Date: Thursday, August 19, 2021 @ 19:13:54 Author: dvzrv Revision: 422373
upgpkg: libcap 2.53-1: Upgrade to 2.53. As the fix for the executable pam module broke the use of LDFLAGS, add those back. Rework the use of CPPFLAGS and circumvention of hardcoding sbin, as those have also been broken by the recent release. Added: libcap/trunk/libcap-2.53-makefile.patch libcap/trunk/libcap-2.53-progs_ldflags.patch Modified: libcap/trunk/PKGBUILD Deleted: libcap/trunk/libcap-2.45-makefile.patch libcap/trunk/libcap-2.52-link_pam_cap.patch ---------------------------------+ PKGBUILD | 29 +++++----- libcap-2.45-makefile.patch | 21 ------- libcap-2.52-link_pam_cap.patch | 33 ------------ libcap-2.53-makefile.patch | 36 +++++++++++++ libcap-2.53-progs_ldflags.patch | 101 ++++++++++++++++++++++++++++++++++++++ 5 files changed, 151 insertions(+), 69 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2021-08-19 18:28:15 UTC (rev 422372) +++ PKGBUILD 2021-08-19 19:13:54 UTC (rev 422373) @@ -4,7 +4,7 @@ # Contributor: Hugo Doria <h...@archlinux.org> pkgname=libcap -pkgver=2.52 +pkgver=2.53 pkgrel=1 pkgdesc='POSIX 1003.1e capabilities' arch=('x86_64') @@ -14,17 +14,17 @@ makedepends=('linux-api-headers') provides=('libcap.so' 'libpsx.so') source=("https://kernel.org/pub/linux/libs/security/linux-privs/${pkgname}2/${pkgname}-$pkgver.tar."{xz,sign} - "${pkgname}-2.45-makefile.patch" - "${pkgname}-2.52-link_pam_cap.patch" + "${pkgname}-2.53-makefile.patch" + "${pkgname}-2.53-progs_ldflags.patch" ) -sha512sums=('95d9e0f81fd955c42a0f299163a4402f00e9e7a2b392dfbabe613abea4babba2730576e76c9b612665a0bb8bd88aa98bf28ea3eb5582b5c06cd1137594a59893' +sha512sums=('d83ed9460658fa75a5c118d831534388ba92ddad59944088b0d81a64c86b67ed562c7be4c5a499065ec26b1baab34298da80c8d034b61759c7dd295c2455417c' 'SKIP' - '4f613f83198dfccb8b79e1b2c8764657a85300cb166d633d86b87f46567d51fa9395387caf33e82a8718f19e9a1fc65c11e7b6f63c3c4cde1b2a27f70671ec07' - '52256a9d79a7beb8f82312e94032426201b45e105dc04274f4589c39003546e0b41c2d8b0a7c1a9a44a7560e25e1f1455ad0a89527fca172f97478935afeb1f3') -b2sums=('0696ae00a485df019f5441efe1d71676ddf294f1116e7fc3f352ad0595f9d4830f2e4fac1f98353016de36a4866f9d018f53419970ccd114c6df0faa556bcea3' + '0df64fd6dcd50fbbb13fea962b169e7946079e58a8f5adf61cf664b08d29832a2d0b39f50441e4cf4adbb5f4f2925df7364eefff16dcb35b71726fb8324413e7' + 'eee1fa58b85f1a33b85dfcd6d6d3c56b5a1978d10d0af665a34163bfdefc448857d7eeaf41b06aa36d3dc9d1ef124edc653c0a55b477a820c274b96a890a19d2') +b2sums=('10ebecc930d8491c65c7fcaa3f9ee6a45b6722d1d5be327a891e8bf4532ee8aa0ae664672c15e88bf0f328b4cd8f2e7ea685da44e903781ca7048dbe88c388c6' 'SKIP' - '6f50d5a03c3532e6e50506cd878b1c9ca5cee5f1758f9318d4cb5d1e319cbe5f31210ba46a81b1af30730e2329aed7921c11f1a468a596a3f210972ca0da9d64' - 'b734ffa08cc91b69d3af7700b094c8803db65d6d72d9d0ff6e736e9b8cea8f65f63d452ddf4500e7d538b72bafee16d9f43b6231d316f914af724fdbb987a081') + '3105cd035b6b76727e6a634515b8cfa12051f9a78c9d9eba57203928cd52bafd29fd86f7a2234b686c21967952357ba54699e868fb8c1ad8dd4c489b914359d8' + '6383899d6fac08e00ce6a4234e3a35eb4adc3c64b64070785397c228c01201eec10dd5ad96d8c12e5a5ceeadab9e65ae516d60f9652a10894894848a5e70b7d7') validpgpkeys=(38A644698C69787344E954CE29EE848AE2CCF3F4) # Andrew G. Morgan <mor...@kernel.org> prepare() { @@ -31,15 +31,14 @@ cd "$pkgname-$pkgver" # SBINDIR is hardcoded to sbin. set to bin # add CPPFLAGS - patch -Np1 -i ../"${pkgname}-2.45-makefile.patch" - # fix issue with pam_cap.so not linking against libpam.so: - # https://bugzilla.kernel.org/show_bug.cgi?id=214023 - patch -Np1 -i ../"${pkgname}-2.52-link_pam_cap.patch" + patch -Np1 -i ../"${pkgname}-2.53-makefile.patch" + # add back LDFLAGS, so that executables are built with them + patch -Np1 -i ../"${pkgname}-2.53-progs_ldflags.patch" } build() { cd "$pkgname-$pkgver" - make KERNEL_HEADERS='/usr/include' lib='lib' prefix='/usr' + make KERNEL_HEADERS='/usr/include' lib='lib' prefix='/usr' sbindir='bin' } check() { @@ -49,7 +48,7 @@ package() { cd "$pkgname-$pkgver" - make DESTDIR="$pkgdir" RAISE_SETFCAP='no' lib='lib' prefix='/usr' install + make DESTDIR="$pkgdir" RAISE_SETFCAP='no' lib='lib' prefix='/usr' sbindir='bin' install # docs install -vDm 644 {CHANGELOG,README} -t "${pkgdir}/usr/share/doc/${pkgname}/" install -vDm 644 pam_cap/capability.conf \ Deleted: libcap-2.45-makefile.patch =================================================================== --- libcap-2.45-makefile.patch 2021-08-19 18:28:15 UTC (rev 422372) +++ libcap-2.45-makefile.patch 2021-08-19 19:13:54 UTC (rev 422373) @@ -1,21 +0,0 @@ -diff -ruN a/Make.Rules b/Make.Rules ---- a/Make.Rules 2020-11-03 02:38:59.000000000 +0100 -+++ b/Make.Rules 2020-11-06 16:55:10.149893784 +0100 -@@ -37,7 +37,7 @@ - # Target directories - - MANDIR=$(man_prefix)/man --SBINDIR=$(exec_prefix)/sbin -+SBINDIR=$(exec_prefix)/bin - INCDIR=$(inc_prefix)/include - LIBDIR=$(lib_prefix)/$(lib) - PKGCONFIGDIR=$(LIBDIR)/pkgconfig -@@ -79,7 +79,7 @@ - SYSTEM_HEADERS = /usr/include - INCS=$(topdir)/libcap/include/sys/capability.h - LDFLAGS += -L$(topdir)/libcap --CFLAGS += -Dlinux $(WARNINGS) $(DEBUG) -+CFLAGS += $(CPPFLAGS) -Dlinux $(WARNINGS) $(DEBUG) - INDENT := $(shell if [ -n "$$(which indent 2>/dev/null)" ]; then echo "| indent -kr" ; fi) - - # SHARED tracks whether or not the SHARED libraries (libcap.so, Deleted: libcap-2.52-link_pam_cap.patch =================================================================== --- libcap-2.52-link_pam_cap.patch 2021-08-19 18:28:15 UTC (rev 422372) +++ libcap-2.52-link_pam_cap.patch 2021-08-19 19:13:54 UTC (rev 422373) @@ -1,33 +0,0 @@ -From f5a6d2badc35c2db8f16adba3dd2e3907a7185d4 Mon Sep 17 00:00:00 2001 -From: David Runge <d...@sleepmap.de> -Date: Wed, 11 Aug 2021 19:18:08 +0200 -Subject: [PATCH] Fix pam_cap tests with pam 1.5.1 - -pam_cap/Makefile: -When running tests against pam_cap they fail due to a missing link -against libpam.so, as discussed in -https://bugzilla.kernel.org/show_bug.cgi?id=214023. -This patch adds `-lpam` to ensure pam_cap.so is linked against -libpam.so. - -Signed-off-by: David Runge <d...@sleepmap.de> ---- - pam_cap/Makefile | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/pam_cap/Makefile b/pam_cap/Makefile -index a4c4891..42c5016 100644 ---- a/pam_cap/Makefile -+++ b/pam_cap/Makefile -@@ -22,7 +22,7 @@ execable.o: execable.c ../libcap/execable.h ../libcap/loader.txt - $(CC) $(CFLAGS) $(IPATH) -DLIBCAP_VERSION=\"libcap-$(VERSION).$(MINOR)\" -DSHARED_LOADER=\"$(shell cat ../libcap/loader.txt)\" -c execable.c -o $@ - - pam_cap.so: pam_cap.o execable.o -- $(LD) -o pam_cap.so $+ $(LIBCAPLIB) $(LDFLAGS) --entry=__so_start -+ $(LD) -o pam_cap.so -lpam $+ $(LIBCAPLIB) $(LDFLAGS) --entry=__so_start - - pam_cap.o: pam_cap.c - $(CC) $(CFLAGS) $(IPATH) -c $< -o $@ --- -2.32.0 - Added: libcap-2.53-makefile.patch =================================================================== --- libcap-2.53-makefile.patch (rev 0) +++ libcap-2.53-makefile.patch 2021-08-19 19:13:54 UTC (rev 422373) @@ -0,0 +1,36 @@ +diff -ruN a/Make.Rules b/Make.Rules +--- a/Make.Rules 2021-08-16 04:05:04.000000000 +0200 ++++ b/Make.Rules 2021-08-18 17:50:42.028791561 +0200 +@@ -21,6 +21,14 @@ + lib=$(shell ldd /usr/bin/ld|egrep "ld-linux|ld.so"|cut -d/ -f2) + endif + ++ifndef sbin ++sbin=sbin ++endif ++ ++ifdef sbindir ++sbin=$(sbindir) ++endif ++ + ifdef prefix + exec_prefix=$(prefix) + lib_prefix=$(exec_prefix) +@@ -37,7 +45,7 @@ + # Target directories + + MANDIR=$(man_prefix)/man +-SBINDIR=$(exec_prefix)/sbin ++SBINDIR=$(exec_prefix)/$(sbin) + INCDIR=$(inc_prefix)/include + LIBDIR=$(lib_prefix)/$(lib) + PKGCONFIGDIR=$(LIBDIR)/pkgconfig +@@ -79,7 +87,7 @@ + + SYSTEM_HEADERS = /usr/include + INCS=$(topdir)/libcap/include/sys/capability.h +-CFLAGS += -Dlinux $(WARNINGS) $(DEBUG) ++CFLAGS += $(CPPFLAGS) -Dlinux $(WARNINGS) $(DEBUG) + INDENT := $(shell if [ -n "$$(which indent 2>/dev/null)" ]; then echo "| indent -kr" ; fi) + + # SHARED tracks whether or not the SHARED libraries (libcap.so, Added: libcap-2.53-progs_ldflags.patch =================================================================== --- libcap-2.53-progs_ldflags.patch (rev 0) +++ libcap-2.53-progs_ldflags.patch 2021-08-19 19:13:54 UTC (rev 422373) @@ -0,0 +1,101 @@ +diff -ruN a/progs/Makefile b/progs/Makefile +--- a/progs/Makefile 2021-08-16 04:04:45.000000000 +0200 ++++ b/progs/Makefile 2021-08-19 09:44:59.399859821 +0200 +@@ -13,8 +13,9 @@ + ifeq ($(DYNAMIC),yes) + LDPATH = LD_LIBRARY_PATH=../libcap + DEPS = ../libcap/libcap.so ++LDFLAGS ?= + else +-LDSTATIC = --static ++LDFLAGS = --static + DEPS = ../libcap/libcap.a + endif + +@@ -25,7 +26,7 @@ + make -C ../libcap libcap.so + + $(BUILD): %: %.o $(DEPS) +- $(CC) $(CFLAGS) -o $@ $< $(LIBCAPLIB) $(LDSTATIC) ++ $(CC) $(CFLAGS) -o $@ $< $(LIBCAPLIB) $(LDFLAGS) + + %.o: %.c $(INCS) + $(CC) $(IPATH) $(CFLAGS) -c $< -o $@ +@@ -46,7 +47,7 @@ + diff -u capshdoc.h $@ || (rm $@ ; exit 1) + + capsh: capsh.c capshdoc.h.cf $(DEPS) +- $(CC) $(IPATH) $(CAPSH_SHELL) $(CFLAGS) -o $@ $< $(LIBCAPLIB) $(LDSTATIC) ++ $(CC) $(IPATH) $(CAPSH_SHELL) $(CFLAGS) -o $@ $< $(LIBCAPLIB) $(LDFLAGS) + + tcapsh-static: capsh.c capshdoc.h.cf $(DEPS) + $(CC) $(IPATH) $(CAPSH_SHELL) $(CFLAGS) -o $@ $< $(LIBCAPLIB) --static +diff -ruN a/tests/Makefile b/tests/Makefile +--- a/tests/Makefile 2021-08-16 04:04:45.000000000 +0200 ++++ b/tests/Makefile 2021-08-19 10:02:57.051908485 +0200 +@@ -18,11 +18,12 @@ + ifeq ($(DYNAMIC),yes) + LINKEXTRA=-Wl,-rpath,../libcap + DEPS=../libcap/libcap.so ++LDFLAGS ?= + ifeq ($(PTHREADS),yes) + DEPS += ../libcap/libpsx.so + endif + else +-LDSTATIC = --static ++LDFLAGS = --static + DEPS=../libcap/libcap.a + ifeq ($(PTHREADS),yes) + DEPS += ../libcap/libpsx.a +@@ -63,17 +64,17 @@ + ./psx_test + + psx_test: psx_test.c $(DEPS) +- $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBPSXLIB) $(LDSTATIC) ++ $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBPSXLIB) $(LDFLAGS) + + run_libcap_psx_test: libcap_psx_test + ./libcap_psx_test + + libcap_psx_test: libcap_psx_test.c $(DEPS) +- $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LIBPSXLIB) $(LDSTATIC) ++ $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LIBPSXLIB) $(LDFLAGS) + + # privileged + uns_test: uns_test.c $(DEPS) +- $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LDSTATIC) ++ $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LDFLAGS) + + run_uns_test: uns_test + echo exit | sudo ./uns_test +@@ -85,13 +86,13 @@ + sudo ./libcap_psx_launch_test + + libcap_launch_test: libcap_launch_test.c $(DEPS) +- $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LDSTATIC) ++ $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LDFLAGS) + + # This varies only slightly from the above insofar as it currently + # only links in the pthreads fork support. TODO() we need to change + # the source to do something interesting with pthreads. + libcap_psx_launch_test: libcap_launch_test.c $(DEPS) +- $(CC) $(CFLAGS) $(IPATH) -DWITH_PTHREADS $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LIBPSXLIB) $(LDSTATIC) ++ $(CC) $(CFLAGS) $(IPATH) -DWITH_PTHREADS $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LIBPSXLIB) $(LDFLAGS) + + + # This test demonstrates that libpsx is needed to secure multithreaded +@@ -106,12 +107,12 @@ + $(CC) $(CFLAGS) $(IPATH) -c $< + + exploit: exploit.o $(DEPS) +- $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) -lpthread $(LDSTATIC) ++ $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) -lpthread $(LDFLAGS) + + # Note, for some reason, the order of libraries is important to avoid + # the exploit working for dynamic linking. + noexploit: exploit.o $(DEPS) +- $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBPSXLIB) $(LIBCAPLIB) $(LDSTATIC) ++ $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBPSXLIB) $(LIBCAPLIB) $(LDFLAGS) + + # This one runs in a chroot with no shared library files. + noop: noop.c