Sync from SUSE:SLFO:Main libcap-ng revision f7d0f9734b74f44f1aa0d427f3c82a04

This commit is contained in:
Adrian Schröter 2024-05-03 14:40:54 +02:00
commit 4da49b5fae
9 changed files with 667 additions and 0 deletions

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

4
_multibuild Normal file
View File

@ -0,0 +1,4 @@
<multibuild>
<package>libcap-ng-python</package>
</multibuild>

1
baselibs.conf Normal file
View File

@ -0,0 +1 @@
libcap-ng0

BIN
libcap-ng-0.8.3.tar.gz (Stored with Git LFS) Normal file

Binary file not shown.

200
libcap-ng-python.changes Normal file
View File

@ -0,0 +1,200 @@
-------------------------------------------------------------------
Thu May 4 15:04:58 UTC 2023 - Frederic Crozat <fcrozat@suse.com>
- Add _multibuild to define additional spec files as additional
flavors.
Eliminates the need for source package links in OBS.
-------------------------------------------------------------------
Mon May 9 06:59:13 UTC 2022 - Paolo Stivanin <info@paolostivanin.com>
- Update to 0.8.3:
* Add vararg support to python bindings for capng_updatev
* Add support for ambient capabilities
* Add support for V3 filesystem capabilities
* If procfs is not available, leave last_cap as CAP_LAST_CAP
* If bounding and ambient not found in status, try prctl method
* In capng_apply, move ambient caps to the end of the transaction
* In capng_apply, return errors more aggressively.
* In capng_apply, if the action includes the bounding set,resync with the kernel
* Fix signed/unsigned warning in cap-ng.c
* In capng_apply, return a unique error code to diagnose any failure
* In capng_have_capability, return 0 for failure
* Add the libdrop_ambient admin tool
* In capng_apply, if we blew up in bounding set, allow setting capabilities
* If PR_CAP_AMBIENT is not available, do not build libdrop_ambient
* Improve last_cap check
* Fix parameters to capng_updatev python bindings to be signed
* Detect capability options at runtime to make containerization easier (ntkme)
* Initialize the library when linked statically
* Add gcc function attributes for deallocation
-------------------------------------------------------------------
Thu Dec 9 22:05:19 UTC 2021 - Ferdinand Thiessen <rpm@fthiessen.de>
- Update to 0.7.11
* Really clear bounding set if asked in capng_change_id
* Add CAP_PERFMON, CAP_BPF, & CAP_CHECKPOINT_RESTORE
* Avoid malloc/free in capng_apply (Natanael Copa)
* If procfs is not available, get bounding set via prctl
-------------------------------------------------------------------
Tue May 12 12:33:10 UTC 2020 - Paolo Stivanin <info@paolostivanin.com>
- Update to 0.7.10:
* Update capng_change_id man page
* Add capng_have_permitted_capabilities function
* Update filecap to output which set the capabilities are in
* Fix filecap to not output an error when a file has no capabilities
* Add udplite support to netcap
* Fix usage of pthread_atfork (Joe Orton)
* Mark processes in child user namespaces with * (Danila Kiver)
-------------------------------------------------------------------
Tue Feb 20 10:28:46 UTC 2018 - tchvatal@suse.com
- Switch to singlespec approach to allow building of python3
bindings
-------------------------------------------------------------------
Sun Feb 18 12:13:56 UTC 2018 - jengelh@inai.de
- Remove ineffective --with-pic. Fix SRPM group. Redo descriptions.
- Rename %soname to %sover to better reflect its use.
-------------------------------------------------------------------
Sun Feb 18 09:22:44 UTC 2018 - avindra@opensuse.org
- Update to version 0.7.9:
* Fix byte compiling python3 bindings
* Rework spec file to show new python2/3 separation
- cleanup with spec-cleaner
- use https urls
-------------------------------------------------------------------
Thu May 17 16:46:07 UTC 2017 - alexander_naumov@opensuse.org
- Update to version 0.7.8:
* Improve Python3 support
* Fix the thread separation test
* Correct typo in cap_pacct text
* Update man page for captest
* Fix sscanf string lengths in netcap
* Correct linking of python3 module
-------------------------------------------------------------------
Mon Dec 7 14:31:06 UTC 2015 - tchvatal@suse.com
- Fix build by passing --without-python3 argument. For now we are
fine with py2 bindings only
-------------------------------------------------------------------
Wed Dec 2 14:29:55 UTC 2015 - p.drouand@gmail.com
- Update to version 0.7.7
* Make sure all types used in _lnode are defined in proc-llist.h
* Fix python binding test for old kernels
* Fix leaked FD in library init
- Changes from version 0.7.6
* Fix python3 support
- Changes from version 0.7.5
* Make python3 supported
* In python bindings test, clamp CAP_LAST_CAP with /proc/.../cap_last_cap
* Update table for 3.16 kernel
-------------------------------------------------------------------
Thu May 15 13:19:57 UTC 2014 - tchvatal@suse.com
- Version bupm to 0.7.4
- Cleanup with spec-cleaner
- Remove useless specification of attributes
- Really split the two spec files instead of copying them to avoid
the huge ifdefing.
+ more readable
- version must be edited in two places when bumping
-------------------------------------------------------------------
Thu Mar 14 09:30:04 UTC 2013 - meissner@suse.com
- use source url
-------------------------------------------------------------------
Wed Mar 13 22:44:29 UTC 2013 - crrodriguez@opensuse.org
- version 0.7.3
- Make file opens use the cloexec flag (Cristian Rodríguez)
- Add CAP_BLOCK_SUSPEND
- Fix possible segfaults when CAP_LAST_CAP is larger than the lookup table
- In pscap, don't drop capabilities when running with capabilities
- Add CAP_COMPROMISE_KERNEL
- Define FTW_CONTINUE in case its not defined in libc
- Use glibc for xattr.h if available
- Make sure stderr is used consistently in utils
- Fix logic causing file based capabilities to not be supported when it should
-------------------------------------------------------------------
Sun Feb 12 17:24:55 UTC 2012 - crrodriguez@opensuse.org
- Move libraries back to %{_libdir}, /usr merge project
-------------------------------------------------------------------
Wed Oct 5 15:06:00 UTC 2011 - uli@suse.com
- cross-build workaround: make sure no attempt is made to build
python stuff even if it's installed on the host system
-------------------------------------------------------------------
Wed Aug 31 01:49:59 UTC 2011 - crrodriguez@opensuse.org
- Update to version 0.6.6
- Add CAP_SYSLOG and CAP_WAKE_ALARM (needed for newish kernels)
-------------------------------------------------------------------
Mon Nov 8 14:06:01 UTC 2010 - coolo@novell.com
- fix requires
-------------------------------------------------------------------
Wed Nov 3 21:56:17 UTC 2010 - pascal.bleser@opensuse.org
- update to 0.6.5:
* works around a problem in the Linux 2.6.36 kernel headers
* fixes a segfault when using filecap on a specific file
-------------------------------------------------------------------
Thu Oct 14 11:18:28 UTC 2010 - coolo@novell.com
- split out python packages now that libcap-ng is used in many
low level tools it creates cycles
-------------------------------------------------------------------
Thu May 6 17:55:55 UTC 2010 - pascal.bleser@opensuse.org
- update to 0.6.4:
* the library now uses kernel thread ID for capget/set calls
* a display problem of filesystem based capabilities was fixed
* netcap now prints device name for packet socket apps
- add baselibs.conf to build libcap-ng0-32bit
-------------------------------------------------------------------
Fri Mar 12 10:01:51 UTC 2010 - pascal.bleser@opensuse.org
- update to 0.6.3:
* in netcap and pscap use the effective uid
* in capng_change_id, only retain setpcap if clearing the bounding set
- add rpmlintrc to disable false positive warnings
- symlink license files on openSUSE
-------------------------------------------------------------------
Wed Mar 10 16:02:51 UTC 2010 - prusnak@suse.cz
- fixed Requires of python subpackage
-------------------------------------------------------------------
Fri Feb 26 12:14:04 UTC 2010 - prusnak@suse.cz
- imported package from Fedora (version 0.6.2)

89
libcap-ng-python.spec Normal file
View File

@ -0,0 +1,89 @@
#
# spec file for package libcap-ng-python
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define sover 0
%bcond_without python2
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
Name: libcap-ng-python
Version: 0.8.3
Release: 0
Summary: An alternate Linux/POSIX capabilities library
License: LGPL-2.1-or-later
Group: Development/Libraries/C and C++
URL: https://people.redhat.com/sgrubb/libcap-ng
Source0: https://people.redhat.com/sgrubb/libcap-ng/libcap-ng-%{version}.tar.gz
Source1: baselibs.conf
Source99: libcap-ng.rpmlintrc
BuildRequires: %{python_module devel}
BuildRequires: kernel-headers >= 2.6.11
BuildRequires: libcap-ng-devel = %{version}
BuildRequires: pkgconfig
BuildRequires: python-rpm-macros
BuildRequires: swig
%description
libcap-ng is a library providing an alternate mechanism to libcap to
inspect and set Linux process and file capabilities (modeled upon a
withdrawn POSIX.1e draft).
%package -n python2-capng
Summary: Python bindings for libcap-ng library
Group: Development/Libraries/Python
Requires: libcap-ng%{sover} = %{version}
%description -n python2-capng
The libcap-ng-python package contains the bindings so that libcap-ng
and can be used by Python applications.
%package -n python3-capng
Summary: Python bindings for libcap-ng library
Group: Development/Libraries/Python
Requires: libcap-ng%{sover} = %{version}
%description -n python3-capng
The libcap-ng-python package contains the bindings so that libcap-ng
and can be used by Python applications.
%prep
%setup -q -n libcap-ng-%{version}
%build
%configure \
--disable-static \
%if %{with python2}
--with-python \
%endif
--with-python3
make %{?_smp_mflags}
%install
%if %{with python2}
%make_install -C bindings/python
%endif
%make_install -C bindings/python3
find %{buildroot} -type f -name "*.la" -delete -print
%if %{with python2}
%files -n python2-capng
%{python2_sitearch}/*
%endif
%files -n python3-capng
%{python3_sitearch}/*
%changelog

207
libcap-ng.changes Normal file
View File

@ -0,0 +1,207 @@
-------------------------------------------------------------------
Thu May 4 15:04:58 UTC 2023 - Frederic Crozat <fcrozat@suse.com>
- Add _multibuild to define additional spec files as additional
flavors.
Eliminates the need for source package links in OBS.
-------------------------------------------------------------------
Mon May 9 06:59:02 UTC 2022 - Paolo Stivanin <info@paolostivanin.com>
- Update to 0.8.3:
* Add vararg support to python bindings for capng_updatev
* Add support for ambient capabilities
* Add support for V3 filesystem capabilities
* If procfs is not available, leave last_cap as CAP_LAST_CAP
* If bounding and ambient not found in status, try prctl method
* In capng_apply, move ambient caps to the end of the transaction
* In capng_apply, return errors more aggressively.
* In capng_apply, if the action includes the bounding set,resync with the kernel
* Fix signed/unsigned warning in cap-ng.c
* In capng_apply, return a unique error code to diagnose any failure
* In capng_have_capability, return 0 for failure
* Add the libdrop_ambient admin tool
* In capng_apply, if we blew up in bounding set, allow setting capabilities
* If PR_CAP_AMBIENT is not available, do not build libdrop_ambient
* Improve last_cap check
* Fix parameters to capng_updatev python bindings to be signed
* Detect capability options at runtime to make containerization easier (ntkme)
* Initialize the library when linked statically
* Add gcc function attributes for deallocation
-------------------------------------------------------------------
Thu Dec 9 22:05:19 UTC 2021 - Ferdinand Thiessen <rpm@fthiessen.de>
- Update to 0.7.11
* Really clear bounding set if asked in capng_change_id
* Add CAP_PERFMON, CAP_BPF, & CAP_CHECKPOINT_RESTORE
* Avoid malloc/free in capng_apply (Natanael Copa)
* If procfs is not available, get bounding set via prctl
- Removed unneeded rules from rpmlintrc
-------------------------------------------------------------------
Tue May 12 12:31:39 UTC 2020 - Paolo Stivanin <info@paolostivanin.com>
- Update to 0.7.10:
* Update capng_change_id man page
* Add capng_have_permitted_capabilities function
* Update filecap to output which set the capabilities are in
* Fix filecap to not output an error when a file has no capabilities
* Add udplite support to netcap
* Fix usage of pthread_atfork (Joe Orton)
* Mark processes in child user namespaces with * (Danila Kiver)
-------------------------------------------------------------------
Thu Aug 8 11:05:37 UTC 2019 - Dominique Leuenberger <dimstar@opensuse.org>
- Own %{_datadir}/aclocal: when we might switch to pkgconf instead
of pkg-config, nothing in the build root is 'accidentally' owning
this directory for us.
-------------------------------------------------------------------
Tue Feb 20 10:16:07 UTC 2018 - tchvatal@suse.com
- Move %doc to %license for licenses
-------------------------------------------------------------------
Sun Feb 18 12:13:56 UTC 2018 - jengelh@inai.de
- Remove ineffective --with-pic. Fix SRPM group. Redo descriptions.
- Rename %soname to %sover to better reflect its use.
-------------------------------------------------------------------
Sun Feb 18 09:23:18 UTC 2018 - avindra@opensuse.org
- Update to version 0.7.9:
* Detect and output a couple errors in filecap
* Use pthread_atfork to optionally reset the pid and related info
on fork
- cleanup with spec-cleaner
- use https urls
-------------------------------------------------------------------
Thu May 17 16:46:07 UTC 2017 - alexander_naumov@opensuse.org
- Update to version 0.7.8:
* Improve Python3 support
* Fix the thread separation test
* Correct typo in cap_pacct text
* Update man page for captest
* Fix sscanf string lengths in netcap
* Correct linking of python3 module
-------------------------------------------------------------------
Wed Dec 2 14:28:00 UTC 2015 - p.drouand@gmail.com
- Update to version 0.7.7
* Make sure all types used in _lnode are defined in proc-llist.h
* Fix python binding test for old kernels
* Fix leaked FD in library init
- Changes from version 0.7.6
* Fix python3 support
- Changes from version 0.7.5
* Make python3 supported
* In python bindings test, clamp CAP_LAST_CAP with /proc/.../cap_last_cap
* Update table for 3.16 kernel
-------------------------------------------------------------------
Thu Jun 19 17:22:55 UTC 2014 - crrodriguez@opensuse.org
- Remove unused BuildRequires on libattr-devel
-------------------------------------------------------------------
Thu May 15 13:19:57 UTC 2014 - tchvatal@suse.com
- Version bupm to 0.7.4
- Cleanup with spec-cleaner
- Remove useless specification of attributes
- Really split the two spec files instead of copying them to avoid
the huge ifdefing.
+ more readable
- version must be edited in two places when bumping
-------------------------------------------------------------------
Thu Mar 14 09:30:04 UTC 2013 - meissner@suse.com
- use source url
-------------------------------------------------------------------
Wed Mar 13 22:44:29 UTC 2013 - crrodriguez@opensuse.org
- version 0.7.3
- Make file opens use the cloexec flag (Cristian Rodríguez)
- Add CAP_BLOCK_SUSPEND
- Fix possible segfaults when CAP_LAST_CAP is larger than the lookup table
- In pscap, don't drop capabilities when running with capabilities
- Add CAP_COMPROMISE_KERNEL
- Define FTW_CONTINUE in case its not defined in libc
- Use glibc for xattr.h if available
- Make sure stderr is used consistently in utils
- Fix logic causing file based capabilities to not be supported when it should
-------------------------------------------------------------------
Sun Feb 12 17:24:55 UTC 2012 - crrodriguez@opensuse.org
- Move libraries back to %{_libdir}, /usr merge project
-------------------------------------------------------------------
Wed Oct 5 15:06:00 UTC 2011 - uli@suse.com
- cross-build workaround: make sure no attempt is made to build
python stuff even if it's installed on the host system
-------------------------------------------------------------------
Wed Aug 31 01:49:59 UTC 2011 - crrodriguez@opensuse.org
- Update to version 0.6.6
- Add CAP_SYSLOG and CAP_WAKE_ALARM (needed for newish kernels)
-------------------------------------------------------------------
Mon Nov 8 14:06:01 UTC 2010 - coolo@novell.com
- fix requires
-------------------------------------------------------------------
Wed Nov 3 21:56:17 UTC 2010 - pascal.bleser@opensuse.org
- update to 0.6.5:
* works around a problem in the Linux 2.6.36 kernel headers
* fixes a segfault when using filecap on a specific file
-------------------------------------------------------------------
Thu Oct 14 11:18:28 UTC 2010 - coolo@novell.com
- split out python packages now that libcap-ng is used in many
low level tools it creates cycles
-------------------------------------------------------------------
Thu May 6 17:55:55 UTC 2010 - pascal.bleser@opensuse.org
- update to 0.6.4:
* the library now uses kernel thread ID for capget/set calls
* a display problem of filesystem based capabilities was fixed
* netcap now prints device name for packet socket apps
- add baselibs.conf to build libcap-ng0-32bit
-------------------------------------------------------------------
Fri Mar 12 10:01:51 UTC 2010 - pascal.bleser@opensuse.org
- update to 0.6.3:
* in netcap and pscap use the effective uid
* in capng_change_id, only retain setpcap if clearing the bounding set
- add rpmlintrc to disable false positive warnings
- symlink license files on openSUSE
-------------------------------------------------------------------
Wed Mar 10 16:02:51 UTC 2010 - prusnak@suse.cz
- fixed Requires of python subpackage
-------------------------------------------------------------------
Fri Feb 26 12:14:04 UTC 2010 - prusnak@suse.cz
- imported package from Fedora (version 0.6.2)

1
libcap-ng.rpmlintrc Normal file
View File

@ -0,0 +1 @@
addFilter("libcap-ng-devel..*: W: no-dependency-on libcap-ng/libcap-ng-libs/liblibcap-ng")

139
libcap-ng.spec Normal file
View File

@ -0,0 +1,139 @@
#
# spec file for package libcap-ng
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define sover 0
%define ambient_sover 0
Name: libcap-ng
Version: 0.8.3
Release: 0
Summary: An alternate Linux/POSIX capabilities library
License: LGPL-2.1-or-later
Group: Development/Libraries/C and C++
URL: https://people.redhat.com/sgrubb/libcap-ng
Source0: https://people.redhat.com/sgrubb/%{name}/%{name}-%{version}.tar.gz
Source1: baselibs.conf
Source99: libcap-ng.rpmlintrc
BuildRequires: kernel-headers >= 2.6.11
BuildRequires: pkgconfig
%description
libcap-ng is a library providing an alternate mechanism to libcap to
make use of Linux process and file capabilities.
%package -n %{name}%{sover}
Summary: An alternate Linux/POSIX capabilities library
License: LGPL-2.1-or-later
Group: System/Libraries
%description -n %{name}%{sover}
libcap-ng is a library providing an alternate mechanism to libcap to
inspect and set Linux process and file capabilities (modeled upon a
withdrawn POSIX.1e draft).
%package devel
Summary: Header files for the libcap-ng library
License: LGPL-2.1-or-later
Group: Development/Libraries/C and C++
Requires: %{name}%{sover} = %{version}
Requires: kernel-headers >= 2.6.11
Requires: pkgconfig
%description devel
The libcap-ng-devel package contains the files needed for developing
applications that need to use the libcap-ng library.
%package utils
Summary: Utilities for analysing and setting file capabilities
License: GPL-2.0-or-later
Group: System/Base
%description utils
The libcap-ng-utils package contains applications to analyse the
Linux process capabilities of programs running on a system. It also
lets you set the filesystem-based capabilities.
%package -n libdrop_ambient%{ambient_sover}
Summary: Library for dropping ambient capabilities
License: LGPL-2.1-or-later
Requires: %{name}%{sover} = %{version}
%description -n libdrop_ambient%{ambient_sover}
This library can be used via LD_PRELOAD to force an application started with ambient capabilities to drop them.
It leaves other capabilities intact. This can also be linked against and automatically does the right thing.
You do not need to make any calls into the library because all the work is done in the constructor which runs before main() is called.
%package -n libdrop_ambient-devel
Summary: Devel package for libdrop_ambient%{ambient_sover}
License: LGPL-2.1-or-later
Requires: libdrop_ambient%{ambient_sover}
%description -n libdrop_ambient-devel
This package contains the files needed for developing
applications that need to use the libdrop_ambient library.
%prep
%setup -q
%build
export LDFLAGS="$LDFLAGS -lpthread"
%configure \
--disable-static \
--without-python
make %{?_smp_mflags}
%install
%make_install
find %{buildroot} -type f -name "*.la" -delete -print
%post -n %{name}%{sover} -p /sbin/ldconfig
%postun -n %{name}%{sover} -p /sbin/ldconfig
%post -n libdrop_ambient%{ambient_sover} -p /sbin/ldconfig
%postun -n libdrop_ambient%{ambient_sover} -p /sbin/ldconfig
%files -n %{name}%{sover}
%license COPYING.LIB
%{_libdir}/%{name}.so.%{sover}
%{_libdir}/%{name}.so.%{sover}.*
%files -n libdrop_ambient%{ambient_sover}
%{_libdir}/libdrop_ambient.so.%{ambient_sover}
%{_libdir}/libdrop_ambient.so.%{ambient_sover}.*
%files -n libdrop_ambient-devel
%{_libdir}/libdrop_ambient.so
%{_mandir}/man7/libdrop_ambient.7%{ext_man}
%files devel
%{_mandir}/man3/*.3%{ext_man}
%{_includedir}/cap-ng.h
%{_libdir}/%{name}.so
%dir %{_datadir}/aclocal
%{_datadir}/aclocal/cap-ng.m4
%{_libdir}/pkgconfig/%{name}.pc
%files utils
%license COPYING
%{_bindir}/captest
%{_bindir}/filecap
%{_bindir}/netcap
%{_bindir}/pscap
%{_mandir}/man8/*.8%{ext_man}
%changelog