From 49f9043e71d16c77ed0fcf561ab69d83950e97d5 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Nov 19 2015 15:38:56 +0000 Subject: import libcap-ng-0.7.5-4.el7 --- diff --git a/.gitignore b/.gitignore index e5f87db..3113c18 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/libcap-ng-0.7.3.tar.gz +SOURCES/libcap-ng-0.7.5.tar.gz diff --git a/.libcap-ng.metadata b/.libcap-ng.metadata index 589ebb2..78895c9 100644 --- a/.libcap-ng.metadata +++ b/.libcap-ng.metadata @@ -1 +1 @@ -b4c61c664d9b90810f2e947c46a41ed8abb9e292 SOURCES/libcap-ng-0.7.3.tar.gz +b0213c0a7e51b7af045b11f4093061b8ae6553c9 SOURCES/libcap-ng-0.7.5.tar.gz diff --git a/SOURCES/libcap-ng-0.7.4-badfd.patch b/SOURCES/libcap-ng-0.7.4-badfd.patch deleted file mode 100644 index 7161ba5..0000000 --- a/SOURCES/libcap-ng-0.7.4-badfd.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -urp libcap-ng-0.7.3/utils/pscap.c libcap-ng-0.7.4/utils/pscap.c ---- libcap-ng-0.7.3/utils/pscap.c 2012-11-09 14:45:43.000000000 -0500 -+++ libcap-ng-0.7.4/utils/pscap.c 2012-11-30 10:06:42.000000000 -0500 -@@ -142,8 +142,6 @@ int main(int argc, char *argv[]) - fclose(f); - } - -- len = read(fd, buf, sizeof buf - 1); -- close(fd); - if (header == 0) { - printf("%-5s %-5s %-10s %-16s %s\n", - "ppid", "pid", "name", "command", diff --git a/SOURCES/libcap-ng-leak.patch b/SOURCES/libcap-ng-leak.patch new file mode 100644 index 0000000..bd6f9ad --- /dev/null +++ b/SOURCES/libcap-ng-leak.patch @@ -0,0 +1,12 @@ +Index: src/cap-ng.c +=================================================================== +--- src/cap-ng.c (revision 56) ++++ src/cap-ng.c (working copy) +@@ -197,6 +197,7 @@ + if (errno == 0) + last_cap = val; + } ++ close(fd); + } + if (last_cap == -1) + last_cap = CAP_LAST_CAP; diff --git a/SOURCES/libcap-ng-pacct-typo.patch b/SOURCES/libcap-ng-pacct-typo.patch new file mode 100644 index 0000000..5028ab6 --- /dev/null +++ b/SOURCES/libcap-ng-pacct-typo.patch @@ -0,0 +1,11 @@ +Index: /trunk/src/captab.h +=================================================================== +--- /trunk/src/captab.h (revision 81) ++++ /trunk/src/captab.h (revision 82) +@@ -41,5 +41,5 @@ + _S(CAP_SYS_CHROOT, "sys_chroot" ) + _S(CAP_SYS_PTRACE, "sys_ptrace" ) +-_S(CAP_SYS_PACCT, "sys_psacct" ) ++_S(CAP_SYS_PACCT, "sys_pacct" ) + _S(CAP_SYS_ADMIN, "sys_admin" ) + _S(CAP_SYS_BOOT, "sys_boot" ) diff --git a/SOURCES/libcap-ng-test-fixup.patch b/SOURCES/libcap-ng-test-fixup.patch new file mode 100644 index 0000000..c04df6d --- /dev/null +++ b/SOURCES/libcap-ng-test-fixup.patch @@ -0,0 +1,18 @@ +Index: bindings/python/test/capng-test.py +=================================================================== +--- bindings/python/test/capng-test.py (revision 61) ++++ bindings/python/test/capng-test.py (working copy) +@@ -10,8 +10,11 @@ + import capng + + last = capng.CAP_LAST_CAP +-with open('/proc/sys/kernel/cap_last_cap', 'r') as f: +- last = int(f.readline()) ++try: ++ with open('/proc/sys/kernel/cap_last_cap', 'r') as f: ++ last = int(f.readline()) ++except IOError as e: ++ print "Error opening /proc/sys/kernel/cap_last_cap: {0}".format(e.strerror) + + print("Doing basic bit tests...") + capng.capng_clear(capng.CAPNG_SELECT_BOTH) diff --git a/SOURCES/libcap-ng-thread-test.patch b/SOURCES/libcap-ng-thread-test.patch new file mode 100644 index 0000000..e9360b5 --- /dev/null +++ b/SOURCES/libcap-ng-thread-test.patch @@ -0,0 +1,15 @@ +Index: /trunk/src/test/thread_test.c +=================================================================== +--- /trunk/src/test/thread_test.c (revision 80) ++++ /trunk/src/test/thread_test.c (revision 81) +@@ -46,4 +46,10 @@ + int main(void) + { ++ // This test must be run as root which naturally has all capabilities ++ // set. So, we need to clear the capabilities so that we can see if ++ // the test works. ++ capng_clear(CAPNG_SELECT_CAPS); ++ capng_apply(CAPNG_SELECT_CAPS); ++ + printf("Testing thread separation of capabilities\n"); + pthread_create(&thread1, NULL, thread1_main, NULL); diff --git a/SPECS/libcap-ng.spec b/SPECS/libcap-ng.spec index c2071ba..b485a67 100644 --- a/SPECS/libcap-ng.spec +++ b/SPECS/libcap-ng.spec @@ -2,13 +2,16 @@ Summary: An alternate posix capabilities library Name: libcap-ng -Version: 0.7.3 -Release: 5%{?dist} +Version: 0.7.5 +Release: 4%{?dist} License: LGPLv2+ Group: System Environment/Libraries URL: http://people.redhat.com/sgrubb/libcap-ng Source0: http://people.redhat.com/sgrubb/libcap-ng/%{name}-%{version}.tar.gz -Patch1: libcap-ng-0.7.4-badfd.patch +Patch1: libcap-ng-test-fixup.patch +Patch2: libcap-ng-leak.patch +Patch3: libcap-ng-thread-test.patch +Patch4: libcap-ng-pacct-typo.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: kernel-headers >= 2.6.11 @@ -51,7 +54,10 @@ lets you set the file system based capabilities. %prep %setup -q -%patch1 -p1 +%patch1 -p0 +%patch2 -p0 +%patch3 -p2 +%patch4 -p2 %build %configure --libdir=/%{_lib} @@ -113,6 +119,17 @@ rm -rf $RPM_BUILD_ROOT %attr(0644,root,root) %{_mandir}/man8/* %changelog +* Fri Aug 14 2015 Steve Grubb 0.7.5-4 +- resolves: #1253220 - captest list sys_psacct instead of sys_pacct + +* Tue Aug 11 2015 Steve Grubb 0.7.5-3 +- resolves: #1185610 - libcap-ng: update caps table for newer kernels +- Fix thread test + +* Wed May 13 2015 Steve Grubb 0.7.5-2 +- resolves: #1185610 - libcap-ng: update caps table for newer kernels +- Fix a leaked FD in upstream code + * Fri Jan 24 2014 Daniel Mach - 0.7.3-5 - Mass rebuild 2014-01-24