[arch-commits] Commit in libcap/trunk (5 files)
David Runge
dvzrv at gemini.archlinux.org
Thu Aug 19 19:13:54 UTC 2021
Date: Thursday, August 19, 2021 @ 19:13:54
Author: dvzrv
Revision: 422373
upgpkg: libcap 2.53-1: Upgrade to 2.53.
As the fix for the executable pam module broke the use of LDFLAGS, add those
back.
Rework the use of CPPFLAGS and circumvention of hardcoding sbin, as those have
also been broken by the recent release.
Added:
libcap/trunk/libcap-2.53-makefile.patch
libcap/trunk/libcap-2.53-progs_ldflags.patch
Modified:
libcap/trunk/PKGBUILD
Deleted:
libcap/trunk/libcap-2.45-makefile.patch
libcap/trunk/libcap-2.52-link_pam_cap.patch
---------------------------------+
PKGBUILD | 29 +++++-----
libcap-2.45-makefile.patch | 21 -------
libcap-2.52-link_pam_cap.patch | 33 ------------
libcap-2.53-makefile.patch | 36 +++++++++++++
libcap-2.53-progs_ldflags.patch | 101 ++++++++++++++++++++++++++++++++++++++
5 files changed, 151 insertions(+), 69 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2021-08-19 18:28:15 UTC (rev 422372)
+++ PKGBUILD 2021-08-19 19:13:54 UTC (rev 422373)
@@ -4,7 +4,7 @@
# Contributor: Hugo Doria <hugo at archlinux.org>
pkgname=libcap
-pkgver=2.52
+pkgver=2.53
pkgrel=1
pkgdesc='POSIX 1003.1e capabilities'
arch=('x86_64')
@@ -14,17 +14,17 @@
makedepends=('linux-api-headers')
provides=('libcap.so' 'libpsx.so')
source=("https://kernel.org/pub/linux/libs/security/linux-privs/${pkgname}2/${pkgname}-$pkgver.tar."{xz,sign}
- "${pkgname}-2.45-makefile.patch"
- "${pkgname}-2.52-link_pam_cap.patch"
+ "${pkgname}-2.53-makefile.patch"
+ "${pkgname}-2.53-progs_ldflags.patch"
)
-sha512sums=('95d9e0f81fd955c42a0f299163a4402f00e9e7a2b392dfbabe613abea4babba2730576e76c9b612665a0bb8bd88aa98bf28ea3eb5582b5c06cd1137594a59893'
+sha512sums=('d83ed9460658fa75a5c118d831534388ba92ddad59944088b0d81a64c86b67ed562c7be4c5a499065ec26b1baab34298da80c8d034b61759c7dd295c2455417c'
'SKIP'
- '4f613f83198dfccb8b79e1b2c8764657a85300cb166d633d86b87f46567d51fa9395387caf33e82a8718f19e9a1fc65c11e7b6f63c3c4cde1b2a27f70671ec07'
- '52256a9d79a7beb8f82312e94032426201b45e105dc04274f4589c39003546e0b41c2d8b0a7c1a9a44a7560e25e1f1455ad0a89527fca172f97478935afeb1f3')
-b2sums=('0696ae00a485df019f5441efe1d71676ddf294f1116e7fc3f352ad0595f9d4830f2e4fac1f98353016de36a4866f9d018f53419970ccd114c6df0faa556bcea3'
+ '0df64fd6dcd50fbbb13fea962b169e7946079e58a8f5adf61cf664b08d29832a2d0b39f50441e4cf4adbb5f4f2925df7364eefff16dcb35b71726fb8324413e7'
+ 'eee1fa58b85f1a33b85dfcd6d6d3c56b5a1978d10d0af665a34163bfdefc448857d7eeaf41b06aa36d3dc9d1ef124edc653c0a55b477a820c274b96a890a19d2')
+b2sums=('10ebecc930d8491c65c7fcaa3f9ee6a45b6722d1d5be327a891e8bf4532ee8aa0ae664672c15e88bf0f328b4cd8f2e7ea685da44e903781ca7048dbe88c388c6'
'SKIP'
- '6f50d5a03c3532e6e50506cd878b1c9ca5cee5f1758f9318d4cb5d1e319cbe5f31210ba46a81b1af30730e2329aed7921c11f1a468a596a3f210972ca0da9d64'
- 'b734ffa08cc91b69d3af7700b094c8803db65d6d72d9d0ff6e736e9b8cea8f65f63d452ddf4500e7d538b72bafee16d9f43b6231d316f914af724fdbb987a081')
+ '3105cd035b6b76727e6a634515b8cfa12051f9a78c9d9eba57203928cd52bafd29fd86f7a2234b686c21967952357ba54699e868fb8c1ad8dd4c489b914359d8'
+ '6383899d6fac08e00ce6a4234e3a35eb4adc3c64b64070785397c228c01201eec10dd5ad96d8c12e5a5ceeadab9e65ae516d60f9652a10894894848a5e70b7d7')
validpgpkeys=(38A644698C69787344E954CE29EE848AE2CCF3F4) # Andrew G. Morgan <morgan at kernel.org>
prepare() {
@@ -31,15 +31,14 @@
cd "$pkgname-$pkgver"
# SBINDIR is hardcoded to sbin. set to bin
# add CPPFLAGS
- patch -Np1 -i ../"${pkgname}-2.45-makefile.patch"
- # fix issue with pam_cap.so not linking against libpam.so:
- # https://bugzilla.kernel.org/show_bug.cgi?id=214023
- patch -Np1 -i ../"${pkgname}-2.52-link_pam_cap.patch"
+ patch -Np1 -i ../"${pkgname}-2.53-makefile.patch"
+ # add back LDFLAGS, so that executables are built with them
+ patch -Np1 -i ../"${pkgname}-2.53-progs_ldflags.patch"
}
build() {
cd "$pkgname-$pkgver"
- make KERNEL_HEADERS='/usr/include' lib='lib' prefix='/usr'
+ make KERNEL_HEADERS='/usr/include' lib='lib' prefix='/usr' sbindir='bin'
}
check() {
@@ -49,7 +48,7 @@
package() {
cd "$pkgname-$pkgver"
- make DESTDIR="$pkgdir" RAISE_SETFCAP='no' lib='lib' prefix='/usr' install
+ make DESTDIR="$pkgdir" RAISE_SETFCAP='no' lib='lib' prefix='/usr' sbindir='bin' install
# docs
install -vDm 644 {CHANGELOG,README} -t "${pkgdir}/usr/share/doc/${pkgname}/"
install -vDm 644 pam_cap/capability.conf \
Deleted: libcap-2.45-makefile.patch
===================================================================
--- libcap-2.45-makefile.patch 2021-08-19 18:28:15 UTC (rev 422372)
+++ libcap-2.45-makefile.patch 2021-08-19 19:13:54 UTC (rev 422373)
@@ -1,21 +0,0 @@
-diff -ruN a/Make.Rules b/Make.Rules
---- a/Make.Rules 2020-11-03 02:38:59.000000000 +0100
-+++ b/Make.Rules 2020-11-06 16:55:10.149893784 +0100
-@@ -37,7 +37,7 @@
- # Target directories
-
- MANDIR=$(man_prefix)/man
--SBINDIR=$(exec_prefix)/sbin
-+SBINDIR=$(exec_prefix)/bin
- INCDIR=$(inc_prefix)/include
- LIBDIR=$(lib_prefix)/$(lib)
- PKGCONFIGDIR=$(LIBDIR)/pkgconfig
-@@ -79,7 +79,7 @@
- SYSTEM_HEADERS = /usr/include
- INCS=$(topdir)/libcap/include/sys/capability.h
- LDFLAGS += -L$(topdir)/libcap
--CFLAGS += -Dlinux $(WARNINGS) $(DEBUG)
-+CFLAGS += $(CPPFLAGS) -Dlinux $(WARNINGS) $(DEBUG)
- INDENT := $(shell if [ -n "$$(which indent 2>/dev/null)" ]; then echo "| indent -kr" ; fi)
-
- # SHARED tracks whether or not the SHARED libraries (libcap.so,
Deleted: libcap-2.52-link_pam_cap.patch
===================================================================
--- libcap-2.52-link_pam_cap.patch 2021-08-19 18:28:15 UTC (rev 422372)
+++ libcap-2.52-link_pam_cap.patch 2021-08-19 19:13:54 UTC (rev 422373)
@@ -1,33 +0,0 @@
-From f5a6d2badc35c2db8f16adba3dd2e3907a7185d4 Mon Sep 17 00:00:00 2001
-From: David Runge <dave at sleepmap.de>
-Date: Wed, 11 Aug 2021 19:18:08 +0200
-Subject: [PATCH] Fix pam_cap tests with pam 1.5.1
-
-pam_cap/Makefile:
-When running tests against pam_cap they fail due to a missing link
-against libpam.so, as discussed in
-https://bugzilla.kernel.org/show_bug.cgi?id=214023.
-This patch adds `-lpam` to ensure pam_cap.so is linked against
-libpam.so.
-
-Signed-off-by: David Runge <dave at sleepmap.de>
----
- pam_cap/Makefile | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/pam_cap/Makefile b/pam_cap/Makefile
-index a4c4891..42c5016 100644
---- a/pam_cap/Makefile
-+++ b/pam_cap/Makefile
-@@ -22,7 +22,7 @@ execable.o: execable.c ../libcap/execable.h ../libcap/loader.txt
- $(CC) $(CFLAGS) $(IPATH) -DLIBCAP_VERSION=\"libcap-$(VERSION).$(MINOR)\" -DSHARED_LOADER=\"$(shell cat ../libcap/loader.txt)\" -c execable.c -o $@
-
- pam_cap.so: pam_cap.o execable.o
-- $(LD) -o pam_cap.so $+ $(LIBCAPLIB) $(LDFLAGS) --entry=__so_start
-+ $(LD) -o pam_cap.so -lpam $+ $(LIBCAPLIB) $(LDFLAGS) --entry=__so_start
-
- pam_cap.o: pam_cap.c
- $(CC) $(CFLAGS) $(IPATH) -c $< -o $@
---
-2.32.0
-
Added: libcap-2.53-makefile.patch
===================================================================
--- libcap-2.53-makefile.patch (rev 0)
+++ libcap-2.53-makefile.patch 2021-08-19 19:13:54 UTC (rev 422373)
@@ -0,0 +1,36 @@
+diff -ruN a/Make.Rules b/Make.Rules
+--- a/Make.Rules 2021-08-16 04:05:04.000000000 +0200
++++ b/Make.Rules 2021-08-18 17:50:42.028791561 +0200
+@@ -21,6 +21,14 @@
+ lib=$(shell ldd /usr/bin/ld|egrep "ld-linux|ld.so"|cut -d/ -f2)
+ endif
+
++ifndef sbin
++sbin=sbin
++endif
++
++ifdef sbindir
++sbin=$(sbindir)
++endif
++
+ ifdef prefix
+ exec_prefix=$(prefix)
+ lib_prefix=$(exec_prefix)
+@@ -37,7 +45,7 @@
+ # Target directories
+
+ MANDIR=$(man_prefix)/man
+-SBINDIR=$(exec_prefix)/sbin
++SBINDIR=$(exec_prefix)/$(sbin)
+ INCDIR=$(inc_prefix)/include
+ LIBDIR=$(lib_prefix)/$(lib)
+ PKGCONFIGDIR=$(LIBDIR)/pkgconfig
+@@ -79,7 +87,7 @@
+
+ SYSTEM_HEADERS = /usr/include
+ INCS=$(topdir)/libcap/include/sys/capability.h
+-CFLAGS += -Dlinux $(WARNINGS) $(DEBUG)
++CFLAGS += $(CPPFLAGS) -Dlinux $(WARNINGS) $(DEBUG)
+ INDENT := $(shell if [ -n "$$(which indent 2>/dev/null)" ]; then echo "| indent -kr" ; fi)
+
+ # SHARED tracks whether or not the SHARED libraries (libcap.so,
Added: libcap-2.53-progs_ldflags.patch
===================================================================
--- libcap-2.53-progs_ldflags.patch (rev 0)
+++ libcap-2.53-progs_ldflags.patch 2021-08-19 19:13:54 UTC (rev 422373)
@@ -0,0 +1,101 @@
+diff -ruN a/progs/Makefile b/progs/Makefile
+--- a/progs/Makefile 2021-08-16 04:04:45.000000000 +0200
++++ b/progs/Makefile 2021-08-19 09:44:59.399859821 +0200
+@@ -13,8 +13,9 @@
+ ifeq ($(DYNAMIC),yes)
+ LDPATH = LD_LIBRARY_PATH=../libcap
+ DEPS = ../libcap/libcap.so
++LDFLAGS ?=
+ else
+-LDSTATIC = --static
++LDFLAGS = --static
+ DEPS = ../libcap/libcap.a
+ endif
+
+@@ -25,7 +26,7 @@
+ make -C ../libcap libcap.so
+
+ $(BUILD): %: %.o $(DEPS)
+- $(CC) $(CFLAGS) -o $@ $< $(LIBCAPLIB) $(LDSTATIC)
++ $(CC) $(CFLAGS) -o $@ $< $(LIBCAPLIB) $(LDFLAGS)
+
+ %.o: %.c $(INCS)
+ $(CC) $(IPATH) $(CFLAGS) -c $< -o $@
+@@ -46,7 +47,7 @@
+ diff -u capshdoc.h $@ || (rm $@ ; exit 1)
+
+ capsh: capsh.c capshdoc.h.cf $(DEPS)
+- $(CC) $(IPATH) $(CAPSH_SHELL) $(CFLAGS) -o $@ $< $(LIBCAPLIB) $(LDSTATIC)
++ $(CC) $(IPATH) $(CAPSH_SHELL) $(CFLAGS) -o $@ $< $(LIBCAPLIB) $(LDFLAGS)
+
+ tcapsh-static: capsh.c capshdoc.h.cf $(DEPS)
+ $(CC) $(IPATH) $(CAPSH_SHELL) $(CFLAGS) -o $@ $< $(LIBCAPLIB) --static
+diff -ruN a/tests/Makefile b/tests/Makefile
+--- a/tests/Makefile 2021-08-16 04:04:45.000000000 +0200
++++ b/tests/Makefile 2021-08-19 10:02:57.051908485 +0200
+@@ -18,11 +18,12 @@
+ ifeq ($(DYNAMIC),yes)
+ LINKEXTRA=-Wl,-rpath,../libcap
+ DEPS=../libcap/libcap.so
++LDFLAGS ?=
+ ifeq ($(PTHREADS),yes)
+ DEPS += ../libcap/libpsx.so
+ endif
+ else
+-LDSTATIC = --static
++LDFLAGS = --static
+ DEPS=../libcap/libcap.a
+ ifeq ($(PTHREADS),yes)
+ DEPS += ../libcap/libpsx.a
+@@ -63,17 +64,17 @@
+ ./psx_test
+
+ psx_test: psx_test.c $(DEPS)
+- $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBPSXLIB) $(LDSTATIC)
++ $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBPSXLIB) $(LDFLAGS)
+
+ run_libcap_psx_test: libcap_psx_test
+ ./libcap_psx_test
+
+ libcap_psx_test: libcap_psx_test.c $(DEPS)
+- $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LIBPSXLIB) $(LDSTATIC)
++ $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LIBPSXLIB) $(LDFLAGS)
+
+ # privileged
+ uns_test: uns_test.c $(DEPS)
+- $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LDSTATIC)
++ $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LDFLAGS)
+
+ run_uns_test: uns_test
+ echo exit | sudo ./uns_test
+@@ -85,13 +86,13 @@
+ sudo ./libcap_psx_launch_test
+
+ libcap_launch_test: libcap_launch_test.c $(DEPS)
+- $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LDSTATIC)
++ $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LDFLAGS)
+
+ # This varies only slightly from the above insofar as it currently
+ # only links in the pthreads fork support. TODO() we need to change
+ # the source to do something interesting with pthreads.
+ libcap_psx_launch_test: libcap_launch_test.c $(DEPS)
+- $(CC) $(CFLAGS) $(IPATH) -DWITH_PTHREADS $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LIBPSXLIB) $(LDSTATIC)
++ $(CC) $(CFLAGS) $(IPATH) -DWITH_PTHREADS $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LIBPSXLIB) $(LDFLAGS)
+
+
+ # This test demonstrates that libpsx is needed to secure multithreaded
+@@ -106,12 +107,12 @@
+ $(CC) $(CFLAGS) $(IPATH) -c $<
+
+ exploit: exploit.o $(DEPS)
+- $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) -lpthread $(LDSTATIC)
++ $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) -lpthread $(LDFLAGS)
+
+ # Note, for some reason, the order of libraries is important to avoid
+ # the exploit working for dynamic linking.
+ noexploit: exploit.o $(DEPS)
+- $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBPSXLIB) $(LIBCAPLIB) $(LDSTATIC)
++ $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBPSXLIB) $(LIBCAPLIB) $(LDFLAGS)
+
+ # This one runs in a chroot with no shared library files.
+ noop: noop.c
More information about the arch-commits
mailing list