commit libcap-ng for openSUSE:Factory

h_root Fri, 16 May 2014 21:44:33 -0700

Hello community,

here is the log from the commit of package libcap-ng for openSUSE:Factory 
checked in at 2014-05-17 06:43:13
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libcap-ng (Old)
 and      /work/SRC/openSUSE:Factory/.libcap-ng.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "libcap-ng"

Changes:
--------
--- /work/SRC/openSUSE:Factory/libcap-ng/libcap-ng-python.changes       
2013-03-15 10:39:40.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.libcap-ng.new/libcap-ng-python.changes  
2014-05-17 06:43:23.000000000 +0200
@@ -2 +2,12 @@
-Thu Mar 14 09:30:13 UTC 2013 - [email protected]
+Thu May 15 13:19:57 UTC 2014 - [email protected]
+
+- Version bupm to 0.7.4
+- Cleanup with spec-cleaner
+- Remove useless specification of attributes
+- Really split the two spec files instead of copying them to avoid
+  the huge ifdefing.
+  + more readable
+  - version must be edited in two places when bumping
+
+-------------------------------------------------------------------
+Thu Mar 14 09:30:04 UTC 2013 - [email protected]
--- /work/SRC/openSUSE:Factory/libcap-ng/libcap-ng.changes      2013-03-15 
10:39:40.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.libcap-ng.new/libcap-ng.changes 2014-05-17 
06:43:23.000000000 +0200
@@ -1,0 +2,11 @@
+Thu May 15 13:19:57 UTC 2014 - [email protected]
+
+- Version bupm to 0.7.4
+- Cleanup with spec-cleaner
+- Remove useless specification of attributes
+- Really split the two spec files instead of copying them to avoid
+  the huge ifdefing.
+  + more readable
+  - version must be edited in two places when bumping
+
+-------------------------------------------------------------------

Old:
----
  libcap-ng-0.7.3.tar.gz
  pre_checkin.sh

New:
----
  libcap-ng-0.7.4.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ libcap-ng-python.spec ++++++
--- /var/tmp/diff_new_pack.v6qWrF/_old  2014-05-17 06:43:24.000000000 +0200
+++ /var/tmp/diff_new_pack.v6qWrF/_new  2014-05-17 06:43:24.000000000 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package libcap-ng-python
 #
-# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -16,146 +16,56 @@
 #
 
 
-%{!?python_sitelib:  %global python_sitelib  %(%{__python} -c "from 
distutils.sysconfig import get_python_lib; print(get_python_lib())")}
-%{!?python_sitearch: %global python_sitearch %(%{__python} -c "from 
distutils.sysconfig import get_python_lib; print(get_python_lib(1))")}
-
+%define soname  0
+Name:           libcap-ng-python
+Version:        0.7.4
+Release:        0
 Summary:        An alternate POSIX capabilities library
 License:        LGPL-2.1+
 Group:          System/Libraries
-
-Name:           libcap-ng-python
-Version:        0.7.3
-Release:        0
-%define soname 0
-%define rname libcap-ng
 Url:            http://people.redhat.com/sgrubb/libcap-ng
 Source0:        
http://people.redhat.com/sgrubb/libcap-ng/libcap-ng-%{version}.tar.gz
-Source1:        pre_checkin.sh
-Source2:        baselibs.conf
+Source1:        baselibs.conf
 Source99:       libcap-ng.rpmlintrc
-BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  kernel-headers >= 2.6.11
 BuildRequires:  libattr-devel
 BuildRequires:  pkg-config
 BuildRequires:  python-base
+BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
 Libcap-ng is a library that makes using posix capabilities easier
 
-%if "%{name}" == "%{rname}"
-
-%package -n %{name}%{soname}
-
-Summary:        An alternate POSIX capabilities library
-License:        LGPL-2.1+
-Group:          System/Libraries
-
-%description -n %{name}%{soname}
-Libcap-ng is a library that makes using posix capabilities easier
-
-%package devel
-
-Summary:        Header files for libcap-ng library
-License:        LGPL-2.1+
-Group:          Development/Libraries/C and C++
-Requires:       %{name}%{soname} = %{version}
-Requires:       kernel-headers >= 2.6.11
-Requires:       pkgconfig
-
-%description devel
-The libcap-ng-devel package contains the files needed for developing
-applications that need to use the libcap-ng library.
-
-%package utils
-
-Summary:        Utilities for analysing and setting file capabilities
-License:        GPL-2.0+
-Group:          System/Base
-
-%description utils
-The libcap-ng-utils package contains applications to analyse the
-posix capabilities of all the program running on a system. It also
-lets you set the file system based capabilities.
-
-%else
-
 %package -n python-capng
 Summary:        Python bindings for libcap-ng library
-License:        LGPL-2.1+
 Group:          Development/Libraries/Python
+BuildRequires:  libcap-ng-devel = %{version}
 BuildRequires:  python-devel
 BuildRequires:  swig
-Requires:       %{rname}%{soname} = %{version}
-%py_requires
+Requires:       libcap-ng%{soname} = %{version}
+%{py_requires}
 
 %description -n python-capng
 The libcap-ng-python package contains the bindings so that libcap-ng
 and can be used by python applications.
 
-%endif
-
 %prep
-%setup -q -n %{rname}-%{version}
+%setup -q -n libcap-ng-%{version}
 
 %build
-%configure --disable-static --with-pic --with-python=yes
-%__make %{?_smp_mflags}
+%configure \
+    --disable-static \
+    --with-pic \
+    --with-python
+make %{?_smp_mflags}
 
 %install
-%__make DESTDIR="%{buildroot}" install
-
-# Remove a couple things so they don't get picked up
-find %{buildroot} -type f -name "*.la" -print -delete
-
-%if "%{name}" == "%{rname}-python"
-%__rm -f %{buildroot}%{_libdir}/lib*.so*
-%__rm -f %{buildroot}%{_libdir}/lib*.so*
-%__rm -rf %{buildroot}%{_libdir}/pkgconfig
-%__rm -rf %{buildroot}%{_bindir}
-%__rm -rf %{buildroot}%{_mandir}
-%__rm -rf %{buildroot}%{_includedir}
-%__rm -rf %{buildroot}%{_datadir}/aclocal
-%endif
-
-%clean
-%{?buildroot:%__rm -rf "%{buildroot}"}
-
-%if "%{name}" == "%{rname}"
-
-%post -n %{name}%{soname} -p /sbin/ldconfig
-
-%postun -n %{name}%{soname} -p /sbin/ldconfig
-
-%files -n %{name}%{soname}
-%defattr(-,root,root,-)
-%doc COPYING.LIB
-%attr(0755,root,root) %{_libdir}/%{rname}.so.%{soname}
-%attr(0755,root,root) %{_libdir}/%{rname}.so.%{soname}.*
-
-%files devel
-%defattr(-,root,root,-)
-%attr(0644,root,root) %{_mandir}/man3/*.3%{ext_man}
-%attr(0644,root,root) %{_includedir}/cap-ng.h
-%attr(0755,root,root) %{_libdir}/%{rname}.so
-%attr(0644,root,root) %{_datadir}/aclocal/cap-ng.m4
-%{_libdir}/pkgconfig/%{rname}.pc
-
-%files utils
-%defattr(-,root,root,-)
-%doc COPYING
-%attr(0755,root,root) %{_bindir}/captest
-%attr(0755,root,root) %{_bindir}/filecap
-%attr(0755,root,root) %{_bindir}/netcap
-%attr(0755,root,root) %{_bindir}/pscap
-%attr(0644,root,root) %{_mandir}/man8/*.8%{ext_man}
-
-%else
+make DESTDIR=%{buildroot} install %{?_smp_mflags} -C bindings/python
+find %{buildroot} -type f -name "*.la" -delete -print
 
 %files -n python-capng
 %defattr(-,root,root,-)
-%attr(755,root,root) %{python_sitearch}/_capng.so
+%{python_sitearch}/_capng.so
 %{python_sitearch}/capng.py*
 
-%endif
-
 %changelog

++++++ libcap-ng.spec ++++++
--- /var/tmp/diff_new_pack.v6qWrF/_old  2014-05-17 06:43:24.000000000 +0200
+++ /var/tmp/diff_new_pack.v6qWrF/_new  2014-05-17 06:43:24.000000000 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package libcap-ng
 #
-# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -16,36 +16,26 @@
 #
 
 
-%{!?python_sitelib:  %global python_sitelib  %(%{__python} -c "from 
distutils.sysconfig import get_python_lib; print(get_python_lib())")}
-%{!?python_sitearch: %global python_sitearch %(%{__python} -c "from 
distutils.sysconfig import get_python_lib; print(get_python_lib(1))")}
-
+%define soname  0
+Name:           libcap-ng
+Version:        0.7.4
+Release:        0
 Summary:        An alternate POSIX capabilities library
 License:        LGPL-2.1+
 Group:          System/Libraries
-
-Name:           libcap-ng
-Version:        0.7.3
-Release:        0
-%define soname 0
-%define rname libcap-ng
 Url:            http://people.redhat.com/sgrubb/libcap-ng
 Source0:        
http://people.redhat.com/sgrubb/libcap-ng/libcap-ng-%{version}.tar.gz
-Source1:        pre_checkin.sh
-Source2:        baselibs.conf
+Source1:        baselibs.conf
 Source99:       libcap-ng.rpmlintrc
-BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  kernel-headers >= 2.6.11
 BuildRequires:  libattr-devel
 BuildRequires:  pkg-config
-BuildRequires:  python-base
+BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
 Libcap-ng is a library that makes using posix capabilities easier
 
-%if "%{name}" == "%{rname}"
-
 %package -n %{name}%{soname}
-
 Summary:        An alternate POSIX capabilities library
 License:        LGPL-2.1+
 Group:          System/Libraries
@@ -54,7 +44,6 @@
 Libcap-ng is a library that makes using posix capabilities easier
 
 %package devel
-
 Summary:        Header files for libcap-ng library
 License:        LGPL-2.1+
 Group:          Development/Libraries/C and C++
@@ -67,7 +56,6 @@
 applications that need to use the libcap-ng library.
 
 %package utils
-
 Summary:        Utilities for analysing and setting file capabilities
 License:        GPL-2.0+
 Group:          System/Base
@@ -77,50 +65,19 @@
 posix capabilities of all the program running on a system. It also
 lets you set the file system based capabilities.
 
-%else
-
-%package -n python-capng
-Summary:        Python bindings for libcap-ng library
-License:        LGPL-2.1+
-Group:          Development/Libraries/Python
-BuildRequires:  python-devel
-BuildRequires:  swig
-Requires:       %{rname}%{soname} = %{version}
-%py_requires
-
-%description -n python-capng
-The libcap-ng-python package contains the bindings so that libcap-ng
-and can be used by python applications.
-
-%endif
-
 %prep
-%setup -q -n %{rname}-%{version}
+%setup -q
 
 %build
-%configure --disable-static --with-pic --with-python=no
-%__make %{?_smp_mflags}
+%configure \
+       --disable-static \
+       --with-pic \
+       --without-python
+make %{?_smp_mflags}
 
 %install
-%__make DESTDIR="%{buildroot}" install
-
-# Remove a couple things so they don't get picked up
-find %{buildroot} -type f -name "*.la" -print -delete
-
-%if "%{name}" == "%{rname}-python"
-%__rm -f %{buildroot}%{_libdir}/lib*.so*
-%__rm -f %{buildroot}%{_libdir}/lib*.so*
-%__rm -rf %{buildroot}%{_libdir}/pkgconfig
-%__rm -rf %{buildroot}%{_bindir}
-%__rm -rf %{buildroot}%{_mandir}
-%__rm -rf %{buildroot}%{_includedir}
-%__rm -rf %{buildroot}%{_datadir}/aclocal
-%endif
-
-%clean
-%{?buildroot:%__rm -rf "%{buildroot}"}
-
-%if "%{name}" == "%{rname}"
+make DESTDIR=%{buildroot} install %{?_smp_mflags}
+find %{buildroot} -type f -name "*.la" -delete -print
 
 %post -n %{name}%{soname} -p /sbin/ldconfig
 
@@ -129,33 +86,24 @@
 %files -n %{name}%{soname}
 %defattr(-,root,root,-)
 %doc COPYING.LIB
-%attr(0755,root,root) %{_libdir}/%{rname}.so.%{soname}
-%attr(0755,root,root) %{_libdir}/%{rname}.so.%{soname}.*
+%{_libdir}/%{name}.so.%{soname}
+%{_libdir}/%{name}.so.%{soname}.*
 
 %files devel
 %defattr(-,root,root,-)
-%attr(0644,root,root) %{_mandir}/man3/*.3%{ext_man}
-%attr(0644,root,root) %{_includedir}/cap-ng.h
-%attr(0755,root,root) %{_libdir}/%{rname}.so
-%attr(0644,root,root) %{_datadir}/aclocal/cap-ng.m4
-%{_libdir}/pkgconfig/%{rname}.pc
+%{_mandir}/man3/*.3%{ext_man}
+%{_includedir}/cap-ng.h
+%{_libdir}/%{name}.so
+%{_datadir}/aclocal/cap-ng.m4
+%{_libdir}/pkgconfig/%{name}.pc
 
 %files utils
 %defattr(-,root,root,-)
 %doc COPYING
-%attr(0755,root,root) %{_bindir}/captest
-%attr(0755,root,root) %{_bindir}/filecap
-%attr(0755,root,root) %{_bindir}/netcap
-%attr(0755,root,root) %{_bindir}/pscap
-%attr(0644,root,root) %{_mandir}/man8/*.8%{ext_man}
-
-%else
-
-%files -n python-capng
-%defattr(-,root,root,-)
-%attr(755,root,root) %{python_sitearch}/_capng.so
-%{python_sitearch}/capng.py*
-
-%endif
+%{_bindir}/captest
+%{_bindir}/filecap
+%{_bindir}/netcap
+%{_bindir}/pscap
+%{_mandir}/man8/*.8%{ext_man}
 
 %changelog

++++++ libcap-ng-0.7.3.tar.gz -> libcap-ng-0.7.4.tar.gz ++++++
++++ 6850 lines of diff (skipped)
++++    retrying with extended exclude list
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude 
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh 
old/libcap-ng-0.7.3/ChangeLog new/libcap-ng-0.7.4/ChangeLog
--- old/libcap-ng-0.7.3/ChangeLog       2012-11-09 20:59:13.000000000 +0100
+++ new/libcap-ng-0.7.4/ChangeLog       2014-04-24 14:41:44.000000000 +0200
@@ -1,3 +1,11 @@
+0.7.4
+- In pscap, remove unused code
+- Add CAPNG_INIT_SUPP_GRP to capng_change_id
+- Drop CAP_COMPROMISE_KERNEL
+- Update the autotools components
+- Dynamically detect last capability (#895105)
+- Add PR_SET_NO_NEW_PRIVS to capng_lock if kernel supports it
+
 0.7.3
 - Make sure stderr is used consistently in utils
 - Fix logic causing file based capabilities to not be supported when it should
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude 
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh 
old/libcap-ng-0.7.3/INSTALL new/libcap-ng-0.7.4/INSTALL
--- old/libcap-ng-0.7.3/INSTALL 2012-11-09 20:59:20.000000000 +0100
+++ new/libcap-ng-0.7.4/INSTALL 2014-04-24 14:41:51.000000000 +0200
@@ -1,7 +1,7 @@
 Installation Instructions
 *************************
 
-Copyright (C) 1994-1996, 1999-2002, 2004-2012 Free Software Foundation,
+Copyright (C) 1994-1996, 1999-2002, 2004-2013 Free Software Foundation,
 Inc.
 
    Copying and distribution of this file, with or without modification,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude 
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh 
old/libcap-ng-0.7.3/bindings/python/capng.py 
new/libcap-ng-0.7.4/bindings/python/capng.py
--- old/libcap-ng-0.7.3/bindings/python/capng.py        2012-11-09 
20:59:24.000000000 +0100
+++ new/libcap-ng-0.7.4/bindings/python/capng.py        2014-04-24 
14:41:55.000000000 +0200
@@ -1,11 +1,13 @@
 # This file was automatically generated by SWIG (http://www.swig.org).
-# Version 2.0.8
+# Version 2.0.11
 #
 # Do not make changes to this file unless you know what you are doing--modify
 # the SWIG interface file instead.
 
 
 
+
+
 from sys import version_info
 if version_info >= (2,6,0):
     def swig_import_helper():
@@ -104,7 +106,6 @@
 CAP_SYSLOG = _capng.CAP_SYSLOG
 CAP_WAKE_ALARM = _capng.CAP_WAKE_ALARM
 CAP_BLOCK_SUSPEND = _capng.CAP_BLOCK_SUSPEND
-CAP_COMPROMISE_KERNEL = _capng.CAP_COMPROMISE_KERNEL
 CAP_LAST_CAP = _capng.CAP_LAST_CAP
 CAPNG_DROP = _capng.CAPNG_DROP
 CAPNG_ADD = _capng.CAPNG_ADD
@@ -124,6 +125,7 @@
 CAPNG_NO_FLAG = _capng.CAPNG_NO_FLAG
 CAPNG_DROP_SUPP_GRP = _capng.CAPNG_DROP_SUPP_GRP
 CAPNG_CLEAR_BOUNDING = _capng.CAPNG_CLEAR_BOUNDING
+CAPNG_INIT_SUPP_GRP = _capng.CAPNG_INIT_SUPP_GRP
 
 def capng_clear(*args):
   return _capng.capng_clear(*args)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude 
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh 
old/libcap-ng-0.7.3/compile new/libcap-ng-0.7.4/compile
--- old/libcap-ng-0.7.3/compile 2012-11-09 20:59:20.000000000 +0100
+++ new/libcap-ng-0.7.4/compile 2014-04-24 14:41:51.000000000 +0200
@@ -1,9 +1,9 @@
 #! /bin/sh
 # Wrapper for compilers which do not understand '-c -o'.
 
-scriptversion=2012-03-05.13; # UTC
+scriptversion=2012-10-14.11; # UTC
 
-# Copyright (C) 1999-2012 Free Software Foundation, Inc.
+# Copyright (C) 1999-2013 Free Software Foundation, Inc.
 # Written by Tom Tromey <[email protected]>.
 #
 # This program is free software; you can redistribute it and/or modify
@@ -112,6 +112,11 @@
       lib=$dir/$lib.lib
       break
     fi
+    if test -f "$dir/lib$lib.a"; then
+      found=yes
+      lib=$dir/lib$lib.a
+      break
+    fi
   done
   IFS=$save_IFS
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude 
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh 
old/libcap-ng-0.7.3/configure.ac new/libcap-ng-0.7.4/configure.ac
--- old/libcap-ng-0.7.3/configure.ac    2012-11-09 20:59:13.000000000 +0100
+++ new/libcap-ng-0.7.4/configure.ac    2014-04-24 14:41:45.000000000 +0200
@@ -29,7 +29,7 @@
 ])
 
 AC_REVISION($Revision: 1.3 $)dnl
-AC_INIT(libcap-ng,0.7.3)
+AC_INIT(libcap-ng,0.7.4)
 AC_PREREQ(2.12)dnl
 AM_CONFIG_HEADER(config.h)
 AC_CONFIG_MACRO_DIR([m4])
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude 
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh 
old/libcap-ng-0.7.3/docs/capng_change_id.3 
new/libcap-ng-0.7.4/docs/capng_change_id.3
--- old/libcap-ng-0.7.3/docs/capng_change_id.3  2012-11-09 20:59:13.000000000 
+0100
+++ new/libcap-ng-0.7.4/docs/capng_change_id.3  2014-04-24 14:41:44.000000000 
+0200
@@ -1,4 +1,4 @@
-.TH "CAPNG_CHANGE_ID" "3" "June 2009" "Red Hat" "Libcap-ng API"
+.TH "CAPNG_CHANGE_ID" "3" "Feb 2013" "Red Hat" "Libcap-ng API"
 .SH NAME
 capng_change_id \- change the credentials retaining capabilities
 .SH "SYNOPSIS"
@@ -18,7 +18,12 @@
 Simply change uid and retain specified capabilities and that's all.
 .TP
 .B CAPNG_DROP_SUPP_GRP
-After changing id, remove and supplement groups that may come with the account.
+After changing id, remove any supplement groups that may still be in effect 
from the old uid.
+.TP
+.B CAPNG_INIT_SUPP_GRP
+After changing id, initialize any supplement groups that may come with the new 
account. If given with
+.B CAPNG_DROP_SUPP_GRP
+it will have no effect.
 .TP
 .B CAPNG_CLEAR_BOUNDING
 After changing the uid and gid, clear the bounding set regardless to the 
internal representation already setup.
@@ -26,7 +31,7 @@
 .RE
 .SH "RETURN VALUE"
 
-This returns 0 on success and a negative number on failure. -1 means capng has 
not been initted properly, -2 means a failure requesting to keep capabilities 
across the uid change, -3 means that applying the intermediate capabilities 
failed, -4 means changing gid failed, -5 means dropping supplemental groups 
failed, -6 means changing the uid failed, -7 means dropping the ability to 
retain caps across a uid change failed, -8 means clearing the bounding set 
failed, -9 means dropping CAP_SETPCAP failed.
+This returns 0 on success and a negative number on failure. -1 means capng has 
not been initted properly, -2 means a failure requesting to keep capabilities 
across the uid change, -3 means that applying the intermediate capabilities 
failed, -4 means changing gid failed, -5 means dropping supplemental groups 
failed, -6 means changing the uid failed, -7 means dropping the ability to 
retain caps across a uid change failed, -8 means clearing the bounding set 
failed, -9 means dropping CAP_SETPCAP failed, -10 means initializing 
supplemental groups failed.
 
 Note: the only safe action to do upon failure of this function is to probably 
exit. This is because you are likely in a situation with partial permissions 
and not what you intended.
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude 
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh 
old/libcap-ng-0.7.3/libcap-ng.spec new/libcap-ng-0.7.4/libcap-ng.spec
--- old/libcap-ng-0.7.3/libcap-ng.spec  2012-11-09 20:59:13.000000000 +0100
+++ new/libcap-ng-0.7.4/libcap-ng.spec  2014-04-24 14:41:43.000000000 +0200
@@ -2,7 +2,7 @@
 
 Summary: An alternate posix capabilities library
 Name: libcap-ng
-Version: 0.7.3
+Version: 0.7.4
 Release: 1
 License: LGPLv2+
 Group: System Environment/Libraries
@@ -111,6 +111,6 @@
 %attr(0644,root,root) %{_mandir}/man8/*
 
 %changelog
-* Tue Nov 09 2012 Steve Grubb <[email protected]> 0.7.3-1
+* Thu Apr 24 2014 Steve Grubb <[email protected]> 0.7.4-1
 - New upstream release
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude 
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh 
old/libcap-ng-0.7.3/m4/libtool.m4 new/libcap-ng-0.7.4/m4/libtool.m4
--- old/libcap-ng-0.7.3/m4/libtool.m4   2012-11-09 20:59:17.000000000 +0100
+++ new/libcap-ng-0.7.4/m4/libtool.m4   2014-04-24 14:41:48.000000000 +0200
@@ -1312,7 +1312,7 @@
   rm -rf conftest*
   ;;
 
-x86_64-*kfreebsd*-gnu|x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*| \
+x86_64-*kfreebsd*-gnu|x86_64-*linux*|powerpc*-*linux*| \
 s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
   # Find out which ABI we are using.
   echo 'int i;' > conftest.$ac_ext
@@ -1326,7 +1326,10 @@
          x86_64-*linux*)
            LD="${LD-ld} -m elf_i386"
            ;;
-         ppc64-*linux*|powerpc64-*linux*)
+         powerpc64le-*linux*)
+           LD="${LD-ld} -m elf32lppclinux"
+           ;;
+         powerpc64-*linux*)
            LD="${LD-ld} -m elf32ppclinux"
            ;;
          s390x-*linux*)
@@ -1345,7 +1348,10 @@
          x86_64-*linux*)
            LD="${LD-ld} -m elf_x86_64"
            ;;
-         ppc*-*linux*|powerpc*-*linux*)
+         powerpcle-*linux*)
+           LD="${LD-ld} -m elf64lppc"
+           ;;
+         powerpc-*linux*)
            LD="${LD-ld} -m elf64ppc"
            ;;
          s390*-*linux*|s390*-*tpf*)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude 
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh 
old/libcap-ng-0.7.3/missing new/libcap-ng-0.7.4/missing
--- old/libcap-ng-0.7.3/missing 2012-11-09 20:59:20.000000000 +0100
+++ new/libcap-ng-0.7.4/missing 2014-04-24 14:41:51.000000000 +0200
@@ -1,10 +1,10 @@
 #! /bin/sh
-# Common stub for a few missing GNU programs while installing.
+# Common wrapper for a few potentially missing GNU programs.
 
-scriptversion=2012-01-06.18; # UTC
+scriptversion=2012-06-26.16; # UTC
 
-# Copyright (C) 1996-2012 Free Software Foundation, Inc.
-# Originally by Fran,cois Pinard <[email protected]>, 1996.
+# Copyright (C) 1996-2013 Free Software Foundation, Inc.
+# Originally written by Fran,cois Pinard <[email protected]>, 1996.
 
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -29,61 +29,33 @@
   exit 1
 fi
 
-run=:
-sed_output='s/.* --output[ =]\([^ ]*\).*/\1/p'
-sed_minuso='s/.* -o \([^ ]*\).*/\1/p'
-
-# In the cases where this matters, 'missing' is being run in the
-# srcdir already.
-if test -f configure.ac; then
-  configure_ac=configure.ac
-else
-  configure_ac=configure.in
-fi
+case $1 in
 
-msg="missing on your system"
+  --is-lightweight)
+    # Used by our autoconf macros to check whether the available missing
+    # script is modern enough.
+    exit 0
+    ;;
 
-case $1 in
---run)
-  # Try to run requested program, and just exit if it succeeds.
-  run=
-  shift
-  "$@" && exit 0
-  # Exit code 63 means version mismatch.  This often happens
-  # when the user try to use an ancient version of a tool on
-  # a file that requires a minimum version.  In this case we
-  # we should proceed has if the program had been absent, or
-  # if --run hadn't been passed.
-  if test $? = 63; then
-    run=:
-    msg="probably too old"
-  fi
-  ;;
+  --run)
+    # Back-compat with the calling convention used by older automake.
+    shift
+    ;;
 
   -h|--h|--he|--hel|--help)
     echo "\
 $0 [OPTION]... PROGRAM [ARGUMENT]...
 
-Handle 'PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an
-error status if there is no known handling for PROGRAM.
+Run 'PROGRAM [ARGUMENT]...', returning a proper advice when this fails due
+to PROGRAM being missing or too old.
 
 Options:
   -h, --help      display this help and exit
   -v, --version   output version information and exit
-  --run           try to run the given command, and emulate it if it fails
 
 Supported PROGRAM values:
-  aclocal      touch file 'aclocal.m4'
-  autoconf     touch file 'configure'
-  autoheader   touch file 'config.h.in'
-  autom4te     touch the output file, or create a stub one
-  automake     touch all 'Makefile.in' files
-  bison        create 'y.tab.[ch]', if possible, from existing .[ch]
-  flex         create 'lex.yy.c', if possible, from existing .c
-  help2man     touch the output file
-  lex          create 'lex.yy.c', if possible, from existing .c
-  makeinfo     touch the output file
-  yacc         create 'y.tab.[ch]', if possible, from existing .[ch]
+  aclocal   autoconf  autoheader   autom4te  automake  makeinfo
+  bison     yacc      flex         lex       help2man
 
 Version suffixes to PROGRAM as well as the prefixes 'gnu-', 'gnu', and
 'g' are ignored when checking the name.
@@ -98,228 +70,141 @@
     ;;
 
   -*)
-    echo 1>&2 "$0: Unknown '$1' option"
+    echo 1>&2 "$0: unknown '$1' option"
     echo 1>&2 "Try '$0 --help' for more information"
     exit 1
     ;;
 
 esac
 
-# normalize program name to check for.
-program=`echo "$1" | sed '
-  s/^gnu-//; t
-  s/^gnu//; t
-  s/^g//; t'`
-
-# Now exit if we have it, but it failed.  Also exit now if we
-# don't have it and --version was passed (most likely to detect
-# the program).  This is about non-GNU programs, so use $1 not
-# $program.
-case $1 in
-  lex*|yacc*)
-    # Not GNU programs, they don't have --version.
-    ;;
+# Run the given program, remember its exit status.
+"$@"; st=$?
 
-  *)
-    if test -z "$run" && ($1 --version) > /dev/null 2>&1; then
-       # We have it, but it failed.
-       exit 1
-    elif test "x$2" = "x--version" || test "x$2" = "x--help"; then
-       # Could not run --version or --help.  This is probably someone
-       # running '$TOOL --version' or '$TOOL --help' to check whether
-       # $TOOL exists and not knowing $TOOL uses missing.
-       exit 1
-    fi
-    ;;
-esac
-
-# If it does not exist, or fails to run (possibly an outdated version),
-# try to emulate it.
-case $program in
-  aclocal*)
-    echo 1>&2 "\
-WARNING: '$1' is $msg.  You should only need it if
-         you modified 'acinclude.m4' or '${configure_ac}'.  You might want
-         to install the Automake and Perl packages.  Grab them from
-         any GNU archive site."
-    touch aclocal.m4
-    ;;
-
-  autoconf*)
-    echo 1>&2 "\
-WARNING: '$1' is $msg.  You should only need it if
-         you modified '${configure_ac}'.  You might want to install the
-         Autoconf and GNU m4 packages.  Grab them from any GNU
-         archive site."
-    touch configure
-    ;;
-
-  autoheader*)
-    echo 1>&2 "\
-WARNING: '$1' is $msg.  You should only need it if
-         you modified 'acconfig.h' or '${configure_ac}'.  You might want
-         to install the Autoconf and GNU m4 packages.  Grab them
-         from any GNU archive site."
-    files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^)]*\)).*/\1/p' 
${configure_ac}`
-    test -z "$files" && files="config.h"
-    touch_files=
-    for f in $files; do
-      case $f in
-      *:*) touch_files="$touch_files "`echo "$f" |
-                                      sed -e 's/^[^:]*://' -e 's/:.*//'`;;
-      *) touch_files="$touch_files $f.in";;
-      esac
-    done
-    touch $touch_files
-    ;;
+# If it succeeded, we are done.
+test $st -eq 0 && exit 0
 
-  automake*)
-    echo 1>&2 "\
-WARNING: '$1' is $msg.  You should only need it if
-         you modified 'Makefile.am', 'acinclude.m4' or '${configure_ac}'.
-         You might want to install the Automake and Perl packages.
-         Grab them from any GNU archive site."
-    find . -type f -name Makefile.am -print |
-          sed 's/\.am$/.in/' |
-          while read f; do touch "$f"; done
-    ;;
-
-  autom4te*)
-    echo 1>&2 "\
-WARNING: '$1' is needed, but is $msg.
-         You might have modified some files without having the
-         proper tools for further handling them.
-         You can get '$1' as part of Autoconf from any GNU
-         archive site."
-
-    file=`echo "$*" | sed -n "$sed_output"`
-    test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
-    if test -f "$file"; then
-       touch $file
-    else
-       test -z "$file" || exec >$file
-       echo "#! /bin/sh"
-       echo "# Created by GNU Automake missing as a replacement of"
-       echo "#  $ $@"
-       echo "exit 0"
-       chmod +x $file
-       exit 1
-    fi
-    ;;
-
-  bison*|yacc*)
-    echo 1>&2 "\
-WARNING: '$1' $msg.  You should only need it if
-         you modified a '.y' file.  You may need the Bison package
-         in order for those modifications to take effect.  You can get
-         Bison from any GNU archive site."
-    rm -f y.tab.c y.tab.h
-    if test $# -ne 1; then
-        eval LASTARG=\${$#}
-       case $LASTARG in
-       *.y)
-           SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'`
-           if test -f "$SRCFILE"; then
-                cp "$SRCFILE" y.tab.c
-           fi
-           SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'`
-           if test -f "$SRCFILE"; then
-                cp "$SRCFILE" y.tab.h
-           fi
-         ;;
-       esac
-    fi
-    if test ! -f y.tab.h; then
-       echo >y.tab.h
-    fi
-    if test ! -f y.tab.c; then
-       echo 'main() { return 0; }' >y.tab.c
-    fi
-    ;;
-
-  lex*|flex*)
-    echo 1>&2 "\
-WARNING: '$1' is $msg.  You should only need it if
-         you modified a '.l' file.  You may need the Flex package
-         in order for those modifications to take effect.  You can get
-         Flex from any GNU archive site."
-    rm -f lex.yy.c
-    if test $# -ne 1; then
-        eval LASTARG=\${$#}
-       case $LASTARG in
-       *.l)
-           SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'`
-           if test -f "$SRCFILE"; then
-                cp "$SRCFILE" lex.yy.c
-           fi
-         ;;
-       esac
-    fi
-    if test ! -f lex.yy.c; then
-       echo 'main() { return 0; }' >lex.yy.c
-    fi
-    ;;
-
-  help2man*)
-    echo 1>&2 "\
-WARNING: '$1' is $msg.  You should only need it if
-        you modified a dependency of a manual page.  You may need the
-        Help2man package in order for those modifications to take
-        effect.  You can get Help2man from any GNU archive site."
-
-    file=`echo "$*" | sed -n "$sed_output"`
-    test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
-    if test -f "$file"; then
-       touch $file
-    else
-       test -z "$file" || exec >$file
-       echo ".ab help2man is required to generate this page"
-       exit $?
-    fi
-    ;;
-
-  makeinfo*)
-    echo 1>&2 "\
-WARNING: '$1' is $msg.  You should only need it if
-         you modified a '.texi' or '.texinfo' file, or any other file
-         indirectly affecting the aspect of the manual.  The spurious
-         call might also be the consequence of using a buggy 'make' (AIX,
-         DU, IRIX).  You might want to install the Texinfo package or
-         the GNU make package.  Grab either from any GNU archive site."
-    # The file to touch is that specified with -o ...
-    file=`echo "$*" | sed -n "$sed_output"`
-    test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
-    if test -z "$file"; then
-      # ... or it is the one specified with @setfilename ...
-      infile=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'`
-      file=`sed -n '
-       /^@setfilename/{
-         s/.* \([^ ]*\) *$/\1/
-         p
-         q
-       }' $infile`
-      # ... or it is derived from the source name (dir/f.texi becomes f.info)
-      test -z "$file" && file=`echo "$infile" | sed 's,.*/,,;s,.[^.]*$,,'`.info
-    fi
-    # If the file does not exist, the user really needs makeinfo;
-    # let's fail without touching anything.
-    test -f $file || exit 1
-    touch $file
-    ;;
-
-  *)
-    echo 1>&2 "\
-WARNING: '$1' is needed, and is $msg.
-         You might have modified some files without having the
-         proper tools for further handling them.  Check the 'README' file,
-         it often tells you about the needed prerequisites for installing
-         this package.  You may also peek at any GNU archive site, in case
-         some other package would contain this missing '$1' program."
-    exit 1
-    ;;
-esac
+# Also exit now if we it failed (or wasn't found), and '--version' was
+# passed; such an option is passed most likely to detect whether the
+# program is present and works.
+case $2 in --version|--help) exit $st;; esac
+
+# Exit code 63 means version mismatch.  This often happens when the user
+# tries to use an ancient version of a tool on a file that requires a
+# minimum version.
+if test $st -eq 63; then
+  msg="probably too old"
+elif test $st -eq 127; then
+  # Program was missing.
+  msg="missing on your system"
+else
+  # Program was found and executed, but failed.  Give up.
+  exit $st
+fi
 
-exit 0
+perl_URL=http://www.perl.org/
+flex_URL=http://flex.sourceforge.net/
+gnu_software_URL=http://www.gnu.org/software
+
+program_details ()
+{
+  case $1 in
+    aclocal|automake)
+      echo "The '$1' program is part of the GNU Automake package:"
+      echo "<$gnu_software_URL/automake>"
+      echo "It also requires GNU Autoconf, GNU m4 and Perl in order to run:"
+      echo "<$gnu_software_URL/autoconf>"
+      echo "<$gnu_software_URL/m4/>"
+      echo "<$perl_URL>"
+      ;;
+    autoconf|autom4te|autoheader)
+      echo "The '$1' program is part of the GNU Autoconf package:"
+      echo "<$gnu_software_URL/autoconf/>"
+      echo "It also requires GNU m4 and Perl in order to run:"
+      echo "<$gnu_software_URL/m4/>"
+      echo "<$perl_URL>"
+      ;;
+  esac
+}
+
+give_advice ()
+{
+  # Normalize program name to check for.
+  normalized_program=`echo "$1" | sed '
+    s/^gnu-//; t
+    s/^gnu//; t
+    s/^g//; t'`
+
+  printf '%s\n' "'$1' is $msg."
+
+  configure_deps="'configure.ac' or m4 files included by 'configure.ac'"
+  case $normalized_program in
+    autoconf*)
+      echo "You should only need it if you modified 'configure.ac',"
+      echo "or m4 files included by it."
+      program_details 'autoconf'
+      ;;
+    autoheader*)
+      echo "You should only need it if you modified 'acconfig.h' or"
+      echo "$configure_deps."
+      program_details 'autoheader'
+      ;;
+    automake*)
+      echo "You should only need it if you modified 'Makefile.am' or"
+      echo "$configure_deps."
+      program_details 'automake'
+      ;;
+    aclocal*)
+      echo "You should only need it if you modified 'acinclude.m4' or"
+      echo "$configure_deps."
+      program_details 'aclocal'
+      ;;
+   autom4te*)
+      echo "You might have modified some maintainer files that require"
+      echo "the 'automa4te' program to be rebuilt."
+      program_details 'autom4te'
+      ;;
+    bison*|yacc*)
+      echo "You should only need it if you modified a '.y' file."
+      echo "You may want to install the GNU Bison package:"
+      echo "<$gnu_software_URL/bison/>"
+      ;;
+    lex*|flex*)
+      echo "You should only need it if you modified a '.l' file."
+      echo "You may want to install the Fast Lexical Analyzer package:"
+      echo "<$flex_URL>"
+      ;;
+    help2man*)
+      echo "You should only need it if you modified a dependency" \
+           "of a man page."
+      echo "You may want to install the GNU Help2man package:"
+      echo "<$gnu_software_URL/help2man/>"
+    ;;
+    makeinfo*)
+      echo "You should only need it if you modified a '.texi' file, or"
+      echo "any other file indirectly affecting the aspect of the manual."
+      echo "You might want to install the Texinfo package:"
+      echo "<$gnu_software_URL/texinfo/>"
+      echo "The spurious makeinfo call might also be the consequence of"
+      echo "using a buggy 'make' (AIX, DU, IRIX), in which case you might"
+      echo "want to install GNU make:"
+      echo "<$gnu_software_URL/make/>"
+      ;;
+    *)
+      echo "You might have modified some files without having the proper"
+      echo "tools for further handling them.  Check the 'README' file, it"
+      echo "often tells you about the needed prerequisites for installing"
+      echo "this package.  You may also peek at any GNU archive site, in"
+      echo "case some other package contains this missing '$1' program."
+      ;;
+  esac
+}
+
+give_advice "$1" | sed -e '1s/^/WARNING: /' \
+                       -e '2,$s/^/         /' >&2
+
+# Propagate the correct exit status (expected to be 127 for a program
+# not found, 63 for a program that failed due to version mismatch).
+exit $st
 
 # Local variables:
 # eval: (add-hook 'write-file-hooks 'time-stamp)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude 
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh 
old/libcap-ng-0.7.3/py-compile new/libcap-ng-0.7.4/py-compile
--- old/libcap-ng-0.7.3/py-compile      2012-11-09 20:59:20.000000000 +0100
+++ new/libcap-ng-0.7.4/py-compile      2014-04-24 14:41:51.000000000 +0200
@@ -3,7 +3,7 @@
 
 scriptversion=2011-06-08.12; # UTC
 
-# Copyright (C) 2000-2012 Free Software Foundation, Inc.
+# Copyright (C) 2000-2013 Free Software Foundation, Inc.
 
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -116,7 +116,7 @@
 fi
 
 $PYTHON -c "
-import sys, os, py_compile
+import sys, os, py_compile, imp
 
 files = '''$files'''
 
@@ -129,12 +129,19 @@
            continue
     sys.stdout.write(file)
     sys.stdout.flush()
-    py_compile.compile(filepath, filepath + 'c', path)
+    if hasattr(imp, 'get_tag'):
+        py_compile.compile(filepath, imp.cache_from_source(filepath), path)
+    else:
+        py_compile.compile(filepath, filepath + 'c', path)
 sys.stdout.write('\n')" || exit $?
 
 # this will fail for python < 1.5, but that doesn't matter ...
 $PYTHON -O -c "
-import sys, os, py_compile
+import sys, os, py_compile, imp
+
+# pypy does not use .pyo optimization
+if hasattr(sys, 'pypy_translation_info'):
+    sys.exit(0)
 
 files = '''$files'''
 sys.stdout.write('Byte-compiling python modules (optimized versions) ...\n')
@@ -146,7 +153,10 @@
            continue
     sys.stdout.write(file)
     sys.stdout.flush()
-    py_compile.compile(filepath, filepath + 'o', path)
+    if hasattr(imp, 'get_tag'):
+        py_compile.compile(filepath, imp.cache_from_source(filepath, False), 
path)
+    else:
+        py_compile.compile(filepath, filepath + 'o', path)
 sys.stdout.write('\n')" 2>/dev/null || :
 
 # Local Variables:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude 
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh 
old/libcap-ng-0.7.3/src/cap-ng.c new/libcap-ng-0.7.4/src/cap-ng.c
--- old/libcap-ng-0.7.3/src/cap-ng.c    2012-11-09 20:59:13.000000000 +0100
+++ new/libcap-ng-0.7.4/src/cap-ng.c    2014-04-24 14:41:43.000000000 +0200
@@ -1,5 +1,5 @@
 /* libcap-ng.c --
- * Copyright 2009-10 Red Hat Inc., Durham, North Carolina.
+ * Copyright 2009-10, 2013 Red Hat Inc., Durham, North Carolina.
  * All Rights Reserved.
  *
  * This library is free software; you can redistribute it and/or
@@ -28,10 +28,12 @@
 #include <stdio_ext.h>
 #include <stdlib.h>
 #include <sys/prctl.h>
+#include <pwd.h>
 #include <grp.h>
 #include <sys/stat.h>
 #include <stdarg.h>
 #include <errno.h>
+#include <fcntl.h>
 #include <byteswap.h>
 #ifdef HAVE_SYSCALL_H
 #include <sys/syscall.h>
@@ -40,6 +42,8 @@
 #include <linux/securebits.h>
 #endif
 
+# define hidden __attribute__ ((visibility ("hidden")))
+int last_cap hidden = -1;
 /*
  * Some milestones of when things became available:
  * 2.6.24 kernel       XATTR_NAME_CAPS
@@ -54,7 +58,7 @@
 // Local defines
 #define MASK(x) (1U << (x))
 #ifdef PR_CAPBSET_DROP
-#define UPPER_MASK ~(unsigned)((~0U)<<(CAP_LAST_CAP-31))
+#define UPPER_MASK ~(unsigned)((~0U)<<(last_cap-31))
 #else
 // For v1 systems UPPER_MASK will never be used
 #define UPPER_MASK (unsigned)(~0U)
@@ -62,7 +66,7 @@
 
 // Re-define cap_valid so its uniform between V1 and V3
 #undef cap_valid
-#define cap_valid(x) ((x) <= CAP_LAST_CAP)
+#define cap_valid(x) ((x) <= last_cap)
 
 // If we don't have the xattr library, then we can't
 // compile-in file system capabilities
@@ -173,6 +177,30 @@
 #else
        m.hdr.pid = (unsigned)getpid();
 #endif
+       // Detect last cap
+       if (last_cap == -1) {
+               int fd;
+
+               fd = open("/proc/sys/kernel/cap_last_cap", O_RDONLY);
+               if (fd == -1) {
+                       if (errno != ENOENT) {
+                               m.state = CAPNG_ERROR;
+                               return;
+                       }
+               } else {
+                       char buf[8];
+                       int num = read(fd, buf, sizeof(buf) - 1);
+                       if (num > 0) {
+                               buf[num] = 0;
+                               errno = 0;
+                               int val = strtoul(buf, NULL, 10);
+                               if (errno == 0)
+                                       last_cap = val;
+                       }
+               }
+               if (last_cap == -1)
+                       last_cap = CAP_LAST_CAP;
+       }
        m.state = CAPNG_ALLOCATED;
 }
 
@@ -484,7 +512,7 @@
                        int i;
                        capng_restore_state(&s);
                        rc = 0;
-                       for (i=0; i <= CAP_LAST_CAP && rc == 0; i++)
+                       for (i=0; i <= last_cap && rc == 0; i++)
                                if (capng_have_capability(CAPNG_BOUNDING_SET,
                                                                 i) == 0)
                                        rc = prctl(PR_CAPBSET_DROP, i, 0, 0, 0);
@@ -623,6 +651,18 @@
                        return -4;
        }
 
+       // See if we need to init supplemental groups
+       if ((flag & CAPNG_INIT_SUPP_GRP) && uid != -1) {
+               struct passwd *pw = getpwuid(uid);
+               if (pw == NULL)
+                       return -10;
+               if (gid != -1) {
+                       if (initgroups(pw->pw_name, gid))
+                               return -5;
+               } else if (initgroups(pw->pw_name, pw->pw_gid))
+                       return -5;
+       }
+
        // See if we need to unload supplemental groups
        if ((flag & CAPNG_DROP_SUPP_GRP) && gid != -1) {
                if (setgroups(0, NULL))
@@ -663,12 +703,17 @@
 
 int capng_lock(void)
 {
+       // If either fail, return -1 since something is not right
 #ifdef PR_SET_SECUREBITS
        int rc = prctl(PR_SET_SECUREBITS,
                        1 << SECURE_NOROOT |
                        1 << SECURE_NOROOT_LOCKED |
                        1 << SECURE_NO_SETUID_FIXUP |
                        1 << SECURE_NO_SETUID_FIXUP_LOCKED, 0, 0, 0);
+#ifdef PR_SET_NO_NEW_PRIVS
+       if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0))
+               return -1;
+#endif
        if (rc)
                return -1;
 #endif
@@ -901,7 +946,7 @@
        if (m.state < CAPNG_INIT)
                return ptr;
 
-       for (i=0; i<=CAP_LAST_CAP; i++) {
+       for (i=0; i<=last_cap; i++) {
                if (capng_have_capability(which, i)) {
                        const char *n = capng_capability_to_name(i);
                        if (n == NULL)
@@ -915,7 +960,7 @@
                        } else if (where == CAPNG_PRINT_BUFFER) {
                                int len;
                                if (once == 0) {
-                                       ptr = malloc(CAP_LAST_CAP*18);
+                                       ptr = malloc(last_cap*18);
                                        if (ptr == NULL)
                                                return ptr;
                                        len = sprintf(ptr+cnt, "%s", n);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude 
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh 
old/libcap-ng-0.7.3/src/cap-ng.h new/libcap-ng-0.7.4/src/cap-ng.h
--- old/libcap-ng-0.7.3/src/cap-ng.h    2012-11-09 20:59:13.000000000 +0100
+++ new/libcap-ng-0.7.4/src/cap-ng.h    2014-04-24 14:41:43.000000000 +0200
@@ -1,5 +1,5 @@
 /* libcap-ng.h --
- * Copyright 2009 Red Hat Inc., Durham, North Carolina.
+ * Copyright 2009, 2013 Red Hat Inc., Durham, North Carolina.
  * All Rights Reserved.
  *
  * This library is free software; you can redistribute it and/or
@@ -31,10 +31,6 @@
 extern "C" {
 #endif
 
-#ifndef CAP_LAST_CAP
-#define CAP_LAST_CAP CAP_AUDIT_CONTROL
-#endif
-
 typedef enum {  CAPNG_DROP, CAPNG_ADD } capng_act_t;
 typedef enum {  CAPNG_EFFECTIVE=1, CAPNG_PERMITTED=2,
                CAPNG_INHERITABLE=4, CAPNG_BOUNDING_SET=8 } capng_type_t;
@@ -44,7 +40,7 @@
                CAPNG_FULL } capng_results_t;
 typedef enum {  CAPNG_PRINT_STDOUT, CAPNG_PRINT_BUFFER } capng_print_t;
 typedef enum {  CAPNG_NO_FLAG=0, CAPNG_DROP_SUPP_GRP=1,
-                       CAPNG_CLEAR_BOUNDING=2 } capng_flags_t;
+               CAPNG_CLEAR_BOUNDING=2, CAPNG_INIT_SUPP_GRP=4 } capng_flags_t;
 
 
 // These functions manipulate process capabilities
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude 
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh 
old/libcap-ng-0.7.3/src/captab.h new/libcap-ng-0.7.4/src/captab.h
--- old/libcap-ng-0.7.3/src/captab.h    2012-11-09 20:59:13.000000000 +0100
+++ new/libcap-ng-0.7.4/src/captab.h    2014-04-24 14:41:43.000000000 +0200
@@ -1,5 +1,5 @@
 /* captab.h --
- * Copyright 2009,2011-12 Red Hat Inc., Durham, North Carolina.
+ * Copyright 2009,2011-13 Red Hat Inc., Durham, North Carolina.
  * All Rights Reserved.
  *
  * This library is free software; you can redistribute it and/or
@@ -75,7 +75,4 @@
 #ifdef CAP_BLOCK_SUSPEND
 _S(CAP_BLOCK_SUSPEND,          "block_suspend"         )
 #endif
-#ifdef CAP_COMPROMISE_KERNEL
-_S(CAP_COMPROMISE_KERNEL,      "compromise_kernel"     )
-#endif
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude 
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh 
old/libcap-ng-0.7.3/src/lookup_table.c new/libcap-ng-0.7.4/src/lookup_table.c
--- old/libcap-ng-0.7.3/src/lookup_table.c      2012-11-09 20:59:13.000000000 
+0100
+++ new/libcap-ng-0.7.4/src/lookup_table.c      2014-04-24 14:41:43.000000000 
+0200
@@ -1,5 +1,5 @@
 /* lookup_table.c -- 
- * Copyright 2009 Red Hat Inc., Durham, North Carolina.
+ * Copyright 2009, 2013 Red Hat Inc., Durham, North Carolina.
  * All Rights Reserved.
  *
  * This library is free software; you can redistribute it and/or
@@ -24,13 +24,14 @@
 #include <stddef.h>
 #include <linux/capability.h>
 #include <strings.h>
+#include <stdio.h>
 
 
-#ifndef CAP_LAST_CAP
-#define CAP_LAST_CAP CAP_AUDIT_CONTROL
-#endif
+#define hidden __attribute__ ((visibility ("hidden")))
+extern int last_cap hidden;
+
 #undef cap_valid
-#define cap_valid(x) ((x) <= CAP_LAST_CAP)
+#define cap_valid(x) ((x) <= last_cap)
 
 
 struct transtab {
@@ -106,10 +107,17 @@
 
 const char *capng_capability_to_name(unsigned int capability)
 {
+       char *ptr;
+
        if (!cap_valid(capability))
                return NULL;
 
-       return capng_lookup_number(captab, captab_msgstr.str,
+       ptr = capng_lookup_number(captab, captab_msgstr.str,
                                    CAP_NG_CAPABILITY_NAMES, capability);
+       if (ptr == NULL) // This leaks memory, but should almost never be used
+               if (asprintf(&ptr, "cap_%d", capability) < 0)
+                       ptr = NULL;
+
+       return ptr;
 }
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude 
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh 
old/libcap-ng-0.7.3/src/test/lib_test.c new/libcap-ng-0.7.4/src/test/lib_test.c
--- old/libcap-ng-0.7.3/src/test/lib_test.c     2012-11-09 20:59:13.000000000 
+0100
+++ new/libcap-ng-0.7.4/src/test/lib_test.c     2014-04-24 14:41:43.000000000 
+0200
@@ -1,5 +1,5 @@
 /* lib_test.c -- simple libcap-ng test suite
- * Copyright 2009,2012 Red Hat Inc., Durham, North Carolina.
+ * Copyright 2009,2012-13 Red Hat Inc., Durham, North Carolina.
  * All Rights Reserved.
  *
  * This library is free software; you can redistribute it and/or
@@ -25,11 +25,33 @@
 #include <stdlib.h>
 #include <stdio.h>
 #include <string.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <sys/stat.h>
 
+int get_last_cap(void)
+{
+       int fd;
+
+       fd = open("/proc/sys/kernel/cap_last_cap", O_RDONLY);
+       if (fd == -1) {
+               return CAP_LAST_CAP;
+       } else {
+               char buf[8];
+               int num = read(fd, buf, sizeof(buf));
+               if (num > 0) {
+                       errno = 0;
+                       int val = strtoul(buf, NULL, 10);
+                       if (errno == 0)
+                               return val;
+               }
+       }
+       return CAP_LAST_CAP;
+}
 
 int main(void)
 {
-       int rc, i, len, last = CAP_LAST_CAP;
+       int rc, i, len, last = get_last_cap();
        char *text;
        void *saved;
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude 
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh 
old/libcap-ng-0.7.3/test-driver new/libcap-ng-0.7.4/test-driver
--- old/libcap-ng-0.7.3/test-driver     1970-01-01 01:00:00.000000000 +0100
+++ new/libcap-ng-0.7.4/test-driver     2014-04-24 14:41:51.000000000 +0200
@@ -0,0 +1,127 @@
+#! /bin/sh
+# test-driver - basic testsuite driver script.
+
+scriptversion=2012-06-27.10; # UTC
+
+# Copyright (C) 2011-2013 Free Software Foundation, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# This file is maintained in Automake, please report
+# bugs to <[email protected]> or send patches to
+# <[email protected]>.
+
+# Make unconditional expansion of undefined variables an error.  This
+# helps a lot in preventing typo-related bugs.
+set -u
+
+usage_error ()
+{
+  echo "$0: $*" >&2
+  print_usage >&2
+  exit 2
+}
+
+print_usage ()
+{
+  cat <<END
+Usage:
+  test-driver --test-name=NAME --log-file=PATH --trs-file=PATH
+              [--expect-failure={yes|no}] [--color-tests={yes|no}]
+              [--enable-hard-errors={yes|no}] [--] TEST-SCRIPT
+The '--test-name', '--log-file' and '--trs-file' options are mandatory.
+END
+}
+
+# TODO: better error handling in option parsing (in particular, ensure
+# TODO: $log_file, $trs_file and $test_name are defined).
+test_name= # Used for reporting.
+log_file=  # Where to save the output of the test script.
+trs_file=  # Where to save the metadata of the test run.
+expect_failure=no
+color_tests=no
+enable_hard_errors=yes
+while test $# -gt 0; do
+  case $1 in
+  --help) print_usage; exit $?;;
+  --version) echo "test-driver $scriptversion"; exit $?;;
+  --test-name) test_name=$2; shift;;
+  --log-file) log_file=$2; shift;;
+  --trs-file) trs_file=$2; shift;;
+  --color-tests) color_tests=$2; shift;;
+  --expect-failure) expect_failure=$2; shift;;
+  --enable-hard-errors) enable_hard_errors=$2; shift;;
+  --) shift; break;;
+  -*) usage_error "invalid option: '$1'";;
+  esac
+  shift
+done
+
+if test $color_tests = yes; then
+  # Keep this in sync with 'lib/am/check.am:$(am__tty_colors)'.
+  red='[0;31m' # Red.
+  grn='[0;32m' # Green.
+  lgn='[1;32m' # Light green.
+  blu='[1;34m' # Blue.
+  mgn='[0;35m' # Magenta.
+  std='[m'     # No color.
+else
+  red= grn= lgn= blu= mgn= std=
+fi
+
+do_exit='rm -f $log_file $trs_file; (exit $st); exit $st'
+trap "st=129; $do_exit" 1
+trap "st=130; $do_exit" 2
+trap "st=141; $do_exit" 13
+trap "st=143; $do_exit" 15
+
+# Test script is run here.
+"$@" >$log_file 2>&1
+estatus=$?
+if test $enable_hard_errors = no && test $estatus -eq 99; then
+  estatus=1
+fi
+
+case $estatus:$expect_failure in
+  0:yes) col=$red res=XPASS recheck=yes gcopy=yes;;
+  0:*)   col=$grn res=PASS  recheck=no  gcopy=no;;
+  77:*)  col=$blu res=SKIP  recheck=no  gcopy=yes;;
+  99:*)  col=$mgn res=ERROR recheck=yes gcopy=yes;;
+  *:yes) col=$lgn res=XFAIL recheck=no  gcopy=yes;;
+  *:*)   col=$red res=FAIL  recheck=yes gcopy=yes;;
+esac
+
+# Report outcome to console.
+echo "${col}${res}${std}: $test_name"
+
+# Register the test result, and other relevant metadata.
+echo ":test-result: $res" > $trs_file
+echo ":global-test-result: $res" >> $trs_file
+echo ":recheck: $recheck" >> $trs_file
+echo ":copy-in-global-log: $gcopy" >> $trs_file
+
+# Local Variables:
+# mode: shell-script
+# sh-indentation: 2
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
+# End:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude 
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh 
old/libcap-ng-0.7.3/utils/captest.c new/libcap-ng-0.7.4/utils/captest.c
--- old/libcap-ng-0.7.3/utils/captest.c 2012-11-09 20:59:13.000000000 +0100
+++ new/libcap-ng-0.7.4/utils/captest.c 2014-04-24 14:41:45.000000000 +0200
@@ -1,6 +1,6 @@
 /*
  * captest.c - A program that demonstrates and outputs capabilities
- * Copyright (c) 2009 Red Hat Inc., Durham, North Carolina.
+ * Copyright (c) 2009, 2013 Red Hat Inc., Durham, North Carolina.
  * All Rights Reserved.
  *
  * This software may be freely redistributed and/or modified under the
@@ -196,7 +196,7 @@
 
 static void usage(void)
 {
-       printf("usage: captest [ --drop-all | --drop-caps | --id ] [ --lock ] [ 
--text ]\n");
+       printf("usage: captest [ --drop-all | --drop-caps | --id | --init-grp ] 
[ --lock ] [ --text ]\n");
 }
 
 int main(int argc, char *argv[])
@@ -216,6 +216,8 @@
                        which = 2;
                else if (strcmp(argv[i], "--id") == 0)
                        which = 3;
+               else if (strcmp(argv[i], "--init-grp") == 0)
+                       which = 4;
                else {
                        usage();
                        return 0;
@@ -237,13 +239,18 @@
                        capng_apply(CAPNG_SELECT_CAPS);
                        report();
                        break;
-               case 3: {
+               case 3:
+               case 4: {
                        int rc;
 
                        capng_clear(CAPNG_SELECT_BOTH);
                        capng_update(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
                                        CAP_CHOWN);
-                       rc = capng_change_id(99, 99,
+                       if (which == 4)
+                               rc = capng_change_id(99, 99,
+                               CAPNG_INIT_SUPP_GRP | CAPNG_CLEAR_BOUNDING);
+                       else
+                               rc = capng_change_id(99, 99,
                                CAPNG_DROP_SUPP_GRP | CAPNG_CLEAR_BOUNDING);
                        if (rc < 0) {
                                printf("Error changing uid: %d\n", rc);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude 
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh 
old/libcap-ng-0.7.3/utils/pscap.c new/libcap-ng-0.7.4/utils/pscap.c
--- old/libcap-ng-0.7.3/utils/pscap.c   2012-11-09 20:59:13.000000000 +0100
+++ new/libcap-ng-0.7.4/utils/pscap.c   2014-04-24 14:41:45.000000000 +0200
@@ -142,8 +142,6 @@
                                fclose(f);
                        }
                        
-                       len = read(fd, buf, sizeof buf - 1);
-                       close(fd);
                        if (header == 0) {
                                printf("%-5s %-5s %-10s  %-16s  %s\n",
                                    "ppid", "pid", "name", "command",

-- 
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

commit libcap-ng for openSUSE:Factory

Reply via email to