| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search | 
| Name: libpsx2 | Distribution: SUSE Linux 16 | 
| Version: 2.73 | Vendor: SUSE LLC <https://www.suse.com/> | 
| Release: 160000.2.2 | Build date: Mon Dec 9 15:15:56 2024 | 
| Group: System/Libraries | Build host: reproducible | 
| Size: 38644 | Source RPM: libcap-2.73-160000.2.2.src.rpm | 
| Packager: https://www.suse.com/ | |
| Url: https://sites.google.com/site/fullycapable/ | |
| Summary: Library for Capabilities (linux-privs) Support | |
Capabilities are a measure to limit the omnipotence of the superuser. Currently a program started by root or setuid root has the power to do anything. Capabilities (Linux-Privs) provide a more fine-grained access control. Without kernel patches, you can use this library to drop capabilities within setuid binaries. If you use patches, this can be done automatically by the kernel.
BSD-3-Clause OR GPL-2.0-only
* Mon Dec 09 2024 schwab@suse.de
  - Disable psx_test and b219174 tests in qemu emulation
* Mon Dec 02 2024 pvorel@suse.cz
  - update to 2.73:
    * https://sites.google.com/site/fullycapable/release-notes-for-libcap?authuser=0#h.7yd7ab9ppagk
* Sat May 25 2024 andreas.stieger@gmx.de
  - update to 2.70:
    * setcap changes to make it harder to set invalid file capabilities
    * Lots of documentation fixes
    * Fix c89 compilation syntax for the C code in the libraries
    * libpam has deprecated providing the _pam_overwrite() function,
      so use memset() instead
* Tue May 16 2023 meissner@suse.com
  - updated to 2.69
    - An audit was performed on libcap and friends by https://x41-dsec.de/ (blog) . The audit (final report, 2023-05-10) was sponsored by the the Open Source Technology Improvement Fund, https://ostif.org/ (blog). Five issues were found. Four of them are addressed in this release. Each issue was labeled in the audit results as follows:
    - LCAP-CR-23-01 (SEVERITY) LOW (CVE-2023-2602) - found by David Gstir (bsc#1211418)
    - LCAP-CR-23-02 (SEVERITY) MEDIUM (CVE-2023-2603) - found by Richard Weinberger (bsc#1211419)
    - LCAP-CR-23-100 (SEVERITY) NONE
    - LCAP-CR-23-101 (SEVERITY) NONE
    - LCAP-CR-23-102 (SEVERITY) NONE
    - Man page style improvement from Emanuele Torre
* Thu Mar 30 2023 dmueller@suse.com
  - update to 2.68:
    * Force libcap internal functions to be hidden outside the library
    * Expanded the list of man page (links) to all of the supported API
      functions.
    * fixed some formatting issues with the libpsx(3) manpage.
    * Add support for a markdown preamble and postscript when generating
      .md versions of the man pages (Bug 217007)
    * psx package clean up
    * fix some copy-paste errors with TestShared()
    * added a more complete psx testing into this test as well
    * cap package clean up
    * drop an unnecessary use of ", _" in the sources
    * cleaned up cap.NamedCount documentation
    * Converted goapps/web/README to .md format and fixed the
      instructions to indicate go mod tidy is needed.
    * cap_compare test binary now cleans up after itself (Bug 217018)
    * Figured out how to cross compile Go programs for arm (i.e. RPi) that
      use C code, don't use cgo but do use the psx package
    * Eliminate use of vendor directory
* Fri Mar 24 2023 mliska@suse.cz
  - Enable LTO and add missing -ffat-lto-objects for the provided
    static libs.
* Fri Mar 24 2023 tiwai@suse.com
  - Revert LTO again; it still breaks builds
* Thu Mar 23 2023 mliska@suse.cz
  - Enable LTO as it works fine.
* Sat Feb 04 2023 dmueller@suse.com
  - update to 2.67:
    * Replace use of fgrep with grep -F (POSIX grep flags preferred by
      GNU grep) - patch from David Seifert.
    * Added SPDX identifiers to License file(s). Hopefully this will
      help the various robots out there correctly identify the
      longstanding licenses for libcap and friends. (Bug: 216609
      reported by Günther Noack)
    * Started down the rabbit hole of trying to address (Bug: 216610
      reported by Günther Noack on behalf of Michael Stapelberg)
    * The basic issue is how to link C code with Go psx without using
      CGo. This is all a low level hackery. If you are interested,
      browse the source.
    * Correct for bad whatis entries in man pages (this was throwing a
      Debian build test, detail)
    * Also reviewed man pages and addressed cross linkage issues (Bug:
    * Cleaned up some README.md files (made a github mirror now just so
      I can automatically render them).
    * Changed meaning of DYNAMIC=no builds.
      This now builds everything with static linking except for libc.
      The reason for this exception is explained in the commit message.
    * Inserted demonstration exploit code in capso.so to support
      article.
* Thu Sep 29 2022 dmueller@suse.com
  - update to 2.66:
    * Fix documentation typos in cap_from_text.3
    * Some getpcaps code clean up and a fix for PID argument parsing from Jakub
      Wilk.
    * Slightly more robust Makefiles to address an error with make -j48 test observed
    * Include a simple Go program, captrace, to trace kernel capability validation
      checks
    * This program can be used to figure out what capabilities a program needs to
      operate.
    * captrace (a wrapper for bpftrace) uses BPF kprobes to monitor the kernel for
      capability checks and whether or not they succeed for the system, a specific
      PID or a program's direct execution.
    * Trim down the default file capabilities for contrib/sucap/su to those actually
      needed and set USER and HOME environment variables so bash doesn't complain
      about a sourcing error.
* Fri Jul 22 2022 dmueller@suse.com
  - update to 2.65:
    * Fix syntax error in DEBUG build of protected code in setcap.c.
    * Prevent bash from reading the wrong startup files when the capsh --user=xxx
      argument is used to invoke a shell as the user xxx. This is done by capsh now
      changing the USER and HOME environment variables when --user is specified.
      The argument --noenv can be used to suppress this behavior to what used to be
      the problematic default. (Bug: 215926)
    * Improved documentation
* Tue Apr 12 2022 dmueller@suse.com
  - update to 2.64:
    * Fix memory leak in libpsx at program exit.
    * Be more resilient to CGo configuration with Go compiler when building tests.
    * Fix cap_*prctl() return code/errno handling.
    * Minor clarification to cap_get_pid() man page concerning pid
      value within namespaces.
* Fri Feb 25 2022 meissner@suse.com
  - Use "or" in the license tag to avoid confusion (bsc#1180073)
* Mon Jan 31 2022 dmueller@suse.com
  - update to 2.63:
    * restore errno to zero by the time main() is executed
    * Consistent psx handling (a panic) for syscalls that return thread dependent
      status Inconsistend behavior noticed by Lorenz Bauer
    * Add a test case for a deadlock under investigation in golang
    * Trim some of the #include file use to make the tree compile more
      efficiently
* Thu Dec 30 2021 dmueller@suse.com
  - update to 2.62:
    * Bug fix for Go package "cap" and launching
    * Build cleanups
    * Documentation updates: cap_max_bits has a man page entry
    * Recognize default securebits as a libcap mode: HYBRID
* Sun Nov 21 2021 andreas.stieger@gmx.de
  - libcap 2.61:
    * Better error handling of the numerical arguments for capsh and
      setcap
    * Fix executable mode for all of the .so files. There were two
      situations where this was failing (with a hard to debug SIGSEGV
      inside libc)
    * Added an example of a shared library object with its own file
      capability
    * Fix the top-level include for Make.Rules in the contrib/sucap
      example application
    * Add support for running constructors at libcap.so start up time
      when running as stand alone binary.
  - includes changes from 2.60:
    * Some build, code linting fixes, the addition of the
      cap_fill_flag() API and a memory latency optimization
    * General improvement in thread safety for libcap and cap package
    * Minor API change replacing libcap:cap_launch_*() void returning
      functions with int + errno status returns.
    * Added a cap_iab_dup(), and (*cap.IAB).Dup() to API
    * New features for capsh: --quiet, -+ and =+ arguments
  - add upstream signing key and verify source signature
* Tue Sep 28 2021 info@paolostivanin.com
  - update to 2.59:
    * Fixed a potential libcap memory leak by adding a destructor
    * Major improvement is that there is a path for Linux-PAM compliant
      applications to support setting Ambient vector Capabilities via pam_cap.so now
    * Added libcap cap_proc_root() API function
    * Added color support to captree
    * Fixed contrib/sucap/su to correctly handle the Inheritable flag
    * capsh enhancements
    * getcap -r / now generates readable output
    * The shared library objects: pam_cap.so, libcap.so and libpsx.so, are all now
      runnable as standalone binaries
    * The module pam_cap.so now contains support for a default=<IAB> module argument
    * Enhanced capsh --suggest to also compare against the capability value names
      and not just their descriptions
    * Added capsh --current support
    * Added a contrib/sucap/su.c pure-capabilities PAM implementation of su
    * Fix for a corner case infinite loop handling long strings
    * Added libcap cap_iab_compare() and cap_iab_get_pid() APIs
    * Added a Go utility, captree, to display the process (and thread) graph along with
      the POSIX.1e and IAB capabilities of each PID{TID} tree.
* Sat Jul 17 2021 dmueller@suse.com
  - update to 2.51:
    * Fix capsh installation
    * Add an autoauth module flag to pam_cap.so
    * Unified libcap/cap (Go) and libcap (C) default generation of external format binary data
    * API enhancement cap_fill() and (*cap.Set).Fill() - to permit copying one
      capability flag to another.
    * --explain=cap_foo: describe what cap_foo does
    * --suggest=phrase: search all the cap descriptions and describe those that match the phrase
    * Add "keepcaps" module argument support to pam_cap.so (reported by Zoltan Fridrich. Bug 212945)
    * extend libcap to include cap_prctl() and cap_prctlw() functions to regain
      feature parity with Go "cap" package. These are only needed when linking
      against -lpsx for keepcaps POSIX semantics.
    * this likely requires substantial application changes to make Ambient
      capability support usable in general, but doing our part for the admin.
    * Add a test case for recent kernel fix
    * Go pragma fix for convenience functions in "cap" module
* Wed Jun 02 2021 christophe@krop.fr
  - Fix a broken symlink. libcap-devel installs libpsx.so but
    didn't install the library it's pointing to.
* Fri Apr 16 2021 tiwai@suse.de
  - Add explicit dependency on libcap2 with version to libcap-progs
    (bsc#1184690)
* Mon Mar 22 2021 dmueller@suse.com
  - update to 2.49:
    * Implement cap_func_launcher() and cap.FuncLauncher().
    * More robust "psx" redirection for nocgo compilation - the documentation for
      the cgo implementation is now included in the nocgo one because the go.dev
      automated documentation builds the docs from the nocgo version.
    * Lots of documentation cleanups and added a few man pages: for IAB and
      Launching.
    * Some general no-op License changes that might cause folk to notice but only
      for formatting reasons. These were initially inspired by some lawyerly
      interactions, but I ended up rolling back half of them because they
      confused automated software infrastructure.
* Tue Feb 09 2021 dmueller@suse.com
  - update to 2.48:
    * More uniform use of $(MAKE) in Makefiles
    * No longer include symlinks in the git tree
    * Provide support for make GOLANG=no ...
    * Provide support for pointing at a specific build of the go binary
    * camelCase the contrib/seccomp/explore.go program
    * A number of documentation fixes to man pages and source code comments
    * Last use of GO major version 0
* Wed Jan 27 2021 dmueller@suse.com
  - update to 2.47:
    * Restructured gowns to default to uid base of getuid().
    * Augment NOPRIV libcap mode with the sticky NO_NEW_PRIVS prctl bit.
    * Improve the usage and diagnostic message for setcap
    * Documentation fixes, license declarations, example updates
* Mon Jan 04 2021 dmueller@suse.com
  - update to 2.46:
    * The bulk of this release concerns fixes and improvements to libpsx
    * Fix the capsh == argument handling and add a test case
    * Added build support for systems that do not support libpthread
    * Added build support for not building shared libraries
* Sat Nov 14 2020 dmueller@suse.com
  - update to 2.44:
    Generally, this is a release to help package builders: no functional change
    to any of the generated code just documentation and make related fixes.
* Wed Sep 02 2020 dmueller@suse.com
  - update to 2.43
    * Linus' kernel tree defines CAP_CHECKPOINT_RESTORE (40) so support it.
    * Fix the creation of the $(FAKEROOT)$(LIBDIR) for split install targets
    * Clean up a binary from the distribution
    * Added some more release time checks for non-git tracked files.
    * Fix a deadlock in libpsx that surfaced with a set of compiler optimizations by removing the psx wrapping harder.
* Thu Aug 06 2020 info@paolostivanin.com
  - Update to version 2.42:
    * Closed a potential issue with "libcap/psx" Go package and errno
    * Documentation updates
    * Minor optimization for cap_to_text() and (*cap.Set).String()
    * Discovered and added a missing function (*cap.Set).SetNSOwner() to achieve parity with libcap
    * Multiple fixes
    * Support Go module abstraction
    * A new kernel capability: CAP_BPF
    * Better support for cross-compilation
    * pam_cap now honors PAM_REINITIALIZE_CRED
    * implements cap_launch functionality
* Sat Feb 15 2020 tiwai@suse.de
  - Update to version 2.32:
    * Bug fix for fakeroot incompatibility (boo#1162014)
    * Slight perf improvement for cap_get_bound().
    * C++ support for psx header inclusion.
    * Some new testing features for capsh
* Tue Jan 28 2020 tiwai@suse.de
  - Update to version 2.31:
    * primarily a documentation update
    * fix libpam.pc to not require libpsx.pc
    * changed the text format of the default output of getpcap
* Mon Jan 13 2020 mpluskal@suse.com
  - Build using -ffat-lto-objects for static library
* Thu Jan 09 2020 mpluskal@suse.com
  - Update to version 2.30 (jsc#SLE-17092, jsc#ECO-3460):
    * BUGFIX: arm and i386 fixes C and Go setgroups choice - used
      wrong syscall in 2.29.
    * cleaned up make clean and make install to actually work as
      intended
    * updated Gentoo libpsx.pc file from Lars Wendler
    * refactored the way libpsx linkage with libcap performed mutual
      discovery.
    * Previously (2.28) libpsx had an API call overridden by libcap
      using weak linkage function in libpsx. In 2.30 this is reversed,
      namely libpsx provides the stronger function and libcap has a
      weak "no-op" version.
    * a bit more consistency in handling the 'all' sets in libcap
      (C) and libcap/cap (Go). Namely, they both dynamically discover
      the number of capabilities named by the kernel and use this as
      the definition of 'all' for the current runtime.
      + libcap (C) exports cap_max_bit() to export the number of
      supported capabilities
      + libcap/cap (Go) exports cap.MaxBits() for this same value.
  - For changes for older releases see:
    * https://sites.google.com/site/fullycapable/release-notes-for-libcap
  - Add glibc-static-devel as build requirement as tests need it
  - Install libpsx.a as it seems to be needed in some cases:
    * https://bugs.gentoo.org/703912
* Mon Dec 16 2019 matthias.gerstner@suse.com
  - Remove pam_cap (bsc#1150522) since this PAM module is a bad idea, security
    wise.
* Thu Feb 22 2018 fvogt@suse.com
  - Use %license (boo#1082318)
* Tue Jan 31 2017 matwey.kornilov@gmail.com
  - Enable PAM pam_cap.so module
* Sun Jan 01 2017 jengelh@inai.de
  - RPM group association fix
* Mon Aug 29 2016 dimstar@opensuse.org
  - Update to versison 2.25:
    + Recover gperf detection in make rules.
    + Man page typo fix.
    + Tweak make rules to make packaging more straightforward.
    + Fix error explanation in setcap.
    + Drop need to link with libattr. It turns out libcap wasn't
      actually using any code from that library, so linking to it was
      superfluous.
  - Drop libcap-nolibattr.patch: fixed upstream.
  - No longer add %{buildroot} to all variables for make install the
    Makefile learned about the meaning of DESTDIR.
* Sat Jan 31 2015 p.drouand@gmail.com
  - Update to version 2.24
    * Fix compilation problems (note to self, make distclean && make,
      before release)
    * Some make rule changes to make uploading a release to kernel.org
      easier for me.
    * Tidied up some documented links.
  - Update libcap-nolibattr.patch
  - Add pkg-config build requirement; libcap now provides a pkgconfig
    file
  - Clean up specfile
  - Move libraries and binaries to /usr because of #UsrMove
* Thu Jun 19 2014 crrodriguez@opensuse.org
  - libcap-nolibattr.patch Do not link to libattr, it is
    a bogus dependency. application uses sys/xattr from libc.
* Fri Feb 01 2013 coolo@suse.com
  - update license to new format
* Tue Sep 20 2011 aj@suse.de
  - Cleanup specfile a bit: Remove old tags.
* Tue Sep 20 2011 aj@suse.de
  - Update to libcap 2.22
  - libcap 2.22 includes:
    * Clarified License file (with version 2 of the GPL)
    * Support getting/setting capabilities on large files
    * After --chroot command, change working directory to "/".
  - libcap 2.21 includes:
    * Introduce cap_get_bound() and cap_drop_bound() functions.
      also include a macro CAP_IS_SUPPORTED(cap) for capabilities
  - libcap 2.20 includes:
    * Latest kernel capabilites supported: now includes CAP_SYSLOG
    * $(CFLAGS) Makefile fixes
    * Default to installing setcap with an inheritable capability.
* Thu Dec 02 2010 meissner@suse.de
  - updated to libcap-2.19
    * more stuff in capsh.c
    * sys/capability.h header clean up and fixes.
* Thu Dec 02 2010 meissner@suse.de
  - fixed build on ppc64 (needs to get linux/types.h included first).
* Mon Jun 28 2010 jengelh@medozas.de
  - use %_smp_mflags
* Wed Jun 09 2010 chris@computersalat.de
  - fix deps for fdupes
* Sat Dec 12 2009 jengelh@medozas.de
  - add baselibs.conf as a source
* Wed Mar 18 2009 tiwai@suse.de
  - fix a typo in the previous patch (__le64) (bnc#487453)
  - don't define __u32 & co if _LINUX_TYPES_H is defined (bnc#487453)
* Tue Mar 10 2009 tiwai@suse.de
  - fix build error on i386 due to missing __u64 definition in
    sys/capability.h
* Wed Jan 07 2009 tiwai@suse.de
  - updated to libcap-2.15:
    * Makefile fixes
  - updated to libcap-2.16:
    * stop using sed for parsing capability.h
* Mon Oct 27 2008 tiwai@suse.de
  - updated to libcap-2.14:
    * add -v mode to setcap
  - updated to libcap-2.13:
    * fix a corner case of cap_to_text()
  - updated to libcap-2.12:
    * man page fixes
    * remove never used codes for sysfs check
* Wed Oct 22 2008 mrueckert@suse.de
  - fix debug_packages_requires define
* Wed Aug 06 2008 tiwai@suse.de
  - updated to libcap-2.11:
    * makefile fixes, minor clean-ups
    * fix cap_copy_int(), new cap_get_pid() and cap_compare()
    * fix cap_copy_ext()
  - fix build with libcap-2.11.
* Sun Aug 03 2008 ro@suse.de
  - fix requires for debuginfo package
* Wed Jun 11 2008 tiwai@suse.de
  - updated to libcap-2.10:
    v3 capabilities, documantation fixes, misc fixes
* Wed Apr 23 2008 tiwai@suse.de
  - updated to libcap-2.08
    properly supporting the recent 2.6 kernels
* Thu Apr 10 2008 ro@suse.de
  - added baselibs.conf file to build xxbit packages
    for multilib support
* Mon Apr 16 2007 tiwai@suse.de
  - follow library packaging policy
    * move docs to devel package
    * move binaries and man pages to progs sub package
    * fix *.so symlink in libdir
* Wed Jan 24 2007 tiwai@suse.de
  - fix the access over array range in cap_extint.c (#237943).
* Tue Dec 19 2006 tiwai@suse.de
  - update to libcap-1.10 to support fscaps (#229722, FATE#301748)
* Wed May 24 2006 schwab@suse.de
  - Don't strip binaries.
* Thu May 11 2006 tiwai@suse.de
  - fix invalid calls of free() (#174561)
* Wed Jan 25 2006 mls@suse.de
  - converted neededforbuild to BuildRequires
* Fri Aug 19 2005 kukuk@suse.de
  - Create -devel subpackage
* Thu Jun 23 2005 meissner@suse.de
  - use RPM_OPT_FLAGS.
* Wed May 25 2005 tiwai@suse.de
  - fixed memory leak (#85659)
* Wed Jan 19 2005 tiwai@suse.de
  - fixed compile warnings with gcc-4.0.
* Thu Mar 25 2004 thomas@suse.de
  - added EAL3 man-page patch
* Tue Jan 27 2004 kukuk@suse.de
  - Remove capget.2/capset.2 from package (version from man-pages
    is newer).
* Sun Jan 11 2004 adrian@suse.de
  - add %run_ldconfig
* Mon Feb 24 2003 schwab@suse.de
  - Don't include kernel headers, instead copy the contents here.
* Thu Feb 06 2003 garloff@suse.de
  - Avoid inclusion of glibc's linux/fs.h (it's broken) [#23324].
  - Use BuildRoot.
* Wed Nov 27 2002 coolo@suse.de
  - link the library with the compiler so the depedencies
    are tracked correctly (#21996)
* Tue Sep 17 2002 ro@suse.de
  - removed bogus self-provides
* Wed Sep 04 2002 sf@suse.de
  - fix biarch error (added patch to Make.Rules)
* Sun Aug 11 2002 kukuk@suse.de
  - Remove kernel-source from neededforbuild
* Sat Apr 20 2002 garloff@suse.de
  - Include capfaq-0.2.txt
  - Disable syscall wrapper (capset/capget); it's defined in glibc.
* Sat Apr 20 2002 garloff@suse.de
  - Compile syscall wrapper without -fPIC
* Tue Apr 09 2002 ro@suse.de
  - apply gcc-3 fixes only for gcc-3
* Mon Mar 25 2002 stepan@suse.de
  - remove -ansi, as it forbids inline. (gcc3)
  - use -fpic for building libraries (gcc3)
* Wed Sep 05 2001 ro@suse.de
  - updated neededforbuild and updated specfile (man and doc relocation)
* Tue Sep 28 1999 garloff@suse.de
  - Initial check in of libcap.
  - Kernel patches are provided within the docdir.
/usr/lib64/libpsx.so.2 /usr/lib64/libpsx.so.2.73 /usr/share/licenses/libpsx2 /usr/share/licenses/libpsx2/License
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Sep 30 23:01:15 2025