From 0d6a83f5435de664bb0c8ad23a37f6b407b2b5dcb5fd949d3038f35dccd786e3 Mon Sep 17 00:00:00 2001
From: Dirk Mueller <dmueller@suse.com>
Date: Sat, 4 Feb 2023 18:43:33 +0000
Subject: [PATCH] =?UTF-8?q?-=20update=20to=202.67:=20=20=20*=20Replace=20u?=
 =?UTF-8?q?se=20of=20fgrep=20with=20grep=20-F=20(POSIX=20grep=20flags=20pr?=
 =?UTF-8?q?eferred=20by=20=20=20=20=20GNU=20grep)=20-=20patch=20from=20Dav?=
 =?UTF-8?q?id=20Seifert.=20=20=20*=20Added=20SPDX=20identifiers=20to=20Lic?=
 =?UTF-8?q?ense=20file(s).=20Hopefully=20this=20will=20=20=20=20=20help=20?=
 =?UTF-8?q?the=20various=20robots=20out=20there=20correctly=20identify=20t?=
 =?UTF-8?q?he=20=20=20=20=20longstanding=20licenses=20for=20libcap=20and?=
 =?UTF-8?q?=20friends.=20(Bug:=20216609=20=20=20=20=20reported=20by=20G?=
 =?UTF-8?q?=C3=BCnther=20Noack)=20=20=20*=20Started=20down=20the=20rabbit?=
 =?UTF-8?q?=20hole=20of=20trying=20to=20address=20(Bug:=20216610=20=20=20?=
 =?UTF-8?q?=20=20reported=20by=20G=C3=BCnther=20Noack=20on=20behalf=20of?=
 =?UTF-8?q?=20Michael=20Stapelberg)=20=20=20*=20The=20basic=20issue=20is?=
 =?UTF-8?q?=20how=20to=20link=20C=20code=20with=20Go=20psx=20without=20usi?=
 =?UTF-8?q?ng=20=20=20=20=20CGo.=20This=20is=20all=20a=20low=20level=20hac?=
 =?UTF-8?q?kery.=20If=20you=20are=20interested,=20=20=20=20=20browse=20the?=
 =?UTF-8?q?=20source.=20=20=20*=20Correct=20for=20bad=20whatis=20entries?=
 =?UTF-8?q?=20in=20man=20pages=20(this=20was=20throwing=20a=20=20=20=20=20?=
 =?UTF-8?q?Debian=20build=20test,=20detail)=20=20=20*=20Also=20reviewed=20?=
 =?UTF-8?q?man=20pages=20and=20addressed=20cross=20linkage=20issues=20(Bug?=
 =?UTF-8?q?:=20=20=20*=20Cleaned=20up=20some=20README.md=20files=20(made?=
 =?UTF-8?q?=20a=20github=20mirror=20now=20just=20so=20=20=20=20=20I=20can?=
 =?UTF-8?q?=20automatically=20render=20them).=20=20=20*=20Changed=20meanin?=
 =?UTF-8?q?g=20of=20DYNAMIC=3Dno=20builds.=20=20=20=20=20This=20now=20buil?=
 =?UTF-8?q?ds=20everything=20with=20static=20linking=20except=20for=20libc?=
 =?UTF-8?q?.=20=20=20=20=20The=20reason=20for=20this=20exception=20is=20ex?=
 =?UTF-8?q?plained=20in=20the=20commit=20message.=20=20=20*=20Inserted=20d?=
 =?UTF-8?q?emonstration=20exploit=20code=20in=20capso.so=20to=20support=20?=
 =?UTF-8?q?=20=20=20=20article.=20=20=20*=20Minor=20clarification=20to=20c?=
 =?UTF-8?q?ap=5Fget=5Fpid()=20man=20page=20concerning=20pid=20=20=20=20=20?=
 =?UTF-8?q?value=20within=20namespaces.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

OBS-URL: https://build.opensuse.org/package/show/Base:System/libcap?expand=0&rev=75
---
 libcap-2.66.tar.sign | 16 ----------------
 libcap-2.66.tar.xz   |  3 ---
 libcap-2.67.tar.sign | 16 ++++++++++++++++
 libcap-2.67.tar.xz   |  3 +++
 libcap.changes       | 29 ++++++++++++++++++++++++++++-
 libcap.spec          | 10 +++++-----
 6 files changed, 52 insertions(+), 25 deletions(-)
 delete mode 100644 libcap-2.66.tar.sign
 delete mode 100644 libcap-2.66.tar.xz
 create mode 100644 libcap-2.67.tar.sign
 create mode 100644 libcap-2.67.tar.xz

diff --git a/libcap-2.66.tar.sign b/libcap-2.66.tar.sign
deleted file mode 100644
index 409229c..0000000
--- a/libcap-2.66.tar.sign
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEEOKZEaYxpeHNE6VTOKe6EiuLM8/QFAmMvfigACgkQKe6EiuLM
-8/TcQg//VIYnSov6YhptNw94luAEva+Nij1qK46H8aGQjNkKBp3m4tl11gc2B7UW
-qVq/eH+UqZFtrdc7yUvAg+pGhZGzXDpDTXnAhsI/PhDnAAvay7rNoRn1WEpUMMz3
-S7ov7+YIwfuuX1pJB1adtkmlT1Uvm8mUOA7YLgviWpnV0x2PMA1E89x/luAP1NLe
-bHsXeN96Al13nFIDCnEJq/Lzp0haFlP+RxxHkvko0CNNR5lAfzFuh68BIt38s4DY
-YaJguUVWCDN2bz3PKadK+9QacaShoxspzsh5JQMtQiWfXDo16DNI8C8DUZK4rofi
-RCOqiAKxATPc+lIQlBzNc/IwQHxsJMEL9BcE6faU/wZLFsnsPg03g9uIT4iz6sTr
-2h1hix/O/MCc2oMlDiQSSMuAOGY1SRBtp4vKW94SJS4a6PBbd/25+OzKiONgHyq8
-OG/MT82ReR6t0crlgN0GbUS3eGSRs1z3gmalYBBKVO8bDbnLqBifrsNSjRqc4SXk
-fyF41ZdmK/NGJ+QRRDFtnCxiQDn1LyDP7vhCsFKGMlfBjv7ZtuLpTqzN3mSUMFAL
-km31dDGuZxUK1rx2PGox5f2Y4gXl2M0qxj0Nah9deQvRrNt6yq3x0adqDFPHheO1
-5V611tz64y+shK+UWMYEfLU87eeNvMN19wbGvrHWRN/2mPVBG5M=
-=XEJg
------END PGP SIGNATURE-----
diff --git a/libcap-2.66.tar.xz b/libcap-2.66.tar.xz
deleted file mode 100644
index 0ad29bd..0000000
--- a/libcap-2.66.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:15c40ededb3003d70a283fe587a36b7d19c8b3b554e33f86129c059a4bb466b2
-size 181592
diff --git a/libcap-2.67.tar.sign b/libcap-2.67.tar.sign
new file mode 100644
index 0000000..1b816e8
--- /dev/null
+++ b/libcap-2.67.tar.sign
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEOKZEaYxpeHNE6VTOKe6EiuLM8/QFAmPclWkACgkQKe6EiuLM
+8/QflRAAquD7HlzPeML9emyedRLQekXk1YB+hT4ktqTmMACmPDFuuFhqJPREnweM
+GA2glOAaOLmRMOMQIg36xYJrvJBoMSBHm+YnWYBFv4PfvH+v8LcV8Z5hDOiR42mA
+tLgYp6XmaHpQXLREOQd6+XU3IelXHAfvCLEywYNGM8YUJCWB90Q8qJxLQqvCGVUe
+LmfBRgo9uT7M/ZUzPZJccXDpwBLLiZ5AohdWgkKGktL+DhU8yeVr/L1q6UciAyKA
+vpMWCIMHobRFwYIvlwBTBSW4dgGPgoYYCYEMMPLCjalaYufkDhdx2uunOcdcKj76
+l1wbEpURSMcUlqGgPAe26aFXni2cN846ZGM5EzoAmvNSJK+DDA0WcQATaj8MNobP
+9GqN/QJLG8YDgbisHl7v0tWak6wCZlHmMfNdAQfI6as7Ep5q1im0gd8rXI4UlzVI
+h5UGvLcBabSCt3g0Wj7pnl2mKYx68awAIvGGfhUoVa4TxSzPnkR/nVQYDV1YISLY
+lHirmdcMpGQeQM5IGrXQJCubomGTYg3n8ChGrb0Az72sLc75WTSCWiNKp2xNAf1m
+jzUO8OayoGYT+wqVLzXyTL5dLKrjpHiC/FOMWMSzuegwbWyif0i+h63mQs0roCG5
+hcCRaZIEXCtHIOuqpUBRbA5e1XmJ30JRaoReeso1K+0G0bdR1FA=
+=sGm0
+-----END PGP SIGNATURE-----
diff --git a/libcap-2.67.tar.xz b/libcap-2.67.tar.xz
new file mode 100644
index 0000000..b805282
--- /dev/null
+++ b/libcap-2.67.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ce9b22fdc271beb6dae7543da5f74cf24cb82e6848cfd088a5a069dec5ea5198
+size 186864
diff --git a/libcap.changes b/libcap.changes
index 6394e37..ee28592 100644
--- a/libcap.changes
+++ b/libcap.changes
@@ -1,3 +1,29 @@
+-------------------------------------------------------------------
+Sat Feb  4 18:39:55 UTC 2023 - Dirk Müller <dmueller@suse.com>
+
+- update to 2.67:
+  * Replace use of fgrep with grep -F (POSIX grep flags preferred by
+    GNU grep) - patch from David Seifert.
+  * Added SPDX identifiers to License file(s). Hopefully this will
+    help the various robots out there correctly identify the
+    longstanding licenses for libcap and friends. (Bug: 216609
+    reported by Günther Noack)
+  * Started down the rabbit hole of trying to address (Bug: 216610
+    reported by Günther Noack on behalf of Michael Stapelberg)
+  * The basic issue is how to link C code with Go psx without using
+    CGo. This is all a low level hackery. If you are interested,
+    browse the source.
+  * Correct for bad whatis entries in man pages (this was throwing a
+    Debian build test, detail)
+  * Also reviewed man pages and addressed cross linkage issues (Bug:
+  * Cleaned up some README.md files (made a github mirror now just so
+    I can automatically render them).
+  * Changed meaning of DYNAMIC=no builds.
+    This now builds everything with static linking except for libc.
+    The reason for this exception is explained in the commit message.
+  * Inserted demonstration exploit code in capso.so to support
+    article.
+
 -------------------------------------------------------------------
 Thu Sep 29 19:49:37 UTC 2022 - Dirk Müller <dmueller@suse.com>
 
@@ -36,7 +62,8 @@ Tue Apr 12 19:46:17 UTC 2022 - Dirk Müller <dmueller@suse.com>
   * Fix memory leak in libpsx at program exit.
   * Be more resilient to CGo configuration with Go compiler when building tests.
   * Fix cap_*prctl() return code/errno handling.
-  * Minor clarification to cap_get_pid() man page concerning pid value within namespaces.
+  * Minor clarification to cap_get_pid() man page concerning pid
+    value within namespaces.
 
 -------------------------------------------------------------------
 Fri Feb 25 09:05:58 UTC 2022 - Marcus Meissner <meissner@suse.com>
diff --git a/libcap.spec b/libcap.spec
index aa07216..42e4add 100644
--- a/libcap.spec
+++ b/libcap.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package libcap
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,16 +17,16 @@
 
 
 Name:           libcap
-Version:        2.66
+Version:        2.67
 Release:        0
 Summary:        Library for Capabilities (linux-privs) Support
 License:        BSD-3-Clause OR GPL-2.0-only
 Group:          Development/Libraries/C and C++
 URL:            https://sites.google.com/site/fullycapable/
 Source:         https://www.kernel.org/pub/linux/libs/security/linux-privs/libcap2/libcap-%{version}.tar.xz
-Source2:        baselibs.conf
-Source3:        https://www.kernel.org/pub/linux/libs/security/linux-privs/libcap2/libcap-%{version}.tar.sign
-Source4:        https://git.kernel.org/pub/scm/linux/kernel/git/morgan/libcap.git/plain/pgp.keys.asc#/%{name}.keyring
+Source1:        https://www.kernel.org/pub/linux/libs/security/linux-privs/libcap2/libcap-%{version}.tar.sign
+Source2:        https://git.kernel.org/pub/scm/linux/kernel/git/morgan/libcap.git/plain/pgp.keys.asc#/%{name}.keyring
+Source3:        baselibs.conf
 BuildRequires:  fdupes
 BuildRequires:  glibc-devel-static
 BuildRequires:  pkgconfig