pool/libcap
SHA256
2
0
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libcap?expand=0&rev=5

Browse Source
This commit is contained in:
OBS User unknown 2008-05-04 22:54:23 +00:00 committed by Git OBS Bridge
parent 812c01ac4d
commit b2424f50c6
15 changed files with 61 additions and 355 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
README
View File

@ -1,18 +0,0 @@
The code to be found here is all stuff intended to be integrated with
2.3.
Currently, its a patch in progress against 2.2
You can get a copy of the defunct POSIX draft specification for
capabilities and some other interesting things here:
http://www.guug.de/~winni/posix.1e/download.html
If you are looking for ACL patches for kernels, take a look here:
http://aerobee.informatik.uni-bremen.de/acl_download.html
Cheers
Andrew

2
baselibs.conf
View File

@ -1 +1 @@
libcap
libcap2

3
capfaq-0.2.txt.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:7c867ee8708872be2f18dc324ba730c3d3a3a9abc90152f0c74dc1baeb257ad2
size 4566

11
header.patch
View File

@ -1,11 +0,0 @@
--- libcap/_makenames.c-dist 1999-05-14 06:46:15.000000000 +0200
+++ libcap/_makenames.c 2006-12-19 17:56:11.000000000 +0100
@@ -9,7 +9,7 @@
#include <stdio.h>
#include <stdlib.h>
-#include <linux/capability.h>
+#include "include/sys/capability.h"
/*
* #include 'sed' generated array

104
libcap-1.10.diff
View File

@ -1,104 +0,0 @@
--- Make.Rules-dist 1999-11-18 07:06:02.000000000 +0100
+++ Make.Rules 2006-12-19 18:18:57.000000000 +0100
@@ -14,17 +14,21 @@
# Otherwise binaries and libraraies are installed in /{lib,sbin}/,
# header files in /usr/include/ and documentation in /usr/man/man?/.
+ifndef lib
+lib=lib
+endif
+
ifdef prefix
exec_prefix=$(prefix)
lib_prefix=$(exec_prefix)
inc_prefix=$(lib_prefix)
-man_prefix=$(prefix)
+man_prefix=$(prefix)/share
else
prefix=/usr
exec_prefix=
lib_prefix=$(exec_prefix)
inc_prefix=$(prefix)
-man_prefix=$(prefix)
+man_prefix=$(prefix)/share
endif
# Target directories
@@ -32,7 +36,7 @@
MANDIR=$(FAKEROOT)$(man_prefix)/man
SBINDIR=$(FAKEROOT)$(exec_prefix)/sbin
INCDIR=$(FAKEROOT)$(inc_prefix)/include
-LIBDIR=$(FAKEROOT)$(lib_prefix)/lib
+LIBDIR=$(FAKEROOT)$(lib_prefix)/$(lib)
# common defines for libcap (suitable for 2.2.1+ Linux kernels)
VERSION=1
@@ -43,11 +47,11 @@
CC=gcc
COPTFLAGS=-O2
-DEBUG=-g #-DDEBUG
-WARNINGS=-ansi -D_POSIX_SOURCE -Wall -Wwrite-strings \
+DEBUG=-O2 -g #-DDEBUG
+WARNINGS=-D_POSIX_SOURCE -Wall -Wwrite-strings \
-Wpointer-arith -Wcast-qual -Wcast-align \
- -Wtraditional -Wstrict-prototypes -Wmissing-prototypes \
- -Wnested-externs -Winline -Wshadow -pedantic
+ -Wstrict-prototypes -Wmissing-prototypes \
+ -Wnested-externs -Winline -Wshadow
LD=ld
LDFLAGS=-s #-g
--- libcap/Makefile-dist 1999-04-18 00:16:31.000000000 +0200
+++ libcap/Makefile 2006-12-19 18:18:44.000000000 +0100
@@ -32,7 +32,7 @@
LIBNAME=libcap.so
#
-FILES=cap_alloc cap_proc cap_extint cap_flag cap_text cap_sys
+FILES=cap_alloc cap_proc cap_extint cap_flag cap_text cap_sys #cap_sys2
# for later when there is filesystem support for cap's:
#FILES += cap_file
@@ -63,6 +63,9 @@
%.o: %.c $(INCLS)
$(CC) $(CFLAGS) -c $< -o $@
+cap_sys2.o: cap_sys2.c $(INCLS)
+ $(CC) -Wall -O2 -c $< -o $@
+
install: all
mkdir -p -m 0755 $(INCDIR)/sys
install -m 0644 include/sys/capability.h $(INCDIR)/sys
--- libcap/cap_sys.c-dist 1999-04-18 00:16:31.000000000 +0200
+++ libcap/cap_sys.c 2006-12-19 18:18:44.000000000 +0100
@@ -11,6 +11,8 @@
#define __LIBRARY__
#include <linux/unistd.h>
+
+#if 0
_syscall2(int, capget,
cap_user_header_t, header,
cap_user_data_t, data)
@@ -18,6 +20,7 @@ _syscall2(int, capget,
_syscall2(int, capset,
cap_user_header_t, header,
const cap_user_data_t, data)
+#endif
/*
* $Log: cap_sys.c,v $
--- libcap/cap_sys2.c-dist 2006-12-19 18:18:44.000000000 +0100
+++ libcap/cap_sys2.c 2006-12-19 18:18:44.000000000 +0100
@@ -0,0 +1,10 @@
+#include <linux/unistd.h>
+#include <linux/capability.h>
+
+_syscall2(int, capget,
+ cap_user_header_t, header,
+ cap_user_data_t, data)
+
+_syscall2(int, capset,
+ cap_user_header_t, header,
+ const cap_user_data_t, data)

3
libcap-1.10.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:66c3f033fdc8f9ba0bd9d0ae2d1f2c11f9fa51bf0d1418e5cb75e29e6577a5bc
size 26686

3
libcap-2.08.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:be775d6fd65c378b8d9688e87758af55da2ee3df94e144e81be809f13b62bbab
size 40758

11
libcap-array-range-fix.diff
View File

@ -1,11 +0,0 @@
--- libcap/cap_extint.c-dist 2007-01-24 12:04:05.000000000 +0100
+++ libcap/cap_extint.c 2007-01-24 12:04:48.000000000 +0100
@@ -105,7 +105,7 @@ cap_t cap_copy_int(const void *cap_ext)
return NULL;
blen = export->length_of_capset;
- for (set=0; set<=NUMBER_OF_CAP_SETS; ++set) {
+ for (set=0; set<NUMBER_OF_CAP_SETS; ++set) {
int blk;
int bno = 0;
for (blk=0; blk<(CAP_SET_SIZE/4); ++blk) {

11
libcap-dynamic-link.diff Normal file
View File

@ -0,0 +1,11 @@
--- progs/Makefile-dist 2008-04-23 15:28:10.000000000 +0200
+++ progs/Makefile 2008-04-23 15:28:24.000000000 +0200
@@ -9,7 +9,7 @@
all: $(PROGS)
$(PROGS): %: %.o
- $(CC) --static $(COPTFLAG) $(LDFLAGS) -o $@ $< $(LIBS)
+ $(CC) $(COPTFLAG) $(LDFLAGS) -o $@ $< $(LIBS)
%.o: %.c $(INCS)
$(CC) $(CFLAGS) -c $< -o $@

61
libcap-gcc-warning-fixes.diff
View File

@ -1,61 +0,0 @@
--- progs/execcap.c-dist 1999-04-18 00:16:31.000000000 +0200
+++ progs/execcap.c 2006-12-19 18:21:22.000000000 +0100
@@ -13,6 +13,7 @@
#include <sys/capability.h>
#include <unistd.h>
#include <string.h>
+#include <stdlib.h>
static void usage(void)
{
@@ -28,7 +29,7 @@ static void usage(void)
exit(1);
}
-void main(int argc, char **argv)
+int main(int argc, char **argv)
{
cap_t new_caps;
@@ -62,4 +63,5 @@ void main(int argc, char **argv)
fprintf(stderr, "Unable to execute command: %s\n", strerror(errno));
usage();
+ return 0;
}
--- progs/sucap.c-dist 1999-04-18 00:16:31.000000000 +0200
+++ progs/sucap.c 2006-12-19 18:21:22.000000000 +0100
@@ -48,7 +48,7 @@ wait_on_fd(int fd)
}
-void main(int argc, char **argv)
+int main(int argc, char **argv)
{
cap_t old_caps;
uid_t uid;
@@ -193,4 +193,5 @@ void main(int argc, char **argv)
/* exit to signal mother process that we are ready */
_exit(0);
}
+ return 0;
}
--- libcap/cap_extint.c-dist 1999-04-18 00:16:31.000000000 +0200
+++ libcap/cap_extint.c 2006-12-19 18:21:22.000000000 +0100
@@ -91,7 +91,7 @@ cap_t cap_copy_int(const void *cap_ext)
(const struct cap_ext_struct *) cap_ext;
cap_t cap_d;
int set, blen;
- __u32 * to = (__u32 *) &cap_d->set;
+ __u32 * to;
/* Does the external representation make sense? */
if (export == NULL || !memcmp(export->magic, external_magic
@@ -104,6 +104,7 @@ cap_t cap_copy_int(const void *cap_ext)
if (!(cap_d = cap_init()))
return NULL;
+ to = (__u32 *) &cap_d->set;
blen = export->length_of_capset;
for (set=0; set<=NUMBER_OF_CAP_SETS; ++set) {
int blk;

34
libcap-invalid-free-fix.diff
View File

@ -1,34 +0,0 @@
--- progs/getpcaps.c-dist 1999-11-18 07:04:25.000000000 +0100
+++ progs/getpcaps.c 2006-12-19 17:51:31.000000000 +0100
@@ -52,9 +52,11 @@ int main(int argc, char **argv)
continue;
} else {
char *result = cap_to_text(cap_d, &length);
- fprintf(stderr, "Capabilities for `%s': %s\n", *argv, result);
- cap_free(result);
- result = NULL;
+ if (result) {
+ fprintf(stderr, "Capabilities for `%s': %s\n", *argv, result);
+ cap_free(result);
+ result = NULL;
+ }
}
}
--- progs/setpcaps.c-dist 1999-11-18 07:04:26.000000000 +0100
+++ progs/setpcaps.c 2006-12-19 17:51:57.000000000 +0100
@@ -100,9 +100,11 @@ int main(int argc, char **argv)
char *result;
result = cap_to_text(cap_d, &length);
- fprintf(stderr, "[caps set to:\n%s\n]\n", result);
- cap_free(result);
- result = NULL;
+ if (result) {
+ fprintf(stderr, "[caps set to:\n%s\n]\n", result);
+ cap_free(result);
+ result = NULL;
+ }
}
#endif

42
libcap-shlib-fix.diff
View File

@ -1,42 +0,0 @@
--- progs/Makefile-dist 1999-04-18 00:16:31.000000000 +0200
+++ progs/Makefile 2006-12-19 18:30:24.000000000 +0100
@@ -36,15 +36,15 @@
all: $(PROGS)
$(PROGS): %: %.o
- $(CC) $(LDFLAGS) -o $@ $< $(LIBS)
+ $(CC) $(COPTFLAG) $(LDFLAGS) -o $@ $< $(LIBS)
%.o: %.c $(INCS)
- $(CC) $(CFLAGS) -c $< -o $@
+ $(CC) $(COPTFLAG) $(CFLAGS) -c $< -o $@
install: all
mkdir -p -m 0755 $(SBINDIR)
for p in $(PROGS) ; do \
- install -s -m 0755 $$p $(SBINDIR) ; \
+ install -m 0755 $$p $(SBINDIR) ; \
done
clean:
--- libcap/Makefile-dist 2006-12-19 18:28:36.000000000 +0100
+++ libcap/Makefile 2006-12-19 18:30:53.000000000 +0100
@@ -56,15 +56,15 @@
# @sed -ne '/^#define[ \t]CAP[_A-Z]\+[ \t]\+[0-9]\+/{s/^#define CAP_\([^ \t]*\)[ \t]*\([^ \t]*\)/ \{ \2, \"\1\" \},/;y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/;p;}' < /usr/include/linux/capability.h | fgrep -v 0x > cap_names.sed
$(MINLIBNAME): $(OBJS)
- $(LD) -soname $(MAJLIBNAME) -x -shared -o $@ $(OBJS)
+ $(CC) $(COPTFLAG) -Wl,-soname,$(MAJLIBNAME) -shared -o $@ $(OBJS)
ln -sf $(MINLIBNAME) $(MAJLIBNAME)
ln -sf $(MAJLIBNAME) $(LIBNAME)
%.o: %.c $(INCLS)
- $(CC) $(CFLAGS) -c $< -o $@
+ $(CC) $(COPTFLAG) $(CFLAGS) -fpic -c $< -o $@
cap_sys2.o: cap_sys2.c $(INCLS)
- $(CC) -Wall -O2 -c $< -o $@
+ $(CC) $(COPTFLAG) $(CFLAGS) -fpic -c $< -o $@
install: all
mkdir -p -m 0755 $(INCDIR)/sys

6
libcap.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Wed Apr 23 15:18:28 CEST 2008 - tiwai@suse.de
- updated to libcap-2.08
properly supporting the recent 2.6 kernels
-------------------------------------------------------------------
Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de

81
libcap.spec
View File

@ -1,5 +1,5 @@
#
# spec file for package libcap (Version 1.10)
# spec file for package libcap (Version 2.08)
#
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
@ -12,26 +12,17 @@
Name: libcap
BuildRequires: fdupes libattr-devel
License: BSD 3-Clause
Group: System/Libraries
AutoReqProv: on
Summary: Library for Capabilities (linux-privs) Support
Version: 1.10
Release: 72
Source: ftp://ftp.de.kernel.org/pub/linux/libs/security/linux-privs/old/kernel-2.4/libcap-1.10.tar.bz2
Source3: ftp://ftp.de.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.4/uid-proc.patch
Source4: ftp://ftp.de.kernel.org/pub/linux/libs/security/linux-privs/old/kernel-2.4/README
Source5: ftp://ftp.de.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.4/capfaq-0.2.txt.gz
Patch: libcap-%{version}.diff
# Patch1: gcc3.diff
Patch2: header.patch
Patch1: libcap-shlib-fix.diff
Patch3: libcap.eal3.diff
Patch4: libcap-gcc-warning-fixes.diff
Patch6: libcap-invalid-free-fix.diff
Patch7: libcap-array-range-fix.diff
Version: 2.08
Release: 2
Source: ftp://ftp.de.kernel.org/pub/linux/libs/security/linux-privs/libcap2/libcap-%{version}.tar.bz2
Patch: libcap-dynamic-link.diff
Patch1: libcap.eal3.diff
#URL: http://www.kernel.org/
#Prefix: /usr
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@ -44,11 +35,26 @@ done automatically by the kernel.
%package -n libcap2
License: BSD 3-Clause
Summary: Library for Capabilities (linux-privs) Support
Group: System/Libraries
%description -n libcap2
Capabilities are a measure to limit the omnipotence of the superuser.
Currently a program started by root or setuid root has the power to do
anything. Capabilities (Linux-Privs) provide a more fine-grained access
control. Without kernel patches, you can use this library to drop
capabilities within setuid binaries. If you use patches, this can be
done automatically by the kernel.
%package devel
License: BSD 3-Clause
Summary: Development files for libcap
Group: Development/Libraries/C and C++
Requires: glibc-devel %{name} = %{version}
Requires: glibc-devel libcap2 = %{version}
%description devel
Development files (Headers, libraries for static linking, etc) for
@ -74,53 +80,46 @@ libcap.
%prep
%setup
%setup -q
%patch
%patch1
%patch2
%patch3 -p2
%patch4
%patch6
%patch7
cp -p %SOURCE3 .
cp -p %SOURCE4 ./README.libcap
cp -p %SOURCE5 .
%patch1 -p2
%build
lib=%{_lib} make LDFLAGS= COPTFLAG="$RPM_OPT_FLAGS"
lib=%{_lib} make %{?jobs:-j %jobs} LDFLAGS= COPTFLAG="$RPM_OPT_FLAGS"
%install
make install FAKEROOT=$RPM_BUILD_ROOT LIBDIR=$RPM_BUILD_ROOT/%{_lib} MANDIR=$RPM_BUILD_ROOT%{_mandir}
make install DESTDIR=$RPM_BUILD_ROOT LIBDIR=$RPM_BUILD_ROOT/%{_lib} MANDIR=$RPM_BUILD_ROOT%{_mandir}
# move *.so file to libdir and relink
rm -f $RPM_BUILD_ROOT/%{_lib}/*.so
mkdir -p $RPM_BUILD_ROOT%{_libdir}
ln -s /%{_lib}/libcap.so.1 $RPM_BUILD_ROOT%{_libdir}/libcap.so
rm $RPM_BUILD_ROOT%{_mandir}/man2/{capget,capset}.2*
ln -s /%{_lib}/libcap.so.2 $RPM_BUILD_ROOT%{_libdir}/libcap.so
%fdupes -s $RPM_BUILD_ROOT
%post -p /sbin/ldconfig
%post -n libcap2 -p /sbin/ldconfig
%postun -p /sbin/ldconfig
%postun -n libcap2 -p /sbin/ldconfig
%files
%files -n libcap2
%defattr(-,root,root)
%attr(755,root,root) /%{_lib}/libcap.so.*
%files progs
%defattr(-,root,root)
%doc %{_mandir}/man3/*
/sbin/getpcaps
/sbin/setpcaps
/sbin/execcap
/sbin/sucap
%doc %{_mandir}/man8/*
/sbin/*
%files devel
%defattr(-,root,root)
%doc License README CHANGELOG uid-proc.patch README.libcap capfaq-0.2.txt.gz
#%doc fcaps-2.2.9-990610.patch.bz2 fcap-module-990613.tar.bz2
%doc License README CHANGELOG
%{_includedir}/sys/capability.h
%{_libdir}/*.so
%doc %{_mandir}/man2/*
%doc %{_mandir}/man3/*
%changelog
* Wed Apr 23 2008 tiwai@suse.de
- updated to libcap-2.08
properly supporting the recent 2.6 kernels
* Thu Apr 10 2008 ro@suse.de
- added baselibs.conf file to build xxbit packages
for multilib support

26
uid-proc.patch
View File

@ -1,26 +0,0 @@
diff -urN linux-2.2.1/fs/proc/inode.c linux-caps/fs/proc/inode.c
--- linux-2.2.1/fs/proc/inode.c Fri May 8 18:10:30 1998
+++ linux-caps/fs/proc/inode.c Sun Jan 31 00:02:05 1999
@@ -267,10 +267,19 @@
inode->u.generic_ip = (void *) de;
if (de) {
- if (de->mode) {
+ if (de->mode) { /* why conditional on non-zero mode? */
+ struct inode *sbi;
+
inode->i_mode = de->mode;
- inode->i_uid = de->uid;
- inode->i_gid = de->gid;
+
+ if ((ino != PROC_ROOT_INO)
+ && (sbi = sb->s_root->d_inode)) {
+ inode->i_uid = sbi->i_uid;
+ inode->i_gid = sbi->i_gid;
+ } else {
+ inode->i_uid = de->uid;
+ inode->i_gid = de->gid;
+ }
}
if (de->size)
inode->i_size = de->size;