Commit Graph

60 Commits

Author SHA256 Message Date
89cf15b63a Accepting request 1090157 from home:msmeissn:branches:Base:System
- enable pam module

OBS-URL: https://build.opensuse.org/request/show/1090157
OBS-URL: https://build.opensuse.org/package/show/Base:System/libcap?expand=0&rev=85
2023-06-01 06:54:16 +00:00
d191c767e9 Accepting request 1087355 from home:msmeissn:branches:Base:System
- updated to 2.69
  - An audit was performed on libcap and friends by https://x41-dsec.de/ (blog) . The audit (final report, 2023-05-10) was sponsored by the the Open Source Technology Improvement Fund, https://ostif.org/ (blog). Five issues were found. Four of them are addressed in this release. Each issue was labeled in the audit results as follows:
    - LCAP-CR-23-01 (SEVERITY) LOW (CVE-2023-2602) - found by David Gstir (bsc#1211418)
    - LCAP-CR-23-02 (SEVERITY) MEDIUM (CVE-2023-2603) - found by Richard Weinberger (bsc#1211419)
    - LCAP-CR-23-100 (SEVERITY) NONE
    - LCAP-CR-23-101 (SEVERITY) NONE
    - LCAP-CR-23-102 (SEVERITY) NONE
  - Man page style improvement from Emanuele Torre

OBS-URL: https://build.opensuse.org/request/show/1087355
OBS-URL: https://build.opensuse.org/package/show/Base:System/libcap?expand=0&rev=83
2023-05-16 08:36:59 +00:00
bd79f2d7d2 - update to 2.68:
* Force libcap internal functions to be hidden outside the library
  * Expanded the list of man page (links) to all of the supported API
    functions.
  * fixed some formatting issues with the libpsx(3) manpage.
  * Add support for a markdown preamble and postscript when generating
    .md versions of the man pages (Bug 217007)
  * psx package clean up
  * fix some copy-paste errors with TestShared()
  * added a more complete psx testing into this test as well
  * cap package clean up
  * drop an unnecessary use of ", _" in the sources
  * cleaned up cap.NamedCount documentation
  * Converted goapps/web/README to .md format and fixed the
    instructions to indicate go mod tidy is needed.
  * cap_compare test binary now cleans up after itself (Bug 217018)
  * Figured out how to cross compile Go programs for arm (i.e. RPi) that
    use C code, don't use cgo but do use the psx package
  * Eliminate use of vendor directory

OBS-URL: https://build.opensuse.org/package/show/Base:System/libcap?expand=0&rev=81
2023-03-30 08:01:04 +00:00
ace206afa6 Accepting request 1074133 from home:marxin:branches:Base:System
- Enable LTO and add missing -ffat-lto-objects for the provided
  static libs.

OBS-URL: https://build.opensuse.org/request/show/1074133
OBS-URL: https://build.opensuse.org/package/show/Base:System/libcap?expand=0&rev=79
2023-03-24 12:14:17 +00:00
4647d305df Accepting request 1074125 from home:tiwai:branches:Base:System
- Revert LTO again; it still breaks builds

OBS-URL: https://build.opensuse.org/request/show/1074125
OBS-URL: https://build.opensuse.org/package/show/Base:System/libcap?expand=0&rev=78
2023-03-24 09:45:03 +00:00
f1d808422a Accepting request 1073998 from home:marxin:branches:Base:System
- Enable LTO as it works fine.

OBS-URL: https://build.opensuse.org/request/show/1073998
OBS-URL: https://build.opensuse.org/package/show/Base:System/libcap?expand=0&rev=77
2023-03-24 09:31:56 +00:00
0d6a83f543 - update to 2.67:
* Replace use of fgrep with grep -F (POSIX grep flags preferred by
    GNU grep) - patch from David Seifert.
  * Added SPDX identifiers to License file(s). Hopefully this will
    help the various robots out there correctly identify the
    longstanding licenses for libcap and friends. (Bug: 216609
    reported by Günther Noack)
  * Started down the rabbit hole of trying to address (Bug: 216610
    reported by Günther Noack on behalf of Michael Stapelberg)
  * The basic issue is how to link C code with Go psx without using
    CGo. This is all a low level hackery. If you are interested,
    browse the source.
  * Correct for bad whatis entries in man pages (this was throwing a
    Debian build test, detail)
  * Also reviewed man pages and addressed cross linkage issues (Bug:
  * Cleaned up some README.md files (made a github mirror now just so
    I can automatically render them).
  * Changed meaning of DYNAMIC=no builds.
    This now builds everything with static linking except for libc.
    The reason for this exception is explained in the commit message.
  * Inserted demonstration exploit code in capso.so to support
    article.
  * Minor clarification to cap_get_pid() man page concerning pid
    value within namespaces.

OBS-URL: https://build.opensuse.org/package/show/Base:System/libcap?expand=0&rev=75
2023-02-04 18:43:33 +00:00
b8ed86315c - update to 2.66:
* Fix documentation typos in cap_from_text.3
  * Some getpcaps code clean up and a fix for PID argument parsing from Jakub
    Wilk.
  * Slightly more robust Makefiles to address an error with make -j48 test observed
  * Include a simple Go program, captrace, to trace kernel capability validation
    checks
  * This program can be used to figure out what capabilities a program needs to
    operate.
  * captrace (a wrapper for bpftrace) uses BPF kprobes to monitor the kernel for
    capability checks and whether or not they succeed for the system, a specific
    PID or a program's direct execution.
  * Trim down the default file capabilities for contrib/sucap/su to those actually
    needed and set USER and HOME environment variables so bash doesn't complain
    about a sourcing error.

OBS-URL: https://build.opensuse.org/package/show/Base:System/libcap?expand=0&rev=73
2022-09-29 19:51:11 +00:00
7ce603da3b - update to 2.65:
* Fix syntax error in DEBUG build of protected code in setcap.c.
  * Prevent bash from reading the wrong startup files when the capsh --user=xxx
    argument is used to invoke a shell as the user xxx. This is done by capsh now
    changing the USER and HOME environment variables when --user is specified.
    The argument --noenv can be used to suppress this behavior to what used to be
    the problematic default. (Bug: 215926)
  * Improved documentation

OBS-URL: https://build.opensuse.org/package/show/Base:System/libcap?expand=0&rev=71
2022-07-22 21:37:17 +00:00
f6cc24b125 - update to 2.64:
* Fix memory leak in libpsx at program exit.
  * Be more resilient to CGo configuration with Go compiler when building tests.
  * Fix cap_*prctl() return code/errno handling.
  * Minor clarification to cap_get_pid() man page concerning pid value within namespaces.

OBS-URL: https://build.opensuse.org/package/show/Base:System/libcap?expand=0&rev=69
2022-04-12 19:47:22 +00:00
7efab90daf Accepting request 957541 from home:msmeissn:branches:Base:System
Merged some changes and metadata over from the SLE side.

- Use "or" in the license tag to avoid confusion (bsc#1180073)
- Update to version 2.30 (jsc#SLE-17092, jsc#ECO-3460):

OBS-URL: https://build.opensuse.org/request/show/957541
OBS-URL: https://build.opensuse.org/package/show/Base:System/libcap?expand=0&rev=68
2022-02-25 09:48:22 +00:00
c97b598a4b - update to 2.63:
* restore errno to zero by the time main() is executed
  * Consistent psx handling (a panic) for syscalls that return thread dependent
    status Inconsistend behavior noticed by Lorenz Bauer
  * Add a test case for a deadlock under investigation in golang
  * Trim some of the #include file use to make the tree compile more
    efficiently

OBS-URL: https://build.opensuse.org/package/show/Base:System/libcap?expand=0&rev=67
2022-01-31 20:09:48 +00:00
247a867674 - update to 2.62:
* Bug fix for Go package "cap" and launching
  * Build cleanups
  * Documentation updates: cap_max_bits has a man page entry
  * Recognize default securebits as a libcap mode: HYBRID

OBS-URL: https://build.opensuse.org/package/show/Base:System/libcap?expand=0&rev=66
2021-12-30 09:53:04 +00:00
45f6db7d48 Accepting request 932823 from home:AndreasStieger:branches:Base:System
libcap 2.61

OBS-URL: https://build.opensuse.org/request/show/932823
OBS-URL: https://build.opensuse.org/package/show/Base:System/libcap?expand=0&rev=65
2021-11-24 08:34:20 +00:00
f932419bea Accepting request 921983 from home:polslinux:branches:Base:System
- update to 2.59:
  * Fixed a potential libcap memory leak by adding a destructor
  * Major improvement is that there is a path for Linux-PAM compliant
    applications to support setting Ambient vector Capabilities via pam_cap.so now
  * Added libcap cap_proc_root() API function
  * Added color support to captree
  * Fixed contrib/sucap/su to correctly handle the Inheritable flag
  * capsh enhancements
  * getcap -r / now generates readable output
  * The shared library objects: pam_cap.so, libcap.so and libpsx.so, are all now
    runnable as standalone binaries
  * The module pam_cap.so now contains support for a default=<IAB> module argument
  * Enhanced capsh --suggest to also compare against the capability value names
    and not just their descriptions
  * Added capsh --current support
  * Added a contrib/sucap/su.c pure-capabilities PAM implementation of su
  * Fix for a corner case infinite loop handling long strings
  * Added libcap cap_iab_compare() and cap_iab_get_pid() APIs
  * Added a Go utility, captree, to display the process (and thread) graph along with
    the POSIX.1e and IAB capabilities of each PID{TID} tree.

OBS-URL: https://build.opensuse.org/request/show/921983
OBS-URL: https://build.opensuse.org/package/show/Base:System/libcap?expand=0&rev=64
2021-09-30 08:46:24 +00:00
5f59917f96 - update to 2.51:
* Fix capsh installation
  * Add an autoauth module flag to pam_cap.so
  * Unified libcap/cap (Go) and libcap (C) default generation of external format binary data
  * API enhancement cap_fill() and (*cap.Set).Fill() - to permit copying one
    capability flag to another.
  * --explain=cap_foo: describe what cap_foo does
  * --suggest=phrase: search all the cap descriptions and describe those that match the phrase
  * Add "keepcaps" module argument support to pam_cap.so (reported by Zoltan Fridrich. Bug 212945)
  * extend libcap to include cap_prctl() and cap_prctlw() functions to regain
    feature parity with Go "cap" package. These are only needed when linking
    against -lpsx for keepcaps POSIX semantics.
  * this likely requires substantial application changes to make Ambient
    capability support usable in general, but doing our part for the admin.
  * Add a test case for recent kernel fix
  * Go pragma fix for convenience functions in "cap" module

OBS-URL: https://build.opensuse.org/package/show/Base:System/libcap?expand=0&rev=63
2021-07-17 06:36:52 +00:00
687522c9a0 Accepting request 896875 from home:cgiboudeaux:branches:Base:System
- Fix a broken symlink. libcap-devel installs libpsx.so but
  didn't install the library it's pointing to.

OBS-URL: https://build.opensuse.org/request/show/896875
OBS-URL: https://build.opensuse.org/package/show/Base:System/libcap?expand=0&rev=61
2021-06-02 11:43:33 +00:00
65df6bfa1d Accepting request 886056 from home:tiwai:branches:Base:System
- Add explicit dependency on libcap2 with version to libcap-progs
  (bsc#1184690)

OBS-URL: https://build.opensuse.org/request/show/886056
OBS-URL: https://build.opensuse.org/package/show/Base:System/libcap?expand=0&rev=59
2021-04-16 14:38:53 +00:00
af2d1522ed - update to 2.49:
* Implement cap_func_launcher() and cap.FuncLauncher().
  * More robust "psx" redirection for nocgo compilation - the documentation for
    the cgo implementation is now included in the nocgo one because the go.dev
    automated documentation builds the docs from the nocgo version.
  * Lots of documentation cleanups and added a few man pages: for IAB and
    Launching.
  * Some general no-op License changes that might cause folk to notice but only
    for formatting reasons. These were initially inspired by some lawyerly
    interactions, but I ended up rolling back half of them because they
    confused automated software infrastructure.

OBS-URL: https://build.opensuse.org/package/show/Base:System/libcap?expand=0&rev=57
2021-03-22 15:38:43 +00:00
eae0ad6ed8 - update to 2.48:
* More uniform use of $(MAKE) in Makefiles
  * No longer include symlinks in the git tree 
  * Provide support for make GOLANG=no ...
  * Provide support for pointing at a specific build of the go binary
  * camelCase the contrib/seccomp/explore.go program
  * A number of documentation fixes to man pages and source code comments
  * Last use of GO major version 0

OBS-URL: https://build.opensuse.org/package/show/Base:System/libcap?expand=0&rev=55
2021-02-09 23:18:04 +00:00
b830e8a6f7 - update to 2.47:
* Restructured gowns to default to uid base of getuid().
  * Augment NOPRIV libcap mode with the sticky NO_NEW_PRIVS prctl bit.
  * Improve the usage and diagnostic message for setcap
  * Documentation fixes, license declarations, example updates

OBS-URL: https://build.opensuse.org/package/show/Base:System/libcap?expand=0&rev=53
2021-01-27 07:55:14 +00:00
cdf0d9ed10 OBS-URL: https://build.opensuse.org/package/show/Base:System/libcap?expand=0&rev=50 2021-01-04 21:24:07 +00:00
2db9681bdf - add 0001-Improve-the-usage-and-diagnostic-message-for-setcap.patch
0002-No-longer-need-the-Go-build-tag-allthreadssyscall.patch
  0003-Minor-fixes-for-cap-package-documentation.patch
  0004-checkpoint.patch
  0005-Clean-up-the-exit-status-to-match-other-binaries.patch
  0006-People-keep-emailing-me-about-the-license-for-libcap.patch
  0007-Augment-NOPRIV-libcap-mode-with-the-sticky-NO_NEW_PR.patch

OBS-URL: https://build.opensuse.org/package/show/Base:System/libcap?expand=0&rev=49
2021-01-04 19:31:04 +00:00
60c579967a - update to 2.46:
* The bulk of this release concerns fixes and improvements to libpsx
  * Fix the capsh == argument handling and add a test case 
  * Added build support for systems that do not support libpthread
  * Added build support for not building shared libraries

OBS-URL: https://build.opensuse.org/package/show/Base:System/libcap?expand=0&rev=48
2021-01-04 08:49:00 +00:00
80cf1e65e7 - update to 2.44:
Generally, this is a release to help package builders: no functional change
  to any of the generated code just documentation and make related fixes.

OBS-URL: https://build.opensuse.org/package/show/Base:System/libcap?expand=0&rev=46
2020-11-16 08:56:29 +00:00
4521466958 - update to 2.45:
* Fix the capsh == argument handling and add a test case - bug#209873 (report by Marcus Gelderie)
  * Add support for libpsx.so building - bug#206093
  * Added build support for systems that do not support libpthread (make PTHREADS=no ...)  - bug#209875 (requested by Heiko Thiery)
  * Recent golang builds (pre-release) default to ignoring GOPATH, so adjust the in-tree building to override this explicitly with GO111MODULE=off
  * Go package document updates since golang 1.15 is released.

OBS-URL: https://build.opensuse.org/package/show/Base:System/libcap?expand=0&rev=42
2020-11-15 11:34:55 +00:00
126a1904a0 - update to 2.43
* Linus' kernel tree defines CAP_CHECKPOINT_RESTORE (40) so support it.
  * Fix the creation of the $(FAKEROOT)$(LIBDIR) for split install targets
  * Clean up a binary from the distribution
  * Added some more release time checks for non-git tracked files.
  * Fix a deadlock in libpsx that surfaced with a set of compiler optimizations by removing the psx wrapping harder.

OBS-URL: https://build.opensuse.org/package/show/Base:System/libcap?expand=0&rev=40
2020-09-02 18:43:34 +00:00
93ba93e93c Update to 2.42 again but without submitting to FACTORY yet
OBS-URL: https://build.opensuse.org/package/show/Base:System/libcap?expand=0&rev=37
2020-08-11 10:36:09 +00:00
2bb24dcaa3 Revert to the old good-working 2.32, as it breaks some other programs (bsc#1175076)
OBS-URL: https://build.opensuse.org/package/show/Base:System/libcap?expand=0&rev=36
2020-08-11 10:19:52 +00:00
6cbcd0744a Accepting request 824647 from home:polslinux:branches:Base:System
- Update to version 2.42:
  * Closed a potential issue with "libcap/psx" Go package and errno
  * Documentation updates
  * Minor optimization for cap_to_text() and (*cap.Set).String()
  * Discovered and added a missing function (*cap.Set).SetNSOwner() to achieve parity with libcap
  * Multiple fixes
  * Support Go module abstraction
  * A new kernel capability: CAP_BPF
  * Better support for cross-compilation
  * pam_cap now honors PAM_REINITIALIZE_CRED
  * implements cap_launch functionality

OBS-URL: https://build.opensuse.org/request/show/824647
OBS-URL: https://build.opensuse.org/package/show/Base:System/libcap?expand=0&rev=35
2020-08-10 16:17:11 +00:00
cb7c5564db Accepting request 774608 from home:tiwai:branches:Base:System
- Update to version 2.32:
  * Bug fix for fakeroot incompatibility (boo#1162014)
  * Slight perf improvement for cap_get_bound().
  * C++ support for psx header inclusion.
  * Some new testing features for capsh

- Update to version 2.31:
  * primarily a documentation update
  * fix libpam.pc to not require libpsx.pc
  * changed the text format of the default output of getpcap

OBS-URL: https://build.opensuse.org/request/show/774608
OBS-URL: https://build.opensuse.org/package/show/Base:System/libcap?expand=0&rev=33
2020-02-15 20:39:18 +00:00
2e95b104fc Accepting request 763961 from home:pluskalm:branches:Base:System
- Build using -ffat-lto-objects for static library

OBS-URL: https://build.opensuse.org/request/show/763961
OBS-URL: https://build.opensuse.org/package/show/Base:System/libcap?expand=0&rev=32
2020-01-13 13:18:27 +00:00
6da5c4781b Accepting request 762391 from home:pluskalm:branches:Base:System
- Update to version 2.30:
  * BUGFIX: arm and i386 fixes C and Go setgroups choice - used
    wrong syscall in 2.29.
  * cleaned up make clean and make install to actually work as
    intended
  * updated Gentoo libpsx.pc file from Lars Wendler
  * refactored the way libpsx linkage with libcap performed mutual
    discovery.
  * Previously (2.28) libpsx had an API call overridden by libcap
    using weak linkage function in libpsx. In 2.30 this is reversed,
    namely libpsx provides the stronger function and libcap has a
    weak "no-op" version.
  * a bit more consistency in handling the 'all' sets in libcap
    (C) and libcap/cap (Go). Namely, they both dynamically discover
    the number of capabilities named by the kernel and use this as
    the definition of 'all' for the current runtime.
    + libcap (C) exports cap_max_bit() to export the number of
      supported capabilities
    + libcap/cap (Go) exports cap.MaxBits() for this same value.
- For changes for older releases see:
  * https://sites.google.com/site/fullycapable/release-notes-for-libcap
- Add glibc-static-devel as build requirement as tests need it
- Install libpsx.a as it seems to be needed in some cases:
  * https://bugs.gentoo.org/703912

OBS-URL: https://build.opensuse.org/request/show/762391
OBS-URL: https://build.opensuse.org/package/show/Base:System/libcap?expand=0&rev=31
2020-01-10 16:37:07 +00:00
31075c8cee Accepting request 757364 from home:mgerstner:branches:Base:System
- Remove pam_cap (bsc#1150522) since this PAM module is a bad idea, security
  wise.

OBS-URL: https://build.opensuse.org/request/show/757364
OBS-URL: https://build.opensuse.org/package/show/Base:System/libcap?expand=0&rev=29
2019-12-16 16:09:25 +00:00
1b34ec62c5 Accepting request 580094 from home:favogt:licensetag
Use %license (boo#1082318). Please forward to SLE, if possible

OBS-URL: https://build.opensuse.org/request/show/580094
OBS-URL: https://build.opensuse.org/package/show/Base:System/libcap?expand=0&rev=27
2018-02-26 09:45:49 +00:00
a1a6bd025e Accepting request 453673 from home:matwey:branches:Base:System
OBS-URL: https://build.opensuse.org/request/show/453673
OBS-URL: https://build.opensuse.org/package/show/Base:System/libcap?expand=0&rev=25
2017-02-01 11:00:58 +00:00
8af9f9938f Accepting request 448399 from home:jengelh:branches:Base:System
- RPM group association fix

OBS-URL: https://build.opensuse.org/request/show/448399
OBS-URL: https://build.opensuse.org/package/show/Base:System/libcap?expand=0&rev=23
2017-01-02 08:55:28 +00:00
b686ff0d84 Accepting request 423725 from home:dimstar:Factory
Update to version 2.25 - NOTE: GNOME 3.22 requires at least version 2.23, TW currenly has 2.22; as we need to care for an update anyway, we bumped to 2.25 (current latest)

OBS-URL: https://build.opensuse.org/request/show/423725
OBS-URL: https://build.opensuse.org/package/show/Base:System/libcap?expand=0&rev=21
2016-08-30 13:33:41 +00:00
7ca155fc10 Accepting request 285938 from home:posophe:branches:Base:System
Update and fix

OBS-URL: https://build.opensuse.org/request/show/285938
OBS-URL: https://build.opensuse.org/package/show/Base:System/libcap?expand=0&rev=20
2015-02-16 08:13:36 +00:00
c3c6c92bf0 Accepting request 238088 from home:elvigia:branches:Base:System
- libcap-nolibattr.patch Do not link to libattr, it is 
  a bogus dependency. application uses sys/xattr from libc.

OBS-URL: https://build.opensuse.org/request/show/238088
OBS-URL: https://build.opensuse.org/package/show/Base:System/libcap?expand=0&rev=18
2014-06-20 12:37:23 +00:00
Stephan Kulow
1fc547dc88 Accepting request 150709 from openSUSE:Factory:Staging:spdx
update license to new format

OBS-URL: https://build.opensuse.org/request/show/150709
OBS-URL: https://build.opensuse.org/package/show/Base:System/libcap?expand=0&rev=16
2013-02-01 12:04:59 +00:00
5388069bf3 Accepting request 84056 from home:a_jaeger:branches:openSUSE:Factory
Update license.

OBS-URL: https://build.opensuse.org/request/show/84056
OBS-URL: https://build.opensuse.org/package/show/Base:System/libcap?expand=0&rev=14
2011-09-21 08:46:46 +00:00
5a20fd5cee Accepting request 54338 from home:msmeissn:branches:Base:System
ok

OBS-URL: https://build.opensuse.org/request/show/54338
OBS-URL: https://build.opensuse.org/package/show/Base:System/libcap?expand=0&rev=12
2010-12-02 14:57:01 +00:00
OBS User buildservice-autocommit
d40cb191ed Updating link to change in openSUSE:Factory/libcap revision 19.0
OBS-URL: https://build.opensuse.org/package/show/Base:System/libcap?expand=0&rev=8f8e61aac09e46025ba2daf5bf58dca0
2010-07-23 15:12:21 +00:00
OBS User autobuild
c637b48e94 Accepting request 43692 from Base:System
checked in (request 43692)

OBS-URL: https://build.opensuse.org/request/show/43692
OBS-URL: https://build.opensuse.org/package/show/Base:System/libcap?expand=0&rev=10
2010-07-23 15:12:20 +00:00
Stephan Kulow
a75254d145 Accepting request 42136 from home:jengelh:smp
Copy from home:jengelh:smp/libcap via accept of submit request 42136 revision 2.
Request was accepted with message:
Reviewed ok

OBS-URL: https://build.opensuse.org/request/show/42136
OBS-URL: https://build.opensuse.org/package/show/Base:System/libcap?expand=0&rev=9
2010-06-28 21:26:12 +00:00
OBS User autobuild
dbb0458c78 Accepting request 41330 from Base:System
Copy from Base:System/libcap based on submit request 41330 from user dirkmueller

OBS-URL: https://build.opensuse.org/request/show/41330
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libcap?expand=0&rev=16
2010-06-11 08:25:48 +00:00
OBS User autobuild
76193ff7f4 Accepting request 27550 from Base:System
Copy from Base:System/libcap based on submit request 27550 from user coolo

OBS-URL: https://build.opensuse.org/request/show/27550
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libcap?expand=0&rev=14
2009-12-26 11:17:42 +00:00
OBS User unknown
1b540731a8 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libcap?expand=0&rev=12 2009-03-24 17:34:55 +00:00
OBS User unknown
fdb126b0a2 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libcap?expand=0&rev=11 2009-03-17 15:34:11 +00:00