++ gnupg-1.4.2/mpi/mpicoder.c 2005-09-29 00:52:19.000000000 +0000 +@@ -80,16 +80,20 @@ + mpi_limb_t a; + MPI val = MPI_NULL; + ++ if (nread == nmax) ++ goto overflow; + if( (c = iobuf_get(inp)) == -1 ) + goto leave; +- if (++nread >= nmax) +- goto overflow; ++ nread++; + nbits = c << 8; ++ ++ if (nread == nmax) ++ goto overflow; + if( (c = iobuf_get(inp)) == -1 ) + goto leave; +- if (++nread >= nmax) +- goto overflow; ++ nread++; + nbits |= c; ++ + if( nbits > MAX_EXTERN_MPI_BITS ) { + log_error("mpi too large for this implementation (%u bits)\n", nbits); + goto leave; +@@ -112,7 +116,7 @@ + for( ; j > 0; j-- ) { + a = 0; + for(; i < BYTES_PER_MPI_LIMB; i++ ) { +- if (nread >= nmax) { ++ if (nread == nmax) { + #ifdef M_DEBUG + mpi_debug_free (val); + #else diff --git a/recipes/gnupg/gnupg-1.4.2.2/30_nm_always_check.patch b/recipes/gnupg/gnupg-1.4.2.2/30_nm_always_check.patch new file mode 100644 index 0000000000..914f1475b7 --- /dev/null +++ b/recipes/gnupg/gnupg-1.4.2.2/30_nm_always_check.patch @@ -0,0 +1,21 @@ +Originally the test for _'s on symbols was not done when cross-compiling and +it was assumed that the _'s were appended. The test does in fact work since +it simply compiles a file and then run's nm on it. So patch this to enable. +Without this x86 targets fail during linking since the assembler code has +the _'s appended when it shouldn't. + +--- gnupg-1.4.2.2/acinclude.m4 2006/09/11 22:11:23 1.1 ++++ gnupg-1.4.2.2/acinclude.m4 2006/09/11 22:17:25 +@@ -673,11 +673,7 @@ + ac_cv_sys_symbol_underscore=yes + ;; + *) +- if test "$cross_compiling" = yes; then +- ac_cv_sys_symbol_underscore=yes +- else +- tmp_do_check="yes" +- fi ++ tmp_do_check="yes" + ;; + esac + diff --git a/recipes/gnupg/gnupg-1.4.2.2/long-long-thumb.patch b/recipes/gnupg/gnupg-1.4.2.2/long-long-thumb.patch new file mode 100644 index 0000000000..36e9992772 --- /dev/null +++ b/recipes/gnupg/gnupg-1.4.2.2/long-long-thumb.patch @@ -0,0 +1,11 @@ +--- gnupg/mpi/longlong.h~ 2006-02-14 10:09:55.000000000 +0000 ++++ gnupg/mpi/longlong.h 2008-10-27 13:11:09.000000000 +0000 +@@ -181,7 +181,7 @@ + /*************************************** + ************** ARM ****************** + ***************************************/ +-#if defined (__arm__) && W_TYPE_SIZE == 32 ++#if defined (__arm__) && W_TYPE_SIZE == 32 && !defined(__thumb__) + #define add_ssaaaa(sh, sl, ah, al, bh, bl) \ + __asm__ ("adds %1, %4, %5\n" \ + "adc %0, %2, %3" \ |