libcap: Update to version 2.69
Commit Message
- Update from version 2.67 to 2.69
- Update of rootfile
- Changelog
Release notes for 2.69
2023-05-14 19:10:04 -0700
An audit was performed on libcap and friends by https://x41-dsec.de/
https://x41-dsec.de/news/2023/05/15/libcap-source-code-audit/
The audit (final report, 2023-05-10)
https://drive.google.com/file/d/1lsuC_tQbQ5pCE2Sy_skw0a7hTzQyQh2C/view?usp=sharing
was sponsored by the the Open Source Technology Improvement Fund,
https://ostif.org/ (blog). Five issues were found. Four of them are
addressed in this release. Each issue was labeled in the audit results as
follows:
LCAP-CR-23-01 (SEVERITY) LOW (CVE-2023-2602) - found by David Gstir
LCAP-CR-23-02 (SEVERITY) MEDIUM (CVE-2023-2603) - found by Richard Weinberger
LCAP-CR-23-100 (SEVERITY) NONE
LCAP-CR-23-101 (SEVERITY) NONE
Man page style improvement from Emanuele Torre
Partially revive the ability to build the binaries fully statically.
This was needed to make bleeding edge kernel debugging/testing via
qemu+busybox work again. Addressing an issue I realized only when I
tried to answer this stackexchange question.
https://unix.stackexchange.com/questions/741532/launch-process-with-limited-capabilities-on-minimal-busybox-based-system
Release notes for 2.68
2023-03-25 17:03:17 -0700
Force libcap internal functions to be hidden outside the library (Bug 217014)
Expanded the list of man page (links) to all of the supported API functions.
fixed some formatting issues with the libpsx(3) manpage.
Add support for a markdown preamble and postscript when generating .md
versions of the man pages (Bug 217007)
psx package clean up
fix some copy-paste errors with TestShared()
added a more complete psx testing into this test as well
cap package clean up
drop an unnecessary use of ", _" in the sources
cleaned up cap.NamedCount documentation
Converted goapps/web/README to .md format and fixed the instructions to
indicate go mod tidy is needed.
cap_compare test binary now cleans up after itself (Bug 217018)
Figured out how to cross compile Go programs for arm (i.e. RPi) that use C
code, don't use cgo but do use the psx package (all part of investigating
bug 216610).
Eliminate use of vendor directory
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
config/rootfiles/common/libcap | 8 ++++++--
lfs/libcap | 4 ++--
2 files changed, 8 insertions(+), 4 deletions(-)
@@ -6,20 +6,22 @@ sbin/setcap
#usr/include/sys/psx_syscall.h
usr/lib/libcap.so
usr/lib/libcap.so.2
-usr/lib/libcap.so.2.67
+usr/lib/libcap.so.2.69
#usr/lib/libpsx.so
#usr/lib/libpsx.so.2
-usr/lib/libpsx.so.2.67
+usr/lib/libpsx.so.2.69
#usr/lib/pkgconfig/libcap.pc
#usr/lib/pkgconfig/libpsx.pc
#usr/lib/security
usr/lib/security/pam_cap.so
#usr/share/man/man1/capsh.1
+#usr/share/man/man3/__psx_syscall.3
#usr/share/man/man3/cap_clear.3
#usr/share/man/man3/cap_clear_flag.3
#usr/share/man/man3/cap_compare.3
#usr/share/man/man3/cap_copy_ext.3
#usr/share/man/man3/cap_copy_int.3
+#usr/share/man/man3/cap_copy_int_check.3
#usr/share/man/man3/cap_drop_bound.3
#usr/share/man/man3/cap_dup.3
#usr/share/man/man3/cap_fill.3
@@ -71,6 +73,7 @@ usr/lib/security/pam_cap.so
#usr/share/man/man3/cap_set_nsowner.3
#usr/share/man/man3/cap_set_proc.3
#usr/share/man/man3/cap_set_secbits.3
+#usr/share/man/man3/cap_set_syscall.3
#usr/share/man/man3/cap_setgroups.3
#usr/share/man/man3/cap_setuid.3
#usr/share/man/man3/cap_size.3
@@ -80,6 +83,7 @@ usr/lib/security/pam_cap.so
#usr/share/man/man3/capsetp.3
#usr/share/man/man3/libcap.3
#usr/share/man/man3/libpsx.3
+#usr/share/man/man3/psx_load_syscalls.3
#usr/share/man/man3/psx_set_sensitivity.3
#usr/share/man/man3/psx_syscall.3
#usr/share/man/man3/psx_syscall3.3
@@ -24,7 +24,7 @@
include Config
-VER = 2.67
+VER = 2.69
THISAPP = libcap-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = bd9be22e439397a3c1726093cfee2410df93773b3139d50a1cdc10daecb666ddb9b64daded6e0ec9f2fd6defd16ea156dbd66bd55360ea266131f31ea0f0e989
+$(DL_FILE)_BLAKE2 = 94d1fef7666a1c383a8b96f1f6092bd242164631532868b628d2f5de71b42a371d041a978ef7fbadfee3eeb433165444995d1078cd790275bc0433a7875a697e
install : $(TARGET)