Re: [PATCH] libcap: Update to version 2.61

[Michael Tremer <michael.tremer@ipfire.org>]

[-- Attachment #1: Type: text/plain, Size: 13431 bytes --]

Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>

> On 27 Nov 2021, at 13:35, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
> 
> - Update from 2.50 to 2.61
> - Update of rootfile
> - Changelog
>  Release notes for 2.61
>    Better error handling of the numerical arguments for capsh and setcap.
>        Reported by meitingli with some bug de-duping help from Artem S. Tashkinov (Bugs 214909, 214911)
>    Fix executable mode for all of the .so files. There were two situations where this was failing (with a hard to debug SIGSEGV inside libc). Bugs reported by Sam James. Both the same solution related to stack alignment and use of SSE instructions:
>        glibc and the 32-bit x86 mode (Gentoo bug 820071)
>        musl runtime library for 64-bit x86 code (Bug 215009)
>    Added an example of a shared library object with its own file capability.
>        It demonstrates how to give a shared library a file capability and offer it as a linkable privileged API service to an otherwise unprivileged binary.
>    Fix the top-level include for Make.Rules in the contrib/sucap example application
>    Add support for running constructors at libcap.so start up time when running as stand alone binary.
>        This enables the binary executable to print out some dynamically generated content when given the --summary argument.
>  Release notes for 2.60
>    Some build, code linting fixes, the addition of the cap_fill_flag() API and a memory latency optimization contributed by Google (Bugs: 214579 214601 214599)
>    General improvement in thread safety for libcap and cap package (Bug: 214715)
>    Minor API change replacing libcap:cap_launch_*() void returning functions with int + errno status returns.
>        This should be backwardly compatible for code.
>    Added a cap_iab_dup(), and (*cap.IAB).Dup() to API.
>        Fixed (*cap.IAB).Fill() which was previously malfunctioning for certain Inh and Amb copies.
>    New features for capsh
>        --quiet can be used to suppress the start up check that the local libcap is modern enough to name all of the capabilities known to the hosting kernel
>        Added -+ and =+ arguments. These are fork+exec equivalents to -- and == respectively (that use the cap_launch API).
>  Release notes for 2.59
>    libcap-2.55 ... 2.58 would SIGSEGV if an operation was attempted on a NULL value for cap_t or cap_iab_t. Restore the more tolerant error return behavior last seen with libcap-2.54. (Bug 214525)
>    More make -j13 fixes (missing dependency for make -C progs sudotest).
>    Various minor documentation fixes.
>  Release notes for 2.58
>    Fixed a potential libcap memory leak by adding a destructor (Bug 214373 reported by yan12125)
>    Major improvement is that there is a path for Linux-PAM compliant applications to support setting Ambient vector Capabilities via pam_cap.so now (Bug 214377)
>        In addition to the bug, related discussion is in two Github issues: https://github.com/shadow-maint/shadow/pull/408#issuecomment-919673098 and https://github.com/rra/pam-krb5/issues/21
>    Added support for RPM builds that generate the build-id that RPM expects (see https://github.com/rpm-software-management/rpm/issues/367 for discussion)
>    Minor contrib/sucap/su.c cleanups
>    Clean up kdebug build rules
>    More documentation cleanup
>  Release notes for 2.57
>    capsh enhancements:
>        --mode makes a guess at the libcap mode of the current process (Bug 214319)
>        --strict makes capsh less permissive and expects the user to perform more deliberate capability transactions
>            useful for learning all the steps; and helps this article be more pedagogical.
>    Build system fixes
>        Preserve $(WARNINGS) (Fix from David Seifert)
>        Don't ever build test binaries unless make test etc is invoked (speeds builds on slower systems)
>        Support make -j12 for all, test and sudotest targets
>    getcap -r / now generates readable output (Bug 214317)
>    Some documentation cleanup: more consistency.
>  Release notes for 2.56
>    Canonicalize the Makefile use (in collaboration with David Seifert)
>        In the process fixed a bug in pam_cap/test_pam_cap (reported by David Seifert, Bug 214257)
>    Doc fixes for cap_iab.3
>    Added color support to captree, which helped make the following fix generate readable output:
>        Fixed captree to not display duplicate copies of sub-trees if also exploring their ancestor (Bug 214269)
>    Fixed contrib/sucap/su to correctly handle the Inheritable flag.
>  Release notes for 2.55
>    Two rounds of fixes for the results of some static analysis performed by Zoltan Fridrich
>    Removed a clang compilation warning about memory allocation by rewriting the way cap_free() and the various libcap memory allocation mechanisms work. (Bug 214183)
>        This generated a few broken builds until it was fixed.
>    Cleanup of some man pages; some fixes and shorter URL to bugzilla link.
>    Added libcap cap_proc_root() API function (to reach parity with the Go cap package).
>        This is only potentially useful with the recently added cap_iab_get_pid() function
>    Revamped what the GOLANG=yes builds install - used to install local copies of cap and psx, but these were effectively useless because of the Go module support in recent Go releases in favor of user controller GOPATH.
>        Now make GOLANG=yes only installs the captree utility
>        Added some features to captree and created a small article on it
>        Added a man page for the captree utility
>    Some small changes to the tests to account for the idiosyncrasies of some new testing environments I've accumulated.
>        Included adding --has-b support to capsh
>  Release notes for 2.54
>    Fix for a corner case infinite loop handling long strings (patch provided by Samanta Navarro)
>    Fixes to not ignore allocation failures (patch provided by Samanta Navarro)
>    Evolving work from Samanta Navarro, found and fixed a memory leak in cap_iab_get_proc()
>    More robust discovery of the name of the dynamic loader of the build target (patch provided by Arnout Vandecappelle)
>    Revamped the Go capability comparison API for *cap.Set and *cap.IAB: (x).Cf(), and added cap.IABGetPID()
>    Added libcap cap_iab_compare() and cap_iab_get_pid() APIs.
>    Added a Go utility, captree, to display the process (and thread) graph along with the POSIX.1e and IAB capabilities of each PID{TID} tree.
>        Extended getpcaps to support the --iab command line argument, which outputs a PID's IAB tuple too (if non-default).
>    Install *.so files as executable now that they are executable as binaries
>        A feature of 2.52 but not extended to install rules at that time.
>    Absorbed a lot of wisdom from a number of downstream package workarounds including wisdom from (Zhi Li and Arnout Vandecappelle and unknown others... Bugs 214023#c16, 214085)
>        Support make FORCELINKPAM=yes or make FORCELINKPAM=no for those packagers that feel strongly about not letting this be dynamically discovered at build time.
>    Fixed a compiler warnings from the GitHub build tester (Bug 214143)
>  Release notes for 2.53
>    The (C) cap_launch functionality was previously broken when launches failed (found and fixed by Samanta Navarro)
>        Added a test case for this too.
>    Lots of tyops fixed in code and documentation (also by Samanta Navarro)
>    Support distributions that aggressively link shared objects (reported by David Runge; Bug 214023)
>        These distributions failed to observe a runnable pam_cap.so and various make options failed.
>    Support clang builds (again). (Reported by Johan Herland 214047)
>        This used to work, but by accident. It broke with the advent of a runnable libcap.so , libpsx.so and pam_cap.so support. Fixed now, and added a build target to validate it still works at release time.
>    Minor documentation updates including one for Slavi Marinov who was trying to get cap.LaunchFunc() to work.
>        Worked up a couple of example modifications to goapps/web to demonstrate a different user per web query and enabling a custom chroot per web query.
>  Release notes for 2.52
>    Revived -std=c89 compilation for make all etc. (Bug 213541 reported by Byron Stanoszek.)
>    The shared library objects: pam_cap.so, libcap.so and libpsx.so, are all now runnable as standalone binaries!
>        The support is used to display some description information.
>        To activate it, these binaries need to be installed executable (chmod +x ...)
>        We also provided a write-up of how to enable this sort of feature in other .so files here.
>    The module pam_cap.so now contains support for a default=<IAB> module argument. (Bug 213611).
>    Enhanced capsh --suggest to also compare against the capability value names and not just their descriptions.
>    Added capsh --current support.
>    Minor documentation updates.
>    Added a contrib/sucap/su.c pure-capabilities PAM implementation of su.
>        This is primarily to demonstrate that such a thing is possible, and to validate that the pam_cap.so module is capable of adding any IAB tuple of inheritables per group or user.
>        At this time, it relies on features only present in this version of libcap and HEAD of the Linux-PAM sources for the pam_unix.so module.
>  Release notes for 2.51
>    Fix capsh installation (Bug 213261 - reported by Jan Palus)
>    Add an autoauth module flag to pam_cap.so (Bug 213279 - noted a feature request hidden in StackExchange)
>    Unified libcap/cap (Go) and libcap (C) default generation of external format binary data (Bug 213375 - addressing an issue raised by Mike Schilling)
>        This standard binary format should be forwards/backwards compatible with earlier libcap2 builds and libcap/cap packages
>    API enhancement cap_fill() and (*cap.Set).Fill() - to permit copying one capability flag to another.
>        This can be used to raise all the Permitted capabilities in a Set with one API call.
>    In tree build/run/test of Go packages now uses Go module vendoring (Bug 212453).
>        This is with an eye to the imminent golang change removing support for GOPATH based building.
>    Minor compilation warning fixes
> 
> Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
> ---
> config/rootfiles/common/libcap | 10 ++++++++--
> lfs/libcap                     |  7 +++----
> 2 files changed, 11 insertions(+), 6 deletions(-)
> 
> diff --git a/config/rootfiles/common/libcap b/config/rootfiles/common/libcap
> index def30cb5a..c33222c49 100644
> --- a/config/rootfiles/common/libcap
> +++ b/config/rootfiles/common/libcap
> @@ -1,10 +1,10 @@
> #lib/libcap.a
> lib/libcap.so.2
> -lib/libcap.so.2.50
> +lib/libcap.so.2.61
> #lib/libpsx.a
> #lib/libpsx.so
> #lib/libpsx.so.2
> -#lib/libpsx.so.2.50
> +#lib/libpsx.so.2.61
> #lib/pkgconfig/libcap.pc
> #lib/pkgconfig/libpsx.pc
> lib/security/pam_cap.so
> @@ -23,6 +23,8 @@ usr/lib/libcap.so
> #usr/share/man/man3/cap_copy_int.3
> #usr/share/man/man3/cap_drop_bound.3
> #usr/share/man/man3/cap_dup.3
> +#usr/share/man/man3/cap_fill.3
> +#usr/share/man/man3/cap_fill_flag.3
> #usr/share/man/man3/cap_free.3
> #usr/share/man/man3/cap_from_name.3
> #usr/share/man/man3/cap_from_text.3
> @@ -36,8 +38,11 @@ usr/lib/libcap.so
> #usr/share/man/man3/cap_get_proc.3
> #usr/share/man/man3/cap_get_secbits.3
> #usr/share/man/man3/cap_iab.3
> +#usr/share/man/man3/cap_iab_compare.3
> +#usr/share/man/man3/cap_iab_dup.3
> #usr/share/man/man3/cap_iab_fill.3
> #usr/share/man/man3/cap_iab_from_text.3
> +#usr/share/man/man3/cap_iab_get_pid.3
> #usr/share/man/man3/cap_iab_get_proc.3
> #usr/share/man/man3/cap_iab_get_vector.3
> #usr/share/man/man3/cap_iab_init.3
> @@ -73,6 +78,7 @@ usr/lib/libcap.so
> #usr/share/man/man3/psx_syscall.3
> #usr/share/man/man3/psx_syscall3.3
> #usr/share/man/man3/psx_syscall6.3
> +#usr/share/man/man8/captree.8
> #usr/share/man/man8/getcap.8
> #usr/share/man/man8/getpcaps.8
> #usr/share/man/man8/setcap.8
> diff --git a/lfs/libcap b/lfs/libcap
> index 610ff474b..387d43e38 100644
> --- a/lfs/libcap
> +++ b/lfs/libcap
> @@ -24,7 +24,7 @@
> 
> include Config
> 
> -VER        = 2.50
> +VER        = 2.61
> 
> THISAPP    = libcap-$(VER)
> DL_FILE    = $(THISAPP).tar.xz
> @@ -40,7 +40,7 @@ objects = $(DL_FILE)
> 
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
> 
> -$(DL_FILE)_MD5 = 66a561afa81666236ff973544ff4e864
> +$(DL_FILE)_MD5 = 3bf105e47a8671035a0ce0812185c5e4
> 
> install : $(TARGET)
> 
> @@ -70,13 +70,12 @@ $(subst %,%_MD5,$(objects)) :
> $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
> 	@$(PREBUILD)
> 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
> -	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/libcap-2.50-install_capsh_again.patch
> 	# Prevent a static library from being installed
> 	cd $(DIR_APP) && sed -i '/install.*STALIBNAME/d' libcap/Makefile
> 	cd $(DIR_APP) && make GOLANG=no
> 	cd $(DIR_APP) && make install GOLANG=no
> 	rm -vf /lib/libcap.so
> -	ln -svf /lib/libcap.so.2.50 /usr/lib/libcap.so
> +	ln -svf /lib/libcap.so.2.61 /usr/lib/libcap.so
> 	chmod +x /lib/libcap.so.*
> 	@rm -rf $(DIR_APP)
> 	@$(POSTBUILD)
> -- 
> 2.34.0
>