205f04036cAccepting request 1176879 from home:AndreasStieger:branches:Base:SystemTakashi Iwai2024-05-26 08:19:15 +0000
89cf15b63aAccepting request 1090157 from home:msmeissn:branches:Base:SystemMarcus Meissner2023-06-01 06:54:16 +0000
5eeb4b0cd0Accepting request 1087357 from Base:System
Dominique Leuenberger
2023-05-20 15:23:22 +0000
d191c767e9Accepting request 1087355 from home:msmeissn:branches:Base:SystemMarcus Meissner2023-05-16 08:36:59 +0000
7c0b71a713Accepting request 1075562 from Base:System
Dominique Leuenberger
2023-04-03 15:45:21 +0000
bd79f2d7d2- update to 2.68: * Force libcap internal functions to be hidden outside the library * Expanded the list of man page (links) to all of the supported API functions. * fixed some formatting issues with the libpsx(3) manpage. * Add support for a markdown preamble and postscript when generating .md versions of the man pages (Bug 217007) * psx package clean up * fix some copy-paste errors with TestShared() * added a more complete psx testing into this test as well * cap package clean up * drop an unnecessary use of ", _" in the sources * cleaned up cap.NamedCount documentation * Converted goapps/web/README to .md format and fixed the instructions to indicate go mod tidy is needed. * cap_compare test binary now cleans up after itself (Bug 217018) * Figured out how to cross compile Go programs for arm (i.e. RPi) that use C code, don't use cgo but do use the psx package * Eliminate use of vendor directoryDirk Mueller2023-03-30 08:01:04 +0000
9e17cb08b9Accepting request 1074160 from Base:System
Dominique Leuenberger
2023-03-29 21:25:48 +0000
ace206afa6Accepting request 1074133 from home:marxin:branches:Base:SystemDirk Mueller2023-03-24 12:14:17 +0000
4647d305dfAccepting request 1074125 from home:tiwai:branches:Base:SystemTakashi Iwai2023-03-24 09:45:03 +0000
f1d808422aAccepting request 1073998 from home:marxin:branches:Base:SystemTakashi Iwai2023-03-24 09:31:56 +0000
6982484ac9Accepting request 1064421 from Base:System
Dominique Leuenberger
2023-02-14 15:42:24 +0000
0d6a83f543- update to 2.67: * Replace use of fgrep with grep -F (POSIX grep flags preferred by GNU grep) - patch from David Seifert. * Added SPDX identifiers to License file(s). Hopefully this will help the various robots out there correctly identify the longstanding licenses for libcap and friends. (Bug: 216609 reported by Günther Noack) * Started down the rabbit hole of trying to address (Bug: 216610 reported by Günther Noack on behalf of Michael Stapelberg) * The basic issue is how to link C code with Go psx without using CGo. This is all a low level hackery. If you are interested, browse the source. * Correct for bad whatis entries in man pages (this was throwing a Debian build test, detail) * Also reviewed man pages and addressed cross linkage issues (Bug: * Cleaned up some README.md files (made a github mirror now just so I can automatically render them). * Changed meaning of DYNAMIC=no builds. This now builds everything with static linking except for libc. The reason for this exception is explained in the commit message. * Inserted demonstration exploit code in capso.so to support article. * Minor clarification to cap_get_pid() man page concerning pid value within namespaces.Dirk Mueller2023-02-04 18:43:33 +0000
96e45925ccAccepting request 1007104 from Base:System
Dominique Leuenberger
2022-10-03 11:44:42 +0000
b8ed86315c- update to 2.66: * Fix documentation typos in cap_from_text.3 * Some getpcaps code clean up and a fix for PID argument parsing from Jakub Wilk. * Slightly more robust Makefiles to address an error with make -j48 test observed * Include a simple Go program, captrace, to trace kernel capability validation checks * This program can be used to figure out what capabilities a program needs to operate. * captrace (a wrapper for bpftrace) uses BPF kprobes to monitor the kernel for capability checks and whether or not they succeed for the system, a specific PID or a program's direct execution. * Trim down the default file capabilities for contrib/sucap/su to those actually needed and set USER and HOME environment variables so bash doesn't complain about a sourcing error.Dirk Mueller2022-09-29 19:51:11 +0000
438cbe10caAccepting request 990728 from Base:System
Fabian Vogt
2022-07-31 21:00:07 +0000
7ce603da3b- update to 2.65: * Fix syntax error in DEBUG build of protected code in setcap.c. * Prevent bash from reading the wrong startup files when the capsh --user=xxx argument is used to invoke a shell as the user xxx. This is done by capsh now changing the USER and HOME environment variables when --user is specified. The argument --noenv can be used to suppress this behavior to what used to be the problematic default. (Bug: 215926) * Improved documentationDirk Mueller2022-07-22 21:37:17 +0000
960e1cb2e6Accepting request 969556 from Base:System
Dominique Leuenberger
2022-04-17 21:49:33 +0000
f6cc24b125- update to 2.64: * Fix memory leak in libpsx at program exit. * Be more resilient to CGo configuration with Go compiler when building tests. * Fix cap_*prctl() return code/errno handling. * Minor clarification to cap_get_pid() man page concerning pid value within namespaces.Dirk Mueller2022-04-12 19:47:22 +0000
456978e9d5Accepting request 957551 from Base:System
Dominique Leuenberger
2022-02-27 21:42:40 +0000
7efab90dafAccepting request 957541 from home:msmeissn:branches:Base:SystemMarcus Meissner2022-02-25 09:48:22 +0000
e3d0b26352Accepting request 950291 from Base:System
Dominique Leuenberger
2022-02-03 22:16:16 +0000
c97b598a4b- update to 2.63: * restore errno to zero by the time main() is executed * Consistent psx handling (a panic) for syscalls that return thread dependent status Inconsistend behavior noticed by Lorenz Bauer * Add a test case for a deadlock under investigation in golang * Trim some of the #include file use to make the tree compile more efficientlyDirk Mueller2022-01-31 20:09:48 +0000
5613ee97ceAccepting request 943181 from Base:System
Dominique Leuenberger
2022-01-02 15:06:24 +0000
247a867674- update to 2.62: * Bug fix for Go package "cap" and launching * Build cleanups * Documentation updates: cap_max_bits has a man page entry * Recognize default securebits as a libcap mode: HYBRIDDirk Mueller2021-12-30 09:53:04 +0000
af37aa0b01Accepting request 934430 from Base:System
Dominique Leuenberger
2021-12-02 21:30:02 +0000
45f6db7d48Accepting request 932823 from home:AndreasStieger:branches:Base:SystemDirk Mueller2021-11-24 08:34:20 +0000
1942a9febeAccepting request 922320 from Base:System
Richard Brown
2021-10-08 20:04:30 +0000
f932419beaAccepting request 921983 from home:polslinux:branches:Base:SystemTakashi Iwai2021-09-30 08:46:24 +0000
275d75d2feAccepting request 906773 from Base:System
Dominique Leuenberger
2021-07-21 17:05:29 +0000
5f59917f96- update to 2.51: * Fix capsh installation * Add an autoauth module flag to pam_cap.so * Unified libcap/cap (Go) and libcap (C) default generation of external format binary data * API enhancement cap_fill() and (*cap.Set).Fill() - to permit copying one capability flag to another. * --explain=cap_foo: describe what cap_foo does * --suggest=phrase: search all the cap descriptions and describe those that match the phrase * Add "keepcaps" module argument support to pam_cap.so (reported by Zoltan Fridrich. Bug 212945) * extend libcap to include cap_prctl() and cap_prctlw() functions to regain feature parity with Go "cap" package. These are only needed when linking against -lpsx for keepcaps POSIX semantics. * this likely requires substantial application changes to make Ambient capability support usable in general, but doing our part for the admin. * Add a test case for recent kernel fix * Go pragma fix for convenience functions in "cap" moduleDirk Mueller2021-07-17 06:36:52 +0000
d35f78de7eAccepting request 896907 from Base:System
Dominique Leuenberger
2021-06-05 21:31:14 +0000
687522c9a0Accepting request 896875 from home:cgiboudeaux:branches:Base:SystemTakashi Iwai2021-06-02 11:43:33 +0000
50efae11fcAccepting request 886057 from Base:System
Dominique Leuenberger
2021-04-19 19:05:45 +0000
65df6bfa1dAccepting request 886056 from home:tiwai:branches:Base:SystemTakashi Iwai2021-04-16 14:38:53 +0000
de9c77f605Accepting request 880541 from Base:System
Richard Brown
2021-04-06 15:28:40 +0000
af2d1522ed- update to 2.49: * Implement cap_func_launcher() and cap.FuncLauncher(). * More robust "psx" redirection for nocgo compilation - the documentation for the cgo implementation is now included in the nocgo one because the go.dev automated documentation builds the docs from the nocgo version. * Lots of documentation cleanups and added a few man pages: for IAB and Launching. * Some general no-op License changes that might cause folk to notice but only for formatting reasons. These were initially inspired by some lawyerly interactions, but I ended up rolling back half of them because they confused automated software infrastructure.Dirk Mueller2021-03-22 15:38:43 +0000
3e024ea9d1Accepting request 870717 from Base:System
Dominique Leuenberger
2021-02-16 21:34:57 +0000
eae0ad6ed8- update to 2.48: * More uniform use of $(MAKE) in Makefiles * No longer include symlinks in the git tree * Provide support for make GOLANG=no ... * Provide support for pointing at a specific build of the go binary * camelCase the contrib/seccomp/explore.go program * A number of documentation fixes to man pages and source code comments * Last use of GO major version 0Dirk Mueller2021-02-09 23:18:04 +0000
c6cf95028aAccepting request 867074 from Base:System
Dominique Leuenberger
2021-02-07 14:13:35 +0000
b830e8a6f7- update to 2.47: * Restructured gowns to default to uid base of getuid(). * Augment NOPRIV libcap mode with the sticky NO_NEW_PRIVS prctl bit. * Improve the usage and diagnostic message for setcap * Documentation fixes, license declarations, example updatesDirk Mueller2021-01-27 07:55:14 +0000
472cc35d39Accepting request 860344 from Base:System
Dominique Leuenberger
2021-01-22 20:48:50 +0000
60c579967a- update to 2.46: * The bulk of this release concerns fixes and improvements to libpsx * Fix the capsh == argument handling and add a test case * Added build support for systems that do not support libpthread * Added build support for not building shared librariesDirk Mueller2021-01-04 08:49:00 +0000
bec88c9ccdAccepting request 853758 from Base:System
Dominique Leuenberger
2020-12-21 09:21:46 +0000
80cf1e65e7- update to 2.44: Generally, this is a release to help package builders: no functional change to any of the generated code just documentation and make related fixes.Dirk Mueller2020-11-16 08:56:29 +0000
4521466958- update to 2.45: * Fix the capsh == argument handling and add a test case - bug#209873 (report by Marcus Gelderie) * Add support for libpsx.so building - bug#206093 * Added build support for systems that do not support libpthread (make PTHREADS=no ...) - bug#209875 (requested by Heiko Thiery) * Recent golang builds (pre-release) default to ignoring GOPATH, so adjust the in-tree building to override this explicitly with GO111MODULE=off * Go package document updates since golang 1.15 is released.Dirk Mueller2020-11-15 11:34:55 +0000
ff709d260aAccepting request 831514 from Base:System
Dominique Leuenberger
2020-09-08 20:55:13 +0000
126a1904a0- update to 2.43 * Linus' kernel tree defines CAP_CHECKPOINT_RESTORE (40) so support it. * Fix the creation of the $(FAKEROOT)$(LIBDIR) for split install targets * Clean up a binary from the distribution * Added some more release time checks for non-git tracked files. * Fix a deadlock in libpsx that surfaced with a set of compiler optimizations by removing the psx wrapping harder.Dirk Mueller2020-09-02 18:43:34 +0000
b360759d90Accepting request 825941 from Base:System
Dominique Leuenberger
2020-08-17 09:59:59 +0000
Ana Guerrero
Marcus Meissner
Takashi Iwai
Dominique Leuenberger
Dirk Mueller
Fabian Vogt
Richard Brown
Stephan Kulow
Sascha Peilicke
Berthold Gunreben