From patchwork Tue Dec 27 11:59:54 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 6340 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4NhCrw6JQ3z3xl0 for ; Tue, 27 Dec 2022 12:00:16 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4NhCrr08Dnz13n; Tue, 27 Dec 2022 12:00:12 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4NhCrq6NhPz302g; Tue, 27 Dec 2022 12:00:11 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4NhCrp4Q35z2y4g for ; Tue, 27 Dec 2022 12:00:10 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4NhCrp3WvBzJQ; Tue, 27 Dec 2022 12:00:10 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1672142410; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=TyR0lvq8dRw/ftYIyZoNdueh7H2MkzMCIudYyHM69nM=; b=nAkKRCobJfadwGl42+D+J8jfiR/cGpHh3VAswzw629VxYG4OcFEmEMdxwpDaoDTWKWkXLZ E8etSl0yOQAOsRBA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1672142410; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=TyR0lvq8dRw/ftYIyZoNdueh7H2MkzMCIudYyHM69nM=; b=A58MdCBkDsqBCY7Smz2XIXrSQL9UCOaBSPOxFPT5WeoiwFt7MN0giulsVCb5E1BFh56TLb wORo8ClA7ENlRpzHX2ehExUitcSCfQujvE8SCOQS4WUcAs264gc2sLqLUOdsRZUd+RwNzg zB9J1UxmFG0kGq14auCeSYglrXEvNA+44R5DpeFEVrQ7JNc7WLmyCf000ijWMqEu7BkA1C f7fLcWkUw8EzAv3o5oa1Muzafv9tHx3g4/NnfcNCils7Xx0BghzcSt7xTa/J682k/nJsT+ VQ8SnbfChAZ3OLAYo3oGwwCmhzBCZK4KWT1ZtSoDvAgqQwTZ7M4KADZPoSPsmg== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH] libcap: Update to version 2.66 Date: Tue, 27 Dec 2022 12:59:54 +0100 Message-Id: <20221227120002.12161-3-adolf.belka@ipfire.org> In-Reply-To: <20221227120002.12161-1-adolf.belka@ipfire.org> References: <20221227120002.12161-1-adolf.belka@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" - Update from version 2.64 to 2.66 - Update of rootfile - Changelog Release notes for 2.66 Fix documentation typos in cap_from_text.3 (Bug: 216514 reported by Paulo Andrade.) Some getpcaps code clean up and a fix for PID argument parsing from Jakub Wilk. Slightly more robust Makefiles to address an error with make -j48 test observed by Tomasz Kłoczko. Include a simple Go program, captrace, to trace kernel capability validation checks This program can be used to figure out what capabilities a program needs to operate. captrace (a wrapper for bpftrace) uses BPF kprobes to monitor the kernel for capability checks and whether or not they succeed for the system, a specific PID or a program's direct execution. Trim down the default file capabilities for contrib/sucap/su to those actually needed and set USER and HOME environment variables so bash doesn't complain about a sourcing error. Release notes for 2.65 Fix syntax error in DEBUG build of protected code in setcap.c. (Bug reported by yixiangzhike.) Prevent bash from reading the wrong startup files when the capsh --user=xxx argument is used to invoke a shell as the user xxx. This is done by capsh now changing the USER and HOME environment variables when --user is specified. The argument --noenv can be used to suppress this behavior to what used to be the problematic default. (Bug: 215926) Improved documentation: Man page info for cap_get_pid() and cap_reset_ambient(). (Bug reports from nomonemo and Tinkerer One.) Improve documentation and help for the captree program. Updated go/Makefile comment about an unfixed Go runtime bug in go1.16 and go1.17 (resolved in go1.18+), and the deadlock behavior of the psx-fd test. Refresh the signatures on the two GPG keys morgan@ uses. The 4096 bit one is preferred, but the older one is also used for continuity reasons. This set of signatures should also be available from the various key servers out there. Signed-off-by: Adolf Belka Reviewed-by: Peter Müller --- config/rootfiles/common/libcap | 4 ++-- lfs/libcap | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/config/rootfiles/common/libcap b/config/rootfiles/common/libcap index 1e104acf6..f0518d6aa 100644 --- a/config/rootfiles/common/libcap +++ b/config/rootfiles/common/libcap @@ -1,8 +1,8 @@ lib/libcap.so.2 -lib/libcap.so.2.64 +lib/libcap.so.2.66 #lib/libpsx.so #lib/libpsx.so.2 -lib/libpsx.so.2.64 +lib/libpsx.so.2.66 #lib/pkgconfig/libcap.pc #lib/pkgconfig/libpsx.pc lib/security/pam_cap.so diff --git a/lfs/libcap b/lfs/libcap index 21facbe01..f81b13c99 100644 --- a/lfs/libcap +++ b/lfs/libcap @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2021 IPFire Team # +# Copyright (C) 2007-2022 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 2.64 +VER = 2.66 THISAPP = libcap-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 078ce2505a79c1bd4ca0a8eaf3444178bc19a566f0505d28c6959f86fbbac2fe2fc88c06fd0d988087a6e20e8ec66a2633146cea957f0f3fd92eaff4f81d7c66 +$(DL_FILE)_BLAKE2 = e79bf10c6a3dbffe96dc97aad0bed67caa0b3805d9dcaff1e4a8a833396ee5c6da4f7f0d321b254e99a00073bc39021b9f3a4b350d93094d0df4d74889b3ca56 install : $(TARGET) @@ -75,7 +75,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && make GOLANG=no cd $(DIR_APP) && make install GOLANG=no rm -vf /lib/libcap.so - ln -svf /lib/libcap.so.2.64 /usr/lib/libcap.so + ln -svf /lib/libcap.so.2.66 /usr/lib/libcap.so chmod +x /lib/libcap.so.* @rm -rf $(DIR_APP) @$(POSTBUILD)