343 lines
15 KiB
Text
343 lines
15 KiB
Text
* Tue May 16 2023 abergmann@suse.com
|
|
- Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create()
|
|
(bsc#1211418 / CVE-2023-2602) CVE-2023-2602.patch
|
|
- Fixed integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup()
|
|
(bsc#1211419 / CVE-2023-2603) CVE-2023-2603.patch
|
|
* Fri Feb 25 2022 meissner@suse.com
|
|
- Use "or" in the license tag to avoid confusion (bsc#1180073)
|
|
* Mon Jan 31 2022 dmueller@suse.com
|
|
- update to 2.63:
|
|
* restore errno to zero by the time main() is executed
|
|
* Consistent psx handling (a panic) for syscalls that return thread dependent
|
|
status Inconsistend behavior noticed by Lorenz Bauer
|
|
* Add a test case for a deadlock under investigation in golang
|
|
* Trim some of the #include file use to make the tree compile more
|
|
efficiently
|
|
* Thu Dec 30 2021 dmueller@suse.com
|
|
- update to 2.62:
|
|
* Bug fix for Go package "cap" and launching
|
|
* Build cleanups
|
|
* Documentation updates: cap_max_bits has a man page entry
|
|
* Recognize default securebits as a libcap mode: HYBRID
|
|
* Sun Nov 21 2021 andreas.stieger@gmx.de
|
|
- libcap 2.61:
|
|
* Better error handling of the numerical arguments for capsh and
|
|
setcap
|
|
* Fix executable mode for all of the .so files. There were two
|
|
situations where this was failing (with a hard to debug SIGSEGV
|
|
inside libc)
|
|
* Added an example of a shared library object with its own file
|
|
capability
|
|
* Fix the top-level include for Make.Rules in the contrib/sucap
|
|
example application
|
|
* Add support for running constructors at libcap.so start up time
|
|
when running as stand alone binary.
|
|
- includes changes from 2.60:
|
|
* Some build, code linting fixes, the addition of the
|
|
cap_fill_flag() API and a memory latency optimization
|
|
* General improvement in thread safety for libcap and cap package
|
|
* Minor API change replacing libcap:cap_launch_*() void returning
|
|
functions with int + errno status returns.
|
|
* Added a cap_iab_dup(), and (*cap.IAB).Dup() to API
|
|
* New features for capsh: --quiet, -+ and =+ arguments
|
|
- add upstream signing key and verify source signature
|
|
* Tue Sep 28 2021 info@paolostivanin.com
|
|
- update to 2.59:
|
|
* Fixed a potential libcap memory leak by adding a destructor
|
|
* Major improvement is that there is a path for Linux-PAM compliant
|
|
applications to support setting Ambient vector Capabilities via pam_cap.so now
|
|
* Added libcap cap_proc_root() API function
|
|
* Added color support to captree
|
|
* Fixed contrib/sucap/su to correctly handle the Inheritable flag
|
|
* capsh enhancements
|
|
* getcap -r / now generates readable output
|
|
* The shared library objects: pam_cap.so, libcap.so and libpsx.so, are all now
|
|
runnable as standalone binaries
|
|
* The module pam_cap.so now contains support for a default=<IAB> module argument
|
|
* Enhanced capsh --suggest to also compare against the capability value names
|
|
and not just their descriptions
|
|
* Added capsh --current support
|
|
* Added a contrib/sucap/su.c pure-capabilities PAM implementation of su
|
|
* Fix for a corner case infinite loop handling long strings
|
|
* Added libcap cap_iab_compare() and cap_iab_get_pid() APIs
|
|
* Added a Go utility, captree, to display the process (and thread) graph along with
|
|
the POSIX.1e and IAB capabilities of each PID{TID} tree.
|
|
* Sat Jul 17 2021 dmueller@suse.com
|
|
- update to 2.51:
|
|
* Fix capsh installation
|
|
* Add an autoauth module flag to pam_cap.so
|
|
* Unified libcap/cap (Go) and libcap (C) default generation of external format binary data
|
|
* API enhancement cap_fill() and (*cap.Set).Fill() - to permit copying one
|
|
capability flag to another.
|
|
* --explain=cap_foo: describe what cap_foo does
|
|
* --suggest=phrase: search all the cap descriptions and describe those that match the phrase
|
|
* Add "keepcaps" module argument support to pam_cap.so (reported by Zoltan Fridrich. Bug 212945)
|
|
* extend libcap to include cap_prctl() and cap_prctlw() functions to regain
|
|
feature parity with Go "cap" package. These are only needed when linking
|
|
against -lpsx for keepcaps POSIX semantics.
|
|
* this likely requires substantial application changes to make Ambient
|
|
capability support usable in general, but doing our part for the admin.
|
|
* Add a test case for recent kernel fix
|
|
* Go pragma fix for convenience functions in "cap" module
|
|
* Wed Jun 2 2021 christophe@krop.fr
|
|
- Fix a broken symlink. libcap-devel installs libpsx.so but
|
|
didn't install the library it's pointing to.
|
|
* Fri Apr 16 2021 tiwai@suse.de
|
|
- Add explicit dependency on libcap2 with version to libcap-progs
|
|
(bsc#1184690)
|
|
* Mon Mar 22 2021 dmueller@suse.com
|
|
- update to 2.49:
|
|
* Implement cap_func_launcher() and cap.FuncLauncher().
|
|
* More robust "psx" redirection for nocgo compilation - the documentation for
|
|
the cgo implementation is now included in the nocgo one because the go.dev
|
|
automated documentation builds the docs from the nocgo version.
|
|
* Lots of documentation cleanups and added a few man pages: for IAB and
|
|
Launching.
|
|
* Some general no-op License changes that might cause folk to notice but only
|
|
for formatting reasons. These were initially inspired by some lawyerly
|
|
interactions, but I ended up rolling back half of them because they
|
|
confused automated software infrastructure.
|
|
* Tue Feb 9 2021 dmueller@suse.com
|
|
- update to 2.48:
|
|
* More uniform use of $(MAKE) in Makefiles
|
|
* No longer include symlinks in the git tree
|
|
* Provide support for make GOLANG=no ...
|
|
* Provide support for pointing at a specific build of the go binary
|
|
* camelCase the contrib/seccomp/explore.go program
|
|
* A number of documentation fixes to man pages and source code comments
|
|
* Last use of GO major version 0
|
|
* Wed Jan 27 2021 dmueller@suse.com
|
|
- update to 2.47:
|
|
* Restructured gowns to default to uid base of getuid().
|
|
* Augment NOPRIV libcap mode with the sticky NO_NEW_PRIVS prctl bit.
|
|
* Improve the usage and diagnostic message for setcap
|
|
* Documentation fixes, license declarations, example updates
|
|
* Mon Jan 4 2021 dmueller@suse.com
|
|
- update to 2.46:
|
|
* The bulk of this release concerns fixes and improvements to libpsx
|
|
* Fix the capsh == argument handling and add a test case
|
|
* Added build support for systems that do not support libpthread
|
|
* Added build support for not building shared libraries
|
|
* Sat Nov 14 2020 dmueller@suse.com
|
|
- update to 2.44:
|
|
Generally, this is a release to help package builders: no functional change
|
|
to any of the generated code just documentation and make related fixes.
|
|
* Wed Sep 2 2020 dmueller@suse.com
|
|
- update to 2.43
|
|
* Linus' kernel tree defines CAP_CHECKPOINT_RESTORE (40) so support it.
|
|
* Fix the creation of the $(FAKEROOT)$(LIBDIR) for split install targets
|
|
* Clean up a binary from the distribution
|
|
* Added some more release time checks for non-git tracked files.
|
|
* Fix a deadlock in libpsx that surfaced with a set of compiler optimizations by removing the psx wrapping harder.
|
|
* Thu Aug 6 2020 info@paolostivanin.com
|
|
- Update to version 2.42:
|
|
* Closed a potential issue with "libcap/psx" Go package and errno
|
|
* Documentation updates
|
|
* Minor optimization for cap_to_text() and (*cap.Set).String()
|
|
* Discovered and added a missing function (*cap.Set).SetNSOwner() to achieve parity with libcap
|
|
* Multiple fixes
|
|
* Support Go module abstraction
|
|
* A new kernel capability: CAP_BPF
|
|
* Better support for cross-compilation
|
|
* pam_cap now honors PAM_REINITIALIZE_CRED
|
|
* implements cap_launch functionality
|
|
* Sat Feb 15 2020 tiwai@suse.de
|
|
- Update to version 2.32:
|
|
* Bug fix for fakeroot incompatibility (boo#1162014)
|
|
* Slight perf improvement for cap_get_bound().
|
|
* C++ support for psx header inclusion.
|
|
* Some new testing features for capsh
|
|
* Tue Jan 28 2020 tiwai@suse.de
|
|
- Update to version 2.31:
|
|
* primarily a documentation update
|
|
* fix libpam.pc to not require libpsx.pc
|
|
* changed the text format of the default output of getpcap
|
|
* Mon Jan 13 2020 mpluskal@suse.com
|
|
- Build using -ffat-lto-objects for static library
|
|
* Thu Jan 9 2020 mpluskal@suse.com
|
|
- Update to version 2.30 (jsc#SLE-17092, jsc#ECO-3460):
|
|
* BUGFIX: arm and i386 fixes C and Go setgroups choice - used
|
|
wrong syscall in 2.29.
|
|
* cleaned up make clean and make install to actually work as
|
|
intended
|
|
* updated Gentoo libpsx.pc file from Lars Wendler
|
|
* refactored the way libpsx linkage with libcap performed mutual
|
|
discovery.
|
|
* Previously (2.28) libpsx had an API call overridden by libcap
|
|
using weak linkage function in libpsx. In 2.30 this is reversed,
|
|
namely libpsx provides the stronger function and libcap has a
|
|
weak "no-op" version.
|
|
* a bit more consistency in handling the 'all' sets in libcap
|
|
(C) and libcap/cap (Go). Namely, they both dynamically discover
|
|
the number of capabilities named by the kernel and use this as
|
|
the definition of 'all' for the current runtime.
|
|
+ libcap (C) exports cap_max_bit() to export the number of
|
|
supported capabilities
|
|
+ libcap/cap (Go) exports cap.MaxBits() for this same value.
|
|
- For changes for older releases see:
|
|
* https://sites.google.com/site/fullycapable/release-notes-for-libcap
|
|
- Add glibc-static-devel as build requirement as tests need it
|
|
- Install libpsx.a as it seems to be needed in some cases:
|
|
* https://bugs.gentoo.org/703912
|
|
* Mon Dec 16 2019 matthias.gerstner@suse.com
|
|
- Remove pam_cap (bsc#1150522) since this PAM module is a bad idea, security
|
|
wise.
|
|
* Thu Feb 22 2018 fvogt@suse.com
|
|
- Use %%license (boo#1082318)
|
|
* Tue Jan 31 2017 matwey.kornilov@gmail.com
|
|
- Enable PAM pam_cap.so module
|
|
* Sun Jan 1 2017 jengelh@inai.de
|
|
- RPM group association fix
|
|
* Mon Aug 29 2016 dimstar@opensuse.org
|
|
- Update to versison 2.25:
|
|
+ Recover gperf detection in make rules.
|
|
+ Man page typo fix.
|
|
+ Tweak make rules to make packaging more straightforward.
|
|
+ Fix error explanation in setcap.
|
|
+ Drop need to link with libattr. It turns out libcap wasn't
|
|
actually using any code from that library, so linking to it was
|
|
superfluous.
|
|
- Drop libcap-nolibattr.patch: fixed upstream.
|
|
- No longer add %%{buildroot} to all variables for make install the
|
|
Makefile learned about the meaning of DESTDIR.
|
|
* Sat Jan 31 2015 p.drouand@gmail.com
|
|
- Update to version 2.24
|
|
* Fix compilation problems (note to self, make distclean && make,
|
|
before release)
|
|
* Some make rule changes to make uploading a release to kernel.org
|
|
easier for me.
|
|
* Tidied up some documented links.
|
|
- Update libcap-nolibattr.patch
|
|
- Add pkg-config build requirement; libcap now provides a pkgconfig
|
|
file
|
|
- Clean up specfile
|
|
- Move libraries and binaries to /usr because of #UsrMove
|
|
* Thu Jun 19 2014 crrodriguez@opensuse.org
|
|
- libcap-nolibattr.patch Do not link to libattr, it is
|
|
a bogus dependency. application uses sys/xattr from libc.
|
|
* Fri Feb 1 2013 coolo@suse.com
|
|
- update license to new format
|
|
* Tue Sep 20 2011 aj@suse.de
|
|
- Cleanup specfile a bit: Remove old tags.
|
|
* Tue Sep 20 2011 aj@suse.de
|
|
- Update to libcap 2.22
|
|
- libcap 2.22 includes:
|
|
* Clarified License file (with version 2 of the GPL)
|
|
* Support getting/setting capabilities on large files
|
|
* After --chroot command, change working directory to "/".
|
|
- libcap 2.21 includes:
|
|
* Introduce cap_get_bound() and cap_drop_bound() functions.
|
|
also include a macro CAP_IS_SUPPORTED(cap) for capabilities
|
|
- libcap 2.20 includes:
|
|
* Latest kernel capabilites supported: now includes CAP_SYSLOG
|
|
* $(CFLAGS) Makefile fixes
|
|
* Default to installing setcap with an inheritable capability.
|
|
* Thu Dec 2 2010 meissner@suse.de
|
|
- updated to libcap-2.19
|
|
* more stuff in capsh.c
|
|
* sys/capability.h header clean up and fixes.
|
|
* Thu Dec 2 2010 meissner@suse.de
|
|
- fixed build on ppc64 (needs to get linux/types.h included first).
|
|
* Mon Jun 28 2010 jengelh@medozas.de
|
|
- use %%_smp_mflags
|
|
* Wed Jun 9 2010 chris@computersalat.de
|
|
- fix deps for fdupes
|
|
* Sat Dec 12 2009 jengelh@medozas.de
|
|
- add baselibs.conf as a source
|
|
* Wed Mar 18 2009 tiwai@suse.de
|
|
- fix a typo in the previous patch (__le64) (bnc#487453)
|
|
- don't define __u32 & co if _LINUX_TYPES_H is defined (bnc#487453)
|
|
* Tue Mar 10 2009 tiwai@suse.de
|
|
- fix build error on i386 due to missing __u64 definition in
|
|
sys/capability.h
|
|
* Wed Jan 7 2009 tiwai@suse.de
|
|
- updated to libcap-2.15:
|
|
* Makefile fixes
|
|
- updated to libcap-2.16:
|
|
* stop using sed for parsing capability.h
|
|
* Mon Oct 27 2008 tiwai@suse.de
|
|
- updated to libcap-2.14:
|
|
* add -v mode to setcap
|
|
- updated to libcap-2.13:
|
|
* fix a corner case of cap_to_text()
|
|
- updated to libcap-2.12:
|
|
* man page fixes
|
|
* remove never used codes for sysfs check
|
|
* Wed Oct 22 2008 mrueckert@suse.de
|
|
- fix debug_packages_requires define
|
|
* Wed Aug 6 2008 tiwai@suse.de
|
|
- updated to libcap-2.11:
|
|
* makefile fixes, minor clean-ups
|
|
* fix cap_copy_int(), new cap_get_pid() and cap_compare()
|
|
* fix cap_copy_ext()
|
|
- fix build with libcap-2.11.
|
|
* Sun Aug 3 2008 ro@suse.de
|
|
- fix requires for debuginfo package
|
|
* Wed Jun 11 2008 tiwai@suse.de
|
|
- updated to libcap-2.10:
|
|
v3 capabilities, documantation fixes, misc fixes
|
|
* Wed Apr 23 2008 tiwai@suse.de
|
|
- updated to libcap-2.08
|
|
properly supporting the recent 2.6 kernels
|
|
* Thu Apr 10 2008 ro@suse.de
|
|
- added baselibs.conf file to build xxbit packages
|
|
for multilib support
|
|
* Mon Apr 16 2007 tiwai@suse.de
|
|
- follow library packaging policy
|
|
* move docs to devel package
|
|
* move binaries and man pages to progs sub package
|
|
* fix *.so symlink in libdir
|
|
* Wed Jan 24 2007 tiwai@suse.de
|
|
- fix the access over array range in cap_extint.c (#237943).
|
|
* Tue Dec 19 2006 tiwai@suse.de
|
|
- update to libcap-1.10 to support fscaps (#229722, FATE#301748)
|
|
* Wed May 24 2006 schwab@suse.de
|
|
- Don't strip binaries.
|
|
* Thu May 11 2006 tiwai@suse.de
|
|
- fix invalid calls of free() (#174561)
|
|
* Wed Jan 25 2006 mls@suse.de
|
|
- converted neededforbuild to BuildRequires
|
|
* Fri Aug 19 2005 kukuk@suse.de
|
|
- Create -devel subpackage
|
|
* Thu Jun 23 2005 meissner@suse.de
|
|
- use RPM_OPT_FLAGS.
|
|
* Wed May 25 2005 tiwai@suse.de
|
|
- fixed memory leak (#85659)
|
|
* Wed Jan 19 2005 tiwai@suse.de
|
|
- fixed compile warnings with gcc-4.0.
|
|
* Thu Mar 25 2004 thomas@suse.de
|
|
- added EAL3 man-page patch
|
|
* Tue Jan 27 2004 kukuk@suse.de
|
|
- Remove capget.2/capset.2 from package (version from man-pages
|
|
is newer).
|
|
* Sun Jan 11 2004 adrian@suse.de
|
|
- add %%run_ldconfig
|
|
* Mon Feb 24 2003 schwab@suse.de
|
|
- Don't include kernel headers, instead copy the contents here.
|
|
* Thu Feb 6 2003 garloff@suse.de
|
|
- Avoid inclusion of glibc's linux/fs.h (it's broken) [#23324].
|
|
- Use BuildRoot.
|
|
* Wed Nov 27 2002 coolo@suse.de
|
|
- link the library with the compiler so the depedencies
|
|
are tracked correctly (#21996)
|
|
* Tue Sep 17 2002 ro@suse.de
|
|
- removed bogus self-provides
|
|
* Wed Sep 4 2002 sf@suse.de
|
|
- fix biarch error (added patch to Make.Rules)
|
|
* Sun Aug 11 2002 kukuk@suse.de
|
|
- Remove kernel-source from neededforbuild
|
|
* Sat Apr 20 2002 garloff@suse.de
|
|
- Include capfaq-0.2.txt
|
|
- Disable syscall wrapper (capset/capget); it's defined in glibc.
|
|
* Sat Apr 20 2002 garloff@suse.de
|
|
- Compile syscall wrapper without -fPIC
|
|
* Tue Apr 9 2002 ro@suse.de
|
|
- apply gcc-3 fixes only for gcc-3
|
|
* Mon Mar 25 2002 stepan@suse.de
|
|
- remove -ansi, as it forbids inline. (gcc3)
|
|
- use -fpic for building libraries (gcc3)
|
|
* Wed Sep 5 2001 ro@suse.de
|
|
- updated neededforbuild and updated specfile (man and doc relocation)
|
|
* Tue Sep 28 1999 garloff@suse.de
|
|
- Initial check in of libcap.
|
|
- Kernel patches are provided within the docdir.
|