From mboxrd@z Thu Jan  1 00:00:00 1970
From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] libcap: Update to version 2.69
Date: Fri, 19 May 2023 13:47:51 +0200
Message-ID: <20230519114753.8468-5-adolf.belka@ipfire.org>
In-Reply-To: <20230519114753.8468-1-adolf.belka@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============5729244643315551150=="
List-Id: <development.lists.ipfire.org>

--===============5729244643315551150==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

- Update from version 2.67 to 2.69
- Update of rootfile
- Changelog
Release notes for 2.69
	2023-05-14 19:10:04 -0700
	    An audit was performed on libcap and friends by https://x41-dsec.de/
             https://x41-dsec.de/news/2023/05/15/libcap-source-code-audit/
             The audit (final report, 2023-05-10)
              https://drive.google.com/file/d/1lsuC_tQbQ5pCE2Sy_skw0a7hTzQyQh=
2C/view?usp=3Dsharing
              was sponsored by the the Open Source Technology Improvement Fun=
d,
              https://ostif.org/ (blog). Five issues were found. Four of them=
 are
              addressed in this release. Each issue was labeled in the audit =
results as
              follows:
	        LCAP-CR-23-01 (SEVERITY) LOW (CVE-2023-2602) - found by David Gstir
	        LCAP-CR-23-02 (SEVERITY) MEDIUM (CVE-2023-2603) - found by Richard W=
einberger
	        LCAP-CR-23-100 (SEVERITY) NONE
	        LCAP-CR-23-101 (SEVERITY) NONE
	    Man page style improvement from Emanuele Torre
	    Partially revive the ability to build the binaries fully statically.
	        This was needed to make bleeding edge kernel debugging/testing via
                 qemu+busybox work again. Addressing an issue I realized only=
 when I
                 tried to answer this stackexchange question.
                 https://unix.stackexchange.com/questions/741532/launch-proce=
ss-with-limited-capabilities-on-minimal-busybox-based-system
Release notes for 2.68
	2023-03-25 17:03:17 -0700
	    Force libcap internal functions to be hidden outside the library (Bug 21=
7014)
	    Expanded the list of man page (links) to all of the supported API functi=
ons.
	        fixed some formatting issues with the libpsx(3) manpage.
	    Add support for a markdown preamble and postscript when generating .md
             versions of the man pages (Bug 217007)
	    psx package clean up
	        fix some copy-paste errors with TestShared()
	        added a more complete psx testing into this test as well
	    cap package clean up
	        drop an unnecessary use of ", _" in the sources
	        cleaned up cap.NamedCount documentation
	    Converted goapps/web/README to .md format and fixed the instructions to
             indicate go mod tidy is needed.
	    cap_compare test binary now cleans up after itself (Bug 217018)
	    Figured out how to cross compile Go programs for arm (i.e. RPi) that use=
 C
             code, don't use cgo but do use the psx package (all part of inve=
stigating
             bug 216610).
	    Eliminate use of vendor directory

Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
 config/rootfiles/common/libcap | 8 ++++++--
 lfs/libcap                     | 4 ++--
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/config/rootfiles/common/libcap b/config/rootfiles/common/libcap
index af1c22e83..f331e2a43 100644
--- a/config/rootfiles/common/libcap
+++ b/config/rootfiles/common/libcap
@@ -6,20 +6,22 @@ sbin/setcap
 #usr/include/sys/psx_syscall.h
 usr/lib/libcap.so
 usr/lib/libcap.so.2
-usr/lib/libcap.so.2.67
+usr/lib/libcap.so.2.69
 #usr/lib/libpsx.so
 #usr/lib/libpsx.so.2
-usr/lib/libpsx.so.2.67
+usr/lib/libpsx.so.2.69
 #usr/lib/pkgconfig/libcap.pc
 #usr/lib/pkgconfig/libpsx.pc
 #usr/lib/security
 usr/lib/security/pam_cap.so
 #usr/share/man/man1/capsh.1
+#usr/share/man/man3/__psx_syscall.3
 #usr/share/man/man3/cap_clear.3
 #usr/share/man/man3/cap_clear_flag.3
 #usr/share/man/man3/cap_compare.3
 #usr/share/man/man3/cap_copy_ext.3
 #usr/share/man/man3/cap_copy_int.3
+#usr/share/man/man3/cap_copy_int_check.3
 #usr/share/man/man3/cap_drop_bound.3
 #usr/share/man/man3/cap_dup.3
 #usr/share/man/man3/cap_fill.3
@@ -71,6 +73,7 @@ usr/lib/security/pam_cap.so
 #usr/share/man/man3/cap_set_nsowner.3
 #usr/share/man/man3/cap_set_proc.3
 #usr/share/man/man3/cap_set_secbits.3
+#usr/share/man/man3/cap_set_syscall.3
 #usr/share/man/man3/cap_setgroups.3
 #usr/share/man/man3/cap_setuid.3
 #usr/share/man/man3/cap_size.3
@@ -80,6 +83,7 @@ usr/lib/security/pam_cap.so
 #usr/share/man/man3/capsetp.3
 #usr/share/man/man3/libcap.3
 #usr/share/man/man3/libpsx.3
+#usr/share/man/man3/psx_load_syscalls.3
 #usr/share/man/man3/psx_set_sensitivity.3
 #usr/share/man/man3/psx_syscall.3
 #usr/share/man/man3/psx_syscall3.3
diff --git a/lfs/libcap b/lfs/libcap
index 63f4ef8b0..951ed80dc 100644
--- a/lfs/libcap
+++ b/lfs/libcap
@@ -24,7 +24,7 @@
=20
 include Config
=20
-VER        =3D 2.67
+VER        =3D 2.69
=20
 THISAPP    =3D libcap-$(VER)
 DL_FILE    =3D $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects =3D $(DL_FILE)
=20
 $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE)
=20
-$(DL_FILE)_BLAKE2 =3D bd9be22e439397a3c1726093cfee2410df93773b3139d50a1cdc10=
daecb666ddb9b64daded6e0ec9f2fd6defd16ea156dbd66bd55360ea266131f31ea0f0e989
+$(DL_FILE)_BLAKE2 =3D 94d1fef7666a1c383a8b96f1f6092bd242164631532868b628d2f5=
de71b42a371d041a978ef7fbadfee3eeb433165444995d1078cd790275bc0433a7875a697e
=20
 install : $(TARGET)
=20
--=20
2.40.1


--===============5729244643315551150==--