Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

libcap2-32bit-2.70-1.1 RPM for x86_64

From OpenSuSE Tumbleweed for x86_64

Name: libcap2-32bit Distribution: openSUSE Tumbleweed
Version: 2.70 Vendor: openSUSE
Release: 1.1 Build date: Sat May 25 20:00:14 2024
Group: System/Libraries Build host: reproducible
Size: 46546 Source RPM: libcap-2.70-1.1.src.rpm
Summary: Library for Capabilities (linux-privs) Support
Capabilities are a measure to limit the omnipotence of the superuser.
Currently a program started by root or setuid root has the power to do
anything. Capabilities (Linux-Privs) provide a more fine-grained access
control. Without kernel patches, you can use this library to drop
capabilities within setuid binaries. If you use patches, this can be
done automatically by the kernel.




BSD-3-Clause OR GPL-2.0-only


* Sat May 25 2024 Andreas Stieger <>
  - update to 2.70:
    * setcap changes to make it harder to set invalid file capabilities
    * Lots of documentation fixes
    * Fix c89 compilation syntax for the C code in the libraries
    * libpam has deprecated providing the _pam_overwrite() function,
      so use memset() instead
* Tue May 16 2023 Marcus Meissner <>
  - updated to 2.69
    - An audit was performed on libcap and friends by (blog) . The audit (final report, 2023-05-10) was sponsored by the the Open Source Technology Improvement Fund, (blog). Five issues were found. Four of them are addressed in this release. Each issue was labeled in the audit results as follows:
    - LCAP-CR-23-01 (SEVERITY) LOW (CVE-2023-2602) - found by David Gstir (bsc#1211418)
    - LCAP-CR-23-02 (SEVERITY) MEDIUM (CVE-2023-2603) - found by Richard Weinberger (bsc#1211419)
    - LCAP-CR-23-100 (SEVERITY) NONE
    - LCAP-CR-23-101 (SEVERITY) NONE
    - LCAP-CR-23-102 (SEVERITY) NONE
    - Man page style improvement from Emanuele Torre
* Thu Mar 30 2023 Dirk Müller <>
  - update to 2.68:
    * Force libcap internal functions to be hidden outside the library
    * Expanded the list of man page (links) to all of the supported API
    * fixed some formatting issues with the libpsx(3) manpage.
    * Add support for a markdown preamble and postscript when generating
      .md versions of the man pages (Bug 217007)
    * psx package clean up
    * fix some copy-paste errors with TestShared()
    * added a more complete psx testing into this test as well
    * cap package clean up
    * drop an unnecessary use of ", _" in the sources
    * cleaned up cap.NamedCount documentation
    * Converted goapps/web/README to .md format and fixed the
      instructions to indicate go mod tidy is needed.
    * cap_compare test binary now cleans up after itself (Bug 217018)
    * Figured out how to cross compile Go programs for arm (i.e. RPi) that
      use C code, don't use cgo but do use the psx package
    * Eliminate use of vendor directory
* Fri Mar 24 2023 Martin Liška <>
  - Enable LTO and add missing -ffat-lto-objects for the provided
    static libs.
* Fri Mar 24 2023 Takashi Iwai <>
  - Revert LTO again; it still breaks builds
* Thu Mar 23 2023 Martin Liška <>
  - Enable LTO as it works fine.
* Sat Feb 04 2023 Dirk Müller <>
  - update to 2.67:
    * Replace use of fgrep with grep -F (POSIX grep flags preferred by
      GNU grep) - patch from David Seifert.
    * Added SPDX identifiers to License file(s). Hopefully this will
      help the various robots out there correctly identify the
      longstanding licenses for libcap and friends. (Bug: 216609
      reported by Günther Noack)
    * Started down the rabbit hole of trying to address (Bug: 216610
      reported by Günther Noack on behalf of Michael Stapelberg)
    * The basic issue is how to link C code with Go psx without using
      CGo. This is all a low level hackery. If you are interested,
      browse the source.
    * Correct for bad whatis entries in man pages (this was throwing a
      Debian build test, detail)
    * Also reviewed man pages and addressed cross linkage issues (Bug:
    * Cleaned up some files (made a github mirror now just so
      I can automatically render them).
    * Changed meaning of DYNAMIC=no builds.
      This now builds everything with static linking except for libc.
      The reason for this exception is explained in the commit message.
    * Inserted demonstration exploit code in to support
* Thu Sep 29 2022 Dirk Müller <>
  - update to 2.66:
    * Fix documentation typos in cap_from_text.3
    * Some getpcaps code clean up and a fix for PID argument parsing from Jakub
    * Slightly more robust Makefiles to address an error with make -j48 test observed
    * Include a simple Go program, captrace, to trace kernel capability validation
    * This program can be used to figure out what capabilities a program needs to
    * captrace (a wrapper for bpftrace) uses BPF kprobes to monitor the kernel for
      capability checks and whether or not they succeed for the system, a specific
      PID or a program's direct execution.
    * Trim down the default file capabilities for contrib/sucap/su to those actually
      needed and set USER and HOME environment variables so bash doesn't complain
      about a sourcing error.
* Fri Jul 22 2022 Dirk Müller <>
  - update to 2.65:
    * Fix syntax error in DEBUG build of protected code in setcap.c.
    * Prevent bash from reading the wrong startup files when the capsh --user=xxx
      argument is used to invoke a shell as the user xxx. This is done by capsh now
      changing the USER and HOME environment variables when --user is specified.
      The argument --noenv can be used to suppress this behavior to what used to be
      the problematic default. (Bug: 215926)
    * Improved documentation
* Tue Apr 12 2022 Dirk Müller <>
  - update to 2.64:
    * Fix memory leak in libpsx at program exit.
    * Be more resilient to CGo configuration with Go compiler when building tests.
    * Fix cap_*prctl() return code/errno handling.
    * Minor clarification to cap_get_pid() man page concerning pid
      value within namespaces.
* Fri Feb 25 2022 Marcus Meissner <>
  - Use "or" in the license tag to avoid confusion (bsc#1180073)
* Mon Jan 31 2022 Dirk Müller <>
  - update to 2.63:
    * restore errno to zero by the time main() is executed
    * Consistent psx handling (a panic) for syscalls that return thread dependent
      status Inconsistend behavior noticed by Lorenz Bauer
    * Add a test case for a deadlock under investigation in golang
    * Trim some of the #include file use to make the tree compile more
* Thu Dec 30 2021 Dirk Müller <>
  - update to 2.62:
    * Bug fix for Go package "cap" and launching
    * Build cleanups
    * Documentation updates: cap_max_bits has a man page entry
    * Recognize default securebits as a libcap mode: HYBRID
* Sun Nov 21 2021 Andreas Stieger <>
  - libcap 2.61:
    * Better error handling of the numerical arguments for capsh and
    * Fix executable mode for all of the .so files. There were two
      situations where this was failing (with a hard to debug SIGSEGV
      inside libc)
    * Added an example of a shared library object with its own file
    * Fix the top-level include for Make.Rules in the contrib/sucap
      example application
    * Add support for running constructors at start up time
      when running as stand alone binary.
  - includes changes from 2.60:
    * Some build, code linting fixes, the addition of the
      cap_fill_flag() API and a memory latency optimization
    * General improvement in thread safety for libcap and cap package
    * Minor API change replacing libcap:cap_launch_*() void returning
      functions with int + errno status returns.
    * Added a cap_iab_dup(), and (*cap.IAB).Dup() to API
    * New features for capsh: --quiet, -+ and =+ arguments
  - add upstream signing key and verify source signature
* Tue Sep 28 2021 Paolo Stivanin <>
  - update to 2.59:
    * Fixed a potential libcap memory leak by adding a destructor
    * Major improvement is that there is a path for Linux-PAM compliant
      applications to support setting Ambient vector Capabilities via now
    * Added libcap cap_proc_root() API function
    * Added color support to captree
    * Fixed contrib/sucap/su to correctly handle the Inheritable flag
    * capsh enhancements
    * getcap -r / now generates readable output
    * The shared library objects:, and, are all now
      runnable as standalone binaries
    * The module now contains support for a default=<IAB> module argument
    * Enhanced capsh --suggest to also compare against the capability value names
      and not just their descriptions
    * Added capsh --current support
    * Added a contrib/sucap/su.c pure-capabilities PAM implementation of su
    * Fix for a corner case infinite loop handling long strings
    * Added libcap cap_iab_compare() and cap_iab_get_pid() APIs
    * Added a Go utility, captree, to display the process (and thread) graph along with
      the POSIX.1e and IAB capabilities of each PID{TID} tree.
* Sat Jul 17 2021 Dirk Müller <>
  - update to 2.51:
    * Fix capsh installation
    * Add an autoauth module flag to
    * Unified libcap/cap (Go) and libcap (C) default generation of external format binary data
    * API enhancement cap_fill() and (*cap.Set).Fill() - to permit copying one
      capability flag to another.
    * --explain=cap_foo: describe what cap_foo does
    * --suggest=phrase: search all the cap descriptions and describe those that match the phrase
    * Add "keepcaps" module argument support to (reported by Zoltan Fridrich. Bug 212945)
    * extend libcap to include cap_prctl() and cap_prctlw() functions to regain
      feature parity with Go "cap" package. These are only needed when linking
      against -lpsx for keepcaps POSIX semantics.
    * this likely requires substantial application changes to make Ambient
      capability support usable in general, but doing our part for the admin.
    * Add a test case for recent kernel fix
    * Go pragma fix for convenience functions in "cap" module
* Wed Jun 02 2021 Christophe Giboudeaux <>
  - Fix a broken symlink. libcap-devel installs but
    didn't install the library it's pointing to.
* Fri Apr 16 2021
  - Add explicit dependency on libcap2 with version to libcap-progs
* Mon Mar 22 2021 Dirk Müller <>
  - update to 2.49:
    * Implement cap_func_launcher() and cap.FuncLauncher().
    * More robust "psx" redirection for nocgo compilation - the documentation for
      the cgo implementation is now included in the nocgo one because the
      automated documentation builds the docs from the nocgo version.
    * Lots of documentation cleanups and added a few man pages: for IAB and
    * Some general no-op License changes that might cause folk to notice but only
      for formatting reasons. These were initially inspired by some lawyerly
      interactions, but I ended up rolling back half of them because they
      confused automated software infrastructure.
* Tue Feb 09 2021 Dirk Müller <>
  - update to 2.48:
    * More uniform use of $(MAKE) in Makefiles
    * No longer include symlinks in the git tree
    * Provide support for make GOLANG=no ...
    * Provide support for pointing at a specific build of the go binary
    * camelCase the contrib/seccomp/explore.go program
    * A number of documentation fixes to man pages and source code comments
    * Last use of GO major version 0
* Wed Jan 27 2021 Dirk Müller <>
  - update to 2.47:
    * Restructured gowns to default to uid base of getuid().
    * Augment NOPRIV libcap mode with the sticky NO_NEW_PRIVS prctl bit.
    * Improve the usage and diagnostic message for setcap
    * Documentation fixes, license declarations, example updates
* Mon Jan 04 2021 Dirk Müller <>
  - update to 2.46:
    * The bulk of this release concerns fixes and improvements to libpsx
    * Fix the capsh == argument handling and add a test case
    * Added build support for systems that do not support libpthread
    * Added build support for not building shared libraries



Generated by rpm2html 1.8.1

Fabrice Bellet, Thu Jul 18 01:03:01 2024