diff --git a/libcap-ng-0.8.2-apply-disable.patch b/libcap-ng-0.8.2-apply-disable.patch index 23c7eca..f28f20d 100644 --- a/libcap-ng-0.8.2-apply-disable.patch +++ b/libcap-ng-0.8.2-apply-disable.patch @@ -1,12 +1,50 @@ -diff -urp libcap-ng-0.8.2.orig/src/cap-ng.c libcap-ng-0.8.2/src/cap-ng.c ---- libcap-ng-0.8.2.orig/src/cap-ng.c 2020-11-20 15:04:09.000000000 -0500 -+++ libcap-ng-0.8.2/src/cap-ng.c 2020-11-20 16:04:55.425496426 -0500 -@@ -698,19 +698,19 @@ int capng_apply(capng_select_t set) +diff -urp libcap-ng-0.8.3.orig/src/cap-ng.c libcap-ng-0.8.3/src/cap-ng.c +--- libcap-ng-0.8.3.orig/src/cap-ng.c 2021-01-30 09:26:33.000000000 -0500 ++++ libcap-ng-0.8.3/src/cap-ng.c 2021-01-30 09:52:43.507967643 -0500 +@@ -713,6 +713,36 @@ int capng_updatev(capng_act_t action, ca + return rc; + } + ++#include ++static char *get_exename(char *exename, int size) ++{ ++ char tmp[PATH_MAX+1]; ++ int res; ++ ++ /* get the name of the current executable */ ++ if ((res = readlink("/proc/self/exe", tmp, PATH_MAX)) < -1) ++ strcpy(exename, "\"?\""); ++ else { ++ tmp[res] = '\0'; ++ snprintf(exename, size, "\"%s\"", tmp); ++ } ++ return exename; ++} ++ ++#include ++static void log_problem(unsigned int msg) ++{ ++ static const char *text[3] = { ++ "dropping bounding set", ++ "getting new bounding set", ++ "due to not having CAP_SETPCAP" ++ }; ++ unsigned idx = msg - 2; ++ char exe[2048]; ++ syslog(LOG_ERR, "libcap-ng used by %s failed %s in capng_apply", ++ get_exename(exe, 2047), text[idx]); ++} ++ + int capng_apply(capng_select_t set) + { + int rc = 0; +@@ -733,19 +763,22 @@ int capng_apply(capng_select_t set) if (capng_have_capability(CAPNG_BOUNDING_SET, i) == 0) { if (prctl(PR_CAPBSET_DROP, i, 0, 0, 0) <0) { - rc = -2; +// rc = -2; ++ log_problem(2); goto try_caps; } } @@ -15,12 +53,14 @@ diff -urp libcap-ng-0.8.2.orig/src/cap-ng.c libcap-ng-0.8.2/src/cap-ng.c if (get_bounding_set() < 0) { - rc = -3; +// rc = -3; ++ log_problem(3); goto try_caps; } } else { memcpy(&m, &state, sizeof(m)); /* restore state */ - rc = -4; +// rc = -4; ++ log_problem(4); goto try_caps; } #endif diff --git a/libcap-ng.spec b/libcap-ng.spec index 907370d..7a91e5f 100644 --- a/libcap-ng.spec +++ b/libcap-ng.spec @@ -1,13 +1,14 @@ -Summary: An alternate posix capabilities library +Summary: Alternate posix capabilities library Name: libcap-ng Version: 0.8.2 -Release: 1%{?dist} +Release: 3%{?dist} License: LGPLv2+ -URL: http://people.redhat.com/sgrubb/libcap-ng -Source0: http://people.redhat.com/sgrubb/libcap-ng/%{name}-%{version}.tar.gz +URL: https://people.redhat.com/sgrubb/libcap-ng/ +Source0: https://people.redhat.com/sgrubb/libcap-ng/%{name}-%{version}.tar.gz # This patch can be removed when 1899540 is resolved Patch1: libcap-ng-0.8.2-apply-disable.patch BuildRequires: gcc +BuildRequires: make BuildRequires: kernel-headers >= 2.6.11 BuildRequires: libattr-devel @@ -18,7 +19,7 @@ Libcap-ng is a library that makes using posix capabilities easier Summary: Header files for libcap-ng library License: LGPLv2+ Requires: kernel-headers >= 2.6.11 -Requires: %{name} = %{version}-%{release} +Requires: %{name}%{?_isa} = %{version}-%{release} Requires: pkgconfig %description devel @@ -29,7 +30,8 @@ applications that need to use the libcap-ng library. Summary: Python3 bindings for libcap-ng library License: LGPLv2+ BuildRequires: python3-devel swig -Requires: %{name} = %{version}-%{release} +BuildRequires: make +Requires: %{name}%{?_isa} = %{version}-%{release} %description python3 The libcap-ng-python3 package contains the bindings so that libcap-ng @@ -38,7 +40,7 @@ and can be used by python3 applications. %package utils Summary: Utilities for analyzing and setting file capabilities License: GPLv2+ -Requires: %{name} = %{version}-%{release} +Requires: %{name}%{?_isa} = %{version}-%{release} %description utils The libcap-ng-utils package contains applications to analyze the @@ -51,18 +53,18 @@ lets you set the file system based capabilities. %build %configure --libdir=%{_libdir} --with-python=no --with-python3 -make CFLAGS="%{optflags}" %{?_smp_mflags} +%make_build CFLAGS="%{optflags}" %install -make DESTDIR="${RPM_BUILD_ROOT}" INSTALL='install -p' install +%make_install # Remove a couple things so they don't get picked up -rm -f $RPM_BUILD_ROOT/%{_libdir}/libcap-ng.la -rm -f $RPM_BUILD_ROOT/%{_libdir}/libcap-ng.a -rm -f $RPM_BUILD_ROOT/%{_libdir}/libdrop_ambient.la -rm -f $RPM_BUILD_ROOT/%{_libdir}/libdrop_ambient.a -rm -f $RPM_BUILD_ROOT/%{_libdir}/python?.?/site-packages/_capng.a -rm -f $RPM_BUILD_ROOT/%{_libdir}/python?.?/site-packages/_capng.la +rm -f $RPM_BUILD_ROOT%{_libdir}/libcap-ng.la +rm -f $RPM_BUILD_ROOT%{_libdir}/libcap-ng.a +rm -f $RPM_BUILD_ROOT%{_libdir}/libdrop_ambient.la +rm -f $RPM_BUILD_ROOT%{_libdir}/libdrop_ambient.a +rm -f $RPM_BUILD_ROOT%{_libdir}/python?.?/site-packages/_capng.a +rm -f $RPM_BUILD_ROOT%{_libdir}/python?.?/site-packages/_capng.la %check make check @@ -70,10 +72,9 @@ make check %ldconfig_scriptlets %files -%{!?_licensedir:%global license %%doc} %license COPYING.LIB -/%{_libdir}/libcap-ng.so.* -/%{_libdir}/libdrop_ambient.so.* +%{_libdir}/libcap-ng.so.* +%{_libdir}/libdrop_ambient.so.* %attr(0644,root,root) %{_mandir}/man7/* %files devel @@ -89,12 +90,17 @@ make check %{python3_sitearch}/capng.py* %files utils -%{!?_licensedir:%global license %%doc} %license COPYING %attr(0755,root,root) %{_bindir}/* %attr(0644,root,root) %{_mandir}/man8/* %changelog +* Sat Jan 30 2021 Steve Grubb 0.8.2-3 +- Add syslog warning for bad use of capng_apply + +* Tue Jan 26 2021 Fedora Release Engineering - 0.8.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + * Wed Dec 09 2020 Steve Grubb 0.8.2-1 - New upstream bugfix release