Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: libcap2 | Distribution: openSUSE Tumbleweed |
Version: 2.70 | Vendor: openSUSE |
Release: 1.1 | Build date: Sat May 25 20:00:14 2024 |
Group: System/Libraries | Build host: reproducible |
Size: 87916 | Source RPM: libcap-2.70-1.1.src.rpm |
Packager: http://bugs.opensuse.org | |
Url: https://sites.google.com/site/fullycapable/ | |
Summary: Library for Capabilities (linux-privs) Support |
Capabilities are a measure to limit the omnipotence of the superuser. Currently a program started by root or setuid root has the power to do anything. Capabilities (Linux-Privs) provide a more fine-grained access control. Without kernel patches, you can use this library to drop capabilities within setuid binaries. If you use patches, this can be done automatically by the kernel.
BSD-3-Clause OR GPL-2.0-only
* Sat May 25 2024 Andreas Stieger <[email protected]> - update to 2.70: * setcap changes to make it harder to set invalid file capabilities * Lots of documentation fixes * Fix c89 compilation syntax for the C code in the libraries * libpam has deprecated providing the _pam_overwrite() function, so use memset() instead * Tue May 16 2023 Marcus Meissner <[email protected]> - updated to 2.69 - An audit was performed on libcap and friends by https://x41-dsec.de/ (blog) . The audit (final report, 2023-05-10) was sponsored by the the Open Source Technology Improvement Fund, https://ostif.org/ (blog). Five issues were found. Four of them are addressed in this release. Each issue was labeled in the audit results as follows: - LCAP-CR-23-01 (SEVERITY) LOW (CVE-2023-2602) - found by David Gstir (bsc#1211418) - LCAP-CR-23-02 (SEVERITY) MEDIUM (CVE-2023-2603) - found by Richard Weinberger (bsc#1211419) - LCAP-CR-23-100 (SEVERITY) NONE - LCAP-CR-23-101 (SEVERITY) NONE - LCAP-CR-23-102 (SEVERITY) NONE - Man page style improvement from Emanuele Torre * Thu Mar 30 2023 Dirk Müller <[email protected]> - update to 2.68: * Force libcap internal functions to be hidden outside the library * Expanded the list of man page (links) to all of the supported API functions. * fixed some formatting issues with the libpsx(3) manpage. * Add support for a markdown preamble and postscript when generating .md versions of the man pages (Bug 217007) * psx package clean up * fix some copy-paste errors with TestShared() * added a more complete psx testing into this test as well * cap package clean up * drop an unnecessary use of ", _" in the sources * cleaned up cap.NamedCount documentation * Converted goapps/web/README to .md format and fixed the instructions to indicate go mod tidy is needed. * cap_compare test binary now cleans up after itself (Bug 217018) * Figured out how to cross compile Go programs for arm (i.e. RPi) that use C code, don't use cgo but do use the psx package * Eliminate use of vendor directory * Fri Mar 24 2023 Martin Liška <[email protected]> - Enable LTO and add missing -ffat-lto-objects for the provided static libs. * Fri Mar 24 2023 Takashi Iwai <[email protected]> - Revert LTO again; it still breaks builds * Thu Mar 23 2023 Martin Liška <[email protected]> - Enable LTO as it works fine. * Sat Feb 04 2023 Dirk Müller <[email protected]> - update to 2.67: * Replace use of fgrep with grep -F (POSIX grep flags preferred by GNU grep) - patch from David Seifert. * Added SPDX identifiers to License file(s). Hopefully this will help the various robots out there correctly identify the longstanding licenses for libcap and friends. (Bug: 216609 reported by Günther Noack) * Started down the rabbit hole of trying to address (Bug: 216610 reported by Günther Noack on behalf of Michael Stapelberg) * The basic issue is how to link C code with Go psx without using CGo. This is all a low level hackery. If you are interested, browse the source. * Correct for bad whatis entries in man pages (this was throwing a Debian build test, detail) * Also reviewed man pages and addressed cross linkage issues (Bug: * Cleaned up some README.md files (made a github mirror now just so I can automatically render them). * Changed meaning of DYNAMIC=no builds. This now builds everything with static linking except for libc. The reason for this exception is explained in the commit message. * Inserted demonstration exploit code in capso.so to support article. * Thu Sep 29 2022 Dirk Müller <[email protected]> - update to 2.66: * Fix documentation typos in cap_from_text.3 * Some getpcaps code clean up and a fix for PID argument parsing from Jakub Wilk. * Slightly more robust Makefiles to address an error with make -j48 test observed * Include a simple Go program, captrace, to trace kernel capability validation checks * This program can be used to figure out what capabilities a program needs to operate. * captrace (a wrapper for bpftrace) uses BPF kprobes to monitor the kernel for capability checks and whether or not they succeed for the system, a specific PID or a program's direct execution. * Trim down the default file capabilities for contrib/sucap/su to those actually needed and set USER and HOME environment variables so bash doesn't complain about a sourcing error. * Fri Jul 22 2022 Dirk Müller <[email protected]> - update to 2.65: * Fix syntax error in DEBUG build of protected code in setcap.c. * Prevent bash from reading the wrong startup files when the capsh --user=xxx argument is used to invoke a shell as the user xxx. This is done by capsh now changing the USER and HOME environment variables when --user is specified. The argument --noenv can be used to suppress this behavior to what used to be the problematic default. (Bug: 215926) * Improved documentation * Tue Apr 12 2022 Dirk Müller <[email protected]> - update to 2.64: * Fix memory leak in libpsx at program exit. * Be more resilient to CGo configuration with Go compiler when building tests. * Fix cap_*prctl() return code/errno handling. * Minor clarification to cap_get_pid() man page concerning pid value within namespaces. * Fri Feb 25 2022 Marcus Meissner <[email protected]> - Use "or" in the license tag to avoid confusion (bsc#1180073) * Mon Jan 31 2022 Dirk Müller <[email protected]> - update to 2.63: * restore errno to zero by the time main() is executed * Consistent psx handling (a panic) for syscalls that return thread dependent status Inconsistend behavior noticed by Lorenz Bauer * Add a test case for a deadlock under investigation in golang * Trim some of the #include file use to make the tree compile more efficiently * Thu Dec 30 2021 Dirk Müller <[email protected]> - update to 2.62: * Bug fix for Go package "cap" and launching * Build cleanups * Documentation updates: cap_max_bits has a man page entry * Recognize default securebits as a libcap mode: HYBRID * Sun Nov 21 2021 Andreas Stieger <[email protected]> - libcap 2.61: * Better error handling of the numerical arguments for capsh and setcap * Fix executable mode for all of the .so files. There were two situations where this was failing (with a hard to debug SIGSEGV inside libc) * Added an example of a shared library object with its own file capability * Fix the top-level include for Make.Rules in the contrib/sucap example application * Add support for running constructors at libcap.so start up time when running as stand alone binary. - includes changes from 2.60: * Some build, code linting fixes, the addition of the cap_fill_flag() API and a memory latency optimization * General improvement in thread safety for libcap and cap package * Minor API change replacing libcap:cap_launch_*() void returning functions with int + errno status returns. * Added a cap_iab_dup(), and (*cap.IAB).Dup() to API * New features for capsh: --quiet, -+ and =+ arguments - add upstream signing key and verify source signature * Tue Sep 28 2021 Paolo Stivanin <[email protected]> - update to 2.59: * Fixed a potential libcap memory leak by adding a destructor * Major improvement is that there is a path for Linux-PAM compliant applications to support setting Ambient vector Capabilities via pam_cap.so now * Added libcap cap_proc_root() API function * Added color support to captree * Fixed contrib/sucap/su to correctly handle the Inheritable flag * capsh enhancements * getcap -r / now generates readable output * The shared library objects: pam_cap.so, libcap.so and libpsx.so, are all now runnable as standalone binaries * The module pam_cap.so now contains support for a default=<IAB> module argument * Enhanced capsh --suggest to also compare against the capability value names and not just their descriptions * Added capsh --current support * Added a contrib/sucap/su.c pure-capabilities PAM implementation of su * Fix for a corner case infinite loop handling long strings * Added libcap cap_iab_compare() and cap_iab_get_pid() APIs * Added a Go utility, captree, to display the process (and thread) graph along with the POSIX.1e and IAB capabilities of each PID{TID} tree. * Sat Jul 17 2021 Dirk Müller <[email protected]> - update to 2.51: * Fix capsh installation * Add an autoauth module flag to pam_cap.so * Unified libcap/cap (Go) and libcap (C) default generation of external format binary data * API enhancement cap_fill() and (*cap.Set).Fill() - to permit copying one capability flag to another. * --explain=cap_foo: describe what cap_foo does * --suggest=phrase: search all the cap descriptions and describe those that match the phrase * Add "keepcaps" module argument support to pam_cap.so (reported by Zoltan Fridrich. Bug 212945) * extend libcap to include cap_prctl() and cap_prctlw() functions to regain feature parity with Go "cap" package. These are only needed when linking against -lpsx for keepcaps POSIX semantics. * this likely requires substantial application changes to make Ambient capability support usable in general, but doing our part for the admin. * Add a test case for recent kernel fix * Go pragma fix for convenience functions in "cap" module * Wed Jun 02 2021 Christophe Giboudeaux <[email protected]> - Fix a broken symlink. libcap-devel installs libpsx.so but didn't install the library it's pointing to. * Fri Apr 16 2021 [email protected] - Add explicit dependency on libcap2 with version to libcap-progs (bsc#1184690) * Mon Mar 22 2021 Dirk Müller <[email protected]> - update to 2.49: * Implement cap_func_launcher() and cap.FuncLauncher(). * More robust "psx" redirection for nocgo compilation - the documentation for the cgo implementation is now included in the nocgo one because the go.dev automated documentation builds the docs from the nocgo version. * Lots of documentation cleanups and added a few man pages: for IAB and Launching. * Some general no-op License changes that might cause folk to notice but only for formatting reasons. These were initially inspired by some lawyerly interactions, but I ended up rolling back half of them because they confused automated software infrastructure. * Tue Feb 09 2021 Dirk Müller <[email protected]> - update to 2.48: * More uniform use of $(MAKE) in Makefiles * No longer include symlinks in the git tree * Provide support for make GOLANG=no ... * Provide support for pointing at a specific build of the go binary * camelCase the contrib/seccomp/explore.go program * A number of documentation fixes to man pages and source code comments * Last use of GO major version 0 * Wed Jan 27 2021 Dirk Müller <[email protected]> - update to 2.47: * Restructured gowns to default to uid base of getuid(). * Augment NOPRIV libcap mode with the sticky NO_NEW_PRIVS prctl bit. * Improve the usage and diagnostic message for setcap * Documentation fixes, license declarations, example updates * Mon Jan 04 2021 Dirk Müller <[email protected]> - update to 2.46: * The bulk of this release concerns fixes and improvements to libpsx * Fix the capsh == argument handling and add a test case * Added build support for systems that do not support libpthread * Added build support for not building shared libraries
/usr/lib64/libcap.so.2 /usr/lib64/libcap.so.2.70 /usr/share/licenses/libcap2 /usr/share/licenses/libcap2/License
Generated by rpm2html 1.8.1
Fabrice Bellet, Fri Oct 18 00:12:25 2024