On Monday May 21 2007 07:58:23 pm Dan Nicholson wrote: > Randy added the Fedora patches to our repo a little while back. > > http://www.linuxfromscratch.org/patches/downloads/libcap/libcap-1.10-fedora >_fixes-1.patch > > IMO, all we really need is to rip out the two _syscall2 declarations > to get it to work with recent headers.
I did look at that Fedora-patch. The Owl patches can be seen separated here: http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/libcap/ I've reviewed all the Owl patches and they're all perfectly reasonable, even for a non-hardened system. The difference between Fedora's and Owl's is that Owl's have patches include returning NULL for failed functions, instead of an undefined return (alt-cap_free.diff). The alt-warnings.diff patch fixes compiler warnings... libcap was coded in the time of gcc2, the warnings patch bring it up to gcc4 standards. The alt-bound.diff patch adds sizeof(3) library functions to add memory boundaries to libcap's functions, and this prevents buffer overflows. None of the Owl patches and or remove functionality, they're all bug fixes... there is no reason not to use the Owl patch set. I understand BLFS, and LFS, tries to be vanilla and avoids using non-official patches or configurations, but libcap is no longer maintained and there will be no more upstream fixes. That means we will need to maintain it (but not necessarily develop it). I strongly recommend BLFS uses the Owl patch set (the patch I attached earlier today). robert
pgpYU5ZjmhRJM.pgp
Description: PGP signature
-- http://linuxfromscratch.org/mailman/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
