------------------------------------------------------------------- Tue May 16 08:13:00 UTC 2023 - Marcus Meissner - updated to 2.69 - An audit was performed on libcap and friends by https://x41-dsec.de/ (blog) . The audit (final report, 2023-05-10) was sponsored by the the Open Source Technology Improvement Fund, https://ostif.org/ (blog). Five issues were found. Four of them are addressed in this release. Each issue was labeled in the audit results as follows: - LCAP-CR-23-01 (SEVERITY) LOW (CVE-2023-2602) - found by David Gstir (bsc#1211418) - LCAP-CR-23-02 (SEVERITY) MEDIUM (CVE-2023-2603) - found by Richard Weinberger (bsc#1211419) - LCAP-CR-23-100 (SEVERITY) NONE - LCAP-CR-23-101 (SEVERITY) NONE - LCAP-CR-23-102 (SEVERITY) NONE - Man page style improvement from Emanuele Torre ------------------------------------------------------------------- Thu Mar 30 07:55:07 UTC 2023 - Dirk Müller - update to 2.68: * Force libcap internal functions to be hidden outside the library * Expanded the list of man page (links) to all of the supported API functions. * fixed some formatting issues with the libpsx(3) manpage. * Add support for a markdown preamble and postscript when generating .md versions of the man pages (Bug 217007) * psx package clean up * fix some copy-paste errors with TestShared() * added a more complete psx testing into this test as well * cap package clean up * drop an unnecessary use of ", _" in the sources * cleaned up cap.NamedCount documentation * Converted goapps/web/README to .md format and fixed the instructions to indicate go mod tidy is needed. * cap_compare test binary now cleans up after itself (Bug 217018) * Figured out how to cross compile Go programs for arm (i.e. RPi) that use C code, don't use cgo but do use the psx package * Eliminate use of vendor directory ------------------------------------------------------------------- Fri Mar 24 10:16:26 UTC 2023 - Martin Liška - Enable LTO and add missing -ffat-lto-objects for the provided static libs. ------------------------------------------------------------------- Fri Mar 24 09:38:17 UTC 2023 - Takashi Iwai - Revert LTO again; it still breaks builds ------------------------------------------------------------------- Thu Mar 23 15:43:17 UTC 2023 - Martin Liška - Enable LTO as it works fine. ------------------------------------------------------------------- Sat Feb 4 18:39:55 UTC 2023 - Dirk Müller - update to 2.67: * Replace use of fgrep with grep -F (POSIX grep flags preferred by GNU grep) - patch from David Seifert. * Added SPDX identifiers to License file(s). Hopefully this will help the various robots out there correctly identify the longstanding licenses for libcap and friends. (Bug: 216609 reported by Günther Noack) * Started down the rabbit hole of trying to address (Bug: 216610 reported by Günther Noack on behalf of Michael Stapelberg) * The basic issue is how to link C code with Go psx without using CGo. This is all a low level hackery. If you are interested, browse the source. * Correct for bad whatis entries in man pages (this was throwing a Debian build test, detail) * Also reviewed man pages and addressed cross linkage issues (Bug: * Cleaned up some README.md files (made a github mirror now just so I can automatically render them). * Changed meaning of DYNAMIC=no builds. This now builds everything with static linking except for libc. The reason for this exception is explained in the commit message. * Inserted demonstration exploit code in capso.so to support article. ------------------------------------------------------------------- Thu Sep 29 19:49:37 UTC 2022 - Dirk Müller - update to 2.66: * Fix documentation typos in cap_from_text.3 * Some getpcaps code clean up and a fix for PID argument parsing from Jakub Wilk. * Slightly more robust Makefiles to address an error with make -j48 test observed * Include a simple Go program, captrace, to trace kernel capability validation checks * This program can be used to figure out what capabilities a program needs to operate. * captrace (a wrapper for bpftrace) uses BPF kprobes to monitor the kernel for capability checks and whether or not they succeed for the system, a specific PID or a program's direct execution. * Trim down the default file capabilities for contrib/sucap/su to those actually needed and set USER and HOME environment variables so bash doesn't complain about a sourcing error. ------------------------------------------------------------------- Fri Jul 22 21:34:46 UTC 2022 - Dirk Müller - update to 2.65: * Fix syntax error in DEBUG build of protected code in setcap.c. * Prevent bash from reading the wrong startup files when the capsh --user=xxx argument is used to invoke a shell as the user xxx. This is done by capsh now changing the USER and HOME environment variables when --user is specified. The argument --noenv can be used to suppress this behavior to what used to be the problematic default. (Bug: 215926) * Improved documentation ------------------------------------------------------------------- Tue Apr 12 19:46:17 UTC 2022 - Dirk Müller - update to 2.64: * Fix memory leak in libpsx at program exit. * Be more resilient to CGo configuration with Go compiler when building tests. * Fix cap_*prctl() return code/errno handling. * Minor clarification to cap_get_pid() man page concerning pid value within namespaces. ------------------------------------------------------------------- Fri Feb 25 09:05:58 UTC 2022 - Marcus Meissner - Use "or" in the license tag to avoid confusion (bsc#1180073) ------------------------------------------------------------------- Mon Jan 31 20:08:24 UTC 2022 - Dirk Müller - update to 2.63: * restore errno to zero by the time main() is executed * Consistent psx handling (a panic) for syscalls that return thread dependent status Inconsistend behavior noticed by Lorenz Bauer * Add a test case for a deadlock under investigation in golang * Trim some of the #include file use to make the tree compile more efficiently ------------------------------------------------------------------- Thu Dec 30 09:52:10 UTC 2021 - Dirk Müller - update to 2.62: * Bug fix for Go package "cap" and launching * Build cleanups * Documentation updates: cap_max_bits has a man page entry * Recognize default securebits as a libcap mode: HYBRID ------------------------------------------------------------------- Sun Nov 21 19:20:22 UTC 2021 - Andreas Stieger - libcap 2.61: * Better error handling of the numerical arguments for capsh and setcap * Fix executable mode for all of the .so files. There were two situations where this was failing (with a hard to debug SIGSEGV inside libc) * Added an example of a shared library object with its own file capability * Fix the top-level include for Make.Rules in the contrib/sucap example application * Add support for running constructors at libcap.so start up time when running as stand alone binary. - includes changes from 2.60: * Some build, code linting fixes, the addition of the cap_fill_flag() API and a memory latency optimization * General improvement in thread safety for libcap and cap package * Minor API change replacing libcap:cap_launch_*() void returning functions with int + errno status returns. * Added a cap_iab_dup(), and (*cap.IAB).Dup() to API * New features for capsh: --quiet, -+ and =+ arguments - add upstream signing key and verify source signature ------------------------------------------------------------------- Tue Sep 28 12:05:15 UTC 2021 - Paolo Stivanin - update to 2.59: * Fixed a potential libcap memory leak by adding a destructor * Major improvement is that there is a path for Linux-PAM compliant applications to support setting Ambient vector Capabilities via pam_cap.so now * Added libcap cap_proc_root() API function * Added color support to captree * Fixed contrib/sucap/su to correctly handle the Inheritable flag * capsh enhancements * getcap -r / now generates readable output * The shared library objects: pam_cap.so, libcap.so and libpsx.so, are all now runnable as standalone binaries * The module pam_cap.so now contains support for a default= module argument * Enhanced capsh --suggest to also compare against the capability value names and not just their descriptions * Added capsh --current support * Added a contrib/sucap/su.c pure-capabilities PAM implementation of su * Fix for a corner case infinite loop handling long strings * Added libcap cap_iab_compare() and cap_iab_get_pid() APIs * Added a Go utility, captree, to display the process (and thread) graph along with the POSIX.1e and IAB capabilities of each PID{TID} tree. ------------------------------------------------------------------- Sat Jul 17 06:33:52 UTC 2021 - Dirk Müller - update to 2.51: * Fix capsh installation * Add an autoauth module flag to pam_cap.so * Unified libcap/cap (Go) and libcap (C) default generation of external format binary data * API enhancement cap_fill() and (*cap.Set).Fill() - to permit copying one capability flag to another. * --explain=cap_foo: describe what cap_foo does * --suggest=phrase: search all the cap descriptions and describe those that match the phrase * Add "keepcaps" module argument support to pam_cap.so (reported by Zoltan Fridrich. Bug 212945) * extend libcap to include cap_prctl() and cap_prctlw() functions to regain feature parity with Go "cap" package. These are only needed when linking against -lpsx for keepcaps POSIX semantics. * this likely requires substantial application changes to make Ambient capability support usable in general, but doing our part for the admin. * Add a test case for recent kernel fix * Go pragma fix for convenience functions in "cap" module ------------------------------------------------------------------- Wed Jun 2 09:29:35 UTC 2021 - Christophe Giboudeaux - Fix a broken symlink. libcap-devel installs libpsx.so but didn't install the library it's pointing to. ------------------------------------------------------------------- Fri Apr 16 16:05:30 CEST 2021 - tiwai@suse.de - Add explicit dependency on libcap2 with version to libcap-progs (bsc#1184690) ------------------------------------------------------------------- Mon Mar 22 15:38:06 UTC 2021 - Dirk Müller - update to 2.49: * Implement cap_func_launcher() and cap.FuncLauncher(). * More robust "psx" redirection for nocgo compilation - the documentation for the cgo implementation is now included in the nocgo one because the go.dev automated documentation builds the docs from the nocgo version. * Lots of documentation cleanups and added a few man pages: for IAB and Launching. * Some general no-op License changes that might cause folk to notice but only for formatting reasons. These were initially inspired by some lawyerly interactions, but I ended up rolling back half of them because they confused automated software infrastructure. ------------------------------------------------------------------- Tue Feb 9 23:16:17 UTC 2021 - Dirk Müller - update to 2.48: * More uniform use of $(MAKE) in Makefiles * No longer include symlinks in the git tree * Provide support for make GOLANG=no ... * Provide support for pointing at a specific build of the go binary * camelCase the contrib/seccomp/explore.go program * A number of documentation fixes to man pages and source code comments * Last use of GO major version 0 ------------------------------------------------------------------- Wed Jan 27 07:53:21 UTC 2021 - Dirk Müller - update to 2.47: * Restructured gowns to default to uid base of getuid(). * Augment NOPRIV libcap mode with the sticky NO_NEW_PRIVS prctl bit. * Improve the usage and diagnostic message for setcap * Documentation fixes, license declarations, example updates ------------------------------------------------------------------- Mon Jan 4 08:46:44 UTC 2021 - Dirk Müller - update to 2.46: * The bulk of this release concerns fixes and improvements to libpsx * Fix the capsh == argument handling and add a test case * Added build support for systems that do not support libpthread * Added build support for not building shared libraries ------------------------------------------------------------------- Sat Nov 14 10:26:54 UTC 2020 - Dirk Mueller - update to 2.44: Generally, this is a release to help package builders: no functional change to any of the generated code just documentation and make related fixes. ------------------------------------------------------------------- Wed Sep 2 17:03:06 UTC 2020 - Dirk Mueller - update to 2.43 * Linus' kernel tree defines CAP_CHECKPOINT_RESTORE (40) so support it. * Fix the creation of the $(FAKEROOT)$(LIBDIR) for split install targets * Clean up a binary from the distribution * Added some more release time checks for non-git tracked files. * Fix a deadlock in libpsx that surfaced with a set of compiler optimizations by removing the psx wrapping harder. ------------------------------------------------------------------- Thu Aug 6 08:33:09 UTC 2020 - Paolo Stivanin - Update to version 2.42: * Closed a potential issue with "libcap/psx" Go package and errno * Documentation updates * Minor optimization for cap_to_text() and (*cap.Set).String() * Discovered and added a missing function (*cap.Set).SetNSOwner() to achieve parity with libcap * Multiple fixes * Support Go module abstraction * A new kernel capability: CAP_BPF * Better support for cross-compilation * pam_cap now honors PAM_REINITIALIZE_CRED * implements cap_launch functionality ------------------------------------------------------------------- Sat Feb 15 21:24:26 CET 2020 - tiwai@suse.de - Update to version 2.32: * Bug fix for fakeroot incompatibility (boo#1162014) * Slight perf improvement for cap_get_bound(). * C++ support for psx header inclusion. * Some new testing features for capsh ------------------------------------------------------------------- Tue Jan 28 14:23:23 CET 2020 - tiwai@suse.de - Update to version 2.31: * primarily a documentation update * fix libpam.pc to not require libpsx.pc * changed the text format of the default output of getpcap ------------------------------------------------------------------- Mon Jan 13 12:54:25 UTC 2020 - Martin Pluskal - Build using -ffat-lto-objects for static library ------------------------------------------------------------------- Thu Jan 9 16:05:12 UTC 2020 - Martin Pluskal - Update to version 2.30 (jsc#SLE-17092, jsc#ECO-3460): * BUGFIX: arm and i386 fixes C and Go setgroups choice - used wrong syscall in 2.29. * cleaned up make clean and make install to actually work as intended * updated Gentoo libpsx.pc file from Lars Wendler * refactored the way libpsx linkage with libcap performed mutual discovery. * Previously (2.28) libpsx had an API call overridden by libcap using weak linkage function in libpsx. In 2.30 this is reversed, namely libpsx provides the stronger function and libcap has a weak "no-op" version. * a bit more consistency in handling the 'all' sets in libcap (C) and libcap/cap (Go). Namely, they both dynamically discover the number of capabilities named by the kernel and use this as the definition of 'all' for the current runtime. + libcap (C) exports cap_max_bit() to export the number of supported capabilities + libcap/cap (Go) exports cap.MaxBits() for this same value. - For changes for older releases see: * https://sites.google.com/site/fullycapable/release-notes-for-libcap - Add glibc-static-devel as build requirement as tests need it - Install libpsx.a as it seems to be needed in some cases: * https://bugs.gentoo.org/703912 ------------------------------------------------------------------- Mon Dec 16 14:21:27 UTC 2019 - matthias.gerstner@suse.com - Remove pam_cap (bsc#1150522) since this PAM module is a bad idea, security wise. ------------------------------------------------------------------- Thu Feb 22 15:10:35 UTC 2018 - fvogt@suse.com - Use %license (boo#1082318) ------------------------------------------------------------------- Tue Jan 31 17:52:31 UTC 2017 - matwey.kornilov@gmail.com - Enable PAM pam_cap.so module ------------------------------------------------------------------- Sun Jan 1 12:44:21 UTC 2017 - jengelh@inai.de - RPM group association fix ------------------------------------------------------------------- Mon Aug 29 21:10:05 UTC 2016 - dimstar@opensuse.org - Update to versison 2.25: + Recover gperf detection in make rules. + Man page typo fix. + Tweak make rules to make packaging more straightforward. + Fix error explanation in setcap. + Drop need to link with libattr. It turns out libcap wasn't actually using any code from that library, so linking to it was superfluous. - Drop libcap-nolibattr.patch: fixed upstream. - No longer add %{buildroot} to all variables for make install the Makefile learned about the meaning of DESTDIR. ------------------------------------------------------------------- Sat Jan 31 11:22:58 UTC 2015 - p.drouand@gmail.com - Update to version 2.24 * Fix compilation problems (note to self, make distclean && make, before release) * Some make rule changes to make uploading a release to kernel.org easier for me. * Tidied up some documented links. - Update libcap-nolibattr.patch - Add pkg-config build requirement; libcap now provides a pkgconfig file - Clean up specfile - Move libraries and binaries to /usr because of #UsrMove ------------------------------------------------------------------- Thu Jun 19 17:32:36 UTC 2014 - crrodriguez@opensuse.org - libcap-nolibattr.patch Do not link to libattr, it is a bogus dependency. application uses sys/xattr from libc. ------------------------------------------------------------------- Fri Feb 1 12:02:04 UTC 2013 - coolo@suse.com - update license to new format ------------------------------------------------------------------- Tue Sep 20 07:48:12 UTC 2011 - aj@suse.de - Cleanup specfile a bit: Remove old tags. ------------------------------------------------------------------- Tue Sep 20 07:29:05 UTC 2011 - aj@suse.de - Update to libcap 2.22 - libcap 2.22 includes: * Clarified License file (with version 2 of the GPL) * Support getting/setting capabilities on large files * After --chroot command, change working directory to "/". - libcap 2.21 includes: * Introduce cap_get_bound() and cap_drop_bound() functions. also include a macro CAP_IS_SUPPORTED(cap) for capabilities - libcap 2.20 includes: * Latest kernel capabilites supported: now includes CAP_SYSLOG * $(CFLAGS) Makefile fixes * Default to installing setcap with an inheritable capability. ------------------------------------------------------------------- Thu Dec 2 15:44:59 CET 2010 - meissner@suse.de - updated to libcap-2.19 * more stuff in capsh.c * sys/capability.h header clean up and fixes. ------------------------------------------------------------------- Thu Dec 2 15:32:34 CET 2010 - meissner@suse.de - fixed build on ppc64 (needs to get linux/types.h included first). ------------------------------------------------------------------- Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de - use %_smp_mflags ------------------------------------------------------------------- Wed Jun 9 09:22:26 UTC 2010 - chris@computersalat.de - fix deps for fdupes ------------------------------------------------------------------- Sat Dec 12 18:24:01 CET 2009 - jengelh@medozas.de - add baselibs.conf as a source ------------------------------------------------------------------- Mon Mar 18 16:25:43 CET 2009 - tiwai@suse.de - fix a typo in the previous patch (__le64) (bnc#487453) - don't define __u32 & co if _LINUX_TYPES_H is defined (bnc#487453) ------------------------------------------------------------------- Tue Mar 10 16:39:43 CET 2009 - tiwai@suse.de - fix build error on i386 due to missing __u64 definition in sys/capability.h ------------------------------------------------------------------- Wed Jan 7 16:52:19 CET 2009 - tiwai@suse.de - updated to libcap-2.15: * Makefile fixes - updated to libcap-2.16: * stop using sed for parsing capability.h ------------------------------------------------------------------- Mon Oct 27 09:49:31 CET 2008 - tiwai@suse.de - updated to libcap-2.14: * add -v mode to setcap - updated to libcap-2.13: * fix a corner case of cap_to_text() - updated to libcap-2.12: * man page fixes * remove never used codes for sysfs check ------------------------------------------------------------------- Wed Oct 22 16:17:15 CEST 2008 - mrueckert@suse.de - fix debug_packages_requires define ------------------------------------------------------------------- Wed Aug 6 14:45:32 CEST 2008 - tiwai@suse.de - updated to libcap-2.11: * makefile fixes, minor clean-ups * fix cap_copy_int(), new cap_get_pid() and cap_compare() * fix cap_copy_ext() - fix build with libcap-2.11. ------------------------------------------------------------------- Mon Aug 4 00:57:06 CEST 2008 - ro@suse.de - fix requires for debuginfo package ------------------------------------------------------------------- Wed Jun 11 16:16:49 CEST 2008 - tiwai@suse.de - updated to libcap-2.10: v3 capabilities, documantation fixes, misc fixes ------------------------------------------------------------------- Wed Apr 23 15:18:28 CEST 2008 - tiwai@suse.de - updated to libcap-2.08 properly supporting the recent 2.6 kernels ------------------------------------------------------------------- Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de - added baselibs.conf file to build xxbit packages for multilib support ------------------------------------------------------------------- Mon Apr 16 15:37:55 CEST 2007 - tiwai@suse.de - follow library packaging policy * move docs to devel package * move binaries and man pages to progs sub package * fix *.so symlink in libdir ------------------------------------------------------------------- Wed Jan 24 12:05:59 CET 2007 - tiwai@suse.de - fix the access over array range in cap_extint.c (#237943). ------------------------------------------------------------------- Tue Dec 19 18:32:28 CET 2006 - tiwai@suse.de - update to libcap-1.10 to support fscaps (#229722, FATE#301748) ------------------------------------------------------------------- Wed May 24 16:56:48 CEST 2006 - schwab@suse.de - Don't strip binaries. ------------------------------------------------------------------- Thu May 11 15:27:18 CEST 2006 - tiwai@suse.de - fix invalid calls of free() (#174561) ------------------------------------------------------------------- Wed Jan 25 21:37:23 CET 2006 - mls@suse.de - converted neededforbuild to BuildRequires ------------------------------------------------------------------- Fri Aug 19 15:20:33 CEST 2005 - kukuk@suse.de - Create -devel subpackage ------------------------------------------------------------------- Thu Jun 23 09:49:59 CEST 2005 - meissner@suse.de - use RPM_OPT_FLAGS. ------------------------------------------------------------------- Wed May 25 11:48:42 CEST 2005 - tiwai@suse.de - fixed memory leak (#85659) ------------------------------------------------------------------- Wed Jan 19 17:43:49 CET 2005 - tiwai@suse.de - fixed compile warnings with gcc-4.0. ------------------------------------------------------------------- Thu Mar 25 14:06:21 CET 2004 - thomas@suse.de - added EAL3 man-page patch ------------------------------------------------------------------- Tue Jan 27 10:21:00 CET 2004 - kukuk@suse.de - Remove capget.2/capset.2 from package (version from man-pages is newer). ------------------------------------------------------------------- Sun Jan 11 12:03:51 CET 2004 - adrian@suse.de - add %run_ldconfig ------------------------------------------------------------------- Mon Feb 24 17:45:38 CET 2003 - schwab@suse.de - Don't include kernel headers, instead copy the contents here. ------------------------------------------------------------------- Thu Feb 6 11:12:34 CET 2003 - garloff@suse.de - Avoid inclusion of glibc's linux/fs.h (it's broken) [#23324]. - Use BuildRoot. ------------------------------------------------------------------- Wed Nov 27 14:06:08 CET 2002 - coolo@suse.de - link the library with the compiler so the depedencies are tracked correctly (#21996) ------------------------------------------------------------------- Tue Sep 17 17:34:28 CEST 2002 - ro@suse.de - removed bogus self-provides ------------------------------------------------------------------- Wed Sep 4 12:53:18 CEST 2002 - sf@suse.de - fix biarch error (added patch to Make.Rules) ------------------------------------------------------------------- Sun Aug 11 22:04:58 CEST 2002 - kukuk@suse.de - Remove kernel-source from neededforbuild ------------------------------------------------------------------- Sat Apr 20 15:41:55 MEST 2002 - garloff@suse.de - Include capfaq-0.2.txt - Disable syscall wrapper (capset/capget); it's defined in glibc. ------------------------------------------------------------------- Sat Apr 20 11:12:42 MEST 2002 - garloff@suse.de - Compile syscall wrapper without -fPIC ------------------------------------------------------------------- Tue Apr 9 16:57:15 CEST 2002 - ro@suse.de - apply gcc-3 fixes only for gcc-3 ------------------------------------------------------------------- Mon Mar 25 13:54:51 CET 2002 - stepan@suse.de - remove -ansi, as it forbids inline. (gcc3) - use -fpic for building libraries (gcc3) ------------------------------------------------------------------- Wed Sep 5 23:45:54 CEST 2001 - ro@suse.de - updated neededforbuild and updated specfile (man and doc relocation) ------------------------------------------------------------------- Wed Sep 29 00:25:38 CEST 1999 - garloff@suse.de - Initial check in of libcap. - Kernel patches are provided within the docdir.