From 4c9339a2d8d1d583a03f84101e728bb7b00241a7 Mon Sep 17 00:00:00 2001 From: DistroBaker Date: Sat, 30 Jan 2021 15:26:25 +0000 Subject: [PATCH] Merged update from upstream sources This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/libcap-ng.git#3c5cc435c97a9cf9631062f3168877c3443a5b0c --- libcap-ng-0.8.2-apply-disable.patch | 48 ++++++++++++++++++++++++++--- libcap-ng.spec | 44 ++++++++++++++------------ 2 files changed, 69 insertions(+), 23 deletions(-) diff --git a/libcap-ng-0.8.2-apply-disable.patch b/libcap-ng-0.8.2-apply-disable.patch index 23c7eca..f28f20d 100644 --- a/libcap-ng-0.8.2-apply-disable.patch +++ b/libcap-ng-0.8.2-apply-disable.patch @@ -1,12 +1,50 @@ -diff -urp libcap-ng-0.8.2.orig/src/cap-ng.c libcap-ng-0.8.2/src/cap-ng.c ---- libcap-ng-0.8.2.orig/src/cap-ng.c 2020-11-20 15:04:09.000000000 -0500 -+++ libcap-ng-0.8.2/src/cap-ng.c 2020-11-20 16:04:55.425496426 -0500 -@@ -698,19 +698,19 @@ int capng_apply(capng_select_t set) +diff -urp libcap-ng-0.8.3.orig/src/cap-ng.c libcap-ng-0.8.3/src/cap-ng.c +--- libcap-ng-0.8.3.orig/src/cap-ng.c 2021-01-30 09:26:33.000000000 -0500 ++++ libcap-ng-0.8.3/src/cap-ng.c 2021-01-30 09:52:43.507967643 -0500 +@@ -713,6 +713,36 @@ int capng_updatev(capng_act_t action, ca + return rc; + } + ++#include ++static char *get_exename(char *exename, int size) ++{ ++ char tmp[PATH_MAX+1]; ++ int res; ++ ++ /* get the name of the current executable */ ++ if ((res = readlink("/proc/self/exe", tmp, PATH_MAX)) < -1) ++ strcpy(exename, "\"?\""); ++ else { ++ tmp[res] = '\0'; ++ snprintf(exename, size, "\"%s\"", tmp); ++ } ++ return exename; ++} ++ ++#include ++static void log_problem(unsigned int msg) ++{ ++ static const char *text[3] = { ++ "dropping bounding set", ++ "getting new bounding set", ++ "due to not having CAP_SETPCAP" ++ }; ++ unsigned idx = msg - 2; ++ char exe[2048]; ++ syslog(LOG_ERR, "libcap-ng used by %s failed %s in capng_apply", ++ get_exename(exe, 2047), text[idx]); ++} ++ + int capng_apply(capng_select_t set) + { + int rc = 0; +@@ -733,19 +763,22 @@ int capng_apply(capng_select_t set) if (capng_have_capability(CAPNG_BOUNDING_SET, i) == 0) { if (prctl(PR_CAPBSET_DROP, i, 0, 0, 0) <0) { - rc = -2; +// rc = -2; ++ log_problem(2); goto try_caps; } } @@ -15,12 +53,14 @@ diff -urp libcap-ng-0.8.2.orig/src/cap-ng.c libcap-ng-0.8.2/src/cap-ng.c if (get_bounding_set() < 0) { - rc = -3; +// rc = -3; ++ log_problem(3); goto try_caps; } } else { memcpy(&m, &state, sizeof(m)); /* restore state */ - rc = -4; +// rc = -4; ++ log_problem(4); goto try_caps; } #endif diff --git a/libcap-ng.spec b/libcap-ng.spec index 907370d..7a91e5f 100644 --- a/libcap-ng.spec +++ b/libcap-ng.spec @@ -1,13 +1,14 @@ -Summary: An alternate posix capabilities library +Summary: Alternate posix capabilities library Name: libcap-ng Version: 0.8.2 -Release: 1%{?dist} +Release: 3%{?dist} License: LGPLv2+ -URL: http://people.redhat.com/sgrubb/libcap-ng -Source0: http://people.redhat.com/sgrubb/libcap-ng/%{name}-%{version}.tar.gz +URL: https://people.redhat.com/sgrubb/libcap-ng/ +Source0: https://people.redhat.com/sgrubb/libcap-ng/%{name}-%{version}.tar.gz # This patch can be removed when 1899540 is resolved Patch1: libcap-ng-0.8.2-apply-disable.patch BuildRequires: gcc +BuildRequires: make BuildRequires: kernel-headers >= 2.6.11 BuildRequires: libattr-devel @@ -18,7 +19,7 @@ Libcap-ng is a library that makes using posix capabilities easier Summary: Header files for libcap-ng library License: LGPLv2+ Requires: kernel-headers >= 2.6.11 -Requires: %{name} = %{version}-%{release} +Requires: %{name}%{?_isa} = %{version}-%{release} Requires: pkgconfig %description devel @@ -29,7 +30,8 @@ applications that need to use the libcap-ng library. Summary: Python3 bindings for libcap-ng library License: LGPLv2+ BuildRequires: python3-devel swig -Requires: %{name} = %{version}-%{release} +BuildRequires: make +Requires: %{name}%{?_isa} = %{version}-%{release} %description python3 The libcap-ng-python3 package contains the bindings so that libcap-ng @@ -38,7 +40,7 @@ and can be used by python3 applications. %package utils Summary: Utilities for analyzing and setting file capabilities License: GPLv2+ -Requires: %{name} = %{version}-%{release} +Requires: %{name}%{?_isa} = %{version}-%{release} %description utils The libcap-ng-utils package contains applications to analyze the @@ -51,18 +53,18 @@ lets you set the file system based capabilities. %build %configure --libdir=%{_libdir} --with-python=no --with-python3 -make CFLAGS="%{optflags}" %{?_smp_mflags} +%make_build CFLAGS="%{optflags}" %install -make DESTDIR="${RPM_BUILD_ROOT}" INSTALL='install -p' install +%make_install # Remove a couple things so they don't get picked up -rm -f $RPM_BUILD_ROOT/%{_libdir}/libcap-ng.la -rm -f $RPM_BUILD_ROOT/%{_libdir}/libcap-ng.a -rm -f $RPM_BUILD_ROOT/%{_libdir}/libdrop_ambient.la -rm -f $RPM_BUILD_ROOT/%{_libdir}/libdrop_ambient.a -rm -f $RPM_BUILD_ROOT/%{_libdir}/python?.?/site-packages/_capng.a -rm -f $RPM_BUILD_ROOT/%{_libdir}/python?.?/site-packages/_capng.la +rm -f $RPM_BUILD_ROOT%{_libdir}/libcap-ng.la +rm -f $RPM_BUILD_ROOT%{_libdir}/libcap-ng.a +rm -f $RPM_BUILD_ROOT%{_libdir}/libdrop_ambient.la +rm -f $RPM_BUILD_ROOT%{_libdir}/libdrop_ambient.a +rm -f $RPM_BUILD_ROOT%{_libdir}/python?.?/site-packages/_capng.a +rm -f $RPM_BUILD_ROOT%{_libdir}/python?.?/site-packages/_capng.la %check make check @@ -70,10 +72,9 @@ make check %ldconfig_scriptlets %files -%{!?_licensedir:%global license %%doc} %license COPYING.LIB -/%{_libdir}/libcap-ng.so.* -/%{_libdir}/libdrop_ambient.so.* +%{_libdir}/libcap-ng.so.* +%{_libdir}/libdrop_ambient.so.* %attr(0644,root,root) %{_mandir}/man7/* %files devel @@ -89,12 +90,17 @@ make check %{python3_sitearch}/capng.py* %files utils -%{!?_licensedir:%global license %%doc} %license COPYING %attr(0755,root,root) %{_bindir}/* %attr(0644,root,root) %{_mandir}/man8/* %changelog +* Sat Jan 30 2021 Steve Grubb 0.8.2-3 +- Add syslog warning for bad use of capng_apply + +* Tue Jan 26 2021 Fedora Release Engineering - 0.8.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + * Wed Dec 09 2020 Steve Grubb 0.8.2-1 - New upstream bugfix release