From cda6a1333699525ab6ee21ab1b45993e284aae20 Mon Sep 17 00:00:00 2001 From: Marcin Juszkiewicz Date: Mon, 20 Mar 2006 19:59:23 +0000 Subject: gnupg: added 1.4.2.2 which contain security fixes: CVE-2006-0049 --- packages/gnupg/gnupg-1.4.2.2/15_free_caps.patch | 93 +++++++++++++++++++++++++ 1 file changed, 93 insertions(+) create mode 100644 packages/gnupg/gnupg-1.4.2.2/15_free_caps.patch (limited to 'packages/gnupg/gnupg-1.4.2.2/15_free_caps.patch') diff --git a/packages/gnupg/gnupg-1.4.2.2/15_free_caps.patch b/packages/gnupg/gnupg-1.4.2.2/15_free_caps.patch new file mode 100644 index 0000000000..20949a7d49 --- /dev/null +++ b/packages/gnupg/gnupg-1.4.2.2/15_free_caps.patch @@ -0,0 +1,93 @@ +--- /home/weasel/tmp/debian-gpg/gnupg-1.2.5/g10/status.c 2004-07-21 09:59:45.000000000 +0200 ++++ gnupg-1.2.5/g10/status.c 2004-08-01 20:07:42.071690680 +0200 +@@ -346,6 +346,9 @@ + { + char buf[100]; + struct shmid_ds shmds; ++#ifdef USE_CAPABILITIES ++ cap_t caps; ++#endif + + #ifndef IPC_RMID_DEFERRED_RELEASE + atexit( remove_shmid ); +@@ -371,7 +374,9 @@ + (unsigned)shm_size/1024, shm_area, shm_id ); + if( lock_mem ) { + #ifdef USE_CAPABILITIES +- cap_set_proc( cap_from_text("cap_ipc_lock+ep") ); ++ caps = cap_from_text("cap_ipc_lock=ep"); ++ cap_set_proc( caps ); ++ cap_free( caps ); + #endif + /* (need the cast for Solaris with Sun's workshop compilers) */ + if ( mlock ( (char*)shm_area, shm_size) ) +@@ -380,7 +385,9 @@ + else + shm_is_locked = 1; + #ifdef USE_CAPABILITIES +- cap_set_proc( cap_from_text("cap_ipc_lock+p") ); ++ caps = cap_from_text("cap_ipc_lock=p"); ++ cap_set_proc( caps ); ++ cap_free( caps ); + #endif + } + +@@ -407,7 +414,9 @@ + + if( lock_mem ) { + #ifdef USE_CAPABILITIES +- cap_set_proc( cap_from_text("cap_ipc_lock+ep") ); ++ caps = cap_from_text("cap_ipc_lock=ep"); ++ cap_set_proc( caps ); ++ cap_free( caps ); + #endif + #ifdef IPC_HAVE_SHM_LOCK + if ( shmctl (shm_id, SHM_LOCK, 0) ) +@@ -419,7 +428,9 @@ + log_info("Locking shared memory %d failed: No way to do it\n", shm_id ); + #endif + #ifdef USE_CAPABILITIES +- cap_set_proc( cap_from_text("cap_ipc_lock+p") ); ++ caps = cap_from_text("cap_ipc_lock=p"); ++ cap_set_proc( caps ); ++ cap_free( caps ); + #endif + } + +--- /home/weasel/tmp/debian-gpg/gnupg-1.2.5/util/secmem.c 2004-02-24 17:06:58.000000000 +0100 ++++ gnupg-1.2.5/util/secmem.c 2004-08-01 20:08:10.873412378 +0200 +@@ -97,12 +97,18 @@ + { + #if defined(USE_CAPABILITIES) && defined(HAVE_MLOCK) + int err; ++ cap_t caps; ++ ++ caps = cap_from_text("cap_ipc_lock=ep"); ++ cap_set_proc( caps ); ++ cap_free( caps ); + +- cap_set_proc( cap_from_text("cap_ipc_lock+ep") ); + err = mlock( p, n ); + if( err && errno ) + err = errno; +- cap_set_proc( cap_from_text("cap_ipc_lock+p") ); ++ caps = cap_from_text("cap_ipc_lock=p"); ++ cap_set_proc( caps ); ++ cap_free( caps ); + + if( err ) { + if( errno != EPERM +@@ -301,8 +307,12 @@ + if( !n ) { + #ifndef __riscos__ + #ifdef USE_CAPABILITIES ++ cap_t caps; ++ + /* drop all capabilities */ +- cap_set_proc( cap_from_text("all-eip") ); ++ caps = cap_from_text("all-eip"); ++ cap_set_proc( caps ); ++ cap_free( caps ); + + #elif !defined(HAVE_DOSISH_SYSTEM) + uid_t uid; -- cgit v1.2.3