Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

libcap2-2.70-1.1 RPM for ppc64le

From OpenSuSE Ports Tumbleweed for ppc64le

Name: libcap2 Distribution: openSUSE Tumbleweed
Version: 2.70 Vendor: openSUSE
Release: 1.1 Build date: Sat May 25 20:00:14 2024
Group: System/Libraries Build host: reproducible
Size: 87916 Source RPM: libcap-2.70-1.1.src.rpm
Packager: http://bugs.opensuse.org
Url: https://sites.google.com/site/fullycapable/
Summary: Library for Capabilities (linux-privs) Support
Capabilities are a measure to limit the omnipotence of the superuser.
Currently a program started by root or setuid root has the power to do
anything. Capabilities (Linux-Privs) provide a more fine-grained access
control. Without kernel patches, you can use this library to drop
capabilities within setuid binaries. If you use patches, this can be
done automatically by the kernel.

Provides

Requires

License

BSD-3-Clause OR GPL-2.0-only

Changelog

* Sat May 25 2024 Andreas Stieger <[email protected]>
  - update to 2.70:
    * setcap changes to make it harder to set invalid file capabilities
    * Lots of documentation fixes
    * Fix c89 compilation syntax for the C code in the libraries
    * libpam has deprecated providing the _pam_overwrite() function,
      so use memset() instead
* Tue May 16 2023 Marcus Meissner <[email protected]>
  - updated to 2.69
    - An audit was performed on libcap and friends by https://x41-dsec.de/ (blog) . The audit (final report, 2023-05-10) was sponsored by the the Open Source Technology Improvement Fund, https://ostif.org/ (blog). Five issues were found. Four of them are addressed in this release. Each issue was labeled in the audit results as follows:
    - LCAP-CR-23-01 (SEVERITY) LOW (CVE-2023-2602) - found by David Gstir (bsc#1211418)
    - LCAP-CR-23-02 (SEVERITY) MEDIUM (CVE-2023-2603) - found by Richard Weinberger (bsc#1211419)
    - LCAP-CR-23-100 (SEVERITY) NONE
    - LCAP-CR-23-101 (SEVERITY) NONE
    - LCAP-CR-23-102 (SEVERITY) NONE
    - Man page style improvement from Emanuele Torre
* Thu Mar 30 2023 Dirk Müller <[email protected]>
  - update to 2.68:
    * Force libcap internal functions to be hidden outside the library
    * Expanded the list of man page (links) to all of the supported API
      functions.
    * fixed some formatting issues with the libpsx(3) manpage.
    * Add support for a markdown preamble and postscript when generating
      .md versions of the man pages (Bug 217007)
    * psx package clean up
    * fix some copy-paste errors with TestShared()
    * added a more complete psx testing into this test as well
    * cap package clean up
    * drop an unnecessary use of ", _" in the sources
    * cleaned up cap.NamedCount documentation
    * Converted goapps/web/README to .md format and fixed the
      instructions to indicate go mod tidy is needed.
    * cap_compare test binary now cleans up after itself (Bug 217018)
    * Figured out how to cross compile Go programs for arm (i.e. RPi) that
      use C code, don't use cgo but do use the psx package
    * Eliminate use of vendor directory
* Fri Mar 24 2023 Martin Liška <[email protected]>
  - Enable LTO and add missing -ffat-lto-objects for the provided
    static libs.
* Fri Mar 24 2023 Takashi Iwai <[email protected]>
  - Revert LTO again; it still breaks builds
* Thu Mar 23 2023 Martin Liška <[email protected]>
  - Enable LTO as it works fine.
* Sat Feb 04 2023 Dirk Müller <[email protected]>
  - update to 2.67:
    * Replace use of fgrep with grep -F (POSIX grep flags preferred by
      GNU grep) - patch from David Seifert.
    * Added SPDX identifiers to License file(s). Hopefully this will
      help the various robots out there correctly identify the
      longstanding licenses for libcap and friends. (Bug: 216609
      reported by Günther Noack)
    * Started down the rabbit hole of trying to address (Bug: 216610
      reported by Günther Noack on behalf of Michael Stapelberg)
    * The basic issue is how to link C code with Go psx without using
      CGo. This is all a low level hackery. If you are interested,
      browse the source.
    * Correct for bad whatis entries in man pages (this was throwing a
      Debian build test, detail)
    * Also reviewed man pages and addressed cross linkage issues (Bug:
    * Cleaned up some README.md files (made a github mirror now just so
      I can automatically render them).
    * Changed meaning of DYNAMIC=no builds.
      This now builds everything with static linking except for libc.
      The reason for this exception is explained in the commit message.
    * Inserted demonstration exploit code in capso.so to support
      article.
* Thu Sep 29 2022 Dirk Müller <[email protected]>
  - update to 2.66:
    * Fix documentation typos in cap_from_text.3
    * Some getpcaps code clean up and a fix for PID argument parsing from Jakub
      Wilk.
    * Slightly more robust Makefiles to address an error with make -j48 test observed
    * Include a simple Go program, captrace, to trace kernel capability validation
      checks
    * This program can be used to figure out what capabilities a program needs to
      operate.
    * captrace (a wrapper for bpftrace) uses BPF kprobes to monitor the kernel for
      capability checks and whether or not they succeed for the system, a specific
      PID or a program's direct execution.
    * Trim down the default file capabilities for contrib/sucap/su to those actually
      needed and set USER and HOME environment variables so bash doesn't complain
      about a sourcing error.
* Fri Jul 22 2022 Dirk Müller <[email protected]>
  - update to 2.65:
    * Fix syntax error in DEBUG build of protected code in setcap.c.
    * Prevent bash from reading the wrong startup files when the capsh --user=xxx
      argument is used to invoke a shell as the user xxx. This is done by capsh now
      changing the USER and HOME environment variables when --user is specified.
      The argument --noenv can be used to suppress this behavior to what used to be
      the problematic default. (Bug: 215926)
    * Improved documentation
* Tue Apr 12 2022 Dirk Müller <[email protected]>
  - update to 2.64:
    * Fix memory leak in libpsx at program exit.
    * Be more resilient to CGo configuration with Go compiler when building tests.
    * Fix cap_*prctl() return code/errno handling.
    * Minor clarification to cap_get_pid() man page concerning pid
      value within namespaces.
* Fri Feb 25 2022 Marcus Meissner <[email protected]>
  - Use "or" in the license tag to avoid confusion (bsc#1180073)
* Mon Jan 31 2022 Dirk Müller <[email protected]>
  - update to 2.63:
    * restore errno to zero by the time main() is executed
    * Consistent psx handling (a panic) for syscalls that return thread dependent
      status Inconsistend behavior noticed by Lorenz Bauer
    * Add a test case for a deadlock under investigation in golang
    * Trim some of the #include file use to make the tree compile more
      efficiently
* Thu Dec 30 2021 Dirk Müller <[email protected]>
  - update to 2.62:
    * Bug fix for Go package "cap" and launching
    * Build cleanups
    * Documentation updates: cap_max_bits has a man page entry
    * Recognize default securebits as a libcap mode: HYBRID
* Sun Nov 21 2021 Andreas Stieger <[email protected]>
  - libcap 2.61:
    * Better error handling of the numerical arguments for capsh and
      setcap
    * Fix executable mode for all of the .so files. There were two
      situations where this was failing (with a hard to debug SIGSEGV
      inside libc)
    * Added an example of a shared library object with its own file
      capability
    * Fix the top-level include for Make.Rules in the contrib/sucap
      example application
    * Add support for running constructors at libcap.so start up time
      when running as stand alone binary.
  - includes changes from 2.60:
    * Some build, code linting fixes, the addition of the
      cap_fill_flag() API and a memory latency optimization
    * General improvement in thread safety for libcap and cap package
    * Minor API change replacing libcap:cap_launch_*() void returning
      functions with int + errno status returns.
    * Added a cap_iab_dup(), and (*cap.IAB).Dup() to API
    * New features for capsh: --quiet, -+ and =+ arguments
  - add upstream signing key and verify source signature
* Tue Sep 28 2021 Paolo Stivanin <[email protected]>
  - update to 2.59:
    * Fixed a potential libcap memory leak by adding a destructor
    * Major improvement is that there is a path for Linux-PAM compliant
      applications to support setting Ambient vector Capabilities via pam_cap.so now
    * Added libcap cap_proc_root() API function
    * Added color support to captree
    * Fixed contrib/sucap/su to correctly handle the Inheritable flag
    * capsh enhancements
    * getcap -r / now generates readable output
    * The shared library objects: pam_cap.so, libcap.so and libpsx.so, are all now
      runnable as standalone binaries
    * The module pam_cap.so now contains support for a default=<IAB> module argument
    * Enhanced capsh --suggest to also compare against the capability value names
      and not just their descriptions
    * Added capsh --current support
    * Added a contrib/sucap/su.c pure-capabilities PAM implementation of su
    * Fix for a corner case infinite loop handling long strings
    * Added libcap cap_iab_compare() and cap_iab_get_pid() APIs
    * Added a Go utility, captree, to display the process (and thread) graph along with
      the POSIX.1e and IAB capabilities of each PID{TID} tree.
* Sat Jul 17 2021 Dirk Müller <[email protected]>
  - update to 2.51:
    * Fix capsh installation
    * Add an autoauth module flag to pam_cap.so
    * Unified libcap/cap (Go) and libcap (C) default generation of external format binary data
    * API enhancement cap_fill() and (*cap.Set).Fill() - to permit copying one
      capability flag to another.
    * --explain=cap_foo: describe what cap_foo does
    * --suggest=phrase: search all the cap descriptions and describe those that match the phrase
    * Add "keepcaps" module argument support to pam_cap.so (reported by Zoltan Fridrich. Bug 212945)
    * extend libcap to include cap_prctl() and cap_prctlw() functions to regain
      feature parity with Go "cap" package. These are only needed when linking
      against -lpsx for keepcaps POSIX semantics.
    * this likely requires substantial application changes to make Ambient
      capability support usable in general, but doing our part for the admin.
    * Add a test case for recent kernel fix
    * Go pragma fix for convenience functions in "cap" module
* Wed Jun 02 2021 Christophe Giboudeaux <[email protected]>
  - Fix a broken symlink. libcap-devel installs libpsx.so but
    didn't install the library it's pointing to.
* Fri Apr 16 2021 [email protected]
  - Add explicit dependency on libcap2 with version to libcap-progs
    (bsc#1184690)
* Mon Mar 22 2021 Dirk Müller <[email protected]>
  - update to 2.49:
    * Implement cap_func_launcher() and cap.FuncLauncher().
    * More robust "psx" redirection for nocgo compilation - the documentation for
      the cgo implementation is now included in the nocgo one because the go.dev
      automated documentation builds the docs from the nocgo version.
    * Lots of documentation cleanups and added a few man pages: for IAB and
      Launching.
    * Some general no-op License changes that might cause folk to notice but only
      for formatting reasons. These were initially inspired by some lawyerly
      interactions, but I ended up rolling back half of them because they
      confused automated software infrastructure.
* Tue Feb 09 2021 Dirk Müller <[email protected]>
  - update to 2.48:
    * More uniform use of $(MAKE) in Makefiles
    * No longer include symlinks in the git tree
    * Provide support for make GOLANG=no ...
    * Provide support for pointing at a specific build of the go binary
    * camelCase the contrib/seccomp/explore.go program
    * A number of documentation fixes to man pages and source code comments
    * Last use of GO major version 0
* Wed Jan 27 2021 Dirk Müller <[email protected]>
  - update to 2.47:
    * Restructured gowns to default to uid base of getuid().
    * Augment NOPRIV libcap mode with the sticky NO_NEW_PRIVS prctl bit.
    * Improve the usage and diagnostic message for setcap
    * Documentation fixes, license declarations, example updates
* Mon Jan 04 2021 Dirk Müller <[email protected]>
  - update to 2.46:
    * The bulk of this release concerns fixes and improvements to libpsx
    * Fix the capsh == argument handling and add a test case
    * Added build support for systems that do not support libpthread
    * Added build support for not building shared libraries

Files

/usr/lib64/libcap.so.2
/usr/lib64/libcap.so.2.70
/usr/share/licenses/libcap2
/usr/share/licenses/libcap2/License


Generated by rpm2html 1.8.1

Fabrice Bellet, Fri Oct 18 00:12:25 2024