2 ## 15_free_caps.dpatch by <mpitt@debian.org>
4 ## All lines beginning with `## DP:' are a description of the patch.
5 ## DP: cap_from_text() allocates a new capability context, which is not freed
6 ## DP: in the original sources. This patch fixes this.
7 ## DP: Please note that this approach alone is not safe: when using
8 ## DP: USE_CAPABILITIES the root user is not setuid() back any more to a normal
12 echo "`basename $0`: script expects -patch|-unpatch as argument" >&2
16 [ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts
17 patch_opts="${patch_opts:--f --no-backup-if-mismatch} ${2:+-d $2}"
20 -patch) patch -p1 ${patch_opts} < $0;;
21 -unpatch) patch -R -p1 ${patch_opts} < $0;;
23 echo "`basename $0`: script expects -patch|-unpatch as argument" >&2
30 diff -urNad /home/weasel/tmp/debian-gpg/gnupg-1.2.5/g10/status.c gnupg-1.2.5/g10/status.c
31 --- /home/weasel/tmp/debian-gpg/gnupg-1.2.5/g10/status.c 2004-07-21 09:59:45.000000000 +0200
32 +++ gnupg-1.2.5/g10/status.c 2004-08-01 20:07:42.071690680 +0200
36 struct shmid_ds shmds;
37 +#ifdef USE_CAPABILITIES
41 #ifndef IPC_RMID_DEFERRED_RELEASE
42 atexit( remove_shmid );
44 (unsigned)shm_size/1024, shm_area, shm_id );
46 #ifdef USE_CAPABILITIES
47 - cap_set_proc( cap_from_text("cap_ipc_lock+ep") );
48 + caps = cap_from_text("cap_ipc_lock=ep");
49 + cap_set_proc( caps );
52 /* (need the cast for Solaris with Sun's workshop compilers) */
53 if ( mlock ( (char*)shm_area, shm_size) )
57 #ifdef USE_CAPABILITIES
58 - cap_set_proc( cap_from_text("cap_ipc_lock+p") );
59 + caps = cap_from_text("cap_ipc_lock=p");
60 + cap_set_proc( caps );
68 #ifdef USE_CAPABILITIES
69 - cap_set_proc( cap_from_text("cap_ipc_lock+ep") );
70 + caps = cap_from_text("cap_ipc_lock=ep");
71 + cap_set_proc( caps );
74 #ifdef IPC_HAVE_SHM_LOCK
75 if ( shmctl (shm_id, SHM_LOCK, 0) )
77 log_info("Locking shared memory %d failed: No way to do it\n", shm_id );
79 #ifdef USE_CAPABILITIES
80 - cap_set_proc( cap_from_text("cap_ipc_lock+p") );
81 + caps = cap_from_text("cap_ipc_lock=p");
82 + cap_set_proc( caps );
87 diff -urNad /home/weasel/tmp/debian-gpg/gnupg-1.2.5/util/secmem.c gnupg-1.2.5/util/secmem.c
88 --- /home/weasel/tmp/debian-gpg/gnupg-1.2.5/util/secmem.c 2004-02-24 17:06:58.000000000 +0100
89 +++ gnupg-1.2.5/util/secmem.c 2004-08-01 20:08:10.873412378 +0200
92 #if defined(USE_CAPABILITIES) && defined(HAVE_MLOCK)
96 + caps = cap_from_text("cap_ipc_lock=ep");
97 + cap_set_proc( caps );
100 - cap_set_proc( cap_from_text("cap_ipc_lock+ep") );
104 - cap_set_proc( cap_from_text("cap_ipc_lock+p") );
105 + caps = cap_from_text("cap_ipc_lock=p");
106 + cap_set_proc( caps );
114 #ifdef USE_CAPABILITIES
117 /* drop all capabilities */
118 - cap_set_proc( cap_from_text("all-eip") );
119 + caps = cap_from_text("all-eip");
120 + cap_set_proc( caps );
123 #elif !defined(HAVE_DOSISH_SYSTEM)