From patchwork Thu Jun 3 12:20:45 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 4392 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4FwlNf4Wjcz3wc6 for ; Thu, 3 Jun 2021 12:20:50 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4FwlNf1hNqz173; Thu, 3 Jun 2021 12:20:50 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4FwlNf1K3Vz2yNJ; Thu, 3 Jun 2021 12:20:50 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4FwlNd2m3Rz2yNJ for ; Thu, 3 Jun 2021 12:20:49 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4FwlNc63k9z136; Thu, 3 Jun 2021 12:20:48 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1622722848; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=oKMCKJ0nQ9+lPH4jFwLu7GF7bz/mUdN3Pa24W/+gZa4=; b=xU6AYLIWrTy6zH1WKaewPJVsEPMv3llM1Zffu9LyJ+cPLqsAORgndU4J7TpXS5np/OTAOj sk3Xv6OesMmmIcBw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1622722848; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=oKMCKJ0nQ9+lPH4jFwLu7GF7bz/mUdN3Pa24W/+gZa4=; b=IxYZ2Xz1+OQzWjLO+jPmFLXwR2X/OAYSlZRRHbFnoazv4AsKQABEhn3Yd/goOF9L2zdbZi xayirtaWCb5WVfTC9KNyZ7xg1E5jwfjTYK0S4ync09VK6jjji7BxZdeNQIHqwb4cUy0C9+ vHfXoDflAUlYz3RR6wNY46MQlM1D7z4DabelLxoo25ljVan/UIHtW2HD9K92qOv49ZDbky VLkdJh8zEWJdKCXcdFW+/WXl+U9tyJotJ3ihpqnZTv5og37q1bjtO623m7oW4RpuAnVTkf DsVozGfp4ZJxrKAjyZ5KtvEB9uEIR5XnsrdUwqDE7RxOPZ0ub/s2NPmS87YkQg== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH] libcap: Update to 2.50 Date: Thu, 3 Jun 2021 14:20:45 +0200 Message-Id: <20210603122045.683689-1-adolf.belka@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" - Update from 2.49 to 2.50 - Update rootfile - Version 2.50 failed to install capsh - bug raised for this https://bugzilla.kernel.org/show_bug.cgi?id=213261 patch to fix this bug created and used in this build - Changelog Release notes for 2.50 2021-05-24 12:05:16 -0700 Some new capsh features: --explain=cap_foo: describe what cap_foo does (Bug 212451) --suggest=phrase: search all the cap descriptions and describe those that match the phrase Add "keepcaps" module argument support to pam_cap.so (reported by Zoltan Fridrich. Bug 212945) extend libcap to include cap_prctl() and cap_prctlw() functions to regain feature parity with Go "cap" package. These are only needed when linking against -lpsx for keepcaps POSIX semantics. this likely requires substantial application changes to make Ambient capability support usable in general, but doing our part for the admin. Add a test case for recent kernel fix (Bug 212737) Go pragma fix for convenience functions in "cap" module (reported by Lorenz Bauer. Bug 212321) Minor man documentation updates Minor build tree improvements (mostly for maintainer) Signed-off-by: Adolf Belka --- config/rootfiles/common/libcap | 4 +- lfs/libcap | 7 ++-- .../libcap-2.50-install_capsh_again.patch | 38 +++++++++++++++++++ 3 files changed, 44 insertions(+), 5 deletions(-) create mode 100644 src/patches/libcap-2.50-install_capsh_again.patch diff --git a/config/rootfiles/common/libcap b/config/rootfiles/common/libcap index a3bfbc157..9aec14f12 100644 --- a/config/rootfiles/common/libcap +++ b/config/rootfiles/common/libcap @@ -1,10 +1,10 @@ #lib/libcap.a lib/libcap.so.2 -lib/libcap.so.2.49 +lib/libcap.so.2.50 #lib/libpsx.a #lib/libpsx.so #lib/libpsx.so.2 -#lib/libpsx.so.2.49 +#lib/libpsx.so.2.50 #lib/pkgconfig/libcap.pc #lib/pkgconfig/libpsx.pc lib/security/pam_cap.so diff --git a/lfs/libcap b/lfs/libcap index fd131949d..610ff474b 100644 --- a/lfs/libcap +++ b/lfs/libcap @@ -24,7 +24,7 @@ include Config -VER = 2.49 +VER = 2.50 THISAPP = libcap-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = b43ae3690fe4d2cb32e4d25c0983ecd3 +$(DL_FILE)_MD5 = 66a561afa81666236ff973544ff4e864 install : $(TARGET) @@ -70,12 +70,13 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/libcap-2.50-install_capsh_again.patch # Prevent a static library from being installed cd $(DIR_APP) && sed -i '/install.*STALIBNAME/d' libcap/Makefile cd $(DIR_APP) && make GOLANG=no cd $(DIR_APP) && make install GOLANG=no rm -vf /lib/libcap.so - ln -svf /lib/libcap.so.2.49 /usr/lib/libcap.so + ln -svf /lib/libcap.so.2.50 /usr/lib/libcap.so chmod +x /lib/libcap.so.* @rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/src/patches/libcap-2.50-install_capsh_again.patch b/src/patches/libcap-2.50-install_capsh_again.patch new file mode 100644 index 000000000..0ae7520dc --- /dev/null +++ b/src/patches/libcap-2.50-install_capsh_again.patch @@ -0,0 +1,38 @@ +From 1f8d32942be54850a3a89c7b58ba5613b5525c58 Mon Sep 17 00:00:00 2001 +From: "Andrew G. Morgan" +Date: Fri, 28 May 2021 13:41:17 -0700 +Subject: [PATCH] Make capsh an installed binary again + +Bug report from Jan Palus: + + https://bugzilla.kernel.org/show_bug.cgi?id=213261 + +Signed-off-by: Andrew G. Morgan +--- + progs/Makefile | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/progs/Makefile b/progs/Makefile +index 313dc4d..3c3dc97 100644 +--- a/progs/Makefile ++++ b/progs/Makefile +@@ -32,14 +32,14 @@ $(BUILD): %: %.o $(DEPS) + + install: all + mkdir -p -m 0755 $(FAKEROOT)$(SBINDIR) +- for p in $(PROGS) ; do \ ++ for p in $(PROGS) capsh ; do \ + install -m 0755 $$p $(FAKEROOT)$(SBINDIR) ; \ + done + ifeq ($(RAISE_SETFCAP),yes) + $(FAKEROOT)$(SBINDIR)/setcap cap_setfcap=i $(FAKEROOT)$(SBINDIR)/setcap + endif + +-test: $(PROGS) ++test: $(PROGS) capsh + + capshdoc.h.cf: capshdoc.h ./mkcapshdoc.sh + ./mkcapshdoc.sh > $@ +-- +2.32.0.rc2 +