Opened 3 years ago
Closed 3 years ago
#15465 closed enhancement (fixed)
libcap-2.57 (wait for lfs)
| Reported by: | pierre | Owned by: | Bruce Dubbs |
|---|---|---|---|
| Priority: | normal | Milestone: | 11.1 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
new minor
Change History (7)
comment:1 by , 3 years ago
comment:2 by , 3 years ago
| Summary: | libcap-2.54 (wait for lfs) → libcap-2.55 (wait for lfs) |
|---|
Now 2.55
comment:3 by , 3 years ago
| Summary: | libcap-2.55 (wait for lfs) → libcap-2.56 (wait for lfs) |
|---|
And now version 2.56.
comment:4 by , 3 years ago
| Summary: | libcap-2.56 (wait for lfs) → libcap-2.57 (wait for lfs) |
|---|
Now 2.57.
comment:5 by , 3 years ago
Four relesaes in August, two so far in September. Fixes do not seem to be critical:
2.54
Fix for a corner case infinite loop handling long strings
Fixes to not ignore allocation failures
Evolving work from Samanta Navarro, found and fixed a memory leak in
cap_iab_get_proc()
More robust discovery of the name of the dynamic loader of the build target
Revamped the Go capability comparison API for *cap.Set and *cap.IAB, and
added cap.IABGetPID()
Added libcap cap_iab_compare() and cap_iab_get_pid() APIs.
Added a Go utility, captree, to display the process (and thread) graph
along with the POSIX.1e and IAB capabilities of each PID{TID} tree.
Extended getpcap to support the --iab command line argument, which
outputs a PID's IAB tuple too (if non-default).
Install *.so files as executable now that they are executable as binaries
A feature of 2.52 but not extended to install rules at that time.
Support make FORCELINKPAM=yes or make FORCELINKPAM=no for those
packagers that feel strongly about not letting this be dynamically
discovered at build time.
Fixed a compiler warnings from the GitHub build tester
2.55
Two rounds of fixes for the results of some static analysis
Removed a clang compilation warning about memory allocation by rewriting
the way cap_free() and the various libcap memory allocation mechanisms
work.
This generated a few broken builds until it was fixed.
Cleanup of some man pages; some fixes and shorter URL to bugzilla link.
Added libcap cap_proc_root() API function (to reach parity with the Go cap
package).
This is only potentially useful with the recently added
cap_iab_get_pid() function
Revamped what the GOLANG=yes builds install - used to install local copies
of cap and psx, but these were effectively useless because of the Go module
support in recent Go releases in favor of user controller GOPATH.
Now make GOLANG=yes only installs the captree utility
Added some features to captree and created a small article on it
Added a man page for the captree utility
Some small changes to the tests to account for the idiosyncrasies of some
new testing environments I've accumulated.
Included adding --has-b support to capsh
2.56
Canonicalize the Makefile use
In the process fixed a bug in pam_cap/test_pam_cap
Doc fixes for cap_iab.3
Added color support to captree, which helped make the following fix
generate readable output:
Fixed captree to not display duplicate copies of sub-trees if also
exploring their ancestor
Fixed contrib/sucap/su to correctly handle the Inheritable flag.
2.57
capsh enhancements:
--mode makes a guess at the libcap mode of the current process
--strict makes capsh less permissive and expects the user to perform
more deliberate capability transactions
useful for learning all the steps; and helps this article be more
pedagogical.
Build system fixes
Preserve $(WARNINGS)
Don't ever build test binaries unless make test etc is invoked (speeds
builds on slower systems)
Support make -j12 for all, test and sudotest targets
getcap -r / now generates readable output
Some documentation cleanup: more consistency.
comment:6 by , 3 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:7 by , 3 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Fixed at commit cc1c942130b5032afd457ed09864f5ba4a70c74c
Package updates
Update to Python3-3.9.7.
Update to libcap-2.57.
Note:
See TracTickets
for help on using tickets.
Release notes for 2.54 2021-08-25 21:09:19 -0700 Fix for a corner case infinite loop handling long strings (patch provided by Samanta Navarro) Fixes to not ignore allocation failures (patch provided by Samanta Navarro) Evolving work from Samanta Navarro, found and fixed a memory leak in cap_iab_get_proc() More robust discovery of the name of the dynamic loader of the build target (patch provided by Arnout Vandecappelle) Revamped the Go capability comparison API for *cap.Set and *cap.IAB, and added cap.IABGetPID() Added libcap cap_iab_compare() and cap_iab_get_pid() APIs. Added a Go utility, captree, to display the process (and thread) graph along with the POSIX.1e and IAB capabilities of each PID{TID} tree. Extended getpcap to support the --iab command line argument, which outputs a PID's IAB tuple too (if non-default). Install *.so files as executable now that they are executable as binaries A feature of 2.52 but not extended to install rules at that time. Absorbed a lot of wisdom from a number of downstream package workarounds including wisdom from (Zhi Li and Arnout Vandecappelle and unknown others... Bugs 214023#c16, 214085) Support make FORCELINKPAM=yes or make FORCELINKPAM=no for those packagers that feel strongly about not letting this be dynamically discovered at build time. Fixed a compiler warnings from the GitHub build tester (Bug 214143)