diff --git a/SOURCES/getpcaps.8 b/SOURCES/getpcaps.8 new file mode 100644 index 00000000..6bbf46a7 --- /dev/null +++ b/SOURCES/getpcaps.8 @@ -0,0 +1,23 @@ +.\" Hey, EMACS: -*- nroff -*- +.TH GETPCAPS 8 "2001-05-29" +.\" Please adjust this date whenever revising the manpage. +.SH NAME +getpcaps \- display process capabilities +.SH SYNOPSIS +.B getpcaps +.IR pid ... +.SH DESCRIPTION +.B getpcaps +displays the capabilities on the processes indicated by the +.I pid +value(s) given on the commandline. The capabilities +are displayed in the +.BR cap_from_text (3) +format. +.SH SEE ALSO +.BR execcap (8). +.br +.SH AUTHOR +This manual page was written by Robert Bihlmeyer , +for the Debian GNU/Linux system (but may be used by others). + diff --git a/SOURCES/libcap-2.22-buildflags.patch b/SOURCES/libcap-2.22-buildflags.patch new file mode 100644 index 00000000..7e204afd --- /dev/null +++ b/SOURCES/libcap-2.22-buildflags.patch @@ -0,0 +1,21 @@ +diff -up libcap-2.22/Make.Rules~ libcap-2.22/Make.Rules +--- libcap-2.22/Make.Rules~ 2011-07-25 05:18:23.000000000 +0300 ++++ libcap-2.22/Make.Rules 2013-02-24 20:58:45.681474100 +0200 +@@ -48,7 +48,7 @@ KERNEL_HEADERS := $(topdir)/libcap/inclu + IPATH += -fPIC -I$(topdir)/libcap/include -I$(KERNEL_HEADERS) + + CC := gcc +-CFLAGS := -O2 -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 ++CFLAGS := $(RPM_OPT_FLAGS) -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 + BUILD_CC := $(CC) + BUILD_CFLAGS := $(CFLAGS) $(IPATH) + AR := ar +@@ -59,7 +59,7 @@ WARNINGS=-Wall -Wwrite-strings \ + -Wstrict-prototypes -Wmissing-prototypes \ + -Wnested-externs -Winline -Wshadow + LD=$(CC) -Wl,-x -shared +-LDFLAGS := #-g ++LDFLAGS := $(RPM_LD_FLAGS) #-g + + SYSTEM_HEADERS = /usr/include + INCS=$(topdir)/libcap/include/sys/capability.h diff --git a/SOURCES/libcap-2.22-signed-sizeof-compare.patch b/SOURCES/libcap-2.22-signed-sizeof-compare.patch new file mode 100644 index 00000000..4ada3fa2 --- /dev/null +++ b/SOURCES/libcap-2.22-signed-sizeof-compare.patch @@ -0,0 +1,21 @@ +diff -up libcap-2.22/libcap/cap_file.c.911878 libcap-2.22/libcap/cap_file.c +--- libcap-2.22/libcap/cap_file.c.911878 2013-05-14 11:45:25.569448468 +0200 ++++ libcap-2.22/libcap/cap_file.c 2013-05-14 11:47:04.712036407 +0200 +@@ -187,7 +187,7 @@ cap_t cap_get_fd(int fildes) + /* fill the capability sets via a system call */ + sizeofcaps = fgetxattr(fildes, XATTR_NAME_CAPS, + &rawvfscap, sizeof(rawvfscap)); +- if (sizeofcaps < sizeof(rawvfscap.magic_etc)) { ++ if (sizeofcaps < (int) sizeof(rawvfscap.magic_etc)) { + cap_free(result); + result = NULL; + } else { +@@ -217,7 +217,7 @@ cap_t cap_get_file(const char *filename) + /* fill the capability sets via a system call */ + sizeofcaps = getxattr(filename, XATTR_NAME_CAPS, + &rawvfscap, sizeof(rawvfscap)); +- if (sizeofcaps < sizeof(rawvfscap.magic_etc)) { ++ if (sizeofcaps < (int) sizeof(rawvfscap.magic_etc)) { + cap_free(result); + result = NULL; + } else { diff --git a/SOURCES/libcap-PAM_REINITIALIZE_CRED.patch b/SOURCES/libcap-PAM_REINITIALIZE_CRED.patch new file mode 100644 index 00000000..3e99baf9 --- /dev/null +++ b/SOURCES/libcap-PAM_REINITIALIZE_CRED.patch @@ -0,0 +1,12 @@ +diff -urN libcap-2.25/pam_cap/pam_cap.c libcap-2.25_patched/pam_cap/pam_cap.c +--- libcap-2.25/pam_cap/pam_cap.c 2013-12-16 05:46:28.000000000 +0100 ++++ libcap-2.25_patched/pam_cap/pam_cap.c 2019-03-04 16:18:23.440525062 +0100 +@@ -286,7 +286,7 @@ + int retval; + struct pam_cap_s pcs; + +- if (!(flags & PAM_ESTABLISH_CRED)) { ++ if (!(flags & (PAM_ESTABLISH_CRED | PAM_REINITIALIZE_CRED))) { + D(("we don't handle much in the way of credentials")); + return PAM_IGNORE; + } diff --git a/SOURCES/libcap.pc b/SOURCES/libcap.pc new file mode 100644 index 00000000..e1b26d23 --- /dev/null +++ b/SOURCES/libcap.pc @@ -0,0 +1,11 @@ +prefix=/usr +exec_prefix=/usr +libdir=/usr/lib64 +includedir=/usr/include + +Name: libcap +Description: libcap +Version: 2.22 +Libs: -L${libdir} -lcap +Libs.private: -lattr +Cflags: -I${includedir} diff --git a/SPECS/libcap.spec b/SPECS/libcap.spec new file mode 100644 index 00000000..b30d1232 --- /dev/null +++ b/SPECS/libcap.spec @@ -0,0 +1,287 @@ +Name: libcap +Version: 2.22 +Release: 11%{?dist} +Summary: Library for getting and setting POSIX.1e capabilities +# Original tarball should be here, but got deleted: +#Source: http://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.6/libcap-2.22.tar.bz2 +URL: https://sites.google.com/site/fullycapable/ +Source: https://git.kernel.org/pub/scm/libs/libcap/libcap.git/snapshot/%{name}-%{version}.tar.gz + +# http://manned.org/getpcaps/299a4949/src: +Source1: getpcaps.8 +Source2: libcap.pc +Patch0: %{name}-2.22-buildflags.patch +Patch1: libcap-2.22-signed-sizeof-compare.patch +Patch2: %{name}-PAM_REINITIALIZE_CRED.patch + +License: LGPLv2+ +Group: System Environment/Libraries +BuildRequires: libattr-devel pam-devel + +%description +libcap is a library for getting and setting POSIX.1e (formerly POSIX 6) +draft 15 capabilities. + +%package devel +Summary: Development files for libcap +Group: Development/Libraries +Requires: %{name} = %{version}-%{release} + +%description devel +Development files (Headers, libraries for static linking, etc) for libcap. + +libcap is a library for getting and setting POSIX.1e (formerly POSIX 6) +draft 15 capabilities. + +Install libcap-devel if you want to develop or compile applications using +libcap. + +%prep +%setup -q +%patch0 -p1 +%patch1 -p1 +%patch2 -p1 + +%build +# libcap can not be build with _smp_mflags: +make PREFIX=%{_prefix} LIBDIR=%{_libdir} SBINDIR=%{_sbindir} \ + INCDIR=%{_includedir} MANDIR=%{_mandir} + +%install +make install RAISE_SETFCAP=no \ + DESTDIR=%{buildroot} \ + LIBDIR=%{buildroot}/%{_libdir} \ + SBINDIR=%{buildroot}/%{_sbindir} \ + INCDIR=%{buildroot}/%{_includedir} \ + MANDIR=%{buildroot}/%{_mandir}/ +mkdir -p %{buildroot}/%{_mandir}/man{2,3,8} %{buildroot}/%{_libdir}/pkgconfig/ +mv -f doc/*.3 %{buildroot}/%{_mandir}/man3/ +cp -f %{SOURCE1} %{buildroot}/%{_mandir}/man8/ +cp -f %{SOURCE2} %{buildroot}/%{_libdir}/pkgconfig/libcap.pc + +# remove static lib +rm -f %{buildroot}/%{_libdir}/libcap.a + +chmod +x %{buildroot}/%{_libdir}/*.so.* + +%post -p /sbin/ldconfig +%postun -p /sbin/ldconfig + +%files +%defattr(-,root,root,-) +/%{_libdir}/*.so.* +%{_sbindir}/* +%{_mandir}/man1/* +%{_mandir}/man8/* +/%{_libdir}/security/pam_cap.so +%doc doc/capability.notes License + +%files devel +%defattr(-,root,root,-) +%{_includedir}/* +/%{_libdir}/*.so +%{_mandir}/man3/* +/%{_libdir}/pkgconfig/libcap.pc + +%clean +rm -rf %{buildroot} + +%changelog +* Tue Oct 15 2019 Marek Tamaskovic - 2.26-11 +- changed url + +* Thu Apr 11 2019 Karsten Hopp - 2.22-10 +- check for PAM_REINITIALIZE_CRED in pam_cap.so, required by sudo + +* Mon Mar 06 2017 Karsten Hopp - 2.22-9 +- add pkgconfig file + +* Fri Jan 24 2014 Daniel Mach - 2.22-8 +- Mass rebuild 2014-01-24 + +* Fri Dec 27 2013 Daniel Mach - 2.22-7 +- Mass rebuild 2013-12-27 + +* Tue May 14 2013 Karsten Hopp 2.22-6 +- mv libraries to /usr/lib* +- add getpcaps man page +- spec file cleanup +- fix URL of tarball + +* Tue May 14 2013 Karsten Hopp 2.22-5 +- add patch from Mark Wielaard to fix use of uninitialized memory in _fcaps_load + rhbz #911878 + +* Sun Feb 24 2013 Ville Skyttä - 2.22-5 +- Build with $RPM_OPT_FLAGS and $RPM_LD_FLAGS. + +* Thu Feb 14 2013 Fedora Release Engineering - 2.22-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Thu Jul 19 2012 Fedora Release Engineering - 2.22-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Fri Jan 13 2012 Fedora Release Engineering - 2.22-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Wed Jul 27 2011 Karsten Hopp 2.22-1 +- update to 2.22 (#689752) + +* Mon Feb 07 2011 Fedora Release Engineering - 2.17-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Thu Dec 10 2009 Karsten Hopp 2.17-1 +- update to 2.17 + +* Fri Jul 24 2009 Fedora Release Engineering - 2.16-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Tue Jun 16 2009 Karsten Hopp 2.16-4 +- fix build problems with p.e. cdrkit + +* Sun Mar 22 2009 Karsten Hopp 2.16-1 +- update, with a fix for rebuild problems + +* Wed Feb 25 2009 Fedora Release Engineering - 2.10-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Fri Jun 06 2008 Karsten Hopp 2.10-2 +- drop libcap.so.1 +- fix buildrequires and path to pam security module + +* Thu Jun 05 2008 Karsten Hopp 2.10-1 +- libcap-2.10 + +* Thu Feb 21 2008 Karsten Hopp 2.06-4 +- don't build static binaries (#433808) + +* Wed Feb 20 2008 Karsten Hopp 2.06-3 +- temporarily add libcap-1 libraries to bootstrap some packages + +* Tue Feb 19 2008 Fedora Release Engineering - 2.06-2 +- Autorebuild for GCC 4.3 + +* Fri Feb 15 2008 Karsten Hopp 2.06-1 +- upate to 2.06 (#432983) + +* Wed Jan 16 2008 Karsten Hopp 1.10-33 +- drop post,postun requirements on ldconfig as find-requires can handle this + +* Tue Jan 15 2008 Karsten Hopp 1.10-32 +- add disttag +- fix changelog +- fix defattr + +* Mon Jan 14 2008 Karsten Hopp 1.10-31 +- use cp -p in spec file to preserve file attributes (#225992) +- add license file + +* Fri Aug 24 2007 Karsten Hopp 1.10-30 +- rebuild + +* Fri Feb 23 2007 Karsten Hopp 1.10-29 +- add CAP_AUDIT_WRITE and CAP_AUDIT_CONTROL (#229833) + +* Wed Feb 21 2007 Karsten Hopp 1.10-28 +- drop obsolete ia64 patch +- rpmlint fixes + +* Wed Feb 21 2007 Karsten Hopp 1.10-27 +- misc. review fixes +- add debian patch to make it build with a recent glibc +- remove static lib + +* Wed Jul 19 2006 Karsten Hopp 1.10-25 +- add patch to support COPTFLAG (#199365) + +* Wed Jul 12 2006 Jesse Keating - 1.10-24.2.1 +- rebuild + +* Fri Feb 10 2006 Jesse Keating - 1.10-24.2 +- bump again for double-long bug on ppc(64) + +* Tue Feb 07 2006 Jesse Keating - 1.10-24.1 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Mon Dec 19 2005 Karsten Hopp 1.10-24 +- added development manpages +- as there are no manpages for the executables available, added at least + a FAQ (#172324) + +* Fri Dec 09 2005 Jesse Keating +- rebuilt + +* Mon Oct 31 2005 Steve Grubb 1.10-23 +- rebuild to pick up audit capabilities + +* Wed Mar 02 2005 Karsten Hopp 1.10-22 +- build with gcc-4 + +* Wed Feb 09 2005 Karsten Hopp 1.10-21 +- rebuilt + +* Tue Aug 31 2004 Phil Knirsch 1.10-20 +- Fix wrong typedef in userland patch (#98801) + +* Tue Jun 15 2004 Elliot Lee +- rebuilt + +* Tue Mar 02 2004 Elliot Lee +- rebuilt + +* Fri Feb 13 2004 Elliot Lee +- rebuilt + +* Tue Jan 27 2004 Karsten Hopp 1.10-17 +- use _manpath + +* Wed Jun 04 2003 Elliot Lee +- rebuilt + +* Wed Jan 22 2003 Tim Powers +- rebuilt + +* Sat Jan 4 2003 Jeff Johnson 1.10-14 +- set execute bits on library so that requires are generated. + +* Thu Nov 21 2002 Mike A. Harris 1.10-13 +- Removed %%name macro sillyness from package Summary, description text, etc. +- Removed archaic Prefix: tag +- lib64 fixes everywhere to use _lib, _libdir, etc +- Removed deletion of RPM_BUILD_DIR from %%clean section +- Added -q flag to setup macro +- Severely cleaned up spec file, and removed usage of perl + +* Fri Jul 19 2002 Jakub Jelinek 1.10-12 +- CFLAGS was using COPTFLAG variable, not COPTFLAGS +- build with -fpic +- apply the IA-64 patch everywhere, use capget/capset from glibc, + not directly as _syscall (as it is broken on IA-32 with -fpic) +- reenable alpha + +* Fri Jun 21 2002 Tim Powers +- automated rebuild + +* Wed May 29 2002 Bernhard Rosenkraenzer 1.10-10 +- Exclude alpha for now, apparent gcc bug. + +* Fri Nov 9 2001 Bernhard Rosenkraenzer 1.10-6 +- Fix sys/capabilities.h header (#55727) +- Move to /lib, some applications seem to be using this rather early + (#55733) + +* Mon Jul 16 2001 Trond Eivind Glomsrød +- Add post,postun scripts + +* Tue Jul 10 2001 Jakub Jelinek +- don't build libcap.so.1 with ld -shared, but gcc -shared + +* Wed Jun 20 2001 Trond Eivind Glomsrød +- Rebuild - it was missing for alpha + +* Wed Jun 06 2001 Florian La Roche +- add s390/s390x support + +* Thu May 17 2001 Bernhard Rosenkraenzer 1.10-1 +- initial RPM +- fix build on ia64