libcap-ng/SOURCES/libcap-ng-0.8.1-signed-unsigned-fix.patch

diff -ru a/src/cap-ng.c b/src/cap-ng.c
--- a/src/cap-ng.c
+++ b/src/cap-ng.c
@@ -46,7 +46,7 @@
 #endif
 
 # define hidden __attribute__ ((visibility ("hidden")))
-int last_cap hidden = -1;
+unsigned int last_cap hidden = 0;
 /*
  * Some milestones of when things became available:
  * 2.6.24 kernel	XATTR_NAME_CAPS
@@ -65,7 +65,7 @@
 // Local defines
 #define MASK(x) (1U << (x))
 #ifdef PR_CAPBSET_DROP
-#define UPPER_MASK ~(unsigned)((~0U)<<(last_cap-31))
+#define UPPER_MASK ~((~0U)<<(last_cap-31))
 #else
 // For v1 systems UPPER_MASK will never be used
 #define UPPER_MASK (unsigned)(~0U)
@@ -73,7 +73,7 @@
 
 // Re-define cap_valid so its uniform between V1 and V3
 #undef cap_valid
-#define cap_valid(x) ((x) <= (unsigned int)last_cap)
+#define cap_valid(x) ((x) <= last_cap)
 
 // If we don't have the xattr library, then we can't
 // compile-in file system capabilities
@@ -174,6 +174,26 @@
 #ifdef HAVE_PTHREAD_H
 	pthread_atfork(NULL, NULL, deinit);
 #endif
+	// Detect last cap
+	if (last_cap == 0) {
+		int fd;
+
+		fd = open("/proc/sys/kernel/cap_last_cap", O_RDONLY);
+		if (fd >= 0) {
+			char buf[8];
+			int num = read(fd, buf, sizeof(buf) - 1);
+			if (num > 0) {
+				buf[num] = 0;
+				errno = 0;
+				unsigned int val = strtoul(buf, NULL, 10);
+				if (errno == 0)
+					last_cap = val;
+			}
+			close(fd);
+		}
+		if (last_cap == 0)
+			last_cap = CAP_LAST_CAP;
+	}
 }
 
 static void init(void)
@@ -199,26 +219,6 @@
 #else
 	m.hdr.pid = (unsigned)getpid();
 #endif
-	// Detect last cap
-	if (last_cap == -1) {
-		int fd;
-
-		fd = open("/proc/sys/kernel/cap_last_cap", O_RDONLY);
-		if (fd >= 0) {
-			char buf[8];
-			int num = read(fd, buf, sizeof(buf) - 1);
-			if (num > 0) {
-				buf[num] = 0;
-				errno = 0;
-				int val = strtoul(buf, NULL, 10);
-				if (errno == 0)
-					last_cap = val;
-			}
-			close(fd);
-		}
-		if (last_cap == -1)
-			last_cap = CAP_LAST_CAP;
-	}
 	m.state = CAPNG_ALLOCATED;
 }
 
@@ -478,7 +478,7 @@
 		if (CAPNG_INHERITABLE & type)
 			v1_update(action, capability, &m.data.v1.inheritable);
 	} else {
-		int idx;
+		unsigned int idx;
 
 		if (capability > 31) {
 			idx = capability>>5;
@@ -545,7 +545,7 @@
 		memcpy(&state, &m, sizeof(state)); /* save state */
 		capng_get_caps_process();
 		if (capng_have_capability(CAPNG_EFFECTIVE, CAP_SETPCAP)) {
-			int i;
+			unsigned int i;
 			memcpy(&m, &state, sizeof(m)); /* restore state */
 			rc = 0;
 			for (i=0; i <= last_cap && rc == 0; i++)
@@ -602,7 +602,7 @@
 #ifndef VFS_CAP_U32
 	return -1;
 #else
-	int rc, size;
+	int rc, size = 0;
 	struct vfs_cap_data filedata;
 	struct stat buf;
 
@@ -1010,7 +1010,7 @@
 
 char *capng_print_caps_text(capng_print_t where, capng_type_t which)
 {
-	int i, once = 0, cnt = 0;
+	unsigned int i, once = 0, cnt = 0;
 	char *ptr = NULL;
 
 	if (m.state < CAPNG_INIT)
diff -ru a/src/lookup_table.c b/src/lookup_table.c
--- a/src/lookup_table.c
+++ b/src/lookup_table.c
@@ -29,10 +29,10 @@
 
 
 #define hidden __attribute__ ((visibility ("hidden")))
-extern int last_cap hidden;
+extern unsigned int last_cap hidden;
 
 #undef cap_valid
-#define cap_valid(x) ((x) <= (unsigned int)last_cap)
+#define cap_valid(x) ((x) <= last_cap)
 
 
 struct transtab {
diff -ru a/src/test/lib_test.c b/src/test/lib_test.c
--- a/src/test/lib_test.c
+++ b/src/test/lib_test.c
@@ -29,7 +29,7 @@
 #include <fcntl.h>
 #include <sys/stat.h>
 
-int get_last_cap(void)
+static unsigned int get_last_cap(void)
 {
 	int fd;
 
@@ -41,17 +41,19 @@
 		int num = read(fd, buf, sizeof(buf));
 		if (num > 0) {
 			errno = 0;
-			int val = strtoul(buf, NULL, 10);
+			unsigned int val = strtoul(buf, NULL, 10);
 			if (errno == 0)
 				return val;
 		}
+		close(fd);
 	}
 	return CAP_LAST_CAP;
 }
 
 int main(void)
 {
-	int rc, i, len, last = get_last_cap();
+	int rc;
+	unsigned int i, len, last = get_last_cap();
 	char *text;
 	void *saved;
 
@@ -127,7 +129,7 @@
 			abort();
 		}
 		name = capng_capability_to_name(i);
-		if (name == NULL) { 
+		if (name == NULL) {
 			printf("Failed converting capability %d to name\n", i);
 			abort();
 		}