SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libcap2-2.69-2.83.x86_64.rpm :

* Tue May 16 2023 meissnerAATTsuse.com- updated to 2.69 - An audit was performed on libcap and friends by https://x41-dsec.de/ (blog) . The audit (final report, 2023-05-10) was sponsored by the the Open Source Technology Improvement Fund, https://ostif.org/ (blog). Five issues were found. Four of them are addressed in this release. Each issue was labeled in the audit results as follows: - LCAP-CR-23-01 (SEVERITY) LOW (CVE-2023-2602) - found by David Gstir (bsc#1211418) - LCAP-CR-23-02 (SEVERITY) MEDIUM (CVE-2023-2603) - found by Richard Weinberger (bsc#1211419) - LCAP-CR-23-100 (SEVERITY) NONE - LCAP-CR-23-101 (SEVERITY) NONE - LCAP-CR-23-102 (SEVERITY) NONE - Man page style improvement from Emanuele Torre
* Thu Mar 30 2023 dmuellerAATTsuse.com- update to 2.68:
* Force libcap internal functions to be hidden outside the library
* Expanded the list of man page (links) to all of the supported API functions.
* fixed some formatting issues with the libpsx(3) manpage.
* Add support for a markdown preamble and postscript when generating .md versions of the man pages (Bug 217007)
* psx package clean up
* fix some copy-paste errors with TestShared()
* added a more complete psx testing into this test as well
* cap package clean up
* drop an unnecessary use of \", _\" in the sources
* cleaned up cap.NamedCount documentation
* Converted goapps/web/README to .md format and fixed the instructions to indicate go mod tidy is needed.
* cap_compare test binary now cleans up after itself (Bug 217018)
* Figured out how to cross compile Go programs for arm (i.e. RPi) that use C code, don\'t use cgo but do use the psx package
* Eliminate use of vendor directory
* Fri Mar 24 2023 mliskaAATTsuse.cz- Enable LTO and add missing -ffat-lto-objects for the provided static libs.
* Fri Mar 24 2023 tiwaiAATTsuse.com- Revert LTO again; it still breaks builds
* Thu Mar 23 2023 mliskaAATTsuse.cz- Enable LTO as it works fine.
* Sat Feb 04 2023 dmuellerAATTsuse.com- update to 2.67:
* Replace use of fgrep with grep -F (POSIX grep flags preferred by GNU grep) - patch from David Seifert.
* Added SPDX identifiers to License file(s). Hopefully this will help the various robots out there correctly identify the longstanding licenses for libcap and friends. (Bug: 216609 reported by Günther Noack)
* Started down the rabbit hole of trying to address (Bug: 216610 reported by Günther Noack on behalf of Michael Stapelberg)
* The basic issue is how to link C code with Go psx without using CGo. This is all a low level hackery. If you are interested, browse the source.
* Correct for bad whatis entries in man pages (this was throwing a Debian build test, detail)
* Also reviewed man pages and addressed cross linkage issues (Bug:
* Cleaned up some README.md files (made a github mirror now just so I can automatically render them).
* Changed meaning of DYNAMIC=no builds. This now builds everything with static linking except for libc. The reason for this exception is explained in the commit message.
* Inserted demonstration exploit code in capso.so to support article.
* Thu Sep 29 2022 dmuellerAATTsuse.com- update to 2.66:
* Fix documentation typos in cap_from_text.3
* Some getpcaps code clean up and a fix for PID argument parsing from Jakub Wilk.
* Slightly more robust Makefiles to address an error with make -j48 test observed
* Include a simple Go program, captrace, to trace kernel capability validation checks
* This program can be used to figure out what capabilities a program needs to operate.
* captrace (a wrapper for bpftrace) uses BPF kprobes to monitor the kernel for capability checks and whether or not they succeed for the system, a specific PID or a program\'s direct execution.
* Trim down the default file capabilities for contrib/sucap/su to those actually needed and set USER and HOME environment variables so bash doesn\'t complain about a sourcing error.
* Fri Jul 22 2022 dmuellerAATTsuse.com- update to 2.65:
* Fix syntax error in DEBUG build of protected code in setcap.c.
* Prevent bash from reading the wrong startup files when the capsh --user=xxx argument is used to invoke a shell as the user xxx. This is done by capsh now changing the USER and HOME environment variables when --user is specified. The argument --noenv can be used to suppress this behavior to what used to be the problematic default. (Bug: 215926)
* Improved documentation
* Tue Apr 12 2022 dmuellerAATTsuse.com- update to 2.64:
* Fix memory leak in libpsx at program exit.
* Be more resilient to CGo configuration with Go compiler when building tests.
* Fix cap_
*prctl() return code/errno handling.
* Minor clarification to cap_get_pid() man page concerning pid value within namespaces.
* Fri Feb 25 2022 meissnerAATTsuse.com- Use \"or\" in the license tag to avoid confusion (bsc#1180073)
* Mon Jan 31 2022 dmuellerAATTsuse.com- update to 2.63:
* restore errno to zero by the time main() is executed
* Consistent psx handling (a panic) for syscalls that return thread dependent status Inconsistend behavior noticed by Lorenz Bauer
* Add a test case for a deadlock under investigation in golang
* Trim some of the #include file use to make the tree compile more efficiently
* Thu Dec 30 2021 dmuellerAATTsuse.com- update to 2.62:
* Bug fix for Go package \"cap\" and launching
* Build cleanups
* Documentation updates: cap_max_bits has a man page entry
* Recognize default securebits as a libcap mode: HYBRID
* Sun Nov 21 2021 andreas.stiegerAATTgmx.de- libcap 2.61:
* Better error handling of the numerical arguments for capsh and setcap
* Fix executable mode for all of the .so files. There were two situations where this was failing (with a hard to debug SIGSEGV inside libc)
* Added an example of a shared library object with its own file capability
* Fix the top-level include for Make.Rules in the contrib/sucap example application
* Add support for running constructors at libcap.so start up time when running as stand alone binary.- includes changes from 2.60:
* Some build, code linting fixes, the addition of the cap_fill_flag() API and a memory latency optimization
* General improvement in thread safety for libcap and cap package
* Minor API change replacing libcap:cap_launch_
*() void returning functions with int + errno status returns.
* Added a cap_iab_dup(), and (
*cap.IAB).Dup() to API
* New features for capsh: --quiet, -+ and =+ arguments- add upstream signing key and verify source signature
* Tue Sep 28 2021 infoAATTpaolostivanin.com- update to 2.59:
* Fixed a potential libcap memory leak by adding a destructor
* Major improvement is that there is a path for Linux-PAM compliant applications to support setting Ambient vector Capabilities via pam_cap.so now
* Added libcap cap_proc_root() API function
* Added color support to captree
* Fixed contrib/sucap/su to correctly handle the Inheritable flag
* capsh enhancements
* getcap -r / now generates readable output
* The shared library objects: pam_cap.so, libcap.so and libpsx.so, are all now runnable as standalone binaries
* The module pam_cap.so now contains support for a default= module argument
* Enhanced capsh --suggest to also compare against the capability value names and not just their descriptions
* Added capsh --current support
* Added a contrib/sucap/su.c pure-capabilities PAM implementation of su
* Fix for a corner case infinite loop handling long strings
* Added libcap cap_iab_compare() and cap_iab_get_pid() APIs
* Added a Go utility, captree, to display the process (and thread) graph along with the POSIX.1e and IAB capabilities of each PID{TID} tree.
* Sat Jul 17 2021 dmuellerAATTsuse.com- update to 2.51:
* Fix capsh installation
* Add an autoauth module flag to pam_cap.so
* Unified libcap/cap (Go) and libcap (C) default generation of external format binary data
* API enhancement cap_fill() and (
*cap.Set).Fill() - to permit copying one capability flag to another.
* --explain=cap_foo: describe what cap_foo does
* --suggest=phrase: search all the cap descriptions and describe those that match the phrase
* Add \"keepcaps\" module argument support to pam_cap.so (reported by Zoltan Fridrich. Bug 212945)
* extend libcap to include cap_prctl() and cap_prctlw() functions to regain feature parity with Go \"cap\" package. These are only needed when linking against -lpsx for keepcaps POSIX semantics.
* this likely requires substantial application changes to make Ambient capability support usable in general, but doing our part for the admin.
* Add a test case for recent kernel fix
* Go pragma fix for convenience functions in \"cap\" module
* Wed Jun 02 2021 christopheAATTkrop.fr- Fix a broken symlink. libcap-devel installs libpsx.so but didn\'t install the library it\'s pointing to.
* Fri Apr 16 2021 tiwaiAATTsuse.de- Add explicit dependency on libcap2 with version to libcap-progs (bsc#1184690)
* Mon Mar 22 2021 dmuellerAATTsuse.com- update to 2.49:
* Implement cap_func_launcher() and cap.FuncLauncher().
* More robust \"psx\" redirection for nocgo compilation - the documentation for the cgo implementation is now included in the nocgo one because the go.dev automated documentation builds the docs from the nocgo version.
* Lots of documentation cleanups and added a few man pages: for IAB and Launching.
* Some general no-op License changes that might cause folk to notice but only for formatting reasons. These were initially inspired by some lawyerly interactions, but I ended up rolling back half of them because they confused automated software infrastructure.
* Tue Feb 09 2021 dmuellerAATTsuse.com- update to 2.48:
* More uniform use of $(MAKE) in Makefiles
* No longer include symlinks in the git tree
* Provide support for make GOLANG=no ...
* Provide support for pointing at a specific build of the go binary
* camelCase the contrib/seccomp/explore.go program
* A number of documentation fixes to man pages and source code comments
* Last use of GO major version 0
* Wed Jan 27 2021 dmuellerAATTsuse.com- update to 2.47:
* Restructured gowns to default to uid base of getuid().
* Augment NOPRIV libcap mode with the sticky NO_NEW_PRIVS prctl bit.
* Improve the usage and diagnostic message for setcap
* Documentation fixes, license declarations, example updates
* Mon Jan 04 2021 dmuellerAATTsuse.com- update to 2.46:
* The bulk of this release concerns fixes and improvements to libpsx
* Fix the capsh == argument handling and add a test case
* Added build support for systems that do not support libpthread
* Added build support for not building shared libraries
* Sat Nov 14 2020 dmuellerAATTsuse.com- update to 2.44: Generally, this is a release to help package builders: no functional change to any of the generated code just documentation and make related fixes.
* Wed Sep 02 2020 dmuellerAATTsuse.com- update to 2.43
* Linus\' kernel tree defines CAP_CHECKPOINT_RESTORE (40) so support it.
* Fix the creation of the $(FAKEROOT)$(LIBDIR) for split install targets
* Clean up a binary from the distribution
* Added some more release time checks for non-git tracked files.
* Fix a deadlock in libpsx that surfaced with a set of compiler optimizations by removing the psx wrapping harder.
* Thu Aug 06 2020 infoAATTpaolostivanin.com- Update to version 2.42:
* Closed a potential issue with \"libcap/psx\" Go package and errno
* Documentation updates
* Minor optimization for cap_to_text() and (
*cap.Set).String()
* Discovered and added a missing function (
*cap.Set).SetNSOwner() to achieve parity with libcap
* Multiple fixes
* Support Go module abstraction
* A new kernel capability: CAP_BPF
* Better support for cross-compilation
* pam_cap now honors PAM_REINITIALIZE_CRED
* implements cap_launch functionality
* Sat Feb 15 2020 tiwaiAATTsuse.de- Update to version 2.32:
* Bug fix for fakeroot incompatibility (boo#1162014)
* Slight perf improvement for cap_get_bound().
* C++ support for psx header inclusion.
* Some new testing features for capsh
* Tue Jan 28 2020 tiwaiAATTsuse.de- Update to version 2.31:
* primarily a documentation update
* fix libpam.pc to not require libpsx.pc
* changed the text format of the default output of getpcap
* Mon Jan 13 2020 mpluskalAATTsuse.com- Build using -ffat-lto-objects for static library
* Thu Jan 09 2020 mpluskalAATTsuse.com- Update to version 2.30 (jsc#SLE-17092, jsc#ECO-3460):
* BUGFIX: arm and i386 fixes C and Go setgroups choice - used wrong syscall in 2.29.
* cleaned up make clean and make install to actually work as intended
* updated Gentoo libpsx.pc file from Lars Wendler
* refactored the way libpsx linkage with libcap performed mutual discovery.
* Previously (2.28) libpsx had an API call overridden by libcap using weak linkage function in libpsx. In 2.30 this is reversed, namely libpsx provides the stronger function and libcap has a weak \"no-op\" version.
* a bit more consistency in handling the \'all\' sets in libcap (C) and libcap/cap (Go). Namely, they both dynamically discover the number of capabilities named by the kernel and use this as the definition of \'all\' for the current runtime. + libcap (C) exports cap_max_bit() to export the number of supported capabilities + libcap/cap (Go) exports cap.MaxBits() for this same value.- For changes for older releases see:
* https://sites.google.com/site/fullycapable/release-notes-for-libcap- Add glibc-static-devel as build requirement as tests need it- Install libpsx.a as it seems to be needed in some cases:
* https://bugs.gentoo.org/703912
* Mon Dec 16 2019 matthias.gerstnerAATTsuse.com- Remove pam_cap (bsc#1150522) since this PAM module is a bad idea, security wise.
* Thu Feb 22 2018 fvogtAATTsuse.com- Use %license (boo#1082318)
* Tue Jan 31 2017 matwey.kornilovAATTgmail.com- Enable PAM pam_cap.so module
* Sun Jan 01 2017 jengelhAATTinai.de- RPM group association fix
* Mon Aug 29 2016 dimstarAATTopensuse.org- Update to versison 2.25: + Recover gperf detection in make rules. + Man page typo fix. + Tweak make rules to make packaging more straightforward. + Fix error explanation in setcap. + Drop need to link with libattr. It turns out libcap wasn\'t actually using any code from that library, so linking to it was superfluous.- Drop libcap-nolibattr.patch: fixed upstream.- No longer add %{buildroot} to all variables for make install the Makefile learned about the meaning of DESTDIR.
* Sat Jan 31 2015 p.drouandAATTgmail.com- Update to version 2.24
* Fix compilation problems (note to self, make distclean && make, before release)
* Some make rule changes to make uploading a release to kernel.org easier for me.
* Tidied up some documented links.- Update libcap-nolibattr.patch- Add pkg-config build requirement; libcap now provides a pkgconfig file- Clean up specfile- Move libraries and binaries to /usr because of #UsrMove
* Thu Jun 19 2014 crrodriguezAATTopensuse.org- libcap-nolibattr.patch Do not link to libattr, it is a bogus dependency. application uses sys/xattr from libc.
* Fri Feb 01 2013 cooloAATTsuse.com- update license to new format
* Tue Sep 20 2011 ajAATTsuse.de- Cleanup specfile a bit: Remove old tags.
* Tue Sep 20 2011 ajAATTsuse.de- Update to libcap 2.22- libcap 2.22 includes:
* Clarified License file (with version 2 of the GPL)
* Support getting/setting capabilities on large files
* After --chroot command, change working directory to \"/\".- libcap 2.21 includes:
* Introduce cap_get_bound() and cap_drop_bound() functions. also include a macro CAP_IS_SUPPORTED(cap) for capabilities- libcap 2.20 includes:
* Latest kernel capabilites supported: now includes CAP_SYSLOG
* $(CFLAGS) Makefile fixes
* Default to installing setcap with an inheritable capability.
* Thu Dec 02 2010 meissnerAATTsuse.de- updated to libcap-2.19
* more stuff in capsh.c
* sys/capability.h header clean up and fixes.
* Thu Dec 02 2010 meissnerAATTsuse.de- fixed build on ppc64 (needs to get linux/types.h included first).
* Mon Jun 28 2010 jengelhAATTmedozas.de- use %_smp_mflags
* Wed Jun 09 2010 chrisAATTcomputersalat.de- fix deps for fdupes
* Sat Dec 12 2009 jengelhAATTmedozas.de- add baselibs.conf as a source
* Wed Mar 18 2009 tiwaiAATTsuse.de- fix a typo in the previous patch (__le64) (bnc#487453)- don\'t define __u32 & co if _LINUX_TYPES_H is defined (bnc#487453)
* Tue Mar 10 2009 tiwaiAATTsuse.de- fix build error on i386 due to missing __u64 definition in sys/capability.h
* Wed Jan 07 2009 tiwaiAATTsuse.de- updated to libcap-2.15:
* Makefile fixes- updated to libcap-2.16:
* stop using sed for parsing capability.h
* Mon Oct 27 2008 tiwaiAATTsuse.de- updated to libcap-2.14:
* add -v mode to setcap- updated to libcap-2.13:
* fix a corner case of cap_to_text()- updated to libcap-2.12:
* man page fixes
* remove never used codes for sysfs check
* Wed Oct 22 2008 mrueckertAATTsuse.de- fix debug_packages_requires define
* Wed Aug 06 2008 tiwaiAATTsuse.de- updated to libcap-2.11:
* makefile fixes, minor clean-ups
* fix cap_copy_int(), new cap_get_pid() and cap_compare()
* fix cap_copy_ext()- fix build with libcap-2.11.
* Sun Aug 03 2008 roAATTsuse.de- fix requires for debuginfo package
* Wed Jun 11 2008 tiwaiAATTsuse.de- updated to libcap-2.10: v3 capabilities, documantation fixes, misc fixes
* Wed Apr 23 2008 tiwaiAATTsuse.de- updated to libcap-2.08 properly supporting the recent 2.6 kernels
* Thu Apr 10 2008 roAATTsuse.de- added baselibs.conf file to build xxbit packages for multilib support
* Mon Apr 16 2007 tiwaiAATTsuse.de- follow library packaging policy
* move docs to devel package
* move binaries and man pages to progs sub package
* fix
*.so symlink in libdir
* Wed Jan 24 2007 tiwaiAATTsuse.de- fix the access over array range in cap_extint.c (#237943).
* Tue Dec 19 2006 tiwaiAATTsuse.de- update to libcap-1.10 to support fscaps (#229722, FATE#301748)
* Wed May 24 2006 schwabAATTsuse.de- Don\'t strip binaries.
* Thu May 11 2006 tiwaiAATTsuse.de- fix invalid calls of free() (#174561)
* Wed Jan 25 2006 mlsAATTsuse.de- converted neededforbuild to BuildRequires
* Fri Aug 19 2005 kukukAATTsuse.de- Create -devel subpackage
* Thu Jun 23 2005 meissnerAATTsuse.de- use RPM_OPT_FLAGS.
* Wed May 25 2005 tiwaiAATTsuse.de- fixed memory leak (#85659)
* Wed Jan 19 2005 tiwaiAATTsuse.de- fixed compile warnings with gcc-4.0.
* Thu Mar 25 2004 thomasAATTsuse.de- added EAL3 man-page patch
* Tue Jan 27 2004 kukukAATTsuse.de- Remove capget.2/capset.2 from package (version from man-pages is newer).
* Sun Jan 11 2004 adrianAATTsuse.de- add %run_ldconfig
* Mon Feb 24 2003 schwabAATTsuse.de- Don\'t include kernel headers, instead copy the contents here.
* Thu Feb 06 2003 garloffAATTsuse.de- Avoid inclusion of glibc\'s linux/fs.h (it\'s broken) [#23324].- Use BuildRoot.
* Wed Nov 27 2002 cooloAATTsuse.de- link the library with the compiler so the depedencies are tracked correctly (#21996)
* Tue Sep 17 2002 roAATTsuse.de- removed bogus self-provides
* Wed Sep 04 2002 sfAATTsuse.de- fix biarch error (added patch to Make.Rules)
* Sun Aug 11 2002 kukukAATTsuse.de- Remove kernel-source from neededforbuild
* Sat Apr 20 2002 garloffAATTsuse.de- Include capfaq-0.2.txt- Disable syscall wrapper (capset/capget); it\'s defined in glibc.
* Sat Apr 20 2002 garloffAATTsuse.de- Compile syscall wrapper without -fPIC
* Tue Apr 09 2002 roAATTsuse.de- apply gcc-3 fixes only for gcc-3
* Mon Mar 25 2002 stepanAATTsuse.de- remove -ansi, as it forbids inline. (gcc3)- use -fpic for building libraries (gcc3)
* Wed Sep 05 2001 roAATTsuse.de- updated neededforbuild and updated specfile (man and doc relocation)
* Tue Sep 28 1999 garloffAATTsuse.de- Initial check in of libcap.- Kernel patches are provided within the docdir.
  
ICM