Update fcaps.eclass to avoid setting the suid bit by default when file capabilities are disabled.
I also did a scan of packages inheriting fcaps and added -m u+s where I felt it was appropriate. It is possible I missed some, but I think the risk is fairly small and it should be easy for maintainers to correct. Bug: https://bugs.gentoo.org/811105 PR: https://github.com/gentoo/gentoo/pull/43375 Mike Gilbert (8): fcaps.eclass: handle FCAPS_DENY_WORLD_READ via a separate chmod call fcaps.eclass: do not set suid bit as a fallback app-cdr/cdrtools: pass mode to fcaps app-emulation/qemu: fcaps -m u+s app-i18n/fbterm: fcaps -m u+s gui-apps/swaylock: fcaps -m u+s sys-libs/pam: fcaps -m u+s x11-misc/slock: fcaps -m u+s .../cdrtools/cdrtools-3.02_alpha09-r5.ebuild | 11 +++--- app-emulation/qemu/qemu-10.0.0.ebuild | 2 +- app-emulation/qemu/qemu-10.0.2-r50.ebuild | 2 +- app-emulation/qemu/qemu-10.0.2.ebuild | 2 +- app-emulation/qemu/qemu-10.0.3.ebuild | 2 +- app-emulation/qemu/qemu-9.1.3-r2.ebuild | 2 +- app-emulation/qemu/qemu-9.2.3-r3.ebuild | 2 +- app-emulation/qemu/qemu-9.2.4.ebuild | 2 +- app-emulation/qemu/qemu-9999.ebuild | 2 +- app-i18n/fbterm/fbterm-1.7_p20190503.ebuild | 10 ++---- eclass/fcaps.eclass | 36 ++++++++++--------- gui-apps/swaylock/swaylock-1.8.0.ebuild | 2 +- gui-apps/swaylock/swaylock-9999.ebuild | 4 +-- sys-libs/pam/pam-1.7.0_p20241230-r3.ebuild | 2 +- sys-libs/pam/pam-1.7.1.ebuild | 2 +- x11-misc/slock/slock-1.5.ebuild | 4 +-- 16 files changed, 43 insertions(+), 44 deletions(-) -- 2.50.1
