libpsx2-2.73-2.2 RPM for x86_64

From OpenSuSE Tumbleweed for x86_64

Capabilities are a measure to limit the omnipotence of the superuser.
Currently a program started by root or setuid root has the power to do
anything. Capabilities (Linux-Privs) provide a more fine-grained access
control. Without kernel patches, you can use this library to drop
capabilities within setuid binaries. If you use patches, this can be
done automatically by the kernel.

Provides

• libpsx2
• libpsx.so.2()(64bit)
• libpsx2(x86-64)

Requires

• /sbin/ldconfig
• /sbin/ldconfig
• libc.so.6()(64bit)
• libc.so.6(GLIBC_2.2.5)(64bit)
• libc.so.6(GLIBC_2.3.2)(64bit)
• libc.so.6(GLIBC_2.3.4)(64bit)
• libc.so.6(GLIBC_2.34)(64bit)
• libc.so.6(GLIBC_2.38)(64bit)
• libc.so.6(GLIBC_2.4)(64bit)
• libc.so.6(GLIBC_2.7)(64bit)
• rpmlib(CompressedFileNames) <= 3.0.4-1
• rpmlib(FileDigests) <= 4.6.0-1
• rpmlib(PayloadFilesHavePrefix) <= 4.0-1
• rpmlib(PayloadIsZstd) <= 5.4.18-1

License

BSD-3-Clause OR GPL-2.0-only

Changelog

* Mon Dec 09 2024 Andreas Schwab <schwab@suse.de>
  - Disable psx_test and b219174 tests in qemu emulation
* Mon Dec 02 2024 Petr Vorel <pvorel@suse.cz>
  - update to 2.73:
    * https://sites.google.com/site/fullycapable/release-notes-for-libcap?authuser=0#h.7yd7ab9ppagk
* Sat May 25 2024 Andreas Stieger <andreas.stieger@gmx.de>
  - update to 2.70:
    * setcap changes to make it harder to set invalid file capabilities
    * Lots of documentation fixes
    * Fix c89 compilation syntax for the C code in the libraries
    * libpam has deprecated providing the _pam_overwrite() function,
      so use memset() instead
* Tue May 16 2023 Marcus Meissner <meissner@suse.com>
  - updated to 2.69
    - An audit was performed on libcap and friends by https://x41-dsec.de/ (blog) . The audit (final report, 2023-05-10) was sponsored by the the Open Source Technology Improvement Fund, https://ostif.org/ (blog). Five issues were found. Four of them are addressed in this release. Each issue was labeled in the audit results as follows:
    - LCAP-CR-23-01 (SEVERITY) LOW (CVE-2023-2602) - found by David Gstir (bsc#1211418)
    - LCAP-CR-23-02 (SEVERITY) MEDIUM (CVE-2023-2603) - found by Richard Weinberger (bsc#1211419)
    - LCAP-CR-23-100 (SEVERITY) NONE
    - LCAP-CR-23-101 (SEVERITY) NONE
    - LCAP-CR-23-102 (SEVERITY) NONE
    - Man page style improvement from Emanuele Torre
* Thu Mar 30 2023 Dirk Müller <dmueller@suse.com>
  - update to 2.68:
    * Force libcap internal functions to be hidden outside the library
    * Expanded the list of man page (links) to all of the supported API
      functions.
    * fixed some formatting issues with the libpsx(3) manpage.
    * Add support for a markdown preamble and postscript when generating
      .md versions of the man pages (Bug 217007)
    * psx package clean up
    * fix some copy-paste errors with TestShared()
    * added a more complete psx testing into this test as well
    * cap package clean up
    * drop an unnecessary use of ", _" in the sources
    * cleaned up cap.NamedCount documentation
    * Converted goapps/web/README to .md format and fixed the
      instructions to indicate go mod tidy is needed.
    * cap_compare test binary now cleans up after itself (Bug 217018)
    * Figured out how to cross compile Go programs for arm (i.e. RPi) that
      use C code, don't use cgo but do use the psx package
    * Eliminate use of vendor directory
* Fri Mar 24 2023 Martin Liška <mliska@suse.cz>
  - Enable LTO and add missing -ffat-lto-objects for the provided
    static libs.
* Fri Mar 24 2023 Takashi Iwai <tiwai@suse.com>
  - Revert LTO again; it still breaks builds
* Thu Mar 23 2023 Martin Liška <mliska@suse.cz>
  - Enable LTO as it works fine.
* Sat Feb 04 2023 Dirk Müller <dmueller@suse.com>
  - update to 2.67:
    * Replace use of fgrep with grep -F (POSIX grep flags preferred by
      GNU grep) - patch from David Seifert.
    * Added SPDX identifiers to License file(s). Hopefully this will
      help the various robots out there correctly identify the
      longstanding licenses for libcap and friends. (Bug: 216609
      reported by Günther Noack)
    * Started down the rabbit hole of trying to address (Bug: 216610
      reported by Günther Noack on behalf of Michael Stapelberg)
    * The basic issue is how to link C code with Go psx without using
      CGo. This is all a low level hackery. If you are interested,
      browse the source.
    * Correct for bad whatis entries in man pages (this was throwing a
      Debian build test, detail)
    * Also reviewed man pages and addressed cross linkage issues (Bug:
    * Cleaned up some README.md files (made a github mirror now just so
      I can automatically render them).
    * Changed meaning of DYNAMIC=no builds.
      This now builds everything with static linking except for libc.
      The reason for this exception is explained in the commit message.
    * Inserted demonstration exploit code in capso.so to support
      article.
* Thu Sep 29 2022 Dirk Müller <dmueller@suse.com>
  - update to 2.66:
    * Fix documentation typos in cap_from_text.3
    * Some getpcaps code clean up and a fix for PID argument parsing from Jakub
      Wilk.
    * Slightly more robust Makefiles to address an error with make -j48 test observed
    * Include a simple Go program, captrace, to trace kernel capability validation
      checks
    * This program can be used to figure out what capabilities a program needs to
      operate.
    * captrace (a wrapper for bpftrace) uses BPF kprobes to monitor the kernel for
      capability checks and whether or not they succeed for the system, a specific
      PID or a program's direct execution.
    * Trim down the default file capabilities for contrib/sucap/su to those actually
      needed and set USER and HOME environment variables so bash doesn't complain
      about a sourcing error.
* Fri Jul 22 2022 Dirk Müller <dmueller@suse.com>
  - update to 2.65:
    * Fix syntax error in DEBUG build of protected code in setcap.c.
    * Prevent bash from reading the wrong startup files when the capsh --user=xxx
      argument is used to invoke a shell as the user xxx. This is done by capsh now
      changing the USER and HOME environment variables when --user is specified.
      The argument --noenv can be used to suppress this behavior to what used to be
      the problematic default. (Bug: 215926)
    * Improved documentation
* Tue Apr 12 2022 Dirk Müller <dmueller@suse.com>
  - update to 2.64:
    * Fix memory leak in libpsx at program exit.
    * Be more resilient to CGo configuration with Go compiler when building tests.
    * Fix cap_*prctl() return code/errno handling.
    * Minor clarification to cap_get_pid() man page concerning pid
      value within namespaces.
* Fri Feb 25 2022 Marcus Meissner <meissner@suse.com>
  - Use "or" in the license tag to avoid confusion (bsc#1180073)
* Mon Jan 31 2022 Dirk Müller <dmueller@suse.com>
  - update to 2.63:
    * restore errno to zero by the time main() is executed
    * Consistent psx handling (a panic) for syscalls that return thread dependent
      status Inconsistend behavior noticed by Lorenz Bauer
    * Add a test case for a deadlock under investigation in golang
    * Trim some of the #include file use to make the tree compile more
      efficiently

Files

/usr/lib64/libpsx.so.2
/usr/lib64/libpsx.so.2.73
/usr/share/licenses/libpsx2
/usr/share/licenses/libpsx2/License

Generated by rpm2html 1.8.1

Fabrice Bellet, Fri Mar 14 00:12:15 2025