File libcap.changes of Package libcap
-------------------------------------------------------------------
Fri Mar 24 10:16:26 UTC 2023 - Martin Liška <mliska@suse.cz>
- Enable LTO and add missing -ffat-lto-objects for the provided
static libs.
-------------------------------------------------------------------
Fri Mar 24 09:38:17 UTC 2023 - Takashi Iwai <tiwai@suse.com>
- Revert LTO again; it still breaks builds
-------------------------------------------------------------------
Thu Mar 23 15:43:17 UTC 2023 - Martin Liška <mliska@suse.cz>
- Enable LTO as it works fine.
-------------------------------------------------------------------
Sat Feb 4 18:39:55 UTC 2023 - Dirk Müller <dmueller@suse.com>
- update to 2.67:
* Replace use of fgrep with grep -F (POSIX grep flags preferred by
GNU grep) - patch from David Seifert.
* Added SPDX identifiers to License file(s). Hopefully this will
help the various robots out there correctly identify the
longstanding licenses for libcap and friends. (Bug: 216609
reported by Günther Noack)
* Started down the rabbit hole of trying to address (Bug: 216610
reported by Günther Noack on behalf of Michael Stapelberg)
* The basic issue is how to link C code with Go psx without using
CGo. This is all a low level hackery. If you are interested,
browse the source.
* Correct for bad whatis entries in man pages (this was throwing a
Debian build test, detail)
* Also reviewed man pages and addressed cross linkage issues (Bug:
* Cleaned up some README.md files (made a github mirror now just so
I can automatically render them).
* Changed meaning of DYNAMIC=no builds.
This now builds everything with static linking except for libc.
The reason for this exception is explained in the commit message.
* Inserted demonstration exploit code in capso.so to support
article.
-------------------------------------------------------------------
Thu Sep 29 19:49:37 UTC 2022 - Dirk Müller <dmueller@suse.com>
- update to 2.66:
* Fix documentation typos in cap_from_text.3
* Some getpcaps code clean up and a fix for PID argument parsing from Jakub
Wilk.
* Slightly more robust Makefiles to address an error with make -j48 test observed
* Include a simple Go program, captrace, to trace kernel capability validation
checks
* This program can be used to figure out what capabilities a program needs to
operate.
* captrace (a wrapper for bpftrace) uses BPF kprobes to monitor the kernel for
capability checks and whether or not they succeed for the system, a specific
PID or a program's direct execution.
* Trim down the default file capabilities for contrib/sucap/su to those actually
needed and set USER and HOME environment variables so bash doesn't complain
about a sourcing error.
-------------------------------------------------------------------
Fri Jul 22 21:34:46 UTC 2022 - Dirk Müller <dmueller@suse.com>
- update to 2.65:
* Fix syntax error in DEBUG build of protected code in setcap.c.
* Prevent bash from reading the wrong startup files when the capsh --user=xxx
argument is used to invoke a shell as the user xxx. This is done by capsh now
changing the USER and HOME environment variables when --user is specified.
The argument --noenv can be used to suppress this behavior to what used to be
the problematic default. (Bug: 215926)
* Improved documentation
-------------------------------------------------------------------
Tue Apr 12 19:46:17 UTC 2022 - Dirk Müller <dmueller@suse.com>
- update to 2.64:
* Fix memory leak in libpsx at program exit.
* Be more resilient to CGo configuration with Go compiler when building tests.
* Fix cap_*prctl() return code/errno handling.
* Minor clarification to cap_get_pid() man page concerning pid
value within namespaces.
-------------------------------------------------------------------
Fri Feb 25 09:05:58 UTC 2022 - Marcus Meissner <meissner@suse.com>
- Use "or" in the license tag to avoid confusion (bsc#1180073)
-------------------------------------------------------------------
Mon Jan 31 20:08:24 UTC 2022 - Dirk Müller <dmueller@suse.com>
- update to 2.63:
* restore errno to zero by the time main() is executed
* Consistent psx handling (a panic) for syscalls that return thread dependent
status Inconsistend behavior noticed by Lorenz Bauer
* Add a test case for a deadlock under investigation in golang
* Trim some of the #include file use to make the tree compile more
efficiently
-------------------------------------------------------------------
Thu Dec 30 09:52:10 UTC 2021 - Dirk Müller <dmueller@suse.com>
- update to 2.62:
* Bug fix for Go package "cap" and launching
* Build cleanups
* Documentation updates: cap_max_bits has a man page entry
* Recognize default securebits as a libcap mode: HYBRID
-------------------------------------------------------------------
Sun Nov 21 19:20:22 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
- libcap 2.61:
* Better error handling of the numerical arguments for capsh and
setcap
* Fix executable mode for all of the .so files. There were two
situations where this was failing (with a hard to debug SIGSEGV
inside libc)
* Added an example of a shared library object with its own file
capability
* Fix the top-level include for Make.Rules in the contrib/sucap
example application
* Add support for running constructors at libcap.so start up time
when running as stand alone binary.
- includes changes from 2.60:
* Some build, code linting fixes, the addition of the
cap_fill_flag() API and a memory latency optimization
* General improvement in thread safety for libcap and cap package
* Minor API change replacing libcap:cap_launch_*() void returning
functions with int + errno status returns.
* Added a cap_iab_dup(), and (*cap.IAB).Dup() to API
* New features for capsh: --quiet, -+ and =+ arguments
- add upstream signing key and verify source signature
-------------------------------------------------------------------
Tue Sep 28 12:05:15 UTC 2021 - Paolo Stivanin <info@paolostivanin.com>
- update to 2.59:
* Fixed a potential libcap memory leak by adding a destructor
* Major improvement is that there is a path for Linux-PAM compliant
applications to support setting Ambient vector Capabilities via pam_cap.so now
* Added libcap cap_proc_root() API function
* Added color support to captree
* Fixed contrib/sucap/su to correctly handle the Inheritable flag
* capsh enhancements
* getcap -r / now generates readable output
* The shared library objects: pam_cap.so, libcap.so and libpsx.so, are all now
runnable as standalone binaries
* The module pam_cap.so now contains support for a default=<IAB> module argument
* Enhanced capsh --suggest to also compare against the capability value names
and not just their descriptions
* Added capsh --current support
* Added a contrib/sucap/su.c pure-capabilities PAM implementation of su
* Fix for a corner case infinite loop handling long strings
* Added libcap cap_iab_compare() and cap_iab_get_pid() APIs
* Added a Go utility, captree, to display the process (and thread) graph along with
the POSIX.1e and IAB capabilities of each PID{TID} tree.
-------------------------------------------------------------------
Sat Jul 17 06:33:52 UTC 2021 - Dirk Müller <dmueller@suse.com>
- update to 2.51:
* Fix capsh installation
* Add an autoauth module flag to pam_cap.so
* Unified libcap/cap (Go) and libcap (C) default generation of external format binary data
* API enhancement cap_fill() and (*cap.Set).Fill() - to permit copying one
capability flag to another.
* --explain=cap_foo: describe what cap_foo does
* --suggest=phrase: search all the cap descriptions and describe those that match the phrase
* Add "keepcaps" module argument support to pam_cap.so (reported by Zoltan Fridrich. Bug 212945)
* extend libcap to include cap_prctl() and cap_prctlw() functions to regain
feature parity with Go "cap" package. These are only needed when linking
against -lpsx for keepcaps POSIX semantics.
* this likely requires substantial application changes to make Ambient
capability support usable in general, but doing our part for the admin.
* Add a test case for recent kernel fix
* Go pragma fix for convenience functions in "cap" module
-------------------------------------------------------------------
Wed Jun 2 09:29:35 UTC 2021 - Christophe Giboudeaux <christophe@krop.fr>
- Fix a broken symlink. libcap-devel installs libpsx.so but
didn't install the library it's pointing to.
-------------------------------------------------------------------
Fri Apr 16 16:05:30 CEST 2021 - tiwai@suse.de
- Add explicit dependency on libcap2 with version to libcap-progs
(bsc#1184690)
-------------------------------------------------------------------
Mon Mar 22 15:38:06 UTC 2021 - Dirk Müller <dmueller@suse.com>
- update to 2.49:
* Implement cap_func_launcher() and cap.FuncLauncher().
* More robust "psx" redirection for nocgo compilation - the documentation for
the cgo implementation is now included in the nocgo one because the go.dev
automated documentation builds the docs from the nocgo version.
* Lots of documentation cleanups and added a few man pages: for IAB and
Launching.
* Some general no-op License changes that might cause folk to notice but only
for formatting reasons. These were initially inspired by some lawyerly
interactions, but I ended up rolling back half of them because they
confused automated software infrastructure.
-------------------------------------------------------------------
Tue Feb 9 23:16:17 UTC 2021 - Dirk Müller <dmueller@suse.com>
- update to 2.48:
* More uniform use of $(MAKE) in Makefiles
* No longer include symlinks in the git tree
* Provide support for make GOLANG=no ...
* Provide support for pointing at a specific build of the go binary
* camelCase the contrib/seccomp/explore.go program
* A number of documentation fixes to man pages and source code comments
* Last use of GO major version 0
-------------------------------------------------------------------
Wed Jan 27 07:53:21 UTC 2021 - Dirk Müller <dmueller@suse.com>
- update to 2.47:
* Restructured gowns to default to uid base of getuid().
* Augment NOPRIV libcap mode with the sticky NO_NEW_PRIVS prctl bit.
* Improve the usage and diagnostic message for setcap
* Documentation fixes, license declarations, example updates
-------------------------------------------------------------------
Mon Jan 4 08:46:44 UTC 2021 - Dirk Müller <dmueller@suse.com>
- update to 2.46:
* The bulk of this release concerns fixes and improvements to libpsx
* Fix the capsh == argument handling and add a test case
* Added build support for systems that do not support libpthread
* Added build support for not building shared libraries
-------------------------------------------------------------------
Sat Nov 14 10:26:54 UTC 2020 - Dirk Mueller <dmueller@suse.com>
- update to 2.44:
Generally, this is a release to help package builders: no functional change
to any of the generated code just documentation and make related fixes.
-------------------------------------------------------------------
Wed Sep 2 17:03:06 UTC 2020 - Dirk Mueller <dmueller@suse.com>
- update to 2.43
* Linus' kernel tree defines CAP_CHECKPOINT_RESTORE (40) so support it.
* Fix the creation of the $(FAKEROOT)$(LIBDIR) for split install targets
* Clean up a binary from the distribution
* Added some more release time checks for non-git tracked files.
* Fix a deadlock in libpsx that surfaced with a set of compiler optimizations by removing the psx wrapping harder.
-------------------------------------------------------------------
Thu Aug 6 08:33:09 UTC 2020 - Paolo Stivanin <info@paolostivanin.com>
- Update to version 2.42:
* Closed a potential issue with "libcap/psx" Go package and errno
* Documentation updates
* Minor optimization for cap_to_text() and (*cap.Set).String()
* Discovered and added a missing function (*cap.Set).SetNSOwner() to achieve parity with libcap
* Multiple fixes
* Support Go module abstraction
* A new kernel capability: CAP_BPF
* Better support for cross-compilation
* pam_cap now honors PAM_REINITIALIZE_CRED
* implements cap_launch functionality
-------------------------------------------------------------------
Sat Feb 15 21:24:26 CET 2020 - tiwai@suse.de
- Update to version 2.32:
* Bug fix for fakeroot incompatibility (boo#1162014)
* Slight perf improvement for cap_get_bound().
* C++ support for psx header inclusion.
* Some new testing features for capsh
-------------------------------------------------------------------
Tue Jan 28 14:23:23 CET 2020 - tiwai@suse.de
- Update to version 2.31:
* primarily a documentation update
* fix libpam.pc to not require libpsx.pc
* changed the text format of the default output of getpcap
-------------------------------------------------------------------
Mon Jan 13 12:54:25 UTC 2020 - Martin Pluskal <mpluskal@suse.com>
- Build using -ffat-lto-objects for static library
-------------------------------------------------------------------
Thu Jan 9 16:05:12 UTC 2020 - Martin Pluskal <mpluskal@suse.com>
- Update to version 2.30 (jsc#SLE-17092, jsc#ECO-3460):
* BUGFIX: arm and i386 fixes C and Go setgroups choice - used
wrong syscall in 2.29.
* cleaned up make clean and make install to actually work as
intended
* updated Gentoo libpsx.pc file from Lars Wendler
* refactored the way libpsx linkage with libcap performed mutual
discovery.
* Previously (2.28) libpsx had an API call overridden by libcap
using weak linkage function in libpsx. In 2.30 this is reversed,
namely libpsx provides the stronger function and libcap has a
weak "no-op" version.
* a bit more consistency in handling the 'all' sets in libcap
(C) and libcap/cap (Go). Namely, they both dynamically discover
the number of capabilities named by the kernel and use this as
the definition of 'all' for the current runtime.
+ libcap (C) exports cap_max_bit() to export the number of
supported capabilities
+ libcap/cap (Go) exports cap.MaxBits() for this same value.
- For changes for older releases see:
* https://sites.google.com/site/fullycapable/release-notes-for-libcap
- Add glibc-static-devel as build requirement as tests need it
- Install libpsx.a as it seems to be needed in some cases:
* https://bugs.gentoo.org/703912
-------------------------------------------------------------------
Mon Dec 16 14:21:27 UTC 2019 - matthias.gerstner@suse.com
- Remove pam_cap (bsc#1150522) since this PAM module is a bad idea, security
wise.
-------------------------------------------------------------------
Thu Feb 22 15:10:35 UTC 2018 - fvogt@suse.com
- Use %license (boo#1082318)
-------------------------------------------------------------------
Tue Jan 31 17:52:31 UTC 2017 - matwey.kornilov@gmail.com
- Enable PAM pam_cap.so module
-------------------------------------------------------------------
Sun Jan 1 12:44:21 UTC 2017 - jengelh@inai.de
- RPM group association fix
-------------------------------------------------------------------
Mon Aug 29 21:10:05 UTC 2016 - dimstar@opensuse.org
- Update to versison 2.25:
+ Recover gperf detection in make rules.
+ Man page typo fix.
+ Tweak make rules to make packaging more straightforward.
+ Fix error explanation in setcap.
+ Drop need to link with libattr. It turns out libcap wasn't
actually using any code from that library, so linking to it was
superfluous.
- Drop libcap-nolibattr.patch: fixed upstream.
- No longer add %{buildroot} to all variables for make install the
Makefile learned about the meaning of DESTDIR.
-------------------------------------------------------------------
Sat Jan 31 11:22:58 UTC 2015 - p.drouand@gmail.com
- Update to version 2.24
* Fix compilation problems (note to self, make distclean && make,
before release)
* Some make rule changes to make uploading a release to kernel.org
easier for me.
* Tidied up some documented links.
- Update libcap-nolibattr.patch
- Add pkg-config build requirement; libcap now provides a pkgconfig
file
- Clean up specfile
- Move libraries and binaries to /usr because of #UsrMove
-------------------------------------------------------------------
Thu Jun 19 17:32:36 UTC 2014 - crrodriguez@opensuse.org
- libcap-nolibattr.patch Do not link to libattr, it is
a bogus dependency. application uses sys/xattr from libc.
-------------------------------------------------------------------
Fri Feb 1 12:02:04 UTC 2013 - coolo@suse.com
- update license to new format
-------------------------------------------------------------------
Tue Sep 20 07:48:12 UTC 2011 - aj@suse.de
- Cleanup specfile a bit: Remove old tags.
-------------------------------------------------------------------
Tue Sep 20 07:29:05 UTC 2011 - aj@suse.de
- Update to libcap 2.22
- libcap 2.22 includes:
* Clarified License file (with version 2 of the GPL)
* Support getting/setting capabilities on large files
* After --chroot command, change working directory to "/".
- libcap 2.21 includes:
* Introduce cap_get_bound() and cap_drop_bound() functions.
also include a macro CAP_IS_SUPPORTED(cap) for capabilities
- libcap 2.20 includes:
* Latest kernel capabilites supported: now includes CAP_SYSLOG
* $(CFLAGS) Makefile fixes
* Default to installing setcap with an inheritable capability.
-------------------------------------------------------------------
Thu Dec 2 15:44:59 CET 2010 - meissner@suse.de
- updated to libcap-2.19
* more stuff in capsh.c
* sys/capability.h header clean up and fixes.
-------------------------------------------------------------------
Thu Dec 2 15:32:34 CET 2010 - meissner@suse.de
- fixed build on ppc64 (needs to get linux/types.h included first).
-------------------------------------------------------------------
Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de
- use %_smp_mflags
-------------------------------------------------------------------
Wed Jun 9 09:22:26 UTC 2010 - chris@computersalat.de
- fix deps for fdupes
-------------------------------------------------------------------
Sat Dec 12 18:24:01 CET 2009 - jengelh@medozas.de
- add baselibs.conf as a source
-------------------------------------------------------------------
Mon Mar 18 16:25:43 CET 2009 - tiwai@suse.de
- fix a typo in the previous patch (__le64) (bnc#487453)
- don't define __u32 & co if _LINUX_TYPES_H is defined (bnc#487453)
-------------------------------------------------------------------
Tue Mar 10 16:39:43 CET 2009 - tiwai@suse.de
- fix build error on i386 due to missing __u64 definition in
sys/capability.h
-------------------------------------------------------------------
Wed Jan 7 16:52:19 CET 2009 - tiwai@suse.de
- updated to libcap-2.15:
* Makefile fixes
- updated to libcap-2.16:
* stop using sed for parsing capability.h
-------------------------------------------------------------------
Mon Oct 27 09:49:31 CET 2008 - tiwai@suse.de
- updated to libcap-2.14:
* add -v mode to setcap
- updated to libcap-2.13:
* fix a corner case of cap_to_text()
- updated to libcap-2.12:
* man page fixes
* remove never used codes for sysfs check
-------------------------------------------------------------------
Wed Oct 22 16:17:15 CEST 2008 - mrueckert@suse.de
- fix debug_packages_requires define
-------------------------------------------------------------------
Wed Aug 6 14:45:32 CEST 2008 - tiwai@suse.de
- updated to libcap-2.11:
* makefile fixes, minor clean-ups
* fix cap_copy_int(), new cap_get_pid() and cap_compare()
* fix cap_copy_ext()
- fix build with libcap-2.11.
-------------------------------------------------------------------
Mon Aug 4 00:57:06 CEST 2008 - ro@suse.de
- fix requires for debuginfo package
-------------------------------------------------------------------
Wed Jun 11 16:16:49 CEST 2008 - tiwai@suse.de
- updated to libcap-2.10:
v3 capabilities, documantation fixes, misc fixes
-------------------------------------------------------------------
Wed Apr 23 15:18:28 CEST 2008 - tiwai@suse.de
- updated to libcap-2.08
properly supporting the recent 2.6 kernels
-------------------------------------------------------------------
Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de
- added baselibs.conf file to build xxbit packages
for multilib support
-------------------------------------------------------------------
Mon Apr 16 15:37:55 CEST 2007 - tiwai@suse.de
- follow library packaging policy
* move docs to devel package
* move binaries and man pages to progs sub package
* fix *.so symlink in libdir
-------------------------------------------------------------------
Wed Jan 24 12:05:59 CET 2007 - tiwai@suse.de
- fix the access over array range in cap_extint.c (#237943).
-------------------------------------------------------------------
Tue Dec 19 18:32:28 CET 2006 - tiwai@suse.de
- update to libcap-1.10 to support fscaps (#229722, FATE#301748)
-------------------------------------------------------------------
Wed May 24 16:56:48 CEST 2006 - schwab@suse.de
- Don't strip binaries.
-------------------------------------------------------------------
Thu May 11 15:27:18 CEST 2006 - tiwai@suse.de
- fix invalid calls of free() (#174561)
-------------------------------------------------------------------
Wed Jan 25 21:37:23 CET 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
-------------------------------------------------------------------
Fri Aug 19 15:20:33 CEST 2005 - kukuk@suse.de
- Create -devel subpackage
-------------------------------------------------------------------
Thu Jun 23 09:49:59 CEST 2005 - meissner@suse.de
- use RPM_OPT_FLAGS.
-------------------------------------------------------------------
Wed May 25 11:48:42 CEST 2005 - tiwai@suse.de
- fixed memory leak (#85659)
-------------------------------------------------------------------
Wed Jan 19 17:43:49 CET 2005 - tiwai@suse.de
- fixed compile warnings with gcc-4.0.
-------------------------------------------------------------------
Thu Mar 25 14:06:21 CET 2004 - thomas@suse.de
- added EAL3 man-page patch
-------------------------------------------------------------------
Tue Jan 27 10:21:00 CET 2004 - kukuk@suse.de
- Remove capget.2/capset.2 from package (version from man-pages
is newer).
-------------------------------------------------------------------
Sun Jan 11 12:03:51 CET 2004 - adrian@suse.de
- add %run_ldconfig
-------------------------------------------------------------------
Mon Feb 24 17:45:38 CET 2003 - schwab@suse.de
- Don't include kernel headers, instead copy the contents here.
-------------------------------------------------------------------
Thu Feb 6 11:12:34 CET 2003 - garloff@suse.de
- Avoid inclusion of glibc's linux/fs.h (it's broken) [#23324].
- Use BuildRoot.
-------------------------------------------------------------------
Wed Nov 27 14:06:08 CET 2002 - coolo@suse.de
- link the library with the compiler so the depedencies
are tracked correctly (#21996)
-------------------------------------------------------------------
Tue Sep 17 17:34:28 CEST 2002 - ro@suse.de
- removed bogus self-provides
-------------------------------------------------------------------
Wed Sep 4 12:53:18 CEST 2002 - sf@suse.de
- fix biarch error (added patch to Make.Rules)
-------------------------------------------------------------------
Sun Aug 11 22:04:58 CEST 2002 - kukuk@suse.de
- Remove kernel-source from neededforbuild
-------------------------------------------------------------------
Sat Apr 20 15:41:55 MEST 2002 - garloff@suse.de
- Include capfaq-0.2.txt
- Disable syscall wrapper (capset/capget); it's defined in glibc.
-------------------------------------------------------------------
Sat Apr 20 11:12:42 MEST 2002 - garloff@suse.de
- Compile syscall wrapper without -fPIC
-------------------------------------------------------------------
Tue Apr 9 16:57:15 CEST 2002 - ro@suse.de
- apply gcc-3 fixes only for gcc-3
-------------------------------------------------------------------
Mon Mar 25 13:54:51 CET 2002 - stepan@suse.de
- remove -ansi, as it forbids inline. (gcc3)
- use -fpic for building libraries (gcc3)
-------------------------------------------------------------------
Wed Sep 5 23:45:54 CEST 2001 - ro@suse.de
- updated neededforbuild and updated specfile (man and doc relocation)
-------------------------------------------------------------------
Wed Sep 29 00:25:38 CEST 1999 - garloff@suse.de
- Initial check in of libcap.
- Kernel patches are provided within the docdir.
