- updated to 2.69
  - An audit was performed on libcap and friends by https://x41-dsec.de/ (blog) . The audit (final report, 2023-05-10) was sponsored by the the Open Source Technology Improvement Fund, https://ostif.org/ (blog). Five issues were found. Four of them are addressed in this release. Each issue was labeled in the audit results as follows:
    - LCAP-CR-23-01 (SEVERITY) LOW (CVE-2023-2602) - found by David Gstir (bsc#1211418)
    - LCAP-CR-23-02 (SEVERITY) MEDIUM (CVE-2023-2603) - found by Richard Weinberger (bsc#1211419)
    - LCAP-CR-23-100 (SEVERITY) NONE
    - LCAP-CR-23-101 (SEVERITY) NONE
    - LCAP-CR-23-102 (SEVERITY) NONE
  - Man page style improvement from Emanuele Torre (forwarded request 1087355 from msmeissn)

• Files Changed
• Browse Source

- update to 2.68:
  * Force libcap internal functions to be hidden outside the library
  * Expanded the list of man page (links) to all of the supported API
    functions.
  * fixed some formatting issues with the libpsx(3) manpage.
  * Add support for a markdown preamble and postscript when generating
    .md versions of the man pages (Bug 217007)
  * psx package clean up
  * fix some copy-paste errors with TestShared()
  * added a more complete psx testing into this test as well
  * cap package clean up
  * drop an unnecessary use of ", _" in the sources
  * cleaned up cap.NamedCount documentation
  * Converted goapps/web/README to .md format and fixed the
    instructions to indicate go mod tidy is needed.
  * cap_compare test binary now cleans up after itself (Bug 217018)
  * Figured out how to cross compile Go programs for arm (i.e. RPi) that
    use C code, don't use cgo but do use the psx package
  * Eliminate use of vendor directory

• Files Changed
• Browse Source

• Files Changed
• Browse Source

Automatic submission by obs-autosubmit

• Files Changed
• Browse Source

- update to 2.66:
  * Fix documentation typos in cap_from_text.3
  * Some getpcaps code clean up and a fix for PID argument parsing from Jakub
    Wilk.
  * Slightly more robust Makefiles to address an error with make -j48 test observed
  * Include a simple Go program, captrace, to trace kernel capability validation
    checks
  * This program can be used to figure out what capabilities a program needs to
    operate.
  * captrace (a wrapper for bpftrace) uses BPF kprobes to monitor the kernel for
    capability checks and whether or not they succeed for the system, a specific
    PID or a program's direct execution.
  * Trim down the default file capabilities for contrib/sucap/su to those actually
    needed and set USER and HOME environment variables so bash doesn't complain
    about a sourcing error.

• Files Changed
• Browse Source

- update to 2.65:
  * Fix syntax error in DEBUG build of protected code in setcap.c.
  * Prevent bash from reading the wrong startup files when the capsh --user=xxx
    argument is used to invoke a shell as the user xxx. This is done by capsh now
    changing the USER and HOME environment variables when --user is specified.
    The argument --noenv can be used to suppress this behavior to what used to be
    the problematic default. (Bug: 215926)
  * Improved documentation

• Files Changed
• Browse Source

- update to 2.64:
  * Fix memory leak in libpsx at program exit.
  * Be more resilient to CGo configuration with Go compiler when building tests.
  * Fix cap_*prctl() return code/errno handling.
  * Minor clarification to cap_get_pid() man page concerning pid value within namespaces.

• Files Changed
• Browse Source

Merged some changes and metadata over from the SLE side.

- Use "or" in the license tag to avoid confusion (bsc#1180073)
- Update to version 2.30 (jsc#SLE-17092, jsc#ECO-3460): (forwarded request 957541 from msmeissn)

• Files Changed
• Browse Source

- update to 2.63:
  * restore errno to zero by the time main() is executed
  * Consistent psx handling (a panic) for syscalls that return thread dependent
    status Inconsistend behavior noticed by Lorenz Bauer
  * Add a test case for a deadlock under investigation in golang
  * Trim some of the #include file use to make the tree compile more
    efficiently

• Files Changed
• Browse Source

- update to 2.62:
  * Bug fix for Go package "cap" and launching
  * Build cleanups
  * Documentation updates: cap_max_bits has a man page entry
  * Recognize default securebits as a libcap mode: HYBRID

• Files Changed
• Browse Source

Automatic submission by obs-autosubmit

• Files Changed
• Browse Source

• Files Changed
• Browse Source

- update to 2.51:
  * Fix capsh installation
  * Add an autoauth module flag to pam_cap.so
  * Unified libcap/cap (Go) and libcap (C) default generation of external format binary data
  * API enhancement cap_fill() and (*cap.Set).Fill() - to permit copying one
    capability flag to another.
  * --explain=cap_foo: describe what cap_foo does
  * --suggest=phrase: search all the cap descriptions and describe those that match the phrase
  * Add "keepcaps" module argument support to pam_cap.so (reported by Zoltan Fridrich. Bug 212945)
  * extend libcap to include cap_prctl() and cap_prctlw() functions to regain
    feature parity with Go "cap" package. These are only needed when linking
    against -lpsx for keepcaps POSIX semantics.
  * this likely requires substantial application changes to make Ambient
    capability support usable in general, but doing our part for the admin.
  * Add a test case for recent kernel fix
  * Go pragma fix for convenience functions in "cap" module

• Files Changed
• Browse Source

• Files Changed
• Browse Source

• Files Changed
• Browse Source

- update to 2.49:
  * Implement cap_func_launcher() and cap.FuncLauncher().
  * More robust "psx" redirection for nocgo compilation - the documentation for
    the cgo implementation is now included in the nocgo one because the go.dev
    automated documentation builds the docs from the nocgo version.
  * Lots of documentation cleanups and added a few man pages: for IAB and
    Launching.
  * Some general no-op License changes that might cause folk to notice but only
    for formatting reasons. These were initially inspired by some lawyerly
    interactions, but I ended up rolling back half of them because they
    confused automated software infrastructure.

• Files Changed
• Browse Source

- update to 2.48:
  * More uniform use of $(MAKE) in Makefiles
  * No longer include symlinks in the git tree 
  * Provide support for make GOLANG=no ...
  * Provide support for pointing at a specific build of the go binary
  * camelCase the contrib/seccomp/explore.go program
  * A number of documentation fixes to man pages and source code comments
  * Last use of GO major version 0

• Files Changed
• Browse Source

- update to 2.47:
  * Restructured gowns to default to uid base of getuid().
  * Augment NOPRIV libcap mode with the sticky NO_NEW_PRIVS prctl bit.
  * Improve the usage and diagnostic message for setcap
  * Documentation fixes, license declarations, example updates

• Files Changed
• Browse Source

- update to 2.46:
  * The bulk of this release concerns fixes and improvements to libpsx
  * Fix the capsh == argument handling and add a test case 
  * Added build support for systems that do not support libpthread
  * Added build support for not building shared libraries

• Files Changed
• Browse Source

Automatic submission by obs-autosubmit

• Files Changed
• Browse Source