| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: libcap2 | Distribution: SUSE Linux Enterprise 15 |
| Version: 2.63 | Vendor: SUSE LLC <https://www.suse.com/> |
| Release: 150400.3.3.1 | Build date: Mon Jun 26 17:05:08 2023 |
| Group: System/Libraries | Build host: ibs-power9-12 |
| Size: 88497 | Source RPM: libcap-2.63-150400.3.3.1.src.rpm |
| Packager: https://www.suse.com/ | |
| Url: https://sites.google.com/site/fullycapable/ | |
| Summary: Library for Capabilities (linux-privs) Support | |
Capabilities are a measure to limit the omnipotence of the superuser. Currently a program started by root or setuid root has the power to do anything. Capabilities (Linux-Privs) provide a more fine-grained access control. Without kernel patches, you can use this library to drop capabilities within setuid binaries. If you use patches, this can be done automatically by the kernel.
BSD-3-Clause OR GPL-2.0-only
* Tue May 16 2023 abergmann@suse.com
- Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create()
(bsc#1211418 / CVE-2023-2602) CVE-2023-2602.patch
- Fixed integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup()
(bsc#1211419 / CVE-2023-2603) CVE-2023-2603.patch
* Fri Feb 25 2022 meissner@suse.com
- Use "or" in the license tag to avoid confusion (bsc#1180073)
* Mon Jan 31 2022 dmueller@suse.com
- update to 2.63:
* restore errno to zero by the time main() is executed
* Consistent psx handling (a panic) for syscalls that return thread dependent
status Inconsistend behavior noticed by Lorenz Bauer
* Add a test case for a deadlock under investigation in golang
* Trim some of the #include file use to make the tree compile more
efficiently
* Thu Dec 30 2021 dmueller@suse.com
- update to 2.62:
* Bug fix for Go package "cap" and launching
* Build cleanups
* Documentation updates: cap_max_bits has a man page entry
* Recognize default securebits as a libcap mode: HYBRID
* Sun Nov 21 2021 andreas.stieger@gmx.de
- libcap 2.61:
* Better error handling of the numerical arguments for capsh and
setcap
* Fix executable mode for all of the .so files. There were two
situations where this was failing (with a hard to debug SIGSEGV
inside libc)
* Added an example of a shared library object with its own file
capability
* Fix the top-level include for Make.Rules in the contrib/sucap
example application
* Add support for running constructors at libcap.so start up time
when running as stand alone binary.
- includes changes from 2.60:
* Some build, code linting fixes, the addition of the
cap_fill_flag() API and a memory latency optimization
* General improvement in thread safety for libcap and cap package
* Minor API change replacing libcap:cap_launch_*() void returning
functions with int + errno status returns.
* Added a cap_iab_dup(), and (*cap.IAB).Dup() to API
* New features for capsh: --quiet, -+ and =+ arguments
- add upstream signing key and verify source signature
* Tue Sep 28 2021 info@paolostivanin.com
- update to 2.59:
* Fixed a potential libcap memory leak by adding a destructor
* Major improvement is that there is a path for Linux-PAM compliant
applications to support setting Ambient vector Capabilities via pam_cap.so now
* Added libcap cap_proc_root() API function
* Added color support to captree
* Fixed contrib/sucap/su to correctly handle the Inheritable flag
* capsh enhancements
* getcap -r / now generates readable output
* The shared library objects: pam_cap.so, libcap.so and libpsx.so, are all now
runnable as standalone binaries
* The module pam_cap.so now contains support for a default=<IAB> module argument
* Enhanced capsh --suggest to also compare against the capability value names
and not just their descriptions
* Added capsh --current support
* Added a contrib/sucap/su.c pure-capabilities PAM implementation of su
* Fix for a corner case infinite loop handling long strings
* Added libcap cap_iab_compare() and cap_iab_get_pid() APIs
* Added a Go utility, captree, to display the process (and thread) graph along with
the POSIX.1e and IAB capabilities of each PID{TID} tree.
* Sat Jul 17 2021 dmueller@suse.com
- update to 2.51:
* Fix capsh installation
* Add an autoauth module flag to pam_cap.so
* Unified libcap/cap (Go) and libcap (C) default generation of external format binary data
* API enhancement cap_fill() and (*cap.Set).Fill() - to permit copying one
capability flag to another.
* --explain=cap_foo: describe what cap_foo does
* --suggest=phrase: search all the cap descriptions and describe those that match the phrase
* Add "keepcaps" module argument support to pam_cap.so (reported by Zoltan Fridrich. Bug 212945)
* extend libcap to include cap_prctl() and cap_prctlw() functions to regain
feature parity with Go "cap" package. These are only needed when linking
against -lpsx for keepcaps POSIX semantics.
* this likely requires substantial application changes to make Ambient
capability support usable in general, but doing our part for the admin.
* Add a test case for recent kernel fix
* Go pragma fix for convenience functions in "cap" module
* Wed Jun 02 2021 christophe@krop.fr
- Fix a broken symlink. libcap-devel installs libpsx.so but
didn't install the library it's pointing to.
* Fri Apr 16 2021 tiwai@suse.de
- Add explicit dependency on libcap2 with version to libcap-progs
(bsc#1184690)
* Mon Mar 22 2021 dmueller@suse.com
- update to 2.49:
* Implement cap_func_launcher() and cap.FuncLauncher().
* More robust "psx" redirection for nocgo compilation - the documentation for
the cgo implementation is now included in the nocgo one because the go.dev
automated documentation builds the docs from the nocgo version.
* Lots of documentation cleanups and added a few man pages: for IAB and
Launching.
* Some general no-op License changes that might cause folk to notice but only
for formatting reasons. These were initially inspired by some lawyerly
interactions, but I ended up rolling back half of them because they
confused automated software infrastructure.
* Tue Feb 09 2021 dmueller@suse.com
- update to 2.48:
* More uniform use of $(MAKE) in Makefiles
* No longer include symlinks in the git tree
* Provide support for make GOLANG=no ...
* Provide support for pointing at a specific build of the go binary
* camelCase the contrib/seccomp/explore.go program
* A number of documentation fixes to man pages and source code comments
* Last use of GO major version 0
* Wed Jan 27 2021 dmueller@suse.com
- update to 2.47:
* Restructured gowns to default to uid base of getuid().
* Augment NOPRIV libcap mode with the sticky NO_NEW_PRIVS prctl bit.
* Improve the usage and diagnostic message for setcap
* Documentation fixes, license declarations, example updates
* Mon Jan 04 2021 dmueller@suse.com
- update to 2.46:
* The bulk of this release concerns fixes and improvements to libpsx
* Fix the capsh == argument handling and add a test case
* Added build support for systems that do not support libpthread
* Added build support for not building shared libraries
* Sat Nov 14 2020 dmueller@suse.com
- update to 2.44:
Generally, this is a release to help package builders: no functional change
to any of the generated code just documentation and make related fixes.
* Wed Sep 02 2020 dmueller@suse.com
- update to 2.43
* Linus' kernel tree defines CAP_CHECKPOINT_RESTORE (40) so support it.
* Fix the creation of the $(FAKEROOT)$(LIBDIR) for split install targets
* Clean up a binary from the distribution
* Added some more release time checks for non-git tracked files.
* Fix a deadlock in libpsx that surfaced with a set of compiler optimizations by removing the psx wrapping harder.
* Thu Aug 06 2020 info@paolostivanin.com
- Update to version 2.42:
* Closed a potential issue with "libcap/psx" Go package and errno
* Documentation updates
* Minor optimization for cap_to_text() and (*cap.Set).String()
* Discovered and added a missing function (*cap.Set).SetNSOwner() to achieve parity with libcap
* Multiple fixes
* Support Go module abstraction
* A new kernel capability: CAP_BPF
* Better support for cross-compilation
* pam_cap now honors PAM_REINITIALIZE_CRED
* implements cap_launch functionality
* Sat Feb 15 2020 tiwai@suse.de
- Update to version 2.32:
* Bug fix for fakeroot incompatibility (boo#1162014)
* Slight perf improvement for cap_get_bound().
* C++ support for psx header inclusion.
* Some new testing features for capsh
* Tue Jan 28 2020 tiwai@suse.de
- Update to version 2.31:
* primarily a documentation update
* fix libpam.pc to not require libpsx.pc
* changed the text format of the default output of getpcap
* Mon Jan 13 2020 mpluskal@suse.com
- Build using -ffat-lto-objects for static library
* Thu Jan 09 2020 mpluskal@suse.com
- Update to version 2.30 (jsc#SLE-17092, jsc#ECO-3460):
* BUGFIX: arm and i386 fixes C and Go setgroups choice - used
wrong syscall in 2.29.
* cleaned up make clean and make install to actually work as
intended
* updated Gentoo libpsx.pc file from Lars Wendler
* refactored the way libpsx linkage with libcap performed mutual
discovery.
* Previously (2.28) libpsx had an API call overridden by libcap
using weak linkage function in libpsx. In 2.30 this is reversed,
namely libpsx provides the stronger function and libcap has a
weak "no-op" version.
* a bit more consistency in handling the 'all' sets in libcap
(C) and libcap/cap (Go). Namely, they both dynamically discover
the number of capabilities named by the kernel and use this as
the definition of 'all' for the current runtime.
+ libcap (C) exports cap_max_bit() to export the number of
supported capabilities
+ libcap/cap (Go) exports cap.MaxBits() for this same value.
- For changes for older releases see:
* https://sites.google.com/site/fullycapable/release-notes-for-libcap
- Add glibc-static-devel as build requirement as tests need it
- Install libpsx.a as it seems to be needed in some cases:
* https://bugs.gentoo.org/703912
* Mon Dec 16 2019 matthias.gerstner@suse.com
- Remove pam_cap (bsc#1150522) since this PAM module is a bad idea, security
wise.
* Thu Feb 22 2018 fvogt@suse.com
- Use %license (boo#1082318)
* Tue Jan 31 2017 matwey.kornilov@gmail.com
- Enable PAM pam_cap.so module
* Sun Jan 01 2017 jengelh@inai.de
- RPM group association fix
* Mon Aug 29 2016 dimstar@opensuse.org
- Update to versison 2.25:
+ Recover gperf detection in make rules.
+ Man page typo fix.
+ Tweak make rules to make packaging more straightforward.
+ Fix error explanation in setcap.
+ Drop need to link with libattr. It turns out libcap wasn't
actually using any code from that library, so linking to it was
superfluous.
- Drop libcap-nolibattr.patch: fixed upstream.
- No longer add %{buildroot} to all variables for make install the
Makefile learned about the meaning of DESTDIR.
* Sat Jan 31 2015 p.drouand@gmail.com
- Update to version 2.24
* Fix compilation problems (note to self, make distclean && make,
before release)
* Some make rule changes to make uploading a release to kernel.org
easier for me.
* Tidied up some documented links.
- Update libcap-nolibattr.patch
- Add pkg-config build requirement; libcap now provides a pkgconfig
file
- Clean up specfile
- Move libraries and binaries to /usr because of #UsrMove
/usr/lib64/libcap.so.2 /usr/lib64/libcap.so.2.63 /usr/share/licenses/libcap2 /usr/share/licenses/libcap2/License
Generated by rpm2html 1.8.1
Fabrice Bellet, Mon Feb 9 17:18:57 2026