From patchwork Mon Mar 27 21:27:05 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 6724 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4Plm9g4q8Dz3x6w for ; Mon, 27 Mar 2023 21:27:19 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4Plm9d5X9Czjv; Mon, 27 Mar 2023 21:27:17 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4Plm9d3rXcz2ySG; Mon, 27 Mar 2023 21:27:17 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4Plm9d0zqkz2xYk for ; Mon, 27 Mar 2023 21:27:17 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4Plm9Z1MMmzMM; Mon, 27 Mar 2023 21:27:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1679952434; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Y+cZGbYj0EhFJwYubsZP4mB6zIl9m0nlaJ5klEg4ed0=; b=kH1lzke9LhwhUIP1NfLKxYiP9Pm1ZIu4JrIVXlfCGEqTm7mBwV7aPQrGFoNUBHNH+TPTDg JBmbs05jH9GuQ0Kdq189XsXeKeeUYuFH7cHqFBCn4TqfQ34rm46PcWUExa/WQi1MRlJBZ0 mp+P3TUk1C1lavw5adpIb/hLHYaAOrCj7sam96X23I9qSIynNJRqg5NldAH/1IoNz6/Meh 0yHpD2A9qBeU2Q58NDbaUcZ5wrZamhXQSBk1GgJPO96y8iPxMVeUZiPhq5ydpqIuJ6RJdF y3jfs/ymLatBtOBl5QEyEFytzj7hP2PE22wEM+deOOmLMV0YDigj1wK8PJW91g== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1679952434; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Y+cZGbYj0EhFJwYubsZP4mB6zIl9m0nlaJ5klEg4ed0=; b=g73f5+hMEA75xwbmS0zOR+hnyK6Vgz6qQRXgsj057i47W44ctT9PhmkBpIVLmmlwkuQh4U ohyR+E+ddmpmuNBg== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH] libcap: Update to version 2.67 Date: Mon, 27 Mar 2023 23:27:05 +0200 Message-Id: <20230327212709.3955444-1-adolf.belka@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" - Update from version 2.66 to 2.67 - Update of rootfile - Changelog Release notes for 2.67 Replace use of fgrep with grep -F (POSIX grep flags preferred by GNU grep) - patch from David Seifert. Added SPDX identifiers to License file(s). Hopefully this will help the various robots out there correctly identify the longstanding licenses for libcap and friends. (Bug: 216609 reported by Günther Noack) Started down the rabbit hole of trying to address (Bug: 216610 reported by Günther Noack on behalf of Michael Stapelberg) The basic issue is how to link C code with Go psx without using CGo. This is all a low level hackery. If you are interested, browse the source. Correct for bad whatis entries in man pages (this was throwing a Debian build test, detail) Also reviewed man pages and addressed cross linkage issues (Bug: 216585) Cleaned up some README.md files (made a github mirror now just so I can automatically render them). Changed meaning of DYNAMIC=no builds. This now builds everything with static linking except for libc. The reason for this exception is explained in the commit message. Inserted demonstration exploit code in capso.so to support article. Signed-off-by: Adolf Belka --- config/rootfiles/common/libcap | 9 +++++++-- lfs/libcap | 8 ++++---- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/config/rootfiles/common/libcap b/config/rootfiles/common/libcap index f0518d6aa..194fc7f19 100644 --- a/config/rootfiles/common/libcap +++ b/config/rootfiles/common/libcap @@ -1,8 +1,8 @@ lib/libcap.so.2 -lib/libcap.so.2.66 +lib/libcap.so.2.67 #lib/libpsx.so #lib/libpsx.so.2 -lib/libpsx.so.2.66 +lib/libpsx.so.2.67 #lib/pkgconfig/libcap.pc #lib/pkgconfig/libpsx.pc lib/security/pam_cap.so @@ -32,6 +32,7 @@ usr/lib/libcap.so #usr/share/man/man3/cap_get_file.3 #usr/share/man/man3/cap_get_flag.3 #usr/share/man/man3/cap_get_mode.3 +#usr/share/man/man3/cap_get_nsowner.3 #usr/share/man/man3/cap_get_pid.3 #usr/share/man/man3/cap_get_proc.3 #usr/share/man/man3/cap_get_secbits.3 @@ -59,10 +60,14 @@ usr/lib/libcap.so #usr/share/man/man3/cap_mode.3 #usr/share/man/man3/cap_mode_name.3 #usr/share/man/man3/cap_new_launcher.3 +#usr/share/man/man3/cap_prctl.3 +#usr/share/man/man3/cap_prctlw.3 +#usr/share/man/man3/cap_proc_root.3 #usr/share/man/man3/cap_set_fd.3 #usr/share/man/man3/cap_set_file.3 #usr/share/man/man3/cap_set_flag.3 #usr/share/man/man3/cap_set_mode.3 +#usr/share/man/man3/cap_set_nsowner.3 #usr/share/man/man3/cap_set_proc.3 #usr/share/man/man3/cap_set_secbits.3 #usr/share/man/man3/cap_setgroups.3 diff --git a/lfs/libcap b/lfs/libcap index f81b13c99..9eab679ff 100644 --- a/lfs/libcap +++ b/lfs/libcap @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2022 IPFire Team # +# Copyright (C) 2007-2023 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 2.66 +VER = 2.67 THISAPP = libcap-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = e79bf10c6a3dbffe96dc97aad0bed67caa0b3805d9dcaff1e4a8a833396ee5c6da4f7f0d321b254e99a00073bc39021b9f3a4b350d93094d0df4d74889b3ca56 +$(DL_FILE)_BLAKE2 = bd9be22e439397a3c1726093cfee2410df93773b3139d50a1cdc10daecb666ddb9b64daded6e0ec9f2fd6defd16ea156dbd66bd55360ea266131f31ea0f0e989 install : $(TARGET) @@ -75,7 +75,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && make GOLANG=no cd $(DIR_APP) && make install GOLANG=no rm -vf /lib/libcap.so - ln -svf /lib/libcap.so.2.66 /usr/lib/libcap.so + ln -svf /lib/libcap.so.2.67 /usr/lib/libcap.so chmod +x /lib/libcap.so.* @rm -rf $(DIR_APP) @$(POSTBUILD)