Revisions of libcap
Marcus Meissner (msmeissn)
accepted
request 1090157
from
Marcus Meissner (msmeissn)
(revision 85)
- enable pam module
buildservice-autocommit
accepted
request 1087357
from
Marcus Meissner (msmeissn)
(revision 84)
baserev update by copy to link target
Marcus Meissner (msmeissn)
accepted
request 1087355
from
Marcus Meissner (msmeissn)
(revision 83)
- updated to 2.69 - An audit was performed on libcap and friends by https://x41-dsec.de/ (blog) . The audit (final report, 2023-05-10) was sponsored by the the Open Source Technology Improvement Fund, https://ostif.org/ (blog). Five issues were found. Four of them are addressed in this release. Each issue was labeled in the audit results as follows: - LCAP-CR-23-01 (SEVERITY) LOW (CVE-2023-2602) - found by David Gstir (bsc#1211418) - LCAP-CR-23-02 (SEVERITY) MEDIUM (CVE-2023-2603) - found by Richard Weinberger (bsc#1211419) - LCAP-CR-23-100 (SEVERITY) NONE - LCAP-CR-23-101 (SEVERITY) NONE - LCAP-CR-23-102 (SEVERITY) NONE - Man page style improvement from Emanuele Torre
buildservice-autocommit
accepted
request 1075562
from
Dirk Mueller (dirkmueller)
(revision 82)
baserev update by copy to link target
Dirk Mueller (dirkmueller)
committed
(revision 81)
- update to 2.68: * Force libcap internal functions to be hidden outside the library * Expanded the list of man page (links) to all of the supported API functions. * fixed some formatting issues with the libpsx(3) manpage. * Add support for a markdown preamble and postscript when generating .md versions of the man pages (Bug 217007) * psx package clean up * fix some copy-paste errors with TestShared() * added a more complete psx testing into this test as well * cap package clean up * drop an unnecessary use of ", _" in the sources * cleaned up cap.NamedCount documentation * Converted goapps/web/README to .md format and fixed the instructions to indicate go mod tidy is needed. * cap_compare test binary now cleans up after itself (Bug 217018) * Figured out how to cross compile Go programs for arm (i.e. RPi) that use C code, don't use cgo but do use the psx package * Eliminate use of vendor directory
buildservice-autocommit
accepted
request 1074160
from
Dirk Mueller (dirkmueller)
(revision 80)
baserev update by copy to link target
Dirk Mueller (dirkmueller)
accepted
request 1074133
from
Martin Liška (marxin)
(revision 79)
- Enable LTO and add missing -ffat-lto-objects for the provided static libs.
Takashi Iwai (tiwai)
accepted
request 1074125
from
Takashi Iwai (tiwai)
(revision 78)
- Revert LTO again; it still breaks builds
Takashi Iwai (tiwai)
accepted
request 1073998
from
Martin Liška (marxin)
(revision 77)
- Enable LTO as it works fine.
buildservice-autocommit
accepted
request 1064421
from
Factory Maintainer (factory-maintainer)
(revision 76)
baserev update by copy to link target
Dirk Mueller (dirkmueller)
committed
(revision 75)
- update to 2.67: * Replace use of fgrep with grep -F (POSIX grep flags preferred by GNU grep) - patch from David Seifert. * Added SPDX identifiers to License file(s). Hopefully this will help the various robots out there correctly identify the longstanding licenses for libcap and friends. (Bug: 216609 reported by Günther Noack) * Started down the rabbit hole of trying to address (Bug: 216610 reported by Günther Noack on behalf of Michael Stapelberg) * The basic issue is how to link C code with Go psx without using CGo. This is all a low level hackery. If you are interested, browse the source. * Correct for bad whatis entries in man pages (this was throwing a Debian build test, detail) * Also reviewed man pages and addressed cross linkage issues (Bug: * Cleaned up some README.md files (made a github mirror now just so I can automatically render them). * Changed meaning of DYNAMIC=no builds. This now builds everything with static linking except for libc. The reason for this exception is explained in the commit message. * Inserted demonstration exploit code in capso.so to support article. * Minor clarification to cap_get_pid() man page concerning pid value within namespaces.
buildservice-autocommit
accepted
request 1007104
from
Dirk Mueller (dirkmueller)
(revision 74)
baserev update by copy to link target
Dirk Mueller (dirkmueller)
committed
(revision 73)
- update to 2.66: * Fix documentation typos in cap_from_text.3 * Some getpcaps code clean up and a fix for PID argument parsing from Jakub Wilk. * Slightly more robust Makefiles to address an error with make -j48 test observed * Include a simple Go program, captrace, to trace kernel capability validation checks * This program can be used to figure out what capabilities a program needs to operate. * captrace (a wrapper for bpftrace) uses BPF kprobes to monitor the kernel for capability checks and whether or not they succeed for the system, a specific PID or a program's direct execution. * Trim down the default file capabilities for contrib/sucap/su to those actually needed and set USER and HOME environment variables so bash doesn't complain about a sourcing error.
buildservice-autocommit
accepted
request 990728
from
Dirk Mueller (dirkmueller)
(revision 72)
baserev update by copy to link target
Dirk Mueller (dirkmueller)
committed
(revision 71)
- update to 2.65: * Fix syntax error in DEBUG build of protected code in setcap.c. * Prevent bash from reading the wrong startup files when the capsh --user=xxx argument is used to invoke a shell as the user xxx. This is done by capsh now changing the USER and HOME environment variables when --user is specified. The argument --noenv can be used to suppress this behavior to what used to be the problematic default. (Bug: 215926) * Improved documentation
buildservice-autocommit
accepted
request 969556
from
Dirk Mueller (dirkmueller)
(revision 70)
baserev update by copy to link target
Dirk Mueller (dirkmueller)
committed
(revision 69)
- update to 2.64: * Fix memory leak in libpsx at program exit. * Be more resilient to CGo configuration with Go compiler when building tests. * Fix cap_*prctl() return code/errno handling. * Minor clarification to cap_get_pid() man page concerning pid value within namespaces.
Marcus Meissner (msmeissn)
accepted
request 957541
from
Marcus Meissner (msmeissn)
(revision 68)
Merged some changes and metadata over from the SLE side. - Use "or" in the license tag to avoid confusion (bsc#1180073) - Update to version 2.30 (jsc#SLE-17092, jsc#ECO-3460):
Dirk Mueller (dirkmueller)
committed
(revision 67)
- update to 2.63: * restore errno to zero by the time main() is executed * Consistent psx handling (a panic) for syscalls that return thread dependent status Inconsistend behavior noticed by Lorenz Bauer * Add a test case for a deadlock under investigation in golang * Trim some of the #include file use to make the tree compile more efficiently
Dirk Mueller (dirkmueller)
committed
(revision 66)
- update to 2.62: * Bug fix for Go package "cap" and launching * Build cleanups * Documentation updates: cap_max_bits has a man page entry * Recognize default securebits as a libcap mode: HYBRID
Displaying revisions 1 - 20 of 85