Hello community, here is the log from the commit of package libcap for openSUSE:Factory checked in at 2020-09-08 22:55:13 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libcap (Old) and /work/SRC/openSUSE:Factory/.libcap.new.3399 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libcap" Tue Sep 8 22:55:13 2020 rev:39 rq:831514 version:2.43 Changes: -------- --- /work/SRC/openSUSE:Factory/libcap/libcap.changes 2020-08-17 12:00:09.106519436 +0200 +++ /work/SRC/openSUSE:Factory/.libcap.new.3399/libcap.changes 2020-09-08 22:55:15.403751374 +0200 @@ -1,0 +2,10 @@ +Wed Sep 2 17:03:06 UTC 2020 - Dirk Mueller <[email protected]> + +- update to 2.43 + * Linus' kernel tree defines CAP_CHECKPOINT_RESTORE (40) so support it. + * Fix the creation of the $(FAKEROOT)$(LIBDIR) for split install targets + * Clean up a binary from the distribution + * Added some more release time checks for non-git tracked files. + * Fix a deadlock in libpsx that surfaced with a set of compiler optimizations by removing the psx wrapping harder. + +------------------------------------------------------------------- Old: ---- libcap-2.42.tar.xz New: ---- libcap-2.43.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libcap.spec ++++++ --- /var/tmp/diff_new_pack.aU801o/_old 2020-09-08 22:55:16.371751858 +0200 +++ /var/tmp/diff_new_pack.aU801o/_new 2020-09-08 22:55:16.375751860 +0200 @@ -17,7 +17,7 @@ Name: libcap -Version: 2.42 +Version: 2.43 Release: 0 Summary: Library for Capabilities (linux-privs) Support License: BSD-3-Clause AND GPL-2.0-only ++++++ libcap-2.42.tar.xz -> libcap-2.43.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libcap-2.42/Make.Rules new/libcap-2.43/Make.Rules --- old/libcap-2.42/Make.Rules 2020-08-02 03:39:29.000000000 +0200 +++ new/libcap-2.43/Make.Rules 2020-08-15 20:09:19.000000000 +0200 @@ -1,3 +1,8 @@ +# Common version number defines for libcap +LIBTITLE=libcap +VERSION=2 +MINOR=43 + # ## Optional prefixes: # @@ -38,11 +43,6 @@ PKGCONFIGDIR=$(LIBDIR)/pkgconfig GOPKGDIR=$(prefix)/share/gocode/src -# Common version number defines for libcap -LIBTITLE=libcap -VERSION=2 -MINOR=42 - # Go modules have their own semantics. I plan to leave this value at 0 # and keep it there. The Go packages should always remain backwardly # compatible, but I may have to up it if Go's syntax changes in a diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libcap-2.42/Makefile new/libcap-2.43/Makefile --- old/libcap-2.42/Makefile 2020-07-20 00:26:44.000000000 +0200 +++ new/libcap-2.43/Makefile 2020-08-15 20:07:49.000000000 +0200 @@ -34,6 +34,9 @@ @echo "CONFIRM Go package cap has right version dependency on cap/psx:" for x in $$(find . -name go.mod); do grep -F -v "module" $$x | fgrep "kernel.org/pub/linux/libs/security/libcap" > /dev/null || continue ; grep -F "v$(GOMAJOR).$(VERSION).$(MINOR)" $$x > /dev/null && continue ; echo "$$x is not updated to v$(GOMAJOR).$(VERSION).$(MINOR)" ; exit 1 ; done @echo "ALL go.mod files updated" + @echo "Now validate that everything is checked in to a clean tree.." + test -z "$$(git status -s)" + @echo "All good!" release: distclean cd .. && ln -s libcap libcap-$(VERSION).$(MINOR) && tar cvf libcap-$(VERSION).$(MINOR).tar --exclude patches libcap-$(VERSION).$(MINOR)/* && rm libcap-$(VERSION).$(MINOR) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libcap-2.42/cap/go.mod new/libcap-2.43/cap/go.mod --- old/libcap-2.42/cap/go.mod 2020-08-02 03:39:53.000000000 +0200 +++ new/libcap-2.43/cap/go.mod 2020-08-15 20:05:57.000000000 +0200 @@ -2,4 +2,4 @@ go 1.11 -require kernel.org/pub/linux/libs/security/libcap/psx v0.2.42 +require kernel.org/pub/linux/libs/security/libcap/psx v0.2.43 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libcap-2.42/cap/names.go new/libcap-2.43/cap/names.go --- old/libcap-2.42/cap/names.go 2020-08-02 03:31:08.000000000 +0200 +++ new/libcap-2.43/cap/names.go 2020-08-14 05:54:41.000000000 +0200 @@ -12,7 +12,7 @@ // FWIW the userspace tool '/sbin/capsh' also contains a runtime check // for the condition that libcap is behind the running kernel in this // way. -const NamedCount = 40 +const NamedCount = 41 // CHOWN etc., are the named capability values of the Linux // kernel. The canonical source for each name is the @@ -331,90 +331,98 @@ // - cap.NET_ADMIN is required to load networking // programs. BPF + + // CHECKPOINT_RESTORE allows a process to perform checkpoint + // and restore operations. Also permits + // explicit PID control via clone3() and + // also writing to ns_last_pid. + CHECKPOINT_RESTORE ) var names = map[Value]string{ - CHOWN: "cap_chown", - DAC_OVERRIDE: "cap_dac_override", - DAC_READ_SEARCH: "cap_dac_read_search", - FOWNER: "cap_fowner", - FSETID: "cap_fsetid", - KILL: "cap_kill", - SETGID: "cap_setgid", - SETUID: "cap_setuid", - SETPCAP: "cap_setpcap", - LINUX_IMMUTABLE: "cap_linux_immutable", - NET_BIND_SERVICE: "cap_net_bind_service", - NET_BROADCAST: "cap_net_broadcast", - NET_ADMIN: "cap_net_admin", - NET_RAW: "cap_net_raw", - IPC_LOCK: "cap_ipc_lock", - IPC_OWNER: "cap_ipc_owner", - SYS_MODULE: "cap_sys_module", - SYS_RAWIO: "cap_sys_rawio", - SYS_CHROOT: "cap_sys_chroot", - SYS_PTRACE: "cap_sys_ptrace", - SYS_PACCT: "cap_sys_pacct", - SYS_ADMIN: "cap_sys_admin", - SYS_BOOT: "cap_sys_boot", - SYS_NICE: "cap_sys_nice", - SYS_RESOURCE: "cap_sys_resource", - SYS_TIME: "cap_sys_time", - SYS_TTY_CONFIG: "cap_sys_tty_config", - MKNOD: "cap_mknod", - LEASE: "cap_lease", - AUDIT_WRITE: "cap_audit_write", - AUDIT_CONTROL: "cap_audit_control", - SETFCAP: "cap_setfcap", - MAC_OVERRIDE: "cap_mac_override", - MAC_ADMIN: "cap_mac_admin", - SYSLOG: "cap_syslog", - WAKE_ALARM: "cap_wake_alarm", - BLOCK_SUSPEND: "cap_block_suspend", - AUDIT_READ: "cap_audit_read", - PERFMON: "cap_perfmon", - BPF: "cap_bpf", + CHOWN: "cap_chown", + DAC_OVERRIDE: "cap_dac_override", + DAC_READ_SEARCH: "cap_dac_read_search", + FOWNER: "cap_fowner", + FSETID: "cap_fsetid", + KILL: "cap_kill", + SETGID: "cap_setgid", + SETUID: "cap_setuid", + SETPCAP: "cap_setpcap", + LINUX_IMMUTABLE: "cap_linux_immutable", + NET_BIND_SERVICE: "cap_net_bind_service", + NET_BROADCAST: "cap_net_broadcast", + NET_ADMIN: "cap_net_admin", + NET_RAW: "cap_net_raw", + IPC_LOCK: "cap_ipc_lock", + IPC_OWNER: "cap_ipc_owner", + SYS_MODULE: "cap_sys_module", + SYS_RAWIO: "cap_sys_rawio", + SYS_CHROOT: "cap_sys_chroot", + SYS_PTRACE: "cap_sys_ptrace", + SYS_PACCT: "cap_sys_pacct", + SYS_ADMIN: "cap_sys_admin", + SYS_BOOT: "cap_sys_boot", + SYS_NICE: "cap_sys_nice", + SYS_RESOURCE: "cap_sys_resource", + SYS_TIME: "cap_sys_time", + SYS_TTY_CONFIG: "cap_sys_tty_config", + MKNOD: "cap_mknod", + LEASE: "cap_lease", + AUDIT_WRITE: "cap_audit_write", + AUDIT_CONTROL: "cap_audit_control", + SETFCAP: "cap_setfcap", + MAC_OVERRIDE: "cap_mac_override", + MAC_ADMIN: "cap_mac_admin", + SYSLOG: "cap_syslog", + WAKE_ALARM: "cap_wake_alarm", + BLOCK_SUSPEND: "cap_block_suspend", + AUDIT_READ: "cap_audit_read", + PERFMON: "cap_perfmon", + BPF: "cap_bpf", + CHECKPOINT_RESTORE: "cap_checkpoint_restore", } var bits = map[string]Value{ - "cap_chown": CHOWN, - "cap_dac_override": DAC_OVERRIDE, - "cap_dac_read_search": DAC_READ_SEARCH, - "cap_fowner": FOWNER, - "cap_fsetid": FSETID, - "cap_kill": KILL, - "cap_setgid": SETGID, - "cap_setuid": SETUID, - "cap_setpcap": SETPCAP, - "cap_linux_immutable": LINUX_IMMUTABLE, - "cap_net_bind_service": NET_BIND_SERVICE, - "cap_net_broadcast": NET_BROADCAST, - "cap_net_admin": NET_ADMIN, - "cap_net_raw": NET_RAW, - "cap_ipc_lock": IPC_LOCK, - "cap_ipc_owner": IPC_OWNER, - "cap_sys_module": SYS_MODULE, - "cap_sys_rawio": SYS_RAWIO, - "cap_sys_chroot": SYS_CHROOT, - "cap_sys_ptrace": SYS_PTRACE, - "cap_sys_pacct": SYS_PACCT, - "cap_sys_admin": SYS_ADMIN, - "cap_sys_boot": SYS_BOOT, - "cap_sys_nice": SYS_NICE, - "cap_sys_resource": SYS_RESOURCE, - "cap_sys_time": SYS_TIME, - "cap_sys_tty_config": SYS_TTY_CONFIG, - "cap_mknod": MKNOD, - "cap_lease": LEASE, - "cap_audit_write": AUDIT_WRITE, - "cap_audit_control": AUDIT_CONTROL, - "cap_setfcap": SETFCAP, - "cap_mac_override": MAC_OVERRIDE, - "cap_mac_admin": MAC_ADMIN, - "cap_syslog": SYSLOG, - "cap_wake_alarm": WAKE_ALARM, - "cap_block_suspend": BLOCK_SUSPEND, - "cap_audit_read": AUDIT_READ, - "cap_perfmon": PERFMON, - "cap_bpf": BPF, + "cap_chown": CHOWN, + "cap_dac_override": DAC_OVERRIDE, + "cap_dac_read_search": DAC_READ_SEARCH, + "cap_fowner": FOWNER, + "cap_fsetid": FSETID, + "cap_kill": KILL, + "cap_setgid": SETGID, + "cap_setuid": SETUID, + "cap_setpcap": SETPCAP, + "cap_linux_immutable": LINUX_IMMUTABLE, + "cap_net_bind_service": NET_BIND_SERVICE, + "cap_net_broadcast": NET_BROADCAST, + "cap_net_admin": NET_ADMIN, + "cap_net_raw": NET_RAW, + "cap_ipc_lock": IPC_LOCK, + "cap_ipc_owner": IPC_OWNER, + "cap_sys_module": SYS_MODULE, + "cap_sys_rawio": SYS_RAWIO, + "cap_sys_chroot": SYS_CHROOT, + "cap_sys_ptrace": SYS_PTRACE, + "cap_sys_pacct": SYS_PACCT, + "cap_sys_admin": SYS_ADMIN, + "cap_sys_boot": SYS_BOOT, + "cap_sys_nice": SYS_NICE, + "cap_sys_resource": SYS_RESOURCE, + "cap_sys_time": SYS_TIME, + "cap_sys_tty_config": SYS_TTY_CONFIG, + "cap_mknod": MKNOD, + "cap_lease": LEASE, + "cap_audit_write": AUDIT_WRITE, + "cap_audit_control": AUDIT_CONTROL, + "cap_setfcap": SETFCAP, + "cap_mac_override": MAC_OVERRIDE, + "cap_mac_admin": MAC_ADMIN, + "cap_syslog": SYSLOG, + "cap_wake_alarm": WAKE_ALARM, + "cap_block_suspend": BLOCK_SUSPEND, + "cap_audit_read": AUDIT_READ, + "cap_perfmon": PERFMON, + "cap_bpf": BPF, + "cap_checkpoint_restore": CHECKPOINT_RESTORE, } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libcap-2.42/doc/values/40.txt new/libcap-2.43/doc/values/40.txt --- old/libcap-2.42/doc/values/40.txt 1970-01-01 01:00:00.000000000 +0100 +++ new/libcap-2.43/doc/values/40.txt 2020-08-14 05:54:41.000000000 +0200 @@ -0,0 +1,4 @@ +Allows a process to perform checkpoint +and restore operations. Also permits +explicit PID control via clone3() and +also writing to ns_last_pid. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libcap-2.42/doc/values/40.txt~ new/libcap-2.43/doc/values/40.txt~ --- old/libcap-2.42/doc/values/40.txt~ 1970-01-01 01:00:00.000000000 +0100 +++ new/libcap-2.43/doc/values/40.txt~ 2020-08-14 05:41:08.000000000 +0200 @@ -0,0 +1,3 @@ +Allows a process to perform checkpoint and restore operations. Also +permits explicit PID control via clone3() and also writing to +ns_last_pid. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libcap-2.42/goapps/setid/go.mod new/libcap-2.43/goapps/setid/go.mod --- old/libcap-2.42/goapps/setid/go.mod 2020-08-02 03:40:17.000000000 +0200 +++ new/libcap-2.43/goapps/setid/go.mod 2020-08-15 20:06:33.000000000 +0200 @@ -3,6 +3,6 @@ go 1.11 require ( - kernel.org/pub/linux/libs/security/libcap/cap v0.2.42 - kernel.org/pub/linux/libs/security/libcap/psx v0.2.42 + kernel.org/pub/linux/libs/security/libcap/cap v0.2.43 + kernel.org/pub/linux/libs/security/libcap/psx v0.2.43 ) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libcap-2.42/goapps/web/go.mod new/libcap-2.43/goapps/web/go.mod --- old/libcap-2.42/goapps/web/go.mod 2020-08-02 03:40:33.000000000 +0200 +++ new/libcap-2.43/goapps/web/go.mod 2020-08-15 20:06:14.000000000 +0200 @@ -2,4 +2,4 @@ go 1.11 -require kernel.org/pub/linux/libs/security/libcap/cap v0.2.42 +require kernel.org/pub/linux/libs/security/libcap/cap v0.2.43 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libcap-2.42/libcap/Makefile new/libcap-2.43/libcap/Makefile --- old/libcap-2.42/libcap/Makefile 2020-08-02 03:31:08.000000000 +0200 +++ new/libcap-2.43/libcap/Makefile 2020-08-14 05:34:12.000000000 +0200 @@ -102,9 +102,9 @@ mkdir -p -m 0755 $(FAKEROOT)$(PKGCONFIGDIR) install -m 0644 libcap.pc $(FAKEROOT)$(PKGCONFIGDIR)/libcap.pc install -m 0644 libpsx.pc $(FAKEROOT)$(PKGCONFIGDIR)/libpsx.pc + mkdir -p -m 0755 $(FAKEROOT)$(LIBDIR) install-static: $(STACAPLIBNAME) $(STAPSXLIBNAME) install-common - mkdir -p -m 0755 $(FAKEROOT)$(LIBDIR) install -m 0644 $(STACAPLIBNAME) $(FAKEROOT)$(LIBDIR)/$(STACAPLIBNAME) install -m 0644 $(STAPSXLIBNAME) $(FAKEROOT)$(LIBDIR)/$(STAPSXLIBNAME) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libcap-2.42/libcap/include/uapi/linux/capability.h new/libcap-2.43/libcap/include/uapi/linux/capability.h --- old/libcap-2.42/libcap/include/uapi/linux/capability.h 2020-07-19 23:39:03.000000000 +0200 +++ new/libcap-2.43/libcap/include/uapi/linux/capability.h 2020-08-14 05:54:41.000000000 +0200 @@ -405,7 +405,13 @@ #define CAP_BPF 39 -#define CAP_LAST_CAP CAP_BPF +/* Allow checkpoint/restore related operations */ +/* Allow PID selection during clone3() */ +/* Allow writing to ns_last_pid */ + +#define CAP_CHECKPOINT_RESTORE 40 + +#define CAP_LAST_CAP CAP_CHECKPOINT_RESTORE #define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libcap-2.42/psx/psx.c new/libcap-2.43/psx/psx.c --- old/libcap-2.42/psx/psx.c 2020-07-19 23:39:03.000000000 +0200 +++ new/libcap-2.43/psx/psx.c 2020-08-14 05:34:12.000000000 +0200 @@ -78,8 +78,6 @@ pthread_mutex_t state_mu; pthread_cond_t cond; /* this is only used to wait on 'state' changes */ psx_tracker_state_t state; - int (*creator)(pthread_t *thread, const pthread_attr_t *attr, - void *(*start_routine) (void *), void *arg); int initialized; int psx_sig; @@ -170,6 +168,12 @@ void *(*start_routine) (void *), void *arg); /* + * psx requires this function to be provided by the linkage wrapping. + */ +extern int __real_pthread_create(pthread_t *thread, const pthread_attr_t *attr, + void *(*start_routine) (void *), void *arg); + +/* * psx_syscall_start initializes the subsystem including initializing * the mutex. */ @@ -177,8 +181,6 @@ pthread_mutex_init(&psx_tracker.state_mu, NULL); pthread_cond_init(&psx_tracker.cond, NULL); pthread_key_create(&psx_action_key, NULL); - psx_tracker.creator = (pthread_create == __wrap_pthread_create ? - __real_pthread_create : pthread_create); pthread_atfork(_psx_prepare_fork, _psx_fork_completed, _psx_forked_child); /* @@ -404,7 +406,7 @@ */ pthread_sigmask(SIG_BLOCK, &sigbit, NULL); - int ret = psx_tracker.creator(thread, attr, _psx_start_fn, starter); + int ret = __real_pthread_create(thread, attr, _psx_start_fn, starter); if (ret == -1) { psx_new_state(_PSX_CREATE, _PSX_IDLE); memset(starter, 0, sizeof(*starter)); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libcap-2.42/tests/.gitignore new/libcap-2.43/tests/.gitignore --- old/libcap-2.42/tests/.gitignore 2020-07-01 04:43:01.000000000 +0200 +++ new/libcap-2.43/tests/.gitignore 2020-08-14 05:34:12.000000000 +0200 @@ -1,6 +1,5 @@ noop psx_test -psx_test_wrap libcap_psx_test libcap_launch_test libcap_psx_launch_test diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libcap-2.42/tests/Makefile new/libcap-2.43/tests/Makefile --- old/libcap-2.42/tests/Makefile 2020-07-10 07:49:20.000000000 +0200 +++ new/libcap-2.43/tests/Makefile 2020-08-14 05:34:12.000000000 +0200 @@ -7,7 +7,7 @@ DEPS=../libcap/libcap.a ../libcap/libpsx.a -all: psx_test psx_test_wrap libcap_psx_test libcap_launch_test +all: psx_test libcap_psx_test libcap_launch_test $(DEPS): make -C ../libcap all Binary files old/libcap-2.42/tests/psx_test_wrap and new/libcap-2.43/tests/psx_test_wrap differ
