diff --git a/backport-Stop-using-_pam_overwrite-in-pam_cap.c.patch b/backport-Stop-using-_pam_overwrite-in-pam_cap.c.patch deleted file mode 100644 index 0764288d6983c2cf12374d3c8237b800bc93e1ad..0000000000000000000000000000000000000000 --- a/backport-Stop-using-_pam_overwrite-in-pam_cap.c.patch +++ /dev/null @@ -1,45 +0,0 @@ -From ee20d385ef319f8523f1debc49f375c8eff257a6 Mon Sep 17 00:00:00 2001 -From: "Andrew G. Morgan" -Date: Fri, 22 Dec 2023 06:37:02 -0800 -Subject: Stop using _pam_overwrite() in pam_cap.c. - -It looks like the Linux-PAM folk have deprecated this macro. Compiler optimization -is hard to account for: apparently this explicit deletion is no longer -guaranteed to work. This function was marked deprecated in v1.5.3 of Linux-PAM. - -I've replaced its use with memset(). I'm not convinced that that will be honored -either, but remain hopeful and prefer to leave the code explicit in its intent -without a deprecation warning messing up the build log. Should some compiler -optimize it away and it leads to an exploit of some sort, it can be revealed as -a compilation bug. - -Signed-off-by: Andrew G. Morgan ---- - pam_cap/pam_cap.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/pam_cap/pam_cap.c b/pam_cap/pam_cap.c -index b9419cb..3fe3b8c 100644 ---- a/pam_cap/pam_cap.c -+++ b/pam_cap/pam_cap.c -@@ -199,7 +199,7 @@ defer: - int i; - for (i = 0; i < groups_n; i++) { - char *g = groups[i]; -- _pam_overwrite(g); -+ memset(g, 0, strlen(g)); - _pam_drop(g); - } - if (groups != NULL) { -@@ -440,7 +440,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, - small race associated with a redundant read of the - config. */ - -- _pam_overwrite(conf_caps); -+ memset(conf_caps, 0, strlen(conf_caps)); - _pam_drop(conf_caps); - - return PAM_SUCCESS; --- -cgit 1.2.3-korg - diff --git a/backport-getpcaps-fix-program-name-in-help-message.patch b/backport-getpcaps-fix-program-name-in-help-message.patch deleted file mode 100644 index e13d8c30e13777980b6156e2e73648172a6215e9..0000000000000000000000000000000000000000 --- a/backport-getpcaps-fix-program-name-in-help-message.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 17c5e89521fd0455a8f18563eb37e5ddbc7d34cb Mon Sep 17 00:00:00 2001 -From: Jakub Wilk -Date: Mon, 29 Jan 2024 11:33:40 +0100 -Subject: getpcaps: fix program name in help message - -Signed-off-by: Jakub Wilk -Signed-off-by: Andrew G. Morgan ---- - progs/getpcaps.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/progs/getpcaps.c b/progs/getpcaps.c -index 7e14c36..b4cbda8 100644 ---- a/progs/getpcaps.c -+++ b/progs/getpcaps.c -@@ -14,7 +14,7 @@ - static void usage(int code) - { - fprintf(stderr, --"usage: getcaps [opts] [ ...]\n\n" -+"usage: getpcaps [opts] [ ...]\n\n" - " This program displays the capabilities on the queried process(es).\n" - " The capabilities are displayed in the cap_from_text(3) format.\n" - "\n" --- -cgit 1.2.3-korg - diff --git a/libcap-2.69.tar.gz b/libcap-2.69.tar.gz deleted file mode 100644 index ade15d691788330ded422700cbe7923b4ff33924..0000000000000000000000000000000000000000 Binary files a/libcap-2.69.tar.gz and /dev/null differ diff --git a/libcap-2.71.tar.xz b/libcap-2.71.tar.xz new file mode 100644 index 0000000000000000000000000000000000000000..baf5fbbe6c94edb5ba5a9120679bcbfba5e1a2fb Binary files /dev/null and b/libcap-2.71.tar.xz differ diff --git a/libcap-buildflags.patch b/libcap-buildflags.patch index c13c4a1271731fbe2ff813c33ddfdda3864ca637..2ea2ffc3d59736846b595c8830635b4b1da953b0 100644 --- a/libcap-buildflags.patch +++ b/libcap-buildflags.patch @@ -20,7 +20,7 @@ index 70d5829..2160012 100644 CFLAGS += $(WARNINGS) CPPFLAGS += -Dlinux $(DEFINES) $(LIBCAP_INCLUDES) -LDFLAGS ?= # -g -+LDFLAGS ?= $(RPM_OPT_FLAGS) ++LDFLAGS ?= $(RPM_LD_FLAGS) BUILD_CC ?= $(CC) BUILD_LD ?= $(BUILD_CC) -Wl,-x -shared diff --git a/libcap.spec b/libcap.spec index 70cb3bccecd18614b590152f443df8c0e874e88f..50d167603f9dd293bc16b9b9776827ef5ce8c6b7 100644 --- a/libcap.spec +++ b/libcap.spec @@ -1,16 +1,14 @@ Name: libcap -Version: 2.69 -Release: 3 +Version: 2.71 +Release: 1 Summary: A library for getting and setting POSIX.1e draft 15 capabilities -License: GPLv2 +License: BSD-3-Clause OR GPL-2.0-only URL: https://sites.google.com/site/fullycapable -Source0: https://www.kernel.org/pub/linux/libs/security/linux-privs/libcap2/%{name}-%{version}.tar.gz +Source0: https://www.kernel.org/pub/linux/libs/security/linux-privs/libcap2/%{name}-%{version}.tar.xz Patch0: libcap-buildflags.patch Patch1: backport-libcap-Ensure-the-XATTR_NAME_CAPS-is-define.patch Patch2: support-specify-cc.patch -Patch3: backport-getpcaps-fix-program-name-in-help-message.patch -Patch4: backport-Stop-using-_pam_overwrite-in-pam_cap.c.patch BuildRequires: libattr-devel pam-devel perl-interpreter gcc @@ -20,7 +18,7 @@ draft 15 capabilities. %package devel Summary: Development headers and libraries for %{name} -Requires:%{name} = %{version}-%{release} +Requires: %{name} = %{version}-%{release} %description devel Development headers and libraries for %{name} @@ -44,42 +42,31 @@ chmod +x %{buildroot}/%{_libdir}/*.so.* %check %make_build COPTS="%{optflags}" test -%pre - -%preun - -%post -p /sbin/ldconfig - -%postun -p /sbin/ldconfig - %files -%defattr(-,root,root) %license License %{_libdir}/*.so.* %{_sbindir}/* %{_libdir}/security/pam_cap.so %files devel -%defattr(-,root,root) %{_includedir}/* %{_libdir}/*.so %{_libdir}/pkgconfig/*.pc %{_libdir}/*.a %files help -%defattr(-,root,root) -%{_mandir}/man3/*.gz -%{_mandir}/man1/*.gz -%{_mandir}/man8/*.gz +%{_mandir}/man?/* %changelog +* Sat Oct 26 2024 Funda Wang - 2.71-1 +- Update to 2.71 + * Wed Mar 27 2024 yanglongkang - 2.69-3 - backport upstream patches: getpcaps: fix program name in help message Stop using _pam_overwrite() in pam_cap.c - -* Sun Apr 16 2023 jammyjellyfish - 2.69-2 +* Sun Feb 4 2024 jammyjellyfish - 2.69-2 - Support specify CC * Thu Jul 20 2023 wangyunjia - 2.69-1 diff --git a/libcap.yaml b/libcap.yaml index eb546cd71eb04a0fef7eb651459017216aeec658..f2c93a6c9aec5f4caf14acd9ba518e534c304d5c 100644 --- a/libcap.yaml +++ b/libcap.yaml @@ -1,4 +1,4 @@ version_control: git -src_repo: https://git.kernel.org/pub/scm/libs/libcap/libcap.git/ +src_repo: https://git.kernel.org/pub/scm/libs/libcap/libcap.git tag_prefix: ^libcap- -seperator: +separator: .