Package: libcap2 Version: 1:2.17-2 Severity: normal Tags: patch User: [email protected] Usertags: origin-ubuntu lucid ubuntu-patch
Hello! This patch implements using pam-auth-update to insert the pam_cap PAM module into the PAM stack correctly. As such, it moves the capability.conf from examples to /etc/security/ as well. Thanks! -Kees -- Kees Cook @debian.org
diff -u libcap2-2.17/debian/libcap2-bin.install libcap2-2.17/debian/libcap2-bin.install --- libcap2-2.17/debian/libcap2-bin.install +++ libcap2-2.17/debian/libcap2-bin.install @@ -2,0 +3,2 @@ +debian/pam-configs/* usr/share/pam-configs/ +pam_cap/capability.conf etc/security/ diff -u libcap2-2.17/debian/changelog libcap2-2.17/debian/changelog --- libcap2-2.17/debian/changelog +++ libcap2-2.17/debian/changelog @@ -1,3 +1,9 @@ +libcap2 (1:2.17-2.1) unstable; urgency=low + + * Add pam_cap.so to the default PAM auth stack. + + -- Kees Cook <[email protected]> Mon, 08 Mar 2010 11:51:25 -0800 + libcap2 (1:2.17-2) unstable; urgency=low * Explain in the long description of the -bin package that the manpage reverted: --- libcap2-2.17/debian/libcap2-bin.examples +++ libcap2-2.17.orig/debian/libcap2-bin.examples @@ -1 +0,0 @@ -pam_cap/capability.conf only in patch2: unchanged: --- libcap2-2.17.orig/debian/libcap2-bin.dirs +++ libcap2-2.17/debian/libcap2-bin.dirs @@ -0,0 +1,2 @@ +usr/share/pam-configs +etc/security only in patch2: unchanged: --- libcap2-2.17.orig/debian/libcap2-bin.prerm +++ libcap2-2.17/debian/libcap2-bin.prerm @@ -0,0 +1,39 @@ +#!/bin/sh +# prerm script for libcap2-bin +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * <prerm> `remove' +# * <old-prerm> `upgrade' <new-version> +# * <new-prerm> `failed-upgrade' <old-version> +# * <conflictor's-prerm> `remove' `in-favour' <package> <new-version> +# * <deconfigured's-prerm> `deconfigure' `in-favour' +# <package-being-installed> <version> `removing' +# <conflicting-package> <version> +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + remove) + pam-auth-update --package --remove capability + ;; + + upgrade|deconfigure|failed-upgrade) + ;; + + *) + echo "prerm called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 only in patch2: unchanged: --- libcap2-2.17.orig/debian/libcap2-bin.postinst +++ libcap2-2.17/debian/libcap2-bin.postinst @@ -0,0 +1,37 @@ +#!/bin/sh +# postinst script for libcap2-bin +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * <postinst> `configure' <most-recently-configured-version> +# * <old-postinst> `abort-upgrade' <new version> +# * <conflictor's-postinst> `abort-remove' `in-favour' <package> +# <new-version> +# * <postinst> `abort-remove' +# * <deconfigured's-postinst> `abort-deconfigure' `in-favour' +# <failed-install-package> <version> `removing' +# <conflicting-package> <version> +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + configure|abort-upgrade|abort-remove|abort-deconfigure) + pam-auth-update --package + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 only in patch2: unchanged: --- libcap2-2.17.orig/debian/pam-configs/capability +++ libcap2-2.17/debian/pam-configs/capability @@ -0,0 +1,6 @@ +Name: Inheritable Capabilities Management +Default: yes +Priority: 0 +Auth-Type: Additional +Auth-Final: + optional pam_cap.so
