libcap: Update to version 2.66
Commit Message
- Update from version 2.64 to 2.66
- Update of rootfile
- Changelog
Release notes for 2.66
Fix documentation typos in cap_from_text.3 (Bug: 216514 reported by Paulo
Andrade.)
Some getpcaps code clean up and a fix for PID argument parsing from Jakub Wilk.
Slightly more robust Makefiles to address an error with make -j48 test
observed by Tomasz Kłoczko.
Include a simple Go program, captrace, to trace kernel capability validation
checks
This program can be used to figure out what capabilities a program needs
to operate.
captrace (a wrapper for bpftrace) uses BPF kprobes to monitor the kernel
for capability checks and whether or not they succeed for the system, a
specific PID or a program's direct execution.
Trim down the default file capabilities for contrib/sucap/su to those
actually needed and set USER and HOME environment variables so bash doesn't
complain about a sourcing error.
Release notes for 2.65
Fix syntax error in DEBUG build of protected code in setcap.c. (Bug reported
by yixiangzhike.)
Prevent bash from reading the wrong startup files when the capsh --user=xxx
argument is used to invoke a shell as the user xxx. This is done by capsh
now changing the USER and HOME environment variables when --user is
specified. The argument --noenv can be used to suppress this behavior to
what used to be the problematic default. (Bug: 215926)
Improved documentation:
Man page info for cap_get_pid() and cap_reset_ambient(). (Bug reports
from nomonemo and Tinkerer One.)
Improve documentation and help for the captree program.
Updated go/Makefile comment about an unfixed Go runtime bug in go1.16 and
go1.17 (resolved in go1.18+), and the deadlock behavior of the psx-fd test.
Refresh the signatures on the two GPG keys morgan@ uses. The 4096 bit one is
preferred, but the older one is also used for continuity reasons. This set
of signatures should also be available from the various key servers out there.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
config/rootfiles/common/libcap | 4 ++--
lfs/libcap | 8 ++++----
2 files changed, 6 insertions(+), 6 deletions(-)
Comments
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
> - Update from version 2.64 to 2.66
> - Update of rootfile
> - Changelog
> Release notes for 2.66
> Fix documentation typos in cap_from_text.3 (Bug: 216514 reported by Paulo
> Andrade.)
> Some getpcaps code clean up and a fix for PID argument parsing from Jakub Wilk.
> Slightly more robust Makefiles to address an error with make -j48 test
> observed by Tomasz Kłoczko.
> Include a simple Go program, captrace, to trace kernel capability validation
> checks
> This program can be used to figure out what capabilities a program needs
> to operate.
> captrace (a wrapper for bpftrace) uses BPF kprobes to monitor the kernel
> for capability checks and whether or not they succeed for the system, a
> specific PID or a program's direct execution.
> Trim down the default file capabilities for contrib/sucap/su to those
> actually needed and set USER and HOME environment variables so bash doesn't
> complain about a sourcing error.
> Release notes for 2.65
> Fix syntax error in DEBUG build of protected code in setcap.c. (Bug reported
> by yixiangzhike.)
> Prevent bash from reading the wrong startup files when the capsh --user=xxx
> argument is used to invoke a shell as the user xxx. This is done by capsh
> now changing the USER and HOME environment variables when --user is
> specified. The argument --noenv can be used to suppress this behavior to
> what used to be the problematic default. (Bug: 215926)
> Improved documentation:
> Man page info for cap_get_pid() and cap_reset_ambient(). (Bug reports
> from nomonemo and Tinkerer One.)
> Improve documentation and help for the captree program.
> Updated go/Makefile comment about an unfixed Go runtime bug in go1.16 and
> go1.17 (resolved in go1.18+), and the deadlock behavior of the psx-fd test.
> Refresh the signatures on the two GPG keys morgan@ uses. The 4096 bit one is
> preferred, but the older one is also used for continuity reasons. This set
> of signatures should also be available from the various key servers out there.
>
> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
> ---
> config/rootfiles/common/libcap | 4 ++--
> lfs/libcap | 8 ++++----
> 2 files changed, 6 insertions(+), 6 deletions(-)
>
> diff --git a/config/rootfiles/common/libcap b/config/rootfiles/common/libcap
> index 1e104acf6..f0518d6aa 100644
> --- a/config/rootfiles/common/libcap
> +++ b/config/rootfiles/common/libcap
> @@ -1,8 +1,8 @@
> lib/libcap.so.2
> -lib/libcap.so.2.64
> +lib/libcap.so.2.66
> #lib/libpsx.so
> #lib/libpsx.so.2
> -lib/libpsx.so.2.64
> +lib/libpsx.so.2.66
> #lib/pkgconfig/libcap.pc
> #lib/pkgconfig/libpsx.pc
> lib/security/pam_cap.so
> diff --git a/lfs/libcap b/lfs/libcap
> index 21facbe01..f81b13c99 100644
> --- a/lfs/libcap
> +++ b/lfs/libcap
> @@ -1,7 +1,7 @@
> ###############################################################################
> # #
> # IPFire.org - A linux based firewall #
> -# Copyright (C) 2007-2021 IPFire Team <info@ipfire.org> #
> +# Copyright (C) 2007-2022 IPFire Team <info@ipfire.org> #
> # #
> # This program is free software: you can redistribute it and/or modify #
> # it under the terms of the GNU General Public License as published by #
> @@ -24,7 +24,7 @@
>
> include Config
>
> -VER = 2.64
> +VER = 2.66
>
> THISAPP = libcap-$(VER)
> DL_FILE = $(THISAPP).tar.xz
> @@ -40,7 +40,7 @@ objects = $(DL_FILE)
>
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>
> -$(DL_FILE)_BLAKE2 = 078ce2505a79c1bd4ca0a8eaf3444178bc19a566f0505d28c6959f86fbbac2fe2fc88c06fd0d988087a6e20e8ec66a2633146cea957f0f3fd92eaff4f81d7c66
> +$(DL_FILE)_BLAKE2 = e79bf10c6a3dbffe96dc97aad0bed67caa0b3805d9dcaff1e4a8a833396ee5c6da4f7f0d321b254e99a00073bc39021b9f3a4b350d93094d0df4d74889b3ca56
>
> install : $(TARGET)
>
> @@ -75,7 +75,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
> cd $(DIR_APP) && make GOLANG=no
> cd $(DIR_APP) && make install GOLANG=no
> rm -vf /lib/libcap.so
> - ln -svf /lib/libcap.so.2.64 /usr/lib/libcap.so
> + ln -svf /lib/libcap.so.2.66 /usr/lib/libcap.so
> chmod +x /lib/libcap.so.*
> @rm -rf $(DIR_APP)
> @$(POSTBUILD)
@@ -1,8 +1,8 @@
lib/libcap.so.2
-lib/libcap.so.2.64
+lib/libcap.so.2.66
#lib/libpsx.so
#lib/libpsx.so.2
-lib/libpsx.so.2.64
+lib/libpsx.so.2.66
#lib/pkgconfig/libcap.pc
#lib/pkgconfig/libpsx.pc
lib/security/pam_cap.so
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2021 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2022 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
-VER = 2.64
+VER = 2.66
THISAPP = libcap-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 078ce2505a79c1bd4ca0a8eaf3444178bc19a566f0505d28c6959f86fbbac2fe2fc88c06fd0d988087a6e20e8ec66a2633146cea957f0f3fd92eaff4f81d7c66
+$(DL_FILE)_BLAKE2 = e79bf10c6a3dbffe96dc97aad0bed67caa0b3805d9dcaff1e4a8a833396ee5c6da4f7f0d321b254e99a00073bc39021b9f3a4b350d93094d0df4d74889b3ca56
install : $(TARGET)
@@ -75,7 +75,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
cd $(DIR_APP) && make GOLANG=no
cd $(DIR_APP) && make install GOLANG=no
rm -vf /lib/libcap.so
- ln -svf /lib/libcap.so.2.64 /usr/lib/libcap.so
+ ln -svf /lib/libcap.so.2.66 /usr/lib/libcap.so
chmod +x /lib/libcap.so.*
@rm -rf $(DIR_APP)
@$(POSTBUILD)