From patchwork Sun Sep  5 20:45:46 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Adolf Belka <adolf.belka@ipfire.org>
X-Patchwork-Id: 4674
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384)
	 client-signature ECDSA (P-384))
	(Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
	by web04.haj.ipfire.org (Postfix) with ESMTPS id 4H2k7z08zgz3xJJ
	for <patchwork@web04.haj.ipfire.org>; Sun,  5 Sep 2021 20:45:51 +0000 (UTC)
Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384)
	 client-signature ECDSA (P-384))
	(Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 4H2k7y4q1Vz5Pv;
	Sun,  5 Sep 2021 20:45:50 +0000 (UTC)
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4H2k7y4JdSz2yDk;
	Sun,  5 Sep 2021 20:45:50 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384)
 client-signature ECDSA (P-384))
 (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
 by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4H2k7x3M03z2xcW
 for <development@lists.ipfire.org>; Sun,  5 Sep 2021 20:45:49 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384)
 (No client certificate requested)
 by mail01.ipfire.org (Postfix) with ESMTPSA id 4H2k7w68vkz1fG;
 Sun,  5 Sep 2021 20:45:48 +0000 (UTC)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003ed25519; t=1630874748;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding;
 bh=R2DSOLWkjpVaUdCGqEoO1jZii2K/S6p+JPijRzJ/zbw=;
 b=n0vmsLl/5R/Y2O4PCibyVjmUfQXi+8B1CT1p1dyzj3wi4xh5Vm5ot2FZHRLwHROuQRiHCR
 uPGjI1ztCdQwgtBQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003rsa;
 t=1630874748;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding;
 bh=R2DSOLWkjpVaUdCGqEoO1jZii2K/S6p+JPijRzJ/zbw=;
 b=a92PV0W7BdidaYcAPO69eGQVOUMaBM6shodZS25vlRZXi2AIpR4tiLDS36WYrQykotCGJM
 PKUmzKI+R2nikrXWUmlAzp7PMQXw6wYlXgA7vwKh+pMoReTm3lTmqUj2kBpTT6bzCKd1dx
 5EL7msw6hxqNXA5SC0NmBMboMRqMUZHXl1J680Ao2hee5JRf3myZfhbJo/kmQJsjFhH8v9
 SfrHUdecZ1TN1pFZuEPmUadqhJDeTuRFtpiLNQIqtGmRLDXm/s2ZyLbi3IUOllm42yec+q
 LmC4RVX8O992xtZ+ghevNTxR5/BB0iuBCkJSx3HoP4KcawPfNAi4ggcl7J7qTQ==
From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] libcap: Update version to 2.56
Date: Sun,  5 Sep 2021 22:45:46 +0200
Message-Id: <20210905204546.2785744-1-adolf.belka@ipfire.org>
MIME-Version: 1.0
X-BeenThere: development@lists.ipfire.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>,
 <mailto:development-request@lists.ipfire.org?subject=unsubscribe>
List-Archive: <http://lists.ipfire.org/pipermail/development/>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>,
 <mailto:development-request@lists.ipfire.org?subject=subscribe>
Errors-To: development-bounces@lists.ipfire.org
Sender: "Development" <development-bounces@lists.ipfire.org>

- Update from 2.50 to 2.56
- Update rootfile
- Delete libcap-2.50-install_capsh_again.patch as this is now built into source tarball
- Changelog
  Release notes for 2.56
    Canonicalize the Makefile use (in collaboration with David Seifert)
        In the process fixed a bug in pam_cap/test_pam_cap (reported by David Seifert, Bug 214257)
    Doc fixes for cap_iab.3
    Added color support to captree, which helped make the following fix generate readable output:
        Fixed captree to not display duplicate copies of sub-trees if also exploring their ancestor (Bug 214269)
    Fixed contrib/sucap/su to correctly handle the Inheritable flag.
   Release notes for 2.55
    Two rounds of fixes for the results of some static analysis performed by Zoltan Fridrich
    Removed a clang compilation warning about memory allocation by rewriting the way cap_free() and the various libcap memory allocation mechanisms work. (Bug 214183)
        This generated a few broken builds until it was fixed.
    Cleanup of some man pages; some fixes and shorter URL to bugzilla link.
    Added libcap cap_proc_root() API function (to reach parity with the Go cap package).
        This is only potentially useful with the recently added cap_iab_get_pid() function
    Revamped what the GOLANG=yes builds install - used to install local copies of cap and psx, but these were effectively useless because of the Go module support in recent Go releases in favor of user controller GOPATH.
        Now make GOLANG=yes only installs the captree utility
        Added some features to captree and created a small article on it
        Added a man page for the captree utility
    Some small changes to the tests to account for the idiosyncrasies of some new testing environments I've accumulated.
        Included adding --has-b support to capsh
  Release notes for 2.54
    Fix for a corner case infinite loop handling long strings (patch provided by Samanta Navarro)
    Fixes to not ignore allocation failures (patch provided by Samanta Navarro)
    Evolving work from Samanta Navarro, found and fixed a memory leak in cap_iab_get_proc()
    More robust discovery of the name of the dynamic loader of the build target (patch provided by Arnout Vandecappelle)
    Revamped the Go capability comparison API for *cap.Set and *cap.IAB, and added cap.IABGetPID()
    Added libcap cap_iab_compare() and cap_iab_get_pid() APIs.
    Added a Go utility, captree, to display the process (and thread) graph along with the POSIX.1e and IAB capabilities of each PID{TID} tree.
        Extended getpcap to support the --iab command line argument, which outputs a PID's IAB tuple too (if non-default).
    Install *.so files as executable now that they are executable as binaries
        A feature of 2.52 but not extended to install rules at that time.
    Absorbed a lot of wisdom from a number of downstream package workarounds including wisdom from (Zhi Li and Arnout Vandecappelle and unknown others... Bugs 214023#c16, 214085)
        Support make FORCELINKPAM=yes or make FORCELINKPAM=no for those packagers that feel strongly about not letting this be dynamically discovered at build time.
    Fixed a compiler warnings from the GitHub build tester (Bug 214143)
  Release notes for 2.53
    The (C) cap_launch functionality was previously broken when launches failed (found and fixed by Samanta Navarro)
        Added a test case for this too.
    Lots of tyops fixed in code and documentation (also by Samanta Navarro)
    Support distributions that aggressively link shared objects (reported by David Runge; Bug 214023)
        These distributions failed to observe a runnable pam_cap.so and various make options failed.
    Support clang builds (again). (Reported by Johan Herland 214047)
        This used to work, but by accident. It broke with the advent of a runnable libcap.so , libpsx.so and pam_cap.so support. Fixed now, and added a build target to validate it still works at release time.
    Minor documentation updates including one for Slavi Marinov who was trying to get cap.LaunchFunc() to work.
        Worked up a couple of example modifications to goapps/web to demonstrate a different user per web query and enabling a custom chroot per web query.
  Release notes for 2.52
    Revived -std=c89 compilation for make all etc. (Bug 213541 reported by Byron Stanoszek.)
    The shared library objects: pam_cap.so, libcap.so and libpsx.so, are all now runnable as standalone binaries!
        The support is used to display some description information.
        To activate it, these binaries need to be installed executable (chmod +x ...)
        We also provided a write-up of how to enable this sort of feature in other .so files here.
    The module pam_cap.so now contains support for a default=<IAB> module argument. (Bug 213611).
    Enhanced capsh --suggest to also compare against the capability value names and not just their descriptions.
    Added capsh --current support.
    Minor documentation updates.
    Added a contrib/sucap/su.c pure-capabilities PAM implementation of su.
        This is primarily to demonstrate that such a thing is possible, and to validate that the pam_cap.so module is capable of adding any IAB tuple of inheritables per group or user.
        At this time, it relies on features only present in this version of libcap and HEAD of the Linux-PAM sources for the pam_unix.so module.
  Release notes for 2.51
    Fix capsh installation (Bug 213261 - reported by Jan Palus)
    Add an autoauth module flag to pam_cap.so (Bug 213279 - noted a feature request hidden in StackExchange)
    Unified libcap/cap (Go) and libcap (C) default generation of external format binary data (Bug 213375 - addressing an issue raised by Mike Schilling)
        This standard binary format should be forwards/backwards compatible with earlier libcap2 builds and libcap/cap packages
    API enhancement cap_fill() and (*cap.Set).Fill() - to permit copying one capability flag to another.
        This can be used to raise all the Permitted capabilities in a Set with one API call.
    In tree build/run/test of Go packages now uses Go module vendoring (Bug 212453).
        This is with an eye to the imminent golang change removing support for GOPATH based building.
    Minor compilation warning fixes

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
---
 config/rootfiles/common/libcap                |  9 +++--
 lfs/libcap                                    |  7 ++--
 .../libcap-2.50-install_capsh_again.patch     | 38 -------------------
 3 files changed, 9 insertions(+), 45 deletions(-)
 delete mode 100644 src/patches/libcap-2.50-install_capsh_again.patch

diff --git a/config/rootfiles/common/libcap b/config/rootfiles/common/libcap
index def30cb5a..95c62bdeb 100644
--- a/config/rootfiles/common/libcap
+++ b/config/rootfiles/common/libcap
@@ -1,10 +1,10 @@
 #lib/libcap.a
 lib/libcap.so.2
-lib/libcap.so.2.50
+lib/libcap.so.2.56
 #lib/libpsx.a
 #lib/libpsx.so
-#lib/libpsx.so.2
-#lib/libpsx.so.2.50
+lib/libpsx.so.2
+lib/libpsx.so.2.56
 #lib/pkgconfig/libcap.pc
 #lib/pkgconfig/libpsx.pc
 lib/security/pam_cap.so
@@ -36,8 +36,10 @@ usr/lib/libcap.so
 #usr/share/man/man3/cap_get_proc.3
 #usr/share/man/man3/cap_get_secbits.3
 #usr/share/man/man3/cap_iab.3
+#usr/share/man/man3/cap_iab_compare.3
 #usr/share/man/man3/cap_iab_fill.3
 #usr/share/man/man3/cap_iab_from_text.3
+#usr/share/man/man3/cap_iab_get_pid.3
 #usr/share/man/man3/cap_iab_get_proc.3
 #usr/share/man/man3/cap_iab_get_vector.3
 #usr/share/man/man3/cap_iab_init.3
@@ -73,6 +75,7 @@ usr/lib/libcap.so
 #usr/share/man/man3/psx_syscall.3
 #usr/share/man/man3/psx_syscall3.3
 #usr/share/man/man3/psx_syscall6.3
+#usr/share/man/man8/captree.8
 #usr/share/man/man8/getcap.8
 #usr/share/man/man8/getpcaps.8
 #usr/share/man/man8/setcap.8
diff --git a/lfs/libcap b/lfs/libcap
index 610ff474b..c814a6f73 100644
--- a/lfs/libcap
+++ b/lfs/libcap
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 2.50
+VER        = 2.56
 
 THISAPP    = libcap-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 66a561afa81666236ff973544ff4e864
+$(DL_FILE)_MD5 = 095695b2e61ab5baf96609cdac9c15a7
 
 install : $(TARGET)
 
@@ -70,13 +70,12 @@ $(subst %,%_MD5,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
-	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/libcap-2.50-install_capsh_again.patch
 	# Prevent a static library from being installed
 	cd $(DIR_APP) && sed -i '/install.*STALIBNAME/d' libcap/Makefile
 	cd $(DIR_APP) && make GOLANG=no
 	cd $(DIR_APP) && make install GOLANG=no
 	rm -vf /lib/libcap.so
-	ln -svf /lib/libcap.so.2.50 /usr/lib/libcap.so
+	ln -svf /lib/libcap.so.2.56 /usr/lib/libcap.so
 	chmod +x /lib/libcap.so.*
 	@rm -rf $(DIR_APP)
 	@$(POSTBUILD)
diff --git a/src/patches/libcap-2.50-install_capsh_again.patch b/src/patches/libcap-2.50-install_capsh_again.patch
deleted file mode 100644
index 0ae7520dc..000000000
--- a/src/patches/libcap-2.50-install_capsh_again.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 1f8d32942be54850a3a89c7b58ba5613b5525c58 Mon Sep 17 00:00:00 2001
-From: "Andrew G. Morgan" <morgan@kernel.org>
-Date: Fri, 28 May 2021 13:41:17 -0700
-Subject: [PATCH] Make capsh an installed binary again
-
-Bug report from Jan Palus:
-
-  https://bugzilla.kernel.org/show_bug.cgi?id=213261
-
-Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
----
- progs/Makefile | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/progs/Makefile b/progs/Makefile
-index 313dc4d..3c3dc97 100644
---- a/progs/Makefile
-+++ b/progs/Makefile
-@@ -32,14 +32,14 @@ $(BUILD): %: %.o $(DEPS)
- 
- install: all
- 	mkdir -p -m 0755 $(FAKEROOT)$(SBINDIR)
--	for p in $(PROGS) ; do \
-+	for p in $(PROGS) capsh ; do \
- 		install -m 0755 $$p $(FAKEROOT)$(SBINDIR) ; \
- 	done
- ifeq ($(RAISE_SETFCAP),yes)
- 	$(FAKEROOT)$(SBINDIR)/setcap cap_setfcap=i $(FAKEROOT)$(SBINDIR)/setcap
- endif
- 
--test: $(PROGS)
-+test: $(PROGS) capsh
- 
- capshdoc.h.cf: capshdoc.h ./mkcapshdoc.sh
- 	./mkcapshdoc.sh > $@
--- 
-2.32.0.rc2
-