From patchwork Fri May 19 11:47:51 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 6883 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4QN4pw2SXMz3wlp for ; Fri, 19 May 2023 11:48:08 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4QN4pn5Qd9z5Nm; Fri, 19 May 2023 11:48:01 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4QN4pn3wc2z30JR; Fri, 19 May 2023 11:48:01 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4QN4pl0tM2z2ydF for ; Fri, 19 May 2023 11:47:59 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4QN4pk4XY1z1NC; Fri, 19 May 2023 11:47:58 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1684496878; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ul+8iJsMiIsqT9Cj+AqxIwPVMrBF42FdB8dZJqOp6L0=; b=G8EeOrBz3JInww5fL4fUne4hZMj5rz0vGhONvBP/zPS70flDCCVYwGuhzir/gWGpt4I4wU 3YHqBXjSBBpsVPAw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1684496878; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ul+8iJsMiIsqT9Cj+AqxIwPVMrBF42FdB8dZJqOp6L0=; b=aMbGUevFwrqvB3eaMDbKUh38eXXJDrZl/j93URvliel9yQGajE6L4ggKhm9ZKhl3C6nP8X peHYlp0Hylbwy1fl8hJLvp6DZu52UPv59mDJSNkZ8bDMLse09xjwVbQiht2pXwkKFw1vp/ 90/pE+mQkDNPi2XbPQh0ym9quaKnshJ/GwLWk02MZGvE3YMU4Mhn/mqs/7tQ9YCUHXvJt0 7Gzyk1cg0LCAg2vl4cUpBUuSPVvCAt/sXpsROXUQdEho+YqJNe6ilh+bOFcNMfgM9Wcyyg l7bL0SBtRRklbRW/Ai3SQrSx7n6yDxB/0+y81wJuY0kWYlPXkITZxx6AS1i5gw== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH] libcap: Update to version 2.69 Date: Fri, 19 May 2023 13:47:51 +0200 Message-Id: <20230519114753.8468-5-adolf.belka@ipfire.org> In-Reply-To: <20230519114753.8468-1-adolf.belka@ipfire.org> References: <20230519114753.8468-1-adolf.belka@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" - Update from version 2.67 to 2.69 - Update of rootfile - Changelog Release notes for 2.69 2023-05-14 19:10:04 -0700 An audit was performed on libcap and friends by https://x41-dsec.de/ https://x41-dsec.de/news/2023/05/15/libcap-source-code-audit/ The audit (final report, 2023-05-10) https://drive.google.com/file/d/1lsuC_tQbQ5pCE2Sy_skw0a7hTzQyQh2C/view?usp=sharing was sponsored by the the Open Source Technology Improvement Fund, https://ostif.org/ (blog). Five issues were found. Four of them are addressed in this release. Each issue was labeled in the audit results as follows: LCAP-CR-23-01 (SEVERITY) LOW (CVE-2023-2602) - found by David Gstir LCAP-CR-23-02 (SEVERITY) MEDIUM (CVE-2023-2603) - found by Richard Weinberger LCAP-CR-23-100 (SEVERITY) NONE LCAP-CR-23-101 (SEVERITY) NONE Man page style improvement from Emanuele Torre Partially revive the ability to build the binaries fully statically. This was needed to make bleeding edge kernel debugging/testing via qemu+busybox work again. Addressing an issue I realized only when I tried to answer this stackexchange question. https://unix.stackexchange.com/questions/741532/launch-process-with-limited-capabilities-on-minimal-busybox-based-system Release notes for 2.68 2023-03-25 17:03:17 -0700 Force libcap internal functions to be hidden outside the library (Bug 217014) Expanded the list of man page (links) to all of the supported API functions. fixed some formatting issues with the libpsx(3) manpage. Add support for a markdown preamble and postscript when generating .md versions of the man pages (Bug 217007) psx package clean up fix some copy-paste errors with TestShared() added a more complete psx testing into this test as well cap package clean up drop an unnecessary use of ", _" in the sources cleaned up cap.NamedCount documentation Converted goapps/web/README to .md format and fixed the instructions to indicate go mod tidy is needed. cap_compare test binary now cleans up after itself (Bug 217018) Figured out how to cross compile Go programs for arm (i.e. RPi) that use C code, don't use cgo but do use the psx package (all part of investigating bug 216610). Eliminate use of vendor directory Signed-off-by: Adolf Belka --- config/rootfiles/common/libcap | 8 ++++++-- lfs/libcap | 4 ++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/config/rootfiles/common/libcap b/config/rootfiles/common/libcap index af1c22e83..f331e2a43 100644 --- a/config/rootfiles/common/libcap +++ b/config/rootfiles/common/libcap @@ -6,20 +6,22 @@ sbin/setcap #usr/include/sys/psx_syscall.h usr/lib/libcap.so usr/lib/libcap.so.2 -usr/lib/libcap.so.2.67 +usr/lib/libcap.so.2.69 #usr/lib/libpsx.so #usr/lib/libpsx.so.2 -usr/lib/libpsx.so.2.67 +usr/lib/libpsx.so.2.69 #usr/lib/pkgconfig/libcap.pc #usr/lib/pkgconfig/libpsx.pc #usr/lib/security usr/lib/security/pam_cap.so #usr/share/man/man1/capsh.1 +#usr/share/man/man3/__psx_syscall.3 #usr/share/man/man3/cap_clear.3 #usr/share/man/man3/cap_clear_flag.3 #usr/share/man/man3/cap_compare.3 #usr/share/man/man3/cap_copy_ext.3 #usr/share/man/man3/cap_copy_int.3 +#usr/share/man/man3/cap_copy_int_check.3 #usr/share/man/man3/cap_drop_bound.3 #usr/share/man/man3/cap_dup.3 #usr/share/man/man3/cap_fill.3 @@ -71,6 +73,7 @@ usr/lib/security/pam_cap.so #usr/share/man/man3/cap_set_nsowner.3 #usr/share/man/man3/cap_set_proc.3 #usr/share/man/man3/cap_set_secbits.3 +#usr/share/man/man3/cap_set_syscall.3 #usr/share/man/man3/cap_setgroups.3 #usr/share/man/man3/cap_setuid.3 #usr/share/man/man3/cap_size.3 @@ -80,6 +83,7 @@ usr/lib/security/pam_cap.so #usr/share/man/man3/capsetp.3 #usr/share/man/man3/libcap.3 #usr/share/man/man3/libpsx.3 +#usr/share/man/man3/psx_load_syscalls.3 #usr/share/man/man3/psx_set_sensitivity.3 #usr/share/man/man3/psx_syscall.3 #usr/share/man/man3/psx_syscall3.3 diff --git a/lfs/libcap b/lfs/libcap index 63f4ef8b0..951ed80dc 100644 --- a/lfs/libcap +++ b/lfs/libcap @@ -24,7 +24,7 @@ include Config -VER = 2.67 +VER = 2.69 THISAPP = libcap-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = bd9be22e439397a3c1726093cfee2410df93773b3139d50a1cdc10daecb666ddb9b64daded6e0ec9f2fd6defd16ea156dbd66bd55360ea266131f31ea0f0e989 +$(DL_FILE)_BLAKE2 = 94d1fef7666a1c383a8b96f1f6092bd242164631532868b628d2f5de71b42a371d041a978ef7fbadfee3eeb433165444995d1078cd790275bc0433a7875a697e install : $(TARGET)