Revisions of libcap
Ana Guerrero (anag+factory)
accepted
request 1177532
from
Marcus Meissner (msmeissn)
(revision 60)
- update to 2.70: * setcap changes to make it harder to set invalid file capabilities * Lots of documentation fixes * Fix c89 compilation syntax for the C code in the libraries * libpam has deprecated providing the _pam_overwrite() function, so use memset() instead
Dominique Leuenberger (dimstar_suse)
accepted
request 1087357
from
Marcus Meissner (msmeissn)
(revision 59)
- updated to 2.69 - An audit was performed on libcap and friends by https://x41-dsec.de/ (blog) . The audit (final report, 2023-05-10) was sponsored by the the Open Source Technology Improvement Fund, https://ostif.org/ (blog). Five issues were found. Four of them are addressed in this release. Each issue was labeled in the audit results as follows: - LCAP-CR-23-01 (SEVERITY) LOW (CVE-2023-2602) - found by David Gstir (bsc#1211418) - LCAP-CR-23-02 (SEVERITY) MEDIUM (CVE-2023-2603) - found by Richard Weinberger (bsc#1211419) - LCAP-CR-23-100 (SEVERITY) NONE - LCAP-CR-23-101 (SEVERITY) NONE - LCAP-CR-23-102 (SEVERITY) NONE - Man page style improvement from Emanuele Torre (forwarded request 1087355 from msmeissn)
Dominique Leuenberger (dimstar_suse)
accepted
request 1075562
from
Dirk Mueller (dirkmueller)
(revision 58)
- update to 2.68: * Force libcap internal functions to be hidden outside the library * Expanded the list of man page (links) to all of the supported API functions. * fixed some formatting issues with the libpsx(3) manpage. * Add support for a markdown preamble and postscript when generating .md versions of the man pages (Bug 217007) * psx package clean up * fix some copy-paste errors with TestShared() * added a more complete psx testing into this test as well * cap package clean up * drop an unnecessary use of ", _" in the sources * cleaned up cap.NamedCount documentation * Converted goapps/web/README to .md format and fixed the instructions to indicate go mod tidy is needed. * cap_compare test binary now cleans up after itself (Bug 217018) * Figured out how to cross compile Go programs for arm (i.e. RPi) that use C code, don't use cgo but do use the psx package * Eliminate use of vendor directory
Dominique Leuenberger (dimstar_suse)
accepted
request 1074160
from
Dirk Mueller (dirkmueller)
(revision 57)
Dominique Leuenberger (dimstar_suse)
accepted
request 1064421
from
Factory Maintainer (factory-maintainer)
(revision 56)
Automatic submission by obs-autosubmit
Dominique Leuenberger (dimstar_suse)
accepted
request 1007104
from
Dirk Mueller (dirkmueller)
(revision 55)
- update to 2.66: * Fix documentation typos in cap_from_text.3 * Some getpcaps code clean up and a fix for PID argument parsing from Jakub Wilk. * Slightly more robust Makefiles to address an error with make -j48 test observed * Include a simple Go program, captrace, to trace kernel capability validation checks * This program can be used to figure out what capabilities a program needs to operate. * captrace (a wrapper for bpftrace) uses BPF kprobes to monitor the kernel for capability checks and whether or not they succeed for the system, a specific PID or a program's direct execution. * Trim down the default file capabilities for contrib/sucap/su to those actually needed and set USER and HOME environment variables so bash doesn't complain about a sourcing error.
Fabian Vogt (favogt_factory)
accepted
request 990728
from
Dirk Mueller (dirkmueller)
(revision 54)
- update to 2.65: * Fix syntax error in DEBUG build of protected code in setcap.c. * Prevent bash from reading the wrong startup files when the capsh --user=xxx argument is used to invoke a shell as the user xxx. This is done by capsh now changing the USER and HOME environment variables when --user is specified. The argument --noenv can be used to suppress this behavior to what used to be the problematic default. (Bug: 215926) * Improved documentation
Dominique Leuenberger (dimstar_suse)
accepted
request 969556
from
Dirk Mueller (dirkmueller)
(revision 53)
- update to 2.64: * Fix memory leak in libpsx at program exit. * Be more resilient to CGo configuration with Go compiler when building tests. * Fix cap_*prctl() return code/errno handling. * Minor clarification to cap_get_pid() man page concerning pid value within namespaces.
Dominique Leuenberger (dimstar_suse)
accepted
request 957551
from
Marcus Meissner (msmeissn)
(revision 52)
Merged some changes and metadata over from the SLE side. - Use "or" in the license tag to avoid confusion (bsc#1180073) - Update to version 2.30 (jsc#SLE-17092, jsc#ECO-3460): (forwarded request 957541 from msmeissn)
Dominique Leuenberger (dimstar_suse)
accepted
request 950291
from
Dirk Mueller (dirkmueller)
(revision 51)
- update to 2.63: * restore errno to zero by the time main() is executed * Consistent psx handling (a panic) for syscalls that return thread dependent status Inconsistend behavior noticed by Lorenz Bauer * Add a test case for a deadlock under investigation in golang * Trim some of the #include file use to make the tree compile more efficiently
Dominique Leuenberger (dimstar_suse)
accepted
request 943181
from
Dirk Mueller (dirkmueller)
(revision 50)
- update to 2.62: * Bug fix for Go package "cap" and launching * Build cleanups * Documentation updates: cap_max_bits has a man page entry * Recognize default securebits as a libcap mode: HYBRID
Dominique Leuenberger (dimstar_suse)
accepted
request 934430
from
Factory Maintainer (factory-maintainer)
(revision 49)
Automatic submission by obs-autosubmit
Dominique Leuenberger (dimstar_suse)
accepted
request 906773
from
Dirk Mueller (dirkmueller)
(revision 47)
- update to 2.51: * Fix capsh installation * Add an autoauth module flag to pam_cap.so * Unified libcap/cap (Go) and libcap (C) default generation of external format binary data * API enhancement cap_fill() and (*cap.Set).Fill() - to permit copying one capability flag to another. * --explain=cap_foo: describe what cap_foo does * --suggest=phrase: search all the cap descriptions and describe those that match the phrase * Add "keepcaps" module argument support to pam_cap.so (reported by Zoltan Fridrich. Bug 212945) * extend libcap to include cap_prctl() and cap_prctlw() functions to regain feature parity with Go "cap" package. These are only needed when linking against -lpsx for keepcaps POSIX semantics. * this likely requires substantial application changes to make Ambient capability support usable in general, but doing our part for the admin. * Add a test case for recent kernel fix * Go pragma fix for convenience functions in "cap" module
Dominique Leuenberger (dimstar_suse)
accepted
request 896907
from
Takashi Iwai (tiwai)
(revision 46)
Dominique Leuenberger (dimstar_suse)
accepted
request 886057
from
Takashi Iwai (tiwai)
(revision 45)
Richard Brown (RBrownSUSE)
accepted
request 880541
from
Dirk Mueller (dirkmueller)
(revision 44)
- update to 2.49: * Implement cap_func_launcher() and cap.FuncLauncher(). * More robust "psx" redirection for nocgo compilation - the documentation for the cgo implementation is now included in the nocgo one because the go.dev automated documentation builds the docs from the nocgo version. * Lots of documentation cleanups and added a few man pages: for IAB and Launching. * Some general no-op License changes that might cause folk to notice but only for formatting reasons. These were initially inspired by some lawyerly interactions, but I ended up rolling back half of them because they confused automated software infrastructure.
Dominique Leuenberger (dimstar_suse)
accepted
request 870717
from
Dirk Mueller (dirkmueller)
(revision 43)
- update to 2.48: * More uniform use of $(MAKE) in Makefiles * No longer include symlinks in the git tree * Provide support for make GOLANG=no ... * Provide support for pointing at a specific build of the go binary * camelCase the contrib/seccomp/explore.go program * A number of documentation fixes to man pages and source code comments * Last use of GO major version 0
Dominique Leuenberger (dimstar_suse)
accepted
request 867074
from
Dirk Mueller (dirkmueller)
(revision 42)
- update to 2.47: * Restructured gowns to default to uid base of getuid(). * Augment NOPRIV libcap mode with the sticky NO_NEW_PRIVS prctl bit. * Improve the usage and diagnostic message for setcap * Documentation fixes, license declarations, example updates
Dominique Leuenberger (dimstar_suse)
accepted
request 860344
from
Dirk Mueller (dirkmueller)
(revision 41)
- update to 2.46: * The bulk of this release concerns fixes and improvements to libpsx * Fix the capsh == argument handling and add a test case * Added build support for systems that do not support libpthread * Added build support for not building shared libraries
Displaying revisions 1 - 20 of 60