Date: Thursday, August 19, 2021 @ 19:14:18 Author: dvzrv Revision: 422374
archrelease: copy trunk to staging-x86_64 Added: libcap/repos/staging-x86_64/ libcap/repos/staging-x86_64/PKGBUILD (from rev 422373, libcap/trunk/PKGBUILD) libcap/repos/staging-x86_64/libcap-2.53-makefile.patch (from rev 422373, libcap/trunk/libcap-2.53-makefile.patch) libcap/repos/staging-x86_64/libcap-2.53-progs_ldflags.patch (from rev 422373, libcap/trunk/libcap-2.53-progs_ldflags.patch) ---------------------------------+ PKGBUILD | 56 +++++++++++++++++++++ libcap-2.53-makefile.patch | 36 +++++++++++++ libcap-2.53-progs_ldflags.patch | 101 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 193 insertions(+) Copied: libcap/repos/staging-x86_64/PKGBUILD (from rev 422373, libcap/trunk/PKGBUILD) =================================================================== --- staging-x86_64/PKGBUILD (rev 0) +++ staging-x86_64/PKGBUILD 2021-08-19 19:14:18 UTC (rev 422374) @@ -0,0 +1,56 @@ +# Maintainer: David Runge <dv...@archlinux.org> +# Contributor: Bartłomiej Piotrowski <bpiotrow...@archlinux.org> +# Contributor: Allan McRae <al...@archlinux.org> +# Contributor: Hugo Doria <h...@archlinux.org> + +pkgname=libcap +pkgver=2.53 +pkgrel=1 +pkgdesc='POSIX 1003.1e capabilities' +arch=('x86_64') +url="https://sites.google.com/site/fullycapable/" +license=('GPL2') +depends=('glibc' 'pam') +makedepends=('linux-api-headers') +provides=('libcap.so' 'libpsx.so') +source=("https://kernel.org/pub/linux/libs/security/linux-privs/${pkgname}2/${pkgname}-$pkgver.tar."{xz,sign} + "${pkgname}-2.53-makefile.patch" + "${pkgname}-2.53-progs_ldflags.patch" +) +sha512sums=('d83ed9460658fa75a5c118d831534388ba92ddad59944088b0d81a64c86b67ed562c7be4c5a499065ec26b1baab34298da80c8d034b61759c7dd295c2455417c' + 'SKIP' + '0df64fd6dcd50fbbb13fea962b169e7946079e58a8f5adf61cf664b08d29832a2d0b39f50441e4cf4adbb5f4f2925df7364eefff16dcb35b71726fb8324413e7' + 'eee1fa58b85f1a33b85dfcd6d6d3c56b5a1978d10d0af665a34163bfdefc448857d7eeaf41b06aa36d3dc9d1ef124edc653c0a55b477a820c274b96a890a19d2') +b2sums=('10ebecc930d8491c65c7fcaa3f9ee6a45b6722d1d5be327a891e8bf4532ee8aa0ae664672c15e88bf0f328b4cd8f2e7ea685da44e903781ca7048dbe88c388c6' + 'SKIP' + '3105cd035b6b76727e6a634515b8cfa12051f9a78c9d9eba57203928cd52bafd29fd86f7a2234b686c21967952357ba54699e868fb8c1ad8dd4c489b914359d8' + '6383899d6fac08e00ce6a4234e3a35eb4adc3c64b64070785397c228c01201eec10dd5ad96d8c12e5a5ceeadab9e65ae516d60f9652a10894894848a5e70b7d7') +validpgpkeys=(38A644698C69787344E954CE29EE848AE2CCF3F4) # Andrew G. Morgan <mor...@kernel.org> + +prepare() { + cd "$pkgname-$pkgver" + # SBINDIR is hardcoded to sbin. set to bin + # add CPPFLAGS + patch -Np1 -i ../"${pkgname}-2.53-makefile.patch" + # add back LDFLAGS, so that executables are built with them + patch -Np1 -i ../"${pkgname}-2.53-progs_ldflags.patch" +} + +build() { + cd "$pkgname-$pkgver" + make KERNEL_HEADERS='/usr/include' lib='lib' prefix='/usr' sbindir='bin' +} + +check() { + cd "$pkgname-$pkgver" + make -k test +} + +package() { + cd "$pkgname-$pkgver" + make DESTDIR="$pkgdir" RAISE_SETFCAP='no' lib='lib' prefix='/usr' sbindir='bin' install + # docs + install -vDm 644 {CHANGELOG,README} -t "${pkgdir}/usr/share/doc/${pkgname}/" + install -vDm 644 pam_cap/capability.conf \ + -t "$pkgdir/usr/share/doc/$pkgname/examples/" +} Copied: libcap/repos/staging-x86_64/libcap-2.53-makefile.patch (from rev 422373, libcap/trunk/libcap-2.53-makefile.patch) =================================================================== --- staging-x86_64/libcap-2.53-makefile.patch (rev 0) +++ staging-x86_64/libcap-2.53-makefile.patch 2021-08-19 19:14:18 UTC (rev 422374) @@ -0,0 +1,36 @@ +diff -ruN a/Make.Rules b/Make.Rules +--- a/Make.Rules 2021-08-16 04:05:04.000000000 +0200 ++++ b/Make.Rules 2021-08-18 17:50:42.028791561 +0200 +@@ -21,6 +21,14 @@ + lib=$(shell ldd /usr/bin/ld|egrep "ld-linux|ld.so"|cut -d/ -f2) + endif + ++ifndef sbin ++sbin=sbin ++endif ++ ++ifdef sbindir ++sbin=$(sbindir) ++endif ++ + ifdef prefix + exec_prefix=$(prefix) + lib_prefix=$(exec_prefix) +@@ -37,7 +45,7 @@ + # Target directories + + MANDIR=$(man_prefix)/man +-SBINDIR=$(exec_prefix)/sbin ++SBINDIR=$(exec_prefix)/$(sbin) + INCDIR=$(inc_prefix)/include + LIBDIR=$(lib_prefix)/$(lib) + PKGCONFIGDIR=$(LIBDIR)/pkgconfig +@@ -79,7 +87,7 @@ + + SYSTEM_HEADERS = /usr/include + INCS=$(topdir)/libcap/include/sys/capability.h +-CFLAGS += -Dlinux $(WARNINGS) $(DEBUG) ++CFLAGS += $(CPPFLAGS) -Dlinux $(WARNINGS) $(DEBUG) + INDENT := $(shell if [ -n "$$(which indent 2>/dev/null)" ]; then echo "| indent -kr" ; fi) + + # SHARED tracks whether or not the SHARED libraries (libcap.so, Copied: libcap/repos/staging-x86_64/libcap-2.53-progs_ldflags.patch (from rev 422373, libcap/trunk/libcap-2.53-progs_ldflags.patch) =================================================================== --- staging-x86_64/libcap-2.53-progs_ldflags.patch (rev 0) +++ staging-x86_64/libcap-2.53-progs_ldflags.patch 2021-08-19 19:14:18 UTC (rev 422374) @@ -0,0 +1,101 @@ +diff -ruN a/progs/Makefile b/progs/Makefile +--- a/progs/Makefile 2021-08-16 04:04:45.000000000 +0200 ++++ b/progs/Makefile 2021-08-19 09:44:59.399859821 +0200 +@@ -13,8 +13,9 @@ + ifeq ($(DYNAMIC),yes) + LDPATH = LD_LIBRARY_PATH=../libcap + DEPS = ../libcap/libcap.so ++LDFLAGS ?= + else +-LDSTATIC = --static ++LDFLAGS = --static + DEPS = ../libcap/libcap.a + endif + +@@ -25,7 +26,7 @@ + make -C ../libcap libcap.so + + $(BUILD): %: %.o $(DEPS) +- $(CC) $(CFLAGS) -o $@ $< $(LIBCAPLIB) $(LDSTATIC) ++ $(CC) $(CFLAGS) -o $@ $< $(LIBCAPLIB) $(LDFLAGS) + + %.o: %.c $(INCS) + $(CC) $(IPATH) $(CFLAGS) -c $< -o $@ +@@ -46,7 +47,7 @@ + diff -u capshdoc.h $@ || (rm $@ ; exit 1) + + capsh: capsh.c capshdoc.h.cf $(DEPS) +- $(CC) $(IPATH) $(CAPSH_SHELL) $(CFLAGS) -o $@ $< $(LIBCAPLIB) $(LDSTATIC) ++ $(CC) $(IPATH) $(CAPSH_SHELL) $(CFLAGS) -o $@ $< $(LIBCAPLIB) $(LDFLAGS) + + tcapsh-static: capsh.c capshdoc.h.cf $(DEPS) + $(CC) $(IPATH) $(CAPSH_SHELL) $(CFLAGS) -o $@ $< $(LIBCAPLIB) --static +diff -ruN a/tests/Makefile b/tests/Makefile +--- a/tests/Makefile 2021-08-16 04:04:45.000000000 +0200 ++++ b/tests/Makefile 2021-08-19 10:02:57.051908485 +0200 +@@ -18,11 +18,12 @@ + ifeq ($(DYNAMIC),yes) + LINKEXTRA=-Wl,-rpath,../libcap + DEPS=../libcap/libcap.so ++LDFLAGS ?= + ifeq ($(PTHREADS),yes) + DEPS += ../libcap/libpsx.so + endif + else +-LDSTATIC = --static ++LDFLAGS = --static + DEPS=../libcap/libcap.a + ifeq ($(PTHREADS),yes) + DEPS += ../libcap/libpsx.a +@@ -63,17 +64,17 @@ + ./psx_test + + psx_test: psx_test.c $(DEPS) +- $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBPSXLIB) $(LDSTATIC) ++ $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBPSXLIB) $(LDFLAGS) + + run_libcap_psx_test: libcap_psx_test + ./libcap_psx_test + + libcap_psx_test: libcap_psx_test.c $(DEPS) +- $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LIBPSXLIB) $(LDSTATIC) ++ $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LIBPSXLIB) $(LDFLAGS) + + # privileged + uns_test: uns_test.c $(DEPS) +- $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LDSTATIC) ++ $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LDFLAGS) + + run_uns_test: uns_test + echo exit | sudo ./uns_test +@@ -85,13 +86,13 @@ + sudo ./libcap_psx_launch_test + + libcap_launch_test: libcap_launch_test.c $(DEPS) +- $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LDSTATIC) ++ $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LDFLAGS) + + # This varies only slightly from the above insofar as it currently + # only links in the pthreads fork support. TODO() we need to change + # the source to do something interesting with pthreads. + libcap_psx_launch_test: libcap_launch_test.c $(DEPS) +- $(CC) $(CFLAGS) $(IPATH) -DWITH_PTHREADS $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LIBPSXLIB) $(LDSTATIC) ++ $(CC) $(CFLAGS) $(IPATH) -DWITH_PTHREADS $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LIBPSXLIB) $(LDFLAGS) + + + # This test demonstrates that libpsx is needed to secure multithreaded +@@ -106,12 +107,12 @@ + $(CC) $(CFLAGS) $(IPATH) -c $< + + exploit: exploit.o $(DEPS) +- $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) -lpthread $(LDSTATIC) ++ $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) -lpthread $(LDFLAGS) + + # Note, for some reason, the order of libraries is important to avoid + # the exploit working for dynamic linking. + noexploit: exploit.o $(DEPS) +- $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBPSXLIB) $(LIBCAPLIB) $(LDSTATIC) ++ $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBPSXLIB) $(LIBCAPLIB) $(LDFLAGS) + + # This one runs in a chroot with no shared library files. + noop: noop.c