diff --git a/libcap-ng-0.8-permitted.patch b/libcap-ng-0.8-permitted.patch deleted file mode 100644 index cc48b8651a09a4173d7ebd41f23eb08e721ad38c..0000000000000000000000000000000000000000 --- a/libcap-ng-0.8-permitted.patch +++ /dev/null @@ -1,142 +0,0 @@ -diff -urp libcap-ng-0.8.orig/docs/capng_have_capabilities.3 libcap-ng-0.8/docs/capng_have_capabilities.3 ---- libcap-ng-0.8.orig/docs/capng_have_capabilities.3 2018-02-07 13:20:31.000000000 -0500 -+++ libcap-ng-0.8/docs/capng_have_capabilities.3 2018-08-09 16:29:40.521624973 -0400 -@@ -1,14 +1,20 @@ --.TH "CAPNG_HAVE_CAPABILITIES" "3" "June 2009" "Red Hat" "Libcap-ng API" -+.TH "CAPNG_HAVE_CAPABILITIES" "3" "Aug 2018" "Red Hat" "Libcap-ng API" - .SH NAME --capng_have_capabilities \- general check for capabilities -+.nf -+capng_have_capabilities, capng_have_permitted_capabilities \- check for capabilities - .SH "SYNOPSIS" - .B #include - .sp - capng_results_t capng_have_capabilities(capng_select_t set); -+capng_results_t capng_have_permitted_capabilities(void); - - .SH "DESCRIPTION" - --capng_have_capabilities will check the selected internal capabilities sets to see what the status is. The capabilities sets must be previously setup with calls to capng_get_caps_process, capng_get_caps_fd, or in some other way setup. The options are CAPNG_SELECT_CAPS for the traditional capabilities, CAPNG_SELECT_BOUNDS for the bounding set, or CAPNG_SELECT_BOTH if clearing both is desired. -+capng_have_capabilities will check the selected internal capabilities sets to see what the status is. The capabilities sets must be previously setup with calls to capng_get_caps_process, capng_get_caps_fd, or in some other way setup. The options are CAPNG_SELECT_CAPS for the traditional capabilities, CAPNG_SELECT_BOUNDS for the bounding set, or CAPNG_SELECT_BOTH if clearing both is desired. When capabilities are checked, it will only look at the effective capabilities. -+ -+If, however, the source of capabilities comes from a file, then you may need to additionally check the permitted capabilities. It's for this reason that -+.B capng_have_permitted_capabilities -+was created. It takes no arguments because it simply checks the permitted set. - - .SH "RETURN VALUE" - -diff -urp libcap-ng-0.8.orig/src/cap-ng.c libcap-ng-0.8/src/cap-ng.c ---- libcap-ng-0.8.orig/src/cap-ng.c 2018-07-02 14:42:53.993939477 -0400 -+++ libcap-ng-0.8/src/cap-ng.c 2018-08-09 16:31:47.255611373 -0400 -@@ -777,10 +776,10 @@ capng_results_t capng_have_capabilities( - full = 1; - else - return CAPNG_PARTIAL; -- if ((m.data.v3[1].effective & UPPER_MASK) == 0) -+ if ((m.data.v3[1].effective & UPPER_MASK) == 0 && !full) - empty = 1; - else if ((m.data.v3[1].effective & UPPER_MASK) == -- UPPER_MASK) -+ UPPER_MASK && !empty) - full = 1; - else - return CAPNG_PARTIAL; -@@ -805,6 +804,40 @@ capng_results_t capng_have_capabilities( - - if (empty == 1 && full == 0) - return CAPNG_NONE; -+ else if (empty == 0 && full == 1) -+ return CAPNG_FULL; -+ -+ return CAPNG_PARTIAL; -+} -+ -+// -1 - error, 0 - no caps, 1 partial caps, 2 full caps -+capng_results_t capng_have_permitted_capabilities(void) -+{ -+ int empty = 0, full = 0; -+ -+ // First, try to init with current set -+ if (m.state < CAPNG_INIT) -+ capng_get_caps_process(); -+ -+ // If we still don't have anything, error out -+ if (m.state < CAPNG_INIT) -+ return CAPNG_FAIL; -+ -+ if (m.data.v3[0].permitted == 0) -+ empty = 1; -+ else if (m.data.v3[0].permitted == 0xFFFFFFFFU) -+ full = 1; -+ else -+ return CAPNG_PARTIAL; -+ if ((m.data.v3[1].permitted & UPPER_MASK) == 0 && !full) -+ empty = 1; -+ else if ((m.data.v3[1].permitted & UPPER_MASK) == UPPER_MASK && !empty) -+ full = 1; -+ else -+ return CAPNG_PARTIAL; -+ -+ if (empty == 1 && full == 0) -+ return CAPNG_NONE; - else if (empty == 0 && full == 1) - return CAPNG_FULL; - -diff -urp libcap-ng-0.8.orig/src/cap-ng.h libcap-ng-0.8/src/cap-ng.h ---- libcap-ng-0.8.orig/src/cap-ng.h 2018-02-07 13:20:31.000000000 -0500 -+++ libcap-ng-0.8/src/cap-ng.h 2018-08-09 15:54:10.054853595 -0400 -@@ -63,6 +63,7 @@ int capng_apply_caps_fd(int fd); - - // These functions check capability bits - capng_results_t capng_have_capabilities(capng_select_t set); -+capng_results_t capng_have_permitted_capabilities(void); - int capng_have_capability(capng_type_t which, unsigned int capability); - - // These functions printout capabilities -diff -urp libcap-ng-0.8.orig/utils/filecap.8 libcap-ng-0.8/utils/filecap.8 ---- libcap-ng-0.8.orig/utils/filecap.8 2018-02-07 13:20:31.000000000 -0500 -+++ libcap-ng-0.8/utils/filecap.8 2018-08-09 16:35:39.751586424 -0400 -@@ -1,10 +1,10 @@ --.TH FILECAP: "8" "March 2009" "Red Hat" "System Administration Utilities" -+.TH FILECAP: "8" "Aug 2018" "Red Hat" "System Administration Utilities" - .SH NAME - filecap \- a program to see capabilities - .SH SYNOPSIS - .B filecap [ \-a | \-d | /dir | /dir/file [cap1 cap2 ...] ] - .SH DESCRIPTION --\fBfilecap\fP is a program that prints out a report of programs with file based capabilities. If a file is not in the report or there is no report at all, no capabilities were found. For expedience, the default is to check only the directories in the PATH environmental variable. If the \-a command line option is given, then all directories will be checked. If a directory is passed, it will recursively check that directory. If a path to a file is given, it will only check that file. If the path to the file includes capabilities, then they are written to the file. -+\fBfilecap\fP is a program that prints out a report of programs with file based capabilities. If a file is not in the report or there is no report at all, no capabilities were found. For expedience, the default is to check only the directories in the PATH environmental variable. If the \-a command line option is given, then all directories will be checked. If a directory is passed, it will recursively check that directory. If a path to a file is given, it will only check that file. If a file is given followed by capabilities, then the capabilities are written to the file. - - .SH OPTIONS - .TP -diff -urp libcap-ng-0.8.orig/utils/filecap.c libcap-ng-0.8/utils/filecap.c ---- libcap-ng-0.8.orig/utils/filecap.c 2018-02-07 13:20:31.000000000 -0500 -+++ libcap-ng-0.8/utils/filecap.c 2018-08-09 16:03:18.989794688 -0400 -@@ -59,6 +59,7 @@ static int check_file(const char *fpath, - int fd = open(fpath, O_RDONLY|O_CLOEXEC); - if (fd >= 0) { - capng_results_t rc; -+ int permitted = 0; - - capng_clear(CAPNG_SELECT_BOTH); - if (capng_get_caps_fd(fd) < 0) { -@@ -68,12 +69,17 @@ static int check_file(const char *fpath, - ret = 1; - } - rc = capng_have_capabilities(CAPNG_SELECT_CAPS); -+ if (rc == CAPNG_NONE) { -+ permitted = 1; -+ rc = capng_have_permitted_capabilities(); -+ } - if (rc > CAPNG_NONE) { - if (header == 0) { - header = 1; -- printf("%-20s capabilities\n", "file"); -+ printf("%-9s %-20s capabilities\n", "set", "file"); - } -- printf("%s ", fpath); -+ printf("%s %s ", -+ permitted ? "permitted" : "effective", fpath); - if (rc == CAPNG_FULL) - printf("full"); - else diff --git a/libcap-ng.spec b/libcap-ng.spec index d4f5e5fa962f4c7628af5d1bb4d696d42ea5390f..e1271181f4ec2b0fccdeadcc1d91cead2dafb63c 100644 --- a/libcap-ng.spec +++ b/libcap-ng.spec @@ -3,12 +3,11 @@ Summary: Libcap-ng is a library used for posix capabilities programming Name: libcap-ng Version: 0.7.9 -Release: 5 +Release: 6 License: LGPLv2+ and GPLv2+ URL: http://people.redhat.com/sgrubb/libcap-ng Source0: http://people.redhat.com/sgrubb/libcap-ng/%{name}-%{version}.tar.gz -Patch1: libcap-ng-0.8-permitted.patch -Patch2: libcap-ng-0.8-python2.patch +Patch1: libcap-ng-0.8-python2.patch BuildRequires: gcc, kernel-headers >= 2.6.11, libattr-devel Provides: %{name}-utils = %{version}-%{release} Obsoletes: %{name}-utils < %{version}-%{release} @@ -109,5 +108,8 @@ make check %attr(0644,root,root) %{_mandir}/man8/* %changelog +* Tue Dec 31 2019 openEuler Buildteam - 0.7.9-6 +- Delete unused patch + * Mon Sep 09 2019 openEuler Buildteam - 0.7.9-5 - Package init