gnupg: add 1.4.5-1 from Debian.

[familiar-h63xx-build.git] / org.handhelds.familiar / packages / gnupg / files / 15_free_caps.dpatch

#! /bin/sh -e
## 15_free_caps.dpatch by  <mpitt@debian.org>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: cap_from_text() allocates a new capability context, which is not freed
## DP: in the original sources. This patch fixes this.
## DP: Please note that this approach alone is not safe: when using
## DP: USE_CAPABILITIES the root user is not setuid() back any more to a normal
## DP: user.

if [ $# -lt 1 ]; then
    echo "`basename $0`: script expects -patch|-unpatch as argument" >&2
    exit 1
fi

[ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts
patch_opts="${patch_opts:--f --no-backup-if-mismatch} ${2:+-d $2}"

case "$1" in
    -patch) patch -p1 ${patch_opts} < $0;;
    -unpatch) patch -R -p1 ${patch_opts} < $0;;
    *)
        echo "`basename $0`: script expects -patch|-unpatch as argument" >&2
        exit 1;;
esac

exit 0

@DPATCH@
diff -urNad /home/weasel/tmp/debian-gpg/gnupg-1.2.5/g10/status.c gnupg-1.2.5/g10/status.c
--- /home/weasel/tmp/debian-gpg/gnupg-1.2.5/g10/status.c        2004-07-21 09:59:45.000000000 +0200
+++ gnupg-1.2.5/g10/status.c    2004-08-01 20:07:42.071690680 +0200
@@ -346,6 +346,9 @@
 {
     char buf[100];
     struct shmid_ds shmds;
+#ifdef USE_CAPABILITIES
+    cap_t caps;
+#endif
 
 #ifndef IPC_RMID_DEFERRED_RELEASE
     atexit( remove_shmid );
@@ -371,7 +374,9 @@
                            (unsigned)shm_size/1024, shm_area, shm_id );
     if( lock_mem ) {
 #ifdef USE_CAPABILITIES
-       cap_set_proc( cap_from_text("cap_ipc_lock+ep") );
+       caps = cap_from_text("cap_ipc_lock=ep");
+       cap_set_proc( caps );
+       cap_free( caps );
 #endif
        /* (need the cast for Solaris with Sun's workshop compilers) */
        if ( mlock ( (char*)shm_area, shm_size) )
@@ -380,7 +385,9 @@
        else
            shm_is_locked = 1;
 #ifdef USE_CAPABILITIES
-       cap_set_proc( cap_from_text("cap_ipc_lock+p") );
+       caps = cap_from_text("cap_ipc_lock=p");
+       cap_set_proc( caps );
+       cap_free( caps );
 #endif
     }
 
@@ -407,7 +414,9 @@
 
     if( lock_mem ) {
 #ifdef USE_CAPABILITIES
-       cap_set_proc( cap_from_text("cap_ipc_lock+ep") );
+       caps = cap_from_text("cap_ipc_lock=ep");
+       cap_set_proc( caps );
+       cap_free( caps );
 #endif
 #ifdef IPC_HAVE_SHM_LOCK
        if ( shmctl (shm_id, SHM_LOCK, 0) )
@@ -419,7 +428,9 @@
        log_info("Locking shared memory %d failed: No way to do it\n", shm_id );
 #endif
 #ifdef USE_CAPABILITIES
-       cap_set_proc( cap_from_text("cap_ipc_lock+p") );
+       caps = cap_from_text("cap_ipc_lock=p");
+       cap_set_proc( caps );
+       cap_free( caps );
 #endif
     }
 
diff -urNad /home/weasel/tmp/debian-gpg/gnupg-1.2.5/util/secmem.c gnupg-1.2.5/util/secmem.c
--- /home/weasel/tmp/debian-gpg/gnupg-1.2.5/util/secmem.c       2004-02-24 17:06:58.000000000 +0100
+++ gnupg-1.2.5/util/secmem.c   2004-08-01 20:08:10.873412378 +0200
@@ -97,12 +97,18 @@
 {
 #if defined(USE_CAPABILITIES) && defined(HAVE_MLOCK)
     int err;
+    cap_t caps;
+
+    caps = cap_from_text("cap_ipc_lock=ep");
+    cap_set_proc( caps );
+    cap_free( caps );
 
-    cap_set_proc( cap_from_text("cap_ipc_lock+ep") );
     err = mlock( p, n );
     if( err && errno )
        err = errno;
-    cap_set_proc( cap_from_text("cap_ipc_lock+p") );
+    caps = cap_from_text("cap_ipc_lock=p");
+    cap_set_proc( caps );
+    cap_free( caps );
 
     if( err ) {
        if( errno != EPERM
@@ -301,8 +307,12 @@
     if( !n ) {
 #ifndef __riscos__
 #ifdef USE_CAPABILITIES
+       cap_t caps;
+
        /* drop all capabilities */
-       cap_set_proc( cap_from_text("all-eip") );
+       caps = cap_from_text("all-eip");
+       cap_set_proc( caps );
+       cap_free( caps );
 
 #elif !defined(HAVE_DOSISH_SYSTEM)
        uid_t uid;