packages/libcap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:f47a4126c7326f17f4c655af8f5a8389096cbd86
Branches Tags
packages:main
...
compare: packages:745b1b71730eb9cfb1d07e13c0148cc3df9eea59
Branches Tags
packages:main

10 Commits
f47a4126c7 ... 745b1b7173

Author SHA1 Message Date
openeuler-ci-bot
745b1b7173
!32 [sync] PR-31: 【openEuler-20.03-LTS-SP1】Backport upstream patch to fix syntax error 
From: @openeuler-sync-bot 
Reviewed-by: @HuaxinLuGitee 
Signed-off-by: @HuaxinLuGitee
 2024-06-04 03:47:50 +00:00
yixiangzhike
929a8478d6 Backport upstream patch to fix syntax error 
(cherry picked from commit e4f239dda2c82f3bc71877b1d547ca5068eeacb9)
 2024-06-04 11:32:53 +08:00
openeuler-ci-bot
015401cd24 !12 update version to 0.8.1 
From: @fly_fzc
Reviewed-by: @overweight
Signed-off-by: @overweight
 2021-09-26 01:22:43 +00:00
fuanan
6787fa3211 update version to 0.8.1 2021-09-24 12:38:24 +08:00
openeuler-ci-bot
cfd028d131 !4 升级到0.7.10版本 
Merge pull request !4 from 吃牛的蛙/update
 2020-05-12 11:57:54 +08:00
zcfsite
9139f5b440 update to 0.7.10 2020-05-12 10:36:58 +08:00
openeuler-ci-bot
1559db167c !2 libcap-ng: delete unused patch 
Merge pull request !2 from guoxiaoqi/next
 2020-01-11 17:41:15 +08:00
guoxiaoqi
58d47a679c delete unused pacth 2020-01-07 14:51:38 +08:00
openeuler-ci-bot
c170ad06c3 !1 delete unneeded patch 
Merge pull request !1 from openeuler-basic/next
 2019-12-31 17:05:49 +08:00
guoxiaoqi
73f475aeac delete unused pacth 2019-12-31 14:54:53 +08:00
6 changed files with 68 additions and 155 deletions
Show Stats Expand all files Collapse all files

35
backport-Fix-the-syntax-error-in-cap-ng-c-50.patch Normal file
View File

@ -0,0 +1,35 @@
From 10ef4b05da8a46117b7ba65e01bf5367cc73777c Mon Sep 17 00:00:00 2001
From: yixiangzhike <yixiangzhike007@163.com>
Date: Wed, 20 Mar 2024 20:47:59 +0800
Subject: [PATCH] Fix the syntax error in cap-ng.c (#50)
Signed-off-by: yixiangzhike <yixiangzhike007@163.com>
---
src/cap-ng.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/cap-ng.c b/src/cap-ng.c
index d178e35..ed7d718 100644
--- a/src/cap-ng.c
+++ b/src/cap-ng.c
@@ -354,7 +354,7 @@ static int get_bounding_set(void)
#ifdef HAVE_SYSCALL_H
(int)syscall(__NR_gettid));
#else
- (int)getpid();
+ (int)getpid());
#endif
f = fopen(buf, "re");
if (f) {
@@ -399,7 +399,7 @@ static int get_ambient_set(void)
#ifdef HAVE_SYSCALL_H
(int)syscall(__NR_gettid));
#else
- (int)getpid();
+ (int)getpid());
#endif
f = fopen(buf, "re");
if (f) {
--
2.33.0

BIN
libcap-ng-0.7.9.tar.gz
View File

Binary file not shown.

142
libcap-ng-0.8-permitted.patch
View File

@ -1,142 +0,0 @@
diff -urp libcap-ng-0.8.orig/docs/capng_have_capabilities.3 libcap-ng-0.8/docs/capng_have_capabilities.3
--- libcap-ng-0.8.orig/docs/capng_have_capabilities.3 2018-02-07 13:20:31.000000000 -0500
+++ libcap-ng-0.8/docs/capng_have_capabilities.3 2018-08-09 16:29:40.521624973 -0400
@@ -1,14 +1,20 @@
-.TH "CAPNG_HAVE_CAPABILITIES" "3" "June 2009" "Red Hat" "Libcap-ng API"
+.TH "CAPNG_HAVE_CAPABILITIES" "3" "Aug 2018" "Red Hat" "Libcap-ng API"
.SH NAME
-capng_have_capabilities \- general check for capabilities
+.nf
+capng_have_capabilities, capng_have_permitted_capabilities \- check for capabilities
.SH "SYNOPSIS"
.B #include <cap-ng.h>
.sp
capng_results_t capng_have_capabilities(capng_select_t set);
+capng_results_t capng_have_permitted_capabilities(void);
.SH "DESCRIPTION"
-capng_have_capabilities will check the selected internal capabilities sets to see what the status is. The capabilities sets must be previously setup with calls to capng_get_caps_process, capng_get_caps_fd, or in some other way setup. The options are CAPNG_SELECT_CAPS for the traditional capabilities, CAPNG_SELECT_BOUNDS for the bounding set, or CAPNG_SELECT_BOTH if clearing both is desired.
+capng_have_capabilities will check the selected internal capabilities sets to see what the status is. The capabilities sets must be previously setup with calls to capng_get_caps_process, capng_get_caps_fd, or in some other way setup. The options are CAPNG_SELECT_CAPS for the traditional capabilities, CAPNG_SELECT_BOUNDS for the bounding set, or CAPNG_SELECT_BOTH if clearing both is desired. When capabilities are checked, it will only look at the effective capabilities.
+
+If, however, the source of capabilities comes from a file, then you may need to additionally check the permitted capabilities. It's for this reason that
+.B capng_have_permitted_capabilities
+was created. It takes no arguments because it simply checks the permitted set.
.SH "RETURN VALUE"
diff -urp libcap-ng-0.8.orig/src/cap-ng.c libcap-ng-0.8/src/cap-ng.c
--- libcap-ng-0.8.orig/src/cap-ng.c 2018-07-02 14:42:53.993939477 -0400
+++ libcap-ng-0.8/src/cap-ng.c 2018-08-09 16:31:47.255611373 -0400
@@ -777,10 +776,10 @@ capng_results_t capng_have_capabilities(
full = 1;
else
return CAPNG_PARTIAL;
- if ((m.data.v3[1].effective & UPPER_MASK) == 0)
+ if ((m.data.v3[1].effective & UPPER_MASK) == 0 && !full)
empty = 1;
else if ((m.data.v3[1].effective & UPPER_MASK) ==
- UPPER_MASK)
+ UPPER_MASK && !empty)
full = 1;
else
return CAPNG_PARTIAL;
@@ -805,6 +804,40 @@ capng_results_t capng_have_capabilities(
if (empty == 1 && full == 0)
return CAPNG_NONE;
+ else if (empty == 0 && full == 1)
+ return CAPNG_FULL;
+
+ return CAPNG_PARTIAL;
+}
+
+// -1 - error, 0 - no caps, 1 partial caps, 2 full caps
+capng_results_t capng_have_permitted_capabilities(void)
+{
+ int empty = 0, full = 0;
+
+ // First, try to init with current set
+ if (m.state < CAPNG_INIT)
+ capng_get_caps_process();
+
+ // If we still don't have anything, error out
+ if (m.state < CAPNG_INIT)
+ return CAPNG_FAIL;
+
+ if (m.data.v3[0].permitted == 0)
+ empty = 1;
+ else if (m.data.v3[0].permitted == 0xFFFFFFFFU)
+ full = 1;
+ else
+ return CAPNG_PARTIAL;
+ if ((m.data.v3[1].permitted & UPPER_MASK) == 0 && !full)
+ empty = 1;
+ else if ((m.data.v3[1].permitted & UPPER_MASK) == UPPER_MASK && !empty)
+ full = 1;
+ else
+ return CAPNG_PARTIAL;
+
+ if (empty == 1 && full == 0)
+ return CAPNG_NONE;
else if (empty == 0 && full == 1)
return CAPNG_FULL;
diff -urp libcap-ng-0.8.orig/src/cap-ng.h libcap-ng-0.8/src/cap-ng.h
--- libcap-ng-0.8.orig/src/cap-ng.h 2018-02-07 13:20:31.000000000 -0500
+++ libcap-ng-0.8/src/cap-ng.h 2018-08-09 15:54:10.054853595 -0400
@@ -63,6 +63,7 @@ int capng_apply_caps_fd(int fd);
// These functions check capability bits
capng_results_t capng_have_capabilities(capng_select_t set);
+capng_results_t capng_have_permitted_capabilities(void);
int capng_have_capability(capng_type_t which, unsigned int capability);
// These functions printout capabilities
diff -urp libcap-ng-0.8.orig/utils/filecap.8 libcap-ng-0.8/utils/filecap.8
--- libcap-ng-0.8.orig/utils/filecap.8 2018-02-07 13:20:31.000000000 -0500
+++ libcap-ng-0.8/utils/filecap.8 2018-08-09 16:35:39.751586424 -0400
@@ -1,10 +1,10 @@
-.TH FILECAP: "8" "March 2009" "Red Hat" "System Administration Utilities"
+.TH FILECAP: "8" "Aug 2018" "Red Hat" "System Administration Utilities"
.SH NAME
filecap \- a program to see capabilities
.SH SYNOPSIS
.B filecap [ \-a | \-d | /dir | /dir/file [cap1 cap2 ...] ]
.SH DESCRIPTION
-\fBfilecap\fP is a program that prints out a report of programs with file based capabilities. If a file is not in the report or there is no report at all, no capabilities were found. For expedience, the default is to check only the directories in the PATH environmental variable. If the \-a command line option is given, then all directories will be checked. If a directory is passed, it will recursively check that directory. If a path to a file is given, it will only check that file. If the path to the file includes capabilities, then they are written to the file.
+\fBfilecap\fP is a program that prints out a report of programs with file based capabilities. If a file is not in the report or there is no report at all, no capabilities were found. For expedience, the default is to check only the directories in the PATH environmental variable. If the \-a command line option is given, then all directories will be checked. If a directory is passed, it will recursively check that directory. If a path to a file is given, it will only check that file. If a file is given followed by capabilities, then the capabilities are written to the file.
.SH OPTIONS
.TP
diff -urp libcap-ng-0.8.orig/utils/filecap.c libcap-ng-0.8/utils/filecap.c
--- libcap-ng-0.8.orig/utils/filecap.c 2018-02-07 13:20:31.000000000 -0500
+++ libcap-ng-0.8/utils/filecap.c 2018-08-09 16:03:18.989794688 -0400
@@ -59,6 +59,7 @@ static int check_file(const char *fpath,
int fd = open(fpath, O_RDONLY|O_CLOEXEC);
if (fd >= 0) {
capng_results_t rc;
+ int permitted = 0;
capng_clear(CAPNG_SELECT_BOTH);
if (capng_get_caps_fd(fd) < 0) {
@@ -68,12 +69,17 @@ static int check_file(const char *fpath,
ret = 1;
}
rc = capng_have_capabilities(CAPNG_SELECT_CAPS);
+ if (rc == CAPNG_NONE) {
+ permitted = 1;
+ rc = capng_have_permitted_capabilities();
+ }
if (rc > CAPNG_NONE) {
if (header == 0) {
header = 1;
- printf("%-20s capabilities\n", "file");
+ printf("%-9s %-20s capabilities\n", "set", "file");
}
- printf("%s ", fpath);
+ printf("%s %s ",
+ permitted ? "permitted" : "effective", fpath);
if (rc == CAPNG_FULL)
printf("full");
else

9
libcap-ng-0.8-python2.patch
View File

@ -1,9 +0,0 @@
diff -urp libcap-ng-0.8.orig/bindings/python/test/capng-test.py libcap-ng-0.8/bindings/python/test/capng-test.py
--- libcap-ng-0.8.orig/bindings/python/test/capng-test.py 2018-08-09 17:02:19.000000000 -0400
+++ libcap-ng-0.8/bindings/python/test/capng-test.py 2018-08-09 17:17:05.837319641 -0400
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/env python2
import os
import sys

BIN
libcap-ng-0.8.1.tar.gz Normal file
View File

Binary file not shown.

37
libcap-ng.spec
View File

@ -2,13 +2,14 @@
Summary: Libcap-ng is a library used for posix capabilities programming
Name: libcap-ng
Version: 0.7.9
Release: 5
Version: 0.8.1
Release: 2
License: LGPLv2+ and GPLv2+
URL: http://people.redhat.com/sgrubb/libcap-ng
Source0: http://people.redhat.com/sgrubb/libcap-ng/%{name}-%{version}.tar.gz
Patch1: libcap-ng-0.8-permitted.patch
Patch2: libcap-ng-0.8-python2.patch
Patch1: backport-Fix-the-syntax-error-in-cap-ng-c-50.patch
BuildRequires: gcc, kernel-headers >= 2.6.11, libattr-devel
Provides: %{name}-utils = %{version}-%{release}
Obsoletes: %{name}-utils < %{version}-%{release}
@ -88,11 +89,14 @@ make check
%license COPYING.LIB COPYING
%attr(0755,root,root) %{_bindir}/*
/%{_lib}/libcap-ng.so.*
/%{_lib}/libdrop_ambient.so.*
%files devel
%attr(0644,root,root) %{_includedir}/cap-ng.h
%{_libdir}/libcap-ng.so
%{_libdir}/libcap-ng.a
/%{_lib}/libdrop_ambient.so
/%{_lib}/libdrop_ambient.a
%attr(0644,root,root) %{_datadir}/aclocal/cap-ng.m4
%{_libdir}/pkgconfig/libcap-ng.pc
@ -106,8 +110,33 @@ make check
%files help
%attr(0644,root,root) %{_mandir}/man3/*
%attr(0644,root,root) %{_mandir}/man7/*
%attr(0644,root,root) %{_mandir}/man8/*
%changelog
* Thu May 30 2024 yixiangzhike <yixiangzhike007@163.com> - 0.8.1-2
- backport upstream patch to fix syntax error
* Fri Sep 24 2021 fuanan <fuanan3@huawei.com> - 0.8.1-1
- update version to 0.8.1
* Thu Apr 16 2020 zhangchenfeng<zhangchenfeng1@huawei.com> - 0.7.10-1
- Type:enhancement
- ID:NA
- SUG:NA
- DESC: upgrade version to 0.7.10
* Sat Mar 21 2020 liufeng<liufeng111@huawei.com> - 0.7.9-8
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:add patch
* Tue Jan 7 2020 openEuler Buildteam <buildteam@openeuler.org> - 0.7.9-7
- Delete unused patch
* Tue Dec 31 2019 openEuler Buildteam <buildteam@openeuler.org> - 0.7.9-6
- Delete unused patch
* Mon Sep 09 2019 openEuler Buildteam <buildteam@openeuler.org> - 0.7.9-5
- Package init