automatic version update by autodist [release 0.8.5-1mamba;Wed Apr 10 2024]

libcap-ng-0.8.1-apply-disable.patch

@@ -0,0 +1,26 @@
+diff -urp libcap-ng-0.8.2.orig/src/cap-ng.c libcap-ng-0.8.2/src/cap-ng.c
+--- libcap-ng-0.8.2.orig/src/cap-ng.c	2020-11-20 15:04:09.000000000 -0500
++++ libcap-ng-0.8.2/src/cap-ng.c	2020-11-20 16:04:55.425496426 -0500
+@@ -698,19 +698,19 @@ int capng_apply(capng_select_t set)
+ 				if (capng_have_capability(CAPNG_BOUNDING_SET,
+ 								 i) == 0) {
+ 				    if (prctl(PR_CAPBSET_DROP, i, 0, 0, 0) <0) {
+-					rc = -2;
++//					rc = -2;
+ 					goto try_caps;
+ 				    }
+ 				}
+ 			}
+ 			m.state = CAPNG_APPLIED;
+ 			if (get_bounding_set() < 0) {
+-				rc = -3;
++//				rc = -3;
+ 				goto try_caps;
+ 			}
+ 		} else {
+ 			memcpy(&m, &state, sizeof(m)); /* restore state */
+-			rc = -4;
++//			rc = -4;
+ 			goto try_caps;
+ 		}
+ #endif

libcap-ng-0.8.1-apply.patch

@@ -0,0 +1,105 @@
+diff -urp libcap-ng-0.8.2.orig/src/cap-ng.c libcap-ng-0.8.2/src/cap-ng.c
+--- libcap-ng-0.8.2.orig/src/cap-ng.c	2020-11-20 13:37:57.000000000 -0500
++++ libcap-ng-0.8.2/src/cap-ng.c	2020-11-20 13:57:54.934059250 -0500
+@@ -680,6 +680,8 @@ int capng_updatev(capng_act_t action, ca
+ 
+ int capng_apply(capng_select_t set)
+ {
++	int rc = 0;
++
+ 	// Before updating, we expect that the data is initialized to something
+ 	if (m.state < CAPNG_INIT)
+ 		return -1;
+@@ -695,52 +697,78 @@ int capng_apply(capng_select_t set)
+ 			for (i=0; i <= last_cap; i++) {
+ 				if (capng_have_capability(CAPNG_BOUNDING_SET,
+ 								 i) == 0) {
+-				    if (prctl(PR_CAPBSET_DROP, i, 0, 0, 0) <0)
+-					return -2;
++				    if (prctl(PR_CAPBSET_DROP, i, 0, 0, 0) <0) {
++					rc = -2;
++					goto try_caps;
++				    }
+ 				}
+ 			}
+ 			m.state = CAPNG_APPLIED;
+-			if (get_bounding_set() < 0)
+-				return -3;
++			if (get_bounding_set() < 0) {
++				rc = -3;
++				goto try_caps;
++			}
+ 		} else {
+ 			memcpy(&m, &state, sizeof(m)); /* restore state */
+-			return -4;
++			rc = -4;
++			goto try_caps;
+ 		}
+ #endif
+ 	}
++
++	// Try caps is here so that if someone had SELECT_BOTH and we blew up
++	// doing the bounding set, we at least try to set any capabilities
++	// before returning in case the caller also doesn't bother checking
++	// the return code.
++try_caps:
+ 	if (set & CAPNG_SELECT_CAPS) {
+ 		if (capset((cap_user_header_t)&m.hdr,
+ 				(cap_user_data_t)&m.data) == 0)
+ 			m.state = CAPNG_APPLIED;
+ 		else
+-			return -5;
++			rc = -5;
+ 	}
+-	// Put ambient last so that inheritable and permitted are set
++
++	// Most programs do not and should not mess with ambient capabilities.
++	// Instead of returning here if rc is set, we'll let it try to
++	// do something with ambient capabilities in hopes that it's lowering
++	// capabilities. Again, this is for people that don't check their
++	// return codes.
++	//
++	// Do ambient last so that inheritable and permitted are set by the
++	// time we get here.
+ 	if (set & CAPNG_SELECT_AMBIENT) {
+ #ifdef PR_CAP_AMBIENT
+ 		if (capng_have_capabilities(CAPNG_SELECT_AMBIENT) ==
+ 								CAPNG_NONE) {
+ 			if (prctl(PR_CAP_AMBIENT,
+-				   PR_CAP_AMBIENT_CLEAR_ALL, 0, 0, 0) < 0)
+-				return -6;
++				   PR_CAP_AMBIENT_CLEAR_ALL, 0, 0, 0) < 0) {
++				rc = -6;
++				goto out;
++			}
+ 		} else {
+ 			unsigned int i;
+ 
+ 			// Clear them all
+ 			if (prctl(PR_CAP_AMBIENT,
+-				   PR_CAP_AMBIENT_CLEAR_ALL, 0, 0, 0) < 0)
+-				return -7;
++				   PR_CAP_AMBIENT_CLEAR_ALL, 0, 0, 0) < 0) {
++				rc = -7;
++				goto out;
++			}
+ 			for (i=0; i <= last_cap; i++) {
+ 				if (capng_have_capability(CAPNG_AMBIENT, i))
+ 					if (prctl(PR_CAP_AMBIENT,
+-					    PR_CAP_AMBIENT_RAISE, i, 0, 0) < 0)
+-						return -8;
++					    PR_CAP_AMBIENT_RAISE, i, 0, 0) < 0){
++						rc = -8;
++						goto out;
++					}
+ 			}
+ 		}
+ 		m.state = CAPNG_APPLIED;
+ #endif
+ 	}
+-	return 0;
++out:
++	return rc;
+ }
+ 
+ #ifdef VFS_CAP_U32

libcap-ng.spec

@@ -1,23 +1,24 @@
 Name:          libcap-ng
-Version:       0.8
+Version:       0.8.5
 Release:       1mamba
 Summary:       An alternate posix capabilities library
 Group:         System/Libraries
 Vendor:        openmamba
 Distribution:  openmamba
 Packager:      Silvan Calarco <silvan.calarco@mambasoft.it>
-URL:           http://people.redhat.com/sgrubb/libcap-ng/
+URL:           https://people.redhat.com/sgrubb/libcap-ng/
 Source:        http://people.redhat.com/sgrubb/libcap-ng/libcap-ng-%{version}.tar.gz
+Patch0:        libcap-ng-0.6.3-euid.patch
+Patch1:        libcap-ng-0.6.3-setpcap.patch
+Patch2:        libcap-ng-0.8.1-apply.patch
+Patch3:        libcap-ng-0.8.1-apply-disable.patch
 License:       GPL
 ## AUTOBUILDREQ-BEGIN
 BuildRequires: glibc-devel
-BuildRequires: libpython-devel
+BuildRequires: libpython311-devel
 ## AUTOBUILDREQ-END
 BuildRequires: libattr-devel
 BuildRequires: swig
-Patch0:        libcap-ng-0.6.3-euid.patch
-Patch1:        libcap-ng-0.6.3-setpcap.patch
-BuildRoot:     %{_tmppath}/%{name}-%{version}-root
 
 %description
 The libcap-ng library should make programming with posix capabilities easier.
@@ -34,28 +35,20 @@ The library has some utilities to help you analyse a system for apps that may ha
 
 This package contains libraries and header files need for development.
 
-%package -n python-libcap-ng
-Group:         Development/Libraries
-Summary:       Python bindings for libcap-ng library
-Requires:      %{name} = %{?epoch:%epoch:}%{version}-%{release}
-
-%description -n python-libcap-ng
-The libcap-ng library should make programming with posix capabilities easier.
-The library has some utilities to help you analyse a system for apps that may have too much privileges.
-
-This package contains the bindings so that libcap-ng and can be used by python applications.
-
-%package -n python-libcap-ng-py36
+%package -n python-libcap-ng-py3
 Group:         Development/Libraries
 Summary:       Python 3 bindings for libcap-ng library
 Requires:      %{name} = %{?epoch:%epoch:}%{version}-%{release}
-Provides:      python3-libgap-ng
-Obsoletes:     python3-libgap-ng
+Provides:      python3-libcap-ng
+Obsoletes:     python3-libcap-ng < 0.8.3
+Provides:      python-libcap-ng-py36
+Obsoletes:     python-libcap-ng-py36 < 0.8.3
+Provides:      python-libcap-ng
+Obsoletes:     python-libcap-ng < 0.8.4
 
-%description -n python-libcap-ng-py36
+%description -n python-libcap-ng-py3
 The libcap-ng library should make programming with posix capabilities easier.
 The library has some utilities to help you analyse a system for apps that may have too much privileges.
-
 This package contains the bindings so that libcap-ng and can be used by python applications.
 
 %package utils
@@ -65,23 +58,24 @@ Summary:       Utilities for analysing and setting file capabilities
 %description utils
 The libcap-ng library should make programming with posix capabilities easier.
 The library has some utilities to help you analyse a system for apps that may have too much privileges.
-
 This package contains applications to analyse the posix capabilities of all the program running on a system.
 It also lets you set the file system based capabilities.
 
+%debug_package
+
 %prep
 %setup -q
-#%patch0 -p1
-#%patch1 -p1
+# These 2 patches can be disabled when https://github.com/stevegrubb/libcap-ng/issues/21 is resolved
+#%patch2 -p1
+%patch 3 -p1
 
 %build
 %configure \
    --disable-static \
-   PYTHON3=%{__python36} \
-   PYTHON3_INCLUDES=%{python36_inc} \
-   PYTHON3_CFLAGS=`pkg-config python-3.6 --cflags` \
-   PYTHON3_LIBS=`pkg-config python-3.6 --libs`
-
+   PYTHON3=%{__python3} \
+   PYTHON3_INCLUDES=%{python3_inc} \
+   PYTHON3_CFLAGS=`pkg-config python-3 --cflags` \
+   PYTHON3_LIBS=`pkg-config python-3 --libs`
 
 %make
 
@@ -103,30 +97,25 @@ It also lets you set the file system based capabilities.
 %files
 %defattr(-,root,root)
 %{_libdir}/libcap-ng.so.*
+%{_libdir}/libdrop_ambient.so.*
 %doc AUTHORS COPYING.LIB
 
 %files devel
 %defattr(-,root,root)
 %{_datadir}/aclocal/cap-ng.m4
 %{_includedir}/cap-ng.h
-%{_libdir}/libcap-ng.la
 %{_libdir}/libcap-ng.so
+%{_libdir}/libdrop_ambient.so
 %{_libdir}/pkgconfig/libcap-ng.pc
 %attr(644,root,root) %{_mandir}/man3/capng_*.3*
-%doc ChangeLog README
+%{_mandir}/man7/libdrop_ambient.7*
+%doc ChangeLog README.md
 
-%files -n python-libcap-ng
+%files -n python-libcap-ng-py3
 %defattr(-,root,root)
-%{python_sitearch}/_capng.la
-%{python_sitearch}/_capng.so
-%{python_sitearch}/capng.py*
-
-%files -n python-libcap-ng-py36
-%defattr(-,root,root)
-%{python36_sitearch}/_capng.la
-%{python36_sitearch}/_capng.so
-%{python36_sitearch}/capng.py
-%{python36_sitearch}/__pycache__/capng.cpython-*.pyc
+%{python3_sitearch}/_capng.so
+%{python3_sitearch}/capng.py
+%{python3_sitearch}/__pycache__/capng.cpython-*.pyc
 
 %files utils
 %defattr(-,root,root)
@@ -138,6 +127,24 @@ It also lets you set the file system based capabilities.
 %doc COPYING
 
 %changelog
+* Wed Apr 10 2024 Automatic Build System <autodist@openmamba.org> 0.8.5-1mamba
+- automatic version update by autodist
+
+* Wed Dec 27 2023 Automatic Build System <autodist@mambasoft.it> 0.8.4-1mamba
+- automatic version update by autodist
+
+* Sat Apr 02 2022 Automatic Build System <autodist@mambasoft.it> 0.8.3-1mamba
+- automatic version update by autodist
+
+* Fri Dec 18 2020 Automatic Build System <autodist@mambasoft.it> 0.8.2-1mamba
+- automatic version update by autodist
+
+* Mon Nov 30 2020 Silvan Calarco <silvan.calarco@mambasoft.it> 0.8.1-2mamba
+- add patches to fix issue with cifs-utils and gnome keyring (see https://github.com/stevegrubb/libcap-ng/issues/21)
+
+* Sat Nov 28 2020 Silvan Calarco <silvan.calarco@mambasoft.it> 0.8.1-1mamba
+- update to 0.8.1
+
 * Fri Oct 16 2020 Automatic Build System <autodist@mambasoft.it> 0.8-1mamba
 - automatic version update by autodist